From 54030128e3e10d7dd9261810d3f3513f6af1e917 Mon Sep 17 00:00:00 2001
From: Albert Zhang <zhgwenming@gmail.com>
Date: Tue, 3 Jun 2014 15:46:01 +0800
Subject: [PATCH 001/516] mount of /.dockerinit is not needed for native
 driver, so move it into lxc driver

Docker-DCO-1.1-Signed-off-by: Albert Zhang <zhgwenming@gmail.com> (github: zhgwenming)
Upstream-commit: b611198d286d2f4ebd7526c623dff8e523691698
Component: engine
---
 .../engine/daemon/execdriver/execdrivers/execdrivers.go      | 2 +-
 components/engine/daemon/execdriver/lxc/driver.go            | 5 ++++-
 components/engine/daemon/volumes.go                          | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/execdriver/execdrivers/execdrivers.go b/components/engine/daemon/execdriver/execdrivers/execdrivers.go
index 2e18454a09..f43514408b 100644
--- a/components/engine/daemon/execdriver/execdrivers/execdrivers.go
+++ b/components/engine/daemon/execdriver/execdrivers/execdrivers.go
@@ -15,7 +15,7 @@ func NewDriver(name, root, initPath string, sysInfo *sysinfo.SysInfo) (execdrive
 		// we want to give the lxc driver the full docker root because it needs
 		// to access and write config and template files in /var/lib/docker/containers/*
 		// to be backwards compatible
-		return lxc.NewDriver(root, sysInfo.AppArmor)
+		return lxc.NewDriver(root, initPath, sysInfo.AppArmor)
 	case "native":
 		return native.NewDriver(path.Join(root, "execdriver", "native"), initPath)
 	}
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 59daf1afe1..d4a00dcca6 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -54,11 +54,12 @@ func init() {
 
 type driver struct {
 	root       string // root path for the driver to use
+	initPath   string
 	apparmor   bool
 	sharedRoot bool
 }
 
-func NewDriver(root string, apparmor bool) (*driver, error) {
+func NewDriver(root, initPath string, apparmor bool) (*driver, error) {
 	// setup unconfined symlink
 	if err := linkLxcStart(root); err != nil {
 		return nil, err
@@ -66,6 +67,7 @@ func NewDriver(root string, apparmor bool) (*driver, error) {
 	return &driver{
 		apparmor:   apparmor,
 		root:       root,
+		initPath:   initPath,
 		sharedRoot: rootIsShared(),
 	}, nil
 }
@@ -79,6 +81,7 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	if err := execdriver.SetTerminal(c, pipes); err != nil {
 		return -1, err
 	}
+	c.Mounts = append(c.Mounts, execdriver.Mount{d.initPath, c.InitPath, false, true})
 	if err := d.generateEnvConfig(c); err != nil {
 		return -1, err
 	}
diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index f4b3921c9a..1de8ff98ac 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -36,7 +36,6 @@ func prepareVolumesForContainer(container *Container) error {
 
 func setupMountsForContainer(container *Container) error {
 	mounts := []execdriver.Mount{
-		{container.daemon.sysInitPath, "/.dockerinit", false, true},
 		{container.ResolvConfPath, "/etc/resolv.conf", false, true},
 	}
 

From 363db75bc019c24a8cbf53f262d95a6de9507b6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= <jp@enix.org>
Date: Wed, 11 Jun 2014 17:09:19 -0700
Subject: [PATCH 002/516] Select masquerade by outgoing interface rather than
 by destination subnet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
Upstream-commit: a084f4bc61a81eb9076246d85d6cc5168b32a949
Component: engine
---
 components/engine/daemon/networkdriver/bridge/driver.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index 8c5db9f843..1cde7c9be0 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -175,7 +175,7 @@ func InitDriver(job *engine.Job) engine.Status {
 
 func setupIPTables(addr net.Addr, icc bool) error {
 	// Enable NAT
-	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
+	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-o", bridgeIface, "-j", "MASQUERADE"}
 
 	if !iptables.Exists(natArgs...) {
 		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {

From 946f83d348147b619ea578ceeb242cd7e2bce6be Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 4 Dec 2013 15:03:51 +0100
Subject: [PATCH 003/516] Add support for client certificates for registries
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This lets you specify custom client TLS certificates and CA root for a
specific registry hostname. Docker will then verify the registry
against the CA and present the client cert when talking to that
registry.  This allows the registry to verify that the client has a
proper key, indicating that the client is allowed to access the
images.

A custom cert is configured by creating a directory in
/etc/docker/certs.d with the same name as the registry hostname. Inside
this directory all *.crt files are added as CA Roots (if none exists,
the system default is used) and pair of files <filename>.key and
<filename>.cert indicate a custom certificate to present to the registry.

If there are multiple certificates each one will be tried in
alphabetical order, proceeding to the next if we get a 403 of 5xx
response.

So, an example setup would be:
/etc/docker/certs.d/
└── localhost
    ├── client.cert
    ├── client.key
    └── localhost.crt

A simple way to test this setup is to use an apache server to host a
registry. Just copy a registry tree into the apache root, here is an
example one containing the busybox image:
  http://people.gnome.org/~alexl/v1.tar.gz

Then add this conf file as /etc/httpd/conf.d/registry.conf:

 # This must be in the root context, otherwise it causes a re-negotiation
 # which is not supported by the tls implementation in go
 SSLVerifyClient optional_no_ca

 <Location /v1>
 Action cert-protected /cgi-bin/cert.cgi
 SetHandler cert-protected

 Header set x-docker-registry-version "0.6.2"
 SetEnvIf Host (.*) custom_host=$1
 Header set X-Docker-Endpoints "%{custom_host}e"
 </Location>

And this as /var/www/cgi-bin/cert.cgi

 #!/bin/bash
 if [ "$HTTPS" != "on" ]; then
     echo "Status: 403 Not using SSL"
     echo "x-docker-registry-version: 0.6.2"
     echo
     exit 0
 fi
 if [ "$SSL_CLIENT_VERIFY" == "NONE" ]; then
     echo "Status: 403 Client certificate invalid"
     echo "x-docker-registry-version: 0.6.2"
     echo
     exit 0
 fi
 echo "Content-length: $(stat --printf='%s' $PATH_TRANSLATED)"
 echo "x-docker-registry-version: 0.6.2"
 echo "X-Docker-Endpoints: $SERVER_NAME"
 echo "X-Docker-Size: 0"
 echo

 cat $PATH_TRANSLATED

This will return 403 for all accessed to /v1 unless *any* client cert
is presented. Obviously a real implementation would verify more details
about the certificate.

Example client certs can be generated with:

openssl genrsa -out client.key 1024
openssl req -new -x509 -text -key client.key -out client.cert

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 05243104fc0a0ef9537766cf5bd920824665eb78
Component: engine
---
 components/engine/docs/mkdocs.yml             |   1 +
 .../docs/sources/articles/certificates.md     |  83 +++++++
 components/engine/docs/sources/use.md         |  14 ++
 components/engine/registry/registry.go        | 227 ++++++++++++++----
 4 files changed, 272 insertions(+), 53 deletions(-)
 create mode 100644 components/engine/docs/sources/articles/certificates.md
 create mode 100644 components/engine/docs/sources/use.md

diff --git a/components/engine/docs/mkdocs.yml b/components/engine/docs/mkdocs.yml
index 5c3147a285..00810e2cb0 100755
--- a/components/engine/docs/mkdocs.yml
+++ b/components/engine/docs/mkdocs.yml
@@ -83,6 +83,7 @@ pages:
 - ['articles/security.md', 'Articles', 'Security']
 - ['articles/https.md', 'Articles', 'Running Docker with HTTPS']
 - ['articles/host_integration.md', 'Articles', 'Automatically starting Containers']
+- ['articles/certificates.md', 'Articles', 'Using certificates for repository client verification']
 - ['articles/using_supervisord.md', 'Articles', 'Using Supervisor']
 - ['articles/cfengine_process_management.md', 'Articles', 'Process management with CFEngine']
 - ['articles/puppet.md', 'Articles', 'Using Puppet']
diff --git a/components/engine/docs/sources/articles/certificates.md b/components/engine/docs/sources/articles/certificates.md
new file mode 100644
index 0000000000..3772a7bc57
--- /dev/null
+++ b/components/engine/docs/sources/articles/certificates.md
@@ -0,0 +1,83 @@
+page_title: Using certificates for repository client verification
+page_description: How to set up per-repository client certificates
+page_keywords: Usage, repository, certificate, root, docker, documentation, examples
+
+# Using certificates for repository client verification
+
+This lets you specify custom client TLS certificates and CA root for a
+specific registry hostname. Docker will then verify the registry
+against the CA and present the client cert when talking to that
+registry. This allows the registry to verify that the client has a
+proper key, indicating that the client is allowed to access the
+images.
+
+A custom cert is configured by creating a directory in
+`/etc/docker/certs.d` with the same name as the registry hostname. Inside
+this directory all .crt files are added as CA Roots (if none exists,
+the system default is used) and pair of files `$filename.key` and
+`$filename.cert` indicate a custom certificate to present to the
+registry.
+
+If there are multiple certificates each one will be tried in
+alphabetical order, proceeding to the next if we get a 403 of 5xx
+response.
+
+So, an example setup would be::
+
+    /etc/docker/certs.d/
+    └── localhost
+       ├── client.cert
+       ├── client.key
+       └── localhost.crt
+
+A simple way to test this setup is to use an apache server to host a
+registry. Just copy a registry tree into the apache root,
+[here](http://people.gnome.org/~alexl/v1.tar.gz) is an example one
+containing the busybox image.
+
+Then add this conf file as `/etc/httpd/conf.d/registry.conf`:
+
+    # This must be in the root context, otherwise it causes a re-negotiation
+    # which is not supported by the tls implementation in go
+    SSLVerifyClient optional_no_ca
+
+    <Location /v1>
+    Action cert-protected /cgi-bin/cert.cgi
+    SetHandler cert-protected
+
+    Header set x-docker-registry-version "0.6.2"
+    SetEnvIf Host (.*) custom_host=$1
+    Header set X-Docker-Endpoints "%{custom_host}e"
+    </Location>
+
+And this as `/var/www/cgi-bin/cert.cgi`:
+
+    #!/bin/bash
+    if [ "$HTTPS" != "on" ]; then
+        echo "Status: 403 Not using SSL"
+        echo "x-docker-registry-version: 0.6.2"
+        echo
+        exit 0
+    fi
+    if [ "$SSL_CLIENT_VERIFY" == "NONE" ]; then
+        echo "Status: 403 Client certificate invalid"
+        echo "x-docker-registry-version: 0.6.2"
+        echo
+        exit 0
+    fi
+    echo "Content-length: $(stat --printf='%s' $PATH_TRANSLATED)"
+    echo "x-docker-registry-version: 0.6.2"
+    echo "X-Docker-Endpoints: $SERVER_NAME"
+    echo "X-Docker-Size: 0"
+    echo
+
+    cat $PATH_TRANSLATED
+
+This will return 403 for all accessed to `/v1` unless any client cert is
+presented. Obviously a real implementation would verify more details
+about the certificate.
+
+Example client certs can be generated with::
+
+    openssl genrsa -out client.key 1024
+    openssl req -new -x509 -text -key client.key -out client.cert
diff --git a/components/engine/docs/sources/use.md b/components/engine/docs/sources/use.md
new file mode 100644
index 0000000000..20c5eb2c50
--- /dev/null
+++ b/components/engine/docs/sources/use.md
@@ -0,0 +1,14 @@
+# Use
+
+## Contents:
+
+ - [First steps with Docker](basics/)
+ - [Share Images via Repositories](workingwithrepository/)
+ - [Redirect Ports](port_redirection/)
+ - [Configure Networking](networking/)
+ - [Automatically Start Containers](host_integration/)
+ - [Share Directories via Volumes](working_with_volumes/)
+ - [Link Containers](working_with_links_names/)
+ - [Link via an Ambassador Container](ambassador_pattern_linking/)
+ - [Using Puppet](puppet/)
+ - [Using certificates for repository client verification](certificates/)
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 24c55125ce..748636dca8 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -4,6 +4,8 @@ import (
 	"bytes"
 	"crypto/sha256"
 	_ "crypto/sha512"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -13,6 +15,8 @@ import (
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"os"
+	"path"
 	"regexp"
 	"runtime"
 	"strconv"
@@ -29,31 +33,155 @@ var (
 	errLoginRequired         = errors.New("Authentication is required.")
 )
 
+type TimeoutType uint32
+
+const (
+	NoTimeout TimeoutType = iota
+	ReceiveTimeout
+	ConnectTimeout
+)
+
+func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType) *http.Client {
+	tlsConfig := tls.Config{RootCAs: roots}
+
+	if cert != nil {
+		tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
+	}
+
+	httpTransport := &http.Transport{
+		DisableKeepAlives: true,
+		Proxy:             http.ProxyFromEnvironment,
+		TLSClientConfig:   &tlsConfig,
+	}
+
+	switch timeout {
+	case ConnectTimeout:
+		httpTransport.Dial = func(proto string, addr string) (net.Conn, error) {
+			// Set the connect timeout to 5 seconds
+			conn, err := net.DialTimeout(proto, addr, 5*time.Second)
+			if err != nil {
+				return nil, err
+			}
+			// Set the recv timeout to 10 seconds
+			conn.SetDeadline(time.Now().Add(10 * time.Second))
+			return conn, nil
+		}
+	case ReceiveTimeout:
+		httpTransport.Dial = func(proto string, addr string) (net.Conn, error) {
+			conn, err := net.Dial(proto, addr)
+			if err != nil {
+				return nil, err
+			}
+			conn = utils.NewTimeoutConn(conn, 1*time.Minute)
+			return conn, nil
+		}
+	}
+
+	return &http.Client{
+		Transport:     httpTransport,
+		CheckRedirect: AddRequiredHeadersToRedirectedRequests,
+		Jar:           jar,
+	}
+}
+
+func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType) (*http.Response, *http.Client, error) {
+	hasFile := func(files []os.FileInfo, name string) bool {
+		for _, f := range files {
+			if f.Name() == name {
+				return true
+			}
+		}
+		return false
+	}
+
+	hostDir := path.Join("/etc/docker/certs.d", req.URL.Host)
+	fs, err := ioutil.ReadDir(hostDir)
+	if err != nil && !os.IsNotExist(err) {
+		return nil, nil, err
+	}
+
+	var (
+		pool  *x509.CertPool
+		certs []*tls.Certificate
+	)
+
+	for _, f := range fs {
+		if strings.HasSuffix(f.Name(), ".crt") {
+			if pool == nil {
+				pool = x509.NewCertPool()
+			}
+			data, err := ioutil.ReadFile(path.Join(hostDir, f.Name()))
+			if err != nil {
+				return nil, nil, err
+			} else {
+				pool.AppendCertsFromPEM(data)
+			}
+		}
+		if strings.HasSuffix(f.Name(), ".cert") {
+			certName := f.Name()
+			keyName := certName[:len(certName)-5] + ".key"
+			if !hasFile(fs, keyName) {
+				return nil, nil, fmt.Errorf("Missing key %s for certificate %s", keyName, certName)
+			} else {
+				cert, err := tls.LoadX509KeyPair(path.Join(hostDir, certName), path.Join(hostDir, keyName))
+				if err != nil {
+					return nil, nil, err
+				}
+				certs = append(certs, &cert)
+			}
+		}
+		if strings.HasSuffix(f.Name(), ".key") {
+			keyName := f.Name()
+			certName := keyName[:len(keyName)-4] + ".cert"
+			if !hasFile(fs, certName) {
+				return nil, nil, fmt.Errorf("Missing certificate %s for key %s", certName, keyName)
+			}
+		}
+	}
+
+	if len(certs) == 0 {
+		client := newClient(jar, pool, nil, timeout)
+		res, err := client.Do(req)
+		if err != nil {
+			return nil, nil, err
+		}
+		return res, client, nil
+	} else {
+		for i, cert := range certs {
+			client := newClient(jar, pool, cert, timeout)
+			res, err := client.Do(req)
+			if i == len(certs)-1 {
+				// If this is the last cert, always return the result
+				return res, client, err
+			} else {
+				// Otherwise, continue to next cert if 403 or 5xx
+				if err == nil && res.StatusCode != 403 && !(res.StatusCode >= 500 && res.StatusCode < 600) {
+					return res, client, err
+				}
+			}
+		}
+	}
+
+	return nil, nil, nil
+}
+
 func pingRegistryEndpoint(endpoint string) (RegistryInfo, error) {
 	if endpoint == IndexServerAddress() {
 		// Skip the check, we now this one is valid
 		// (and we never want to fallback to http in case of error)
 		return RegistryInfo{Standalone: false}, nil
 	}
-	httpDial := func(proto string, addr string) (net.Conn, error) {
-		// Set the connect timeout to 5 seconds
-		conn, err := net.DialTimeout(proto, addr, 5*time.Second)
-		if err != nil {
-			return nil, err
-		}
-		// Set the recv timeout to 10 seconds
-		conn.SetDeadline(time.Now().Add(10 * time.Second))
-		return conn, nil
-	}
-	httpTransport := &http.Transport{
-		Dial:  httpDial,
-		Proxy: http.ProxyFromEnvironment,
-	}
-	client := &http.Client{Transport: httpTransport}
-	resp, err := client.Get(endpoint + "_ping")
+
+	req, err := http.NewRequest("GET", endpoint+"_ping", nil)
 	if err != nil {
 		return RegistryInfo{Standalone: false}, err
 	}
+
+	resp, _, err := doRequest(req, nil, ConnectTimeout)
+	if err != nil {
+		return RegistryInfo{Standalone: false}, err
+	}
+
 	defer resp.Body.Close()
 
 	jsonString, err := ioutil.ReadAll(resp.Body)
@@ -171,6 +299,10 @@ func setTokenAuth(req *http.Request, token []string) {
 	}
 }
 
+func (r *Registry) doRequest(req *http.Request) (*http.Response, *http.Client, error) {
+	return doRequest(req, r.jar, r.timeout)
+}
+
 // Retrieve the history of a given image from the Registry.
 // Return a list of the parent's json (requested image included)
 func (r *Registry) GetRemoteHistory(imgID, registry string, token []string) ([]string, error) {
@@ -179,7 +311,7 @@ func (r *Registry) GetRemoteHistory(imgID, registry string, token []string) ([]s
 		return nil, err
 	}
 	setTokenAuth(req, token)
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
@@ -214,7 +346,7 @@ func (r *Registry) LookupRemoteImage(imgID, registry string, token []string) boo
 		return false
 	}
 	setTokenAuth(req, token)
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		utils.Errorf("Error in LookupRemoteImage %s", err)
 		return false
@@ -231,7 +363,7 @@ func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([
 		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
 	}
 	setTokenAuth(req, token)
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
 	}
@@ -260,6 +392,7 @@ func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, i
 	var (
 		retries   = 5
 		headRes   *http.Response
+		client    *http.Client
 		hasResume bool = false
 		imageURL       = fmt.Sprintf("%simages/%s/layer", registry, imgID)
 	)
@@ -267,9 +400,10 @@ func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, i
 	if err != nil {
 		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
 	}
+
 	setTokenAuth(headReq, token)
 	for i := 1; i <= retries; i++ {
-		headRes, err = r.client.Do(headReq)
+		headRes, client, err = r.doRequest(headReq)
 		if err != nil && i == retries {
 			return nil, fmt.Errorf("Eror while making head request: %s\n", err)
 		} else if err != nil {
@@ -290,10 +424,10 @@ func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, i
 	setTokenAuth(req, token)
 	if hasResume {
 		utils.Debugf("server supports resume")
-		return utils.ResumableRequestReader(r.client, req, 5, imgSize), nil
+		return utils.ResumableRequestReader(client, req, 5, imgSize), nil
 	}
 	utils.Debugf("server doesn't support resume")
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
@@ -319,7 +453,7 @@ func (r *Registry) GetRemoteTags(registries []string, repository string, token [
 			return nil, err
 		}
 		setTokenAuth(req, token)
-		res, err := r.client.Do(req)
+		res, _, err := r.doRequest(req)
 		if err != nil {
 			return nil, err
 		}
@@ -380,7 +514,7 @@ func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) {
 	}
 	req.Header.Set("X-Docker-Token", "true")
 
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
@@ -448,13 +582,13 @@ func (r *Registry) PushImageChecksumRegistry(imgData *ImgData, registry string,
 	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
 	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
 
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload metadata: %s", err)
 	}
 	defer res.Body.Close()
 	if len(res.Cookies()) > 0 {
-		r.client.Jar.SetCookies(req.URL, res.Cookies())
+		r.jar.SetCookies(req.URL, res.Cookies())
 	}
 	if res.StatusCode != 200 {
 		errBody, err := ioutil.ReadAll(res.Body)
@@ -484,7 +618,7 @@ func (r *Registry) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regis
 	req.Header.Add("Content-type", "application/json")
 	setTokenAuth(req, token)
 
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload metadata: %s", err)
 	}
@@ -525,7 +659,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 	req.ContentLength = -1
 	req.TransferEncoding = []string{"chunked"}
 	setTokenAuth(req, token)
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return "", "", fmt.Errorf("Failed to upload layer: %s", err)
 	}
@@ -562,7 +696,7 @@ func (r *Registry) PushRegistryTag(remote, revision, tag, registry string, token
 	req.Header.Add("Content-type", "application/json")
 	setTokenAuth(req, token)
 	req.ContentLength = int64(len(revision))
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return err
 	}
@@ -610,7 +744,7 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat
 		req.Header["X-Docker-Endpoints"] = regs
 	}
 
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
@@ -629,7 +763,7 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat
 		if validate {
 			req.Header["X-Docker-Endpoints"] = regs
 		}
-		res, err = r.client.Do(req)
+		res, _, err := r.doRequest(req)
 		if err != nil {
 			return nil, err
 		}
@@ -688,7 +822,7 @@ func (r *Registry) SearchRepositories(term string) (*SearchResults, error) {
 		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
 	}
 	req.Header.Set("X-Docker-Token", "true")
-	res, err := r.client.Do(req)
+	res, _, err := r.doRequest(req)
 	if err != nil {
 		return nil, err
 	}
@@ -750,10 +884,11 @@ type RegistryInfo struct {
 }
 
 type Registry struct {
-	client        *http.Client
 	authConfig    *AuthConfig
 	reqFactory    *utils.HTTPRequestFactory
 	indexEndpoint string
+	jar           *cookiejar.Jar
+	timeout       TimeoutType
 }
 
 func trustedLocation(req *http.Request) bool {
@@ -791,30 +926,16 @@ func AddRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Reque
 }
 
 func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, indexEndpoint string, timeout bool) (r *Registry, err error) {
-	httpTransport := &http.Transport{
-		DisableKeepAlives: true,
-		Proxy:             http.ProxyFromEnvironment,
-	}
-	if timeout {
-		httpTransport.Dial = func(proto string, addr string) (net.Conn, error) {
-			conn, err := net.Dial(proto, addr)
-			if err != nil {
-				return nil, err
-			}
-			conn = utils.NewTimeoutConn(conn, 1*time.Minute)
-			return conn, nil
-		}
-	}
 	r = &Registry{
-		authConfig: authConfig,
-		client: &http.Client{
-			Transport:     httpTransport,
-			CheckRedirect: AddRequiredHeadersToRedirectedRequests,
-		},
+		authConfig:    authConfig,
 		indexEndpoint: indexEndpoint,
 	}
 
-	r.client.Jar, err = cookiejar.New(nil)
+	if timeout {
+		r.timeout = ReceiveTimeout
+	}
+
+	r.jar, err = cookiejar.New(nil)
 	if err != nil {
 		return nil, err
 	}

From 7d1a57a5bef46fe21d36dc7eb3326f7cbd4687e2 Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Wed, 18 Jun 2014 10:51:44 -0400
Subject: [PATCH 004/516] Increase size of buffer for signals

The chan struct used to forward signals to containers was one element only,
which caused some signals to be dropped when many were being received.
Increasing the size of the chan buffer makes this much less likely to happen.

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: 06cd125e64c30886f66e6490a1cd4e7a7ba23655
Component: engine
---
 components/engine/api/client/commands.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index a6a2e35539..0a30bc3d5b 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -535,7 +535,7 @@ func (cli *DockerCli) CmdRestart(args ...string) error {
 }
 
 func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
-	sigc := make(chan os.Signal, 1)
+	sigc := make(chan os.Signal, 128)
 	signal.CatchAll(sigc)
 	go func() {
 		for s := range sigc {

From 2ad31b8e2f8a323694f5fa971afcb954bb0ccba7 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Fri, 20 Jun 2014 09:40:29 -0400
Subject: [PATCH 005/516] Add cpuguy83 as volumes maintainer

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: ff1ea0064b49bd1d72cafe5d02be9eab4d54b683
Component: engine
---
 components/engine/daemon/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 components/engine/daemon/MAINTAINERS

diff --git a/components/engine/daemon/MAINTAINERS b/components/engine/daemon/MAINTAINERS
new file mode 100644
index 0000000000..7ab013cd82
--- /dev/null
+++ b/components/engine/daemon/MAINTAINERS
@@ -0,0 +1 @@
+volumes.go: Brian Goff <cpuguy83@gmail.com> (@cpuguy83)

From 3ee2658a4c6bfdc6713ecd64b278067f7e11bfee Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Fri, 20 Jun 2014 12:22:31 -0400
Subject: [PATCH 006/516] Escape control and nonprintable characters in docker
 ps

The docker ps command displays the user-entered command running in a container.
If that command contained \n, \t, or other control characters, they were
interpreted literally, and newlines and tabs would be printed in the output.
Escape the command string to make things more readable.

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: f55fa8211b6faf08091dd99ed8e5e3f08ab9cf1f
Component: engine
---
 components/engine/api/client/commands.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 0cdf3f1acb..8f76b6e26a 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1476,6 +1476,7 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 				outCommand = out.Get("Command")
 				ports      = engine.NewTable("", 0)
 			)
+			outCommand = strconv.Quote(outCommand)
 			if !*noTrunc {
 				outCommand = utils.Trunc(outCommand, 20)
 			}

From 417ba2a8cb60717b11b7b1081baad2e417eb97a7 Mon Sep 17 00:00:00 2001
From: Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
Date: Tue, 24 Jun 2014 11:57:24 +0530
Subject: [PATCH 007/516] Fix typo in README.md Upstream-commit:
 21e258d7328e56fd451e6ed0324cff094ec70798 Component: engine

---
 components/engine/daemon/graphdriver/devmapper/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index c8ab1d1ee1..d97baaeab2 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -17,7 +17,7 @@ stored in the `$graph/devicemapper/json` file (encoded as Json).
 
 In order to support multiple devicemapper graphs on a system the thin
 pool will be named something like: `docker-0:33-19478248-pool`, where
-the `0:30` part is the minor/major device nr and `19478248` is the
+the `0:33` part is the minor/major device nr and `19478248` is the
 inode number of the $graph directory.
 
 On the thin pool docker automatically creates a base thin device,

From 28d12ecd022e4d11502cc1591396f12700810f32 Mon Sep 17 00:00:00 2001
From: Jonathan Camp <jonathan@irondojo.com>
Date: Mon, 26 May 2014 09:40:24 +0200
Subject: [PATCH 008/516] Replace dashes in link name with underscores

Docker-DCO-1.1-Signed-off-by: Jonathan Camp <jonathan@irondojo.com> (github: kung-foo)
Upstream-commit: 6e74754a504e80378ed56ec765d62b762f80fcb4
Component: engine
---
 components/engine/links/links.go      |  2 +-
 components/engine/links/links_test.go | 30 +++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/components/engine/links/links.go b/components/engine/links/links.go
index 7665a06a11..45c1935c20 100644
--- a/components/engine/links/links.go
+++ b/components/engine/links/links.go
@@ -49,7 +49,7 @@ func (l *Link) Alias() string {
 
 func (l *Link) ToEnv() []string {
 	env := []string{}
-	alias := strings.ToUpper(l.Alias())
+	alias := strings.Replace(strings.ToUpper(l.Alias()), "-", "_", -1)
 
 	if p := l.getDefaultPort(); p != nil {
 		env = append(env, fmt.Sprintf("%s_PORT=%s://%s:%s", alias, p.Proto(), l.ChildIP, p.Port()))
diff --git a/components/engine/links/links_test.go b/components/engine/links/links_test.go
index e66f9bfb78..e79ef1a136 100644
--- a/components/engine/links/links_test.go
+++ b/components/engine/links/links_test.go
@@ -6,6 +6,36 @@ import (
 	"testing"
 )
 
+func TestLinkNaming(t *testing.T) {
+	ports := make(nat.PortSet)
+	ports[nat.Port("6379/tcp")] = struct{}{}
+
+	link, err := NewLink("172.0.17.3", "172.0.17.2", "/db/docker-1", nil, ports, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rawEnv := link.ToEnv()
+	env := make(map[string]string, len(rawEnv))
+	for _, e := range rawEnv {
+		parts := strings.Split(e, "=")
+		if len(parts) != 2 {
+			t.FailNow()
+		}
+		env[parts[0]] = parts[1]
+	}
+
+	value, ok := env["DOCKER_1_PORT"]
+
+	if !ok {
+		t.Fatalf("DOCKER_1_PORT not found in env")
+	}
+
+	if value != "tcp://172.0.17.2:6379" {
+		t.Fatalf("Expected 172.0.17.2:6379, got %s", env["DOCKER_1_PORT"])
+	}
+}
+
 func TestLinkNew(t *testing.T) {
 	ports := make(nat.PortSet)
 	ports[nat.Port("6379/tcp")] = struct{}{}

From 157a125d05675ad67d6dec42cb0b7219f1e5b752 Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Fri, 20 Jun 2014 11:45:42 -0400
Subject: [PATCH 009/516] devmapper: fix reloadPool() to also specify '1
 skip_block_zeroing'

createPool() and reloadPool() should be consistent with the thin-pool
table params they use.

Since createPool() specifies '1 skip_block_zeroing' reloadPool() should
too.  Otherwise, if the pool is reloaded (as is done when resizing
loopback devices) block zeroing will be enabled after the reload
completes.

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: d420134fa2ea8ceedf2a9a64263d09b308263c2c
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/devmapper.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index a6602c276e..2590ec0fc1 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -369,7 +369,7 @@ func reloadPool(poolName string, dataFile, metadataFile *os.File) error {
 		return fmt.Errorf("Can't get data size %s", err)
 	}
 
-	params := metadataFile.Name() + " " + dataFile.Name() + " 128 32768"
+	params := metadataFile.Name() + " " + dataFile.Name() + " 128 32768 1 skip_block_zeroing"
 	if err := task.AddTarget(0, size/512, "thin-pool", params); err != nil {
 		return fmt.Errorf("Can't add target %s", err)
 	}

From d61150b2d43fa003d2200ffb1348cecff9fd559b Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Mon, 23 Jun 2014 15:36:08 -0400
Subject: [PATCH 010/516] devmapper: use RAMInBytes() rather than
 FromHumanSize()

Device Mapper needs device sizes in binary (1024) multiples.  Otherwise
kernel checks can find that the specified thin-pool device sizes aren't
a multiple of the specified thin-pool blocksize.

The name for "RAMInBytes" is likely too narrow given the new consumers
but... Also add "tebibyte" support to RAMInBytes.

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: 2470a5ed999d9dc8d4b9bd250727ac13964db5b3
Component: engine
---
 .../engine/daemon/graphdriver/devmapper/deviceset.go      | 6 +++---
 components/engine/pkg/units/size.go                       | 8 +++++---
 components/engine/pkg/units/size_test.go                  | 3 +++
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 31c3f391e4..b0e0819ba8 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -1170,19 +1170,19 @@ func NewDeviceSet(root string, doInit bool, options []string) (*DeviceSet, error
 		key = strings.ToLower(key)
 		switch key {
 		case "dm.basesize":
-			size, err := units.FromHumanSize(val)
+			size, err := units.RAMInBytes(val)
 			if err != nil {
 				return nil, err
 			}
 			devices.baseFsSize = uint64(size)
 		case "dm.loopdatasize":
-			size, err := units.FromHumanSize(val)
+			size, err := units.RAMInBytes(val)
 			if err != nil {
 				return nil, err
 			}
 			devices.dataLoopbackSize = size
 		case "dm.loopmetadatasize":
-			size, err := units.FromHumanSize(val)
+			size, err := units.RAMInBytes(val)
 			if err != nil {
 				return nil, err
 			}
diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 480ec2f141..e0eec3ec7d 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -58,11 +58,11 @@ func FromHumanSize(size string) (int64, error) {
 }
 
 // Parses a human-readable string representing an amount of RAM
-// in bytes, kibibytes, mebibytes or gibibytes, and returns the
-// number of bytes, or -1 if the string is unparseable.
+// in bytes, kibibytes, mebibytes, gibibytes, or tebibytes and
+// returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
 func RAMInBytes(size string) (bytes int64, err error) {
-	re, error := regexp.Compile("^(\\d+)([kKmMgG])?[bB]?$")
+	re, error := regexp.Compile("^(\\d+)([kKmMgGtT])?[bB]?$")
 	if error != nil {
 		return -1, error
 	}
@@ -86,6 +86,8 @@ func RAMInBytes(size string) (bytes int64, err error) {
 		memLimit *= 1024 * 1024
 	} else if unit == "g" {
 		memLimit *= 1024 * 1024 * 1024
+	} else if unit == "t" {
+		memLimit *= 1024 * 1024 * 1024 * 1024
 	}
 
 	return memLimit, nil
diff --git a/components/engine/pkg/units/size_test.go b/components/engine/pkg/units/size_test.go
index 5240bbd9f0..2c4982b16f 100644
--- a/components/engine/pkg/units/size_test.go
+++ b/components/engine/pkg/units/size_test.go
@@ -64,7 +64,10 @@ func TestRAMInBytes(t *testing.T) {
 	assertRAMInBytes(t, "32kb", false, 32*1024)
 	assertRAMInBytes(t, "32Kb", false, 32*1024)
 	assertRAMInBytes(t, "32Mb", false, 32*1024*1024)
+	assertRAMInBytes(t, "32MB", false, 32*1024*1024)
 	assertRAMInBytes(t, "32Gb", false, 32*1024*1024*1024)
+	assertRAMInBytes(t, "32G", false, 32*1024*1024*1024)
+	assertRAMInBytes(t, "32Tb", false, 32*1024*1024*1024*1024)
 
 	assertRAMInBytes(t, "", true, -1)
 	assertRAMInBytes(t, "hello", true, -1)

From e00d89f257dce9ec1c666b084646041e2d9f1ed7 Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Fri, 20 Jun 2014 11:53:18 -0400
Subject: [PATCH 011/516] devmapper: Add option for specifying the thin pool
 blocksize

Add dm.blocksize option that you can use with --storage-opt to set a
specific blocksize for the thin provisioning pool.

Also change the default dm-thin-pool blocksize from 64K to 512K.  This
strikes a balance between the desire to have smaller blocksize given
docker's use of snapshots versus the desire to have more performance
that comes with using a larger blocksize.  But if very small files will
be used on average the user is encouraged to override this default.

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: 09ee269d998ad04733ef577739fa051df9d3f12e
Component: engine
---
 .../engine/daemon/graphdriver/devmapper/README.md  |  8 ++++++++
 .../daemon/graphdriver/devmapper/deviceset.go      | 14 ++++++++++++--
 .../daemon/graphdriver/devmapper/devmapper.go      |  8 ++++----
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index c8ab1d1ee1..849cfce64c 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -126,6 +126,14 @@ Here is the list of supported options:
 
     ``docker -d --storage-opt dm.datadev=/dev/sdb1 --storage-opt dm.metadatadev=/dev/sdc1``
 
+ *  `dm.blocksize`
+
+    Specifies a custom blocksize to use for the thin pool.
+
+    Example use:
+
+    ``docker -d --storage-opt dm.blocksize=64K``
+
  *  `dm.blkdiscard`
 
     Enables or disables the use of blkdiscard when removing
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index b0e0819ba8..c42d9c5a72 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -28,6 +28,7 @@ var (
 	DefaultDataLoopbackSize     int64  = 100 * 1024 * 1024 * 1024
 	DefaultMetaDataLoopbackSize int64  = 2 * 1024 * 1024 * 1024
 	DefaultBaseFsSize           uint64 = 10 * 1024 * 1024 * 1024
+	DefaultThinpBlockSize       uint32  = 1024 // 512K = 1024 512b sectors
 )
 
 type DevInfo struct {
@@ -78,6 +79,7 @@ type DeviceSet struct {
 	dataDevice           string
 	metadataDevice       string
 	doBlkDiscard         bool
+	thinpBlockSize       uint32
 }
 
 type DiskUsage struct {
@@ -510,7 +512,7 @@ func (devices *DeviceSet) ResizePool(size int64) error {
 	}
 
 	// Reload with the new block sizes
-	if err := reloadPool(devices.getPoolName(), dataloopback, metadataloopback); err != nil {
+	if err := reloadPool(devices.getPoolName(), dataloopback, metadataloopback, devices.thinpBlockSize); err != nil {
 		return fmt.Errorf("Unable to reload pool: %s", err)
 	}
 
@@ -640,7 +642,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 		}
 		defer metadataFile.Close()
 
-		if err := createPool(devices.getPoolName(), dataFile, metadataFile); err != nil {
+		if err := createPool(devices.getPoolName(), dataFile, metadataFile, devices.thinpBlockSize); err != nil {
 			return err
 		}
 	}
@@ -1159,6 +1161,7 @@ func NewDeviceSet(root string, doInit bool, options []string) (*DeviceSet, error
 		baseFsSize:           DefaultBaseFsSize,
 		filesystem:           "ext4",
 		doBlkDiscard:         true,
+		thinpBlockSize:       DefaultThinpBlockSize,
 	}
 
 	foundBlkDiscard := false
@@ -1206,6 +1209,13 @@ func NewDeviceSet(root string, doInit bool, options []string) (*DeviceSet, error
 			if err != nil {
 				return nil, err
 			}
+		case "dm.blocksize":
+			size, err := units.RAMInBytes(val)
+			if err != nil {
+				return nil, err
+			}
+			// convert to 512b sectors
+			devices.thinpBlockSize = uint32(size) >> 9
 		default:
 			return nil, fmt.Errorf("Unknown option %s\n", key)
 		}
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index 2590ec0fc1..ee4f2a8159 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -328,7 +328,7 @@ func BlockDeviceDiscard(path string) error {
 }
 
 // This is the programmatic example of "dmsetup create"
-func createPool(poolName string, dataFile, metadataFile *os.File) error {
+func createPool(poolName string, dataFile, metadataFile *os.File, poolBlockSize uint32) error {
 	task, err := createTask(DeviceCreate, poolName)
 	if task == nil {
 		return err
@@ -339,7 +339,7 @@ func createPool(poolName string, dataFile, metadataFile *os.File) error {
 		return fmt.Errorf("Can't get data size %s", err)
 	}
 
-	params := metadataFile.Name() + " " + dataFile.Name() + " 128 32768 1 skip_block_zeroing"
+	params := fmt.Sprintf("%s %s %d 32768 1 skip_block_zeroing", metadataFile.Name(), dataFile.Name(), poolBlockSize)
 	if err := task.AddTarget(0, size/512, "thin-pool", params); err != nil {
 		return fmt.Errorf("Can't add target %s", err)
 	}
@@ -358,7 +358,7 @@ func createPool(poolName string, dataFile, metadataFile *os.File) error {
 	return nil
 }
 
-func reloadPool(poolName string, dataFile, metadataFile *os.File) error {
+func reloadPool(poolName string, dataFile, metadataFile *os.File, poolBlockSize uint32) error {
 	task, err := createTask(DeviceReload, poolName)
 	if task == nil {
 		return err
@@ -369,7 +369,7 @@ func reloadPool(poolName string, dataFile, metadataFile *os.File) error {
 		return fmt.Errorf("Can't get data size %s", err)
 	}
 
-	params := metadataFile.Name() + " " + dataFile.Name() + " 128 32768 1 skip_block_zeroing"
+	params := fmt.Sprintf("%s %s %d 32768 1 skip_block_zeroing", metadataFile.Name(), dataFile.Name(), poolBlockSize)
 	if err := task.AddTarget(0, size/512, "thin-pool", params); err != nil {
 		return fmt.Errorf("Can't add target %s", err)
 	}

From bda9d074fe27d5dc88986ca42fb015df2c92513c Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Tue, 24 Jun 2014 12:43:45 -0400
Subject: [PATCH 012/516] devmapper: remove extra space in
 DefaultThinpBlockSize assignment

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: f9c078ef38106d00de7774374f3ac71bb0d562d3
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/deviceset.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index c42d9c5a72..61ba81852d 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -28,7 +28,7 @@ var (
 	DefaultDataLoopbackSize     int64  = 100 * 1024 * 1024 * 1024
 	DefaultMetaDataLoopbackSize int64  = 2 * 1024 * 1024 * 1024
 	DefaultBaseFsSize           uint64 = 10 * 1024 * 1024 * 1024
-	DefaultThinpBlockSize       uint32  = 1024 // 512K = 1024 512b sectors
+	DefaultThinpBlockSize       uint32 = 1024 // 512K = 1024 512b sectors
 )
 
 type DevInfo struct {

From fbe2366f74a7668540bccf2f4638e109f57b78ac Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Thu, 26 Jun 2014 12:06:41 -0400
Subject: [PATCH 013/516] devmapper: document the default DM thin pool
 blocksize

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: 79f217e3501a43326bd532e8eb03182f7488f61c
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index 849cfce64c..ed99d85a93 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -128,7 +128,8 @@ Here is the list of supported options:
 
  *  `dm.blocksize`
 
-    Specifies a custom blocksize to use for the thin pool.
+    Specifies a custom blocksize to use for the thin pool.  The default
+    blocksize is 512K.
 
     Example use:
 

From 9c28be75423453c86db11f288fb397e1c867623b Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Thu, 26 Jun 2014 12:39:16 -0400
Subject: [PATCH 014/516] devmapper: add thin-pool blocksize to the 'docker
 info' output

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: a2f3ce2294bbe998df24edd50f2b571d0b21bac8
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/driver.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/daemon/graphdriver/devmapper/driver.go b/components/engine/daemon/graphdriver/devmapper/driver.go
index cf82ad62ed..29335377f6 100644
--- a/components/engine/daemon/graphdriver/devmapper/driver.go
+++ b/components/engine/daemon/graphdriver/devmapper/driver.go
@@ -54,6 +54,7 @@ func (d *Driver) Status() [][2]string {
 
 	status := [][2]string{
 		{"Pool Name", s.PoolName},
+		{"Pool Blocksize", fmt.Sprintf("%d Kb", s.SectorSize/1024)},
 		{"Data file", s.DataLoopback},
 		{"Metadata file", s.MetadataLoopback},
 		{"Data Space Used", fmt.Sprintf("%.1f Mb", float64(s.Data.Used)/(1024*1024))},

From 018ff8d66c3ce332faf41daec585cbcd8d8ddacd Mon Sep 17 00:00:00 2001
From: Jason Giedymin <jasong@apache.org>
Date: Fri, 20 Jun 2014 07:39:28 -0400
Subject: [PATCH 015/516] Add H3 menu entries for leftnav:

 - Add H3 formatting and entries to leftnav, to docs css.

Docker-DCO-1.1-Signed-off-by: Jason Giedymin <jasong@apache.org> (github: JasonGiedymin)
Upstream-commit: e4742dbb942b9db5f91dfbfb829525bdcac57ae1
Component: engine
---
 components/engine/docs/theme/mkdocs/css/docs.css | 12 ++++++++++++
 components/engine/docs/theme/mkdocs/css/main.css |  2 +-
 components/engine/docs/theme/mkdocs/toc.html     |  9 ++++++---
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/css/docs.css b/components/engine/docs/theme/mkdocs/css/docs.css
index 0f42e22ef7..52f170c141 100644
--- a/components/engine/docs/theme/mkdocs/css/docs.css
+++ b/components/engine/docs/theme/mkdocs/css/docs.css
@@ -24,6 +24,18 @@
   height: 100%;
 }
 
+#leftnav h3 {
+  font-size: 10px;
+  font-weight: 700;
+  color: #394d54;
+  line-height: 1;
+  margin: 0px 0 10px 0;
+  padding-left: 20px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
 .content-body {
   padding: 0px 0px 0px 20px;
 }
diff --git a/components/engine/docs/theme/mkdocs/css/main.css b/components/engine/docs/theme/mkdocs/css/main.css
index 42a7a18a56..b8fc3b48a5 100644
--- a/components/engine/docs/theme/mkdocs/css/main.css
+++ b/components/engine/docs/theme/mkdocs/css/main.css
@@ -902,7 +902,7 @@ div + .form-inline {
   margin-bottom: 22px;
 }
 #leftnav .nav {
-  margin: 0;
+  margin: 0, 0, 20px, 0;
 }
 #leftnav .nav > li > a {
   line-height: 22px;
diff --git a/components/engine/docs/theme/mkdocs/toc.html b/components/engine/docs/theme/mkdocs/toc.html
index 96d15c265c..1de2a4209f 100644
--- a/components/engine/docs/theme/mkdocs/toc.html
+++ b/components/engine/docs/theme/mkdocs/toc.html
@@ -1,5 +1,8 @@
-  {% for toc_item in toc %}
-    {% for toc_item in toc_item.children %}
-      <li class=""><a href="{{ toc_item.url }}">{{ toc_item.title }}</a></li>
+{% for toc_item in toc %}
+  {% for toc_h2_item in toc_item.children %}
+    <li class=""><a href="{{ toc_h2_item.url }}">{{ toc_h2_item.title }}</a></li>
+    {% for toc_h3_item in toc_h2_item.children %}
+      <h3><a href="{{ toc_h3_item.url }}">{{ toc_h3_item.title }}</a></h3>
+    {% endfor %}
   {% endfor %}
 {% endfor %}

From fd631db79c1675c06fa3c3add2284ba8615e1de4 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 28 Jun 2014 23:09:23 -0600
Subject: [PATCH 016/516] Update bash completion for "docker run --link" and
 "docker run -v" to complete on running containers and the local filesystem
 respectively

Also, add completion for "docker run -a" ("stdin", "stdout", and "stderr"), "docker run --env-file" (local filesystem), and some other minor code style tweaks.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 86f06b6deb6e5b9ddb30f781e81cc5b6241e20ae
Component: engine
---
 .../engine/contrib/completion/bash/docker     | 37 +++++++++++++++++--
 1 file changed, 34 insertions(+), 3 deletions(-)

diff --git a/components/engine/contrib/completion/bash/docker b/components/engine/contrib/completion/bash/docker
index 89395560f9..532c2538b9 100755
--- a/components/engine/contrib/completion/bash/docker
+++ b/components/engine/contrib/completion/bash/docker
@@ -485,21 +485,52 @@ _docker_rmi()
 _docker_run()
 {
 	case "$prev" in
-		--cidfile)
+		-a|--attach)
+			COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) )
+			return
+			;;
+		--cidfile|--env-file)
 			_filedir
+			return
 			;;
 		--volumes-from)
 			__docker_containers_all
+			return
 			;;
 		-v|--volume)
-			# TODO something magical with colons and _filedir ?
+			case "$cur" in
+				*:*)
+					# TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine)
+					;;
+				'')
+					COMPREPLY=( $( compgen -W '/' -- "$cur" ) )
+					compopt -o nospace
+					;;
+				/*)
+					_filedir
+					compopt -o nospace
+					;;
+			esac
 			return
 			;;
 		-e|--env)
 			COMPREPLY=( $( compgen -e -- "$cur" ) )
+			compopt -o nospace
 			return
 			;;
-		--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf)
+		--link)
+			case "$cur" in
+				*:*)
+					;;
+				*)
+					__docker_containers_running
+					COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) )
+					compopt -o nospace
+					;;
+			esac
+			return
+			;;
+		--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf)
 			return
 			;;
 		*)

From a5827383a93066f83d4d3cede73db1b481f23561 Mon Sep 17 00:00:00 2001
From: Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
Date: Sun, 29 Jun 2014 16:50:53 +0900
Subject: [PATCH 017/516] Skip lxc_template_unit_test.go on non-Linux platforms

It doesn't work without lxc-start.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
Upstream-commit: dda0ce645995d6dd2b6eb5848c30d305a3d220d2
Component: engine
---
 .../engine/daemon/execdriver/lxc/lxc_template_unit_test.go      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
index a9a67c421c..9e4d33f9e6 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package lxc
 
 import (

From f17116cbd31c254c7b0fae1c0933cb7bda5aadef Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Mon, 30 Jun 2014 10:52:11 +0400
Subject: [PATCH 018/516] Add synchronization in server.Containers

This fixes races between ps and other operations
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: da853e98c94c9ce8001d3d1516ba0fd2614db3b0
Component: engine
---
 components/engine/server/server.go | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 0bbb9f31ca..8be4dcd7b3 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -23,6 +23,7 @@ package server
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -955,22 +956,25 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		}
 	}
 
-	for _, container := range srv.daemon.List() {
+	errLast := errors.New("last container")
+	writeCont := func(container *daemon.Container) error {
+		container.Lock()
+		defer container.Unlock()
 		if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" {
-			continue
+			return nil
 		}
 		if before != "" && !foundBefore {
 			if container.ID == beforeCont.ID {
 				foundBefore = true
 			}
-			continue
+			return nil
 		}
 		if n > 0 && displayed == n {
-			break
+			return errLast
 		}
 		if since != "" {
 			if container.ID == sinceCont.ID {
-				break
+				return errLast
 			}
 		}
 		displayed++
@@ -997,7 +1001,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		out.Set("Status", container.State.String())
 		str, err := container.NetworkSettings.PortMappingAPI().ToListString()
 		if err != nil {
-			return job.Error(err)
+			return err
 		}
 		out.Set("Ports", str)
 		if size {
@@ -1006,6 +1010,16 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 			out.SetInt64("SizeRootFs", sizeRootFs)
 		}
 		outs.Add(out)
+		return nil
+	}
+
+	for _, container := range srv.daemon.List() {
+		if err := writeCont(container); err != nil {
+			if err != errLast {
+				return job.Error(err)
+			}
+			break
+		}
 	}
 	outs.ReverseSort()
 	if _, err := outs.WriteListTo(job.Stdout); err != nil {

From e3c0c2772d7ee8ba16ddecc67f027a53998f4734 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Tue, 1 Jul 2014 21:59:11 +0400
Subject: [PATCH 019/516] Refactoring portallocator

Faster, more documented, less code.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: f387cc1205b79ffbe30b28f5df13da034d8221fd
Component: engine
---
 .../portallocator/portallocator.go            | 138 ++++++++----------
 1 file changed, 63 insertions(+), 75 deletions(-)

diff --git a/components/engine/daemon/networkdriver/portallocator/portallocator.go b/components/engine/daemon/networkdriver/portallocator/portallocator.go
index c722ba98ba..d4fcc6e725 100644
--- a/components/engine/daemon/networkdriver/portallocator/portallocator.go
+++ b/components/engine/daemon/networkdriver/portallocator/portallocator.go
@@ -12,10 +12,22 @@ type portMap struct {
 	last int
 }
 
-type (
-	protocolMap map[string]*portMap
-	ipMapping   map[string]protocolMap
-)
+func newPortMap() *portMap {
+	return &portMap{
+		p: map[int]struct{}{},
+	}
+}
+
+type protoMap map[string]*portMap
+
+func newProtoMap() protoMap {
+	return protoMap{
+		"tcp": newPortMap(),
+		"udp": newPortMap(),
+	}
+}
+
+type ipMapping map[string]protoMap
 
 const (
 	BeginPortRange = 49153
@@ -62,107 +74,83 @@ func (e ErrPortAlreadyAllocated) Error() string {
 	return fmt.Sprintf("Bind for %s:%d failed: port is already allocated", e.ip, e.port)
 }
 
+// RequestPort requests new port from global ports pool for specified ip and proto.
+// If port is 0 it returns first free port. Otherwise it cheks port availability
+// in pool and return that port or error if port is already busy.
 func RequestPort(ip net.IP, proto string, port int) (int, error) {
 	mutex.Lock()
 	defer mutex.Unlock()
 
-	if err := validateProto(proto); err != nil {
+	if proto != "tcp" && proto != "udp" {
+		return 0, ErrUnknownProtocol
+	}
+
+	if ip == nil {
+		ip = defaultIP
+	}
+	ipstr := ip.String()
+	protomap, ok := globalMap[ipstr]
+	if !ok {
+		protomap = newProtoMap()
+		globalMap[ipstr] = protomap
+	}
+	mapping := protomap[proto]
+	if port > 0 {
+		if _, ok := mapping.p[port]; !ok {
+			mapping.p[port] = struct{}{}
+			return port, nil
+		}
+		return 0, NewErrPortAlreadyAllocated(ipstr, port)
+	}
+
+	port, err := mapping.findPort()
+	if err != nil {
 		return 0, err
 	}
-
-	ip = getDefault(ip)
-
-	mapping := getOrCreate(ip)
-
-	if port > 0 {
-		if _, ok := mapping[proto].p[port]; !ok {
-			mapping[proto].p[port] = struct{}{}
-			return port, nil
-		} else {
-			return 0, NewErrPortAlreadyAllocated(ip.String(), port)
-		}
-	} else {
-		port, err := findPort(ip, proto)
-
-		if err != nil {
-			return 0, err
-		}
-
-		return port, nil
-	}
+	return port, nil
 }
 
+// ReleasePort releases port from global ports pool for specified ip and proto.
 func ReleasePort(ip net.IP, proto string, port int) error {
 	mutex.Lock()
 	defer mutex.Unlock()
 
-	ip = getDefault(ip)
-
-	mapping := getOrCreate(ip)[proto]
-	delete(mapping.p, port)
-
+	if ip == nil {
+		ip = defaultIP
+	}
+	protomap, ok := globalMap[ip.String()]
+	if !ok {
+		return nil
+	}
+	delete(protomap[proto].p, port)
 	return nil
 }
 
+// ReleaseAll releases all ports for all ips.
 func ReleaseAll() error {
 	mutex.Lock()
-	defer mutex.Unlock()
-
 	globalMap = ipMapping{}
-
+	mutex.Unlock()
 	return nil
 }
 
-func getOrCreate(ip net.IP) protocolMap {
-	ipstr := ip.String()
-
-	if _, ok := globalMap[ipstr]; !ok {
-		globalMap[ipstr] = protocolMap{
-			"tcp": &portMap{p: map[int]struct{}{}, last: 0},
-			"udp": &portMap{p: map[int]struct{}{}, last: 0},
-		}
-	}
-
-	return globalMap[ipstr]
-}
-
-func findPort(ip net.IP, proto string) (int, error) {
-	mapping := getOrCreate(ip)[proto]
-
-	if mapping.last == 0 {
-		mapping.p[BeginPortRange] = struct{}{}
-		mapping.last = BeginPortRange
+func (pm *portMap) findPort() (int, error) {
+	if pm.last == 0 {
+		pm.p[BeginPortRange] = struct{}{}
+		pm.last = BeginPortRange
 		return BeginPortRange, nil
 	}
 
-	for port := mapping.last + 1; port != mapping.last; port++ {
+	for port := pm.last + 1; port != pm.last; port++ {
 		if port > EndPortRange {
 			port = BeginPortRange
 		}
 
-		if _, ok := mapping.p[port]; !ok {
-			mapping.p[port] = struct{}{}
-			mapping.last = port
+		if _, ok := pm.p[port]; !ok {
+			pm.p[port] = struct{}{}
+			pm.last = port
 			return port, nil
 		}
-
 	}
-
 	return 0, ErrAllPortsAllocated
 }
-
-func getDefault(ip net.IP) net.IP {
-	if ip == nil {
-		return defaultIP
-	}
-
-	return ip
-}
-
-func validateProto(proto string) error {
-	if proto != "tcp" && proto != "udp" {
-		return ErrUnknownProtocol
-	}
-
-	return nil
-}

From 4d29e9b718567a90349ed9bdeb0ce15702a9fb17 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Wed, 2 Jul 2014 18:48:37 +0400
Subject: [PATCH 020/516] Move WriteBroadcaster to separate package as
 BroadcastWriter

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 9d4e80222144c0aef3e78202ecb4904b3ce5ed9b
Component: engine
---
 components/engine/daemon/container.go         |   9 +-
 components/engine/daemon/daemon.go            |   7 +-
 .../utils/broadcastwriter/broadcastwriter.go  |  92 +++++++++++++++
 .../broadcastwriter/broadcastwriter_test.go   | 108 ++++++++++++++++++
 components/engine/utils/utils.go              |  86 --------------
 components/engine/utils/utils_test.go         | 101 ----------------
 6 files changed, 209 insertions(+), 194 deletions(-)
 create mode 100644 components/engine/utils/broadcastwriter/broadcastwriter.go
 create mode 100644 components/engine/utils/broadcastwriter/broadcastwriter_test.go

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 5b41438680..c7a6774601 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -29,6 +29,7 @@ import (
 	"github.com/dotcloud/docker/pkg/symlink"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/utils/broadcastwriter"
 )
 
 const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -66,8 +67,8 @@ type Container struct {
 	ExecDriver     string
 
 	command   *execdriver.Command
-	stdout    *utils.WriteBroadcaster
-	stderr    *utils.WriteBroadcaster
+	stdout    *broadcastwriter.BroadcastWriter
+	stderr    *broadcastwriter.BroadcastWriter
 	stdin     io.ReadCloser
 	stdinPipe io.WriteCloser
 
@@ -502,10 +503,10 @@ func (container *Container) cleanup() {
 			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
 		}
 	}
-	if err := container.stdout.CloseWriters(); err != nil {
+	if err := container.stdout.Close(); err != nil {
 		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
 	}
-	if err := container.stderr.CloseWriters(); err != nil {
+	if err := container.stderr.Close(); err != nil {
 		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
 	}
 	if container.command != nil && container.command.Terminal != nil {
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 9500526f9e..0b51715ecd 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -34,6 +34,7 @@ import (
 	"github.com/dotcloud/docker/pkg/truncindex"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/utils/broadcastwriter"
 )
 
 // Set the max depth to the aufs default that most
@@ -169,8 +170,8 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 	container.daemon = daemon
 
 	// Attach to stdout and stderr
-	container.stderr = utils.NewWriteBroadcaster()
-	container.stdout = utils.NewWriteBroadcaster()
+	container.stderr = broadcastwriter.New()
+	container.stdout = broadcastwriter.New()
 	// Attach to stdin
 	if container.Config.OpenStdin {
 		container.stdin, container.stdinPipe = io.Pipe()
@@ -255,7 +256,7 @@ func (daemon *Daemon) ensureName(container *Container) error {
 	return nil
 }
 
-func (daemon *Daemon) LogToDisk(src *utils.WriteBroadcaster, dst, stream string) error {
+func (daemon *Daemon) LogToDisk(src *broadcastwriter.BroadcastWriter, dst, stream string) error {
 	log, err := os.OpenFile(dst, os.O_RDWR|os.O_APPEND|os.O_CREATE, 0600)
 	if err != nil {
 		return err
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter.go b/components/engine/utils/broadcastwriter/broadcastwriter.go
new file mode 100644
index 0000000000..81ca9e5bdd
--- /dev/null
+++ b/components/engine/utils/broadcastwriter/broadcastwriter.go
@@ -0,0 +1,92 @@
+package broadcastwriter
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/dotcloud/docker/utils"
+)
+
+type BroadcastWriter struct {
+	sync.Mutex
+	buf     *bytes.Buffer
+	streams map[string](map[io.WriteCloser]struct{})
+}
+
+func (w *BroadcastWriter) AddWriter(writer io.WriteCloser, stream string) {
+	w.Lock()
+	if _, ok := w.streams[stream]; !ok {
+		w.streams[stream] = make(map[io.WriteCloser]struct{})
+	}
+	w.streams[stream][writer] = struct{}{}
+	w.Unlock()
+}
+
+func (w *BroadcastWriter) Write(p []byte) (n int, err error) {
+	created := time.Now().UTC()
+	w.Lock()
+	defer w.Unlock()
+	if writers, ok := w.streams[""]; ok {
+		for sw := range writers {
+			if n, err := sw.Write(p); err != nil || n != len(p) {
+				// On error, evict the writer
+				delete(writers, sw)
+			}
+		}
+	}
+	w.buf.Write(p)
+	lines := []string{}
+	for {
+		line, err := w.buf.ReadString('\n')
+		if err != nil {
+			w.buf.Write([]byte(line))
+			break
+		}
+		lines = append(lines, line)
+	}
+
+	if len(lines) != 0 {
+		for stream, writers := range w.streams {
+			if stream == "" {
+				continue
+			}
+			var lp []byte
+			for _, line := range lines {
+				b, err := json.Marshal(&utils.JSONLog{Log: line, Stream: stream, Created: created})
+				if err != nil {
+					utils.Errorf("Error making JSON log line: %s", err)
+				}
+				lp = append(lp, b...)
+				lp = append(lp, '\n')
+			}
+			for sw := range writers {
+				if _, err := sw.Write(lp); err != nil {
+					delete(writers, sw)
+				}
+			}
+		}
+	}
+	return len(p), nil
+}
+
+func (w *BroadcastWriter) Close() error {
+	w.Lock()
+	defer w.Unlock()
+	for _, writers := range w.streams {
+		for w := range writers {
+			w.Close()
+		}
+	}
+	w.streams = make(map[string](map[io.WriteCloser]struct{}))
+	return nil
+}
+
+func New() *BroadcastWriter {
+	return &BroadcastWriter{
+		streams: make(map[string](map[io.WriteCloser]struct{})),
+		buf:     bytes.NewBuffer(nil),
+	}
+}
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter_test.go b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
new file mode 100644
index 0000000000..8d946e2f45
--- /dev/null
+++ b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
@@ -0,0 +1,108 @@
+package broadcastwriter
+
+import (
+	"bytes"
+	"errors"
+
+	"testing"
+)
+
+type dummyWriter struct {
+	buffer      bytes.Buffer
+	failOnWrite bool
+}
+
+func (dw *dummyWriter) Write(p []byte) (n int, err error) {
+	if dw.failOnWrite {
+		return 0, errors.New("Fake fail")
+	}
+	return dw.buffer.Write(p)
+}
+
+func (dw *dummyWriter) String() string {
+	return dw.buffer.String()
+}
+
+func (dw *dummyWriter) Close() error {
+	return nil
+}
+
+func TestBroadcastWriter(t *testing.T) {
+	writer := New()
+
+	// Test 1: Both bufferA and bufferB should contain "foo"
+	bufferA := &dummyWriter{}
+	writer.AddWriter(bufferA, "")
+	bufferB := &dummyWriter{}
+	writer.AddWriter(bufferB, "")
+	writer.Write([]byte("foo"))
+
+	if bufferA.String() != "foo" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+
+	if bufferB.String() != "foo" {
+		t.Errorf("Buffer contains %v", bufferB.String())
+	}
+
+	// Test2: bufferA and bufferB should contain "foobar",
+	// while bufferC should only contain "bar"
+	bufferC := &dummyWriter{}
+	writer.AddWriter(bufferC, "")
+	writer.Write([]byte("bar"))
+
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+
+	if bufferB.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferB.String())
+	}
+
+	if bufferC.String() != "bar" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+
+	// Test3: Test eviction on failure
+	bufferA.failOnWrite = true
+	writer.Write([]byte("fail"))
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+	if bufferC.String() != "barfail" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+	// Even though we reset the flag, no more writes should go in there
+	bufferA.failOnWrite = false
+	writer.Write([]byte("test"))
+	if bufferA.String() != "foobar" {
+		t.Errorf("Buffer contains %v", bufferA.String())
+	}
+	if bufferC.String() != "barfailtest" {
+		t.Errorf("Buffer contains %v", bufferC.String())
+	}
+
+	writer.Close()
+}
+
+type devNullCloser int
+
+func (d devNullCloser) Close() error {
+	return nil
+}
+
+func (d devNullCloser) Write(buf []byte) (int, error) {
+	return len(buf), nil
+}
+
+// This test checks for races. It is only useful when run with the race detector.
+func TestRaceBroadcastWriter(t *testing.T) {
+	writer := New()
+	c := make(chan bool)
+	go func() {
+		writer.AddWriter(devNullCloser(0), "")
+		c <- true
+	}()
+	writer.Write([]byte("hello"))
+	<-c
+}
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 333468d361..ef28aceca7 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -265,21 +265,6 @@ func (r *bufReader) Close() error {
 	return closer.Close()
 }
 
-type WriteBroadcaster struct {
-	sync.Mutex
-	buf     *bytes.Buffer
-	streams map[string](map[io.WriteCloser]struct{})
-}
-
-func (w *WriteBroadcaster) AddWriter(writer io.WriteCloser, stream string) {
-	w.Lock()
-	if _, ok := w.streams[stream]; !ok {
-		w.streams[stream] = make(map[io.WriteCloser]struct{})
-	}
-	w.streams[stream][writer] = struct{}{}
-	w.Unlock()
-}
-
 type JSONLog struct {
 	Log     string    `json:"log,omitempty"`
 	Stream  string    `json:"stream,omitempty"`
@@ -316,77 +301,6 @@ func WriteLog(src io.Reader, dst io.WriteCloser, format string) error {
 	}
 }
 
-type LogFormatter struct {
-	wc         io.WriteCloser
-	timeFormat string
-}
-
-func (w *WriteBroadcaster) Write(p []byte) (n int, err error) {
-	created := time.Now().UTC()
-	w.Lock()
-	defer w.Unlock()
-	if writers, ok := w.streams[""]; ok {
-		for sw := range writers {
-			if n, err := sw.Write(p); err != nil || n != len(p) {
-				// On error, evict the writer
-				delete(writers, sw)
-			}
-		}
-	}
-	w.buf.Write(p)
-	lines := []string{}
-	for {
-		line, err := w.buf.ReadString('\n')
-		if err != nil {
-			w.buf.Write([]byte(line))
-			break
-		}
-		lines = append(lines, line)
-	}
-
-	if len(lines) != 0 {
-		for stream, writers := range w.streams {
-			if stream == "" {
-				continue
-			}
-			var lp []byte
-			for _, line := range lines {
-				b, err := json.Marshal(&JSONLog{Log: line, Stream: stream, Created: created})
-				if err != nil {
-					Errorf("Error making JSON log line: %s", err)
-				}
-				lp = append(lp, b...)
-				lp = append(lp, '\n')
-			}
-			for sw := range writers {
-				if _, err := sw.Write(lp); err != nil {
-					delete(writers, sw)
-				}
-			}
-		}
-	}
-	return len(p), nil
-}
-
-func (w *WriteBroadcaster) CloseWriters() error {
-	w.Lock()
-	defer w.Unlock()
-	for _, writers := range w.streams {
-		for w := range writers {
-			w.Close()
-		}
-	}
-	w.streams = make(map[string](map[io.WriteCloser]struct{}))
-	return nil
-}
-
-func NewWriteBroadcaster() *WriteBroadcaster {
-	return &WriteBroadcaster{
-		streams: make(map[string](map[io.WriteCloser]struct{})),
-		buf:     bytes.NewBuffer(nil),
-	}
-}
-
 func GetTotalUsedFds() int {
 	if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
 		Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)
diff --git a/components/engine/utils/utils_test.go b/components/engine/utils/utils_test.go
index 049c0e30a2..6fd09b97db 100644
--- a/components/engine/utils/utils_test.go
+++ b/components/engine/utils/utils_test.go
@@ -2,7 +2,6 @@ package utils
 
 import (
 	"bytes"
-	"errors"
 	"io"
 	"io/ioutil"
 	"os"
@@ -35,106 +34,6 @@ func TestBufReader(t *testing.T) {
 	}
 }
 
-type dummyWriter struct {
-	buffer      bytes.Buffer
-	failOnWrite bool
-}
-
-func (dw *dummyWriter) Write(p []byte) (n int, err error) {
-	if dw.failOnWrite {
-		return 0, errors.New("Fake fail")
-	}
-	return dw.buffer.Write(p)
-}
-
-func (dw *dummyWriter) String() string {
-	return dw.buffer.String()
-}
-
-func (dw *dummyWriter) Close() error {
-	return nil
-}
-
-func TestWriteBroadcaster(t *testing.T) {
-	writer := NewWriteBroadcaster()
-
-	// Test 1: Both bufferA and bufferB should contain "foo"
-	bufferA := &dummyWriter{}
-	writer.AddWriter(bufferA, "")
-	bufferB := &dummyWriter{}
-	writer.AddWriter(bufferB, "")
-	writer.Write([]byte("foo"))
-
-	if bufferA.String() != "foo" {
-		t.Errorf("Buffer contains %v", bufferA.String())
-	}
-
-	if bufferB.String() != "foo" {
-		t.Errorf("Buffer contains %v", bufferB.String())
-	}
-
-	// Test2: bufferA and bufferB should contain "foobar",
-	// while bufferC should only contain "bar"
-	bufferC := &dummyWriter{}
-	writer.AddWriter(bufferC, "")
-	writer.Write([]byte("bar"))
-
-	if bufferA.String() != "foobar" {
-		t.Errorf("Buffer contains %v", bufferA.String())
-	}
-
-	if bufferB.String() != "foobar" {
-		t.Errorf("Buffer contains %v", bufferB.String())
-	}
-
-	if bufferC.String() != "bar" {
-		t.Errorf("Buffer contains %v", bufferC.String())
-	}
-
-	// Test3: Test eviction on failure
-	bufferA.failOnWrite = true
-	writer.Write([]byte("fail"))
-	if bufferA.String() != "foobar" {
-		t.Errorf("Buffer contains %v", bufferA.String())
-	}
-	if bufferC.String() != "barfail" {
-		t.Errorf("Buffer contains %v", bufferC.String())
-	}
-	// Even though we reset the flag, no more writes should go in there
-	bufferA.failOnWrite = false
-	writer.Write([]byte("test"))
-	if bufferA.String() != "foobar" {
-		t.Errorf("Buffer contains %v", bufferA.String())
-	}
-	if bufferC.String() != "barfailtest" {
-		t.Errorf("Buffer contains %v", bufferC.String())
-	}
-
-	writer.CloseWriters()
-}
-
-type devNullCloser int
-
-func (d devNullCloser) Close() error {
-	return nil
-}
-
-func (d devNullCloser) Write(buf []byte) (int, error) {
-	return len(buf), nil
-}
-
-// This test checks for races. It is only useful when run with the race detector.
-func TestRaceWriteBroadcaster(t *testing.T) {
-	writer := NewWriteBroadcaster()
-	c := make(chan bool)
-	go func() {
-		writer.AddWriter(devNullCloser(0), "")
-		c <- true
-	}()
-	writer.Write([]byte("hello"))
-	<-c
-}
-
 func assertKernelVersion(t *testing.T, a, b *KernelVersionInfo, result int) {
 	if r := CompareKernelVersion(a, b); r != result {
 		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)

From 18c97f39c341d46c02d7851f482888dc0a7e8278 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 17 Mar 2014 17:03:22 +0100
Subject: [PATCH 021/516] server: Break out setHostConfig() from ContainerStart

This will be reused for ContainerCreate

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: a4a80b64a7f6366f7fb94cb8cca042a6324a0e99
Component: engine
---
 components/engine/server/server.go | 46 ++++++++++++++++++------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 3e6de00c1e..b443eba321 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -2035,6 +2035,32 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*imag
 	return match, nil
 }
 
+func (srv *Server) setHostConfig(container *daemon.Container, hostConfig *runconfig.HostConfig) error {
+	// Validate the HostConfig binds. Make sure that:
+	// the source exists
+	for _, bind := range hostConfig.Binds {
+		splitBind := strings.Split(bind, ":")
+		source := splitBind[0]
+
+		// ensure the source exists on the host
+		_, err := os.Stat(source)
+		if err != nil && os.IsNotExist(err) {
+			err = os.MkdirAll(source, 0755)
+			if err != nil {
+				return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
+			}
+		}
+	}
+	// Register any links from the host config before starting the container
+	if err := srv.daemon.RegisterLinks(container, hostConfig); err != nil {
+		return err
+	}
+	container.SetHostConfig(hostConfig)
+	container.ToDisk()
+
+	return nil
+}
+
 func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
 	if len(job.Args) < 1 {
 		return job.Errorf("Usage: %s container_id", job.Name)
@@ -2056,27 +2082,9 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
 	// If no environment was set, then no hostconfig was passed.
 	if len(job.Environ()) > 0 {
 		hostConfig := runconfig.ContainerHostConfigFromJob(job)
-		// Validate the HostConfig binds. Make sure that:
-		// the source exists
-		for _, bind := range hostConfig.Binds {
-			splitBind := strings.Split(bind, ":")
-			source := splitBind[0]
-
-			// ensure the source exists on the host
-			_, err := os.Stat(source)
-			if err != nil && os.IsNotExist(err) {
-				err = os.MkdirAll(source, 0755)
-				if err != nil {
-					return job.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
-				}
-			}
-		}
-		// Register any links from the host config before starting the container
-		if err := srv.daemon.RegisterLinks(container, hostConfig); err != nil {
+		if err := srv.setHostConfig(container, hostConfig); err != nil {
 			return job.Error(err)
 		}
-		container.SetHostConfig(hostConfig)
-		container.ToDisk()
 	}
 	if err := container.Start(); err != nil {
 		return job.Errorf("Cannot start container %s: %s", name, err)

From c4b0fae9528e13fba0f152960d50f745ba86e79a Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mrunalp@gmail.com>
Date: Wed, 2 Jul 2014 16:33:14 -0400
Subject: [PATCH 022/516] api.DockerCli: Extract pullImage into separate
 function

This lets us reuse this code later.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 2b3959c414ffe9403e53617ed1a160c1daabeeaa
Component: engine
---
 components/engine/api/client/commands.go | 66 +++++++++++++-----------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 2d9c74f432..93470c2918 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1894,6 +1894,41 @@ func (cli *DockerCli) CmdTag(args ...string) error {
 	return nil
 }
 
+func (cli *DockerCli) pullImage(image string) error {
+	v := url.Values{}
+	repos, tag := utils.ParseRepositoryTag(image)
+	// pull only the image tagged 'latest' if no tag was specified
+	if tag == "" {
+		tag = "latest"
+	}
+	v.Set("fromImage", repos)
+	v.Set("tag", tag)
+
+	// Resolve the Repository name from fqn to hostname + name
+	hostname, _, err := registry.ResolveRepositoryName(repos)
+	if err != nil {
+		return err
+	}
+
+	// Load the auth config file, to be able to pull the image
+	cli.LoadConfigFile()
+
+	// Resolve the Auth config relevant for this server
+	authConfig := cli.configFile.ResolveAuthConfig(hostname)
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return err
+	}
+
+	registryAuthHeader := []string{
+		base64.URLEncoding.EncodeToString(buf),
+	}
+	if err = cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.err, map[string][]string{"X-Registry-Auth": registryAuthHeader}); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (cli *DockerCli) CmdRun(args ...string) error {
 	// FIXME: just use runconfig.Parse already
 	config, hostConfig, cmd, err := runconfig.ParseSubcommand(cli.Subcmd("run", "[OPTIONS] IMAGE [COMMAND] [ARG...]", "Run a command in a new container"), args, nil)
@@ -1955,37 +1990,10 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 	if statusCode == 404 {
 		fmt.Fprintf(cli.err, "Unable to find image '%s' locally\n", config.Image)
 
-		v := url.Values{}
-		repos, tag := utils.ParseRepositoryTag(config.Image)
-		// pull only the image tagged 'latest' if no tag was specified
-		if tag == "" {
-			tag = "latest"
-		}
-		v.Set("fromImage", repos)
-		v.Set("tag", tag)
-
-		// Resolve the Repository name from fqn to hostname + name
-		hostname, _, err := registry.ResolveRepositoryName(repos)
-		if err != nil {
-			return err
-		}
-
-		// Load the auth config file, to be able to pull the image
-		cli.LoadConfigFile()
-
-		// Resolve the Auth config relevant for this server
-		authConfig := cli.configFile.ResolveAuthConfig(hostname)
-		buf, err := json.Marshal(authConfig)
-		if err != nil {
-			return err
-		}
-
-		registryAuthHeader := []string{
-			base64.URLEncoding.EncodeToString(buf),
-		}
-		if err = cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.err, map[string][]string{"X-Registry-Auth": registryAuthHeader}); err != nil {
+		if err = cli.pullImage(config.Image); err != nil {
 			return err
 		}
+		// Retry
 		if stream, _, err = cli.call("POST", "/containers/create?"+containerValues.Encode(), config, false); err != nil {
 			return err
 		}

From 8ae73ea011d8784482d3f9388b2df60329d7b913 Mon Sep 17 00:00:00 2001
From: Fabio Falci <fabiofalci@gmail.com>
Date: Fri, 27 Jun 2014 16:47:32 +0100
Subject: [PATCH 023/516] Move `docker restart` tests to integration cli

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 9da6c80533f80060575840e1e2fd80cc11826f7b
Component: engine
---
 .../docker_cli_restart_test.go                | 122 ++++++++++++++++++
 .../engine/integration/container_test.go      |  75 -----------
 2 files changed, 122 insertions(+), 75 deletions(-)
 create mode 100644 components/engine/integration-cli/docker_cli_restart_test.go

diff --git a/components/engine/integration-cli/docker_cli_restart_test.go b/components/engine/integration-cli/docker_cli_restart_test.go
new file mode 100644
index 0000000000..c62f108cc7
--- /dev/null
+++ b/components/engine/integration-cli/docker_cli_restart_test.go
@@ -0,0 +1,122 @@
+package main
+
+import (
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestDockerRestartStoppedContainer(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "echo", "foobar")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	runCmd = exec.Command(dockerBinary, "wait", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out != "foobar\n" {
+		t.Errorf("container should've printed 'foobar'")
+	}
+
+	runCmd = exec.Command(dockerBinary, "restart", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out != "foobar\nfoobar\n" {
+		t.Errorf("container should've printed 'foobar' twice")
+	}
+
+	deleteAllContainers()
+
+	logDone("restart - echo foobar for stopped container")
+}
+
+func TestDockerRestartRunningContainer(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", "echo foobar && sleep 30 && echo 'should not print this'")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out != "foobar\n" {
+		t.Errorf("container should've printed 'foobar'")
+	}
+
+	runCmd = exec.Command(dockerBinary, "restart", "-t", "1", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out != "foobar\nfoobar\n" {
+		t.Errorf("container should've printed 'foobar' twice")
+	}
+
+	deleteAllContainers()
+
+	logDone("restart - echo foobar for running container")
+}
+
+// Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
+func TestDockerRestartWithVolumes(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "-v", "/test", "busybox", "top")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	runCmd = exec.Command(dockerBinary, "inspect", "--format", "{{ len .Volumes }}", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out = strings.Trim(out, " \n\r"); out != "1" {
+		t.Errorf("expect 1 volume received %s", out)
+	}
+
+	runCmd = exec.Command(dockerBinary, "inspect", "--format", "{{ .Volumes }}", cleanedContainerID)
+	volumes, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, volumes)
+
+	runCmd = exec.Command(dockerBinary, "restart", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	runCmd = exec.Command(dockerBinary, "inspect", "--format", "{{ len .Volumes }}", cleanedContainerID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if out = strings.Trim(out, " \n\r"); out != "1" {
+		t.Errorf("expect 1 volume after restart received %s", out)
+	}
+
+	runCmd = exec.Command(dockerBinary, "inspect", "--format", "{{ .Volumes }}", cleanedContainerID)
+	volumesAfterRestart, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, volumesAfterRestart)
+
+	if volumes != volumesAfterRestart {
+		volumes = strings.Trim(volumes, " \n\r")
+		volumesAfterRestart = strings.Trim(volumesAfterRestart, " \n\r")
+		t.Errorf("expected volume path: %s Actual path: %s", volumes, volumesAfterRestart)
+	}
+
+	deleteAllContainers()
+
+	logDone("restart - does not create a new volume on restart")
+}
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index 48b3321a50..e70da5f14d 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -71,37 +71,6 @@ func TestKillDifferentUser(t *testing.T) {
 	}
 }
 
-func TestRestart(t *testing.T) {
-	daemon := mkDaemon(t)
-	defer nuke(daemon)
-	container, _, err := daemon.Create(&runconfig.Config{
-		Image: GetTestImage(daemon).ID,
-		Cmd:   []string{"echo", "-n", "foobar"},
-	},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer daemon.Destroy(container)
-	output, err := container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if string(output) != "foobar" {
-		t.Error(string(output))
-	}
-
-	// Run the container again and check the output
-	output, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if string(output) != "foobar" {
-		t.Error(string(output))
-	}
-}
-
 func TestRestartStdin(t *testing.T) {
 	daemon := mkDaemon(t)
 	defer nuke(daemon)
@@ -526,47 +495,3 @@ func TestBindMounts(t *testing.T) {
 		t.Fatal("Container failed to write to bind mount file")
 	}
 }
-
-// Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
-func TestRestartWithVolumes(t *testing.T) {
-	daemon := mkDaemon(t)
-	defer nuke(daemon)
-
-	container, _, err := daemon.Create(&runconfig.Config{
-		Image:   GetTestImage(daemon).ID,
-		Cmd:     []string{"echo", "-n", "foobar"},
-		Volumes: map[string]struct{}{"/test": {}},
-	},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer daemon.Destroy(container)
-
-	for key := range container.Config.Volumes {
-		if key != "/test" {
-			t.Fail()
-		}
-	}
-
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := container.Volumes["/test"]
-	if expected == "" {
-		t.Fail()
-	}
-	// Run the container again to verify the volume path persists
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	actual := container.Volumes["/test"]
-	if expected != actual {
-		t.Fatalf("Expected volume path: %s Actual path: %s", expected, actual)
-	}
-}

From 6b22b2d896a41fa37bb360253fc8ec3cb893dea6 Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Wed, 2 Jul 2014 03:52:59 +0200
Subject: [PATCH 024/516] Move TestGetImagesByName

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: f337a52a6ec01684c326a827adbe3d0b8b5f1f53
Component: engine
---
 .../engine/api/server/server_unit_test.go     | 37 +++++++++++++++++++
 .../docker_cli_inspect_test.go                | 22 +++++++++++
 components/engine/integration/api_test.go     | 25 -------------
 3 files changed, 59 insertions(+), 25 deletions(-)
 create mode 100644 components/engine/integration-cli/docker_cli_inspect_test.go

diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index 2d14f89551..f8068a29c5 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -319,6 +319,43 @@ func TestGetImagesHistory(t *testing.T) {
 	}
 }
 
+func TestGetImagesByName(t *testing.T) {
+	eng := engine.New()
+	name := "image_name"
+	var called bool
+	eng.Register("image_inspect", func(job *engine.Job) engine.Status {
+		called = true
+		if job.Args[0] != name {
+			t.Fatalf("name != '%s': %#v", name, job.Args[0])
+		}
+		if api.APIVERSION.LessThan("1.12") && !job.GetenvBool("dirty") {
+			t.Fatal("dirty env variable not set")
+		} else if api.APIVERSION.GreaterThanOrEqualTo("1.12") && job.GetenvBool("dirty") {
+			t.Fatal("dirty env variable set when it shouldn't")
+		}
+		v := &engine.Env{}
+		v.SetBool("dirty", true)
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+	r := serveRequest("GET", "/images/"+name+"/json", nil, eng, t)
+	if !called {
+		t.Fatal("handler was not called")
+	}
+	if r.HeaderMap.Get("Content-Type") != "application/json" {
+		t.Fatalf("%#v\n", r)
+	}
+	var stdoutJson interface{}
+	if err := json.Unmarshal(r.Body.Bytes(), &stdoutJson); err != nil {
+		t.Fatalf("%#v", err)
+	}
+	if stdoutJson.(map[string]interface{})["dirty"].(float64) != 1 {
+		t.Fatalf("%#v", stdoutJson)
+	}
+}
+
 func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
 	r := httptest.NewRecorder()
 	req, err := http.NewRequest(method, target, body)
diff --git a/components/engine/integration-cli/docker_cli_inspect_test.go b/components/engine/integration-cli/docker_cli_inspect_test.go
new file mode 100644
index 0000000000..7e5dd69ae6
--- /dev/null
+++ b/components/engine/integration-cli/docker_cli_inspect_test.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestInspectImage(t *testing.T) {
+	imageTest := "scratch"
+	imageTestId := "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"
+	imagesCmd := exec.Command(dockerBinary, "inspect", "--format='{{.Id}}'", imageTest)
+
+	out, exitCode, err := runCommandWithOutput(imagesCmd)
+	if exitCode != 0 || err != nil {
+		t.Fatalf("failed to inspect image")
+	}
+	if id := strings.TrimSuffix(out, "\n"); id != imageTestId {
+		t.Fatalf("Expected id: %s for image: %s but received id: %s", imageTestId, imageTest, id)
+	}
+	logDone("inspect - inspect an image")
+}
diff --git a/components/engine/integration/api_test.go b/components/engine/integration/api_test.go
index b2e44717a5..f5e5599e3f 100644
--- a/components/engine/integration/api_test.go
+++ b/components/engine/integration/api_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/api/server"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
@@ -124,30 +123,6 @@ func TestGetImagesJSON(t *testing.T) {
 	}
 }
 
-func TestGetImagesByName(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	req, err := http.NewRequest("GET", "/images/"+unitTestImageName+"/json", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	r := httptest.NewRecorder()
-	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r, t)
-
-	img := &image.Image{}
-	if err := json.Unmarshal(r.Body.Bytes(), img); err != nil {
-		t.Fatal(err)
-	}
-	if img.ID != unitTestImageID {
-		t.Errorf("Error inspecting image")
-	}
-}
-
 func TestGetContainersJSON(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkDaemonFromEngine(eng, t).Nuke()

From 1a0c71351cff843770d2da7844c0b3dcd2b16b41 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Sun, 29 Jun 2014 18:01:11 -0400
Subject: [PATCH 025/516] Minor updates and fixes to the CONTRIBUTING doc

* Fixed some uses of docker v. Docker
* Formatting and line wrapping.
* Spelling errors and grammar fixes.

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: d013b76e10262624c9f8ee05b9877e26eb58b516
Component: engine
---
 components/engine/CONTRIBUTING.md | 72 +++++++++++++++++--------------
 1 file changed, 39 insertions(+), 33 deletions(-)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index d07b972eb7..fd15f956a7 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -6,12 +6,17 @@ feels wrong or incomplete.
 
 ## Reporting Issues
 
-When reporting [issues](https://github.com/dotcloud/docker/issues) 
-on GitHub please include your host OS (Ubuntu 12.04, Fedora 19, etc),
-the output of `uname -a` and the output of `docker version` along with
-the output of `docker -D info`. Please include the steps required to reproduce
-the problem if possible and applicable.
-This information will help us review and fix your issue faster.
+When reporting [issues](https://github.com/dotcloud/docker/issues) on
+GitHub please include your host OS (Ubuntu 12.04, Fedora 19, etc).
+Please include:
+
+* The output of `uname -a`.
+* The output of `docker version`.
+* The output of `docker -D info`.
+
+Please also include the steps required to reproduce the problem if
+possible and applicable.  This information will help us review and fix
+your issue faster.
 
 ## Build Environment
 
@@ -34,7 +39,7 @@ received feedback on what to improve.
 We're trying very hard to keep Docker lean and focused. We don't want it
 to do everything for everybody. This means that we might decide against
 incorporating a new feature. However, there might be a way to implement
-that feature *on top of* docker.
+that feature *on top of* Docker.
 
 ### Discuss your design on the mailing list
 
@@ -60,12 +65,12 @@ help prioritize the most common problems and requests.
 
 ### Conventions
 
-Fork the repo and make changes on your fork in a feature branch:
+Fork the repository and make changes on your fork in a feature branch:
 
-- If it's a bugfix branch, name it XXX-something where XXX is the number of the
-  issue
+- If it's a bug fix branch, name it XXXX-something where XXXX is the number of the
+  issue.
 - If it's a feature branch, create an enhancement issue to announce your
-  intentions, and name it XXX-something where XXX is the number of the issue.
+  intentions, and name it XXXX-something where XXXX is the number of the issue.
 
 Submit unit tests for your changes.  Go has a great test framework built in; use
 it! Take a look at existing tests for inspiration. Run the full test suite on
@@ -73,12 +78,12 @@ your branch before submitting a pull request.
 
 Update the documentation when creating or modifying features. Test
 your documentation changes for clarity, concision, and correctness, as
-well as a clean documentation build. See ``docs/README.md`` for more
-information on building the docs and how docs get released.
+well as a clean documentation build. See `docs/README.md` for more
+information on building the docs and how they get released.
 
 Write clean code. Universally formatted code promotes ease of writing, reading,
 and maintenance. Always run `gofmt -s -w file.go` on each changed file before
-committing your changes. Most editors have plugins that do this automatically.
+committing your changes. Most editors have plug-ins that do this automatically.
 
 Pull requests descriptions should be as clear as possible and include a
 reference to all the issues that they address.
@@ -100,21 +105,22 @@ logical units of work using `git rebase -i` and `git push -f`. After every
 commit the test suite should be passing. Include documentation changes in the
 same commit so that a revert would remove all traces of the feature or fix.
 
-Commits that fix or close an issue should include a reference like `Closes #XXX`
-or `Fixes #XXX`, which will automatically close the issue when merged.
+Commits that fix or close an issue should include a reference like
+`Closes #XXXX` or `Fixes #XXXX`, which will automatically close the
+issue when merged.
 
-Please do not add yourself to the AUTHORS file, as it is regenerated
+Please do not add yourself to the `AUTHORS` file, as it is regenerated
 regularly from the Git history.
 
 ### Merge approval
 
-Docker maintainers use LGTM (looks good to me) in comments on the code review
+Docker maintainers use LGTM (Looks Good To Me) in comments on the code review
 to indicate acceptance.
 
 A change requires LGTMs from an absolute majority of the maintainers of each
-component affected. For example, if a change affects docs/ and registry/, it
-needs an absolute majority from the maintainers of docs/ AND, separately, an
-absolute majority of the maintainers of registry.
+component affected. For example, if a change affects `docs/` and `registry/`, it
+needs an absolute majority from the maintainers of `docs/` AND, separately, an
+absolute majority of the maintainers of `registry/`.
 
 For more details see [MAINTAINERS.md](hack/MAINTAINERS.md)
 
@@ -137,7 +143,6 @@ San Francisco, CA 94110 USA
 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
 
-
 Developer's Certificate of Origin 1.1
 
 By making a contribution to this project, I certify that:
@@ -165,20 +170,20 @@ By making a contribution to this project, I certify that:
     this project or the open source license(s) involved.
 ```
 
-then you just add a line to every git commit message:
+Then you just add a line to every git commit message:
 
     Docker-DCO-1.1-Signed-off-by: Joe Smith <joe.smith@email.com> (github: github_handle)
 
-using your real name (sorry, no pseudonyms or anonymous contributions.)
+Using your real name (sorry, no pseudonyms or anonymous contributions.)
 
-One way to automate this, is customise your get ``commit.template`` by adding
-a ``prepare-commit-msg`` hook to your docker checkout:
+One way to automate this, is customize your git `commit.template` by adding
+a `prepare-commit-msg` hook to your Docker repository:
 
 ```
 curl -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
 ```
 
-* Note: the above script expects to find your GitHub user name in ``git config --get github.user``
+* Note: the above script expects to find your GitHub user name in `git config --get github.user`
 
 #### Small patch exception
 
@@ -194,11 +199,12 @@ If you have any questions, please refer to the FAQ in the [docs](http://docs.doc
 
 ### How can I become a maintainer?
 
-* Step 1: learn the component inside out
-* Step 2: make yourself useful by contributing code, bugfixes, support etc.
-* Step 3: volunteer on the irc channel (#docker@freenode)
-* Step 4: propose yourself at a scheduled docker meeting in #docker-dev
+* Step 1: Learn the component inside out
+* Step 2: Make yourself useful by contributing code, bug fixes, support etc.
+* Step 3: Volunteer on the IRC channel (#docker at Freenode)
+* Step 4: Propose yourself at a scheduled docker meeting in #docker-dev
 
-Don't forget: being a maintainer is a time investment. Make sure you will have time to make yourself available.
-You don't have to be a maintainer to make a difference on the project!
+Don't forget: being a maintainer is a time investment. Make sure you
+will have time to make yourself available.  You don't have to be a
+maintainer to make a difference on the project!
 

From 6e61659fda04f1aa094a4492553dc4875b6e8874 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Wed, 2 Jul 2014 21:19:48 -0700
Subject: [PATCH 026/516] Fix 2 docker.com theme regressions on docs.docker.com
 - Hover colours of doc nav wrong - Primary Docs Nav not active when user is
 Logged in.

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: 873241790f802351d36c490046435215b33e4551
Component: engine
---
 components/engine/docs/theme/mkdocs/css/docs.css | 7 ++-----
 components/engine/docs/theme/mkdocs/header.html  | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/css/docs.css b/components/engine/docs/theme/mkdocs/css/docs.css
index 0f42e22ef7..8d7aca2f0c 100644
--- a/components/engine/docs/theme/mkdocs/css/docs.css
+++ b/components/engine/docs/theme/mkdocs/css/docs.css
@@ -56,12 +56,9 @@ ol li {
 #nav_menu > #docsnav > #main-nav > li > a {
   color: #253237;
 }
-#nav_menu > #docsnav > #main-nav > li.dd_on_hover > a {
-  color: #5992a3;
-}
 #nav_menu > #docsnav > #main-nav > li.dd_on_hover {
-  background: #b1d5df;
-  color: #5992a3;
+  background: #d3f1fb;
+  color: #253237;
 }
 #nav_menu > #docsnav > #main-nav > li > span > b {
   border-top-color: #b1d5df !important;
diff --git a/components/engine/docs/theme/mkdocs/header.html b/components/engine/docs/theme/mkdocs/header.html
index 3560929cac..a3b1d9bd78 100644
--- a/components/engine/docs/theme/mkdocs/header.html
+++ b/components/engine/docs/theme/mkdocs/header.html
@@ -24,7 +24,7 @@
     </form>
     <ul class="nav">
       <li><a href="https://registry.hub.docker.com" title="Browse Repos">Browse Repos</a></li>
-      <li><a href="http://docs.docker.com" title="Documentation">Documentation</a></li>
+      <li class="active"><a href="http://docs.docker.com" title="Documentation">Documentation</a></li>
       <li><a href="http://www.docker.com/community/participate/" title="Community">Community</a></li>
       <li><a href="http://www.docker.com/resources/help/" title="Help">Help</a></li>
     </ul>

From ee3e18ed8e5dc364d87a6b1d182a12887b465249 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 3 Jul 2014 08:28:39 +0300
Subject: [PATCH 027/516] update vendored archive/tar to lower allocations

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: b885f61a61df1e8d8f71914e17c2a2861167f96e
Component: engine
---
 components/engine/hack/vendor.sh                    |  6 +++---
 .../p/go/src/pkg/archive/tar/reader.go              | 13 ++++++++-----
 .../p/go/src/pkg/archive/tar/writer.go              |  8 +++++---
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 2ee530a736..b0a89db68d 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -53,9 +53,9 @@ clone hg code.google.com/p/go.net 84a4013f96e0
 
 clone hg code.google.com/p/gosqlite 74691fb6f837
 
-# get Go tip's archive/tar, for xattr support
-# TODO after Go 1.3 drops, bump our minimum supported version and drop this vendored dep
-clone hg code.google.com/p/go 3458ba248590
+# get Go tip's archive/tar, for xattr support and improved performance
+# TODO after Go 1.4 drops, bump our minimum supported version and drop this vendored dep
+clone hg code.google.com/p/go 17404efd6b02
 mv src/code.google.com/p/go/src/pkg/archive/tar tmp-tar
 rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
diff --git a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/reader.go b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/reader.go
index 920a9b08f9..a27559d0f0 100644
--- a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/reader.go
+++ b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/reader.go
@@ -29,10 +29,11 @@ const maxNanoSecondIntSize = 9
 // The Next method advances to the next file in the archive (including the first),
 // and then it can be treated as an io.Reader to access the file's data.
 type Reader struct {
-	r    io.Reader
-	err  error
-	pad  int64          // amount of padding (ignored) after current file entry
-	curr numBytesReader // reader for current file entry
+	r       io.Reader
+	err     error
+	pad     int64           // amount of padding (ignored) after current file entry
+	curr    numBytesReader  // reader for current file entry
+	hdrBuff [blockSize]byte // buffer to use in readHeader
 }
 
 // A numBytesReader is an io.Reader with a numBytes method, returning the number
@@ -426,7 +427,9 @@ func (tr *Reader) verifyChecksum(header []byte) bool {
 }
 
 func (tr *Reader) readHeader() *Header {
-	header := make([]byte, blockSize)
+	header := tr.hdrBuff[:]
+	copy(header, zeroBlock)
+
 	if _, tr.err = io.ReadFull(tr.r, header); tr.err != nil {
 		return nil
 	}
diff --git a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
index 6eff6f6f84..d107dbbb51 100644
--- a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
+++ b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
@@ -37,8 +37,9 @@ type Writer struct {
 	nb         int64 // number of unwritten bytes for current file entry
 	pad        int64 // amount of padding to write after current file entry
 	closed     bool
-	usedBinary bool // whether the binary numeric field extension was used
-	preferPax  bool // use pax header instead of binary numeric header
+	usedBinary bool            // whether the binary numeric field extension was used
+	preferPax  bool            // use pax header instead of binary numeric header
+	hdrBuff    [blockSize]byte // buffer to use in writeHeader
 }
 
 // NewWriter creates a new Writer writing to w.
@@ -160,7 +161,8 @@ func (tw *Writer) writeHeader(hdr *Header, allowPax bool) error {
 	// subsecond time resolution, but for now let's just capture
 	// too long fields or non ascii characters
 
-	header := make([]byte, blockSize)
+	header := tw.hdrBuff[:]
+	copy(header, zeroBlock)
 	s := slicer(header)
 
 	// keep a reference to the filename to allow to overwrite it later if we detect that we can use ustar longnames instead of pax

From eec6ca2f45ca7fec8f094323ca9585a731fe4acc Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Wed, 2 Jul 2014 19:15:56 +0400
Subject: [PATCH 028/516] Benchmark for BroadcastWriter

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: a8d95b7c573dedad26395372dd0d4ff8882f6cb6
Component: engine
---
 .../broadcastwriter/broadcastwriter_test.go   | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/components/engine/utils/broadcastwriter/broadcastwriter_test.go b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
index 8d946e2f45..d5c9152467 100644
--- a/components/engine/utils/broadcastwriter/broadcastwriter_test.go
+++ b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
@@ -106,3 +106,39 @@ func TestRaceBroadcastWriter(t *testing.T) {
 	writer.Write([]byte("hello"))
 	<-c
 }
+
+func BenchmarkBroadcastWriter(b *testing.B) {
+	writer := New()
+	setUpWriter := func() {
+		for i := 0; i < 100; i++ {
+			writer.AddWriter(devNullCloser(0), "stdout")
+			writer.AddWriter(devNullCloser(0), "stderr")
+			writer.AddWriter(devNullCloser(0), "")
+		}
+	}
+	testLine := "Line that thinks that it is log line from docker"
+	var buf bytes.Buffer
+	for i := 0; i < 100; i++ {
+		buf.Write([]byte(testLine + "\n"))
+	}
+	// line without eol
+	buf.Write([]byte(testLine))
+	testText := buf.Bytes()
+	b.SetBytes(int64(5 * len(testText)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StopTimer()
+		setUpWriter()
+		b.StartTimer()
+
+		for j := 0; j < 5; j++ {
+			if _, err := writer.Write(testText); err != nil {
+				b.Fatal(err)
+			}
+		}
+
+		b.StopTimer()
+		writer.Close()
+		b.StartTimer()
+	}
+}

From 31988404b579703d98f0ec0e3ed3928c34fd43ca Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Wed, 2 Jul 2014 23:28:08 +0400
Subject: [PATCH 029/516] BroadcastWriter refactoring

It became slightly faster and lighter
possibly fixes #5923 problems

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 7bdd23bfeec1968a3061e63e24af049837baf4c4
Component: engine
---
 components/engine/daemon/container.go         |  4 +--
 .../utils/broadcastwriter/broadcastwriter.go  | 34 +++++++++----------
 .../broadcastwriter/broadcastwriter_test.go   |  4 +--
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index c7a6774601..419314b8ba 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -503,10 +503,10 @@ func (container *Container) cleanup() {
 			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
 		}
 	}
-	if err := container.stdout.Close(); err != nil {
+	if err := container.stdout.Clean(); err != nil {
 		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
 	}
-	if err := container.stderr.Close(); err != nil {
+	if err := container.stderr.Clean(); err != nil {
 		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
 	}
 	if container.command != nil && container.command.Terminal != nil {
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter.go b/components/engine/utils/broadcastwriter/broadcastwriter.go
index 81ca9e5bdd..9bd2c1471e 100644
--- a/components/engine/utils/broadcastwriter/broadcastwriter.go
+++ b/components/engine/utils/broadcastwriter/broadcastwriter.go
@@ -10,12 +10,16 @@ import (
 	"github.com/dotcloud/docker/utils"
 )
 
+// BroadcastWriter accumulate multiple io.WriteCloser by stream.
 type BroadcastWriter struct {
 	sync.Mutex
 	buf     *bytes.Buffer
 	streams map[string](map[io.WriteCloser]struct{})
 }
 
+// AddWriter adds new io.WriteCloser for stream.
+// If stream is "", then all writes proceed as is. Otherwise every line from
+// input will be packed to serialized utils.JSONLog.
 func (w *BroadcastWriter) AddWriter(writer io.WriteCloser, stream string) {
 	w.Lock()
 	if _, ok := w.streams[stream]; !ok {
@@ -25,10 +29,11 @@ func (w *BroadcastWriter) AddWriter(writer io.WriteCloser, stream string) {
 	w.Unlock()
 }
 
+// Write writes bytes to all writers. Failed writers will be evicted during
+// this call.
 func (w *BroadcastWriter) Write(p []byte) (n int, err error) {
 	created := time.Now().UTC()
 	w.Lock()
-	defer w.Unlock()
 	if writers, ok := w.streams[""]; ok {
 		for sw := range writers {
 			if n, err := sw.Write(p); err != nil || n != len(p) {
@@ -38,49 +43,44 @@ func (w *BroadcastWriter) Write(p []byte) (n int, err error) {
 		}
 	}
 	w.buf.Write(p)
-	lines := []string{}
 	for {
 		line, err := w.buf.ReadString('\n')
 		if err != nil {
 			w.buf.Write([]byte(line))
 			break
 		}
-		lines = append(lines, line)
-	}
-
-	if len(lines) != 0 {
 		for stream, writers := range w.streams {
 			if stream == "" {
 				continue
 			}
-			var lp []byte
-			for _, line := range lines {
-				b, err := json.Marshal(&utils.JSONLog{Log: line, Stream: stream, Created: created})
-				if err != nil {
-					utils.Errorf("Error making JSON log line: %s", err)
-				}
-				lp = append(lp, b...)
-				lp = append(lp, '\n')
+			b, err := json.Marshal(utils.JSONLog{Log: line, Stream: stream, Created: created})
+			if err != nil {
+				utils.Errorf("Error making JSON log line: %s", err)
+				continue
 			}
+			b = append(b, '\n')
 			for sw := range writers {
-				if _, err := sw.Write(lp); err != nil {
+				if _, err := sw.Write(b); err != nil {
 					delete(writers, sw)
 				}
 			}
 		}
 	}
+	w.Unlock()
 	return len(p), nil
 }
 
-func (w *BroadcastWriter) Close() error {
+// Clean closes and removes all writers. Last non-eol-terminated part of data
+// will be saved.
+func (w *BroadcastWriter) Clean() error {
 	w.Lock()
-	defer w.Unlock()
 	for _, writers := range w.streams {
 		for w := range writers {
 			w.Close()
 		}
 	}
 	w.streams = make(map[string](map[io.WriteCloser]struct{}))
+	w.Unlock()
 	return nil
 }
 
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter_test.go b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
index d5c9152467..62ca12659a 100644
--- a/components/engine/utils/broadcastwriter/broadcastwriter_test.go
+++ b/components/engine/utils/broadcastwriter/broadcastwriter_test.go
@@ -82,7 +82,7 @@ func TestBroadcastWriter(t *testing.T) {
 		t.Errorf("Buffer contains %v", bufferC.String())
 	}
 
-	writer.Close()
+	writer.Clean()
 }
 
 type devNullCloser int
@@ -138,7 +138,7 @@ func BenchmarkBroadcastWriter(b *testing.B) {
 		}
 
 		b.StopTimer()
-		writer.Close()
+		writer.Clean()
 		b.StartTimer()
 	}
 }

From 9b1af46554e73a7ba4d742d28302c7f8d009d5ef Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Wed, 4 Jun 2014 16:38:06 -0400
Subject: [PATCH 030/516] Error if Docker daemon starts with BTRFS graph driver
 and SELinux enabled

The Docker btrfs graph driver does not interact well with SELinux at present.
If btrfs mounts the same file in several locations, the same SELinux label will
be applied to all mountpoints. In the context of the graph driver, things such
as shared libraries become inaccessible to containers due to SELInux, causing
all dynamically linked applications to fail when run in a container.

Consequently, error when we detect the daemon is being run with SELinux enabled
and the btrfs driver. Documentation has been added for this behavior.

Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: 4318802f645cdd4fa63a894160f153a69a97af59
Component: engine
---
 components/engine/daemon/daemon.go                          | 5 +++++
 components/engine/docker/docker.go                          | 2 +-
 components/engine/docs/man/docker.1.md                      | 2 +-
 components/engine/docs/sources/reference/commandline/cli.md | 2 +-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 23402d9518..8863407979 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -778,6 +778,11 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	}
 	utils.Debugf("Using graph driver %s", driver)
 
+	// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
+	if config.EnableSelinuxSupport && driver.String() == "btrfs" {
+		return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver!")
+	}
+
 	daemonRepo := path.Join(config.Root, "containers")
 
 	if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 30d43bc6a8..5367e759af 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -66,7 +66,7 @@ func main() {
 		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
 		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
 		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
-		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support")
+		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
 	)
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
 	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
diff --git a/components/engine/docs/man/docker.1.md b/components/engine/docs/man/docker.1.md
index a7a826ed9f..602c6e2ace 100644
--- a/components/engine/docs/man/docker.1.md
+++ b/components/engine/docs/man/docker.1.md
@@ -74,7 +74,7 @@ unix://[/path/to/socket] to use.
   Print version information and quit. Default is false.
 
 **--selinux-enabled**=*true*|*false*
-  Enable selinux support. Default is false.
+  Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver.
 
 # COMMANDS
 **docker-attach(1)**
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 301593f2f1..9a6d27f0eb 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -73,7 +73,7 @@ expect an integer, and they can only be specified once.
       -p, --pidfile="/var/run/docker.pid"        Path to use for daemon PID file
       -r, --restart=true                         Restart previously running containers
       -s, --storage-driver=""                    Force the Docker runtime to use a specific storage driver
-      --selinux-enabled=false                    Enable selinux support
+      --selinux-enabled=false                    Enable selinux support. SELinux does not presently support the BTRFS storage driver
       --storage-opt=[]                           Set storage driver options
       --tls=false                                Use TLS; implied by tls-verify flags
       --tlscacert="/home/sven/.docker/ca.pem"    Trust only remotes providing a certificate signed by the CA given here

From a796dc81bfe74774cf05658cb15212794f0dad48 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 3 Jul 2014 18:01:36 +0000
Subject: [PATCH 031/516] Change version to 1.1.0-dev

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: d55cafb72e25e5ef9b400c1c010e9832ec8b5561
Component: engine
---
 components/engine/VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/VERSION b/components/engine/VERSION
index 9084fa2f71..336c367755 100644
--- a/components/engine/VERSION
+++ b/components/engine/VERSION
@@ -1 +1 @@
-1.1.0
+1.1.0-dev

From 984e0d89c3cee9c9a1f54e493d06087f57ab96c5 Mon Sep 17 00:00:00 2001
From: Tobias Gesellchen <tobias@gesellix.de>
Date: Thu, 3 Jul 2014 22:24:24 +0200
Subject: [PATCH 032/516] docs: add Groovy Docker-Client link

Docker-DCO-1.1-Signed-off-by: Tobias Gesellchen <tobias@gesellix.de> (github: gesellix)
Upstream-commit: 5c246c931eec7ec31a90fc4ae1577eb54f938427
Component: engine
---
 .../sources/reference/api/remote_api_client_libraries.md    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/engine/docs/sources/reference/api/remote_api_client_libraries.md b/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
index d1d26a1ddf..3dcebeedaa 100644
--- a/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
+++ b/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
@@ -140,5 +140,11 @@ will add the libraries here.
       <td><a class="reference external" href="https://github.com/spotify/docker-client">https://github.com/spotify/docker-client</a></td>
       <td>Active</td>
     </tr>
+    <tr class="row-odd">
+      <td>Groovy</td>
+      <td>docker-client</td>
+      <td><a class="reference external" href="https://github.com/gesellix-docker/docker-client">https://github.com/gesellix-docker/docker-client</a></td>
+      <td>Active</td>
+    </tr>
   </tbody>
 </table>

From f9a8a473054044f1738db53ce34d79afe3235986 Mon Sep 17 00:00:00 2001
From: Naoki Orii <norii@cs.cmu.edu>
Date: Thu, 3 Jul 2014 14:02:40 -0700
Subject: [PATCH 033/516] doc fix: remove trailing *

The trailing `*` makes it seem like there is some kind of annotation
Upstream-commit: 6e4b37fffdfc324141aae9f86268db4e8ed7aeb0
Component: engine
---
 .../engine/docs/sources/introduction/understanding-docker.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/introduction/understanding-docker.md b/components/engine/docs/sources/introduction/understanding-docker.md
index c79573a635..18b8d5926a 100644
--- a/components/engine/docs/sources/introduction/understanding-docker.md
+++ b/components/engine/docs/sources/introduction/understanding-docker.md
@@ -55,7 +55,7 @@ Docker's portability and lightweight nature also make dynamically managing
 workloads easy. You can use Docker to quickly scale up or tear down applications
 and services. Docker's speed means that scaling can be near real time.
 
-*Achieving higher density and running more workloads**
+*Achieving higher density and running more workloads*
 
 Docker is lightweight and fast. It provides a viable, cost-effective alternative
 to hypervisor-based virtual machines. This is especially useful in high density

From 0c1cce45f2d601767042933a62faa60bb6060463 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Tue, 1 Jul 2014 16:51:30 -0400
Subject: [PATCH 034/516] Remove dup tests

integration/server_test.go/TestCreateNumberUsername == integration-cli/docker_cli_run_test.go/TestUserByID
integration/server_test.go/TestRmi == integration-cli/docker_cli_images_test.go/TestCLIImageTagRemove

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 0a3abe33f0bd9b7dfc36021b6f10d0857a432d40
Component: engine
---
 components/engine/integration/server_test.go | 99 --------------------
 1 file changed, 99 deletions(-)

diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index 151490cdc6..f70bbb0b77 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -2,7 +2,6 @@ package docker
 
 import (
 	"bytes"
-	"strings"
 	"testing"
 	"time"
 
@@ -23,18 +22,6 @@ func TestCreateNumberHostname(t *testing.T) {
 	createTestContainer(eng, config, t)
 }
 
-func TestCreateNumberUsername(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	config, _, _, err := runconfig.Parse([]string{"-u", "1002", unitTestImageID, "echo test"}, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	createTestContainer(eng, config, t)
-}
-
 func TestCommit(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkDaemonFromEngine(eng, t).Nuke()
@@ -271,92 +258,6 @@ func TestRunWithTooLowMemoryLimit(t *testing.T) {
 	}
 }
 
-func TestRmi(t *testing.T) {
-	eng := NewTestEngine(t)
-	srv := mkServerFromEngine(eng, t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	initialImages := getAllImages(eng, t)
-
-	config, hostConfig, _, err := runconfig.Parse([]string{unitTestImageID, "echo", "test"}, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	containerID := createTestContainer(eng, config, t)
-
-	//To remove
-	job := eng.Job("start", containerID)
-	if err := job.ImportEnv(hostConfig); err != nil {
-		t.Fatal(err)
-	}
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("wait", containerID).Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	job = eng.Job("commit", containerID)
-	job.Setenv("repo", "test")
-	var outputBuffer = bytes.NewBuffer(nil)
-	job.Stdout.Add(outputBuffer)
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("tag", engine.Tail(outputBuffer, 1), "test", "0.1").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	containerID = createTestContainer(eng, config, t)
-
-	//To remove
-	job = eng.Job("start", containerID)
-	if err := job.ImportEnv(hostConfig); err != nil {
-		t.Fatal(err)
-	}
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("wait", containerID).Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	job = eng.Job("commit", containerID)
-	job.Setenv("repo", "test")
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	images := getAllImages(eng, t)
-
-	if images.Len()-initialImages.Len() != 2 {
-		t.Fatalf("Expected 2 new images, found %d.", images.Len()-initialImages.Len())
-	}
-
-	if err = srv.DeleteImage(engine.Tail(outputBuffer, 1), engine.NewTable("", 0), true, false, false); err != nil {
-		t.Fatal(err)
-	}
-
-	images = getAllImages(eng, t)
-
-	if images.Len()-initialImages.Len() != 1 {
-		t.Fatalf("Expected 1 new image, found %d.", images.Len()-initialImages.Len())
-	}
-
-	for _, image := range images.Data {
-		if strings.Contains(unitTestImageID, image.Get("Id")) {
-			continue
-		}
-		if image.GetList("RepoTags")[0] == "<none>:<none>" {
-			t.Fatalf("Expected tagged image, got untagged one.")
-		}
-	}
-}
-
 func TestImagesFilter(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer nuke(mkDaemonFromEngine(eng, t))

From 525592aa62347b1545226ef342aa09fc9d007a9e Mon Sep 17 00:00:00 2001
From: Fabio Falci <fabiofalci@gmail.com>
Date: Thu, 26 Jun 2014 12:03:23 +0100
Subject: [PATCH 035/516] Relax dns search to accept empty domain

In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 804b00cd7d1f084a872211e5043d255c454c8e51
Component: engine
---
 components/engine/docker/docker.go            |   2 +-
 .../integration-cli/docker_cli_run_test.go    | 109 ++++++++++++++++++
 components/engine/opts/opts.go                |  11 +-
 components/engine/opts/opts_test.go           |  14 ++-
 .../pkg/networkfs/resolvconf/resolvconf.go    |   6 +-
 .../networkfs/resolvconf/resolvconf_test.go   |  25 ++++
 components/engine/runconfig/parse.go          |   2 +-
 7 files changed, 158 insertions(+), 11 deletions(-)

diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 30d43bc6a8..147c91d21d 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -52,7 +52,7 @@ func main() {
 		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
 		flDns                = opts.NewListOpts(opts.ValidateIp4Address)
-		flDnsSearch          = opts.NewListOpts(opts.ValidateDomain)
+		flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
 		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
 		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
 		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index eda1b3f0a5..9f52d58d12 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"reflect"
@@ -10,6 +11,8 @@ import (
 	"strings"
 	"sync"
 	"testing"
+
+	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
 )
 
 // "test123" should be printed by docker run
@@ -983,3 +986,109 @@ func TestDisallowBindMountingRootToRoot(t *testing.T) {
 
 	logDone("run - bind mount /:/ as volume should fail")
 }
+
+func TestDnsDefaultOptions(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "busybox", "cat", "/etc/resolv.conf")
+
+	actual, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, actual)
+	}
+
+	resolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	if os.IsNotExist(err) {
+		t.Fatalf("/etc/resolv.conf does not exist")
+	}
+
+	if actual != string(resolvConf) {
+		t.Fatalf("expected resolv.conf is not the same of actual")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - dns default options")
+}
+
+func TestDnsOptions(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf")
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	actual := strings.Replace(strings.Trim(out, "\r\n"), "\n", " ", -1)
+	if actual != "nameserver 127.0.0.1 search mydomain" {
+		t.Fatalf("expected 'nameserver 127.0.0.1 search mydomain', but says: '%s'", actual)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "--dns-search=.", "busybox", "cat", "/etc/resolv.conf")
+
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	actual = strings.Replace(strings.Trim(strings.Trim(out, "\r\n"), " "), "\n", " ", -1)
+	if actual != "nameserver 127.0.0.1" {
+		t.Fatalf("expected 'nameserver 127.0.0.1', but says: '%s'", actual)
+	}
+
+	logDone("run - dns options")
+}
+
+func TestDnsOptionsBasedOnHostResolvConf(t *testing.T) {
+	resolvConf, err := ioutil.ReadFile("/etc/resolv.conf")
+	if os.IsNotExist(err) {
+		t.Fatalf("/etc/resolv.conf does not exist")
+	}
+
+	hostNamservers := resolvconf.GetNameservers(resolvConf)
+	hostSearch := resolvconf.GetSearchDomains(resolvConf)
+
+	cmd := exec.Command(dockerBinary, "run", "--dns=127.0.0.1", "busybox", "cat", "/etc/resolv.conf")
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actualNameservers := resolvconf.GetNameservers([]byte(out)); string(actualNameservers[0]) != "127.0.0.1" {
+		t.Fatalf("expected '127.0.0.1', but says: '%s'", string(actualNameservers[0]))
+	}
+
+	actualSearch := resolvconf.GetSearchDomains([]byte(out))
+	if len(actualSearch) != len(hostSearch) {
+		t.Fatalf("expected '%s' search domain(s), but it has: '%s'", len(hostSearch), len(actualSearch))
+	}
+	for i := range actualSearch {
+		if actualSearch[i] != hostSearch[i] {
+			t.Fatalf("expected '%s' domain, but says: '%s'", actualSearch[i], hostSearch[i])
+		}
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--dns-search=mydomain", "busybox", "cat", "/etc/resolv.conf")
+
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	actualNameservers := resolvconf.GetNameservers([]byte(out))
+	if len(actualNameservers) != len(hostNamservers) {
+		t.Fatalf("expected '%s' nameserver(s), but it has: '%s'", len(hostNamservers), len(actualNameservers))
+	}
+	for i := range actualNameservers {
+		if actualNameservers[i] != hostNamservers[i] {
+			t.Fatalf("expected '%s' nameserver, but says: '%s'", actualNameservers[i], hostNamservers[i])
+		}
+	}
+
+	if actualSearch = resolvconf.GetSearchDomains([]byte(out)); string(actualSearch[0]) != "mydomain" {
+		t.Fatalf("expected 'mydomain', but says: '%s'", string(actualSearch[0]))
+	}
+
+	deleteAllContainers()
+
+	logDone("run - dns options based on host resolv.conf")
+}
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index 67f1c8fd48..d17b57e07c 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -137,7 +137,16 @@ func ValidateIp4Address(val string) (string, error) {
 	return "", fmt.Errorf("%s is not an ip4 address", val)
 }
 
-func ValidateDomain(val string) (string, error) {
+// Validates domain for resolvconf search configuration.
+// A zero length domain is represented by .
+func ValidateDnsSearch(val string) (string, error) {
+	if val = strings.Trim(val, " "); val == "." {
+		return val, nil
+	}
+	return validateDomain(val)
+}
+
+func validateDomain(val string) (string, error) {
 	alpha := regexp.MustCompile(`[a-zA-Z]`)
 	if alpha.FindString(val) == "" {
 		return "", fmt.Errorf("%s is not a valid domain", val)
diff --git a/components/engine/opts/opts_test.go b/components/engine/opts/opts_test.go
index 299cbfe503..b18088b934 100644
--- a/components/engine/opts/opts_test.go
+++ b/components/engine/opts/opts_test.go
@@ -23,8 +23,9 @@ func TestValidateIP4(t *testing.T) {
 
 }
 
-func TestValidateDomain(t *testing.T) {
+func TestValidateDnsSearch(t *testing.T) {
 	valid := []string{
+		`.`,
 		`a`,
 		`a.`,
 		`1.foo`,
@@ -49,7 +50,8 @@ func TestValidateDomain(t *testing.T) {
 
 	invalid := []string{
 		``,
-		`.`,
+		` `,
+		`  `,
 		`17`,
 		`17.`,
 		`.17`,
@@ -65,14 +67,14 @@ func TestValidateDomain(t *testing.T) {
 	}
 
 	for _, domain := range valid {
-		if ret, err := ValidateDomain(domain); err != nil || ret == "" {
-			t.Fatalf("ValidateDomain(`"+domain+"`) got %s %s", ret, err)
+		if ret, err := ValidateDnsSearch(domain); err != nil || ret == "" {
+			t.Fatalf("ValidateDnsSearch(`"+domain+"`) got %s %s", ret, err)
 		}
 	}
 
 	for _, domain := range invalid {
-		if ret, err := ValidateDomain(domain); err == nil || ret != "" {
-			t.Fatalf("ValidateDomain(`"+domain+"`) got %s %s", ret, err)
+		if ret, err := ValidateDnsSearch(domain); err == nil || ret != "" {
+			t.Fatalf("ValidateDnsSearch(`"+domain+"`) got %s %s", ret, err)
 		}
 	}
 }
diff --git a/components/engine/pkg/networkfs/resolvconf/resolvconf.go b/components/engine/pkg/networkfs/resolvconf/resolvconf.go
index d6854fb3b1..38ae56432d 100644
--- a/components/engine/pkg/networkfs/resolvconf/resolvconf.go
+++ b/components/engine/pkg/networkfs/resolvconf/resolvconf.go
@@ -78,8 +78,10 @@ func Build(path string, dns, dnsSearch []string) error {
 		}
 	}
 	if len(dnsSearch) > 0 {
-		if _, err := content.WriteString("search " + strings.Join(dnsSearch, " ") + "\n"); err != nil {
-			return err
+		if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
+			if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
+				return err
+			}
 		}
 	}
 
diff --git a/components/engine/pkg/networkfs/resolvconf/resolvconf_test.go b/components/engine/pkg/networkfs/resolvconf/resolvconf_test.go
index fd20712376..6187acbae7 100644
--- a/components/engine/pkg/networkfs/resolvconf/resolvconf_test.go
+++ b/components/engine/pkg/networkfs/resolvconf/resolvconf_test.go
@@ -131,3 +131,28 @@ func TestBuild(t *testing.T) {
 		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
 	}
 }
+
+func TestBuildWithZeroLengthDomainSearch(t *testing.T) {
+	file, err := ioutil.TempFile("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(file.Name())
+
+	err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"."})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	content, err := ioutil.ReadFile(file.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "nameserver ns1\nnameserver ns2\nnameserver ns3\n"; !bytes.Contains(content, []byte(expected)) {
+		t.Fatalf("Expected to find '%s' got '%s'", expected, content)
+	}
+	if notExpected := "search ."; bytes.Contains(content, []byte(notExpected)) {
+		t.Fatalf("Expected to not find '%s' got '%s'", notExpected, content)
+	}
+}
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index dfd9f4ddd3..ae79186716 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -45,7 +45,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flPublish     opts.ListOpts
 		flExpose      opts.ListOpts
 		flDns         opts.ListOpts
-		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
+		flDnsSearch   = opts.NewListOpts(opts.ValidateDnsSearch)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
 		flEnvFile     opts.ListOpts

From 5ec859dbc34cbbca639be06bf2ea5b6bb7e003a5 Mon Sep 17 00:00:00 2001
From: "hyeongkyu.lee" <hyeongkyu.lee@navercorp.com>
Date: Fri, 4 Jul 2014 17:59:26 +0900
Subject: [PATCH 036/516] Update README.md

Docker-DCO-1.1-Signed-off-by: Hyeongkyu Lee <hyeongkyu.lee@navercorp.com> (github: leeplay)
Upstream-commit: 3f5ab612c8d0c1775a864e4414846b301e6498e9
Component: engine
---
 components/engine/daemonconfig/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemonconfig/README.md b/components/engine/daemonconfig/README.md
index 488e7c7cac..b61df1449e 100644
--- a/components/engine/daemonconfig/README.md
+++ b/components/engine/daemonconfig/README.md
@@ -1,3 +1,3 @@
-This directory contains code pertaining to the configuration of the docker deamon
+This directory contains code pertaining to the configuration of the docker daemon
 
 These are the configuration settings that you pass to the docker daemon when you launch it with say: `docker -d -e lxc`

From 7f05b133742bcbd35fcbebcaa55fb5478dd1b171 Mon Sep 17 00:00:00 2001
From: "hyeongkyu.lee" <hyeongkyu.lee@navercorp.com>
Date: Fri, 4 Jul 2014 18:21:13 +0900
Subject: [PATCH 037/516] Update README.md

Docker-DCO-1.1-Signed-off-by: Hyeongkyu Lee <hyeongkyu.lee@navercorp.com> (github: leeplay)
Upstream-commit: 649b50c0b71a21f8ea6b88c63008a0f909fe4113
Component: engine
---
 components/engine/api/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/api/README.md b/components/engine/api/README.md
index 3ef33f8c29..453f61a1a1 100644
--- a/components/engine/api/README.md
+++ b/components/engine/api/README.md
@@ -1,5 +1,5 @@
 This directory contains code pertaining to the Docker API:
 
- - Used by the docker client when comunicating with the docker deamon
+ - Used by the docker client when communicating with the docker daemon
 
- - Used by third party tools wishing to interface with the docker deamon
+ - Used by third party tools wishing to interface with the docker daemon

From bb9d32707cf348928cf2ffdbf8922286300f4a9f Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Fri, 4 Jul 2014 15:56:23 +1000
Subject: [PATCH 038/516] add client OS and arch to docker version

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: eceacb8334250b9f241b263f28372d5f35ada71d
Component: engine
---
 components/engine/api/client/commands.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index df2125f5f3..c273895594 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -391,6 +391,7 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	if dockerversion.GITCOMMIT != "" {
 		fmt.Fprintf(cli.out, "Git commit (client): %s\n", dockerversion.GITCOMMIT)
 	}
+	fmt.Fprintf(cli.out, "OS/Arch (client): %s/%s\n", runtime.GOOS, runtime.GOARCH)
 
 	body, _, err := readBody(cli.call("GET", "/version", nil, false))
 	if err != nil {

From 5f0247a4bdbc51e77156daa211cc8af09674030f Mon Sep 17 00:00:00 2001
From: Andrew France <andrew@avito.co.uk>
Date: Fri, 4 Jul 2014 12:05:50 +0100
Subject: [PATCH 039/516] Fix "Error while reading file" Fish completion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

An unbalanced single quote caused Fish to fail to load the completion file with `source: Error while reading file “/etc/fish/completions/docker.fish”`.

Docker-DCO-1.1-Signed-off-by: Andrew France <andrew@avito.co.uk> (github: Odaeus)
Upstream-commit: 6ad5fe86590f757eca754d5bb4a599faec63ae30
Component: engine
---
 components/engine/contrib/completion/fish/docker.fish | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/contrib/completion/fish/docker.fish b/components/engine/contrib/completion/fish/docker.fish
index a4a9365f92..ba83526c75 100644
--- a/components/engine/contrib/completion/fish/docker.fish
+++ b/components/engine/contrib/completion/fish/docker.fish
@@ -85,7 +85,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Conf
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
 
 # cp
-complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from a container's filesystem to the host path'
+complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path"
 
 # diff
 complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"

From 8174c1b3a93f066f1534a0f49dc469796781bfdb Mon Sep 17 00:00:00 2001
From: OddBloke <daniel@daniel-watkins.co.uk>
Date: Thu, 3 Jul 2014 12:55:21 +0100
Subject: [PATCH 040/516] Explain ADD invalidation more accurately

And also move it in to the `ADD` section, rather than being hidden in the `RUN` section.

Docker-DCO-1.1-Signed-off-by: Daniel Watkins <daniel@daniel-watkins.co.uk> (github: OddBloke)
Upstream-commit: 20a77aeeb8855ca0189fe9e3292d92b165b08905
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 91190933c9..da7f3ebff2 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -169,9 +169,8 @@ will be reused during the next build.
 The cache for `RUN` instructions can be invalidated by using the `--no-cache`
 flag, for example `docker build --no-cache`.
 
-The first encountered `ADD` instruction will invalidate the cache for all
-following instructions from the 'Dockerfile' if the contents of the context
-have changed. This will also invalidate the cache for `RUN` instructions.
+The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
+[below](#add) for details.
 
 ### Known Issues (RUN)
 
@@ -285,6 +284,11 @@ In the case where `<src>` is a remote file URL, the destination will have permis
 > or use another tool from within the container as ADD does not support
 > authentication.
 
+> **Note**:
+> The first encountered `ADD` instruction will invalidate the cache for all
+> following instructions from the Dockerfile if the contents of `<src>` have
+> changed. This includes invalidating the cache for `RUN` instructions.
+
 The copy obeys the following rules:
 
 - The `<src>` path must be inside the *context* of the build;

From 003b3ea1dffe68ad1538d5397098fa53e65e17ff Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Fri, 4 Jul 2014 18:52:10 +0100
Subject: [PATCH 041/516] Add info to Mount a Host File as a Data Volume

Docker-DCO-1.1-Signed-off-by: Tom Fotherby <github@tomfotherby.com> (github: tomfotherby)
Upstream-commit: cfbe062eb2ba6f1d24ab3b6f9b965a65931d5b07
Component: engine
---
 .../docs/sources/userguide/dockervolumes.md       | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 93ac37b1cc..fc9a7e0f82 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -71,6 +71,21 @@ read-only.
 Here we've mounted the same `/src/webapp` directory but we've added the `ro`
 option to specify that the mount should be read-only.
 
+### Mount a Host File as a Data Volume
+
+As well as directories, the `-v` flag can be used to mount a single file from the host into a container.
+
+    $ sudo docker run --rm -it -v ~/.bash_history:/.bash_history ubuntu /bin/bash
+
+This will drop you into a bash shell in a new container, you will have your bash history from your host and when 
+you exit the container the host will have the history of the commands typed while in the container.
+
+> **Note:** 
+> The two-way binding of the mounted file will only be preserved as long as the inode doesn't change. Many
+> tools used to edit files including `vi` and `sed --in-place` may result in a inode change. In the case where you
+> want to edit the file, it is often best to mount the parent directory.
+
+
 ## Creating and mounting a Data Volume Container
 
 If you have some persistent data that you want to share between

From 82cbeaf60575f8fadb44c03d5d4b67105581cd6a Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Sat, 5 Jul 2014 03:46:41 +0100
Subject: [PATCH 042/516] Update File mount info for docker v1.1.0

Docker-DCO-1.1-Signed-off-by: Tom Fotherby <github@tomfotherby.com> (github: tomfotherby)
Upstream-commit: 87df57810d39bdd50167338e5ff8d0e6bc6e23e2
Component: engine
---
 .../engine/docs/sources/userguide/dockervolumes.md       | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index fc9a7e0f82..f0725d4ada 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -78,13 +78,12 @@ As well as directories, the `-v` flag can be used to mount a single file from th
     $ sudo docker run --rm -it -v ~/.bash_history:/.bash_history ubuntu /bin/bash
 
 This will drop you into a bash shell in a new container, you will have your bash history from your host and when 
-you exit the container the host will have the history of the commands typed while in the container.
+you exit the container, the host will have the history of the commands typed while in the container.
 
 > **Note:** 
-> The two-way binding of the mounted file will only be preserved as long as the inode doesn't change. Many
-> tools used to edit files including `vi` and `sed --in-place` may result in a inode change. In the case where you
-> want to edit the file, it is often best to mount the parent directory.
-
+> Many tools used to edit files including `vi` and `sed --in-place` may result in a inode change. Since docker v1.1.0
+> this will produce a error such as "*sed: cannot rename ./sedKdJ9Dy: Device or resource busy*". In the case where you
+> want to edit the mounted file, it is often easiest to instead mount the parent directory.
 
 ## Creating and mounting a Data Volume Container
 

From 0fa89bda572878b16ad8efdb30e3f19b32accf7f Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Sat, 5 Jul 2014 16:20:14 -0400
Subject: [PATCH 043/516] docker save: fix the 'repositories' file

For various use cases, the 'repositories' file does not match expected
behavior.

Like,

	docker save busybox:latest | tar t

Before:

	[...]
	busybox:latest/
	busybox:latest/VERSION
	busybox:latest/json
	busybox:latest/layer.tar
	# note, the layer name, and lack of 'repositories' file

Now:

	[...]
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/VERSION
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/json
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/layer.tar
	repositories
	# and the repositories file is correct for the single tagged
	# image.
	#> {"busybox":{"latest":"a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721"}}

and

	docker save a9eb17255234 | tar t

Before:
	[...]
	a9eb17255234/
	a9eb17255234/VERSION
	a9eb17255234/json
	a9eb17255234/layer.tar
	# Note the truncated layer name

Now:
	[...]
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/VERSION
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/json
	a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/layer.tar
	# There is no 'repositories' file, because there is no named repo

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: ac392bc0d775455f71da3c71956f9f6ae7a87f6d
Component: engine
---
 components/engine/server/server.go | 35 +++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 7e453a3f0f..0d083ad9a4 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -351,29 +351,52 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status {
 
 	utils.Debugf("Serializing %s", name)
 
+	rootRepoMap := map[string]graph.Repository{}
 	rootRepo, err := srv.daemon.Repositories().Get(name)
 	if err != nil {
 		return job.Error(err)
 	}
 	if rootRepo != nil {
+		// this is a base repo name, like 'busybox'
+
 		for _, id := range rootRepo {
 			if err := srv.exportImage(job.Eng, id, tempdir); err != nil {
 				return job.Error(err)
 			}
 		}
-
-		// write repositories
-		rootRepoMap := map[string]graph.Repository{}
 		rootRepoMap[name] = rootRepo
+	} else {
+		img, err := srv.daemon.Repositories().LookupImage(name)
+		if err != nil {
+			return job.Error(err)
+		}
+		if img != nil {
+			// This is a named image like 'busybox:latest'
+			repoName, repoTag := utils.ParseRepositoryTag(name)
+			if err := srv.exportImage(job.Eng, img.ID, tempdir); err != nil {
+				return job.Error(err)
+			}
+			// check this length, because a lookup of a truncated has will not have a tag
+			// and will not need to be added to this map
+			if len(repoTag) > 0 {
+				rootRepoMap[repoName] = graph.Repository{repoTag: img.ID}
+			}
+		} else {
+			// this must be an ID that didn't get looked up just right?
+			if err := srv.exportImage(job.Eng, name, tempdir); err != nil {
+				return job.Error(err)
+			}
+		}
+	}
+	// write repositories, if there is something to write
+	if len(rootRepoMap) > 0 {
 		rootRepoJson, _ := json.Marshal(rootRepoMap)
 
 		if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil {
 			return job.Error(err)
 		}
 	} else {
-		if err := srv.exportImage(job.Eng, name, tempdir); err != nil {
-			return job.Error(err)
-		}
+		utils.Debugf("There were no repositories to write")
 	}
 
 	fs, err := archive.Tar(tempdir, archive.Uncompressed)

From 8ad8344e9f07a1fe1c3a67217b0dd24fd34e845b Mon Sep 17 00:00:00 2001
From: Ian Bull <irbull@gmail.com>
Date: Thu, 3 Jul 2014 22:40:02 -0700
Subject: [PATCH 044/516] Fix the parent/child relationship in the docs

In the Docker Linking Docs, the parent child relationship
was backwards. The Web container should be able to access
the DB, not other way around. Furthermore, the output of
'docker ps' was wrong (it showed that the DB could access
the Web). This fixes both typos.

Docker-DCO-1.1-Signed-off-by: Ian Bull <irbull@gmail.com> (github: irbull)
Upstream-commit: 29a20672c216e2f8aa90af765ac5c47e3350b3d9
Component: engine
---
 .../engine/docs/sources/userguide/dockerlinks.md       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockerlinks.md b/components/engine/docs/sources/userguide/dockerlinks.md
index 20a5c1a179..91c6cb355b 100644
--- a/components/engine/docs/sources/userguide/dockerlinks.md
+++ b/components/engine/docs/sources/userguide/dockerlinks.md
@@ -149,16 +149,16 @@ Let's look at our linked containers using `docker ps`.
 
     $ docker ps
     CONTAINER ID  IMAGE                     COMMAND               CREATED             STATUS             PORTS                    NAMES
-    349169744e49  training/postgres:latest  su postgres -c '/usr  About a minute ago  Up About a minute  5432/tcp                 db
-    aed84ee21bde  training/webapp:latest    python app.py         16 hours ago        Up 2 minutes       0.0.0.0:49154->5000/tcp  db/web,web
+    349169744e49  training/postgres:latest  su postgres -c '/usr  About a minute ago  Up About a minute  5432/tcp                 db, web/db
+    aed84ee21bde  training/webapp:latest    python app.py         16 hours ago        Up 2 minutes       0.0.0.0:49154->5000/tcp  web
 
-We can see our named containers, `db` and `web`, and we can see that the `web`
-containers also shows `db/web` in the `NAMES` column. This tells us that the
+We can see our named containers, `db` and `web`, and we can see that the `db`
+containers also shows `web/db` in the `NAMES` column. This tells us that the
 `web` container is linked to the `db` container in a parent/child relationship.
 
 So what does linking the containers do? Well we've discovered the link creates
 a parent-child relationship between the two containers. The parent container,
-here `db`, can access information on the child container `web`. To do this
+here `web`, can access information on the child container `db`. To do this
 Docker creates a secure tunnel between the containers without the need to
 expose any ports externally on the container. You'll note when we started the
 `db` container we did not use either of the `-P` or `-p` flags. As we're

From 3c88fb5533ba8ef1754fee0bcc718d3c63794071 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Sun, 6 Jul 2014 15:36:34 +0400
Subject: [PATCH 045/516] Moved last build tests to integration-cli

Also removed skipped tests on "viz" and "tree" because they
blocked integration/buildfile_test.go removing.

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 1d4862b7a2d0c3b0641ce6d539eabecee686c794
Component: engine
---
 .../integration-cli/docker_cli_build_test.go  | 167 +++++++
 .../engine/integration/buildfile_test.go      | 414 ------------------
 .../engine/integration/commands_test.go       | 128 ------
 3 files changed, 167 insertions(+), 542 deletions(-)
 delete mode 100644 components/engine/integration/buildfile_test.go

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 2f2f2b6e0c..df0cfcc88e 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1564,3 +1564,170 @@ func TestDockerignoringDockerfile(t *testing.T) {
 	}
 	logDone("build - test .dockerignore of Dockerfile")
 }
+
+func TestBuildLineBreak(t *testing.T) {
+	name := "testbuildlinebreak"
+	defer deleteImages(name)
+	_, err := buildImage(name,
+		`FROM  busybox
+RUN    sh -c 'echo root:testpass \
+	> /tmp/passwd'
+RUN    mkdir -p /var/run/sshd
+RUN    [ "$(cat /tmp/passwd)" = "root:testpass" ]
+RUN    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - line break with \\")
+}
+
+func TestBuildEOLInLine(t *testing.T) {
+	name := "testbuildeolinline"
+	defer deleteImages(name)
+	_, err := buildImage(name,
+		`FROM   busybox
+RUN    sh -c 'echo root:testpass > /tmp/passwd'
+RUN    echo "foo \n bar"; echo "baz"
+RUN    mkdir -p /var/run/sshd
+RUN    [ "$(cat /tmp/passwd)" = "root:testpass" ]
+RUN    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - end of line in dockerfile instruction")
+}
+
+func TestBuildCommentsShebangs(t *testing.T) {
+	name := "testbuildcomments"
+	defer deleteImages(name)
+	_, err := buildImage(name,
+		`FROM busybox
+# This is an ordinary comment.
+RUN { echo '#!/bin/sh'; echo 'echo hello world'; } > /hello.sh
+RUN [ ! -x /hello.sh ]
+# comment with line break \
+RUN chmod +x /hello.sh
+RUN [ -x /hello.sh ]
+RUN [ "$(cat /hello.sh)" = $'#!/bin/sh\necho hello world' ]
+RUN [ "$(/hello.sh)" = "hello world" ]`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - comments and shebangs")
+}
+
+func TestBuildUsersAndGroups(t *testing.T) {
+	name := "testbuildusers"
+	defer deleteImages(name)
+	_, err := buildImage(name,
+		`FROM busybox
+
+# Make sure our defaults work
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)" = '0:0/root:root' ]
+
+# TODO decide if "args.user = strconv.Itoa(syscall.Getuid())" is acceptable behavior for changeUser in sysvinit instead of "return nil" when "USER" isn't specified (so that we get the proper group list even if that is the empty list, even in the default case of not supplying an explicit USER to run as, which implies USER 0)
+USER root
+RUN [ "$(id -G):$(id -Gn)" = '0 10:root wheel' ]
+
+# Setup dockerio user and group
+RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+RUN echo 'dockerio:x:1001:' >> /etc/group
+
+# Make sure we can switch to our user and all the information is exactly as we expect it to be
+USER dockerio
+RUN id -G
+RUN id -Gn
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+
+# Switch back to root and double check that worked exactly as we might expect it to
+USER root
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '0:0/root:root/0 10:root wheel' ]
+
+# Add a "supplementary" group for our dockerio user
+RUN echo 'supplementary:x:1002:dockerio' >> /etc/group
+
+# ... and then go verify that we get it like we expect
+USER dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001 1002:dockerio supplementary' ]
+USER 1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001 1002:dockerio supplementary' ]
+
+# super test the new "user:group" syntax
+USER dockerio:dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER 1001:dockerio
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER dockerio:1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER 1001:1001
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1001/dockerio:dockerio/1001:dockerio' ]
+USER dockerio:supplementary
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER dockerio:1002
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER 1001:supplementary
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+USER 1001:1002
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1001:1002/dockerio:supplementary/1002:supplementary' ]
+
+# make sure unknown uid/gid still works properly
+USER 1042:1043
+RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/1042:1043/1043:1043' ]`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - users and groups")
+}
+
+func TestBuildEnvUsage(t *testing.T) {
+	name := "testbuildenvusage"
+	defer deleteImages(name)
+	dockerfile := `FROM busybox
+ENV    FOO /foo/baz
+ENV    BAR /bar
+ENV    BAZ $BAR
+ENV    FOOPATH $PATH:$FOO
+RUN    [ "$BAR" = "$BAZ" ]
+RUN    [ "$FOOPATH" = "$PATH:/foo/baz" ]
+ENV	   FROM hello/docker/world
+ENV    TO /docker/world/hello
+ADD    $FROM $TO
+RUN    [ "$(cat $TO)" = "hello" ]`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"hello/docker/world": "hello",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - environment variables usage")
+}
+
+func TestBuildAddScript(t *testing.T) {
+	name := "testbuildaddscript"
+	defer deleteImages(name)
+	dockerfile := `
+FROM busybox
+ADD test /test
+RUN ["chmod","+x","/test"]
+RUN ["/test"]
+RUN [ "$(cat /testfile)" = 'test!' ]`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"test": "#!/bin/sh\necho 'test!' > /testfile",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = buildImageFromContext(name, ctx, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - add and run script")
+}
diff --git a/components/engine/integration/buildfile_test.go b/components/engine/integration/buildfile_test.go
deleted file mode 100644
index 147ae353a2..0000000000
--- a/components/engine/integration/buildfile_test.go
+++ /dev/null
@@ -1,414 +0,0 @@
-package docker
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/server"
-	"github.com/dotcloud/docker/utils"
-)
-
-// A testContextTemplate describes a build context and how to test it
-type testContextTemplate struct {
-	// Contents of the Dockerfile
-	dockerfile string
-	// Additional files in the context, eg [][2]string{"./passwd", "gordon"}
-	files [][2]string
-	// Additional remote files to host on a local HTTP server.
-	remoteFiles [][2]string
-}
-
-func (context testContextTemplate) Archive(dockerfile string, t *testing.T) archive.Archive {
-	input := []string{"Dockerfile", dockerfile}
-	for _, pair := range context.files {
-		input = append(input, pair[0], pair[1])
-	}
-	a, err := archive.Generate(input...)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return a
-}
-
-// A table of all the contexts to build and test.
-// A new docker runtime will be created and torn down for each context.
-var testContexts = []testContextTemplate{
-	{
-		`
-from   {IMAGE}
-run    sh -c 'echo root:testpass > /tmp/passwd'
-run    mkdir -p /var/run/sshd
-run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
-run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
-`,
-		nil,
-		nil,
-	},
-
-	// Exactly the same as above, except uses a line split with a \ to test
-	// multiline support.
-	{
-		`
-from   {IMAGE}
-run    sh -c 'echo root:testpass \
-	> /tmp/passwd'
-run    mkdir -p /var/run/sshd
-run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
-run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
-`,
-		nil,
-		nil,
-	},
-
-	// Line containing literal "\n"
-	{
-		`
-from   {IMAGE}
-run    sh -c 'echo root:testpass > /tmp/passwd'
-run    echo "foo \n bar"; echo "baz"
-run    mkdir -p /var/run/sshd
-run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
-run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
-`,
-		nil,
-		nil,
-	},
-	{
-		`
-from {IMAGE}
-add foo /usr/lib/bla/bar
-run [ "$(cat /usr/lib/bla/bar)" = 'hello' ]
-add http://{SERVERADDR}/baz /usr/lib/baz/quux
-run [ "$(cat /usr/lib/baz/quux)" = 'world!' ]
-`,
-		[][2]string{{"foo", "hello"}},
-		[][2]string{{"/baz", "world!"}},
-	},
-
-	{
-		`
-from {IMAGE}
-add f /
-run [ "$(cat /f)" = "hello" ]
-add f /abc
-run [ "$(cat /abc)" = "hello" ]
-add f /x/y/z
-run [ "$(cat /x/y/z)" = "hello" ]
-add f /x/y/d/
-run [ "$(cat /x/y/d/f)" = "hello" ]
-add d /
-run [ "$(cat /ga)" = "bu" ]
-add d /somewhere
-run [ "$(cat /somewhere/ga)" = "bu" ]
-add d /anotherplace/
-run [ "$(cat /anotherplace/ga)" = "bu" ]
-add d /somewheeeere/over/the/rainbooow
-run [ "$(cat /somewheeeere/over/the/rainbooow/ga)" = "bu" ]
-`,
-		[][2]string{
-			{"f", "hello"},
-			{"d/ga", "bu"},
-		},
-		nil,
-	},
-
-	{
-		`
-from {IMAGE}
-add http://{SERVERADDR}/x /a/b/c
-run [ "$(cat /a/b/c)" = "hello" ]
-add http://{SERVERADDR}/x?foo=bar /
-run [ "$(cat /x)" = "hello" ]
-add http://{SERVERADDR}/x /d/
-run [ "$(cat /d/x)" = "hello" ]
-add http://{SERVERADDR} /e
-run [ "$(cat /e)" = "blah" ]
-`,
-		nil,
-		[][2]string{{"/x", "hello"}, {"/", "blah"}},
-	},
-
-	// Comments, shebangs, and executability, oh my!
-	{
-		`
-FROM {IMAGE}
-# This is an ordinary comment.
-RUN { echo '#!/bin/sh'; echo 'echo hello world'; } > /hello.sh
-RUN [ ! -x /hello.sh ]
-RUN chmod +x /hello.sh
-RUN [ -x /hello.sh ]
-RUN [ "$(cat /hello.sh)" = $'#!/bin/sh\necho hello world' ]
-RUN [ "$(/hello.sh)" = "hello world" ]
-`,
-		nil,
-		nil,
-	},
-
-	// Users and groups
-	{
-		`
-FROM {IMAGE}
-
-# Make sure our defaults work
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)" = '0:0/root:root' ]
-
-# TODO decide if "args.user = strconv.Itoa(syscall.Getuid())" is acceptable behavior for changeUser in sysvinit instead of "return nil" when "USER" isn't specified (so that we get the proper group list even if that is the empty list, even in the default case of not supplying an explicit USER to run as, which implies USER 0)
-USER root
-RUN [ "$(id -G):$(id -Gn)" = '0:root' ]
-
-# Setup dockerio user and group
-RUN echo 'dockerio:x:1000:1000::/bin:/bin/false' >> /etc/passwd
-RUN echo 'dockerio:x:1000:' >> /etc/group
-
-# Make sure we can switch to our user and all the information is exactly as we expect it to be
-USER dockerio
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000:dockerio' ]
-
-# Switch back to root and double check that worked exactly as we might expect it to
-USER root
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '0:0/root:root/0:root' ]
-
-# Add a "supplementary" group for our dockerio user
-RUN echo 'supplementary:x:1001:dockerio' >> /etc/group
-
-# ... and then go verify that we get it like we expect
-USER dockerio
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000 1001:dockerio supplementary' ]
-USER 1000
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000 1001:dockerio supplementary' ]
-
-# super test the new "user:group" syntax
-USER dockerio:dockerio
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000:dockerio' ]
-USER 1000:dockerio
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000:dockerio' ]
-USER dockerio:1000
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000:dockerio' ]
-USER 1000:1000
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1000/dockerio:dockerio/1000:dockerio' ]
-USER dockerio:supplementary
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1001/dockerio:supplementary/1001:supplementary' ]
-USER dockerio:1001
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1001/dockerio:supplementary/1001:supplementary' ]
-USER 1000:supplementary
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1001/dockerio:supplementary/1001:supplementary' ]
-USER 1000:1001
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1000:1001/dockerio:supplementary/1001:supplementary' ]
-
-# make sure unknown uid/gid still works properly
-USER 1042:1043
-RUN [ "$(id -u):$(id -g)/$(id -un):$(id -gn)/$(id -G):$(id -Gn)" = '1042:1043/1042:1043/1043:1043' ]
-`,
-		nil,
-		nil,
-	},
-
-	// Environment variable
-	{
-		`
-from   {IMAGE}
-env    FOO BAR
-run    [ "$FOO" = "BAR" ]
-`,
-		nil,
-		nil,
-	},
-
-	// Environment overwriting
-	{
-		`
-from   {IMAGE}
-env    FOO BAR
-run    [ "$FOO" = "BAR" ]
-env    FOO BAZ
-run    [ "$FOO" = "BAZ" ]
-`,
-		nil,
-		nil,
-	},
-
-	{
-		`
-from {IMAGE}
-ENTRYPOINT /bin/echo
-CMD Hello world
-`,
-		nil,
-		nil,
-	},
-
-	{
-		`
-from {IMAGE}
-VOLUME /test
-CMD Hello world
-`,
-		nil,
-		nil,
-	},
-
-	{
-		`
-from {IMAGE}
-env    FOO /foo/baz
-env    BAR /bar
-env    BAZ $BAR
-env    FOOPATH $PATH:$FOO
-run    [ "$BAR" = "$BAZ" ]
-run    [ "$FOOPATH" = "$PATH:/foo/baz" ]
-`,
-		nil,
-		nil,
-	},
-
-	{
-		`
-from {IMAGE}
-env    FOO /bar
-env    TEST testdir
-env    BAZ /foobar
-add    testfile $BAZ/
-add    $TEST $FOO
-run    [ "$(cat /foobar/testfile)" = "test1" ]
-run    [ "$(cat /bar/withfile)" = "test2" ]
-`,
-		[][2]string{
-			{"testfile", "test1"},
-			{"testdir/withfile", "test2"},
-		},
-		nil,
-	},
-
-	// JSON!
-	{
-		`
-FROM {IMAGE}
-RUN ["/bin/echo","hello","world"]
-CMD ["/bin/true"]
-ENTRYPOINT ["/bin/echo","your command -->"]
-`,
-		nil,
-		nil,
-	},
-	{
-		`
-FROM {IMAGE}
-ADD test /test
-RUN ["chmod","+x","/test"]
-RUN ["/test"]
-RUN [ "$(cat /testfile)" = 'test!' ]
-`,
-		[][2]string{
-			{"test", "#!/bin/sh\necho 'test!' > /testfile"},
-		},
-		nil,
-	},
-	{
-		`
-FROM {IMAGE}
-# what \
-RUN mkdir /testing
-RUN touch /testing/other
-`,
-		nil,
-		nil,
-	},
-}
-
-// FIXME: test building with 2 successive overlapping ADD commands
-
-func constructDockerfile(template string, ip net.IP, port string) string {
-	serverAddr := fmt.Sprintf("%s:%s", ip, port)
-	replacer := strings.NewReplacer("{IMAGE}", unitTestImageID, "{SERVERADDR}", serverAddr)
-	return replacer.Replace(template)
-}
-
-func mkTestingFileServer(files [][2]string) (*httptest.Server, error) {
-	mux := http.NewServeMux()
-	for _, file := range files {
-		name, contents := file[0], file[1]
-		mux.HandleFunc(name, func(w http.ResponseWriter, r *http.Request) {
-			w.Write([]byte(contents))
-		})
-	}
-
-	// This is how httptest.NewServer sets up a net.Listener, except that our listener must accept remote
-	// connections (from the container).
-	listener, err := net.Listen("tcp", ":0")
-	if err != nil {
-		return nil, err
-	}
-
-	s := httptest.NewUnstartedServer(mux)
-	s.Listener = listener
-	s.Start()
-	return s, nil
-}
-
-func TestBuild(t *testing.T) {
-	for _, ctx := range testContexts {
-		_, err := buildImage(ctx, t, nil, true)
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-}
-
-func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, useCache bool) (*image.Image, error) {
-	if eng == nil {
-		eng = NewTestEngine(t)
-		runtime := mkDaemonFromEngine(eng, t)
-		// FIXME: we might not need runtime, why not simply nuke
-		// the engine?
-		defer nuke(runtime)
-	}
-	srv := mkServerFromEngine(eng, t)
-
-	httpServer, err := mkTestingFileServer(context.remoteFiles)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer httpServer.Close()
-
-	idx := strings.LastIndex(httpServer.URL, ":")
-	if idx < 0 {
-		t.Fatalf("could not get port from test http server address %s", httpServer.URL)
-	}
-	port := httpServer.URL[idx+1:]
-
-	iIP := eng.Hack_GetGlobalVar("httpapi.bridgeIP")
-	if iIP == nil {
-		t.Fatal("Legacy bridgeIP field not set in engine")
-	}
-	ip, ok := iIP.(net.IP)
-	if !ok {
-		panic("Legacy bridgeIP field in engine does not cast to net.IP")
-	}
-	dockerfile := constructDockerfile(context.dockerfile, ip, port)
-
-	buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, useCache, false, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
-	id, err := buildfile.Build(context.Archive(dockerfile, t))
-	if err != nil {
-		return nil, err
-	}
-
-	job := eng.Job("image_inspect", id)
-	buffer := bytes.NewBuffer(nil)
-	image := &image.Image{}
-	job.Stdout.Add(buffer)
-	if err := job.Run(); err != nil {
-		return nil, err
-	}
-	err = json.NewDecoder(buffer).Decode(image)
-	return image, err
-}
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 47e9860052..28210e7536 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -7,7 +7,6 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
-	"regexp"
 	"strings"
 	"testing"
 	"time"
@@ -15,7 +14,6 @@ import (
 	"github.com/dotcloud/docker/api/client"
 	"github.com/dotcloud/docker/daemon"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/term"
 	"github.com/dotcloud/docker/utils"
 )
@@ -604,132 +602,6 @@ func TestRunErrorBindNonExistingSource(t *testing.T) {
 	})
 }
 
-func TestImagesViz(t *testing.T) {
-	t.Skip("Image viz is deprecated")
-	stdout, stdoutPipe := io.Pipe()
-
-	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-	defer cleanup(globalEngine, t)
-
-	image := buildTestImages(t, globalEngine)
-
-	c := make(chan struct{})
-	go func() {
-		defer close(c)
-		if err := cli.CmdImages("--viz"); err != nil {
-			t.Fatal(err)
-		}
-		stdoutPipe.Close()
-	}()
-
-	setTimeout(t, "Reading command output time out", 2*time.Second, func() {
-		cmdOutputBytes, err := ioutil.ReadAll(bufio.NewReader(stdout))
-		if err != nil {
-			t.Fatal(err)
-		}
-		cmdOutput := string(cmdOutputBytes)
-
-		regexpStrings := []string{
-			"digraph docker {",
-			fmt.Sprintf("base -> \"%s\" \\[style=invis]", unitTestImageIDShort),
-			fmt.Sprintf("label=\"%s\\\\n%s:latest\"", unitTestImageIDShort, unitTestImageName),
-			fmt.Sprintf("label=\"%s\\\\n%s:%s\"", utils.TruncateID(image.ID), "test", "latest"),
-			"base \\[style=invisible]",
-		}
-
-		compiledRegexps := []*regexp.Regexp{}
-		for _, regexpString := range regexpStrings {
-			regexp, err := regexp.Compile(regexpString)
-			if err != nil {
-				fmt.Println("Error in regex string: ", err)
-				return
-			}
-			compiledRegexps = append(compiledRegexps, regexp)
-		}
-
-		for _, regexp := range compiledRegexps {
-			if !regexp.MatchString(cmdOutput) {
-				t.Fatalf("images --viz content '%s' did not match regexp '%s'", cmdOutput, regexp)
-			}
-		}
-	})
-}
-
-func TestImagesTree(t *testing.T) {
-	t.Skip("Image tree is deprecated")
-	stdout, stdoutPipe := io.Pipe()
-
-	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-	defer cleanup(globalEngine, t)
-
-	image := buildTestImages(t, globalEngine)
-
-	c := make(chan struct{})
-	go func() {
-		defer close(c)
-		if err := cli.CmdImages("--tree"); err != nil {
-			t.Fatal(err)
-		}
-		stdoutPipe.Close()
-	}()
-
-	setTimeout(t, "Reading command output time out", 2*time.Second, func() {
-		cmdOutputBytes, err := ioutil.ReadAll(bufio.NewReader(stdout))
-		if err != nil {
-			t.Fatal(err)
-		}
-		cmdOutput := string(cmdOutputBytes)
-		regexpStrings := []string{
-			fmt.Sprintf("└─%s Virtual Size: \\d+.\\d+ MB Tags: %s:latest", unitTestImageIDShort, unitTestImageName),
-			"(?m)   └─[0-9a-f]+.*",
-			"(?m)    └─[0-9a-f]+.*",
-			"(?m)      └─[0-9a-f]+.*",
-			fmt.Sprintf("(?m)^        └─%s Virtual Size: \\d+.\\d+ MB Tags: test:latest", utils.TruncateID(image.ID)),
-		}
-
-		compiledRegexps := []*regexp.Regexp{}
-		for _, regexpString := range regexpStrings {
-			regexp, err := regexp.Compile(regexpString)
-			if err != nil {
-				fmt.Println("Error in regex string: ", err)
-				return
-			}
-			compiledRegexps = append(compiledRegexps, regexp)
-		}
-
-		for _, regexp := range compiledRegexps {
-			if !regexp.MatchString(cmdOutput) {
-				t.Fatalf("images --tree content '%s' did not match regexp '%s'", cmdOutput, regexp)
-			}
-		}
-	})
-}
-
-func buildTestImages(t *testing.T, eng *engine.Engine) *image.Image {
-
-	var testBuilder = testContextTemplate{
-		`
-from   {IMAGE}
-run    sh -c 'echo root:testpass > /tmp/passwd'
-run    mkdir -p /var/run/sshd
-run    [ "$(cat /tmp/passwd)" = "root:testpass" ]
-run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
-`,
-		nil,
-		nil,
-	}
-	image, err := buildImage(testBuilder, t, eng, true)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("tag", image.ID, "test").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	return image
-}
-
 // #2098 - Docker cidFiles only contain short version of the containerId
 //sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
 // TestRunCidFile tests that run --cidfile returns the longid

From 0664d3e7f11cab07dfe036cbf61b453b63f230a1 Mon Sep 17 00:00:00 2001
From: Felix Rabe <felix@rabe.io>
Date: Sun, 6 Jul 2014 14:47:37 +0200
Subject: [PATCH 046/516] run.md: Fix references to cli

There are now no other occurrences of `#cli-` in this document.

TODO: Find other places with wrong links.
Upstream-commit: 95870ef3349920efc981a703d52f5832b79ee18e
Component: engine
---
 components/engine/docs/sources/reference/run.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index a539ab0d18..82fe047cb3 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -11,7 +11,7 @@ its own networking, and its own isolated process tree.  The
 defaults related to the binary to run, the networking to expose, and
 more, but `docker run` gives final control to the operator who starts
 the container from the image. That's the main reason
-[*run*](/reference/commandline/cli/#cli-run) has more options than any
+[*run*](/reference/commandline/cli/#run) has more options than any
 other `docker` command.
 
 ## General Form
@@ -21,7 +21,7 @@ The basic `docker run` command takes this form:
     $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...]
 
 To learn how to interpret the types of `[OPTIONS]`,
-see [*Option types*](/reference/commandline/cli/#cli-options).
+see [*Option types*](/reference/commandline/cli/#option-types).
 
 The list of `[OPTIONS]` breaks down into two groups:
 

From 10fd0b6403aa37ff070b29a0fafdd46bfd684797 Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Mon, 7 Jul 2014 12:01:04 +0100
Subject: [PATCH 047/516] Reformat to keep line length within 80 characters

Docker-DCO-1.1-Signed-off-by: Tom Fotherby <github@tomfotherby.com> (github: tomfotherby)
Upstream-commit: ebbfdf0a0f99aac67b8ad5d789d8a400be346c30
Component: engine
---
 .../docs/sources/userguide/dockervolumes.md      | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index f0725d4ada..959a01c502 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -73,17 +73,21 @@ option to specify that the mount should be read-only.
 
 ### Mount a Host File as a Data Volume
 
-As well as directories, the `-v` flag can be used to mount a single file from the host into a container.
+As well as directories, the `-v` flag can be used to mount a single file from 
+the host into a container.
 
     $ sudo docker run --rm -it -v ~/.bash_history:/.bash_history ubuntu /bin/bash
 
-This will drop you into a bash shell in a new container, you will have your bash history from your host and when 
-you exit the container, the host will have the history of the commands typed while in the container.
+This will drop you into a bash shell in a new container, you will have your bash 
+history from your host and when you exit the container, the host will have the 
+history of the commands typed while in the container.
 
 > **Note:** 
-> Many tools used to edit files including `vi` and `sed --in-place` may result in a inode change. Since docker v1.1.0
-> this will produce a error such as "*sed: cannot rename ./sedKdJ9Dy: Device or resource busy*". In the case where you
-> want to edit the mounted file, it is often easiest to instead mount the parent directory.
+> Many tools used to edit files including `vi` and `sed --in-place` may result 
+> in a inode change. Since docker v1.1.0 this will produce a error such as
+> "*sed: cannot rename ./sedKdJ9Dy: Device or resource busy*". In the case where 
+> you want to edit the mounted file, it is often easiest to instead mount the 
+> parent directory.
 
 ## Creating and mounting a Data Volume Container
 

From e2109c74a840159acba113eaa2b9d7c774e8b677 Mon Sep 17 00:00:00 2001
From: Andrea Turli <andrea.turli@gmail.com>
Date: Mon, 7 Jul 2014 15:14:41 +0200
Subject: [PATCH 048/516] add jclouds-docker client reference

Docker-DCO-1.1-Signed-off-by: Andrea Turli <andrea.turli@gmail.com> (github: andreaturli)

Docker-DCO-1.1-Signed-off-by: Andrea Turli <andrea.turli@gmail.com> (github: )
Upstream-commit: 2f13d3a8e541b918135ea0bf0153f56927dd0511
Component: engine
---
 .../sources/reference/api/remote_api_client_libraries.md    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/engine/docs/sources/reference/api/remote_api_client_libraries.md b/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
index 3dcebeedaa..8f50804368 100644
--- a/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
+++ b/components/engine/docs/sources/reference/api/remote_api_client_libraries.md
@@ -146,5 +146,11 @@ will add the libraries here.
       <td><a class="reference external" href="https://github.com/gesellix-docker/docker-client">https://github.com/gesellix-docker/docker-client</a></td>
       <td>Active</td>
     </tr>
+    <tr class="row-even">
+      <td>Java</td>
+      <td>jclouds-docker</td>
+      <td><a class="reference external" href="https://github.com/jclouds/jclouds-labs/tree/master/docker">https://github.com/jclouds/jclouds-labs/tree/master/docker</a></td>
+      <td>Active</td>
+    </tr>
   </tbody>
 </table>

From 199170408689259c4a3853a3cb0c5498fe4787c5 Mon Sep 17 00:00:00 2001
From: Chewey <prosto-chewey@users.noreply.github.com>
Date: Mon, 7 Jul 2014 17:52:18 +0400
Subject: [PATCH 049/516] Update running_riak_service.md Upstream-commit:
 963ee6ce795ae6608ee9acce4bc6298356d7f02f Component: engine

---
 components/engine/docs/sources/examples/running_riak_service.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/examples/running_riak_service.md b/components/engine/docs/sources/examples/running_riak_service.md
index 5909b7e2b0..59dba00639 100644
--- a/components/engine/docs/sources/examples/running_riak_service.md
+++ b/components/engine/docs/sources/examples/running_riak_service.md
@@ -14,7 +14,7 @@ Create an empty file called `Dockerfile`:
     $ touch Dockerfile
 
 Next, define the parent image you want to use to build your image on top
-of. We'll use [Ubuntu](https://registry.hub.docker.cm/_/ubuntu/) (tag:
+of. We'll use [Ubuntu](https://registry.hub.docker.com/_/ubuntu/) (tag:
 `latest`), which is available on [Docker Hub](https://hub.docker.com):
 
     # Riak

From 9eda104cfe22b136f6d5bf800700503a49fe0ace Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 08:09:25 -0600
Subject: [PATCH 050/516] Fix the systemd socket activation socket permissions

Fixes #6836

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 3589f5b9c2d9e5cb6d057713aa8d591295c5f523
Component: engine
---
 .../contrib/init/systemd/socket-activation/docker.socket       | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/contrib/init/systemd/socket-activation/docker.socket b/components/engine/contrib/init/systemd/socket-activation/docker.socket
index 3635c89385..9db5049150 100644
--- a/components/engine/contrib/init/systemd/socket-activation/docker.socket
+++ b/components/engine/contrib/init/systemd/socket-activation/docker.socket
@@ -3,6 +3,9 @@ Description=Docker Socket for the API
 
 [Socket]
 ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
 
 [Install]
 WantedBy=sockets.target

From 1107c3c89fdae1d67310168b8de0772de967ba0a Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 08:32:09 -0600
Subject: [PATCH 051/516] Update the Travis GitHub username regex to match the
 GitHub username requirements

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: e895817ad72c681b265bc647d18f201ceced90c5
Component: engine
---
 components/engine/hack/make/validate-dco | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/components/engine/hack/make/validate-dco b/components/engine/hack/make/validate-dco
index 6dbbe2250f..6e915c9aab 100644
--- a/components/engine/hack/make/validate-dco
+++ b/components/engine/hack/make/validate-dco
@@ -9,13 +9,22 @@ notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')"
 : ${adds:=0}
 : ${dels:=0}
 
+# "Username may only contain alphanumeric characters or dashes and cannot begin with a dash"
+githubUsernameRegex='[a-zA-Z][a-zA-Z-]+'
+
+# https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work
+dcoPrefix='Docker-DCO-1.1-Signed-off-by:'
+dcoRegex="^$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)> \\(github: ($githubUsernameRegex)\\)$"
+
+check_dco() {
+	grep -qE "$dcoRegex"
+}
+
 if [ $adds -eq 0 -a $dels -eq 0 ]; then
 	echo '0 adds, 0 deletions; nothing to validate! :)'
 elif [ -z "$notDocs" -a $adds -le 1 -a $dels -le 1 ]; then
 	echo 'Congratulations!  DCO small-patch-exception material!'
 else
-	dcoPrefix='Docker-DCO-1.1-Signed-off-by:'
-	dcoRegex="^$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)> \\(github: (\S+)\\)$"
 	commits=( $(validate_log --format='format:%H%n') )
 	badCommits=()
 	for commit in "${commits[@]}"; do
@@ -23,7 +32,7 @@ else
 			# no content (ie, Merge commit, etc)
 			continue
 		fi
-		if ! git log -1 --format='format:%B' "$commit" | grep -qE "$dcoRegex"; then
+		if ! git log -1 --format='format:%B' "$commit" | check_dco; then
 			badCommits+=( "$commit" )
 		fi
 	done

From 03141b4b87ea1c9a3c2a9d7b0d9dfddf51d35987 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 09:57:50 -0600
Subject: [PATCH 052/516] Fix DCO parsing for numeric github handles like
 cpuguy83

Turns out, "alphanumeric" actually means both "alpha" AND "numeric". Dur.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: bbbf64242726dee184f82b3bb355327c9c85b274
Component: engine
---
 components/engine/hack/make/validate-dco | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/make/validate-dco b/components/engine/hack/make/validate-dco
index 6e915c9aab..8b7812982d 100644
--- a/components/engine/hack/make/validate-dco
+++ b/components/engine/hack/make/validate-dco
@@ -10,7 +10,7 @@ notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')"
 : ${dels:=0}
 
 # "Username may only contain alphanumeric characters or dashes and cannot begin with a dash"
-githubUsernameRegex='[a-zA-Z][a-zA-Z-]+'
+githubUsernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
 
 # https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work
 dcoPrefix='Docker-DCO-1.1-Signed-off-by:'

From 2f832eb65798b264f0b084c21a3352aa9fa5b485 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 10:04:23 -0600
Subject: [PATCH 053/516] Update Travis to use pretty Docker-based workers

These start up much faster and the only caveat is that we can't use "sudo" (which we don't currently use anyhow).

Also, I've updated the Go version here to match what's in the Dockerfile.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 3e2ad6ffee68be7f3462fd1311408c7880cd8d88
Component: engine
---
 components/engine/.travis.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index ae03d6cde5..1e8d41184c 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -3,7 +3,12 @@
 
 language: go
 
-go: 1.2
+# This should match the version in the Dockerfile.
+go: 1.2.1
+
+# Let us have pretty experimental Docker-based Travis workers.
+# (These spin up much faster than the VM-based ones.)
+sudo: false
 
 # Disable the normal go build.
 install: true

From e6a7274d4cd6fecc517c05c0eba3562951573603 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 10:35:38 -0600
Subject: [PATCH 054/516] Standardize "curl" arguments across the repo to be or
 include "-sSL"

- https://botbot.me/freenode/docker-dev/msg/17315692/
- https://botbot.me/freenode/docker-dev/msg/17315994/

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 9f61e233c6da72f692190f1f5eb672341253f3e7
Component: engine
---
 components/engine/CONTRIBUTING.md                           | 2 +-
 components/engine/Dockerfile                                | 2 +-
 components/engine/README.md                                 | 2 +-
 components/engine/contrib/mkimage-alpine.sh                 | 4 ++--
 .../engine/docs/sources/examples/running_riak_service.md    | 2 +-
 components/engine/docs/sources/installation/google.md       | 2 +-
 components/engine/docs/sources/installation/ubuntulinux.md  | 4 ++--
 components/engine/hack/RELEASE-CHECKLIST.md                 | 2 +-
 components/engine/hack/install.sh                           | 6 +++---
 components/engine/hack/release.sh                           | 5 ++++-
 10 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index d07b972eb7..cd673b9980 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -175,7 +175,7 @@ One way to automate this, is customise your get ``commit.template`` by adding
 a ``prepare-commit-msg`` hook to your docker checkout:
 
 ```
-curl -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
+curl -sSL -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
 ```
 
 * Note: the above script expects to find your GitHub user name in ``git config --get github.user``
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 283e0a3262..d2e32a4ae5 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -60,7 +60,7 @@ RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # Install Go
-RUN	curl -s https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
+RUN	curl -sSL https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
 ENV	GOPATH	/go:/go/src/github.com/dotcloud/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
diff --git a/components/engine/README.md b/components/engine/README.md
index 3c378de6f4..08d839c3cc 100644
--- a/components/engine/README.md
+++ b/components/engine/README.md
@@ -133,7 +133,7 @@ Here's a typical Docker build process:
 FROM ubuntu:12.04
 RUN apt-get update
 RUN apt-get install -q -y python python-pip curl
-RUN curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
+RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
 RUN cd helloflask-master && pip install -r requirements.txt
 ```
 
diff --git a/components/engine/contrib/mkimage-alpine.sh b/components/engine/contrib/mkimage-alpine.sh
index 0bf328efa9..b9869ae61e 100755
--- a/components/engine/contrib/mkimage-alpine.sh
+++ b/components/engine/contrib/mkimage-alpine.sh
@@ -19,12 +19,12 @@ tmp() {
 }
 
 apkv() {
-	curl -s $REPO/$ARCH/APKINDEX.tar.gz | tar -Oxz |
+	curl -sSL $REPO/$ARCH/APKINDEX.tar.gz | tar -Oxz |
 		grep '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2
 }
 
 getapk() {
-	curl -s $REPO/$ARCH/apk-tools-static-$(apkv).apk |
+	curl -sSL $REPO/$ARCH/apk-tools-static-$(apkv).apk |
 		tar -xz -C $TMP sbin/apk.static
 }
 
diff --git a/components/engine/docs/sources/examples/running_riak_service.md b/components/engine/docs/sources/examples/running_riak_service.md
index 5909b7e2b0..b2f9d99c49 100644
--- a/components/engine/docs/sources/examples/running_riak_service.md
+++ b/components/engine/docs/sources/examples/running_riak_service.md
@@ -59,7 +59,7 @@ After that, we install and setup a few dependencies:
 
 Next, we add Basho's APT repository:
 
-    RUN curl -s http://apt.basho.com/gpg/basho.apt.key | apt-key add --
+    RUN curl -sSL http://apt.basho.com/gpg/basho.apt.key | apt-key add --
     RUN echo "deb http://apt.basho.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/basho.list
     RUN apt-get update
 
diff --git a/components/engine/docs/sources/installation/google.md b/components/engine/docs/sources/installation/google.md
index b6c1b3d275..6c1e9b4f50 100644
--- a/components/engine/docs/sources/installation/google.md
+++ b/components/engine/docs/sources/installation/google.md
@@ -12,7 +12,7 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput
 2. Download and configure the [Google Cloud SDK][3] to use your
    project with the following commands:
 
-        $ curl https://sdk.cloud.google.com | bash
+        $ curl -sSL https://sdk.cloud.google.com | bash
         $ gcloud auth login
         $ gcloud config set project <google-cloud-project-id>
 
diff --git a/components/engine/docs/sources/installation/ubuntulinux.md b/components/engine/docs/sources/installation/ubuntulinux.md
index 5d1b6c3fbf..5ddc791f4f 100644
--- a/components/engine/docs/sources/installation/ubuntulinux.md
+++ b/components/engine/docs/sources/installation/ubuntulinux.md
@@ -63,7 +63,7 @@ continue installation.*
 >
 > There is also a simple `curl` script available to help with this process.
 >
->     $ curl -s https://get.docker.io/ubuntu/ | sudo sh
+>     $ curl -sSL https://get.docker.io/ubuntu/ | sudo sh
 
 To verify that everything has worked as expected:
 
@@ -134,7 +134,7 @@ continue installation.*
 > 
 > There is also a simple `curl` script available to help with this process.
 > 
->     $ curl -s https://get.docker.io/ubuntu/ | sudo sh
+>     $ curl -sSL https://get.docker.io/ubuntu/ | sudo sh
 
 Now verify that the installation has worked by downloading the
 `ubuntu` image and launching a container.
diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index 2fe1a3ce96..6dbff22bc4 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -181,7 +181,7 @@ Announcing on IRC in both `#docker` and `#docker-dev` is a great way to get
 help testing!  An easy way to get some useful links for sharing:
 
 ```bash
-echo "Ubuntu/Debian install script: curl -sLS https://test.docker.io/ | sh"
+echo "Ubuntu/Debian: https://test.docker.io/ubuntu or curl -sSL https://test.docker.io/ | sh"
 echo "Linux 64bit binary: https://test.docker.io/builds/Linux/x86_64/docker-${VERSION#v}"
 echo "Darwin/OSX 64bit client binary: https://test.docker.io/builds/Darwin/x86_64/docker-${VERSION#v}"
 echo "Darwin/OSX 32bit client binary: https://test.docker.io/builds/Darwin/i386/docker-${VERSION#v}"
diff --git a/components/engine/hack/install.sh b/components/engine/hack/install.sh
index 43248cf2c0..641ec64155 100755
--- a/components/engine/hack/install.sh
+++ b/components/engine/hack/install.sh
@@ -2,7 +2,7 @@
 set -e
 #
 # This script is meant for quick & easy install via:
-#   'curl -sL https://get.docker.io/ | sh'
+#   'curl -sSL https://get.docker.io/ | sh'
 # or:
 #   'wget -qO- https://get.docker.io/ | sh'
 #
@@ -54,7 +54,7 @@ fi
 
 curl=''
 if command_exists curl; then
-	curl='curl -sL'
+	curl='curl -sSL'
 elif command_exists wget; then
 	curl='wget -qO-'
 elif command_exists busybox && busybox --list-modules | grep -q wget; then
@@ -133,7 +133,7 @@ case "$lsb_dist" in
 		if [ -z "$curl" ]; then
 			apt_get_update
 			( set -x; $sh_c 'sleep 3; apt-get install -y -q curl' )
-			curl='curl -sL'
+			curl='curl -sSL'
 		fi
 		(
 			set -x
diff --git a/components/engine/hack/release.sh b/components/engine/hack/release.sh
index 8642a4edb9..2a6b3992ef 100755
--- a/components/engine/hack/release.sh
+++ b/components/engine/hack/release.sh
@@ -282,10 +282,13 @@ if [ ! -e /usr/lib/apt/methods/https ]; then
 	apt-get update
 	apt-get install -y apt-transport-https
 fi
+
 # Add the repository to your APT sources
 echo deb $(s3_url)/ubuntu docker main > /etc/apt/sources.list.d/docker.list
+
 # Then import the repository key
 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+
 # Install docker
 apt-get update ; apt-get install -y lxc-docker
 
@@ -318,7 +321,7 @@ release_binaries() {
 
 	cat <<EOF | write_to_s3 s3://$BUCKET/builds/index
 # To install, run the following command as root:
-curl -O $(s3_url)/builds/Linux/x86_64/docker-$VERSION && chmod +x docker-$VERSION && sudo mv docker-$VERSION /usr/local/bin/docker
+curl -sSL -O $(s3_url)/builds/Linux/x86_64/docker-$VERSION && chmod +x docker-$VERSION && sudo mv docker-$VERSION /usr/local/bin/docker
 # Then start docker in daemon mode:
 sudo /usr/local/bin/docker -d
 EOF

From 3c148b5823184dccccfa565d2d7180674311cb82 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 10:50:48 -0600
Subject: [PATCH 055/516] Update Makefile to default BINDDIR to nothing if
 DOCKER_HOST is set

If "DOCKER_HOST" is set, we can usually assume the user is connecting to a remote Docker and thus not bind mount anything by default (meaning the Makefile will more often DWIM for our users).

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: c2653b0a9ed4b371342fc2019c56d9433197171e
Component: engine
---
 components/engine/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/Makefile b/components/engine/Makefile
index 2d07b39c3b..444ac3c6a6 100644
--- a/components/engine/Makefile
+++ b/components/engine/Makefile
@@ -1,7 +1,8 @@
 .PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration test-integration-cli validate
 
 # to allow `make BINDDIR=. shell` or `make BINDDIR= test`
-BINDDIR := bundles
+# (default to no bind mount if DOCKER_HOST is set)
+BINDDIR := $(if $(DOCKER_HOST),,bundles)
 # to allow `make DOCSPORT=9000 docs`
 DOCSPORT := 8000
 

From b15cf92d6a388a69654202b9bed80db782b96f98 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 7 Jul 2014 14:58:27 -0400
Subject: [PATCH 056/516] docker save: more integration tests

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 600f65b24786d15a382877da4c3ae77d88e252bb
Component: engine
---
 .../docker_cli_save_load_test.go              | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_save_load_test.go b/components/engine/integration-cli/docker_cli_save_load_test.go
index fb94cad9d8..c70769e034 100644
--- a/components/engine/integration-cli/docker_cli_save_load_test.go
+++ b/components/engine/integration-cli/docker_cli_save_load_test.go
@@ -59,6 +59,63 @@ func TestSaveAndLoadRepoStdout(t *testing.T) {
 	logDone("load - load a repo using stdout")
 }
 
+func TestSaveSingleTag(t *testing.T) {
+	repoName := "foobar-save-single-tag-test"
+
+	tagCmdFinal := fmt.Sprintf("%v tag busybox:latest %v:latest", dockerBinary, repoName)
+	tagCmd := exec.Command("bash", "-c", tagCmdFinal)
+	out, _, err := runCommandWithOutput(tagCmd)
+	errorOut(err, t, fmt.Sprintf("failed to tag repo: %v %v", out, err))
+
+	idCmdFinal := fmt.Sprintf("%v images -q --no-trunc %v", dockerBinary, repoName)
+	idCmd := exec.Command("bash", "-c", idCmdFinal)
+	out, _, err = runCommandWithOutput(idCmd)
+	errorOut(err, t, fmt.Sprintf("failed to get repo ID: %v %v", out, err))
+
+	cleanedImageID := stripTrailingCharacters(out)
+
+	saveCmdFinal := fmt.Sprintf("%v save %v:latest | tar t | grep -E '(^repositories$|%v)'", dockerBinary, repoName, cleanedImageID)
+	saveCmd := exec.Command("bash", "-c", saveCmdFinal)
+	out, _, err = runCommandWithOutput(saveCmd)
+	errorOut(err, t, fmt.Sprintf("failed to save repo with image ID and 'repositories' file: %v %v", out, err))
+
+	deleteImages(repoName)
+
+	logDone("save - save a specific image:tag")
+}
+
+func TestSaveImageId(t *testing.T) {
+	repoName := "foobar-save-image-id-test"
+
+	tagCmdFinal := fmt.Sprintf("%v tag scratch:latest %v:latest", dockerBinary, repoName)
+	tagCmd := exec.Command("bash", "-c", tagCmdFinal)
+	out, _, err := runCommandWithOutput(tagCmd)
+	errorOut(err, t, fmt.Sprintf("failed to tag repo: %v %v", out, err))
+
+	idLongCmdFinal := fmt.Sprintf("%v images -q --no-trunc %v", dockerBinary, repoName)
+	idLongCmd := exec.Command("bash", "-c", idLongCmdFinal)
+	out, _, err = runCommandWithOutput(idLongCmd)
+	errorOut(err, t, fmt.Sprintf("failed to get repo ID: %v %v", out, err))
+
+	cleanedLongImageID := stripTrailingCharacters(out)
+
+	idShortCmdFinal := fmt.Sprintf("%v images -q %v", dockerBinary, repoName)
+	idShortCmd := exec.Command("bash", "-c", idShortCmdFinal)
+	out, _, err = runCommandWithOutput(idShortCmd)
+	errorOut(err, t, fmt.Sprintf("failed to get repo short ID: %v %v", out, err))
+
+	cleanedShortImageID := stripTrailingCharacters(out)
+
+	saveCmdFinal := fmt.Sprintf("%v save %v | tar t | grep %v", dockerBinary, cleanedShortImageID, cleanedLongImageID)
+	saveCmd := exec.Command("bash", "-c", saveCmdFinal)
+	out, _, err = runCommandWithOutput(saveCmd)
+	errorOut(err, t, fmt.Sprintf("failed to save repo with image ID: %v %v", out, err))
+
+	deleteImages(repoName)
+
+	logDone("save - save a image by ID")
+}
+
 // save a repo and try to load it using flags
 func TestSaveAndLoadRepoFlags(t *testing.T) {
 	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true")

From 41890809ceafe7655564eb2fc8ec28be7763413a Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Sun, 6 Jul 2014 10:38:30 +0000
Subject: [PATCH 057/516] We haven't required lxc and aufs for years now...

Well, maybe not years, but internet years...

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: ea583fda97617a349ef026dd2d99a0d5e4b0980d
Component: engine
---
 components/engine/hack/ROADMAP.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/hack/ROADMAP.md b/components/engine/hack/ROADMAP.md
index c38be56f44..ff797b380c 100644
--- a/components/engine/hack/ROADMAP.md
+++ b/components/engine/hack/ROADMAP.md
@@ -31,9 +31,9 @@ We are working on a plugin API which will make Docker very, very customization-f
 
 ## Broader kernel support
 
-Our goal is to make Docker run everywhere, but currently Docker requires Linux version 3.8 or higher with lxc and aufs support. If you’re deploying new machines for the purpose of running Docker, this is a fairly easy requirement to meet. However, if you’re adding Docker to an existing deployment, you may not have the flexibility to update and patch the kernel.
+Our goal is to make Docker run everywhere, but currently Docker requires Linux version 3.8 or higher with cgroups support. If you’re deploying new machines for the purpose of running Docker, this is a fairly easy requirement to meet. However, if you’re adding Docker to an existing deployment, you may not have the flexibility to update and patch the kernel.
 
-Expanding Docker’s kernel support is a priority. This includes running on older kernel versions, but also on kernels with no AUFS support, or with incomplete lxc capabilities.
+Expanding Docker’s kernel support is a priority. This includes running on older kernel versions, specifically focusing on versions already popular in server deployments such as those used by RHEL and the OpenVZ stack.
 
 
 ## Cross-architecture support

From f220709916e1ea4e50f7fbb6f81d5941bbabd37a Mon Sep 17 00:00:00 2001
From: Guilherme Salgado <gsalgado@gmail.com>
Date: Wed, 2 Jul 2014 10:01:19 +0200
Subject: [PATCH 058/516] Convert TestGetImagesJSON into several unit tests

Docker-DCO-1.1-Signed-off-by: Guilherme Salgado <gsalgado@gmail.com> (github: gsalgado)
Upstream-commit: 627805f5f8895c3a3887c312f7b8f49a89e51732
Component: engine
---
 .../engine/api/server/server_unit_test.go     | 172 ++++++++++++++++--
 components/engine/integration/api_test.go     | 104 -----------
 2 files changed, 157 insertions(+), 119 deletions(-)

diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index f8068a29c5..c51ea6fc0d 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -7,11 +7,13 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"reflect"
 	"strings"
 	"testing"
 
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/version"
 )
 
 func TestGetBoolParam(t *testing.T) {
@@ -111,8 +113,105 @@ func TestGetInfo(t *testing.T) {
 	if v.GetInt("Containers") != 1 {
 		t.Fatalf("%#v\n", v)
 	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
+	assertContentType(r, "application/json", t)
+}
+
+func TestGetImagesJSON(t *testing.T) {
+	eng := engine.New()
+	var called bool
+	eng.Register("images", func(job *engine.Job) engine.Status {
+		called = true
+		v := createEnvFromGetImagesJSONStruct(sampleImage)
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+	r := serveRequest("GET", "/images/json", nil, eng, t)
+	if !called {
+		t.Fatal("handler was not called")
+	}
+	assertHttpNotError(r, t)
+	assertContentType(r, "application/json", t)
+	var observed getImagesJSONStruct
+	if err := json.Unmarshal(r.Body.Bytes(), &observed); err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(observed, sampleImage) {
+		t.Errorf("Expected %#v but got %#v", sampleImage, observed)
+	}
+}
+
+func TestGetImagesJSONFilter(t *testing.T) {
+	eng := engine.New()
+	filter := "nothing"
+	eng.Register("images", func(job *engine.Job) engine.Status {
+		filter = job.Getenv("filter")
+		return engine.StatusOK
+	})
+	serveRequest("GET", "/images/json?filter=aaaa", nil, eng, t)
+	if filter != "aaaa" {
+		t.Errorf("%#v", filter)
+	}
+}
+
+func TestGetImagesJSONFilters(t *testing.T) {
+	eng := engine.New()
+	filter := "nothing"
+	eng.Register("images", func(job *engine.Job) engine.Status {
+		filter = job.Getenv("filters")
+		return engine.StatusOK
+	})
+	serveRequest("GET", "/images/json?filters=nnnn", nil, eng, t)
+	if filter != "nnnn" {
+		t.Errorf("%#v", filter)
+	}
+}
+
+func TestGetImagesJSONAll(t *testing.T) {
+	eng := engine.New()
+	allFilter := "-1"
+	eng.Register("images", func(job *engine.Job) engine.Status {
+		allFilter = job.Getenv("all")
+		return engine.StatusOK
+	})
+	serveRequest("GET", "/images/json?all=1", nil, eng, t)
+	if allFilter != "1" {
+		t.Errorf("%#v", allFilter)
+	}
+}
+
+func TestGetImagesJSONLegacyFormat(t *testing.T) {
+	eng := engine.New()
+	var called bool
+	eng.Register("images", func(job *engine.Job) engine.Status {
+		called = true
+		outsLegacy := engine.NewTable("Created", 0)
+		outsLegacy.Add(createEnvFromGetImagesJSONStruct(sampleImage))
+		if _, err := outsLegacy.WriteListTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+	r := serveRequestUsingVersion("GET", "/images/json", "1.6", nil, eng, t)
+	if !called {
+		t.Fatal("handler was not called")
+	}
+	assertHttpNotError(r, t)
+	assertContentType(r, "application/json", t)
+	images := engine.NewTable("Created", 0)
+	if _, err := images.ReadListFrom(r.Body.Bytes()); err != nil {
+		t.Fatal(err)
+	}
+	if images.Len() != 1 {
+		t.Fatalf("Expected 1 image, %d found", images.Len())
+	}
+	image := images.Data[0]
+	if image.Get("Tag") != "test-tag" {
+		t.Errorf("Expected tag 'test-tag', found '%s'", image.Get("Tag"))
+	}
+	if image.Get("Repository") != "test-name" {
+		t.Errorf("Expected repository 'test-name', found '%s'", image.Get("Repository"))
 	}
 }
 
@@ -123,12 +222,12 @@ func TestGetContainersByName(t *testing.T) {
 	eng.Register("container_inspect", func(job *engine.Job) engine.Status {
 		called = true
 		if job.Args[0] != name {
-			t.Fatalf("name != '%s': %#v", name, job.Args[0])
+			t.Errorf("name != '%s': %#v", name, job.Args[0])
 		}
 		if api.APIVERSION.LessThan("1.12") && !job.GetenvBool("dirty") {
-			t.Fatal("dirty env variable not set")
+			t.Errorf("dirty env variable not set")
 		} else if api.APIVERSION.GreaterThanOrEqualTo("1.12") && job.GetenvBool("dirty") {
-			t.Fatal("dirty env variable set when it shouldn't")
+			t.Errorf("dirty env variable set when it shouldn't")
 		}
 		v := &engine.Env{}
 		v.SetBool("dirty", true)
@@ -141,9 +240,7 @@ func TestGetContainersByName(t *testing.T) {
 	if !called {
 		t.Fatal("handler was not called")
 	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
-	}
+	assertContentType(r, "application/json", t)
 	var stdoutJson interface{}
 	if err := json.Unmarshal(r.Body.Bytes(), &stdoutJson); err != nil {
 		t.Fatalf("%#v", err)
@@ -178,21 +275,19 @@ func TestGetEvents(t *testing.T) {
 	if !called {
 		t.Fatal("handler was not called")
 	}
-	if r.HeaderMap.Get("Content-Type") != "application/json" {
-		t.Fatalf("%#v\n", r)
-	}
+	assertContentType(r, "application/json", t)
 	var stdout_json struct {
 		Since int
 		Until int
 	}
 	if err := json.Unmarshal(r.Body.Bytes(), &stdout_json); err != nil {
-		t.Fatalf("%#v", err)
+		t.Fatal(err)
 	}
 	if stdout_json.Since != 1 {
-		t.Fatalf("since != 1: %#v", stdout_json.Since)
+		t.Errorf("since != 1: %#v", stdout_json.Since)
 	}
 	if stdout_json.Until != 0 {
-		t.Fatalf("until != 0: %#v", stdout_json.Until)
+		t.Errorf("until != 0: %#v", stdout_json.Until)
 	}
 }
 
@@ -357,12 +452,16 @@ func TestGetImagesByName(t *testing.T) {
 }
 
 func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
+	return serveRequestUsingVersion(method, target, api.APIVERSION, body, eng, t)
+}
+
+func serveRequestUsingVersion(method, target string, version version.Version, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
 	r := httptest.NewRecorder()
 	req, err := http.NewRequest(method, target, body)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := ServeRequest(eng, version, r, req); err != nil {
 		t.Fatal(err)
 	}
 	return r
@@ -388,3 +487,46 @@ func toJson(data interface{}, t *testing.T) io.Reader {
 	}
 	return &buf
 }
+
+func assertContentType(recorder *httptest.ResponseRecorder, content_type string, t *testing.T) {
+	if recorder.HeaderMap.Get("Content-Type") != content_type {
+		t.Fatalf("%#v\n", recorder)
+	}
+}
+
+// XXX: Duplicated from integration/utils_test.go, but maybe that's OK as that
+// should die as soon as we converted all integration tests?
+// assertHttpNotError expect the given response to not have an error.
+// Otherwise the it causes the test to fail.
+func assertHttpNotError(r *httptest.ResponseRecorder, t *testing.T) {
+	// Non-error http status are [200, 400)
+	if r.Code < http.StatusOK || r.Code >= http.StatusBadRequest {
+		t.Fatal(fmt.Errorf("Unexpected http error: %v", r.Code))
+	}
+}
+
+func createEnvFromGetImagesJSONStruct(data getImagesJSONStruct) *engine.Env {
+	v := &engine.Env{}
+	v.SetList("RepoTags", data.RepoTags)
+	v.Set("Id", data.Id)
+	v.SetInt64("Created", data.Created)
+	v.SetInt64("Size", data.Size)
+	v.SetInt64("VirtualSize", data.VirtualSize)
+	return v
+}
+
+type getImagesJSONStruct struct {
+	RepoTags    []string
+	Id          string
+	Created     int64
+	Size        int64
+	VirtualSize int64
+}
+
+var sampleImage getImagesJSONStruct = getImagesJSONStruct{
+	RepoTags:    []string{"test-name:test-tag"},
+	Id:          "ID",
+	Created:     999,
+	Size:        777,
+	VirtualSize: 666,
+}
diff --git a/components/engine/integration/api_test.go b/components/engine/integration/api_test.go
index f5e5599e3f..0da96ccd1e 100644
--- a/components/engine/integration/api_test.go
+++ b/components/engine/integration/api_test.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
 	"time"
 
@@ -20,109 +19,6 @@ import (
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
-func TestGetImagesJSON(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	job := eng.Job("images")
-	initialImages, err := job.Stdout.AddListTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	req, err := http.NewRequest("GET", "/images/json?all=0", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	r := httptest.NewRecorder()
-
-	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r, t)
-
-	images := engine.NewTable("Created", 0)
-	if _, err := images.ReadListFrom(r.Body.Bytes()); err != nil {
-		t.Fatal(err)
-	}
-
-	if images.Len() != initialImages.Len() {
-		t.Errorf("Expected %d image, %d found", initialImages.Len(), images.Len())
-	}
-
-	found := false
-	for _, img := range images.Data {
-		if strings.Contains(img.GetList("RepoTags")[0], unitTestImageName) {
-			found = true
-			break
-		}
-	}
-	if !found {
-		t.Errorf("Expected image %s, %+v found", unitTestImageName, images)
-	}
-
-	r2 := httptest.NewRecorder()
-
-	// all=1
-
-	initialImages = getAllImages(eng, t)
-
-	req2, err := http.NewRequest("GET", "/images/json?all=true", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := server.ServeRequest(eng, api.APIVERSION, r2, req2); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r2, t)
-
-	images2 := engine.NewTable("Id", 0)
-	if _, err := images2.ReadListFrom(r2.Body.Bytes()); err != nil {
-		t.Fatal(err)
-	}
-
-	if images2.Len() != initialImages.Len() {
-		t.Errorf("Expected %d image, %d found", initialImages.Len(), images2.Len())
-	}
-
-	found = false
-	for _, img := range images2.Data {
-		if img.Get("Id") == unitTestImageID {
-			found = true
-			break
-		}
-	}
-	if !found {
-		t.Errorf("Retrieved image Id differs, expected %s, received %+v", unitTestImageID, images2)
-	}
-
-	r3 := httptest.NewRecorder()
-
-	// filter=a
-	req3, err := http.NewRequest("GET", "/images/json?filter=aaaaaaaaaa", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := server.ServeRequest(eng, api.APIVERSION, r3, req3); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r3, t)
-
-	images3 := engine.NewTable("Id", 0)
-	if _, err := images3.ReadListFrom(r3.Body.Bytes()); err != nil {
-		t.Fatal(err)
-	}
-
-	if images3.Len() != 0 {
-		t.Errorf("Expected 0 image, %d found", images3.Len())
-	}
-}
-
 func TestGetContainersJSON(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkDaemonFromEngine(eng, t).Nuke()

From c0012fb00af7887f7bb569cbb6c1c3a560869a2f Mon Sep 17 00:00:00 2001
From: Roberto Gandolfo Hashioka <roberto_hashioka@hotmail.com>
Date: Mon, 7 Jul 2014 13:44:22 -0700
Subject: [PATCH 059/516] Update the footer version with Enterprise and
 Partners sections

Docker-DCO-1.1-Signed-off-by: Roberto Hashioka <roberto.hashioka@docker.com> (github: rogaha)
Upstream-commit: fd66e7746519ab32bf3f6f336052a4ff763e213b
Component: engine
---
 .../engine/docs/theme/mkdocs/footer.html      | 49 ++++++++++++-------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/footer.html b/components/engine/docs/theme/mkdocs/footer.html
index 1e2d73cf14..0b887b82d0 100644
--- a/components/engine/docs/theme/mkdocs/footer.html
+++ b/components/engine/docs/theme/mkdocs/footer.html
@@ -1,13 +1,13 @@
 <div id="footer-container" class="container">
   <div id="footer" class="grey-body">
     <div class="row">
-      <div class="span3">
+      <div class="span2">
         <span class="footer-title">Community</span>
         <ul class="unstyled">
-          <li><a class="primary-button" href="http://www.docker.com/community/events/">Events</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/community/events/">Events</a></li>
           <li><a class="primary-button" href="http://posts.docker.com">Friends' Posts</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/community/meetups/">Meetups</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/community/governance/">Governance</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/community/meetups/">Meetups</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/community/governance/">Governance</a></li>
           <li><a class="primary-button" href="http://forums.docker.com">Forums</a></li>
           <li><a class="primary-button" href="http://botbot.me/freenode/docker">IRC</a></li>
           <li><a class="primary-button" href="https://github.com/dotcloud/docker">GitHub</a></li>
@@ -15,28 +15,41 @@
           <li><a class="primary-button" href="http://www.cafepress.com/docker">Swag</a></li>
         </ul>
       </div>
-      <div class="span3">
+      <div class="span2">
+        <span class="footer-title">Enterprise</span>
+        <ul class="unstyled">
+          <li><a class="primary-button" href="https://www.docker.com/enterprise/support/">Support</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/enterprise/education/">Education</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/enterprise/services/">Services</a></li>
+        </ul>
+        <span class="footer-title">Partner Solutions</span>
+        <ul class="unstyled">
+          <li><a class="primary-button" href="https://www.docker.com/partners/find/">Find a Partner</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/partners/program/">Partner Program</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/partners/learn/">Learn More</a></li>
+        </ul>
+      </div>
+      <div class="span2">
         <span class="footer-title">Resources</span>
         <ul class="unstyled">
           <li><a class="primary-button" href="https://docs.docker.com">Documentation</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/help/">Help</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/education/">Education</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/partners/">Partners</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/services/">Services</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/howtobuy/">How To Buy</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/resources/help/">Help</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/resources/usecases/">Use Cases</a></li>
+          <li><a class="primary-button" href="http://www.docker.com/tryit/">Online Tutorial</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/resources/howtobuy/">How To Buy</a></li>
           <li><a class="primary-button" href="http://status.docker.com">Status</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/resources/security/">Security</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/resources/security/">Security</a></li>
         </ul>
       </div>
-      <div class="span3">
+      <div class="span2">
         <span class="footer-title">Company</span>
         <ul class="unstyled">
-          <li><a class="primary-button" href="http://www.docker.com/company/aboutus/">About Us</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/company/team/">Team</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/company/news/">News</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/company/press/">Press</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/company/careers/">Careers</a></li>
-          <li><a class="primary-button" href="http://www.docker.com/company/contact/">Contact</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/aboutus/">About Us</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/team/">Team</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/news/">News</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/press/">Press</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/careers/">Careers</a></li>
+          <li><a class="primary-button" href="https://www.docker.com/company/contact/">Contact</a></li>
         </ul>
       </div>
       <div class="span3">

From 0544edc315ccc0bc940b6b35f178e808dc0f3469 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Mon, 7 Jul 2014 23:09:42 +0000
Subject: [PATCH 060/516] Add repo/tag parsing on the daemon for pull and
 import

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 714b63d1be55f468f0cb6b06c88924a941110175
Component: engine
---
 components/engine/api/client/commands.go | 32 +++++++++++++-----------
 components/engine/api/server/server.go   | 11 ++++++--
 2 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 787a2bdc7d..77e1ccc8fb 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1052,16 +1052,19 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 		return nil
 	}
 
-	var src, repository, tag string
+	var (
+		v          = url.Values{}
+		src        = cmd.Arg(0)
+		repository = cmd.Arg(1)
+	)
+
+	v.Set("fromSrc", src)
+	v.Set("repo", repository)
 
 	if cmd.NArg() == 3 {
 		fmt.Fprintf(cli.err, "[DEPRECATED] The format 'URL|- [REPOSITORY [TAG]]' as been deprecated. Please use URL|- [REPOSITORY[:TAG]]\n")
-		src, repository, tag = cmd.Arg(0), cmd.Arg(1), cmd.Arg(2)
-	} else {
-		src = cmd.Arg(0)
-		repository, tag = utils.ParseRepositoryTag(cmd.Arg(1))
+		v.Set("tag", cmd.Arg(2))
 	}
-	v := url.Values{}
 
 	if repository != "" {
 		//Check if the given image name can be resolved
@@ -1070,10 +1073,6 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 		}
 	}
 
-	v.Set("repo", repository)
-	v.Set("tag", tag)
-	v.Set("fromSrc", src)
-
 	var in io.Reader
 
 	if src == "-" {
@@ -1159,12 +1158,18 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 		cmd.Usage()
 		return nil
 	}
+	var (
+		v      = url.Values{}
+		remote = cmd.Arg(0)
+	)
+
+	v.Set("fromImage", remote)
 
-	remote, parsedTag := utils.ParseRepositoryTag(cmd.Arg(0))
 	if *tag == "" {
-		*tag = parsedTag
+		v.Set("tag", *tag)
 	}
 
+	remote, _ = utils.ParseRepositoryTag(remote)
 	// Resolve the Repository name from fqn to hostname + name
 	hostname, _, err := registry.ResolveRepositoryName(remote)
 	if err != nil {
@@ -1175,9 +1180,6 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 
 	// Resolve the Auth config relevant for this server
 	authConfig := cli.configFile.ResolveAuthConfig(hostname)
-	v := url.Values{}
-	v.Set("fromImage", remote)
-	v.Set("tag", *tag)
 
 	pull := func(authConfig registry.AuthConfig) error {
 		buf, err := json.Marshal(authConfig)
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index b3a0590fda..6d6ed3e773 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -468,6 +468,7 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon
 
 	var (
 		image = r.Form.Get("fromImage")
+		repo  = r.Form.Get("repo")
 		tag   = r.Form.Get("tag")
 		job   *engine.Job
 	)
@@ -482,18 +483,24 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon
 		}
 	}
 	if image != "" { //pull
+		if tag == "" {
+			image, tag = utils.ParseRepositoryTag(image)
+		}
 		metaHeaders := map[string][]string{}
 		for k, v := range r.Header {
 			if strings.HasPrefix(k, "X-Meta-") {
 				metaHeaders[k] = v
 			}
 		}
-		job = eng.Job("pull", r.Form.Get("fromImage"), tag)
+		job = eng.Job("pull", image, tag)
 		job.SetenvBool("parallel", version.GreaterThan("1.3"))
 		job.SetenvJson("metaHeaders", metaHeaders)
 		job.SetenvJson("authConfig", authConfig)
 	} else { //import
-		job = eng.Job("import", r.Form.Get("fromSrc"), r.Form.Get("repo"), tag)
+		if tag == "" {
+			repo, tag = utils.ParseRepositoryTag(repo)
+		}
+		job = eng.Job("import", r.Form.Get("fromSrc"), repo, tag)
 		job.Stdin.Add(r.Body)
 	}
 

From 2e4164d0babfd66a555d38add68d51c9d3337614 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 17:14:31 -0600
Subject: [PATCH 061/516] Update contrib/mkimage/debootstrap to add
 "sqeeze-lts" to "oldstable" as well

Note that the archive does _not_ have a symlink from oldstable-lts to squeeze-lts, hence the change from using "${suite}" to not using it in here and just using the string "squeeze-lts" directly regardless of whether we're building a "squeeze" image or an "oldstable" image.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: a6f19955506bd51ae5f6de57ff3ce7976fa7db27
Component: engine
---
 components/engine/contrib/mkimage/debootstrap | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/contrib/mkimage/debootstrap b/components/engine/contrib/mkimage/debootstrap
index 96d22ddddc..6f0cadd3c9 100755
--- a/components/engine/contrib/mkimage/debootstrap
+++ b/components/engine/contrib/mkimage/debootstrap
@@ -123,9 +123,9 @@ if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
 					" "$rootfsDir/etc/apt/sources.list"
 					echo "deb http://security.debian.org $suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
 					# LTS
-					if [ "$suite" = 'squeeze' ]; then
+					if [ "$suite" = 'squeeze' -o "$suite" = 'oldstable' ]; then
 						head -1 "$rootfsDir/etc/apt/sources.list" \
-							| sed "s/ $suite / ${suite}-lts /" \
+							| sed "s/ $suite / squeeze-lts /" \
 								>> "$rootfsDir/etc/apt/sources.list"
 					fi
 				)

From 843b374f7ed8214109afe1b12acb53bc4820c43c Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Mon, 7 Jul 2014 10:28:53 +1000
Subject: [PATCH 062/516] Don't make the user get a container alreayd exists
 error

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 6a9c6d3bf12982ca31e0b38cd323073b44c98456
Component: engine
---
 components/engine/docs/sources/userguide/dockerlinks.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockerlinks.md b/components/engine/docs/sources/userguide/dockerlinks.md
index 91c6cb355b..bfbcdb3bd6 100644
--- a/components/engine/docs/sources/userguide/dockerlinks.md
+++ b/components/engine/docs/sources/userguide/dockerlinks.md
@@ -116,8 +116,8 @@ We can also use `docker inspect` to return the container's name.
 
 > **Note:** 
 > Container names have to be unique. That means you can only call
-> one container `web`. If you want to re-use a container name you must delete the
-> old container with the `docker rm` command before you can create a new
+> one container `web`. If you want to re-use a container name you must delete
+> the old container with the `docker rm` command before you can create a new
 > container with the same name. As an alternative you can use the `--rm`
 > flag with the `docker run` command. This will delete the container
 > immediately after it stops.
@@ -133,6 +133,11 @@ container, this one a database.
 Here we've created a new container called `db` using the `training/postgres`
 image, which contains a PostgreSQL database.
 
+We need to delete the `web` container we created previously so we can replace it
+with a linked one:
+
+    $ docker rm -f web
+
 Now let's create a new `web` container and link it with our `db` container.
 
     $ sudo docker run -d -P --name web --link db:db training/webapp python app.py

From 7cc3436ee37242f498006d0bd4c937a8c95289ad Mon Sep 17 00:00:00 2001
From: SeongJae Park <sj38.park@gmail.com>
Date: Tue, 8 Jul 2014 14:50:57 +0900
Subject: [PATCH 063/516] understanding-docker: Use consistent term

Term 'service' was used together with 'daemon'. It would be better to use the term 'daemon' solely because most part of documentation are using the term.
Upstream-commit: 14ffde2d8c67065a24930e0ac0844099cbc2cfa8
Component: engine
---
 .../engine/docs/sources/introduction/understanding-docker.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/introduction/understanding-docker.md b/components/engine/docs/sources/introduction/understanding-docker.md
index 18b8d5926a..8cdab02c4c 100644
--- a/components/engine/docs/sources/introduction/understanding-docker.md
+++ b/components/engine/docs/sources/introduction/understanding-docker.md
@@ -79,7 +79,7 @@ Docker uses a client-server architecture. The Docker *client* talks to the
 Docker *daemon*, which does the heavy lifting of building, running, and
 distributing your Docker containers. Both the Docker client and the daemon *can*
 run on the same system, or you can connect a Docker client to a remote Docker
-daemon. The Docker client and service communicate via sockets or through a
+daemon. The Docker client and daemon communicate via sockets or through a
 RESTful API.
 
 ![Docker Architecture Diagram](/article-img/architecture.svg)

From 1cc255b83d635554bcaa3387783b2337b5c305d7 Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Tue, 8 Jul 2014 10:01:26 +0100
Subject: [PATCH 064/516] Typo fix

Docker-DCO-1.1-Signed-off-by: Tom Fotherby <github@tomfotherby.com> (github: tomfotherby)
Upstream-commit: a247b63aa18a31cc2aeb8e32c06b040a47764d0b
Component: engine
---
 components/engine/docs/sources/userguide/dockervolumes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 959a01c502..cf504e3343 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -84,7 +84,7 @@ history of the commands typed while in the container.
 
 > **Note:** 
 > Many tools used to edit files including `vi` and `sed --in-place` may result 
-> in a inode change. Since docker v1.1.0 this will produce a error such as
+> in an inode change. Since docker v1.1.0 this will produce an error such as
 > "*sed: cannot rename ./sedKdJ9Dy: Device or resource busy*". In the case where 
 > you want to edit the mounted file, it is often easiest to instead mount the 
 > parent directory.

From eea97055fbc66e3bf57c536d074615cf3938360a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 8 Jul 2014 12:23:08 -0700
Subject: [PATCH 065/516] Revert "allow overwrite in untar"

This reverts commit 5a3d774e5651da772a065282a1fb1a31e19e911c.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 10d066c9cbc074a72ef3bb4f06a39b691a155082
Component: engine
---
 components/engine/archive/archive.go      | 15 ++++++---------
 components/engine/archive/archive_test.go |  3 ---
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 8d8b7412cc..b9701b58af 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -383,8 +383,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 //  identity (uncompressed), gzip, bzip2, xz.
 // If `dest` does not exist, it is created unless there are multiple entries in `archive`.
 // In the latter case, an error is returned.
-// If `dest` is an existing file, it gets overwritten.
-// If `dest` is an existing directory, its files get merged (with overwrite for conflicting files).
+// An other error is returned if `dest` exists but is not a directory, to prevent overwriting.
 func Untar(archive io.Reader, dest string, options *TarOptions) error {
 	if archive == nil {
 		return fmt.Errorf("Empty archive")
@@ -400,7 +399,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 
 	var (
 		dirs            []*tar.Header
-		create          bool
+		destNotExist    bool
 		multipleEntries bool
 	)
 
@@ -409,10 +408,9 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			return err
 		}
 		// destination does not exist, so it is assumed it has to be created.
-		create = true
+		destNotExist = true
 	} else if !fi.IsDir() {
-		// destination exists and is not a directory, so it will be overwritten.
-		create = true
+		return fmt.Errorf("Trying to untar to `%s`: exists but not a directory", dest)
 	}
 
 	// Iterate through the files in the archive.
@@ -427,7 +425,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 		}
 
 		// Return an error if destination needs to be created and there is more than 1 entry in the tar stream.
-		if create && multipleEntries {
+		if destNotExist && multipleEntries {
 			return fmt.Errorf("Trying to untar an archive with multiple entries to an inexistant target `%s`: did you mean `%s` instead?", dest, filepath.Dir(dest))
 		}
 
@@ -447,7 +445,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 		}
 
 		var path string
-		if create {
+		if destNotExist {
 			path = dest // we are renaming hdr.Name to dest
 		} else {
 			path = filepath.Join(dest, hdr.Name)
@@ -467,7 +465,6 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 				}
 			}
 		}
-
 		if err := createTarFile(path, dest, hdr, tr, options == nil || !options.NoLchown); err != nil {
 			return err
 		}
diff --git a/components/engine/archive/archive_test.go b/components/engine/archive/archive_test.go
index 1b5e146965..e05cd72e49 100644
--- a/components/engine/archive/archive_test.go
+++ b/components/engine/archive/archive_test.go
@@ -176,9 +176,6 @@ func TestTarUntarFile(t *testing.T) {
 	if err := ioutil.WriteFile(path.Join(origin, "before", "file"), []byte("hello world"), 0700); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(path.Join(origin, "after", "file2"), []byte("please overwrite me"), 0700); err != nil {
-		t.Fatal(err)
-	}
 
 	tar, err := TarWithOptions(path.Join(origin, "before"), &TarOptions{Compression: Uncompressed, Includes: []string{"file"}})
 	if err != nil {

From c916fa43d09cda60a6bcd6bafea71d94a35d5f1d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 8 Jul 2014 12:26:59 -0700
Subject: [PATCH 066/516] Revert "improve untar when using files instead of
 directories. Specifies behavior on non-existant targets."

This reverts commit 1c8d3106df0bd2aba304c7b3863949ca11c2b133.

Conflicts:
	archive/archive_test.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 4b1a464ac106b413fc773869adea9c89a08aee3a
Component: engine
---
 components/engine/archive/archive.go      | 37 +++-------------------
 components/engine/archive/archive_test.go | 38 -----------------------
 2 files changed, 4 insertions(+), 71 deletions(-)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index b9701b58af..2ba62f5363 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -378,12 +378,10 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 }
 
 // Untar reads a stream of bytes from `archive`, parses it as a tar archive,
-// and unpacks it into the directory at `dest`.
+// and unpacks it into the directory at `path`.
 // The archive may be compressed with one of the following algorithms:
 //  identity (uncompressed), gzip, bzip2, xz.
-// If `dest` does not exist, it is created unless there are multiple entries in `archive`.
-// In the latter case, an error is returned.
-// An other error is returned if `dest` exists but is not a directory, to prevent overwriting.
+// FIXME: specify behavior when target path exists vs. doesn't exist.
 func Untar(archive io.Reader, dest string, options *TarOptions) error {
 	if archive == nil {
 		return fmt.Errorf("Empty archive")
@@ -397,21 +395,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 
 	tr := tar.NewReader(decompressedArchive)
 
-	var (
-		dirs            []*tar.Header
-		destNotExist    bool
-		multipleEntries bool
-	)
-
-	if fi, err := os.Lstat(dest); err != nil {
-		if !os.IsNotExist(err) {
-			return err
-		}
-		// destination does not exist, so it is assumed it has to be created.
-		destNotExist = true
-	} else if !fi.IsDir() {
-		return fmt.Errorf("Trying to untar to `%s`: exists but not a directory", dest)
-	}
+	var dirs []*tar.Header
 
 	// Iterate through the files in the archive.
 	for {
@@ -424,11 +408,6 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			return err
 		}
 
-		// Return an error if destination needs to be created and there is more than 1 entry in the tar stream.
-		if destNotExist && multipleEntries {
-			return fmt.Errorf("Trying to untar an archive with multiple entries to an inexistant target `%s`: did you mean `%s` instead?", dest, filepath.Dir(dest))
-		}
-
 		// Normalize name, for safety and for a simple is-root check
 		hdr.Name = filepath.Clean(hdr.Name)
 
@@ -444,12 +423,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			}
 		}
 
-		var path string
-		if destNotExist {
-			path = dest // we are renaming hdr.Name to dest
-		} else {
-			path = filepath.Join(dest, hdr.Name)
-		}
+		path := filepath.Join(dest, hdr.Name)
 
 		// If path exits we almost always just want to remove and replace it
 		// The only exception is when it is a directory *and* the file from
@@ -469,9 +443,6 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			return err
 		}
 
-		// Successfully added an entry. Predicting multiple entries for next iteration (not current one).
-		multipleEntries = true
-
 		// Directory mtimes must be handled at the end to avoid further
 		// file creation in them to modify the directory mtime
 		if hdr.Typeflag == tar.TypeDir {
diff --git a/components/engine/archive/archive_test.go b/components/engine/archive/archive_test.go
index e05cd72e49..61ee0af8e7 100644
--- a/components/engine/archive/archive_test.go
+++ b/components/engine/archive/archive_test.go
@@ -160,44 +160,6 @@ func TestTarWithOptions(t *testing.T) {
 	}
 }
 
-func TestTarUntarFile(t *testing.T) {
-	origin, err := ioutil.TempDir("", "docker-test-untar-origin-file")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(origin)
-
-	if err := os.MkdirAll(path.Join(origin, "before"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := os.MkdirAll(path.Join(origin, "after"), 0700); err != nil {
-		t.Fatal(err)
-	}
-	if err := ioutil.WriteFile(path.Join(origin, "before", "file"), []byte("hello world"), 0700); err != nil {
-		t.Fatal(err)
-	}
-
-	tar, err := TarWithOptions(path.Join(origin, "before"), &TarOptions{Compression: Uncompressed, Includes: []string{"file"}})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := Untar(tar, path.Join(origin, "after", "file2"), nil); err != nil {
-		t.Fatal(err)
-	}
-
-	catCmd := exec.Command("cat", path.Join(origin, "after", "file2"))
-	out, err := CmdStream(catCmd, nil)
-	if err != nil {
-		t.Fatalf("Failed to start command: %s", err)
-	}
-	if output, err := ioutil.ReadAll(out); err != nil {
-		t.Error(err)
-	} else if string(output) != "hello world" {
-		t.Fatalf("Expected 'hello world', got '%s'", output)
-	}
-}
-
 // Some tar archives such as http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
 // use PAX Global Extended Headers.
 // Failing prevents the archives from being uncompressed during ADD

From 34644f5fc55287fa9586976979e5f25ba7084af4 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Mon, 7 Jul 2014 11:47:06 -0400
Subject: [PATCH 067/516] Add event logs for pause/unpuase

Fixes #6856

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: e1ec91fc582f10d57025e39f0f7e7d6695f7454e
Component: engine
---
 .../integration-cli/docker_cli_events_test.go | 30 ++++++++++++++++++-
 components/engine/server/server.go            |  2 ++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index b9d184c09e..c82322c779 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -1,12 +1,14 @@
 package main
 
 import (
+	"fmt"
 	"os/exec"
 	"strings"
 	"testing"
+	"time"
 )
 
-func TestCLIGetEvents(t *testing.T) {
+func TestCLIGetEventsUntag(t *testing.T) {
 	out, _, _ := cmd(t, "images", "-q")
 	image := strings.Split(out, "\n")[0]
 	cmd(t, "tag", image, "utest:tag1")
@@ -27,3 +29,29 @@ func TestCLIGetEvents(t *testing.T) {
 	}
 	logDone("events - untags are logged")
 }
+
+func TestCLIGetEventsPause(t *testing.T) {
+	out, _, _ := cmd(t, "images", "-q")
+	image := strings.Split(out, "\n")[0]
+	cmd(t, "run", "-d", "--name", "testeventpause", image, "sleep", "2")
+	cmd(t, "pause", "testeventpause")
+	cmd(t, "unpause", "testeventpause")
+	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
+	out, _, _ = runCommandWithOutput(eventsCmd)
+	events := strings.Split(out, "\n")
+	if len(events) <= 1 {
+		t.Fatalf("Missing expected event")
+	}
+
+	pauseEvent := strings.Fields(events[len(events)-3])
+	unpauseEvent := strings.Fields(events[len(events)-2])
+
+	if pauseEvent[len(pauseEvent)-1] != "pause" {
+		t.Fatalf("event should be pause, not %#v", pauseEvent)
+	}
+	if unpauseEvent[len(unpauseEvent)-1] != "unpause" {
+		t.Fatalf("event should be pause, not %#v", unpauseEvent)
+	}
+
+	logDone("events - pause/unpause is logged")
+}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 7e453a3f0f..bca763f16d 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -183,6 +183,7 @@ func (srv *Server) ContainerPause(job *engine.Job) engine.Status {
 	if err := container.Pause(); err != nil {
 		return job.Errorf("Cannot pause container %s: %s", name, err)
 	}
+	srv.LogEvent("pause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
 	return engine.StatusOK
 }
 
@@ -198,6 +199,7 @@ func (srv *Server) ContainerUnpause(job *engine.Job) engine.Status {
 	if err := container.Unpause(); err != nil {
 		return job.Errorf("Cannot unpause container %s: %s", name, err)
 	}
+	srv.LogEvent("unpause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
 	return engine.StatusOK
 }
 

From ff37e700fcf17339b1b873f41aa54b3d2df1675c Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Tue, 8 Jul 2014 15:34:04 -0400
Subject: [PATCH 068/516] Tests for ADD tar

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: cfa4999d695d98f30d942460576d5f9c03a64d92
Component: engine
---
 .../build_tests/TestBuildAddTar/1/Dockerfile  |   3 ++
 .../build_tests/TestBuildAddTar/1/test.tar    | Bin 0 -> 2560 bytes
 .../build_tests/TestBuildAddTar/2/Dockerfile  |   3 ++
 .../build_tests/TestBuildAddTar/2/test.tar    | Bin 0 -> 2560 bytes
 .../integration-cli/docker_cli_build_test.go  |  32 ++++++++++++++++++
 5 files changed, 38 insertions(+)
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/1/test.tar
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
new file mode 100644
index 0000000000..2091b0e4d9
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
@@ -0,0 +1,3 @@
+FROM busybox
+ADD test.tar /test.tar
+RUN cat /test.tar/test/foo
diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/1/test.tar b/components/engine/integration-cli/build_tests/TestBuildAddTar/1/test.tar
new file mode 100644
index 0000000000000000000000000000000000000000..33639c647642cce352588cd4f13c021a0b222455
GIT binary patch
literal 2560
zcmeH^K?=k$2t~7=Q+R`M8WXQD*XTe4T?Ja_{$rYUGtle;h3ZC(V!rRow93=<4MgM+
zz?B?p#(}n4pSFP4;6r3aW(L%P$U*2Ut8V|UGA=4j=1*Q4AL>|2jsAW|IZ^`}lb32q
t@jvC<Q<U<ERQ*2j-~ajVk-P)!DeBmLbN}D-;~-(#2p9n)U<7VN;0Ma)EL;Ep

literal 0
HcmV?d00001

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
new file mode 100644
index 0000000000..830e9ddbee
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
@@ -0,0 +1,3 @@
+FROM busybox
+ADD test.tar /
+RUN cat /test/foo
diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar b/components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar
new file mode 100644
index 0000000000000000000000000000000000000000..33639c647642cce352588cd4f13c021a0b222455
GIT binary patch
literal 2560
zcmeH^K?=k$2t~7=Q+R`M8WXQD*XTe4T?Ja_{$rYUGtle;h3ZC(V!rRow93=<4MgM+
zz?B?p#(}n4pSFP4;6r3aW(L%P$U*2Ut8V|UGA=4j=1*Q4AL>|2jsAW|IZ^`}lb32q
t@jvC<Q<U<ERQ*2j-~ajVk-P)!DeBmLbN}D-;~-(#2p9n)U<7VN;0Ma)EL;Ep

literal 0
HcmV?d00001

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index df0cfcc88e..039423e06c 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1731,3 +1731,35 @@ RUN [ "$(cat /testfile)" = 'test!' ]`
 	}
 	logDone("build - add and run script")
 }
+
+func TestBuildAddTar(t *testing.T) {
+
+	checkOutput := func(out string) {
+		n := -1
+		x := ""
+		for i, line := range strings.Split(out, "\n") {
+			if strings.HasPrefix(line, "Step 2") {
+				n = i + 2
+				x = line[strings.Index(line, "cat ")+4:]
+			}
+			if i == n {
+				if line != "Hi" {
+					t.Fatalf("Could not find contents of %s (expected 'Hi' got '%s'", x, line)
+				}
+				n = -2
+			}
+		}
+		if n > -2 {
+			t.Fatalf("Could not find contents of %s in build output", x)
+		}
+	}
+
+	for _, n := range []string{"1", "2"} {
+		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar", n)
+		buildCmd := exec.Command(dockerBinary, "build", "-t", "testbuildaddtar", ".")
+		buildCmd.Dir = buildDirectory
+		out, _, err := runCommandWithOutput(buildCmd)
+		errorOut(err, t, fmt.Sprintf("build failed to complete for TestBuildAddTar/%s: %v", n, err))
+		checkOutput(out)
+	}
+}

From 789e6439ebe0e475197c0dae2aab2c9cbd928f75 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Tue, 8 Jul 2014 23:09:22 +0000
Subject: [PATCH 069/516] add hotfix help

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 751c7e0f003e27d7c862ff91ca85f300bfcbf2cc
Component: engine
---
 components/engine/hack/RELEASE-CHECKLIST.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index 2fe1a3ce96..1930b217d9 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -32,8 +32,21 @@ git fetch origin
 git branch -D release || true
 git checkout --track origin/release
 git checkout -b bump_$VERSION
+```
+
+If it's a regular release, we usually merge master
+```bash
 git merge origin/master
 ```
+Otherwise, if it is a hotfix release, we cherry-pick only the commits we want
+```bash
+#get the commits ids we want to cherry-pick
+git log
+#cherry-pick the commits starting from the oldest one, without including merge commits
+git cherry-pick <commit-id>
+git cherry-pick <commit-id>
+...
+```
 
 ### 2. Update CHANGELOG.md
 

From f3b4015ccdbbbca9b3533f88c6c858d24570d3ab Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Mon, 30 Jun 2014 18:28:25 -0700
Subject: [PATCH 070/516] Initial copy edits to builds.md

Revised to match new UI, fixed links, copy edits and improvements.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)

More revisions to builds.md

Corrections to automated build process, copy edits.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)

Edits based on Sonat's feedback

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: 27c34f3eb93ee58d585f8b792659dc2c0464bd0d
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  | 115 +++++++++---------
 1 file changed, 60 insertions(+), 55 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 1d16353990..9c30951ebc 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -3,62 +3,67 @@ page_description: Docker Hub Automated Builds
 page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker Hub, docs, documentation, trusted, builds, trusted builds, automated builds
 # Automated Builds on Docker Hub
 
-## Automated Builds
+## About Automated Builds
 
-*Automated Builds* is a special feature allowing you to specify a source
-repository with a `Dockerfile` to be built by the
-[Docker Hub](https://hub.docker.com) build clusters. The system will
-clone your repository and build the `Dockerfile` using the repository as
-the context. The resulting image will then be uploaded to the registry
-and marked as an *Automated Build*.
+*Automated Builds* are a special feature of Docker Hub which allow you to use
+[Docker Hub's](https://hub.docker.com) build clusters to automatically create images from
+a specified `Dockerfile` and a GitHub or Bitbucket repo (or "context"). The system will
+clone your repository and build the image described by the `Dockerfile` using the
+repository as the context. The resulting automated image will then be uploaded to the
+Docker Hub registry and marked as an *Automated Build*.
 
-Automated Builds have a number of advantages. For example, users of
-*your* Automated Build can be certain that the resulting image was built
-exactly how it claims to be.
+Automated Builds have several advantages:
 
-Furthermore, the `Dockerfile` will be available to anyone browsing your repository
-on the registry. Another advantage of the Automated Builds feature is the automated
-builds. This makes sure that your repository is always up to date.
+* Users of *your* Automated Build can trust that the resulting image was built exactly as
+specified.
 
-Automated Builds are supported for both public and private repositories
-on both [GitHub](http://github.com) and
-[BitBucket](https://bitbucket.org/).
+* The `Dockerfile` will be available to anyone with access to your repository
+on the Docker Hub registry. 
 
-### Setting up Automated Builds with GitHub
+* Because the process is automated, Automated Builds help to make sure that your
+repository is always up to date.
 
-In order to setup an Automated Build, you need to first link your
-[Docker Hub](https://hub.docker.com) account with a GitHub one. This
+Automated Builds are supported for both public and private repositories on both
+[GitHub](http://github.com) and [Bitbucket](https://bitbucket.org/).
+
+To use Automated Builds, you must have an 
+[account on Docker Hub](http://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
+and on GitHub and/or Bitbucket.
+
+## Setting up Automated Builds with GitHub
+
+In order to set up an Automated Build, you need to first link your
+[Docker Hub](https://hub.docker.com) account with a GitHub account. This
 will allow the registry to see your repositories.
 
 > *Note:* 
-> We currently request access for *read* and *write* since
+> Automated Builds currently require *read* and *write* access since
 > [Docker Hub](https://hub.docker.com) needs to setup a GitHub service
-> hook. Although nothing else is done with your account, this is how
-> GitHub manages permissions, sorry!
+> hook. We have no choice here, this is how GitHub manages permissions, sorry! 
+> We do guarantee nothing else will be touched in your account.
 
-Click on the [Automated Builds
-tab](https://registry.hub.docker.com/builds/) to get started and then
-select [+ Add New](https://registry.hub.docker.com/builds/add/).
+To get started, log into your Docker Hub account and click the "+ Add Repository" button
+at the upper right of the screen. Then select
+[Automated Build](https://registry.hub.docker.com/builds/add/).
 
 Select the [GitHub service](https://registry.hub.docker.com/associate/github/).
 
-Then follow the instructions to authorize and link your GitHub account
-to Docker Hub.
+Then follow the onscreen instructions to authorize and link your GitHub account to Docker Hub.
 
-#### Creating an Automated Build
+### Creating an Automated Build
 
 You can [create an Automated Build](https://registry.hub.docker.com/builds/github/select/)
 from any of your public or private GitHub repositories with a `Dockerfile`.
 
-#### GitHub organizations
+### GitHub organizations
 
-GitHub organizations appear once your membership to that organization is
+GitHub organizations will appear once your membership to that organization is
 made public on GitHub. To verify, you can look at the members tab for your
 organization on GitHub.
 
-#### GitHub service hooks
+### GitHub service hooks
 
-You can follow the below steps to configure the GitHub service hooks for your
+Follow the steps below to configure the GitHub service hooks for your
 Automated Build:
 
 <table class="table table-bordered">
@@ -73,65 +78,65 @@ Automated Build:
     <tr>
       <td>1.</td>
       <td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_settings.png"></td>
-      <td>Login to Github.com, and visit your Repository page. Click on the repository "Settings" link. You will need admin rights to the repository in order to do this. So if you don't have admin rights, you will need to ask someone who does.</td>
+      <td>Log in to Github.com, and visit your Repository page. Click on repository "Settings" on the right side of the page. You must have admin privileges to the repository in order to do this.</td>
     </tr>
     <tr>
       <td>2.</td>
       <td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_service_hooks.png" alt="Service Hooks"></td>
-      <td>Click on the "Service Hooks" link</td></tr><tr><td>3.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_docker_service_hook.png" alt="Find the service hook labeled Docker"></td><td>Find the service hook labeled "Docker" and click on it.</td></tr><tr><td>4.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_service_hook_docker_activate.png" alt="Activate Service Hooks"></td>
-      <td>Click on the "Active" checkbox and then the "Update settings" button, to save changes.</td>
+      <td>Click on "Webhooks & Services" on the left side of the page.</td></tr><tr><td>3.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_docker_service_hook.png" alt="Find the service labeled Docker"></td><td>Find the service labeled "Docker" and click on it.</td></tr><tr><td>4.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_service_hook_docker_activate.png" alt="Activate Service Hooks"></td>
+      <td>Make sure the "Active" checkbox is selected and click the "Update service" button to save your changes.</td>
     </tr>
   </tbody>
 </table>
 
-### Setting up Automated Builds with BitBucket
+## Setting up Automated Builds with Bitbucket
 
 In order to setup an Automated Build, you need to first link your
-[Docker Hub](https://hub.docker.com) account with a BitBucket one. This
+[Docker Hub](https://hub.docker.com) account with a Bitbucket account. This
 will allow the registry to see your repositories.
 
-Click on the [Automated Builds tab](https://registry.hub.docker.com/builds/) to
-get started and then select [+ Add
-New](https://registry.hub.docker.com/builds/add/).
+To get started, log into your Docker Hub account and click the "+ Add Repository" button at
+the upper right of the screen. Then select [Automated Build](https://registry.hub.docker.com/builds/add/).
 
-Select the [BitBucket
+Select the [Bitbucket
 service](https://registry.hub.docker.com/associate/bitbucket/).
 
-Then follow the instructions to authorize and link your BitBucket account
+Then follow the onscreen instructions to authorize and link your Bitbucket account
 to Docker Hub.
 
-#### Creating an Automated Build
+### Creating an Automated Build
 
 You can [create an Automated Build](
 https://registry.hub.docker.com/builds/bitbucket/select/) from any of your
-public or private BitBucket repositories with a `Dockerfile`.
+public or private Bitbucket repositories with a `Dockerfile`.
 
-### The Dockerfile and Automated Builds
+## The Dockerfile and Automated Builds
 
 During the build process, we copy the contents of your `Dockerfile`. We also
-add it to the [Docker Hub](https://hub.docker.com) for the Docker community
-to see on the repository page.
+add it to the [Docker Hub](https://hub.docker.com) for the Docker community (for public
+repos) or approved team members/orgs (for private repos) to see on the repository page
+(if your repo is public).
 
-### README.md
+## README.md
 
-If you have a `README.md` file in your repository, we will use that as the
+If you have a `README.md` file in your repository, it will be used as the
 repository's full description.
 
 > **Warning:**
 > If you change the full description after a build, it will be
 > rewritten the next time the Automated Build has been built. To make changes,
-> modify the README.md from the Git repository. We will look for a README.md
-> in the same directory as your `Dockerfile`.
+> modify the `README.md` from the Git repository. The build process will look for a
+> `README.md` in the same directory as your `Dockerfile`.
 
 ### Build triggers
 
-If you need another way to trigger your Automated Builds outside of GitHub
-or BitBucket, you can setup a build trigger. When you turn on the build
+If you need a way to trigger Automated Builds outside of GitHub
+or Bitbucket, you can set up a build trigger. When you turn on the build
 trigger for an Automated Build, it will give you a URL to which you can
-send POST requests. This will trigger the Automated Build process, which
+send POST requests. This will trigger the Automated Build, which
 is similar to GitHub webhooks.
 
-Build Triggers are available under the Settings tab of each Automated Build.
+Build triggers are available under the Settings tab of each Automated Build.
 
 > **Note:** 
 > You can only trigger one build at a time and no more than one

From 13e7613ad02ef7f0bee037d29fd9df137f20f2a1 Mon Sep 17 00:00:00 2001
From: Sam Reis <sreis@atlassian.com>
Date: Fri, 4 Jul 2014 12:47:28 +1000
Subject: [PATCH 071/516] Fix server leaking events

Solves #6843.

Docker-DCO-1.1-Signed-off-by: Samuel Reis <srijs@airpost.net> (github: srijs)
Upstream-commit: 5d4986c755526ad5d249ba96eb6213ce089a9c25
Component: engine
---
 components/engine/server/server.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index e9a2c93819..2bbada5a1d 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -2463,8 +2463,14 @@ func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage {
 
 func (srv *Server) AddEvent(jm utils.JSONMessage) {
 	srv.Lock()
-	defer srv.Unlock()
-	srv.events = append(srv.events, jm)
+	if len(srv.events) == cap(srv.events) {
+		// discard oldest event
+		copy(srv.events, srv.events[1:])
+		srv.events[len(srv.events)-1] = jm
+	} else {
+		srv.events = append(srv.events, jm)
+	}
+	srv.Unlock()
 }
 
 func (srv *Server) GetEvents() []utils.JSONMessage {

From bbaf2a8ed628b37cb69c378a7882de9a86163e6d Mon Sep 17 00:00:00 2001
From: Sam Reis <sreis@atlassian.com>
Date: Fri, 4 Jul 2014 15:12:21 +1000
Subject: [PATCH 072/516] Add test for event limitation

Docker-DCO-1.1-Signed-off-by: Samuel Reis <srijs@airpost.net> (github: srijs)
Upstream-commit: 46747963b603a5573a0b26dcef407a96757926e7
Component: engine
---
 .../integration-cli/docker_cli_events_test.go     | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index c82322c779..7070747533 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"os/exec"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -55,3 +56,17 @@ func TestCLIGetEventsPause(t *testing.T) {
 
 	logDone("events - pause/unpause is logged")
 }
+
+func TestCLILimitEvents(t *testing.T) {
+	for i := 0; i < 30; i++ {
+		cmd(t, "run", "busybox", "echo", strconv.Itoa(i))
+	}
+	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
+	out, _, _ := runCommandWithOutput(eventsCmd)
+	events := strings.Split(out, "\n")
+	n_events := len(events) - 1
+	if n_events > 64 {
+		t.Fatalf("events should be limited to 64, but received %d", n_events)
+	}
+	logDone("events - limited to 64 entries")
+}

From 4eb22040d967ae904cac6f111b7cf52e7b69f8ab Mon Sep 17 00:00:00 2001
From: Sam Rijs <srijs@airpost.net>
Date: Wed, 9 Jul 2014 09:35:08 +1000
Subject: [PATCH 073/516] avoid regression in events test

Docker-DCO-1.1-Signed-off-by: Samuel Reis <srijs@airpost.net> (github: srijs)
Upstream-commit: 560eb07009d65fbcfb49b2fa8b04a2e3f4d647e8
Component: engine
---
 components/engine/integration-cli/docker_cli_events_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index 7070747533..34d7db0d5a 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -65,7 +65,7 @@ func TestCLILimitEvents(t *testing.T) {
 	out, _, _ := runCommandWithOutput(eventsCmd)
 	events := strings.Split(out, "\n")
 	n_events := len(events) - 1
-	if n_events > 64 {
+	if n_events != 64 {
 		t.Fatalf("events should be limited to 64, but received %d", n_events)
 	}
 	logDone("events - limited to 64 entries")

From bbc512f23b88032ce6a3f7c422311a355bb01ac6 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Tue, 8 Jul 2014 20:23:12 -0400
Subject: [PATCH 074/516] Fixed some more styling issues with command line
 flags

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: 2112c5e948d1ef3d3efb34875a97f01fde809143
Component: engine
---
 components/engine/runconfig/parse.go | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index ae79186716..8673993918 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -51,14 +51,14 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flEnvFile     opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
-		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id")
+		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: run container in the background and print new container ID")
 		flNetwork         = cmd.Bool([]string{"#n", "#-networking"}, true, "Enable networking for this container")
 		flPrivileged      = cmd.Bool([]string{"#privileged", "-privileged"}, false, "Give extended privileges to this container")
 		flPublishAll      = cmd.Bool([]string{"P", "-publish-all"}, false, "Publish all exposed ports to the host interfaces")
-		flStdin           = cmd.Bool([]string{"i", "-interactive"}, false, "Keep stdin open even if not attached")
-		flTty             = cmd.Bool([]string{"t", "-tty"}, false, "Allocate a pseudo-tty")
+		flStdin           = cmd.Bool([]string{"i", "-interactive"}, false, "Keep STDIN open even if not attached")
+		flTty             = cmd.Bool([]string{"t", "-tty"}, false, "Allocate a pseudo-TTY")
 		flContainerIDFile = cmd.String([]string{"#cidfile", "-cidfile"}, "", "Write the container ID to the file")
-		flEntrypoint      = cmd.String([]string{"#entrypoint", "-entrypoint"}, "", "Overwrite the default entrypoint of the image")
+		flEntrypoint      = cmd.String([]string{"#entrypoint", "-entrypoint"}, "", "Overwrite the default ENTRYPOINT of the image")
 		flHostname        = cmd.String([]string{"h", "-hostname"}, "", "Container host name")
 		flMemoryString    = cmd.String([]string{"m", "-memory"}, "", "Memory limit (format: <number><optional unit>, where unit = b, k, m or g)")
 		flUser            = cmd.String([]string{"u", "-user"}, "", "Username or UID")
@@ -67,20 +67,20 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flCpuset          = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)")
 		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.")
 		// For documentation purpose
-		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied.")
+		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify received signals to the process (even in non-TTY mode). SIGCHLD is not proxied.")
 		_ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")
 	)
 
-	cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to stdin, stdout or stderr.")
-	cmd.Var(&flVolumes, []string{"v", "-volume"}, "Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)")
-	cmd.Var(&flLinks, []string{"#link", "-link"}, "Add link to another container (name:alias)")
+	cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR.")
+	cmd.Var(&flVolumes, []string{"v", "-volume"}, "Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)")
+	cmd.Var(&flLinks, []string{"#link", "-link"}, "Add link to another container in the form of name:alias")
 	cmd.Var(&flEnv, []string{"e", "-env"}, "Set environment variables")
-	cmd.Var(&flEnvFile, []string{"-env-file"}, "Read in a line delimited file of ENV variables")
+	cmd.Var(&flEnvFile, []string{"-env-file"}, "Read in a line delimited file of environment variables")
 
 	cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host\nformat: %s\n(use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat))
 	cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host")
-	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
-	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
+	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom DNS servers")
+	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom DNS search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
 	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 

From 710bedaf51c428adbd62410b4c8fda970ee09f32 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 8 Jul 2014 19:53:08 -0600
Subject: [PATCH 075/516] Update RELEASE-CHECKLIST with a few minor nits
 (periods, whitespace)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: e1166861d28121b0e389c913de9d0f4faf8f33d8
Component: engine
---
 components/engine/hack/RELEASE-CHECKLIST.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index 1930b217d9..ea826512c8 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -34,15 +34,16 @@ git checkout --track origin/release
 git checkout -b bump_$VERSION
 ```
 
-If it's a regular release, we usually merge master
+If it's a regular release, we usually merge master.
 ```bash
 git merge origin/master
 ```
-Otherwise, if it is a hotfix release, we cherry-pick only the commits we want
+
+Otherwise, if it is a hotfix release, we cherry-pick only the commits we want.
 ```bash
-#get the commits ids we want to cherry-pick
+# get the commits ids we want to cherry-pick
 git log
-#cherry-pick the commits starting from the oldest one, without including merge commits
+# cherry-pick the commits starting from the oldest one, without including merge commits
 git cherry-pick <commit-id>
 git cherry-pick <commit-id>
 ...

From 58d9480aa65efe55d4f45fc85f7bfc2bd47e704a Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 8 Jul 2014 20:26:23 -0600
Subject: [PATCH 076/516] Update bash completion to only complete on
 directories as the argument to "docker build"

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 91769117365207ad3218ee7bea6c472583b3ba2b
Component: engine
---
 components/engine/contrib/completion/bash/docker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/contrib/completion/bash/docker b/components/engine/contrib/completion/bash/docker
index 89395560f9..4cefefabc2 100755
--- a/components/engine/contrib/completion/bash/docker
+++ b/components/engine/contrib/completion/bash/docker
@@ -156,7 +156,7 @@ _docker_build()
 		*)
 			local counter="$(__docker_pos_first_nonflag '-t|--tag')"
 			if [ $cword -eq $counter ]; then
-				_filedir
+				_filedir -d
 			fi
 			;;
 	esac

From 37a093be2385060534e3efbcb722781bfb3f04db Mon Sep 17 00:00:00 2001
From: Zac Dover <zdover@redhat.com>
Date: Thu, 5 Jun 2014 11:41:45 +1000
Subject: [PATCH 077/516] removing an extraneous space

Docker-DCO-1.1-Signed-off-by: Zac Dover <zdover@redhat.com> (github: zdover23)
Upstream-commit: a52441b11417bfbcb8aa57fddae79c4f17d5499a
Component: engine
---
 components/engine/docs/man/docker-commit.1.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/man/docker-commit.1.md b/components/engine/docs/man/docker-commit.1.md
index bbd1db21b0..e5cf05a9fa 100644
--- a/components/engine/docs/man/docker-commit.1.md
+++ b/components/engine/docs/man/docker-commit.1.md
@@ -30,7 +30,7 @@ An existing Fedora based container has had Apache installed while running
 in interactive mode with the bash shell. Apache is also running. To
 create a new image run docker ps to find the container's ID and then run:
 
-    # docker commit -m= "Added Apache to Fedora base image" \
+    # docker commit -m="Added Apache to Fedora base image" \
       -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20
 
 # HISTORY

From 6971f5c2445809ed520112b41172247c0ae34c9a Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Wed, 9 Jul 2014 08:21:31 +0100
Subject: [PATCH 078/516] Tiny text reformat (as per review comments)

Docker-DCO-1.1-Signed-off-by: Tom Fotherby <github@tomfotherby.com> (github: tomfotherby)
Upstream-commit: e479cae7cf86a2929e0439a61565ed7d9100f445
Component: engine
---
 components/engine/docs/sources/userguide/dockervolumes.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index cf504e3343..02efbf7c1f 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -73,18 +73,18 @@ option to specify that the mount should be read-only.
 
 ### Mount a Host File as a Data Volume
 
-As well as directories, the `-v` flag can be used to mount a single file from 
-the host into a container.
+The `-v` flag can also be used to mount a single file  - instead of *just* 
+directories - from the host machine.
 
     $ sudo docker run --rm -it -v ~/.bash_history:/.bash_history ubuntu /bin/bash
 
 This will drop you into a bash shell in a new container, you will have your bash 
-history from your host and when you exit the container, the host will have the 
+history from the host and when you exit the container, the host will have the 
 history of the commands typed while in the container.
 
 > **Note:** 
 > Many tools used to edit files including `vi` and `sed --in-place` may result 
-> in an inode change. Since docker v1.1.0 this will produce an error such as
+> in an inode change. Since Docker v1.1.0, this will produce an error such as
 > "*sed: cannot rename ./sedKdJ9Dy: Device or resource busy*". In the case where 
 > you want to edit the mounted file, it is often easiest to instead mount the 
 > parent directory.

From 2199b246f3673c05c708c0c7b87c73bc57b159d9 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Wed, 9 Jul 2014 13:39:38 +0400
Subject: [PATCH 079/516] Simple additions to TestBuildAddTar

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: fc2631b499ba27350f20e7466f54cb06b5c65079
Component: engine
---
 components/engine/integration-cli/docker_cli_build_test.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 039423e06c..64264cd813 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1733,7 +1733,8 @@ RUN [ "$(cat /testfile)" = 'test!' ]`
 }
 
 func TestBuildAddTar(t *testing.T) {
-
+	name := "testbuildaddtar"
+	defer deleteImages(name)
 	checkOutput := func(out string) {
 		n := -1
 		x := ""
@@ -1756,10 +1757,11 @@ func TestBuildAddTar(t *testing.T) {
 
 	for _, n := range []string{"1", "2"} {
 		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar", n)
-		buildCmd := exec.Command(dockerBinary, "build", "-t", "testbuildaddtar", ".")
+		buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
 		buildCmd.Dir = buildDirectory
 		out, _, err := runCommandWithOutput(buildCmd)
 		errorOut(err, t, fmt.Sprintf("build failed to complete for TestBuildAddTar/%s: %v", n, err))
 		checkOutput(out)
 	}
+	logDone("build - ADD tar")
 }

From 34b700c7bfd9a81ded2481163ee1b40a72a686d6 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Sat, 10 May 2014 18:51:16 +0200
Subject: [PATCH 080/516] Updated docker logs timestamp to RFC3339

Currently the docker logs timestamp flag generates log entries like:

    $ sudo docker logs -ft daemon_dave
    [May 10 13:06:17.934] hello world

It uses Go's StampMilli timestamp to generate the timestamp. The entry
is also wrapped in [ ].

This is non-standard operational timestamp and one that will require
custom parsing.

The new timestamp is RFC3999Nano and generates entries like:

    2014-05-10T17:42:14.999999999Z07:00 hello world

These are readily parsed by tools like ELK.

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: aa0eca03e6662c5f6b4f0f47190a45f49b61e357
Component: engine
---
 components/engine/api/client/commands.go      |  2 +-
 .../docs/sources/reference/commandline/cli.md | 24 +++++++++++--------
 .../integration-cli/docker_cli_logs_test.go   |  4 ++--
 components/engine/server/server.go            |  4 ++--
 components/engine/utils/jsonmessage.go        |  2 +-
 5 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 787a2bdc7d..ec72194ac3 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1616,7 +1616,7 @@ func (cli *DockerCli) CmdEvents(args ...string) error {
 		loc = time.FixedZone(time.Now().Zone())
 	)
 	var setTime = func(key, value string) {
-		format := "2006-01-02 15:04:05 -0700 MST"
+		format := time.RFC3339Nano
 		if len(value) < len(format) {
 			format = format[:len(value)]
 		}
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 9a6d27f0eb..182eb2a221 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -425,24 +425,24 @@ You'll need two shells for this example.
 
 **Shell 1: (Again .. now showing events):**
 
-    [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
+    2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start
+    2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die
+    2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop
 
 **Show events in the past from a specified time:**
 
     $ sudo docker events --since 1378216169
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
+    2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die
+    2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop
 
     $ sudo docker events --since '2013-09-03'
-    [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
+    2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start
+    2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die
+    2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop
 
     $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST'
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
-    [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
+    2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die
+    2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop
 
 ## export
 
@@ -750,6 +750,10 @@ the container's `STDOUT` and `STDERR`.
 Passing a negative number or a non-integer to `--tail` is invalid and the
 value is set to `all` in that case. This behavior may change in the future.
 
+The `docker logs --timestamp` commands will add an RFC3339Nano
+timestamp, for example `2014-05-10T17:42:14.999999999Z07:00`, to each
+log entry.
+
 ## port
 
     Usage: docker port CONTAINER PRIVATE_PORT
diff --git a/components/engine/integration-cli/docker_cli_logs_test.go b/components/engine/integration-cli/docker_cli_logs_test.go
index 8b1d006626..b32b7344b4 100644
--- a/components/engine/integration-cli/docker_cli_logs_test.go
+++ b/components/engine/integration-cli/docker_cli_logs_test.go
@@ -98,11 +98,11 @@ func TestLogsTimestamps(t *testing.T) {
 		t.Fatalf("Expected log %d lines, received %d\n", testLen+1, len(lines))
 	}
 
-	ts := regexp.MustCompile(`^\[.*?\]`)
+	ts := regexp.MustCompile(`^.* `)
 
 	for _, l := range lines {
 		if l != "" {
-			_, err := time.Parse("["+time.StampMilli+"]", ts.FindString(l))
+			_, err := time.Parse(time.RFC3339Nano+" ", ts.FindString(l))
 			if err != nil {
 				t.Fatalf("Failed to parse timestamp from %v: %v", l, err)
 			}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 2bbada5a1d..40995da5c4 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -2212,7 +2212,7 @@ func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
 		return job.Errorf("You must choose at least one stream")
 	}
 	if times {
-		format = time.StampMilli
+		format = time.RFC3339Nano
 	}
 	if tail == "" {
 		tail = "all"
@@ -2277,7 +2277,7 @@ func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
 				}
 				logLine := l.Log
 				if times {
-					logLine = fmt.Sprintf("[%s] %s", l.Created.Format(format), logLine)
+					logLine = fmt.Sprintf("%s %s", l.Created.Format(format), logLine)
 				}
 				if l.Stream == "stdout" && stdout {
 					fmt.Fprintf(job.Stdout, "%s", logLine)
diff --git a/components/engine/utils/jsonmessage.go b/components/engine/utils/jsonmessage.go
index 66fdcae5a8..922f3df739 100644
--- a/components/engine/utils/jsonmessage.go
+++ b/components/engine/utils/jsonmessage.go
@@ -95,7 +95,7 @@ func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 		return nil
 	}
 	if jm.Time != 0 {
-		fmt.Fprintf(out, "[%s] ", time.Unix(jm.Time, 0))
+		fmt.Fprintf(out, "%s ", time.Unix(jm.Time, 0).Format(time.RFC3339Nano))
 	}
 	if jm.ID != "" {
 		fmt.Fprintf(out, "%s: ", jm.ID)

From 81a7587cfd2202f06a94e699f422ca742841d1f7 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Wed, 9 Jul 2014 19:24:11 +0000
Subject: [PATCH 081/516] Change version to 1.1.1-dev

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b95fbe2d3fa7ec27a193dc260837f36581ea1771
Component: engine
---
 components/engine/VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/VERSION b/components/engine/VERSION
index 524cb55242..8869ce2d36 100644
--- a/components/engine/VERSION
+++ b/components/engine/VERSION
@@ -1 +1 @@
-1.1.1
+1.1.1-dev

From 0ee458dda8d09c9c1b68896ec6c59e8b1c1772a7 Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Wed, 9 Jul 2014 16:20:01 -0400
Subject: [PATCH 082/516] devmapper: revert the default dm-thin-pool blocksize
 back to 64K

Commit 09ee269d ("devmapper: Add option for specifying the thin pool
blocksize") also switched the default dm-thin-pool blocksize from 64K to
512K.  That change unfortunately breaks the activation of dm-thin-pool
devices that were previously created using a 64K blocksize.  Here is an
example of the dm-thin-pool activation failure users may experience:

 device-mapper: thin: 253:4: pool target (204800 blocks) too small: expected 1638400
 device-mapper: table: 253:4: thin-pool: preresume failed, error = -22

The reason for this is docker is passing 512K as the blocksize for a
dm-thin-pool that was previously created using a 64K blocksize.  Docker
doesn't record the blocksize the is used when it creates a dm-thin-pool.
Until now it never had a need to do so because the blocksize was always
hardcoded.  The dm-thin-pool blocksize must be the same every time a
dm-thin-pool is activated.

As a stop-gap fix, revert to using 64K for the default blocksize.

But we do need a proper fix for this now that 'dm.blocksize' is exposed
as a proper storage option.  One possible fix would be to record the
blocksize for each dm-thin-pool that docker creates and to pass that
recorded blocksize down in the dmsetup table load each time the
dm-thin-pool is activated (this would be comparable to what lvm2 does).

Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Upstream-commit: d715803d45d41bfbbd5faf1f4a8239c08d6d8c90
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/README.md    | 4 ++--
 components/engine/daemon/graphdriver/devmapper/deviceset.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index 601d3e7ea3..6c3f0b019c 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -129,11 +129,11 @@ Here is the list of supported options:
  *  `dm.blocksize`
 
     Specifies a custom blocksize to use for the thin pool.  The default
-    blocksize is 512K.
+    blocksize is 64K.
 
     Example use:
 
-    ``docker -d --storage-opt dm.blocksize=64K``
+    ``docker -d --storage-opt dm.blocksize=512K``
 
  *  `dm.blkdiscard`
 
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 61ba81852d..3c36a22cb8 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -28,7 +28,7 @@ var (
 	DefaultDataLoopbackSize     int64  = 100 * 1024 * 1024 * 1024
 	DefaultMetaDataLoopbackSize int64  = 2 * 1024 * 1024 * 1024
 	DefaultBaseFsSize           uint64 = 10 * 1024 * 1024 * 1024
-	DefaultThinpBlockSize       uint32 = 1024 // 512K = 1024 512b sectors
+	DefaultThinpBlockSize       uint32 = 128 // 64K = 128 512b sectors
 )
 
 type DevInfo struct {

From 786f8ce10f399cf390625b4cf349aa6bc8369112 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 9 Jul 2014 17:05:51 -0400
Subject: [PATCH 083/516] Replace ADD with COPY in Dockerfile

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 457166295c57e982c470110cde653135385cbca5
Component: engine
---
 components/engine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 283e0a3262..99b3c10ecf 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -101,4 +101,4 @@ ENV	DOCKER_BUILDTAGS	apparmor selinux
 ENTRYPOINT	["hack/dind"]
 
 # Upload docker source
-ADD	.	/go/src/github.com/dotcloud/docker
+COPY	.	/go/src/github.com/dotcloud/docker

From efd625f4f3ecb0ad5d9a949a76229aba29bf83d2 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Wed, 9 Jul 2014 17:13:26 -0400
Subject: [PATCH 084/516] Replaced selected docs references to ADD with COPY

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: a1ddf57216e510c5cabe40cac6a00ac57a92b8d7
Component: engine
---
 components/engine/docs/sources/articles/baseimages.md       | 2 +-
 .../engine/docs/sources/articles/using_supervisord.md       | 2 +-
 components/engine/docs/sources/examples/nodejs_web_app.md   | 6 +++---
 .../engine/docs/sources/examples/running_riak_service.md    | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/sources/articles/baseimages.md b/components/engine/docs/sources/articles/baseimages.md
index c795b7a0a7..d2adf62a12 100644
--- a/components/engine/docs/sources/articles/baseimages.md
+++ b/components/engine/docs/sources/articles/baseimages.md
@@ -52,7 +52,7 @@ which you can `docker pull`. You can then use that
 image to base your new minimal containers `FROM`:
 
     FROM scratch
-    ADD true-asm /true
+    COPY true-asm /true
     CMD ["/true"]
 
 The Dockerfile above is from extremely minimal image - [tianon/true](
diff --git a/components/engine/docs/sources/articles/using_supervisord.md b/components/engine/docs/sources/articles/using_supervisord.md
index 91b8976d78..9188265199 100644
--- a/components/engine/docs/sources/articles/using_supervisord.md
+++ b/components/engine/docs/sources/articles/using_supervisord.md
@@ -52,7 +52,7 @@ Now let's add a configuration file for Supervisor. The default file is
 called `supervisord.conf` and is located in
 `/etc/supervisor/conf.d/`.
 
-    ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+    COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 Let's see what is inside our `supervisord.conf`
 file.
diff --git a/components/engine/docs/sources/examples/nodejs_web_app.md b/components/engine/docs/sources/examples/nodejs_web_app.md
index a7b8eea7e3..ad99c9bf84 100644
--- a/components/engine/docs/sources/examples/nodejs_web_app.md
+++ b/components/engine/docs/sources/examples/nodejs_web_app.md
@@ -84,11 +84,11 @@ via-package-manager#rhelcentosscientific-linux-6):
     # Install Node.js and npm
     RUN     yum install -y npm
 
-To bundle your app's source code inside the Docker image, use the `ADD`
+To bundle your app's source code inside the Docker image, use the `COPY`
 instruction:
 
     # Bundle app source
-    ADD . /src
+    COPY . /src
 
 Install your app dependencies using the `npm` binary:
 
@@ -117,7 +117,7 @@ Your `Dockerfile` should now look like this:
     RUN     yum install -y npm
 
     # Bundle app source
-    ADD . /src
+    COPY . /src
     # Install app dependencies
     RUN cd /src; npm install
 
diff --git a/components/engine/docs/sources/examples/running_riak_service.md b/components/engine/docs/sources/examples/running_riak_service.md
index 59dba00639..6a81180320 100644
--- a/components/engine/docs/sources/examples/running_riak_service.md
+++ b/components/engine/docs/sources/examples/running_riak_service.md
@@ -53,7 +53,7 @@ After that, we install and setup a few dependencies:
 
     RUN locale-gen en_US en_US.UTF-8
 
-    ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+    COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
     RUN echo 'root:basho' | chpasswd
 

From f134d9e4d0f853fd2d18066fe3ee1fcfd6da2d0b Mon Sep 17 00:00:00 2001
From: Jan Pazdziora <jpazdziora@redhat.com>
Date: Fri, 13 Jun 2014 14:02:12 +0200
Subject: [PATCH 085/516] Add support for IPv6 addresses in --dns parameters.

Docker-DCO-1.1-Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> (github: adelton)
Upstream-commit: 899e9e74165b567c157756d56c47d33fac82c05a
Component: engine
---
 components/engine/docker/docker.go  |  2 +-
 components/engine/opts/opts.go      | 12 ++++++------
 components/engine/opts/opts_test.go | 20 ++++++++++++--------
 3 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 82671e1653..c6f216f6a6 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -51,7 +51,7 @@ func main() {
 		flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
 		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
-		flDns                = opts.NewListOpts(opts.ValidateIp4Address)
+		flDns                = opts.NewListOpts(opts.ValidateIpAddress)
 		flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
 		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
 		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index d17b57e07c..b8018c13bf 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -3,6 +3,7 @@ package opts
 import (
 	"fmt"
 	"github.com/dotcloud/docker/utils"
+	"net"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -128,13 +129,12 @@ func ValidateEnv(val string) (string, error) {
 	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
 }
 
-func ValidateIp4Address(val string) (string, error) {
-	re := regexp.MustCompile(`^(([0-9]+\.){3}([0-9]+))\s*$`)
-	var ns = re.FindSubmatch([]byte(val))
-	if len(ns) > 0 {
-		return string(ns[1]), nil
+func ValidateIpAddress(val string) (string, error) {
+	var ip = net.ParseIP(strings.TrimSpace(val))
+	if ip != nil {
+		return ip.String(), nil
 	}
-	return "", fmt.Errorf("%s is not an ip4 address", val)
+	return "", fmt.Errorf("%s is not an ip address", val)
 }
 
 // Validates domain for resolvconf search configuration.
diff --git a/components/engine/opts/opts_test.go b/components/engine/opts/opts_test.go
index b18088b934..4d37fcaf3a 100644
--- a/components/engine/opts/opts_test.go
+++ b/components/engine/opts/opts_test.go
@@ -5,20 +5,24 @@ import (
 )
 
 func TestValidateIP4(t *testing.T) {
-	if ret, err := ValidateIp4Address(`1.2.3.4`); err != nil || ret == "" {
-		t.Fatalf("ValidateIp4Address(`1.2.3.4`) got %s %s", ret, err)
+	if ret, err := ValidateIpAddress(`1.2.3.4`); err != nil || ret == "" {
+		t.Fatalf("ValidateIpAddress(`1.2.3.4`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIp4Address(`127.0.0.1`); err != nil || ret == "" {
-		t.Fatalf("ValidateIp4Address(`127.0.0.1`) got %s %s", ret, err)
+	if ret, err := ValidateIpAddress(`127.0.0.1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIpAddress(`127.0.0.1`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIp4Address(`127`); err == nil || ret != "" {
-		t.Fatalf("ValidateIp4Address(`127`) got %s %s", ret, err)
+	if ret, err := ValidateIpAddress(`::1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIpAddress(`::1`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIp4Address(`random invalid string`); err == nil || ret != "" {
-		t.Fatalf("ValidateIp4Address(`random invalid string`) got %s %s", ret, err)
+	if ret, err := ValidateIpAddress(`127`); err == nil || ret != "" {
+		t.Fatalf("ValidateIpAddress(`127`) got %s %s", ret, err)
+	}
+
+	if ret, err := ValidateIpAddress(`random invalid string`); err == nil || ret != "" {
+		t.Fatalf("ValidateIpAddress(`random invalid string`) got %s %s", ret, err)
 	}
 
 }

From 6401809a7697e56f03e52767e753115fe0ef4be9 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Wed, 9 Jul 2014 00:25:21 +0000
Subject: [PATCH 086/516] add check on docker run

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 0abdea90947de867719c622a51f0382bcdf592ee
Component: engine
---
 components/engine/runconfig/parse.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 8673993918..f4cec3fbf1 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -44,7 +44,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 
 		flPublish     opts.ListOpts
 		flExpose      opts.ListOpts
-		flDns         opts.ListOpts
+		flDns         = opts.NewListOpts(opts.ValidateIpAddress)
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDnsSearch)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts

From f67899e5d8a4d64fb6fd3df808a7596ebe19a6ec Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Wed, 9 Jul 2014 21:47:55 +0000
Subject: [PATCH 087/516] update for consistency

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b68111713ddab28485122f149055c865ac4dadaa
Component: engine
---
 components/engine/docker/docker.go   |  2 +-
 components/engine/opts/opts.go       |  5 +++--
 components/engine/opts/opts_test.go  | 22 +++++++++++-----------
 components/engine/runconfig/parse.go |  2 +-
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index c6f216f6a6..e21d0a4d70 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -51,7 +51,7 @@ func main() {
 		flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
 		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
-		flDns                = opts.NewListOpts(opts.ValidateIpAddress)
+		flDns                = opts.NewListOpts(opts.ValidateIPAddress)
 		flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
 		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
 		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index b8018c13bf..b3ceeffda6 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -2,12 +2,13 @@ package opts
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/utils"
 	"net"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
+
+	"github.com/dotcloud/docker/utils"
 )
 
 // ListOpts type
@@ -129,7 +130,7 @@ func ValidateEnv(val string) (string, error) {
 	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
 }
 
-func ValidateIpAddress(val string) (string, error) {
+func ValidateIPAddress(val string) (string, error) {
 	var ip = net.ParseIP(strings.TrimSpace(val))
 	if ip != nil {
 		return ip.String(), nil
diff --git a/components/engine/opts/opts_test.go b/components/engine/opts/opts_test.go
index 4d37fcaf3a..9494e27a75 100644
--- a/components/engine/opts/opts_test.go
+++ b/components/engine/opts/opts_test.go
@@ -4,25 +4,25 @@ import (
 	"testing"
 )
 
-func TestValidateIP4(t *testing.T) {
-	if ret, err := ValidateIpAddress(`1.2.3.4`); err != nil || ret == "" {
-		t.Fatalf("ValidateIpAddress(`1.2.3.4`) got %s %s", ret, err)
+func TestValidateIPAddress(t *testing.T) {
+	if ret, err := ValidateIPAddress(`1.2.3.4`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`1.2.3.4`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIpAddress(`127.0.0.1`); err != nil || ret == "" {
-		t.Fatalf("ValidateIpAddress(`127.0.0.1`) got %s %s", ret, err)
+	if ret, err := ValidateIPAddress(`127.0.0.1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`127.0.0.1`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIpAddress(`::1`); err != nil || ret == "" {
-		t.Fatalf("ValidateIpAddress(`::1`) got %s %s", ret, err)
+	if ret, err := ValidateIPAddress(`::1`); err != nil || ret == "" {
+		t.Fatalf("ValidateIPAddress(`::1`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIpAddress(`127`); err == nil || ret != "" {
-		t.Fatalf("ValidateIpAddress(`127`) got %s %s", ret, err)
+	if ret, err := ValidateIPAddress(`127`); err == nil || ret != "" {
+		t.Fatalf("ValidateIPAddress(`127`) got %s %s", ret, err)
 	}
 
-	if ret, err := ValidateIpAddress(`random invalid string`); err == nil || ret != "" {
-		t.Fatalf("ValidateIpAddress(`random invalid string`) got %s %s", ret, err)
+	if ret, err := ValidateIPAddress(`random invalid string`); err == nil || ret != "" {
+		t.Fatalf("ValidateIPAddress(`random invalid string`) got %s %s", ret, err)
 	}
 
 }
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index f4cec3fbf1..5b05e52778 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -44,7 +44,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 
 		flPublish     opts.ListOpts
 		flExpose      opts.ListOpts
-		flDns         = opts.NewListOpts(opts.ValidateIpAddress)
+		flDns         = opts.NewListOpts(opts.ValidateIPAddress)
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDnsSearch)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts

From 8e5e1a569d0c17a734ad4e03325a3dc68521815a Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Wed, 9 Jul 2014 16:43:39 -0700
Subject: [PATCH 088/516] New screenshots and revisions to builds.md

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: ce9d48e896060d05a78563dce30abfcd5a99c478
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  |  58 +++++++++---------
 .../hub-images/gh_docker-service.png          | Bin 0 -> 128587 bytes
 .../sources/docker-hub/hub-images/gh_menu.png | Bin 0 -> 19955 bytes
 .../docker-hub/hub-images/gh_service_hook.png | Bin 0 -> 66527 bytes
 .../docker-hub/hub-images/gh_settings.png     | Bin 0 -> 16121 bytes
 5 files changed, 30 insertions(+), 28 deletions(-)
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/gh_docker-service.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/gh_menu.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/gh_service_hook.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/gh_settings.png

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 9c30951ebc..e4d64eb28e 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -77,13 +77,16 @@ Automated Build:
   <tbody>
     <tr>
       <td>1.</td>
-      <td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_settings.png"></td>
-      <td>Log in to Github.com, and visit your Repository page. Click on repository "Settings" on the right side of the page. You must have admin privileges to the repository in order to do this.</td>
+      <td><img src="/docker-hub/hub-images/gh_settings.png"></td>
+      <td>Log in to Github.com, and go to your Repository page. Click on "Settings" on
+      the right side of the page. You must have admin privileges to the repository in order to do this.</td>
     </tr>
     <tr>
       <td>2.</td>
-      <td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_service_hooks.png" alt="Service Hooks"></td>
-      <td>Click on "Webhooks & Services" on the left side of the page.</td></tr><tr><td>3.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_docker_service_hook.png" alt="Find the service labeled Docker"></td><td>Find the service labeled "Docker" and click on it.</td></tr><tr><td>4.</td><td><img src="https://d207aa93qlcgug.cloudfront.net/0.8/img/github_service_hook_docker_activate.png" alt="Activate Service Hooks"></td>
+      <td><img src="/docker-hub/hub-images/gh_menu.png" alt="Webhooks & Services"></td>
+      <td>Click on "Webhooks & Services" on the left side of the page.</td></tr>
+      <tr><td>3.</td><td><img src="/docker-hub/hub-images/gh_service_hook.png" alt="Find the service labeled Docker"></td><td>Find the service labeled "Docker" and click on it.</td></tr>
+      <tr><td>4.</td><td><img src="/docker-hub/hub-images/gh_docker-service.png" alt="Activate Service Hooks"></td>
       <td>Make sure the "Active" checkbox is selected and click the "Update service" button to save your changes.</td>
     </tr>
   </tbody>
@@ -112,42 +115,42 @@ public or private Bitbucket repositories with a `Dockerfile`.
 
 ## The Dockerfile and Automated Builds
 
-During the build process, we copy the contents of your `Dockerfile`. We also
-add it to the [Docker Hub](https://hub.docker.com) for the Docker community (for public
-repos) or approved team members/orgs (for private repos) to see on the repository page
-(if your repo is public).
+During the build process, Docker will copy the contents of your `Dockerfile`. It will
+also add it to the [Docker Hub](https://hub.docker.com) for the Docker community (for
+public repos) or approved team members/orgs (for private repos) to see on the repository
+page.
 
 ## README.md
 
 If you have a `README.md` file in your repository, it will be used as the
-repository's full description.
+repository's full description.The build process will look for a
+`README.md` in the same directory as your `Dockerfile`.
 
 > **Warning:**
 > If you change the full description after a build, it will be
 > rewritten the next time the Automated Build has been built. To make changes,
-> modify the `README.md` from the Git repository. The build process will look for a
-> `README.md` in the same directory as your `Dockerfile`.
+> modify the `README.md` from the Git repository.
 
 ### Build triggers
 
 If you need a way to trigger Automated Builds outside of GitHub
 or Bitbucket, you can set up a build trigger. When you turn on the build
 trigger for an Automated Build, it will give you a URL to which you can
-send POST requests. This will trigger the Automated Build, which
-is similar to GitHub webhooks.
+send POST requests. This will trigger the Automated Build, much as with a GitHub webhook.
 
-Build triggers are available under the Settings tab of each Automated Build.
+Build triggers are available under the Settings menu of each Automated Build repo on the
+Docker Hub.
 
 > **Note:** 
 > You can only trigger one build at a time and no more than one
-> every five minutes. If you have a build already pending, or if you already
+> every five minutes. If you already have a build pending, or if you
 > recently submitted a build request, those requests *will be ignored*.
-> You can find the logs of last 10 triggers on the settings page to verify
-> if everything is working correctly.
+> To verify everything is working correctly, check the logs of last ten triggers on the
+settings page .
 
 ### Webhooks
 
-Also available for Automated Builds are Webhooks. Webhooks can be called
+Automated Builds also include a Webhooks feature. Webhooks can be called
 after a successful repository push is made.
 
 The webhook call will generate a HTTP POST with the following JSON
@@ -184,24 +187,23 @@ payload:
 }
 ```
 
-Webhooks are available under the Settings tab of each Automated
-Build.
+Webhooks are available under the Settings menu of each Automated
+Build's repo.
 
-> **Note:** If you want to test your webhook out then we recommend using
+> **Note:** If you want to test your webhook out we recommend using
 > a tool like [requestb.in](http://requestb.in/).
 
 
 ### Repository links
 
 Repository links are a way to associate one Automated Build with another. If one
-gets updated, linking system also triggers a build for the other Automated Build.
-This makes it easy to keep your Automated Builds up to date.
+gets updated,the linking system triggers a rebuild for the other Automated Build.
+This makes it easy to keep all your Automated Builds up to date.
 
-To add a link, go to the settings page of an Automated Build and click on
-*Repository Links*. Then enter the name of the repository that you want have
-linked.
+To add a link, go to the repo for the Automated Build you want to link to and click on
+*Repository Links* under the Settings menu at right. Then, enter the name of the repository that you want have linked.
 
 > **Warning:**
 > You can add more than one repository link, however, you should
-> be very careful. Creating a two way relationship between Automated Builds will
-> cause a never ending build loop.
+> do so very carefully. Creating a two way relationship between Automated Builds will
+> cause an endless build loop.
diff --git a/components/engine/docs/sources/docker-hub/hub-images/gh_docker-service.png b/components/engine/docs/sources/docker-hub/hub-images/gh_docker-service.png
new file mode 100644
index 0000000000000000000000000000000000000000..0119b9e22a5f7cb65d1899e105cd2840d34cd037
GIT binary patch
literal 128587
zcmce-by(AF`!J5!A|N23(p>@q(yerNm(=L)6j7wRM@Z*Da@3egx72_Eo6;~E#(*(+
zeZKGe`#$$`Klk6i9mjTjKIeIzeO~94i_y|hBz*MZ5gr~Mp|X;k4j$gUr+9d`-5%io
zfp`-8FyY}nmUVplR!jNqTY4=ocY8+{J3KrkLXe@qk?tJT^}Z55!$YPgx1PV_)jmsy
z+`XIghUO!4@+<2HcgQj9AS;?m5f8m)PU~5xyQM^OOHcb;Y2>*dsc;jSRbGt~_DF@o
zZ^AHv<Lw8b(1Q>Rt~+=?aQxQKX7a)H_BINcf?6#SI+D@C^xS^H(tWXCUmiaG_2A>(
z<1cM(&(0@MV}#$>SM?P+Vc{LPPFYiCo+tQLo`ZP|oKH3wt_1LgNQTKj;WgX$nvSxk
z>$Z`-Grvn3eW>^dQ1yzY>i%;4Etjfe<#^&-UxIH{Hr&CNr@&)-dUVD3jv}^)gkhJN
zOxf;1z3jXtI|+TFH{oyXz`$t|nA{T=folpjl)DlA;Il-IC$@yE5oVP|Unn@alQ$pP
zSJ7S<np@P7&Z_$66cw;&%k`IZ@>DOD=WS0uwPy&C$>d|8ct`UwNu?_OzDJGR^PG>b
z){#6fAIP@cq5V-W|KX>@#{@i&a(*@rhbN{4PajlW9a%ZP(_5j}Fi=aPi%$ZKc(G}n
z-0u6nsno0ew$04!N#^^2(pwYb=~0Rd@!jOzokpqIA6`wx%uy<*vC)spwzbo<MNG-`
zwd=fmSQL<v^yayyW2;;Upqw#pnB?L~Z5RGWy`zWTMKWlf(B4jR6;dXWq<&I9Mo))l
zKeiyf%ndIcwTKx~DDUZdvfo$-);WbS<;%5;2!B`^BSC0urN4T8rdGt5vZB2lO||gB
zb0$PSH>TqFhe$PRdV&9w+YC=0g=iIL-kN5hDg`b3E^j%0BPGJulA(zH?wS1jMM`nw
zpjIJX-yz#zvgY^0HmeN%$MVrPuSbdEeLt#Yv?vKO-lr`QUQ3B8mEKnE|04B7ka8;S
zl=j8I9QBkkamnW?rtRN8oecLrD*5s_JxabNpiFSFPS3|jHx^NM_m)VOw@lJb)lI`4
z!3@u@wd9|V`sDhgSSx+^SUdWeSWKuVAJ54eS;s&(^`gp;EmB#!l+KYYu#`b0)r~!k
zo*!?0BXPcHN4q+s2i`s7Rk{B*EZylE=|#OJdPa?rC4c_bxQJI&FD6{!!aC){gFyM4
z>9q4q5xG1T4bsh+5;>Z~7&1A@$v4y`hhH{4^nDwnkQDXR4n)JUVr#2<t267To?DJ0
zhPSNQ@6HIzoItfCnx2eFKgi)JEK9amesm%0Ku&Q|V*6vV<eW!i+zoFgSK|V&Yo!Y2
z6z~6=APf26mw7A<&q;J$*8&fp;5}2)tv2^=4+`E%-WJkd^L9l#+OK~p>IlDhHTj{6
z;GPveg;kuF*Dd11Pcjc8J)aQ7BtO#Co@Gh?tT*vq^y?FqFOLm=n9M&geJ8#fMfaP2
z=DW7YL%=UavnZ6u{jmh1fP0dM_by*Owy|=Fk9%%ao=v{-zTL_qTbd%O&+5pCGc(cd
z9lu)4*mnvWJ0sCnlEo-}8|in7U(@CTYY96OB)@fh&6>ZT_szJC$1UD;)y9KY;z3eB
z*%3zoML`nfs_NnTc~I9QWZc{e+fm%PZx>B?6oypB;fchLcn{{T=qHSsN=*C@@A4(F
zvv5XpTGLIw??&qv=Wnqh(tJ`?kChc)OEV2I>nLrcoebKoDR>DRs|uwV4&ApUzR2k>
ze?Cd=Al1wcXEvd5y$AYeAiJn6t|p#volgX(63ZViS^OzE3C&TND4!_jEpabDs1Tl7
z+)CPlJigcS{`a>-n_m7q@oy9!+T6C`UA?pVs3h`8L;dZT-k3bM8MnH6d8-oWjcXFz
zvxUn^bLMiUWd<}8I%6{{ztc2hSb3o3t_3Yc6d?v??BTC)*)gLo8*es(Hl#KjH_SJ<
z2nh+j3EdN7Ug#v;eSs1ra>$zw_;OTG*3$_1^p&+Ky>`9UyjB6`3gZ$2x{eXqRx}VS
zj4aIV>h5B9{i%5Xui0XmRz^4VyqrW0MJ5Di1wpSPUspI$I2$<7PIZ+ofXeFZK;*?N
zKXWVet9<29<p%XahKt7H2I88*IcKzcC-8i+$289QuV_-nN%Qx_Dtu@?AJ*L!{>Zh)
zv$6lHV8d@~%GcGW#HY!3#3y{lb#`xZdeVDZ6$Y#_tnyc@&sRLG4b<*3Lp(yrA_x(m
zN&1;SC`2p1q-k*P%^-0{EAHIii9@TRF(}Kq8>?@^4+IAJjO?@k9uvv0n}zcnM0z~p
zemnN;r*trdDn3%oOq38g7G_!+M6e?qS||NVC`v4B$W|ZNv>)AD)$Lzql}M9Gb4e3q
z9Z>I3YcIbp*O?Y9XHzRYMxV=GnOz5k2|x!%2VYL9Ikt|~&el#W^-Bzeq+EoZ1XHLH
z@W!dd2~wz2NM@F2u5xc0!Hll$%iPxOSQ<<KzOWroOM-7KS{UXF%NM#7(iZ9y5)|@x
zU1+`4deN%iI=8#!XW=L62i)UXTs_-ABgLv<Rf*anKS$2IYkIrL4rf2mZq(K<aT9B#
zj--yGcBZC_-$+P&4sq~V-rBTzIZ&ElEV!|oJ)yC$(XJt$w=aScN%FQ>Tl#f1)rXMZ
z(%JSJ%h-FdFNSPEpg#d4f%C3$i`@Qo*Z_?C5^za6Fd&Fs;w;c7&?Kll*zLG$y9`CX
z*)odC6CM+v5AMcjA7G?tr9MgB54}G2Jsmq*UR@N0+1Cc_CN?BpjpFWvEndNK7uVa@
zNG$k%_T2~g)%djcOzy<u``?p#*hnz^rz@OF%ySr#govEGMr#f(CHHGFzGiHG-7Kia
z_L9TJW*+Bpa#(wqdsy%Q6TLu^kkUN3HK?B=ToPaMQF~Tfa#dnrjAo8{ELI~L@eKE>
zUrK>w`V}pmwA<Crkw2S}da`<D+^6}<`Pl}{ip$FJYFLg^;WOa|ua(t+&2!Ns09o6^
zY0@+1F6GA>W+?$|Lqf_qGwHQC5~A&57p^J}DuF84QoghejgD-mY)*BMrcEhJ#hw}p
z$GKb6V(F{qS7^q6(f<_4AyAQ5=p-WOztiBDJAG%GsBC&lcM4M){<QZ|^&QA_?dL%L
zppOhce18CnWhP%}XU%Jx@r0#rXBihP<g914h}Ec)(pM$>sJ<<wD&uWrY69Cs$7047
zGNucGsh!fA+`N(p(Q1mBOwI*v{Gl7CLhX@Va)^S1G^h|%kpwhv{GMEmqmp+<9=J(S
z20C_Lk7T?l9xnD5NCi;mR!Qm#HQ8n2YRj4mo_?mhc?Hbl&Rc#x;4=P0lz8Lb*s>5Y
zFpIC=vAgez<wTr9?&Ulrx&0O3cYRzQMFwvWM8wXshjf*NAXDN}Yz37|su5GXwjtb&
zbirj_8C<%ebmq#aGQ)VtGc4G>IcwOlZE9`1Km5m$pqskzz>Q-VIW1RfZE1ZvsH=g~
zYIfgi?|9`{v1XvY&b-G`w_^hhcXXaGY}0o!A26#ho9mXc55?UZA><McSz=!Zfbh3@
z-LRIZs|rJwU&2G|RDWfLnkIlVU2%tyQ>^JCW9zJev7x?8g*z|&IzaI_u}L}rrv;hz
z04$7acG`Br{Ra-*>dtEG5H`&Kc|wbl+HJUa;K4fG+wfZCW}EwB7~;C|wuemMuWik3
z>1B~;p<lO?=ZZq5O>te@uP`2t+y>$`trZ$Na~6drNI%=9l=6GXs2*tiwcVU{Q%T0a
zX(C8uT%vm|;3j5;43co%zn^BzMklE5+~MssRpmTJ1~k=FER^zRy&A1*k_BkyorwFN
zc1>I`QFignn4h*8Ev_KE&J8h^#NeQ2n8k6IUibpm>+Rxv>#8AsU0&CVAoOTUr88x{
zW*fqfX}cc;OmlBVk}mIb<p*Q?+~uL@Wn+&lKk#V*3=)e~z|@3+v7zCeir9wxMZ_kw
ztP))(O6OY(ba%r;c8!j+acwIx+i5!*S>q+<zs<7>!_dvEIakJ({zHZEaJL{g?A0a|
z|Hf%MXJ-27%~A2qdZXdJdOwI?@bV1RT=0!L0@w{MJ9v!P3p+qx?|x1v*1WV2u?;c1
z8QRzF+1#4&$DUkb*YQ8ev{2G(B?0X5yO!>L(~uATJc6e-{w+s!J%TWgjHLe_mHf?Z
z;=B>|+wiyF>SW%R-o@ifz%$iqdXxQWf96b_?}>-u-0!GoJDh_)zS_6q%VbQ`{BgMY
z_*>5i@d}^faG^jfR(ek+7`=#>aB&+TISdqg8|E%klnH!ry?RN<=IB`dr_9~{v!;0H
zp=9ihheyHkukS5o9p*zkyjum1dPY7*>S|&(?yfxVY~8KxcmiBK{<Ox!lL!#|^XO{l
z^Nv2i)y2(QEI^X+e_DwBdHxremy!N|n)o<NG8(CC(Z6-~vZEK|dCl{RQR)#rJ-vjN
zt-Y9zoWlPj|MMov=-}hyA;!z=@9)p!FTmsO1>ofq6&2-u#m~#n&;6$bw|AhM&$|F_
zH*co@%jEy#BWLGr<K^h#<LK^2|1ZAptlfQmBpDh1CFp-Y|5s1D0LOnza`XOwX8kdc
z_g@%ZKAu;+|I7Oisl>maVp@&?b}mM8j;?lY-hX6B@d*kFN&FANf1&;@@-L*u|0Wd?
z7WpgXUoiiVQiAti7W~Dc|Ld;*f&THA)FTPr|Mk7pqcR)L=XiKBc*=6JdI7g~mkF$%
z&O*+Qln2Qkq<<WK%OK0}^x-`<8T?1{Ghecdc#YDnjyxx8*gqVfgJrm^R2@{m;&ZN$
zLk#tv{A8!(B#w;6fAm213;R9QH=lk9sxqY5S`OWej*jo{axJJg+EPN9>;ZuByc6KW
zsGDDysJBpYU7d#Y8@yY0p2+;|=NnL_6#VJs+rNST=T(M+KCn0NJs$o8`oI1B(tW>{
zqWQw$@9=*$OO{xn{=1Zau{-3DIUZyq<oYia{vefTJ&FE_*ZEWWz_qj}^8Zrck09nG
zk^BF|E96nK#IbVEqyM%Q?^dc}-tB+lC3RPc_M-IN-T$`qJ>C%0_&@j!?^fX-4ML{A
z;{OBk{Tj*UKX~o^d(A%@NI4os`~y<vINJN4g7B^4j|PRWYyZim(N2utKM_!l7fM^|
z>gt-BF7{T>Q~!fL-{>L+2M62Q+RpYC!OnBzg~#d~WZH&?b8UO_ty_!kP)NX$^{Nnn
z>mPg;!TPA#ZTWJTtNv+wDJx8OVk1G5HebwF#Wu0HxH#-Mt+2Ph|DND*kl%a#|90)S
zBz2k7Z9d@G&E*`_MF==Z=Zk`I2jC}+s>Ybk&WvhTXymV~t`1S(J$Rrk@ZawL#Y(Tk
z$H>4m#b0ciq%;{VmtY!U9|AvLOL_3-RFu(mCjNe8^*?06&0RSY1!jQUg_as^Oo28d
zzb82N2K!d|pA6g}*Gdy`DlQLnhB-UiPB5W6XSe)H#rY%uJ4$9jw**B?Se-u11Tm#4
z%Em@Hk^Dnk-l)7^(^jG(`XKw?0ez$T2j@UTT>MYC|KI88IZKNfp8ee^CI(+RIxep+
zP6P!7xvB1fEYI*gJw0i}e4-N)2yv1ufln_7q96Rta-L5z=H|-_O#o#o^GD9`WM<Fu
zd{J+O(qu8;ou?!uB*V<iNpCK;o>2W~kiV6YRaRC$nLC-BoRr3GYxc2(>glDol~O)u
z31j@Zi%(&9x!-xv%YngRka4>EQ~6sF;NEP-2w=nCI_oz(HmjzE>gsB_4fa375d%ZS
zD2Z{?mq)$5z0Ho(tSl_@d0x_2hmp%}#Oqm4hf1`h#CoItGr}G*cgFL@*-S`jWEh#4
z<Y6+SCu9*;1kpt5PK8WqLq0JYrwW2^k1MrZTt5DdGVozEg3kK03D_+(aE~IGYzKem
z{ld;RWn)9C#G{3`Z>|2;HL^@(PVbPY-|K`vL^FLMh+c&8pp9t*f|-->g>4A_GawNo
zdS4a><S9h)cjUf=Mf?osOObelvyuDwcb-Zz2gHnU8`=m}CXX16eb(21bbT1$68oRJ
z{;Nit?f)rWJQ$|YYli=<?C0DbjzPIUAK@$9f@)4sa48*E_H8*n`_Gy}KXYe?4j9$)
z;Lcn68H>9GM}G?L>vs?T7T6@cZ}W5?1Ml!8$ZSF9i{Ehf?liFkV`yGV27j-Xqo6_Z
zh+Y7sQJ5x;y*EdlsM^_CA?4WESmMv_u$oOR@iQhV1Y2W!<J5|UtlFD5wOIZmiTA}8
zt=A+x{6H>l+BSvH+1VeB+^72av#by<LMTvg)Ek+g*Q0+MNABp-r>80ci0jRc;3?jW
zRIB_nOJGwI-acP-D)F!@v|)c|t@9+?>;NJUHzg(du`S|)VBoWs?X5;?ql=kpCPC|x
zce*$HVtuC9gIDNLZL&DYYICi&lX7No*#?F+(Zp<{RVyfDy}SWJx|DTn_8?mofZ+c=
z4I5)^2)-#qdJfQl?b*P|#qFmMQ`VQTlH6{mMVcXo<eyWwt?&KYu@Uy9PbAepcv_PB
zGHNBs2;_Ik*0SoknF{QM?hQ#pR&qqA{2?2sDf)Mt3Kxxvc^?+#Y(+nL#QIBXd>^Yb
zPOYrtC0(DxWS2iDA?s=Usd4JC$LzX6aYLz=$eF%p|E>*eWflfv(KSB0v^!yof6==C
z>p57T`*=nt+_H)yCPv{e{n>#iBB<_gh>PI~bHs*-cciJJ!=H57HE+KB;;pz^KYV#%
zj#<Y1io_(`1lm_Oc+bQXZ_d%w_+`3GwkuV^Cc|3HfzFffU(B5kg<5jvLyC1im&;>C
z=olgO^PQ-4Q=t8{aPTq(ho-4K__#IOE_JO3Mmg44<<Bd*mC|&g-*J%%juq;DQpQf?
zaI&C7_P?1Wqx3L(_kHx|!Utw55y?Rh0|@)qKm2r#QT=*YVhF1;x0Ey8_E!&n-3dl)
zePif32&=rx?~4OdL%;AW;ou!91P87aSq|+vFo;4T6!ju-wB(~LNfKn8(NSe&z)yV2
z5BIrj(KUkQyNa}kfoMDQNQ!fsufDyc{LWzOK0c~KgZdEGDeUWMIqv<}KKkHp#O+V2
z2uYKibgM4CYPP!JM^y)<RV5eiEt67iYDNK4+1G_!Www0ZROIFReo5mndi{%smh}ax
zMadHU86l`=o9rCUsi~sXH5qIv`w7wM72`JLyiU;bn3jPIDMdjRmf0zE(W@U?D7T)b
zH1Z{r6M0FTev;pVI{rOTYn>k|!z!9z;dxAq*jW9rhq1oO$}1V{IZ|9zqf}M_suB(U
zNnJ%91`^euLTCHDG$YoAs1T#7UI=pgI+4JTft`y9*NoYgq1T(UN&e&A%E7}-|LgHT
z#o{&a{g(Swv-sT0GUqvpK&r7G|7gX7AX}f!Y}Qt)-<oR`#Jd;48G<IeC4!7ca9Kz5
z)vE>0_+h2Y;mC4+<*T%cQk8bP97}%g&ZO>%1TAAS{GpPaX}iRwlo`<$MbNT|jRDkA
zT_83(HX)8ysPP8As$%`7aW)oRFjPW-+!t%Z$i*nfCML#ewjJjd61H_GDc)y6Ex1F|
zu#fuK{8XOmXP<?gPG*&rSAM(&Cfa5W_sm^N*m`t;-1Ymt3(io9Iq&6KcV+2>^xIaa
zQp&feN2h@W)nKWRPJcQH7adOWv9eOaXF|<|iV{)WSFuR#>mNfs;uxAM7&BnH*B`=i
z)>V$2s5@8~BJ0zF&Mh>3rt!aZHrOpRwV{bWn$q(mhbd6(P(5%R5AX&zS_I{&VjnPJ
z8Cxqe_uigdfym1jW?Vr^YgH_et*#RVk!~H^<+71=d)8O?gimskq%S&ISXmWPd!LEV
zA=rZ!^DY8TI($*B;;krz<#Ty>Hgsz7q?6p0;3TJn3I@6CKO?o1T`a)eU-lcA-@Rq7
zBF)9A{o|>2^IqU8VV#WukV{p1;SdpwYNZ6Og=(tp^0)^qx<<M=%slu_LzdbroFfVy
zeaTQ{Ie^8wZf9K{_DqD<$#W_L=V<c7bdg4z_<`eQo`-3gh;XRGiNz+~Qq1ywT*$7g
z|5AXBSE{LFsOiaMl5iZ&d?#2%C7rT$kB6w=6}&7`X_$2fq7^EzAyBx-ow8O^szy;X
z1FdfbL8UUv<O`!!W;o$Q!`%$B)Hp&E3<8F<spWR>aQAQe9UlLC7<ytGQErzgSMVnG
zfL%F)B}uGbIg8O-&(QGXXz96XMx0Pl_W58eA#{In4F`Fhf?ZUREA<>qk3JuKHAo%P
zrJt<1V_zwCCsi@kJ1@VIy)$@2Y1bxy%*-`OeQXEl(<~tcH_4yr58xksFxzPn?1uY3
zt&kMj>EGSSxs%IaLq{vFbaVZ6$EN1yG}SB1;79UvVt;e(uiZM!tkoN+e3l!XO>x^B
zbd{Nn{?3&m*Y#-~{LRe!D|t+;ggQE9&c3Eao-i9a7|527UW80YbzU~7I!x_wNFJ?!
zFGg!S-drE{{+4X{bXfvD8llq5>S}f9lLa4?ihFrfG)wL0z7t?eGT^yE=Tc>hwg(r!
zut(OOngF4~2o@HWnCoz-SvopSsIF$JULG7K6M38!$DJ?o4zeg-HPj5QbvZagTcfU_
zxt&%jt+~ywvO@U**Zh!SOZ7sF)_{hiZjm%cY~#w_$cBGmr;}Z4gMc+Xs1lt;!JYrg
zl1K)q77QL?fZUuf-J+YYEV8p9rL(wp^RfiRpZZQt#qgLav!>0fEK`!q9>0gu>|sr6
zjG2#`|Lj=HZFU-154VLIjC(`j)xs~y-Fc;^G4}uy1}VWguite8YuI^y7(<P&(%kYp
zz5M)m0e6S<l(3`i!R2Xs7u<|=2`dm(mh!TDev8AI>$uR8ke>u7z-DEc%Z#d^+bhj!
z4Vu&*a&YzOvVpdF4W5nJFX%9L*4~a;=ej5(Um^L+FuL(Xt9}i5C{SGe`lkqIElHMr
zdRg=t#|q<j5(|~utLL2$gI}aBc7%X6Kgp+_@E1Xo65o>kAZAFGa9T83S}G-S@Nro8
z?zEQ>I#rpVeeDYyw9q}KtV$I+k&hFYJlb>CB&YUaj#w&nW%H}Q4rhao6^feFXpb=I
z@AI&~dYb4~xXg9!+Cnzo9{IV(8|z3V^2nI@V8%<=FtN?pv}%@u4m74rnMgh!>R3_a
zv|772*f~)jeYw~3R{VM9y{9)roA%P-KfX42wr=!}OTUc09vL;0e70)henRO-cV%FV
z;NfbDY-#-+44YBW@jfPP727WnI~)?;ute+dqPRxR91q?ox2JiZNr2%g@4Q;g8&3Bh
zqFUaJ_eHg@pikIXe8X_GEEiAel}F62)lihY2DF4_G);fz1TS~ny$gbfi`w*gz8WxZ
zt7%_<yZ}m~$W_mHfV`UqYiH|dj`8Ht!aoT&ElJ3lHOWdc%f1bAT`<QV37UaB=L5hJ
znVDmp^1b~m$egU^S^A(Ay$qko5)N<2$;yW(Eq)Mbw*u)&Yh%F!AwuO;PH33>Om81T
zl}mL*h_|cL4BmPwgcP^p$rYaD_C8%Bpo@nHA*><Kk~Ke)88k!ucb3QFGXuuYm(bL#
z2LGP8e$1BH<sPxzc5QUfjuGeJyhcge?@t!Q4Gd5~vQwCm=D)M8N!OjLzbSl~Z6)00
zdxI5dX*ABm(!7q)r${Zc(H-c*ARcfxx8_^-K~&)av_SeN_(M!pib>4dbcwHfz$gNH
zC@@*V>gPAv+gN6Qm6;RzVoNo1uB;QY1!t6E+~b^*(r*9d3?QP!yzeOA`6hTodR9ZQ
z!k;IkX>)oN8*`k<+e#|Fw@dLfTtBIF%g>N_%<bfiPjK4?9y&kco~%ktJB?U2=`UI4
z^$Kc9b?RM*oH#eSq@?WdeWeY9C5!H)1kP=lPN%KZB)J)5H^x_;Qh4X;r9@9-o}y!(
z8eOq`LY<CkBMX!0@|UHne0}<av5#&x$4Z<o_k1RIdV2Ojm@^T@k(KX0=h3-7s>5nY
zO;|oeip})LnVH&0jx}(?4H@nBz*6{j#oCBw%doCuX}QZx!B!IaePpGycWLHJ(<7(t
z`bTp4AVxG(-H~%rP(FP0OgNUdAfFqP`mmY2>iCx$T@Dk-3*csPdPj%SfY!{?ePgg;
z`>K-?vn0Bh^VJjf?5A1&f(uHJQPTvM*KNFQj82Zb3!o5A7u5m7yFGrW<IuJS+bcl=
ziiuINlyxEjt510`cZY?uY0QMZul=&#rW$_zT_7u6)sk}?9pgjmtT-a^m)ZVLM*QL|
zmFfMp)Ks0RFnCV@IDI`6RVI1=6!Khxk&9`;_hX3(u+PZ>^JC~X5E&f42~f<?T#PXf
zLSF`+sYklENlp54achhmY5I5HTt`h1WyUhdR#%s<SwQaLB!cIEQFXBOJJ>OHO9vi*
zjt&p?)ggW>b~rgXr50>%{yDvF?`qx|YQhIw-Lx=Lvn!<G&QRoPFtSbyLPJ}dj1DhR
z2U*m(j%98#1&e7}8ipS0nCGu{FI(@Gbr7&glSP`b*T}Q-1b+Lq?~3Ympsmo%ROs!8
z&E{~ED1*dV2Rai1^}H`v_ZH)>&#E}yNGUWlC@<e%K974BS--br0CwuN2v~+0Y2r@C
zOGvA|{}i<9gbwFn^Wcp-eTAOPe3y(eY;3P|pj6RYuL-H!Q&XwIXKE>H4T)x~&O-_V
zAX{tt+EMH=-HYP7eG!k*gZo4wzhk6nbvQvw;C9;(Xu)MUqxVyCmIW6>yJcbAH3MjU
zz2&Uq;8I~vqMA9QdnwfD#cMNO9%a~aaJP>HWCvE;dgeqI>XQgD4bWJ8iR-?bL_`Aa
z7@j^1E+^i__NR@^uIX*>+stx=u1N{r>bDHl>J+RWFoyzDm({CGo$`f3hKnQI$HKfi
zQ{Q8C;-#h!f_(LH(oo4RO~Hedd~!$c^64F<N-d~XbvGk}#Z_N-voOrqO(U~OF#~x8
znrU!7j$RuNLTJ`cm|Ybdb-&^Oz+#R4?U|#wHR-~(kM0{do5tyWQ9%y6vWmL*tzf5g
zNI8kzLw`kFB&L_>Y}6_*v;Q*aMqE4PICF`nQ7&ao^PY|V&a$8Id|qkd<L{GRyVMo%
z$+Ltx5a6XtTAEhqo_~E9vRS7DL}GV;a|lNxeAR(Fwc0TshDG&5OiV7aYyCG?4VT5#
z*T>EIB-xl4U?G<$prp<_Ok<V}!odjj;!FWLXc6*hxj`=2sxS1dPFZZv#FbNQ?lZlt
z`tbUIVZ1=H)$}J!`XQ}8JN$coQg-I!OXz7uA9CoK)5{wtp2E^n+p1ztWjd{)XLnBi
zvO{o3_DhWM`wp>SSJzU%-(UIx{)E%kt#SN3BfEZ*Hg@pVUq=@QRQ1}!!^5%CTqbNn
z*^MsC^Vj(aBqqagCj(LzrH1A4y-t_4yT1VPE3tOp=C9;+-D1g%Q*&2!!*F!{D(l=*
zxE@KHK359e>odf>p9*WAQIjVEX^@wbk9Ssl8fn~=<yeFc7r8+W+iyba_qB#M?l#SK
z+NEzcS=?CZ#d?1{Xw=Lc8@y5D<_MFzzPvy5(329nAmzBD<N6LmF7IyPJlK}M)V?#<
zWX`iLH#Bi)pP%C>N->kCjg4hI8%<!vyE8#3*k(W=;zP$|D%C6&Y+kW@g^WKaLKfRb
zR~?&ee_uYR3vwJ<y1}eXPk_WXrbcAp5KnN4OUQ=1+=fz@nyW$Ff;IVadZ}B|I8?Ld
z_!Q9-Bur>W0Q_TIH<Bxd$@3}7sV~Yfp1Rolch<gy{iv=!9ik?`ej98b&HDJ(3xKN7
zKFmweaG8Z)(bxLaz2+IH&#4~dyd3V6Nih~vPd$701=JiB?fqNtlUaM;OV&UD$^<DU
zR%0I0S?YIWh&yHL&kmU|#q8_pQXlp3*Bu9UF||uIJzZwuR;|BiA{*A`%L=V6Q%j9H
z-T9Rxo?05mcA6m9>JB$!@n)uA@!9j=Jb&CHR+WGu69C|V(*inT{VEOS*yZjp`2x?h
z2PseV%JED&LTwsU?=ky-kGjGtp6$a0S!`^tGYJC`L4-M~(v!%gH6a0e*FmU&JnfFS
z5X<VB@Z5wxlXiF=^2&d8T45p%$;-1C8_}}9NsglETuYQg76yXjMpKN)7X??(z``$o
zYB<}W_Tr>7b=@+84clB;&Vnun;}ah~q|uF93vc^jm$ve@pE+MAuDQY^r468&Zy0W`
zW||Tntdjri5Mk|1QMlH1mr81>#cpKL^vr!oS^I2up7uX7T2aP~J~kG3JZ<j_>_u0N
zFk5nTXsk4KPp#yzK)ZSbz1JFlPYn!ohiQdGWK$Gfpp5%RQ&f#FhQ9kY0lKg)I#NH@
z-*z|HzNu{keKW4u48a4vw&z`0=@9#&oL;&@9<-tK(k06m%r~{yw;m-jrik>nPh{TS
z2L`hTmKm)=0%+v#Giyh7%pU!4EXZMkgiQl@uP^K7ctu9;2fS=HcuWGT*)g#oX0ioz
zS(aGBJ)Fl3f>AY}Z_XCT3Bpc(eLbD=lj?YzFW!JHla{!EBbrPCSg<NII6M9WXoWcl
z)X`z0Og;3lbjQir70X}@N3E((hELeV(uK|?i+TEw^~G7&?7V0ib5f<r0kycmy?^GE
zi*@>Imf0-Qg6&z2mK*znTFRSDc9e#@By~@rPi9R(LO}KS_hzoGeak@;=ElZ7QFeq>
zqF;fH+Fy<ohy5RM==K$?Hx-0q=fRu1exje4&%_x{uH`3qhAmHb<2%F3GpaESmtSot
z7YWrgJyca^I*W`P>zt=W1&z7T-`NJ%?Cg-#KQq_jmE3G#1tN5-;pqO)!_Cffb;QzU
z;Q(_qG4kf5x8ZH4FendO^QlmrAXb!H-QFylZ?8MuC}pE*MsLo@wdG+I6MuXS&ElQ;
z*afdiBV`@LT8cT!$+>S4qOKw9m!Bs+)@A|pSEgqr*359KR!80-{gI*WV*VC8Q@n;;
zY|<2aUg8(=T)0AiY$%hy(OMJIMaSFUL^3dtN$yI>bJ$!jy|j)Au<pcryFIyT$u@Iz
zeX(V<yKA&zPADazIU1s&1kA`v%ScP(DyQZ{`;9FPwzvkPLel~ObLDGYWvT;!Xuld7
z%Zz#3!nL6r$xvHETn%Q)-@-Xt@h@9LJWLVw$T7>!E>eBJmy?GLrp8~bhj&Zhv#{^J
zC-F9)SS`XwY&4}r-M)^n_QhGgBwt@$ZF!vV*-*y}7Z`zOqP;`p!`rNFl~?j<i=p5k
z*E8-~&WD7P6IM6YSEe<D9R|OvLe+;KpK)bGxG|dD@AWVU+lajJxVU6_3%RUy>}yP#
zsGPuGCV(W4_$rKKHg8?W)awc;_V&wxcLLDgf@x_2lG+MUD;K&*YF;V5kgKhua6PkE
z3jQAGra5Nb^v`*9b(0f7+{lfUM(2;6Ae6pdGfovW^6`9}(}qPy&*?zU)Hk8;>rZ=C
zYKhWic)p7B=Y0P<WB-Gf+HrjV`-=I{u)<LEwtF?rYzqom16nACe98Fa7l)3GSilgc
z7tYL@^!bMVIs$h)+U^XX5^ECj#C1-uNG3)3>QI7`!Dpzf1zrJkwa^NRMjq`HaT%UV
zw5yA*8y<}%UueBl?F6;VER+Ptgqf6a9^4-omq2@u2-Bg;raHh?xU7+Vt{O(h6;jfb
z(rL>*M1$w*Vh#9SuFiJq49q~+Rr?Y-W8$=9(lXiP7&Ohe_f(5(!yCDCTQEi?)mwpi
z0c3JdE-!lWh~v3&YV*L)_u07p8qIhDmBK))ErI^KZYS%~4<66mi8p;1USL9vSr;8<
zwJT$d{@tv80~p0;(H!4iiHD9mRW;1^m9MWUQ5mAtLrx~Vbub1zf7&?KxZ8mjoop1<
zCg_UX>1U1Q7>6(Pq;?o1^xmC=V1g~q@q^Tkyp{duBB-oQuWN6)4*~h?%V%bDhmZfV
z;{ElgQc^Lug%IQXdh+Ac_r4aAlSxYR{n%$$SuF$#(M5ct<fet;YyQrssEU;qy21js
zB#eo%Q(Gsu=hE@mH2>O*ljDAu{P4L0A;*>j$$;|m;H0(oV9a<1Cz2M31Axlc1`O&t
z>kHdHHqT_6yL<l>%AmXLC?5|XJ+ugbexQ-qZ+N_It5!HO<2kf=8Y*pcivDC-&D3Z>
z%Pq8)SjyL<ySKuqy+3aA*kT`B!Xw(|m*Xja+$PNv=nyb>XZr+PSa7=OdRdK;77^R)
zA8&{__+-(uE=EQ=#1!ES&aDBhh-X+Ao3xPT{Mdr+)oW0(Uk~lW4lsL5ZGL;S+@JND
zJXe1gkzti5Q=&{udVftsIUDnS9uW+j>F}ij2LI@FiW}(`^xZUJ5!dZF$o37OoBZ}E
z^3pJxuv1Xi%sRNr)O?LPlcghL*<e${nNrfYIGwq&?Y;qm@$kIUPBZ+lFgze|LYk0o
zCQr&!?rQO3f2Z=}+ERnfXH4hRSJ>w6y8(6$?YB{7^LtUF?<ct9xnBAO18ZwbXQ^g)
zCtI5`Fa=ywX|F`9Vp?Wz_%jVR_v}xGgxPMK+K*WFjfXL*%@)$y0*X!~K#c6kZI`|s
z{w|$?bRh#p<nuC;l(2^OZVY=I)6xVDQkKhkMP8$RXnIaj=mkoN<iMM8F>JDw_O`G7
zK(+&rFYE~B*wVb8>a=t?+8(EaZWoA>SH_VtjTvmZ698vvT}NAkNL~qXI>80PFBKyV
z2veC-E6TC9r~Ax7`|b9TvmF;P|2{4Hw$5S2!^`K#bU6l>XPTL$vQG0Vhv+o0Ve3t%
z0N4%aL@IPfl(oBr*)d#A$Q4(ZFsFLE?jYE%vn@T(F}zld+)|g9m2dpi*Lsb3;PYj+
z(UHFusG#&&7L)^PMOaGi`RQL7BqSbi(HY0z!PyX_U7yyk?0j8IF4k64>h(TVlJmkA
z)T(ugAHZLu3PIkoyS~(4%@Srw4E8ihOn#!<pRXy|;<`9}zj?Sd9FW7NJoc5+<Wts2
zNpRF^>OmHIUeUC>HoX`G`&dXwhhWpD(PD4RkdTj6emq6Kti9iumT~c!Evw2nEq97(
zRtFj|hj2hE(k{c39Z2OtEBkC!8H++fi{!#~Y#_-xvuEL*n}?sI=D^sqUv7#WN~hu-
zI*+$jS`$vHemixVo7I|!^mQyUyFK!1e?}w{#<!)u{0$q9l*Rz_se~!W!}YcIbPAt2
zTrC?uBD%)Tutin03GQ9b1i5U2ha1nYpXcLG(8N&n?zRkBkM1ToiS;zsv>EAmxp|ct
z_lU=sjw}J6PK?oAA%Zv9nb<bH2eQC{3u>0kZq=lcpwkNYVxe~gKcx{@iqKqFVmqu)
zuT;?0!h)&wTO$*>!Q4!lY45e9<jFMwJh-b-R!4^_Wj`j`J3(4(cs+`*-8LVh(Dt15
zXfMw`jt^k)jxX*6{<W}WMMJ6Q-t}naxRF`2t3~VONX53)N~<{V$Oub@Z}*pjcL$<d
zle&E(20q@S!4F58G6V*Qo{xk!Z<h4hw8pg*Bh_qyy#@mbhPMl2Xo(i`Q7#6nbiV3^
zQn;IR=oZ`A4cOF;mXDE1m|LIbe(|^)2~)M6p(!Kdl7eO9+{{dX!b%787Xzo;NCGfa
zpY2+EjG99>y1q45W9S8&vh(X)VyTOu<M$}kj)uF?(l7s!w>^u|x6Iev6x~{4#(GKl
z?zN80_Wc^NN$q9-Aq4E>>Fez$3g1Dm12}28nSI=Nm63NsUgidkJ76h0lA;LuGaohv
zA^VFXhtWal9LCH^Gwe?C1-*54mW(CV#U&;!8dUii%`QpDD_XqggaCQiYB)q%{Q~})
zE|?*yzj#@<go4in<Zc6QQJK(4FbOsz+L|xunL<bUQHolWNV-Awm*A^G<aO?qqayWi
zuIfG!F$=G@S;}hpT(wvyO5Tdb$0X;^q0b~Z7<qU)R%aJ5nnRiH``ByXsv_oq?1pBp
z9<7QD-J4IYSd-H2t|0h~sa$SOy=Tud?}FY-pHOk3S>tP>34Mpi6;R~O7GxBJvl^Rw
zzc_{uLwOhLvQhzF0P-bii4s-C3&OoqkL@h)){fe<0LFVl7^95_`fmm+9p&~)Q=2A&
zh0xI6tAn~o0mF<PM?O$`dh(2Z>gh~#I@qUYE&k5Ya`L$Hb%FALZNp68z)Y-vS-Bb@
z)&d6{IUBOM=U<if^2i+9-W&eQ`Gj3i{@`Wk@mGS~=;k^SnpHVKsbo;f0oSrEmkLy9
zyOS(!p37K$7)2ETT#yRynU}S}vPSzR9C|(vROu2~>JIr~8u{0YO7ze0$5OcY!)&th
z+7Gk4)?S#jhi#u$gyZtVygv_YtZzE)bo8=34%njD_Fr6@%Z<G`%RFb}r47N*735}4
z%i4Zvj?XrI7utRRA*#*zhWW8K#V5$ZVc^5q2&d*#R5AA|><SyRq?xlU_wCfwr2W})
zHIE&aRHiLC71zP^wa@dh(GiT?;CiA(B|uH;@maOm(WYnc*qS$<pEk31df5dM<_V;k
zm&YGvdCNFU`p^N36y>J<_Statt`#sV@!zBG+h#bT3JetTgkI{o88xZ|b(F8v`e_1-
zlCyD6{*&VJ@+&v)<DGSfM`}y;0wSjEh8iK}A<CXZ3z45`E(ZJ-j1A$n78a*L>XUoa
z;*4&-;@6szuR|fHlTA&V;|1K;mTh%%7B3vGU`?G;@CMhBjj=`I7#=0Y^eq@oForH{
z;_Y;ydBe(4$|XoyXpTsE9PhL}GB~m7B&VmYC9soQmDhMe&F8aTiexI=T<;qL<T#_|
z%Go`7m7EcC1wRVQ1HprF5)PF=3+GWzu6R-JGPnZnK^r+ZF}Eyy;bju*W}Z|q?(W1O
zsqR!Bi=4?QV_!e(GdAVjB%vIL)ibbPJ|#{=vV3@|SouV_^W}J(GzbK4@?0DV_s?qx
zI*P?u`faqYl`$Gp{!ZOaC88EVHBJLE)w8$qSi62(lx<Pu8h#DGxxSky@NE*-s9ay5
zZ6CR{>JWSXFEj8DEc85@a<gODX#s<Y%iHZD^-nMj(XWEnBwDV9OeMJHvO+Fl2RD0B
z@@2z!o8iUXDuqY!y}rs;pgY}^ZgYYZM`&q^n!J5dlGsAOILO=~Ur=*u^VtFU)OJZ{
zp6Wg6beO_p>QxD+asA`G4zruZwl1ZR`)PyJL#VYs^^<DUoK@Lr$zqGoS@6CG#n8J?
zXEQ63NsRF3NwFclaDxDPz!f@iTyfv+?0C5^vF5z8MpwR|AJJim^h*^ZojSq@>)WpP
zb-L<?{`z!dT!R2)`q?34aHngDrlLL5CeC?V!OVN2JiJ`S+FC1ZG0GuhCbbawI{xC<
z41TKRk^}uISUBfN;nO|HYHkq^OYP?tDK(wpiMnLNyU%VQN8)qPPSYxZi`?&!x~FVD
zTzqfRSNFS{7n@4CRc3VL-ZJf`@9O$<RlCD7T5cuzm+oaqc6e(<HE(+Jc{R2wg^eny
zCf0$x1MS2Nz<#1q)`PTVg<r1tK@g9xzn*Jrd#l}QwNBc3&8d31wD3^TMB<(O;(C+Y
z?jj4!OuO0o`j72(fc{_B#boiC!s7uUy_dpG9U__f)JEu$0ZSi>EvePWx$r7~IWHcJ
zn1ACbYDxgaLilx9&+K$(1>NUnSD{WzQuf%}Eompv-EC?!@q2|_)l`)?BEWf4a^;?b
z9e;SM&$UUKCu-@Pr0Lv3N78Vzlz*x_u!V6G%^_U5&Pn9vzs>0PR$9?6%Bdg8v6-MS
z&Ka<gCGdD49JhiwU~l7YCy|Qi5~o_RqWH_Cdqn=*ikL`$8(VnV%X=@6Tm30Gs!FbI
znV6~c0oJ(Zf!Lq0goCaVX=kFgkmEV9*^SyHFQpwDYT|a@!~ZEZlGK6mR#_vron5nP
z2U5#6TezBVefL3~(m#c%{4EvIy(V(Id%anwTt{Eb0Zn>gZo;vzLwO}^9$;9w3nUsb
z?M%X96E~Iq=6j~-`$IxDSM({*JoBqHyW6)eCT8EH&PY`?b%_<D2ba2o5fYpehWnvz
z=J3%5+*;tk>7FxzVO0*3atCK;c<|8Pz6K}{_2-N<%+Alga}~Q@rzVslM*2pG;{^7&
zQ|v{Wv*T)0M~4L%&}v%e7T|&#Hs>Jwyd$my@$7Q~VHG;5E@QjJU^1&ot<h!+Ze^eK
zxBHVcq$DKdmr6LUjo0ZJox1e|6pzVx!SO?JG`i>p2$HjD?-F3HeUlIXXSJZ~8>@gs
zb=uOeSr7H3mFxxW^t8R>nydE--jBEoK?EJc<*I4}u#Gu9mYh~goIfwVnJPa!Dx5Ar
zoWvIutz4w-3rS?8rZR)Wv|G&GI0kbBY-%j3efsO85SNEbi*@QRZ_X1wp%PY?l%d%H
zk<c6_ZOgvg&um+mlO1&D_!`9$hYo6o^2@C9^BYlhxX6HUaX{ZPxa;Py_I}5JQLKe|
z8)URyVbpF60<B@5mFu;~0SZnJokGnQE^~TR-12<~2s29#c>NN>kC}vH#NV`JrP>fo
zQhvR(c2&zFxd<F0u7@G|SR4<2h~9S(kreQtQ_M6Vj(+}^I%T3Hb4qs<N^BVFPkVtF
z9w`WDof1-BQumVK3L44o64z~JD@gKFZCNld_PQ#ZY?xf3+L?|*3QM?~)V3e59WfQU
zFP>XEw?02n3YO;J1F#JYV%H7QN-zlrgMHWcU@E_Y83wHKcBo69iY9&NgV~?I1xwT~
zf5Ct&3SY%<^N9$9BA>;{V_qAuY-Av0NE-67gqh5^@s=c_bY#lXTO_K)T`lyKWsmqQ
zGOW{g()G{a1`(1>eV^I(iROc*sYD>Nj;wK7n8oR+U&}~hv%By2?jJ;sxJ$HJH$Q_(
z^;O;Jh|OoH1c=4r&O1FM$7=8p<o)iMMo)i5eZIF+`@RGOn~}qIKYonH&rTfpY~3Wj
zwA4K<XbvasOm194T&#EC`6Pd3${nH)ua94<vrS~?K*LV&9O3rRZfvt~r|E-sHpd&U
z7N-6b^j*zx(U<;%6U@_D@>Ko>FrMy3J46PpAy*Rgsnu0xTNwB(+5}4+=nf6>AJYB&
zIXYimBfjoxe-T3GiU?e5X6mYGoHC7*O%1&l956xRYku=?+s~P-Zozrad@72npCHv)
zoi-KT??x%UDca|!Oy2GW$d$dc+F7OxpwP{v7SVCjXdiBZ#wD#p^+kZEs$Jpv1YQM4
ze7{naPGS}(mQECliPxhYRnuBE_<TB2gz7yyThs`-Hd8E_!Hsk0QuI+<xE%H2#aHeh
z&ou-G9_l+M?DKm$A_Q~|sBAb)8$7zf!^if^1um44@8*=1=Qh`sYw{PEv^xS$eyoh`
zo7#<b2!LEcxt092WRcOc%6t?+Nt@%Y_*vqReKUO_--Q9X37q^FDRmK&d{=?b|6cRS
zOy9-t*uV(r{-Vg31Er?+-A$8n4c^!b&Wb15X7;T<FYLVD`!p<fAw`p>`~v+M4TTID
zG+rR?7fwG?(yYUY@Uk$JS!SO5Z#EBX5MN@{FFVL)GdnuwABdim@umT+tsx55Pru%o
zSNRe=Im}dK=d#S_-oyq-P|j?9&cjB7O%dU&H%wO|77<Xd3ubq0X}^-a`IfrQQbK`_
z*9MC<$xcwmm@M{3f7E3<E0$H}COx=N9Ju~?7^&+1l_F-^x&_mX1+NP9>30at=7~4D
zZ+4;#>rEh+%f-t)IZWHt_ct}S*S2g}#SqMrxzgL5uHuW^ku{bkI$DQUPH#8ZyARH{
z7Yr9b`;-UWyau2%E&={o)7tbmdu#Q^&Q`Yc?N<4-v{~1kj!fu}OYKbJhLF>#YV`PM
z%F{woT#=gV%foLg^)2Abi%85CI847_9ygpSJ(iFC{9)75(>}4(k67b5X!(9+dz(bT
zlE2a3_lzLjdL`rop2cW31V7+RXvj-yP=xS#%C3N7Rx+P^uBqp0InN2*?#nY+vFh`q
zUe%oUrX&>#r-N6-lxr`>WdP!d@$se;C1R5xKF7gJVTyp|{&ruT{TjLrHpL5OZPlO!
z0suLWx3XxHkV`f~f9VXhYhVm$nI+2U4s**?Rd&~GGzbxasDi}2vP3W)YRIq6MXM>D
zVcYpD&IC(Q(=e|3rd(G(oIUs8WY(YnaI*`GiM2oVtjc5i>-mzg%-Gl02bvSflBlG8
zsetsNrHb%^!}DVG&o@U&;UO)6$(|e5a7?3e4s%uT0Z+<`^AEURhPN{ObWX9{T|(=!
zhj@ixX0#%SPPBxZGHIwC(kC2U#r=Xpl}-Bc^uW#zkk0$!Bwo>+)PXBv{}VtD!Po#_
zEM4}8&~|!54@OjV5BmAs%Cg7=cDzh$+%O3O7P#F|kEN@<K9({|x{&=C&wlBmqz>Qr
zZCh?j7SC)R_#mEnJB))vj+GkYzJD!_l1{(La$MD2+>W6nuB$Aq?PSII_8r{!t8Id@
zgPmfqL!&VG87>@ZeLb-*n=DaLIoeq+DQ*{#F9O_IYnjxB3pdIuV%?M*;bd+QbIl`#
z<)Gk>t;99sV4w8NGRM72b><%{!AXH(-<drla|WJfi0yVmrLbBRCIGvLKHd%?7Q#RS
zy@EB#v&tHNx|@;Wh&?A)ix0Cu_(E$CO%#O%z8T9mOWN^#s-!h6uJUJFeyappD&so{
zS?8rPq}Cg?_-AXK$a7)C(c#%QlXPjv6tzewiqPh4^;?{K=8$N{9Y}IEUr1z5$Goau
zf`h!&EflH3_+sO`z7N!^bFnOTY8Hq6b>=8@T_&e#-xVXaQ`&aBxv0B={onGBHq>~|
zJx0319<E>oXew&F^F4Wl6qXbXZqn29QiKEdYyO<oq=p0Lj6AP_2@829H47G59@s{6
zu8oc7#AyxV@m=jye%vEZzGtK75<zvSWUzDy6YmICVVLzq$J(g{8@^0jX#(xDR;3kP
z0R8TB4>5TDHAxjmI{<GJ9%cIX{V<Q`k7i)L`CYboo&#rf;g{b%SNoT-A5rv`L&Qlc
zWH#r`J5pN=tLxd02h&OMkc*AlcRg;G7|R<C=#9EwcE(26Mlx?x^U&#bs^S5}f2jmm
z)67zk6wyk$Wf9Q2<r~vSk>OjISb|Iwb_#HEPD*67;7aD-2X2gt#xR!eX-Xgcf)IBs
zAiN6sGhLI<egxaTYn&-T=7xKQqh}3^t-x-}S6m3Is=@iTc?0XN0A(@DYyG3il~tsk
zQJF&uFecG$8DyG78;Z49HZE1^(*rc=nZ_$88Sou7Xj`kIFvwkTy{n|-oj>>Dw-WQ~
zyLWbG5X)<3+WBqj1GRtlQw{h$8?>FeYhfV`1>!L#eJzQzCr&Fw`A!!?0+=CZS5UD{
zpJYYx7N#PRS~3jAT1@iRhRqiR^lM3Nt8Ou?<%{CAK9&yS;4Jrz&lA182Clrt#zNbz
z5)u<zO+cWuIt{w)9GLnz>*DAvg5TWakYw`cXp+Bqi`}=O15q2*8WS+{L61^Y)}*gF
z(Rau;Mv89*W@<-}Z-P*IoNZ~-FwonQc`=3z_gy=Genf7kqxL4Nt_q@SrX#09W&P6C
zJ3;hEU{_uSJ1T=Nh40AoxX6%AvRcMeo0L!6^N4TwAv>o4a9wz2-bfJW8Kk<wyD0)s
zE=3iF>@7@k>`Yf?w>?Aqq`GrUg&m(_cBnkx45ZIABWTvg`nFAMs-Sa!HjEL;m>jVb
zj_M;AiBb~s3OAHi#-=IuCdFF3ytK5ulv(71XW*Wk+(19qW_A1V>Ch@bBkTqOcNnOH
zr0M=Sc6F{u`|XmYT6JHKn~sK(4zy6EI@5CNVn!Eg!Y2Kfi_#BTzYV3a$&;;!fv?5m
z@hzQi7Mm@v`f|qGugi!Fwr7VuDl)`|b>w`2=UWrV0)g#`#gGHXW4gI+FI7x{XAEa}
z0rac?uB)zUXcmPt=>X2|Bu&^N-QA3gTY<(bY#_~jdx+9*<kmF!8hz$K$0T`oN#%Vo
zLop{(Lh@juV;s%vYMS?AFVNjk&&+naq$doNMOMTn-RiX`Sw%S}v`W&D<$f)XC=?_G
zxO##X^Khp*;e{p>51NKl5uu?T6@yMqEj)*iSN%VuFB%*9NxW55VkrW@CH?tV4(a0Q
z{<8QlZrtLx^<gAb{eyP3K|GXeiib}d1oz*UG`ku(bCF*o>pdK&jUh<^Rn{fM#U<_s
z{2%t-Dj=?=Sr<+S1PC59xVyVM3{G%@Cb+x11&6`i-Q7L7ySux)^H28v<lXzt`LE91
z`L1To>b0t;tE--#uI{J$CgQj_pus}L6up%><;&+ixHJ>Sf!d0V#QTpGO=1kk35-El
z?y$uv)mo;=1j=(g-68<{<2crq<RSE?kYoRTVj~>e8W*r2?azr!;!#xXO`di4`7;|%
zF<9r|HZ(bT``wHJTTOXwhHVYUwS-q$h6^!jI8S@_Fp|<?#5NL@IIf0v%xM!@rV0H8
zK`bt$<b;fjMX`#Wvpp&upt<PleYtI1tg7&5HD;5d!22<MDpAhMOZ(bd^q$m!UVk0r
z8Vi-It>oNZ17IAoSmoyIW@wB@uTK=acF(|G6uI5Ea-PB)iQH0q?%A1{*@Y9<kTHfL
zGnPwZvVcj3-1_^y#@4`D8WK7SPKB|VdB3t&rluxyq9l|rd^~bH+)Fb>aB?B8b6MD5
z!~xZtuJ4FQkSyNup58Q{yp#QlT{S3zg*9BNTr#FT!0$!*5nKPt%r}er++tutJaNEB
zxitzQ@}+TXIHhTTh%Cl!C_2Q0s+T3|csJxyQ%>hyNKT2ph$-9aTzZ<8u2j*!{2bpy
z{Mv4q7?S7K91%9-LoA=@^8si*=vQ`6M~x2uR1=22F!7i>LPPAkJHZ-^sk#u{N@9EQ
zbKIa2w3VYa>mbP4{m>wUl_-<yCcW_Ody+kpWMYzo+MuD#vTswtvj#5*k%hEfK~&~s
zT6`80K7EfQJs=KymD0LvCX6fQV|6z^VpcW5<W+y+6eXpa+gpqEFts%jResoEGrHs|
zxBMzSqx^zAHmfsH@=Q6Msx9kkimluPgG-jEux>poq7?tdQ0!4{NWsnuY9hp4x1#N-
z?9~ivCblk%>^4wpOYOE9_3BB%;#)yj30-}xQ&-D_!pG}l6eZi;XjEG?i#X(t#h9A?
z6=^o&U|t2<=;b(v$-y(2aOBwtZEFhLVKSu1tny@bmTuytNNuRg!XMQ$$yrfjJQtI4
z+T51|#GjQmA?D030wQGTPYSXA6$QXwhPX}xjI<J!ZmRcv;XImKFriIq)ovB(4PK&(
z$%;iK1EzB;e50_itPradFDx|HjMfqP?r_1Tbpo7@+@$rwc<4nRppNJD$P>gp?$W93
zCJy96j8ce!>uzO7H?8reBivH!8(JYAjzv{M>+8qY;YV{Vy|Y3I6s`F@uGQTe!lgJ3
zBRr92nW9`-3Rj=jpE<MO(NM7Znh9R?Y?ND5%Hvoly_`en$&yN(%Ikc8f5EibBxBS=
zN=%ZU=b&UUi|F~rc6|qRtZGEVdMS6phBC+l6r^>Y7BglQ%7_GuL`~;mb1~p?M~AyH
z7=F=vD6L(LQ1?e2Cj9qs?8QG115W3RGRG;?TrEQ0sK?Ablcm$c1L42v0?iQobBUZ*
zM@dntrQyS``8Pp2x;1zLAY_()cns=b!<Vuh(-A&JHmfn=jMBh{=T#V<{OoSBUZ>W5
z>#p!7Nwr<cC4o5&psq2`0Fj&^uDXykzHux&?os#mT7zmp0PNdcXK5RMy1&OIxv&K&
z<xkut6mvX(cPtSuUH=NJZuVBljN2Slo6GU7(FILJn`Fgb2siJ+J2m;QSMT<Cv-t<-
zi#-c2+grHZgrzm@LNU-)WiJB-NJ`MGg}e>Tbm%`Ni!6I1BID=};|F0O9-}2U;El9u
zT5HE?##oYAs3O(|`I4-05O}!6G1G!JLq>*NxYAK);l)+bq+i`8h43*W8fvDlXlN>J
zRnDoUUK-)<LPgF6qtso>P`zt2`>+7xXjm%37a#Ci?7uCyk4HoZTjaH(g~g|{8h68C
zNtf1c1q8y%%dGkgL<1bc3Q^fQKC)m^0{%iT^o~P4zcOk6MJ<YaRH?S@o$+EO;+8Ef
z9X9iZ)`QW2*4$?#0Jp;hW-ii=Jg#+*=Q$-Iv740SWzqodI#IRP!dDv2eF+F+jIZ|E
zPr>+t7tgpos;_>EqRr)SIeaj+rb5YuojlHvX&S#xs~KyFi<~Msa^ohnwj<Tu_V2B@
z_~%<lR(1e6uH18EZ%IPL$8x$TK&EGCApJa87N4BGlvxReFL$P?1mDG2wg5w5&GOOY
zj@A#LAoc&IQLfvd(0hzL?lgEFBZGNBPk$R`nL#feQNEzj-4tbIC`;j7=w2zm3^ri|
zcyP!={mUocd0U}p>>+{0YvEsOvt0i-Q7&F8W7OgXL+dSyMMmf^a~9A(U$FOK{zO%<
zF@TH%FaoPhHbgKUAm%$AmcJ5U@Vz>Kfc42c&P)+-!M7WcOY&<V64GCN;2-m68dCoM
z17B_*!nY$A9jaEv+mM?W$Stkv^Y1D5@2hhnRHMgxmT52k46w{M9il%|EF<~N%}b3A
zChvGMd+<uV?u*VO?QGaGzeE9~J9HKP5=;Uu%y|!q;Pdio9S1L%y-pY~be~qA#cOrw
zR6;#~c)(vhNI)FIoopeqziI>I)bU~&n#~SbxmSB*A=kfh$MDBDfeQTBcFk5BKI|8q
zcKaY=;r|~AG7XS*7tj!}|Mq(JW@2K}xoMC!bOiO>a4VYfeUllPEI9#*Ov}v7jQq?~
zksK26zpIDRVDy$r<#fMWah#c%*&9u5)(e{)2Ws%^(UdoA1|tISol!O+1JD1m@c7$s
zXd}Juqo^bKKI@JLZbym{Xl5xJ@AgsRPl|3@)Fvb(j6;In`x9q1)vF-^ogzna4wr@i
z@e(Z583nYl_uXFx;(wT>cN{Xl^R&%vP3ZsZw%;)5*Ya*4JAzLbJn-*jH7TI7xaxfU
zzx0iQH>AKna{>IL9r)WI{`t>m0z&@3Jok^Xj2#d=zBYx2<}XvAf1)n|9secyHUiT7
zKiMJ~$QE~wjlcZcHU4=8<qV>s6L<zfA^!8uzrD|h!@D4l+5K?3FwbnX?tfXwe|;sO
z<sZvN<m31IOVsF}Ew9Ppk9NVmIbCTc(aksidt=rCbmucF+7L5dX#jzpT${f?f#335
z6?YdzE`KO10I^nm1|@g?{<HX<U?R9booxZG|4{Z7BoZPve((?ddJal)fU?>L-2X#a
z1}KrhCrY~5KPY~K2Bi2FAl}3u$^=kBA{Dj%2Ri>l&z<TZ^0yNnU)Eod`yXXKlpv7>
zEsEj))aAc-w)@qCtmvHALm2q?GH@l3$gj?Yf1v$CS%SKG!~HoB_wU^dRRj{5aVgL7
zKXLB2e8g3dmOG#Bk$C=4rU(-GpN{*>xceUb|J{xg{wa1(8hxPs_NXE)Egje`gz*RG
zqX*yI-29A;><P*g0iJ#NeR|<?AbW9fF`7&^iuF_PM6S%=936_~edGrY_s5!j(Wz_z
zFfcIiE6f;ETAVCyVPdv&samb+94#lO+OU)8z~{fc%)icvSg~}XTzu2{6Q;7Va?SJY
zMb`6iYJ9B_O$IlJIk~?+$S<<vQ;44WKAs$*@c-z`-{WQkDk29WLlD=TFt4y)B&}A<
zJcx`L5vB}R@)L3xZ3{byT{xYH5kTOPg^2q%4`I&sYIu^EzU@NbW7bUtkw<<;0}j6e
zvhtN99DsjF7U7ME5*Qj|%b0Z~2i3caCJ#dfoHp8b*mh8K`a5kuzMdb0L`aYjl*23?
z?ilB9mE$9}{dV2Ed89wNwcT&mCCmFe7VzV{{l?t0N}@mE@&0ejm67^G+7$l#-vGI$
z3)uccw~znE+|-1R|7)cFt>E+D0NK_T-v1}e{SD)s3~>JjzkgkAP=Nr_4Tux@C(K0$
ziL}$f{P#Haud7ZK5J2AJauNOsb7?^$_q&<@IiCKd9e(A%F_*_d_z!ptt_c!39%TH#
zO$Ve}DDB^v>v|mcCp>QYjk(BEe+TjZblktX>)-bBpN{*N>HpI%{~z`^e9C>A@eZI+
zhrE)0QBl+#3u#_yf{u;{_S1+K;dq5t?x0>#Rew3$&djfn>>rF0f7Km7IkX1vKz3D@
zq36r-hL(!hnmY~8#pBh&%9h~3!(~{He4FVJ7gan;n$1cN{0d{AG)BCwt&95Hjt4K*
zTCKqZSAfpv0GZV2rG+tbAB7UPwIqt6`nr>d#P;)v(Hqk4XFB81n&U2X1M0O2^Yxsc
zOqON!E`@G$Fd?fPNVX#h4?y_R_MFOByoDD1Ihg9WV|ErR`Cr4y&2#N%X?v>lenYqB
z8f``cueP+6c0<@aKQvB94rq}cr<!uz*0My-6vgAbw+zC+?BB%7y^i{jJQY!!PxXyp
zv(a~45x?V!f7uX62In5@B310ogMaU-CC$fL();3XqD3;cwdwroN^87|0ai+bvJ4j1
z=sfiFMv?2hWNu^r{#o>j`-ppNrne{ibvEwv3Li{Jd%c7?7Xo%vG!t{HxmSD9hp_E&
zt`Myym9zwpvtjE40gFKz=Akxpv{DWw)Tz1!-r*}3JEC0*(1d&aQXF?Ch0je-WdrFa
zefjQ#r0fDWP1+ip=c1?QTw$x-t=aAeTfByeoy#icq;XSY8+9dpyw|>Nx49!7z{#G>
ziFO*@t3FyuQo5GsqzJH&UYDc(EQGEtf_SJgvC-Soyr5v9TFLM(mCOEcxe#85tyQb!
zh~{3Ysz`6E_eDuw%4IZxH)t@AFNK{fPnWO%MgF>}Wkhu}H9~rHW%;|fr8-uebMJT6
zFQ?UD2g@9V&nf&S-!HlQlB8A57v$RvX8mF}sc#cxPUwcw-x%}TYUx#YV1$wAN?maa
zi>kTW=IK7A<EXJ1WB^)iXq1{Aj^mfOx$I0j28aecc`VJVOBle?_I~J^{J>IqPghPl
z2PW;l`><$c5+<;=TE6yGAiVRc!71%6P0|Nj@xx4jkNO7!)-#ha+odyEiV-ZaDbuSr
zwxqppd(LI7jJPNDb@e0d^X<AvHib)}xe!D+=}@h)CWnkeg<<OLh@R^_t~!UgGPvS~
zcV`jF7HtSud`)w@3P9c^qVZ?2c-c#_DB6HBQ5M5?E%^pDo>BdUcIS)-U_*5;X`McW
z;{dj1Jd?GQj7vSd`DiLn<x%R+&+s<1Cqt<OrLPU_=kQ|T!V)!1t8s}T6Y`vJqMNef
zk`L&T%4I07j0`;az%4qtaGp{=TVmEq)fnbfw>yPsQcDKr!p?}rhF@KJfwM2zrnEmA
zp(Pix<dEx4!V1g7Wz2JI^JUCd8uS8^<QChvPa(`%N35^eugq44A}2?q;MGRbfNGJw
z%UI}vX@*18#wlJ;&hrgw^MmB;4<?Ld=8rA$a|TmXa5iwS&;FlmptL+goc~LmI4bTp
zAa%N5u-tK4?$vDtvg0N-_pHyL_ggaGRhKQS3Z<Cfh;HXd4wA83e`wBqPDoOY%u#?)
zIOUCOKa@Lb4NCSVQ*+aaU}6t@P#o{xt<B5j4;OJaf1TF?-h8Wo_eT5NkP-!;5uP6&
z;Z*pp!fu${2v^E!_`$ng>Gcx4bxh9Sb&%sjGZ*KM!`Uj2`}&A3ym<<}ZqVd7I@7Mj
zLXA_-6?(z!Gw?$0X$1%Q<dlF{u7S=5;xO?^=SR2*uKb|AbH|ulAEK2~{M^S8Qfl$1
zxZ!a|z}$!y$D6^)48hGY)A{bQcwZeiV=n(F#A*K;=MN(b$A^Ab<5VJh=hW}VBP7V@
zmnJ5wb<XCjgG~E<xpH!qks)4Zw#~m}DQIu}9-<BSRLYap=*i}G415yvqT<n|C>385
z6xm%R9@R|)4mBgYG=S$wp#RTk4Jpw8mc60D(U4a$78d#Z>C=-jyfu}Yw<F8}>K@Gr
zx~pD~m8Fm^%E99|J<kQlz1;cRl_!0JTiY*`g}WsMnWDVU))H{~0elOd_sv(k^Ygc@
zi~;acC)>^jfrKI=o=b1F(`~JGuPrgGc1E`a$J4i?%wg)OEczgB+`wz~-V)H|`!K4!
z^n#<lOR9EA#i-+FZ;tvhil?0Y=q_zfG814l(P>&-T;k%ux5oLp-RFg>>RtBAC3)A%
zxvW=05(Dwz)+`l++pt2DgQO(?#mTL6R^7!rnM~b>z@6mX>uWJrJDIVS8b+7tZm`B_
zbcp6b%eHUJ9tM$Q6rx|Gm*kbSv^;K?5#*(kWmcLT%kI)FovHLcdzQ%=rtsk$wUk)L
zMdnZ{JQOMz&Zu$P9nLn|W&uRPH<fnuca+fNG^M0;_D0Q*9&Cf&NN&WW_OScvpCO}r
zqKshG!uxb6xvV7`w~D0mO}V9n7yE7RVoN2$gG#A=R7{piWz$b@)Ff`Y@o)FLgA@)c
z_JUT*4yJg#5Ex%!jxcSG(Gu0tBA0ldd=o+r@G%`^Bfe29*@z>&(;kZDjHQGKov(=2
z$S)TvgWS%2-`7-h8Kp}Wb48YCUT<+(Il*?xsJqDGT0AK&br|<HyXlP^9ON#FHayQz
z`MrJqHZ`oz22VPk>cXfsjc6x#!UgR?{<5~k+GX>5u!Z#@!)L8cqb3{)$yoN*?J4z^
zZLXmB40IvSF-UX6WSd?Sdv?5+g3?TPJLSBQ2T-6}ZVnJKP(Ekxb;Gqvw=*@eb+fLz
zSC#hzS=%r&e&_xEgFESc!PL!6&PnZ18An5Fsp<JjN!y%(7ogi|`o%fj_&(5xB{<6C
zl@|G|9j=YFR&56`GJHcl8P`PKOk>AG+slc?vG#o%6#e3}2Vc*FJlQc*nRQmD-INQ$
zyf4jHIc1nS=RmyIItrV%wP1Uu5Gl|7wUrgmJbX{JC9PD}J9pXpB6{Us_ISm~0$PJC
zb`PIPlVk|u!PC@m8Y!6=H1xKWoW;g0^1v9E3>+)-@T7#{rraR$Ko0EH(5mui!RjBs
zc`0M-KI6r@PyEtxRQXyh!%UNf^w#Vdp{UZp)ByOMCu$s=c57R1WX<C2Erau86mi%n
zmRf^LeBIpT*0g>4ZVwvV>kjsopz-ylE*0LmjUdZe=n3DqQUdeCA?Gz7_C9N&MBV6?
zy<l{pqd~ICpq6{dn;lL5CVBN^4@Y!vA)P0)qZFUM_{duCp&XoM3%l*3U9IcrIM&r9
zZnH}TLpPD^TUFnb{Ng6iffwJ>)orTUmyG+QVD_H=x=?nGXQLllTz(-B5>nPdk?E$e
zg+#Wwml{q}rG@q>xT;d~$h7#l3j+DdF;LW?WSLq10PTm_*JsY9%H_)R>?<;7gYfB2
zh84grP>ZAaYg@3^&1hvZo;2M8yXoX5UCt3HYG^dtuoi9kc%B7Eb^K_{!q7~PM#uGK
zL38YF6V1xC1l|@2Fjw!fK>RY@oKuQggKP9?H||nM(qL@<kTs)z+Fbs%h2ewd>nCCh
z7Bwc*EbE9Q_{8i!;<OnZX6{FA`L%v|R?}%=4)qMFpG>5IJV`Zf3VDw$LNl2N+6k%U
z$GO>o)8^O5=y>+wS(<g$kKH8NVk>zTE+i^U71)andc9Gli)i6Zd1%xl(s!)<(Ljve
zKp`WFwFaZXD4bqhLPgt8aWdvs{YCHmG{I`k5_yaGd2x2bq8)~{+PW&Le2-{V>xQEw
zgMI4`Vi^|OLN*_5vV$~68ms77X_M-^cM2R6613?@PXe)$P^wq`M2PfFcSltl*OYdf
zCWiL-7N?G&$;1O@`yEMx51PcQd6)o)MW;f2nkx7RGIobC;xhRSwWnKR2asB&-R<d3
z@)b7*1AB(M(>q%^;^A5Wk1(?~W<x^?pEP7F3)N)=+AfYS-`u|5HbWbhptHT1P%WvB
z@w&_&j)77gk;L6UG+7A0c(=qq>VNK7*s0fgXXsPTxn#!DqOLZ$%em^xq++4A{|HlR
z_NyR>YulH;$!aNk6Jq7OIT1LQ_e@L4vKiQKJ`~M&#^iy6RLaWd8P7txdr6W_O5ScS
z+FpAiN5fY3=5zG*YlCvT+{-){Q0g0n$CFmQ+msH$_6v_PG{-rfhcV=BVK!3x!cN1B
zCn~s=g)8L688(zz`AwW#%F?T+gq+FcQNzBu3DfJ)efdd2vpye!5!e1v<w<|y1Jzj?
z4eyT>s%6#N?@d>5gYCLBb4O#%0j^IwbkBX@eQYbC3H9cqU-etH`$p%Q%Z37M?{=}r
zK5#L8aN=RbXx!;)%)Xoft`iv?bwNNiBcO*4t`P*xnNMD-^j^p8B_Q%=XnFU$%=teI
zYDqjB8*d7LR=gp*YV?l3-+}1u>g?{vmt8J}>;SkZJG~%Kaw!xwo<`5n;=P$kmOewr
z8xUg?mB!iX{-oSwhBJE+lm$RdQKegA5>?H4OZQ2&Qk3&`RCkpLptDkz4+(UiLh^UQ
z%qJDz4i?!JE7s;#$k)_;YA2s0xTztDf6A1gdGYN_m)PFf#G1u!OqkGh)5NA)LcnIK
z^<}g*d4rbA-YUn^rcU2T;`l5gV?L7JTq#U(^gwj68#Grq<L1<_r=e*t)%J`wWxsWe
zP~3Y%IIUYv%FYB>X)4?ZWXz8nOKaGT&}G{(r@mD3W3VNTOI^}#m?U{mfDW6HBd_ta
zkvds<8xm`gNL2Z(_~Uh%W;D%6!e4;cuI5p=>Bo?U;ckI%o8?~IaKd?Kn~fpIUJ4Ln
z+dVzQFuY0AF*Q5VR^3nvqqed;W4lBm`AS=Lsq^F_Waml)q=42ZTGbhIPK?ih!O!N6
z>aji+L8iN6WwtxVK`^|`E=`s@6x2$wfidYIC7a!eY~;K-{o2v6Q#RnR7j$>F!(i*Y
zgN&>@2&t!-66E14I8OCl?TegLzc>b^JHD*bP-r4{d5SkmB;rvX3JCEyN#poTB^y+I
zG=~=#G@UrKJ@$~%@)66mx2YzN8+!d&1-A7#J6__$qUqM{YirpDg_*;<r`Bo9X#P=9
zHm+@_7f$5qWcOBVq^@EL(D?!3k4=m1>aQZ(DczP4ID^$kq!gY_=SM5UbEehS0Ab_R
z^t&(ZKr#IGOiXm!J%XhCQDX|e%C!v_i#h0*(#pe#N0@8Q#=T0$FX18CZd<s|VccG_
zI8_y%>F>D(;kT9WEsxh4PbNaw_W0kqo=gUo+p1G+&*h_d0z)LL{mEYY!HZV1(jj4=
zc1>9s+;#GrEc(!Q7U_iBf%dw*xvGQO4U$9H`lIC2p!LzW(ND*z%MEMqQxe~|;J$Di
z=~$$F8z1?V@>b<Q@niAM<`v%Fc(g@h4R3y$@EH^l6<M#6!7c2&??)0Jz{B~H6wkJJ
zRgurbc!Q+tztf-MxLi&L3@pVK@ejv6l<$c=81o>!lj3+jyhewkn!HQ{QAr_sXC0*R
z+6tu_KgiIKX33NG`Cg}Tluac-$nG>M@;w&j=j{$?CXb%E%#3>*?Guf)K3^&TF^bld
z^h(r=Rl^?w_oZ%@H@UZPC1lZKYwuR#Fyn7wq}+FJs}D<v9H&b&pOQXvajceb)mXdP
zO&4J@P`s6PN-x!!QzmTR*FN-cX+N6Ojs<GiH+Pl>gzCeay8|@SxN?BXl|#A<WscYj
zxf9hQrsXYF4oh{NxlA_Gg6cTv50};MbYt_Gw5TiQ%BaB|t7^PYoX$ZmGnr-4o{!p-
zjbWfaU5!>#c}frA*{qzNGkMa<Hkwam+fp=6k`ZQ0Ie><@(wE+sSgL8)4%NXpD)&?o
zgxnpS>e|b;QtE^pfAxl5h(V+vAO`%wlgCPqlA!U$X6@3ay)flltsH!^)?F5)+}VTn
z3Zjo^2wBCEM&FKIe*9AGo1jQ(6_%wIE>=HyDpT4tZLDhR%6X2pNnQGMRcmVoc#Zn(
z__dVwWnz4=ZKwLKc!-ItG)7j%T8$c~G;M0Hdq6eUQZIoamcs@>)MV@#!&YK$q-?$d
z@)ovNoq;Iy*%Iep?rK+^StQ|JH(5~*d$~W_r(*>s6pGP!pkY46l?|hN22-!q60cb!
zYwxziT7u4nnNqK2>3$BPJ3>$LkHBKbOS0+3RI?sttzzv04L1t~t;$6gXP`5S9$(z(
zZq~ZzzHOT}b`@#y_!@pN^vTS*@2b2iv8A3HeYjq>KKyJQUtk@ri#1muJF|xG(VG0=
zWX}2+82IklIsM`-@cs>}XoBJH3xl9FSFP+2a$@+2GD*)E&LUoXP7$)nDLK<#Q{AHp
zLpBcjR+ZN-7P|9GI_I<F73|F1!l`Mayb%6gU6uFSo)<&s<K3ca)j_&ErlW?2PDDC0
z{+8s-oK5a)+#~mTrL7iP_w|>JdyJA5ev${zk{4&tp$Sv+x1Hr=<n`cUlYt9AVE{$t
zBcixmV~(2fy@#&yZ;1zQM-yxP$WvE_rg(IQ)KPp|YT+~qng#ys_B)D(>E(}E2B1*A
z7@yB}B>NyBJXEWt=em82ul@4+V|>i$I9yLwpXBT8rjqe!^e=|tNLz1iGRCj6?k<bh
z?No1b*Ff2PObNP&tFok|uCdXD+;~qD&5O~!bPPU^Nr|b-9)H*|Kb5;9{p-X`+16*{
zi^|Q-c-Nj<JeGr?y>!oS+ANPdYup#z%NJ}8=t2aoMJnmH%Li{Gczg!K$PZN7tctXb
zvNq}42_drOZr`6jjGa+ytw+UOuEfcU-!1?AIk+9S@>RVep*ucvNTEK(RA*YG&7-%b
zRaEn)$KwToQpdZYRzG~dnixS4IhxmCl=#M^rD%9bKc~ul&l`Crr$0Q*MNptB#!Qh;
zqFMU#h6HtUNICX|$&lBjnsr-xiI*r}MoH~BLsMB&DPWe}BR*WK*1@2OJ1eXK>t(mc
za>vp3Ddosh9K^8U>q*xD`MgEU(W(IMd4B<$&h21g<H6upDFzq6O%KO((#=<o+)MaG
zAy*S3c6;=sL;c2gY|N!&E<wL)EWMk~a74@1xJ93ytd=r?v?+THopj45%~z4_oi5<3
z2BLfI<fqlqEINyMd!xg6rMSm0md<B<JEfn1`U)bD+unx(-gO`PsHYE~v#jD(Fn}jL
zU{h@(;U$34qMy3c4ADBDpSacNWoceU833PW^mQd?p!<fpXlhLsZaRGqs?i!`s`JLw
zwzzZQP@OsC{cCO3@?)uH&<i*A20Kels-|;|h|-wFW!-Sy^>;@O4&0j@(E`tgmx{ox
zGzB&~GbzQTHb;PM>`N2QndcD~r2-U-9S`F*OtYHV*0qht*{-o+OQxl0o?3HZa`w|_
zW3I+qQZ+b6_m%H?3?blBphtZMl_IW6n93sdmTtd9UA-;1w$HQ1F=<zvEhpH%Lrx~a
zBP3NdVaOnb_V#mYK%u9nJN?QI71q3~=><+Y3rl#G+I98)6O3&|UIjgz#u0a*2YqV;
zia}4c*TFYz2(GvffgPF$V0lP^-$Fy*O?E{f`$dP|3(|g6#1%_{2unHO)+=r<dVEVi
zB&C>`oMY`iJS-}2dvsq@@oXzALfaAz^Eb0_vrNCncV70TuQL#><M0+%UHsw@#J-=o
ze07Y_XPqzoBJ8%OsQ|8e&t!tTWnsEZVv&=x!D>R`yXA#7YA%WcZ)H1N_TwXDQ`lAY
zkyjRXvKp2AW=5pNP|&d`g~c|ZLOwxX|9B``JMxWD0&PgDn$`E0K<d1#pn3h1K&mzA
zaIE8Jaw_NW@lzV+c~m-;DqV{K<DPA8tP#8KKzMe9l5Lo7X~(9A&Gn2+aD)V(1@q^X
z&xw3c@4>vhIKbw*oV(r6=$M8Gq40W6mm|jm`RHEMFZ#29Xne0!SOD1ir>&=Ljm&b-
zrvX_HLZpp0?l<W(yudTeo?h+cH&sq?!wtH0a{1Tm^tPC4=uE!1qx6?G&)A3C&CX3i
zjvGvzQyOjg`)t0~fich5yZy%p(8uPM=fmamT>EQ4`l-sBD6P_H4lK{x+SwFQBHG#W
zPC6A{W`*@P;>bQKEr~P#l+@nGmIA7(mi|7O$aD(f7c6r3b1nHs&S@-h5pYVP3wljm
zmsNE=P0Qv9f>V^5t#__lpG_GS-;9~)a_c}xe%u|VXMUq@8xKkSwQ$kqGRt@BV1*vF
zJS;}>^BOdbwbqL`KBf@=7>#GwRQo7Sj~qY!k>|oMsxAQ$EZgPB-ntV#aq;)8Bf6ip
zI03-e?P>i;uHg@SynSuq!ZMnUqtz*c>p6Yq3IQ-go&K;9V%iQ$tq<1D_8(k<oO}L~
zt|ftyhLLXatwp9B(OtlgM9N8wj6E#1%ED~6#&-H$*G|kVfNoy;l3+mgl)+O?VVlfS
zK3ONjMqIp%y5BT!*H9GvQCHCTRqQ!DekHw~53EJ5&w}g>mn09B<Jk`nnL-id+v972
zxDcwa8L#!=q@r+4pZ!_sQhP<}V;9E9Tk}FHDLYj9unGa$QNw&_8;Q|41ALKNUbY^Z
zX~9|RJ)Bd4sBe?L4MrnkREL6N6nBh^yC<P3y)t_Xt_49g{a6w~tJ!kZM0NSTj?$I9
z4I8+rn`5+gK!%P3dUpx|DxQgQs^5lu+#ucE6tm!M5zT$fiI2KzQbMvfd&9+=jiO=`
z8A3#`*S{~ePe^(=0mbsg)0S%n^_WqRc4%~UCx%+1R`PCw1K^|=rI_}#RW?>-ZckIh
z$Kq;NV4t=GtnaC0;a%qM?u@4`$2`-lD0s&W242PlrrnGi`_^WagV;t4gyp;gaLWYp
zR=i5TRbHCjY9kQJ!Y+v2hD@zJd*VqZPI*4G0&}oX?)@2e)^6J5ovnDoUn&_(oiW^x
zPnOzWn_u3pEMIr8nrc1{aC10c@{o)LyDS;hNLzi#-_MRkKcoX5+D0Wd0n45QD0~L+
z?fEvY_w~`?5u02nvFkC$?gu*ydv1JZUF;x8GF@kVC_)q>cvktnOmSGWT21W(Ry>-4
zPtwxRzNgUPK?kguG=AfY6x?8FQ5E^qC_fyrrc(B7qrnV<gA5s>w-+~y!d>*MwFF4+
zbq2s6>#;Sn8c%{nSPs93U6OQCB0vuwK>K~AGp&yK3HO7FHzHa7YQEV^ppOY@L?~{l
zf6#G;(*M~jGeJHAR*{@hgLzwp?5>yTs3_L$urEp*5hBJ6T;X8bD;m3Og!4;JVz8>T
zva_K}Rkod93uA59x!(RyHwo*@Zl>9C9w#TCJ~O{$xpbqr*;K=P1Vvg47UeL1Dw9Lb
zBIr+!v?er2KPr#J_nB&P%jhF1zhhMh$r66ghn5!%ug<49o<kn1akZZw@yjN+Jjx)I
z56sDlEiO~9h9(xAs53Eiu~bzzhUA$B=gzLxsFVs7a@7NbojS2_p0Yxa6D8-)yl7O8
z+yI-mjAHmKK3N*O9W>OLB7K&%YFuBonBI6-4~-FD%{gu!6?7OB?J!n0%g851&@2}W
z)3`rmA0C?KPijzw8-|#Duf9;2r!iMwL+$!)DrQzgT<G()H+*NzS>C2QZLlp7*OT%b
z%6qQgh$+Ky=Z_aZ<p^UxsBUGe&UusG`-=|$9h54em2?UK*;Qr}Z;FJQFvX})KIut)
z@jfG#nz27Ai&qU1UgHtMnYOW_`{^35IB<~JF0<U@@!RDXWlZpCrFi#U`-OcpS+odI
zI#^l&P{!{rWUw&HpPp|&#UyLIbTTr>(*$iREQ_sApLxxUb(B>(Zro7)JlwZ`rGf*}
z?QGwpPPkc;Y4V!bk``^U75|1Vi^bH2q#%8WH`n-wKLTMAjf{T~b7b1RXe&w)T5;9~
zaVK_8^XUms6bZ}IGN$nP0hfbupI#wC#For!cPON$5TqZPyd0hA>f^D5K>KaGX#bR{
z9IAmH5Xp=?>0%2y0|y7R`tg#@n=bF>34SuJ=<d&kdT4l2sAP~cyhXEYG8~$uz~<B$
zo@PAgkn9w~ybU;Xb#+gW(w)h*PQfzCv!DJ9Xj7?EqhjQ&Hr>0Hi#DH&Yx*TD_aPad
z%H=i*AHAEOsUq|ipz^dy7B-t5^1R@oFq}RtCd%n->QBxY2PMhXMUCXh6Qi5PL5nCJ
z$fMiNgaJ9$LpzBcO#5@pUBi_a+qDLF^J0#R=^_H^TI#jJ#)9q8Dj@lYl4HVL4XPS`
z9M+;w&BnvNe}Md_67AvV@l-55J7Ek$3^iCdR5Y#`y&tVRO8~uygDy+?1^tsas+uZ$
zzHeg%=tjC8iTZokLeLQl^F%~@MsqYSaMDiD26-*{%0)!r@4SmcI#{f6rKvl%wpLX<
z1?ox(bhK|gB-C-QovYtoUGXH3B0R3>-m*X^)m<srrUMt_a|ZKU9uDW;lnyw8*VdZe
z_`2KPUM$nk-stM_2HnW31Am0!N!~5HgQup4oAk8~n_nsHs=40J(4tF<7~yVjTB*<{
zx#mxZ(;0QREbgFNM(~&(%;+ap#htJJ+~)X1dTBcF)#}&Y9pv+Ja)9wK1QEI>?&c+&
z%Mg>di3nPWPU8gy`9-sKS_Xmq2eX!uZOB%O{3(|?BW8&FpH?$$c*2g_)eXS?_hEZy
z6Jq=yNZz#A;Z_fIMCN^Z3;1SZOE!FW>#P#TiSHe!t5-hdjefTSL<$rnoa@HGc#A32
z139-UT&m*;`!G`d%NkPM&vhoIrpcmKhS$`b=t6cJ*({d3#hjmuaN_D7`FA#DbXnXo
zqr1+boH(bMrx#31M~!sn`qRVc>aWcg<=GPGP0@E&UgwmNkHrh*oh(a9igHO^-o{VO
z?*ZFR6&jop3euS@wggDQbxK@9Q}d>UA-IDOV^9oZI?MysaCVE1&DHdX;RJUin_6~F
zilqHBkJ%RaGhYH%)QC+kTml5oPUqh5Iq;OgEW<h()PbQljg)<0)ODzhQ>gMwDCCF;
zDbs-LugG>!+<LDGcZ0MA|4;!F4<FKH>;OU#<<fwv4%N04b@tKVd|?&a8FfoG=3+3i
z$kZzQ<cd@f2mlO5AGQYLhPB$|IfA*h<lqFi^AW+o-@PXS?{L=h3l>;jd(FCgUYd5j
zp5eoZ<}oGLf7ab0E!hfqYHfdRn}&CPknOV%N@{Q$SdJymo%-l;1>+o*_%^V{M_@?l
zZvW`WXl|aCxax{_wnLb&^y^8!47ZfKRoZaqP#&`Hx@BX%sArVXo;0Mn<5I$}I9nbI
z&<C^Zoxm6s`Z!XRVJ{1w;b-E=_SoyLu)!g?(8@dQomDVl?AYLQ+elI7kzd?k8zG-)
zO1fcvwhw->tF0CE5v^<gZSZ8K@A-VcM_K%xu^n%n7Mf_nC%<t;lw1H7oWC4PLKi&8
z>2&#G5b>Np&JPYCuN|!`%DIs9FHAY=S4XD;hRKG+kNGAX5;aeqjii+IaD4Xw9g*Ha
zO8wXmC|}APdAH+Y)Fzf51?qxWjkk-(;Mz_OgGxvmKD&(0P=&eDF=?SpYPy|a(D*b&
z9NCOdDUbNdIH=2uT>3^w(~da{y)SG<Nnbkn5F3IOro@21Dixm;$Lm^}n?mhCb5H^E
z*f1MsUWhD(Z5ppA_vDpII<N3GABsBL*TpYY5pX7B0iV3tbxrel>dsl3XdCpkrgSlJ
zEJ5A)woR(Hmt#z4m7nmylv(tIaxtG&1Ns8-Bx7BnDARHR-O8-{wi;8%z|m8~#^P%N
z*0LVsXlX~Ig#u5aOf%UPZ^$^YO(me0VKJT)x1#TEJLD5C4EVuE+5fhsKHCGUpzo*E
ziql;`VIrIEZ)@b-V%-`sl`7eTjurh#o2+$#W+@2jbgTmbU!ej<<Oz@rTxK}sV)2>q
zt$rdlkU|>B3h1Q24s^9Y-NXlu$G5*8q`w>p1#RB(zV>=Poy>bioi+{vgP-=aq3_6d
zfG8AGp0DmR)?zkjTM;#Z2UIdzZx>;2yGQId@o(qad?aN^C>wzl0@m{1uD`gX6KGs3
zKViwN5?Q*-4Ba_~N5l)dUbGsTCOZwDN$x3LIho7vy2`RgBYwU+%9YnVHjhpuF~-d$
zW9r?pjVw4Uw(3ITAX8E!B0TLvzGR~u$&4C3&&fJ9m{*`2*zdB7Y<Yz?9d39kBi8t-
z`*0+%Z(qST+5&iYwXTVu&pSsYU5nipMmbBLeo$|dfK*qc)NbR2ph*&RzqP^$-`gIt
z@@e%uHF@{-!~-TV(&HEG6P6t=`vPrqBV%Q&U`45u&aZn4tIp`%f)IES5>&mVzIh3w
zo>Qt1Xj`TXQU%)X-;Hp(W~-?Sv#W%w&-E5<IQBQ1oWPJ^MVg!PrxmViZn9LDg;fM@
z2t=<tWbjf<s4WJEF`4qGhxKwo9TiNI(tFCtGGzxV%_LL5Z)!9fNuPM0F#k&PA^ph~
zN>i=5L>&YfE@C6TKy_Ti(pAS1^xreYio37T=b_ecWXPYqe1|p{tX97&I@f&@Y_wI0
zbctHuPC1e^?2}GMZ}qTQ6<WA;S+tqA=TDwGX`S*g<g}@*cR@GO-gV;l*H(+623(ZB
z07STxc6=UO<(~aCXQ@jAG%z{7A>&|bc7C|`D77MX7@mqu)tJm7aB#KjeQ2l_k>#R1
zoi%k{Rt{qgDMt~K{J~S@B&`P1j{v2i1cIn;+J*KPyti%Ov&S3W%Ro9sIQwQ=hAvTK
z&#>&}=S*$4SL1v2SI@gMW{@q#KD5R3GM`7b#Gc%5q-SmNavi&0+dqsvZ!NuTRJT90
zzuI2#Jx`>247$q_ULmy0oyA4tszQVgb{@Dw0#5_y+7{RrTPNhxWFn4ouMzNYYF%_Q
z8*vaITcfj8(w7IaAWk-8sXZyptMTQ^JhKW*7|V6~ycv`HcwQlv1?uh)I5+n?kQ__d
zxEx_vQnFUE+5-7g90+Thfwvd=U46c@+08wX{`9UA(xNvf6V0<$)Fs*0?&4h`Hkp%{
z5#d0*yIXA*2I(s2)s}aiLik!8I7aP{1GDcR%sAD4T^~nddf=c96`~Ulpy1$B8&3Xo
z)42H+O+=WvF){iguOPK0NmgJwj*c&s+8M2ql@`VY;4&pC(&3CE&w5<{l^n-TEodKU
zB>IV3{Q;`A!v^W-zQDor2yQk*;AkD0@t&WTWr1Fa+6nDS<oZ#wAtIaUrOU9-@B=r-
z7X%l;)0l@<{WwZG<7?tqby`Rs4YnEyh7fnFk>i(CrjpC&^ZS`>FkFVGD(I0m6?J#3
ztV*}DcWnBOr+662$;c+5mxAgp*mFry231GU`%^aT#dXurq_j1Xo4-iE7eli?+yHro
zij74|=xik&NSaMY0?lOzk>VWuH3^S-rir;j@Lhy9)repV=+G{M31qE)I<5R%QvVSx
z`gzah&QWI+E?B>B1fOYd{*%T&Yco8C^*-UKbvqMkBR&2W#>o&4!q@#J?c-JsP8Xr_
zm(<h%z7~aow9UPs&AjKR*x!Z<sn5^L*x61Ew=Ve;T`1-|WmWX2B<>CiQ0QWB&5Wl5
zhHwIMRvB!yXZqs-!ecENq@kbb>oG4bb3)h`(sG=y@4$Jjz}s%Uuf_)3VCI5-m~AGX
z!B(R1dVH_7-(b^oKu1=-Jw`vv#*!hw2=)_bd%je^Nw=Shjm-c;JfHU_AH;P|SL3y5
zJW_&eQ4cF0MRqpcr1l3zo;UOJTRkP~st0}^9t@3*n~-Ez8G&t)pk5cAH^;a%xo<7_
zR<V2IrN(`ttcRCQoG-I9+V#JV{6)v}B<qnAbRlX<(x4X2Ei1tVzYRMW!RJEPsq|HQ
zqMT2)m?}NOsyfDk)g(X`ohNNt^dN*~Ldi}|vsvNhp&@e7Qkdh1tnpWTPE+i#;z-#%
zO{&#W>qZkCS2EbBNpdyX)_9K(7lf-gEG8(km~G#?L&A-FPjO>N<wBF!%k~JW<rdYc
zvP!ZI^h>`%fAn=v{95wt)T4-njZb}13IoMnFNrYAjBuIj>Vb*c5WCrJ9tG84)+Cy}
zqrHvZAw{`<7!Q-Q!}DuW*Ow+Pn3_?5Vf&l22Co>*5}oMCrCN1~8}>ka9LZ}8Lbug-
z{cLW`DC>=a%EYOsMz@1&n^xNHWQL4*#X-f-jF3>D+{6=xQFzpno{I}**cBwsLee2m
z=WGu+^BHNht<~#G$F%Uc>otu_zypVi5p9H|6#y&(8>7~xBrM;nP0_Deq}1wi;pu<O
z(FVO&zZR2lm5vZg!i-E2gmvyJ#8Bbusf=`;G@SK=A}dW?Wo44N!M?(O);BhsC)vyh
zNKy=G$%H-q(enXlWV`=ThBB19fRH_7`jc0*(@cJpL@;W_8s17_n^d4rd0n{P*!q~0
z-!|b*?R)W@`K{a_%66w0EZ1VNiPo-@SO1S`^5m9_;GJ=H$pZuZcoxYc0ydyLSwqZV
zKGkN0lj0huSQgwptzN#@oZ?IlvwR10;k_5B?RQ{k3PL#LH4I4*<Aam<`jlEGZ8-8$
z?6Tapl?XO#_RPH#In6Kq5hiX3@G>kg726%8)$W@ci0zYK@j78)j0N+@Hvu-P@Ds=V
z;?b{1=wk;ouP>`tZ<kk#+F~I=ypQ(-Z&z2EJq%{@hfc5U&o6v$J$LQlM4^pQpKaG(
zW%*o@;w?FTh))34-arAkEVm!QY5Dc9Lt|^twJ{Z!>9RegHuB(~$creK5kLAt635DY
zyPtrgd#%-~$8KwtE02u|o(uJ>INy>q2ywN<D;^zeA>h5+z!OoEPtkr1<^V*2Z(~Hc
zF~pMYh}alA_j&sy5bjI!l;&PkVREp_&#x9+?iqov{J>Lvy|Cc$MsL73^rrU_$Y0bO
z+G)YaUk~FUp%Hq$@w?=>5gSH9P7#+YV<o|4K1MaZ84nmE36Le$EKzrIyXFRu(>^s<
z(3t4cD1@PmE1gLnwCvh85hEajl1!}e7UL{Lk}pv$&ENk<Ox{RVQKddAw-NC?An1%m
zcm6G+{ZoKrRF6$hizuD@z~!oBY%`!-SIzI|nLJPVkrH{rO39a0hnyl+=Bw#pPPa-s
z=exe6qi+)hJbp;-2QK1rUFXp^dqtmnun-bEY5H9c4Sdqt^mx+P!^kRL)sz)Y)UeT|
z2oaU1_ohNPj&HneGb)=%g~vF!SgJV>jjQI=B%?>l77mV_i5TL{DVRu)7e!)K){2rV
z`!k@`uE{B|%g;=?LyBv1CCgXkxpY%&3_u5J2@_JEz*Y-K*jL=@N1s#UpM;I4nhweq
z(TFNnVE8Ps-;gH`iO>nS!;a9rRoPnPK|jhta#=9q5pQ>V5`+J^G8?;@v7%dE+lJC=
zku2Yph?<S!0E&u`Fx-M>H9UA*@3Y1qF`wLi>D7H*;c-g}GD)vm;u1Qto}vp+L&*la
zZta#WcGfUzmPbZ2t{w_k3@jwc_hm|&SByW;5z3T2zU}XR_#W?aYO~}#Ah-9erB%9b
zJNJ;mN1#p7YGC5`RL9%%=4tJ172;F-<4pP2vNN|mF4{}V>gUV&cH#Q9=UukgNL%Dr
z6TT-Jm$I*qdtHn5?T<xsM?t(vKs0o8zARo0)GlrJha=C!m)#+{w{wIyM0ckXtdO<W
z+pObSx!jtjhr?nzISb(rB#(h;*Ggw|JlHQ`Jv|VZrXv0ai9fzcapVdcG0CXh%O{?X
zxB~l*)cFIpFr_}_UPptgaTzTkURvC<-f10)=Jomo_*S>A6J6r>g1zTUqd(vJWi{;F
z;?b_c;kz!UGzt(z*i?t2`51^i5=iSRVQ%3;ouVJswy~pxS}NV^1f-liu$%C}&&1U7
zq(}KgAHlNyV_t|q43VIFO_01rPsttCQ3f%N@zN4^6-mZC6a_wgP1GnW3+a^29c{1+
z0rG?OUUVN`MLCK5(69ZMGpAR7ROukRVlVzr=*J=?$f#9=8BYEVHn&fEdS7j((1jnq
zfD<Fp$HZJui?2_PcS#Y7oH&SJbF-nly(i{pxuU)H)}2&syBSCYi(m0*#8i$iXw}Wi
z8_~11R56`84s|$5;-yT;rP1&0PIO3AR(Dz#MW%-4bnRbF`m(r7{Q1Xk1npdow~jtP
zhFvz!PkX<2>gtfw<iIm+XP5j9a=FXAVCi@}WvB;&vCgRYJ~jHnE11k5%i&vf4K6Ii
zsJiKT2X3k<4h(L@N5lqpaF3^@wXDvzn^H?@)$N)VW&<;?tA5xoDCG{gFScPGW+Q|!
z+(`^z&kNaHjS7llB~JI#Zd@~=jqfg}_`TrKd><Z%VtOO#;U4+7x&*(AK6cc@r=d{h
zM{=uCleStsS41Sj)n6^ejfx=~d?5M?0gjFTuF3o(8osVSZ1)E+uMT^Gbs=k9(B@%a
zS;(s9iVOUx8qwIus+RaUwzUQ?x=I;(Q`1cw8p{VcEf@wS6`SD44#(Tby}+%g2V$r2
zz<0bEb#}o?9VPA&h=>hP;QaL?Uq9*%M|eB&ze9WnzWe^Y6>g=(ug7y^Wy*+A60qlH
zoy_1d0znkQpE(1@<Fo@pbwm7KX`%g@G@A5UEwIqTDv8zOkh0{J-(Y`k4plFTa%m%0
zSzW!a$*mp-M>E2Q!>2d>T?^u0YxxAK<y(-Db8wy2BceupfEVP6Y3FFRSkrCdFScr0
zAPe~d3D~xnA$#mNiH8c!lGODt<iPTIoD$C&ubRTK=lWcx32-dMbq0JZBq%S7<V@K9
z1cDD2UhhD`&0$n9tKA8WpbrU^{9fqg2iT0}a<HHv`@8r2>k>ro%nxGG=oH~WZ3W%<
z-DF;7@b%$r1Zka)vlb$Jj{!IbwvpxpFFsIVf-QIkO{(qt_pbjX`5oAQS3m^jNe`5I
zFZ<V<|0w&{$CdXxcHpiMd<O*RC;jX0|9rzX==U@7)Ey}Q=V$&S=Rf-SkNy1Jh5qmO
zMf-y3kALO@cn9`>N9O-cIURGmzG32xMkjnvn|k{jje4)uu_D0W<%-(co8T*3A&ZBL
ztx)ZoP%P{-ZmxY-Cy$3!QL_f^0#@Il#(XR)lh23TbDQCOtImqXxAC?+VX-1dm<Zw8
zJWH0&&lk^IiXEI3S5v<RiXmtG=g_HmG!f`wvK?!>$OQyWpEPC3uNGWV61kb~9H4J<
zj~J%=_6w_WCiaqu{c$$LB{m?*#?nq~J<9$2ow&DKym!<G^tcaGE9bjO_1A%`OR8a`
z4dl`^57DWH<&U~RN0W~`qe;wW98Im<*VvUDJKgBII0^=jg8lCqWq!0dB}07Sh(*e2
z*8soXDj3@7Yq5LXo~c%$c?lFv{t#y6Qy7NgiNu72q3^z*O<j6hv2s)@$_E_ps~Gpk
z^@GTzirx)o2eP+K@t(lQAHXZ4DUF5;9Azx<qCz+<4(2H<mO-`Ie(gi>O$l&a!^teZ
zO4}PBv2Pb$xi#vB6NQ3J4#7*USuzjb0$@>~HnBdG-~z{FMPFVE&akXg3WZGE9IUK3
zcey9@NJCS7hCgr1-5`!-$4W-lw%PIcKVtA`Q5#=3iiP6xxXZg^8u;CGV|Ry+6^<M-
z)ygJ^QKEy+F|tH1Jerci?Ycw2G@s5&alAr5;ocmTO%|M(Vj?FsO~PhM?9|U9v$ej+
z45<tcDWBUW0b_(`Xt7G(`Ti^<oO5=AJqRDA4GZ>Yjlx!5#bvq9yMmi=wNJj&8j%PU
zTE%-T7uQPrC2w3k%mX(Q$bg?)&$7P*_r0k~PNmx!B{+}0EI7yRv23U~4)-EeR3S<$
zn@JU#TvO85alW)0VvB%pj*OP*9GjrqLabl`66(85)jZ<O*Sk~*X^-);X_LUOtVyuZ
zN|Ys^x1G0RHybKjO^5yERDfX;bGik<3H075(R9f`20_{6Npd)<PBpdgQ*i=vAYEjr
zO;!vyE&|{FIDu;W^SVWSO>>*sp_-jy2JZzNULUkB3~)Gvcfw4^Xd>KfJQx+tv}*9|
z`AcahNyc8v0>y3v;!y%&J38P~gth-o&r-?t;PIw9x8e9Od#zkK+ZLgB3)OF%X^c&!
zLkqb_@r7=4T|^7Wz(x=4K{L8>e&w!N-&)lcGo@JK2(2o3M|$5HinavT>{1-5=Fwvo
zLLNXUsvZ|vsu{Ry^2PgUNMIdgNG+LGep};*=w;5FZY_ke<PQSA4FTY8vIv}%bCVfM
zC|Pn(sh^xD+E{Hg2Tf4a*q<4R_zm;Yux!`@nU*B1C~lm22C_$&hcp&ZkhLrhatL?#
z2Uu8Sbweto^nAV&YkQ=~ySO%nZ7hV8YG~5imua~nuDIg#g^ZGtLsWr*O^K}Ql;}2b
zYs0ee@9J2k<-{D(5?yIoepVznn?|C?0E`qKb6?!#TPwY|0zD#7^GJU^@5w48U6`JE
z5w~JU`pLyfFsi)tc9<+HEiBK{idwE%!!_pp>_D}~wN6`?@I$_pu_jx2kDjqg)CO=U
zL26kH!}W9xVx94|fb0Xv|JW9eNC9-(ddwf)_VB2)p$mq*uSQnBw=Q2ojdHf2r3MFU
zQcz>pYG4Pd&@+2*W5A9A&VF_a*e3a@^o+qud_jPGdF9Z-)@=KUualaUMUD>9^HGO;
z-+l~GK!`gAnnxIY^ykcXG92O<@eRfZMRK=$`0$=?C@W;6Aix%36~TEGXd|z)Sw&(B
zO;{gE*cyX0@KWNtJxcV;diDE!Rh5rkkL0%+eCs8#>PdZGQuqY|OYbzrI*}yf#X!Y0
zUVfywG^c0Dqp_n*z(E!LC8m;A?dFl(0R=qN;o`~vN7r3O#qsRx0uBVX-~<ou?(Q~7
zkip&E-9m6@aCdiy-~@MfcXvzh+{u6Mea^k>p7UwG^y=<ezv}9$?x)@c1>=K+!Y~)-
zJK2dcUEA`pJUV)E4UX`X+qAQ#T!Kd{Ok(8LiV20S{F7S^i^PiDrnbC&0%%SUn8Sqe
zf*l-YL%3@xttabP$$}TP5WnRH_k8zMO~ez((~3DWCD9yB(BcHAI5YQ2kJ9=cXHT+M
zeRSMIrO^4br&XF=_NDFzo=C6~MwKeGQd9IUP4=k1n@OcNwHBW$mb6I7RON%tNIs^d
z3+C`|ueTX*BG-*PiZ&kn8S=QU-~ov~qWLy#WhH86jto`wg<wss4$Bc~YMp43u}4@E
zP67lmh?*rAplJC3wF;FlZ@$gU*~%K+P84g{y;KL%JaC%9r7U}S&fOsJTp&gl0F$X?
z>mWb<1qT^>3z4JYbo<<zcGrxJXpTcNVPx_{s6kj1JkW`>16LYVsP2y}*2f}ot1lXv
zGXr+vNMxu5kPevvxC9Ud^u@^$zLQ3_A}ury+@quyp~cX7b+oPv;-{5^I&78M8q2Hf
z57;cA`?-<hr3gz8P64Ruh`X>mNj0O)Z5q6$=RocUBG)x3QnflG7A@L5289bZ_YQK8
zh@grstB7tLe)N8bof`Xf-c_39Qzs-Zfmp_GUDZ4i8CM;iH@TI7LFj}7WkJADa#-(5
zPk~O;goM+9s$GQ!1){3NY>$bfxAB18FYY(xN0AC;diEd&o>96~I$N`3)e8RUJ*67o
zYnz6Az{ObdXhmBhK+7mK+?j-8%lm;^8)GTnfV4}4cTZ@@aIf3vYKHKpGy1VbPeaUT
zSoM=Jd3Pt2H|(c|Bu=jj=SO9)i@qNyw7~!|-FznfO$CWEHsuE!#nuMOVuh<t-I90s
za2Ea6cV0lz+DiAI+z?a{@KX-iR*}*P?QFuvGKqbFp5$$L{;vFNEg8L9PYg!N!~Nza
z^};1~97psiZ0Fa4TePRw?d_F7fQqI0aDKvpZIUX&0BM!Ca%on%isbCV)M85MyvsVW
zo1kWeai5G$mv59l1?xhc`?d7+4~?$2(E|jmI46gfYtv<$<x=W3P5j-T={7t^pzL*;
ztcXhTh)_@wOsvpqn~D{}O^?olshJGiioVu8!Qz-&{pE$y#7n=+VLmKwSBvuxMxb1Y
z+3QLlA5UKEgXvj~I<%>IJ>L670iS6iLn@z7no?;MW{r((Z~!tRr^&fDb=U8p#y@qd
zJ1Q%$!KB{W?)CB{vDMwWIPxoMQ^E7kvSm5J`L#6JdU3ax=3SFGnh#${bStaq1Q`wW
z5do7jpN{JpMU|o$HXBXI7Zt+u-X24*E`(@+Shh~gY1)WxfF{Zz3ad~MR)AT5k7178
z>>0cOSweJ}Yw{nRV&wYY+{rYW4u@O(m|7vycFsxG*cH+mv!?7mMiR4nZsm^i{q=0U
zJKBDuZ+BBctIUo0%0+}Qn6_oSR2dYceP(Ilr7{icJ=Br8Cd?}BuS&@;N)e-08kizE
zgZ+zUEPM`&fybJ`sc9tFuxtfBGeIBG>ggLjNuLM@tJL$qlBR0JZ1tx5PM<1IhESQr
z<3>`ee`vJEn?eI@)ud#1keuoCpTEvD5L*gJiMB}^UPws^?2A$2IDYt1VR2uUU6S8e
z1b$b*p0{&_1lZvNEt*UzF^4I*^{97ijdxi^pD;vMsn2JVVG5OFHE2r#*xA#j8R(8I
z#3Kiv0aI~`KP@|poz!usQ%I7DXSpfiBXpaA-t0#ncjCVYp2&41lX_PtM}!&0QK0Q8
z9N*^{gQJOEZglWfcU$NfO!0p>xRTB~UaZcVmM4U0#4dGOq9YU?qruS6F_Vn<hOezY
z7ii9^aIAeCZOxUnjz6OQEE0+owgjhnkQK;AOODAUC^jiobp$u?<E-_o8+qN%`aYA;
z@)OAe!2p8mDUXp2?C{vY9Kr)ZnT7Tiw}lvi21cX{KOMg5u9|(aULzcHUjj}Mr5R6a
zn$aBrZr)L?UUPg_KT#5TYU(7gst*D%3UGK&vJsC0$I0~U9PLe(Ez>x~sm`=c*l=|B
zJ^8MVphT-<+57YbAjy6@(3G2L{+%`d7$K3r$}u2J9;!cHd)&&>0N7ukSq*M#9CQvs
zpO;-BYh^IHG%vAfuu>@E`-N?<#fl!OW@N$kzB4r~EquZw3iTXae#|4<lUJJ>tW(MA
zx>=HO?={XT%G2MSVjY;D#rnW)Mx*IC*kr5DwE!+n6}}(~*$5@y0k@UY%8BFS(w{@2
z`lfuVp07tS1L!MKtBf82O385PZpEAj*lQcq*6~UavsOB#(4$61)~U<DheeT3yVbO@
zV+@e$L!SHa;@2)t^XIXelP&E`C>o?`wM!V%VV%N$e^Lc664Z6#f_9^^Az0Ixt_Zt)
zUw%2X$M!3gc$c`uk0Qs=6~Pc84scp~Q*W&GbsFJKHAohnBPs`J(T3|-*2IJnB|Dq!
zu5JF23NPlZa^Q+o_8NLIIgDi_)zj<pdHZFnTW(xXp$j5+Iv7i`g8XcMMltHy0OVma
z&&s+>zzHta2&v^a`N6oY!4MIk{OIZcd7wWvJJ;8@p^P_FB-<Vu8cOpJfo2VlZZzwW
ze5E?zt7s9ei3R`O^j)?pvrlebzX|CKPk~&V_YLEe3eRm5ZS?rQ${69WCDK=_&P3b?
zLm@%BXfABTFD=$w7-TGM9L<bDbxC&)PZfqX!_lfEJ6j}ehja4l?x<#Kk!voW(@}@w
zckn(We;IZ-h$*=Oo-%yiE+gH(GtW7X6z6CXw0Nqa7jE=+VoNWT;wo-mKYDPX6>ho`
z2Sakk8MKkE!Sh>6R$}(UBH|QO4foax?IMf%la}6=lhtQzJNapq;>K#60u!nxsnKcR
z@pvz9rBeQR!j=PRu$XjS(u8_N9cWMGM=$lyFb06k<m7ylmf1}U=9|8?$!G6U3o9&@
zO`$K|Q#ZCp+gK>ut97TX*|M&3Z5omn{X2R*d0|p#aqefOM=K1ol84)bo+Z5+h~hTS
zoE6)O2)wp8#iV3qE(EoUn+bqAn&P_wCsnAkwZ07}5dx*SxbH45bQN;C_a~I#i1uiU
za(*Vx;mtj2<@(*qayBiipl7}Lyu~rkRYy#^*)yOTIpGM(59zri!hxMFzw!Bqa^}?2
z=q8G`cr-pg=26zvGWqTSH;&PCm&E+Dp_PT*dNbHXfv}J7Bq!{sExeOtlNi$IS4tmq
z+*!{Fj6cdqPB)W%<xWCH#pk$@^IN~z9`U6w%j&0yXo>~``Fnq2bY)E$mrR2}a@eQe
zT=+)J%GE;Adl;(x?@13+k^8O|ofMt^<eEXqbRf2|Z#yktzOvtOOIiG)mQPoB&yt}z
zW{Wn0uZw=b@^Xn&FE0QopqempGlDpa>Gx#v-FfaB69)rZ-QG0Pqv#R}nAwgjOh2c^
zmALEMiwAEUSp0Yxz3WttZLnO66<h5V=3HTT4*Cc}t)Dfe5~0b%{8H_rPv0dzRjncJ
z)JqintISaKZHF71>;dB@%UwQvw^U|5agWiFj3W9+w+s*Er&?0`XrjYD-e|(!%FLD;
zHqC2cc%-k*wTw@*?Ne+nN2NG~z*d=c(Fb>ro0;o<+?!WQ_Z+ipcs(LNkIs&8%Zr2%
zk&e3!alQ2{VpEDKwAIdF0V$OG%v<VL(yh6%=p+mF4vQ8X<uo9Evn9BTO!#;LrFIL=
z8o;~Z<LIF18PGY^bM7{}=xP$2t;3h$#Uksb^^2P)OH(5h8Niy!j;S%ZTioXPMShd}
z{rm%+A2XFtX)LZbz-3mS&xCuBXcWII_^7x5hIc5|DfpK_-0H!=6f^I%GoW`H=cc0z
zU1FnXh<IX#3tLBSc_ao!?A`;CF6WT+)F-NG+swGZN)L*L&*CPCa@6a!kCu!ApL3PY
z@mSVgXo4QzT+Rz}W{t@`Qt(3hyKb@Fvr8a&B7>g>i*It}2&7qYOg_kD^o{xTh)Bi)
z;!0o5H6EA~=x|$uh)<#Aqd=iYPlQNy8lFVo7#_xrWFDOzpEsK`YX591F9>ifhCiK$
zxhN#<p}$`&hE+;L>4_BCM&JQ)f2B@CRXTGQzfvk$!L-LPbc}EK+(ogOpCl7Nm%GJ-
zX5T8V!4`>VwmVwjhpOpl!j1lEQ1WU9wyG_aE%gn^J1-e^UAf*FYMDJd@bwYfHmxfK
zczJa#sZ5*Bp7zRDpq#9{*52Ok{V-L?TM&#N*s$l@29P}b5K8(~=p`}bL>ZccBx!7G
zbd#Osyx-l2F|%(bxhs{sqd$p;lVk|LDh=lOyrYr<r~T#aN}aXN4*Z|v%O#fd5$tEC
zEfLFs_k&=mu8XKl!_v2{tKt)MWK*DW-hWP%6H#}<>}nbIWA0C1Oh>&9q1R|Ad8Mpz
zU@e~l5`tOG?$FWlM(S{xYxo^~32W-Oqc*b-kEtUV(9cZh;OVYh2k6+eyAWqNi)T)c
zI{U3Ree6PCkta*}Nl<Sowp=xm=feMk*nY3oQGdCg)@VmIMLpP+jx&YFD<X>XA^yOW
zO4AP9u4w+%t`PW(a(`p5tgYBhzr$Ue_C_liF@*T!qSPjpDqz-%z|5Fk=0VcbGu6=8
z;uE=V?yOQY7+tL2&p)4*dHkB?!frjUzjX~}9oLIYTd6F^u20m|;#W}B--nrw@>{kp
zG3b@_ra)=P*-&X3u~3%K8%8riSz{zgX%N)yVZVGJ-?Z_@mQbVdIQiSFl`6OW#LdcU
zZaYu0ih&%f!1th@=fN42VvOxTS}Ai7&WWhCl}J*}wptzpw<HVJ_hky|5)(`3@gex?
z)6%%y0^YSoAe(hv7O0+*u!uWgfc7SM9K~keXn>eM0~u0319@dE4-a)+OdjY4er|&7
zy|v@1Kq_MP?(cvuAo?d`Bf6z~?q>|*KHn_Tt5LcNq1`M6ugMPkSGTR-)}M&7w>7cK
zu1Z0cPFh0%W?Udn0KpG#P~+!}*w}AozzA61-k|?m*B=ci*QE=a9JE^v#+g%L?s4-=
zE|F9I7|;CF*6)XdSUyM)HYrMNq8sKo10D?rJdbA&$i-We9SBRQ13AyI?$07AFpjsJ
zT*627b0+Y|`ddb6xU5`;DrOvi(2$4QB&+>)9^hOOx{N7MdT*ieI0RdCD-HU>%wGdh
zul>+#BtDLrvE@j-Lq@|TchCju%Ooa6{j4**r19~QA?#X5(dLVLLD}aq=PKRhSCqO5
zA#*Kd#>1h-=a-D_oc;bBJO}Ie-*gnV80KmAdM0d7f;{ldZ>=M;6E~an#^WVEzR|4g
z1-Y0R5V}#zIM9BKyosuzx0$RaZd@#&J4V}Rz?KWw=g)06u;&2OV+38qiWH`KQyYGb
z_0Za^D6pd>z_M~z#PEzP?01#QR1x5+PE9u71Ey;<YmHBvVZAESX#em~hOzZ++9OVk
zt#U(`xF<n7yP2w8>kSuZyHR9D-^GjAfoYf1{dK~+#4SGKY)O`4`*%jnOTjmZZlG7w
z?0m<#ZAjoo!XtdkYFaYrzh^^14Z(czJ&U3(cE*IhUN*M4(azZ*QDRdW(a4d1G~FSQ
zHH}u|AlrX)_2G-!`Ok)xFAhbSQWnXnsGU-8d+*oD+f<_Jtp3kTKG5iv`X8%EExOJQ
za1^dHnH^=%_##sMRx;4zzpdF?D$owVLsUr(nqT@U9<X(#8PWX9%a`;G4y+7}GIZ$z
z?j8B)d`e*%uxCfV-!U<^yA$!meW?nd>QZ6~E+3#>#KRQ$Z!DkT@eMLAXxRK;+?=JF
z2~!s#=cR>HxpD8^D{N?}-h4NnXqMId$vXPAkb+OdgERB`f{eA`+E9pIQ=d?4+9N2a
zd{dD}_yk~cQ%k;pVXZN(J^f}PP@oqU+Q7Ut<9}h1R%b1?u89Gr<<aa;BB;p$xHvCN
z@-qz;I75t@F&W7M3gYJ2i-wW$YP$X2_Lx<ZXo7KzHkr1S^m$YKyEwFQ?fa1h3bh>c
zJ(}bnSy8-7f3mK=>0U(U=;(kLZ_Qui<FZU7+tCQ0Vi>$hE3}xeE2kzkBGXnY$CC=M
zL3v$KO$oTQb9(P@igE<-bV9lTU~O({#co2SlH$ut@zsy2F;2Ew<QLHpdlBIz6t%vM
z$WlhRC9m);x@pNFuIi*(08pj)b<7}KIXsFrezpPHAhBq`vY4THPH9oR0MmA&*j)&*
zv*}Evct}9eNMakn1DamnQ46r<oXKu<@73Q??qot3!q6d<_g6r{<7(gC>u1>DRylh_
zo5OtzH{rVbfxS7V5An1Sjn8!>x45T%<!n@3#$;Yzgrp~(U0^`kos0yH<MYk$=TxU>
zD)!;$HtYF>iV|-N48t)V-OJ?*lqZR%KNiwB6f22_kINLR$KoZ?Khj=vmo8kiuJEGG
zGPqYxGd|_F*C205We->=>rA@MUeY546=?g0x8QV&4@0$T`ORN6@_vlVl1`LcLgLAG
zDrC4#NFD;;=D2a)hkLGc@azFaLuNVMQpQ3PpOgKVeErZ=GmFK`*iWLA!Vkt;gZC;u
z04^Nroeyqe4FNW4uJg6Vp{<D4Mu(X~)ixvN_jE}G!^Q*ZBL`A#u?$|kQtio5NhzHs
zN|Tl=d*UwV<P;0BxPEVEaN!}YAF^svB)3q-Q7-2gyFCKWHDzn!8PsEHDJXVSp%w?y
z1)8J=l|CJGHYJxPrxPsM{N{Wmt54=miLn}W|K31J)z);RnG@QC-O#9+Mn`Mfj6K!W
zRoRrlQ(F?Au^Z<wkE~KLUN<r?pTpR|5JK%GcLAcT@!&J(wCK;5Ai$r5^jGq$OvnZ#
zqr_#xt{58FkX!g~ii6IpLSoHR;@G}{%im|6%+S2|Px*Bhim_P`J57sunzTNU@Ih6l
z-VKux6s*|fs?=3@K(sSqs8xzzhfKo{J#^UvYZh5pe<Xq~e$ER1rl)6QEF*pD8Iehm
zGPj4CpCnTy4dt4n3nq4vZo(*^)1G!e&5+C{>$lM7{wnHPj{zp+_4{HR%*^G9ghzVB
z=^+IHQY9NZ2&?iXEzgAK>nh?C?A(`xS-I$MV{|h=jXuBWw{||K5)*YU(=I@xObuE1
zmMw(^|4+2r@xlsXNHU&8yCtf$J*q)$lR^_`#jI~+1PAMU8F6;vyFaQ{c}T6KHgxDr
zss0EJFE=sOuSoAf3&6iA`_ey@y_xW^VoGKHTVU&yveG9UM)A{p_ojan@7W_W6)9CT
zBrdzk@aQ|kvjIxII?)x2WQ6eAI=&=IG(XL06;tMxyxV&4r&>M1;|K;`7>@XY<?EC=
zzE9A}>ZF;|K^!qLI4vLJgvn))`{A2kudYAX6{eA*C^%vqWpeqVln4L~a0z*-&JhH?
z+?|}4G2x5tPnKXNiOfxPm#ta&GE{HHiflG^%cNLGUr(96FXo>rFCn+0_n<p=CGAax
z=xThY4}T<;y$I^6VoHGO-jogoxQLUHt>_FQ8xnVPUh>h(BAhCZKa8}-5k^8$d|+hw
z$w)>;-%BkET0GaXQ7@=O#4S2jN>v-Txp&iAhaj|us-E><5tSb>2JO=pAY+fl!SN_z
zeF_K$%53;cIq5aTQlW~3zUNlxZX|Tykq$QMVMb;g(`KG_HB$<@Uz<}FMafK%DJ9Vv
zFOwccIeBa(#!q}}^8XY_8TWcq?eGP)O_^nHhm!9IV&|TG#|oJ4vBKLWp&v?ebQ|xT
zLEM%&PnkBb=lEM!rUhXL5bpKr7}9CBV<IZT(?XwJxQ8r}RANY>+y-qI!9RykPgX-8
z2Q84yPMbbgkJc&b<YWCusZPO1>dCtwv<D{YI$)x{f25+b2Xlk@a=moffhh8dSp>A&
zXmOp!B!0A~ef8OYWpl|iglB3!UP6${k8csv?paO@JYU?8x^py-%ytXvlG7VA?j*9s
z)-QA9ERW&wk}QkfTc(J-`#MHcA|a(uXa0D0#}{!E#0F0y)~!ctSRrGUTpGaFvxpxR
z9x^9&)ILIh6!R<ncB7x9L?Dr?gYp;2#j2SM|Ds^LEZ}_`aX?ek^-ybk)GTQ{H-#uh
zi{Di*kneC6cb_9N-<)uvTd`@=LR3|$opQyLS0*QBrN1*91D~aAGt@NDh+^3>`E0$0
zz+x!E^p*WxcgGZoFW#A)PX|I4ewW-rH_2nCJ@WBPQZmG+hk6VZyI@$eY1vLnvjM;8
z^TH<g<*XU(;JNTQG>OAPrj*W?L^a`*-aTEOLHrSF%7+o{Sz#3gBm7(X&9U7lb2e|k
zBRLPWNX|YakiG!z_Dm~NM(tbJgK1)bpdE<n=fzuK%<<;#P~T!kR(mj>S;>a-BqCho
z0_>;F#{Lslt?&lt?s?2TGUz^AonAIKA4o@Dtf~#)Mi8Ohp2*qEM*jI0hHS&T^L;f3
zfia5)6}vAjvh`>%z*_iF^0np1pYrg#*g)4PxUjL6<B$6EL7hq2+Xy#Ga3H(j699I)
z17-L5FkOVX2#6v&pb&#l(R6OJv3uFu+2uY&?}d-=lb=V4qQJlj`hffj7eN?Kt?BQI
z92-K^BZk>!^PKtG0-9v9GX}^p3CG@%Xsh2pHVybbH=+oVFrx1pE5peui~n(=0W~-l
z^+uBH{=`~c#Z$P+-bg2KnCxEh`d(sx{L%V&Y(KILdG_Zo>#r!2Hp@SRrzlHyS=vno
z<mT#!EN7JFgJ1}^zc$ES<I9^SwW_waWg46zqW-qr8L8O(ET1@-Rgl%BEGFaATYE<|
z+R#yce(js49ifhg6WIWChiys?p8!Nne+Lf{%vfJs75UiE+dQU>_(APsZWM18-CP8B
z76cAKl9aBtT4reqvn6|?GBrp2l8x)LFQ0~C;K#<f=V<c@U;Y8|to6VsEZ-9-H+42L
z9`*V@tj72+fS#O<ZZf^!pZcG^M~xzhF`Ah4BS+OoDYArT$V6UzOXTQNih%#{d_0y;
zc+BIU8Y#YQjib37oQS2N@N&Apwpy2Z`8qHFxB69F&#dU6p)pM(A;u2L9B|@$^KtXd
zi&6K;N6?OZBEe_i0?F-5Eozd*DaO}sOuu`*APl{OhqF(ME`6;1BLC*saaXcE8r?d>
z$*Ql=vLO4pA4|6%X%N|t{vVXB3PFROY%w}8jmk?*h|C>lp8Ic+oh5f^3Heq-(<I!H
zx($$T6sc0uuzn0cV_HfU#2lcAa747v<q9H*e}tyty&nDwc=)CsaWH!hi*&{_Kcq1q
ziR-z8Z-RG!FC}s|S4%cN8Q#U~G+wI2nU*!^WcpCYm%WBx)Y(Kj8>-Y$zgP(s*waPd
z`xzk5vDk3i;uDL_i5ZiA&{Pa)B6~uAU$2E~cZum!rp>7iGh-{aCnV1)N!FQHBBfhW
z!ik@ihR{V<g_1w~nf{rFm_T)OUPWCG6j1~tScP?J<UL)zA43{SCs{0_xl2E-ve0uJ
zf^L{nDQ)`C4JV>}2G23-k*+=+h9cdJrej7MzIu@ylyIu6i&Bfc4scYhJF{7;KS}T6
zmRWq3YGx_KR`8;ho5NQaXyH|w9Ts>^<0xyP*`=RhM=CXoLa}1;&EPNsl?||smPR-;
zkYQmxATQ|ImjhREwCyh&(>t|QOVBSZ0A_2BYb9siok-SG`A6yfI{C<emNZr=Vhd&7
zW<o=_bw&Y=g8O0nE*B6=M5=a%Y*H2stPZj)Jc7*hsQGJhL>+FT7SiB7l>Cj<?sQ#L
zBCwD-s-B#B{3GVw$&ck~DNV=*6~dxv-cjmf<3jUix7&PkSW-G{0zjpx0XCdYYmyWJ
zj%bO|9$g$Tr<cCp3%d{gH4$;J?=)EIk*!YfRSX?oh`iTNCE^ZhQU3~S&IK*u?>fw}
zb|F2bWGlcN9lFYNVwkM|Ny;vmM9b*RIgtimbUwSqY{qAud0Z*btB+H~C5Sja#UFI0
zcm&8B!3#ogJwhe>b!aPWtFKzHf^;3?Y+5sM_9}1S51dbbjbhr4mj$GQg|yxnB;kYU
zloFUnk9~uMMsb?P&*NK4%mIIu4{mEvQk|L3GtmKRfx4*p1Z+^I*KcbCk=rLdT#iRv
zETwZKBk|>BxRt()Pr?`FJyPsrvXCF&K_{$;y8gblgn41blz|*$`rSMS)CM1dUb{jl
zX^A?IVDtE{Z4)(MWdhF$-Y|meEgzDR`gbj~VAbKxoLdnk{h)D8fu1tLAcx4aBe#`e
zaq8JBs++aZu1~G3fP3pjM<c;lgNJv<s&1JVJ#s)&lY!`zOs56~9rMmQQBviY;gO4+
zbx?R)J&H;?@5xxEwP+-b6;_;%*2Ym@)@G&J9(?6_vU6h@r35+R!3C)oaUkVape;x6
zp7xy9_7FOF3Pi0OWA2!=$k^!>$s0z4A?KxlVf`)IbFhx!i5<o?Kn^5xqhQ5inz1nN
zzscI@VUk&Jp5$PsY^=`8I*9u4o%ce*%cDhGnvTy!zh05{00R=I$3qdFp+aus*U7UU
zXho9QK+=zC9VUF<g372LBb-fkB%(o_H(p_uge5!@tKuQ?7Kv4je8r?>sanRwJmh0p
zWDyhv67VAojT-TFEOsArXO~{;haJUwaVj!Y0Yn$00zb$CdR&Zx<OtWvUK5c^DNWLZ
zxz9z%9Qwp$WTIkT+8M!{>9g|>UlN%fJ3m9cFI@Tk@y4NeJ5}!%ZSA_tx@sA&7{49U
ze@EZ=c9*dQl>8=a*x1sxCV*4?H9G^bOZdxoEU!_HR4<yo9!>pgG*2HyME~!^pixDd
zK9-}K=QlmeR7qM^qI;Nv-`#sp_<}ByEwfx^Dk^4^p7+rWcX1yI?MWJsp(Ow1oih&>
z>TLTmXN>zDO6DZAx1r!V-VLZRQ(-g<^3Cvv!uS!r=q>4K`-a1zp-Vs^0)?Ao<f4VR
zh<VrXt-SCN443ZWR!q17bGwSqku?Pr2`H78liWWlv4`qp7el7k`MW;9YV%pBP<k<4
zuC04l-I-v}r`8>Wel%hqHZz;&<-N$WIq+oRwqABnjzp|qv25}vEmp89ff&5Sz6iw>
zYCF6^Fs~yJddYLp@?+NbOPh_V{%jf%-+DZU>@8r1&r-S#YaXafc>edLW(S#%JgG9b
z&o}%NmQ$Y@>C55+jX1Oso;bpg0Eqx}3mk&lgqiyl!^AJN9$L1O14}dLO^8-?44y5o
zp&=LKeA>>GDsF@3skcA6-x%`WtL%NPds&MQidc+4W=fe23-kZSr(XM${mc<)OW>18
z3d8!81IXYKx&}bJsKY~a{XSN}E~DnvxZqeJqEiE1@weRxD{kx`u0=n>>g-k61kQV!
z>~Ft(mnb%Tqm@-uQEh<+vwB&ve>8I^8;DVUUy=Dg$6=;|L;8<vPW|Q#cFjxGG+7vu
z{?XPk-$T!LaTgG4@)zU?2y5x-d7tt%ewJq_oO06meF@X0!|#Zn7;B2(hBZ?CNeSMe
z4lCp~f13$}@V|I4*y8?dMBCoNLR9sMARr~AA&-vX%yG*T{)Fn_FKkeiY7<6PxxneX
z+P91`@Ksf6u{GCEQ?oi48DPGczhR|5>F2^g?xA@IaR3S46Kup!EPm#fk4aFq$p2xQ
za)=P16y=CQ>l|Dk;sn7Eec|nRG`LEe`O&AaLw>i(l<}l<K@G=|Ol=%LLYr70VDI(0
zxwVU6P|1==0C51pcd5VhnC!1g=0S(4h5WDm!b9kF6yLG<)6_wke1M>X8tm&y%}l-c
zJ#{MVMh8>;hGgTg8m7lC5W6iwhH?M_xr7bDeRsSXK}3u4pMB`?LK5Ayxp01m5dMw@
zalawU^c2Noo&2N#%gMcUTX%#)ZUI6o1lwqT>);PI+U;t)A*0~``PWtd4~Tgi3GBFe
z`Vf`DF#Uho#GwlH!_iC=Iu{W8zsdE#<@JC4n8Se$J+59X-v7GE-_zj+RVTIN)&Flt
z`T)l*_90Vh@;YGtf8Ruh4!j=JrK%q}3EcX?AY6;|=iO5Ms-opT6#TzVNZ5cE&c~M5
zq?$UZ=cdB^g#jd#?U#uV<~l!AtM2P?dn(ej^DqGTy7ZCgmrv|%ISDiOrf2ikLlA3D
z)lf|XDYFKYU&meP>^alXC_Y`}-0Vkz_j9+2pLdPRnIweY9B$871do1OjeZ7&W^&c~
z(4|F5b+V~VEWS4|DZsoRcSbK9+eG5!T-acpm5>2fq^sNNrl&QC+wVCXdM+qP9Xeee
z(fzZnW}chf%lCyo8{Msg?ql2#7R(%Ye!CbCSdRJl?(@L|&aJ#UwRzr6j#et(m-muN
z49=%<i!;sJ*-Vxt_6IDAvsv7muNYIhT*6un{x0Q*<`&|${INzb1OhL2+9&|kjn;hQ
z6coaJcq!-t1NmAyz#GA3H6r9|Dc$jc1$0&Lm%xUbm7boH)I0HnwAw#y+dqxa;L2yh
z@S}=bZNx!B?Ya%uuMorbKASc<>DMcQww&cUwY9ok0%E%RFR;;WIeU}sPb<727`_vo
zEVZVoKX&LRDy+%f>TAhIC2mX7p$rcffnKFQ1ns`DpF+lEo_*W*bq}hZ^!D`WjT$Ey
zac}b~D&d3xj5|23KiD0BHD&J?5f*6Y4_QjHt<8L7As2g$l57t}$K1~5FEFhxi6llS
zXdjN^niPlU-$OD1#AHGZD4wMS!XgvAu>76raMvBRZ~^#ZC}{tXM`}iV`4HDLk!nhW
zfW7g}bTdPGuU87HY+FZqe!ma5q(8|Ne8Wu=F*s)SZmt7Sh$<a*{sSEO>7;%m6VpPm
zY{z+~K|8#*M2<Y82m7!Rpxnq;J=DqO1ou?fjyVJQH0`U~P#Q`%VB;mXeoe+n>V65i
z+W?`?#WO_Vrai@7xjc-9rF$o)?j*KRChqYzJGsRETtONCOp;~aZd@5ey8^DG5)Ccq
zbTr@E($VZ}@Jp*W_%d*&!8SMrkkuwWcVzF+RBCQ=h?`Gm<1@n8sN+@Q0w+KG!A-ms
ziH+JH1F4k1eaG)>z|n5y)p8hdeAo><-aLDR?ZQOS2JUaJUbJYabUw(d1OFDK#%)O?
zw4@?0MS3FlB1<T`P2A_O+yaLVbST|5w?OA?#i-~+Vrp@q^WBZ1UMI>dJ%!Z&eDW8v
zlME&a^AMa4%@Nwv-SGjBXa?~ouZ_Fk)cZHVy^*(=gt7rgL!tmC4p>^^29M|U6Q*4w
zW^9dHk5~WiOTC_q*K1(42g(2b#YmGwSL~rzVs90V)1p$991wWBn@*|-6L>e{J?ZRB
z((<{Me<o;F@*O#gDUe@9pzcuLU>Qj}(1Rr6nx80>ga;2H4!sF50z#|o4WR-a1PlMP
zkoZ)NTpb=gi8{^mlD?bxdR;k3OmaQrXU`m!s0d%E@Dx%&G|A;5wC~xCt`mZejEWc%
z+Y6r(kI4vGM}C^ngAp(M`Y-Xg$iF3u+EY^L9}6|(SgKpf7=@j;FAf*!MJ?<YBP>Cx
zje4%t7wgX$ZgPLa``R=>bD4EZZ$PRC^B8YlPW9_{;SPkz9EOu$NiV9zgkHD~_{#rY
z^l<brUErd*yvSMJVKuN+FsnjPdz5A-jJ<vmp|yVl6G$?DIZb8OU5X&Req4q?F<-p4
zQZKXNX?PbbjKWld4u6*ZjU{-8_{FJdg|fkvf#YNoT_&MTHZ9HC(E0(p$v8HyKbF%#
zyP7lb_I>oMw!WU6A38h|xy-<F`nTnW<|WCXjo^FVN>=pwo{`i=FCWnz)Fk8Ov-~)u
zh_==*ja%soDU?ayTzxB4BS{YOAzreBaXllQE@bmwrMt1`33B__QDhHB{m+(1N1CWe
z%uZx^;wm+VG8bpjkcgU+2ucVAwqaKxBKtoatUE~xtLP`2tu}jLKY#VaL7g_(V@x6I
z-=8IMse{wOJwp3)xRd3CpB38HI?55bPz))l-_?;70mxu_<N^gH>M*-MvKAb}7d^i2
zj3tuliG&Lb|JD;2UF`qyn>&FidGc`z8SXkT(EJmv2UYO>atgiuQNcd&LgZjlOUxs2
z)4N@v6VNH;Uf;VPbC+~hQ{W=G_z%`=4iGO7ol4<f{|gLNKNNM0+G17g+98vCY6}?I
z{WXX%5xQ5{-G}3Txi|n^3uWp9&_6bWx;u$B`K&yjsgkq{{1GK}8wV!@)F*M`jH#=)
z>g16+^guV+gw-X}JWXccd>S>P=<g>@GifEyiy&Qgl_c*0s`%TS<tmqkp<~>I`vC#V
zeBhUwEYwzbOySDX8cdZW#m)<TNb$tl;gZ}wXJ1?W-qVD?!e;3Oh_WsWe9}rX$|JF%
zQP%6xv1DtYuTgd^);-70qfZEt>ipHyFcA?!rQZzHOL}rFG)8!}M1$$J^LS^r8Op6M
zr@p#~R=%)9Yx-R9EOIq>oIej&dr~Njl=r((5d&0~Y$^2*Hk4Z>1PAu{)T<3eq%8Zq
za5I{j)R|5WBfPg0fBW;t_w7^R^&H?57K<^y=Abpg#+TLn8C9jV+y-N<J|f-4IJ8h{
zgQCy8D!6k&dp^dPL83eXvzAF6a7ypM;i3^=P=1RcOYkh{c%Kic+G03Ah<Ng{Y`UL&
zWsIAH3iR1qoKdJN#1n^}8<<+EQkXF#Tsw|6C%9lHv7b?{`>l^2N;z-D4M7LE)RqoM
zEBL8ucX0n;8sC*T(epT=#``*xz*nRa=aTR7sKE;HZgHkiM$-@LypWPcK~mUxZVn|H
zBRebif;}bvCm1*4*~$E+Tqo!YzR~II&Se1FV;~}<{o+7VMTXTB8m$A6rt%^asW9I!
zR7|kybk2h&Z|%d@T3f*_0f}hAoR>Vu16DX9%@R47?V*bdeTQ2rRnlm8cA#XG*oFKN
z&;8sONfzW*9J$7lc;CX;pEgax%b+7}0{xOT-2UR$l>3Vy@BU5lWTXdoqV(yZ#)QlW
z_@|Tt4Tp3vOXVCjvN8gNj`BS?3R4?<e1P4eT#8>x)Gc9*p2F|`TuN&SjdVt;^!>P$
zszXRokDfQstQRRBz4X^6f1H3+*B7)>HF$~15w;C{3V$T6`hKna+EPee+Wz;4?kA89
zI;K-OQ`en^{4WCNB0PsTE0&jX2~|a}ncjR|QQc*F(TPZxrJBF?@ZJPSXZ9mzID*0D
zN@J+hrcfCOk;3ms-CR&!(Gx9{PEoLD<}EBAqDwVoKHOgQK#*s&`mj#LSI#Lxn?Zd3
z8tWBf6wLcTz_M1qi4YqjJuf4yffRNzp!J;Dz!`+i*2<s)m}SC<mvqIUW?l*yIhD5>
z(u)An(EJ2eC$1W9TOHRr7EvX)NMk<>VzrI09vhe()Dy=&8O5P_Zw+w@_KYgcdBiB%
zbnAKDN?tmfG9JX1rY#!d^ROVZ{HC`V&S(UV7b!Mh*T8eU)=mVVJM&dCrk-5V{&3Rz
zuw2M==w#qdKYLSYlNgwqWp)Ccg^m1GFEO2)vo(zsyqaYKj!~8^O^aXlZK#RLPj{uu
zj{h(>S~&@Y3n${IsxwjecAhFxd#L?Zmq2C8oeYwBr$$^R%>FUQMn^CGW|^>p9%efC
zCoSPdZ7H8~)yQ3-9-qFY3=J7i|IOIZlzw-Weeq3WPQ`xLPof$JQj*!T97Um-+B=k#
z@9&(T6ZAMooR=7*k+AoLZ=~w06=Xn^F&<VLo2x%$S(t!+=`WemJBr{)l447aUyeSf
zYM-G$KS|L{)N(`)6~Ubq{N-*kP0!){Du1YzQU3D4WILON=1@!sncUPthCii=zJ~1X
zO*6QQ>9?KbEo-5O#TDM6_WIp_F(6p%1=Msa`^%U$XBU-(hPD^6SAT75^!D&b)w-=u
zE)5Y8JqK$tauInumo>gks`nljw39K}JeY?I$hrc_6xs~lk|wu0?V$AX!^sr71*rCK
z+DuA>cFDBnK#>WT5qiBVO~vG+^rKHxZix%Yec28H?3gZ^%^$smz?{#W56t-{P*{6x
ztpZAw;&fvRg}Z*-6*TcSuZq{b-*eja=&aPYR4ZF>Wxs#@Gi2zS67?iLR_@2xi9g@;
z$7x{(ftt$}?iL`wkSq~GKz342VN&mvu-e)Ws3cTr1@v$u>O&BQbWOSF6fQuQKdIMW
zWlW|n&OD0ubEPpA_#;_$7lD%_H)$@Mn$Tmf9M7y~jfO`ohBqvRT;>gxtJ{^wwOmKr
zudSnJ$r%dkF%zyIEDl_fxRSb3<9%NTX$k!rfrWD;y=;cOBks)+uH!gb)ATiyYW1UL
zjwwZHa&I-^95mKt2z-sc@#=V>I+9{qG&{zR{&dIufD}QgjCp=I`M+d}y69&7&E;#|
zqeX}!NV{g3fV%U=i;On&#$N$V)3Zw*!OE<nFM%O*Hf7T{o5Xvb+urBxgfh)+VJkcm
z^t!|S%STZNZOd~hv7Fh8$k=|kMRr|U#uG#&6U^x^FiHOs{C1jcap;JWfd4yco!Th*
zrxSMHB7bbA9f6<Q_bk?)%xic`vv&%$Ea+*1+k-&>JDy%*GeJ74ViCcmJ!ij5oYR{n
zK@QQuO--er9ywymDT5^ibdh-h8;TVm^S(>NCp;UiF${GG(l%%GY|CQi7^hR=hAH;K
zAX0GWCmARZ9V;l2yH;8;P8A{llX=9>^58Rqz}8QEupo@&-7ByYrV&6`w!mqZpbkIn
z^=zc}z;&PAJQ!E8TDo|yBPnfrjUlDnNrU!uzcsB1P{vqxwp5N^T47JlI@%dw+wGLU
z6r9*@DC2*>_VUD-TfL&ziS5ehwQKrE;%Q;T2uPKNI~tB<=3frScf4mH8kIrx)R#)m
z@ut1D(W)16aA*%^@`$3FD$Q@8c}1z&EAqLs=C`mV%O>#sdAoL9E}pcbV2lgy`Wnz1
z%&8~0Wlly`2KfuZd@n(~t~o9u;v+7I9Y**_Fg*s}73p)+=Qi<kfk@H{j$4?6Hd<&L
z3t{=5a6-VPH--dBau40s=!um*gKr~jpey!a;U5HWChmUl>d9ebVBjdmYc@yfh5~MT
z4C)pVw!3Be2uria;&TlKO1MKxBs@z4Dakt|T8q;pnZBFrN)40)IN7ybg!iazX=Bty
z1p(AfxSmVS#YUSG>c=Csu2D$-%_k<SDm;^y;z(1$)FFSbnVaQTi1O~d@BDd~>*o&Z
zh$+Vb$&$y?i%XVoD>*1CQkawhdi`6nwCX@Fva+yi3vwb#d5ki@&L6|oNp1yVAqW;z
zc#L1_u*DkqU|%a_8aAE)JeDYySz<}(7uy3@kl-}fqJrH1*X*SB-^_U`T4bV23g$ZV
zE<mPp0)kH=;s<}TYg61qK?fLta;HJf6?s&Q0P!KkGPH)2ToOdtvWtz4jm~HD_+R<K
zRDW6CfRBFGjAZ*VgQ&ckFU|<n0@VS%xfAz*0lRN|c9gmIzV3)Ra@azaBt~U?y^t~Z
ze`@L^G)hws6K{+c%_Jck`^9K@{6pq~GI|Sd*&%jb(T18Un;=c!&bLzb=Br0lvBi5a
zmRXCwJfP7_m!DmhVoz4-Eo(%!xBw%F$Z!r$!)u3z(=C^dMrpwD9o&SA^QxvNb|w(M
zIgm<6s~#l2IayJd90ths(O&~_Up)b$3mAaa82qZwKN&&<gKezc)XIjf13O45Y|9Fp
z=S64$tmKsy;O9|xm9x1TuuA71qclftNpnjZlF#RRT%of!>)$#URzIwEhodN?N-=b~
zc&aXk8v1H#WYPymF39!Q-eH3@5?oCmzPhRve9e!p6PC-sykr7*E6xU-&{Jnc_Eklx
z!Kl2bFcVdl{c?V=8yIpz*ubY+#eGpYHqlXHmzaTACN#B)TE#*tR8a;@H_>p*4shaW
zMP`0OY}?+#amyN}(f^ltdgrarTTOu@2NN8uaT~1D`xtV59G5ekH{da-j;+vM^)LMe
z@sIv0!Q|V~ryL_dcxnt_A1hZFK_p%gQ}6z@y#sG|<Os!eiXq-~3B#A=sHie!L^;wl
zko5Io)T}cg;@3bt{JlL-TYt+r#DSwCX&J$@(%w(UX7t1cS}`K~FF%`N@M<=j+WPFe
zH-_%KOwm=B75=sj2{m5~&8KRu;5aH$OpFVyEC*h9j9Z(?4!Wm$b@>YTa~=le`a3xl
zr<vGd<a==btfO+s`RIvCcOlrnRfW#A)S6~tY0MAb$7MLlhbysbta>t_r7z*h(4=Tx
z##rslpBAwaCXpV*LspL^QFFs9@?V&WfLpiU2`|5YKa1V;Z<>dpGEP0|t)Z0>Y0Zxr
zwGB5ia?Xs$^1K0cpSf0<4enD{(>qm1TQ6c$RA#{`xfXh3`h1C$HY5yVoIb;PD(Oy>
z+B~`p7ll^_uZKY1&Fej<XFG`Q1<@#It{+7;pHCje(U7pEinhi7L`TdHtXLNR%<h}%
zs*XC5V*bMUChDK>3{{<eHw=zYRbU;!DV&URObdKAH6ppVC7$eVsZ76!Zz|4%o<NeN
zehMkZ_LmkNU%NsY>~Y>l5K{<ObfNLN+*>8vSuS`$-NH0~O5=7?Dq|wPxLcUvbl;@r
z<<Nel*KKfYuB#6cG!G)Yh-)`IUv%v4me+&<9XPi3h^Z$2D|r<-;#zXNdKML!?zM~m
zpj@g|$!U>SFegd)CiUZFV#77d97L(|hnHGuw6w2BEkIdK;`<fh##HjLi{8yodW#ZW
z6#CvuxIGVD-{^$a@T^30?fs46lul9=kq~?0@Czg>%i5Z>Ec1Bus%6Pc3oX_Ptz38c
zmk}??&VD3wgGSRv%)#;xM^mX|98?oA8QCFh<nm{B+K5AHHRf2I7Y5e$Ntz|f)$zH!
zJ_oMLo&79|;L>3Y*8MG=ITM*Fp-r#CAQf82(N@SVCQ-Wu$we&J_NW964A4bMLD6YO
z^mKGiO6N&ULEV(^q#eJT1pu2x8lYE(ksW}$flGpChf9BX%Rc8ASyHwxXNQZLA=4^6
zj|-_j;mLjqa=pV!SQ)cXBb_<$+_;R@2flzpT$IqU(F8(%y>`YJ$N2eGCl{Err0=)D
z3}rR)AqJv&9n1E2W^!f1J2kzRu35Um<X=&vQ&ba5e7o`A&1MNxkOCCckdc%uSf=QA
zi2SN7Qcq#Yjd`S!n1pfedls+Hc+y6^8sQ~R-2W%^w7~$R-{d{6W=^n(nKj&S!<j&Q
z-<G9trdu#$gP|_xdne-Zn<MgN*f2cgL#{MFJf10jM=ZZokN7tRTm;6)*Z1!^-gnFl
z9_SA#S${`;+0B@2ry~K0q|qPert88zn?*LGeM*#=jQf#{hX|b<c)>BHFHb9;#WZnS
z!-W^BDWAtuoDqjKZ_Y=os=dxGLd-76+Zih0zj|>cInm(BU37#Pr>9`a$h-NBDIy-J
z)zF3KVd@guA%J_~QI;ju&=pf~zgx+`*mz^~+(iSjOdFzdYf=&BQi?swiiY}67C^I;
zf|m4AM=MQmk=A%-tu}>hom0B?^5}};rP1pkJ>h#xJw@PF4KRijqz=SDc%p${(O8G%
z!5#^JKO1EZs}+O4aB$#X<)SvjR^kk+8_zTA!JY<^{xu`(t#0unpLqA7dDDikyZa<L
z{>F&z)7=9+GDABB*>6M=&i@r%`iHvu8!WMeTs|a8BPx86c*bN17-q%A;=2vcEPeC5
zQu`8j&w*FqhIOHWQ61zF=B9W}v%r1d>Oz1o6OwvpJvuAb=YNm{r!E!r@4QsT_`*uw
z9lz#OeD$9VwJj}$Uj3gG6x#TYkfG;oJF_OaOHW$dT>=Wv|A&NBCl^6U*!%5ZZQ4b4
zE)>B0K5$D*RxwMhMQl)cs1APNgzcEjM!wSEnct1&9NSQ&%x{&@xty)?u}5ffvYP5>
z1<#Y}wi9VhMB$W)cKHCeaLwRvRa-ZoVzrf<{X46OO)@O{Y`dQMC2W~fU+A$O9Ckzt
z8NI0R!J;swLMe&0cCDUvt)FX-Iwiknd9uQz*t04Q_```7ayMF+q1gDrt?2kEU7^*h
zjs5WXl)0Tg_o`r(711`cgBY!)Ap!05hvrbD3SN%lc=4UAHV+pAIUg*JN(7eBxtgVf
z#LM|}vy&G2zBiZK5M|b1y7u%Lj;30Zmb~|{CJ2|F@zjQrTHU#KnqI2|UK72Z?aLr*
zXgVa7a4)()ox6eC-x$v%%7sIa`xy7<KaAPc9)T=3_a}n9Lehg~4vkBRSL>mWy)yK@
z3#II#+(Ca(z79WGvCp;(D}a~or6WjA?>QDklw1oQxX<;DKutt^1IK83lKzd+to}-B
z`bWtd8m&E-DpLl|^7%ozjB%0z97}qd>D2qjhDBYi4<pO~qOrpJ)_u1hvkGTmm$D6^
zB)z6;<pjxFerUs;VuzN1ZtU0N-g9RVpcu=rV>`K1TtclNw+ITEHA;$`6<w8wB(%zX
zUPWxcK6ZsWVuLj5Zg2TpQ(n^<!ngQ{osm0sR~rO=ZPF|8uDQw-h~E20wgIxPraz@&
z7g>mhS7<^gd{djyb^a38?F+Wsf2~;L%@)uCjYs_>p@e2{WW{q+Z=8joosFgv@=}jw
z5??C=pO~_)A#9U_=|hVf3P7oWYQ2?K{VR-bwK9$;q3d!qxPA#hbFEcswEY&Ed$O?f
ztf*;Vgrgka)1$Z&&yYx4nsi27r}@mGNqbHQp<1%B8lowl>2kCx?VYTl#Q{0>Ipn$9
zksR;dB(}gsX^VEv!OgmLqoz+$cF)LboyL0O{Z^S-+nFC>3TZ%3b|f?lu0EVD5v2O0
z=l)*#r)&aO@!ub`ZtDIDteJ-*jQNWl#8`0X#b0?;Wk%>8<F*K}_`1wqEu6_o^EaHc
zF2ji5LZD5X{LZN?R=DFke$KatgsP9b)582hFNGoc&qGcwNubyveDo!}o%1e@VY(3h
z9xPTB3_JValNX;%o89gipqdO>3MHEi$t?Vzh5_(8aPu2IY_i$$%`F~`<di%v=e|94
z5Q2x``4}a8&O+k??qND$L%3DZ5?MO57v%j?lb$N&<b%}3^6dTBgn>K{(W5O&cPq(D
z0o3aruZYW>t1qzqA%p)0X9{a}Gy>IauOVpQD>gMtQjM73V-7tF0ni?USx8YiH(zIY
zZ4=yq@ubk8hbedR<85Fwqo9E6esycb^RbUFnAQ=CG9u&FiODVd<Cw&G58=Y4eP@sD
zO|I)TJgx^xPD_4Te7eMcD=?#(U<O&N407forxJs)nAmw>S}XQtW%hhbD<-o0@uF_4
z7jJGK6b4TH_b$-sTw`P0EQVjn3@G<&r=0aag;(VZ<tiMQJ~Fz}y!XU4DxOB61F%#D
zlSb1X_tL69jUYEVNtUMe*R5rJJh`@SCfa`Z4Q6I^5LZT4WYJ?+OW6dOxb?jzjw-W$
zCFv*C1I}6qA;AJT7)Bu)V*3N6*G-WOcE5_?RpQ)EdeVyveNM7-B%$q!TFRH<8m(8@
z)3D}3du!g2NS*T2NaF-U1n&zu0s58U)%kO$t6Ak!L(zrs@u^{l59^!M7gbnsB^L9Q
zl^k?E2DMDSo?($m#5JXxrCwrbaO!BdQm{lbrykvO15TFheQVU9`xGb9E7$JL<0>e1
z>-figh6T-Ll*b%|L*7g2pknMDIhszUZ?En8Q$=T)fDc`}ZZPc|CRV?A`*i01CAP?C
zBn_)}5G6Zww6QJoKQBF2QDYpxcn$9bv*-QWcnR!DbBXif5ir}z!q4s&>HFOiE!KT|
z>(SDUNd7pX+_q9mD9BM3nu!`rEd+j4JQ`z9jpnk%gi~*-8gFoNV>=?LbDSEH>LC`H
z5oRv8i0)|?Evm3;*{J@U9-pdIV6)2wI#5I`yuNif=l514O8GR~tG24t(6I=FXNYHF
zh>XSw*0QrtQGRlf0Jbano_%@ZZ`xl@Hmypqrhf(<Xh+8O$45F*)T`8)0;1t%(lzS2
z(R;KIss2u>OD?MVs}r1x<Y4@*bNgVLunWke2jDfp6YD_m#M($}wKRSV^BHYYPjcKh
zXzeB(3LV9wQQ;2gY&~sM8WKm%<2{w1XX`+BW2RVr$C3p6o{i@@LsB#iO|C$oT@;gu
z>d2tY120Bn5EhLo1D51`k|#(pw5HDrRUJfFvPeE!bn^o&mhJI;5d_u8p#wJ9N8mfc
zf*MlGk{lI7b{A&fr;Jifj4u4@tR)Lu{RA<M#BDp2A~Gnn28r#_D*j#46LP&NG6)<x
zwKJOFQ7=fk_5%VvLlO!A_UPI`p+kG_<1FqIx#f0oq5?6QKs==X0r6EbM&pNFo``?)
zC67|dp#SDZmc)66r=0Udm|8!S-17O|uKyR7s@y*6soYm0#pNEa0x`=Q&kU{C{vY<<
zf+?<M>-&yCNJ4@Km*DR1?(XjH?g2sw?m7$_+#w7wI3&SkaCd@x7#LjM$#tD`Ki6}g
zoT~Q&JXO2)OjXzPbnjk!?X`OU{@srf-y`o7F!dBvAIO^Pp?4UhMC^~4rq$~*Eu6`r
z@FgE_9<5LA%?M<n0-ageWlLRA_NbAIn61_{YYNLSw8r-&41xxG>omAspA7v-Nm^cC
zl$vlXil~2kM-ugkG%Z+*fN4g&mbetD7L_I~c!uHqyEmun6wiD7&~SKCO=WmKc00N+
zVh7kyxJy@|Zu$Z^+mi*^kNRU`EZ}ZV3K~xV>X@G%9PW=WzWa&U88LjvN(Oz8XJz%J
z`B)(De1%y%wj!PW$BV@`-m(KjM$`w`*JFZ25>hk1uc*&5xW^2b^SO!Hg<@UmH0^cA
zbj!kIgm(2q!qPXpYcDuT63ub$BeO&9lwz_$oVde9Us#7{dREDFh!=83T=b$SH%Moc
zb~&x#JMbj6klK87B$#YOu49b-!mi%I?0bCEU|5}#_U%0B(k>V#dOo*z{y9JLaOHIJ
zWq{a(<ob-R3qsBgBy2O%X(vKHLN3dlc6q%m5GC_=(jm);(b^5l!u|kus20_9^=t~V
zUaOyXg4kZ4O|P5c#f_ywCU|5(gB-9YZAD)v_aTDs;2U9B){QTwtJj%j)(mI8&5W`E
z>)`iz8Lq9A)HY1M9u9c<j(x_TWYWQf$aR%GEI>$AUfMe#mjGfhEck+6$9go#nsrFq
zlU;B!<7{iRr~r?jP5z+lm12H@MXM%AVM`DqMUqcE8pu3*eaO+;0JCr^4|v$&u3oS`
ztX-Wm<99ux=5$>jLGgD|wp6YPEdFWlI%^K}@)M}L&s3Z+;O{E@Np3YlM5-;nhO`>=
zc#p;#cn0C7n3g69;E>P@NUG_4$jA!(^&RQvTV7nzZ2a-yLDdar-{^@<tlm9HQV*Jy
zT$$mp&Zq)P$cPPNtC00*UKS64baWO=M3?7>u4P>^HQAn6Wf$tUzJHzUyq^F|*=g_S
z=}4@SRA8vDmoLsl!-;UeT}vI{FWMfgdMpGI(8wG~HTcnb@BUnBn^dHmchSZDVTCY~
zlvGKdN>|I|YY@}5b?WEKpkOz2V4Li$!RxWz4=kv)31iQ}=b%9QY!!k_q3dttF*4e^
z%*59cj#WNSHP~#x2W!E&5NsGHW7w)EXplNs_D=FR*k6Fj@SP>>RIk!I@~7Q3h&W{<
zHV@iRAG~j`w3Epod<YSB1R5u`r;G3KUw{Q(%Z{l1YV;eLaNRbme)8}EVjGSEgsUJm
zaGEY*99aW88)%n_r27$<#G=FI5j)8_{X9%M7r5IVcU2QvGi=>#t9kCVDOSK5%e60B
zwm_Rgk%y!>x1jL~ADHFTjuRhv{Ftho*E)KmrlvY6&J1`bxZ=|MCUd|1wv?%G*7N45
zaW$z@`0iI1`a4_zpcsJ9z9RtbK4YG3$wFv<9slb)LSb}OYppwmGp+C46i=*^%TEI0
z5Wy@67&7ekcE#cO^Xp7Q;V~41742tDm&<n<LBjjH+q2I(5T2sJ_X{CoVH_y{>YvFF
zHw8PsLBPi;O5@Syml?<*7meuCvcf%7z&>g(|IVs&cO~)h?n*}t<K@S12(Q*wxJ8@H
zF$9x6IjFeMo<Dp4<k@?dX#}f2-)=3r1BOn&X$EUL;XOyT#8hoN4Xz+E3!~R@hFL53
z3X8-3sv+DH7a|W*TF5ESo}!r`xSW_%I2{KTAM9?Mg<Jiu>dCYFSHmNp=J!DrVO!d_
z03z*MbhHNeYf+cu=n?L!n<60CzRr>TMEvcFLNvUCy3Av*5kx*>d}}}1*8kx!I}X`F
zeJlC|LF5Sn!>i%p4C%BY@iiI*3QKl|6@e(8!gjZ3rQhkLtF2x_XC;ZRKRtQ*@rj?w
z-0u%~_fpWmWk{=QnX1f6eEhK3a^`D4sfn=k0sfPNa`J>uCTKs-@0!P+cfEjr{60*`
z5Ui{h79@U&(EL@!-xdAi+_s9aCg9h3KvIMRzwG~c1b4v8_oI<;{%-WYs{Oli_<8M~
z3eH~L8a~np{<;2h$|pOj#sW<*{~C$EuHfI-@$d5q_fwwum6IFky+7Cgg&AIc^V1iV
zS#H8##|8`UuU`Gn-~avP3r;WztmUJN(zDpfW$SRwae`|zb4iT}4yDUnqBMzFxx3Sh
zO!X*yMZV?bL9BzJ+VkywvByI4%?WXrTeC}9wxAU<z<urES-)Al&n%_^|Gc6_bk5e?
zBt&!Y+V8yS*nq(L7PSsB+?^KY(G}1o60=HmG)DYMVei+xwzZ-vhS({y7ETODW)ZdW
z1tMS!D~&`rt|=y?zv`isNp1of0x8-iWtfbxE*=>cylaXI7jiV9u+|(&08?{b2#=-^
zqJ#tG_0bHJa)rNQy<})&tj<(l%1WrPWmelboUarAKK-_2+37XPCG<$ehH{N%g}ygV
zrkRz~AQ&n0@;T;6xxDwD!{vNnJ0oA1&xa$7q8t=gV=y+yx{A9#yYOhb_^_Oz@iNd8
zPYA)$(Z?%`*18_R)kv;H9KmG>A6@*0jzX;l1197uO*XUemF=P#AR(Dd6@;_3=2AkZ
zf|5foB>XWZDOwXq(7LXZV^}J`TH9s6(8wGYH?sH%_od{A^PYRd21)QBf9x5j?F_$u
z-AMZeN<dM7?@aluz9+RSblyV|C7as$hwCDRa|g!?i$$T_bsH0P4VM<qo8twky;2<^
zZHin#zI{bl8iQsW^gKVD<0jJ?h=ulmBKd8p3wgtC?<=7m`NmIPjr)~NiLM2s+rzso
zflucPQHa-CC-KF(Mh(vS04c3?tBR(KiwXF8)1A5%P~X~wcLI^w=R~mPZbIvGw6Z`A
zn&jIFOU}TpcOJe*DRspAr_-R#t|b5?q9V`O(#-HE`!-s#+N`cOm1WcOv6<?;Du@KL
zBO9wbKmOub5-l@=0Xf_vr9zoyp(;dqRo<7So$r=G%!^7%>+ZE<@^;#`rR?bu;U9!*
zB(vz>B;ju<FiEq;ybu$Daf>vx?H|8RT^}BlvmPnr%8x9MR{LsB$F&)c?ODlXtDZ{Q
z@AKULQv&66R%ex5Se~?6k;)X5Sp&bqsolQpG_55SVKi!%a>}{I(hl+acQgdJF<t5L
zF-TV@oSqWq`#F0g<vA*IGL#78vY=!*aLeylZY4_6>|l&;yT>ENx^^&$Xlc1p9!Wwz
zr!3;VK}6UZP{NWdQ_XXFCt6xUvQkle!Ief0JA*J%4}7M1@8!{4ZfBw!fArKm;uflz
zI-L;TTveMJ0;8FFy?1ur^TbGe8E?>h2f^`3Zz01@VRA`6vub!LuCj6{3x!l&>d8of
zD!qg2(a;AOGVkkS)sceN9sB3?<Y&S<opt#^${lu`Q+IRO+HKSKS03)t#ITv`jQ3=V
zPZ0=>a*fe8b9bY6Abl0t+E2?=RhGp;pU(=SzBf#jVsDv<{;KpPvM|bQSvDB5z&8^{
zcp6O{xWsrL(3s_VMwp-GY?XxWIQsZeA)9*@vS{6!OMNES*r-i~x!LMm%l%o>`L~Ju
zj4x^3b>w0;5{RVT{QLoGy0$hQHO}cR-Y*(U`ckL9fwWM;7Nfr5prUE-xJYq{VL{dT
zfUQXC+Z0;5=#FaZeCaInzy{)c)){f*Vo?xR(iCFe0JChd9H?c+ID_F+Q!Il8@H73>
zkfL#qsBc~cTI~+#MG~$n2l`)GAx3ty<(j_xnLOOW%1>Ob8Yq1EaOWj%#0fOTujwmP
ztCEW_`XvG3G-iPYNfd0qqRec#naTkt5+#*im1JhuMSu{kSSs5#d$}ZeV|}-FS%_Xk
z_3%+<=4Db5!LVmpA@Oit&9>TEzL;Ag0(5l!^lkYkAwE<FXB?7yTG>S#OoI2BLyB5u
zyZ4#ej|S<Um?6{aW_kC|WC_JS&eTjfao_{0yg|0Ue#x^qBD}{nnL>Qd1f&J`O#{1I
z1aXq1<;Dp+>94J)!`7@;$jgdHbkxZK$eep4WL-0*S~g8V5a}2LcjDMdws1?P*%S~S
zUCN8H**DrRW}}xRBCdga%|`1S%p1lN^cv-IxeR;)#LYeUHAB_{8M{YcwJI7{WV_$A
zM?1)o+Md{baSt@jYh9h4XNm3w%xGK*F)o)Igba;1^M>e$2Mm$2WhypDyYjRgrxj1U
zIaW=jn4NVus<^*w&rH`z`uKfQx=!$V#Ilw*O*oc$t6*nStzD{xdFH6Ll(0d8XEN~f
z5?a6cAb(Q*iDHn;ffdmHR;Vhbv;8HZ<+$6S5X(5GVKl+$*-Dj*p4IH&AwY}knPJ(L
z{NN-#ekkViWRmgz#~XhhX*@@LE9zC!8_b7Wx5tINSYW!#B_zDTjr>J9d#ja2x7b_S
zmS>8NRnJY|NQ=)B!4)s`l-RThRayfQ$Ts%)uf1420_L6Vivy*`*I!&t+@G8jdrkGV
z@c79i=MdN2AlTZB)NfBoIl4-AFd=UQWDvD*s!CctoG9?d7fR74D`0J|ciccQ<sGHd
zQdd_C7k0c;t*K0Dz3-;3qV<mkmTgp(aNv@-_srZOMYO=FIATe5%kP-Nfz4E_GyV=)
z6E^!=RUghB_|0h|*)!x;ONw?ALopaMjXHhO)3iBu9dcCo-l2Zwu2gFBqaYG&k(U!`
zJX1K_!TU}!DoEX_BNtm>jmj>`*PmVF9yY=M!nUD+5%^6_z~4B6l1)xvbmUY%mohGx
zt!N=lPa0JC!7Lk#DoxNR|C)cXD0$gpP(?(U=Xy(OmTtj-(9fPJHI6M(A$WV>fp23k
zyFuhK8T_Fkd<6ZcGp>#i)v_7$^hIMnuNEi8CwE#xS3|uXLLK$k;bqSvf%On>g5k%K
zJg?%jnrDZx9d1|iU4*uh4~M7jYM-JDs&v2#*s98_I5`w`e)hjUC-G-iFl2`sxuJ1C
zC2;(ltAJXh^R=t9g`z(vU#o0I$8@E@?ph-9Yl^}PHCna+kU=#V$5J`5ZCYN^lDYCq
z@Lc49Uu%dk&G)Ql*<Wsvg;Qkj=lF8EgWQPC!*oD1g#nDLeWfLnYCxcN1AuNAGV=rJ
z+`rKFFes;=cIeko%I-F*b?2PU)M1!BW(W~g64XK*d_C!J%tLQ18M`dT16(vwcRLq2
zD&{=@6`;pASzNb6%O44`=FO@SH=g)jrCClCnA5*+*M}KZ<xf{;po;dXd7}?LJ*XWo
zSGlj}KXOq2xZ<50C+QJ))sO1zpPf}1C*eKDOjAKNAk4N${MN@#*Y95D81t_7=vIss
z$hgn;wM7!z;FO(^b2%w1@EjMq#pk*-udsDYIS}wQRk%C=f43g}A<6CH&5Hp1*4)aS
zy)H+WTgb+{Ei&bRR~HPE31xY+TYJhrxjLVNGvujrR}~Za+2=nEZ1gQW&+&k6I+fEP
z`J2rHmRCLT9(eo4W-Lz4m%?iJB_o3?Wf(H6)aVW3`SBMPrW-k{l%_&5=j2g4Itdn3
zQ4f9wv4i$oh3>3>bl$oH(fib^gUc?a_<q@X&COW!JM}6*n0O6RYl3I^bI9Yvhw)4F
z1v6ug0sYEcn@E|V4QOwvqqAs8?FjP>d70_@9@3#~!{myJ6>Vy^&8)#;?Qd<}TKt5}
z&j}O1YBAvjxaG(7vA#UXlA#_A96#bs>UoE8(8*J#`|z@iV&?X_&6Cqm`R+_`wQrn2
zV5eR;cB0qiu9&hismPL2`A%tp$|X8LL0(uuy(8-YN|?y7e?7HR1GBi|)v-77zxVBP
z-<)D7OO>rW$>D54rp&z@16H(YK`jzN-0CO1WTsVTA4b;HG$!1(es(|@jM+bwsTPe|
zN&K?aBoLWo8fUoMCmSzE?aZQdUN%fqV=fdDZrN3R61Z%m5O*Q({*!uAnH`p~sGR#F
z^e1pT)gEy1E<T&Osm(1@NRlXZit~HFOac3JcFX2$d^JIZCCboJ13ru%u_8C6{&nhe
zna5%**<Y*LS)UEK$f@s?9>fU=`T7zuzWqo|HVRt6=|*2V;w4KQx}KwMEe~AE*ahOU
zGf>ZT8Rn2<kmg3^a7+c7r_`S}28td%_|<z9h(Ym`=WXeTht@kncIElLG|1r;hL8Kl
zMexDIv`z^VyNU&}B$j>rrw)#JYi1v+PN-t?oSfk-!esT)9tb3qQjWMl<fA2!od(e#
z(y-!fb%YO+$s}V^t0w{MaB<LQA=;#dp?3)>yZM=_pEg>Q<xJO{kI~N)JPygi-s8Su
z_xhB6_EGdp_;cFQju-Tt|Nhk_CbITXL`9}8tPg0mkJy^cIciiGrO`Zgu|TG-zKHsm
zWq!EB8B9(Rqvw6W0Ibl&AN&lq`X(Bv(OM0*nhI%qw$x;laq=+YItp?%X1O#Jz8ihi
z?<iSv`U1|iI%=d+Ppczf;U6hj*vq@|!cy9fUv2wvy${K}QzDZ%s8-SJBS)M$o=oT>
z_dI?jSVed=8Pc#Q<o1m=mMZblOR&V7sb3mgG!U6pt8skwb{<-W>#ree$&`*G8E3YH
zUjoz!-mk6C=1)i_CZXs$e^`{0G{#+_;<xP?1N2=B!i0#Fj)+KhI%62pj3}Zw;)KD{
zK0-kc`-*}53ItUNkpY%_66pOpDIR{*01%;9H>JA42fq((fY+15?*igx`3kT$*Hi=o
z-WTxB>|frk89ZmFKvHziOVgApLe6nXvpACj7aH(Mk*uBFQZka4=iN1ij~Hwn$*>Y;
z+ujYR)U>x50OkwDj02L#%-pwsBELwbfU$2=+i9)XiA9w-d^2j53y_v4?d0N+h{ld7
zLXkP}bI-Ek(iOUsM}E)nw8V*mFNk2Bx~qP-5obAYp+&DJYC&XSTD%DFnp`Lxx`8Td
zEG%HDeXuX`Ht6eFCi{>nMw)GOGjo%a=K#)|Fg-fL373V=)7fY~`H87c*lTNw&3j$0
zGI(#zc;_7=&`-XiMAFPrxn6OO%cD?FO01lU@|7Y}lA~Qh`wGuwKu-I+RVyWxQbcTw
zlw$=&2lXnbzJt}u)2nV*`r$@aK|{Pl6wz`HJ8BH_-`aUs<f&6yLl?SiFfDxjHTG`&
zM>5SG7nUV_&!@Ft^KMhuP}SS|8_s)XC-EZP<_c>BNRx79siFDU&%cj*!%3!$RA{<0
z=?c@O&mFcA)_6PH;=im6<Gpld7EhIA?s%--MJ|uGaM(_c4IFkF6<Jbi?bI1nCwNJ9
zrhGDX3r(;*v<Kct3w{w^4>Vh!UV0}(2~?%b8IYpX%%M2b81P|o>Ud0&FA&;M8Mznz
zWlYq3?4ygPfj>s~)|L0z#>QTJ`WYVH<cVXy3UYBW+~F>^bY8Ywzx6dX5qKPW{B%G&
zi;!A%ZECj>0JrRVDtEYLv+<9RLxV+%GSaxXwdV18P*$^j3<3zXAYJRNiq6ti&vg4f
zYck-8D=jnS@Z5iVQNocH_$~0Itt;DmZ{P|c(NJPZ8B4$y<{jm#Y_84lpIt|v^23F*
zgIdJ2sW1#H2#l$wNvW@sF6e=(#?XzVE>7+mgqCcJVAAk80e`Vvt*rI-9dxeB<yz3G
zhkn5IP$%abAvKI->P$dpMes-G?{-c&jSBhk_C|)=?xHh&EZ>FGhaIaCQxFv;ssab1
zX!l$1T?pS~R0#L*0JN~@TWFDk`_1)!L7OcRb#{jhjm#ZstSt_sZ|ZSZ{2TBRtgn(_
z*jl+Hg#w0wa>oV+9q;y~Edt5Ppx{!=WxDc_L@!NG@=yiL^ZxGczC=sFQj5e7a;ct%
zElu`HZl`4#w-v4*%DsBj>ZQ9VWh({G4CgC!d5gFK3AyRDyZXq3wtABL?)KXBQxGuL
zzE^_M4>m`3Z)Ry*ZB>B@m@|&F-6MALEjK^R>}L<rn1Fxr4M^NyncM@yHNLed<E)Mz
zj<Bhcfi^-=@zg9VpB~NJ$jVeUr&TUZ7*q0czl1dil~Y<)UQ(~#!`(>0a<&NHf_JG(
zoZ9{4mJL2%7r!!jG_=JvpWkI?%V=VLx@&G%)mdcJ7xQq{g?n7{m0-PS2R|d=Xb&T`
zZa_I^v5(~O?zmki?#5#a*bh~<9ON246X$_Z0{aw?kt`(JzAaGs%kc_-*>DfHTh_>Y
zpd^|y3Zq4a04{6zekDonFqdiFik%oG%D&5T?=ES)jV|5hC97*J-LdK4X@5v7+p_m$
z`665kpTAJ$Kc4mx^PJ3f?&RSc{7}s&Sio<eR!uI7d(Ycfetyx_tM1LEV@ro(ld31+
z^$|>!jH?{LT5K`8JX2f(=$N@}&7mGOG}3-oK)B$jSg^@yXlvc)Ti*n(Yi#sRcoaL+
zPap}!$0-SSkU*@!z0BaNEASbi`c+TAU(zT(PU+{ooz`1;vAmeJ9UmTJ?wCf-njv05
z`Doz0(jSHEOF4ykuc6;2^$Jb<MDWY$==|7gcQ?a`L)GL3!1+BdZnTX+D$h@--e)Nx
zMsHu$ELy$|Wor2#o)iVphsN#of*%6tU43g3&N9Br4z$RhF(KjWCRM)lxpVM!wKz1_
zf@1+t=1L19w1Be8xU!M1RKOrP@#~uetOYKpH)Ed$cYa1~tO4N)XV0>D*c^?dT^l2v
zSZPh3r;;J{wEB%1`UNW>FC%%)7i}UQ!~1IX&8BYs$V!;gr*HF8R|6jBxGoY3G^G+{
z+E@swW~#hzZ&Lau5mz0zQcRNHb{O%hD}{a;on!kft5fW_ZQ(k;xSti}7Tn;?W*w_#
z=VExg>M)JWc!(Cn-%K(4w$LE>NGIJvb@c;vTx?+PxB2gF!?nAhJB%T&dsbxfTh)pE
z?yutNCxu44DHY!Hz&9Xn8%d+?)*B9tkUGy@%M0hKjIeQLVqClMw(2rruF@Z2yQ(#{
zJ8e%doCCPW%foWp(z>Bv07rP_jr+Y-MYrSA%`KZ|wc(|fAisrsOT~{2HrEeS?LZBt
zE&doSHGXAu1=8gejftm6mg%5f5W&xc&cf_;0YPzI7@qEq%ss7m=kX{{uKU#>|C&;F
zkTF=7|7Ug||2g1^B`Z>BD0`*5U&a&(jJJ=%rRk&VRJNj4RDOt_<>SPcs(}w;+DkLV
zm4J@8TmM-@&tK|JLHs-Ie0ugjA(ng_kg-qmWY-!oDtxquos629(|*m>{t9dwaRMMi
zU3sg=Li|(2{)P!vrO0*Tf{nQTSB)GYyGGPpMc3LvGxyL9DATKF0nh74B-FG^OLvHc
z_zJxBIn64Rh|tBD`;v7{3f#&O_!OP{H+O8A6RYJo3eWilqHRwcX@FL)@`e>P!?mVX
z`(q$e9$Zcw95T|p%9x*n*5EU|{1A6qEQ&`)By3$LtDY8dDO%@(azC0hfv^(yq`tP<
z3T_1cW}Y-Md9iH+n|I|$x4~WwG!=)dO3T7AltW_o^$REng_HS*j-FxKZ)#E~`Y|V}
z;z&y<gmnh^gJThks9QR{JT@F%?<_o`-tc$~9p{lnYLs#u-x50S`2bB+U>Gd{q;8RS
z^jh572Jbv;(I(hh7IqOBCWYM9qC!(6*cp|phDcJmo>fqMhUlJE($XI<R^TKBmd0+8
zA+#BC9qL3nRMN27*M#p{x9~2GJEhcfLDy+pl?)oSmILr3?aolxzBX`GP?mozy~rf;
z6bP(Q8C$ly@}D9Yb5AleXuKylp(3i@Pkak4t_MHA%k$~))ACDDPgds2CfeTXUeuy$
zIe{b-D>s`wUVmTT?O5mE-h)K8B<Rq8g<*YH?-o4@T{ZJ{+lc5gR>Q6{u92~m9jY4%
zy!9BVRUJEDV6h}L0qPZFBZVAGa2*eMae7}7mvmiX_!g&H`&$<r#Qk6zzqc9XmC`N9
zip@Jd1d;8d*rjsGe+Els6x?^Hew~~tE&_Cn-1>8m27CKvdaaP(r0c848x*s{=WC_a
zjyCITqL%G$XTtn}!%YJ-sqvN$2-t<uUHKToSmRXra|tut^nR{{6MUnX&)FI1SBbf$
z54IH9`z+!!SA3&e&#S5dR%ss+!uDmH_1S<9jwdB&r}bxnNK1q*95~usXSB{-Kt`6m
zsxz^iJMxnCqxQGS#-Wnz$I>*+XG09Wt%6ve>`iq~1VEZ_gIAH&ui;q8k>9!>+k4A!
z!;~%7OqsCfKwuQf^nys2)cI*IWZ;C`{M8ZKngcmkKMUiF<49qSQlI$!64<umys`vX
zMTL9~B`g~edh2}Z$S4#f)tbI`besYFY>DzctMvF~LT&1%yNp<^OKo$Dj1X9S+4RAG
z{~5K{zGN`#6bUB|C|$tTSnwu>l%uw*S^q?J!fR;Xe?;9&@kzKAJUhmueFGxgGgOZ}
zyxhYHDA@x-iEIyTRO0>a1xqUTI2VIvmp|8<->&!9O<i0(O#9n=w@4349S8Zf+|Glc
zta<G7hSem>bVDQ>L**zVMZW44TxkIjGZ1y5xQqPAb%to{+!GPHTpDj>C_VB$VrXY!
zr7P^<T~*5a&I^(-DEh`n5B$W|nBIlj!6NIqFAo+?w`?Wb7F77xv=Y-0OjbzA$&6p&
zPL`9YIS+~Sa%_#}0v*~y20Bhj&;EU<)KhHh$w_(Rjr-*(@3(D3`Uzknjw@m~WqL@F
zj<=(_5xUI_Mc6nXt+8I&b89yIaUgAaEjaj<*Qo}nu8hpLm2Q^HkkOMtl!4Hs)<M=h
z((l+&-hNs`+gmxYo%yO@@pSR*gzs5LtEYXO(0WAm@lL;y*&JH};6x_#$WJU~#n!lJ
zKXr-ig8*AIkx7B;`vV2Xj>v9;2D>6PKYbdkp>ln;&U==xmr;EI9CE(%YwLCmw2Zjz
zSc+UUkz(M~=q9w6v>`SlgQ?eHZ6<B(O+V2HJ0hg}r}d}h$|h8v+&<6t)X=qbOSXPh
zI{Pu}R0rJ|9_<&DeRo~!Ai|20WTQT+y3<~H)0uXw^+`-f8M{T0ZdfyQ==)+ut}ZWi
zP}B9?R|O}a!mAc)dbQ9297sgLuQocyCAFQ((31+xR)_f*I$#_ni`C>~%$C?qd^K@l
za$L`PEn1qL43!*Ibpmwfdr@g{Ke&>}u0y{vV=7Hmm7+y5Y9yWE)@|K5yW~!nvGVfv
zB)^2eLD2{>vz^x>BdJa2N(oXDlA;OE$e=Q29Fo<Cf%o>ly^m{n#$Tn6Enq{iWTf%x
z&Jr)B=+v(@KQK%3<zyM;j?$9#+V6#^PE?8cS&6D;>aGKW|1HF7HeyXSbzJ9Xuy-Tr
z@z7F+d<l@6$a5b!9Qk-^*C{=pnB&gJ8|%l>+p=NB*`&EZ|85~84kw6l7sHiMNu4<W
z^Y{d7?_=u+;o~Lcy5}dZ_ijL#J^N3AB>Yr?s`4+UV7luF_1Z;uiavMdWcWt4*Syru
zquUvhl(tt~x0-#`9F)GJ!s0R&LlvxeT1-j!L1hn9mOcV?gBn@JIxG)qG@K(N<w<M5
zT5gwJVW1@=wzklZ<m$kT;E(b_kqp!d_cYZHbyMfIDI2o=9G3aWxEbQDUT#tb2-RED
zAN{{eKUA$WKkC@!wD}|rVp3HNap{hI&l?)JaY=#lWo@FXjvTZt7*N)+dg`}}E#ufF
zKn#|?C)BCfB*M3*^Z+5IO4bX4lxe9`>R#dRqxvFc05gI*i8`I`e$UbgLt1Jgp=>uj
z&vf7M%Ts^lBNx)9PU@0p**X}}5~}cGZ-fE((XZpezzRaA6lwmx)6D(7dhms+apF=u
z9?<Oj?_gqqBDZluLf{r7EP|aW4Zn(RH*`CIqN%ELR|B<hJodon0iTQLSLf{QoGmT%
z0+vBer`fjlZ?E;kJ^d<FE=T+0uQ$`gs4MpU>qbhWjy;|qUA#EY(%8u~d0al9yJp$c
zU8p^pXSni%oO|(nP2;3w;_p-$XE7_iDZ!d~-FuCdXF1~e%@~`>)vmCvhV2}^zl+NI
z43N@uI7=^NY(8q6GlygURP`6-o$nUTn3$XJIW+LwmqUv|oBmH57U{Qax!aJ5Xh&EV
zayfC22HEbx<MWkNp&gwKJm=-p+9XcADY~i#BEb}6aem+SS;wPd*aY|XgA!xuqv6Wn
z;Gr<YNZTGX@lYHJ8T>Tw2*c|qVQIVIlHZq`vk1n1?icQyT}dioH0HiYYbh!g#4zRC
zSxXOjzu>|4x!w;fg2Sm5DqG@@=hp<b@OV?ZRL>j-s6)!GVW8EPXHFV$1W}Ioe{hT)
z*gYgVJ72UH6H=$h!C0PQDm@uhI-70s7-v8UPaX&p*MC|620vT8^@fYmIZ|Cvdc46b
zXTY-T={2V|D|mfSUb1EDUG-*F0`0^e<$217Y&!D~382hqW-JZK0sc`Ch&Z;3V5}zT
zodNsXit(a#;rcuRZ@427hf#E%(=9%!O0|sVbL}7VxxeK&Z5_0a^<JqHD@Kgxv-Ky6
zbpp0i=zosxkWoRY-chHu42(jHVgNCXNwvR38O5OGMVFWvNV@c}&mzQ{cdcnRH<Fdv
zCct%UGUUs*HFVD>QuNz$&t7l$qs{>>j%Bub&Ls@Y@C^o8?!xI!z205y&Bn#dG52x=
zr;qoSmB>y|K}s4Nzj>oajl*(2<c|SV!3>tWC5?mxqo}Z9)k}4`j6vgT;Nb(V_5oOb
z!gTOQ6Yhl}YAlqq%%dr_P_TS0Qds4l=Z>;rmc8_VKS{Dc{k#wA$K;wXkQP%F6ZQ->
z=m$KEE%9xIey;LLSsL2;dCptZki9g!9LF%#F}On*eJDG|vp+&iU)~3YJ*pUyCG}fn
z9gnQwhOzsg1Zg-i%+ak6bbhq;s-Gzw^}mR-?)H@sI#P13-s&od`bn0!0GT*g_J75f
zAVLE;KM^V<?%BFEHT2{oZ{%0PyPfbzQV8#o9TNI*)lw)xmB7l}np+eVWe}9V^O@Fl
zT{NYm>RmzZkx~D1#Qp-MGmjv8(Ol20ag+G?OuGEope6cOewo$Q!oF^WeAy9Hqe27Y
zB+F@L4um1Brnz-_7CCK<oQw4=0TKsHvBRSNXbRM9MPWA)Vl#MxOUx4vQ<f+mzFtJ-
ze5jg6nkoLFf>c|_jznq?M^d&2Mxc%FUsN5p^WWr~-tYn1rliUIw5GWOt|uHxZnu&p
z3Ef7kGGpNhdKe9(;Ri46c_Dtaldg8TpBMYBA)NcHdlFt(<b0QUyIy_cOOfomHWovK
zDZ%T0CXD66vycJG=gAKBP9^#Qj<O#*jO{U{4O-nmtvPhNq534PfaLRl`qbOQ0s94d
zZaL}PQs(E~w{0f!m<I;cob}cx-RfRW5XX9yKp--`>%!&`@YjrK)qI-Fqnp@q`n40@
zl9xZZpHlHXY*Bc!(4HBZd?IHnaAXT#FtvST>OrLy=sN2r{YAZB=<ZG;U}ZwEh^I?*
zzZ5(<>d~DM=K%1C0Hw20KHaK8G0M$qvszp~J}!tqp#tr2II%P@Uxx;F7J~g=99f;{
zDfQS|(-mScXGnywrjC~{iHDx90vv6a+5@2pEuaDThVsjCp$&>KF2m7)K#y_har%If
z+9`7ePwS9(>SiVt7U+zZHue^S-yyd4+~t4{)k|-?_WNU~)`jEkZ;P@h`f>RA-bO0w
z=WBsq$WY~C*j<<B<OVaX1?xK|Y_~pT&d12EMli+ZG}6<@=SS@JY-qO=46Nn$<O_+t
zY3dZv{XGc|$Akk}!HzB|R1YQ_*$;^tS1Q+E?FC7YcMwa|ZEU?+tlg-^h!C?=ddW8y
z8+@$UJ-_Bqz+dFB))@`^2oOUd#%X4>_dX5rR1A8vD`5(tFjn6N((6?B0e@c7G)P6f
zk|CLANrB7Q#2|Eue&9<2T~ZPb#sOkU-wE1ac0N)vea72?TK-Jkorr)ig{&qp@W#&2
z^<B30?1|Oe)G`S(zQr$eCGI|v1fNlu-Xjw?Pu&p;Pl|>9`i4k5E#c6|VY>57zej&<
z1|kJ_Qsf8XQe&zWl-rKrxwu}7V(mGg_6yRaP^vVAikHk+;)4=mypm0IX<#Lh6Y<#5
z2u6+E5Gr+&QeiIyC!|mV)wi#0-Q7~39Q%=0tzTp$XcDgtHQVr%jD8}%d_i9=q(l<B
zRhCd?=GShsJA8MV0tGq~WTe*}W11a8ZY1iPI9RGA<*n6ofIK;%x~BF^JH|yDqISz#
z`e8Rh`?9ILi7w=w`Q3Jg)|L6X^k+58D-k*B(~tN^#v3!Dwmcxwl>{Z;^{;}wEAI)c
zLhJ^qQ@8Q&i6R=)II}myquut`Td+k?f0iK~g4xs#xBwpcqfZQr5|s5rJy4mi)nWvm
z?gg2xGt+91egP)Tv@%uqbm47{gHwatu*i~)9A~w6IviBB7-fd^_{W%ZiND&wQ>v^C
zZY4Hb*i*sum6tTlt-=sW=%BkRFDCyfNzH{1F2RXA3cWefM_!56VnclSWmnLIn|81C
zrE_X_(*pVez9?(j%|wEo)tAt8)Zf`Ve0GR(w8Pt%-T79zF66`&ySa^8l${M4(S}(g
z2nqEJd7g4}M(u?H<!99b^j=5*{Bh56f28?xwbSuKZ9REx;QpMfx182~p1%@gF07tc
zGQLQMjabc7-I7OqF9a}nfK9LH&9u2S*M7SHzD#vYKsrao?*vfM>j?m2Io1d%dWBWB
z0E~$bS;WNp-0QI*Te)6=?&QygGi=maQLZebR(yu9DrMZq-HU%rFB!&wiBM)TlKWaw
zdbQd&c%k9RzVtOfJ-ND(yRD;Vl1j@%olEjadtXtZg!0QDA8h!Dw10SPH2|W!My;y%
zgv-EdfX+Q7E@h1~n(-%Eo!FaY+-fC}K<XMNu7!xVY?TN<1RQl1ntOr)l~Ia~CjCoV
z-H0Tuhq|YDNW_XGY`*Cga+%)9_LZ<3bJK!ekf$ryX}rA!5XZ`{;r@zpf?xKhBKb(O
z(W;S#8Q-(fvu&q&%;gbJt-JLZi6iS4U@2EgAeM-xiiWXqgVS<LT$rN0)1F;N3z71C
zRf8F$(wJUa_RP3?aajWfw9h~CYe%MM7)F_f01Zx8-Ouse(-mDOsnIg6AE}F-c8UuD
z#?xJ9eab5anF8Pv$i%GOSNT`tL>d+CcbbW@Yim`OifO`x`+l2xa#m;de$sS72Q!6s
zNZUynwqyNtzE$mWzAwf=2ZW_R`JNv3{~zQQX89G_V$@hIF2{7F=)5UxG3_^IyRAL4
zxhcAL2P?vk=wg#yEm(LHy_DQ68T8|}`$v(ldA#p29BhTCQZp^hn<|Hu9onAEp12C^
zq&EY_J*Y%b`wYAdD$nIy>g57F{9?dfZyjTOf0Yyiwp%+h{omAio?fOs*E3jcZ5tRl
z5{95mXDD2cSbRh6czn1eeSHDpUQN&-2{<1|vxUiaJlxp3-F!zP*?lg}>%_&h4~m!h
z8!TO*8~Au<rH@9$1c21U8rRf&70lSQ-zp_J@ebh6ZC}pkWXbqeOv_(`=|&*@%TC<w
zkjt3WN3lAo1aSY?w;-kSw%JCW42}$(5`{9x8b!s9na!`dt{eb#-h|Cmxl{#Ua#jC2
z)TiAEg_FT^o1sQiQf4#S8Nk@gmVLGo+VM-ezlUz8Hq3S3s-$QBJ^M_4jObiM+CZ78
zEkFUCe4{#R5vfLjSXA?cb$dU%3Bg;-o6=n}BDtErY~qXoLp;U9_hr*g&Gbx-REB%i
zM^m7p%m(=E4sWVuMD~m+?HB3y!06Hs9*Q3Q@pUDmLTTEiu)jdlW5O&ie|A5m_3gPJ
z)Z;?U)1;H6Z}68bWjxAA)1dR4aYNsGtDv7(*F+P@$$ih=f-(+nQ`kHXh-(W&27g3$
zOL4%F*9z;V8@7uc(~XV~T^uL+l>-Kw)GRdHELETi1si)qk>QdMyYE?MYNR0?c)i3t
zw@gW}w?6D@-=Rxeik>X+7tpwV#Rg$-t}YgxWd~7(?_B!N8RnbXI24R7181_Nm$$lj
zf1{CY;s4@c)qWLio~lR77N3w}U^R=2lshiRVw}B?j%-sa`AmaTG&r*y4x0ZAUUjJU
z_^G@+9^3F(Mm<VgS+x|cZcU|vi(vKXiQbli#>U+1)4;i|!ei*Htg~L0G&{Saqk|*L
zr@ydIzgHYga;XbF2MTgtPhW}&fX&>q#?G;cGTbrIrhx%fAIu)l#fax=5=gM*TXSi1
z$U$GV`#D&{^)FyjZF?8O;+x~O1~p~m-e@eCA{89$zPaL76U5brOv1_My%U61mfsI+
zzkNjeO^l{HJ)2mxAd}bbCqq1?7Hdz#%04y|yG4K1G@G3F2~;lQ#6Q!H=ErhfW~$qY
ze%3O$$-VkelG6tEqCMsPIe$YJOW+$U!u-r8wY|SBcb(l46|-|_l%xHW<7JEhKB~0L
z)89OBrih3K3*+7T5)SsNwFRIysOD9ZHn;m;Q>Q(n$9KG_qMHEhwO;nt>kHwd&FLCc
z+_d!eQ>&+lq9(<!zG#kkz!sR692UC@PoQ;*qhMBDN;pZYrGfV1H<mgnC!z)>1psqr
z#KccbU)5*Ef?LeMLze!m=cex2CM{*Pk3e$a?{c9w{~}~nUMfHgSDXSAhccwo!B&k{
z=p?_nR42Bls`E~uu(6{T=<kicxi>i_2$5H?!5L5YP3daBm;b_RgP$T4Z!-yhAyoIr
zgU|bc_rLJ`nVnV0fv>WbY#l@Rzp2~5u~!qjSKoX&8Z?o5{>;vrK;dv_hJg9ze^9r7
zv$yK<a73@HijM~6&unfoH5~2T#3M)g6Bi60cfDsW#EOp7qOSj?TmTMA9<n-R9R=MD
zQ0EFPILcgLka7K&u963nC>Bi2@cn}-WjdfK2nREd>cRXfjvZcoTC8rOA0Mk$i$MKz
zdjnn$$DPU8rLZ>>(%NyLL7NE!1_cHwRncsr`WHn8v0)c5vDbfY>#nRxSaDTkxxRE;
z5%D?0xu;>%HNFuJ-X`*&{>nui&Vct9SXD@oa<6bw4p6cwzkTJvZ8vS#&S;EnNL=Im
zy|<Dp2|S(_!J!J*AfV)3Mih9}sn!@z6eaw{3r=r!?-%5~Z-|UyOw!59%%zs4=5&i9
z`(ga&=B-h%V2+TNfjznXM&z=TD|Zk{(*)xfqCQRW_+7B5Q_y4Waaq%}W1=>-e&BC;
zd9G4^<SgmFrPTBnA>}nPpEyNhnG`9Oon7It%+NrjYm_j0V?!g8I?GI4968tm!IUfE
z;g~A=M*3ey=hHU_1^whop#Um$03^BfAY-S0<C35DhZbpVAe?-`i<&|%&zf1|B}3QW
zxy~Apl*kg+KOh=S>?^P$dkJ%3YcbAmJ|9y_P|CT_Uv!snE602r<f>Ljr^OtK{$H#Q
z^ZoBWyPocyo*L09Tz^*g@9XQckB*y&mPmYYZSLRaZ1gXt;jqLMIH&#A&jNO-ATJ+A
zd$hIM#w*lMm70>_ETgE!FIX6oe7A0qvk8SxXL4U>OGFqkX{4UY2y!@NS*aoN(b?JZ
zd;bb^=tCO#DlPjPrr@aZ5Xb%Vr7*w?2D%U@rhe*=k~kYgU=`JI8AK+Igw#>{_Aqa}
zIT4Ki%4-*w8e6hh?oIUwo?R>Ovdt}i_rt%2>$yc4IY?*X=l)qpiZsi}M{@QFJ<THU
z@0aLA`wBeaCrSd<O&_xy5-E`1hHkHWiOL=*@8njGrKU^F?)L%)&^%SQ<lnv#Y5{>i
z#{AJGFuWX&IFm7EV>67+k~@;$-+t9g=5%i<YG4#S_Hhyfn=9~Y5JSQY1;^SN4%NC`
z_80UtWVg4shuq=lF(pxOGAW_90z~#{^6chlwo+M?&nG{c20OUIR-WVEwtcFVCUW9|
z>mvSBCD7#ejJ?(b{0=O&rSZz^ML>qObS!mCyTvnnPgGsXclgun_#K<Bo|5U8eu$#_
znflE%d`nJw9%^$z`sG{|Ft>Jp2Q|RUBMm=k)Pv^m_>mM^*F&|6YP(q*m|=QkPapB0
zsQ)JjR1zju+0s9}Q_{UV79YibIKv*t@PTH<6h=_cyc2%F><>4<nM`^12W&+cu~i}E
zk+%wy{w>JoUgh3m1OLzC`$qY9ofgOGVp~w6dGG6}LT^Ao<hZTnCzUF$BE*8n(t#J0
ztWRTc;I{x~Oig%Oj&I4(me;EqlF-Q+V$!sfqx<ortD|f0eI5#oo8>Bf_o*PtmZ{Jz
z9fQOF%T0q$7@PmS7Qp}L8P?=p4OgD^A5n^bjyNk0)N_3CENomFGDu5Av+0JPhClI*
zKg*(+Kz5O@hD&=Oi(^@<W^Ai=8lGX~9bmuuzInQ#nVnp&wRuK3@TvPcG*r@%%A%*Z
zcV1T$gV2aOOZo*1&+n({e;iF_&)AzxxUxOA({oE`&Vc!@%U`@m<%xtwRKBg@PK>p-
z%bzzT(BflPI^|ft?gd&n!lp=m?Za1rt2@^+#Ffo{S~8G^S{jzWs9Z;DjcV5$U!H12
zk-TUjpLNgymg-fb%@oB_`lHQ?nB*f^jrn>&!BY;6l$Ua!n8XZ61EHHTo<C$D$=11>
zyG;c}>8>J4adrNbN|Ru>OE8M<f>%MkC$p^w(W`v>oIrRu<D;SaQ})Pe4|d!x5f?=d
zD3_W|C9JfgVG@Y&OR?$MwQj|6><OmeRK9G)@RgLb=4kq6pf=HC?VWm5M_y16xgFB^
z_e1f2pIOkK312<jo`j>_{kLE|Tp*1ucPXHh(ST@Zn>=oi`aqVkd*gKKU}0X3?~%hq
z&|Yz%)Ai!iuTOK+<27T*YJaEu9eiCnuLbG&AHb*VQ)%!S5KHC+-LBA!W9FH&3=46t
zkxjTTvEd!yw}gt-mm`@vC#ZQw`jm8!6z@-V`)wNIulO^JB=BlIVm@w2eo{Ub58s!<
zZ-dpd1*oTY2^|W_W+7S<*Aku(kd_}e2pUC~Ju!ONGUAg7f0sBNUmDa$qFAyamu{~F
z>4Ga8af-WA_+tL0ZA3IEw>Qn?#9Ah(K}pi{gNSauDuU&ZQ^~B1j@Evcxlthu`G=(F
zw^Zrx<D10G;jw=5(D*5*WLvZR_k4szB=U7$s+|srDsGN&6yD<ubtw_QVc$|dhh`ft
z&pTI|b4Xx__;+5D(FkYJ7bV^S<V#|T!YHiZN<3@w-x<vD3Z7#3>-SiH@(XK&uM~#*
z3v_Q6@LlooIx34b+U!kT=ag5Xj}b{maYhY}B>}cD$8pnjM9@@1_c=_b{dQ0h2k$Sf
z)xTT*KV1+B|Mo^v{{ZW?^#8Vue@9gtr0_7whez!7fBg2ZN`@)mVUQI_PnG5m_Z|FB
z#6^Xd_jaMH{g=Cg>UWTrJRKz#{6B5_=a+9jFX83HaS6}<6sbIU#x4sF@_?0ESa2EI
z|G1fdeCZX3m!G<P#`<&X(q-X69>k&{U**r;XCa1{$A*&^{+~hrzgnk&@$t-ts^VSf
zAD<gff=|)l<pPAHh<|RKRT4Y`X4kEv!TR&XjR}XBZ>+zh{V%Oc{v81i*h%L7vF{=#
z0>9-?|4K3b!zn%q22#L>RzZvYHR7Ky?*AM5|2Oo1Hq8H@cm3(MTw-Bn1p&wNzpQUp
z`AL9JkWka>f0&yKC4$v}FGco|kZ*lM18lR@mGUrbsL&PscuJl70cz98YFndpYvz5h
zk-OS{dzSlnH@@EEvaq12$v=O8wGmGu$d9Mf)Vp_FARQ0(Qby{nuju0FWhN5xuZQgp
z1is>^-?z^?#(dtq4$+<Taznavw8P;0HTz6?)T`YR4=1;RzUON|Q}fI)=|(;rm-V|c
zvOxPs$gVE8CaqrHShN7x>2b?8NYu-;cN%9KgdzPSar6JQ&*9ZoE0Amq=r9jAU;bx~
zCkbt}i*`u$?tV4V`Ql$P#OYvGBpZhrQ;|;uKDy;3?<^+UD|=6nZrodg7viNU)dl6M
z*yqKZyxfVE=WpfLoz(Ap-gu{WVmJAL?HPw$5D=0rUu$bbt>3!1R{_Pt3cqJNI0y=O
z$3^^8gvz4&jD1U>WeW>o-j`x2gQjl$bM$Z-n=WOMSL*)W8>*kAxug6UGc#pHQoPAS
ziT2|n{X1?ni5jzgBB&7*=qJGU_0mLk=0zd-{TlbC#q=nfT$(+gyh=^Mau%vZHHTdv
zLsj3!DU0)sD#VVQBflZGH+e#7W!P4@WrVg;`(2O*E0pyy)6X;;`|HvwPi6lZ9QMkZ
z6vO=*0{cB^xAoKG_nYk0P}$V5Yrby%<r>xJeVB~Z0YFsQPc&+|lfUpUW=ws6GQKbb
zmH3c!R0s7CgrzSBlNxC&X}o)C29hK~tOdCGsKTsoNpb(-Wxrtu1HFi4p;Qql*Xzc1
z-1xCWGyI}inU@SrM9U*_MpFy1dJTHcLjXxY-+}&@y1Mgm%E&jldCm0%IMYMk`N`dr
zAIK!c3K%1y+itBy_hFK<j!C-mf#kr<T<_NDS^+NTzC`L~q`3tqV#|pEUb{p_B|Kw}
zCpgJS+9ac#Vj7TEtJA6)>OtS$Zl~Jrb}Wppp`<8dqN7NqNC-lSk54$1IqIH>yV?Dw
zs-_t8;k|w|Xb(9*6a|H1qcp5O&FBm#(sq0=C~UYa>87*$m~L8L*MEHdw7(Ljy?6Sx
z1zn!lWWCV!El6K8TgdOCOgdw(#p})N3l+9*%F^NOl5Nu_w)D)Ha1NJb-pkk8rn_Dr
zxP+S&SrfJM;9Cf{2@<F)EH2W>!?SjJFyqS+U(`Kp*!|PG*W#&V%{oRKU`@qop|k<x
z*AHCzTl6tg;ojYE1ooX7WAba;zp6aHtQK)kevj_3lDG(ws-s;MB8scdAkkrv_-E{m
z%O0%jMQlju*aNcsP9p!8Flms1_FXP@%F?_+gHPAYMk>DaD6v)4jmIX8GG!$a$%CG5
zIu4u<1bxLCUBNMnj3N70=YBUKZNyNx@Sw#Zo#tqo`B%~pV!t;kZwowSsbW+sG=P4d
zpgnHm`%zdR?HwuQ!9Us^n1g<Ix^&inXnKxe+bq*i)jIC(m7!dTIc+|_L5cs<0ifiS
zOe^jxu)YZ(s91<LKH5zjhWyry^*$?_P^C(wWhpDK^zpN1G}$uR%M-Uq^cim2A4yjw
zclS0N;Q#Q;D&+cQgBjoCwf0jh*3_<1;_d!7vOyPDyaS3WS8j)<jK=t!dDgMZ$}?w!
z915gO_uHpYnuI;QLdu&Xv0D3oNuw+l;))lCn#G)vaheXbX0qx-jr^kE{IXdi<AAA!
zeMghOaxL{tlMTx?y`ex0LGsZu9;CCS=AB-vlfYN<@Cv1(S$*$G3V-FpE6dNiph|4y
zS^Xweoa>myZQg|xviLqI=W^JjZkggr4#dDhO+Dlm2~V*gMV9Jy{VR`dAG5Nfeh^!R
zT6sYAg_wNvMhP<C%_kLqH*UQY_0ThCF06_*uqI;-vEZ8^<`NlDZVihaNp-5px9=v%
zBpuoum%lEK`_+zqok?iT*7=IndMZ<<(!UmC@xIfkI9?b?wuwS`9l3N$#F&z0{<r`C
z+c<FPgLQ8f^tf?h(&KJirf|874@_+Tte}JBeR6+mUkjZ6x`J<xOX+J5S0#DJGo|Fo
zaD1*dmB`{K-;sGs={&S~BzeM{q@KIuUJM|Grg=aQahBogoK_|1O^>W15lTV7rcwN`
zZ>_*|`*^a*v(#V#azK9qGC`5~8;#MyW~Nc}S2a88xt&_lbhP6spi-T!j|&H*aA8$R
zxS_2j#zCuf8p+r}UPx?<I+p5VlXJLD&W@&5yIO%?wUJ}CRwjd2s|5XcXSpA`<7U5h
zh?@DO`8Kbf+@`;899%yXIt$ki>7||3D#N+?zAyUB+092@A9Dov6W6sas;5hhc}w9+
zq^N}F3#sn=w6N9LEPpwP1K}mNrsgvHasGF5Eeg6#O#L1<UE973Q*ffH#G3tG`U{uT
zB2dH1DWPxugGi}$^7wtyghWp$=Zw{=U98r?Cml&u-d}yY@d!&`IZlnoiw1=pwYlBJ
zw|K|}7wb~CY1RfaY+^MsCoz>I)O2%A<nlP1$7Pp<iJSjYDQ)uyM6Q(G!}y2xC;GZs
z|MArS_7cHr-nXz11FmF&_BpQ*mYB<Pw0*b&_|?P+vGFps%V60i2!p-vwztl9YF0KI
zyUt;n{oNfP5383J66$>I$?}P&($*OWY&y2g%Ans9SLZDywv^Gmwp5y5PF~9|HivLq
z@C(U=2@dvX(cS#`RjtrK7Ubz`YdRQ=djsX^1QhRem9=kd+yN4M#^o*gCI2nw5upTZ
zG>qur@bX|Olb~%n$9ZFr;ve0uwPiM6#8FIxY<pBUURle6w3&_DeUs(;Xe!&bxDWkz
zSuA7`zvH~2^P3q>&n?yUmFJ`miY{?@De<>(N0?}b%_6Sd4nEEJU?!+MfRKD$;%&o}
zLACH5F0;7-r@>`5ZISDTEL{UQDL99$2gQ@XRVSofU02k4N;L~(mssp9ECpxDq93Gh
zja!c<`_FmTQo2SJ4M+9sEYiGdT)Yg4JI!aeZyU=h#&o}q*Llj>c}{gQG)#(5|9|YA
zS6EYBx9>j-q9Pz&x)6|NKzc9IJ5obOy7W%y5mBmubm`JNNG}1Rbb^4CfYi`S=%Lq~
z_<rBJU(b2YzCF*m*f)6~YbIH1&AG-LbNqi}OqM6=#A88hr?|cqENnW6o+tWH4QqNj
z-J?{Un3GMm`iDVA2s|RcqZb!K*DBmr?H&4;u5B$Xmg)|aEg+p*o_aj0c}z?|vJ!cc
z&rpHBckDRkz*Hn>c4Qn{<VF-22>D_YMf+#({(8_#F$CZ#*mkp;Vy?;r++&Qj9IqIy
zG!V7Ezq~d@a<RMnXVec>=6h3Nz8|N>wIYsLU9*3>VC0IoGunP}LjPAX$>bLzlc=&`
zLanS_WMX>Q3=VVKUzsnHI{(Rhp+_7Rgl;bCXQ%YD_7S!cOwP6v?|R1<gwrf-FxSAl
z`Kvg)+n%ml=u1EQcUH@)lI-vN8|(Rveq+-m#rX^sjwnan1RO0RQlInLQ6mNP_Jny;
zJi7rjfI~-ZjU}GlB??Y<u2JTroa6%171Rn>FQn#F7@+bTdLV6iN})OE;d#|`x&mLD
z;zg`Knf9m3QIUz@M9TZ6qXP6xV!y|iJinOy!rM6KzG0^sdl9f%?Jum1q={0<9Pt_L
zCi<`t0W?x`;)^2kS$PC1B2PUgtg$`3Gd+&oa464q3v_bJnjxlMPge<6*IW(P6Zd!{
z9+3c~UEiN8%-Yn;`BED>onuet*3I7JgvfV?4AAIA#-V97=$+Z)sJ=M?Wlkd7(7GMC
zvvKuwos{#wR0fG4R?@j(QLfYYp<QUvb7%7%JJYF_ptg;&+nj$c>VG}kmk^2-Bb1I3
zc|m|lGm~&)Q_<eyd=sX1sYQE26!pYRv3s@tezdpYF4{&&8+CR6+z)D)Bbgr75KU}6
zQ2q5{hAl~E;<%4PA#0<k$3Soi)rQMA<XbSXYS9<fvw00V>Hlb&JC9!Fu<~-SysOc*
zA0aqGP4&%KWggDr9ji{Q=Jiba^>TsOm(X(8obC-bDX%A``Kq~{&_bVBY?51i;Iflu
zv#dk8mpX-dRo3XDgn9Oo9u0dh9lySMp!|ezZV!br@i5T=_+(n-{MjVF9_pcEZ--UX
z#hR#FXuXxm?!C<OorXLa7jduV&rV9vjV9WH&U*tm6O4V^Ooo)-kC~Ugtj^pU*xYao
zp*CC7t3GoKl1gu($~^ZMD0^pbeg`hS1gzZI-r1pDf&Fw$FR!0%5)!vs#(aK`&5y~h
zE>;tC0?lic-Iud2TWHjMHs<Hjm_iL|cgKiW(L0+w_8$#Jk@?#^H+$l$F!5aYqWez8
z$*SirqUj<eGN5p#&wUy_QPemt*Yl^&@a@xG8{hAaWDzVY+!8wWGFBgDkfL{~leAa6
zD32(!Oq9NCoDg%}_j=?-+^1k#w7XibDV_&P5#zMvGoRlgyL(}uXB;<<pho?U9Fr2_
zsr)Q0JLfYjW%*#jz0!UAaz}wnQ*x7hGPy<XZK@^VN!w?<C21z6M7)~v02|S42LE*}
zR>d15g6B2k<icJ!__|tZp_XhlOjbkva6QDywG`AavFfZ*`;^eKzvh)>MZ=w2n{})(
zm`EqbxKJp(+7^Fe3R~tVCK?v+_4Sv2yY#miYs;9VzMjbV+!H??l?iLd@zfb--=p!>
z(LGml<|Wkuj*YcgW$IvE;-ufn4kKiVmj&1wGpu2oj%BzTee2?XJ}(O9QU)vejOVS%
ze<YQt2bS8Dpv7dZotm!`?7JwQ5-BSPGp9kKW8|@(Y3+VHLx?i>L_n_*%sU@{jN@ck
zU?XO>Jo%0Lh-c&eS)24r@ac96e&wGbrH`rK{1?RB(f)K#jJ-;X_5vo2nggzrM@YKk
zpM=f7z>LSI4El~OHIpaf4*_;=A1Ed1y2Np+O7OMud*L5$Mml?mxJQ(~KOs0An*z51
z^o@!BlUAThqv-yA!k0ngCN6LPWIhyCR;_4vpQ<pQ_7*mkpd{0;VC2M@-Gxov<@E@7
zlN1j0oyx<n($PTyYNRvX!Ua@gLL5GQlox)q3h1%UAE&`Tk3SERH6$#fDRLI~qI=y~
zN)UL=M_PUw0g#eU?aLP6Am<bSQG7@fu^ogAuWw|+1FXMfm^Y=?Qa-WhUBhiC;TZ94
z%BrC5`d0HPSfD;(IG1frd58S95SS|=wQs8BC!8K3a2s#5+g!7mF0wDXmCyN(BjSng
zH%bLIz6X|l;MQXYh3OY<xq9x0-@k~~995Pup)bi*D-3mKo|7{C8Hyrd*{2hVRjo`3
zewEbdM!bd2Jg+eJ0}H=s6B~TnZU-t;v-`dwX<zeF$;9I7-?~9&RbK#jYl6l^UeOaj
zqZYwje(8Bc?4_~|an5dL9ImFB3LuHVYK_VTM-8u7lMyMsS0|m{<~it2N5YxOC~h;n
zWc{QYJn);nzgzWxviA?y315J_!-c(rjsGIjN362m+geV|xClUTVbyn^n=J|Qv@wEv
zDd*!;^Ruv7Km&QU8k=(zeQDO_XrS=Yf@qa8UgNm1!{X(DIFYBym-Ra<FEV#rd4I^)
z4<XnSXV!4*OUg!k!?Ol+$3x)KdN+PK*c|!qXMTNKso)l4=al^mP5l!(DuLde<JSVZ
zOcLGhPGbo6pIg<g-yTPOWT0`O7i}W7zp?BGf4<mZhwY9h*D?6XndlXEexH5gkPIW5
zhPv=Z$o+3Y#`h0e2_5LB<Tp;@zrVBsj3sVpe4%|X7}=s<qavwN;b9`~F0{!3*_vg_
zG0nmIo;DhOh=&&?k$p1U*!0wNqJM(w`j+1jaq2iNSPJUR=(2)mp6ma;(Qo}`d7Ue%
zYG|Y+pkly#a#q{{N1n4pwD@_M=Fl^3-zhIL9rBTrJ_%+Xf#>P3W<}mfu2}Cz#(9jB
zb&*_J0Ka~{vXjn)=_~G*@d|myjmsogy@GDnj7}$H56tA{;gQ?=s0ggj(DL*-rxIKr
zZ6{A%&bGBGPm!vtYv3s;%R*QeP?;SU$`D~yTRP`a@R4;BqL9Ec*=)IWruTd0n@jE~
zu_Q3R2;o?*-Ri2uCoKCPO`}Q&3utX<QT3B)jQS{JM_y6flCo)G-O)c&TRWB;&lfNw
zX7BQ;!kyy{?~)L@UK<vIsAU`Ut`gD@ndhFBG}7dRkG+qs&PPY^P>nx{<ozQo99)Kt
zbjRV?_KIC=Q5pmky$SGhqNq74=qU-Z8(^%bSvlbx;rO6BvTuVF8z?sG)6$M~mW(zW
zqVsGg&o_SFrueL}KUqi+;-scF2&Hb5z4ow3Fu3SNf$L2I)8iYvO0wQ<7>?M49jgG%
z@<cwGYMHSX55Q~7%UM_U@998d+<{FKsgHU6VlubKlXAO6W3@e>s)(lujojIkC8Ifn
zFU_NgHSbY7q{Kuj^G#+5sn2;DB*+9oS4XtD{NDm2u&{TG>2OgoSmVANc`6_l&XC8R
z7@c)|HUo;GbtV{&*CO(&QP*Rs>gj)3?O_wh*D|=ZY8pLsC7y07IMeHd`b2VdYfy<}
z;7#&)(pM!1!9LHki6rN`j2U${yrD}=2B$tcSOt|;n)*HcLg5?zOK;I*2d!?>*PygH
z(~-oS%zrgZXx?yiUN;)}#Z|l0#>chO;Lpe04*wG}crEv@Api&aE}7Scg7{^B0s!F!
z;Md3sjL$nPPPVwyBhmy~8lU<JpPLcMC!UTTooLIy(95^xzzSVjTvFT@Q@c2{?N9&G
zx!`>i-zo7qpCA+K>aK9}Qi@$nSzJ^Gy(jyk+8?M=)Tg9+GHTlwyDVx!y_?MP-7-z8
zqMkh{B><$1FY5MCl{9nuZq`ue+Ug!7`Y4<)JxLxY3{`8B4hk6$ln8mTKP>6O3&Chc
z?U<^MvR2I6YM62e$hYr#9w{+a$uisw;+TJIu{$5V^H&G31bhMFOyss~NKbAvm3Vum
zIA_yRhTYyI>F>Q>`L(#_Sr*gYwSHMI;2Z4(Qum(Jw%T2O>*Sd(XywW*LK3yKGxZ2Q
zB}!y+m}qytUn~uT&OL9NZ%gUZe7PDwudUG0^_xbg8|vHX9%6%4c#rDS;Me`w<+Fr?
z$Q+7-p#0p~Gl@1(5Z`(qEhA@nmz}NA(ECOLhrtHf-AtDJ6T9IFV6k_doYB?d2fyWw
zm|%}T$GzL*&n5h^b=`dRAvfWE3M6}ug#;4`UE1U9HWN{lvAr^DvD|hlc4aQb)CCa^
z=_OSYWS|jW?`!9YO;W=&2PvZb?o&CfMVZw*JI4XfGbkQuX7*=>+aX@PR2k5z`9+P)
zP~eJ_BVU>ESYgO^Wm}Iwb(emg4x*(acSC&1N`r#pUoz-2b>T%EzZ+Wy-(Mv_zjiMO
z!yPP_=?a>oJo54Z1O?x8sgaAhmrVY}9J@+UBc7Vk-Z8?*E8$1685>81@ou4Kv^X#;
ztVaQAr#$7QOqIVOVUm^JGd=D$Q`NHX@F98);6Q2YOF^~rLMHsh1|vH0)x9StH3gLc
zw81kk89+LShXy~?EvOt`7`!z{f@1KUcd^+WdX(679=Xm^uuQhL27hS1Z=0+8k26(0
zTOh?vR)va2mNq{HXyKMq$nlj-0g-1Bu&|?BdiShkf<q|4K}Fg$b9@CNC0Scou!N1J
z$gO{gwf1JDjD5mko){3(r*yQaDo8!SNHOGH^@gbf+~es{UZ52QzXk~n%kNnamKdn|
zS+CH8eo#KW`)6!Z_I05=T{U4&^ZFa%&9I=%!oBPH-1#RdRD*Zr2wb^fV!s}YAtfUq
zvL2St<vh-dZncRjkPY)7@|#m2%_#(<^gsKz#E)st^EN$=AB?SXwg{TiGIctdCazgw
zLuvjnV?<Ts90wP0Y$#adRS_@30y{&$uLX=y$5LL)iKmV+wP=BRnK(lU-jkp633^PN
zclNg?HLB}&l;43U83=#$50fO#XUNnjebDjF>_$LrN=$PwPxemFYoG^bH|yHEXVuGH
zjas*~m%<6PS<tonV#Divo#xX%xiif%wGr9!Tw5rzA(uumzqGAtP<uxQl|$-{{;!4J
z1fnB{iAO|pr%9cIYMxcQ1(xMGWy0@?H#4miB~oqY;{D`c%eCjb$sJ5sp7M93Kiwf1
zW^0+|ebQ>}RxZv@-5^=*@d+8hZI_Z+h4<;H+oD8m<o@+ci+8^4I@aTFtKG9sB?ptI
zDS`lbD+6n5(M5!fr3&-@8OF~q+j5&L2N_5|pU0>^KlkAxnm`(7<jAs<5yIKTIOqa#
z%K8zh13FAMe=f>CX8s3uegEIqdZqT7EjJnGT4gTl_ZvJkMdljq2`-K3Fd_+{j{TAh
z*z{|>z=VYF=Ll2*jc!IdxMeO7aJb?`X}f}To06u{h7&94W&~k35$&Q>>%zgWN_6^3
zg$$B^7jB)Su>g8K@mInnUqpH2v)5DChw?bQ@@$%QPO;`!RTm6`(iRt4i>Fnmc=xY}
zEg5?{)3@^YqWj)PkFtPCq&?SH1G9xIB&^=jFtZB^mQ20k2p+!`Ht0=CIkYCasipw>
z!khC0S({3_g8xQ9@l+*1HrFG_l-KcHnbHIT++^Iq%HfNiu}_K2NS;bk7Nr$2Q+s#w
z78-OM;YSw>G8}dcg-Y23v(uZ9(4vPKu;}ajv#5K1OXn#L-g{l0tFb!&IGe6GciXQ|
zjN%8v=!1kTOqbE4M_PA=^8T&XxB?z1QW$|P*JbOm@adRtLXj#vZD3Yk#^tirS(39I
zyNBkzK5iDN``99*D-V80gEdFLWiB3-MN6?rmehEi=FINPV7)|;$l@OaP%s<IUqxCC
z58uF@?xC;@z!BhQ6Kj1}^YlyQpkUJXK91ch!o>M-25g<5(*d92qV;eEbxCnod~9J-
z_q(!jm3)(MmXkYEeGkvma>a!9%B<cAT)8T)Yo=vTeR}kV2=*E)#Ky(p4q;_nXVzQ4
ztG5<7gc0FiM|^59tWh@~p`KOuYvUNeZUNvq+0T$dV@aHWUE3H_-a7T;(RtMl`aBck
z#r2Y2HOOAyb01zOE&tDb+ixfNT!K@JJcY}i|As}w3G~DuLZ{udhhG8bH5;Y|JIlga
zx%++Q2Ig4q(6#&SY*~7<=Pa`RVcWu^ZmnyHEZ1&BM$v!f3!mZpuLtu^%R4lUAAh#E
z9bXgO&Ue|gqROpYOmJH;TM9b$ri{Y|YJ8HM13Ui^68g`nd?Cg{sV{JTf7KJNTWAD&
zC~QFCu{ftNp!jV*wpqyiPgM#c8@ClhES5z6j8Wx3cs)Ix|3F6Kk2nADkX5;{h(Tc!
z`pcgm`tx|&Z_f1Dqw{}G<!`v*_d74Tf2-(A@DS90bKLGX2%7d{<-dVINJ+37e<TNC
z>3?%P|2N@a*YWAU!8)~7v4jF!r5N_^{a=4S;dcev|GD`8D}eDoJ^%mnu)lgUN-6dC
zGpovft7Oixf%)a*{xw%2S+`P^JF9<c!cyM^f=_3BnfM)|8#b_lD~T`Jn~Ysa(dW&w
zIXe#mtE=G&VMk>bm?Ky_$<0?NBl3FJe=!WQuR*@nfjKHtA4BZ^0%T%NAea<{<Ru{t
za}bL;gWSg?Dy+x3^D^B)A;+*QL>Y|C`Fei>f-&>Qd>3*&tim)#g%#|r1)b$_(Ou<b
zt0$-DFirPA7Wh&SNJwbU0*!DSsipC6=|`CMd?<Enx!nHB?gub)EdOY6Sl1%=SLtOV
zO=r^nf=*kr%>Ps@&U=H%)>?MNm^UoAau#GcH?gFsL71KQ5z|weCkAV+)~`ltNljs}
z1}goZVd(MtaUuVc?XTE;uv0<6z_|PoPoLZJzS3GbQ26$#;2zgZ`QuGbFo$+ISMO+g
z*}b_I^f$Ku%@F=#ei1|A3H6=-d{#h#Ez0rIwI{|*&QT)oFfqsE#|r!?X}Q(U8{*Z?
zFN6R?0M{Rm{DZGLoT{&Pt8SKDVlcUA<W(&pBjmy|YHRsH{LQf0^)3iT5_FsnyNtOS
zlAue?&<etUFpH;54lh65TnKjfWGGbZwO`JiVh+Ht>sT0BWv4ISM|{_g7K4##3I&CA
zr<af3GfEJMf|3M_{6J1|6=-$3W$sGiG!Jg2WJ82|^Yc1Ag&!dM%zpQ~CH2knwA=v2
zWR$`Ocaz7QWd}+kvC}EG6@G2H;P`g<Xez_l((5<xM6PdXSwbAd6|no7Achaw&@OC2
z`<`mG;HVY>4+k^yfpyvWRb|l{$9R?7*d@<_@z9|=vom%`J(h8<e=k39L2i+R^rx|@
z%shQ^FY*s-d*?xGFBU&XlVPXvLEeT&9dYLp@8rBJfN-6cr=C%B=YjUuO6i;aSd7#s
zaW*TaA;R{{<2{V@g{cHlJEm3=1BPA9Aa4#K7pF;M2bl9b`iIKxl22e8FNqB%LYCaj
zC~&kM!lOk8&lm~p?ksCBz?qby-JhiZrsVE0WDk5#t<q($=Z>jXGh7|5_`<~Iq??t(
zw^Ya;6cs@!hXxiseY{ST%HEx?X2HcHm|0jWOhFgArZYy%h{&3YCfBFD%6Y>?`Z=4#
z@YsHlRXd-q;P6Kqi$`xPLeqV%rD3556+iA&6)i_uIDe^QQMElk;~F*X>tgU_;h*{D
z+e@kSvW0MQJWZyODMuX+ms9O+iq)7X+l<vRnjO2PKK~Bi-C|!`nagNH==jzG3+Css
z<P9j)?O$5UNK6!Dik-cxu^Vzd3ArGIw4#DArBxJF)RYpr__KXH$FCyW)*~B#rMtw2
zhc3*Qgs09BS$&!g92KPit}RWcoPUyS<!cS%0<L}u=~tplJk+o9ctPV3G|9F7JmGZ~
z0K#+Hjk?VnEr&#-49n3MwPAMW6Pl`I6QBulD~I~xt<%_<<4GFWy<*xRz3>PBOr!7i
z+kNTt^M-eAR_G5|+7K~lWr3Sl`eFkKIJ}1EwbMo5MDU}^)_z8X9yL$M{xAkAdDD+E
zzN|GHpt$MI7S!9j9)BX|b6VB|JBJ138Dl~u&->{yn~(_)Z=)^D%_&4Pp|6W?Q9<&m
zzatiNpz*6rGo@>26ALP(Bk?4e4!WBq$5RKPm_5u{BjhsX<EM*7Ld?n@w&mP2Vc0bk
z47;h=4})l^9}5mb4qYJEbA*tiSjbw|SpSCAsMk@t8SHX!4^aoR!${V{t|5?X(fARK
zHOv@fp9L~bmXg&F<aJ&KJ8wJ7qrV!V7Y@20QGg*AFCEltZYsoXZ%shZ3i4b%$Tt7e
zOC!mPJ6MCMLG$XazrastW1Z5J8kbj|K4SAYyh=R2;T-A}h82z0G`R!I$H32G$?@aK
zOiL{0RqBZ}sa%#1Q&yrk0KJLR(eleR$Lf#Q*TiK-?<8S~mjb@uIU;i8WH!>5JD2(K
zV+qXtrC!!IgR`waIt^`p7m_A(wz`LE?cI46^^vkcqS<rFVBr;~@?g}%k(Z3Fcf)$u
zjW%-R6tqs`40r?)&YCFU5*CypuSN27{*twE{=2mY_q0{4mZtG*#;LjgRnx!K_TZW-
zBCU{6hSBM5TXn#uX#=Y@uYJ|szltyq2+jZp`mNS6lK$X3<OpAuD@^eV`KPEap(P?r
zks}wAI8eMD`7Fq7FNzt(s<NMLxs!z}b~4lVW|HPYk4l&@x-)lYLhGXJ3Z@hssnW$z
z^<I8X)fHCwd`3T<7wtauXjMqT-|$l5FuxV~a*ka08cL-Q>WpGM6rYI_<~nUQlUUE{
z&&ob+j?K{78eW2q2UQ{$Ns*skXw5~hdZA$KO&kPb*<@&1Wz**Nn(~~c8Us?V;szkZ
zBh=WYub!?)ts-v@rdg-iuXTPK?zt|zPBtkb=WO$n0^mLc2rBxhy>rbtb#6^vLNP`0
z_4=BsvCPu->$`v5zW?+s_C?h$n8+DY<T=Cg)h!TMkFR_p{6Q|3iP<kr++s`0X~yrE
z&hm(vg)Hc5C`2+y<8I(RuA|JBXF$Pc!R_9Q3b;f5^Ss!ye*!~+%*g9FXoXwyjRzN9
ztA3H}=elv&W)jVTr~s#dxTrMbNy~mm)*(Ke*K;&8LNaK@d9|y|<@yJ-LYqKpQzbTh
zJ79G=nOFni<-8MMru?~inXAAF)>4?C(O?<j;PpQDsC;F(5p`2nu@&g1a*~7?1qbE5
zZ>j4P_gH_n?RS<X>tR1q3F4Zt0~anyfdixiDgi?GiZZw@2CF8pdNZL;t|-aPFyM5f
z(FEjRwtE)*PD~JCa2P@Od4SL`Hka@Wdg8)SMnoik7;pNj&GL|ExqU*9%52BOsFbSw
zT<DM;oMdy?M*4()swJmJSFFOo-KWa8l*<ybx!87Y@2@fG3@mX@8dYHzR2ohOr5}2&
zC++$1fGRU#4qKrX=X8b!V%BoGRVh03oW_Oen_<thiH6`hB*K@5C~yiWJmYp0^vl)d
zgu(iCdvYndre#6@D>UE2-#i%|{^q@w^wxy#rL3E7*$P3O314|ZLuq*_=c_xug9e7p
z9Fm<pOh40}`f%{s8kK&ZdNR{K7fW8^X2)iG>7ZfFfrS_qP8>_>T$OfP;SUeJKqTHf
zNW*f%=EPGWUc841!)(2bSCl<JU5a2h)-!Fko$>{_yCz|$m3*f}m`xUe#PAq4;V5xj
zK{k^C^&5E@ZL=g8;ha?EZew@+tR%l&xx_$`Kd}vXxoZ2OJKj`_j!IaIu)xMexhj!`
z1?>l2{glaMQ0aA7aHp)m#{ATU)Jdmyd(*xm(Ahs}6}tGmvUoN>h>I~r6b*(8O-^vd
zXPPy*wZj|Q&4?=1H@HGZjP)K%{p;4<zg`M^p9BLimtje(^_{rvb0i2K$XL*^{19-L
zH$iW$kORk8yncHBV|C(I+UX~9yq1G4PVw90dzb6t!F?mfy?lW$z8||F+OP8jte-?0
zzS$GiXtj!_DY?83nK|*wA~dRYpfL5(jHO}z;b#y<gHPjI(22bq^>)q_pM06B&#fA%
zqIL^ubixmf<j*o=DB;aPn8xRE0O5lIl{-d|6ZHi?hNshH;WYgU_i*oRaelZLyFGpt
za}_&0A@9^CxW9yH%P04|QLCa7CSESj8lvWOXObrLzLY}R5d}Pmp@~2niZjRV?&{$+
zB=jJUw?i2L?knmVlh1TFOE@^DU-^st#I1XiJr=OcNs+e)ib}-T1EdVg2Fl|AZhc0e
z>WY)PcpZABT*nPaIY=7ma6xlYK9TmNFHUG=tK^q=*AWi7(FyoaHfGk@l7Q01%lF`h
zyuPh7*`hSseUGbyJlMoUp#g_cK^<_KRa%ofr`9gj5;sX|t37n0)495Jx)Y=rOJkkv
zd(@|S?U7A@J>lB6r4~p_`+z6I3Y|p+O@xm4U>221I78j+{m_QXbpGCzS&N<ZukCVM
zbN27r1+0_b5LHbj=G<fMZIg5WH8(5A(ioJH|3drEAU@@LXb;tV+x=3X|8d<+J2|r_
z{np^5$h-77rTh`!#gi@MU>vO0{=`%xiQk>c`*b{!Lej|P;vOYGx1M8QQR29FP~3KY
z^<308-mlA`Xiu+4B!7$?&tQE#IyS+sB@C1_q3aoQ;l{(|tEtHb4cdq}gF3C*d%~k=
zk8xtEnAByVyyyJpUXk92D;dFYu^VW^<@=U3SDio`-@$dgU5o`PMXQdoO1uh|r|=;(
z=y)uv5s~;H1|F7ta~6de9>`8h0Mf}Pq`cG^u=WD(pH4TsL~$#iPBI^GLA)bGeyv|Y
z{4lyv#i|&sdFi;}SbC$g^K-)p%*A1?Uqo=mN<Ag71ZJ`pyi!o!@QAXeFyd=H`|%Je
zw?OiyLtLZCeo%6T|7R65-9-|^(+-jIsGzG41qgaIeNs*iC_flDU#;w6cgB_dWQ95F
zLBN{eG*I<rmVX5I8iz4k{Eoy=9g|9La<<z19uNK5k8~1W%cP<mPJB>_Ps20$fc|i*
z@wEJuZPBag`Soncvou@(V81+0-K18>yJB_UEHqr(06U<u)kGbdPi5ey8d++(alZ{h
zcdL$S$Mwa|OZJE3RybsrvaSM>FD%%bNS$VS415cca7klLtbI`igSctY`ih`s2H(WU
zaDLLnD8HRK|NZ(&F?qPi@fuQ|&3<Uwtg{QLTOk(5)Qndu$4mfkp43S$W_UV$L!L*K
zJQg<f!o8s|qS#*TnaerU8`9F3x0ay2JJoD@RTthpsjr(O{yM3-ZS5`1521iB#(Pp^
z-Toi%t0j!cbiJ+%q!TvrY95tTjRP`k3}oLAJ-JM07F04!O{m%>%AEP}OAD+xmkskS
z(67#h<OfmP!Sv|4y(??nL24hYj}pAgp(;_dt4#^@CYk}oldRa0so|iD*uB04<8obs
zB|!z(PoF4ti;|2Ve=;StgT>DpXlVi<!KQ~g8_229$kH(zPi-O#!~|GbxO)g|==ewi
zlK??5`4$nqCk_7?Iji7bcywx4UVHYXx-Q}m>nI#WYtZ#ZTWK=DWwZ9-%S=4`$^%5U
zQG<TEDl6ORUUGm^)Y_wo(w7`aQ6z#<g10m>8ED`dCIlR*-x$aqw-7$24L)FF{0YD}
zIXlUUingC;bUz9|`24HjP6dkBaV(4T;`MGD{7Gi2$E1rf+SgjQD<|l(sO&qCOjxYl
z;@S*o8t5`EXm$GBEog^i7ixoK=w=SsAc+zz*38@zT(OJj8r>2t#?uKj?+)9|0(8&0
zO~U=X15xS~BEhAynup!OyJ5#KO_5hhm$5<a=jHLkvmZPp0;{~Aeya8wbf({M_EU!*
z4$m~!zRFDMifeWESoP+I$vBzzo2J<!n%>pEMjn2+;I&tpN(VbnF5S<vEc~u80gq{A
zraSU2eZgUn#n&CDd8QLVHG|sHx<kT9o}Q80rt|{Arr|>>CdFv{pffv3+w{;XD3m8K
z&T{o)RI5TZo9H1?l^n=@Fu>iTQX*9)K5n!G=}c&*+~iksSr`0Z=*PD81&wk^?kc;D
zLoHE6R7Pi?LMRA7V~^BK1G%d~K^+G;@T+3laXro1@q*j?71-J~h`^En!r;Txfx|jQ
zP?Sal`BDA$<Pg^{@V*lFQ!QioigoiaeX*+w19ybf6x#4f=WgN1sUS$N+OR%!`dbq#
zX4CLEYJsz#m=Gt18RD?o=@PLqGtc6|%cEBq>VJC#IawLs6!PrRq2O-NNkql4VM>LD
z;~f2)@RHUS&V_mCUma;w8v9zyCE6jm$@zJ|SSzqJ#Jo;>gp$DrQI3Z?M|v8TT|*9s
zqSl8L{X<+c8~$<laf>iBfC()%&ZoQonPwk{bKiQWupIOq>QF|VsCxL2w~kdwOFk&Z
zP`xv!p%1fP_AKJW1>-+$B~_*;yjPPEpx~YCO#!*86Vr%gTW#%LV+%7rY)_=hP9Vno
z)EWzaiusl-zFv==gFRLh(U?uG5UroHA8IA}W{g*8xAw;Ftz5N?k%no-UukC%`SWC3
z*alA9(!Y=dBp)rxp&l3I99l?ydIMV5<u9*&CSGi^J3Q35LT^1t@=%grfwtXqvx7gD
z92|u-c<im1(EJn{_zekGZ&Mj$<EokMerD^)#r9a`0G_xpnn-Ghj+0%ec~xOx>Clxf
z?}6y7fYSH#O135>W@U4-Y-twSHe@}uNp9HvT2JPl41Hk~CC|1lI*NX$Vw?<fK(+_s
ziiv(aiS%_3ETSeX37&E74oxKHjPo*!Eph}q<y9GN{h&-gg#-KvB&{nmjvrkbHRu{~
z&`})Hl+ZF)&H8Y+vMT*}wXFHjlR~mkY|A=vw{Pw&yk%r|0;qQ}Jv07UcHY~8P-%#L
zq~l>vb7w_yXt0EE+D&p@gOD~`UcGurx^Y{>nvFF`U9<4MLo^Vxh^nIT&`W$W(zqW{
zk5og<CgvA4=hQcUZ{cec5Zsh`s-{#?W`3E)yKN!vmT0tD;5#t_G5El2uh*WnU}lqd
zKOI@}4H2<p2JDO``?s6*Sn8?#-5(6^pV*<h1jdkv{JAwHuP}R1OCr%Dg0QNW91Zmi
z{f#^`O^dW)@QmxcljqoSwS9>NfYlheQGWifjNaLk+MH&je6G*fPDxJJ>{;#=a<t^f
za1s-${rJc$mz4h!=DjeQ&E;~AY%9E75CjwG{Ru_q&#zfu%!&@CkCYFGn^|$1KKk%!
zUHYM_&G=M7(s9m$w-R_x*rdg^ll3_&ZP@ha$c!-YDrF?u&g^1^*x~(9pXgT$7~$D;
z-G;Gz8oBMbhZ3A~HlxDPleRj$C$*NR$wAoIj&V2l9>LL%yerT3<_ejJF3IUKgD!>C
zgq@XCY|$fTR7liqW|4Sf&XR(5XH0eS$*#9cnc#{#(%UZQ0d2_#U#&8p!d~tAIc;Vw
zA>KpxE{wJH^RX>rKSMtMT+L$?5w~rw1c5RTUL^-?<u}TDqqXGVN9NZ$%?}E}X+L>(
ztZ360qR(b$7oQ*Me3YPYF@CwjdTC_uol~ooML(}SQzI;MvpAA%;IYoZD-z3%i7U-s
zBfV8>P64>huJ<DlnTg$RDB+`7-o4lpOZtuEP8$b_4NfANkRRLz*I&5Zn%XT%vp1XR
z`9MZP48m%%+wx66PTI9E5OHS+s_ueC(!YCn;e_m|58u#aWyQ(cxIFB7O<zzCMNpq;
zvo%ac>7S=hd3J07q;j8BJzPz1f8Fk@-OugZa$ebUKln)k^VD<iedE3PhIWP32N~~D
zYW?b1H>CO`yKybVU$QC8XK(}0<oo<$=v30$14d{k0He9%LM3BOBy}`(28U1yAr+o?
z3cNJ*rljv2`*r8Ta|t(6WPKHU-|NZ8Jp(ec-eU%_NJzJ%xs9Sc0&<xf;94XFxZ<3o
zYdR3n^>R0v-z#R-chx)YR+5_~ie;QtdbbtbO~nVj=nf>S^}Yro*Q$FV3I*))(zNhH
zQbXLNVxW@~K0SkurM+J(7cX$7kwuu_p{w|vq3lA{1dGB9GM=Zad<xBhp+c!krb1O)
z3snPcfPr}@)Vw`ccgXOe<TtnspT-yA-YONjF1}lBHvwb$ic6_#1D8C9W3An&S^eOI
zoyro8xDRUL6I_nJRGl6@sJqOJT%u5_IT#R_HYIIOy_nYwgdHWEW7A&#(+BqfFVLB;
zpA&wODM_`q>H9}FBxZ5m<OsT^Fz(`}A)wHSwB+66I8zJ_+w!-Y`CUKY<QXAXk|p!a
zmc8-X^^K{L;bTSCDidg>xI@AAgmxrEg)q?AO_BHzx7*;NQ(VOc^4-_Ej7Q~YadLQV
z4%&hKn$83?#72G*1TggWXRQu=ZtZxPeoJR87C7v4HG(T82Op@4mTtlN+xD-nHXKt#
zIJEXl8XSV^Z&=>xnpK)zu8nw@83}HyZjBt>S{+gzGFDxvOd-0WR7>-?&ULxFy0S-z
zd3Iv%Y#LJfB1^{aT}{kaVfTo3aru?LOl`x&lr?p?XDrb80)Pf-pJs%cewQk@M!TLq
zYRlfm!9iFLH0iZBg8O$ZfTv+3E8Vq$Dn0EXmiYA1v-0(P=PovO)=J8jZp{kipcI{|
zz@7dtw`?}MXH+H&k8q_MLJkfhP-ia`YOX$J-u%+>_ivO$P)VXDaIvLHri_jxDAgdf
zE6;OZ;8+aNALRX--PMSm%rfBkl`n29ns&8wYOA8w;k*IZ%AdGsXiu8Jy{*P_6hS$w
zmQDh*henH=1XsR>8hXR957Z)PKmhoF=s#=IU^a%=56D#`$mihlNA-wOL6Y4ilVO*5
zB&C(9I=x?RzTxcT35`7pZpeikk%K+DMy>Ca9DHeJs~ul2A}{DsK?hXq33{7c^xYnK
zG_tN?JVK0Qi<KJHR$k{aPGTBMaFAKQIq!~Qk$uNJWI{MJV$a`sP>)N&qI`!Cc6`F&
z-h{en$j&NZ(|0WK$gn(bTbl~+x{{&52Ig;G+V#wS5Ug_OA1+jKf4@0NduIz65*s>n
zayQF>T5fO{V^$^6-Q;}|A!%HWS!kW@TaL{|-Kng5ejHa*=`lCT<018BYYGN*eq2S&
zQ87;>N9AJa4-S<WOEz5IZII_*iz^o|Tc+3PBo_~ykV??-*KYY>7w>!)=;Tf#_gpwx
z_-z+n9#s#s`}m|Ta-5UyxF0^~T2M)f88CruvO&PtS+*QvXwaE)_Gh7IKcvL!wU)0Y
zO=<v=oeUMvRZdyms$0<4zW##N`pRzk`GuUd+Xt6vY17wQT4^dbB}(p*^URa2&26F}
zu{~SER;S#85uhKeehk^Mz72<~rC7mRE_z5y^pp~_iokPk(AnWP+lpN9ICd)83Nc-;
z*lpk=|AK3iXatD>TJ0A1jqIGfi-&)<)dRotK*-PACNIBRw>`c@vR$JTuk1H{0vLaX
z&VI+wxEUUc+-823hTSB32?<K-RyX92hS|ZqRg4l7$o&ja(*a(#9%>b0VLST+AAhQN
z95+geUuWW>g!1gNAyQGxLhJVCX+4E__WDx8XEjA~{@<SNg}A@!7dG<`uc)rSY|T;(
zIH@~|?2FT18{#8lALd|6e&3<N8pop4a<o1_O+e%oPpnO{7e}aM3*{Wx`zi>8U7tgd
zb~_kn2ba0*J02{lF&cd+6P0>{mRO@1=JR=9P5i9QZh6q*eC_ZCVR@i{q}Mtzne4@`
z2C_k9t9c-M<TyB=w9&7osPy|R^M#>3b>f}=2m*h*y6>+T>4^|8fPr2J`)toO>tcow
zCUBuvaijXI8C6u(jZ{cAcPQEQ0jn_HCGzQ^LBqqnu}UdF`LuJ>Cg|$tpfJbz3Tr!9
zV*80D8Cq-NO;B_)Kv-1t$LX}*hu(O_bWDHsP02&Ajflp=a?_H}oy@T=q$&=_w>;Fk
zvy#PES7*AlCdyl#2APL_09;-ZS<mJ(bPL+{G{hx3%n&cwx`QB5pK>g%&0_-kwn~a$
zDLAZ=agK2r@||laLevL2M_XGFM&6U@?W}$tEk;=!mE(f)H+9I<j#aWi>NbQIidvw4
z`zrdfbR2P|>hNiVb@&7fpZ^_=61Z$*^}Cg4BB1vJ)O%Bv9Q{%0p8zV`E$y$bmFpdT
zL?2`a1%%XynQ{<9t80(yb<4n&Lrc%MLKsj}1fb9p(>yv2?VlB<iZ`~RT(lw=Cpp<(
zrI?vZ7sxESEylK`&W*23;`3D;&V?`-dHmIH%xlgJ?SAQde0)5~iD-9k*lme_#<1AQ
z$^5O3b+vZd2Y^XV5lu=24cFCClSr>uq!rng60B-A81ELPyt!V%l{|%O7Nu4WbLs%t
z1RHJ^VqMxe6cY0tQc&U$pS29C8F$Ago7N}F6U#@oBPKZ0PDQX4+@fLD+t(10!>-s6
z+nt!gwL4)!0q5mf-_H`K&cQ4|$O~qpiajq(Lv|ZUJ8I<Q7D%tzFJW5y@T^uLaVFs4
zUd6P+z{hZnQY#KM?^F?!n#PL}TL(l+t%^nd50BW1;t&9KGSZ}tA1nCq6yC72hax#u
z4s<$(MzNzh8d>3O$GwIvmn+<AH<gCRcy-@<1p9;rZ0urINbB({!t7^s>f3jd0Z_qY
zM6qyP!)Jh{VdaSm_dALtYh9oO&~ssLOQa6=a&W*->{tG(cpSaq7gf6Zx|*fkeC+U(
zz7cr^6rdYr;wN*k4AmIef7cFm!%Xn-GcG?L(lndgg>&lqD{2h(RD_MwjjlUPwN%gc
z&8t)M$$&_&fm#ie=iO^E%s7<6gIE*t32Q=tz+vqzK!*_yq4=cFbWteTMS#h1Sk~oC
zv^9P(DyG#2w)bJsfz+vdzGhW13Y|@PAo}(4Ao3pb@==XqtdaadX3cSw)p`mr(v<IE
z@Yi^A@V&|*)*C3jfP(jb*%)n2De5{NvUCCW^pC}#^hYp*qOQqjAkE`;(d`i_k-&;F
zH<%xFvO%kW64LHkb!aAWH!j;afndC$qEWTYUX9ho1hPuFh`TqNATlGeqb|J|0;ao(
zxDuLK@SjvR72yZ>)TvC%Dl%qoYOHfj7=aanZnj%O+8CeloXwNPjT)Ew*z7?1xSv7Z
zl$6o8a$Nei%L^Yb@JjmIPKMCyUoX7d7GGZ#pTupX-F~qSn2^kd>9;i!PD?J?ycq#x
z<uWOr9fg1=Ze$;j;h(9PiI8!zQ!T2d^Gl8`1j>~S9%W|h;QBH{*!J8l=g8s?riQYn
zV}#FD>R)AOj<a4!?P@30<5=fv9P#Op^XvEU<frJddRPi?=Nn+Gx`T7wM=brRN+YRC
zXPp}-eH2m>4bF8c=W&@*p4=+(lrE_+Y?6v<c%t^0LqN1u(e7y!xFzCAC~I4NVSr_{
zj@C}UAUrC=e8a%-O_wqCR*Rm6dk<h!E9uptUjwOcxl&?9Xym)lmb6Y$xfQ0m#IGdk
zMm%oTDP_aJ<MAXigz(&^lErQ7<8`V00k&a108g^VbL!BK)>Uoz%f^=7O^gF*6}-~K
zd#65G6@&f~kSTaa<U1KTv<j>>EB<!uil?$TYVQ;44}<mrpA~o<_JRiFl#7d-Ti(dj
zGv{b==QaJb59O|#LrQySpE6mO560P3)phzh0BhfhKC6=?9Mj5csGMct@NXFyhdkaW
znK9L}r5Ocf;NTe0#kNXnh2}V~?S077*e`0DMOhewFOde?YOP7uFGKQX$uuei1G$bZ
z#)nzkwHt!soO{hGI&|2kF}p@YQ__EXsD(9B&tt{hnaV%{%-l;DNg(kf2;Wb^s~vn)
z6X3Ma(KkNs>p)HY`E+rtca=ca_cTt4A7l20kv?|QX&-961JGIPlIEE{iZo^`mFMFb
z+mwcIsTJ1m)wLTT^oFk=5^?Icmaz)6G<_dKk0!_|Dhfj`ZXYvzP4)9e&#!O===k$(
zI~Jjfr+=KA-E?#e4^3vRj6Ni%=d}r7#$+9Xabd@*U0;dS>hI?_Rx-b_E02&-m334!
zC@e|v7}$!M<$}1MuzNMSajm-stXA2wN2sywj0bFV5ULx4cxU#%;U;hJgJ+>u3Z)YF
zw^G)l{l(gTX=3NUkL%+6IH=;s;s7Og3YRLPoLf#|nS7PyZMfcK#htHYnZDomvLc`K
z@lGp}bZc@y)lI%DcZ!CygG*$9TB<I#+Bummjhbyf{32<Nt+mGP`AOIYLAP<E58r{L
zha>fK{Yo`0v~Gr8)g9HC;EF+&kF<u4%N%kFHrQ@we_xH9S-!J+p-WWNCMYz92Ny3?
zG=7TfrIzQ8Lq(ra>vNqMKOSmtQRANUT=HdQZ>b6**RaffC779DaxEmd^d6%ER_F<o
zg!2;yds<(=F|&>dTC9Jp?dN7~T~agr72i3bmDc_Z6!u|2eJ&-f>U8ob{`PSWT*_kR
zTwyMoc?|I&k-`R;=UP-$$f$u)Pu0fCM0fYr2D@?4reWSwGF6Vn>E7oBRy%gG9+fD+
z&zKieE_oO9wLjv~qhI_)57`N~X;0+vM*@nruNbG4c-=r#J*OP1RRWcvt17nJ);NDJ
zf5Pp8?e<_*61Jq79sLO`-48hQ%ENc-K8?dL*L&UVgaO|~Hr*9@ynm5A5kVd}uQxMr
zf3$xsW%x<N|9H-WG4mJX#Mrj#>Tw3Zd?HuQV@KAz!v=xb{V*hHMn)JZY%`?4psL@>
zY7t?sLBE#?8pa%0*zR3wWvpcQucP}0DOS~M(o~k*o@Aqc#R1r+R+R~2_Sm$%M?Jxr
zCs|uWfl@y<GvXWEQ#m?b2pxDPXmGqrOd)M(W#x*6X=EuFemqvvsy%EJYspb%pRX6R
zLi>31e78-Fjjo&DA&DmAW(?zH?v^?{J#V>`WsXl!tDrJrV=QZE@OCq>%F4F_8&01o
zMvqr&(opC+xk$3$^3g`Hsi!pM6Y(5Go%UvK#gT|;k7@y);dyxL%gkH@RYQT$?mKA~
zQYjvn!68$I&n1OYcdmM2lGM7JTPMD4krls^Haw#$ZBT~tHHsYObBxS%-VjfxL<pzf
z1@85YPtj+MIT{6;%HO_hTvVnRlc=5ZqAne*j5mY5_wVp?u=(9e<G5^RgC^I-7k1k;
zR8_2M`8D_H<l@aGZ{PnY_YJ89ttc-QZqs>`6DdUQ@*Kx?cL%s2+2$n^A!f{5d$m9G
z%`&MGoL4OVACdXDr>yyKmh(H{Iyi$hUBMl@`hET67G#EjNH{*fbySQ|p;M@Pi2=Ep
zOs8Nm8T?S#ok^*Hd1{$^7f8-*$NR_E2&%nZ7*WeBe0tYH@mpMSZJQVnD7qbmYuOiE
z7<&IKHYr7yI>E0fWi^`b(npbC`@eKU?9~OQ1EuyiY@)R3uzvf3tM&RljdwI8_(gGm
z2SQz*s`mS=ZC`8@R!$+&iG;m>uj+me)rG<bkHuQ-#!27*cKa9lkp4o$T;zckUW$L;
zv)`>=kK#QROFK#lfB1Xq)>i(O^IW@BiSORugB^PUCBPSf_JXk!41cd5{w>1)rNn=f
z!(N&Gkr2f{?f?Gk^V03Rv4v+ig}#5Z|La3f-+t4-d!H^^F4p7E6aKgL4rb$&+J6&i
z_Bt)>Z@K?JAHx3oKR@^X_GY%@r-64$`S?7k$30NGBYW9?PPuabM|UoBJ{H^+o+qcg
zxNHe*_Yl8^4|?SCIvLoH-W{KrY{E3l0Q(6_hBF&2Jt{lpiEe7=ZG$Gb1|O+UL#_ku
zdX98UB5+QD-k~)3>f(hvIhY%}OAZR>ADRB^V>nSe<Gx1)ZI?rM_2T$<-0wwcWtyeV
zoK{Fa!pc?cCtxrOdurDC@EAHP^#Fs7$L~gtREqe`Ee>sqwp~uSYk0&eCYWkn2Q1bs
z68Bzln=S9I6V!{2J_I`sW&LuIJsNK>yf!M`iqA+T6BUFe!qwKM<&hFtME&nUj2-?;
z43GW6D?wPMVpSL4lmk}Vl<TgoSL(I?r165P)ZTD)#zV>8*=0I0JyXm*G^Fi@<c3=7
zjEG?pDKX-ICOgwf81TjQcsA~k%K9M&yF-zrzln(d4(bb&+De7{X(QnYA1X;q($jLG
zEvNS8v;Z$yQ}NCoKHUH6=5R7Uok|QPYGO1q%OcE!eh8XwviAc#+xE!VTAnd^wKT%9
zbsV+zgD2xHtf;NNUKiC*h8%csF8^`y;v~}nb>QdUs(zrdtVPAWSRXCRAF3w{kH7x2
z`(7yBwE+5zw_(QQ`0b^7-EsWv;Za6#d+$p6#<MtBS-;LJ4JU0-L*@@P3M<6y=BQV5
z@&RulKEbRILkBAweZv8}I-EKUy;*EOhp(Msls+@Ct*TRF$_Ir{%>0dJGHzV`mQeod
z=jnc{v=$$AUlVz~aJfgIx{-#QG}P4wM6wR`8KsI5g^cEw-3U$gVr8P_y&r5GgGS9f
zz?SJQQ+t@%dH)6;{TMB@SHH4KhS0Wq>-h7=G-~xOB&LAuyKi;$pH?D4^&4r~XDj~n
zaMT&9?D%aAGyo*GtDFKGo;*W)kY(v<8hfmsByYD-E|YS+DVww9`_9HwRkC9Wo4R35
zmQ#s`oqQ3Amm28V^Iz}IKH*~({E80~hWYi+8c*&7oG&pQdxJ;fn?GQxMn_wrX6@cG
zX+%X5wKf}b@5sUg+PjD(8Sbd%I*<5FDmdw00OYo6dx3^jUU|;hB+09LBA=GQLh(JD
zjSTs#%YK0=s}N+udWx)<3_SH0?ecVFL<M^@;144!m3X_+<A?!XsH|n?;S}N?4-G(`
zdL%uNrctV#9UNv+icR+K3UM^$mS6>djh&02_N$M&Kl1qE#60tLPsOg=CoQ+Mop1rq
z@3^jH&{Ps$b*}FkAB9wc5|!SWUKMbGmo3iU+HFd1`IjxHxd&XllLJ?pQXOnIWJ$Jp
z<f{0-W^?Yz9d90>i1sP+t%reRy_wjC;)KS=oi4btQ2|wEA3vpWTYkS1rGR30h;Esd
ze8Du>DkD+Wcv&$N{GHNmAf=fY39XdiB;$$&633QyEAi4sFhZ&=Y$>rz)YR|?Rju<L
zs29Yxku$5rV_F8uyIGuGGn2@jQx?%9sD%pS0bk~m$R)*i!jp6L#_TPy(3sx6XTzvN
zulh#+%M}lrerGo(ixt<d#1m8=!ntdf2_`a`@}!11h&9?QTTxWCv)(cpAfQaD<G#=Q
zMC;k3X~}n`=fvSH#mA2s7C0BVRE#)-vwYr*DOAD$Y{H|6!_$a?S-?}QL&KKK@!<&4
zMw}a4SI^Nl6u07CRFKxrHezaKmObkl2AE>z;g+Y_#OXK3?l#hSq-*!ih`YwM$t6Kl
zjaRFxW<<i5*;ulU>Ghp|49Ts#J-XlKqc57seFu0BFHuHG9lTLBh!X4LQmYjT<t+AU
z1Q3Z6(>Xes`=P}BVHBN`@)6$v?+=<{CnK1!rDOAd@oeu+{)=ZD{)cBn{uj?iqUz6F
zf|-rN<(gn4dgg?2@ncrFiiuXy8;<!&AIjPKbv+;i{V3DZb}5#=*+}>RWh8m%yu~;C
zc?=+}Xm;LI(53B_X(WnFA-35)Q?Z+=sw`o?i4}xG3RGZoQ->vc$Ki2$X7PS2iM%%L
zS3c8ULt-719PDb^7f<VTl2Q<C=Hh|bXPzlKj$Asnt!S{*+^gAg`ol!B2o8`|V3VuC
zs{kcb>71c4g55e<&m~?NzJlG1c*@IXPdV;Y7RW(GHw0atkd?IZqij|;&3wlPP*i6^
z-<%OQa6Bnd{c_yUB&|&Ora@VmtHM_TN%LZ7zScZ%)+~DMO~2etQTDG_jM+QSPiSVD
z!j$AWHPt<>wnCNN(x5B*^U?`<)v%-e`2a7BYpFc{3K=GjWkqaErNJeh3SLI7ikn%G
z1V!`S&N~Sm7}LA%t`CxKpV*ZWPg?pnjiyulacRysi7W@y?0{*gp|bXK2jnFFo4gB~
zyLpzqu{RB?Z<2=vScLJ`etB_j{8YmlSl7_`K#^qjA+#e0S@?la5pq*7%XsZzUB_ET
zPZg&B^3T~Og6OjZ_mujOas8zpIC;hsw@gQu&`RIsRAKJnZ)Plc6zFX67c(aOn;CnX
ztZDmP-E+`iF$!ny%qxZN7V7l+FiUFXO{Ha;1kK__qdoFQGo9y34p?`Z$zoa~A2WV^
z^WEuEWH_wiS3MqAYq3HMu}xdKT+F?g)=~3l8a5WQ6cw@29FXdK(T_|%*Fh{5b~!GT
z*jflgZ>@|cq8IYa$uCz!t(IJ73`xUjn&+16q`eOGQYiLZG?R`r1uwW)wfE?gGnHA0
zZ#@CJ=hGj8#i2QU*p_2s^%j08c%;C1mVgPK5u4Lwuby)}>1enAI~Bzt;Dm@{pi1LB
z`+03ug#o^CzKa&!Zk<8yeb3Tnp%9q&MUV#rk<Or!>Q)6}rUFZjl^2zkzX2x<C$dXt
zHEeN(lJz%ZGdJh=CnZle7y9CU?T~@a$Bs=33C6&N?*SnI1xD+#qLq=kIg9(z8Ad;e
zy|Xt!$ymm$sAx)?g!myoXy*QHlDWt?AArb0O2{##|MiRev1<R(y#8_tKL0EDK0xi+
zmwcn_0)W@Ld2B!xxfrFQnTc1DVcU<yaE;9W#ok*+#g%P=pB*C*LJ01V;7)LdB)A86
z4_ZiYhX4ug6mG$_Ah>Ig;959^yM@Aw0;bZhyTkjZXFkqav*z*Xu6wx0?%n&Gv-fZB
z5>>oysqxyGjvL5|v-h^R<W&OrYgq71swEfgg^<@S<)9QR=gFjTciP-W!POaWb?3a^
z>N@Zg-Q1*i1+P?`fp1gJ8#mWx@(`F-Y%LVhxb{$_6=pF!2MwX5;-NprW6}H|(R#QS
zDqKHLE8&17$du3;mD!U9R2i#wScEu~E9$ngFRx1+DE2%|yHz-B)l)i`zg0?SIEU1a
zRm(_tLx)=RqGaGx85!3jcwkI02W%0+ZDqvOnLBqtKf8F|D4oY=oP-G2-#|+x#t)-R
zsnbA>jQOa+4BIsQ8QF~Ly;;RaQMgyMw2Ma?HZh(e3scTH?lLB68pVKfn?4OX-uQh1
z&$>nv1;u*e8-{}Ea}Dtd*JqNwFQ8;DdTti!{Ym5jB-MM&fOlAV343#z1z{XJfca+Y
zMz%6F)!zQ3GHW%7uByHA=rLz6t95E#Xp0X|extRFViLYrZWS}#+U^U`KyL!@h$+1x
zzNf-Iyt{USL`ggTPy9(e%QIjy_w9;W^jUGPB(<uw!UeipfnqxT`1&EBu$Z|xrYtYN
ziT?J-&@1%dWN4L7Zk3VT={cvG>O|pO(i|Xt0C$)Y*0_5PRQ--#e5QhZ*y}2nvQ$#o
zpmWU{#U^8!-lrgEf6+L12DDbhbl;gJEuUFT4ug=R8!})F?h7qkSV@T$6OXfj2VOj>
zRS+`AOx#kd+Vie@0~(fGe8d@d#{KSFjcqHXk4fNRV7$Z3f9*7bF@g%CC7|zLK#k_n
zP?cK`M<(xIze!Jpm$Z#DXCwXOsxm_9r-7N+>)-oW-Z>QWPO$A*QKWAjdvE%=ziNRw
z^aBy!y=>ogBb9z~SqrQ6S2YsPHIL0ktxhv>)loJKUd(Mw-Ov`e)IMD~?Adr-A_03&
zCaNKYM2zG1>te#yq%+6S$Lk2cjp>kXt6lGAoGL~jY(Jy4kAE;UNKo)^rmBL1^`+g-
zQ%>uZ`A?mll)Mm5C|i;JsZ|%lKpc30hPybLqCBq3-pis;8?rwkLJZYmqnkC>DU^5X
zpm6X}wEue3OLxBK#l}rxY*Hk%W8*%VJzvd_dL~#V9wEAtvp2|Ji$~ifnQpwZL@`Ha
z4W>z+kBPxj2IAJOO=`BFX?@et>>?+B8IM4Z@Cgy<5vR@yb95_Jjm!iz?Ce_!-(LMA
zoJG9Vt2MxyWZ!q6imcZl_v3s0OB7V74(Y~4J_zv1K1f>DLT!77P9manMRI5Xehn3<
zc2o#e5G^#x-K@e_P7k6)IIv<qtZ($~Llvd?CN`>_ysos)im#>V|HPtF6`5@{4~`$x
z&m-o~@*vY^@c!7tS|i7f4Z_*&z)b7+=yxmt$g&?_TRn>O`$G)4If^C*o^AW1u%v-w
z;N9mh4&so#QjpC%rFEQ;Hw=B`HkJ+()d3>beR8=CoXkE~i^?0#@j0r+seM1lDW>=<
zDy!;xj>e(yCG&vCxGDaerEdDt;lonF2t&6;>C68BORN$O4~!#3g>Hm(E#Ey!YW#2(
zXvzSX&ETJ0%$Msp*_Br&mga>ixXl(&9i#L$aCy_e_xTYq8V6V-ha^?oF19>KClUYn
zZlGb8f5BA}?UZ0!mf;3jSvn<#he6uD3)IwbaWz!<K*(PDNw^YFg#4pML7s(GTt-1f
zhLWJnHBq5ZcE8+2M{2!=poO(vUd4>o)FkKtZ@8pTADEgYI|><%H>ZDJry9ER6(yA0
z#A1<+Q*$zp27DnmSO107yw`#86p!7^4cIZ?6{)E|wDl7;(h4{2VtOa-7M&|h`4<@_
z%^8u;$vSqr53mKO#;jS_o)xc^U@~dst-sm}R5kF^#xTD^h@Em86DPLf6vkENwvO6e
zi-W=aM+jO7h0(OaWMK+SNiBmifQ#wOwyLN)i-3pFFrs#zflD3fl#_XgTacJ)CugY_
z`>guI*9!VjQXS7CXD3)^k-xNI^hVqFkZ;dwdJVe?u0zEp>8iS3<togl6jPzfsyj-N
z=u(pMCli>3&`bGy@3-X&>qDTe9;bWj!``j%>0}K^9L*^g%lIb50zy0pE9m3Iq0|Fy
z#%S&Ao{<484sFhB+$jWSjQPwu!5sM*d@+>zDTLMz8zoO$I-jX)H6(6{4-b1wUxzIV
z^>A}5D*Xq^S)Tb5$vGf|u>%e~O-zsMSVm_BLW@qLoMfI-RvkpeD2-7{b=FTjkJ<i0
zHOvZLWNDq2V}v9#DR2ZA6KWvHADpw(@0kqE*mM+3yit;RGC!dt>jln%__Agx!Q|~{
zeG<}A$|?K<Gu<ykKe}$GyBqjvW!8GF9r`H>AAKsjoTEI8oJN=1tO&V#M8l$e?%$r>
z0$b1q7D}n8nb}=Nbm&}?Xs%XNfk|IMk5p6%cDtn)GULa-Bs3HBSb?6xVI^EDo25w`
z{oG#dp2vAH>hq4)S_CHj$eTZr9{P6zpPWlwY_%7&mrVhD#S)=@6=OEC4?L>BC>iuj
zPg*4q(RMGY-n!a}tr?2@0!K?UA0L``TF|whUy%2^%8*rNjLBPfBc{$sDIk$k+gnUa
zWMP}eAt4wqqA*fF*LK3ay)MDrB2N`;|Gi>)K(@S~?=eLhU_n^^)YckD+z^+ExiBuP
zMN=pz&u|E}RmR7Wjh$)B+A9W_nw;C&*O6hq0Kj=gk`kpBCeD)+KyfCb%%CCmUz<KG
zWE5^$9mQC3GoS0qM>uF&s`k<~32SCFkvHkgIZ`XSvry4GXiPdYDI8@UHTZ2Z_-f!!
z$YxT)dV+oLdVjxk%0B$|hmzYEc`H1ft-NV*kwFR-sJc2_y*o=R(MKwn>*}JiwHhKa
z7Dagnve~s=Yi#>gmND4q@_F45!4y}$I+7_SxdDi~apw@Q6HAjiC~pvX^mv)5ti#Um
zqbXeEEfn>V`MZ)*_oU+^1QcILNOc=y47bzGr0(Knyt(dMwDrz!xCT1!aJJObQSq@o
zLG2`J7p=9nInVC~442?ojirAgmJ5Dq?7PQdeZe6JX?ec=;`|3eSl-P`-dsFe7TuIF
zGGySh?jD*V<@dZX>lT$KN}~E-Rg0rAt4Lt0R{Q%4H!1*lfi@WsdwU+^T;UzVNlheN
z7r!Qe;^dp*@cN6pdN(ZPBbCN0n|k@lu!fzCV)J(l37X}$67i>8R(sV4fMT5C{-7@1
zrrk?9C{f`+|F(z%P$iUBY&bKowB!`pY;w{+Qs#Y=PKchI!X}fpY_4e8M5zFPdmB&X
zMlz02m#8@i`K*M*U&y;Xj7eAG^I0x(UC{b+lId^@U+KakZ^zs$eY|OYWyaHTwzMK@
zv9w$Z@fLd)th0DF&d&KL^nqD$HBS%JL)c(u+-F(6b(;)mI-tuFt;+zjzi#2eK#opG
zg?>|b1bIO%rHi(T&5P;QI936a7;g$kB+7+_sY@3sxoBq-s>!OQ50oR6uh&KEYD$V$
zJOcx_Zj3&Ly82=wIhdY*{P;v%OgYQvs|0T&4eiJ(fV2@_|9VXvR8u#y<MQF+gB-`H
zI{UNpspy#Gh5`GwLx82_xr~$r^CfC&0=ZM#ZhU-F#``_@Guu!i(V+S&*rg}nS^QpA
zIAuPM`pvev&EXKvuwF8*t#+dYK&2RK{7LgZg%4gp*~yRV4;K!+|D^&}sSx~$Nt1p0
zr^|~oRSsHkUm<UkL+AJCiv$Og^2O(fa}LvMMIZ$=If|ar)JAb*GQhH0Gsr(SvBvC^
zUUG5k_4f9m&buB0xhwbsE#e+tb<}YVF5P#wW2ZXI9$Hlr5>O%9$8o90)q&H5+Kt1z
z!JTFbGG#%;!6pZ?%9-pF+|^Xr-fx2ig4Ii|>uYO7MALFQCptaW*2ZQ^`}6OAi&zu<
zKY^6q$KA#R%Jp8!atJiU?YX2&Kda!R0R*I~?xXYFW<OS`>M~ML6%Cro?VDRxs<lrf
zf28DAKIh%{n$+l(@+a=raAt0YA;U=$22_W&1wDn&XNhKd%WNcc$(XV8Nqs3BO-}pN
z*!tJLNW53&Oc45gIX^9~n{KbT9m})FfuY0V%C}2|d^*sAx8+r8WXMh7@-yQV`AwdU
z8hy!ewIHfoS~NUm302O-R_LD*aj-Q}5|x=SM=xCqOJAilPO>AeTKau!o4(6Yc+!?y
znAr4KgyB_YG8=5sQU=B9mx&!=oDaI6XV4yGVSE0t<qQ{uvTq%JD)Ba9b~cas`e4!r
zc7)akbp;9Rbq|eAse!s*rgj-pDF0+dOmlv+B64Q`cdUp_0gAfUt4j*h6NiJAUBlC7
zCk?G@>u1N;D@W{74bFvUag|Oxos%diWX^Q=^2F#ez}-ZbwN3MdIZf_)xy@^>C-~z<
zZti(TIngaU_QK7gyEMWV_39CPgN|O#nS@#m<)@E*Ja=_@vnZuY&f&{R4whE^<;!{?
zO2LGq3u2La1dwrBSU4$CZQU2%+*;PS{{0}_gwt|ROM4(14OH_VisOjQ8BZNSf%yJK
zflO7)+#J9*NkNJ|B#1a5W0$>rjyRHXq3pgvpxp&H3~qGn8{-$&X39aur(4uqYc+RM
zDrA?xIHlIwSdhgWHCHf|s&pD}eL9P?U%GhhD&`-PQ2C+<+41wBKr-yH*^;DJjz;(s
zPHf?ptE$;I@P+WJ+W0~R5MQXn1Ri%oMIZR9g2LeHFsb5IT3PPdC>uqLdGH4`2QL}0
zH(0sSZue!i{^_MwjSb@=N@?o;ey~lK#wSoXekoZ9F#7^jvoVbOUkZ`-3z`-I>jJi<
zK@*==SZ+Z{0rDKVncZx=%Dx>tYk+9;B3}7}{vRK|nuYXa5S|xv+b4AaVmtDs?lKyS
zRt-4lu{SUVA7o+I&Gd;GeQh)EZ!Z70l*Zzpl*X>lUzCQ~I#69y+M#?UsrvS1Pa-@s
zx77Pb>E7Wb;rfLCFnljf7v0<7)E~9tJT>85hiu;Y>$lWMja$zfBmUz#^Owb6Vgnb5
zz3O`jB6DO^J0QC=N;!}QZ5hh~TJr)dk+DwQR#*1qAhe+3MJ?r)a&h{?Gi>J24^p3l
zsEB%CGz`zM<3b&N0T{(+6w%C;Y(F|vf390tVm4W%T;B|(2mlT_$w(kyHvki|B5(`S
z_yB0b@;Vf?$~-N;7>WVIsVqt!*P2={(*bnFlke&kR;@&@ebLQsReDJvHTD-Y;epfq
zH#A|d3hdHsDSmgz95J6y4?yh`ZQZpfV6-fl82_HJor|+GZ^i{np}6f0NeBhLQ*>||
z4X~8)mCkeS^c$0PW!Uq^yHEdyQw9C$9Qr!t=#ARrK4Y}I=EXgf&XMogE#8Yk)E4r`
z4BK&Qbd!%|$W51RZOzr5HE^3~i(@4YYt(S*6ZwxGfO~k7B4v&Y)78c?J7vZv8B?oQ
zW6uR{QFc2;RxZe02J<)G505Az-0~<9X<}sXk^9O)AKF)R#d>+&UrDieXz96EAfwQw
zjN=Wc2$}87^lJC&UlcT`^UW0s6mdD+B(#40QF#nLl8|;k9S$SV?`<`^UVzF%CQaP4
z3UT`~Ep|j4BX|HbPbm!exOeQswJ6sQOX%JO+Tvg3{EZioz@G9&RE=Tozj=B6?t8wL
zM=#F2v5uw(`X2qe$9X~1ei*!cjHO3=10()V?48e)XA2{*=R3!3r2*uElqQyzmMxGN
z1SN23$A4_pC>qG%qHiMgPJp$n#9rMkJykzsThK9DWpG_<avT-v$82fpR!y@=ycq(_
z--l^GQQ;;o9ej)qB)aZJ*shN0&#!5x1d_Crx{uRGA~u;JdRU43-yx^hqb+^JB#I2L
zn(HbmRAv&0w*oCa(zGhqVd6gz|I>I8Dk9<D)7}NS7$m(Lw$*m`8SZ*u4Ac!~uMQ(O
zNOoux(y^&ZG|D?{crnJVZ_ZosB!qt4+s*06z^wG3^vygbIdo1Z!hDd6gp~8Buu^?d
zkY<eT+HBbAtPj1N7t@qUi-Vi80&BZz>H7LmZwr2`dQ^~Vyb<<j=u=lHc|5-7#&nH@
zu1)P>m3jmQZz>%fbHZ7Xpif3wqk=sp6%Ea!70a6zA&e!g)u<R*{{5+jMj7l0iXpuE
zoE(tO23t=!<IJ?IMWqmzL*>K^sCd84QBWK{@A|y=l7aJ<0qMHv92Kn5OK6>dMWUjg
zlU^k|>xM$XDrzx0LC^W(^3+>D;S27!1k5xeB!I(Ox1{iVU(o5{pH^VTdKvV?LG%-J
zDw$D-*}36fihAOoOo6#tP7H!g(^`!c-Tl_IItn?(v9?y9rRV+07vSL)5*nT>I5LQ1
zKhtJ7mgm17NlkaUW398n^JP#k4Ju;RsrwLyL;8~kuzVPa6by{GuJwOCuPY<`VM<Ax
zQ%(n1;T{bFexs4rdF4~hdNuY#s^@g8pkL0JN#+^pTZ$DC!vmPu2<_XdPBobr<pjDi
z02y!jAdqX<n7uZ-m`dqF;ZU9CsFzWZ?CTSc_<c;V0a_=<97E|t0&L$DO7$J-^?g%A
z%;{-Pqw6^$@SD$uP)tFyT($@9iN=$<Suy=39)2}@y81oSvxF*nHN2xBd_^A5>agZB
zSY~wUKanjz&kOi2Kf{~kr2~-X&+fO3GYLj?mOj9-oXDx7<TvjeT(emIq*gNQ(g4~=
zciOjfxF&zcnb{>r3YJoeohu-d$7C(?{dE*;dx+ozl3!?4h#^8MevmP+6mwC3lxOKz
zUL@g4B78qkB9M8HWU)L1YU$N-EbG!~HbxygfL+vYJ%XMe#U*#gYHh%CZ&#=5TkabE
zedNxNkKd4EbMPkiG=xzC=gb`_6n+r*J`3a$adLlCZ|0y@qH`lPKGeI2PJ@PnbGH(s
zM~SaIjJ$dgi3*k5${4d#8R2JE_Mfy+k&nC^r0|79-z^qar+D*Jm(qZKJ%@~8(6RR%
z(;2aCv8H&@K_w~+EPnJ2v{xm~O=<7Kz;e&zjz{eU>W^u{>pLf}f7IuTtUubbgE$bs
z()!P>f39A*ijw`?{UF-cKWNF(9^b_&{(cCVbo5{ElRtSb5F+{Q_eKy6_(`1n+kM|4
z1V=$W_TlfU?>6^w3B&8(?*DH%&;R#!9+E$i4Otq!I&38?_xramJ1@1(8vAK|S9^96
zyIDxF&;D#R-PB|A=XbY@|2Y^uS6u22CtA_a(b4I|j@@WudPd5dCjVx1ZjRsLbpi74
z54>8w@9*!Q6_%5egTi7l@MwNzNzvZE0^ifIhr~sv+5HrDx?4LM1!C=wz4zPGov9y@
zy@LJ-LiP{BVcnyB`O*-IH4kf7lu2OrI$v-J3<!XG->#i!1>9Xo|Km4rn|>s^X5Q}i
z$ar{@dhNrmzr=W+T;pzOBN7r43<eWL-lncfBEKs_{}CTwZK@X?;wu)_b4CNv(vFDd
zECnCVSm!twH{h-R12z9@k6UvIci7D_R$IpI*Uev7iU`#j5)#_^>(1X-udRL-fp+Bp
zcMXw$b)o=4MTvEZ8QodM{_5(B8bndo<Y`{@-xd8*<gZl_3L<NTob|VfeDPcxQDn61
zKCbmIRnj9gj-p*O{_jdBhzU_t?$m6-^e<J$Av9${on+Xr4*Y%98ILHMZh%zb{!5k8
zAD0wWbSTAtS64<dh$1UpTdmN)EBbXB6{SMxSbAp6J4*a-K%)F-QB5f~=&mX4uZFWQ
zU$|o9;06E798do&(w<70{Fk@-zt{GEN=DHCH(pz(SR5a%orHwM2r1X^?;P=4?J<8)
zMCOfwbC`Y?pEe%UFpIU(v0Ry+dcODn0v*119^QuFe6yuUowUSB#pJqCey`;99x_6#
z(*SZZzc=q&@CYH+|9k9?<o|C<e%ny~Z%Y2(nUYSqfV{JllT;xuEjVHyQZxwb?CKiK
z5cV0(5<|sfPUW&r9;}oM_<bpQ@jR{#gih+@<kWmRsVyQRq6pT`Ij8IQIBc%<yo7F#
z6THQVBm0*n=brZcS{_$QaiYTLZ2p6~Z~M-ntu>ZRQsl0bS@PG{*ZJ~k(z3GHo3jGZ
z?|;`Uf80NNWMlV3QUFBV@tWMU%5;$Mh%))wJrsDnF?h9b=<RX|U5|)}utO)+HFwX2
z;Xyuqa?O?Yf8c*idb6_`FRt3ENJYBGqjCc$iqSb(TKdwsR!^f=po*_*llmtb{`Z3V
zpSHskUo^N5;-jJp>V^qm@{4Wtn67Q@>fgGXnr`$6-`H^$Q^~{=3w!HyMs~iJI+I}f
ztVZ#Ecu8@X$c#DJ#pNbzJ9ALeVW3gG8Dh7$b;J;pI%Q(vJn5x*@Q|Xo-4_DMWKcT9
zF^Md5c^89BO2Ak0Yq9_9s!a~B4zVZo^}RQ`c5!jBJ5?4redcv_cCDug@xIze<i^$z
z0C52(ONh8_g0Q*<BvuIo8s<;(sO%}#LF?v~z-pUL=~>BFA5P-@2VvL>b}ciSDV5}D
zVoS6!Pp^K{&r2J~^DAz7Vgr(*KAo`uBa@3(MDSwkMHdT1JzoC?nlLPMwa0(hL@|UJ
zn*5E&-HBMRC<0!-Hsf|uN4!lKNcHm7n54iLQ?%!3!R6xJZ03+xXBGcMTK*c{JcqBg
z093NmPjpKn{6;o~OU^3bnjwI&8MafrQm{;ZhWKe%gc+uoHxZq{LcG!ba*N2UBhBN;
zJl1ybLFtFUtXZ>g+%9eAHyz1=8Qw5scjro3^s4Qvi(i5H|45Kc)<-IPJFI?i2<B=)
zXEK{N?TRsAWwZv7B`mY7Y*?qc^)jXPa<}ycu-bX_l+-OH<y#nk463lxT7o~iRaLjQ
zY#iYa(o^`!^wE%>iM}V?YAR;^9HgC4?bs6i-37X4vYj=|;a7OB(yvWI-tSfne*d5)
zLOCr)z~y2jio>?Xqa~5BckZNLxf$kQGgcDj1bDz3Qo@oUFiRZd%rvA^+rhy({yDZs
zKmx)8URFk8?V=fQ0BLzFHe5|M$Yy7R?Uet^6h1^joFk&~9VqE@!USW~JD3sqfDRfD
zlhHvM<wmRB;obEsBRoiv5I*+_op|KcAlir;9nZ>bXm@qqNSOC)J~u}MZ(W0*(kFe`
z6>28W(Rwr16vm`rtM}56)4!+nXn$v^ZK8`??_z^UNoS+B<(xPAsI4%&jMQrKIEj;g
zSHA)iDU!tV)QOWkm-q+Mko)w>vzpjyVSx*AgOI!d;Fa2dB85oH140^-^S^TeEM9c)
zrfu9W)8QSz>TXxIC59VrEDB%OKc07g^D89#m)tKuvN=kX$c)2W4fDR5TO_<XKV0;I
zu1OgymkgwEABO6~v)qR3O0V>6pFA|maU=6uaX3$cw%VVV2U;j=3*IQXNv_dGS#BBi
z*CKw<{>>hK7<_|+)vV54Jk`x0wt?MS_l@`qeks1AJc9RMF6#<A#-NcPH3|ucuKv7f
zIC0W(RI<L8={ak?663E<{e9K;>V7PPD<!!^TwL7Z737?dh)68AYw`9X^7hq~(94%^
zL?b%&kB97Z$OPO@KCuo-#^9Qj>Nae&xaHj+YC7sR8P99l5mX_8+0=aD5MlC&aL@gu
zxlzI>but}olHbBAynE9HYq)4~&EkC*=!?}O=O1HgR;nz4MdD+TQ2!D-1I_*rpSvEo
zXvHS@+Kjgw>G$)=7vzVJv29+467ufs>|i=ww4-}}I9ln-o}~HS>3vkCWofz7samlu
z8B2FuR}EN4FfLSfkNHod#^Ul!7tJP<Ob2h)-}D>XRL1)__8Whe*?dasv3*I_LXa3z
zaI7)D)X-7Za*>soy_M?&?@NJwdtb>$dX+G!nfLY^sJpDi2VA1Au(f%T&SR&kl#$-}
zp{W;}Kjz?Sn(z|to9Azv>@w`J)qg9Kj$$$5Vm`$kkveu9?e23F8d1`byBzYK?DrA9
zK$VS;me}|n?QU{&y?EQ)+Pdf&*GV~p_}dU%ZH62LV0^*Q9M+00d>G7jplwKRzO^-4
zdq2g$2cWQRM^(;k16I$Nu5*lVJz+H5H*0af-Fy9ZJ4}I$`Mp3EHCeS)V$5TZsh3Ld
z6AKTIlt_R=YMSe@=!<nm>-o{wJt)VqR_E8>o>@QJcU51;;%75^G{iGLpCg+?GX0J4
z_ud-dCNfe)cE*~A;<2a&k|gb#m4r%Fa9hv5x03JdThGf*%k#urtd&nA^thS5+H597
z?$HrA>;4?5PISo6KCH-LyYD`pm~#P-iRpseTMw>!L)UJdYDC|8VA-+b)St_(u-&V`
zl@Uei`Z|UW!tuE@?1_hVll$At<B1euL3e2-5p{<RNxX1hiIwRt`DkFKgemjnZ%V(7
z@s*~ZM3#J{5Uk+BV{e+(;d<f}C7n{6;p^p=ox^BpF3N)hmZw2q72sAFm`}pi2`qVM
zS?lZyi8%?YB91iE4c&ZZQgZ>M__b|e9=aQQ%7e4t%ti8(o5vm;L{KYN0Vc0^t2&S#
z4<5bTHad>>-w4p0WYHszikF|jR*H|A{zp~+ed6++Q#8PQ6!}np`eIa6AqJ#d)4nPZ
z9vlwT9rUQ-l&H(Gy;->sH_6Isf77q5?=KQRh-?;Vf1Vt<K*LEksvrbji$zKa%amMU
zay$o-436ZXlzi1w75Z)DOI)~#I_(tq2ndCfx1=h-#hd(R;s#cul6WW5{X}|n{cL^a
zIm+G3byqiGni5(kZ^ZH=NE+>T!lL(~r|9_TBWP0bQ6o^<qYfSbP)6ALUGhGg{J0A=
z`1c(X{{2{HS4vCM2r@Z1<qUn-5=&&FX*!oHd1)#iY_iQvjfS#BgI&RWJcut1Gcp>4
zGGMh(b=51#1k*;OeYs5w3G6xZoQ6A{GugQ5qT)M|US@75RlDs@BAIF@Z#ql))`FOZ
zZs*Mg*u5pJu>Qr~>igVRn^*u5qtJc2I~5op%Yuk)E9j17)@$NHbf|lGIwmIOZ8Gj)
zM8BLba+Igue8~*T8wz`*$L?i`MKg{$+w8?%Krn6_WW&FQOs`TL6~l>`lU#zlU$fGW
zZDI${w)f2(!Lo5z!<AX{O_9(UZ4|9dZv$uE{ATU|Dsk)({73F8P6q2+t(Jw`I*`dL
zd1lqGESk40`b->YmVA+_|6-J(J+nK0voW0Eb1+}eZZ<?oL-RO}c}3#Eg9mT;{kays
z&UMSpHU^R^O_LzPWWev;rahzC8$kn2S2FaZdL*8Z*W<!B<D?WbBZb`Z&xF2`dpq3}
zX$lJ%?zL!KuT4z}!-G{(5&-&cU=B7(tqLv%t1#20i4-|ospE~hga)un<0Cx4OnOEf
z=M|W{s$G`+CR?m>(vxvKmC^9@S|*1(e2k?<Qx|eI8VH>lBHH=^|Dl>&p;c#7Ba?JK
z=gGGF_e$~WYxpQ-&|q<mTLN*K(#=xApoCo?`q)0DVB2|_*T*&KuO_-uyXZZ)c^rK0
zf*9V(wz0+c^=#Wz)^)PlgPSM>pPl-ZzF**r1fN6Iw%>H~S*C(U_cOFKUg)<STlH3V
zX&*hgUN^g&YhSvU0d`C@T`S0O2kIicyS+b;P*hJ&<Gg$wrf5tI#CO5QcGZF<1%|!1
zhlbMVmECNx4>$eTL6HHO;$Y)b#GL5d$#L|Le9GRBuM4!emD6&n*CDr`fIuK~b61Uv
z*EZO>%o<+}5KD_)pRq<ZkFHSH+`Ls7F=k5T<oky!0vn822mLzGZVcnskrVbO;qBF*
zk4l~Ny|y~p9|tC}Sxky3_&7Nk%q#lM;hdY6VZanaB!ke2x#KLJu@^S#o`X`nMlchT
z<H~Icx3QUK8fb3v&v%7A$BD5~r8xlC!h0G-*p5%6JE(tC!JSQQ8c2I#57NIaKVJ>F
zSz);`I@_BWHKj>cYdnW|bk!dn9U-iup=XX1&F2$##=0epLk+@X42KC2pN#eGI`%ZZ
zb=mU<rbQT3B=p;(l@-%6cdH(U-TC;Dkp?FH>n;0!T55~e9z<GA@8x;<2Lz;0075nM
zI!g1`WT?XK=KE$ht!B5&nN;zF0JOAfp5y*SSV9N*Q^bJ!e>v#>qxlfYr1r1R7tt#{
za&&*XK&8}5@OQPFIuWi^7X22x)qw8^vos)6p;W9$(#R+aS)h<Lo7Z6@=v0!<cEkHn
zTP|PTQ739;b2x*dYf!Jk5<GT^k<k>3#B#-~7Y%%)e1zh#@o;!V&<3Y<kKb)&jliVF
z_Q)y~&|AbQqZ<w2wCRe$_-zX3pZXq!jENTQA`IQZmT1qOwIC*LB@GZ=#53T{3XV?1
zvk0p+L5~#<{9AqhvUvJRF~1sZr#OD_t~TJUfFreDHT7FbBWxv=Z(lltjV6XPNHrQc
z(ehM&7yhL)jJnfy3b3@OU#I<5oucyZ|MG(Rq0P~!8CFACir+N*AHH*Hh-h4EkL?1U
z-$wM})e*uJObtoI{Ffg8|NJ>SEd9>+EQTMJI=Ub)75nQnk2i*c(F+eg4o?;Dg*nu3
z1QN#~F<$^Hb7z><-)=3ZRGR&$I9$OQ^>Zt|)OxVDSI_H2w5WvSNdmb?Cj_aU5cG2{
zXuFtv4_$NSubH@UN);HI=!|H4zZD*v`OLYbn__Uu#I~oa-PPi3EZ6Ynn1hrm>hYad
zR`EwW#di2+2A`|=Hd^t`W~lZg(rIYKgJI9()6l-5x>lbv5A=t(x0^H>ZaZ^3%V9k&
z)w}@tk!^0X;|rO&q7<<ol6{PqLz|P|-^A7G&7S$yY-(p{Q%uo24i6U2UBuhN<7~H>
zz_U1Xx9?&Rf^>deYb>*`-!pf;)2Ve$BVwES)Tz#5>bkRiGcKc3Gtz5Qzd{_jV6jSC
z@t1d~4I6u@oYUfRmTLC%K9AkY3ruvb>VnLdb_NCYU3i}J9&d#O0N@yHEM832kWg+U
zSu{(|F!cIx<OQtx#NH~wi^-|h7cA>6%_gO4srzc5SXs?DK2O^A#Lu=yC~v)8NS6!#
zAs050h_d~2+M)?Pi_drUbK86#*f@pLlKmra29^k)YRr6pWfj0<U1if`*Mw96BZx$5
ztS}F2@>|TgN`8&mBviHCKgMrNe#sPG;@0<~qHd=0t&upE#@;7W!5kq59v)g@MV=57
z`s7b$L22;;w!$7XYA+gWS2|C+d*1~Ht5Un%kwxnIKO#X=<nC2E4+GXv!5&S=_VLiD
z1os&vd5-M|p+J%}Ig+u4+#S~S!@^aPoyn4Q&01z>O3?HL7>_%-h?7dKx?QC^v51z4
zlS;0Guv1><8&^ge7SnSux1FE+>idFkqWrOltOftr4q`PwE=AYz9dP!q%BRIh)TQ!4
z=n#oOb-rTt025=%nS!@Qm&S6%1-`jti4fsc(#t&jGSF|(bCf6Vh6!*ZJ;?1>uRl#H
z84UKDe9WR>$0+QKE9}#9iBi{&iU+)>c;rxW>;|~P+89=dLgfGMOgchA5nu3wMp!y5
zbv$CFbLxQe8WE2#_2wCyxd)nF-|jD<daA6a{Wyw!&(`};@;=IQ->8qt$Wn3*)btv@
zZ<(sJ%bYS%Rp)U}t&2+%PAl{*uT^HMCuN#TnE=h$T2U*_I83zVA%q%Ol+s2hz8|Ds
z_)<p6vLy^$rOpi`X>Y`|KTTRJIqXexNI%wT+2kERhr10qP{$3XCXY_etf~w0nt7O+
z<u9ZsN5|!=wk7&cOx9)FxD-dRX|m<x#s%g)58t-1z@zHrb*Xka3)(Q-;$_elqms2>
zAaqeVw6Wga8|drnWu#{rK2JUrNR%@3a+1?E4h7O{g2r;P`jX<(*^AamR}@5fKkcE2
zGsy9qoUD!YW<O90Epn=<?xo@9WRL;aevOwttAQ02CF2&)%P_gcN=ws+`VZ}pR;1s1
zmvvBn(A2>bc~JEdU=9qco2n1RU@*d5X=n&=9<8LLV_>j_1GAJCXM&8?;^)KtZ`Dp5
zYkJjd4sHF^G+Wb`Y&u`N(Fb=F`S7S`HA;F>Y1oEs6^*iE@jbXE#Md^w$fX~80`r)j
z(HS3MlvGw`KMs{X4im0QXN#-;q5RAhDXz&6Jbumc?B#HR8n1`8v6F6PLGy*zPzL$!
zu(YiAkyrAN`kgNtj_^?QQd6yWDfz=CwbXTWBXb6Lm~3r|OO-Ryk}EzK4$W3;cje78
zordPc_wje-gY+U1Fl2)3!P{BON#P$SNT-sVnHpNus*Kv+PK7ja9+4iomzmm!%ISW`
z$w`gY$Hp$DYQ`F|HXa)`=XEsaXQ}nIOf^E+7r6Cp1XIHHs@n#L>`(cV@eci(&QmK)
z=z@AQ5^a>qnx^7ldh3dvU9$RFjS#OMl3F2VJli7IwccW}qXS}G{o7^`Lx$};`zQxR
zp(K+~b-1JRhzDu(T)4E2v=LxoR@+u*cSy7UZOklS>gIf0wXu3St-`Gus9f&Y1)c?N
z@~1a`Tg<ULc8CN)R#el9<cc#=sxHpv%r+l`q8s0pV=6vdK6zLhr#Pp(Qj(Icp|q!4
z-pyGn^i@jgo%1cbFpf*cJ#Bg^L86QXThLLVjMVH4P>pPo)78EVbp8=7!}7%V74qra
z3-^+A-S5W*)KBvRY<kVz)AYy+^N;F#(jgUdn@}7tezOB`KVBTbzMM`5{^==P+i=k?
z(%nQ#iAV5dx7xC9unn&hmBG)C;Hd9I8(-b9-_a~at4fmgBuxKmC1e`j7^r5esvq$M
zhs~mUMN<j9!*oU2A0|QCEPcEERM@0|y#R<+lFlBwzN8o=w6u);LCh?EP=D$Acu8vL
z?kS!X$6$yeiM^~uHZ;qLldJD`sLXTLa(807GpEn3()2z3+$_KnjKR91t?f^!9-T7~
zgLz$(ZMQ1o0uzf6HQH?fMJ~EaRI`1O?Ctf5*5?%iea^0FXLoSXwXRHe%)md-DU)&1
zuHMIqyEHQJYgjn=LHQv+%u{R-<hAalwI(_ECL>8zmgGP=M1%ptejwFvc)HpWO%biC
zzQ5DM1(OpzD9p7z*dfgzCn{>9kdV$g0}Tt;%%oM8NzDZ+2rgmqDpfk~X?ra?0d^K>
zCY5nAs)Ov28)+Vn$PY;>hL)BV9TkcUit`512_><c?yTZ^YSSapfErfCGY|$Appy$&
zuvN#l^J!zcB~tggfqO~30{*7rlg0r5Z6`~wS#Ot~2lvP&jPkR+#>dY~&UHTevoM4?
z=f*RScw^=KaDR*MX8B`zLb!xMv48lur<PmX5$swqI*C;3Klvm>zvy*qU>d;NEn8tt
z68P1&-x85CMo0_PrFB6^F?m*OcENiR1iR87)vYF)v^jOJ(y~D%yCbIZA3x%<^WNjl
zP|@7L#Y>^2QmHB{9n~ueJ2fu^DH=;CONZo4G(lwxrJqV{6&3DkX0>3r)w*`eUA~W3
zF)z>FI7Kf3r#tpDCO2Abf9|R$VB*{*8|#oFC$217Yo~Jm(wk6VC4Mx!0R5w&8-x~v
zOMs|XJ>3h-r3|X<G&rW>w5NEiW-Xu)?YdP|*~eXs?>(G~NccrdQ`RK;L^Fhydb#k;
zMoE{<W`cs;evt>PRlUggGa+QwJfpVLp>;!w@nEIzu=yNPT7ypJ?&)t{pKHE6C==3I
z7x~(_hHaBsx8`+KtL_@SYDe+BTl{M8Bky@rd5s!V{`(t+cs*(bYw&o5G1yqa);eMM
zI3A5NG^AQlrh5l}lA`zJZ2A|=$X@fS)&4or(MgcDR%t26Q*28}ohk{ovDVkNW6#{o
z7^vlHa!=6-e_zFCVNEs}j+#pM>%O=Y;84BoH&{0+Ug7YLn6^T7C;sX5y<uY@XV}*%
zy8ZG)SL0$X#z8ihnZeMtuO+T<ko)O41DG{Pm1vhaWoMXFPE*NsKe_yi{r<SNC}+nG
z%JTa5`4v{xjiG+9r3-Rh*jmxi@C!fv2Noaoi@HxEt(A;Kvp!{MhT;ve)bb>A3)EIv
z)(SmUyxo5yY?5d;qA>Sv`0KEGW#&yRJ+7Wp;YCkae65;rvlJ20E_x5{olnAuvF$qr
z4o6wmbXF;65CIiXVIgqm{d8Vm5_BXz#QsQ}{b;+WR59?8(<F!aa1BtU;2y~pY?F)D
zB4;4P1Rc^Oi7?qtH9`AHn|uoSK1l7rK7^XRi%y=b9AGMY$6yGW>U*xx4Q9Y#<P57W
zD;00-v9K7SS66zuxRm}?p=->8tm%5EpSjU$W8(E_%E<Z#WAkl0Ri#YViInDLT<v1>
zyHGV}&c+_)%gyMxgamz^9EfA?M%eIh|FAk`v$A}{P4Hv9LB=6zxxw!Yt!`aP`*5e~
zheI=vFJg0yI6vcAzcW#ko$TQBgO4pi#RTRWiIOC5o++L^tUXJ8v^cssQZ%<muuo3?
zrD)7JmfZ~htu%yfkY$&<PYm@Cw%ug!W|}im(kI5PFDznR3_r=Wmjs?V;^Bpo^8auP
zD-9Su;TtX3Kmr{C8JlIoiG#!Il^GHib5BcOFAr_?J*m|tSU>JKKv~|{7V_%rdwq(2
zD19<Cys7<AJ$yKNcIwscQj7EbYbDOsrZ=c0aZJs(8&s9Y4wd%D(h2i7TVrhdftoD*
zaNwwgOn|%Tr|VWcCKlU~o6IcpWos9GK?OLe>AJjb6}%l0i(aMYb8`nu`H+P`ek>})
zaApN(Tlh|IQ}k|^g{X{->6sM|#`1?~m1DVr4BxDbS88YU(d1`opg2zNPCR}=sXPiT
zW~lZA3)izJ3@RPYk$_caQD>Vl3-l|bJ1?j&SIy1ekrP-uRa;I=F0ky6AK0YqRw*h{
zvBP`bm|Hx)?NO>Y*-3gMg1x*ZY;nMLUa4viYYLIxHwEdYJm)uOc5mE=g}C(5p_b8e
zLi)^rKt#SouOjQilXTljkV4s%@dxPSO3Fcl)XjX&tN9-q--)w!P$09H$MhV9Afokl
z^PPNm<LU;bDueXfAS5UC;fQdpk5Zp{H{3qs%HRzsM{^Vv>=desU9)eI60Hb`t9~o+
z(Dh#TtFP?5Wonuzo{~O0!}T%<QQz%KpzRO&qHB2m2^o4)MIHv*#WRRv7>%831H3Ft
z_I-w~`1lae!%Z=a!)kE=hL|~TfMu#&i|pTB(B&3XHSZ8OKRa{3rg`0x1@<Wznbq(H
zk4d!*uJhm7dDDn~?3v`4oR6^&RYCk>(N_flA}*Fzy%Y_wl1^rTf>OSkd^A^ZTTHbL
zAe4hWzg(Qi1*n`iWNu|!I#t6%C_E20Oc!zMiHm9OHL|c6?XIq>0u<g)8)jr}u?U5C
zMpx&RT5k-@2WU}^y{FUU$u<M&)SWfd23T_5k7FNyrRehI>EmjU=Yau*@}=d{pfc)k
zqi<L=+3?NRDQGv5Ev(b95c)}`kDb=nL7s_TkxT$v;nvy})_|5LwPM%V2Zd(EtazG0
zW~0Oc(?lEv+a(%3+n-t#3q*m6^NPfjXe@0?l-vsv`#m8gU)~7195Yctv)%MEn%p9V
z*oT{`8r&Pu)zy&Zj2{a{j)Gt9=p`iU*P90upIKX!l-XEpTSBI$nT41d&$rR<xpV7z
zhL)BD&El9U1kozE@MjgbUi}zhFx2PFtbCH*u{nDrwbeq-cI-)=fhSBPCYBTft+;pj
z<%hC(zI6#=>2s_B+|EU7Ds6j+$tcTEOI@ANKs^cnYoBU_KyD>_24VtBY1z{`xSXZW
zK(ikrvk0i%pI`{G?Z<EK6_x>F^Cm35@l(ge71t7<k$S<N_Lf_m9>Ww{d=}1WTKIv7
zT}GbDVCwSO7t|`rNm|+Ru0VZOK#eL2Y4ASNm`b5m8Xs-`fS{sF+dNXe-H&lwbfG{4
zxgdefFsfQ6K$AnRcgFg3ZKE2TMmvR#VS`D>K8Y_@_3QnvvkwkIr8E~cl3_gMR#E&p
zBHs3LvWgRx+0rD~X7tHrr}eMntS2%Wv2Bl^RV`LBHMqM+s81rz7<*~&r+GMX67wh=
zVtTfMZ9NaRt09N0$8syDf(;eq0CiWvmlXo1;-cz4*IOTM0zAN<V%5KLJgCjeRSmsf
zU%L><p@#N<A7-`Q9uw#KoMHcCc6sv)dO%zr@Cuz>nkhNC@}=ts_C)--J4T}*6~w1K
zZ=@M#WF7*yn*i@mE9FCM-xCI&0S9Q+uqGxZC-x?9I5lK7KvpMOiGE(4vD)`+3<P@U
zS5wx?CIcF3h60e*^Gu5pt@+B#Lt-rTMMM;2{0T)9RTK%x1(tdfIaxjA))$5a?5|fY
z#bTQdUy|r*bC)!YUXi@_Z6+UnsUh)Pan9GnkJ4l?B{$u{0uV>sR{~MVo-DF&5#Xbq
z?wQR+v)(Na@b*dNk1g1}j60n!0BqS9e~*K4wt7x8*uSrMzadMP#OhPZ??=oQ8HDv|
zv^2;Au?G{^L1c*zf)@q1l)RR3t}$=VZX&-uau;Ok^Ss=#Th8Z*XLsHAb$GSi3ibWg
z-kx5-p%#5Nb^wV9v8tjQDw;%Bsd}Tke<LcUVscg~9h@u4>0@B2EGfk@enYsZH8+-h
zV|<EzRKcQvyQ4KUFQLu|o!d#F|9)P`9wOT)Hu8P;tDSKITYRrdsQ^4T+{3aI!<Jq-
zf^#sH;Drqir8ZabeS+Ld7OdOg?XtP#-QA*EHC5}G{0RKH+RUO$wnJXO`&nW!-@dr}
zaX3L3`;ji4-sytDY3l1%(T(Z&G^!O}IHo-%pf_~u$~mBFBPxn<Va?45OShuZ0lM|B
z`T$bC0(WmJLFadzK+U&4d;IBBG=#&9Nv)pSesD&T5xvUwhs{&;P0nJISRMWB9FmO6
zqW0j<3LW0E6}F>1$;)sjwCX{nLKylV>1<);2|twGBgmSZ3y2A)LM0s6gT4w7SC4Hf
z8hPmY;}RaL1ascmn8<%bAa?=<1Y&(wL)5*qkkW1}YE_l3+DK`(^-(UntAi~|JaoSA
zzO_>6b`k{2)zLCaS2nkJ-ki3cI{`#C7`GtqCV_tC8bgq%$GcLmair5xUh8ff>!8?d
zLx0#wj8JUt@<^FEC-_=nS=u)ZOqSj@hbIzb{A#e0+XfrP4d09B<exa=DXhOF4{`)A
zL<+I0X9yN5W@u9yyjk9SUY!2IM0H3hL)mTuq<dPyH_vFcp>w;8)%_&2cDPW#(Xyy|
z)DCtqw4)kX1{972#XV;2DoUp*?ddKG;A{Kn!+**<FNaVFtpf=AmT$MamtW;Qc4Qy3
z&iyCZG@_|y7hqLoaVM$(AMhvDw5^?`k^7?i2eqmVr~rtPb)x^!^@a9#p#Rh};m7A6
z3z=`Z-_Gs=6qX{(QiAV>d{FvH1jt7zQnv2Nk|^d_F&}*jn0Q~`mu;=}<jAZ~_F8b(
z$VdDJ+xo@Sfhu4^J##nde9zU!8U&uDx<Tc{2nTAHwnoeH&Z?;7A)!KL`odQ`8L8SA
z!KHXabFI%BozW+=hKsV-7U6Jux72<V*vV7;5tP<<9_ra6wR{aVTj)O9J$V~$!ku{t
z8zIq~XRJFYM)w!pj@Mk^!LE7mwPa72-0?;nY;xerLtN@Jp&jO95bW#V*UIDd>e(cE
zjM&ytg|HpB`yN(dmgcXKTP(rGPXqM-pmI7sRO?$+TT>`H!c^fFs}8HvH9YwgbR1T)
zF{&Gkp~GpYLes$aUUpQ^h_2dJYaQpE_0@tgAlwYGmtw7R?hw)^xP%GIXw;U>&Ko%v
zc^|m7PDeMpNyvr6^$UFRUYU0C-C4ym5j!b@&uo2tr;4;tQ`X6zbNvRiW3$kQd3~6x
z#UsbK%+a=|U1p1Ufj*b>8#SaD*4q{(dOkhjk%!7IvdKP%Ew<@9q{D34qRmsRblgSC
z3@4k6Q0WjfMEc(Dy130HtU9hj(G)+k^SnSZE#-yD88!XpqgLCxvLV+ioMPyH3}GSW
z1JI<8hVtSbdjR!{QI(+yv>%$@y6QrtJ+UkyXblFCYJ;9_N88gs_H@#v<n1h=337`x
z9m0x!fu;fPO(NiXpQz=&%?Kiz67tzpCIay7uMjjR=O5IG_!Lh7-Qwy)4E~;Ie0iVV
z{?R~!NkMpH_{vK4dDZ@O(?&$bLVokAya4~i*J@tB;2b1c&K2j+qgdoa4j*A|&S(eH
zKTj#Z?MALTz90-w)P6?GbZs>VY@}!~d@!6dWeN@r;IAbNAn8TvP@qH8<KH8GT3w{;
zHEg_F%>PJIp}#x-Kx2FEk0W6oCv?G^lX0jII=C~h43>`8@(bUl%=`F~Fgo!M2#C3q
zHoB;2!a6VOiSc{Mg+xWh04J+a@;75D87LYKW_ryZc9{Ti^%iH=nqHgnV91ODtamWs
z^AnO_3O0IrL~fti%_w6eT&E5Ss*I)zBbhY5qi`U*ahqhIOMUreyta_T*m1Sx91$0&
zN!eR5=}>|wWvy}Mcp<H=d1b~-r~f;~DhSBmc!oAC+}y5mR7_KL<{?*o^as;4CD)@N
z-fYk9lGL8!HJ^Oj#fGzV5MbR`Kubk@h{kMk<({4)b$$?KApYq?Ma!cm%>Lt9sf3V?
z;qeE=_TheBh^;?I_Q4QSU*f0PYK5uNQ)!KIt0dA$ppnY3#+k<Xwz9gBl1PR?Gta!f
zQa=m0Pz=3Z`Q-Vn!d3j0O^N2&_iQcN4q@NSt9n#4ApMie5y9n88e-m5?$z8e#ofEF
zR}<b$zKNmtad#MGIxmcl4=4hoo3|cyvsIlUjDLFkaAHwVP0*`mD2LNRKwPbj#<sqb
zix1W<RyO6+&HN5wqMCm!%g8UDYkZ8B&|@xC?x)@+I!V$wIow&CSc#F+>Ks&BA=8yk
ztA&s5ZYEgJJq=8zR-HfjzOcT0eY+WI7QbbJ9am^93M`SPugYH&wdo3=Rk18`W=}C3
zt;y3mVS>R$Z?vCQA8Vl{vt`2%Jn(iwE@Uy4KVWmXxO816IYo$6j;tnHo<t?;uax!e
zHdiZSe74_O<0mvxaIU1D@=4mnj!`kh4{{2aZUqx3NpB!BjmJEX^bgh&jS;C6d|6O)
zpvdbJ(86bNGw{bT$z`odlg2?2P9)<5nf^FBUgmei5vBFk(t0|&fp^~BoeiZ5*E$j{
zKk$>b$imB1fd|!ZVoaG^T{3SzMe%>8%HM-Yq}N-NUIo5^uwPWHnPF1ELC7;$9mDJ~
zu*WT!3qnE+?nC8G2b6RlNc?p9Z=9a<>Rc~T^l$7uh?<a2vEN|6>SbKiulk`J;DO{1
zW``eB?X<#2J<Q~e(6lyG7<Ks6NuC$oX5}TH^n9pZl+D2EylaBZ!jiPF*HI+a)Mpvq
zR@T`gZGSFC`VIEnV=f}OL5;Pzrp|D9pf^Jan6XPF&g(X}I5RdqPhLA1lf><0nf@{a
zXP0ZHtFaQaA~;E)Sx-<--wjby*418|r|!w#QyQAcf<nhig4iNy0}($pk4T7vHrN;S
zNo5o@f8!BZ6KB=w)BIIWRn9$&!m>hJ4D&()%}Zrz=;_p$6Bl>QTvvB0{2u-{iy(z$
ztkKfMP2LLz)~w?0K*?*q3qIP*6UUJJ7GNdAZC;h&X(c~keX$}$UvP)NhIRhu62~7X
z&zh+yQe05h8^d0mLn&OLU;44c>KC_&Pko<;Pg>-Md7>kB@}D7!&n3Scm1~n0;bCNl
z_2Dp-LZ5u$Ds4UUMO%434*aYD5mJchP#`EEuDO$x_?07~7S~Q=fQX9?9l=lk(9$Q=
z_mYCo0>R7Xixu|Q&lD`IInf0v5h<VYUB!c;+;E_@J?<|z3o>Qc$J;dllyOJGKl4?*
zf<J<83=I@2Q}^3W|G21D<rTZ+6=WK`Y5=<BiXAiIgqjss1|zoH7saD*?`(a-?uQAm
zS$>W9$w0iCe~3^A>q$=*W+5XZ20_GeI;|^~=KzEb<(&^RzndfK!IM{;qaOwK{+t(l
z-1|oKCrm`emdRaBn=7%&N!*2=-Fr!0_aFxN-hGDmL@0haas&L^g42(KmPS8pQB~dh
z$20afaF40BB>Fhg)r!fm5f@G3@4LSqe~U-~{lr@I$(<qmRrtaX;TWLWE6iWMGfRId
zkJsjiAfe1~$vYvXe?uRXC5S+vPlBf$#J~0BIWi)hHEk6J-LK~VzViKq_+>BP*ZlN=
zU(3ZmiYgP)k<VP@kM6AMe|0J9E5fmjc{VZr;a~b+h3LqLc+NjG$KP$;dx(kfl`D3n
zyA%HTn*N)C{)CH&5t<Fc{+B^_Ae@cT)5;3p?wq9ls@-=4(UG@A(f5BJw4?@Nu24L7
zEdIqY|6B{v5pxQqe}?+2RTKuqTp20|{_myzHKqT1Y5&Jp^8YMp22aw~7^KQgdu$gM
zPQ_gokIHg5p1d*GdL*6`-ee9#Z}ot6yeb|8gTWApO|{lHSp~L-EBb9l<zWc4zB35p
zNMF@5=x?EZ@$oe|DrLP+DebJjzCKF?Ju`E}ibjS=!+wv=O+RLbxDcbK-1B=FZ{4>V
zi^X#y2){J1kXu_?l3Q{7fzc>$i726GWR#Vb<}1{GvwlZ>@Zb94i(A~UG1`(KU1->T
zg25}znL@J`S^Hi?X|Qkw_w77WrKkZu>dEOW%-!Ss&>AC6U+2EUkPp?;X`zjkjSX&e
z_QZq=t2hM{lU&Kus6<`lRL1+xjm>3cha;IHSstPCLT=Et*xZc?tY4z(D~g4`!W)@h
zdS#++mJmdoCgf#l>YRs25`^{TS%6V++bi5x`MD8&gj5a9TksW3*YcZa17X3QxJYFD
z;7kGvi3m!2?5837G-)5V2C`&ABbd}gxy`H=q+E~+U;U${UaufOwfkY-(*o*%0i{-B
zW0gg7UJJbK!SwyV+WXG1Cbw-}#fG8?D$<J}(gZ|$3Bg70(xod^nsh=(EcD(xOX<A_
z=_oxQNDUo@K!gB+gb)%SxpAGd@4|i7{(qnQoPQzVncw*49A(Zi-*=2&Y85T5yT9Iq
zRn&#@u)q^GNL}Z&JzK|K7x<paT=BW@)rj+9Rw}taXTxu@Qu@%;GXE|7`HNwO&m-O{
zo97NF94p5_sGe}pzu_di`XC`MPe7`ZF7Q5<D90+qF7JF-_*(Sf_@m&s_!-Xn*K^Ky
zbIo?PLIudq2F};rR20`wbCk*CSak0V5xGL1u_vgIl{vgHf6MNC-;znqCYF<|N8@$4
zP%3fX`i#GqJGpj!e~?3b<WU>#tsPQj_;-TeJE?vvX!}cMw&jbf?7pzA^zf`&1va5e
zUvN6)KuSfmi&{#dZq;NHXLY*!>D68mdPRg_)4uRwl)P7s4Tc$WRwlph8k&%P?&{zE
zo7B31{1R!{DdZNd9&_Da<F*j2X^PlcFRtpb<y5>D`P-3_;;=rMJGD$w;eFdy=QQ&B
z#obTM2`T?hIF)-D`iY#SB_&b$A+?G|=(lv9F>m%qi<iE%TvK`bw;h}#ljo$O{me0b
zbQGBM#^m1KH2J%BLO3>1ypi&sq|}gq25x(aV>VSyni6EOw2qWpz51!<-FH4q&Fj&+
zRCK(d--Gf2ze#&Qwl9oQ0lT%3mLh`8Bm2rpL?VwBQ2k<9MfdBa{M_IExtDBT2&HnB
zfhUw>e?}D7^GmtN;o{Fr``<nlAhV2>lQ25(@Y~FlUR<?@B{K0HIqvFmUkdfTO;?V{
z_c&vde}y!19@1MD1n+}Ig~o5FU%aKu1~cHj)oa=qjVCdS|HIO8tE%0?-ur9*+ysJ!
zCSwC*YZabnTzlt9lW?Z11WAL{*aY4vpPoVnIY<jqC?`Q1;;ihKz(}_LfNIo0j^S)H
zCr#0(j7O#-vKyes9arKoS$Ya+Cb1HS6k8Z~OVM)CY&>hN)S`ojQmlrw4q9NYtu-F2
z8r4)fQhFegpOsVU(Xk+{p}x7};v^-Isds;9v)0%nT3BQ21i>}!QCb}W`F9R6TcMoU
z#rPDuaNpZ45wCh3H)X)YBlix>=KC~ijy~G_6V3`D&2n3X>Ti3hx3lrHSP%=Kcv?yS
zfuNCs)W?yzaVWgj!8lVXQ*(U7^9`v4eA~yGcy+0nqG%OT-IYFXROU~B=#iy+?A{0i
zS<f>z-xd3_TS4;c9lxG`=dzz!%&jL8eG~P2aHA3W^~O0)9?`zQO8DE7!;>L#qK<lS
zaGzhE$iQ-d<4S(e<Y3+XeR|kqA_R9+Q%L>e<0PBi9UY3O$79RI94>hhQ_nalMUNQr
zdL?tjaI~OY&sMtU51hXi7qB8*H@{lz%tPSzwQ#8|rj##l1;gB@UVow^gLJW8M4oQ{
zU2%id65+$$i0JP++eju|Pmc+uVp3Bjrp)tEDv$%M<lAhqc|G3=8*#%d!e4UVJ3YFj
z*?DlnsGXQ1p&vE1)UZDtX9DVvY)P_$Jc>@shP}TZtC9{+H8c!|{^3INmwxZHS~%SJ
zzaI1)S&!x~MIkd-+~eZxd&Q&Oy@QLm2Rx6u$)y?NXbVzH^3~PEaj(UbO><S&dqi{P
zNRBSmFYg+~&Gb+3S4#CBXxwO3;F*)yZ0nAg_ZggDm(91_R~sG>463c3k&#{KGP4g)
zNy@e3p<1f)RdWyR11j2>`U3;@Bg62No<87)CQ$?`yUS0@!iGLUs#MMuQ&Ur2V-Wn@
zgi(nwFi+8CP9?%Geb&Ctg^~=6<eF9lH#`%2qrq0-gSv$9kDmh3H?#WZCO7pt9+x?6
z+-XR$Y4G-*!^cT0ij@_NIB@W%9ei(Ul4^^8Ru!Zr8TCRe9&%?hNcqcAGt@2>-OSn$
z$(?MbmL<W<DLR>BB~mAqtEwgWo+Z3~&OA;wd^j~}OOI72e9h1)TeD0dif2;Bs&FnT
zbCr(@vN*%zXbV_g*XN>s9BHy15!mjuZr-y8xp9B-0i?bN7SlM`5Lw}#bEiv6dcEP#
zfoy$No}s~PUd*s%kO{BJJtuCks;*jA<%gWP*JMHy=(3)3K?@~Z!M2w1;_Wl1y{)_7
z*O^lbFC;Y@NCAljO)C#6sI0FAmm>4Pw8-6HQkp|5c!N{~_<LdlXpCsElQ=PbGLSyX
z%i{HXxVfBb3A@&Wz(Z9XAGM>SmXoUq`oC2rShf760g#u}MoHusB8)?=8xB%$rg(lA
zIqYE$Kb$pBGE0tmGhR@*n+6E-s7m3lKFqscCcKj}?st3Q1l<T3ICSJ$KbYBlTV0rw
z2YW1U%zk+9Bi(M=;oME+OQbuzCXGE(7j|n>dx#!*&p^n%arY%6l~S7ThOuNk@_75{
z#NhT&-=-Qv%jnGMPB^6_#>i<RpuNO&h`;$Dh1%i8H7x6rf9Y_WVaLF6>%zK8?8CvK
zAp@uNA^sDO*e}&NBkehav@mPO0KK*V>0`wV#Yq+;spX`NO`1{b0aFGM`b0a8%_AKL
z)qLb>4<dk~@l(Ro+|N7X;@VZ)=71{<t&RLyRq8H^{#rg-FZ|27hl2#His7jxLd4gI
zFkyUZb#dGvc}+VudknCSxgjl>!<kcXe4i^aoF5a<(<kvvV})Vaav`r=P@q#uJ0N&t
zyg9l_E~%6M2jKx1y@V!@|4YdqOfUc5wU9zxj@++Mh#3YUS1m`an?)#<bTDSYxGSo{
zr!fm@!Tfr0NEKb}fra>X;^@r{fbZ@*y@nA~rIgP?BH+rhS)KdW-RjCOR?&5%fGY}9
z{bC`brxe#pY$MOBudc}i*9ILE+X>)f+vkqv*LS>GPAWSD;cxPD(H(Dc_Koda@*cFI
zec^Q*f<7H5&R@f;%B=g>vyuykR!;l7>{JUHuG^2upr)Kg%>^<S#F<t~X9_C_-xJqJ
zi;c`QdX|<gq+9k*^ZKUbETJ!LY&Yn%;cfMV3}-N`<i|QvrhUh)Sp;oQYaztX1(ent
zQc7};Tgzo`1M@X`WDab^sJW9cLlAzco&F-r;neqf_mArYgPZo}DBv=m{@k02X-rfF
zABHsU+(tza_s0%_1_)G2lC;&_1ach_pgDji9625@>rJR}*=wfcK;F&i8fha|Zf?5N
zF(V|tJ@=*|{H$)+&=_SY7z?#UNY3CD(F@wnetsdYGcYT4uPQfI+wBYERTUjp-;0>M
z)pV_N>rA5_ydz3V5o16=0P3soL!If~5~dbdDT-Q1-ntuc$6c#n*q)A=QxXAa2V3~T
z#)oF5v>BhtpE>G>9^HQQjy<f=!^$}#g09zVb2^Vr@`{RHS^$AmJke=^8y&^>is#W{
zb(W^zr1tSXD++$HiOJVzR{zRkJK?d5Z~#1Whtq&GjEY@nP@=Is8IRyy!7_R%tGoQE
z$^#LH^9xdHqak~(o3<vtN;PqFB6bS%8CP3u(GV<Q6N4ZKLY*P)d-WeP@xiAxn^VU2
zdAzE}H(gE_h>?qN-i;;vChoX+iiv}ZD9Z*(P5rg@H&<Q990`;BA;!5rhF}Ld7oCbS
z`<0L-D4+Lbe(?qe*fX7?#d>s?;c;&?sQD*O!DQFi554$Bcl1cQi`cQ*!ZH2WtW0w9
z0qo^E>3Xdy+bMo`YAm<F1JYcw?q5pTysokn(BL@?>DTgNoq%H7<|&&5F*~lcgoXEl
zflhD64y5eRKNE$Oh&KHP>O}B91T*k(t{}yengh@Qc4Yoy)>^^p#krBlL2a2J?-i!~
z8Ql7DT$QqdsmSBm&E2_^`Mm64>sdijL37Y{0c%_oufOexatfoj7l&xiqY<V0h}InP
z%w*oNM&oQsugLv4NC9|b+g%|2w6MI(=W>TXx#iiI!Zv!b{Ud|Cfq1(52=qe?EMi)B
zu^}J`CT;5{6D34sbJ$Lj2~z~j%Q%{Z8p-0*8}&lma1;|nv*w*jo8%;WWavjrGfebk
z$44=Ls~yGXcq2cv*M_$PW|+k_#bqZpR12z#Gzp(UNZ>PU_lLs!LX%)wpMEamB!jqT
zv(oc-fjB`R-E+IFt2m(V!Gbb!&OB9AEeGU!<8926$8fA=&A~;7K(*Ua^tMp`_DyhW
zDv!fzrJ`B2&a+#eKbdKtKOJ4ZlMELkQOk0yfv6VVhnQ3vJ4U`~o#taA%qQB%S5{1@
zIaMm|>v-@<>wDJ`Iv1JVWGxHf^&lq##T83)0#3z!p8eH(Bg@A>6`PjYtU^1>01{wz
z$#*|-X2x#)^p{wUS3ja8gJ?sJ`}Bx&$u`HLO#uQxZPh|3>?f^j7rL(%S`}cTSf8?g
ziNoI9ZR--P246zkhrIp@I!STcx9&B=G*YbLn3tYTB^}jDqfd@yx=ILPHlFywH*bVC
zJ&OJFK6p;*F~p<Hk&><GHSe0{_Jg<%J+;xTltT95OARQ&Pk%OQ<UNsjO8Fvfq3w80
zn-UB0OqVP=IB6IgRY%T(eat7N4Q7^bw_j!F7h#RnKWEA&1vpihNMlsT>aRf{*K`XD
zM~jz^r3yvdcl`tS?QP<ia#!`5)8@-}5Eej`YK4deTTwQ}C{xI1+~lYLW3p_9;YFDl
z=(mywVV<yTUFo8e-!^KW?vOTWi3!wLItVal;N_-0GaE@$PQ<P(B!GSt0T;ob+@uEd
z2x>i)L-|RZA;PmS6OP+OHmeTdI|^C_3y!kqCi3zAOrJ>`b)Up+8&3;N)$rvArn1b~
zT+|vLW&3ft?_CYXQ))SaGL2`u<M(Y@M}$a`CY>!E`UMNXbAL89WY>#R(W2Tl`NoP~
zj=7;;Yrr)dbm`<UzL43j#b}lvo@e#5$_GK~S{Bsr_NlczFHvVL81NLPBF&4ehp<lV
zn6fJJO$pN_7g<t-*~r&q=q~eYC_%$HI61jWXatUCw)lwPqf4Ool!5iiyxfLeEM-Bb
zHNto4twE;~$I8&t7Zn-S$KhimLEBN0c~4WM-=5=pu`zit@$qI&&<gyh10EPub3b;)
z1GZpm^5VtDMsoZLbeUOj`E;{MyS16`>*De$p*0tn?xU8TPv~<U6IGa3s3(W)R1u$#
zk~J@kH!tITKfe*ED)c-wKNyq+m8I86V%}5Spk2$0w|}^&5fMZ{Pl`o6GSvRsl?!^_
z7Cf@XYQDcFj1gqdX@u`M6*pC*ovEDIuP+@XOmXK*5~@U34)X?h-x&JZ4$=O03fdqG
z^X>lDq<{S`_4@&z%@qdX$=jm+x!}qGge3@Yf)C{%Xa~j60TFFOYG11?i5qv2_67Kx
zP%$9-OEr|C>b!+r5fsLl+|F_xaYWiJA;eA)+B0U@7YpvzIv&oYa4a^s9d@Xlmw3hZ
z6A-|<Oc=W9TGP4a=`Js^g}+v#BL)uH4nT#)Qn(&@8R+F7pR2QyMK`iWNu*d@3BkF>
z2+x$4`0u+466QSBYs@hn<&@T@BbTfRsy4LdE&bQZ5Ize(3c$PaGx3KEToJd{l9VDL
zQS(xx^m@*pqSGi@f;8s@pesj-Rj`9(L22tO_cogaG`8Pzi7?mWy=-sO`>BRTaUtq^
z7@_=v%YM0if}ly;)J&h_re50QtL6n5(LOmnsH4ND#A)KBs9(RsHE^aNWw{==FW$kS
z+;20%TD|18AH5Ui@4sUZ#!|+A4VZr?8p~-nIG*w$_RUpbb0`2*)3Hn^`S?yzb@j2w
zyeN@s?NmWKT8X1a;*Yv%(p5iBa}b~Pq0!rQTRdf=0ezc<<W1^dL~9D2Po>+moA~I5
z3f=IMj3{mzH94N3TN&g77TcaX$5pSY@I*iH9(JdSqPWAH&!UXhobN#Qy1n1?=};^K
zZ$Iyu0}pv`?yu9|J4iQ{CJ~7VGgO*8N?pxWs(CwR=md4b?)chxE`Ynlf$l{65KJ6v
zEWNO9nct}2?dxx??w74~Y%v<Lmf}f0$AuSaaHR`$p5ygKrZBggK&socLAbpFgM6^K
zw-3u)OUVG;lf;|jms*)u-=pyZ0vq--$VIjOyA0NR#~{K9yrye$-VOFmxr;bvAL1<s
zR5)Qy)H5k$<?L+r{00q(QB<L~<r8QHjYI8J1_JU4YiLWBr8eTv<+lS^)=g=*T12gc
zSd_;NZyh5S%oUbT$CHeN<4Gr$YD=_ENnQO$SwR;+w06u`WSLG{V$U6I(Xr8q8(I(+
z;C(!z&pA413G7(I^fc*?foZ`&_wH_i%zDoP$M+VkTyGv_@OQfG9S8qmSGO;qIJHu8
zr=&xWr{ZaLyqabpx3QM>5^fpv3N34r6qwf)NSp@|YL{|LKvqE;NEK8aOk;nvmjrg>
zftcVLjVh{|4tpvL{XEhkO4YuO6MB5tO?$Umt6W8XZgNby-P}cu>fr2T*Q?jVz6y%%
z?szh?EaJmnK)*N$KZvj!POq1Jrm>vO4s0j}J0ZsG>E3FFSpzDngbB@xnyf=D<lDvR
zjHHs^x&OW)+l%tMZh$#xj=$lvK}UU?s#yo6do|8Ci=(p@PVZ4t$Fr7uJ#tDU?*?jq
z90VjL9~G=Gp03VVH*`uugdf|V{6rTO7)*M!lZnq%mv==RbDx%C+RBUbak(1WomSmZ
zt<75>VngPLw#_PjGnvD7al~bFqK9popN3C=2DNO7Vs)3vm6foT1p^t!#*&Mw4AKNh
zn?Q$dF2~SrN`1_+##%3517W<tbQ3d$d92%Eap)qD<C}McTy>po4KO)u+@601TCvRP
ztII4oNmhihDz@~uMqrBH-UPOR+WaXVZtdZ!s|NZlMAWoXa!uz0zPs`S8RgiKUp8)Y
zs_=dR_&_jfLiyCQuHdWlWL3+9x-dN+(Z=tVlM3~Xh@nd9i0zEcOM1*N+bl4lgs6zu
zq%L_ymZ1ckbk3T`U9|ydYck|Vlz9#CK1+~C$cVN}`@y{AY6|l_4wB8e0ty%3fp&U*
z54YFalcj~|n3%FdN}dx!_&o{Gy4<lE9$ccu!M10ccxqH+fI`afZVb10lObV;#<Vg3
z935O5VrK*<fwfq#n795cqArOli=T=QvaQ0P*o6+cqC7A%*F)?r{U9Gb1ElJ;JD#6t
zZ3<!IX0V8&kHV?`KHL7QoLHaD87FOVX=X9w3B=ki7qfvhKzk|jegg#<AYIY^ZB7?G
z4;quQK*;`tw;i512R`w?Q$=3Ng^GRE*7nD5g>mGVt{o}xgjI&2PQwCC848L((q>wT
zb(W+3p;Bu8{IUDb?6EH}7AiFh)z;yil8#YAk%1}LlBNnR=e?9!v|l<}I@5xh-rF@K
zKpvY)D~qlgD#1<nNh@o=`V4N<SQh5YRMyVl&7L`3%5k_m_W9Ce_55^D-zVz4bD6;z
zehU4tO})O5m6Io9aD+uy@S2e4=pgJRWZF}oFdyeLxTbgAo*3U&Nul7Tte)yV4{Bv<
z(gPsvZ!ch3{GUWpL6omD)|}j___!E}-$#x5tXs^PL%;xSXFat$B~L~_)5v!`FTd~#
z>mVl+L<5bp^!CptLLWV{|FNYA9o5P2VF2}WMuP!u_=g}j_>W=$NNX>TaWKKu26rbX
zPk`NxC&`_?XdiEUH#O#A^Y^A(Z$UA+A?P?bv~VO}wCE^>dh<QS*7C`B>-C}W<>i#s
z5M8zSCoO6A&E}nrW};p#{uFoB0uEm0daloK0A)R6o+4(KTbJH)v1_VQ;vz?%=NE$r
z&`(Yy{TSL5KB3xnlsdE~cz>#Iw_`wReP2~bs$|#9__v+ci@!3&?nZ(G=d4;q@;DoY
z*k3jDt}*rN7RT~_L&~H!TIDko2(fG?F{wEZnm5OdT2EZmj=JwX%29Ll-X#Q4A|S-k
zRHAs=X`M5bb#Ta!BUI4B`~Wntq50YeYP2g;QgmWY6<a<<c!KnWSBVQduM$7xWsRv%
zYuo0ZPCC%{o4%|G9HF1274+u`Ser(wZg4{|5cR41Lz7ZXhDeq<J=uLPz+8r&vMtu0
zKF=88>ffap;nXyp>=2?zY4sI$8YZ1CyfkYOU<&^Xz+V7J&LvZPba>xoI%OJ|MYUI9
z7Q*?4zNaYU$$7O+;I|J~9ycD$6jQFXPdfq2JAKTEb!%2K=21Mtn;H8qFLeXtE1XcU
z*JBPX>>~qWlA4X?8a+0ZK3yHqa)?4kwl1IKM>sMw2PUeTfhq1|RZTh)#Dq7;ba{QA
znxmzqDd$Ku122<WZm%;ivdyG-m67_`32b>~4Of%uA?z@ll<#ycOzszq8&}IOh%>~s
zH5D#y|7_yHh&#_1_4)8{$`c<D1O%nU7uLO^<|>nPzdF399m9XW;N;&*{!%)iNQl$g
zY-WrDSQ3gk0rV_dmGW1dO|esfe%&72;zcdR$+mLcMJx-&Qd?6{9_(Z%Yz)oW0cX~e
z9x#lCTeKRnscaz~K&}1voxB_7^f)n{<DP%!*w@!dpnDs2!*?i>mp?9Z0K!V1E9k9T
zuNR;Qlj0szf_5>ofxURYHm_a37SziN*a1CH?1Q?Gqw9rJGSkm4scy-1c4;p%MAgF*
z!lqoID+SX?HBrg<!SPBq>le<X{_ZE3<<{nFqbFF~q7`l?fKt%m*JqXWvKywBT^mce
zUGX2yTwh2EYa>#?OtYl62fdR^JNb{+AyXRK5mgnQ>K(5ta%fk|hg$qX@NLHm2Ty?<
zaj&Q)bv+W&?OG1FO@8RXpI|JI^OsK^>~{AZ&I*u{ISC<_HDf2HqlI^n{P8<E*o+Xv
zt-GYm<JU>x6I~5dVu+Z2=1a#SR)nn+kBstxSPc&%b$)@k_g!{B|Gt5$QC{8J4|J69
zdd16cRgdybGd4Wt@x9h5TU>tIE$FWk%u=Ysjh!mXe9_L$ua<2$^jIwPzk5Yd8M!TV
zb|53h{qXibT1qmQgT%rmy4PzLk|v@?0Y)oaWGaUi0V4+r;PVFZudq|$XECW%5x`$r
ztw_+jXhuq&Fm;^ERKK=`qW?hnf=1@0yVP=9h+TwZvpGsT?DNAUn48bwy(>Cb)&@jS
zQ)}TB@wRqx+Ns-z)q-sTJZPycU*s$I6zy88FGr{g$kU+hP2*yHBTGabM<zT#yM%xF
z(u3w^n?@lYPHz@Jbh>3b8(6wEE}M(S?@~Mr>R%??4^b5e&p`C?WF~8>sw!_=nY_Y2
zEnmx*0rjzR+1tjc3AZpURVl|c4r5y!A35|oSohmxDR7cy+mChFS?JXJp3j^-T+j0s
z>^M}LfD&y--+5|%eMo12$PjJAB3h)<{y`?nql4id@A|9Uwwvw7E2pRQ_ySK3RObus
zSumoTuQe>kLe{B2K4~GYNAuAA_R@=*I_u$^fu9_lLlt}D@h0&PJ65aEkG=WqCy~HT
zK$c-|?EnLU)yBNHycgi-oK8^0!I7lyMxw=h!(v>V(X}=itR*RxFnYEYzN|nPcl?-g
zg{OWCuGz>raboP#OK5+(b}oF{twz^!))@Z>!V*F7GkhUZwFgm?afJ%9E3XcjoSqy?
zkJy$7rf(fYm_f5|#G$K>^Y)m;Hdlpne5ff6j^En11!%r{FWacKJj+X_;6qJjw18-w
z%XL_#mFx2ARlFk&=%As-8i3Y+_s9}|orQg93zrvqZTt@2%AYoHMNvf@3gu&~R%Qsh
zS=d7_&d3u^XpSp!^tSBN2_{KHz7^x4fY^MYl`P^g+;C|LD!^($h*chCth&Ms(+6|p
zqNKaF;<oGJvF~_CtZ7e_=L&AlfO%RB7Cpz!)`T1{DtES_qx9xvgN~tJT|9VJOV{BV
zVuoLAjdpwQ(69Lj32e!kn@$XlsFsu<H+K^27d`Fbb2?zvsTI4@)v%4E;JsdNXpAT8
z<`Jryb!D2Wx5aA}3y;GnG(jc^?vwqrz*LK;^Yz<UDF0!vyRLGKSIb8psQGP|zDcQ;
zJL?ZColZUar#x2Pt+uTVgQP_`MT;yMM6c9rJ|8LQsteo>>MFbKnH+5$VzL{@6#3TN
zC%~)fX@L5}v|vs0+Iw389>zQ>Q$sZw=Xja{-swVf8PQ{^>QdkHZkaAOxha0;d_QVo
zUHK(Qp{9u2lxL|!(NxEgQ!y_dJI!OiQSB+xaw)}K3NL&O{?J`2+i|%(h=A*f$H{<8
zM1TAQ<;@42gbu0dq*Sc`dFnpoSx@i8&il0WpsaNuxSZ413X!gE0!XZ^4<Ej!%N+D^
zp<LMy{y+h?BfAfv)-|Z6sN#xnGsv$~peB!9HS>i(9|2~0uh{MVc1^yj`s?NZmHiFY
zmPIGv1Y$wtWvpNIQgJ9bJ!sWbZ!?v`7jBQptUxnWnWY(l(_7zz{1p~o>=2JVmk47;
zF`Jy$OYyoqk<R(V%~D<XVLDdAE^nhw#3-+8GqEhYbDPCj7PIX<=ELvQR3v+|O%q5|
zg5tv|iY+>A`VH1C?(q)2puJGm`zO6ln$h}5K{4^TeL)J(DCQklyCxUweWDQExgz7g
z8%-2z!4GRwmgI`T4;o^}=I30(w-oEy=9T@W@As?)-Y!|f4yQmZmT+lbQ;i;1EdtV%
z1xlJ7DxN9nR0r1n;BaIgh-n`q<?jw@(-^;mnBZp$va!d7BCz{4<t@xX9wjb^P?;yv
zXg}h~{A|B=78A!<o<I15smjc*lrcw?VQ=*SzLD*_5jAxJBkd$9s>|Y7=Q>ftTwune
zuL4ry6~N61-*QAm=XCwc@k{A<wpLCEtvQA(@a0C4>c)dvSV5LTYPNQO;@950h;czI
z%cgjdO`%P``(el_Aw`)myFAf|D2Qi-%D4qq!TD{I4q%-C?1pxv1K$)_Vuu3)r(ilA
zZ)pR6-RsVB&CW-79nkx~vCr?^@F>#mfI&K(FkDcvu2!i3zQbyh*Ot!Ad{c|?(pzCJ
z7pH6hf0p6JDZLv7&$hhbg1?=l3tn43w~pZD*_DTtlv_2Q4BI31gV&NYkQ*^{i6uaa
z^`-*E&+L$Kb?p3yV4+wZo}(}#DY;*Li!oIS>9_uTDFl{IH>r^$0Tq5d@JasaxyXX;
z<*}LAY~S&Dgy7=`Q_!z#U+rhBETg((KVi^WxdS4&b_c5%T?gn2v9swI7n=(Y5*)t$
z;BmafPCIJyKtm=3w0j&o$dz#z3P3h(q{m?Ii__AW2dj^-=iR`Yq&KO)3V^L|(fblE
zOChI42c#Y_WRb46mRpd3y4Bp}<oMR&-P6<1)^LhgdmEeasTRdfhc=K%O`0gX>w6IM
z<>`PRK2ebs(<-Zjr{y+!VN`Serl8LKE({U*qNepB(XY-I(9YpH<-9p)=Ms-O?kWQk
z+!6_tjq<DjG+sQIM4TFGb1GU5E04M=Tk!ngVe;ktc$xKv!^kJE9JM-3JM}#FgaHfn
z(?%yNA9LEj<fva8>$DmF>_kL=_3N6zss^DN<=?u#mj+^^eA$}*Joqukx>U#)4fsPp
z&MY-ow(FUOE=-GI88SaF{z`fWWhLtFgpmTlRGfvPJwbn%P+Lr^ygv)J;ClNSK2&|L
zvdULGS*FZ0CcPrK4sm-8pj&%+K0x-UFU|;1bVVKB(NVGXwIu8CQ@qqSFXW0;oIlr9
z6u+b@U@JPT>9`}$j3UY6`b8;BTe4`r{6Kr&fG*{xc0F%^xJwtYfkg;CE|*_C!<FyC
z{Oq`c76iSK^1gM<5IYiQG}Um|p+&VbSHLZZ0PY&a9$;qL{TFNU2a!#}!3T?3^7)A&
zBEVLBX`1ZBUlG!Y)%jP1tezF<7@lw6Nm(@D@U(=a5(B(-BVA!CS>}FYIX2-v>l)H)
zGp08NWDg00MM%SGF=pp-zs-BUDB(>_s1V)FpF*pg;e@fQA=Qt=1JX6~cx^D!#qk!0
z*T)h5*N!HmC&KIavi$izK>)!-Z(+YP7*Q8jY~G}ar`!j<_*_O$>gPGAV2Y7!&}u^;
z;Gq6V4v8G9SwW@_X?iD@=_Uh`Hk}00ts%`d7=@YMN1rQ3{cYE!+p@B@W&j7xNIL5`
ze4`RU3SL!@W?t+e{FiXQ!DaTjzXz}a?|WYtyJlCrfCc(4z+HEnZ%}D(F0UMJxGb>H
zfMoOPV=l%8<+IGWF8*1$Kp02C1Z4w85!~qr!F+Qx>cdj!KIQ&v(k)`X7d_(n<Zw9w
zQzD4O-n=Y%=vr-R8^c#*r$74D&}sHSzi0T^1s|O;mBp#Ps(7H5r`fgQGd;}jowunI
zV*uJF))Fj(^@w>Etz$>b@!f<C%SC-6*p(-*(z%KmDSI?7NXZMT)k$&krc2!JIDO(c
zL4dFz!^E1p;MM|a&22G}+m!OJR%0q<sT2x`KTFz>As(RECmdq_1W{6l1bN0lelU8t
zwB?c@e|KITYo*}uZnLBUa5KO0JGjn5)lhU4;ABm3SRi1;YQAbOi3I6;bl2ZWeu<)n
z5AT(^WCGEr6BGPRGd~?^RHj8vEnOeoxrbSH+g$0l@5qqy&>St3c6~e&qA$k9WghcA
zx}BzfG1c3+$KIkmIJ?Xj4CgUEb!e$H9izXu3R>O_LQNjp<sNJErR-bccXt^DPD>jb
zH_8JJZlElOx1!N7%lJXlALdt9@XDRgXMDevKO}*%V40c)rFuafGCCUWb%#s}cO*;0
z&FXxrpOLP=l}2WHc|AU+(WkCJq}!guKIsfW3IV5w)?oR7xL{Osnj`U6h}+DTr*bRT
z@EjJH?OMtz2~Rpf2@Ro?+FXcSmeu8~rQp<bt>X;^T%V0t#m=66Ro5v@CBi4j1!Z7w
zui1D%dnc|STngyxXZhL$H|6=qVU9yVz4>aYx@yvNYZqQ6Hhy_7xdxY&Q&L+0(qn+Y
zf$XfWndget&LaeH#kANQeoAuR<R}bo<B*)5as^JH9WX!(9Q#pblxhn>lzuVo3zEiC
zS3*~V+%|p9@KhPgiu;~=;etb8U)4(|N%qmnXbSPjA|f0;2Bc-=(!M*!)qm7LY|3}B
zK>Z<+sfB+Ied9@yE9R6hPiT2mVy|K@>f|wcjj34QL&JD~W4)Qb_5d>rE6dmkA?{~%
z_<!#^=~@u9l;A86yk7=So?e6VaQfc84Q9^MOJVV=l98mFNt$^4P&!z+dH!fH<3)3)
ziD5ml2Qq&8(VIHmX{F=UNak)riK+aU@o~15)(RTVX%Ou#>WBW7oyuEw#bhl?MO4|S
z4L=g^lEO~)WCuMK3k>pIGa$+?Ok2~8FGiTY7<}-cA^^KfgVV^D1w3d;ym}@IMn0gb
z;MRQ9e3Xe+ss0c_os(b-!mRih3>zN@ov0tEvX6;)ophvk`Hndq%V8>maTF`{C+b44
zaL!22T^_?J-I#z2)kq+IIk+nv7Q+LaJ6_OkcdQH&D!$s%*>##ay;E}$^5EyM+5gy^
z;2nKmbCMAg-|xpqW{6a9)ku^Pwz<Sx@o*i2OTNp`o2@6SHPW=*SVpSqF)`!RV3RKB
z4h}(`Tv!M>;Onxs*PcJxek1vQHG>5(dQZEuAVl{7!;MlM$_p9?1G~@#NK?#b33ez!
zA9uBi+hfwn<^*wzBLG4O(wmWVDi3a*wd3x~9SlS?z?Z-WQ_kt66I7m}*(?97jM?Se
zG7v3KxU-r2e2$)-r70)<8|7hFz|yuCehgF?5Y@8;PU_jv;BWWU!*Y!g;fJgMyAfk!
zK}Iy(Ua+-raSHiUr&D?HS{KvYZ-8+UfJ;D$C6-=XDma4Jv>M-^sLZ!=49XwWI?+$f
zx_&d1BOE68y_+K*g+^Z?+9YUGZg@rW%pFVCvi*5#6=gTp_G8_?GD*WO+W0B}dnhKl
zBQrH|?~4L^b)xw*2~5nF>xuCdT{Qz+Q+fT5i%cgL6<hGkt2EAAlLpiq91zWhjP<AE
zb#au`Es4;HN#%^BoS?WtCr%<Bm%(kCH2LtZH*b}^ru0oQQDy|qlT0sr*BZ&1+P#=B
z?wcNsO82NI(-o`lWhK~ov@wbXZY8JPGkFk&3d{)tbgT|Nsj**tGvAt|EBp|3{Wxwp
zO%OQmSK7qE$!DsNUXQ*;(dY?lJUocnCgp~LQ?zqC5O*~sx_y*b{IrCf&g4)O1QNJO
zbzwV-eb==EAI93N(p%k8_Ks%dbi5^h-a4J4odpBHox>hNXlOr4xKv2YPP;Z^r0_w=
z!@lmcS0%y#fTn`MwJ~l%nI1mY^vUtb1^dc|Kz9TyP6}EeMh##4*}z$ntvOUs-=Mrn
z-^vtZ$eBj%@T#AIVdnU_a%QTraViDo{@y-<c;K-Zq8QpCR#I8OLSx)=iaN2{jo0aU
zdPUN{t;a$4vcYC#-&%oeA_uPhVuNPVHel&=lis2Dpxwa}RlM0!8lw2E96Aq=V;aIK
z_-X|?B4#39wSjhyeybV3Ps;zrS4A@Fugi)Fq**;+>*3;Anyy*Q=~G-<RgTQ+)$jhc
z_NEeoJyaXv3>%hpYW9T&`sT|OwJ~)7D0xVZvnax$ZaT2HX}fkIXVqiBylQgZB}aHU
z!1W?-P=_lZe|kCH`Ee0<vJVdpg4R<7;ir_54Fas6r1GDFEh;qCv_zxHlYY>CUiXk<
zW-sQTEe<?5Sj`Q3;q=LQX=%4)hUBt8wK#VKUtM2XrPFSicn!9i(uwDov(XaejP@*K
zU6)kuY<a(OtwxFtaeKY>^5?UaXs9C8|H`BsySW?PUg|O$I4Nb>_W@JewdpM`WpXMH
z)cKa1o^b0V(_MRq9;QMEvozqNpR0ArkPkeS7m^Qz8F|^@A~GYl!*oy7NIBc*P2O{T
z3fk07oMP*jE3{J<j+w=>C*jY4LTmI)QHK8!JbJn+`$#Jd0X!YgkHzXh{Bx%GgHuXX
zuah9VM~Yrb_pKwl-Dt?+yliIyh2+;$U!MqI?-5@%1ao8iD>)KglF0|3*FB4`{tJ3>
znJOYaQQ68X-gm`E!#?qz_(iR|q35f$u>wNN3NhX!khmL-8_3)6H=G9LrBy3fqMJ@}
zn{A}rn``e*9N0YGb?@CJ_q&>K29QGnz&`!uHHL_3)xGf~nD1+{A7;c=2I`?_?2pX;
z5ppcf5&ubCi7oU}*cQIT?Cj0(FSza>*GRzW!D+$p8>GQ9$nMqXCO-cZC;q{lyp%NZ
zrNZCR(;sgA0tUR40X-$ZUoSU^2=N^Q$s?%#QN}mQ0_nbjX%Va>kTo?)Fv4xgdZmTi
zPyPeO`c|y=yEcyb2)Re0A6f}KwEs4%p$UHhu}fq;RR01ACm5BfP(9r0^|=@p{*ORq
zQkw(@pv-Q_%S&YAS4lYQz8nd55*j(ILT*s~^~EzDhV9Y2zp}K*S>0k8t4KL^66W|+
znKpTq``5DlC!o27%%}caB<fK@0P!^|X;~G{|26-Yw+a76#QGPx=ic2%H{5Y*`&(VH
z1M-@s7s&Q`-0EXkKje`sa8cz$nVbGNySN5yuasCK=^Ofv{sK3j>ry@|=&#_>TlMRX
z7Zy@>m-vefaQo?llWV8P-&R%xZz+lwzb&AO@H}5KNsnh>`;GH-J-3_cO1!SFuEN4`
z?kdgBf1#(dUhD1Rw%$|ifk@<yh#j$PO*4)j?@q?~)bC`!_z%@SnAb+<8P5W|pTE2m
zCgJO)WYO}nYf^yN&>#i=#USAP?lqW8+<s&HIhee@p`ovObX1F!`DU#fy%qZ7K3g@m
zx>{ho&eOx=jrk?#vs|*!4>WYE-^X|008;p2-;H1nqTD~x3ISsK$?v~={S$4~ojbX4
zhi~=Pkwf1SX>g@@7Jen02)I8btL);!!te#z&wtJaPh5={ec0OgbJj}H3pFw_l3acD
zEEF{KA~hYpxeDO7kI!B)n{bidZ5(cB-Fw3J;i6K8vh2ZF#pPEXFJ8RR(@UOq1o$8P
z?B<z^?jGW1V^{u|oF5}vGJ0ki?niWgyAn@gs^Ih0Edm;TXxD^vn!HQ6)thU_PHF~5
zt7UmIrU)cgz4xFu^RcZO2!#D0AFe>oW8;5|&8?n1qIUd~`<hY=oqN50hX0wuJtX5(
z-CCqi6zlBlv|!RTGh^BeEj&9_|FVdP58aV*6W2-Q{)JN5`TpIWNlqm+gT%~>lH{R3
zGy1<a9zDvWTCaPO>5UivHQaw|D(TON7830(BRT2bnN8q-zxbm-5*PkPzNf1CS*P`1
zs{6l>``^ht!^Qc3OI0#H4hu<2wsduMb#}_O_DEj)pK341W=O{V^maw%2|DsIBJws@
z-Zw{_QOZB`{5nTQAY)hHAQL4lST}JFt$XzG3Zl*i$bSt^XGf+JC&OTOP2|eIzWUqD
z<k<cs+1cxdXPC@?|Cm4`td8IOpGJ26;u{i$^qN`^<v$oai6#2aJwX2?QA^)U)L!@p
zA^u|z&{C3ce~N7XEz;kg{!>d+a$XYQl>5f-WQPBK=6`Bw`oFIe`oF8g_Wzr*brY{-
Zf76I~*|S0F<a6$vs-l)c^&ijQ{2!L(gtY(w

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/gh_menu.png b/components/engine/docs/sources/docker-hub/hub-images/gh_menu.png
new file mode 100644
index 0000000000000000000000000000000000000000..d9c8d119969a77dcae2ddbb71dfb682e776a8f00
GIT binary patch
literal 19955
zcmV)tK$pLXP)<h;3K|Lk000e1NJLTq008I!005{61^@s6>hYo!000U>X+uL$Nkc;*
zP;zf(X>4Tx07wm;mUmQB*%pV-y*Itk5+Wca^cs2zAksTX6$DX<Nq|rShJ+?|L<L3^
z5h+$=RKNj8hazJ|6bplbV%G`s5KzX!QA9=M-HdAq@2xfS-kSZ#S>M^`x7XQc?|s+0
z08spb1j2M!0f022SQPH-!CVp(%f$Br7!UytSOLJ{W@ZFO_(THK{JlMynW#v{v-a*T
zfMmPdEWc1DbJqWVks>!kBnAKqMb$PuekK>?0+ds;#ThdH1j_W4DKdsJG8Ul;qO2n0
z#IJ1jr{*iW$(WZW<e?f_&KbNko{YOt-kK%hql^ThT$m-`XQO-vWxZ5MngHeZDAUvU
zoJ;^P6q#Sl=O&?Si84hL8SaVl0ssh<#5ufj4vYCYXr2Igrf1}e1c^yvrV-beY31n1
zX8Q57Q~6>sE0n`c;fQ!l&-AnmjxZO1uWyz`0VP>&nP`#itsL#`S=Q!g`M=rU9)45(
zJ;-|dRq-b5&z?byo>|{)?5r=n76A4nTALlSzLiw~v~31J<>9PP?;rs31pu_(obw)r
zY+jPY;tVGXi|p)da{-@gE-UCa`=5eu%D;v=_nFJ?`&K)q7e9d`Nfk3?MdhZarb|T3
z%nS~f&t(1g5dY)AIcd$w!z`Siz!&j_=v7hZlnI21XuE|xfmo0(WD10T)!}~_HYW!e
zew}L+XmwuzeT6wtxJd`dZ#@7*BLgIEKY9Xv>st^p3dp{^Xswa2bB{85{^$B13tWnB
z;Y>jyQ|9&zk7RNsqAVGs--K+z0uqo1bf5|}fi5rtEMN^BfHQCd-XH*kfJhJnmIE$G
z0%<@5vOzxB0181d*a3EfYH$G5fqKvcPJ%XY23!PJzzuK<41h;K3WmW;Fah3yX$XSw
z5EY_9s*o0>51B&N5F1(uc|$=^I1~fLLy3?Ol0f;;Ca4%HgQ}rJP(Ab`bQ-z{U4#0d
z2hboi2K@njgb|nm(_szR0JebHusa+GN5aeCM0gdP2N%HG;Yzp`J`T6S7vUT504#-H
z!jlL<$Or?`Mpy_N@kBz9SR?@vA#0H$qyni$nvf2p8@Y{0k#Xb$28W?xm>3qu8RLgp
zjNxKdVb)?wFx8l2m{v>|<~C*!GlBVnrDD~wrdTJeKXwT=5u1%I#8zOBU|X=4u>;s)
z>^mF|$G{ol9B_WP7+f-LHLe7=57&&lfa}8z;U@8Tyei%l?}87(bMRt(A-)QK9Dg3)
zj~~XrCy)tR1Z#p1A(kK{Y$Q|=8VKhI{e%(1G*N-5Pjn)N5P8I0VkxnX*g?EW941ba
z6iJ387g8iCnY4jaNopcpCOsy-A(P2EWJhusSwLP-t|XrzUnLKcKTwn?CKOLf97RIe
zPB}`sKzTrUL#0v;sBY9)s+hW+T2H-1eM)^VN0T#`^Oxhvt&^*fYnAJldnHel*Ozyf
zUoM{~Um<@={-*r60#U(0!Bc^wuvVc);k3d%g-J!4qLpHZVwz%!VuRu}#Ze`^l7W)9
z5>Kf>>9Eozr6C$Z)1`URxU@~QI@)F0FdauXr2Es8>BaOP=)Lp_WhG@><tXJG<r?L)
z%2EcxFktvIQW>R;lZ?BJkMlI<xzFRz+cvLhUjMu)mH8@eDtwh9m1dOzm5-`SRd3Z4
z)t#zss!!A~Y9?x7YT0W0)h?@z&!^9Kp3j|MH2>uMhw8ApiF&yDYW2hFJ?fJhni{?u
z85&g@mo&yT8JcdI$(rSw=QPK(Xj%)k1X|@<=e1rim6`6$RAwc!i#egKuI;BS(LSWz
zt39n_sIypSqfWEV6J3%nTQ@<sT(?tqLQhLCSTA3%QSYHXQJ<}!q`ybMTYt*H&>-4i
zi$R;gsG*9XzhRzXqv2yCs*$VFDx+GXJH|L;wsDH_KI2;^u!)^Xl1YupO;gy^-c(?^
z&$Q1BYvyPsG^;hc$D**@Sy`+`)}T4VJji^bd7Jqw3q6Zii=7tT7GEswEK@D(EFW1Z
zSp`^awCb?>!`j4}Yh7b~$A)U-W3$et-R8BesV(1jzwLcHnq9En7Q0Tn&-M=XBKs!$
zF$X<|c!#|X_t<oHD7%Dx)e-CH;keH6jN=C<dnd8eNvGePS<WfW4bGzr3>WYh)GZit
z(Q)Cp9CDE^WG;+fcyOWARoj*0TI>4EP1lX*cEoMO-Pk?Z{kZ!p4@(b`M~lalr<3Oz
z&kJ6Nm#<fmSFg8{_hRpA@25UGK8Ze!J`=unzN>vN_+kA5{dW4@^Vjg_`q%qU1ULk&
z3Fr!>1V#i_2R;ij2@(Z$1jE4r!MlPVFVbHmT+|i<Li|H^g**v03|$raa~LixG^{4<
zdAL=0et35TEn-DPL&UpCkI2%<M~jUXOBQ!V$w$RS)kjT5dqtN;OP5$IS+nFuj9QE!
zracxP8x?ybc5<or(%nmk<Lu%J<L)jqT$Z!!+H$q!smsr<kYB-BaVj1gA06Ki|A`aA
zspU+r^k2Dm<pkH0yNCOd=f*4NjqzRhW&Du@mxQu}(L|TTU5R5!u1OV1;{s1XwcvHK
zU-E(Esg#hEqbW0~(W%X8gtYjy(?TU-im)qPGd(B0FT*sWFhjb^Y1Qsk6QV%TkxVFa
zS!TPKj{Z#bNQ@+#C4*TDvud*5XGdk9%2CV_=Je#6<ZjCy$@9tkel=z_cXemJcK(L^
z!8Pt{4y}dOu3X!>PIq0wy5aS{>yK?9ZAjVh%SOwMWgFjair&;wpi!{CU}&@N=Eg#~
zLQ&zpEzVmGY{hI9Z0+4<v#n~|mm*%#^<vB7isDZt+>-0xS$$Xe-OToc?Y*V;rTcf_
zb_jRe-RZjXSeas3UfIyD;9afd%<`i0x4T#DzE)vdabOQ=k7SRuGN`h>O0Q~1)u-yD
z>VX=Mn&!Rgd$;YK+Q-}1zu#?t(*cbG#Ronf6db&N$oEidtwC+YVcg-Y!_VuY>bk#Y
ze_ww@?MU&F&qswvrN_dLb=5o6*Egs)ls3YRlE$&)amR1{;Ppd$6RYV^Go!iq1UMl%
z@#4q$AMc(FJlT1QeX8jv{h#)>&{~RGq1N2iiMFIRX?sk2-|2wUogK~{EkB$8eDsX=
znVPf8XG_nK&J~=SIiGia@<PUi@r#KUhdNhuKDxBz(w(lbuHMUmm#<#&xpJx7z5D!C
zm#b&4IbAz_oqfIShW(A!9=o2FU+jKq>9y}|z3FhX{g&gcj=lwb=lWgyFW&aLedUh-
zof`v-2Kw$UzI*>(+&$@i-u=-BsSjR1%z8NeX#HdC<Dw@DPb!|OKdt@M_}6Bsz4Yv$
z*I>`Hh-Z(6xI-`hmHDqv!v)W&&nrf>M(RhcN6(D;jNN*%^u_SYjF;2ng}*8Ow)d6M
ztDk;%`@Lsk$;9w$(d(H%O5UixIr`T2ZRcd@<kNR)@201U-mAVp_JRGO`(yOSk?HJD
z_)nFejX!sM3H<VSCT(Ws-}i*``!YINegFUf32;bRa{vGqB>(^xB>_oNB=7(LKmbWZ
zK~#7F?R^J)T-BNHe~M;C(u{hys(UYBY%pNJbOH$_WS9CVn|(`OHX(T-n<d!<Ha&q5
zQh1?+KoUq`X`y2bE*OjpwsDg!t9Pr;j5NKy|95A`9!Vo<gybgQ^V8LB=bm%!f6o7Y
z-}z4YG$974K}A4C;Dkg#dqS2<EtHCYihzQEN>H^Ts0f_E2&e=-fqxveXet6KLDf2-
zB5(pDpc3>1{&CczsR-!fK_G@*)wmlE8TFcqz{DV+(P$vsXkiFJeLf$oJza3vdJxo`
zNYv4iQ17b<s0bvAfRIwB)4^h~AR{9KTJ6Y6tR}V}RHSCtp?0{d*TeJiA5i{({sFDg
zl4#y)JQV>Ifdmi;1Ol*HtxC+CoSYFQ=>Q2T1hrc`5m@_kg!-Bx+#ZeL36w{Tq9ULo
z5QBhlN~C97Tbt6997)w3Ku}2|==USgTTfQUq^KUM2&f25C<3D9N^^3w5LW>Xg@U6!
zr`}f)P!Tu=2*f4mG00cVLPbDDAOQqaf+hfx8bw9mcp;z?^mrk!=Bpx*00JsO697q#
zq9Sm-5KswvypUJ(RS`%40hOQ$fTTuI5jb85s02M;$gBCP2qb{Okbw#bJTpv`5d1zb
z{Qe+h_^w8yg<fyqHUT3Z*e~l3uy0n<)T!T;VSWJh@+3rHVh9@W!rpZd8`r#w^&d6D
z768(7%W>v~U%>fiOhrbj0g2Nz2)Dz90Q5*sH9{-oJhTt*Y^r9W^Ki+^=}4Lg(oe!4
zQ+=h$hrsv=8uX%l=Ra`w*M5mgTR(z2N=*v6fNwqCc;h9QFZw3__Fq?{++s|Cq(OLk
z58xMH`3|;+R^q3Rd=;}Yw6GuAhF?7R6w$vOr@vK>0!z~5`z6#jQW1!Qz&HsSg3Dfw
z-~anBu)EU=eR>wI`0_V#VTBf3p8FYI__!Ors~^NK7tg^jub+=(tsh=r5L&$+nxG#Z
zpPxn2!(<|<MRg4Y;0`#@e4r6cp*?T}-3V&TNJ^WA%dWTtX%*9vYKo}1^1R0bFI8#@
zTB_4Vqfz-dC>P|u*AGoJFCGIr7?_tquT!GPzo6gCbf}sKshCrRHW-XB8pa9B;ndXw
z6@l>~Fs_;yqH5c+{bjt>?*NiB@vlF98n>P^70F2&tXR4TrQiM{ezDPxO%MMawHJN|
zskJZTch6U0`dQ17-LVc&zfp;hc_Hrn+HJUE*>vc;cj9kPJ&XM=7aZ7*M;>||-@WHr
z<b-?(Ii0YQW75721w1&ke*^yX@B?^xdnf!zLf(>V@U6RV!@0BbVblg;Z}<=o|85O(
z&RmA9-i>(r<xlx+89x6n|AJetJPl@}4gpUecCUR7kNoC;u%ojF$S%XxU%Cx9Uw<)5
z6O#Dj17CewMPM`p#z)X#0R4v!z!%a(pMM*!T2=u|vO&qyoKcQT|M$P)H(UMypSu-K
zN-AH~I;?+x3*K4tI+9I#W#)|ARfnH`Ya=>-`3$bjuEYzgH=$Ez)KDSb|KV!%+<hg|
z+%0%z^%?~C&B7hmoQ6>QT73D-_o2?}fX<M_X>o2efAnYEyY~&;^Tdm|dR8WUu137J
z?lm}8zlIc35&{7q-2L@<?B~0IDKFuU(=yQh;qUO3A3P7MBZ$1xOxW5E;_tuzF<x&l
zWA(k~!a@?OK}FzrA~0@~Xi|{sYLX6xpPP%U<QTqd^{|wmhDDTS8tg+`my2^tHHtM>
zn^c6a{_@Xw>G_9nZG{O=yB$ydbtiPC*WlSF?!&Uw6r?84zz-hz2^M7~D~2L3)nT7U
z2aU&#O@Dq64K@c1GjGD<FT9I)Uwj;QE!V<f@5Rra+6J3PL~Rg0s=pfDRNV8(-|)r@
zkKyxXJ-iMFR`2his_lohsS-|45SgpKfrozkB%b)uT{wMF2}*-~aH>m59M5{G<{d#`
z+ys?$f^5IF)>{#fcHH3*LeSffZe`kcA=1-L${bT|k_jcB{}!%ZHVb7HXX4A>yoznU
zBzRk$@M#S&XJ&(xgjSP{?7U3q2Te>323_cBX{F@U<Ek(J6Bd-`P%~YC%dWqc?N|eR
z`)%+BxTX@z5#qUa{`FWnrxZB_<ybP`&p07i*kvPDWrN;`WL*&5?>>k-zVs!0`?;+s
zUV1(5z2jWu7-K#*hu=v(P!Tw`2#lMc0euJ>s-&S0wxFSpMx99cgI*U}x4nZ#O0l3W
z4<>_FA*hB@G;>Ne^hrFYlr^R0NvA0^WR%!uc@#-OLp3+t=8Rl8vg3z9;$@mm(8;qJ
z9gIvznVBB@kzkq{Ye<PBDRYjjlA`1wAByrT{sZ6tx2rMRObauON?p6Q;HBUH40ql1
z1RDE23dxUTsvfBb9D4-DMNqMv7A^i9)lm&R&bM&?L+_xj%Zk1}D;jpaiwAzP8V+ik
zrqfrUI90F6(ty{8z0bXg>h50HdRy`FD=)E2#tS_qR+O4y7)a0HP?88SlWDE>`2u+D
z&24D2_My+#ici+Pz;>n=NrkB}@FQ?ItyrP1Bpklu_w`}ZD=%VGy$RR<>S?_C@?Y@d
zZ(T_{uLu2(1L$-IRDvG+`l#kO2!ZkGaT+}`%PztXuX_~tKG%XhFW-;r-}*fYi$Z8?
z>4wwgLt0i2?)myE<k3)Lm(1C3>S%fnU%uia%qnQco(2a(rW{;w^AcKC^$58&Tum?l
zSO0c=|9g+)p`U#PxsgJL$gPku4QJf?FR<+RBbr|S0j}Bm3Krp0?5OXDHYEqw-mnxF
zgAV=CXZQ(<E-c}VuvXEUX*BZeei`q)*N@lV`2+`UzYM{edaCIfSW?VL9c8t(Nb>4V
zMc}9+FfIuyCDWPGaqd_DjGz3+O~}qLvV!-ZwY3)ktq~auKacw#dmdNK$pbaoaM0<Y
zD_g_?2!~L0C<MJZ7w6si1Ke|2IZPbkpii;jjHM=|n+<SOu`iS>pn+{uOPU4d5;F`*
zMiicY8-DxUFCsV1fMClm>}m<XV9CXozWosXeMJF`9BHJ9Jd;`xk*H*42GdBBEyaW+
zQx;a<{UENHoeF)Z9&bJUN4)bvHPSQZ;qIS(6Vo$Hio}nUTHUD#92W!zEV~&D22rzb
zCwzarKv~Ui=8x*3O-@g!U;&?7SxdL0*P*mSwT4vWWoIHKC0Q9f5cD}w`TSRL%dd7~
z&RtL7*Vh)q-{+#GCKc&f8Av&7lnKJ?bfC}aVY5-odo&b<{OIR-h@`iqghvqt{ciMI
zdm#Bqi`1N%hs^X;m}pT}LeLj}M#pE8!_W9#eH;kEwx}_MeYN~z$iN8Z)obgeTI*HH
zl9`o`^pq4N=?*K&3BA7>Nkw2R2ng5e>grHYQ8D7mnd4J&V@jl>(IqXX2$t+<qmNQ-
za2=0aNTT|fYR*AQCL;`q#L+yIqS@RI2Tc;p=7Gcev|Lm>HoqZD7ixz-qfe$3KAb2I
zXk0R-rlBy^5?P=-PMKrltH&w=#~6XA;yGd23Q@w_z$9gMi#ENGs%n~|Vk(3hLe7ED
zBytwbFOj&z$BAF&;p3}!R0NI<0uv@dM=P#|5^vU}-@_Z{`6DXkVDUOy3hI3ofm08G
zV@6PcR@74S03Gwx16+M$6@jrJFySihSTa}RstBkEjEsOv(2?;`@2UtKR|Hgo9#{C)
z%vA(NMnEO#$oQytRRoSJ0xCg|EBtEaDgq-Tpb~UseAK%t0>>2rm7vEJel>FyfsqkV
z2|6-9>RlCq<BGu0feIXcr!}Q119)XrZAe}E<GB7nYUYy@fkb&VgrHg@2daPlLuEW|
zzn2vCDzi8zCravDsR$e=1U@rCWp+t=?vxRyz#OM{QnOVNm^28;bhGa6?or=ohy;}<
z{Qdw58l5&aY8q+;6#*52F(M!YO(dvBqC`+q<ERK6Cj?Z29w*?{Y*hpjK|m#FA}FbG
zR0NI_0xCg|6Yy%bDguchpb|6@l+-vX0>=pfm7vE7cr{xUfkY5c37QB>Y8(}T<Ai`p
z(BlNWnyrdJA_%AiO#~%1j*7r>LO><xaROe=Rz)BY1mX_$OXR^JaX9P6@8=eo{i5ZV
zUOj!S(9u|8fzQ!xC$x0AKz|fRjz@Vq#354wdR5Y^t{O%`O1*tDA}}EY4Fv<}w{>Cj
zhu!$NJ3!woTI6IKuyR=mre_)H6loNel8`=Y3pQ5<vEZ~RNOrbi%YGg&Ek-*1iVhn{
zPJ2xwcG!||_L8Dw=1)aF3Ld&l6CbDi2B|?s;HV)m?&=ky_p!G9wYcY*R{WvbgPqm@
z>a0Gjt+C_2=MLbHTf5+<WF0ZkUA?W<ipM|gL5(Ab-srItl#atc8RX5neO5fVxevC{
z@)$muvE5-=olSN4)nE2ueZ2$pPpk$Nfun}NI3;KhE_(|edan<iK^<;gH3b*X$)Vf&
z5PBNx@&8`y#rmxsxOia}X6Wg4Op!cPUn8%Rq@$yxh;$867xwUm@G<sSq6Vq^dPu-1
z7xZ+#WJn52W$|U^<-HIc`ih@32|C_4@_tlqhb7)H`AV7iylBWmHXX}J_oBn*so@97
z<8b3srw<wZA)HB%-g=gO?0K*}z7X7eUP>)KW=xdGs-~{|gzCQt0^=fRh!wkSyA|~$
z*7@g@;<9-eFe={vG{`S2#h1@<<9l2EXy|aGe2M{WRdsms11GBZoOl*HXI>U=Ig1XJ
z48#8(L7yMB+iUR54i^pz5ve|(Rgs2&zNi#AN?vr(>-XZ-w=1!(JqXr$%qvaDofns)
zFhz%u-;X9r`1tv1;H<C3!ykGvJ70q}HGZ7EvK-e<H=$ui?a(~=0ZQv^#sh2Iu)0E6
zy}lL|rm0v}W<>kJ;odD?9%Z<?%!e)OTJa}>=V6%*sRrD2(NrueHmPd!@YUgzyE86=
z2HAEz)J?HNvYj<6eLx#fqtl^e=^Q-1giEN<4`)~9L44<Z`VQ46;rb;h=sMVkwV!sN
z-l4&L7v;wXUfQ;eb+~T}pEDTorTGSQHahU`K`XkGQ}CS?S;})h`T~8cRfiQ)x$Pco
zsO`o5ZvzipQ4D8w?TGoh*qGeb<-+Dp`WU6}(R^bFj>g*fd74c4zq7T-HSnF>l$?}!
zmZT864=|5)!@t|$Jo1u)Xxi9}$EpLES(1v=QUiGJfE&MmtrmH=&&ISA?P2L39~kxO
zse-^b2r8D=ejMl&X=p;JkrvoNsFA-^cZ2ZLdGEF@E?Rg^xc`>fm}SwzztoO`=c@5+
zZ8sWSdB|eiA%WK@Kq+C3_&+zyz;u%q&LwTAeX0{JcHiOlsewA_&6m%_<<nBA?>aF3
zxhnjr*@nG+ndsa+TE2AuOBHp+!YTO5*?BM%k)DI?@$>8pAc?C@+;N@@AHD0w#pjh{
zNkItf){ZR?6P#GPDL`p&#C4RKQ|bD2<+KJox;a3ss4f$TsCqsG6ZOI=g}^unN>A0A
zWR#m(!FxmSP>>F;Siyh?J$)Xo&frH&A0<vc<CDmunQC-q%uFYxtu(su+01ybQwnEP
zOvQir8}P~d2k~le08I`*+Nj4)A^W41SdV0!S(*Z)v<3Akm{+WW))u4#?MS`_Bjp>S
z<k#Z-)ANu*$tY<mdHUk#DKF`xp-7bN5ZlH<djD=6_1y;Mq4g(YT1gW0RyTh5^j;M6
ztFXK*6*pd4h9V24b3826Yo{av<Ejf9jUG9fT2@sz_I65tWDJH>PdoP1;2VFh#k2c*
z(ZHLTMv96ktN0YX(JSHbrI^R%P}+}m8!GYL_pErS*$<ylkMm|EV-|_%<wJ+FBjcs-
zG#t1m;Ut8-PPB2KNWOX+Ym{da$dlc!;ke8*D0%SFvE-qlVXW+|+4$M246Mr0prhZ9
z7k2mJo@e)CQ@dv%j^V7-|EDMd<B*`?K?Ow=iJBTGp8B8xi@s2b++<2GQpf4E;*D({
zILV~b%d@a=YaiZecc70e1)B66(BKQA)4`g}_A6~UM|d0aL-+#@d|K_NDxHD{?wo-F
z6X0+*<D>m97)a7+5J_Ea4<d^a5KOnVBft`975DaK`W{p!nlB0G54e~o)#s7&q{UTA
zEY@VLAq}PaF6<dY9sz$pHox6~eFX)$`PvHH&h?*K_Eh29AGol$%Y)_l2Iy3CZuI9p
zrT62KpwwNFKD!t<Wa!{+v*Md<Q*PYTg5A68@x(KYc+(a_Zczpnq?@t4f`$*b1HXH(
z0kwyEux;Z3JlYXLMp*_*lS%d?d^`MuNY_IuNf``!u(zfY^;M1d+jBi=p^EFE>THXM
zY&RRK55HWE-Sr*V{LumYsx645k_^m9NyW1AvE)k?SIJW|e4doF(&p82UtQge4tEMp
zD;rxLA&TH$n;-9OZpFH)E_88qx0ZG<^VXuk%(Rscz+o8FgHsrRaY<0YO>eN^${UKI
zf4vodZFS?34Q|R7N=EjJo;^Pc|9XBg%<M*)eMt#!?r+4i^)`I3k!$UWT9}uHdoM3W
zGE3oNdoz_5R2`YBjT{@3%vie2jOW%mD52Yxdub^qtVs8A^iV%ut9Ifnek9BWwr|}o
z{NgP)+l4&NG~<5eXHM26oUe4p3NLi}R3*=6X>pF5XN?;-mRoR^!HumgcD&c>#LX8K
z<7P+GsP7h=$BJ`O@!s1G{B?Z`o{@}+M@dl{&M8SzyID?QLJod)Hr)<4-Y7MKsH>|(
zadF9**TtpXga%YQx;TnR^wpHCY^2es8tJN3@@2CWHcAVdlh#n93ArSw^qaD7D$j7N
z0oZdf@R+9_rybqBJ|v|kBh8Y+G=1pr_ra3RV?HeFYlnhP*gIYDA_+N>bR}5{3FjM*
zuKXV<Pw4~+2EFKW`e89AEARMO^6&<n=xpv&%5TW9AeVrRG_o<Kc<SLvj(~8jxw#1y
z6%`|LZNdnu;3ZN>*r^0sIThwbP9r--dlM@QM;pbvKQMOmp-8$y#4w$ee4@wUSfZYW
zGmMw+nDdRk%LsXjIvn$TQzS6P^lnGcl6M&RK9P4<casu<L<u@>6?Xu7F_n41^_Y_|
zd6bATS4TOFlkU*U%qxsHTo`k{3FH||PRV!7d8m{e?&ngkM-UjFkw}G6ML<R1s3M>e
z^r*tCCaxkdJ_J;Pjt@WeX%&H^ihxScqYAH@xQf8|5SUma(fG=8{GR3<PxM&<doMRD
zG_vorv2)hR!4;e}&OTOfukpy98?Vbb*LVr{;mGqG_Y2uee@k>PreiJpk=U;r-UxT>
zxq+iFOdO?QVt*88=Y))M96k@pKGnjR0vQOUWdP|Mt!&}O!53;cbr6`m1hw@5oo&!`
z9Rj-Aq3Q16#^cWR@Oe*%LP!k>31@%Q1bgED@|><0B56U=hBC5&98T5CDNy#I?0kfH
z9Fl9<yp~tUj^z<1+n)Gud&-ya<Rz#Ou(1Z3)`rN|2(;9PkJ}nJXqTj$jKS~Y?4eG8
zo2KF5$ZyC|R-v3igo;XmDdj*>8INTvMX0y}kWF{;R)LXUesbJBv40)uSQG-*?uVxC
z08qz$<XF?gN~(sD5#VSQO-GBeVdtiyaYY)JPD7|-7BF=-g5|Ri;vRBtP8%9uy>iSE
zIB^I{$$;v8&{Xb#mK*kQe_$8edyb<HN{DSmcajNiwh6;qva<K-4Uo;xitOVSP>y*{
zwK2dg$o6EA&xW`UaiDuhBo?<|<XEP_X@n#k2Pu1PWFI~cK*x5g-se>|9hYs<6N99~
zdmoHGH%wmHT#>ySNde+CQ9-1!eDJv8y?-2;hbr$>NGUsK2|{zZDf`pH>hwhAt)`O@
z0&xi{BV-1Tl1V7FF+|cd)k4Fsx>mmId$&V-a1RI7y2p^h$Wgr{lRd=(hslioWbTvA
zaPr)hk`AXi9q!b0czDfgN=1MM8hug{XQ>#F#Jy~K5>l_%E1Ql+9v$bHYDq*nHuAdc
zWvHKQT9Q&i^jP-M5XCayK0sqqbo0@;<nkXmm+O8K$m{jNM-uydviEV0s|QK^Xc@Sf
zI7T_S--cudHy)=t`(SqWBh}Rpiz|G5WS(raL<#KW!_pdVI^exm4nGjeD+-f!;W7jl
zpM}tZGicmWjaG*N8pA=N{EACZH!YR1m23?84jWa=_L6?v2heTb2t79~jW**6ezu*u
z%~|M8&4A6E0lPU9eQDX~Pv^$HKP?l<$;k@oOk7LIXyp35vL^}CBj-^v%3eq&q>J6l
zvEUFTUbMWUVH0~lksl%&NA@yCQ})qgITy0ZUN%21$5FC+y<WK8Zg@N%Sh=-Fj^$jg
z`)O@Xwsyf{?}pjd4NG4S())XnK|*Ks_aKcV9!t=4v{GGe1=hb2o&>?)z&~>V0!vrI
zfBHEH2x(KyV@dLqjT`;VM*|@4VEOX$^21VLv;>B|-)~3g!*`+C_zu8L)7CU>)RAsD
zjVb8P$U}E}E_yTbVaqOrJ*NmB8b4CZW~8R3A|)kd$R=bAOTw_U6KNPrILR}XNF$Zu
zM7$UMfus8<k;9VLuMk-X>~gu_a5y-D-Z|h{uKBG!uynQ}t-BQ&J?+S{b|Bl@iLAbE
z&Ua;Z(O3gNbRm)y=Uj@=%FCgdvv{m2oHFs{_o}b2M@7XrX0wPy8B>rhjWsVr!}g43
z%Q~v8o-sXcPf0_2RuMXKi_w)=ir%8B2(a70VzCU_gqR`~qf#)Id?z#U#spY`k%h#v
z4VJ(nW&8U2hHNgI6_&PoWVbgUr=t=1Byhg99eU~O9Yc_IELMFUp^L5omaPo;0gvJN
z$sARFi-v|{K~PFcy!}7Wy!rPqDW#J>fgo+fmYia=7F3|4a4LGHOof(Y%*e<Xun7@k
zrD2qa31p#0NdSRZ@`~ylmAW>Y4YFCSR`mAvqM!SewtD2W)}o-T7R4P6$fl$v^ApI0
z(WI~Tvg;AL>PBGU@`Rq5%#n^hL3exv&GU~z^UjM2Sz5&k+L%|4<|#AKUOF3nWiyeH
zorA2bEM#YAE2NB)QH(W0MA_7Ed=QA0xYDK-RoQO0D`f5Fr2C$p9{3KmAg^v83Y)7?
z)>@4mdsjk*4Naei&~<kJ*WShf7aSdR3WlRYP#N0x#^0d%%Wt6B`^l)VcGFl>T{;&n
z<@3=qZ9X#d3y_<ei=3P=F{SM&(orSjs8F5|5u&6ONh|8H5Vos}YbtT;?CeC4mifY(
z-6(I^i;A{tb{UP*B}5Bw=&G9#y6qcK`d&|nw>&n5m{@`e&@Vm-&Er3ZhNE>x3hkMN
zsG7DIjk8WyI=~AG3Xq?luaMGAqmB?V+C?!^I_kZX0|BXMLRc|Ei8|cT(Si2%cJ#Ei
zAg5{vrXJjmnT?f7pYE`4B>l*jUWd?K{{_sLH*B=YbYtQOy80z(e)XRt4lA><t7G4c
z(@{Nt1$5KqV9Jy!C@Lya)K^hkqZZW31hD!p@evR!a#XqsSzB6K(9zt4oV{BxyYgd9
zZ>bvILQJD%@akKEul<nYh>PN9FiEbCpP+4x(EsRb(0uS#Tu5Z(Om*=r>|MALwuNV*
zq_h+zB_&FGQY57+CF8<&N?nvnDD78Kg<D%&(b(7sTkSzi+x|WllC0?tPE?2&IFKZG
z_m6-Z?_yur<g`PKkDxm?!0?l=L*p3Qk?q$dVb_eM*th&rq|RA{sZ*z-u&@wmX=zHA
zhuXyvug0m@q(X|JNeoO44Gn0htwr{>wK#qI8Wi+!@I#ysJnKS)e*R}@atq_!J-IJ^
zHiEJ(Vf)WJk@?zRhP=IuJN<OlGVD3`YUIvaglW^JDQ!zJ^r+U>A#kY|hCx6KO)?rv
z+N&Z_YpSb}x_J%G-1Itft?Wl16r_75`1@C&;qb!A6vj-@5Dh`0yZ;H=cV8ZYLw(V7
ze0<SO$T<Bh%$hYzA*KuxP^IM%sMHH%KtS57qW;Q=nySiu$Y1*kR&04gnHVr28BS>T
zKf=NMl&F&>jE$iDss--31-jRs8SwrxlVklk*T8nk^;ocAp<?_IE38V)0Whg2<3vD+
zDiXD-stS!;H{r}zA43I=NwFcsE}6hnYoMJZgB-?0Q2)~pL;sVzWAT8M%WJH;?rs#F
zcQIzqo~^VohpMt1J|_NAIG|h`>s*EH4SMFIUnCATI5M##G7y|@3rBMd#OK8cw?5*f
zY(T-}MD8<vz5XZ}5TyKEfO^z&4k_4h7s5Enm>VtMDF%|^9*7Lf;}AW@kPo7iMciT>
zm7u(@tjcnf@Jz7KGK#6KtqnW3Z%5Hfk74<?)qGMA2!~)n34$+i=2IqDk~qmjq6F1_
z_sh56r~le@(6Id(4Lux~zUGb}VE$#F$K1Jdl>zBPr6wz#ryILAx1)*f;PbPR!%lzr
zWB1n9W9yz?xap=Ln~qmlzer>k4(x8Cr!gmr^DF}i9nDzweBN4JkInTC6c?lot(2To
z+1pr;5BAuQJtZB<6J2SUzLjmGPZ}JUGEzBX%RJIC2c7qKcVh2>4%D{yLC4u1sm6gH
zuECG{=wzyTR|8(4Kbj5nLcY7Mm%dmvNKZ4uFwq~S$op=qv>~nNDBwBx<wiIc%YS-$
zI`Y|f-o$2AW4}uo^bmbS!(pX<E>WYs;Hv1QlXfp{aT~`xXJ%%OsFCV}Py7-Z=aEU#
zGI4qRt^bK77hi$0vNC>EhaWKS^}F!*ZM~?|c<^vVCJKxi8UWnbu%QP}aYd3cmk~d?
zcnVVJZqU=;hDX-*qSIu-+<EkRHjES%iCjl=|FPMGc?(0x8x$`{(OSQw7k_R9au<|g
z2}g=e<ab}vuiMd$N1IHTHMeL;{$r{Uto)9~T72_W8+wBLO7UFtQ6Ij4%RJ1>AW7pS
z=6Bn%_Qe`JcE}G-@rH%)_jh}+h99i53LAcWWd)r@#d|VNVhLQ5_ifzKgQwdyxNB}H
z@uZ|q;JKp}MFfFV+B42L13Ni8W+%I17Aul8oMY0<Pr?1K{|RGp`OzxE36-u^&q407
zVdGg>V)liX(}7a)h~%W=#cq{stV$O*^=>qBuC@4`_ItYUaW5+-Jt5VwQrSfXraJ1P
z7qDi!>?@~dFtd=3lG5W1z~KpRUeQ@2L8_leCQdMo=zTZ+enyoYy3<rVdIvNCI3v%y
zyhrX!GUEN(9l0lI#HK&meI<S7AI&ewHj;~F^@!fhtAR+l`Xzl{7j-^fkdIB{{yy~h
zHTc>W=i#AC*p3Q#@i84H#k}s3M~O*)Lo*)l@S&hQ8;|_kBK+a5MR@X-LR@BIS`9W(
zaR@v39RWYV*3EMHI00Pn@p3QcUimE!hY$zGGY-#ZuPnwr7Z+k-T9}-IoofJgG0%;Z
z?-;N-T#R83WPr=!#f#B>>o;M|$UPiOBgV`@wvxj)C*gr!XXT89NbqvmNBc$B;mnef
zQOFs7K&vxiW;y44(=~lnlLJdqQ{Zg2V?Qfwkx7Ft&iZfY4<Vb&+qBhj>KWU0%crG5
zPq*=%^$mFTJv%<66JH(Gw)5v?<A$@Rki6lveSQ!A@y1@PZD%E7{g_vpfiGWHhJvJU
zJ4{UV@4vGje{S>Q5bqb}nemNlrlCAVj}X=Mrpg*T@qrTuNNjNueD3^g+{*ORO&qN<
z!hMlgu_55`q4tw1Jh8`zX>$v3(;^){e!m5Os%NEVz6P@qU%hxL&L~Ymq-e2^BOtEV
z7@T~4uPZ#$CyQl>F9SpHxrH=ZloV$pm2E;JeHNOs3h>2Meb}<rgZ@4jSMxKVvnf7)
zX>?-T$H4#(f9S`YybxAbdvV6XWV9XdpkV$K+`2qR@hInYb>MF=w8NH@i7PVfc%fE{
zTMP0r#X#)#)!=vQoM@0wR7i`<mgMlap_@o;09~9S74LUTGil*-^<cy5ri8H>092e4
zA?dtD95#B+Rmgb#$-^;1+cqkb*hkXt4o5!84+hi|TVXj0OUsl22Z_9whV8%HX{?x3
z-L@RGQ6h4V+kOw*mqy&S$^xS%h;8+De!<<SZl!uh*MM^ijBvHp<GZh0v5}hfITa=>
zrwY7g=OO%ZZ5x~s(c%mG@MfzYONxwGVF5m^?ZFS;Xh1*nkU*h;k6Jv)WP0aP&24D4
z<5z3i_~rMZqw*l`dA|>pK`pLZl7{nAgILe>|NEU*^pA4iA%u<ut;dUlA64Ss%}&(o
zOt^SqCYm-j<I!p#$_tZm;|v2b?JoT0AGN4=4wT@MgqE5@`Em>LDS?0c(r$eHeK&Np
zMlLIs_Ifmz*gX+qn_W*lH*BcEU*4_3j_OVv;u5^c71QzX9Sd-NdGe_Ex%rM;J01Ab
zUKec4D3648_4)A5&TjO|*N&P@UriU@=<>nEwUs)k{_N^><B;2r_WcL(?X`WV<xHaM
zW+h{eE`Zl}bYeBz<ksf8VShJ=%a6MCjR|8D`_>~J%WNmzk`)7@ggA>v3`(a$7_j7t
zfnQ7+c#v>ldqJO<j^!FVHqr&W$7jbUO>{m_zn$}`$}WQg8xHp1OVdsG#LlHdXh_P}
zc(HAR4P8DB?zwdi=2Bz^-5yMNVLzTfU`6}6dGg)nQYAXveECdV&JO?`k7D|BRrphj
z4ONsx<TF1aT3mkaRNS~QjRr0|j8D|!okI?)oDOW=?4k;3!u_|+#_TkH*_YZ;K=0qr
z)^?(%&w~1ohr8c}dN(`9r4A#29oy&ye5V&$ssImsaVqkYJb15-s}+QdxbC8<m}UT0
zPHVtpn<@49K2q*j-Uay;>EK7k${T*FmpZ);-@d*axqdr396ID>r41x1Nnt53#kc0v
z;=%o1tgf=+-6|W?Z9=A5k1sBpg7ao1W9vxxotKYPY3q`hD;7?{SI*8u3Z1CtAGG4<
zO->xNhme^O!v4K(zM&2mEXsm@Lo?N88T8(dkBE&osK>W&nun!X8eF!t0pEGvh7aip
z+;GUs-%T6mck4y#*%p3;6UQdeI;I$oOawY6_=&PcW>%d7VE{qXnyaCc71k3DB&aSM
zrxi5e!!|eSI=b;8CEJ{78Avu{;GFzsY;AR*rP&KE35GMu#VYGX18b~@lIpd$Yp_|%
z%EVf|o!5LiFM6DmBCODQBx6On87U-UNMpwQVycDvr2WT=&a`x_%!_7bAcYoDF{Y4*
zTnpC^Hy!IX_tDFCeln(}=;#obYYiFFFe{xAY;5E4%iBz~d${{fHp-Hil$$H*{d%jc
z*r&x!%gT|T%*Dhgk*Aj=L1%U2hfnWCi6sfk%TjQ|m1US>VOJBMi-r)}YHhm?;5!>!
z@TC}WRhl1b4h8YzdrjyK+VD(wDjvAgj9ivKHfSiR7hf<NPpzbL-==Qtt8wDvCNFl`
zJ$P(w1A4SYaP^FY9~Yk|eo0i1&tIAkOEMQaV_D`=&DAzKuzFuN=AY)ryKNyP(Mmom
zMT7dtS0xzo;SjOY<XA92L#J4b4LKF~^=(c#xSHTU{@lsmEfD8-^Knh26ih2l44c^Z
zP2@Oz@74j)+#LFsJmAXYJ<-bgKG7gwrMy>;==#y?BkiUCbH+41rH%)0(n8tIcINpr
zvS1{!W=uD-dxh7xIoXcX;Ph$f(36cuS~O)Mem_ZSqsnUMwxH02bBj`tZ)63L3L`9x
z5l7OeDuLfl{^!FCY!VF&Of=|qf^`p>MngEANQ^+_v7m2+`!T7BH8F$IJ(H5<<#n}+
z`p2&k%2&+B&sJq%RgQ+0*@yqx)r)(c-H(sjDUrg(Qc@8EQNsaV3mWkKo9E!R>!#u+
zKC`d37r(Bjd`>qYWgs^d!&d7j2k->jasDI=%4e11(#z)JySFXCZ)so(vCHP|y*6n1
zks201dXrG_V=44vIhMfR$WWSti@4ug)r02h9)2)2xN>ox(#BQd2zHd9ZG6OR;yO-|
zN9A5fZ&Eyeo2dN{mv2F;78PeFhK-V6g8%#-ZAg9f&jVuH=bfP}1~=g1Bt6kKuef}`
ztL44%R|Gdo2XSISRH@A3RLC;N8{4@091TY^SP^wJZkVTwN*luZ)&QlT0n_sgO24L0
zNSc(4uU<0~_uM!i-?(lTt|(xQNYW#nmKLcSLhKqV)h_CretxxEI+z9x76yv9n7T8l
zkj$6TvW$6mQRNom2U(-!`3@SRWM+hg>mChzpE58tl74bh3VwRSJbZU1FL0Im$2T5=
z-O-E9ZymrIM>=l4b^)IJw*~mc%4DYR$KFoQ0BdeA*pF7acoAPL1^iegC#T`kYYK51
zNhyOM^4Q0Em`Rbh2=QIJT3pyb5^o`9Zhlp?#7a+0QrXtd<C|;vte5*?@uN;O6d!6O
z`Yc>9Q_F?I?D*|^C;TwttP0u>`1>h=`REMkC^PbPiCwo~#}9(Nw*mJ(u^SJr??oTA
z%Hi@ggGQ_bv5CCys5=>cs=N1gXt}g#G<Z1dum9}J6Sk8?pF3Ii+WsqVR+g(g`~p;m
zOy9Zz!L92LUmEd1Do}Ph&WI2zt0)y&lzyV{C8g%z^kmjZ)&XNdiqfZ;q&H*bBCa{B
zapO0u8&TicjZZ(W!GG=YV4IujXe2W?EB!++9l)n`hp=U1B_3=GBB>-DQ(1uq4|oy5
zMa@{L@H(9tOUpT0hwH=sc6B`m2XwK`yC08sgpg5|iD`65v~1Y>87QL!3QG@KPs!G4
zmlWb$zT2+7hp>%{*?0C*Ro&dmwskkUxmHheJLy6U3Mg%(bzNRT$}zW?g<@av)9=({
z-@z7qys;BI<sSQS4(@KpejB@JByuE(QE3X>m?9}3d3g`s*xrchhIVZKq#6%D*Nbj`
zU@l*fhYL?LjEY}0&FEf3OL_593$h7tJ?$%{Y#tQwS_C#mBSCc*oLRxu5B*L&$}(40
zH{rEcyHG>2F0RPN1xtp@m%ldE|6W^S*hI@T;-2KhfBY}#KYDjSw0##`kAjM+G(-+k
zKL*5_JSVyz{p{!W?ec0+_UQ-wI)`;MjjVS5_VWnlPf1|uMER;4p*z%tPu)7KI&BJ;
z6mZo9{_<kA)pvAZJK3{xQ2~}wg_YrZX$8qB>a=4WrNvtI6K*<0b46MT{`;D#$fLQw
zr>+wp+d?pqq#J4?_cP7-@2jSwfcNb!>}$2@u;R3Q6moC`hcuynznzvxBQ8HZ2gOqj
zNM>K-`c@a#?6c$Jt{^gVE%@#i%8|!zn5?p-VejW~5P-e516v#hT*9={49O@r+p(t6
zkKNq?+<3Ycdm4P$Sl@?tnf6u=$e2=;hMUjKM;aw}G>B%AR=`n2buMh|aA6(Wk~=9;
zXP0N-U*~JEt<8t+Z7y6mD+8veK1re{XJ%lbt{*#FXo+Rl)%#U_*vK|$S4fXbPRqqV
zvCAWm8q09_<+I)G?&-$5X5g&(#3wndk;t#1mBqMgtf*yLH=aKY)7dVU-`p0#^X$ci
zm_5^o^wvJCmEWeC-BkQdmrc#W4a;+pTQXd}(@@CnrfhQ`w%2+`#U_f;aQjdX{m%UR
zwa~47Z9tS(u4mPG*L|2aeR@LOfCC;r!A=q#NyKKSKU7&+3H$&1DORj`cF1c4WzCp-
zABH9)YskIW3u3YKQvH(goYd$J2kGSZvMnUi!4M;2f^6^F=>W-2A4f@M6VffIG%Rto
zc0MW3c%;1(bi&?At0IY>la~e)?@Q95$bCc7k^V$K+p}WVleVweQ~mtvTRHd8<_sXo
zXhLq}`7nh>z8_9s)X1=e35BR`a<G8}6HUl&wqrZ_0gx_ELxu&p{J5A{mLv33qVgXH
z1Mo%cBn*qeb$mHUgB9683F=WA#Y``fNAwBViv)FZxL;>`KiGSNWLhzEb2AmobyOuC
z2|p>X4D^V_Cz^hMI7tVEk<v5za}35azz<^|ht&0P@JTWk^-3ejqeBcw%Qtasq9q!*
z53PR_+8_LHXxNn!8?5O$*z~mraK>d<Dl2uw-a8qO6CI1IEL<&1RP5NX1HmUB#MvLb
z#2ONoq|p}-WwYz!?jLg%w%ggJieX<g!e`w}KCIOt5}U#!ZjdjHgrQ@B<3=BNG4?&;
zWiZ<PfvF8RlX6Ls<$t`S2SpB_jv8^mQ^Y0m?s7TavvPkF{062thBKxuxyQwQlzhj8
zO|(d@jlcunhW4%JqgM{^dpS0I1ILChzWgd>gj?J)9gcl+9E^#e@=CJOxRA8{so&xY
zn_f|z_zZs45SRH6{rmmEg<ptYVFo{-o~sCqhCp`*z{TjafByr=Z@PxWZY-RJt+#v!
zOD?!jSyE@Rj2;>@K?Rxq{(h`kvj(2ZPjUXMk0QUPZ3tj;Av9w?LU()%_}o8JKONYK
z9QOhBqKd#^1RAP=ryhd#m8aP0Jd~J0YHFKLyA<u$+=->jmn+NaOeVw7XCkOPB$H-?
zH23e?{t1fT`8&?szFKjMHyB?z4`t;6U%V5cFWv!^Op6yqy`~~?1Oc(ku6qNT=N^TI
zetX#1K5{SSsEr;6HePxwa#vo0`SZD+@+ecXVjewd4nH$N>+0&bWaboQ+5ZCv4xnY*
zCM<mae=x6R`(Z2Z5ER%x3eme&=<~M#7heM|89yY7df^mCVAp17-r%gM*Pq2mj+gCp
z3At(c=U_YU^H{KG5lXpIq<E;CjA2{^EiNum`k7?LNE>IkD^}j^B<e@6V{Y9p5;gvp
zPXUsq{E)21cHz~)s;f9@vv4xvtG?4n2+#_R?Q{+D{;R<17e`&}T-H_IwqzCBR$PG@
z^A}(`yHRA~_GD6N2g5ZX1eFH4Smb26L|K6N;K75i?cqw{Ti(UOgIi%7&EYOP)<g5?
znfcty5TZ*uELzT9`T@g#2bWttKUonF&vqZKhT?8g_PwL~X=%wR!LCK;q3euQm^N#+
zvV^P5UXg{)CwrJMf<}Rg5>=M<7d5!Gx(WqcKX-2BCX{qEF<Q7wAR0gJo}+j~6~?mj
z5jx{MfbP{fjxBCf_2LPRfDn?7m=!mZo7X{8vyW9^^g7@+n6Pi^VpJ_W7n=D?6;g^S
zEA7lvftb->b;1c6O<0I3tA&e8y5{C)Wf5X;)n1hE-Go^+JCSRn**wv}ag~Z2^(FMo
zJeQJIwvwrdKCQ+(RtV5jH}-!D&A#ox?k!>UwW%iI+-0%z>f)I=IP(m2&8J1Syh2${
zNBs6gy$~dv*d&Q~)Cd}jk1Urc{iovDN>pGWtfr<CB~_nbTKygrb+-&}Sc*+3_BbsA
zp*fVSRE?GW?8QL&3{}#`Vstc*MKwLhxi0&50F~VK(l}UufFu0bt{g*fafoCMU4zt3
zU4+g#rz5+hOc`V#K6|8nd8)6gd`t)${k=r0ia|-pDz50nuq2zasU8J2yHMJ&59Rb9
zY32a-&lJS)R9pc}oy~0yLQ`jjk1KdiLaSkn2#67<xgMz74^8cUpq2!zt%RnI`vlsK
z@p2PiJ+0YAs3$2~D(0h~?k007A%&3Q-A)`cM_o<Ed;V0rc1#Hx3$Bn=Bx|fYI`MKP
zo1v*1`Sq13Zaqj3&5f`)?Xi!3wqpw=Zc!OWtjku;#gNL5oEH>xVkj4!n#kdapRJU~
z_9-`2QqH49YlE_BWEfpbeR$(FWt^+@Nsc1~IE}77s}L>u6=*G;h3;}L&sxA$5cBdB
zLW)yni-pVH&;!9_w#I%|2**XxDN~9SP$yzol@vtUtU_36w?-Yl_HY2XrmYFNO;yM_
z)PVf17CO;sgUQDc+7lUQH4bIw0OEo@C!gIu+-HZ6L+M$H1P+OpXOYCwJ=YC7VS-3I
z4qOj!y~<uAt6tc9!+nZktm$fxY=@wc<2X*Q#`8WQ_H*}`v(Qcn*^yg}&Z23smCS@W
zCs*-iCr+88gp__uG4@P`@v`H=Y_w;E7mbY#sHmtI@dKs|mX9VT4~d0Vz&;uPi*%Jd
zWWguty6NldQ%GyG*_5UK?cAF>Taew}fZWbz#p_ir-KwWM#mn007Q*OzjC(ICwIv<m
zZXm>!4nrn(mUEM1h+!*wE*5A?5>DX>Z_(rEp6{!)-GpS)h6`|tN#s}~dw#e;X{V7f
zs2uL5iEQxjnjDj88Yi0tlFl&-J{okoELk{|k&i<;Q_!7Pik^Zp7`U3dv>ioN6^pAJ
z%c^@(hs>&!9NP~hTo6xhqY*T2hm)u##|m&Etf<5yWo1@Pl(gcjV;2c4&UJjYURb(X
zk<KlnryZHS9muA&IJ2)8daji-;eqO(^y4Mcmp9>gABzMj5gn#fbf@K@J3SA*S^2PM
z7jg;CB6z7?nCVJV+(`-%izB3z#pFa?H5d#^-8dQ_@MH1nCrTbt?}ebFg}4Oub8e?r
zR&PE=K|=$BiBd@ciw$)0wv3ESI%z6aNGp;yO5FbbK9aXzA#gj7WnjOf-vPa?8>!YV
znC+b~^VnkVL3)2Lox|E-arGftROVwSfsPSmBW5G*!+w()b}sK?GiSg~iP)Exg?<v!
z!FiQVw#)VAG^LBfVli`XK`B4V@?nk=QOKCYmEGk-9ZN=mGBDgq-6NJty%~#u5Hyhx
zm!OF}cr@ckrI1Z3h^SE#L?wu-$UZJSE##F=q^^^$E1XW3(#}0ZOL9H??L>u^dp@>(
zP5oAwNZ1r^Ca!Oj?64z+<TX*XG;#I5@a9(B-X-%~FRJJX5~Tg-N#a_<?6#0jes}Di
z>b8?4bkQTVi{n^jbCZw(l1~UG?ZM>a6oquDlz@3$SX>Aw*P_x;FqSssU?QF%uYbxH
z<Afw=ykAAW;<8Cak_r_&h&oDM*^9a?1eR_e+2mNHu*c&jVZ&;)oOf{(g8R6<i;pV^
z$lmMqDe=L$No)t|y&mX%9?s_B5-_~4lRdA=xg2YlmyAo+GGA#^YWP)@bJ@!^A(yhT
z%t0CUC>xKJjjP=UX~6Pxx}KkI9s>rWvRBS|Ex>C&ws`|oMfF@MEs58JOa|px&gIys
z5G|K3A*C&7GKmTrRzsu2i|(TYjFpD*a8|FKSO}an1RV*sD0wB0Se~VwG&n>_EZ3uw
zSjZf01IHdm$t~9cl%}#5wLg4*WFJja(l~q^k@RvNEtm3PiF{xNTq9Yfyz;@3{oqZm
z3&Dh3a&PcnuEnM&?<VJJm^=tf3W6r`b3`k0G_F)`sr;h_AzC!V9*=Y_dT*rtU?Pon
zK2lohy~&HfDMQfD`V+<yC-(TWrl&rqA}|&Nv}1{^##Iqe5jeI8s02N>c&oXo2#g5<
zm7rsSOO31|aBLA!33_btR&!Gk7!v|2LB|A_8d*i)*dj1~D=xbs0$iqZK;Wr{t{%iQ
z*MtQn9~qm@0SgnBXtYmM`cEe^)d?)1n$#(cz&HuYiQ4uKY~SsKn?6gTG}X}CbVe~f
ziA~|y&WOL2aiL6d`m8P3TuDEoON)_C2S*bUIO@mV*n-`?IxJsMNT;_dNhbtXHIWHJ
zV0;AS2pVg17ash?O@}=6-N{*3bO)*oPWNxOqPQ>(-@39KQ|NJPTveY$vb9?A_@{n+
zeQq)6y>Nho+0Tkb&>uqGr`>qG$%I*R3XrQ3^s_>#K6jK57#~4dDEibzfU4|y%S&+Q
z!W4y^Zfh^zf4>vYHQVsRx0~_cl_fA!>WN!;FG;~aC5W4LL&RlY$j^!0yv~I_=?yJ>
zU)<aqBYsCibj9W26w0WSmb5(dG|fu`)1tKX(1VwT&qmYcI6UUd;duOrNP4kB#{|U_
zm;@zl&eZVGJGMM;WZ8x-^Qid{7naXW^<UDJK@Q@{O#KEZP^<qEL}1(m4d)}yZaHw<
zkjhHUg$X!o;_B---Ra3XyxnL+m8%4cbbeSHoAAt9J2uhVwT|xZR?g1CKc7_y3yILO
z`2e17(O^!B53e@R{T@j=uOc0HURX*Wpab7VT;MeysKt{XI8h~R=fLxG=4Ig)`sg%x
zTJhw|cIc+&;kI+=;+<06<2;0CUhageARGU3exX9VfhmU1f*v30cGTdBJw8mISAbhi
z&p>}m^UyLgAEUPwe|#x^KF)$H{IBIkY+K)kKh<-tD~o7IHQ=s`reayK34C=ms0bv4
zzywtlMfNbm=%8`>lQdXx@d8=;B7i;grD<zwz<1y1#YYa{oC*_`v(5VcryX>yeh3b_
zsJC^~!*)|Y{#F;jvS}%}C{2S;5BB2z)y?RSid1<e4qWftUxV+w-;ezv9j;rFhVxQ`
z*ub=Y_+C4lIwL&v)xLI*6}^;T;#S^P--FdXet0<JV_03A<gDIw0N>l<M5Eq>%NA$C
zbEq+XnKvAQOFu$BTxp@<gBCni?L$RjGH#q<;N)^Qe*ao6>iOk~qLt7uq((ZW5ttwe
zDi{u|c4ENI%x3Z$ANo19YwHdhy8T+*bL$+;rMvi`%Y!K|?#FXgRvcQ918SAD(CTp6
zc@?;6ZW=WHKA8VngBR*W0vDk;lDyyVz_u+es>vqYf6HvlvS{I7YDd9y)p)kH7j0+F
z#RcVu@KLP`m0cmO85TlyrI+dJaKWOCxP~CE>42TvtJuc%L7Sb12fj#8-&%T#-e@1D
z%)Gv01}>;zJ~e~$p=L1Oh^E&$?TwztucOqQ$~N=LX$^REGiSxnfF`dpP|-f6>!AAb
zBOow=1RazMYoVLorKKWf8-ieSlx@QRUVXb7A8UD?H+EQQoz?kZb<;C9<Lfm>teVZ0
z;HdIKV`fFy<K?YvWm4S@^OI{Dh5Tsk3qfB%*Ys3<sligiHDe~-xx*R+lfuj;DbUsR
z<Gso*EJ_dJ-Bz|fv(hk=0yLh=;N~Rl-)tjs*zUY(SvhhI8U#82vytVK_H4W|_mODR
z7BipP!TDrhHYY`QlyV}p&5a*Ey%)u1J(icH;>Ih>P-J2E(;%qSQx$>X5SYNaBBVN!
zjh{xDgH_^eU5m0D6H>@9+Eu8|hG3`f_&#n63Qbs9#F_pk5=b7W1tle7AkxqrtV@;U
zHjbnzM?tR>Tu>63MvA4w_h>AN9BY`6J}(!Sk>m$ztf;T+#a>2SwK$v7Gydy}0Vjh}
zJ(Jerm)F&z!!1@L4UF<(7^cj*DOBT!$;Zfsc-dLA@v~JKSe2teN53C0?C!-q&+f;j
zc8{Vh$h)XPMPM`pCP;#YC7_Sw({L@LAlr$(^|g4Uosu%ejM7vM4w5*=Bon@R^$ZlJ
z>Pa*o8aG$tO`8tsBqkS<<m71&s_j8!QG$gieXI8RSeco&kXLyV9viuSj;;rl?GA<H
zCbnh$lyaRkJc+R=g^>+93(lFX!9RBP<B@fss%gS1wrgobjT@4aQt*=-ro*wJ65p@x
z#}glQ;p=Cn!bjo`SLO`nlcb54Pcm0j=*Q-_8?cWHH{X111#TxMEqki)?GIeo+vUOX
ze1keLBJMAtUL1_TFjaPNw2{w)?3&oQy%DdksltnIvMu-0K794<et5W~$L$xFAlGQd
zd5a8GVcq!6yA7y4)QL|%uEu}u^57FUrDP;|x7Uw{U#`aP`VMT}Z~zatap{oUG|XV{
zjYwDtI;|N?%lVAkf#1C+Y4u>+#she?BZQ2y43u(ZOc@naw8(;N>c7og*)prtf+>;i
zns6#d{zr*#GHFq9Ng>W<yj}Y`vD0eAiUlK=Sw=Mt&4*><N2S;1$9tPwv978MU0l7b
zrJYNpaLJPbO6mz6VRhtH)T2p=z&Ir+yH~hIj>+Ido7IOGZQ&&_Da(+RmV%pBmg4O4
z6cQ6CX4~#-UA6dKV;}B+r5_<SEp?1@-<5RInj}wz+lQHSY52>xT9xHvlPt-&_tFaX
zAF^#p15&CnMC-8LSuG3z00T@(L_t&*b1o^t&5lMqO9RsP8o4?>AJ5E7!@ZXmBRSHC
zVMxov=Q6DLORol>Uzkm)8s}TYav3RBQ`r|Iq%r8T@K39HuxXtePj70&Z>}iC*Lv!Q
zDRVfzc=_m&iWTRi;=Q*W`0M%>JR^EK%UDvBhI2}YN1UQ40I2^|1O_1xcj4-&1K&Y$
zhduQM!<NZtgs@a1nG~@XCZD3DvW?eg>w%qXF(;W#NVl-xlu|B8<I&zXcjL!R$@ul{
z)1kH7;Da7Hl%CSmjG8?e?Xa3E>pt5knQYDgl8h$glAw~7<QAetce?uN(76V$_>=MQ
zoimYV9G(?EmOm-F%qR=*jWlRQC6-0N;+0w6b+mlE0Vg`y#l+?|3>g;W@`E%{qZB27
zHJrQ%$U0Wd%}t+e;p(xzwjo-%hddZ1r`+H%B}rOFHa#qaCCZV}yUHzTgmM8b4RVXJ
zmH1+yQ5Y9_Jhlxfi??UxXCsU1q>L|=xJq=U(N$TG*D4)&i!MseJ+}ZEBEm-qhshbq
zXTbXmQ)U@qG+I6eT`G!cy^V(0_l;gt_bLJ-AuvuAcci4_-xCrkY>K^2{upUEN;M}b
zR@-=sbHzrF9xDVES}KW#ugbuL?q&zpb<o&UXu&@(Orv@`GC`y14Y!Y1=EU+*DLEXb
z>h;7Bm=F~=v8+aqH9*xIJ^F|-MD3QQUy?F<f5fQcx_PYf8CN0Ihfg>Jj;V?}QExv$
z)f{J{1Ju-UrZv*z$10zZ%Anqxya)_$IhnlgtiG9wz)6FEO3;($r&0@gDk7i~^i=%S
z)ptH=5Kswv()?6vK~F^lRDzz0zq<O)Ck+BBK~I{WN-gNAh`<nnii<nxqfvv3fQrD;
zLqJ?yihIe?!hjeuFH+o~i@W*MRI}ofa<l~0`zit|0%Jo!$Z6%mdg48PG>>@$MiNOj
zB0amhx)c}kl8_oy1XKhj76Fl*Le8wLEX67FNU0AYs6>{ru!)X`9Vv13o{E5qKzsy5
za*ifF<;l1Nji01?RYgEW;8-It#7K0k3!vtwBA_BLJOU~~hsQ>}qatwJ5l{(w+<yYK
z04f5*BcKv=cx===DgwtH0hOS~{U=Zhpdv6l0{<VsE0*Rln2+=T0000<MNUMnLSTZ`
CfS@D*

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/gh_service_hook.png b/components/engine/docs/sources/docker-hub/hub-images/gh_service_hook.png
new file mode 100644
index 0000000000000000000000000000000000000000..9a00153bb1e46024a630834bffbc96f197d83fae
GIT binary patch
literal 66527
zcmeFYWmH^CyDkcZV8IFQ?(Ux8-biqFr*XF=xVzK11q<$w;7)LNcXvCzzP0y0`^(C{
z_s9Kl@3`YICOx`mRlW6kRn7OAp^6HUNC<cc5D*YZ(o$l|5D+kM5D<_ja8TeoJ=LhS
z5D<tTEk#8YrA0+a6di$PmNupk5K>6x>TVh;v-mG3Qc$Gu<fxFihRjMg32krRriu^-
zP{gnp!9io*(v%wz7W3GDs--iUwtAb7EVlH%$Cgl>5kZC#S*Q4E6sb$dXW`ZN)?>8k
z)TiUr`}Vor>%?Oe@>eZp|8`R&)(23TA{sH;a8^QEulW)z-&!_2;u>7Q+l%bRMx48`
z!x5w(G@GiDbTfX<&n+LdDVR{93>^A1Na;{_NT1jt2G9mE10ib7y0wRC5>y&740Ye4
zhnz_wn3u2+mcTAYK-!dCNJpSRW_v*vS3yIGV?j{AKYt=K#0u*|BR!(PkT!*@{5Ypi
zgGLhNgtV^Y;W3FeBZg|j{(?n)2-G0y$BCjvH9^|^tW%tmjYY>8vx{I>LiCcQt5<<O
zE$fn+1EN$C>&<In`nFh@u|NLajMV!>5-TZ|Az?tYOi2W+eW@63Y5>djDiZ_T$2w@D
z&PwqwzbpbGA?yp;sA(-wwcovmD|tFMur&O%L87207fl=yZ9e2kt$6vS=jX0ew~}b1
zjt**)zk5F9*l0qKBxyuDW_yc9T*?=giO^YW>3C|A;g5|?B-EcLKJ+vxGr;G#Cq|3l
z0xavryv+;AG6vD^QOjDP0zRF?JLP=1X7cH7!IVKKM~m)7XC-s6!0Fs;>!zq;uvA1L
zjm3shaiDoM@~E)#CC?OV;^F?XF@m<Dq?o|MaU+*Q7Q3Oe9D+ap#bL@@JT0{7qLb$v
zRRYKj^$jU1g12IB667Q)et!9~%krM(4|HTG#Sd5^KOJIl@nUnU`xUbwdd{f(V*o$T
z8VwRv5yeAZIfjuVTms}0>!dizV2Sd$w_=0xh4*E9vxQJOu_wZ>i17Mm2_~db@`5MG
z_t%|UNMQn`T$rp7VqV^1N7@)AWI|n6=Mc1a=Lr_pjT22&OfFb9km9~5isKGDr#Z(O
zN&U3nI{y`wi}Xo6f{yBI1u5|aUWqI9S83sVVoPd|d{Uk`JDPYBHi+$=sJWa2rEiH{
z3++>m#V4Y^305zwjs#o0Hw3pIF>ysTbC`KQh5AX{8^wNs^ALZXjK53b5zC-dK;I3`
z6C*qe#Sjx57a_<y%igh9b*T<o#j5;ffjsz;Z)@|@=G69;!=5FNI;0WJ+bQl3mmP`%
zHK-%PaH&jL1u<sQ2=^Z?FtIN4OghK&?wAxt?I5Po6z(BfH%ex#BHY&BC9lG*>4wcf
zSn+PF=s`fe^CypnYy`I3V=<32*P*Y?ndT@fajZ!ybK|j$e<^tfV*rI^5bo#*iE<YB
z0q&~<>buYw1Qn%e%9!9!WB$C~QDw3b)jGB2;Is|-kAjHTNv3`(@xYs}k?8~-+QW`S
zBD=!~p20k@AQ~IkM1<oS6sBPA_%|8or3hmM^%$IM&?QBg8nVfSj{L+jHr3#*M_UY1
zH5N9M{2o8&QHInKDfpxLd-5D?#t+R#Cc6mjO=Ejz0l4U1jB{FdEKoG|rtI1Foo6e;
zYWVC1^?CT6ODmyY&@K803siy52z!dw5LB`xDRMUWx2(}Llyo6<M#SU(?boWgnR`?#
z@y>Cw7t)d(!sG)K%2GS=m;I(&5{}%OvRv`%1F$A2_o=;wxZ?yCLbWst6k1reFy#Si
z9~Y(h<@h6CGLaYX`7%fI7JmtjccjXU6^<1$=K%{(i?}Bi_oDaO5MjFf*MFQDce6o9
zh)BR2zcFUsgx*BR`+BY*FFNvRM4VBFQC_~VUaDNgHhRIKj@}9|^)OX8RX*i2Wjrl@
zP&1`oe5wdk?8slqS?QZHTVQ!k2_3fC5!vzF5!$ib(cPg(LPByv0!D`7DM!A=JLE*R
z$e47`J_i+aRhtKXr>aRP+b+{BlbErcq324s9YHoJs(Lp+G(UZ$a`brQM!;mwK^;cE
zF}(Z9(TZ1{XN+^2vz+5AN0AklwVDOdL~H(hc|nC~Ic6^9ue2i75*M+<LbXaR^+ip7
zHGY6s>J8EH<w7POBB6CA3t{Xidgd`-ku#A4e8pSt0QxPaos%`tj_clpi>-5>bB)W8
zv)`2M^zr!QxYMNUOnQlWiJM$yrsP?fhf=G~3c||A6{MA5v|jQr5+RZdgjK-qL^R;F
z<N@qK__gfy?V<kctHBR$IQD*44O2yP`>_~~TJ8)Bo-X_Fb<3`k*k*DcNd(EHC;^@e
zZt|u66`B=``f=AhtUNtqj7>P>rgNB0mEL74f%p&cHu0QPee%t6O@%Lo%9EUh)N)xD
z*LNSEbY47t**p4%`xz$WEbB+grpv~bdIbi&WAA-0y|CooF^9{Ab7IM32__XLZ8Gj^
z%xJur71(W?QdVi1yUZMv*G0O7U31U4%w%#sa4B*1aB*_E+0NHP*5B8w*3Ta8x$3#{
zx~3m9EpFbN+@L?oJjx<BehvOQWmqG+NV7n5s#L9{nrFvXP4JZ<oWPoZIASL<3b)O|
zd3kTwn4vE}Qj>G%C}m9HM4?H6KjVbwkSE$nZ)<7oX`*LEd{24baU}5=?}Tr)Zsj^K
z{cHN1ZTKRiTg9XMEpRD)N!Y{PlSbgi!`Va2v(U@#qIJLE5OcR~_%MTegn!Pf{Z{Gp
zR)|O_PzcuN<-+A^<a~K^k$1+d%>5{;D*9>o8QOR8Y2o?)W&dUMu>m&aEgaN0C?Xgw
z=rAZZ7$NxTcZ1+ixDuG7)j;#+xw8!c^e@HqDw1)K)pFEw%26}W+8ED0+h3lQou!?D
z;BG_a(IR7O`}g`)W4ZGp@&c5ml>|2h`bG$62}Z&cLRN5|S$c&e&?Z@kh=uK*4$j@E
zHRNODi^Buwisz=QZZ~W;E;fBrrLu6is~k5r-FNSJ&&@F!;V02=C|acv6?9_VsRy{E
zQ>PNjQU!RM`0j0GEMz=n9`jk_cNCgatWxOY%K^sultssKhtG6JrFHr)a;{lAZ1=tI
z(`ng@GP10AINc7aEYl{TCy@&#CsZbG^Znj;BYcBy!&SmfXY&jo?R4oh&;2ltr<6Pg
z&|&h8+fUX6&8KcB*YTCgqLY-wILnIW;}<Yjlh-tub&Q0L%qLD}rN^}h0~nbFPebG+
zlgO<>c5FU7S6oeBTg6sDr|}(J9g=9}bDI8`a<s+FQ{w5nSOw)5*4tmnUULU?-Pq&I
z3DQagRk&(Qlb*{8YC!LUv0quzGZ-_LIr?lyJ9$xdU`Cd?P|}lGD=pi5o+vN*vBVhW
z+G3hm%-1W!Gq4hwJ==Ip9lFprDc>atJn(HCrlBi@=5Fn9x3AhfCq1b>*d8j+7T_oO
zGGQj_(KykS(mXcGH6C@kjjoozR`_}BT+Cn+(bt#dS0<FVR?!(upEw?0Y+Oi|_ElEs
zcIm4$?_4ifT92tWs@mxG=@jYAwhNj0Ji`nj(Q|t*(agKIu{AorQsv3Za<?rrEO?vB
zt|j?sM>ZtcKA*K+J!&tK)laKws;k-*0ht$G+$ArfYJ}aN72785&F4n}Eha4sZhfbA
z6*pxSE5^0v;z)XVW%~>K9;e&HqJCwoyN$p_-<6l@H})Sq*7gDW!pl53KHv9aW^;Um
zwVzw}S#Iqu8P)hp>x&eWXZ5nQR$Wb&VhdqbgSt8*UQB0|YVs2MuA<6$Mg`ip++RaC
zFxnz7dQajtsfjt|t(%>!CQ7VFFw(UFl37A-R8PYtH6P6Z8JGNSSFL0B<k+oDQ@U4;
z8jBk%j(6&}`X~*awKIAbt)KknA00&(=ju1rp(-+3@jS1G>x!+hD*=rwuH^f@<>~Rj
z`c?GhgVs#1#~z?~$Mv$NeX?uA6=<d{>`~&j)VJZ$$FD{5u?jW^MT>|^p!HJfZf~CW
zt)KUi#zo3=<3{Ly{DDI9XrAu6ZgQ6Ib?s*Alcv7gK-Pkvou}R7({2aUtJQw$)a1Fy
zdG70WwK`0tYn!Xr@)Z88*Q@+WdV52`DdNhp@9Fi+QE&nZ;K9t>#9QZe;6$ZscW=z?
z@$%tu8!GTa9X5$#w7D5n>(bjF3gTYDLlAPKKT>74KO<#ep!LGwi@&}>$rz$}vmpAT
z;)8$wTL{)j2yMk0k(9ubsT+P)RD1Q=^&p%Bx_)ODCCG?^58Cl=&(D<+kT^&XS?`~p
zebOHvg^xdYT`xjJ-oG&y98BjE^#y*&NlJ%%*?b_TwzMn+r@1%aGX=c8l%^8|1Qz9A
z|B%wk6ldV$2FUW0hO>se9G@}JmdVfrXk^OdZfg(j4FMtG&IkT#YwB!B;%;kW=fvkO
zNcOKDeBkeY-DV~u`BxWbYe6y%c|{UYpra`XCldz~3z-lC2?>dSqlp=xvY5nw3<v)b
zB(rdKw&!DJc5`!Ma${!#I+`=H^78UBv#>F<u`z;sFgkhIIUBk&+BuQ`P2@l6h?zPW
zJ6hU1TLSG!{-SGW1axs0BqRH4qW}8)n@>}B%l|!-ozs7a1s0I`uNG!jCKl%Zq75D@
z@Yh{FMN4;68x1i_TT?qH@Ek&{oE#hi{~GX*rvE+Ve;ca#zlU=0{@cj^*76@C1(^Sm
z;J-=qx4Qmy7pyNK1Oev%(!CHu@T{R71jGjjX|a!=+#!$Jki0+jw7vSp9Z}f?bem1$
z(U8XI&p*A&GoYb!HsLXp_+u_2;DHX_(#Pidi{wLD(PE+Ik0a0&Oz62!XG>U#SA9vl
zLT5xnH@!~=$Lh)%YK6_BjU5IDpheo(3AB5}Ykr&I(~ptm^U-xQBlXm~<204meALZ+
zN9_9gn)S{f0`8BOjt6vZr9iwP>z|wbA!H$<NNeAqLO}lEY7~M0!Rj2SCNK>1r)CI9
zo}gbaA0VLraIGOwLiGK@)H-Lu|5Gyr^cs!`{vRiW_)MPwK_IGb(bHw~2cE!V{Egvk
z|2QcGbcG_6J)&+7CQ8l6KlcC&`)5&5|3511cj(XAiI2{%t~b}$Z(|8H|DfxCNji)k
z5*CKXY9vN>%bKpv?2|yds{jCuy*`b-Iy*b>g^CLN4<7JA41Uh09_V|S&dSP~lWa7~
z>b&0hb_0{_t-jCow1b0#;W&viJ_+QX%@`yI$);aaT6(De`hX3Oy85fpVN-;AzMDui
z-(ZE_d4zMeyRWZ{{ym?M)Ss;l`4u{ZK8VL8L^}vNBs_@63eoH;emKB5<cL8GI<`r~
z9{wIOOoapj>JJwxFH|?9Xa>8O&}lJz6$wTZDVuiadkM9eKn;rOum3|tK+F5Pjh;oN
zWe1+&%JT%>*?wcyr4ifcNB+|c5KuX&YnkkYE7XPR8Ss5EAh_=Ti7uiz*!7Tlw7!o1
zfm1O1s4(F6Ku9vNKgOy54@C-az$lh+?jin}5knG)K1Cc75$HeL@&Ebs2Do7|qUQey
zxz8VE*Genft*osN4-W8Z@kCfracH2xexa`KQ#WFU4?e4Jce3W2eZl$XPy@KDtE;C?
z;#YrJ8XVVtCsS0Cw#`$&SAGW+pH2MLkkC+EM2Rj|4jd~;zTegI!=B{V#DoaQixF#R
zw&Ud*ja)*be5Sa#xV>HI=`AEG3AEJd-pR>MW|3V(`dtu=XhX2E1<Mqa^Y4E4nH1nJ
za1|$R(oLU`lqB)eNem4|vL@;;_dYB#GBP?^*zH8e%ZuLuJ+=$-^nT9U^G7KJ!k@TV
zSdbYeaSH5*!o3iX>%4mhMUqX0N=PW*48KqE`Y_u8BRckf!NRaV30KTKs^|(j4g?e$
z)rUglSoAw4jP+co@L*#a7V`Yx`G!Pgk@6o7BB7nGp+J2DMM8pxgGk?>PlVJL69Dzk
zB=%Vm-XPi#Yy)y=kz>pCA(TGFI}H)^-@QfW96FyDEdaU`?4_R2Fk=N!Q8_<Vuzx}S
zIldnf!MXT33_tMmZ{hUgj4GR380s8MhU4>3CqjQ?i?gY>9FV^;23G!${u4SWF#jy>
z&3pu+UyGQs;eTfe(F5u#11<oZv#;O~K^1nm?yAj9v%CO4Kn9P?&mNX4v8-6~cq%=&
zuIpKSVTY^Y&*}i}uNAVpy2~3Sv9y*qJm(Or{|q}))c&!tWXIPnYGKW4lTc@=tT;0H
zx8BfcgW=sIEDZ37WyZyaQ~X{;o(I`!Hm2LLf)uVx!^i3BOEFw~OQO12ZM?VbnQ;r!
zvVOO{ouLz?|A<Wc9(0mRauFTMd<p7-Pgw|L5^-3$pqMw{v;mj9FF`W|!9>|oyV=)Z
z<r!$A!c3s)G<F<K@GagLMw&)}^&<@<lU2;#Th8B;x`6?Fz=>_nb#zozVOHC|%Fn=1
z&m3zwcoI~;&ue)06plzK#(UjSrm)O7)q5uU)zvD=NR-EwVysCx&Bc2upEKRX55KVd
zL(3G98-1ib!57IhdW^wB_&OSl7_20}UZKBOx5f5zejtjJ#k5AQr#Y5Ruk-%6au>UN
zB6~_Sr|P5U;5a7AU!+=2Tpofi2J2IGG$Zwg9Y=t|+RNi<a)4YKhcrSwgilx$H_;6m
z4$I~?yWfi5OX%|GslDU8kH<!J-!9C#{lh?3*5jo)BK7t~WBO@}Q#C2>&us*YDH7>l
zF8j}MkA8jm^SHgouB(kMtD=@+J-lDVM%F8PfA9p2@(bsWFPPg3-G$>$D2TWXYd-ay
z`v_|^h08c~d$gNeWm}RvZ0=6YtT2|$&K@4`CDi98<)Zx_V4vxuAW}WhHt6sd9yhN&
zy*xcBQm;zZ`q4jc8EbTnVsxzPIDBC`$P5*Jc!_40#7p`yxhL=%eBstD&c3O<^RmZB
zp73SJRO}*Ks>@klXxi~J>FZqdGaLUbgUmPU_yE{I@j~Z9?dcyuu)VDBr!O&0ZxZy&
zjoU<g+S=NdFe&KxJmp?C1TR;$9;yW#iqHL8a0|c=d2x@jD&V|VCu9DO|DJ}{a;c%Z
zvg5dZv7*B;cgxsFw#mDFqid{bHZ%5X>@4;Q%eTV`SYZ3jLXOPt+rllBO0x#<JIiqQ
z_H^lic3P*}PFaup8Vq8+JLQ!3QzI0ns~nUC+rsn*%^LeheM09Cz#^Jz7CH50SjiAa
zYJl$mMU|yQ)Z@%G_p0ln{6eJ`yVX1T&}W^8qp!1rdZiSFmwhH#Cr6guH<sL{(L~#M
zp(#-R2t8B}s6tRAXB$Mf19{1SAl2a5(-kdkWC;YCg-92(@N-)yeK*#1I=4_0we`2c
zorkzQ+W|y!zMwc`DG_p_m^DY-SOJ;|G4aXtTCw?D*g!QZYcBUp`MSjrDk7Xd)cv;!
zs=G@gZOi(H2`xfh8k-U(BTasT=c{Z3`L`@`PM0{cD2ajhWk!8I_?VUK)|O57)p1Yc
zv71~^hHg1`Of^ii1Can}AZp7?6R?jc?NPCSrnIHyu`>sJx3BxB^Q;rFtW`k((B7hO
zqIo$b&AU;tyYh0Aj2SIJHDD5#bmD7lSeTG|I1$>nQxWTAKboGD6px)jjdDT()Y5M7
zdA7YO`?y*EUEEpM^SG*s-*jK33Oggwt6w-MwSJ>Xe@Xt3c|Y*Cj0yoKmI2{WL1h|n
zp?>@vn_mKWYa2~58C|dM?JNZ<CrP{-%?Xl3pz2Mnj?KyXeDA^PJBaD>j!C`vsb_+m
zxhP%FWAns}Oy9_Yk-gO<ABJ=7^JfP{kLH4Tt^ohXSmG7^YM=euBRR|J@S;+7F56y^
z@MsLgwMPqov&X8^Y$)Mv`FVrWbztP}(rD|09x3-Z^`KdN0L$<|@D80f9hUWQ$8t+p
ziMN`}r1E`^*S3pEWZv1nBcak(<8{ShrP=5NTk1LaR@YD#Ve@mlGHXrmZ6G;d#D(?r
zxG^$)&Uh4y?RmfMap&ay@-W^6ZlU9@Xq9wj1#`YGAPpW3{vWw@E%?VaitlUt%s$4c
z_W?*skkhK*JTfoqv(MN*F>JD|{>mC3#%_ww-Y>>n1@g*J<JPtfwD!l?AK(lj!B2pA
z32$0h<2=H)Aum1H?z=G3u$=K+4vds-;&T;?piH|nm^U#=%1n8<DEaE!CL+=t=_K2s
zS|=1~n46af(o~ANvVHVx=MVR|`R=@=eBR_0sC$LzqRS&cMj)5&H~ShI)m)Y!J<}fA
zG?x5ujQ~H80XXJ$nH)TnNUhtRfaUjT6|wY~tR!@~KWmxJg*v*8jr2NUe0nP&%7O9M
zO84J${zEWCs;Z$)X2J<xM!H?IwDR?e*J;~n`y)jv_o{b|GhHJD+Fg9sQ+G^Ig$lp3
zZz8kbetf~~GG3{%<zf?Hg@ONSoRXWiC+({Ibou6a(M}4##M?C1BsO2#zG=#_G36vE
z`rC@f?g&QFC_A~N?>%Kam&3;OB*HtpRzn@-vQK20$qBw&zxY+D4;nF<rSqs2GSu8J
zBe~@i!c?cs+=c=%Ty~8I9+R6}HjglBIx<Db^gQ=7#}0*L8?QmQue;Vy>8Z^v#+CFb
z0&zQ&t|!p*!-4$rJMaa%Zkvs<K61&A;ZD1G8ygP~&CPj7=L42pS%N`)9e3H))f;2P
zb@ue98yiQP6&?FtZ@GQ>#l51bzp7cFXIowYcp6~{LUrD3;@~B6nqyst9fhMYT9byC
z_Y1$U(0c7GH$0yernB{k8|qwblNWe(Zyh!GJTwa)nne=#WIWz2#}(k0So%sLXKFNG
zz>NPC-Cgf=^}^eHnIOVHJeE$Y5jZ|$qO~5<7ix3v8u_BXeTiq4ird8iir>eiVj4iF
zESfGr8GK)YYxc4u7=A$*@dzASs=LtTg>^cMaoTp7H?wWB4+FI()Nl3^Up6JWcFfsV
zIRDh0ijqsr($nJBYEnU0<@xga-UO8vDo5Dm(LzGF;4uT?<X3jkt`MKt5Oodgk{#<t
zcYAaFsl0;XV|{Zeh+gwGO+`+!9gtb(Zad_{ou8SzF*ktXyt3vvj=p8zFx0etf{CeY
zxdduuq-M(CQ~C%hsBG~Xx=G}YR!msASlPkEFUYK#kHBWqu?H2qM+T^!cpsk}y_a6R
zJgwAb9#QMpYu<juo&kCUGh02yjvT%Qqg4CNwq3m(Z%RtJxUF|(M%%<v>z29iKi4Xe
zFW}QB3)YGbv)ciBJ_A*Ji=9;c?#?}XHie}<z7*HROE<3<@pCZ~2#eJ7(G3P*#;L{W
zzCkC)6FOU+_>}CcS}@D!yZmzmGR($-X#R4l+RN^BoZNJm`JH9Us2>fd2$$7hGk3!<
z?pVc#aD3tIs5h|Ozt~WS?h}L(IxR1`JMNP^hy)+{^6DguqN5MbujDeAI*?*19xwHU
zj?tA{UX>L_Y^uk`WNX|hgkva_;B<tVcHs!QtuNCl*$XM6@e&1u{D$;zXuLm-PA1DO
zPF#;kjC#>0oEJP!VC&{T$4RR?Y$gLW&CQQ2m-<HKqTpHN!_+YT+F1YF1&0rL15a6-
zsbis<+jNavEB9c7YDgB7R7h+mbVXcE{<X<r@)YEiKzH(#gOU8nqh)2$yJ3Q!Vu#1&
zOJ?Ygwv>?Q+zXgwS@Yn$im{n-J<=-g{l_WmLt>9j_HS3RW6x{BGL<n2Nk~T;4!5#J
z{fC_ae1xn<5%y_w8%yLKfl?+SD?01%Z&ml5rJLp&*xN*Zn(X+xLG7}K;eRxhrossB
zC(SBd2b50hk<vO0g|0p|?iFzHw(-*EE7KskxQ9K6krkMX`oqHXvWjsbh7$_s-7v#)
z50AYI$===qdD;1GvHw)v%$Y2bcVWpSWE^>Y>Jv`WerZU=^*LsEaPHAB(EQ-&yl~+|
z$=)l~f*Tt&yIYknmkMaHU3o1HXC8gte@vh^8+>+(YYh|pZdye#wf!xB7k6QoIg2%@
zb)dbav~+QClAF$Y`Dx!{vS^GfYkw;qtuLjHGHfwPif*#)e1-T)`y>K3YwmHT3PXRc
zs6*51Dtc+x;uvUNxRCGs`}P)mWJ@9Y<?_;PJ=L{VUQ^x6Q@A7*T6`Ccu>lQ3dgHik
zjlY_6p%^O766&s8s{qzLt+o)~^#b#rDV20Q(8qrIn+LZt5$(np?emC-16{W{&?aZZ
z<ZV?LosgGWMe@o3BQP(wy1->PLA%78nl6Jat72?5he}Rf&!vyMsR>bOP+rSqJ$dC-
zn${MUQXQfGX#V~u<x77VW*j24JJg$+goyoXXAdKZ2s}T@fl>Y>{R&~H)(7Ee)sDxL
zzKL#u)dyY={r%8y*W6EeFQN~__vR<h4d#1rS>F%otD0n~3s?Pyire)7ZVg3}E7M`x
z@=3QB5|%}vTY$bhhpo{P<*t6o%;+fgg(n|{(zg#0oeu1dPyIvyN$lO{{r&Ts-eu+L
zZ7g2EsyVPMCK{*LpRwNBe48~(O6H<TTY+faNjal9f!j}a;Mv4bm*LQ&2ln4qDe#K*
zkO?8&K$c(>9v)tBw0b}4X7Tx78$18#4{fb3zyzhDI5T<N<;kw$cESC;h92|ocdriL
z?t{69*b$qB?w*P0-gU|Oo)wJLOd2u!U7UoY*m|XFk5gt+bDg8u{@jk+x`SrQDpCue
z99i@+xqi>p^K@Ucx~y?^w`g<_U&Q1RB^yqD>F%o{Q|Z}qzJD>&5EH4@ymTt`I@zZm
zOQpp#Bz(7lz4R`MBZ~u=al7_@N9XAE(0*9f3oz*NZKI~1Scf}|@zOCf{^A{LO%b1G
zGyl9ao{R&-d#0UF_X<j?H~h9Mg}Y%zQMf(cPkq$Mwq5|f>(NJ-QlLyIJ1~&qGji+Y
zC_g~(`aR($wSd#k@b%&Bqclsc0#b}|2x&#mXq29{P8lVi-KX9J+^yA(I7VIFWadok
zV&TiI%GVoHed_Vp>M<F+@8irh>>m~iwUjt1H`7j{6ke{);{5fZxf!E}ala)Is3aCK
zKN)Ov1EQZaWxDd0g?S757HK8#g7{u;(J@UsxM-V)M0v9W1l8stWtt(3SCY;rWp{)<
zW`{n}3jI7t&T0;ST6_vl<Sx3;=p_9;R1o2zZdaL4uh-Ar_td8*i@wzKNM=XH$V%>E
z8x}DRK4?W3@mmd+?GG<jhG=T72zb2gEOt{@R*Yeu)+nUi_5!gShAJesN9GlYW_7Rf
zkH%3cV_c{|ZpU3d1{m3zU~4&$$_}+Wq5#Y)(lhQy0?;;#Dp#E6KkC5&giOr$PAU3g
zKO`SId1{U3Z7%|G$9mZvZuU$4PAiza)tr%3iSC^VUl)Kk9M4S-xA==i5$lezg!#vp
zDeCp1MS$n)%b{5ZP|lbz12%bRy1DAg9#N$ga&SiWVa+QKjpwSA%|z>J8EEuzwQ%_U
zer(n2bO6v@oA|o-^0q7BCxY6VZNsv}3*I>r5_=_Tm8SuLsIHycJIjbAg&m^B>CK9!
zw6aTzMWLRaNW3i8z^8Q9qOGNKAGh+Qo|)*gP%7}*K&h~m)-KwrL`U5`I5}sQ^<rWm
zBd6@Khy~!o@cw2X=e5~e@(9febF1v}vf|+U&azET{WdwbVry}ESv*7P{pv~ua*qvp
zw57JEr_rR0)vMzWv0uv-t?&xz&YJP9$;*11$Oc63Kf^B>BJ~<=1JvH_MqaWcN_AlW
z*m}mcucC~n@_A)t#UIc2en0qBQ3S{c@>H#CD2;BSv!00@rY8<9QaHLlyRfx<YH8qO
ze&!aW-MOi|>}By0)B^&52|ZT0!iPUS0PWOG2_X=A!E28Dho{$4@q|*ijKqTX><aVw
zN2jX~%i4CSZ1h7vPrpsfPRbXu>O53V=F%SBRvj2izi!)7yQl1x#u?#>Rib*Gh{?ZG
zN!eiU3YK2z_6p<)Oj#j1yleG9Bu~A63C?2duyfR3#g;7IwqlUmFxiCr9*0THrXO-d
zUG8qw;c#!`rO!+{zueW`+av#cFWbVbi^UcxBW;o*ajCXf2iU+TE3{c|R?SJc@OKZK
zDc6?VxU&9f@u-eK)K5O>Fz#oS;deCZMbo!6tX?`3y(1GHRn^^%N{n_-%qiq|zO&y#
z<fX2B81MH|Lq8-G<U98KL<nTcVhd|MRCxKmLbX1*ylftRY>SO@f7-6+fsW!+xag(2
z@}xQ37aZ7snMmyGo_g`FU^zBx<N7X@xm%1f+Kol7j-vLy8X$dgnN=tCt(S^2wV|M8
z(HfW4YA_>ifp@5b$885l{CYgs0&II^UDglWa3gxCwcmD$WBNTl{Xe{-{_;BDA_5e`
z?F+hK^u;*vek>Aj3DJ}6HHnOR{#H=VPWP?PbJ{&<-J6kMC`pjIJ>{~EbxCND^{Ol&
zUqCXhp=PM-zQ37Iu!{UBYT&A->`twE&5?G6R-z--ddj7zfi1eUkgAU7^@;Aj@4$O=
zN&m(B`l_;Ow5lD4S+L>r{oZ_^=_Jo%v2exf@e#gYr@3^LajRgI+{^j*=^jtf+|=<J
zHF@7{O+y*Lkab^&hVL@Yte=uzeeL{`H>r>yWfn?xz4PlOLwWC1*?XWmH=w$u#+qXO
zAk_VB03fR<j~$NwZi4gG_w{j=y87B%v{jvE&vjcR*P`c#A4-TZO~D%9PX3X+pyP%2
z07}z7V>i+qz0C=MX{2#`SrMeXf^4X4wFzs)UJEHbW(zLc08LaHu2a+fJ6~6V0bKq;
zyS%q|C|+%}@w;+{$g)mBpamLvMdOs#NA^uG&!-V=GLU>=aM=A;e23dIi0;tUa#!$H
zb&zlA+O<hqn<>lB_B2Np@f=h&SxV5r&}@vHs#WJMJG<><9`)+53e>Mi5)@<PeDz6P
zPj(s<Cj&oG{`U$+EY$~)uQZzI9nic>Te7%74)OBHXVp(Fc%gl8>>ajQT>KVkq|AoB
zcVz2WTIOxH)85HNwPG;}F|iJlPyKMfzVPa?S(0Gs1yZQE-_-%es^9e$eV<y)0B$Y4
ztU%@MG1blawlZz=fWS99hm*Iwi<8Uj4hJ?8&WNmX_eCeLsm&dOnsyAM&0&pkTUcaS
zMxx%W99dr?4^EEGt|AS_s*b;nZ64>W{9KlNg8iwPGxj}NU#0K{Y1}DL%typ(x6I?~
zCOc|W4$a~0oK>Q5!R-?E<I>Gy#by!G`ME9e%S%;}i6m^O91$8Jp*10;IXP3Vq}r0>
z*#}U{*z*9f@AnOE$1e`it*;X(hz)TdP$|_YXw>_ug5d+gh<*m}yt-!j$@_s}(=Myi
zn}IJ0XQ$1@tFWW?0!AqO@e}1XrcnxhMcd#vf8t+B!oYT`-Jf5pq0Bp;+YZelNERF8
zuiaG45=<yNo`AC3HLmF#PBKwqaKCR>U<5yxs1(WYG3mA5fzQ*4$lyeoUjp8$xai#$
zU4h6BF2hpZbvzFh1g36~mpC8fb@+_?j^LC!4`1DvQOAxc=Bzm?L8X8|dW#A7>3~r>
z-`lgp%2U5>jKHt5G9G8CVZ=7fa))YmKsMlXo~6kfGFnW`J+q?$t>_t_txSb5cfjdh
zE9_*-ZjbrB)-LVX`7NdNC6;`Z{b7GTjtdE&1a6U-q~l{Nt$;Iq!giIU)oRQZrZP1V
z3@gH_nDG3hdE5C<7rASdPY&21Pm2>3@B#VIv-)9R*>T-ud*I!aCRa+m_YIFVaBNT8
zkMp@o(qwhyUh?FjAyt-p>E@VX7S<F%n2%M=I(&Q5@|j1{`zG}UO_tcRHK~<%DAmnv
zJXVJXs9@I0{llA-&6tMi^yPkdBDvrQ8@Yn^&U>esc;%PwtwM=%!?ti6uicfDN`1tW
zS+LQ`x+LJq{(j#@){p1>P~EMbi+A<q>nA4o{B8aX+}@(DU+}2E7mPnkp^`YUis)F2
zT2qc3t(i^~eL;Sl{=Vqp{~#!2k6W23pf9KP<GYh?@mS02D|TRB-vB|gkXO1^tOz;+
zpQ5JJFAFB!&SYU=qeWy*951J)3buS^2VYbfvn9{vxmU2h_qO1Ir1M4BSPR0W#KM3b
zO`KN4C`j16RhjsqxTr;x^Eh<)jMR0~dOo+GicuvT=%c4Idb3MST)495yjfOO=`r9<
zs^q671n=ZRh?(qo969CLW}MaNo5J;xOjG^l*P9N^)qL0I1-FJ(Ebyt8LmI;cv19dD
zz3pO%Q8#_9>#>%esLNosvG*|XkFL-5h^#(&Y+!8L>tZ7F<fBn++a!RfHT&#HQD^5=
zN1!0OwXdx5G-;au=(Hl=iD<s&94_$_qQdL`?Szr1xBdqz(DcK}xn81&EKyCVmdAvU
zpF>(*QJySrsnEfG6#yih<)L|l7|StA4&YT?kk{m<wl=Ap&0tKjFx!8sEnp6>P_Is$
z8~AFiV5MJ!1t6?cLuLIfMUkLdLVXmbmIdtB27ybz$^x-+SqMzS9d{u~C2;yL&RH8J
z9JIC<?k|ZN$_^(^Ss6vG438^MSFl4hk`bf1e*MB#4$16pUN=%Jk~7!qzy>K~9EGSg
z{&!5tMC&JG(NB-)9=ToLE>L!&i8)^u1TKK12e90FujKna*Ta5p&bQa|lM@tq{c*|W
zFL$S7BUBY+FPkg+SI^i?)ReJ#Nmx5K`b0WjP7z@pK~yWC+SYl?VXup?r8KPjH}@Ef
zTLWnq_+dqNK&3RJ>mll~<CmwK<JGWjCtXjK3xrq!a^p~TS~&XmoJ^i2-4mw5*kEJr
zPZou$OZjkJ;S^lI@yJiPp4Jb$^7Qn)ltq5AdU-EOxnTa>r!Uicbra*(aT{xCeDn0x
zG~LIuu#$jlD2d};gJ0VzuW(<RV3I@lfc0Tw)}y)UjeCTg02x0;B$I~|>~cdw++Cg~
ztlKc@;`bVrwc$CD`kE}AYL$Xa33!jg!4oO4dj@j+B0>1~WJS^m-LJw;OPbJO_14nz
zpvKJD!cxd^cA#Nznx6aRiM#T-_x5rjXLTIKhY@zQ`Pax*58ux6sHal**g&xP^5sr&
z7U=b8sv>K|>xqOhQJyRTUx$gXvx>a$7oNc5WL#HP#_K^TXmqrK8E;evos)dkvWBhy
zv9)Z|t~E34$zoBEzP{tRp~ie{MjfdC@QfW|T@?7pGTaz3J}&rW^b_(pLZA>hi&tZz
zQKz28a%yo1m-f-0wsd2l##gO+M{rZQj0@nM4NzWksqqP$OA84^gIpaRhY$PfJAZ1f
ztDGwD3!R&+#BiufG0Xotr`RO9N9>Ov4Qj=!q&Aykr1W}Wd)*X1S*SkLtz(bfWjDR9
zR2yreB#&|r;JYh`@>vFflyKRjUalANT0ovhrdb1mHWm9resy-|jCoQ?3iTtbas;>P
zccN`|5m8v3dO#qRru@x?#C?X3FQ`j~YGi=bMyhH$cA3eYqfJ-uFy%@3rJ&6Dc`&(j
zUsGP>g!Yo#M#Hx+MdRYYa|UQUnzT|3YG<XCeDxd}*F7Y@Otq!#H=ig3zVuw+&PI`X
z`G+dq{UgQYh=Je3&``eRU%iidPX+n#o)9Q-M6Q^6K7?|ss>mu`Lmgd&++&boJRUh5
ze^FXPC-mez-AG&2@V?S?<s~&G#9QBe=Nz_JG|~V70H8K;KszY0ZdNcW7}rZj&oWYH
zJ?$?8tO`bl@I-UH9(x)5>{b?0+Q=w*J<g=d#c3^Nfn#BYd`JpHB+Qee+8ojM0oe2-
z<;_0d$X6!q_CC4{=1xmj3Q%mDXwhYPYgCyt7oC-d_xpAUW};P#7&%fx&uJ>d9G6vA
zQq!uas2~-hBrs5oVhsVr4-c%`r|jEb!go$i>@Mm(suxv{idk`^YR`@1cu9R$PDbsl
zFx+I1LNuzshk4JvjYryTx7fj-rMc+5D~m9hL8CAa4JAbDquwz=i<T}rHB()JKL=zm
zf)=(iB2~@LW9R=W(!H<WBLk|`XwHvRH#7M;RIE=l?U?D=U!+8E^tpd*s6du}t5VOR
zq?SH{*CTU8Hi3W8L2_z}5i%do-pk(`Z78T#E9AZZS6Tk|t(g7E60b6}hZ&+n;)trc
zE@g=f5&8iA!GIGzv(r|8>_o{Llo-jqg|++s*V9oy5v=t3gJ<>AdgnNC^{E4D^!o1S
z!?_(|K_=#5BLqL+tMkr)QX9WY-yO+>EOD#?M0vfs$}3pQ3}hwpF9QWrlHOi|j~olG
z7blBEaXO-dMuB<x9spuZ7ZrX@IV{t*L9^$(=xD~p!bdE2wiXMO`%@sHIr&&?z}G{m
zfhXIEZ;b;TK9y63iL-j4pBTw=$AlHnjA;pJd5(XsCNewMx_R_)*i;bB#-5ItbDysZ
zRo9}Ot3N-Jzfw$syfzE)D??BAE}#wHmUlq}G3yxY#zqnggBpZGI^^Z$Dbyt-Bv3u}
z8Q!oPhfHP{mFAK6;#t>eY;45!>C3*1hn=stuMn}d6fc^;aoeE2xY5wuMfD(^tyA%4
zixU8iGFk2?8}=nD@@ZCyufPIII@=wi`AojjrB*wYk4;XGWAk@fg_5_I(;9mp6h+_J
zH1iFl@$4H9V!3X7@?ze_3dd)E(YgS{k;6QA_Uq{_KYgNQMgB+m@RvTch~ETN6uz`3
zTT#%>(66F=jzTE0Y*3IN@Zr@$$wUHS{!RX5AH7&BiylyBrHo_8cK%iQT>tg4yA}-u
zV)ZDc*BjKj-0ZW=f{VRhbJ|v6K4nJtk*=EIQG#_P487N}(nsXp?b<x9+ig=*^1bUR
z2efbGK>_EtQ~{NlenajT2}8=J{V!BWv`$>=a;ewDX~8sJ(1?}|6$|Z2M=IS{&UKe{
zsQiu`ffiRZ<J97_O2m*RnT-~D6V#QpA))bMKo@sGgi2Id|C|PlYS{@s52|esZNG;Y
zqe&YDorx`vMQ&mDa={r{qV})VA|>VZ$>qcoA@(pY>DGe1Q*gHtq)k(MIN_93L9OnY
z>F>IF<M|Ap`H8I3Vls4)#d|c$D9Do|ZB^U4qqoj)`t9&|Ejxm98P#N+Yc1Zh7L9e-
z?bw8dRcRSh?054hLsYG7o?jbYw=C13{`<NEhUt-v;Na!nNcKgo&H9Br+`9TqlaBDB
zlFy&cp`9O<cH{%}0p|QI6EYFzw^zKUR43(g8ZDU&LAX5?*0I7Soget?biqX?6NgVU
z3w&S7h7HM^mv-^`$*{PUNRt{TjU*$90q?77!mh5to*OoanY(F2&M;oam^@FA%%o5C
z&apX_r==^FGe~wt)Qmesg}EOAUx-y3TC-$wex=|Z5f1}fxKjkuXwtVpOHv{UEw-9h
zseM9>Y8ZR>W#*TCs3<Nz_aJD;K4RShJ(;i$r#}PJDD=(K$k;6|B6|=_ps|I&^_!l5
zg0=$W42t=KD9oV&xs|h`GuoCaRS}JJQI{QXMe{v`Ps-Tu=Gg-;GU0Oj7lU!wh(+uZ
z?|6cw(!ftf_OOO5v+ajMXy?UwyGO`90|P8%2{dEK>8PnpJK(>ZMA;2;7mA5--Po!#
zeqX<oj1FlSM^E%6$Uzj2B8~g9>?XeMi{Th+iKYioPqtDEaG)3a_~uE_oj~+WV}gzU
zA;h1!&HS)uZQuU5d@7^${MhmO*mk=@Kajy?n+C28{vbOcuh=pwl95`kh^p-05p|BR
zo0~jOROhGET;1A_h{8AAPVTlp)M_3uN+~Y3i&V8V+6O;t<xt;~uID~?l@!<RZ)d#t
zMo{fxSJ_asc!(*Re_4$Wa=y_t-Zbj}hCT1Gy?=8<M{#@Y5>G3lg>GS~lOmV%Fi2fV
zCr>=DzcZwe+5zyaJ`F3P54$VN4OKg;CR1MTE-1{wWS(!tw33IRp!!!C&mK|y3!TZA
z-wNM9Fl9)t%x&;8qB$Nu*&7m{evN)&$vi$jIO1UDZPZzKp}jya7*&X-B@|dbn)zi&
zhRVbnp&9pe0>KvVC+C{fR$S7hxCqZb=t98hXhH{+5I#XiXTMCe_S>L2N)6?Y!JtKj
zhUOHIB0{|pCkdIs&tU+w1;^0+J6nHq`NM$Pzrf^cTTnLf?@wtENuf+$0!uLE4z7B7
zdg9vtdLAyNAtRa<H<5yX`Z=x^^*Vq66)w=f#1((M8$8K-=78TF@kgRKi8FBM8T>ew
z^l(EcPVONgq4$%2KRFPHvh6|S@sWf9TJA60Ly$2|t~)8gzlSdv@X7$Sm70n}FsQ%L
z5*y>ub~H3WY55;m3mWM>N^(S~XF31(+)_edaAI7TKi+SPBlsr+r0@!{aM2HB=no`3
zP;=gVJa+wWe_upNvOhvxI)Ezx5vafR1m3)V+xH9Nvt-rp)L01Mr5+(;&5i#P%e8{i
z_iL@>odwkI1Vup~005M#pZyW=`H-LKlOQ@gW=Qsr{|7EvYT+YrSij(WsE2Ge%DM@?
z|4s<zgru^UyquDW$&Tg9g9nTNWc&d8Z#6n_$qwfNS|W--+Q!1x_W1ai^TH;AgT&qx
zouuYqVPQeaTv|?!0CAZJ41rU8_v;@J*B}AN4IDCdk`VR1tk)-VNy)x!Ee7_j^-h1o
zkN(aG6P!}8q{{)$Nq2X5KMk<-)P?^C9OGFe(EF>vm8+}k3m7MhhkWw`1~mi`vijr#
z{L|CKBs~eCFUHcO|KIm5f9W<`nuLmqijp$W4KcPO%@P$JN}UaI1HJj-p!6Q82?ib(
zEVi`x2c&<9O$FUA%ItuGgkfv|1Bd7aHD_$mILmVM=HH8$|5?){1VdBz{XcU2?%{u<
zAi=}IX1T=+^7-A|e>0pd3dWEVvV{D;A^v-=&+7^hQ90{+UEfiDciz7t5YBKvSo7b&
zjQ^Q9%Muua&aq^TbMrd_@$dNbM+T$Noqv$v{h4?WKe#!_3;bsF?<)FR_Ftq1<Ds*W
zc2-ssg25PnW&r|9G#J7R5h=6zOW~h;psGO?nj@N;m;|Uo!u=0AMrD!AZf{@Ffytao
z`F~Shh`tzP9I@Z?(0?R5dulKU*}l?n4)*tW{abK8Fm8VW@~g$4m5Fl#ZpJ&|M11_)
zvcG?R2nK^m`3z8z{!F|p6WrX@7G(I3O#8PV?tzj2Qm}}*zkz4|V-|x(3@`@u|2X*{
zO!JHM{}}yuK=;2K{{P>Z?f=H;2DlV3o?6=4f<&d$gDf+5-R>8GD8H`&h^U`$c6MAV
zEJ`_vP-xzKf~UcP{*bK?huCObe6KP8xvTGRp%uXiqt|S-b#t`y=#%&n1fhFcRELJ%
zVIAA-7Usx^JT3{NqD?*=2jOBv<)Eo)nMV(OQDML;b;-D|PM<!_rq(Bg@uepNt%RUq
zsdd~q$6yR%fU&rxCQ_HXGD0{u?6g*p3Fd=p^SxZp%5!DbwjKV>7ffv|vwQidcta|d
zvWHnrSHHe%is4MijUeXFI}gU&+ra>R8<jK*{Pa{^9%D1#px(8S;kxnbgLm70)VXap
znnPHHhtY!8gL=iT@uU#!CB^Pm-+cKBlCG5UC7bdY^rU68&1EWQz2v`d>Mf83ctDvg
zqzjv=FQm}vEIqLjR_{W&Y)IkFc<x-w^G84EINU=mGR-8OR?s)_CJE}rWfDkJBKF@j
z9x8B8#RfzsQSk&JLf{)oFCn>LH{o|IPYZEUvK}pzE&^I)t(2GsSf`ez_Uvw1X1XJs
zBgccH)vQv5;3Ejq=*B~SKuYIXifi0mb?`3K*K%gIxhK(Vesf}tbwIRCT72EXXBc;}
z=?i*u^fvXiwt?PH6?OBxT$+TzMeuLM+={(;=FXp06!(9>s-_Q{TVt=kzn-v_#OEMZ
z<YSsqJ*9p<;*GXrxN+FC(8I4=6m2PeaMp#jZekqU>|>qMQztKUY5>S1nML63D=~HT
z%fOTkN`woXAf@2IKVkf`0lw4}k0GD3CYqhTd&kW=u#U!VAC<FXeCS40AaPY+g`td5
zE>~K5p3C7=oM(7ztWCUJ!{rn6!%V$-oqY*T<Dp!u;0uF@XdD?%w9{na@)N4zKuyPJ
zBsZcamLbo(ES5cV`6P__Ey!}XG=RzVOk9O|xO;5W)U;%!4kIC~sE)2}TYgZFk#rrk
zR4^Pg3F=KV5zMo!2v>kjtTQqh>i(fLDjiY{gW;)ZSH##FcTror^9VcA)Fr&JG){Wl
z59ivZrHM=Uu14zy!KL%NOZvKGE~#0Jwi^S}{twak*V58;<KK&#oEM6ax^KE@W*g&(
z*lyvozGJ}s3VBN8&glE(*#_7^gW{I%WqB839Pq+5bop@dW<zy0sli}=qXah&;kY8L
zt-$LL8t^>7%sgYmJeoLq<M+eLjfbk1RSh6xwpK#$TuCHDumz1+PyAIBdPU<a+jBgt
zYObHs8+WzIu<vL4et8_W`>>oa-<GoFtbva34akz?o0NeI#uwQX`e>=0%ClW1en?8%
z6(PNRCXtA;%=pzaC@wwe`Z@rQK%1zyLs;@7F=|ZiX&I{9rrVu5WWeQ_3FEP3xkQ_p
zR*;U;v7yb%7k(%7wv9I+F$sj2a*=!%C{lE=d8tg1FaKp+Snl|gV1)}vM?{Z<Z_EfW
zj!8B;8Ko)sxLI*6j$S*Z9Xcu=v2C@r)6;eARE3HGgzcOzRs&l1&BU(vs64IkIM%|-
z0E%?Nw>yS%g?_v{GFQyjYok`$Xvjj(!1#K`*jeN3L8J+`DnE^C_H|6QAr=7_!HkF5
zU$s3pZR9?F=x_k$LqMcbl2~?$5wM&`ux}@&s=$QH<9oi)%+yh5+|ie?a+KsO(=5eS
zBtO0tK2Ck_knv`aj^;5bC$%uWY^$uw8fpYIWciI*GeK2-&~}PU%WYs_y5%oXimw4>
ze%H3t=_U5WL;3uPdZbFxcl;;)<x9FFM6Qi#I1(Vm?g9%tXOQbm3m;B+Pg+JAC^a)P
zx7FRLWI>n7bwx=8!K=D$K+~rc^fZ^jYkUITJN@&%=3Yg|=pi~LR*qO+no4tke{xP8
zy_-6&&TcTesHyN<r{?L-aMc1k+ojXRbrJ;rq-M;j^UmG*B$BOIMNwweLd_+D({>g^
z0^c5?ht?QRCQ>A}hpa6v1{*s&JIBqh@q(?ImU!A{Rhhc@+0j__QA(=n>#c8<B~D!S
z!cW@0W;+TaYRp(i#O3d;v>0u4x%r}Jr!tQX%v-c3*)I_seUf5oMt*La!6I{cg?;<T
zGQu>&5IzE8$eIKS>)aogkJwfOseMeI>6MtB6QcrI*CIT>hqX#YFapg`)nDk2P^dT}
z?2|M(kASm~Nn``4#Nj0~-Q2b&dSrCez&h>Rea@<g+M4bv->V?E4cDU0w_Ncu_N<OC
zT6JowsZnUCdy)O3aL3d_N9euh!!B(o)#o+O3Vm&{b2TttZ^5}R$ztrrN_KGWYIsQp
zY5ATYhwc5)^)uIE^7d1&R>GIo+`#U5{NVJqnD4~&O<eU2p8cHS9-7F7zL*8yJCNS-
zo%yt8wi!$}%{|J?c)FTZ)b7%xE^Db!UsX><NH@(7$f)uNKEJ@f5{e~*x~$gtjI&4V
zZ;Bt2b9FYK#gn6y<i#L;r5}#<t+d5b<ydS78jnBf(WmJ?Sz%?3hZoh&k1QW0x)IM{
zy;M*{nTs6`>j6RtE;pGrImGHX+TSECF4$O!QDdVivL#Q6E#53n1UP;zb<?!uGWl*A
zmilyq%!+nP$WpL>9{mM$AX7@CbNC~>AWT`r!lmNE(N$9TCSEc70^yvxU*CE?F1LY*
z|A$8mpH*hXQ^|xURL^y{lvhkZ8eB@n+mH3*N)_;`-tnHTTMp7!@%Nx9e&oU=qz1|y
z+kjI$A~V}a-N36~v<vvj{c`#S#J#~gDT6=YegaQboZ{hNRXRv@obnxEWl6qOR*q#e
zU0)xKBIDu;G2wk}!W>u_ODJE^>=BRDtvZCa-K{QacYfC6#(i33lLcuo=sKs)uru2%
z`YepxyU>)}4CB(Pk0!;(=Cob*sJ2*3qkH|#<!4m&q7NK;&ZoT9U3%oN?i2R1TFBGh
zdGMsf(|_Hr&%>UdOv)(AVy+K!wBa4{)y){`b;{~BW=<k1zMlSS*e^C%7hXh1go=15
z2i*{#jGCC_6kibV<&Jr1uC>k@8{dok<71T%Kk}#W25zkg+s-eE;4OyJ*pW`FP(cxK
zjJK=VRgr9br@5X^O-+)^#P)ke13KiXi>rc3uD-ZFS;vB==9dGe46XC+toa6C>c>IY
z-dOdul9CNy=r|5?TZ5x7b=LdbA2a3~%*;8h!vS6fm$kD3tyawZYTvg69=%xsnq&+G
zK;atTw8G4OYD|rdSJh?@ta?fMc)lq>IHugoX*!0sexlVhn$K$RW)}Pc*R=GVTuQys
zvChl3{PAa54$V#ZzT3o;N-RIKP1#yZ2Cd;wM-^mYa~GiJYa?R3Z+f)TWj|*Q#}GJ)
z^{Cb5=V#hfWd!Hh;iD`mDV;bgiD29>szvvkd~MOR!v%|IiZ=U|9Ae8A=`0)A)slyA
znizsV=TNLt8`Lwun@4J(DLMJXXkzR=50fP!@xN$$%c!`TZCyA@kPzJ69fG?AcXxMd
zB*C2!Bsjqxg1a<LH`;W9yIbS#5+GP(m-pOz&ffcs@%{Y%tRHKQRjX>%teW;bv%-{?
zqr*bW&2*TYgi}2GjXs7}2vMqh-i`wjh(K-D;SDuyRRMKC!5BV#k`+o3Y;Q~h_tmx)
z*~1R>pgL}(#rH81%rf6NdI(QBM3ib^^gQdJchvh$!BKju1Nf%4nE$LBs-<m{5+#0~
z&&;;$3+-HHtpLcWzfbD8aQPuy_P7qvLrO5+YI4e-ydKG2lqw#1>Yr64u<Y?j$b3DF
zC=rfJ*b7^%q#CH!wOxR~(t4v&yY@!Ab>i)a%f0_p%)?|gkwhOS+9wBX0O8aN@4%?m
zdnP_;x~GO21%&-~))n&zN^ytCAnwv>!{)=N)rs7`mY`dg+GToHe=mQC2=g^l8PsW{
zlG(*IF2_cVz`aWn1UC0dIV=hZkwT|K-?B`8qcK#vkfcp>^?7NetGZ^r>Ib><fYAOU
zUC)p=i}-)n0w8RDrR9xY`9eXP5Fj_nObRyt9JY4q$ht2@LXrbT643fgL-am9on9zO
z@nA51tRMFp4cgq+SRIucUxd)-R)n~&HrU*G4YF)GRQlZ52|vTPli()a9$lfr{Y%uh
zG%ja{wF?}+;msf-Zc;w6%r=N(P6gFApaz@b_0jFyBSOg(sa5J68`x6mHXii=hc1Qw
zQ=t~No$Bt66#(Mk6CTNP+H;^Xq(nm3f(Y5<sGhq*O=Kmr!*E(ums(^sEGwkNHCGK5
zt?6c>0dF(cVOHsMt@M%C+GE?ks^>z;v6Mj2XDW9^l79K0{VLtAo1Jpjwnz5x$D}o=
z=^PQw6JlDBlwm@f6)7~g&(RygwW{=X)$$LI3<ISKUkmO>>nY$V@fdB|nJ%{u%&|y^
zd21i<wo6)Pp*gpdmznx=&-v-dA}<n0myFZR!8$xc)AS<y?E&RW^&W>rtw}N{vc3^T
zy9h&?S>z}N+-2~#V;!d8%;&$ET;T`GK7<HI8uIMpA?pQwpV~!hL}vNx%aIWUtAx-h
zvtzIR8L^>u#Me5#$ds*G1bnjOpLey|f)BrVrJ1g&6`xRAw#`74YSJU8jkB?o67SLp
ztr}tFyjWJl4xJx+6{6`PSKE&ZcN*A!L+FYi-#u#N2e9Ng;#3DY_8shhkgkxSqfeJq
zSEv%k&C?Hv^JcW>y_pM+o5Tc2JvcWnvAWZ=n%BwyHtKF_{BdCN%j$&LuGE|GL{3t!
z;4bE8&gxmh1WVHVhhYQetBtk8NS3DC>YMk8Klq29drZq=e0NWN0<xicN+w~DoR$tv
zu+MV5uz4auwpZjbK(m~PkZZAwFz?{So5ja9X3GXB8OMcfyO5hYqnoWZPM`n}uIPIS
z_tB)jDBF02t;M+hJh|)ed%t2eX@In0rJ?}-=(%J~atg0hsj77Hl5?>zjqgg#JFw#l
zvf3|o`|`(Xh{-U(E}kau{qm4kdj8JR$x5qA37)?q>ZLMqw%~wE)L8zHy?Pr8d-F1<
zkIt%g+}t{dnYeDAx!KPhzUNwhV~NCIU1;A#FKw1+IJ`5~^y|wbS=sGftKl$zad81a
z)v|Z{-rQ29m6p(uznjrfGCl{>psL!l-<2yjcugicGU3SR4?T;5cWC9j0pHZkZf=*o
zm4~3b9ZFluOe9@hIdIc$H>F2*xSL8uEVV3@Vi94}spc^~;6>jEe#XUJ7NqG@-J@U=
zSMPbchijM`rd=HN_$6B-KCw&^^+)(xF^n)~nf!3Pm?d5DmiUXSb26`YbN||d`^<{W
zUol__^+&8I*)wkcV5#(A`CT*8z(?O0-K}nJrc6KD_mQ+gVZh|*6UJe}?0IdSj_dM2
zE~f`g%=orr^mUzoj0#(b83HZJ1PBs<Dj6C)-25{qjslvx?6p%2=yM$CG9y{`(8roT
zC0h;wmzhNy?kQ~U3Il~p)7@7)rNk|7^OjqREXNFwtG=7%6<1^WyO<j_pNtX9@EG{)
zl4b5gKr`E0oqdZ2p3Qz1Y307%gy%N5_q^ljBVa~~+bwk`Dkdu>-7Rn%#;MpZl|v9N
zt05oL3dz{9HIe0mW=a2ps-;WzkEVKiTjnW!h*WcDj3PZQF5b2vc2?yFr8!`i+~Ebm
zfvL%DELK}+q@TtrHWXKUjtIv&0=tId{j}L%_pIq|N(Gpnh?$L~lTwHi#+l)7>s`SQ
zJoRL-q7WZMxC8X~QZ;Dsy<O}gd_0eBRKmU-D@b*4IQ=>xb-`=x5Cuo`30=C2K+Myr
zaA}FCRMvx@Rttgr35I{$lJwp1wAcs4Hf4TFNu#sLG$X-d8M}JM%LUS~WxK@MY>E$<
zocx}LbY^!DHcWb}D#5@>a5Y74|Eb24SG6HIWSV8)9bXBM{6}6=jszJnBPk%)BE;;`
zi0xTpNd6AnE{-5rpSne=+J^d5d)wPumMG_O?~Bg>l1Ux;?@-ys)eg+y-5(@cnS@k?
zM}e;zF%RcB?Be{0hBaPq5n5`dr4H+N9G8ccb}g&xto*8D2f-NxxX9qiZtfslv@&8d
z4jhW3qZmF{tX=g!0<rq-EWIXFwK8-$#|5-NNTn@DIAj=)M9)@1FJVjaoz{pTtx#np
zahYaq8X|hL6R$gu0iUX3;GKwT>P1#kS)&3;llZSXiKwxDj$6-z_;>tYKGel8wC>#B
zTPF+oFNBeNEwR6R-8or#v$X`r5YY6xcM`wz2?j!XxsAYw=q2WNaG~F9*7=aYW8)Q1
ziu{Zu@w<?}-IM6s)f0Jq6Hr;3>7UZ2`0s{tu#ZTFjqAUZ)RPN;Ip|CpM&S^F<oiDl
z^>He*u*V=81^iHoH<2{$zmhZ((?jR1MNq4v1_xH;TvYm~Jyn!~^$m@70b25XO#4Jk
z`{Z{oT|`N&#zxUScRRuq&>-R;Q|Fj$t_I(X&D!~_#<j)W|4<eR$;Vci6__EwKF?cW
zzq!=Zig9;u2)+eD2`+!z&sJB=9`>Pn0(ERsC5xRWd(C13`2<rNf5oPdk=z)H-T8%A
z)&DTn=-o!?Pd?TxxHJxh#IosMbxT_C0=(8=lMofiakG1g3|;5+b82hxPNu6s7+Wyo
z@RM><hkaE0C<KNkRfmiH6vr>CG@`3tkq`?z_uzCA52qx>4R?tza+r#eRe7iW5oa#r
z7?uY+E%#nF%+gODJP1dWo8s&UM^?8+m<+Ve5otNgvP&^o|Ag&r(E^-@mtnEV(_oVt
z#c}7TNG@~#^10~lqouHiGB~+}EmBloLGRT4Da$urYcz5CY?wOFEOJ%Rv2P^>NvyHj
zw-Z>eJu+$)OgWV#-^NnfPO%}u^5vo4lOnkz6h}oFqPz*EnYhWAeHVEq6~~ekWSgAE
z{N`;njf`W@%L*Eco6|G-yf>WTWi1^mGJMLo2_>!@C-S56dT}Jp7l`9egQ~Agz5IB|
zuz;V%W8DrvIO+RI%zbUg8&eFu{|SI=8x`uH{Ff4uYC)aAzr}cWgf_4*<)m!m7-n95
zje;CnYnCKVY4<e4Ge0Veks>+!7v9FlK9EVt&Q$bw?{mJWiKoZYsLD`!Et4>PO|IiT
z4(t@8%bNYC?yNfzXs31<hZd|e*UV_)G(I$s|IC8pWA~KJ%YCrb3)0b=s(t1dXM#{?
zykGE10npo=QLhJBO8LYstu*cMkSz~$X%iiCd$6HkouhcwNd`_>dHGNCg~o5+ay*zc
zxiMYUnijFKv7Iu*TMBuo3Lc0*@sGqBrYIlQF&SWGs@F@elq85I=a`9Dv9^qYC>Tzw
zH!+%F55;(TX+1!RXSa*F7@r+$5l>5QY_W{zy_!0Cczv7c_p2|}xKPRVoY-f4!05!p
zXI;m`1-h*2Gu^W0qe;z1O~FMLPH#B%?K?-Xj3KWQ<QpH{4_u?3I_r1O1{_m0GC1P?
zro?1SJKNAyxDm??qRO*0L+jY(3UU6zivQej5|eMZ=7?g99CeR+Px#S@!%vQECk<_;
zEVi(lwQgE%HI#xNPem*=pfx_4DHS{Y1Xb;(1*uFlI-_QfUa_x9T#%lV?9~VAgBssC
znm@&5WYOebn6i$&H93i2N<GNXP!QOt;^16cnk)wLq7<+tK6Jzy`%6J}yX|aaipa|T
zOn$qX`Wr@dWm2oUuE<ft585r)?Imo<d$SshKKW;xgEX6M?j~}y+S>4w)MeG&kYtVb
z^WN-p`Y|sl!h(x*O;JgS8^Dx1r%$21_47lwkR>VHs=}Uc{uy&^=XDYwy9s(m(-{GZ
z6I0dr+{)c&bQq4lXM~V$yY2Y4Z;*+E8S+h}*_RglV`Dor>QODwK3Q1JRZ;Pla`8)2
z`n<pDz&zk@6wZAjCd~kKzP|m6>!LEiW}4lW(Jod2={1-eR}a?pm{mGx)FGRn_4(3+
zWBs<SOy%$OJiSd4gRp}g3LmGz!jU{!$KBnAn8Y}C^3wdv5*1WQ6FZj|G_Gkf`XPDI
z(J_kvwQ9f^th&Ct2ITI}q|w9|qZDS%M0va6<jkakIFh3nvDx)tC@$qDFEhw3*-y7#
z{qYV!79Rc<o*D0P6|Tt?jz*wZa)VZk?{W)nE)OfdXyk8#w3x78uO4E+*jaTahigAE
zz1hi<`O%N!>l;n<$w>&{5_F((qJlYTVlYVlp~kolrha0{?~o{NTF2}938;o{M}X|k
zx#gjJKb)C4v*dvdcF}J5gsa@oqz>yg(l&K86GF|d{xV4r7R80q;#;Yi3_`=cib2tS
z>p0D-fa7$i6Qw8JA2^#NsAJV(VyRjR&C0Idc1X|5d5ePNt7sj1+Jc(O`vKbxHIQh?
z2uFTfF1o;wN-7X;9aE?@;X>ts%1NsDfZ(8`YLnQPjkPli>0PGjRaL)%Gs(sDx(*hW
z9yL`vzd51Q{PcL7l!OxU=TbQIp-1oK{(LMw{WHt(^;_%A&}&1i{A6xOWs;{S|BrkY
zH_$-R`$r*w`<CF+%uy$T&nugXOT@tg^)Qm5JcyCYLlmXpDPkIXI33_2ZD-mrZ7tal
zNd`hq`qn0w;hgD)keJK7Y9;6~_z}|Eh>dpfa#N4i;3D$!_t%3ap!?T2S8~j?EQ)f0
zp)iG3R|0U7cb0a{qSPB~+&=-qv2JXTH-5<~iVSLPyrQ3cULlvH#Wm4Yex^@p^UVOG
zuQN*<ZHbc(UNR3~X+}qAqE!=e)4ZvifAL%W2tC~W1sG|sal^q^!lRzPbO%2v*lE2x
zYGQg`UCYEoXOU7g-=uoMMB`6D!3>+<mhcCW9lOFp%OazdLZ3Tc;?k0>E&3F9*YtyO
ze7)q{it@D~x(jD*@wzCk?p!G0IYggR^$|i}S{B1HYi#Qo4|D(W2`o@Dedr=!xblmw
z2{g}OjgLP%?c>>MTu-eXd^96YR^#keW$YZS9sL?z(FKHHdE-c4EWnddVk|}O1Go9M
zbee-|XGGZO=&h5BpFXD{WH5@qO&`PC)4NEDvnNGW@j!gmXK=-@AMTR!kxAeWnPSTf
zs5k=?Q&hU+tP=<)P9K@UCKV5H;u`bhjN9OG)K$ilKEwkZ1jGc+rg171J#Z@f@fjEn
zwyKDdZP>`B729O_=!y_P@>o#$9@reIt>24FrOHMi8sPXcsT*bC>J`oA$d`aZT$zfi
z_dSw!JuNTZ6+*C@L;LC8S?Faf#HuN!=ulGy@0N$j@^Y#sVUtrb4w4SfMZa$_!rUd?
zIL(;#3rd!u7qzop?}?bw>E`Zs<+k>m1wPU=?1}2-OyK_tIBQhbqWWw01Sb1Q_eP`k
zH<k%zk_<hSL3da{!pB9fp1&{axQ`>W25B3m&c8|ou5{xmOfy&ps@LRV(jZO<y{$;3
z9)2mR_Ng&4W?9%_S7;Ot8L&GgR<MlEM|B%uu$Erc>Dp8p4Z>2DJtet2)!4#pQmPEf
zNi#uCN<cR`<XciQ)PgjXM!Ht%<@%5|Umq~~K65c3;vfuGRSk2OR`)s9aVW*J_=(@`
zBrAt(iTJfjHBYh-NLBCnkl#6mN4qijL#bYEs<9V@Mm_~P-^FjDV7LoFHG1+(pr{)g
zvQIIVdE^D82c;)Y4!92#Gh)lL<_H#KWtY39Rnupyn69rFdm7LG;&hc|&(#(t-IM#~
zmF|#>10oQ6*qev?50NZ2wwN}w)&_9g+Hv>=SXq31m()uz>$K@bIX-L1uPeiZ{NNcL
z!?5LBZ2A7SG{`BPffseR>u0J*U0L)rvLTL+d#1p0aq&R}T`u;kyi%lsm$!LD#C@OU
zd?am4@kL;w(mEj0B6FiU&R?@{9JS@_usFiV6K<xM0%s)zNJZx)I3tpz(+Y~eC3cW{
z#902b(`eojhnOGC1uz-^UXmHwMJg>wTxEnkgl-+l`8`bA-fyg_A(bdlCLs-8s$eS{
zou?KAl12bz9BV@b2Tz!%HRK-Yb9Tz!8gOxIaUFdqjlTRcCzze#RJBJiIDHifU}5Zw
zn0{r$St|7@6<{w-kYYWB0N5f+LEYU{nx0LnE+0iUwAZo0!)6XDMwKP0nF3WR?Ztq5
z>68o&0izb*oETrI;v@Q^@+UC|QPcC#lv&JZrLsrhAVb^6xGP(jMM@Q;@`Z#UYpJg;
z9+5IzwyRR5<vucw_eH(E@YiRh=0vkzKMyFTT>qqg^c7+7jhJdL=0XrB7Ai&^@mO#p
zGF_L}_#7V7;k~}ssYk%WiL%nWZtlYY!dc|3yH_esfW!KQV(YZ_!a@}M^H)p@o}K!v
zIc%nNqEoA*^o<1-*5BjLp+|-p5MsN#&H!(`rvr|LlE%jXDn$uOxlf;k7)sUH;9RN0
zxs_Fb&$HxpfcAMRk^}bD#x7u4x3>&R$uw|M6V74{+TGeIPEdh9Ly&kyc{_kkx7_qz
z&1kB@iUcD+Wnt;~-I!0`Mnl_J2OD+IGGhpEneLscKgM)5l|!;3W}R*WJ0zo$TKRO4
z3>Y}K90+uEqp+lo7I};&#MIi-u2qcJC`(cA$$Dq2OfppSohtzwQ+<nghoOz(d)*Q9
z?w-Y2@$mvu1~e7!;~J8*tLdUx%`QXX6;g@SW}XfOy?gd7QRuDWirDXw5WtZ)<Baku
zuM*#@SME5FWrl7VCT68O0L&RWAu}`laN^rlnn^P2V<k&Su0?tegjc{MZZ;;z0R=9^
zF*(kY6MfW#FP}Pq6v{H!AIUB-Aa?LJkTB0b44zhzY}$po$;8W*%=ENQ{<OD;lO|Sf
z6T-_qWjdhROhZ1`WhZiLK-?rCn19yiFQ~R96$GGqU$pecXnYk+n)P;l+{?U9a_0!+
zJM=l{l`Yhd_023ZIyrRMG~DIE^CM+El}qXKX69z%WYtI}#rhRk5jAXJffT_jIyL&4
zz=@u->~rO8wUV0forh!GoWXKs2#=WePFP^hX+@}$fwT9_xkE2LF2cx&wZ&m!amMuV
zin}h2oD#O~Sv;!WBCy&xdR$X;gyR)pY3b&8qJ5r_JG^jEDX!T8YlxSdn4TUkKG@&=
zLXIE&i?XiLtZJz;&55V@<tK4w>|q7EieMrKM@;e|9ru2o6z)2m0KV@UQfXX+%&PRo
zMI>r5tp;>+w1K8Xe79OrTo=D6GHqF|-XeMi8i?{fuz4p2tnlN`&Q@WvA1LUWM%JBa
z<iLD%=h2mSOMl8&`(iqd&EOJCTW=9orf@#HV@-@YOcB)7X0V9qj~VjQX;Ht(x__cZ
zTR+U(;%--B3_Dup6uT{c@*HrBWpw{x#=>>Ml_})at?B(YGOo?ffE0ejA*=iS<B`3y
z&taswu5F$a-?(ylKB7*sgmQ@YV<DPmgJKsYwIuW(!@&~qbuN>7f4BLo9_`Zuqwyw%
z#zp_-C+NXY|A2MnjhWi=_o}Q0?L~wJ(SXuwm>d$b8|IsbSxG|KmUXT#YmS11Xq}bE
zFHFN@7sz$}<M4?;=EAWgB|<d6{dTA;Hhn@u+N!ZWt6=&jRasCd8Jt$!$J8tt3Ht73
z-olc=TgB*WY61$tyEAxv<@=ZWet-%0io`{vy)GyC8L+^TQ<1|_nS$@ChSzwOSNmfn
zlfJY<%-DA#@T_ogd8=^dW3l^PW?)rNZ_w<i82g|V3`dJ=r`A~XQ{=(tyb`)8l>PdW
zHPzLc6cV+n=@R!FG?K~H{1<0S`;}9c>IfGx<KHeHrNvOZETkwNKaQ`~JM<7}KQMeD
zWg|Ee^1G)FPGRndpRPI-`9tapQ2&5y?H>F6Juvl7QqH8NQfu~z1>@>n_aBJq`6M0C
z#8Uv!gT8KqpT~{YNs^m6Yz)jFD0}_AbHV*JfgP(%22mv%FFYL`%;?D^Ye{VallAzR
zCws!X-VsVT_ld!#dofnE<-lGl>y3=2Ng6f%q%)K8vxhuvd{t;`vE&IRX!+#q$0x2Q
zB*x&*3P`%PJl>C4QX=TxA%dSvg?tLc{QX$P9vjW6SDT5ID>#s%`1_4i-T$~G`YRZl
z6reODEeavuY9em>C^ZthA@8}p1h7e;X*JKaQk81rCz*F9Xh?D`pO|der(Vo92+Fif
zV@*NK>Lh#76EdK^I)Cyf$B}=-kP$~eo6>dpHr8K$dC!^bCOsC@<``H}>e}xfu&TS?
zAWX%b3$z^@Y&;V=_;4gz^p}BG_ox;(?~^m!&<Oc3M0uEPi~J4S3Is%OyDZa-zoiJv
zx3^Uq86u$IX7Pr}i`zoxV2IYW4Rfvw?%@N{e8%RSc26C<fL%k6NOwbL_=muUa$~Z=
z@8_jf97pL8b4YZPn9A#te)*5$Mvog`!qEzBSGhgEfo7BP^V#ugNg~5^11ty<IzH#r
zs+HQVe$Z$Ff>6VqWBP1SJ3=7~P2JwFK(_-D>x|+b=5$P+-ato^^rsLNU0-BD(jX@-
z1{<{8hNAn-K%TaptU&*5-nd@e4~3VGh6U_wV0AyLK;L~anLDeDO^y?ScRul%mEbT(
zi-U}he~qc9f3h8H>}T|I7AviH$^K*Sm9Y27D~BD<MWWJAN*{f|)_*s`hcBItVyvmo
z^v}Yk)sUO=0%u{lD6O~XVuClx1g+s!H^K~GuxvoC02}dr!RdR-B=c89F>mhn^B=2b
z+2`F}C+vMot)A83m#r!ZFIXA*CmQmsy15d?u{S9wQl6uO1LTtyZWEmfg)gpG@*mE9
zlFuzdMdwVlbX(WIBKTD~^T(QW{r@OfUVXeV{Kz**hsde$0awS~vk2?fosx4`@#h9n
z0y1a2^aa`%uDW#kGYncQIstVqob+lLWK@`ENdBv9jdQelpXn$F`_#{;>E0H)mJ}5P
z%uMofq(DtKMW*KGeR_TGFB=GE#hU|y!5_6kf!j+1(D%&2zjF)4H;+bj0H&g*s|%`-
z4Z(|pc;3Zkf@mB@NKW_x|I}T0s;NL!IW<NdJs$oWzmEwpca1zsP>oktS4rO}4{sZB
zLTYNQU#TW$iu%Xo#drNVqZOH%-@@&@*`IO6Dl`TpyAH0-9=a*D@a_|yfgsI+SHjC`
z0pFTsqMHI<vlO(nw5%AMb<Te0f0m4^(kZ(vV{L+|R6EsR6V7NH@Eye>!m=k*Hoa=1
z#r3euKRn7Xmd(9j&tIchk3w3Kr6XnPj=y?ULsx5cetM6UCDju|fU972xTS4zKk|{l
zyYALTW+an))ap)g?&9^^$rs(amAb~_5$(T}{?s?7p04O=e5uwDC7u`~8z#!dR%uY_
z0Ld>+4w*pLe_z_*^#S6OuOK@>=u9aXwea#lzkpfjY?S&-<DBjT;Xde+oePlH_^V-(
z_fF>BY#5O@0uEK8OO8f{?qXZWIu{J;yrbz?HzBkt{wIDyTtXNb{rQ1-{Fic4<npIi
z%mwh?Z}!|T(NNh#98{El@GQZom(n`jYRu1icX!mMNZ5!9%_4!e)(Isy!friEJa`Tw
z^BfO)Qn}_s=puz^x(yLY3mREa*7uh#5F6rCvR*ANETX3yHy%KR>!W&n@<ohYKiT2N
zqe>OIshQ!G5D{D;m$%PswP|y`r0Ocmk0{gDA6Z6*zS!_1*C5?!-E*>_s<Ize`5bpz
zr{T%fX?fR>rZe~^78wM=f}y_UVU+mxagpRFPiUD+0%mMN)w>cX5-?2I;Nw{R`Z!h4
zdM{oruW--9=LJ<gGP<Wm+5{5_P=8*7!S?_shM4bYSMRV<=Onn)4aOxWIl9?{v_fAx
zoFdHadg@TI2MkB@a)=!>Y%l!jU^gS9t0~tNlAE1Eje{@Rsy_dtH)oUyEyi8-bO+so
zV!2I4Qz<FG$th~pZtic7Og#Gby{EC!E39p(KG<DLXSAU#=Jja8$1+&4?bl!Mh4b9@
zR5!`K2AkXS#3yy@#*HD5Ii2I0D$NveuZ2xCIvD1ck!4P+BMmOW$Oj*ewA1AZc~(E7
zxSQqj*s~*c=u!@^w~42($z^fa(Ysg5CPi*{7@F+viY)&nFr#KI#p~(*zWlXwCOREv
z1EVloF}qNEsF3arGW{W^JB9w1F$k8HEhmRK;wJfUQ=Iv+$QlxY0-#Mt8XNa#PXtWk
z8+<`mq3%~_Pe*-wGDL5LOJ^j^2)1C7m<$I6fn)G2OC(Fa3bo{G1#CPE&UEWdw><<%
zxe%M65BpABqs;;Rf8x^#PvddI7y^HLn~|42M2c6+Xf(M$7hjUxV@+@?jC%`=6)Sp|
zmoPV;CK4Lqx>UksrdIMlvQ)Z&?{L-dak>qj=Fsj<s791|mcU^MN<-|FC4dhjRo8JK
zqo#Kr8}TaJo}JZqAH1bzCXg<F*=kNi$F@SZmy`owa{(h)KjblJ19<)jPGgcUF!KCi
zOn1_i4WinWEk5gA(J3n^P9Uo6`aIj9*qn&0V8`@xlr9$)1hHsGtw^1Xnb=25iqrgx
zj0}SMF#}&auG75jM!q!?vGEHt4=^TE_4gDQx_W=2{`YGILB7uUJxHlk;m}tnS|8iZ
zmetp945#swnhtgYmm^Td+|gxhh#g__^K09a+!&QVZPj$qDDLkeFDBTEe1${r;KD(x
zOjWpT%@(k6CiB)(%)quYtbIn!wJcYu)I)WceWlqcOCVbje<*_Wst_-mU`ilm_qHgd
zGYOA-8ir{|`ZmVv7!H!iNvF0!mmf%ZOwxz`DlVk<iby+8Udy<;sZDzCSgH$iq)QRD
z7${OAtt2MP2AR*{xToH!8rg{hff6&Q&Q=%X%lCV<rjqS{7ql!ZUGF9uMuq$p5(O4x
zN^tf}k65%!qKD@laS|ES9rx4hA-(Pd;y_=SiLf^@#?)|jN2k#SIRX@MW0G0}P))ji
zO_$2Z_W_QTj#fswf|ByHu=clYv!kWc)_||#3fF#AE%?s@SIcB1t-^Ycg-#(=fC=RY
z4a~IWpDAqg`!4wwh;9^!h^#=MYe%~r50$W_P?PDldodz9xUf8N3xwq*+Ia4iFr6d#
z!w<+>yZc#6r)yHE3y`zs!Z?-P1WZ^2>?<-mk0UJRRou4|c=^qYRcwcbuL5<#^Rp(K
z^Drw)5p{5uvT881b%QZy@EVp$G25hz!+Nt^1~i7~pZzO~<mpW-briT1!RIN8VO6z>
ztH5g961dqwJ;SIrK502-{AX_p1J_n1tNSU#S`E_=PvPf@*}`!MP;pshw7T<`Y$QKf
zl9ZxDExvR~Y=YaiB+f>UQFf`DWpP^4hTwy%7MRq@NOLao=Z|vGn7ZWkKgsFP_Kw?5
zZKJYytc$&+7@H58cN=bDGo~grTaz-px2_|cskd0)R8Mi*-tb0n`g_iR`=>MH9RB_k
zh(0(x<Sv&F3=~z!O#Gyh`!R!CqTx!mY|0=Q64%}td3?=x?sy6OAQy3x-K77e*3WLa
zr*~GD{<+e@Z!xcLG&BacN8~?;>vLUPMYQI&uIlIT0FtdVG;|tpVEMP<y(0$?^12Ed
z;SIM*R;GAmIWOJHTKh^|s`-=3iVA=g0mJ~iR$*jVG5t?7@!>%BShY3m_p~+6D=DiW
z+f_vFQWCHouMOYMU;sN00a_y2Vne~<0!@uD71qzb*O8HhzSeD`Z%Q}8w$1*Lc__!P
zR#gQY=z$pZW^w&aB#xlp`@-AOuQFh%B(Iv{sH`?s-+jk2!D`fSlo;#`<xQMg*)#?P
z@ZS|>v+eGi5!@NP+y_MM|AP)PThE*2<^_AIj8vOZadKV~yPe6;oq{`BUXy)aawp=3
z+)U70zL(k`vNcMfxbskxfdqNRpkGOcolri`OgLDTF2+7-N(zv~(jzGx%-2>pSubkt
z&7rE4&=A5Y9`uwR`cp{+2e!U{&TaD*I9T==;+Ypl4lH7#`S>_d=|7d`h=M{DAA5dq
zFxI+sFD4vyH4WgpkH5H#nFL@U1mEYN)Z#zO26{PWJnd_fp&cjWCP-pCY9>fo*t7X~
zhP_9-dLQds<_bUZF)tE>v1!)tH9{_1PEB;1SCd`E1(yIR_#}(+^;I;PaD0=WkPtS3
zNXO*v4F5=<mx$NT_!mHd=sXUl_RjwIM(z{o-<@YVKmHpbBBVf;(m1{##7L2EI#SB)
z`3c@jHLFc{3;{>$vgf<O+-OkE=yHx;q;x4unjoX*`hS*b{fBAtT$<b7rJ1vyxxfSS
zMM!}pB`3$C=@1*Xhu&#WJr(G)tZF5=D5M>_$zy;#5XhP-qg8U<jE>j#li`0u>y4S7
z*)pw~j($Inarsjz>_ydsd{C^}Of$8bLW1Gxb0*%}IdrsXmMngjC9BtaQ7C7k*2q6O
zFfuE@75)be$vo^uS`tw~7*7Fqq?!sCj_t(PCRz}DrTsz2VvApyvc%`E)<(wHD?1?_
zzSEz1wl@W1?{=c<V*D;G`FER2Lq#3?Kgd(DIKOtLdJU-PkiUKvfA#Fe-U9}zXMG-_
z){mN-r2l&uUnP*=bb@aip9_9a*@sm>_e_uP<;Dla-mrR>HuPV9|MvTz31J~raxaty
zB8*c%S^VdN|0bp(V>}bKI=iqm|2KK)|4xN@Kh`tLr(cH%_y2=!_UD--#3({a_4Yr8
z^goS7kp9C5`~UOvH?X5+bPw$r=*`1xUz&li9|XhN=da!*8x_(LyrgUWgP~op)LHqA
zSg3DbGx_YQaaiMn*Qj2b%G}{!GU&MO8)g%(QwbqBaqJNbW6`O9<BLr@FOB_P;qxm6
z`OYoT5WBIQ^c-KMona;0Z>t6d+;*dIyVKR%BOIroWq%56sgN(l_-`;JUcCH|i+MMS
zbbNCp3gOE)vV{_ALpA_Cv%iFAuBz6JOjKFH{<4-F5zIRsEF*CySG_$WI5u3Fl6c6+
z)L&n`LZ<w$%jXA_KYa#1mkzGS6J&R)e`ORLK<N+mrGo9>E@-k=4x~6>TGR^Aom+q|
zUc`ATvC`_Qd$H<4Tn^Aur9f~n0kENc`Ub%scpo$pKX_u;w?P!e$+BBKHiWS~@>6D7
zOY5xnyPh9)$&mw*cr&lcqIfk)Ao}S^O%1lnl?<C%UcO+j)~0C5ohpSBK~J&p$v_J?
zKtPjr#3uh#0M2$9mv^_EW3b;fQRsCxf``{8?j$tsr?P0ZN|-86<>I^EWV?;@6ZD)u
zyxbHG4z9bb#3cefh6Hdwp?Dq<c2ND#IAf(>KI%F9TpGG+`5M@?L{<njT(v5`2hZeH
z2{Y6VX}TmzW)W7h2<n=y&{Ib>df;Z^bXDEW*b@V)vW5Ig%Da~aEE4%OHo5K{*q-hS
z#2W=m!nO<@joO+>%NNeeTJ^{?bj{=Wj6EgP_8c6<$H&<!m7|@|3@pnJ2UoIAh9HLr
z2ICAie(k?bk}5|-A0S<&X)D4Yku<cmkc(}-53`G!+!HEL(By0Vvo#%)1=!}$9C41O
z<T=ya;KAZhP_S-v-746tb(eNw?UF?f{pu0S;n+Il^ca}NJ|I$Uz*WcoUGo1;=|6)e
z#50ehDzfa-5j#K-4;R`}N(Jd8GCTFtocS<Zrn$h+?^!l3?`M-fB$UYhda2Z-`Mr9)
z{5~b)tpn#RXY2f3+uSj$=xW&_&caBf2GujfU-7E;*yplopl#zNBOY1BeY)ihw$E%`
z9$a%j1CKa0pD>X^d~lt=3F<zh#K0QT8r**PuzrmpL7@5ezeVl2UwLmM9ys2Q6?~RP
zmVQo@DLW<?`i=O~_?II?_Y)*?XgwE3^^)};r}3T(PuvBs&Q~>xIo>Xj%q?+h#Pk?m
zZ<F|QkT=FnVAZXt+;uFOcqHG`(Vk9hZtRvu4t&xBfp8?TU&INa8v9upJy<yFNe^?J
z47GB5x3_jVGF2^~SzK6bKkl2}>h}ERZ8^~B%KzJ8!KM1IMb+H#M*e-cUa+jq(&c<a
zTPF*BA(6|=<0dXeH$pPbr7t%#rs>;I-I8x5s}EOMM#+D{nUk)DPtAh<ixvFGHjaRW
z8cWNRj_yA$a(3G;hQjSClUa5zhraKwfW}gBWRfO(PfXooHlY?=yTSfi9iBT^4Fp+E
z;J<u4WUh&}aTms$KjrowKKTkn{@eOQvk(3jaiD3WBrc@=ET?k#-6dP29RROdgZCMq
z{XF$qA)Xe!S<ZcaMgS!xmMXS5OSMX0H`CwBMSz~^JTbq<>IRj@g+(gaeca(Z@n?)$
zg~Bnw%G1HXA-qH@IyP2u1akzh8AaVKvc3rNcYXqu^EZ|2?*w{<G}SxhcY;1OhMrP_
z8quTxRj`?Hl`}%!*s{=F^=A`stG{3}n!Zg(ThYaIJ+|{bM$DEE0SNmW6*{j|pW3Na
zOvAEU4Y*7#(zK~XI%|qycO+*&UfZE_9Q<5bYQyI(q@1-d`M7Q#7lZ~=`m#u5x(tQZ
zq|qDoxB#3R=XZWf_m&nf7(Iu5oj}@^M5(g}j!J%oxOTAP<+p2%9DmN{N&fh_68PMg
zBo@~OB_0A{mg&N_;VH|Sot=Vb&-vjhMkUSQ1oe!Kn>r2m8Tck%?uagvUu;SazA!Jx
zl#^TLz_fRdCGepmW7wfoe!$TEYO`T<huz^IXNhUjrt0BZRjin=GN_V4F;SBL(*ek^
z24Yriua$JMIoZmdN)8N|9AC5&=e3f&&z)k(>}!#>6hF`zc0~Skd(>u(XlhlfOtn{u
z0=k!#sVQ8GydSjpP5)WriLNM@y)m-c_(nCM<bJ7dI~Tn$AfGTA&r`0W#oW9<L5b~y
zFtHbD`co*S0w;ZX^$*?Y#y>05WWprJRa_>*#w#BWKX_6d)DES|8hK}GCM#Rz_*Is*
zoHPjFJ4dU{7Lv7JivvVfgJy6Ag@ib59apxtIHi>N-am-`L;;5Uk6eBI>isG{INH}+
z^{1kN;tIU=BJ#YfS<?Xy+z7OC-x0l<Px#ASA*8qpZ+{45<nlj8<Rp1}<(E(OsIwl!
z1szt@`0n>?msJz8$u`dPIZmrUPd(*$LSL$V^bkkrB)T>NbXJCHu-p5q2Kv6qwvv?g
zw+SL{`HRR}JJs#{=l!D_?rz&Pg2`9M_psxqI!Fqa>jOwUtD2YDRU7tne(~-&9Y=68
zoPSn2^~A3;s07G8+W{$+U@?A}h)=)H`5akvBz@Mgybp@ut8N{la;&q$PbHZeFZ{Cf
z5i>i3bY}6-<6#@dLVB=n74Xu0^qXhG@-7!qcRx6C;k`^Dq&6U}<6_wBtdZ-Eh0ArD
zBmq|l?=#}yVc8#%%eEK~pUhGXbgZf`vL4#Wg_wo(6V-J9=~WMWb}RDtTU$=oSh6t`
zH6IrU$XWmVc-1&#>Hn62+-PLMHGc>St*4x^(w;@I-<cg1ej^9Ux;C`gIc2)_jXczE
z1{6=zkbkOuDl0ER%rteRX~{y6o$C1ZInd!ay<+Z9Y=~V6gCQ8Jkom>XsDrP)@?oo%
zqNK%HcO}1=6GU`fi8O1r%}Sv)(0%Rr{`+>7>R_m*<+W=Ld#WBga4wlg@EBUiWY}_%
zpJVLatTm!J?>*<y;oHb5&Tx5a)AE7oU7gh|GsaECHmKqIqmvGN`#|_Q&v8_q<nI3U
z2bXisqHUAc?912tt%^2IYSUrUp&0W);WavDP7901JL;_$&_PIfH)0upI(%~SCeUDr
z0lYxlFr(A})=ut-ZE((Oq%YAR=kb87<XJRQ2!NhqzO&Rtsg$iWk~Pj&!#yWdtq;9h
z+^VjjPrG#lV~XJAszFvhfByv|!ll=StWN*eCiyR|y#|%&$Iq|z2|l#lt^R@SWn^=<
z6TIkW2s?5qPC^Jk9(?<%f4B{{Y&f?m&RF1w8V7F5C5WHq;3dUe&yX#i{~4NTb@vBg
zJp7Gv9yOry4=Ftl&8F~MUN=y33{#Qw0zBV?FTE86y49#K#5ae{`)y?;#mY0~Sl!VW
z)yU-^VhP6V<~B&W#U*KbJB?`xE6%tk0W;$4?NtPveJHX8H10)bJS_9Abmc4R&evE@
z1w2}Q0}^Sa5}QrK)9|84Scth;tdCA~c0>2?v{5LT6^Y0Qc6Zh!etgJ`3Rzyz{k*Ah
zs*vt)1Xvx3U=kLSf-gVq8QI`hiLCVkw=$x#$vKwJ?AK57aqS&u^RhV79tW9NigR>y
zR&^U^zLZ#aYHU>w%CfOovyfSsW|qbtl~>wp_pv+Fn2G7v7IQbaCpp7kg2@AkC9Oqu
z1#QBoQ3shx=8gobf|6r<s&jX~ST!E&^=uA3M5cm*g-o|{@H8vSoiSbd#sruN*-nY$
z#aL2`ZNq7S8_n*z@`B(dFm$g3M~a<i#kg*Tne$A^?UHPRSn_Wt*c;ci@!?3nbgYHt
z$;92=ZHv(+{FHDx_-^U)5&qD(eDxTz8R!4bP5m|1TLd{_c_!Px*|6W(KF+UF{06i&
zA-wBIwR@-KfxcA~MuOZlz#<@IYpp|6j`{dFZ}AFIVCI@}$`{f9_ueLEcej*bmK@%6
zVcufAGan+wf_g%7KX!QCbei~XS-Nzq&JbE{?p8THp^y08Ve)S1=#FL87v?t=cuqk$
z!{G`qi?@x=1v<?@x!pF3ORY|wR`qNtUQFwCY;Q}!f`$XbsEhx$->399cPc~)0^j;G
zC&0fsv9LL(oG7Mlf?@o5j6ifcth)KPXvV!m^B8}1+l#hYi-CeNEa@Y|yx!XBM=Kp|
zljLTLQ6_TfP+j{WW}@hpxyT4n+;n~#AY3)=tS4gcH{Lb-Xf~<;$-LN0X1#!|;P{$m
zg9{!HwxkL9E&T24Bonn`5qgY+q~09@=*^l5qNw)y;8<ua-oh1QMSgQnLQS@TztbK0
z9Xd@!f6e_stiV8y-JywEoq6wOhsyDaSFrwyFug_PG$n(Ye|EJ@T`Fx)AM1!xMrwAB
zphf$I2U|^HN2`h}|KdB3NRy(p(N>Gw>PGvDht1b!P<5Izx7L^yM4`_}6PP=P@0_9A
zRyICQm?~&6Ltr1{3bxiJtjIQ*Yq+D3V-9SuioGEOyNybh5pUIr;@K?d6Ee~75X4NP
zHK>U4Ub?og`plEdJ74x}vS~RTF5HlTlwLg84UR^mcsPFRUia~^4$d6<oSIiT_H<dC
zB^Dd$Tf*2z$+F_;z%HtJeWBRmaoXjYPEa?ZRXb|#`yKhn?5{yVZ1wc=_0UrQdbI#K
z9>v{#Qf!4ml&0QcCJp#dZSZwntJy>S$&Ac?EncO6wcX6_l$~{)XEI!4==QGS!D_3P
zI=f5=p}h1RW0ZF_lWf)4#`m#ar=uiS4fS4hZRyo2*1rrx<U9#`Y$>@FCS7(WzNh^;
z@{}j*7^RVBK#x_+&K&<KXxDEP8r;tn-0?UjcqfPuUmm#@<$`!0vYfZql=5-*+SiN!
zELq{BL&IrtS`OvjexqW1FnmWo%n5t!b}=gQWKi@w&1P*-nmL6P(bsC~KAyuR>9TS7
zpMKj-1vPnQFIjHCqa(Yp6Jn2~mAJFK2s-~u!w)DZ9vw@JhfkU0%EfE1meA%o5omqc
zD?i^=7<2-o+{t`sza*dcmcGT$eEJ(xspGP4RcF)wIG*OVc$>>GNP>o@h2HBVVMR&$
zo$WPne@rPK<TZtAlV<$;{#|~W=}P<9s8t1?D5E<u6#q2UBXPbV@`FJE5sR6zRyoUB
z&{TfgTwq))bZ4MtX8_9Nzoo3B_<K0pm7E98q>An+(mL)`q@Q!@{9v(r+$fiBCeo~T
zn~L*}qsjYJgguCuu7Zn6>|hiH=)D!k(a(LzV4eF^Un^a~V0n13XvYM5L_s^{w>uGk
ztiNya>)O_=(q7Bp#*~L*al#CRtt$Jc`#C_qClr+*79n*|?}igq6RwS;GhMnU?EIg6
z1v$k*`r<e0B<476yJ!1~lr1gUdCIXXnx5mP$LrBbAQzHT_hCmP7cuY09*97~TwUIV
zc*Q6d&_7SRkT-M0o1OcVNle3II*-KB@%Cq}oki;(K0{NA$YXJ$=YKFz(H7HKd<BkR
zFZoltJ(X%<UV8R6rWcm(W;tNyWRap{d}3gY*4YL4iBzSZ)4xCCx$iWC=j@Yy@>9Q;
zF-XxX%OycPTZn>bhyRJwDmoC64bOoH!~7lqW>rml5;(t`-yu2Lq5aF*51~Zci<o-X
zQWA1tlt5mt)iL649jCR^Clb7U1U#SUkovBQkyGNdEwUl-ljgc3T=8sl&>aD{W4DVY
zJIJ38WQf<^OJKlfH{!D!ZTEdX;6ObB?ctN@wOrEqGmuyjzI0zCH;ud)pQ``&GV)lA
z$*V++#acKAXzmqlTzxXnX%hSTqW`>u-z-jry}Y9-t^9CB9yC|&);M^xLRzvAt@+Z>
zna38~L&ZC7o+F0dT`JCPmzsr_be&~4Hs@EbIl<|}CMJVTu&7Z<!ji&e1?D%P8mMd2
zJ6-c_(<2!kuZpKVH})ai&>->lcCG4L3Y4{5J^x)vl2+QBiSTHFUQ5_4Mu=;(ExCD&
zF&v1$3-oMD^$ae4>&_rp;#A6hdv#9Ok_mX`H(by|C(COP)jw)}`Z}nF1xOnBCa3LS
z5ivWH!@o&>Z%i?szgp3R8RcHJ1e~eF!@PI4r&1hadYIRPx<$rw@{QPby~-!Vnpyie
z4F^Oxj69Q9gdNMCr=GxcGJ`!(m(l+mz4f_u<95TFKLd5sDvM?Nv#|_r${4ELHKSyf
ziBvTa!tUU$R?TE^;g#9bpG(+d$IABZVeqmM-DG%(uYpJ2(9@?;R3_eRdRIfz!zD$5
zrPrgJXJr4H?3b@!B_a(XmD~5VxY<POTCbQuCInUMx`}+5`i@@H`w2I~ex!0)*$rzD
zuoDR=)fDRGDsq1AcTi%X(rxtJlODalbw@pSqhBO<u+4*6_DHO+@bRwVWal$HjvmaY
z;@WgKd=w-C_8k#um^dV!xZOyxa@hd`b>}2(EDv|WFK7~uK_<#Z3JRO3Hhh`e(iN`~
zJ0yr;Tc6WzxXkHPvb5F&_!N@pSDS(!lov_MfkeqArkp0SLB1p)FAXVs#u=et!blbG
zgL$HhT>sB&nMaP&NDqNATm3BJT78xZiGo9UCfr&CrF|nIkl0lyIm_kdug|@kS1aTq
zS9^c6$qoIdvhas8lheg2_C-ur54mu57e>2y=`Ka<qIoS5t)t8{aji7M3L;F^a?c@#
zzZn_#(;EJVby3uPfLi$ln)0JE=@PmYv6=u!3rTI8nB)BLldBN8wI{*VQ1WDPWXbJj
zDiWD^HSckHs;CCqIW{SVV&?VM$smA0SOv%B2V(S&6r=@4)NzA0$`}nkKDaD;wR>Db
z2UU4R7RgN-IlWsAss;Dst0SRTbcOy$R-a?jn!p7eUXLqc&0~+e%xu1L6DkK-+aQzU
zhAxIf@ml);MsXk|124CzLbS3`^YDBmxl(fA&t$FFzn>hP$Nj{;@?y%Eo_br}Z6(?}
zG6pR*IpPKUTa*q{F$9w~qVY1-%Kd`Ojk&UG>lNqaLB`GOVg-q55vdMH!qMVk*SybZ
zd*j4}cX!^4j%0jJ+xN5C_NT?i{uBk@i(QT!ZY>opUfv3H?~_|N>=>B(<;l&Nlf7q|
zLVSmayYB=fo>_U3A(Vaew?OKARUPPi;cmi`M4~<SklGD8F_DT?%n>no5T9X_wYoCw
z0-F>8eJg+4z&g#RSN-YI@wdqWQ|Ze5cQFJVhII9vhsxUKz`n5Hm)|+budgA8ye&sj
z<aX>CcKD!o6xg7Q>U37#k-nkYqw<qkt`?hAvtae)j*o?UDlVpXx2kiuLa#4{RB1rR
z{0yx_Ma8Q(p&4mV$g{Ee`oO7yTduDEm|jKRjqp8}`ok~7X-#F11^_{v!XU0M%dO6?
z|1biHtcgaKog?F5p;oh8&JSo^CT3Syo14Q!^?L+{os`0aw6DFuWiadFuQ+V)+qc%}
z3Psl&^-$0vLwZ5SYG%FQFG18gwYc)IFcFh<gEbbR6lEfI7$NLRW{sVx31m~h8=9Oi
zabeCct=?iN6;`DK><4@@kRGV0E~`UA8jvmNrfsXB7Za8hs=ju8-z&OSYT@;-Xe1>j
z?aS9sEP`uT(s4S;#Hu<~!C049%ruTU@pt#UK=U57!x%TsX{3~BMAm5P@#5`$*VEN>
zf#Kq6ELoc4<<k{;VZ{f}*dd9Q5MPPccijte7X+$FuzW4sWL|Q?N>(2c|KG}i8rO>&
zd75&HUnnfEG`j*t5KyU}QjWtB2*zBY_Mt!RE(8|TpFQ8m^|Hm^AHb5DEm1W$7q=eS
z_W(Vn+UOv!s4J6e7w#xj+2p=(3s&dZT<di(az{Ej2(=-oR*A=m@D|Z{8kuw@;oth>
zW|GkBCE)PoxrS#HSN755r^~a0Av6Yo>9s4R;%wi~h;KnX)ph+Aca90}iqgUQ`N`v_
z>B?t=r2OBZ8!-rsys1i2*&$&)mP;|j6@jX-%I)o4dfDjAPH4q5UQej$zQuMuO)Un1
zlz+y{tPrECYE{8IFV?4G+`N|-e!Yc$kK6lUNeYof4)H%&tP&xe^vY+``#ZwK4(e@u
zJ_B%V>2)j8y!5}K=al`g4xW%O+_+DwyhkeMhi1}Prc^dGQ+Pd=@=vB#x(B>PuZ~PM
zQ0%w2Q%e}))AZ&%KhTC`T{-)T?#?A-T7eae5<%%~*|<!Xm*}|IBeJp!%Ls(#`FVRR
zwN!O6$hFKld>)cC8IKpPBDeLfKq2uquMchi;L5xtHS(Ov)|H2=kx#_=JzjR%g~;*s
zv7r-~D3;b0-s&572f>?*(z;{5K4#1Xmj04@hQjD#I1{x#A7(tw8)|aM-^$Rw(bBNl
zqve0xrKS7y*-)eQ!in{+hi=$V_fPj#62Vam&=z3!HzTCI_q=o3wNGAj`NI%~+)x7H
zX-C#k`;T}zR(A`{-m@4;uzKra&&7frufYdK8>?OPGe!^p7P0jADOOs)BjLceG^--g
zfC^1+vZ#0i+@kGcAS+`|{k)^^O-hZoKS|aqW81xYhfvU<>93UBw*84EIkq&Aj!J$`
zi{{dJUG~i^Z2K6dw*0Z{=nN)OT7g4N>wkXY_F$8ar7%i7TN?7kZuD8zpYAuTrks3m
zxEr=yuW&TF8ks!cd{>5tPqOZbu}5P?@^6aq^o_{lnER>fbwx^+l>-ZhbE<9YBbBMQ
zYNq<ex|&HoF*tvE!ZDaw!`RZ&v3Izwdn^FhHlum=yJNX$`+PiZVL_J3%FQ&|qx(_x
zOYeP~i`SI7tK4@&BV0U!-J9=e*+~br&6#Kn#|z%7#sOve4MII`l43u^>=YB4<^Q`D
zKv1P&_ehx|ou@}6+}W^0ksba8;mvW1r4;00%j#pTQ?Q-^o%w^Ce+?95@7mhoBJ-9Z
zy1ZseQW%;Q=L&A1tr-w+Fi@S$o$m;ItmBU~358BWUb$ai4S=$c0G}hR*6|bYYj4VW
z9{GKA0>5vGaneT1swqVM$V!3D6oEECbb!>Fh)Cg`t=4QM8?d2Fscp)@mQbcLVE#*2
z3Rq;jQ1sf`s6nVjA+tP1oDIIrN_A<hqjS)4AhM;P+|T?JF!decS2~*2xHC)HT`jwQ
zTt@8dJc7qb+!tQD8vvztN>w6etBbMPsjj}fn51L!I;#M=MIS?7n?1X$sn4PR;=Tn-
z0&*OVyeM7Dpp*I$ipJT%%im_KuFMvHb6iuFMq+icGLtA+bO!$qdv6&P*V2Rwp9l#d
zKyVH29^56ky97^gC%8ih!F{mc!5xAP4oPqZ2|BpD2KV9HIj@|Y$$5W#Yu!J0t(#wy
zwduXPtGlYJ>UpX=C+y0Nq*A~yS{vFrntvK#6p$l37tQEYI1x|H+?9y2ZM$icNV##H
zTT#@(YKRqoJwZm^`b!cBP0t@qo+?~Ug;<ozB{4%8iiKa_H$NI|Gle<BV4u%+D+}A+
z@ao>uj~064C0Kh~*jg;^v>#2ZT>u`__Ehxw5?!XOb|@8j_3dnLenAlSBL@s^w+|aj
zgjV1mCz#i0-3^ud9If=^O<q2AdR#=xOeJ<1P*Sn0T<i4J_)bj^s;&hcQ@0)tUef3n
zvgCQVsAhx8>3-N*VtvSj;goXoxWHq8!f8x;umzUi-jcOXa&fY>58P<AxO=<!4n*?Y
z;>)6DeP>P(NnDu_7wm1a1dPE@F!!z|v6wg9!exo@dI|QxuPK+sd;#2gZ8QafDl&PL
z?T)j};bA2?M)7AKq~*yYUR_uW5Ux3fnT#FrViJY(db3B4Qd7C&Xz}I+c}9^~GFTtr
z3Y({#XovpMwTsptV<^8e7OQ!iP6BPfIw+oDplPA9%;+Hw?~na@bVX1gAH#lW`RrC%
zPUKXmu}+lPm`S*LRSTS%=QXr7#FnRY^Yy{hcEpr*=Ge0dpWy~>W=$n#UYLeu_*LiH
z=#k7?s%-Yq(#Pg5a69u_c<n_<D`XZMeX7s@GN8PLh4Zegvj5h@$i8R)UNpMHUk3M&
zdn^w{WAH$1>m|`%2Q%kK%mvMmVWOt-HX}zIPvMI0aJfi1br7S^nv^2{v$0KeDOd;2
zDy6In!U9AM_K|U+`naYMqjpyMG;6Q3@8PG(_cG-VG6aG^JWj2Gw^&n9*K$SJF{Mvb
zD!SSg5}O%rv1QHj9{-7DO;p%IO9c!#H~FJAhuH&yEBBL``R;sSNUCiPOh{s+Bx)kG
zPhTb1)y;fre?fz1;W;W9VVl?JaeS%qOz4BWMz7wZ;iv$Y=_8g#$&+VAS_g7-Z@LHG
zgmhQFJZP1`mDkV;u&XPdRoQ3eHW6$+s5uMvdAaXy*&ok|DcO5UBH*pqe>2iH=y!3>
zoe)cqv)>~-LPFp@6Ym$02HM=)XNo%(4Sj-OHQ#sJpq<Px{$s)Wt_F5KsH1Y&e8n<0
zdqWt2RefD3us0wJC6>PXHm}OsBXP$E^9uJtOPs{5R?j##t!XZABz94?b+&`Cj14yG
zjb7LVmet8qQ)Nx)F3_9#^R`}%%Y$xXouay*w?!Iy)Pd`j?ivk!th^A@k9TCZS}`Sp
z=gd9Ws=IqStxE_`hd$$m=0bJy$o%rMo!FC#i@@CHyeF+Dg4Yr4jiYC--i`K3Bv*6%
z2O*hmLdD+;PSY#m4t_x&kpo0%F~n4tTOdaX*4F%I)tRj~DuELH@m1<ct;a_zO_2Cp
zNG`&;*+U#s3Kk`NUnjencBK|WRVK55Q`Z{JBx29YLnb51#M^|}H%g~iICCZO34^v?
zCx;6}WfpsAPchSBb34((Z54XV1pLN<J8@eHR<nNc8JR320^8!KGJToC=7nvlfHTai
zTU5H&VfMzQ5j?DVJIv1_d?j0{Iy}kybWgR*h%0*uX4RoK-yAg{hC=K{*o4zY(O|u2
zHKUAlU2<`{cP0L=QTLj|`#j&w!s*R6SQyry1sW}o6P`XjQcFFblq3#OR6pRT4Xu~4
z$|$y7IMWYC^-(XAqbUlk8CvYl;WRa&xQv<|x3XJv6oY`6qzvcIJuJ0PFN+)5O|h@f
z)Ag$JYyuilYp~Fp1cYCz3-2`1ZQF|<v{w-MoZA~}muaO~7ccniY!<J`>d;yqxkG72
zpW*13Tpck|El}d>3dog`vtKa0=_Pl$UELqd-ca<`v$HHOxprR&rE0TR!w6>0_s|Ag
zy~j9S9Ofla&=FD^$aSu}6A{-PCY@!}FhAerY0Q$8Z>?@IQ-rSD<1?{nE#CNUI68qF
z4+a+Q=FW8E5*n4KMz4R!W$xdV4o;7c8n<}2?uMHij1eCarx)dij8&%#$Js+Ji_V_X
zo!Yx!kBw+4?Ou-Jb_?_CUM1IiC^F7DTBUCU$5N$^r%G=do=+E$cxy7*H4yO&C1A>A
zU)Qt`qA)DD2;HVj=tkj&tJqIK%<s-F`=A7~sJLvt&zzt0D|@eoT<}&M#9Wb(JRAP}
zi%a1D`YF$y0>SRt>J_HBP<_?O;T+8_@29~&!3vxCm9ZbW2+?!g9Y!pD_>D{00Z}Jt
zodXOL{j@W_-+YZmzork7I9sWM%qsNDOmb8YrfaGkkL?=X>K^WEg}L!367w6c5V+WV
zSc!evI-tknWu81?b9M7=>?IN;c-hY2G>*4+CTeV|6{*Bl_qh^&ljALt=^mLeE8*~4
z8`WzwQm(z{P?S1Bi(MT`irD%lg={-t6YY63-ZiKe?5cdkT#N1)rnkcBeQw5R5aX+i
zj9S%lwSBfXyRKf4wm2GyZLTXbD}<L_bTip{WPEA-l=wuThVkN%r*mfw`XRe^q1bb8
zr(O2Y`Z4`XM|4vhg@HD|ptjKK!8so{uVKU0SW@Wxja<ux0}mCoD-e;QdNp6DDt{y$
zw@{E`Y<0Pbp-DbM^3{NCwL5MXw_R`eDF@Hdnnz80`n7@<5Y_vAK%=>wN-x1p&tJ@W
z9#4c}5*F|AlA`Y&4DsR0;9vJ=JKGivAAwdsBh{-8ee4~=;=(0Lz;vBUJxiafwCPLf
zJbjGXGY7q!&b01`o+xat^mYJmBox$E<x^P~NVc7JK0TGy+;Q|eAB>YVQ)Zy#!ol@r
zXzQwyV9I~qmvS=N!N$td1Kajn8Zu<K9)C7>kkSY_WWNNb)@f!aJ6W~pqVk-!8e1L?
zTnN4<)HMa}A;@QH9P2~<1zre}BBi7VvPsgcU+;8*nAH!+DWvG1l%SmR!ZI8C>I!+1
z*t3ns8#IlBz27<*eN8EV4yr-;k)-k&uX|avwx}zTpF*1(TP;9WcO5%&1w*gSzJ*(#
z$fVPr-hFVz%!2jzI++z>M-8|&HOHhfw0LypM>1>_ZlI`hyN>L-urwDcG2@3##dL|3
zMClrIudg@8r(~0l6FY3a6oZl%AF*NV`G$r$*LU_GYYnM9rsE*uUu2v5zEl-C-*Rs2
z=@|t{$4V9Qx@CceC%D>H@Z1g%x-4v)S}}qH#9(W9WA4o@b+)m5t@3f)wrOX59JhJA
zI5Cn;>Avl-$hsXG*JS%t<_tF>wRA|1Fqxm@5v+S03v??|lZ%YtsFyA62lC;cDOEu2
z>yb@fKB@?L^<76u%5Z4RwC<o`CVo{_TT=GMo|ri;FY*DV<vj}4rm=$kkmqG4-MM5i
z?Fr&dVkTkYVa=B(rP<#W+}&NT`_llQVSbrMy6@HHCabJ;BaUrZ%Enr`rj(|J23OdY
zasJJg7f!Us$PSqNN~;6&e7)4c`$ID9^NQ=px5r55jKmvfifB|h%f`Ny-rG6H)VQlX
zS~!*jo0_p&DOG$DTWV#~xg8h!CDk~Py2O2S_kB-c&xzZ>3VE&WW=jp}k?p3oQ}GnN
z<IPQf9F&Cz)ApT{JW#)Bm%Yl+zmRW{9|)5AP5C#5RbpTb6&13+)%A5$?GX|G`H4{~
znm%j7oQ{Ro&`^BKI7desenHhK5!-p3y)tG&9aZLudT_xb@&R5CUIcD)p4BJL8rt--
zkey;(U5R(0#%d!HAw`POk4Ldl*Uh9(w~nUs4RljTt#((_^s3G2C|C(cf4ud7WOS??
z&^;$vE}@RmA)O}1;eLJw)+x4TvQ0N?7LE5%RqR5mQ>n<CAa@jvtu$7{Y-w70PZ)hX
zPIxizw&r~qIFeEx#5~i+b*L)tXmt|5yGo}W5HY(|sh%dRHcCgFO9et-ubJ%MC5%&u
z>P2~gexaiN(C`iKg5!81LP$hkf9qF)!BO?X7a<KhN6BoE<RBrhn%HDajC_-V)Oael
zSuz0sD@S#^F5Q4^M{7Bs_2AdB#;R4T<*%dg1`O#dfP+)U(~B%?Yx;5$C20ye74b`P
zAJK1FTJjkBby_v;NG8+dCJ%tO!nzD5f<~&kj<dIVhSzH@iaan~wrJ`&1HTF`axuI9
zmEY2fzVF{R@_~=lS?~-6`r)ss`p>V28l=jhS!C;s4^IgSpZ^jN{zuhGKisDb5)Dxr
z{lyFUcN`%?ivW;%R5QW9;5q+BcKp$hV(^g2gcK<LOBDNW@R5Z@%8DiHGcEb65Bsmr
ziPDM~(SEq#i2P6Y{@V!ggX+5uW!h8AUv{Yf^cFGekI*c%<x!4b_)!1uEt>2-46&@S
z0^9!#=dW-6zk&UY^!Wc~>@QIA=db_UmtqLVw7ZK-?XVhc^zX_<iWYP~0uQNOk&N<p
z#dyv05IGtzMZn|eZHENm?`r?Yed34o^z;JHS;493VqML&|DdgU+<?_6Pc2^+{o5k@
zm&O_c&mufj2>zqLe+j<c4xkC@bL;m8{-yZ;{nZ6L!#~dc2Q7a)hZuv`Xx9jO`tmRR
z{?D(7Coy<z>k^i~4|K5+os`vi&Y24L{qG{e!z5)j=?@?Ief(csD9}9S^q&0I>I=8p
zVqXHoz`#Iydb(DH!L1q6hf9rUVnIGGE-qePUNSPWSy3uhEIUC_0r=OtGkjlIFx1k5
z&d=}fJ&AuB_)dB<R0yL2xGLr3<Rl~{L|J^PRRKe6Uw<+juCpQ+PrYwXq2zOD`1riO
zH}0{{XcTIakpwP#)3rOhE!o+kClZQ^QL_{j``cGnR~_!<0DV7f5JR8ZQEbV{y0T08
z;shb~zheG(&t8jsv8n~v)`pfUYidqRRvK48OJjPRwp1kbG^IOOu6j(^6w-K9Y(khZ
zi3-}XzuU#(A(aW2!Q1=A91%IWa2~Y?Yz(!y)!p9HtMbPL4NzJ(x9sYU+8&^3A==NT
z|FBgoHi<|{1@rJSGY_8A^EkO9tPX<s?c8<GCJ92xqB)-bwQT<Ni!=?PqmPqZfE87u
zIeONCV_uy3{5>~SdviqdZq2O28%OI{JfyfNQe^m*;Ej$KYQ2vasqM<@sp+10o);b9
zff}0idRvtnen)wUgLur!w!D2CtxSE=mhrZbtfwwuX<G&vpL*pX{Cm+v7O&8N73On7
zq4f(t@aOdXK*2@~R(bI?>gE3Q>pC`p)8H9fStHt6&kyeK3iE;#ErVg}As2lz#b=kG
zVy*}J{EQMZ$S6<QBjM)^?YaLF{szXhrb)y1F0{gl04LlF1BOttg*_h3-;~Y7e}8}f
zbO%bp?}{7~OC@4tVRDK){Fm$Sua_^9q7}w6!p25{Q_A182erXYE0*;KQ7+X|cN&fm
zn)XRTy`J;2Ah(JKy+juK@O@&!^>lmOVWkU2h52o;mlgf|#g8zKF5?MC3Z~ZA+mUJ`
znD?RiL!8>e^T+4sIu)|9tUDw<+|ln~CzrCk=zs6zmq?MqiN4`!Z0#(XOz$Imzw1=Q
z^13>$)gZ9l9G};jO>FIO-$etHq3b8Br?!H2jW2SWzH!8ovb`)&1P<ybv9__<-P%GI
zS5Z+ZDk|chcQ^L+^))eh+rIxNkzDXq+nBR#H({J=*ZwOnxue%>K}(Z=lE1Gc#D22B
zZ3u#JEbsrlPoxnKMft5Hi5Z-4E*uoZAt-ac*L(h93grUIwSiz_6nc3s0o1T3Z@kIz
zPhi&v;Z57$0-ri+N<XBqE3IgQT~!YWd7aO>5fTu*Cp5^_VoXY%_Wiu)q&q>MTXC^y
z)+_31%MtZ=1xK5|-*&raf2vK!`-+$QWUC-E$Z0o`LaO=6kd7LKZ!;aQD8xPC9{!;9
z^$~>S?xI_mi<{faO1+=)`rr<BaCGFTgmAx6c%A#1(o7rQhW^aZ*zGf=IVZn~3GIC3
zvd9Ur8$-Fp!X&&tz5a+G$`3Q`48t}uiP@ooG-QdCaZ^G`zA!M&RIM!vo`;-&-Dy4=
z*UFxJ?6$z<C>D@(0xK-husHvqWwZ$xLZc#j)@U1PEC+iOkO0Avv;ET!@sw_=kNqog
zw!$*`4l?VdC)($$2fi0U-nC%?nFt;iplP&Bc+*&q^ueU_IctEt{2}^O3}6tG41K56
z?4(NtPcAnyuStOFaTt^W`gS|1jd89@VvKIS6I_o}#~EJwJ@_e3NWAj(<uN%o<-A}5
zN6kX*W3eWh=6teSKs5G-hMC;t<Q|kre!!*bB!YY&8<><TBOp34j+LdoKDmNSiR^0%
z<~!HB)%}vG)kX#DW+~kg{7GPgs+th2$<5W1!{v{8%aD=ca<dXF+c3tDiREQBwq@7F
zC;ix!zA^5mW>na#1x@O?>dyrwK>)Sc*Y!}|$G(ZuDk{aJq=D3{*{Nyz90$@ZMJStM
z^AsyotLwuDe)BnwNqPxM2;}q#ekI7?i%mcqf40%oJY8dP(y)<%d0?dSI+oCLx3XJr
zBT6At=r%vq?nszxYUs{W9K|SJd5Xo4PK$P4!cKa(f1zH*W@jg<8!6NzMo)DRh3Vpl
zn3`syn#`^CybT09XvhnXDrhiMm_-x)C_|D_LR~|HYX8N7(v#P{#GK|P<62f_GlyrF
zEeha;UVkmq)RUy3i1-V0V%i?82EtQ~#yg11I2a_i0T$0}uCLP&Bo$KP+Stf#X=GfR
z+cRt~s@PLcb^c_xQ@m9@YZ@%%akrY2klylO+<CvuCS103p|UGW|JuQNtCf9+-o><Y
zK4p+Q+8~X8FGxX7PbM;v1o8c^{6@e|`tQhmYHHGrcmRT8V-N<c26ep1PBQS6A&$VL
zzOM-A3q7wA<wnq|piz9x$Cvr0fvf4uC6h&KLEl!xZk|zmY_~<0bUR#@2r!oxN;4{b
zqU2HC=yXuzk;d<YInGCDFsHc!kT;{pxoRssYt=I)!ZefWeGfhxYxelcYMZt<GnqfH
z5|!1sC3H=9t-C*3+meuOW&I$trEIUnfX}x}Xi<93%k=Jy4WQY2?*1qWKL-1iN2`G%
z618@g;S4hA#r^pR)hFus9;Gqh>6%Hj2C`UsjM2W12OSaw(y40HTpcgSSwBj1?D_3@
zO88lgLUR^y8pv#0$O<Y&uZ(m+40x=Ygam_oA$K=JcPCXX`P4IGbcg-!ED%B_O-)T|
zoJ20?#7&UjMX=us=P>R-FJ|pC*ql&GzTe6FttY^(^nyl5xwi!kSy?9*r#XIhYPdLI
zK4*6+7}gbISK0s*tB)r;nYXB7A@h9Yj@@@FzNZF4lnI{hM$_MkRFZ3@(nv;fEo$CZ
zY8)0}cj^*s;yJ!vX%a5pcaUD`=&;c<fgP4P$RzP8f+0)ikwk?B8^<{)Gzn9$!I#G2
z1qHB;kx+&L$!@5Q5`A)ZiC@uH^BqY-6o1>@-OP^!wtPA|+ugh4FTw&GL(T3W4)Dve
zw(4set&_Pa>IQ&Y-GZKv{P(^3-QE2pW_^qVN*bDQfxsCJ$NNo&CV?5A+jL9}l--7g
zhIi*}cRu^G4a?Tf&L?iI$LT<2SZ+Z<cxj9@b|_Wh0}L_1aVZq0qmyaAcFNm2-U!FG
zY=v!7@Vei6wHw~?$%2;I**hCW6^#Q|jf^m+gt2kM@B13WdNZwbdl_6vkR)#GiI`dn
zpoAXII)0DpNir$)BvE8lZ=-an@Z5{vP$PG>{g_coETo&Y>Qv>_dU{jUdp0+m?>q{+
zrb%)2uIkK?X`Ef-@sblf|LRq6OUm-~jLGN5Zfh0PMvI?b7+?8#VxHU_6jn8mZ);jH
zB}K0>{whz8${}ZhObAF=`gr+IwHoWG4o?#f*r!jb+C%Q0PH-oHr4d#riz@ab)wZ)m
zwTqe#h7y#N22)gPsMQz@9h(Ooqo*|EhL0Rwn&DhI<fL~!Y9aaWZ}+(vC=Ig(>^7&&
zGqDW;%Mw9|K}gO(8HC=8a1*UiPD5I&u+XeMc04tzw6ham*IA#%;(J<>q3IG9Q~sd`
z$>-q5n?q*9cww#F5>7_0b_@EckF1Rd?#=C?kqM7?+_m_A<XtVew~3~@m~utSgyAKi
zqgS3x5T>QD(S+6HbZe>W6oas<a9K?|XH-9(L9aSxHG5zK98^rA^M=!foD2t_TZWj@
za!mr`eTI({7h<w(46k#yt0rp_^%+&p#BFrSfk#BDC(R^LS`ar9+O}mek6L;mxGY9F
z$vsx>ewWf1*paxMG*-+;eCU?(a-M16NvCKl6R|s$0XesGiJ;&r!B7lfYN%E{mwV<g
zB`E+SM4zMd>DhcUSD6$pKz*k&T~4qyU(k?KgTC>w`be3e&c!_EaJracA5O9EF}jdi
zkPaO+wygs@>!y?@rX+4KxNurXj73saKgX0=A@882)Wwks>x&P*E2OGbf_@b>dNH@G
zZK-q5)EI!mEOGtjU)#^kk57NjFRaO>D^Is)V+m=fuby!QHv`bj(crxwzcSzeCl#P*
zd{xxw(ar*4xP0^vhM+fOEx^v|?v7aQ$osr#mk;c2d5AK1K<0HQY<4|GX11j<_2sYC
z_&Egy4E3EJw2zjjYKj{bW@mpJxHr^vlL^{ru)B`M8_j_n>61KbD=K+26jjZ?7Xa}j
zOgV?1F!oj@Z8x19W?H!=xoMm}OMF6*t+Mx4K4MDbF2dnD_j0vkST(?QfAa7sKlmta
zm%(7Bbug8FJ)xl$Bi~FyIstrN(>j=v3do)5P<X+)$CBmmlC;Sj{OjgiXTq=<Bs&tq
zUW$<`+B=FteKe(cJ`Af@_4muOA`D-9NtfbsIxLGHK(1A*4pP|2Mz&U2EhU7Lt3>8J
z>SxacYJpk+O}nz2%c8+ACV}FSK9W^(tT}Ti6slrap&9-PGn!R&gATz*3Xu1w&iplY
zHO(`9Q@><Ce|l|bZ|~jmq<pc1>>#1=YD(+H-XK?9T)0;fP2!ydINyI&-GdUEB?c^<
z<F>n|0^(3b`FLRKLe1V1sogJXP~Ll%(-G5af^jKvK$fqR$;=|Xe@l0d2|uZn@q&W0
zF2uBe(7>muLDQC$PRQ)^#G&oNZrXl7^XO|Azi(U)j>gl6u<E9jQnmf=%1Hid%u{~P
z-Ak2Q;%o4!e2Z;;jC-=0P212k#KL1woC{8n@97tZ)EXc0YMF@n0<fY-GB(Cj#qca*
z@)`0fnt-vbV-@@tpE<)VQrm8hN`zs<Y6l^wLG*5WK<D2L#Wr>A{_H;Y3sG}C(S8Vo
z-)(;uIM6l7My`}uU0L~sN#!S;5M1{&#xUugSCBTLLN2hUgQ7}nyYU9&-ZJmeSHFg>
zeg>Uv8qbKmx6yl{XJD<v<gQ@5ah!(4^H8@P+`T^6XcIzh^O|N&boiV^JH^i!<;v5$
z2gy?I>DJDZF)$;3;q<C!x%cV#9dHM5qYqolgaeJ=;nP^*#<ik?jtr67at&f?!Z#d7
z(m22^w5{xxBe`E)Mn*?*ne}M%K_~`{^-|V@Z3WB)oRBv!6#FrNk{C*T`buGTp?cta
zfHNE@FZY|GnJjA0R$JgAYvKZvXl7`QPMVyY;2KJBLOK9OgYzOI65WbGL~#Brg}g|v
zdqfoWNR=qXnray*r<hsbsx|NFZgr;c^{#XSGs!ZtrCq0f^K#ay+k(&e&E>JNk&#|>
zIL$n8IFR{pwuFPjeo~KvAQd7&z7JPoc5mv0Exu6k=`f0YQiW2XVi3jNSW41%yLRtX
z+1Vt%5&vQc6t^MlDt)FmU0K(lWk=(%o4y5J3+NB*#g~Nuppy3%UPm6$_4uS32x(Ui
z2cPNS71;v(`e6PkWJkf)NNgk<<nr3ykn(GvnU#T8WIlDh4P*<`j)HQAPCPbE$v#-9
zZ%ob2%}q@?xws6f+CJpC|B>t-if=;B&EbuHR>$J8U)cVkM7np{N1+!yx$=?UdU=c$
z#G$AwQRuZ+LX&C8M#c`CzATpWimpkZ4L_Td&7`ZSqnv-O=vK(~HpyvkgI`!XCa(En
zf>KRuXa6=bcsyTgfn7ygW13@axHNpn%I2w@mWH8TW6Mf%XL9mN?m9hW{#oj?;x)fU
zX$2B|CX)K_ENZxL-TtATR^_2bbPtm4Z2j=}Mp2{En2Xf84V)GMEmuTo266^xi(&FQ
z_MQ&*9%|pa>w>$THod8zj&<{8FU@WA*V?1+`%gwYVnom(n#p?=-|x%ZLdRlXo{5Z&
zg+3pj-CCG-j-CRiCp58^naBm$Rs$8ibMw_;rX($GQ)3m=Q3heA`0kbZ=UT4yepo5N
zBinkcYd^mBnH}b^@H<V{g*jr@2qK)Dv-ljA3Ow6)j5}S@HwVsO?dspcOf*3eSO(~p
z1=AN{aKWScJt!+(>)s(51Epdt%Rn7Yi!g(78FB_T#t^C8M;=zQ+4`Xj-|1Qiu*p5#
zz4H_+=L~jLnpB{A$`m|(MeEXjYpyEav7F}6rk&nqIc!oZe$vdT=EwK-v_qxjV32wK
zW0~NL0h92LWD`Ri&&4JVK5ZDrmY!}6UW$nyl@zMUiH-GZIaT%L$puE@9X<@pt=ZCz
zB#W1Q<^_T$7d4S_wPcD%ikCiPjw-&x;<wB)Y&!FYHop{@|CxvQ(DDxN!q~YqCJ`Iy
zI-C&k$0*6&<mfB1%ifbC_FenAW{<_^a}ygwg3uq(wry9vXQ?@>H)-5SssIWVwzj_R
zsdhoA+of}^VQJb_s}zPqkx|v9FrcVLSDsd3u^mgU5E^QB{N;k^)Z(4cb$J>~+uPPH
zE2V|;&5p^U%ec64J&^SSARHWtQ`jie%Av^HWF1b{UIAboI`%<5xp10zd`1A+Is1i(
z`V;qfD8JZ`KZ6w$5rHhc!5xY<l&_GAJV1(B5aRtlbI;ST{qlIDGr`QvEDWc@pk>>s
z$!K6}+3$+xu>9Zw5bq8mxi~wA+!`UIZf<VIDGBfK*%iKC>9Q9-{4i7ofif6E#){NV
zSuZ{l6*8iPl9Bx2MfiKN;t&7tPkTbiVwn$x+Lytrm`Va<RifN;&T68fKvn{m5hwUD
zp(WJgdathSWJJzrDe281Qs_r(YikKSBUYnICazh7K<>+w$;rv6>FK*<ek}+JQ17;y
zGPnLS(%MSpc5`(-J3j|bF)3g>s{Np36jEd|O*HuE@1FP{_bHS_APFJgeP$B7k;-)I
z_Mt!;X}L3e4#Ps5EEfN;4BKxIBz9Er=u$6sWQ6TywxX>rkS|17Wm|6PhGAHe+A1ce
zVPiB&X!e+!H~7{ylg;veR#!j_`1E^H7ct?T09YcINqnN+_DD1n8%ZPPo~4#vde6Py
z%TLk7?u+Gh^B6OZnmt9nu@5l3fJHyg!nJA>t5&(Q$UqTP9-z320cZJI8}2*OcW1iA
z;$e7`ACgHvDATExMJAnY^=W!UZyrcaPA<x(*~6)_Hk1(N)LGKfqEE;`30_NI_UsIT
z>Awr%Y><$Z1_Wz+tCCsQ8T#hbs6+Xc%j2)`*}K>BUq*Gfg3cfcVf`U#lq2Ndt3=z|
z%439lnTRX177mWVJ&!|AgT#yF)M*WCXWR~B*cv2av5y*<3Q|s?7^pLpLEo})L+-(?
zfqNtf;`1-lwuYLdJwgb;wlijI$*ZKLnkAFK`yKCh4r$(mDo4rso)-|`HXO0{1eK~~
zsNsCEh8oK8*Z`T?U<1-eaHjI1C^acfP;qhb33|O*;EB{!>;KBzdt)MW(BcW3^WGi{
z-&F&7*g`4aNPPDE!a`|XE$Q8pHf%qunCtOOf^QqMZ=0lKkOOt2(VoGtpGOaGhNf?T
z#1??mS5zn&*iPSF-B!Fr1(F=!vL0z|f8Qr##nSQ9k@`>0|KBtCh2<VAj%3;a;G{M)
z`JiQk-&K^YD1C6WfsLUFZEUBvze(*-<~g~~3O^NSZ1<oY$~~f4OK))T1b3N6Na4E#
z=r*Z$*SCi(82AkCr_am>?(JOsp&@QWD-xp~@OKmZPK5U1w>NWXue(W`9yKK_6$xXV
z_q?_R;StCO8^bvVh#$({Nt=XBc0B0pxPBYufe!<(GULHqAIvY0muPhY33D1l^_~Sl
zPR&md;YRz%J;R4a#>SnNMuDH+ZLo;fE@>7ZW7(<TM;4Tn$mxa5IvimK-lPNLYI^qv
z+!{ywAwkN@s**M_Jx$-0g*TuaQF>H0*b_Fzsly5`DJxUZ3!impb@o6T1SI`Xz4#Zx
z_n*B0(ibu^G7b(7z%IEpk~cW0=#irOBQ+19{eHH!_~TGJ48m-PcsG7IxdqLS`m0aF
zs;ux5eTmc4(^Cj!ZSC#tEiIoos%2HQwzdkLyu84D>Fw?9>DlP#^6<h2L+sw8JU;jZ
z8Kgi8=ph5c&cE;%A|fK-uDUnY=|Rm{XeA2a{-V9Ty-%JzG00%E>6AuBA>>4XGu5PM
zSodP>5Zfcfl$jG`A259(5c9{$6N3K^n#k)90M<l6MkMhOe(FfyiF^V8aRi<CD|qPw
zsVa1GAjAH_8S4#vh8@@_{BZz8+(Knr?6(<xC>a7^+vp=IAK(IwKerbh022QsQS=O6
z;~%2okpUQ+q_h+|HN2RC7{vm>#Q*2u#0esgfz3fuDNEq@rtd`XkX{(kBJ&5v{KF8J
z&|U}_ZFUjbKaZ-nc<_6tM7{)wNJs<*Q*^nq8})p|&4Y`$fmizPNWSa%?lPL7hxq%~
zU(3Jih+$=sg-cBQR9<K#Af}ysh6c3XXY9+zKSIfj4dVZSZ%|GMhytph<w*AXWWHks
zp8ZdBGZs3K@b<S>-s}kFdJQA9v$IoE9sm$xpD*&!@N{!H$Jp37E-nre1LGT$I)>QN
z1VsnDk$6{k|MvFQ#l>ZBZ*M+Bq(K=m<U{%<#bH=<w33oibVvxI1lIlxCF|;ZU<-U_
zKeT;;8u~Gfpv1<;u5?G^$~<OeGaV~bftKqx4bC&r(~BFfuCDe7vMraF1NJjwqtX2^
zdy{e4l$;w&s1C;(IZ(+E?FqcVA3ZG9wAR&4?Ljg%HH{?VKl2<w3Kd8qHtjGC6u-%i
zmZu)=2*m`-t=Wbht{9N^xI(kOUybs?zeWhDrlux@z4H|rE2qq0hF-;i=cib&NOC6{
zKDnP(<tiL$326FH{EgP9&VU0Hx3awKUGbhhSW9G|v0){s&NR9#7Vk*9{kIkNO<SZ?
zkK!BVigL$w50TW0!m1;SyBb?Rqz9r1A;P7u!wJoLv4!{z9_jdk>mOUc9yR>Y6gS5_
z(A>lDis$17z+cH{c7b1OXeRzINGK@E=kE|rMelZ=1QWdX=Ep0~=!p5-c{l(4Liw|w
zD@;n*5gTsO7L@(p;vrz};;ojWxH7b>`PI+m0~>gmRLEoaaXq-d)BsX^ode>%uWMdt
z#s0mvT{XVr`{x&<zbVOAbi51)<}6!@#HY5%{#JrKZvF?gAiSfwDE5C)HgqPyCW*U|
ze1#jO_b9@BP7qbvPV6;L8pVka_-&Kn|J<5IYc-?Pn)LPc3At=|Tz5Z?`o^*z`bGCI
z`3Wv52l$s0C1z6w1qCKc!dnc)sCVba8t=7K2a#@1EBq3i#Fj-L%p@}6PV$Lq=)T>*
zzhE7Cayz!fS6x=Nw>@66(iKTq{)npA@hnof?nK<PCq*J+kgIzr1;%vDGx{Tt@-!Z{
zb@DZ+1cX(61k>%O__Po-9F!0DSy7trb8}2bFT0~jaLG>2&cgNpk8~aY@v_205>XI8
zSiXO0@?J5WPXoZ>0mpZAl!BQSU^{Sfo&tuge`qK=0@-eIA_#oG-Sk+k)GjH?KwdV~
z4+eWr*B(!_%}log9DDm7IFgDgIk;%}D>6^e-<<(8)cZ!Oa){>Ap_QUaLYKL~sT!QC
zv)`SD1i8J=c11d=p}?_MqPj{vv+P%R0?1**xcFzbvB;ixx96SuE=%7Kco`@~(YPl7
zeZK|ruPxX6O(-ZRUs3viV5nP@g}e4{$2ya^Zt_U8{YTg{J1!f%@^{p5BDl|j_6@-D
zKQ|u_@&om}-X6<J?y*cri=JYRwf-$50LVL@iaeZ9(P|~^H=hbJNPKcbv}hRlCJFEA
z7l5&mnYDVi?e4k_0)Yr(Bksa7=TmR@i|M@LGk5ic<!5-9xV%0^!ch3-hFnp+e=WKG
zbA9_SVWC|j4(k=pYn8ron6a&EFsMi*M3S~~yuH`lRmG%>I`0(iPSUIxi;dAKRDW$}
ztuU}i)gruYg*`2}lz`XhxEA)RShk;n5JO^>=&=kjibo?9ft;;+pm)pCY^^&jncs9C
zw8hV*IK%TMUPtEOYQe9_?ihX>{c_4eI)RPB;*frLcv#VV6gGn$2+YUUXhD0V*lIwZ
z@1-1if;;X^#y8AfQlKmCfgRD4Xoi9b&xfzutvyEofc5U|^wi@4JxD712LLJD4(9}<
z%rw$BJfnFt|DcY;p8wRWglQ7OsgS47jUC~D+}wF|I2;6`o~aU9PGBWl8r0@Ssp3+O
zUMpE%VKS_ljx$0>znpqfZI^CyRP0xp*y!4Tt!4$Xl&@*F^{dNZDPbwws&b8t;))zh
zi{as9nNvugfF$CulG)Yp`ZT|4?@@K#Ur8w^rt@6Nwx{vJepmjI3r_cgv_v8_p6os^
zA+yHZK@vP2Q(LC*6cx=r1>#HqKid+9tq2R<o~RYb-F5rjbf?-i_TC|$j$did(8VHG
znFp@&t?gL~Unh@hgjb4^Fux*I6?J6g<*r$5f40KTo-RueDdoqs^qEM~?>tl3&!Cii
zRWR&TSYdIo?ChKQOpNcKC&I7T&Iamcc3sX6U_VOUQ(=x@mE~OzmX_>lv`q_J^DPK?
zI_%dFaxpoeT=aE&_4yf;<;JX5qpIuXwY^Fl8qjl+Y7`S3G-N)Qay2Uu6sC$|{K#*5
zOJwPYZY^<{(`H{Zk|aDuPE@G<g30z4M0Yipcir|%%a+ii{-#L_6y<ko7U%tTY|KNI
ztwe7pZ}RWH!8fHZLjr-r%|U>60_oYOPeNy7NF7oMG1^1Kzezu0pAJ*=XlWFN?!;q*
zN?Zp142q5X`%tzjsGfrZ_-4B%5e%B$hbNzaR@><$Q}If@HLpex*W9Z$2(_L64G8K$
zmeg=JZ0}}^eQW)~`UmL>0FdxzdcK|0K3-q5t<l$D`nZ^xLH%QyX&_@KO(G9)&`kBS
z469dH6S&*lGv+moK)JmzaMsSP13droo0iC`viRHf<MJV-P)P|-X#f~aV>?`>J$&I1
z`)Fi6zE_*9QtjcopN*%_f04vkc96AeD)tD{^=PAaxu(WPn-3~Rn<II0k}BRjofen@
ziApJ{WhOyZJ7tcI8#k~cXgoT%s_OKl;Ij=}`yRh@Sk1WQc8a)y?U1*{aIs)hg(%@c
zT&&sEcySTQO?S=0tRR;d)8TyPpvS9_>yaoe1~+=Ap4?8SYUmI<1C54{f%6#G_$VyQ
z)5u{0mZ>=7=Qq9VZVFwyS~m}SY@~dK>K&mIgWbeK!#Zl|I4g1w3}@9^9qyCgqcn@*
z6%3H~#^z6V6w}d^_8N2l_!>Z?E++<3=N?gP1a*jtUg4Wuf$~dB4~T@)UN~g?Znyv|
zRjoHAW$Z&3v|K1{*=5cEdpCB>rE2Y-n2(Ennkp`KpX{8EU%8%~<3v1gh{bxHqD@iV
znuA;vRC}Lwri#bMutlXPUMVG}@%mogP5g}Al;Bc0LQ{%u_3%~GpiZu~)nK<~R@tbH
zc2<j(rp4Br8gZjS@=I!&iCaGqO}&h&{7q9dF6GQ%ET!7FoalU08)2#;EdCpANY3#r
zqepx^m)&`a0Ch~S85}CN#PUL5MR~PUSw<$5A>`kfTx>^2N6%<?$15_2FzYvdXPZ(x
z7n;$9FM(yykSTauV~s-2ebQOsJ3d;>49#XBGY{-&sxMr+2jwK59e6>&%3&6<bdSEW
zvhwR1e(~9=18Op-^_0Y^7NyasBNZfP0$uPRcxBu{WbScaMab<$)jHeS+m3t^zC@*=
zS2@T(8qQ<_e7UAJH(P@QffGHR>uXAbtgPmh_m@=K>J0~w=*lQ>7X3M>f?!cAE=FH1
z3$%7ot3(wky(Rt@{<I$64=@QdA&h+i>P86#kyBwslq!qxy%hK%E5KkI;~=(BQyQa;
zlGE}1;&3_kRhI$4@##`Tbl%Fqap{O@S+B;{cYLa1DWmpWRq||(`uIH_)qCP=M2fQJ
z_>anq0<zsTtNwINiRODc87<VpGQ0z4!*@Td&1>;ZoSp*C>SOMbS}pxk&web{!9vJ1
z`;Soy32H1_7yaw(mqZS^6GC-ABu(988-tbp9&z};!2KSb^P~&hTplx1De8%@vY75R
zkM1SzVf#wq({e1Z#o3Cj2c6(jfom&8mm9_ZfORjb`}MRnnz4xDfTWQ%)Yb8<=7aS>
zSy#b~HskrADYCs1o|*ihfmFW1xrQfd)#Q}dv#cexVjzr~BjC1~E@?NNllmI@y7A4v
z=ge&vo6Q_PioMgHm;&asYt}IJwUZQ*2DuB0O3)hOO&|Z=Jr{9Dx;Tz6CmX_^ipjj)
zH3zVW5B;`vb6}%Rq*!kJDn*jMo+JNa?bRUhz<_?bQ9hkaYz%&%kXcT%vZEJMh&kwD
z$;rvFvCIufLy9?4(HVHloSDo?>QfWQ7!?susC`_ir?6-a+&rT-+s>UCX!`iGeTW;!
zr_Zb$0(46DMvWZON%Mt;J~Kt@5L__J2%asV+!Ft0&-A|Bu`*^@{SacH)J*lgTuWM6
zvCTmd7+)XqZFqW9^mR**HA_B2&Gk=E4Hl^=j|Ig1v&x^kka}6&t(euXQ7Dbx6J`Gd
z);g7h@SS7AnL~gbo`z~`<JDFa%8(hP^I3dCPTu=jET2?jHpU6|)4nI`SizON55iyV
zSRd94TCE)QP6%tXm>J4#{up)&H_x+VAC?E34?)Vr1s&Y7i*AdJvn`x!eBP=m)p2mL
z<a!cUL_L6W`Ll4*M!z;cXP^`gkVig6EBGK}S3!XmN_J>+RROz@QZoM+qL$L=>*G%C
zED&hx><18X#5X-WJT?Z?o8B&ci%BBW#HFWI)`H+yIlo1UhZV`_WAPc43-)HOxrGgJ
z2sxKnPj_AgHWn)ZXjxr;LLImSpIX1r{4CSGHh*Z0+jHyL(|vgoo*$!YqwA)rxg_BI
z`6-KMpZw-#);g_^S22=3jB{nZ*jZVR?I7b_v?yr{rnP7KapcDGLAck%g#qvkoEPY5
zmQSIVvcCK1#wJ{Lvzr6RY`|GAc(FY$ePjM*0ObOeNoUL#c0+pWeuUeGc06e3dn6+)
zcpCd`L{Azua9Ew~@~Z7P{Xjm2!}4u7z;y)@(_uv>0k}`MRUkApPz{FBub?Ubmy*G$
zzKW@WaF*dDt$XzmqB8JH&BfZv5hi!jd89&4%QkBB{NvdY=L#B2bgm)OUQBaWFNM*Q
zF?Xvc`WuEe#A!`abqsE2s64zrS-4$0KuNEPq0Q>x)mk+<13ncijlp%el*Q{+q=zre
z$u?NN0gRDskQdE6t!)KOX}goLY5+0W=k+n`9@=}`G%A{`>tIbrtm6mp`i3%vg{iv+
zJo}eJ-GH-zv}-I>^wO>+yk{r2po&SX8iGtHo!3#gMEmL`k?xW{Bh3vjc*Uk>S}cc>
ztnOVNk3`*CQBzaNWL%nN#HE#CZO_#}-z@D_Uk@eG24|a@Zb4ZZtw?N4__<7{auH<l
zx4sw_4^ESWn)RiAel_K>m%QLt&P8`nh0|tR1mdRXGTFA)*ja+38of4o(&G^)(sCVx
z4N6)>x9|`9T1(s@rFVV}?!GRKnJw=@@qz7Dx7MzCYSz!`Gh0UgKzzZ^&(FY6QdxNj
zx}|#F`JksmuAdaMA?r=V;dEnC6m`*xqj=K<%zC?hF@ZMGm)otFiw5!^Fs`A$cspFK
z&P|}2M@>Mxw4tx+ynQ`j+qp86S#?y(m|8f+>F~|9Q=gSQ>So3te{j0Wh`&^~CP=b7
z@HC6%Z8(s1IP6SEkrn0Or{NqmX2}!utXNwlSzT4S6Z2v~6^dbyS<#x;cUoitho-lb
z*~%FRRJzD?jXfEjNC|Jc8*^7qKWI3~kP%2W*b)_j^BQ*V8^x05u=j{-T9_<pTU!YL
z@XU_9(hclf=??1GU@#0|N;IzXM`LQ`!ID?R(R9Hvh96&n`)vFI`9Ri5;~%2rD04LZ
zxSM($n6lnqS0}Z)p9y-w*8T<0r46R=`h3HfL;O?(aU_{_T_4cYrPIBv8{&(P4)HOY
zGVzFR6o_p<+-$xve15ySakc>hI6C{ZO>Y!@RgY{(!J6rlq(ja-`}04%y7@ZU$EXV$
zb?^6Pnf+SI|1%XBfq0KKk(|`2R6NXlG+!ZT0vptggphmswL)}1<SWG8Nj(Ca9#-Jz
z*i;^KV{-K&6w|mX@_KixK)=ZVVDq-k$5;<!&0)H#^@>8s>WGPo2q{*XKSf-891pa-
z<_5}yQ`Q{?_OiMQY}0nZK`M|9Gr=~C>=im0;R_kq#B=WUPiE`6`+km%+H`{S3iwGJ
zI*$G8a}5GahGh=+4(UFTS)1AtflcdOP0W5wNX$%WpPQtS86A&h!<<W}70`b@!R6<0
zJ|u~V9I-6{pbtKY_Us+Q?aXv7;0yq0jc?FxSt@tao^dQ;<Hce3yve6WbSvO>wEgFK
zm#FyS5`nhpX|sCgyn$p&clp?xmX+}tHhlIi1VnTa(V>I=1l&~o0|V^eIB>1olfx3%
zg=FGGxjL146`y@kYrkU7WNLB;XB9{h5D8L`2#`6*f~Ulfq}a{>ZW-`;@0$-!QWu$+
z6haa%JeiChB@b7Mrl(JTYib2stu{|j>!=8@v#T|GWp=-{eQ6Td5kkhAD(@#v%s@HM
z&&MaeHhc!{Ey#2w;#U9cuu_-lF6vkQZ04v|KAmqo*y*(3A-$X!NTh<GXK&MCUHiDd
zy18N`o@;#Ig5qGvO^c1qvad`=ZI<W_$=^5gKkiq(OT%v5%1;HZac0)5e_dHGv^=e;
z?8SEb!aVT)q(V_c!veqeh2Q$%xT6@rj~v#F#?vE{8QlvAI%yzdjga2Og3d1-ICLie
z5yWSs!J1$*S!js}myYuP^0bG-;>IHhimg*;H&@|zyVDsyPNUB+`7ba`+^i!L?9H!5
z5^m4gV;;I#D<4y+He+XRkNXqQ(+8YTTKfM+A#Ff9GOaM-<c;pnfN>xs>+L3j(SMU?
z|JKznQupq(=3}kVdQky5N6~{PFxxaR$hOuJJqXr#a=3YZ{h7&8#8GH7=P_~pPFY<C
zc#>k<%}Rxli_*1kC1@3eS9et`T#<9<XLttWvBX%=9>7aZ2&t#&x!?SnNwBnch=i+V
zna-*G-I+a&V%n=F*RtmT?mS`^b2*x5zp-uUUGmZ|vFBl@xmg&mDNyH;(2dl4x&sNZ
zy+?iq0p$2j8n&%2iS?rK&nQ^Ii1xXsKOUUjK|@S_Cynf3HN(lUTC|Ed&7#Unj(|f*
z2skdsSj}n37*e$;N>oz&z8GQ@bq688RpxE*Dhu_yfH1{oz_#qk@@$3UR@j6<GDkZ9
zLfPrlASee(-8P$8B@2&XbpSgwUipuigrYUblQ=gFu{R^=AK=On-o0bFKX1Yv#7IF<
zUR*rFO(Fy^+M+3p2#@IRr+$5+YU{cBc9NPE3$;ZA8P2Ieyr3oBP`L59+wg;#drVoz
zdc+zUcSX?A(*pzpOttdW&o@O2cTVkOkM1f&%fEKpp-x*;2ECV*>x6$%#KU`)(=|Ph
zc_rvGAmyfkX{d*%o)~yOg8Il%_yV0T+zMarVi}iXb(g7#B`W-IwaM<RQPoi#GanU$
zzfWM=ozqbKuVkvx=ja~ii(}#+rwO+a-KRPxsL)#qhv+{ul@WLZIA#R!RYauU?~^l;
z7h^#lgr0wodjG_Ar%La$E`HDzfZEfSOYHMpW{biUjc8Z(MgD*v)de{kAt8ez=5bpP
zSq>Qik}U(9vW4-FHWyYyrT;&e+(l+J;s$|9`rD}QsgoU(<zO(E1CwL-<;dDgp5P8;
zH02@;ctu@&N=Zf4+1VLd`aMrBiI1Ou%~JNOeIgF>(~xp>BFaXYKZ|$F>%%^!e_0-V
znUiPq_fY2E!}p9av9T(DRwd1kj9{$hiyHa>|26}Du)P1XGRgUF8}Y{!Wzc<OSr_<`
zBd3apcib(^w|tRwNe?Gp@Qt(;=z1nEfJ>PA`f<rRCHNChym-TV9O;p#R?loH)8eR$
z`c%9|7!Xo$MnoNtEC>c=#G*hPRxf3hvtJ>3)EsIklAVj%Kdte9_=cw*8l~{rIF1!>
zr5jJU@_@VAJo;QfFxqyA;trkQV9IOHzU)*tPWITPtX2)UVg2!=N1mRZde1&))=n4E
zO5X#H7otX5+t>hTN{>AtrPvg#9M)s%@b$4@A`qn;$sVzzvX5xICt&(QEG8L_@egQQ
z2quu^cVJWIfb+C|#<MQ~kS=C8yW=0Qy=8F#ze_{L8h}Srfp!r9Bxq7YdkAkf0EmnS
zs9M9Kc_8r*8U1@X004>4Br5<vkpSsa5h$PQ>=hZ7|NYsQpNQc9;h~Xoj=2I!FxD~M
ze=a}_xZjT#_Vs0!4E(YoefPx%@q>V|#n<-;)x*r&@VmiJq5h!wJ~p<xA!|{P%!-xr
zk3ixFKuYm1#AKxYL4x0ZUPkbbC4r=GfJapQ$|LB%ONo>NkW$t^)-6io0gs-r$2&iS
z(?Q_Bhzh_gTl^#Zh#^VJ`NmW9w=P~dA|WFq1F;Y?3W|cfyf-g`Q8N@kuz^tf^73+O
zYN~PqKoKjs$ZO!SBLCM2<%VtZ!^5mRJb1e(@!>)5D0fXFRud8uH1zb+Kp>1r&5QE5
zju?B~L3kh<?fSl<_hDczp{knN#!x1U%;V%_P<%WGFK_be0|f;IHXOM`MinW_eNS#7
zA?D)-X8lIW04g!+hOEg;tIBTW-3SDx-z?|Dd#M8x3kxjTStBDO4Ne=>R+`dBdY<w1
z5G0vv(};ev<7|oWRgob1M~VwMo5XQ=VdcWLaBvhUTE2+AeZ?%DQ=o|@C`C|a%uP`F
z=1hgnjqTM4uFK*{de|~+Xcq0V8Yld=zVuYD$yLEFgWX*5f~?-j6=CeF>SH@s>oZ-#
zP_i}-J@~~%nuuVsL13BDFBW@#kuHTP4;fcM%r}WhQmISVe9SD_szVuMWI}538^vh}
zv128JKMSnw^5nF9l96N(Z)jDJGRRCdX%c>c_kR|N7>bRZmzoz%cyYv2iS{O_4V5gI
zh82qqpBtWu0(irrWI$0oYgeoR+%s<(1fw@N{ql7$iKdgwO<k9}r=js3%B7Krd%sVE
z|KzMp_oQag^RBK4%^I{ISIsaGUJAAuJ^Y`(HhXAho+0OKt+JLq^C-tEGui&-g$m#`
z*>|VIkA(CSQba_A%|h!f-~}>}9s)&#w5?qXOFGs~)5a|}cTlf!E`gM{b2(yvYxyPO
zDIRAW6^N(3y`A56_X1)FBR{aRqXk*apBIPBZ>${lNBEJ6mXdOI9I4RGFDwYNvc{&S
z5(YM&YMf>GUA7RX5;6Kf)>Dto#q3T_9^biqwidN&zH3cox@TSEJNCKGp`Rn88CLFB
z$jr4xNSv@TJW)-!ebtR+y77Qv;=*Fc0#ccu6n)MeQD4VQW$B}Rmd|g;Sod*`Wl}is
zyVOpB*Y<V1x+w>P*Nz~zFK<`VeED^=hG=xboS&h_>o*5yJcE-_t(SN6TdB&bqjkb~
z1`mb(3;1nsH+Sc|(D4t)-I$8#&c1T$zl*5|UOZp`pMLMIrICz}@8>4bH#^jL=k%*Q
z&@x17&iWk28ML#cNPJFmqJ=<b(UFlde->EWPD5L%wF$M75u-KmbFwA472R_LoZJxP
zx%%~LM<o*FzXP0LK0dz2rY0$=Jxm!u%aD+ea2Q`HYiJ~-5CoddOnWYDsgL62>;xy=
zOkGe3Iaa;dTy)uLX^}K60?|oX?<~d+%3RuP6GZrTd|yi<0`9Sz(_2Z$t^)7+)<T9W
ziq80>%aw?2_Jt>BmBICkYdS+8qAG+?U!|5$=0df3sX9H%--65iub8`E=TQn%YU$$&
zpawnOo{<!)%S<zvT+!THSzVZsB-l0PuuHd#sL_qMw6-PsF6mvGKl$;af6m3xGw<LT
z4M_296{da}G}yJp#rHrke6IZPZ&WsNw2=K$e3$a?p_nv!f^XM?G|TlY)n~>QB_+b`
zp5v-VJnvXmWs`aI6B0ct`^j)f!Ny>`H1av@#09EHduQz1=Eldd5n9J+UzrAG++z>)
z4PW{=A(lDL|K6_Et5WLzz=X5ws8C(0vW};$hN7&tC#V&_Y@><0Z8}#tN7(gr*mZw&
z`a$}g_orijs8HO=_c3d$&-bHrito~f)k`g-zTxFql0R~r$~_&<L!b3|6pvIb>2x_k
zMW^axU42?O{>}{TZ`GtmFBc=Z=f9f=j!_piWc{r1to$zOXZsm;IRs<g8k(7&Ud@Eb
zzbATpGxa>O)%R+v0Du<{ygWT`G?*D6uphy~Y5Z=3hW;!Y9&%f0*nwLm8+jEUlW<J^
z51%$E^$@U0;GozVr0h+6oX@|0c49cLxHiCkxBpn<v0tO((4Ahxc|i%Pu<GSaacSW6
zcuD%45|Jz9kE`vRGXzB_YR$~0b^SY*yYKWx&0ZPC-ZUiqZxd1SM5}Xtt-yyNWb@yx
z&3hdrB)^<5Q*#oN+~dye;{IHKq9p9|c8<^E*>k7GZwPc}-L=+K+*tJ{KeSrPvc0Im
zzKYL~k$W^Xs-kRkurBQoq=^;0yq2*)&uX@KLA2a%H%qFk=j8wRlIT{35(U{gpmoe-
z=D6x^wA0eGIIYTd^HpC1Cn-xBoThBw@`q_!3`cv96=gnNos)`N<{FZ2if&^kU)&>c
z<XlfBrgucvHoSuc`N!CA{Ef@_g9<Hy$jJmDnei~zMjEJd2ke-&Ujx~c*XHh2b!?sT
zp4+O!7^1oFC1g}dn2B{wKPnIR|7-8Ozna?Kb-yipqbQ(A73o!hARxUdD7_a!s?u8s
z9YVDMiqz0MN*4$<U?_>A5D2|PC=m%IK<K@m<@w%mw%dLFfP2Td`DtaWm8_XL=a}oA
z@B4Y4$a88uUhF&Efl=Rdg``ZzH68IY4nVDJ7`nZLD_2!VPZUmwI<vF04L3rlxS?EO
z=$&#1H!nujt#f3$584186VG%N;Z32LGXw!8@?{*zERdU&<a#?>D7XfZr7(4mFL1EE
zQ$Nwd0@02UL{Yeo#5~xEM6&f}KGP2;bN#BA;@mULLws#Kx<A~e1Il(|N?6R}yiu6h
zH7s^zYCr-tk(b3Rk8T`C&Bm;dBMwFsNoBJTmE~;yo*Q-=<bG4l?WB*(N=qL|rHyE>
zZ&gZtJ2N+!^9%xw8+Sa0?3rEtRuA*}IA=*Cod>febW_?&@Hlqns9np|s&Nb-+8?zr
z|8Vxg<7Kh8^Y{E>U9h@|Go3{W$f2>@0o3f^R!<F|wBX!V0powUZqDgwiDq!;i1%^i
z^)2~pn<+cb4g5K5XCT9O@Q%*6Gs$w9=w)2~DpEkFQwUoQcfUGWsl~ICs^485QNJ}e
zza~k4=vQX1Rks;{o;3H{Z#glN2qbqg+Mxe6%z8;5SN57FyW7vF-l=5U7=4)3)LHl$
z#&p=B6Y`_k*LA$w?kDq102_#L#ByG@P1gM?6k76EqF)C^N5{u3nK=_yt1N!54mL!7
zI+JPWVjQw|C@=pM{xoLzdDYhHVK@B=52C)l6Qua1Ua5}584ON>n5@@#>8hCxBFo7F
z%y#;9cJAzemm#+&QB~%lhucRvZZbk=tvqs}`0pKlGRv7rW|er+6QGKHoB|1*lhG*B
zI%gid)!G&u-1B+aI0b?(U*B$YV2)4HVse8PW3!pa^WeK*i|TH%dJ0_dLIf1AYU&LC
zcsXTh_MlOHk*X|o^)WLYs7J`-$TOPdWc?$Zl--d+L)9W@yT@sHGOY?u8`rCCdZbJP
zK60*?PxhHYS9FS<sfs8mOpm%o1p6Byj%2xGzYhlA8aq?>%Hl*IoRpT7jNELV;RlLC
zR5=KOprE3Wnk$%TIRxTKg@obgWKQxR(oe(ZEg`B9O0g2W5tTQcnB`KlEbo0Loki@<
zkl33Oe37F`Z`ldvopzq=FN=<9j-QGg*d^3^O+zahzcd%Qoz8?{5(j>C6Qg}#drT_|
zAA1kAX206~8fw3xeGwmjJ&i1Xm7k03oTrjV^dca0HsGE8rn)Rwt>|1jBpaX3q~F^v
z!2aaHJeItKcP=l}doJ8MUnO3GQ@L<rOvV!cP<4-Pv<bd{EDVM&&%{au*oM^xQf3oz
z+e>(a&Mq1k{v~0;(yy0X>WbFsd~@O8;jqDBMiwRoKbhA_UVbN`EDltCOS;HB%rs?Z
z3`6B_AC_q(p1C%?jzzMGhcQY9^`u#kRZh;nC2)qW)h$%cA>22bJnJ*#15Ed_O`8H2
zz!A)6&OVJaPI55VfQrMtDKLuCAmMzsTK_I&1kdOw>QvrTF*ImvQ6uL-*togO6!aZ=
zBRWRy8B2<+yz`D_D2|h#z~{H49!jcVHOsPD_9)%Tqx&*ygcn2~?!Kc~eZsyoU4^;z
zg#93Qt)vm%obSt%zveZ)q<=&=wE0mcL{IMfKU9Al*Du*8N9x%PAr;|Mg>&~km0)*Z
zc6OV8c&J@KjwE)x(By=5Jk<9gAeMtU-WJB@DI`zExuDr&k$}1w&NZr8`@pK-m4)o|
zg?xsf9>@xH%Q^VjB(*c`U?N1$EO4@FvBMHXa$usHv`o%3C*qFWjGJx5`-Xe6izv<f
z$~W3!l6jAldYaMpA!<GQ{eTs9!;mIs=OlEs7}YqY)10!m>g3xkimPmJT?V5#1M%`&
z7PIub#ijK$1!dl=aKt-x@&WKv3T5cnhGItWY1dfN^qv_Qe|wOZyy*@jD(IUO*`0#w
zp=QE<5?wcO_v6!v6{8ocug9ww8l6ZKBbZG7QT^=WI&Ld9LBEQ}fK!UcY7=yF0dCZR
zbw_*Y=Yrh1B4D%=m1R%2J~DOHq4t)ARvSOW5XVLu3SUt@eoZZ<_R`f<T!+}WiBU?~
zl|nOdQZ*0%kTbZQSm|bGHVrw97GD#9SkCXtxbX?c=E(aJ@jc7D*N{`x`(N+jg-Q0E
z16K>iPaipvZdF!19_-or$0F8pV;!jwV+*>f0Bn_V&W;!0WpOxDF^T*hCXqBv7*hZt
zUWEX&4dXK6GSg)mpl;UWIx#)1IJ;ARNO;S;eQwysXS(mFc4XYR-3A_KdY>*ncx!zo
z>I294Bo9p7-<WwyR5%f!rXEea;BkcAb-OI>d-qT9TIf@}VC$)RZ@^K}@WE1*RN(SR
zOIStbL3EyyihQ-3h0R90vFaC!($0Emo}>1SHbErz9fgo&NWtFrVY;O?D_?zCUm;?S
z3hMeJZ)9~j_^=@ygCKiTw1!%<M{wF}Y_uIk3RbX8^gB@nteg9N|JLU?@!U(!LOp!p
zM@h*(ws=%rKd*Ttx#t-x)dSWPt(f@~nhE1JXmhp3ooYe#oPm|pXGz&lYP{nsXkKZC
zTz(e(!B~(zOBH%b#$P&IX6$B3ilsBLJlQ8|2f8_yZDEO)1=14jj%qscl}o;25_}$Y
zi7DuiAe9Wcp5d*jBJf;%dD0;6Zph4>XbiX4u9UgNN`()oqp8NbpF}~yv|N-{U-&5P
zQ0Bx>livlD<j_kI0%9d2GYe0`5=Y0K{5JnFY(bYFiUe}+2L{`R4b2xL-#cVOmE}Jo
z*`?x+-)VB{U%6=Y4h?g@rSw5C@Yv(+tdPX^UW(;S(%`9(w?#RO_K;O2ro9n&JCt;F
zz6s>4d8@5Yzd9-^E|d)r1t}X;m6Pli>bZ#>M*!+j^I#kgt#p4M5Ok8hlDpF1Qwu!+
zCdn)e+MO<d=vv4UuV9_)DBOTc_;`hhms?N=J?1NJ(6_iDp&ToYlmh{lmJ|vm)~6}l
z^AwK;ul6lgN<UEU;P2Vie67{0W2%?F@V<Zl%K<BT^q`ll>9l#T^+HAPQh~6~-r}bk
zWxJq(1pkji0?g%>K6#@2gtER``z?x|wdW$xGNXES{m*nsf>n|=il$ZR-B%t<##WHA
zsx(gQS(z#6yxLMfbQ9#y&%SGHBv&dg)3sMF-}BcFv)7bEPq_z(C!_KJ`?7)D^Jn4b
zf3~>79Bl7en-<846Ff-v+qv-D33E1^o<GIcA3_AEnqVn}@MM_*rD;-{IDdX&NE0Lq
zFDiV`#_{y{;Jy3{RBkR?<hJ-kY8`<m&wT!^WcH7I1jbgq8~(UqWsoDW1MNqlEoa)P
zXKfQLUG<P3ezt7GnzpPE^1ju`cIQqS|2_PU2ksTy@&Gk|g3v8V1FKX7bbJz9eULoq
zYOtY&*wZw7+k8JTVapgL)q2o~9|c$E)M|C?Xx=)wLzGNmdA2Iz^c5yhvj&hWw(p-<
zWQd1{m|Y`;<x`05c4tpoGR~Qi3&|CNE?zlQKu~l-+^=x3>eH8Hk3vNVj6T`VwsXu(
zvtA+G)lhqWRi5Lw3I>q^x}hoPSvIr{j>HK4@GJ*@4_Zxf)`B~H(B*Hl`t=!lN&RV|
z0j=}nMS>cJ^W|~9s;3g9X`}6@-@)xQwBbYJ?JbWM%6z!nmAjC3&T1EU+_p<$iQLER
ztk?%<rdbE`s@BCNCAaef2+46+CbO}TIrW*V!}7rby6zDBHPIKVevQ6_$%1kh@>e}&
zs-|B^zIav<Y(0oLJwI8Y;zYU`bf~~B#P+Vz_NC6qywT>T?e<~}t>8v}(6mfpVguqs
z&_Pp#mkJ^)YEIu%XToTqO&VlVFZ1#=E_<g>&Ipy9D#a0HCAs11;L`U+Qyq3z%_yII
z1$$$}6P5%DBqw}B^0V|xZr!+3kl!BYs>QvfpUBVN>TzXl$}@q3Q6ljEqm8O_2}n&d
z(i~meS;SM6&FR`a`7e{}(zmkvfM(z6th|0YV6Azt%~fTaB0)`QQ#f@}w*|nV*uz75
zlM)l#sUQ0IZ(ji7P$?-WAiO<=hlhrk(>;huCwOQMj+>Oj%`x{7(aNb)>zDAO=mqyt
zxR~XZfox>he$`=iQU$Y%|I(XoIXw<9X;<Ef^rY=x{A5FyNY-1tv_XO$o&$4yyH$Lp
z;~BhoY!M|^17rz~8lu{TWs*}5bgn|{zCn(d>C3>U8Hw2|Sv~zKS1Q@Gt-7)cFPH1B
z`W+q6<j#rFqEM<Ya^~lY=(K-Ln%y_NXnRwGE0CS+lkqO?VXIJxFv*;qh&Z$jILHDi
zEIE9TyHoZe-U9hPetP=sF!pR+%Dpi2mX8&?N8EYk;nf;AU-s3b2-F5xJfj<CCF?8j
zeTc~d(U~mR*(n-u9lL%Y*c&|49+fY9){b3zp0Siliv7cQ!94%O6&wR~Z;{hWbXBjH
z@bi9HVtx}Uli=%S>3WoFG?jbUzR_zt0~5};wydh*R*DOpaMUqVu^IeaRruv=aDu^d
znR2-EUbf6}UO~f;?1(%R>**X{vT*35LwbssChV74`ub^UJfyl!ZxTmxBR(<mmY;Av
z^%CbCHFZ^ge!WTo-t)#-tF`HF%SFe7#ZSjnnG3tqdF8KG55C-8BK+fjo>RGB{E?QW
z>dE*XSi7eRIZK2;H{U6!l1rM5lTABqSqoi*WZI(N&yQM`PNFQxFFKkPmv0(d)b?O>
ztyM22gDikQfy%LH^7k;M9JeTLXb8Yrv(q#9ar>RuoOE9eF!&(nW2UBK<>e9<tBI*R
zX2~(sAM8GNL-WhM&6)1{vUru&(0a%j$_>NQHd@~-ua(Y|T4`X{2ClY)1>H;A+SH)O
zTYj8GX^+Fl%CxeM6c*)+SH->T@>NEZwWemFwpFQ#TQQTda(43@Som$N@gk5BQ!Vo<
zLvzg-S?X5y%$88jsBhBlr5nSsgI&j)8?1x(ZHm&R4K*3%K}Rdm!D}A9<0^G@n1FkM
z2T#9#YTb1^D6V_C;%I;$naf_js1lLY?fXvT0_&#!*QMU8wXfs;UYsv|t9VWj$lqu~
zMa0v3f(30|HHI9Q78#hHR4bkx!5f3*)24UqBzFi2FolML1qBJ+F<Mz=%BIlID#&N}
z{Wb|VU^)66%?ARZ00iAG()7FajJcN9ZU&rTq|REcgU|2SEhl|YM8v;k$!Ow}ro8jm
zeoI<(Z*Y+GqR&H1y`dX8lxT9~ltyiER>k(}!D4mJCVP%s&|X(t%FQ`^w$8S2cXDJT
ziK@Z#!B^5b8EcUDY5Q4|i#xfBi^f4i$$`b$<532-fwvb%;)+Tck}VlnGt+4aEZ)a0
zr}v2;I~u++n_3~zBQed++FE)j5g`p3ru{YBliO>OS-7pW#IX5$3VRVFo*MA2jF6q6
ziqVw4rBfxP5NBb+HljDnWfOKsLyni9QUBb7U#kyn)aTSTUe~_VoF_+CE5;AWWbEN^
zxWaDo5|Y$bm#9My)Lwi-ywj)qz8iNnOS{rCpx-$Hlo4`rQ&rbG<<ez0R%2vVKLPoz
zg|4*Okk(us#x0l3VQtj$gLk0C;fAj`ow+EQ9bN>~ssAsBw;e^4nLfSVW0YvPorJ!K
zx-9SW#q(r7l48Ln$JtDyF7-p9W4IqdwTZrWCea6`>EFL!E)7(nDS))3MW(_5Ym&4c
zZm-~7<fH70$w*QGZoZrI6_b@Lc*m`&`*5Bg<5wFdZ{cXZk<q{9s`9-TYSh}JjPlxl
z8DqWeIMo{dygplYIAln$)e{P_i1iY*?3tXn&=u!N#qXiLy`-a-=?2!a3W(OcwRJ*X
zK9`*C3J#uahf8E^v+JOTw|k<r8J0*2Gi5?z3O_o$50ky3{tgd5rx<)5gWj9zrWL89
znC>5n-;rmXPJ22}PDE<}dE};srnLc;m@u0?sq0mJ94bs$EEcE%Ha0d2$yom2qhd=)
zDPv2R?9&t%4Ss*T>Z|GC2wuf)F7+vuRwqq=d4&n2l3tMH<4<nb#iWIv;pz^lNc3%o
zhZ3hpm|iz?lP9*-2#abV^Z*uO>X+w&jlM1@G<gVK{<1fe*t!$3lujvcavf^YDL4-0
zRbF{Fw8AX4bF2U=6X<3{Sb(MMro1Mr+B89Pg*t=RHM9`}!QZCS`*$r{VJ->-XlHRD
zlMUAewH-tJQ<4`3OD-yrXgAJ^6qEI>uBy;B^DjX2f389r2KtZee364>mEUP^3XYb}
z;{U8QXnrRis<R}zLUtt4?C-qS5L6JDd+L979en=;uW&GivRO_cKuoe7SXL*_LiVl;
zHgCT2d8gQ6rnTx%+%HUrGTre?;+GQ&?eo%qR}%s*X${?Zk1*f#eq`+Hjq`E`a-pMZ
zjAJPE-Hw|f3kjzQgL^}voG(9FyD)hRL>MM!cCFWoQhnfv{GTWeFgoPEe#s{`<BvIR
z{#vhvp6`Acj~B>0AiIAEQy@Q57O*2!A1|Iw2G{q}+HPL0euO_v?rkpSmf!;KN2sty
zH&ImWBBJ`g#og@~?fl{24N4>SK<HO|R%i2SeRm-;eQP7n6T3*ug&`RW_<+uua@I9n
zV}|Ic70KKjTU#__=Euv3WEWA<$@72iJTQwOJRYm9UFw*{uq;>S+*)3lo^bz~{Bgb1
zJ-p6v#Wct+qlQyyVkv#<V{Is~!9W#Q^2%wOJf^Q>sgiKrG#Q*rH<R;&>*>>zLj0}w
z_^m!w+m~A?33)piR29DDCLOO*P^|e5yIhVh;b&1{bb^)Yv-<j0BF~;~JufJf{Y=@%
z;@7FN#tlgplPHs%>9UO8p#aPD5rb1sqc9B2uB-8(hv)g-4j>5H_n_4DpoNF^$AcKX
z`8jOil$*n(!fV`SI$5Xqnp26F_fuDQ0+C7xiODF@5!4zT>f^_5Dt4rF8wS4l#UAv2
z(-r?-waaUo3{TjRkA|;Qw0&O_`I!9q2|M(!C%YdW5s}Co*^SqG^@^TK1K->Cm^Nc>
z0o%m-M1h7|yEsAGqcwh$auOjAqGPE&?_!pM>`fOQ9)bseeUf{>brl*tI&ultS?Jip
zMUEwYG;;C<85tzzD=sKz*v1M*K=9@!1qjW$x_$?VCciBTIH;gux3m}k!(64P)%R4Z
z6B|UtbiP#kWLV+3nr{$_)k*%+<bR}7YWcCld{HlAx2mk~827bw#4r(W?;$`;ALvu(
z!y2+0(1R_qq<kL8q_<@9Y^9Y&7p^K??68#6tyE;95X{#{<bNj}Z4SQ>C;E=|cpAnh
zi|+X`%?E^1h?j$=nmwxcRj-lVrm9F^j;;ylpa?zg*UxdHX;xMhG)`<0G&628<g9^D
zTJqB^oUMXFuZ*m47da2DUfGnH=bQGad}47Ywbsd~itai3m&YO7HM?`;Tzo%sD`mQg
z87%5Mp+_@RC*8FAIhqRM;&m$<m=uN6Prbzsp*y8;^l|G#!M<Et{`|sA;(Y^y1e(&~
z^(^8g9>t&}qLUncOnPi~EYifcx1_An#Pj6Llm(3&a4#uv@itUTUeI|G>51(Wn0KnC
z7A6V@9c=Ta+?27?VN#3MOzkSf79?Z!*P<fOZC2A;-d@co)&n&PmPWIPbWOjEZk#jN
ziCI6)F5E;-&lmc{LsG|`3FS<>si&{sg-o-rITIcjX6|}lo|kumjXQx_mN;?SUD@oG
z9~4=QZzIF?TDYP`gr()5VLQsoOmA(oNMC@Q9;F5EikYkRDpY@zw#jXtvDO&<lz+T}
zZ!Y+PsjBCVN}dQ99=0f%H$Ng2_J<qzjZ8Rr&iza;)=jbu<))O+3@NJ+YFl2uGD8WR
z*;rp=dG^aAbDhS~)iu%J3Oy*wJvbrX-<N~~6e@u2!RF=bBTPZBcXxe>PJr}bNK#n%
zx^Hv!!uAX##9(?SvHGQEH@QWly%nBKW-L{+&_G9aMh;ROu+UR+yyEa|6uxUr(y+5D
zKv6uq#gtU=7BlpS!F*;CW>vSpTb&Eh?B=)1b|6qK=DLV~dfIlpG%;@+!RmcFKMda4
zJ@Mz+W0AJ<(s|w?Vz2Q8$?ZS$hZeTICh@ONx8}LMJUr}*MNRc<G(O%@Zz<Dl?9P4{
z#iy++$cn0Ts2Dy)moYxk0VBsVmy?fVg0WJ}wK(b}4#{$Q)ESQQY#iz7eq>=A7R2O1
z_jiu_h3=mmT?VRkirwT>-h)~I06;HfS!+7QQa0<{3n<=m0#~KR_wABv6bBR$6!Ckt
zxgQig@1MEsI2*gQbMkZfbmX&_XwOr0G|EeG4Za}|`uh3+=T}arx1FNOlrWoo=6jsa
zE(+8qfqlzVUBIhu9$oe7sc>#Xl{QSwt_376)Z)a4qNh7|m=bsM=8#s&+$=aLOnJAV
zoD?P>*wpmlrPzC(sVG;ns$a%VmG7Jwgu0_q+Sn0b)P7dCBwYKl(WDpxmR!xA3)axm
zXbjfy-&<OPB_{LV;1agLh#0FzBGqH0Ef2-)08T(#1E8(FldjI1kTh1BL~Zzd+c=(?
z!s_R;kv<ijg;O?xR6Z-HjEna*W6H*>Z=b+yHq!Nt@%}#yM^2KS6n>ep(Yml>oY}Eo
z+j1;sAXCoN_bx9YfLRab8=OK^{L7#E*J@ne#i0Ws*h*YkMEd6Xo3dVVsCi^X?0`(i
zxsrq2v!m~?&Q6An=S;fEq23Px*ibo3BA=yroFmry@_Ia@(&f8vsz$>GGIFe3@zRHc
zk{IQM^!zaw+bBf)EYV&R->`x^A~&DVuJ@&s-<>I7#vEAybyjY#vsYHa)r??=VHKj0
zApd21PA|?<9=cz)s+R??b*#|tSgKup8^<MYE8cg3N|x=$8%yXMZAw}?tvWFIvF7Y+
z4~<@*Bu$W!ky&_!5lnj8H4c|IKy1~#^@MOjPQZ!<Pn0NVj6n(jhd3|9J9ZbN95&`#
zYH7FhRRVW<H8pD8ZjR>Uhaqo6iE2<{;rK+2Im_og)q~#T{6?@4mxa38cx~DD6P1)F
zSF>~-Yi{#<4m_sm4vti_Z3~9H`30MLe(7N~K6=^GNMD508P@*iGM2pi6r~8SD>=An
zoUpy{RVG;%Mg=44ZGte)6~U;^5G5FsevRVH@LX_8DW|aKXM>La@D+MA42T`d7|IF1
z*CJ`rLDgn7jSq)^S#yIJFAf#KXz5iNUSS%1mfJ9xPAt}(DxhxMwY<C>NQ`ySM#3Ec
z1L=GBv(<UlHVvy6#d%tA!>Dz`>Pw7BAUS@O=5Cso)?eYAG{5xsrEe+EyPV_y(%@0W
zuZ(q&6U|zyX3mGhX@#47F8+(tdhz_c{OEmX#Zz+k`9S<pb_1z4QO}Bzkr9DFz=OjG
zwgkjO>IZ+m;Zj_gWOBco=N|t}m!|Juq~5u_iyVN#2~g18c8d}K8Te(y$c7NE56wSf
z;icp7H&EHT`u6?ep@Gb=4gDEpUBBFJ&VW>a`HfqR=lw~o<!k;}N11xOIMAkuJASYI
zmGly;+SNzFmmL3&o&V2KKh3)K)kigALvoGhW#J*d%_S6nuQ&fWQu>o4=PUKmb;HUr
zh{IjMd*165mz1sB|9GhQOMLg=NxN%;FHFWH9116LaXsFGH8&JY@i#(u0NFY3SLm;a
zsh_lswds9o#sPU~ZfX;ms4;g)XYto-Xp$cy$l6-*@B?KguA~?ZP(X**`u_O+qb=9l
zySfr5Y$Mo=ryt1kELD-ytTi*Suq4M6Untt;TUz4^{~&+y-cLa6SFY!U`$bPrPeL7F
zCXyCGy~ddEnPlv9KIQF6sYrb(8f^vK)m&0Z{=!}yL;5*G#ow{0yIbc00S+MMh%f7#
z>r9CV4<E8q7qt=;do94G#Cd`1D;JrFt%y5&L~0e2zxhd2KQ+Ve4Pc}*`Q-jgMFsQy
z`%?&H?W!^D$vR*W-w%0cE7*?3-T{GP1j4`gB`}CEB)b1H$N#&ZyVCEgtE)RX5kG&v
zucOn8a2Xw%Gpu<mL;L4#wnnYahwqP%k5^V!*dS>LYXCTkPLKS@uLs(adi|W5#J8ty
z&y*X~b@TolvuStK`|-Q~2{4czfJF(P_Fs|qzjpy}PWcMpqHmh$|9k5I)00fV5G69<
z#fP+ipL^c_)9Rm&o8|Y33%HQ*0;hi1<~sf_4kb@(0mqKKM{gtkHEl0_dkYwSNHX%J
z|1RVPE@c4h4E`_qX(eCkMQ`7B^7O0*5~=%UeE&;p+3wyr4=a8v>v~BvJTfx!YKh3E
z@{NBGFaH_GeUU4wk;>F!@mI!p&pl!ZyY%mF28NFJT1(XXPs>ac|5P&n=PNF;0R#I7
zWy<dp1As{%0-R}Ld!EMcc7MR703!~7z2Dt0|2Cb0x2m=P@Ay`>Vf$Z;2EaT1|C{}z
gpa0+J#`Uvvl-s83LQ(lo{s3NTkF+1c6`#KRFH!kQSpWb4

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/gh_settings.png b/components/engine/docs/sources/docker-hub/hub-images/gh_settings.png
new file mode 100644
index 0000000000000000000000000000000000000000..efb1a3abf536438f05b8ac778716b79f4a8d764a
GIT binary patch
literal 16121
zcmdtJWl&tt7X^rGa0u@19^4_gdvJFf+#P~TaEA%*?(PsQKyVo(_~33!e*fL7-4FYH
zYd^d<w_Z)Z*LA!5oO^EHj#5#QMnNJ#f`EWPk(H5D`}pnnxF!+cKJF{dQK=9RNL@A(
z5-PG15@ad>CrcZ93kV1ql<G834J=*4k#hwfAho2Z+#&IirraSU%+JuWFseiq(@%(s
zr%W~5(G(QJ4HS%u{hIU*pCz%^ik6>4m>7;bbm|Hleq1DNT<1EyKZE%^|MJZEJNX`L
zx{^SQDcUE|A!|XB>Cs_G!#;9gV*bEui-bUC3qm;T3!NIrV5g)U?CVXtZ-t<;>vCi!
zJTV%4^9*H3PalMYh?dM!Z|BRg4@;nM=ai;Og9y5kb^{7V$&C1g*_fIKBjAqn`bV^m
z@w!J4?y<A02FNJzKzMOvGb_OdEhHSq>MQYcpdNXKIfUy6qeF0@n6RSePf78@nN*&h
zT5uSK*6ALLjL5#jH?EXNv#*@G!Oon*9z`jfvW{U`)FbbazRyT|q+ySzcO6nF1C%V?
z=&njA`6dtQpo^?BXUxXmGWBs~{eYIbWG3Tx^h=Mwx0iL(EJrx3_*`|%C=4?QNZ2b~
z0WXQ`GdIk8qeC+s=?A22lRFlw(GNN6*5QU@_sIEi<HnI=Z>@eP_Uz*CCWcyxriMvW
zYV}GcT5YDRHantHpI8shU*#Uy`x|#<hS;MsxWvfpv<_lIaXRSa14{Po(B*;H-rI;~
zIDC5zuQ=_n3g{@NNfQt*WO&Qa(myFU<-8s-SKwaKqL79{+<L<LB^@DWqWduc_EmUy
zEgq<%9;N2&5MA9Ay^M(wr)?a2m}3%8Gw%^O+5=nP2FxH(DY8C4J58B$LmbmV@IUdY
zxquannog-Z%O`^1xPn>OU@ZFxbTc_GAcV;v!h#Ucp)vb0`yl-iQHIFSu!EZmU{Zpa
zjRneJefxxGVNgQ`3y_K6OZ)kp5%pnt`u*8Hjr1Y2L2ic9BZN4k!xo8WC6btb(iOi;
zWZZ*=6*W=8PC+OZJxWAR7MGg!Df?6rWLwy+!g<5#_K6?GASj}sa~6RMwL4gNkS^oX
zyfN`IOdfpafC4Xed@%0d(FLFloh5>2aM4-F4+0#fJea<neZlqul_v>_jVL931gui6
zp%c-7VL(iczyxX)%BgCW`DhSUz;g$6#1nk&mh=}lo73Qec8I$Zg$J6=5#0c87;b3X
zm^%<RqQKHd(g_8$vs-M~v0p|ocjHY=FxieW1QifVkQzzngZX0Gqwoj2MosJ8s_6f~
z62>YHSsH5_^O$&=tkriflb_OgU`7tw>@d0HwIL7@()Oor+d9KLmpU&wo3$l)VH%=2
zC7=z_g2Er%9~k_Q->BXQ-sl6O3&h!I+OQ}P^u-|yb7n;k$@R%&F-pEyNU9gnvPWcy
z>C0Eqv|!9&lA>=V%TPfl6WWl=ihh%*pdqHnrHxAzPFfuMY%T)e(3RU%aHP6VK2P3K
zqr=9EMx&0RD6}u(QlC~KQ59xTO|?(ak<%|;lyjHMm0L<Nq{m8$OU;~+PeD$tOi7?K
zQVl2<S7BGZR5z)tQY%;ID*@<PsHIlemJ$?ZRd>iXOWlSXb8_coMSTk*(5}{T$X~^8
zR%M8`mAM51%1+8r78)1W3DPX(%;q?(Et*1`#8$&PvO0i1IX*o;xlf3<Cj8Nk;#PBw
zhx<2!H+nZSu5N$X4le%M=gfaOSj|BraOL*n@**fEI3wWU7PjNyg687nZngEW5nd3t
z)3s(^n3!L!cGo)D*I(67XwPXcc14@%E=94^vzE50o!u<;*Y#DC)~1z_{;3Xh{d!Q$
zVz4C5BhjjM{}bFsqB$e4T%cX<DR<5%k=t)>&R&848jI-f@M`Q|{$}_p_DT<}9;y@S
z4tEBJh7uJ~6JZmP8sQ&-_0{Jqa%^<$w>U69R;)qX<A^{ke5^=DM%GZaJ=+n7w`GON
z1P3#h1Gm5NSN7{KdX8F79)m=7VB0*Kp2?RASbLCpe`{G|n<=6mzaA2kr!K0lN!5B)
znAWXUYxVdag%kY~trHBw4#kWq{%n?P?d#aT)KhExPR5%&dbDdyYjA7N9=0Cj9w(<h
zr<==q%dV#<r%t>oL{P+90&W6b9!+k0d|;2RT}k(E+fDuDGe?z;F^$XZQ{L;tW7NYI
zrIQZYS$029XqK)W@pz0{7ad18gxdu=<=4?V-;Yerl8)wfF711c{5D@A9)WpqdG<5i
zd4q<ZYO!lcyCb@9yH_@EHxv9n`L_u_`{!{?W#a#W{-xd1(qp=Xx`h@14q$xsc~yNA
zdn<kmg|vmNhirySfI@+qht`9p4ao`7g1Ln=3y}zIh1;?`s^hJ){3H2YerzJ~O$A`>
zX6<me%NE1tqB8^KB{mk~fJ_ob7>PXCNg)cuXsS0fC^J8{pVZ4V#1gBo(|RGBVxXbA
zAj-w<W8)@&^NhEZah360Z(09)xrcYZZLjTb8`|aDCC=p_;x(ogjlSH195$5)Ehu>>
z`HohR1xcsLe@>@C9UyyEJzNrVjccS+)J$bJ9#uRczapRT(^zds{hL}(9p&=v>9~g0
z@$>>>JgF7@0qjzw-Z=4r_Z5Se^1R?Y!|%Le-x4Qz(gWY?$_G~1fRJzfC$ZbHLinT{
zlpKVdrHwm{tBsc{^edxbwgU<#?;INzkCPFSX+@ZG7l8ZywRGk062s4~1v$ff8<+&9
zhAi?^KeuG10o{NTfXLtBed2NLDcrwCEOm6tIu}iBbr+>Lhd4Pn{!&j;b}?VIIJChA
zu+?$~i><59?w7~)++ucFe=wIUYhK-R&pM*r&;N|pp40!KH&hpVGMM$Ork11LNnRrq
z{Brt8^4h)q+#iQZX!j+6aX-zFsgb#o;khBI@n{FlLqy}9t((u`+PK~I5zM^IJiy%A
z;^X8{p;Ap(g}2dStY<|HY-qaLxGP>`)!@@QTM=6)-(c4#*4i*I(`YRIE6?0}XPN6{
z@T_!}OXwM}JiOuV&^iNd5#slqxbu5cz1Yp|7V{N2Q9Q1^Gr8Xf`~F5>V!QZpqCEB7
ze3yRqzDj3L<QQ#x?BrqN=s4#{?-Z_AT)hjQjHWMi7+BXi)#2bI(A|BC&Pye9^Ky`q
z??j9$wC*`{E3>A$3ltD2BQDNWu@XCw#O<|f6R7t+)ETSqAxX%KH?j|~5v&R90*5_C
zUHusPF-%*kjFXpjigVi|m>b~J<Ycq;%86*@c*A;1DoE&a_tM_yY6X`8T{`WXClb*A
zI#3@|gWJi%XLQ_k>ejxiU1}r%mkTdY+opfibL`P<W&JigZnwFlWOUyf0ERmmDb5D*
zL^=*{cDM>W-dzxbbFDlZ!96|czD~z)S@0R~#b}x&T0*}AG~Tlxoz4cQ2Wh{)NVAB<
z2lxf1a6awa=WO-H;)oOqmituPH$7&)Hty~Q?`r3>`Uu~N-<Td-jFVObp88qb9UtZk
z2O8$dWZ?NS2ME1d&g)IJ#+?&w-70=n686b|4LFuKlAcOX%-0t|@r!?dabq|~2Fu@S
zU)Kt4iT4U+Oy}i&t{=8<#}&<i44VH9;Wdu{L5%@%tO@a5jx$f21aj)ZEzBaoK+9sk
z*J}iKQZEP6`VjW}5oFLlv?$6z34;0(1X-igccD;XB5WL0b86bDenV7rUF3S2?)iDA
z63D({hzoaTAD;>zpC>z<9rsO0X9m9!yUC(CsG+~Tu*Ua0!SOR!;CH_l*gp!lAY#+|
zxQ}oa(OE{<6#@bo>)!<lk(Gl70l~Q|D=DVo1$pL==%qiL3f|gKlmBDNoK`iQhHJm;
zKbX;vcWSbwfN6z*_=^gSBbc01He!4Ln&vtK{o@I;E^TI?F9<mpJsEGnGL-nL51kXw
zjIe90(_%8s+^*51Iqi8mP_NW|QA>W~PjiQb_EBerzrgL%k-GcIpGzH6HW+nn?Z~Dk
zu1=WRCBg<F60`-8upLD$2}o@^bjiQyF~8fzvmvyBpktnvLeVa|ZKPS8^`_kIKNnu^
z(+hTV1=!B8he(ctbE#D$N?b^7P;UF{5kT72i>y03*yIIv?9Sq13%V7>O$<>;T23?9
z)bhA6=awa$g3^+b)doIK-JG46A9w@-6<-JmEBR8NfaR2FfDHy#)d~D~4@rqF>s64#
zF2**Bw=X+2HFeWkkuh2;(B`FF32N%#RHq7D*u<LFp;S!LI+;+?WxaZ&#pf8iW$fSr
zdkFj**Kk7aV(s>>?;yYy|6YX8MSW-7Lb$=3dY2>DUBBSUu%GZ#u;x1p5~@eeHcfD@
zG6j0rSs`NUV4yeLHD~XgC!23UKxC^K+q<X*3O0{UJAsG_zLj_mqp0?D^_Qqo>DMSF
zI%50QGs*M&l?7q#7Toa_>y$xyNN)YtkuTWaabfi#JAPpC_g8~1k8{eGR7C0jb6*6I
zQ8zBv`k&_}+HDvQS5#4yo0PKea{T`<XU+&i#HEmQ{?C~SDJCM%t4Bz)DAFR&L7cyR
zPXC#tHiH3o%^!{=j1RbjwEB6w{Ld8r9r1c<SIa2ML-cwIJuP!m|IhUQiSoR%WT+kF
z$osScpOf^*>_1b6@UF48y9Q#z`KA$#m$G`a2ExCLs2d10`#Cq&<Qb;ghf{zS4)pZ!
zFr6<^q>QyMX{U^Xs_`?yo}SBn>qk)g_AMGHoq(EF_5M(UBzWxwiz>rfHN8pI9-jHI
z9&Iy*_tR6$o1Wy!K)~^B$4^1_Y|2UBiUbxeSlo@6Mw+(GMnEKg{z9hM&C}CtGL0Dl
z1}Z7}6P{x;w~2!kL=KH^&o)otl)-0yM%#-WFzO2ktSduW5LS})xvKWOZ<LM?zW`0N
zJc)E4X*QQ=9nldbL9)c4(?g6^#MahU{Oeb^ii(QF)Ku6_9L|hODp(QFWUgx1*1BLl
ztvBV{&5(y6pbg`hAlN$-Iwg6*m;4x_TwwuU6jD2=W;;F{_#@kCvx`r1;OWVSikjNw
zY_<8~`BkUhRO*obSfvOd{wCg0T7ib8n+i5T5bGt?daD)1$gczX-RFLw!0Wd=UV;z+
z21|RoKQ&%ol=+WHCmI^~v_V1$pgnc(m>v2kHQv%|Fq9*mUorUfMF|znv7-nkFi_Sd
zA2XKLg?@X&RD-WInswCxMZ0%?v(XA|Y<Te^@0MrFZ~pHE%xes5&oZsy{H+zK-MM&B
zAjJgNqV^7&-P);nK)-cCHL-LDlr?x|xqfxEPOK=Q84j{~pWBh&I`pN)F6Ls7nNMeR
zGrlvh1$rvEkH4PKQ`j(})!)YJLLIivj^JXwL*ijBf?&$=6sEMV&h^IVWe3+^COJPp
zVRtma?Bq}NmofT=#6})2uI)^#JVgI^&*!t&`|(neUf$KoN|(XcMFOf8c<mgcFno$v
zuA*~&Etk=xWsg4^cfZ1>9nF<;;+@{)VO!FC9q<F!jtO+(y)F-l8`)SThKl))cwhR2
ztG*e93#7+Ft{E$ss((yE#sjT*@D19+>*=XI)3+uByFXQk<HwWftkQ;tB!=GmIEjtw
zL<D0hqO$bAMp(7}Laciy4VMKfumCtI25Wm^kAK?HY>z-&csV+xzB)JfnaV<b{ss9`
zp2PIH=Q6{UP(w1K1=ZO{vPPC7P8Q(<#BOxVZv?<?K;_ZgoylLBoa`>9&Z^$?iafyp
zKQ2rAJ38#opCx4om_kis38E=MC6~sGEQajxt;)w=hilBdto*r2wp7B4<!K8mqbwdS
zhq_}_pfFm)Y<)LbCA@9lf;#y@?s$PObhG!Kuh?s#y=^7bDiAczWNzBtp1E(S#dtEc
ze=?v_EngVJB+n9qhXOwk6T{JD@%Yu+wsz?Jtr3p)Nw&*Vf*Sm^uVgQHDm8b5m|^sr
zlXEDGpGOMdwq5T2j3ILcG(8davvH@)+nn1}mZhP?pl3TJ>K37h#pi^B;j_42j$Qgp
zsP=<mW+~<9hl}={$BXeKdsn*@3?_z6v_r6jSCg5qOFzn^&ciE#-*uEjAx%!NG1Fg{
zbk{fUhqqwGhvTpG5+qqf80i6C@=<4B-ZAr`YSv2xG^*WFhUshbmF6|P^$n4VDJXpl
z;%*^qCu~Cjo+5yrMYm6yw`nO!j^~g0(|1`78^uA4q6f`$*y;}|3o5Ov;4dpFmUQR>
zuoUlqM^!#UDoO}w;R{9BDyT^WtCxKISKIjn9Mkf3aM8(LBG~I6P7%hF)Pgu~zsmnx
zzBy~oH`e2hzfpMpAu#B0P{_WdN9P~-qDUvCp3=NJ|C?1GXt_RUc^s1p^&bT4d^AA&
z|9u1L$+>bEGJT9bXV2vYPY<;ZKa38{4W3Jj2#h=W2(ABPpgF(|2%J+s^TAi>C*gZp
zwF!#xN_F!j3Nv(4xUKCzzK@PCr{UkK(y|L}Ml4E=_lJkuOkAj#@%r8B-<(+2f}aD{
zf&*WoRr?4T&vtS*aS9?`-AYBeLZO4#>3h*qrgbfMYtUSFIhj3Xi^gp-c29=peb+93
zq@x*YXX6_6Qf+1W$$&-u30tCk1oQ?swry1+HPXjVSw2S7hlyxo<L}arb}vfE%OuZC
ze>6V6$7O5N`LNJd`RCkXX(?Q5Vad33ff8wnh`<zq;Y_uNgnt7(-j8#08WJJUxm$Ah
zyQh+fHM(Qg`#>2Xc)f<vf}y9O3bM6#F-mTZBv*@(Vs!pYhXeUx|F6gTMO5a4*R$Bm
z^RX6D6X*Ai5m@hsgH(0nD5%Y6Eq7zfr0}h?!f65H#}L1DS{E@hP_dOr-x5{4+{JWe
zPRx7Tt-k6icb)iV-mj5ptbfxnM1TNa=vz|Q4W2>@ViSffiQipqjPE$DoIB#o&c5r#
z1i(cGjS#KbESqj@gC@EnU2$rtAr{zn8?LpN5<8+?OB5G9rRn8-?Gl^$?YpwKKwY)$
zZ}26kKU;pbrI-lKkuU!5f@+(UcwLseFaJfc-F1?GomR@lpPlllsfRVNVR+ZleiJCl
z>exQKtCA$ciEHULUTIyw2Eu@k#{pKz_a~^d($hkq9H+)}cg%J(94BF6B}eN-|1qll
zVU0wpApi6I0dC2lZB5_1{?6cOuP`ob5rD`48*yDbbg)t;uaHgeT{x_c!jv25mCKUy
z7Z5yQJkUm5rEzr0Q2<R_F}V$y(`DuL`O?ycy9S?Fm%O%Rc=;0e-?Ek-oXahmG$!(8
zYf#9cx5e;`wsqt1V9&cT6?FGab9N)G%92~}h$fKor3k;y7vV0GTcYf);nPW&5qhb~
zJ>Lr?!Tx(+W`w<`JpKcFl((=<%U}nIn+0dr|MMHgF)6&-m@nXw#=MPwb`mvGr4it`
zfA}pWqB7rusVIiiD9|zRt8?C)-&Ankp~7A~t0d^bPc?h<kI`oV`}<=FucCngAs*#n
z`F9U;!%h)2T@Qu#>z)eXsxp$lQz}ZuT;3Yw=XP6J;j~WUgJ;yA4bj89NGAyTGamlI
z&5s}RbXH4_Hf>KEE$St|`V1aFqo!+tPI_0uC!YAZG__1$8?!Ia&Xb<+oS+;u`c9-A
zJ5DjaXns%L*lkJP5LI`Ek3{n7y`EI#a{p4evr+xv7!I%g*^*ph;F<FmccS>_+f_y#
zs95x!iD~2u-G7uBiMx+&FtBTS|Lk&>UIMKQ9!8Tpxe(b?bzMtsr_<9zPM|w-XPCBl
zIhA*1v#}BagH`jgf22o*msfjPYzQ;G={SdW)ijU<UZ0UM-XFw`NHAJZcXYS<RY!XC
z(A^j~Z$Kb<=SIZ|u>2Ryj@zK!SuQBfQOnfp>-(O-ww08lYH~O5-abnDjic4jvub6r
z^x18xwaTo(a$Xp1*-Bb?BfsDujZLM!dV)3;Db92(e5nfIMIJ`H>1-;bex$|^6m7o=
zTF#uSqp}frzSL5;0ZR|h1MGH!ki32MjP(Z<Kky#Bw~gfEAvs9t&Ome%`be2-wv?I_
zIzS?bno`5VqHgXT`T6MQr#U$0hA(t~bPns1lT>xccI22w64<ej&Bl#?qyAqDGakHd
z6V;pm!Xp3kGWYX-GT_nMI{-VQHGeMAZs@0rl$6gmf_q|fZ`$LzMH(LMUSjJve59cy
zC`z9t>UcL!%>=f83Mh5hM%_>K|0$UmD($Se{%^7X@FAIYxnoN<`~OL*RM!tO!fRLb
z`%hqfkkryerVsEREAkKteFJ2>T^9Y%HXO7%j!XL=VOftm{2q?^pY4T`U(WOG-^T~%
zfYhzBxUB!Pce(vaHm(0p=1W_rG5G)F2lQoe|0xO?;>xnJz6cb;(?e?cw1ToSIyE&c
zM>;lhq@g$<*4{yWV9#sUvm@0MmIOGTzE7p^Unt-SaK<sy>4><OKJie^D=w+7))s)}
zd#%u{yoeNefs{@lS)_VhJBz%W&+m$i3>d7;%PqkO^ttkX@q1;rGJbbd1-o}B`0CPw
zUoSrsfzLLNDkf3{5dK5z>=vwbf=wgBG*+W{Zo5CrXdAXE^Q?wlc%d#nm5nIpq~{}g
z#oP~%BUs<UmOtMS9}ZRe!b7?|JFeece0lL|<g5i|kn=;|GCve_ptz%IvPm%gHW!il
zH#D$34zz9DUA-+hxc3zbZXLNf!srOckEg66gMzYY3`v96tY^}xoP~6Aa_6c+C!fH(
zN_VRj81p|g9<}n93w=+YLbFaI3^V9W=&+qF*eh~!TCOXsQ4)%S_rR>ZFAcdC!_hdQ
zmirob>1V@9PaZEPPN>^a*|hm7rQKcF3BsC@w+=A5@H_^pA-%n2$XmW;1laKb&(8^o
zXZVqSn)m6lzr{W~W<XTh@_=7^-80-S&DXuhbuQC)?A{l@XFC}Mx!TIRY`IR6TXf~O
z{X{V8GKE^5d}081ABXf{SzjY(UtC0PJPaIIMm>!bM0EWiu!B-UhTR#Nqr9aN5Lk=9
zdVX~VJjooD<A9ItXhC3-VuM=J<Lux6FLLB7nidnzZJg;}rK!H1OTICjq=P9mrDY^<
z#ujd4*X(c+$Eucj4SSnDkGc2MwHB;agt3Ib7TcxyqzRqHUATWphXbob;vsM@Csub|
z=9K)C=)eY9ID3DOfKbaXCn#;wZkdLDbG*=i?4rTv8JvR3Hq7aMZoyR+ZXTZ9T+hw=
z9|@!)!mIXW=VN{QtqG9fh3D@+*)R8DP25gK29)}1q0-=t@L|po&}wgXY%fOr-^Eq}
zwzJ;~0y9mpKU9-*<B?e~QP(#@UUMN&vCd|>HfX;|Q6U+h#ItxIyUspsaWq$9zZ_4x
zvbpbg>A!h4UW9)_w%aO`{IMV*G2H$Bw6c<sC(#=oNwOB}d*^j=lsbQr%IG8YMWFtX
zhY8zR%1u>Q-{K?6$}+6dYem)6)Fhj=NtXPvUL+M$G;Uj3&kvhIf3Q<%alYHqnsov6
ztW>3{&@KBsmp{>N4<bx(0Hn}D*kdWq5zDsZsR;BA{hc0{{8Q=vFqtO7OTmEa)WJb`
zUR^yZu!aWe_Cc%ZCP&d*indHRO_`O1;$ZKU<Tx(?Q)U?scZ-QQ|D^Y_@>2(v%;A}#
z{g(s*09H#WfahDiTj29DRbXO%zSDX2!QS4GLg>z9=`J#<{UBClJJYSG+iFpJ)b`bG
zlrL_fq!-K2(f=u?9=aW*3hkfKUkQ|bFog3|V~n~bU4|py^*K<1OG}{MJme>*O!e45
z%<yymL*;`_7<y>(n;Q9hs?3W_)l2KokL8CxHfSWet)#e9NpHiO&6@+UCn<E>(T6)9
z+RH_1@Yzn++uNJ2t)KuR|7DN%a%Cpq^OC+R%GK4CxJx}Bhs!Q8Ukh*1W65+e(PnTd
zjCnAX2tx~aFkOph=ZN^Mjz6^Mt77KZl1Ic`n_F6lFtNJdK(!T|?B0~z=qFV%ev=5J
zy-dp&>nX8u4AGS}-wVkf@ROg_Lk$vL*QCPVyc6{jBPSgvQ$2Ja{_d`w8YQVTxqL$Y
z4}|piI$QJy7tfoPYK@#iv--fNr-ByF@b@es+vbmXRrnMGFt6hc{uzAlf_{M}9GmN2
zpLqP9q1T^G839O*mxFq8VW9~as4U2{aj6e3Gs1pzkD2CA83N3Mj^Lqov0JzFUns{c
z%pG3*J$zH4&4dgtx38qz@y(Dqob+f$y=ps@4p!0T`?C3tt&_Hn187TMFDWK#HeOs~
zpj_tV?q9BFBKIy7v%i?^Poz5DmTv*7O3cbCS`*1*rav)Yqhvy4WkH#k6pnq57xl-n
zRYrinkLmeM(Wr@+q=JYELYk%5Q&#{<;2Uh%-Y+dpOiavX&mgmQp@)Zm#c&98<1hiM
z{L^YeK=7vs`u!VKGDnW5qmyL%6_suCe?S^d$JLaJtb!ua{te5Nj;-sz6dG8^!yuwH
zyQHNt_k$k|_*y}SRsuPgt?&OSy&+=b`3ACo&IKL9DMcxLgb<FrK1FDaHu?VucLRcc
z?thG_d}H$E%oX-90!T<k&Huj!QNq7U{Qtei4f>~K>Hk=HE^?*m12YKY9fML1|8?La
z1Ny|4eb@evj!_aZbD_FP^-v3o_YPqM&eYpsjS)1Z(-)5;7MBq!K`<RBb|$%Hk&6ou
zmDM=bsq*aKz8N=vnVg485Y*}n^Blu{HMnXH^i0^0>O3&17A7}1Od^Enx{1lnfl;2I
z(*ge8t|xu`#lnnIAfVYZG=ayw)oeMLir;<_I~_vHsXooqIp9<T9M;X6_@599)H!4b
zYO<}IbFaco6WkcB9IAmhwlzkqBZp{3Sf*15+`7Eau8z5fgE>b<NLb=nKuz#`63QWi
z>4G5TGuy`3gK-K7UJkz)-yKgS#NZ8%#m9uze@p>u^xz8>Yk7JCJ1d|JBKI9ruQ+r}
z^-`sSj?Gk|A5)Iw%xHWm_Ts`zorwgge{2(rU<j|m7V(Pp%y852e+=c#VMR21YS5}W
zb^18*I@$~f`hr-9>J5NFAEG@xtVR%M!mp-=A)_d*XG_4pXLDUzqz?8xy`Tnit|Tb6
z4}Ay6@0q)epLJ|NQN$$dot0RN%_-PF*@QV?jqS@|FAcT4{<f?Y6mI8Z(p}A5Uks*d
zpP($KM0cA!>njibLe<(#rb!a0$C<pg_T-m}<KFu-SF7L4Eg}0m`0|IbBER$tU}M7u
zBJiitp(L8svqqH%>>)jU|0KTy1Rc81sSNaieb@#bhDgWVdAOAkeaHQ2(0!j{QYx@h
zEZ+i_gJUi$FYZq)Q$6P#1)4)h7TJNn!89RKj$@1J(&r}k>Ozm7!n}i-T5%nnus2+<
zD++_o`M<KMj;tE0P`+~WP*k_~w@7p6iQ3L1J`C6H+dL-OE88+ujdN}bdD3*vTMi0%
zBMIi9=cL4oX$SrU<bYoH=U;3E<|8{Jvy3JQ%ZL;?6VH%l)n$zVU*KhQ%AcO?sNh!^
z8{7`0vrW#{k!JF8>%!JhEcs!^rdGVICrCm^=2ompgy7DA(#VOS+75L}2ZJ3)_fa{M
zk&c^ZWj1)qA}E80R{Xbiy{8b5qh16Nm8v`r!l&6->u#Pd#N;kbM+e1<)6N}_yw~$H
zM#zC?(7%-z$Qlbtj&2uaYAe4sD1`LKO4IO`Ooe#fK~YWdq0ymd_Lja*cYQMJo?D*w
zOImkK#VUVMNA!d}{8&1OajSAFPZE-Q#^9~cnyGV0J)VgW7vn`{g9i1vM5EXU_HbTy
zOQvrPfH`VYxJiv!h9DcPI=|%b7{1r(8++VWrL`5UkvZ#(dDL6VPuMV2^W{@+e%NhH
zGe=9#t4iDRQ;|sM)}G%VfF=r+KSCYzze@nk>vIh}iGY=iN!~AXehsc%iI>>1p`QJ)
z7tCD{vg)O4xQF!{Nl)A=x|Gb*I0dfkazHW{sBw~Q3HaGtu-;+7JFyN2Z<50EAyE!p
z*7pu}SnFv<(d_ReOflP<qF6(IUV$C+mi#4iH$<YhoUvyJt<TWxYhPx!?MTvi5)nTZ
z-r`vkqBWFGe{H}j3~#^kcI8<P3_qlr<jr`Z(fDbWoVg~ExLoKduM``}3g|K~kUg12
zAMSi;yfBKG{P8=Q2g)G~1Zhar2;+M3buQ1`?R38JxOjtz*|@Tu0SIQ{vm$y>dI2Rf
zC5-j{FBq;s_6NGLR6WMBqtdxAVV#T00&}q;xo1UsuS%^U2JQT>F#Mzy10Wz)P=S?T
z{$3gl<crB3(xEGZ1v{z9)Gj^`WKVHArT0;>sLu#KqR&Szj>jFtT5APT$Ehl!*&CYa
z(Hn&)cc9pAL|N>%ZQPoLfR>Yj4nXIrr7}-5hI4`B2-`SsNqmzZMMLz!4{6O<hUm5b
zg!JNk0qjIR!jVq&+=CcNIhROwes|t2)bZMslIZ}zb~VJf(#$RV^M7<MX}`}ItnvA@
z^HZT7ujg%;tBd__t|n&@ot7i)<zMo1(vZ{6A$r3&v<0abw)q-!x|ryQFB6Z5KD4b)
z4i2!I`V330=E2!C=cFSf>!Do|ouISGd0%skY`@pIiz!{_uMhz;qO|?W_FjZ<OR(FK
z_xUi5BLkR3xg3PFG%&602&S-K`W0IzR%6vOzx7W+&3LHfOD-Tlg0{7FjiiV|a*SyY
zaUNnD_s02~(1xE|C>yUXWQ%=il%%dE^u7viD<d9K+1?k1BD~zm>U0X9$`iHQ_p03i
z67mFaA-$^=m8!Q(z600whA}5r{IF+j@0k}KOpAlC9y-R{qj_L_V{$H4XI&{C_S+;c
z!3iqPq5-LcLrOC@-WP#ST3)mYNO77~4$)Rm89_=ry5c!~*E4-Sb|_Uf+sGIm1p<7q
z`|}4taftXPH^TL!qoZvggf>`_jj;`-F4F4Zte!G7IhVL&d<xMKR`6CD<00it$P^d+
zhCckUHH>m&`*8OVM$X&`7XZ2-G5JPmb6Nz)A2paRklXt-Bdiy;an<p1(d5m`uWrt_
za!*s{Jr_`tGeJ3~Dd++KCrK87f<Yg7Dj1>Qb8Ne;tSm`(@gK~8FSx8gcW7*mOP{@n
zi1PG)$mTywQ%xE0n)V6P&B|hvC_B7ws2>{MtL0;q=LsSUgoQru&tgCdecM!F=%X)6
z3{?kf8CPzUqVGl#!k*TruG*Z4rvU`{1o}7Wq_f8_$(_t;9RqN^;XQ6_D(|BS6R*l=
zR!38@{O#dk_z`EBb3eV@VCVqgq!jfmQSS_$=~wrti1&pVmMF%?`w^WF29k5uGlohb
zMpsFkKo>;n(QMdO2zL<?aD*4-08_VP-@vc7W(H*vdGwsy@1>of)Lp!&Pj}x%TLlcf
zvCk6x3Cjxk2Mfxx_;Djybt24@1`!<zpbVt2H~3UlsWT>DNa?Y++va)s1lymZuxRc3
zJe#<Hd)=)nb@#wcmhtS<l-jp!B4QRLow|EuH;<N+LkyU=``5mxZ98*$^GhLI{rC}A
ztCbyDEv+;Zw+T;dZR~A^3TKa#d3lUo0(xvRID1Q4qC8~nXwJP;7{PYGzhL5wyUqOV
zLJl(mzR11z)z)pszrM*szTTdgvkr-qU(~k+?xC7T&xGCL<VNrI8TU@FVN~WEJUm*u
zx2bTg4(J=|Tp3DcJ)X|QfAwO>Lc$923GRCW?mu?Y78V!#efQ8U-+OUEyR=bU?L{G1
zJ&~YYs}MxEJ7K7%4f@Q&;Cw$;m@B2n=}RD^Fg<+WG$hWJS|exw^af5(w}x|L{;%^>
zve%JVdnCHS9Ua$Se0M_-^`Z)XZu@a$U+pPlla>o79wiB%(PvlK9J!loo>0hYBW&nu
zPP_c5)#PYQPnYXkn3R&jJLxByGnM)k*H*+(tO(4$eu2flAo4X0I^i%4Stk4X9cK-}
z<2(6At#XQCWY9F6`<QaleO$VP!<uiug-o*UB)*{KuMA=RbwpEGp0l?B30Q*B?<GMW
zC@H`$W{*xe6is0IT}O@z3#y}gBH&H;aRo7e*@%($)7n9v6?Be>_WBod_*~IH@z!`B
zS=U`I{SP{FV6=_d?DVXKyR~ygyWdYYYFUDOrC|$pDTEkJ)ghz#jslgZLvCsPy-=wi
zlRcG=2IeNn&)|IRt!IO!=eSxQplb~pmnsF9+$=f6dNvW|#%O2pY<fYn_B<55a^f1Y
z;0nV$&H<$zvSY~1Fe9O0{&m&aH6)1E@;fnsX;g+BHWrl6!B;+!O;?X%%XK~(d~H)6
zL)_e?Hco*emnNK>>5Di1PU|@eg*-ugjnp3h=R0B9hlZV0ZNqx)yI8U@KKfW$CM4%B
z%~<l;D16h%2%TfU_l+<cXN1E)V8c3Yg<LaM-Xh5Mjq<#W)P7$6VVncW0t5+lEiKEn
zmr?&mZ6kjiZtm{<^&~qcy%wgFk_6xho|echq+`dsfj;w0bR^Ht%5C@lt?XKUDf4Oi
z0LY1zakx9dVHniky8^D=Yoz#v=)s~!STc=tySCcQycgd}3FB6~%hVv<!$Lmx$Y9id
zD~huCAsR&gI8Sw2&5%?X^=_uMdxF=ac1J^>Z?fWR^R#OXiIJ>?Nv;j*O~YTW%l2<p
z;~sVs?m+Oq&|}OBqaw^i;Vupa5BnWRe!Gtn-QyJPtDd_hk*%Q7Y~P+Tv}^cdy$dma
z#$(f7IU2P%D|6n_gpY9({819|bU36z$EFm&Erh1lu55T#ad|M=k_2H-)~-MQTT4mF
zx4{4QXui~JcO;IE`Amps@C93OY}_dD)m=mLmV{?p>(A|yQNp@@drdW|8MpS%kq_Em
zX1Wm|BkeN1u*aZ@-*Ygfm#-^v7By2F!67YYXmYoQUx#B{_#@{*e&mwn<UtTQgB0BX
z6B^BI6pm@cvg+<oO2qIa*b`x8+q#{Pu!bnJC1ex7CO2Eavu3IqjYP0a><ez&({W|J
z;|9Mks2n5ZwWbry@7t?2NU=h_+vo%Iqkedfi3e@J<@p;#*|4$>1C<v|{0WT|eVylV
z6z0Rvg)~qM+b-9(0>e(hey5MX!34gx05^QFZw>ML!+tnkpgCdB)tU#B$Y><4M@w)o
z<blHUaNxR6jgYQwOF-DO7WZyJ*i3Ft{P<PNERQcHxQhz$B!43k-V@G~Oi+C7eB%rJ
zb&Ss%t?t(@)f%N!sv<<lZi!7t>iZl%B}~*4W+Yke&=$RZAv|eXuiB1dhHSf&;J|23
zcvK?M58YozQqp<1YIlZ<S=bjq)RlQmgc!KLpSyesrqdU3#kN$M90;q#1-;+=Y*jiP
z$xT=SQV5}-1=w;`v=R-X{UH{2z4EHk$qM1wv>jb9$JY^LC!9~uJG@P}r*tkuS<B*|
zWh#;{sD_4L+h19U5~%ql;o(h8vZ5PP`h{n=W$xK|lA+y{g%x^BFD-V-uzEO#qZ}}w
zec5W`{$<RmqXpsr+^=!IpYbqWguaG<Yd$LNjUpK`ay6Ak`5z3ltV2;va$9q4UWEb%
z=i6HZvI6G-Zp<;Y35yq^c==P=`#{vBxkoG+R3i<lbZb=0Fkg|EMWq+eBfp?$0gi|+
zs};+iYxGq}{lIY;zx`-a`~R|9G1BK5;okTFDibAsRFOKg%1zt8T%#GudI<m3ka4>4
zw8~u8RORu7{2#F+Kw46zr^uOK!?ad%--rey@6SiGi$|U7rH6zWag_bMQI{KGUGL1^
zp+{%Qz*!R{kiCtBnOLQ}+3#w>)%#*evPCnzyUZf!$5`z957j8)qk|YwK9djQV@zuf
zt^K_YSRLs`81BAB`-iVMV?1{2tfe}G(Eln^8ZA7)`M9`~#hK6<qOUFsEq`}M^k{d#
zme^HF=^nWVc6NNOtrCgteXBHGIoN0Y5$+_|GOn5op~LG|K#8cId0`*nz~AxwM9deW
zgjS+NGiIa4{>Q4YxRF?ZF`Uo5l#CXS968UA=~@%Scd6WA3FRoL5^?Y++K41tDPKp8
z?1vauKHnFk=jT>`^kWtI@x4TW&3N?LHOuMngN^39H>+sBi*<U>pa)=AKfP9bP41uS
zq08M-v&)@f4>nJ;HclXi&qs!YMr6Duz>3t-7tQPD1lQECM6&d+=}w5gpV@+C*QLUR
zQs!TpfTiP6ta}!5#62rbpRR*fj+D~Bl+d>xnIssgIW+6%vCs!$>tL}#+2jap1$@SX
zFjW36s6QYeOTrLj9K4>(Wi(%#zZwsN2l1f5N#*531Ot-+KmD@hXE!)J4uKCe0I3T1
z@Y-gRZ=unCM?~C_z2eiKdMNj3Y+G@v_8AEXpG5s+$rT6iP^<+Vd#(!Z{(1#Ov*Q|i
z6%r2v^I`ZD1NGuO!gh`3LbfAGJ>R_;TS!t^3$qAd6*?~t865q5LFu=f3+?(u?*El2
zBoZS1-?C@}<Do^eikUebKQurA(wZ2#MXb=_6f?k1e35Ui=!y+kH=X%J{g#NzxWCUf
zRH8Zq+OY`Hd{w#pq5h`dFp19;G}Db{);>pN&dQG_+g!v@gi5lLYmEra?p`7BwCYdi
zBh2~>2#byyZHAp=dRH@c(nI6Nm7c+LMnoP^k1bW{n)P}cbhz2jWjQUSG3kb&5Pn%U
zQ5fa<$+PYp>YqoEQa1|1=RsBuuxEUG9M)QYom7){!vwc`(^w{6PkaX5quCE=^N<W?
zU(N1eTkb}-rhG?NjY+W5*wrRvOj1h>tz{;e9}SfL_8m=zrF4yD<SjjaPwI02V7D_a
z+c_b~r<zNMZ!p0$Qy=#6NXJ=K_;Wxn+?HR_{r>nP@`$P7Os%++EalQLduu&KMtz*~
z^)WK5RFC~<s%S)iFI7D~yWV)^fU^X=R>eI?c9P!pWJaU7hteEEjMKdV!F36h>$%;|
zV>EbyEicTjy}k8d#00Bu{R}{_0gA}V^Dir5;AX(-SB*5)MD*PmQ4`g#vu6)Z+{6-^
z-QlsPZqLA^&9a~>M5y>W=Rl_knVJ#*&Wi(~@wS&N*AM}EgXc@M2E5$skKOVsah6f2
zGWyEqVv_d^{k;iEUiD96B+IRY8&}*}i>}-wNqo2kyT=KkrdB^a$p$yx(WMXUJfJF$
zcP5jlon$#H7*8WSUmpYxAD&thnMlR&;pM*Q4BDWL%+Y5#bLhLxNfr8mat+&@3z<96
zFSzu7UM1qLE%%N~f+UfSlHzF1n2?l5dd)A8$8!6S@1<EdvF8_J^Bobk6ZWeguAo>A
zeQse;2O<Nre)^&Y#AasjitHA8pv{@M0v?UC@Wjx@vah0N$?zD^nWRW+$+i5DR{Y;t
zA|A1;aw+VHQ%5XG>6$f@>!3Hzor0vN*}Pn(GE;(9Y!F0Qh`86s=W_Rd`ybAdKc4^`
zN!2t6#$pM1rUPuG5@+&+2(f5jw){|2XboNHIYOtAxlGJ#I0KAUS$yy4AHW9(CILOH
zhKl@Wx0rjmzMjDAdU$h9lCHWY1D3=M-;L5FW+ZsJh^zEGFBuptOoP*WGH;Zb1fxfS
zp2uy-Uw*ImfLrG}tQNd$PouE+A`5brMrdpU?50(E*v==cLSP9BSha6t!f3DO+31~#
zs>bc7h3SDN4~744b3LX-*0~hO4(;di)CKs%b@+V@-H>$nnr~>N1F`Ovi90HkJKcK>
zKmGn{@j0a0LJMo*zb<6i0H~p05uC@SI?rZ=qrkVdky#5Y#~vPr^_VtSy2M*C%hDeE
zbU_?lDg(Uy;-XfB%NWm{s*eqkMm|`lQ$?-U>mt3epHzu4IUc2C-qv$vlDj=iIEjQL
zGdcf=*}F|FZWH%D@i})<EX>fTb~ir%#*s;{mJG=uH7OfQrd!X6JA-zEtCLvA+SkR7
zW?x)fw8ji?k^<N$&P{K&8Y-N08}ogu?SL!~A1+*}Y|O}Ah_s2r&%`DpDT}AQ=rjU8
zck?{E6`B6^E=!!O;*ca~6G<y+6Hk=(J#JPuDP3{JoYl<_$wgKS$<<3}Qbz-)%G+&<
zHmK``*o*BnoPfGt_`RfHDf+98c{rYINV?~Bx=@@S*-CcZ9~WHCV#sxKG(E<OToe30
zZO~ZFAUZmd|NhG&PZ5&i0LDFxHI~-2Jn(jz*ztoZLULY*4@`>Ll^P81(ox&R@Xz~W
zvDD8R6bWJ2pC=<?w5nw$T>>#`V8}#vQL5c1Z{ZEBA?W!d!f(M6|NRL!@UOMr=TgDx
zwIAMs+N1jOw8_L6hxR{1a%*=VR|wnrEdWqkv<=TGXq%sz5hI^&Mk()q`m%Ij_e|D^
z{cc0__ppAV;>rsv3KIJBQ62Pnz<pQ}!adr3Xm2echIq%?0b@WBgSDJ8JU;wbDA1aY
zg}-P29wcf7g&Bml?-9)b!v{GN3FuPB1}UXKH*y|_)GlR8$5}lQQ8D)-jU&G!X{F@v
z+ZdYV2Ov4?3jux=nOz40ucwxzd}YtsVXM1!-MZ4Io*B8~^35l=V0cJFHs~v;o>=b-
zM3+$4I1O7!z2Cwh4y1m-_)1AR!wNqgnkZ~G<7bY>Tc;(SC1rb-&;RxeK5WimmoL#a
z?UF>`zOZ-w-cU3BoA}V@+`$|Fp~ag0h))<)AfevxMU>Ty5VuRS8bniv=o}!>2TR*4
zD(}VuKAher+Q?iU-$3-*teapB)o23MuW_kv2?Z=kj~#&6gbvQ=hA44Wd~gl%77PW=
zT5>i}bH$y1awsj)lT8ru%eSt5>+IZD3zTO`78)OGZCnH#UyQ|iTjPe0yjZ3~EG3w=
z#VG`xgmBKaw>1W;y1H4>&~86|P9-jpk>JbQKA^g2YBoN7+n`%+g$62V2sB2nYryVe
zq_XvR$0Tz3<`FRpK7JRYt9Kcagp9{9*Q;}Vjy!x)sli`qFP<6rt*c|FL{dRBBi^ik
z>@=R?Y$B_|_>ucyv!{a6fA*FWUHU~u(@Mg3jp*2;S*!yLD$QTd<3B-01&?Gj82Go+
zG#8MpacbS|T1`cI9)Hr)7TSw_k=Y?I*}&JTML9h-1H75zcHE~G`HpJoj1sXv4tyJA
z9w2yZs<r*yZjA#cp`<A4>LSacRFIDdvE+z`c*rD~0I?kQS!5VD<Ri5Jxc|J8XX{|o
zJlJNycdP?@wbwbYKKKl`pgGeZl&M>Aj1INsJKcUUjwpv8+(`2Br8>OD005}d3*bhy
zuh^{j>3O6+d*VFPHQNgqa#dl@S8R!AZm_V2^3zzQ`#H%Uz5Q1LETkrt^7b^vw)9Z|
znEnMmq`(8<9g?@6hZO|cy9t;}NMV!?ag8S#I5gY$=gOC|cdl{vCc$UPggN(`GhvOP
zuFXjc-JHUt-<3g0cUSV%r0$4ED4Rs<=l4TTgIKQ+@=j;$ib*RIbixxLaUaG~VVsEj
zI92&wFL<K6y^N~P=7;Zfdge|P3x~VH;3RQWfOe3Q>0F{H7gZu=R1j_1_!0dCUFk=-
z(ai+|jMt{n^KfX`qvdIQq7zJ}CD^^3m;>ebdF_3Qm%j5BdW5~(oy2WDy}wEq`^uJ8
z6d@94zm|-pcNI`1|KvnmizIxNH?WhL+_78NA+;GlpaZoq(q)>1j!_qI%G)IO&Ww*t
z+lFWzpB_yO(+Un17-fw<{;Glb(WUr;Z4Ur6tN>rvkI5fE#*5TRS4_6p=i3}S!CNry
ziZHMPQ@2Q#+yG86F6P@fVP!q7_>(o{E1u54V%N%5w{UaWc#x~uC+|vm9<{xfrkAkm
z9y}A@{&7$$BE^rPLD^p)hxXWhD^(OXnN!FE_p?=>_LJ^(Iifn-EtWQI8Ob7;emzDc
zO?)q(sO#)OC8@7|BH)|cK<7?;zR_D<N=}Wm%-p60T+gLwe-9d4&B26W;o}rjU=J(!
zi#IpL25=L8jnmBMpC(IS6h%8YloQ=Ymt%$P3dt*=In3?TuBmMho<Eehpv^Cn?tq|b
zEY#{VViw@%2E?|h_Wdqj%u#I_%?|V6Q=4PBa&J71=Zc?}YE)Q`ud*jxfN2tjVGXWY
z=O<bQnMQFGaYh?s@N=3MT+2Wp5=H@~DQNnYB<4mC{cv0tw5CZD^@jKb_|Ihf1(5<e
z=-Dm{bSof)HK(Ubxw*d^par^Oy;M)hq!9vg4*;jpSbL;132r|v$=Dc(gKs`HS(pQ<
z&6<{Vugq8B%e;!dD@Z^p@`&Z8<WTVt!?b^aoQ_=Acc86HJ(46yfFU2Xu^UMYo^A!c
z=>AltNG@|@bOG9Q|5&Tk;}dp(G9ul-YvPV=QNjx`B8`w$-?noI6`7?mQsAbPl8mNm
zCuA?@G#2T(BhlOOS1VEe97KX4FQ|q}TDv%`+1WN+@||J?GifB?=Y=EM#^yHVj$%4f
zY$uGH!JCHL1P-AAeZX2tc69Zsl;klw20huO0Z^@YLu@t4a5|EU%K4T&DAmpm&jBh6
z)Ram45*6`g<&#AYohuFbfF-*N)B0n%R9q4&<*Qh23jhEs0{IbbE1?P~^sO$gScK+*
zzJ29tY00!%<lXpWM!Fc*nfppQR;|C3z9*5afC;57b^^mm8x)e|{RHjqmEGhp(sEu+
zK!ERto;n5-3IH5zkA92!tC{_%`vpF`<=TV@vi65)dwYo9uA3U0{(K!#T<Zn^HLR1!
zZQfewxCPqx&1TK|-er;{QG5EDO(9sJ6<`-pPkJM;yI2i6wsQX#xk~V79@`8>JeZu6
ziyV~u^|c8R^HyL!r$TR1?O9`z{c&3Ozv`X5Rk;!8-Uz}q72`H~w!P~HkSS8X1H?x`
vvGp-wER+OX2i7v&c4*St&}a<QJ88|gBs=cU7J?sVfFNY0lq74!jYIwqNEDq0

literal 0
HcmV?d00001


From b3bd2d5b6cd1773790234f66c3db895b3fc69a26 Mon Sep 17 00:00:00 2001
From: Zoltan Tombol <zoltan.tombol@gmail.com>
Date: Wed, 9 Jul 2014 17:08:17 +0200
Subject: [PATCH 089/516] Revert "removed expect from mkimage-arch since it was
 not working"

This reverts commit 962e1186f9a0a43344e19dcf70bac159f0eafb4e.

Conflicts:
	contrib/mkimage-arch.sh

Docker-DCO-1.1-Signed-off-by: Zoltan Tombol <zoltan.tombol@gmail.com> (github: ztombol)
Upstream-commit: de5f3020d92f14e7ff544d92440c5bf9e012d460
Component: engine
---
 components/engine/contrib/mkimage-arch.sh | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/components/engine/contrib/mkimage-arch.sh b/components/engine/contrib/mkimage-arch.sh
index 1f52cbc1a1..27c6ac6a3e 100755
--- a/components/engine/contrib/mkimage-arch.sh
+++ b/components/engine/contrib/mkimage-arch.sh
@@ -9,13 +9,31 @@ hash pacstrap &>/dev/null || {
     exit 1
 }
 
+hash expect &>/dev/null || {
+    echo "Could not find expect. Run pacman -S expect"
+    exit 1
+}
+
 ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-archlinux-XXXXXXXXXX)
 chmod 755 $ROOTFS
 
 # packages to ignore for space savings
 PKGIGNORE=linux,jfsutils,lvm2,cryptsetup,groff,man-db,man-pages,mdadm,pciutils,pcmciautils,reiserfsprogs,s-nail,xfsprogs
 
-pacstrap -C ./mkimage-arch-pacman.conf -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
+expect <<EOF
+  set timeout 60
+  set send_slow {1 1}
+  spawn pacstrap -C ./mkimage-arch-pacman.conf -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
+  expect {
+    "Install anyway?" { send n\r; exp_continue }
+    "(default=all)" { send \r; exp_continue }
+    "Proceed with installation?" { send "\r"; exp_continue }
+    "skip the above package" {send "y\r"; exp_continue }
+    "checking" { exp_continue }
+    "loading" { exp_continue }
+    "installing" { exp_continue }
+  }
+EOF
 
 arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate archlinux"
 arch-chroot $ROOTFS /bin/sh -c "ln -s /usr/share/zoneinfo/UTC /etc/localtime"

From a276156a4474815cebabd28844111a9ff3b443f2 Mon Sep 17 00:00:00 2001
From: Zoltan Tombol <zoltan.tombol@gmail.com>
Date: Wed, 9 Jul 2014 17:38:13 +0200
Subject: [PATCH 090/516] Fix expect script in mkimage-arch

Docker-DCO-1.1-Signed-off-by: Zoltan Tombol <zoltan.tombol@gmail.com> (github: ztombol)
Upstream-commit: e72f8161b91e3cdb8a9bc4369ff5f9673a549e2c
Component: engine
---
 components/engine/contrib/mkimage-arch.sh | 33 ++++++++++++-----------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/components/engine/contrib/mkimage-arch.sh b/components/engine/contrib/mkimage-arch.sh
index 27c6ac6a3e..e83b2b6731 100755
--- a/components/engine/contrib/mkimage-arch.sh
+++ b/components/engine/contrib/mkimage-arch.sh
@@ -5,13 +5,13 @@
 set -e
 
 hash pacstrap &>/dev/null || {
-    echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
-    exit 1
+	echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
+	exit 1
 }
 
 hash expect &>/dev/null || {
-    echo "Could not find expect. Run pacman -S expect"
-    exit 1
+	echo "Could not find expect. Run pacman -S expect"
+	exit 1
 }
 
 ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-archlinux-XXXXXXXXXX)
@@ -21,18 +21,19 @@ chmod 755 $ROOTFS
 PKGIGNORE=linux,jfsutils,lvm2,cryptsetup,groff,man-db,man-pages,mdadm,pciutils,pcmciautils,reiserfsprogs,s-nail,xfsprogs
 
 expect <<EOF
-  set timeout 60
-  set send_slow {1 1}
-  spawn pacstrap -C ./mkimage-arch-pacman.conf -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
-  expect {
-    "Install anyway?" { send n\r; exp_continue }
-    "(default=all)" { send \r; exp_continue }
-    "Proceed with installation?" { send "\r"; exp_continue }
-    "skip the above package" {send "y\r"; exp_continue }
-    "checking" { exp_continue }
-    "loading" { exp_continue }
-    "installing" { exp_continue }
-  }
+	set send_slow {1 .1}
+	proc send {ignore arg} {
+		sleep .1
+		exp_send -s -- \$arg
+	}
+	set timeout 60
+
+	spawn pacstrap -C ./mkimage-arch-pacman.conf -c -d -G -i $ROOTFS base haveged --ignore $PKGIGNORE
+	expect {
+		-exact "anyway? \[Y/n\] " { send -- "n\r"; exp_continue }
+		-exact "(default=all): " { send -- "\r"; exp_continue }
+		-exact "installation? \[Y/n\]" { send -- "y\r"; exp_continue }
+	}
 EOF
 
 arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate archlinux"

From 952492cc20a7748cda2f3d9ab5cfeaabd39b1824 Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Tue, 8 Jul 2014 20:37:08 +0200
Subject: [PATCH 091/516] bump api to 1.14 & update docs

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: 680e27d6ec7662462594fd5264a00c09bcb14da4
Component: engine
---
 components/engine/api/common.go               |    2 +-
 components/engine/docs/mkdocs.yml             |    1 +
 .../reference/api/docker_remote_api.md        |   14 +-
 .../reference/api/docker_remote_api_v1.14.md  | 1422 +++++++++++++++++
 4 files changed, 1435 insertions(+), 4 deletions(-)
 create mode 100644 components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md

diff --git a/components/engine/api/common.go b/components/engine/api/common.go
index e73705000c..228c9fc1ff 100644
--- a/components/engine/api/common.go
+++ b/components/engine/api/common.go
@@ -11,7 +11,7 @@ import (
 )
 
 const (
-	APIVERSION        version.Version = "1.13"
+	APIVERSION        version.Version = "1.14"
 	DEFAULTHTTPHOST                   = "127.0.0.1"
 	DEFAULTUNIXSOCKET                 = "/var/run/docker.sock"
 )
diff --git a/components/engine/docs/mkdocs.yml b/components/engine/docs/mkdocs.yml
index f4ebcb68fe..177b50373a 100755
--- a/components/engine/docs/mkdocs.yml
+++ b/components/engine/docs/mkdocs.yml
@@ -104,6 +104,7 @@ pages:
 - ['reference/api/registry_api.md', 'Reference', 'Docker Registry API']
 - ['reference/api/hub_registry_spec.md', 'Reference', 'Docker Hub and Registry Spec']
 - ['reference/api/docker_remote_api.md', 'Reference', 'Docker Remote API']
+- ['reference/api/docker_remote_api_v1.14.md', 'Reference', 'Docker Remote API v1.14']
 - ['reference/api/docker_remote_api_v1.13.md', 'Reference', 'Docker Remote API v1.13']
 - ['reference/api/docker_remote_api_v1.12.md', 'Reference', 'Docker Remote API v1.12']
 - ['reference/api/docker_remote_api_v1.11.md', 'Reference', 'Docker Remote API v1.11']
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 36f35383e1..3b1745e3e4 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -18,13 +18,21 @@ page_keywords: API, Docker, rcli, REST, documentation
    encoded (JSON) string with credentials:
    `{'username': string, 'password': string, 'email': string, 'serveraddress' : string}`
 
-The current version of the API is v1.13
+The current version of the API is v1.14
 
 Calling `/images/<name>/insert` is the same as calling
-`/v1.13/images/<name>/insert`.
+`/v1.14/images/<name>/insert`.
 
 You can still call an old version of the API using
-`/v1.12/images/<name>/insert`.
+`/v1.13/images/<name>/insert`.
+
+## v1.14
+
+### Full Documentation
+
+[*Docker Remote API v1.14*](/reference/api/docker_remote_api_v1.14/)
+
+### What's new
 
 ## v1.13
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
new file mode 100644
index 0000000000..34a8195e8e
--- /dev/null
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -0,0 +1,1422 @@
+page_title: Remote API v1.14
+page_description: API Documentation for Docker
+page_keywords: API, Docker, rcli, REST, documentation
+
+# Docker Remote API v1.14
+
+## 1. Brief introduction
+
+ - The Remote API has replaced `rcli`.
+ - The daemon listens on `unix:///var/run/docker.sock` but you can
+   [*Bind Docker to another host/port or a Unix socket*](
+   /use/basics/#bind-docker).
+ - The API tends to be REST, but for some complex commands, like `attach`
+   or `pull`, the HTTP connection is hijacked to transport `STDOUT`,
+   `STDIN` and `STDERR`.
+
+# 2. Endpoints
+
+## 2.1 Containers
+
+### List containers
+
+`GET /containers/json`
+
+List containers
+
+    **Example request**:
+
+        GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        [
+             {
+                     "Id": "8dfafdbc3a40",
+                     "Image": "base:latest",
+                     "Command": "echo 1",
+                     "Created": 1367854155,
+                     "Status": "Exit 0",
+                     "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
+                     "SizeRw":12288,
+                     "SizeRootFs":0
+             },
+             {
+                     "Id": "9cd87474be90",
+                     "Image": "base:latest",
+                     "Command": "echo 222222",
+                     "Created": 1367854155,
+                     "Status": "Exit 0",
+                     "Ports":[],
+                     "SizeRw":12288,
+                     "SizeRootFs":0
+             },
+             {
+                     "Id": "3176a2479c92",
+                     "Image": "base:latest",
+                     "Command": "echo 3333333333333333",
+                     "Created": 1367854154,
+                     "Status": "Exit 0",
+                     "Ports":[],
+                     "SizeRw":12288,
+                     "SizeRootFs":0
+             },
+             {
+                     "Id": "4cb07b47f9fb",
+                     "Image": "base:latest",
+                     "Command": "echo 444444444444444444444444444444444",
+                     "Created": 1367854152,
+                     "Status": "Exit 0",
+                     "Ports":[],
+                     "SizeRw":12288,
+                     "SizeRootFs":0
+             }
+        ]
+
+    Query Parameters:
+
+     
+
+    -   **all** – 1/True/true or 0/False/false, Show all containers.
+        Only running containers are shown by default
+    -   **limit** – Show `limit` last created
+        containers, include non-running ones.
+    -   **since** – Show only containers created since Id, include
+        non-running ones.
+    -   **before** – Show only containers created before Id, include
+        non-running ones.
+    -   **size** – 1/True/true or 0/False/false, Show the containers
+        sizes
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **400** – bad parameter
+    -   **500** – server error
+
+### Create a container
+
+`POST /containers/create`
+
+Create a container
+
+    **Example request**:
+
+        POST /containers/create HTTP/1.1
+        Content-Type: application/json
+
+        {
+             "Hostname":"",
+             "User":"",
+             "Memory":0,
+             "MemorySwap":0,
+             "AttachStdin":false,
+             "AttachStdout":true,
+             "AttachStderr":true,
+             "PortSpecs":null,
+             "Tty":false,
+             "OpenStdin":false,
+             "StdinOnce":false,
+             "Env":null,
+             "Cmd":[
+                     "date"
+             ],
+             "Image":"base",
+             "Volumes":{
+                     "/tmp": {}
+             },
+             "WorkingDir":"",
+             "DisableNetwork": false,
+             "ExposedPorts":{
+                     "22/tcp": {}
+             }
+        }
+
+    **Example response**:
+
+        HTTP/1.1 201 OK
+        Content-Type: application/json
+
+        {
+             "Id":"e90e34656806"
+             "Warnings":[]
+        }
+
+    Json Parameters:
+
+     
+
+    -   **config** – the container's configuration
+
+    Query Parameters:
+
+     
+
+    -   **name** – Assign the specified name to the container. Must
+        match `/?[a-zA-Z0-9_-]+`.
+
+    Status Codes:
+
+    -   **201** – no error
+    -   **404** – no such container
+    -   **406** – impossible to attach (container not running)
+    -   **500** – server error
+
+### Inspect a container
+
+`GET /containers/(id)/json`
+
+Return low-level information on the container `id`
+
+
+    **Example request**:
+
+        GET /containers/4fa6e0f0c678/json HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {
+                     "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2",
+                     "Created": "2013-05-07T14:51:42.041847+02:00",
+                     "Path": "date",
+                     "Args": [],
+                     "Config": {
+                             "Hostname": "4fa6e0f0c678",
+                             "User": "",
+                             "Memory": 0,
+                             "MemorySwap": 0,
+                             "AttachStdin": false,
+                             "AttachStdout": true,
+                             "AttachStderr": true,
+                             "PortSpecs": null,
+                             "Tty": false,
+                             "OpenStdin": false,
+                             "StdinOnce": false,
+                             "Env": null,
+                             "Cmd": [
+                                     "date"
+                             ],
+                             "Dns": null,
+                             "Image": "base",
+                             "Volumes": {},
+                             "VolumesFrom": "",
+                             "WorkingDir":""
+
+                     },
+                     "State": {
+                             "Running": false,
+                             "Pid": 0,
+                             "ExitCode": 0,
+                             "StartedAt": "2013-05-07T14:51:42.087658+02:01360",
+                             "Ghost": false
+                     },
+                     "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+                     "NetworkSettings": {
+                             "IpAddress": "",
+                             "IpPrefixLen": 0,
+                             "Gateway": "",
+                             "Bridge": "",
+                             "PortMapping": null
+                     },
+                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "ResolvConfPath": "/etc/resolv.conf",
+                     "Volumes": {},
+                     "HostConfig": {
+                         "Binds": null,
+                         "ContainerIDFile": "",
+                         "LxcConf": [],
+                         "Privileged": false,
+                         "PortBindings": {
+                            "80/tcp": [
+                                {
+                                    "HostIp": "0.0.0.0",
+                                    "HostPort": "49153"
+                                }
+                            ]
+                         },
+                         "Links": ["/name:alias"],
+                         "PublishAllPorts": false
+                     }
+        }
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### List processes running inside a container
+
+`GET /containers/(id)/top`
+
+List processes running inside the container `id`
+
+    **Example request**:
+
+        GET /containers/4fa6e0f0c678/top HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {
+             "Titles":[
+                     "USER",
+                     "PID",
+                     "%CPU",
+                     "%MEM",
+                     "VSZ",
+                     "RSS",
+                     "TTY",
+                     "STAT",
+                     "START",
+                     "TIME",
+                     "COMMAND"
+                     ],
+             "Processes":[
+                     ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"],
+                     ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"]
+             ]
+        }
+
+    Query Parameters:
+
+     
+
+    -   **ps_args** – ps arguments to use (e.g., aux)
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Get container logs
+
+`GET /containers/(id)/logs`
+
+Get STDOUT and STDERR logs from the container ``id``
+
+    **Example request**:
+
+       GET /containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10 HTTP/1.1
+
+    **Example response**:
+
+       HTTP/1.1 200 OK
+       Content-Type: application/vnd.docker.raw-stream
+
+       {{ STREAM }}
+
+    Query Parameters:
+
+     
+
+    -   **follow** – 1/True/true or 0/False/false, return stream. Default false
+    -   **stdout** – 1/True/true or 0/False/false, show stdout log. Default false
+    -   **stderr** – 1/True/true or 0/False/false, show stderr log. Default false
+    -   **timestamps** – 1/True/true or 0/False/false, print timestamps for
+        every log line. Default false
+    -   **tail** – Output specified number of lines at the end of logs: `all` or `<number>`. Default all
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Inspect changes on a container's filesystem
+
+`GET /containers/(id)/changes`
+
+Inspect changes on container `id`'s filesystem
+
+    **Example request**:
+
+        GET /containers/4fa6e0f0c678/changes HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        [
+             {
+                     "Path":"/dev",
+                     "Kind":0
+             },
+             {
+                     "Path":"/dev/kmsg",
+                     "Kind":1
+             },
+             {
+                     "Path":"/test",
+                     "Kind":1
+             }
+        ]
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Export a container
+
+`GET /containers/(id)/export`
+
+Export the contents of container `id`
+
+    **Example request**:
+
+        GET /containers/4fa6e0f0c678/export HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/octet-stream
+
+        {{ STREAM }}
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Start a container
+
+`POST /containers/(id)/start`
+
+Start the container `id`
+
+    **Example request**:
+
+        POST /containers/(id)/start HTTP/1.1
+        Content-Type: application/json
+
+        {
+             "Binds":["/tmp:/tmp"],
+             "Links":["redis3:redis"],
+             "LxcConf":{"lxc.utsname":"docker"},
+             "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] },
+             "PublishAllPorts":false,
+             "Privileged":false,
+             "Dns": ["8.8.8.8"],
+             "VolumesFrom": ["parent", "other:ro"]
+        }
+
+    **Example response**:
+
+        HTTP/1.1 204 No Content
+        Content-Type: text/plain
+
+    Json Parameters:
+
+     
+
+    -   **hostConfig** – the container's host configuration (optional)
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **304** – container already started
+    -   **404** – no such container
+    -   **500** – server error
+
+### Stop a container
+
+`POST /containers/(id)/stop`
+
+Stop the container `id`
+
+    **Example request**:
+
+        POST /containers/e90e34656806/stop?t=5 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Query Parameters:
+
+     
+
+    -   **t** – number of seconds to wait before killing the container
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **304** – container already stopped
+    -   **404** – no such container
+    -   **500** – server error
+
+### Restart a container
+
+`POST /containers/(id)/restart`
+
+Restart the container `id`
+
+    **Example request**:
+
+        POST /containers/e90e34656806/restart?t=5 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Query Parameters:
+
+     
+
+    -   **t** – number of seconds to wait before killing the container
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Kill a container
+
+`POST /containers/(id)/kill`
+
+Kill the container `id`
+
+    **Example request**:
+
+        POST /containers/e90e34656806/kill HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Query Parameters
+
+    -   **signal** - Signal to send to the container: integer or string like "SIGINT".
+        When not set, SIGKILL is assumed and the call will waits for the container to exit.
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Pause a container
+
+`POST /containers/(id)/pause`
+
+Pause the container `id`
+
+    **Example request**:
+
+        POST /containers/e90e34656806/pause HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Unpause a container
+
+`POST /containers/(id)/unpause`
+
+Unpause the container `id`
+
+    **Example request**:
+
+        POST /containers/e90e34656806/unpause HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Attach to a container
+
+`POST /containers/(id)/attach`
+
+Attach to the container `id`
+
+    **Example request**:
+
+        POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/vnd.docker.raw-stream
+
+        {{ STREAM }}
+
+    Query Parameters:
+
+     
+
+    -   **logs** – 1/True/true or 0/False/false, return logs. Default
+        false
+    -   **stream** – 1/True/true or 0/False/false, return stream.
+        Default false
+    -   **stdin** – 1/True/true or 0/False/false, if stream=true, attach
+        to stdin. Default false
+    -   **stdout** – 1/True/true or 0/False/false, if logs=true, return
+        stdout log, if stream=true, attach to stdout. Default false
+    -   **stderr** – 1/True/true or 0/False/false, if logs=true, return
+        stderr log, if stream=true, attach to stderr. Default false
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **400** – bad parameter
+    -   **404** – no such container
+    -   **500** – server error
+
+    **Stream details**:
+
+    When using the TTY setting is enabled in
+    [`POST /containers/create`
+    ](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"),
+    the stream is the raw data from the process PTY and client's STDIN.
+    When the TTY is disabled, then the stream is multiplexed to separate
+    STDOUT and STDERR.
+
+    The format is a **Header** and a **Payload** (frame).
+
+    **HEADER**
+
+    The header will contain the information on which stream write the
+    stream (STDOUT or STDERR). It also contain the size of the
+    associated frame encoded on the last 4 bytes (uint32).
+
+    It is encoded on the first 8 bytes like this:
+
+        header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}
+
+    `STREAM_TYPE` can be:
+
+    -   0: STDIN (will be written on STDOUT)
+    -   1: STDOUT
+    -   2: STDERR
+
+    `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of
+    the uint32 size encoded as big endian.
+
+    **PAYLOAD**
+
+    The payload is the raw stream.
+
+    **IMPLEMENTATION**
+
+    The simplest way to implement the Attach protocol is the following:
+
+    1.  Read 8 bytes
+    2.  chose STDOUT or STDERR depending on the first byte
+    3.  Extract the frame size from the last 4 byets
+    4.  Read the extracted size and output it on the correct output
+    5.  Goto 1)
+
+### Wait a container
+
+`POST /containers/(id)/wait`
+
+Block until container `id` stops, then returns the exit code
+
+    **Example request**:
+
+        POST /containers/16253994b7c4/wait HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"StatusCode":0}
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Remove a container
+
+`DELETE /containers/(id)`
+
+Remove the container `id` from the filesystem
+
+    **Example request**:
+
+        DELETE /containers/16253994b7c4?v=1 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 204 OK
+
+    Query Parameters:
+
+     
+
+    -   **v** – 1/True/true or 0/False/false, Remove the volumes
+        associated to the container. Default false
+    -   **force** – 1/True/true or 0/False/false, Removes the container
+        even if it was running. Default false
+
+    Status Codes:
+
+    -   **204** – no error
+    -   **400** – bad parameter
+    -   **404** – no such container
+    -   **500** – server error
+
+### Copy files or folders from a container
+
+`POST /containers/(id)/copy`
+
+Copy files or folders of container `id`
+
+    **Example request**:
+
+        POST /containers/4fa6e0f0c678/copy HTTP/1.1
+        Content-Type: application/json
+
+        {
+             "Resource":"test.txt"
+        }
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/octet-stream
+
+        {{ STREAM }}
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+## 2.2 Images
+
+### List Images
+
+`GET /images/json`
+
+**Example request**:
+
+        GET /images/json?all=0 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        [
+          {
+             "RepoTags": [
+               "ubuntu:12.04",
+               "ubuntu:precise",
+               "ubuntu:latest"
+             ],
+             "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
+             "Created": 1365714795,
+             "Size": 131506275,
+             "VirtualSize": 131506275
+          },
+          {
+             "RepoTags": [
+               "ubuntu:12.10",
+               "ubuntu:quantal"
+             ],
+             "ParentId": "27cf784147099545",
+             "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+             "Created": 1364102658,
+             "Size": 24653,
+             "VirtualSize": 180116135
+          }
+        ]
+
+
+    Query Parameters:
+
+     
+
+    -   **all** – 1/True/true or 0/False/false, default false
+    -   **filters** – a json encoded value of the filters (a map[string][]string) to process on the images list.
+
+
+
+### Create an image
+
+`POST /images/create`
+
+Create an image, either by pull it from the registry or by importing it
+
+    **Example request**:
+
+        POST /images/create?fromImage=base HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"status":"Pulling..."}
+        {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}}
+        {"error":"Invalid..."}
+        ...
+
+    When using this endpoint to pull an image from the registry, the
+    `X-Registry-Auth` header can be used to include
+    a base64-encoded AuthConfig object.
+
+    Query Parameters:
+
+     
+
+    -   **fromImage** – name of the image to pull
+    -   **fromSrc** – source to import, - means stdin
+    -   **repo** – repository
+    -   **tag** – tag
+    -   **registry** – the registry to pull from
+
+    Request Headers:
+
+     
+
+    -   **X-Registry-Auth** – base64-encoded AuthConfig object
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Insert a file in an image
+
+`POST /images/(name)/insert`
+
+Insert a file from `url` in the image `name` at `path`
+
+    **Example request**:
+
+        POST /images/test/insert?path=/usr&url=myurl HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"status":"Inserting..."}
+        {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}}
+        {"error":"Invalid..."}
+        ...
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Inspect an image
+
+`GET /images/(name)/json`
+
+Return low-level information on the image `name`
+
+    **Example request**:
+
+        GET /images/base/json HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {
+             "Created":"2013-03-23T22:24:18.818426-07:00",
+             "Container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0",
+             "ContainerConfig":
+                     {
+                             "Hostname":"",
+                             "User":"",
+                             "Memory":0,
+                             "MemorySwap":0,
+                             "AttachStdin":false,
+                             "AttachStdout":false,
+                             "AttachStderr":false,
+                             "PortSpecs":null,
+                             "Tty":true,
+                             "OpenStdin":true,
+                             "StdinOnce":false,
+                             "Env":null,
+                             "Cmd": ["/bin/bash"],
+                             "Dns":null,
+                             "Image":"base",
+                             "Volumes":null,
+                             "VolumesFrom":"",
+                             "WorkingDir":""
+                     },
+             "Id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
+             "Parent":"27cf784147099545",
+             "Size": 6824592
+        }
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such image
+    -   **500** – server error
+
+### Get the history of an image
+
+`GET /images/(name)/history`
+
+Return the history of the image `name`
+
+    **Example request**:
+
+        GET /images/base/history HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        [
+             {
+                     "Id":"b750fe79269d",
+                     "Created":1364102658,
+                     "CreatedBy":"/bin/bash"
+             },
+             {
+                     "Id":"27cf78414709",
+                     "Created":1364068391,
+                     "CreatedBy":""
+             }
+        ]
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such image
+    -   **500** – server error
+
+### Push an image on the registry
+
+`POST /images/(name)/push`
+
+Push the image `name` on the registry
+
+    **Example request**:
+
+        POST /images/test/push HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"status":"Pushing..."}
+        {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}}
+        {"error":"Invalid..."}
+        ...
+
+    Query Parameters:
+
+     
+
+    -   **registry** – the registry you wan to push, optional
+
+    Request Headers:
+
+     
+
+    -   **X-Registry-Auth** – include a base64-encoded AuthConfig
+        object.
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such image
+    -   **500** – server error
+
+### Tag an image into a repository
+
+`POST /images/(name)/tag`
+
+Tag the image `name` into a repository
+
+    **Example request**:
+
+        POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 201 OK
+
+    Query Parameters:
+
+     
+
+    -   **repo** – The repository to tag in
+    -   **force** – 1/True/true or 0/False/false, default false
+
+    Status Codes:
+
+    -   **201** – no error
+    -   **400** – bad parameter
+    -   **404** – no such image
+    -   **409** – conflict
+    -   **500** – server error
+
+### Remove an image
+
+`DELETE /images/(name)`
+
+Remove the image `name` from the filesystem
+
+    **Example request**:
+
+        DELETE /images/test HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-type: application/json
+
+        [
+         {"Untagged":"3e2f21a89f"},
+         {"Deleted":"3e2f21a89f"},
+         {"Deleted":"53b4f83ac9"}
+        ]
+
+    Query Parameters:
+
+     
+
+    -   **force** – 1/True/true or 0/False/false, default false
+    -   **noprune** – 1/True/true or 0/False/false, default false
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **404** – no such image
+    -   **409** – conflict
+    -   **500** – server error
+
+### Search images
+
+`GET /images/search`
+
+Search for an image on [Docker Hub](https://hub.docker.com).
+
+> **Note**:
+> The response keys have changed from API v1.6 to reflect the JSON
+> sent by the registry server to the docker daemon's request.
+
+    **Example request**:
+
+        GET /images/search?term=sshd HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        [
+                {
+                    "description": "",
+                    "is_official": false,
+                    "is_automated": false,
+                    "name": "wma55/u1210sshd",
+                    "star_count": 0
+                },
+                {
+                    "description": "",
+                    "is_official": false,
+                    "is_automated": false,
+                    "name": "jdswinbank/sshd",
+                    "star_count": 0
+                },
+                {
+                    "description": "",
+                    "is_official": false,
+                    "is_automated": false,
+                    "name": "vgauthier/sshd",
+                    "star_count": 0
+                }
+        ...
+        ]
+
+    Query Parameters:
+
+     
+
+    -   **term** – term to search
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+## 2.3 Misc
+
+### Build an image from Dockerfile via STDIN
+
+`POST /build`
+
+Build an image from Dockerfile via STDIN
+
+    **Example request**:
+
+        POST /build HTTP/1.1
+
+        {{ STREAM }}
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"stream":"Step 1..."}
+        {"stream":"..."}
+        {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}}
+
+    The stream must be a tar archive compressed with one of the
+    following algorithms: identity (no compression), gzip, bzip2, xz.
+
+    The archive must include a file called `Dockerfile`
+    at its root. It may include any number of other files,
+    which will be accessible in the build context (See the [*ADD build
+    command*](/reference/builder/#dockerbuilder)).
+
+    Query Parameters:
+
+     
+
+    -   **t** – repository name (and optionally a tag) to be applied to
+        the resulting image in case of success
+    -   **q** – suppress verbose build output
+    -   **nocache** – do not use the cache when building the image
+    -   **rm** - remove intermediate containers after a successful build (default behavior)
+    -   **forcerm - always remove intermediate containers (includes rm)
+
+    Request Headers:
+
+     
+
+    -   **Content-type** – should be set to
+        `"application/tar"`.
+    -   **X-Registry-Config** – base64-encoded ConfigFile object
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Check auth configuration
+
+`POST /auth`
+
+Get the default username and email
+
+    **Example request**:
+
+        POST /auth HTTP/1.1
+        Content-Type: application/json
+
+        {
+             "username":"hannibal",
+             "password:"xxxx",
+             "email":"hannibal@a-team.com",
+             "serveraddress":"https://index.docker.io/v1/"
+        }
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **204** – no error
+    -   **500** – server error
+
+### Display system-wide information
+
+`GET /info`
+
+Display system-wide information
+
+    **Example request**:
+
+        GET /info HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {
+             "Containers":11,
+             "Images":16,
+             "Driver":"btrfs",
+             "ExecutionDriver":"native-0.1",
+             "KernelVersion":"3.12.0-1-amd64"
+             "Debug":false,
+             "NFd": 11,
+             "NGoroutines":21,
+             "NEventsListener":0,
+             "InitPath":"/usr/bin/docker",
+             "Sockets":["unix:///var/run/docker.sock"],
+             "IndexServerAddress":["https://index.docker.io/v1/"],
+             "MemoryLimit":true,
+             "SwapLimit":false,
+             "IPv4Forwarding":true
+        }
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Show the docker version information
+
+`GET /version`
+
+Show the docker version information
+
+    **Example request**:
+
+        GET /version HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {
+             "ApiVersion":"1.12",
+             "Version":"0.2.2",
+             "GitCommit":"5a2a5cc+CHANGES",
+             "GoVersion":"go1.0.3"
+        }
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Ping the docker server
+
+`GET /_ping`
+
+Ping the docker server
+
+    **Example request**:
+
+        GET /_ping HTTP/1.1
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+
+        OK
+
+    Status Codes:
+
+    -   **200** - no error
+    -   **500** - server error
+
+### Create a new image from a container's changes
+
+`POST /commit`
+
+Create a new image from a container's changes
+
+    **Example request**:
+
+        POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1
+        Content-Type: application/json
+
+        {
+             "Hostname":"",
+             "User":"",
+             "Memory":0,
+             "MemorySwap":0,
+             "AttachStdin":false,
+             "AttachStdout":true,
+             "AttachStderr":true,
+             "PortSpecs":null,
+             "Tty":false,
+             "OpenStdin":false,
+             "StdinOnce":false,
+             "Env":null,
+             "Cmd":[
+                     "date"
+             ],
+             "Volumes":{
+                     "/tmp": {}
+             },
+             "WorkingDir":"",
+             "DisableNetwork": false,
+             "ExposedPorts":{
+                     "22/tcp": {}
+             }
+        }
+
+    **Example response**:
+
+        HTTP/1.1 201 OK
+            Content-Type: application/vnd.docker.raw-stream
+
+        {"Id":"596069db4bf5"}
+
+    Json Parameters:
+
+
+
+    -  **config** - the container's configuration
+
+    Query Parameters:
+
+     
+
+    -   **container** – source container
+    -   **repo** – repository
+    -   **tag** – tag
+    -   **m** – commit message
+    -   **author** – author (e.g., "John Hannibal Smith
+        <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>")
+
+    Status Codes:
+
+    -   **201** – no error
+    -   **404** – no such container
+    -   **500** – server error
+
+### Monitor Docker's events
+
+`GET /events`
+
+Get events from docker, either in real time via streaming, or
+via polling (using since)
+
+    **Example request**:
+
+        GET /events?since=1374067924
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+
+        {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924}
+        {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924}
+        {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966}
+        {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970}
+
+    Query Parameters:
+
+     
+
+    -   **since** – timestamp used for polling
+    -   **until** – timestamp used for polling
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Get a tarball containing all images and tags in a repository
+
+`GET /images/(name)/get`
+
+Get a tarball containing all images and metadata for the repository
+specified by `name`.
+
+    **Example request**
+
+        GET /images/ubuntu/get
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+        Content-Type: application/x-tar
+
+        Binary data stream
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+### Load a tarball with a set of images and tags into docker
+
+`POST /images/load`
+
+Load a set of images and tags into the docker repository.
+
+    **Example request**
+
+        POST /images/load
+
+        Tarball in body
+
+    **Example response**:
+
+        HTTP/1.1 200 OK
+
+    Status Codes:
+
+    -   **200** – no error
+    -   **500** – server error
+
+# 3. Going further
+
+## 3.1 Inside `docker run`
+
+Here are the steps of `docker run`:
+
+- Create the container
+
+- If the status code is 404, it means the image doesn't exists:
+    - Try to pull it
+    - Then retry to create the container
+
+- Start the container
+
+- If you are not in detached mode:
+    - Attach to the container, using logs=1 (to have STDOUT and
+      STDERR from the container's start) and stream=1
+
+- If in detached mode or only STDIN is attached:
+    - Display the container's id
+
+## 3.2 Hijacking
+
+In this version of the API, /attach, uses hijacking to transport STDIN,
+STDOUT and STDERR on the same socket. This might change in the future.
+
+## 3.3 CORS Requests
+
+To enable cross origin requests to the remote api add the flag
+"–api-enable-cors" when running docker in daemon mode.
+
+    $ docker -d -H="192.168.1.9:2375" --api-enable-cors

From 323df0e24bcf6d6b56dd3e50b56936ef9f7767aa Mon Sep 17 00:00:00 2001
From: Bryan Bess <squarejaw@bsbess.com>
Date: Wed, 9 Jul 2014 23:14:06 -0500
Subject: [PATCH 092/516] Fix typos

Docker-DCO-1.1-Signed-off-by: Bryan Bess <squarejaw@bsbess.com> (github: squarejaw)
Upstream-commit: 1df4049e17e4a3edf4487b072f2085bc2dd2ee0b
Component: engine
---
 components/engine/CHANGELOG.md                   | 16 ++++++++--------
 .../daemon/graphdriver/devmapper/README.md       |  4 ++--
 components/engine/docs/man/Dockerfile.5.md       |  2 +-
 components/engine/docs/man/docker-run.1.md       |  2 +-
 components/engine/docs/man/docker-tag.1.md       |  2 +-
 .../engine/docs/sources/articles/runmetrics.md   |  2 +-
 .../sources/reference/api/docker_remote_api.md   |  4 ++--
 components/engine/docs/sources/reference/run.md  |  2 +-
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md
index 327a8a7e69..1c37152d9e 100644
--- a/components/engine/CHANGELOG.md
+++ b/components/engine/CHANGELOG.md
@@ -304,7 +304,7 @@
 - Add newlines to the JSON stream functions.
 
 #### Runtime
-* Do not ping the registry from the CLI. All requests to registres flow through the daemon.
+* Do not ping the registry from the CLI. All requests to registries flow through the daemon.
 - Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
 - Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
 - Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
@@ -896,7 +896,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 
 + Add domainname support
 + Implement image filtering with path.Match
-* Remove unnecesasry warnings
+* Remove unnecessary warnings
 * Remove os/user dependency
 * Only mount the hostname file when the config exists
 * Handle signals within the `docker login` command
@@ -919,7 +919,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 + Hack: Vendor all dependencies
 * Remote API: Bump to v1.5
 * Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc.
-* Documentation: General improvments
+* Documentation: General improvements
 
 ## 0.6.1 (2013-08-23)
 
@@ -1189,7 +1189,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 * Prevent rm of running containers
 * Use go1.1 cookiejar
 - Fix issue detaching from running TTY container
-- Forbid parralel push/pull for a single image/repo. Fixes #311
+- Forbid parallel push/pull for a single image/repo. Fixes #311
 - Fix race condition within Run command when attaching.
 
 #### Client
@@ -1305,7 +1305,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 + Add caching to docker builder
 + Add support for docker builder with native API as top level command
 + Implement ENV within docker builder
-- Check the command existance prior create and add Unit tests for the case
+- Check the command existence prior create and add Unit tests for the case
 * use any whitespaces instead of tabs
 
 #### Runtime
@@ -1344,13 +1344,13 @@ With the ongoing changes to the networking and execution subsystems of docker te
 
 #### Runtime
 
-- Fix the command existance check
+- Fix the command existence check
 - strings.Split may return an empty string on no match
 - Fix an index out of range crash if cgroup memory is not
 
 #### Documentation
 
-* Various improvments
+* Various improvements
 + New example: sharing data between 2 couchdb databases
 
 #### Other
@@ -1380,7 +1380,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
 ## 0.2.0 (2013-04-23)
 
 - Runtime: ghost containers can be killed and waited for
-* Documentation: update install intructions
+* Documentation: update install instructions
 - Packaging: fix Vagrantfile
 - Development: automate releasing binaries and ubuntu packages
 + Add a changelog
diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index 601d3e7ea3..181b58003f 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -22,7 +22,7 @@ inode number of the $graph directory.
 
 On the thin pool docker automatically creates a base thin device,
 called something like `docker-0:33-19478248-base` of a fixed
-size. This is automatically formated on creation and contains just an
+size. This is automatically formatted on creation and contains just an
 empty filesystem. This device is the base of all docker images and
 containers. All base images are snapshots of this device and those
 images are then in turn used as snapshots for other images and
@@ -32,7 +32,7 @@ eventually containers.
 
 The devicemapper backend supports some options that you can specify
 when starting the docker daemon using the --storage-opt flags.
-This uses the `dm` prefix and would be used somthing like `docker -d --storage-opt dm.foo=bar`.
+This uses the `dm` prefix and would be used something like `docker -d --storage-opt dm.foo=bar`.
 
 Here is the list of supported options:
 
diff --git a/components/engine/docs/man/Dockerfile.5.md b/components/engine/docs/man/Dockerfile.5.md
index b0a863f657..9772d4e114 100644
--- a/components/engine/docs/man/Dockerfile.5.md
+++ b/components/engine/docs/man/Dockerfile.5.md
@@ -96,7 +96,7 @@ or
   If you use the shell form of the CMD, the <command> executes in /bin/sh -c:
   **FROM ubuntu**
   **CMD echo "This is a test." | wc -**
-  If you run <command> wihtout a shell, then you must express the command as a
+  If you run <command> without a shell, then you must express the command as a
   JSON arry and give the full path to the executable. This array form is the
   preferred form of CMD. All additional parameters must be individually expressed
   as strings in the array:
diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index e7571ac21a..d6a305b6e9 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -338,7 +338,7 @@ fedora-data image:
 
 Multiple --volumes-from parameters will bring together multiple data volumes from
 multiple containers. And it's possible to mount the volumes that came from the
-DATA container in yet another container via the fedora-container1 intermidiery
+DATA container in yet another container via the fedora-container1 intermediary
 container, allowing to abstract the actual data source from users of that data:
 
     # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
diff --git a/components/engine/docs/man/docker-tag.1.md b/components/engine/docs/man/docker-tag.1.md
index 041c9e1cb5..c4bbc87484 100644
--- a/components/engine/docs/man/docker-tag.1.md
+++ b/components/engine/docs/man/docker-tag.1.md
@@ -29,7 +29,7 @@ separated by a ':'
 
 **TAG**
    The tag you are assigning to the image.  Though this is arbitrary it is
-recommended to be used for a version to disinguish images with the same name.
+recommended to be used for a version to distinguish images with the same name.
 Note that here TAG is a part of the overall name or "tag".
 
 # OPTIONS
diff --git a/components/engine/docs/sources/articles/runmetrics.md b/components/engine/docs/sources/articles/runmetrics.md
index 9c871a24f6..82547693f9 100644
--- a/components/engine/docs/sources/articles/runmetrics.md
+++ b/components/engine/docs/sources/articles/runmetrics.md
@@ -365,7 +365,7 @@ container, we need to:
 Please review [*Enumerating Cgroups*](#enumerating-cgroups) to learn how to find
 the cgroup of a pprocess running in the container of which you want to
 measure network usage. From there, you can examine the pseudo-file named
-`tasks`, which containes the PIDs that are in the
+`tasks`, which contains the PIDs that are in the
 control group (i.e. in the container). Pick any one of them.
 
 Putting everything together, if the "short ID" of a container is held in
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 36f35383e1..aaac10d40d 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -100,7 +100,7 @@ after timestamp.
 
 `GET /containers/(id)/logs`
 
-This url is prefered method for getting container logs now.
+This url is preferred method for getting container logs now.
 
 ## v1.10
 
@@ -284,7 +284,7 @@ output is now generated in the client, using the
 
 **New!**
 You can now split stderr from stdout. This is done by
-prefixing a header to each transmition. See
+prefixing a header to each transmission. See
 [`POST /containers/(id)/attach`](
 /reference/api/docker_remote_api_v1.9/#post--containers-(id)-attach "POST /containers/(id)/attach").
 The WebSocket attach is unchanged. Note that attach calls on the
diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index 82fe047cb3..1bd70e83f0 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -385,7 +385,7 @@ container running Redis:
     $ docker port 4241164edf6f 6379
     2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f
 
-Yet we can get information about the Redis container'sexposed ports
+Yet we can get information about the Redis container's exposed ports
 with `--link`. Choose an alias that will form a
 valid environment variable!
 

From c15db86f61a8cc0d498cb4db07b6fd4e03ddddf5 Mon Sep 17 00:00:00 2001
From: Timothy <timothyhobbs@seznam.cz>
Date: Sat, 31 May 2014 04:00:47 +0000
Subject: [PATCH 093/516] Add --device flag to allow additional host devices in
 container

We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: e855c4b92170534864b920ec1e267b3a815764f9
Component: engine
---
 components/engine/daemon/container.go         | 18 +++++++-
 .../docs/sources/reference/commandline/cli.md | 15 +++++++
 .../integration-cli/docker_cli_run_test.go    | 16 +++++++
 components/engine/runconfig/hostconfig.go     |  8 ++++
 components/engine/runconfig/parse.go          | 43 +++++++++++++++++++
 5 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 419314b8ba..c0e118778b 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -209,6 +209,20 @@ func populateCommand(c *Container, env []string) error {
 		return fmt.Errorf("invalid network mode: %s", c.hostConfig.NetworkMode)
 	}
 
+	// Build lists of devices allowed and created within the container.
+	userSpecifiedDevices := make([]*devices.Device, len(c.hostConfig.Devices))
+	for i, deviceMapping := range c.hostConfig.Devices {
+		device, err := devices.GetDevice(deviceMapping.PathOnHost, deviceMapping.CgroupPermissions)
+		device.Path = deviceMapping.PathInContainer
+		if err != nil {
+			return fmt.Errorf("error gathering device information while adding custom device %s", err)
+		}
+		userSpecifiedDevices[i] = device
+	}
+	allowedDevices := append(devices.DefaultAllowedDevices, userSpecifiedDevices...)
+
+	autoCreatedDevices := append(devices.DefaultAutoCreatedDevices, userSpecifiedDevices...)
+
 	// TODO: this can be removed after lxc-conf is fully deprecated
 	mergeLxcConfIntoOptions(c.hostConfig, context)
 
@@ -231,8 +245,8 @@ func populateCommand(c *Container, env []string) error {
 		User:               c.Config.User,
 		Config:             context,
 		Resources:          resources,
-		AllowedDevices:     devices.DefaultAllowedDevices,
-		AutoCreatedDevices: devices.DefaultAutoCreatedDevices,
+		AllowedDevices:     allowedDevices,
+		AutoCreatedDevices: autoCreatedDevices,
 	}
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
 	c.command.Env = env
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 182eb2a221..7ae1b30c0a 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -946,6 +946,7 @@ removed before the image is removed.
       -u, --user=""              Username or UID
       -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)
       --volumes-from=[]          Mount volumes from the specified container(s)
+      --device=[]                Add a host device to the container (e.g. --device=/dev/sdc[:/dev/xvdc[:rwm]])
       -w, --workdir=""           Working directory inside the container
 
 The `docker run` command first `creates` a writeable container layer over the
@@ -1122,6 +1123,20 @@ logs could be retrieved using `docker logs`. This is
 useful if you need to pipe a file or something else into a container and
 retrieve the container's ID once the container has finished running.
 
+   $ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo}
+   brw-rw---- 1 root disk 8, 2 Feb  9 16:05 /dev/xvdc
+   brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
+   crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/nulo
+
+It is often necessary to directly expose devices to a container.  ``--device``
+option enables that.  For example, a specific block storage device or loop
+device or audio device can be added to an otherwise unprivileged container
+(without the ``--privileged`` flag) and have the application directly access it.
+
+** Security note: **
+
+``--device`` cannot be safely used with ephemeral devices.  Block devices that may be removed should not be added to untrusted containers with ``--device``!
+
 **A complete example:**
 
     $ sudo docker run -d --name static static-web-files sh
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 9f52d58d12..cf0f4b7e3d 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -919,6 +919,22 @@ func TestRunUnprivilegedWithChroot(t *testing.T) {
 	logDone("run - unprivileged with chroot")
 }
 
+func TestAddingOptionalDevices(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--device", "/dev/zero:/dev/nulo", "busybox", "sh", "-c", "ls /dev/nulo")
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual != "/dev/nulo" {
+		t.Fatalf("expected output /dev/nulo, received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --device argument")
+}
+
 func TestModeHostname(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "-h=testhostname", "busybox", "cat", "/etc/hostname")
 
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index 79ffad723b..f4aa69fe97 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -19,6 +19,12 @@ func (n NetworkMode) IsContainer() bool {
 	return len(parts) > 1 && parts[0] == "container"
 }
 
+type DeviceMapping struct {
+	PathOnHost        string
+	PathInContainer   string
+	CgroupPermissions string
+}
+
 type HostConfig struct {
 	Binds           []string
 	ContainerIDFile string
@@ -30,6 +36,7 @@ type HostConfig struct {
 	Dns             []string
 	DnsSearch       []string
 	VolumesFrom     []string
+	Devices         []DeviceMapping
 	NetworkMode     NetworkMode
 }
 
@@ -42,6 +49,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
+	job.GetenvJson("Devices", &hostConfig.Devices)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 5b05e52778..f7d1d5963f 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -41,6 +41,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flVolumes = opts.NewListOpts(opts.ValidatePath)
 		flLinks   = opts.NewListOpts(opts.ValidateLink)
 		flEnv     = opts.NewListOpts(opts.ValidateEnv)
+		flDevices = opts.NewListOpts(opts.ValidatePath)
 
 		flPublish     opts.ListOpts
 		flExpose      opts.ListOpts
@@ -74,6 +75,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR.")
 	cmd.Var(&flVolumes, []string{"v", "-volume"}, "Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)")
 	cmd.Var(&flLinks, []string{"#link", "-link"}, "Add link to another container in the form of name:alias")
+	cmd.Var(&flDevices, []string{"-device"}, "Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)")
 	cmd.Var(&flEnv, []string{"e", "-env"}, "Set environment variables")
 	cmd.Var(&flEnvFile, []string{"-env-file"}, "Read in a line delimited file of environment variables")
 
@@ -191,6 +193,16 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		}
 	}
 
+	// parse device mappings
+	deviceMappings := []DeviceMapping{}
+	for _, device := range flDevices.GetAll() {
+		deviceMapping, err := ParseDevice(device)
+		if err != nil {
+			return nil, nil, cmd, err
+		}
+		deviceMappings = append(deviceMappings, deviceMapping)
+	}
+
 	// collect all the environment variables for the container
 	envVariables := []string{}
 	for _, ef := range flEnvFile.GetAll() {
@@ -245,6 +257,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		DnsSearch:       flDnsSearch.GetAll(),
 		VolumesFrom:     flVolumesFrom.GetAll(),
 		NetworkMode:     netMode,
+		Devices:         deviceMappings,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
@@ -303,3 +316,33 @@ func parseNetMode(netMode string) (NetworkMode, error) {
 	}
 	return NetworkMode(netMode), nil
 }
+
+func ParseDevice(device string) (DeviceMapping, error) {
+	src := ""
+	dst := ""
+	permissions := "rwm"
+	arr := strings.Split(device, ":")
+	switch len(arr) {
+	case 3:
+		permissions = arr[2]
+		fallthrough
+	case 2:
+		dst = arr[1]
+		fallthrough
+	case 1:
+		src = arr[0]
+	default:
+		return DeviceMapping{}, fmt.Errorf("Invalid device specification: %s", device)
+	}
+
+	if dst == "" {
+		dst = src
+	}
+
+	deviceMapping := DeviceMapping{
+		PathOnHost:        src,
+		PathInContainer:   dst,
+		CgroupPermissions: permissions,
+	}
+	return deviceMapping, nil
+}

From cfffdb552dbeaa5f63881cd5d346c54747e40f7c Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Thu, 10 Jul 2014 16:51:16 -0700
Subject: [PATCH 094/516] Added bitbucket hook info and warning re: validating
 accounts.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: e80d075633d3c642d6640bf2178fedb8891cb97e
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  |  50 ++++++++++++++++--
 .../docker-hub/hub-images/bb_hooks.png        | Bin 0 -> 85391 bytes
 .../sources/docker-hub/hub-images/bb_menu.png | Bin 0 -> 62716 bytes
 .../docker-hub/hub-images/bb_post-hook.png    | Bin 0 -> 54653 bytes
 4 files changed, 45 insertions(+), 5 deletions(-)
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/bb_hooks.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/bb_menu.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/bb_post-hook.png

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index e4d64eb28e..1323f6ff9a 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -28,7 +28,8 @@ Automated Builds are supported for both public and private repositories on both
 
 To use Automated Builds, you must have an 
 [account on Docker Hub](http://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
-and on GitHub and/or Bitbucket.
+and on GitHub and/or Bitbucket. The account needs to be properly validated and activated
+before you can link to it.
 
 ## Setting up Automated Builds with GitHub
 
@@ -48,7 +49,8 @@ at the upper right of the screen. Then select
 
 Select the [GitHub service](https://registry.hub.docker.com/associate/github/).
 
-Then follow the onscreen instructions to authorize and link your GitHub account to Docker Hub.
+Then follow the onscreen instructions to authorize and link your GitHub account to Docker Hub. Once it is linked, you'll be able to choose a repo from which to create the
+Automatic Build.
 
 ### Creating an Automated Build
 
@@ -85,7 +87,8 @@ Automated Build:
       <td>2.</td>
       <td><img src="/docker-hub/hub-images/gh_menu.png" alt="Webhooks & Services"></td>
       <td>Click on "Webhooks & Services" on the left side of the page.</td></tr>
-      <tr><td>3.</td><td><img src="/docker-hub/hub-images/gh_service_hook.png" alt="Find the service labeled Docker"></td><td>Find the service labeled "Docker" and click on it.</td></tr>
+      <tr><td>3.</td>
+      <td><img src="/docker-hub/hub-images/gh_service_hook.png" alt="Find the service labeled Docker"></td><td>Find the service labeled "Docker" and click on it.</td></tr>
       <tr><td>4.</td><td><img src="/docker-hub/hub-images/gh_docker-service.png" alt="Activate Service Hooks"></td>
       <td>Make sure the "Active" checkbox is selected and click the "Update service" button to save your changes.</td>
     </tr>
@@ -102,10 +105,11 @@ To get started, log into your Docker Hub account and click the "+ Add Repository
 the upper right of the screen. Then select [Automated Build](https://registry.hub.docker.com/builds/add/).
 
 Select the [Bitbucket
-service](https://registry.hub.docker.com/associate/bitbucket/).
+source](https://registry.hub.docker.com/associate/bitbucket/).
 
 Then follow the onscreen instructions to authorize and link your Bitbucket account
-to Docker Hub.
+to Docker Hub. Once it is linked, you'll be able to choose a repo from which to create
+the Automatic Build.
 
 ### Creating an Automated Build
 
@@ -113,6 +117,42 @@ You can [create an Automated Build](
 https://registry.hub.docker.com/builds/bitbucket/select/) from any of your
 public or private Bitbucket repositories with a `Dockerfile`.
 
+### Adding a Hook
+
+When you link your Docker Hub account, a `POST` hook should get automatically added to
+your Bitbucket repo.
+Follow the steps below to confirm or modify the Bitbucket hooks for your
+Automated Build:
+
+<table class="table table-bordered">
+  <thead>
+    <tr>
+      <th>Step</th>
+      <th>Screenshot</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>1.</td>
+      <td><img src="/docker-hub/hub-images/bb_menu.png" alt="Settings" width="180"></td>
+      <td>Log in to Bitbucket.org and go to your Repository page. Click on "Settings" on
+      the far left side of the page, under "Navigation". You must have admin privileges
+      to the repository in order to do this.</td>
+    </tr>
+    <tr>
+      <td>2.</td>
+      <td><img src="/docker-hub/hub-images/bb_hooks.png" alt="Hooks" width="180"></td>
+      <td>Click on "Hooks" on the near left side of the page, under "Settings".</td></tr>
+    <tr>
+      <td>3.</td>
+      <td><img src="/docker-hub/hub-images/bb_post-hook.png" alt="Docker Post Hook"></td><td>You should now see a list of hooks associated with the repo, including a <code>POST</code> hook that points at
+      registry.hub.docker.com/hooks/bitbucket.</td>
+    </tr>
+  </tbody>
+</table>
+
+
 ## The Dockerfile and Automated Builds
 
 During the build process, Docker will copy the contents of your `Dockerfile`. It will
diff --git a/components/engine/docs/sources/docker-hub/hub-images/bb_hooks.png b/components/engine/docs/sources/docker-hub/hub-images/bb_hooks.png
new file mode 100644
index 0000000000000000000000000000000000000000..d51cd03ac4bdfc08e12240a16973a5ed915e95fb
GIT binary patch
literal 85391
zcmeFXV|Qgi_wF5b)IrDSsAJo9$F^-d*|9pd)v>J|+fF(*c5FMR`@a9@8P7*J<BaoS
zy{W2ej#aa2t*SAvU$}yt1R^{xJQx@lqU29eB``4XO)xM>SlBOrTg=RYm%+f`g)Bux
z6eLANh!mXc%`9z9!N7hZW~aETD6e3KO?Ps1&Y=DvBD=%&f+L#a`H2Cg7%u6r01+BY
z?j{N?j{c2G%|xXKTq5j;u^2i+P@vHg+zpDtP_Lq>7-%EP8t$@+?RGQceOPmA<*;RG
z#r)D|sSQlwEfA{DMFZTQHBSTm;<Q%>6>WUr5ds?p97zMbXUEJ8O5#Zr;?G+rUwV4!
z&!L8g3wnQ(_BGmW1#;)bPrvvd93rG&z~IFe*m-@)u|N<>$_;}!%%4zWcga-Dp-jw}
zd2soaKlTP{Y#vGuXxc~9Qpxx8a5blJI#_d}+7&i4$aV^%pz?Im$hOT305GPVDv}vs
zphwF2`KK%yFh=xr{fR^JJezQ4F?5`Z@EZs)*rWlj4kx6@XD*8zFppyM{RpUVNu%O#
zOKFy%qY<;0>jvd#BPN=pe%YO09x~H+jbCFJvHWZ7Q^df@G;Px@;?JwTpPy?k9#}kg
zuWS+cD!=oMc)hA#lb=oJ2u0;+ZrPkwGIU~sJ&<Z;;x}|9tAaJ!eh~!iRLWlxf!#oZ
zHEw3z5`^05B@FC-r9g;0JF{^H&$XtfIpTQD4YVKY4&{1GAHR52<0-}x2q2NfU@;W~
z6_*rCi%v{@MM|AEd4ELt-0R`8oE+_^&C2b;x(+!~RXj?93l6tv58(~ah@&@w5B6Kw
z@xx}PfWh(2wnn#b)d%wl;Zguf!i?DSfr*enlG+J)LHL|%qcFjbbahx%#n(8;GJAa-
zz7QhlMA+@f2>nn#c=#G?;zX8Di&L-_Y|{&Y8VBR@8=f_Qo)Lo90P(v&iv#2)5m>PQ
zPZY=$Ncx`;mV!|ALj22rw;<CpxLc5w1K6JcuNf%0Kz4^OI#B98hz<x}{Urq9Lwlte
z!8ZdeVFRyFF!F`U<1h=6(}fpN@U&n(MT8VM(IE##!sAd91fOTfOR=eg%JW1N`0hwt
zaNA&YgI<2a%n-4Dc?b6i{+0$YZ-}@I*6hDh%kv#pqHla#)B__62CHXnM+%6^kJQqK
zwS#vBMjN8vmk2930t-1St^td8Eh-$RK??qj*gF14Aw-#2MjTQhUTgHvc*lLnFJXCx
zY1o)UID285Q9DLzhKoj0j0<VTX=*Z92kd4jECJ7fMMevC#Tpcq0&Z~Z-!h}=2Gk5<
z4YX@h>mZj6&v?Eg4fo*ees}N%V(T#5u~kF0ATLF=`=9nB?vP)5bWm@iUj`!gI$s$9
zh`ZqZzWWhu#S#v6Q^dh(L0JbP6Q>Z7+K{TC;KCllz6XEnV^s_&m3R3OisCt-V?<RK
zvn<ph`JG%Y5nVEr6ibPeD!nm4MbherE;%20CvoB^w~2%kwx*z-d^Kq<kv<u6f`CF2
zB{{mh)ORuA6*(@cRzXiePmv-e#8SII8s%wi*;?|QqCQeS3=)Yfskf<nqg9C&@z%+w
zsorGrNlU5jsrvM}6#B$|QXj={KnTTN!CvKnf?Bma@twv#z7R>VjQnJyUq%^5;YLBb
zY=eqq9SH#mEvWKkg2%OUWJScd!t+I*bHGN~M($P9RYrUXj>6aZ#N)v`!lTYRI8!oH
zZ4f2sI|vulFsAgSkI~?XMG2=UDlw`(D)yH3pmln0dX2rtQtz{aD*2h(jvA2sBiSq&
zJUO;pM%8`+eIdKtwp{)XqZPT8q1B4j>jHg6^mNIzd(L#WKI`ZHTi8i$TeuhS#p=HQ
zgzqE~Hv_i|7YA1rH<fjW4JX4cV>APlamYH{XrYDB1f>PiI&9KoOisU;P%$HGh~&zv
zsy;8Fo8>RusNkzIE^W{-FOX}PLeov4*X9sv(P>e37nYZ1&|uK7QM}CKSIn)-E$o))
z*7h6gnIT#=h!o1~EzOI_>o&|WEZ8w7DUYw1r7qAa;2GjHZgz~g=HJsMuMN+ZOpuHo
zl~rE;v#DaxHr+V=)%w7KoV9|jeK@~%T~o7CeDOC|Kko>jz%%oi27xb9BQhIv15=;&
zoK~6cl$KDFN)uYcw(+F)rGIrG!&=waXE@Yq&$wZ#c;ld{s*G;St^3@ECquV(1G8PO
zefk0E;m0faD-#S~m`7MA(&Ms=8)bX2&%(FUqaEPXb<`dVg*QdrykyB%w&oPo6yj6?
z!dI*-tUq+vPP2|X!0%4+^d|IC`W_B>e^l3!_q0x5CS;eQ58VcA2R4@ZR^EZHG|1A(
z@e+~4NhOJgxYG!Fzfx<|<JD_g5+02%tu9OWx%tESqxsRg+`1}!7@iE@A>Q3yHg1=$
z4qujD<)JvCD&dac3!%iJ)L{4#nBh>NU7`AW!F$^S2^r?}Np=2ULI}T!xP|b-v3=FW
zcyY$2r)8}qKl22tdiZ*{L(v(DiHZ!g|BM}(8<B{N#+1f%7ax@v6kCvx74sHL6_ZZY
zpw(>H7mw14A}Z#?B*eq;CUtWvdz{;l4%<81h2OiNXVFP%I9qjU0+o$VSI6o1YC2LA
z;1S|)p?rp;^_78Ss_*n$-9b=GiS1#p35P>8htb!%Po{72P^rQ7!Ly>N1G?eHlGTzJ
zl6w&HLQUJQ_4+pf`(;USNd;6aWwT|Imcflrjq}1}h7q+ix-5JYoece~1&ktXW0ngS
zs%ZIwv+**N&YEWJX)zx%_dlaZGs%K95gM%OH_atXbH@}Xz8&1{XYAXJ<B#5szWTD6
zvAMgNce#CpzV)(QSR+-1ELQ8RwaU5c_O|WZcb&%C650M-xf&NAk2b~IvWwXKqxf5~
zw#&ex;qqWexK&tjr;~0<8_8zS2E*oj!>pmoYAyAL-t4{6_-@3mJlT4}>6WIC`t!!b
zL-2WL(L>Rz`?edb`})Rl+pR{rk*40tO!c;I6=>on|E8r~{j5vPP}|V}*)rB7wvoBC
zzEi5kN@Ahpr0^sFH#Xy-^TfO5JbQI`ZK-?9)^8p>8gdYZp8)-Phu_Gff_0UU?V#cM
zPG$e}Y5qxDx4ECbpXm9|>-cGj5Q(DUzF5}<o<B<*r5s7@ebEU+b$gD(_V3&GBHm~f
z#|kV3txr&##9Y_A!%u{lIbV5KJR^L{k15`BADU;hBDC@r*B8T^3)wBbWxThJ{pYjs
zr|{_nGCu)#Q4i@E4P)lg)A3UnS(#k9?!Gs|Lm}6Z;aFkZ>Ms0kjr()i)wR`|;{mBP
zde^N^Wow<UZ>p&k=G9!fJU-bzo#&zN(TfD_IVt*QzLv*Lm$se94h`=qdsQ)A&_0JR
zx~~kI4{bi6n9poH$jC1*7xZ1;pL*+j$3C0yvoK}IdIA$(obMLz#%Fu^6!7xYIpqRX
z?+Z^$W@VjsXTO&WrW<~l$A$t$7(SDqYvlW(r^}{k#2dv=B&sB)qn@KSyz1@-ug0TN
z=l4RosXm$?lV>Y(ecfL>&5cF}uB>NI(*>k9OS`yU79VU6O^){G-7PPROCmNax&$5q
z-t%6K?}p=#&*Y!vlXIg5+yQWJHy-4+W(Ql3!MCr>+?u|B@04&3KQ*1fz%a@FJ>Zf`
zq*q{If?$%OLMk5MXPt0>EOpn%&rBcj0-w~%$@V?I=DlS&(kUrnVMr=cMCmO-2)f`R
zg%1X@8T5}gPwBjn;(&x?L4=N?FYv*%NN|o>+XK=z!#7<F^`zsgY;$KUpIe@0;snv8
z);Q6&qleF=i?q|7kL#D6&eME{Io^cINmzGE5K@A0l;C8)q2|a@kir!8_3if?EM|Xb
z(547^X2AI56aJ?&$sbh#0*B;x1c$K&oAKY#|7i$<E8WGP5EW4TpCEBe5ak{$p=vB@
z|I@&j=1;xZD|3hTzZL&4#Q)31-wpMD?7lFV)R@9z-J|U5h0RYA`XD@J&IC(b`P$Gi
zb4nXv0hOol$H0P|FjDN9w3q2cBbYEvhFqg6(E^D_r(L`cHpG~XRdads#hY_&{Y45+
zhA4ol)I;nzr+3I4sbG{)$OLNAnprb0H#H<-6`-P~`n$(Az?c~^A8i@uiwRkf^DRH`
zrxZnpA{zYRbWa9ZQSAfrP~B*Bu79>0&5Hm*+^C8Vni!=6E}pM9dR0~$C&HM+Y4p5d
z=8SJ5aaVs+1yw|hNc+`r6+v);SrT1Nh&wH%8i+@=y>{_55H&3!f@5YWBDZ@Z=3S3^
z^V=0J`*%9bh9YpJSG{$wjqmI2<(OPCk|w=T3d4>*_|f?#O^~tY$AbFH!J3qP3kcG?
z5gdX1@;q)GwRp&vFa$4m3qab~F?Stk*&$IysLl-y?X7_KF4%e}T8*Y+q$0Ej>oKA&
z!_|ceeW}|AGhS6f|5!S%;XeV%w-MWIjb<u|bu8r*iE%x_h!|MP8?u-PPL|<N{f)S#
zD%oxbp|=U*Tqq&O`nPl34_}0zCZ+$7Vq)=kwSAr1LDiK>o-Cwobm?!j=>LZH!-a1s
z3q}zNfar1O?Oj_<@vC+c`V&?!L?*%`?}lA7f5h|?J}x#Six!Q1#B-ZRw0#Wf&%~CL
z;K{(!l(Ypdo1tt84po5SzYM9L<Y+{@tlB=^bdJ}NZb8IwKrR8wT;B0*m#>E;dEI^^
zX9rMrY!c=8SQ6Uls6}~dE`9*SN1adB$xl;O>~!?cMB>nk)wv8<Dha8Lx{;&17`?cD
z@+=1x+fd-<vB^Su&%?UMKAe8N#jn;?))5KcnzkrfeEs`3#pVm35-?Np`Q2CuHV7@!
zE?n?dU0;mp%-$K^t-EAPsqfbl$v5o9<gG`bTOra@*cUT1C#m62KF<l!@NyfcGq7Mw
z(3v1FNz=<$fb`XPmC{r`s=)}97V1P%FURGIaJ>RUN%+aKMq7(R;7@s3l5GBy4=OW{
zUrIucL|{yYjDcC2uc+(rHo{4l6%_{4IGa*;|JQxs0ENiMc}+J!+Lz=m_4*298ZmPL
z2o;;eL|SaPnymVLgKhPLrEUF=p3FfKHSH!sUCVU@oN{xWS#U)MX#!}(&kr<Y$@v<3
ztQEbzolX#Zc%WoUfqe6oGrwqQ#q&#vyh}dEz-)vN)k6ob%7Q9UEd4n#q)i`qqjv}G
zY{d5#G=sM0MRHcQhZ%f=fYJ15r(y=TwXZE6PT`JB#(tdKU)~H|q@SZ{1+XD}dT0fP
zDFwnn$avU8zf|>!j7BzBmP72seUyWKFbE)vfyhSOGFpdhaTK(zc<x?A?TE$`j43zc
zro$Fl^coccMl|r*LS|<-5n@;1+sC0x=q!tw^*mv&oEYQE5GWpV#nn+p=xBQyEe9Ra
zAdjxEA(!Klla;Drvw#|5F?Ps5&?6&}C`TN>RvPbi5r2pa6F&u2UY239ws?z~_GRbB
z)}Q>~^zd_74wW)tfB0a=?D|F@{}d?X($ZAWkZn75Z`NufM{y%{t2pLMHBP(uhb)nJ
zm5uni)^B*;FLY9-TLB`KJwRIcI;J?>v^{E)pgl3s>&_+A66eOp=$al?Sboj1@)czG
z_M`&KPd(v_5M-JCb)wCCl6KwEl<r1HQiIFD_4|6vtM6<Kk<SKUn;q`=cDWr1Ssi6F
z0;QCRuV;(z8tm;*gxx;htl-bz2gyxhp&&V(cZn81E=Y5%3m{T%K+?sjRSHOJdL6H0
z=^md=O_T)?gul^BM=~BSd*{2YheC5;1G6*+LM=3xSn#wBQzohVecb7L?rgkmTp1+o
z?3bfVBhB}EwQsIVD4Mt97m2vZjIst_-@pOyqtUg>JM_BTSo+@bbXjWEaIxx}g-($B
z_aCZa7G4Dyc$}7TO%e^q*jZVn>)OkaxmgF?{2=`{19pNoXYTrh<gQ-wz|G?9r?<qC
z*%4DHcQyX5&lVcR<DcmUBb`+0%a_ADRcqIOr16(~+rC7HMqE3set$aRX+Saj-U~K0
z>KRqg9sHK<@f?;ZKFD!&-v1$MzZZX>&52p)osr$tEl@8IZhGO;el@ywxHt4%lodBf
zCcB$yu@rVu%0iAhx{K_=m-E3w1nE-%l_ba<K#CaucKyc-AJ@$#YJmk8DZk_y%6F|l
zAS*&<ks0d`D0`y?7jgG4zzcAWHOaXR=je@CN@<)D91iL9D@73ovLVOUQ9zG-CfeT5
z;@jAU`K)-qp$C9it5lKq;mt9vlvP9p8;Kge4w(#Cv4%Hf-JVff(HrLXa)yy60iA}z
zgA2dCeL(lL#o(6Tz+f|yMyb#0o(6KSe`~@++D3-qzOsL05R-M&d7f*t<kN`l{<t*L
z+GspLB$Hn$+6JEa_-;3CL@#e(_H}<QFw2ZbOtPaojf0&dI{fJKdaS?M0j_b##o8?|
ze@v6>`v(bZ^yO_ofiUV4Jl;*-EvbR9eT9a_?!+=i%@8n{w6H%s%8@scta(fY#6koj
zdC?|B*+&ltirKSH5NjuCOVg8MAskhQp$H$ge$K@5F?0pMaCpv0(kP9&%`DgzMe<EF
zpB|kLk}!B8wywX?Gld^dGe&<f<8~Q(5wq94qkTB$=AO&N!kwBJ`|Vqab;$N_>wx?C
zA`?6>tVJbhMY~T<2?;-vKMk$2HE(t5Km5V6yvzMldDr>(Udsew-qf!`)~C4my(mNq
z^kYxy1S1A&*4IRU;PsN6^%n+3M0oM#ME#iuDJ$Ll)ZP<+@<mQg+&7CP3HR%;C6%3%
zaVdjaSHs~K<0tno=HWMdZjCsx9ci&O9VJMb;qml(rIhpn$-nxo2FtmMfR`!9l#R+|
zUCo4_BkzglwB4N*Xj|S7upb~F=Q!h%fkqSF61Tlf2Djf$>R%+$ZZtnStxtd(B!ov7
zJ(ww<cT7lqE_^NQ*}dw1J}3fDk)9)_FN{kSEdpzS7n^BwRn;TI`c-AU>rx!~J{!x|
zFW&%u_JnPvJ#ABsy9<!IPd&TB+z!eN)hTPvbqCe0rJS?=e%qwK!_eT;!2oB)+_ZEC
zq@L%jK<x8VE-qisL}?5?@Eg=3rR>Wd(`w4ilZf47_r-jtW|+&TJ>QO>t&qgXZr`sB
zUf$jc**xX)A<VB}>|*oWb2h&sY`Uvrfbh$)NRy>DJEOg?vgvG)sW&LSWet7l`9E{g
z)3o7P&y4jwiXex%!1H?}?H(B1m7HEahPU*^`%}ldZ9nAzr~X?<3~F+)YKzI+)z-y%
zZ6o178D96uABJD_9whAGZogbLEXf<lZkXD1e>>s-O;E?NcOhWRVD)S6o`j5%4Nk^$
zkS0KB%lpk$#(maE%Cf(dA)<3b$YqB4qyR(|_5l3OuH!f;LrYsf)0e+lz~*(fV7yG5
zLY}M_!-I#s(TzJkb{^`zfKDfRyrG)byIsk^%vljMW`Fu%%<1NX@z`7p1f+K-YiCz$
zXh{t6;<dWKjgx2hX(L=`2a3KhB3*LFoU6+ZFU$iIex6#dwV7q@=9nn9d0z0obtCJ9
zi-k0&p;9pjo4O*JReM9~d(H>ZYjsD%$Qx<Tf9+@(62da!c$n{$5kW*M!AAyoKv(aB
z*`~S*jOi(<g};4j#o80V6ZgP(1AZf3>c&mqucK?+q|l%Dr7vjcd>cqeZNDa8>Zikm
zNnyy1Zsk(zI<Ql?A?WUy5~6q8aornh_1HeZ?N44mJPwFHt<;PcUgx|;(Oc<vm1~}@
zX<^+~s~$C17T?Q<IOq38Wl-=89ibafj~uUPc&X}ImJRw$cAe)t)y8hZ-_uo43BL5T
zO5X{@BF7jc^8k7w6TC@6x;4n|!tmXjC)xSoq}LF_w75B)r>D?+s>{~&1`%dNcF<~{
z)ka!?OVLm>kz69aO@2Xc<KnTfJqr!<Jqkbz_Klyu4#fQMc$Lq`pNenyErOy~g(z#Y
z7;}vCDGk%=@OTy_{D`~xlrDLlnZXK9x6WbiIc&uT-kxwh%|)|0td*vfo&@HxJngX)
zPzyemN0VIAaZC>@DYh9+MrbDowI##b9$+9`#q+ksK8Hi?+pH`N?mb$dA_7h19qBLH
zZ867Di)c~{-La1^CsXdCI(N6b-_e8GkNOb5;9luKR&mE%xn*Jyb{T)e#Ndh|qK;Px
z>_5|#qXk+Le=w&8sJ$@?j=#3bMknbeNyJ4+S_x~@e(%fMpgY=w@rC=bhg;4!9)oe2
z5x}6Q9P;UWsPp!Y*r=tvB$eL$Y2=By*sjmOvd1V8DQ4<S$13ajI?kjwGbpV`_<N4-
z_vyxHr*w!I^vF(OuP}|rVluRj{K21)EbZ8wUN~VX6f9^j3+u2Q!??ZgHCkHXea;Kx
zl(FMqb}((YWG?p4x78Y7Kch}JTi2ybp(yKgyhPxw>HAAkxo{lF>EZygf__{S`kK?o
zBs9~}*3#>ghQF7?YAW`iVwk|0rCI66ex7zYsp1?c@E;p1F8Xz_oWWfRI8xomq5_lP
zq8=YPEz>09!h<AmwT|+ob?URpM})K%ok7YBu_Nu~_pCafQ>~>_&e%boXL{lnPT6Or
zm6kW+0jhiX)@{#s{(QZ(fxVN&TH_r7HDpT9_r@+O^abP1`XWqnk(g4GS*R*JFhf$(
zn(Pt;DReG9^>x#n0|pfHVe}<5tu@GWDiDqKr5;YTW_n22c&tbD?Kh71R#-V+v;Du1
zDM`{GEAf)s%3xD5(ynRWt9+>oax2%On`-cPGxX`JbyOl&Pnh?y=G(e*?hBal-kXaX
zcwd|Fiy{iiE_<v-S51Z3NQPE?;hN_BU@%nlZ0RoCnsz1b)S$RlR#djaSJct*CLjY6
zJ&p|keZtUQdt;V$qe^~XL^=(4V0bx&ee0{OTg;6?E*w!@8gu952OP$(aK*NK;gFEz
z>S!zap$FE@W`;ZG>V^cSUmg1_n6!aeJ>lr~u}Tj))%2`6HiMfRRm=TIc9jA!UuLDt
zCtLND!p$o`vnq7n<=|v&A(Zv5x$)iJ`h6-KJnI&gKfXmj&CbvK+7j?Xoo)=?{#G=`
zZg;n;xV!6?lf>3zK`N+Tq|vOCTZD7>-o$fFIr*#5aQ29pxiO>^jI=bwn7BU8{=|V|
zjk`KsUzo#wVv!AX=rev~{|$#eZS#)#DdO0&DuWZ~rR_C4(9O#mL7tYpW})O9ZAz44
z??%-!mgccYZ_4S=0ke^mH?h+<rX3O2^6)h%u=LjvJhDsJRmHi_lkGdsSUn8FxU<9i
zjg(Fu5I2Ngt5F0ip7vs<hN^@?)>Bt95q`y3C;kvuoIun0fGI^f>xqhjhCq(m_jytB
z?HQDHrtlHd8SRmMvCP=Y4UfQ-nHbyqN4Z?+`BkpT7#Rasew5VyA<Pgpy`kRYS22_o
z;u+lEWGfY(`dR0J2zJ!UFZN)r7m*0S=1~Udzr-~u&yKZu1mg=f4}_<R{y3O#t$es$
z_M7{rGEW^KDQYlAqlZ?Yi2%PbG9~-{_l~%t9Kl5e)$l~F-C#EXqQbLyt>K|#@R9i2
zjkg&QkE2`zC4Y4+{=UBPSC%iDNOmeVkYQ`f-Ym&(DXjb$)+Lhb9gqxWLG$ZqB=Oy$
zmb_QiB;2a}@VBr1x&(JjFck9BV+YGClcb8`^AA@I`NYZ;em_0wTymw&0I;Ih>qSq!
z8{Su^SQ%FUykwH(B;fYDueil+itI4=m6`}v{Ze+1I)5{~x(cG6b#kS62W1I~uBS3Q
z6CN%jsQ*bDjqdIyxpB4SJ4YptKH9XL8Q3bSJFLC^iQx=JDh&3B+pX&QE?a&kS58@D
z6RUhy%h@LWx>iS+^~&p0^j+jfq$Ndt_uV1SHuT!$e3YxeR`{?yqf$;{C(3K247iCL
zrgu4t?syj8s1md~&RqM@n%~^~<MC)^S#pn<+}~7g<~?OvB$$EFjSz#BVgU9Gi_BV@
zNI#Yv_ZV|>75#ZqFneLaKtB(tM+a@3d77Q#nl!VYemq9X9s24kRxlG$=o`Ij0M%$Q
zOA3B-n(;aFi0>u@)MZHN(zfPRQx+(I>aSkY#XMDZ$vs{zk|R;$gcc^@f|&-8k~1D_
z*9T0C2eYtUWYu`64`~O6OQwhUbm=%7YrbVZy6i;{foYYQn#ium-;NO8ZD)SA;>!aJ
z$$(LO50OqU6oQ+xSQGE_(5}FSH&P@*ggOG>x3Vt$h7`A5vXwn)j)3`t0oh1wTK1?C
z0|iZ$oX~jdtEt_1JP})g{HAk*BsR3}_^e*hyVNviPOc^J8WNW>`%hOs0zOm&^!7Ur
zxd)(2UG1L`vO&2d)r0)zVyKW}aljtjmlfF_q1C+;fhp3ZL4VvMyuT$@ddWdNYd0hf
zu7#(bjdPFd5?KpVbZf%LJpOl{Ha&Cwa8IslpGFr|3N>s{Ty#ASTbgnlY?RcAU?X>+
zuN~Dc{}wGrfq7Mj#GQ458zznOIKMa|!&t!&?4y44$89RR)A#~PF@|xR5ppfMsW}@J
zh3iMgPfFwpi$foP2Hrw%4~^84(XeCgj#ZK|1`Uv%TIlDxO@to7m)ZGE$Xq&@CbD@2
z1)TuXih?JN<;aHuidst%5(1vxJ>_3VR`+*#=|QfRCw*p0j!H!+Au{D!XWA*5%^g9`
zvecee(g=iewJx4WXNcKR+tJ%0FKED_U9nEy*mS8fH*u~LY@4JpYX`ZvU{@z*i?Xrx
z0H40hi#7HedfdR4?<masqpHUbSP@LL`qUu*OHyCgU$0YQ$8-Ho_xW0YlbBXYLwwU@
z(N(=4ptVQBKA}ZoOL}&bWQjM2j`uK_M#Qrnl9WOY$^hxmo}%|PMomR#W8$vnKOs7b
zO5aP{o`Efw?-wY%^%~<ltGf>QS&8n?+#~lphaBv4%t_!eDb{nJ#QGGAe9hk;KiBYp
zr)#IzRao*fMLZ762#zRQKDFW6swNAZ&-t%2?zpFq(3VZ3DI_dv)6}dV8M-TJLw%-<
zh|DvmA=&s7?gmyk<vyF3ye-kltlRFWJKPnlsV9MBPs?(EC!U%e5`p!Y>30|8saidw
z<Taeyr1LSM`;J!NeU4UTF-=Nr{BMQEC#42?%;cI$MH={h`?13tb~;bfA*RL1&B#Ep
zWRI|s=~0Qxa2Ai7LHavIrqPeBM_o-*QU6$K?G*b-ntmlOvP#}c5^RDDcUF{v(WSp;
zedY8EOJQ*MF+=~2>F1gCMNc)5qhAhrg3pf~Mm3AH4cn1I@zDr;+@zvtg@Pin*nN~r
z9p^~k7_R8=_rFiU_-C2x*_tgBH|^YQ!f#1ueae_%a3oQ=5b2UH{635~v|`Szs;51b
zX)b+CUZ)<9ov?@Ib=5P}k<(2I4d(TC>M(-cO31L5MZ6bI#{jtJf=+m~Z0~r${J02B
zj@JVUoiV>s>|&KhIlor=ns58`FJ2_4EBECM4dzT34~4q5Y*nC7OtPIdweJ^qzG3ri
zJH8!|q*CKiT5gu`K4^2%wtFMe9EX>z1dFHj{OE<ubO;l>E~^2UvNl{o@7mIAcpI;$
z)#JEwoQWyDwzL=osRBghqEjQhf8e60=F|qqG#e%-8Pc3=yzy~S4FeKbODk_Wqw`Lv
zqx$GXYaci;_rfXt(k^zpAI(wKs;PHxaog`~H)ko{ZNe~~1lZ{sc|YFT-8k1{?BN#|
zt+@agy4nZF8`_l3DV+jU+TKCm0h&2M)<mt9nRm2`ui1R4VuXnz1P3Vj?t6a%TCR)k
zJCCGC%;l4BZK5T-*skBr3sLXA$r$h9WDM1Bxtb)D#-04#QuiR;*$p=QTJodAes~-^
z`QG`t8T+2YPmDAhyfpEWot#5@L|gZE^1>bMG-=lc4P$S(iBYZZ*q!+_;Kbq|7(-i{
zjuNA-kdbL9qQwr$;@+CnP8f~c4B-!7r9a344l>};gT3pXL5WW*mO0Rq0dp6PJI#2O
zg9FoO?26&^9eJoM$k{!11kcO!r@fz#cVE_<lh$%m9NHDt@jjlU&~o_Dr0sX!QyD5j
zUW6@Q!guM*`ZvT%u4}UpWu?z|K39L~Mpbs1YT`Un!^|l7p~`oGda1Pf6gMyF$HZEV
zp+M50EXLyf$^(1;d+x=n+E{1=^POf4vb|LG4BBvYC6eshqV$yWtYm=2YtH--&Z_1_
zzjXJh)x`!KBj)LJI-n=j?2GYan<4k&*=FqF%4Xkdru>|-!#Qh#?DQFbfZvZABre_{
z5XzvxG(^|j2}8nKEx>%+i@=U~Z3vPdyO83n`~FTGaB_g7p|%&=(w=?D!Lc32D^{h8
zq!Zo{#SEdf3k6Sh3O*Ne6}lPh_?Y{xez7LGr%1*?idrw+JfSE53D|!>@+~7xevvB2
znd`%Ds^aN|KDTbLw7mpU{yh&|Ke>SL_Vg;f-4gsWA5PmlNTo}tvckTP#ygWMZua80
zygcu`8g+HYnGN8%I)qXRj{e&>r>E{zaDm2b&qfnG0-K}XYifa+KsO0P(4Wc`=ZdR%
z5LxITMxs_T++@G{#oaE==X^w{9yKKOr@kG3%vPssU~-{!(qfuM8&U>^=X&aE>za8V
zzB;FxIYD)M1?u!?Y5bu~<QX_`OJ}$QRm9ny)ZFg9a?q~?`t33u{g22&N|cpjGnuXg
zjHpo)3Hrx(PR{VFd8<d4M??Io53j}>t|3#)(M+A<4mo;``}U8=s18?E`C*t1^D9n1
za8&S%`jx933;<C`<+rF~BSBp~ME;imcAH(%%EXR#?@o{1K@yLQYOsD0LDn1eV%Sz^
zs`=%UWLOh4m=2oB4`$viH=S+|%nMD&2*ov(k0|M*le_KqEYh);Y7fD_JOAKThK<QC
zl)SKk@rU@%(RRF!(hM;MDfmcm04RF<hrr4w{SxpsHeT!VuL){E36WBBje8O~`icXS
zVSwy*t<fodVe5LWQtDn+Ed;l8KE(z#uJ(Hu_c!R=j+G_*JL%5xjp4!#HM#@JI6du9
zIhmb`)9*D<_=>mA7gp9F&HO^kvdxZ4T>Xy`P@4Kk5F=`cBja6jPTy*_3$n9<9&0D|
zql#!<EIF*J9xY#0VU`XDzvnG2V0S1TGS`k2vG>h6QrdBk7Z0ANb9wrv$YPIhjGBT4
zbj4Z#vp6wuXrCE`niH|$ckL}9$5fqdErv6H!8GL^6J6sJdq(J1=UZWxylpQ~4-wgl
zwajUh;q=O#as3tm7TIDXZcDYvB{3yj%r^0e!D1;(csxWrWkot7v4}aTh_~r#3QcEu
z`UK*WXnl9Z-3?h8;A`0^xdH@bmCz+7qpthOlGRJJM^kdiQ{SBRDd}(oNw_rM@76Me
zt}6W8Pd**%OT8!++_7YciO8p$=zXoGJmgx~o!=HaxVV16A{W5g(pFP1@H$|nZF1kS
zFpkrnilQei!e!WRtjbJP+3iJU7+%nM-0Ewn8YGEJOpL~G1x%3foX4GyeXOpz!28*x
z{HCM9{FAa%&IKS~J7ul@Kui4jsS1($9XuVZrLhtFo}Pw=B`QM&763%L%y7c0;@pec
z)ELy!A&N#0C;4+{!!1&xq}p!ro-HeVnq-~M&yT$$<BWw|u&vwp^$hT)WoOA$U*^A0
z#STfY6?5**v2&5ze9h!<R;j^{yalX+2mj*e>VAhC+ty$X$`7X3tIHP+NAequk7{Io
zU3CnFQH3I{ObIIIVMv``m<)}y43nR}7tjjg*XNkZIzDjrq2e)zapP}iYiWeFL#lP7
zPe7u~UQFawl%!XzESp|MWbP(dB%zci-rny?$+VVHLUl%34ctq7)BzzuQuHOZZN427
zUO&EiY=;kqK5o=O<Z5Y7*czG_;gBC+5jsz*c(}W>7`62qH@1YYB}SA>KcAUub?e|V
zUezK4!?@+5GQ1|<$%vyBAFco(&0c;xIxBk{w#75kOJFuZ<a++whcEVyAr;^#*>N<!
zG)A=Wg%JQsleGuvdi1=DBkdgtgtr~(lR3bBL#a{r@#$3D6N|*e>8&hV$W5p=bA065
z@4YB%!oPn1dA#39s@2WQG@4E4*m)fZY2U||`eXs@CU0}Ca-ljj!Ma^H<bn^vqALWN
zGd%b%`+?GXZv>W7oQ>h*!x2FOPF~ce#golgecAm@J0JUpaoIslJf;M*47jGvvylo%
z+hchX8=>e1SvNTq>%QO#dRM?H{%OUxX(p~8N`d7=Kz9zR3UG!!S6XUGE1H{>0@~<E
zo2kwXuD=Cn2z|}Ssd}e+wjhb-uk$HpUIYo*gzv6+p*0#qlJX5_-Fy#5-`^?7V0<e6
zngUTh=&Bv*_Ii%9#qMN?+s0Fr*^T)mRNlCu+eD6GDs7|gMHKc<a_0K;8FwzszkYcQ
zFNGp@^G2PsUgoP1G~Lojbh|&=gdTb%cfDEOr#fF{Up4c>gbb)-<xhyNyr{#;K>sB$
zrk!cXqY`g*&XQ>8C;FxIUS}}@sfV_&*n;RrMDe-9-lop7p9R*%$S#rct*h1{f8EEl
z38*=?HFD>T>C7|U=JZ#G)||1=HQ+_r7>Catc?0C&Ao)d2QKset%6zc<Eio2{4o4XB
zz;=V>JcF>a!av%>B-mf81E)75iE1O53j}&vhmSOj$C#k|K8%@K_;yz$B)F(~Yrb#r
z>?n@H>|Z)^KHz$p6=IE<>U{3}<NXL;=O2Z_SO-;Xp>jJQEXBhiUK)y{LY7ipd7tfL
z;knACKZo-Z-OgXfR6WH8Gx3+5Cv~jeKXxSmL2Mf}#;QwUB#bJxS7!aCd<hCIj#7t9
zN}1swcG6?=<F|E3Vp)@l+J7mOv^yx3Yq=NlKk)xWTmB7*aA$5x87u!U){>a>ms*kB
z3fB6E#r#W-%s)Z#qLOCvKMY37U=B@Tkmop4f#!cWn8fhEg3&)()D{1_1>t18{;mRr
z51JM9e=r#-1Lkjk1?gJSrmFt|V*(`Q1u-rQ?S-rU6YsBp{GUMCx~%fwjQ-}~_%B(L
zeJ5Lr@t=5<0i&XS1twN>$*TXle?yV;fva{TcEL6MC*EH{I_zJ8OjS`m^?zQvr;y_B
zoaQ+4)c%L=AxHZs_`g008Wf4O$78sNVc#MKoS4#OYPDQ9<LQ-UYyP{k#v~4-l$#cu
zzeMm__NtVHh^zwnXs|fexd}bpRJ)8%nY~*6t#&>v49S&5zQbx2V<vgx8TF|OnL{|`
zCgocf+SBNGl}7<X6r=Y1@ln8Sy(ZAJ8BOh-Np9hz>b|WIPITtbaySOdZExqjM<llk
zHx;D#tT!jqc!LEQAT4q|H@N=c2HE`5e}o``cwy)V+r8-lwIr7dQz7dYfhA(Df|JxU
z@a@-+ZR?(bt+gOmKA~V+`X^(7_i!3vXC;U|QU^(kEQMM;?X9yA0d(k8H^aTpl^xg^
zLc5{fO~&2vu07Gx(Z8Dx_yjvMc=nh#izUuLv8G79A>BU)e9{so!<8{Oc^tHW>T2G5
z67z-v*IaX5xt5av!)tpo{`zwD7Q>SEI0es1S8&b2g18j%l<O$zpW>+!DZVE&Jo}@s
z&uDP8u$Oo2hLT_&w|;1CT}D&3Al|j(co!7)7Ur4|FjI>0tU2+Mj4)bsgj4O5X-PBf
zz6JTK8S@J6{otKp3Sqm^In6n5x%6_8qHmH9n_8nv4-~>m)Nw-n@S6S$!kEo#A>9`C
z>aa;npHbXdO;(oz1Qv7vRgFhM9;2L{jR*oHt&AB$@pNU+Ye|doEdt*WTxgx)9^6|E
z&A7sGLhccxI%||5QD9EBS|huA{x}6>1Kh<MAW1cqXxc2mwiNdGy0`$5U{|KI;r6Rs
z?vZFsuu*1y?I9?yygCrvus?}nSEBDqQB88~A3Ly^i6NoqOAs+89e2*!-+LFNGU_pp
z7&P(3`CYJmcsx~YAE?V%7d177nZ-ZI9iKOPEIQi=ud?61oi9Vgkh>IFY)mn`iovYn
zoImx9L{r%>6Z6BySfBCNMYEerbHkMQ>r6xM+wEV^U&>DIK!DOG0noZa?=Ov-Z5z$$
z){!}ux?HJN%+S|ZFFXWQ`(}8z4IGbchzu6Kaz<VDDu<pt*JC$?GBal{H&@A{%nS(y
z99@TiMIu12JoMUfY<?uDe9AN<^MIaSoD%@Xwz+Y!ywe`DeR`zbi=|XiF%Nnk6KZl@
zx(+8dN*#~Kxd=iA5j2~WfxYujB0gZ?G1_WjI2?3U!W%L$nB8Z+cq$6~@)YcZr~T)*
zPN84xBSIl8xH^!nbFGJ*ZHb{Q6iF+YSTHjB?fSzOCwk7+7k@0dVjg<T6Qc?v)7`oL
zJ;(@i;d_ULfLnnqnPq|xyBBN?4lv{6($v#Oyx&Xz{|tc<*N}Je2=!XY|0W1rkhb5w
zOgfII7L3bGc#!OdeY!0q7_EjnITm_-e}l&oUiS}&2P;x&C9t0w(q`+%bbD^;m^2X#
z?R~a@Gk9~(hO4g*aJQd@U61noweO*e911D7ezzdMa&$&ZEV}P%#4VO<M89J)Q~^?U
z3g<re&t(L1kI~{?MsMN=B<yp;cKao+rrSG?_Dn)TG1wUB^yU?T^$k}cJgM6!T+lxe
z0}0)q9o-E5z`|PW`jr`64Z?D5$)ShGr<@3SI+xV?I;y}0P7FRLsRs6PwF8tS=13ho
z-pN`&aBOlN9}i8QhnD$?{V4Q4cF1|>a78K7$LxC~ru6-sNX}G%(y3E}OPk6F=J^a+
z6@;hmQbdqYwEBC=0RV;=+A<IBhqFQV6K@=qLGU!S0g8*XXjE?`oniTHS4RQoB!01i
zvy>3Bpf9eXft*dwc>Jx+IBTmxM+JQ-OC@X<1c<Xn7e(S*o*igwTKzybJw@8s>*B~S
zjxU0IT{p(moAcmzKRs1=cb(7~9Me*=!@!O1|JIaC(0nxbVli!m(Pp%4_-fH|pTy8k
zc*<%u8Cd85G-wfl$&EfT-t|>jct{=&=Lt^xW0ig#$KqCo)F}4jl5YTQ2D%xPX8e<Z
zO!K#^xk=g!(|9UD=tGkJVmIVX?wKf#k3SJh-omiTJDQa4Nskc;4_^XH1=b^0Zmk&U
zG8etpb&y|QYAw%mubO1}IFCUDwkcGuDUIRWc*mVW9X_QPWDBNgibua}sU%aTrJo;K
zb{CZSJ+NU6h@CZsf6YKVD2mrG_}jv0GdbIljSIAskyYJje*R?i=VRy&V0f=XgTb+t
zr+``0qIG^|mZ}kiwZ}gmI=Eo;qO2L+8Pctwj!$OnoIhbmw<oLy70%`+?&BH15}ox|
zBYrI=odMqVAF<dd88e$wPxRZ~A{a`i4_s?^CJC-WnY5M_6%CG*R8~eAhewG+)=*V>
z^n(j*zP$5ytPg=vBU!LuEo@hd4Q3r{#hqL9v$S`9*C+$y1*g?i3yP>T!J>uvTOac{
zqd;691gk{B2Y5DS@q6vb04_FIEQ!|?{+#vt$|qqeVQ=Vmrty{FE_j+fwGXAofZoSr
zV~lB%W4pUMv;Z&7Tu--TTxqjwVY({i1X?E>8+xp-XBvDwgzPbtJA#CpPb+#I>)(Xq
zGRoS15c+wq*{u8RxpcTI(wjZ;F0XtGPE|7;xs-79WI9Nm>%{%8-}Y^oR?()a<Z3)y
z52{q54`82n`Y^^t_H@>6eciQ!35ECKkd;>qPQ8pIk20y^rD+1VL~MF`S^xppPlg{@
zz^O^S=tbc&bv+Kxc#WBf>F*!j*RDT1R)gGPsxjMMYqInrraR5qFFLD{+-ZN*FnTsY
zN8f>aA<5mPUtfd_)<#~H-6+n6TelV$gMGg0x&lvc022kTEjhfVs3gaD5J>C1u^nVS
zt00MO%WcwA_bQ9K2vsxjzbL}TMGP14^2MryM8JP9+PBfE-b8dy3J}PKciGLI=VAQr
z-0^Oz@J`X@qe1fgE|Uf@wjd0f45*i)!Ni2Ay)Mm7wC?HsxUS1A-t(iQ8K4`lP{=yR
z?lTo|aQNdcWxxw1Uf?nPB0j9#Czc(WdEgzp`xxz_?X=y(MF&j0&<xW+&|#R&R*crJ
z#DBtQ!GH#aHebk>)TY4`@AxJ(?V!~V^j8>3UQ=WwCI^M_*TIjEorx37-UxpH$KxKK
z%mA0Hx4%KJXN$@jno1#wdou1>$L#Yra8jNZHoPvMR<txNco$5{jVML#>V`wb9M^-c
z8%MCAwXUyB-`l&!mNT(q+>8Y_#{VEYaGrZ?_tQ9-#<NtLz$^ZLfI)tx${z+oi+*n`
zh45&aY|7W(2B5Pm3{CPXV#VQ31BaS(_R84(rWLP3GmHcwU$~D-)_3)I(AW?Me;sb*
zh(-#){Ewr5V@K$;{X^e4UJR>iz3&3;kT3#&aF8}nE4x$;7~N6%F`LJgh;w|ZDGRNh
zD1w5PVmOYc{kA>3$Bb;z=ISyc@~tB>ap{OV3F!3>aY2W<78}!9SC=j#*Ar2H<02$1
z;&Xq;?JoGV=f@nq{$j{u2OvYS#l?C)QmH3=#{E)%hztx5gGWJA>6c%IE9~dZfMUlO
ze{XUEc<SA>@!kbPvyhZ|{u%|^O>~zJEoGKw^dN>1t!FEqy_1nm9cL}z*=Az04ws-1
zIBx=`{1@_?!V0L1&N-AWhoh8;3A0)C#N~n1Ni2dsayi_)f!7A$r&>ooFt0cMOrkVa
zKbm@*kNLu?EHZwRp|j(_;YPS^lMY!Ojd@eGG}%ALEFt4~>zz2-*VGND?8*as=3)nK
zs4aVWAI)9hs&mViLi?>_HeA?z_q1>I<WGs1OLnEyB552pC=$;09E1P_t2G7X{uG=_
z@zI4<6kiQ?86Qf4A=yDeI=2%d6u5Gpfy1M4U8&pEWw{!(F2C}-$cpUlHpJC&VT<L+
z2Dkk4nP%a*za5lCx<7<buwo_R=7?c8WvE>nvD?*sFqW>NfNM-k?}LYDzPe7^e^1>o
zf}~ZG^OWB-`dwTt2X83_sF<+V^A`>fsa_*cZVT0MQCId>ucq$*u2niWTae{~$Tu%D
zq8<%sp|lg%y7lAHXV6fNqAo^L`X*f{;Nt~K^eX*!8aqTDf|QBj=d*??Gu<@2k(;z+
zCLuIP`?fH-;(+iQJhf0DQOyr04*zv=pjp0nAJ6CYr(m8~<&&t`b3f8;Ltg$7TFbwh
zLKo~;KBVlLITj5$%9#*Zyw0IbU7C%FCEAL>OzW<$0eY_wN@;b>-+*@Hurd#yE&`j)
z%icyZqe&)smgO(>_)Z%rja`)*T)C$$Wxd!@akQEM=$s7DVGn5AUltmhle^2sN5U})
zUWHb`G6`25<$SUP<RXpqTqnKAE<1~&gVc3+N;J8)6zjSJ>5{u5D+a9Wi83E#le9jf
zICV2Vw+_3iUTFn7DN<RrcBSj{;;ZXVzj4L?{3@8@SR5J2S}sr@UG|$B*_5~5-XDHP
zFb!i`Xi>%dDhE7%xML+bH$+OAhqsVutpF8&(Ppx*Z>^?}*B8^MT?^QZSG**Y!GU|l
z2+@fUO`%=q?oRVC(`k2f+T%a>YRaL^B%i4n<wSiF;O<c0-&3x%>8WrbCzY%A{1ptL
zrO}9IO?$Bcf9gAJP0<{_29Om!;xN^C2Z2D#_8KRQnC*1$v2a0upj=J|ZHpg`X3Jxh
zLb0Wxo4_~Wi8%XRNuMeJL70dsMmMgHMU4_Nw1Wb9=a4nl;>xKUua{771L5+c^Xrk}
z43a=1)6}=?T~UAn(hT$4D4vAl_}gG(<G%K4T0XRA$>_eQCc)>;#_vd}*0_s`WijX}
zh~dPkHN4+EinQw3YA26N7Xt;X^ZPzGWX!=pi$McfYWX&EE{}0@wRQv=dn)10RhFae
z3>W|EBSClA?$yn(t;O7(eM4l-l*8>8P%_ZSkqutA5jM@C<2b<-_qgedxO&7H2ZZQe
z10}YQ+y;|VH11+ne5wwh3a4vaCebOp<o89f|9c$Agc2?7wT6V-Qrpt5Ihn{;)3V)3
zm=x_3+ZUPM;$+Kh2<)>>4C|;9m_H{?E{SnbnaE_X8o0Cy70sVaQx7FSh<ruIeKKWD
z(DRd=qC-1piNA?%@kux>{afiD6eY@Iq9;$EOA%X~MzXmGPED!I19J8}2kBMX8!WzO
z$b>2*0j?jNEP`t4Fz%z|^d@_vJ|bJvkNPIqLJvRWC48AuT+sW*?}vlltdC$te%4(j
z3`D0=?q(dnu+oaPne)hAbI;xD^14&`Iy@4*y@ZhSZjpcMbzxzV7g(yp0Y=M4h5A<H
zA*`IrZPO5HhtQN~sf6yyaxe$(^Grlh3oMyNX!QWgdtVeek<#PtZ&-~trrme1(TK%U
z=cRkyQiQb7ODkU^#x-b<7$NhNmVPQXd~b{T)1I(ZqS-~pJ{ke?pg*?www5>!It@Q!
zpwg7Hcr_91s%w##g1)ap1^$91wM>irS>7mW2xYZRs>j(wL}tabGJJf187HL`%Wp+j
z7mS+vmX;0hi&&Gz?iQwD>bcF7-?@2I!?O+?ikpU-)gx>x`x@!_xee}rs_AkWYT8p0
znPDt<R$W)Pci?O8NN<+8R+kJ~u9O2@PaUUCfvf+qN*GDtlHOg#*f<m?QVkHb9ET?t
zXjxU{GAHKe_u;=dw(8CEiC*p~!Lw)mG9xw4DJphW@_dNwbv6099z)SpiwgS6jc3nY
zFoSR>AAGvD=BFDg5eqdViJ;!BW6ES<O-$01iasx*m>#*Bfr_4idmT+7XQXWuZWy>P
z+YWF`(x^}*Y6B{-agrCyeC_0vvgTNsrDZ`-m&|w%(aVd{#cBuOQ~=E?p~NK&PN?)&
zJoLBxms-imXGb*YIl69pRMW)VuMCPL#U@;P@vZfHMP6GMLNRaXi}_q>9<AquBeCI1
zpYnOr0wrYR+>5F8sC6$L-)_Q5mV58Vw5laG0U}6C=TINm^SZf{f^liV^_LYk;)n<6
zGw<oEF)BwweuOPs!NB{_0Ew?k%sPd<Kl4)8g1uI~w~dLEZAV$r(bWxBPAK^?AM)Ri
z;A~cBehtSwMZt*OdA`iZn5q~Zx}`f7(vU?8)fbIr)IGWozRK;YhXwNb$TU->JN}OY
zUm1I*TWk~j16=X^6?um!9Z^BYay;4WIqNGo4!WA@MGt@a?`xMD_Nn}c7jHowL0>Ej
zf&P14xs0cH+Ve+!)*v)KFP(Q&3)!t)pH&8Wi08rx;`%8U)p@fb933a9;;dan=#J$s
zrVl|VEg>@3qO@dl0q+@6D>P?E+fCJHhim^YD-6_&+qoz04okZ~Xx;G#FtzZ6#NoQz
zN}yA*MhV79?`6rhJWJsO_$EbuV0$#QPX<2zC46agB%;__XG>W2n%5!~d)c%#-4Vs#
zJbaBw=-XQ{?Q)uv0nlD+wHMb_9$DUrB8^_^)oGD1TWpAW7jW;(^4h@RRBuCs$m;=$
z)V!oMBM*eLkpS;a9dx+{!^0M2BR-NYQzL^E64cm>p?3j1<2D4o1V!R|Hg^Lo3aR|K
z`XgfC;q<|8YKmi4`ZB|r*c3Cupqd0Yxt>#(@e=0RgJg$XClaJ|;3fB;Fs$ar{FicO
z6EY;xyfor!eZpmjFXmBXiG{wya2bO;qR$?$<5g_iqj@+T^hnPWfB687@hCO6Aau6V
zGHC;=drA6;m(|#9^PzAR70#&5&fBqaU-h%N$)D0}HE!G&X0`Fz#@hZD%T4xK+mb?d
zl^SQPKhg)q+CP#ZJx-yJ*SEFu9Z~p`)oMy0@jhn)_^I0|Vdf(=izpipqe*meBEBbk
zJTiw}*M6b0?>~U_FxBUgXV~2#G{SI1<UYFJyGqgZs0<0<;+>@Ei91zwj%<YvS&QTh
z8QayeBiuOHsIpxK6sBT2@K${<_!&9&UnhS3S!$lI8Iya{MWmiLmXN#bx5<VscWq^q
zJ2QkX(n_2(0XtDxa2EF!dskylNs6RJo6bXcCR3q0e~ZG3l;b#j2~#{meW%~&ja&z?
z0B6HTW#DVn?ZZpmVe+I$sU9yn)AjTRjfAb*--B`LAURweD+r*o*MebS=w`!gowXpt
z5FaZ|SN|@@K;}RUCqosf{&11A?lSbh*n7*UIJ&M4Gq^)=_XKx$m*9cm?(XjH?(Q1g
z-Q6KT(8e1L?hey=p7;G`zP0A}tXXU3U-#+m>Z)C*&N;QOec$Cy5=e#3eQb7&*kM1*
z-JO4Dz&Nl7s%bkO5zy@7b13V^v|A|D?k+`Mwgtptdn6{8#hnxiZu)!SV0L*5gMpVR
z09$Lb`=1%OHO7Yci;;8F*$Cy+kW!Xo_;aET85DY3kZHFB{Fl{rYdQVHmTmiE+e_Nc
zB9+?OYuzuhrrl5N^Xf~b^k^Dnr0WVp=LXoU&c3>|bsn)1*%rR?8D9MZ)Nf?$CmUGK
zA&~M5-oNB}PX_%!42xx{?xe!rr&~BCkmT`%n~7js;Mb%;DuGJ3u>wo0jd61Szr)-x
z&s@R@5lXW8RP^77*g{2m<XVU&vDD7x@v0~by=^foI((6B0X+!4$H+KmZ)0|@+p9>c
zZLwf*VfcJ}^T{>N@_2|(KOi|Al(^5|6P0ojP6Y3HXKK9%mBY`H?On$-rnkKRxKw2v
z^aX}AK4#Gnx4GDys{F=~)?bG#jo;m0GpmDQv^j)8H76Z|0K?K5Y1XuT`i9#G-Jd92
z=xsv%r-gv?-Wxi-->-Mm->s_``C)4#h#}Xnt2r&zSnrd99bdr5y0g+0ji^*qU|JBq
zfcvC39V2iD;kCYVy%{KzrWZE5ekRPMtIJru>~bgPZeqtOQ=lW6R%A`ypyY61Vg{Ua
zqZdOBD%xw{xv}5SNpXLdjN$47Vv9Qng4j4pczjcRHM{T3tqFgff0?1r6C+lUzXko=
zRS7FR;h^9U%j2%u`o^Lk5+;E5k9=$&8wT;m(0M_KU1dK%E#Bol1qzS*^AEK$n60<G
zjS&#O{xXmq9OCiVn?>Ohtmx`^trGm=<;Ll*$S$+A0HZ59L0Qtk_;r%qV82nQtP}j<
zoqd@lmoM0?W5qO@bH%9x0mfsh(w%$na{?U$`{Qx@w^ULJZepSY2|rwQuR*ZH=LBY6
zT)mfXs)xb?sVvSfLluTB4xHd=S_Fu?w~cT78$RliwTk?j4&;=@5ckoeiATNC+g+dA
z@<S(sm*UTdnTSJLlOmUno30?qcx^S<t3Qg%ozjNcpc?JnkQ5MhEyNiF-b%X5qrx~Y
z{ShVL{O-VrT(}ssy!3!^rRX+&0So(e2A<-i@9()OZB|fu$64wh>@k8m<;f2j;*SFZ
z1Q^$Bblgorl-kk(BO0R~O;vVU8d1c)J2X{Q+XaLXkq%nlXPTfM??(@}oye@Pi2W!m
zfLmD>n1{w!8bdb|muE1lz(}#Rt5TU{uh?FS)C@Tk|JOXxn)2CZcIXjr-`Rz#J)H4^
z`vyl!TF0M!G2YkiJnCJe(qHbovebaYc60;aM2%D^QFWh_sdOyx%aXF)DK3)yI-$38
z&n1{Au^%osiwNIpMiTatDl(=yl9gHr$|V^}A|P_Yua7<bv%)ghA679R*Zz1<rKv+M
zEsg|9G&t$Fe_*n^-zKrz=RihBFqPLh-ZwftV4HF(y)9S}qo(a#<EAJ?;?(%;@gh95
z=-u_NKEl3ug86mYwiM-{JL-jDch4(;RNvU){t*z1zmEg5-|v}~I2B1@V3;E83C}PS
zlj6)3r9BnVG?e@59a0rbUT2n<V_E6DM@R`A?~8dEiJ_iW34VFJpTzGMC&enLUb+0m
z-jhXQ$)htdHSM6(mTAe}uZIH08aqeAwZoH<4Au?UF%CQl>(wXgHEjW{B{|_Uf-#sV
zUeJgvW8h75vQ5UzxO&d|oAtY>b{ZDyzN6wX4(eKc>y=*#L$>lbFN-~;AX*&pc%!w?
zy5{d0{*{JOdL)A~@jR{MtyyX^t5ON*TSR-7?QiC@ier@c9<Ov;bzGDU-tri{cnS_#
zX-Mtfs*Xf)5GhIR#ifqF3T}C66+{qRE(X<l-3YW`scCz0KAwhCsG_{MA*D_eeK}&^
zSt6gy00J4QcE$Gz)0e{UM4nw6BQ1j5E+eT~QQ-H@L&a>uiXSuq5hNs=Ezi%M<duKn
zwM;<ylRW)!mS!iMAEU6m13jt70_Iq~JI1p6f&*G#e#LuKNQq|5+ZNK5NMQ7{8L82?
zzd;DM--PHt+yAc@fI!DDmbm8E_+E%vZ#UN5Q@BA{t7in_PUwp&XGC`j=dr`l88eRU
z3wLW3Mj&j(!S7v3zxGeIn&*Q$$G4ykkUcib_|x0LZcJ=R@<s`~{BQQD>=&M$<sIu)
zZlqnE6h~y>NS3_w%Vp5%H>gRx9rw~Z&=Nn9FXQ!HWRh>``Zy?GE5mB`tm(1c_2cov
zt>F0$L2>*LX)?8e3B`%K=gsDI5Ltjc-Rg!z;M)%2jSLV)5hvG}=gs6%oANvhfoAK-
zbR1nxV_FIhQ53{2ne=aszQ#*|V+kl5?XW|Qy~}0oNDDf&!J)ibAz&r9ecul+++ia=
zn5h;gT7@5WdE{eY?y{3YMQO)NiTavUXtfEVqQz4BuLsJRP*#p0r78M$QnfTT{or!i
zVSajmJu-CYIMHdV{Qb6D7{7aER-DJ)oCTWT_o+`kc5nNJ$}B6O$rl7o1;KQHIj=T9
z+0%z0$=01VmOK*yg_(87@hFmyh$b3~txS(*t`^8OI*Kt*tTH%@(|wIn+6tIDaN0DG
z5{)C3kq=78NSd=zX`h0&MVzT8lZu~FR0<_E?t>?NohRFN;TbmnR2WO^)1c$T?5b=n
zDxZUCwvG$?3)_1yiCfp6@5QT^D1%FrAc6nsmWIfs_?HHQ=&dRU|Bgz_Ua0*C=f*>W
zXst!xLh-*iI3IFE8WczMh~u~aHq4WNycm$&GnN14!O4B<f4vxJnY;D=(;$Qgg4U&A
z3Q7M0VUWO>7PL*HucZ&P|H0bdf<V-oZQDZWU&{R*9OUZ|=~gv#>-*mZi_hPOv!MCp
z{=>zk^{YVJj7>@3{0~n3dn6U^3;tzN|AKKLxabtnHtW$AUjExqEG&d+hj+<V{x2D)
z3aCc|p>S10&))wwuz|?6-2YdC(U&Q)7R6<Ov7--}fck|k<5T16)W_4VQdc2ru!y3V
zhFjw>;$+Fhj*_)kbt5Q3*r19L<u1iwaJiLB0FX;`pH|xB=cHJ5R?eBoaJ1uZSw@N6
z4fw1(G^IY}j{XB5_k$F9$RY|1kocb+A<{r)pI6y!ZkB>RVCBm?am2v*R-5aE6d?YG
z^d)t<dyp>5(o(BY@5Q=mEtTF4zTB&@<|Ve(!H!R5Wx`pTSl7iI6<;;s<6JKCZHQdD
z&7Z!-n@CV4M0wsriEak$GvC?D)qpKu7qR=%f*P=ak7i4TFly-|5IsFG5}OI6yGMfP
zXEN(#Gd$x!P>NZl!c+*}dI2YOfBNw2YC_4W+XY_y3}(GMK-iScKqZ+t?#)9458j*K
zp<<0^Uq%q~e_LDjm+WnYIq?jH1!!NQ9KLr5p;^|aF$92izJy!OfwD13`k~e~FKl1j
zRP1MP%$6=&^yZ8J8}V`9?8E(bFlV5y-ly3f$4|=))Pn<oGIpxoaNMhm8+tEaRh;BI
z-UQg5AGHqm=KB+DCy-s!lsn~PCgh)b%sF_O?1b4(_mGuKLx;UQa3+z@hC~JJMszz$
z-h>&EbN>v#cJV=LBQ5qJitWa!2ey16k<nfh)om(`c?Ggsw@(|h+<cH;5Iu_?pvHa~
z7(7A~RPzXO)PK@m*!3GRY5OhN-G+GsIV4guqIpgt9QsJ|)eqXG#4w^^6Lm?CVTa?-
zb}Pa(|MYc{wp$!~`|pi^2)W@CDu-vZwzKu=e=s@m3D??I$T&gBFv+SOw@(2i1N>j*
z&jgh*R*9rsCSTvARpW4ABCeCY<fa9|HG~1pq7P+<{Y%&Sil!NtziV8Yn`Q#gmC3yF
zf2rHQjydM293_0m>CykZVRLq5eIde`(yq->hVD`FL{%b^c4u7qRRe7^URj<2qK68W
z2Y}~r>dpy+i`=hDyMS$=sX>~Z-JunRA7?QR1CDy@++5h)j;<r|MA3G0qo}GA$fx<y
zVu1EzSSk9mC(oMwt~-op(Cy+wnpU5q&0w0<Z^v-I#6KxO*M1CxZXPZBXJtx$MAY=L
z5_3%`nrj{V1OzkoOOI}I9#^z#9a7PNmGP>I8t^Bj3uW6YGDfxshqNt5zwjghVoinS
z{PvB>uko-`GuFzpKSdNd@Ok${;}{{;wW-EhP>x3H>2Px7Cu{zx1Rw##J7-d%onDW*
zj=2gdoI%K|ETq^~^+x@l%zWT~nE8qh1DDO<Tlj8Fp<l8PG@Pu@FfSTkW&s?#d7(<W
z)?TbesWKWNOe?TQuZg_x=hj0ljmQFi^@`9imVU130&|<w&DG^$tyuM7VEq4;K{q<q
z>l&8A+(c=N%G2a2Yzh!_&M=mo(CS($aSPM*#?8~~dOyOxd!%9eprzR02r5UF7TKGa
z?I5@@^e;NW>nq@L78ZQcM7|hYJIuV&)`A5a+>L=FK}QMO2t}#R2msVpi8D|ljHk8j
zllLH7d*0)`yQHD$u12OP*Cg%x-ghH7oUI$yRTOn5o?x;AH?#ie3;yySjeFcFGW@n@
z*GM!nzq<dJ^)M~2dSbx$?uUQb5QZMk#h1a<{tsCnw*hM}q1xJpIuJO&24W1pe?qp~
z2rbk7(}yfbK3&oeJZ;Q|vA<|eVY0L8i{s%!nfMon&+kcu+c*4nB{=c*z!4O{42+ZJ
zjh#ui<~j3nc*xXf3p&e9TR%T6_hCZ4j=6F}y>{E(C$=3RuNHPrET_^X=Jo^G2Sh(G
z86D5JKdyOMGG?g9&b{g1)!azwZ^L>E$O!0}DE8vcaEb=y&?^f>1#_9_aK|opwn0S%
z<-`QNo*J523sy$^HSzH`v3Zt%^J{o#yNDx^Ww$A1M?KKjZ{>|2q$BSUu-1K{d<6;!
z@|35G2LP(D4h9)DY{OHT{63Cuye`LTH=(mDuWDAg-@x?7_q{*TI`s|PeN%z@(7V^j
ztUkm@zj}mFdTyd@>ik|Ut19xdBXC8(g#Wk$T=v<m{Tj!oW;mtW8o3318A?<Ze;~<^
z%O9!i^>GH~fRu9cIx!^cecI+F^OEDlq?oX9-B0I*WBs9VeWKWLc9-B<#j)G>a*8w%
zo_xqN;!b?re1C2LDfsFj_s1hkH>8J+?rHHpMQQUXHP)tXO9JP1KZ@@g2Ylpm-KOhx
z942;8-}(Z*AR40nEb&%fkl!C+O8!sttzRhmC$@#)UQbT1fG~^%W-#G>qa!n>#Jg%{
zwdSA8P<{igdd)|`P`HNyI(!fmMOz`i`d$5=hu_?fg*bcO3dE`0^4`YHI((P{u4DGy
zNc}zGMETSUosF>dWIl`@EDiZ2t*ObcAf(re{8IX!NbT>{+<hl_FG|D;!3cO)Lk*$T
z?r3SG=Kw(Ah4F>QI5pn7JWXcnmi+kh_2Grx$gdXu=sAS>XrE0q|D#VYZ0I?zz}vGY
zEI0Z`Jx+W!H98UCWTFFi-eHPY5tSW&>uNAsYV`Q<tcx6|c<T=FxOzfaS9;E({$om&
zS~59d+EiReg-D>iBYQ~>76zn&hIx7ZHNGnBmWQHX#}zX9;my;4=!To}W7*+#)DAE=
zhyTOc!<JH@3zVywnUwrl302GQ1}<o``(+S&sNaY3O7*Xhd&0CSM7c5RLu@*m=~szB
zF9nJp^}eaN`nkiaejIkr?~#pefmio82W{WwQ}^~FJLw`_f~(W2<q8e)TcTu=Wk9T6
zuRWgM(cYIJ7lD-(ghDZnZgAorS3Ff^F0KsozTVTLSSN(tjOiG4SFd#?)To$~8|-MW
zj{ODlc|aTfmPZlHnR17syg2-g(`AU(2~(JhVB-glZ(FX`uIF)gyhP#$#CT-j*`^1<
zR@wZ<0=h_iHMZ3Qjkb>loVCDx=iR9r%roM?*Qq%xkq0xeo`(Wq1KMV)JGyDH&(CWL
z<(~RihSPR+r)6#BZ1X<Bu9XO)d%cWs-+vqh>PT8$@wER~61}0QUu4_=ou-~G6yHu}
zTko{e-~uHs(doNCrD&wr7`O5gf4rteDV`IorCIKKUdGTK?gnI8Ar3G6Rj6B)VbvrN
zuCGb$3lEFS)LVKY5xxG>-ZNR<O?CQT3UUoyD<e+6TbK^?fiG{(jyiWEi#M0Y_!Y-!
zE%sc{fBsl1zD`*^{&8jG%O1|-TaV3Ug8BYuh6-~nLM?7b#ZLD4z<7VVK%r`&frWQt
zwTX5TK~YsBv}=?T=vBrYz5wp&dO}@AQ+v#)GU9CYJFrr1svmoco<S;glDVg*6c2M|
z`O;0RePqm0f#8heUAo<<yI7aAPB*VR!K)-kwdO$;7|_7a^?W3CTC|J$V4g~gzx6m|
zNmqE<u*X|e13#R)eEBr3>+Ug_P%4k-w@9}p!uW~u3wAu{d`@;;=B6pI{z;WilL3R;
zAAUT4n`Gh#NGL%4FSISq2(9K0qdk8<x^kX1JSbd}1)LcXeW)D)RVx=MF^eN8db(kn
zT6?1FX^)O0bQ5W{5)am&RJNrpj$lC4M%d=bj&VM3K~c`JR@S$Xg@0vq1Ip3ZL=6Y*
zPnsDq=<uU8rD}czu-)dMjnM@prwmMCxsp0!L*eINr+kRRJ$%d(8~L*u{6Po8zr564
zn9BwrrzSB7%@hg>mC*LnqirjzEBg~T9A^xUO*jG9&^V<X2_7$9T*h1gM$*e;;dAA`
z$x<pOn8F_LH_d2<3e5O+EvNcnYHKBWv@k%%R#P*}2um16H0Ome>gF1wA&6m}^;t`<
z{+OsyuS+Kf1{N8E-#Z+m#*KH@>;+V}zWcut;8Wu86;v({^2c07j+!_(_&#hXMFonr
zD?{JY@gC^v#XfN?32WahHSUi@5%1@TbyvjW=f$U2a~NZ*?Hmwv<Z{Dna^vVa?aR_p
z#f&q|O>sEpa&Sh0q^`NSAuS}7boGCiAGZ@_GJ?Ou?<7}Yj-Q=>p<gby()ZtL^QP4N
zguF-3B80+hyj0^f8>IJ#)=qp!d~c)gW7lcnWxx9$SAs-Lqf7&rHRhX0sK;+a%a0&e
z0(+a)WpOtvM}W)-`i4M8qTOvT!aLJ(YMeMb{*n4VlVDPj;tvaCp-Q{tJ`a+3oZeYc
zMeI`8)kv1=FZh)W$K^l;2If6Tb7sN|#KHipNZp#rXI$>*x2;p5FhAyVT@7T(`Pv^#
z)(922I+Nswi2@un#{ZR|(>HvkH%HJ}LL;Qhx+~JoIz9d)0vuO8-PnlaSH2D1#Mx%y
zn;f1Jc3Yb=O#Y#WLKhZ91(7Z7aU$H_Ey!Oa9%Qrfd$3O})vQ&$-qCk%wXa%iDSGd}
zNS)+@i2{m^XO8G&ld6@0cpq^MSDnE|28I&v?Uz!o9ESaQFPyJQ`776F)33%PKwM)!
z632|;_Up#)7M5XQ^psk~XoU9zj%M~cJZJKpPHiQafbvg+h+R%xPIX<W(wvx#-H^jK
zll7NSDAg^G(SzH=zC-Q-MY4>!;08)S_`>cdwraEcPOcxOa+92pX+gx7F7Z~wwZta_
zFsYb$sxGe_<P^fs4@1qfLld0$TjGVL*POye+mm~|x6No=TaakLl_!RWu9U;3&P$Sw
zw3`N{WD38y2I9KAM<R)N4nv6LdCzC?$6A*chv8SWsiLo`ZBqpOG}qb?OX28S<9Y}>
zUZ^#BuEc`jt*%W5lA@nGJ=-xOB2^J(R*A?=B3#fBGUVlbKp7{sL)K^Y^)68zQ9oIL
zgoIuxdqy_ZWRiAh+s|YKbX1jV_GK#cwBoVJomCZ43fXn`_g?a=r0nVJy5At4Jt1^%
z>Ufc7UmR|4&|WroZq1;F{Q|=)34+tmvbQs;pt=fG=9(sA@a{K=8jvBtL!)|2eVhM9
z?M8&;v3$bAcp96<H;Poc@bCn2lbp4w4D-B*WIONPC}a3%O*n0B$kMLelmsfn-A#UO
z5+B(6#l}M*!h_@6<@gV-nY)%Af9yL-zH}E{xxL~^Ix_`ikGYUTi;<4Jiy<H-4%oCX
z!w{GXG=idW!#OR3QT^TknhLiuk(nStO>(0f;*In~VHEE&l}EbQ%vHU|m;RXqS2jJQ
zS;o}0A$HRd6{Os>Z{4AE+agX1jozV@c`AvAfeKM8x#0fj^o&4A<m+1IG*(BnxIX=1
zT9fp4F#~t36>MHPQ9&+a5dbB`HPQx*QrnT%S0*V~&_aGPv@Vx$2bw)<+)z~B18Vck
zd?<-eOjP!FoqGJ?x1?;T;1kpT5Z>q`J-GF;LSi?Aas-(+_VOwg>}K|_RBY_K_zKxW
zEztxxlLirvlDHo0a{W=%+uH$=C${hQ*1Q;IBxrrC8MUCBytC`o(Pzp)ZB3kx&IsDo
zsG=s<B*JNyBBzu+!<KeJt&Dk7m)$5g`B7&YbH&PXk8$v*kp2MYu0F-@Q*V`qczJj3
zvhIRyEBjfO@K&MH`qq#PaG-k;G`Mv*<RxYDufYGots|*W2rx~R*o(VA+@{3gV1D3k
z8OLbcSG8OS1_#lZ^?l-rM3d+WNo~s(re_VIYL#bq%35$XtJpPp>l(e9q>R;vSyr*S
zX>=I%!VYScn?Ly{+#SDi5JxIm-1PHg)7^PA@tX}%MOUDmMgN0mM^NfYjLTa-3URa5
z`4Y^e)24s+XM;2RxZV2fN9vOm5Jb3sn6+=3j~BEygwFbn7v#(S@Fq@@Co3dkoWp}E
z)oPik3s)?&ov7B8AoNM@CDxFhIGN<->(`$X!^2GPx{^IyKmTE&504Xl>Ee^XT*0iM
z3Id|*_+%cu+oF=y(e27&6w1A?IxDe;|1w?ietX#3bBq3c@f3&$%lYAre~|7*lr6OB
znQh~)ylp0-944jMRK(04=m=ZAT^X!&;TT#ucH<+w>_vUt4P<C5YH37O=Qqzk1EG<v
zxq?_vxgfNn6c3OoCytxrNsjb~;y}{x-G(fy9eIx`ll)es6QZriQ9#?2aHZRRWV`$2
z5*}9)?~zz5ir3OGNglVQIM_+*T!lOr@ARb-iM`bAIFaD8?mlEi@`o3XR=pR{)q9`w
z><F!T5^S!2G;F$hoQ2F!ase!xfXYNiMQ9>Yi;_Hg-yzs>yx@Vfm$(eMD~7T9LOd^+
zXwoF^Bc@yCL@$aRh8BxA=9?)usTF@--R%+_qeAemz8n<l4z+rBF0%D2L|*44kA%i(
zqy}GKAj8$Tw~qPwamp;ca*NV>!+?cse4usfR&N(N<GJ|(7`5`yy3@(oozX09*46j!
zS*~VleXa3hJ#8Y51OKE<wKbpr0NfY%6|NL1A~w|9X9xF52EL^MAqK_=`^Jyz-TFMo
zLJiZ}C}DvS)fM=<_yRl@Zsr-w(nUtf5~NM}6b-!0PPA`dnfB>*8G}mRceZrFy6qw8
z_|6-IuvJV>)d$r3B9c&tTXi_Y!f?VT?Jy3gQ_|a;J~i6Vo9}^v>aI^)b2q~kHuxYW
zE!QtyZ}tl0kRC}DP%O*D<@n9D6*XCidKmUP>osy5AB0NiQNI7|iY-&N`Ab^^6Ut_T
z?B3lW&NXx+77^e-bNS%)`s^bvxjCS)K4k7)8=ySsa^|2TvMPa_AgzYJo7uOEZn@<O
zbpKih;mj7T#XBc^z`f3+oSVNS0rVwoYa@RrDgLrbrbAnQ&@!MsSlGnkHY+*SaQEQg
zczMZS9{_WS2hf=p>~ckLouVJMQA-|}e%tWcvK}!C^Vr4JS#-QNca?%u{XJB41LIl*
zXV-Q^yTt_Z4@-W;oU{Ygz;ws5FA%8L*<<0RpsaUr>_D=Ker4kOtDG4Ab5c?Wl!^*s
z!1b!qzD#7z%#p|6Y;VK*uu^F^5WoE}1eQPI6YcKyL$=_pHx`1~*<I%cDbDHS5P3iN
zx#FL6D!Ha(nWdw^+21gQ!=jwUqo<RtZ*_L|M^$L7ju=fQvJ!O=RA`M1d>QS@^_dpJ
zccVY=?S#?kH6K{gwYA!9`B}!9+vjJ?Lv7mXP?1UiOAX`YeVO{Ct~)ZwjkA&I9n-SD
z$7bZgZ~ShY+129PB5&rD$^nlT@f7(mdfpBSX}<T;_;F2Nx8HQ^(;g|`prr1d<Htkp
zf)3Zpz!6wW76DnJ_;P)outU)5<qqnT%j47r5hU<z^90FI#|K?^6(Fm8>gB9B$w5Z@
z;->4$(c`@=f`R130vKwEYufUNk1Ij^===<WRrKlspB1D)aed=<cziy{;|ca>E)qX2
zrF=KVbp9mp^IwZlXgX|63yze@ZLkwMGiWv=u#~xd7btb#MeE;~X2V1Z*uBF;?Df{z
zDatET<WKHXo1cr4#w|zxfr3sgxC#_J(%7{tvjm*`X$m3deVI=tk5O3%`FALGyC+_+
zh>uK07jww#OdE1(9CrBP+@_64CDEy=jRiUF>suLosN1gPiQEWRi!j%hqg#Z-K*XRF
z^cX~7I!oK*x8C^yZSQLinhlMo`mzRlAtHr#Q4%f$w*AF#PxuhPkJ(L+J}K1{i;r^c
z#l-?11viDTac-7iQnT-h7*NWHRzldQE(vxI3nm&mY8yI;#IzlOINw#p<5kqfze7Uf
z;6USq<`Q^1x+xs0b9>Kvbyk*DEI6P4sd;!mm_c&6fctQI5qRJ~<Ue#*m){^z49C*n
z&Hs9ppZ>%6s_1JHI#-(`*B@0o`eSD&Vz<{3*dMPXwCQ0A-ZMe0?+y5Z`|g{PM|TW)
zVl0-+fK)7?4Zh9e6N=>}U0x-a90uJ38TA7IzV6uX0SE)LGDI?s+dZ2bB5Oi37NwT5
zTUyEO%A9v6W_CYLM_lwu!R>=KYVU`Qb-yF{5EON}qesxksKq6%&WP<-iL&tuL1;au
zO1|-&hn8*(o;@@aA1)PZS`l<;&Cn!JG8p_?jno|OI=&6I>tk)QxbaCb;a;)46iBua
z9GW%w!<6T`(MnOq2ED_gAiQvm+t=2$2PPw0$TTNH8lYpxh>ZKPimEn?IxKn;;=v;D
zCH=eG?r(bu_<cdo-g(PwFRfoIzoto<Gemo~H@J!R=95;(d#1>4eI|p40oaDuGq3|F
zAb`F(I3Zro%x9Y<!mX03B=mN}zp*|_APD%-vQo&WHWY24gyAOGRFpVKEK`N%Nj6)U
zh^w+6C0c*lAYYOGhMNoix*Oa0ov+U_#qm&9AseTlzGnjmUPXO%m6@mWXa2>L%m59{
zkM9Ef4)VIs#b*6=e%N~iyOJ_xwS!0Ulttky4UGwtX7pD8mrwZo1&|}(ge<u$D=T9<
z)v7g3ocB+Nf74-ZzOQC?7&-j>^TVs>6}mBzQjoo=?FsEd%iMsKy3sSk_Pi)YkidKx
zeaizA#n~}XYN=xV{R+WBxSZUAC9Y1;zcqKoSXOCn`u?dsiuNiguF9Xc|EArqAo7RG
z7K_cSo*q2(DF}ZKjijIX!9s+eM3hr7q3z_Ps7(Jr;$apjKgfMouz-ITT3}|*Xted~
zXpiIYT`L-MuAA-+!4d=*UVLm3Qu%F3C(qX_blH<<S3ZojoIM_LzKujHv#9JnO-6ZA
zD&llJ%39CL?VD&Wloe)8#7StD$c1oLM{2QV(LmB=R~hbyw2!^&G|tgE-s%(DzWE`k
zD;^DKOCpXcJl6;5M0FHTr?SfK*G)X~TU~Rbj?mS1d`khJccu!E`VzmEH=300fTRg0
zOA9uGqtax_-{UEP1<w@_7Bpj|>-n|Uw+cOu_;lceko1xJOGeWqcJkiN7MGecb(!;T
zage?>LqQ1OZsv<?iEPRgV9peLP-=7<s~ScR^ZIj#gmGTls^Dg}u#ir>seoV-8)LrH
z_fks0)P9NmSXy5d4Mz&U7XG4&&U5;AG#LqbcD=L)#o-a*?bIcDU7g&#bey|PX7lpw
z&xVB|ngCx&39>Ftw?&jpBANhdN}({m86ACDbHRNFt6&g#l;sAq0p>XF;T8PL?uuE#
zFgKkUe5O19eGmE^bCX)K2K8U$D8z&QeMjzae!1&k;@FoAdjJ3b{2xW{|La0`l03@w
z6?Nn@oH(kHc7vu3R=UJzJ2nDgG23m!9sXyP`9YBnK_rj`y0>%murc$X;knP6p<?hL
zGZ2?8%VU!zvFwt~;dmC*OQzhx8^61YJLA_sMFjms5-ab(Z97_9q-sH7?3t^>_R8H1
zI6EVaY$7z%t;f1SuqH=4#r?oAhaQpl-(B<6hk1Y2#1>qeqSEdDd{|56Ka3&T=8KZ+
z-GbDU4(Bm>2;5~CuNx8fIA#8m^Y`EE!5fv_gElE%9la3lp9}4|y44*`5XD^)X$$A<
zKfScF@0by?=~%0ZrFtqRq(Nk5cC)^s=B@8Z4l4e(s~nB147zNLHLfqmG^3vmn?w^e
z`$2mSScJD53Jw_?^`J#iai?tMVsrk=L=HP8vQyHhNjGMSsTY1XQd$Rhu=xkLkP;rk
zI7xC5aRuF&vDCmIz0C$$e7$1Lf;%f0|1vWK4X@deKxL(0NFk;H#Xm55$;SNWpD;Q9
z-SLv|O(4V|n90ie<}*t;ypnl5QUc}s4LID@j=Yq6`^Lk{T2>Bvnu5Lv?3CtC&S#z=
zD6}GRSy~EPl&EGSykmrv2MG_mxP4Kpb>mVK{>(JyixP1Lhe;ob5&pe_HnKT)8jHKU
z^XDP|FL8-Wy6AF+2~Eh@I=g55FI{?;DADUIzM9@|Kk$v73!^1d73<@hVxo)`;KN@1
z$gUN1HB@M?+O;wS-&q$lW;v3b7TtG~yvl$c1PWcEfy>0nLY|+$?+{vWFE}j{M;BIC
zquMl|9px{xVPbRV670=Vi<K@Qj>aQv-`d_uMtdm`*@$uipo9<cz2uP(R8vU89#*S@
z*eE0e&5y5{LsX6131MLX4%Qb^zdjIFJ=&>gX~jY(;hhFtRx=n#2HG;M93H>H45uk-
zRF6?lNNP9`Wh2u9aA9Vf++AKoNuAkR^Q%KVZXaM<r;qpEh%lJD<x3aW^n}oMXB|8B
z$tqh~ptJe<yI2s>FJ>8Og(F6xurCgmAzlTD{~!~K{_t9fKj1=$E3Wl>^cg24AMJSw
z+ro8v4}(vAI=z>90>e$M0vq71c`OBbBu7Wn>cR<OgX$!d-6gLPzpMXwI3G|Tt{p9%
zp%O7HzuPn`ebg*BKEcKUqAyqXb;)`e(h}<_8#r?i_y33^8k&_4-YG-7*GN1y+-<rT
ziNR(ZYBp0N3nN==y@Xos@WU6lvPTHCruE+9e){Rv4wpssKA&pNK^V#l2=WqW1zVN$
zszG2rh|_7rfP%5QtR@t2FOf;XNoG@-E)}&mG2OmDS=#OzZm)Yl--@4&>egxjdd)WP
z*oQB%bi2IFkG~9exGE{zwVQG?=;=a+H81<heKQN!?e=pL$2@(B1-@r~dVTF<8rbgU
zI1#SWVS~|gpG7lfBOH3`<%u=xAcMV^FeF1rdn2)JkKL)&e|#Hut0H*uNA6`kctydq
z2FKP5o*n%o-gdG^!{ya|H-fq4%omq9do{$1LCIeWIUg@HkR^cRB$!CIU}>?Y7t{MD
z$6u{*e^U~^Qr+|{*7nnK#~x?%)8)X7=BYI@5GGGIt^rZgrC~^ftGyOa&!dg#rDNb!
zH89tUnx=HqODo9W_4c^?ak2;bbyTjBY1F6Un_-i7C&(NA2Q0Do`4@J+NLX6y>84b2
z42{l>0J^!};FEJ7XBb&N<VzlyO1E;e@L!2{^BMsB)1eKNUa*(x!<}q2%FZsFa<QR{
z;mWwKV7qg;{Fng-l|zn$gw}_Hgq<syLHwhE2j9*dA~Af2#X`EFW=`guEx%oV1I!TI
zUiGV8B@9?88)3-WQ=S0Exy%`h`yKkFPq1RgH#ASz2}O)6As2!zgzZq+tUj;)5zBIM
zNk$3`VefujPsB8PT-d0(#O)KD@pQmQyN=w^t06#=%^Rq=CqNgxZ1XzO_&az)J__Ld
zmw)Uz(HuSF)%F6mn!Z#yKC>OnrguH`!})z-&cOWUO7P)BGw^xQ!@0O1y@{~D8)HK!
z$6&CZV)Se%j3GDbCKYqwz-}~amT&~+-h*`4>+w5(&qEW;$Kwo*@epP;r?_D=G_^cg
z=spolYP+F(H-9MYOtlc!a3$>y4=Oi)r>M&GbU!`*Vg4BE$b0qZ)f>NV)7(Pm;K`^0
zXHH+o!;EOCx}ISMp*zAy3!^_)MI|DKqpAw2ZCf4U{*$~|XT}V@teFev!Z-s<56Sz>
za8X;EC2rN*l&O@NKbf7`>ml7#S&DABwH^Y|%YxKvd(7^1(^>5qN7odq1;5`>A&WJY
z!?xI+gZImH?B=DY`|hG<Rc|Spe9+*K13{BNCDTVx=+?&`7ci^l(Bbsz9wvVjG;RF6
zM1Dd1H4yEh&sdpOQvG|U3Alt})3=K8r87OMo(}^nZQ$nQ@bV7A0Meq6zp)ngLU$)1
zg>hwYmUyI+jeWS1eKIGaQ=lF7<Zy*r)|qX$Tby%d_?5nPJGP99r+`Tp;EEH*m=k5f
z4FPjr*AVr4-;BP$T1^!v@c8Uc@H8-B1Eco#d^|kmtUb+6J91W6HP%{f_DD-bC56g;
z7iztII*fsbkC1mIa0V7?lVXV}<f)k>l8jy_v(4#HWqXp7UKrVrO+r6%zwl=<#*LHi
z2sVdHLD24oG9Z9K6}1z_fbvRj<WbPggB#FYZGAyMT0Pupe-t)a7k1XI)R?_9F|;hu
zj9M8v9+(1gQ+ZI>cMbl2u0rhHm0wyD(>00P0mTgeB<6UUw-+(v_i_0`9LFeN0iGUv
znDDkXic>3Bq3sMZydsJ4e^>dkgX7+}*=Jo@JaS!T{v{fM7k_&nu6~ou+N;@YrGBU4
zsSP;L{y5?ybE%M)(r>~_ieWpXx3!%QkHLdqJyuz(9otOSVK_X;R;<8Ug>emKR?`>e
zbd+wQJpNqoqQDzQoV<dDt%?t5bl?}~OtTr=B}qxki>h+hao8&9nn?{o(bYtb(+W-k
zpIw}J!^Fncx3yce`z<or@<5ct9T-i($w1>=#55UzqN5aI-P$eb9AhP0_nlB?mU_f+
z#O${KYxd)tkK%(a0R2PT_yN8ZB!4vR*VZ2AaWE_ZCgWn~c7LLcB(SE$Qm|mPo>Ev%
zM0}?(H#E0FR$TciG@ti9cDy{LC}R4f@A4%N*Uo$4jxUy8*QfiI(T`shTtxr!!A!Fu
z!FAys0YD=6q@HRuLJVF-Q*w8={e$;v3;||kBqOF#4YQ!33nw?wgX=<RpxE)&Ijg{A
z^!}G9#`pS5NXHP`;MC`&d{ulh2Il(q^i(?>hA;wu2w$<QT?18>S~C?FJJxy!Li*!%
zM^7Puh44fKDHdx;y|pmd!FQ^p+9ZJzT&i84m;KG{a=mE+C8vG%LqlqGywZjAVe0}E
zBtg3La~yy+F94wERR!1S#$kXB$VB3oZ4+dsp68%DraRA*kF=7w2$`?85U7>9);4w2
z&P7bl)Ks_GT;MM~>^JrX9=OxgMp(pLC>Xy34Uk(2^}JtUGfNNW1WMh*$P0R@18%=E
zMTNLMV%s_<G}3VY4kfgv!!-KQvjBwH&^lwtc5xAKB(e~r1$YEip&`2lUjb}%Uwb+d
zR7yJQ9ObbX_=_;iY8WJQWri{fF_A=gCc@8Xmae+vx<ZIq^tt7=zoZ!OY=+;Uv7_M1
z3VkHY=<OsDsO7OL@4iL6IIjkd+VbuvCqI%uyoBL@tPWIM{LI@3k3AhdvEu+v14&Ph
zOw}mhtD684Pr@WVfveFQH_e}W>$hCL9J8?|sfeHNv9b7>9@Jh8l8~-P?4^IUo<A4c
z7o`4WfINb}<;)*v6yt`2_?(3HP3!Nn?$}>yj`yphp-Zl9goLO$X2MPgM-t)91PgVK
zV;U5c%+l@)=Xqh$cfwrj*!n*ii&KbfpYtghYF8ZFFl&kJBoBT_Ud0g$!kDG5Z5#0(
z`RW>(r;xT9j^{`x1=B@+nVzCi8zeIhwy|y`q-!^gec(+rF;@E;I^^xV2rSp@33-W|
z56UD4GpMKz=Zg7Jw4qi}H7pWSx1rgF+?vghQ<@HSTgg)OR&4*JrWl=%q&MPVMG&4k
zAY$s@K5XV)YT-#VigvO7BlqTw`luf5o7vyPnl{CEe8R%sNY<^D#OtU}3=%}VIGkf`
zP@0|0Q}K*Y=~m?hrM8BqZ&HB}XGmOiWmvW6fBGhyh1uprkbZ<iu)#nSFnGUV11^ht
zc_CIqR@IGd`>nj|0afzr4jX(^Krtk;%D0fkAyzC2b1wURtY2AbvcLe$t)#1b2~l5b
zuPQvjD!9TJteTMBJmIpRDdG%O)b@pKZ1^ddA!DqIyH<icp`69Yo)uU$y;fZW3Q0@l
zGaq6@W|^RIi$Id_;>^q-mURc^n9Za>kT$@XlnEguO{M!@n{FEXeb;P}xw@3|p%pj*
zwJJJ`IB5C1B@<eC^0mCFlfZkYv)m^X)@eKRT<B8{ea_{ALwQ48^qZ_qov#rhaopoC
z$0Mp1>xy9?cHjGyn0~;%IRDF?>FSv^;4Hx*BdXcm7YggJ0k7>NN&JKbLqCn|{$|>K
zp+9`)o1q2r_rv!GxiMxznb*-v00gOX<dM?ltd>f|tac}42x#1SOXJWujsi41e7a|?
zmcYLV9^xMmA^`4jS+o7f`G5=myFg$bp48~i<|pnO#0q-<2{|9#M~9({8bvq7SW@((
z5u{kGe_F&l?aaraZ6pk8N|M;QxZjO216b5IM5d5gOpc56=s>sY6E6?i?Eq2O^P_y!
zS+C(Qi?o)C!Z)0U$Xdt|&P!zC)l3JqKI(~Q9k$^WWl`0l1|zt;B-Xq{=RW1GYe$)=
zsSccdOWo85m92Mtu&>WHh2kD*;HPd++Esp%%+G!e5&2VXH;l}ZNVA8ic|h#GY&bP7
zP2@w11)pEAsc=|1uAt<ISmlAkDEZ`xW0~>i^@iMDyQ}QPqpJe32e?@D!J9rXkx&q+
zK1&;*{Do;siyAYDw}CCf&2E?ng@r12m+<%T$$+51CA2HS#r8@&zfQn_vpYPbh<Po4
zV42?&e2-h=C<fLsqt{%9$w(gt8opNtNsvvuE^$s=X6BWp94GxYY!>nGRruy)74bc%
zn;|h&8oxozhzzd8yeWM@V3~K@ShJYMbD{F(@-!D~WXp@O`ZS)=KS;}My9b(w<>{zt
zSfJsMjyhlR<~L?kQjoqe>jqj;)3;WaNH>>R{2$lYrOkeZTOe<Cr;SS%pAo~n3eJjX
zU-ou_GM*1$%-=IvKMc5OJNf{vQof+4r(o5#!FXZOjoPFz0s$`?a<UHA<yIqvg5GeL
z+^$s&lR_b11Ic52`Q+wq6xGX13~8L^gS6M3O}(r15l%x?+L%ASoR<S(rTaghKi!$0
zs_TYVE@KbcAndx|G4ow|V#|MTHtO2S$&2Ae*0j9E$aPc1oLTEZVYJ_?u#J6mo+a11
zI!Gkz3fk!;CtP`x=0E2hLoG44kXg?N30e6*chb#Ay|z?~tko3}<yb$q^oc`lkQjD%
z%eMnJuia5#Nv&<?#C+#*dh|+<K&Nte^!2WkS_0*W;rtLaBbX~ADnh4eWZ0o?NKWWI
z48gb0PRT})Xw%s~GxacmxCk_;{t+OB`L%>DO=1E!CBO647C};y=i@D^{=)0!vX_w5
zNP;AT+6+b9)h{WnXJVIa@?ND}pu}_RagwFucbZ@WatR#pt5yzo+g_*=-&2xiZ0nRg
zRleW4YM7wfGJYXBmYqLVVH5D+`kk@ckKNIWP+B{eX5G~YTLfi!r`fihGq|kc<nq+E
zJ?;MMi7gVX7NlU(!)6`YlPFiwcXEj)L>Ha)1zw_Wac(T2b)L#L1b(d1ODaQCqJoze
zcF&C<Z_K?8?iAU;pBq?8LHmWhh=x=liPXpjzl#~5z?9Cn*$a37Zh$b*Y)usIn0Sg+
zla1eaeTrY#>kpoME>i$OQWEd`EB*l4aq6qoJPZ`c;n#z!QBIv%p!=?zX^kYPkEr(y
zn7A71vzL&=RC41CKSzHmlp|%kJfoTs!RmpEp|5m4BPb_hrG+2{s0RQxd!c2nxh#{e
z5>HD8ER7^p!5B0R#T~LxIy<~NUWOQ%O&1HOavJMC>%Cq=R~>}Q`iRos=yC!=W;K8k
z)KE5(v-YyqyrwG>cyzZUEjtr;`;YTs%LW#@BKU0Lvs;>Rlpyo!J}u_n23TymgYU_q
zhbkfwF-JU+CO^@6x!8>9#RbThV;-_Kz_9^>a#e(5hrffZPS3cM@dH~aE%;HHVvz3<
zdK~4bdtM7z?Q?6vw74ajGz63ySn3NRk*%htj_0Xw&X>-(12|vNav{`meguec7>?pb
z8j5oV3|49Ze)Zk9-!!E6aN7@8u8$5fgDvWJ0;hZVXg6FaFPA+*F8qe#Cd@NBQ(z*Y
z+lD}P;I16S!Zly);e|farKddHloGgM9UB`PPCG3F14nejyT<+(?k>wzMwW~6X!yl_
z8*xb^PMH29Oa=IG-cbkzc?x<#i!{O-!|1b|Q{bNmxBU8g2;pPZ!Pc4_r)g8C8m-oF
zF8%-*lmMOBm5s642voci04~UR!+}Z?`+{DG0_gGuSp}03MKg<qHGyt^no^)d`}MHr
zEWD=3MJ{To?hEx#TgirMy#4fPUsrm|avPSlx)Sup94v3wo-#%sMP#Dgle7IVHap0;
z5K5`2L&T|nUN<SHhfz}Aw@~KiCT4GO`%w~ma>GZ)>JJYLK8O|G_n)rsTKwXYC*5~X
z#>d$B;v|NE5pFAFzlc-%sz^whgBKSUC3IE)X8AGC^6HyDZ~n+g6{hptdcR6~O+57S
zRgU5!lxi-lzdR_Yz=lCkuIlYENq)HB;Edn}jsw0>SPA_~8g{6-5kv(E-J`GULHQyG
zcx45u01XlSF9W<*0CyNh(a1faA6Az#VcfJ3FO<KNke&AX@`^2aQqr#WY-n!SHU18W
z=%`!n12`z4yI<av*~pO+NTnDd%Sxe&x%u0Fy&FNY7D`ak*#Z1F;J=EK=um(73v=`1
zX3)j)&zDA|ghJf1Ki#?hSJqNQnm@pcr|DV!UkQo>8YqoLDb%g=Uonk2?9a>C&{SQJ
zXXif-jr!T3M9(PPcf0=zbeQnKX}XFEN|ygeUGx9YZp>Q?Y&y*2O`d@X{@Q?pYzH|V
zMg_;v8{<cOIlbW;fvv*o8!)VQOtHDJOf=H4LGH_e;?gmairEA`lkD%IEXexXT_5Wh
zGAm|b=mrW8Y2pVgQRG*{l`feYZT+SI9OQ2CtbMXm+p@fNeK>t-!*q~SmxX%)uCX^Z
z4D3U*u%J#JtxojRo9_1|tHJJJksOR4a^wNPf$B3EZ38<5YPX($bt}^P9kA)L==T&k
zsdTcHmyt&t92|ygLusl%OA3$=LN(R#Osatn)ehFSTyu?EbCEld?rmEX&0<A!L^7F6
zxAqp{A6Q!>3m7F_lJGL9^t+ncrl+7+pA(E~uCp{39W*;Y+9?th*zhAPEG$EcsEa1}
zT8!dwTV*lhM64fd;7%LN>am2uXOE=nvCDlEK9kJ0S%3P*D5(#ABQLG5B5No%dR+!z
z@5Jt5lWPm)oq&rSIMUL_6_uofOJTM#{Ovjc)D-%uYdyF<Qx&ac?N48<U)=g!^(m`h
zT>CT|VU{|`nL<PsRAmhsF@-CUNa0n6j3ts$<dO@qQr>!ixjs_G+*oHCPr|<%iDh_N
z>TOnt;DlR}Ixd68=9TTLVr{aLiVU@!+~v7NZc@p*?7xa2sF5_8L(%Uy?48_x`?n)P
ze@?F-uqx+;2h?!t^R^`!0?3=NEW&cO#e*9F2Z75wBCY%oy1cFH4?HZ}ZXG*7yluR~
zg&$)xDlKr8tENH2hRmwvcv9N?lk`{Wi45$YuGn?aNdQAm1`hMPmPk<gMlS93NKghR
z{I1Yl_6<I(m`4)O53Jw<#*p3iPAA9{Jt$a9kkK9qZ5m!Aw7TvMjOpgCHKYSO;{1jL
z+ATA6$uA7Q2>-pT`ldeX!pGfhGptnV?RTV{U=5<-+dU0a1)tSaZL;H^;jV&gk@9I5
z2HCMUG}<ps4*KLJzu-gtwrzc|G0|H>tl@s0mZtp<$<Y&Y5!E&V#gV(&wlYzFN@**u
zZz8om@&G&(4>yVV<sc*0_Q4^BAo#7U4$JnWJ>~6@+eq-Ue^Djjd5x;EYYSOrCsGFA
z%#{lX000(OoAi<sT4M9XH25Q9mFV0ZC~g$9g*HwvX1=HaTf>76W-FeIq;U2K^|wQT
zRED?#zcF+pBW*5RxpV=L_~J`FH!kTVGBY@7@|wkR86G2Ri8}rq3Z%<q&Ig!-5^?%z
zpa(@RthOFpw*`+n>JG6h%8HALD+3MJ^tir8TsaxZp8vEvVVpwq&rV`z_;qEYT`cbZ
z=G$BU>@ASJ_l{cAz<3yR3(}|92q7=8bJP&ZQ5{+CtVI$C^0#>jewI&Dm$4$J%X<Gr
zsYb3dg9w>cD`|hX3Y+Z!CbF(ZDnKay1{$;iR>k^;(r%jW4ikRj<KZDXFg0ebTutb0
zuUuCdFh|_6t$j7GFA(Vb?9x7LK1M5UB#gTTFKti?QwuobSc;BDG&VK8KN}5E8B$ql
zW5?Ty<v?OR_S_+6^hGtT&jnV(HZGsAFV)mA7y&jmkTeFJC$8C+i|UTK;Iph0=Uvgh
zf*uMO98@#|GW1LgI++RkIE_MGafd2|a*`kn-2|EB3O#@RTvYb+r}+d@b^;m}u(YFN
zt<8I}LM60d>0|R4b93<J*Bt=H!0(uv%he7)CCnk5%!{oSlJa`uSGqz1eRkCO0E@Ay
z8F{DM^uz><m}=FkyGp%!rGsLQ<z$oKYlc1D06}XiaB&e#RVC_^o3rz6b<X;%d4;$z
z`EWX*Ar<|nc{yPYPU9MXn>i-<p&rynh@E7c<+!X+u?0wxsSgjz2*yI)Uk&yV`^Bsz
z^#)jA54#4-aOPwnAI=V66-sAQWrVfNKaEXH2aN)c(KYLh#f^s}<*Ja03@|)bsbGhy
zP3q%;i%SuP>q|?au}iAP%S0j;I!F`vvH1;8Tn#0ep20FdEty}_x)6F~YQ=+fGXEyf
z{$?U$Z*k)lbKY;M3_os2WVP~$6<_k*QHZH326hsmeu9>q#GSS7j!p@a?2L>k+}zv}
z_*H{DOky0i!?A2qo*R3gKcA?p)<>39Xjbi}recMEZdD4mxf}iNx%;W&53>Hwxae5%
z@|^{CeQ;WJ*h9t1PVebPxQS`rJy!SMVQv*PJw7<^ci6#PR(^o{enjOeriONJ2BYU1
zp3-YY4`NRKQmn`EfPxyEo#hNxt%w88$b;)vMudfAun3M+RsdBU%*@J2hveks%nvd>
zUP&rq&qsEFUf(x0VOo3;v+i*^9iJFFu{M@{F?POMg?6j@{f+oNDrnBFk{vcMLw|7<
zu;-Mm72sUK^f@#n5GpLqC+MVA+rE5VtV>nFi#cE+NLO#!{ruIYk*3LK%yc+beTZyG
ziG5>p)0S%`B1tEnJX(dIYNUajx32CAcB<^yif(gGhjTNq56TWWM$YQTmZhQCmI?Qj
zX&f|<ql4X;;Jp9``#_0)bjdh8&jJ%I^;mux4$$S&h`K}aK0G`ex-IQht={Ya^Rr;^
zm!2sCSbg{~!uJm52-wM$jk~+MBOYIjl$Wi(3Q+)a?eR)os(qU^QHQ{z#$!#7ZYRZb
zDvan&0c0pi{r~`h;{MjC&u>$_e}fy6CO-;7<y74f%W^3j1wRa%j*)RRo7*Wm&9*DY
zbu8;HtcjF_jP5O5JXj%@FJf&?6B6ZOG;u?#t_PHQ;qDv#9tCTExV4V_vA-;3_NRbh
z;Re)&ru4xr7`vFSq~AxdkC>V*#tivb%miGk+F|KW82Z*LXq1(eaad)(u{Sg=M23*7
z#C1>wyhHA$)^VBTa5;cCkH!_~FRNAo-r!TSt8nL~7{^++Vgc_^1u16tC`xglg;n|v
z<h+{uaS6f8Oq#*-1##WQSs$~Xi8qk{W=VfkLv3K70Q_(^FRtC`5HELZ-W1<0I?;0E
z@e>~FtH!TA1u`%X`C>pKm#Gx{Z34OE=T)s37eL-%2l--99Pe}-&&48VA&~VW8VBb4
z+~10aRbdkP5YCo;?rj<3pyQz(uo9}kPOE-T<-89D<66zQ5CrVP;^HBkArbvMJ!SV7
z^f}-HYWy1Nap@OgYqCB<FE{<Sr80++0!|pr?Qg!QYd!9qfrq*d9r<@|pxMgwQ@|~n
zZqH?*;3M9Y_9_!^zB_U%<FHlQrvItSq5jn_==4VxDX(`B+CwOSNP&d-Y)r5}AMd=H
zI^_Ss-djb*wMAWn!GZ>NcM0weNw5$Igy8NL+#Q0uySpT~ySo+=T&oJV!d<#@@BRMn
zzq_CMxgTqsG3xAnw#~KnoO895l)TMu-{>1kr5OHg+`cpV1wCNFZtptx(_(2Cntg<{
zE)-^^wZfYPp2b)s1f{94ZoYg>%k?q(VA*K8V?0+3L7eKwK1yYk(9}!^ri)~4p(B~}
zDNZZ%k$y~KH`k<PHJk2vTK^v}fT>U`^4U$ZxFbQ^%MT<zeK<lxZ%lP|a(=<43)A?i
zm77KxPEM>A$(tr|Im{+HXe&--hVm1z4`)_)2Qlk=q79NomvRm5Q6BN%_BKIS8=xMb
zSmQTY4_|NpL4(TjTMd0ARzTEa9QEEcJ9nA%?~v<x0$`7@ScIw7BGE|;h=W%n`Qp#6
ztYiauX6{O#<@vx3XD=)PevThg$~Fdlm$kUHaKN7aihmX6UTgBv*N&G@dbybqAh{Wv
z)yQr!zc*bP@UsLfyYKrwQmcX)CI{4W%3Iz<&gsD*>Ih2f2W&bV_R;}FLr~pB09`$$
zq_<giT~SZko8c*T;!ze#2Y<v;h%^5p%DmK`nm&@m@SWFPlr#Y;eb8)ne6ab(4YG;e
zi-Jy_QSf<RVpsF8+5ybNAN>^MzVL|c&tcy`pH!iBxKXWUU820z>cp)+4LP~Hul9|$
z)t|=P=sI$8_xYXPS<5)rPJkhL!O<b@IceWYkatm$JaS{-*7t`oh)FRRsmA+`RjXm-
zEMrssd&H}+2SSy{F4eYU7x2zV*cH=5-<=}kl_Hcw^*q{m=5J7;{Mq0$FdE@0Y~7J{
z;#smeCs4oRu2;BbJ3y|+pci(8$BU`C<_9Nt&*-M0P{Ir`>-<ED?};yRc#NhzlKt%6
zn`(ai)(w%XYvg8yaoY(a=^FM<d<Ao>y`t;6gruZM6|py_X)`WI3qZ!^SUkXBaqMQO
z2PuJ2*U}FR8VH40&@MzA-Na-_@ks42kmR6)58;U`c)id}YqnANG7x`3=YG$<*^>@w
z!5?4B$xJ9%%>+?pIwd;tXrs?EH`6fjTD~S@^f#vJ#O#Sb`PG&iNzK~aNO;9PM+2@W
zWwNdc$^VJ0=;M3x`ba!?9W=<F9lkdV3rb9DH$O4+>3OySr>PT%O0PeaYqd39Rd&Yc
z6q<1<0i%RKckf8Gg*hqe#1}dS0_Ec?HM(cBZTg3tYESxK5g*4=>53<wLAeIttE9Gn
z-cgd!^X59LCSv*N8o*GT&svJPD*lX@<<lE1{g~cRT6}~Z9fWDZpAyrAKUFt}X7?@2
zZDJ&jvosQA%T>sL!as3NGMHOKP_kcMKb5^V0|#J^y85#od*$ar(O})FwVi}qzib0H
zML{#Ykd^87)fCcBN^7+8Os{o~4u-Enj%vEJ<9Z19xz=6e$jgjw+T8b5H-}RneF;$p
z%^H&fl|Y|w&N9#~OO}q~gL{AM6JZQa=p%LXOuNO=SN(xDRJNR%0^z6OzRzN`Mo6yw
z#;-@2XRDzU{W-gs)Jj^Bokfy0);F*^7rn6{-M#8hz9mk1G^q|JlEHK8lCr|_9~fLk
zZ{Ku1Z&vqG93R-(a4pAWd+~K$MQ17<IP~DY%dhvvc)7^T1^G2C)cRy@%pm6@F-K1N
zC#SB3-F7`=vt%WHRD=Yfnk`jr%g}FW$e#P;@2GV=GU)q9Q+%t_Sk>P0K86Vr^L#`b
zPo`Igb|n1^rL4QDway$32JMdNW}6(x?U)-8H_|(HJ=x~sKmLUK-|0wEW~^Gfe-8A0
z*iuPN?8TYtB^JT}vfp|mbpJk;P8A<GQwX<xBF8abx(6$EMSk^b!G67^u<Zf0J|kEa
z^o0+*{}|VyB)%xvZ45oH%(auYGViHz-wC8l<i%g~yOB;ZRdzlYTz7dgUGrFswGT-A
zgBbnNgN^<uR1f@kVM?0r?S73RKAb~<4wBn^z)isy@EDxX-Co8kEw6K8AIh}T3*l~l
z`Nhti?)St?EaslciD0@ZyZ#T}lE?O^1zs;62YLZAeUxM=pp`iMNRP^YNBw$u@J%xm
z=DI!V@Akxu#%ry)QIEACtZdIQy>_UUxuo=ngl{`rDRcv;uC7iK<!yb>+?KK}R<&r(
zSe7Q<W&DC`?0Sv-&_3;XEbD!#uvG=|d4no>?Af1HX8)Fc1}$<qc4!>{&J=%=3)ruV
zjAp=~xC4oAJ<$c%C~466qjx-vKYm->2>+1QnW8y_9>ZbQY(mpb8L_*o0Pmv*Pjiex
zc9CCyg!g1Nhj;hr#u{w(ro*2}c87a*xTB!~SGdYoywC0lVIj=B>djQ*FxKkz+nU{D
z6@{*nuh3!D`~)4={_5_uq{@<3QY(*s!6BrNvf>jpfrR=sFNc%vp5{8RiQJUka*gMC
zsH~tH8o$A3KTCORT>=?#q1O;aU<4i=(!wd!2jPJiy}^Y_UNuIFNn_n_sGmJ2bhTP%
ziADnlZ|bLH24-Z7gX13a-7<z>^n$Bhb+J_dvoHpv^_oqms{l=*Fq0P%^_<uENSi8%
z5z4GwAw#&^B69;J6bIX{$RoLu4(t2f@QPf7P~@kj&+nL#KF^_+bvwiS7P;w)4TBj?
zqhc^Y855LK-*TTvQ6UqV7hi7!^A4!xntFemjH|HV`U_X`;U9w3e;YYm8GPq^l3OGW
zG@khLez$8PjPSe8a+2U79X5)=;+)^M0UlNV>`o?8lRSplm0wqkTxv39zuCu%I#T^A
zmO+fybM2*1K%Dbv_|B#C@?m=;FhLFFV(*WwaAfnXQi-7FSblJK*JFfXBMJGad||d_
z$3^06nAL(Ry~b~&%FwOUAC6$*z)z$HJx!^bJvsm)jc;G}H~>02FXzHQEf082CzNkG
z-vYc*+^1MD*WH18ySshu_IPoW9Vy^YEUF};*NS28U)oT}@;&84?%7!0C8tmZE!#o?
zw(;7|fD^aFW*NS#fad)BjZQ8>2|G4V3?pa03q%1OlTD0so!QGp?a)*`Tkaw0lzRGd
zxT)yeAt|{pz^2=%1yj%)e8FPovo6J)Xnu$fjA0YZ@KOpf`k%Zi?g$TZl(nEBICQ^d
zzXLqw*I$=rCAIrwir`LjfJBIB?J!|>2`N#TLH4EgHl=j6`v-OLTe;))Cz8Twr<t~T
zXlh7{MW+r0PfC!*&y(*GY{bXv+D_IRP*B7&D71<u{_}w1f`>`d6B-xxu+YZQb{KZm
z;1D2+iktUGjvU$p$FxuTgj4s3X+*9M%8{y>A{N$T!TP>u=I%^saQIqbSVEM8>%KO}
z@0}+-D#T9l*6*&VN1!3PM7SyUkDeR74NM8djE;3&L&xkmd!6sX-YaxtSA4G?7{t}9
zKS@)0f%xZYYy%lqa_18?p_mslnduzVKuT|&=k4>|NWa0DRDOpdc9N_Z)0USxeh}#T
zGJeqBY@8a<ka%(tE|*r1Pt+(D&fxNo(GCYP{KEuQEz0w8WJb%9)eV{v0=*t5_swL3
zv)pcqBYr0KM7pvO+HXoY=A?=AK<p`NWi36F#Fi`crf&v{tuiy8ws|KxBWq9mT9@Mk
zb+qCgY;X^Fe_(I-g`<@E6$O$hZ^QX_gSt(rgTK`cH!bh>jWzpVQM8xgwrbi66z5iX
z|Fl2AGIYSb>>nojwX&i&9C-V}+;x>WX>k*qpW|E8P~0OpYQB4(QIrI~<fd7ko*1|9
z4}~a+l6i_Y+r@LDejeX>st#F^9P`4`yTXD=q9g3D<ntLkPP);PhY271T+<~#dEvvP
z*hJ8xNn&*;(rDHS-NW;;u(=%P^%KJl4a(8K&vLhx)!vo)ovKTuaMR3dB*C*3z25DC
zX~+BEHB^4u?tjvK%BAyk-hQ6#_xxVW1*bjIqYk*6wyJ>sLWS=Wi#aX>w;C(h`=NiA
z0(^~=Ej{n7&%y1^aC}R(SDBjVIIY%Yq4wvL*7OSo6t;erg_Z5I(rm(CcP<KN$Jghd
zh<#@96)0>r+KDpdbUH)EV4%zMC6)`jd=k6X;q9=-QP44R&Jk*}VqQ5In8!(6<3==X
zO%J(KkQWH&9J-Zq)@AIxQodWP_9c(3(;YG(pw8$z?Z105)}F~Ws2p1I-ZJ(x_M;7B
zG*8!RI)A>~y@m8Pcb^09o>=_?oAujZ=roCrUFR=*KU_;`TrBKn^7b9w9f50_`G;Ys
z4cvO$tvgZdD6syXKL%XLw8(aBh=gULmvu#V#~4q-eP7?n?#=G~d^YAbsnEwTe{=W|
zuaG;z?<nwYPMde=12L9opq$@glSDO`L440b$v@}4CQ-r65B(tOX3gVcWE69bi{nr$
z?WovId$HX~{aB1HH>UDfR#7$AB@D=J?pCXW%`x$S*K*Zz1DMHs2LkDt%zZ+$eSCt}
zNFU$q6=Tn?{heY2mQn}P<UR;L9d&Ppm=a~3m+=eTTO1r862%$U;7$}d&73N1zdi}e
z%8E5SvA9P>H2xM0kNArNIW*xx5H*^oiV7AU{Y%3j0S-xT&dAcs>|CCeSJ2+9C9?zr
zTl*E6eY<stOoPVH{8QJbo1AK3j{Xx-wW_-D<s1eORsRv@rZH0Wb8um!#SUo?iMRuA
zM0Q7P4|H<%E@!^OutH^RrX%Q}uo9#UQQBd#EOuJ7^L>IP?!0Q)ous$Iy?%;2JUslw
zFI852LfQ2QW~e=~r(rb|2Q-6wPP5Cx?d#xaxO{oiPRibchGo`{DMYZiLDma?8^~VZ
zU$q&9W~e{d+R2xfm$|8*Gd}+f62<&!)m0D7l$w69y6WE9R(R|JyVf*wePDr*7o3Xb
zSF6p|hGkAopr$>tnA3gY9e_bGuYVKFu~YiN#^-`z>1A&tzC56FJ)W`6%!{5&-S-Vd
z)QSzUYQM5Dr_4SC0q~LAaS!+qn-h5Wm@89yC2E#jce`JBce23Sav$(zTg9g5-A;FJ
z;N$+_#EWF@=Qr8aVo}w0eht+&>h$&;ZR(tCiK7aTUAfw(HPOOhD}3viP>95hax5*@
zTGzv;?ds*8QOaZ4z3YFjL7;<_z@isk6sFhpH!%_d8Y>d0y!9cAe|&|qhUA3^7mSmQ
zmi=TqHjYOIR*t%ZFtSslNt@x+n(n{6QWNR)Td?og$A{$09gPB~KHlF`462L!5$&2R
zB?M%b*$>FFcyL||eoJRTPs+Wt)lvI1XQw$!bOSB-IUEcAtR1GhG1zjq05Ec?g4zUS
zDrK{PjxIedVceXq`xaL#zqA>8T;PKeU!7TZ+q_tAx82RB;=$*kaku@|baX9r?QcRi
zpOL}oiY$<#$g6+*)BCqS$l4))wA&o%^d6VQK>=R2G9lIF>|e&4yMq`zvnJiX{R}<y
zopZasI{Ezgd+sD8Q`^$PrDg5dZB<)Ugi_Pmzj3BKb+Mj&;ZC&*0J<*yp=L^3=BRV?
z>$MN$)V!srC>Ap5rHu*F81_L0*X>mgy`yMFC#cQ|mH(A-`pDVEjRoZB#3$&C10OW@
z9lV!(D^BhSGA1P|c7J5p2ql2rlReUp6aJ}qXgcmWLd@jcREBjMeCvI#{Tf47{Q?vF
zbf`&M*q9??L@%>fCtL&6r5F-s7eq|<NQWD4i7~f)Ypsj%%pfBE;&#A3pStoU6EnvH
zVxv)KG#^EQ-N>%o2EEkjiJ~+p08jjCR<cVlrSvb9i8X@sV}KI$y>VQ%T*KwA3Yz<!
zZzVW(w&`=oue&7Ir>8lP;RqzL&K{!kN$8Y}CYQ3W{*W1L-qNRo8NGb6TFVFq?H9+V
z6F*Kl;(`!m<;)q(MX<eb-+LnM?U>YSEo@j}-G+z`nCSqgWxv2TGIZkV+)t0#UkOUc
zCWYMA8HV5DR&UF)Xn1uTW-gBO5OE1gn#-UH6~EKC031y;p=q@}5ysDS3H+G<wiGg=
zHI~IU!z})IDjavdxXDn=WL*pL+w|o|*>u8r&&+Io1y3nUGzUi)_ZHsd4e77+uk%{(
z(|4*fy2R@$v>Ja*-;U??G4luY8y>GVV}$xWVzT+&3BwKW^O>`q*<tiGoPTfimLK0n
zhNLBMA7+9+tveMWZIuOb*rt`)58(?#3bt-uAHK|odKP&!I5trM76s=w!zE;!!}i5|
z2RAAAbRok9QjyN@duWBAh~;~3k2U57RWwoge8k@@6iAd}Ad%t$yKTuey(R51w*RV@
z8S}AJ@f{&p@VsrggB|4jgUm}oF__c!oZRcUgPVy$)Pq>vea^jJqc#2Zg&W1L-Sy|b
zr=Y@hA>@vyuBsIV6`$qXO!koDY*{i?K|}c69U;QqlTEV@UT*W!SH$OX@td|z@<hZX
zAj9{PCT*h$tycdz&Ly?pT%&h8>QHG6CvX0=XxI@b!zQ^<C{BFFvfveQK62e`JSDsl
zIv7bn(uKy9%kVW13IggAdg4?k!&{So?BOsdY(=Z<53UWL4u{zI1&0@``h~M<y!AdU
z=g_?t>yJ2m^?C)T>&>r;i+hTQ!jrPUBBYDoV=Uc52x(#Ht#un<RySXiDs=qbj*X2`
zHVXcY-Z{9DCqjPjVs-j&OQ|X;`A<y9cc^~*xhdL=PVjQ@al4r=*1}Y%h2-w(T^Oqt
z^3zGGC9*yso<<sXaKamwXMRrRCxveeLGCAd(UcP}#jh5*X?gg~h>F>MWD|S3;q|HP
zGJ1MB=&0#PpKt%detcM(I(Hmp`e!u^GNB+cyN;N;Qi`E;yC>71VAZDw4OxV<ctGz}
zSFDqnzd!l(kMkkf1J@#W`7GYi>#IV0@e3M_M?r<beoVyQlXCn<{D=XX4W5<2)~sGx
z%D>rqgI%1ocleO9VD*TvZ6v(>{KkMBQGu7Ca*a`?Dz#%jGP4{CX9q{}<>vLUrRdxM
z%k`lyIcR?J+y0a#lE$qn4LCeB?tJ3)!+={2oisx&+0OX+MJwdf%ON+~UXOQ-xNWV*
z+jboQ6ZF%;As1Di4UNAiL@TJOn!?;lvC*zEn}gI;m_6p5bf0?}U8eM0oyNX_bRgHx
zM#vrxlf-^)=1%|F`is2E+!v7`yTqE;dWi5x{?_Sx-KbPR2k}j^IpKQHu6>m$5t{U0
z?SdJBe*=LYlR~Xl@q;G3J7lBN!t2O|#cM~lV&#>%0ysTQH<fB?eXY4K@@jLYdxtI=
zIUdrb<|j)6ySw{Vfd3h0YA@$!;e+ZgJt8g$7WzzUrxBf=z8CWG_#&}x(3dY?wm`I4
z+?^B`ap?<CwMfQaJ(&9&5Uh^Aek>d!`qp+%cG=1Un%c<<nxeW@Uvl8__n<)NJ*fL>
z@>#YQLSLkM><F`GT-?<kG+KjVC>L?36zG0nxpX_N^aC^Ye!$vAp#JP3z-6g(_tQ3u
zPK3whE)mUg*wz?D@!u=l2|ef~ePB{0l07Bn2V-NJ7*fFin$RC{jVE+0%dJGHu_yk)
z5^PY4<~BZc4e%2@zs|r3Lf9@r?kWDW&s!{xX5Rjn2UPox8<EAYH9QO1eAh}Shh3oi
zGPA|J2R!rqiURDNogK!!)J_$q@?bBmAWwhnG(6}HgQ9X&{x>8tGBRlj11w;Q1md@@
zXDODITcI(MSYiph9C{@1p8c{2ye2D|&Zx`0W|#^K;i!%0*9gp-Kji+|^FwtjCZe7O
z1Ezi=&G5p%)qp*-^;=b0f79!qekYo~=p5{p1Y}YNSBye)jgnAyLr~rz>I&qRBxjln
zbGX)ccuQCwYvUee_rwb>nYFQB$mBYf{%};rU?&}^QjDax*b2*x*M)_q{?*h|<Q;VW
z2TXg~6IfSp#Y9#X-*1m7_nCzn=Ljx+g>1t`F7$qHoyOF{T3uVyDSTEdPn3yKu2zAq
zkA~7L2*0S9*~WS3Yintt$+_R2uAk)yL_}mX*PQK>vsjCunRhS8DUiI=UjWX231aM_
z?#mBmj()Z<9JREYM;%h=S(|-x^pagewmqg)XpQK4b5%(;MD?R)DL{<`9be7pb*)%{
z%Mb6^G#Rsc8w4^ko<_B7pPwmtOH;ZBy;J;qgCvtKr(L5WHGUOnV`C$oStF0NG`sY3
zt?==ii#7Z1;$mJ!C3(vJ($LSC-EAtBM#A{kODs11pJ!_xVfG~XpNFk)9E!wzY<V48
zzB#R9X~fR=cy_$SuUarhG!(6)NJ$yu^bgCJD7(hZ53y;I*=75vyo0@sk5^bzGi{$R
zHag15qJ7|3t~zS`se+%$UsLWc)kKOJM3Nh;&SH2#ur@y*ys)6g!^=xl-dv1)&wyS~
zQ8i>iP-P(o!>|`mw%BLOXy~esk_sqAQm4{ViTL~xnOaH*RgNmfF$$-*wBN`mm7O~~
zbK+g2vtvRsg;1Sodj(a~^{@$O!yz9t^2WlJDF$CHugXM>cnrTMS>HlHI@~D<ZD-%L
z{T%}n*|CvM*|ixR#}V?xTj1Ap|D>H@X4Qzgv2pj8r+evFgX%>q=v~?ndyQvXXCuP0
zOQ_O!?ZDX~V@4bC@V+VhG{rdtx&zB11e;3X9~H8DV8n_xd@I2<=DwLVSg=4wVx)zu
z9>f>GH*{2xzRWcLJo;xH#)%}ofuVw|(r372fnFoy5Y5g=&g#;#9WqcGWx`x2!`pg^
z7TMI4N9t01Iin^NOB1q71gkyfy0SwaOVyxIs!UcS4XaxHcfVD``b-4;TJ(NCa<(Kj
zIoY&AN=horfy2mIIiXi*Kv`=g%&n=}n0xVq42j6QVWkgLY(J_bWLIUA8u)w2iOk-_
z4j?^3=CJwOI%-x?Z`5yJUA8#e+a$Az!dhE|)`$2G50{5bnD-dDhJvuTys3t<V@9{J
z&V97DhPr|#yfcb^=vK%t^EZh;I!+B#X>sjYd-Kkv|1#Ha(i`C%(%=>6Fz(Mq=ES&O
z4lV;Hc`;mmnO4z=Stw|&xrCGIh!MqI8f-8#)gStjVk@rYBO;>w3@zX4zpQAm609z%
z_8VQHc?4B^7ZIN`rRf6^&&QRpVnB_%yql{lae#MFfzD)OeIXgqRmr5KC^Ck*(wLQb
zvWq!4N}E<3_^61$<=9y%=E+S6C*AaEi)sjy+~Wh2JKcEcdU|-tgb0uMP9Yrwg^hJ?
z^8E1OeN=_DghsKhD;9#<n9L8>q6%xiOcWaw{9p94$P*^8^}P^dtzh*x5n&1g)F*?p
zHnO|uF_E<m1jCDbrxXxTd{n{uR&q_9b+XBkV`~Yu=8BV%-HZbWsb^nk_-AXBV64JI
z<y2-IG9tl!XQ#=lyhtnl@;}0tyLpkIALBQK%AX?2%<5QO(Mv;<n5cI&Dwf=nYrQ{A
zhKNVtz9;`00mUMLm}v))bW1!vprFzlI#Q2wIlM+Be+`3KGCH=A@2af$bprO`!7REN
zl1atyS`+6N-|3j@|E`0psB@|D`7^(PMiAQW>@Ey6xvrWUW;%FUAK5xYaer)zi4*Yp
znuj1d63CaK{IQ%&PtE6%)YhGBt?swBT6YDJCX)TNsmIp1nV*GLjjI~m@aiI18v_vD
z5;2!}7NuR&r;gytQ=I=V(JKL2zWt1z!5kDT8CRSkq^HXIi8>O=(K}ju%!oBoVEjFZ
zg_=dXHczSsTGY%z+?RAynz1A0C&fZu1x!`fh7CZF<dIH$U(`C`y=7B3z3tc9FhkvO
zK^omBcT8rLkk3)IC;Vf)Lp}!qIL2bs_#}N-E$FM+NTUn8l1shG!-gcWt#&&eSYK+T
zO*30^*S!=5c-ZQ`)3KC?{V1qGX%Bzk;NmKMg~A7DZtaa(=NY={P<R1#0ZZSUUpQ)g
zmSRKJpeMOC9x$f*!pmE~iTbo|s6PrKa}R@gT1lVk4q7k~@!^ZG_15=|)V`*UOE_)O
zpeG*|=XtOL8_J2CbC~M?#SMRNIE7#>nLB7cuIXomVDAsqNNRxPKwVi!ex%)O=ltPL
zWyP;{;ltsN66@7_{}S^I9-veQ1$!b|6a&x;yi8&5zpd;+qqBeT72)PF&anRXufM_m
z`uri7A5TtduIOLRT73%isHtGpnoNVvlfNV#YAEGTg$3_x;=jKqw4mpFeUk;RG4vr6
zcE&|O&tT<R6`rsE{^qcPzItk<U_R>KcYb&e<@<dd{653;UmGgupoBoHNHy+~e_#0j
zp#k;I2|<L^R0{pWMv1My6@26SC>;1ZNxoUtscxexp7`U_+;5}bZ;hh3sf15Q{`X0Q
zkfD;|ou{T=A?t@{ES`|U8lgIeQDJpT0N*FD-azgDL-(99%+!^Lcj_!AO5FT!-=i{m
zDsVUAs!?NAnhmPOQA+0`5mH$L8A20BV&O6N=1#1C4EnTd0i)AuFz*HIOo8x7c8)EP
z^zYZ=w`KqCv41HbN&g5T=EqYA>u5eOVh1u=2i*TzyP|<pl;g)Xb#eI<R5oa>A{cu-
z1gwsj`GL;y^&?8#I8OoKClKzB{(qer!b(f-V=guzF4xJBuQ6+Lu=J;(3gNP=f@?Zg
z<Hoqqh^hy9#$jG3{Woavu=Q&0!)UoF7Hacfyie6KMxV?}j8kj`_TH;~l_>xX(V<pa
zMKpwiL@iOlku$`x!xm;bC9-!MX$@CaJ^!?uhXFcnOK_Nxd8-g^-_aVAZ0wECn5?>v
z8xhCy1eoD@m96-pvCiMTncCHu9V0H3)Upsu`^Q{?y|5GyI<$n+?bRfli3s#1y(d#4
z{VU9%8KkFP#+4P~8MW0IbWa;)hj{Sl$Cs>6CPI_;OCFoky+`c-O)*&L6ni9qMW}Ll
z<?{vs@$ab3D)c*%+;p`O7*?afdlJrb4@<mqO7=BxH&=jxsnnk(l0JQoTy#dNnm}9g
zT_?_J79hC63TI#SX&0`&Z`M9Ld8UFVOqnwr_Nvkd&YWTi$WGq4_HqN3#x5Ewo8wYx
zEtRt9aaX9^T|;XHg&(OI=#}`GD40B7R{j+<{*AWiplw3zB`u^|-N7K~J1R_O%6KpL
z<n6{7;zh9zgHw$<J>)zM6S?k#g)Fm={LVcvyX6tcZ_s@&lBEn9u;-n}t_nMqi|q<%
zcSD>Wdg-TbGq28$y{%#`vX_}@XeRc1%=FY+#gb$^buBL*&L~+4?KgCX>p>N^s;w7{
zqVV<<9pjQ-w$sGUkNkIx<&mKamD2$Khz~QO$E?2Khb_A8vH+q~49AU~Xbc2$P7GQG
zUV}?B6%5wB_Na{0#0Gj#ZLNKrt#bF<7~9lyItiO~^un#xC}d!Dmu^DeIy>J&3%`dW
z=61Ef%6(Z6^AJAUjpS`{YbH49MOq=rJbUVL)#(<BMK?4aN!uv+cQq#}KtWklSfw?f
z(;NKV8(Oc!q@6|j+E!JS4kgDO#?AIJKXN@JhRph-c~L~4FbB5U7n;uw8|MS~-ks_d
zx(aISb~*vEdRqQ0Axs;(@fwIXb)K3lab!==|42sf6_y60Vs`RtT5xmp#Y3wpkZ3+L
zl$+o1g4dZvaP?F-{Qq1>{rw*Q?0_-9&@?)&$NLc3Swn|yj+`v&ocsm{5z@4MU>_Mf
zlu%`+h-tkO!{<k5*g9^8Q_oJaeH&^IwSK2=`rJEuI~x<#k(U0BFt*+_t!!3WCyNep
zFffNx%T|pbB#Eu805$z5xGek=IRPTYRmJZw-aV!K^Y5ag<V8X&LH!k9hpP~rzF@W-
z06RgnCB@?Nll$9110?kd5%HEYX4=~)|AA2t$dN#*6M52)U!m8CNg>9d>0IoUFqjl;
z+G_Sh)pKLgL?wRrM?vJG4@Revk;EKoZ*A(qDS~imzfpYEXtr9NZY1Jf!Gxxg_|KO5
znFhK;8#7wpWCah~79w75@nbl&L5wVE(49yvp>@Qm3r$W0R{~<}@kD&oua7nUcRe7L
z8k5`qsRx|;-}Qizi9%UyFwdZAiT`yntzZgBFM#Lyh>Rs3)+6A!5KDrf*jwE1hH$`G
z$kH%(BY@88{F!9@tm`|82pe<O@hUTo69Vk<?a@2KaiH4T^W*y6-8#GBk%RbZaN?(F
zxPSloGZnNGb4rA`x(sB+FE{JV=abwzBPHSQ*8_4k+bGz-3oI8hT5@WhFzR+-^KUv5
z`TDN@@CMrqx<fk9R7^DDM{f+6SEJyre%PKK_bvL>zKgC%S%C7L{vOxg6Mw4lDoV6|
z&a}Osg_hyU_`Z~)Z9jSXLu3~3Q!{@UM6`o!T+Hk3doC~C{6a%#MA&`ngP>e=-Q-}?
z5mv_DhiFc35s<`qe&JHxFZ|p2yX8=Uw|1!n*QEZ1Bcn}V%aKg!U;nO$ew=By%QJ8K
z9ra%&Q>JbdnS-#YUg%ZbY>WH#;~&#zHdX>CUeZ;kK4x^1^3`3RY2Qt+vv2jkHonXC
zvmmHkW@PCA*p@aPjTQW4?_CvxR)oDWX(H?b)Xo5gc$ixMeE9D`;DEKH>d3Z6Ju%D8
z0;)l9)d4q+SeccK8Xf4bZnb3T){y9$@#zKr8*p%8g=0!rdqv`i!9!;krqKVAVijCX
zM<|sQUd8<*#ggKG|1vRDlN^ZGn4|pf$)!Tcaa5k+^O54^UOZQd&C2$1pi10hsy$Ol
zEePUk{mzjgC~V+Qb$*jy7V<ED(`}U(09Hq*9?=g}6St1L>_xF0v(sEDBWs9fJ0TwK
zby#qQAknh7m|1J=K~<%vkJii@2A&^2>p9XD_$VhJ&AjrDP>Lu=;y)bpSqc`1n)_E;
zt$T)116untm3>@UK7m$vdh~G#POb+f@XNUvxi!(Dh*jug8}g{nIh(|D|L3mUK1fxM
z%*M>mRKLX_GuKlayTtc<I4zfCJO3k8I!<&o(8v5Ap%MkQ(fQk@CaaSD-8Sy?;@fKJ
zs>?rbNT0#;#{bQFy}$a*uUTw>od&8o=ik-GHEF*BPOY0-Z!*H^oAS-ttZVFD3s{KK
z$G(jcz7@|Uty{J(G)~0RG>eg@Go(klt+~DI5-eZXiWC;en9t`xT;MQ-oPx_b3t&;l
z)V9QJrv~a3$$OtepGij#lXz{+wCYK-vdi96@ON7Arfdr@EtLPa=@-3+!C~!FwmVn(
zx>Ghc=&Gm{J^Rb7C>_VaWjOT5c7??GO9Ork{7w|}#kal0SsBzM2a*(9qcq1!q|;PE
z4^tjy+2*SSml@BKdvb#`p3&zQbRIreN=7HdI+BF-14+KUH?HGn@y7%esuQxo`H24@
z0VX<3pjQ`^RUGE@msQMd{R%(vB~o2zRzR>GkVc>tf7&}Slt0BFHGq6z`u(BEsS}Z=
zW%HAr>8-&nm!et>Aj=XEC>#ma9_(ghJQc;i&*MLk{cqWG!q!9KWYh&bgUs*Q&>P&$
ztq~r9|33RSSTF}F0}mPTf6$cCzX8hm%)}q8NQaVK|6(f@sMsX)Jzf66KhX96fBye}
zAA{`d)+j3M2x`xaiFEm&;jihFX10n>=gu#r(UhbIvOh<SLI$(O!m|~=F=4y0MA!?2
z5GK+9QU(illBwwmp*cUMj|TWCc4*N17i&)tCNZ4S!1f9Mh!L0Omg}mLMpks+m^ZFh
z-Ik+9yko{ts{4^Y+1-(qZrH&8m@0icCo7U?xKRNNYf};j&WT0reUfbce*_yPYk|DA
z4Lm&1sV=QxpoU^Mvg$9hVLhnlXQELK1xAUjG5E*`l@o!ho2~fFdo4Y;)?+L)_PE!p
zhv(o!$|nxv|6G;i^tTf=q?O#;wa#{PT|qgWJ-WG~7~_tNT{PkG`kvWeD_iW;nLDs>
z@Tn;FDp^#3WXQsu(#S=~{#c!IX2ht8bRox|(Wt6EYO#D5wQ9W4)_gWMGBset{n*SN
zB*8n`a_LWSHhf4A?^*7mOttx4)^Zo|)3=L0XF-{p2gTqbz%)->{i}fQ-TLC$yt?r8
z@jEIG$;#1hL{aC3jMLhBY;zS)I3(|nJoTXK6$|q-)v7K0FS0>8>fdz&*7$3lC*Ld1
z)3AyouCq)ZGXbGs8KGKJI}$w$<ov`GQ*HG(x6i)97kgQ;PI9C*QPf?(+Elbr88Ugw
z)8Ksn)HM}lf<_k*qxNDY$F1td<@(iOxnq0WH<-Aoo6YLsP*YQkeQ$bx_en7u3%p)%
zY`jb`-<7HhO@EmySwHIc6R9P^@NwpKB$d!$u26`YO^AtX30I5uXi)9;G5pNvd{&?;
zcADzk&EZ8lJVbVgG@dTcs3NNJ7NE%TC6vEJDMg9%XgqaolsJm>B8KB7M~d`N1I!sD
zlRZkxE!I{Np<`F@)|Q@n6HbEc1q~c^z8sU7u!28lk$VC(p4LzPu!56z-N$@ru^YKU
zn=}3#k=Y2S2xu~x$J^T)Cu83#pBHnUxi}GX#nx5~v6mIB+$hT27m$!EgPK7x#5Uz;
zF81LDiZUQNm4AsdZtkJ?ztN}u*x-Ecz7WCEjI-r4`PHSY{KUk?9hcsme)sGJwmCXR
zBn9T+m}2dxvCtK~ruYWc!Ee*HPll8~4BP6WoJ~39WxAb%;nw%hLJ5=J5fMS_uml!q
zQ%6WmugnB9`tj8k2=kA_D1Z0W;g~sUtE_}!P~@=f-X0Ers>4ol*RkicMeYX>hqUz%
zPyZq36Vm`eb7f4Gqj5NO{JtCi7)@RAE`rYD(J}eu|IeUtAUE#1W;3=#nu0j(3s!Dg
z_`ThMbm}rnyA`1V@-MM<+kb+|OvCz$(V>$mvwK=Gi$cI{%a}6u1lJX!=25?SS!EL$
z*)d*^IPtc-qXwKxn0zTwOsz;}X<&Xgvp)|l$78TMO5^Ydah<yjoA83JFb2WtdSL0Y
z9m4<tI9I>A|Gqf6W<Wn|hC?VbcI%f62FRSD@9grOLVu5j<e%)D^_Fu`aLdi{m+cnp
znv39t|4gJlT{(6hByb71X7wmS(G4eB|C=IJ!{*b$2dUte`wZ2xk^0z{3}IrFg7bY}
zk&8Rdr`mK_mV*QpPMZX_P#gXY-y7HtNWm9e<)xi#Hue`*jLslGaZ>3x_QghKd|=hl
zE>&Uo-S_GCqm8~zQG4vhUcxmZ^0mic?kyo=KrGS!<|viNk;WnZ|L!Oyo!L&SIJ;X%
zF~GXWI=sUiv9-_Mh0~jP0;Fg+V?se+*wPmEKKm{Y>iEAoTq%3^`}2uh>T92MmSC>z
zW3iJy`%`v3^q4J;nw_lB-Hiz|1Ea)o65^Fut;J7I2X;4Ydz)`>8_0yoTs!t6R9g-v
zsF#9!2`@yeE}lS|jE&Ovju5t|t8-85!zgN6UYySRgjlunSdH!)!rT^Hgk95>`Edgk
z(<%aHe}8yvT%)bn1E-Ltta{Q^z-Fwuo6J_Rr?vP@)TxD_jY#d%|7KW44~tSfSo25T
zI}sW=H+-M)eYnzlGSx?X0hg$zfyILPq$A76DN5*w`+XG2^9MgihOk4ew|0%Jr5JC>
zx{&miltRgdpYLt~+2O_By>u%d0+Xd!NC#fjn?aCVTZzn63N+*c?BH+?T^spDn#>y@
z;8E*5H&-VzLY}0v#UEju6p0)uFOXb&)pY>`k6=nQmq=Jz^thj5mbH)01;AH<in>$h
zV_t%uykEoNLK<;*vyDzNf8D_dRooMuGPf&i$xX73{NrPV8)nJm6E~>5I^1v{pbO<n
zt;TEHb51b<QANq`;V-&wXUMk6KK?v#su9Zdv^%3``@duxh5#8zZ0js*NaYjYJ{o<F
znGN4RE-walsvaWwfyrajdy>xjo>zElox(r)ZZ7d=M7>VDJKSsxWA|e?H^EGb7~)kK
zx9VU!KV^VcIuiAe3}vp32ZvX#jolk}f56DpE{E^g!8POfXDLW%ek(L(LphH$lAFp#
zYp}a&1<a7Qz5k9k^CP;ZQf~Si?Mlp+Uc_mY0+ue0;~LwV_q?}={i^2Oa%l=EX2*7W
z<zVznys&o}`KH$cVTX6^jXog@EN*t%V1!f3RBvZ<PW0<byUX1Qv<R=US6#!$riNx<
zyI<Kyg7W7O-L#e}9O3ipQtg>PtOZs9p$88Ws*&eC=70e>3f&+8i+!IlH<e_()o-hT
z?AQ~T(jYmQ3zpo-%X`<x?-~I>whqmH-#%HTS+MX@n0P%&qPxfHUH*BF)80iO_z%ro
zB86kZ6AM!xznxYHq|*((>ZT?mlQ0l>>$!2=J#ZeNP;!!}J~ezR-hu08JHqE4Ugk1e
z_!O>g^{)CP=ShLXu7s-ZN>z0is9&WYL9x~_&BzX<K6i6}zB?$vk#5yES#G%tp=&w%
zg2ClgsdeA;aEEt!Mz(<DeLcq2^00`4rv16p7tPhp_^43(QF2jgrt|Q4u;t|9i%C7P
zn+{-EU~CQ>)nJu^c)Hj8vt%=r@84df?~k~%{IbopR?8Lml~I&}`6T+QyRW`5D@gf%
zR`f5_P~1w=<a_WkUnkpb;l@L_c&)!BKXXu1U%BJ<k>)-etgG0458kNZq#gK4g=v6H
z>rdNbduUc4WRkdZ``jHwo5^~7O3?JQ9B2KRakTmPrT<ex>~>*V5OyZ$?b~g=nl;+h
z!`aVs<}Uyb8JgI!5t>Pjr9vmaCY~K1i0G}L`fcmpniGH|@@@voj7XDQz6zzc#*0i)
zQ|?*~g!me=s;R8JyDel=3y4_#&1p4mwpQ;CqqU~L-c^YFRbB1!*nF)q6D=tj-tWB5
zbIl8^gFAiAjBhmRLf6tQ;NS-z>Pp@lGj0Z|BZ^6~?flI6vzaez0GT2@%Mq^)^_-vf
zVvw#$Ku|5E;CBgrJ%5M47r)oc*9#jldo;Voi9STD?3#8<AfP0;J9B}F^;F+RIOd2L
zWeY3u8%lWR-Uz3N;w-KeA3*cx4zGvAjl>QY^Q~O9mN13Bu71DI2j*KZEBnQUb%7_a
z@zS{0;C0sC#g-kEc7?A<W5$zWHm_bdQHQL*c^DW=(6KlxHCt_HgFnD1r*>ZAeZ;h>
zUiJH<|G3eXroMh?-KK3{vzxtQ?!rl}1lfM{pSgM4kE6%LEa~KZvjko>=|wiR0yU01
zIy~Fj(U%+GMi-)?V9HUSJ-g<uuFmI>;v>h|&W<J+KSxv63#P;*`A1PsA0Z-xg$N&K
z_VI%8kFBR|#&`=!j^2c*)7bQBzdp^d>-G8|wz7Uq9f*8fJ)a4ds-YVSr|Nw929N81
zPH8{nO$5*t^kbzFmbLEG6Wm*kNZl~HKv9_HQ<zxPtA8^d<UB}SFv?J5z7xdz2t6$8
z<4%ozv61d;ZS45xM9`Z(4`xeLukVlc;uwRSi$|W(!7l*!ZQoPg1aH@@{T&m5CtvW}
zmn|`!Gl3k@DN$vuLf1?@x3vbsNI5cT%;dO0$(NPOEDiT->L-WZp9o(fpO#rC8-5mY
z%q3*jm!v%=7x|7YySCuTXlfP=GMWmsbaLAwUu4Los^*&nHOkypvQp&kQWsLjvRNxk
zn3ccFsr#XmsJO_DP&-T9p5--x%KX-(P>1g=&!h!qc%qZhKux_Ue6^tz7R285JZ4;7
z!tUn?0Y+W@<#nHnX_;BK2@t1I5<p5+;Eg}VvoB9aiRH@|U*?1Z2gy=mZxVkbh8mrQ
zvYjG?dEFNt5o{?g<WlJt#5r^`Q~@vv^r-!h34<K$7cH+Y;g;FLrX!62^~QLe!nZnl
z(cRs}Fq^GEKx%$QSBG{|2ES?YptKm8pE8WrY)LJ$6>Fg)@<!O`xHUg?shqP!2E+c`
znb0-QNeu7*;ZRl>BO#0*tLAe7<1l~uP({v?KvnLlC-`H4i}Z=-rEiyUAVMmtz_)YL
zzP)SwvET8v<|wK;iEd>xc8*qe2-ArRFx+;3zt&IcQM;}hG``SwHiD}6R(ZJPmN+Vr
zd9<je3ca~?<&1G1K*fgN#N%psI%pa)(YwX@^wRUDcGX6s+f&-RHh$YI$(VkSH#lub
zMPK5fzwPp^WW2F(z58U`h^gN3`!R{+UvPR~Xol56aPb0&b)n7HBok@6A!ArGEjq^>
zHNOM6$T0;2C5kBGbjmEY#|LB%o?@n>*8aHTW*&&<odcdtQBzoQ0)^Sr{hz4D#-zI$
z3KUUCn{Wy6GSAU&abR_<pS}CpL|P9h#YCFlSmCSZRhbb-jP3ihe(xZ;BD6<~4N((v
z-{+0^NsTG<A)KER+hQl^q4g@YFMV*kp_i3gp69cAxkl4kZZY23Rw4v6%%hrEV%plD
z7S%_~@wVU5vA`?YMASO~`=Zs`A8H8Y%=0<PZia<?a{1Vp0~1oJD)i)ANOeyI@7adI
z`ot>xk#;;V5T0KPYkX0{YR)7A0z5UJjUykU_exe1o+Dy&0XZaerY4>$+mZJVrz9S0
zs_x~Ob&O4RAniCNB^j_W>;b=z69Eo_s|;nTLcUO$DC+~oa0KY|FU7baB(z;c+D4iK
znd1z&4l{AE8Gr8RM-xZo(3w2h2UIE8LA^^}4RE4BPuzFq0++r{oSZN|87FKNT}`;b
zicJNHj~yRvli|Jk?sj5)Mb@Fl0BxC;DwhsBWAAl3ir&((dBRIm{OI>AvcrRsqQryk
z-<wrg+<DqFa&aL=CtOIKE~7I_0XLoT-fq3=rXi?9S|4KNX%)Ngrv1Y)=aMdSG&Wk#
zq)Wf-MW*GBtbh>AAL@tG%@$uq*$2UJ@rvF*%;!bx01xbq)c5soUYSu3^<?YCTm6Z=
z2X0A@`qH+ler+&#uRiyiYA%B@t2_9<^3k0(TqbE_d3HRHxoy#7k~j4t><<#ZQwJya
zC04Aed{l^;PBIXW&@p>NY#XjCA8mO+`!~hR&>0`#-0M7K<X#;a-b{r5L3rh?TVKpf
zvIT=LyVzIpbFPS-&O!~Ec!$kfF+EcWtk}L$2d2>{e5A7uPGvJ&%fo?ZMM&@7so%R*
zLKlEbCce}MtdTb`jqdNxEKaxr+*Y9#iA^+W<q4+PKEQ<I?jWRDo%XmYNb;5A+;X(J
z&=-mXtAzr@ximEiMNHv;<E9clmL`Z$D-B%yHhhz+5mA^-2pIcPd-k|o40T+SZv<AJ
z!TRFnxlFNI^zYa>wgZ7Gf}WKf^rNEI3Uxgenf;nNvD)urftY}+kbansg(ZJMX#KKB
z<$<8xhPmB=`AE7ndexJVk>&edJ{`>gVc}1v-%zQX9A94*?K+U^Gj71`cK4PiA?Kks
zi1tt&zK$v+081o0+Ly#gK|YthoJ{o+9~j9^u%*0S>R@lj-E?}|OEUSfA>Nd3m$K*i
z^}|Ty<BKt(??d!_nR85Cbv%rUXE`-TGUhiBo=vES!tFYodjOVLpO1o;hk9ihS3zJP
zT8Qki!C1X&>E!Rh4v?gQ%Ir5Rb(cJfY>~apJ+m#$z^IVRk{06T6H}FaP#>03zEa(F
zxahO=`!D@p3e3KLCu4S1bLYrL4bW>MF-{0Y-vERn#I(rF^0<<p%aNwV(>n;=YF{RL
z2jicbvTLVfJf5>9e8L4dDPA~6VniocLu;?JX(pFZ)XHT1fmnA>P;cPiMSnZba-m+m
zm9z?n94t)a2FJ2g2H5x`@E=<aByM0nJOtkL;y|_vsw;S=R7qG(Rv<8(!<CBk$NQ)p
zaW#bmzHi6olL1?;hX)$9d?5fS?<-ic!IbDp_kB_E+$LPGa^{0W!Y@^3_hZd<QydBs
z&%Hm=20va;;-aaY%Uwy=V?%RpxxSK@>YRqRiAZS-6>?)2TR8|QjShC&t1=SzI92mI
z?XV}lXI(6MHS{Ck6S)%VI<vFeT7Yy1_;~}%;zyZ0+=FFf+R+<0VEjaEK<SYEh0EMN
zW-o~bHc)(z)m{=IR<C)Ltf!Rbgh&B*;3ruX+b|eeK=<nCO%PWC>iTfkoO?=&TG*zn
z->wQSA^!E2>RKSHo=z~vbh0&->@AtiU_ZMv_qg)fr1xdUA=UvsB4qL*@)#tlbUwk!
z9O2<q;zwF%|9+RSb_NyXs1Cwu#vKM6&mzpMFZ)xx#;}?9kH-)C#>(U-pf?=ot~tEY
zuiZn0&l-o_NB}kX)zR57PUPxhKX&=I+7#yvE2A*_hx=KRf&JD6AC7z?dT^yE=UR6H
zepaS>srn=czCY+*+>?=$<K}y{CFy#or&${4!A1@kby_}4#{fvRV!6CuPAdV^Fq7IR
zY!B=-IUM<RbTkLLoNIO)*(6ka>Ux82vl<?%kT~Fjra(2SJ4-p!+rPDQEhff%7jKR}
z%Y{xf9K7u-UKs|habqQ!5@KN~cx=m(eMF^H5|AnroHgHKm~%Yr@UbVa+Wh`_=|skZ
zEd@r;QBtN(;l87@!VM!Q9-gFPY}8mroh@6sHNnP`oTzqjYsDkWy0r)C^7H7FZ%Js;
z$#GJByGz4HBD*5pcQr8p*9J~PIJ`0Q5VfLrt?BlU5&{V>hiDOU*PFL*^Np+a>O98J
z#rKwhR8v@>j+08bCFeh}91`30{8K}vibFe8v3?ZK@+Px$3o(_D>ls*bsOu<Y7{k!!
zM&vWCF3nmjc<yXFtMkY+m^u%s=mV5}J=v9q;dgDv9=HMg$X~&-lwQ6`$tb(X2vA4{
zT<o7}*Bh}_X=})<+mmu4Yoy=jdsg_Gi}P_hsphhWA?B=wG^hVM@Z4Q=k@2iCzmyem
z4jaW9Fe(WKGqDf<Uh%isq&@oZd%}3+;>eC4cpAgD=5z0iEAvouJ!pIfP@X{e+SkOL
z@$hhc`RywxRaW@mrsV^i_$2L&l)9?nO>g1Spo(9okKWU|F^R)-9TBbi(1dF<xHwh&
zOx~(P54Bpqs|;Ok+@01W?j0z3lxW(cTn@P6GdA)udsy0MZBuW&zI_l4H*+H4YX^YM
z4JAmHE!@Uobl!WDrrL-sF`Y%H0|<uuA1?r&P@!s4PoBf$Xf!=TpfBVi)7*I7%j;ak
zg&yGVdp7D;vt{cbXf81IRvU;ZubzumQJ1<1Zkkng|KJ#kDB-?EP;JaW1F6>Kd}phT
z3FQj|f&85Uz4p(9!%giCZ<5i^8!VKdP&%ACE^&a_BzdV2=cqbX5omakM<rE-1)Jbh
zl7K%gHFutPv<uvo`vH_Sso^@!J8CT>ciY^R+7HLKhJeY*7$)9DvrZg&Cv1Oq<Gq#M
zA&gJPQO+L@wA*MyD((+ZG>HK0`BA{7SO{}Bnh1BfbR^meBkP4jSldbYCTz-vvYE%<
zp{`o!`Nkn(vv}_+xjM>Qh@Ey0hI;v}hk$)(HP}#cRy^UmJub^C-diBg5$~O#XYdA#
z#NIcOnDvVi$2-Eh&QA=Ku2<e6v+j}yfa{j+!SBVU4Z~bS7-zOnv1}xP=J`bcoMFp^
zYMiIRHvSa+Czsuf<E?B9E0y~q)uE1TOQ(IS#8F$5R!94I+^w#T=28lh{do&Xl7+;$
zkStjRo+Qxi^i4X<gl?pG*9*_aow$v~9&qE7%|Vc2xY@2kMh|}|ooYzn%F+cN6ro*y
zwpKVfA;D%W9A@s;z@b_eW%Cwm7L*+P%eoww+iI0xycK@1f5<hW>S!1W_u^pvvuO2B
zf9D67Bm!JKF19nG{N=;w8te&DmTQj-zO(2GAtsZHJ$$834<$&%!;5-&x>+|}y7R->
zl0o!2e^xQXP&0`ip5Rm-5;{%Z@U?*}X_pbx{mgb!2yq{s_^z{a1)Awk;0(*X@GU<s
zJ)iN`*HDjTRv%C%L67KxWXq=<IY=2qrYlhqRZF@v;gkF(U>gqHkvWH!n?0-V_oeAi
zF{F2@UYSCW?AlK5YQR5ITP%oMF8+>JUWr+bFMPIdbpcP+*6!izrWY=05Zlo|Ao>AA
z_rh`eeeOk;CfYzXZ&-O4QN@G1cx}EvPeEAB#V;BRfJ7@wWgz)ma39*aSf=-E$nped
z-=LZpKT9@361}W6DxgX4;h?qUQXC!BEfhBVGv_&5?8@OIn0zKPpCW2mY_(FS1J|$h
zlK1J-u&pNix=VC;2Flm;a(prsn!-*fs#HvHeu)acdm#{YPdDCY_)03l#fBKM%>mdG
z&{EQmSbeoXCQc*!3Qot_--iY@Mo4Esp)6U)D*I&HZ9;{U-@Ln;FEuC*v%eE7zRNn<
zp-5U}J5~cA5b2{)+Z?xOoYL%VwQov80}mGi`G#}Yxz=;F=BTz_9oexkJjU~5_jjvD
z<ycqOd8PFjA`9aU-Uy7PsERq^%&`U}dbB=;b_QHYI)E6H6b`l&+=Pay2jS_l0pgFG
z{Fa05sHk@$su(&IP7R)ktKnRQ^Si_PeQq}wpYf2NcQe(10QJ;!2am$MzGq{P*#z8P
zn+EgykXE~qE%m~d&owmVzzr%F6Vj#v^fd`C!9fVlNi>OFEAPAe?GGA8Q6nI8$;Y)#
zw3!D;an7f;%cKg%CRnjGe;*=*_@JKiP0I%M*o#DKHQ4yO4>}Fh01MxMXN3eKod=#%
z;{uGEMF`}hl@&%VM1J(n&2X<i8TIbii2vH!9J7arD3N$B6*{H=5BA<EJnyFM|84A~
zv2C+KV_R(++qP{dSB%DP8{4*R+cvwd^zQvU?|U3;?X1oJTAP{c7|$;=bAHb6oJ^qt
zfj+;ZqN4hq-z6yGGEnV!uCehLj3$y4o`8K`g0;<&H6+!dk&iof5-Z07n?1ZMN7A03
zUh2cFxoNeA9y3`I5|aAb3!R2&zF;g?OS=zkP|Z*3=fN!+?`Jx6eprU##j=mGf4l&s
zoK>xRV6|Jvp~a#oIVDv$llj~O|DRvbl#>0Zgu;YbcBL7=;ErFH|9H-}!+ngEBWGE2
zBZWt9D6aoG$v;jsY2K{HCMTJ+c9*Bqn{o%MoG<E`EFQa_@r2xVpH)oP7OQ~24t4a{
z26(c@!u6}%@2fn|m|B+#?;nAstcf+&HU1WUn&6yK^Q%QGvTG0T*rva)2vH9z3kHvL
zaGw50SAOQIY~Fn8c7_<~PX=tH!@^$%{#ixq=O>3>ry_@%WFvrkUpg*$g6lX!8MTEh
z778_EN<Jfr%w6T-q}4<6^w!l*{wS#=2!X}rg`{Mb7Kek<{Uupg;i$|9klB53foTmi
zzk3)znbEp?$rHF@wL&ZQtM#Eg@Z~7O`1AG`ifS+;BMJ(zoHVtuA5%Scthz_PX!rEo
zu)&Jfe2~BS+Yx0y;X$do|0KEKd%xB<Dt}l_cuY)uSfYv0Q^ep%NWTpoYs8Q|!c2CY
zEb%PiL186eR6TOu3P&32+?A$@<#5AhrN}G(nu{>IpP*3f%p(4AVDiV_wG4M;OcXrX
zVGJ*~<f<zlT38a|7Y0cTV&+wpN1ja9U;Dy@O2MqqKlsLVbIO5Tfb*lqn|<*X%*@q-
zELI&8UiTM~mL8I%Z}js$V&%B`(K_G-?g-$xcPimk0!IS@P6sCdc&z6IB;@2$fdUs@
zHuMf3s8ma1xxr};@DE^Ghg+a8%DG!UJh~_{&}sy{D&8Y2Y>j&1TOa}NjRL^5G1B*e
zCpG#(^``(T&_;kSip|-vs>hG_0(?nq35c_MJP4?TMS*+edmdmb5?md0`j>?N6oBS;
z4GluRb}fNT6aG)70%xSzJ!#LM=Ll&2X;r#7G}UFM_z*DY+CP=r69RLr%vati{L`up
z9wC9Sd!8@B;ko}*8uJXyvDX$|8}heR`^dnK?Z>hxq5Z9N<=sT^|B<0kbtsFNgcgbo
zyB{)S=`_#KKaN#J%TYk<JiuN72ReBAQwR58e_+U0nbG0I6OLp_8#Pv?D}<ADPyB|Q
zVh?<@@-ohm+od%CbM2Ox-LFx6pzj+G!hC5K%(4>kx+!#N2$F91xyHpw7}1hsTM#>{
z6dbJWIOe==Qolcp0N3tY%vwDn++pTQ#J={KKOmsZu#>JtLmi};E2kEVL{kYOmznca
z8Q%M)4W<Nv7BpNy4%vncMR*t}d-g0Md_}Etm%Z2lin+9S3wP02s3AX7o~~^-+l_Bi
z+SV{e5;3FZ)sNc<ahy_eFiXg+Q=3l!)@{J`nQ!WxwsKZ8@UAIF1gRM`l=uW%6mLAZ
zFYd0JFFN=(nsplCG122Z*KJa3y+n1xNn;#t^jZ23%vrlXM>6Y^Ve5pRaXxLEE_CTt
z>*kA(fk&i(cb|>UGNT}fSKRN$a|%u&#MqT8!vQ_wXdai?=#daV0T|$Cr>CMOa-&3K
zL+wu@hOu9;ZwUJVznwVPZ-PHoHhv8CvD3SeEKmZs$MQ=j(Pka2IU5pvNEQVViA%ms
zxAoK-eaMn`$)?0&mAGfL{tkc;HMT9oN%<i%%$%Y{PF1gAuexi}gc0Rxx22kb$}Tyt
z-}&?j;bG`gt!;Q(MsYlk2TQ2Q*|Z99z0btYZucb`c?UM=r>mX%j;b=nhJtysJ(C{f
zQ4Vyr-=seo@B@^xfuH`iC{h0#h9pM8G;@*b!xSH67GofJ`)QZ42$t`b!0QXn2n|;6
zsWA&K#^r&)l>QzW#hEHACC4HvLG46I^d*1P$GicfLgr)q0*p1nFe&LTG6waS?No1H
zmyEl^xJNBl*naKObWL(IF@aiQK$SJNV2BcUn5*R9ggNy$qq9Ddapvnx^_-WW7plqk
zUBQZk@ky8egi=p1yLVk^WznAMi?}Z=5RWc?c@lj%(n<jQHoP=r)#RE1xcb2V9EUZ1
z@t4{8WG?ZQ(JVYKnHsb)Tp${`{D&D^Zdlidq|rq5F1XQ0Vp4(rbP-ZPM^~?s>2S|_
zuuWZ#=u_^XvyTc2Um~$thhoL&ExQ=d=1cj}gycP-nm#v8ZUd&XMh``R24fmnIP4Am
z94D@l*?ebM9tI*5K@|_y@6k6{b3X>ncV7!qm`ej=`;^btqge2;RrgF(?NwB0o4zly
zgPC()=T`jqSdh4T!8vMMaq2p(_~7AnA^tRp!M0}snRod{K-l6;*hN7ZeuW?K8ke!o
zL{Itid1jK~CaB;H>*Pe<>D3XfYE3a<GVUo6(L3*k=54a!crds{&iB>Q#zIiqfsu4K
zkBN)-hoR5#3cE0%yT(<_)7k<Y4EY9Hd$flZjUo_ZE74{nQN9H)k0$n8q%;6bw$F6-
z$tWGvEy**$wcDG2N!^Q6mOV+4>gn|4AYk4yXm!_rI*Bcmg63T9_DkPsIFbA7OMoAO
zn_Kr1x*uwg*TKmpiBu()JU~CXJ>h}kY;rxk10q}i5#?O<`^RFVY_e7vPqv+U5edQt
zzj6LaKcf2yK5t2C^)=IOu{hku@W~umTTHY~zw&ZHe86g;*Xu(4F8<3#A_JQpBUjhp
zNn|f>eRPI3W}9a>Xo-$OXPAqwx}-U!$gk%Uglk3T1KyWuIl?E&OijiC8oyKg;NkcX
zo0TfG<WbtbkBm%|9r4f3+m-9-J$>2)2)PA#MV_(o&#UP>DkG`E<Lgx)S$UPgJ<=`!
zzt2G|DN>&#Ki;%~`4PSCZO%9L;|ph!BHjP)g<|4ZhyBVHxpqgoa4|#taw3vqm@&i1
zpqYNh+hDbdw^CDx7^E2ppOo)i5TG+8>D+Q_D7g0V*6SIabz{K|6i~;+?&~FY&}qFI
zg6=SU*^7&jSJ&fh%*-)yX-XA3mj`vRV-vlp790u%!T1=Bl@^-ZT?a*|#)?b$TLHf?
zwj<=mL(?7aLWXQ}d;4uDoZR8E)FR?yNxps)%8J<0?pk~4{%gCB?CX+b!*J544G)ev
zJ83_UF4RPhpQ}nwPWCxhsd0QSFG}#l(cMOH`&-TRBO=-?hqwzOlk-;$ZEqLUYz|CK
z*Wni%I%Q($zsrI*NaxKJ!R<fz<)^YhxySD^^q9K2zv`*eF~7Vdehr-h4Y#FXnqJE5
z#&K>2d$eRdI`5yO)am9wLCB8ip)1qE1xq|g+zG_p#vTquZkZvx*n(>Jgt9H`4cXsA
zg7hV?zXpbI(bI1RsoU0tNH0d-d_^f(B|PbUm2ZJ~#$@a!pU$}4U{Z&*g2K5p`Rx@q
z=LU`(SCe6d3z<0SjP(klJ6&dcVve*euA?5lW%{916DySVS>~d?L5Z3hhD7M<Xx|cl
zTQP6?8TYc4Qck~}V`Q5qbY3=Ml}*9LgekILdm&`~{JittMki7VCWwG)@D&HHy;`=+
zY#tSEQz>c3>!6Wz28`YWB{)EY_!k=Q%>&6oO*I5J;Q6w>&7FB~`cqa6KL+Af$DGvz
zA){kX1nhPNc8_$QAQ|4?1N8P_)bnNYYsN!8Bb{)miLYmWX+L^OEav?t*#+{}Ei+q&
zYz|;39NsdbXO{RW%2!Juf`34ic(rSDqG#8rAk6vetJgv}zG?$g;6#{rpR!0rfWZYg
zj1S_aj4nl$B(HdV4eJ2o0JE{+X*vnou(F({?dwnI9XwDI<H7V}^}EkxsA@6!w1(<m
zcREDNu+~nZH;<$(V&&l~9oCy4`d>jDCz>kk0ai|4T-L3gkmgbup?6N(r}VN9iUx$A
z8^535LR@B*6ZAGcMd;$|*WutreW><XuvDH=!Q2|QpjF(2-tMT|e%M^|c4U?ml5Zyj
zSn>Gn5=Lks0wZg2XL3blws9WL$uM>$&&}rM3`ME>Agy`d^71qk5w4~`G-)hfguH5d
zTIwOZ_0zLEKDb}plz+cO!GyyYdM%nC?eqs_DVq)8B2brH6~7>obaAm+fL@_?<hJW?
zGS_rg<g)a>J4U~=@Zo<(7n|OUf9Ql0ZMg4q-ytt~1VN7sTem$nfv=5HLlUnlr}emk
z{9yy7^^!bN+_7Jt5r)Do=`_vv((PQHvmbrN@N&$0zL{l{8R9ufiU~B)HQTPkWtbl4
z1<5Q?k!WYBsQ_lLBYZREEJ?KipX}_!<{dPoY1>|l!5%g#_w#)30Xl%yhn_f;&$c0$
zkQ$3{6=!phGW_m%KE0v>j4B_hu%1_DZ&j5o1qD~(8|au_0kWEFJIY^=b_1M#d_V4m
z(q0O|<b3njV_fqdk4S|JkE@e5MS#+{Z0;jE@brtaen?|1Eo`ZpnaqXWp#UCS&5mY6
zpR`teo3U<b%c{I>7%fFbD<*hdbv-a);^#={XO2>9ALdRGs79)L0TjLAip;IB)v)Uw
zI+i!NAv=q6D`1ST6K9G`b@o*{?aq8{_TLa-H7`dLZ*QHbo=+(}J)rJ&&3f^;XZ+Tn
zVa6yJP6<x(JW~6x@#MJwK;@W=(<%U-LEv2t4chA#`ie`;zN49FOG7(8p%y1@txOHm
z>Uu~XW8DUl6$)J+L~mTGswsH-<Wlx*^F5O60!<RGB-#3Dr%QVU1})8LaPw486RmY|
zUkQDh-FPs8W1LLgxv9`};w%sC=aHZx@4~KexzxU|UuF%Wg6yb<ue4iAGU37+sj{V2
z5f2kIRs5eLP+y}qCdNn?>=tD-*}FjkL0v7t0LG77`5FfdJ?ksAkP*_Bb|^pTM8C<>
z8{4>o-CN(~rp?)0`x&?v8)5LN9;ajzL^Nb^!@4`hCybPJ#vKyVc~wHCHKtTExmxcI
zHJWbR`Qg<^*mttqxgA<z&soy6?uY_|*W3xVw4^QLu+;<SddCR?;v$q*92S#~S3G*t
ztxq_RYwRi=LRCAS;{YLCC!ZhPZ$(HTInnGe-daZ;Ig98JW4e|KM2@_mcK|cFn9ILK
zh=Wh*OpFUm=&T_(6ZO;m8zfASNkC(Gd6OZ|-laPTPv7jz0WCqD!Ek?3c}Y$!S&wWo
z-tXl{_su32rE5N7-ycCqx4tVin4CG4a%}*yF3yHywx>rw)iLC=Z%fxFs<)eJ4f|K-
zFR%0n4`bhIoO@>b-ADH>QehI%2fQot@pkwFyGmUTONs6s4Qe{*8}7bCs8Zz9&e6%@
zRUVX(JuPA~_GAP(_Fu&d3;?V=nh(d&%;KcYU*gI?KOZaIG9l6oUw!_0KCZ(L6$E)0
zZaAeAGPyqPn%_P}v06mw-gvONMdpe(PEhnsym(X&(2LJO-?#N81X+Y!8V+W!dY`NE
z;z;yi8x&IgvYUt(V%*w{VoqodbvjRi-CWND<H#(A=x1E$L2~|Z#%km){*p0GtL@43
zRAzPI0%tA-CFl}j{T7v=ROCk(37&>l)GfUj)xbXv0(janIrazKq8nWTM9e-qSW|8C
zUxqTR><~y@Q|)aUyo~Gi^d=FK_4()*nC>O$jp0^<$@s?TDzh<LS65B>=7M>fmnza2
z_;Cu;?Ly{J&Qnr*cnqAeX(VTa%VVm)yZzWOf(l+44;xhqj|d-i4fbyOKv|h(vk*kd
zfxkmw4>CtrCZILShL$)<(;TNvN!iH^=q583mWxn46DQmgp$5@sk@$!98|81wX!e~N
zp4|p-qF`)UguQsxhA~W_JNhAxJ-nF1zvOctCe7R$s%Te2TkI$1^>KY!XBQ_{rnB$3
za_5(14|Z8xzp!tLdw#b2o-f@Fg=ze#%E6!IaYO21?1H{oRm;G0<)6Gw-Y0QGG+F3f
z{j;BVl%l2=DPCKQHO@r>%-}fL5NOa0S=O|2P0+w0W*GbH1ki^C0}0r?hl0eQbH<%3
z&qUT)L9h~9rv~K;0^ad)juNUXrs1^m44cB&EjM9#he%O*#Su3~>z6O@E<ZZ6DC7r-
z&_3%ZqQrr-gnc4I9{L#`7>{Omh0T@}qQ$wCq1+5tTuv{#8DDy^!)Fu2u&yhQ)xI(b
zD8kh^v|o!7O?+&yH$rF7{t|$KNuM)GgEOa0hm(ISPp1LNGwuFvz`rz5?~-(=w+m51
z-wUKkEpONpAQ&`ty*25!QJtn<kNzglzMHtMoy<r@>AaPNrQY*Zfo&LK+L$n)d_hOu
zoC4*?xg(+ag9b{~#E5L_tu&pEJOp4UrKRt#<BhcSfY^8%Z(j@`TtMhb8JLyRvI2ok
zXK*O0YzV~rs_%H8LAgZ}kMDMm+0&8>)1>E@gFLJDF1u`C!)GZersRl$*dIvj1&nBZ
z=>kAwgY2j8sZcIALYT$(Wb7~V%@2c$Vgm7jU4|OOio^<w_vp!$GJ9Kb`6{j>alaB1
zI8y1TEL4LD*XnTF-P<6>YaPA-pCqCN2Lll!x$dKv&2YVT<>0}M-dY>i@{cHnBFX*w
zjYg!)>j3P<sstUri5w<gGX%A~g=1PYh0>|AT#LdkEt>A<C9d14YF4DWeA2Fw6K5~0
z0m>t74|7ZCE<O1lbU!&xz<phEaj{LXhH`u?%*ao>`-${i?k(nlq7H%LmpHOvOOOy3
zOQMTvTHcY-1`aAOePZ#U*P?UJ#nXev=Sl#Gsr0H|OLalApvuaau4Ok6<V$>SN(~_{
zwsAlPnr+}~aSDzt`^#}Ix9|NUm3K371}OmyL!#&mbo37T>fb<)%!d{A&HL8h5<1!T
ziS)__&BbS1L?5<BARd(N&G1&1BTJh-F2o!@TGbRrZp*OMgAp^HJp=F`4mp(brcw>7
z;QM`hwrChTG##Mo;sq>~DbF?^hf|&H3i?Vnb~I#OM!FK>#e7xl)OdEu0R1xRgH<hE
z#h(z>wW(WBnYTAs=doYBoy~|b@hKjjx-Vc4ue9Tr5s>(C6CGi~>2y(gWg@sLvC?7)
ze#YBj4q*@Yw;a|FU$6DvHWXZ8A$|(tA^>wOtpsyOa@xGN?@P7@EgB6g#$;8s)K!f4
zUUe@ZvE2k(#L{BN4*2c}yBU#!BS~>F)V-7G%eu4HXLNTw_B0@ABn7^~<3A&AeW1_J
z=i<mqg0eBbvC|>)U5nO!z)tz5!UxuCG+n801)ml1Fk$xq45en-CwxALnx-Gwch)Z%
z=L3Pt8l{Hke0JLRQy8?Y@Ey(Thn?XoFBB>Giif+7ag2|eDjoY4Yex1C(y1k=v_LH1
zu{?R$5r^rT0*sb7zyT(bM>3m6?um!9M0QH=d_GZo3)!G598p`PZ=!H>2X{M3cptgF
z5`x&k;Ijb~nFJuDhq6%oa=wr%*Pkf}F9)_Rt+IvGLY7$c#Q=_Qs>0HU@1(yOYmu<`
zI!fHGu{T6a5~aJ>e6>Vs1`uk6RW0@U1-U`@-M%Q|ly3Me@2tP?I~ylHeDT$X4QcjK
z_!__8b!O*AvfYqq#5$JEL-u^j0gx4(tgNaniS7Ngi~eH+5)VOPA$6^rw;hC>)zbC;
z8R`NS6+N^%MI12x1*>M)HaE@*nldoOcDr#t&2I9OlkGH$3`1v|v*p8}^Gkk)wIh3z
z`!}#QCw#&hrkkoAjj_(-lObFRv$M|=T~P2d`bnoU{_vd)8~i~kcfqE$%m<OGB^h74
ztiV~j7?6xVmH?lm48lseduh)2(b|AlMr`uE5n+Qn%4B^D4B<dKF=#109CV6x@B!~&
z60bTp#S~Bo>p*dZlj&QHn49Bn{6XMyi^g+fk-#$hzTn)HmcW=zoxfG2Z*le0tQh#i
zMA}UTNlY4a<Q+$98ZWPSt3Au3Ajl~W$QNgkW_R)?4nFF^Jm~HkG5Hf8sNdtXUI+Vz
z7HH3$l%>pum=Ux9kH%L|Xc2i0?z*;l@nLF|ahaaGUZLyydwu?b_)rbz>9MoX_z{ii
z%UE<oPDzTbUuz9c{Mu{Fo#`E5PSf^qkD#12R+I#vW#PvAvl;Hr;~>M7Gfwmpjoccu
zub3YPNXPN=$;ZWyCY#WuXXR}=HRR7fkqij;OzOE99BKk8Lu_1>w}ai3n-+iiK<4od
zn`~I~9~n?kt2^pLI81JDFP;P8e1HiSIOSqQ29LAj?vz<igp-jLAd<cU-2fRiXJBh^
zU{<C)Fe@L^xW%7d*sUKcj=F7YlHCKLETcb9Npk`i(AvtRJ>972mfpnW_~yhKcH?Fn
zPeeCdt>x#cJ?d0xjH)Q}-jW<^za<ah89(3M=eL*dYO0FI!R18(k7<DI_0-j$!YH)x
z7gmwT6IFz&U1I%|v6>koOYj4g|G~qs|G~rd{|gU4KJW+Q_aCr3C1YeyA?r{@8u>~K
zjEo>LA5U>VSB9k)Kc(0m`%%_!o(98e`q)9N#1fn=dZHlV>x<E=)7wAHf7OouRtq+{
zE~zgEy==FZAnRtd7}FoKI}h|8UB%aGc)mKMioVf1j_AM0DoSbo4hP>n9eg}L-OL;#
zzaWC5<@gQVn2;x2OJ;R(dB1m^w+?xpF-_2Z*DmkOx#h+lF4HV(-DdN47;}~x(O0}B
zbT#mnbMC{|gUo@d{ipT&fnwEuLqa&r(aziAAxehx3cZxFUn6*5ua%R#YM&EguekvR
zJ>tba^y6n34j{#%$SE|?GT2**s)R85k{5y`+2mTH4v4q~5(Mk&p60W5VkYjBgD2dp
zTG}te<u2INmpxNq6H{S560U4!xix{FHJQ0Q>&?dvNV6luoIE{dH_lY|zArGuC|4R8
zK@D4TG(7jFtk={b@cy38;&5LtGT0=v=+-{a+orBWq<S5tWoh~Y9gfhS$&yrZ$&Mo1
zIl8|o0h(>DNp3{ofHY^7*wWOpbJ!!_`Yx)?flJKLXf=pn&g+;Yf#OI`>GK8mxAtHy
z=ehcy$Ai%=xyFO-rv@EJR$hf&mi_h7E;#b_u+{A-D!cXzO!YZ9E@gBaJfL<tyD1Z%
zD;^O@_is%I{m&8=nk787x6t0#dx|tM9-AxUXf617a6vpeuYd5m04M4kDd}#!Gz%X^
z{OW-B-UbOthu!|^VLzlhHO^%4t!9c5iH&{Q)#t|5&2@yfeWA&3tf*Pe^;?uT;1b{s
z!^YiF#Sa3o%)_-*pkKlLsD)Zqzzn5&Xw<18c*M;NNZ@h2Oz0`j)Z8^kh<bOfA4hcA
zmabjMQJmgBSzIDL+F;95d>(-bsxw+?+O^y<tjlwPE8L7%85dqYXWuS&fr{*T_CR#m
z`ju)83<$T8UR`g%zKr#;w;$C$U{0-rk8Ee(Fp1xQxb3$nlD4t_?<}@Qw{)t?mTcmo
zrt3z`#@sfv`rnf%Y)oli{7(w_A!Mu$Hy5>8=_`;^Qc8a4*4)&eGj#X;_V~d6c|aUS
zYV`~6dF{Y9Y$~+@{{5MCds3qxxq%AGufrSK!>a_w=`u=TH_;D=>V%0^hQ`!o_U@Ml
zdV^HG@{2mO{ZS!+y63JYcg;qU%qfS^iT}aboi3}pXM!xbv0NvA6%brK2L58yR*!Hh
zwuq|94Y)VS?MK`0?_ym`_I77DdjSMIlp|(dvhOf;t{(~$VuGH@>=bO69UE1|YvwP)
zR+?9W0ouge8X97&o3EwF{CN&ZynuEVPEgMQnJ$p;+q~rXkddAhm)=dLPU*LRjJaPt
zZld9Ms5n>f)2^Qa`12y`F0V}$#U0Wr`)MN0i-Ob?fMH2i%@9$P5(eoXY;p4>tTn{_
zd8f@OCB5T(Jw(*W&M4z=Uf&36>h3PwDiYF^12e`!88)gtS4ogK=7YI!x>g9~(ru-p
zU;t!xHWTAeq&1l*#&L*qve+kNvHsyzoo@*Kv97Vo?I@UlOOKUX83AqeXnc>ljk^Bj
zpQNnHrRjk7);1hLK8f6->Ty@JeBSa8yN<KNoG~}SKjG*#xY}md{gf$wK?e`eI94|S
z>A9yN5?EPZlMkpn9vtD>bqFVe`ywEQC&*V&uFfA6&EX|$vk7L1Te+FKBaG$i{6Bb|
zMG!9R_rG|ZIoTv%(yrLM1X}YWbZByQW#wdy6EIdtpW^VQzdUk;N|WqWd`KsfxNgZk
znYc?83`bwBvAU0&vfQug6e*IiSx7E&jY0iyQ?>+ZQ|9}YR}L&i%Tor7e%x6e;nap$
zYYmC07mHAxzP0`EBG!POK}57T8~fiVgh+34#X12hMc&M3?i5ruao`l{zm%I2u6d0{
zhUtGYsUFblB~MdreT)6Q0>_A@)YIY0xqON`v90<L8WNJ^92S5KQPoFK3x=BDQsOLr
zOfemC=Yh06FB?blrA5%)*@Z3Trg}wu<HW)G%phi#KuW5E>?=vJQ<27EV}jrp3T+8;
z2e-zCl!{MDgRNb$Y6Q}Gan@DrtnnO;g{<X=UKh^H4KXd}e<}AWAG7<1BMha(#Z^{;
z!(!@p-ir36&iRuUIEu6RlgmM39`Q##`$SoQb$5IEo-#aGOBXy7JX33ONF~xc%N{vR
zn>?BxNAuGZ*yv)>u?Mj`?RJa!FfDV9$8cZv*uDxK%WWgtsteA_{G+mDq{p!U==6uJ
z-xRO{uiA1H?xw2U*U<}CNJ;a9B!(A!W^0rnNqssf^22JyzYIGTog?7@IhpR@>&lI2
z^;PAS#E7e<{?FwwT0TywWX7L{G9v1@dulO4#Xua)2wte5bo~g?BIQ6p(gD2z9q_AX
zl+L3&3FiDXGsMe-P&6)Nb+|f$JQb>YIx^JOO+6Vyln4`f;>Vum%&)t{72*zEiijuQ
zs_1gVk~pRB>hI7w+V|}8Na7EGerL`U@An8vaE-Jt{}5#bAW(LK|BJAxK;uJ!V@T#-
zDogzjKBfX%&^|-{MaO7<k|F|OE-0OIh5x32kZa?E{pG~r9b_cgJ=|fs7GM8O@kJ?*
z{s%h)Gw7lK&!-t86}8m=aAe>QVJiLa==@LhOkqIoEJw1il<;p#c2BXvdz=4MmLdXd
zDJ8O{mDIl}3R|<xfAeNT%a8zD8V_B^Uhq$8z#lG;u>Mc%cEuhAIJ1b5qR99ZS3C^U
zWyqrC-g&iV`r!N|bXTk^1Vsck#&x459jf5%S_#R=2ok(#;yx*(NHw}&_a$4!iPWH&
zRG?fEEzE(!MHQFzA(J?vBox(aRK12(9jA49p6Vb&$5PCtRD=v6=xX~Sa%~w<E?Whs
z+9LYKG8!yUgsQ4ZqE}IjETEHE>30r9zo`}u#m$I_@;&SsGd&vN+EQT1;f(cGr(ji~
zpi++L5zuZ?M2RSo2PC%;Ztph+>$xk(39+Y-&@JW-t#inQgwhoQZB`oKBWSdUe2hv(
zx)sw`>`(w~keeac*D@KZyzOXZoiLp7g}Dd!&KsxuE}MQ{9WL$m*bFpekH%jL*3$67
z8@7(Ej(dcgxhDyk^$?}(7IUvaw!XC*K^c~cA~!H050Lbx^M6R8V@4CvhX(qL@&KjQ
zkr!8X`jJyo@RQ`HNMg1Rt<Ij$o3annY04W-<VLotRnvra4BvqVvmuln3zIq1*xN_I
zcK`1tTwHhI&;?EC{ED;cY1C4q73hhnDBDQUTndrKhKOSETXt)_TSy=k{s`<bI({l-
zAs6v#GZ04?0CDsiZu*NpA7M1%VQ-R`*1`<35F`CGgUtsd-d98^T7F;YBJLRSGkg}q
zs`}x67~TzW*3u`wxX-OS18PQyf)}7}-MvYF$uuX9i88k?YYX15dN`2)nnDuWv5y0f
zjZ2o!x?_K+^Pzu6GgUBB3DPzxqjjGP`+asig@H>u()#aH0-iTYX@vuc%^LiQBvg#Z
zK||vU84N1mj{JRu*}yKwd3d|T=Or)NPec=3LLqH~xa>tyntcbWM7XBo1DARNwK^_!
zSB1wmh_l(+sE0v~KB}L`)+kd{p+|Jse?aqy=7%Ntdg;h{c_o`mV7LqIynC}FBeE|~
zVZiS@9Sqz)(=|#G5T7kck{kkJN?xvBib2=*gyLCjg8J4p34F6?z0IJg;#3J*WoF_C
z-yRjr*i_Hisdnp~?p~^==vQE3<TiPKhCNN!ESR!OzMRLsd!C#->Nay$kRUP+&#ulx
z(ym5#PKJ}ysKVPW=PzXt@jtkDa{Y<^XbsiXX^pq+0=r6_ot=-xYMekip4hUHnvEyC
zWCz;Q+FA-hKiaw?7uvORlO6Yv+-L>QR2?~St*e7|fd(%!LHcA-_$H(`0VVUgi~BUZ
z-x{s-WMJ6DFHsJCerkRuhEz|*`9ncfNdifdi${(XuX{Oq5_c2R)0aoOO|WHqYFT6#
z-+$iJeN#D{D^!~w9Rm02Dj0w%yz_u`ms8yzK@}1ohD+Z27!4GztQIo9%S=9jHp;h5
zxiF*kQL!iE58HeX8@@m7h2yzLg$=%J=FqtC`}JA11Z)HsA+P=wnw`f9nx7jvI17~z
zfiMsHC-<p`?Q#=WgPANotR%ZxGRzDvqT^<-&$>ThP0&Q|fEBT}4^e2l_k+{Ie|Tso
zb(MVfTa6(lvJ=6-9GZpyKO8###3)VnzZ{xlL>4uX^k>G$<;K@=Y}*qaKXHxR3q>e4
zfk9{r$ez>g@W$PTErbX~4Sm8&*^dYilkPVkGG9iSd6wm{MSZ3e*BGB17Vb7kEsVFf
z34e97p*+OgVuYRSw5__Ha8OoOa)c|~j3|C$9h{e{(q=Zn;qw_58o626Zhnxoe<peH
z9@O+aULt9^o3=7LwCcK|s7;e%lw(lh`#Kepm8BmEwyRTT%h2XAEVF~4RszGW8Ccg6
zQO@rPI|>w$yNSA9FskH9-B2%>y?Z6Y5HleLrzpH)4#;W_b6Zq+&w;eGQ2Kkb9C1@F
zO=6aA;$(5RR(_N_wduLf<P3XVV*-TuqP9XPfA6Lkd)c(b${;)bU%=D_XTn&)hA=1;
zzQJjmNV-DxrN#CgV1fii28~CpfT>4`l3YA>*WejEJkk~oTq=rilBXR)gvNNEI73~z
zl~M<IOMM+Y<+)iwPLcSo_lL1Mdj&=m5a@uXIoIj#+ws56t1$L?qUieL>2DGtTCN8F
zz7)c2dTOkYn#y8w34A)veal>FAZ%Y=5A%8MVwrJ=97x8{S@siqS@g-ucOulQ$c*7}
zVnjeXXygB2xilN8b*lGrAWh3e%1D486QdD2-~WM6QS!5UM369QvI~}W-eIruNk>-@
zaiH8yUWol^_6cQ!LYgoSYDy&z*nOVHl3gwkxZ3;!TrvDTf4;lHQA7&hoG@)RG5)|E
z#emzRyX_bWQ!(C?prn-QCd)ONbpl6<b9A{6juJ=}sz-GxDeg1EOzhq}?^`Zs+Z2C(
zM!2&2?1{qfnge~mrV3~YtmUCW!Je^T>}b-!WqLiZdqE$}Pric1_B=asr=zXQ&bEf^
zIpE{42b@HHl#0o>$b<hRim160zBzh^RR;7XepE{kUV^E>519>@-ut$3JwGNAmXY6N
zM)>BppU-Xj>f-3Ksgvb~^xN~AXJ>gZS}FIwhhgPjh;r%4lsKL}{73tEN%4MV8A)~#
z>hh2F{_mg%xyOyA1?cN<vmh@Q@z;tS&!mEc&O8n{yk2%wrK#G1jHSh*!il)d1R5UC
zv-cMpncj}^z~;Xb-v0qc3-UO`c0B&?;3t&}(@F30xf`>CprWUso|2FS=R)}UB^F-m
zb;V?q_jSQ6o=Mf##Je|NDiP3F8kot2EYl0ahjE#gHtonv`BccyrdO;gm0okbO5k}9
zXHl6uW!>N;TZy8yq8z2B!M>e|06(#{)9NLT`n{}VFLfz)+9tOVtF%Vuh(1*-fP7k5
z^+_LzJ%ofO;-q6J(P2`cFy3Ksgd|S!b-UKQM6;np2Z&qCetyzSdR^0A2<MEQKH^IN
z@$TM@ac0m~9uFD?>XgapLL8;aXggnfVO~f%Yp$W4HQ7;<M{RA9(K|G7<+cJD<(h)d
zgkDCqEGim$Feqb(z9`Mk=-&l%*q$3RHkrM$6LJREs~c|y)FM*w9(M9IC7T&`Z`N#=
zaVzV|{zP?Nd?`8`F8Y>pfLXrL7N7@ihS2thxvKWOt^^jwdrud5vA2p!-k>JWUyPG|
z8d$wYb03UI(tSM%aCPIjFXO`SsXgT^v!L<~VZjN4OUfkezi7!?gNT0SF#$=M-_aYX
z-HA!MjRJ0F`9Mxto=4J6r69NPUokLTlap1tY<a6OND|E95WGmd5FHgQ<<4Iy=<_cW
zOr?l}=QG!9-Go0bD4y-QgW7jtN8dELJXoWf;s3SrlaGzL;>U+S__OzTXR$DDN`L2T
zgKgm}-V|9q_`=wJc~*c>fa9)o=epj;Z*0H@qt%p`dv3BJ_4952<%ylTQ_a!|JMCG6
z88b%m=SU(NVy7^P`v1)iSI2<turNBXM3{`?*Y|lbQa!vCC!E(8qK;m<K##FI9&TkX
zSB$g9791ZRX|Og2^j3uKdnvbbUF@$mEBs>$Yn{%Km_Kjy^-n-~c`U-Qp*jlS`puR%
zmGQ_W!jN&vgQ4nOa0nn5yW1Sq(53p0<|l%0Gk^mZ>F2B7lIP#;MMsfOWf!j+ppBQ*
zsx&46s$5DN7#&}PC5o37x$DgJ$spHgKTa*HoP6qTmZAwyB_YzgE-4Tj!BF`eJA#J!
zTh(c2^5Tyye97toyYE{#V$Q6)^ApWg#QoUBJ#pn3D$zLm7tRN;PH6hQBw{)3Yc^!G
zZpjZJ$<v7||0sR=90X$kPS@AsveEkg<$i+G%wkMXFqD$3e?jHj+=sz~eO%|wL0PEF
z%|-~->IP7!PtyuYV#iNIu7RFU{of%I6Z1KSQe#_8D&kar-s*dXbv1on*)#9XgAawX
zt86H!gmYkIU@f`Ty}<JJ(betLub)g~CT&~5TMBIZ`o8(Rf3zQ>46%-i%t%E;XUqaL
zRLOAii)HCF&KReL-2Sk;Cz!ZG*~V_7bS6qBYu2fwolE4nTLlyr2HY29Zt+_R9M1V$
z%B9$K`y?m#9E*j?;s^A_1Y!S01|0=Cj&lj|C=m+GQTxuC#r_T2EqRMs5zyO=GhsL%
z=_|BBmaPpEy&96F@*;n6Bbkw(viN5v_K5^Xw%@yhX6KV~F9wwz?Xx%rN(2839jS+{
z3$aK06KRWWFXM0$8V<s+TEiy4<3FW-^bWpig47~1I2IKvnH^(GlFo2Vk3eU{M3--M
zgD2D&do>$cZ!E$tzZy^yA!(C-hkpPd{6p6P!qRX7cj$xlsSk2-XgS-q9TL$*@o_=1
zKhm2wEzUYYy!#u|MGun5M((?ROFv1nYT3KN3)!(y6%CVF51|FkXU4muj%FM`p`Mbx
zvP)Z!ZITb$SA0(2QX?nT_i)wl%#tuf-Xu9vsK<Pr@g*IHMG`g0{-p2ab%6dFWnX?d
zsf+o;Mw;!cbfcSX2q$SXq<*xczu1yWf95;hblixkpFj$XiqOK;OxSbQTEO_~Z=5>j
zU*A1>E4%JklU!7X|6zQqqlv|4wee;~v0FBJ-VTu25N<a|8T762O<Q-c<&Aq^2x7l-
zTr(NomXa{p0c{AMD)MTFp~tMCOjqOddaKkqn?FFHbgF6lHtr!>?u%Gdf3`y!=N_wx
zIJVybXNa#1>ZB7RlCw*#^f9iuw|$*BvNuw<c|kk6_`ZE!{pI(;H^A|<<v`~)PZ&v`
zIRe;5PZvRHkL#RLc+mPd1HA~r;iNbtWc^W8Dab#h?$uhmJ4iV<rSS;o!l%QqHqU&G
z#M5pM)brOf8{(N&-`py%YaUl9dsWE^HB<vX4z!!yy3a|6e0wDhJQ$WwPP!l6K$>?q
zkB|00VqAr<DX-8QwS9;qYI8yB!`M1aFzM`+W!fXU%pf}N@&iK%pb^0@7P+Hnjn|j5
zMf23*%E3O-XEvOM^yt$;#q?E}{O2o~S+i<$=5p0svk-K<Z&0rJq5GcKE0J$CS2$}J
zMgDs8L(A~Ti8T3VOp?Yk>{SZwHL-SsO40dagJ4i~r$#duTS6$E3J4;NOI)1>yjyM`
zwUbt6DHyWT(FtVsyM87=g)t9GK$UL`V~fYwL`pJ$20TPn*TtRLf4(od?ll?dA@l-)
zTynbUvKbcFdW1(ymhBI(W%gv)%1hq)3lJY4(Q>h}FlGVqGQ8@<Z%b(81#1h|eOJ+Z
zIA0{XL}3lElS)TIUR^QW8x~yKE~yymA0{L?93mNB-xat;n3PU7UzAIAfVL0;Snxvj
zOM8~+7{_M7X}|EeM=E5@SCacD%}f%y?MWCn-PYbs5%T*{LqtSTFxRtNV@*d{{FSgg
zaj*`^=cUR`%H_*=XNpRo3(+4Sr&Wq<#0~1fB3yXO(gwYkg5F!=Nd+NkvG~Ksu$1)4
zZVsu6NIVWpFK(|4jNX$;gx+{@jBFr=T%yAVw)_NP(mb!<ze$Zd#LtQ>x?(s0TWL+u
z9a;$9)Z=YcZbn;k%wcR$Nr<EPoGsHU0*Ni#V^&DM{~uP@aH!>Zb~$}vFPfzCB{&Nh
z&6cJiRtmj)?1t#<5rHaIue*7j-&Z9?LBvpxW{+9gyj3wdb%2&O+76{0oD7YztP3jh
zv=dVO)Jt6Bk|}TU>9JlneO2qLm5483kr>E46~Oy~1g2`(%bpp2M0hk}&QoG1#l3lW
zdDqmi8C;*&Z5H!$`^&<oBhTw+4hN5Wx-tw!?Sp<l(9Vnol-PC*4r*wI<JO<`4|{N{
zVrJdaDx=XC#4!2_FFSALOxOJIgm2s2@sbP>2`TjFz`bP&?N^Qz&3wr10FpEd4FWsU
zhT-wBmF;gH>`$pP6qk3*X1(tm&%_TPl<!3Q@N8z(c6*~udc`SnWw)@Z`gy)P2o(U!
zRczPIvzWZw71n7tezn-U40uYB49Cbg02m%_r*79bh(7~4ydk6W)xu<=bP;xAVz2$!
z_QT<Q(8PbltP{Lm)B0x5%N~_kft0b+`qmLeq)yn<Ha)b$ZeQ!uj&KRWs@@g0JW{>A
zA}Qj9&UdW5WY1gg3R`z)4s`pcMiM5VyXqRyx01M1=XH5F+r@Q4ivm)TLrs}NTap7S
zJ3@hPI8VcIG`z9FT8~*P)lP!^gVA0{%I-nN>q5`SH?KA#0#|$7HR~T8x0os&_=laD
zqm-8uIo`&6`t<21yt})q-*5p}vPLh4>gB}vl#e}i`8(!q=dmi4(UPPX4Brg~lEPLl
z*G%46x4kJqsAvZNAEmJcqY!|M$%FawtdJu=&n}9%gWTd@OwSvNC;CJEYkZ7vXO&S6
z-iz>Yv;bVEe>Jf$-v4T1>6FOBnp+6!6EnNO;&4A>b%C|J;&WrGd7Xxv*)IEYuDQY^
zwIBAv1XuUFw!W)VqpM@iRoykd@!7di>RyBgkK%3rOYs7D04dL=x8=KwtNM_zK#yNE
zzmq>2RtG2j^REN70C~N`dn5?CGUQ>AyKA!5+z5(E%K6dm(d3yf)}APtc?U(_v$oNQ
z2~_%pHB6Gn;EJ5eAh!(pxRIci?f%e`bXVY`R-V^$qEt>48OIwU78QKByw^WkMvgzF
zo={~kPYbfZPCQ)$!@Pr)o{QD!wSE*Xv_}fE9C4ZIos`~tO>i%8AACLmvN$g!)6Xl>
zHu&fH8Y=#2TOQX8AqWn*zwGvh?7M}D?-jdwDA)+^*S5M_+pW7V`B3OE<>jq-{nuOE
zl$3R90uO695)r@G2k|67|AleNCd6e8wXoy7OCvn1xz9wItCL+y;kh2xAk#p3X<CdU
zbM<$x>v(Aex+asW=$*L8@x_~@u$Doqq2nFr5Fd_*%-H3!@2L+p&FK6&l-VKMGe*^$
zecwEZf=(*`h=EH;bRP+%l`TBiY4e5|7a}s2n<hqH)oEE}7sMYK0k*|A4HeG8xE$rB
zU6_1LD9N@u3ejLuR3-hRudUKaO^UO-y>gIxlCh*T!4|R4hHf=AWon8*EpQ{=wR9W-
zB~{P5Jt$*FLaQ(>#++<-!8L3uYBH)i#ch>Yb#M4#wOL~8d_aKSS<#eKEE(!v3Id@v
zE53CdhhAerfC2j5@VXny_$d;O{m8H44yb*}vUNp@Bblc`XHP52i=Adiq<9g`ak}oJ
z!v2cnoS~f-&NofYUCf5dU5mX9`T22zM@OooqU;jT<NalYsoieABY7p0ml$TDl`FW_
z28&fo&(|k6Dih_B&aQL(N23RY0Q70sb8FId)-?PEfia|JiG}15>VBQIMp$WAjD-b0
z0<f&=qbTM3z+L>j)lR;st1ineQgjcwjmGUbfF=g*?nBq^w+k{&{=AhuLf}!VLjt^K
zf!ph;=CZfOY&uf(@uK*_7GFEjAxJqi)_~pVM;No+RY)R*Ur@0-aY>KicN|1@l@;OJ
z>rUuW%4WB<*ojN;=H(#&a28iiKW>Su?uh*L>q!I}QTzSRVj?YaCE9sHXRN`d1vgLb
zSUe)M5o89mR07O{8!|pDKh{mjdXdfmL-Aqx(B8sXAUsRFs4)Ra2K|}z4X2mRe2^27
z-)Q%@ZOY5VVqQ-VPgn^AO~+{kxU^cP+G0$PNK_}eC;n14!w;$(40Ia~PQ369ILF=u
zj3i^;K1k{s9uJy2cWK*wXO3U)3v8=@J2NZ=*YIKR0nI`FSJAW9u(r7)GqsPG$rl-|
zJYP&IH~+%6PQE1}8d3bGO5j<9$%*mz8xAfm0u=_M_DG{08RbrXvD!)mq8pRjoVcIi
zvz`#7@r#`YS*B}tjOTbm3@TyfBfW>I0YAB|{w)su1WEPeC+#gN=9R*{XAIUKzhyYY
z+O~Y{0eD|Y%W+@G9Jpj0kJS&qjNK<N6FQo;80*I*NhfZ1iD6caj<r7eKlpc6Xd%2J
zz@~0NNT%Mqzso=!Y+Ntym>v25(~~pPR)eN#?{mGECdn@%QVNNgtM~{MuQJF37@%BI
zEsOq?PP|+CJecHp?$f$ikw@eDA*{&(fgE}kbnza&gMzDBc9e$ELu$84sV#YM66XQ+
z5sD9*!Vk-pmp_FUI!$o;8ziC(H+TMh3!p?p0fM)g`?LAePm&k}Acd*+%bjC3gC>I?
zm9$_I#|>v%94-{E-_()2hQ<NA?&2{=--zeu@tm4AnIDxgSSAwpo3y3|jrZ+nWL~Ba
zw6)SdBI>A_7xOlBLo?t;QlNe`F7t?A^s8b)oz|Qhr88+a>uPoje*L2qO+6jireL*^
zvH+qSKRxIlz1;90y*x6B1vo6djmX>ThV)epdlAUpd&uEvP&mB)h(x=fW%_m!n=%@<
z0vv1~<D_;F29FYh`f6Z-+zHEHAX@Ab(qUd(;{>uUxUC`4VAu(QG>trcDk;(Ao!}Nt
zQ59LC4oTN82=O~V)7^rW+5E8=7EtJt83N6e5+<HhYlsaJR+sz_U(>Zmp5R>@?A6c!
z-re3&SIX8q#<~Q_URC*<p!p82Fm0@4{{dG(xg3y^^+NeN>-<fyf9GPFEw!Ki>MN<E
z-$5qfhb6DS34=gV=3;+2H}|Io1@J;nAnf|;`N8!5uacAk6G-*`&uql)>zNN3id(zr
z#NFS{G7y2&VGKi%ok}RKt87Jy<t?;&a3pw&(}?l^mC0g-`No`e1;OdD>i}cgz^Pot
zK26B~9Xp_AmcZ|Rb}JEm*dGFJ%p*og;O{73L;1liE}^3V3q=QEaMWqN5q!U&{DG4(
z44_Bma+uVua{tU3P>Kr*oCCEFia>Dtx8y0{EOBV%-+cb3JfP7Y4!9JIK}1T0{>>!u
zK2MIZQ^)^l4Bh)}AL3)}``Y|d5|I{gxlD^nmH%B&3gA_~K#ySzff<_rWO4*97}@{7
zG5>EzrsMlr5ayCor3CmUm2U3FJ20(onTm^t?#YD?F$k@6FlKeKQq+<U&qTkM^i#tf
z<OR2nb2XTRUcy=Lly3H%Nx@E(-rE3!8&2@-$7_FwvEYAnxSCAIXsIvqXT1)LE}fXH
zIe*2v#}Lzg%!w>8I+?QP)NLv&l!6>fB4xl+W7(c6S@4|K>BHj~B2Uln-#P}A{x34p
zG~hti36w2Nmv2@7zQMV>2^2Kx3{w18mW%(u?DV>GW*w+BZ+3KM=}x%)tk>|nek+q=
z&pnmo!%luLZM0YfwQ-D9OnF9)du_guFX#Vemzug330S4e9|qa6m^+QWXcbM}OpK2g
z-dB5#FCFNGP6(rfegC-YJO;sT8Qhg~{?7f0D8pPhy_>c<@M3rF(>ebU!;-pjags3X
z2<9}&&7G>2zn9=?!_s+Vw>`wdFBF-d0@TjRu09)plmTry0nnNQ4kx;lEbfBIYLUfv
zfflnPFue(5;4G8REGW(!#&!4wBX)44kf^0R4xd?yOqUI#foGv9O8Pq4IE;~eEmUUQ
zT4*tnV_#~r<gk*T41{X^zSfZE97Z$avA0OiWCohkJw~e4!fUX`sMvrngPgnkX>0v2
zneHRyI)UYDqPrJai^hIdCE4sl7-1A|LtE}LT-L!KNLIt`TX6ArkWd5m`!;6>z{mCM
z4>UxHG@xa)wv0X`@nebp(W5p`c6X4lFu+E@Dypj?0;b_ZR$1aADQtDv&;(T4vp!do
zFpfhMS=EG*`k!gr@SrRoiZRQM$2#^2kf;}uT>s3|I$-UpGx!%<QkRc@R$u)YBE4`f
zu2GCs#N{!xg25^}u{a4;{{Ggpz?{TKd~Fz|YLfL+0nUXegJ-!MZg8{&G=siK`<+It
zm`@WjY%-R@#5XlA*~I}1Pur+ve+9Qx<?&VOUu9=1q5WrMZCr4d<eYPs8`i;H6p;&O
z6Y>-&9_?;eQQ-5I=lk0fvr3jv8M2MCBG16>@F^L7)^^xXFqMtXaCkrVPc<J5;vl4Z
zX?`5$YmbB@8jte{c8#~CzG(Q6$#h_DBQ_mN5Xbm?q(nJ7;LAvgGAL!g8_hSdZar`z
zyevw&ZNm`2M^QazcLmmBoC1RAx(dS9H>UeUO{%+vkhfODz<q4P+e8vuhL0)Vdxpa{
z{|D>)m^^J~zA==sW3ek!p+Cmv`IZ!vGRS`bo}&wT-^=ONa{prSFnsELmZ4tZ`RMsF
z8&zwInD+4Mb-wuqg{are52+#uLGZZ5lEB%6h)*@i<h~5h?fx2aQH`qizy*V#9>*iJ
zU31=Pb-cGx_{oWi45sjFmmfpR15k?}Q1`J3)DHdysA+xLoY&jm(p{{A^gJh>y})1l
ztH-_hj~*8#?<DJga?o9b=ch`WVeW@cS}jx9$suG5@<Dxc+Wtf5&0!9@jwcB8Zs?dE
zLd30`oL1MX#dy~`-pFiKpBnZ2P-{GATx%T;IF5=e2$NIFd+KNR%O}SAjVz?V$X1J@
z?&!2~?Z{=uGGDDwpWFs}{d1leK88Uy8%K)Ae(=88jZ@SZAIsLX3RiD>25x6GB$tqB
z9LzT8-`Ytdy)HJtLZ(r0d&qm*)5q7C2#rG4y7^CUa<U>cgcI?=jHmS)c-$WP=%wuz
zTl5#8eh+N%M%dyJEWKe6JbF>C?Jd9$MzO%V+GINL^IhlAq^y6A7Uyon8)58}Z>xhv
z4{J}BxxfQg23oK75&dqA4;<#-cIHREx&O--(J=)BeFmIqOBo-#_X%BqPu&uJU_UkQ
zV~~5{f0}|F86X9bd*EYuXrwv6j-}&rc<>@-Hy9xjerD)rb&X1nl|`24<P#(>3k|Y0
z_aSY&?~y#Y4|cPJv`dx5D+Ed9Hk;+W>*9L>UIf~Fp7oWQroUPd(ni2HL~W189!Suz
zsZVYp*$a}KO+&X#L7^Ou>u`ydg_8(9ca40ggQiqzUiI@_!@IpVIF2vhB)psIqGXO3
zUK6uK7|$j)3G7c4@N9kPWL(#qSyuOSwdRAICz|{y$JQ3q{3g%M3yv&Tcj>)EW-ES%
zq{wly-`&0ph@u2-_>FoU%P+<e<f!9e&U&^k?B+VABH=PxrS`B;b;WsT9BR?j5GmP&
zim#Ge0>2|)>cV>e40dt%wcjinj#!)UmOf8iiiH7*uNIXeI_pD!M1cDa4l*(#!>{C~
z|0Vl{4~<+WM1ZJ#F5tK*op+xUwF!y*1l5YC9Os_E;&cmn(Y+6-$fbH|8SG~6E#D$X
z<$?M&p%dQGD5e`}cC5+q`Zhxd^Hi~&I(={$5pO+uL*i+sMUV4qB^2ndbE>l59pLda
ziJyO5UyI<gupT8(NA1VOR{0F?iyAM~q=iT!KdboA6uluBcXqZ`fjsc#z<Dd$X|~}c
z*M8w;)%7`%;>Fa5KhQG`F{=kjo2sjoV~*4&W>U;%!Ti72b{0<SfP8w8WXC~e-axGq
z0>X)PV=G)Fedmi|>qoLf*wi^RF56hzV2);khNmg@9fz!je}%a*TBYe!D)Y(PbHgUt
zg)?EMgu5$3z}SaWlz<Pw8`Zc9Kws-sv;t=j@p;h;{P*)AqT?41z4s}b+ZMi#_;|(_
zB|A>gyG>v7@=A=i-~n$_2Ymau*vf7*_!a){R&V+1GNk0Z=v1rmD37NbFTIg9scmY^
zC(ZsIqZz9p)-E|mo~04&0U!2O6_xI3t-!_pDO^kwch>)_y|)aC<BI}(g9Qx)4>k};
zAi>>TLK1>Ykip#t1{vHTK(G+pU4sU9CNQ`Y++`rRJM57BcenP_`}C^btJ<ml(ol2y
z^y$-g?!CVwr*X>!7%~RcTFUymU)aij<f@Z*``N;dpe=XZMuj0d?Eg}LQ$mG1!mvkL
zH+AbDBJ`Z1os5CgaYP$y6jPJNi%#fKn7k`X`rGZTqV7`b2OsYl?pi)k4rf*EAhPp-
zwCr79J_9pEre!ZUN&7+kd-Xe!>Y7qU?DLV81m6`){wrgA6(S$L*LAmdxz#DD$>5}~
z+>PJKp^Yx@W6`Nm`Q*d9D?7Z_o1hv^WlO&K4*EWzgAR|G?aWsX-qXxjjg@mMd5gv>
za#G@12<$~r+1$4o9!*Y>z&y5d11^RS;az@lOz>>K{9M$^M2kCm(vpn_`-4yIYo$XT
z4;kt?Ui!@awav>idX*6!BNgcH-`gR}OIAncn%I9kk3XKD%l}S)A$s}&DzCzd=)v*I
z_M52Un-6SnKWM5L8MiN^&C%FH^i8#H%0^2sd|F4}=a}Xmy$7r(JzN-=ZQdZtR>>}T
zEM7FjDbei~D^T@YP0P-*cXzgf!@=da$rrc>yUXG6$*gOW0~z7vUY?j(U|>vyTxVBd
zqIv{cQ29!m{k8-t&q#bQ>*>h%)P9^#B8rviY-h58cHRo2fXiETO`Yw0fn;)fbxg(*
zCgn@$-sQeq?K5<;wgoqm&+3B_EPx&BkSMm3mSG!cKmgl?P3;L4MZ&TwpQCRy6~~ey
z-xLHmzbkcAZgN9+Lp*27cxN=`!gfK^BzWYFUmmG21Yc}+c-!hYPO0#We_Bx7c2D@b
z$O-5E(n1u#s-ghV)k3Jpj~1rXEoSf#4li<6-Kz2-`5d<*l%d=ImYNhE?f2)H;C3yW
z?(%#Mc0}+%&kv;lzaAbpRddj#jiyB=o0{t+((k5*;(V9tcoMm5ElF*k7~>WVPTZ&D
z`@Pio<U&^`z^5LJdB0C@<wY6FKw)pS*8@Zuyo9n+!=0cLl$7;*@q(osl2aDdYHzp3
zaTw70JDK9w_9ch>jw2o3&p1@XZW^ife_(B$r~G7Y!JDM)-)zn&>H0}6`L>Y7D^YTa
zzxo9%@ex~7#MX&?N$mszKc|Nu-!gly25S?oHyXQO=kPI76&IHm|1t{ZqhkByM^1Hx
z7N9#VYdd4(WW@dFV!ndNnz5QW%R0<3$5_op51)5Y?Q6CtDOGMN=<FP{=u#iao7^gr
z1=zh^D1m_V*#rwaC{B*i?aQDAb^wyb{Ih}tYfskvT|(X7Gp4zTele{k#dFW>kIzK7
z=vO^Gce@4N^zopupTE5apWGbp^eaKn`FylqqO-ixpd4p?Htm@@<V<;Bs;qjyx>v%{
z)-JMD-{rmLm;?Du>$wsyyx!P-KC%umo3{oP2AyuCy?pL<(8ASFApE)Y);153%nq|h
z=Rf#0de$b|hNsx#83>L*L*!?oZ4MSmE6;cW!E|Z7Z=Pf$znOtRjb0}89q0YJ8d)QH
z*DcY@{d?X<Y?gdDr3L%4FASKPzX`N|GNW}nc;H=pQl6R_>S^0sQLt?=eMvn!@q%{K
z+6Ka9t|J@*n3z{_JY^c*ALt0X(2dArw(uRY!fgs@wV)hf|4~sM0_aP#;9u}ZxzVo3
zK#qAD@`CUsyzXvZpd=--80Wx+zcQ=L>FXNtmZfg%AFNx8(I@(STJcI3&p*x?ybLJ4
z=szns6da7}#-APHEY)tnaMkCbxKf5uFzq^ls0O}M6FQLL@+{UN+@9)p{ybauMyTa(
zV)<wRoglP+I7BM)-VFZ4`n;1<&7qyAsx6VHU7*k)5K6Byp*G-x&0Ax@chhv#(sR6S
zydaFV5EC;<P2cyYxMH;dplw;2&YkF7C5)c4BZaCWO#?+`doWv=nFi^+#mca%-6Zhh
z9=xuXSuJ<DSeZH-^xQsxg%x|w*O!rhE=>;jW@8n23svM@464a-gMRgF3X&2{9{*}a
zk;LY4T2yz4f;%D`T(!=UaFy5+{}xo(x_P+4bM579Xi7#gTk4Rmo+z@8$|V>W5byUK
zuHU2p=%(<{u7rQ3_V8#R3ibc}Cf`ipi&nqo&!oz5H!VG`MuQ?-UOYzZD*-{2lN8B@
zSHE)@yNT?MF+jM2R^HrAj8wvt@2Xu`!rtZaqyZV$I2m{F#bWn9k89oIqa}A!=c9#h
z1p$U<Mf1I8ycZSDNqJ4AQyZgs=%e3eQkA800=Gpw)t}H|r!o)66m2D70D;I!=EhmQ
zRW`lko(E+!mr6C*GQe*}@#oWT`kp?mU#uREvSpY(8Y#zHP7l%RisaHu&YZ#M?Uws_
zCrPB8162W?f&r)OVsu<T@@a^SZbhy$W|W``<GQ#t*m!Aif;LdS{G8adK6{}$Q_2V0
zw)A(xH{<e`^TUeEbBIyx_DYX?1ba^Q1BJoW*Q8N?-6X$H^Wnob+{&ackSO_-ZqeV}
z@a>dG&<XN!O6%)jdpB<X+=vk&3O7x%D?4hy*$})>Fu5icT6aqDx$Ts{+efQ=xezPQ
z76lxAsdnnRTflJuy9eB+;|#Chz&<F|Nh3O4nxuAHKc7vtQ)AQf8y+l&%5JlGtQ(-z
z9vpO9KNJ0Vm`9R{>F(QU)V>se?o&$<wbX>94oL3*_T{r7z2e{;>^A%Y-R|AxUK+mu
z_n5gRSXsS?m95?MoOjp6Bw;+@W<NFR%5&vKrJ$ey7X&nN)$2&f#Jc87>%3O{93JQT
zAS>bx8ZaOHK@KaWob~&xW@7A2#xwl~c_2k6l0XOL{$j15(t7?`7G@|;XN#UwC9A14
z`+3)(maqb$W`B~V$Qp>tiK8OqWFf=nfs>iv0RwN>NDv4(AB%+68_5vc6%R%tdQsz+
z0c$yRr_e4++JGVcZ!f|*pv~LGLla{hC_NTfl;RQlYcaC79+($v{51<lRt_D)=nt(q
zGk;W3S$X{i2%G0YnXU#;7Hk&|$BvBku51wXemZ9(4Ce`VW#^7mr)%?&qNq+Be;6hf
zoS$aJNM_FuI@f>r#nhj5`%~DGj`kHdz@b(5+QZWVZf!OY9t^$S`dTbtUF+BZWM<93
zvU3{FY(K^WeZc1#NS&ut2<YNFiU{qaKtePSJqA#*@7pIwwG<qc(0N;b_!fZtkQ{e%
zXilvuX&1vYW@i0i?fv-qIX)#oq@8_RC3aKqrn!e^;F&`GC(BmzpUb9HH;StXQPfa?
z;KKk@9~51*J}ksQnw6_S$b1{Q+0~f`=#1NZATE;r=Lk{IEJQZlld!+F3KzUhWv#2a
zkt|%=F^22?YLeQ|^J3yAsHjtVPju!ahBzr$e>VUi2%nsua~Q#Cuh-FLl8wo8x})HD
zvc{#a!v%L0cyCtQU1PZQG0gl0@vgM-eSR>(Bq@HP9`ahK-}ay(ecn5kyt`jI^>DcS
z)(UNV>Nif|`@EXMOoQBP48A(Q9^FRN*VVd^9i5QMB<zO>nu-*bgUAD@`NJOa+R>mX
zszR?Yo=y3=)(r(>gSX9rCak6Nw9HOajJ=-Pc9&2v+{8_(tBUNTG-K{kq^Sm}-!3U+
zzBHyBQ{SE`{b5Dnwj$0<SHlc?{rYm&V*po+4%(FuxU<6(QXZg=4f)#r;;fg{P~TYS
z9CxUEQ;F+g%SY#H@@=AS+l$u&Ke$rJTYlFj(y3-*3YOsPRN)z;*SrvOYyR1WnUJ6n
z1q>g!nvbM|AA*xBnzo{=%O^vH8oc?hRd_SHC{yb-A8cHSMLpqU!Vd>57JGPE)oHM&
z_xIfQ=jT^F&Wb2gxrSX6!ZY_huksh!rWa#>-k1y<TXBl$zlEd)ZPd@t_|ox~Y2lr&
zG*Gc5f}LL%C<XhWZ^?oz<hYV&mV$LMWZuWa5h0b^MPF6${Vq|1J;1l@mS=%X2GP)l
zdC`5E$;q*>J(znD68aBY%pZf(0-fizE^E&pavNyl7)g0}ykAiaw{tb7SAI#>bsYi)
zgp0_Fx~q+I#UYD`vox;s=n2<1kly9I<}_|htv+0=(V7n%HcM)+vk?oFN1v;g-8V?u
zE?qyMZXc!cIC?Q|ySD#XG#@<qjT0+VIyu1<Ol&NpCta`O!J}$@p6sR-&o|mXz?9;q
z6`PY3v!5B_cnSnUCnrvJv-pn0w1!(PL>8diLaA4pZGFaWoD`}LoAM!t-9_HkVzxV(
zXjOmqEMdQw>cB8MD=C`<t?)i&_Tot8mo~zg{UrL4ZF;-!04wNk2V8drza}UuACAAi
zT?Na31v=h^1%x98gWg%MDtPGRL8oM;E|9q1wgpBGx|+fBK3Ua)7%I{=UcdRWjWM$%
z<a?J=yXNO^97CSs?kEh)&k>>pabTLncgw-BUENsr8AYN(h8^J48Ps?WMoj0w<JM|x
z;((-E(4^~e$Z7;2HO~W-IIC)BiB$X*C7vM^;?&D6$LLsZJ^b-=NzG|i)EuMe<t52{
zODn;A@e78Fy49nc`L2*1ef}1n+1frgQ}j*!&*9JP0iFHx4aEsUq9V5wxVu^^esc{=
zAl9ii0Hg&!Dv8^|oy+5RBQC-CZvJu+W-Le)r0G;PuseCX9HrNBR$X1;*+o0wTITub
zkb`evIXC-7LPK)9rDO8C*X5>S?dq_dmTwIhJi64C7F?UwanaDEK~bZ~*z=n>e{&3a
z@cP!2cc{G8uSspsor0|*UBoL@{~>|p@=Z%WA1hn%!L8e^yDAs2tK)u}f3<H2kLPvp
z6;Ok_xmx4Z<jR8(|B}ZQ6}H1&WdI~{F5uj;;%rORK6}5UdtF$jEWr825KE|i@44(b
z)0%|nhBt?DlfJU)Gr@uhHhLMO;16^X$=*ufHKX}f54QCEW39Wpn1YMtI-O&XR1KBv
z@ab|KuYx7$(CjQHD~2RC8F^SbxG+{j7D<{$0(qMWVth|?<xSR@iYT6Y7-J=Tv-Wh~
zW8g{*t7>UaG-PRtPenhR*^MKlIOS@>XrJJW&!-Bj%c;~cFgDzr(*@4jsoPKCusqn~
z5~}M2aKDWk2ZoUM4wG)aM4x|7`|D-%2Kbjh&JB1rMprGod~p)xAr@XyJ@tJi3cfRJ
zIF6)h_9tN?eUOuup&ytC<Mc5>`>3@k&6X0O_lvvE{KzC5>ElCsnW(TLOCx}#-c5e{
zi;0mIuGn%nRawL3)-@Ldtb;cz@MUXvtHbqvNz@w8Ca3agQRP#uVPNsAmv$Os!=94B
zrKW>VVpb#@qu&)|tLEJ<cXb!GC`-*r;buNnXGGq$d)!OIX2#EP6*P^jIbblm5@_Q`
zyFT%Qy=iNcEB>wCv~b16#lWfb{N5SH1P+0Wjyp5CLCbYP&ZTJr`CE~hdkd8`tG2|7
zg(;18t_^R)-hBt87fU}^L;*Jol-V5E8TYhs%5;8za|o&i+f=}T*itA|{?@}#j9pf4
z6I5*K8(%!l{pp?Rih!MjGvenJ83{J!rW@$AH1o=Gc9-9QJSBO1qkqAk1W`e&i3FS?
zV$8KkZL8r;R;IHmZ7M5vev#}(y9i*e)H?nqzXBp2O!RTSa4#+H34?UfQw--03c!wo
z;xxAl#xdXqgGDT#BH5l>u~M!K7yW2|xE>cQMI>goB5mrYh6|M?2JIG-#rc5+sJ$lt
z0M%48_x3_DDC{Oo2r7BQdXDNr{j&m>DNSs!F#<bQ{2wC*E%etFVB6i&pn2sjP0~oz
zPe~SLCX444*mZV={y96s=_2bn=b~YzpR#!cdE<^PIw$uPDD4k(*i?SL$A}+IWpu($
zOK&|7b*|5E!xY*QHZ9=I$jAset3i{pHJ$|LQ4s&|njUu7=AkMrn6r=));KKR2L`y7
zzllmc{6$(>m)4)S8W*Llq+t2hihRgWku9sj%R{iG-by#Z`P4|S3dqpU7d#lKUocYs
zi6Qyp<6|l>-OQ&e!#*J0{Z3dLf))_K>ce;L7(V*6R#xF>o9rF_fEuFisfGheVjfTn
zR2%#I?fqclpiPzK_GSB@nah5mzLBoi)&>0UT{hvz6U=LP2KR;EZg0{nVosG%2^b8B
zBJ$}Y3Eb2*G_*g?Z%qr&2WO2PVkKQ=b_meWNq49F^}EU1@voe@WHmHki{@CVXg9c#
zSRxH$4VqH&i8#WNGrvW^Mg<dUPr)<tuBsHniKZ);V<1vc`9_tn33yxn3wRhmBEft(
za@z9ktoZ5b`g}<OIvqEkOQ-p#ej+P7K=o%O<zV4f$iQ3H54x14m%TYnZT;G1#x4l&
zAd*IKn3EEEHodiK%AwJT(SE^No}Zdv_`4sj<Bm#7+T3cb)3qEPl;#mL$vqRX+ov^I
z4MhoOx$W!PJM*2iMB}kD(6s8r-NQKXs{vMRGd?C&>}pB=6cWFcSKro?#ap34sk=JI
zcYPC#+mEAF3a#R)u-@I;0=1v7208DSyviy(yffF$sYOtH|26Q<^2~HlDl5D7??Eyd
zGh<b*bf>W_))D9D7d{uSTn_Q*3kq?>n(R>+Wi{RMJHgTtXHuxFUwkX~C#R-#95l*+
zmMlk<Y2ve3i=)J8TXhcim5V*}&-Ibt5z4QB<W1*D!Hsa`msDhL!k57sFS6Qd^yS3s
zO4<r13xBOzn8+P#Mi?7xNpvzs)%eYXhe*tijWo_0`6`7*)sQdmSn>CMtcYTTHz67}
z&d;@^0~;9Of-s14F397cf#jeV@Kf;FJDkJm&bss&|F+Fq^_Gc9Ym#ATlvqRR;vc9~
z(X?=WCl@c37pb2##w%LLxN9UIzGQ&mK<a4p4*|3zR_S^eQzS>I{!i;L$*J#5TKRN4
zza*lQ0Pk0vl^f_aqlzk0RIV7TFM87%G}}V`N4*1@nXjMx9KDuW3ZlL@W83t!Kr7zH
zG0#`@7cRM2-{(8J@M!+s`);$RLo7Q1(YLQ5uIMneu+*I%xtAb%Sw22>HPjd5lMoU*
zUYn+aEyr=X-NyHi7zL5((1eE~%>Mpr<=Czb2;6O*E`j7M@wH`Y8{0ZjKUIkw9n4+9
z!}5D329Oe&RN1zXA5Ei}mIm4KlkZMBlSWw=-|vkaX4nTs54#~rwtGGW*EO-I^W_Lu
zz)mmA(15VdOeulqNo<MIATd&-^s)+Vrof_HQH`1ge$R8{mt~dqwgQ72mhg(bFQhPt
zS?!S(2-MYKN_<sscSkwF!Ym7znwInEiB@n3RpW{g(8FAm%jHl<gsAW%JGtYG<l02K
zQqD?8oHUya){Qf}$sOJLbRT^VilvSIvK$vd|Mq9tD`Z;GDCWp^jJelg^mD{!mL94}
z-iPvYHCt(MRK#J%kA%5MwkXb+j`778<BPaEKEho8_uv1|W`PUowi>WsDv(NCg(D2-
zivg5GrNo83R-3Jq@sdTee?!!He|Ph8MX1)$N%qmw(gw^(bWRCu`nXMZV?5J(jjyTa
z0F89W2ya3hT<PsX#Yf5ba=N+;Uqf;cY2%MF2Plyfs%ov@wC4Cv5iP6KO{NHL5g_3|
zM;w0Am^~AzZ{7wG{&$W@9_|o&_B<}|?}PNkc=b`-pHEo@i{Za3jEjr=yOPr|V*dR)
z68`(|zNq%uxkL(ol@mwJ_wz+P;1*XS_@@wU^c#d{NPl>n`k%Z{D2Q`Q-@;e_97mc)
z8JVCt^qUI*fASKaBF@L3D1UhLqeoZDMtub#e4PjSPagX-#CZWy_P0mv|J}g*L;8;&
zSN@Y{K#uYLPyt2y^~?Vh4t;!czklyUyt$9^+PR-cFQ+~I@=@|Xg$Z8Mbfo-$+W@Jd
zPn*>`gODXqp}rAlwE|S2L^g*q5Tdn$#bp+Bqg|RVhGra>%N9J7R7>>|71=OR$EArX
z(!y+o|Kdj?;Vs(?gz%L>4z;Pam${R1;iD-L!DAZ!d_;#UThxegMni1Z5U~`fMz)4;
zMlg9oJDv>L_@I=h<M<vR>ZaP2dR%O1s%`!ZJl}eXapiHid2qgJq5r(Lf}+GuFUZX=
z2Vw|DzlQRDpI~V}D`8sx8H8^k{KcFvqR~FX0M&q#OY%(;BnLbBc*zj;?j=rO=V5)?
z3!Op!VYZp;e98(=B7_@pA#cBi1bFe+))7BAiayC$@IyO4f#eFJ&y<b2GY93A6Q}6g
zbPYH9A66?<u`)ysTXnY_6iaHTfvK!^pL>ctyX-3CZ62i#Wa^K&DLc%rFQ<yyvzOH$
z36^=&#lzIM;uJW#!0Gu=wRKlXVEM**2U~r68X~nVPhxMv`1YPyQeTncT(}MoukD%e
zVVreEX>_M+ArYZ)+p8TRH4ZQQM_0?m#A&08RWRC=cH%#-u&^XSR%5*>3Q7~5^w+a8
zGG?{XX^ng;Jg3+p-sD8`aCYNAU3Ea|+3{iy%uPGKB{COQcPkN$?%yM^$Bf5gN#XBl
zmK{jx(!Xw#9r%_RJ&`_Ex^@rwxhfdI)?&e7_M2e`E)qcP>B`Vr*@FGU%NysbxX26`
z<&R47!9aHT7{Z%@ji_TE*J_kie`v<zT_CDt<-8-_-Id_Vld#k<8RDD$WQf&YE0t!E
z56ZQXCVfcqxCc}5k5hN6TofMSOf|QmBYDrhHIUmR&I!|Y;%6h}i+3yHm}76F$7Yoi
zqI&7o&7&jR&#@XSIWJ)6PA55-No~TnEEB-@MbEL<NRfOdiQdh-chdD~)@NnJ>&I$|
zOt%!5;H0hzu}aWVuLhOmU_MB|3Jj)0q@L*k<1=6lQ!9Nz{@#?cb5S&C!4b$b{YY|B
z&w`&;95~@YNju1L3ZF_X@OyT`4vAQa>OZrU_|I(zHo2hP-}V#zyd746F(+^+N9C~N
z!G$~c;zfL#PwBsK?$hD&575wR;|T4T%S`|W>tA+9;85XE2&Hu!wMX=gnBfI%t>UuM
zdwOS`@t_nb{nX$s0p{-!G<5z1NoOY~&upQRj@QS&W+zUM&HDjIyc}d7Xj)Lq&s12T
z8`XQ4XUgu(<4>D!KumTz-?8D*>l?RrnMmb4V@aX;L%Z|Hw^5Twp4J{2re=%UOa5~S
zL`sM6^oMZxM#6ri89>_iKt|AP$)SzoJjD<5J9~A43XybTv=G9rcM|$f((YP*{uJCQ
zB$j6Fk2dXt9rWg!o04I5?qFx-<d9K4OWVpWTELP18|I=ODU65y+HRB2?n+bEs*HaB
zN|kDhr)<%Q0E|e!&vzlgA{!<aA}}OJDko(bytBwo<XvUA!Om{^K`P?H00iKrQvUko
zu|G5v3>#>ImDrDj)B>QBq5jP_;b2*76ou5?s)1`>Tz4#{j~q=^sDR?xoG@NBs1l7Y
zl32f6EoOx69Y&?tw1`_`b>`DNw*j$bnL569%zGOmc!O+J62Wj5?N<2X82j~Qw3&ZG
zG6UM$t!b){2)?)&&#Wzj_9#`cM0{RK<-MAhdnC__dTU?+QQ2h8hGxrRco^TcgB4BS
zo$T9s<df}ao}MsrMSCg2^A~JDE6s*<&j}J0!u9ZmyF)wA&0gM3W7w>E!ipc>M5nP@
zdp#*!#G|S5?DO2=9yCTk8IP)FA9C^0(^L1YdsJlX;tN=X13^Kim8XZ8_i;wV^ca<Y
zhV$1y!7f<(46ny$W#TRe()u|vkm&_;D^#%1Mi$%&h98dK+;7-C(R0iiv)1K3KB~uC
zF54kpLHRr+W$2RIg!)wQaP^{YC58l13~FF~gX(aFLeVB@&J^002X+|TR)u79u@8ZT
zewS+bm$%hDy@SDu*wV(cf!isOVqQxs->F1`AEdBlsL=^+aB;B;k7gt3gxJt878}T?
zm|258r1RdCXr<=}xvt1QOh$?@=PXH6eoa{u2vpSn{OqQT>(W7}%flPf`;v4=+3*wf
zW-`|Bd#vlWN8|r`9qr;jg%M8B`lVlgYa=}Qq*i`mEAt8KYvi0gvLA3txV2Za`6p=I
zs7>nU)vkB0bVInP%NH(d(y|zF-!r@W$j$2GQCbd9#<xM4c7_6BUu*m8>b214r6PJU
z7QL-f0*)D3ZRniz?>2TITkTJRgc6pNw)7gzknSP!0zBL7?yT%0OmtQeEFn8bT|V}?
z@jW~PL?7+SIBI{2W2HQ)X>CPX-tc-hJw@Iw=3~fW2FJllte}SDO|I=I@~$f3?Q~#i
zI%tW_8O*y_!NuHGY;UKsSUq>vn3UrvwmDmHY(AYSBiTa&`Cnj0%LKSS5%Hp&{(3{n
z4?pA3^Ym6OYq4pQ^=TmGbtE&`F&&k*!NE5Zsc~@JIdNXgVsP!aYp@2zZS0arP#@n^
zJm8hDSeIArwJ?W-_7^=_a{w462{xi1w!jrQvz|AXS_7CmWMixuh0$Y2LLROANt$L4
zwR|*qUM8-7(u+ilV^*_*8a9m1;gdeDJxqb+l64=QRK5Ys;KF7i9U0geg2jO?(?!L1
z=+Gu>>*gxTvi&<px-a!8#s1W7V*I#Th%+Uce%HcjrxmK-x~R8{Xma{8D@8ubqdzYE
zC@%$`<%{Sl^c`Zv@iL&*d-vX!un{o~yAG8iK<9OXrb=2kNT2k)*%2oSuqDNyTPl>I
zb4ZZZC)!*b7-{hG)HU^24pHMxlfZH&h;iU-nQ&@qIoWgr<R(;Ueu8;>k|p|L#bXsh
z2XM>6@VU9yUa!Xn-O0uq{4V0Uydf1Fkw>ybJr_AB>q<64$Fj1Dp3({oDp(WF;G>wK
zB!d|L;aL2flZ!hNJKvS3SHlx@Io8c+m4`&R=<sw&XxjXlUgLH1Wp8|S{cRMS4#ue;
zVv#i+5~8>Bjv|P4VMR&hdz8nLYIs+5)yVBRrl${>VsU@t8yB6;pjZakdzrFzw|A-|
z1%IvniRKQK4ebk5E7<g;!Fp1!nu~Z4#xM(7NM#h99GRGNd&=fsgvkkXF$8RqO!NC#
zLYw0nKvc&$87C>j)WRXdK&nwm6qJbRQHenT=^wr6K^x%ummx7t(Bj3wKue;as7}KJ
zuDQeI%!;1#k>+LxOi|}G;JUe@MM^rmEgjEeM|SxW&Nx03js-R!Bat%ZGtGdffpSWE
zS`pd$Hr)ZT1G8ondcqT7c&r5{FVOBn6BG=D)Me?MPQWLJ?dE(&ws9$&MnXJ`h_rt7
z0JJ$hnAfmt)&h0=&;kQ!wVS+b(mBgyg|akx1NMis=}<5z2O1OPyu%9p=7|f!=+W4h
za5+OACZx3B7s&89>CU_ClLsq_YdrP(-ysT$OcF2tg(x5)6`&6cncnCNEB;84OfWlN
zE#~xuS6f>exjM9?swE^WQ<GA4)KQB?CTO}29d-kIPn^iqfeDYMekD%BvP5FmJ3KFl
zrD9e3?$AzT%ql4i`d#6N=ZB2d{#j-b?V1YYt8RKZKehS_R3^x<T|9Bx-Y+t&Wp?$l
zMX*z;5xGRLgF11RaEjS9YI`ybuizUuNs;NRrq4&qt$I#MT-=)*c#FUg#RXyYEQ+_N
za@cFsCPa15UDpJw$}zo~4Y|8$(qM=gM`@cg(tcCz(+3co;C4ZNf>!`<2akIVugNoY
zJg+y6V7pf5PenI|Zhvn-gcs~ah<5cD3t=~8X?_&xpf>AJF|Ms)N?Av_&c$tGfP@Hy
znAY*6M>KG{fAzrkzXA=M9onHkuZ9N?`pem*p3M!FrsE1o2FNA74~PV(M4|uSnb4Z}
z-Uhj`8ejwIcy)Z@oz}G@8rBYEoBtL9bbR6U8pg%)@bz8Js6AqWXh|C#OwQJegE^*P
zlT%@xLt~pKzVVx!|2}?dR(~cjqFl$$C7F{=A8T?~tG;X*b&(zHKaaFCQVC!NriN@v
zi4e^?wHwxpX)8tEVvpGP6P>b6WpwU14H#9WW;hv4_Q}-W6wmZTAyROQUKTCPeXJ~<
zj$Fb80lv>J{uj-FTBoPs%k){pU@`S0QQRPmhp!6P%*RrWeGFA>Bw&rGu{);E$-iO7
z`zKF2pNF=l<UCQhhKE%vk_njVXH35LZ+ILbw|aSAk)XzEa{DIdn9l$)m}_$<(O_-9
zBKB%G$h44rEyDJ<Fg(-W0XGGrtjZyPo}yima>fZ>&~ggY;fs=-;&#}TVQDNa!(vL`
z$*KidH@=TIw^_YreO!_e624dLkQ3>N(+w&SVW@~DU|ZjjL8%L7?zjH+yZTfie`b2G
zr(?Cj?4k&RCZzgFg6?K;PECfjyA<S1T*xl@p!+BmC3Pv!nE3Tzu<3lb0J))2*>6=Y
zS+dMcN*?oM-6Gs{E2+<!Br=%46kmNAPm6d~7ngllWcCxBJ|!DlQO@M6zqb!9-$~IL
zzSC5Wi=voPUkg(QD}9rfk8{Qi@nrsNGFUbmN$vHA<<>WB&SJ*m5Os^cd)pDqmIkJY
zP4IS_JCLI`h_<fZ(UF3!fn&p9r6mm*CVhzS@JI4@qB#BQ^QeEJ0QVf68zyd%pJdt|
z7pF9$em`qs1Sru8b$0VJxra(5D22xH4jSGyOJ|X@o2|_R73LOkUhCDmv}ogNg<Cf}
z>>&DI`(%=N45=O}DG8-EXaac_Up_fnNoIIw&AnqDLC2w6GcxttKf_M&*;=I#3+WVc
z0*h9_!2%Bjb+Jp<7ddZXZqm6olIUA`3%x%m>(VS>Qm2$n@T||3YhS01dH3zNIt_7A
zX<2pinTa|dgA2%<rhDIpI3I!r6+#C2ne+C;Y85*L905M{o}({^A(ch=;E*bg&z!;`
zT$Hh?c8CGvOS=WKW$}?p&uFf;UIO|Qpggam)h!pZB+QaGpV6fGo4u}}^|~QOYV5#|
zqE6>XjoV0iIeiM(5<&8IR;)kI)qho8b-h`GqhTUHJqM+qo*d{0qcPyF`046dH6b<s
zTw^cOR1Qk9s+Qd?<Y{yuxU&T}Dz`w;METlqsrPI;V*;K{x3*!I^IVQ}N=W<CZy~w!
z;2j3${f#Yn*bpT8t_rQIGi2!c-oM@9<vN5;eA~mBp-e{ca(`KcF<V^2fefvQtX#&a
zPg!E=D#I-EISU#(_FBKRu~9*t(0}ayV8ORIloTW@m#g@=>G0z8!w1>t6INjOcjIS4
z{UzUPLlo1X*6?c<7!5;Id6VM@%&EriFy$c%L5uWsuP1Djd37Z|Pg3gKMx|9NV^bXG
zt!hJ?pKw)6SZzANnRR_H%F2REhWsw53Sp`u-lykRhdr_OMl+v(8?v_87C1Sed|mWI
zasp>A=h2NdAJ4pDO$n-@fYyh|70pIwbk?#wgX|_w2|mv*FTjfcPNf{=^B|fP8V(VZ
z0oh5z!!3VP>Apy|y+Z-2{Bmv;Xb?zc0Px<CXPNO5lj+yX4E!b(p-!9p?o-X2ehi#I
z(D&#KT<}GSMkL9{ZDf+UF*8!!zxX}ERS2E1l8m8?>nm0ihr!O{7Ls2tX6{jw{|O|W
z5vcRY@8c-w-jm^e4@bZL6yRvGkzM-*P)WDgZH61$r1t}nc*;F_Er5PK|3R$9m@K{j
zOFZkF+~0hRov%FQw~VlONNc)w=NUaOhgN%%b*(1S_G~XZ4lEsONn#bgDK*39ce4<5
z|MHg<+uHuYLAU;`rx;!khSqFRN<et?t|!+0Ysj!H+>kD<m-bp;n$8J<>t#;rioRvc
z35hn<_>otVF(=A120x%RQ$g-4e_ZZ9cs--O`fcWU5~O;X9k~^HUP0K!tkbN(J#zw?
z{CF*jR$g5}nV?F?2dBM3@q*aNhSxNFut`Q@yZEy>_SI~y0dPa3l}<+xDzCI8^LKB~
z4{|V2`I4<e$Rz|_j(=EAz)0Y|3}xVMp_W>(WVMaiglT;7ch)x@z>jn&-8~8Hx<<N0
z1}9hpV{zDR!Hz3{Zqsl!n0~deo7rNLoR7<2zC7CRj>TpNW>mt3JKkL1ZCP1%og24I
z_y%z2sjTJr@(DS+=`=YY>IRyeiefQTN96VkU?1qFbg{5DtcT@qvCQEaj(70x6N|h^
zkSn~sL*Z{UW&>DfLsi7mYBfhn;-&eXXVJL+1?Z4RfX;M2mTRlvz_|)pg_90B9>1_*
z`iy3$b085(CS0l4=61x=Tv33p>oxx>Fw*?41!cO;QV3AUN8(%gmL3MS5&X9sd4!R>
zM_FD};gHCv-{-bCb#0h4!oJ#Gy5}`~{4qHKhMz<9ai4am#eK*(UMqN|HgF<3frVpE
zI+9QnFv)*Gm3q)}8yQr8KP@2)+oSS$%ZwP1<tM!2=;5ia#tP`7o0>^n<I-VJcs*g<
za8!s-C9%g&pTpej$1>Hkl}~q;!bgb8Z_r#9n4ioeAK&`3llfHmp;6lga`Ienb4b1A
zPE`1R((dv?aaPw$!9#aCfKVS*_E)+WYny*@_wGwY5Z$jFaIRVTCc4ilR$0cN{5uV1
zBXafl=%^b{T{p^)q>ghq*6$*<2avFM_*lF5nl4tiSu@njWf29ym+X3>&n8_cMaBa@
z&)#nF-gQV*k&`7I^qzdmK4Z<z#$rOIjedtZrhS+!513aDd3$}3OqKj~1|qY!ysv6Z
z{%tn18kLFkI5%13&M9#9R-a_*ri{7PrH-6Xc=M_0Nc~jL4ewCwP#1%}eW$fzU1pqI
znxN3v-YcAacotISR1c(5@twD;JC*}fw)ki_ilTmr6CU+e+^6n_(p!JYqL(P=2v-S(
zXLHSHU*R8}4u}+=k*Ps+r*q=>IHq(tPp<bC*7w0p!A-0`h2;0ym!fXw=64Er-}PX9
z@8-v!v9Yt}D`HOn#4TQs|Bp2{JhEn6G+{y!ePfqlK<nxx-=ddxP)NLGl3MUxg1~T!
z&?D59RZyht;7Thct!thiE((Uq|MXOvO<uzVPnV(m#KD1ue>Y_m4zbR$N6Z;$pJ#|C
z<4p*_;iaqHq^$c=yOMy1jVTa?Oqpo}9m5YqKZnm7IW$ud^EPyv#}!Thv@?Euo7ASk
zHI8?i`l92J>39?et&=z|q{SL#-TExYncp1-jv)5b`~ks8#rh6o;Y*&Lk}NDf=Z>B`
z;P4~TiG4Xoh(bk8>KlUoA?}j~kIANZja41}#V<_t`W(bpJ*MDn|HY9DALrNm8!E*F
z0AGVhhV|1oY`7|gA|#t;E9cKn4(~k5yMw3eaaNYeS4+fP$o4nyj988P&Jvp&(7_&J
z?()v`Zh$D&=9?Hv*?W5i7}jQj{Uw;(;1@laq1E|3_d1tPD?ooqGq6!I`NC4lCCTl;
z-^Oz*tl_dFfn@n<GIwcA!CW!u)k@LfSC-7yM}8nqi7Xu0%~{{&mI|mFys9&Uzd3Q|
z>Ev*&(#?U8M{1c{2NgW&<7FU@2r*($bu&3<s2xh=5nEm08-7}jZyL54Bi?LrTbTjO
z7>HnPUS#FwbL}w4bW9#{<F!K?E*mtxnkV93`yIgZ3}pAaKL9_OLZ|@~-C99mf8M5>
zMG6p9B(PvUAAW);4?efBBy(V1oOQbHLQIsI=s!eW@(DpQy$~c*`H9t<jhdWsgstj7
zj#-G{m|DMrxDQfldgsT(YQ94Fg!W49rzGYd7GkF*6a-{UFK4_cN(qaCs}r$?SJY1B
z5%Z~P4AiUp;_~u3#umqokNq>w+<vFLJb1r<OUN_0It?;h%d>FsMW&MBv*^`BE{tiT
zbn;PGyIyhpVG?m`=#WWoLT$L3CuJ)BrTj*Q=SUgf$a{>_;HLy1np66bDxjGl)S9x!
zqL!tX(J&p~k1E2>OW{BLW7yGAgeNV3snCexT?$rS72F(2yFPcZf?h0wSr*mPWZ2*<
zWq{?%pc`Huql_eYp0$UAI^g(SQ$6_0H{oG?v`M_b(+CLzPc#eZ=XdoJ7>NR(*0OBx
zat@oLt>2`F`uI6S#0#(R%$#7-F`P%c3l8>4oQ?-HM8Nm&5BWSCvTc3M2~L(Vv_-Go
zZ$J<@>#Yc%1_uL05?A~~VOghRV|W5o4bm;AdV%;^;!J3-AdhaqQ9I$LT?UQ1?avym
zi!6K`cl$rdC2@DsiEws|T)2DTUh>tEWb)X7rmlNON=`05r@9Qn-d(7<NBJ-6tD1UH
z>-8FqHncsBbw&HOEaGJpIjXy_BE}akhjS41h{9oS91m>q<abP~KOPP$mPzuY^*KG_
z7x7{YlR&U~u>oU7k`&D^p1~h11xK5;;Axj%{mwH;)`OJ+3i=7^>uZf?V5Pc>RKT|I
zrO_sl&TGW(d;KrWSF6C+9Uh^4RbgUCNbdaT7Am|j4($}nq|DS{7f{*E2Sr=hi;!Z>
zu`#+w^S<{Lr}h8LTZ<~r*z@|MuY#HI_{#`I<Ob<EnJyAP90nRDonY4|>iT~<5KRpN
zE2;MDH2lLvCXYN5=io_k>*J#Mi?|i$`@{VBI>&#MtOtZ(RAh@tYF>}mdG0syh?rRH
zH|YN&r|1=gD6VFd!t2M83xQf50h9J(AHroHR{>CjC^HDU(%IvLK^#>@4#C%In&VRb
zT_~6^dU@~=H}lUw8kif8pleocOnm<?gityd8JhIu33B}hX$iHClocxRNm7Igh`VJ$
zXgqPOVfXK%WC{qeP$A!9wtqTlBQ!4B_%Z*e0>UFw5n}&;c=P}FhX3Ds!u+Z!Y5#fm
zbHCHq2GujmApTOU<byTcTK4iIz}7#o|G3@@BE)zappjen1d!&BdSF3&&GOg9Xpl)`
yd^aI%w7}Q@^A9-)SC6F6Ui#;fv><%UTSOj5vlRQMErTbB&j%R==`u+J|Nj9IF<1ov

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/bb_menu.png b/components/engine/docs/sources/docker-hub/hub-images/bb_menu.png
new file mode 100644
index 0000000000000000000000000000000000000000..6f4a6813efc0f6c64772119655e6079e7207001c
GIT binary patch
literal 62716
zcmeFYRZv`8)UJ)Y1a}GU?(Px@7ThhkJHg%E2~KeB;O=w??(V_e8$awMdw*5u>aYLm
zoT^i`R$q)-Q`eYtz2ljqBa{@RkrD6_z`($eWo0B(z`!5~-)>bnm^X|5&8rU>7=oy!
zxVVz6xHzejlf9Xx&1Wz$8RYC#chyge*kR)x+#M6>WTceW_+Q{jr}$;Cpp+wI{gog>
zgQ?skprtU;Xw^+syTPTy$V?<L5rYDa=ix8kDGl~0OGxglMq9(5RdHUeWj+J7)))7h
z<`>P+eCAuhl%4{idR;WZ{W<bAF;9<rbkQ+}`|lud-+`lOf_HD4nL$Z|Bp_y<Is`K^
zN@WJ?Zcmx~P1}|kx|FD#=U)91$hgHRV89S0XSoD?sc?26l0VfA;IX|z{k%@0Wea6x
z!_J2<s3hC&ud%r;*`;qAN>8Kum5;AAhS$!K6Wyk?mPxr;7!8%Ln@+i5Ug!<`xkFVp
z6Kv;>W_lWwB@f1enPD)pN0o0A!6u1`cN%dC0S1@c&)e>V5_QjOkpt#YZ2l_}Dniz{
z7;Qe?a%caC*~3NMr+Z^o`sBWko8cbv<Ja{_u`D?LHTJ2J;FMan85RjARfH!eT64P=
z_g#zY#J-=N1%G^bRJ))$9?ubt&e2-8Ij&^xzy`ae(EdtP*O{UQR&NU<va?yKct#3#
z2@O`imUTrOYNManzlB7N7<GJX;|!i_%|yS?{g@kQ|FbKU_by}j^iiF^7)LmOTo#M{
zv*b>3NwJ*7$OsZj+PLZS-MiQAZeGjLp+1JJ+-{tUkbO1f{bcyy2#dB5fdI{TCR2o9
zzu8ScTrO%@Jl||<Obb^7FrN@!rDj>!ANGP^;^dGNcEVpEe2#S9u_FBFY`3UNsBw;C
z`|`5)K!T_nX}2jaO7>~@7AeluiL!tJuW&usrUwE&9@Zrffg^y41%km4nb4oz0dkEL
zEZAS>9b_sblMIBV2-J5`p@laWWL*Gv3$k(mn+f<b0i_Vg<p84#rO}P-fQaNTErJl*
zBgX>17GMb%c>WHnK(ss_`x|P8*xWk;Z8%SHQ6(Ns$N}+)_;-mS_Y+j5xO73~`Ql1~
z*W@nvt#Eol4|%W?q#Q8M;6A}<=@8RK$O~YN{)@HzgmBWm!y6JFSXr<*-OHOFnz4mY
zntE|I3C_V7LJWG7;6#4FK~73(!Vz3Zh{bDCfTO*)P9XaRQ6`xgkMfP6B}OK}@fRda
zSiVs@F7_bac9>T5rm?!wobd;i*>sb1b$Og!F0*&+0r!DL#<PH8P3lTvH+U|zuQ81M
z>V|QKI<;v4$OWTgenJ#rH{KSZgKsmgE}I=^HB=Mod~}=tQ6KUq)rChp-5TauAZm~E
zxv}^AP6R(fKjQT`lEE(OczA6n>p;}^siYJ(6sqs=;r8I3gVB09lmki?UC2V;dG_lX
z(*j}_MB8NvsT7hhWkV@&R48aO>H}0|t;qDK1gSdSCk^qLN;~0diRdd<Q{<8wP@*OZ
zD<#uVVJdzgloVT3;Qi1d;wj=OUZjFtYB!@<p5B_Rt=J*q^TCH%I*C2)Ds6kHDybsD
zI^`(Mi&8OpKFvMNfGL;S;Jx36m*S^p2<0A;o=*XVwd(m&oAtedA+nO01u4ei#+k+u
z#z9-01Im=`i2;dC=!#_`2eng_Mep&&ri(nMn(IH-^DTW|Vj+^|{`NSXbTDvDvfptH
z|C#c$&JN8E;ST;z-A@&mUKT?Ty9!=WbW(I%blerkZp--g_%c_GrT%L>ZOT2J9i4Xy
zS&CT-cuHKkyqf(i=4^JkZMotMixriXk=3Hr<1AA}%y`MTd(L>a0mtjFr?A7?)`&07
z4^}sQhk}Pm_?h^f_;~ng_-P!2oOqdbnM0X7nR^_-dJApD1}N<v?Y#zlmXwUs5mhtF
zx+vcKs_K&x#z~=Xs}+J(CZ%<n=7kD%V;FjgOgh}6O}b5=+{F~-m^GOVYLw6Ng_Luv
za=&#+cj@^3?4BT9GK>=a+EbbzncroUV^p|lLSCLwF-cdbUC2MkW76mtc_Fl|Lsc7*
zEt@DCGxYJ(!pxegVe5GPIFj|Q1r<jHXB)7fc1268Qfe-bw@=`QccJIkdwN8{D9xyB
z>{V<7h7*QQj7JP4TC`fwnzr?awGVwu{h8K!CO*JWt8J6IvEtR;hN?2gb+@h)AO1|e
z+Ewf}g|_iqlv}b#sz+8>!7z`o4wSnE7dM)=V4qpEqy5e1v5V+!SZXh7z_e`1dbZXW
z?HKY{AtDmaInE3tuG6IBW;3Bv0+T6Iw1J01{*2mk%C`2=!^p?^m_4_C+y2!B!Nuq1
zM|xB_)CB1$U~);)9{xC@et24qMuJ97Q{tWRnblc|5T8(lP>c{pr(0)*4>QQ<8RFUP
zVfAYMeD7iYQ4xv<suF%5;Tx0`lsc>sA{#t9v@29!4|q>oAPMu70fp`iHiX!dxLb$-
zJSUPK)`K%H69Y#j)v;%@nuo84I~1d_q=a~Xn@rq~sUOl&G1zk0?ovb21Cq1SA0@pc
z(<J56G#Rw&en~}ZN0Sx{Vv`VHc~Q7ImEBFP%7twoZy{`-GO_EX)*UZ7HSClPk5|VV
z^k_NK5fhLQt-pJX!00X8k*~fsXmQ_xnonvAdraILq~D9V&;xybN`OiW{vJFjk=Cyl
zVIo^CizT}ap(xt0;riX+GT>KPa(r?jEqmEy*{Ef3J*a+KjM6BwmR^rtkh+7pkE4)9
zy!EH$?5P??fyiWnJdLxKSzCJSi~NmDG{slSAT7i?tM6;((w}pGDvzM;UjNGcWj9PT
zbT#zo%W1~x?rPrY_7eKk!+C0rQWY{+t-IW!;I7xxx_Q%i6lY6nE3<e$EHxbSnPA;6
za&1OAPr0_!(4y{acTlWFOnI||aZCrrX21r^=492ZuF7gTjZA;?#&~!ua!ZkNCGluo
z%SYpWb>ueqq@(Dz=+S+{4bFXK^`P}iGs9R*e{rIEL$7LQ<g(zhsZHa!Q{70%(Gb-#
z&NQx`t@L}xhZ-yC*^<L=hXMF;nY$f_UQH+2OTgv%u60|#Y48}x0azhoOu}}*A9qUD
zRid^7Mk||@ed9+3hpk=aeg=LLCo&fa<I*A0MZn%T*IE9VdG1o~WUk(r#6iHeBhdbN
z<3`*IqvAk`y|4uY#q*x`Vhac&Im<y3SoDnaDL<fo&b@7%(2ms3pIe!WX#B=y=_T*A
ze&9cyO*BTtDE#%+`#SnIBeU+Ox!icd7*^I--duOzOR>R_i>L^kFg^_zq1O6eQ`yzE
z)oa56X*K#6Ely?29gk0HX%*(xyn6gT**+a7q0cdM#BDjL2FJdZ2MuSo9S06|&#Bv0
zv7OL9dk=b#%xkx;K0C3m*#wYLFb}6ponEi{D}o0;YtNIgWvKeXBVTx)EuKw|w+pBd
z6zOuxg{z)tLGxy19oNTs^M>Pf;pTCn&Em|jDfcysebD1&<MdMXQisx2(&N$h(W_qo
z*8}In(P`7$AzidDjdv-N6}i6dj~(X5L;dI0lSdiCAJ$4cc^~F(ZTC#~e@(kvo)wow
zu2pmj-v&JAKbl+v6Aq3QL5eB4F~aWN@K2W>RJLZj>vzFdk8FHezHgcm-a$so84L`Y
z@}C=AR)yjm3`_(}Rzg(O1N^uH-a~iKGv|3kXaO7o3MU>)G?ITnFN#vRjZDkQM$64~
zSYb=T@l)H!W8Jjnndh&!R$uEC3X7lp%q_FNx!DXi7HB54%cfTP)X_MW$V4JGV?co$
z0}XF8UOmSRyTMt+A^QEHzU?LDW$-$WHLaL4`HXw6-+2jZ&|rQLmxPiK`Fl|%_<Nxr
zsn3#;Lj1ip-o<ZBpo;$ch~X5xN7SqsT?(DLTDkPU)(tichc@bY7-h^JBjfEK3FPtn
z%_ChXoYa47kt8)VHkmAtOqZWzZE-4wd#4%#7w-T2>b|Dlpqrz^(&8?DjT0q*2afi3
zfi}?7<&Q#@86)Ke=rWIEwF&6{>(O+Qzb@VMRcG1!UlU6eoQ#8f#d6VD<iAx?koK?&
zo_+no__zJ(NPj3`eXHJK<=<xI6(P_G|6e8l$IMAnddEj<jBx5t;%coc`k?lEj*s{k
znuG^E?0UpGdqeJPN@_Ax#y`sN9XvPgJjZh5ADOZx1ab(=bE*5buX?tB3ew*BL_W(#
z^R1^uk|&rlR~5F;ZQqa^a8H+Ej?0mzd?3#ri>4!v>)X5P+c8@v%;jDWY0<;=7Or-@
z%rqraVA4wTq+@XSF}U?1&epq36+Hs#-oYkgb6{v5wrd?aZ5Ww((J8&~r|Ao^6lXEy
zAJ_YoDKZHq&6m=>s5icK(4;`V<4!&>RQde?d&O_q3CgF%m@G!(7}NJ5u1n-m1i{iB
zf?eGY_s*crzkqzaQqsFj0_ri>3!*0bG%QYxJR>sSboa*Nywer#d(~#hR{kScj`tIm
zix&@CU~bZE^Ufy{;HA~0!1r%xNBof_ujjlj#UP)|J!&h5$C6X=p_kn4gX}$?e3b<X
zNX`3ASclcXDZ<S}F$R3ey|TMn*CP}{p}E)>&Es~5O;cU%Re!9b>VX>q?0h=hJi{Sj
zsiRrYpyeL0_VECCp>7?1++G~Pq%SW_DWK^%|C~PmK$f%U8gQZ9EJ^mv190bFTdYGY
zS!zX#%EsYla;G)pWCS*Fulav=rb9dT3VmS7=n9KMRWbjw%;h;D1~3SRDEQ)tx)18I
zl3{Y2eQXuCPbg!WjYRR<#p{glha7NXb9rLMWTMR=Ngk}kVqHnism3=Yz~AvjYq)W3
z+ko2D`sZKR+}3N+znVcyM}*gphd2|RSP%)U@7Qh!FNRjwr6az|D2wOMINQ*pWC;Yx
ztWbU8_AbK2#U$=9k1aT{LER#Z1L8=i83c>b(etRl-DP*n#l61crwKNWph)EC$;ypo
z7Y~>E3fQ^FSh$fAwEMC#@36Y19X%y8R<=!I&W1M_Ar72eGI{<f>Xy*Nl^VIm@>7S2
zMM&HIVf?sHSojtx)_KKI+d)c4rGV#RZJEc}lp9}tB{puY1G`}-<1rzpe!Wi;rldyl
z_l{dk5ip7Rgt1SBe4GVR!9>mI()@;M|8)G>MS82x`sUjvz5sCLT{YrJs#&W2dKXc)
zizh``_2w_aBVe^HHP2*RmZjwuD#zAR2o=(lf<dB-eb&+qQ!geoxf~lFFo8(ga#n_K
zuh=q$MyHwhD$q{<tQgVALEx5epNW-3j$<a!yz?2ik@##-WJVVQ53t#+*zS_=!LIli
z+eS$&S$f8y@42OXEWi$SH5JY9HvVFmX-9EwyIK`%b}!Vd`GgZ>eZ$lE_H8+876&u_
zm(4cefz4`P1VH6-=;?cN8!a5P`^y)JzW0R7&xD=#Rpt(Cm_+D$Nf%zYLmzYhP62E{
z0YYqoI9J`5W?Sl<Wk>8u@4Dk3h?m|9gR~5dS*A!m4gf<8y`vmki}48PA^lS`@7}2x
zxh&arUa5JJ0&8KETP0OfMJIhcuLPdhRqDce1=CKJo?6pBH5X;faMVr9G7H=`zgxwH
z<vC#vrYH?s+KS$-SptX0nw40BIR<Gxtq2ok!2K%KtxPE*v(OdQDpMcOn9<-Tk6;cu
zM^!t*M-9D@fhZi43$-YK#Sqy{ipLmGRY?_OwQDq#IM5uqzU+xefMcZpdE<$9E+D@b
zl<5HL`=ZEP&><}EXlfNQ)w3;asYRr2(+u9U?!(VjsUKecom4V|oexMfGylSr^K{@F
zY|=+-UcoeY_FgAV|L@G;1QfKWA|Ue*fueRbawM-J$BjKlE$*cAkFvJ0pB5jO+-@cU
zSuSZ;JEI7D_<>^S9V>B0Mr6@fG#OpkQSEKD!XJj=a$7Kl^pAxcu&u53$m3lrSa6*-
z&h4@|k3u<r9JTjIYIfxX1F-L@KaN#~=PX9zpxpinM;0!}uI{52@`c5xgE()s<TYIV
zN=~%!Qb=;XqR>y%Jaz1Rd`!%7w;JsV9vOJN!R(ktRjIyu1D3j@8LkpR6DxFg=i%)Y
zHeDPRP*HLE<=q_<<FJtgxG1=bhejjhp26tURLh;@@fm!QCrs-whREvW@<mx(wX|(F
zgt_I=k_*x4K5wM?%Y|&amm3)T?fdNLg1vJ&k0ujdu9?{SHq)i_iL*^_?i+>Q0>m&A
z4L9?Os%kxJp<r{`<CeFTqX3%f0wP97>DOkJ&cUe+k9j&`_g)hgTE@_bx<&iloDh(R
ztsNor<+%>vCdsJ>mf`#f6U)5uL^QlY<NLr0E$o4UEK(-7ZoQQ%gH~7u68fmH-c)N3
ze2eF@x<p-tHjPRkC;j;W?3vhhv=fvKC(_Y{Qvq{TDRA)dtmo;{DH%#mNm&rmd3Q8q
z_#vJ=kI5%1n&)E43hnh?xRJj%ItWuwu5avppIDSxVgz`5+fFz}(w0NPPO-~e1L!8s
zuJ`y-r5fpyZ~N*#h^9s-&`bD^m4WU8HIiD#XC{n$osY|=K_#{6iZ5WjulCFJA9-e|
zjh61+BT9H+inJQ$8;}-v*BdcRh(V@JiC$8BVkitPI#_vjHQG-^(m~{!#X=-1VlCeO
znSSjgGA_$x(~QMxI<#Tz5V?d`8x7s(Y*Pe>k$B8hcq)5qYibtV=IwJZkJ;PnKX1y7
zLWqnEt+eE{JkVq}$k3`N#cyO`NvjiT;03w@ZKZVu3WJ{gLdFHJ9V@f-61T_F7kGfd
zY#OV&=Yg1sfI6NfTRCrb>MwY8fWtX!B|Usx#$H_)@)U-_n<KL+pA;jro`UC+ShB<$
z<sHkjDPL4ix~cd7$ijC4mg0F6BihN}9x#y9CyqjB5r*^Q`V!JS=8O9w+WG1GzGp;P
zk<OQOS1a}SGu8b|lGXq#l-%#xIdy9uiZ2_=&T%s}-QU@Aj!H2iLnPq5ZtG2<<b~Wn
zEUGYk%@7ne*u$m3v+WxShmK#mtN+$a5AeP~YE>RvmQbnB>MvkrdcQ+bh4&JPkPORM
z9k_SShv-X0he5QbBst)jq#*gum?V4C(c8|QH*+`Tiqr4eZY@pg<4x>WN@o~7dZTKq
zA?JtSx8WR4{~gYOxZ#vBkH8vf5VJ;}&pfdUYb@D73hHK#kB8Y2mA7}{UcvZEga=&P
z`bZ@)YZh@U3Vuxoen296rT%(wllGd45bB`5X^^zNUbtuK2whmmyhcca#=OxPK?yAv
z4LWFMbubG(|0~W!W<qz*Dm9G|TT<6oyLc^)8c{6CDd?!G+M$ubppqhsMV@u5Oylj5
z+uRM>U2@hV;E!Htl63dynk{mI-KoT_0>exYk8~qz!Z;Jbx)QWqGbD04M&3CtAJ-Og
zip)@!RC4PbsqrLRkWG6Z?&9;;g)<|GiU*qC@|$H84l_%dN&sa}w{u@=r4E1+AnM!(
z&5`5%tVPH(i~1T4Z>j0E`?9|jrkCAFINiC4u69RQX`nR}F&tCAL%<rQIH$13xZ%X&
zk(_C)2|y~onyVDmnwv7dxh3getHv$3m|pOSu3&*#<<z&wo2xE@<H=<))zmY2Hk4Co
zQzVoGws2($`Fxo%Ac*58Im;go1dHSt1Kir$?8Qvvk*mYTR0myB*t#1l6`Rg}xaIWf
zk?=)b<h!Q((|ucb9_L%r8=+X0k#%p9%n#{C(^RA|NQ1r97f*5PBGh`6A(2|}vFw^0
zrU&(P)RWNYd~4CqUU&Q$Zgvw=J#S7|p~?&_&#e5~zd|>n-Fk%d5O*p{z(^b`1-P<O
zH_>WnI#2R$B$1uJ7vcpnq#c|a-&5-b1ysf2P*O987Qv41645U4gmDY!E4rxcL<1|u
z_L{HLtG|ggTz2-45%+-^gq^Ad7|a&E5F>C_ZU51x(_!7=z{M@M6{;E$OUTpv^AA~|
zNv7a^ZP^lC-2H<Boxnx@#g%(b^2J8mB60r4vs1GP3pWIlf*O#lz;hopOl~19;dcO$
zTLy+eYe-KaL53%Xc?)gVCFm#M%c?;8l{fn;4p#ux#CLndH6AY~3(8Q+I;)jt{30CZ
zl3G{yJZ$IYFd6e?pFP~fG9f~X)1D773feHrItMCUE|l2pX(2@r&TT3@&LEc7(dQ(h
zf-CJ6N0f>$5G1;oszKTj4N4Z@yc`M`ql>U~BiN>_jLauKOi%hUQPXB}j$L2fvK8nq
zy*U}>zfQ&okLiKUxTdLl3Ra%_jKIas*3n|JoA)^gqd_*JoeL#0OzCQwM@%$<-%@L<
zvKiWl&(EcyHufqci5nxhBb)lFv_<Vuy;_`7GKAeA6S4S8@Yv>*eW06ezxrad`vHr+
zWrck_`b#HTXW_>ANcVRss&@P=AI7MI&G|KnaWJg#?4Hlx8Y)ivYXm{o9_Kx<8DF<e
zK<BN8Jpld^o>u^c<^bW|eJ1tgm@(I`p|8SLEk%`l+uBCrZo;B*wpsHp&pfOy?<0l*
zBPoTJ{X@F!`S9-$%Ej9+g7T(3t?GY1bU)vvyYv{5-@wQLF36h-=Po&QO%=HBeyml6
zjqS~CY&WLyk_7e$_<=LU5qT3f1*_?Kvd6KxOW&*5*whB=2CXo<1seB3#eIwq;60k`
zfBy8{05vD&Zh$R;X{~l;v5bq{5Ix-Gco5aM5t3+R<NzvvO439f1E-4MLW%x1*RWE?
zOlw#vn-(EuE7rO65WeHWgWmC`{2{-nXOPq7__M&p)cb2?Ro=$|rQ?huniY2x9lz^w
zo*CeF>`UFuo^Pe*x=est`mTpBDh7Tu6ZY?5Kb;MVYPQJ9H`xxVLVc6`tNXUsIEiF>
zb<9%;hRdthf*aq@krX$WfzTQVZUNBOW&mKtm|+|ThHjA0-Ki_iATLUB-E7G{P#P84
z@OHM3J#Gmh?ekIQ`DH{$ec~^5<A}O;&3a4tAW7!$e3Z-Im&2x@xlOKCIy?fj6l@Dy
zG1+YzPkd0;H-2WsaNG1wwO}1DYY{HIGOgJPjS^|pVK^0|<D|9piw%&NH%4K2Hb@vF
z+I7Ms^XGO?`YvO}+7)Wzj@k<cbn&(#aj$$QzN+xvx8?OW=xju0?0}TNOaX9ZxKi^t
zW7utUT(*We6R(v3UWh{tiWL7Y)HIPz-~?IR&<>+$U#J)0dn<+c-oj?gH_KI?23y!K
z`wBw>EM6AbnxU?UM@stI0SLQwxDOQ!;x}2Y&329UKb$t9;_M1be+*F_){D?f?ObxE
zODeN^cdzV^a-$Mdm*bb4c*I@$T|&_VE&?9YMU#g*2@&O}s@zKp@$7}JpgJF`?6(0W
zIfIQp(rEY_#*>w<L3<BR;4`YAW*0Z~!Hll9ZGjK0?{uRdPxWIXRhZbv(jDU?r6>A0
zuDU$79zkLDKCp@ois=}un7Wt*ZZ*28P?ZHJ?kj#6bb&bY0F!&c=(=q_y+1CDfPpLY
zs!&_VG=E;QBx(;-s(MM(Uh!F%D!wO<F8Sfh&SOc9u7`vz$j-n$sJlB@YQ%TqJ#Y)J
z<tE6jJ*-U)6C{1d_SM2Ic3fAwDboEt7suyq88&Ig&caGdB799hUq!{2LhL)`-dX0{
zhnuzuRpmjKUENjV61Fi4w7tY-i(~**29aqMrSr0f4|sCQcyGg<U~rsYDWTUb>*;%H
zSQ*E`47~Xtuh{q@TJe|IgR3(&FK|M40MyS@8A<kL9`$6bp@Vq2&?jceFeZlSyWYDh
z-oLng363%(Ij!k47tY?>kGm-S6{hGvgp&+<4Q+Ch4AqDNDV3WKP%jqr33_@ke=R=f
z3MF&c4X)D1Z7kmL5q@ev5!1%5h0mpz>8-Mm^V~#*x}TA^7RiG-n&)J(b<2;Kj4B_P
z&o8^g9ergr#|j62?H`)+t*jvFBq(n|NVU<9m`dW`BzCFrc-ql)JTZ<;m~0(37JsTQ
zhYEUjxT0Mf{AA2ZE^cDfwP)8a-qnRE?ba2+sB@cF6z5Y*S&MgtROh@DiOT)cd~}a4
z_2WW)Iebbb`Qqd0x0q>pbmHRoP3dViUGz?mf(x%vG2=V*qR*Gh=jXjU3olV=7sEc(
z*)BT@FYz`+m?~x`TE5R!%|6>Is;LX7fDC5pCof!xZ0Kr@KQit>z8ecci|l9%b2)hA
z>0Y54UcuW=o7CI0KqAR8YO?lffoa^Cm5I!7xq}U*ZxPeh0Xp(yq<$;u_ax01eYPgp
z>F{OBj6+QlNSx<;rVj%d=TT8=&WCpsm+{i}JRgfJs=_~sEF8??EN9Pt4~k{L7RlJK
zidC&A$?otW4ASdnb@WTQ{9v~~h(&-cVb%77?{gwBgKQl{x{i43CBI!q`NMHdqg9pf
z%LK4~hY4n&c!~+?V5_{MJnv>uj!CO+(3212MKG)8!`UBlTFm=T5NkPBK(pGk(}pK#
zGKc&~|DoYi0Xl}27Ql>%jehXa()$y{cfR-kXo|B>5R%Si?TYu&UYcinvOMH@Ytjf-
zEAARNe`tv=UBF}yVw!eRHOB89^0)MbfTG|*@SimLJ%exNfGxE64H{y(S&F}qlT69q
zA4(dWg^%GsgTNc*955-%{EzP<ywO}5FsZOV5$2mYQd%Ui(1SrO>0cfz0{&J8x_iI&
zKf}cvUd4<nvO@p2FEk==Wx#NW{%qfGoueTJhmYL?sDAvjqrLq?|5FC6u<t*^06A%o
zvOsFN?C*u~20!w^-pW82x@i7q@OT?wBv6Gj;t$33hr=X&D+3md67`=U&YwG50jGxR
zf5uD-;R)yQ`0#K^IQRbFnfcuzt^d8QJly{u%|S_DXqHp`TXDeu?eAcNQD04?u~?HK
z)P?WFrFX}v=j_g45v9!azY)HNI79r0;eTC!qAHjyWv>+>^$#QQ)hsaC=Q@h{>l3<K
zzn@A)#vst@F_Nj9i=~g!sQT|U;ero1?7RPWg1~a{_F}1s0Qmp7@$bvSpjowe&sLs1
zMV@?2_=R6p*L%;cZDS`FXp$@BPnj*oCfkG?cFKnG^a<^Ef%LVvDyqAm<tP(zarb+A
zh)z7}c%!QzsraTGE^_H|5fQB*o82st)fuY9W7Z+pVP!qy#S03dnY)O@q9Y5fE^KtW
z>LUxb5msn8X@9Q{C5|^YmlWqsjkK7A13H>ov%l=+u!v1!qSGqWW@*-;Uc6_j=jD&@
zzMY1I>zs^?(-lN)vMHC=i!f(EmVb4o;StOB0f}CL_0r<tPsYV)sQvuO`g~R?^)~Et
zaB3D?DB$&YT~7)}zFqt6wWIf$3q(hdFQzcbYLGtnq0cQ`u9#O=0Y!os!%&w4!fX8r
zlJ6RyzwrGJv5|+oa1`w?DwxDG#xiZiql(v%FJ0)!2LG%RCV4~cr}d}jcyn^J1E94c
zai9A##=g0C;P8pm=LnMAmkD_rUG=aj(I#28l`s?7@hw;#aUQ;SiR9C?>S;mHtG?a9
zt22-=`Eh-(6FSt|V;BOYq=v*w<zSt4Vk9se;@AK1S85(&q_YKXi(yAw=9-hINF3!P
zfqc!U&<O0bIa3)*2hUdPz-~mD+gn)iU#u!ulmh&^3J{qE9U)#9dOT1gV@*b*?=*E|
zmeZ1ZbdGU905dnzF+fo}^weJvb%_*ZOH?vQ74@w%^qE_lS7^R2hp&I3IhomePmh>4
zsuMYJ)_!xC_uJV-CgJ7bdoFxy4KX{}E&B^rJse?8xb~R<hA}@|t-SC1VoI5BraW0%
zn+1uJ)5g1rNTN3T@5VM#WFlop(LIi5u`8{0qaXYUA~d0%qrm~HbVWs?ER7s~`S14O
zC9{SIz=g}7Tbi;i$N>}&U%V#Q@Ws;Yh#!Fl`k{-+v!&-)aGD<}HK{)h)t!7-5l#fW
z8_U|4vL`I9q?3Lg`2bpVq?X!Ad;qG^ZI;fWCMPG8HUTq4W1H4p%#kH{J27>Mh3S6y
ze4C_5k;!Auvcw1=<&6=56d$1ldiVwYn2osKJSzP&&eZPx*EI94mgt)4wLr)B>PQm%
z-=cmEI8gD-D1JWA(Ai~&<LFx8F~ACu_$(;oD9*j+>k9UaNuS^#jN(eEEJz;cPAnX5
z?^Y6Dz|(S*DdlY@&Y8s$e}y%nnINWd_1^m?1YBFzKQi)z_enmL>Z0j~3OPS_etn-#
zEX8_CG*&<Y*L~kC+o>}gNMVzFeq>NjV_ZU#RC=^_Y|Ug8)VBv?_;9esxnr?B8^?G-
zQOa$xY9Sr}xUjMpw`mS(W7hus=t8br!hR!-$I*IN&I_74xq&ks<=Z}OiioKL9ZBl|
zq98`4CvRrQE4vGv#^V>{rUPA`c6>l*uo&UBqf<W-o({yLl#(Dh@Q#2{aYTc{w<`6Z
zcF=sTW<)~+CeuBp$*JIk*PksUta~5G6F^HBzyS>uvBq@lEav6Ex26Z!HM-j<0_{+(
zQfIfsy_2~<r*B|9<n(nQ6<?dYcyk+P(Rjgbd3dh#UJr~ev9>RKdfXIzi&$(W?tQki
zoS<w&<*6M{L99;)+l-*KGM-jmG-_I|6&s)~Ep6j;-<Q{eQS7I^Tw-ajU{UHtu>_;j
zqyUS=J&N-__b=y8JOS_0mMB0tM*I=}sB+8=el9@MBUC^PoLY<)UzU^Xvl%g}Jzi=n
zE~>b-f^ZcstfF+!dz2JYx@bt?_7hWtQZOr52c$*JZv8NE|06%3A*_9L3G=R?am6-=
z8teDK16a}HH*m>I<pdd1V)KiVE|9Z01+((8$7#eD(@CQA&hM>ijks!dvcK~!eX)?<
zxMA1OFcB)G)f2!yIRQ=*S0Cce$+kL??VVrZDWpF24wu~M%+0Zuz`i@+kFpnD4ibN_
zu#btqLn$QSVj}o*&91RIF1+Z!u1Dx_8PIRhz~fp@u<rYuWde?;E-0+&XIvlMywK93
zCc4729EbN=f2Gq1d$+2prT*nJBOW=y_BX$>=i6pEK*5kWtK_8AW>ZzmwC5;?Xg=m?
z?=4FgfhremYjkXOJ`LWJ&G6?3#p_M~2&u^LEioyjCc;JBQmYh1zr{}=RB^Cek>S}I
ztU-F4g?}~l*DO5Lh{Nv}f_QDZ#4~D3ob_T3z1BkW(g{k6cQQn$)%;;5j9E062OcH{
zIO_9rWbw!h8!bMgdLC(Y7Lj7qBHTSwRtgC&vRS@uL~RxgG7di(=#e*2g*qWB%*?hp
zbq^3`*7Tz8+fX;VI(WOAqcPn`EP!Q4hqcXH?F3|A*6l7CEA?NPe6K?Jn9f`$PcQ<S
z+A#yZ<vt(by1ydOZg6~x(|76`)=lrICw%c)jUD(kao~Hc{87`7h}ALDI54-)EsJ8^
zo_{K8ITKg7*I8u<Dwa5!N6W|u)3b>ww<jHMDCXE+q~;$5#exkH^71N_Y7KOag$^}y
zcWJmINfv_zU&YOsY~{Te&sP2bIRK)nSgA`w6H2J#YvK-1(MaRL$o&|<jOtoI{TM!W
zmUIDkd$LP0WTLN-$X!!r@~#wdNCI_DKm-So9<be{D@;OvNW)bbrz&}?bY^6D5IB2v
z4zDodi^E76f$K(cLb4mWVab5Wwgz_EW<*7Y7mjD>{Xq?jktZv<BW<QjOjz1^UOsRA
zxTMAx#_r~;btHDK3>39j87EI5=Bju}COZ>z8)LEPPntOtqBB<s`25-v1shBDqwpfF
zJCmXI?gd?A6!Pak83o;Ny4Z-oM=z|OA$~Gk0p__`+3ce;tZRwR5iQV_3&i9pQDz(B
zYvAo7^b!o{z4|bIb7RiVY~N(|E&J-SR83qmpjz0riwCe2graaYnzDY$TPIbmK81p9
zbB?)ABN#WJV0XG-MT^8E-<htwJIjjQSW8Lib23gJD7I3^GgJQYOaFAnDdL%66X&N(
z_=pO|anrg^L<};MfP4D35g2gHq@($Z6qdaLvs**@P54&XNZiM8Be`(0n3D!6e{B**
zRTp~OA~;z``G)AA43p|g2KtUaxe3t`-Jj72&yLh+a0ZT@)SVYBchPw#(50+ATQI^L
zC*@!jH^iGijj*X07zDBb#l((+YOtF)vU@6EX?W7JuSW%mntjI@pzuf+8*6Z=Jx2nC
z4|g?8>}1Un<)@2`vC-+VT^>#h2nP!9%@m2{*bJv{*;!*SOxLBcON6l+1vvbm)26x-
zY)yp~>(^5sP1i0}Ko(^Y6NgtzlXe2ljS#0ygZ2*b*b{B70PLnh<mELvhpT3&*ev|+
z@0650UNqYZ7vE#Q)|B&}HU4x{`0bpe5IB@dKSF&b5nX#1;F@)XSU5xK3VNam^fvdE
z9JVyAWT^Uheo#AL5OLMavz$TiNtI~U?mkttT=qw>=cV&5MQ}w%OBA5Cp$^<rpu$A7
zI-boo)H|J%MTS~<!2v;;)~*2Gm<JOtE?L+EYxwhs&hc!of%}|K%a{z?rv~|%3oY<>
zU(Y}6shMDGdh)z@=)mpaVlMm8K@48=@n2P&8#fdWP>z{-V(UKaqD5jbg{``;Fp#>%
z;?U!$^MJR9w3h!xruXn~ZYTXxEQ~8Hh*YlI&H=ZcQCnwPpR#*j`0NZQH**2or6C*f
zM6<OXaOSws8ADv=bPM|EvFI=PzyWb{12UCG?Zl8{EoJ>lnG3I);<7<I_@&<h#C(@#
zxVqAl4yn)zUY)45PuxvBNCj#a@_rf9((E=6or+k)orJW)WUgV2lJVyi$nsbHL}kLb
zePWRRC2G=s?&M~y+x4d8Vwbj6T17c)A6Mi65N_h><kg`mqacqMnsWNC5gn9~YUkpH
zyzx1*ndk9cCH<Z+7j{bl*>ADSqW>m#w<)>SuI?rDI&1NV*P{*jsR1;QW`0lV^w?`-
zKFaB=*J6~!F($xNeQib_QK!r+uRu*!GQ-Jj`o8i8Ob+|dZ28PC?=uD~fsWYa?y10<
ztv4w#sELGC9W}b<5(QaiT`K<Rb0>u<Qfjp1<S_Cth#r3o!=JqK#xy{+!PPFYhBue1
zod1X@IeiH>U=Td){b`}|k>SJg$kMhLd|ktsnHUF2IRH?A#h)HV&h>6kM~586kJ-6k
zrQHLD?uY81BqhTqsPE3>pqd#h6AHtg@VawAv9rfn2kxDU?B;48(taiKR!+k#&1dX!
zLS7b4YHBa4JgYS)+;xF$<6Ai|KKJcIHP`e3S=Kx6WvFUjSx)u#kD}s^wR?vAYlQ-U
z%02KoAJ|pe7CD|(UlKE?v3g7PF`ke#cQ>P<7<T1E`VXLNTdupq?NN{ryLIux;8Ke7
zMU7o%M3luhW%<G7E@i9*aJp>xyXDl}bdU*3%;y{$H<pRpQE?xKN!P?(P%3k&SXqnC
zyZ!>0-Q&DmN--ftB64cC_agZKJ4ebYxw-d$Kl2yp6WdE35qiD%OhVbrokig84ql#L
z=L-Q)FZWg3prbv-JWk9#bhSY^rSJs<vN1uyR=)EGcCQOzHx$#<R;S*oQieYBnhHtT
zxoox>RBfT3W?Qkmx(`EbmaeAgK~vC5TCv3l3Uj=B5BuuPws>i^DppHYG45-&J<NDA
zydr7Qw($1gon~6RgQL5h^8<pPG&3mgwAcI9m<pGO%RvzKgVSANvko?r2i!-r`8q|t
zx{_Qk(G@>+RS9URY`mFXW*N*JXbncw`+j{J@wPI_qyK5_gXpRZ{6ij?WJIuI5w~dP
z((0X(XEwI)ZjJB8TOFMIza}|SdF>g(-Vz@THXwi2<eiT~$G;oTirxTLIojzDM&zg?
zc(v9rAZ{VvIZbmRq<Rl*p{DANn(CB1(3-Kea4?9@c35YS1l6<*3`k#l&X4sk^;LO<
zWk|u&Fm>J>8y)LuMl5Sw(F$|=2eq}H<9^Dy)7D27x=EW;H6A_g;fZ%_RjoX^xMpsu
zX*r`_IqUhkl7r5m^((B2e(M(*ARMV_IPMMi^cd>Kx+_p}wLF~DQHBlFq`%YZDuvnc
zR{ImMHvbb|rVZLYX|S4D475vm-w1IN`!y2ShcqkW=GHzoqYe#AdtEF6<XMb=sw*j3
zXnKd_Qbm3Lj{dYJjcqc^aN4C(sur1e>FL@$i_trsMX{YF@jTK2h+X8A4kMhnRAxo&
za&?D-zcoR<L&Y=1uAN75pPZUJ5$K_|bYumXu##epNIcY>>4zUebYgP(T(DKYAlICF
zKMx!<VKjaJhS|X1;#D~?s1$d9_(4goIU|3fYAYiEnH^8pN=tXBC$&$%sXdZcW{_=R
z^Ld{7kN89iD1b+iJN>*1@}@K}n_MwzIjfuBBOdngqg`*~vA%B!I>2H^5~%#z1%~?i
zMbLLg1TklQa*raziOY>ZVy|d?V0@OynI5v)%S4ci(Kt)`-1ut;Yfy0)3^$|wz!B`0
z!uOgKMC%EWo<#S^Z=f<;oBlJuVsxFisI`zf13GmJXqW5S*LOr`3E$!?i!9`30%?}Y
zR{S0@4oh1%bRfrL--^b>H!f<tZ+m||<S<vJE9~Jcw5u4~J>_mQH-l+y>r-{E0jG^0
z0U}ejqOytteRvpCO5%4XhTZals5tiJ@V}`SQs@p1_4U6r;K|3^yUj76)}MB{vuAcf
z6zZJ62U6sMrH`CJ27nR!f;P+E^TB`@;R&PdQIHrrnE9c8veu~u+X-l*@K>Qar7>9v
z%MF0ZaU5}?J>~Az{8W<eYHT5Q*TW^<<q!fhN}FJTn@#i_zPzLp$!;L~Zik&tY4G-$
zT$fFOs8Oe~MF&(9wvKwT&ej@WBt5v&6*cD<@l1ReQ`Mc1WqzJ!58l!e(BPJNvMRQ%
zC>4+(I}~oXnqPh`^@l#oLq(cxHfvhr)Un9l-r*dr@4T!f8ap1LMds0|YM4^lm!RGT
z`>n;XRNJ*!rsT026NUta_7;z5#HzqZ^6etGJsA72AOb0IqyKA~%mh2_YB(qiWv?BO
zo^SyeY0<R*v!bQYXd*-UtVSD@qOEoiNPd_rxAf|%T>S-r=K*9&9EiXH222u~a{Pa@
zFvGi9AjARweX)l@|I)@c>X-0FG0}|5>Hb7|Z=mz(4gOp@Pb&XsAbSgfXvpN%DE|eW
z@wsnhe3|(EoY=l8W+jP#@J?`9`G4f|5+i=&$GD{Q|Bz3aH;Ng~qL%V+(;~iaW$s({
z{{-Z3%uxgl{*7Xy6_@`<K7S~R1d<Em5MljGvS`TOC?;92s@i{`^Zu>Ouf2l8{|u6E
z$*9T_>E$2(1)ZeAZ)KizT~z-y<c0r3KH)y8{YO53QIqy0<VMB*O=$i9I4S3?y47Ur
zCI2&K2}2HW4L?7>FV{vyfA*!{!PFZ#4*B1iZ{+6x)mXU6Lrt%_*o7~~lr2J)4%*A!
zZ-Az8x$3!P)y_kJc+ZFRP>txnH!?u(pamr@KrAgS4eNHg5`jUjkXKbzRT@~>*-4Cu
z&CuQIdZeVIgP1$6At3fY#M-bIN;hArl&3fpLJtoYx7)g=BeY7Vi3~f67aOI{39~NU
zweRK0SD4FoDR}fNcVT^fefq~zrvJPa{$0B2KWG&IBzCUEH`{3@9H=BPI{{sn2s2JP
z^7>aG|9un}GC<b3EWO)fCq*MP0=Z7iqeCBv&l=hpbN|)|1v)(Ni}6Y3^59bE)foSd
zJ|4Sd_Mc1(QivpJLlvkn=-?cFcNBiNW0AS<M&Q}l){fI3xsArMcuOlQvmE?O8m5<*
zqu9;IHg4t(+>ON<SZ0^%8ySmDZjTo+?94CEE6o1(1Z4Ow{Vk<C>7`n)?Olu%QKZ=-
z3*cfx95uhSbqV0G@H5dk*^ni?wUuuqSC~W?)Pw49d#nYVGP2bnF&oP|&{T_@Og;Pq
zecyiHzKThSVST!UyK_Ha!ZHa4Ab3C8V0s;t!{by;A2xDTGSZVjI#_zR{Lh+Xg_F<R
zu&}o$K_@iZtQAqffJsuTjM2S|fR9}fl2>ml*Z6l8ZEQhN4HOxVnpF`jGQE*F({+WP
z6<T~!gCWt!ecw2|;ZwA`65(GQMV%u38krUa<n3O7N5un!M^cW23TYF(dVjR?+Z>7*
zPC)@Fu5Sv|u<4n86(H*!!k1C>PWoo8xFamz-59#-ATc62ALMV9UV7HnQu!l)RMYG*
z6WX1FLc9JL34W;JRde)r-`PlnZ?Ay@QhsVC#3|mguonvN@;D@P3rh;0`q|@0L?6bv
zjw8DvPZQdt^MK}2g2i2#8MfY0fu=^;Dw(!@Tl&W(0){B_7HypF&8!ru(fC~947|Q0
zKR&kDq)B%Wb3=fe$?Oo7ZtQhJ#mf}GE2$`A&gzwGQz&4Df7<l<NOLzl<;ZK7wDjjK
zr2lgylmv7u-8B^mW>jq2H2l#YiuhTS`BY07@y<3q4o?l7TA!Q<dGl9KA*dv+6;LD`
zV8IYT^r*N!@R{B5?DE5)8<JWH_utjTasp?8|Mgl&szUM?q5i)7dnugA^}T_;(>DCv
zHWT>WaXN9{fiU>^%W^t~<yw4$m+X+{h8alaLMamf#oE$(NV8<xF1@_B8F=a5D?(P<
z*-`=Fu;puD+v{%D-nD!5^GIx5YVHUw&_hpou=vBDX^oV9Q;)_|BN{kq`4ZY*4*mu2
zhtz0#M0oAARYFu=_bGer;&4)Ckv%qw**&fXz=J()uZHXfy+*|0oyPXQ5k-|utgi+%
z)(OH59C*okZq(3-i<=1k#PdHKH$j&jDBLFqcT|hU>6sD<$WxtLCMoa=3xZEApxfZ>
zGN!^3SM*Efe^#MLxsQ*&*;Kvay&jw{tt=Zn=4Ds<aKZ7-xGL8LE#wQ|<m6mbPN~`l
zM8(fohXhv2q8bTt)kTvbWru~d*GnJ;XK#26d`l2Leb$9qyxz-^)ciN{KePHNs2dA|
zFcp4AB}wtyLV2<XDN6z!)vNXq`6^W%Xento>5D+1_^PZbyKmnaUI%D)=hjf)gwrlt
z)=_0w>}2H9Xs-y}(Ity7lseb4r!IDu;$v)3-$vq+e-mEUcK{md%7TBZ%2~Xo%qLMo
zA0vX7zA@Z_WT+!`=H9Nh5^z!WBBT_|f@kWBy>*`0>`9Km9Zrz2fo6<V)cZ|@uQ`2>
z7Xu}&XeM5F2A_iFn%d4`22gHbbWgF9)l@geJ8My{XjQs>bNJ_?sr@EH&D&@MEQ)^I
zPVWfCfN?KA&g?=rd-dt6s(eFAQHAiyX7sqA23}amL7+ueAG_*u%O}i4E86IXd(B_*
z!OZO5`j(<}{5=J7f^vFM^t*pBGu}Qjc;zEY_z{fXP`_*NFqKx^xSu!Skd|u1MSa_+
z3qcSeb-pLO5b5WsL(auGu1RhY?{Mqon0nKSE5B5WWbl+79qHhhc!R7>Kb6)0wdtgn
zq+=$GxY`8(>sM#0d5Tg8M!|D`H-UWhi#cwqh<w%KR~<cT%}QEEGOu+>FMMz_{vece
zFm`bC27%D$61<JfUEcQyv8J@^sH3+w?=6A%(jgbm^JB_EENO5$jk_76Ij3YKbUgay
zbXki{I0l}@h<cEPk9g+7eaCxE1_FWH+Qy)yIHsRagT)xSL(X8Y&qHp62+B65K=a<{
zvn0%qtL>+4?WaY%LQg}~srfktAN~f!hZqyDRn*VK$}CWOTR8*Nwax|zf~xQxf{>tx
zaTGGpG1>~Cl<){!!$G`Fd!(|;e|%AS9{Tl13T=HXQaxcWIrB|{v%hfwTS25<!nmDX
zcX36z$SY)HmnZ(Zph6R@``C%aNx$Fof#XvREH-a-lyct)8hT;pFmde;hi9ao6*eL>
zJ8-P<#>`R{o!={9xyBl-Px0M}V9eRq1;cooz~@R+Vc}8VwSHf!FXNjHd*d5nRgTxn
z?HnXlJ!5rO7x|vP{a+L|2^1T)1z|?D9c*`7wVGebwLt|w3s-}*Pqxm%1>^x3(#sby
zIP~W!Ub}@Z=_yo-VXiX2cm9n?jApXHz7<llj2}K<Ix*3wdy9GlTJC>!r3MrjgdY!b
z$4-Cl-k+q&ojExJKALzuh~Vg<mk`bmamJ`Mo2(Kt*p+{N3dUJ{7iLNps>j^0El)wt
zMK?@$E{$3PEXTth7eN#eG@-%AuRR|)0d3ntViL*L6I=E$nX{p0#Z@$8PIy+c0vwkI
zB|)ppyL=eFJRD#KSkM?%m|?U?YvHE-Qj(UuoewQHnmT8a{?GE`mA#P8hsw`YM4%&Q
zS!$Ns79w*%z8$tgr!RsIESqs*K|Q9yb4-jT|F9f=EMm0_^5JQ2%-{+C1&RK?G<Oxn
z@@@UbuiX|+ZOZu%IXd6O|JgHGir{`lEqqlW^6qjOH2B#Zt*9R)++q!LT6)21*OL^H
zo7Y166Kn!p=;RKm|6-~K<tdH&b{o;}9%cQG^srJ1kit~uQ5=F%zukJik?)miw1Y$<
z8CfK{C+so+vXs?yTvicK9lDz#ZTz{@Vrx5cBAO(jjL68+$tK`%q^rvA!69O#Dp&~d
z856V2RCvugmj9VUV?vLcv3Hi;Gqx~mL2<A&Iaz(<L8n}4$a>fU{Q~LwJ>gluwbvFY
zj9vHMV0II8&nzabLKb41J^4AzvxRmSX0GF4nwf|d?lQ_9snPwW+Mmt8m?MDRcoQTt
z;P7k3m*g%<tJM;@vz;qqJexl#>2ciX=mNZbRSE}=`lH-aN?tb{yE<7fHK@ziio2kz
z72ll|RXX#6DH=^Oa*J$(85kq?lQ&{dRR}akQrUYm4|Sf6(>EqT7{SUjpHVHH>s2Pr
zQ2nhnz>c&UJHHx_;WqX;&UHK6H#P*n8>q%jkT%B>fAgd@HiSvkP%*b<k3FzabOVH+
zgv;$#W~)tq$M4fA98g`iXQMo<bjBzUoInT%bD*^4g<)V%gu1zHZ8m|mGgJBc_fIm)
z5E>E=^2*prD^(*_h}^l?CzgKdecmHkf~eNbF4x?&EMJz#3f@ky1iG3~mos8G`iGj*
z<TSf(>clkx4vgjFAr7HH6|Mue&O(Z~g<A0RuVvmaNf9l*GM7){)Q^)u4W>w1Z2;+H
z3szCA60V*lJ~5EY$PGu>Onu2ZM=VWV&C^Z13zIB*InS|=mNl}<{>fDMMd&OfnXn#?
zbr;KyOSKp9nL;)o3HE3v>UZ4KokHm#2?d0u4-JwNYoVi_;r5paObvLzPhN=rXtc3g
z*q%Fy<-0pTqbCAB#e#ao9R@fH5d<wMMD@u`&!P{mVHmBT=RF3b-Aq9zp-4CPbH!M_
zxLqpL@xmr$CHrjO#}pl4<MrKFM|rZ^gck{^E*}jX7FvX7o%Eq~W`>YE`;Iv+pv|`(
zII)&(6*wFbC(@EDOiBONuK~1@8<B9aw33D@{7F&*Ur>ZWQFrGiLWy4cfuNxEr+3vR
zHi0c@p;&{46OaK@mu$K|d$XV_ld}zbzQmOk#*k?uqu>e?xQrctu>m!7iJ}gaij5~&
zeKyq<mq{c>uAvUnJD*#dimnn8YEb4U$=l`48XOEl^?4D@Rqv|Jl)|qjUAO|)5PhR_
zPp(*+zfMI_iD-ljz`9-&?kz4S3;NEaxjwtT<w<@{{hEpAvWPk9-Piip%Oe&4={l+c
zQdk7U@JFNNDfSX*>Q^Gzw%X1{6iV`K{Ls^?C`V)$$(i#d1>#>e1V&<!BDQ$D&0dq{
z*s-`tet>Fk4A0CYhk46ETZdw|=|r|L0QQcz>m<b{mvHpx92JZdJs9z~qI_Yggl?|T
z2lg@U>wAjq)~Z;jr7zQ(xP-JkG+bmQ7r)#UHuMlmpw%dwO`Pv1KHx{8WvuexM72Eh
zM~n6$JYt(OB@yr5!Krw7X7roR@b)oH!2X&2G7*uu&?Ijh-BWaqk%GtIZ?@D6d+P$x
zf+vlU<gdv&X2qicYuN2hk<&MM78X`CL21Jh=F<#Yjg|t~W|h*YWQB)$h8vxXT?<&Q
zw+0suYzCSd3f2hFu;x2>SAnr`fYdfiA6!q*%*D1Pekl?Xeln`}i0URj@dXiL?|T-K
zxtkBE*ql<3>QZmHnl>*QSsJqtw)dp*1U}pi+uTn2#=}$bJl>~rRZp-^_7k}}zc6G!
zAg-^4`aL%-U+DO?K)*hQu<I@+=I$&!R<Zx#22@|Wu>cO<@o!1{`Xs5kpJKjaWO?*i
zUb7kuyn@EKo=){Xj&Nv4v9&@H-XZLbeEZnX2)uYE$sVjo1qO=cPiX}1U=oT}JG7Wz
zIJS4B&7s4n2|f0T?lx+M-8e(YV~j0k_moUJ;I`%PMw^T2N)12Qbfqq<kB<C0*f2+=
zY0#X;Oc^{#I$7|sd(So1v8_91YIH)q)<<3=4FlaPGu^x38%eAPJy&C#yM|C07kMx{
zAGaZXMGr7yigV1f%+x1?6!bVsA&w1Fe|Kxi<QzM4K03Ink=rk~ocO=kd#j+hx-WV#
zAwY0<cZc9E!Gl|H_u%dp+#3xNAXtD92++7YO>lRI;M%w|P2~Gc)x6B>)cmWu`k`<4
z=_C7|v-etS@4HiU;^oqdUTUZuH6)LNV-{Z;of0d-37}j+UCqF<U25ijYwR*KjxYb#
z-O7)6A;LA~k8*(xP7l39B?h3B!LLX1p65q5DNDd>!vz~{_K6+%&@`)aq3din<DpVA
z4Rz05nuv|nIXZW>4<Y!+#*ExS{%?-9TFGP07ll&T5E&i5gq8qmjYu_t=cq^!SMmwv
z$N-|dDJz5aZanGVx4ZU|4#MPK%`GuLtb{Es%MWeeGF3e2;KSD1-KbOtDTd&C-u|px
z0f`e@1Dm;HHwJIOS*FIW96-Dlc1k}oQ_$h5H|utxSG^PNM4Zc}OvHn4$iw}wd2hYC
zJOuEi`~5GsqmJ>eZp-ui_pBa2ExCDAmAyuP?sFfCgz?;c*o^FMVDdzDXDaUT+qY5q
zywmHyg>@5dYW4vKSx2bf#?r`C+{jgMFwLg~^DoYg8^}n(E6mGAl)kWYdFON?WCPy3
zw)cH-gnm#gRN0!3&?bq5Ud|<3eI-ciE!=Z9)zvpyTiRx&Kq*{hMH4iP*^F4=7JcGy
z6wPYxMXTua=F_7ilE}O}fzq+H6GMbc!#8+rkx<#qd!75`rC2&*S>=u?*3H=K?n-x}
zSvh0TwF&7lFsefquwh{im->slORyH|m0m8kiLz@&^bI16ynho^sKTz^{bldn*qs@n
zJG;vV(z}}-0cKCzJN#Y@%ndT;>~}Dj0YaX=7^Nkar*Eb;Rk=_N>jPel70p*f`xJ-J
z@f*y0q}ZpsTl&^|L^FqT39D}wT=zc=s0=|{|IOQ0%WlU;CsHGo1N-b)MjfO2*<#|5
z@Wsq5A9W{L)<+WP6DoQZDjae9xr{Rx)NAq8VUV^skxw&y6O$SK!oU)T>Y`cNN$Iwz
zaB-7#y$t5{P}@X0h<L>UGzX3JtBMGF917ZQv6NyjDsa`+<Ht1Kez~}gEATl<6@Yb|
zrg;=KHioY!*wR=VXyYd>3aG>lSm~dlz$Ss7EwXiT!jFX~N6i;wl-=F>dBfrZINLkT
za|f&5H?0)64~U2aI#gw^*^1EP1ii%N0H&_38ES`JC}0N%MQNTkHuemhOpVN}4q3)+
z90R1%poc))FV@*j0C6neGBhVQW{&h?=3?&R7xAPFNS_@Tqkas>P_f$C%K9GnK)+uJ
z(qZm?$h74DY5@e-=<7cnwmsAhqV;Ve1oxB@^(@PoGaXtiw5gU`DK^7{xVu&Lw&v%;
zm(lo?J+<n;md6a}?|<ie>66Cq%UVn6AkCa_NrRIY4BxSCF}=!FusHCwvNBn>p2IVV
zB~6UF$4`R-Om{2LI4UO>`9tVJ{e3=w(O5Q(oXH#qFXLCk`?|?>+DdFTkXidWi)VK!
zk|^S1y%F$*W^GSe?AgQDZ{NR*sZ(#L;+ZD4WdzSi-a^7$fwa$A`+ohhKa0YA>PB_C
z*bGW95Zx6F|G<}e8c<!Nfp1JFaCmhN*i~Mt9X$Rj8R?0f@0D5XH8V7KkyYloKDWm~
z;lRVHCO|5Q2?}yczO&3JtpuUJxUA9F{kaqG(~#kWQ?RU>%&m2I8C!tB6D_&L#1r~<
znG{wnk>eKxxh_%PS;h|#shUyGEzPuAdaXMcqr`4X#Phc3xfkup<nbN`^is#R^rrUk
zE-;d1p_ErmCe1v+v4sVJL2LF()SeGT-`pI-JS;75<i7J(EnXxR85Q~2TqoM#nU=q)
z$xiiN!fPs+_~V4K5C*P&&v`dAFJY*ux&2G2f<eudGLzQ{N`}QFv(&_{y0#Vt9+2Rd
zR_d-^{tsYo?}2{?vutgNFo@u{JUt&SX2zD54kG|2jl!iYnCu#LHO6+@Y#j*;;nDe{
z_<yhf$a@mRfze|ifn|lDa5xKf4j#}SwMmD+2u1gj_#p8txnf$3d>L8=$<l5aQM?*x
zR2i%^HtCwLs4dlsiMZ&v{YwHvq69~Cc=>(?Y(iB*lHRiskvL}ETHfQsG;QK$z4;I2
zJxnz0gOv%`g#KGC^_TNDPTN@?&Xg5Sho5u??Ti11V~Rp0nXFYb+U2!vrs$52j|U~u
zD)HxaL5nhJuzq^4VjmS53(1z<nAUapG)sq|qW%w8!=z=k!U5RMz^2XLPH7tU)Y>f&
z0gdx0Z6beu;TY4bN}J7&jEyDaS>MWVkfP@i_^bVd;8tk_&@}pvv#dic<6~oi!~*WT
zCF=7H*-}6#X=a|T!E_FwQ3q71VH-(JO--e(eC$e!_ivpwWbVYFS)x}frYlQi1{;l!
zqv?6&UDHClpd=1kqW)W!NeWggHX_P!E3tMcslWagWSNCMp`)7geg*d`QU0fN#(M?9
z?%Cds)Bm?Pm=Iwz8=HTl&OaQ|2nmAbgI>rK{Vj0u5l%h^QhlQPde{0ds)`oK29aUo
zy`swcH#HQjY!FxubEBx_KY9WL5m}oe#k>Bmo88Z4E@HCF{!eHA-^|Q0-f%-{kwm`A
z*NI(YyGA`0XsAHr-oKf$&-?H#TAFH5S2t*;?a@twBEc9sxPz?qyx@(DD^h+Q>fiNc
z^@EeA?=XH=I#a@guMt^YqzOk%sr_5XXQ49><i`5*`hN<YA*E9sekc0>-ucHN)Q~*C
z3D<u=AnV9ofox8HUhQ8oAswRpB#TXS657h>nb7(lZk~n#UD#bYD?t(X_~=i>?+SMl
z5=y+#<nbnjNjvED)Y-E|EpGv{Ine5Bq7_vlJyqH^Q^tM_-|(ta1D_PGpuN8`z5<zo
zMTo`j+9F9EZ!FCpppkVGu3jv6^rZSrDlj@lH@~RpHH0&8e7wEAMT_f|-dwDZ&lk={
z#m2_gYV&V7(^OZ75fFYrkdzXPbbR6?nhk(mxD2f*;s~5@ib6pt1RZyr&TY;%+oNb0
zs)tv8OvT(gC*1sck!C{abqV*yFCSNhpxZj-P5YL54PPE*teN1ZFD{jwRjo`D=J(%e
z03b-b29Hvu1KB;-(=ESr^d-^WbbrR9=9B_-Lx*YeY>i~cp$1%cr3v|PFCOi364J7b
zt^jzx@P)Mr5Our=l@8KCA>ey4p%^?qa+uqG>aDDy680v*7N2{l{9|_S`*&oYB(8h}
zPMVZ1OvrXSDG&fpP63#*zLx^;$cgqk%eGNB8~|Uz$0V&d1K$_Z6x-02OrMw9vkjx(
z<mt`P!9n*%oCsi}Hx5;st1_tbQUU0?b!mC5U^eSvfzE~)p>H~)Lp)LB$bKLgEB$mt
z_Gs-O!v7j0f@)WIZMI*wSxXPSTOHe%^rT&G6Frh<bZjj8>E@cH**793o6#ctb5O{H
zeH16AH6(|}H<(zS6343J=|RK?Ttn=)L$;zdt;7Wrp2PA?6SlvOZO4WW!-McpaRK+H
zir<LE*$8PE7#JCW?uR-|`jE6X%VF0eNgp2p6cWJ*{U-O^y1E%)2vw5Iwob{$MD`=6
ztejlYy<ary`Fc-p+`8qGQyS)gIHJ_Wp!0nP^BJ(T7)P|q$Po(JqsHWJpY|j+7~QpZ
zeCIH3%^|?|g+f~$iRLF&PlcNVMd#N;{ptomLmZtE6YgW2Gq1}xc#P%cIRPA4*2V}8
zFWi1&-#96qo~XAx+q%3aRO-W1-xj~u{*O8$9$D_Ulcjhz)1@6lJSztgC~>_USlJL=
zZG+3UNmm%M=f#vJ(C5m2md3&TM}tWzOOrjr>%_t&r%ca{7mv9@foMy#2HCiEb{{(1
z>RVo_iz+GJzf>m34A&LWiGx{iUl(bfJ&pi8zJn84S`K{U|4o=uUg~lFnkt*%lJhvP
z#Hx8b#7+6cEIPXEdji+jKEdr6r&^V-xA@As!U6cL*8=I-3ib#**&FsIBa6Gh=$Jg#
zf${N@-#2Z051gKRhjCyo4wZEoIwK91yzQdj)e;>&J^s{6X@)r{27j2(JxJf7vuCg3
z3g?}Uni|L6e6iEV!p9Gc{*`Vo{I+n{Bn<efaN7KIUs;Truzf#)U&ci;8VgguPHn1N
zf3n-;wHou<Po)K~a=E41m@xUE!@P}onfS0o{6SzL7|m2H{<M8$HZBb0oqTt_oY8BO
z5|vvdA`5<ttEl~g1vcUQvI4+SN|_iGT~><kvd2~uRmKc!&^Rt5L8+3-=MS6J!e+1?
z)K=MPm7gg310PYmR?Ro-;8xTFOR~tS)W|BGk{9E^&_f#fP!JSwqmQ7k|7xdbpojFF
za;Mu<YXwi4K#onT;gyi(-KfnVB>Hm_thwM&7JG?z5{IM9mp`HV2MUlQi?;+dh3J4h
zBOAmn4;Nlz663@fn{+~?|2z)EjNDQhHbLFPcJ}sLX5*Wa#%|hKGll^|gY4{^2(<Nq
zl!u<o3EGbYtI&@pLUO0kv6;hnP}H-Ia$MH_)4_WfBKFoyggCsPWxL0m_VB*=7Q&3U
zt9oh)1`kzhd{~0>%m6bI5`x=fk-rVN^|0<#ZlC!3f{X1Nsr0TdbhkQId|_7vNyNKT
zKI;%~)t->_ewMtrZt=k-pY=jox!u-iCXx-hrBR!eihP0=4p_lhtZlyZU12eOSW8CS
z*Wg@Z^mxDi<M;@~!@p4tSAfTlAYtO<d+4+9vm=(P1b40Eij!<dHs|n!+;@8$lD8t#
z1I)DCTK8<$L#b{pMri{l6ntR1qMvm=(b)fu=|_pKRw4jO390sF*#ax<m-uHfW`H;X
zGi7X7QQCZ!ZU#PwHEODkT4k}*ugJTvKW|AK6}2~7plqOo4PwDa9bM+Q-%MRE^t^vz
zap5TOcB@Z70XWudhx@owAbieh)N$&WMomdLU^HOwV<IDXGm!7O`;Ld?=0J9E1NyTa
zd)8N*a3Bh~j$SMHfUTY`3gdpd7k*~5UrT|a`SI{d2b@iJz`&n3i>p8}#LdL>E^3{=
zzwI4UNZZ4l|ND_^w6gR=Vx1uGhCNi5PqHBhKRH#YI>}T`1w)dK?eyN0TAHx2*c+oA
zMLt}gsuAyeb(EcJaRenbkfp!Ni!=4zcuRQclz#g3csP}&#ts8>Fnaw*&QgdQIKaZo
z1jniAsKs6m)}lGkYubwCS;oU4YH(BJx-Wi@C#^)ASy0Zc{l@B>=&n|3y{c<6tW-=y
zSx{h#xaY3|0|>j*Hyz6G<$P`kdDay>RM&y$H_cJdlNTOTnqPzYbWzj`ZX?kOL1;v9
zj@ITd$xL{Np`V+4ANrbmI*(#Ly2#)|ubhyKf2zb;dPS&IPAO-E(#rd|iwpni1DhVh
zBlz6tpaPN1_K~{mj>e|#vCr|JIMX#~njR0dnp@cye-;2Qigdv%1_zQNcjhMRGY%Qy
zHR>eq2Qyw7@&lMh-10ogD7m+WzPCH9Onxk=l8YzV>H1QqwC1pkD8Q1k46turUJSp}
z)S%pt?5i#Kn@lMOku$(ZbC0FA=&+?m{g49A08<iXVoF^~FZ5c^#vz%X0vuwE{Fz3B
zz&H;xktB$myJZr<5mUnoRMFN56!G>H(ip-+`chgBItYVh@^un;^jvr$DUI<%TBl<F
zz}NSK!3)alxfU$PI$NEPH;e4Jo1!|rI~X@h{HTf#UHHwtgE~0UI;yH+PuC5|TH42M
zOw0;r+d0!!*iZgGc*b8GLx5=Tt?UG5W*)nRX^Xd6uzl4QYkH+$KDB?=ysZcg>e>LC
zK1?A3zm8)RHK4^+uQ|5ClsUu5jfMw+`)cY7r<F=jY~IbV`kQhyY&fhXP-5wP;WQ9l
z42@$d`MQe7GA@Oz{Q6H|29kLD#6yf(xSsi|z}$2yk3lgkpLPpa(_SA8msC*WsA^W4
zpIx;ne#O+)kB=0?=@IeJrB39pBdD=hi-oFwDwGig{<U3OLvG)iY8(m`F&(I6_a#~u
z<mJiR(AXlJJTuf|w;5x#T7xs=I1zTEWw0&&@!0MnIyEp4IXZY)!ak_Hi33#7O1WPf
z23hya4&~~`UDZD9_w=yAIwrjNLr5$+Y#^tGuXu8kz9&SmI~q}{nQ7lnQ?D!5YNdQ{
zZs)E?u9!ij%Yxg!IaZ1s-i*J!OGhhcmXg(<u#pzb1l-!`0#r6&ya6;R1CGjJ;G|Q*
zFtC-@lzV?OBeQq9#FYvP6v57#h}qUg#KS^ggofw$Lqscdza040N<Iw~K*6T_iM?4L
zF}c+GTl-)_2|KUXf;V}_Hw7am+izb_DwKkITFY5PgB4B%%{KZASNgx0lqcy2*z0<&
zpdzQ1E^?%~O<oqU@u*^~1c1r>x64;RPY+}EwgRI;Reo$#HiV8#%yPh^Jy@nRbXQPz
zodGe{Z@Cm6Pv8Ip?}1fSYwNPtUiFvx@7N0!Lk7J%e}*ybax-iiPffqDXh}b~A~bdk
z%?_yXL-dtD9Z46sp(7E(?Zj_&4umBgSfaz4`5;#63!6nGIKu8s!ao-$?2|k~KZ%j1
ztHO_UkbX8bs>{PngSaP^X==y8VNGm!XqU@AcY$lov*Hx@=A(kg^k`z2eA$6(W?;>d
zkn#QX5`+*VCF#a}bVhu<9wYX&^FVCG7vzUhZ)I?k{~g&G5ka#wtyV}F%snW{3mz;s
zO!SfQPYW+tIJhfleAUu#a0AqQ8F2fupdaK_#ZFj3Z3XWcx7*)kTJ881LxpJ03C+Py
zByi&J)v#>p3xy|h?y)L>D{l~q4>M;P5m&sKo|plnL`O8or_a%aOg}H3_xib0x0NqT
zay4hDW<(}OdzMFA*iHLn@5}Ej*EaN2)FcaV&Yhrt;T8-O^APpcV)|XLDDiAW2LN9!
z=u+f_Oa0-8bKX50P6aj%qh^__yI&2hBS(*J<LQin5AvGhb)I--^3I#q>%6M2Qhgh@
zS(HkRZBLCxz3N<wFGhsGAp@zIum&pI^sNSiOtVH60s$7idIIW2f2@GZdwk!+^!)2!
z2fMDS@Omi9WSLldIa_^d(f9K<fuFT{l!4b_^51K6#nX9`go+j2A1K3Ia^qNNUS{}B
zsrnwR5rRFk4I`g?Et!uD@w$CM<;fE|zj9rp$4|%RR>GwpokaLQ>?;2u{^?Kx2O4F2
z8Z(znmL;TOZqS)h!w!>7dJ?_0DOfR4X=qA$olvVo(##>@+;WRgcqw76d5bxI4S$hs
zu3>JT6OG2rEg0oWDzeAab8iYq?_%wSt}0>}idun%wl;Ia8q3~%qyp7(s^=gbJLU&n
z7m)|*?O<icFAZWWj1*HhGX<+#=te~j`{2B;b=ECbjr>JlqR>Nf7;p9#lwJh4)Dj1=
z7*lw+Ff{NdQ-dXW+izKsTp6m@v1V9Vv^o_RKQw&zKg2YR7P6s{w9nBgOYaYxt8a$h
zmTx=<j;urQ&t7ElAT#66SiZE=!7LjsZTMkqrQe-9ZSXg{WeYEEXC8+tUQ|qK8h-g4
zEjG>mX0Nl%#==u!25x<reu5KV4=vEr0qFrtY2lKj_l@Ro_ZH1jm;i-GXe@J2i>CK5
zanIFNuMsLFX+);)fPtyR?8LMby2^@~Po7YQ0ta;F<HPFkO3is2)=l-j1SB~uT3@A5
zvW_~>o~e{EycgX`?dLC}U}haQxw!CkM$Di5r8?iszF^*+l>5*2{W7phW=DQB6lx}@
zkvFw3@wt}=8#I1}=c@Aaym|vzbz`qm)*TS}i$W<AL8a<DYSr0!%*6Q}n0lU%Nr$_~
zaFH7?4C%tE$n9~BcN()nRB;t1Ci%6s)5WIz2Uz=;KETt<8!eY#c*_<k1A*_50xr6_
z&zI&ShHNbIgXRisFG6m#W4iht?!cODJDq{7ucW-{lf5W~1AH)Lwc{3qUSBZ@1M05E
zPesq3s@@QF&)>RfiO{xFmsJ~$+F=&>SkG{TgOT)k^e+1L1?%mm1_x;@j~8T;ox2QU
zKbg17Rm-!M;^@ntVy{Vc`ZK(igVqqcm<HWb_YK=OyKu&2;HL6B5m{UTV=BhV{5dV{
zgE6bwKbUQx|5fuxVmwO}`0X-)Lf5Oop0~S2PJ5H|mU&#F#+dfgQEbkRG-89FjZ<QM
zj$3AmO@HyJomCMQsGptO=n6QVgc`Uyj_(sjtR8<6h><qr4_wHQt*Gt@chy8%K)o^@
zcnkI5+Lp!*ck5Sg<%eniSvOH8e7H2{ADLnpfbkGxb5nKP7Tlyc()pu=G4KmZ^QkwX
z|8fWaHx0qTDWJRdD~%bpaM0ayzF1R8Yyx%Xk3CYabK=E8&eH)6&UFAbvS&^saln!V
z{T$}Ch?0F*t9ebmjRLc*A6w>f0PM;fz7*n>iHzE4ibkrbB5Pa?m0HW=pOcGK5lU0u
zG3}EHM1FYvi&iAkZlRWsQOTB)8<IROC*{thoofsvsEz9f#S&&cXjW>(A9$(VO!b85
zoK2T^1jrtBleYC|nc`=l=Z8|@pl;9}ORn<$T+Rp$2IBh8x-XIy$XB?H+=gBs{BXfL
zPKc#iHPfntd)jJ+Q%mt!$GTG8MeRMww<`jlm*H4WNoL+fr)~5pMZf#Ym}I`Mnu*Ji
zK<D9=M!lox2&VBoc(c(>a9MK}7#1SG)&OHl3-R<>QsYY8b~~LD82Q3(JFj8p4kU5y
zo4ncVTLZYiJQ*;esEmfzGi=TYS%SwO-7S&m%d~4B><>J&)ik2YeSN7JUcsc9_x||n
zu(4s*n*?=ve+Yu8C<*Eoouer!o?~>&FJ2&cnjzvqm~j8=E>h5Vft-qg!I2i9b6Ymc
zv5>!rhF;yvfVyj>+Lo~(T2v{=OrP{o?d0^i^!9;c^Dl59)6#6iSi`0V2F{_uv<H{o
z4<*c7Wm=)qdpalUXSCp!4JU~mS*OXD>9_Rn8RQ<W7i-QcydX-fWTdts7Sy@|ROezA
z9+48d8svpAIh2fg#*%tx(~nBmSj>;;E4mTi2YLz$O7k=K4T7-;#Xh?XfBL?%fx6nL
z#J#5W<cTG6VDXVfGCbXlLP#Z~p}EffNd5XvHe*kT+2tYTprCdCFcx-nMqvLY(z<@z
z$HimqNb14m&$QV(TV@Y`M4U#8&jQ;ICjku`t+hM2vz0R<PiG>Q?WSg0OC3gNhBy71
znX_@mhVl!j)h43|=;n?eM9!SgFD2PEh!yAU?d3%BYYC`vM&Ff$Y{1g<Dk2gUL>uM2
zCYFc8@zAJp?5g{YP<F|d+evJewHl9(?bri)5iG#OIX?dEUr1#p8resEV;0&H5e0pW
zIeNWd{-SUbCs+HU6Gb}Kx+0fmr9W&0sE-QkXq(YbcJalC^ne!j1kl24imd9L$VT`r
z+BP1Z0%A5Z8}|_wi9bNHHWpn3&hOdx353VMd)yJ|=%?{+NUuWtgy^Ta^SRh36H~~P
zQTEWm{)Jm`M}=a5g6l6WL>56<1O!FE<|95`NvRWbNR|UmG@?d=1MWOJvKKu&%l$@<
zGJZpnT`ho7TZ9>3xKZr;t3|$<uhseN&dj{p7V2~*-||KWT<1MwtIy5C^Z(jhBxe0d
zCOi06y{iY#v5>H-o$ft846FiL!-RD%hX`-4f~ekyYJ3%UQDgVqfs3p^_(nY(7B_uN
z2|?C>6-CIPLZ3D97Woc;+-=BvlmtXa|Bg)kUvY?tx5f}GJ9KV`@E=MVNP(WFDw<y_
z+n&-6U~-pdgp*Pov;2ECO&GfHJqb#e1!2SH04D()mQFCApHWHCUrhBxl$y1GiO3z3
zib?pJh-9qpAJNx?{987n<L#yr;9t#r`_ss>&)Z(NtgF_iT^KyqkKd?fOXw1?rew5R
zw4BUj01Fc?dh46ljiq(Av<3q_SA2@TN!UxXJnni}0>I7hzizdABE4~^BomV9f~eps
zpd@;8kP1hdpFCh+6P<IvLdkLHmEK-W*7vvUd=OcAysUEx`G^1@@<P`^rp|#*{)nLr
zC6^BQq~PAY#!mJvJl#vk$Ik!fJO5vsA3ySa^tfJfUG{X&s2VM%iaA?QZT!V(<?j`K
zUe~}->I$+T%7k}0ZEd8-t#>Ra#QY(bm+twW22z;23KcRcyv{7Ju&~;#)q@8*Tm6|8
z{@6ltdnZ~2goH?LAeY;WoaObqg;YR1m4Rdlkl{p&4$EK!8rLnTsHp`L+Sk8yb8}<h
zuRJH=)ct2%+evSy6%b73(16dr1B9?Z2a?C)tdVd3`n*VaWvvSJ&*oA{0!tB4z%#s_
zCppG*@f&@KdYJp+ivm-ANkZk@pPmi%_b?V|;@vvNMn{d1^5w%t!*qTbU=vLwjPL(z
z2Z!{z9enoPogF-`7<T-;xkUkO5^saQqxp#OQvpgFn~42zYSUTta-sloS>M20|9_X6
zp|rDb7%B4d@}T_u{3wAuG&ZeX$MW5g>ETFiKMS3N<S808|8_e*1G<ud*Q~#!dydy>
z9lCSvBpI3rCETf8kV8LlEwu-GhBDHVGjP&uwNIDUWWZX%E@`DEq?`)#{7Ob_%SzWy
zWA>+5(x0I*Awx}E9i4qB>Yj_wF?fwa)DGbhXx-pGeaOd%7C*{jxlWCU?OXT$c|Jcq
zt<iPE>9Ot|F}u_KMOrCe04kp&3$8dKwpkGOyGC+uZ7Y^=5i-hx&$ljY;Mj7Ew85Tq
zOn<4Fi;%k=oyHj3Se)bt{qvoUL;gHlYinRn$GgM2jgHr(-RT^bkemr=<iH5?XIHjf
z8uHf#y%%@_`I6o5y!GOmjv5gqB_$`!(>M2JB*LIPPn1On#MN~9BwV$Y4?-4<d$Kft
zfL^<6kdLIR^JFm9`QglQEIt^;k+unr#~CdKP3`m)*hH_YF!nN$?fv+(s1Vz1(YCUp
z7k&iCZKUYh2f`t7^Z_%IY@A12WuQSOG5f|q8WpsnlX&Kim#=jEZQ0FOE0Iz2D<+V`
zO;27^Tpyk(Tu%{Z!8t{&2_@0hBT4=G1vJw~Y_qJe7XNKL4R4J)9@RaXmS!u>5lI5>
z!3pjICy|hU;E<u<wIH0?NR(sgi|kn&>_9K-3R7CDM!>}eBRyIEghz;d`-C>HbiN@1
zfOY(w5}&J#6?bR_QqLHu0R9YvQ3>Plf=6_X>$3@rnlSluzmW|<<H$R{6QDUAN!wX8
zv-_e@3V60duQ^_aD*g(8KV*$t+dQ5ywf?AtdNM%tXVkTYwquZS6u^-x#?&&rqP3k?
zDgj<Kkxem-nQYy$->y?aG-);EOUznE-;q+=m>|ipcqJQ2#&^N9^aMX0p;#9Vrx>mU
z_WRQJhKfUldR0qXRfBIcoh_3GEv4<h^i)xf>;(R?vovU&_l{|ytut2|?!GwbvFuP3
zQ}8<a8p+e;pgTXI59?pQ;PrHmO}wi2vJ*ZSSD~TUAw-&Z4N`oq_If?xWv11hSU|Ek
zcaJ2bm`vb|9cdqrXtZ*KFh}r`-_99ojtJA*CbJ`?Iu0G<TWw?EMOQ_xQ<7pt)In#m
z&3fb5-qD!_KvEGbx}~%&P(WF0__W?D)1BYFP$bixNto;W1@ietPE$UqU)Sa~HdbDq
z6p`r<*O;sW;|f1Er0a(dd>hha{g4Oc=ncP)3gt`cTZsjv2t&sh7gJ?o*>f>6gb_Q_
z(x<wiNMmI7FU7XHvnM$-b7P&(jYna4E^^mv9pm?>aN>D?dp`O+9Wb@t2Z@)GSLWH8
znr>8&$!!`$zGNpvlvTXPnoUa2O4q_bkX@pW7NY>Pnj&AHy?%%|iGH}u>iOW)g8K$2
z{&hL$qm|^Bk??@)Mage2b7-irPOdA)_XE)nydCrn6j;}7?-SXXG(4MGd~XYDJXda2
z>kqmL3O`{MxHjB@KGE^{6RZdjb;i3cc6n))TCVn;ts>UhwVRh9vQ5`<;Ya7~OJI_C
zR=$e6QuXY{q}<dkWp*43*zRgd*(f}mqRV+FtE8G_R*&i+JQqbO(@@%`ef7S9#rHDh
zVz#BsOt0ac^4Ig~^>mTU?s6SdIF;)3k#T5=@I{)%h7yuGd(#GzJ2;#CdrvIlUIK7*
zFF*Ly2x_d_Qj%<*9#H#(scWh3M^}_@Z$yP$c@qia^L~-s-VH7FBqstE;&XAYbrOPz
zA;QwTFSK@GX_&{IGFk$@yWYq#VZ73}JUM-fF<vM4x~{N0=`#UC+~_!3j+)g+gbkiI
z?qGiecwt%)sxShrfD>sP<{H_ha5L^x2^*5gR3uV1@8NWUak^(r3aT*SSD3ZsC)<xb
zEyOcr{lUe2;{!KfQUYV+Ep+!G#p&MuM!5#^sE<ZwXiw+uqP)kgcmj<2c<DVE5$gxJ
z9^g;XK4St{Jo6NrMNITE!|$Wc=6H{M3i036NS)M?YK7jf8RkVGzd2i3nT_=LP#jUI
z2Mp5M^~}hrp;EUe67jBod1E@D02-Zhg?>5<ROE!E<Ni5Fr^x^^wW`bBd`#RFUf}%L
z*5V?>(A)(>yRiewLr5h(kWwN8bhC2c*im`8f5iEm3UFOjRzg~N_=WS{%eFZB*6`2a
zn3mF>he2fWBVLR6?(&c$r5aZxHgeo{-CO?LmwSXdQ6-aqVnCY@=c|WiV8@I35%-Nc
zpIgU}u9r?F$UOy;vwEBIZodv#hp2QUnPA;PZ;F{+jk9P04-f4%snhLpqN5%MtdC$V
zyp}a8m{eqey=bT2f=}O=oygfH<La(z*J+W(!|?Foq@11@nd_Zz2mo3!Bo?gwxx8p&
zwRxa$B||-cvnAHh-GZZoDI_2eekG26fBVVZ_936&lb8ZG5$>XHm4||R)~S~c58;E%
z&CfCdy_!Na;3G@(^`!QF8FN31U|1nY<G`W3YjdhNJCD;v*%?S<Br{);Tl<34w87lg
z^z2b%Q7&4VbZWL;8Lw@5BIrlmOqE`-2S!ILNBvcYA`wXpz8JOo5xZV(Ar|1|#j@8f
z(qjRAw|lSSo+s^*A1J(hanM`MswdyL`9T8pmOfs>c9P|6ElG3ANWb89AGz?|E&lzr
z<0ziV?lC0k9A@A!BZ?Ike?M2|&xub%QSl8roU?t`l^{<%rHYi1S0eu1Hg85f38rY@
zRs(BWMZn1uv7jX~9*aD`j+IhKmK8-GnUMi$>qA29x15o737KvXmw?7v)y#WBVhdJQ
zXz5(kOHb(D%PagFt!pm>HN(*I#TwYqdjg);=_E-=bR^-|A$-5d_!6n2`RGy<n%6g;
zM^sdbPe6Nkiv64%P$t7<s1lvnyWC#43{U=c&E?h;6&4dqAX!<a?A9lW_)ac2dG^HX
z41A$v+ZBrKUjM=BT?+0x;5!1=gDt85tmFW^mmsj5SRh3`HkpO#0E;lyuo}UzIhRJA
zC3Nz%(fWP;ay!peIBR=xRguy~)gskE!D77gRc1$qI6ZLf%o}{s<gwam?ykeP!;!=!
zHFx+)3q0-byRj>JP5<?>bs}n_={vA2UR*iyB@rRkYxVX`_tlZ3Ml=Drtm?9NTRrD1
z-y}rO)fXoQ`4<vBkF?&{>l(i8VAJ^;%PEHX=X^B63Y5GmFMz)EzFP8-mSp}!{wiIk
z$@j*&`RU;}+et4@g$idUE_v!>XOK9?S~YVg3aeQ3%R42SNJRp%jXwX4FJSeJlQ2qD
zkLGd$NmmlLh66eVFnJttWB2_Dj;E7k@oV!NMc-fjo7JolrbSw$X0L2rv3@LS2XQs8
zR3JMBu<%DY4V(njUw`3<YsF!*<V8hyQ!IZ)SjHrpg*0(83@u=EcH`-b7M_t;-Tnf_
zpl$8DdVNl&8|Nfoazttcos^}i5e=r)=S!+sMBtc7epp)f3<au(VX6j;pJFD->uG&;
zz{Q}ZYkPw;pFHM%NA$6TXg<7T5%!E>6ArHOFWx!s_2j3HBX^U{TDNPhmuGn&BfELe
zT}wwChs{yoPPH49!fHPQ+>ImBL&H}hlUp7>V_%<|f4bhf)7*IDu8IG0-m{73?>_P}
zP||!Yp02>>>WHf|HDekXoe)FeJfHM|uD`!OrrqRuawgbI1_Wo*Esb$gb$BF})gpwU
znEmZD$<cq|6t31^jfwBX+P4!g46Moeq_4MYb&~@a5W<r~;-iZxOO|3|c@Eok+*jFj
zNNo>RH^%T@0e~E_NX8Xyq?Wq(yv|==OMm6~B%Obn4esk7ZuFL9>*w>?(&H<>J22qs
z_nf5*00@rEk)w+&=M=p4RVLyVa4%&P-j4t5{T@eFbax98yrGVcvcdb|5O_+00)uSG
z)2~0A&gAM(tXnp<+x|{)KEZho;P|4qc)Ght(pP0KlkL3L17Ax*;@!GZD7~T+gFiDn
z6HK!=`$trJ=E5^8_-S076W*?o@Eb^_t3egP^F4Sy-R$tJi~(R~l{JE_jpOc=D+zY4
z<QiA4ed2!;nbw|%PDH_KhPMe3`f+vUXAC8LC|D<Iw4Gx&<?Rv7F7c_G2rc&w3L>++
zwf<gqz(kMctw`E6LSox17woD^6t(W5MB3{<4AM#sDD%NIm8^+-g}1F3Yh4x#fRXXf
zx`SM84fZEmwT<l>EJ-D<?%qI4!DtibUtBZroIKkiP4puVub|-wR?zds;Ph0M9sB%}
zwja?<M07n~+4wQS6|JiCr-D=i7H85Y0cX?Om&DdqIjo6V(MJ#Bul)IqJCcb^wDZO*
zEAzf2%fNGoBjOqw#sr0XBS~vI*<M`1fKNKmNUV0ah%|Xv&Q|9k6}0SJu%i~ME9Dad
zylc+2{%nb=&^V#1@tfN|K0e?{HKkacJ%d(u^Rc>tH*LNu5y+w}h6@<dU6T9V62#vv
zFLZptN{PJS68B7#a=aL5rycnhB{Q*?6{`{LRFPs7qmi@$0eB)J*c-{JI)t;ug;0Jn
zCtUDG)ErWDj&y>9ir$HXG&qP!OPT&(vVfuDZ@ONpPm~Ytc%EJ=obWE-nheHR93dl{
zFD7ymyAM)o=+H^*MZ`s~P_=6jQrqyX3DohduUYb+NWAG9bkUHHX{A{Az%(27={tKX
z_rhzWdd-G(CF*d>9-G*7b}##Pu+azit9doP+zFkq@;ajwHbXdBRZlNQ*P&%fi_E?f
zc5B}2hHh)8<7;21aYS>!^Wu(uuOH{JTvQb$@zu|I%wiwROgpDlROu6kAtVebF7o}F
zcdQl2n~HkM2U6y4!h6<obkO`KS65j*3mB7>gpqSJd`aCSer#u?4oEpO(7j#~WbZ=W
zckywwkW>}pNG3N8hO2A9@>0^j{()`S`~!uNxR^X2s4b&k`inw?MAHdA+(mVK#Ka}X
zd5GUP&!1Vi+sJ&VcX)k>GT5_)Im|vPj;@ZCnRIRT#nH_b?ETqxo#NhP#xj<W#-Awl
z(yswY)R)^VbWWPo56jNZjuMb}TEoIPVBoRj22zf?Z%Izna_trp<(IXZ8`PDyoLtow
zbj=)-4DSJLW|V-_bv1HhaIgva#_Bun@novNRDgjK*}@KL-k!;C6%k+Y_-~WGZL9L-
zFSK8V>YTK{QCuV2uWn{VJ#KUBq7(U~tr?B3G(=i;UH`u98)#2VN}pK2A}tjS*~OZ<
zsI5`R{x*Jeoa)N)9c{bvY2cR^VgTRCluxEUR(!Pvne9tpR&T|c^&!oLld27Lq_I6V
ztY7myF|fLzS_QM>&u$MFfBaGmTBAq87P2AEADFwL3a*McR*2zUVQpd8w$S)o6U`%7
zggnchl#n6^$(V>$1$CDGy;v_?Pi#fJVNs#y*i@Z(({l&-X(+bLLMu3s-EPO)QB=ZY
zn^9<wn!T{U^XXEzsL5Bx0LtPMp3Jm|4h6%l7bR!6YK<Hsa_4q6!Q&7jnYoy?@Cfj$
zZ@8tc_|?-GdiUGO&bK=5z8}Q}O=~)SK1`4(ziY_UlG-FYjA85FH7$2DVzzAf6$>9o
zfP4!+_jA~=jPWNZBJBhGU<6O?GoV}BwQmQ^bj^}wZi)}gp$gZ)6lB6Obqr@FvoF^$
zs_5;ucO3JWqTckM8)<0&MG*$$-+GI1c1dr!>(XJd7gl}l6m?E8O<!l2`Bh>N5*C37
ze{gY@{Y3Pp`2;E~EKDjA`OOAn#BBXeUbGamn@F7w^S#=*v`lw@F4_Yl$Ts-VfV0^j
zZN>ZRh!&|N5r0pgs~xi+49M@hlAee5c2}?5xL5Q;p2NqaceA4XhJ9ZLDI!;G)m}aJ
zenBe=M7c`a%AAg@%AC^97?LiMO+|O11d&JJ)~_Evro^L@bM}!Vr91Ou?R1rlT#>(%
z?1`uRW}qG9>wa*CPK0vDzUUeF3WHh*#BQ)GZ9KZOJ*feEy6(W(x1z&|Cv~PvWWV?I
z74vp`R2)c=|Cg+UX5_oQwHDFVq(GA4YCe)~v~b@T%NySyq^_3W4;08<4BZ}GPgZ{*
zr$BrREi^=F4-Xy^?;Y~rkJ&)N#Ai=fOQe(rtnQVRgCOXO(`x%mS2s5>BNsOX=T~M7
zq3VhXG>F8j1p-jb(MPj|erUM4R5FlaE6H9qWMkmLW12+MCr5ah0A-JYx!BE%!+2`u
zy@LcR!rL<04>L7A>*JUL0OUGit=t^yBB5wRBib~>p<Fv1{BXbj%J!4)>-IG5OM&^9
z7KYvI6Z@RFtvFKLKN`Q|Xp$IRI|BBh>F|zkh6wBTI}!96foNmHiucB-Gaq;Jv7@cK
zdg;EBF4T0U@e3SOvZtCf<PhcORxU;pDzb7mM>Np+U#|+x*41JiuV^4R*rFjr<fLbq
zF`Nuy(WY`Y1=O=DUGWE4M1V@2MU}}&Qg>Ege#(T$oxm2}ZY~S^*?vo6^lHw`o;R1T
z$7InHe^o8#`Mw`ZtTKx7Q+$6;{_KamJwp50xQZ4X8W9UAOcHZ#ls1H05{8sTB;<`X
zG&B^}j>ah6h%FJOOx3v4|B3Ng9BHZ{%Tg9+Qft-NQmqXo3pVx9!$=^1jCObbzyivt
zcXna!@=k?lI^Xo}A>VY8q`uOgD{<Q9<_~VgXBEr1x<X#Rdz$(%ScryCxu4KIr{GO*
zff2)lzMkqMNYFku&1$V7Q##6K)#>bsx}U^?HcULhu<-*#E5aM`_?o{WJ3-`i5c>UI
ztj6Ngv^JYfL0)m?r7-N{ZPNbqIwY;?4gN$seu__7?fE`^Y0tJjsn~S~3el<#!^<du
zB`V|zzGI4A9^%s<6Lu@OPnid=)*0&@R?ny3M<15?9#~L~7x^!RNlo*$#~;VFO#mzj
zuS+>oN2GqrT3lmogXd7~#a?bCefVpP>F7Vdud;^AcZ1bJy3J(DVp~|mx~i@9ocpL}
zfu`Z;3a)JY5jwn^;|jU~!alow^c9p}r%Z*~uHTfN8Q)Pe0yD?NmaK%~Ku9=SrumwM
zBLn1c>;xHRyVq{V3jl}P<xN?jpB{ZmkXRTNl9w2H7mE8;Bf?_exAdivquv$LSTfmx
zpShTRvo&HkQTd<5E&AoPQQ8i?l=vt!Z+QczK8;W>OzfKg^Ib3a?>CG5Jdc2C^~Y5C
zo~j@4EC}6a?Nec}CB3dEWA__wzdJ}M4;3t`AZgjp?Oj~oT1J6SH)z308${fB%4pIm
zG8#If2;X+x9ZK87%M4>>6&HxnwS1*-rfg1TvQO4Sixf9n)k>?7BnwE)eY}>eI%+p1
zuSbV6Dr%_?=YVfSpZ*+cflkm&fp3kjvnQQqw*168<5vQn9yoLqmzm^S$s|8OknGh?
z#5bHl-hIkZnYzu97T)}nvb`eui718?4)e2Y0GEZFs)Ft*G%%UruDvO+I?@HpFcQsD
z|9YX(N`*~$e{D6@OH_uudA*9Pql33+LaR0FCX!VA7UN<fRov#~f>{WarC$rC1m&k?
zej0HBalf4-1V<hEeOa5>)Z?lOvN#iKPe0r$cn<3orha7Pyr%r@O#~0cmZ7tpoYFLu
z(&EdwR2x-vu*=$AqGi)--u%#!%3+k@5A>@h-XxDGSy+MA3#^8pkA9<<9F+0u9pqiq
zD^HJCYgc#3MWeglsZ7MD#nHo+wXrqARB_Hu`dkn7Blg)tC^KB^O+xU@(X}EF@XRYv
zq?i)k<Gyiw#}i>zPGHecjG?-z$ixAf5v`BKlOCpQ0&`7p{C13b-jS7vGZe;2eecR3
ziDPQNTtf}OyScdmY2BPF?GR6(r|HuQ=-a!rC_<iuG$h}2+mOQk*l?4afgy=V83UTp
z8~M#1r4R&`>V)-}Kv-a5O0dx~W1cvG>o?l`JNT0ef2-l+4sMEH)#Jd&N$^QAAS*98
z6CX?Y{bR^i(oh3S5dn}SpPa@<Z`mRxbQ<Tl#isf!@$EB)bL~Gd4}`T!eX9WzZj>}f
zgMnXNRyOPir9jG(VCsbQ$p-TElE2|Sq&Y2b=t_RMo^EO|@9o{4)5)snb1DKcF)^qh
zDhk0APm+m{f_uCt;->V^RR5U@B_mPj@W?)-6Z2u61bi&^ki0HB8uFz-AQ+_4&yYr$
z-I>_2aZMw4R-S+J?1n58LRTJjftTCA{doT$vr$Nq6J*N3@BNQZflv@|FR_X6JHDm=
z8?rK#8oF`^8#ZxE;U7*8(xBNh2^V8DDgP&Aex`7W;l8b=MF9-d{%f0E>@AG66yyQu
z|9X(z{vP_hqr9Ya`Tu4dpFAgsk`j*#^WWUb8ZkgI@D}Ff&-}0L7&PUM1oW8Ck$;Jn
zm(;A-kY1{djoJLy_FE}P2Y$jy4N3eN?(<?rL3&xdv%~dY+hmlG4wymbTjc#W6nV+F
zFum_x&p-dyc04+y1MER694h|}<^O-vbb#MS9h?qHZ9qbS<bP~!Z+Dph%~(B#WdEC8
zUQ%dhSw{%Vv%A~Tg(_lOaozq}_+w%s1~&2bMry7(!*AagVo+p(nfR(~J)mGz;Rr~c
z2Vn+L^os<W&;MKA9yu~vXz9jTUawQCb#Ohf4;TgLx!V~3{Li9U;WIrt*b-)08EHGk
zCBtRJul_AN&YQq9h_zr4(x_q+)4>1l9%z2vfmfS(-wjIGel@L`v(*Bcz}UAvTuSb|
z`z#@t^45f49OvYT?xnc}VCr+|9A6}~37G0Dfkp;4cU4T^a8cWfe=!O*D=O5sq~oB5
zZQ7x3W?rxf<$S1+Ql_W}tFh~)h0pjE#hU{Z##4xfl9B%HVHCnOkvs1JJ_bo2^zCQB
zYQux5_;s>FS??xclyMamt*}E>!ny1o*o%y;EgQNMzWuOT)NsJd6GrDN!~*fjD^@2=
zwi&p;*6emMM)!^<NKo-cyj}t4vq>=aa+VKulJuC^1uraz2)rrlCDm6C_N}w~TvXVW
znG;%YXhiEjh9-%pQ7Zbzy_7j9n(OmUv$Rj`Zmz`x06HkpfXH(X&wnwq+t7axqx4Pn
z>ER!TlSvo~@z!C+w>vD7Ti=x_g}w?$2OWVo89hM(q;AG*x@fV+r^DeXgazml!Rl}@
z5CV`2d*FzVS%FOCdDRYj6iv*zrHHjq>!=I3Xaz(hHN34v;ZEu>tb5uXcl7U<T3@=N
z_MnaJt|5vUAVO{`G686u!OjGDpfSZeT;k}SabuL2dLnM$%W3sl$cfgMM5!8-B}0YQ
zy-OqVc=6%IqcTRvJFGW{0suyy)Qw6V+;9<jsIwKNlqs|AZNt1RRskp(s!o+m<X*Ix
zS1hl?7cEi)mw!Cp;Xmo25HB6lLKp)MfW4#3%P8Sp#<rLVaN%8)fvw$M<D1S3t{F~>
zr-_2p6vZRk8RxBfjYc*671j#Kdw$%F5rsv`=UQ#_VMF1lYZ(DMpkme^#0hv`{EH9;
zzJE6!NEVUy2I31@&{}zeqBi!;jCbkFFd*Tp0yo*<unf0MK=OI-k7*dLN#OF?x3-%D
zxGVa3#iYrYCsJ4L8$j}p*Ux4g7)r^y5iqi)ON|aqdOI49#6~_1h)j%#J@z~HfeRG_
znWGavmt&&ACZ>32=E9$aX`WiOT?(?ra_7vqPD>=!NX1m&pI+-4Fz6D=ilmg)2o6l^
zU`CHM`Y6skj@;0~Qon1)FHBvJqwujx#k1#7GS{ZG0{^KybA$>)pJ4@lkT&@83jFiM
zFsEB?w)k6^f9#o(4XtJ0=pAt7507PXD)6pTdsRG^w{M(&yd$@;Pc_I%yEB2+d%kgW
znK0<OKx@hCo3?JGs_+1i4hdwkF`pF?#?fs@a<MI+;}`;H@>|-mAtj@1C5uK5we_)*
zgcm%YaN^rcO^{`)?O7of+pb{2Oqf~_2ocSArC4{i*pzMFngpCW`#npxm|CnI<jCpK
ztY~9v?oCxg#>QvaS`M+39o8NuUNDwa)vW6b%&<dQ{wU?|b1!;Yu0f9xYv*2LDeBh)
z88$n5*6u2&yaF{H6W6^yN+u#dD39(<?sr^tmAe5<8}#VXD?r%$n_&N2oELS+Oi~N`
zEuN9Y#r2t5r9Xb=|GW<$(GTHA7mCD#_0|Cok}9ri{$LB4Ekj?Dd97X-tXSE!=d@pI
zjpcbjNnEad?8zInafiCrx_!_46DrRt1*`myQ`pUv>*Q4Cz9d^5)oXh`>+321qbqFv
zP|+ipjvv6ajvME;zS$9?;!$<DPGwv4bH26`$z!D!va=AsQ>_=es(PreqeT#rjN&B-
z=WV|9Xj?{1U5fhQdu5pF;Sf2*u)=hYFgTO%^L*H~S3eV}^16gA<dPo^f3&<Rrmx0e
zG*$OP7r^b0G(rkg9z-J|*FjKC$#d->pMK;`Y^HtNfqr#5doWko&W)eyT(9!teyfLt
zY8^hpSdylG6z?T%_^_`@s4Qr-kG|nI;WVxzeuc$5=QQ6#AKL2_1r<OAFchAMvCM!y
zsq-k44!v4b;=qs2x#@Yh2JHv$Y{+NxZoadQqLV}<HhOp^e*M_hOKy>cMr?X2Xmx0D
zw>@Mhe6fA^f8(h_w0_OHPsCH&k>(_w$Vu}%exnUL_IF0?|Ar(Mf@Qf7VaW^DS}#!c
z%Z!!y$scy4Ry9!9&+#;;Xkq7C{(SqVF$cOlegE#r&i$_zz{q7E{ZXnSi`0aB(9>JR
zsWpY|d^Q#IU11VT{Zv77`4#(ZP4+lkb&5JqPS~eDsr!9;9mZKJU8@eq=ujhDT?-1T
zJj4m_V%ZRruHjYNnoyQf({PArrT%i9z;mt_=5Ba(`L%$PCu<m8kJ!ubVBty|d=_0b
z1ZmF~$IY&=Pvcm5I}vM>V8z9|7*xZC1{4F}vLl`GjxFVpmnm8c7NLxk6eB%&&8Dub
z`#U?~d|YOG+vwgHD^@t07-hNdclVLcgjpWjDo?!OF3bLTuOCXYBVy;xg?$s%vS!r1
z<B3cb3`K%TNl^&InI4w>4{}!<{ls6EHTzLB=**uSTHdm~6Q!ltd}=Jj!Nr+hE%^~d
ziQi*WHRPd&PD2!`o0c7!0&$JneKOyIV8SDioVI+yJ-E;67)UCw4Elg_-+N&KQ&OV+
z4Yte1`$Mp21%wwln6E*E=yW)`dnK;2%3UZ;!5RVrIW8;Z?=9diF4lJ*Ij*;Z#ih1C
z8*T48@jLDh%ieNlmJ^JW>Y)?P9B74(7^vC7g&G;b0mMiJKzIbtY)|Giy-C;h#rnR-
zaeL^%!GT22tx8Pg0wZvpS%>utNl3OhyU&VM&#wNImga|Wq)1M|m7X~Q3T`Gk21bxj
zKqG$5IX?Qn61eB)I-rCAJkw^?MGmWh33*1JT4LwTWahrZM*Qpx0CE%uv*qV{;_Ip=
zmhNFy%RRr!!vgG2bP=slKA$%tX8%z{AJ=cKZMAW_rng_85Ws{FZFSco?g4At?W+X{
z_R`c^0io^{L%#+_n;}N0H3`kmz}x+q++^eN?zkve_qZAdg`DRTj2V-5gC>!zLeV&I
zX43(k`r+Z>gOyc>wD2kVdkqah9g6(<DpVFn?|N+970|rW4+Ba_@F08D<m*^8_lz-P
z+pjsd*cO5C$1T>tzvL1Yl!=*RgKAY6MJ`G6HA-;oSgIODu|dG0j-Ik8kWDa?B5^>G
z_UEUC=`~Y_gI*<{SuiMQ)~6J;q!!!dXUO^m)`OT?1jwp4+n@<$%4;}*9KK{Juyc>=
z`arVf`gWh(agri9vXuhpHJ!~KO=%1ojo@wJCO+)kI>bKLMt`mCe8yYx%>Fp{pq(=K
z(v>ihy2BNSGljn&ce4mmEHr7^2(f-#(K{O=Bl+VwvLZs^Lj+DS6e-U{5aWg~6*{$Q
z?WE}5X$Pvm<2Zf&c8Ndx6jux6dAa1oHN0;lOmmWm$FVbPPUZ-CnbwSOIi^?x(>uK8
zqc==dVo}vI=}oFTzJ(Kwt+5fcJ0Z~Ba7Fz5?gAQJST>gr=Q<Q99?Rp+3QocbXBT|+
zmx6(Yg&pfA>~ZMYb=?U1WREuT&1~~zE-E@orLGQHdQQfYWsIGz{1&&%irLsz8IdGT
z8EHc2EW;A8o~x;}I)5v8VCMU2ldFJ^?ng&~=7d)=vK)Mrj1KEK=W<4$FD<>I(r>qw
zU4|?_NIXo<3{UbhvG8mxp8S(jE4*5@;!&18C~9|u-0g#n4Po&B)*Q<Y^={^wFN@yW
z(|js?0Ug?K>L@v)`kdu(^^$#M^+9}o_9c#9%#0B0Y>)MJGgtdxuUiu+IMo*K!eQ@|
zuauGpxx`C}bWS2Zh3nS4z%efloM5QqAw-xiZU`C=T;-&RnJv~tB77cdxS50$ULs=A
z^YvpxAo;)8d+WEjwk7;CxVyW%ySsaUpuyc;gKIbL5;RzFmq2hDcSwS}OK=Dd(@D;`
z_kL&of|+N2?e4wyUeasTu1~#HM-pt${Dl@9XGmL{VHCo%)Aq_xYpvs9_H0%CEfZSw
zZr=(#VB?0hyBZ~mZvPnbR#M<Dfru~J0SZ=_a^@91M&?9jd)9kmzdn3T0IX0+F{P{u
z{aTE8SU&OCtbMu0bhuQhqlFbB{J?`xG3jU~m@hHJRkM~;l9cSXU1M=0{Z(jGUIH7D
zVlc;M&!}IkLVy?*|6YTv?HhmHCDJ<8tt%oRNcwYeBvmX2!XSB4b6kw<C1*Yzmo)_I
z7RXPN!eAVUYhA6M1?y&?U4CRq<!<sM&gbqUs_={w#(*i8UNfJvrfQ<aue|8Z|AV-k
z9?HnIT;>XJbZY*7ondGCy(l#<7f?mNxpG@ky&ash)V65wX$%9=a9&xA5BFTtd`3#V
zHosEv8XW18$idtW_H`=wg%t&#CAwnSG^hJGEjO^SG5><+TnSQyW5KPOUyv(S(2hol
z(mrBjHRX54Wb`Nmj@rM)j+;kdb0%E(K+GB@=U)V&^TtAo3YLf^20E+_RMGA5u0Nn9
zJnQ0DRsIW9zR!p4nOk4%B}sIw4VG79lc`@U7wl3I6ZMF^t_26ZJZZlh7Cx|@UAdeH
zh*{*Gm>UC|OUxRO1bD<Tsi07;_g^s{7xKJlORgj;`_&VXi^Fot#0n3|x$#5tAKS1w
zQtZYbNCiJ+iE$FBRv4(q{m2QR1hE%k9uuPgriV=7z5oIVu`RXNEEvuUqi<UjvjKfJ
zXtcdapIr;7II#PAq~rD)ueNyeAC!m)$XR+0%Ko2}#8p;B<VQ50u_I_IUXES5a_FrK
z{E6u&2mUz{Lor&_t6}dsN$)MfgFpV0o+|jvfZi(7*=)SLV2?SPW+$&cipiBXIw>gT
zRY4ZXlMT76+f!`*juV&!SP=zF8TF^LBVdP)@GpJ1IU}984vrbMA_=j)t~1A{stnEd
zhhq)q$BO<pk&L<oEnSLvUxwMG;ipJ{$~;?Io&({ITogII6poig_(#Qwi=NDU0s>d|
z^j`l<I5vzFd}3lQ!qglk7(kgqwj-_@(Z2IF(yk>?aNX;%BK`%OP%_##I0^$Hl-O6@
z+t85aDc8Az+(Z6=f<x8c%d4&jdhq#uOV6&oYa=<iYNHvtTAjI_z-rW&c6`s&J)fv^
z0`r5j7I3keDN<D;UP_Y*%I&IEyAV(pGM~|g3A`5qG~v+L<3c^}14n<ERYP#L^i(V?
z$R_X@{-v5L+Gvs@jrYVr#|#?NeIb4GdD#G&+=?TTG;hHj`B8sikbaq^i$Xo})yZ)%
zz!??=saIO%qtKW8x%@)OCyj+U@}h3k>${6V*E!9;G^ORXk#^);H`@3PopRxI*HLe|
zCynSjhN;X}X@b6k#-^9>gIkR4$2`9-ER0$AKZf~FthY#VzX+^9LkI4*SNbpPn3N8n
zGT|d{<~<q>$$iN%ld{F6OZc^kM;B@^XC%ml>pS@-@#E!wW{k||DkH5JFb3Gz4Z)9;
zRDU|}^{#VvWQdSv=%|<A{&~_frN%y622Ue6wwIA^A{WQB%RjPj@AYHz$UEyCI-iV~
zuur7h7s~rYH&SWNXF8yYL@dA_-5USeo_f~igW>*&qtQ(%4oF=)MkreF0u&!!e|eTb
zx)39EtmF#PZdt{UPy*>anFXO&`<E)TtiDf8V0>^M&JYh}n;{lNaxH)G3%r5#(h;Z&
z+(tC`Qg1bR|9N}H{EvYx3HFKAix*GS`^-Sr3q(N#vh3IP<Q@yT?ieB>)nxLD&s<#T
zOevB%>IxJpFyR54T~E-xoIr&j=6M?{{kF>=Vwd~FA^s+%x%nvB3i*vanz}JltD@oO
zVI=%L&F>(wNv25chLq%l4l^l??=gSIYRWGr_W84Qxjn+FqVePsF*J2(-F?r8o_;=a
zTo~H_gA3AdS6&6Jcg`2#tD#X*>le!T$H6CRg{ZO9Rb}^TTEc2<@x%Ap<>_IY$`BLm
zzpnoUFWSZz%%CFv1jpA6TI^PhNV%8@`x%$4s<A#3n|DbeA>?@$%j+_1HEkw0IaeY>
zvI&1YH%M~irIGK78&mj+4zqLKuP8jB{iOF^T=ZQ?Qp=C*FkPQoY#BRpF&mp$KGzWn
z&>b0=xWq4#>hnXQ62eogtYzz653pkDdUqy{pkpv`>pJ3|lJ9?r_cdwiN;GnTb^8i-
zd1P|xlN&D4F}dT`-qk4gn!*~+vT@4?k*=4IH+Nf+{;72i2=-2s328lsFgYP^NIKEa
zr}<|+@s`N%^Nd9EZ&{4Py6>*-{H=Jl9qWY6H~H4g(-vqVeD9of@XUp-h;LS0NUyeN
zeaA~*a=Nmn<jaDdqqOc;^ru{w?_a$r;Ril}9`?DG4$_+L{Esz->T+L*t%w|QBm)i&
znJ!E(>9_o@+^kYkBsL@iOrhI8j~iT(3>FIgSstO7;J9?mMRG0$$@q2mDG{oIAsK%E
z6MN%qUR|9JhgKV`0(2w`4xf9i3ZJgOTAXGYpL-C-Uf3HgahEdG+omZDSCkoGJJhw~
zJxhF5m=)YO$0?}dMk5U*p|i<DYh?bQ>_%H2-ls~lEuat8&oeX0W``%lrjU}WCc-li
zB%o;qJoc9lG|P2C+vmH-vJfW=e`|xjO7eU?l9*5WOnoU#zd^`g^dQ79fHPNhcIU4#
zg?4>gIHb0(x3;md#9U%9juM6I|JXiMpOLfLg}HKDQk^ql=CxX$vp0HTAhM?!gnED8
ziSKwux)Dn}mlw!@IyuZh&k_pg1C4m|oFWCI7OIQl!K1oOc{^Ild*q`<G<?ceuNT<!
zt5N?@{QKQZ7adZ7ub7i4q@FySQv+VeTXlEml{2}@i%7_tt%HX&RiT#2P;?-|)}(Is
zl4B-DMTD;lF(sEQXg`zd=TqzXF*9ZaYU#&4A*7@XV-t8-UtQ^i;<+UCw$eN{RwgM^
zg`?1>#Xfuzipi+l8b<eBuNuUwaxoqD&!5<rPMNslga(DO8&3RdQKN?`@jxA=*B{Y^
zbZ8V)1$ML3!$|+wJGh}e($BM!sg;%%p>O=&#{=0*yv08b^Dq0pH5q<8ofBi)F82`<
z`3KL{%HHpnS3Fl5O5433Dys}=DmUQOkjtp{*JnOV45kLC1eAJZ+$~iM-Nbkm8v2u=
z82Cvf+mdmtx;Rbbe?8Qh;o`C|0FQIhgdtr@BQxYo`)p+mFKyNALa8H-w{LscMi|79
z8a3c1JT?)i50BZ&$2z}VZho$mLS?IIKX+-8{@si?D*ABQMq+sYSnx1dXxkv&0Yr7(
z5hhbO($LdW`1VM@{CHm$o&M1i5}PoO(%)i;{DbXVcP@XQk#j*>JvM!$f5Z#~7~p2=
z+&^reuC~uCEk&=b837OY$wp{3X$WLL%-0wu3fk%)LGvpOsz=AvGH`_EMFjyJY3)1M
zJeik7|2_%E@IjNVtxjk`#q#p<1(<nlTpxam1&+`N<FSt<#_Q@y-!Z>$QDz}V8a9gg
zS8u^i5E6@o${-)9VOF0>A-dy3k#grS%pR@F`#s2<V#HqW_p$TaxlBu!n05hsct8^C
zU;baF@)lB3T!it)8$1;M2s12l!5pB9Y7X+>59q=0;DP9GKYusWpb91xa~Spz|F)bO
zjEMS-^5-UhuF<0dQ;K6?^PAt@`r9fD;05+S?S)iffeD3Yzy7~c5OAxZQbADvX-|9(
z0Zb<Z%~<|<^xs$Z7Igo<`QJv!kAIU1l6u^KKM)6BFunfY_7Xk8RH7kX_n+zcedRls
z1Lyy?H!KM5m7ZJ`%zq!7k^h?SzwP~hWf*={Ww1{{Vn#u4UGOK5?8vL)#=!7qqi9zi
zm0-|+__x300EC^Y4fG_8DCz0x>0r%L)q>huG$<&j^Lu}KW@c$aLz1~Fy|AYze<}YR
zcJu0g`A^8LFoY60I={8xFgV_h8<m(p7#y4fm7AN3&IE8U+eJT))aA8cVq+Uh(=m!d
zA>!@Xb=#FcX(s&7T=(ey#s!&>lD|F&CsJT46ugC>5_=Uk3VQYg^-<g^r%QVPrx(6@
zGC6fz$hNMYjyU~wasF8hJ-*a+pQISg3cx;U8#}wc!*8W1#}V+6OH29=E3Gr=$ZXwD
z4HUf6KJuIaJkkb0{v=_GRvBIls$P@ny2zc~UDMmsRTqBZeT-7vKQ8b;t6W*yq?ehP
z615+1`>-@$R!M0LXu{4yyp{bsv(?Y_?)5qcdCOc?x})RcIEs{t3Py0Tk5A3bICQEx
zJ<HDBj(48G^F(1`Qnb^r$E;Ln7<B(bZ&oP4+AXOnOmOg4>+8!SIQgSJFs>e6nj6SN
zg&RWvDalMWZ{UvN^>e`#IeXZ1QMz@QR<$@m_!2&zM94~*YAV{~{v06Y0H0QWfBYX>
znc8ztRY(5$jVmP1nC#aD^b3<O%W}N+iok_LY7nK4fh!Da+YTnk%@nnCm`5OezkkUU
zocoFp#NnpOOhTuYC#|M7RmRYCIexE33>!Uw5vSTrvk>@A;Mdc<kA%HA1Obs1mfB7Z
z+7&nbofF`g^-S%bASGpG@?%kAvsG|`6uw9aX>55+35rnD9~D}WpTGem$Z0@hz@5)<
z^Y4H|MWqP%^sOzk-wv?X3$j;JVY<+gwzkF0PBXy*)s>$S!b~I@c)x^QVOJ$4n?4rX
z#0((T&PQEF3#ZPdf9jw|Bc(Hs)1~z_DbG=z)&JoSJ#~U6*(7_v_raj60KY|M=6uup
z@qpl38p|aubvx3~(`6y!LFqlCn5ZKF%!-f{$n8Tx9!IgVMc@ROJM#hGZ88KZrHO?H
zoTb9UsN0OChkkRp{(1D*xWi;!UhOK~kitSr4-XIgbQIMqp3!9g-G_TM1?kW*pK}th
zPO8a7S)HQ1F@mJ}#|Ox<3dD<br!}AojuU_5uk_Dl<B*1m(~Q$zby(dtKuTn$xledP
zbGW^Y^3ZY?z_VY89m~|h_qYcBGAN8c%L#Ol!r#XH0jSJ~kOXI=()`!Aw?q)_V9C1q
zI5;&RssNi51!u&~=WHiVW}?IJou$j&vES)232!IgF#~C&AVU;7P#LyYz1Jgv@haK8
z1oyjr@AP75qC)v2;J!fLq<u35-LXc^-$jw_W^g)#qEbZevW>e!)K(h^=ABtX?4O_x
z?{H7*hgF!CnH(saURzlRUKOm;;v&-c)>zhad2B-_lSUbxCJev`Mn;*u==Ez1j+E8M
zpNoy)`2ExZOahH0m1JFR3wUX(ROM7@;qTwS<KIrba{+3JU#3~hxPXJN2)ZcGI<De5
zET{rWIj`NiQfw`})gAtFtZi)LJmsWKQEch4LyC^TDze%;bNpDE89d;IF`2!%>i|t_
z(=11byuf<(sQ*1}>G*z5Co!IRZlj!(`=2Nh@Io{Xl@j#BAW{>)2siz~E)xk4XI>WE
zXR<q*Mo&+l*-8ttp71N}U^ppUVFPh*p;3A!GJL@VNj(Wz(C?R*=Jmmeo`>W_N!$I0
zXvLnECF^!#wEjGzcM80C^RgEQaYv<ajTUjyozEYcA7~+hn3IBxp*~F$DPxEjhddTL
zDT1=tM~phJP%)rm@ib&dJYIBn-{QV<rBVI;XX(f9j0!<mwrY$B=2t$jkFJ*cJwjO$
z%{REe&o%MS@D|c8z*clJ#KRRD^o%DKNvZH)U1sVLPgmHqpbf5%7WA@_Hp=$VcOg$N
zx7~bI#AdDnZactDaOzhpYdfA1i)Y%=7)<8fN{%DSwmPV*1;Yi8n~1xk9-_N;Zz=eG
zEcl$m{<U9P3x>y`EF@$s@))SS$Peu^Gi!i1)=K22Vc#+USvWYur91<+YG*iD@F<ZO
z(e6j}69~p#O3}n=m^19KkrpmtBPTKxLvFJ%*xAa=#C;|}Q2|`IY9&%s8tLgN|CBl^
zwkZ^*tFvRrp%Kk6Vp22y5A9G9yE0`vdj(R_jt&JycI>@mjZXUq!kE~F6fd~2?T^#@
zWa2@(IT->^n{Gv)s@_;e+`D{}m=}$bPuU0ki_AC|c7DsqTJTl763-8|WM2oq0;o9S
z+KB>AnBT7@MSy}~L{qg>d$wD8Whex)E)JNl*?tdfj|O=nMlVHr1UTi)L>+UcnG~*0
z`$^04TYY^yU~EAF1?USEQEnFyl}n+G)8Xo%D1i{7-$JoQ*Qg&dIj&*C&AOTFUNP^E
z0WcI*&Br!`6Q|<Ci_iBtR`k^ikF~PmGr5ANN|Y}4s<rAyh}`=NAG8R#0QiM3rI<ph
z8J!4xr@A3RHB}NH=O<C)NY*z9p0+#b&S`UX43VK;tHs*!?U8o$8EI^B>^^v~y&S!T
zmh#{oVPfq=6AOTd{>IEy?;=L}_ywx9mJgy56ki+oWL8DWAIc`YBbR!)drG8JxN~Rg
zf93)&MU1P+fcL9@j_Z8K_dH^mccbA)g#4IW>vfcOqx1fOzZrIq+%3sqcgI2kR%DPe
zAsw%Q6`b#X^=xijw#AoG04n~jSM*cA$%HWVhlSyHgtRfuFirq0Z{xvDiHH2yK*k&9
zQo4d|U8=wfT{<IDW&EkEGx?mblXphT+Uc98%X6kOUFJD=M3XY!zt8v(8i@@9HIalp
z;08LJ`l1ph1bO4zbe8wL4at?`f=QdH4&DzMEmf5E=~U@x<=H>+)Ed~w{b*_`#p3Z2
z1~DvF(VBjd=ahv5@`x3p<34x7ov-JUi08v&{t7W0kq;>N2H9JC&?Qfd*5O7x#rx<w
zHN;ntPLegT36fPJX1hQV%YomVE~ltkde^hBVX<}bhENq45rzvP#e`fK0T+?Op87Q+
z*D46k=rpPze}5I1ts3g5-J=<Ncw4>H%Wr+!<{5b(>%s`?4@JNtbTv1H*RS4T@|VMq
zFqgFe4lnKa`Z?uux4k9R#;XKC*uvwv(NpbU9fvT@9M7f&YJ|K)D*7>QY`@D{5O2@c
zTD-l^Ztr*EC>v<GJU^s$e|Pu*Q^BhS6;{BHI?j=^5i<C#p(#M(2GaTEQkk(XXZ-0N
ztp9zl(={}HWKgTax35%|Xy+mw9>q|A;j8xil~Beh%p2sqjnyLt@KRs%gXW~<@2{Xp
z60>Ae5cDHZBp^ZpVM8qTGkYfLl3E#BIHO)!G_EM`JC<PmtY9%($a;|Y2C?<?J4(kj
z6~3KgzsS_DB5V1r54vxM*{&1LDtZU(5kmsS);_esbPE#{paKiptKrrkrc&-ENh%Yq
z$A;29iDws-Bzoe1-B9I%v%iSK0EQ8wqY6+v1m$~^Kg3}tsuSBIm`HWO%dGXW-G}V4
za=Ya3yp>$7z*L23R=kO&zKMDJ6L|1meH&ED#wypw6}|WD*!qPdToe(LpyvLD>15$S
z&huPQ*_J&=;=zgZ<T~n}T4Lsh2mY%MbL<*BoFBiIr(6KXX=@W^GYu<s<io|UHSMQj
z(_wTfs9yThpb{7zR%0k385rHbx)c1D+xJrbM*Q#9-(>>W)|!az$Czzw?Mi+WqtP);
z0--o~2eP%nwD2>S76L^18S2%+A^mDbT4A1Pq|^Y|^T}iD^KFoXIk2RAIYC4Psx?3p
zqu55}&q6PeC#M1%7%SXDUiBWsmzS6f??U}8mz>QT@JyrQ0>D|rb>9~|d?ajt>zP^Q
z<SyXM<45LYGvWgscp6X-k1D(z)kutsQLmo34+?ty&g;Nh-%Ei?igTUzX`wP`kL78?
zDDdNz(%0%X9Jr-p7vE+Q9wMZTrS*Z@2kL5q!0W~@*TV*?s5r<uKe_s)8P}N9E>@1^
zKDd6<&o>p}fR>lSR~Mxsx%0$(=km42QrbnH=mcAF{-*&LC>q8=KG3<aqNdlD$&8pg
zZ@fP%_SaA)JL@$mj3l|<F}}XIZ%XN6MLvl(e|$tQ_|Pz2_4Z#eToWa}cBBQyC?k`)
zaUELFz2Y0Fj@tGBbchxKHJ8Nqpgh(bp8iM}8DgV{M>S^&5f&LU41I0w=%6yEe&g2`
z6u=#;MvDjqc@#u1CKSKy1#Kix#&U>Q`?2ItX3tBKkzKO~=XZtV4~(a_pYIxJE>`M|
zR$97(L#1#4A#Y!cz}tH=Rbo=mYQGyr7uIJODJx*d<tWo&MJ=Y~yKvw*@yH&n<?siV
zDbYvfHUF!LB=$oMI=#5Ls^u;JuqOICC{pBU9jfn<a_<KulcM)8X0qqaHKRcIU7wgL
zHd8i=2h6v5j?ZTxnR339W2`;(uc1Dmvya+)($ti~^h~O95EAw&RN%WRC7LE^%Heaz
znMwA4#3$<z_HK<bK3q|vBaHDhQDeHjKC4?kSkYG-VIQ4ImO`Br_V>}@i9X<?oDXmR
zcH9%mr1X{!L@>_Ki|TdcgVWS9UYd(cOIxqj0b^vKek7sSg+&IIpCLvbOQRugTbmRW
z+3ZeYRu$MJe~9`)tHsvBu@?3v-n~_k|J%%snsY&Z#FQ;Oo9`NJd>s#%1y-xR)rnIo
zjv-GYnn`vfR*`FG?>8-FuNLlGR!IBuf77GQ&{0#pp7GbPevtg_H%LT+<}}+(EJ%rA
z{W_c(X{Rq>0hF<-2ENfPqsB$8ugSD;kZ&_HO(I}42YBOFsD5MskQA<hRCD^w*`XhR
zZf~RoZ~YD0c!T;rnW%bGur43=vE?CXkW*u9F(cIj7fz6gy8EJE?KZx$HbHhQ?hMK7
z(lo(eo17^GmTM}vf;rz{8y*|Vbh3oHn-`E`h=h1lU?xI`L3Hb9rjmWkTM()SGrm>B
zrT<N|S!(;>)Ym${Rr>9?IJZUtSaVT+uPNpf>@s&}I>60OCx;GOxVcL{4D(z^?Lph9
z!2^S_4k{^p3zx5rEP<0|N4*#r5Jg7=-G|O@27zi01<Of*lQEG<c%|BkG)aqrNsaF$
z{4qt?cKetD@0IHEURV<3g4wmkobv>t0Y)Mr_QzLs?(PEV^QncOnqV`GSk9!M6bHG4
zGV)3PW@r!#iG@eKA8G&>`8=Mh1{FvFVyCxe@5h?naTVX+i_>&LgLCBd?@eUml|)bx
z7OqDIr=Yp1s!i;(&f@gwA;L%LGHQy@UU6YF$%qEvFsGBtNMpv8!g2I;0w@bkA<2m4
z{O)1$`oBG0c0F!MF5t7D@SrwQ3#`>Sf?rGOb9#^A3jKMbi|F9$T+K-*d5f9JQP<o-
zpTD~(9uehvnkF;i%nJB4oO!f~7WJ>I`gEOGNbt7sC{%{NUc3GjIw;+CL<Rr~4@x$Y
zT4}cK7(lXSER<#LTH9^Yi=xDvqN3xALLoR(q;=}@3c77grE&fasCcYhUHC9)H=i;B
zi5pz<yV-yMw8(RLDK>z1)x!Vc)6yLEIKYkAUz6eYPAb(ZKOP6pMADlX&4^SMmDZcn
z+%UZ&{U%CADpJF#Z5I~=FfTY}U%yO#VmvF@ww}Fn`;3q;l8+C2X&XIdel|CS%0*C2
zMSCkFEY<?z8dVb_-~(_B)7Ew&XDmLPbBo<lSwA0a=*C>V6Z^W@i`X7BuVupXu;Ejh
z(a4|dvnfyJq>nSStiqwMbWkdx?g~-bLI`4rwB0bU{}wIm?S?8>bKjDp!Gd|vpVBQB
zo1Y(T3e-lfzXqaXIZ}ko6jysi(k5v7WCk)(Y2nmU1Od0q&w0L@2eY<q^AAx`5O4Z!
z8=cBwnmeXet%jeitN{V}hdo%G*y`bUR8#CYsFviv8jRo$QnPQBiMoDWR4*8vkdjzi
zQgey?@lh}bLK0vRhe}EU*FEPA|D;+uO#ETIFG#`@@Hr|<PY?-%SCghq4%a=U`CW_i
zx>Hpn=a1($-?+H~UA{GN%{(X}AFp^KorjHW@VsF|cm*mP@{1rF&^#&-_D11Sjf}>#
z@+4ExJ|P-tt;XWTkLd)$4=q0?c{59gWQI@d_GAh28KiRHEj{^sG}{?JWcBbu+d$A4
zH*2VHl%cTeU<is$g5>mPU-ueiPJ#;J4-K+UUleSTo-W+*T&^$3F)Lq)8$I&>?y9v$
zsRZ}(($(mb?MReHzk{q4*HfYv3+#yEU#9QkJx`yP70G!3{f}tw|6sg}QeejGWU4RP
zR}Zmrb%t`cKjkblAdO0awNqXC$5|K?_uEa(ZDbWLFUJ<sG*TDs(5OPm+jZM{Mxgrn
za4LG?ZZ@NfyZRuJO=tT!O^Pvw(^b%Jzc=NMBrW1PjCB&;cYTi0e1<P|w_tP$0AWgG
zdd?Od9;N)C5Lj^AGVL5zDAl!B$*;nb@29YJ-f9(t6#wmM_H&`{)r6)?zRJMI^Bpcl
zh5+`Q>(<ud4Qiup<XCt-&@$*F@d>5;f~)bDdQ4v{@Ke3PH5JJBnl<Gn6pjJJbA3Ii
zTWIxn=Mi-uV@#b<|33J1k5v$C0zEyL5?L#o#k&oYZkz?sR}w=-vPK1Y)SqDKC1b{J
zO7O*9M16CEy3R(phDLYWDQc-AURD~bzuAI5jpwpEEZ6S1w<8Ml%8{7My#0-qk@fWV
z_8tlIv-AEsAU;6q9VV4D=8s%nx);zDQsHR_=PIq121Mq*&yiAxsvf#%EInKpHhpvW
z)Zq)Wz-T(bfM4Z=#(0?H8=Gs%jM=Yw_N%~4NXp`BrA-=4Qt<MG6SMjlDGR!o*AHys
z{4x`qJqdUhRku~Zu}O~SAjy#A9ro`qOiKL6p;8(-O<zCfajAS|P~?}|TThssPmyVL
z^fDOV-HrppImGdwN${ayYor;$>p|}G-3J1U>&a}Lf~-cZS)nWHTzR3dlIY__m}6gX
z(l;P=h~ixr7}7H{-IL9VcH>xy3)sfXC~zt|x-<dj_v<(8t$5aB)0ek@XmvFnCUTs+
z;f7&5=72%s*~V>lJs?yn$Jz3S!9Vt$BKh<BddbpYj$Otz1E#4P5Vhd&eeerDXT)8c
zHQGjHx8ne*AYrs|2tbOMti6V`<cTxG*$vQ+$XA;l9|IY@cQ=$T8XaIQ8Cxj<Cy$8x
zF_eH9d84Oj=$yWEM$!6cXJX#Ps$U?<Bmy*MiZfY=KEMzN<CdRWxI24eIT(OTno&JQ
z<~!(8RZJF@!gN)$>Av{9Io_Dt)HVD-EgF{DYWnsKaw6U`L(mAN14m?s*z)(_*LuKD
zdi+>!P92@dTt$~%K>!DoO}P8}@8=+Nxo`X=h0E{bH{l-pA|oi%dfQ$Vr8Uvk-4oAz
zKMf`D#lvxMKgIVSWtbTDfn|4FRFR$$lz`W7e}Pm3bc5MuCJKw*vBl5n802#0^g$!6
ze3bgK;p_Q<L`jF`FF}`_(RzlBK}n}I`A3q_QaMt@7+$h&s{MmBct5ryZz8BL=q;a<
zRoXL5CoZ&!31iI@?Y}>PoY#6(-luN{yl=&HHfGCP{}wXzwXI)7tlcq|+jH}Q(1Br_
zJw=cFs%7!A&b5>17we=ikD$Tku$H%dE+{_c+P91aRH7}Gw|m=u7X&P^*k3~QX`AxO
z(h(ZK?2p*`Bi&PEz>eP%>JC84?*xbT&G}#upKmX`Ke<ydXUCE8&~*-mG!5?TM$Xk0
zApUZ6wA*^*!j*@ZNF%U*H8y`SQ^{BtH<@cFr+=~f>@P|$ImIrWD<vt0C#T19N`KUk
zCWJqio1RD}Qilg<)gD86uS8(V6Pg~`cn6d3Tmr9fd3($<Dwig-EO}~xb0hyJ=wTXq
zvT_5Tn7H3OK_v3?XIk?Ihp*j3x~3E+%Im0D$v_kgLLxq={^oh3m?!^_{8`x}#QPb%
zif_s`@KtC6^57x$`V70`S6PKlmzpuZIM&LF1~5+2c&S=ep8vQ7;5T%@S+}N-ny`lg
zezj~QK~+D2YjB5xsLe={g0)~gOYZtqm=;D#_Ipv23kyP%SjLRDGx%WSLL-Dmuj1bB
zG8j@C-|x0o6(X?ZeD(|`sSmqZ>MZf-KXR>6wUw(1%Bm6Y4w=eE-m!RaeSo@D)ts8D
z%~kc|IbD&pp5}v+wYhrflJI}+CPd+&abuMLOz@v@8*wI=6><{Mk)mwa*yHn5;!nrk
zoMUTmzP@Z5)eOyoJT<}YF3G!lF6(ophGcPDQ&B4WN@{pO4c_28%SJ;l9Z|1!qp07~
zyg`Z@E-CBvp>^B+bFI=|={!7B2D3K)shC=S7c4~CPU~&n=Y-#S6_XM4x`1t>^}D@$
zySO{wDucG!%n?eYDg|ndkE+?Et@aM9<Hwx4+Wmti8Aj3I^C95;!#AA<{KxP2&q5d^
z{q2vBV5O#VsBqLL{C0(*X6A%?q6(3_ZKd>0tS<(^xs}li6!Ex-vzSO>y7!}_E<7qP
zGyzgJ$ir1Qis{ttc16fWY%beVHTofJD|Lu8gLd`i_`}t)&xyhdapssmV<4?>_w)^V
z7uokXPiAl47aIB`C8@AnpAFyQY?<rm^bS2FP$TBlbt9>9%a9*;S5-0f;#68nw9Yh8
zVQ>-DrLbLZC46Bk5(BPCLCmd1?F(tx*Ey6GH69(kBiZ|=>f2IW6B>vg#vi~NP2rZ*
zps|g+W!^viGn?_^huC85SXd55Ke@HWt8gv!ee#VZH2NzmE9eoQeqx?0e7j&1W@*6+
zDMB(t2<>%hVwe69eiM2i2A~}+wx*qAhgVIkYK&2%YcD6TKBG>UY+;r3P9j<O%!-6{
z^8>f>-E_o)#$@85hRol+lt!@!6MmR_>?+$rSH{d+_;Q%);N&FNi?RAbOJ1(ykAmMz
z^gU|D$D+PkQ$e)B1$C9QVzFd4dm<q-g09T2R}5q5te=2~=?QVY>yT7eG_M2En(<>E
zNy{<JgA_V_sa9=y>7xO+-L?9$#uznuATD~*5hsmTD1G763g4Ci@VH1ta25g2Qpud1
zmh4*}`P7)CTaD|~RA;X2v%vfQ^*NO>%n4?PqA=Wu&}2z-n_-6D-UB2o%u+puAV^rw
zA97W)Vb1{uM9#n*UplIf=`Q+?5XXvfIUl}MwZr$%oH@3h7D#xw+qtH8Lvb|nTPV8Q
zV&n!KCV;Fze^3G&jGccpRl35^ZjvtWto6FUZ^b~=dM{<%f_GJfnA1xAgAJBr3*D-i
zkZu<pVaVT8b9Y?;3?B(Vm_>e_$f-$4dgGnB`%mFE%@jnY+>g||F-el)MRy(Jv}mFO
zL&_5Zw}Rtca}VLa*F8BN{7&o!I{qxfus*Yz=sopX;Nyw<*tilLg{B!z7eJc(#z)xw
zC$}3!`<%pISPTwojuBTyK*j3h2Sji9Y)0U1+&;#A!xZrV1GC7DOxC5cj|u;yvRfff
zObL~m2D+Dp%Lai{Dx+vL&?<tVVJ_>`aevl|kG($9Z(r<hKpPV)J_$}#M}J&5UH(Hn
zD<i{NnZm%rzxnHL+y4*MdxNmkv@y;1=bZU#?4m#l5;@y;$T>#*?$2+xVh$~sF_#)A
zX#WWs`|akPB?pW1{{P?nzi50+rrvR3MoE8enDzgQ^?y$+46RAC)jVtx*kx~4)YeA8
zD2RJEUoh~m26Fff1O`#1cC{q0jGWi5GAy|b?tj)z&la5t0yN}^GPhJU(Z^3^zW=g)
zelh3<+tox|OAC1!&QUL!668PI&|ieSMGYp%F;|_o)&HiZWd5zG#QkwRJNmCGPd5je
zlef5mKRaKlS+zez7a8atBNNwYx#OJIxY#O?*i`xpx1B_R$e8RlvGbo~K5rofl*Roj
z?z?g<Fw?t8Kb2yo=b<_^oQ0O;??Z;wA)~mkW&7qVy}#p&^dUwlm4?0g=-!}vAT33)
z<wAKlvAqX%d6_hRb-|xM^px#)zr28lO`&HHZ=ql(r2zBFsuYzapd(54uQ-)mAS8A|
z<6{R<#-D~bboVENuD)6?<6~oKTW)wsr3el42L{$BY+SQ6-Jc_7G7WVL=%kVO3?=a8
z727Su2u>q*i`vEgV`k2kbH;!Fg}6CAenu|3u#cv;q7DvoDRK;~^z_Oh6812A=Dxb;
z^B<ofQ<~!OA;T%5d6*K*-iP&9+{o7~0jXu8|1$ts7(Qq4s6l*HDkycNV#xMa7>Kcv
zslx}tLKqn^Vi}(zD0=0c4<CJ&1nfB>%+25FEG|dh&TT%2>iC304oD{JwuNk&L&?B@
z+1$3UJc0H;{_W)kFBKm)4Bg~VP@O*U2c$Xg+q~taNsE)tNMa}G72ooSv?a8Qv$C-`
z`dXP>b3QyXaN$`|)<C@L?z*=Qx(6{7+5OxKV!TXw#mzF1RV8N==194!jvl<ta*{5?
zgPY`X9(S36l<_VucW3Ov1#iGv4FR|Jn{R}Z$eHyT_NZeNG1i+%Mka*N*E>iMPSv$-
zd6oVVSe}!T*WJOu3F+B`0(H^4k}&b$7&ujVT<I-dV!#P03)VH?1Q}60Tt-iyF%1US
zLPI!F2wFv6BF1*EZby7O3?JL&<h@#$B%nqGgkdQ=<S3ivyQJ8EZcXegzV7sOc)^u1
z$;{4C5{n<&&N;x$27fnW^Su=p6#$Ofh-JY>BzUBUiB6fUJ{2ch@$k4oeMka}(fUG+
zuwkE89^P_)hx3bk(!w0GL*As=0xh%{LHb;dTOIwAPc<DsWPpxe+N9%I(82GvhjDqi
zwigq5{Jy#0*6`qS@Bt&UoVPm6(+V8o82d0wKbt$Bb%2jBsZXbod5Za$Wk-j@K1t{Z
zU0P+=B&QN~rVLin*@TJXk4rJ|9N(meC`AXIC}ou~C_|;g<=OF}rPhfa!RRgg?n`Ga
z(LLzBgfX4s(+T~4S5-HX>c>f;c?)myt_w<Pub-0sk7@F!t&BV%tD5`6KS8u$ucYSh
z%tm!N{E*8`Q#}u(->?bU+$tDKQztnG2r3JUJ|X8u;2bd2h&wCbJX!w0XRHqW^63q@
zlpI(CKRh-@M8n!INs(<^z#b8fov$*(KDKB1(@XPHW_pT8OcXpO1|_BFxTA^5o3OAj
z{GGMM)yTpcZEVkc83kuW;Ja(j9&pX{^+j6F1Y;Kj%nW0|g5^AATNH>L+vA@|4-;2#
za@t-B?bt6yp(hb?rhYFNx>MX!(N4*e>6EPcV|LR<UBrf3HwXLaI`15Sh!}W#w3Jej
zlKuJ=eSO&2O6tnvh+Eiv*=EweK3hsxQBq1u2NyesJwKl}<w`CtZkHYKM;z7QzI#}<
z65*!eklNB&jlDa4pV+$ff!g!VGMcYA<Ij%TCP(fKEyoRcTshVAvU6tYciL@2a6Xke
z7d!+=!C{)#t|!h-yE&-VM^IB>h>nSgt1c^phiNh!b^$UlOTPuSPN(WYQcCvMYcW%O
zmMP9JECNRbb#`{1KR)9hoP;D?D331FOD?II`VJ|iqIgVoP^t>9&R$}4Z=&|s28tyb
zvtL=?sQ&%a^0Prt)^3>WTLfIeEWBQQsS|l*myunMB?tEK8?_-?+s%FIbP_2<me<nI
zFms?}MMOf1GsU=QW)EQcZpJ~?q}Mjm1O&o!uuy<U!ygELcz7sLRSh$yN+RK@M5UeQ
znAP@%qkrfIxc*CBU(5;S?#n;>(6Gqw2qRs7X|te%jJoG}XM*0V>!x>R*WLW;>IqoQ
z$I}|!2%Ee1>e|{?4kaZekv;6yczcP%O&^a?_S3|_(n#lMTH=3hZznP|G#pH~5eUiJ
zJ~O*Nq|#M^*xJKhKTL+EiCOi*GYj(POMcIqck0zy^Viftk~i6ehO?H{HTHr2^?Ieb
zVC)Cm)ULKT{$^W`Tf>Cd*cU=@&Ot`Pl82Fz@vV`OlP;&l91uAHxGPzWr&(ygjb}+O
z>kpp$VRYsF*Y!2;;32KN!!AvpqP6yFv$13cy@t3rl-6L!&_j`?Hx#LF6o%JUm68qf
zR+Qv7tr{0C5cmq16D7$J(7&3;#?{C5c8;_#>kS-r#vYB^j0UbJP1#s+Q^mzPI6OTk
zBuohe3BCGSlRlsMH+PbN1C$ONXw1J?NDbGp$`}O@Y(2Kq`O{hV3iCU4p-ql;GoH3!
z71EGELr93D^WVVdeCU&?C%Fy^LU_=55o^MNUf<f#lPjH)-5rOi+sPmo;6W)bFOQ}U
z`$6rnQa)JCe=|Ld)nx;{;F+Pt{u2h2oRFT53$DA^r|SvbhU53vr2`uwAa%?tXDdE7
zWP8wWqxHnJmEjiv8+<!-Xy_0&*bq%QetNX1&4gE&XCk&>svuY<5O&b!L6amg3qRQ^
z3{qlNUdZ(|hApgLVjZ?rtWa2i_v!aaQVwNN-J99(-^2Iztnd@k%;u6vGTom(VT$n3
zQ|^THAEj^lkwpm6iP`Ykf^YPvdpz*UBAeue1+So5Q=bz7#9<zMj~^%q1pNGukleV2
z!QqFCnY@mK8X6kd-db8(m>zZ9Ip5&RcEZAv>z7Ij3LqwKZshqpuw>*!WsEdwB5ctL
z8;Zo8K^aN8Lr`MDLVj}saYY>+<mB-1kfm55<y6F}l~S*zr6xXyVqvg*X121nstEC^
zRl)6_p!M|hhKGmW_@&o<m8K>ry()Tj6OI{yYhQ1eM^X~Dv$yAXs~7q7{GPqm%-W?K
zE+Unz>(mKZ>{?2^VI@$Y3;7Z^G??5)mWrJwT<Xgy4}Rb?ep7WEgmKF{c2p<W&R^)$
zk{@Rh_ws5ndo#+2)iRPu39k$T>EJO6TgrS>R#_=!?uo<c6%>A@_=U3ki^vAm3WhrV
z%V3eq$_>1DxNh{HUWE3POKe<W#77e1=ReUMh^?Z#cy^|4I9OlMl)Zn#v6vj!1j4r0
zyZIvrff05FWB!l609`PF5ify<ETH^UVZc8Khn0|ZWY>SP6i(wOCavhL)MIPFHN5%&
z=niSOQ0Vb0$NoDzcmD7>+?&(SCj$6EH~8Fh^<IQwrki&jYmDCweFWSt<){gXZ&ISd
z#AY^juV8z-6^#RKv}j1f6a_OKcJ}wTv+QfsW97uwD@PC9F(6QR2aj-RNz;bnDXjKo
znOECz5mFJnl?%?Yb362i6ND)s`UiulaKK|o4(~4tO{>QLRmkM78?CSIhRi%~9AVaL
zQZKq_tVTv#ox{!DJ#BgmOM!mj*>xzM<nA1Vh7-_n+n=L+QUD;;*t@97u$M65gg^I=
zje=YDA!ZT^y;fTrlJT3PTH#G+7rKfz3A(&>nWE1brz)=fXI%N=4~A@sz7-36cw_qN
zuhet!iN}_!&hh31Xj}(9W;LM!>2Z&RGFK1BiEJ4K3uxQ(dhHAOr2Ek8%KtP}k(?;5
zf%WRU^Rglv>=>atIw;`D$;G9fCInTR#yrr05+tFpON!g*`(~Cz2>P2L9_XRp-KF;H
zoF*IIpDx2g(j|xwhf6hXvSbGOyyD|TPoPJt;2Fi_rOg*vOcD<qhdXjVA^Bm}JyHUw
zt<BY)FMFiJs1#u-i4BIfb@jJIB4u`~iuQdMbJN{F%VR*(N(M*41;KsnX#l*_n^Y!V
zZh@%e>xx}?nF$Zc>J7{!>x627BMZ9<3Cgw6x5fKA<(Y3n61{9EvV(%}OV=UfnNJLl
z7^IH(D$j<R29(q#HBeq|@a30!@}R0%8CY1f0xfF{+B7K8iJilcV%mv_h@dc0wH^u-
zx$YdA_3ORQjAT$iN%T6kMsdDZdr_|Cw*ad7ZOWcmK3d|O>)J@jiOy`zVBfP&U|X7>
z+|Z0S%TI5ykht%_$+Ks;gE5gMTAhE!CPh;Gb^+|d6J3L!IA)7YL=p2GIxV#1KW~=f
za2`+`r)=nLQwdFqyE&fU?g@cHRNpXB0av$;wg{z)zGPEPe+LeZRH7h#vELN%bqAO6
zRL|1IyaelFnZm=0R2xPkP#_oQ!rZHY+0|m9Ze++1H|+y?nh3Us{8@UzAKI}NQE;X|
zz@UC3TSC$CLs}VQ!<)rGRxbZDXeN-*gLK4XT~X&`A_plp6Ef*fWJdl-ADjd5V{qAI
z_4W0qRq{&E$o$VkBzf<$kd)|kN%{)PKhnEQv$f37v$3Jc^S6pss(_DW9E6dtp2w;6
z%G}@kuF8wUelV?7;5AQu^swSdGGB-?1t9&x0)P%fzsYz(U#k_BgnL-ehW==trv3Tp
zhVj@UW0!4&E%2qQE-L}SUPmAG7twa2VKW(QsZ@ab!Pu`}g>|mmdpy6R9m(GtJ%j|g
z2XyF%^42jl%BRz`>9^48%`RDYK?bg5g*9Jc8m*_aU*sztU#zuL>b{3+F;qb!yt_ja
zQDVz{#~!lb{;989S^$$_YGjA<t=K6@BOaXeUTI{Y@7CJDRe;0dSnfFq_NRzhZ!fP<
z77(C!&}@z@XfYIFDxr!T9bHNxG6|g`;fH9{i?Uyb#M>~%L*OY*_(X<LoI4!Z*i1;~
zaI7^rh@(8zAb>C(m)jH6*Lai{<!Wh3W5-)FfD`mgLkaijKPPscf>+RXiJLFjhVjn=
z#t#YRC1zD@v3gm{6}12<2++?Ndx~M!JQ5-zBBpK_ZmUcYiN4wqJ8$nBKUD0PceG`i
zKvS`-Z7=AiDGd2cU7rT&*Bb6PYHEe7cl-zmlS+k2Tgz>JH;F}DIdvp{6-*+O{eaO@
z34=E|(hrqkMKMTxP9-=}qDeg&;zYdgHp;qU_3njlQZ6tSx2VY~$Lj(4;p>O<$4et*
zL7w3Vm>8rj(--5=3+Oj*7)2DMCEg`tpwhMwKSoTEO?$swioFtV&IO{aZHoCpLq*U`
z@8SCVXTD6#pk;3fYrB?8gP;u!OLS1`EO%LeG!4BKapFewqPd5WC3wERzVwWYf-HkM
z9kjf%anaG2#-n&aXI^HXHo^5%8&TRHB4^a>5WdJNWoPBde<Zc_kj}bhKj5Ywa4m4Q
z!OuqhzMXMwH{(op%;@jNCSAc`k7abXYAW1Ti<TRPx)4CEh}HZ}b5&m^w~rC$%jp==
zbDBtALt|sompwv<)<X;ze}d+^+vtlZXV8R$`aegO_%M9z3ylazzpI5<p>fcfb?9ti
z%%`^dK$(W#?k7o>74Q4Y-Do&)*<vMeHte&u%;GY*`9^4Ik&efE<3|0+C=?~5NpQjM
z{qr|oRgO{vZx$UBJ!PSjVtB4JU3Nolfe8qjKY3PKAinE--)L45S(rHso;dC4YLN9$
z%@1cnEG$5iM|n=dKU+h|aKxYBg_G|IW#2;TB71>8p{}2m%c^G%1g=TM<aj_;+s2Ao
zb-?6kIWivNcWuG?&*}qk$hv;&bzk&Y*L6SB+0=9|YtsF@XKzz&H15|O^_@RW1*{me
z%v{*CKIglTE;@u$E}jPw6GhbMHzPWCT)@J@4as`$yi`G&&i1T9DiiW+iDZ0G6bQUN
zPzOiwGDH@IIPhhDqNbr?=(pmukoWDey`PFOwTI*NN(!NWrspNRX?+}R)78X>;#z#`
z)8e3se2Is>+1`fYb9ztcK<qIqBvjv7MU=581GBbrc;!}~8v28CR656RkZXJ4%eSx3
z@{z_F7fTA1SOP3$Xsbe(V@8$p444Gn1hUR*RdE?|WVM&ZWwM{08t^UxSzcnLSn2YF
zmVzLaWrgC~%w~Hpj8RwaP>5?606&*Nd7`FlPmoeNYp~A<^G<4E2Jn!7_GxJ89)Qb&
zJtO*;U6K6w$N80rr+cJ99`qZ64R263%<Ie^KY@_<>AP6b&UW_24fw?0byZf{+;O%F
zoY=Xn#(QQ<uo-jZhrk8HaBlU2W_zV0v>22fCWj@D;Ot{yb}gzli@kXwWXx=hko%$>
z?(kTmPK(UBTtKr{{tq+ckv0xm0ceYU7JbNPFFP!f+WDO#xi<DqCOy5eAQW>CY|e&c
z3>kMKkFM+{ke!rTDb5Mq9fI@G>T1{l-49@|1$9E~#)+&Q8Hb5ykD_dvGOY3@Mo~D(
z5>S$V6g4R=o%xC83{}aS$?o`JM0Nn2a@RCYAzFr!#EQ}&Q0b~?gR;mZdo{8q9kt2p
z{U+s)lsRmPv()H2c}i<kqKA<=n6K>p(u8s&gj3?P>_i-bF(p{(bE4PDc<9`M{php^
zBNp~%vlQcHHzeD>Zs$m}_4m@DXn{BHGhfEe#FZku4Upq_@QY1+TDK~D;gn+jnk~U_
z5M+G?CEQm}fcGpU3Ln{x0vj<us#hcJj@zNLRtScRC}qC8BXX~>*p4J}dRt8RG9&rX
z$AzR)iJx-^oGZ_pY_@k>@2Iagdtof%Os}NR`Uc*zv$P4VnkM!;ErUnPH0>E-%a(2e
zR=ue{{)iQ*+h+JJ2Nx4A9^Fj4j7?%9_Tlo>F8THZt^c(Xi;)v0WX~_`alY0>50FJ!
zU))%O>%fzTbV@ISSg-9FXo&4(sL>E~P@wWrjHEIEU+u*gtxsM@GczNaCT`-+JfF+N
z&sCi@@I39^LVU(%!Iuv}cw6>bcDVI!PApm$$ICRTn<~4uD<%P8ZTXO<Ts6K0rH7d#
zp(E5dhL!(g1tjxF45+2Yfaq^lauY99cc38=er{zWrE4Qaij{Fwp1UQPk)9Ck4rNx6
z2Oz)jjR{8byV*Tr+4s8~Pp*bSq9=4w$#}Fs&8p}kxy0x&yp4E}^parpcXtrsn#Ob+
zkke%F%;tKl^LihGo=|Fd_!#WO)k^+n`AhL<V&BnO*mszqe73e!VRYd4%dKPVH>;=L
z92FRZg*)B~Hhw}r>r0Yd91PQ<f3X0ylYMa|i>H71we0LC{9bpd7ojaL=*2f8k)2^v
zn4rqcG!(SYW-uX1^f|p4qWl92;|R>0UE@|pEx0T-+elwusD*U05c4w;jl6?$R&Pa2
z5=sW2a+qDurdMLAl0e`uE1`H4^u<rCvUcCNTnp?=!w|x-f*#5Uvnw9XQ;4pTh--A<
zqtXP06h__5i0FI{vw#!`7})Lcy%$RisEFn#v?Bw-W>AG8X$JOMwki5z;?kQRy%Qv)
zk`aZ}NvIsJ^-;<LhSAd>(H0*sjGakCFD4^&Qwd?yoZE=KQk_>5hP;1)%xG@k6B5a?
z_O478|Cl}NZzRgLG0FlkQkALJcEJ<ucxh*BwmW+k#yD6Qg!7pfDyrkBh-PCgk1o3u
zkA)boYKC(+erXzh%*MUT8etmBW-#{6McZW89DQ_pFv^~imfG#9rELED=3ol%0}n_m
z^rF>HyJxnrIm}Y<4R8sr(J}Is842j);PR2$LXldm5*7o=k@g1l>v8tZ##{_XekDHz
zVW{{b6MgysHdr#GN*kA%Q?kJlq=Zd|lmwyE)@>wJN44<Y)Oa4Qqq<jk$Gq#x?s-mN
z=~`{@VVGUjXk32>fqGK`4LJh^BCJe>RQBg?_+a?H#1e?9t{?G57Vky}OJ_DsTRrs<
z)5n#Ad*=YNjux-#mNc^xA=7qC7eD3H?=pD4$p>JC#MF#QxS1mbKB%)jMB$%*eri_Y
zRL3lmviQJA=|`3H?K@$e2qRY<H63AWxRa(>QoZ#H@T7QjV~UZ93h|aznUbNOz2f%E
z#-h2l?m=5XnAg*Nqc*m&%5kAU)Qw5mJ$_(kCE2Pp?+SGgFb-kJTicqFZ9pEn5`)e0
zL_%P(X(7|%oP+Qx&MbPt#U%jmLwW9qtd%16sa{ryUb$5(L!|8CB&@KzhrD|Iwb!o=
zEK0NaiFlfvp_-r$!t~;gc*d~>@C}^=b@YbK(xfD*)95kj@qF)={=D&{L&HO$ZMw{n
zhNZvwR9dog;&L=v0i<ESb11X&huY9{aOvLkvbH#cVc2bU2}ednbT@?~z^4$O_1SOo
z1kA`N9kWtM&A?T|U4WBGOUqZAQYk=_ouw|;w{&C|#_-Ztq{!%T=<=|kaJgZkOF1<j
zv3c?-0FFd$dz{>?EgLXo3U-2A_I>FUX0Uw8agv2lqvlH}?au;*Tk6R~nl8>593`I{
zJjSDEs91$aWEfDfoliliOLv}vRC`l2^HVl~u#3FZ(~((6$ZLUpUZ#}HH`i@O4fJ?u
zRpe=?iz+ri3gxL$>8G!TK84?-A(Az|&wCWCr-isQD7hv<7dp7ZDd+(m&`p6V(L=B8
ze!LB!5u`|HjPj@pAK`Xbwbycp_fhZeMu!i$yl)B`@}pRM*D{e?Uq53qE0Sk}DZ}qm
zq8v!N7H|A6<-5%O;85CXE2Ee`g%?(5jJFWhj&yRSr`l9lo5QV*<}OAno>8%UnJm+;
z;$MTmhYVusOju4XTP>T%i@LH>%@Urk!0Fr}zZVn!hd6h5d0JNr0oIYer0=i&6LVy`
z_SkIPO}dOhbFCbS#aI=v3hf;fQ8^K;f|e;k@f{IP?%fQLrO)}Hp@(CLN))mzFG@VC
z0}BbPClzMdz)_lSX121$cDP_f(B1J!E0^^P^9rfTFN)&PI-$tA(pgD6EV~jEO(l0<
zCM*MscO!S-7-^l*5Z-7+By#WKQVP@;k8aWz3wI|COZCcJWXc}zvE{_@zF=gHn4Z3`
zZ;oGyh+>K)xNbdbfNW@Fk1va|vD8ma@BeJEnHMtwZ{6{PND)TS7rve!r&`G<h|TOM
zU2)eOX9b0u_;A#&q;YYV#&zDg%UpfofAVZa^g8E2Tdv?1sYb^~<E2^RD2n1n1$G*N
zH<gXBV9L$6#ZYrI=zEH24U;;JZ4a@D*(tI;;zV;*5d(KlQCR<1cVGP#_4EBNAuP3Y
z=MqawcMA(FEg{_?4WhI(EG#A6-5{Wp2uLqo(h`EwDIqQSS@r!o=leH&_niH0o-^~D
z=RJ2GbMNCm#@k!4xT6}a)d{n%VJt*rkyb1}It<!Pu%Ke#fO&sljA_~W8IYcY^FC(H
zW9Aus+UjwK#Mq9kw-Y8|c;Z+Zxk658bTY2PkO1t1a&YKDBU*EZsB|rMi1+TVVaP$C
zbt5Ejs$tM80@o_F)TeR3M;%&nV{KAi2{GW9oeT?O&b7d&WAZ&tQDdsf<O@5G9M@D_
z?O&gN@3T=socy#xIIpPG@i>GQ(x2nAS&ZG*ekZDDt7I{m!>l$AmGzLrAgd|pQ1j6Z
zE!E(Q5~zxf7+aNQTC!<iR`_Q)$diX82WjijCH}it!Tfa^l7VXYWKwW#gKK0_>m#oK
zyywG(aahk^6C!QL@M!x;U`-tv!BnQ8Wv84@NXd$_LacH#Qnb6guMnRK!Gqt_rpGd4
zMw*-@wfCqV(aT$Yku1@sf1carMKs=F9Pt1|ZOr0SP)$M?co@|Wd<eQ1$*{*T)4-)f
z#Z0D;HRM+HzINUzJB?gZ#hK2~xYex>!;0_ujeOsurp|p_OM_-{;N(m1!fajc9+-Ok
z3&0Ugz15RGUdziB1c`uNT8Y(tj$m(=VyqVHn{<nVh!C@UaBEZv-N!)o|AiZnuzrC$
zN7-S<{j4Uy$B$|0UOWERwss^M=8@G9;DJilR2L1;+7BnLW;OR*=$Xus_~D54t&7l%
zv>NYK=B@LE#%d!>#db!l>|PC}lMThpTZ!Drs5Nz-YFNPjz0q~wSV$LQ3|yj-AHkCT
zrKcF5yBB{O&ZMZ7+N><a3+oxc<eON6?-3KlB?|F}VEG@n+474EO-`;Cvg<t9hS<{F
zVLW!kd!~e@*tBnPAuP#hDWrJzbhd;ndOZ8>LmT(wx$-^s%UBIQx97Ugnb&qpd4Kus
zT_0C9KKI!Xxv6a$+8Z(_wh&s^<C_$k<KU;#lyUN}pMU8yk%03z3LMH*02TEq{>sW+
zEF+APD8*b>js%DvBnZl?8a(O6n((*c$U}`{-;+<Rt;SdmUoi51Dj*c|Dz~xm*T;~j
zL1H+N7IFLglr(8YBzOEt{C0<A{|z}yO>X`OBy63f;zM1IqyP2Uu6eCdBp0qTt<SlL
z(k~#T0<s>kS7zB0g)I5t@hMim++l4_J(DCqs=NMp-(36=LLgUTk;c@%gu$SnGI4O$
zi0uW{g3LtC^^u7Xo>&CoP}fd`6n}BO)HIJDIblj|vk%Kx3`5Z?$-~%|!lMxQIY#4q
zi{c5;Ori(Vgt0xFkKx{^VY7q;zKHSXXQm6W%bR!e3v!hlCpWZZJ&H;A*~R#sS5B09
zfz1>{HWT6tYdiK&P2^L@d5sU9K{V2lgKz(0@DRe|3SH3=M>{htMsJt1Gr^i5+7GGv
za4wdWv3zTDW-yrJJLonhAwDmU4q4?)pC53M8SjnNI_bJludpj)#svgZ(|ilNIiWa0
z*sLRk^%XTVfQTV?`PA3Pzhlx}6D|RnN{SAmPo!F~k^}lXqFqNdp)j#vl#M|@!ruZE
zi6lzatrZdTu+$|5b_)1FX{5D#iEXJhhHw5v>B~Yq|BNM}CnaXQi5n2jL#poq{*$M)
z!`{S=@wC6h9Crk;RRKz6Wk`~pk${B)=7N2%_Gh~MxguddZ*s3B5L;Dh?Du%)qfC@&
z4e<$~M^zxA%qV4pgap`HIQNqBq)zKzR;`~Oj#*`$PMUEN1yaU4HBz-G>IFENv;RB@
z-aleoF5ye1=8!2T3dSrxBSWSb+(}Tzf0)DxOw`$z;^Pw1cVa39ywzNWi0mnjJL2iR
zuSk?dbGhewXTg86mHpD{M@Imia-@oGhJCFE>{~Pb<$0QGg_Gquma53r=(vr8Qo;7S
zJEUevu@Dne_z?br$`sE5UcO$@$AAo6@w-hTrmELE%#+>U!OpG)W2rtE+loWV@v!e|
zlPbGeGQ4nWihZw-iI_M|@f32Ec5xh^f8qNbzu&%C+t)nmsu31O8dD%yGCeKZcc+B6
zUPTu=!Bm7mQ#HwG<)vcQ8Y)ae7~T!^pjX+hExJcMw(`IfqA02X*9Yy!mmUJ>7~+uv
zMB=eW?Rp`u63S}O&pnlu0C#l$)7Nghp3}9F0J;&udG&Pdeznh{&~}Pni|*3vMr2(1
zx;a$&-T$_rF0qJUxZAPffl)nC+B`EpdX}XGBJgrOIJ>QU8l7B?K$NckgJ~=3q8V??
z%7(Mk+=spxo{q?|Y?1Zj)t=$*Ig<gGCHT!XIhbWBo+&ObN<qmNazfU}h=6u3V8wKV
zJiWb*_hY;B=PZq+FC$oIiiqp+_+)foFJl%)e(ynJTutI0Dr}S79UB_!RzCpk*59I%
zjk0yH_F9_`n7!ICz+dor*2S5XUK|0$UwGEuM8iW=xC=JdqIQ{xvF-CSQS<CK7>#2{
zLa2f^(WwnjP8S3sn$~`O(|r7y`C*dPV)m9dBgzAJ+OEabiBej8CPdmuhC0{?(?#@p
z2<3Jo@+~uo^;{Rq=qRk4VAEiCf3N#P76|wCl~+FuNZy|PzLmZjpw%G-W53Jxn7lt1
zqcGZ&S{Hp0u-!Mup)K_P9MBZHinUkG2jA^dihf#q!{zUHmQGXk{CduxG%KbCAU@=S
z$5pt}>qLXgmEaLN@LH-$MKqKR{#3t|xUz(aVDef1kc*@(@+LYJJtMG&oi3=je?Dj7
z%B-7P(l?_x__Jl9+q`Cb5J^A2Ae#oCr3OihvG(2-cG5XLa}gipg05Pece3VeB<%$g
zr<{^DHG`7_m@JKUpge&2aiRHLXFwIn%?Xj)<}Er*;#%udIbNrX#<)ckMnGO7)-O>W
zYe87^$<2MQtyAgt-P)$9L7uH_pr!EFQM)4L&WEtZ^xk|T10iOt5recap;A(xrk50G
z@?Me+7l5w;j{VsDsP7&32IA-#iO)2w(TQy?t)Qd5cy$L?F4W;t<$$VAKX?4N4c3(@
zD@3n_k~QUK<bn(g%m{KtFiQ#(Ic#9BTP}jyQX4*C6OP}{l-q4Cl|s2_l!bSu8ASfK
zZK4n!698RbgpI80FGa_>95K}uzp{Ch7;?-?hp_lgW-m~WszFqpq>QdgKYwo}IaLs+
zj}`HTelN3K|Ke~tCMSo6<+eq|K#n%3^2Q+weauuR^ax1btCOmC#+j(d{uP5#4XH?5
z+-k5U+sgjHVfUdcQHBYcQuk35r%A`hZ5j(l$6XCf*XBy_scF$I`1Lzng57zK64GxR
zi>X+mc37`SU-+xph~960MtzM&D-<_lKbQwwlIs~P>(#(0MGKI>N)W#4*+H;;e45?w
z#B(yzKavzG+x57r+|&0PJk~6kRtduI`XElJ*Jc85Bx9t7&<uaO(Nez{iH(YgR1j5;
z6s4}-qpFrR(yWt6(}B(61-W+fMI*#z&DiNvK3VBdTFQm<S)P*yv92)!lK1VHvesZQ
zqj{Z?+pyLGTB>8*I?Az%&U@)mRzH^iut*`Ozz-=KO{d>_Lchry&FMDpAp50b?AA};
zVaforaJl_)oREk-vEo-R5D6GxNJwbD)-sHB!3fZ!@fpXj3#qffAR}X5M=iD+r7<Z>
zOBrfAs@ARW&Z{?xV^j2?1_}O?aGtnK#kR*;`DXWcWQa(SUA`Y0n8isVTx}OS=~p#l
zjoHpf)TjdwV~Em-KJnSGX2jQ`MX=Lc@3p+U+BV*@AX5-LzlfOB_HzWb;L#r`G$uRC
zRA?!E!eeIbD&5v%6icc=cQH>u{>i1Q>yhmE*JXX{2+GOmgYdVK*<Www8ou{eHA7L|
zeS&z5e$%q)4>#gyOG2W}<zB}1=Oj^V=!7<<Nn-~p{*eCE#|x)^)t5u!zdtN$pyD?v
z>qr_<LOI8y0_rhl1PbQ!agdR3?IuFR962zsfL}8!G6+6^Pk`bwB6L4GTF@1gN%)t&
z9n7lE+C7p(Dpu?KEa&Tn$}Q*iz9qaFd#_?f|H&|k@gMN#<wK<!UVF2qc?z`yV<Xc^
z6oJ=RT;DG~jpN3x_0`^8(AqOH2JE3N^P<dua-l|EoFv%a067>Bs$OVL!TDx|uG8Ws
zqnCP|v&3UyshQn+)Ip8pR@hZ<2PYM#I&=Qymhja(EA;Lv^QmF`76`+djH>%cxX-rL
z>w{7WB`TWtKPzr{pYBY5#l-9fP<f!srBDKOiP`qe+vj7u+SrS!C5487uzxDLPkaEP
zy^wedDk^r)U2mMmkc8$jGP^%3Vau6NXYbxqGSa-&oFX6Y*s{<9CIf}2*rjU9!+#p)
zyn!f8i?h*3Cto+S<8Tc*R`9f^r+syP*B_tn(rcF0LqiPT?lcXxF*>ye?P9j4&#Gj2
zTqH(E=gGr{W%I-*vFdD?<TA8Pk`i7}f5cdhr&FB&7DN+(Zu)#Htzh-0v%k&vH07v7
zvv}#h0I@=sQYoVSD&32$wB(21eou)^O@C~b_PE7eH*J?lP4L}2k>IOeeM3Ll`MnQK
z!rNwMXW#NsY+lUI8<@CtKaNJ<SdW(hQlZDTYaX_pYS4(ihG^x^v*mp3jE=Y&&66^I
zH6oQ9<mm`7M|1H%lb|Mauw_2Ms7@iY?w|Oo0eM?OnAlGNfhbnVY>_4jt@<qf#QV4~
z5YZP4MIrgJa?Tmh=EcaGQsCu`rFS%)Tw*8qHK@7gdyMA2QAj!)N_N}~^hZkoA2&lQ
zQM>I~)ouYgf9f|jRc^m`6W41=J%oIU^#v?ygRbFxQPEnuy0<=u!XU8pehD>y+SiBt
zmx$)Wm(ovi>xS4`_qDi~*%vA8I5!%!|K+Y$M&%h+@TE1hh2T^D^q;qXOeAEjH#pv{
zN&#-JRSK>vGy@8#!6bj~Rw4?H!NMTFUmxFKK&B6ymc6LSxJ@FLmQ2ET(6hp@2nH^o
zs;WJEvsJIA)kQ!oEPbpaT;ux48{9^?TYvss1ORXXI}^jO;B)=-fLK0H!G3`}W~yYW
znxDP5QL&kxC00cj3_W1O_mdP+%+2iHxSJ8X<<Ac3=@eX=a!st2>UV*7z#_*Vgts4O
zFru$Ci1?mx4{DYqY<AC$iPnCOjvum=i#ghb{W6|=3!-jMNeet(eu!Au=Fu{#W&NEs
zW%`$A;!cM`PYrx2=tCUO=ohm5YMQ{bj(!r2Otaxr6ZQ3_SqP^9=3!=o)cHO6?Lgj;
zs+X5=R(3WYG#it;j2o%e1;ST@W<(y>^wCOqp{KYV+m1f%-Wts;K8uNu*T<FrZRp(4
zy{@XFLQ>y7p7h!aRKOAyzAzv5c2*BJ$+4oz4v>8zvgW2BPze-S%^mZ+QvJ=qRWfY(
zT#cr*CTOFct2ar|dU&L8nK$5+V}}EHtu|(3-9!6BX;uG&?u_ScZpwdNLJYls-pvQ!
zE*snH`SQ&W8P|1B@}TS47*lt^fqoEP+|eB>!(?DB;?#hPEG0dib0f?>r{WX!FwMpo
zvZA`Cpt902wi0&p-k=V3B%Oy|AmX_YQj-}e4y9WH?#|;mw-ZLy$fku0{~Q<x0t@m@
zLx;j5@Ek~2aZFpG+LjDqi-T7bl7UWywtducO?`mP*&$)*!&Fe$)lzba#xHfldD7g1
zgtrS-Jo>tCD@(Xj97^N=$9P~vT_*w__S+O9HJ1Fmod-rc?=en?KgGvMzuHvE#<=Oc
zr~2^1ssE#|e(fadgZLS_dxP=5-%)!xgk)3tdw3~*^_xsF_cH#kt?G^I3FbN9D{^w@
zxNmshe9qGP+=?gR<Xo{CY<tFGbi$jNNfHvH!v8FRSZPw8J?Dm`qo}Niq@O;BT0F`1
zDt+-I<<-x$hwwGhbT(~a5cNG^sQvFG3z>L9t1Is^Jlsk&zrd})Rd+Em0XT0|4!6u{
zIBP=gf*vGf(QWv{l`*Pxzt)(`D85HHCfyu$(&xmE<yWX}QBGZQ$p%a6<&@}IV!=fY
zW)e9R#tVn;Ok8B<sLwCu9!AG4ZjtE~{PW!C63*6bE`{^A_*VBt3ek572}b6T8ybI&
zb%>F751aQ3^!tt>-s}6{+r_aaZ07lS@u^1-B1wKm0gAgaZ!oW2_ANWlL86BNBn&S@
zo?$=m<?~r%tgWs2%cZyn2rmS=wI{rNmLNHDLr_=HTch$NS?2<r0$04e#)-a$OiLwE
zF5DQRl|h{iJSEPmK6F2}i5wM{KUqFignoGZmo6oSE|=uyqdCU?&ROD>{kZGs?ZAkE
zhds_mlGdKiW_I?u<J|bJSNmZMG71k{e3x7btAi!}dN>b-+wvv^&mkNBQ-A~#`OEKB
zyluxv6JPZ)bGD#fgcoM7@NKy}o`Je(<`n*88O<>8Iv~2^Uwp&5AYkX@l)t<fGpJh~
zAKbAAG&6d8&_uipqKK=Je$>l?@slYvw2NK7%a*0+7d9@>9noU{Itu+XF=0%6`VaKE
zlMyY*;R=$YCXF$Sf~j2kKjSMQ5M@UcN{0~FzsgIIFD;Gyb|Rg2XcV*4&0uKEZgYK{
z+SK!EplRjHkbZeW1B06*!H#qIedD&})wfeXiTEmf5zlhotPNF&{73NZ8W9T}uBs3u
z{I#PrQRZ{xH~Zp(E=|5_v4hO0aM#Sv&Q^%)M(4bLxqdtKp7$FZl}VL@XdCguZOMlx
z$Hqp*QUvWX+32Z7Js?3`qtyxL>}A`dyE5<8$ik4am6?+pyFB>R<{VSIPY2OlxJybe
z4hw;iHtQdl&^5zw+=2!FjO*p{LNjf6SY;-i7BQ;%5ORtigsQ{4_7rWo#OjqvAP$ZG
zGSGWf(vw3B2Ng+YnbyTwzNwLWIOMd+*CO?(PL`|XgsdZ~5}pZaf~aU3^_*d$a$vl_
z$XbmORYy^DhO}<g&d#o!sJE)H4cAaYrq>tV1oA3SIv_g!nZ=hqI56gB_6BWf+V1Zc
z3C0ZhBD^Egfwz1;SNN^<Z9tQh`aQW`G1iT3B7C+;HBq$HAZix@>9OIDy6&atYWd4%
zSs?-OZo=eE%T@j`-d^P}MuHC(Vy%*VY#L`PO+)i?8@4!ldwh|13rA?+i-!pMvlC8y
z6qIf9ed0m=9p*}(h}+5V>YitrE*FN@kX~@nmI@soQPR+eOG;OYjF8cO&GUEB-YKo5
z5CT1Ss~s(=<0B$4kg8T)hGx+Sv}`S1^{2f*^%{*Q8aSnJzHI7G)M0#htjfMz!ESHv
zaFqm-bvP1&U&?iQ(s~$wl~dJvI*@F0{7qs|x>&N|5qyig=h-BqjTTKhQnHTom!N?s
zBSxWl{ZV9F9MbM`gaA3O5rvH1lMpdqYPho9J0(@qCrS86va6G(84D)Lb&_q?s+GmJ
zUm(Icr#vwCAr5iwkZfj9&V=f4Iwp#`ypV^4@YB{irX8<9T=k=?O40MNed6*}x9`3c
z`F^0a2KUr9)*MUGXw+HX?E|fw5yO80)Ri+vw?zQ_+K6U8CJbIT6DBZNzfpYYL&`tm
zWu-TZvXL;XAP@Q=&wjXLAi8Y|nDZs?R-VH54y^NOhoLTIPQj(^)IG)CDM^QW9kEUv
z78bu}-<TB|C@qw<<BlWG!w+zkM$*j^6B7#|WiJ||U`+UwD!Xid*P2~v<s&ihNW?0A
z5y=eq@b>21D6Xp`L^~hgJJ@mE_)4efs*1Pi{A=v{u2kS?BOmUUHpb>Hu3)DNUk_>g
z!zI+=M_}y)K7#-h(yV?Xd;Ft_!$C9c)Sn@roaqJ8?m#uY>QmL%y=uA|JP?<Axt-Ux
z?7kXP)6=OFH#G9{CdNqhd2#GNfpj+`!Yer}_+@teumTJHlP6DBipyKDlv6PiP2B-4
zC0?0>(|vx@=Zmy-DEi%!%~AfM%BX9Ms72^>0^wDr8<MktXB|Z9wC{$XZwjUKDid&M
z7p&~xh_l|6bl1Aglx!7&orJS&zsN(jJZj-s$OQLzlnQ^Zu=Ui$@T0$BO$|;|JKWXd
zKqoLgP2b0+CVi~JFB`?}?X=><A&G&vy!BKZ3A1K64NstMd`Cm5rqetx$X|T)+$JGF
z8IpM_7a7S*iN&{SQs6M&B91WE(Rtdt#`aNYvxII{fHtQJ1|1kmv1~^<$I7f28<e-!
z17XykBtkPoGi}`ZS28jv+%PQDYyd-|l&}}Ef1RK?E~*{#>TyKqEcee{1V(xF8_TtB
zUlZ|Nz{_eyM^iEWtg6Jx1z943n9GUe&s!EY*p$lIKoQ@;=BSM3t1RI0T?+(S4Pj%e
zNGodr8i@;zoqLSiRTej-A>cX{3&{vWT0vQ&*fJQdV98d2m^;~<@@<efNb8lkx{AsP
zln;SG^n&FdtAF|HWpcs+Ilo{%)H=eVFHjMR<!Z9?$GRYT68q}%a?B4GWW6HKnOYjj
z-W{9|?l{W9JiGj&#{&+KBw`7c+#)1Yq0L9{Wt|qAbRUQHjd^+~GQSuq-AS`kTU{{-
zyNh;|pPmIy6z;mh(`wkCx0Y4C1y=4C?O&7;k`9WZG=gu;gt4uE(4@z0_2PakvndpK
zLLQfb+uPsAE=*C)7**_qq@higL;1ilwP*i4)u_TsH6zVEZzVb`EVd5Y*1|#-M8}0?
ziHd-KXe5kcMp1UIQnJ#dPU3Qj+&>BthG<ee*lFzLo%Fjc5qSGB(?X;fuhf*#O{Xb6
zymVS4W&p13bOjVdd0~gk{^RFrMg~c;7$2#CUVVGm(mKPQqE{<^n1Wu^U5XiD0TTpu
zD^7UkoSq(1kPRnnEQlMIVC}@srvc_d0Wjr(GUX1#YrYh5+R3`Q$kMQ=$N38`sn3~d
znB)P9ZjjQyX_b%$+K`4UH+0l|76yM_EK8=Djt*%BBE&{m&F|U^BZAq<*o-*EUe88`
zRdhn-o&8Ym6d#5VI)C8Tx;dyfBvy_~JksE-x4cLKL>n+fIWf@7Zo|mWuU*$_@tTm9
z_I(15UOaCLLDQ`Ju_{vy7t$AObD^4xBM5hr&%hvOd;|nm3gSS~8b_8t@LqT@)He|m
zrU4=6UZ5-}6jvEyh5011(4QA0jU$JtPa%mkMhshuu&x%;UnIg044C}26R!*j@<6Sw
zQ|3*Cg(^Q*<(LUOdj2lFX+thnay*eIuC45^m7@@dvI3NXFTrD>#$p+<$Ty9O<RG=Y
zApo=ZUv$tF`31Zb8NDOR!0=1$QRBdoMhxk}4ir*)gk|Xj!vOB{?2(4YB~~F{JyrIh
zeb#f7yf%W?!Aqf-2*w?nsHg7e5u=F|*zpmmx}f1q=jYB4Znf1_0Fvi`p5I>65?4y9
z#(|3wro_V7yOt6d&EN8OPIfHF#aN{{n${iy<kQ+P71F6e=PgnX6t1ejpEka!@Km$9
znpmvnefEVSEC7JfLAT}fElQlzgQg*LMwDjJRCPnC1$;x)p|_Xf#Gf|nxMJmPhHcfK
zgsEp&G3W24lN;kK9f1eN)$!8ZWVj*N%=-eYbcZEMurI)PpFWF1&2PtVe7isImV6{8
z*sQ{4fQNv|LHm4uFgOtZ<1rp9$pYXqjG!d}!qqi(HBqm~hwdrj)M__sVuJI$amS!M
z_)X>MyScs0{aJOh<>Og_xvDvT+iw6cV6Twq@wwSS&)rOizuvZf6zmNU1-Sda(+UGX
zE%H%|EHsk~b<egs&sXy0&N?X=&k@V({ijpIgC0BSE5p6hnFjBmj*AcYUI#LYhkv2x
zpUQygkgluNja`Fou@hX-qwPV=CpGMUc9>uW0;Gd<BqJdEk2(IQ^*e|xU_iHs-5u*s
zi$4VXP+3`Ym>W7wf#bg}QJz|G5E3BxQtgLL{%iENHxLbqWunTziiAJNH$w&aq#8>W
zfBL_k{&a|r96(9dphWxM7W=1qp^OLxM57Z`Hp=pEUVlbKK@LFp|KHTE=*5b~d>GJM
R+8-f*$_g5g4{{cv{|7(ENvQw;

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/bb_post-hook.png b/components/engine/docs/sources/docker-hub/hub-images/bb_post-hook.png
new file mode 100644
index 0000000000000000000000000000000000000000..78c47306659e305a0a8c9e2d87d83e125ff58f24
GIT binary patch
literal 54653
zcmeFYg;!g_w?9gaQYc=axD~hJ4sCIFx1zy=2d6EiEneKAxI4iiE$$SD;838rCP+x~
z=>6Sye|N1f|G|4%D_JLVX7+6P>^*zWoD;68u7Hb8fsKKIfvcn_tBrwy>4AaqpakpT
zT?=ylAQ1!O`CA7W8BHY_89Gf5pq+!WEe3`nZlwXpP-l)3b)@)^{uv{|19D3qEqG$b
zlP78Ks6W5@{@M!bG07!s<$LN95jWiicB>i3Ck1%2OD}p|sO7k@mAUXtOK!(-yQPAl
z=-^Agv6kZ?$Z_B$vNPbwZ|uSE29klTmS)m7*%g|Ew1gu$iRpcSrKe(RKb}2b!}|Q>
z>_>C+%d7GIQQV)bn|ccDvmvd>wznp)xCtJ<cOS^4XD8UEzvagmBpf0M!)UPUF&SY^
z)M+NRG<!ny?L+|^Q2Ls>^yzZc1Lx8+r6~LdKLQ?<)INSFM~cDn;`Elmk~E^5kpAEm
zv63xT_1k$1RzkWMPuz7aKffu$Sy=*SeiSLoKG2YE;AIROfer5FN7ItrAEfMD-*>R>
zN@-9zX698yGb-L`x!FuwvVHk&++~YJnY$A&?C1mEB=gdfT2g<GRW6Ns>Q*jGp7#0m
z)+#qA)?4snnyzZOPrvOyM`O4Z@v*Sk6PVz<z$(2xeeYnYyFsU}uNq4m6$=>lV9`8(
z)cb2ku}4d$+0>LE`Gar4gYmJ%FADTgog|%YhViMNUQdS4ktrpx(2cxpZlPoOIQgcx
zMVs?ku5VK8J8}(&M%h3>5kuw>;Wa@;`@_$=r_Vfd-@v$odfG^oi5LlE`-pfM-0fd>
z{q5*^Rm<t1iBBI#hN<Juinj8ratvn7l5G(Y{<JYlxT2+*_*ww2n#&Nkp|$*ta^aKv
zbf8>%c=1`6NEvftHi+O6Jpp#0W?u4xDSFC+%4P56zYaf%@E&TuA^rBt{X02DTwdLP
zW)4R03CqBDjbA6t@00YN%Y8!&jNnCie^yNbD+)3^rO6lm6ZfS+dRL|IhZKPz*<|De
z4MqPP)ua-B{?|#y-F2@vdd$y?-rSDZ-%&VZ(au(hSr1`#xm2A!`I1H837W~ODX2pe
zJvmBKj(o%`-7C&Y@t515)88?9xVmyt?98E6^t6){r9Ld7O40?i4lI5J^dj-DtO;~{
z7+c#h^SOIkWl7!8&S{U5BbnetN7SkZ)gMtf)#Y0fav7ss9#P%!5czAXxKCJqa_Fgq
zt7H+`OeS@ro$!2F>XUF{S;>iaRQV@Aw%zo+>%Od#R+ri14ZRinv#Gl|y>;RK*FnVK
zffehMY2i2L5KW1Cf>CL#H13?j?{-Sq*Kh4fNYC?ax+e0kxYfs8F{abiuQA#;N@pFT
zK<hXut5|Dh5wjSMqFXxV7!PqiFvdP;26noU@=Wl6iPq+AbG5Yu))cgbDPB)}D#gKk
z|B&>3q=&}?{FAUZSfTC&IN{&1b+l%fzJJvn{~%gJp#0;xewXn)mWieK!57+fy6In9
zBF_M845nZ9-JXs{<N0Dro?za*es2BVIVzI;eNigO_J@}D=Bd)8UwYr48nP$H*jn<b
zhL8RtwYD`BZ6sX$qGv5_sZf(J?^l7_7A^U+wI*f$Y35I(W^UIglTB+k9to`2KH^h0
zU()PYvQ3qftt<a_?A6G*4VKf$EAMvdkS~`+Z|n&qx}w}(wSOaENLFOzd-jAkmX(S9
z8@m<l#D`9pUS8H;=9L7mc$G6H1p#Ts!B^Uf+X?3bwtwV3gpE{$5)1~P+TdTO^%ap%
zP}xg0utHxMle%D5e%61xs3fi`9*xSvgHnoRjpZ-?mYjg3DUTP87xCl+i;jzhCl~+5
z{_S{<+5KVt=ZSR>-{Yuv^3SXvS@Uc@-o(xiJylne8Py$?<1*z^Q!8pztbFGZ3v~x`
zIBHDaOoOK@r-P=gXXN(krwvMuHG!Itf|cBr{%JetYh-Hpi1YTlZU1elZHH~MZ4O*q
zTu)qJbU1}}^b?AGK|K4+Dc>Kb*@fM8fUp|o`oxN@3bP9NS(jN3p$wN%Je%TLoQ2_q
znFE~z!~uwk8z8_E!MHK9qwC=)Y9KN$I3rjo5GqjYNb00-PczwGuuxf8Wm`#-$MieB
zSg+JucE3o!TF7A0NL*iBBOnb<b9fHT5_?YVl=YfAZj31FP^{RC#{F5<6XDMsf4H}g
z*0Q&K{!V(kc;$Q5dk=esOuNh+PE1XBPN~dhlp2(RRI9TTPAdGg+D%umSKhARu6!lz
zWBerlO@WiT7TA+S2!tu@J>83hslYDxE#}bge+pyq5AYh=Y69HGzY8=7XWEN&yG5=$
zbRWgFG6pGND<sEAh@1&CE)A@(uGlwD_~eu3n_ClaVp+GGVs7g6Ei+3byh(6Q5M=IG
zYgKJ2LKSIG2^O)a=A6N<-rky`{Db)+{UZaMld2AlqZKn1<4b)KgMo3^!RG;_syIB6
zs*!@EYNV3MMai37JBG7{D7!+}EnB8qV}SSUUL`o%I|3#=>phz#bR(oC)GH(?1aetu
ze9(B^sMk1m@Yl!ON7N_dkb7|xegr2%C?izxnnS;aPFvQ?EV4pbkG1Nw^zvQB>Zn4g
zBB`9HXrs2HW5_$~y_Wy(SabFlL>mciAEb_}AE~#fi)S8*?2E*Dn*Ui^yPfP^k^8H?
z>oJ;iNO2^#3SNPQWrSwTyF@N>fvOO`m%ycrC22oje^v>&pO>Gpe^G$zS^I9`KFJPv
zWIt1QRD3?5^HS^hQi?_@OzLS6>dgCM^mKW1QFPX>!uKGiHuiP|`8as-7K*$^?V?r@
zO;1ywU_C5*NP}toIN~7)Q|ehA&d{AJTu98b84?DHT)BMH7+Ct=r^z6|&>+wtsLI00
z=4?HWbUQz(I7vUr#=88rKo}j@Fz|OkFHSf=D*v<AjF#l4ME@xD9Mx!q`nQ#r$k%;R
z@`O{bX=tTgZ}(0?EQV^|)k-46=1b;hYA-jOH_kSL(-d=F3fFpUZ2In8iJk(8o1aY)
z!C$p2Jy$o4^JN(nQc9antVoj(Z4tY6QMOn1Q$`f<CTy#>raGpwt5s@P7cdncs_rA%
z56Zz7-l{%1rhM0ZFEZHpi!*Z^MFc^6wGQc1kEieorzUkKFAG9m^kA1g?jYA9&*1a_
zOyA|*1;~3dL7|m0uVKm^9KV}ll)aF)l>!zkS0SP+{qChAQ$ShBQ^#1}WCs}yA6-bA
z%E^dtlh)wkkv#sUs*ud+l<mqFw0$Ae651}il6{;25rQZXR?ZuJAW>y2;hC1p*dZ;f
zJagI#WkBZ*<$?I)0aWRwk~%{5w#mqf!usqNU&+v~Gcvg{mj(Kr$GSxEw=qYTh43>{
zc&i;cdvBS}#Yts3=R3Z)yaudSM`n^H@%VR$*t&NUZ8G5`OWcTU?57i{hv)s-7Vcbi
zMke3t-?;2+&lOT82Xm7onX`Jbm$M?8RhtjGKx3<w=&BIE?Xy`D8ji+_g6hP|_FDG$
zGe;hWXB%e<<^9!FX5AJ#t=llDgVVS{v!1hAziF}QT&I*>5E643mqR#kiFLuZgRj{G
z&77~MBHXde2@SMWSxXKwiEc`EL7sG6AWRk+8fWy44D_6ffjm%@ufkbOy|gb<vt!B)
zurQ|4X43`*^&h)d!7Hj(tQ!DwxaRp4yHIhz<1Jd5kc!ovX5eD*3aajr+Z(^NU5#Do
zWs#RbHM`&Ea)YEzknOv#FWnrt^u@~?i`BK~%yW!aeQcKEiZEBdbVH(0wsTtb`APj3
zF_j`?5}kj1(cv4!9noifM+rtOw1R3*t)7mPrB0*7873MEIZ`0z+mX`xw*ZaIb8*l`
z`}j2@Sv&W%*+sMA;>L={mBFP2ev^O0tod2HZpZ?{LuPTlans;oRc1SdKWqeC;zU-h
z(Y)frxZ78mkpOI5C0gEV&k8{F0_7mEWh1u~pQelK*^UT={AGD?6Cx<2O#xB+G#B5P
zhFPNhT=DAf0_~HKzyrgxRAlo;_-?|UddgV7*}7RuPB5%tGws&M0yLNd4RQ5%McnQ{
z9-<w0)263R-<{^6x9SWqt9?3r0+y#K=K|1bD;b?lg~!iV4ug+jsDrPG_!>8Mfi{7r
z=)ohM?w!BmAjJ6%V(Vep8!#E2W-P$&Vf)gPpXzb}UxzVN$9|@%Y<<MdBqr>`q?AKH
z!p|ILeFT;HS@q^a!4nMLXbcn0`gf^eN7Ha|UII6Rx%DqE_t*!#ytN)g6}~Y^03ngp
zQ4e0?V&uF)B7-sz2<gK&0kB1k=<7!S$)OA}nPA|X+~f=_)aDH>i-SYaU6^}xS5rK5
zQ#A6#z#wJ%_kEzG{p#ed+{kv&HS{u6Qx&rYx^P?C0Ih7feO=t{dShTn_=??Ky4ZSI
z()qeLyLyWGN;3Rc53#%Jf6Y7$bpO@G%Sn>KP)(Cg2Iyf+C&(?p{hC1vn~si7!o$W+
zOj}m|zlY!blVq^>@^Ta7;Q@g_+#r5#pa+15S5#D#=QSS>A0O9U4=ztXS1(InE>};+
z|3l>er6X(WY3<?Q=H&o%rTa(M(hBJ9CCR|>Z=(PC{2xATeI5SqOs<~)E!LfYJpb<S
z@N&QA`5)SMLnZ#TifKCd+BzG`I=I-ndfv?;#VaKETH?P3{Ku{TJLUfxYV?1H3h)X1
z?~(uO&VP@T;Q1%P|B~qcsO!I4@AM^wEy43Yx|hNZ?`P1#z<7h9B>Ps^_rbw3zBAQA
z(AssKWVcWI-pg#}_Wm)ec_WLSpQLfB#yC8sB1LOIN=;dru^iTnvEM(N*W1BR{uSS|
z&iar(Tr%S8hd-8V51%DHDtYkE9i+z1{pwL<4|zd?Vgn(V<!Mal_m7~A1eNpI_pu31
zzkHkyvI1a`vbKndxe&$13zz3b7J422$1^(}W!xy;5UI2Eue9ue1aB}NJpPZLH}Y%w
zd})J`7!R@NKK#c|8HS}`--CN^O+NfQQ!r@w;2xS754s$q?rncu@C2(|DWUe^y(B-+
zynJ*Y7g&lo1o{cg)=&PE{X3Dc%6T#WL#%(IekY}?U{>qHzLz9{zV-8a1jeGH<9cJL
zmL5fNFG;$JzL)o_(fC76x&S%Hy(HflM)UrsZtvLo&~T?;2R{9KNq(rIu)fb?7!Mro
z^gC%&aWBcAPI~mLfAG(rFul;m4%2MrrNTBYY0U04W~IXGH2;0ZF}!1+H6pL4&*sE<
z4}s~>p9)g9C*8`6M)QX)UO}szg(2&M;N&+S!CgoBDs#orFa~7C{#=(GJzzcHQfnOM
zU|oN+EevePE}hMKLJz%%W_#<ynU-e)dk+KG)5WabnHJjxS><AK1PKx4e(x~C1ys5N
zLci(Xqq*veH{M;2dTZhp@5o<#{10&6De&hYR%TiabkLa_e9w3+I!)X=Rn2G?JiiAy
z9}QGL)Id3A*PXfVLE{_2J7DR_#PQvS19RSwb9+_+`26C#UjE`8DZ@Kp%&*p`z9uFn
z?M!>VX@9jcwEdoC7t-4CjZ@<=)Edt7vc-o5`Tzj{0AjhrR6Rt-@s$VaHtf8zva;4*
z%ltB3mHr;hWm<l$r_mn<G%{mi3d19xH8ly70(wUpPp{*~X8SgJV|IsB++J)eA62b%
zNHwmf&NQC<363P$;jozl^nW3nih1roY05MyBn7Ij7a=f+&mzCi7XTV-oU4zGeQ!?S
zTjsH;>7nicSKCR`)B3-7hvO>RA1hcM*(j-2It`NO3`d#o!6QmVl?Pq$FU_<4)4fL+
z!tXJRChfx+{PM7OxDSLS3#gLLcXcnb7F-Op;(QIXkv)u63%k9)R6uhoj7~`@Yh``B
zacr&XT=Ay<d=&LnIy%_<)*VhUw-H1R`^s<_j49z6Xfdf*TsViOwT|yT9Js-sl!Xxg
z?VHs<7--|;O1!NSceLZuOuQY-7mpO}j~e*BWU3)yH$wh$;HYA?Q`C8tvXxgN&Yt@4
zn{m0W`6oSHErxn2=zja9PS3PHCKa!soT#cshOmExcf#g*P*$b>h|Bx;HlU!>n;L(d
za`+&ZD*#&E7sb|jA3FBl{<yIOUmUoVO>&J_$Eb@B*=Ga<N*@IW8#jPG{rH9auUoyf
z=Amn$Cgbv>&Bj|yB72}$GpW!Tz2ZCp7K7xcBg)Z%VWxc%Sn~0nkFqLb9?J4fPx@K!
z`n7_(zOlPXtCCf<Zg?Es-VYklk9&9Kyk;ilGns;W+bg4QJMvP~wd9&@y=<4XmZ4V0
zAsQuj_>8fF75GCO?@U`QP*k*yXOvRJw!^R@+}cN^1atkZSnr$baAvG(7KwkKe;~0k
zduyP-Vm3*K6wx!YHPwIy>-JIe=2~#E#+^#dN|Ld^CLYWt?u&ta(VJV8a&x8RP9z6A
z?T6zlnb4v6DgBmpIE-aHyOL*o86y3gxM|Z(ACu@_fExa|5&kH|qJRly;4yC(u`8#f
zzz&G)mg8a4oMSt1eF;*C2(Lonp?{<s((L`+H)xC&m-p1*4|_nESJwU*Og%O}-$Tum
z<ujrrmEE@8$u(pCGNMs{Bf`65dE@<Y9+A>3pf}S-<xWP|EZDhc(wSfTKiPPb^-Nc~
z!l#mDg68C{<wT}|p_<>(w*heDiw@EHp1BC^a3+NK(=Zw>zb&R02AdJ3;bCdW_Q}6w
zCpi7b%o#e7`tQ~LjJt5EJ9Cy5%BL^J3;T<0oElC8g9IsQ?+Z`$oSMjtH#koebPop9
zcvx3NvosjR8yhsIuA9w<Kcd{gLn<|q7wRs>m<E!rhXVZlPigQ(kJJSL<*O~o!-d*k
zD@Vg*;yU;SIW#m{5uSpR|0xs3Lx9phtPV9*{URh;3<!4ivsCb5^xR^iGAWOz$(SFy
z0pMINh19*~k0)pfy$SNzU8of|;9gdzz1ey%bq_3ll9Px;S_;l_W$q}4+PMyy+Kp!u
zP8^rtg^@Nzev(~^kTd7{RYGPH%66Ad|LKuGH+bL%i;kvS=kwFa5#JDoBaraE&)$%I
zADDsoUWU!qIKRxiNGor`=J6245v2i6u0GQAd#0aeoF^*U!UrYS?wUJ_6;D2(4dN)t
z=3jd0blmO(bVV*Cj3yOcpXL@Y3KRp30(_^#fHBxg4EIG{+>iV(^>KQkhs{&@F8yG8
zbDI{`A{(DOyOQ};7OTb1u}zGH1^0I^^;G`YUupV8diFI<br$xgK~sdn>F|KuFc|J^
z>pI{EgTB=dVKsH{P`z)d%~bn0jZQjugRvo^K9bz2i_yJVq}F~kCgk)J&Fvj<%T*=U
z13ljjgX0PqUo{GudU4nXU;FIzMw0QEbxtk@oSWsi840ZL3%_V`R00A_ABZ?Tcy=F@
z_}Sb@yB#Os<?t=Xp}uLyzF2O=#i1O6RFi3fX3A6F{F6mA^wxfL=^LZWY2}ZwikYIN
zv#BUXfYxNNv#F=abTdU2D^9|__R#)kk3_dypOhfUdAQ;6w11H<Pe$-`P=BYcTKEN%
zm7R0h8Ikh7=g70(sxi@=@7t{;0#pz?i!Y755;a?$#M7+I5Prd07m@|5cBfzIZy(;1
zIj*VVWDeG(=XqU3&$|oC8BrY_wzRc7Nqtb206Pb<&t#?hOva3}bpQ8)7#D@F>Md#~
z4t(OGwB#WW98!ar{ClP^1YFuOV*LYZq=A`sIy{|8^sQsuW{rAvAC8U4d=I09YHEWl
ztB#c&XB}5ieLb+~XHIpj6M~(SMqZS*cW{`|k|3u{J+^3b2!r2YVK~E6($SuWDu+_z
z0uN~DRH62~>blWPNj;|FOGW#ud)JCLKg0~mJ4${f3-tjdjM5u`#TV5KqAdbYaxOD-
zzh{NEVmqHrsz*g!_4Ou+iML0~YR3XRkuGB+!Mjzbg&*-^`w&}zdp*&JphVe_>reBJ
z*0Zk%ET^<hVKJG}F%2!oth2nA&YpGy*Bfe{X*bK6ROzOEXU;#-cta7&_BB9u+-qlD
z#BbHEiM;6buSTAH!H1~rA=8i);QJb`1?i?bQ7Ae8+#2OQX8Pg!_`iycSs81b1=Vf3
zfbRwr6p7!lJmk`?)Fx_1Die}YG^=#zb0i6(#~q@{D)AN4)6?^!`J#E69A{<j$#zSk
z-*kMQajb_WM%<HTe0XE@P_N}#Lq)pLvwPUV_}EH9SE1izrqE4zPl~OsahLz?F6i*z
zWB)hH*aZ6Ji&gpS_kq5c<&ELt#X%|gJ(K=$y(@8MT;?X+?(@VcV!8?+fB1CNJ<@14
z-IY{(jr;Z@_b~Kx_Zfk{xMYB%{C!$7xl41s7rh0j?qO){;x3cT%9a$oF9=OnVpxJ(
z55*{A?qSHy|BfN`@$B^bw6~}Kp~iUGhZ<Mm9)?6D?-(iuXpG*cJ#UUThLx^uF<<Uu
zC^P$xp{e>}yZf~F|C^KG&Hrysx)1-~@y?%4Bu%#`<0vEuwMxsulNgJJ0z;%WOqOCh
z&soM-2GO$DYt|Nj9h^|RvDbDL8=sDYcF?y|-DE={0h?sfh;kruik;NdPwRSQYNj$O
zul-vi%&XzE+{Z#s_UbSqg6}UxOhX#tbj&|9xJYJk#qST<NH6&{G&1%<^kc<P8i<4$
zq4r<(<m-w8vmU5GP6~G8z~=h)MjZkZ!s9(>7f$29=@R0Ll<lKcxFYM}2^3#h+Km)+
zK|b;WgwYaKS{+U3Z))O6a<JMQefjRx(w^#?fXhi3uAGv3)pIY|%6ROBtlp>iq;rj)
z5k%p#W4%N={Euoka=1Cf!^@tz;aLa{?UCsY^GBp041>}Yc8%f2u>N^+_Sy?WU9p|#
zf|py4%Dt9gTGX6$ARKwAn;6?UlP?=Q6uT1&K@N9I-^MjwkmU$NU`micy-bU%mGwWM
zP9E$)9Z?A<OYp%|>Fz?%M57(k%ETl)QK4s<;%OaOk_L}PAu}Fn_6T@-VRw_<$&dc>
zy}vPaO57LOV$!3^(cf%;e2M_Yatl_sAjeGzCTw7y^bG%k`mDr9_Qq}-*dUJjFnFl?
z*JOeW^m#^NPcrUMvTS#jZ-S^=$Yhv9)z>*dlqq{!gtOQMY_xL_^&MkzXJXiU28EH~
z3pEOa>)>BcxjJ0K`0a+8?uy}1M^!Z~Xe;y}=hfEh<>f4*2ZG21Vp>9z^7;gZdKe5o
zDtfzcSZkcEbwyP^&izGqSpA&UY}h>ET}j(WVSnDFsCSbVY;rB4+p)T1rGVAg@X&h2
zz(17;x0)k@R9}af<=k(ynVI|SCR~r)tNR_jJ9EJo9tz6mjgz8phy7>HZ54QYs!Op>
z$-L#=Nljd%hCOrhK|9KYGJR>Cf+!BI8s8uX6YK8CVR!W%yJN2%JAKT9f%NOkh!(QQ
zljckNifg#oqMuFc7p~I<IAg|U)5+()TniYBG~^3XdpY`acdOMQ#9PqOz<AAC<uF}y
zKc1X_3wviOvU_oFDEu^+)U)8*;Kkx)MQS>cgX`F#bgb|UytsWy&G&kClM2Oo>A*G4
zIwJX73SVNFDBeYUCf|!IKy5O&sxE~lQh8^326INongg$VW~y&;Hbv{lcj?!{<zwo!
z`%PQSR}09hpFZ}krCbb0j>1ycrrd39f|4C2=$1NPK*ew?E8kM$w<b2+p=-nW0kgLq
zc46KKBs(x**(cqrd)L;Xu1<e#UYm5WyjC0j)=__PvZ_=4^lLGUQ23?<ZO9=N9v2p1
zU~(aVR>1g3ft^TG?qo<V$N1rA+TG@)Pf^>~z9)nw_4eu3342XjG0`IVgB~u6+@@~Q
zvRtH2(f#639@Bm5S(J?uBtX-CB3q9*qH#6D>F)5zW1ow?h?~V?%cXi4kE49z!o$ef
zgTvi9?%Y4ggI3DSbh@$0=`5MQq=*$4cjH;kUbU`78eI{bJ^EQA?BcOR>`d_-)m<|2
zaq5K#hb6cR@$~qRRtkNpkw_a-v96PIdmMrq{T;_ycO8k%ar?Tu9o~AjiT_U8*4!>{
zYXA~*f<hsV(N~agh2D<SK1%d*h8q1fLgD<Y5iE{$d}iN_VoZ)<LQ&wLtgwXlEi=xw
zGqdLpl2QTLbcyV2bJiErpWbbgwE2{7aq`Z>E%b)pb8?qnT+NE<U)tB^QR&onxGU46
zC7e`gq{b;RW40Xm-Umd?vS;ZIFNphAah)7JDc@3neO@PN*y^7tas4rS-CAJ(r!C;A
z9i?^cUqb6@w^Ye_>4ET(9R@Xqa@M!h;I~pJ$yY71ixcNx+X4_26>gHPqsrfr9N#L(
z_5B}xwxVu=zCd<nTpYdC;4G>>N+k1)sWw=Y2D=y3MQ+M)lHvqVA4Dk6mV4?O*DaD8
zVPAKL9()YG<!zm5sSAPr6{*gpwEy#To;Zj-h30ErfY*1piOcX#eTyph<-4fQn5QGh
zMa;DphB!##_)T+;0Z-~(NrtsqQH4Z9rW36$@L+$eTcQ3T2;9xPK3^4R2jIDU7cL;!
zpU3cX?Itnz6`o)k^3mZ}iOE2zS>HdeHHW2dgrO6ebk-xaW_#%m{)D0?MU}aUrc$n`
zjYn2(SGQugrsF@x%1v4`4^)4M&_CtL7s1RVGhi&o^&-`8E$q*sG~9o@8^qzM!~hX$
zEE!c@a+A_ib9P|O5udK7?fg9!)>DyZZSYfTZ+<$DP<xW9n*1$X(7MDAxkSY~Hnb12
z?spa`&N4M@bANlt@7}J7e__rtbHtq@Mv++dn3v6Le_k{uTN{L4Q-EzQT3=|M5)i4e
z1H$K$A4^F+maI!lO7xZ|TvJ`-gj_8y;EdTO9qf+rg+@sNf&rAWPzdBj8mTgEVJxk6
z)feT<bSIbo&&I$Ht5#nPMHN~;^fM^5nJOt9?$HYNXFG_Tw_%Ibg+zMr`8|ACOsmgv
zd$(Smtgi;^1%W@DpC9sApbn02Z~XS3{x)XLST&wdz5SaJ(!kry@er`LGrXLGUbZ0A
z_^N}wiiCGuUv^eObl;j3ppVbF)Iew$AyCBIMlW$>Hvi+>!|>y(g^dR%E}Nd0VwK{(
z5y>>7Y%BW$;=Ikxl_<iaE7|x>{-7+bFB+D@-n;(BW=oA1e>%@AHPW^gJBSze;;#l0
zTFUXpyFB(LKR1qzYyu8@LqbcOoR>QUnsY0mkk_C}IW<w~>*D2<WBXBMsbHZWWCSH(
zWBRn2#SUx7?hP3gPf1?DFJ;Tim`>4A8I9xsDi@zEqO8XBR)HdyPmS-Ty|>~OMR1<4
zWas5Yvf!j`)qV`e-NeK3bSMCN9LXz;Wa{$mHwD0cN9JAdIGcM)T}ZdhEJ&8PhgbPd
zgMAMFCUg99e4!T^mEzALYh~lWl%B1oW*=k+W{Xcvqjli%3%3>O5KHzDcst4??_lsl
zMT?yV=w9!K8(}}tJw2Z;Duak=P#as`XI-%PbZF5Zi)~<bMjR)<8Qq^8XuAB?sy{{^
zTsCraGu?BNC+XPR-uUNg;7ze787J_V)n=-m_>#0KQr^K6Ju(f3ry92%7oT|TL9^tn
zdkfC5-9PqOUT@cJYWm0GO$T=ue)kg-ax3=bx!n6<HJ}4!bPP&#1KRyCPlo1)Hmxob
z1q?x-B3M{1F`pi8D!yu|lOmYm$E10r?;zuOjyoJ`y-_(36Wf{t_fE!~E9kTN$!iCG
zwN}gIOIZ=G(tFfLcC3Wj5cf4zDz%QAPJIUF_#xB>os0+}XJqtD80ya0d#2)v-aZ4@
zc$&xwJ{ZHj5PS&ltiQ_hvIJS{QzpgP#0C`^3@mj{muIV!({7p$_`NesBD6Zzu~X|^
z{Uz`)hmC90EP7Wjaq9S71(&iH(s=sk&&V5vzpo|zCBfTJ$mXU>!dShR)2$*kZp7Oj
zuh+z}B(WK`U`@x*PaQRSA@<oJI);=lZm$Rem-fPjv$Y;i)<6%FYW&}d>o@&1Vqco7
z<a-p;!8i8O)`ZnNF<CF^NU%DF;QUi8sY>$&=wv?M^u#(&gI|vZS=|VQRa?xARD*vi
zlpFoh;uSlN?8IvnhFm~W`lhGlgS^kHAp$5eKM=y^ylswDrz#bi()ru5XBrNH6-u9c
zD-9><1P7c@TKA5!vgv2VW$*36qDsSUTMpM(hWCvQjoHVOg6!<3@OivfIm1g!nYi&R
zAYK6rC(q;{^A%*ZSz{tjYz4w2o|PA0oRorrjFr{#QKIM{poUi~3Dd=sQ%>6?mhg>{
z*}P!&$;^Y_I9O2QjwmuaEhvN~gSfAWaOu<`HAyt5Hr|IJL0I<>)S65)lijAtzlXl&
zqS}Q?SbTm_wAD4dU+inV{D53qr_|OP@yu3-p6NtIk3Wv*6I}S_`Sq379m~DEg0&(|
z?!^dWXa}S1?6D77|FrDv;d&y)3xTGeMvdZTg{REy(CkhfDjl80cFFmG{F2dMm(}?$
z%O=`lTf_z<kT$y`C9=Tm2SLsqRsp>UMUhsHc~2H2yA8x>#pENcq@i3VD{-r4ozq$D
z;icglm&L~ya0vl8d=i(mm|-l{*eY<)pGD@x-S?m|V1}dXx5uWYPb}U_@I?DNAEb7*
zf~p#)wm7RTjk9Fa9|1U4X=S}J^)0Jqr4>`mp>3&TYdhQ|noU_%+}hD<;Tq@0y`tTi
zSzGuY7mD65y~Jbp9EtDnzF>V|?^h~R5<M$bXa!-ojszy_-g0?!##8YB3VD+0f-SYp
zzn^aoiE82HrMbxIlb;(7ERZ)?=r~?VzSwva#Fr*=oSFkd2F~Nu`Ei+566PK2_?#Z;
zx<&s4DD!rF;X@$pfV<T${_ZEx<%#K}yK{&V7RjYW6R+9aIhtGhA3GqFbaS{T*Mipx
zAx(p%-i_S(()YFgrwi^J0rG^p-Jbln0DW7Hxk!95_$zdFyi4x1ma+cbqh_~jwhEEv
z>bu8l6ACS7F>=8!Ra)p9z5ZKbf)Xpk!_Z@iMZ_ZLvhzHqKLl}%8Wor3T*y2Q5(nSL
zZZE~+`GmkVf{)K~mQV+48FuBJA->31pONPg3>mBDIvU77S<*MH-dWJ<pj__*VX1ts
ztBD+GiQk^>r=^|=!oj;v5YV*~dYepM8t~=e`B#g8IY)qd?oGot$>I?w$qh4^a}|z^
zjrux)m7E&=RP(?&<)_M2QXLKwsroiRnsg)I_Lgg3Tg#GRtX#H5;trh~i{W)RrHg+W
z<*sDg$tMzV;`7E{{@e;Vecj5IYDULVZ<a1H|B+c9*ETB;hSl}63PQW)r1l?GEEC2c
zK?PNEkigXzmRXiXdd_YW>E-wc&&c@rrG0V6jH3oU|GcEVIeKbIT9n7%@@|{mcM@Z~
z5*NS9ZbV4-={C#g1=J-Ulz7pdNEoWiz>l**5y5D}ZIEx2aZRmsG0MeR$;oBN_2Oev
zKzZA?2e??fo3hWQz)7CEJa&f#QMpPaY3#Ujsi+5NFC}pR3+=m*B2;p6%NqR_RxWMf
z)r>BZjfM8J=G%0~w>I@@7qcGYTZz0&ixS+(sR)ry^V$x=pn$e74U9bz%L*+Ei};6!
zT#gBs1)g_{0dti`>O#+!1I`|uS=uo%kHv2(L_H`+>^#G$7v#Se<DF$ZcNO1UHfzYr
zix<1<qY!4N?L#$mG(mJorpE3Zjl0hk*}w!K9eLC&NH;}X-sV@oTe!;7q3|u_C{dJ~
zMEL3|U-p#3>gLKEuT#NbJ~(#Pp`PJX)_{RKevtBz{!}kbTSBz6?)uMQ!e~nzcYfc}
z#-TzCQrA^AS+XxCF~upgmU=ctr$TFwY?VEamEMmNTguKR_(=q`K%GW<dxmi`y|(De
zb{g*?4!_Lyb@J6E&FTIwtC6c$(lR23BI)3ZdzhZd;&n|2ofiuA>1rgE#W^lllvh+5
z;%3pYneWdiyIg!L<w5aaJaKx6{ovA9Taw<wC{^{P^p_!2pRqBQp=6eckx@Fia+%H^
z%cUDfK9d9rbUX3Gi%B$L61KHXCEdjY)yc9Dh{eSU4*X8tR0nuLL_xE-E?v$Z&{}@w
z(U)D0;nF4Lqtx{JO3V00*r0Jvxk)95QQUZGOC;oJtjLg_FQ><xgN9yP$YH!vR{IC?
zpJno+3Bw^l=j#^5q!Oq$)a!FFE!oUz0uY6`ToK+5vO=x;ptq|tV{b25dKp!N&($w)
zAp)3iMB6HI`!YChD}MC2;>g-+BkQ`q2_*e{C;0k|=Q$;>Anzt(mG@mRZPryz2+YFV
zm;ZJu=Q(<09JM!U0jd7F{9-E>eTH@?HAq+Ik^T*cNT_X@$ksoV<v0!R6RTb}Ar~GS
z@YIOCsjp}lDXzEPt5rpMaed36Uo@fUUhlJ48UK6M_09bz(L?}c9Mc<ZJUI-9G;Lk_
zG}J%sAh2c3;?<6*t9N{?U*&CDV@JyJt~R^CUHSU`0tqpv&7^!L>tyljd)67~M#NAS
zX;<apq1~&ZO34-IB$Q$%J5;+8ZX;CG7`+W1ja-x#GnV7|Olh6<=+b~Wy1w?X_NmV_
zFSJ&`^<oTV<tSL5^<pf&X-;iyf3A;q!ef_$+J8ek9~L0I!BuNtA=lv6X@SJi352Jt
zj_$J&%KHTjy)+mNik(wfoT-J*L)~41Z2M4%Un2*XX5iCg9q1R*WSCGSa;py+MxQTz
zX>fTUG<;y8Fn{9`V;!t+YPfgn1-dN4WQjsWUI14h6h41^m_w&ChS^S0En5>bhggIp
zK@B!Ev~U3J0cqxzQbBJj@1w$J-ieJ(C7}XP|4r1;H{Qn{z!2*>vpoMOk_W4aehQ8r
zfezDmC!LFWw(`N>T|jf(l6bb4_NDMh>5`SvzqroXnN;>bUi>xTqwzGdADta8e}12n
zAkm*Mu?8zW1%(Fg3ZGA+ge57VhZ9K+tIq1DO}>cro28D408b4eVZ_FstFaQ7m2?*6
z-xm<(TuqT+Z!g<E5$Lf7zA>TWAg>YXrT9DZI$Z7sE8aAVK!dk2&n&rvII)H7*hPo2
z`L?Hk835DMU|5QlI95Z$B`0u<5~36{`a)@NLNEAuamMa4sy=QT4}quY?am5ikUACG
zv=2dbJ>gw|Li41Mx#^5OuFCGp+A><7ve?2M@BFXj0qnB`bkZH@Fy{Ux!SJ{GPTquJ
z!1&L2KlzRw5hWj2%kTLg`61cKLTp?NCz*7Nre%_P2suySCwrNno1q8INs{$RlWxGC
z37whwDQdw)VK~*3MCM^f%bNU#iZbWwB-bb@1)m0yVKx-C7q@3IhbU=_N?ozzZ-~!&
zfx7vRbW6dO*^ravu*)dHqa}MpOO8h+(zD|bB;`6{G=Ei<e&<@O$I-FqzgZ#Z;wFf7
z-*jupE+_;EpdOa?b^UycS`=Tj%V_8Y!UBCRaHKua{`;n}<nKKzwiQX=)ylq;%n!d<
z<r{OVD4ZB8;2jP^d`S8wt~DRD7<eLs?$V6BVW~knw1`auGwJ@Uto*+7qrPYeifZCp
z$3-1jT{bgIqRxsVO)&pNb}7imZflO1%-?l4d}+g@ul8WM^68Ck9z+ItF4qW-$zxZ8
zf(AQS4Q=%*B^PXAEBLU4%(l5byb@XQn=esS%ky>iBuulSR(*VlwMUURTo;anW(kkR
zR31s1R3+-<8#mu5!Nt26tXg4vT-K=q?6}5w?o*S=enwjZx^)w&r9pCw#qtv9KsP(S
zDLqQyU|cq7y(X-!aCj-~&O44RRvO3rhm?03W5c6qEr1?>()S7IA2tM8?dVD`IyoR#
ziD5>+P&pbIpb}=l&2qj#;@>&$ohaGFC~5>ruYA|_#o6Jsv+=*<I=(duiL=d<D;JP!
z^dFJLmHfiRoblb!MUCS6u`hiPK7J`FQ5No~8J<vYZqFhOuh{P^VhSpuR7_M0k@5YP
z9^WNf<Kbk21L>-8Gr^cwxiu)#@5+vBD;oKSO(Vm}9*YP+u>LM@sjfhu#Maj0d%y72
zNFrXQzdW7!FF<vf)^YYqYQawqlAn;DFX)}epPj}zRax}8?RT^kn5D+W)0mOKI`tja
z!>&N&Fk%P6VE%^ENpwdIKri6)JX4$YB!$)Cdw}v81m)Acgrw<wkA(X~Uy9}gE>1h%
zvhMhJKs#N?atj|);YQ4AvJCT{vNHeXyiC5yL=0w)>K~GgwmkS4i$A%ke-@RO+@W)w
zeMH9rJP^e`QBI!eqEm2K;N@9#GN)wRR*EGBh|)kp$9iMDnC@zL-YOfln>oEl#4H?|
zqczYJo?!orvtk8^=8eVF->trJGM9OLoIVTQ>Y%eZ?$42=>_aS&L=nK)beCn_^=MM>
z<s9U?sVRq?7d(z0wzyih@SCdDd?k%cHbT=@1tL<=Dbh$#$n8ZI#E%F4OCwPu2R*ZT
zMF#AEr4{7}g$5o8j+Sb+1J+iMEr9V^@k&59S&xZpo%n90g3h)@m39ap#Mjj(_M6V?
zccVBMwfb|z9lskkUF)vqI_D541q;}3tRFpXts8`T0js|4#`N|1=m4!(3ncXs7s{Wl
z4!2itDNW$EZfUlgXXV@3K9v}|v;KPey?+1FG6<k?@13ky$v&eii3A{fsp?1!{Q}=C
zE0bS+YGg)E)5W2oJNrx}$td60)YGC1*8d@O#*Mqoz$RL<{8rIo0s@MRs*RzH2^pK2
zyFi3^_hrD|ODPEA%0K??Sg#$59M-bX;+vdJI;fLoFkf+o*L@4bwSe5#jI5;?Yj}oq
z{UvOhb^A)L7?`dF(%IFZcambMH8NE-YVa@FN^g!nT)1g%zUcF#T6o!(HfdqUknJQ{
z_Xqnbf}z4akCl%RQsRMDD!={kuP$jE!iS<1mzJyn$6gi(s%nzP8i2Yz#07<kn7H`H
z9?5_@WKvE1m*hMD{exLdG3EJ%LY<HBzu3^@xgUy?*T%A322a3Pg_FpJL;ZKv$kO13
z6zT-!E$a%K{ldlfDQoo1RsPslkwCId^(1djYyms=D-tY$?L(YjH;XC=)VmZv-`7nB
z{$6^ym-s%77kk!~3MkK#1$kH-l(EOCF)MlYw*jt4kuItl@^W2H`fFclnD2$v2uh1g
z?O9f&5kN|x#%cc{HEzX{ex53^Q&70<4?^zc?7iE(79qx~)3-iL#wKJZQC&l{7teoz
zsTI_9Ej5~kcsvh`_5)ak94vqQi`_}m@2mZQV@lLp>{qyFPQETTbJarIIiG)O0m;8t
zpkb@Gw2PG%Me*JtXB!K9O=s|fu7G1ovM<Q#{X%JLhSe60NX1#tINu#$C(o?Y_YolG
z&;bQ(x~cR0@_Hr5n+JK75{#I-M6CtL&(emR%s_6kuQaqek@^=)z`%6?<b+4c^CCw_
zpW5&AMNzTI;$pyVN5g4##4O*SEPb2P5{NX?_vTyMy9<V?;eczWJredE@hY}@Vyo?q
zzLgKnGbe5uA+c%Sh+ZWv8T*@<RyWqC09|ka*;Tvy%;Ltd&uDaaII5=t&RVswRV=)b
z#c;P#=Okm1dzef^$dwO93F=!a!Jy||j-zhJBphbxtYQH=U8jRBsNqrvj-9I^&5?8w
zb}iTFjqwnE8gJRtu+WZ%&UsH$LD?SK7kxj)^Io`U>GhddA1t}U=7-ChLl(kFi=o>`
zv3(H$_UnVGwq;Nc_baLT(%l%A%ZF&AO?H)~n2q#V=5+2rt%D2(BZ&y*`kN76e8NMu
zjW?QSgiW<cBc7uKDT7<peM{xZ(s*Wa2-SfYnQKYoMr3Z!?<>ROnu!%te|O{CV)b6)
z!PULpU6GqQa~Cl25~EGi*gWSc$sbnBon(zCi}}Mqh()B;5hMZZyfrsDMaoghI?3>k
zgVL(AGiNAvkUgq4Pk*rK7xzyURZiTCNMMR~Jo~2M3+IuSf=Q<w1U4gNXR~Y>`-P9?
zD|7AhjFj4fDQp!C1pQabraHZ93mz@;JHCFmMDkKce>jmMi!Ev5Sc=iKq1mWSe72U}
z5=KjBw!Cln@{j%6fGg9mU@bOQCKg{8HP1V2sDj?L90&B<hkr%$B3+Q3N!v<kU$$#m
zk~n+>)&UuI_?KE_mL2&0xSahK@+27@u)scqX0^0sQ%`i~WasY6tWra#7oG=EJe+Aa
zK9t*4d3K<7^D%2$J69uU12;$?MLWt;L1N3xVqtJ>kuVCZGCj+Z&b&=PYYPZpq`|9^
z8o=Od9l81>P~Er!x_c}I69Uh=gzdDE0Nhk}3>3t9E{pn#$b=g?qD#ZAWY$Ygs~sF9
zMYc=ISRGb4$Rc`)Z}Py=6~3y6D?aKO2lmn62A{tw$uo$IvqfNeNOxqUE>xn5c$y!I
zj%~brIWZZHZeXlhCWzfL%$y;kj1A*12m3ssDYeeSpmAyjB<1dK|4b!Hf$eH%t7P%>
z^Bm+52L(4Tz(D3D^uOixwDapFQ4aN4yDkceiz6t8VuhHI-TcmS{*?woZ(YH@I`(4=
zlwhYOk0$%|=lsJ<+VPid1$Czan;#A8;`^f>C9HxEnrl)x>NljnZ|sbcw$6$8uuJmR
zX1i~TIsJ=<-1*2{!=3F()ycrY(89PCLn?Kcd8;pIr&&t6Rx&TDvR<fo`&spJami$Q
z!`*w2%8m;G=F>KFHaBLlV8;bswuq9zs1~S}KIH+Ca?gd_+u+l~cemQw{R}zDiHT;z
z77q|Ldkg7bFfXP36M0+9RuD{5H2gy^3w_wKiQrb^dSAYPJwEUkdLWjYkkLCmv?L#;
z-^O4ThUr;p8yjzV4%usX2Tw?31TUSw4PHtw*8er;JpB7)32!`2Z)s|nGT=ym;j55S
zuqfBXaz=%AZ)kxn+A4luu#Fj{9NZu>i(g|Fv$RDMNhK$eAh>4%ASuu={1IVLJ_v3<
zLDIgQXgFbszDl=vKzl2@eE#a3j9L*B7>M#b4n`FDaQvM^-=b04iy4qJ2bd)0EX!@0
z#m(}%#Z4Cac&!?}2f1Ca2tw~42d!bjNwgtofCXZeyRCY=MqiJ3x0KR)JO6i2fiJbu
zV%ThvVFi<q6zNz2_v-VPS+&?)f9gep7+gCb1I8sRBj=yGKb=f83eV1vOqjm_H-bb6
z?$XsWu$es(4o^ck<$RBHe`ROJv7f8NyH^t=e<LzZp12=J`g9okGiCu@#!)OC@0lj@
zB}t8^we_7Mh5C8Zh7UxGh7|S7C38z|25>8nHxh6*JosZn7)etel3+h^Hv~2DqhEXX
z|9$K7YYp}_b`ID)KC<j&uR}8ZS1Y}r(+Ow8Wqq<2cjv-gyS2wj-K8(XKuvEI($3Di
zorcg;O75Gj7T}l)M(3HuFMEF35&Xm>LA$fj(wXYlvl6GilUOeIXrlThZ-~9+R#)2w
zZr;YvAI{H<iB4g7o*%No?yPMJUx%Td-L>$Ki2b1JgSOqQ%DXo<1vf321-hd%I(CHT
zfW8NULZ{CT2?dX-10o&c#nRvg+A8HcIm_GEAc-oel(#;r5qdqv8@$_lac9sq_B=0!
zpFF|4%DtYiV&!_v1Jvf=20w3XoiCPpJp;%MGKMJ4NZ`S5{nj02KZK`8eUJAap86dj
zic&3YM4H!e74m<g!d0Ft`&rOX!#=`RE-8qR6F<756L+PoKnl;NxfoFpb!e_<yUysY
z%-8E15K94~W*l?txgGQd%{^zgREJ|okxlbP?|ypC#L9v9S3j7@HkRRJ8XIz5Y*PZ+
zR}GFIA=hJNG0IDAhF8#4?jIL3a{Oc@N8|3wpp#LH+XJAvy*BslWJ*rZemV5EjX&fR
zjD|(V)ECokK`xOy)j?&u(M3(ca<|2|RcHB2AP8b7Bt0!qBY<@=HsoXlKWV&Wwfy~@
z=6uk5Da_7F;Py(ikHR2BFmS~OQ0*3|+&-^l%2<SYma{M%p2D0|5x1zef1Y05XgC8l
zS7UXGv_j1aXMf3wfK6lNkcvk#K@$&Mv^Hk<91Tr=ylUI{g~y!>&z7>a)_>919H;)J
z-oJNrFgw-w;|*IecxOaEMWD-{yW0G!7R@6$#aS$wJtN{;{^G56HLDGMjzQE@8*$}%
zGa3O4l*8EQD4ul0xS5k+@yzjLGRM~JUrzY92Cf7+l>rmkGPPFnjp34UR8u_rFcc!;
ztb(1KMOZMBf9_m>?{8I`=g%)*F6a4Tu%o-eYlp5{c9eRUlOJ&cpZ96r4SdB-GwNtI
zHoFA*Jw>Ev{3V`vd5>OZ5VwdX9F$M)lp=^XYL_aA2pNu%5fAyfX(@V0hOaTQB@<^a
zLUBxh_Qs1M#pAzAkwwI7lV?9S@`q7YGWB!p=x6_?(Hff-%`nmu^W{P4d-5Gt{~$e`
zJ;+W@&VvIcDYvNve=<ul&m?hBSQnnzf`2VxtsZZNoCX<yL#AKF$SEY+@v!e3{4_^4
zCvxpxKMg_sxT^Z-A#Whp!P7`b#XFw($YRYIXz-J9$6a$}cz8lnMeGimeaNE@(W92T
zpm-$MQ0k#35m7c&Q3ut5SqPld`7E8TbHs-{Fbd&)B2mw!!ssTg+gfZw@`O4d9uP%>
zA~G7~P**I2DinX{&^OKDbxF~g$~VQ0krUjvpk=e0yQ|TKKMsN6#Zs1;bhlU6A-5`s
z^*?s>XqYsrg-{>Sq7kB<#g?(ksTi0Mq9lYIgYfb6T}@mnq%@F4MdS~onu7gKPOFiq
zrp`cgntz>hpcKvZ$WHM27yx3Ujxg_LP!<`m5AhDKaCvl;nx2|8Y%{`V(+Ms%E#>$_
zN_Gf(V#q|rtzNxL%%!%SmMpU0`klbQAbcF!Q$zFDX@3&^{5d$HIsIlKJA37~tVFhJ
zmF>xug~&?WZ$R}jEoG32#>!sHdq5J<CE+HM0_K_OSH)6+R*483L4mOeVmEYh2#bPk
zE-nO3(fDC%OBahK<Z}$(c{S;+Ue{-Zch4plC4(vp!$$UC&#Yx%?Fb2vrhF?b26DHV
z_x+tYt8;89laeBIbro)x=u7hDh!u^G<x%=mGU3Zn)>eTW9&Ri#9UQzpDkEXXEfp>b
z2#zTgM!x5;Xg8k?eDLk8x0%;@3m&6+5!n|6MU)>k8Ag<0ryVXFdih(sxVw*Ej|81-
zzC1Lc;5BZL4gv{U7Yvhs?RRd|szWh}|J$1ygp<|nlku3h1{SsjxaGeW7MOnNbVyFk
z7ZbeEY{he?o;5;~tLT~qG8xX~m>Le&%Tz^hlrSOT#)C>qJ}yuZF=p<bX|4pS1d>=@
z9=}1MD{sY#+dD``>enz2i;)^R(Z;dv8?1dhQzi||fJXZ{MQTKfhk#&jtL$;_ww>IM
z%V!j<D*ZVo#mObzZ_!Tt?;`e-rhgmY-_<AQ!8|KOvAb^+LMLHEd~94rj-Eq~8c87&
zpJ-{j;&)E&_HJz*9`8n$9qj7MJ?PJ#Cb#xBu@}@+8z>usr<e2f_k>ezIl6O}$)Uwe
z6|+D6+zp#CM~?tQ#!8Uo=yj9h!13#oI@%6?^g+3_kVtU-p_(95#wrf~#W^Gp(pz$2
zvbuC#4>91t?SN~YvjM+`pq6P{W)UlwtL|z68sAu!(&Mt6Ck{=+M*J_=@@mtszgB?Q
z<UD0+DTDe}hayYcjzIXNllWhwDMgbMW6!~Qx#wp77bBcp6OKJ$>Bem%ehl-ks;t@w
z*IFEBDQXKQQjr(I>dW(r7H#LyN<L#J)M+c^>L<C-3x(T^<WxO0VYsG_iK#{4)za<P
z*Qd`jJT4?0!&hGNzUejd*e5qoe1-7x;dH4uH-R%&@e_Ag_boM^cKV7?9a9R6+vb57
ztT~Ap$IG{r$pwv>FqH&+migMJ-M8j{yo2w$9Gb7v6~6Ry6kIV?V+Ekk8of#Og)MOz
z#AWDn{92a+f}ojG+lbp6>;1dPDkbnV+Sqh`cluB;f63;n_j>8l3jGR`V_(NpmZkoP
z+rH_~=Iy>)n)4+CFp>zfEPiu_3g_6u#=0Br>wkxMZDmPRUnc_^Oc62><n@Z<t}Rxp
z3@1R-oPEd6)t>MJ!i_WA>&<wJNT!`(Se?Z>%M=RRagZxU(&MOD`DQ)!T4rUYXyp+*
z-kJx5FDZss;~(^33WK+s!KW(vuK~JVoP0Q^SKK=WKl4)=?c@?R`?S1H$6$J!-g}Oy
zk(+66{=7Xy3s)~aD8jfmS5Ze6_^T1|`q*CIy-uI8poB&g*JbMsKpA{|nTLCt{@g?0
z#IX7~@u^3_GWB7?Y2ZM)0@p7<(iBbM5XAm}Hhb(Kxq1szhw8W@aGSB0<xB6{DjAr>
z`)mS6_0lBiC5;dCLW><eILqFmF;^M>ANJleuBmQm8&?DyDoPcQqJT63>CzP`N-xrz
z(gK9uJEADkrFSCIYiOZE6zMIr5IRVQ0Fjyy2>D0v`<&x>Zr_jp_xFByKJUHPT6@;)
znOQS)UE6hBcHyASE__cH2D3XaSZTsEbB2Ql)g9=a1O-*#ck1x76HC+c!;USKK7qSy
za{^2)gl3IVWLeOxoyluYG})PK6xV4#3?F^Gwz|$F$%tQa!fl^@{W_0Nb~@|9!*M4l
z1G3kCqo^AinzA)3&6<;e#poTZng|F6sBS`%p-ihxdDsOk+i`EmLEbPEmhyc2f^y>w
zLsdZ4WdF`+(OBMCsY@pl3M2$_%1^!%?j_a+P-^of^Wzvd&k(eurGQfXxS^5rwJglY
zS1AL&(yrr!W5`d9eNqd_o;a?rv=jGeSR3~B^<r-k_dsi*D>%$HEjphNpKT8pac)Dd
zh1>g`+C{Qm>`&2mtVi$7h9a8`hObMMXcz5Btj-%aEHP+qlkx0IhZZH!vW3BBkz@GN
z&1O-6=Zc}7dtY&1^-7hnVIGM}jk|%~ynV@@k%al%5u|o<BdSo8p)cU4CYNyl@q0A{
zO_qvn^(h)XyoI=DO3-CM8(mUQ>RrIIhQbsJq$(`mS3wV=nLvHA$FP64yKE_7m&DfO
zB_}aZpXOV-?q8p!d&$-p=eV{~>CiH?+9XwGz1uOr8_c=C@R7b5_e@45kx+1(^#pVf
zS}{Chl7K-qWw1w#VY8<r>nskUFzc*xbq`a1rnuW=dk=dlCRr%u9g!J3R0Vmyli=ET
z+n`B^+`Yxdofm7fiV~YKj@a+pYDiI0F$7?{z}2FP5Pfp;AudACI8uYQ_yT+AIwP;f
z$Om>1BAPw}lbUKiTa~p=N7Ic4DM<6_y5pufs^a)5s-LHcOn2tQZsq%aXO5?vI{NTi
zP1Ex%ZDG2*@*X`qz$dVTUhE;Cozc7a^D!6mAl+$&qK{{q1GP_blh8_}rOwg*esb@0
z&g4n|RVX7E+x1|Av9*>W7~2_I3mqey+A$2FiDDb_d9(ES<gj@eM{MEO%EJ3N?#kzu
zWv!1pV7e!jIDd})3|LblqjFHA$Bx+w7|%36`c%&hXRUC$W+;Z;=$SvukWv(Zw&V*Q
zR=-8epJ3b2aD%C`PueY@V<yM0GmPn~6b}M%w)yyU&G?BirzqMf&>$kF9x$z48N4e8
z4$M<`w7{&sZ)s2M9muclQDZsN+SC+azY|n1G&c<lNu}=6>R|T@+oeTUH_AC^9#UOe
zou(i+v#+ARsmz*iJ;yedci&Uc?|8V##t(Yb?8#F<<ewv@n_)uG<nh)sjOr3oFuEXA
z+cS9anMLcC>8CrK;BreD6Y;v1T8=Dc#5hZ>TCJ4l;m!*Vkp=;`f)h2v^cH@JQYov!
z)B=aO%OK9sjZiP@s2|F%*6q>W@0ZZ*@mP<D2FTZ<67CCWP_I5KJNMdef(}t!Mgo-d
z26XceiCRxa--?!%R2-1sGh7}UL>ZKeRZ}kw*i{=mr#(rA6+Tp!+>-!AOUD?8Wgnkk
zJIrP?Xg(RsbO>_TYNYjtC)XUpuDi=^8;|%Y+FM%P2SjS^-iD5qnk1!drl(gc=J>^m
zP|>HM=7%o5@#VHT!Ikj4@T>iZ1=G-4PH*>Gb!Bfc@*vKJ;5`kY$=be_J`TR#Wj0`q
zsa19`qu&E^Bd>dYA-+Wk_Na+HHcns+X%&KCsdbZeT20(^rk!Yv61YmJ56=}cbTljr
zX8el_z>R)XRMdFslbD#`O{W^}So(N^@pkfQ5Seh0x$m*X*NVbYF-AnXDtD@gL5W%&
zYCz`;vc9IBc(^b0#Es0B;NPR1`0SkAcKM$EWxFNlB*+IMA{IFyP>9=YC$DSr4wdh$
z*~TUbYHk>Hgtrv3984&lL{Ud1R!lh!+`8f>SxCwjeesCtsdbUSeXMwPiYJ!sO>K17
zi`0&u06+U!g4QR(30m*}cX{}y*1siay`2=fh5Alpr5#UAXUf3660T{Wr|M3^mW>OT
z!M-@H>z<~?09G%-WJ)m4?Tv#_11kwvtKl{TF%Z#{@SX+f_>jfh=`_K_7PB_37l@*{
zD6{XoTg()MbM!)*9n?t#&B-xNp88f^XYzs`?3bBkokkA7cM5QGGBdu7?&OokwwTo$
zO<j{eJ_XRxoNa@Hb_ycs^@SLa&2>U7i)!+qXL|VM)oK7K&L!ZhsOOCXxo=`Db5#6H
zUN6KIm#=k+BSe$m$8~OcZVWiE2r9$+ZK9>ja%<33n{JJ*g);gB`hn7~&W!B$^$a6m
zUB*`4svjci29OI=jy`jbxu&Pafo`Nr&s{8C0`G-oCmvEQIY!!i6pYYVTh=n0;k}O@
ztJl-6l^V2uG@5O5G83P;o9pu=rsctiuu%2!Rv=Ix<bgRd5loA{jdHtW_L*T(S0g7j
zqNt;^@x4>u1w<hNxaD(wRexm74lnBD0CayIUI&!%X&y@EpsNUL$n$ZL_=Kgg8apE$
z)J)T>>ffa<9MBD@Izim3)lDT2d&WAKv`$ZFHs$XM^BB<E(8U}UWeEzjRtOk0OLQr&
z>h73v&vjX$Zv^y5vQCHBDmNFtbX@7VE<vp^W$h8=jD*mh=nh@N27HWL8giPBFtk+f
zjea^QWmt~;j@et);{0UeXyj_S5e7-0-bSlsb~D~BPMQ|qM~h)J+x(FJF@|$XO5E+z
zSH=1g?4fQt0PF`}xV_cby&JE0moeTTKfUmpsD2(EvKk2_wQU1GCx53>U7r^|4){%z
z<!ggW7k*K~O=7gsXQQ0*hkh>A3cvMo5Q)<DGV7@o`qTrq?1?Yf)tP5ilj7MQgxEt@
zML-YO4zBG`ur~~|4WH;rMEoo(u2;8LYm#=5mIbM};$|X@A+&cp;FrcfN@y3GLqUR#
zkO{>*?2)fDTvsVhZ5DiPFio_7kz_y9G+1PjYO|Wosm<#*6Ph0wn!dU4Gb2GYDH!f5
zBq>soOH*7~5aIhKMk>}|CsOnCJ2oQ#>4c)DU)HHpxjk46>6)*;z`-8$z*VH;kxA1T
zj}&#{AgAN?Q5|wjcPLY!e%@y;?$yxHOOrwVyI&O(5i*`T+Mw{}ThjTDCQrL40la4m
zOk`CkC?>o9v8pWw!#;;e4Kk!e2<{&T(A=oLgr#VuYlm6nC}w<f8n9T6pt;PnTw~*w
zNGhFg+O>G_LR|?5(2|#YAGFY|Y}Sq(v@|Sfy(3o8@<waxcv#`NYxTQ#vZg^%R!=t~
z#8##(lJv0-$t-gdKD=6<Mzd^}fIh;&noSxMKUK2z#!@k-^<1|dkF?vB4IGkV+R$-!
z_;6}z9dnBh>NSzaO=zHoi(MA$mGoR@YT3@(99bH2RIgad&XoBQ$SOd8Dfe8eRNYz#
zK*_-*aY|Q#?_}IxV4F-s`EIp;k(X?ZpmdE8f};9;o@a&3PDVSg%$F3()IJ6a#U5qI
z*E*R<5^^XeP=0c|Xs+^E>>1S$pvmy*=_?WR=dUNtWfk#_?t(nJHam4@$y>(rm3du^
zci|Mdu6|~kdojMe>Lu*v18(Vkil7f-^ftNMo)>TDF(NOeTOqVMp4yaQXPx4?2;Iok
zbQ7%AzD-{CO%662f$F6-Da8X<X0nRm`i38Ku6JdWOo&~GGC~gV%srr3?;q!dhO_9-
zj2W$FnSPz9E|EOj(mME%*-}hjj)vqGyMq&>3m1JaL{US{PuKK(ABZ=c9nN1&8hf_T
zPXH>`1W+3B1h+YEj(8l_Xg&YXw`>mQN^<=R`uXSr(NT{hzHJ7QBslbW6xha%jsOLX
z`S^&le_;_!M{e&hZ|=A%1vPoGidCDsb}U};(vp_)Fz~zgf$>!8`;=McrrL&$Gls)M
zUh+;}(5rpJ2tUeJ@dNN_Qr5_X-^#4|)z@cIoEzGOU9C*}lw1Y9)qKon$IN_Z9+K6P
zHj>7r4KlP6Cj<HK{)Xi-v;EjSTNITWL~1ou79BqAx}G$7z#^4@pPF4fQbnr}K5!>G
zC{Mjf`=Qh>v-a#~&g}$}tH?Td3IT}=>H1KV=?c)0B7hZ{xnD~EQ1O)7gOU@yJCsNc
zh0l8<NBz-uCBpxP^O{}_);p$=84D~iYsTvwSU5UhdZ(Nvhdrb}Z#k6axmnM5hB{7?
z6$t^d+Po}amiSWa`_!mQ$N;o>PQegyacS7&LiuI`d+@73+k+2vQHWgYtMWgghlTpD
zOW<7h{ZmOVceLL2ax_CM2W$X*9wFGHeqkEFOj2^(rs1?YSaZ)BP#CY!0Uz+SdOP&B
zeK<C~FaO-Bl!sT`!Y+VYPztbo^|Lb&W|{2UG1d8_y?m*yk?uy6Ud8(8Bf9qTIlo$I
zyH*k;l^h^mIC%87-w-I{9L~>moZW;%uOzd^I{;4O_`E%xjI5*S_2)9E2T~WnjpsEq
zV|WJq1)wCl@`2`CR7^+*xADEQ%E#Qz?y07`W~WIdIqKq$_D&8Cr4FcKcIl}i*l~1;
zlv!lg4BvUFm2xtVYXfXvTJ$H=zzzF|6Ub7*Oigm0Z}dezW%coS&xc2wV3?($3cl9{
zZeVI^paEb|aQhQrbMVbM(cr9irk}3=5tMnK0LmN`k6isDBA$c*=LBTa*j)GnGL=A#
zK!D0t-^gkB)3|^q1dy%4I?11iVVE@lKM}8`-)#QG!1Bf5CIKQt?HereCu*0mR02*^
z9QiQqPs~Nm)ITAw|My>Y0a88mL9g<9s6-!7f@DRWbq+o`h2grI(JsPNE;H55$tN3I
zn>9$?()O)DTW{w9m(uj<DsKG8bD=ll|3HT?<WVlzLAX4D(k+s{yXJOv&i<+IW(M20
z4i2`q-X472ZRpX=dQ5<(8TwnZ=a2eShje<Y%c?rf-!Z;Eq`7M6{|9)jBVivMWA+NF
za%lJp?vKlz=Odyb7jP98BJNeouOj}8HC&Ueb>$croy!|kiy6o#>*GpH{Kv}9oqtzh
zn0WEYT_+O{Yena14vC)_DYmJp^3M8OyO;CR9)x=ms#+v``E!HgxflQXOn(Pp2Pc~m
zz{7CtBMqT}QXWbNsHhiy4tF9t6-8Ry&*l$${a8rMmUx`e{+7PPdFSHaAN>h%USOjv
zY~v=qN^*EhC;MZ42|s9Zvadzsp6WoQ&8`K8fHks4Ei_n9+_V*Eib$(_;#);caH=Pl
z#5@e1F8h~wswU^$2Qq+tI%NZ5=LEQ+i68CMr9lH$t_?JcXM^vbv5t&U>WCtCIhR4{
z-&4P>`D~|}$cx=cJ<K)hizzF~W%YYst>SS(@DdDu9|R2V`24D*g9O4ZCsRc4rlLsv
z!gb8A{kAiD<2YsfURUvv=k21`kaXna3Mit`=s{<0W2`C2Ce*uaYVrN&Qq>1X9@i+z
zbiq0)q5p(nKO*6}UP2|%_Y;Z{hKrB)d;4}Xr{h5VFC@e0z0rv;?VYU+{oTW&VqQ5c
zt64>AR-+{rMU^$cC;qOsxewt|&1D?FP$CC6HLVXlQ7I{T?V(AlzUJk^SDU<eP4q}z
zmPG}+YYP5CQq*rR%E$HW#s;hL+|kxoHE|X4`iUng?9O=}ePrOcd-kpY$b*eL=OGr(
z@!ZfVx}Q(jUga8J<K?BEp48yzp;x{KzILjldTAu>UCH+)lu`26OD*99as1dE?e3n*
z-TRS06+D1T?;|isy&Xe+fgrhk66Zyv5i3DgUX`*>Hdoezm#IZP9Zi-pKdJfule6UJ
z<4+?MX*wMT3!f5oDc1PpYBpp&k%s7(nsTZ}ap??OCR=o7wA*7AmQyNhP0~|R_KIr<
zsf)XNZ(C*+3`wnMZIR}z+u>q@)w>QMFEWnh>lN~)-fdy?=DvS6KkV7=_|EMI6J7I_
zd&mLW?T+g);sYJ%8;WzkG|A&m8l-KSG!hqVdF0K5fY(>9Uac)U9{JYN5|xg0QPfvf
z>M8DXx@I}9=qH605>09>D(Akal(Upb6c@mHwYzkFn}J#{iz=WtRNJmwhZ4kX_*pee
z{eUB4^qyEtO6&O4_r!NT|Fog6!H*L`Wz=EpjpQzxMtcfPbPu>KFK(w8y5W~kmj(s~
zx|ElCL|Wt<Am6{jBeQhzL70PlsvujnL9o5F&z_~NWA5bO-MvTbM7f#AD^uDNbb{t~
zv9-(nZQ(X2tGy%MpkZ$|smexfb3k^<zVf~xPFEWXSfyEATk{(<awB3T8mIciDyS?e
zCIqdis(P4uGnj3=+NphPEL#6p=W&{k8(E!zwP7n_OBnuQ_x2<Iv?{F7NS+{X|Fy{g
zt~aJD=vZ-UEnOAW1So6c#_p*lv|)ITUwC-%$FXM)i)aQtYVLOaAFK>hu-$t&ISVP$
z4XuD0keZy?8Z8g#wO1)ZkQRYzeO%Jb6oD3x?l?wz+?X-r&!Pp}$4GTk9!M%-xA~Xa
zKG)ZCJAcxVBzr&^-T~&7$*RnGs4(Z+$~qnICz^v8krWdfnj@!jAXBu+B=o1UMSU8W
zp0>NeUk#a!9OiJ?-W^ZUg=}Mczn(GGl)ud54BO3X2+kVU7y7IHGdo#-Nc<jM6a;<k
zK@{r&5qgBS#PT^CP)b-+{9;A`);r(@z}^;RFqa|vExw%G5~vQ9vWiSym4^85-fVET
z0CqtR6PG$w3X53E^;%leg+o7;@TmO3)wL4oTq|KaDX(2W3~BRy#@SRVg;D8O8Jy+z
z_0_4#aq7NoXK&w<j?nEd=cT(97kl?`Rq14OLR#37`1Mxm2<PMxhfj{!$%gy5fzc_q
z;L=jO+u}W8WSr0m?-<RBybbH7t4N1L<`yb)Qn`($oOVnJ;cXW2w6+MY|8cr!BY>IF
zfqfF_DfJno-1Qn>u*8BeMlZcLLJhEGaszEAr>cz>k8P#^mRuWLGE>sRi?sFCo7aRh
zV{9nIc15lNdH=vj!~Eefyv;7wGJW?AQOT5SAWX&V1La<5Il&6c6m$tuT6yS^8m^Fe
z9-MwI)!)rCU7X_TV$-v3(3-E>zEvmK8FiHaGyYGbnV&TMuST;)^M?(}BhfaF!btMK
z@^kUtO9ck|$0=du13$aGiWL}b*{W?^P5>JO8ZZZBU;4>(L{}(z>yQ;u`n&FN$Ca1^
zkA&#dX!`N-RI2*coXUOdfv9KAt#!k0;(x|H&Iym<rUp0Nx_~v}+uX0;`+@HaUzNJ}
zqT4zW8Eu{i&ZCUYcDt93C?SjHsJDqV_G^DSO8#`oVw{`Qb)&;}7i4HH8GBlml@;y%
zoVlP-Hmt{Pd<9P9tDR=_dB@udlX2OzL5Bc}jCxR3_Yp=*bIMtsOnw^~@;S_!ZM)dC
z{HX1#sUaUXb){^m=Ucjagd-{+>$`t?kQetfASLjGI3p&~R0fu17vl?rhM1S(X`(Ih
zd?xZCFT?p9xCWLpmZF)8$QF|w)j7r+8ieBQ-Aumci8x!hJc9deESiAdi%&DhmRp;!
z1-z=w+09V=(PLZ~keqD^HZugzUdiig_q~37r*Cr^D5|LDJ8jY5+)az<omBnff)qd5
z>6Ijkuv6+V&E(0C6PhTV@^=KDrX(6P$9~e_2x(jVe2<ONmi#;S;bMOMQR@Zn_$-d)
zS|WvwgVTootR~{gqjg}Y#r6d>;$&~qYgEF>2uKf{wj+&#bq>t!rz1t%R^8vtvl}Fv
zY4>UGaS!b5E2!trn07*n-M7b6!s~oq3^|vpYJMnf_>lTPLyL34Tvx^(mfq);ucDiz
zjPRL#XwbbzwRCv#9`F(Q=r_BK?YC|4#Z$h$)pyTzi^5$8Bl9No<Y|>j`AVnB22QKC
zH4zjsA$@<YeCsB!{VIJMZZi&OyAk7`jZrmgY-Fr(9P5&Y*M2BSFY@xq9~E0Erjzmr
z+`B|CwpQbNoF>d*+5f0_o`Q`k8BA$%(KgZHe*e_H*tqkS*5Cg?!t;Z&a8C78UPow~
zYG*&8IGY-`@(w<h*O$y^((KI-X)fV~>^nUuAdA=ofOvr}4-i}V)GksPSh0Rd1jRVs
zEj2PxgxvEucuKpw+^pGqV=r-M=j-(@hREzreIRUIqwT?LWPeC|o~Kn1E0U`z>m0Wd
z7lXEWebH=pWi6(rUfoNNiBcYZ$AVddiSzra=eGbC{!Bi*NN;7EjTD#Fo_zE{4=KM}
zp*T(aAE<0jN$hBKwLgn0OdS-9zSky{_{LZWCBFVhpHp2Ul|JegVMn<VYSgtRB4Fr7
z<#*wjvWMSHP9n%Mo>1M&YZR;3k25Qmy6a+8Y%1sL$!#&73lr;4a}edeA`Iz>vVxhV
z2wn*4gHzQ{R0;HQGU&+**`hZN;S3U0Nd}-sX_Hb8-be9w1fxvquAw`|OwhNzef_+b
zx>p%?XuS>;K1Y|p_a^(Jk9zJjO5nPy^gsOLdjqFER{dtD^nm|mJ3L{=8MV?xhVZI3
zxCPPARPvbT|7J?4@vI^_b20-=6v%S5324Cb0{No@?6*PgqLFiv-M7OtMa{XC{zo0j
zd9Z|iWs1T9DX2sf1r@?R1Nw{Xy9X5S_cG+1dMA5S7t^Xts~^rWW~Ldc0b0@)1l6l}
zL0ZLvMrs@N;_{&TQIZXn>3Y771Zr-X#`MMs3Hux8yslJ1>Ij9T8;&IwFM*2mf<Nm>
z^``ur<?@-mC@@`1$|EPJST-|biWi|mG9C$>RMNA$@lQjj(FZ8GGOJ<lYPG6{W{~2j
z<(FvYH?o`)2?7gR!Xl!jvm_qAv1yq6{=&smq9Exi<mj-=iH=5UTb-<6YbExBxwMHY
zadRZs@)Sj*xET6}t5VEhsVW&*b-DvsRD0Z0qPw)6Y`<EIpsuS+tj+SSu_3`fZ)iO2
z+ch<Re@e;yYNdMhgPehq?(@K~^)K;kc}-rL5wEtL_|)uAR>oHQ4r9eT6_PqdeM2FM
z=z>d5)Q4JfelI~S9@Z<zEj%p%mY(QBF>PG5E%yhfuD5d;eb4`JaFYGBR|1a&L<onJ
zVd6+dC>=n4RRUQ;J3H<VBHXVJ*h@Ff(|Pt&^mNvD%Zyo>zRTx}WWB%EIY2sZd`zJ4
z;)!IJUvEDSV|}kXt{2%vmQ%j|!Pu{DcV!?iHdk@Lp(i$veXuiBoIM%4==s!Deb%c*
ze7YcCd4_e9i?=U>mvhwEdC(>~Le}WEz<Ah{<`aH1wIX+;e%~mRhW*O`H%Hb<`(3%T
z_@{2^>PeBWUYR|}FTZQhbh*?+`e#b{rjw#`Ai10JevkF`Y}HQLr~p+KFW+W^lZT0O
zxu+VjB_wA4qo?)#zY-?DD>b<EFFsg`DU7VN-^WpKl%35ZnlKUHuJ8ThAJFEE%UKbe
zJm3#4R_#%5H+7tT9W|83sq)rbry`i>2Zb5*YIQ?j_-!qA^l`=5`DcGbn8{4Ogf5QF
z<i4H{Mqbr7m7mN_XtwKRvUcO6yBDhvQxAN_?y-?SUhwmj5WZMq_bLt&A=<av&Y^*@
zw+T<Jqb`YO1Nk>9LT~Vo)HMWt%h`+*PWb~Z=pzz4e~QBDVgf5){AII{wy4UAC9Ztg
zul41<2KkxPd5UaGG~7xMcIRCJvgif*eswx6D^-0t^E;h1MWvpcs?*KGosA6ro2iq=
zPG0Dtohf@mBeszpK>=1E*}HGU6-_r{?iW=H7?B-HJdQ^<5|u4z->Cja=4By~s_^vw
zkX};sb+UUyH^sn!z9`i)3A3_PRhdTVY(;p2TxcxkvoLsfe88jHvLuS<fowaMXLWOI
zdjIL1^yC(Z!MY_$9IrmwJ<pO8%RVx~_10pkgJ-6GBtpJ>e@6PtO-}18uk~*(J*`s{
zsZE^qt;pAz6ZMH0w)DI(|BurJGrNZ3D+rB2z^K5xkvj2SLK#P0gL%f+;gux{o5I+w
zHFEFMYN^y*oxrHu=ek$ap6nMPovfYl9jHF%+DM^)S_9{VFIQTt77DG24U&QyTiF;D
z=Wp6>+sBX?1WN)GKYfJ#o#<j@EH1N)tj$8zPwjVjZ{_mQNT|p(#}WF|*h23+wR8Dj
zotxavWBbQ~ofnBbD0L-V=(*(nz&rN%i{fiNYRs31e{hThX$BF}A7>&Dp8Ox4tVkof
z_RkIcdGik%=F(NCZ{&X<B|A^-Pe?W$|L>IlE7<>4pa1<x{{Jxr-UC6yyUHUQ2fL}=
zfADk!B6Q9x?Mu6K@P4?R@S8mSKiH|@WP=43ra;WA$!YXkrqfSb9tO95CR6{XEetj!
z^<Sg_6>3r$m+7+ThySXv{Exf5QwbcGE&VNhwSQtQAA3ef?nb@jr2fP33swZ)t0Mt4
z@AUiM!;HVpyao%wK>wfDPpBmH%{1B5|I_QdejG(G!tl#U=Kt`&g!ePGCJf8xhN^P-
zhdUwA{|b{6I70v5deH?)vd_|l$j{vg)>Bx(q37|TL6}h4>>s`MyM55?Yz+?bF#o-H
zkpHo0BF}#uVWE0(j6ddks8!wRB^k_<No3W%zhtFz3)7<>SOtZuKQ7}+0aV<)Wejw5
zJe%l}_PjW)5dR-7*pywM0Ab{!rk?AUDO6DYDy}%o65)?!@PJ#|KpPtj0KWyo#Ru)F
zn+D+yWBlcC9!q!+9%k%8sLbj2dED%Li}$Xq-1r&ci8Xeitip@`)`EpR0{Q9DhzBQq
z$QL|puH}oOW+v_e)3Yl6yWC&%zLthH(WzWzeUr;4a+!@p_3Fi3g=tY6?zxJx1rkWW
zc|6I~n}8OY-8Z5ORADq4H;E}op2S`jCb}3V_nDrY;)4ON>az(|kz*M_fVJmQTI%(5
zlcf0?(CnljU~ol(Mvx3(&3x|s<%}!m8`1mg!#R}N^y2Ou7lksf4FBMI`~Du|Bj?xm
zfC@RcyxzV?)II_Jy!r7tqMNV3OtRc;uAnnDa6Z~1vEd~CdBOYg(Eb=lRA-T<N|e<2
zIZ!O?P@U8K*w~AycHI)V#S+VT!h`32-AWkaF7;!5o_6|k@TWh=d#p}8!2%zY!TZk~
z(iRc9xVY4WE=>AJiK$fZ{_6?CT_1^W>XMQ_2!Ho;nBX~zPyDJc3|ON^WX&wkH-4)_
zAF+-R|GmOr6Y&sTF0mb!HT`SR|DO9_%eYK5{C#O?WJFdy%hArx&c^04NH?49*VTpl
zA2Tu}ofp33=H~7XO28a63j-B4aWU&O6qn(F?|kq6OA>@Z7tELsUI}9(jt@3Q{f@T8
z0#EDlwdQ{bCFJcn+|s2Jbj<k+7mZyys3?t*qXp_V^a|G>6LY;Gk!|wI_WXTy81l<5
z`cdWQ*QX-Q?Z%`VA1bS>7knpk&s;5OcozEWwLg*$LEi|8i0JC*4EK+h8F5xAEFom+
z4RY{lH%X;gbeNY<B<X%z-nsK&qU>uW!)Exy!$UvxPF|8p;PDDAEv;$#2f1H!U*<lK
z?IKHC&kgvo@D<#O4L`FD8C+Ay;jf8>RNRxb`1iK|n&0gSvnBY!Ct$_+xGuGJ6Lz!Y
zmbL`Vk;uU<qMIKco)`BRy^<j=&+aCkSDmeOcY~#b4iw9EGcNOLqU_JD{(Bcb83hl8
zz}Hb{gM(^58FW#;>$Tb4f35lz$76P9I!Bf3Iojfx69)PP=;<&(iG1y26iTy@Fv-7$
zI7ehhEK9AMgAUAk<nkt~;Ju5TT`k4lPX)bfbY47av?oJt!@<EJ`)Y~&CI`;}_Y1!l
z6O4{Fw|~<p{VO34O06M=SKiEN-qgKgbM4nPV&*Sus|So1h@TJ*edGFVLW1TSaNT@U
zL1*GV93}gpQ~`yPRQ^6>|4WP?NhSz0Ze=%;QRXz>GkQEX`tZVU+8A6xe%U}j>Z0&X
z;;dq7UB3%-Kd&-BJntz`K;c(N$o=9h`44z2X32q1eiIb)1X1>tlJC6PFP-!f$bLS-
zO62ZK)<c`66ApVub-8CSQt5YX94dS4UMKb@_AV=p$=CJEy&=B@p7*#tV~)oP6{Iy<
zn$x;58WgbIt#8GyGhig+zx0$FfS?Tw#0lGF-798;df@3%sI^B;-`Ak6_f5dXVowGv
zXYqq4C);CLu?W+6+sk%39Cv=-hgWO_nWXJ~Ru*H@<^7io@8680kkIi}KqZ`>ZJglG
z8peXYb;H1|8WzU|>863$4LYvxM6+-`GtWSf^lXiWa$u7OeiSC9YL(ttUVmSzBs~sR
z5lM5&4wh3Y71aEu&F-sBObzFc>%YtN2l?f%s-GOs9iT<?7AStLY0&h19fcnXFPXy+
zDNm9@E~n5PuB?dmLXzi2Q#scyESjQ<c4PT?jx9RAy1m~Y%n4BNn{JHQwdE1SY;WMC
zt_uIIr;no^fB0s%MHk2DqUvycxq4-y&d<w<n`gG-)l=Jz+F3uS)VMiW?j5V`qon-&
ze2XqaU&H9C{)!Yb2Wb10`laTwZ*31hwNUbeKF%er5Nt@pFB9{@XrrD@)q?%wm)g^5
zH%e9q@DkpJOVD#J0oV^M+fVV%a@D^C5}s38HK`)XR#Mag@bS%-`a12VA@CpVJxA<&
z@8+BI$1Ngy`#QlM^Kqd}lLxadu#t<#z5^Hb0XX}QYHq1*9v#7YJM}>fR1yor!X3%%
zh4s{%U*X-~VRM)vX>9Gxi%t2LWjfGt!d)%+GVx-Y%^cvFvyUv_SfRa<4N$L^c%Pv6
zv@|bs@+4uM0HD%-)|#j0bXf*x!ONHMPFL=(ZQuR<_jpmYJ3-XaxJ5h#m6~=vggwK4
zi26UaEx4QV@~(|ATk(7D7MAJoeB2~ZCF-i=*=#7;yjK0LhTs5@LpwTp<KpGAO`7gT
zIy*`1>eG1C>GU2MRE+wigz#9$9gL#We*BE~02}c#=Q#P)l;4PJDe3vkh2$^UQ#1my
zz6#c^<cJ>c3rIEC?;X$zhU>?ONI^5tau%DCM#nEI`}iCun+5s|X*uO&G~UKq#@9h=
zR=x0|j73|w(>Ac`+VEtvs}NM(7(P^eHz2D{SoBWm!u0cFv=N=!$zV^fW~!N8jGu%$
zNZO%#a(y(Yq|t;cF~;dX?|A-lNb=)##ggM=B&e{NM{2MAAV?`^%skL#sk8`TEL~`(
za#GaDC+#1!F%7!>Wm_3=#&)<3uzitKM?Qn!@fui~kuBdiLyXkd9CwFOZNJc#K?RKI
z8+sw+-&leV`T)wZMt%<^HSZG)6lq9LyF!0v7>ora%_Xf@_7I@&>MJW!SCb)bun*o&
zDk8Dwg9()I&0}IxBaZ4H8z0xL-S6Wg^8hA}pB|Xqt0NDg;4w3M;FasY)SDV1((oei
zYa-tN2nBt}R$u1P*t+;m5x+KI^1zw{?DEx#TKc%4`5N8A?AudU+unlO$-XQsZmaG_
zwH4IIbsHz9;1u8jMgSQbi28p;2!ES-=2BwWJGwd0EZcjxj*7xpZB{(_=ktP$AO`@N
zXWZ9sKin8EeIDOAP=AOzZHb=oV$wCN&WOmfFNWsj7nwfM?o8oz!RR`d?2g>eZu@9*
zEwt8?@6NL~=ZNpgz8>Tmi^&SglGZ;;x~%mvy&Sov1kLN#FjYYZyTYJNYf~qIJGv2h
z2Y9Lh{4?Wk#}FhqXc5Jdw^lWr)~jnf05;YWgI(qG+nW;r<c-W!n&7qFyGG(f6*e>P
zAFkl_9_{;ZhVGqA80{B8Asg9o1%YLHx9tY_5;+hy+<u$XV)>qj^WiAGPgNDpa4m0d
z_kUWZ<n+gI{JUBI+%%?@4i`?*!G1<&JPDsk9V_k>C0L!hOJfBQS~A$HWPzIn9Ku@z
zPFk_~Sp90nD|-)LKSo#yi!h0uMrrhk!XX19F@}a)p4o{7Tb?j#tZF4wP8{^rHh#7H
zmIJy`D^r{SKh|KOSmF~5ZY`E}4KZ9SQ4rR(HxU+_^mHkS0MCvpx_GQ5%_BwR83``r
z4)Fwkpl;BP50Yv;aCEC}SuOP2uvnGzMP;$0ap1`cy@WyB;eOLfN?P{Io;0-d8RqRu
z3@qO!t=>2-HW1j4s%=E7OOLUSS@xzkY#j=tTI#Ha`|oh}eOE+mC$DnWqK`8NQ_^e)
z;}9~R-nXK$8AS0Z0EC6SdJwI5;9A<^OtLyG$-<5#V*J!?#A<k0ld<9B?=eeowJGyK
z4*Y}05}Y}r*u}%_#Z<vQx~x9&qtG5ra_$}ak3tJt;f)QvQfC8-_!AlRE23uNb;jc!
zL4n?#^~CaOwGS#hY|Bu!eE9i-@v*Q0N^UxzZ{LC%gcS?(R?3=!nil=|ahO%8X;bQI
zb(S|8Bm-|icR;RpiSXd&0it>zfZ|Ycupb5_=-L>BI&ZY3zY?kp^7pKM_*tEcW%oT)
z$_IGFjO9e=8yy|VoK?25(Lh`maY3m*!j%_4YL_Zk?!@vX%^o2RA4nm0XwJkqb;?Z)
zq*w2r3wEadByp+8=Pqb{>$@kJ1vBRn*le10jzx?`boBcI{`e`Nmy>|IYYp|AJ8h5i
zi8A2zfdSPc8dL>k^d$m5efpRvQMN4Q_C3MRE(COXDHDzT;iYIdfGSaR{VGJw3m8Pg
zD6K0fmkt2^SOZb1wwRX^%^O2Oj*OnI8mRI${N34OgCB&S*a(;tdORZANPvRXYjZUf
z34u(0NU)WtQ#WmQoi;E~R|3x&`HdG3Z348g%~2ZF*bH1aUM*Ks^b39Jxew=)*%;({
zc<Fa%?EEWu<yc4A)5;CZ&)~EKEb0&a`!`RL9dV$XpoSAs1I{qspa`-?Y%0zD3QAq+
zbeZ}yFj;dh2H{;a9)1{e=IM7#3Wlk@(zDX?Wkz~>=#-`i1EMGewJ8r*(t=Kp_KoI@
zkLZ1=+Fa^hQi00G)mUoXdkaSD2bg>|5p_;3*Wu4QK>GL?nF%JJ{hiW4-WzT31VQ=U
zmX$m}p26`+dm403WFgfH+{CKT?R2tSG|f2cDr@=x_QF1Jb9G=E<h_rg#Z6F^Zf3aN
zYNIYNjMh|fIP-fTX4NZ8t?gEO6lr|7>B=XS%Nf%|;O0FgH$j<JI3gE;MAa|d5MFx)
zlWgtXf*c6C9u?yKGjCrP7+?%|1pr*i43%KW?0M(r8vafno)lEpgx>VK6uy?k0(wSv
zBONa{{5Tr6xxTeYPeo;Q2iJa@K~KH+okx7FGQ|)iZMffr)B8dzy4*)u@cEchJ4e^k
zQ%eif8X$Pp+EPZVQ|8*>5PK42^sMX-cLol7C%j1WsVyZVB00Y>vd7ID%n=YrcAn7)
zvN8?AuT~L;+jr5al)4z8d@O;6`929Rk~*8a(9oIHHI@*>{*0kZ^!E^>O_sS`G`I?y
zxZ(Ty;aK2}?nXCO{ElFn+KXn<H8N3}Q!E+Ye-$3n%XLHahtuPI!)RPn-AamK?}P;Y
z&~>*n%1IK6iKfiHv(rvsAe!L>_l>Lzyvr*zL!8a}isdH>d>>rHgE5(2bNc=$uzs-d
zY;WBS4N{7;lf-0D(6ZWiXi8;}?^)s+D9Goz?i+Mcwa8d`kYRX{iThexS40Fts|Uu{
zDyp2YAOgkQy<YNT%1ign#KmZe@%rUxpO}`Ti-|u9lygb=q>iPzzk5$syQ=V5wSn~c
z82t)0iZ}Z%ovoRaiRCF_N@UXNc8rcBIP*Q9e_y1rwmfkXOCp4VQZ)6eX~1QcVWf(w
zY1X)5!kRPK>d5dO@HtExzu!Z;SdEWh>_#GbV#+@sd3iok@flSuW$&89E*qum_id~`
zeK7n`5K)S(n4Fdn7nfjQ*!J{OED+N(e79Gj*=V?54e|G{N>i0@c&`>ZFsP?W0pD7W
zyu~zQyTb9HOV1H_E3}x_T5WJhZ0h*EIOe@pV0w<=UDSEHs4n#Y>`;-3Utl(M_PL#J
z&{=7u%UQOo&`Q7AH*>oeCa~Iw+tn5wi+_d1e;?uqq55J4oq-J=*fih%4m>0KbbPs}
zWoMLZT)M?(kO{@Xg*h})2TvFWL<XHjeO^vdRWGxg<V&l<9LuOTxZj+Op5$XgHm*g`
z0Irfw$pqAHr8tw^J39|s-O&El$kc)%FIgckUTNjzyg+Vlj<qrgK=+}etu}yqfof$+
zw;yt_NoC3(#KrMGf3EbLb~zBrwW3!Ww10JX4rX))vFz=R3?XJn%!u<iT+~|)yV(^p
znwNz%>?OC!5)KBg3DD5+HSDa(sBS5;sTl9=f!ayTuPB-s*SyQKoZFq)N2^-4U^e*j
zq5FGJ!|cDJ`M}^@e!fjNabV0w0r1T37_}C@G$!C=&}`|O^tr&%;b@-a0U?_pbU8Oa
z-_&;_Z*g~LS3W{Z3p1*v9<3Oo1uG7DZ=#HOVs!e#A2!plzXRe?+g}}QP&RCnI-4qZ
z5VQRZ^5|^R{)1<YgnsdlNqLzZzK2{|HoCw-1f&H|XS1W|rN@;#T$a=e5>h`5k6N34
z9xIc)!m!PNi?mKUSZRX0TO-ou^B#4?R7I`eH?}^dq}{t-{rj2ogHZ5LC_IJ3q}w)?
zoRkI}U_1O4O6L=Ma?uw5s&8s-2N&=?C%rh6WU6)gwB;ke_30Z4fy@md1mC_o6e_3h
zxfs94lE6&EVXX}<-%eL=XP47X<%O_D@!Sa-mS^e0Z=xyUFfKPv+sUpjuzyb^dC-Ff
zKzm46&vw!8me}VBi2O+9TDg6F&M)h6JG*b;3Lq9#i)j3gTw*~k|2y-VNNC26_)+HV
zFA=mssDx``G&1o*o~C!J7srG4GT&!hg}+6D&X#5%rTi=?{hInAlHNS=Q^F~Ju;$A|
zrG<sX<XgzHHj&KJuo{kvDdVeGXUXg&b>`w>IHs0jo3mslhe<Y7Bk5D)O3S_yvopm)
z<=fL8d>r#WRheXjUv@e<oy5)(ZK@EY=oEwTwXO2de57swUUcWqM-HlsRP?Xp$y^<l
zL7WOXt76GO!8x&xgpY1S|2i*dCFa4@X(rGl*oh@MZui1}9cfu^E&@t+VP3a(Ai1=@
z0yhRqf~2Egb+1dTt@PVCNnvqbW<fX<gM{Z6<Pp=Qqm6yEM;7|@g2kob`GbJ8(kPYY
z0AzJvRPsbjowE9DcvzV2DaNn1Vo@WY>(SFt_u%iJjC`gbr6<+WT?S8Ru0t!p73D9K
z^+02(Fv)LqAzD+@5*XNxUGet{!Zq4%{?boF%RIiSSA%Kys!NJO;@N{9c^-7dv(rQ8
z@rPMbV}K1GVCD-pv#OW^#U7l1iFXz-iopf99%yJMZr0Y52EM&0PhvSdykls%xn5Ea
zk<^0@-Z&IH_KRnQ<BU3j8Sf<fp>yw+^SDThb?fncym9{WfgH26v@|z2GJ>!5<r>$q
zprBy288px^M$s^H&_rlhuyI|Rmxoob^t=?N)aQi6MS}+LFonE6i8?uu)!8^IF$jG>
z0NS|nquVU~vv_V018r(Nv-^DB(QT=g#CZ8}{l@WA-aMZK7+u#J8(y(VqVMr}UKw^T
zw^tQR-GUXx5(>1vVdtRl;c8F&uy+0G>dx9@Jp(?tmVR7J1>(Mas?7c-x5#PR7ZiI!
z0XwLd>*3Gz$iGr2!9Q;OOr<T_*ncLK7qQLXpa(vq-y_B16Xx9t)LsO%Y*%*afhd)Z
zw~A;SyHgdHCe?&rC|9yOqMAyMu!StGCGm?g2VZPo`OwUAFFD)jqb&#Km_mf3zFq1X
zX_U6R6~AJKQB?GbPc9q5cx<?-gC(7{cEW)qZGwfk8G9C;?nyOmXo9ekatOKkpadxK
z<lC_Ih;!Lnqy)!+93tTk`dc*LbZ60k&tB49Ee2ziYY5(>m(%m(#<+<w_d2d01haj)
z_)B*z3pY2ndZsuVLiRjlYs((CWHPt_eE*r%{&Tgc{J6grGSl7eg7EzX7$MgoO-`Ry
zx7yNS&G!^rzsJ6Z;#y^S;l~(M_Z@+zjUSyn{&-TgsjoN3TsL(xkyn`h(5_USDYNr5
z5WA?b8K+$tIl`Gh<(54*m{z=G;`7{bJGXBAMPhZL3dx2q_7Zi}@y0E8*UbD$Fpc%?
zhDb5_7!}S{?U;eo<JC(Y(7Z0*154ykqbn7m^WZ-r#A8B^4I}#jS5~@G?SXDg&hqo!
zeFLZ)zRCC5-9Yr!V{Bm&A6Wn43!&OEkn`#*TLr?|+Cxd@v_~C-e%YI@Xi$~r;UP|U
zz^2yg5iqFivoQ@|EQ*n__w!wCOP)2i3+udvP)%ng@BpkFXs5l%9u0vb<9N?L@nt6K
zdK|>&_^K5-x^cbW%(oUg0wj)=n%0+9p0sLP^YLg7o0XCf64zAS0|QoF%qOQSd_g`6
z(E?VfEi&p-9$~z;5la&?W{1?k>g>WHLb@W!ntCt+dw8U1c2*EGCu!K+v==3cuBnFy
zTAt9GS13JtyQ>UYMUS!+F&u2`f*1SyL1MO?xaoLIf+&*S$-5@rwC}W28&$n05ZUu0
zWBk;gN6YV`){DU>c=1F@w*i0t?H_T+C?nrm4~*$E;RX8NEz);_=N`7(@_l`=ba<Z7
z_KUmvb-VHN%1N?b5XVfO_u@&Do8U}R6|xZXRWG&S0`(i|26SkW<^}S_OE+>SD459T
zumuG)%bq7_scE@VHo9?$i*<ChvoUVY$*A%Du+)>@);m)5YeUZ+7t|w@jRihrMd#Pw
z(A;&x)Z${Kx}b##`6=1)jE$Ty`#X=A@9J{QS9u-g(;0qRq|@T~qO4}sh@)(}lpuJ2
zGhrLBU)v~kDC@YSqbCQN8qnPm0W=SZB>7+%)TJ^&d%H6EQgtyR&raOPz_)i756+kC
zW*y!mA-ehKEzyA;QGCw}?QbA4oA+ng+0)gZ5mUAyba{QCt=nX9c1TF^jUW3mW_-8I
z%z6em?yOdTs2LMi=Mryg@2Grh%RBWJ-g&3f<aj#S{)Tq4Bj(3&wJ2bKsropK`@o#u
z{yGSjh0ku51}5h06R95K(DJ+)*2b<})E^EzQ}SU#i99Q!qVt1?>c+1=mf4%Nir{%R
z<g?$2_1wU!=Z&BCrs(Oh`zbyt_1UZXOyxzjpSWWv2|S@f;ogu<_8i(}>A92sm+!vJ
z5?t+2W7sC2LqQ9&I=oLhFbx0H1t>X)gtX%uL$X4@9nyZ>Bappqe96C1wnHGsL5EAA
zn)hL()DQ4mmvrg+xRXi)XK!pgkvNn<PS4sMpEZQi$lxXxL-D8e9lVfKogBA5P9B|u
z5{NYuskKX3e3pqfl4^s7P=y&^HS*phZdytV{J=S<ipg7Cj@3@h`j{~I9twBj!VR;m
zWoP28Q#~4QABrUw6Sn-d5@rRr-(UKPBApt1l4LFK5JMMB@C3w9UmmOvi@*AuDySnZ
zkq_&HrK#(M#j=%ibWtt|=PTe`A7NJp1}P-!fj#A&g9mTK_D}{C1ucg?i0jv{`$=OF
zA@od=TUWjhrOa1{e9>yGkA3H+s?`KA5nVM)KN=Gf8uLFnhFYtp9JVpmvicn@u~1+t
zXbOa(`T|CYxOE#ZcWap+At7$|I~SaWB^3DoD?z^ZGsQG|L!8;GIJL~<Wd{i4iw7Qm
z7uM1&kPh60*-O%QMb&?pO)e5#3rBy^r*6Si_Hh-o25wcVva4lO+<7!a$HYhV8KVnz
zg!YwFp`;;_Cs;)Iz534C^cxlPPr=U-oXO5IN_QV8zo=u{){0-E$P`W6^HFPQdRh6X
zvEOKVHeB;i(6(LJe8F|iqP(R7|6_MFebeA>LxZ(ifSP=VXW$TX%ihb0r|6ZdZW&gG
zZ(`^tOZWH3Tmr>Cls4;6;+C?Mw+h-5Gko|72WrgCNBGnI4Pg?Y;mDW=00UPt1zF)z
zqX*GCeOV^X*>8jLa}gur5_f2#c@q}3yG$o)z=EAZK?C=mZ~lmD@S62rimIk==E-y3
zy07VbzDC13wDZ)S2L;liBK!hm*{akuv_<f)Uq_n!B16d?^wFY$DB%&+I%!PpZLOvH
zW_jg&t6?Az<7qblzEh^aFZKjnJ-f3m05gy_vhVxOMk)gL*0DNn!cq2prTLGUKS$iA
z!u+7kF0E6^*me7<-t!L<dJpP1IwfeNnohqtfC7$OHo^fkvp!1)apP~5{>25b<{2KG
zKNISh3wWkICmldu-r`4RR1~o0CMtEXXxbM;8B)20`;omt`oR84zp$w36Hyj%MUUrY
zT2M#(or8_i3al#Wj{l|!0fbbbCVb{M`?-l}x^tx9%=6m754JkD2j*j~=neTkvmpGp
zAkp5O2}uR}o~5>WEIg*{#A}Ju4|Fu%Sv(7ylL&ykqf)8M3PctVJK@X)+6rF0AF2&0
z3Tk}Mra#V8?>5{tf9CzB^oBoXQ57x4-g_h6WkCL5S@=+lz-G;AA{@||3Lib2X<lKc
zY;nXL9c~C>Y_XZ(I<Ao-8XYi<DyhHTNtmfHq4ri{(B}3@dty>hfKqIE|68BSkH2vK
zAe86KaulLmrJ^&GFFXTuxfM!p6c!Y!GJ{m-9dFS)aP+F8wmzBrCyowJIxUwH@k@GO
z-d-5@3?0nCPhJAU`UM+2C7mYIR^;zTLtl**7I;}z32f8tpEzETd6}B8FXcz~x(Zck
zesWO@GU$7_dKwpl=;!RU<`$Px728iPJvMh~jecX7d43hOxi^wUIHSsr*RbU>t29wV
zeJ9H83u=7;Z-1)ie<Cbr@&$bP^?E7758Ka|Dx=Z~q4<2G2X~o~hQ{OTFZuFw0VSH@
zsFKSa9%_AO@}o3cheqfjThcSnfc&bOxAb^^r+2W#e3{123tGMg28cSajF4C6yYdj~
zQjDJU8;lpU*JFdOQ(bKdvVSHV5aOO`ag4l97WQ-k6U{nkbiDV$Tb{`TjI8Bp+%*6>
z0B-UNW*PZJ{TL^)0<ZWKna$*qa69%b`*A^XJ>XJxr8$~5VcL4F{(^otrp|Q8co%Lp
ztLaH$u>r}Q;R0N4zF^!$ve)2E#p%=n9^X^!wejMlw<Y;7qb@||BaaScQBIH+d$L7F
z&C4E#-fix~H%sLv^{&_<?;@|M@|g;1V&+e#uUl~O(zaCCnR*u%2FOxZOiWl<SoBWI
zC9jbP)uOrVryav>r$tYvDFaN6uSMWSk)PD3Cq5c7$;)jlx@#_04MvL?`OT+HOxT<;
z71|FB=$7bU(BvjnlN_C?n9|H6k@V9etFq&cMq}u*Y_m|kQ@>B;u&kH3gM-MKOi3Fh
z6-5cf)bs0QPB*7hUp~AxM#{6jS(E8$oi8l3f`&5!?jA6q9UVH7eDUJWukmE7AMZYG
z=2PJM{VP7b+V0mPHH_loqR9%#ffrf?kP9%G?vH>9%z$c^u=8#k_KOuWC)7|meqreX
z^HObvuiv<tnw&z01E`ih6h)XBKIIoqlF0{oFWH<!YF&BJryPM|Oj;jdy*i?b+lMC2
z_`dtxuY9&QaV<v>5!ON-WKkM;{G<1zoME+}x1TM|ZB42UE4J&{djvZg`8I@!-~@yC
zM{qe8unlX^Ezx<M`wRf2_1r1OjTCUrtsuO?ZZm+dtN~<hXZUju-^7vvK0GDkDbdq=
zzI5n*h1|?vrmnSnW&PrhC|%y|F5f4W_1?+uR*e0G&V#QMpPug7XJF;fRBtr=r#E<#
zX5GII?|j5_7CV_;t?;Oww%=yRG!b%EQFltCz8_xXAto-~9%<4R6|2=?xUY<~#V1X3
zmTubAK_-hb{hzLQUgd}IZXVhqQs~OEg`tQeF^tiZ4z>WSLPto4*&S1(@V`p#f7h^y
zIc`$tz-=<<u4|jej|UD>K-7ltA&L$g*h6I%mAG%*t>NMx&6T_DoD59wHj**%JNw*y
zn$Vr1&dyHl0(~|bwq4i;T0E2BMxGVeWKmM@rNyvKsSBSCJyS)v@cXM9oEuU<W8@?E
zd*a0LAxvF`T-HFk_XTKF@%*#*gaf$1`S792u<QDy+cv^<U2;*`_~?*LL9Vn#w^O;d
z<(&De>*Z{Q`=Fx0!>I7+#Y?xZ!eWq{_9$lzp8+rspGVS6nFAlJs=km$sKWhi7YJU!
zI|uHIl4bzsp2xrAF_Y-H&#K}5Tw4rxk=4Za$!k5cO+t+z!M!LP*c?K<f=ii&C?TAN
z@{)T45M#(M<64uXc463zU<mQgI{5ed3x}nQ#qFk#n6T&q4a0(Px7Hc8vSS>gJdiU=
z6&aV6oo~%kb_`FTeVnDStyf6%d(3=B(uPdB);RZR_3td$pu%}PzU9iMR`{64F(&dw
z@TVQg|E^`9Ck=U2df!ZRBvMj6^Q+{qPb0&G=se!*GWYL=VZu4{kunJ(@*rJMyV*F{
zZul!@bMpq#ftmDi#+@nr)wqkogf1Aan^P^MkY8Oce;<mzB>yZa0}%SxYN&rL*8d6y
z3sXVmYL~R#9sD3d{QQ&G(Y-OEe~Xlmx+^2Pd!t0tZIUW&+>=G-*P=qg9zV+HWbsI#
z#&!_5S?VbY{@$mtaQ|ji#nhMJ3q_pl>RGw!K3f+Cy7znCe`-CUlSco_!FC^h?QLew
zMto-fWLW0Nf5lWkUyg=Y_NJ~ya5bTG<s&La=BzugSI;Kl8RwJ62x7LsMuCy6N2&sB
zSA5ddR^5-R**&?SX#9Sdrb#T%(1{<V-Cw;2e`&^Ry5O53@InLkVK_7>D6OcxJm05L
zBwof=AxqD+TJxUKEzmCs4xJD=0<7!yMKb$~o?m<$oLOSqn#^8IgJ-1pO4QOUkuCl&
zP5b$}g_Iw3Q&HEfb0V11u!qP31TsB69f~`e?&JOc+I!2eHkapbyro796k0qKEAFMZ
zmr~r_f)))B+^uL^yg0!LuEhcbYiWVv9wbO{DG=P{pL5Rlv^~H7`Mr8xJlAtw-*=nb
zd+)t7J3G5O^O@Pk-fEvCTvYss^CPuCIfDjH><OfZMa$!-ci8cgr4OS`Pr7=jI<~4#
zP_}z>t8}*1Kbn4osi+f)<9xEN?0<&xzdlDZQ&v{ib_Y<K%-%I|7$iKPwsZf_L82y(
z8R*@!GW9A3q<1i-E3L=N;Pb@#nWFuazmEytE=E6z)(rzRCI!csO|O04p$2Q@1C4ZX
zaWSL$#7C2$d${?e%dK7awD=K!z8XMv|C^%-bLLYk7Ys|z+Jl1wERLpUQpq_vIe{9D
z<ECiK0FwwC8=IgY<O=I)9p3&Un!%x=-5K|}AuWpMX79#*Z@mBAlDNZxM@fkillUYr
z@k}prN-jynWoB%0@-!~<BKT^%fb3n%)!7e;w+~g#BGs&x0C$CMH%V4LMbi+F^<eNc
zMXGQ}=)qd9;<2BafeVdTI()rUNgb8hyxy-4>R2BsSf9ku@c#NWc92;24KMqaMNM`P
z{590!cc$K^!h;NfTqe<L#M!YW#A;MeU!M%e)5_ZVe%37=^a&8H7+=!G#KgQ<99>vg
zuu2Bt5J8KM?J-2$HYbLl(nU9kjeI!U4_`_Kcm>hE_=3cx6jktNCW(|f^?W2=jMe_z
z6n$0vVn?bZguYY?`TnWRLEUpj)+#A3?&<Hr&&b96gw^<H&(Np;7gQLx?_!h0Fe-4r
zdG}P8HNPWT6RX{dXD?Ui_IfMTC^mpwS}`XD^Mw>KW4u&qLWkrqwjDyAqnUvIch+Jm
zP+@!l-KLgC1n&T@#U&;fKjeQ({$p2wmePa38#C$B_&5r$v$;>>9(!lI4KS~XQS$Kc
z5CrZ5gX1yr&{p3rvz!@LjI%)YpBpSRoZuDJ^Dm%RvX8hQ<PCi_1##278pG4Y>H>%U
ziTQEipb8%S`VkObI>exu9ahxEme0_lTc&k;+$;t&Ir|Odv+<|q%ts%YhVJ|v1U$Wf
zcQ_@FN}fpLx7m=C5lxBU{HdMR4Btp1maG8hlb4`xH-FbXXciG*e8wsXSy9ZAlQ{K?
zC?8zHOMQL|?aTaweWkZ2JoQDr-)bTUNq&CiFJEpmJ>J<z$h0OfyNlo-Hlbhh0@FF5
z#bj2L8~1m${TpLV7}3C45-<Vx{eP`MHGKyS2|Q*CKKlJg__qxZ&A{v%Z6K3+)j`_-
z(Y3!m5#T_Kh9OSZ;Z6O%vHe9nUMLzt7&0#<9{2k^{)@OjT4*ysXWVd@duc`akBR<w
zg%>0bs7i@K$?hor4^8l&3YhLUgU8x@v9f)CqxiSt|1t3|T$HCYbaf}=#wvfqQU2mS
znuI{+nDlh=+&xY`Hkpr%e=SJ=lUS<QJ7+Ggu98mIgM9zWN3@AR{04L^@J-m$-?3<a
z^8pRl_=8b0b8Tz?3#0J<Kz3p<hyA`{{OaaA7c`%q`eH%-e`C&XMR7dzC}I{eKK^$Z
z8Ai)U_yJqQ)xXOKy6YyjR9QJP|4Leb%pW2$T=(qke-V+}=)V1z@LyBzKkDoMbi@PJ
zWKdN98_!Jx&d$!l!otvNRXPDZNYUQ}Anf6wrIk2jh3$BbQQV@et*!ln#gy(}hx8_<
z3yli80uZQR!XtLdSgNI=5g!}7z@SXR{!)hxo9_YSA28y-8|nAD`Sy#dnp%~4Phx+6
zKUio44RF4XPrtOfDlIALnku01Jeao>p-}}J1??+6A}djTMiOD+44)+VArc+~vSFUn
zf*+;V<}LHECVe)R8z41!)?n=77CJi+cJVYdugMk(8?H)UP6U)BES|VlORq-t^pU1p
zj|!F8iRx6rdW%O~)zfMwC~Uql^$x`NWz3_Zp!ek5_4)g=l?O;uId`y=C^i-zCN#ln
z^CK5yAAnOq8q?5CmgZxm{FT0&{*$FlUeM;Cc=Ozw8zAf>QT)xlQ+D?!mo+s_DbBCf
zM;IddR5k%OJzQG5C+ia$QJVJ4Dime1h#f(rJKjA<xu^{!f=oIM-Yn^xI+pMj_;Ut+
z2jW|uEk#yDqi^nUt?^s%kKSbOc07P;&OKQabiKt6@v?*KfEUMq%-UBurxQnzcpVZp
zd*R3jjcQdG&I}G_mA^GDUs_tS9?4H<`+^Acb=*kmxA5Klz|d}-+!_&@5}v3yz~^mI
z8DCm&GOJeSQc|05OLN(poMXmC%*NC`;1JqLplf%C+)mjuZg?7Eaq23+eqF<!#AkWB
z(8daDYPm?ylb_jxm#-i7WcBo*cneoyQB#>m_=)gP!EW+)p5likJSeuwn#O#)>An%J
zg#^M=IqjA8zSETr!LTC7G<NnO^SOhB*;G6HA5X6VLvsKX9k$ymH@CO|wm}A>a|Gw_
zi{XOz#E8dud3Ej)8#O&U^k9*{lO8_DE^TAKNv0PQ)MV~G>P~65@6>@wsYz*vsFJ-{
zJ{)%UpRC0GskYKwG3=y`P8Lo~YWqY5HsK$>EL^OBg-$mNvp=o1;Fl{}a`NlH9$7S^
zEEr>7fe@I~#(B?9@calrTJ~=}dVXzwRyH{B5)J4$990M1EovZqX~M6!i@udyjOD2f
zwI6;Ve04}SslU+#{JxzK?)hcfrw+aGh_`!AN-$~Fo>~skUoaO2j`UlDIeBi0F(H=a
zC>svT#|YKr;<)ke&J7#O)Iy&Mf#!TFJ>2_bL2$f;82EP<13ijBlm!-68g24Sj=$)z
z#Nex9H9!Qj9VSj0W<tZLM(ue-DEocgAcK}H_9!A8ElS||G?s`{*)u1<2J-fKdeYIO
zgBldYDv^<8MAp&EkrtAs#FLH2{1s}hpX(}mqp+5|#D#3LQeu53DCgLie&BAQ5TSvb
zm&ElG{t>QqW}Ot<zsWaqF1t92@vf-SVlb>mkkH9OpD<z=D0TY|6vNdVu)<-KSmr*N
z2D2#1GyT%Uz*qHHZgoa8#^AYL)AA6^1i?X^*k!)jYjpI&5T^Si!NNvVM@#Vdv-DR-
zhrIoKbHKO~erNjq9}{v!voz7MEP6GYi9;#3CfPE1Q_Zho4BL>-Zg&4YL@iW|g}W2N
zAXaTr<77GF*tg6#4Oe08`)GAq#X8>MEO;yYL60K#azwKx$&C&^alz!^l@mE!1O3$E
zl1cG6$o5{$OQUsaYikW3)4=i%jE8rV0{n{s_<k$JkVpkQ6*fFA>5>ht%#;X`&Bi3>
zo(7)|{-kq1izDgyzt4@Ibm^ZR=g(`Wp&k=DZoOb2PB(sFtCJ$?7bqGUzQW#kB3#)E
z8<EZ(CLH2pT37HH*&nT$Jzv*iD^m(lfN*!QiA?*2%IdI*%=F-o_LAyOLaVFo>#egB
zEUSr<bfuJeN6><j=cLf5@zJV1&?kvRt5lSx&S8sKpacckGZSdF=!>fZlUz=kF>OjI
zYj{gP_``X-_;UHutg>=t^TJZJC)s-pC-0&dxUM9hEkL7X&)qmGF25=8gn=M#c4l!d
zIPm4kqh)|%oc;ofLH{6<i+pS>@@0A`_wws8exvo~8Br}G+l_>gd?Qlh852tiW3i8b
z+di1V<3k(J58`s$)^p8i`u)pX9SzgRR9o3UH#Y$viQYA^?#G&WKAR-91C?4YwVjsJ
zNjZy$<yV5%j+DKm1FGb_fKwHIhb8Ffuz+Ea&a5FeSpre66a`f4_0{p5KSza33P<b3
z-m_LhZiO~bcYyJ8DlzClvapc-yfF1wb9)PSXWlZP4y#2s`tmSwztSGS9`0fdoz0Q_
zP-O_NZLfj;x2LaRq0H1%9gg_|ce;}yO`uZGl|{)s+`ZcPiW&RV#QD4jWH#95yOSOb
zO<8?AK?8!2Xf1sJ@<~)7WBP1Nyy=s*DpestTZXAzdci4(9eItKt!+((OG_C!Osg>{
zJS=+ke8#5+2HOoz?;fY4P3a3-FbG?%mREOHzZ~koAAJlUBrZ_qrY8%*$Zg+DO;E&D
z4nJls{A^12TvemboNmBH5=#hztEsE^1o+Z4R=_nze^D=W!-lNX?gEehE&FF<-U2T~
zabY+8L4wyOcSIU*GG!a1h9u04ewpC>`(z0Cwg#l}P^Oekju>SdF#7lkiJ02>?ta^-
zC&AO&uwC>^1@!}Owowb4yvWUF@iuakzC$AU#ruBIqw8^M>UYm1-EA@t)TfA^5Em5S
zSVlyKnbMHvVQ<e}z`!-bQOvf@U$<dAmQaz#*(oV+!O2SI>F|TA)K3DSh%fUEw+fMS
zuk^1@oRElF78hmBIVV^8u%p54S7a3k5Cf4x8ueJIhjVz@m5S?YEPwWS+`P|4q8%VF
ziZZ8j&24WdKP7|nTLUPddh&j)d80sidfv%)<J96y;i-0mo;gy9Vom+7*=Rj~Y3^3}
z-~}1g5%;beb3d0vs+YId+V4QVfC|cZ#GZhcP|FJS#^2kmyDB+VhnHK`+D&X0_rG>j
zX1)93)>JDF+_th7RlGG>Phw4#>eT#VH9S0g27JxR$Vh^Y$ZG$_-g2_A+><nN7!Txa
z9|fZ=9Mlq_D&4i?hK(*o`!~-tFbNL_C2+e^zBoul5d@ncztWp8Eji?wA3&Q*!=3{B
zmRZ7ecS074`gRG`@ez?c1G-uoUfP`3(3SSR{5Ie`#jsA$(5w4Crt4QLFX5-7&d>8#
zm(2BX*6&KdC!MX6b6+_kn(3A|v#rDE+s#)L$=M#3+py`@7I%1R2)I=kHKdk@DQeU4
z`K++{UL0I}E_(|ro$B6CcIt2-6awiHn4`Wg#18M%uRILXq;&$8n2*ER&KY6LyzO*2
zT`VLe?_33t_zBOqk7P-^FUV_&u6FGY9;=KCy$~5$CdxOn;6=?1AWTb?n(RQ#$Rd3<
zx*xF7dYJXSPCCn|On$GAtA0j}b!I)_JNI!Urz;bPCmMtNIjuG1hPL7+GM<i?%aigM
zYy>{IX*m~?-;Hc*pRSh950--6j~}~Fhe@f}sMS)foXiE}gF3`G2OJ9!o@2M><mJ}K
zqj<NNefELfRphLO4e4_QISPDp87K;U>k=dkERA-)W<nz_MAc(TCUAh=`xo;KY%pg>
z38|FR!ic&qEq~+vMDj=<?{svYl3eOV`l!Rl`1WNp`tY)}mqY#2PwLWPyE~4a+Fp}<
z1e3Onh_b11#&RnXLluuaRba7~e;oRzExWC0Z$eFG%dt9O^ZRLvk>uT7O(A9j*o>Qj
zn#IuQkg7BbqMSqhiPdye8Jv0%tK%V&eNPhEx@S#yxW=|OYwOw3y+k8$0{5bCPceUa
z9tI=9)*^Pts){@C8}cRpgt~89vjMKGE8RV}S0!_EX%80C+?D;Zi)q^DCWoQyv_H)e
z0nQp(*|wbvwTj+p%@z3*6M=038D9o%=i(JTQv3}s2x&q^ot^jcL-dLGdP-dTy$){q
z4GmOfoT9h|Y8ki=+m^K2(AF--QmOY}LU9_mU`RvXLro%G^^Q?1YegK&a22IeZm24J
zPmLWb`V_CV>IF_<ZE=QqPrqz|u~K-R9FWCc73}`;Y%>Rgv(8n&LFXYl>z7`|MLC&8
zg2rgit%0;H&M3ns+ud8Z!q0r2U^chAQs|bP?Oe}=(ZO_uu**DqP44&hYpxT`+#_K7
z;}6@hjrqMi`SkIl2%TELWw=*6)*HLp%yQ<#$Lfoz!#WLqn(xQQMLa@fHi~UR04~-R
zNj9!V>+uc!boo-dsb6WSjS+f{`w5zP=>1Z*L%GQ{LVNBa9(R<5zNf$*>=s#68PaqE
z3vuGB&?0w}XC*@f?ql`XCZZYKT60e*70gs&DwY#Fj1EXrRpL3vHg^UawzpD$s|`c;
zJL3-z_H{7VB?F9@wzw+5D%)I6su^5~b|uYr;jr$RgmOnN$FZ|!GA*!6bWx>wWCBvV
zWu@huhmuvd*0WAuLGc@^5LxHCeD{=%E<@4zJppZQbkb{(-Z7t6%__{oyTY=aRnoVo
z7V>e=#?96h9TU}c)Nxs&)!NXF=Ezc=HrUs)qO)>q)k?Dgr8=*Ntl()K^jm&=%vQ2j
zpNO?La{MU@i^mc>f$pBeA97=M)4HRPflbptw{X2tgS_RZ9pF;~qe`{kek405Pv~Ha
zvE3K;sK!qmvf*_sB@oz%pZ4&_k2!5Unq&7UeN;5*44c(_BA?p0d{B%NR*GaUEG?a`
zv5vD;G{idSB`S{ph+8sdpQ_I)$?}@%lev%%*hFV?Pw2tLJn4QIwykH7W>{wjq+lR-
z7u06Pmg@c^zQj-K<ZD>1P!G#SYOe6YLiKkRW@^vT`li75i*IRrlsQ~B*<YXATok_d
zd>vZwZAOMv)M7fB6W{smiHvfbb2pcu#M#%JRQrb0Gu8YnHPgkF;akH^Ww!Ep{FF)D
zKGR=+gol-Ld~@dQFswe$dZ`JZrk(a?NcikuM^S^hxZu)N9$mSgP_Cn$G$<Aj{f!~=
z+tTYSn1l@<Drw`rT-Ot4a-MZ~(*bSQs@d{Xti;|KxwLzNR`)H(Gj(Fd^ZI%Eq{0sx
zX-$cyQh9GG?B?6kwyWa2<ArIt#7lei9KW$qc(_!M94!u4jSwnsSRhcMBYp7x_7=sQ
zv(ye^ppnbvSL!N(@sFO>O#}Qr4ylWEk_p1XRcL_19ZAXY$S#-dPvFxAXd~}7IOZ`_
z;Y;TbtOdNlukLUCqjs#Ry8LDLClnbOOnw#L!~?KZKCbwLhEgypw8}s_of>mB4A?pA
z+P=qMd$qn;uq+pJ!o6)D_B=$l9d<<gS$oc@jJ_Oam{j5Q9=*~N29#?WbU7Cfyo#Im
z9)CZSWflfh-4>1tHie7nHO?K^z>LtC*(){d$<9PgPhd}b(OM&H@#Pm%n(s79U=cB>
zaLyRYo?UVf*C+$h-wQa~HWc&w=~fA-)_eo*u!Rl1PW8DmdUOQ3a6%LeuVt;BbfW5=
z_Klnq6-lY2N1{$829+-s9lBX98!Wrcd+g!1y4iIs>H=|zDH3m|+3`;jkVvGF->JE|
zStJGs%vq~#=qc&xTnH=}$5_sz&V1By6x>7zR1e>o=C*GAPG)8g(~2jYqY;ye<m&sz
zHA1<<rnO6?A`#dcuF{~~;qrhlen{C3mr0+&`)orpk!hb-&OOeFr(K?siD;a2iLj56
zwYMv`Q=ls^_=iH8^)zaaOXo*KQBa(mA(H*8?vu#czG)S>wWD#dr?HdtX^S8=1$mOF
z>6$Tur8(MVJYz!*op-(a@$iE5(lxL3I6U$kuwDQKca}rfwTFFu$+b!x`uZGIU;A;n
z7V6adu{JN7Y=t-8`3^7EV-KR->T=v|7&jPa6y8v@lp#{fjn<M6Qc(gr0eFxCr*cV7
zw8<Tc__xuH=(G%@v8pnK2Q8hE4Oi|GlY@NCqVB~4cB}Bd^V6fcu}x7kvR=j`lrf*`
zFnKi7xMC)^45Pqe_eDg_t%~Mq31+$CfqnhjHv@L_dim1PcP;4bIPk&3rISYOI26>D
zb-K)_{X6PT7R6J|wMgI41d^Qs)6Dq}rAvbi7@vH}Nnsu|`@;CgV1$SN9qq&|Vq$4J
zBlmMN7+YvmMm%`7)@f06S+g~!?DaUWHPZ32bLK+7(!p2i%AV_CV(D!Ec7|Q9%p{(l
z5#bRIlU35Qd@F!|@L(>b;HmpcEaAe|aDsP<^&%G5#68MvWTVL#czs*uOH5N+rG-Ec
z;!@G@gM~1x)+xJ3cr2%U*;-FAerym=m<gCH*oSxBE!0T2AM7YOG7-e6uHF|Ur!}IZ
zqF1@~>h-;XdOKJnRI|OMz%><(rr9i?V=FnUCz9VRN8Nlv%sfDHGrm+~N3g=n9}Dpz
zrwV0A7X8aT?BMoburFEvqVD3e5WT`BlRr+irEfY3zfi^Xng7KwRVnW#anP*%xzm*T
zTikPw5cW3;N!VPjhNrWRfN`ngNW&Da-rUm^@YM#tXKd?@gEYpfqhWcD8OKg?Qqqge
z51S?+R<cO-eL{68cFTi<(x<dcCeQWCR?3YG4y#Lm`9@cuu&4PQ<^#ID6oK^E@(X3d
zk+!Sr{fgLUgXxlPo{1D=Nv&CCeO0HP!-YJOObE0PZo>mYKlV*osNOvz&}}p4Wg1vM
z%j_XZ?Tenukv&BR$oTq{e=ssyFTH&=62s6j`jvJu0e?vxh!e>Wtnro`)~VWDr`5~g
zV;)7Cl#!9bW#J=U&b3J{<e*agtfBcVYf`NbrlclST!m+}u0|nIPK#HvYV_<yY6B4P
zDIuOqHKItiL0x(^<yBT<H}m{mw2dc7%W*g6z9(xG%@qZ|%R(WowWipd-ffL!?}K;p
zl+-tQDL%?fk7gBzfe@v^2c-difVC=_8PUb6uzbqx^9TX=K!O)`NF&Eld)-6L;nzJ1
z<;bUyx&7SFp-zurAkTP{?)on9&Blm}E+(Ie;7sNoQjPu3cR3Y6B%<OGMU_v07ZYg&
zjxb4&?*%78Ba)LW=!xAI*uwqvxpU6*{CrRUxG=&Nkz>Q8_Ats~{qo6Is`o9Esc=6-
zmjc$A7CyHfQa;x@bxK;|UY|w|mqrM=yVn#?{G}`<-5ZfrdQmoBwc*iR$r>hEograd
zp-5f5o<|I|{g?WOSNS@XLdubr7R(LjEiA>ItUrw@{P%8e+NHnbAVY(_E$SQUR%HAk
zSn}+E({BS~lHaDtpC=nQMlvxRnRO@=ltQ6F9i_heeSF<}mz|@G1(_HL%fTQ~1*sC(
zk;^859wOqfYvyvyNZ0DbPSazO6anwOh1$4PZr$Q;7ML9e+CLeG!D>5Jb<e&YbOniK
zXq=5-Q?>o}I48E3-GmB+IRoj1EDB3u*c)o>;X%)*&a$oV^R(G{A@o?JKc}tbz9R1g
zKem~uJ8k!c=Mp&Uc|intbj28H#+!Y&+q+uXG;OCfud|t6Iw<I&ZBan5jAOKS?Qj;4
zqg;eDH@Qf0{JXH#1tvABO^L{t=RyFR_7`3n-I%-P_lD1Wj7{DtQRFTuxTOn8V3=lS
zh~$ub6yQoJ0eyF_(a_*c(Zw$NqBitNkT@a1jz}A|&9Zi`5Vk7H<?v2+oT>?DAvob>
zWy|q>zfaVuu_CA)-e`(Pn(Fz}kSEu0InHawx-39u=|I0iG5%fcu)4a*jlAzV8fPlU
z7GEtD;O(~I%P8(uhEp&y5khXx`aWaEGN&#eSFSbKKJq-Z2R;j{mA`xX_AHT4+luQ$
zNfxO@SdV`!VfcY8yS(XPP)<ES>jMFN$@yGNPjky#udWDj5vJr?ZO%h6K6B8_&>51`
zmr<?ynNj!h3LzvNW?A>)Z`%;sA*1>o!?)MGg@*emswIi;zBbEN-&>ty=y|lFv%hZv
z6KWw`tYX{klOE<JJeVmMhksG?eAddciTU~tq{{hjmBZU)<pM5}-gSXVw0|i@iua+c
z&Qn|gmXa!^0aHH5Qw}{K2vYjQejX?(Hkg*Ke4Tmm$+Wy-R!z0C`lO3t`3AC$EaTgi
zX@Im#SA!SkYR-ai2P$m{L0ix$g%{iww>GSgSt6S>Qu*3>#73?p7qS)Us(Iia_G;~M
z>~Pid>gv1a&0EoB?llk`^^Hu(W|jPz9I?#^9WC5!H7>6Z17~FlZU|1S4_pYZMcZJV
z7-@@inEN}(;+9VWR@FF{BQW2Yd;WOD2H<}xk}Ym*Us$;L4ItkPE-%JIJ&2H(*Y<sK
z+c%Tbd(tvug|<9D3O+BXv&nZorf2gABctZWTGJ*MoImUxjA?&-Jd6x!;}<2*{qEko
zX7MHlJ<yw`SE^4!IP#Jq^2H0%`nN>r2idyI?flgVr0%_2oh<=wKd-1-E}K$Z0{PT2
zbXz&hP`%$qzGTczg=+S-6x3d-imX*kJ3@A0<~-!+u@q^z*BMfkp0O{^th;=*GD(rR
z(8sky)2_|-S5A;W9hM*H@b<q>+i<9Jj`nKJFt%KBu}i_5Ur|3IR(8h<LHi|I{jVwg
zFI0!<S4)vX4<<0+WCuq``(tN(M#44Lrxz=2OZ0=A<JuhF7AZXky<FkM!p}s+`1DED
zp)5ucRs7(bE>gVRMGy-IVJ8H8R9@L{)s~wzzev_2E%isS7u3_`s>V`IR9}=qS+A;+
z)z<!wt6_mmqzH7b&u)A1ywIaT>HNJEjDI#wKb{X5X3Vc|Y;Rr4iiB^VFQ~~Kj}=U6
z=yx5}uC4^#b%s1wSYerIfK3CKx=0}()O>uAljKsv%g`LlZk~9)5#|wt6>s+Mto=}F
zTUC%-;>2*`2D2ZnX6I}(j_rq&oV%8f{8oM9QSRh*Axh8d?i^J2ZJTHA0xA!H<0+;|
zMjQ(Yi<{f1lA(3{_I9`3P%}xeA7WCwu5V4~&5~B&xw3a(s2!1c&dQ}?LshkJw?^y!
zOs%j3elfz*J7)n11sSH2d>Y!&jY1sR^r3X2$qSX{Oa_;ZGj?+Wy^ix`hn6{JbJ8yE
z=c#o>_pK>1L<H4*w1V#ZvJU0k=AMg~oMsjA*PS0kG|BI>&{ntP7^9Do@Z&go#7iRG
zI8=+X4XgrVrYdBk;Q6~p#k@O*VNeYXZfb8Qin_|==LlBcUE?7x(n`PaA`b6LU~de=
zETi`I*Ma<<AI{UU(XAv~zRAkATJsmDd3jhNu53gsmb_tkY4S$z4LS1jZ0x;O-`H00
z8R=TJ3?qO>nyQ)x`bZBofx<%bPNCE|3x%Woor=&6z0W+%Y<<fJVWV|F-j_{7rHdQE
zGqOnnV1?L)UEw`Fm(pR0m7Ie%-UQ0IMZ1rH&U7o)I-4Vv7vR(ZQeQ8xm%4QRh#GAz
zZk#@tR=DM0@FR(f!82Bl?{~-%Qp*Te76$6i@;CA|J!C`ll{mzf?XtN%1lV0KzAKoI
z9a$W?hyi92Y41z`<y@t(fRxPNCY5!B>OIC7#762ds?D*yNoC|U*ZZmKB8d#&yhyN~
zodW_2FQwhtaHn5+>rW#vzgxMo1o(mMS`imup0mj+)`IRuII`t<t=_?==Ep!r(kANN
zHrU_U4r{fux-OcaE^(gW*E&gdy9rxle`@pLIs}M%BDmB`LhMi18Nyq|>#<`z;O_2)
zwq1Atcv3rxD&2`sNUNpp2nvz-ITu&322H!v3gL-7W2&Y~Wg%KHFjp=w)8S?7Q67Oc
zpS;rq0%KlVs8abpZ_dvORc0%(0*Fj$%REISgBQ9_eGH{)-<xOf7!8}O&Keu7vr_t(
zF*apOH0as61|6sa8=+s^0uAp0%%45vwut0?fc)Y%s@Cj2z704U<ms2g4WL}3n{AV;
z($o)LO_ii8sJF#I@0TtOTM36agLHky3v8qS#cS_I!o?Fjf;huU7QGh^F{+AGr~H9E
z4wredpIRGiK6e{c(p1H=^mzD`<P{tG2Zo&I#8&l+^S^_>&WnjZVB>2aVivifsHE1*
ztugLQQP3oXMHW%`ZPiYzl1-1%c%`MaKBVI$Myt4HYpQ8!wZ7vn=QdG7d~pGQe9xma
z5#KH?Cf7<@dMk8+4Z%3Y^VpewrN<Fo81HyWD#iY~?TWaa?;dJS2jX{5>!>|e-^#Qx
z^1P&F`85y3$~t7O=_Yv@1s!NMU+?&)WaNykF5pq|Q7^)G&f5uiBKEqFRTufF%+DWd
z@54eXDlGE7?%z&aDu;*nzXHyUddXMq_iaTLQMdB+MGf+!++1lSxFhVGn2g$^OG`^}
zMNdAlE#}I`>6}CiTgO0rdKmf`X>8){(55T!548X=lgS~M0vKb=^l>Vuw;Qj1_C=Sz
z_GamEZB?Gx=b(j<XGzso@Mpa5_cr>V?MRt$l&;P^%PZsRQZ^z}`zJ{W)GNoDsuKm$
zr|<O8E0>U2MTzjnY~9(VEh7nebK6LuZEa@D*+#cJ!X6DKPF*-^oe*EiK5gwwux~uX
z>}Tw*9YZ{L9plnvU9QSQxgMt3+`F-0tq}KYvZsgDR%v%qugcWiakp68$j4E#OI*}9
zOL%a7Y1`>|n_{|IyR!UPHxgqe*}FnQW(>FMv52x(V&Yh3nl;VvW$ELc9JBTL!-vrU
z7Lk!`eqpua8V@*hG%bn}49h;z<;hBCJ2eQ4slY#{R&SR(aOArk8y;T^V=C+8Bftl}
z1CG)?dBh<dbPrUkJYL7v(+ED)sL$lHO}vF;=jPob3y3U;>ogI}yl0ulZ|G(B5ejyG
ze-fjj^y7-&U27!bERkVHSp=Wnl^z0_XQ-}#P7E*`5?jyY>+Q2JCn(9y)|G}X>PgOd
zI{;mrJ5+S5U^IG{S47h^d8sWdyz~~onVo1I#P<>w2E!8TuD1MUMpe9YeD?JCXjO?_
z;;47prA(ak=gb~g6vT7#bW40;V638_!(q0J(>~UNG;u$%=x;;oGINDgBiea%LgemJ
zLgaMNYuH&V!vp)|I@MltNCW>IYuRUW;{L>y9`NO|0UhCCm<L|#S1qGT<8GWh)BGme
z)xM}<FUxWF(jh8CkkC~8^%;s~X0owkSdp;b=s>svCvSMI>`G$fWd2ouYUUQtHg2|%
z*C^MG5uo?ln`gRFVH;(MAUDfQB-vx1JeH|NJ6=H^B<)?qnqRZsTcBIynL%C~8Ph3Y
zpG05VS%>PnX-zlW-nZ+frP<bC!4H@`=PT-hV_Z9onN;tJ5ameT=qzH!oj3`vI~Gp)
z{CCx5h(sYj%uP=168rO*SC^2S<dMtWgIw(ZUR09XO_Vv0?R3_(CE6^V5QfrQ#-<^#
z$Js^niy!o>Xn|f&T9_O6N$D$jybh92uMDEYi`qkp6#H=0*r7uE_DCACCDcL)4|S~<
zV4@BF;Wk$*cIKueBFq9abWJRpq+<MH(hquS$82YGIW!9XI0fxrZYfH+_VA>hfZrz4
z-J~eX(6stPX=m^Zf0VY@*Sd5pD@TE%v5xP$`FE&jR&~(m9bT=>0<Y?{mD%6W<ej&8
zmrz*$Tw%YL5;{;yeXphoqL0KgvfDXIZ9E!$$75Y}xwCvL6CT2sYYv{{l-1sIKNwuH
zvbN;1+^a4uEVMUDau_*BwHg^1G@~!8@=SvODbeV<r`<0mms}v(FAEvX<w*MP&0kf{
zuI23p94E#rHM}*LOJeigNs`C8Bgy4d6?X`%&ht5sYgbc<uva*$A{=Qam$K3?74SdZ
zbO-xZ0Z%kVQ3$3dmfx7Z^~fs2__*UytZXGFclLY26MGLZftWwi6DXr*+AGMpzcS=6
zFGW9N_WI6}Zd1bI?dZCdJfwRTh40<d4ak+&r;F@XBs@yDTEvV4i-l`yCX@?9o}0bW
zf{1n->esp(B@iG6=?cQ!4{Eokn=~T~X`Q*~ar1a}iciSM1lXw+yJ;^DQu-6mPM@Tu
zs>7VncUO!d7S6h<CuxQk$Qd5SqslAgEQ{+8(li{iBsY?Q5()gJl@^_6+TA!zvW|#Q
z!31T^5k@M$>4Ju|FV6J7ug;=E<pf07MS5s%jKZCvjUUsDE){%0#Zj;I#|*VD<hEiq
zxo_EhxW(i5wzzU{3&*^oNmuz?p{cCWr*m8C{d7zUbYiusj*Et`&d0n6FVc?1do^LI
zH;uLW>XoKvN)t!J5jBhZ==Q>MYOQIQ_hkvuNZ})0S)lXQY?ZH5Gd!M?hBkkc6N+E_
zb&tv4?yT_9x-75FA^2!Quw|!ERp0`=?%K_qtg_3jpN?$RZ6eh8akWxwCYj?-ddM~o
z$|)4w(KV8Gyg~QphQTm($-Jjnw7O`s5x&@F^Ft?RfGZRdTT3ytam-i2cC^stD8jGi
zb2MYKCG!ipW?As!+~C@N=8hi?cc)-|gS$fVf%>I+hy;UAr9IZ%z>#kFT%)Dj)CBkC
z2aaM3UuK|u(T`S_Y=nT#?m50<<rgXJR7hMYcx>A_FE>{q`PuvzT(S6Szw66m`6TuP
ze|VpYS>OJwa<@c?iYhqe%T~c$B+*5O9GTj=U313}Iv0=ae3`o}w4jtMobu7E+4m_c
ziO+jHSXJ@jJSLv#pdNX^cEekdoJi%$L_1b?XM+U4<v#z*fT1vzH#VW4$WVIyDHqE=
z^ifr#jHj}?2ffE}2v{7Dt@G^|S__RY*C)cs^IW@g3v=i1(A<?}+C9AkHT1OPBfINf
zRqo`S&b3Xm^qx#TnL}!9jW1H_@pqR6i6TfbS@7KbBDLgj!c7)~V#I*^=Jz>;8Y27I
zPF@vxbl`*}qnr*0xOWuDSt!*CjSS(7HfjX1VC4%=mGYP_4Jea$OG0jsrm%!-_evK;
z$-FNnptvJlq^g@@(f-mJVW1;-e7NPB`JPgc8GXa2<HrnWxl>&a1r=dCFZ`hAbc<iN
z+P50Z6e!p43Vs_q?uPaftmIWNmp$%w8r_;xt((&=6<#gX&OA)rMJ$xDijC`3H;(4%
zg(32<En=T45ZSS(@dIc10L5;6?@GeV8CD5ALYbGntUrBU;$&(Ux{W=rH8{77yHc}l
z-@o9~>zSbXhxuDnFI&MaP`=11>>2*r(1z>W$dq5%X&!sMk2kVvqu&;AR=!d1U`=$X
z;@Yv+Vpb+yb9UL+{JG8EK4U7HK-2eFPwerp6-}3BaQ-oN_NSEVqC9Ba0G@N#v>30g
zXN&5$>4v3d`=t7EDL#*3Dqi?gH^U>iMb^{DOI9k<=PMgW2EZ?**d?lVr>Cdq$0&O%
zD~Af*L)6le8S^XGqZo4+(uDCJW$$?2X##{XjArWS5XsH;OVvC*M1*GY?TlK_mkHSP
zu4akp3{62V%O{3#S<j98VpHx2ge9a^Pu{6cYChgw=pyZ>J#NrpiYbAXe2-D+N5(I0
zKy%*?$qe8;PW-w;v_i+C@7cyYO}5Trz^arKpOL{TQly{|&K23+=v(Z<!YBWPe<3kP
zIPNnWLn~{)ad+dXyF|J^AG0ASbixBpPxwGqhNrV?c%q;J9lZlz&=7uR*g(sB*u7py
zfGztNb)wF`VGr=TwCkq7kF|J@xStVVj!svxIFf^%uPVtGO&sp9OVHztC>PHnbGA$|
zr2`wCl^$G~ssSN&+Hbrt8;QQ>`Jm3R`CNwk7Kh`2<N1sUMc-kmZ=Vs6uNK9Mf=w-A
zYa-hdT=UZc=M=kRm8V`-4Y+lrI@>pZflh(?llP$=(VQQ-)1S&I49Go66AGHUoMz6$
zA+ZFAUcsyz`eVvfI9u(fg@<~!i@BB*nmnBnpKuWAqv-P~A$&mFd*fQw=P{83XqzB@
zw;PLYY4ko5v}IXOQD=-|>wOrZst7I@Q;1#on`kY{^Nc?ap0%xpuu{mPp23_ZCGmn`
z)&$W^8s}(I>ES!A*4CoKQJ-9w5%)(}M!&6!MDGws5nKi}BwyYuk~J?6NL(AcV6A@@
zb?!9h%joPJt*>vP7?(-g7CsgH(NtoIdmXf|mM(N8QH@8({~B_@w^d_3G7Y|?X(U)C
zQ^IofOsf@Szq&axHa3QIy_+qXS~e-i0nIgL#d$kSw}x};kX;;btvLlrE!A326w^yL
zv@SBSyEcD2qNZ=->|DZzPGd@35UqJzV0u^|H=*?LHqB^Chw=cWf?y<q2oRSO&P9te
z%!1foOD$_?8JYqu=0F=5sq0SQiqR4M!BJY_A^tK6v-}=0&#&gu27`RK07&i25aMAJ
zgq*NKSq_l9$<LB=YE?Ft%|(KZod<=|Km<SKBW|&1ZGCqyDU8oSGBEWEEI1u=jA4LR
zwwF(?3@W!1s-*maRn+<q)h}^M_Y8tzbg=xh4x+{&9n-@Ojikt>>MTV5*%^MBFqEBr
zlArM-RCapzWb08Th}TVDM%qSQV(~s%>tW8qW9%TGR<Fcb{STSp@-iE|tpl^n#Dx=c
z@sqbw(e5!xB~AK(+P6aL(k0S|e>zyDLqs26JQ>$Jn~hs+yC#*8?}9{Ig@CN02(EpP
zEBj)we?rsy32!3(AyJnTw)Utc(*+KNkqcuFeWa|nz7R1vRH)UzZX9?s88J3iX4tIv
zBbf(KAjMg`(|Q>f@JdF9?M+#@rq6x;FCeBxwEJi$flX~Vm9JR`$lzjea>!L4Ptn%y
z<^IvE-R&rt^UDtMfkEe5NbWT(h(!xboYQ&VvrdsqeyBC3=FUHIy8eX$zQ7uE9+8ui
zgV|0FPclt^-r(cIQG>1)4K-(4w)68K2!ToGGr2k>rx<V#xOZ(NYPE$8*{klHSE)%}
z>n-1&3}_yH%9cyb3aB@a&f&Y^15armwc43}7sJcA=Z<xN_Y*DoA7p|T`-_`ZvT^i(
zq_u5tZ%1dj^?Se#h&-4bs5Xy*Og{=9GkegRmWok1Imx8CNqxXjf~Y7RraLGQdY4+p
z5F&08_`W}W)kjhS#WD#aB-R$tm%w=k;L+M8xtg_q^p7B>zaZ&_L|Mj@61XC-Olp5(
zko6i{pW#pl^Ruvow}Fa#u%Hp>z=5F-%%pt&uXPubc_|LoIu29Wl!Dg4tyH9qQq{s1
z8$(%l-Qypz3`EQB*BZ6oYZMuIcm-s&>009Bl-Dv-R!^OfREX%Dp9{cGK)eW1)+bU$
z%l31Tv139Lo<prwIi+-Jkr@I>dwvCleUC?G!2q+RYs9n}6Gz2IZXKk~GfugrnB@2m
z0#BWHvSKJ{y<S(9XGaC5j~3Q!R=$3lkwATcIpaRa_VbkdALu^6`<<QcKxcO(boHka
z`3KbdCe{Ithhiz_Pr>|0>_C9C78+ac>^1^j{P))bu+RY#_2h_OyQkml@mr#i`$Cp{
zB7*271V3>ozlwPE=;)3Bq>19cJ-qSXkN@9dI~ANkgoA?v)wQAXk8sT2##Ws0TYvvU
zwbS?OTc8^^?h(ko64yXSBhl&*{0b%gU6k;;Fnr-~_|pdeHL{=PIdu5SZ*>Bx-VA}n
zUr2uV?K8g>Kd_@CiE`~t4*osVhzb)O>T~BNq2zB7WWR~rD>z!zKD2}kiT%5*QDLG5
z`L+hZUjc!?efG~H-a5K*$ulCU>)-nOTM^y$k9v42s<gk;^Yb}6b1=H`b$yb{pnnkj
zcLmHqbl?6<_^)WA|1jpiBmQ4e|Ho|o?;QVsUbzKa&qa}s+_-Ur3VR;~AQYCziBS>7
z#G`ug=EhBo+vtJ{u|vriF(UduKY#xJ;ycxMEupM1+F$?t=aoXN`mqhHAJTuf@Uwyg
zo<j+_isa*8jsNG-=$&cMVaOrP&zgT1_%Z9p9u_{m|670ldbEK7u03lzd-VTn>dEbC
n&^?V0fAswCM*b?e2Hb>OwQ`601j5nO-jJ14dR6|?IPm`i{=L6Y

literal 0
HcmV?d00001


From f98a366776a1f59ad552ee0c096d7cf183d70e16 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 11 Jul 2014 00:30:56 +0000
Subject: [PATCH 095/516] add FSETID back to the caps whitelist

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: e8762bfe39531309327138d93c0b586f8b9cea99
Component: engine
---
 .../engine/daemon/execdriver/native/template/default_template.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/daemon/execdriver/native/template/default_template.go b/components/engine/daemon/execdriver/native/template/default_template.go
index d0894a0c9f..cc5cc4f428 100644
--- a/components/engine/daemon/execdriver/native/template/default_template.go
+++ b/components/engine/daemon/execdriver/native/template/default_template.go
@@ -12,6 +12,7 @@ func New() *libcontainer.Config {
 		Capabilities: []string{
 			"CHOWN",
 			"DAC_OVERRIDE",
+			"FSETID",
 			"FOWNER",
 			"MKNOD",
 			"NET_RAW",

From eb6f1ba58f38b65a9e4f1ed8840b59a614973f63 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 11 Jul 2014 11:15:41 +0000
Subject: [PATCH 096/516] Add Tibor Vass as maintainer

* hack/
* archive/
* integration/
* server/buildfile.go

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 1a99f36580fc814778170ae68f5ea53694aa5c12
Component: engine
---
 components/engine/archive/MAINTAINERS     | 1 +
 components/engine/hack/MAINTAINERS        | 1 +
 components/engine/integration/MAINTAINERS | 5 +----
 components/engine/server/MAINTAINERS      | 1 +
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/archive/MAINTAINERS b/components/engine/archive/MAINTAINERS
index 1e998f8ac1..43ec1d150d 100644
--- a/components/engine/archive/MAINTAINERS
+++ b/components/engine/archive/MAINTAINERS
@@ -1 +1,2 @@
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
+Tibor Vass <teabee89@gmail.com> (@tiborvass)
diff --git a/components/engine/hack/MAINTAINERS b/components/engine/hack/MAINTAINERS
index 299d9a14af..5bc02cd42d 100644
--- a/components/engine/hack/MAINTAINERS
+++ b/components/engine/hack/MAINTAINERS
@@ -1,2 +1,3 @@
 Tianon Gravi <admwiggin@gmail.com> (@tianon)
+Tibor Vass <teabee89@gmail.com> (@tiborvass)
 dind: Jerome Petazzoni <jerome@docker.com> (@jpetazzo)
diff --git a/components/engine/integration/MAINTAINERS b/components/engine/integration/MAINTAINERS
index d7bef621cf..4d803a11aa 100644
--- a/components/engine/integration/MAINTAINERS
+++ b/components/engine/integration/MAINTAINERS
@@ -1,4 +1 @@
-Solomon Hykes <s@docker.com> (@shykes)
-# WE ARE LOOKING FOR VOLUNTEERS TO HELP CLEAN THIS UP.
-# TO VOLUNTEER PLEASE OPEN A PULL REQUEST ADDING YOURSELF TO THIS FILE.
-# WE WILL HELP YOU GET STARTED. THANKS!
+Tibor Vass <teabee89@gmail.com> (@tiborvass)
diff --git a/components/engine/server/MAINTAINERS b/components/engine/server/MAINTAINERS
index e35518a6de..c00f916523 100644
--- a/components/engine/server/MAINTAINERS
+++ b/components/engine/server/MAINTAINERS
@@ -1,2 +1,3 @@
 Solomon Hykes <solomon@docker.com> (@shykes)
 Victor Vieux <vieux@docker.com> (@vieux)
+buildfile.go: Tibor Vass <teabee89@gmail.com> (@tiborvass)

From eaad0a8c81a5869f9b8779da8a5a47c0148c2124 Mon Sep 17 00:00:00 2001
From: Aaron Huslage <huslage@gmail.com>
Date: Mon, 7 Jul 2014 15:35:05 -0400
Subject: [PATCH 097/516] Clarified TLS Docs

Made a "Secure by default" section, create 2048-bit keys, various cleanups.

Docker-DCO-1.1-Signed-off-by: Aaron Huslage <huslage@gmail.com> (github: huslage)
Upstream-commit: c3d91263a867aa4ac4da6c2cad52f0505a6eccf0
Component: engine
---
 .../engine/docs/sources/articles/https.md     | 43 ++++++++++++++-----
 1 file changed, 32 insertions(+), 11 deletions(-)

diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index b6ae4ef37d..81570105e6 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -17,7 +17,12 @@ will only connect to servers with a certificate signed by that CA.
 
 > **Warning**: 
 > Using TLS and managing a CA is an advanced topic. Please make you self
-> familiar with openssl, x509 and tls before using it in production.
+> familiar with OpenSSL, x509 and TLS before using it in production.
+
+> **Warning**:
+> These TLS commands will only generate a working set of certificates on Linux.
+> Mac OS X comes with a version of OpenSSL that is incompatible with the 
+> certificates that Docker requires.
 
 ## Create a CA, server and client keys with OpenSSL
 
@@ -25,16 +30,15 @@ First, initialize the CA serial file and generate CA private and public
 keys:
 
     $ echo 01 > ca.srl
-    $ openssl genrsa -des3 -out ca-key.pem
+    $ openssl genrsa -des3 -out ca-key.pem 2048
     $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
 
 Now that we have a CA, you can create a server key and certificate
-signing request. Make sure that "Common Name (e.g., server FQDN or YOUR
-name)" matches the hostname you will use to connect to Docker or just
-use `\*` for a certificate valid for any hostname:
+signing request. Make sure that "Common Name (e.g. server FQDN or YOUR
+name)" matches the hostname you will use to connect to Docker:
 
-    $ openssl genrsa -des3 -out server-key.pem
-    $ openssl req -new -key server-key.pem -out server.csr
+    $ openssl genrsa -des3 -out server-key.pem 2048
+    $ openssl req -subj '/CN=**<Your Hostname Here>**' -new -key server-key.pem -out server.csr
 
 Next we're going to sign the key with our CA:
 
@@ -44,8 +48,8 @@ Next we're going to sign the key with our CA:
 For client authentication, create a client key and certificate signing
 request:
 
-    $ openssl genrsa -des3 -out client-key.pem
-    $ openssl req -new -key client-key.pem -out client.csr
+    $ openssl genrsa -des3 -out client-key.pem 2048
+    $ openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
 
 To make the key suitable for client authentication, create a extensions
 config file:
@@ -67,13 +71,16 @@ Now you can make the Docker daemon only accept connections from clients
 providing a certificate trusted by our CA:
 
     $ sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
-      -H=0.0.0.0:2375
+      -H=0.0.0.0:2376
 
 To be able to connect to Docker and validate its certificate, you now
 need to provide your client keys, certificates and trusted CA:
 
     $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \
-      -H=dns-name-of-docker-host:2375
+      -H=dns-name-of-docker-host:2376
+
+> **Note**:
+> Docker over TLS should run on TCP port 2376.
 
 > **Warning**: 
 > As shown in the example above, you don't have to run the
@@ -84,6 +91,20 @@ need to provide your client keys, certificates and trusted CA:
 > machine hosting the daemon. Guard these keys as you would a root
 > password!
 
+## Secure By Default
+
+If you want to secure your Docker client connections by default, you can move the files
+to the `.docker` directory in your home directory. Set the `DOCKER_HOST` variable as well.
+
+    $ cp ca.pem ~/.docker/ca.pem
+    $ cp client-cert.pem ~/.docker/cert.pem
+    $ cp client-key.pem ~/.docker/key.pem
+    $ export DOCKER_HOST=tcp://:2376
+
+Then you can just run docker with the `--tlsverify` option.
+
+    $ docker --tlsverify ps
+
 ## Other modes
 
 If you don't want to have complete two-way authentication, you can run

From 62e2ad87d957c263ee33b3e9fdf4e968d5157140 Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Fri, 11 Jul 2014 11:42:29 -0700
Subject: [PATCH 098/516] Edits based on feedback from docs team.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: 358758e99fcfd40508b77b06bb8b53ecdde71a4c
Component: engine
---
 components/engine/docs/sources/docker-hub/builds.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 1323f6ff9a..bbca826e45 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -28,8 +28,8 @@ Automated Builds are supported for both public and private repositories on both
 
 To use Automated Builds, you must have an 
 [account on Docker Hub](http://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
-and on GitHub and/or Bitbucket. The account needs to be properly validated and activated
-before you can link to it.
+and on GitHub and/or Bitbucket. In either case, the account needs to be properly
+validated and activated before you can link to it.
 
 ## Setting up Automated Builds with GitHub
 
@@ -49,7 +49,8 @@ at the upper right of the screen. Then select
 
 Select the [GitHub service](https://registry.hub.docker.com/associate/github/).
 
-Then follow the onscreen instructions to authorize and link your GitHub account to Docker Hub. Once it is linked, you'll be able to choose a repo from which to create the
+Then follow the onscreen instructions to authorize and link your GitHub account to Docker
+Hub. Once it is linked, you'll be able to choose a repo from which to create the
 Automatic Build.
 
 ### Creating an Automated Build
@@ -120,9 +121,8 @@ public or private Bitbucket repositories with a `Dockerfile`.
 ### Adding a Hook
 
 When you link your Docker Hub account, a `POST` hook should get automatically added to
-your Bitbucket repo.
-Follow the steps below to confirm or modify the Bitbucket hooks for your
-Automated Build:
+your Bitbucket repo. Follow the steps below to confirm or modify the Bitbucket hooks for
+your Automated Build:
 
 <table class="table table-bordered">
   <thead>

From 241e1f987c6b220884c662d4b21c2b0c760681f2 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Fri, 11 Jul 2014 21:49:24 +0400
Subject: [PATCH 099/516] Use container.Lock in public ToDisk method

Here was possible race with inspect where we changing HostConfig.Links
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: eae5cf1e20e8d93cc13ea8e1db3cd787250fa76d
Component: engine
---
 components/engine/daemon/container.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 419314b8ba..10a8caa082 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -106,7 +106,7 @@ func (container *Container) FromDisk() error {
 	return container.readHostConfig()
 }
 
-func (container *Container) ToDisk() error {
+func (container *Container) toDisk() error {
 	data, err := json.Marshal(container)
 	if err != nil {
 		return err
@@ -125,6 +125,13 @@ func (container *Container) ToDisk() error {
 	return container.WriteHostConfig()
 }
 
+func (container *Container) ToDisk() error {
+	container.Lock()
+	err := container.toDisk()
+	container.Unlock()
+	return err
+}
+
 func (container *Container) readHostConfig() error {
 	container.hostConfig = &runconfig.HostConfig{}
 	// If the hostconfig file does not exist, do not read it.
@@ -482,7 +489,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		// FIXME: here is race condition between two RUN instructions in Dockerfile
 		// because they share same runconfig and change image. Must be fixed
 		// in server/buildfile.go
-		if err := container.ToDisk(); err != nil {
+		if err := container.toDisk(); err != nil {
 			utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
 		}
 	}
@@ -1081,7 +1088,7 @@ func (container *Container) waitForStart() error {
 				c.Close()
 			}
 		}
-		if err := container.ToDisk(); err != nil {
+		if err := container.toDisk(); err != nil {
 			utils.Debugf("%s", err)
 		}
 		container.State.SetRunning(command.Pid())

From 1e36ca46388b0d96b04ed944cd6885b76bbaa2c4 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 11 Jul 2014 22:39:43 +0000
Subject: [PATCH 100/516] proper rebase

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: cdfdbe9bc61b157b0390bce26c4d6e41673ad495
Component: engine
---
 .../reference/api/docker_remote_api_v1.13.md  |  2 +-
 .../reference/api/docker_remote_api_v1.14.md  | 30 +++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
index e0ad957941..1cbf43f4ce 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
@@ -1,4 +1,4 @@
-page_title: Remote API v1.12
+page_title: Remote API v1.13
 page_description: API Documentation for Docker
 page_keywords: API, Docker, rcli, REST, documentation
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index 34a8195e8e..c2f897ebef 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -302,7 +302,7 @@ List processes running inside the container `id`
 
 `GET /containers/(id)/logs`
 
-Get STDOUT and STDERR logs from the container ``id``
+Get stdout and stderr logs from the container ``id``
 
     **Example request**:
 
@@ -593,16 +593,16 @@ Attach to the container `id`
     When using the TTY setting is enabled in
     [`POST /containers/create`
     ](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"),
-    the stream is the raw data from the process PTY and client's STDIN.
+    the stream is the raw data from the process PTY and client's stdin.
     When the TTY is disabled, then the stream is multiplexed to separate
-    STDOUT and STDERR.
+    stdout and stderr.
 
     The format is a **Header** and a **Payload** (frame).
 
     **HEADER**
 
     The header will contain the information on which stream write the
-    stream (STDOUT or STDERR). It also contain the size of the
+    stream (stdout or stderr). It also contain the size of the
     associated frame encoded on the last 4 bytes (uint32).
 
     It is encoded on the first 8 bytes like this:
@@ -611,9 +611,9 @@ Attach to the container `id`
 
     `STREAM_TYPE` can be:
 
-    -   0: STDIN (will be written on STDOUT)
-    -   1: STDOUT
-    -   2: STDERR
+    -   0: stdin (will be written on stdout)
+    -   1: stdout
+    -   2: stderr
 
     `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of
     the uint32 size encoded as big endian.
@@ -627,7 +627,7 @@ Attach to the container `id`
     The simplest way to implement the Attach protocol is the following:
 
     1.  Read 8 bytes
-    2.  chose STDOUT or STDERR depending on the first byte
+    2.  chose stdout or stderr depending on the first byte
     3.  Extract the frame size from the last 4 byets
     4.  Read the extracted size and output it on the correct output
     5.  Goto 1)
@@ -1077,11 +1077,11 @@ Search for an image on [Docker Hub](https://hub.docker.com).
 
 ## 2.3 Misc
 
-### Build an image from Dockerfile via STDIN
+### Build an image from Dockerfile via stdin
 
 `POST /build`
 
-Build an image from Dockerfile via STDIN
+Build an image from Dockerfile via stdin
 
     **Example request**:
 
@@ -1403,16 +1403,16 @@ Here are the steps of `docker run`:
 - Start the container
 
 - If you are not in detached mode:
-    - Attach to the container, using logs=1 (to have STDOUT and
-      STDERR from the container's start) and stream=1
+    - Attach to the container, using logs=1 (to have stdout and
+      stderr from the container's start) and stream=1
 
-- If in detached mode or only STDIN is attached:
+- If in detached mode or only stdin is attached:
     - Display the container's id
 
 ## 3.2 Hijacking
 
-In this version of the API, /attach, uses hijacking to transport STDIN,
-STDOUT and STDERR on the same socket. This might change in the future.
+In this version of the API, /attach, uses hijacking to transport stdin,
+stdout and stderr on the same socket. This might change in the future.
 
 ## 3.3 CORS Requests
 

From ceab494147a6b69b9b9d03da970badd30f9396ff Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Sun, 6 Jul 2014 22:43:24 +0200
Subject: [PATCH 101/516] Stop/Kill options for containers removal

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: 78100706303efdf9a3deee0239a7dbb3a93837ec
Component: engine
---
 components/engine/api/client/commands.go | 13 ++++++++++---
 components/engine/api/server/server.go   | 12 +++++++++++-
 components/engine/server/server.go       | 11 ++++++++---
 3 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 7e1e81e503..decc643474 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -983,7 +983,8 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 	cmd := cli.Subcmd("rm", "[OPTIONS] CONTAINER [CONTAINER...]", "Remove one or more containers")
 	v := cmd.Bool([]string{"v", "-volumes"}, false, "Remove the volumes associated with the container")
 	link := cmd.Bool([]string{"l", "#link", "-link"}, false, "Remove the specified link and not the underlying container")
-	force := cmd.Bool([]string{"f", "-force"}, false, "Force removal of running container")
+	stop := cmd.Bool([]string{"#f", "s", "#-force", "-stop"}, false, "Stop and remove a running container")
+	kill := cmd.Bool([]string{"k", "-kill"}, false, "Kill and remove a running container")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -992,6 +993,9 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 		cmd.Usage()
 		return nil
 	}
+	if *stop && *kill {
+		return fmt.Errorf("Conflicting options: -s/--stop and -k/--kill")
+	}
 	val := url.Values{}
 	if *v {
 		val.Set("v", "1")
@@ -999,8 +1003,11 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 	if *link {
 		val.Set("link", "1")
 	}
-	if *force {
-		val.Set("force", "1")
+	if *stop {
+		val.Set("stop", "1")
+	}
+	if *kill {
+		val.Set("kill", "1")
 	}
 
 	var encounteredError error
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 6d6ed3e773..56b767c405 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -678,9 +678,19 @@ func deleteContainers(eng *engine.Engine, version version.Version, w http.Respon
 		return fmt.Errorf("Missing parameter")
 	}
 	job := eng.Job("container_delete", vars["name"])
+
+	if version.GreaterThanOrEqualTo("1.14") {
+		job.Setenv("stop", r.Form.Get("stop"))
+		job.Setenv("kill", r.Form.Get("kill"))
+
+		if job.GetenvBool("stop") && job.GetenvBool("kill") {
+			return fmt.Errorf("Bad parameters: can't use stop and kill simultaneously")
+		}
+	} else {
+		job.Setenv("stop", r.Form.Get("force"))
+	}
 	job.Setenv("removeVolume", r.Form.Get("v"))
 	job.Setenv("removeLink", r.Form.Get("link"))
-	job.Setenv("forceRemove", r.Form.Get("force"))
 	if err := job.Run(); err != nil {
 		return err
 	}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 40995da5c4..114a3bf46d 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -1787,7 +1787,8 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	name := job.Args[0]
 	removeVolume := job.GetenvBool("removeVolume")
 	removeLink := job.GetenvBool("removeLink")
-	forceRemove := job.GetenvBool("forceRemove")
+	stop := job.GetenvBool("stop")
+	kill := job.GetenvBool("kill")
 
 	container := srv.daemon.Get(name)
 
@@ -1821,12 +1822,16 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 
 	if container != nil {
 		if container.State.IsRunning() {
-			if forceRemove {
+			if stop {
 				if err := container.Stop(5); err != nil {
 					return job.Errorf("Could not stop running container, cannot remove - %v", err)
 				}
+			} else if kill {
+				if err := container.Kill(); err != nil {
+					return job.Errorf("Could not kill running container, cannot remove - %v", err)
+				}
 			} else {
-				return job.Errorf("Impossible to remove a running container, please stop it first or use -f")
+				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
 			}
 		}
 		if err := srv.daemon.Destroy(container); err != nil {

From 3853ef9c11ba8474f2977b60e91290fd2d5ef46f Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Sun, 6 Jul 2014 22:44:56 +0200
Subject: [PATCH 102/516] Add tests for rm with stop and kill options

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: d689a5e1e2633b5fd0db4ccccfb4969e03ae256b
Component: engine
---
 .../engine/api/server/server_unit_test.go     | 47 +++++++++++++++
 .../integration-cli/docker_cli_rm_test.go     | 58 +++++++++++++++----
 components/engine/integration/api_test.go     | 29 ----------
 3 files changed, 93 insertions(+), 41 deletions(-)

diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index c51ea6fc0d..6814ca8a47 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -451,6 +451,53 @@ func TestGetImagesByName(t *testing.T) {
 	}
 }
 
+func TestDeleteContainers(t *testing.T) {
+	eng := engine.New()
+	name := "foo"
+	var called bool
+	eng.Register("container_delete", func(job *engine.Job) engine.Status {
+		called = true
+		if len(job.Args) == 0 {
+			t.Fatalf("Job arguments is empty")
+		}
+		if job.Args[0] != name {
+			t.Fatalf("name != '%s': %#v", name, job.Args[0])
+		}
+		return engine.StatusOK
+	})
+	r := serveRequest("DELETE", "/containers/"+name, nil, eng, t)
+	if !called {
+		t.Fatalf("handler was not called")
+	}
+	if r.Code != http.StatusNoContent {
+		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusNoContent)
+	}
+}
+
+func TestDeleteContainersWithStopAndKill(t *testing.T) {
+	if api.APIVERSION.LessThan("1.14") {
+		return
+	}
+	eng := engine.New()
+	var called bool
+	eng.Register("container_delete", func(job *engine.Job) engine.Status {
+		called = true
+		return engine.StatusOK
+	})
+	r := serveRequest("DELETE", "/containers/foo?stop=1&kill=1", nil, eng, t)
+	if r.Code != http.StatusBadRequest {
+		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusBadRequest)
+	}
+	if called {
+		t.Fatalf("container_delete jobs was called, but it shouldn't")
+	}
+	res := strings.TrimSpace(r.Body.String())
+	expected := "Bad parameters: can't use stop and kill simultaneously"
+	if !strings.Contains(res, expected) {
+		t.Fatalf("Output %s, expected %s in it", res, expected)
+	}
+}
+
 func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
 	return serveRequestUsingVersion(method, target, api.APIVERSION, body, eng, t)
 }
diff --git a/components/engine/integration-cli/docker_cli_rm_test.go b/components/engine/integration-cli/docker_cli_rm_test.go
index 34b5df0338..b61f1c9a93 100644
--- a/components/engine/integration-cli/docker_cli_rm_test.go
+++ b/components/engine/integration-cli/docker_cli_rm_test.go
@@ -42,25 +42,59 @@ func TestRemoveContainerWithVolume(t *testing.T) {
 	logDone("rm - volume")
 }
 
-func TestRemoveContainerRunning(t *testing.T) {
-	cmd := exec.Command(dockerBinary, "run", "-dt", "--name", "foo", "busybox", "top")
-	if _, err := runCommand(cmd); err != nil {
-		t.Fatal(err)
-	}
+func TestRemoveRunningContainer(t *testing.T) {
+	createRunningContainer(t, "foo")
 
 	// Test cannot remove running container
-	cmd = exec.Command(dockerBinary, "rm", "foo")
+	cmd := exec.Command(dockerBinary, "rm", "foo")
 	if _, err := runCommand(cmd); err == nil {
 		t.Fatalf("Expected error, can't rm a running container")
 	}
 
-	// Remove with -f
-	cmd = exec.Command(dockerBinary, "rm", "-f", "foo")
-	if _, err := runCommand(cmd); err != nil {
-		t.Fatal(err)
-	}
-
 	deleteAllContainers()
 
 	logDone("rm - running container")
 }
+
+func TestStopAndRemoveRunningContainer(t *testing.T) {
+	createRunningContainer(t, "foo")
+
+	// Stop then remove with -s
+	cmd := exec.Command(dockerBinary, "rm", "-s", "foo")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	deleteAllContainers()
+
+	logDone("rm - running container with --stop=true")
+}
+
+func TestKillAndRemoveRunningContainer(t *testing.T) {
+	createRunningContainer(t, "foo")
+
+	// Kill then remove with -k
+	cmd := exec.Command(dockerBinary, "rm", "-k", "foo")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	deleteAllContainers()
+
+	logDone("rm - running container with --kill=true")
+}
+
+func TestRemoveContainerWithStopAndKill(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "rm", "-sk", "foo")
+	if _, err := runCommand(cmd); err == nil {
+		t.Fatalf("Expected error: can't use stop and kill simulteanously")
+	}
+	logDone("rm - with --stop=true and --kill=true")
+}
+
+func createRunningContainer(t *testing.T, name string) {
+	cmd := exec.Command(dockerBinary, "run", "-dt", "--name", name, "busybox", "top")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/components/engine/integration/api_test.go b/components/engine/integration/api_test.go
index 0da96ccd1e..b8414b6179 100644
--- a/components/engine/integration/api_test.go
+++ b/components/engine/integration/api_test.go
@@ -768,35 +768,6 @@ func TestPostContainersAttachStderr(t *testing.T) {
 	containerWait(eng, containerID, t)
 }
 
-// FIXME: Test deleting running container
-// FIXME: Test deleting container with volume
-// FIXME: Test deleting volume in use by other container
-func TestDeleteContainers(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	containerID := createTestContainer(eng,
-		&runconfig.Config{
-			Image: unitTestImageID,
-			Cmd:   []string{"touch", "/test"},
-		},
-		t,
-	)
-	req, err := http.NewRequest("DELETE", "/containers/"+containerID, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	r := httptest.NewRecorder()
-	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r, t)
-	if r.Code != http.StatusNoContent {
-		t.Fatalf("%d NO CONTENT expected, received %d\n", http.StatusNoContent, r.Code)
-	}
-	containerAssertNotExists(eng, containerID, t)
-}
-
 func TestOptionsRoute(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkDaemonFromEngine(eng, t).Nuke()

From 91c66dc425fc4f40c13dc4f734763edb51920794 Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Tue, 8 Jul 2014 20:31:20 +0200
Subject: [PATCH 103/516] update CLI & api docs

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: 5ba11e6890e51fd01f674160473af3ac432622c5
Component: engine
---
 components/engine/docs/man/docker-rm.1.md       | 10 +++++++---
 .../sources/reference/api/docker_remote_api.md  |  8 ++++++++
 .../docs/sources/reference/commandline/cli.md   | 17 ++++++++++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/components/engine/docs/man/docker-rm.1.md b/components/engine/docs/man/docker-rm.1.md
index 1b45376976..f100ddb87c 100644
--- a/components/engine/docs/man/docker-rm.1.md
+++ b/components/engine/docs/man/docker-rm.1.md
@@ -6,7 +6,8 @@ docker-rm - Remove one or more containers
 
 # SYNOPSIS
 **docker rm**
-[**-f**|**--force**[=*false*]]
+[**-s**|**--stop**[=*false*]]
+[**-k**|**--kill**[=*false*]]
 [**-l**|**--link**[=*false*]]
 [**-v**|**--volumes**[=*false*]]
  CONTAINER [CONTAINER...]
@@ -19,8 +20,11 @@ remove a running container unless you use the \fB-f\fR option. To see all
 containers on a host use the **docker ps -a** command.
 
 # OPTIONS
-**-f**, **--force**=*true*|*false*
-   Force removal of running container. The default is *false*.
+**-s**, **--stop**=*true*|*false*
+   Stop then remove a running container. The default is *false*.
+
+**-k**, **--kill**=*true*|*false*
+   Kill then remove a running container. The default is *false*.
 
 **-l**, **--link**=*true*|*false*
    Remove the specified link and not the underlying container. The default is *false*.
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 92d3dfcb4c..dd0e358e51 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -42,6 +42,14 @@ You can still call an old version of the API using
 
 ### What's new
 
+`DELETE /containers/(id)`
+
+New! You can now use the `stop` parameter to stop running containers
+before removal (replace `force`).
+
+New! You can now use the `kill` parameter to kill running containers
+before removal.
+
 `GET /containers/(name)/json`
 
 **New!**
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 7ae1b30c0a..e9d21cac47 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -838,7 +838,8 @@ registry or to a self-hosted one.
 
     Remove one or more containers
 
-      -f, --force=false      Force removal of running container
+      -s, --stop=false       Stop and remove a running container
+      -k, --kill=false       Kill and remove a running container
       -l, --link=false       Remove the specified link and not the underlying container
       -v, --volumes=false    Remove the volumes associated with the container
 
@@ -863,6 +864,20 @@ This will remove the underlying link between `/webapp`
 and the `/redis` containers removing all
 network communication.
 
+    $ sudo docker rm --stop redis
+    redis
+ 
+The main process inside the container referenced under the link `/redis` will receive
+SIGTERM, and after a grace period, SIGKILL, then the container will be removed.
+
+    $ sudo docker rm --kill redis
+    redis
+
+The main process inside the container referenced under the link `/redis` will receive
+SIGKILL, then the container will be removed.
+
+NOTE: If you try to use `stop` and `kill` simultaneously, Docker will return an error.
+
     $ sudo docker rm $(docker ps -a -q)
 
 This command will delete all stopped containers. The command

From db8c3bf836cb77c7f14e7766efa03ef3831df6ad Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 11 Jul 2014 23:27:23 +0000
Subject: [PATCH 104/516] proper rebase

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: fe5ab5b058e33d2d8577f1803448078e8eb92345
Component: engine
---
 .../sources/reference/api/docker_remote_api.md  | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index dd0e358e51..04b750f4c5 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -34,6 +34,15 @@ You can still call an old version of the API using
 
 ### What's new
 
+`DELETE /containers/(id)`
+
+**New!**
+You can now use the `stop` parameter to stop running containers before removal
+(replace `force`).
+
+**New!**
+You can now use the `kill` parameter to kill running containers before removal.
+
 ## v1.13
 
 ### Full Documentation
@@ -42,14 +51,6 @@ You can still call an old version of the API using
 
 ### What's new
 
-`DELETE /containers/(id)`
-
-New! You can now use the `stop` parameter to stop running containers
-before removal (replace `force`).
-
-New! You can now use the `kill` parameter to kill running containers
-before removal.
-
 `GET /containers/(name)/json`
 
 **New!**

From ca489c2f494487af7d6a9bd3e5feb00a22270d5e Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 18:41:11 +0000
Subject: [PATCH 105/516] Basic --cap-add and --cap-drop support for native

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 94e6dc978134b61a2b30aa9118f98f6fadd10535
Component: engine
---
 components/engine/daemon/container.go         |  2 ++
 components/engine/daemon/execdriver/driver.go |  2 ++
 .../engine/daemon/execdriver/native/create.go | 20 +++++++++++++++++++
 components/engine/runconfig/hostconfig.go     |  2 ++
 components/engine/runconfig/parse.go          |  7 +++++++
 components/engine/utils/utils.go              |  9 +++++++++
 6 files changed, 42 insertions(+)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index aacd90a449..1efe511c85 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -254,6 +254,8 @@ func populateCommand(c *Container, env []string) error {
 		Resources:          resources,
 		AllowedDevices:     allowedDevices,
 		AutoCreatedDevices: autoCreatedDevices,
+		CapAdd:             c.hostConfig.CapAdd,
+		CapDrop:            c.hostConfig.CapDrop,
 	}
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
 	c.command.Env = env
diff --git a/components/engine/daemon/execdriver/driver.go b/components/engine/daemon/execdriver/driver.go
index a3d3bc260a..0efd4fe71b 100644
--- a/components/engine/daemon/execdriver/driver.go
+++ b/components/engine/daemon/execdriver/driver.go
@@ -140,6 +140,8 @@ type Command struct {
 	Mounts             []Mount             `json:"mounts"`
 	AllowedDevices     []*devices.Device   `json:"allowed_devices"`
 	AutoCreatedDevices []*devices.Device   `json:"autocreated_devices"`
+	CapAdd             []string            `json:"cap_add"`
+	CapDrop            []string            `json:"cap_drop"`
 
 	Terminal     Terminal `json:"-"`             // standard or tty terminal
 	Console      string   `json:"-"`             // dev/console path
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index f28507b046..bfcc078834 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -14,6 +14,7 @@ import (
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
+	"github.com/dotcloud/docker/utils"
 )
 
 // createContainer populates and configures the container type with the
@@ -42,6 +43,8 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
 		if err := d.setPrivileged(container); err != nil {
 			return nil, err
 		}
+	} else {
+		d.setCapabilities(container, c)
 	}
 
 	if err := d.setupCgroups(container, c); err != nil {
@@ -136,6 +139,23 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
 	return nil
 }
 
+func (d *driver) setCapabilities(container *libcontainer.Config, c *execdriver.Command) {
+	var caps []string
+	for _, cap := range container.Capabilities {
+		if !utils.StringsContains(c.CapDrop, cap) {
+			caps = append(caps, cap)
+		}
+	}
+
+	for _, cap := range c.CapAdd {
+		if !utils.StringsContains(caps, cap) {
+			caps = append(caps, cap)
+		}
+	}
+
+	container.Capabilities = caps
+}
+
 func (d *driver) setupCgroups(container *libcontainer.Config, c *execdriver.Command) error {
 	if c.Resources != nil {
 		container.Cgroups.CpuShares = c.Resources.CpuShares
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index f4aa69fe97..b10e103450 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -38,6 +38,8 @@ type HostConfig struct {
 	VolumesFrom     []string
 	Devices         []DeviceMapping
 	NetworkMode     NetworkMode
+	CapAdd          []string
+	CapDrop         []string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index f7d1d5963f..1574bf8f26 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -50,6 +50,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
 		flEnvFile     opts.ListOpts
+		flCapAdd      opts.ListOpts
+		flCapDrop     opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: run container in the background and print new container ID")
@@ -86,6 +88,9 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
 	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
+	cmd.Var(&flCapAdd, []string{"-cap-add"}, "Add Linux capability(ies)")
+	cmd.Var(&flCapDrop, []string{"-cap-drop"}, "Drop Linux capability(ies)")
+
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err
 	}
@@ -258,6 +263,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		VolumesFrom:     flVolumesFrom.GetAll(),
 		NetworkMode:     netMode,
 		Devices:         deviceMappings,
+		CapAdd:          flCapAdd.GetAll(),
+		CapDrop:         flCapDrop.GetAll(),
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index ef28aceca7..085f493032 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -907,3 +907,12 @@ func ValidateContextDirectory(srcPath string) error {
 	})
 	return finalError
 }
+
+func StringsContains(slice []string, s string) bool {
+	for _, ss := range slice {
+		if s == ss {
+			return true
+		}
+	}
+	return false
+}

From d4b6724355f6da5c0a78697f1a43775a5a76d7f7 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 19:31:01 +0000
Subject: [PATCH 106/516] Basic --cap-add and --cap-drop support for lxc

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 21059af3ac0136607dbb57c796f625cfbd045177
Component: engine
---
 components/engine/daemon/execdriver/driver.go   |  2 ++
 .../engine/daemon/execdriver/lxc/driver.go      |  8 ++++++++
 .../daemon/execdriver/lxc/lxc_init_linux.go     | 17 ++++++++++++++++-
 components/engine/sysinit/sysinit.go            |  9 +++++++--
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/execdriver/driver.go b/components/engine/daemon/execdriver/driver.go
index 0efd4fe71b..d52a2ac96c 100644
--- a/components/engine/daemon/execdriver/driver.go
+++ b/components/engine/daemon/execdriver/driver.go
@@ -60,6 +60,8 @@ type InitArgs struct {
 	Console    string
 	Pipe       int
 	Root       string
+	CapAdd     string
+	CapDrop    string
 }
 
 // Driver specific information based on
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 59daf1afe1..2faada2350 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -122,6 +122,14 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		params = append(params, "-w", c.WorkingDir)
 	}
 
+	if len(c.CapAdd) > 0 {
+		params = append(params, "-cap-add", strings.Join(c.CapAdd, " "))
+	}
+
+	if len(c.CapDrop) > 0 {
+		params = append(params, "-cap-drop", strings.Join(c.CapDrop, " "))
+	}
+
 	params = append(params, "--", c.Entrypoint)
 	params = append(params, c.Arguments...)
 
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 1fd497e9aa..6d636efb06 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -4,6 +4,7 @@ package lxc
 
 import (
 	"fmt"
+	"strings"
 	"syscall"
 
 	"github.com/docker/libcontainer/namespaces"
@@ -12,6 +13,7 @@ import (
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
 	"github.com/dotcloud/docker/pkg/system"
+	utils2 "github.com/dotcloud/docker/utils"
 )
 
 func setHostname(hostname string) error {
@@ -48,8 +50,21 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 			return fmt.Errorf("clear keep caps %s", err)
 		}
 
+		var caps []string
+		for _, cap := range container.Capabilities {
+			if !utils2.StringsContains(strings.Split(args.CapDrop, " "), cap) {
+				caps = append(caps, cap)
+			}
+		}
+
+		for _, cap := range strings.Split(args.CapAdd, " ") {
+			if !utils2.StringsContains(caps, cap) {
+				caps = append(caps, cap)
+			}
+		}
+
 		// drop all other capabilities
-		if err := capabilities.DropCapabilities(container.Capabilities); err != nil {
+		if err := capabilities.DropCapabilities(caps); err != nil {
 			return fmt.Errorf("drop capabilities %s", err)
 		}
 	}
diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go
index 62e89ce9e7..1b8746f02a 100644
--- a/components/engine/sysinit/sysinit.go
+++ b/components/engine/sysinit/sysinit.go
@@ -3,11 +3,12 @@ package sysinit
 import (
 	"flag"
 	"fmt"
+	"log"
+	"os"
+
 	"github.com/dotcloud/docker/daemon/execdriver"
 	_ "github.com/dotcloud/docker/daemon/execdriver/lxc"
 	_ "github.com/dotcloud/docker/daemon/execdriver/native"
-	"log"
-	"os"
 )
 
 func executeProgram(args *execdriver.InitArgs) error {
@@ -39,6 +40,8 @@ func SysInit() {
 		pipe       = flag.Int("pipe", 0, "sync pipe fd")
 		console    = flag.String("console", "", "console (pty slave) path")
 		root       = flag.String("root", ".", "root path for configuration files")
+		capAdd     = flag.String("cap-add", "", "capabilities to add")
+		capDrop    = flag.String("cap-drop", "", "capabilities to drop")
 	)
 	flag.Parse()
 
@@ -54,6 +57,8 @@ func SysInit() {
 		Console:    *console,
 		Pipe:       *pipe,
 		Root:       *root,
+		CapAdd:     *capAdd,
+		CapDrop:    *capDrop,
 	}
 
 	if err := executeProgram(args); err != nil {

From 986cb2347f6c5425e862dd845ee7e596ed3bdb51 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 21:51:15 +0000
Subject: [PATCH 107/516] fix job and add tests

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 8344b6d7368b90c567f43e0c17d4495e2e7b12f5
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 30 +++++++++++++++++++
 components/engine/runconfig/hostconfig.go     |  6 ++++
 2 files changed, 36 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index cf0f4b7e3d..e813ec6a7d 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -783,6 +783,36 @@ func TestUnPrivilegedCanMknod(t *testing.T) {
 	logDone("run - test un-privileged can mknod")
 }
 
+func TestCapDropCannotMknod(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		t.Fatalf("expected output not ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-drop=MKNOD cannot mknod")
+}
+
+func TestCapAddCanDownInterface(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		t.Fatalf("expected output ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-add=NET_ADMIN can set eth0 down")
+}
+
 func TestPrivilegedCanMount(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
 
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index b10e103450..c68f764588 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -67,5 +67,11 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
 		hostConfig.VolumesFrom = VolumesFrom
 	}
+	if CapAdd := job.GetenvList("CapAdd"); CapAdd != nil {
+		hostConfig.CapAdd = CapAdd
+	}
+	if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
+		hostConfig.CapDrop = CapDrop
+	}
 	return hostConfig
 }

From 2032a7ad932b4f1a71268d77bbb36852494dd66f Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 22:11:35 +0000
Subject: [PATCH 108/516] small refactoring

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: f3ff323fb364495617de3e43f2d09a145a4f2ee3
Component: engine
---
 .../daemon/execdriver/lxc/lxc_init_linux.go   | 14 +-------------
 .../engine/daemon/execdriver/native/create.go | 16 +---------------
 components/engine/daemon/execdriver/utils.go  | 19 +++++++++++++++++++
 3 files changed, 21 insertions(+), 28 deletions(-)
 create mode 100644 components/engine/daemon/execdriver/utils.go

diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 6d636efb06..0117b9dbef 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -13,7 +13,6 @@ import (
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
 	"github.com/dotcloud/docker/pkg/system"
-	utils2 "github.com/dotcloud/docker/utils"
 )
 
 func setHostname(hostname string) error {
@@ -50,18 +49,7 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 			return fmt.Errorf("clear keep caps %s", err)
 		}
 
-		var caps []string
-		for _, cap := range container.Capabilities {
-			if !utils2.StringsContains(strings.Split(args.CapDrop, " "), cap) {
-				caps = append(caps, cap)
-			}
-		}
-
-		for _, cap := range strings.Split(args.CapAdd, " ") {
-			if !utils2.StringsContains(caps, cap) {
-				caps = append(caps, cap)
-			}
-		}
+		caps := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " "))
 
 		// drop all other capabilities
 		if err := capabilities.DropCapabilities(caps); err != nil {
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index bfcc078834..b735151eb5 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -14,7 +14,6 @@ import (
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
-	"github.com/dotcloud/docker/utils"
 )
 
 // createContainer populates and configures the container type with the
@@ -140,20 +139,7 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
 }
 
 func (d *driver) setCapabilities(container *libcontainer.Config, c *execdriver.Command) {
-	var caps []string
-	for _, cap := range container.Capabilities {
-		if !utils.StringsContains(c.CapDrop, cap) {
-			caps = append(caps, cap)
-		}
-	}
-
-	for _, cap := range c.CapAdd {
-		if !utils.StringsContains(caps, cap) {
-			caps = append(caps, cap)
-		}
-	}
-
-	container.Capabilities = caps
+	container.Capabilities = execdriver.TweakCapabilities(container.Capabilities, c.CapAdd, c.CapDrop)
 }
 
 func (d *driver) setupCgroups(container *libcontainer.Config, c *execdriver.Command) error {
diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
new file mode 100644
index 0000000000..7ca12a596b
--- /dev/null
+++ b/components/engine/daemon/execdriver/utils.go
@@ -0,0 +1,19 @@
+package execdriver
+
+import "github.com/dotcloud/docker/utils"
+
+func TweakCapabilities(basics, adds, drops []string) []string {
+	var caps []string
+	for _, cap := range basics {
+		if !utils.StringsContains(drops, cap) {
+			caps = append(caps, cap)
+		}
+	}
+
+	for _, cap := range adds {
+		if !utils.StringsContains(caps, cap) {
+			caps = append(caps, cap)
+		}
+	}
+	return caps
+}

From 669e2fe4795e629dfdac1bef4b555aee6c361391 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 22:31:01 +0000
Subject: [PATCH 109/516] add basic support for 'all'

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 222a6f44016451dcbd2da0003e64521c06e88ba9
Component: engine
---
 components/engine/daemon/execdriver/utils.go  | 21 +++++++++----
 .../integration-cli/docker_cli_run_test.go    | 30 +++++++++++++++++++
 components/engine/utils/utils.go              |  4 +--
 3 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index 7ca12a596b..4188b9bf07 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -1,17 +1,28 @@
 package execdriver
 
-import "github.com/dotcloud/docker/utils"
+import (
+	"strings"
+
+	"github.com/docker/libcontainer/security/capabilities"
+	"github.com/dotcloud/docker/utils"
+)
 
 func TweakCapabilities(basics, adds, drops []string) []string {
 	var caps []string
-	for _, cap := range basics {
-		if !utils.StringsContains(drops, cap) {
-			caps = append(caps, cap)
+	if !utils.StringsContainsNoCase(drops, "all") {
+		for _, cap := range basics {
+			if !utils.StringsContainsNoCase(drops, cap) {
+				caps = append(caps, cap)
+			}
 		}
 	}
 
 	for _, cap := range adds {
-		if !utils.StringsContains(caps, cap) {
+		if strings.ToLower(cap) == "all" {
+			caps = capabilities.GetAllCapabilities()
+			break
+		}
+		if !utils.StringsContainsNoCase(caps, cap) {
 			caps = append(caps, cap)
 		}
 	}
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index e813ec6a7d..d4832638b7 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -798,6 +798,21 @@ func TestCapDropCannotMknod(t *testing.T) {
 	logDone("run - test --cap-drop=MKNOD cannot mknod")
 }
 
+func TestCapDropALLCannotMknod(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		t.Fatalf("expected output not ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-drop=ALL cannot mknod")
+}
+
 func TestCapAddCanDownInterface(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
@@ -813,6 +828,21 @@ func TestCapAddCanDownInterface(t *testing.T) {
 	logDone("run - test --cap-add=NET_ADMIN can set eth0 down")
 }
 
+func TestCapAddALLCanDownInterface(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		t.Fatalf("expected output ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-add=ALL can set eth0 down")
+}
+
 func TestPrivilegedCanMount(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
 
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 085f493032..0d44ec0f72 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -908,9 +908,9 @@ func ValidateContextDirectory(srcPath string) error {
 	return finalError
 }
 
-func StringsContains(slice []string, s string) bool {
+func StringsContainsNoCase(slice []string, s string) bool {
 	for _, ss := range slice {
-		if s == ss {
+		if strings.ToLower(s) == strings.ToLower(ss) {
 			return true
 		}
 	}

From 5201bb5120974a211cebcfd1276a9f8e28497459 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 23:02:39 +0000
Subject: [PATCH 110/516] support add and drop in both order

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 064b5f870db39e33f18d6dd405f2bdab98255ef7
Component: engine
---
 components/engine/daemon/execdriver/utils.go  |  8 +++--
 .../integration-cli/docker_cli_run_test.go    | 30 +++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index 4188b9bf07..c3e856e32e 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -9,6 +9,11 @@ import (
 
 func TweakCapabilities(basics, adds, drops []string) []string {
 	var caps []string
+
+	if utils.StringsContainsNoCase(adds, "all") {
+		basics = capabilities.GetAllCapabilities()
+	}
+
 	if !utils.StringsContainsNoCase(drops, "all") {
 		for _, cap := range basics {
 			if !utils.StringsContainsNoCase(drops, cap) {
@@ -19,8 +24,7 @@ func TweakCapabilities(basics, adds, drops []string) []string {
 
 	for _, cap := range adds {
 		if strings.ToLower(cap) == "all" {
-			caps = capabilities.GetAllCapabilities()
-			break
+			continue
 		}
 		if !utils.StringsContainsNoCase(caps, cap) {
 			caps = append(caps, cap)
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index d4832638b7..32af41f4e7 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -813,6 +813,21 @@ func TestCapDropALLCannotMknod(t *testing.T) {
 	logDone("run - test --cap-drop=ALL cannot mknod")
 }
 
+func TestCapDropALLAddMknodCannotMknod(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL --cap-add=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual != "ok" {
+		t.Fatalf("expected output ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-drop=ALL --cap-add=MKNOD can mknod")
+}
+
 func TestCapAddCanDownInterface(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
@@ -843,6 +858,21 @@ func TestCapAddALLCanDownInterface(t *testing.T) {
 	logDone("run - test --cap-add=ALL can set eth0 down")
 }
 
+func TestCapAddALLDropNetAdminCanDownInterface(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL --cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		t.Fatalf("expected output not ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-add=ALL --cap-drop=NET_ADMIN cannot set eth0 down")
+}
+
 func TestPrivilegedCanMount(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok")
 

From e7f2c9317d03d455ae325c28f567025b65158a43 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 23:38:11 +0000
Subject: [PATCH 111/516] add check for invalid caps

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: c04230c42b7a953ffe50bc37d351f86e80a442e6
Component: engine
---
 .../daemon/execdriver/lxc/lxc_init_linux.go   |  5 ++-
 .../engine/daemon/execdriver/native/create.go |  9 ++--
 components/engine/daemon/execdriver/utils.go  | 41 ++++++++++++++++---
 .../integration-cli/docker_cli_run_test.go    | 24 ++++++++++-
 4 files changed, 67 insertions(+), 12 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 0117b9dbef..40956e442b 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -49,7 +49,10 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 			return fmt.Errorf("clear keep caps %s", err)
 		}
 
-		caps := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " "))
+		caps, err := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " "))
+		if err != nil {
+			return err
+		}
 
 		// drop all other capabilities
 		if err := capabilities.DropCapabilities(caps); err != nil {
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index b735151eb5..13f81c7180 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -43,7 +43,9 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
 			return nil, err
 		}
 	} else {
-		d.setCapabilities(container, c)
+		if err := d.setCapabilities(container, c); err != nil {
+			return nil, err
+		}
 	}
 
 	if err := d.setupCgroups(container, c); err != nil {
@@ -138,8 +140,9 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
 	return nil
 }
 
-func (d *driver) setCapabilities(container *libcontainer.Config, c *execdriver.Command) {
-	container.Capabilities = execdriver.TweakCapabilities(container.Capabilities, c.CapAdd, c.CapDrop)
+func (d *driver) setCapabilities(container *libcontainer.Config, c *execdriver.Command) (err error) {
+	container.Capabilities, err = execdriver.TweakCapabilities(container.Capabilities, c.CapAdd, c.CapDrop)
+	return err
 }
 
 func (d *driver) setupCgroups(container *libcontainer.Config, c *execdriver.Command) error {
diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index c3e856e32e..90c5177421 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -1,34 +1,63 @@
 package execdriver
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/dotcloud/docker/utils"
 )
 
-func TweakCapabilities(basics, adds, drops []string) []string {
-	var caps []string
+func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
+	var (
+		newCaps []string
+		allCaps = capabilities.GetAllCapabilities()
+	)
 
+	// look for invalid cap in the drop list
+	for _, cap := range drops {
+		if strings.ToLower(cap) == "all" {
+			continue
+		}
+		if !utils.StringsContainsNoCase(allCaps, cap) {
+			return nil, fmt.Errorf("Unknown capability: %s", cap)
+		}
+	}
+
+	// handle --cap-add=all
 	if utils.StringsContainsNoCase(adds, "all") {
 		basics = capabilities.GetAllCapabilities()
 	}
 
 	if !utils.StringsContainsNoCase(drops, "all") {
 		for _, cap := range basics {
+			// skip `all` aready handled above
+			if strings.ToLower(cap) == "all" {
+				continue
+			}
+
+			// if we don't drop `all`, add back all the non-dropped caps
 			if !utils.StringsContainsNoCase(drops, cap) {
-				caps = append(caps, cap)
+				newCaps = append(newCaps, cap)
 			}
 		}
 	}
 
 	for _, cap := range adds {
+		// skip `all` aready handled above
 		if strings.ToLower(cap) == "all" {
 			continue
 		}
-		if !utils.StringsContainsNoCase(caps, cap) {
-			caps = append(caps, cap)
+
+		// look for invalid cap in the drop list
+		if !utils.StringsContainsNoCase(allCaps, cap) {
+			return nil, fmt.Errorf("Unknown capability: %s", cap)
+		}
+
+		// add cap if not already in the list
+		if !utils.StringsContainsNoCase(newCaps, cap) {
+			newCaps = append(newCaps, cap)
 		}
 	}
-	return caps
+	return newCaps, nil
 }
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 32af41f4e7..dba8e7fe28 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -783,6 +783,16 @@ func TestUnPrivilegedCanMknod(t *testing.T) {
 	logDone("run - test un-privileged can mknod")
 }
 
+func TestCapDropInvalid(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=CHPASS", "busybox", "ls")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	logDone("run - test --cap-drop=CHPASS invalid")
+}
+
 func TestCapDropCannotMknod(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--cap-drop=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
@@ -814,7 +824,7 @@ func TestCapDropALLCannotMknod(t *testing.T) {
 }
 
 func TestCapDropALLAddMknodCannotMknod(t *testing.T) {
-	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL --cap-add=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "--cap-add=MKNOD", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
 	if err != nil {
 		t.Fatal(err, out)
@@ -828,6 +838,16 @@ func TestCapDropALLAddMknodCannotMknod(t *testing.T) {
 	logDone("run - test --cap-drop=ALL --cap-add=MKNOD can mknod")
 }
 
+func TestCapAddInvalid(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-add=CHPASS", "busybox", "ls")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	logDone("run - test --cap-add=CHPASS invalid")
+}
+
 func TestCapAddCanDownInterface(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--cap-add=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
@@ -859,7 +879,7 @@ func TestCapAddALLCanDownInterface(t *testing.T) {
 }
 
 func TestCapAddALLDropNetAdminCanDownInterface(t *testing.T) {
-	cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL --cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
+	cmd := exec.Command(dockerBinary, "run", "--cap-add=ALL", "--cap-drop=NET_ADMIN", "busybox", "sh", "-c", "ip link set eth0 down && echo ok")
 	out, _, err := runCommandWithOutput(cmd)
 	if err == nil {
 		t.Fatal(err, out)

From c802db49a3f46d70ccdd2e96cc303ee42fc3ba14 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 10 Jul 2014 23:50:45 +0000
Subject: [PATCH 112/516] add doc

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: e7d9854414ed77765db49af136533871ba443f3c
Component: engine
---
 components/engine/docs/sources/reference/run.md | 16 ++++++++++++++--
 components/engine/runconfig/parse.go            |  4 ++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index 1bd70e83f0..202d561df3 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -55,7 +55,7 @@ following options.
  - [Network Settings](#network-settings)
  - [Clean Up (--rm)](#clean-up-rm)
  - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory)
- - [Runtime Privilege and LXC Configuration](#runtime-privilege-and-lxc-configuration)
+ - [Runtime Privilege, Linux Capabilities, and LXC Configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration)
 
 ## Detached vs Foreground
 
@@ -222,8 +222,10 @@ get the same proportion of CPU cycles, but you can tell the kernel to
 give more shares of CPU time to one or more containers when you start
 them via Docker.
 
-## Runtime Privilege and LXC Configuration
+## Runtime Privilege, Linux Capabilities, and LXC Configuration
 
+    --cap-add: Add Linux capabilities
+    --cap-drop: Drop Linux capabilities
     --privileged=false: Give extended privileges to this container
     --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
 
@@ -242,6 +244,16 @@ host as processes running outside containers on the host. Additional
 information about running with `--privileged` is available on the
 [Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
 
+In addition to `--privileged` the operator can have fine grain control over the
+capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
+list of capabilities that are kept. Both flags support the value `all`, so if the
+operator wants to have all capabilities but `MKNOD` they could use:
+
+    $ docker run --cap-add=ALL --cap-drop=MKNOD ...
+
+For interacting with the network stack, instead of using `--privileged` they
+should use `--cap-add=NET_ADMIN` to modify the network interfaces.
+
 If the Docker daemon was started using the `lxc` exec-driver
 (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options
 using one or more `--lxc-conf` parameters. These can be new parameters or
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 1574bf8f26..3e52007544 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -88,8 +88,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
 	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
-	cmd.Var(&flCapAdd, []string{"-cap-add"}, "Add Linux capability(ies)")
-	cmd.Var(&flCapDrop, []string{"-cap-drop"}, "Drop Linux capability(ies)")
+	cmd.Var(&flCapAdd, []string{"-cap-add"}, "Add Linux capabilities")
+	cmd.Var(&flCapDrop, []string{"-cap-drop"}, "Drop Linux capabilities")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err

From 76bdfebd468dfb6b4d442417380f0d59e8bd887c Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 11 Jul 2014 23:24:44 +0000
Subject: [PATCH 113/516] update api doc

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 6bb27f18d19201d8c0b3c509151935308c001c22
Component: engine
---
 .../docs/sources/reference/api/docker_remote_api.md       | 6 ++++++
 .../docs/sources/reference/api/docker_remote_api_v1.14.md | 8 ++++++--
 components/engine/docs/sources/reference/run.md           | 2 +-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 04b750f4c5..c2916e5de0 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -43,6 +43,12 @@ You can now use the `stop` parameter to stop running containers before removal
 **New!**
 You can now use the `kill` parameter to kill running containers before removal.
 
+`POST /containers/(id)/start`
+
+**New!**
+The `hostConfig` option now accepts the field `CapAdd`, which specifies a list of capabilities
+to add, and the field `CapDrop`, which specifies a list of capabilities to drop.
+
 ## v1.13
 
 ### Full Documentation
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index c2f897ebef..bdc4fc5a4b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -241,7 +241,9 @@ Return low-level information on the container `id`
                             ]
                          },
                          "Links": ["/name:alias"],
-                         "PublishAllPorts": false
+                         "PublishAllPorts": false,
+                         "CapAdd: ["NET_ADMIN"],
+                         "CapDrop: ["MKNOD"]
                      }
         }
 
@@ -410,7 +412,9 @@ Start the container `id`
              "PublishAllPorts":false,
              "Privileged":false,
              "Dns": ["8.8.8.8"],
-             "VolumesFrom": ["parent", "other:ro"]
+             "VolumesFrom": ["parent", "other:ro"],
+             "CapAdd: ["NET_ADMIN"],
+             "CapDrop: ["MKNOD"]
         }
 
     **Example response**:
diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index 202d561df3..f8ced8d734 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -244,7 +244,7 @@ host as processes running outside containers on the host. Additional
 information about running with `--privileged` is available on the
 [Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/).
 
-In addition to `--privileged` the operator can have fine grain control over the
+In addition to `--privileged`, the operator can have fine grain control over the
 capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
 list of capabilities that are kept. Both flags support the value `all`, so if the
 operator wants to have all capabilities but `MKNOD` they could use:

From e35798d6ab55e7d007d6f658d1b353a59a15430b Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Fri, 11 Jul 2014 19:50:25 -0400
Subject: [PATCH 114/516] Rewrote the ENTRYPOINT section in builder

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: b2ba1a9ce5709ee6f143b79bd543f95a4aa03c14
Component: engine
---
 .../engine/docs/sources/reference/builder.md  | 52 +++++++++++--------
 1 file changed, 29 insertions(+), 23 deletions(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index da7f3ebff2..58854f5aa3 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -374,41 +374,47 @@ The copy obeys the following rules:
 ENTRYPOINT has two forms:
 
 - `ENTRYPOINT ["executable", "param1", "param2"]`
-  (like an *exec*, preferred form)
+  (like an *exec*, the preferred form)
 - `ENTRYPOINT command param1 param2`
   (as a *shell*)
 
-There can only be one `ENTRYPOINT` in a Dockerfile. If you have more than one
-`ENTRYPOINT`, then only the last one in the Dockerfile will have an effect.
+There can only be one `ENTRYPOINT` in a `Dockerfile`. If you have more
+than one `ENTRYPOINT`, then only the last one in the `Dockerfile` will
+have an effect.
 
-An `ENTRYPOINT` helps you to configure a container that you can run as an
-executable. That is, when you specify an `ENTRYPOINT`, then the whole container
-runs as if it was just that executable.
+An `ENTRYPOINT` helps you to configure a container that you can run as
+an executable. That is, when you specify an `ENTRYPOINT`, then the whole
+container runs as if it was just that executable.
 
-The `ENTRYPOINT` instruction adds an entry command that will **not** be
-overwritten when arguments are passed to `docker run`, unlike the behavior
-of `CMD`. This allows arguments to be passed to the entrypoint. i.e. 
-`docker run <image> -d` will pass the "-d" argument to the ENTRYPOINT.
+Unlike the behavior of the `CMD` instruction, The `ENTRYPOINT`
+instruction adds an entry command that will **not** be overwritten when
+arguments are passed to `docker run`. This allows arguments to be passed
+to the entry point, i.e.  `docker run <image> -d` will pass the `-d`
+argument to the entry point.
 
-You can specify parameters either in the ENTRYPOINT JSON array (as in
-"like an exec" above), or by using a CMD statement. Parameters in the
-ENTRYPOINT will not be overridden by the `docker run`
-arguments, but parameters specified via CMD will be overridden
-by `docker run` arguments.
+You can specify parameters either in the `ENTRYPOINT` JSON array (as in
+"like an exec" above), or by using a `CMD` instruction. Parameters in
+the `ENTRYPOINT` instruction will not be overridden by the `docker run`
+arguments, but parameters specified via a `CMD` instruction will be
+overridden by `docker run` arguments.
 
-Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it will
-execute in `/bin/sh -c`:
+Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it
+will execute in `/bin/sh -c`:
 
     FROM ubuntu
-    ENTRYPOINT wc -l -
+    ENTRYPOINT ls -l
 
-For example, that Dockerfile's image will *always* take STDIN as input
-("-") and print the number of lines ("-l"). If you wanted to make this
-optional but default, you could use a CMD:
+For example, that `Dockerfile`'s image will *always* take a directory as
+an input and return a directory listing. If you wanted to make this
+optional but default, you could use a `CMD` instruction:
 
     FROM ubuntu
-    CMD ["-l", "-"]
-    ENTRYPOINT ["/usr/bin/wc"]
+    CMD ["-l"]
+    ENTRYPOINT ["/usr/bin/ls"]
+
+> **Note**:
+> It is preferable to use the JSON array format for specifying
+> `ENTRYPOINT` instructions.
 
 ## VOLUME
 

From 66134747fb91db06d837d714fea2e05c3f2cd591 Mon Sep 17 00:00:00 2001
From: Adrien Folie <folie.adrien@gmail.com>
Date: Sat, 12 Jul 2014 06:33:43 +0200
Subject: [PATCH 115/516] add missing docs for rm

Docker-DCO-1.1-Signed-off-by: Adrien Folie <folie.adrien@gmail.com> (github: folieadrien)
Upstream-commit: 88326e9b91435d2183f943a2905fa516d0b5d78e
Component: engine
---
 .../docs/sources/reference/api/docker_remote_api_v1.14.md   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index c2f897ebef..1d75b88588 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -675,8 +675,10 @@ Remove the container `id` from the filesystem
 
     -   **v** – 1/True/true or 0/False/false, Remove the volumes
         associated to the container. Default false
-    -   **force** – 1/True/true or 0/False/false, Removes the container
-        even if it was running. Default false
+    -   **stop** – 1/True/true or 0/False/false, Stop then remove the container.
+        Default false
+    -   **kill** - 1/True/true or 0/False/false, Kill then remove the container.
+        Default false
 
     Status Codes:
 

From f47a491cb1b39caeeefcd66754cc9c071fe6e7c4 Mon Sep 17 00:00:00 2001
From: Ian Babrou <ibobrik@gmail.com>
Date: Sat, 12 Jul 2014 13:38:33 +0400
Subject: [PATCH 116/516] Skipping empty lines in .dockerignore

Docker-DCO-1.1-Signed-off-by: Ian Babrou <ibobrik@gmail.com> (github: bobrik)
Upstream-commit: 1a1ee73e38eb54f9b5a3fd03f98c4bb80dde1bbb
Component: engine
---
 components/engine/api/client/commands.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 787a2bdc7d..4e196d11a2 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -171,6 +171,10 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 			return fmt.Errorf("Error reading .dockerignore: '%s'", err)
 		} else if err == nil {
 			for _, pattern := range strings.Split(string(ignore), "\n") {
+				if pattern == "" {
+					continue
+				}
+
 				ok, err := filepath.Match(pattern, "Dockerfile")
 				if err != nil {
 					utils.Errorf("Bad .dockerignore pattern: '%s', error: %s", pattern, err)

From 5bb5de48d29da900ae6820800974b6d42d31b393 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Fri, 11 Jul 2014 14:22:01 -0400
Subject: [PATCH 117/516] docker daemon: initialize the daemon pidfile early

fixes https://github.com/dotcloud/docker/issues/6973

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 848e837698922fed0fa67930aa0b56a96b1b832d
Component: engine
---
 components/engine/builtins/builtins.go |  3 +++
 components/engine/docker/docker.go     | 10 ++++++++++
 components/engine/server/server.go     | 18 +++++++++++-------
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index 3fa06510d0..bac130c8df 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -50,6 +50,9 @@ func remote(eng *engine.Engine) error {
 // These components should be broken off into plugins of their own.
 //
 func daemon(eng *engine.Engine) error {
+	if err := eng.Register("initserverpidfile", server.InitPidfile); err != nil {
+		return err
+	}
 	if err := eng.Register("initserver", server.InitServer); err != nil {
 		return err
 	}
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index e21d0a4d70..d0a2ea33af 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -149,12 +149,22 @@ func main() {
 		if err := builtins.Register(eng); err != nil {
 			log.Fatal(err)
 		}
+
+		// handle the pidfile early. https://github.com/dotcloud/docker/issues/6973
+		if len(*pidfile) > 0 {
+			job := eng.Job("initserverpidfile", *pidfile)
+			if err := job.Run(); err != nil {
+				log.Fatal(err)
+			}
+		}
+
 		// load the daemon in the background so we can immediately start
 		// the http api so that connections don't fail while the daemon
 		// is booting
 		go func() {
 			// Load plugin: httpapi
 			job := eng.Job("initserver")
+			// include the variable here too, for the server config
 			job.Setenv("Pidfile", *pidfile)
 			job.Setenv("Root", realRoot)
 			job.SetenvBool("AutoRestart", *flAutoRestart)
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 40995da5c4..6cabdc34c2 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -72,6 +72,17 @@ func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
 	}
 }
 
+func InitPidfile(job *engine.Job) engine.Status {
+	if len(job.Args) == 0 {
+		return job.Error(fmt.Errorf("no pidfile provided to initialize"))
+	}
+	job.Logf("Creating pidfile")
+	if err := utils.CreatePidFile(job.Args[0]); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
 // jobInitApi runs the remote api server `srv` as a daemon,
 // Only one api server can run at the same time - this is enforced by a pidfile.
 // The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
@@ -81,13 +92,6 @@ func InitServer(job *engine.Job) engine.Status {
 	if err != nil {
 		return job.Error(err)
 	}
-	if srv.daemon.Config().Pidfile != "" {
-		job.Logf("Creating pidfile")
-		if err := utils.CreatePidFile(srv.daemon.Config().Pidfile); err != nil {
-			// FIXME: do we need fatal here instead of returning a job error?
-			log.Fatal(err)
-		}
-	}
 	job.Logf("Setting up signal traps")
 	c := make(chan os.Signal, 1)
 	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)

From 74b5628fb66eac43b06664e2adcf13fb0770702a Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Fri, 11 Jul 2014 22:28:36 -0400
Subject: [PATCH 118/516] General cleanup of the builder.md file

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: 07d93c6e34fb3524add4424f7753253d2501a598
Component: engine
---
 .../engine/docs/sources/reference/builder.md  | 150 +++++++++---------
 1 file changed, 75 insertions(+), 75 deletions(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 58854f5aa3..57ddb52984 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -4,15 +4,17 @@ page_keywords: builder, docker, Dockerfile, automation, image creation
 
 # Dockerfile Reference
 
-**Docker can act as a builder** and read instructions from a text *Dockerfile*
-to automate the steps you would otherwise take manually to create an image.
-Executing `docker build` will run your steps and commit them along the way,
-giving you a final image.
+**Docker can build images automatically** by reading the instructions
+from a `Dockerfile`. A `Dockerfile` is a text document that contains all
+the commands you would normally execute manually in order to build a
+Docker image. By calling `docker build` from your terminal, you can have
+Docker build your image step by step, executing the instructions
+successively.
 
 ## Usage
 
 To [*build*](../commandline/cli/#cli-build) an image from a source repository,
-create a description file called Dockerfile at the root of your repository.
+create a description file called `Dockerfile` at the root of your repository.
 This file will describe the steps to assemble the image.
 
 Then call `docker build` with the path of your source repository as the argument
@@ -55,13 +57,12 @@ accelerating `docker build` significantly (indicated by `Using cache`):
      ---> 1a5ffc17324d
     Successfully built 1a5ffc17324d
 
-When you're done with your build, you're ready to look into
-[*Pushing a repository to its registry*](
-/userguide/dockerrepos/#image-push).
+When you're done with your build, you're ready to look into [*Pushing a
+repository to its registry*]( /userguide/dockerrepos/#image-push).
 
 ## Format
 
-Here is the format of the Dockerfile:
+Here is the format of the `Dockerfile`:
 
     # Comment
     INSTRUCTION arguments
@@ -69,8 +70,8 @@ Here is the format of the Dockerfile:
 The Instruction is not case-sensitive, however convention is for them to
 be UPPERCASE in order to distinguish them from arguments more easily.
 
-Docker evaluates the instructions in a Dockerfile in order. **The first
-instruction must be \`FROM\`** in order to specify the [*Base
+Docker runs the instructions in a `Dockerfile` in order. **The
+first instruction must be \`FROM\`** in order to specify the [*Base
 Image*](/terms/image/#base-image-def) from which you are building.
 
 Docker will treat lines that *begin* with `#` as a
@@ -80,10 +81,10 @@ be treated as an argument. This allows statements like:
     # Comment
     RUN echo 'we are running some # of cool things'
 
-Here is the set of instructions you can use in a Dockerfile
-for building images.
+Here is the set of instructions you can use in a `Dockerfile` for building
+images.
 
-## .dockerignore
+## The `.dockerignore` file
 
 If a file named `.dockerignore` exists in the source repository, then it
 is interpreted as a newline-separated list of exclusion patterns.
@@ -124,15 +125,15 @@ Or
     FROM <image>:<tag>
 
 The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def)
-for subsequent instructions. As such, a valid Dockerfile must have `FROM` as
+for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as
 its first instruction. The image can be any valid image – it is especially easy
 to start by **pulling an image** from the [*Public Repositories*](
 /userguide/dockerrepos/#using-public-repositories).
 
-`FROM` must be the first non-comment instruction in the Dockerfile.
+`FROM` must be the first non-comment instruction in the `Dockerfile`.
 
-`FROM` can appear multiple times within a single Dockerfile in order to create
-multiple images. Simply make a note of the last image id output by the commit
+`FROM` can appear multiple times within a single `Dockerfile` in order to create
+multiple images. Simply make a note of the last image ID output by the commit
 before each new `FROM` command.
 
 If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the
@@ -154,7 +155,7 @@ RUN has 2 forms:
 
 The `RUN` instruction will execute any commands in a new layer on top of the
 current image and commit the results. The resulting committed image will be
-used for the next step in the Dockerfile.
+used for the next step in the `Dockerfile`.
 
 Layering `RUN` instructions and generating commits conforms to the core
 concepts of Docker where commits are cheap and containers can be created from
@@ -163,11 +164,11 @@ any point in an image's history, much like source control.
 The *exec* form makes it possible to avoid shell string munging, and to `RUN`
 commands using a base image that does not contain `/bin/sh`.
 
-The cache for `RUN` instructions isn't invalidated automatically during the
-next build. The cache for an instruction like `RUN apt-get dist-upgrade -y`
-will be reused during the next build.
-The cache for `RUN` instructions can be invalidated by using the `--no-cache`
-flag, for example `docker build --no-cache`.
+The cache for `RUN` instructions isn't invalidated automatically during
+the next build. The cache for an instruction like `RUN apt-get
+dist-upgrade -y` will be reused during the next build.  The cache for
+`RUN` instructions can be invalidated by using the `--no-cache` flag,
+for example `docker build --no-cache`.
 
 The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
 [below](#add) for details.
@@ -178,28 +179,27 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
   permissions problems that can occur when using the AUFS file system. You
   might notice it during an attempt to `rm` a file, for example. The issue
   describes a workaround.
-- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale will
-  not be set automatically.
 
 ## CMD
 
-CMD has three forms:
+The `CMD` instruction has three forms:
 
 - `CMD ["executable","param1","param2"]` (like an *exec*, this is the preferred form)
 - `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*)
 - `CMD command param1 param2` (as a *shell*)
 
-There can only be one CMD in a Dockerfile. If you list more than one CMD
-then only the last CMD will take effect.
+There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD`
+then only the last `CMD` will take effect.
 
-**The main purpose of a CMD is to provide defaults for an executing
+**The main purpose of a `CMD` is to provide defaults for an executing
 container.** These defaults can include an executable, or they can omit
-the executable, in which case you must specify an ENTRYPOINT as well.
+the executable, in which case you must specify an `ENTRYPOINT`
+instruction as well.
 
 When used in the shell or exec formats, the `CMD` instruction sets the command
 to be executed when running the image.
 
-If you use the *shell* form of the CMD, then the `<command>` will execute in
+If you use the *shell* form of the `CMD`, then the `<command>` will execute in
 `/bin/sh -c`:
 
     FROM ubuntu
@@ -207,7 +207,7 @@ If you use the *shell* form of the CMD, then the `<command>` will execute in
 
 If you want to **run your** `<command>` **without a shell** then you must
 express the command as a JSON array and give the full path to the executable.
-**This array form is the preferred format of CMD.** Any additional parameters
+**This array form is the preferred format of `CMD`.** Any additional parameters
 must be individually expressed as strings in the array:
 
     FROM ubuntu
@@ -218,7 +218,7 @@ you should consider using `ENTRYPOINT` in combination with `CMD`. See
 [*ENTRYPOINT*](#entrypoint).
 
 If the user specifies arguments to `docker run` then they will override the
-default specified in CMD.
+default specified in `CMD`.
 
 > **Note**:
 > don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits
@@ -264,24 +264,23 @@ being built (also called the *context* of the build) or a remote file URL.
 `<dest>` is the absolute path to which the source will be copied inside the
 destination container.
 
-All new files and directories are created with a uid and gid of 0.
+All new files and directories are created with a UID and GID of 0.
 
-In the case where `<src>` is a remote file URL, the destination will have permissions 600.
+In the case where `<src>` is a remote file URL, the destination will
+have permissions of 600.
 
 > **Note**:
-> If you build by passing a Dockerfile through STDIN (`docker build - < somefile`),
-> there is no build context, so the Dockerfile can only contain a URL
-> based ADD statement.
+> If you build by passing a `Dockerfile` through STDIN (`docker
+> build - < somefile`), there is no build context, so the `Dockerfile`
+> can only contain a URL based `ADD` instruction. You can also pass a
+> compressed archive through STDIN: (`docker build - < archive.tar.gz`),
+> the `Dockerfile` at the root of the archive and the rest of the
+> archive will get used at the context of the build.
 
-> You can also pass a compressed archive through STDIN:
-> (`docker build - < archive.tar.gz`), the `Dockerfile` at the root of
-> the archive and the rest of the archive will get used at the context
-> of the build.
->
 > **Note**:
-> If your URL files are protected using authentication, you will need to
-> use `RUN wget` , `RUN curl`
-> or use another tool from within the container as ADD does not support
+> If your URL files are protected using authentication, you
+> will need to use `RUN wget`, `RUN curl` or use another tool from
+> within the container as the `ADD` instruction does not support
 > authentication.
 
 > **Note**:
@@ -314,9 +313,9 @@ The copy obeys the following rules:
   from *remote* URLs are **not** decompressed. When a directory is copied or
   unpacked, it has the same behavior as `tar -x`: the result is the union of:
 
-    1. whatever existed at the destination path and
-    2. the contents of the source tree, with conflicts resolved in favor of 
-       "2." on a file-by-file basis.
+    1. Whatever existed at the destination path and
+    2. The contents of the source tree, with conflicts resolved in favor
+       of "2." on a file-by-file basis.
 
 - If `<src>` is any other kind of file, it is copied individually along with
   its metadata. In this case, if `<dest>` ends with a trailing slash `/`, it
@@ -342,7 +341,7 @@ being built (also called the *context* of the build).
 `<dest>` is the absolute path to which the source will be copied inside the
 destination container.
 
-All new files and directories are created with a uid and gid of 0.
+All new files and directories are created with a UID and GID of 0.
 
 > **Note**:
 > If you build using STDIN (`docker build - < somefile`), there is no
@@ -431,34 +430,34 @@ instructions via the Docker client, refer to [*Share Directories via Volumes*](
 
     USER daemon
 
-The `USER` instruction sets the username or UID to use when running the image
+The `USER` instruction sets the user name or UID to use when running the image
 and for any following `RUN` directives.
 
 ## WORKDIR
 
     WORKDIR /path/to/workdir
 
-The `WORKDIR` instruction sets the working directory for the `RUN`, `CMD` and
-`ENTRYPOINT` Dockerfile commands that follow it.
+The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD` and
+`ENTRYPOINT` instructions that follow it in the `Dockerfile`.
 
-It can be used multiple times in the one Dockerfile. If a relative path
+It can be used multiple times in the one `Dockerfile`. If a relative path
 is provided, it will be relative to the path of the previous `WORKDIR`
 instruction. For example:
 
     WORKDIR /a WORKDIR b WORKDIR c RUN pwd
 
-The output of the final `pwd` command in this
-Dockerfile would be `/a/b/c`.
+The output of the final `pwd` command in this Dockerfile would be
+`/a/b/c`.
 
 ## ONBUILD
 
     ONBUILD [INSTRUCTION]
 
-The `ONBUILD` instruction adds to the image a
-"trigger" instruction to be executed at a later time, when the image is
-used as the base for another build. The trigger will be executed in the
-context of the downstream build, as if it had been inserted immediately
-after the *FROM* instruction in the downstream Dockerfile.
+The `ONBUILD` instruction adds to the image a *trigger* instruction to
+be executed at a later time, when the image is used as the base for
+another build. The trigger will be executed in the context of the
+downstream build, as if it had been inserted immediately after the
+`FROM` instruction in the downstream `Dockerfile`.
 
 Any build instruction can be registered as a trigger.
 
@@ -466,33 +465,33 @@ This is useful if you are building an image which will be used as a base
 to build other images, for example an application build environment or a
 daemon which may be customized with user-specific configuration.
 
-For example, if your image is a reusable python application builder, it
+For example, if your image is a reusable Python application builder, it
 will require application source code to be added in a particular
 directory, and it might require a build script to be called *after*
-that. You can't just call *ADD* and *RUN* now, because you don't yet
+that. You can't just call `ADD` and `RUN` now, because you don't yet
 have access to the application source code, and it will be different for
 each application build. You could simply provide application developers
-with a boilerplate Dockerfile to copy-paste into their application, but
+with a boilerplate `Dockerfile` to copy-paste into their application, but
 that is inefficient, error-prone and difficult to update because it
 mixes with application-specific code.
 
-The solution is to use *ONBUILD* to register in advance instructions to
+The solution is to use `ONBUILD` to register advance instructions to
 run later, during the next build stage.
 
 Here's how it works:
 
-1. When it encounters an *ONBUILD* instruction, the builder adds a
+1. When it encounters an `ONBUILD` instruction, the builder adds a
    trigger to the metadata of the image being built. The instruction
    does not otherwise affect the current build.
 2. At the end of the build, a list of all triggers is stored in the
-   image manifest, under the key *OnBuild*. They can be inspected with
-   *docker inspect*.
+   image manifest, under the key `OnBuild`. They can be inspected with
+   the `docker inspect` command.
 3. Later the image may be used as a base for a new build, using the
-   *FROM* instruction. As part of processing the *FROM* instruction,
-   the downstream builder looks for *ONBUILD* triggers, and executes
+   `FROM` instruction. As part of processing the `FROM` instruction,
+   the downstream builder looks for `ONBUILD` triggers, and executes
    them in the same order they were registered. If any of the triggers
-   fail, the *FROM* instruction is aborted which in turn causes the
-   build to fail. If all triggers succeed, the FROM instruction
+   fail, the `FROM` instruction is aborted which in turn causes the
+   build to fail. If all triggers succeed, the `FROM` instruction
    completes and the build continues as usual.
 4. Triggers are cleared from the final image after being executed. In
    other words they are not inherited by "grand-children" builds.
@@ -504,9 +503,9 @@ For example you might add something like this:
     ONBUILD RUN /usr/local/bin/python-build --dir /app/src
     [...]
 
-> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn't allowed.
+> **Warning**: Chaining `ONBUILD` instructions using `ONBUILD ONBUILD` isn't allowed.
 
-> **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions.
+> **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions.
 
 ## Dockerfile Examples
 
@@ -557,3 +556,4 @@ For example you might add something like this:
 
     # You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with
     # /oink.
+

From 431996d45d45901f2a44cf9f474396d25a82eaf9 Mon Sep 17 00:00:00 2001
From: Gabor Nagy <mail@aigeruth.hu>
Date: Sun, 13 Jul 2014 00:28:55 +0200
Subject: [PATCH 119/516] Fix MarkDown in Docker Registry API docs

Docker-DCO-1.1-Signed-off-by: Gabor Nagy <mail@aigeruth.hu> (github: Aigeruth)
Upstream-commit: b1677f9d09d3a66ddf5c22346f0ea2a22cb2560d
Component: engine
---
 .../engine/docs/sources/reference/api/registry_api.md     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/registry_api.md b/components/engine/docs/sources/reference/api/registry_api.md
index 2840693fa8..a3d4f23d66 100644
--- a/components/engine/docs/sources/reference/api/registry_api.md
+++ b/components/engine/docs/sources/reference/api/registry_api.md
@@ -57,7 +57,7 @@ grasp the context, here are some examples of registries:
 > **Note**:
 > The latter implies that while HTTP is the protocol of choice for a registry,
 > multiple schemes are possible (and in some cases, trivial):
-> 
+>
 >  - HTTP with GET (and PUT for read-write registries);
 >  - local mount point;
 >  - remote docker addressed through SSH.
@@ -335,7 +335,7 @@ Get all of the tags for the given repo.
     - **401** – Requires authorization
     - **404** – Repository not found
 
-`GET /v1/repositories/(namespace)/(repository)/tags/(tag*):
+`GET /v1/repositories/(namespace)/(repository)/tags/(tag*)`
 
 Get a tag for the given repo.
 
@@ -369,7 +369,7 @@ Get a tag for the given repo.
     - **401** – Requires authorization
     - **404** – Tag not found
 
-`DELETE /v1/repositories/(namespace)/(repository)/tags/(tag*):
+`DELETE /v1/repositories/(namespace)/(repository)/tags/(tag*)`
 
 Delete the tag for the repo
 
@@ -402,7 +402,7 @@ Delete the tag for the repo
     - **401** – Requires authorization
     - **404** – Tag not found
 
-`PUT /v1/repositories/(namespace)/(repository)/tags/(tag*):
+`PUT /v1/repositories/(namespace)/(repository)/tags/(tag*)`
 
 Put a tag for the given repo.
 

From d90f5b872a9befb4af59aab4feaee9800734a10f Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Mon, 14 Jul 2014 21:11:48 +0400
Subject: [PATCH 120/516] Some resource clean ups in archive

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 66ccd55ed4676b0b306829aa01ffdd4067c9960e
Component: engine
---
 components/engine/archive/archive.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 2ba62f5363..bf6e0b7797 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -177,15 +177,15 @@ func addTarFile(path, name string, tw *tar.Writer) error {
 	}
 
 	if hdr.Typeflag == tar.TypeReg {
-		if file, err := os.Open(path); err != nil {
+		file, err := os.Open(path)
+		if err != nil {
 			return err
-		} else {
-			_, err := io.Copy(tw, file)
-			if err != nil {
-				return err
-			}
-			file.Close()
 		}
+		if _, err := io.Copy(tw, file); err != nil {
+			file.Close()
+			return err
+		}
+		file.Close()
 	}
 
 	return nil
@@ -544,19 +544,19 @@ func CopyFileWithTar(src, dst string) (err error) {
 		}
 		defer srcF.Close()
 
-		tw := tar.NewWriter(w)
 		hdr, err := tar.FileInfoHeader(srcSt, "")
 		if err != nil {
 			return err
 		}
 		hdr.Name = filepath.Base(dst)
+		tw := tar.NewWriter(w)
+		defer tw.Close()
 		if err := tw.WriteHeader(hdr); err != nil {
 			return err
 		}
 		if _, err := io.Copy(tw, srcF); err != nil {
 			return err
 		}
-		tw.Close()
 		return nil
 	})
 	defer func() {

From bd79f253bc86a022892417a74b9c5f256f7b968b Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 14 Jul 2014 09:28:02 -0700
Subject: [PATCH 121/516] api/server/MAINTAINERS: comment proppy (vacation)

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: 32740543daf889388662a963d8a61b1096e75693
Component: engine
---
 components/engine/api/server/MAINTAINERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/api/server/MAINTAINERS b/components/engine/api/server/MAINTAINERS
index c92a061143..310a159716 100644
--- a/components/engine/api/server/MAINTAINERS
+++ b/components/engine/api/server/MAINTAINERS
@@ -1,2 +1,3 @@
 Victor Vieux <vieux@docker.com> (@vieux)
-Johan Euphrosine <proppy@google.com> (@proppy)
+# off the grid until september
+# Johan Euphrosine <proppy@google.com> (@proppy)

From 5ddda4b09acad28f5657bb401d9d5f6475932c3e Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 10 Jul 2014 13:19:18 +0400
Subject: [PATCH 122/516] Set state running before dumping to disk

Fixes #4766
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 97a38079010bddfe6316c4087c13825fd8df64b7
Component: engine
---
 components/engine/daemon/container.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index aacd90a449..b050fe571a 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -1102,10 +1102,10 @@ func (container *Container) waitForStart() error {
 				c.Close()
 			}
 		}
-		if err := container.toDisk(); err != nil {
+		container.State.SetRunning(command.Pid())
+		if err := container.ToDisk(); err != nil {
 			utils.Debugf("%s", err)
 		}
-		container.State.SetRunning(command.Pid())
 	}
 
 	// We use a callback here instead of a goroutine and an chan for

From 2226522e72de2b8e99e00394a96c2ce5da87bfcf Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 14 Jul 2014 12:34:04 -0600
Subject: [PATCH 123/516] Add a conditional to
 contrib/init/sysvinit-debian/docker for Dash vs Bash support

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 4f0fbb885eb6b561fd6e4ba26b35cb30dd8d9121
Component: engine
---
 components/engine/contrib/init/sysvinit-debian/docker | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/engine/contrib/init/sysvinit-debian/docker b/components/engine/contrib/init/sysvinit-debian/docker
index 6250cae053..d79d9c6c07 100755
--- a/components/engine/contrib/init/sysvinit-debian/docker
+++ b/components/engine/contrib/init/sysvinit-debian/docker
@@ -89,7 +89,11 @@ case "$1" in
 		chgrp docker "$DOCKER_LOGFILE"
 
 		ulimit -n 1048576
-		ulimit -u 1048576
+		if [ "$BASH" ]; then
+			ulimit -u 1048576
+		else
+			ulimit -p 1048576
+		fi
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		start-stop-daemon --start --background \

From 182632c50d828de1513322bfe8a59b134379b331 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 14 Jul 2014 12:30:19 -0700
Subject: [PATCH 124/516] Update libcontainer dep to fb67bb80b4205bece36ff70
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 3b4a1c54d834a21a2b2a22b359495939db3b77f1
 Component: engine

---
 components/engine/hack/vendor.sh              |   2 +-
 .../docker/libcontainer/.travis.yml           |  23 +-
 .../src/github.com/docker/libcontainer/api.go |  23 --
 .../docker/libcontainer/api_temp.go           |  34 +++
 .../libcontainer/cgroups/cgutil/cgutil.go     | 264 ++++++++++++++++++
 .../cgroups/cgutil/sample_cgroup.json         |  10 +
 .../libcontainer/cgroups/fs/apply_raw.go      |  43 ++-
 .../docker/libcontainer/cgroups/fs/blkio.go   |  15 +-
 .../libcontainer/cgroups/fs/blkio_test.go     |  44 +--
 .../docker/libcontainer/cgroups/fs/cpu.go     |  16 +-
 .../libcontainer/cgroups/fs/cpu_test.go       |  12 +-
 .../docker/libcontainer/cgroups/fs/cpuacct.go |  26 +-
 .../docker/libcontainer/cgroups/fs/cpuset.go  |  16 +-
 .../docker/libcontainer/cgroups/fs/devices.go |   8 +-
 .../docker/libcontainer/cgroups/fs/freezer.go |  29 +-
 .../docker/libcontainer/cgroups/fs/memory.go  |  16 +-
 .../libcontainer/cgroups/fs/memory_test.go    |  32 +--
 .../libcontainer/cgroups/fs/perf_event.go     |   8 +-
 .../docker/libcontainer/cgroups/stats.go      |  13 +-
 .../cgroups/systemd/apply_nosystemd.go        |   4 +
 .../cgroups/systemd/apply_systemd.go          |  60 +++-
 .../github.com/docker/libcontainer/config.go  |  86 ++++++
 .../{container_test.go => config_test.go}     |   0
 .../docker/libcontainer/container.go          | 135 ++++-----
 .../github.com/docker/libcontainer/factory.go |  25 ++
 .../docker/libcontainer/label/label.go        |   4 +
 .../libcontainer/label/label_selinux.go       |  17 ++
 .../docker/libcontainer/mount/init.go         |  10 +-
 .../docker/libcontainer/mount/types.go        |   1 +
 .../docker/libcontainer/namespaces/exec.go    |   7 +-
 .../docker/libcontainer/namespaces/execin.go  |   4 +-
 .../docker/libcontainer/namespaces/init.go    |   3 +-
 .../libcontainer/nsinit/{main.go => cli.go}   |   8 +-
 .../docker/libcontainer/nsinit/config.go      |  29 ++
 .../docker/libcontainer/nsinit/exec.go        |   2 +-
 .../docker/libcontainer/nsinit/init.go        |   5 +-
 .../docker/libcontainer/nsinit/nsenter.go     |   4 +-
 .../libcontainer/nsinit/nsinit/nsinit.go      |   7 +
 .../docker/libcontainer/nsinit/pause.go       |  49 ++++
 .../docker/libcontainer/nsinit/spec.go        |  40 ---
 .../docker/libcontainer/nsinit/stats.go       |  23 +-
 .../docker/libcontainer/nsinit/utils.go       |   2 +-
 .../github.com/docker/libcontainer/process.go |  27 ++
 .../security/capabilities/capabilities.go     |   2 +-
 .../security/capabilities/types.go            |   2 -
 .../docker/libcontainer/selinux/selinux.go    |  45 ++-
 .../github.com/docker/libcontainer/state.go   |  23 +-
 .../{namespaces => syncpipe}/sync_pipe.go     |   2 +-
 .../sync_pipe_linux.go                        |   2 +-
 .../sync_pipe_test.go                         |   2 +-
 50 files changed, 917 insertions(+), 347 deletions(-)
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/api.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/api_temp.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/sample_cgroup.json
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/config.go
 rename components/engine/vendor/src/github.com/docker/libcontainer/{container_test.go => config_test.go} (100%)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/factory.go
 rename components/engine/vendor/src/github.com/docker/libcontainer/nsinit/{main.go => cli.go} (86%)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/nsinit/spec.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/process.go
 rename components/engine/vendor/src/github.com/docker/libcontainer/{namespaces => syncpipe}/sync_pipe.go (98%)
 rename components/engine/vendor/src/github.com/docker/libcontainer/{namespaces => syncpipe}/sync_pipe_linux.go (95%)
 rename components/engine/vendor/src/github.com/docker/libcontainer/{namespaces => syncpipe}/sync_pipe_test.go (98%)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index b0a89db68d..93ecc8131e 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer 53cfe0a1eba9145bf5329abbb52b0072ccab8a00
+clone git github.com/docker/libcontainer fb67bb80b4205bece36ff7096ee745ab0cee7e06
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
index 94dc5ac7c8..d4c2045d8a 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -1,12 +1,25 @@
 language: go
 
+# let us have pretty experimental Docker-based Travis workers
+sudo: false
+
+env:
+    - TRAVIS_GLOBAL_WTF=1
+    - GOOS=linux GOARCH=amd64
+    - GOOS=linux GOARCH=386
+    - GOOS=linux GOARCH=arm
+    - GOOS=darwin GOARCH=amd64
+    - GOOS=darwin GOARCH=386
+    - GOOS=freebsd GOARCH=amd64
+
 install:
-    - go get -d ./...
-    - go get -d github.com/dotcloud/docker # just to be sure
+    - go get -d -v ./...
+    - go get -d -v github.com/dotcloud/docker # just to be sure
     - DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker"
     - sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate"
 
 script:
-    - bash "$DOCKER_PATH/hack/make/validate-dco"
-    - bash "$DOCKER_PATH/hack/make/validate-gofmt"
-    - go test
+    - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-dco"; fi
+    - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-gofmt"; fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go build -v ./...; fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go test -v ./...; fi
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/api.go b/components/engine/vendor/src/github.com/docker/libcontainer/api.go
deleted file mode 100644
index 310f06e810..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/api.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package libcontainer
-
-import (
-	"github.com/docker/libcontainer/cgroups/fs"
-	"github.com/docker/libcontainer/network"
-)
-
-// Returns all available stats for the given container.
-func GetStats(container *Config, state *State) (*ContainerStats, error) {
-	var containerStats ContainerStats
-	stats, err := fs.GetStats(container.Cgroups)
-	if err != nil {
-		return &containerStats, err
-	}
-	containerStats.CgroupStats = stats
-	networkStats, err := network.GetStats(&state.NetworkState)
-	if err != nil {
-		return &containerStats, err
-	}
-	containerStats.NetworkStats = networkStats
-
-	return &containerStats, nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/api_temp.go b/components/engine/vendor/src/github.com/docker/libcontainer/api_temp.go
new file mode 100644
index 0000000000..9b2c520774
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/api_temp.go
@@ -0,0 +1,34 @@
+/*
+Temporary API endpoint for libcontainer while the full API is finalized (api.go).
+*/
+package libcontainer
+
+import (
+	"github.com/docker/libcontainer/cgroups/fs"
+	"github.com/docker/libcontainer/cgroups/systemd"
+	"github.com/docker/libcontainer/network"
+)
+
+// TODO(vmarmol): Complete Stats() in final libcontainer API and move users to that.
+// DEPRECATED: The below portions are only to be used during the transition to the official API.
+// Returns all available stats for the given container.
+func GetStats(container *Config, state *State) (*ContainerStats, error) {
+	var (
+		err   error
+		stats = &ContainerStats{}
+	)
+
+	if systemd.UseSystemd() {
+		stats.CgroupStats, err = systemd.GetStats(container.Cgroups)
+	} else {
+		stats.CgroupStats, err = fs.GetStats(container.Cgroups)
+	}
+
+	if err != nil {
+		return stats, err
+	}
+
+	stats.NetworkStats, err = network.GetStats(&state.NetworkState)
+
+	return stats, err
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
new file mode 100644
index 0000000000..f4a541eab2
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
@@ -0,0 +1,264 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+	"syscall"
+	"time"
+
+	"github.com/codegangsta/cli"
+	"github.com/docker/libcontainer/cgroups"
+	"github.com/docker/libcontainer/cgroups/fs"
+	"github.com/docker/libcontainer/cgroups/systemd"
+)
+
+var createCommand = cli.Command{
+	Name:  "create",
+	Usage: "Create a cgroup container using the supplied configuration and initial process.",
+	Flags: []cli.Flag{
+		cli.StringFlag{"config, c", "cgroup.json", "path to container configuration (cgroups.Cgroup object)"},
+		cli.IntFlag{"pid, p", 0, "pid of the initial process in the container"},
+	},
+	Action: createAction,
+}
+
+var destroyCommand = cli.Command{
+	Name:  "destroy",
+	Usage: "Destroy an existing cgroup container.",
+	Flags: []cli.Flag{
+		cli.StringFlag{"name, n", "", "container name"},
+		cli.StringFlag{"parent, p", "", "container parent"},
+	},
+	Action: destroyAction,
+}
+
+var statsCommand = cli.Command{
+	Name:  "stats",
+	Usage: "Get stats for cgroup",
+	Flags: []cli.Flag{
+		cli.StringFlag{"name, n", "", "container name"},
+		cli.StringFlag{"parent, p", "", "container parent"},
+	},
+	Action: statsAction,
+}
+
+var pauseCommand = cli.Command{
+	Name:  "pause",
+	Usage: "Pause cgroup",
+	Flags: []cli.Flag{
+		cli.StringFlag{"name, n", "", "container name"},
+		cli.StringFlag{"parent, p", "", "container parent"},
+	},
+	Action: pauseAction,
+}
+
+var resumeCommand = cli.Command{
+	Name:  "resume",
+	Usage: "Resume a paused cgroup",
+	Flags: []cli.Flag{
+		cli.StringFlag{"name, n", "", "container name"},
+		cli.StringFlag{"parent, p", "", "container parent"},
+	},
+	Action: resumeAction,
+}
+
+var psCommand = cli.Command{
+	Name:  "ps",
+	Usage: "Get list of pids for a cgroup",
+	Flags: []cli.Flag{
+		cli.StringFlag{"name, n", "", "container name"},
+		cli.StringFlag{"parent, p", "", "container parent"},
+	},
+	Action: psAction,
+}
+
+func getConfigFromFile(c *cli.Context) (*cgroups.Cgroup, error) {
+	f, err := os.Open(c.String("config"))
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var config *cgroups.Cgroup
+	if err := json.NewDecoder(f).Decode(&config); err != nil {
+		log.Fatal(err)
+	}
+	return config, nil
+}
+
+func openLog(name string) error {
+	f, err := os.OpenFile(name, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0755)
+	if err != nil {
+		return err
+	}
+
+	log.SetOutput(f)
+	return nil
+}
+
+func getConfig(context *cli.Context) (*cgroups.Cgroup, error) {
+	name := context.String("name")
+	if name == "" {
+		log.Fatal(fmt.Errorf("Missing container name"))
+	}
+	parent := context.String("parent")
+	return &cgroups.Cgroup{
+		Name:   name,
+		Parent: parent,
+	}, nil
+}
+
+func killAll(config *cgroups.Cgroup) {
+	// We could use freezer here to prevent process spawning while we are trying
+	// to kill everything. But going with more portable solution of retrying for
+	// now.
+	pids := getPids(config)
+	retry := 10
+	for len(pids) != 0 || retry > 0 {
+		killPids(pids)
+		time.Sleep(100 * time.Millisecond)
+		retry--
+		pids = getPids(config)
+	}
+	if len(pids) != 0 {
+		log.Fatal(fmt.Errorf("Could not kill existing processes in the container."))
+	}
+}
+
+func getPids(config *cgroups.Cgroup) []int {
+	pids, err := fs.GetPids(config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return pids
+}
+
+func killPids(pids []int) {
+	for _, pid := range pids {
+		// pids might go away on their own. Ignore errors.
+		syscall.Kill(pid, syscall.SIGKILL)
+	}
+}
+
+func setFreezerState(context *cli.Context, state cgroups.FreezerState) {
+	config, err := getConfig(context)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if systemd.UseSystemd() {
+		err = systemd.Freeze(config, state)
+	} else {
+		err = fs.Freeze(config, state)
+	}
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func createAction(context *cli.Context) {
+	config, err := getConfigFromFile(context)
+	if err != nil {
+		log.Fatal(err)
+	}
+	pid := context.Int("pid")
+	if pid <= 0 {
+		log.Fatal(fmt.Errorf("Invalid pid : %d", pid))
+	}
+	if systemd.UseSystemd() {
+		_, err := systemd.Apply(config, pid)
+		if err != nil {
+			log.Fatal(err)
+		}
+	} else {
+		_, err := fs.Apply(config, pid)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+}
+
+func destroyAction(context *cli.Context) {
+	config, err := getConfig(context)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	killAll(config)
+	// Systemd will clean up cgroup state for empty container.
+	if !systemd.UseSystemd() {
+		err := fs.Cleanup(config)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+}
+
+func statsAction(context *cli.Context) {
+	config, err := getConfig(context)
+	if err != nil {
+		log.Fatal(err)
+	}
+	stats, err := fs.GetStats(config)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	out, err := json.MarshalIndent(stats, "", "\t")
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Usage stats for '%s':\n %v\n", config.Name, string(out))
+}
+
+func pauseAction(context *cli.Context) {
+	setFreezerState(context, cgroups.Frozen)
+}
+
+func resumeAction(context *cli.Context) {
+	setFreezerState(context, cgroups.Thawed)
+}
+
+func psAction(context *cli.Context) {
+	config, err := getConfig(context)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pids, err := fs.GetPids(config)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("Pids in '%s':\n", config.Name)
+	fmt.Println(pids)
+}
+
+func main() {
+	logPath := os.Getenv("log")
+	if logPath != "" {
+		if err := openLog(logPath); err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	app := cli.NewApp()
+	app.Name = "cgutil"
+	app.Usage = "Test utility for libcontainer cgroups package"
+	app.Version = "0.1"
+
+	app.Commands = []cli.Command{
+		createCommand,
+		destroyCommand,
+		statsCommand,
+		pauseCommand,
+		resumeCommand,
+		psCommand,
+	}
+
+	if err := app.Run(os.Args); err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/sample_cgroup.json b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/sample_cgroup.json
new file mode 100644
index 0000000000..2d29784941
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/sample_cgroup.json
@@ -0,0 +1,10 @@
+{
+	"name": "luke",
+	"parent": "darth",
+	"allow_all_devices": true,
+	"memory": 1073741824,
+	"memory_swap": -1,
+	"cpu_shares": 2048,
+	"cpu_quota": 500000,
+	"cpu_period": 250000
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
index 8fa34c21c2..e9c06e1e2c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -12,21 +12,21 @@ import (
 
 var (
 	subsystems = map[string]subsystem{
-		"devices":    &devicesGroup{},
-		"memory":     &memoryGroup{},
-		"cpu":        &cpuGroup{},
-		"cpuset":     &cpusetGroup{},
-		"cpuacct":    &cpuacctGroup{},
-		"blkio":      &blkioGroup{},
-		"perf_event": &perfEventGroup{},
-		"freezer":    &freezerGroup{},
+		"devices":    &DevicesGroup{},
+		"memory":     &MemoryGroup{},
+		"cpu":        &CpuGroup{},
+		"cpuset":     &CpusetGroup{},
+		"cpuacct":    &CpuacctGroup{},
+		"blkio":      &BlkioGroup{},
+		"perf_event": &PerfEventGroup{},
+		"freezer":    &FreezerGroup{},
 	}
 )
 
 type subsystem interface {
 	Set(*data) error
 	Remove(*data) error
-	GetStats(*data, *cgroups.Stats) error
+	GetStats(string, *cgroups.Stats) error
 }
 
 type data struct {
@@ -52,6 +52,14 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
 	return d, nil
 }
 
+func Cleanup(c *cgroups.Cgroup) error {
+	d, err := getCgroupData(c, 0)
+	if err != nil {
+		return fmt.Errorf("Could not get Cgroup data %s", err)
+	}
+	return d.Cleanup()
+}
+
 func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
 	stats := cgroups.NewStats()
 
@@ -60,10 +68,19 @@ func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
 		return nil, fmt.Errorf("getting CgroupData %s", err)
 	}
 
-	for sysName, sys := range subsystems {
-		// Don't fail if a cgroup hierarchy was not found.
-		if err := sys.GetStats(d, stats); err != nil && err != cgroups.ErrNotFound {
-			return nil, fmt.Errorf("getting stats for system %q %s", sysName, err)
+	for sysname, sys := range subsystems {
+		path, err := d.path(sysname)
+		if err != nil {
+			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
+			if err == cgroups.ErrNotFound {
+				continue
+			}
+
+			return nil, err
+		}
+
+		if err := sys.GetStats(path, stats); err != nil {
+			return nil, err
 		}
 	}
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
index 0e0a198de6..38b8757727 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
@@ -11,10 +11,10 @@ import (
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type blkioGroup struct {
+type BlkioGroup struct {
 }
 
-func (s *blkioGroup) Set(d *data) error {
+func (s *BlkioGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
 	if _, err := d.join("blkio"); err != nil && err != cgroups.ErrNotFound {
 		return err
@@ -22,7 +22,7 @@ func (s *blkioGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *blkioGroup) Remove(d *data) error {
+func (s *BlkioGroup) Remove(d *data) error {
 	return removePath(d.path("blkio"))
 }
 
@@ -65,6 +65,9 @@ func getBlkioStat(path string) ([]cgroups.BlkioStatEntry, error) {
 	var blkioStats []cgroups.BlkioStatEntry
 	f, err := os.Open(path)
 	if err != nil {
+		if os.IsNotExist(err) {
+			return blkioStats, nil
+		}
 		return nil, err
 	}
 	defer f.Close()
@@ -110,13 +113,9 @@ func getBlkioStat(path string) ([]cgroups.BlkioStatEntry, error) {
 	return blkioStats, nil
 }
 
-func (s *blkioGroup) GetStats(d *data, stats *cgroups.Stats) error {
+func (s *BlkioGroup) GetStats(path string, stats *cgroups.Stats) error {
 	var blkioStats []cgroups.BlkioStatEntry
 	var err error
-	path, err := d.path("blkio")
-	if err != nil {
-		return err
-	}
 
 	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.sectors_recursive")); err != nil {
 		return err
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio_test.go
index c916c86bba..db6f8d5214 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio_test.go
@@ -44,8 +44,8 @@ func TestBlkioStats(t *testing.T) {
 		"blkio.sectors_recursive":          sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -84,10 +84,10 @@ func TestBlkioStatsNoSectorsFile(t *testing.T) {
 		"blkio.io_queued_recursive":        queuedRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
-	if err == nil {
-		t.Fatal("Expected to fail, but did not")
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
+	if err != nil {
+		t.Fatalf("Failed unexpectedly: %s", err)
 	}
 }
 
@@ -100,10 +100,10 @@ func TestBlkioStatsNoServiceBytesFile(t *testing.T) {
 		"blkio.sectors_recursive":     sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
-	if err == nil {
-		t.Fatal("Expected to fail, but did not")
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
+	if err != nil {
+		t.Fatalf("Failed unexpectedly: %s", err)
 	}
 }
 
@@ -116,10 +116,10 @@ func TestBlkioStatsNoServicedFile(t *testing.T) {
 		"blkio.sectors_recursive":          sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
-	if err == nil {
-		t.Fatal("Expected to fail, but did not")
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
+	if err != nil {
+		t.Fatalf("Failed unexpectedly: %s", err)
 	}
 }
 
@@ -132,10 +132,10 @@ func TestBlkioStatsNoQueuedFile(t *testing.T) {
 		"blkio.sectors_recursive":          sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
-	if err == nil {
-		t.Fatal("Expected to fail, but did not")
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
+	if err != nil {
+		t.Fatalf("Failed unexpectedly: %s", err)
 	}
 }
 
@@ -149,8 +149,8 @@ func TestBlkioStatsUnexpectedNumberOfFields(t *testing.T) {
 		"blkio.sectors_recursive":          sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected to fail, but did not")
 	}
@@ -166,8 +166,8 @@ func TestBlkioStatsUnexpectedFieldType(t *testing.T) {
 		"blkio.sectors_recursive":          sectorsRecursiveContents,
 	})
 
-	blkio := &blkioGroup{}
-	err := blkio.GetStats(helper.CgroupData, &actualStats)
+	blkio := &BlkioGroup{}
+	err := blkio.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected to fail, but did not")
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go
index 1c692fd550..efac9ed16a 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go
@@ -5,15 +5,14 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
-	"syscall"
 
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type cpuGroup struct {
+type CpuGroup struct {
 }
 
-func (s *cpuGroup) Set(d *data) error {
+func (s *CpuGroup) Set(d *data) error {
 	// We always want to join the cpu group, to allow fair cpu scheduling
 	// on a container basis
 	dir, err := d.join("cpu")
@@ -38,19 +37,14 @@ func (s *cpuGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *cpuGroup) Remove(d *data) error {
+func (s *CpuGroup) Remove(d *data) error {
 	return removePath(d.path("cpu"))
 }
 
-func (s *cpuGroup) GetStats(d *data, stats *cgroups.Stats) error {
-	path, err := d.path("cpu")
-	if err != nil {
-		return err
-	}
-
+func (s *CpuGroup) GetStats(path string, stats *cgroups.Stats) error {
 	f, err := os.Open(filepath.Join(path, "cpu.stat"))
 	if err != nil {
-		if pathErr, ok := err.(*os.PathError); ok && pathErr.Err == syscall.ENOENT {
+		if os.IsNotExist(err) {
 			return nil
 		}
 		return err
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu_test.go
index ebdb6a5757..017a1f4b8e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu_test.go
@@ -23,8 +23,8 @@ func TestCpuStats(t *testing.T) {
 		"cpu.stat": cpuStatContent,
 	})
 
-	cpu := &cpuGroup{}
-	err := cpu.GetStats(helper.CgroupData, &actualStats)
+	cpu := &CpuGroup{}
+	err := cpu.GetStats(helper.CgroupPath, &actualStats)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -41,8 +41,8 @@ func TestNoCpuStatFile(t *testing.T) {
 	helper := NewCgroupTestUtil("cpu", t)
 	defer helper.cleanup()
 
-	cpu := &cpuGroup{}
-	err := cpu.GetStats(helper.CgroupData, &actualStats)
+	cpu := &CpuGroup{}
+	err := cpu.GetStats(helper.CgroupPath, &actualStats)
 	if err != nil {
 		t.Fatal("Expected not to fail, but did")
 	}
@@ -58,8 +58,8 @@ func TestInvalidCpuStat(t *testing.T) {
 		"cpu.stat": cpuStatContent,
 	})
 
-	cpu := &cpuGroup{}
-	err := cpu.GetStats(helper.CgroupData, &actualStats)
+	cpu := &CpuGroup{}
+	err := cpu.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failed stat parsing.")
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
index a3d22c9f74..be1805205a 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
@@ -22,10 +22,10 @@ var (
 
 const nanosecondsInSecond = 1000000000
 
-type cpuacctGroup struct {
+type CpuacctGroup struct {
 }
 
-func (s *cpuacctGroup) Set(d *data) error {
+func (s *CpuacctGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
 	if _, err := d.join("cpuacct"); err != nil && err != cgroups.ErrNotFound {
 		return err
@@ -33,20 +33,20 @@ func (s *cpuacctGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *cpuacctGroup) Remove(d *data) error {
+func (s *CpuacctGroup) Remove(d *data) error {
 	return removePath(d.path("cpuacct"))
 }
 
-func (s *cpuacctGroup) GetStats(d *data, stats *cgroups.Stats) error {
+func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
 	var (
+		err                                                                                                           error
 		startCpu, lastCpu, startSystem, lastSystem, startUsage, lastUsage, kernelModeUsage, userModeUsage, percentage uint64
 	)
-	path, err := d.path("cpuacct")
-	if kernelModeUsage, userModeUsage, err = s.getCpuUsage(d, path); err != nil {
+	if kernelModeUsage, userModeUsage, err = getCpuUsage(path); err != nil {
 		return err
 	}
 	startCpu = kernelModeUsage + userModeUsage
-	if startSystem, err = s.getSystemCpuUsage(d); err != nil {
+	if startSystem, err = getSystemCpuUsage(); err != nil {
 		return err
 	}
 	startUsageTime := time.Now()
@@ -55,11 +55,11 @@ func (s *cpuacctGroup) GetStats(d *data, stats *cgroups.Stats) error {
 	}
 	// sample for 100ms
 	time.Sleep(100 * time.Millisecond)
-	if kernelModeUsage, userModeUsage, err = s.getCpuUsage(d, path); err != nil {
+	if kernelModeUsage, userModeUsage, err = getCpuUsage(path); err != nil {
 		return err
 	}
 	lastCpu = kernelModeUsage + userModeUsage
-	if lastSystem, err = s.getSystemCpuUsage(d); err != nil {
+	if lastSystem, err = getSystemCpuUsage(); err != nil {
 		return err
 	}
 	usageSampleDuration := time.Since(startUsageTime)
@@ -80,7 +80,7 @@ func (s *cpuacctGroup) GetStats(d *data, stats *cgroups.Stats) error {
 	stats.CpuStats.CpuUsage.PercentUsage = percentage
 	// Delta usage is in nanoseconds of CPU time so get the usage (in cores) over the sample time.
 	stats.CpuStats.CpuUsage.CurrentUsage = deltaUsage / uint64(usageSampleDuration.Nanoseconds())
-	percpuUsage, err := s.getPercpuUsage(path)
+	percpuUsage, err := getPercpuUsage(path)
 	if err != nil {
 		return err
 	}
@@ -92,7 +92,7 @@ func (s *cpuacctGroup) GetStats(d *data, stats *cgroups.Stats) error {
 }
 
 // TODO(vmarmol): Use cgroups stats.
-func (s *cpuacctGroup) getSystemCpuUsage(d *data) (uint64, error) {
+func getSystemCpuUsage() (uint64, error) {
 
 	f, err := os.Open("/proc/stat")
 	if err != nil {
@@ -125,7 +125,7 @@ func (s *cpuacctGroup) getSystemCpuUsage(d *data) (uint64, error) {
 	return 0, fmt.Errorf("invalid stat format")
 }
 
-func (s *cpuacctGroup) getCpuUsage(d *data, path string) (uint64, uint64, error) {
+func getCpuUsage(path string) (uint64, uint64, error) {
 	kernelModeUsage := uint64(0)
 	userModeUsage := uint64(0)
 	data, err := ioutil.ReadFile(filepath.Join(path, "cpuacct.stat"))
@@ -146,7 +146,7 @@ func (s *cpuacctGroup) getCpuUsage(d *data, path string) (uint64, uint64, error)
 	return kernelModeUsage, userModeUsage, nil
 }
 
-func (s *cpuacctGroup) getPercpuUsage(path string) ([]uint64, error) {
+func getPercpuUsage(path string) ([]uint64, error) {
 	percpuUsage := []uint64{}
 	data, err := ioutil.ReadFile(filepath.Join(path, "cpuacct.usage_percpu"))
 	if err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
index 094e8b382d..9570125fd4 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
@@ -10,10 +10,10 @@ import (
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type cpusetGroup struct {
+type CpusetGroup struct {
 }
 
-func (s *cpusetGroup) Set(d *data) error {
+func (s *CpusetGroup) Set(d *data) error {
 	// we don't want to join this cgroup unless it is specified
 	if d.c.CpusetCpus != "" {
 		dir, err := d.path("cpuset")
@@ -36,15 +36,15 @@ func (s *cpusetGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *cpusetGroup) Remove(d *data) error {
+func (s *CpusetGroup) Remove(d *data) error {
 	return removePath(d.path("cpuset"))
 }
 
-func (s *cpusetGroup) GetStats(d *data, stats *cgroups.Stats) error {
+func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error {
 	return nil
 }
 
-func (s *cpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []byte, err error) {
+func (s *CpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []byte, err error) {
 	if cpus, err = ioutil.ReadFile(filepath.Join(parent, "cpuset.cpus")); err != nil {
 		return
 	}
@@ -57,7 +57,7 @@ func (s *cpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []b
 // ensureParent ensures that the parent directory of current is created
 // with the proper cpus and mems files copied from it's parent if the values
 // are a file with a new line char
-func (s *cpusetGroup) ensureParent(current string) error {
+func (s *CpusetGroup) ensureParent(current string) error {
 	parent := filepath.Dir(current)
 
 	if _, err := os.Stat(parent); err != nil {
@@ -78,7 +78,7 @@ func (s *cpusetGroup) ensureParent(current string) error {
 
 // copyIfNeeded copies the cpuset.cpus and cpuset.mems from the parent
 // directory to the current directory if the file's contents are 0
-func (s *cpusetGroup) copyIfNeeded(current, parent string) error {
+func (s *CpusetGroup) copyIfNeeded(current, parent string) error {
 	var (
 		err                      error
 		currentCpus, currentMems []byte
@@ -105,6 +105,6 @@ func (s *cpusetGroup) copyIfNeeded(current, parent string) error {
 	return nil
 }
 
-func (s *cpusetGroup) isEmpty(b []byte) bool {
+func (s *CpusetGroup) isEmpty(b []byte) bool {
 	return len(bytes.Trim(b, "\n")) == 0
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go
index 675cef3fb2..98d5d2d7dd 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go
@@ -2,10 +2,10 @@ package fs
 
 import "github.com/docker/libcontainer/cgroups"
 
-type devicesGroup struct {
+type DevicesGroup struct {
 }
 
-func (s *devicesGroup) Set(d *data) error {
+func (s *DevicesGroup) Set(d *data) error {
 	dir, err := d.join("devices")
 	if err != nil {
 		return err
@@ -25,10 +25,10 @@ func (s *devicesGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *devicesGroup) Remove(d *data) error {
+func (s *DevicesGroup) Remove(d *data) error {
 	return removePath(d.path("devices"))
 }
 
-func (s *devicesGroup) GetStats(d *data, stats *cgroups.Stats) error {
+func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error {
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
index f6a1044af6..db2a41ca34 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
@@ -1,18 +1,16 @@
 package fs
 
 import (
-	"io/ioutil"
-	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type freezerGroup struct {
+type FreezerGroup struct {
 }
 
-func (s *freezerGroup) Set(d *data) error {
+func (s *FreezerGroup) Set(d *data) error {
 	switch d.c.Freezer {
 	case cgroups.Frozen, cgroups.Thawed:
 		dir, err := d.path("freezer")
@@ -43,29 +41,10 @@ func (s *freezerGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *freezerGroup) Remove(d *data) error {
+func (s *FreezerGroup) Remove(d *data) error {
 	return removePath(d.path("freezer"))
 }
 
-func getFreezerFileData(path string) (string, error) {
-	data, err := ioutil.ReadFile(path)
-	return strings.TrimSuffix(string(data), "\n"), err
-}
-
-func (s *freezerGroup) GetStats(d *data, stats *cgroups.Stats) error {
-	path, err := d.path("freezer")
-	if err != nil {
-		return err
-	}
-	var data string
-	if data, err = getFreezerFileData(filepath.Join(path, "freezer.parent_freezing")); err != nil {
-		return err
-	}
-	stats.FreezerStats.ParentState = data
-	if data, err = getFreezerFileData(filepath.Join(path, "freezer.self_freezing")); err != nil {
-		return err
-	}
-	stats.FreezerStats.SelfState = data
-
+func (s *FreezerGroup) GetStats(path string, stats *cgroups.Stats) error {
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
index b4453f4e71..c27150d2bf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
@@ -9,10 +9,10 @@ import (
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type memoryGroup struct {
+type MemoryGroup struct {
 }
 
-func (s *memoryGroup) Set(d *data) error {
+func (s *MemoryGroup) Set(d *data) error {
 	dir, err := d.join("memory")
 	// only return an error for memory if it was not specified
 	if err != nil && (d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0) {
@@ -47,19 +47,17 @@ func (s *memoryGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *memoryGroup) Remove(d *data) error {
+func (s *MemoryGroup) Remove(d *data) error {
 	return removePath(d.path("memory"))
 }
 
-func (s *memoryGroup) GetStats(d *data, stats *cgroups.Stats) error {
-	path, err := d.path("memory")
-	if err != nil {
-		return err
-	}
-
+func (s *MemoryGroup) GetStats(path string, stats *cgroups.Stats) error {
 	// Set stats from memory.stat.
 	statsFile, err := os.Open(filepath.Join(path, "memory.stat"))
 	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
 		return err
 	}
 	defer statsFile.Close()
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory_test.go
index 8307482bce..e92f1dafe6 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory_test.go
@@ -24,8 +24,8 @@ func TestMemoryStats(t *testing.T) {
 		"memory.failcnt":            memoryFailcnt,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -41,10 +41,10 @@ func TestMemoryStatsNoStatFile(t *testing.T) {
 		"memory.max_usage_in_bytes": memoryMaxUsageContents,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
-	if err == nil {
-		t.Fatal("Expected failure")
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
+	if err != nil {
+		t.Fatal(err)
 	}
 }
 
@@ -56,8 +56,8 @@ func TestMemoryStatsNoUsageFile(t *testing.T) {
 		"memory.max_usage_in_bytes": memoryMaxUsageContents,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failure")
 	}
@@ -71,8 +71,8 @@ func TestMemoryStatsNoMaxUsageFile(t *testing.T) {
 		"memory.usage_in_bytes": memoryUsageContents,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failure")
 	}
@@ -87,8 +87,8 @@ func TestMemoryStatsBadStatFile(t *testing.T) {
 		"memory.max_usage_in_bytes": memoryMaxUsageContents,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failure")
 	}
@@ -103,8 +103,8 @@ func TestMemoryStatsBadUsageFile(t *testing.T) {
 		"memory.max_usage_in_bytes": memoryMaxUsageContents,
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failure")
 	}
@@ -119,8 +119,8 @@ func TestMemoryStatsBadMaxUsageFile(t *testing.T) {
 		"memory.max_usage_in_bytes": "bad",
 	})
 
-	memory := &memoryGroup{}
-	err := memory.GetStats(helper.CgroupData, &actualStats)
+	memory := &MemoryGroup{}
+	err := memory.GetStats(helper.CgroupPath, &actualStats)
 	if err == nil {
 		t.Fatal("Expected failure")
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
index b834c3ecae..5f45678ff3 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
@@ -4,10 +4,10 @@ import (
 	"github.com/docker/libcontainer/cgroups"
 )
 
-type perfEventGroup struct {
+type PerfEventGroup struct {
 }
 
-func (s *perfEventGroup) Set(d *data) error {
+func (s *PerfEventGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
 	if _, err := d.join("perf_event"); err != nil && err != cgroups.ErrNotFound {
 		return err
@@ -15,10 +15,10 @@ func (s *perfEventGroup) Set(d *data) error {
 	return nil
 }
 
-func (s *perfEventGroup) Remove(d *data) error {
+func (s *PerfEventGroup) Remove(d *data) error {
 	return removePath(d.path("perf_event"))
 }
 
-func (s *perfEventGroup) GetStats(d *data, stats *cgroups.Stats) error {
+func (s *PerfEventGroup) GetStats(path string, stats *cgroups.Stats) error {
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/stats.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/stats.go
index 2640245e51..49913bcefa 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/stats.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/stats.go
@@ -55,17 +55,10 @@ type BlkioStats struct {
 	SectorsRecursive        []BlkioStatEntry `json:"sectors_recursive,omitempty"`
 }
 
-// TODO(Vishh): Remove freezer from stats since it does not logically belong in stats.
-type FreezerStats struct {
-	ParentState string `json:"parent_state,omitempty"`
-	SelfState   string `json:"self_state,omitempty"`
-}
-
 type Stats struct {
-	CpuStats     CpuStats     `json:"cpu_stats,omitempty"`
-	MemoryStats  MemoryStats  `json:"memory_stats,omitempty"`
-	BlkioStats   BlkioStats   `json:"blkio_stats,omitempty"`
-	FreezerStats FreezerStats `json:"freezer_stats,omitempty"`
+	CpuStats    CpuStats    `json:"cpu_stats,omitempty"`
+	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
+	BlkioStats  BlkioStats  `json:"blkio_stats,omitempty"`
 }
 
 func NewStats() *Stats {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go
index 6dcfdffd48..685591090b 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_nosystemd.go
@@ -23,3 +23,7 @@ func GetPids(c *cgroups.Cgroup) ([]int, error) {
 func Freeze(c *cgroups.Cgroup, state cgroups.FreezerState) error {
 	return fmt.Errorf("Systemd not supported")
 }
+
+func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
+	return nil, fmt.Errorf("Systemd not supported")
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
index 6a0ce950c1..5755a5f4b7 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
@@ -15,6 +15,7 @@ import (
 
 	systemd1 "github.com/coreos/go-systemd/dbus"
 	"github.com/docker/libcontainer/cgroups"
+	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/dotcloud/docker/pkg/systemd"
 	"github.com/godbus/dbus"
 )
@@ -23,10 +24,24 @@ type systemdCgroup struct {
 	cleanupDirs []string
 }
 
+type subsystem interface {
+	GetStats(string, *cgroups.Stats) error
+}
+
 var (
 	connLock              sync.Mutex
 	theConn               *systemd1.Conn
 	hasStartTransientUnit bool
+	subsystems            = map[string]subsystem{
+		"devices":    &fs.DevicesGroup{},
+		"memory":     &fs.MemoryGroup{},
+		"cpu":        &fs.CpuGroup{},
+		"cpuset":     &fs.CpusetGroup{},
+		"cpuacct":    &fs.CpuacctGroup{},
+		"blkio":      &fs.BlkioGroup{},
+		"perf_event": &fs.PerfEventGroup{},
+		"freezer":    &fs.FreezerGroup{},
+	}
 )
 
 func UseSystemd() bool {
@@ -316,7 +331,7 @@ func (c *systemdCgroup) Cleanup() error {
 }
 
 func joinFreezer(c *cgroups.Cgroup, pid int) (string, error) {
-	path, err := getFreezerPath(c)
+	path, err := getSubsystemPath(c, "freezer")
 	if err != nil {
 		return "", err
 	}
@@ -332,23 +347,27 @@ func joinFreezer(c *cgroups.Cgroup, pid int) (string, error) {
 	return path, nil
 }
 
-func getFreezerPath(c *cgroups.Cgroup) (string, error) {
-	mountpoint, err := cgroups.FindCgroupMountpoint("freezer")
+func getSubsystemPath(c *cgroups.Cgroup, subsystem string) (string, error) {
+	mountpoint, err := cgroups.FindCgroupMountpoint(subsystem)
 	if err != nil {
 		return "", err
 	}
 
-	initPath, err := cgroups.GetInitCgroupDir("freezer")
+	initPath, err := cgroups.GetInitCgroupDir(subsystem)
 	if err != nil {
 		return "", err
 	}
 
-	return filepath.Join(mountpoint, initPath, fmt.Sprintf("%s-%s", c.Parent, c.Name)), nil
+	slice := "system.slice"
+	if c.Slice != "" {
+		slice = c.Slice
+	}
 
+	return filepath.Join(mountpoint, initPath, slice, getUnitName(c)), nil
 }
 
 func Freeze(c *cgroups.Cgroup, state cgroups.FreezerState) error {
-	path, err := getFreezerPath(c)
+	path, err := getSubsystemPath(c, "freezer")
 	if err != nil {
 		return err
 	}
@@ -389,3 +408,32 @@ func GetPids(c *cgroups.Cgroup) ([]int, error) {
 func getUnitName(c *cgroups.Cgroup) string {
 	return fmt.Sprintf("%s-%s.scope", c.Parent, c.Name)
 }
+
+/*
+ * This would be nicer to get from the systemd API when accounting
+ * is enabled, but sadly there is no way to do that yet.
+ * The lack of this functionality in the API & the approach taken
+ * is guided by
+ * http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/#readingaccountinginformation.
+ */
+func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
+	stats := cgroups.NewStats()
+
+	for sysname, sys := range subsystems {
+		subsystemPath, err := getSubsystemPath(c, sysname)
+		if err != nil {
+			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
+			if err == cgroups.ErrNotFound {
+				continue
+			}
+
+			return nil, err
+		}
+
+		if err := sys.GetStats(subsystemPath, stats); err != nil {
+			return nil, err
+		}
+	}
+
+	return stats, nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/config.go b/components/engine/vendor/src/github.com/docker/libcontainer/config.go
new file mode 100644
index 0000000000..8fe95c24f7
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/config.go
@@ -0,0 +1,86 @@
+package libcontainer
+
+import (
+	"github.com/docker/libcontainer/cgroups"
+	"github.com/docker/libcontainer/mount"
+	"github.com/docker/libcontainer/network"
+)
+
+type MountConfig mount.MountConfig
+
+type Network network.Network
+
+// Config defines configuration options for executing a process inside a contained environment.
+type Config struct {
+	// Mount specific options.
+	MountConfig *MountConfig `json:"mount_config,omitempty"`
+
+	// Hostname optionally sets the container's hostname if provided
+	Hostname string `json:"hostname,omitempty"`
+
+	// User will set the uid and gid of the executing process running inside the container
+	User string `json:"user,omitempty"`
+
+	// WorkingDir will change the processes current working directory inside the container's rootfs
+	WorkingDir string `json:"working_dir,omitempty"`
+
+	// Env will populate the processes environment with the provided values
+	// Any values from the parent processes will be cleared before the values
+	// provided in Env are provided to the process
+	Env []string `json:"environment,omitempty"`
+
+	// Tty when true will allocate a pty slave on the host for access by the container's process
+	// and ensure that it is mounted inside the container's rootfs
+	Tty bool `json:"tty,omitempty"`
+
+	// Namespaces specifies the container's namespaces that it should setup when cloning the init process
+	// If a namespace is not provided that namespace is shared from the container's parent process
+	Namespaces map[string]bool `json:"namespaces,omitempty"`
+
+	// Capabilities specify the capabilities to keep when executing the process inside the container
+	// All capbilities not specified will be dropped from the processes capability mask
+	Capabilities []string `json:"capabilities,omitempty"`
+
+	// Networks specifies the container's network setup to be created
+	Networks []*Network `json:"networks,omitempty"`
+
+	// Routes can be specified to create entries in the route table as the container is started
+	Routes []*Route `json:"routes,omitempty"`
+
+	// Cgroups specifies specific cgroup settings for the various subsystems that the container is
+	// placed into to limit the resources the container has available
+	Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"`
+
+	// AppArmorProfile specifies the profile to apply to the process running in the container and is
+	// change at the time the process is execed
+	AppArmorProfile string `json:"apparmor_profile,omitempty"`
+
+	// ProcessLabel specifies the label to apply to the process running in the container.  It is
+	// commonly used by selinux
+	ProcessLabel string `json:"process_label,omitempty"`
+
+	// RestrictSys will remount /proc/sys, /sys, and mask over sysrq-trigger as well as /proc/irq and
+	// /proc/bus
+	RestrictSys bool `json:"restrict_sys,omitempty"`
+}
+
+// Routes can be specified to create entries in the route table as the container is started
+//
+// All of destination, source, and gateway should be either IPv4 or IPv6.
+// One of the three options must be present, and ommitted entries will use their
+// IP family default for the route table.  For IPv4 for example, setting the
+// gateway to 1.2.3.4 and the interface to eth0 will set up a standard
+// destination of 0.0.0.0(or *) when viewed in the route table.
+type Route struct {
+	// Sets the destination and mask, should be a CIDR.  Accepts IPv4 and IPv6
+	Destination string `json:"destination,omitempty"`
+
+	// Sets the source and mask, should be a CIDR.  Accepts IPv4 and IPv6
+	Source string `json:"source,omitempty"`
+
+	// Sets the gateway.  Accepts IPv4 and IPv6
+	Gateway string `json:"gateway,omitempty"`
+
+	// The device to set this route up for, for example: eth0
+	InterfaceName string `json:"interface_name,omitempty"`
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/container_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/config_test.go
similarity index 100%
rename from components/engine/vendor/src/github.com/docker/libcontainer/container_test.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/config_test.go
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/container.go b/components/engine/vendor/src/github.com/docker/libcontainer/container.go
index 8fe95c24f7..5fb2bba651 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/container.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/container.go
@@ -1,86 +1,63 @@
+/*
+NOTE: The API is in flux and mainly not implemented. Proceed with caution until further notice.
+*/
 package libcontainer
 
-import (
-	"github.com/docker/libcontainer/cgroups"
-	"github.com/docker/libcontainer/mount"
-	"github.com/docker/libcontainer/network"
-)
-
-type MountConfig mount.MountConfig
-
-type Network network.Network
-
-// Config defines configuration options for executing a process inside a contained environment.
-type Config struct {
-	// Mount specific options.
-	MountConfig *MountConfig `json:"mount_config,omitempty"`
-
-	// Hostname optionally sets the container's hostname if provided
-	Hostname string `json:"hostname,omitempty"`
-
-	// User will set the uid and gid of the executing process running inside the container
-	User string `json:"user,omitempty"`
-
-	// WorkingDir will change the processes current working directory inside the container's rootfs
-	WorkingDir string `json:"working_dir,omitempty"`
-
-	// Env will populate the processes environment with the provided values
-	// Any values from the parent processes will be cleared before the values
-	// provided in Env are provided to the process
-	Env []string `json:"environment,omitempty"`
-
-	// Tty when true will allocate a pty slave on the host for access by the container's process
-	// and ensure that it is mounted inside the container's rootfs
-	Tty bool `json:"tty,omitempty"`
-
-	// Namespaces specifies the container's namespaces that it should setup when cloning the init process
-	// If a namespace is not provided that namespace is shared from the container's parent process
-	Namespaces map[string]bool `json:"namespaces,omitempty"`
-
-	// Capabilities specify the capabilities to keep when executing the process inside the container
-	// All capbilities not specified will be dropped from the processes capability mask
-	Capabilities []string `json:"capabilities,omitempty"`
-
-	// Networks specifies the container's network setup to be created
-	Networks []*Network `json:"networks,omitempty"`
-
-	// Routes can be specified to create entries in the route table as the container is started
-	Routes []*Route `json:"routes,omitempty"`
-
-	// Cgroups specifies specific cgroup settings for the various subsystems that the container is
-	// placed into to limit the resources the container has available
-	Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"`
-
-	// AppArmorProfile specifies the profile to apply to the process running in the container and is
-	// change at the time the process is execed
-	AppArmorProfile string `json:"apparmor_profile,omitempty"`
-
-	// ProcessLabel specifies the label to apply to the process running in the container.  It is
-	// commonly used by selinux
-	ProcessLabel string `json:"process_label,omitempty"`
-
-	// RestrictSys will remount /proc/sys, /sys, and mask over sysrq-trigger as well as /proc/irq and
-	// /proc/bus
-	RestrictSys bool `json:"restrict_sys,omitempty"`
-}
-
-// Routes can be specified to create entries in the route table as the container is started
+// A libcontainer container object.
 //
-// All of destination, source, and gateway should be either IPv4 or IPv6.
-// One of the three options must be present, and ommitted entries will use their
-// IP family default for the route table.  For IPv4 for example, setting the
-// gateway to 1.2.3.4 and the interface to eth0 will set up a standard
-// destination of 0.0.0.0(or *) when viewed in the route table.
-type Route struct {
-	// Sets the destination and mask, should be a CIDR.  Accepts IPv4 and IPv6
-	Destination string `json:"destination,omitempty"`
+// Each container is thread-safe within the same process. Since a container can
+// be destroyed by a separate process, any function may return that the container
+// was not found.
+type Container interface {
+	// Returns the path to the container which contains the state
+	Path() string
 
-	// Sets the source and mask, should be a CIDR.  Accepts IPv4 and IPv6
-	Source string `json:"source,omitempty"`
+	// Returns the current run state of the container.
+	//
+	// Errors: container no longer exists,
+	//         system error.
+	RunState() (*RunState, error)
 
-	// Sets the gateway.  Accepts IPv4 and IPv6
-	Gateway string `json:"gateway,omitempty"`
+	// Returns the current config of the container.
+	Config() *Config
 
-	// The device to set this route up for, for example: eth0
-	InterfaceName string `json:"interface_name,omitempty"`
+	// Destroys the container after killing all running processes.
+	//
+	// Any event registrations are removed before the container is destroyed.
+	// No error is returned if the container is already destroyed.
+	//
+	// Errors: system error.
+	Destroy() error
+
+	// Returns the PIDs inside this container. The PIDs are in the namespace of the calling process.
+	//
+	// Errors: container no longer exists,
+	//         system error.
+	//
+	// Some of the returned PIDs may no longer refer to processes in the Container, unless
+	// the Container state is PAUSED in which case every PID in the slice is valid.
+	Processes() ([]int, error)
+
+	// Returns statistics for the container.
+	//
+	// Errors: container no longer exists,
+	//         system error.
+	Stats() (*ContainerStats, error)
+
+	// If the Container state is RUNNING or PAUSING, sets the Container state to PAUSING and pauses
+	// the execution of any user processes. Asynchronously, when the container finished being paused the
+	// state is changed to PAUSED.
+	// If the Container state is PAUSED, do nothing.
+	//
+	// Errors: container no longer exists,
+	//         system error.
+	Pause() error
+
+	// If the Container state is PAUSED, resumes the execution of any user processes in the
+	// Container before setting the Container state to RUNNING.
+	// If the Container state is RUNNING, do nothing.
+	//
+	// Errors: container no longer exists,
+	//         system error.
+	Resume() error
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/factory.go b/components/engine/vendor/src/github.com/docker/libcontainer/factory.go
new file mode 100644
index 0000000000..9161ff05f3
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/factory.go
@@ -0,0 +1,25 @@
+package libcontainer
+
+type Factory interface {
+	// Creates a new container in the given path. A unique ID is generated for the container and
+	// starts the initial process inside the container.
+	//
+	// Returns the new container with a running process.
+	//
+	// Errors:
+	// Path already exists
+	// Config or initialConfig is invalid
+	// System error
+	//
+	// On error, any partially created container parts are cleaned up (the operation is atomic).
+	Create(path string, config *Config) (Container, error)
+
+	// Load takes the path for an existing container and reconstructs the container
+	// from the state.
+	//
+	// Errors:
+	// Path does not exist
+	// Container is stopped
+	// System error
+	Load(path string) (Container, error)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go b/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
index 434e1c5725..5c8228cdde 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
@@ -18,6 +18,10 @@ func SetFileLabel(path string, fileLabel string) error {
 	return nil
 }
 
+func Relabel(path string, fileLabel string, relabel string) error {
+	return nil
+}
+
 func GetPidCon(pid int) (string, error) {
 	return "", nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
index 0452144482..aa502a3d6f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
@@ -66,6 +66,23 @@ func SetFileLabel(path string, fileLabel string) error {
 	return nil
 }
 
+// Change the label of path to the filelabel string.  If the relabel string
+// is "z", relabel will change the MCS label to s0.  This will allow all
+// containers to share the content.  If the relabel string is a "Z" then
+// the MCS label should continue to be used.  SELinux will use this field
+// to make sure the content can not be shared by other containes.
+func Relabel(path string, fileLabel string, relabel string) error {
+	if fileLabel == "" {
+		return nil
+	}
+	if relabel == "z" {
+		c := selinux.NewContext(fileLabel)
+		c["level"] = "s0"
+		fileLabel = c.Get()
+	}
+	return selinux.Chcon(path, fileLabel, true)
+}
+
 func GetPidCon(pid int) (string, error) {
 	if !selinux.SelinuxEnabled() {
 		return "", nil
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
index 34fad6dd19..10f0738903 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
@@ -44,7 +44,7 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 	if err := mountSystem(rootfs, mountConfig); err != nil {
 		return fmt.Errorf("mount system %s", err)
 	}
-	if err := setupBindmounts(rootfs, mountConfig.Mounts); err != nil {
+	if err := setupBindmounts(rootfs, mountConfig); err != nil {
 		return fmt.Errorf("bind mounts %s", err)
 	}
 	if err := nodes.CreateDeviceNodes(rootfs, mountConfig.DeviceNodes); err != nil {
@@ -144,7 +144,8 @@ func setupDevSymlinks(rootfs string) error {
 	return nil
 }
 
-func setupBindmounts(rootfs string, bindMounts Mounts) error {
+func setupBindmounts(rootfs string, mountConfig *MountConfig) error {
+	bindMounts := mountConfig.Mounts
 	for _, m := range bindMounts.OfType("bind") {
 		var (
 			flags = syscall.MS_BIND | syscall.MS_REC
@@ -176,6 +177,11 @@ func setupBindmounts(rootfs string, bindMounts Mounts) error {
 				return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err)
 			}
 		}
+		if m.Relabel != "" {
+			if err := label.Relabel(m.Source, mountConfig.MountLabel, m.Relabel); err != nil {
+				return fmt.Errorf("relabeling %s to %s %s", m.Source, mountConfig.MountLabel, err)
+			}
+		}
 		if m.Private {
 			if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
 				return fmt.Errorf("mounting %s private %s", dest, err)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/types.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/types.go
index a2659e582e..063bbac1c5 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/types.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/types.go
@@ -30,6 +30,7 @@ type Mount struct {
 	Source      string `json:"source,omitempty"`      // Source path, in the host namespace
 	Destination string `json:"destination,omitempty"` // Destination path, in the container
 	Writable    bool   `json:"writable,omitempty"`
+	Relabel     string `json:"relabel,omitempty"` // Relabel source if set, "z" indicates shared, "Z" indicates unshared
 	Private     bool   `json:"private,omitempty"`
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
index 0aa2bb9c7a..9053f632a4 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
@@ -12,6 +12,7 @@ import (
 	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/docker/libcontainer/cgroups/systemd"
 	"github.com/docker/libcontainer/network"
+	"github.com/docker/libcontainer/syncpipe"
 	"github.com/dotcloud/docker/pkg/system"
 )
 
@@ -28,7 +29,7 @@ func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string
 
 	// create a pipe so that we can syncronize with the namespaced process and
 	// pass the veth name to the child
-	syncPipe, err := NewSyncPipe()
+	syncPipe, err := syncpipe.NewSyncPipe()
 	if err != nil {
 		return -1, err
 	}
@@ -42,7 +43,7 @@ func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string
 		term.SetMaster(master)
 	}
 
-	command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.child, args)
+	command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.Child(), args)
 
 	if err := term.Attach(command); err != nil {
 		return -1, err
@@ -166,7 +167,7 @@ func SetupCgroups(container *libcontainer.Config, nspid int) (cgroups.ActiveCgro
 
 // InitializeNetworking creates the container's network stack outside of the namespace and moves
 // interfaces into the container's net namespaces if necessary
-func InitializeNetworking(container *libcontainer.Config, nspid int, pipe *SyncPipe, networkState *network.NetworkState) error {
+func InitializeNetworking(container *libcontainer.Config, nspid int, pipe *syncpipe.SyncPipe, networkState *network.NetworkState) error {
 	for _, config := range container.Networks {
 		strategy, err := network.GetStrategy(config.Type)
 		if err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index d349282e84..3e79f4cda8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -30,8 +30,8 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []st
 	panic("unreachable")
 }
 
-// NsEnter is run after entering the namespace.
-func NsEnter(container *libcontainer.Config, nspid int, args []string) error {
+// Run a command in a container after entering the namespace.
+func NsEnter(container *libcontainer.Config, args []string) error {
 	// clear the current processes env and replace it with the environment
 	// defined on the container
 	if err := LoadContainerEnvironment(container); err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index 53d2611b89..4674944cb7 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -18,6 +18,7 @@ import (
 	"github.com/docker/libcontainer/network"
 	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/docker/libcontainer/security/restrict"
+	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/utils"
 	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/pkg/user"
@@ -27,7 +28,7 @@ import (
 // Move this to libcontainer package.
 // Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
 // and other options required for the new container.
-func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) (err error) {
+func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *syncpipe.SyncPipe, args []string) (err error) {
 	defer func() {
 		if err != nil {
 			syncPipe.ReportChildError(err)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
similarity index 86%
rename from components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
index 20132de0e0..d4235aef86 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"log"
@@ -19,7 +19,7 @@ func preload(context *cli.Context) error {
 	return nil
 }
 
-func main() {
+func NsInit() {
 	app := cli.NewApp()
 	app.Name = "nsinit"
 	app.Version = "0.1"
@@ -30,8 +30,10 @@ func main() {
 		execCommand,
 		initCommand,
 		statsCommand,
-		specCommand,
+		configCommand,
 		nsenterCommand,
+		pauseCommand,
+		unpauseCommand,
 	}
 
 	if err := app.Run(os.Args); err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
new file mode 100644
index 0000000000..5beb04acb3
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
@@ -0,0 +1,29 @@
+package nsinit
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+
+	"github.com/codegangsta/cli"
+)
+
+var configCommand = cli.Command{
+	Name:   "config",
+	Usage:  "display the container configuration",
+	Action: configAction,
+}
+
+func configAction(context *cli.Context) {
+	container, err := loadContainer()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	data, err := json.MarshalIndent(container, "", "\t")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%s", data)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index c58c30664e..eb734545b5 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"fmt"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
index eedb961054..0dd964115c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"log"
@@ -7,6 +7,7 @@ import (
 
 	"github.com/codegangsta/cli"
 	"github.com/docker/libcontainer/namespaces"
+	"github.com/docker/libcontainer/syncpipe"
 )
 
 var (
@@ -37,7 +38,7 @@ func initAction(context *cli.Context) {
 		log.Fatal(err)
 	}
 
-	syncPipe, err := namespaces.NewSyncPipeFromFd(0, uintptr(pipeFd))
+	syncPipe, err := syncpipe.NewSyncPipeFromFd(0, uintptr(pipeFd))
 	if err != nil {
 		log.Fatalf("unable to create sync pipe: %s", err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
index faa61315e0..743b20a929 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"log"
@@ -34,7 +34,7 @@ func nsenterAction(context *cli.Context) {
 		log.Fatalf("cannot enter into namespaces without valid pid: %q", nspid)
 	}
 
-	if err := namespaces.NsEnter(container, nspid, args); err != nil {
+	if err := namespaces.NsEnter(container, args); err != nil {
 		log.Fatalf("failed to nsenter: %s", err)
 	}
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go
new file mode 100644
index 0000000000..816c4da5f9
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go
@@ -0,0 +1,7 @@
+package main
+
+import "github.com/docker/libcontainer/nsinit"
+
+func main() {
+	nsinit.NsInit()
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
new file mode 100644
index 0000000000..492a0e858a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
@@ -0,0 +1,49 @@
+package nsinit
+
+import (
+	"log"
+
+	"github.com/codegangsta/cli"
+	"github.com/docker/libcontainer/cgroups"
+	"github.com/docker/libcontainer/cgroups/fs"
+	"github.com/docker/libcontainer/cgroups/systemd"
+)
+
+var pauseCommand = cli.Command{
+	Name:   "pause",
+	Usage:  "pause the container's processes",
+	Action: pauseAction,
+}
+
+var unpauseCommand = cli.Command{
+	Name:   "unpause",
+	Usage:  "unpause the container's processes",
+	Action: unpauseAction,
+}
+
+func pauseAction(context *cli.Context) {
+	if err := toggle(cgroups.Frozen); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func unpauseAction(context *cli.Context) {
+	if err := toggle(cgroups.Thawed); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func toggle(state cgroups.FreezerState) error {
+	container, err := loadContainer()
+	if err != nil {
+		return err
+	}
+
+	if systemd.UseSystemd() {
+		err = systemd.Freeze(container.Cgroups, state)
+	} else {
+		err = fs.Freeze(container.Cgroups, state)
+	}
+
+	return err
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/spec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/spec.go
deleted file mode 100644
index beadc9d87a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/spec.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"log"
-
-	"github.com/codegangsta/cli"
-	"github.com/docker/libcontainer"
-)
-
-var specCommand = cli.Command{
-	Name:   "spec",
-	Usage:  "display the container specification",
-	Action: specAction,
-}
-
-func specAction(context *cli.Context) {
-	container, err := loadContainer()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	spec, err := getContainerSpec(container)
-	if err != nil {
-		log.Fatalf("Failed to get spec - %v\n", err)
-	}
-
-	fmt.Printf("Spec:\n%v\n", spec)
-}
-
-// returns the container spec in json format.
-func getContainerSpec(container *libcontainer.Config) (string, error) {
-	spec, err := json.MarshalIndent(container, "", "\t")
-	if err != nil {
-		return "", err
-	}
-
-	return string(spec), nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
index eae9833808..3e59305b03 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"encoding/json"
@@ -21,30 +21,19 @@ func statsAction(context *cli.Context) {
 		log.Fatal(err)
 	}
 
-	runtimeCkpt, err := libcontainer.GetState(dataPath)
+	state, err := libcontainer.GetState(dataPath)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	stats, err := getStats(container, runtimeCkpt)
-	if err != nil {
-		log.Fatalf("Failed to get stats - %v\n", err)
-	}
-
-	fmt.Printf("Stats:\n%v\n", stats)
-}
-
-// returns the container stats in json format.
-func getStats(container *libcontainer.Config, state *libcontainer.State) (string, error) {
 	stats, err := libcontainer.GetStats(container, state)
 	if err != nil {
-		return "", err
+		log.Fatal(err)
 	}
-
-	out, err := json.MarshalIndent(stats, "", "\t")
+	data, err := json.MarshalIndent(stats, "", "\t")
 	if err != nil {
-		return "", err
+		log.Fatal(err)
 	}
 
-	return string(out), nil
+	fmt.Printf("%s", data)
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
index 44194d885b..8525ba9a6d 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
@@ -1,4 +1,4 @@
-package main
+package nsinit
 
 import (
 	"encoding/json"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/process.go b/components/engine/vendor/src/github.com/docker/libcontainer/process.go
new file mode 100644
index 0000000000..489666a587
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/process.go
@@ -0,0 +1,27 @@
+package libcontainer
+
+import "io"
+
+// Configuration for a process to be run inside a container.
+type ProcessConfig struct {
+	// The command to be run followed by any arguments.
+	Args []string
+
+	// Map of environment variables to their values.
+	Env []string
+
+	// Stdin is a pointer to a reader which provides the standard input stream.
+	// Stdout is a pointer to a writer which receives the standard output stream.
+	// Stderr is a pointer to a writer which receives the standard error stream.
+	//
+	// If a reader or writer is nil, the input stream is assumed to be empty and the output is
+	// discarded.
+	//
+	// The readers and writers, if supplied, are closed when the process terminates. Their Close
+	// methods should be idempotent.
+	//
+	// Stdout and Stderr may refer to the same writer in which case the output is interspersed.
+	Stdin  io.ReadCloser
+	Stdout io.WriteCloser
+	Stderr io.WriteCloser
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go b/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
index 21e4de26e0..7aef5fa67f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
@@ -27,7 +27,7 @@ func DropBoundingSet(capabilities []string) error {
 	return nil
 }
 
-// DropCapabilities drops all capabilities for the current process expect those specified in the container configuration.
+// DropCapabilities drops all capabilities for the current process except those specified in the container configuration.
 func DropCapabilities(capList []string) error {
 	c, err := capability.NewPid(os.Getpid())
 	if err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/types.go b/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/types.go
index feb38e3338..a960b804c6 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/types.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/security/capabilities/types.go
@@ -64,8 +64,6 @@ var capabilityList = Capabilities{
 	{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN},
 	{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN},
 	{Key: "SYSLOG", Value: capability.CAP_SYSLOG},
-	{Key: "SETUID", Value: capability.CAP_SETUID},
-	{Key: "SETGID", Value: capability.CAP_SETGID},
 	{Key: "CHOWN", Value: capability.CAP_CHOWN},
 	{Key: "NET_RAW", Value: capability.CAP_NET_RAW},
 	{Key: "DAC_OVERRIDE", Value: capability.CAP_DAC_OVERRIDE},
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
index 6cf7bd7104..709eb9d815 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
@@ -9,6 +9,7 @@ import (
 	"github.com/dotcloud/docker/pkg/system"
 	"io"
 	"os"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@@ -76,7 +77,7 @@ func SelinuxEnabled() bool {
 	}
 	selinuxEnabledChecked = true
 	if fs := getSelinuxMountPoint(); fs != "" {
-		if con, _ := getcon(); con != "kernel" {
+		if con, _ := Getcon(); con != "kernel" {
 			selinuxEnabled = true
 		}
 	}
@@ -145,6 +146,12 @@ func Setfilecon(path string, scon string) error {
 	return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
 }
 
+// Return the SELinux label for this path
+func Getfilecon(path string) (string, error) {
+	con, err := system.Lgetxattr(path, xattrNameSelinux)
+	return string(con), err
+}
+
 func Setfscreatecon(scon string) error {
 	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()), scon)
 }
@@ -153,7 +160,8 @@ func Getfscreatecon() (string, error) {
 	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()))
 }
 
-func getcon() (string, error) {
+// Return the SELinux label of the current process thread.
+func Getcon() (string, error) {
 	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", system.Gettid()))
 }
 
@@ -396,3 +404,36 @@ func CopyLevel(src, dest string) (string, error) {
 	tcon["level"] = scon["level"]
 	return tcon.Get(), nil
 }
+
+// Prevent users from relabing system files
+func badPrefix(fpath string) error {
+	var badprefixes = []string{"/usr"}
+
+	for _, prefix := range badprefixes {
+		if fpath == prefix || strings.HasPrefix(fpath, fmt.Sprintf("%s/", prefix)) {
+			return fmt.Errorf("Relabeling content in %s is not allowed.", prefix)
+		}
+	}
+	return nil
+}
+
+// Change the fpath file object to the SELinux label scon.
+// If the fpath is a directory and recurse is true Chcon will walk the
+// directory tree setting the label
+func Chcon(fpath string, scon string, recurse bool) error {
+	if !SelinuxEnabled() {
+		return nil
+	}
+	if err := badPrefix(fpath); err != nil {
+		return err
+	}
+	callback := func(p string, info os.FileInfo, err error) error {
+		return Setfilecon(p, scon)
+	}
+
+	if recurse {
+		return filepath.Walk(fpath, callback)
+	}
+
+	return Setfilecon(fpath, scon)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/state.go b/components/engine/vendor/src/github.com/docker/libcontainer/state.go
index a055bb0ffe..ee5d14d2ec 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/state.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/state.go
@@ -12,14 +12,33 @@ import (
 type State struct {
 	// InitPid is the init process id in the parent namespace
 	InitPid int `json:"init_pid,omitempty"`
+
 	// InitStartTime is the init process start time
 	InitStartTime string `json:"init_start_time,omitempty"`
+
 	// Network runtime state.
 	NetworkState network.NetworkState `json:"network_state,omitempty"`
 }
 
-// The name of the runtime state file
-const stateFile = "state.json"
+// The running state of the container.
+type RunState int
+
+const (
+	// The name of the runtime state file
+	stateFile = "state.json"
+
+	// The container exists and is running.
+	Running RunState = iota
+
+	// The container exists, it is in the process of being paused.
+	Pausing
+
+	// The container exists, but all its processes are paused.
+	Paused
+
+	// The container does not exist.
+	Destroyed
+)
 
 // SaveState writes the container's runtime state to a state.json file
 // in the specified path
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe.go b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
similarity index 98%
rename from components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
index dcb5d9749d..10a21a9efd 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
@@ -1,4 +1,4 @@
-package namespaces
+package syncpipe
 
 import (
 	"encoding/json"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_linux.go
similarity index 95%
rename from components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_linux.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_linux.go
index ad61e75d29..bea4b52f9e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_linux.go
@@ -1,4 +1,4 @@
-package namespaces
+package syncpipe
 
 import (
 	"os"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
similarity index 98%
rename from components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_test.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
index 69bd0abbfb..3f99a7d1fa 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/sync_pipe_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
@@ -1,4 +1,4 @@
-package namespaces
+package syncpipe
 
 import (
 	"fmt"

From ad74ef7753608076b36d0a42e49fd2436af64707 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 14 Jul 2014 12:49:50 -0700
Subject: [PATCH 125/516] Update native driver for libcontainer changes
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: f00e64357672ea3a130b2570ce34ea48ad51bbb5
 Component: engine

---
 .../engine/daemon/execdriver/native/create.go       |  2 ++
 .../engine/daemon/execdriver/native/driver.go       |  9 ++++++++-
 .../daemon/execdriver/native/driver_unsupported.go  | 13 +++++++++++++
 components/engine/daemon/execdriver/native/info.go  |  2 ++
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 components/engine/daemon/execdriver/native/driver_unsupported.go

diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index 13f81c7180..a96270d8b3 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package native
 
 import (
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 90333703c5..3f2036b8c0 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package native
 
 import (
@@ -16,6 +18,7 @@ import (
 	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/docker/libcontainer/cgroups/systemd"
 	"github.com/docker/libcontainer/namespaces"
+	"github.com/docker/libcontainer/syncpipe"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/pkg/system"
 )
@@ -32,6 +35,7 @@ func init() {
 		if err != nil {
 			return err
 		}
+
 		if err := json.NewDecoder(f).Decode(&container); err != nil {
 			f.Close()
 			return err
@@ -42,13 +46,16 @@ func init() {
 		if err != nil {
 			return err
 		}
-		syncPipe, err := namespaces.NewSyncPipeFromFd(0, uintptr(args.Pipe))
+
+		syncPipe, err := syncpipe.NewSyncPipeFromFd(0, uintptr(args.Pipe))
 		if err != nil {
 			return err
 		}
+
 		if err := namespaces.Init(container, rootfs, args.Console, syncPipe, args.Args); err != nil {
 			return err
 		}
+
 		return nil
 	})
 }
diff --git a/components/engine/daemon/execdriver/native/driver_unsupported.go b/components/engine/daemon/execdriver/native/driver_unsupported.go
new file mode 100644
index 0000000000..797b7d436f
--- /dev/null
+++ b/components/engine/daemon/execdriver/native/driver_unsupported.go
@@ -0,0 +1,13 @@
+// +build !linux
+
+package native
+
+import (
+	"fmt"
+
+	"github.com/dotcloud/docker/daemon/execdriver"
+)
+
+func NewDriver(root, initPath string) (execdriver.Driver, error) {
+	return nil, fmt.Errorf("native driver not supported on non-linux")
+}
diff --git a/components/engine/daemon/execdriver/native/info.go b/components/engine/daemon/execdriver/native/info.go
index c34d0297b1..a27d5640a4 100644
--- a/components/engine/daemon/execdriver/native/info.go
+++ b/components/engine/daemon/execdriver/native/info.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package native
 
 import (

From 5901c9dd26ae831936bd9934e65bc1230d6b0758 Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
Date: Mon, 14 Jul 2014 16:54:55 -0500
Subject: [PATCH 126/516] add systemd MAINTAINERS file

	new file:   contrib/init/systemd/MAINTAINERS

Docker-DCO-1.1-Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> (github: lsm5)
Upstream-commit: 5105981431def23a7424a0c0c09095d815243ea9
Component: engine
---
 components/engine/contrib/init/systemd/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 components/engine/contrib/init/systemd/MAINTAINERS

diff --git a/components/engine/contrib/init/systemd/MAINTAINERS b/components/engine/contrib/init/systemd/MAINTAINERS
new file mode 100644
index 0000000000..0c6b0e9d70
--- /dev/null
+++ b/components/engine/contrib/init/systemd/MAINTAINERS
@@ -0,0 +1 @@
+Lokesh Mandvekar <lsm5@fedoraproject.org> (@lsm5)

From e091331e862954d6ef05885106333b43ce0c9f6d Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
Date: Mon, 14 Jul 2014 17:39:42 -0500
Subject: [PATCH 127/516] use systemd socket-activation by default

	modified:   contrib/init/systemd/docker.service
	renamed:    contrib/init/systemd/socket-activation/docker.socket -> contrib/init/systemd/docker.socket
	deleted:    contrib/init/systemd/socket-activation/docker.service

Docker-DCO-1.1-Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> (github: lsm5)
Upstream-commit: 076ac1d7d212c3a81a401a2fba8b9965bc26df16
Component: engine
---
 .../engine/contrib/init/systemd/docker.service      |  2 +-
 .../systemd/{socket-activation => }/docker.socket   |  0
 .../init/systemd/socket-activation/docker.service   | 13 -------------
 3 files changed, 1 insertion(+), 14 deletions(-)
 rename components/engine/contrib/init/systemd/{socket-activation => }/docker.socket (100%)
 delete mode 100644 components/engine/contrib/init/systemd/socket-activation/docker.service

diff --git a/components/engine/contrib/init/systemd/docker.service b/components/engine/contrib/init/systemd/docker.service
index 6f3cc33c36..4af71378c8 100644
--- a/components/engine/contrib/init/systemd/docker.service
+++ b/components/engine/contrib/init/systemd/docker.service
@@ -4,7 +4,7 @@ Documentation=http://docs.docker.com
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/docker -d
+ExecStart=/usr/bin/docker -d -H fd://
 Restart=on-failure
 LimitNOFILE=1048576
 LimitNPROC=1048576
diff --git a/components/engine/contrib/init/systemd/socket-activation/docker.socket b/components/engine/contrib/init/systemd/docker.socket
similarity index 100%
rename from components/engine/contrib/init/systemd/socket-activation/docker.socket
rename to components/engine/contrib/init/systemd/docker.socket
diff --git a/components/engine/contrib/init/systemd/socket-activation/docker.service b/components/engine/contrib/init/systemd/socket-activation/docker.service
deleted file mode 100644
index 4af71378c8..0000000000
--- a/components/engine/contrib/init/systemd/socket-activation/docker.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/docker -d -H fd://
-Restart=on-failure
-LimitNOFILE=1048576
-LimitNPROC=1048576
-
-[Install]
-WantedBy=multi-user.target

From 927ac2785f1c2932e99479b7f53f309e7a390d58 Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
Date: Mon, 14 Jul 2014 18:07:40 -0500
Subject: [PATCH 128/516] systemd unitfile requires docker.socket

	modified:   contrib/init/systemd/docker.service

Docker-DCO-1.1-Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> (github: lsm5)
Upstream-commit: 0bde827c3f01fc5ae99eb0b93170e75c99cd5d77
Component: engine
---
 components/engine/contrib/init/systemd/docker.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/contrib/init/systemd/docker.service b/components/engine/contrib/init/systemd/docker.service
index 4af71378c8..c67c795ed9 100644
--- a/components/engine/contrib/init/systemd/docker.service
+++ b/components/engine/contrib/init/systemd/docker.service
@@ -2,6 +2,7 @@
 Description=Docker Application Container Engine
 Documentation=http://docs.docker.com
 After=network.target
+Requires=docker.socket
 
 [Service]
 ExecStart=/usr/bin/docker -d -H fd://

From 72805d66a0636c50cf0b97ca5e7b4246f11035a1 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Sat, 5 Jul 2014 16:39:44 +1000
Subject: [PATCH 129/516] The installer completed page now contains information
 on next steps, so is more useful than the intro

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: f9760144109435e12de526251275a9a3e1b7c8fd
Component: engine
---
 .../installation/images/osx-installer.png     | Bin 117896 -> 105000 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/components/engine/docs/sources/installation/images/osx-installer.png b/components/engine/docs/sources/installation/images/osx-installer.png
index 635ac354edf9c96c8362e14c394dcad4f94653d6..7db5a7e0f72ce41818540c0d764d19a2380a56b0 100644
GIT binary patch
literal 105000
zcmcG#V{m2N+BTZ*bl7pncG9tJ+qP{x9ou%t>DWfcwz*>4D_SS}-TT?+{c(Prs;|Df
zYpq#z&!IVo?(3S@h)|Fdhlj<61p@<vmy{4u0t5RR4hHsR2^#X#b5G{+8w?D#)KXYj
zK~h+lP{GOG%+kgb3``;-B^62`X%&6=>ZzDrixBl^KD(e-3X0cp*D5p&Su)a(z(8GO
zGz~?OqMu*sL{W9V6Iu(3)YU?>)zXa=6jVk*;80zG<L`8_+aFDGGn-%9%S}D?9BpND
zJA)DG8{Ytb)}n&_>2wjSE&a~RM3ouq4O=UKH3I(AVASY4F#4~6{&maa4c{-bC2lch
zE&seHec8+(6ei$c5X89S$o0y|d@;{3Z2IvCV39!stjk4r<{lJ%^<Rqwf~n0o3}fXd
z9L{mwCl7-mJBWFp!Ez^zU{Jsa-vb6tu+G1Ughh+31P|}rA~g%FB;<?;Jra@h1PuQ9
zW6A7;Y1p;mKP&mnKB-Yh9+g6P*w!$Cy%j^fUs}rqnm&65q-GLl0)+7#oeKU^dmK)T
z<fxLC0>d*f&IlN$b*5}SXec5(`wlZ`U1D<05ymIYb45oDqdm=F(7O*xn1zot<I!oB
zj*6dOBOmtCjbeYahfO&1EC+E;YewWF-(~m0KjoPlI)zUQ#a3|8Awfi0$6|PdPp4Dq
zl*LSHtx)qaE=c=SbFjNR@^&&fBJgjDR`$!o=#+5|D&u091&8;@if3BoCTVO1eCG<-
z<^DoM_~RN3=lKgdQlJYG)VC8yYx5V_){+}$h>hR@7cOv5GDjEkINQ#2J2Rt5m+gtH
ztXF9O;#4<Tc&L8(jV0JhJ5iT<15%Xg*WYL-;G%s(G8G75qY_|RYz?A;(QPX-72t4$
zUnPr#M1RAw1mH7#HTw&@0&c#I&?yK84WVd2rsPU20r9mKvJy&L0AU2&`>&q@B$Xh1
z8PssE<P7Xofb=$1E6mGZ-fL*M0L5!;nO|`Ruz`fQA^~Ob#6^&n!lCh4Cg7Yxm+|zd
zaH4{Y3SS3;L}t7!aFU_WgiICC7Qo)W=7i7*F6a9le_?@(5xn|c!vIU(UtbGb2~Hni
zYXEr;9@a;_{mp|l8^XN5V+W-bn-8+(Z`yX&HLnM>AG~}4SY&WP{(_<yB~CIm6&PAf
zq&SQMj$&JxkqT=$%wp`R*rp(S{*a>nj0OvutT;~o#jM^j0}D<Ub{BF^9G&oTq4tdK
zG54|I{kIpW&_Kl@OrvuK85vUYFAb1MK|hBUjHV2#4K5AE7zye$Xy7ZNnufd#3u`4;
zTvvR~1#Os{!Pn#PdgXQ<I7G9FroLeOGTxbU<ZM;iVB8Shu-%}%WX=s%@6X!dy`J^J
z_oME{^hfpo;*SIR$}bvEZ1Lk9`pY*2q9g?Y4j~JQ4dQ5&lJGeZ-2!mN<aCh@AsQk!
z<QgP`AAlqYQusvLpWy>!w&W@Ca`Dv(p_2L|OeWy<)SjH0B3rW6B<}G9@c?B?RJ=%L
zvdl!eRawj5Iwd^CKB>Q@Fr^vDI8d@k$H=ru?W8*sNF}VKnMl>8%p}pJa}ztsIO#;=
z=MtP!j3jN7snWQpSqWKx%BHZTAjHe1Or`Nr`RcwD!^w$>59x-IB+)99IBS{(M;2Hq
z>He`fWjjSaMLR8{QBzY-{h39YMd7W}tnMZxCpINSr(;*8)3)K+MuZ(%B5XXTWC78b
z)cD$1b4zs#2jl?i-pby#9Pt07QF2fVR~}KdP-`u{R!yiru1>FPRj*UMi9pdB75FJ(
z88b&zOf9t+WrDFvZ$v+)>*6#kY^t#;z^UPx;}qi*cUu%$9$5;jU#xOaKh{bmyQs-3
z*(C80c$$u_I;j{_p;qLkc!8!HJN3JCM*3Ly9>&$wmEJYME5)nkB{{TOEPY5V#w>;+
zQ$!YL(qoc%Qf?B4mX(&j>Om_;3$Y1ijcqMr4XUxDiT~vIROI-4#&Xf~PsQ)?g~>VF
z1>Z{XS?4+JD)lONb%F}}!n{g<g`R0Jwptbm7E1P3Q)nD5EGKwG>__?`nr7VzZJjQU
zzu`6m3}XydEZA%%Sg+Xjtahw^4I<W(_laH7?P+febu5yMoJO}JDnkqFE)|v?C)~{7
z%*~o@tGdpSZDBz2JGQ$P^iXt1^e`Go+CQm&soXT&v_0CI+Ax)wl|z+HmBy9Sl~6V&
zwqI>;ZL3#}Y;<kdS92TQjm%Bc?A+%r>Agu_O<oHh>C;Z>Vzj+XPQrsi!N>E*3`Y_!
zG50)H97iNKBMww9?k6<oGxl`O-U9QdC5&*5I~^Gvkz2DJf%{fR?Y&L?@CSz{sb@=P
zbbI)RdWRni!u=$@g|o(e^K;HQ=3y8^<HOc9%V5eOqh@Rj6rELF>>lpGcwZr(F`rx@
z_A{){`nv(YeUGnS+<Viz=SS5S!e3am^xKlZ?Y2+<>Ic;d1_&MqP6x>bEkn77DF~~D
z;KBnjPf@gxUMOYgWl)!}=&-tZI*HztgSABr2Nd=bN8l6K3zG|46>Vo*kFSr{jz>)|
z#~<l&bnV)B%z^J{?bJ)vt=&qNrekAw6{PBQYB`a;10n;sF~A{M1Jwp{<BU4Ax*s;`
zk6#|GW0_0CnbD7s)G?okw}`qKK1>6J`?`bcL`nyC2OO)ZTcTgtMydZWohUmAIO*QH
zNQp=}Q}MBqKhVgBrcInlDa&eSElsoUA6<v3tygXJcnNKjl%Warq4hPpXqvR1AfH4u
zM};!uGLJFy)xhXGTUFg_ZLQ_X1Wo8>(AV?S`{{-04eKqp>G{5=KJ?>Y;*_%q;TW^K
z+0AVvcUihL938&U4$zKj`>k8mH#wYz*&?s6HK^9Jo5$HaZEU5JB#?|?tr+$cI#GC0
zxSL<m-RTy0`0YD6+3#oUqaFE<n;!w5NAF7$^Ge)@uP$k8sW=*;I>K6xKJ-ev9zy0q
zG($*U-yWM#XQP~=_|Em4KwfpCjt5_Mzsv^YqW}_{m8#}=iveRO<CiHN$?WQs>gVOp
zF7eLSk3>hpvME$4o+<i>&WMO=o@z}hXDS%W2G&egxdbr$bMFn4)9_7FO`c7FGY?nc
zhu#NW_$7FF@sv1pmcE#Rp*rL7xCcCU?yV)01(ih^>nZLpa^Z5FFJy;luN1y=Zn^cG
zi!NHPE`wO785`(jWDTYTtaYwswB=Qx%BR&Sx7SDJ9&C`7yWG1D(6j9h0wWxwo?b?O
zqMc*4_X@Ko*}<~NS@o!JJR$AM4Z`(7@21V^qI`I9d^7qoY8kgWr^C+u{Tx0Er;5GG
zuK8Z$F&j8}+rr$X)<xS=Y2Wm)`q=bDf6?Qxe)3q%ZRcLSWxCbnIStYSz1O}5fsaFl
zLUIPt6BO}yyfW<VEEG=0F~&LPN$~#kD}QTzaeoJ7g;j=5A$Gt&@qG7uv<T+CeL>tI
z0Eji@Dd%GJD0t6a&z&E%F~-$(tB>o&bRYKQVow8=U#273z3k;c2XE@rBKrf!+P&*1
z?!YTFz_M@c^9&~z2k_qbboh^aTOJz!vVR?L?wxh_Eb0#{zyToDedccu+PT}iaXGzb
z$s;qEjQvVEu=DHzwngOpl?)cliU3R`qAkN?>318aU+Q1L&Bg|gwHnxh3m8&67MQ*X
zt*9E_09no#Xc3+TtiOkcMxaudy~)YLMv1Bs3nd=jcl-<p#}_akg7n;6tDM{qy(rXI
zq+hXd&JEAeKy0GH3NOY98M+wj08pbp*oGuX3Ju;m5)2Fs(nwld1Pt^q``uNV^yz_d
zkkE7n1N;8tU%xM4nc0}1PAC^iSy8AhC`52ZDr9i$U@$O3Fi8<X6_2&^98VvW#ntDY
zr>Pv1L^vX%VAlFE;)p<4RAdyDBAP*o5RIbFdX3*zC)$p{G8Mm0v^4aTr{x9xgg}Wu
z*IzA><BOps2q^>4VNewNas^OO3=$`tj<x^<?q=ySmnMdauTI^0(*lQd=H64zm(IC&
z+1!Lk(BHlW2>gFs1cT!J3{L*JTaEbs%5q-B)%`t4@!yHJJJ_Kga13drmObN85B&{U
zVE<i^5C72btzXvm=>eEl=aNMJ(tQl5|1RZO4_=h_Sa<{g&xVR))hYRa8LE`-+$Zp#
z+pV6E1sRNG%f^&T)}&O+2DqVqCP`O2(Nh0uUhe}=SpHBhx)G`sxmW?n>kl7E9Uu7Y
z1jjv2FtPwC61YZC?0E1K)qmOnT|Lbayrw5ad+g7y0MFs;{~E`>BB4^<%aQCmWO!a6
z8g(frD~mT<u3ABajEs!e(~>&pN-8O|9OLx@N+mrB)d9@B3D0*g-P@_XzYp81z1ypJ
z34Q!;TMk{n;Pd-<1JbUy*n>R!f?-~Njq{Nt3}Hqn@qRvxBPDp<cXXO#cB_T5G$SLU
zmlvGFu(>bQA=~%<4$2ToFQE9=Ra=UE`u}AB2cUGKh^gs8u4;u^*T;gg{KYL+gx1V3
zjaZ!^{(!=j;q`4DL^u|Q!}j&@@o{%%iLZGK>dR9TEK6gMuDusP{k=vVYr>3oS(}Z>
z|9=_iO8uj~`Uf7~rup{Y0Fqz*0>z-@>D2ka?kq3lVlFrl=IQ+1*Tz3(Wg6y9TI*Sw
zjmzshew54wp;R+5YOMrw(G0D2u8aC3|Jy)es{V1q&P;T4cHbNj6nyg>atE*}A27pu
z#R|xd{Rgd@nxDM7N^*o#O<82WuN%a;B3oywkxYgTVJ<A*oSn|(KS?L5nEMJ{{keLX
z@$Mgt49;TwwhZ#(HnJE-!00ei%iA^<`XIj@jymLuQsoP=lN^wSa?ur1BMx~B`S=d}
zw*g#$uehF(({A%VASiDHYZh@|d=ciWe11m=<KbId^=h5fAJqXt)C#JqgCXBBT0L%v
z5yHTKrKe+}prA;6hQ?f6?P|iGZ!ZRBuByDepr|OgzMhGS8XmE7)2>vr!K~3@wm=Mc
zs#LixXPD~Gk>+Nc+{qVWQTf$ZUvTVUQUoU}*B=Z>7u484mS<)11VbuMRDT9n4<{mC
zXiepn66(bX)3vHQ)A)cW|Iwc0Tsrk*wH^;fk!jJ?ob#%2w%S%`dsDTg{jFkr%5e*8
z)YdlBuub#jifXT-kfQ97ip3g`f&il^1On;a>qmoxKG-EcUZ1XxlH~bzb_b(ate2w0
z2>jB$FWX85f$WxZMTidA*UvoRTS)Q+e=zE*F$ZRz`wb8aSQ~}R(60ugFgP7|zv0J)
znN4QSHrr~0(dl=~I65+7(CZZmhan6M4?}&kH4}WL-ip6pYq6JaFq@S5>=3N+@p0>-
zwB%$JbKoh8iv?5-wSU9Z{EVDss=n_5lk{+<jhSWecp+VJ&r*8q%f3CE@%PD!>I`*X
zQ#gvec1TDNXc0qhejq1~?2^=@@)w3=>P<QJB`lQMV4zV-Eorupt7-vSld$y~^5hb#
zCW5LkhQ9ADqq$b;t%KCAJB7bGj5YsDI6i+)-@7Cm9lFnic!xK`0Y4Oy=^UM@{)NGM
zol|A^)lF5q!x67LQt1XM&>IhTVzmz=4EE2QYteD)#?wsy{Ymn6$JSs%6%KHW2x816
z#!5)&%+2L$D?{Vp<-otr;9`-j4eO;QrOt2*z*)X(Ve1~)BKlXL6CY@uLa|csNS{{7
z&E#>sIS`t?Uh9WwB?K!>&>1v>Qx3u&)c5Tz&2n?@b?+8ke#PV|qmNKjzv}VvqCZ=@
z+V*KmFpug8WjGArR<Jtm39I4P9o~wXEkeMNS-1E}_|&hx?5NU~bpJ*7YdwhW;j^P#
z9-sXi4tneXd`p#@{W<Piqd|y#Bcn+anq6M3?bXW+C}$&p(}vAX!CVo}fvA;jvO@)7
z#ubT1F!UaVepk}cc}YV<BDIQ?{e6>y!a_w<5^h!1Kc55q_wQdnDCCfkkp*2`T&fUI
zbasYHFwoFcD|)RwzLr<uB<p?V`&<=QY?=kUdJo_zt{oZ@4XgqDXMd(mbpbM^d>Ed-
z)sNfv!t8h<)Jdyd4~zUBL;E%U7Fi2u^NRYwckqY|AM81F*S5!?af8%u@%r5=zM#R}
zu+xj!a;nzsv}-FWY&DvC2yGP>MK-Lc3ncU~_=^HDSCg-#E^wpTdr~`Cax0q_nQj-i
z%XH2buXe<VP;<PD^?pEYRHFn1lS271bQ~oY(!>%h<%#&tP4y|Kl4~AEypFk|XX{5a
z^!lePsS+MP_U5yco+p$r_j4j*Pr}Viam<rey6eIGyL;Rh<@SO8ovMoGw>`uNY>>6m
zF0Dl-#_-9HY@&$V3lxPMbxIzm@R~cs+f@p@k#w%a)P!XU|5c-)GU#isS-ZfGjw%1~
zWr>Za2FZJSWAM$W;j=EgcXw4($NdScZ8*T=sbEbia)9&E-P7%4o3n%}o&qbafq`z%
zhxgA3V0;{+zEFD=d*S6-aOt!4k}W73@q28-$HEVn@Gn=zHJbO+I^ohg6eR7tJkH^?
z5NNF|lOBN(w<&E^-r8){E2HfjZg0Cg)nFXm@6ohjQ;9Fn&@}C_Pu?^Bj30otJ<wz-
zXex)h?I_n9lhq0}v*f0b;2pYRam+l=SFA>_3!B(qdS=)j*NXg6FJ>qa#}Ic+aC}0_
zL7d6?038i2|BUNmy@i5_38iK^YW`&4#AWxvD<V3&$oKWpB2&!K(XmPl5zX%N8Z<ZW
znzOsRi+yRr9KcTA<$N>+5p0F-j!YLy(umM2)>M5Ka344w66FY89S5+0?gpHBhX+p)
z3h{q<PjVG5pH;b=p=HbYGNPKnVrw1Eyo6bIY`=Bs(Px%Gd?4cEPON<{AzIh0y+axf
z-jIkqJNuvHL3Y$4W3s-BWAQHGqAJDAzJv)`WH>Z^y-UEDw0E1z3z^;#r%Mz>SQDpG
z147AdS|O^9VX8Pb9mooS0GK(RxnThGrcsBoC56#Uoar0UPb8&DU4p~m44hT=AN{oi
zyA%abI_*Zjb%z+kr!1Yzq{z!1i)(KrqsynY><=RuXQG%^{WeB24hu61?y=nq<>9eH
zBJ+MxgE?ElihjUy#>eltdApoYJK_|hcrSL^vq)@Q$3pURD^T3EFqDU-MiX=(L4*Ds
zJu2j_P*jkqt#4LXloB0cwS)v9@V-osXS|0DB~|g|?Y8dA#!@|6j#u$bl=!P*osP-f
z5#YBacJ7!H4LWxm&j&+Gi|ugEJHFvdu%Ad)GD-ab?^~-j+-0EbIsMIV%OjwRFdrkY
zxRZSR?5pls4<^X|;s#_kuD|TM)@T_te$cmfv+dSlIbR|hbTGXLKZHKvzc9dZUP~lB
zq2Nr>08pr$b;u9MNTbswW@JRxO#M?`EtYzK4S(43`^S$TKY#xG<Ek^yLW3^-yB-Y<
zEk=r7W98#M(3~cQHcwL=e)&d7ch{@|hB*pAZ=#uc<JHA#hH1vk>+dUMF6T#fd$c1@
z;qi#hrLCgcB<AJns=_?T_+9I<bgxEUmyz_tr*D*>rE9w$VtPy{E-cBv?9)NB@eAv1
z(~&DLyuKzug<D<cJ>24!lg;{P;-S#Iib@r>=GO|<z6wFdgy_R|k%o@-MM{t=P&yQ#
ze|vE7^H5*9dB(*+f8jmPp$zqYrMf82E4~O5>tRgO&30>~*I5os>j_8nMOTgQeVxDc
z+qv!&`=d(B_H3!25Y7Qg9_Y^a5lxp37SM@95{6Jvr7QgSfcS=pOiC&#KKD>jbAf0F
zMM?^@LC20?A*92MN5?X3w>ab4>ckc|iQ`P^gk`(h1%g)cZbI}ZqngIsNs3v&M$58$
zf;Tsqb`w$PJrt#GqtSf6-Rr3vwoL9yDKMDT@p$(#j4CLm*>m*teFt}Ox%RmB;OVZH
za=~ZG=I#OF0QK?q-+m!9)*h>%`3{!EtW&~{abH{_X!tx-P`yOj=GpD-lj$3-!<jgF
z!Agi_S+vK-4vo^Y)!Nl$?SO8eFN{s9vpN4}vgSE{P6p$S+v769#)#(MXLQ|b$+Ct*
z_G`%(`*-$+`}+~3qB<9G)rtKynswhLQ&+BA_=Sc1{XUL2HCz!Xp6tyxk03t!;xj*x
ze%fY%IqYmhvY|EYe-w>ZPLERDR_8I)`76P{r@07&3TzxWL6jI!jU;+=3es^2SIHJx
zWzJI<ckyKyK%>caY~TF^L&TY-%XviipZa#M$-IEnm$CWS;gYvtk+zbLG+Yquug0(|
zF}IGJmnqTajx<3@{rawLh9hNe<eC6dPEO}r9?6{Dvqg}dr7*|yg%%&+hD_;BIXg88
zlleC|eqO-cf2Tu7yuXbN4SH0um?xSj5gS{x;4LB(ToC^jl6H-t^hExMS?+)X<M$7t
zb{)FUUDVnWSBQ4~_}D^+PCW);AH?k;HotN|f#2B+f9%4AqucH9rRD*KU#C-~l_Pjt
zGek2CQLW@NNLn%s;+EEBMCx6JIKo;poYXnXzeQwi7B-j64-$0%PVN(MT?bQ%v|`3P
z+#<5iv*HlGfy;0J)j4=rT-(BH1B;qOx|ov7kLBxz^#p~)=X(zl98{b8wO3I#ZNaN>
z-9?d?N~&b`YhJ5_3u#^O($;$eCbKNJ?gYg)j}97KxkosCpp0Le4~4c$ap~+PN%-Xp
z|C|w<TEVqf$7e6a&F7t$m`)4cTcHVOSLV0nSird7u7Kx+yXBhBi?6Tb0%GzWY-5(K
zD>;szc~O7ay;Wt7=+9S5=oB@UrI*k7@coRJ^rQ?S&kQZ4iR-BWX187jJ!=ADJ*MzY
z7E|F-ImMZp?X5daJ>P5}js{%iJG}hPAS1Km7@FOAeg<9cO;B`Lu395?X^H-zunr)^
z+N1y}cepD=4!mDvzPv;uB;pphZ#%9ZFEJ;Obg1%_hjyGJMXCGCb!u+;YUiioAKF*A
z6R}?OUe9)gr<J!UT(YLFu@;69yX5@fPOIOk4SE%q|Lx1tN{_pLMc^-()|kiC-jG7i
zKV~*ru0bB%l_mkRp^lsV^DTM);__gJfMRx{U=O3C`fNnjj-<(5yZN$1;z}?`GCD%=
z(TlUi8|@5HZ@;=X&QV^QI;4Z&^fi;rgCJ`lXOd)w$F3UHuQznhR^s)Bq|qipqmUoV
z>l=#gF@QgzN*nR^Aw%kgT-5P#<ja2Zdt1dOOyuL)aptV}{h|BK3OHUwIbT0Th4V`4
zatejt0{W(QZ|V02pjd3dbR0pUcR@-NnR+<+!jJufw?B6yie1M@*84S3LtiXryW!_J
z5%E>~*9v~*tPbbPt2uNU+vA_RV^kSc89o4vZO4Ox?92z7-+k0*W}OH8XJqbv`^&%3
z4}rA3-+ESW^&2gaZPywNK_BlnTb-N+=P&GsbULl^5kDxFeu5Zsg?kb(Q`?P@$R_mD
zX~CV!T=CXc5=rwZVbP-oTkc7gEd)Stf{Mvn%wL$P-?iqxV^E%Acp1-qKXPNwLJJw6
zr<v-d>2hdDcj&0aMw!5&18c3W4~|NMcF)nw7SrYK4m5W+TV6y1?Xt3JG;*b}3(ea~
z%rvZ?Gu``C(EaqFvM+o&!y6E3SGcDny((1ETSeS*(n(wU-IhgshEBRMg3dm|l~Rg;
zJYNhWW#SSZ9aAjx1|DCslR&lxvViONCf{D{+}LuVfO>xyOspFrL&Z>?>9p2fJHyt4
z*K)Iv{sEKOVk<r_f~7k@Q$>4{w+5^0x)*6BYMnLkb5)&PR~$C60YQT%)Th$yR$M%l
z_gv=*InhQi(a17q<{KV|KMz4vF>gP<1o_gL=;>VEeSK0TuS@)#x7OZc4#9^3tgH%J
z`^GRyF~#%q%onLEEObh5p{#X_)jp$S-L$WanWc}mCVRb6F8<e!O1mbVTmfVTlFL@3
zvj>$TiAM3RIp0I{4HLK*DA!3$DKx#W!N}Y}nDRTwCT&0a{a?UZM6E2mXk@db%k=2E
zkdZV;cj(m`sHgkDvE*lY_4+D=C3n;{Xlak<$Rn*vWrn%!k1D3S4+78d*TgJ5cu|yI
zzsTUHMw8VpU@YX(xN*5l?aqU%l5Q=fs;OPKN3J;6W~c8X!=2B4Rh^gg+ZL4b?MfsW
z9+!}`2#JM?+6c_&mp^KzG+veZzG$c`p2$1Ud?H10f)o~uK3{6f0~F_V!COlpPwN&-
z^nEe3l>{xYd2GsUDB4Ez87W3%j_%rXR8zY6Z!^BQL<<V{*~N)3v$9l`&}mhoh=>t-
zHenBCkxGiNT0_kFO{J>Nmz(kkmwaS*Zd9GWS@B!L_Uu1?#4%BF&gy_%>FaE{2_=Vp
zed$o(c^Mp^tN&jpMSzATDkB3|S6An9y6{KrlRZKHL_IZc!aQM0cy4+@?u=n{tjo1L
z?`nR>m4EdKvnD?&o*}aaqH(7xvJHXX9qY0xD#?~JW)2WIS$bt>oUJzXH0)emFR0`z
z;93Ch^uC`Ft2Q(q>s}nijLwEor5M?A*XN`z5q&a01Lv8Y53)vk@`G|oB?F4#YnE{|
zl**|625pwLw*yS-(jlqB#sD^{HcN8(%$@D~^y}xS-p1i=4xz!p-(vl}BO6MoEb?4%
zsxpUn=BVp5NJ+8i)YW$C2b{D!yc2w`L@Ez@Q%OlTTTCE5;w_elA=B2uTOH4k^1VOf
zuEulL;M^mAGeC3G`6eVUWXWCOdRD&oW^2OChN?%`Pzi0<DQ=$amdJ-EhKLxkCu!y@
z992&k)F%H~CzoFOC?MU3{CZxWM@$+B8^#U_l2@ZMQW)Z>#&stoyC>}HX)J3?sAQC=
z|DLuy2;4&`Ivmx|rDM??I&&iuUyHdb$EdmNrIkD`|539XKEyJ1ba<Sa;^QY}Ch+2+
zq$O5h)h_>`WFW0q_GTJ|=a7FYM~BK4k8=69q};<5kA=OS6<gD7_c1MIy>8r2rA9vN
z?IjcqIHu@EkZR$z?9e_KFkF#usrvaPAELFdN9`?6o~R(c7+u4q-(sFDf}9p*X47tg
zFb8_czjQdhWw~%yP<)P+1|2JHI7VC5cU)YtQSR4#Y1E%?3S`|U0UHbylE5*X0uUEh
z;=W*1_+Bh`mJ{(6CBSDs+1be%-_}~VYg@4IT0>ihY`=1KAmKY*kpxa6)%=D!lw=*@
z7q<?w+9K;}5Q>`UXUGuQU-5%tc>yFnSQ=kc(ijm3#*%GEJqk{+6WcLe|Gwvn`)UMV
z7qQpIJ!@5PWrtw96-YYz7mdw!ZTd(573rz>!asm6+5dCss#Pp5l&PSGq^GBANk4x^
z5I@{CN*z~bK9PSR<F+6i22%MMms>~9?XA-%DEkVT?hnuF(bnAA$#Z?#=fKVO9<wlW
z|H(zl5VZGtvNZej+MRC4S}ZwEnlbL|N=^i-pE-GlEe+c&{lFbYt~L%G3JFHQG|OQ_
znpP19b8XEqaCjF^q4%gqmix$OBsFW`>xu45>9--rdofzxz74_Q=pO}~{W0?2`jV~p
z9la)q!yDC{u1rL<g=7j})^ZSSDmB&lWX?4468je!SMw0cgevfrEe&Xl#5$?r^yrm9
z3K5@Rvf3(=cr7J+!h9=v>6)6<a$(#(vN>jZF+78fCz-176}%=aFx%BfbuNKX9-gST
zAgRUYi)W-_o&a3IWkt`Ww!;!jC;9Euuw*;0oldGmdx?wb@~F=k{Rye7MP#ynfYdvJ
zk?)gdXNrV~@holQDbjb(L6y_Zy662XMd|<x)DtU)R+Kpk`75pdYG%c^=Og|?-6E(s
z^@_G+;?d*aN(qkX`Xd7@r`;|V<w}W*EW#uGzxkFdH)*m}LWu=+W5|uCxKTdGU(<B3
z8539!t`>PEWUq|=UZ9<Cw8Xk5^m}j=Lm-KsvB`3(Y$Zoq_J=>w+Jk#+(B(nN3f+3Z
zUFqSy#O+5Fe{<0t3KFrAF^NC=+Z*DPQMQl1LK-ptYk%p+iVOW`_6H7l>vF|xxizfP
z$I<?NHrZ)xSj4i+6baB}ay-G7Kv`iaV>SsYsqF90!S|7*Vu4qw!~s)rR<A&%(hmx^
z(?FM7OmTVc<K-><B2e1%iv(vPZHR_w{~7C?Lx=7$GOdKK2}3FWhLGhd+Wp~8(>-Wc
zeSJmU%5Y{Sf)rPOx_t9>gg0{_XmhVe{T*WuRK@!NpaE*rpeutj*7B~Jw=9r>2(JvQ
zVkjR5F_z3xLthtGB7SJK4Gf4-QB!|{M;J_lUbIBhjKoBgPlx4dy=jbhP}-k&&qkZo
z`rZ>Va`H^KIfMQh&%47<XvxAx*tpf(kv(DNZPqc|2hkO(N3b!~%bhpjR-EB_Ig_DQ
z<^%!4!>&Otx9H^_K27v*ZH?b1+;d>2W(Gom@G4ErfMGZ$!tNy@kP2biPS7zmFcki!
zs4=uc<aAOL-GA`Nh!ZI*CR$3TZx7TdINn@|=!VHq&ec#Gxenq;iOxRWd=c&6t-3$=
z{3S9L*#n<m<k*}x0oDW-+34YNk$eg4L^`5z^r>9Bz7sWHJ&sR&KX!2I6xj{TrY|?4
zqSyI*z)TE{e@}{~SuXtXi&RxfO{Wjo0I0pYBN;)@D6^oxx#%DqFI~-Z52b3!iY(ya
z<JF1SIFQrQBHLYa6>ZKo1nkVKc=M>B9^9SmNYUtC7KIQ8kP~U6PUX;+jGeH-jYN6c
z(3TCMtmD(=Za+sPWz+CTYNmLpBGgA~X^Nc;DoII6ak$&?ua37Um|2efhPosbT8^*>
zplR|=cK4S$mQ!I&;~&m<N)@eNk<Jz*%`if&Dh(c1b^I(ZE2`i9N+F+$#T`k8wrX4K
zJWT}G(E^WwU}N<D(IA1sa<u_3$<;p;<4sA`GjSkon*H|pO}+EuF<Ay`BlGqtq~rND
zl`Ns7W8DFFOK7XjX~PbR;_2cbdQj-8$fGkeG!~aZtpBWsURSk$y%BHI^n0Y}PIYzF
z&C8l>stS)DePT7?I6hrkn)Bs~`FVMA84YbOjKs}Ft8Oag#>Y>fIla<B>qJJM5EW0;
z1AoaL?*>+tLai<QE3C9*1=VHw_w)5<WPpcB`~8(%G6Gr%)H4$Z6)k1aLlp{u%M-1g
zYPnuuN&Buo-eWd-dDnQ7C3hr|vXab_Xv<{oZhs(B{N%m(-=(+*Faqah27!|UAMc;j
ztYd71G`Uo4jeI%>cVY6$o05`|IUY`6Wy?`aX0Z?3wcvE{;UP##OSie4ph!weiin7O
z`>ND`;Zm<v^*OLxNkZHfhEnO7nCer1O>P{Sfx?z3HV{}FY=LGCiS4@teO*vg9NX+F
zoc*+j-#XTX&-UTH=(RaQU|kQwrdk8Xk?B@i_%M8rl>%06re!|Nz|D?nxHb^F+xG!g
z%f3E(YOzlfN57>lGK0y4dJ8<Sy(%ox%==Fsodlca%Uzeb_U$pvQM?G*80Ls^I<kE6
z#Wq`VM3#Azb6yg=MAhMorrty6h2~}|VeU_6qiuofnvNWif`tUd^Ict>Z#7*ux;ZiU
ztFgJdTJi2S^aK}?<`bJJ$o0{KN3@9t#{xQ;X2kyc&?aqxUE1uJ2X$mK)DM1%S%K>9
zQ3>EWm6Mx8f8NC`v$j4+LIHWf>w826qVo7y+eQ~txb=vbN5<SwrXnCx9zC>Vv-@t6
zT-&hbx?2Ml#AwfCkwxoHqmo<d=C?Bm1C!IoZR3q~Diq1N1T>hZh)o+xIE~uIi><hB
z-^7R%oiZ+sOu*>Kt8V3crP->Vm%g@&Y(L6!P9ERB*=8!Zjh?c>0PE0`(Y@`>h!b35
zk@A7t+}o5P+$_K0d_YxY8orrD4eHRFhS45{x8~C{IA2?{!S!BM_^s{l1d}_m@(Mjo
zEX{hzK?*O)Q~pT5tp}evPg-wRJjuipMg!8P#`@h^7ZYigdYkCcREL+E6T+XL9D>!i
zrw^BJc(_cHyKjhv&_(Icq`ENo3G&Nt;Kb|m4c5}Pu@|P3mmFeGc9NiI!&*a<*Ji&7
zJv`E%xxIz<Bugkp4j#lOIgF8I+43tL#&}__dyd4TlPBzNL|&w84&JPd<x#ksdBX`^
zAI<S6ZUBbMaFS~|VNgZfqwQ))u_itK`7COjy6}_O+$#k*XE#+E-g-~L1Jd5X8X)W=
z>ISrg53)~vLlez!Y-HK~3D?w*D*ERD$l`6P0REJfu7~u-`|O_f&R=B?LHtYNFQf|<
z6_wTxtIg1M4m43gRn<@UDB$Voxm|j5?#6v{bMv{dqlhXxbZj;??}lj|`bD)>-)nus
z&JpH&SFm2o*BI@J#mM2kKg?a>;m|zz@+-PZW>Od%ZGn4KLgw&(?p;0o>0RSLb*`;-
z=~3WSDH{&HHvHb(mcy;2+0m<0$b0LDxBIYu2W5?p$b95i`!sBt=0DU(f9#}639VOG
z>pGd;^1G47?X`_d)>5z7D0-;Uqb=%{+f*ITUKy@6Sz}Q4w7rp4A}46Lpru)LKJzin
zMJ`_q6k<WfpdcG&KUq*NL7PlQm0ONTeXGCht@;dDu%e6}Y}aN4mS;$*k?TW;sq-~V
zStd2Us-k``#~>!D+J4wp>Y_wutE`V*zktCE@3p1UCRW%t$guKIMWl;ER{zW<B7seJ
z$Zh%SA1y!}hGe~ws*8@Dy8%hGQOp39r3&XJWhDGy!H%NpwI}ntDSK*<tIDQO(V~*H
zUgl}v#bQl!mdJ>(5VM|lzba6>GC^dFYmpAI9ydUB_NL70cP={F*NU3+dKAH6(cufl
zgtuW|TjI}(snA(!)?1g12CcrNjR%ox)~;51=!6<t#e|D2@wW18)xOYc6NfjBeMTpZ
zzi+hb#D05k4B^<NK$A{}44?V;dVWiYj2%Dt^WZo1%cj;Ks&?D4LxB}9N>nh>rL%l_
zC3-(8Wc)%<jkr!quP{zTLjbB}JY*0f^7jc!^9VGL9eX>SVcpnqIg~2%y#H!?ZAZC7
z`B0avk?|*s(%CMbW<t$2D%~_5R4qx#I7`_+8)tReV>g09PuBu9S_7&NoGkxkhr8Tk
z{!jd20TdS(U-mkXXDBaM($&>1eba8Sdxv(wb@)p6H|D0n`y+2_-be62%YkOM2{T+#
zptQk!x*FjL=U09%|L52%pbQAT@A$K6=N?mazGFl!RCTg_|Awces`@z^|4!o2u=Ich
zF5kZoql&`#ye)fliCy>f_?X%AJbh<5<`rfQoSNLlnc#B2ZkuUl>6o?=fR4#$I2*|~
zg@e~ZP;GumCS$24$)1?di$N-Hj7jis-L`4)NC_PQ(1dd~;#G@&6c-nte;m_`Xpz)5
z9`|j&6A-hpJ(7><v-3oMcnr>%;z^1<d6Oo@A7p+xuO|)hu(nHnqy2U1Zygu$_TKYY
z1U0oBUu7RYH)|jGMmtg;T!Mw;WHk=3pa6~c;gI+@Jhth*BOWWnN89IqjPqsa$kIO-
zpY)o-KK+GX^4CmFU~oGQ>t-4SP>|`L7w_M_eQ^Kt*&vJ@v~JfyyJ=3S=1&2+`$xG{
z4a&Vy!QIkAG;r_j4IYQ4b!JKnU^5Ex%AC;%4t?8h)||0FraN@7S9)6Rx4A}y_hF5q
zX2?ni&bkS9uFC3CBUBN5t4lV!yqq}z@8J<Lx9oLgRQ?q@#=o(C6l9(mlhCsYrnW58
z&IepZTkzq%<@f*K!H=W3&e{?BXi5FA0sw@xpO>8MA`59`?8X=tqX`}J#C#_4kv9ah
z{G1<<yYuZ7R9$XG8?|n8q;?E9MuXpLv&rY7X45RXb&mF}H`J^uPwu;7{WfOcwsWt&
zAp3ef{u;R%_e$XU(zz>CK6BfQW;iGXyq6veKDUZR?PJGnUAN+`|3az*9~g#01F%l<
zzdj@<0%^;C2!TF@37_UqdE0|ty((}IB^LUsXvJ&|I5*AgWzKM5MA-4WZm*^Vxa#Ty
zp0-_1UuQ4cPqp-q9$N}~Xai|K9Ox14B{;EPcv;W~C)UsC^>wTL{+Eu!p9n<I{MN$^
z?zrA;ThfPkWNH&_K6m~evNQMn!o&<-TYVS-fwXE|Su5|gwc4jzwC%KGsxqe!f-MV=
z*;8IA=nVPNo&4X8{O8}l^%f)tH$WsD`i~Ik84yO3`CnNOoX9^CAqFIf|Hy^@tJ^_>
z2LF#FNPzJFO2Tb)0otv>Y^?c=geHjL7|DdbppKPpU;4q=s~Wu!?L%hY7Z<)2zeC8S
zyD-HT?e7%Yhtp;+_p3Jidv8;(({HpPEh^R+SCeL5UR;0v{3((jFPH)Po_s#uXLGm7
zdDY_>_=p06+xboi6x=?L?5DIRIwwmN?Inf~`1~Bc6^g+dN(v4>slA`hb8B>ZFjmB-
zVof><p91^K)@j*7cJABTX!Ll}3Qec3Izg4MkGHfenj1p5@qcKhCPSV*oYXH53ts+J
zpTj$40nE3r%##*F>FiqugvcTy$+f4e?4uBv3^D9tu3w(eEZis}AFkom$Z-&>G(^sB
zp}pLi0r9Bc8_Z|CPkBOnx`N1lc(GhpV}cpI>sKMiRFrx}pU}S6rSI7Ab_C}(XDPD_
zzKaa7S(y!Fo(QM6a^$tRXPXKkuCpFk#z3F&w*&@w+%(<{|6<qZ@q&fF+FAZ%{k2zC
z$m6qLmBH)K;$$-Vl7Ie4XV}5QC$PiC=d;39CYLc7OO`2#?oN{cJ=EF3y3sy(;wfh^
z`g<FAO3-deFGX7xy-dkwbtN;qwn9e6`t%-7a&xHK>A2WT;?B(vGgEkT;~dFT5D^6|
zEZmq}(IRXpdzp|hm&80BBnSw-*u--7YPKc-<Z__?zC7s@^Rng?i{q9JcBJFE_*%WN
z9NP0NVY<VtI+rBno{rPA=A1a!bMAdxV4le1$QTr>p77yG!CDoUIfF#A(dP=gIr-D=
z6m9+prG5R1kz?M>K+BtB+0ek*YW;Ih*}BDE7Pm5kH|GBS#D<>jmU8p;%ijEa#!auD
z{_6Kp>?>+z-G^%|8SjRgRQk^b-!!l<)!iQ%sJo%h&&~Uu6hrC)X4>gY$1`b^exOLm
z%9>AQk|d+s8G3n9!NB~9&Z|S!U;OH8{0L>O!DWv92j)*vNgN`LdZu!3DzE|ERgQo^
zh&DtFCeE~HY+w)w*2!-Ry=QI$HHLqQ4>nv!JAs)eXC?IYWZvvL?ST4>RpiV{-M_28
z8S}vbUwh9wi#5PH60!QvYS{4fPI|+KbI5ucldq4LKwSM2E)10#k+iuy1urWrVb7{{
z>|%}iaJ{F`cEgZp8$BZrZ_ejSvP#qD?SDJj!^-1}IX8ya6mY9`d}JAlBbbgZhN{7*
z+Z?>VS1~gu_+i{6fEoU^_ep$aE_>bBZ}cS%lZiNKydMe-IN@!H+BQhVfpF_`i)1#b
zJ^Hr=<L0r^Lv3nuKZ3m_tf7;m%Nw6seQIxgT&z1cDr{s@cREX1obj^Q9*d7K<L&K1
z#@8&yP=_P#rXyf4y~T;Q3-A%IO1-t0F_qw<qEN7FaUspw<_jA%98KI70)GS)wxP26
zl;Bkw4SLfHT}tU;vu9is!?PkyHvlK?v3M?o)vB}x8lQF0dpJ|v+0X)ECofNB>j7?;
z%!wV^1DOkxqeECZSSdjAGiUGXM{oQ2LLXk|yvg5p_pBUWn$B6Mot-r~-Kh{`NA{gw
z;~%R+a?le*_Ydg~3w8Pn?+(JI>-pHzJg4op;kMtn!ZgqBEEnrUHy^-o#XrJ`lw)qY
zTCC6ry4j-!ti)IR>K%t1#AI>?$2N3ICcT2##Slm#6|hy8WthmP3f_O2+}=5RI`0a!
zKTK^)?*{lRO^=(%b{C2P(qGR-n3mP%j0O0BZD*ctD)MZZ&2dSr^V~@{b2?+*J(H17
zdZg~}JWO8GMG7J0lB00fx~qQM5|HE+`3ug7v0ZQV`jB@^M}6t$nDOz$yBl5;xn66F
z`ZbdP?D6XIqk>sBZ@Pl7#U1q$eh$RW>eUn<qZppA7n=92I)W)$Pi?yw&d0n|NrPwF
zNlnMRUJbdLKcJXE1|dW}Y2Hbk?u-Y#L$y|$uv_??@#u_--6h{^%vmIj{w8&6n%rUz
zMPp8EO4c=v#WY0YMJ+e*xszd3VAub$p(u9$dbV6+u6GC<3$$D1yMjPJI-Kv&7iZ-8
z9vnc4^j3@Y*PC0e-fPsGXRjezF2~)$W>Q}RCjJfXhZy1x#oka7-2U{Y9gmJ|c$q8d
z&{22xU~m26+d(l=H-$&AJ<MtOtd`Ru@ni@5q5Bn&JR&z`)ys{|66W4**ib?SXF%>G
z+Bt7&t?z?BW2?D(;w!x2KG-jx*j!r!o8MIwcVlXIQQ}_nO=me9o2zO5H>R~@j4wca
zBO0@~onnkUa~CV6i+0XiVAReAsr9fw^XIvmkIrY_y}!F5=X4O2t}QiKKZV7xByISj
zm3fCs20xgcN2%SMc-+w#Lc<cXmUR)q;?}R0i_3@u^@N!{kD6u=$HQWMKA5JjyC=2O
z|5|4#r{BI=PrPm_*u<2dVX7UZ)$J2#KFc7ORdI|wE{=P8KQBgzOm^Qu0@u?R>|Ocj
zU)GNLWAw8)5D{x<mhqE@;K^){EdUQuKvIBUg&#k>$2b9Y+GsMxi($o4t}zb32`|{Z
z#@i9#=FPf7lik{5^SyM-4ZcUDYI}Q+-3&`VS7(5K%QF||2UAAN3#-@K8DGoI1$)dE
z%NdN{%ZP#)93!^%CI&?eFpoa&t-z?fGUs{qu7>d-pVU9U|1_gYl|L7Fz>ud`avSwC
zBl<E8RmpBIFI_B_Mly(rfyD!#z*qAN+B$G^!zaBtuvgLuS?hoH-muB*VW1=;w?V1$
ztAREB+S5RWbkC#h37Z2|C`?^gRLll5!&`os#Mkf#UXQmMP%}PH$1zra0w;S?055k^
zJXenH;8f=HF5#8=NpEoxMPre3i%Ft4-$+(lOl8d;wDa5#i}h}t(b2Aqc8&!_)q~f<
z#8ZX`7oU#h@G}#*E-tJ(yD?i{AH;qggxt!q9^XkHy3Lnc(!XQ2HtU@UgQRy8QSx7F
zjnBxJs>VYs<K`CC{CUqu<KiDonBvDPBS<9d@&sPaZKOVBal&0$`r^9EC+lMlI>XPG
zl3n~T3bN#gAKi?<)W8O2n|(d(TlV&e-U|HOB$#N|pAIMA3<{Ouol?1RT;hgzk{+&2
zP<$VygoHND6pYu<1nQP5+cuBT{mn!GT8>`uoN3(FsJ1`Wk{H?fJ(l|8Pb%Ot_NR<D
z;<p-QB?!lRestjTI=`S@)UUfZM>tNbJ=YB`CBe{R`)#uGYxK_be5Cjo%+k+`L>K(e
zx{jF3fC#bSCv1t`F_o&Qb_l9G+#0%^hi>VFck$eJPtM^Vja9v3B*z-jpTMEM^My1j
zRuoZh0?2IdWn}DsZBRQ<R&!(8&WNmKvr+C#IA`}@#(?CxBQhT!TX_*94A9z|E@O~f
zTL&CyPw9*%5bK|z<@JR_OP7did%s^;zX)86#Zx2&3`XOye}|OW{S$!&2X<&Gw?C=l
zaWmYdh^>TJj3(dNkkbJ08;xv%-y?LtRQd3%Etq=Q56$i=X@|`HNLkPZ3IHe%T6d;M
z>NH*OOoLlm{BRZs#?$ARt5a*LiJqQcG1Bn5jnrz*y?GhK;ceCPaAU84^(Fb*CT~5K
z)_%4mtzV8HJ6j{~1Rpebi%Vx+6O}U5)x>(MT{~}z6wfrV{I|m!{CF!`w7*Uj*mF3+
z_e)>R?#1w{b&DKkof)o$!O1IurR*Aub2#lo4<ghZY5vc!<{tKqd2;pK$LKcg^OX6x
zuvxNM?HghxU@%_G{wsXc?uc*r*ob9vv@du@w=uuoGK6W#v#srRd3cxE+52`*i(Aq9
zLO9CbnsN?g_FOVoIUn1UG}aSP)~gNjr^}h1NQ?fqbTxL6E)0Q2<qJ6*c4gjhmL6eG
zNf&Yx`aR}P&pUtRYJKP`eGD^CWq;{Sq1y5(f#NZ%(TM8RT3L6a)mBdLXaEV1hx{Gn
z;@(6mP094fuN;8d{L9qk7vZ0M<>^aDj{3fO*tevbt2nFOWLcF!Z3njcYAcf0otHGG
zj0P8Yf{ABVXZRoC(Y?Ad;~YTAJof8enL~4Xlkp)|lgV_sM`YvCt&2Mu(0digZ1Rz$
z>|tZx^OwCP>l0aSHeVLj9(R&voUev{$4kuA!xbn3i+K(!9qW9pDd}<CQVf)n*4xM_
zz1r>joxsHRFXN}M2of}89^K6uiBX?gZ~BT}e>83OS;=3)$9u~O&Gv+(+;8nqayJKQ
z0?A4}xfxF)1Z`J$x93=m7rY5?)+e)gP<M~NDgYR~tRrd7NvugwOb*)uYUtrD<gowR
zf_#ove5uVCkquMBWde)O)gaEFZkK~9(%E=2-cp=1(i3`HBc_?IB;L(5Xh{ZI#!5t3
znc04QJMeTo;3+YSHZbUc^0aj11JCsd0{Qh_M>a}j{X#}b9hX*SUU{a4^F4v@_sL2b
zU2s*L@G@(i7QE5-IV;OCx8U{WdBL4eB=Y~<)R{q3zu5Iy#u{(Q*w8ut=1$lH*eWAE
z>19m^hLXr#8<=0Fp++;=aGj1A8I6gZm-~NN+B;v@$S*|SeP8Z2v~a!J7I@S1(xM=Y
z{osGX^K^n6eGFYJZ0}4Tbj~9)9ua^<$dIBN<w<Ia$a`XN2CaGS_V_*!rD-Y;Gg28-
zHMnJq+p6f22&Ezze?1gy7%)+;6X3HqliOeQY!hIzxA%(kb4+grlK4*?bzuyHoq1ZG
zaxe|ank;qF`&Q(+iS;yve-Ze2X_LWif)M9@TJh%TU83oy9M|PZ^W^D|nukOx`3?5a
zY~2zzjCDJ%KicV8H9F>1C&quwao@A@l1o&PVsFM|r2;uUwI=khXrw62Z@3!KoDoce
zhdL=*5lhC`l1{YyF~(kPAS+`Jlc|=Vkm*S978Cu#BR5v+-OFrA-Ih1>_7PK<FY0J&
zFGG|5C3?q1Yj92GVZC#Dm~p{;<944o)TI%^Gb9F-75-q>3oph5qyt9>fMADe4If+q
z5`?hFDr#!YS}b`2GtlCB{ThMFs5orvF$9x2a!}>ie7+?95LugMn1tm&N?{`>pD!!R
z1e#Xs*jsI=<idW~xY@v#$w47dtn8hC0U!3CFk`QV$x583%!-@~f3rt@SQH-IvF7gB
z-1^;GBjBr2yKc)~RV~h!KJ?dI9dgU@#Dz<+&d^$e$dN-8RkYXadknb4u0vVVs}kPR
zXSs5V@lA7o-D(<iRVmOADA>Gp@E#N$RX7yT8d$L1rpzi<*;N-U@1X|Oq}||WnVE6X
z(8?lnI9{8^Is%L5;ihetsvCG_2gxB-K6OkI5)x3c;ETV$8#DIpy_Wrg^za3peJd&Y
z8nDgXYu3|7AJ)8j9y88A5MMhu$jT&MES4ELDVI&l616rgqg=n*Gu&I&?M1nA5o4Xz
ze(FqecIt@JU6Z6<?(6$^DP0JqTRN0eeV8|LGPWz>LeIQ|if#Awf(Q1o_Wf~f>SrXp
zHy&`Q)ZA<Zr%IdXM?f(>_V}am)?R5J2da-bN#Vb!hYwmy?rlwU+Dw^^iwjZXx0=C-
z(t|=8t$WIgR|KK-u)r(Wx&fMhA7HxfNw(HCLeEn9=QI;55@f+Y{KY4b`44|#Nchj`
zpnuK!{~T`m|C{i+8i~J&0_pkrx*t)L<X@S$y^S|o9sk9I_=UgiV)P)z{EI&cyvpwR
zc&OnoyA3BZ`#&H~*wJq?aRLOcyMA-!ltl*00-ta~v(d<OT6N%;D76~p2Gly-R8UhK
zu)=K<C9-wlnpzZwhw`abY=sU3{q2LH6bW0+s15m(3JStufpESry0Ey*ukk+(pGstH
z)_rjo-ODVVP?%os^QUL>Wis1-b;9n+^xl?Qr+hjjX;wW?+bhyrOi&aRlUA-;6W~kh
z?=~e_BH}1Mx}VBgs~d4?GWKhpNFTX<IkUAy3G}s1Xjc5eqx1$6F_^;bH)HKK+h?nk
zxpxbhG`c&Ets-LWjg<1p8!s0k>~gqfx$0n&wlu}7$W`L*0&Ak>>FKXGJGo~{Q}<cB
zXYpRsW+<#ED^5>-vA=Ky=-av{&XVR1Jo7KE*4%C3N#(ge1~JD;Dk{=glvU=uVqv2V
zc6ct6BR1`Fa0d+~<LL2$-oN`i{SUg>_<smH=itcNuHDC(I1@V)+qP{?Y)_0y$F^-x
zJh5%t_QbYzdY<Qd->>SNKTcJ;Qq}3+U7fw}wXXYGzqR&BBpy$4jj=>L*dDECv|d8;
zc6%k-6blPqmSNYXFDxfq@*I^7tkvy}WNxIX6Z7%h%VQ=OuljEgNh#cs<r-t`jAUWG
zN#-K>i@~<Gs;Rf$eGuDv2m8d&*LCJ^QA>IkG4JjPaA<beZd+LTllU77dbx-kzt<6y
zWsmz4%Nqo7s!U9;NB39_=ul_5YYMtSPaM2+GAC<!v0mS-OiVj^B@I?0XWq=7uhU1U
zvRu7ytw3lqub^*Km!FH%Xu(t46Pc(G?64)2KzTUmb~xUPV<iv|f6rg;aSN5K5*W};
zCFt{KHFMM7LeR1!9fG73`<+{z4&#=ovosf;ua3GLkU$lCsaE;9PVC<rqVoy;T@4^u
zTsi2MT~n`@RR#*r=8+K1o-5|xxK}#f?tMARrlyNE)welTdoxuOYPR>c62N00@uoW3
z!U9e=!M2|likF)mpb2H=K@Y0ghZ{KVE4r>fUN3Jy2KmmO4VXcuI_??r@g{d^U5QAx
z4aZ##VTQml%9Wz?yk4e@6$r^YuIOJQgvYfZDOX3vi*w9o3ow_}3jWZpPMjtLL-8iV
zv13EU-ac`Yo5~s;w86Q0DHD>@4Z}GaW*YUtb(vROT8XWYspb;f;VU4W@6v23>gjiG
zxrTE6eI*n_duQPOC9hnLl*|dMde^W3T=zAD%M!P`Qgs+6^9wTiLP(wni>uf3h3{AW
z_@?M$mdF>R30J>;@=bN~9_k`ma4Z@58F4-D6DqxrTXDxt9Jua8AZDdlMhW>XLEz1s
zTY>MMSq8~d5NDgy<M(0!*Y$^f&CgoHb@{guMX0WH@JLeghmu%RE9f#aemU{rnFkOt
z9!y3ml7J<3bbITSDeO%C0Y>`MZE?Lr-p=sIJQk)*8TrMDaf4Z&wMcI6huhw1%;igv
zp;DXi@vD(W1*pqPnya=ojmOFFmyd8VfOPra(RNzhie1sNH*SYnkmGpVVa~;w-aCv=
z7Eohe*^?@3m76Sg$1c}pI?cQ2kQuJ-M+>{&m+f^H996Gl1W7%=-^mPPc;M8oMRN{)
zx!RvzsHNeO6Rz)W1bv)?J&}&kK~gk6?i9@`+qlCx8;+fWgY~NP4(cXa(7u;(##9;2
z&Rte}_KcV9Uwt1g_l)-6e=C@RH-L(HnWfWsyjW<QNFBK#ZfM*LIf~Wf5fT$j_9CA!
zF$5sO#QmB1M<A=2pKEPuRtG}DVKCmdq-eku+@1U5Q)+zR{Xo?ti$NQVmLp*>C(8HW
z8!sYeduw4qq{pL%C;gllkzS2<O<5@8xKjNT72F?%>^rjDygT`FaiinaUKII+)Tc<t
zJBBXp`Z#04T(>B^Dk)yny;@F1D$wc+Yw+m*`OT)cY;R8p%#C);J^BMx9f~jYOi{0U
zTs|PJ&YoyS-~$P2fN;M>{zrQ&ZAg8MF_AfT+VMzxTNhZv?@&{#6sE%#Sv}q4A+8jP
zCzzoi)Q{Hv>eo}p%;LqF)+q~&gS|L*04>$t)k)yT8^8@zalp^iYQ)_c7S)WF^ipTz
zqC1Eu8idTVk(#1EeZ*M0>SyiZ0TbXRCX`NltPFKlqj}5E-4g%&CDLqXl^2DZJhqNK
z0w#daSX*j>bTmR9JoaIg^#!UW<Rv;o7N^@(JywJz0w6+h{o=pxsk9JsMzc_!%0Enc
zv^H3>l7S7gw~uA&&Hq|~bNp&L&3=KqSUExLu|y?kx>PHhT%kK=qr2*OXa`XAF3ikq
z5?@^5=eXh4&Op?eOzSH$MpW$DA#_@-wH|bz1dS%iiBAHDVTX=rLokl^qV~ACUAf9Y
z<mGq~SULBNU#AtHDlxjx_I$8*jVPxIaPu+`9a?M2(JwTQPk+aTe9pjbJmYeg(+ZMC
zZ*xjkQarf4{eCv7Df1&KoWu@hBiPi@V-X7RY@}$S_weZc6A;WNKf+FMku=FsDzoBb
zz~a^A7R`_J8HSQso*g$>_E3sPIZW}IG{!sQ!}*$ZFw|wa5>vdH4ljE!l5;0oN^N@H
zJKJ3#i14hJP(<1=VmMij&{_BcI%Cr<DbtM3%6&P@w0t7HualX=@;f$=*)b4qj6&eb
zaI@Ld%6@td;p|O()exqh+e(LzBy+m)q8v(@v$}Iyzwa@Fy%8|>_d@*f*+Tm^DzOYu
zUSYpA6rXzXFJH)TtN0YFb^NA=75Yzk#40V0D`<RN_JEd^;0A`y*jL4q(~u~(_hdKc
z_Tv?Ig~f+CcF5ny8|7o28<WAOJ+uadr0(e`CSUSoF@;D3YGzWe=XYBEhz{Hp@1rwp
z-F$&Y6tv7HJuIN=pasuhPdjt9*&p2_`c?}kHeqD7o#kwV{mo70R=|8W+fxra4Gixf
zaLydBHj*ml&Ipl_ohC#;AlrYp3=ab=^4*v07TB6rm<HlmZTYwWZLoUl31|-l{uA+4
zE9KkU=k=SOJ@1B;GFR@9`VJfKKybHwa;9Rc$PqN27P+N8$$Zf^S7Q~PhfsTIrDFDz
z4kdbf-|-k;($C!(pOeOOZ)bQPR%zPf8`1^ZxdLkXX2GCNXXGNH&<-vQcf+Ih+D%>c
z6>_SM%V;MBKm@I=hr!Y-sBAzS5$*kf2hJ3O6`W+&o5<|m{um);5BsxWV`wD2dvT~f
zRs6Iu6De(F?!LkoBhMPS-2kn`HIN)6I7$OAUz1PCZXF(VG~Aj}Xm{k?$dk&6!hX&d
z;ZDDGX!DksPex7Qm?Cswze)xBqpa@v3`u~ZP!~7;vXjC7bzn}y%SUX+Yg#q>a)fBN
zk#SSHDP)=b@%E+^+>^adf4eyi!O?my=bH_`9Y0&BEfvXA-$7HVEZMVR^riOu=kP8%
zMh9<rqAl<pZ-ucO0UO1ci3Cu;NQizTkmx-TKJ3x{%Kw#4*wjSse1+eQ&pY3Q8qU@a
zW6tJ03fcTv^9)R~(9*u)0qrT^+han5|6u`chwj<$k8~?sU^6}sO`+~Pa`Y$0{oC=P
zxq1^BCe=F=KX`w-@Fbdb3{OrP9_&5>d$}ayRc3Rq95uk17_51+%uX|Tv$v|Vi-Xsv
zVv9e<Ph=^7hEW6nOL_j<S&2)-3{-g~C84{}wZM46`$+v7KE??f%beV%jZ5-+?&Y)R
z^r#E#gV^o1aC$&kz3?lG7k?q0;$Tlunw(3lt5~<0nTx>z@f%&#S_V!`LZY{qBt$No
zh&b-puM`G!BhJd~!%YC}bXbb|S)ThYp%hFl->qj^|BPHZnEg(_)NXezOuf}?pq_#W
z_L9wT{;b_e<mC3nBEZr{8F79h2$h1OiyvNaiQXp4+`yB#2E;9c@@~!Ihl-n{Vlg*>
zS7Odd5U1J?;q*fck;JXU{Pml05zN;~J6ATAEI?RRBs=^=EZF<yg@G%C&%62WvPVXK
zQYgmK6vI@V&NG;~#f~F`0KlWbKsL=j-qcp#Nuj1mG;8F{VeoqvF^dwu{$w?mo8QP_
zqJRwx$0|49uoYEz?bOIdOF~fhaB0l+i^u5``%5Ig%w*BV*{dh?k1AR+D{F$5*T=Xz
zsu=az1cWWUXQ86{2#ViQyyq{xp#4UWtx@SCG$bi;o5iSdztR~UHVJr@h@eU<;DFI)
zJd<M90-sRq?MmRvIjJQM9ZrzUBV|91{pF%tlo%*AZVyvlotE#Okcq3ot7b=<=5e;p
zVL;>)sZ7Q{ed~i%juz;%OURMx{wPvWJ}?dm-9HuMli!q8u>s9-w{IRkU&)}=5{7OI
zoXf^yT|iNfurV_aO>?tv_FEJ|#cGrjSrYn7DAW6!%$6hZBty&dGYwade|~NAOP0$A
zQ*S&@2Y?&<K>iJGAG*g_GPrG7&CQ%zE}a30A45q-g+WshE`#R#y4Q3nddW#whnBo@
z#8Dco=AaBNIOD<wH`--XE4M>hW3h2+U1Em@3#U`KOpz|m-D>-|r4cfoNM9+QbDn>V
z5$8ub+9w*3XvE1~c215jrPxysCowwSXej#vQ*MF{*>r&zO`olYDVx|n+27N4fPlN)
zZb2&tKE<Gb^{9H4!@gR7X))inC?49$+O**MvLyBAyaP*yV9IpTub#EFzQsMk_!BnU
z)ft;A?UstNs^#a21Gd^xkj#Sb*W!m>xT?BiS2-l3gvDUc43=Fw0910$_r{J-pQuLL
zIfw>>u&<Bz{nCGU3K>o2Ro)zqaR*UYp*eMFd}{+gAIo5Zp>LlLrND3W@G;Dworp=i
zSulo;mba+{VHFUM_3YX>vk>v*?}K$QW!pRm0~%DG?gNA1vEM*Mym`~Oj=K(8GUMPc
z(n8%W;edL`v^N+$F;QJb_XGQf&LB7^z1H(e+rADJ*Fg4!OpDi!ldPs=v-r#JUE=eQ
zcf#LQi7NKrLZ163nTTv`zj?FIo}9{BqKj|)?|;_0d^jknKY#dCB61sp6LWqwO}z`y
zmJQQRO^K{AY03TSMy6%If(*Yg@gt(UO5AbfY6)s~m9|Yf-c>gZxiyf|wIwy0$m-)u
zc@HT%$BPgfF-at2Kdsm26MUDCW#eh%;j`;isv&=l)8y;hi>F@BBUg@-y$>?{J!b1J
zqdIzg%{^9Sz=wD0*txzxch*ZXhHMdeI*uh39W}+9o<-WWjF1c*g7ZS+0qr+ATv@;C
zG9vFLc<Mi`()IhjOSuG<tQ(rKl|&w=?0~l>M7bCLJVKC=0cPsg$RL`TlZ)K;#_Z%q
z_LK1XY0i3J9p!gsJGvKd0Z7FbYxt`_GH~1DYec6I7=lVb5M7ne5zlbG)jXmpr}0bc
z2KL<@-_0#e6tWl$xd;a9C3TCndgZVd9W%kFI$7npt8NHx%d<TriHRu?I_Oc;+eD@p
zH85ldnV^7J*&JdXjW#3Vb^{3&4$Ik)H>V~59~(yW6to`V^$8h|#;r15-7G#OP0&J^
z`bQ9X=HBcCl(6J`Uxta)?kvP7fFU|tFJ6P%Gs0gP{Dmz7<_jYE{qT`3e23llIZv|Z
z#DXvq7KWHT{XwZ)PW4ad?8pcF6E*VnqmlOq+-mnCBo*>I?z3qY%B3emstnZdHnI~m
zJ3<g;@DD<so5pzLa<O8WLXkz6C%p@7Y571^HBbT}QggF-yxU6%3Mq&EcD(T0bC$Sp
zmS_s2#Tw%wwfJ2%DKKUeqQ`ruFAE3n$)s)2F6T5=v9_3%4iWl<^J_=wSGNRFd0_`c
zF<;-57pc9uq=GD!@x)KrIIFrAAD^hoKuIjU-BVZyI+4J|zrgGekS(v$gV|>c(NUU`
zKU7Bafz&rHbKaX1wjY`r$CoJz+<ifkfREgISTgc#=Udjc>+7>3PhVm2Q;SvDL(Cnw
zN1-u;)py(cSZvMA;jav;7kyYvuhFy|xr!hy^~S4%ddKJWdh1E;Yb(xBq~7VD<n$Ne
zaEP-TzPctSKP1WA=tzAp$>}(g6M5UzR{|wf(lPBd;~)KmlQ%Bl;J850gdHd)JvRI?
z+@bEwb%Hf}L7&li09Th3ePGrdq;02WXvI0Ys)*k#yoP)&kNrC{aqi2UU@y&DX`S>K
zFIh3pxn_gI&mnH+v6FtUKRL)X@x_An2#jcJkRe)82b+-XH*M&y!`&p$Ha~M1M9UN!
zBA6w|OHD@L&6{0Pjn@OoA;Kdf!r-z8c&t23lpO$o$H#89=DINw1I9br^Iy@0ly=~L
z*^b>22n&#&yQty-<xEzW*e|fZ6Rs0Su5?tS{=9k@m{Ldz2WyPF2!ya)aY=UzmqD8K
zS5Od-AbA0>o>$2&!)M*7SwU?IOxndW`Wh|RGWo%L9aB9F?XvcGov4yDbN*l!lMuBo
z+jd4bsq;cKYPE$pp$%_bYvzLH`$-Vo^{<Sq?+1#xt<lz7P9OidniDE#2m9&n2utJk
zkaS3?r7LIgJDbx(tepP0;Rnby*<oopcj^u9ueoq3nIoJcM53YUu;Me*j-pl&Z&dL{
ze)ND2y#=DOmE?QXEsg}b?{D;4zoUMN@Lu?OSTona44B}mXlg$>eN=bX<s^*691?$%
zM_MiH5uq=fRk?d;Dbc{PE{vxUu*+SNsZ$gA&5vwnE_fkAJKbtugqEWYa!iDLKqqHA
z-A|5^Cr`5M1eddrgc6SvS#0djSNTQS>hePS&xw7lkyC3QcsYGZkIF?DJIB|YVGwdM
z$#+D98wjooKZdxBCn7`shaQ)P<k2T+2bTweJC~%}ceIKM^7*9z3lAL4q<hy9RSP(j
zYnWS+yz>(^&A{K6`#VBD>i%~+<PF!@pJDXGew+eGe?X#&mTsl1>^L63uGeXn`H{}1
z@s&JXdVC0)o&*MrJAG+O8a}awLb-BqIq;0akQ2tzi~a#(foe=d=jWE@ZH-IHw;*yY
zl9<5KWJgmt%Yt<&1;dw*xLf!&49TS^9u;f6&hHQZ_0*sO)Uyvf<KhQZU6U!aLFPMm
z9tbZkE^dVAHH^3H*?LQYdA8dDbl94aW$pk}xDa3g>mqf*GRUfNEfifv1eM)H7N`0(
z1VJU>N2qb1L7f3}gKzKGq}xaBnQ1d7L(3Y!@vkmPH_#=JG~_C9h|vl51STnPWh<g8
z83<|lunS*!aw6LkU^QgPwXE4qmU68>T51g0(~j&@14lJC?TWwBAlz?FGs$v+rOF|&
zHu)vUZ1EehW&99gw|LeXCtp>B=VYJ1RI3XsLbT5;_~mlHMoZq=z8oCTTd2^6ck<}x
zW(PJ<pmb3*Cs^B?5YfU0PKa3fO8~*r<q|*A8kkSm(GpZC_YLYasz;LGn_$Kj_vfAI
z>{APH>V06u52AqB)yyxkC0;#s^(Dnz#1Wx&M9+vlg$u#-&Q+MViI3+jV4mpNQu^x?
z_f#X{Hw3-SQp6h>mD)ao>j@jf_&p(Egc>3KYb}2on8-IFr)CG`0RoUi{7>`c!ioPe
zmA45!SpYdB@#f~?{>VBUUy%N5MSuA(N%uD&{cBJYAy*NWA3oNR^JkN8d??Ysc(5&V
z`rLd8LCo5wiJ)})_hsr+&hPQk=H?X8h<MvaGx<8LKf{2Hxy()nvIK5>Uk4+xrPs8E
zqte40A=o=#sb=OruTNuE(gk)K&esedyhts5N>pjj+<x*?b&u9Mk#1hnYBl}y`Tk{p
zTJOIB0D#&bbL7BDK;!XbGLi}k<|FZBI-Q<ravAJ1D=S<^cw5Y)USc-pp)Sq?3vA&D
zi&i<9&w&n0YH>)GRhcbqjWwoY^4ZP0R9cPy9+ogiaJ|kPsiLByxuwOBJ%h{Zh1IMM
zn}dTxOIv#dNZpp~a@X-hO;1zK!Xnl%&=9DrtG~VHQ*vITFY{AaInb_wQW8B=`NYG@
zgJJ-xG{r4cdAZu)Bw?KgoHgk&x&b?AnpS^c?p+2J7Luk*Tw$X<HxqL2og9~F`?j_S
zKc`L0mz!Ivgcex}=pu+&EfI>#J8a;AFg?pgv6r(WhgGuJ&Lwr>E@9Fj_L$;>a9`;o
z6@yRAOA)=H^?{--j#A!-^3ycs;@;WNy3K)ia!_!swHzo#%pS`AWq4VcfRttka{l~3
zC-LpnQ5TWP1psh-dvYLG$d;9pLy(u3k0cbxes}<+XJk11{JHmZz03QsY}^OW_Bicu
zEkaE#T~a~`YQ|#M$U%lqM(ed>2sV1K<G2Oxnli5l&iNe7xGPQpLce&Rq6CIcw$_8&
zz5zNWmF&SM&A<Kr6Sg%~#zNmSDm?x?lcAhwMqjGuc5dbXeB9V{6fIok<`u`pYQOId
zh1!>0+YXn;z?%jHGy3Q%I|r=$tXRGFnx9Jow(D0z7SUP5^~%h|UP`xuPtvfCf&T0{
z?JE2gDQ;80{oXyM+xY;B-m5*Xz6o!1#Wl+f4R!7>|F<QBhxQdkm7as|aIR0+RWPkm
zv<Xyyul$}a;-y098M8XWx)nw0q~_-4?W3bm;k@pdnXj0bn2FM+k6ih?P{+o4uoSov
zPjl3-l{+d!L<tH+wAbqE0i*?L6|$t`KCs`;>Aqa;4R&~XmBfi;ko;JFryy;41Z%<8
zBF@)0vm3PrVYglnSy7gW(?zQEc~l^^)GsQqeh1O??gI&;e<zkwf%90D`4d~*bPW(E
zo|(~N$E+}IJsp0KR+_(}XxmkO+`J4!j5t7AYmyYOo;o;!bU()u$e_FQlAejCYu~1O
zSN?3cBKo&j1o6k29NCl^+pz_Yf`USo8r{~`wnX)}t=%tK@-{F(i=_~!LuSZsDHK)K
zH6#t~bA9?b_F=q!O_qfXVR?32e?De~Ry}Z~SB6}fjfR}pP?R>;jB~OH$V9FvUW#c$
zovqKLi`hfCTXV#px6uX+zWeJi)MtPv*HJPa+l~+l(30)F;sZU%TeO&se27F>dGsvd
ze=uEO+z{dB;c2;F)NT{l*w|>f9>jHUaXDPnw%c#J>^$Z77V}(V>V@IRjYYyJmk4dt
zJo|Gt$IyCsoaN!urEBj!rm>U}n`vKM(qvUV#b0?^?7LH|o2OR`>N(&y+u1jr40T+0
zwvkTLh$+Z*&rjNA#$Swc_Tck9hE;ne!^8HNOe;g;ojc|~QS4JlJPJFYt4rW;GAlnX
z&o4R}aWEQRMnVD_0RbVC#|6>H=Tm7y01th`pDriM4#R$LJcvl4<1oxZ%5}l|8xvj1
zdt2RfWxQvw!q7+Lh|0Vq_%a(UtiJeay6L#qo7R@(p1doFV$T@OuI9mI6kj;KTgZX>
zSb+w6NF6O*ib%*qLjKrJq;ui}cUf5cdJwJGN7r(P4~LZ+-7hGEO=beLTeyGe<u?`>
z(KOk?{xDR{W_zL>&l?!`j%<!CPt*>*DT*A=-rgX%G)@O%=9MdAbDhr~%~!@s*&SlH
z=gii-RE{Y-PaNNgvSenTtzxeLuDkFdH{d9q%Rk2}inT&APk+A8Z%@E!Z|*M)6@#j{
zehjm>g^ru|Ss}Dv`J=hGxYz!mU48H;1-Wf<I@yV`mWrESM*!d!L%t`wG?n+`4sYd}
z_W0ZD$*w4r+0;K!!@TxM{Tw?G8Zg5MVK`_&N$s#Eq1Xy7n96OM>#kMd{sQ_x3y)d=
zd+(E}TjRAD{`fl-bXz+P5+%sg;Najd!qJk+N%_^))xUG^CMG6;Bfq9sRz^~pjP331
zyGKS~fGZOXcA(*w7>vCPG6H>1n(RjDh@@=5A0d`12_Emb!H8Wujw(wD@oUP2(V$Vn
z&Kd7Io)|7h9b|@VuyW}ciJOE~)r4hFFgz}Eq9f5;uo3VI;JqDZ`StB@Irhrs@c+)c
z7T~LXc7BMjIS5A(A7-C#l{D+lr5L~*7NA2vG%yh4usb-jxH!1=@xTGRgd&9V1WQ$k
zQ^u-FIU!<4k~qgCd^&ZwGOH7Id4)}w3t31mU5G`F&)z!Dl17rgX#QK-HJDF7a%ZzX
zTdrBR??d?e_?7%W)!~om$gg7mLEVwT{)?|e{D1QFf7o~7|1Bf`XL=>_m;Ws&|Njp7
zNvzTJr$0^vkIR8zErtjmq%3VpKw#=H$0umT2;aH-_O&iFCWhj0`tX<Tzcp%zKMnbH
zbqVjUk9FSf?rN1fBQN)-D_uSUSy@?qfwi%?`{89)T>_tqz-)Eci&RoV+wcrAso(w9
z&8P8Xt}rwhwoa;J*OGNSM`-Z!)6O=>9Zr)%BE@LU{IbUD6#%Qi5w1u6k90u}U6RMM
zU9ArrOJS%p89|wyo71c{fk|P|Hv<}rB%z{VZez;8`X3*SzAKI;wd?tSef#<!t{)#C
z4_OS7y}(pllBu%MHDZ@G)<~zl+&D(~%tjs3rOpj5dNd+{TCxE@Zv5Vub++0Pm1sI<
z?|@|k&jGT1*FjfP%d<%clmL$Mnqo2N|5VrYHNRb~)P*cAs;#fDGiFR=@_XUbtwd%3
zN7+_XoB<_7Kj#6xd+^Z_CyM@L?zIj!kk!kQ&|fhpOlPYTutLcDh)-c+r4D;P^x!qY
zls_l=p^5gPt2aE&mRaL}|HhxK--_)U&!PVHgi!i|3QmLJ%G-?#TEL=u$j<OF-84{q
zAfe4ipw%?5x%CCLRd$G~O|rquIgqVm_6kW?e6f=yo)yQL`)VO<gOm>L{2`fMX7rCq
zQ`=7yo|idAr~VJQfp>4AaRhg~^VNpHjr_B(RUwXHG4Zo^k1@hcuk(xzOrDx+<Hf_8
zs0t-rU3^GNXZ*%HvO?4mO-mqG2epE~;$giNFU$XxQ>UtbHQHZ+frpO|Y-8Bj8%gkd
zyB^Bqb&F3=#{oXc<^A>)s@HGF<L;K3d3mUgdnmOv<rM@;)3$3z;kjVN%2yqytF5N2
zRGW4M9nWP4UT*ICyd!2k$*|)W#Y45;5QJ$<s1Sl+0&Bj0KI5+N9rbDttlcir*rwdr
z$(w(Trt<{D7SrmslyW7Soi{U4MNSX_{h6xVM*>A<u}YwzyeHrgfL?1gCS5XYzVJ%}
zQ5VaL`>*Ig)EPf`gH5hjin{^Xv(p>M*NZsD`ARSn{jvUhl;FAs>71KFbFKOM^jqD*
z+nF*78pC2m?@zSt8U{gbVB!E$0$Yg(prDq2;AV~RU|^|HrH8M;dVLt~aox8N9Ix1w
zWsP8LK19TI*#nk&#_pd*`m}@^%ASD$oZq2b+CMM=32X{OgN2Najs{ASTvh6}sTLHx
zv%YLjzi}P82f*=Gs+f?4f3L<d9n7!KvKkQljUCw>eUn;s5C(Hn#~2h7j)^~FS$i>=
z+%8|WY*^<g#&VagtWrX;%|AUIjj^Lb5U=%8B;VD-^||<>MZ~(u3|@3yr(j7<*aZ=a
zyBK4b@qv1zSd#cANO*Bj?AOHb9;BTw$}F6G)Mzy5I%~>?1YotJvf68bxZMuM^pT3i
zz;J620c2c0Y)^m?$;dmGl;W}T^SHZNobr_A^OpM=gm=QjG-F0w;`ZiXLUc2KuSoNA
zL<OL7NI#2$$#n{itA_bc<gm|z17^BlU{nRh`6THe;M$>1f(6PLAo3prlrKhp%ZrYh
zFSBoSDg5uTu&<X4Q0}|z_n_?aKea(_JX{^t;6M`Fi}rVpn|4nKr@pq~R_tmAV`{vo
zvdxWsoCouF>2s#Zl$7B%dARNJy(_V+-XU<L|4amM>?VLdF8eqPI-P9q1lJlfW?sS@
zIqep=x3LUd$dwyh_f^>sE+&|Xje^-aWJy0+v55>CW9OBd?vhLDAM*Jgg4{2u40-YP
z{<};1Xn-&R?tPjz-K`#r+uC?IHeE?BE-u#HPb)khH(WM`LX0y-Vpgj&w}xn_$l_z&
zE!mr7JE}a69CzCeEv&82J|Z$M;JdS8x@32ka&Gi?FtYEUEE|F2D+cM;No!WtH`#yl
zdaW^~rZ!YlXv#pwDr<-s?-u{$dT6yKl;i%Zgx)k#9w()ZmzEszYm7M)WsznbkDf4I
zKMyS$9}2iUOo{X#soQ=vAA=iX<(03|R?POq<M87y@-j95!zlH1l?&prn8AO1d;qmj
zbZ{^fH#avH4}caQAD@+#)&63g>+Ss=o5jra7Otr%f9_ZVm2hAl8beC2e1)nV&l`!e
zEX+%b`*J{{!36!x__K54DE<!>rzz+u)grCTuWkc~N1o?n@OY%C>v&0rHr<>4?*-))
zWd;J~<6Cy`ndu3a%CSk~5%IzMk^_e0`O*?n-Bo(kIk#Y~8?RK;9kS90-PYM|<FCKZ
zxDql%Ej)1`Umu)~ruk>RA6wstt!<U4VO%G(4}u}fr}t|=r@dio7h}~JhcgGij=p45
z{5l77WU0d-SE~L*esy%-I}>0CTQ#FP%bD|;x)3S$erh26cU@v0w*DL$Hen{0&m0EI
zEG{58>+?LO|1_fD-RrXD6;f741BXd(@~1y+*rYE*zvjK+B2VseMd4;oB~DcAW!D;0
zEv8GW591Ln*%laOX5%YaR#51?+ETmH3ZFCDb~E1Z+`S2@+=gvuMH84W*_5TJH5%&u
z6KkDl)s_|TOl(pd5CPh4yzaZCxc+JthXc=L!wNI;0v^~@4C5sG4JbG2@5$!GhmN0=
zvuP;x@sEvB<|}^?3TP3V%y)kP%qVsRG}&Q!pbT|z(bqUsYC4we>hujRG3Yoz$Gy@>
zcqrnlDTB_bv|8mo+{b(#BFxcD&v_%VBmnW5)uHF;8Jb!|NzVzmhbU3;)ps^%lUlN3
zBUZHZX~Qjp9%s(~Dwpk$ZHj<50Vpi1&qSgQlpTYvg&1fwUvpz);~6AVRp2_Xv9Zx<
zca1wZFaushM`vdy<Ec!XoSfTxdw~%VaIir}q6~jZsx@mgJP!CC1}z&5>ilHMCFlt$
zB`YxC*iD9$Zpzfx*lE;ohxe56)atM^bi!)Y-ScIJf(NX7$P;$U6ZHd(Y7A;LYF4d>
z_a<cl$w&!B@GUxFI)HoAjRb{K+C47<ka7*$MxxUlt!k%3d7!J5MkqGas41ID-{=<r
zmeh8_?TS)wXv;VQ&&l=MUM>6>%-@H;9D~NO&{gch@`7YI$;f}2(sehALjyQonJs2%
zVSx>;1bo#Ou&rId;lLA1{^A1WQ|IHognrSAZ<IW?4~*T6ZZ{^GSy_M8`Q+rJY&I`8
zP`vIrJ~w;~0b%BnE_77vAx@z=AA+*mbSy;KfBYKqaJPSx&AB%@>D9k;G#8im6VOTi
zN0C`3>~?Qt{pXyVNNC^Yk7!}MXvIaoXVnMP5Re<gQ=w^RHg=_EdMJq`=xjYbS9kaA
zBV3WZ8CFLP8T1`k$ne~X$ok}V2MKssG5GKK8i}*Y>f(`ABp2D)u5RvsDjiA5jjO!)
zWN;fKkd)N`Xmj7k@vGCUsMfT_&n>{Tqxvb)C|};62g`Tu`x@LqN5#Dslq}_xJqO3X
zd9wWOl<>p=^uyP?xgGReHV~9d=nU=TJ8#UfmEVVGVxr0`Dk3wDXqPr9n3hgx^H;a`
zE;-zJB&H0chV^pX=2-Hn+|Iz0m)0_Amwi#D9A?#Pxp#J>QKUpOQS<uD!f9Pwc&sk=
z;i*<N%~dop=o~b4p%;J}at@JL(1%z`!)Vh(zy*dSj&*x*;6`^Hux7LF{d)fQH_*p%
z=tJOO1e|Fod4LJ&LyGEULdTW53-(!NMK@?6VBL$pxW}q<^onV?p%SfrA%5GC@ZSE>
z)NNsV-N>zXjVNXp7~0=(^s@{G^iIl<H$@$K*_DASb$Z&Q(sJpdYKw%GHu0uPBA=e8
z8e~-moQ-WkRUKIP(v-fED23q7_KJdth+-B%;BT8;Re>1f@vOpH>w<7LqGxMpn4ecQ
zrj(@MAxcg1IIZHJo!TN2yhUX1UQ`_H(*s45|6;N)O{WrVdF|kn&5irB-V>bEsHF6m
zz6!G7*R`jAK+z==?();reAS6&u@rH~&5z9eISqYPQQx&B{=f`Z3SDSH|Bs``Y>ABy
z_JQwfEY<kK#S_K#Klw+kblmm6jszA!!8^Pkujxbl-5mH63KJ|IpjJSK7S7hkq$JZ4
zeJpsXo)CkC>ZQdjXpOa|+8f2gkqOPe`e;L+%No?SOV|@kXiLOaF?4oz_LmPA{O&rG
zgkr@bcY8*WaJl;r3*cyEq-I~8w^cE<I0^|;|8|k&noR2!wtj-g>boD|KAG|!M+XH0
zews5?un2pw%B&Xn`b+T%1r2SowLM=0)M`V|sMlC>a(%QFOFw(_3Tmn<d9!lLjm)n-
zpS(Jaa%_yGsyw{MR$`)ip69Y}ZVrxtfuY@OT&PVAZZPJ#7q-ETMk8)1U(fP3UNcS|
zu916jpg*>SBmql*B%#r0s2kVIMvqy`7eaqAX<^qFbr7{pvuS<lqGG(DbBxi7k4G&~
zCYx&u>n55VUbCr^;BotS$FH~;ljU$IzB0JZC+UH!Debog=7rVcRZv~NI`4gm3-bIq
z)kL>Nqhaa9F4Gq2w=jz2L*VE{Z7j`+&v!!@r-Sjsq^41&go(CdI_0oZzUHC1y0&(`
z)$cOIQ2x&7B*i}VRxU3>V=SfTm)W%ob<S?cJEx=7#0&2?x!Jc-y4mBsCdua3WF+E3
zt_OlK*5{k!*`C1^PW3%d8dPH%lQ+)T<zG^w2g+&s=NB$gC=%3{(dk3SYgc>te1fQs
z=8tL9^B}ZYlJ?PA>sP85(NXGn1KKM_HryD>*^p*99^*{lg;J8fv{rbU9P=|4;4iic
zCo@bLoVH?7edMC!RbDRr_E=%jaYOn$a@OzpkES&B)aq+gTJ1Q&<#jlH%)R}4x0#Wh
zcoicLqKw1He1TaIa!1k6{tsr8R&cC8?O#uvn;*~<GNlG@axc8Oo3m}cRh99(H&GA)
zTY7sIc#=;>zNFA=1UU<gZ)=S~9xJ2A6O2Xb+4^D&=!<_5bYfA{DqY0P7g)9EDtUa_
zT9r(r$JI@%589on=n_Q*-cROBCDzO-%9VEJ)~SC*V3AflAGqY$q*<@eTRhhVxL3^V
zGdHilkwz0+%%ip!mBkNZ^*6juo8PAZa`c?{M8t?V&K$*`1LDL+g#D#8sq+>HE8j7!
zD-ez%?hD8)q!w_0JT(T@4LnRAZXJrAFB$MDDF0-g$%BSM50&pOl-XK7T+(99u%vRA
zfhIz7jKI@kz!Q8FvwD24z?7cxa)2pMDOo&~3YF=$v*8kJ)%fXvbJyUd(lWr|i!6wr
zA>WNJ&!`9UqB^;mC2Z=3Sos3+r?w1)MLXw;_@dh;k$^{B2tw3~m#UobNE_!8BA5=?
zQ*mX8NI+{m)T$qE0AVxSA;?$d`V=P(k;KM^R!9>z=NhkWKA_wNUggVqF`cBWZEVn!
zBK6eTB|S#>(O*0S_SM4pGb`g_Nm;A2dd<n?qX36wdxtwweKY{_7>BZ=hgaui5Z@Kj
zszpRy`o0Ftc2d6kFeZfTF~yyiS=NO2Ac*~yKRyRe)RudA%2Sx@G-s^l#L+BUuKUrv
z${36rM<F4rKy1n~`=O&WCxII&ryAm7jH<Y?DBi*pCw=Rv#wh<ol6|FA3fVAsHMUQp
zG;Unm1<Rt4n<wf>68w6|l5$}~NVo(^8ybE=i>qiUKl&j-FS3qZxm;#9K%Ay=QT%R2
zN)&ULiY>8@y&!d1{|rxcI@6U0kvN;2n>Z6WoT~f`WkzJp(8`9ChX>|dQ{cB1wPr*#
zNR`QnJ4c+}1N`?*k))V%eV$m|-(o2*>ZO<FADPpEk0VU;in`fB^hBxE<G&4G{Yr%;
zG?Zz?hAcVN(xd6=eVs$dg1DW<za2$zEmf&JTr!9ht;OU`;TGvhSm?jhLquk4!53;a
zpP)WDKXm_$(k7tbUJw>CWm^c=p)HL&LS%olu+ugYP7%C%yt>GuCn?pqNj%<qr-9>L
zSmKSEDvN>l7UUOdea7WKa4O5W+Zfq=Hobe>dgU>TMn?mW)xO2Va9ymUf1^^)5cpH2
z*2XESu)gaaDHu4}O_;50T*)`?r?SOpi|6@zPHGl1PSl|@^bA5L9+0gH{AtrXE^Od^
zRpr*SGe=d&>#cFo6O+S-TdEu!ItI;te(q3hcTYCT_uGUk%9ko|T!X#%PPIdY9?kDS
zyYWCEGw)c<78_rfFXXnB%X2~LHxE)}i`%MU^`!=mRDHgqk=pU-Wy`xzmbSup1ka^f
zj$AZD&Z!LDy|Cc!jzSci$BT9R?&qM!3t2zL)j{1Ys74oiRx_Y_5hI^X&~}1m{5mnf
zovtk5?r2QD&S2!5O<$_?pWC2W^?cHBTz(eAAM_*$Y{4A6g(3dtERs_*33@L~bF2Cx
zv3TBHCWy@2g-xSWKaq0ZA`V@dw`~<;%rD@P_FNf<MB;BGZuP`av!H6Yo?6D9PLXXU
z4BP7idrfzzkGB>+xGidzt4$E4w_Wy+Wf^q_PZ$XzO-Y9=X0TC8ZQUUmxUjZfNW|4t
z9%sSU{dj5}rEbIbEZ&`D3$a<b5!+i#wvkIBkRTzUSZ~dVo6@h<tOU1c`M$A&uM+F&
zGNJ-8<6o$*!JRQwA74S#Qp{0G)co8Lj<su7lmWqHC)geP6m*9>n?a~A>r6u~gz73E
zi!!`>@OAOdq|eC?gE!VW(5%)CCdI-=$Fe51QoQ(ZhT3DAU$GW|?Pq6CZU#KaGR})A
z?Izm|`Dh&yjD>_`yGxgd`~;jT?4oW+-}$9o-aHz>Gn7V?#w|(tdb&?;+_Te5!FWqY
zxO`pQ$&xj?h+caJrsUT=QvH20>JnRxJ6TuNfzV_NE*qrI$>ZBxao74A*N#Zx>se&B
zJ7JJlK++*?vEiz^2aD)lEV=+8cD48UX@3Kf^`mV%YdCesm(09gBPc>PH18|ys&NNQ
z0$@4O-g)?wF1CRP1c#WQ;~ZMbIDCp0Bz?^TFjY!Nv$y@q<_VK~z0)`&|GhSI$N)rg
z&l?GQdqk!!dZzL6`+UcrYAbYdPI-v!gbq+qad8w33@H;6#vF~F-8?cps~^8A53s~q
zxa)~<Kv4WYWx?57EBh+g1uup<Pc@Yr@?1-J!(>_D8R<xAGqEqEO_-|zl6h-wfR(rw
z76D5b8H{l})o)t93t|hbtn(`R`U<*HexhuoHXmC;e9@Sl7gAl=_8Dgu3WpeA3yfC;
zMpH2zh}<Ce8yt@)YLyRmvoFeVn+a!q-?QT_YzUi;l|5K2W@8-AQty@)&3=7TieeX>
zA_F0AE_=P8Iy`^|)p}C26Gc7R*oBN$Fu^gfY%n|pi9Fw^UHdD~g@eesqZV3{>fd%s
z4T08b2}AIYgmd8^)py!lc^toBPFrfq2;7qe+R-ekQjC7O`$pWAZ&X1jU)LjT$=!rQ
zY*$68ajy#DyME@fkC-5`V#O;_p>fJPQgDudRPMIjR;2wt;dhyxZ}VlI)Xv350G(@#
z=E@ISgil`rY<pj72XmrCdFexXXtE=5j@^Ce-3e+{L&FA<7_JCj%SUIlt}ZYFO1zp2
zX-J}#-<gi!2ggK`n;cVbj<*mCj(E;mj@%SmSB8)x32&opj=Z-UzNIY?xeI&o0Xx8I
zU2mDV(MB&q=6_&u0tR`1`d|}n%&c*!x*^VWg51BmI5(wbdvjN3x(vDfQsn&Q_(-(y
zWv=rO&lso@{C%8F2>LHA^DAr!;dqk-BvGOh3NuoPez1g0_&zgseTgFF{DuRbn|<uJ
zZbo=xa}m#uA24+tr?4#!B2RKo|D%xB34i1iFztb(DrpU2`Hkm=1CO<b&v1y6j;^r1
zJ#$tWT;<e75{!~LM=IMA43l<eVf|h*<;;@5?#|Vie7HxsA!1mS&(a2?K~4^9Rs^br
z0SQfM*W*0hq(Q4%1KI~67dy4271G=s9cW&;Or-@fEObj?x<eQ}LT>f0DBI(2(fI4}
zd~JwnG;+^cp7DyY0-Z-&V4E>wo|!lKqv7_oO!xwiH~QM^J@;|a6`65PmdBvrk%v3V
zoDB5j;~Q3I%lzr!>ZqF_Ti#Z8+%u!$W}aukL|$cKR0_s87GwSVp^pr@k1V)cF2@bg
z93f4izE2)S+HYazMuI_Up4@$nccyxi-B)RB_T2n;8O36ity%w(c~KP+x<ax2z%3q6
zA0~`S(XzIHn^kwM)zuQ3Sz%*^JdOwMroudeFZFO*;D-!=t|7Uop6RmS7mW8I^Ujvl
z8t}~tdH-eF=<hOMU9Gjg$nbBEZMsgo!8Lu$yt(g){8t=5-Fz5@pW)lpxV9l=GnW%4
zQ;MmDyf`>UgD;?yBM{$s>%uTp_=ZNET1a^On(+zmYjp!IvnIC~Hk7hBT-~CVJE4w?
z-w7F9=n!|`x4}+u(k-m4h-FxoN&Noe3ES?s%I-n&xNx}?-F%^Y90+&bh|y0m*u#k&
zJKzSA2Bw2*i|<+@4gyFSKfiWnZEK9oCA2dqw2wmwqbf_$u<npva<c@^3$#luY9SbW
zdusBC^C(GUF-Jt=yF&&Fcau?FmbhPGyJ4x$z$#7BUh{V>5Md0*9OawX9yh@L*?t)l
zpLEG}pE5fI8WOn@l+H+#$(xdv`+(K}14XGKUyW(%KKDzw#0bpFt^@PIS<xg=`WRqn
z?dG0tA_XAe<Xy*y?QCMJZ!$$7M_Rw<pe`p$Yw^?fb9_q#*GFK2t~vWMxT+N?P9ibZ
zSj)(aYh-SJh-No`G~(R`i#u)4iCY1hY&pM<TOKrjxT0+ZMSJFTuNi4E<4SeD|G=i7
zT7d<}ZYU@+%HZ{b-=^P!Rr$NAsFqtlOyqqgqx27Te0q~-5^prro|l|5CB%de1;Qm^
zEn*L=iDlXblP9rwRXf61b%lMzr1buqhFmyPnWQu-{ttukosBs;$|QRubG)9sjAl;Z
zFc(%1aQb!kI#}&KrN!Wr?(bSxHtncbsEbb3J>e79dr|$Y)9!hRj^aPV2~el)S#yqz
zLR0x{d|3gRP?tV#Kj!IjW11Q9iFA>UYv2?;N|nkMTqjbes!)Y;Ix**}0g=%0t_{@~
z)rt>8_gJCdwl8`h>O6;UK1LY#=i2b^M4h3Da3oz#dG6J!)5@0dN+mkF%{8iSN(ElG
z`515$bb?;;BwRUvrO1BFhZ+`qFt7fU;Iu2bX<vO<_-ti5pUhC=8Y|&RmCH1|f?gzy
z(id4*gY+ki5;f_$JRNqBBIcG;(29SLFINkgkyIAMQK)YpWsqKq$H^20#A65(Pv<u2
zx8tAbi5$-|`pA)mUB1R8XBh|($UI*h+C%Y6z-U-BbVoMdi;_O)O(BX@*$|JGEp1nh
zN3bnGUS%-W-j`zC0TP7O>gZ0X_PYCI8Vsi6isW``Zr7%N3l&H7DL~h(ewjWVp(@||
z@k%Z<s<+A7QpSVRovZLi^WHl8eYJ-_#_{bNCI@ue@~Oujxt$NACDZ&Tm|XQ=PHXeG
zs-Q?9&JR}tXj_8$(j@_O^9y|(KPB8zRMeO_{%(Kzz6ERQr5$YK?gEH54uB2S)C68{
zpK|#?Q%XFN)VQI`4VVe@lT(kSXYbpzn9PuoGt{pIX_J$b;TeK&<Hc6qiNWi}3_GA2
z6r1p*+q)OzJXT~?GO2c3He7QwauAVSUnNPpIVxUVock?Dw;HFoOeU+356Qik6FRkI
zOy2^o+?*fJ)$SGXxN4+CU*F?m8(qT})lg4P{rISBsZX!t5xS@+Hy*fe9TTnR$p?kC
zz;2nnT;-{G{rM<XrWTc-eQx83I(&1VnGuo1GVi>cK^<7WgTEwR_I`=9^YOo5!5)5X
z3ILrG%d$UOAU)Zn>kduc_STz*#yI*WCo^CU9n#pBeOxa|*eWg1Q7@lfwNfVLys}Hc
z>FT!S<xp~Sz1y*!4X}S$cJ=Vy<4yZM3R-2*?v6vjc8vr&2oz8Xm?{5~d%{a3RD}&L
z;8znXF}{LD2#Tp*uVXyGO+u4=aHHLk`*-G-2ezl&8W!)VA5x*WeN2do64hE|L~K-P
z`3|qCrEk|8N|j?-su2D@5CWZ9s@A!RxyoF|Ovy@oJuzGlJ2n{ukwG(O&BlH62ED<N
zQWw;nQz&N`31JvOwhaiuIc=4dPFN-ZVB^O?{!70t^d7O7tNlp9PdiITBPb%rjZVmH
zS#@5iP_ufRl<do~$jd852-+>UY-o!F7SHErgJqduzITb8(-lDhjnc7+i#z#Vvj%CN
zZ@K}(xa?kaVeDw&C!WK^Oc@p@AVX5r;<}{laO5hu;ZoFzj@6p9%X?RcL#k+j_{Iu%
zHmT{>C90FkSsG<u((A+T<zAcDEPt7DzS4e&D1Fn=TI&Uiu{u-19z>M+PX4?3IyG8s
zZgD!Wj}(0}|HwBW`7w8&#KxBKCr`DJrA2Qr(6qg!?2uB!IqAyl6Y7cDSb{@6MI+D{
zJ9XP9TA+LxvzWu*Ygd{-{oYXJy`#;Ims;Q`9*ht%5U%590|;-~1So$6D$;F<P}$Pn
zjwR<AP5j|Z{-G?1mYfFoq}K*F5rtA^1TN79b=eW6(n`_r(aLi~9%eG?g~z-7QHdX2
zI$>>XH#n(hk!`bXp^h$uZ~KTXZ|NH#!E#%g&SDV^V_Dyu_2shesU^~s!{Fi0p%@_=
zi4&+CE_I6=5#g~c8l;X9w6#aE-<T*ME(49y0d(8xwv8O+_~#Fpk|rhV5?kM(=`MxF
z%nJbDy23jdhBo^0rx=O?eiYOu2ZyNUpE2aixy0UzD^;m4biM?oJhnbiCJ6{H<^2om
zJzW!1G`E8gKDI$|u}00V6Z1-xKJey@_HF|{JT845$pFK}yu!9$-{vkqc)1csTVExf
z1z-A-iUt1%`vbwwMw%FMniioxp#9SB-<+AoWj=^x@Mjt@tjf|%j9R6ldJ>}ezVZ7_
z`t&;^-XFUEwvQu+`XEhSP7(9-XJ?A!fE&D?eEA`DO?v#`w18Wo`9CzlH8{NUmyhR~
zv{G)Jpl4`HyyV~TXyK8D$uZbO?G7|Rt6KatDWqcbO04GMD9Jfx6`vAqM^&@3>o>D4
zLN7=D3GDC2=st<l%H}P7n`S*GMSbT)t%Q3*v=5wO;|gNQyl-<)NS0_FbC(<X72>_<
z;X;iss9ypF@e+Z2$;0K=6c9?#Y;h#}JM0N~50Re$0HO;nF~=zSKV|)oU2g6F@&+<v
z^;%sYu?QJWbuDjoWt|$@mbWmOUB1tL9#46W0A?CkAfRdZ@r#qF(s1e27{(jaJM+^I
z;+N;Dr?kxB?R$}l57l|9V~}jxr^hH^4nWMX;F)DYC#Eb>_j(g9r%S~5Ad998pac9G
zy=CJH0aKNApSf2{ocPbIi<szNw;zzw3l=HfH{TnKQ^l$w!HAHdL;HZJqr>x!X)>**
zFmP0$Ofv1x&Hk7*@J3k>ag^8RY&UiPOE{<_pFrg<5w{`kzHBsC^2$BaIjuCB!mR<G
zKMhb*bT8q^OyAuX?bann;S^SVvLr?aqpWqhvJ>y~n!~J???Wo0onxe4V_*2%!SW%i
z7we40n(Gt7?BLxb3gz}IoP+wym!)^2(Shd&@3|y4bw6#-M%NF>(Q%Lm1V}vA5=*Ye
zTRt!LErYBL)FrBB55Uf2kfZ)%0)F#Il|4C|#FYWw<D}2){5UwFr3rxLU}9t?%b6BJ
zwswMKhK!adTjBMX+(FZ;+0+!BTz6^A>7+DjE(@Q=!yI;<bf#UiYvH0$1)M<h&BI%N
zwgZuKWsXH9xn;exBFi5=4Y~#dXas+e-lU<kw5c=_Q{?3NO-lHqZ%4K_<q*LY3zyml
z=yDn*o5wb>tz^q{1~uq@sIhpkB(IH8r=5X`Y~gFQ;>jXNXfB~Q5oh*Nqb9HN65Psx
z#k=;}Dx7c1QsuxxcJ7Se*~CicHZrE|V{4CuDqZD#-nW77h$qBs&L5EFLrPwm>T2>C
z<Wt+>cfvx#1~Jey5}ZXhRa#rc$T6kOYeB(nrChuyQ-0CPmQr_EAl#gxsf3R_$bLgu
zynre&w)$qLE9>Gl1hjP_46KT3+x>&t*S_4diSpYxoAlFCI1Q=wqQf$mxxXC)ze{gG
zd|_uuQpd<nzX@LAYEfZ0x)4nX^V*yp7fWszHz?$1$K+<Em!{#Ri^0CZ0qo*=1?mzP
zP(*`xJe=h<G@t{i*KsqJVuhSRYxdoP192-W8sJ~BopsCs#b0r7#I$;d9!v*zPfo(S
ze9#~%I!{hkGbtrWsOP)ZR4^LM2r;^WRm~}e4S2zkjIuBHNMw(RkZbA^8g;a=KCjOo
zd1J$?E@pR+w}!n)N#u)g?fQC?JxDmMcA<@M#lu>E`4Th*AU_K!!QbWI{&+h-4l9C-
zDWUU|waa~Us}d=|jhs9EsF}0gK?rLu1$a*sG3ASqY+uZ1WWtlFbbl5Nfvu_9X~pD<
z5z|jw{Jf8kr`Hgas<kC6*V*xpa<+~$d81Fao%D7~6OJ2KPj1Wkg5p3XF<Y}!RK0%u
z=BQcYA<9r+izteqdv@!Js3T`B;@uBv_sOc3(z>r+0I(TT4kf+pv5pr~e>THmOmwC6
zwsdP7kQXhQMwx~q<xgsxh(%W%FD)=}1-jr_TAh2CH|{pr>go-eRMvgv=!JR3mvtM`
z!1v&M;2=PfO0)z;(y)XW>3Bx0S=Y;QbnBd2UG?!O6}!Dz{riIKE{H`L)zf>@ezNVR
z#!O;e+Ez{k;71+gr~Nf$-E2UEw*-3q&a(IIV$A*@<C0ouJ(H=RV<N?OKLPv*e&CE(
zk!0nULhjQ6)jMyI$l=uDYA8QX*bx|4VX)(3FdFJ}M3zRi1LL!KAX!IDWl3g(H|7lX
z|6%PN10(7Bb?-QnWa3FOv2ELSGO?YBZD(TJwr$(CZQD9M_x<d1_PgKn@qFr3S6BDy
zRq3j=uK(}4R=24SU;VH6e0-&r_|sJkXk}L96V@ok%Kxn&W2<T5@aRFUCn?BSN)ykF
zGBI_{7&I(N0tUp~01jZE_tifxiUGIdzw6xdC_GU*4iq!s5EPP0xpNT6bqn7B?i}pW
zfv)V>)l|Db4^YqjKXw;sJ#b;dIj^A??Sd-fPYuA=(=&XgaN!L~Hhfk1u$+%2N-F59
zx5tP)HgpQ~lAV^eWcCt=LS!1`<kX}a@X;jAh+6$%buIH%lLjFp7WGcU^ln{42wyFb
zcI($0S%Q4DDS5}NJ0pw*F^qmw>2i*(nGPJsN#r*=o&s@zHtWlN#VT}tQe6D7m@c>x
zOZA;C7o9c*b!nS~UVa|W-ka8;4LM8SzH--S(e4Nuio*SUyFW5NKM$yF_X7}WQ)}y@
zmKJmX&l8EuJ82NbJ(x^SXucj9hWkriUO-qFiZ0Eyu7kXUOz#8+9@&NrZl$E@n`SGp
z3t(vrb2%^jScbQL;*{PN_X(n_5;G9v&5)-EyK)^5F*QHPsS66jUvqEoPA3q`O6j{>
zX7D?_uKQf-T{s-=ThXSAHSD~&##03Bh}G$aElYX(pqsKq*<mgIj{{4^WGj;|y%<Oz
z))@3xebn5#7thMCv+HYUWkMf5l*CmBf+3JIJ98}x5J4<ey6(cToQy?!=3G)<!r+RE
z(eUH$b}T3_D1aj7^yw>38X@-zwl`;3li$-E=E_5Q$aMi`F`4P!^AfrgGR|ljU&yOG
zY~_zVR%eo1d(LSLyrx5xLzhwhj>H9Vw|k?amlY}?<^tHZ<h}2xdun_UI}<L(6nX-!
z5FL8-Bl5n(7Ocnu6cZK7HpdOlV*f*GloVwKG-)z9%nd17{R{iq=4ac%_-hNQ0B`qu
zDH^HcY*hlY4$_4~ygq^02P<&}gvvadgH8>S<e4hN5Vl1e)Qs`my4k^djsCZjniD=F
zMv5-|Y7B8%y6V>U%p&7bAXzgzxa|z>kX=3?vtR5h*P@qPPGCTSD?_Tg+~iY%_YzmY
zN#i?rMTPGbNiM_a#>8i0x72&##Qx56;Y5jxb%v49F2T97wc;4n*p(45xWMp{kOLFr
zIyb08AUwZA>o}bu*I`d@#xr(&$Ja&peSs(5Q-&*y+ZQmVS=X8#%^@NpL9J={p;R~A
z1KM&umNgQJc=0ioPxAB%Ney`tB1k%7e;-W&8UHGw?6VF7zN00wPJUQ}OSke0PC6}9
zyKX?1m=f>ked<_ECwIqYQnOHHfF!<dyLBM>Nu$v5<oIo5=SlJq4^-Q&EM4FUXw*E*
zU=ZP=vMOUTnaT8rk{cqMV8Fn49y7A{ZAR@B;+MD~cnzJfVog>Lo(AxSc8;w)9fi)c
z0sQKVel)Hlb-#MkX<(T&i*?N$NJ|VHrv#o%%-4IB-=)<+Wn*U{Zerk#Q2zZV%{C*@
zY{(5|5oES8$lu@zmMvH;STH3DkN|iD01cEU`@zP+0ay^|4*=KY`R%Z-`{Z9>Q(F_v
zTT$Bu!RwgrFmsM1z%;Fk6C@j*7~Y^q2D~C&=ORxE+aQzC_N{^?^(4-StZ2x#__zs7
zste{y&DVb%qIl;XEibK?SMxb%_MDrA6m;_Z6B&?c%V!msIDDM6lE#4P1B=<#?nt=*
zL6OWriZ#+Y(Qd!~{ZO#|T^*KcO}IOL6A)Xqc0;>d(-K@8?+Ubkq@>HD64#-{L1-+G
zkeW@W>;`Ia^kwFcc5})Z$+TA42QfP+ig3a`!sBr$PI14=I-ii)ak=LE?Xs3r5DTc`
zkfy|QnFC@Yyc1Mz%Ui`6)9&Y1-I=}locJymNsdjre~>j1cVD~T9*+Tz+~7<pA(nt7
ze<kY27tWqv7nV<O!1`uY4hyJN9QFnF4nUKho-_&{fMD|7<i1#?F>$}0HW--T@zQ-y
zw%&iLR)qC_*#;90or=?rmkiDc-%}EuM*MSl=^G^{cvOWQY}{&}v|guSZn{sl%_2V&
z_o;<(a_>dJ%S8z(?S#dH6DP;^8Low^4V2Ph7ICo*lrruMA;>@x05T+g2}X+Et+c9M
zorgW|`{eA-?H+{b$@99)AFT6VEI{buW2KY93z#3`cPOt7!6vU&eH(1}Th0*KC}Qeg
zes4tJafcs~vg-VcoF2UJhfp1e(#zpi8cOioW4PL>Bc>fS*4(3{46t+!tAVD@A9F3^
zmu#{>phXogdGayzR-ZpxFiSfFM~XT=q%%$#j{735g}?%9^E|GTo~Fwuh0*l#b5B9P
z8;K|fxxvrr6u6Me$laUQfdB?QpkM%Jgdk1Q9soy@DCnJ-fK8BCxR8z?F;u}rxWF*I
z)GP#IlRi0#@tJ+Ib&z!jMaieijCxX35m@?RlXGUgT!7nk(K4*{KgdE&H5^fBUe#34
z^{zdVWyZsm3n;}m+UQQU2S<4Lgr_nAo{ZxJC;Zg9uyxkWY>4GYN@<-L_A7FbBJrqk
z87)p=wurosIrx*&%P`-~W@%3!SY~ckqMoNdeu&0MR6c2WEo5pEWNB%V$ON<+iv3A^
zfroRg^%=)2tdPgfKZxDRUAWSK+iSr>a_Xvyd8rWNY#0HB^<pWk|Ddq`Gz6Wq6OfrF
z)0D`W`1^}2q<8d5^#h{;)n0n{we%ES`gqP!7&2XrDB|5giG<wNL<9pdJTICr&ADrR
zpgYvHw?CgWeUEJnLQOR1tMp?>>ARzf6s_%}^d26m>i^Fg&ELhU5%E7w&&ys$OUq>=
zK^_dOAT=!ufCW4B%*=8-SNUd6gJLvj7?_{COaKL)##KJ$>m(s_?Yv2r`|X4`Ki%T4
z>5s6M(&+FCrDmSxCY+iEI~+ObXxNp@*QCA50ljuyO+GC_WJ^nFL(|IbSXL>X1i$*O
zO_%j9gwQ<~7LK%TAJK2`QL3{7S;RdE0^JS^(H{*>cxZp8hJk>op;gDj;-##!v$IwE
zjmSE{r~+`Tyj-?jwMOY63WiXxNDCQb?S|P8tu)+#15s#ejDDpvtqrUii7PZTIqLX4
z5}B6({em_(v3QS<i1iD%h0AmGG~B-iox>7KD^Pm9Jwe+*9+>Lr+M)q^>&U&kXz)zB
z^QC+95&fj7$CS`rnf#jCd>Il}I|%!#fMdu5jodX<)vLuonG4l0ph+|ss6~+67jdXL
z6FJsTlWH>Z)woSKo5*GfZZtlj;NNW(C!$t?I<c$4QfYx`NrojZQ7so|&Lxz({TcQA
zv4`%(=u>Fqv{{8ld-!5I`I0{M!gch*m1UoKWb?G}A;>*xg{}^Vd+H=LB>P6*)bhyt
zHHojTuHO2EWPH-E<hm)V45ZA%ZX(KQKohe({I!N-SdrKmB}pGBbaRPzOUJroO)l_e
z3sm{g23;{K<7y0|ysfw<cW~N5NP}ciy??Znx40$5rrXz_Q776;mYABwTMwqpTiI@c
z$9%KIo0>pM{P3MXI{JOyEtM!5+p%0t(O*vwL0xyXT?d4PZli~(Au^3nI+QAA5SZ34
zBHs(tL+!#LSL=XPV%wse$g{yRI!UpUfRrryxfg!s1;S=6qvz)<*@YyJvzSADBS>7c
zaVbtqOJFz|%rjY7IUL5RV*zKE+we39HR**I1#fQ>AHOlXbSy^2J9;7>vb=CsPmvKA
z_^bRT(H<Hd<ea6wkAmmilX+FvhCyKYk5Npl;YkR)KWH(FOo?fI6V<P_fTw)oZjTZT
z`ohWiIO}hmlk(>EUdKz09VsxH(4uv*sX|W*I|7T3Z1QL*y0U7Js`a*iFP&U7ZdNWU
z8xpaaZRk|_>5OTK&07o;b^U73CqRHB$P)z&?%!XqI2?lir6_*_*xbJ;E-Nd5dc{AS
z%Hqv^2_oDXW`PlxMXNoN<LqSB+PY{DcjR7`ei8TCWvX-wY>&0XI)2D$d4=E1A)?LT
zwNPqwzFK#b*$S~w@+xL%YrffJ6JC7%Ek3e3+(_-3oTbR%W->xcb2=+hdV<g8tugh;
zvE-4%bM6rfIS0K`OCR=4CHOvOD`oohJC*A&3V-{Yl=jG)g}XaUVm*-r50c>c5$;Mx
zHx_6=`c<I_%e8(&K<z#Pi5b%~I4MGke2;;BYk6;)Z3pH!ok=##wQecp?%W#}JZlfV
zBj2}`7zFHM(Y=G90~fX$2+EyLb9Q#s78>K!_!4;MiB^#7gUKJD$plcdPqbB%nVU7T
z#GfZ<H@H7&e1-WtO-LZB6UF#oD43s)ln^u$rMiV+wL5!M2^h&_Qj3Pqe-nWRhqGiu
z6hexEKwPGrvC0kfElf@G2C(8#VB4O>--42wO+$+48C54KzSAe=%NZ*NvUI%n>WSmX
zLr|AODfm+T@z5D$T@MeT0%>QGx@V=QF@jQ!YvF9N;%mE?Ir^!`{rafGVWo{4X6g9j
z>F|<tcSZe|7@=Ghe;z!+Saod2N=`8>{XR84*^4O?n2=FTEfJKr($#$<5BpnSrLI9J
z{0x7m%ZcAGLvo2sD@s=|%8yihj$yP25m|>scuaFZ;+_A-L&Dv+o~RUZ$!~*_d&0V-
zILfKgs&lg?wvTmL{A-d2jhTKcIyxToM#<d>lG$*{82w0ikDct5#|BmR9aT%8b|pjf
zd2g+8D^IIti#Q0hCEq$VL||*VF@Em7R@rI!;gH3pask6`Z_UouzUV_eOt5a*04yDm
z*qnox8*Qehrh4<m^6A{}sJOVehm#p&0Fy@wlPQwHP$V`&##*xr#$m<vJ7*RmtK^ty
zK$OiJE{pBc-BmTd73%B`wg2WV-Gejl)NjmP6B==Y%Cic+06s5kS6@=pjq}tXN3gNJ
zI@JTaU1cSl-OotYZ{aS#R&3V@%NbZ|P6I0V@Dj2v_!MTFq>e-bq}o2<w<+dYIIV~8
zS<4_3U#btg-u83A(}S8~K3%?_IX}jFRs@jd{?7TMcg8c%=<1#Fmi0E!SOgXB3XG#Z
zbj1GTAga+i2kh%BcZI>z>AisYKH`yNm-!A(Ok1wMQkV96?0IonAvE>wh05!F(XjM<
zVeS3q2Tv%0RJ=e#D`hw9k&7L%B;=sJ;7sDzXI0c^K;V{vVF*=JE>QMqHR`;ac5;0!
zP<3W4iu8DhJZv)kcG@|B>2{>XyArao88{@w-HJb%kl_@GV?89u2&LmGi)|<_pj;wX
zrdZj&IwLior{s6;Kv353J<&4D;YbZ$JXWq`fhNPT;7&hRW=%8-&YiL1Vw+ohYiRSe
z@M>v_?Yuq@eOg<_opESQZ&p!9#H_VrEC$PIm4hp}cqvC<@FZT&yy0m2^771erc$LR
zDpf_>H2@OV<ND9h+1?&9I8*L-rgVr-esrB<n}IS;U&hL>-?XNXH2`B5z$FZr&dLB(
zA;2XFpqnzd-J5W6aa}(?0@4x1O_)+)P=&$Ji{?VYp)1m4gzT_Y%(bvHsPISbPouGh
z%`S$m{Rzc*v!$G|^Ayl0l}sD9W_B;(Sa@!c$J4rN-|SH*6ybMO)t^232y8f_m8|Xw
zB-siw*^9PFlY;#IfzEgEyxbvgVm&O-x!st|8d^C8mNz#i0ma(C*F}s7hzjK}^@>iP
z$(&s13a4X!wT4C=A%TL+yZ*|>jJ@p3Z?o`Z_W8A1hCHj!V29G(ALcI)<6e<kOPDNK
z>@h$aa&Af`GiJg=|CsK23i^pLmv8`Yyf+l}`~CSQH-Uzoh@)_Qtkv;}!E*8sFrwsx
zQq#?9t7CSWuR59JKS%B0L3@2KPH|NES+|b9u#XAVb|jKR@{c**D?1#O;vfI<K>wzy
zs9+uP?>bnGI6<=gKRf-(27NT_rsZXMBjlZVWC(w~`#+&ue1#$)B1i&Tt?v%-Mnu|0
z{6yk{rC(z<|5(15Fk$H5p3w+g!kwC7H2+XsQ%w&R$;0ou6!12a*v%mQ1NFKlibdxA
zb5Do&q{LH!Fd`y?iDe~*h%*8f@CTEAQs7h_m;9dk36YmigmXiRNS^$n+$Zqzl1;4y
z?7*li{maHy$G{7sNL)<o6wh|Zw(chd4>HNWO+!)w^0u-j>dW@1d~TP=bZMyp0fl6L
zAcU1Mfwfi4@7|fiLF<X(m8w3`d3i>fuJ{5qEeDfv*E~)UHLFZBCm=TA*t<Ttz_{U^
z0!RA!Q*7H4lg-736dnw)^<#JqGNbSCWz2%p$(@@Lb`qGSvI7ubnPpO_U*HR`!AWEJ
zhLKZ#>H}#~Yuvq~Ejdy=h!_%5GG~lvMrS+bP&4hr#|8icbgNB-_MB!7dZ$go^N*4Y
z>K;6#maQmBXO>YMp$MC5b5vY%W8UYJFAYL&^oXqFa?wvikgtIUON=Py4Cn$)=}1u9
za(^;77Nq>tLPU^OrD#jl+`%0Y$rbUVCyCQ))XEPcKkDDNz^z36L5eZ+vu~JcL&j95
zJ+_HH!}Bea-i#?fi3KDgACviK1bsXUo7PD$-C%!Q>S_W>g4RTzyAJF?i3t;6&&Y6u
z1iD_x3lpWY9?6@qKII!sN(uc>W)URDFw?~N;>nj$gC@(O=3<a)d399@Q&aka1eSfh
z19XUz5ZDdN5`2=ncpMb5`5#a9DpDRlF$^eRk$liplCy238R#)!F(P8tFSyH`znk**
z(Os6lj6Xi~uF)b%4&T!(1w(!+hCv}WG>HHF4pXv`7D1kuIskDn2N4-Ks%?ZZa-viy
zQ6XH`@dt{>j~lOKrqodi=RCU(&~4S3#ag%@%{O~#O~}^Y3CD}^YgA+SP2CCg2I*Lq
z(*=)*I=ETI`i4WpE4YGw=0O;!5>&<i$nmhO95YYnKOdDFEKz)>`EFF2bPNjK%m3pW
z7^szg!ZB#y3T}P)=_zkcC6j{xF5am0!83ZEo*H<>#KidqmbjfF!pT}1Fl5UUgud64
z8->}~in(X9pRn@g8S=#S;W6)LP<lCoRp|O~>%2}bIEExHsmqME@&XIMsVgPCPcHz1
zqZF98uoT<c6nfoP21Os(-G`!>ph_p5#ic0~z^U*xIv7A*uKi;&m-e#TY(vV)0`K+g
zl87CZ0xk>e{dq&Dta(9sa7Te5`yeTbE4ZRO*z;89*OsbeV^qLU*e8AYrI+1rD&tYM
zb%LDRH)8JwRDEi)ovaQ}HDwslDh&y3M~FR%z3VPk+!N9xTG_W6zjN0sJfJt;lDtYQ
zct^-c{3yjte%okoYapm0ff8$;o{&QIKN4s=UAeOdE+mxZbV-VHa@IzbbI^^R=??5-
znVY(lKB7-7az-s7``1e~@aDXI$k*M_sIO%=uv(L|>>Z0liJaGi5=OS{2?+^5k~D5E
z)x&2xGjza&>1kF%J1QbX%o$AO`3)b*?M<evbh##FCb4~!d0`70Yf=hdDM*rNdU<mk
zhV{G>uBg|YgHX;KU`h~GW>kL*rlR&_F?duXjkez`;@|IWW_BnEjzGf>L>Yw3^wp0_
zY$7-PGOL*({T7xQKpA_jQWByX<InHGB47iIXiX0TmIU?ol?YnM^;xTrZ>IY=sQ&0i
zJO}KdY7DG^vm%)=h4d0gQ^b)My`AJ-y_<OQLtW2)PJwC~^!d*1fwkSu;Sc3+_;zx_
zQN=*=wnUXA%vM6et8!`}{TGKP%yvbn%*Z^Sgi%lSpNGfSFwN+^xWkPsbsmv$s@?5~
z^TJnX-Q$!V-I@Yx_K3wk?Dp{nzC9!+O0Be8K50-4%`Cth;Va2>*NUg0&*nQlq`%0@
zaQH=wyL`{SPltY|zy{`p>7Re|pR3TV+@6v|1EPELE~|d#nIxT^y-OUj?)jCeL6_tS
zF6zo~M{fLd84(mWWO@BSN35(nqSAi1I+i|&Y09BnvU_ab^UmGov)t>JDEbT<eV^13
zt=7j(GqiiJCsqOoasfNmOGS@k_wAcR!9pMPLgl)y;Qg)i;!GJSZWeh(3mRA3tEe!c
zY|)LKb!G4&$=RdO3sheDNlJ<OoT<Y<;h4YjU9lt0A1Oaw)Yuk3vAf~i-4x%x{t{PR
zss=rJdxVIG4;M>7#FEi@TEODABYpk#IQkWRG&3kPU&RQmIzK<=0I{<hYqMc>hL)F_
zgVWdMFS0*;0+dW&a%5bAF@(|~dyT_+{m1$PLhZm89>O6tbE9=7Ogwdi^EW6Z<E5^n
z9YaEwSD2iRlI%UnVs}HQf~{N6vJVl9wbvhXR<kxjuA-3s=efINOh=6GbA@oxEqe|y
zEG2!?DvSJA2w`Tu@iBus?6A|!Uot$xFrZ5Xmr(2BXHLtV30zty`=1>*V*BXrqE8Ux
zO`ASd%4#$_s|9H#&rPP9z%H-dY?f7l%8=3bihNmA4#;lUSJ;(yzj?Q2tu*LkK8lX$
ziuoF)cT_ZfWYpsTyll-h-DtQ)@PMeq!NZATV@=jwjpQL8W#!epC%0{i2vievWtj`u
zoc`5VwXV;iP=&X_GA8A2PmT9&Yr^R$Om`<zb2Nnq?u#6ZBPf=cC8$o!euO$cn-m+z
zX%Dhs5@&Z%nWBu*^&)a08SJEF)6l?LwnZyzAqcF91g<z^!p9wUlLemfp26EA2~#Ht
zwhP$(A@ga&MKas)s&lNtAa@-1$kp}|p%>EXvJv0#NK66P>zw{@*BGwrZUL({J+8*m
z3M?)f$}uvI&Rs*8<tPrDW$f^CN-T!hxt^Lh>SZ3z(7u!IopW@c`xH0I_{;nm@;S{q
zs5;pExS@o2Qkhu+m`Ij`_q|72(-<s5H_2t>>IH1R*o<=uRlf+-b4vz1+uM3pRpq*z
zLd3R?nB8%(a)0}RSB+6Z=jlHQd7{{2kt7tXhOr8pbm3fr*^fKw+jEPQbkv%|y~8?m
zmgh+p4LCv~VfeE`{0<Op7}#R58CsPsk)xQWmL5i+qPQy+Y^#AaS=M@WT1FmDiZjDA
zc{+b2d6%Z%h;{qSPq9#Ws-uTFt#bFeWlDLTf8A7IM_Rqvc@!)s?f;6RVz+I!_%^a>
zDM+!EMrUv^l5Te%8-8w~FDSzFQ$K}AQ+R&KK5Iq7t~MZI5xUU0KwdY@D6-1z=f`);
zsY^p}X2vU@g+eK_R4lf%vte-=h(6OucxUVpX$!Hb{91V=?7Z#v7NRA6)Nh^eUeD(A
zlINqI@zMLaUT;a&O&3$wyeVM9RhOHXX*DTHu>vz7c6T&5Pw+X}XW8W7XRRpXDbMuu
z$bRIE`O|W5KNK)owo&4N_?#Lt4p<v%c5d9o$c~}R`zzPQL}mq+V<Np3m2t)O?;dYY
zcYX9q<%{B1+_Oghd|VWSmOp9{JqJuTCB`VO=?tJ&k>-4-JJ9nsXSvZ98TBC!aDTZ2
z6--)FOcCT$!~lYbgGyU~t_gT&EQv4=H>OLbTQ08znna?&s8!o8`b@kXwwO{Aa!D;~
z3{-`_`y2+Xd$2lSzd4;2Z2dLogaiBSia09dJQht22N7tQTt-JqGjYLjobT~aKQZWa
zPBm3*I~N2mb``nm*B2(Ytr2(YSNnR$M>?*|t-*cr7?AQW%Z@*~aVtg|6I59heafjJ
zw(_zmfx|y)Go_7uw~mP1z#o>&VC=;~r-YyN#-e&mXwKZHmEe`;oMJ(H-<I7T&Q8V`
zVR^HSw-Q2hhUGC<>t4F5LkxqI70#d=Sexgj=pMP^%hih_#!U#zv?c%%IMwQw$+cy!
z?l0%~RXNomJ^sq9aZDQREAN6kzcj+s0As@*qdmMwA)@qJ=nQ4<W&U&-sCo7JQ(so0
zqB-E=8M7%%<rKiID@UM0$y@YJ*)Uz^CH(+vb12a!7ekR%FzM}LKZY0z9p&`%0FH7B
z;nh|wTNyr8*@?pzM7`p1ebxNuTZ<S(L?3zHqFGC{Fb6iAVS?NBnc=q%4lD+a3=B0p
zf|7a@B{UsgnIO=4j{05VAAp%n5L|9DV49<8Ts*Jta0#Eg(9$(#(r|=kDF>J-nHAq~
zNeGp7eA`G;=a%ALPXM$*zGQ=Kv2T>oKb_+u`l5i7mp`aJE6i~Em_`6W%3V99bh?Eg
zg5m*>#XIIcZy|&%d%I0^oWETRYco;w*DoYM$Tt~$qRu%9C3OhX7|Z0F#?vg?`AUc1
zhC3V~sv^=q*8J-{2Lw(|&Xq<>%qgzB@3LGsV1FM0t9k;WKJ0@PWmsq)dxnOBdf_{}
zjDl9bUYr-JbYxGw4ldYE#yq*&jJeHAKV3H`GwSq^a}Z%dzInpbWXJv|dn?0l84&Rj
zM%y{Oq~kp?TOc_yIca<{Tj25Wu+;v%8`j4b0==b~&9=4^%jDtVp{n^j!=4XFjLAv|
z>Nc==LR@f7Ea^O@Sp;N+x3V4*7Uuq&LjrhJuyw}+YLQHa{%AZo8x|Y@`-$q?0W1(n
zp3dPI`q!V|?~1(~E37!LUn}8s?WB#w!^1P4)s-B}t<yXiy{r&Buv`4{{7g18G$7j*
zfgBCjHL*9g2vq&BKpK*YJ1`iP4saYDo`|9{ZaIFw7mE(NzjX&2VNi6mF~mgPXe*(t
zea)<2yp9g>5L}%Q<sMSL2vN)A8a~C?7q|VJM8vN{Gm@kTNJet~`gls=a%FgUcyMud
z-#a-OIhiXmwX_@<8w+~^q*?2HoT`N5aJNUT*?Qn|I$IeXO;&VUu6t_WX#h4>uB=H7
zML|lVv`HOS>bgJ5sXZ|+RB+|gioWlbGI6wauHdpw@C~P@fNAH5yn5g!On7lUijX7A
zwhwvJxF?c2d-XrSawhY-K66Ouw94Y1H;#)eTC9RKO%QW~+j#NmcV}3DfZ(bJ5PuRK
z^0s$RR-CbGs>_bPQwCMECBOc=ut_#=k|CIUqLHDRNZA5|=`2xud;7ErlZ&e>Jz%3=
z-SUZ@P!Rp{;8MwBx;Ev@jX`lG^YHc7bBML_F4fd2oS1A}N=Af9ozL+=^HaA)hy9}x
zl0I!OnOQBsNg0Hb<%<-*u9DEkiY%rHc)sq-ekhpepRRWIHq!yeTE5k>0NH-B7^klz
zyZn;xJY@mO^!&8MA}sk&SNFgV@GF)m7B85!cXZ60JxHZ6fOlwbVM_y^Jle)<^~i6#
z+%*HbDoenw1XpPAebRL$Ls%Xu4I=!OekeFUM~r1(aQ2AXb)qJ7whW0Ga+}gC3jzX_
z?npXy$<@RGm*iE=@Ro<cIjKbdbt#su_bG4?<h*rV-PQ{8Z<NnF9#%h~!cf_An0omI
zu+D1Q4xl{0zS>PNFWEevuUzgO`E&l3bR-V5bGm-Xd2-!**#fP;3ov@W01X;bdsDwD
zk!fl}VsoY37?;siGUcYG&boQu7>%jHAq3PIp6@}&u*BN#;&1orrrNg5c<wh@l0cWQ
zP%`kbr2mcO`y;u@j|GrS?vAF8rgH=V^6}ivOb;Mi>G=3KyQL*XFbIy``|}+Ukb4Cs
z+NdVx)*7u9w0hHV;%1dMrlz28qu`ZGHPc|fz__1avFDRF^icY>jV*CI`_iXu<o-0N
z#WtB^;d~NAQ5S}J6`^2Q;hh*?9$~Q-8}uShoEMb%E-+3DnBf6ZGHhPhf+-S0p^!;z
zwmhG1Mo6>d6czi+syZd)<q`j8Tmf=2aFI!*_zE!GP&a(koGNK2ikafR`CnR3*JnNd
zd7ypwO`cwB;dVghgxY^fl=yrQIpBOzN!?X-WbKy8)I{xD3&J}e`3<yOKRRA(2V3S<
z<qyQl{gQ=c2S-(hX$^EyeFB+ya-Ia4oi=8E)zu@|)U)_|qMz%X=mG5Zt>Nl=oqJAH
z(fL0e_o*3c{x>sk7N9fT><s~amj!uwet?rH5`_~H6a=}sxha*(1Qj7--;*0Ws$ME%
zsA#oBnxHw<wv?7YOw{r_g=%Dnk0*(lO*GnzFU3l3QXz2~X-kZYmnNwp`ET09b)R7Q
z02j#L_fxO<E2M>Eb0z|$w#jt%KEN3Q{Ekc-)aT6}z#ZUFl)g8?Rj997A4n&(PVL^D
z+H29;gPlOev;SK8PiWNS8fB{xAfMy^h*tmE(J3eb^G{&W-^-8xzjE5&@A#jTNI*mW
zY9{|)n*bu#e~$Wp^uj-qKNpNN7)N?y3`l`s)idBSl&RG<{t?W4w}USKW(M6Ju6>E#
zybYO{f%96sY$uMaqdnS-L^+|o$FJ1g@P1>iI;nd~apob^OH{6J{<oby@C*FsfLsaJ
z#jT%cE@<RYQusEZqz^iohY_i?uB2zy`-Sgra-=gaJvv&GI~!bem;7D~kC;5KZ|+jJ
z2oco(WJ&SSA<?X`2Mb$Y7_J@bR%Yhz)y4f@cFWF~lF8gDCFf|2fGRw$$nYyPuiUzL
zEjT*drn`i0gR~ccm|>-u=>yfM4GvWgH(Emk$_LeOA)*Ks&D{K>U`xMpdrv6D9Xk-o
zy(Six8WlC=fm&p_AH4UCSeAAWaL0U+H$7*|&5w?>us^7YvDBa%f4b58d?%}I^yshY
zTN67?7(%Nh*g$K8QNv;e2<^BB%Y?GdM@!UwyF}1U@zJOUep7^JWS*~xsI=NrtAp@v
z6do3=;_`Q{t@}RJ|6y{Is{XmfroE*XHy|&odZ#iwUX(Y9m%oT|3OCM$&&h00c*+27
zLXi0xu16nWAk~@EK)A8Dn};wZM=nD*o`5XYgi=9jpkeHxm3n*9G_$C^+YPqO>X3}I
zOd~y$@7})&<fayxjg3DHQO77WpukR@D|cRIA&8?Ay(wJVbxDGn$>jcv1vuPMl4_%l
zetpg0db_>=TSw}9>$qM1RmJ8z^mGMkz-1kur2q24)M(}A8!#qm^O&f2=Jt7g&9Ip6
z!^hQfgNoZ|wK0luhlyna)n*_~apt^eKem3-oBD6ynPw+kE>+gf{L0O7JJ-$4qv1N6
ztVqOz?z)RCiS%{9#@R?o-CoQABPg<tE1HH=*WgFx#Dgr4*tU|q#mn%{DkBci760f3
zhBfZl>(|@T=I^0HR<)<-TF*7YvuBGT<4@&R|Ja}+O5vyLhmZKhrs^GO80WUfa<@HD
zCkvXxm$o)@$nFSRb_*AR)Nb>tzMpnUV<iP^;uo<ypGRXacA_wxi&O-<{NZKV=FeA8
z*xSoJU+y_LIIe!tWlI0;OY8#V>|~}#%yuS&8TY6G?^;q;nVWvV!z+}*&1|^Q?6Nf*
zz?PJK;>g&iI(LhH)!sOI;Bv9QvzB!l+4^7$%{|x}vuj0wCIzWD-Yjf8hRWkYs?Nu)
zc11Gcai|F;re$^fF`nhjj5pWxBLv$uYMapr!`Ih$JmMMj;Uj&X=5Uh!{#;>-;4)+l
z$ffZbmZkF+`k}jZD+S>)C!0$Npg~Lc&AV6m!QNmn>9s5ega!^I;s(+eUDlS!YDFSS
z8&AkZ?J+GZOzS3zxO}#3D_Y3TJ<-xTyFZDIxPl{KMVyzKo_i%HraHx-;|i*({=7MP
zVPcCXgdGS09c38=z-?3+-VqipCgCkx5}%ujg%nGLd0QVjfR84j$})f*2tB{Sd`%#i
zPc;+Do2l+`x}0S@vzs=tv$>x;3aG@b^=s8~WZQ>vxX2Ln;x4U4teT0owhx87w6pm;
zlvT5d2q(>;YF<R1W5yZpm<63%z@bV$EIIEI!Ep#~fuyeM9Y1&Rt}uT?sOWeLsF7H%
zs(Jj#d6fyU*8JiKtQlRjjwjmKTwUUJy`Ov(BZkRZ2jlAH3{p3FImag6J?3`u$y@3g
z*T_Yq<YnOwd0DBr9yVX6&J6;=(-%e|p?Y5%<7Rz69K}Kk#iM=0zZVehvuo)Xb8_s@
zDsKJ#8V#p!R2`Dd3Kx0(ZohXgPnU0z-<jk4`r4r?SxYVkcNB74csF%F?2WAdYHi48
zRk{D@gCH>!aNCb;Tv<tvy#K})!QfEu37)T8QT6+3v*Wy?QWw9B{$*>-sm<f_V2wue
zZ9HTW$ef`q)qP~|J^2AO*z?(G9@}!XGdIbl>j^p29@m^Y6t9SLvV-RI1W{2@DEp#l
zs`6E<nR8U{kKiA6DxG3;>;0F9WEV)$DFxYH{`MaM7~H9xN1MT4F$}3u4UC89WF%#x
zjDhkVw&fY-UoWW6lO49xP08>UQiK%bVX;k3fDHFF!;c%{rI@v52^j1x57_QS6&(U<
z>d>``Guq<wOR4L$O-$@92c3|si)Deut4l-5?nP({c(%ZC9cFI-BkQvj?Is7`V4P3g
z=$QPl<PIwwS7PIGQxb_Zpq0TcVIw_NwH|#xDI+UcA>szgP(tQt98_7?I7zw^-}~yH
zp_mXnmSc|?vj&<oKMlAF94AIQN=-RW=tY)3f7*>Dw6y#(AioJ=|8Z2*HX4yrub1s9
z2|LhFgz79x?bb+4VUHv}K90YjWaVLO>P)2AxD<nK?I2vh5}lSQVd|$q&dQuM3;S2z
zpJ&g>;YzB$B>Tm|yuoS+dB7g39e#82BVP69<{VDC2A{dGt#g2R0@To&Oq!IcrkNCE
zzZjpMDsz-XJf=#LHuWb<^K4sHRjiJ_3=jJahQ1x7hyoUD0#P9O!#BzCfy3w?c|kMP
zpD70sq1vfUaX(Q-CLc*w;W~pJx@`~ini;x8A#Ylk*m82%uo?MkW5!3dkH#Vl2Z!R?
z@RMBf#*6_WYERbEYj+{G4bC!FBq1R!Of4tx9`9EDTT}4fUqFXKRQPK^ki3>BrhWVl
zVAJ*Hg0!yo)$E4pumkU-$q@Or*8232&Rvla3GY`~NwvECV6q+B0lpxcD_3CZJ=;SO
zpPyi0U<h>Xz?7RNc;J*fi5Y!KT^*u2dLb>}>9krx-uvnF87O1c8z$&1OW)MMBz+!~
z-rAm4wyLtfgLbtrW=E;0-^v(F`RP1psJ5kFf3m2hOQ^cBBl+Y-&R73rnJ4dMy&5GZ
zsrfl{<7ZL9GhE~Ks%UY`$Z}BF>VPEc>O6pbv>4=ZkDt;74T1Oks0aaZy{_Z#_egHH
z=kvb)!0l<B>d6XOM+sEYQW!-Yzqk^#PK(ul6+&+?xP4JzWcnPTIai->VXajCInh=3
zQ2||Px+>AT!TNV6AkzvIIm+_)(d%!uN8Rr*XgtGpX{S4lTMF9NhZ1<(Xz&y>t*_GM
zYI|V=x#Of*Y~;4@-Q_`R^mrg_oofQ5C!lR{#f4v?OPS4>%Oi2{yyH1ON?dlB-O4zh
zRU4jR*T+|%C*R!9pGK#G77;nLJb>PVb}(6DD{u67g<xMCBg2%#b^4*HNL1s~1wR!=
z;%of73Td)Qo^*mGyrKlmx!ucdtBHb;Gc+L6a|hLh1SOM>+(I$T(T8M4K=-{zr-V?^
z6_=J`oy`%${^(@OJJs^wrBhunn4O)KxSXrU=6ywAkPa8AlTnBfRtiZ6G=zo^GoXH)
znS%ya?JEqCQL-&wc-&izF<sDP>pEietFM?-@AoZ)HFMgd4NG$!ppBpA)hH^d&@ZI&
z*(C<#6&V(2hNTEYWyNYeld0fPlaO(wWT7h0$mvL@v%t)Cq2S}!aetr*6?Fs|*`uKM
z4ArRitSPj(9&BOq^|mejlGl(Fr|M66C%-rX*J7T7H|N)E>RY+L)FG>mG#H$(`tcH6
z(At?fv7(M7_4$KULU109L;X=9+PE+{fy=PHwkr30?L}Db2jr1;zLPbIJsgR_`+(%K
zqkS-Rz`{(_FN3B#V|6xg>YRR>>%ILV;c^}iq<jvX2nNQk{M5i#ir%nTs8Cv?P<nr{
z?rNg6X!OmFN#2poT!L8SSg6Tj{W>G4L@;DwSR|P>2$0?h6Y8{*$xtF{S7vbVMIKsE
zr=1hn#RltI&n22h>ncORLu;`{U-ny)?2(GdbXd%9-^6tT3;qPUQNlzO>fL)rHkKX6
z#dm-O547(eX}Z>>gqFS?zxGz_#dRzL@!~pv<l@5ANz2Jc85G}YIi~BC=vrGsDZs=+
zxw)b_071wqE|0t@0UiFyiv3h2Gjq0N)J!V{3Dz>rJ};11@{8)9j9oxT8DGDQ_NGca
zC;nlm(u^ZSRC-$%JU&d~6pbO1n%kH9Kq3l!M0%xPlX$b*HcC_o9~MiV=Ei&)2dk>=
z9om}3v)}@Pid4=~T3TT^go=34YCP2f&(0m<9$QPVi|4Myq*C_AL)F&xxPDJQi}G=6
zzxCAIm!ZW>Si?TiZ+5}($TF``Tbm%<<E%j1vi7ytY^fF7Lz-aref4H9+9;)kpRq+4
zFk#~wJDxF9q|j+^AI!t%g-bBY_G4q@2%`0V_#so|Pc&9M&p~oF-yv|OXYqV%k0k@u
zpd6$Q9)?<QKgvIr3rkIP+Hf@3%v|69;Nha-Zh%EiZEMveKcz1%3Byf3zaCfTmzbWZ
z(EE$!`sFHJta!#$sryRImQB8_!N<(!dq-C5=E^+?P~uhq!FnGq#4iPEwaP8xg&;K!
z_s0QfLZl`uM)Qw6x+H#)1qcvBO!^UJWo71@ZY=I?S<js|Fk_WH&0MY+ceuE+yFTbz
zpU`z8<1;-cCu&F;%boc0-uf2*(-mjE<Zq7(ypWF%5~kUw4=CevJ?joIrh^i2Y)On7
zoHiEX%*#%cx|`$nFh@Z4%eAiXpYm5Xrq9~7baD@FNOul&SF{V~$v@YN)<X|jRkJ}?
zX86QIP!#&H=41W%{GdYBW7tMH)mVN}q^h>^!H*l<k%H%EK$PTsuR~#3<Q)L<X8y^b
znxZTuf8d2m!+fv#7AQB~eb$!tO^XfXY!&1?x^m^RjyNhrc@+t{qgJM%lOEy<3NEr9
zMs8>QpON0SDw=|?-yfD~I)j4}7%Ei#Xvr~6G37qO^Gw_#Lcegxg@Kdb-+@4hVWW0n
zJbd8;wf&rDS+QMYGloJ7JE-1gF)O}=2&AvoqeIv~IZj(AouQI`%?!_icjC#C%xdzT
zk%xd@b%IH<#5OVgK$*5^*fTG6;1x2_kRIJD7?n+9pjv&G<(yQ0;z;#+B@U+Am#svM
zMX6GeKgASSIEu3M9){Ju-mhHoD!wuB&DvF*|G^tXP6Lzp1L?eMSHW2@B~yZF+dS><
zwu<uuDf!mL=>(*{8@H?${r3mPNFTCALjF)%jjF=3`z|@iysrC(=b98|t~9V!=M}wb
z2A{M&5+X8hVKLAzio?9X%b=31Kv4rRxT3+%bh!x}Z3@Qdn$_VmQ_#D)Eu=rb3m((&
z42<RpK7I|i2I=CTiYR<ej(9HTN)|F_WAECp@s^e5j|+f*f!>NQD}46iSkNIU!z_DT
z2AsYO5)U%M=SueDR~O97DsG#lB9pfRQrNkt@B4XntWFCEvS&fv6`9#75<;hE^MP19
zW(iUc*>A#NH}2T_kM~$%R)1LINKOFUPVbmG*XE|SRBFB;YY(RERE?F2f_zECF^TNq
zC}q|89@ZlVaE6R6T$k*;dc_#KA`NtgOpx2pod3qpNbTT!%E`S=4b}F8^~e73>KpLv
zzJ(=b?E?z5*gZPozszoEA_b9xg@#xg@?ajW&VJf<R>BMLsVoj$?N+F&?9L8UAmzd9
zu_nN%3VB9H1KzBRl>xOKpLHDg-pbW!?{3B{eU`$_ZoBHpM=Z+0)iWK(dV1pjh;DVK
z_owvCch1k)oWm^wqAH}*zeufT2sxoH07G{aOgc)tlCgzBJ`fTWT*d*G`lSwI+hNEj
zSkWOcB)6e~Ed%#176m8l+0=Reh{JM9aCcrKsLFcCl+J&1eA}GI)OX>zEpUhgf-EXJ
zt5M7c_wak&E=G|d;?9z6*l7xp5iP!X4AfQ#2Fd1!C=WY0g<(M}=xIUyeEf(u4Sp5D
zJW$a~Dz`9;6hC9zfpWy1(^_JYMo+w!q-DkJ(xz1r(SQ$oesG+X<NRPJ0cPQJw>Isu
zv@VA(FEODrP~+SNqUvu0;u{R^!e%OEtMbB&DR{d1RJEbhQQcR=Btb^im!fzMk*Ui`
zQC@3yZ|#`}KJCDQZ`*9#bF1r36VsN^r#=YEAZN}@yUR~BMnXu8OHEIE=zE2my#^#M
zp1%nnpI8kDBiZLjzJD@=Jc=ZuZ-0H(1Z@}vjcm5Zh?x^#EnN%>5EWuNcoIH)-n(K1
z6HgPD&+pXw-(3hA4pc%&ePQ0NV&=-8BxSvI{-%?G(^E0izlEkpAwt+^MT}UYburkY
zmowcsM}yma8U@H$KUrn`yl#mqTUL|Ii?k+~Ro-&5xI%3AnEc>rbv|v${^hEwZYE20
zLXLOfp>+~JUo2PGbcpA_cAM7OtZ};)PKFe5TtJaY?(fY+c}pSsU^RDEAJ0=q@v?TW
zx0~E_d8s$5B3WXyQl@-C*XRZ+NGkPdACWKWvx*0WD6x;IY^PwmE|!y~k@NEkmeedK
zr1{9^xMln-Wv3>@Iiw2G#EL8Kp~e%@6`7f47B^+~j2Y|GaS(dI*dCOYp5)hnK+`Z~
zr;VHJcl|R~ODDL{+3op0c{`r;sw)jXUO_DK5s<Q-PR0h4I;_H}Aw`vSoE_46paU&Z
zS68doWNmU=d_yOc`q%TpQ(cLNa_3pkj2fTPNQgP37^&ZRO{_Wj`?M)tcSJ)NJNWi&
z?jGGYR%F|Dg}j`79?BFvJ63b9&(HQZnckGU`O7r0BL<$7tGyg+Rlt9=%}1R%|8_bj
z;GheIp9o-TY^c-UIR}2a<XM~K(4GWQFu^lxI*5`VwdPn<kkTS&e`$+mgH0~6EFF*n
z9xS3rC;=91oVfPv<4zPCtzEjlO=Y5^9mu{sD|Ife_ovbjkT-@?n^F%RhY>Bhw7F|8
zICvb=uMy&nTyaCjzq`VlR}^vSB?#__Lhp0p%>@0(vR(;tX|^whXnRZzyi(v&B;>5}
z?pR+-5L#m+B(}6<V!bTLwZT_Aw2`pTX<qr-b0KtN`h)umD^$%nz;=pTZ@l$abI_ld
z)QSHa5dHvW43w}4A8jM|I=|=FnP1Yu@eS1I{a}KFDE*wm<;UG=$1wIN48qc@R)Dfm
z5f>vcrA_HX$I%S^aU|2|>G^OZ#wRydSmnwofSZx@3cQ#=s_h%3Bv;dg(;Z!4^d(qq
zSMyV_lgoTDe9Hg$JoumRIA5C+#|%velY|5jg=YgSuI%(=vLq49?N=kDT3Nxx-mh?c
z`S!N}E-{B^8HVr5v2ifL_5Is0CRK3#e2C!Ii};`uZP0WYdMT!d(GS?6WqyZ#717R*
zS$t&y+*QN~I1dCvzOC!t1`W(e<_6s8feZk%^3#h$=({O8zpqz3>&P?sc#p#x)^<G7
zlBI8AoRbJkg~Y%EuMS9Al7d+s;flEn0UP=?&i&vyV4yj=v5bLHy<#!1cxb<s3!=)9
zmSW{-xLs(&Snjp{@W=mu1M6qATS*?5(bWm<!6?XOUIzJ&U4U3}5v>f^gEH<-U32{?
zY4SEJ74i^gFa;5+srN9wU>1h!I`{GD1OZn+(3KTFnQMaCR5_ec*tz5!*63dez=>pw
zi|m0GX)(INs?aPjWntY&m|WLj=pI+WgSwR6`T;=#?`^&AehikIw7{6jm%6FyLlZG1
z)jhFdd)?gvw4SXU##2r3F~H>>cGX+RV+c!`>pVhPvy@%<Q}*^>4%R9~!%)yfo!5d6
zoxtl(zpKwuCN7P?qCjsz%K2>6c42wAvG+b)QQ9#PWV-tejZ_RF9>nkXzz-wH!Kk72
z^ci&JTDwL7&Ug`rI~RL<2w?dh)!lfl#8Ss~8$v@-0f%gc?-uH@0_FH&HeU@`<wnuN
z$xl8ef1DnxYWhjy5Y9zGbQvCG6-1i9gqExs7rrokB_Jb|P%okA_4KNRHXXpztiG`t
zNJNr!OQwLE$*6&-jjU&2j(=5@Wv}w4chhtL#bo-dc84jUz6)x)0TVD%xL8D5A!wb2
zh-nL`YXZXuXkX1Pfqbgh#%3Smcv9D>hA^7Q?{szwdY%dblB*}s-9s2&cSd8|Pf5J&
z>anW!8OAZsQufZKWWUtK)a9^J4szZL$3VUVaC7o=D^i~X;)mxlhjdNUunDYz4rH^D
zOX87veo$YEcT}FS!|<VChF5Y+D<F#{#+405^AvOgwJBpm34D!NwA^1i+M<B~6n%@B
zqu9K7p?`1{<r#R^zl4v0zmwyWQ_%KjZiKIA=y+u#@~$g*v~Vze*$`rwmiR(iC3_In
z&)WA0@;A3p)_<7x$n%Rw_xn2}GR;^K&Fe9tM)*w@;8H{{lp$w0*O+J<wt#7EWCtaj
z%+Ura&{ho>DpaIMW5y}8==dDXDgIu2GhRaS?oSg?GhH_uqUm04`wutQf=ULrlRMpt
zqBQeIt~Z1Su*08tlP;`t7Y*Ylm8p?ztV@|3c>R`Hv+Jmv8CeUR10SvzV>7V&V_t}t
z=Mq6JL;=~yx=hANZi)MdM$I8>kQ-GW^6SF?2a11C13>Y1{{_XXt^0!~Ay;)gVsw36
zSkvxdNGzwx;^pyQm7U!=kg;Rc=Ll3`7VgERFRvN4lRRejQSMc*om?jeYZpPN^^%uO
zXU-Anpa*?`nUFlDCY=%SO38{lP+JdZg?;#kYhT4`nB{uh1+D);@y)`pIqyBj>@6K+
zA@G1CS8>vBYRXF~7A=EVIT2DePv97qIe%o~A~~ITNK*S3M^~|KfzTg=?^C_Sdu&2`
zN--zl#9m%ol{eLFMX&87v=9!;K*ru?mY-rL8PKyXY`|_OJ$Z|#6i1?Ha1%lVZL5fN
z=9xoAp~qy_-Aahm8UAs8F~**?R_KoHJGVK0<CM&_&?Kv6^e?8~=^1V?e2eY0I`iFI
zOVg+Eg$KQbXQ~KZp681B_}#5(X;aQq;_7{}>dMw!MTS!}s%bAL#lK3M^ZXNLg0iZ;
z*AJe@rRVP9<|YIL!`CT(g<z{$e+awsC_`pD{On5&5kQ7|ITX*ly~2436=ANVD>tBi
z_#i7C-*?<9l}zm&77G;NK9gU~DOU$(3KY!luDw;4X0Yz%hOnfJxIc4jMlc$L)zeKa
zN%v4tyKQO5pjR{&-JLm?dwY6%1~uc0vCMkk(Wx1+)RyVsZsV2Ib9gkgA}%=#NoUXP
zxo4tg&%H4uGnqXM7nQp>EC+|l5Hbw(dU|Cc{BEqyuTH${uxwpIG<oRsJLLTJ`%xpQ
zYA#Emqf>g#BP(1p>u4^h*v4Gjs;VRBHGcCYLuYGmv9jLny`FH(yM++zZ!F>nNBxcx
zG1!YXtJoAu_n5SM$hxMC)(7d&TM85HcAyRCO}|$ga}%t9s6d-7i;bvUC5O5=lkyMr
zgM@|i7a?gqB~bYBJLE$ESPuDjg_zE?%MovFu+PhNQBNS4B#7#3ca)i=;DRx42kJd@
z)$U(?AbPm~{w3TcOzq$L8y_B^A=`HSrenee;|IS!1d{4#AR|a1gG?v@<-q2BM8R>8
zo&y2M@2@dyl3)+_-zX^fDAgqZ2h+F;fyv`FYhGW2X+Wiv+>GAZ=#^Ml+YvA;AsI*+
zCUv;mGDs*Gh*4V|$7z~T5%c_)CVE~;NkUT7%t=7bd~d-TUx=KQDJi4>69DiVc+f;3
z;jzY|<H}wJYVJmi)*6&xnneS@Jo7gy;|gI=aO16=4TrPl&X|aeZ}3^UQ53++@ael-
zQ2_MM+={=IpnuTsebo^Tl<<be(C^kTJHWEG_o3*TdX(AQ8G@tak56ib<a@2%Wv}`1
zvJG;E0Bm4Kp%w=BV3hG6Ije&x-J|q(Tb>cGu-eG-`-Cdx?KQc?;mjY7Xqnok;^2LM
z!#|9r%NA;Xh<k+O{ro*@fyYi|gJft~Z{l_6%Ay8;DQOKTnuCm}p+;uL0;hPZQ=dQI
z=bQX3$u$oL;~V>K*Yc~8HttMG-hdvqn-z#z=kD$~c*W^;*I!<>-}3<tnM(jM=J-`Y
z=w|1>z@i>^o0eUziM!mNGRZUvSm3*g19;Wn4B7-c4pSrKC=paz+c39=1QX!(nX&QT
zj_6J@a1&z!d`p+&l8gLYy-SRT`YQ{D>Z!c)G6r&U0DZKbOGp5Kpbq@?FydNqzqpd&
ze8y!7aX`=1dF(h=>N<e{z?`3V%VZE#=}s02Cs5zSlH=9g^||&^l(O!qA+1Vo**9jg
zN=ibps@rQYL9Dt~9`fQ$88Xnhe}IR7&OrXMTiY+3`c_R&fT@eJ<|YY{x}yOx^7QH8
zkDhsnqi@CeXtd?1F8k#8{Oaa&t6TIi<;LgMvd6Uic&(&jcS4uoPyzZ6UIM5_(=bjx
zzIx|;fk9^ilGhSeqit(H4h+kw@ZU+Ox5u~>RiR_!YA_g@=e9m(&9FVa^5vC(i#p9;
zU+t)E+uLd}U;KYYc0`Mpc}UEd3?o%P0M;kKdT;|G<NQA~9pJD&<J)tk(_dRN<k6mE
z_AQRo?s?*#`)Y|@B5+CLVO3GlYk+j|s$L!6wNzdn5WoKP{4d7dIXIK3`}d7A$;7s8
z+fF97ZQHhO+nm_RL=)S#ZJ%e}-+S(<I=61s{V$cOes=fn-Fq*5*7|A>%EX22`J(FE
z4YyA%Pkphbt{5W)eo6pIm*zI|yp`OYJX)O**jl-%8DWrh^Cb^c{d^8iPv&}{L&@-|
zt1-1P=J+Kn%KdNJ09Y-*`5I{i@uVJrRUa-_D55jp0w^bCU!Ck&A7|iq=Qf9yG_}%$
zuSR@|aAVQ)uIUB{sf;YIFvO!;U~u`c_t5w>$DHuz0!@lIujO9-ssFIC^vYTFdS85c
z+G_vZ)MDkudD%QroR;}Af~dE}GaLIqhl|zW8g;XOWQkpCqq4T*KL!9tq#r&{p-6mw
z)g!dgj5|Of`iuiM$86WzXQ;6+oiSU*!~V&d+-y4c@PoM%r_Per)90E!*`(!|N7h{v
zxLCPfz|B@CShnsP&cyC`vdz3u#`F%aC)RC$Vugry;vQ8e<zN0DQo)|HGpY$YkdxV#
zr)bLQZD&<s$H30iS}92WI6OWB!Jay`%PTxw$3Eg&0=R3VDedp%;liR{AYonL(a_JC
z2(f=i$-mWM^&QWq#B!Ii%ycFVX(k?Lpln7S9oSeT#$0(16OA>XG4*G)k-?M2Iae^F
ziz8COjQjKfWBeua8=yuQr~iOaFmIs1%x%cn=tnVk2CCl1;vZ7D3wR|vUcy~NG%r^^
zgUn2s@U9H6DX7u5+yS)*qD|k8z>8^l1%9UvJYTDQFV9prl-`lEH6yng&w0_`y^cJw
z-hU3d$T7Vh7>cI;3MKppt<WX`Y?wE^?%_okk22gvaxD~clvBvj3NZk=400nJy?)FL
zg*nRMre=mSYjPt^Eez5eL*-*ku{<7#oIjlZ0cds%iHO1juO}rhzK$l#XUEtmgvW$&
z@kynZa9cJQSTZrrveEgjO#vQaY(I_@rj`fYe=0yi7d|dwG`ltg3dQa(50k71tys)i
zB36oji9cUG5?_d~$no<YkL1sqhmY2EhL=brlT&dmn(xs|WdUk|q`nwmIS~JIzG(l(
zNIh(r1Hwf&(AF1sWT?Z(JAk<MhBtC%a$;Yelkd!so80AT-Q>IB`EP{~P+3n5fh8zC
zyQ)64AiLZDW&w5x%IFCFCTe`?u$WwiP65?SfA*LwEK<eXrB|k(ZTLe=uq!kzcI?lG
zXhbLJ8!uNbAFEk7dUK{WQV?!{WR_q!c>aVil#tya5Bw|dIa1xjXyE<%A6%sew^CA@
zu{$Lv>s}Iu*^p&8Ud#4emumWdN`F*-07`$BwRWb&?vw_!M_2~UQs-zur^u+HoHWcr
zx>2(z=xIyZ+_|4>rJLF37mUd%7yR=GF_M6(&f*@%Tmc!vF&RSMUYx9&<DwPeF=E!l
zJgj*i8b-e8L0GoKVHO7vzCMm-X%kPFVFuXYK|?hZ;nG?b<f1CP%z9;4R>{rTB0y1>
z5kS?*x>EvPX)0oLm9N?|CuUvJC8v%t)PQAJev1OO4xhv_(rXks36RSZozvmGHUFcy
zDxWF$L2$|1<kyyGw)gw*`ubny=gmHj6iefg;7@P*r=SH92U8-kn9%fvw0gXzM;fUE
zF*n$fQ;Y#a1}x+Xr-&K(>_|qM==yYN*PfgR1!OTx&kkx3E0We_Dq*T-w3;VqvKJW3
znV?p5f^{oTYn>v(203N5VbxsWXoVm~nglheNQ_gV^r^UC4CoVOJ*Raa-e)g8_v=&3
zrvFpILp*>?ZQ($=@g{=jr^%XjU``yD#zw%NvTqh0YJ$qb#@^`WL^7%%SZrqpadEJL
z82&mhZ;72{QCVl`cuMqvER|q>DDXJ~)P(mD|9p0~(pZ+u)=sWC`#33DcIlF66OZE<
zG<VFdRtOJc<~PGsS@j*<F(-{U2J36?fpf5h9sas`UQu3SR`+NCho<q(?`4LMcIa~a
zIn8S~(RV{u7#Jy~oX8<r50PY;$w<kn_$!*WiqxV*Os5f><Z?g6wu)K~pSCnc+m^VY
zQ<IU+f<;qn>38Vh@0fWuYhs(`(e&WKLPCgSL`(zYt*iFy<2Wx20S{zW`XleIqdytU
zPE*%kIn2+mQ`dkN0$$U|dHd#X=T+8Q%0o6DogTK2py~mkW7mnFH;lgW%M#+^%!?k!
ze@ESguw_}~j2|1Y9OY~Y$f+Ums!C1$IG-emAs^4z=?@is-+|Y<bg^3aA*QG@xlJ$z
z`KQo(Vtj6|DP3^@ZH96`Gp-Y}5~dN^C)}IDRca1t{M`9hsr~+x?oCMez|tKJ8?^RE
zvEnoNY=Kyhh8C1WJl#Vz;j?q&jp;j>u#_}6f9wZCuw4Xj$Q(VLcQ!op^pS|8KG(dO
z*%o9JO^K0BXpMn{1ub+zwwpZ}Ra07)c+Y#}a;U}`z3ZS%Z;RfOCbW-ZmiGX0{!QoX
zEU&REE^tLh6|H*7>im`On^yhNyyCZ`|NeYc_<I9NQrJpsi4n68;%rJzzdukzJ!~x(
zJWqQ<5P)>GIo#w0&#is(aBV_Mm-+gEV!pD{P*s7vyN;z!4#N~rP!_j1qp$LR@>($=
zX`DAH+^<PltNLqLZ*)f8S**J|jZ>r4enTlNqQ0ormdz|pV@_Qa0eW?c=z7pbF*QAR
zy`N9&Z%^G@q3J`EUf1rcTQdso)KuPmUA8+Rb>i6PJMcCp0nd3<u=P!qzStXx?Uft$
zbVGY-;Bx=$lnuST>9j!=051D#ilYr97~2Hn;CMJPwPr?^7*7|}L`vq&q|D9$nlN2L
z_`u?&f@iBP8T>FCj*dOPz5AT#Tm=Ncfxd2cRuqTkJ|Af^Ga&l9ShX}-31j$sj!lmy
zv?PS9>P+Tq`e<UaGSi>zVfi0SVcMRHHoRfNka31wb?fm*-ty#Tnw<GV=4(Jp0Wa~k
z6~Fz}B@&0tQd^FB99r5h6%=2&9xeaXytl{8Yn+-#0c<*J&-^{F+4$ItV@Wj>9(z06
z3Y1woBYtr1(<&n;0fhaN`ROq3w!n;+5>(|8$fT#;1h^F$7Pgm&+lX<++CRyNd~+hx
zHovqwu;d+^B0CLa;(#?Q>flcSEF=5JBP<Y_nXR$rC#dyQdH&z#q*K+}%1P+pe{z$;
zF(8<oy-N;I#Qrz1JX6lE=smptaRl)woI#j<`VAm8yJmbJ{`@P?J7smZ2=FEoVRM$c
z8cW^lh6wt1KZp|h5GKoW@h?X3R`p4su%S|~(vVB}$Hq>1omv`dANbf%(49`szbCU%
zgx#8o`-TUTm3bQU$J9pyK(~$VYL+BKhUD-xTJ=_!){&1<8oiz+Wqa=3yv?=^E=vt#
zNpX)?!B0Wo$f=;j1|QlGXg0qDhW#XchR9+u5_#=D#OYM3o|Kq}1Z9_42;fKHYl8mG
zH{heO+hO`9AzA5zza!`wpP(mgy+B_P>jvj|U8HBKXhE%K@@`X@!58<mv|eGMt?Tc2
z2^fF4iGpn8RIbl^JIaaPBbHKR@;Xe)+_+R1c1Ga{+X2l>!auSzT)eUrQ#(vdX@H7!
zZ5$e7wP*}H55fSHn%JTo+&7U6-o8!Z*tpJW`=$GhuLj#}>PWX93ojbB;Mxj6Y`})O
zTh=56j+iFKJ7SA+ynG!6wRtoBE=xd{y6;!*E5707qJzr5?v9gtlK=K3C9QIsp#ZI2
zesvx8#%WQ^^<YVQ6V_U7Q^O|0P4l2vK4^Tj=f#VQ64vsQ0H5*L8c7DeXvj=Tk4XAc
zMs4x*a?^IU+AtVsvX4kRHNUq<BFXb|Fu!0UXX5+jsB7m;oYY6_WPOtwH`;gy5X}O9
z-ara!JTj5ZP7{3Eb!fFOK-HG9-JoO7C6sx&znNpdu(rY)LAF||H}%2ngx-lM{kf@G
zBKNJH;awLa)1JjKcOjVS!$F;AN*m9p>tww^LP59nH(}TmD<|w_c|)e&b}gTL1PoZ#
zE1k=Yj}7R3Gg=OVN2Vz+uJ;pT&bEZ$BF{7~Y<SsCe|v`{;wMA+HIi+fu;3!Zk}Aqh
zx$a14A*{5gw``lwOWTg^$R$^uirzZ7rp3@^fsFb?`zE5-CT(UnA0`ZF>S@UkR1&i-
z;Ud-jQ5C%+oOYW%9s~0s--`bB-vlxC+@m6EIy#7~y!)Ux!7NVCtz@CCRyE-IhZf2N
zgCm1hjezifqD%b_w$!FIp!%SzD%e2v=$Ctktc~?dQAY1te<yOp99}-bOCVQ%Q-JzE
zJ}#n|9VE68W}EAYUfSh}{8UyS^|It1Z){v`RR2XsRc9Iuyg?qP0KTLB%XCc>=x*#B
zNFuj6G4nU_!GWpR7}(!QiX-)rM$k2-Ir)Lt2b?)}m-T&$Zd`A1jYLNLG8<F}2#FjI
z{QB(dXx`+-4hru(c56HL_=#lLggZcY$Wr~}jHB(8cs~B@-6j-Tn|DT6zD&k&vl?k#
z{Sk$1VZ#HVRK@%Kb)wVHS8|(2yOl#<7%$Idk0rJ-tFsJrPOUYu*>1iI%+t(k)yqPI
z#|y#pw<&Q~qjB%_CSHBL4iv8;O<x~psE~PN2x;WYV`OvwP#9nB&Zs)m<D?#70L=|s
zxpegVl5e@MhgpuS4(Lg`CoIFw$|dQ!WE6-6kA~1K36#wz=p9?{=)%p>0puS49lZAY
z3u*h;XmR0qXnnWn`?-gw?i!E@*56HC5!Wx4%SMl1l=TCl8!)z<Tf>2gTua><A-qM}
z@9CQmQ_VEnuK0B*aQ3Q6oI!qcdXc>RNzm3bv{d<qub!!ND<jU-1Ga$gGHPMO2{#}9
zn>Dzk7m=ZWR_!;?DM0HLGWZ=#c(>;5`DHitdvO1j;M6%=s{`0*emmlGlTZ8m!wBh_
zUzoxG1^s%;<Y0Pf=Ix}{z|uSIr1vv-$xmB+&gnaDiu;N*-j>+m+H{J)17bex8qu#l
zFkV(}>_p+iYxFrHs=I?Q0$tBL!SAiiuY)l#f)AewV#0Kw1j?O<k3p*;lm6T1#Gx|*
z))cAQXA<>(_da0Nx<^Qh$K6<X+XK!tZUi>HL9?!2It~&aVnX%4`4yGsJs#Hd#^YvG
zzge^HFaPh6AaMw%z~&Kz#<&`%Jc9R>oB?hKg{R%y*;YFUDZp#mx8pa^+Qh@O3T&R{
zd4J5A4uYgsWp>}doA~th<#<ply|~{=g8h7(+;<J)44}5r1^lFSiy@o+<oZQS-?Z-&
zGoHsmf>o}aqT-x)KJZQ9BqmfaXscjTJ1R5+^tX!Wzo1e8WBU8)3XEwr)aSN;4HW37
zA-fS9{0N%Ww{U6Dsu8X(SigR=VRsAM;)ewu#rD^yQN8X}&~mG9mZ3PRaX0vZ;|2Wr
zD1%;xjOsbVoXGp@%evgkQozQ1-L+>Er`4b4=E`0s*rR|tza3A!l{$!8xhz!eFkg}X
zkmY>7S1)gI<&A0Pa?uXb3_tS#ekMSIBF~A0G#CZO{5vg3f)G;~mGT5qB_#K>A1D#&
zEQb!kd$^&r*ytCcF90hC$gA;{rAMc+FsqO<m?GtN_Ck9SZ>{$R8#WY*jLbPqg9teg
z|A@_t6t@##O~0AQ4$97yrC>vxMn6W3j6jz~^)|ir@W!Y;++YLv;{fsJ8T66!?c*J*
z-jVBjy`GB`C4tV7pzUk%M3#N$Ex5oUvbhXaNXnBDuXCOJz+x)x310-s1gKakVh&HD
zM4Z9*5c;4>f{K}pM<59#ur79MAF0G(s={J+0$W}6ThvrF4oVl6M#m%A-$F{RP7g6j
z(j8V@P|F44w>X>9j%+MmYD_qB9@*RyQ<WvPHsoxK(ewZ<=@*Z^i+0tox2H~k&g1QT
zIlKZYs*1`VIpsY)U${m6!V$v?>J<4CZ#?Dh-B4^>*XG>gqDI<{WVT#&s|i$}rFIuO
zjUk7HjwV1mRMN?*BKMI^u{RTFfng7O?DPAm3ZeC$V&m0|aq_nD$LjFO;=rz|#_3~Y
zNkcR*bt#?o#=IIhJ-*2(RM{mJ_6?3b1pg%CV`HWDBa=6m6NQPSBL$sF6*?@7LM1T*
z1Z`l$q6_Q-q({$Wd5SxN9mwA6N<2#jgi*Q2cX=OO<?kCjFz+>-0S2*U@$}5E*oq2+
z^tfK5HhbA9k}U!4i;Kb6t@msThg-Gd^`@rW-ooj1yzMD2Y_K|E^3V4@YhA8YarkqO
zpz069D?WK~pG{y{)Wf?612uepQD*n0b%6?4t~x2&l@|+PRyJAhVJ>g@6st%FAZ%5i
zu%PSSfg@7tmA5}|Xqq(Eyk}yrxF-95XlT%WqKymbaunuNo?De0k4Dy9Y&Kv;4GAqJ
zPU7%6#xFY2s?(sUUbuh$Ms_=={*~ToNPks}z9Fv8=mr&r<@1@Q)SDJU{j_&Fx5t~i
ztd?4D2v8fOZ>YCFpT#R|4T#Yjhah<WRpsCbq(@9&ty_MW*Bso<TW9nLN2RA8GxR&2
zznit`JaIa2=Wq@A<&P^3<?7fGs?z|Vh&G7+Vt05T*;z+zNeIx>*r&8v!5Q^mU%fp3
zjv}YXEdeb}h#K}y!E>2b_-jTJt{lk<38^0{Wh3mI$k$Eud)>|F4$lPNy$7sXYyk_-
zHU&^Svg7$KW9a5NfX4oD6?%P1*`dy$qVPU^{Ni!FLECk-6Sr^PINV=wWwPwByvPGT
z#AGaw;~-t@4Q<ghG=8pn&R`<K(;W+{8f*Odqfe&=|9B$63wxo?%bsm&Fgh%iY0@|U
zx1d|gV+wer(r>hXOzP>1H@b>i=^O?NTc<kPh<GwJW)os@MDF?T69ehbW5Whxh2Q%G
zvSx1Ly!pI65U$P<Fyq>)G#TTO=uOPs6A`y0z_X?q!lXY(Gpz`ziL8xdRc%SAy>V09
zt30}A(Ifb3>(&2iwk0g*)F~mM5&dMx$7{1adrmZIkXKv<Vv$cYA*8k<OnJofe)P()
z8Z{g}o3z&MMu;MfLdAZbQ!!>&y?U|4(=WP!+}>?jiTbdR10NcXN>}fQ%9gaLmK!$(
z1z*79p9)~29=|-ju(=_0Yx!MPm_8IXEU(m<wf<C1x||#LngFVNtt&370Oxh)h0ftB
zg%uk)gk!NpRe9TdTwyQ5%-L+>?>MEP;y^d2>&XY-((`L*jp(U9)^7r9zGyOLuRq0P
zrC#AF$a^?r^TM4X=&(+vxT7}q6TE&USJtGcT1VUi5uTo3bhVZoqX_1*<KX9GvK<F%
zgVA)UVfLvgM`deLQ&~DWRV)aeZ*Iak+4=qgF2C$!5;En~H=H<6p&P=F&?pSUo`87e
z6n$kD@@owN0z%F%EOh{S^xg}7LL#4XwGCkz=L{q%#3aV}Hr-3Q>3}q3UE*`qnjkLo
zV;WRho)kBqsDi4p_-8K}@EqxB{u#*(b~xW1l|nC-c=MqBS(M&D8c*#ypX4&FGbt`b
zC0m+e;#-Se8Tn}qKhxoJ@7e9@G@D%>NB@wlT```Dq>uuNZ1x*a-L$yan}~Bqe;q3{
zq!s$W)7d48ws%bS2hG;1Pjub{hoGh^->>m1i@(#wpMRr_r=}0AT|m#xuvfgdS(ap}
zN@{mW#k}GgEfnBR$zA7LOrWpv{UH6HknL_mr=zFYGpk=4C70MBNI1PE!be__hGbV#
zoTA7WGT{?=Z1_CRU6tNH6_oi?2Jr4EKn{k3Kv#?m&V}bGY;{CkHsd5ttM|E|hMJ~+
zJhjbnWPZI-WwEO`Xsz0+9&Lu9nwNjjt-`m~_tqvr+Opk^*ies-x)bqyTN72qE!OXA
zaUK}k=r7h<T1Lv+(=a&h<R8jBD`^9nkki-auD_(|E!guhhb84O9j#v-Hxx3VrPY<>
zTeHVvx$_+xF!^o^-cyfzPG<b-9f{4M`i-A1nprKn+acR>!{JsBg&mti-Mst!XEOP6
zO<3cRd!i9^w<$w4oUXBP<Q9W8ZmOT4EO7*4joW9&=%;O!4V-A-FF#A;sX%3%b*lOl
zE{w;k0>QD<SxO8qK08P+&bmu&*HQU8)b&r-#B!qdac0KvPw+^b`u7)4)3U67)v=Cd
zuN9{gogT+lSKP(P_w*bfyyJ)hoixVEbvQq6lncZ6F%Jy?GO5=3jk=OG_=_^vx3mV*
zz^ePGzN|teKtY@UO2Ce-@{iHzx2&K+_^m^csR84zH=bki4WW^8mN~s|`m<y2tcBJu
z0cCM)*k|vYie8_9Qh=~41nB;@JNWT()C^@oy@V1W3enqiSbf(k<l5Kncl^t_BglT~
zULIG@;8>m`-#52Nw_kF3k}Mt116ag6+y3VtpT7}B5nhMK+4L`JKSDatXDFZ}9{mh1
zwsE>X7fFkIeS!R>L29G9+h0?3x}Fa~s%z&-Si45OIOF1P*U>rIN5w|cBc#6u>fEot
zK#FTQW7vVpvZiO|)=F*miz<U@RGoqG6N!k&nE?L<7$)_bJgA=pM6-TKQdZCRC(hIi
zId7k^#s|yw<<-y^>y%n-*v#=vW$|lsI>z4*&()(6#x?U|lUCFX8o;Iv4%c*JWj6bh
zv~}`rU*sYxYCC%ExqrUMKHKB&j8zdm4x4G9ub)1y>ez#PxToth{4vveI%AC*hQI<^
zE63hjkEbLr9Qy)>A17oXB#ukgfVi{vh{s4{sgBmG>eCh*8fTVJ>ki!3sr*4?KP~XJ
z-~^L9q3rEXCMQ=+$>LKPgPKSvoLH1Nn1RzLs|BwUN2SMGggafwrAN~ROKZ+8nC45#
z1Ql4hf0}_ZG`43(CaZKEYYb21T1qW}+0K-0daMUPA&Wh@3j-?=U$ZB9suinxm0$vA
z`Bb{zrv_!>rX`5^R^Yz3aJ6`wP-)@Z95A;E-%J9Jo%TBYc<W~~6WhKA>a6_*aoI=f
z?yhNA*Lv{UIp~9Q8@j8fhEPA5j@2-Uky2~|>fG`f^QXx>d$T0cz$9P?i}Gi`8Cppi
z9~e~5c36c{=TIgOI>TGHM5MHG7`CJegC}n~*Ls3{#9iAgIOs{BU?JBUo!$#!z`?c1
z_7-&c$@+BBy(>Y8@dLUx;1C5^+&!N><&{r-z373!54LG&B^R7J@`*FxpCTSjn2M!S
zt}uM?iIoV8v!TU*PeAwzdC+Gn4BkQbNJvGL!?dEP9E~RUVZee|SaO#J38|!#Lv{w&
ze?<3UF6z&L8Bq+bF5P!M+VT>b*c;$18fg`@1tW@h&Tz~h_WoE0efa?*De^4AqFyav
z^^yV4zXSiodpf=B9^Ov5%95hmXt(;Ho5PtT?mW^AGaG&O+V6Xj04tVQpP+y0%W3dd
zRGpo+r9@U=+w?=+fiWzTIH=Gd$Hd4`ipprDG|_We3J$0Is6eYG;rV5h`22}liv;PR
zb?*WEJyrfo)pOFGdBlj=A{=v^cQ7%jkym@ev(U|YWoEwatG}`5vtXp}7Ki`a16)=$
zA;|zwi1X_&g40NQqds;=Tr@;{5Uzg=D6EZhn|4!kdwCUS-}8Ox1NME--1*sSZY@><
z_BZ7F9xP2QUue~2RBH_y_a&I<F(6YFKv8*%L_*24@Uv1D9TP-#0Fgpv?omoSv1$4N
zy&%y!e?BZ~J|xVw<Z78D=ZVX_F62I{_}N6yuVrREHQXoR0XuA7#_Z;;8Bb1yki!$H
zk`bEJmLvd*4J8RvQbj?CP;;vJ_9`OutF<p-dOjCy=$zfDX;swe)8LEN47tU{jd3#<
zUL|VPwG9~4o*ieeqFELiFH2Hr%m!t5=RFI4?{4&Ou9z;xB%~H_(w`2h|6jqLtX~{-
z_qyeO&CYi{dGOG~TE60;^Y6RjC;^8ID>)-Fd5E0a+{Nv#!(yXR1o-$cv1WGt(2!)J
z`^{)s#d_}8$HQUQ)`=KdfY#B<4lRC?*<pkEEXY+mDTLYNcs2*Um05R(R@)48Eg8FQ
z8ul~-dIw3#7I=zZaX<0A_dyy8XTKX^S2%?wQnFtfZrHhnZS8SL;vq+d^apBneM@Xs
zXbi9N#~B6F%!enqD4hESpUH~Nc(yNp2^-|l5b8k+J&8%ZV<3=K1=pF7EB>yY6T6_|
z!VdT-5Zo5`?jNpK+dKQ;`^$cUEt;q9Wr@|<uU)QUJ<<z0zl`ft(UIqe4O!bb+8j9H
z@*9iX+IxlvtZ7yeHCBiae!Pjp09sS!Ar#1mm!hFp7MdsgSrJKoN!a~CNipjHMz+R~
z<5>9fMLrn;KgUL}ZrNd6<}}R)>0m>3LKCtN;&&ArkUss|(72VUfeG5kQ)_$%cg)_+
z`%fwOdJ_c*p!4%8%BjDkHo_dUJ&|kMd=YHjGg4bh>l(Q^let5hjtU;E#4tO29??`l
z$C^y@OCa%Tx{v~Q)hP?fIRxbF%!*_JwqlGUT)DV2xrw1zQ)S2TJr(PC;-{B8++&H+
zuN*d2;miVO6Yu_q2gVl#)k~tgNxcSM13|{6*5S!&^|tKbMH4LFwZRXsyD()I;^`>X
z{KHe?%n&tI3trF^_D2k~9ySNfu<b(!9Zw-fVUjqSDUu1u^{5Iuy}8lA*R^7bUVJj?
zlk`t@#LWCzcl7|}aBg+$#yzJw>O`{(=DZ&0U#7aZic560JNU;NJm#DbJ+dBxjN^^-
z>ToNUpD7*{NHJ!muxMsJDU!8ZxfPV;yyRhn_CrT0s`m#IV3%Cs=cpBUcP^`MEk)<;
zoWx<jdH&{=HmkqSsi3T|C1mx)AiF3eI37OjTdy1txJ@!SfFk`nz+r+{VqcSrnlC|m
zYEKHl3J@tZNm{IYOA7NdYrx2)iO&|a5VkzaZ;MR#jEp2PQ#PpiwRZWsLUzL=r^BLw
z8{6Nha~bVmw_;QNCzkRg!CW?Zq*0fK-@f@5f*ERQYqu`=G;Z(l3zQE(eUf+16m9R4
z>cR1_uli4pGtFk8IGc7VIpFJ&$S7IecK|i5PMDT8%WEAWJH-TC#ka<cHc~Xbq;NwF
z&j*w4m8;HV#;be%w!2A@WY#dh-j5cyF@P51>Brsj+iXRRBYcKM?ilr&8quU_e%-6_
zIoiYO#GW^xY9I<gNIC|p#xAOcx7M2R_6i+Tyxw_xB3*C*KV7cO!vv**Qqrui3Vy|{
z_a#aMF3z}Rq;ZnxJi6dk-v+G0OlXF-US_ehdNd5W9vd~&4xC@2nF{yTUOnqriccSh
zymPq^9uk?u=p}W9(*6dnTAk6UwaI@107n1f`lPRv_9v@O$MGf_SzhM95q`&>poQsB
zKv$Bc_O)p-u;M|AiYcIManAa)t_f8)Utb2n9{I*PGN(6?J@7wS$Y7Y;=3?G6u$8i<
z*L>#rGp6${?b=Y-)N3~A-g7bQH$Od9*7?$B48ai~|7wW2bg8>7w|ODOu7)aBuj?mU
z<0B{C_KlWNksY(t>zF|QOfv$w3Lfe`r;BV8s)~x$`1fvO0z!^b*Da);9034DtNxq#
z;GcYmLXnZ3-NZy7!b>7E*hB;4X^|qNYzYEq#?ocm;D8<8{^PTk`95|%wCOWu=S@G?
zp5Mh~7ef^xk<3>r)|HXOVL5x~!jmY>PFfBDmGnPT0TaA7LM;pfE0uS3{!%@=dy9~4
zQUl@ancQC}78#hx0ny$FDtvAc@7%V|ZEnspc@SYyXyIoF&4`&r`#NuyMi}BTJ}6%a
z=<~@(^g!^k5&l~aS+_1ufIwhb%AS<#>u&dOyi!0Aj~R-Ti>}L|P0C1#Id@8SSN>l>
z2yi4}(9I#}?Ne<%OX`f6Mg7FZyIjChPA)(BY6b03E;@((Yh)W~O^E^nVeyi$z+&^?
ztJ;!x^Qef92z;5`xwu)ksi7-JtDy!9z${R~hcX2ye3M<P3o7U4&PoTI6gX4>1N{qS
z)yl9|F7M_93W~Io>^?(w@LDmz(FS6?`bY9m!7l29C<_s0D3$Re#r~(k1VVUVoX*k@
zbZuf|4G1U{m08&YMlo2v?;E6maxqcj5pv>xo*K+8`u}DDD(B8z_a7tn3IEe{0<4hW
z&*7d>S@6v0T7fDTXLxaNlT+d$P&rjce04Y6$pKJeAwflC>XsQIVR3#c891l}p$0cU
z$I0?n=z+cG3o9vDC6Z*Xv@O-9$*GW_^X|t3AVOEEYuYOdMfh0%-6$=g(Bxhn=~|rc
zi;)FYP9?R6p)482^Y#g>xxTSi_3xPjtpZn$jvxre>`#G}snC-~f=CKZoSURSK>&Xv
zhQ}UGOu7+fO*F;iMfx773qgR=VrsY}Ckd7vPtdv*VZo%ChVgiU<h1%hJwR~TbwZjL
zLrY2Hpqm}!t5<`K$cQp#D!`I)F`E&`Nf8^%?CeF;7iAWCMG316WpQLOvrmgGV%p1e
z#Kdz#a8hNGX|ehKqCpprEipNRLFo=itzd3T=ZVc9s$8{;J!Rdal|(u!FQ1kTsd&I^
zNOM->3#_Z8K%)i>=qZOS;W^dRhLOf3=KbH<-7`yYll{oyU&0lI8eJyog$K9=H}3;Q
zeN=Dxd9e%5Yf5B<Awn!BQ%i;3m1AMd_yW+Q*`23w0z!&H*|`Ztq8I_gosJ30Ga*9$
z!Ign1H;6dwAv-IS2+(t{Lms;}swiBJc%kvp{GV)Xr>;Ln-LF19IReY~+P|~bEI0Mz
zYYi-YX2g&GI%MNzM4}`*Y&x>%6H!9rd*51}2oZ7>8d=CmiYp3vvwZrJr~s=R4peh$
zE-<4+hY$R`y!<$hqDM4g(M`dxLF)Sa+Kynt%wS+c4cb-udYn0h8X_sYZwjcKIlbS%
zhhz}X7)+D?pB3!8#IgE<xES^wj)N!EttsS)AeksIXYk<0^m;?DP-i?lP$Gc@u`Mb@
z#@wL~cq|)z1~|W*ND@L1UJ5eia;j6m7kZS>MONOR?Wn?KV#3+e$J=%OkGi9vD*f5d
zRTef@WNc*Nv-H_zIRdE}o65E4Q%Ye%??2GANCdl&uP1;eC29mxiN%w87q2+-Dh)uA
z|GlrhlLsUziC7T?QqtgJrVAGWE*0<`Je9<FA;LnftoYjB^J*@hHn!Q7`j(tNDfeFs
zS06y*ugsbvH<~MuC(5E(-xRRxJPYCKit;Fj9dx6B?na0O<&)bmmXQj$p}WHr%0|k@
zzUF1i;&VT4-ax<tfw{PS+NScv6`E)r7Vtn6$WMV#B@-DkqDe?e5O8h!kx&<HivDdd
zfX&|fqudiTH^HcmYtQV8Bkpt$93?1XCq1HEZ2m?RPzcu3jq0QIvvNxU;31;~-Bw;O
zySnOI@P|>I{wOZB^7@8d=93h<b||v50^TuHq$1p3oD^hv;lbZdldThvdX<#W`RNgg
z`Kj#UsayoEBQU-nR7$3)spa72i~uus^7t0c0i%Oeq0H(~K7Sq`|8gSz^EVB$RSe-0
z*1$<I2@>)iqt4+>_kV9zJ7P)!^#hIiQO_e-UK%7{hyu)$mtr>shAW3HkG@M2wS-zH
zBAoL<jO?Q!aiOS=a3r?xbEX$T3a`v22MIc03&FP+&4Pr)?Ygtfxg_k*>!|_^S+(B_
zDimZMF$Vf%#Omuyk|K-XvWebHIlJ>)z0a=0e9y)5DW=DVU&h^<u8_j4_RAX6L2}lg
z<@Gq)T|y_J-%pzEa70|ZR7i||z9}zhZbXE$_R~SmvAM;Eh=~Jb(GvNg0?RHoNGHX=
zF4UTSlj0I@)qqY}By602773_CFlEFS%i6r?zy&fzzn1SNsVD~>;j5&a+-P4kTeQ%O
zOPITq^s>;ckxB^@DoYB%wN|*sLCTqtn`urNFkxZlWDm9_qwH1BhR>P<w*MDzf|mAI
zX9>~7xMil<27I5skz}=8;@brWni?5t9}n{3sLSXouN0_nt&pwl(S@_)dbZCTKrqDA
z^3jO^l0Ir!BeqA(`%twwKQCDCEBK`M3r_f663Ootr6ZQDI_w$oJIh8Q2bZKvS!^M~
zC|#Bl^A;e+;K7>)<0eJY<rkgh`wqxO5PZ7PGoID(0|?OZ$?xu%@}I{NzVCjL-+8<z
zpSq=8Z%#;9TO=Ka!c1^i0)W-?r0XiJ?1LN8=@)!(O>%VzZTKZ0(NhzG$o)+p+8Cq$
z_2h-*`+6<06-9Ef9({OX07HwP__7zrkZo7E?EbrWV9h&G%l97t1e9<1`;@@wTz6<;
zwZCc1v6?n!Fwfa>z5sm&vTNgk-%En`4NC#nwzNlEaN(61-z!F|MpdRr3Q4gqs+eK`
zo9G&8uG`nWT+>)_5v;>Ha@bC05S<%DPaCPHEn!z2sb>Z8r6%I9!YsjQ6K$xnjc#!v
z#mk2;7Qbcbm7SeK*H`e0)jvd=k39UxUYQWSR66%sxP=Xb3gMMCG44L|4>65!?ss4=
z(%{w2K*k;6GK#^RPoU*wdi@7CB)6v^zPtH?&Y8%HSCVq7(o%>6M5CD)jF?krUPX%V
zf@VzNb4);b>a+;?g}KMy5}>M5y?g{I#S5x}1c(RhX_qA^r=&aKBQj~UaZm|-WGDfI
zG64^3sDodiglee8cOW!IVw|MW$lpcOk>-QGnJ(K4Um1C8P2Ay+--|;~d5cTZtJc_C
z0W1k?@OE+ymNY^fBR%B&##`+FohXnQ+`ld9eNXvN8CX&SE@~$N9TIM5+jsJ8_|Ss9
zd`HM7O1SihcmfL;^wx|o9A?@#dr-sZj}ro^^OvkL=a14|_@rOE;pLU=JM1GwSw&ET
zB!wpr6k<uPXOWenE}g!=%+qK>iqe6d`+?r%{mWzTF}(4jzou>q(QpF<`~ioU{m}*|
zSuFNQTk@>o$v?Cmuz_jYDd*5J!7I#S%ai1^#2L5~hE~o$OQ{Vc6#1%wo;xRq;#6+s
z!*)s~x>jQ=)`{X(_UDThkmzva@QIco>9*ycJtTZI-H|HmxOEg>kI9{F^GSwPvWs0P
zxxCrFlT`S<KMwN^WpjnsE#UPiK6ozNFf^H-kN8PNvvOrpBti9Vm)U6h&c-06IGT`G
z3b?-$h4_=A>3K5+q>C6Qadru{|AML9RQloRr~FHaHIGtZHkd?4U8;ZpLXSN4rx_p|
zl(2wM2^}C1k6gx=zq!8~tHo67dHA0k<v(K_Ob28ZD`?c50Ac1x<BZpaB0{Zaw7EF=
z1cw!oK9LQd5s4IM%DCTFu;T0i%xLe&@Swqs3)1ojU#LGiD~<zB4v%8EFkokB3qW*2
z01uP{f|9^v6yjDEEfc@C5KgSKuEK-*Q9;GmEf^(GwHqR_{KG~IhZdUpQ5_f;9eE%<
zL9!6(A94>cvtfg{2A9E>a}<ch^?$&R|8fMX_}no0DGO06g<3~bL^0;lsE|l-v=Md^
z#HUR1;K|D_gF_GKi31oNtZ*k(2y4$O@LX0%8>fMBHi0%U`j{_J-v007Zjy;mrQ_z2
zyi{Ur`ID3SnofBln;A1DW559-vB)75z+(I#4R}U}4|V6n;K<;E-teAgiy4YSuoq#b
zfZ9)@x+sq1nRlMS7U#OeI3~<=E{ni&mVeeT2;gJXmJ=f-MZ~wdj3w&e6S;GJp#C6%
z3Y7Zcck&h~tivE6bpL*Gpl@vMaW@F1Ze%D@@_$Aol0;G>lYyBQO(q~Q;?k+h`Qa1+
zlnkVya1(lP&Q2>ZSMcm5$?*y2*$c0dICJV;94lq&Z5dh4@IPbUoT{P?d~6(>Bt#CH
znc5zP2fLF+%ZQ?HohvM_#-2WK8zijwa1yHYQ;#p#bdX4jFAT9E$@WI|Z&&2p6(&hU
z$C;hUBn`UB{@YQ+!+j9=t6<bfy>-zl%JXn{*RO78c5j`tYUhjGTJ;$+6O_sb3JRTT
z)O+C2NhP_8<E5R~#YOV$gcMPgCBus66A;kHap!G^%@JAw%k95&qede6$EP4?xYTs2
zZ3+=O<d3G#x|cj&LLiSNNU&VP)0m(T#j^6`uSB>71O?pVaNExxMb|`?#q&ovSPvxR
zWQODEfr9^8V1T*4fr5e{4VHxi$p<J>qKI+_%D|cX2{U!X<4C3{gQJN4x~A@pk49OT
zE7k|1BnhfCKgOt{O2k=UGZhm>f3Om7poCVO*=`N!zW5o4By?tww_w(RBnh~v_BRQq
zKMJ(vE7(V7PJulBQ`MT;+g~|F)Q8<?E8n@;%y~#wJ;}(qaXuf8Uf;`3SuhabspfVI
zuJyooA#Os^h-^=Q{TVqbZ9hSh9IUX$T28ekkD$?wwkIEn(@#FiR2o$yqQ?<6yAGT$
z3QG#55;AIGA&tYYdg1m@lj2{dpHUfgy8M;`U~T2(Iw_g%$ViZxH|%A4lK*Cm{AomP
z6dy$430hmh{9`ayfbE@=-38)=4xp+OqCZBWObV6=S9fU}NSP#G4draQrXXVql2nR_
z!-@w;px?K6#fumF3(A=tSzlflHJ4S(-^OAHpUb%AOL48u*%dJxpa?p#0KAXjLK<xx
zPB_Uj@!4~Woa_j82blg7b#0|<5k}EjYGD<^WR}z^K)Qm9x2J+xzGz>5Vpco*)+9OI
zJ<y13r`ZQl#ct3`i_LM2B>6<0>$(kn$ner8uM(l2%<(BTBiPxKE;=u=aJ~qmki+R5
z9ZF<`_&mBvwg*(S?)XEdbwBDCkulT$SX)v&DZ~cta+xJ?FTX!vdd;SC_Pf?&Xu{-`
zS&5`cMFm+gpvYoKlX>74&6lQ(RaLwRGx8lPIFjiocO40TJRrDPzK9C~CAESonQ@m!
z***yNmI@ABFP}dSY8s{UFvcWAMC^G{{&(JGrNxZuj^E_tTOwL#*(9S<eHhLK<4s6Z
zc7wc*h`~XdHauI=fT6)(^q0KjgZxEC+9)N`%)uy0_VeDrKa|V}z`dOhct9efiz%GF
zT__d%#E+wK;z<DZO)O+j3<;!Q$Wxt3zLY;!<U!d_@KX%-j93Sygg{@u2~UA2HY!5d
zt*khdhk3S9v2__Yf>B?-7sFiD+)Br@Uq729jN<0`iuL{VH6a2bT8Un}wX<3IaTcNH
z_`dbx1NlCP#rCJ$kSR}!jHX%%NQgs(0Cy14;x3%fd6{IwGrDh){s}JujBjTBZ2lTz
z{N?-2E(quRPIXeoXl2VGMd@^w8y5d(8L2^TZg5UM;SZCHLK9}-mMp!^B`#PH@Km<d
z(D6MnHMCT@IHryn8MZW-I0>>8R+MGzY;Zv#0dP-kH=I`rsRg1br@tXXfop_-<QZCa
zB^oU&Sl8}fTYri;Y{>*x1q|QbHB^}eNfFE#z><%>r8KHNS^H1FJ+QrFBsVYaW<Nfu
zvT47`RPW_Ho{9)4$*_vXplD(GV7W>Rvc%wu#+-OYXdg33s9s;RhfoRc3UM4tB2zk_
z8nuOAa|PF3{)R1p4MCc-3trT$jp`ldOBTflr5yTJWxZd&!|<KxG%>h#KB$sCALO*|
z8$EJsuwLz-tENXjF$N|{gaG4sH!z<b%J3`;E>wVUiHo<!i-)2jS~idP1FV^X@B!nG
zYO{I4mcU<}f8dqW2ZeHyhL@bWh?`CD<+V{2wn}2St<~_HE5wlg#WGzE(p)KKc_kUx
zz^ijJvt;6oB!W#WnahOva7lE}MOf5-U5y7}rC&cgt18>=3qCU^M-mSSI_z~5k%-<t
zR;#9%i9nJOLY-u^Cy{h3eo07hk*Eyqx$1mI?nn$m!_=772KXo*3?hz)I02}(t8WMp
zK`bme_?jM-W-qt`5)0FE-oldI0^>z}5ylLKy+kMtWCdE)nNwoK0X*A3^y4pY2x0k?
z{4r<dqC%qER$moqYTu89U;C3ilOIpd-x0@pObvGL%Mt9E7%AC<e+R+D21l&c&woG+
zwHwjJHS>#Zj-CF&Tn61%I3n}Sd#qJUx46tX;Oxjaur`0HCE3M7ajCiQeDeKERyQSD
zFv+zs1L4KqBXKk)#592)xBC0sCD(VCh+1u`|D(drTI~v7&IuHsF)|wE{P>8P(lb=B
zZRK>pXBVUrNeF7RyuS|!o_`Dhk4puL9(oq<jP*r)nx{^YR#Zeb&F74@{w8z1OxNgr
z0k7TaOF3m`2VMnO*=AN=VhL>?2t&HO)I3nq2r9Z0)9=k0<a9nkTuvk=_Ggqw$+NbU
zWE9R@a?g;#GGEABK7Pv0tv45FqHJ7oBg6e@UW3WH(}(jo78&r*U%3T_%d);L=N>%<
zzXFpajW=!gbF1m?o!&^q$jIRIaK;|1>(%Sk(Hs|?SaS-JNdGZ6(Ahn5&)t0-@t;54
zcG}@g*tp~7c2eIffwCc6f6o~98#dH?j_mS{KQCSnInrLdW1Nq!h=<wavc#R8d1zPF
zzG@!3$uP?8Re(bN#pLzQIOO}CG=#m?|H2sR@7qcl278rW&+*`3AF{+on@XzY7T31N
z#^vsHeTpCF1c??E0%*+*m;Sl^WrUUSecL*n@`VWEfB@1DBqb5?umkWm-1n2-y<d>T
zkg*aXY4Gw!A^ovXc^|?!Ar`GgS+$_ZN_X(H1ob~?!A7<t?e1Vcl6w8KxkBU>E7^MG
z%MczcqvYro|7LQ)0L-g5otkQ@bo%V5;t>(8dYSGBt+I{58l_Ul=}%5?mnk2fcq?+y
zmp>ccJ+JUl?#2dut4iV^HXlzR_(;geK|{ZTgC4K0uuVS+RVNm0Yn{}rhgQodP6G&o
z%(`Kd*YfWxxrDL#ZOVs-p|}pupLw5H@JfvhQkOi8X^qeOJ!|AF{&7tJX%_{gs|hqk
z%-g7}pe!~01^_psC^X~?DXEYKXbF|+Vt@ArGxE{Hk(DO<w2Lu~ZG4FC^c=u-b`ED>
zNs(3t-%00YH%x?uTVg-wmr{7RUs1+^qinbSS33$EfYVIwdj4;S$^UH(DK**J<UX=}
zw*!DN+5LFz@`OyGuO2qk_?yRnF$HfNd$lQ{+BT7E*tt6sTTiRW`RG#t*PhXhoff<v
z7eb0n?Ew52)>`*>U=96+e!<Y6r6SuK*1JDvAqMZM_0JMc_^-`MTKD3a-FF0+joV98
zUw@iWE_5Z|Mo1BK!ZP&W7DXF7uwdYm+wI$98>f!iJG=%{niSNqN2=6d=eE4wM=Z6X
zpArJfRyG<|0`?Ou@~A(FL(?G(9=ot}WC3Bg7uwsd&t{@P9j9Ts2rG>kvSE=C*J)m4
z?-qAE_^(knT?-ne_o8#WyDKCoO$MeeO%2<fk_QVMpwylX=~&u=G!7W&hymYe{Zs~B
z>yeYo@N9b~J`<P<BeCb(UmZ~N`U1<uLKxu5jT;TInVOIzW0wbhRuHuvLe;ec-lR@^
zk^nB{d4l4}hdivh?!}^7OY*Lybt!a!=d&BXp`tQH<uJ}^4eHtX5pgQ$qj%)4!X9LW
zlKTcG#EIz-8*6>hffq`O8nA0B8qjmf?L`sW{{gAs8=oXlrMHHxrs@7fPRx##X?)#4
zG+9TLulD3>SeV{$Y9yo&VSAjvNJiwSMLDe;_;<}&KGkGzRtdj&h|y(1k5zE{@*nGd
z%Q@cn3a6f<+Fn|l$PH;ett=~CmhaY?aPoZApgSz`PUZdT5&9yd;FlNH+{ZgY7u5Ya
zylNSY12LoRU0M74wP*Qv{LqVEbMnIZJm2?}eG)*91*z~H`?sCxIo>3r$`K^I_cCS~
zgX-r98Wlwy7*jJKcEY;i@=w04j_#i9p)Gyu(~>8p{@!_F_aEtezXQH-;D*1m+hxh(
zjgzdo^xj8**GM+Nb>(GMPGz{<wY*d19d*09z2AHl<p|Ij(WV(Y!5wG>!H$e;SXUSy
z>wrEwHbYWdpJ1;j^A<+2S`w&#)OoUA6A?W1#aWD#PwdPlH#NSO+D#5PZ|@4{Jy2*l
zhZ=tQ#u}|Fxa%~gug$ma4Z28YADx;!L~*%zSB)n>LU*|S(rnqD8;!N#H1<?HU1`l%
z8#&#0B8Xy_HuSq>B!k>G&G|GKYs6OfI|l!1DhsUSl~?}9o-qMRhw{st!_PXn=<wF0
zdw6k`d?0_$c^;ftl~j5oe+8y&SX|Wkpgm!KJ}jy!9?<Nl>w1zzew0iM9bEBEy@AUo
zvc_26sozKC(EP36v*4I`BX^{917hQ5+k5HXI?hPrd+6Z4`$I*+)pvo%4imH*i5f0<
z_N$1s-slq<C50P^LcKL>Zt<rCBaC+)5IiJ1pq5Y=6{w|4F?YQuv39*;)soERz`RL}
zgXP;lAi=_e<C%YY7+zLE!#A;W3ANGnkVtVt<cgX6?yjv>AC#FHiRd|{oBEE@O7gHL
zLSDBA(pq%k!<4vD(H6#nlqft1;7pl2%__$i6+%gFhB<4$$p?4xnFUYZ|7?XvDS3Ao
zwF}-6cftAb{p}Z*-6f3!cj#?$AA)8>fz5yg6OGAx27TGA(C7r)SUP=h>qiS&7WB-!
z!*ipQUA^DV`m^3-!f^6wb4PnTLF_eAV3aVi?C{R^Xn$ep3+%pt=qVqzdn^W0a(pao
zq{_nF_Gl%5C-T@#(XkEFzVWfZ0;SuPdC_Hr^T<6K*$by@7ViR;+w%V^JcDxEg2&&7
zbcu0xW>Ly<i_MNEZ!(a*7g5EpB78o8aQyAK(_m@&lxCF2a`$_?{|WTH;`6q(zNCc7
z<_(?xdHk1EI<FI&T(a|PNyN5|<L}BhlhnzKp=^_B$9(hrzCpamuf)ENwM(8<kKhf9
zXNMKmdOe6I4etMkcN?B9`Z%N?ISp5i;G}`;-}jC%Bu6>k01^1yx=u{#MSF+GvHsrD
zQBLJ1+>nG<FFi+~)Oc;8S($8j+qWLW7fqS(7w;AdRnwKT(0fI<Y}poHEImA!s5^v&
zgX|oa!nA4cLbd^E!S~7qXD(wdyAe-b*I&1~4q&Y0F5I;X3)HdJ<BZE_#6PT1#IE@&
zSafo^=YvL{G%aqY=4W5TrUu|giX3)i^Jer#Ej)3RHgFw#&OHM0Z3`OJ7Cd4$qnl}~
zJZn7>pv}_^c5gD#IiA!RY~^3)VF@?CX1_dhb=$+C%&I6I`>wjrGi(|e?Mx`o{dvQ-
zE}5;7S@qv9>Tt)Dzuh^X?oy0{?-{q9`G>&eeeOWwhkHK?Lp!rovSF70-?e@N7Q&U>
z(+W~cT&vxCUwoIR#2bH)-b)pnE#X{XCt2|742%y4is|bH*-rpd<Ieq#J7QtYBPRH+
zxzwx4Zyo{qN*-90U0N}|qN^q4d}ug_zgEx;{O_gL?KecIDCb^WJUSf(`1yjFE#hsl
z@b}$@a*ZX9y<X+^M*i447AJ5GMaM5+;|mc|`WYJF@TZ%`XHa%1s)Fa`P>X2KJ|CQt
zH>7;)ddRy$CQ4BXiE?x_U8a<}z7HOSf%c<l8y(F28ncyf^LN2Axoq<rK@GRm&Ho1)
z*58x!+oX{Zl+p>hf_78%NzQLNlbgI@92gR7IgA+Qv`ZOV-%QCn%`Lnr^7V=8!o=l*
zrb*Pd;M-OUT)wY@|I%ojFx-(H7!Izx9dmsGY>vq^J{8O)))d-|45%?<ab(f$KS<UG
zUO-6KO|}q!eL6Rirz_p%j>X}Rcyzl6Zz7k<?sb#2S69jrw^|Zh{Wo7Os-)LhU~;+F
z_vdk*cc;&H>un<F<?rC~Gw2WMWhL`-Grr7s3OQ5M1U239LKx<qg8#cpPDo}IPFW8A
z@DrNC<Tw*tJs{eIzhF2ol6%WL<uUnBbcRwu$wD)4)FjMA_Np9rvr(3QY|}Vq)TRCC
zjNX5EveT|;1xZa*81-o&$w9rfeUGhyT`+M6w$!~`(+S{v6xCE(ldl0+HsBTLmFDK;
z@iYpZ1NQOxjBR4e6m*jdOG)W;2BMG3Cm$bo&1+t<`;UIXo>rfx>8}I1`zoHUkyxXs
z8gcr(iKdI%7Apc$BZ!QaEA2w@!~W3b<n-@}^x0b;-JU!TcB^f#AeWntsyc6I@h!S9
zYMXG!!dD8b95zc`t%w!~Gc;^Kd8hXp+tvn$YrGdYMiHNWjgMw=?4^e=e&5wRzYafF
zWTl5|2HPFOXDe%RnRnVV&v?2;b7HD(kxwA++*F4|Iu9;4+ftpbNCzt3>lRg|rCqk~
zukswhAE9#F05Uj!E1YWv&%w}GV}_pcfaej~3(GAL^9smE7%6P+=J%n{Pelnaa2N<s
zBPB8TfzWb3KSYR68GY)ah9c0ks+g7|&r0}(`Wv=$6I^BhoK`2#A~H`MifPut^Zf+$
zyI%r{4T*-=wt61l<gn`@SBLLhD#{*EV_2?nh5M7Do{^C>rNKx^vfGLj5>EMkre^7{
z*T+GEi`Tc6!r}0De~&w8R8`!r<^7&b)sQTAKOyBi9#Lb7i$8lTK@0cNuL~0M%d?mF
z+h67cc^0%_|DZWs<Xcui8w@EnnUci|ttG9NVlp@Gbp+f+ufH|DOrMwfQD><9=_+lZ
z9;ZiDb!GYZ))~@x&YK}YO0+t!Z}zI3Z_6^g>xcH|t2~JceRG>5|BI}54$h<tzeQu)
z_QbZ$$;7s8+cqbhiET{s#<p$S)*Ie@=iJ}Dr|SIKRbAD!pWVId>9wA<*2#%w|KgJ5
zJ_|JTk{@j2F+aNV7t>Ze=UD>JO3wO#@mu%&OeHV>g%5o$m-F-d%trX~`p}bXfK=$Y
z0+KrjCldR=*<I(^rK5tHBarRsZ0E@<)`0hCUroSOgW8Tr0G+%+-So@M0MFpXmfi#o
z+sjm!n39rUu^OU)&_=-K=;OPm7v>@U(PN|Y>WmZu6AT6FCi&=pQcvcQ&I12o=OYKU
z#z#+bJG)5&O|!yBxB~qT;Bf;}JC!08-T%x2@Zi18V1Omv@Eb-F`-weji;^ITmM$+h
zmX>@$LikomHNy&KTfXsIQx(1Z?j0nR{)Uq$E|1Av2+)nI2Zo3Avx$X!S|)sYTVu96
z*TWa#0=%4fTJLjr-+x^HpW4RruSSojTP3ySt*;z53syFx<X?d>us9@;<gA+1h;uJ!
zl}X8S(yhfShH4P_Idq}kouJoY!Alrbl*QIX3^4ks*1}fvBgOT)v_(s*DaOhK12<?S
zB%qWODW=I2<6d5$+$mglW7)w|ufE~TK2xhc)lJW<ZyrlqHVp1HACUM#N7~3H$>zOJ
ztySwPQ3x%x9(NPY&{oI_L)JtCrUdl9jJehTXh35y;yt~ldisg%g%*_*?m%ZuZlS9m
z0^8o4SNB+0Y+Sv{<xPFWETF`B+mEf)?gE6M{c~bh8`l)sep%~mI_N$XK7Br{9iRRO
z;3PRVmM~n+xxvJZS3=muWI9{P|D4+Vhse=<t@0_T$DzEsIZqpJIY=DGqcEqCL3@OC
zI{a`vc4j*v7FEKf8WY!ZNuxSF7YqS3@@~?mYDez$STTNCGU)LeKaNlc*&D6Cry&?7
z-*SVu4Wyy@1b~#zisOeG<Hn*{)#wC7d%AY!7O?f)$kDXHzZ5*-BEP~Gx{(2EDYccc
zJl8ZKLWSdThkKkR9Y1}3ai7zWoB6n0PIX*S?+)u!g86y<16=Xr^qA35Df)+*;I~L3
zgf;=U()Z7|pnPJ44{5lW%}AG?ufo)LpDM+5-L$RE^wcc@4_z!(uE2R(axNy&zAAWW
zRz-TSH(cmSqFLLDKT$#S4#7P)jp?lQ(pt_xH&vJVT}A`{H7`Sl<m+0s&8$Lpi>x0s
z=T*CBGL4v`{%XOINUu58OyRhW22qe-tyXqfYFq8&M>@X`qfqp9bPGSD#`^s!Z>3N!
z5pL1Rt*PQbK<#SKJUMxL<w}P&*2+8%N6T|-LF+E{hBG|ZfTXfVODMxCQkloulw<>R
z`uJqIibbIJRNF?&pDTBNpM``7ZwKxJ^ZM2zw9>}p>dJW<vao#f#7#zBd+gFFj9o__
zr&hfdUC`%}Ht#7XB#pw)&LyvK7b5H&rcv+5->b$?zz=Lp7|q26|Jrw6$#=Bifo7Z-
zja?d9C0h@OR>~fuVFVgcAyp>B8V|BDL3R-jUR)kuP2&9tX-|*Ar<(D45!I;w@+8!M
zvyqdgwFVh1VQaYY6r#JG?_Z4Z{Bj<H;Jq3u9<Wf}dO<r}pJF97(_MG4s)X~r72E_G
znH@4(?<Yr%BfV$*3oTIN3Mq~Cx@B`*Nk?H6nK*C&KcyHxPExrr-Q5Fd8F(?F7pw!i
z=hZtz*4)f1w)JE-Vui!@3m&(Z((lK>Z~w-L-;N#>^;J2&!oC&(Wu+S}QqTbL{l%N-
zgVd`TZ$e=h!^O;u4SH*;DjM)(6{++jQAd|F1CWe*_0@l%_a=MD1<nS4`quJ-)0IzG
zQ3<dlbqEie9$>L5f-TQFH-mGhv5~sBPU+awkg&L!(a=5pNW{pk9M3j|9(JBv_RIFb
zdYVYc^nAkh9csaarN7QQho)R(%+EEwBZ?*S^ReMNZKFM-Tr$drJl;px>tlW3b#|{e
zEWk`C?97c7Sn>0|wm?VO8nrH7regU>FQx~&gY6f9DX(iN=CENldXb$UJ6KmLTrYnd
zdqJ&B>;4fj_a-ws4HSsO#Fa5+FpwDy;Tdqni*(mt`7NvK%vvo*>!wB;L$%%}jWIv$
zvaa`%^&F6baL>mV{ZA{^L6&?nX@ikG@prOJ^u3(q^sfTy#=le<(=`^u;8%jLHPOf4
z#zPWHZW<A|t-%u~u(q}zM4p0d&1yFr51KhO)D&!jVJlTnz`U0)EcCF2dtK02;HL^j
zT(-o6WFW=Sw8CH#M+kH+-QjN<VwAs$B0ecv!nA`^T$z@aT0-{2*E0HDgcmX$8SL>7
zfk<$4X{dCqtGrBEt?N3qIU=r{iK#L7e~FX6<}nC*Vk5TufZgb$f0E)tY*~kY-_QBo
z8o-4N0k<W3P+sUDbA-rWLE+F1LHDNq@@Y6Sz_zu&fY;#jM>=uoX7GGvHl4o=OMQXm
zrnl{KDLXy)TUO^Cyl=vV1Z9Bk!uUo>qoDW_K`5~OJaF^=*;N^afCjaUn>qu-jMKUx
z@EIH8CGPh{rLo|=LO(uIF^4>E<fGjgq!!N^h=WTsbpX51Bs=qT)+qmrR1#{<Hi*lg
z%FQ1pCbn;Fyt44ZX+Q0Ut-6bc(4M<bkL{rKm3GwnCD?>!H8$41oO}B%iBWSF(_OXt
z(4p%dmn51Q+qv(UGJrp4nOWX~d}xH)_NYtesb$l!dG2s->tQZpswZR^-26W5bmG!E
zXjKwWaTP+Gt}|qNDH%_<r2zWPCq!-IlsqpU&raJthoM?Ey6<fsR+Z#K_CZS;o$vPE
zwESUzjT4t#O-yuZ7s#kyx^mlbQqfxu{z2a`{K^<U)@)w_jQ^+4Z)vt+-+JCi<&*g1
zTej<ITBrSnOQ>99dfx_K#Q4X5ws&Zg5xc?k%AN7lsU}gNWs}uB`!RS(bNlsFLMj)%
z^ZjmoBjD>Jy>m+>1Zon5HVEqh9Iq>obd8ufq%sigrPA+^K2mOSvg6@Q{%A5srf+%p
z`AsmT{wp4&0;;0K=)~rhQ`%e5NaP~bZT}2Bf-Fmf?B9jmFHB-(p?#LrAQqUvte(Cs
zMYv)xJYI=)gf>=LcYgfn$*Au+m2=6|c?sX9?wAD8AK;BajS&Ugm8C)$5_^&e-Sj&*
zjq?`VjxEU!D-PBHz4a2Pn+ZNY8k>$GMOaNP&6EJzO!hQMRZFr6*7Qa((N`0t3$@`<
zZGjW8M>$x_|9cN&fn-Z`m6J<4R8M0Gmt-36ve%`7dW^JZ_m{`_*XIMWuDKv1wlQap
zPzq;+rkUT=V2~{V`n6A<0&evtjTl^@*FEIZUyNaJ_<hEx<E<gf1eY+=Bjb{!uE+V9
z_^yHnOrDT3=Lb^`Dh0Ls3E6Yc^MLK%>+9SfRfVNxd9<DOjkH<O6;=Y;C>$XWP_QZc
z4xyJDfjc(#<C(rqT8JDp5WUw%Jw6U-+7004&3Nm?jj%jVELpu}rBQF9l2xE`tj6x|
zadnriIC$qU>mNS!#Q{(fA}OM;W`E!Kd-Ds**(>2Hwqq_ELqgeG!AO)&HoZ^o4W0g4
zt?wnkG_rc`^vLcFUq9cUCjBJ9{HE=GhYt<y(Bl-5K+;HyoIx=LK$g8u@I=cBiK=0C
z2!>VjZRHpF5;tDU86|JVQ$KYmBG-kV?Z~6BymUrp1<!@7VW=(6Z@Fooy3r9-1mC*;
z$S>xD;ZY9HE63S*WZ(Kgx!W;<iT;Wa*r$TweL+KvoJ7p{_8UKu;!CoY&%=$iRE9A&
zAw-3o-ml*laq06=BCDBK8806@21h_dQ=XI&6{7C(t;3K5kz)-mL2W*Eo4_QVd5<f9
zk@O>+<QG1cQ|V@|EFcLqP_t6PEW+a2U6e}fkPBt!+JPmOmNi9a;9>6iS5vMgdS0>K
zoQ7B+t$Xo^?dL0^rZ$yRd3ZCs-;$lZ-g6#xHZP9ciZl-yHUX=g7>w~<570dhc?%nB
z;NkVs{K|p-de;5Fe>bN|h5Yw(-b3;6`&T;Mg9lMuCWwfaa42F7WfjpRfd@7sCz!S{
zFR08>$^P=Fh+-y$%8OJP$iGpP-9UP;B~oH7ahP+s1MSuu*|&YEwwwTk;^ILSC%uWa
z?3x&E@M)BI!YC-&=SgSs=*mi>BlUjLZWc3OX#?>jh;sePT``H|W}ZWv;m;-OiFRTS
zp0j?MnoKDALDU6NP!MXpj#q3G@!du>FCg{hU2F!yft0u`IW-goHy$t0!+ZEVMB5n-
z1uNls+I_+*C<{yM9vYeePzR6NiX8_hw!BaJ{2DfxieRi2{pJNemiF_TaLJvh$UcW=
z_vFzXyS}*{+ZZ29cx02Co)P#(5<#t_hgCfJ96>p;!gh3&MfNzX1nA*XXxso3ep1q*
zomfxA#NkVkwgEPO5xDP~KKzD?{94hOs$BmZ7@aR|e=o7370gWtAS~-qa>CJR`3?J2
z{|nE;;-L(6rLQV9TpNeelsc<~6oyPv0X>)`m^!HBEKmieNOPW@eK6sSH>RjuS`Dd)
zZJ5R19i_gUNJM3pLI&X3bVq`Vs*P8N^@Tb<Eb$__ayv*xA|+WEiU<_~s)|W!n2w=c
zZKVA*RZ9v3Dm<r63DuE=i4fNWlS3K%{q9sCoAA3}h;8CRtR|Qzx>i~sKU#mkqAmj9
zf}Z%}-R}D_gfSiyTuBkJqKL#B<}8o`{-(L=9UunUHaMh8;)#AZx)zD@gnh0>2>Vgs
zky}TcHs&4+V~wgVVEd~kq5cop2O{6|Nj1YBA92)5^_Ez4V}T<`ThrF~8P;zK0SNJ;
zrR{5CBvx?2wUAB4Nhr%&eOYIy;Pps+M1nIAsH&JQ`#cj@+8CpuOza4&1mR5Ve?U2?
z9={#6BbAaPzt+n9>krb+d<BJ?YP_w_9}}jj&bMB&hHis@ysza>-8Z^gFsLnZA6Fdb
z`h4|7w-X&f7t0ehc?6)1UTVrN^gm=B(MfA0>)PtOBA?<DR?$`*-HtXhMQAp}G$1Fi
zo~1>t)bvCjFzSe@lBojt{gtLL?1!NW(4uLoeIVO;xZy%DAR?FPIXIejxLqSX+`r=f
z+u!5!{(RASMU2cWUhMW5S<l)7a$kL>!W!bKNTXTRT!H0qT=7*Y%||2OG-e1niMtjS
zt{n1z&3GcWCW#-KHu5B1*={yjC1=Nv2vF<@0>OpqJ!VcAMuImU?6TZl`A(MRbX`gA
z3w0u|Se0HN6+aLrEv=zdL@l&HAk-vonn=8}QTgTC)Rdn{{|ZLCKDBgh`aR(ktQUjp
zNi6mLwiG_ERf#7lkRki7xyxWg2GR%mBs)mJgyjM#>WieDI3l7LJWC-Gj1(K<jF-It
zaoOn?Ojh*Fo}{h4aH3x%B1b5}X2i;Z@JM+G$(!qV_5vI8g*D+KU<{Pv*eSL&!SM6I
z4+UZ&viAkr02vAv*p@URCVAGQm%8R!>c(%dddpw9^n@%bTuRMqN#dD}lC2BVKwRGn
zs){QzKLf!sqalFM4HC#TqEG)wWLYL6He&z>wj>!MQnaL&FuXr#%-IAgC!uuX*~#9r
z$<F120^!KTv2SlLih)>Gu>^TZ+XG}_RaGmVwJ>=)v%u93_@lkdY>SE-xp{jDQ)2MC
z7q}p!zkOmTVRV=dO#tSYI&dH!eXgD12?>?%wcrW|-#U<<rNTbmONvuei{(f2NA*mX
zQBY8^_jP&uK&UatNbTyHdh@vF{Ja}b4N?{zJY5-aBIMi=-Tm8lAm3z|SC7m5*(Ubw
zUfZ7bo#D3Kz(oA?%Xu?jxqx;Y*K-e@!lBWgfmIs&h#3_m8U`v9i|eT0r=B|+hDkTV
z?wpqFz9G`{9GC1aK;mVc2}S9K9~H8ja!-L!Xc~IVfQ0NzL%ais(A-fPwb2$GDRgA`
z@urhOC)neAk{fx|_T&;FIX}qv_n*C33>1U`d<nUk=F=tRdw>Cjvn*CKLpRADGEXQr
zgs076)6TLu2EW3$UGd6iqTE3mJsIFV_@>WI^Qk-H^hHqdFi_<ujPAv0J15YUuK2{+
zSWq(<D9p0dZAZF?JdN6FhMDBRk0?Ac>laG!mXWwmd>)W+Y4b&}y{zx=N=*9uFeBbq
zT>4N7N2pS`f-f%rR=3C7JLj<(c@AtD5Zvu<Qy4hBe`t8f^68cr9N?=uCG?bbo6u>N
z`Z*p{xQ8;Vkh5odiK?&H7Rm5KEwCrEfuYLNn4HQFMDXXb&|o(4pS~WDcw+ja$qmSf
zUzuYjs{wtd;BxkR`*W;F{_a@;{_n634lg_&n)KhU5+#CJvJy7N+VS^GYsKH!^l4rf
zmS6dkV@+<e?CMvR(*uf4E*$e%c7uqjo!yyMLEh*`)xEoO8k^D8vRZ9T0-I8UOTXzi
zwP&j_?S``?f}YSdTY(?Ki5u3<H96SS0A>d_L3xnY<i-1=diQ(nqaP>T44b-hc6sI=
zi$v;E@-yes8Ix;-mzNrst20B-|0HbIA7)irD~+jQN}AFEW2fbeMs7CvX{!h6JU$H9
zJ%qq<RvNH|wD(lP2&6jmEwUy1tsdK$uqHD`Qwyz9Ue0vYb2p76Hiud5W_!)Gl4pS*
ze42PW4zuCU?I(p~0YARiVmB@oTNx@be^lQ%Ht)iRsgp@~a(v&daquk>$U>~jv@m*F
zYe32aBrk5uLXg}(6?1O{mPSv?T0p-V5$W)a)w_ZNv(t_1CyqiA-l)=beKLfwiHFd4
zOt!|Fs<hY{9H+Hu1^k|cT;sa`>!?8Y7A3PJtLH}rhy6cW{Gb&C0pVZ1)|hlTI{mpG
zAHUJ56bgWTFwwE!+Lz*EGC?SI_SFc=H(t90xD%aDI}21u&`HA?p@PW35}g~yd^-^p
zw;oD7lz;9chL%<22aO>a$k%pX1ZOuq1?icz<1pod!M%FRNNnuYh$v*y-ks@vCJDYV
zcE041k^ab}7V*Y{%1fEs>YoXzCayV_F}2i|SyP21`fWt*Z+T6pSRybFh4%H}-|Ytr
z`+{Lvt<{&$XK6lEeJfG#wGA<P^^&AW?fIVIW{;%Ymz)Zws+Oe6VozFUbjes*bZiN2
zUKVU=M%*A3$_)3@E)>CA^UWv?Q?PSZ_Yt-UzO@*0*6yYT4<=u_f!P=K?)7K*MxPi=
zm-o**fMZdw?ES7#O7n{r6r+E9Q}+iC=~rVatioqbiiLnM<7s>Uikhytyf#sz|GPIn
z$;{}`O$J#*E-gYJJQv@xsS>**jH)fAAkW{~)-crzCgY>>Lke*rDUKQ4#_WyhwMJF;
zWsKxEEkEqI)G8oqV_LvSNr7_oR)&nbH*2>?i&Is5daIUwGiJJq{sYui70<y{Ih2CH
zp_i9wiA8dYH8y1H{ivJ*S#94uWMC&=u4uCxXz|;#N{c5&W~2YlDEy81$$?T+W?n$z
z-JIQk?SyHc!`5{@!7<TQCUZ!?M~8?Nkdcyjiefhh+i5S~&<jm#2{KjV!eTud>WIQW
zomD~MkPz5-_jp|b=I)&HO0(ae^+Mu6o_UHJtJ@THpyb9+m@SQEg>k*DAQJ!kp@_R#
z-8(URItjp%(#jXnV6%)LJFO%CbM8B07F+RU2#(X7!ee&0j-?*M?vJbt$zT1&tK}6<
zjIoo9#?F5#{ZDZmc7~1n9$&2rt1bK?{OUJ~eKSZtn#)et`#dZ4DfbKX;n{k&FaG?e
z?NZ8`+GEY^8QB<8{=cinld^mNJeVBVdZ*@Fe;p*B(~V5>E)7ZPyHm!uAVkA0vr#jp
zNO7e-u6>EX&1w9uY27Rkkb}~94tHrAiZK5R0&5_plsb-vU!%iM8@=-RpcCt6fx`Yf
zEB{tCAp_#)^pZ@kZ7>Q=Mm8|3FlAwI!*SO{T<L)%BV8N}YEY`>9K({ASyi<9C1QKV
zVgIxY8mp&&^3QnGu40$|Q@sTYAdL7>%-m^P53pA~74&cN{VmxFWTM<Fd)t{j2mcYK
zJhmm%<hnMHhAH`Jo_(U{f&r}$8ueYp5@hIh99x~)o_ga>oG}yK-Fc)lF^cf%n)1U?
zz_eK9N_XV%P(XbR%u@G_oZxCbgfiFdJGloL=y>x5nGkQL9%f8E8;lP$e%x)xbsOwx
z?{yk>eNkTW8>JL@;cD|9M$;!&IE9&tBEj@Rlv0Zxb1xE*`0vgsjW?kz9G%y}lw~4x
zN>+VRxH+=x7!h5PYF*r3l!r+IgvC7|&<})Q4M;{&eVm@K5rygLu7Q*<A$M_||6Ul3
z$gL@I*pMj>{+&oF;{HzXv*JkUp2aZ+mY(I8L0j0|K?*{;X>>coHNF3aoeV|&-+}9m
zpH)>lyV`6jErj?ZL-Mn93Fm(Gj)*+jcOx|XJr5KlH|wT!p+^)+8V}5L#2L{P!-+rD
zvHdhJRYpOYeH8~6GFdRH*CYMZP?!DM8WY@k>1l`JxA946(l=}Qoww9$G2irL5RCbv
zJQRj}P1$fIZiYTfTiK=%p46%|bELMW6k08!8KsOKvp1~30sD?$2dr6Zz#C5CHOeI+
zK|)wh^Tn7VAD`>5?;lbalv-5Y^To1eq(QoHKgLTdWtg7}j<HRp;OpUF_U9zt;sIGu
zB`Bew`Mnzx%Xl1r2ORKb4EUidN<zeTSv@7-$?}_;+St&+vOt_4s2A!+{C&cuDBkhw
zvO=VW8gd8UkH>E+Jp|1vPQhP#2@3ki%UJOuJ5Qk&W?(jrt>eIIF&ELKF|Dw8-k+#8
z9&YSHLnZUTjAUdp(jjudnLve(+F;QACu4?*HD9L5U3^((1MSQfW8rCfdeM^i%-la$
zMCO8>E>q%pf|UXrv-|ZpETT{Llt|uqAb&+$`#nwmGI&A*k(WYuC>>@g^h?iDO{vGs
zVm5W$A+o|zx!iO@oOJs#HoBl+tCSv$%<l9;O2+zS3(lzoU_2<+*|e2DsUaZ1ZwApC
z&}!ga47m6+aPgSElEa-2i$4#_C+pnk<=fC1aaVH({vz-?u?Z53Gt0tgj>q*cpNWkH
z@b7bb{gjK`P@zra8hUlRnvo<;t1?+yTVpKdd7~#rqV6RuySKYG-Q8PX_g%kE;qSr+
zPmg-5=?uDi?;oeX0#7RI&iKe=qHUh7?}2`Eh;|*gav=}a-WUJx&f%g#ZkCHG3U;IS
zcbz0<Ap1sAh8fzql8x!BDxKj{ymmxV?yF(e@koCR`h9>uW)&2S-W}GX!IK@CV;^Cq
zU*#3hj)X+yhaxZiHGGu?cObK~MV<cq2jhRosqiakC3j;yT&O2@S;NQ@@p@lvy#w&L
zw&>2oj=E0qaxk#kY?CE8b-a0Z-g2LfhY~EJ^2Tf}$;L(%HGudf_J<?A=#Q~63%VaX
z#^1|2J9;h`3~4*LL>p_p_)P-FP!X5u+-fkMl67^v%xA8S$n&Q+?x!1i!C$MAhhLj=
z{}4G9Vh$eVNAmO%wyv0eE*i*WWlP8#@gU1Z4gbWQC;P$|N}lpilUr}9Y4FuwwJ}iz
z94<RmK4Yx7l)Vmv(G%gy2#!Plpu*uI!b_m2tFA{~^$NY~{s>BKr5TXt8Pm(({LSYz
zuoYn=k*%xW^KBc>sj%Y`5maA|owY{k6QJ;uJHh_*v%l^=!1Hl&mRnQQxdWHLuW8?I
z-Ppd02mFcjgQ!aq)--_Jur%*Z;0i7!=?8ZQ0O#w`B+tl!%j26?AgsN8Uj1K(boxLZ
z-0NIoq_198mpdF-Nt&dnuUx0YTRGmyPel&{Wo0wm$$-|L{H`WjJMMWXMGh6}&yyrw
zPjID`<Dx#$7N5H~9O$_3oNx)Wr|iNvt%%H)RD=<|zO8;YYB|jJYmd1RzSVouk1MR%
z+j4kAAFT0vLy<Gjo{5+5+q~&_R`$$?UErM(MU*>`f(f#>O6C|;nk)oxkzAQqqMBxl
zN<{x-unv=)(higU)c-N@*Hb7Q8bC2iDcfjFdLZjr|2ovOFNZWVy<o0NP9gl}QNXhB
ze{?xHK$$WbNrl0$>h)#~@X*)78T|wtqHygZIoj@RDxBA88(p8D7EO2tX-_qn_i-QD
zz2fM&ep{RWj?@DLJSlDkG$0X2{N?BT%tyd2^A8}$m8c`Jnvg)2bJ@_VYQRp)Y)x9&
zSQUR>j3+kaSs(v1QiGNwJsK`j;!jPS7a0=qS5r!X6cZZ%vjuzAy7*RD5O$Pp#ZUXn
ztwWFYapUXn`lITl(c>7RT|C1#JTepfqDCnp5>F6}#)(p2j0y_lp|+3943kP!LMtbB
z`^FNA6S6*GKsKk!V93$Y;fJRl02Q)_+){4&QXrKdrpZVvCg-~65qKF(>_KQal*5t}
z-1*GvtoV%V`{qGjo&7s$TYty|_w8ko5LA(eGej+63#@dEPcvGZ=KZ~l$Gfv0P)`e+
zmeOxm{|Z?@pI%R6!qrImFL;q+i&{^To|*YaNYR8=Y|I!~vUFpAxqXk#8hrZ;Gh^n<
z$S)9O4cmRvH%BCfDH1k;q&nB0oT2DgiiWh>qJv%n<F=JQZPtARxxeITC-6#-LFBW#
zL)m>eX`If>?6rpQWuKbv?WXfyZgnD?<IbD;$2g;c)ea}5Ba0Vd+PYezJ!zt2?PN2U
z=}=`QchZ38nMTCZmz!zN<^t^QY2)rx-P_H<u#IS=i0r&VfXG&NIwELS@jpZM=SgjT
zyBRq=xrZ)XcQXt4Z?;l<+aq%06ap-1t|T<&rJU2(OE8q{M)rLkxQFzIVS23tKd8`8
zjFmMo8$282(nB0Y`5M*?S}!*5jV`3Vh#5JWn&`MLsOZ`wQ_T_}s0K*<PGwGx+F@|O
z0*ZUsOvQx=jKS!IH(Fhe;ksbL0gKlB2E_4z)>D^-<dGhYT*{(0G^KfNHd}fr`;N+I
zNL>`>P%RMzdo}~Qhsv}7<5mmz=N(1$8I0fKXI>OAp`43o>H%&2OU?*gEA<+J>#{;4
zD%S%MVK<Re!h<9-6x#0ySC5YkS-;b`t+!XEW!d(5Kla?!Ro214O$zGWtHj**t5RTN
z{uy00*&{PrkZY3FyOs6qJI|ePq2Zc|i4I*p88&M(?J#Kme+)**MK6P_Cip~)p1gJ)
zirINpLe7`~<Nqc_&L~PR+?^|$Aq&k&W|fu%$C*aZj@)-`ZABU&Ok2dAZ8IeMn%|td
z?uAS5Lj(Zi`_4;lr`ew;Tl=6cHp4y}s>@A=u<c&T2fY6?3ozr&I2ylV^94;Kt&yeg
z4>Y^#{`wr(zs?g0`3`{-hJPi6CvH>PNU-nMnC(As*FFd)?-oiUpAGc**5u0*h_i&F
z=xfB4y(sy_xRh43Vb0pZX`|L2b}h5BYqh?YBSV4~PKPw@R(<N1Se0SXeP(diU_E=d
zh+|-bv+!dA`MHgd)-x5ntaa13tCeOq`RJt83kqHbahuC({$$z_0)N+OGhvv@tQ7Ft
z4$2<M_e@#GoTXjoj7>IE7qnxtMQhr8jWbDuRmNGKo52)ZI@R6ve&;J*k(7GMVgtSH
zrTUh-<u9CbTTRlls>P)Owt(K=|Ft!zm6E+|ksou(fnTqli3lXZk;{{TLs?rPvhZLp
zz8Zq1&WSYy+^QHKRlArV5d~!E`T?{%O;zc@hy)R~tXd#89E~rIip!FU>aFZv2>b=d
zT2x4j*_kdUW?G|R0Yh2Be~;isgixDFc+`E`j{$zCSCI@1@gii!R$oEHC9!mFQ`43C
z<IZBB{Ug(tEwV0)b~fwr>uD6I+GS6!g_J`<RfRP8Mey^bCx+L<b5V|VHpR<y_h5&+
zt(h<BG=U!Bj8t0W6;5R)c!hY59R{(VZ!A7<gt{O|#3F%YtV^&r@aR#$X-9EhScx4&
z!tSfm+TiqMtD?YyzBM^*8#In1LkG{*v8<fBx%V3f(_LgjjUL`)QJ!d$Xn+P#Wk_>L
z8xY;KKvXEisODmwjOMRhqB$<Xw1f~Xi@<>m&>@sSpiU#E^caFbOfWo#E^9ph?blRS
z?Ch#!q%0_~!jTB_*@wEbzKc8XJC^kKIJUfsoeha8GvJ6Rr3XANV}e@;N46FRfyT*i
znrO`{%H_Y*BrFdP7dM~N>~pc0AGrd3Bl^>K=G7W~IFJVrkMcK?;gzV>%zmhHKQ4~e
zyW_#yj4|%RX$`S|gAegrF8QNV&zXc+GO7nLErQ#ii!z@L9I)R*9lkXL-#vDn=F#p8
z8W_Z?+UVPl-y?zR^;oif+KfNw^aqLMH0`-OUMcv|L`P3!asivUIQ2z%tyQb9rb&|u
zS&_duP@nrz_WUi$?%dIVxvo3&c7~7S<^{@f15@m%ZV8!QHpTWYC@b&Zc3GFCt`q+>
zf$1ppfb3Q8vc`)mKT=J5<kpkpGV9!+=q$m9Qx@iHcQ$-MRM(G9`!kn!_bPyGHSRc`
z7)l)k=-#nx@Wn6}84-_jWDcC18jf#U0WlYxB@q*~#<Z5WT8Ic`)b=Loa7;=B%gF_5
ztkknhAs~Emn`rVZbT<QGFMT^12gK}W4D{fpZ`e8->@5fS6)z^tP<2pmAk&kiK+&Wb
zSTWJgl|grZW55S=<!3=a&gXb-B&VKj94j=J5TfkX(eJMeUy<j_U%!m|vLk|oFL>w8
zCS;9>2H7AXDUeV5<BoputZVgswhaS)73SR10$v`DSKY45m<$th3xMO6`~pC#<dn|^
ztW^Br;=k#4?VzgB`u9qo(Fu1=tZb+<uSPIF){Oak<FD#ub-O_*bK7BZtAZ8qovPi3
zR9s4iQ()-XLbHv1$4qR=VLwlG^v~crQ$KY{9byJL7>=2q@vOQN>&aPnmy>J8=h2=&
zL@7?C{IBrmz2sSk$1rNr>h&qE`LOXaZ>Z{Phr?9@0sR@5e(&xz9xtjw?In=YAJE@b
zmdDFl{dwQwKuXP;WoWq5N=q--MDma?sU~sjS%XH?6F8Kz-H|iE`~qZKt$G2{staU?
z%r6EK2Sp5t*RKdd$N`<j#25F)tXxBeJqClyD12Z%{`Oois+_{YyhOx_AU5hPxkOC%
zjK~0-K31Y)@oEDk698<&!CA-#``DnBdjV!uyW*XK_pb?u_t{ijiVbeCF2?>Nvq(!r
zDttLd#U6ndJ~S&@qvh{EI$nnp))|;|G#XrOAV+>zWdb6bvbmVojdw>aa!J5R*n$@M
zDw)yZO|I9g^iu-|jY*BRv@5iUVHGg5)2D`v>kVZxhL@79J6l+Dy=1u(yS-?z#%;%V
zvxE<zqCGzTo?&Tq+t1>CgLUQ0MwxQ{VekqPf-Y#RLAIYZZi4oCXCITl8a2WAtG-c3
zH^rpxWC<J2I`f>cRh#jL>q@RV%AV`FCcc%F?(k6I4;{jw-v%}2=Vx9)?hF$;e-qg9
z(&O*Ah&~ew#Jri!SG9)DR$=Wr?60UDxSSt8B^7(mB<NPNx;aUf*_W;^-uJ8#syfVc
zG@xG;3{S%a?67|Phf+4*r7&kV@qs;$%ez-;El{q{O<n`+EZS(@8!WT*1?^_nI0fAG
zFPM%#bAYyurfRl_KCt6KhrR)`OFh@aUN)C=!aDb0y(@1T2KcM&_ISl;LXtl|%`?sL
zed$F=4$TO?$2i)|<N?fCD;)s8ty=Htk$-`QPHX6rZLZn$4ZE=Djmy%WAj_mt5>}VX
z0Ho6BOHz7m8`DW+wni@3=1?9X=42-{&d#I#E*e_S%5b}~KJsbrQCy_c?)h^;4~z>H
zj0-W233bFbJ%9HP>HQ)5hRB~{X3dOhyVGb)T^5G@(-Z_{RR$|=^2z7opSrYrus1x{
zxa2lDGYqw`F>!Xi{dC)Q%MyLY<e2tlFNI10MEV>JuX?DaN!2!M)y?-y(%ktvsSXGy
zwe9EAwSf9L;aSxD<<C2U-x<&1FggbCR&NYnip&IhC?xu<1&TLYuJ9FJfk^+}84v_r
z${YfzVRr5dfgd-J31VvVkqHQ9uaBHdov%Kh!07~Lyf_3L=D>Wh2t#(fayKqEpU}Ac
ze8~kSQpp8V$idCnrMZG^m0HtWm~U)I!BY;_>v?1H0(aZ!xYzq#Op*jSzV*U_P%Oyg
z%QL;7__yNi?whLbiy)PJ+bw~A+#uV0l>ZZ<KK&<tN@e=(z{+tMcxsx<`^TXK{}=JF
zr{iUx{3sJte0x}S;0p0qv<#Q{UiD^wu0oTJPPPr)=tmV1|D$grAZg+OL9%9T;JG_R
zl-4jeSM2V@ky(qBDW=~fx4?6m66(+_xvL(*v3~dMw&<Ej#>k3hea_HcnE<H9>U__0
z_ide(;vf4*E`hb9uztoR{<3w|*LAAU0N}*q0?4GHUmL7gxSRmqo{x~1+(=LP8VVx&
zU7wF&W=AQ=Te#YjV!p*>cv<tn&Q2>KzD)a#4ISbh)CWhPg`aIVvX=d+i|&*A2I>At
zj1fSO!+9iSJEgY5*6x52oL`yQr)Ap>9;RY<2JzV-wfa=xrX_C3e7>4^nG#k*S9tPr
zCehDPZ*}Je6VRQ?IN4TTXd!tJ*FqfPH)iscMh?q9t7PzHP2i%hIBqTZn0=a1OidbJ
zHIqfdV<%=O^>rX3^-NaY(wORCE4Bp)g~doE^PHEaw)6s@b<G(ZO7dKVio<vgN~juN
z{jj;89j8Na3A*+Xe~x>w039h|pF7H!ZU{jqB{sI%axYB@-JuhXC!ps>GQJolG6Hqy
zVr(yH8Of*^60|@&A4|LR&1KC6i$v-J;gd=&&eB@<mVGh!Ax;y*>K@CwF!8!4dQNgj
zQfpJ9XgHa7F++&-rl8QkY=~e;3pGv5+G1NJ_j0_@BG65L8r-tAjtTdHlX8Ow{OuWH
zfVxxkvNS#(eJ&CM$?o%zw9?am`}T?9uDB)<--d|Sh@0?d4Sn}ORL#L^am!CHRcX()
z*;D?o{TX^V9&4)F)4cpX;BK*DgE2aZoe1uG^syR9uAXn%)R)H!p76N^LIj>5Xtfic
z3oQ4XRQQ=01e+j(kXd#%Emk0UM~ygKf^u}!-`pfPmYeQ$EPK$ke9yZ!|JXlO3HS_^
zR{u>j)mr+QtOIcuEpdb;x_j@hJ_tYIrQ6ma1=>Y{@nGDQ*rczP2#q|9E)+H67a+za
zE&jJA&%1?ib>*2ef9;~zkU3D~eNS|=94|_&zpR!|N^7;dPICe#SXfpT{yY5C8x4(8
z>DCJJ>+|Gme<%pNOz;%!yE(f234(z+xDT0Yu>AEKOBMx1?e|UF^o;zKiB8^2=RO=@
zn#fBc*eE-wThNIq;8M|DWl88Ii3_`=b8G|pY5?SYeW+WR^~wJG1Ds$0iM0R*0dTOL
z^!>=MkDkOm9emLWr6iqGg9hA3q>M~a++*$7WQLmIa<YlwJ*DM>m#HXNc&5S&Z!jjd
zhv?u-!EYui2<AF>%2(tiQ9J6ttgd3&Li{l4(vFh=_bOMJV1}i2uX0!a+=N`3Otkpg
zo9Xw}@qcM$j^Bm;B}m40mTJg(J-ixqy3lbUF0$VPN?nPArP-}Y_`9;U(_*nDK}nC9
zJ<}x^LJ|}sG6&!@39w=w;3yxPvluPonQvK(#p?@8UU4F|5nHG#b3zW@{`!j(whoDY
zk@z(Wo6~h4FMpQ~`EcNVL4nUFQOiFiPFMH;1Fl6x2aZe&wU=S)7uw^hJ{T(jB2#T~
zRqI}n#Bz2YixRtMaTJFbjgGJ4hOC3Fd@{Nkq321n6qvS!o_m`s<h`r!42HxYO;m!A
zRe@pn*Sf-HR$#|{y-GLu1XX#?tG^0@X3w`t`23N6sKsOweH-rUzI-4%S4jz8UP?h!
z&3bpQ$!!R*V6CFgtkaFREW!c!lVp#+%i_GP;1qCn9u`abx?Q4xU<xiV{r1r1IUpq;
z6!oV&dSi#9$1%)6u*{)bFq;8In|>z=Bz<ITkkVP9BK0db!IO>q)3PV%=iz<>V?eX8
zdzSd93=Sx>uF-SMC!<blb;m=CWjh3(Y20aL2S$gHX}=Dc%NFLku<5Rj;1xlITYIhR
z^0O*6mQjo7Tp1A-m5hzUHuNu5&2B|WupD4g&;t@rjesCbg1Tl}Ez9=|wUkv6Qo5(#
zpRofayeaX_;89u?2ldC}At>M*M2`GP*D0xhUO@X?`4%htMPPgSXI4(xa_c!j@Po%k
z*AxhrBxe8WI~5GVBJF2C$Eomh=x#J3FuJ@rDZf;3_n>Sv@4;zBYF;r*hZzCpWABeT
zJ99KyMFrWoGyczHil`81<h$EpVm9Le7zmLbYAE|1JgCUvJaDmGjp@nC3h&ip5F|)B
z@`5W0N(Xf7iDlq(YVG}cpV6<c-i78{$JSBsqL1RNh1(>;pXV><o5U{j8&3c1v@^+C
zkSr~4q0NJW{;Fg&ts_1(%5+`L|6KY*Q{Yx?2O=4Zv*MnMy>>_X2Ku)0RHrC8Pa=>b
z^jg7Xp=(;|t+IYcjZ9WBtu+Qead_Uml%~@Py1K1>WNeTVQUtlbMkU|^Q3ztu7`qMs
zRGzYibtwNn=8qQ`85qp}iKJt|e(UZ{z{ZPHtSmRgc;`{VZeQ0d_L`ydnpVhVO%iob
z3xFzZPGaYZk|V^j*?^{T7FIGROPfGClzHX0t$D+SH?f#y6s46U@jv>hZmVD@DVpOC
zd?(29y2Hn*2m4=`^{vyzpNRORE~b}H^f#Zw#`&@ba3lv|DSeVSr=XI@PpcD^t53yA
z3oryLKU5{Y2mFDJqOZ+2B#IA3JA6JRmG=&I2@hq^pbgd!#3mOEkfd)b#@t*1bvl%N
z@Haba!14RLAR$CEgrP_Jwk;m`4^RulUw$*g3(&p$Slm~MBYI{ehe8y8y!3*oh`@ym
zut1Wj5cxl_!;ZV=-^MG6>$a<!1!N^tN<2ce4sRpa&G{`T-gwAY*f|9bEsXQhPaLz3
zFAqs49Nm2Fy{}_(YJ|GC;<0wFUS+8cJC5n4H<cV?fTGKO5|Ttu9Q=jd@jK6j(NN(z
zFD(HUsG#qxKgY2>iIgxL7dTOkVoVpxl3si->7sfKg;5}eVn6XD8^ih$iBM{1NzojI
zm2^5@dHS((kwyfO4H;ozEX5acdJe3_F~uPmk`KQ06}F<dfZiK{bVoFszdXDg7*;5I
zsW=`9kA}^sz;@GO90{ykIGtQt66JN~I*0mh-SrJ0!n#oFR1~$O3g>0?{-(_7LB4yO
zWsKYF#C1VNPr1(oZA>VU(5jxLY+t3LaXAR`#~`aTD{1LT$;uL*r@RKcek0SFNNRui
ze9Id!o&KrY`$()9s4j@~2YN9tgWhjbm)6%KS?Cd}9ZFzSwGg`eFPMCAqtE$|8^gZ^
z%oK5O{~kS?11XzxOILNJwsS;DhY1S5`{9?)(w-bKH4}1q3qrR=Obo0G<ENK<Wfc9B
zkCdA0r0Fh1zLJ`yc>ROsr(xqg&YNr@u{lC(60wAt*6oUi?pZF8S&Pg2Xq()DtYw6t
z`!w2Opg${$^vDvSh%0lcV$*s^<BaU4J8_uMGuvCq)^X^rJ0c3ri}*=H>~S}(;a79?
zA_E%V{J>HnD5fUIUg?Y1yFcQ_W=KBaG|p<I<f%P!ySeBUQ|yP!#OalnJA7=*y41Km
z6K3s;RxXSSaY|V#pTltnFmxayiuLz;=f93)vyYptoNV~cu8*#(S2}5tK+obhM|Qc)
zcyk0$5t4!BzPf$05Aeuf5dB;vv~Cc(0us3Q`>Jg4I9BAz%*jO3<=MHp;OXPS*49iG
z6UqDiH~*fTGs*a6pPJ6iLr%jJ5i3j4drz>Qn|m9B8COS3d+-R_u|ODKatG0ruE@Mo
zb4dyd;U|*|0bS^p)wey-iV?#NOPdIfvrnbPb4UW0an(yLg>dk`)2+J^9&U~6BET}~
z`3X(Yo?$=nGnq~`JJARgsTWkc!nht*F8q%#FJ7G7WKgXHNCKRV3r~AeBv$EYfWGMm
zZ^Hk9%onIv8a?0XL?raf6XAa;h9jtUcPGV?X(qClXz=i>`Dk`Ji)E7wOTj@O3I2{i
zFJttIX<aA1Y<5qu>c)^A^Id82hE^kDQwMUlq9<o0c@Sv34reCS_t*XW{uh%kg|W0x
z1s*)3<2-N1aZf6(IDBvdN+AQsLiu{?qdbJF`>n$|YfDpD_aUvP_s@f`ufr6|*QW&f
zEoyS4(!WH{!~j#5AL0YIQ9%vJ6j;T$tMNl@UnPcdvvuTkw{{_04#d)?e?lRnXt!VD
zuMX<>69X@>v>FwSfflb$$hLTe&~)^p>brVTZf_8TC#?t_K8iDk+vXI9GUYL!Q>A4z
z{_3kFCP7h?#E~rmU^VklOGROcaYOgWw1$hCU=w;J5hqDzpvOw!HcN2KKhKkS=Yb+H
zjay-ul^-iVS{{{z?op+IwK4G1<QljcH+fNnR3z@PqH_#{?s*%IHTeSe`(;XaN}O?H
z&lGbC?$4r2K%T4H*ZVU_@5|cHNo<j`yFQGfPaV{c{^6b0+iXoiMoE@%=93B1se#yH
z7P2;nT2&E{1Y`*mX3bw3@B9UnFub0N?Ba68TIyO#&VRPIZaLJ29@(O0pPZj2aBI3h
zz3tzYOlg0ksQWoWJZgJ~pg<_9sn#M-o`XvO-$7eQNGjlV-E!T)A}R)>9S*qvq0D0{
zbmG9_6xXQt_Nt`UpHTUHa}U+6<|&>Rwc|JlK~Wq8Dfw?SWL09`YbWj4Z1#i5EdsAJ
zBvI_`L}_5Lu2XcTCUe2;1h{N3{^B$|$BS!2`Kwd#?aooM@|3J~h#74aiGwM2o&>xG
zoA@tNHq%>}oVdkP-GlN5LnX1_sfIH(AzVMxQDrr3LhJESmNJba6KyFN|1XMy;^Xht
zAz*X#8c=Q6S0(Ozd?s=45|d#AIJ<iyiP&(=sJd{YVDbxXvHzFkO8Zw+w(au^b6q-@
z0MhO?CF65kIn9?Z$Vq7&oL5W4Yf5$E$l6)iXo=e|hS%y7ZSG>VXrOvu+>Eqbi)J9K
z>1w(}Ns}e5Y^5Hfiq=9>lpYjS(?ECeNA(^TQP<4dk3FBA#__V)NKn>H6uW)L@^a|T
zM|zL+S&V{p*<|d{f5_!gwC!oH;Ky^O{$FfKu-(kbZ#I6e6JJretz1^pTtKh=eiZXb
z_>4I_+QF}y9-8{eD*}$e=@M~t7i>HkziEZu1ksH8o(0A)ZKhi^?pJ0x{?9bz`4rM3
zCRox=yI)oqN5B@hI{W%>t810FYcv_53&XYCGUYDqD+Cm?q+BM{UB=8|2jmG^^DwGL
z2~I|qn~iojg>APjU$gU1pyh{smyEezL68=5GoW+NLU4~F?v>b@TR-i^zh#K+xze<T
z1FczoJ6zu>U2+L4Dw%lnPi`)~>YVh&>1#yCuQNr5H<u-s053tS^uiPb5%z^R#O8Ak
zRAz|JpFv$*1;kjapjaeV-y9310Yv}0HAhY@^6>h`Ll~_*I-+z_DQ*i8JCea(T&}Pe
zt3N2a^xLcVqY=#tFGCK8{%CxwI*S@AFh8)o9JH_$b=7i+i$qiizT7&tF1*gt7a=7g
zJftEo3d)_Z_7L!<;4(#Lf>H~5Z?qGee|Db_eE04cjWK=mniu)y;rmqpWTy5fI}_|b
zv6Dm(1>r{M$G4DT)2fN?*vN5NY|-iAWyiahkdK7Yj(qmUVOd$SAS6nF9<{xClUvv?
zX{&*h)uiA&|NXaobIRIU$I$Q>dwL;F!njP~wzO#~A}lUoJ!I8d;!MJS^|EhuCD=5I
zVr(hlczfSa|G?(G>acYRWL9P9-^kZdW}64jxzk)^7`2W9mJ)9Ie<~8mqRF+O(xp2P
zrf)=@-iSjsFygGD@g)wcCMNz2f|>t+C>@CeY?lB9-yEvA;ShS6jN&fd`hdsBanU0z
z$2LfcM*GP#_8PEb@M)%NuML=mQ55reMo)q^8*yuaz#>#O)pK>qWve78Tzd8DZGJsQ
z=fy~NPm+z2IVWy!{<f>4!1p*-aipd0_DwMJ$|aMp2Y0_=@3(aW4f6k6Vv-hkxroi2
z1=Y-_ILno!%9~LYoB=d;imD)yLhS#jzDBLTe=ZwBAv=?2eMk*asow^vCYCbL0c3Ny
z$`(-T)^RAIL;PE+wi7{4r3H3o;7y^eX-bK^K`yniWn`V*goUdly@+Y|L7AYa#kc#>
z1BY2+p+Fl&inNwgE=e5`1I0j9AqUUlJ%8A2cHj9jRz>3YF@!GXir)ErGZhuoOEA8L
z7nYLqYM@A<6Cnky2g|55u_8uC{-D1aTXU<wWg=1mf{dX{WtNN<vgSHcJLE=9+Ha`_
z4Qr9jPeQJMw;NJQ%=hk^C9zcnR0;O+<NMi8jukA-O^;U7D-g{I@!_E-Y7f`#wbsZt
zpS}Bz%Gdk7*@V~6+xi~8ge;gjjqGpmu;H1*KoRwC&L0vze#XR)f4|!B$MX|lc-%oG
zSXtjKY2r}Dto|WFSLc?tnL-w?#xVDwNgpoblOY6>$ccgcVz3v@vIY&h$wEgcTNH_I
zdP?<=D``G_N3?P>xp@P7280Mpgiv-zJ2rv$gKTTtyozdd-8mt=fg;ImNq!few5)*$
zLPtf33~Dci@U7LB4*GOlLH+F))>^xmRw1=-VIa4Qq7=65HeT)Qoj$XX)3=NQA~HRN
z9Z`-|S?CcI%1%FS$3|p<q^2P9EGgwihVq}h&ZKCq8)-BQ7P@HVaorM9Gz2?@9C=ku
z7U&c$`z#1pMixGE`!r;O3xp>cgsGaClA8FpdtA~{5V_;vz&;U9h$E39>Z{>p40L#q
zovD`OJrE3-49*X4K%yXQ=|Z^lI?szDHN!9t9<kT{3B@ce;)qj3#~&i)bUaZmA^`C%
zdHH6PDv{c$;qDTX*td9MB0coQ*l_CDTVJyFzjzC}{lTWT@T@x}h0h)HDPdkP5Y-m{
zvLYmh!XV%aWaWd~ZSWuJ*a{Xp^<YPn;G+Dtp*U0N!PiQ`RP8p{mb|iL!06K4`fo*_
z>}lp2dFKyyW?ydgFA;v#asQ3Ud_VqM7y)uy35RATG?|k8tz-zDxg-0Bf}WM<fH~d}
zTTu~tLTWB-2|#JyMHB(ByMqX1RTNm^WtHT+gWv^|kjS7F^ag@RLxC4Mv;+n18sUij
z`t|ddY2KpfL1MmmxE8EPF;JR;7>ih}WzB^S5KQ~cG>r37tJZ+o7*P>PP^`u@eY$3s
zHrVfB-Xgx?-OVI<ho@G85WLd;AoBiYs+N<W1YYy^xcr+$O2hg6(yQHFOQ&N)IeT7u
z==6h|^nWkm8{B0m%6+tvmKWpoh)z_Inn7r@`H*{Z5=S72tQ-v)-WPfDy5-=^qYk2{
z%#u`bLC2D%hEft26JwResou>H6|2{t5D(2ll|YqKVaaBQ?YfmLFeylaAXG(cyW$m{
zG~eXYn#Gn@Q@Ziye+fLu0Nr4p`DTLBDz9UW@TnIR&APk7s>&{L6<V|d^QS^b=cT_#
z1q)~aVfC}Il)m-1)Tkk~c#bgDq|p#H3?meEF8N8Z5%2%_3m)Fuc2zzu?w|qpA^&N9
z{u?>tR95>p<9MbrkNfh<_AO$f4vwTBFY<NZRo9{TKEl<MzT*TJkSylk{e_Y#NFjtH
zsiPxFDZjlmsbw<6C?+V;j}lSDm4uZR<ew`mqL=qiLEHL3WK2Kfl-@0z78jGaYeR|^
zAIB{ls&eTrAmD1rNbq5_OzgO0ip!DwQiOJ5(eUEGIkSH=bzS@4Ig6_IK?B$7_%9T?
z<cClnAeE#bWuHx}FJG%Z_uTCjtV(ZMHrIY7SrHV!y@+67NrRZlVOU`!J&RGDtdGk(
zo4ps8?AyDWb=H@BB<%18PI-5W>qRJ)GEEbCghh{p!^d>XTc<jn_0Qi-F7c+zi)hO!
zAghj_=|n50>Ylc!+;Z-_&ixF!+}e3+)Ai6DCw;`wgjcR^)@$209%&V;ffw7rKb#7V
z>lV64A0|mEB_NQacDYWOpFeWv_mjVX@Cg70RNoz`<R9ah+y32q&)ZJGUdDNci}2?#
zB1%w;|Ct475kAIB@BYdfS8(t3vIz4%zV=O9=qvFt_O+=tmnl7{RDesPM{d2`_Iuy<
zc}MJ-7U*J;y8q49Yq$OU((~7Rb6Jn@rg|Fk-!{vO`}G|m5rg%Veif`X;pfLVk-@g<
zC*+26$h41w(gC2=_s)Fu2UQ=mzbRQa;Pc=A!_zkg#=$*bH)=L$%*HkvG`4LtY^)|5
z+qP{Rjm;*Fxv`DLcJglf{D1G~VDFusIWy<X+<S-Su20oJL<|_x5E=iBjFJe1=<UaK
z)V)M)z!rhb`1)g)iepW7G<%JlFQw%;R<@|LvOGV(Jba{__RpW=vhwP)XAhPn(lc&O
zYT<54%7miEs;o{1SaYj$@{~#RU=nGXK4yGnfQmH9Y=?;@yO~0@C_xOHL(Pdr6cVIr
zm*8Ro$;ohTJr`^Csb*9!-f3G<Kb>ir)tV6P+C0^oFx^Wq4aPo$2o>F65WcCphvz;X
z(yd0&%e5KiarXK95?y!XWz`By&Rg50OBa^?`zhnbV^N^s)e3UUYS6a+`>z8d1Za+z
ztiiVrO(&QqM~B^%+IR464!KvhgDOZwu84#$&OI~O6e(Ww6n1JoullMlyAp)mOQgAT
zd-=$19d#_5tvOGb^Cv&AI=>)&@DADJ=yuWMA={k>2C{V=UJUDV$?8_OplRBx4{4iP
z&A)Bn5VfFtdl<!~*Z?Fqj;;a*O@>d~oTa<ge=N7WUC$BfOI+?Ug|FUvKOCAFtv1P_
z>_T_DDPQ?LZ@uApzB%P>uH`r&TNwrp7}jbEHAGI(yg&}LQh{#gk^OeSm-X>9+3b`E
zbOdFMkGp1@-C@!OsZ*jYKF>YhuXlz(bt(Y-l*45iB_uRBvex*F>stARFobW!h(q!r
z6yW*08^Q|dxXQygzlZ{U#WJT*jqL;4L8XrKk_I@@3N-k{A;NU!ZFfow^N|M!Ps=b{
zt{A4-z5+&hWvcT#WQ|L8;(e>JF<#W)*UKQ@Z{$oEC57zoPcJ5FFuAPK3`fc!HeO3j
zUx^5~Ik;9~Ja36SO(zvI?<sOBlFh^8&Ix}gUl(v-a6L!*cDr>42a)J|X!Ja$1nIyz
z9(+GNCz#KFSUP}A9z%W{X@)vX<ZVX)6+5{NG33B=p6cWPyAYP)6}fnJM=Yjn^S2w8
z(xuE`R-Fna_o!%!C)6@^5bkSGDVm|i(TF?Ow^pW?lPA@6UbaX#%7V^$XWuK%dNaZ^
zeWZt|1h9omj3d}Z|GIo{aca!RJO!KKrBKi0KOr^)PFp=)uP+Y*z<oZV7b`4!Ey-F%
zPFdg=VKqd^@Gb>PDq8~BNe4TEkkkW+z7zIHn~FwC#dP#z6&-<YKcX5SgbN}+9wLfR
zqFaKxP$*J?qaBLWcYX9@yHtL{{nYJ8wxl(N79qkYW+f3!w0Sn=OcoAl8e~gupAKyK
zYxJKFkYf5&a!gv<fF+XVYW>Pw?HLA)+*D<vSK{iHJ3M&!qMDf5+-@2y)jOHpc-F*6
z6Es8uZK^bfvrS5`l@%BjUka+SE`32go%?Zh1{65s{x$t5J2kWSjhe`mZr#>K2-$DE
zheTAP`ERp+uW}}}n)K=@F^?-wII+5JsDM)M%>_>7Y0%oZ0<bNuqQ-}VPT|{^{F{pl
z?kOf#A)IYkzc5n6@*=(kF+f<Nf9e5A0brL3i~Z_{Ogj6i8@^d!{yd!<)O@)}5E5j)
zch$4W&-=Sj2nGv1GP36n9MtjB&GBQ-y}q5n%XXI;raKDh2K!nSm+DV>m&!l8I^T78
zI^Wv}$Xv=Gpn_JKB}?a3Go-0zAZA+yg|4O)C}h@6^7Hk8fG;QwA0l9R_0NAjdo_K<
z=?2UOvuzwDj3KNFUfdw~qhnh+^YJ|JzcJTby+6f|vYNsCcoiMm)q2=-vh(Ki_aS(O
zDviQgoJSmM?oOb`iZEeY#JE=S{Doy8csCny*ma>xOrQfdU>NuQG{Dq)-}MaP=TJIK
zLw1)ztp%Vi8paOay>eq&!UsoKgNqYrc}a{vV~Z8RQWE1j@Cea>lBcf5asCAFL_R~+
zjxu5bJ6AE#uqW2@;lZYZPqmQ%n}fMYd7&-KxENjTUGLY=^6b8jgiET)X!sw$%^FYq
z>DX7#uTInx)V)szqq)LcwiAahA~JNe5Kx?@-W&_Q|6U4TmI}uOyuHAN#e4_(xV`Lp
z!_lN7R(k*Td|!IEwIJMcFJ_pYI=Z+p6*8fye5x8Wc|V--F6AlCtJ0p*c4qfzN-F^0
zeUTD#_L(?Y#0FN8OROHcSK-VV;M=Lt{xZ(^u=wqlJ}c1>$9o#k^K|e>BNRK>P6N=g
zCp4Vt(Ku4uBQjHEmgVQ~xbh@1%Hbhrtszj)ch^lWT>-zBKYMNvX`kX!f^S$6#!_qb
zv{d4IKN#pFlZ{0p^Azp~W{UoBMEnafs-1(y<Uq!D!oCpx*_7s3Gt&@6?;kw8!)D2u
z`WwNM|5Y>+j~@@}`){<h`<j<ZA4JW2yOc>C^gXi!+OFqbl<kY4cZ$ccX1=rTftN!O
z{p&Q01)V#Z0c;ybxA#*)46jOgOQQ+)*GV47obANJNjS5I)!S+u4KMl$*!=S~dn3Of
z#!3QvB47_}g-Z2w<!jvNN(K8yhu&on9$&f5O|JSiGPZfw+q+J-myf~JX&1=je%V+5
zwR3mZ=klS~WxT-qkc^*5vvRlwb|g~ZP6yDoaCr+97%|a*{Q27XH@FhJPBT~pZSw`z
z4qcjI`+YfMq4yga8`qq8v0hf3$3N-LVbrB9B-6EhF<e<t@;Hd%Op|ZeL4DxAl}m6t
za9XG{-xBWY5jaV_HfL(1gW;&M-r~SR^1c2DPaYwO7(n`|O50+&HF)F<%ACY?Vc>w(
zXdSY_5pYbo#W5~Cn6Ojcyd^o*fFKN8ZY902x@P!9s;)4L7_N&Ay@o5PZq)%ng!jrQ
z6x|!M*TQH<;q_VK;gV&8<`9ruuCBs0^SldV(^pt~o#mhX;m_ys4UmOUKFiaR@5(1~
zNd%<A@kz?r<*#4C@$+(BK=c}VT+{76M%0{_w?+G%F80^%_wdx+u$ZOjDqrTO`g82!
zC}Ki7Cb)16Gp4-PCnhC_4TZ4N<-p^Cqs8u+oHa*Qv#fVh#?})wv@bEloNX%y>?oGw
zgDJ9w?ARAQP0_V9T5g|0^Hjz_Q%z}M?F-6tbN*Plg#n@BD8X~L4+*Au<(38884L0m
zM=sqA-iSHlZn_=x>-JhheD5oR;ABc4Q0wnXPcXoQBAY7z+}<U48_*o@e)I*OMoFkA
z=lq?o#%6sCQ=>Bq2H_wtnC%y#RpQt3hdmX_jKurs>V*<=X;>83Ahu5o+UCpkamK|2
z45B$W@TV%7EU><PnI^<ys(CNV+w<)RgS&3xctQ=}Q-u+jqN91_Ul5723!kr$cNFvm
z=YBPlu<E+j;<Pt)j>G^v;y@Gp83>GRvA=^qdcGePWhH%OyqQZ<i4(r)xtmxBBZs%e
zR}3FHdu2QE2?~a)L7Q|cC}I^v6bV<^kL9~Hyoylo8*NU1X|E$&`5U2zFw^#xVbJ95
zFOcC02a2~t*5pkcp;Wqw%Dk5szbdsmgE@3<`Af3gKB^@pNyuS%P+XpC$QQBf+aA!J
z*3{DOLMT&5t#W%uw<QzEF22L7WqH^_ZiMFTkotchVH=>SAFghRec5K6x+EtJorzpN
z)2RQu&jI-DOV!Wag3NZ@S?4eG!zqMCS7Gh8Z7ZQ}gnYVLt6tAO*JB9^_Ggd4{awt_
zvhs3rfd3Z-K0453&?KXkp|nXPQTM7aiRy2BeFSA{=ou!(wbq>FCW2X_MQL8(ZzF0F
zxqfD9f9w)w54a^vU@@}~7k9ECG=Cq{GIqh=QVE>L2IIB^Apk<odt$o>3<cXq8!DGG
z1)SaxN3Hma%{d$E?sPGHFU)lE+QSwlIpSU-P+G@imJPb{Xzb}OlfduZa+yB*jVXM5
zL6;g^^w5Ao<G5E|HG=0dYhZD;6Hl%1N8FE;TGZsiG@^&->htmXj)bj62Pm>>0nWUl
z<^xlI7lB0=x`SJV>W!+qCOBDiPSw3jPn**g^N@^f*C^c1XwAUzvUTR+dNnQat;3Oq
zPQBWAe+-vgnWm4r+_kW-)X%e&)5H))fD?$dq1_oX=<I}?UE?_x#EhnTBzU-kSvTu^
zQds99;B?A!3I8o~N<wOZ4Gw!o6u}5CT#j{^fh*&sPeqYEN=biY>Sgucf+8@%4_DBN
zmZJFl;pKiGG`nc3DcF954F!7PQeDJV%Y04PD;v!DKF2!A;`WCPi$SkniY^&6wJ0e@
zD~1wm?qrNPHJ}JewS9b-&-o3N(B9%^jc~dIR%a;TS?|V0;V4RdUAr<gNkl|OE65#m
zRh>>ng87Am%#ZS60)<J1i3&wDdE&sUq8`(a7BFGt#^QjX@v}Dh|7&CJ<a-QvNLJ2t
zBCXZcmh5@}glXsro3@4WFlt#jvja=qp1%^hU62&Z<xI>Tfi#;8Vb~kl+2m8dYaNQl
ziB(}(VxayOw1U2v|JF#Kle%4UtnKz)f=Z~gm#fd*u;v32n#hIyT1%b+El6I@gEc#+
zq}Yf<m<DV+iD$U+5oqW*jCl^F)Xvnt%mnHQoj`e2-`~Y?41YtZ*8hPUV}SaPT4q=5
zc4SbY_I>Q)4gT=$<aQI=j%AcHx%qf>mG;uz2p#Y313Eb!Z7RD57Q2%ZJ^!O|IT~E~
zAH33<GM2hf)6Gb}D&fR=3Yd=1)Pdn}a4|KR+-WkVs@J1Y)|JaZc)<~@TEwL8UIAzl
zTX@{<N1H$t)xwoh3sx2H3U{pwc-+8wK#`zt{60lFb0?e_PCgoqfAG<+8AET58{~k+
z_4FkMz@TtS9N~Y<Zo?j!0w`#1i0+>>C+NDtfh`*f^o(}B7GH&G9}jXQ*Mh%VqPNnh
zf!Hh?B$SYr@&XxC&M%PQ5AO!aq^`||Qn7I|UOvIis;et*Ns%XJO;-AXC>MSjDzht`
z%Q!sKSyyt$vJ-f?-&0!#X^){!I+3YKo+BQJ=7lUnt;Era0zwbkq)fS=*;LIFkQVxc
z5Dc>Q@xm}iBzTYpioccqaR=iT8k;PMd3u=h>fsBt*TK;LJc1*cx_m0q+d&5&>=mgV
zXe{6x-fGhN_tjjVn|4lDq7l6eg#%CyOFzl3WUn=xEW`CIr>Nialg>DWE-2&{*ZE6N
zhG`Kag(4!sp~3eg__yZePh}UBvI*a}<^HDIm)vcOGcdQ&iJzZ0Cz<Y460a)Y=V?1{
zb<FqQF2pTW#SD6+16Wd_$fn!m2TpsPbP50U1kFlft&d#EX9;8k3QC#vf!moyfNoz<
z8(xhy)8#l5as8TWyS`W;1kz{NIi{$YBag~$Kd%$u^a);6B_s_^DNY+3$rM0!wxP|1
zB}~zvn_fEqra@e7c3Wb)XS?AMTIC>ro2D;#*nA;^H0*PpFkRq32mDI_)v@B@b1krX
zcb9gPvjeF2?YOm22JmYM@Gi8Rg>W_r7Q;Yp#LG<7v05Za`JVQV#DOAbB!w0_3?>c8
z)1qH~rGNDQT~?}z7TA-+M&R?uv*93b2Q#oSig-=(qgpr0G9>!{Huzf*s{sCx-{424
zVd0M_NU}hK&@o362izUURyMt3MzHJjGBM}ldgRYi1o<+nMU`g>PBG&ql}6rCN~`jQ
z$*X0Aes7S^_X-it=tJ+D(i8aKKaLJ#{v+A(@gYTC9ksZ8{2jqhz(^_aDryYK<|iuD
zt%?-+0cq7^F@y3B;V%7OIsvCK7XAUHTdCZiX21S<#wbc5AIyJ7p-=W(1my3fqMNgp
zQQ*f0Im5IF<6p-9-w)MM^i!@1AwsSKq<@onH<)VR^O9Hj3iehO?#7G9h+!g)U~pgS
zX!MYs@_WFC2R0;||HW-^rj9_R{#1|dFOJ-_%eL10kRn>OwJY6Aj+}ioeS=tUT12wn
zgKb9PwvmW~DIy%SARAuWUHTy8;HQ5^vk7PynEAI%x=^64=O-CD=#A`C#pB+3zVyj%
z?k??a47N-ahR69IVN{#LHsjdMN!8zs3NLdGid&j!zMkyJg-gAe=%K;A{BX%mjUw0j
zn^Ns{eu~lV1m^n(NeKnOKBDYXLaS^eE|+i+eoKT@5Y+3<Pt5J3IgM9QwN(mmQRKoO
zIxwY3&363#TC4rPQeZZW5)DcmvGMEno>e_ZZE0>U(ps^ifsMxOeplzc3YqKM`pVO^
z*R`dq6u}hNbfw!OcG^Cl%6354y`e&newF-n6Sl|0YBA!P(0jscoB#E(E~NFR>Azb|
z-tm+B5~G5_OhTEO;mai@R0QP_@v}bHjiic(8od>d*0l?4OZjqC*%$;%UCzy4+5V<Z
z;viJPO4<GSh5ctUb%f&I2GX*zYEwE>KgQAp_@<cxyS`e@nvk<j?K@X9+jFs#q^10M
zr;pc2pR^vSBO%y^>s85uptItw#zQgCNwlY?4PA+0{$HfvT$aaPAhY6Ay1#BykUeT;
z%)QvwYzGmpQ7L{_0oYq~?gq%kA6>qk-%GFE@vhcsTxzC#R)yZS(#%Bjv@AEakluu=
z4_*ftXn$xXQheF>B~{#%a<%H*jkN5IYzb4fBxc+sGUIH3xyZm8i0%-FxXmuK6jYMV
zs98$VD8%;*&F=n1gtpPJg8UDLxoj36#yAI16^~OffI?}rKwz7j#Rx`yN2|PIXb0`=
zMHl7p#$>E)^rtR;lBaak5TA6K);gh?jA;f-&I+xIQ!XT`5@?}B^|MZWd7&gIq8$3i
z6V))tiBhzeSH$6ra=Ann{Hgu@2HM^gJZSxFlDIxkpod;92`I<cyL7Fj^a<wc9zb0c
z`K_{!wZ^vU|2q|GznyH2<89z8YFi+iGIq+vfCZAa1BCXqtx(lwK!UM8kr-23&J5*t
zO1wBD0YpwZ=~AXj<z&w+r>8-B;fSASqUnT~KQ*)}52a<=f~`}4v6uLc75XCr^D{Xt
zn)ow?%8V+b)u%MU>#|SZ)>*m4U2<EUfDpK1%&d9)AXc<YCD6MvA{*~C;pP&p>Hjd|
z=|~RY-Lre!#hS8_hm7Rm24fgbsjy}}sF_3BX0@Qj+uuleDh_{rsko(4Ea4OTr|eA;
zxp<C+^iZQBsPnYLi=Zl!_kw8yd)e5CyXVft`Iqm_hQR5<nvHepRvUlO?}eA03HV(N
z47<%$=?+%V)y&(=+TRnDepUcBHmWX?P<14F-u$=qoA+Y{Nu?P|M8=;>`XAeuhJ^;b
zH~dKPSn{&U{{teszT(tDnlBLdO?2KZ8q-@MTD^Z7_UTrHoiW*>nQ1ob%PAbt{9$O&
zzuiFd&Q(3GGY-7vQ&xPp(!0LhkHwxTo+@;i-0DmGZV?o=$OU<a$^JfrU&miDOl^L>
zwa*v6f}H9I43$z*2<zp@5Ls{K-<(hv6HdogmhXk-fb}$Y=(*-|R}5c7Ronu^M+-v1
z6g?i^KyReyd?xqjxeoVP$v$7<vG@mS;IjM}n?z9h`XJ8+zEI>rB;+ijM@lxZW*{V_
zJ@U{ZS2_LTN+$(jwXerAM%UMOCekHYSX-ZVVNr_>cvviQ7|dwm$g_LL=HgbtoC~gL
z!ak1`_MlRhr3Gd>5){a~>FgmrNAfVCo7Fu)quWW%gw)k->#$Hs!P<hSfkU!xYuuSY
z1N?t$0oS3_%XUIm#%6RFSLRIW>NYnYPH7;6e%`1<4h6qr%R@;G=X$g9m3QP|eY{~y
zoKC^H*iHM{;g6ZPG&=MF?zGC5vAJujVSFLh5qd)}b~^!t9^l>7p8GHxjHuuU-H&uz
zo``ljAmr=J*KoXqo%W9v7=^9{xHjx5a`!h?6<rN`*sa{<$733&WJ#PQB9Mx)?(YHW
zshEh^8>$_?8^C`x?sXb7q9LY~!?gPnehBmVtEpU}l7Xm=Nz&#cAz$ghr&M?&jT??0
z8w56(qPSGRZaln@^5?J<xo0f4Of3q@p*K}Wvs_$jgyZ~RafOSV2s+Ms(~D6XFYa9*
zn~|R+1o51z2H`u~4QIvMWzS%KG+ixWa3-}Y?}ku1)wTH#wrl-4Cs5H!O0v>DY<f?B
zh_z=wKIeG*l~<B<KOl<Yd@w!VOvc|8CiBY+MwX3lz`&fmGY@1g+eZE>m8_Odn$!}=
zjywK4)3h5|?hBdWf^6)`kQL$Kl-B^628T3bSpr6WU)-HweYpfk2PoQ*`~6$cW<ml*
z^NGrCl9U)z1&XI*-ATfDroUWk@3tE?<R=7`_;bec?-oTMrpeE5i)Yu5QQx$}!&}(I
z*dU*@b`kk<cI#)?y%1`3Gp1%lP0_XWL<iA#le0oDBJP~b{!6a?ml4johCCcQcaHf+
z#SV?)q>wrN#cI1LnV;f_r6E?X(+AtwQx*`e;L{ELebV-RGFA-Jq;B@Y(STfja=5z!
z+i472OXM!g%4Pt?zDx=(E%`zqT)`{^8RdM1Lmdd0W*T_-GfS0Bjh)nnreG^7Np)3t
zXUuWEe)M>M%LQHy;XbmgbOx?9>@Z#o_)=#W4*K%%!ymZF(Z<5EcZ&xwy;KYWnX7<Z
z8<__|)wYUl-(<pEzGJUvYbe#ejhJm=Oa5@pUX6D+iJ17mG`~XtQNAk3jWY0(>z}mV
z>Ct@h>6_LTGnozf7sjm{+G#3PZ}Jd0xaKDF?DOeD^3~~b&LU-7_r}(o56K##LIsyS
zH&ibUDf`)9<wpFlLFpU#Q!lsV4&C{|tx~-&L*4$RH3m9@4s2m!$8SZ*s}7nr$GJ6Z
z5#_q__@p77${qR3G#>l$$`@TJATM;?r!$qYB&;Vu7yv#r7clLu@DEn$Lt+?|xoplf
z+ZHBJO>M5;mp|8WSA~U9ugT6Pa-)fmY-%us6P>YlLYmC3KH>3*5FWF<BJ9kFo<ol1
zgq7OecAkd&SRg&`Q}94~*KzD(KVycMZc?=Ahg#HS#s1_jcnl#RSwVO`wQBgPHU~!3
zCCpTe$M0|$jxgaJpR*d&TK!WoimEw&V7645H~p=$Oe%kZ(@!wfcQc4LXR9F!Cx4X+
z^6Pj?>s8bqI<E16EK2*umA8+Pg^iCF$SWf2%5<CsS}YtEflLH_`}n-eWe+mVXI2KF
zXE-5*7K@neGQ#lzC;vw{p-!{>Fl~nmofz=NSj8oVKYT+5$axpbQZZPM&IKBdyY9H5
zV$5XJFMnmh@bj`qbNI)QXZh_@wIkd>ho@#0|NBz^)_`&4g1@q=(%V;r%XP`@#Y}!5
zNC|CZclvQE0sEhq+3#HfReAP3{DP}XO`@qrnu{;<X=p3l+0?3~Xy|gOn2(NH=)ES^
zk7zm0mAoePZFC_Y&Z2pn&lol%bCHepES5d3_x>joB<Cq(#^hTc{k-uYYt=Uu6zG2d
z=!`}{*Oca>cqzb3h6V`e8$w&z!!%%cSd}Atc}%wD{lheM6oy}9F_*7M^CwS|KkJkJ
zkM)_?c6`B27jIUZ`&SWx$*VB8If-n5DalC3rNmlcqj>4XVz_VY;rh~qaB@n#xtH*<
z5s!%|puzEJfzm|E@Ei49cbAddSs-%(azWlKDdISHv?idy-o8q%-o}JbrJb;)dbskK
zdceCfNC`0%4%su!JbKdozgqK>U7|+NJPJ&Sny)|9YAg_6<9<BPVZBnx?E2s{g5S3s
zc4!=g8eKqb1Wp3nL)l2HXX+iNco#?~Cn+&qjc|P<+~E!>d9)R9pG(qn0(+;?A!(+g
zBZkZ_mtD5lf&DA(4DqV$yQ@Nq8=?khEdEbYhvA>=n+j;^X8fk8TJM;^08eI~Ds1!k
zSgP6>H~R~mB|?Rf($4yhEF=O+@>2t*RADTbY`XBV)p#J1N(BeeULk!F1w@IV1Nrk~
zMFL4!a)cgCL&~Jp(ADSs64lZEnH9!P^YO|s^hf$`a*1T6NBSbTfiB#{B(3@M5wVOt
zra%|jXWQ`#L7t@h=0{&!SZEKCL+iBg=Glt8{kRc%Q`MlwiV>;Z;mk5J>gz$7hf<kz
zxXM9-w&%y7$I<C9c#x{QY|*laGa+%~858-}PTyvr2b;L!y+rv(CZxdJtFR4J*;H}w
zUYcEb{+jpIsM??AN5uZ5>@M%IyH6!ioHTOwI}Q!{&u)$;<E7Eqg2g<x+V?o%XJgzC
zQ2#(o>wFu^FhUhPCRC*t(o~aJWX4rfB3Lts6jMsY-CzNQfu{Y(9LXFk(4|a!8mH2K
zIztA1i-_XYmikY;>?gSjqHNuVqs?x^2Kv;yy*uil*Wy9ccCLh;dIyE8A;*8SgIEGF
z3Jt0lQC7<z6VkrhBZqyOBu3z}#cyEK54j2Qj0Q7z@~_>#8*C9{X(@kq4!M>B&v(+u
z#n{Ib>;48ooAbseuTjC36Kyq9LDpln6xIxcElYWmb>AD<m2Y>HEzr{926PLq5eN`>
zJq~o$hI|0SvSgKe?9HPOJIfagv^bfa(~W45-G@9(Er2729KD-O?`9a6H(`wvvduHU
zsvOi?VVXF`El#0(fi+592^7$WRbC;awM$sk3PS{%AaeqWGpj1_lN>m({)P@r?fIwG
zs4d5nl0SJHv8xX{H+;aGn4Ol*mLXY=IiEL%;qi*Yj_rbwTg_MCgE+S`6QA^7UDtzq
zsygJ(umB78H2vB2*+ucW{hhpPPppl}9l1Q8JN$-VqV?ML{yg^yS%7N21C>Fy0b5|q
z0hR?MSHUL_{NF6VI8^uVVY8#w&E;Qu3zB;%9|nI}uLJ-hLXw%P?CybsRu<w9{94jv
z!3FI&ho#*GAh!=oYx2wn+;6+zye91yYcMf4PnS%iC4x+?mBA;;jTz;re}uLEr(%fv
z@1R+&i;k~x>@=P8(YMkFNjF4povz8hzCV8*D7&7zVwSIW6bw>*-8xY1xGDX1Za!ek
zi3=5PmEB{#A~HCaLs|)B@t~5p=G4pVPaiDvzR=)2I^&1n>+j?=ha#Yv*2~;&D;cWn
zSS<94A?_<H3K%jgeO`;|*Z-zV8}h+VL6ZaS)D`?9*%tPNvvu#OxsZ$jd|>pA766^%
z_Rd;lAB15>FWP=NU6NTOy35k<Y}0pi#2mL57hW-c=sF|*AGv}-{V+(;wMSuj{zk&G
zz}kU-r@j;{<fCQ-wEQYvl$?QFsf(O;O4)k!h+0wx+qH%MF#C2Uj)n&YBzB!Z2^vwH
z)1`zNKq~xmgmti#(6J^y@cio^;IjZYmL4V1B(Q2hdYQA=$jYxJ`o8cXG4Zq}cl%Nn
zHe`iv(ZnAt?iiBsQ!qjeAy7Xak{$jo1#i-%w0*~;zqyLe!%J*)hhv=F<0=F8WD?Jv
z%<lpLj7`6!T=3b7nA{N*j8zS)zYK6mr<GqDROcll$(zyDGUswWi#l{l(Ed;+1?l!X
zS4v>nhpgHYe^gUO==<{#jGq7VO{I3iT5GGa&SO(i5^a9>LQGP`=}Yp*GAfjL1z`_6
zRo)<gmoa02tP9#kEkv432FHG$5(UZh1T~qQaBgGq-8xa+;zebdD}zgY59|@jtXwX$
z7s+x&p7I<qIm=4GMMS?du-AIU%D5u3--07}r7fgwV@-0!Nne~QUTJ!?cT)FiZ?Nob
zXOfJD0TT^%*zqqOKMAWkLG>0MnGX&eS^l!v2m!6hdp>g;H}S;(aL5kSFXVLMFVEk<
zh~RK13vu!EapgjU@^1@s?Aigv;Xj+yz!(Vr7<A8cJotHKaz`TFH}YAv4lS!vl!6Yz
zI$Xpa*SKj=C*`oID4yERojZ&jn9qFNA9vatS?vV=6wzAdAG3<oLC*NLI(^0_Ih7Tv
zm_l9&Rfhj64ouNP@DXz9Q!fFbeHQZt1~O!R12Oj2A|OjrV<Y;LnA~w!Y05=JXf{&3
z6?iUwK*E+sTRhd0FVt5mBwWHr#(phfZ%>gfa0bJafzsp80ETInue|zQgx2{}1B=Dr
zT1~9`nL@w5t`Vt(2)TsEmyR`Ua7-*X>R-kMoCScQLz<t}%HJPGsg?H=F*ST<5LwLh
zguK^T9Ls6TanxUx<Vi>nZMp9fJdY*|_1+Lz)?m#2gK2JbY^%zs1v2?UXZ&>1+uq;!
zFRiUYl79Uxj+?09mtwa2eSvu(ym`774qDSwM+yRKnPAZpO*YjuTn?Y=kDK|fy4q}d
zr8^EW>sm`yyB)Xo^O-hjSQhNX9mkGBnwPD`anz5qMPKUu(UH8V&kPhoujKx}X~eZ)
z?@A)|6x5Oa0^wCKw&*8SK36*V=eIhKr$Bw;?(Z;sz}D>VeGR3+Tw#psJ))Yn=&_7y
z%H|t<+MJezaBM={ucw|vja-Da`%$WVPWq3f#Vn}fX9yc&XNA|YFm{I${wm`39XLU)
zR7#m%q?d9PrEegnal%Ft8sO=GWR-X1b|v~S1J44RJ0lhO0Ph^~%ZTW!w5X;CPCVBw
zDVeKMVdHM?#~)6rjp$PPt^`X-DPTMU2rH+y0+iJxC_|ckQXZnCen}u%QBAqsmRy!h
z;B~DjkXzXtXJ5sMR4HD<zZ_k|Rs4a?3g~S<CMaZ3N^-)WJB~d<0twTkFrxA>5UeJf
z_WgO<Dkz<n8C`jWXIW9v(@P?)to)tBf~=;-(=r!3|9V{ax18OJVhmlr1xxGeC&$+v
zb@r*>ydn5fx{yzQKYfNL!YGn;uPKi{8x@e%To9eh0TN+Y;NwD~VwHKGG>7&u$-&VD
zl~)#BTN4#<-jkzu@~Se4RFS!1>|*Em2^f5C1Sk2$GX@I(lA^+^OP=A$Z}4R!@!Ke;
z{ov#ms(D>}HNavZ`IK29nd1{>fyEckA3@7D*HlJ(MU{;UmkGS{h`w7EAOB@_-j=3$
z{rl>Q=wo0b`l07@2@+$7upkQ9d!nb5D$@M~=EHxsWp77{9ctPek9Wedv1q8>f`_ht
zt+e8nR8&Q-2Dv^rtE4*2Fdrvyo<0}&r(MO3=X#S493k{Z5v<T~|4o{1y2KltA+#ud
z3Ip{%k;U$a-V4}%3N~A1H#$%Jv1f;5nzW+O5NQtU;`d?;5(!-5*=?X|nUgto$}4tN
zq{fd61;<y&Dwz&w`I<N;T8d;ZkOn&#-0PPd7$sv2eEdh7O{XNceIiBEG9)NVjI`N4
zJtrn~Wb>^F>!SNFR!^kW1@$~Z0MaeKNXL?7G%AqP>A4NQI#L*E2!VzVywCDW077MK
z3&FFTWAzx|*U!4-?XdxKCOg-wA`IGOLAALQuPAd8lveZY;i&^`$Uc<jqSliN8FR6z
zDN(z9Lt7oXkpHS`SH&<}{Ekj-aO+w}ORZA4FI~Ki$xUE6jG)&TA&MGnDBBtCC<!~p
zCOuraP|v;L#36z?_n?vv-2eJgSGsSzj{Z;z{*&q#fPt7(8g-t`pS^BkmaJEg+5B@V
zJ>7tnre@=fJOJd&aQ#u&;hMO3^q}`w@a|9gR_dKJxm4#qIqJPiy_AK-i>Rb-H=QyN
zK{)G%gRsSueurFgqneK8Hk;wCpJ`Ap+)0QI8jJHMk5qs_(Ft-Xl?vu2yH3mgWXEOy
zByX@(ol53}zn!5jHdkH*tmFf_!<O5S3KO_Fn4&@#ZrmWfgt1EB7bbPWn|5peIM|Or
z%mRpnCzvJhowA53a$YqC@e6@|%$Vt`ar<a;a}qEVU%7lQRJ7X8$R-l+pg3|^w+UBD
z<n~_B2)z<xr4?11pLW}mxGZ775&EM|%&J>_tAq=2O(oAECKN&!qP26nD*NMnehWq(
z+}#@9bWOy`R|nT+Cg&9d*gk(cN)>;P{Nq2B#DrH--!KsN$i5o<Eh}HPL4!8@wd#ke
z?BH5d%+@?^Dq7~pWW|tYo9wJKc(F5ItWD`(NLv#oC{j5)MbU!b!QD@{*p3lL?DaPS
zisv=aO)yIdeeuUM67X=Rk7h-Lqq98h__Kp?Ku@FZsdB|6oNDK{2R#;rI<LSl%asV|
zmh@cF>VRqw21*rR_6Ax&qZcQ;5u&d-x-UN$*CKZ4YqIvLDibLvHUDcZ^e@B{k7PTq
zPRz&iISO0ZQ)L?LQ^pv~ib0EAAtYzOFNp9}&vU{$r-<XJNrLmK_uKH^^9?~<k9wT8
ztK||~eRDT%++=!oB*3_7RJ1Di#%)$OR^OhoWxXXrGmM$MvNG?wTtP9j-qF||$Lo9S
zQufTC3Z+*?=c0L2viSQ5z9^%d=ke#viFt!3nsn0S?cF7el5q~2x4Z+k&k<(fuE7mM
zsPR9&XAT!k|LQfPcxot(v7v^9B_&={>)gyrd3`S?A!=M6)JLE&X?PGeLER>}*<~}x
zucFE<sh6~Lo?MCV0f7Jo@1Q`d0!?DKa(^$O5(F+7HB2iq#RuatOqp;K(uR#Ze#GH-
zy`n4a+U}OQZDGfG=bg-=CzXejyJ0K{gGr$?T1|Dd)=c8LM(B=mrW<7MF4wPfB7A0(
z;u|gUr*wz^>ucB*!luil6rVJZR+f`hT87eQ3@)Pb#eCnMMI9;;G;O1){Yl)D!;KyN
zeRuWeWGQ=je(=w7=bw=P2wK5AETPc##!rnDVpEHO;Z%bu38g4Wm4(-*Ifa}a!$V{t
zP-ijv)LaM4c2i*(rKp5IW+Rs^HY7ZcM*-cOvaD7?(Nxr9-z;YqLa1-PlzH;)egQMd
z;`4$vkH0~c{AKeK2v!N>iURl~Ow;$L?U$t`U!R#6RfV*~MbbLrx1nU$T$H{O8XnqX
zkSVWz-H7ZLRFQjZtnt1;->Dc%A4Gl^S|x+0lPGMF$in91aAXO4&Zm4r)Q_fYx@l}b
z36E;wApomhE0=fH90zS<>=;^k@kwCw3Q^G_t;LH&mDUmAIMN&ZCo+IXA||#n3oPiT
z&0A3cdTD^-WO;Jhr&4-3gs@~ZKmLB!&?{u({72AEzl<nO>|a(IR6+{h`YU<NfUL<L
z8p4I-LsYZXsIOt-l|7F7oJwZn;)xY+pLdWcunH`efGI`fCt&GUj=g@fG1`>TP74H!
znWQZMsffJArN}!@X90>32BkE0gxk$l2coFsng3=f{rLs?FvaaQS)n?gs`KwVNg|`g
z9WGU;pRu92l0S~QJCd_tt5omsN|aOUXW7Jv63UJI{!?-X@F@K?ZJ@f7XBybJq(PLT
zn>&sTi5R~Hfzpb%xQ3~f{dB0ZuuE>6r40;V3jW}hInl%t_a!QvV(d}*v*BeOYd}^u
z5+J-d+>KYXCQvYtfA0Pr@e`O?17}ZNkXE0Mw|rXMel1qrCV?MRGJ0^$@P&<8D(eEh
zo&BZ5bfGm);1e#c@R&8sN;T_=z}c_;)+<Ko)G>DK)d0`!aXguVZ^9_*95<M};A+h3
zvrtHnuVl#%%1UF<i4qqLQmt+cX&;G0PNTR7oJws4JAj}{?Nf9gJZN?0)N(*Ujr8}Z
zC<loUo#oj(uCSo<(h$XE@ZNcVVfK^0SHj{OK>+0$m<B&Zjvlq{dQo`bHDdn)Gr2W_
zcR$dYIyWuqSO^M-_`P;Dna3Y7Q@Mgw*3wSSvhG!}@f>fHC&RmH21LmmZ`>n<8Xn4m
z+wC$84%x%~S?RF9#?{N|_~QM`DoS2G-x3d1B;T%&32oy_c?tKI#7$y#NV5waxO|!c
z7~-JFX0GR8I`V;Q#ZZzma|ZI-wHnfPZHcCLYc|3nVQ?-<di9=SZUxeYO@-%n(S)NR
zwOSvdZ#?{v^2oL$36oZOea?x~c{O)4z&mqNRuWm{Y!qE@a11-wj2SZfctV3|K1f!3
zCk3Wr8^wN3t=AY2r6XG0)o*M|DvT^ib4|JZf2BI`%xW|EY_<u5x6zR!{3$0n2d@>a
z+n{nE8@ax#v28y~JUFKNftfQ*a0Zf7Y#>z_WDHmuyS5dugwtjWy%9H3(e8n8d3r2;
zpd3Q-7HDy3+<;Z3R7U#(ry@gIsntflz!z|0L*(Gcccsx3*Pp)euCL4#C5)yf3C8Bc
z!Z8Ba8WXC^Dl1u0P05BG<;&f*zY2JMECXN4G;C~cURbo1fP%qRctP92-2Vy2AtYfz
zFmxlC5U|Z&Ol8=FgsgBNo5+WX3Mm`cHc?sGKpXh2Knt%vioOrs7GH&a6;hA$Dt_0c
z&3Pu1U&*cwn}rJlc$O1(7O3ixq0&x#n_()~Do|0wC}E(kYDh+FHWDa1cw;Mu<SC9X
z75O`vIXo95W^IXN=iV2)T{!^llpsCR_*rhx$c5A%_XC)cIFu80jc2CVJLHPw^o@x%
zbUu$h$kmH)B>Zddg8f|rJ5LzCUY`E__qnSozY`OfcS?|>!X}9firqD+y!J2^{MjRc
zEEc|skY{isB#?>axjczys}Cb>Qh5!@$p~JNz$pXQcz=#I&^PYvE&64Gpq<cZ#<=Y+
zxchv;Gi0Q2vlKBJmoHHLO*O2iTG1O+zE{uZqCoOXGxB)>lXNMf?SR1Yax$0gv?34X
zq6nAoRA4#~p5AVgzr7@oiu}Q3-z*|m(s_8vQRlk3H2t?7SH<#QYbSGb5a*BK`8Y3u
zdESdKF+7*$St|_io-TwTY}pQVfVc5})!!pmwqF4Z(c<<p6T+q6Lwi2%%JU}tG!;Jb
zG+rRP{9|c(_Nru2J2Zred+JWUz$-L|-c5&hiEbbW{=mcVKSI;Os2`zKOjT0rp;4hJ
zASwTT$}>$}#chiynivjvvO8sU#$n8jpsia$T9M>$HQ(PRB9jk*vL9t4u4Hgvz>k^z
zGbmN<)Aq7s9tH56G1HO1$0YI-wS0*p{U^YI+jl)2-Z`t`2p3fHOkN;ooz-gfKQ`SY
z;cNpV#h*e_YH(OUVr#%|iI=%KlL8CUo8e4*lJZE`T#WLjxSOMtBux0z-;!M~(2eh}
zUZNV><WyuQUQ`szx00O?0QUR$F;UVG@y@>3+^(>ba0D3&6wo}S!#*aZ;aAljeC%dx
zCa2~NUy#%0lu{dsJ^zJHlxxjq?f^|F#bMXYtFgKcPF6QdJWep!_Z`T?Y6HAe!IP(m
zJ`DKHC*C57kTi#F7i%{<H`(St@@V<=I7~n1N-X@ta<Fp^q8BM*HiE0nX!DyiMz@`m
zG<i!O7xcONSLo@vaOci9w(TCKK(~PVZC}dT%Wr>tZflfKMR2*mWB8zb@J!R?&m(cv
zhh6oKwCx)hlL*`fJhIwHn9n|sHQ?_GNh|FjWx64n#A+6-$Zdnk{ojC?>wYgg($*yH
z`V3t-=|R<2UVWm9jrtM8jPWa^x@lk*xI^X9r2KyDLsomq6&oG*)9-)|jlAF2L1Qez
z^Kx=_-5UyQM?N(0i<v7N_T&p#BuA|eorMbRZ1JlBlH0*%a!eyz9qbpw3_h#_xCj!-
zgwe_%T@CNZ6D|!B;cg#V8Mc&f9(DjIunzTQVJDjib)&7R<Hvu)9{6s*I$6VVCA}|k
zjWaluFUN?aDM&tBYt;S`0{=Qy^9_BtgM2=xwYTbA1!=EctS&)+GmyCT&BAaTPgY2x
z^`-${2~*8c_io|P)&3!|VBVZb{(j&*?+pyi;UvK)TwqIp*2GVBIg~VSQ64GGlv15Y
z%iAVSdO>XplHk@H`pOdvSkc~bY%bu7sWaMmAx%q4iPd($6RP+jh7-$wZ`t9sQt%e7
zH@v($fo1vr{EV@mBMUw`0X`z~eZr!~SfY-CRkxp`Tkubj#3fkP*VZruAvo&35Z0M>
zINdzoH9&5~dyhJ8wyE;F#Ynj!M<z?d83>NA35fDA2Emjh<}BgsMpVnJOZ=*O4<0f@
z{;Y&09hcFa`LddT+S;(BhjMF74nTRN53^=U(0awG-Iw!1%U-=eJYDc6^qCK%th4%C
zyMpH(cgVvG1Sd0U2CO$EUXs{NW}=ivICF}x%ATht1$?FFa?xnW;Iv3yAX!qxO+l2O
zzv^H}25q)D>RqDx(>Ne~8>a31;Ir)6#^}c6<gyldhS}wJh88C6xnK%T@?ZsDwGMoF
zzmy_GU95<yJBl}dIQj2j%>7lkl4*zD#v&LN6KGi~y2G|Bve`9nsCB<A3J)X?GYP7%
z{0g4e2&Lhl`$n|Dtpc!`oGqUzO9h^98@tIRFpE`<U@jy@)6c4;#T(}>Bqu#=-PAQ7
zEc$cFGb))67UpKx+{nOt&E6hE9~miK^56=o9_5!jJ%3}BCP|60u^cSgE|QS6@kCNn
zlThTC76raS+N|&!w?R>X*07gOJ)(u9chd)HCiE;r_P+gX+Q4tyQG_Eo>D|Ivf+d0n
zI;Nxz4yq@WA#h_r)&((sDDU||8UW?UD|RrKQ^*W_3|+|tGaqj-++s#hGE_Q!`!XGk
zfCN@SOJYj|ifCm8<wLjbp)6G_GI)-3z}6#jy+oDULNO2o4<Zh-=M>#VzY{mPSf!O(
zbVCpS-~dC{kMpnf{3PRxT?P|b&VS`cYOJZUKff|IOE85kW)3>hF=dpmr-1pmqavhX
z1CWg_YoaT+`jnMc!iikoTiC-){8@~cir_(V6z@x78Uw$v+rN`|9?iF64vmTXEg?%l
z>cqMz@H?y#11#09za~b|XhkV14qKi;yUCegvW|pS#X_T9$hs+$Yyo5u><Wi@DNbwX
zK1RUUXCeX*wtzpPy2ZD;g5OVCo$%#tI=idaD&md;iOdZkG})>Fa@vz1$;O`x{fhb!
z=#+5Sa(7)!5UG#jt>@^tKBhO38dnjJ$%6_FmR%Hw!>1*XL-Yce$vx&V9d#Y~geztS
z9q=>nUctG}VQRz{3}(sMBG2qTGKwJA3n^--n1u*jnnd}>ojG{?l$V#i#f$%=ztIUW
z2$;gWLJMj{CCBmi>92l5mlp%%mUjM$#`4{XcgJ0U0$#la9Fkbxeyj2I=G|{H7^aNk
z&~I^#vPvX<Oxp^XLeKhM(Ki|Iv`=q`F&cpoZTZ2~&0d++G6KHxYU10D&<7JtxwKZY
zs7iHp9f5Fewp@5GxuHE&9{b?6UwMn36V8y>Ga$5zh+q6wcg<+5&!0W&Mkirukl!2g
z8@V)WBF_+N3T*o<3RZz-GKA-g-fd{PRnuUs8$C{2&<W?F=t13Qu$NuWPo&`<&UWJ(
zXdNweed0&c)?+y`K1#Jb2xx3q8WAl~4V71o&FRh@J4#9Wv%t)|{c)I-8cjA+XwXTY
zy!B2hzJidv3Fsm9WUq;O#GnJ=52rFr-|f3v=P(@>P6k}B6m~cR8>Mg61YE*!ghf@v
zE}b2&4hL}D&5smnsD(<a$7|bTrLoo!n`dfyE99y}e@ajqrZwhY+i2mrp^?vyil!LB
z0z1B-^WMOwyXyPa0iYYD@%W1ed;|zP`f!dMl1NugVIhf#!sF@@Oll+zk4J|b5AyWs
z0-_tk!KjeHb!_i1#X8!A`T5Mfyo+n;^&L_a2TeBJFS+hVx@YAca}JZ@k(N+H$J>x;
zy`z&;+^{h<*6D7+R_K7Cs;a7@ii!wr5_jdGxwW;)!9>={Mt6=Z<#jM`3??R~Y&u)m
z5vT;TxX5`nPc`zQ3n_n7g5Wx>ffx!U^<7?DdqsE9s8_+!s%u71?rQ?>b!BF>a)bN|
z;kLFuW$h98i5G-sFM+yLjy~4SPeg+xrB=d4<wKJ^X??2+0Lsbe^@hO~QZ+!s4hj4>
z!|{wzpf?2YTs_l~O5SB9c65nHq&5Ag4W!Vk@fB63xZOTnX}Besz7c^_Jdzf73#>Dm
z&mP5ghJOE%&9Bo%1^tSYw*+kVPc>AP7KO|Q<X2Rc<f&{Rz`YQ;1P|kI3Q@_Qt@plD
zUf-*2u>AN}5R_0F+#+)aORU{(!6Sob#7zg74d?|2W23{_9=D~+C!NQFfYo_EaDRmY
zoU=2*8cWlwsgB`>6$STvx;R*yySh$RO6~T~wJ=TmNVIn>N>~1VL#NEdyQ-m-!*faB
zw*Dk^VK_*fPTk|wYGfLH6vlCaggJVwilnWjRa#wL+|-mD9uDuJ988ihJhikW<>JDD
zP9=}uNZ!=cROkKbUM!zAa<WuEScFf2prx(7)MSm<?s9H=xji6p%FD*arUUZ>#$FJD
z8q)g)^8-AfK;YI&9mQo2^ZbWAD&cr*Q`|`|Cd*3H-$ty-NA~aYGeU!C;3`>3&52kS
zoq~J0N;)t!oIJ3s@Ql|t;Y{!W20iaHae{%#CxbO|N8Tl-Dv58z?i6^K+m4Of&L<KW
z_5m=ml8*H9ilESPAj>o_`;|ip0d~pt2l;1jM_wUj3oK51(K7o}SAakaxX((9#ev$v
zyn9h@@DaZTDUL6z<@7oB5wVmQ{wmGrlND9E)mB>p_q_cAQPrihwb1?ynE(1b`FH(!
zDu@zSJf-$#)%Y@8uOvEp9J1E#k|0T*`qes}50}hKV7)QIlYeryOhv+}`yksRIz9dK
z1m_N-2by0=j(2)>HKTg94p%kwC3}it^&R;w>30DMJE$V~=X_0Wr7(d;_lJCVO!2Z`
zMv2jfYX>-C>Wj>2wtcf(z=}R2ZdlFIp9&w<<e-Au!a7aAJQx9P#1JIfB~$_-%8Pp&
zCc?s%#M@$&1Nk`_!F3oilfO&s&Rh~ZM#V8K5fJEeLET9oeG?!@{xFah@l3=6hz`St
zeE3}Kk^V8mu&HB0vIHcX&AXHxs-&o)F__GtE$-Fb>2YsALQ}Gcj`Ib$&U@B*4}QC{
zdLffoor`(!dI^s*cIyiYQ58zw=Mpm!WVA%P5am~;@ynY<D2nGs`;I-)d(O=P!?AF)
z%f6myxQ32uY7F?A=LUQC4RvQz75Y?AAnV5%4J9R^JVj1=Tme&yz1#roY%Q7bc-Ay+
z4*n$YU1D*L+}1Fcp&K}UDk}a5s)$L~;Bsg1Vk5`*y5gt3c`YKT@t};){+5KgUGBa0
zaK-n&T`?WI@gP}FM7)*z7q8Xsyv}pEHt!L*Oy{#Q*-(NvT5a`>0lo_Ci(w```8~TR
zg2+?YqihYLgJ7R0iLSc}iTv}-el-o<p26;WImW7uG5zi%Ih}V$9(~?Uo7FD=#Lqr{
zr3=OdCkR$sB?NADi+6TdqhFq3KC&G_($P|cw3~qpaTn6D3FW_18s8E$Uu-tf7Zy9b
znb4ID5q@7OX0HUU3u>Qv{z)kCnbkR9L^?Soony;VU6G$ZT^nuFaDUhh*$};Aj#1#u
z#tlaa#y{^!P#%$m=Mm=4euO}uc+>t)v(b4ynaMYOuxCcJ9o+rOk^Q)>(ORm+f)F}<
z!CZ4*`>@H!FSpN56AI!TKe~iOKE@zzr~=R@8~I}&yoA#?atj)fg(fdh6(l8J^jyc`
zXZLsrc;ljfNFC@)P`6jA4MhiqsNtEPsr=He=?un|PnYnvM__WcHZ{A`*{4FjUwn99
zX@B1=J${ManLPLI&NwmU5FjQY@eS`rNeZ*Yn%og}r{$}31@JYxDpxd2XR|CHFI{(J
zaC4kGE>En<t~?iH25?8;D7Hc=$zS#jVJ4~Yz8Rf-_<&?DB`Tzf6DUqTU5*-sVjQ;g
zQ_8u%eFONusQXao$zd~OAAI3H=6TSbv3Bl~g8aPGcs_aX{0NB@y_2|0wJzx&wZlnK
zntp0F$CqaNaI;cVznlNz1FPAj(b5_+I+bsheJEtKQOpP}f$t;-w^<-315~~N4t>V=
zpF6QRnj5+0p`;~G3;Z9!Z@3kq&vw!q@!;<#8+y&mf9%n~_72cm`Ar~%ILeJBz5TrO
zvMPS(cx&bjl*{bh&Zst0&h7DFe8z~E!dofLwZTUrkZ@{^%8LB?m~y=6z*)~!UQ%~a
zjMw^Ir<kd|*$9@YsYCuQFZZruwf@9v$&0)22VMr-xsBeaj7PkV&w{m%Dtm|bMVxx)
zj}<~Y%r9?ez{jl>+Z_d;-h70YK@Gqs0q<zFPp1uDH&=PO$B#nS)|E>Mt;Yc|Hv3y9
z`cxkZkxsV-e5S@?>Nps^9ARUaG9Y^VP8IA9I!xbSzpn@U@OUChRb#EgVb`h%DX|uW
zHiz%+$i`vP+)JfVLlu)hf)!&P$_X-*{i2flCy$zVpA<gF8UN!ujLz&KkzqTa``aV^
zIjHA_BBG4rzW%Y5fw!Gy!sV>pkGp<q!GTHlnZLOEm_du*AE7#1u4-o!@h;)B%a@3K
z1uEXD-rt{ATulxJGks1~Ki+ru?%=HlhL?@$+fy{+8~6l{r4`nV5QN;N5E-d>2&6DQ
z(iN*cNzbhDtTqu^2;$>MLNUMpxkk`{J(X=_(-4a6ex^5@Y)z=>euoC~aisV)XYU_3
z>kMX0FSs4Gvs!rUlXy4m!)q<)>{PBJ@k>VYw5_>ar?;MmZCvhh&}!adYcL<o*K<D1
zT%krCupx@*j+OMe;Nd&}201S6mk9&}4y8R6StQx{ed(#=hLsHx;bIjwjMG0)#o9zh
z9XfB48$3FdK`)1odoe~nhf49bLd8~q`_M?Qw>Um>`#yRWW2D2wzI)00A->}=!)d8o
z)mD9{Wz2ytr!VK_2tyJXO+mhBx;rYSe)1XA353G*bU12mp@vpecugEbA{d19i9F5F
zsP81$_iRrSNXOtjid7G1+>e76&B=P?y;>1*Br<zHGd{0(xkm5#e|=q7R1?|~l`aty
zLJ2(-@lt}q1;HRC1PDzHigc-h6lnnje1e23U5E$-6hXiM(z`UN(tFg<LRE?oKtOtV
z;ohJ3_2%QOGwZA~YtNqfnRV8gu{u7+dHO(G{_Jh{B2H6Wp@DI`&Bq{iV2j^w4GQl?
zPPSw%p+G8TVSje^9$5NxH60VTY<{CRGWwxNjenij2pd{F;$S?mGfm937uvg|r={Pr
zlrs_9TxwwW=vTj_T+Ih!J0h{wiRJ{XCUpD$#z%U;&xhCfEtt&88q<1e=;+g~Pk&>z
zFiB&*Hl5(2td|vo8tB8%AHAi>6g}#bPk1=v2a@jv4sRXDHj*;vn}uH8{W+FPd>*)C
zhrj?8POl#{R101@oN+o*W_w!`Y|eTL7W`zFE{-rq%cVJBFc>YG@=^pba+-^B87Hy1
zpn&UOH0+^|?y##tG;@_Sr~T3jouXGYLD6A?b!|fXJP%Ay|I_8YZWDNAk1nC;R22rf
zZF`hbd_lTV`i9Nil@>Q$G2OUX|4KU^?B*}`kx~lrq;EB$ki{f!qss=YcGFQ)OMm-R
z?rQADx6V50T#Up#7>5u1?l615W+VFP6tv&SZdB4XI4o1>P5J<O7s72p)9=-vo~#tV
z`hNZLTA&x*hA*iy_rQAH-NVt3?NtghJ^qOY+kRaBk~Bv0B6^{h@QiVKvSY&i2)+6p
z^z{aYc{9ma=H8TasGXx_09WG<P<7ozPvAlu{Z-*Wk%6=7<iS1v&28mtbK<p#?m;tF
z`I1k7Pho<%i#XkIT?ZJhd&n7(KsMdO?|(f*7bAW0Q`O;d_REP}IGlH&TJLcX^y3|j
zX8eR^Zeo3!51eUiZ$jQ}Y8RT>l|&7MK=c(KTwF`;%2&GL2i7^2H_(l>Ni*&q48PLU
zT=IMBnBe=rX>KCM+82vAXzp6yOX+zdro>M9sXhtuV`)(*1sw+W5S=d2xmnD#eb$v}
z!l5T7fDU=pdKywK{dG4gvs_d%DHGl4rU<zE<aGL{U~Iq-DYJ&q0_?U#aR&HdIkf(!
z#lar~Y=8RqcN{fJ*y)G1S74+@q!=Wp@(*chZ_{<N#odx!x7?q2sj<E`$;g&=Nzn>m
zG+#SA%1}#duvLq&*3=QxF3OAje#4JlFP==QQGlF+U)o_zt<rB|h0b18Mdi5#@+C=l
zdvAzid3_<r<o%#U(lS$OcVhoDh~i9tO{$F}sRXi1@g^?{8ALGe^Vh9>KTxSHiC{IL
z3`{Ggxq38(bZU^32n=H5<&w&bBQ_{v<0_tLhMak8zD9kgOmTWgd**OW$x|f&G1ZE#
zy*{jR2Jpzpw6(eg<In5~*Z=6~wf-d@?<mX7p@dyGgp{S+DSl(tu8}gRx>V(M3Nt;9
zG5zaAd5?S|ODcLk=G*s2<!C8QvjZ054dd{CoW4H0R~T?GLAhjJC+ag)2;FC(fCd;I
zR#i{+kPV=deRKwHA0#hWetNAc)2=#W*}69MVyYjOk$T@Lejv4G&Wp^1AFoC&CZZ5`
z8DG;OXB*oiL7qJEXIZs}vrd`Gzp;M2eh<|b*ikVK_IDuwuQaZufNEv}gTzyyH?Eve
zU7egJ@AL|tXYlN{ncVa(H(^$So-B{(?2u4S>R-?yBgjceOE=m-70qrCikR)9KRi5?
zxD*aQOk5Fr{u|j}5!|&cfqW{<a+~O|w@$vUpup-n`K{2jGVovvoPbn8OKF>my?A79
z8&Ocm9N2oYu+uSbW`f6z^)^VNRg&8P;mmK@P7QZ<I?9SJ%we*`C}t)mo%RW;os`;{
zAbsn}>gwv)U{DB+Fb#_%R$Q!yv(8;Ehu6*03CZJAw+G__CcMj-O^r+{qBby|FBQ&+
zvcFlQMuTcp6aRaYDfDaJk+}))LdtK&l+gFxWe0S|ar|=fczW6^09S(0UI`kWP_-h?
z$=6f~{6X-SG*_=`yZsg(M-yTaoK7n;3ZQ?1ukXwz5C}gg)WHT#ZTWU=a&x7tf{^%I
zm7kThW8F6k?lYcx&qu@6COh*s5K2UN9UtS^iv(NYU>qOyx5MBcW1UasjE|*_6kf}}
zdSu?Q;B_2ymakUvq$*rF_^Haff-%<nvOKvB4R0{;K<!%J62XRs24=>voDJ&4EB@wb
zkiS8hxngVA(QkMuD0gMephD(Rxo3;xFz;oZl_*XTiu&*pCTO_J0oJ1=@}`bUa`0-T
z+$1B>=yDG)OaRCcuU$}D+T|q>(IInD;e{Pryf$-WB$j8RBbsAndD-@Rk-1LZxDs*V
zCg~-?Wpreum3qL%b~YQRCKXHogb`vmweQ4y8p=XsNap98h&ln7HkH^a+<Hg#1p5B`
zGKIgExAgT@!0G;2{<*cab?-S}mCSunoG@Sf=;Y)rD=TtYE#hdc(#6x0$@bURf-95?
z)r_5;oy`#)p>ph55Wyg`BzXS=RxdrMH^lpvr?*mAd$ut_o6W1BsHnqBAbUh25-2E|
zEah?fs@&*6N|EhB3QB@An_A!Y_V(H#(DwG1YuvYc#50Gdrw3bFTJVooA5Q+w!!kNN
z+*0L2barzyQs)GNdEEomgp7@i!!_Qw<+<NiS1D<_O;jl$c9^Gp`O%Z);_NJ(tj}85
z)HUHcSW%P{OPd`P)h%(-1}$FtBIv5^D#1=VLf#P;r3xVGe9aD)`2R`{O!($FN{cGm
zwMo71pY7HJ7&O6PFpj7w0m=9oh|0Yap>eL4^FlJ_=sS+Hp0=^ae%UR2ett<i&&|Z=
zg&BZvkf&qnrJHS8aWREep(%=rYWelR<FN5H#`a~d-RDT2euH#BKXPr*$sq{@RT(2J
za#M}+S^=s18V_<kDfn|EOR5cWhb7)|+PA%W@T#MtZat}UFhlu>k&zK-L@gCzFjyg7
zh`QOC;JHgS@0_nsR0r&>Urj)q?r#^G6hGsSqGc9l&aI54SOoap;D?gp-PrmgkQ|#%
zsd8B=4M4hY;~zu=8j_oue@=j$KcmjwGAy@pWzu~_XCuW=e-r}E;*P?tIHDa$dI@Du
zHSSgcR4_pYBfDnv<APn5bHg^m!hDC#)IfnHne)`uZ`W%)yvFkE5xlg>U!ZS+CccrC
z;x=4qweoez!cf3Qq{`~32NVT}Imat51c(GgS+BlctsjV905|P!m?Nb**#%!FU-kh#
z{z2*UEB2weH+PrHYHk(sZ$#!#e|d2$Y~NK>M7svf$ZG5JaY25DHj)3#4KD#A*Z&O}
zgl*diU%su8tt?z$7-=n1o_}po!=TMCLNilm%%|c=-)F4_lBokX(mltlRA;-)#qQH8
z!%a&j_Z}E)4bd6KutvS?@}1<`9A)qrG6wq4fWLl`ro#1>3e8r|{K?dzu>ji6tC2KA
zRehdi=7BPQTkS~`D7^N}7{moU2cgf+-t;kQ{c-jYp4#JZ8wx2BwLpby!cTP_x7zH|
z?a6(0w$9%3xs&H47}f{l8`hu?@P(p_k)0YkvY9(PT9zUsC;r50KOy|9H;3BxpmVF}
zJL*rEQ2y{ILgQ`$;awsiwB%pHi>6?*$Oy)2C_;0uO3`}muE@P}ww}xl!^9RNk)^$J
z+<t#^b4)Z24y{=SLP<?E9Ooe(4evNkbmG1k8v)eyiebjKvqoz&XqO&EQ`1z}MKjyf
zOhAea!Uc@vpN?znvqqK=|C8IfJ5<)a-`koQ!BxgL7r9OW#+SG_{{i=0mVV=RbUWb1
zhl}ojuye=qbesk5b;FF!&UwbkAY@~x#{Wm&>Ysu7-h<O@HDAImP(=@g)+*7k4gD{$
CKlY{o

literal 117896
zcmZsCWl$W=_x0cef)m^=xXa@179==<AOQjdcXtSj1t)ldBte3^!{QJ~g3H1Ji!T;j
z{`<UDzi)3>O-<E&n3?Lneeb#FoKAS9ql$+^g#!Qpp1PWnJ^-Kw0RYM{HY)OoTJtjl
z<n5WenyD86;1B+Hp=5I5QzIW@d8=zHW36FO<B?F7E1eM{A5nTMn|Ld_xw_ha@CFn;
z?caLa+cEe#c{?(ws%yV8j=(1e00ux^N#4+Z>98v(*wWaCq4N@!?`8F=X6+Nt4dY@R
z?J$1xd3`!aCteX1UB+=1D+84_w!{F(eg|#mZfWnzw!EPEVp#4oKdA&Ox)~1oNV=5T
zX3ii&)nyow?V_1wcM#xH1kdlfGFzvI@9&R&;vUUPnq2u8$4$H5akX?;)wSmA+I;+b
zJ^HPjFh3?mU#nbkd^|<JH$XW7a&KP}$|^=@WtV>zY75;|u#>7Ap|pKobs7WnSBUdM
z0R&U)!2$rom@f6b_*qElDGM(Vu@1@aezm?F5^e9kbM>#+f8KG+KVxH_@^G{_`)U$7
zzH&qvG0Vl(=e@zC5S_yIk_8n=MyCNBQN6rr^jQ>u)b!b|!PA(m={~^ntWI75fc6f{
z(A))o`eI(1O>FU)#!Qo)gF#+4*``1pT6UPZ=bl2GVO>SYk(EL2ua3qR@f;M+55uMB
zQGrnMcz;vM`|s~HUPTgH;H4V;q6m?TtUEP>uzBq!qb`HLaQr;|6IVA~f%-^cphO6S
z_s*L0_K{{-P_1VVX!2%oHE$SWYv^nfTTopaTsa7!L&7_3M<n=dj-Ig|UkjK~d5}BX
z##b^}v_bO)q8y=1r3ZC7oXI3~E|BXNJ8U2nK6ddJHG0-yUCpRYEe-Y=m1i36ct4_q
zi8onfKD+~niPE4n3BRmo<ln(GW^r9taAo3ho@lU?!vQKFIs+)4A=F1l{qmxs0h9BQ
z<Q=;g=T8Njcc|)8$7<d~RtxABO<zN;zVyBf6hZg*sYhr)yq#WZo;Ys<`YFVfw&IFJ
zXm9`;1+byRdq;Mm<DUdjpx_tieSX`G?t*5{wvk0L?;#Xg6%v*F(u^4GvbOoBr4&s9
z7$H5^H-;?7N(#sGn})oLt@G;vB*9FjWp9tX_JzgId^+DOK6#S|DH{iBGa5v$tF?wh
zAkzPob6@4B3TG?eaInA)><`Zr7BjMonIp`T!_gTv(0V&#{WZt?$J#j|CKMuYDLX<S
zQpw2}^NSjQ?G(PD_I-!qo`q@i<}DEs0D{XA1Hv$%Hx&qv*dZDB<klC6EQ%Q1eizJa
zoZvCBGF~ULO=@?oWJL7wQ<9{%JcSF3Isla8%HpX4*6lPvxC08njt=zRQ#O0xx~2O^
z9DY<!Ln8}K-npd#NI!EP6mdKaD_v0LM>=IxV09#=l}eAH0>zfzKqA}c`m+MrpM8E&
zVxJvkr~qLwm_8V@LQ1B>siqE{m7+W!7vGwpL`8E^Pn4JGmI1Ja1|vqB(<?gC0cbtw
zC4ceo6wnK_(&%lSzoW$DF8_sx_H3q@ww`>|eIW0(CVcWUb<!{ho_rb4{xynOkHsSw
zJv<c^NR5t|Km!Iu0EPkF99*hr09$J7%@+!jX&94qaDF^)ALR&?gUPcDvZ|pAHb{{o
z^5Zgk4QYp><p{q>^bie<V7B594mOh9KOb-l<Q&oZ{PQD(TT9s0-W@gC0jF+r=wmqB
z2rtvKNsy{MMuPJMGC#$FY^`%`vL_nJ^m8(B_570|&-vV=mClPCP^7_XiFI4wBQQu_
z@cjZ;(CR2}>e$1Flv$4#8u%G=wOKqy3ju*VCUt&P##U?=_Qm-4ocXd=C{O~JE1{_=
zgJ26Dy#C|?HgAP=e+<Da5(fN7ZFT%2NVFwjEAPsEANPOu)qOl|CC*N{<fPtX$h(04
ziWI_aK9mT)Sg5N?%=ZvF?%T?*n-S&JUu$G#Dt(K^N2MSnN!Jy!xS5H&@3PD;jSlov
zL_xUpPndbh454z3mAwh?L4aBf0K~bjL{296QBgR6F*v_7;K8oiH^Frq`Y+M92Jp8T
zG+c0Eha7Qpbm7|Zr7e>35#_o0f1(Lt^~RgRC{ARI;#CJ)7`c1tc@&Z}tOcy0H!v-G
z_y7tm*>Y=rwt&tjG~n6`=oLanoSFbcWfV>5+aRqnb&LrBXC@{m95!X}0IUOYBQQ#7
z{}HjF$f1AVdVaKE2+2*AxltnaLlwmB#27L-xj;^)A^8Y41$iV!(M<lx)&W%;Q~_7y
zP*QH(4y6}fB1cs8r+spKl}qmbJA?1*`}Dd;6|5suMwqDV5uOoFD8C3J#<Bv>7=JH|
zEbO78CXq;Q0mO1z9LeL9pQVH5R@%Ix<;o1L8|ueR+Kd8Oyfnr%siU#=K1c3LGKb(0
zPPU?)J29yQF0|);+)z-$JTGcVd+}MpTYY3V;Yxu3mob!5X2K@==J}06Mg4ieR_@00
z^G^d{jdf<!FMqv#>2Q}SDatPMa*yJL4J0oQmTo9jpU<!xMvx6raQPoho_N^=tE?QB
z6%=iL6^fk5T&SZ|t@583XMXlvSh-qWV^OLi;PP-0t7D1xv3j)3Qts--ix(U2N(bmf
z7`K)9Qf@0);qjg*#cV%t_n%U2(d7D{VI0c<?D(3_U(l$tJ&Yh00K1rUOjLHN4^Ye?
z%qznQ1#6L{K}Z4j9j_@K;+VF`RJsADanI_+=zLbb8~dCz(w};l$Jez*BfD?uWlkc8
z(TH#h@$|Ofoir4=@d6xtdYT+6IUsTy%-KG+r5izH%n?eU0)<ql0Na!xge3-$8(@Ou
z{BT1DhL`{--rc)as7<{$W|WBu_6SjlGa+tWcrgt=K=GF084jIUqA)<gcAlKIUR5x?
zTt7i8kQz1c;-2>t0JO7R)24yn8K{82$O}FP!h;lW$hLexCB<Ws0t{*#LrRZZHnIVP
zD%ha}uYS5`h{(bu3G^qh4~mFB2w8sOe;56Ol<({H&Gyf3%8Hu=!oswI9-6^;HEM$s
z&X|Eye<_*0maiO2l$1<)b%ROq-3Vt_LOj8(fJZdPUkprb7AGYoB@G1*4Ol6@K0eO6
z#;=W4$(oVlEOt@DX*?}o;A~aFvX;<7qPaGBxjtPnWLP)<)oL6`LbR*+>6pgM&(^Xg
z5ktB;4NcAWuTR*B0Crvwyymlk*}sc|<K11g=f3dz#rPLB-@oVmZT;ESCQj@Lf?KOO
z8xa1BcZ{XQ)*nfevz$4%@oOpUeQAnKDhRPli>QI%vIs#w7TpD-THXA#H(zlkB=XT?
z@w7<z(M0E*^esWXveltvj`@etKslp>mR8@n9(e2P4pd3f4NUi%UvzECp|gsVi6+L7
z^XQu}+~N}#$ibqu=JPn7X%@=~ikwiQfQsi}%4SI&PtZrT_ho5b<DW2R&O0Lqo4C1t
zMSzM4`_DTslat*Wt4g|MGPMe2!@6snYV1uhyKF>Od}-F_mFy_4LV7woExzTuE+f-<
zjyF7Na4+I9!dt>}{gs=#^S)%5d}JD-0`|<};-W{*_|?Nsn-?_|b>nRM>^;A;BBYg&
zjEJ&YVS}IWr9xRF;_kVZzM8f;M~u<Hn&_0ArNx>jFS;1pFJ|d!G?rlxlUGB%BgH5x
z3T6}hN=gc4q|XoZH(sf6R43sp_jlL!%JF754ZLL%{^T{q>OOsrN;#o=Cpx?u&^Ki0
zsjcd}rbU;|U4FAUFZLp@Xk^ADm>+j!0K>HDJ@Md2ak*0k@XWi&(%FR6BGL^HzruK&
z#DcLY^5GB2y*{L-(|!(a*hDjF44$I+trAq&VtaSl6?ApeEgN)s`1gnLbdhW=q0g)t
z3P9j3^8q~5jgU-^a>=)#VL{E$d*K*6?OW_jimBN9oyNQ9V1M;?ZmlawxfB-wCGbM@
zmwn5~xpP9UI?Q)kzEW}Gp-?J<h+pDM?HwH*Ijn~sZjGi>DX|dye04d{8du~iTOyw@
zyHRawY8v_krcf;<#a?d4st*}Xp_g52{?gLIM>@Ols?}|T#%VgM2owlQ5?gC^)b@ET
z!r=IaiJl!_<5TQj2RobLeej>pg~bl<HVUj5v=f<+Y<2fQ9+8_103S`~sk*jqD!T9o
z&OX+!?4;<=1!BKit894s(lsC)r<5NWveFs3nH9!BRK@)QMB#?ltpX}(0C3^<E<bIg
zL*@4F?g|lB(H5ZN?CcD!$tTriL?@zjRbj01c}2%Sl#5a0_9l2QlT|Z&QRn*pRFPWj
z!#z}0_O<2f$ynRo*vjhaqm#6OC3htjM(6kMjjBwD@Z*wZ0BFG4S4lo~v#i6z!<9O(
z;oH0Ud9gpb!|W7gCr;IIv9W~#JGl+;4ixLvkgKfBObo8B>nW0G6krgbTImjOU@Lf2
z@2G8HK;ocfHrM;Bt=haL&*l8~-<3JhW`5G2N6Nf>hF<rYrjqnw9k->%Z}8w0d-G~s
z^3}kD>c4n+0F({O*Y)OavtP19L+<|1PIzHZ-p(XJjG~znkG8JvG$e`I&7{-uW>W0S
z+^0m_;bb}~|C3{^;}m1ajF_D}$iQXGU0dy3?e}+?JRF`E>8Yqbqbub(nxym-o52&`
z2t3nbz@<0O2A`BhbfZt2dd|OK7uFHkjZnBsO)qx^&7V*A@H-pX3R8)DUZ^=Zzy}Cq
zJKZ<>d$S3js|^H9#oMtN99O`lvG4QqQhwgq3AQ;*7hY<A{=vy*yzX-~Tc$a%QGaRR
zDw)!ZkadTWnlUavGd4m4D)hdAYYy=7@Q&8HI-YtX{tIWTPGMsFWqo`$Vyvs<)gCvi
zo|PV(p^qlqI0KZt*h)$`zmU1%@=`kJGJK@Uyrrh8Y0ZOXVq>wv!S6`w_Hx-xsLHI{
z#q`fdWc|5+P$AzUurg~&!u`71s(+~unPF}+fql;<p%VU`KfkM9Z<m;s%h8%&aCM)L
zxC8N9gHdP&;~|PljZ!ZXqSe)^eV}o|5QmY*sdVorxu?q`$@;dHd~q-C@w{F4<m;m{
zhSD#pDQz{9$jJfGQ0jd>d*QXqwJ!E+em+~H%wnFFhGO@4-*Z*3V2xX|P}1+1obTRd
z@hmgTwMfbfa^7k6uy0KNcoMhM(x}u=B=(sD>XlaTvQ)|D#NtZa>IT-`l)y8hCxH$i
zzqy0lj8|O_50MzSw%c{z=JCm{5y?l(%aRgc&LZg`->Gw#L7|H2&WlaW?UL=Q6)%E@
zjG0(G;|JZDYAmSRa`QveylC{mMpjmqA!n28@_%K<uQsf>tZchFsVC6+x4Fo9)<mw5
z+ta0(Tl-!)WJf$-faxNn$Sd^zx~>ax_~XY9=gLZb4e5V>479bilVR9XA(@{u3Ty52
ziZV1U@LM=k-f?1E3AVJ=_!SCa>a$D{d|2uXSi28Mk-4oTJ-a@&t?jzJ?e@EDYHVa+
zvVC4|Rm_L`FEKJ4?FI1zsz|f|B;ISYS2&!FG~O|q0LZFsoNIMMKtJ~c8VlakWM#G0
zKcB(}@F!0leYr(ti33iLs&nIu#eJGxRb5a3aWb^<)ENy91e9Q7uuw#7uF70MlEx2w
z7NeY0=P2z=I%>N*Tqs&6)VgJxWp7V`B8T1ZJX|1`j!I(X#)w!Vt2*y@Clm2AbzzMx
z14ZRvUcTjS*ss1zp1)q(pY}WAd)Z$sT$2QRN-WZqr7Ir($B(@6OX(0fXL<_v!!k2S
z!`^*d@zRg``xU>&iDVI7((3S>h-5eBEv|mlvpa9nndnk1bX!tk8O>OI4z`JpXRoAK
zO96fcaogwG?-mN68slmS8t~TMjmodQA79;~S5C$^;Nl@Sa;jHHNeKr#SBps`c2gaS
zTm&8ip(SKgaEy_eb{Rj8f=lrugBMD#0)2?GN}3))Cjt!#-#C|B!k!-KW&d4__xK;L
zhuzA4Ix?9E7tI?@Jd`Tc1C+Kv$#`_XowA2e!lTR^jj@4`ivTng7wF5G02_`8LQwhC
zKs1G7etn&7)e2XX6Ytuhl#+J<=qWY;;s*fU6d>Fll`rt8F*{KbyqqM;4Y6=`9CXYi
zneO>;`30U1?^+1vs`&L*Q4PJ62ymH1kvj!`pabl_Zxvzz9+0=6Z&#PIs)U5|ks`sW
zM1>C5!_J)Xo3IeYfs&>Dyn5T0%kSSG&|5sc^71-wUv^7TVO~kTWfz|>glEQ7-_5T+
ze4&3_o)df1b0v*f?{;1OCgku4B`J#cOwO$;EhfXQP&*&OI??!buM|4v<n_6<QI(Nb
z<XBQ7UX-K%OXH{$lk9N~S<t82!71G>^+K{Ud6-I6j(P>6^&xr8zYKAAZf=&Bmwb8k
zkEmpB7le;z+={{v;Aweng8fSrYFoR~8Oq!EaD7@x{$^uI`vtF0?|9~u!m3^=^-&xg
z?z^wL*el1JzAmqo&7brj{c0$f&Y3c(P;!xbd5IC>yo??&#O6*)ZQDNWqhgyT?)Bbl
zF<&qWQ%{f%EbF(n((PT-f(T~ur*Gzdm$<0)&e5?Fxm!z1ZLF<(?F&Wo1muL1VSnbu
zzDhnkMm$=u7+Vm<lK8W@=Q$lrXfcKG*(m1hHSP*RES4N5lnqd}uKo1Ezq&dr*VWE7
zL0j)i<HuWT+@mO-#bwS$MWONkfw$M3#sYG0zcal_(<%cC*jG^zY4eH;3;)S<GXH6f
zVymUGp;*%V(Y$#QW8REjHuU~iAIaape~*q{Vv!^aiE;NlTrT(P1#FF^6-fHNOdo}q
zCi$&+sD@ds&sCdC&mXQfz-yYE-9qO(e2*5}k<~$qjEi&AuO`F~SrmzOq}3qkvl0yN
z&@che9>eSwNQZ^^TV>@>n6IhnVy|`J@A4K2$qq7}_KjfOY2+Jq{k(;y$hb{@ULH5i
zI1W-A9v?3?y9Nc_QF2t5mzQJF2NNb(%>UIu!lm<q|3=GNeN|iA&EeuD^8X5tTxzSU
zEj@-U&*77Z!$T?0t;*-h9qk=VE2a(av|U|&<l<iH<S#Tj86azG&;58$l}X*^W0R&(
z?&0s+?ttU_0M&Ez4{h7!=EomZY!$ziAnS2W$u`7qEnryi-k|6<V~7U;^kd|V{jS=Q
zlam*5zo(CGA%RyEc8k1Lnf`w-uYYiw_xUmKLTtS=c=5YrbShdx1nsh4r`J|ShE1sE
zIL{BG*Yke>pjdQ?M%>fR-Tfr%?%2v3Myy&!J8aq&_%8wWGMP@g-ENe4xmi%-M#E!@
znwq*%RNNLUKsFyg!c%8A`pIwgz6Oakj6{T8{b5P#k4Nh@)zu;p1|mkW_;lY1exb>O
z3hnc36rtpM!v$o|rV$OX=+g-&VRS0j=W<jz^@5m~n&uKp#iLWYa&mIUk6gX5oiGl4
zl>rfE{`x%ppk0Gwx&GgYTq($NV)TTmR<Ot2D)xy{CnJTN36%k3z!WUhcfV%HN-&(}
z$S+jPaY)(Minz;B)6f-D9cz$At5g$AsElW~ju*ulReE39(p^#*Q!l=cOPPQv0>HR!
zZ<QBnE8PXZg--DRSy%Uzc0jV0z~5SLD@9wOx{QM;Yf6AW-0_t>Cza||@RUywMr(95
zY2@aVh^@M7ULj60?10r4tsU0sBf}xyuOt9XxF|`)JS%Us&eLID(qu>OBN%4kB)W+J
z1U%cO#g<E9)5cb<ovTwUp!XLVpO-3=t>aMtMuaMTMxfefjOtLc;7dDZ>TGc<l!x#w
zQ`$mZNRa*OzniS*c>5uD_;Y_JzgIT;BG&MLtCa>LY)YJ%vGM=L10k<vySLE*w+>Cl
z8;{?DT!u~d=UGRResN#yGf(+#87NRFh0%Kxas;B~fZkV{fDS{rlRa1^s%8?}Y;N>n
zy}j+gCFphMy@Rf-B#8ecB93m%PN>#pC68jP^Qw#B-@mJ_i-~FJ>5hQEJf~y+sUo!3
zxtK!!*IN-SSBUPTW^?m{_kq*RZY!P2Tt0V4&PzIlD|JUlYL)qSw|`DaD%ykoBgyiW
zacPGIAQVVqwX?Icz1>VB0QTwT9R8P}fIjeah<v(ZYN>;M>>urNTZp3Wr{nhXDZy`&
z)A=hwrCy8m+dNGTqv0j!KzMT!K{B@$$jxcJcQFb}^zVe_{Nn0P#X{ceE4m{DaS68p
zs<4%WUuZx;z;Z&%)lq2I`#wBy9WAwQON$@Ro6esl-AGKwQQa#&m6johme5H1@%3w?
zFDTU^Kzt16&a~;ztKL(K*e2dLk4p!&vRCPdD$5SvnMuEB1;(W3K&cKptSl{qxe9A;
z-EZrpkK8KwTY34r$-EA53Bzmx!%OMK9UL*MZtMHBm7=|$c|Q{F4I%ky0ks<i^#9WO
z`uZG-Lgwm^=B?IG60JHZ*e|xXw>R9klEg%jcr%$4<KabXR&;bfArT=KH0IjJ!}uA#
zH81h7eLlup*Vr#Bn`#t|KlMk@y4lJy2DZWRBjKpHQC`O&9nsIM3f01?OibE107U~z
zIPM!Vu7>I=Boecyj>;E+<g&da#m~%)NguWQX)k}ykR;*w#Mt_in=(m-X4scz_$@vW
z6PoaDF?oWLAR}qM5TsFbsnSU#tngR0?CS_$Jv2Qn9lmUW^a-1qEvUiyg2jp#p|_(a
zO+{VZ%)ah(He#*Bj~~yl&(lX6$AhO0-mp0|jyf_hk?sc2Ii+~a4!kYFrP3MV;+n5A
zZP?GU$0DFxk@4>JS^cS7bFgGoSyED0ULG62`QpXo<fP+uhf!6$u_0$!7LPew*@gD*
zuM)*k3tuLJ9HTrTJOK4Ck|C<jm}7fG3D3W}y7Ke$@$vC}oMTSmc64H7BFImo7W4J<
zD?se2vtZ7z_k`Z?v_vbG6o-hHo=PFHs;i=+VoPmz$o5!f@lRw^HnI1c%eW?A%<Y4!
z>agS;K}&P9sIi2~!RsGJ)o;4myGzH4^^h5m(iYj9;*xQL0xx!vIC*FCbC}I^&F>0b
z+56M!rsigi9?Y4}I@>F4&Frkd;dAf$A~6WMu1YkB)Exwy3-~U7tKjmQnVUQB+hF0-
zS#;m-ki1NupPyfMAHb{dz2aEsOH}#Lx`A28prbT)uv}-WDwsQAH>;XVV_I)FD(#G@
z;~ua7ItRIms-e2sHDd@*V=syrX-q}ZrD|Nr`GVL`zqwh|<m+jLkL>vz%!y1p{WWuF
zFm(l21TQxq{5SUTn+q)4JdprI0UP^$09xUAO-YbMMdl_hYb&O&%;#}7Op*qNY5W)k
z<f3Fvg18bhS<^=!A5q4ewHYjM)+WCRK%Ca>!ZC?NgaBv>dbowpzg{Rb;PY!EqZqDn
z`v7sA<Mx{Q<su!2K+I3Cj2(WB27ocTjm`ju@fdqk{sT*CBkvDBAB_#MJ7@?gZSw`v
zguq+HBo02>vFc@{0tA2*k{D}Ee%8Sz%oTaMq{dD4afpSG5k)MXcuWdY!)B#s+bjw}
z<U!+gSx()`^Z2+;V<)}1Ttvj{acauzg%h$!wcqL+PzRUO*t-iY<cQ-!vIpk5<7<R&
z5?xm=4#p0aieH<3lLsjr3({1mg`kSARX8EfMsOeVard#2MJVs{=NQ6#q4DMz!X&&T
zu~ly*I1mj(1nF{HwqMMdyZxxFv<4G7%})k0E}wVW-mQy!ZaGT837+Fmy?1>(0iYji
zpvy5lV?k+T<RgSoX{QY;M=ebTrn&o9_86-PxV>o*9jjNU=E3DjFthd1rX~JOH6sV2
zar*Fq?dzu9PIq^ANy(tL7>{`<%(a*Y=2xo0lD<bP=}W(IH)YM#S5P@ScFsVS_;>!V
zGE*8uI<9)$z*}1|;!cBuF?x>flZ;n6GflFDj^PbO-QmZNAGIWsl#tZewr6#9b+f&L
zkT@hq00-y=sWe#VEE;W<fBqohxiunrr_)qK)q2&uot*xT^wQJimv(c(`=IT~bO36t
z3Zfz6tp5GbT$K0vohC=rBx5N9b|gB)5%oh%Kcjb9_Spy;z|W{_4hcVNl56sQt9jlj
zi$o(=YXu#bJzZT)Z_JIzgj56|gnC>)7uR)#k0>0A5om~&&cpK9*uaU7{Xah3j2a4O
zOA7&g%051suI6cK+P!Hm%lO313MH?KxiMLF`*WOD>|S{nO~*^fDPh#MD6ufDUwO6V
zGYCnLO#Jy{SS0JmyK~}i-&x<?T-uHkt%m>HPDEvVy!7My_wREEV^#h#Qrd!GNlAF4
zcC*dgni}KH)f?Y<T-7xNA>V)e$kdNFc|{*TaxTrp&Bb*trF-y`aK(drDo5okM0qQq
z@TJ{Cvr9FpgNp?{#9I=_vdR4NqqBQi#&2z|2a)tc($u0#q4%c^)~Qh2?KDRw0e=_7
z)N03iY<KtB*;z?OJ@=0~&b9S<ze>1^M0$<65gwpHImJrKI{QUlL8EL|-q-on?YE3(
zZmtvYT8lQ%(^BfIqvfk9$vf`lH*KEwCoA>bkQ<~Lg(T(LwzJI1c`UmFewWKn|21>2
zb{%J8n)fNo$g*#%ac(4%-$I@7v5aEp!36~Ogxh(6!-ej|sH$(@_7L>H%>G?oPPta8
z2q!4@Pelz;jN3KXL)18=r+=F{yMF)9`DJF|+wY2IWYMr0!cipz24R_g>ml=#nr^~N
z#V;_!yA9$p^fC3EClfG6IU<TD-!*h2uxba+JC~NsrUH0BkH7Pp$$1A>wH2V?#fn$4
zU36hnFyj53q~zgGpCI(%m#~<av7w>M%C$;>>CNU)B64$*+2LMZT(~SZhb-0y&DU54
z?LeJBi@B*(HzKf>6jLutGB`sK`RCvF_icw$u8_Z<EA)~ZgQ;9_Z*6UDKW|B`YQ<68
zB175shg%P`$U@kqOOTb76$>$n?JtVtoUwOBA(x9Wxa4b|!v*VMXLm@BU_Vagf^q8;
zwkwCra<_!Al?CLz>6{YSX8$?-{hM8J<*i!n)>%n<mPk-C$)6pw0ZVyg6oQC-Ewizs
z@cX0fezijIEJQHzP?Ko0QscF)VQ+fL(E2`r85vM<v{ZEYd0j2mHWhAPeQ&8#MlJgB
zKQ91db7Og4cD8fk!PrSI2uUDHF4OS!oMLj&lyT5#X;A^ew$B9|F0~cgU`O!Z+D0U`
zBbehXrH^Yn4PD&i-#_`BOIcAXIo$!_><NJ92BBF}-8NcO)CXBu3DqzPBnJcRJxA}(
zZ)!@CXZdzg-WU}StiI6-%v`khx1Y2tjI%*&Y=!@MKGn}V{UbQ7Pjx*^>TT#?Ybc!z
ziqV72b4urtYEejI25V~lZk!ICvztNG!^4B+Ozi%?DYw+J{cEtNV+Q5%Ej7A)f|>?L
znY*P}fzHsF3k7c|;s7yj-;kLpg4|xi$+TWxALRD;v;=dtq6c&&3dX)R!S%zQpt+X~
zlxI?WaTI6(F97`J$bLm3jH#VU91m%&p;l}C?J)Ice!k-Y4H@I&K9?7+ek=Nx2COW|
zqA1$cmR8$=?E4Pan%YVyYHGOWLq!jMOfLIX?J&_itN1k9-Yx+#)pk7!@vD*XxF6i1
zH5VS1M3zKR?wSO@7Fx-LSFhjb=?P>^#3(QV*xokCnST2VuqGVFQ&Z#E-T|6KoPEoV
zpfe<rW1B7B`J=}xbv-pTQyw&fjLXf)w9uIYTWBsYZd)YuV09s2#G^0^gnh3L@@r}2
z#*P*y;UHA6Ru-)uIiLgiom?b%O(+G^e*5lJof~ul-D7?c=kVI-^-g`8JBx*$o*q=D
zI+46+?{KMQyBd3sI(u5TLa4*{&<!Egb-X6>y6H0FOWc<_6N7<#C7a4GLN5|TG&mZK
zDqq-YQJ>G1YY$$d5y+4xLFU%O5L~rAb#70OpN&^ll)%F8wT+d7p_S<PULgUQ74i2?
z2;OdDNkluZ!$iGnb))@gr0l}g12i3CojOOn6-vz(AFpe~CoElCFPax0S#J|F)_nAR
zY;11M2;uK*?f7#UZpMML{LS#Y*vvuu@k&4<wZo(aZrb>ERq*SoQA8?2(q2dEO+a@A
zkAU!>oLRgiJjddOhK3fQs;1;&bC+c!CuEx2>pfLd+Pc#p%gdvRT9}{D8sAxgyy_Gz
zREM{Bblj1=9roD&alqrmG4B9&nwqfJv=CAZr5D-jQXKr~dBIoLfnaH{SbJw-cVhFU
zxixCluyHCOc(o=wX#V4ixM^A$zheu+R~|Gk1#*6dt8*l<r;i#L8<P;jpm*KG%tt#s
znw-_1Z8X3_Gf%XziV&nfjUOKDZf%XkfM{rnS@wVD=lR}rE_mc48Q!aZSJF@S=Pj$g
z&YGIzxy-}sf#=#mey#Q2IdhQ_(R4l~`2nr~gwG=9NsWd0D+kB(%~mrtO2?JjuG{bO
zRgE#O%SbNL(ZIlftsq(XON!K)xh|5<ObI(90ob`xWbaSz5|B*GWnUa!@X=r6qJSMr
zS8v6Thg&SVRE4Ex+9Z|vl{S?)Sce~?na~)?3Lv|RqvaOahl^=Sn4po@0Z+@EvI&Uz
zS&Ra>E*Njq{RgEj*xocVGcy@>-EC!V-Vyq63m5GPxxH}Wf)B$^3GU~ZlVQ7BEih2Y
zD{P`n1XiCD0Mum6f(3>>;vHApeZ0tckgCML&S?FQxO8A~hpGJ44!<IazeeOg=FD8z
zI_)2jGQx`2G!pAt1@0+xRDb_I_WH+%1ZCS8u>;UlyU#)MvZUY9Qd7uPEg*Nci*`V7
z5^VbeaaW;Rw70v9ZN?|LeHw)5s;zJ5%$^*g`LKLBGjNweD}DRxZq3cymp9wIVQ0$L
zwL;WwO{&8F?Q5UR)6~?Ose%xLuQ!@@BJ<Q|?$XR|kn}leY3XRgm1naI63MWD!p5()
zNcp#{4Qc>})i29jW(N$=_-q_A2%DU6nk$W6tp{CoN+LRis=Umcc`N}2SMymLKp#6(
zlK>A7FCTGqfH)74B})>SDE#~D*DF2K?K=%-BucWtq4=Of4f<kHz>}D{tsfPYpd_&>
z+nLnKZAM!Q9)BfVFtyOnyE79pH6@;%{5(b>p#+K8y1fIDT5ems3bV*xyi<P~Ft%q$
z!pKXn8;4qxhcshBuQ3$872^O-429nX%5Ul>I0V{{eJzGaDgxHCFfbE3wKkFMO;C&5
zM~Kaf?aZ2k%Zhs>Y}g5?_S%{H_Wg$sO&l(=3SOv?>0?G{iDlP<va>Fv_=uB1$;f7o
z!a-kc`aGI6&3*8^6H4j<LB-Qm>!UmmQI5`XrJl|As>Xv))VZu*xo((bO|*9#;mD%^
zFMql&*K=3<uoJ`b?>=M+K*}g6XwZQ#KFZ3ke^qnK$x*vDJ`-f5ghf!0SfKZ~L!_p0
zWBPSiT)=aMXCdqLEVdR-x;RKO*G@=ZZMiwvN?nu6_2VtMC*xPw<t$dATy7?bEbOV=
zSsXm0K`u|z`KuQ&QvA3OE9WvKqm~NyA-4lB8nF{UBY6Himig^+R^+*sC|Ar+7s&z*
z#x&Pu73yIRP<H(8PNyTcirrUIHPU!@+h4|^jA~>S%o_{I8M8iK-L?H2?(C#znTUWl
z0Re3@<+ZgbxNr1Kp8;(yM$`k(XojD~xI!qX+%1i<`#@YdwB2VsPL?xcMSHXNBF-=!
zq8n$Dn%yZONDN_}i54}j_X{3T$%b6+(zjr)FDSip`Wkx@Kap(|dFbDFlF4*6@_g+v
zVBDz}*@tuMPly`~3j0Rh1uAC0@9al+k3opSpo8j`=%#UT<5>*gm#A$%3IEiXLbClL
zBga=lpg3v95iGFhqT?LZ3xtEBHZ+^gv^hpwxJ}7?xiy#Yvu9_=*sG<;ljbPb3H99P
z*FdXnAn{}vl5pzxWwF)bFw}6e&zObK@3BVPyz?Z(1({^q!p_u@b~Q1|2`KlR{Zec2
z_Xt9!dfu>uTonMN`|Kfo82@;sjhT!mC3DDVJwVnL9K$qQ4>`KmZ~a7uN1E4y5vg=?
zkCBzth|}Q;7H~u-zoEdPVj|8@VG-kh-sr>#VrF0(Wq~VDB6YD(Cn)G}`3X?ijqrOW
zK{@4ly74+!4+>jwgPf%`n51Nmt<_O{WX3vD2okxR?0*upX4;1qK}$*w{>Q`*K^=7^
ze8$o01_FWmI+eH`d)}*Sau~$3Z>J$uK$rz;?}?J(bq&-4SuqsiH)N1jud^0}0Jrxk
zYk%>N-WV4hcMiK(K_hM07X(b7vKsAVR;JLeLS+5zZ*ZkqVPHxcCyt4@j^mO(DBc^|
zZrQ9IK3U<Qzp3OyVw9w-YaW)pnQH-}!K3o-bgHHU@d1LiglZOm8g5s}-DS3DQylYK
zf}^)h*4H@Pn+h7t<zA|T7=4xk7BCHL#c$w@LKsM1G+Te{DrEXRmRt*9$Z55Hi^^@t
z58ZKDMlvV$sa_=_0fiN$g4WL$22XW%?4|i|kr|oHG)ozM?B)7A`9jRR@o|wrdFpqG
z)lmH&-&TeENHjt<r}3S+GL~_|5+sFEQ^}j>Z(-L91r>zOfZfTAJHD8W<HPurWsWqz
zw4KlpD^AS!IQ4JvE|aQJp~^wy0XgeGyNEMXRG1s>P6h70xnXM=7q&r3#0KU8v#V2F
zE#|Xs8KRdsW<KcCct|s+C1^ZjUOb*WaapgOC+VVrryKP7%z5;O2sXMkFSu6=GB{KG
zW2JQNQfg#lR)cGOcvDP2SWDRQm9Oav_WAoj)mlE?!<eP>pLA&1^MMGlgk{ncE0-mm
ziF}-XqPPKD@-H`<J(&q!bdJUHMs~kGFoU{ogt<x+ZWoi!^xxC|;dh^k!aR`wzW-I5
zBx=H>+UH~lD3V*z36y{HtVT6e0jWTg|6W9*gcd_(y-4B=XuGXVwk$dmCI>Z!Bxu(F
z<%?GsTm7v)x0V`ual&(E>s|#i;Cg83)W4maWEKbhrIYH}4F6P4Do|Xze8m{eUP(11
z#+m^D+~dRwz=;L#aQ+C`|F27-F%BO#Klw@~YwM;kUkt^R7Du<a0$FCT)*tg8^z5Mr
zo^j5jlh<qK3eT|UUoQy|du&8^Bj`a$&`>N}WyyrI*_wr~EpcmTaRhsV2rPS`&Q2}l
zpC!5zoW=cP*W4mP(uPZ3v@KZi>bD2|M6YLL2UhX5J}rd8z+wtSN&4ngY5FD8YQpZl
zAi{r?pg)mB!bIQ$NSiD`nW&Jgr<+*5)tRh(-1R5RO-*_M!IYzWkg7`F+S;4JUzNBa
z2`cYj{-R)C3CAl=5IPx-9i)Kie?;ae>HCuby$itFB0(~gxr9U5ox&ONZO<>H6({a|
z-%iI==<V;vcEO68K~IzJS1tYw_`t`>@WC$V=FfgE-ty&5xB;o5kPR2<DtUh*Q6bK^
z-&&Q}#(y^3W{I!z1m|lOC%&!w|JM`QDKEroGS-uIpY)%vKen_q>NBtjt8V`}*~zkx
zQ79o44DZZo*7k2F_FI_-XSQzUWwZ)0DQ~?_YdzD@un6#BJvN~hOKr7LVfm1DV-oyU
zgpa9jJRsCm^ux^G@feSC|Bx#s-qTM>=8?n`4Cp*=w39J}&{X?Ha9twxm|&}OIti)0
z<QslRL3mkwqy4k;5yvPAbY%>H<e5&68RqYWPro&xvqQeUFB&}J4$65QGDf>6-u3^u
zKiC)dVa<w)OmU*iaI5w`ofl@kNKLt0#YOLBl`SGF(x`*J9eJ6l$n2DEAj1b+`Ylxd
zagT}LAnx`fQ&?HsZ;_aLpAWD%Z3S@t!x+&FG*ZamFL&GEsiTC2LWWcmmJ<~Xf;1eA
zAyK%#nY^>Tla@SeivE7%JZyBY&$fr+-g2e6|EKfDwq?>ioH7^f=0!g0&0kA=G&^QH
zOu&8SG9>#vkL~tYOS;D_daOLLx3#F~m;ssKr>>JNwYO>wj0_^jmjmeBUjnHn`SuEG
z%(LlrZ>tOA85wg%L!#w9Lfnt&$D;rs%dNn_EWXx%Z{%@0VB0u2bv)n3%&O;po1gAg
z4trJ~YwP1)er76PpO1Dw&>KO%8xcj}HGU7$H_P%p&O;s23_?1pGm6oBav2gQH#T`a
zhI|^yy;Ha{IkTW*1T_j-{{MNd*IBSPe@2)*$GJuGQ14W;NoENm?0`0RGjSyLnb0);
zVEL_Xtkhqud7SazyZ$q3vqj47VD@<Rzcm)JbcDUJx>Oy_`JaE=iXri%her1%u>~i%
zt0)0vk#i>Md8H}SQuyLeub%G5KZ-fRlpFnvd&E9<Z|!(5zxp$h06m01>aH#Bd4E9b
ztDsAC?KTL<{SM(7&hoP!13+dm_KifLvTn^t=+vLbY4m?tPzjWbp@+(k2e?tzJeEIf
zKtBUDvyT7aD^sF*s|zGj!WIlv{i{BVVe~MxF~%=iY!^%jop6bsnzUsWU3|Y#%Ns+D
z!e_K4(dG{`rQ`~fJpA5MphxZ3r|{8@A|EHvc*7?fI&0;}c%EPoA<5{0&k`4OYcT=Y
z9<Y~3aTpcr=GfNF1bUh90QoWsGN%I>0+jG+5MZ)}2B4vb7lWjR6@g;@Ns1Kx9(cgw
z36iY^<Tz;G$pF}%D7|vgDMuiTUK1)nkRJ=!Y$pIb$xy?Ufbe`|4aijo!pCiZUWkPo
z5tx|}vap$2r~1exw;+J@0Xw6Y3aGpX8D;5ID5@~~QP@&WJAj8+h|)@t5_=2)<lq94
z!2tA26(v3pd#X7{TUm+zQ>%E+Y&>-?@9O|%;vNgI^%W1uAz;C<RAT9Ewd?|7ms_d0
zP=L3S7;wuO3Z^VL3jkc905ceXwTx}Pp11xg`-wTf942>;bg2mN)g{zJgo+6FGMwUA
zn=2I!aF79jaa1`LLkwW?D>{&x(C>)JMM$K++#IuHU{=!i%F&QZMu!+ky#spF(8Aew
z+?9i3Yy!;+?Om8qf8YYW8RRN3lo%pF&Q$o57F!b-2-jDOwqH>j*HBQyrkpjc7UtV$
zO*TnwWgURcW6H1ZK#dj^jt-UPc=*v(%Jz$i?{9Zs$IDTIhirJ=*Np*d(@%^Y-DczE
z`W$_2GiE{@pcdC<3h&iM`(<N#%I!M^jpb%>_{Vn>02O?H#d+H5)A$Y$&d|RQZ$@gt
zGnK;{&sBzk=ip*y9A$-}#+I&+ZIyJvJgdT-mewr4E~sKgtexOsam6oPFT@Z*DZj-3
z4TSZ}=o|gwKTM%2A`&cMG6YBk*<hiImL&l|-eSzl8@roc1wpWvx-}-rHyIpNrkU2H
z$_#Wo;9ca@=m04>DiAjd6oca4x;a>Lm{p?4MM>BAm`mvte<C{u;e1fx>^@`P_1j74
z%vFIQ<R@OYL#QY&Jdw0#f{4-=z2Rhql4=L*xNWRPTzpn}DuDX}1qi?f{MWpGp!9}I
zPqn{{$|>_|GgJ-Zq)HlO(gWNB&;h_TT;UJDKkkPOyyOPiex8N2RmF!rLy3()$mTP1
z7`5tR#E-*p*HCcjeRQN-R1_vK<N}<uO;R*4J_Cwv0K(Z<C;C6X`7Lq1!BwBi(f^og
zGQ!4U6$|vrqoNLvJC;ew^@-!K@wSE(+=WLg3;3gVj6nVZfD|4OP81#)6!P7lYJ)_7
zL=AB7!vvnm02I8q9bfIZ9kh6K@mXU78R$}sWBJo3@&5@(k|ky)<O}3Q7}!|NOU9dO
zBF4P%!WD*x`zNdVoES4ZZ+5o1$eMtyyG1692TQ$sv!*xPG5n!N=%hI^G(x!-Z8hhG
zNS7n2!gCh=)q;X0ie-=Z^T)^T?g*4|UnT}hSRNYS-(Am*d*4SgoDv2rD$>Abg$vKc
z4!qTg6^NAs3)nC@;!i2BxsqUWp`rn5WGLuGSolilq#$3Uk3AMF5bcq-ld^&*hpgT?
zDft*Yi>WANHcmH!ZBRcn3|Z^C(_vZwTX7#tHfRSf`xKxZ;-#sXXlDm532xywx@JNl
z3)YoNRdIZtR~S)}e0jOn{fHb9-GzpNPN}9@Lud05uYNsL`;$OwZ~>R}<<`?A#KRUP
z#NSpiinZDr9<C0^$xX$HV5uk#hAZkFrpC8I<p$P*_(MWMQe-cC9#83e9`>^=bF~5|
z$39057_ao^3XoOR@nhS9y)e;HYR0Yt0|Tdg3;d*0BpJu+L2XEvo%i#Li;Hl=WSFC=
zcgNzcGG0npUk4h50u2oi7xRMlM*OZ=lAQ9rxWEf6bXM-y*N7OTkPQ0%uux~~AhBfd
z%@E=PJ8jJ<<!^;MbhNhz24N-%%s5g2`lBmIYDRC*Q8+JqSIg;3P!Mr}WdVZ;i1eM!
zmgN>727F*pyfZg`gaQ}Uo!A2SMTiQ}y>d$<C(dOEPaO?Gj3OR(W9H4s8;#-?k=~A{
zjnN94Whd9F41F?*+82`46t*bT&mF&jVl8n_->6#y;poCuVqEX&WrF?hy1(d;Mb=Ct
z*3fMz{M-`@<Q@8;$&X_(RUa-O7Gw>JO}U>bx?ePYa!^%`o4d_k4?DC)w83iW@79md
zY6=d5&gyz@CbFM~r)=RO8Z4hZre9_0EwJMP9n(G!7cto_N795gGHr@b{Ft^e_L=|_
z$_!uZ8I##f@M0ETFG{O^v%ctgkPFpB@hFj*R5Z?WekjvKW{kL1G>75T2;uwc*Tt&0
z-L;K^Dp=12DuSokH})c?yd08gWMzL<M6@a#J11C^oM+U&;u`IoF&&@%H2cZb)in;E
zcAx$arcJXNEvWS%PB!p+ho3b&taN$?uHeqtYEKR2g=t~e2vlid+fT&DZ!u7)dkRIt
zyZ;>_Rzl!QSjS;k%=C}Hm=R&nEBc$>_50QNwY3)6+%f-d{A6UWl;*zhiHyjp8ayMf
zACnO&prZsnC46_clp=kXn0-Ynwdr6`>Dm3_pIy#!_ghL-T{CP3$_6k!CJ7o8X&o`m
z+U8on3ehx+kB=14TyQ_zhIgMXh!r8E5W;hR3Z*=w8D4(nLkAQYnapsD`Aec4GxXzQ
z1<39jc|POPeX{mCl=ix)eL5gVv>nt;hdrK~uZb7F5J=dg{cQDcRdh4BdbM^sXyAtb
zHU`$w{CQH7dkPsl)s6aQ>KxIe;8TWp>cMIvX+}aKl7zwY>F(QIX8OAc`j8#3u(LMZ
zhrWuis{#6l?Zl4yZ~S_jyE8{mSJ|=;lJo&j@W=D)Q23SX<2GMd0Mb(B&Iba#eP|vM
zWuN*(2&6BJ!>;^}e=+O`%HEwe^xTag!k(~X<?B&c!qL;{X!fu7*F#~)lIss!Bv1Qo
zDmZ(fWL6$Vq@P8>UDFKWs3fd{MJ$~?{=WM8dFtKh@kMUbQB;jbE_0s)8~nYz6za+)
zDc<|>7A}SM3fE;#*~i6(hXn7On~IdfpxfMRr0$DnZqY%hw3SZ|H+f;jX|Jy7Uek!=
za;_f2`!(G|f-*H<MS5gNLx5tW_)VA6($s|1)aU>F$(IOu&yG@1V2Kum_8LMX<?nus
z=X|jL9!c*D<{pkVqsa*iwtV}hj{O1r4os=k7a&YL<J5zscI|qQ#0(2@uB2ZLYy_#*
z7;<K+u|)s;j${xyzq>BK8$`OP8%W>g`#gVs(@kId;~RJw3o8gY2L3jD&dZ}&)?rJ3
zh)S>%+-v_JOk7=C%g4t@&<RRYqezIIx{`TZuzkAxLLag#8+=b7b6I!$oyy4+sq1%j
zbvbP#i_+^kL!{IM)?ioO-`&0LC-43layJ!rzlQst(r<YrH1!qTcB0J-uH)-F1UoIC
z3s6ui>-vAzSOy^4RwSu`irHx7Tx$CKu++pYz-K#7_BulHxRu%C@dD|GE(*Pc-(4O(
z%w~6Yepr>jlt@!!(IMEenD@vZ^S2KOpoI53rt4H7`8l?9mC`(<PPGuPYk{+I7dpMz
zpz!fK1+Hp;LZ6+vxw$CP`n37aXL3U=2f)O{l;$H(9108y5{Dzjl#*8_?uAGxJy7D!
z`bj%2j_mF37lMalv?h@z$gUx$2#7yJi;X$WUzj*)_{Ue$?lUY*OcXhd+)4W{X^yTw
zO)wCKSAKkNP81da4YGm#xBnN@1D;%f%m4~e-3Su-Fr+L4wVo|bWg<@g^Y<@O9O0Kp
zA1##ilPOTAc4eATQw-^9<mRx0(p-i-CA=)WzMZH4EbV;h@VL8<G>^M}ZaKWWa|?#)
z%3KYHJvxLv?&;P%?1=TW?NwVM0;ZQ_um5CAO&=V{hRIJEBAu4ZDN^;W(@5*f&kd^`
zk*OltC%CR`7n0>p3EsMbu=-D*H_j+3w)H6~;HWG8C)8FWbwv&yj=u9wFZdJzK0cLj
zonuwNhpx|FPydP@_wICMZobt9|EuXZHZ$Z(5^%UB-qSLR<ly6LIoL6uMYRRf@o<R0
zWa3~2@(+%5+0t{h*l6(Q|Nb4a5t#S6ySo#D_|XiXOL5q_y7Isy3XM09<|77qzE9eN
zAYr0O#nv3%cVXD>n{r#4l^+V5tbJizwVj@~e{z?WZY>M;-k`bB%Y@dSOCd(>1Rn=*
z$ISx}Sv)WQQyfEHimEdjtz3@0lsQev#GPqwV@p(uzfsJ6yx<da2|aFuH`9MG*5GUN
z=!2z5^XA-ak54}wE>2=yBHZ#`ST;J&++KyeKU#HO{FNIPeE&IUDv{dF;_PyKI^RX|
z=2%rG^!#kQ<IUp?G8X59cL|=h8j38%TS{RI8}u^g`$*f&%0+K~4DR~Vh$_85G{Qd@
zwqsEi%zJ%oDe3F7Ryf9jTm%6co}i0IKa!d0H=!X&;m&f^H5pcA_5?*dtRYr~TN1q9
z5}}4q*@s>Xgh_|oXBeGat>0hL2Orvs$=IQAZuix!N*0AZE{YZ14dsbAKlVJGu2WMx
z_!P;WZl$lUw>?-3=H~wnJbx*BlkktAMs-t<3mu)z30K6nliSF5Id7Tn5jvn(@Cd!5
zyRUsZA1#tWiX}z2Gm~6dEkz%~9&g}cJxz6C#XU_<b4yLm>sLrC`^4v<<_7q7w$)Or
zhpmGHInm=3;{KRiwsWPNn;%c>rPt$>Sj+uI_GhCSi<`Kf7EZBn*@r#8btL%l3zDEp
z3f*max=2%{`-Xoda}GmvbsrTdCz2m6oEh17o|&)Tik46(3p#xxe>`fN<SV%3GGAY~
zF*3g^nGU^d@O`}*L;lA9vS}4LeA3SB$FsVwW^}uqhdy>+l04l{ue;KZWM*gk<;!?H
zbs(NDdhUd6A!%ySWVehT^1r_~hK(}Er9Xs7%q)5}5AYED_zA>zyZO2;ogoz#TI4D2
z?Ru}BiHEJ1vUNL!K4VucZmakA=hKL#ApQcK>CeCKn`%Q`*YZtgKQU4V%g%??+##Me
z5FzW2V_|puT~}+wi9;W9%*A_%WNvexZVQH=_6HChtl4k#V!Sw2q}tD#mz_E7p=po}
zY887H-@DbT;2mbHo}0<A(EFk=ePb)~6w&*~mon0|0X2xbftJDR-uvFQ?JNdNNinzU
zo9WOGnZ_iu%`KuzOli6gann7B5CjRd=XUm7He_cAHk{)86=|4ykPW*ml8{)k3cbyB
zVR|^Czdt$p^78RmHuU<>x8Gsss}A_I5_Wf^0bcM2tD>iayW<XA&yZ7oVq6X~VyNd>
z1ks=(lr5-T;^|**i>Ql#R}aF%z~DC;;t7f+bApn&AF%(8-fbnoy{{j`Rh2+Y_|Ma}
z)nlgXvc8$ZiH&48x-rk6TwP5%4;cd0)W|UYR!jC>t=E4jJ`p}kd?fj{rO(?p7@0lv
zgY)y}&(hP*2&tgbqp$FQw6Xe<bGU@0q#t4x#?ccncStgv9QN;rRS1&SmpMI6;Y0d=
zDv+V%T-%kU#^PC%sG-i-3+<K;>b@9ys^6>TA&|N5wR-p)W?t`~ka}k9=5l}U@HD<L
z5cjk$d)IK)IrNEn?SEbXxU}ru&2-Pj5TB2?w_~+VGwst~zOb7yu3BMXQGQ71{T2aT
z*nOCN!yYm!j?DcI*TX6+D&WZPFOsZ39N*uZ%bd-m&`J6ps><HZjHbU_%};bpji|Vf
zHBI8-;bA1pTm91*yeP<Y8#ny8;cRsmIFfLG>hR=`Jczj-w%M_MJJ-_Q-jT?2H<U;|
zWK;Lk?mwgOac3J+GWwDfVH|cd?#(8RR0Hv-kxKx>TW;=o{8x)y0ohhW_g(jO8Q<}0
z#}${=jfS!D)dIgcqt-YGd7{azD^P?4dAjb)aI(zlAj#83L0Fz_*c$oc1+Kll{rWXT
ztov$^gqD_eJ?Jbb?5@R1+VAmxfS~6oJ?uJ8GmAS*kp768hUWgSxmzeaENuAvKMjwI
zI63&LV?E^mXgcetsM@IQ4~>L$cS(1bgh)yaUD6;9AuZBKNem$&ARsN>-8qyrLw9#~
zedl@K@8u5`EY_U0m^tUZ_kHc_ckRbB*k=gj<$~l{i;ee^#Q%&0FglOTAM78_-p&_~
zN<7%NWLwNtSp!WI2E5S=Qp@_%rrJts&_9RzmFG?zzl!Ya^}C(SmqEQYkGg|JTdA9Z
z|Lk2c{*N2wK3nX7Yy980xo+6&*7J!-@0B^A^bzn}HikKKsI2p-m`9Zw*6suRk5t1;
zM;VoPz0<<B*YeZN%F9dj&9bHkkskc^t&V#)=98ETXJMZ1Yehv_1e9PzL^;CFKGX%C
zKGZ1QI@>5$($SkaDHz$P$YYdkRA*m`J<qsVHZE;2zO1N9>FfQ+E^Hn5HYvyYPdr~i
z6u*~08aiD~d^=fcy4r^q`gXllRn19si5d^Xp~(OcCE#$_sHHCH4)k#WZ}`sI_BQZw
z`P>bewgC@SGN;LNp}L>Vc=r2@9qebK>*G205X!ecvx|)|<`451Er2P;W@1k^Yj)A+
zc9?$@fUh=Bj+;-A^!!$V{S;Vl^+-cC38|LOqACRiYi%>U=DR}pjc$%a-F7=z3o^u<
zmVfKRBtB{R@OsLy!JM0$n`g>R{eh>&VX=laUF~G9^#NFC9RZ_@lhezYy5D&}LyYm4
zP88F-K|R1+udf+L1#Cr@mN}qp;9jq?9`cbQdOse|6#4SB((ZMIR{rh2u%PX#^o1o6
z%NT~w^NBkYnnxHS`}_<nd-pT#ticzfz?y54ZZc!)|CAq1(amEIfq1X4h55U}oNA!J
z-60ngOvpHhw^&a;K)?60g@0goM4K~cKgU<hIKc&iM2$U>CH5rMBHUk`mDIuwEu#sy
z`l78{kmL20@tm2AhpC0#CdP(Ccj`|hXT=<~|DD0o{Z}?9uI&w5y-jyw2QZnjY5Ybd
zJx}&U`1~e%?2EqLj^)dK?ymM0HlY^C3sw?^4*ku#wmp6^FdF+Zv9R*o2;ow-onRmR
zh!?tM>FHCDdUhQt<=(fzb@6cQy}y<zc^2ejf3=NMuDJDqPDgkz()9khDh{pfJn@*O
zwDaNZSs@Nr>D@rIu;0ecfl}TD+Dv=JecAr}y{4)qWa6{p$jZ`0b3vZdF`*4ECA4!R
zA8=TCHQhfEL~e7vb)O>(gFn_mZsbRxhJKwyCsL)(_u&zOrJYFXjt#q#GCEpZ5HW<Q
zuZ5H9Vp~ZkOT^UZBVMqSYMXz!<7^R$3b$i<B&{1%Ck;Ex-fzEM!Mb@4cMrdAuN6p?
zel9Ndg;5DsmF3l1k7lG}V_yN48_GL<d}6T)^Ui(xDC7<yW*xP^6(?iM4x?pD72Z<~
zWIHBb*H{aF^C<_1!6jQa?npBH?58uROoYlBPLK3VTn3mvvU!*YmuAAj&B{{OyS`G5
zS8aBa(5FoWDKYcQPtLa?M>ypU4$)Q9mcI4A+BviExwibflr77u>2b_2#axf8FsX}U
zS1MTL;rC9lH^eG7qY~!#Jv%evD!Lh-%QZzwaCr31io{^&Ub1QRdiG7G7*oCHlZm?9
zjYOLR%&Qw`YR>mv{_x#xa+_Oc&>jfOM?V73$l@L1pdF>8-R@YZiPZg#PW`jGRU!S1
zfTywb0p<~2guMLFsD6#@=(4POIl3%KCHB2+VTN%#-M*u^-SeT!vj4vZ=bQvqeM_oi
zdF=_!kGSscp1sb)j)Mc*B1NP7{d7NOzh)$J69&cV{jTF<IPz?NSlYhs+L3bJ%HA51
zdPo`lkjC>PS}7iyXKhnf2qBen9(=-SiB;9HDrQ#}Q^SPJ7Cn<&Fa_fy%64dw&dHW8
z3CmIb{xX81XX;xkQnlfl`DD-gB{EQJi;`4Ou7qj6(G@oP3O15aJ?44<`OJs84K=Ob
z-t%JS5HlZ`Ff4$a=UTcI6}PrZlDJ2IaVu8}(Unj6&<vI?Lh}nK3qbnSKc2O>bh9hj
zK9(|Q{<DBJ<eqMN)M=%)vDJN>R5MG=)iS^R<edHOw=-p!v#}7!g8iS0Pm*=Z-6DLR
zktQf51OVCbZD<XY74>sks><7=q$u8~{uc2#oJGqpD0Y7=!&El~isJp~W}upFJO1e0
zi&pmc@84Lk600X*P3p!L&YdVc+kmP6;-TAmU|kW0$J1Jt?0C_V3w!*I?Q;Gt9R}`l
zH?fJLl9YdS+a_hzk6TU0XNcxJaF$M2>;AJ(U2!}P*sBXBO|%Ns5{p`ks;b&ks<rn%
zG+ElhmTnd$^OYM1Q$!uUsX8PopU2$i^`U@Zno0>=g@ymLb@Tb{6hyJRLjfCfpEF1J
zM@`l-&DS86QweV9_>@53%_Q_(8dvVFtxdL4gJTbXd#2sf2O}2y@uKJ4Qlo3(imV^q
z2xHw6!Hl!Jz)|^MnsBmmZ&PY&=slg^pnBc};5(NMcN3Eoxi>N}NG$Hhi^J{GN3yID
z`rtC!h9uO#>Cz|yABG$L9NobKDymke6I7myghtmQHg<{8nba)p$=x@srhd6Lh*~b^
zbpyEUY*mGXsi~>CjKp0xTJ*H|j0we@E{(?BW1)J+)P@j+zjj(sgPAF}m#3SDxj}ZW
zcKWm*?j<3(!0Ebv>2|W&&s(p|LaxNUQvcL<C3Ul>yx>EMe)<rr>^VEucEd(rv@50U
z%kh%;%~2X(ld^QE`By*!)PQ7JS#JFOAl7WryXU$y+<a8u{s6CUtNnJh-+bHz>0>US
zj{b%JgNLKk%kdvSB$G_i84Nh`RfSi?yauO4VNoyNe}|Azg(h_bH#IdC740wU76)6&
z<XSoSK82h#{Z*H$@tVBwT)8*}AcMAB|MsuLyf8u)CQQN$FTFxqbU&93^)}ybPD}Y1
zJ02=cflpng`5cTabR|SY1_U*d!0GxQcL^$wC;aysHg=hd@m4N)FF#*%&n<%UU2>$y
zOVWCSb;4O6uT_7nIW~5Bx_Sdt+<rFqY{OQyq|FZE%C85d<o%Xlq_s7pTOdjOw&l!n
z##qvQf9hHz7tFd<yQNZsDao}?9XCBkC+jeOx#_#0mLgGtpbHbM75rGIbW5Qp>9#X*
z2dne&v|s+#uY^-b6%W-h4%V#HjGKlEz|S1YM_XeXXY+H>b2;qly9y~&i%E7q-qziu
zdkf)RrMl_3>u6&H6MlJBVb&X--7qyiK0Y~_LzT=o$8sp~)$E{?xOTsA=ibne;^4sb
zwKpaD0U{40R&N|Zu-e$S2KTPnv;HZ9f(}L26{fJ&jxHW-3SO6<a6IpuWAB}X5u-*I
zri8=eJu<k6*j7b+nKg7EdVmRRUs#-1>UGoBP~Z+o44!Yl`u__z$An6He6@D`#3ttU
zY1EYht_PngnVW8Em#!{$ncG*6H&>X+Qspj55#0He`fcUYM!xC?KiY{6X!-$Ko;%LU
z-G%WMT3L(BHxrx9+sfIcw!_Ulz1AD5X~Ai#tV`dOBA-vi<~Mq;AOk@iPpPJ<DGYHK
z17Sz54rWRfv3<pMLmP9<H0hGQ%475H4Xw>=lJ@!`PMU?PLPIhrAwM{hnK)5%S)!(N
z$xOd#F{_b@dmR#tmSl=Lu5T8?kW0B0Q7LP8Rs#jqrIti|dJ^?~_rF}Mojk94hk!q2
z`{=-36RVHsYA@;>6MhjYNKQ`+<`M?{s!}dgvP`p4mD;Xk7G8Ni$P^`MEd_4Whq2?6
zryKvUkTw8!im@mCW_ChNarG^u{<h~1l4<f~=OklyAX$KwQ_%&z1N(crQQhO_NWpKq
z$+zxnKmM!iPG%(UB26Fvo@GkuY8e&Bf8s7MS5Zn(<3VPS=aT1o|1sjX<24zpZWl&X
zzC~AX<IA-Z^Wk#!PUOqI6C~5iXEHQ;0~S@wT5M87^XbHK&&6%XedZ;$``*dtPAc)E
z=bm@DZk)Sd3A?`Hm$1>L(CQ>MX%xLAMDpXAs1J8X1)NfA`|RBACiU!_gM)*zFt~*x
zJe3D4hs8tNON!fQk?+|&R=FTmUYIGRBS%4aT3Zi?N=zUzI}S$4?=h^;v;`;;JEe0z
zE50{C8pMj^_Al1f1Zsfuv}UGZ$U7+TspAOIZ*tqKjH#Cb+=egD|D34*13c%Ar2PH~
zp0u0-Z;4~$&9XNDiAPe!9Iea<zHBB|+y0x_R?4Xr)K$!?)l|MOgY_xWC4kEg^taa-
z<T(slHpfXE?|Rk!;f<C?Z_*MIyOT3(eEKh)NwrUPO-!^j<4kHlPlw|%j2L_yeni2f
zmb%<D@m$iGJzwP?Euj<N{9Qfb_~~n0D;WfUK^Vw0S1un_g_nAURU^YdUrdl?I)>q&
z_b}*`M9(DwwaZ<q<#@>Se(>2BExl%Ca?<teVcCCic!N>Na(EnnZKSNs`=s4}0gzc9
zJnd&2DqU`QchbF&8=b_5KKY)rGQZr0(yaJg`~x`t#plgbH?~?c03gC7uBk&?sCQ}y
z&RqaIl-4&TjOEbq<&K3lBzArCr+S94*W(pX0Pm!G+EmSrery8L42U2`fau(-9!Z6k
zDjz++yy$&BXRB@`AkU@*MwU6-qC;Y>frBxyw3BTnQmS<`TD^vnfb};rC0#NGRmN_O
z6?1zyT~(YKtjz05`2NZFT^!*sz7eLh5>xQs^72gY$3-gfy3B^#gdacOIDVQNwlA&S
z(=KXivH|S-^?)uI$3Vqd$~hY@+3Y!*BI!MJI0v+qW^dYGo|JyR36;4Clk&NWy^pX8
z)+E%~cG3HI*V*xS*>q60;Q8eS&<N@zZ^nQKh_~L?*^sikWF9R4FGsa^8F0-U`Pv#P
zuTxJPD2>$7<`(l$Gpv4`n%Y|66sHOx1J6A$DZi1b_i{C#4_?|oPZt$zb4zRt^T)*R
zb^4P+N-Kvcdo@Wzm39;6NGVR{-B;lYj;?H>+E&%j4J?|sB~3*b(g2>z7QOPgEet9X
zbJ_-)Q<+O+&XcObg<sRPKP}fnrhh{EM!C`HV`CK~%0qrClUcI4H2zHHZudTV2DbIW
z*#%uKt>UHOt`KI9PlIfGSkyWOr)TAoSi<&$uM|HIrI>G!_)^rh%Tt36x}wPVp=lDj
zSW{p5?}>OmP8X_jKYL$j^9^E<`a5g9up`AbvE;???H6hlaEh8cn>bK~cy<2rpE!Sy
zx&4($t**?mGxtX#)c%C4uAXua>mgq?ozG*wCw}AF{k^NrsC_C=nfYOYfu%xP8<fG^
zr=gY#WoPQ=2&GV!<6*8{?{ZzzHm6Lb%k$&Uw^t!CQDi13`rfM=w(d_AL__NR%9{N~
z9@9ah{GVN?6~rD8p*uAG##$S*;~Oz#3nFiJk09a`({s~$lN#cX>!=7i9XeVO)XMI?
z{fLBwPY0Y{8B%uJHFJ?kuZs!u%8(wQyB|z8yt$ip4~Yt}%GE^ek(+~1s$-$1OB!<|
zL<`~@^F>W$TJrTZMErY;tV3!P<72bSOXEvR)t}Dnaun2mc`hc*-_O%>c(~P2iB81*
zvr;pxVo6pCEZq>v6A@xm@%17g)N&N!2xc?kf9d(T;yTA<o8fBXVC~MPC1}3+ci#B@
zXdHvDg98!6=h5cfBlb}*JqMHS9@ckZ!tl^0PE-56ef0e>tQ0X<!wx@m+vCFxwR9<4
zeUoVO8^xhDOOjzRkIt?_%TN`q{m&=%l8gAxpZC^(_F>aZFD8xVFY&91Rr)DPz9O~L
zCmoej)?h_XTWHqasvu(K9I@8=vS^;e9F@XXJ=@mqFq-tXNdMdRLV4Sz3B%_q=T{C?
zy>Y7DB>&P=25mS>0`Vdw>2o$_XGb#D!?PH+|7Gwxug|_`=1P(B_j}hpChJ7UxBkmA
zCY|3EK>3Iw%}v_`{GT5~^EJEN3slo2PHsi3V^aRQFHRD9)YTH^Oq_2q=M@*xQQ=#W
z;tSX;1{2tf?!TQNN0xl>a5`c6!BmiOwHNa=6lGbkXK`@NIeN6X<a0W<R)(*d`fV|h
zrp0Rf)dgFyONVX~<J4Nx2u!!!#BV)2aztD&f1+{zUfVsN^b$(7%=0wMiim0zavGHc
zB>X^&x4C~y`7JhBsH@|eollAWWd4xEaev=6@Ka&*mspu>GsVo?c8>=rfQjWoLX98W
zhSUtcSy*$4msRqbV%3~qNdC9;R60+QQsj%xixYDJ+w*y@biOZ9I*;XHR(JYG)hD|l
zl4(6S%^t_5sEG6UnWa3G>aERsOC>=={f?RKv!ZwM-!C@*(sd?9N+hH7rvP}!_N%)g
zI{3%7B-41H3+2tfr8`n&+VTF#ReJz3PKjQif~_IkZRYxkd9@P;g=BAxydZ-RNG(N<
zr8fDDBw1VsksSc!_v~TBge&BO_FpW*SBM|A;;z#4ShbT*pCfZjQ^Gj|v=_1e{3+tB
zwm_%znd}~>a>T}CoqW&uxx`|d!H~4{!VYLUz&!5S%2lTO3~|yyi~Z(xRJpmhWNAdQ
zpofqIS*wU%`nf@EvBcy+Tx}wnae0#WIk?#qH3++3_=bO1^5R`7qR<j3$YRhE!NjoM
z;RokZ{-g&{TY%JlyGO&tj;&Ul6E+e-J(`*a`dVsAdkuCnj1DwoD@lJ$yMR=}f2|oO
z5AT-V1*&1v5vV>&%Yg^OwLlZQ2xci=JOUiXGpaqGtX#4MD`UYOozeve*nDtOb&z7n
zdq^~d>6PY~A<X%=hcV3kJrM`R@wg#{QM|I4c6ow!-Fu33Pe@85I2n}CkcuqhQEg3v
zDy=;wXT{fTGV||J0FzGnM_;Y7fH*=&OoV+YEReU3ogW&mJ*6u96`BaPqXG!8&uf73
z83PRVlA#S5#-zs|(438>r5`l}frH^yf{AiHQ)nIWxUyfHtfG#IrsWc9LwK+dOht=2
z#Gv%dNB3=+KQM+DNwmo!I(<y^4Dt5)=mEBZc$!uzqMJO>Z2V@RIY@0_;}JV!7$#)W
zzf)?&nmA}hmk4G;q9w!#Kx4^6B!D=?Pn?d$4gcnoW4z}th&LTn1{vzhB)}!*rlL7O
z$w)RrWh!z+2-UTvplYJRs2s`|?10~n^+^kM;p6#;OCZ9~Fmrv;+*S=10W?+UfzW^n
zXkLygz@8AH-*y7zqDdRhRzd*roy85{;WVCc*U%o^W1B+wJC!c0j6*EVfy(Nfbe4bQ
zqqLt6LkN(V0GO188$S;{vBau;sr0vT`AW+tEIK2<**4TY_!)~?=gjjgqsHIt5i**K
z5|h!%MX2af9OVb&GEpHY+7{Qq>7kM?(F6U8mDogacm}1GGr?vfn?>vT-x*M4;0E-8
zvp17T#_!;Xc>D_52f37bJAkqym=TX*j4zkvj=*9Ut{6#ZWb>XaUD<X*3>qTXryq+e
z_aRD7!r&F%Qq5^Fu5RD(;Wx4wBqNx9PL#U|2}e}z6F4^8ltEM3;OAA;IG(Kq_7?gZ
z!09#0!~A6KCdVqJgAO=<6e$QQ84+lqf_SVc5w&&plA|i$Xjt_zk5wd=)e`aJbK=cC
zeE06DUv<OvH;G<hx|k#fTShbW$jXW*!pVg>&{-Kog8B(UQ!EMC3xD}QO0+boAV)B!
z9ww_IWpi{2HoA40_7WQe{J4_XHf>5pd^NUidlmD63oEOd<ibm`VR+miIVQJW1j7Ix
z!W+$e#-RXn89C=ekOm=7$0iFCQJm151fp2Qh5oAO_v9HnY-j;hvZ7_N_O-0?hYxKo
zr4_oOU9*At*&3jJA{kum25SEAl(5PPXIg6wj=MG|H?ca+B6=7Yf#(gP?OeEqBGz9?
zBgO6nmvnSvd{)qF3%WddQcL%C230oJpKxuA3G!l{q;O-AN@y*fY=j1jOs+|CxC@~Y
zt0jdI6@-Glklq04mBJ3c9f{_Al@2w<Kr70MGu!^t?Cu|2D@vF%fedLJJw6wNzKV~c
zuQHbRF5#lMo9D8`S--E6xzr6WjuzkE!CpIMDQTm@`tiHIsSRtM^0x@PBrvX#B^GPE
za&J;%PJhpjsq9K!(Lw$0VdoMQR@M;JmPuti%}ztC{>M;F#$1ip!MIo!+dXLS<jhIQ
ztH7*Pxs*)$d`5J6ghAFEAyz87MmBKypVmVkl1c@KLqkYQh8aR|Wj|R){Ycn|rDaVN
zoap-?*Y}C{FQW;h+g^#BE_laFrZ8CUUXw~^pdPHO%cs;J2xnYoptB+kb(~iUCJMoo
zuO^J=q=3A~H)0%0N=%TGODz$^$CX1>G81UTfx7ja_ri;Q>@vhz+u#SKbP_Wv;Rg1<
zF`NuyQrhZ~VNqmNsN{_Zt~Il?(@;krb>3i!r-epWI<uu&6Bt>3D2a}hWn8+!g%Bv<
zf!@5q@0*vIn~9Z0C;rh=AxIprr~#IZBOS@bHeDChQZ^+1u@60Y7%ox$H8t}l&<k=n
z6!EK6P%b{Dn+Ms9=@tIhLh4em8YK*@Jaouv{j0S02aAor;<A2ex0T7&3-eVoa!iDx
zB3<xddz@7vOw7YXPcchh3BiU~jxn4Q0_j(2O2e?J3+1fVW+MZD|3t)msoT_Huc{HH
zSfTkdFsQ$XQN~<aOzhPoT_K}Kg1|guSDq47l1x*m#yZldPYQjK2qc^6Jx(h+22!;6
z6S{z4-_LYQ+d=+H8UjkVoG{O+rR!kQaU+a}iXk`f?0WVEKZ#pSSi_NUJETFU(mZb?
zD&*c?9klVhe`RS!hm0B?hpZn<_<Ge$T3eO<H3tH&vCB{H57#39kdN>K(6KO45UsGx
zq;0!wF{_qX(E^4r&N|8zK-Dt#$Q@7`zW%d#_9i>wGb9nLIz{xXGy%<6q;A5~uFYaB
z>|739N}gF38MC0opnLB~MUZR<IVJ;0W*~>t3;|*R3aY9IKt&MZ%F9Kb{T2B9WdbIh
zxzS_R2TGtoqP0R6L60A@S`;AVz2RpSjioWNz<e*=_ge0T2?>=vAU1$ebajidWmaC}
zjr}wV?su7|f2r|oBth?jY3<BuIgrh|lI@LT<#^ed9ezK*@B~<N@GQDn1@^QLf|TfI
z84<gX(s{nP{Xxe@%9U%MK_w<nLRG^d77`U@O6R2QZ}58+@I$78F}4OQMA=V@Uoj@c
zdXERr16}Tsg3)h5^dRuII|4=k$=q|wjM{Op5D_wqOdJRR7Yacb0X*`T<sVqU6{kPV
z!f=tK%u+U<Ys1zCS#qNI{`=PM3w;Q?Q?;Jn`k!C<28rwc`@=?b_tuO?&CNU;>QFDb
z^<ydRfPDp=^Z{0+JH+1fzc1x`W^`o_!IgV#uYF_%4(I=S&9CgI$!Bb7Rax8{<yh8e
zHe`U3m2b2djF@b+l5{p7m%ypaWV*bQ8#N>K)9JBVq4>))pJk5lM*j0^@p6B`bH&*g
zGV2z2F9Ui2)RJ{N?d-#owTPpr&fN(ps6Qa)Gh&MYPRGIH`AqFnJBrZ-4b5n#)$ir8
z;g)O6wvUnCZhUCMPA`%Ai^9HIZ`dfV+Ew%+CR?PCJ5?jEE#ob|<=94|pm0DenSV_g
zu|XQ3TW*JgU+!8=uEFG6s+gPp@gZyN%J1bsfE4~buApb<*S)=>ygt)@#C|c4_5zc4
zq`E7rCV!bTtm!+C{;d{YC+?Kr%c(&7Og+aLchIDj{~<|sSJ>exfzy%9X*Y@+UE21)
zubo)BcOX)xj~lit+E7TTudndAjpIM=BGfjF+`8{LyyYiqD6N6Z2IZ}U&oMENF^`Mq
zqk4`~A`Q>;h5T{1#plflXTk`Umq0rd=r`>)mEl&|I}hC!S2ig9eMbRtFfmzjhEbtO
zx7RV<qk6DEKm6m<@JFP09CBHdI(IFWqUe2EA(>|Xcz|sr$2kN!ry(&XbzG@Lk}k2N
z>rG3@1=j(~v=TB`&~%jqnSYr5o<9XeJBsjCyPsByL(<t!ZsR-;KZUL`c?&CXJ!S0w
z-97b))=;CqwC>oCTLHhm;OF}<l6CwcBQ^fTb!6ncH1iRI`vso}WuT^o<L#5e@h;KI
zODNh)1j#yIG*`~B^U(jl%zr;^=qQCgg}u7R@Uxzu8g(Ra5n|D`GTqs`neNIf7rJ=W
z{KRf+|H{aBj`pShL)-epi*aNfN3@=N%0`l=JaCU`%FnI;-%n)!Elz0&->?;z?MmG#
z6<)J(#$^9eWPu^z!pH+~`S32+WNxdm`uLd7)inv3{Pnkm%SWE9H{!s`tT`<7^o0pR
z^60F=Q}d5&a;@^GkdC2c?vN<U(%OL?%)WW6k;DzkC)*N~Keb-fwxKCUpad{!ELWVY
zGTqMsCHQw2N_x7@$T35tSTO#N&U1BHMN0?1;&LH6XG;F+gQh;x(pp^lyDkxEX{{`J
zUIHm7&dkP=GcFd~S}ABCPxf6Cx{-8Nu#l)HQjblnp<E|4<NiYtonEHyMKW}b9J@4n
z$4jnfSnjgm2X^~B-9(l3e+>s#9hcI2Gn<|OGQmEerDMMZMu%X7=!T@}8UD`;U~0kt
z>tCiP2t1e*D$)2F&j3QD@QVKDZ;4^rCH8C)xSUlK@z+S%Hp7EW&w99Fx7^bpwR1^G
z&1*^~6x2Nt_B?zBRb(E5tC%TL&JY%2Oj*U2hyXoc`zM7tNAW6<*q(b@+!9QKLGl5d
z)wC*ohFX3TLoEM^cErRfVEBA+YDGM$qI(?plLIIxp$6XK1%!6$;>O|k8OmJ3CllnV
z1o!U$)GCo)8+}>o^dz^#?r^50kH}_$)@t)XYj*}@3h+HBuZY#5xb(bDKpL9K-CKxi
zJkB(a+b6N~N;vu+qp<4~3#tq#0ENo_t(Du$13NprYa=CI9={#e`*IIX8))|K?jxm1
zwt~aUp9N;R5OerEI_q+PZnfph?*ma{Yey5{F-SOz5JDxF=HLL~dAfUgzMOBPEi5d=
zoyQ!10vp+solffL=v41;k_kKh{wLato|r3B@ru9(MY<Aobsinmi8yAALJNQs-<LO?
z=;Oa21mlAwkU%N3i0F-Or>mW+I4{SiYugOdun(DjhllS8DD(K_5n><LQ5_Vid=pC$
zL?{s|a6tlhAVzx7#NQko&8f^CHfWn+gfwmmf+DF5zPUPSD9+-;@H?EhHFsY&n~p0l
z-uP|v&)ibd^3pzH*ws%Mf&#&yMT9pVmx9Dxpixu>SV;&-S{wQFl-qF$2>VibgG8G%
z$+}{C4#kv*+W)1+W?lTcFp@6r)b8m}sXx($GWMCRtYJOkM|W|qHWLK2DeHUb$6$>B
zsQ6=Wq}4AVTKv6a4c(MYVhE^A_d6CUNNzx#fEAVf649)*&T-kNTebb$^<1q`g&cj#
zL`1~pUO~D);6-~)B_tRAT&SATQlUwRqAqdP<G*sb;QQcVm(yxxE>hU&x?R$6>I)<T
zx#fAg&9OjvV#6q5<Eet9%f2V&fTI%|b45M<>-H940vhycb*41Znys*Vaj0J+)*uSV
zH+LUO;!G28oJw0F&x)$*<=jx;A})^vJsmBr2JEu%w`ccA7-0qsyb&f1T?1^fV@1rm
zWTQl~J<cTwE?6AZJVHMQwBgTgeV2PQkL!A2IK}%X?98MA)2IQs9N}F&A8h%QU%};J
z<veT<2g*cnVGW~21sELghk*dbal6|2T^P_+@2?IFT?qjF$%KD9+JlPuj*!A(PMIzQ
zm$t{yNJd%N#)DFUG{@cEv~Vt<7Eb!lo^?a9a2Eg7{?Wign|g(u)f}Q3j}aug^?DxS
z@3TaOhC_Y0{Ta70F{#nN>|TLh5krQtL{+v$7IzLIvmibqyyiy~uWUfLTgi`4U*3ks
z#sl(#J`BhN==Z%@uAk9?f~(NlGRehU<-1Q&741qjl@~o<BxgQ)8&&F0bs>#09H>if
z)c~J#iJ&H-cZPzjz9lVF3GckVje1kLz{PJ78!9v~8-(-Kz%U%^^ES(;QzVNLcS0Zu
zYw32wbjc5PMB#DFa!rUj=nJZFY26V%ZUK^G-nw1cCS|s8B%&Cp&HXJe*ikWkmWq+Q
zzD+gxH`ckjoXOpC+GV0HQSY)f$nCRk>a+4g1rPM&SttaE^yI=@@^~n{^I3MT1{YyB
zcbEHJ6~6`KR?m|%zzT*2bSi8W-3K*yGTjHsY=0wkTu9gm$tQc({ZH}It`-l8X={>Y
z?~$n-n;yr$1tFnMI4{i_cGG!Mi&i<Uv~_#el`X9}AL01%cxj`&I(MKB7$TOYBm=P}
zPI6@H^QbT|fkMzh-3Y7BJ;V0KrkL!}wL-`gmX!FLjeJ~oR9i8W$NS-8=jlr(C_zLO
zJ@7b0KKF!Vb_y1KAzmy+mWb#$YSA)lO9U120KTM@L}!p)@F*5G1pAjkfH5;?NX47C
zsVOW`b(Ne~SI>u`6m`d#0vvZ-Ak9N1NP5c<u72z|Dh6~vrk&5IJLm^~9p|rLT;4!5
z%F`fY{DfFhc1BPTa<H|{P<}!A7<^no`hDL)bkiRkK~Lg{zvX5XA+LlbuH?KG)Nw(S
zNCBB_pAM=Jx@(#6kclIZ-)rFV>Anq^MF+9H60JsDO`#7MLwSYB4v}FjB_8Go-U|G#
z2VPFqH;HFbz`Ln^z7M4_zIj@}q5RDC14}zm!xwJYgB5^RS9kQ;VZr@x_3hQL@HTha
zme)tI*ZwY(F-|QPBiG#~0l~`MTFN)%*fyKu-rvOZo^q{6XYm-g?g~6rV3FCMR^xTi
z5rp|IhHo*|jGmt$C!gNY1la0IwRlbPV-l;f5n{Caf4X|-DMfhGYwrz#rq{X6ou@X@
zf#YkF=AL`i`?fOP1ADwYS$P_D_Z7+Sh6;de&S_(bp!Pp)gV)gqT$hbp>lFL>bYq*|
zPHpYEiJhf>%djl9uA2V^1{`{3bm9GEm(foXaf*C_IV>0=Z|Dmt@sVSNba6j&=G&Ck
zCZzzl7QMwAdb(Fibwmt8sVPbkoqB}IO1i^OKNKpV1Q6ROcgkL@8F$VL%^#SS4u#tL
z$Hx;I_@DbLLe>4&e@-&bwDkmX1fLUDM`!Q;O_M`+pUO)?CXc3<NoXLJ<74xiHi|?j
z8gZ_)GUxa@lvFyDyi<!qzkjg5SmztIF{D8O1=;@L2T@%a{;ZwXS5XG>qyo=(;5)v&
zcsk^PXEO;91%z|piGf&Fbi(lAVMWSqh_jwjV(K%9=i%xqx$VdVlZ1=o${h#;>AsQt
zVx)(LG~0d^a!}S>=G<i)7DMXX@N`=4cUR1iZh|ZQ#(Nos1jsCGs00I%G#7Bw$IH1Z
zqqU;r>uZ|F8~<|sN{h{krp{$EO9xWa#-c&Y6|c4Z>0%nA6^xLlhntuE<n~mti_~;+
z&qconhxBwRkcM8X+g(*2Gq<{4ZkEcA_N>R<B+dVd%zt#ggJe5?mki0mLPGg+PJ{}j
zC%&-SndjA;o3~(e+`<Wm_Q%W^pIZ#!9JX~3$gRb8X9SjM((DU+U2maC2_q;N)~_&=
z`4`Rs8o-bac@4si1gs1Sx}_sKm`U^OY;5GrA3lF3&(nIxKu|5m*r|j&+r_JRz~Zpv
zwpfZ8(kfP9>9Axklva8{Ntb6EVM0YkQFkKdwyR<Lu|TU(Gbdj)O^7qy89~2ZFg*KD
zJ#*%$ClQ2dD~eP&yPW%FN^3MhxtD;L3jhU#xc@nF5=8<UG$`N?y`J-WAv3q6<@-`o
zKH1xTBo-pOjXqTh(^)tij@sd#4(RAWtLbn)tGf%GH4QEH1XD~*+*0a*rJ#;}X?gj1
zF`sHs^P(V{;;sEG4GscNiNb7?yEm>}9?uubow4Pz47I=ZRA>sgWGo1B_;C;<EP*8d
zwbekt!y#OMv*pq_pK1<t_xX2*QT}j%tUl;jc&Xe?R5#b3EY+85^R#7_78j@S+1aS7
zmd5Gg8kiGwM+JT@D)w|26kfR)v!tl2Asz>@+H(AM*?U;_yjH3P40Z0>##NWWd)52p
zPtR8XT2|5(M%{Q+;$D!>|JjNaUCg^l1d%YQT;$>%%~Q|cIEDiqzwuYhT%vv>;wyI}
zNTo}lI;RB>py~;|S03^a7)lAJT)~S7g-Weu54E38g_S`CvNP&-GW;%6yww-m{a^NN
zGi}SMJBIBhmp#|scYkK1tU~=_oGk53nV7l!zsozP6TgnOHWuI)o%$O`{Vl52k^+(@
zAJg`AR6N7q&)>>TeP|6v<G;S>svedgWBSZ)`qI~Wvp6}Q%)N<eXzjb=`Dm=;e#QKJ
zg*l`yHlW2v#~WgCmeK6@K=X1&!%1a`Yge=7B6_<AxO_}~?qI~}73lbKjCtqive&jd
z<fSw%561`P?dDp{VdkHfB8IrzA15$%zh&HPGT;Ci=u$o&7jO|c6DPv0-#d5rD?yr<
zL%?%b^ci9G9(dW^cAEHwV4_YUJ2x=HN8HiL=|nMaLh50!21rHA`^EVkI{>U9_Tu1l
zAmQ_;TwNSrM&tI#>14jb{OLz^pU;l?3OsAB(h?@z{v@R?@%&YtF3R1$CQcb>umU}Q
zle;+e(chx{2ZP7Q$22duJ5p_Hp&hE~q*CVVyKxJ3jte!uCugoPG*4?c?b*G6Ll8r{
z5}l4R$Q;N7Evv7eaTpeZegg`%i1%)_^<8?n0kyGa+amC?gSy&UzXPL{ri(QNj9%GK
zCisl2)_ikoIek96?`Xszy@j&4UesZ0a89GPr}UG>dK>pFjqrCOYV$WwSyws01On%|
ztru+_9TdB~cy5Mupo_X(<M)mdF;)<pVfpIV6JQw(unpLAFDaD^CQtlEy*-X3P7l(K
zkJ%COCM;tl>wp;G3^<$?T{@t*M~Q%fLLqkoYDrZ-ktPU%>*$$WZ5TO@=1#u<>0%-b
zttEVV_C$P@J*!WzX`tmk!8)|^a-1mjbeHbchY1uOfW;j6XN9>!!@n=iI`3q9J_o-d
z_*Du|1yRAuKe}Hh&(^MVz3#F8?+ouh6uT5_@<*C2dX~scX{3Km(3V58%=+fpXDkd|
zy>y|?t#^;1yR4YI?Y1uZq1kXAU>@hoBvuQ%!#viiGhb#Eq|V1LR$gQfKjR#Et<JPR
z-_H2YFM8lAA|Mlri+{_;^%izI_*bCC*ZgI!VK!@am%cj`kF5CJ!<Z$`%S^45|NWl3
z%<j90o0gqNE#hJF?1=j3`#$cM)BLN08M-N4T;d?mTQ~IEMH264{+mopXl9bK4oUMj
zK;PJ3?P}Ym@@}gZMh~)}!<EgQV9g5;hu$Y}UMx#`&!;xi(_UL){ehg+frrjiU!PMo
z1LGMs0g_}kRkgQ`G~SG?O!n`?m=~<`d)WOH41k~NGsixCZ)+QYN{V}+INq;jC1FE;
z)1rSncb*9@({FbHt5aUhB;8NzY`D(0x3?BFSNNN{3YaG(Jm+6|XXCHxsb%o`9?TbH
z3A%M?{>o<AJ@DPh(*tHjR2G!uu+pNEw#jf;*xm%vhPRmiwE0J#E?VXAQddgzwCG>v
zWuxj@0>ae)gZcWk;K_2Or-|p<s$k}e?EJr61jRynqz+*(Gr6`>amQt%FUo%)#}gMZ
zQfpIgd7O%xcufH+RrPf)U4x12nSR?Ts%hSTayTKvMDxuMtwcKyEn?K$tt+V_4G$oy
zRqdTSSMtxjLn#yIt;LIF_K*(*F=XPpnjFEjDxmo6r66t4XUiplnzctvuC|*%SP;~a
zs&B#L1Px?G$G$yc;4{)_TQE_Ei^s3!PoK*v)olH^#{yAHJktvV5L4SK?m75z;}euQ
z<7?ePf1Fi1mr2_u15IN|{(Lnm#;4_mqj^aAQd29^fBx^bvuG#4+Z^{LPPrfy+qB8P
z3D-=XbnQ$5U<0}R;<UdQLIm-v*fah8E`Tv5x0k7cai|g}HJ&XO=R@2yOH*!u9d2d$
zX#u!bWGFyd1*(m^U5N||a6B2@*N1Z#-89cYF7324q0wu^<D(<&$UKHHqjQs`9~OXt
z0aQ}S4VQW4{JgO2F*2uu0)niGFcf_7x?y^$xeb0F($=;Dc!so!GuV?XKtzJm1*H-P
zj~6TXe5@dzmhDQIW7FOY5C=L;8ES47$P?x5ZG<Cq<K`iwc(;H5Uz8fZp`H=24zw7L
z$dEcNHdN}fxZPYz0Lf^YQJMsO+#g#=GlXxy12z?(^8se>`+IyLuYm{dmdz?mg{iFx
zd>#+L268at#6qaKzu&TPEv{Q?s1=StR~+^_v;ON@k7dkzEG}m!l^cEt90*{1B9gap
z0F<~k9ISt<Df~7<g4q5BB?-u?8GOAL5<TP@>@pRLJXYbwgh&{>j*y4vn|A+B6cP@D
zs?DO}virGFKM&x&%-2*UcoRh><!8)y2XCv&OHfwJ<b8Ul=ih&^+DOYH4U%xYK2+iM
z1%@`360$&463^-foxNzg5d+Ev1N0G*n7%3X<<xMYuD|O+48S8t(g{#v$~ME4e(4kq
ze2?7WLJndW&lza{n!B3p-$9El9sUt(3UV#_HsHf9BFk+n$R!I!178PJvX2VVx?0zK
z?}kLH3qlqE*`Wj|vVc&(3wKI=-JUzK^#*+)mg|uEuohSgtwmO;kneEufBGALC>nr@
z>@#f>)ScOKw(P)!R)oN1a^aNRdeeGR%G!4#a<jDZSg%6kWADUW;SVcY@b^2|^>17+
ztZkPx9*g=ca@<0Y<g=$@N*xFBUkyZSyDc}}KdMGQT>I{D$KZwcDvl1R0y|^n*=H2z
z<JZ;Yu%Owl-igVTv$z-^i_Xd`xy#cN|9Z<MLq2)Y^Fz<p9e_l!C)Ztp!>^}bF3Q{e
zce6zHy$;XNUIXcJUoC5)kv(PxC=~Asdu=nE@5Dzn2FZl$-bOSn0{W5s2axf~-R#a=
zDr&LI*>@_h34bK`kE1xXU$!Q{o^)97lz8c;S<=S{)Yh^2u+i>w$YA^1?;f3S*%@BA
z^3o@qu~bp|D<;#|;@@|5YVY+Qk@p*8MZ|JnzNr~Co|~LVl-o`H9k+zZgRja3szA-V
zOg&Hwk^sB#t-qGA(XZR%wm3bVfes6$2D3}kZCOVhc&jB!@0g>@lvQ*X5!&Zn+3#oV
z=UabLB_S7NZ$nI9=I?B|xQHST3OHNuyY-NK<sZUpG3`ZtPMeIJ*f274|E9H^rpEaD
z^g1)dP>P-xAGEn{a63**!<N5OWGwL=%-(TC3CU}|h}l|VF41#<!VO480`cN1fWBt@
z(<q0lyJJsm(|Cj|!Cb5O0>)B5HUGJZp2?Hx%L+-8H|>XCQuy1zb%$qLPoQDcUTj$1
zO>5K1#x4UWdOpOsdkr%;zM&uuZSnvLW+PS5c2mUg-cYjS-Dx+D#JN>)JV-|u%b?-Q
z^Wz;%C;v~aj?$5lsC7|PyJfk{#7}lSJuisc^shO?*B@5Jjv+3QZ!nN#K_W$i3UX~H
z$q`HrwFgbeN<n~@2MqSxr1^NxR8D*uvk4I)$G<R<ih5TXy&*DZ|6T(TIX7s>3+*-K
zY?Ci@0;Y^ACb6;e7Ftm;gsthGFXey0DCW$Ts+pV8T1bXhe(RHDv0gbBF=(tmjzQ{i
z4M#m)EbFb#dpVPIUkV||-O27ZYQGcyUgBxGP<r3*6$pnzE$D(ex_Tqu-p9pIdM+ZH
zdw-{$ZMF4OfxKn4OcAgHo0w4X&%ohP6vD@If{>uMCTxjyPAj~=_gFCJ5RfvR@yTQ4
z%N~E`-S96lreHT?1p~|~@Fk59iX5N|W;Mgqy;uxKFRD`P0gG(DzQp3<;ye)4Mnp6O
zn73AgFv&j`7X=*yL|^UET%}|83}|7|=j#wAH;2?7<CX|M4?O5D9>@5)P~G>lqAL7C
zf^L&t_kHAZ0)*5dO<qXHs!Dn#G@1fPk50o8glQt1-A9ql*(Zhn5iEJt&9n6YAQXV9
z(eX#lU-e>Et^CWYD=J4vzx}-e%B>DYjM*TvfB(X81d)W!t8`p<M#Zl#i6-~Q7SeD=
zB)PG=eXIcRNg;|fixTA`z91!+M?Q=f6uTkkY*iCim>dq}<&SftGDR<p9-o)f%&l$P
zj92M<t@JWe{{oqALQ=5ocBTaKtE83ZmM5>L0nuhY4Zh?u^e=_dda(o=QQm@)s9XRB
zzlk!ymvb_80<tDze^AJN>Hm(#znkMPCEq}a|NKzXpp<9nA}zd$7*5dn4FjaehG-T6
zBD5k8a6-hIqSlZ?qOOU#bcK_=3{{8>1`xD;+Dn{sXrGqD+bsu3dBvc`2=k=5S<(Q@
z9?g##QO5cqfrcNHi>Q?l|M>kZ{xwb%qWfjAV(3lmg#LyIkS!Z=yZaZ)HIg$-ZFPpD
z^OcrerD`HP0k7=GH>ETT3dOZL5;s}|be7ES<%U`7CL=nO{$VM<q@6ramIPA*>9_#h
zPb4uUU_P543!6t+oFEo@TA5;Wrq^#(nY6)iOIy>6waQ*_Tx%4s?yatDsCm^uH>ymB
zW<00%Pbxzr$skaY7yI|vNWAZYFhk&tY<~cjtW|x7QdYN`P;+$VNHFgi#gG+VMR0xy
zrn<d-$q?JWq)uLRRN8$K-`!+q8+Mt1gxH{v3S`=dY%BgztI*-J)`mBFI&5@QiEPy=
z`Oe){iMt1t`LmOYi}9l*iEgg~@`^N7`SWRnbK5$#&W4&^qZ7lc%-GG|cb%*nGzjLb
zhn`K$Esal}+dGx}?x*ZLe1m~Zek$O&Q>p;9t$is|au+KB`Q%<!`y=ofyYBRrF4X1!
zeljN=%%B|$z(pFQ43C~B4)|MEX4JA9oaN3_c}3+3Xp$GuOqvKnkd6*B0^M)FoYw&Y
z{rN8Qqo6<wIxV&Ill(`PwOxf6%xrzE)HI`P5o8TvE-k6HuH1(z1KYj36Y=Mo$hxwX
zs_nS~00q871E{^Yy6iN>YMH~!njP;5Bd4}I;mj6$J9`Ur6x86hhu&(dR7H_qUv){p
zm#5+xR9abo>hlp!2#xP)pzDZ4uOWSfk0xpJp%vH0N!Z3SQ#HQCX!UR&ZLGgxdqVJg
zG6+WRFRgfF0~>+^mv8e!uT2$}+>prcg;=gj4X>;!Z?j3(fHci7CWI=An4=eLlSF|(
z&hLQ5tI^o8KeosueaXy-g)k&GIyzeRFnD@TyQzxr9U|pV7fR-zBU>&gDxjKhR2N;-
zro-T`>px&IjSuz7IPDEWVQykNdU`tr0U(g_5oex<8q@~y)R)_@cbE3!_G}}uYt_DR
zCWr<4np)y7b}-Psn{iLcqRiEiKbUo2G#-&!%)!&j(vMni$TYzd6cQ2=6jWm3RCoi;
zdt6~EbZtDm+|#1@xHK_0Uj6NA5;#Fx6^^lMe{-AMg~O8q$;?@Ur_X@-V8op5ELiXI
z$3u?G94}+#Mp`~Eqv5@x>%x`Mc1ifDmdCf}#^S?jC8JzdVgJhj`(9dA)xlkGjQ-ER
zW8h#hk0E%a`x<-&Ru&W%hEO4)Zr=J08X~bE05K5GO8^fD)J&!NEYGGs=cjAkKy>Y9
zef!1Hh>*jFC?22PPBf{Dz@L^>-sJ+HOE;oN%bw<E+LE~Cqe#9>d)GNW0jD=1*ZrPQ
zbL=vn2~OK4pfPIaj1myvPi<Y9g$QC6T}q=55b#8*phpDlBmZH=mQHn(BJt5Y=s*E!
zN(>TOo+I1}A=1tvvM7=u{V=~odo8?zsvw0zMC0h#w$|w&qtSG@*n4$#Rpx;ZOi$*C
z+;M5ji-_8@Z=YShfDoXH{VJj=i1Q)r+O4LZW_vjJY=a&0S3g2E7KoY>51)}&Xh+CJ
zKzug;#Km5r?1R&`VQ8~3GdVf#b<hnlIu9rk;LQ|yX$TDsCFgQSWT~5#jf85hHT0u*
zYuaj39}5LAw#)X9xtK4&pXL!6l|$MZjG8m>i&Q9pi%=v4#rEB^wpWQEuCi>sx@3yO
z#O;93w_Vq*Ncmi36BJ-&`Wm+tRJ322+2T!Tf|mUTtYM>R$(r<7-BC4$Y1xXsV!#ML
zd9ifz!&V(|C|wQTSINEbj2+eA0t1@i0u!=HP0fjc^rUr_ya<2!X{0x4t;G^u5~>F1
zLgp@7+}@Nj8em&K(|E5?W$1X_ytK}U?##`3#|0y!Q^*O?bCo1*`ModJudVH_tJ{C@
zn9&udbf5bCo)fN#_9y5=>7S~b*JQEMsITY_$ZQukZeU*c^nXenYUfuj8XFpDy)qsa
zcRsE>h)YohfbTtzBk@w=^~AWslVOZNH{+d&i3y0c*BS})T}^RYI<E4sH#}KUYx)bW
zF^e<si4anjf^;w0_NJY*ySuv#{ipi2r;U*^{zW0cRKAa8F-E2v;kh7z|08wQJnCMS
z?n8hP;*E9=;V-s4Im0GJRr6@(hTzhZ5(xo!@N<o;0OCgxJLHd*7QI>T!Vqv-*qd3%
z$VT?_*lBz(@ghlpAso-w87mo5?#5tn1hRj--%}_y4IeP#;G)3fb%4xd11>s4RIE2j
z#EeuYKFDWX&T?|x+f=`*cp5cIMmf+}iwFdCBFv{vNnZaqbc(kNpC?q#8HW5^8g$A(
z;ehMH`Tkdj(a`e4krVaHGnLfCT8#hm_5=}l@Dt-8%1#hwXUHlz0vLj~;MnYNf4K)_
zglzoQk`+*m{F#ooPrRk6+?bF8l4d~w1>*sul-`IW%i_!O^d;cSR@kNH+ckxJF(D?&
zBb4tKP~|7~zM9rE_1a1V0$E0upuo5RBPG~VH_8t5-K)-DBCqQm6uuyUlB|{Tf@71c
z8KUOZYJ9J@%a=VC8~`vpN-o>6j>S@Y@|TM2{^xFVhGbyoEDKX8Y|PzcvgYNPNP*|g
zFAe-?moRbJQ|L9c`J}D6>=>N|B+DOp4}=&%$S=Nzqk%xJk2A>tM2aWGBp+^O4EPyl
z7qRuVloN4SaF7vGw_S#Mn!1<Ju4!U1MCyx+*Z@r7xYBZzTFB>irv3VAd)ubICLtE2
ztd=3<@T_%VJNgR+B-@oF2qES)oSK>%CUuXl=~~;{+xz)Oz3qO#xUA{EXo#!%a6PhJ
z!0UVykkr&tMSwt$7%)6X*Mjz!Mg(4iO8w0!nQw6cn-O$FUdB^ExYW;Ea0hH_ws2i(
z2}Eengr|VOq=0QLBm~&3XV|2}al0z1!c;&2XYH~bJ-h_&2uA1P7$OJ4Y=9&yo`9~k
z3T=?0xcBfcGoF6YWH1H{HIII+qN=35^@5sK1E23ALfCO$001*CMx~?xz@A)GG&&&=
zjKKiv0P>_GNjQ&>Jy`Of8!fl%D&3*jrGNka5;|&;;{K|pWERyV*Y7MGi@RlQo%f`&
zbgrxOaMOM}p)x&PYaC!H4mEI8S^PgQz>y+rGN;jX7bbU2y}=*vPJ-Ve&R|;HaJjB#
zPny{Z4<Nqj$Qv@#!~vv?E!44Qp@g7hnV};fbW$xqgS%yYK4HXacWqZ5ALGE=Ugo=I
zq!APi_!`znF{xkHV%k(#1HcY2XerP&*yxMq3j7m0QAZ^VmkdO1BgLPQ|CkpdhUG-T
zf1J_o9FzEVyQqBWG&1w|MIy~f4Drk5+O!D==Rn%`_Z{7hVXhcda_PGfR8BZFTCx@>
zbw{&x4r2NL9Qfa`T;mskZnNJ<0?8yd?NWDM3bSq{r1c+$EkDflobLLy<8}$C>V;Ya
znWRMH!hfJ-N3vSIw}{7B?<`${SE^0AaJ)kN5JmObl9RrI0F!;8<^w2?;ZWbhbNEmi
zkm0_^W$}8IG&=6*UI3y=MHc&_P2_Oys%P7Ct&{(OI1|$okv=}h0GT4TG{%6aUesr8
ztxz<A+!WrC5C?-wMG<=g-IaO2m)Z&=9DBp7K8U};<vIUoYZGv{`rBV#8jNy$WVOfs
zi(1#RADR|%!8a6fj=F^+2~=3kmDhSwPdYUWsDvIzOYR5t$6(|@?bLkrR5uTnIe>E#
zEt6c=*LtGy_lxwp4Tu<UIH=>&ugPzm<`vyPe}jVP7aZ$gzzgcgt*LRlf3G!?E+)iH
z)q)Jl0tS<ouQaKHon8We@>gjgWC2;YKrX|{a;w6Z@#XQifEM!~+L|WhFkfQ_JYZZq
zujSFrL7T*S(&+x{zsP0n%+1XW4de4bCEKk)Qo?$rx0srMg2lGcklx$d*<w5+G#>Ee
zIT{XG*S%s1juPIZv;B2{>k&PpAcG*c6t@yXzOtGUJt+uc8<X}sm;If*x1>0AIf<xA
zw+cT9gq&+7GUqjWFx|kj^3At=55!_84ux&dk-E6LYJovKD69vcaX3t?VlkVmTwbbl
zPAE^%(@c1KCG70%R-0<nJ>vJ9+G{RLeh_dC46El8O7|}7-*&|ux7b}xkT8rZLLdh~
zpv6hU26XUA0R$>3du%zxg#FGu8W_$(QSt~s{flSke|jVJ^zU7}{U?dPjC&&HPAi7)
zcfT9cO&l=Lr6Dq6I^R%{kV#e83Mc-m6f%l=P&qvBb;s~l1ZpU%k&D{hin`jExODEW
zbx+D5W_^CxF2#I4m-S@K$8}c4qmB`#<HWy3G)SbgNv+#9t^KT`r2^@V&C<k7HI)9M
zI65Lxaq#51TzV+XbTMqB`2W~C%cv;7u<PH1NJ%S0gM<tSf}(T{NDMuI7^H}ZbV!$^
zASDb)cXvoP2uMpeNOyNX=l?wG{r1i$*Aiv8Idjgru50i8%L!qybTOVN1(cL~49`+Q
zp#QP2X{K_5^H9Mv;Yr~{_Y08PvGHJ23I1E_qxPCW-$7du4(8VvqOWyyL|4NV*i>Q;
z`Zi8~f)<v+qTf<_y5LWp7se;?!?Z<4Z;Bd^FHDOXsLSI9hlYfe?HpajlniHP=I?ko
zR{+DSUu|PVTtuzuq91?)?o59#igh1&NgrAP99*k<jusQ|x_d18m*gYpUH%E5&N%34
zj!5PVZ&%K_gQJ9!nB%jB#iUcJ$=_s2lQ*5g!Ab;rZyT0+S?_VZ%Ti9bSXL+!xZElu
z4dBviaBX`><4;UuF=<}Jr5zm?;V`76M<?q1Yo6EH#OX$%pv!7ce_6%jC{4G_-{w1?
zDkk!NsL&?Zzwtl6trgghNV@tDE+jrclsxd?J1rm6rO{rQX>d#WCBXsx>+FP=t@hyg
zUIAU6ywg%ZA(4UbNyYZNK4Fiy$_A5tbhXloSgDeqH^Ne+>U0?pay5n0|B12&)`zlo
zr!IGr65rxX3!>gsyH1ocN%<)z2z>#zx69D0-jb~mP;r193nH4ojU^>H84a(7enn^C
zD<A^{FL+OOdE^*1R9`!8jy2f#KiS!C&o4-sPjqoV2jLW%F2~HWA+Zl$`gmp%Gl*^F
z52U%o4BnbBtD|ge0Iz06Nt27~ktY^U_>UhLzc*|dp7ORQo4B0(s%jta>H;DYo5Q~c
z`M|Lk{bhz}X3Sjnad$4@tA0PcxPMx^(Dmf@g4hxx^UGc0S@+9r;_D6nV5Q*s9d><u
z<jV3gK(WFMB(lzw(C=%&I5Pius^a!I<0ZsMw>ndKTVcQbwl`RwrNRW05xOH0G-Y{f
z-?%^~Gl9la??QIPPQ9q*9X}P{YicE)-aWjWoO)POD4V9%<v9e69y3gzV<}+`u70y6
zcqN-Qprz|%G?&=Q2*Hkuvd=cOEQuU3n-59>o6>Upz^53>{{yHFy5QOYX3`<=KTN$q
ztfdj+;l*=kknQ*1S_gEeAMuR#84S7XrlgaCT`;vFEIgNUIv9^v<mP@{Wp9EAIaJqz
z0ZC!s>wZ7oP5b2EH=iB4j<-o}=A@6E;pq5<5dvLTw;Xal<Ng@+@bCte<PUmCHH$_<
zJ%=xv$EDjY9H$JpXGepBgTsX&aO|p6$K!^vF?+A(iIU@gK3e-Z@2NOpceiUa$b`D=
zO&Vn=6m~uCDNPWrXxS&h!yzS7ryj36+6L6VzN+<$x~;3%oAU*xvk!d@Wp&m@=3F*h
zw5F@|&^nI2r!qzkTQjwlwd%)D=znm9va8<D$PmoQ$#k;n2;rZbTuc(&+z4TINpf8~
z4dogiv;5~-J*K@k`29(tZrL>$9M)dt9#-y79WE$z>$)1q>n57R+B5kpPKkvCrIM71
z?}VorKqMA^`;;#>kR11*Z()$Wq+fybw10s_yIC>}jY?g$kmSWRKHDP&(x9@y774|N
zI^EoYr?Iw{*@AojnDuQvqq6VCjn>*zVJEw~FUCBgr;U1m`q%@fcbTblzskGZS#H@V
z{vc~>_@$fI3Tnd9slA#WWSF+1M<~h<u5$*%rr>zwgH&zKHU^#1hehwIQ*Qn>)HfOI
zZ}t<?MTzhFZ5r!3bT>$Kfa?vONc)uGyRk|}AGBArkvc>5W{4&F=e?G1<)0@C9#j3r
z3*y5Hq2Z8a!iHLUaep4L%zHhR$WeZ<p)cwAASg8!-;{%F#QX8k>9VQixW=2q$-^gD
zIIOC&>E&1uE(C%T_Q?-+E>7}$w&E8%rWBE^n4S-?%1L<eqKyx7Y<x8}K3H3AU^ch9
z)AekyWTY>*iomj?$ElndrXLk&dLaZ12+iO7>%3>sA0UYrm``x*D-Z`5MHiBmko!6}
z7pa=Kv>l|$O$!nd6DuK&qL!|gPq~bbesNlQER=tt>j=T}oFNq)pXl!D=udpQP$=B+
zRy*3Sx!sclVX;%LN}Zu$J+IJvv2(h!vGHQ=b&VnugfU3Q_5k7z#`MJeP@HtN*2lS`
z*pECAR1SJ{XUF9r0OY~dl$MgQ?6I#xC7&quzs0IS|A-u~PwG!^%v9w|CC$FuBC}oo
zGHn?u>Q!3LND=pkavq8GvqrE5!D#~CBTd@K`_7X9d%H-d_Cb?b?sN$-73Pq)A8~S7
z&xoP|efX6A5iE9;KkhF1`gDbtFllc0@WNG0j|X<-C?b~Bzj)mKen6~Jjn#)lyDFc%
z&@`Bhb;j<H%XBn9hToE&ZG7{Xi0<i!!KF^W4w%S?y+|$XHz@5?bg8-V*4ci)=;<`T
za48^>6&4ft(;%yHhi<NM5#;|UK4B<!JwNEeirj6y)m0j41~Gqe;urJ8Nsb4dswN&f
zV;NzEmLr(mJcMK9qcdEt?u~^&v39HhQiBv@Y<BC#&rd2FuYp7P1k8c}hr;CRFFw7=
zUa(7!M)TsPoP^j<Rb+(y2UOI1rz!I3FEg?DL9eCzVeQ<tg{c&{MAHB<I8VF&)DU;<
z4H!pU?cLrK75^O@nBAY-;6x#re8T_t)zqsTMTW-o3IjehO2DYuw5$Vc+PE~?;E=Y|
zLK9IK;myieqtil67S=kviRVbV#QCbBtUdT0s138#(s<i_!mh5a-dWZk?|0lrN5<e0
zVzhaZuJKiRH0s@6@DtzO%%g`jbjGOC<WoqXPqBV@QOK9f17$KvUz+c%GPgpWuOGh!
z0cC@OPXTua?EXCo!u;rPLTo9OkAK>Jx~^|m{#V3liX|nXqJI1!MdD+$qj_i3JZqHQ
zn9|W?20<h;xQ0G=C=vLI#ZTZqJT`DG@TLa6TD&g7qvvn*C@$iPb_!NS9`shuoNSeO
z(DT0cL3Qn(8W|fIN@0<PCWFbdK}6}MI2-n6O=5ibdl=3$!lM4o!%N^_x_=*VP-mAQ
z0$AC{ex!;@2P|o+T`iDoW8bmCq2m;!x>_1~@d8dsTxLR46sSBrVnmJEo)RXfr=``G
z9wd{vf@uqg%#5||)%1j57`^ubScbT3)&^u5Kz!3<#2?nXJKaz6(5XHfHUA;DfDg5U
z-lgijm7qR^*~G&`D1<{u*&n;V5~pBMyIrxg^r24>fy*@9n12f*rWoAM=Fz`~&!}X0
zNifMg7X-(&%fYInu{aCt*i=K31x1GMi=)6;&vo9k2m^YL%|l4_^vJJhnk2*r!;?(N
zb$rk1aD@~>!it+x?{ZqGQwy}_>}trGA&v_)nF8b2{+y8S6g-N>*hLnv8zgwb($6D!
z+Qk6-MnO7`BvnjL6}}wB&KRig3-H@A_$;d^iMOBIJ#VnsGqImxV}sw#Lr+{rpkt?y
z{|!=RmF4C8di(ZWTtmio2afdvABnQI=3U|t!?eTRSuwgM*B5L{Z(4_a`sXPr>G3D%
zEsSa2Dl8CsD8ZxJ@q@lKPc2i8L>n_1o&JH)s_nj(ligpR2SolcG8xi=SkM7APB=d2
z-Y21E4LO0?zZ5%u`KmUzH_P&~vC~^3D+I4IZ5O145q~1$fhcOP#S5g0N(HHUg;6lx
zsap3wXl(V$;DH<o)3USAGJfi|z=Rny!Yuw}qrFJFs<EJuR;n~F+tAEYcS@$Jor_KG
z`lG=v??}+RDJ<h-<`RAM=v~Kf@K0;`#fb3mo7IiHEIr5hom?#IGJK<$n3(G7YJ?RD
zCaIA1LOTB}%%5b%iyX8skU0`f9{nJ>?z`S}+Cmt$5p3}*)?Klivqf>UGXqo8JQQ+>
zujRF}as}yLM}#THe@g&tBs35s_Nq1y0*}=qmm6aA#ru8l2QG7{e<a0eQI6PB`_vR8
zSdzWIVLtzke)WLgaBr+=US=lSgJ7pR`e2i`wl*p%DkLcIH3CVTy9+9-RHSj4g3e^8
zVs!8>YUgHeo34qgf6DC$Ai56wYxkyehHz6*_@~_8Nn$U>ZHuZF@F5<hq0QqrQLNaF
zr-^#**HP~_H#Y2aPA{*q?h^enzYOFoER{gQL5oBmn;j&IM@5P4HDS$xmQP1$rEjZ2
ztKrh>>gvkUMok~jb@AtKD%?Sdd0u0i*Im<_D?PDa&Q#qL6cku=qsfp83bwYkQYm46
zJd}v)=Zc;rURW3hkwvaXJI7<&GqwC?aUtfm+#<Rvy1KgduPO{+D11Adl5e&)2T9Hw
z>*6>2Dm(d1K6tFJvlFkLRBe@Zb2nZcoXz+$j$P-cBjqM;k$K1P-lupy!AcYs8kbc6
z{yp*fedjlCJ9VW$`or$}C)#Mzr{T|A^$}~pqLOX8BiAd37q_h&I);G<v3+Dqv3O%A
z{p|^iC)%cm`=yUG?bqNRz1SZy2?#MUerA$9a1>3ZdM!ln_a!ui2VcR$!0h3GNr%Mb
z@t5Zb=G#K4GM}jxkT_<Qw8Et7@Grez{A?a~+fa~wld%)VwC@qI&M$W#xl1!?UYxeA
zoL|=Z{y|enFlSM`peAXs(-p7!Z`z5z&lpVsPahl+6pf|!pordQvxxV9Pe~~--%Xj6
zP;)Rg7B+}|0^?9T*#6bR+fwrts(k+V$Icg$JI@riV2@rvxJTA?S$dBJLRw+AQeBZ6
zh`?F2c6TYv5SK~nnb{6Is|u3|lc!Y5-wDIM5a|}(A{AUB6e%JHv%6G#yISkAv!_R~
zuWKz&u6m#a1@9;!ZShgfK)3&L{8NJ}%>2e~Z$u2q^({WUmjVuo!9f&6f*7Ap39?p2
z%6FIA>G&u9*7hl$H?R=dqng=6=FE0~RUMqCJ=J(<8>z!o)xUapQTHY$21btfMuI?o
z<qeTZD}12{m&C<uCPg5StRr*1xHhfcGx+^zUYu{Xg(fw^)VN>K2wW57P;lz$`BkO~
z3dz^ojoaPd|Ad3%sggQ;S%9ehH8KGAy`rs>DlU`G7*{twt1q}P!%|*2Jm$1u0JZ7%
z_MElEpEE}ys;AgYOUY*nyh^ra!qmZ5ig2dv{?$cgF(w>hdQ9qpXc^x1t)1a7bW9(n
zPGp0F(BUK;=}RF}RO%?}4ufy;sLkBfQ3N|{iw;Y4JlRRS1ZI+900CqAl9v`?;rPV~
zeTOxS63OeM%0gys=CbtXhi<>DIT>lN^t8H)Yt^gxzzF|EP!DV7Y4yVNa3LT4?$XqO
zXmsi?@bbv1HySb}&{GhMy6F?%)z}pgTZ}cm_!(*R@#BWfYFemRjYpB?VWyIje|YI#
zLaW{}A63Y4uh}2m4X95n0tF=4c}3b^QYz`~UEM7by>)%-eDUX@CFm%8(dySk8hEwN
z%oKsP;?eq$|EEBb)J-8a7Ov;!3+aPnFNVcH-ji(KN!`)Hcied(rTXykBX2v8p?hOL
z*MNV?y9Hei*4s;zt>CIfJjj^P4$yULE`6NTzndGSGtb=xW7U99j7<Q)H6og1;rL=Y
zry1r$f$~C!^RDbW`T(X_kB)*hrsvr~7>pbWAtgh-ebr+KD-@A}83gFepgHlNAPlBq
zd$T~E=HJ$|{JuSWN<Ys%YvAmDg%s}zMSR{c(oWfH&RWR|zz9FTE~Bf}TH|m+J!^s0
zcHgIvW8#x?SXS54(qbf8do!!e;mfO*tPOA?W-u8RvUckXZDa;IEM6F0+GzPcEYN@h
zH&7;RkRmp7qGJ2_Lfe2jg90%bvVD5KNb%L@qF!w11>Md#0*`6>omcIcz-p$+1=iQ7
z5b_<-&M#Iq2uetC3XQDpd~3}WPoNc*wEtl6ayM~UVA{c3fhhx(HMCTHs0`P9F$jA9
zxXqx&So^gq422o?OjHeths%UyKeF1xgTq_0Ws{kG*n=HjGyc<tWPs1Xx@yWD6VDZc
zg<B0Z^ous((ramxl31_)VjCxfZpV`ksD|5>Ir{b;Fi*%3+BcstbjgtWccfw_1T~(K
z80fMQl&KF6sb9NWDl0o1sOgrH9+2%uTN`r6Sa+5wL~%LVyBFSm);Z1eyLw~Nsaqrq
zZ&SA|y1WV1oV@y}=YD=k(-Jh`1UwfrUu<m;o;EtUbngEN{g1rp8Uw^{F<#pTE~z#1
z{B<cbJ2llOva+V8_A0S_PJKOx3?5heUeg-)rdD+hBF_m>MU9tPhYZ*2m>GbB#93JN
z82upHVXPMfgw{Ty_aIDXPk4?i@@8GKTUN2&vCF~zvUI;TslNP(cr!{;S9fQ|VNTGt
zozQ3Mx#$`(NsGYUk7wbir=<~tPfP3GKE+}ZgxHsT6R9Kg?5b=wDauk^`fAvW#wzhe
zo8icShB-~-2`kpFXtoa5km#mPjs*OR813vsY=;rLps)^}Y1#3LHQT!I1_m~mHzw1a
zb=!jzZ9h-4!Ofr`fsaM|515t?oo4h%gJv99$k5?#&vkvmNH9s(YPi#j(;+CSf3rqy
zrV$Te!Cf?!l>HC-mv~&*uv2mCP(C%wZ{yPTTEtmy><g2lWv2}iFM}R_r#br5Yox)k
zy_6h3)BOu=YMyq|j-&Is`lme!L`ZqdTbI=z`qPzu!~VN-sg)Kraq>^nt+Fb#X12EP
zpBGyMSZnh<`{^~#TC?j!lCc!DaDpZx4+<#6^27=HJ)!P=mur@nKUPs53^HzcDp8nt
zR}ud6dv6>d=oMq6hVm~59h=HNj&O*vCko`d&kER5H?!!{P_efpdG7nM>!aVi@L`^R
z;a}lkC(XJ{r1jK~R~}Eo28pcEYlRtx0mKYE{nuA{Cc;3)A?#d3M3oH>;@cy`pnJdR
z`rKMDJq^jyDPnZV4QZw5eMs&u2oOmHl9<Kuc9hWVkt4qJW})A6e4HYB;c3fczHxdf
zC<)+#LuMHi<l}rw@+3?kqmoZ)xi>TD<GT(hnTiHr0pXdOLN5WY$3ie<h;b0GhUqor
z;X>PXI%9@^ntdD{9eRS~m85X3<&1-z9KWMW?;PN<!mrpNn1~lo=`TK?FiZmI_v-6~
zhqR|=K<hG50rJNUZ>;scH|+(Sy;iQ2uX)6LF88GS5zp_Wfq&;}+qG^FZi^{b(Y9Af
z7ORIVT$f|yFBX^yPfVn|F+2?~s6v-y%Nc%Ft<8!1-KH0ObLHrDPpoxlZ##k4H<-i%
z|3W;kAr3eN#R6ALIzl&PW|*PBkpa9R2DhLb2H{x*qPkCTEO)PqI^?{mGU7iaC1}2Z
z=NQuPr7#P#vU9Q0$>PFA=#`$Or*x38d8T6%LfR(L4>w-jmOP{nmBj;b17B7iB#<FI
zneQQ3t$f1#$(jW_5J-6X9mwm<ZpJ$x47Jt(-ACC*qsSDNj~xX*CJPItLHe<3va!@3
zzrCN54En6Sc%%PR;00xiJz5<8hL<D#SH35zi%~5(#D{T&P&yS#wu=2K&oip@sdkw~
zczXX1R>-0w4{(|WlVVdC6!n|pwbS`;QXxAj?tc+*2$O`5*gf=34!H+aaJ#4^J>eEJ
z4=L;SxU{f?-F!=W^l^`npZTa$=HUBr10D;Ml)*5jX~w6-j15XubNzT>ZE4bW*gL36
zXG}SCAPlwgK#O1vOiY4Hbu)ffn2&Kj2yTbj;4=06rOFr#Vf66{Lz5{PR&29(*lh>b
z6e^^~WXh9Nn7>0|Ko;4L*xa_%qz%#b?=r(M;Th-yM-igc7opW3Gx|c5Ric#HB?I5n
zo^HqRMv#!<VuR7vRI8Ohd_0;34I0*$6z$nYZ!ig`DxQN-XC?Mg*dp6cBz!%pI}(?*
zbc<Y$@hdhN*{PnV1S49*;@A<N$N{2-Bzz=^BSco*cH_pM-oe-!szYI<_(2e67see=
zyt_~##%Q)@)gCsW`9R4+kf$B?OIQ;DEw<-BOhy@Y_F{_P3X{jwk3g42`XOdZ^#O_a
z>ts)TXdS{>!NB|Y7~z@WD{vP<h#5i=LN^5QwLW+A+5YgC7F%wNFXQ2WRp>Dj1WmJk
zg1VcaX+G^#fljJsT#d>D2&&QyT0k3}P&ym91r_Y-1vQ3Dkqu-GUCf!^KC@i474W`I
z{DHA;`!qahHja(mko+uky$X*dOac>+WzQGqd#ytTc3|ZDE}SOZY?WBrI(mcmF+SGQ
zqLX*SnI~Jd68`(T|GwC@OHOVYo9us|&HwjL{}?(}g>3LU-jwn}M*^uc60;3dd2Ubc
z9RzVz&0SlW-YTkS?}+f*gtO0PY2CI6bF6W-GG5lHr23eGZ(${KRf|YA@p9*3vhIhp
zN>f!B1Dq8qYT_Ap=5XbqwR;aPr9UvbO$Btntd!Zw!pPCCc1K<sZ|!v)%`fWh4Q;rB
zw@BX?q!O{Qnlvta>*zs7bI1VWKl0sZw4=%vqa+*Sa&TwEyNiUgnM27T7!cbiBvBk9
zCR9iXEr_gsOH!j(@5E^Otqc7%!iH!+fN5mz@T2S-smOZ}>DKm$^*yRKPqP*XN^cAu
zq{e~5mKe~$AB|<R+4DvN)6>8J`o<f;yRkiQ62w<u^L%5VQT(m=?!cd!DI8e}2=?t3
z&32uW2oJ#G1dHno_|!0cthAY=-Pp4Lu&lsnY4De77dsQ#e1CmNo^lzB$7`x9S$~|1
z*D2y1cMl%H@un|#*bO|C|67`8h<~;m)>P80>;b&c`0skvXec=y2O_Jz6Tc-kIUBPa
zk{9}P`Dx#v3QN{yiwq9LV|3y^*G_GdGj`Laa0fGBp-}rF91`%UrNnam$VH0<y&{9A
zizZ)hx^+A|k7PY6-mW2|^WOZbyygWK$?bD8){>iUR*U#aLgq1<Ty!{!OcAY7XkI;L
z&oPtQzT*)II#KC7%}Dtm6`}VtIFTCoEQoB&0CD&ogh1gs=W>NSt_-kt?^sn*3@)D5
zXjG9H`wE*pu&P#@3Gd!N=#Kt<na_e4-!ATcGB7hC&vSC&ip!*m&m@ft!USi29`_XB
zx(yEHLp<zvxHqd%fx;oczW$qC{b;GXhI!$jhS{g4wl?(na~y9;OQc_>$<7!lf_pdT
zUFsX;d}%fk&fAXb_D84yoyyl&Hgh^dUi%O{MY(_9xvX_$R66FVM}TDUKfluej7{Jf
zbL;9M4ZXMi7Jwr@q$tTB@7umBEG$fii{I?_TV7tNw~IPFGJ*96SRi!KBw^CXW<e4!
z(!hwY+68i^uxLCc!s5vA7bi~@bAF``?B!~jzI_*}XSaU@>ZU4*hp+KQx<4~kGy2q|
z$3>wrvt?p375nH?u~Rg{lMRIfJHVY@_k8nd<DAEK`B=Lpgd{~~*kDus-OP)!c31Za
z$YZO0`kF(LA_{>I_Z@lr#;N$gD$XQU=s72j76m%$l+3m!J}vqwoE7Jdrsnz4m3S~r
zY+;&8%jm<0Pe?K!h^a8$=#38<ve@Vi{S4%ZOX*(J5hO!`z=r#fFmj})qnUm$_5}Uk
zNB+t|PP=0s`e(HY1gx5xcLAt{t9$ed82uOMH7-m~Yd6k~X~DNPHr)48?vA+?GjVz(
z8^DwuI5U>&4vP}O@ZZ1?hZMn%0cS<wllO$>dE#qLV|o^D7N$#u3{8xp-Z+s2=}SsV
zes02*eHiz`A~z?8iuZGq!h#!kxRAWGq{fFv_m>D{dRRC<6N?LlIx+^;RYB(y*3Ktu
z0M9^y#>cOe{id7in3q^Kwl?)bLLe&{7@EM;u&DmzZF@B0H=mMEyzZ9=<d1#xVh!QT
z>(X;TcryRsR)3~uPW<R^b4}l`VLtfe$G&){w&|m-e6!PFZF5a4rgRqRatFJu@rDGo
z7bZ0YCe)>AA+0l?cWVkcSxFJPMWMp+s-Tiuoi<->`igZgIQYJ|KWK&!7}#<PI5>Z~
z{=c2FVUJ7;o?((-U2W1C&gzYG58Rt=kTysG+Svxf%PGr7H{fTALZgq|qXS^2HFRxQ
zIX9e^(eI{<s+Rw)@XtCf?mtSJEOy%L_t?KqY4x+W^9`lVu@rX3WI}8HZ7j}am&h;_
zKJKUm-ppEI71j1G9Kt_;{*2eHB>2;V=-el<g0`d8X*iD_Wd+6al;8dx098YX>Z4d9
zdQ+1D1c(^pqs=|Jyu#v?f%$#SP}g!eQ=Lh%Vu?>sM`^r9$L~~{UoK}Q-T*6xz;P^%
zaZkL{tCzYqe;j5rw3e2aA0EO`7e7w+QYI%C3p%dcJq&aWl$E)Uo#~ijb1Q_Vo4?li
z`Qbd8R(tz4Rui1te#O3MiZWn1tc>ECE-}6Q3C4l(g0@>b?GlXt#-2ZR5}+1yK3Yrh
zTSRq**VSEJxrz#U!VR$v!^plak3aekT0>_MFfK3OX|((j4Av3yeF=Wd!S`fCE8^D<
zoa@y)g3UgEZn$l@d{y|?X{_JlnNb(|ARH6!Ysz!W=edw*hzH44(;MA`C|+Pd==smP
zZZ}{jcdP3YEm?DOJu&{K+>v#CY4;~|jRx}cW{1M6j1sUs5m_HynA`g6ib?$<TvxJA
zI<C#*=QWS5`Pc~=Iy#+K9GLcb(;4=u&WVFsa~Kak5Z@24SFz^tqpvtg`~=}YS|ou(
z60Y=c*XRMA>N<%(JI}JnpyI7d+sP>{hozY;<`IX?KH7}=n_tGX%6%aSH+P0mw21Ar
zOn*?k(4<9QJ<X=)aE@W#LP1JIl6XDcu(7Lh-1mkg*^Q%e?5uo}$~*p5S*apM*wYi%
z%sOEkwbUx^D18Th14yEDH+oO~VnwVTxFUCBhfcr5$I%VUzOkBVwNS>^%&L%|{siMk
zQ?7Mt5IJc6?%4iCH)AX^VuIyAysF)YJliVs=4r3k&eypF5UWfyt)NYMbq*Cd(2sx>
zT<4@NX@HTowS*w01;x_^n_{#;a-E2P)A*WN+RoLSxF%gb5UIVCG-wuP$k(m5F>+Dx
zH+n<$hV?&I!IGL(9ufW3A?J68t#Nr?m>=)uK{s0v!)<fTm*?eQx>&kj70NNWg4|`W
zF<5-Ipcl#(c*K8MUk*f5+H1Y+E7KEav$4O1f9=lfw+2M8eM$J_ZqaO8{-qq~gS0=9
zvnf|CZyu(jfd#U(&0y+;i}xAoV8+SoyHU3m2s*tgwY^I(`u6s>Z4t2dbe25y>-eMG
zUGwjXAhSPlXn6Xl=jt5DESuvoY8`eh%mqYTMz@^iF5K<yiDU}JqvJjfTR(<AiO+tF
z8_niTlS(0Z$U;lhcspB5K*=REJZ>Ru@1)io%s(w)vn0oIA9U4!4o*~B_D?;zb{gwT
zm<gY(5Z$f|08L$jJL*3hN{;HEGicBYkVLlZ9<FA%f}y?ja&BZvcA3pGU~ejXFWfE1
zcdg-6mh-}3e*9xI=n)c*t%%Dl`JO+Kp1HYN1D|yIG?gt9lZ6*iNIYfDBD2qZI@6i8
zTT}Ino;)MH#aKX?qy>fxF*YIPm;5LpSzP&V{J}gz>NAmzWmE7Bgbf^<O&XVe&XVC>
z^)lgV5ei10;-e9$pPP<}4I>|DP0L4Lo!Q^uMIA@%1Ega{7&anXgLloKQUeJ=?3g6|
zbi2aH!pA?d=4k%PitVHw^ts$hvg1Ik;@m3(qSr4&DKzR)_n7#TB{_UmoWg>-S+54t
zhG|Ycd5&<9xsG+;Xo41yL=H<Tfs}A;rr*Iy-#k{+k_M;b!|>-FCFJ|nvDvUmANoqb
zrnUZgowB5aC3@bc3O!1O8De@Ry(m5l@(u;3yu2?uT=aktjY2$xBpC6;4o8AXFp)Kf
zsc0JkMjyGWjinGgA*0cS!vM%&YX=yLe9=e_=?mq*9W!()p^sQ^@d7v_H_DJBIdQlP
zi@P-fzF|Apdu0(-76K}oBh5=o=$Z@X#{Pa-xp`JzUN=vWlt0nw46(GAB<uy>U3pnN
z`7kykYxlnFeM90=I-B?NST6Qr`+p9#zrC}l%Rhg8=&f?2d3xE;(K+3)Gt<~`HV6)n
zq6T}5&men4@+-e!dA^74=Rmenf-G&T&Tj+D=s_jTZP}1t)39xubUO3NSG9(Qrl_gk
z0pxyB%jT1H*Or?O_ZWn^Sn>noe;qd3C7KI2)*ap^Ubadt7FA{D=eu_ONda=2onlhv
zm7W-N^p85@{vEn^8>-3CF_&6gt|$8)vw5)R7a_HllOWn;sImU`({bN|+F}N}U?lGI
zDZRYW`ZdnISKI#l1x}_-zq+4vF_0_;qvRl!SFc9Vhui|HZl8`f8b?RWtB%4=`x9Q6
z|MP5dbFmja94`u?7Zn12ec;b6a5j>Zw6~X$tnkh-YNNHVeRk0Gy`RhN;|&O@@6g>_
z_NTwNX1KAs1^ZmM_jw~AEyae|_t!3u;ze{+R8|`Mi>%MKgonF7fBu|2Q<u+dm>n5I
z60d6iwqdt1e+G#UDOy8+)44K!BfK&(4v?((i8xuq_PjsfzpU0ERQHO37-3RLG&K}{
zDCl=MG%m_WAqA1Wf%MtQp@#yv5WN8w^d}-e?=_RE1TPucnF-lg!ATnn0#`5^3|ap{
zO%jYgw20{fDd_mOzab=H6`Ps22Y0YV!f}Fp)~%H7S{G=;h(zBEh{o*@UJK@k>f=Kw
zdCWhrd~8$H-yu8k(xN@XkQj_axDtaAZcSH9=jqzLQi+-V3HYs}pwg(W#8;P_U&e$K
zA3_*kFwu--@8&<(i+YWXST8=M&#5ZhYM=}_?HG~1Obp-2<%vYaKl35gqGkT;i2-HN
zLdAS8DuhhF;Ychxrs30gBTR@9@f>Oj$AmD*Ar`>uE%t+Wcp!<_BnY!9(s=cmu_-CS
zCY2cEa^F)dsHr0F2LarL`3kRj2bVxT64j!khQxxfS2}IydULJnU}52GGSUzG;bpW8
z-_OcgAc+s*VT??Q7zFFc$ApkjAZapJ*l*tBHpO5QB61WwIL=44*gOpJDaXr}%@COb
z`vf!O$k4!K!GZh}>+q^g$IJQI&1{(n1K3lD43KirRDu$#X1}kx+we6GbN)U|pRA0P
zecAJ_A)-_MdUnJa{uIL#cajq=!j4a7_L(uLMPFZ$FHb=(MS|3eF1a3+YutELpv`hy
z?XqMX&~OLlOm3TjmXi<KGtOPK;Z8@TsIvbfKD%~r&tA0RZ>h+uRp59jwty+e-sU9`
z|1N4-cYlLuj4nI>F*i3r^=y9H1+nh6!qX!ok&y|JNlA0l({&&&!JyUO_yNVI*cYFN
zv)y05Ojutx4yICn8$0m#FXJU4J_46KTF~}{t8&`L@w&A2i}-@J9FupmzP)naY`qJe
zzo}vb%HF}@^16Y5yGnne)Zy}Yli&Ty@qw@x2__Srzk`E+rNs<Vs+qH>dP9LyPvh;|
z8u!k3O1-^6KTRWG#RyT{&v0LUH`mqI<xJ`T`WV~kFP_|y>{{Iak0?Yvr0a3r%LQWd
zPaGPjemNb|&0RW=H0Q2leoPu08<`;u_JgMY$LqjrP>rS`a|#QAgV(-2HN<erf0Jk(
zhnzMxE;f!PRVTqfkNv3E((M_^!ROeh)DQ)xyM(lV|Ni9x0`ju<Ahl8grmdPN@%kK)
zc{Ew;P&6^o2ir`SN5Yk-Kra4dY|ubjKN9&97h^ThR+tQ&iOqLcmEuNeo{T!s35TSi
zH$Fws@LSY5u2ePF&XOPoKK%ka>E?0jvw|bH%afNXc0VH{x5b9DH!s2tY>>Fjia8!)
zolbz@6!A!<9af}!+zuwYZ%3?>0i1JqVvz*FFnTLS1R6-AqhO;6rW1aJ!3M*!si_s-
zj1BQeq}0`6X0XWl{%xF#Un%qn=~Iq;fWQTDB4>a%r__6P>Fys|$`?<XX#yhW9>FO%
zI5_PW@m&gtc1&o3qj8xLe`Cu{0}lwmBr`zfwtBJuS5L)a0X!$?cA>Z`jqaHt5@^=l
zu2uo}De1?Lfg(P2LHxCt)1MUKC=PTWz=~P?h)l?pSoFe*r#0`}&fVz3i3bvhlJl9y
z;3OWg=$NIAgzfD|_Kl4>IXU}2q?n#TVOe$gj|)EVAgEVp4UR&4T7VAZxe^V}RlWq{
zUciHhf3%R$l*(gg!|K-aGlGv46cnhXjX4HkX4K2Hfthl^8=109e-J{$&&{6>_Djo&
z1|Vao*E|0P*e)iMlmhwbTIFBH4n2B83BX7^A|f2GIp$3ahKDEbih#01l`t9JrJH+q
zsdGUWrr}o}PwX&7FE&zCX9x9Xdo4Q1+c(_1;+GoB`|^sNX>~e$U+${4mcT%KQMmci
zS*KoTpu?P-L-%Nb!cXq{4=2l&?%Sq_2{ohrXzx2MXxt2zQq~oX35^K~9`&#vZ}QjS
zy1}1u6}O(3IJD-nHa4u%3+?55d9_&7asnRFLk=&q2lGO>1iV`rHD7tKEDSg^qq%c3
zc_U+fJbX-Utt=w>b*ee!^S|g9R`O3#>Y{$l?1QisTmo!}jLDZ*6Ls!(^TcgkfmtT#
zb%X198NsaUt~W883O&%)T~i182!B4YP*G5z5k9^mWtPE?z`Un)4^tuEfbQE<a|MLk
z;(YYZ_FUtKe@)X1?ndR$dl7p_LC_F7#R-jycQ!X6c+6#_-d19VM){Bhsm^I<dI;y{
z<;^)=CWJ&~f=}1qX$&AdkyMGBu)b=0InsD#G(SNFhyF=;3jduLzB!@U?2F-P$?{i}
zTQ?1|3;x7AWM&~!@&5cE=9!FyN@59To1z)y$z;S37x>xC%oT8G{DJht@hEx7Ox^KV
z*duRN%XTrCzv1TRoi}eLjEsCG>=a!QNRVw!5r7P$8gmx?`<B77(B=DXr%xuNZ@7JI
zlt+M%4>P=VSas+ZcUTyFo)-$vXscmtB|}NlJJ7s)`0r=AD#y-1rbkONGD<6I=Xkp|
zz)U9*n@PoCpPsQ3eC&U4cv#fki3wq24zE-5O9x;;x)XQ6mqY)`t&5(hx|y|6AmA8Q
zsU@=XPD?Adml%jOfAO16y+DQVXWv!IRT4*)r#lpdp(Yd+^pBDjYKg^w#Qd?KA3L~?
zwZg4Hx|9xH9xvet>pVYfMP8$zn9S;<<2E4UdFkDi7=1hZv%j{Ok-xvy%T2jFVt2dY
zr?7>_B$!!XL!3L$eL^Zu?)2ZBS4>&7iqSDmn||Huby$T#p4OE@?+76?ttZW|F-hPU
z5*<FM-1jBVcN?BytuJ;2OJ!q0(dm#rDL(Z2&+PqLlfz7mWvtReL~JHp=b;bb6a+P?
zK|BFC5DJChDOZV3C{Pir-32s2HRA_zce_a->E}dHdY<+6)OX@84Dv@xS2J!ZB6||&
zdp(NW*e|a>wa$0YH{N;^znF+&tuW6bHJz@qrkp#ww(W~)@{#sr9fUk>2qB{Hn4WAi
zS(g}1Y`-RguJ=_u_AamI{`BoK5Uz<P>f?DzR+(yIu9xUmJ$hF4iW3QEH$A-gQaQ8V
zh=oJQPA$aUSe*3K+^;0S4*IK!4Us&>kVw|oyKbnhb=hAS1LUY5@hK5IfRs6r7D!|^
zbC4#?kegFby|Pji6&d=Mv>m%vSeb+d;v2z$7=v{cZv0sYZUp8}86GnfIMYhpVgz(o
zdy{O;HF`)%c^7V`q=yx5hM0G}FZsmxN_%>@)lUhJF~d%vl9Q8Ih-md*ufosA6P3G7
z#VM_Qf~)azd~Z?O`MfWT27#-kpNRRMVg9DGtc%Obmu(<~^k@FXl%Ae*PG)9ibv67Q
zzg?@=8@)!;)xJSH7Ho%lHU!cqY?B?0;K;zHw6?@G+#D?sb{DZf9=7cWrg6x(*HcnD
z+&AQE!T7kwO9Lp6>Y87QAI}W%-Q&RwtJwjqyKnZdxI9cJlHc!wtWq$K$NVbM*n$WP
zM47!oaey)jM!<wu1qZXNRG-hn1Fz<a379DGGhb;CcJ|MyY3c;?;Ny6UHL8pqANIw)
zFj-*fkjXT021z$fUg#9nPyd=QjxS$OQd0KUozw&c1r-*y5C0n8;g-ZTH!*QCT_3bI
zd}PfOZud-B_&eF>slLLQ+C%UvLm)X)dHV_)OpoTi<ADSRT0vC%!~cTh1}0W}qj{O1
z!ELt2OB(B(lWS@&R5i_e_#P$MYP!2ui2wV~wQZ-vuXN~LzyLJ7TI#b3-1U51&l*&p
zXJ(|QC-R%e(mewo@k!UZ-im}SW-btj1*q;UOh;BmBOncsw;eR4IJmiIiw#-<Zp3xq
zC1u7+2BVMt?xc=O_6t@)r=ztp{6qXZl%ioo4%n2BTFhzexAKaL`nR<B%+`4H@C$Ns
zZG^UfW}E_zzQ_J#><jSefCQa&y-{)2XO_1&*BqldYHBGIX4AiN%+~(MN3dmNX4-%G
zV%<#IVo@i=^tz^xBj|DWWWDKWX8k*Se0(4jy1J2QN~&?#o&6zo*U_!vWHbuIE0*5e
z_r2o_&(ZZ!6`-8}0K|{#ktA2+yuhZ_QT@s66X28p7Ot_u`X455|1(#xdSS}I1Sv2b
z9g(0OT?o&p*qKd;ij89Enyj>(OU%UzY3)#<1;@7dRK@Am#4|ucYn)>U`3+i#ypAn$
z4&$Qq{eky6-A|`3)$gJ~76B_ve|Jaco>Hxlu#kVeXpYC5TPxXjBh4JacRqjq{3Kqi
z;e5R0-tKl2jF_7f;9bAzul!(^4cno3u;gG@!Ozd%{VV_I=t#=nw9<Skles=Q`7e!J
zYjpI-rL}<zkj}U{Ub0dmB}+`rCr2f1m15#JRw$|>at!{~c;>7;j=k+zHYDHO<%_HU
zN>^75WP<68f$Yx;^O=gG6lQU84{#Ymq>vaX;^SdrQ%>2NPyMovXvJKOw^f!@2Fk;q
zA_r?}g4NY}vAl6)rKVG(-jR2QhK6KAXk)???XS-EH!i5BDrj<PE{{3spV<@}z{-zh
z!IPSuq~_-0O0XJzqZ{fkOeB+Ck-5^}FJ`(SFIH4k_qd>;(4s#?3c!Hxr^ymh^Zi*<
zS|Ya@|7(zAk~2L&GBScV-JUKd_wW2=vbwV3|G4{YqpgRg=Ka#OHcAh8+f;?sJm;x+
z)%&wQq?Ac|R>d3tR*vs-b$1oA(?9=gCnO1Dp`>Lto2t-2!C&&o;KMT>cX##o*PZ3*
zX(30<JS=DKZpQw(D*b9S%cA`y`SaLpEQpt?OC1Dv9sg1h5cTG;Cb9h0kT*OsX2MeL
zhxt_ey9%X96zJ`k%Wir#|JQz&l4=F{qCR2O=Xbyv(|MEL8&@d@Cu|j<--#D6NDcAP
z$Ue8~{r*IZVVg)L<|*s5XV0jEcP5H0<{I3*GKgtj*zJY6B0ssg9ha;aN_xzKZ{3k3
z`httAS5#kc6(J$(A`39`=_2(F4GlRZKaOy-q70R4?RU&9c7ZUCi%tWKAG*Ut!2SB>
z+TXC`wezc!CJd~IhzPO%&xNKkqSpe~TP%en;k-in64gd;K)ci4-X4YE>ISiX%F4>Q
z*)Xt)S_(ZTb@%fAJzDcF^@+%#aVt;FJK={v{s^jf^n+3LTJ!+8{A+1{Sq4F0H^U5+
zX1a}KI^PZsN}aTHORWz_m%Ftxv$FW@WxVC#%SOIb>nU3jHWSGMmX<Ep%d5BOmcpFu
zY}|0}qR*iZX_?a#E^8nWl#@?5t}tSKa5Q7a@~^5<-SNp(Hz((*G@bui@j<UvqwBn&
z@3QwHQp!}TA(D2_eLKpO1yA3@`0t#2(881c^Y$oj4@b-M_q{@{M{5Hx<;JCjZdu|#
z!p=wRSwvYcG->gsM#JC#X84_{C1a)!GtBLY8og-y{$PY&2pttZ2EgcU$<|wcc)fAZ
z_h<!*m)9cu8~3gV`nkp{jLM91feh1K(3}X9j@+9kG_xCs2Bl?UA2e2<sg}inyZZE~
zGa$8U5OOyz#O96Gm0dYBo)0XU{KRZZFYAvLbs6=%@eX)<vSHgF|0(-&7PzI4oy@0h
zG_qz_kI%2&>3MnDYkr{P!{Z{HSw>kW(@K05erB5VJ})nK$qfc!pr$gFB@5-xR~7p}
zSY9`I(KZ@oH_AW8AZW9CJG*dtZXRbEJ34Cb+8Lfv_9$yd_i$xbYm0&Jlj`cM!>9pS
z!(~8EPmfljb8blqDKuKB<FemI2{!L4P$-m?lmLI+fy6S{p`fPuK41hcs=g4CmHV3g
zJ4l}(=XKTbc&=vN?6rRF_P9hm2o|$CxU*VcVI_auzMW~}etuz!uRwq*_ndKG0O4#v
zvC#D+V(8|m$E&c_#ocYLC?o0!q^r#Cci)|RecqQmh|n1;hz?dGgtgUtB*%n&Y;%U&
zPb&b?%CM_g9i`qfC~{kO*nJs#-MZ*;(MH^;{`T!#9nH(5p?>$x3Wnj4F)fBk?cpN*
z2>>%bUkN8{sa~X&nph2@SGTRY01n@R=|)-P*V_tnAlYA4jQQwDs5l%@QL*~qaiV|;
zs=4jlydzZnd`pkJ=F>&<&Nax={r<2lFVD1NXPf_8{A5;GEO%3p!9%6?R5?kF?ijef
z$;imUB^U$OGpTqgN`je2>|gY;(HIYvHC|hUe+gGArJ0)eqWxZb5n;`bV-~1Xf`OGv
zi8r9OYxHqPbosP{4zIc$zKKrwPk(n2lsWCPl6W|KD%yW3QaQW969nMGyB)VThFL=c
z)5EU)K)R%3&tM4pumRGaiRoD=b{&m(g9HyfWfPsRev}60*VL%f%oSeGhq{m3oeYP%
zU$q_$zYnsuPjoph%j-|tv8kQ8w67BZ_LI{6wy8>UGWbwocX#Pz$j)SGKv3e3ABiRV
zC0QyX3CL4HUo`V!2Uwu*kPXKDQ$OFmrKawSpZ2%{biDT#^4y5=(zA8HnooLj>*O5(
zzr^y<((LWr#O&bU^WvM4d*Ww58J7HPk{lOGCMPGwR=!I=^rzmis6T!YO#Oi5=ZMF7
zOPk*H8MlvW*3LxP?o83_g>UO!;)ifzy6l3Or`y0tH+yv<GxY0WORlK(QCYVZ04lGI
zHR?ph#7wxPkTMTD%#472w7>qMy}|AB;*Rys1YO8ce}eFs>Yt~*D~CU8V&A=U9IEys
zPbjzvrs21@(^=cxoGWiUSy}GRQpq0tlE4{;0@b)1*b}(<o!3(QTa<^v0i(ki*MH=?
zy!p(2clP=prwiOjDT|tz!Sw8g?&a=|bB0Hg$C~sd+IrIR=8}?*YjD}#flkPN<^8F6
zZ|}!=1x#9nCah>5(g)hO96!QwF}izjxo)?(xPO){z8>iB390PU6L8(os5NulYrcC*
zZw`a4_22vOU%cqWK^xGB_g~wOgwP2KUF84LpX^Pl2W1L64r@F|Ph_gjcD2to>*Ptj
zy@`kMRP1w8-I)r1leZsJcQfNG-}0<p+}(Bgm66f5ZYNDeE$STK(VFh%?H?+3yTH~n
z?t4fnG&N-pY}TE!3_@1_Ji8Nsao=XMtL>R_pR4WW&PbltBbMbvagUosJshA+-(vhN
zIL4Qpyb;P^S)Y60sz7NQ=a+=BZeo(B2NKFah@hA1??wC2I6jl}-tLl##*2xOcXN}o
zLqp_>DthNJk%udN$IkUh>=TzC3SjY`zJ}|i4|&kAXXmo%6|IlwZ&0K^QK{&I^Q$!3
z(88i3OB0KdDG54dSv55i#QT=Ld&WLL`d8l-TNy}7ewEfme8VyU1vWcOOZ5G3Tpi-9
ztSsQJeu$1JTWun3_AN9?Q7xR>?&|IB?eE{+*-*x1L36?LVo(W*i90W`#<a^wE=wn;
zrs#<L!GBt1W#HoC^6C{)dwyM=*>cx?R#w)a5><8wU~R<neeRc{Q}#*T*unBzg5^0(
zTg0;Oouzr`;A0;RYwJ$_#`6R&7w)Qf?$8b?+=lInDNw3@(Rsqfbv=99P-!y6W>C(;
z!lqsS;lRt6Am#xcHs+YNtr8#g@g-K!03gBU=jW@ke=r{RQ4Lf>p-}QBIc?Qc&FfU_
zhRDxsDzVzSg2=IBBYtiLWo0qdF|*jru{25w3dj0c@DDS_xb7|ckdc#nnKWyJioO5+
zt=(SrKU3p}kC`qri5@rY{K&wAP&#3p9s;PdvlBPPsM{jQhgnCIv~tRv9FEuQK}t%P
zfu7sF-6-e|0U=vyx31fMG#2cCgJ)dq{aXoi9p`-uxo`X3Ps%F%2>L}1gG^$1#tUYK
zhRPgv=@DXcV`F0j6VHwNrhDEPg6*jR-1W6yy#gQNRRG<#|M+nQxY5%FK3Q8^gRTU)
zk)Tk6&2r{SO1)qPtLtKZ4N$f1A#|q=+gGi!AzPE>d8MBZewhp<zPVhwI4;WgXq+hM
zQUS_Hz?UB(XA__$g4U0nMJ*hpq@<MPJA`+)EW~asfYQH1;=4&Kk$>5VzB%Zcu~Rtf
zbw`F^7)+0i9RDU)5zr~Lyxk;Lju+YA^xw5KwInc-1$la(V%d!B^!1Z-O5oJNAQ^@p
zpxB3VrZY|U|DP5>J?=%l*vFn|8e?TJJ@3f$?#(o50GXxb<##RLR{Tm%{+FmH-eA4h
z4j756%ganYpo}oq8f*5xOR0FWJ=NHlmKLE_<9w_RtQ>lm2V<8PmyM_1yB0I0Ulx7`
zWT_-oD3UXMc)QZ6o&^#zm|R?J_7~cSf#tzi?C{Oyft<Yjc?+eOM{eOx2*cGCaE!U>
zBwU{EGI&h&OxUi_3f9#(+#EH!?@}sfZC1}+18{p1vh$*2c2;)@Z%Rstha}`z#S6Z8
zLD#J_%Eq%cv!wmFxvR{S6iF-YjA1?ytoYN$LUjKh*lX!}xH?DpWJnWLbt2+~-){`V
z!COYbLp#bo?7we~y9%~+P215(Fo^|6)7sC*tL2>U7P_a?H7>igz$SlQxFvE)4pv&l
zd2nx0<G%BFoZT%JvGl_q845oes*Mhn_-DswX6gYPa^jisW6%lh)tLg(Atkw`B|o3=
z>()71gAW_C`XD$W0)Pv)DVk2eD%nhNLesWrqTWSCR`%{{JP$t9*7h<Z!?1-&*4lc%
zwb3oVtZXx+XxaeQt|NZiOH*X|n2xmT&!2DBl*%I+cZR@KG=TgOA~LPfeKjGt)*0Bk
zz8Y1c8$gnLLc-A_@pE}woguJuYAcU{98A55!<{;(vebcVQPFw;xWA1BB8j1n(E{D;
zE%Dy#(T<_}jG52<vA#;UyWdoFug1m35{+6+*ILePnOgj(fH-Mc$x3ub60;_Wxm|#U
zF$X7S90_%`(dH<)+<*A+fef*^xe0#gALNge`x3+o(|;{Z%!%F%Dm)2}dm)aFt6kaG
zB%Z#Nc(d;V#$sUb{Q<-dM6fB1^0mX%k$wol6xGQeWd$$O@D+!yLT}HAE&OiR`#fHS
z{|8V8kk&%b!ph1r2K8^`BGw^gj|wjK)|-A1tC5+`az}OvJmi~$425~Cs?yxtyfShM
z3kwSn+T7pU%SELQd}5Xj2M3&>+~r!O(RE(W7%VMWr=ogSVLnmnqyTy)kAkW^G|x0H
zt$Eq}460^!z=}UPB?hW<ub{bI2Uz=_A}6N%!od^0eIq7;mq3?HzkLUij7P~RDPZV(
zyzTO$iR#m_qoYKq1(CcDLWlNe=Tck7u6RDAHjHNP<MMS~zCR=rrJ{ip%$A|L9yCUv
z<j6^7)~Za#LgMTT$heV=PIl*7GEr|^f=iB;gKMteiGTCT*c56v+xYc{Oz=wratnk<
zjhfgpD`$CggrTlB9d;myVDry%PHepP3xl9-XO`wBT#Tw~_|7tCLomq>&LgNNv5|tw
zM}mWwF_Mi13r{{r@cU2hq{=-UrYiK{;?a7Ig{hj8*BymdL3MuKM%FB;e)A-;iT@l{
zJ=Qm|4TI$@-rUI;VbxTxt#QH4pdP?$hLZ1+0U!K}AwFKKOcOH5Fr2FEdgZi{fgV>K
z3CvJ($BmM4hzjR2Y)Bqr;=y}?7bVBRQnG+80I1I|IlC1^+=&-QIqOBQTe3`EOJ$a&
z>rclWPcdB1w08b>>P^j~^JB^=Ui>-_abH66h~$G@Rzo(WKGO-I+M0i!ZS^-2_V%-!
zPb^{2pFT%NzIye%zO3xoqi3vKZAlTdkMWmx1#B*2C|~FZ9TDvUVyN7Af%iK~<G-YD
z16uv#p6CqMWnH!o0JRKA(%A_SBh@6&(tU1x(<1TlVf!aW+BTn%B!QHQ6Mfz5&K~{n
zh|tewn@*>Hf8a&1v7F6d%S+oS+O<eL)W>}GH3!=V!){vquiM(%kEH7@;|yk*^t)ss
ziQ)mcsXiF`N^rJ}a5?w~4(b<@c(aq!6b~lzofJ4_A5r^M?o~3^-@9l0j^^D35xvle
zRc1-fI$6rEw6u(5#&k433--sT2cXlPKd*gzqVwqRfcy$$7`9$(-8`-4d*?xA7n`EU
z)b!JoqMy<&WM82XSvg_^>Z`^#4taQQKQe_QJSj0(p8MX(#FM#KJehCT-IFAx_4wJr
zS!}(z4fsv{q8=-`a4oGMx&m~psNv_C0OsEMsJ1%pWNELqRymnZAE1lc?;XR6apk{N
zggHN-CKZ`Rbp1vL<<aYjS}Qs@R1Rf1oK(g{WtdR62}H*)JQacCNq$@-8!jKy<~Lc;
z_#W;f?J-Q4WFj!b@Lc72youXM45+O76oLy@`&P3)sv_8VQR+_*4hh^(YqJsrnc0-0
zqa$LN(ueT~j6RMein(n4&M8@DeNumgc&F}<e+ZP}RDNlWOKZM|52)Ei_7NlB`*kU#
zRglQZMvq3S08nH{{tV4R`(daduWvlZHjk^)u};hFvJVbSeD53LwMXQ(gHvLCXQ%Ja
zA1J5oQ$Nfw|7+@)p3Bg9xHVJ3p>gBqExa_Zg<R3i%B!6c|EJnJFKs(q!pq2?DW(!-
zW_Ze;8>`e`MAB_?StN+l4lvVy&6YrOeCOaMmBW6G@rpN7!RNhC6Tac!FCWyXB#{D>
zZ*kso14hKF8Jo>*kWY29Q*pU_+uL04FC;W6D*uMx<EC4^T}xBze`q@EuqNOC?cbCP
z@Pm{R(v3=^bWK_i7^om1B_&9A4HOZOP#E1Y5b5qNY3Xk1?uO^``#YZb-wv2#yW_gf
z_j$g~*K(Y+M_C_WbP~4qb4@Fyxw)1Pdis@BMcu9xkT%g@%8~*M6q3Z;f0m^y`b5T%
zoNbIXAYSXCc{%Z^i5^irb=Fig@oIUj|F$YOADxqWGhVFo8Z77azd4`iioB^XTzV0$
zGxbCkOK}}!e5-H>$obNqup}VXf)$i&@dB5EH2&SwyiRXMcYK4we*g)0GkieiKa)^)
z@u5F|oELseU9KyrW>hTMUspYAiE!>Vlh7BhueR5XL=Em9UUMG&l6bX3mfGq|17rAB
zbLDO55>5<v)a!^@tClE@e2mgmVt}JGNj_V|Vlz;F{{DLwi36nstGDMijdJO9D~>s(
zZavd@2}1`!P}8vWoe0DusThL{BJxil1wdp3tobbMzq#0D7>OxR8h0R-A?86?djdiG
z&lVn{W`x%Bu22vH3Xnk<Q)x8fumy0SDHsw6M9U|bpZgJ|Vq-1pve&o}7_~mr8^dr!
zGczeGvSgHIae>$7W$g+_;MWYH3~Cs{jNv>iN{V`8cxZ*%uXwT?MGx`tQcqxyvISHg
zZY@M4f11~{I<!z2Az)&;j~3wNRUi9U_Oa(nVc;67I0vM_?mFw$y6z8tAuYo_eG|e>
zn3?&Ag>s19_}MnOMqGFtCWOF;XTQ`+lU$f&83Q8u>EFO5T+7pnQz5W4e1XS6p<h3J
zHmWlf_RI;mZT%vLQu*~hOYhY8mTqiq!M?WqP{=4rZ&|kurjz7~d4NJt`TOEMXdca!
zL;MDMdzt0fJMYE7xHu{jPLGB2)iA+?>k8zhU^@&Rq+Zj~G^@M-QnBD4`X3;vVk(4)
z<dd<VAK8b(B31lAo-`Dr9}j~PM;|9ghM~|_x4-%$A%Gj}^YFM-9>QN<F*P-1Wnr0A
ze%n4?YM}wfpf%fh+wx(_3CNaDtx}lfm(McPlqmfTk<{p6iPHcR5#5)qKdDhO58!G_
z#u^C4tQN|e8(iV-V7?X}z{I-1z3`HtYZ_nFwY4U7H?AXs0h@7rd|Wu+$GT^CAvlLj
z;r6UF<)M2WSnO6**tp(fz%{Y6cHp4)mxkF@>pHKpS5%S>YGz8#hsiLi^r|RjgJ?W6
z3kzN!C7Prupt-rgYugfZ=!gN+BiLCEV(tLJSeV)$#Yau36ZQ0u<RAY@Xs>jAh>xGo
z-Q9zog@RPAk)kCg1C8d^E!@l7w$THML2Hq56i(HIaL*DZ2TuhG5v(4}o33db*Nf)4
z`+O({g@74y<CL4%&VMpkJUoxd#B0K9LS%zL@iEaDr~)P&9jm)O>BA$f??Z2_uk+p&
zdgZavMy`M4$45dMq3i!yUIp;nnlZT|OWCZ1NSa`Vn7S~Q`;0{r$KYBAh7Qr+#oEWE
zgp^@URl0GRyzO`H<R&H2_I&}DHuu`<{4i>5bG$FS&s6w1I@>~yY=t}l5-u%G-Fcw9
zxRU5<Bd36tf<i$-nG6mVOsgx)>(yM9h0O9W-VBsx0F)^M^CiN^#)L6-Y0)$I@|g;H
zQV}wt;w>pe?xdpN_@r<OWB-=l{r!^OS7+6$NiPWQu!V5`nyJuNa9g<g0`MotCnr&>
z?mVnA>CW_f=K#?#w{HJ{ocu9bm+MsjIn(!`?Xmh>=^F2oCeszwl3zVrBd^Df@11x<
z5d8hm!Y4#`uv4&2nB~&pR76rKuqNz1HTfz=%>2Uj`)~snNA>rDKEzT6Z7*MaD|*W^
zZnIG++8UsN!EVKPH)<FIA|-^>WiYTX=P{+&;WXG}&>I<kmR7A1s&8H*m@l+=GUl=F
zgif$BdPD~Lh&p3K5CF*C3nju<3ew`73HT4k$Aqq)W_P6U0ZuPodH6R>dNPQN50X*<
zsg?mL-)5gXiuEvNR#>BiZXmA~2qcM(R|nn-!ZeEBiPRj1sX>J?tO8i1!FYEzG+X~T
zeH(;Db8+ypW-ef-=o)Fj7bl$xqEu<zE<bkbY;g7J^V}Y-Pkqj|aOU~`s7FA!(UVwQ
z`bgFZGiBY7;ciYzRekwQ&xGjBeh#DOdLTf=dmWZ9hTF4Ln#eumex@(vV7EVbpWn1+
z`e+*2P~^tHs-*Y_)Y&}Az;HMh+d<{#K77C#C*rhmkyk(~>fF;*_!9L6Et?UcmQjdF
z1b=V(_2LfW)U5l?MH>NW1pkiL9&by!$;#>nBD6hZQJwAc_=CNikTk0r!B5P_aLS(K
z#mVx`<Hg0T2&b%yk8WnOSLc{dG-SBm)y5<w=z6S4Av5$1LY-3l&TBEA$C!oDJi>cT
zEAFvw-qJR4E-PVn`1|TlUh@CqvKJ~3nSKOJZ9=WYL>!vz{p<H)!Wu5}=aSW91)mKi
z?igL^&ZO>*4_se+m33_XdX!UphpD;t&v<xLWQldloy9{34fDIg%6D~nm;)C9-kI=g
zNB9Cp2`*8SW=S+jFdlgV@7AFkT-fdMbnIlB=zc<j#~MO)Ja#K>pl?Ot%r?Vov8JQu
zUJ|XA=F&&}if74U(*w3?iZ-H%HxJ7{8TMwQz61_(u=qT&z$Xf(4@MPA;lIb5n3AOD
z^kaF-X<{c89RHg6gFlup)O-;lSn%X=j+pIyBWc(zmnd(OEJ~W}jrnSlc%qlrEf6ie
ze-&+l3Y3@INm#}~?J+-W%{+2GZ&)ZcSw?du@fbE2r5}R=6L3aa0W)>=pFf_dP3!hx
z>#x0*o1L|JRdpz+=c1Q6R0j5sULG#}4ep@}r;rbV2<IsegjqF1J22|)o|68M!SP5l
zv1P%Qf{TF+dJZA%q!2Kf0BfybmZye$Fg$tG$@E3<a=JWnKPo<6l`clq<>tpw1@32U
z1xI#*6B?1yRjKXAVPdTm*V`_1**4od8t$lSb0MXkpB9LrjAl(4W6X>Di-v=969eZL
znQzht)_eu^^YScz>hic5wf#O}Y62Fiy7P_pH1%}nk>srPSSEZqT_I$u^H@|}&Fq?a
zU8&uYoGPL{IF?_amz`2P)2i!=9EdFIW^cmSsk1#W$M<xf=DUK?>r{ocZ|F-?m~2{4
zDsiGQWjh7g4}2**ne2An{|L71*58FK?d8*y*?ipOr?Ihei>KmJrPns@;=6nz+{nQ9
z^BSIkCQFqOgvVOMHvQ!+s7osON&lFE{68Ltl&po}{m*4K`VPHM1vz65-yd~4l&z)<
z&HqtNlyrH2I%VVREKpZ&X#C;B9*`2doK4#triB*I=v5M@Di-{R<o>;vOqs*VX~5{I
zNc%*JS>2cMH%_j~#L3w?x8`zZe`F+AKZJspQJ7<*o-IIz(RmOL>au=>tA=l=%nRIC
zN4<g-&z`<J5Mk6y)Qe#4J#w$>`7<|J<mEZ?KDi%=W}6+MG`qE>1!Z~ZJAduEOL;K-
z?z2!CUt}n1aJ{RnbwB2>ao!&H_&cM{ByXWyLI4Hx$;Dd4Az;D0?XF!Y4xsx9rzRM@
zW#?rmvYL+Z^Mg|T_)N3hWsG^(L4S}B2^0(zwD{<`+MAK%k18P{(cH-mwu)oaKqQlG
zlf5T#qz1CVHDy^}$S9bZ#+RMR$sVkHf!~un`{S!ukSJ!CrY!=Z2kjYg{`~*l9!lPl
zDkzu>A)N;^I$LZE6A9Bz2mMx0>upC+*;Q`mc)qOw@>P32I@-P3@8s-g|Lu+HPeKzm
zaN`j#{xGunk1tp&KP2!i9$$)G(J_%^<q+rQvH^LWXXEAZ=PN#jPs@5EHb0=D_^CyA
zi@SCG_1LMu?2x=5hOafRUuc644YSqCguc~L8!L+s^{yY1+t3|Ll#<q-L;L)vvkqYv
zrMuo{E*9sEHJl-8MlYf@+SgL-V5umQ4g2bMUQS-Nn)Md3x{5mFT?@8qO5cKl<U*;c
zz^P_nI|MkOp0f}GHUqO?VZryyorZ>@DmN(Mhi%5sp9&lnaVwyUrhf6H0O)y3zL#{<
zMP6fH2%??zPR~72;Sp>vZ`MHH%efb4FXxb%@~L|r03D52ImlbQKB+ofea;kQ)#(z<
zJMeSG)@t^~6o@)tq7EuBt`7CD5_DcKEr-TiSMv%ByJ>xr#$EoC{V~jRj6xu!thCf>
zq8MFTIvjF=FGu!11Fa7KLDq0}-V)J~g&7VMDg{+lRgdQ`#u`I49;XcS)qNB#C_`Xr
z<%jdU!6#Mb0j9~pe&h{Zl*xea==zXZkDl|=?;l^phcfHx%ueeX>P7kaOKQ*-AaHQF
z(gXBp$%DS~k$$lkdP(L2)kp0EzEYU&U{z(Z(ER1v>)JBO-EpiBv<p0~0~@oE=y$W_
zCYzm0@@BmWvK+?2bvB62YQh9IHa3mmAD_0i67D~KeYG>tf%F{HlOhH3*Ug}0uEGn|
zh(V)Z3aU1xF6m=l3}+mT7cgvi>i3RSg5~9NF9~ZqCG*$LuYm;`Ox{NCIwp&`6=!vm
zWxnFKXs-A2_}3T|Jw+4vwqm+?dg<hflgpo3OVgO`6+W55rc!)yEu(L`D-w9N#?{>@
z3~MB^Att{Yp@Iq3SsCgMea_RFmo=gyB7Q`%v6OVpYlX7R-;0^@=Rc7I5p{9??(R|M
zjd|fSwC)nh(YaqG7KP(&lTw^JzMV;!to~M8thzR%q9FQf`W^lUKrC<e!*gy^RSG12
zsjN(`p>6sI^&^}TKa+_Hoz!|1T)X(`$^Z^GGpoVQ%dnbmKIb3&ED<f3Qd9fISc%Wx
z;nHJjhLErP!{YC>gR3J0Md_R03AySxZq<_fqAr?l6XU_bRu(5QKkAzYSYAXu>Fn<p
z{0HA*7ZvSJwNM{I4HjD(H5nA9q!?UP?$Z_s^70zCZ%t6HQwCF3XTAx}Q-1l<-a{9J
zHByIRCT3sxioefSZ$u~&(+KOv$<--#S_I&H%ASbG3hwUfyL)<EQ|BAh6|}#U^Qhy&
zd7Znnv-SCS*YIC#mR$Cck^}jd`LR0h-U_?FH>IE7zV{Wc?S5qBP*%T!iV97*)pNeV
zp(&T#e2dW|i^%2sJ+^=S5uE&!W8|YW7mH}YH*a3EoFDlO|DE-IVRrE<f-NNHNe->3
zzfmwTQ8P2WD*V95Zv$_{JGmj#G`xRRL#bL95Yj$WOhuqjn%dgy_Clnjq`F*hJj`$z
z%{PMA56L<2R@X_mNa1z|y1i5!8K!iQ3w;8<1p7@bek~<?guY7y8}G+KRNP;mio!x3
zaq<74_3CH8ezLRi6EOJ^BVg2A<Rj+lc6RO`-kP{+^Kj}JcCzPyGyTPj$4}U|c6Q32
z5G(%&K*!rn27l^H41>W)I=XvgV&n@fFZW4<^*V{lm^dxB$t23+O$e3tpV<ipbXRBR
zyHZzmX=!iZdFa$&1850$G*C6GO&6Z7uUkkoG*o1f3z3CBijy!iefN&AJ;5jC6P3S)
z%lYAf{A*2e;e?Ee7rYyB;+MZVHCQjFlTzJLnHB&stgWpLF4t{nmg>|OEHl>qmHSKb
z<mB?{KW=U?y6tr<wj4-1RG$5uT9*p+e)e%zYa@lCHZZBx?XW;e`S9=G`)2RSGc#F2
zU?wc?)A#Qi*Lr`&WI+EBXjwfCq1Dqxyw&C{x7ygM`j)TrTI1D*(Ia4M6=g$h9h%<x
zyv+Zgx9+5Upvs~Nm9eGvd+8A9u6+r@#(mQ{C457PA`f5bB1BA;olW0b&j!?95tC*q
zQ>tsl%-fyS^;wjVPZuAQXvbPuht-q<C~d|tVI2kP?<d6H1NQ^D;20jePh+4@SA3FA
z!O=s^4d+XVS+8!<B5QJgmW8|bO@Q62Wv(p4=xKIF83&=-zALaO?CO$&BW43WQI_O)
z_26G<U>dV&MuyVFCp=JA+FM<{A4;k7N?o|hw7K<{9ShKrjp%tFKek-S1w(`$MMcG%
z!*=4nbHKWl523>O%qmcnNO+Vgsm0JnT+Gw-8#DJ#z+r3A=c#+6>i@MEJRO?-T73JS
z0-N>c)uc^(TvMdxXrtPkb#QGEGZdiE4W#sj!uPCA*lkBIIGSNTw@nG_uC3Ri0hJUJ
zI*niklxgw$P1x=C#lTv`s|UK{m?em=LO@o#_Y5QDp>B1bBQQ62{?Ji0$RvWB`)Bw$
zcY6;BIQ76%gVl9zwUq+NU`>G!7NYL|=!7xQ)j^P9<XvbOHDIpEv1}`}_4wU*QL;Lh
zD>HQ}YOUHj?g364g^4b`U-NkHmp@kCJ`<MOQ9RV3gjfxsu0+&KhU%4OLK*mNlL#{S
z5y-GdV#}thD^Wl&UyfA7i9s-n{bV9;riGiGhY+>5Rqs&N%cQrp2Iru+D#^{HyQ2O$
z&u%2$Nu}cl26&IXENB@mMF!qX6oP@XNw%R_KqX@SHGaZRRgU|-Rj6<t@$y%aLMDXU
zvtS9cA;Eci2-><P0<4sMQr-;-aB3I@SN#Yes&vaj{F*ZIQ}cW3_rur6p<9{^QlnH?
zDzhupFblCz;`pX>a?(JQ;E-xTg&r<e?voXuibS}JSu>!Cx9>plNkjwJN{?Rr2IZ4G
zGY9UkUPYoWl09~+7VR9Y8?K$nBZAf8?5ht}KOvfVB9#moA`$e!@8sxDWKY6~=9ATe
zH3_tHzJvwJr7IEpea{#6AAN91l}-V4i2DvAi7)?q+$S9Vh$;k8K>#tDYQZ`wp2L6#
z{LMQr6JQJj%MBX=DkmZ8U|tTK)#k;h2a$1^c!@-CoG2y578xZDQW%R&aR7>u$`opJ
zRODf${!f1~0|gX>A{@{*P7LD`2;o2rk^fM@)^6Rs=d-B9(HYxL|B1`iTK2uvnA1$q
zQ%9p<k4RY#6JlA)vPeWmka=9YEO_CfxhPgv>?yuBgA&{{;_hN)7b@d%!{c%J`yq0i
z4F9#L$z%n8c%6(;LOh2B68%6-9ue{2Dt8a-;=v3vlqnEGbhXJV@XDWg^H?CGEDh6U
z-QC_Ep#~V8uGUBsvG()~Xg-|Um^!tQ^M!G1@e>AJ3I@|y7=t1wT9Yms#-PLAXCx5}
zJrDanh);kf8=@&c-Q4|;9jQhgD8slpDqi8bZ{z{LmQbgUkM@D2-Vg`dQPhm(Y9Hpv
zCpicuQY5?)68N0N9*lTd>iSAJ^w#O_%o;H~AqK<8!jgdjJHY``eo7-BsY&h7`6Wfu
zhX?kQdbqwg67j5`5F*1=&W8Tu<!r=-QpnGt#wKBSfYC3}1Y&%WMiV0<o<=L#M|c#Q
zt^Yw((Nu;fq4hI4^5_iM#1(D^zn+<=0(8G)M;aaeoLYdgL_`ju=$DOxvs-=Df#_u(
z@!aRdhKgQ&|87cwjTgf6lu>Z^D7(7Cxegfl9FBV|Mk1FLv=tO`*U3nqU>GYiLyW9<
zxW33jFuRGnSe+PB2KX?6&t7Zh6{YeluBIwEUETOGahix~A;WRsL=xyHHdM%tDa8ev
zO&{T~Lo844!Y7{KV-X4Aw)uQKAaA1JQQ#ng2dkqqOkz*sngd9oMtlt@qM8@Z6^J2a
zuB*hM9F>q@RcW!k;6iM)Y_gQ4FFv)*XO+h_Rp`fy4>7izL4HJP&E~<a2Ka;!?;Qv-
z8D3dxEls>nRbOrt%;M9%gvBf^D-5VGJOk7(SvVnso=yq_D+a%e46tZ;b$>}fWlZ1>
z?+^M`3X@<&CI%#jMX#cxs$(PwjsHR^VZd8w=L^&6;k(+4ADh!rB!%KQKIXiA*v2Sc
zL50s)Lf8;JJr+HNg@l|B$A1v&!J)!;=w+J}#z0;wGcHqz1GHQkc@7I55wcQIyR>Pp
zrSb`7_8I1Yd;$~hIEbL`8%HR-Ae!NlRS&*TuN)v#-Xh4)u7OCAmbUjJq7)NN^D%nz
z)kIebhU3F~e2&R@Qo68hR~}V{?Zd+-g|Ua>_q~mU{!>i0kzPrccVvV)&)Pj{bvnq0
z4~Dsj&2pdqyfdQWOv0Ml&NIL`xOWv35-qv%$ZOYtv#G=h0DoY&in`yQ-vh>XKjUR9
z56LL0U6{p$nHYEB695R(-RSPN+rg}0-b}v-4<4AZdF7+gIAkjQ3NC2V+qO5#I(d2;
zKXa{m)&|h~9F!fm>j9QEVh9t$>+<isn$c%Nr(vD8*%yZRMdce-R$uikAYQt=!Hjfg
zx}M9i$gc3CqT5Jh3Hhik_bZyW_kRW`;ri6)dqYxO(Jg<-?w}iO$}y$D^pIsHKn;F5
zLkQW%l0XS*SWvY#2^_WngV-1Rq;dbmyoh5iY9KCVF}89+u~#ihzc8BRfS}L$+~r|G
zGa_zia$Qfqx(@o?C9Jt|wg4K;N-`1*9Hpwj!IC(n3;F-|0?6T%2$)<Z_)<R^CjDY1
zY&Uhp;{0IOjqc#GAmHzjBbv-mnZuebgm><~6S|%}{>;2G>q+C+^OS3bIU!ni(uh{-
z50MCpjP6uiK6}IvpGqJHi}UH6yxxV;_!93f?h!E)U3>$bgq@Luu<MyJ)rw>~iVX2+
z`4pFkak1s-)J^%)J*I|{c17=yc6H^H?wl?DikM>XOK4rzNqyDryL*#{^$njNitXxf
zZsiQm9v9w@qVYa|n58RAyX(^8)vri@p1O3|RK>G4xKI2%r8EproX(TeTh)t$)@~_a
z>7JkFhgDG<8_+wrZ<KCg*SlM@-u^J>*W>?M)@*ilYpl21pC7}OxaTQ{vQ*zzYmOaj
zQThGh-nr=9=c@WU$ueZB32yDzS7u=jePG<)H9Sm)YXYv~ly{(%20qe)dv+ZyFa{Y4
zQu?pdcwgor5&$H-De>G<`&@}2x#ysQ?7v1gBcs?allt3uH7*&9X4K-o5#9MB&2cFV
zGi*GFc!EZD6<yDcDRDsGQHxAr%+FpY|D8Q6aNY0{N&Y0UKC}9@Z7Iw_Ep)XqS*cfk
z!s8_g1XF<K6>fwJ=p2`?mpyidB-ea{zb>~PV2w>Ao6&k}ZZPi8?Vz2Oy{W(X&HysP
zoDHaiEziry&>AXT($N=juwC7jye_~SAuXRdZDk4*Bk803k(}IMIn|zC<Kj{kvD%-!
z`2Y(=L=-m_f6$D)PFZdpEi$h7I9+&+d@cSoGxw^dr%~#OjIimGsNTD=r5y(kU*>zp
zYrfM)8dYIZ-P9q&s{xse^5`<>DJF)2RhE;V`cqe&G_A3-$ZN@c28ntK@8s3~%P`W^
zaiQ7{RWc;~6xNwTWk|c{#h*yA_F$T-M4U%z37<b25ke_sx8uY&t=~pE#BS5;Hf*0f
z8LvvIYhsXOeaj*6q~m(rW+Cihr}T*amG4sRflA%#<a0U~^n#%!nRoyGJ&(VnZzyj)
z9Tu*u&Qg+(I%ZRwaSNtYw{R)LD($Y4WmQ%C0iWD?N67p7c#K=eSv=M8@FI)WW2;D>
z&g}`4xaHJI1yy`}!{v~ERAl7HtH_&6J(olwJNwz%DiC-kRw%n#S&pyBpQ&7L<VNmy
zg9U@EU@)*|^0TnWDluT+8e|zz+qDwQi!I(T2q*X6EuDG%<IeNz#1;pXB*sa;f2uo_
z5_X2s$Z!F~=+i>cr#fM_^Fxn&uM*R0YA&a%9KalLOy9-pIKvKm$tc;*_AvkRab8{B
zA8LyY^i`tEiL3ZcaZvN^)ks((ngH((9Ia`p<sv$Cb$bz(ELytV7}ue1{=xd)O(LCg
z5`W(!7WUHFcssE?^?tx5Lm|r#4im^=^BZ9{`@LTs3k!GU<YND>BsW`>3Wm&D)_5!%
z@U&Af4GFNQ2P5vr=;+b|#+5*?K<{|{u)*0Y@b?AtGRQEK3><5b)3a*f2jboQxp$HA
zHHZj}a<JBpYFU_1=y24IY#lGh`???}i0m@+x~OzqM*slI>zy;yFqvE|kr*$>z_y)W
z;>WFBy2|A!9jf>nhwaHSKnvhHlA|H)2)B8?>c`Jn$io`<5`{2kRn{u~d62Z)Up=$4
znXeN>H2xY?-AshAJa3^$9{j(L8k1ai%qjRg5#Q(}IMrDEN~c2p`$|j;n^GM`{o(zO
z6kkb}MVdm`4ckCXec`l-f=CYA*szAybNo>*8T*&FeS)>1t>?R*-m6#ZfhX2TOONEe
zmkC0=-^rkqaZ?6H0;sSVu7GZQ9gYPx;Xnx@daI7reEj@QdSQM{NY6fTcAtEUx5`}l
zV3IlTQ(Wf#&(58?)KeQw>k0t4<`RPFOH{J3VM{(F0SZt5{5H{7{>?4wR=x?GP^&JI
zmlrEu9qA432b~?U$q=L!{j|N>oz#V91D!@AfBE4a%_FKr%Uu^Rz+*)OohgShg$gYa
zll!mcmXCqd@Gx!ezaj3_)atRjd>CzF{6nM3%k?Fi?d=Bdy@k>8(W!cOGvHvOi&7=v
zsBEM_YHnB%P$Y_a>||#pDP?bPJb6O2ke`+8R;_;)6clt7cylT~SE|f%zga=Smsk#_
z$O6!|_4|3d*q<#xB}8(j1@h=O5Q7(%L1P4XVq0d8urbQSBCh;z=0nr|xV+73P5j$l
zR@)|nxbEfYGLQa$<|XZA+Ay=Zo9kYcUI~387njq9>#4ezSxch@S5jlgvlBQj({>#<
zEnk60P93siV3$+M#@#`#jc04T>92C%O%gwyL*9Zy==;iHALrsS6>q(DT$civLcxyA
z*oO#AfZGJErxhp(mRG71@^5@^E-o%KvR-m&+vic32E8=&iBG)zaGD^Byg7Vq?U;Ek
z%$NV(ZysBRU<Lmh1y&<;f+=O6aSpzYu-cQLwmi#dPhK{Zu@r$+uKf4dcTfOH2uW9-
zxsHQIX?h(U#;fb&Rn@y|#utSh+g1Px3mb$W2X07hR30`_e;o2E=e1th8UYyb{W)S4
z$9VNJe*4%xoq~a*_7^VX9!LjCQ38A%HY8Sz12L=O25jTI3}8bF^PCWotiMcSg24BU
z)gL>PpUXN_zaDmXu|B}zFy?~CqB4mgD9aoR!uP^Q1&Td4quDG(y@cqAFreTIh#r#z
zqL;>kGA|^S2?*|Ox;mc`y!iECOXR8tT&9*vR>?*6`ragYxb4Pj+#coaMm;dS>e$x+
zM@(dlN|M;}!NkRbZ}&|p14HY79vH|~q08&bt_AzWEGhGMZyJzp8`)X6s{>iPw+j_J
zx4p=+ii%wjWLxQ>+z)st4=#92J05`HNel;ywg{NX0?fh;*Xj2IKot4N6Z2YK-Hs(w
zi8k;qq|hC#74C9+Twmt3x$yk!qetD`x|MtFCs@Gu{EfW7v#aZah4o~$N%zfl89Dbm
zWx~kW+N+f~<$lY}G0B5*Ccp0yY;RY4lU+v6rkUgk8_q5=4_Eum?#O}ix%3YQ!+-z&
zO^uAxi9*4Z4C69Qv_Iy3<OZzjl|1>H>T0>=H$91hF3o;vAj6$}bHoNF$REtvz?J8^
z$Bd1QmDSnFB`Y)2DEJEsXzvAp)pY$E#QQQ8pO&ojB|hv@d8)FRxc%@YwPaGX=;rjf
zgU#-QmU#WeugwOEu1?Bug%|&2a%mSclLQ_)34#OmI!jcQORI2?{~N1@9EdsHf?z;*
zMi21l3~19bEc=ruvG|cis?Jn9<yagvfBIB+>8w}pn4RXivDo$k5upq3%F_{SxM|;%
z-*8t_dSP9)JgUY{PK*r=m=8N2U7;52YofXJxe7NsL3`@ztOqQ0RLb%EU>OAIUjTu%
z;i~%-NbEbHOWn%#BbL?-&`53%(vz84StrF=uYdR^-yTG7fBfijeW?fhh}PAL64#3t
zG@`T9#U>7L_@WK+atfThgE3A<R)P!?IsZ<$+fCv(9GzdpT=(c1jt-XF!MwVQq9S*8
zR-$6+dQ`_I5{0@uVv1+WY}I5f>&Mb^U4|PfcD2W}zAg=|l^-#6Y)H$3-uR;Zk>k^8
zkKF)bre8T7g7Ov)mJz>;t1tV?DmV(p6gd}Is@JT=%8*&AElWyrBRfLQbKK6}f!FUr
zHt~ci1h!0qB7x<2uj7C2u#$LH<0Svu?o~<wvLk2nbjy8d%rco6-$_rxkI7&o`*(aI
ztWoFfXnm>8!TZ%WlH?X2KZ5STT?xBI84EYlw5jVJFBh7bn}b#Fz0ITGV2!UQlI0sk
zKW}{uDMHt>{i{FIl+K5WzP>;aLIH0@q(g_vSY8$AoY%eN@w_o`c7M$ZXP+K*b-fK0
zFOwgtzrD^)FxlO511F1qj3CncXT{<1*gLn1`p(T`Q&#i;%&45VCvkt*dQWtXz0<k<
zQ`Z2?%nYS^RlO2BH&S2XG4ktGXz6?COki`crDmm>wXcu!;_H+Kt4hM3$q9yxy^Cuc
z9Gp}&!c_CoV2jkP9^k@M;t)`Iq4FOX%@Z4ONWnSadULl;_r4IBn3%*ZQ0ToqnbrWy
z*%JJN1VVu9KNT++dzjpA=UJHcfX=U>yXjo#)>N`C-~}v1?owy!t#Kj>VZ<OzUY+kD
zwv)MH3g46W`(W}m6M=86sVT4leATWWr|Qj;yvhq2<`!$q%8n0~yW85B*i?S)uLPe|
z&JfmFfJ~h6oW;Te{Yrxca4Gn_vl1UYGoDAZs(UQnV7)yFu8lJ3>X$$N6ux8X6NWNy
zhIVQX`(|5#{UK?z<yf?Q_h&%?oxa|6Y=7?6LRj+8pFgz#1&Muq8Z`Krcub+&yRWaW
zJ;1?GYoXz6y;E^}t^*JHDmw@A{#e}gu9wmE!&5^;Qv}9rA@%$1@v}2mdmCnNT$~*b
zA5%ee!_$@ai@+ERgjZ0a1G0?VmD81mE&k>LammTMwnCSemlu<wQQZ0xNcWNa#G2RQ
zd%rK<yra>O@IKxcVGAAeGF|RcbXcL2^xjI`uAz$OV#A5xfh!N)AehZK(EY19`T0@U
z7ICa7IEA5d#&_5PaHo8MS3!*w-?DfAqs{7G2EaBT-pqyOZ-Op0CO_LxkilSvA{;g(
zu+(k-Zvh!r`DWfxByHg5(88aXs5mOe8a)*6kbtPD2rnzukPvzK<teTqX=3fWT|lR{
z1Tjk0ryz$*gwfCd?Em25yz6_rTXP#O@h=r0Ka}%{d7ihhyZJTGz&3A6R-MC4Nsj(>
z@ep6{Z23<8&Pjc}^*12P{0%}fKt7qqQngF=V_vszx0@<?N{WX^97ClSX);DGFQdj%
z<_|>hzg@{`kP<S@Q#DyPyQ%6tOj86oR&Ls-Kv8=q?$tFK^3dY~yPfNof|AdOa=f<g
zy8*|8r#MPVa2}}Q{(DA<juFfFl+i=naRc=$acXRLYQOmC{m71l#PKh;s<x%Nw6Q-&
zf48PB_*XPv|MkahuD;Qf2mEAt%j;No=5<hBecn?Y0(NSHrS3IchMKIAj1-3r*m+~D
zt{O@lXlf26_B$--6cj##RdGzFh1azg9jc^|bHrbFjRXA;h)yi`iNHUbWoh9VSWE@T
zPoDzQ6oV^IjA@*yl2XvrHmjelwea2ay7ZZ){aUuVh(Q6BA-<;}9NFx^MAa^!H&#W2
zx{IG~D3+bc%EYuZ-t_#RHnxC{rZ7$~$;S<PszNF@YF}bGmJf_urlF5&)>q;|niKRm
zQvnvbrb0Gq@e`?1!Z6T!U&$E4N5yJZLImF>-;9Ww^~Bs<)inUmbk2;+HzEYS`=xt}
zVc|npAHH^Wa=2}Nt~oPxQH?vuU0Q0>e<^(aC4cjI12HCp(5k`eM}z`HWpPHP#o(;+
zgXwY}uvhi#?&=0n=?d!!WQyG@b~13_DJm!g3pm+zBS^$(!wiLh=XPsJ@#RbBnwf2-
zY0&KaN+Z**k8+)hoxOA>RPxuG4P-;Dw7<L>!x#9oh|rdlPBa2B=A;w<-5~c)&LAA7
zGUQ+DFSJTw+$a3ThbYvZ6!QPYwExx!9LD=&!Kz`V%~d=qIhB=_4GrAXfG!01gW2Fj
z2d$BVyy%l4O00GmgIp|X(7C0(bw{HOMdWAP*Y9<G4GP1B+!kftIjg&Mx=Q^jsL5g5
z8qj5EVDsGCTOk*$voG8kKj#|YNYES986%sp+Z(S6opm7RDsyor4sQ7Y1C5hUz7#5x
zzW;W=&au3vDiUj*g_BLkrPd=uzY*;vUw1wD@GkMaT;xJ(UVM@y`SNxg)^C%LXZ}w5
z&e~3mUOUsBWnp>m>YT50?&VHoXWdt!h)y30^(I~?|AE~ZA*GaW`1enuIz8kH?Li7`
z((hD;h~RMGriP?o%RbDk#35Cmn)XRqFEMiqs><xA&x)ArNuIvP<Rku2W4q{bZ>D4=
zHjCDMUXYwyKSsps!%L;bTt(7a?|y#EWZ}2SU!r`4ON~`SD#SX*t<NZKj|`D$I!|2=
z;Ui<*$<w-4@5ql`*XrEJxrl!^W}!u4E}~B~gz|E7?ckEz50WWsdkozIv6<`D@3gfk
zl~vkWPVDg7pE1c9$K`KU=aUA10d-P#JN8xA-VK=+*Ir&WALr^pQ`qw=kU01`kZx1C
zZ~^Q<-*iSsmQJ?3SHU7<*wIT)<rO=s#;to41h+ys?k+Dc1GC7-lP&Ep)wUFOQim7C
zs6rV1V5!yl{qd4EE&gLku8V<-X^YzYW_4Fx-C+_ZYk)HecsH5K9G=#jZM)v9HDS|-
zq+f?HKGh^}6^!X45GURGHwU2pXIm9{q47<JR(^1-;YQVAwKp2U)Ag_JR4K4~*-<2+
z_4N;`++Cwjc#H@Iy|F|tHgr#YvJ?d|eXs@TFE+5|Y4PdjciMQB-9*odZRkgIXJ{HY
z0Y=C4tu1Ym1(CBMg0pMRHP*L-+q5nFU~M+%G^UEj0Pid^?k0vi$I&({{_m5$K}ao+
zd6PngnAsV{cl?WSYX~WaT!Tt;b*li~#*{?)d!E%@GDGY=T%mUl3DX-2Z0M=2Ev(nq
zx7T+!OP=&m$il#?68I~H_4-n0?_*B$^+tu}`|e4Zz7=7}sHrF@D|;#|Jh5zldURY-
z;lj*vf#r>qmp9Y#&=H_&gSlPZ3=eB&wSa)6dkv^zo_aC_hQBB7bu=`Ipc1e;|I!nj
zO-Tx^AoD8l)5>O--ddlY=ue=Px%u}XfRp!~&F_xp!t)iUt>B)o0h@6FDo$>0`NsG-
zs;NnjJIz>3_ypp#r~6B6Ah|X8S(@dQYf42)dP#O3DZ^jKs=-gv$z#2oIc3ZCHa7Z7
z_L+05n_JeF)*lX7vT%n!bp_uIEe}T!!KDMsM@LU)72rnj##MxpAr2xtq@eEXU$he5
zdnLM4$t3z1!_aZz3JnTh=z!Pk46rfHWu%i#v^h99K!q!XF^7qRhJ(CWhZGXqc+0k`
zq_{ZI|Ae<{h0b%pAR_~z1Tyilnc8~d5)wZa!6DyZ0g^dRn@Kvgu7Kvt7eIIE2)v~X
z|KJ_Q)b0P4y;mDQR;gdI-7$NTj(-0=_S^q(;_pHq;(_*BuB^w8MRWG;jT?6>+6b_G
zv6XpPH1Y9TT=|uUK3PbMZh*R15)$zIr9NKZTey)Agy{oz7a1AM9?7bVjW7;$OeTof
zfyaM!@k8rfJ*^M`l_@H!<1_dL@ab_?1a6x%+dn@iQIAhswyPl?<bjhY7L4VfS}BYh
z*DcnYO0CeSW*Czu0`ZBsIIxThtO^{_@83_U|HlOW6TeKHp}|i+Qn)@optI|o*)&M!
z4JHMgg7lIFd|Y_aG!Tz1xQkr<4U7OVk0F7NU@r!iG{K-L1dY<fHx7@Ce5I>-_cP<*
z$*ir?zei9WPBxD$jNyKT(f_U&X9P<_Cxpc=X5e!kHn=<g8KGewgGO&}W8o9|P#sm!
zcJ=?pogKO%_oY~mhAw!r<eqMwr=Z9Jnp1!T3}b*x`67H^jM!40(z}RY4oD&8<Y7ms
z42JLHm8roKLmEf1FVe@xUnroTTI591usf2=*I(H&fM7}jK|wr0_Zh15xphkgp0c2G
zbAw1~@~y!~d9(DUp3$$TyZd>-T~Xmn?1HOMH|_RQq5nG%3uLFY;Gz3O7M4G0p7nXU
z(Fu_w4%DpKMcGJ=?<z4-=sb9%B$Aj9tho$+i#vt?w4r~pm)&>!0F$6j9`)%4PSWbz
z<qtlZ2>T{pc-+oP6bpS2kD>CCt^x-;i*vla=g)r!7SLBt)6?<bMQ_=CsHamxal`I~
zlCY2&an)jT7{xt+XeUoY{{2({6Rn*jpC3rQE+iecRM;<_b3u1^28^&FElh>)Fa7rE
zT1mqG_k&9X82fj6|NRE|wX>RTJ4vtaVZS5pW1@{F+mJKgp`v_qH7cKN|4Tu;WYA58
zj|Wu;K~Okg{Pegj*FsoQWWpFepM<yeAOEqMAXUbIreqx3FdCaFpeM~3jfHn19u7Kp
z!boa}u@!<?g<C16cF%Qn<ip3Ge`A5@Ey4=%AWb76WcWy%nOv6Lq4Umpgh4-=8p;F3
zXktR7CsoD}krt*8m+-i*3*-y^L*F%K_}wPgT@sdT{UVfU7=5{#5dWwnzi&i(2Jzwp
z&M@pf&%hEJX|Pqh!n1*Aa&mm-xMKcIree?cJpA`dR<wKM`NsVjn8N&mnV(=Ou{$By
zoWQO-pL(Z`ZM$yta!K=5^jl7%JLyrSNPVyCSIHu$!&R%Z)tkAAqj1gz87k;|21FlS
zdZru1yXXG|dVe_8yXf%bgKV@eDHP7~IKeLzq9<m7{!9aQ5e%wy<?g**7+TaW+8x}l
zT}8BVKA=jttrWRT^HM%};#F-{D$7m#*W%=o>th)x`dG`A)S}`|svg|9ic?dyGm_l?
z;vTee<WQb`xuxpqUH0DJXxp5TiK0}FOgoA)J)uO^>C3l?_FI2`X)*-N)Y<J3+Hn-a
z2fKK5T`JkF`O5D_SF7$_4kG3xxgUBmsbxl{@mbLKOba6Hzvgy$2-BBC0=Y6fiX%(`
z0S|UKQJRX=wtZD<N(^a@LU&$Ja>v5!j%-%(1W|Cz#zkc>1{O%jGPa6>R$4dr&GRf9
z60v>{iPcKgvtf^*{t33D-RhFl%Ovp+lO=S6;vw_Lnz;H@#K{}2H@$D>CrC_?R}n@<
zF?EV)7XHe+YB1dU8gcMtsI(MPb7+CSOI?QjE)BA>vFO#4D~b^{J*2d~qa66$$of^n
zs@)^T?DuP?SRn-R&!EP?0P`-}dR}I%#%mwQ2btryu|HUGAWi$O@NHuCD&VPh#VBSO
zRKoaUbrfaUx&^}_kX3<*V9Vjmg9b&}a0r%72*q{U{aA!^H6k8h^*uEn2*?@P(6Xkk
z3Rft7E$jSZkdMET2=Wnt=mjvO3=^q!)-a$?B=|&sAn1-_j|wLwHS`41V#n}l#fH9*
z7}4&2E?gDIQb8u2?rzxFRIk^DJp3?{U!H<S<j2sj<(A!U_X_s+^<9s5kial8q`v7B
z==3ovhJTh14OLa95pkW*Y&hTS_uSciBApVcPVybX(}K9g9;|nUjAt>4!0t4$Q{Z4O
ztdqu=1>5y)&s3a-f2-J;t=a@Pu}jJGh|_2B9F6OpD|XWfv9UA2RCjjP8nMHmz=L)>
zNvzqK_G~%_UCf|Xw$~(D?<UX2QzI3nYK&v`W$nQ6wh45R2h-4qoYyqCw9I*(3@Mhp
z(|rH-LKzQdq4{aTT>X(p|6vlY@XlcQ1V3V+ZNutN(mm*2J3o~{@`{?-N><ql11UFc
zq0rm?IW~d)^ET3C|FOCoCvK1PZXt`C^JK7FbJNj3og9Pf=<9gI4~VD?1@q+{4N@re
zC|iAe*@H0WV4)}Z(R+~QgF@g#2~3adb-U1H>~6QdSPiE;lC>*wmfn|f`tF@C-tj&B
zk4&Y;EvbYz;HMu3BrluIXkeO|=0X}MTp=vn<@<E4O}0D6!kdn3(xPc4N){iIB~~<j
zt@O@uK=$+J&uz$WctbtZ{)XYwNvnO@rd+>xKLoZpVEc4{;v3L=ioD)L9s?yoY7<yb
zY`p$5(c!i1{a4@?>o6*^nZU%aFA_+-{2rqbprv|v>1b%Kk+&BwHU)EU>*lU{AKKKW
z4u)g+IP~3LrX`LvfC~E*8MJu7Df5L04)Kdx#>QYPu$(I*1HH?WR>i+LOsB29#lU$R
zpJky$pr<R7KVcQX0!dk-%ii9#Z!`1#o_6*~qz7L+sm*RH_c1(O%CYYOUD*p&DW$*w
zSzkvES-U+nTRF<%8UAw)?5cAKecwtgOG92)$@5mvz$AVECd!?1odr{+?&adQGp{6U
z=F<+R*i^;cw{zavtsnU6dmqzzpY}xrC<UG8k5*F7dF<9j>p7n{7W)d;9-p2j#Dq>y
zKfk@|?Y?u#tv%$?J2hLk^xHMA$NSpy_AKetYl~+0qS4J#M{;l0g<8n*AldqI=j77+
zEVke4=4N;1si*6$Z|cA$-OS;vr2FYti8HonJ?~Dih8{$o?_8JgpO4kscSqNsIYn6;
zxo-_6-)spsxV@kqqw}7h-JCtC=?3y(cl_J|C^2qLAsr5#;C&IT5DgQwjM$f_^V)k_
zaJ{_jMP9$NQ8DAue=qj^2CK2C-QVB)+fy!8y1{o<>o-pecGowj?AHmbtF8$_WnkJF
zDna<>6nT4U<JGN0NT{mu=hwEHSoPr&@;dwYA-CIZvRCbNQ6}=d@hK?uI~Kg@3)GNr
z@5ll@nxY`uvpJTpcWP<ldI%Z>RyRm*SIY}-+rHlJ_1bu-Am@IaUNv2w?7FWVCf|U5
zO(b&jh5otZT;=vG-PInj&(Voi-VWT_9h%vA&LJn9msj4@Zs6$O&eE_QUg&!*BB$Li
zCHs4nSriY$Zr89XZie*iM9Lh-?#=C=xa8}&%sP$for2HeZ`FT}^8pF*w+FjA{T>hG
zr_okPkI|1KiwCP=35Z`HTgv}wVp_Luz+55`>w(kGOS(A`83wf0TLP~I`IF&njU{7a
zw<Oj69%@l%fzbY&$9~_3`1!S?xMz>ev_Ve)yo8G3_)11bX+2#&blSD$zi55ubC5}o
zQ~`1Q>unq4S}JZ{Jhz&pfPiD~)3Mrh6`Sg%&|QER*kqzR|9yh%eb#<^_Hg&M@v`A2
z#71cK-R;E~iz1&e@A<!eKmdB7yBzQE-up~94H~0YlabzYlTW#Q*`I?U)Bkk@ASb$k
z7VEY*-^BDaEI1^@>lnnxfnafYdvyJ<Uvw9wsb?FIx4s>8a}_pp!o_{G|FS|wOJ51;
zE?U_n)N@8|_UUeYV<is;!nP)>;;Xc%w~xBTMMN%kTpB!D+W*tPo_td_DhMvi$L@MS
zo)UBV@E3TaE#m6eCoMrH(RobIrEcLro3rh?^Th0R3y7!PbAdqrZ11b&RsLoHur8I1
z`fB!8YTFDW&u=f5mD;d<5r|_)m)nbi+lw+#y|oLPawn3nCveDh_s;u~^#uhW9$#_m
zJ>Td{Gv)H{#k2q$R$lUAAT>2rbhrADJimJ5S5AKQf$SSXLc&>xe(^BLn=`O=`dBd|
zBF=y4d(Sfk3}PS7owWy&wt!aU-vdnYK`Xv3UkSli85|l~f0)>ylQU9(F;d{Keg;}<
zy^M^~X06T?_mWPjtzNx;%Vsxd{#TZBoE{b<tVn`>d5>Ks{OsnE?&s^AXaGYC>q*3e
ztaf6wVHO{)^BxBgbD(_#V}k4i+hqcT#>}@SDg=L`1VQrI{=@0c47dA0BpTu7?X9ry
z+mfbG6Y|XB!9!z|X0NH|+Ft7Q<%z!6@yLzWp}?d74Eh=KquB=*ECuuZ?)$w$varH<
zIciM*ROg{!(&<3i=bGK~_Wh-={SEVC=vPToHMhq#<TiDCiMv<ZfB?(wef8Ppc5_C*
z-e%6NpmHU8ZeK#C_Pl=z?8T$$ruUzV3RZ8wnLXD*?)BaL*v;A3pI-fRf0L_vF^JrH
zw$?;e)y1Pqm%GA5_?>$vde>vuLr~Aot&Z2L<D+PxPe6czIXbwLrbGK?ufelMW9rTI
z#nc;p*MTXd!^sQ%i^0?-rucFzLX$@2@D<W}d0Nk(70CID*@N<L74QBGT>9<;BqWoC
z5KoCp4t@0ZkfgZj%W?4Jep!>#XTki9SC0Y@O1HM;Z&p_&uGdv>ugN8m3-_m#w4Z<W
z72_tLlvx@7Gmwd8PgK-bEY>X47xz{5r6ZTl;aB9<EC`AZKWo_g!Yy|3+nV*fE4tz2
zv;dhb<FYn>)49I{wvk^6%5_C}c>atEfB!3@`cQd&@*CG>r2cuN{>%eT%T9^QwQ)tc
z?kE<r|HO`~dQ8v$JU<<K$UmlgxcP82`P5^#_Qt6IIb-ZWTXXP*TlWHY&283!VUbnQ
z{ub+0(tCb?Vq&7ad=yZPt)?qekrTztFQax=0v0PRf`v<JP6K=OWNmVY5SAu+qMm1k
z4%T4Aqx6X5i|y6}dz5=!Ur*2bME)K$LYrg6>e*rKnz8YIYg4D2wQ3Tz+tvI{&O6Wh
zf#(u4(<?oG>@nF|w)?sLb{3MQ9X*wMk6P`ft)2mhUyYSEGVk@bG&R%<&h5Noxz7n$
zc`@t0m%DSIIEuobeGgQcj)N7?)3Ju#v~S#_RArbtTot9IJtM2lJYqIW?FsbVe9)gs
zAx5Z}>%~y%fH|w-;Nax1$n24~7=YPqlJj~j(W$K`_DOeKuc@69lf%;7d7q2K;dY1L
z_icO6wywyA3^GOvPWx})Y^s3iGf%IkJiQJS?BwYR?>)@%_xBHSCsE2yL%h${-Ow+8
za+itIa`#$w_rBBfzY>>Ks-zPUOl-mG<?7@Ch)rfi5EkdIKQl^~wy?!peukWH^2o|$
z?NqNqa78Q03U}}9(E3tDru|QaJn7um06j2<odd0Z-&^X$BMgEEf+B=0EG-{LcSESv
zs@F=7a9&g=beH|YR~}%yZWpZo5i6au824U#g(-hkT%Iw%%#AFPm6f&ryw}FxP%CHT
zLm3rBEn)9^d*jt`V%ab{Ir-Yt5mRbH*q-Z!z-U+VibdSB*zRS-tkv69CFxFcV<E%L
zSUG%%Y?Qu8B&R<~#O=KmSHRng8XeyNG8XM8@$Z8>9lt(%JMdE=ra0S7tMe1rNEerC
z1S{2pCj#o>%vIJSZ!2OvclYbUwr2z@z4h>v_4Vg)HlO9|)GG-Gq#3xoi}X7@R_6!|
zSXN>QjG%{6g}9SN##tnoxIO;B@cuP{f#EXtX>DM0xN3p<4}1*eK5VD#F<Y&&4_-FA
z;-^>i<%;4TUuN!e1lC=PM}2HVsr?R#AKf0WpRtQt-Yb|xx~}%=Z3>>!iPR^)=Znu+
z8bTq^6%Dt4vo!|0dN83BBA?eBcX&Z2pjjo&2rdvqVpoyQ^&`DFyqHvhDfNRb?Kd&o
zqLgW8$5Vs48@hMb8#y*tYyQU%2eD2GlPPE`Q|OA<12YL))Ux01XI#9txf!e3O|tHB
z%CtVM|19ckHCJfJWFKk};Yh_3_yf^I8qu;GWG&DR_6V6S^-J6bh3?(Gg8v93yU5$*
zt7h)nO0;pI?kD=PVbD}OaDVRXYeC)mo4N7X0rejm@`PJg`pDDXo12@yviMaVzg$Yx
z(e&Bht#Ryk%*IMX8J+LHsL6e`AR37@Ul0peEyNiAZOlA_$TnhPgzzJO%Is^A2|j)_
z&)iL_r0Xz_CdH5HpA7M`yg7`n|5uB?vNa5v(;YflqIn#sJ3uQ?PcEwKum>sOK3np1
zk;Eaq^`4k5lJ}iO{kpmVnZNQ?-LBW|s{;3tiFh_*VCLAVT}`T=on0`Nk6@-;)2Rmv
zY!u|YGg;=)fAgeU+4A%Yxiy|%vCCY&cFs=qX8z%wH`Z0Q-Sy8s=w|Bm1acAfBP-<A
z6U8iiJ<5geON$X*=3b6xYrq*cm=ISwD!Yxv?Y{qwU+{X|IIPXidGlk1Q}k3mC_)8y
z?5(+m+eyoUj{;Nxvv^NzuW_vh<xmcIazF(Js4t5+?_G~MHhVwY#a3GvHLxtUoWpr|
zb*ao@lK1K@9!D^*PK7lXzcx6Jxinl7ycx)=n4Po&V=d7Zp3**092ykeu;`F{Jq=)K
z5<EQMo?5&5?=R0mZjac2gyxJ}2hHQx`DY!fUiq(cfH=Pa2Hf8cWgbcSN*jz95e=@K
z@9pjV9nNryiVfj)OJYhJkmEp?g{CPe*sc9Z1>e5Mzu_prtL5#wc8GG-Z5@D%jn`#4
zG73I-9@|d~Cfgs8SM{KtLRDEA&@%yBro#2Xo7(vx?wcj@28Rw8AmvJ)6g7Yx2`x1>
zv#E@g#Yajist=Ynmb+_bgV8sq4`=uMZM-&j|1A-2R*;^_L`Go54`xBvf5#+l_rs7^
zlE}R!iieyGkD|-<+?KN>4r3o$d-nggThHKE1Oi=$&z}#07tm4d$vCcx)v>8@0(B?g
zfKiPy0Vz8XH~S2-$P6NOo^C#8Ug)ozH-In&?kjS<O6t%~y8oYWAy1{W<;>({wa4ks
zS3279o3(Ucbm%FzvYna#`*#=+_pZM+oPE3X+~iEYoL&WBKmtbZ3;yJr&kt`?($kqj
zjnSTEcl$j?<#bu@^V5jA7S`2a;c$fxNVU?#01xW2>rMSZE@zPps<m_Y?|W)N!CdW@
z9(h7qardL&K}qErOibWNAlGv>{G}vK<j3_60F$&@z;{($P!k#ZII?RwT5r_)7dUI_
zC@DdvP$e5H(FvYR%fN_cW;8yEdzy18%0)v%Q)koB6w%V+Wm)a+;chzJ%A!-@EW;_A
zt{cwmmP9&0<1)RF;IW*e-`NAe>8Id;xw#m-{SeN)w6qivLE8N$ullOEJ9KB-VSc~E
zt5s!aSomuIcw@`<EQ;a1@q+pu+hxhM=Ml*BqK3Pl<{NI>kTlfPno1boH8+|GDrztN
zT^epxZ^@v^J6xVabXWVCQCHmg$T6hb>Qn^tLOmza<1p*J8n_D<l(U+{bEk}EMjv1&
zmL0H=>)CZnUTY-hmzKGF3%4%#?HlO@cOdqv0T0kpb`Tydb~OJSL?d?z@7}elwsrV_
zjJ<VKl;0OV`htLfpp=B5z|b&sC|yH0(jiE9hop$a(A}j&x5UsONO#E~DbfgtNQwD7
ze!lm&*8S_QJBu~CSWLX<-DjU?KYQ<I2Wbswj$4E*#O#*;S=4BK{-b``pgwT1bKQ4o
zCoAN7++rP!r|-Bpq-6R6q=(lpTUtXl$&1<!%JRVRc(MENuYsD{VXp9=zH`Csdo#7#
z>ed^7e*C?j{|jQPqU#AZv{2EH_j}9Y%bCRIgEnA7?P=eg(693JKW5HH`^U3*TW4VU
z$Ai2T>*uFQzgv@nzjMF6Ry1`J2by@&zxuAs0}mpvR~@WBmPucq-PsEWy|&GI`!niq
z^V9wz$)HP-Tw*&v49LdnzpV3Wt7_VdwzwWM#53@zTOv8Xg7fA~VKOBImOTeOOS!Ai
zI17jC!N<{3=dTZeU^xIgQ!T3gLB0z^8Ye&crLVvK{dHvVd*N?w*xz0EKV_gG%*W^a
zCfKtl7SFqNV+)%#Gxq|dCA;>0pW{H`FR~vM(WA%JF=AoYr@TBg-N4<g|5(maVcauJ
z!HvXzjv^FcPo@j`miDlS#uFD$*5mukYg)H1&jv4xrS|q8tF2%DgZpDtE@Hx7pYuLm
z@5KS!uzB`SOI=gy+25BT-Q9<V=l}F-%W~X|-u8G8T2e>8R%<!=z%P*Iw$_2}W=WMR
z%YRQxT(bu{RUYwA0zXK*KkvU5K&4nfWfAP@=dwL}oaDCL5&%$;=<cMQyeMeq^IYr}
z=lRgM!$MUXvYn#zWv%`1-TG&PGC{nsf1~0-X+t}>6o6vf+jlavdd^G7Z!R)y0!20u
z@T_yywV|4t&VWvP?Sd2U^Bu0kgrTiF$H=W`D+~3A0s7ghUp0rP+)t$Jq&zlcGHt=I
z;w59ZHzPbPoZ@?QqP0G5-gos}-DC;8D26AOmfB5f?<ug9#?ly6l#IDXv2V8JlsQ&f
zU%yxHDSHnwvT7DoO;7eU-g+t1vL!^Cuy_0vzu=2QE^}I&i89STjnez5@ccZCxg%j|
zGbzpsf+mUSCJ8RFKl4IpQGG7`$8`b?$^_8dGaik{OS2Dfu##6g-B0fH{C!E)^EHxI
zq{iZVrzJvtUPvX?s~wfzjEM{{@D|{6%<a(K9vN#Em6CeG)rup_@Ol^NbPvn&w$&c|
z(R~G$7D`grCK?=BrbOC{4(?XqRLF#0GHBOLA=q{q#v9o=^*L=>+SoJA)D8TmI5kyu
zI9wImCvov6aJ+P#3q0~tNtT};x-_kVA@+Ac1Mszrv)Z^2COyL83xWivIL2oxBc3M%
z=Ip)aQmMxZV~jwz(<3(|>zP%)E!2k|3)cq_L+mWiS8+tKz;td1TN8}zt_TJ@_0M<v
z9?A?=Y}H$?L1YctB+Sja2DwGn(r$%-!_SDFsZM9M%iDWFIHFUj$0IdBCA~~3FCZws
zH@2heu9XBDJ4RCUs=$Db-%-SO+&}t)$p!s&zkwaimSy~gl6L~!xKYS7o4ua<L03oo
zG$wh~nRgKb1G*~d*rcR74EL<lF(5h*{QfDrbTTqI!44LQ%;SgN9}+tk@DG_(r<2Jk
zb2P!ZFb^5LR1cld%Pt~u%#ZNHTUss|@N2vg?_ET`N$_T=;wiX!hwW`0-Quw2*BEz@
zhg7)~ljYd;xeYnbPCiC@jbfIpEKR7Ro>E(7o+J3;@TkM<c4Vm-_Id;G@JPf;BI)e(
zZ>GOegf@^jVrFpUY_VT4K#o2QsSW7@sXCrFEt^T<Bsz9bm}4&#)*+08Uog3sTRD_-
zkW*{g%45;+D?X^00Y99<=vSN<(W~@gb;lPx29R9F&!BPq2=*|Y7wRt{8S9d}%4F&h
zU{rJb7^GdLr<PIm7&{CrJijkCIc3>2PFkyPaN{$oMhJ$lt;$LDA-{C06fcYdf~p`(
zo7+%(B^W-61HBfVD~m8E(vBpe_GwRmmaF2@Zm4inru$4`hk0-J*X~J<n`WS=np}Xi
zA6t|bUxO|wIhzWq*-a=H7;me{UzJ<6{=UB5=cT;&r2@Y74d14d4h^<7bOu$*xvAb0
zKHtB-4hgz)`_OiZLhpeT`_@+@-Db-)CL^!E;Yg8bAl6=+9y}UnQG)K-nfloXw`R3g
zC&58}a1c^0P4%urcIv8@0ye3<1MkPYP(fZ^nyvw-ErQwZE%s1T0cK2fJ#f^3<Coe&
zz<LwkCLyBq9Ms8POuB~_(+p4AnZbio24XOQz$;D7S`Dz^$U)6vnJN3{RD3|V?H#DG
znVHenuG|%QsEGRlqeHDfelU7U&cwEC!c-{?o0^(>ARb^99O&g##m^s5)p`p{Misjm
zj!cfln$txxj}Ei4mf73Q3Aqg=*k#__iPin~{d7xUFQeLkG@PJ+bt$u@g@MrjXj%V@
z!(@}o&&&JZ{LOI6h{<_&YQ0SG=2oSg=hSo&#g)Cm?*w@W%75ZAidBUbmO%g^M6kl5
z@UdPUX&Mf2?WT>Quq}1&pQ!BZl92Rm9{dPQ<c90*bM21Kq+Z-F`i2vS!eM}9;FVXy
z+UfG_oSQL`O*h$)ITNWSp=bI`?M7IW*kO=W8J(8&=NiN8Pw_=m3pWHI%iCBoQ$?cO
zPok~j<b8*VL7qiZ!3+_<^@yndpXL+5mb4F~M8(Cc(N8-4CNm6sl$A+UGRh7%|L7ut
z*qK*pJaT9stP)Da*l}Tfol+r%=^ia@o>;IEJ}KG<5KI^+^!j?w>zH;xKdDw^fhj|7
zzkh)Ln_G8sE;zZn`vT!5jTJF*@mfw5##l;Aig(mar(I{4Cm&nA7pFkJ?8OV)NjvL6
zyE0H2FqtdNrgdAZfbQ_<2n-L+%_(Gr)h?(#`8M~HzU}YpoAh!o7Mv~`$9cIFbaKm%
zk6kmI(EDGx%B1fC3h;FmJ-JcVP*l+ZKTs^`EPv#68Z`aPH+yOFj_+;cpJTNLJc+SI
z7DhWtifz|id~e?-g#$wC{ESv~N78>?NQ+MNBAm+XOMT2<z_gQeQOe_<ys<Nh>9f!W
z!2=iIUkQ3oN$@<aWcKg*?El9v&qx>l_m`5lC>-K-R8hTFDJxc;x^r*s3ikpEliH*^
z=jA}Ujd4(}K$8O(`c<;?>)!{R(7m3TocBsJ%b(cmM1oNy<_D<8f3MiPM*eJK>`N_f
zI5+@0-%EBi>7Q#dz@k%DkU-SW8{hwe3p0E@LVsc=fS_h5ncxP*;*7;WMHqZv=imD-
zk$KimX3SxB6+BmkG|&dFuE&zylB%4$^LGz&0_^O5ypDd5TTpP9b)?ay1HC*y@64>m
zh@S$QDN98gfCG*j=5e#Pf-G?ui%3dx;?}51<4jthSLxgFG5E<5B!hkf^KT=O*&Ia0
zgL<9ppAiWAqXY1*1E!4z^i|6o36tGF_E_6&Z=X-7ld-YC>8=d{K4;IuLkfOS=9?a$
zP(&vs9Q@~c&;L%1i_qs631~b&(U%B=a2lHI9AruQ2m{RvFzS4e62XXghY>x@&PY`~
zgyE5s%15!27^~*kib9WI6fZns)3tgkufj#CsEgHFQcUx5Mog-2r0rqEZb3*Sc1#ZP
zn?#l_d+G0=qu}-g0gi)7U<ibL?tqSzL-G+8^SOv@wYRr}Tuv9d))%yHG#lY$<BGE5
zKGgy>miFaG$HeUN13o;W0>LFFj)y>xuhHe%Gb2?|K0ZFsel94;RGOcg8@ts8^o~nQ
zZN0p_Tml=-IQ_4#z-~EBV^T?d<n=i1vGKZDgH<HK`+Xod^TZuQSI39?x|8bD_oYK6
z%4t|^b-x&Q2MRM4-J=oBNHYj@@>5i$89x2IPz`!~bJ~~U=~vD^H2$##9_P>GHdy8Y
zTGB-^yTJ3=;~@vc>k@3J)^|4a=f)j+vxkq`KIn`Iu%nxYJwq1jj$a<Ej%8Hyaf+jI
z0<Ay3czGk_26z|8T%fGW9E$?82teWJ@k%QbN|#e5_0y+MUhOWmwdJ0Ld!{873r;}P
zH#&(fQ%<?k&W>$pc(@eDu5J-jM%)kbyinND4G0W$+J2AJa};!YP)*O9p}JO^F*`d;
zFBMv%7pom>QrqHx(gP|vvbulSZto9#jp+`$Jiof2ngk{B|1LxFjMNanFWz&tMz0z>
zWrVbe<ZP|FxVRY8F)yw*yRd)`{T;OhB;UV{6kA(waT(SDv4yclcw(MPDg%s^MFmz0
z<oc`%_dtLJGIa@x*3*TOQ|&-aoR#PKQN!@PgpQ^uu{?X@lW#lV#bW%y=U~#}@86Oy
zUmn`omHB^JUWm7bEzZq#gs%OlcsHrI)%#XTLR|dNi3J8=Vl6G*k%bgP2Drge!QVYX
z+<0PDgB}Fc7*uDBm6o!di2DF1(bY82SG30~4`vL<oy5>U+ON{(oNWut?^V#nzR~Ue
zHCIdJD*D{m@bGoFxW9BuYmN;=i8cJTZSCY)7d6}9ge(c%q9+)5LvUAiyxM_h1V#wt
zZo%T7z5#6cMXvCT8#f9H3Wl=vs}1iE!4D4(gol!utP}@;TL2LYounTTl<z%QiRwKQ
zaRu6K2S@u|M~!N=lYleLDJYN(@Upr1EUZWi+xw^vHt4!&$`++3f2^v=beybu-0Q6S
zlI`^GO}H}d(b3WEA1CWRpvlS2&4(Wd03Fx}664IBfG0MsnB}5T8mT|ux4^wWwpcf)
zH5hCdZTiw=H8=+DG6>GW!NGu^S#RVPe|p0F&jFc@ddAtD<MOrzgP~Oimx|r|Qv9I@
zELlc*MN^(<zXlq%*b<ZMXxPmcIuu0-D09#`=q68Z2hj7drBwd8NfY9FVIqn(n5E!>
zO&8uze?4Ff-Gcc4O5$63+H50uo-S1-l&#jKFs~R@8cBZYi5LMb4o@8%_IqFaKE%|=
zy-OZ(to@buZ`+F-dYM5+pqnGZP$W7kO0z)h?(n2;<?7<%%3GIlknGITbYxNLXNw+=
ziY`rmO?shd4N9Yr@86$P)aA?q<0}Qk0tumad_>{B)Jz%aa+I<KBaDQupaF#cFLBCa
z-MhoQyBqh46ZnzXq-YERf!NV?1cBbH61~1EXDN97GAW*8u2X3#1p;XHU;rC@2@YeX
zU5!0gGPxg#rvDuSv26<ZX}adYr-LAdEy~YVo)?N$%}{NxuP>tN@Qo|D;c9TZhCRCU
zk(-nCkN!8Ut@RWc>F)tCG5dYs5v0eZ&!|vp)_^!JD4;THE;Xnol~FT2yf)=w&l-=g
zM0sqLC8#>OPK@buiHj|pnwmhbI;;H;F>lc5`$h{@$ELhJT_&}#{RAqr8F9g_nrgkV
zal=k#6;$S>ZH9@d)?0xgQLYGfR?3^Q!12vsFdf-_Kidxfc_MjHx7VHJovp1(_@nBH
z$e3v(azfG-@#W4AF)T<2f&{T-NN|8;8nEIx**YVfV%<u;YJG?S#m>oXYQVW^K^+<Q
zsSA`RgP#v?O=^MPyxxC+1O8kgYHe{5=$XHzMm!xQG?;)#FvDsuUflSZkqUPEAL9Q!
zh{m+hF~c6a#$)FKig%)1k;;^+RB+Dle2gkSW2qd)U?$3rUXX*O6d>yi3SA1Fc~Mg#
z3N?<{K?bye9ARlmvK+n+QH!oBuyqQ=6t%e?9z4~>PVvPc7TREtfPzsX79}x_WeK)n
zNO#EpKC@t6l!shUFhw5Wd>{1&!)?w+gR81j(sD${&6+Ex%!oT#{|rt^Rgi5V-R_X9
zh<Gu9P@8)UG1z%Ew?zm*6psUAOIcz9P8qts{-%lbn3@3j%oijuqW;qAC-A}&_a~PC
z8BFCM$IWc2-;{WM*k_w)Fg97(80{m%Rb`CRXN-&HmC{zlg%a^Cd%|Q%1G5xuOE0V>
zD0L~si+in#HpA5DJK3kXVF1<rXiWrQ;)<N~581Q-0g->tS9GWGwJRQ&si~&RLY_4m
z(jup#a_{`|xBc_0drRRt&vO?C|DBha3adr?^S=&`ex*f47wu*Pu29P0-zhI0?ympu
zTmF9mrIYJnL*I}@kInP9%UBS#;i@hvw4GgeVHYP0L9ZbQ8w;AVQ2p;cy4mDk1Y|1c
z#4MFMI;CKRnUhBBG4a5}9H)aBlmP&F;#$a6`w!0ic^CK(868UU>nNn_l8QRZ#`Y54
zfFdBs08Be2C-m8zK+=k)vr}L}Hgk5yW!MVa&HNMbN4&Mb@lF3AU$F?cM?X?Qn&mS~
ze`c}6`l@Gf%m0ZgDJje@V7I;sEX}lMw;=!N=wl`z-+l5&UMWYE<1;Jw!Mv~m1FB4r
z-a&ym65jaqWdn)TtInOQ(1R?K@w-JE|NB-29Qffv8bEP0XydCVBjN_%v^QHXsWAgI
zqxp(tcS6zD1D2|40z<r?Nta`G&Q#$DVXFflnbfwv^jgMwEuxN)(eKdDz91nTO^JgA
zy~3gh(+Ygefy=l&=V<rE?R|pIA(EtldPTjbvk%-JC9{*tN1(EH*%|Frg)7Jsj@3)}
zl6^G|<`$!iIEpU^jLR$j-TMFC_H}ajq@*_%lw7eH=aqM-&Pe3Zqep3CuIg~0fZ!U1
zd_4{^DBXbOW$__0Z$<@Qr(fWxBxh3$!_mg4!{!22bk8fnarfu9RByLEePsy+8RV6h
z#$-JKhJyP4-LbfL@#BVc@W!WTdN-kaplNG-V0!>;Rd=9ovUgMfS|UMa9zcVCRB)4b
zldg(AH}BW1_uwk_z}0`r)~4_cz`X$}%h<?R*~mnPF&HttwlrG3JrFMYh6Ij7(BSih
z<fk|vu$H1Nu-O0Iry@aCJV=qDY!L6$X3$fkC-DDU3jkTN+OgX8*&B5<xy$@BQ_;FB
za)pnPGC$A#c;o~G$zg;X5y^7OW*hb8|E>Rjdjh^|no%U^@aLB2Ct7S7ITXG4g8fsi
z%d~Lt2EmE{d|iOl@I_(32*WceQ{V7>2Cf(u6M}Y#nbC;hRv#)q#*4K|MO!1jMbY#z
z1=U!(2HIDSN(o%y|NGUIRH+e6BJHv-#%PY?M-!}Kh_D&vRjSg|*(z0IPrQxCN+)r*
zz5d|m%7_=O{j(~%tJNrM9R|4i+v|1?)?I9fpQ$iZm`dwqP7X3>bT%!^%j{R>b6jw1
zf)jt%0M4q3XIx;fhUD8vu7Pg{`-%8d?N%bLQ`9(E3c`D4QBNm22!`<2w)u8nIr<73
z5=7D<ZmZ(#;P4xksfe)Ng5*ZR_?U&_C-Q%a^Z&Qlg-tGnRGvW3tH>g89G)@J2%qK_
z+zZe|3{h96>otCF)vLvmompPK7s&{VdO9+}iVq@vU0uh!3MtR8|GV~|@Lqh-Mc~;q
z8$U0kk>$oalS-Rk8d6HMc~033^|C`icO8loWE+9Kl!0>&?UCjC_7__-+Ztgqo9G%r
zY03-X8)Y>?Kg1LGNg~JbZn~n^(pSXzV*9=JHaaQ{1o69n-_W<V%YUq%sKUpX-*o0#
z+4c@%2yVyy7rBKzxoN%|*xj(#F#O=zM&GA2wo;M_b$n!-&=+ie2tR7@f`R~tkizV|
z%LLj$DJ)|{GhhRqei%enm*mFSM@L6<--Kr3^FU_H)z#ILPDzJ@u)l=HAKhB+`IvBa
zea@sP2QZh4c_mWjoVdnh4|nb6;0CJX*hSV^6r{DjQ^p8BMQQ!#XPbU+RZD>hZA#tb
zo;2Xbh8{%@4{NUd-oLYD7vHfcmX|F5VoDhriG(1~P^)uWjxe1J65t@2HIm)Ne)tmm
zF}dg-J7yw%yk_Khn_N6f5T01sth+o#mW90nkje4)^_YU}7k0Z8;i3>(1QJ`osAAuc
z53?Q6Bh3V{^E=zHmFkai_<W&3cBw^&+?^Amlq;l@1l1@nM*t+h)vleZtxQnPi}c34
zWdznldKEB6rgmSs#W+)x6D5EJkzs||CgX$+`r!eKk8Gx7Z=$i8sL{h`C@>rG#GM*e
zql6f=vBOB-k!ENhk+9<TVtK<ze7pi*8a{Z-fSjLL%UvB#djy3XiB6`i$)We&XGW{s
zGNctiN?^8VK;ccDWZNasey66R64oq|rTe2b=fBme7p0&aJgwUS7#}7iGVT=_C+g+~
z=5%x8bL8tlB+d+FmqHB~h2g{@&xy7B04O_}K7>l-u*0lm7~?kL)FBzz4X7Vmr+NGI
z{QUig)0f7X(FNmRFjYR$i<n5`_<DRAh=M73k8NXlLd>w`^yqyv^#ishl4EKdiT<_r
z33y3%P9Y8GPmn#pnHFk1eMZ6X`S{S8H&Pj2>Yv|ds$;{sXWh}!G2?IuN3bSZ6JbNj
z0<O({j~<(}%PdK>+NSLVC}pM=2U|&uH-aO#udlE2jZ?fMYUHeoE&?2Ta!gi*Lr<wO
zt~W^K@3X4R4T|80SCT80c!Y$6fT$qtqS>H&(uSGjB}2vH;ZCZ}ZeXDSXGUe4TYRN}
zhK9yvl>t<dG;%%HKE1kXwmYx0ZZbS!ZEbxKSdbh^VZv!87W(TE;cM|eY9?EL>9Hi#
zH*j>U?(xGkS8F17V?I5`v}1a{fFVDAJ{JsDeEDd9|D?pkOs<TQ8gPOX_e@nDaOB7X
zv5EXCs|-J!_saHBm-Il!`=0M9C^Z`Dxyz=Rzkj=0mL#8Aw83d-?04EQ8Y5ZoujT1O
zW0ex;Yo9{9hF%}5;QdqUelYY|!s}d*1gE;A;|_>)94BL$Rc<E{ySIOR7t%?83<7ME
zs+)J{kIb5uRheT%lW+L-PH#9-$Gu$^4Fav0X>8G?AZrHj+O2kU_O?<|ftT;%+S>fG
z8wn{cfwT#rap*m}y~RlFNhCf-1=r=|RfF6oA!Cj)#}Wqf0EqwR1DFUJq|1@*dI!YC
zKmfHiZO*>qKfWb+&;_3;m2|sAaE``?1!9>{Rc2-;WR43%M9E+)rzY#g$C4=%s&KH5
zp0T*A7*QI?mO=7|a!REW?3nNjh8=DGSTlC6bQmraem51Hy$9!wC5{{e3DG;k3<6wu
zn8HS{(G1QUw;sLN&3G+M;ms0R3dN@%dejZZ_8CZ02<MiTjI%!c@Ue<g{1N!GYJse2
z`X3ENy118ecIKX?xEWBs_=wf=9h)mFs#Ki&w_hlZz*cYsC3A9vve7NA!~(6m8hc6J
znybZp5Q9}Jv*3lO+?%6t_ViLPkVw8#k5GoZeL`3uuZS);IZW{)T8F)4#FdAHba3vE
z<$o}&=qEGvsF;VMC~fNPe7yHK$!a4k5F54+XE8;CI+iy6qg&a=Hqjf}qI%eHuc^9;
zsj>>er(TS)7ee@bujRCH#sDKea%T1>lTW(8{KGIz83(%MfXj-VI<qumyc6LWu1!K1
z1-rt1@kYo_njD{0ID0l`cEB-pr;DY^kn<fLlnjGpm<V-Wr@aD#g3lx#+;@zU?XGXF
zx@%;wlbXqS_SpNs^*9T4$<5m_2DKuSG5C=)CY`0?B#c&oXC9frbfopOMJAg|>T}@0
z$gXh!D+jo|6D2u>()KraB2bRXF(Q1O?xjUEDu-X1kgD2jXx{{%q|=Izx(fn(JY4ac
zp*_ia0ehT(Pqz!006hT$d)kC388F@XX+^q;*!4})3|(CgS9ND+5F}wuV)g(n(geRD
zE&2a^lw(=DXFiCW(lJANoEd_g<gc=ycM>92OuTA!-~qS4&7L+a{h$+P>q{~P&;&4y
zKU1<t#TFgj>qyjAaFFzaFcX514pvqI8jqExEL1=!VBAB0#o;c4PeAFs`Yng5D*KX&
z?*=rgpkT^kWUP1luGNi(Q5d6R-0Ztl0!V-$CjvoG8)1`r6noIFX~b4*!_^04#U^K~
zO*1gzSW?ASNxt<$PACJJ!9H~FhKUSU7|z6VEf^Nmi-SOk&Q1*aMZY8bgd-{oQT9@D
zS&|TjUoUlpFT6uMu?*NHDY+(Aki^5o`@V$ta2(T^=k|W>m$FN<<@V!`q$2wJs$`9D
z-zMT%^HqnU920{les217=l>Acm&bM{16?+Rt_^d1q|zL#g(1QNsJrPS1RODRP;xP9
ziVI5i2L00vmcvAGY1+6jn5fCbdMv%@!?$Cn?|zxJVCKl}KNB*N=-@kgo92rOila7d
zyz;2-eu-5`i<_50aNu$uwS4!9#p>0vpGA1t)S4@+yB4lkv22%bRVKzD)zkMxNl9mu
z>TD4c+scF>-PW$>H^r(VATFM_v-J2kioWxAxoE(Dpy$s(ter{>5}9tgdwn;d=KUM(
z>)TM95sVa4z=oFZK_r?uawzS@6reS>8}GEsk!z_-lS-=W5LG$5)9^}|pxPu`-L_rG
z0M{3zXh7ufGFL}*h(jl>k;PWI#BogbzPzmy@=+D7{^Qz1(NZ7dNR9jacya<Za;c;G
z;1Fz1o!8NR$U1#i=9u$1qx}_HrLQ@r+?U0$EO88}8>^ETrB{N6DRJE5^5x8EN-S(n
zjKIN$WGR729)!anpd!;J(>pb*)wB%bM97f{_@}2;WXBF7p%=Ik{O|d1LCPxFGB%IW
z7us_OJoxO-P8GXbF)hroaV$w*(te%)0b*%sU1cj))`sNYGeAM&8gCrcdt308jB&Gs
zAShNxeDOKH&ltfkHl2_<MtuW%O07!`vjThsMi*)2RLRc@DN=;t-?~`f+VRqhWe4M4
z<M|g<2dRrQstl@4D!tluCEn=8HqRMn-W_x+U_zvq;^TbggE&A>IXMoNAg#6bD?)iC
z3LIHI&b#GR8B>o;CoJx_vkf!mza^_{Q^jr=S={qJxBtSzRVSZY1`<Q{i%(VlBkoDB
zRx=0;>lcUrrE=^>a3Ka|EE!4&`WhT;Yeh+ftl+Z<uF+^>Vq(+lo_&}6FwIuZ*I?O-
z6t8Bb`o3HyQFe*mtq2uVm9B|uiXto>OQ9n^Ad@*^Nl}E#aI1t$p|nX7Km1Xzp7o&R
zbN@WO*cd~cf~V|aE1bHOP-Sa<kb+8Ke!&4EFYQ>_TrZaM{_hMNF_g&d_SD%j%#@~U
zZhLKuZ)<5YdN~qVz~fq}D5>4*&1O%#MQHg><jdM`Wi@n0KDm8mvKka-iPg(T$e2)i
zdK%+|77`Yu!Vx3tx98k+a@~C7C_+1_IR7^KKb*FNMH;P1v=*><rKkvU!%yveQnLjo
zA(>4dI?hav%v+U=Fei@Tp`n^dG{12ssQL|yZG`7((D8exGQvFXJuLAyz>h&9cpOC_
zhH?pw$BE<&xp@Hbh-N4qPvm3Y=v|%AJLSsG!POKrWvHYu^4R{aC&tg8vL`a$SQ*m*
z=O`Cb&LbYehf)KXH0D!2F;9DAS<aX2&)-+G&k1m{@^kaU>>6-_<oBOr_m7nOGt1@i
zZP;*Ns*p@sOL3F;c;*?P<vKdV!Wl@cdaiza49hM_)#c1SDf8XN2h@Z@9LlzBKL=yt
zSj!#<E<Cqva4nvR>{hh_Y;!I~QBAASfk<g!Gi+je#1I0`MrpOEe`f}@RB<8^>;Vdz
z9mOEa%w}Jahk;VN5IzU!1cIOpz(vf#tRjr*%7x>J?y07cE8P+2LuOm!KtzNPUFjLW
z%qt@@H6N*)&~ZRjX?8AkUS5vh(-^u^Wv#>@Il_Mdag4;YR+%q^Zw|v%&%c)gAv1JT
zZ$v}A40P@4+t91~${Yz?nhg4?Q?`!-3aei+r{7DN9jQDpiu&T>%(A=bGr+wklNkP<
z7_VS_t4mMI2~F|*Gka;tT;Lz#_8AoKzRSxb9R_UdFdUT$IgU~a6ZQG#C+-Lx=F*Wy
zxW@c^N`~egbyJCjf4OC#ol1zXWOXj^ZgDufdVc#qIODw;_KvTrQZ=`%VPFtxs!n~E
z862-S!jj2I@5-sD&MOx%Ri+ydYS2Ktpp7va%yZR?GhR$pW|B9b^1kJ`i8Nxs$4Q5O
zRVglcLGtw+-}`lXN(o4sR+nHC;lkMaCyqdKAccuaIttl_(6iZNkJL43z=lfT)83C0
zOLQ}}3w)_tn4x4iR<AO{Cdqx&qw-7vKTJYm;=SU6VrCUeCLX~(5sUakE5=+rS#6#y
zR0V~C4hfFQq18s~|Dey+#{!0zHnE(~$ZL-QDelU>);>vFlhgiBw$Yrwu>Cfa$pkq#
zyg=TiVpGAES2`3FoLN|T8yrx(>{#pi2p1x*g&0PF!%kKhFrpHzNYQPP5fK!WJp1qk
zWPK{^jSUSA%MyHf$UzSgplR~4!k9^Ph0?L0K0>JD+wR2q#P^gC9g>#X<(c_;Nj70p
z77~iLY8<5uHz4K=+W;6bgrB3zv69vfq)YO}o@rCh&PmVAEn^#5?V16xL*rY}5GnNj
z26h-7F@(U7wR`vpR2tO2`(>X(?8L@=OQR%4$SzheiWT)nJ4p8{8wCII98QSmr#;pu
zAouy}zRzRToSgu&;aiX6aUdI*SyvjTGG2~nyJ)$-RWrLnsfn>+^+Kj<4lb&Qa2pU@
z5(D4W-srix@_+rX+wKdB3c(&{29c|06PR~H9d)7DU5XyuZTD_LqtPGS;vI$Vfw*R{
zyeqvCuxp}Ow#KHWAl0u!5&5(t;^^>TK{w-Fg&7YiD5_CJAnH0h%k^TRSKqnYC(*j9
zDtj(^vB>;6PW<rI-KW%)OsIao_^knl$CY{|6aj^;t*u$AJ0KeYNJ!YvqoaKn@L>f7
zPpL~Cmp^_4aOWk1gQH_kcD@S;tDRlB1VD5QBcV+QEY)oh;idFdO=TvOw`-ZglT9wG
zOqNsqlwY0B^^|&Zn*Ba}mxikpD~#^0>$~l#b*|tcx+Mnubj+aN&3w_r5tU+nOFheU
zelenVEY1AO)Wr!D;dG^rVh;`J!GnfI)N>Q$9)^KJe;kuIOqv+LwxX>+;*n-7Bh;C5
zR^)nR@`WzyNm>S`f1h8jH>)Iajo+34QZuWPmu4vhBn+~Y#<$}17Y2EJ)m$a#;%jUh
z8w&Yp^XU2hx=NiZT~q-7)bPML0bP<(wP3Dh*f6q*O(sqrV+OPKy}DZOKI>z`#$uMi
zW*&hVpBRxS<H1&of)GDWI}5xI&euI#TgNB*SB80y&2s4JNp*s(Pu5Snk0&Qd-km!H
zpGIbJAf8mo#-9{TjW;^DuDuQM7o3)lU+7B+{S@`E-oInb$$M{qy*vJ9`BikU@!zpH
z%j$ud8ctsk36bt6G~)9It73v;G%Y5g#)8rk$B#ugy7`BEV?TZJ=n*Fob|Iwi610;l
zSpT_?QS1CUeDf;bJL~KhM*QT7tNna&@rr-ala4q3TNv&Z1C7wL%Ub#q7rqqx@gbU-
zU;*(C>814#qM`+NBhLjNcKA1HVeV+z8<?89J(CEhKJ^sg<|U4g%-yrW6k};0?<x#o
z277x1d^3y_GvA01{NA`Afl{)O!Tk8`>1ak&qmfNgLc>VoZc8dsugUiv-o{=2C}VT1
zky0Xl&9OPWk2G1s#h*8Kmv(nE(L=U5Dk{4X5fKAz7QD*w3uFq1<9Vfyn}c{3OKJ0M
z7s5FZ;dGa#2<x=B9p)Xp@M&5IY%5i6fKV{ZOkH39v-62H&A8W-p@Y#bxWB)@d1h(7
zo1C1S)oMLWMT&RH;75z)P>{qVrWLVRgN6H3$WMs5nr_?a(YzpF$KEX(@h`-3uq_!A
zrOvXYnU%vZVK>>zWy=iQN$tOdrD@lq82bPscN)DlP8YtY$}+_6OEh~gucHDq<dbcM
zR$6Xuyu9jRkENE6XN;0j=j7DMb+YI$i5m|gO33w$e_FfC9<{_LNLv$|k}!1FG5rIQ
zZJ7Pmn$2uv?1HYLvF&M5EFt$mM)APHTV)E7nkvLmh|xeIzW_gN;!`xWF}@=2VS2SV
z^yj|u#1KhslgImm<|TE6jlezMj)Fnixniu-4ql7+l$<8GpmS&k>Yn_w+#m+HjgZ+o
z=a^^(D-;#r?cB8HSZ`$|vHG+y89b=3ZV_r#wtu7DWjQ<OP{ol%KA{Oif)KNE|HP?}
zSbrv$&N}!T^R(CTc_%DmOorRoIrd5G<M{E$k~wdh0fmj%Ic9Tq`7}^EmgQLZs*vzn
zX!jc#KB%uYaZ3Cx<rd(Oa2h>K30WA7vn%yP^s44g?gXwq>0jlT&`?%>Ce>#uhD%_9
zOWmJvSGRQq=+R9kjN1rY&rxoKu<xC*!g*pbU%t4_a)uf{R3{)H;28S7YrV_o{Wacl
z=9|M!bt=z{WWs8ah+Jt#oLHM1OZe5yDK5-hZwPPkrE~RXd|LK!&8Da^n#hZqh*U53
zofY}glJbZw$TaA&5_vcQHl<ZEl&Ua_qP|<q%=`|9L&EuTj6p!JS7SmEYh&a!|0;`t
z`v5JYEv20;84vbeq3L?dFDEo4liE;`P#PE4ZX^T6z+bSCDJXi!r?4j{*uZK?3gd7T
zADR%TCcAa+`yP*;c4-fs5@kJvUL6F@5rvVxycdw9aL4;G$`*@X#yMyEW~_M}!vZ_h
zHnZx22Tj;RVzL$ar#?<GXY5oR-F}_@h<D0Z|13DxQ<}GM6j~6%HR_L|s(n-4eB4O=
zbKpwk?uTI>%bli9b=CQ?A1w_r`i`7!Nu0k$<okbABox$vsqdS4%lu~@UaxZ%_pMWM
z%;hN@A9UDl{><JAtXpq5e^npP^JMko(o(~~y`7^Yc$5R2{O~gz3!gut?A3$*&(#yt
zZG?7q@>1{TM}5Q!0#D?L^78V46jiNX95NMS{oi+c%U(lqjAf(BBL~?MPAMI}tPc0)
zuMV#sFo5Dc&a@YHZ<Y_?3tHjv9}x$|jX4}QNBx)!Y>;)K;L>1Ltsw9fU-oNOS0!>o
zeHsz*+8JBUNNKYCyg{vKiPGi6=CX`rY#bxxK)vo2F<}+3sug3KdV`flrm*+&Y&O!;
z`IAZe6w9toZnw~I-px3Y+E|^KvUt38h7TQ$zOK$M!zp;YSXs&6r<mJN<z%Q_8&B~`
zf5KCSkc?1Sn(Ny)4-KCO2I}U=n?5MBMpjNy%Q({Xb`-qQ$L_6~G@r4yGJ`RiM|LD=
zy(E8u%$c^<Kkf3%co<$g*%x{1=b9V6+G6Z`?hLS(fRDkGKMZHcyU9&|s1+(pPs@Ry
z^l|)$V2Q=}blc+L<<AgUDoI)K=`(@EPuHfyhWf&^TAu@q7lj4y;Js9%;&pX*H_iKk
zASWZ!jsJ;TjL(i8{|+C<#HSiJC-;UufY7)il4q<ah3d}iO=+d5<O_|MEEk4W`17iF
zgp{TZA|HOG?R`axd0Ham&Q#$av4u549_r#Skzq3l=#e6Ccp?~Ig~3qxdXNY#ZiF(<
z;`qKuGQotZ5%D@gju~fDxvS^nZh}Us=vVn@nnL=Vps3F%9<>O^uT4flQI%HdCL3a`
zTNwL~q2ifF7*AIU$T<B`Uc`J1R=ijF{QAnu%F+@)rp&MMf4-YDA5B(znt$r+T07Y|
zv52n9EltNErLjgKg<GmP&2R6TIMcSrkiar+m&?RV_3x4@#6YM4eOCe1bH<vgcCtZg
zyb{kQ$L-t@{GnymX~zUC%j`3WB(j93&I!V-u>;h>U-=QN-})Y=^{hwhcjqis#5Oti
z3-*X$yuQL3IG%{;Pf#o9Wj~4)QbHgmTxz*vCrnoKa`TRbaz1GdS-pF9&0{ALm7`(T
z7)Bj@+%5g+QMNj3|ED)_HHDNtQMAcWt^gj~Jo}y3wxi_XN<58po3ruMmOx4_$aTUf
zWAybW*#u8Q;#@Orj}4rkySqOR%F2<CuME!n&#A`Q8^1_X2sO%q*`S`HKD|N*m=I~U
z>r*H!t+gKqUWu6^^d1%1d={&#J9LzlCzl`2ERFL!i~nISl=mn%J0WI;E?3s$)2m0E
z%X$4>N9Z71`?D>pT>rr6`S#(4V>m|J#Hje;tpfBlB9QDui%4SmQ-=}0q<{xaR{2`2
z+bg1Wnn{%gbDl$mN68vE3Fa7y8sUD_iTPgQ;cfBL4+$sehtUPK;&q2XgTpjhgoP9o
z)_knuz70fP%TD*3SBh)I$HdK=wakWhepfzBbJ`{p7oIga#k2Q*KBi|x4##bxRtSx%
zFAxrM+<mE_Z$+&p{2(bwOAC~Z$l<U56no#7dgQ8|xzuH7pL54(u<}#or4<%6Y03v0
zjl5|?s}h0i4c{lNIfQ=QT}^MFJ30rg@X5bUO7qlI1`lBQa{9ICW6eBdyr;3dyh~v_
zwm4O9+2ZjH2IuAOC+nQ)Z_rKTujRh-4^*Ju9}s^-6`+^JJA-O9wX9ZWZyg)lG+ims
zT=e@PzCyKJJGDDxz=o0Au=N1oyY=m-ZwAqUkKgzPtbY+p<Qcb;^cQjV?_?Z;Pn*)-
z$ZJ3FAwzUUhz<F5qWw>;)}4r3L<F*y;D=8_8OKfYXfJK*?OIH!EcS1Ue9P}J?NsQ*
zbwe2x%dB&L(-@x8c4wOQ-fIl@W}7xyW*u8v?n3jkFW17AI~Nm778rwDcy`!fI>-w6
z_~|o=0?pgij{5p%RW*mp)YkE%jWz6q%O5QJ$0GU7BJEeytR)egj6;q2H;|-^in)tJ
zA0)=}y*poSZVm!ftUC;>d9VK4XGO7PKlOSc33~{ZyQG1|@XMiPek3jG$?Ak1oJQ?(
z?(~ztT~?2M?SYS`;$r9whj|-$RKt{AcU55%8!9;P<U(rx-~v7_S1n@S>ZU$DR30sU
z-T9IGp(|SxX5jnN)w}j5iiyqEBuO5!FP^58w#fX6Y7t_3C?@%xVS;&rNBvISm)-gn
z{a*wt1cdv)^a_#*6)-#_cVxAh>@N8Qd<46_|Nglc{nQ1opOWfm_B;>|dSB_*vs%y+
z8_t?0-L@$piOT=;J$7<xJtRbYH{h%7MSoluTk)fgAjQYunhg6#hlYl#*^j^PYI(81
zwg^nM{|z2vHi*u#-P1bk5Na>|(VMmI+G8*R7l6sqB<*G#%nE9~uXLu-7@9u-QHs9)
z&Y{?V$2gkBuFuDsXR2d}tB0L%%L@yYdbRv)^ByVmbD>}dkBVla%($k4Dkz?R%FY`i
zQjYf(c7I~6N5F12>(=Vua+B)P@0-LO-RgZ+(bR1E)D-pqnX1wEjvh}icGL7qPgvyc
ztoP#Y_zCjtm5}pK(Tq4Sfq3VW?rL>N)2p~Dg%~1ZVI{jGlb-vI8#2HmsqR=j#`s=e
z{r&1sq=q<}Fsapngtmkx^)v-1<Fpk?bEXS?`#&AHhYC7YWyDE3F~cysJhBi8cY03D
zh+Ov_OnV)AaXskokkTTqQ|;Xurk}V*`gu%q)OriDhaD}Ln33p{=e-lcM5mj<GyyXY
z=pI4)I5%aKvq#2e*Z&lv74^Y(1^v;E@d4*jQ8;0-L)6_@Qs1e?`3C~buRAXL>g@s!
z-?hP=TVvtlCdZWI{DP!GC;Ix7%Q+g~uppr^9|4YWFX0)5u%}<%#SC=RS;xnn$xjSz
zV`8cXvTc`MEq+}6@L_e?3HVYd>?ub0&JQ8d^#8nLjFA~P)m+$o(eHlVKbLR+bk!Yl
zjvK6AYRA()IR7cp^}3^~s;V$9jz@D>En^QA{`>#d0?1-#>Y-(t`dQs8o%8W}NsIHp
z&)SQTK!V=~XC;I>J9^B_f4+80toSr|T`}5afcn-ZRpzS`>g;ONlZA>nXj|gQl(#0V
zvANyt4V5w8m_h2C|6=A6;Xsn+1ADnvN4#^2Qi@Z;S7%mDf0_q9OGp_-i&uYkuSOT_
zwR3sdbMx0H8j_ZB)JX;3RyWtt_cE{T$j7%tQSXvPBH{^W-wBU$3S^;Ij@<y3^%E;_
zE8H{AB%M{2VQO&sF9@+$G+!JZ9tM(;m~3PHLF#Eio*>egBwI6Um-$$D5xR=)hf7Da
zMTEJQHM>utn!y!~#>x3S{Wxd(^YaMON~f<qRh(t$ia-q%EP~qFQbdDRgw%8oKI7QB
z1WzL_AQqXxkfk7lKQD({H0#?NQ(E<^9;R64TiaPR4z;WtKdE0lXkIx^L=TzR*D`LB
z$j=M8)v6f2_@67epD?OLaXonHJVb5LJl(xbu((9XPDuSyX=3I68-qPl>ylx-G3R>g
zq4F^f<VHh}R}tIiz&Xvu9G8$&SklLX&llTRa8?gv*)B=Z9J97>n;R?h>vgvL6Da4L
zmytaUH6O%4HG>PjD#Ar0(>B+(akapDu}gQGLor^j@_eeAzvVc#AWmGPu%FK!W9)2}
zDSDW1s;Wp%>zs{TqISj~n6N_V&#^EtGBWai5qw;u40sf<Lu@46ShaY1JRIGh|9$j4
z-ScNab&iK*>uZ<0rM1z<rMOeX2@)C)zL839w^3S!Rv~&MWb415ZA&lu|0o%(k^Z|8
zheB8EzQCf^g{bW1oi$qLmp-mo$0j{Ey0;~j&%L3*PRN&cq4l-z#c*5TcwpCIw|lDz
z&i4S(2T2M1m}OAmcX9-$&Wbr|{1}9u9CCBl|B}F1H%H5nmj9o%doxCSXx=um9`mbr
zy0WkR!&L97ATE*VnYH*!$>Q&K?aQ3{MG9M*A5zM_QjX$3eo_0Q3w#A{G!4}pt_XcI
zQu%bd5^ps37|US+FD#d?g<Ilgm@uAs{Z<`4(%2@C{`@)j<%P|7gp!-Fa`WXy=44gX
zXTKjSYoW6)(J}}lahZj|kX|sk7}y_(g7=~nEeOII{3K&lzjyTWRXdsMHyy+;*%-HU
zH-Xf)m>>wUVmyna3n|Lq$oW1c7A$|nma|jBU5ruOJUij)@_nNb?fpg=lzhE<cw)V@
zVrGIxl54!K(04NHIL}r)Fa2WwhA??4iCl|^FB;M85xNt$Lw6gBTy}uq<#{E>v@bRv
z-*j0;lv+X5#5FExJQDWDDT?<yMmZmfdKU}FXm4%z-<Bz{YZOIREtAQd&5cb$d_=sr
z4`YfFKfm<yctDrAvtdas;|ldUlITBaBazFpBf_qpvCLg!zH{<WGa95_BLhLg-2X(*
z%m|NLDmk6?AFPO9F$<7ZyW%CK>Gw6KQc$yok2mHV8hyM+%I}#b3eMogi#g+#*{}ML
z%lC27e65imB7YG$tR@NH_fu1HV~eZA_VgBl{+9ff`W@p!h^l5vg2lCeindRuy<=fz
zC8G7&+zMvQ<yGWA9rDch$Ef|rY!JnXKKf~3>R`G+nDC0(XTMIi^75vG^c=ywod79n
zB7-f-qRXeFa(V)>%0fdT8sn7#oWQaN+nj9}bTe6KdBy_(wsdQ~-P2AjU2(gROHs;T
z*Z%@r-sx3i_Rk~es}0sf?9x4JBZ%l`82i3;P)3nVjn*q#l3QU8q*-f58rvq{p;vdq
zkuC<M-c!RBoY60(AhOojuT&zzCXyG#YLke8yJ7fTC>B$w5LYIV3Htqr6=m?@#Rk#s
z88A^aIu%J*24NFIs(4UJP0|C>6rG<osUht2y(N%(|J58~0n)Cna3Y^nGSGLm`jV*#
zwJTzu2HTBuGz;KZPwtFoDOklf=6($*G5R@Do7AMKe`r+yL>-~>f&ae^EWfC+cXZ(K
zeZ_yh-Rt7>VBF8i-cn@nE*)xS)ANtT)bC%VKC3_o6km|&b>X!7ZcS61u+ZWA>84cM
zC%NaJn8+Zq&!C?+ZcVdrPrDS|ggDRV4y9e2RJeQ=66=)UDN6`Hare0n9CQ(=+ZDuY
zn6)%@H+6S&J6jJI<t8Bc;}w}s<m(qT-d+Qfw~*@jOq@T7o};Ff?+O9pCBGLe*4jdg
zRhUHrM%a3E^c1Guk5lk07j`29L(6Yr9N}Lw^HQg&$Pez>{BCH@xyATTkEZ+Tqja19
z%sz$GLB7O|rMhEMX93;nT7CVCPiSY*Q@}r@^<nX)!t=zmuOru4(OM&HA+M_R^@ZuX
z(RS|7dEw8cuEqvcLbjRJ%bP&Y=7R?hc+NhdINkxKM48{sJJQxJ#b}Xn`mCd_{$txI
zCg^SV^=ZN1)8~JRLVs;Zv&R|`<GvRiN01FRVr}Gm8!G}nEZ`)M@Puib-xFh-XvGa{
zFCz6cwM@AF^Ys!G)}O?61z&vj@qY^+mw&^5^i3mX_9pSVz47G|(<D0-AC7Ds(qIgP
zjV)D=-P!?6WYGE9+xzi~Is9wYyvNV~YKa$U=J+EWaxdiZ1sh$cwImPUjU@>3K*fUA
zuB5w&)pE<)wNC%zp~<{&D<8W=^D<7>MtLo6OaIwIIjqT#o7|j|i!XH*q}9FjT~l8Q
zeSjhqV=H@?4IdvH6^a@`L7$8JCrlQ(Vo}sO+OrB6bC3`b<YJqT$ssDJ8n<z7`T%wj
zNAlUneCkrhtw;xNb5Lr%-suk}q!Hu23^2azxGjTZH2%cO%>1iI@XOe{HL*n}^xoML
zXp#6Bbk$u|C*2ct#rtQIcOB>uJ^wTPw-YGKi&x!~t2v~W*RGzhV-XpMDk>3}jd(nD
z4`xXH_-CLL&7}R=*D2nU_4Xj5{8j0DzrGH?>|;2&1mOsdzAfyh%Hyu-d!1?gNAddl
zmAl2W`-_XAzQMuY<n(s}cziF`J5TO^|FQrSmBaye;6J!@hpI-pzugu##~!V8(;u|h
zgYtXx`~)DtmUyz-<;zQdbaE2SW!N}D7=zxvOBOCAJ#BQC7})^Np+@d>)l_jtK{8dU
zh?&t$SC3?pVh<!^M7FW%B3gO%<J<4wlk`znuRYtT7CJ81e^yl~7SHze$)2r``Upte
zzwD5->vws;dzk}{sjmsPt7U=Zhs(HCRW@zkE=E1Rf9ZVt`{Cb9-Vh?&^S<$CWPf)5
z{!Ee%I;4O8y_mlHdN&XBp*gvkvU)!_vUUj8$6~Z9?qi@PcIKytj&Sl)?oVhUY|f5;
zEG^}%Kik{iXXicX-Z&&4Yy52I8@PD%rN?8(bj|Im`#3A+gP5AS#<6x`eli<uXiMCZ
zSRyPG7ka4@4|{oi;PEJ(_OIgfloidDwFi4FN~Tuo`=$FIslOYB3u^U5Pl8h{+H!4q
z4&CJWv*^@_;lI-#o4)DA#d|}V*a%-CRJuC(xac1$)$Qv%oF(~6aU!m3PfNSNX3_27
z=Dmk4B9~Xkx7?dek99)(?ggb@>7$+U{hB?+lXvXddguLq-Am+Gt#D2;de13kDZpf5
zksSy<l^d{W6@#qspmjUEsdPb84fC(ePxm&bFqn-7aT}3ZO-cnTBB_B>o8Z7eFCQPE
zWo=EAGaiq&HDBw#;umjfZE}wH{qk!s8?_FA*T-_|R*q%c+Rgp_?^JKU4_f@au(%Ul
zt^+c!dq-wWVe_B9O8=Vt`0Kn}y1NbZ{lC3fTLc~Ff*<Y?;i0TPydu3%p%C8z*Q)#F
zGqf|acrklA+;lLp`fK<)xJS5?7p9JG;%N#X@|2)S7?P(;Y87c6dq`Uv2_Mf_j^Ioo
zo3#!wR9Fn~$aty0K<x~@#vIsq`D}TJ<mGO??5MMt5ro+lOF0}nL%3f3L)BAuP5nvI
z4-ypZ+4^fIx!2Ctp74tGN6}`mn1B0XeO9fVK<28apU@NfxA@MXsXK9WKb4)5MpaI>
zayxvS2v4SB(AYHd3@A<zyK8{3>i0(Jllr}fyuQoFmbABItTw5c1ZA5!zDn(|aiL(?
zprw4_*#kKrY?zy3yAv;`nD{NI3>5g~(XKnkziyCcKmqWjM4FhSLCb&<%hOaUo_!`D
zMO(PgQwR2iLqXG&FipymkKftQ<h708!JLA~v3Cqf$o3x&b5=mu_YlPADa7!%`N<BH
zze6yuLnIO6O2cozPd@*1p!GZu6tpckIgcriJQPxriE1A{tt}3s|8?~7Z?wf=-O7hm
zhkrg_x=2g^!gMiI<k9kej#OBsbahn~6B~4X{!EIO#$lUY93uL_fJ4Zroo!_KZ~|-N
zD@k;6p1Vq+T5Bm#D_F?FO3#c@Ztb~p2rkjq=Q$DnODj)zTMNsG)M9b4;A*@vKg;`l
zA&VatlciN6P6bx$Y&b3s3n!ExgvX=ruk+O7n-sKw85+WK@0vNj*mP@UHz}sX`s%WB
z+|vJ2G^eU+%&YJY+x)1Iv?RD`#Y+<PRdoAUk@zx&50H=FBcXgY!bW{ftfLL4?&rkc
z-JwR*%E{G=+psMS-ftB9hCOXw-pfDL1qVykZsOW1@fvG}h)vyf-RUXR6;Xo>au%+T
z|Jy4!j=C-pG9iTmFO(qEvWU(uUai65_SSWm21cqaDMy`kJ(?sK1U_lApRY-nEPGw2
zII!pMK`#h(xc3A)eEIShc#qs$R%#8Zck-P_7Gm}FFLO90f}Dv~>|RwI)N7J@$jQB1
z6dBTAIOrl|OteJ!`bhlT|Di-5{QZyguOs{UK!eQEB&P)9B!&yK_c}K#gGFoE%8NZ8
z9J0?Y)Ai1d9-N+z4qReAt3p`yw}lW)AOfWre+?*P+8R%>p#trnHQSi+h_mg{P=!^W
z@XCoTY)C?Eu&SSF@-P7mwX@Z48ZKo2Cl3M2{$Rf}P|%Ee3OA*QT)4@`8KJGO?{5-2
zG8Bx#Ny!NcURlf?IoqNst*Qo1Ez9o_LgRw4&wX!$FLoB|yF9#te;ExWz|^E~?Ca_m
z>n~Jsj+cB@%^cvge(DhqN<_Z3pQwlyEiNp15Z2_A<)%tMtPIt^8|r~@b9{9^;&CZQ
ziYxFSNjkSk3}kmjsEP1i%2w+)Hxl94QAhb|QdGVcWn}!6*V}fpwqW$xFSm)4)$X$u
z@#t3fk5XdPh57mK8I@0U_dmZov908?AziF*xzi$VDYBkR(yu7YRMwr=Pi>9B>C1z9
zn;xURk0Jan`GG(lwqGSUR@Lq(<%&JVsNJ~-OyoKuUEW{NL<~Hw>Jy1xkh*%6|5^1^
z`-CWjzJiox5t@hPQucC)SFftD3kF97akY^jjJvBMs|l-jWA6<;@?W)rnHc8ydD23o
zx=~vMb$EBudHxSgR~Zo1_ckvfpwiMHu_7WMUDC*cBCRYT64Kq>p-6{Hr=WmKNq582
zAl*x|boUbP_2>URANKRTcTYTLW}ca9Lly!Ko^cjTR_1ubXX5OTxT7;x#jHqnNbwwZ
zM{D7dY=M#v0j<Cn78zx&>r~AOxMwMpxgkAFP5}O<ihfok1W#=(0wdGJ=Vp8{Ht3z?
zWXv;Jv7DbzebQ07qSW{}2?gD}e5%A;6!}l<z<b$#h3We{Q7S68i*0qdxC|2>Zbnv4
zW?Nrg703V!k^GcBFqvPn*<=T-%kll|mZF+t15;Di=(DyddkKarx9Jqxlm<hrX2qZo
z<LNtpdd><;gi%fg>8erR-UE1nd8HLvrj$QL7;<?@S|p~26~h;L1tAEvAE7>xVvm-;
zfDE8OpJh#vkNK?oDCrP<E0-xQXL*Kdr2Pz1dPwNVgk|uN!DRe%+ZAq(jG*uqv$^hs
zgwQ~Zt;_V@S)o9K-d_FdV9Suw^}Nz?iG8VvIF1aW1GVLP77EzfT3t!v5cy-7@k!)3
z1#KG(E_b`NPwe>QtO<hqb(1G=`*}C+YC+^3Fm`(X%lAlo?RcY~%DHci?Z*YXi9h8e
zgH%)N#B+qr$g>GgtG%C&zlE~;s93r+4%%B~fshXl8-490BpGk@d083WtGGRB+m&{`
zzAPUPwd?mGIV~bR=%N4;UxVh*!Bfew6WfyPiuKJ!(V!R5l;Q8%-4F~*(`b{~q^I;g
zl^%N!L?Xyk@~2sq{-_XDPI1Ij4sGVDQ%?{I7MR_a7^8?8!|d|LVH~DwPEQ>OH=Nu{
zb=5)bQGsm=!ai#S!KH$88#%v;9(?D2`K^SU<eLOSRXzu<ZRTX;R@LVPSQ=qqkLa2G
z0Y>{tKw?DOb;pAx%bhcP7YYc6GIa{l0yKA|Y(UHNulQi3Q0v4uhYYu_zWm9@gHA^2
zWw7~HUDVn6R+g3aJeNHe(<`z_rEmBNCf#4S{=2-O?yzem8A_A%Q3s@Gy^a@YyARiq
zON$&X{*xULY>op=-?6u}m}VK-QW=z^&LI?31=N0EN*Ubuzl)7S)w4A=V@}VoJl@_q
z-7ciGFt=aCC^~qF-Lw3};q)tHVl8U%gM`=dE84kRF+f4H1#wYyaWNa(QsdpsTQ@VR
zlpw!$6qe{-z1Wq1hj^li>rK#Pm~ia2_e0I|l4()_Gd4C3fMcejixh4M0Vapvsu%Gi
zgdJtacfXgZC0pC_0dXGyWp{CZ-LzkhQ*BpWeS>g=de8K4p<Nv>{qBH*=eRUe4KN}H
zEKWY!$wjck!|+H$NGaObdZI;I3UzfE(8fm-OEeiMkGi?iaXJ0a5IG)GrgL0vYyCKN
z{&sVQd!HCaM(<_HyGgA6)P!Y>&R@1SPH=6(8%4aL$Fw9mlP`ae7u|=xj6K5fqgg$W
zsV#3L(Vn5y2<-1aeui5Nk4(RdO5&hYIc(p<*>83Wkl67U@1$kml*n!``+HflLWs}1
zw~m%eYjf03d2GmYZlz<ajVwi&n*m`o0P{ov>-sSA_}u>XvLBM#U)hKf*~wApGRKip
zghKH!@N(w#P999f6u(Sj?|II(Lq$0tsPae4mo(O)AxzX_@zr4a#~3VPvGwkE>Xxeq
z6g3XdfE(*LS-o~w74#idK`7aC;P;ShtcHya!qH$9FZw{h(>u{FS%;D*8higiK7_jj
z+rW9n$D+LFXtwe4!L9x5UVM;j^qlWOU$$7Z>moG?P-9P_Wut0Jg_Zfx(H;6=81@L<
zxyu%5g$L%{!DebC*{xwjMRE3zsD$FdCwbFa{NU;6EC|*tATbE5dnGiIiYb*H6SJom
zbK}eZkRj`#-|WDa8j=)dYdAYU#4BzBfQ<{`0OLERtPo6p6iu(5HZ8UP74q1Ex-YR@
z^FF{3AtOlbTs^PSl=UCt)8wdClh4KvU-Lljo$2nH9;w3O&ZGyDmN}7BMi10|?vBLw
zM}b}VQb~ESlIkO)ER?u`gQ$?Rj%U6b9QlgJ-kOu=%W|=DX+6(1$qG4oH;+Y=|3km>
zWvhPQJDF8{<B0d+%{HaxyB({hG<tf9GAyB@GUOdYOJl(0JN_L21}oticxTkKU$(e3
z%WW6@3$FJ}v2JX5qW}&UEs0RurMSZrT8UxL4<&2l)xP}{457~x5SV*2Xoa0Gnf8%*
zOPh>j<e~HBbu}MrtjH&jLj?sH71DjGU~BfoRvKN#M}Iin`~1D>A;{paMBMq~Sg4S|
zdA-<?rdMpXd0{PhjSeaciYB7aHPZj=9N50zK*WSN_r5ZD42^6>5P$7;N<j6|$tWT)
z{(Ub))%#;P5(?1q#H4o?<dcp3O_IC#(H8X861_ILKja8Dd+TDj_`j?3oA+jbkr;jr
zBRAt?HjU`T{*3uqyR+MFT08IC{siCa@$=hyK5@`z&Q%;B0oC+5KTlSX55?YXn3@d9
z>X*Y2#D@4h!Dju>gx-q8-T|b6@&+L0O@z5Fm1$>?@7xYCN-ZB+{qLb#S7z+};XI~B
zM%gnv>%=@@j&^v~SUKbwdm|B&RF?Qf+Z4)$?VS2+3hIPH<HPPx1xo#z@{@efNtNOD
zy6Iu0oZlfLdft6Gawjbkyk%UQIc^;vudvfjAc$#Tug0hhzfDe(Y@n`w|2PN^xqoNP
zwXSgLh3D5dAOF#w`8Z{&0|tQa(>0>5^$xp1)8VFDUl`2R{ZFYca)x)DRUnWmJW)$F
z@D;#e0-fdFm5Edz?5gg+GUs!sV<d`!pQ`ImPfs`b?fc#8-`aYgtHq*196g;4xi@vr
z+6s4gQhtpBukS-HALgA44(&X5%bCsQ$On_epHh)fxG*a84I*kVrK)jaU?WsAR_X}i
z-3qrO4lY5@*)0!+$HdUd<YV@K)6y!a#UOiP547;^&>BR&-RYQztw5oL_4eawbPUmQ
zkIWwWZwVFMuHGIbxXxVfzm!~I_xol-y`;Im{psiDkFluvR%WI=yaz4QV!h~V-|>w+
zb5ifu|IwExZSq4S;mVa<8IjkgQ}T7E4o3ytvK?5hl=3#}SRwdKmZZIrR;q+;(wnCU
zv8^mRTF17L#i1d!o7OlxzosXnk>*@heVBjtG_s&j&4G5(jKSBInwab3m{O*y9jt?e
z0);yPPv6-GCq}^Y1gGB|{&auB3=Z$R=fM-*>fohiXGeG2^)gr~<by~W2tF~3FS3#v
zhA_47&$eF~FCN0-A}NC`%Lk|9<Di$!>-I=#>v$7NefP!I8>F*H;nsW$z{Vr)PTaxT
zF9U5|GH%~b_53oGXj<AeQPIw-mdHAIsFAM(<&kUq2XTYC2SNILeUdTay2CLBjh`El
zDxj}}ZG*t%6ergifpGH6&!1=>Az6w_2Yg)P1s?miVo8Yt{^1<(s>8~37?*9saqI12
zlTxiHcvsg{M^kb&?hoEhowO|MAtkO7Bem``1{L7bG)9OPKOX#L8Ie!;RQEX|zsIQ?
zVW$ZTk<O`5hgtBlq@SQojj~J5Og^2#2u+)1fyA0)h5!BAfeYgPJ83)0b$l6vKKmxx
zVIhlLPa6}cFxvAFRH(j#g9CKq&F)zv8s&F`T0YQH0|ixepM20eRYXL~wbIChguBF%
zrG4~|f{CT|)e&<OF8hrKw<Y5gvWs52nkyB5G*wO6!O8$6CPpAK<c4Bwf)^bDNKvt&
zGuPb))PP)FTV0wfI<o<TQI$xcm|n(3MjAM*kXZbbvQ0xPNKl(5?7^?44zR-C0%@w9
z#Op|^=JxU<vD@lf9J1SsAD26IRZV3zYGgV+tJ}_}H|P8NKav^Ewju=SUp619wrO!*
zy#2Dm#Gx1l<-de)X!+92DPWp!=$G$~&J@%iv^+D6T%CQ!0+&Vwe{h^zcPf5)eWTSL
z6G#y_(I0wd!OQyJqfg-F|L!)~JzS+!R*u>!IYADZ85u3;c0PZZl@)ou+(QckKA!vk
zjOdr}K(njEz*JgT2HaA6V5^qUO(m(uu|c^ipDU~a@%a+O3d>R^8qOAmX+$k&9xvWC
z($&0p{;{4^HbK{LD=T74VA*AZ6{hQOErNn`a@d`0>|#S<33`=0uXWL^hTer)f`ji0
zDK4+Y2F2AjRsKWp(G{PCFmOmH!h-H==I<qL><_r}d#>Kh6gqsk<XZ8t^)Mq>`<3)z
zL%Lj9P_{1ev#2R$S!Fib>b=edvA4GNp3o+5Fd*6eBE%f!aWkYLw3SW#;#mNPKUy1?
z`cIy5I}1dA`4BZaieTgMeA9$4&k*xdeYHlF3gB(c`l&pTWvvF3I$PyF#-H@}_;5PY
zUeT|U4So88fU($&2U`=if75PjT3A4J{A=bX<jkMIvYR7nTufH%e=@uLXfRu_Izg`<
z46+i7Ix0>5Q=Qt6kMI9S>qjxq?u*(cCQKB4Z?%|&Z}Tp4(3CH7NE>CCwtA5{v*TQs
zGQ%~1I@&;heB$S(Exvs^uiqIKxl9P_MLczo&np;V%8L8?<{!gTEJ-8uo&snK{56)|
zaD({OE7Bx!;^MQhEdjipqlks8`K<)UU;`<*YNjJO=(}&fL)FPX?M!7+k;yt7EX5TT
z7WUTF&FIV=?RHen`=TjbQaP=DHuYxSdhppAL-qJ!LIT_Mp%X?=)kK&8R)wq(?R=BM
zZlO!T!7&=gD1f!JdXjK>*5*I9$&T<Ae(E`=spny`wLjg`;3e`5=Hlg41|xGKh5eGD
ze$2U9Em6?>h}OtD{W&VN!Wy5Cc1^ho#31VCig<Enc1}SFTy6^L;?tZ0D6`3)8z|j2
z%JABonXprO^3|nwnTxUhtCNd~MkLRR1R06LRF_9EsBE&e6W{9@JkByAwWUouku71c
z4QRqOC8UF@ZPtA$N5Azyx^o^ITAH6&@hd{PRNU)>-DwW;>O`loOh3G9O!^kId2cyg
zRggH}@a7~<DR6|r@)4|$><22|fwj%_PJG3{bF+w&XF^o?B58yqs~&`z2bG$RKz+PK
zFyV4VZ;GUF&DrA6zG+EWNGL-(rso$(XW7Got_$U&JW|<Ljd>OsJz1sZ$KT(R!2~2A
zI66@zt)r~|wR62kskNZvQAt-w7pvtfP6M#ny6=sd<G+u|Tv=6F{J!SR``gUa1W@wa
z+4*GtvSkY_9frTzr40NMcrz-({naU{g2LZv93*(jM--<-Orv;$i31ZDTTHiF35NIF
zn$Xi#(S&<`-<6~xYFVj7FPiGnv|uaMf=md)3ue-bcsFA~Da*cAQ=#!@QSiTQL5M8E
zgskGGZ*Kg~(KNzZ7`>lOw6Q*YU4=|TOf_94+_sJ1C<OOsCBM>>r4=`x(K{x|ho9*&
zBUqWv-^oG`#rB*<KsAJ6B|<pBKs$xsMPAXbbgTqT%P^OS5%T+oIt`)}Ypdq`k3!zc
z`{DC46PuLo<<EWh#}h>pfy`2uolOWQJ)l_7a3-y?Zub9LfT0AkwpkIQNLMdewaFH#
zvIv7mQrP4+1NI{f^rUzGo`{HR7MYs4U0u&rHtpR$LY9$kFb;jy=i()3W2)!1GoyrM
z69Ivba`$7AKo{i*WT4P`IT&n+7!!c-ZijTOO$FA3giuT6&s~mJHM%(Xx`M9ROmEay
zaUqn0%vCE537v69M)=YB%Mx)h9dCnw_kPU<44neijY1-e;)98eB6!^Q%6y9_wmOub
z3?41e&ldlv{olG^i6>dfmVH6`h#nV>uC4J%j+DIGZ__ODb3Pt8ak$>w<i5PAYMQgG
zfUnEm=^+?0{PhW&1p^A<p<OclCU7a+DBS!Y_T#5&?37Q+r70?0E;F~6yw^)NFZV1J
zzQf9a`d=8;`y7WYEnCa)qAu<t$c{OdNR@xXpHAQa^%wx9bQU(o0yiW}=^L#Gt-9Hq
z#|IeDr=H#Z$8mPR*@?@w&eHmKj#{&pvw!jGrV)G&q)@=miFoue6K-sjKQ;{-tuh!n
z*b~c~F9Z?gjBK2*tVG|eM~|;2r9bo4D1=*fRQKaqkF-^kl{J8&1^F|bTFSuZobs&<
z8?=5Xe*ov@H&8B;%IB1hDpby84XYjD>!aV7`0;(_@1=8IA0a^Pv8TY(cX9ADLCLKy
zeivk`1eJY#ghi6BcKk$=5^gu6Z-20cu?%?S7(|4aM;7*$VoUV^jgL$GzI(Ylx`NST
z-Qzg^tQ1mLJzX5s7+Y*YAOUSnU7<Sr>?I)B`?a=c=ChmYW|!B@{>i8o@V#!xqRObQ
z)5BIVhYe4SnKuPm3)a+kn{p%mnz#;A$+n}#28-YOSa4I#qU+93M;8bCD@|9&O~K2H
z3^yxJ&|FPjU@(w|Y>2j|jIc_g%~)sf4>%BV(uy1)nr%iOy6(`@-{bl1`%@ARV#rHP
zTQoIsVlF}x-Ra6dJv(U~HDID0Z!)}7Ic>A&2(die@59zwgI4|b48;*T*chtQFE9#)
z)K3P+St^O2BkLTpefO@T72-0Qj)u}k{4R4P&yid6GgH-4P;Qo<w@L#=Pkd?LJ!U1L
zhKHU%5iPlW!*gW-%FZNr8(V2Gmo!)UzEQyMqp~!ZA+A4x$&~qMp3`840n?+h%WB;T
z<f)j+^7z2oIJqUNi+9E~R{J?yb8CMItxSf!BY3w0Z&x?Ivi14Y$zZS$7|>Y{Cn6%c
z?w*RAsgk=LOiQUMx;^u|Gz0f0S+!RY8K1dnU^!x-lkmydUfrA<$hWyh=&wfP!#@(g
zz*}CNau*{UQ-zJ;X%VDwIB6p{PlOC@BL!OTM>ihF{jI8BMbt@Up7a!8hO`69{k^8Q
ztLG}5AHB|yHz&7SLG#7R^SAvcL3Ow26uZWY&vrM);0@?hPnPd4cJc~fkafqvuw=n*
z!JGXXDcPocA&<JUNbt?}@WQ5bmCKGfZ&JN}J&;+6;ZLG>eQ`WjKdN==Uvm8GWKB9|
zPLWxtn49Kz>L;7ZJxKA*_UG6z+wlj$wWS^mmWNoaPet?K-ulj9^6xgppP?m@lc8vI
z<4nG&E+aN9J2*s(bouYvVMh3HXp#g_LN3{Qg6o2Ok!*S^49I#9KBQO_(`>Z^3iM4J
z*r}Vp8K`Qyz1|bu(%`Fu8dEGT1bOaQ(&v_d1eJo}F{Gbw#}zFK<`d+(t%CmK!!<NU
zO^g|}Ilrp4X&!8}`cb;*ek~h+Zd#VS3R7e77Uz<|a{${2dOnuI;cwQUeFy?UK|%eS
zT_h429!pb(%R;KlJUCJB@^(}BU-8OYspGOjI&|n)kC_bt@tJ%{OI>%5dZ&w(1%JEw
zdfkm~QK9)pzN_`?Xykbdk)F?m0BT!`#3;g2-Gy34f+qg(-Mpi9&X)!Cv2&04B*})^
zCiT4|+?TmeJ`05hghc3K_zMG>W*d2iIS94Py9=~gl!WkU;o+IYfRGm$nK8*?E^Xhe
zkoZPG+Qn};ynyb`p3SNe-h=*LN8jT47c&E%nrKSS{qW*p1F5<DN6Mdxig6j#A2AZ0
z$^GQ{Z|`WY9t`nqYC>;TopS0q(?mx__YB2`Tv@u??@WIN*Y7GA&VoKjkz|BeaR9d*
z81NE7BSJ8v7CaEfE(Wajz_{n@Ws99A=9iLKn`AcZ--r6xdP$eN>r-bA3yQW})gfWl
z1tpwzx|4M=4VRavr>EL};UQvGBW@ss^SAy-1-=3PRG%o7uNI`);lJQoxi$P69ku7X
zKXklcP|ViGPj|gEZHE*;w`=m=+f?B4x%Dd6uXVOadf*FZGsTxqnxfJlDC0nPD<AZn
z>DL|)eP-~sM+?Pa*lSs1#N^)if0GTNdAyP{GAYo@L;_=f?C&e^A<I`6YrW%x?!<O<
z1CgF(TE7(x`uxW=&564c<@ksEDwhjKKerJVFV30t=bEpTp*?+>7A)z^q?m0vWPhs*
zP#H8BA!avuXTbQO^PyPN^h_Rn^IY;~$5|w@OgKr|_b4U%49tfr)W5#$iDNHrJOzI>
zU0o~j%k170M6~dJoo%lGeSA<(Y9?9JUhIa2YUD$I_S`@y;iSL6WqtfQC<qJUI4<h|
zAzgY=UZb5DQZRcR;giKZ{>Dg~fK~y=zoG<`<bY@VcN%3DBU<n^q>bWD)a0REL!a(b
zilDjdY;3x3Op7OEc0*o`Vwm&)w7?Jye%e3%Z+Ttg=jGkc)V%MH5Xf`JXinN`gSgQG
zeHj%Vyw@iUbqD*uea<vFdzH<~sz6J2GrQ~M-QC?P&h7WL?gy(A`n^Z>BepuIhzd9x
z&+7<Sgjzed4l4O=F~t8~zkxl5>)GK?1<@cPiDtiA4|hQ^bf){Kq)_v@M!keN6#}%N
zq;qQ@O_?qOhCL>v$MDG8!__sulLyd9S7hPI`|57$B)C>Nm;aMfiM9}P2A!faV|wOT
zSx0+M^Lh9zJ^>{U@S9XtVC0^E<Q)=fDwvYto4?zBsDq>^MQyN3*SAWMG$djHJV?y>
zdwg9*l9WyO!$?(v+cvx<>RqlA5T`dcP1e@7de!zHysWH13}I#i<c1KX5`#|Up$f&{
zUxJ_uPQy*K-!bm#=2hYR)tdb*S8pkYf}k}+?vZsQlOgcjI%1gkw_GZriV``7;)~}g
zO5xnLQ3XX-SPIa9g5Ve%7op0^E5xU{xw&eO@AG?|yM#aw0dO1B{~bs+wfPITkuFOx
zth~X>;{fcJT}IZQlVauJV|7)z^_G&2Sh@+$HJ$6*?00@XBicoF9PqF_V9YXa;JtXP
z6g?v(X}I>V2REq2*Drr!%XDVvKILg`P~!)U-W}K6`3-8L@WU3GOUCA_vi^Qhd9W-g
zB2nXe4a!P{P$L(CUtmzE$-QP)IQ#_}zznARGGhbeZKD!W7_${VvF_hMBFiHn>yt9W
zIMbdp*KSqab;0~zrB^Hd*4lV!8Bh>%hLoc+HOFD}C!bcYer8Er7Kp(r^PI=w-?}i9
zS(d9x%<&OM=*lYzG)h?~hP*3O{yzQm9VM6Uy`zhbjqdfEA#;AXie>0h{wrwwVOd$3
zOpPqG5i~frCLmEW6-^t+6#YGJG8Pn?{Ase(0kKb=1Okp}{W)Ldb<tz@1eCq^^Rn}j
zb8_HxFR+`TmQyq`5v-UjYLf-#6*^^lXW&}%HL9B5OWF0GVtw95mm~{ofsi)f{!ygn
ziQQxiC?v`tAc4ghyZ=Suz?Lp2nRL}m^~e5N(oz<@!0+dPEs<c=si1zC#K!~L`Lw9c
zlWubf`g!3bM!8Y)kQ=Zwa{FZ|yZjNlZ=fc{Zn1<bDVDa|5Ectlf)yuj(0{<0BmRN=
z?2(lJ520(UORwWhAq<*VFSewcfye-w)?;UdWDOUWXYaq(m?0Y7tI@iH&rLn6>0_mN
zyV**^Dv%6PjEl#sNGI{DI@iAKGM;oe{1=%N?|o;%a2I9hfth!lc8fJ$3|I+hX0Opk
z74m#FXJ&RGO;j>k2%<bDmi^uP8wd1}(+gbW-ZY`5rJb?(lJj&4ALvY)459Qu%G!Gh
z*!c1|U~oeV*}GO7K%)|yXJ<<W)m9BV>);?e(<EVdKn>C29Ve`^>oNTe+eg-nSV#=c
zt%z|Q8oMr~otf+e2}y^BU_+s78L;<b!DQ`yqq~pq`!{nixm$&FC*nzcf%aaT;0uQ2
zQE!97G10DJ{*zdXWedRCU=o{F$BMlaGOYc=#Tgu7=#<wm7$TANb>anGd!IuzMwk8b
z$D8*NQX1E?x)UR%=I`I;{at-)co<jIX#6{YjI7!ZI!oZe!~izJoIecRAROgojq$@6
zG}u~dgbP9eIvLnxDKCh@zGW=O!h7)`F|{J6zw1REV+Clhn*DZGUvoNL{U*Z0J~_wc
zM?Ty-F>$&`+v<^FDJBpKiCQ-12UK<P@}8){UL5^WvFQD%V-{)^-?5Kvq=k<a@(F0i
zaIV3sPsHzHq=JONL%6k)Ffe}<MiENuy_2j$In-FqxuE~P8Te{e+1245RT*ow8XcCz
z6c&FB0(w0p;_h%>r$z!e6!?sP7T)fS@A9HD?n*xj07Bh?NDNN)eEILSc}A8fOaThO
zFoCyPQwKn*!)X+o*;T+)kL>JatGH;}yCVOMTB@^zNNsg)pW3LWceCIz^uUOSTH<s6
zuLYPf?)UwfahflOi#IRRk6K|^n3-!-;RpWQd4PN4_`^{NeGdOu@7%)g`unCWIY#Zt
z8WyKNFu<7QAW}csz2forO$74XfdyH+$SJX{VvK!$iZR!6;;OPx=3P!tP?7yIx4H?F
zf*^+(fLP5$E>*sA=cZFuwtBzjK&i`r%<FYov-d09qg<2lZ8+){KdoTL>JE*p;I~8V
znWv~UB|}sL{M4&~hpUjI*xRUXu&?F^=u1?l?IV%IuVjMnb+1p~L35dRD4%Qa)ekGg
z|7NCwy)M^9GU1mOvLURYOSen=^AWS_d$^*Y-`clX4cN=4BptSR{tFn)Ef}xF0mbEn
z>x#lpAN@lOOzukQ(*UGEvx6ekdQEfC&g=|l3;InKgP8#Tm}}oU=7i{V_tDkf7rUx}
zGJ*Ox^kXj956{kbCgyKYy>`!vkAJ>M4#cxH+mIwU@ASJG(x+EST*nO}XT+w)G$;h{
zy3HuR|NU?N&Mw>f{C5*Bbe$H-HydDjh*3ZE<=?P};uQl8P0e|lVvc8#<Kgz#R1pHx
z=3u++oaatT@jTUi4yJz9JJ|lzy(CD_twOiXGPA*S>a_%AO3?fZ>{MU6IgC3wq9<a?
zvrNv><|-MtHJ$p(uQt!(LJm}*^N*9<sv{o4%G3HMD1Pbo7dLRQ>#6hS2Me~cWC3~b
z@|Kc!fa*Z$jk(k{eu~eLa3p26I};QUQ&h;&biFgg7Q>CX;NO?2%H4vQFMc#YyWDmy
z&M@1nRk_ptQ`uki?_}$^7P%N@**vjT=MBH@=xfkZfffE#+fhT4*L_noHTnv-G|#xt
zB~AD_m>`4g4EMU42L^jKnBwYav%h#~BMqgTiU={I`Na6TwJ#~-SC`{c0D{3c$oppO
zEAu^w^=G)qJ|{Z~N*3x9i7AAlemM@7DlHR2Ye#;k4PNu4#{~2MF2T*1p0I?3?@QF}
zakSp86C=hhhM%X=^1MW1r^9>uX`j9SJ*hwkm2E?$kdTl*!`vO>5P<)usJLjwc0uT<
z9O(}WD9ol^p0v2IFtRfiZ|%sQCndq;uG$`LWC0HjqmfM?cs$k4?P0ybOg(z}ZdKMn
zeHGhYQ4usYN-l}C7L68^C%reyAL)p1AWX+u+<ebcy5)Q*TGCS_8W0opI9*xmHx$@?
zqD!Rpzg1#bbgF*B7wsL$rem4BhWt@mQd-N;0wBkM907*X+x#rCjBWAPf-*6%rqMlu
z+nJ%3HN={Mc7R+eQBt)4Us_L-L`p_RhM)h$vas^6${0zVWMpl{mAI|Fwu=kh^2(3%
zt+Mb7Yu9uuuHKur6H6Oz-Pe#<!~V~ble+qBXf!UaAFMC*T<oXQ!bcLUw+kDxJo5Tj
ze~6+7>eV&yt1)OQ<r>s9-U4{xeAnevZ&Bz;(5!Ok>27gMWy#Bcim}IBTw6)Y!nIDQ
zwW@$lmGmaGvz%fBM`OuXAFCss7F;GnQ=<r2#cM=zU7G-D#hn`XwygU#a++2lzu}{*
zFaX7C(Xn!Kbwy4$9^82Ck;@)N3RUU%He)ZRzQQsP)AKdTZ7Qw3YBRe4i3RKU3`Mml
z#%3g$EbLW*c6?D`p^f$N8>~B+3+-+bCI4GvBJVMNLx70iaJ^#duoMjc#7ubRQKMT~
zO_`c8=`VpRMqZ^L`7c^Ql5C94ex~+~VxHb_JW#hOKSxBZWGwkvj`V2K^cPyQCfYIt
z@FcELreExc!pugr#c$g_97j4EDbT>zgZK&Q???+=nqtu|s!-J_q})<=|0YSO>5_Bd
zHZ%&1&SnMz7J^{yokPR77ma>ybA&kV`{sT$g+&+9OCmRvb!$X#+!=vr|0Yr4f&{rZ
zxQ!vOfFosuov=&S8mOQd$vOQ02d<0`&K(2Zq^q`(%j0e5;gQw2xPEn4H#>5dH0JId
zovJgU)2d3r(1qmSr1@(`ztiohPm4q5&R##O8Y{sLvR(~MIZ|UUtFd>b<9(>3GX}*B
zNk6@H0}~Gq6WxjN3B!B&%d5V5AmlKS!c7zTCbEzR?&;v*;J^ArC4CJh8D>aeDwqQE
zkcT=z5L%{SsMe{dP&_8Z15$eW&*9<PS~T2lK2`tQhDbwa0e?Qs<}%GO{_>O}e8%XR
zPIg$oF`H@Pl*0)B%k1rz#c)5(j`hf()AWqilePJ|4!@m;{*t>y^v%yqLUHO};SkZ&
zUE9@E8*5`uwF-V~Dyh8Wvbg(EXxOuca!z5meK~czb1=L~O#g7GA?7(2Uy?>~;j*N(
z#RJiZ<%X9;x4BqOd&tA4_i)?;gD9lr&B~NMZ=9_9RE~pEH0@U^Y^vVnsS8iK+s^D8
z2Bg+IT)cCt$+~8J@uxW(MIZ4O43hJ!T|bNt4J4iM01XsdZhsH!E6j_Bb7Iz=+j;A)
z<0J-mbZ^j?BTzCR1q>}v8SrYL2Ml{Wr~VG@kYz3AA5Xt9|9Xw`W_6@vU?}5pppz90
zTdL*=hYt&z!c2^Ct}*!dvRUmtJ;(VYU#Y6?U4v8m!o$Y}f53ypA{pVO0?h&o8yJkP
zQ}0t@<ZwF+&(q{m!#{3~*Ov@UN2ZP*d@j2OLqWOV7UDqXr>8;&uo%9Jpxpjjp{*Ov
z>d!{X<#WseT7;iM3K-H?Jcim`xvA(*6ADT^Ov!0N$)ligkF5ClJ@kakuK5d}lZ}ih
zoy4-=&+XYKp;-eyZL-R~Kz?(Ageh(3i+st+&3fG)Fzhao^o>;g(HjQphb>rn>QEPf
zibo1K?TiAUq3EBcPWWAd0m8WVUJTr`8RhjSW?NcUcKBUed#Y~}wQFNYo`;!EMW=DD
zPp^SSwM5{&J<wxb!W%7ju+fE8y#nz+Dsq3*a_xx|W||q+&0&K7&88)$tZQ&&c-wn>
zzt;wV7QGuJ!&D!fl_&ILR#$J&JF8b7Rz7WXS|lXoRy#fRtB3)hqYoW}V(noI;~=3$
zTwZ!QFJd%L5*v%r5qPp-qtbd&NRLkIkQfu!dNHs=9Z!chm@kFEtHkoHkPB>sQt7^`
zV6Z$LNnt?&2woJ5-i2g3PYa(pP&c7>z0ltoepA&N>^$LgBkLTb_pJw=T*fF#UpOyU
z)Vb}_%=kS1uk7l$?pRd%)GO~X)slS??f3g=_oc;%dcoSo%dd%hK6_pay<sLg!3P^0
zzKd7f{eo;g8g}&Q3}Y@Hf{6%+E6VJa%84>(t?!p9+QKW_l6hCdZ?2MyJA1v6AIpx8
zeg*4sp`(L)X$N$FD1F-WnW)=e!!fUkrd4vX62IZvn%daV=Gg+Z!t)GMFntX{$0a>%
zCqu979)jeap=Odpyqd_xXa3OkQjfWZIV{(EwvqZOCHUA2j9Fz_mj}zy11V*+J^&T3
zfKr(mF7k6Tra?`5g6zia^?X!xv>gQ{#L?Zkaf$6{j{Lxp#I1Jb-(fJ=0;{h+|I7-I
z=*N2yXZ%q6lgakv$rBUp*9C>0Z*?cW%BM5SFSuKHoX_pyA7PpW{ps!N2T)?#GwxMY
zesAJdznYCTtlRE}@hi=HT5T;Yt&x47P_Wbf$SC_qteBH?)>%YcVzp&hE(YA88c){N
zoNJebcTRp=W!`(K1cQ~$KEJEksR-@Mv^qh!=sp+$xrxRUAVH3vI_BpF!|lzCGS3sh
zeRg4EWaI1gQNB87sPe!-ST+_cbXf~_c;W45S9~_7zeyh3+jo!~mM6J)5Cslp2fxVk
zz{^bb*H#!mZ1EWzS>+;ss6B?{GpUU|AlVY5-U^gsxw9{+m)g|Wc#)yA`NTat_>^1W
z9v){axAM+>ySr-vSLUb9+uey>&#SYx??<-%2|ACqf@q4&SV*#(+=6hQ<VvQN4QHmx
z*{z&YYR7j}t1Tle?=fPhKEcCaNInmGa<qr?Va|3*?a$&aNd=RZY*K4*{A1O>FW(%#
z#sn}Gr^x}0ukL@PEJWKKlk-#!w|Rj5FqS`mDxwJPVjD>S84!K6kV*P6QBR;gdb*?G
ziZX<n=}Jr!b@}t6zVm+-(Hw;95Ph~MNpEXoQ)EL!91x13n5ze4sJrU^+Bv|fZ53YX
zeM}rJhnvry-|#_F3ct*$vFO@b@b<i1Oib)Yiw!WcaeU)5OB=5<Gs8YSz=%mg4l>Qk
zzPw2pX&Fql6ZBFrjf>fS&msBH+M<B<*LkT<BlnoDp>s8QmoT;%fL^!>(0R~UFX#Gq
zy9F;tz1h1vg6+4P)|H6vnJpP$qa1hPgYwt#tAKo(f>C2>RY#B2o6j+YNl3vj{GW)r
zP~9J3gJx^8^g{-e{@72g-)r{YZtf%x)jh&7AnOx`XSErX%`<=7{*C9K^iT<PSX@C*
zK2%<i^WnKYuu$-k*jFp=$zYDHS^4NoZzYErVIBZ~`zbOdUFi`yR(9bCg`&`};(z5u
zaq~nixqLgah7nu}E2rsLT`%q|G)EH9PM8S>6XfSbDjH{tNctTfZ;&JjM>U*5zEq{h
zs^LgMBLrGLFNk9j5)mHe3IK12hh{@URFn5BA~i^!XDFJMY0JRjG$j76eVo)tQQ`Bd
zX!>>sy6}t9KzC3pO_EDVNy#+hJ?47Ah34(fuk|g~m$-l$IVW`ftrN)3gaQU1P-SuD
z{xNBjax{DZ<jMie5YWyBi_vl}F%5wB;4z^HxH&lhRqVgE(rx5`?Oa4QmA^mjLc1LB
zh6r+~Xn@VgN_qldYKLXXhiSyY#y}V0P^w;XA`CG)d<-oWP0aE1%oxDD{-vLFpq9~6
zGZ3Nms3|a?A+XEjnHHI>Cgu9kx9WdiDQc^0;`ZiP)QWigfAwPGCp$81Kw4dZlqi#n
zP>O~P=)v)C#k4nuRq%ooJDlwm01af7(uPWE3eUJvloy)-<T{2l-Ov3SDS<*hzNf(N
zcHqYcATAW6?*YIH0oDZ$de=uZfJq*}t{G}0{<~&73ZuCP8^RCZ*S|og0|oKvq0{vR
zMlGvIYZF6QAuHx@VSOI0726sYWkO@DhNaE>JOST;W^=D`d;{V&0H+A}Gl>r@NYgVj
zT6{%JBosG@n!oM9CTfNQcuT9Lp6pBZ<jaD_RGv0^C3>Esos!FG%IMHh(_bg6LMxYN
z?M`01_)>K{oB#F>SM@l&cI*IbwY$J(j%{*|_2Gi}B(bjCXNUP|R_0K!L)Yf<+PJ*?
zV#yWX9$$WWX~pFI6DI7vqwu@G^Az5(au!r*Tt2dTW{^ltd=~=0dVKUNgU6dtX@u-(
zSX2eM=*T9cV6vpwR2=$25IUO90T`{b7jWZ2NZY+o+!+8~D2u!yzE`yC+)C;A<xdJd
zxGs7KzM1+Uc43p4;xpTULWk_Q*Tp-FPnW1KP;wWf{?nomJMszcM`3=e7u)~d;hF?^
zjn8-w)1aV+Nt9K^tW29<97LwOS28)m%st;vR5bIF@Z)5H?m+eng5x+r0mpVfEj)R4
z<?$Ta)Rbtng4pz))f!U+0T{-F5+8RiKZeMC4Ju`|Z<HK7+TWJ&|IQAWcL9o|R?CU5
zuDI7N_CAFZdufEWUVCQar2>YAK#3WkhmrY#_?hPi?Nv6z2kkANzdMa5{=BT_=sjNP
zp1RPkbrZ`NEGxy1ap;&0?#cT)<Zh)i?kbn9Ch=Zn<d{{LDN8I&CMLKh@_a7ea8`;@
zZcD+$yAaZl6U!(xNDrpZ6J&UkF|VYYjk~&*7Lq?wlG4{F=Q54N4Ec#+;Dh8>4%ddk
zX21OiM?Q8EkFKkIAWH&~X^+GJ2HT<2dZL$E>!%{(nxtw4D`~|8xxf-|_xr(HAhJR*
z%EaTD(g=bX5;*YT-=fI4$46_`y^5Tmq(ph4y>1pRz>FboNrCaxH8ZAjKtVBvO3Fnd
zIxA019Q3fLdb+i><r2Xx-`E4!esC{=vSYE6K{0p4zFsI}u*w@F^OTF+Em;d9(v)c0
z(D$sE^Vzc`(G3G`?(X4)Ybb;ig_6}yV`y|gXr-6vLS3vILm+KA82%a#1b||esi#EJ
z2@ztsq~TzCZ9GnsZ2JGT0H$SvuSSj)in-NP9R@xxoSkOOH~IN3@7Ls|_Q#?+8jwOG
z{9}VtVNV#{_3K2ii&tew_|@YEY7$ppn{3s__fGowdee0}j4FW9kl7OZ<Udt|LSC=_
zEZQ;@#EQWVv5X;=`cOy|;OS!gXthZ7Z>Z7RS*|zqM2rNO2HAJ>O0KT5kIMLb4sT7+
zXt~W;4%g>*Rn<)8098z?nj}GyB0~H!uXEM-_^hhNG9RPQFOpu7*J&~T_BiQ8&{y{n
z*bNMZiRpXp3!!n*H{G2^FpUB%H8Ko;3#X6d{w5@9{R1lIFHXB?jQZMeg=}YqeUDTw
zgKiGYA4pBT)Ar7>PW%K)0|2?3OpD~WT!y`!Jz1i8-6Z91m3V@xFW=(<ynrN9QXu7q
zj=p!5Nm*6Akzr@Mz3B`E5)l{fahzujk4|DQ2h%M+hJ7o*lxlKC)`>px`i%Q|HQKkH
zFXJqk#y>^EFjcTh5J5}ZN78J=fgCq_i3v1JX@l3<)Qeh*1MC>c8)7e<XQynSRsS#U
z9)-8#?<dCllq8~;6U)G8s%5VFN0vtwJ1B&-I)4fS45qyz`*xyoZVLzR6%@d3m$OXk
zj8(HD@ZY?D)c&`UZW`gSO&Q`JKQDbQDlYD|zi@u;?p&!4gJGLR)ZpKn(hB_YJ_EBi
zXRgX6QdCT=ejzWh|1<d=5{TvJi+bJ^1*oR25_r`Z%#hT-Tz?{~R?yDlzff;QV+b*{
z!Y2usna#!7qn$9ecnyU(I(TYOtTy7?%~mr_ec_2`z0A5Q$%AXaT-@#5j~Bf_zXl!3
zTmS;On|03=VrYnC!1?(cZW&{c9TLLUa)cV3L$q98*79i7qqQ}(0`u5HHDo=?o6h!I
zf`+^Yf+I@+Yv{NZxlQh-UIX_loeF3RIxBHib}@fe)GQnPQ>Q&2*NXvd-X3Aodcu3D
zZbe04Ny!%hWD5MY&LwMN+qS7%Y#;(tf?ageGC-Bo5j<Io9d5%p#a)r|00{he>QvLa
z_O}KJLwo!dVmdDwO!C-Rj8>)>+b5FT9dl7c-t+j{oE_q2u#%GtFNh1nS;jans6Y_D
zM!`n%q(363<b_4MLp!CqUIXT(ny#NtD+-b~<;219?6&{5eo;4BQ|2zra7h@RU0~lq
z7RqFs6)~ly6Z-1?r4+B}cV?wPkv*YS{1c9=b3624C&3tK5B75CAuP>r?S&QzAk-7?
zArUQk={HC(t~{8I#ED>n*>K~N4j8=|6DjEneojHM6`F)D!uaF#7~p;WH8oxQ*f+%;
zH>MY^=i$Put}dI9{2uD6LdYQDo#=NJ-LO&qlJR?(@JIVe+LXeF4~f=DMDL|PrT|{0
z=9$lSc}wI@l@K6HUj`aL7|Sh;Iv>6F<>vcDTz@9rs*&fA)Nr~a6`4_28zoaaF1HVL
zo+HREG>*bb{BxupKai&41Cxb4tV$pJm@{`Eh~rN{;*W#S3NP5p)(R2r?EQDb+=Ib%
z-zzFhc;14u@@+$j;tPb903a0{%KDnrNH~j1YZRlxqg|Hn^j`K2*XA#mfd@k^$Ri@j
zD|7aYmx5u-AxiHq;1;PuEb?D|4kd=XpB4%(w0IH2`b!3H&2ZPpesLB3)zFn^&TF5$
zvU0<Y*2qBbp%o4)>XdL3mnf`MvDgaoEu`Bq9)wL5%J@Ukvgry0u`#2vYVnYO5cLn)
zub?kta{AA2_(6}X7O%6VsS(P-^hi@aO!YA|fb)O|C%dpPtvumwdE{FzBaOFpo`NZ0
zy2ipB47+BM{x>(mp3d*JLnIFqHrq9<Km`f{jH%ea;GhI}l6Pis=8k=2F}w%Ve!`|I
z#++KTjgq?L)V2_h$ER6``NOmFm^S5D{ws*@e^Apt?tP)}s$%-?zOm8XO~-Zg%0)B+
z*-1)k#ZpW2LYSc#wCtX#FDWlyk;~WSdK*9#Fa)p;o^f$<vUGxh5%ZkUiROiDVBZlC
zI)L%pl$jJSfcUODWkZV2>hbn*`OVC&Q60zIc`dvTNiBQP8ek`i)$&gV?`0QS?agQ<
z;}1UOsr@LESO!T??lfhuBWe;KFIONl_koS`@%a-8Njg<O7n_|RhkJ|%irAndMX<#P
z|G{U!T!y)-T-@IJKgDI{9UgAw^*r=k=)x0c3wfO77-kn<VpMrvxCgRNMOj68X-Xaz
zXVNvozteEDc44mlEyR2X^_qS~`x8?@M_I_zb~5&pQI9H#q@6v6mA#ue;X!R0z={6O
zz0Xs_hlh?wX_CovjRNt*3jR33KfYtcP{8=olEdZaaVtrjhr-`$Sw;M8VU#DOjSN|5
z(=vg%DtilyitZzG-(WDpis80M;p4%9WntHBy)Vp<o7A@|>)aOd8JD7>BZ+3+^N}C0
zGa;<}DgyGPGh1q3Sl<BFRDE5Z1MiCQ*mBSW|DYGm)-X87+1Y6nVYFbqnIH}3SBzMJ
zp~KDTwKa_fFDqd>iiXEl_~F5fiUj`VKEH~#?CsCDr^?PRe!$_fw44DU-y|OHx-&$4
zFf0{J9^{lb-)~s$hQdCpk=0XT-woI?{~KR%Duh@zDcB_*5*rA)I||mp6>gmPXfu@A
z*w;=J>H+sJOT3nMTlJ#C!gwn5M8Ps`vpDm>XgD06upHF3+0uEjou#tUU`8QW@Ug`{
zan8ra&27T2pu-_`MmWShGOMff!QOj~!h%A(!xaOOH09p11NYRqMw^0*ZMwEz31b+^
z-h1@N+9C!?kK^;9?33E4?8HDElE-c1`0;XeRdz~lb}S9}NAISMU96r^GjpwZ@Kg=(
z@s+8?5x2kNTaW(2e9*uj#*y@m3)Xa9y%3aV$r^a}9+ZVTd$<EVS<V9%;Px1A^&ozF
zLa?YO9MWeBCA-T<YZy-~%q#z;y+Jsv;D@|%Hq_|7Y1G3qxNk}BkM~9WW<vC}`k;ey
z)I4tod5k6P@|&5YdqDmX<ybi7&5(-5(QMw6Sb4)owCVVEc6K%+RY(gB&E9~1S&G=y
z>E0SwV$mo~Lu)^sz0{#-K|*@*u&CQ1s3~KXzr$VNks>A&UJLdI)%MoSlh3z}XA3QP
zJn+}rbmhK(6v{YKnvN)~+;+P*H>cw4Wa{qsQ#8v?%iO~kQZGk(_+D;L-Jn663A<E*
zrG72gXo89aKXqq5J9Nby+kA<(O)PO+fCxFZj8^dH`vuRKdTc5&<%`~(tLvYc7k@~Y
z=5!x}TS_P9Ar{Zt^{TsQQQFtih|TE;If6eNf{tAI(baL{7|=;vM+d%M@5Ym>IS_+a
zCz7NYH2wBlK<($RgnjQx+UU;1G|Aqos%v|f*X2`W`^I<Fq-c`i@T?1qcN8Qvcx#gy
z<_|klO@<ChI~*QlV{BK9Pj{5GQ}`F`5Ucrl?s9SV9ZP+;X>jus#8PEuQ5vpKBPzhp
zqIbYU4h+~k#D01X6pI`7^yA=f=Vct@uD`rDN+F=Cr$V#d%DnZqW>Ezh{tBIe5kdv<
z<U23NgD{z|nc-}05ePa9Z6bL2ih90S_&6<}Hi&ji(~t;6S}DAdlqGwn>}uj+auz9+
z_`GLNbg!#P1Zgpn0rmEEjc3@d3QRuX9W#iyGqQFX?{|IDVgN9H+`oAHpi9ow#%4^b
z%&FvPspGy?0lf4B4jk@Ta<;T&SXy5{OfOgGBlcW8Ln)VC6PKYgUFi#R)h=?X!3nKh
zT%0wo#c;)*&3V^w68|zt+Hc=u@S=SUBQ|ndEJM=s>U?7)x2@LH6h#NfwkkHXESxsf
zo$U65*Zf75u>_C3d^qH+bgt_;gRCnz9sVU2!|gF49gIgXEE}|}ta<(^Q?fTfdh4<*
z`V8IRF0A<FhnyzO*nf12O3>r@1Q&jC|L;~nL3%2bh~afouKbdDX4VsSTK4>WcXU6P
zhx~xgUzof5MI;tRf=eNE_8mRWU0m9#il&^Cp&=x4E*sY$hZ+NK9G8@$*D_mctF}g4
zDIdkKbr2rM3R;^#+X=hhf8cg&f3#E8*=uxnseuw^)yKXX9~y}FWXfLr>HNhL%H_^{
zuq(e5ez^*TX&%qg$0=~pZ_6!qUiZ<=1S#iIwskTTJ!}eTxbufu2^hcyKV6+><3Ztw
z?=4FIg9_e9L@U*AtRNv><LIM{3y$t1x%)uo2fV8vO<=e6+?lUkW!;un_B74bCs<H_
zkZ1lcweQpD`hvibUYr>=zMP40L{JQKOXkk-1!i#L2Zu_IW5XV#RLvs2zcxNFkQGKz
z<Nb({@qjlY?mIj(%Vio)g`m;h9kHh>W!AJgspP8#_u+Gw*vk2kY%&sv<G@3@?F5rw
z@WOKpFwWP^%ge;%Q^*gcUSH*cji9p@+`I4|1pehU2;UYJ6qN7DDUMHX6`vsaoV34r
zah*~Og!f5c!{kSf`-SG|qB}Kh`+~K(E{<FDz3L^YW*eN$OiaiVEYx9zTbC=xKf0W(
zIA}G-!o$Ny%HE!JBd6lx;%G%h!JMc)pMA*U{lE!ErdQ@F7iNm$VU{EOFj$8}UmtYT
zRNSkrWj9Sn$Zl3~<XfVISJXgF7DxS&mUAa5$%)tXkU5!bxUEs6_Z7Jtb6+1_AXk{7
zNZQ)P)!RY4TZfZZXantdnD%p2;F<L#E&~+*$X+;Nxms6mNu_a{&))3dFJaeF&C*^l
zP3Q#!v*8C5K1ihONbV|7m*f?1nvZEMcb;vJSEU#)NL*MUl{ZRkAm?uwi+(_a8d&(R
z`>TA!;Thsx;gEX<a*PbDF}!!#19`+mJYyvMnmP%<q#pJac|UjbX__-yG`Gm&Wdkpt
zL~hR7rgQ*#-2Lfx`?7kpvE*PAEIkO1SAe_wptJkkH=AqvJ3a7JmfWcok_i{9K-d9e
zFK-R{v}4+q(blH0m2!=&m;t{5PQY?E1j~>J3s3s4AS<9|)g>%?$RxH0QnN-rs6mv@
z43h%8Ad42zBMp-#nCxV#98geuyG-dKACJ-XW(`-qAKM?Fr0Vgc!F7AdC&t3<q>J{r
zxPkEY=T^`BlX(G?9*g)5?q`s7LpUkMpR7twbK<rF?8m|i78G^T+dzPxi@)v~eXZo_
zzfzUPMi?T!SxcC)%^JB3hVYzuUUP}w%PHE@;Lx1V_%+Y9`8t)7WHQ0<&t|8yh|Ne6
zR|T8A?OdZv7f1;AH$vU+^0m>BYrmsEdx=HIQJxr*b_Ro0sJ+{7WK-Caj18iTlpC@?
z@8LdRFM>CE*1=#6M>M}a>=IqN?IP3mwh;~mYm{8tJI<HzL!>C%Yt+Nu+>u3#_{iWk
z_`IfCBA1rVgHDGp%#G-j-Txp#1*UBnC9JT3!xEzTHoeYM&c2Xue^hIR_Q#e`it#I!
zc!luLeZE&g-<u22@)69+!EN;%IQ>ayjl~8qbIeGi*E0L3>&D*_e%O3m!=Rg=u65th
zNJK-I*WRfNjm<JaF1PU@8XB-y)&vZ;*81DZTey3bJPa7}YROZxm%}vo_0b}f^HfW&
zf;-GKg~iB%2|=#mZyOI9<0NtMf0I<UhMz~%07zr_C99sc9{rY%-<#dt@gRP!ASp#`
zB@E&?xTOsKpqy0@Le`0r?Ephc)OCW|!BkDpWZDL2RW|SG^rg|+`zd}UKapbiup-Kt
zx{^{5N0kbPTd$5JF@X6s#B$xT6Vl4x%3=Q?1e2%Wr*&6@8v1EMnPbziTXg219(&^{
zzUEoG>nyDNR;ROUaGe~?&@L|x^Gw#P^~_TF3z%A1bVnovZYJz}S#d@Bb3Xt-CPM}t
zm!az2>hT{mf!|E-W)g(xj89Ay3fTWfi1<>!-B4jKehd)=#Y%M137u+W&%y#^QxFqz
zUm3acwx$K5FfbEe!Lo%x2N9Pqf4CHF{d$&;(G3%NUN*i*rpcyv7^SDx?wWrso#^|n
z{<Fx607Gg&AgSfm2!A_|ZdtAB*lESM7G>%ygEeoF{4J5E3VT5WTq*j6B?ub6^_POY
z77%!rv%q)y1RO0F-It?m)ikC?5ZcE|XF_xToihn9<gq=cLVK~>4cwW?5o2ObR=DCy
zUIL65Q12Zf>LE&@;22zrY>!gk;xuhrd<TCvY>f{v2y4k#t-LgD6?0&6@r^7FPbk~^
zs$8yK{GxYBSzt)sL;G5&nq>8G$P*LC0>XQpi1A_JLnt*5Plxm;Yr~PoXv1jD$gu0z
z*h^9czcIb03fO_3u2Xc-iQA34J4!j-8V2NlhEr+0*n-ZUn%tprKc#cz|2;sh#*QSO
zn9UXL&9e)#K!2Gbx8S0?u)y9)I6?^Q9&<Yqt~_ei$%hZH0M5d%zO>^9lXVKn?z~@G
zD2}4Lm#F%M{q0Pp^ppSV>Mf(%h!!r;!KD;}yEIU|#jUtI6n8IB+}*X%0>$0krMO#h
zhvE{7dx|@}+<U+Ge!Tq3TFIQu<oG^Y2#WKBY;HyzX0$qXL0@y}d(b;@Slkr}Zb|=(
zj?A;2Euvd#X}H+&zx&SJ-0XNsn;Lmo!pq@@ROCPwSX^B)XLVw920|=lv)x|O4S~sk
zhe?x_w*E(ZNjeM){t{Q#I6FvX^t{fF0{DINub*CD$(@+zLl{Cuj+Qi=krQv%4k77B
zCS<!BlXuI|A=9E~)DBWvnu1{oRPaRk5eQqgrR~+-7Sx+2^H&$M<Fp|!o2*qmB&<NL
zqXLz6b@1H}-nSc53W;gwZO0Ypo4L$*iG}%jyOKP1{2A`8)<Be)AzoNF?{3HECaQ62
zWJl|i{NZ$42F1BAEejwdc3?#mZLvT@wY1M!H_de(1r3Lnt@dpRR|)=W$EAH(F1lG%
z9fk=#zaAXOL?ds~tsF)qYu0ws!=lAD$v?*R>}w4F!=l%_8g5@cI$rIxKokdB9+r=#
zI{mT?@<qjwR$1jh&#lUFu09t^9Vd{qPZ)srFaLgbc`-W3S}z&~W{H>YrkS@f3yT;|
z-Gmus4w9fElpeQL+W><keT)3(gWqZc9Ag9i^&Z!BD~+}Pz;43n@t!xq{SvoNTl{0$
z)e!Ic&;=|<&oiDtBLvfT^HJi=jrTmVvSz1AdzF=&1x&XLs<%e4>Ou9B1|&G^L^Z;u
zs7Y0vF?td@XIGBJ7L&Cd6tn-hWighQw>jcT-q5G;#uV$^ytfY&;)C3#Z&~A5bQ-eM
zOlpM2A+Yw{mCtMc2RGZ30qtkXOi%H+-5EqW=?T`W>|n^p_5dRJiaM?3upo|2`I@-$
z;>PcssRUL9U^%;(>DbefjnCqY$i+E)hC5$ZkE{ZGXI5vty3vwPEYC0q(yw$VqZR^;
zA|hsW`b%6q*;2rR;|tobP*$7q{Muv2!g4<jCjB`HT3mUYKfZR|k8uRLDOdkc%)MB@
zZ_OvoOLyAUm`DW;8?$L_Ajho@0zw!!|27>jzd?Bv>nmZF4HAzby?>!qEFV5({XXf0
zR51ZO6tKgnow_|N;EEK1YF}G|;(D7#wjBCg|JPWeiKYC=445VY)Mlz7*M689>m9E%
ze`o%#&;B?HD=<u+fHY<3=}|ggyzkO_`fkq@t~IYWyQXbKX=z(|8iose=C(z2x?TM<
zbFMdXb3*_?5$a7|bXRcvIq<YJq8qK!<>C`1TRmB2gfg`D_hEcfMmeKm6Lk&0f8(4v
zgmWX3j+4PMi5R%kq!@_=Z(E;dHr0@L>7<9;RQ^1FQdILLw(-$GlF`^FoLk;8J$x{)
z<yM@d{|+=*j>cho5kD!>?n@d<aO3nFi%r)!lt~7|k)Kg!Lb|6Q#yPgyW~m4=)ftJh
z$51SUe_yz>lu9Id&nNNYDl04TYElaRrY_UU(wK8)DOI3gQ3!kEJqnthEn?)#J_v>O
zo47vSoX$AfR+WWCq}m|{7OiV2t*ln0*t|!@87=pHc|t1Ih^Il?`az%1ziXekbRbXv
zvHR#_bPs@oo2<3yZW_7mxyb>*a}P$ie_w^oE3$K(8z?r>SVDU>yDZO(p6=7;6Ez_?
zGk=YDJKj++D+^x#An8%{!_Ly$+j&`tS134*$WK?(KYP(J(f`EAvw-lg7@okOq)w~U
z$Hnl3l6<`Q+uC>}edy*mEw*GomnAzZ-0-41=Iq~J{BVIi05_IDuRjU&qosa&XD>)(
ziY+Kgs>d|@qs`+XJXP(GdC^%eBOEhjfPhd3rNZ0XEySL}W+6&@`9x1sC6pDT>>|?1
z);N9OV1!fOcz37wQ<bpNVnpd%XR{pm%~<#!LNhn@)l>Sxx&Rp%KxEsLlr9^b);2~<
z#xMLKq^pYjE_*79&G{8-*V=t(?&fw~Ff*}PDA+#84W}B1<d_^?p|P<0xA#Qg;!A-c
zR?>LI-Bzb9?}V>uR2<>sKmy(U<$m#qs1m~D2~p4GMzmqgH|UE>ef_p~g~T7CigIxW
zI7A#^qxkL%#UiRNYT=-C8O>3F%z)GHZ&ut*=N-Z?sy=izo}aPBQhl=JrWO-^)BZ*S
z>RAboNu2pV`SY`d>*Z|vFFYom&p<U{nzUqF7)z?zAv-(!apk?NDRWTY-@h+MN56=n
zTkIb!dxSzI(~kG2E=~5>S#Gige;&7SE!$ByaVl<~tKtnwFykZ-ZC6bwW(yN&#DOH}
zi(tH|P5!P%IvQHa4i6#umFzUl6V$+8O_)C>`NkshhxvJOCXNYNGCdYAqpi|0zx9`u
z6ADLc!;H*{FfHqec`$kcN4;Qm%=|Xod3ovkn60Z%ak)|AxFHc<hy<a|w(_zFt*j~!
z2<`L5<a;aAD*XN1Y{499%2b~2vS)Jf9S!l=9%n%W>*&MlN2~N-9QmWuu&uU{!0By$
z(R?%vzMK;35N=JaOvJ}#ai$prv~_jcJZ=pyqaA?MGQ(x^=Ang8-y5his&D;7bIZeZ
zf{FUUc}0S8|IFRV4O>m^vb81OBf@gt=ZZEfO7rD++<l|X;=8*rwpjjt>F(=&)qR`E
zZNcVt)&|!P&E0ZFP0eVDM6rKtyx%CSw2Y@w*_<BU+a~PnnO!A`mZEz`{4RzdJ~|AG
zdsf0_hmo4$N^OxhGv??v_+AqNEGYzPC&G{_e*+tOhRf^g<k2Z_@;8xkEh{SKd~Sc0
z2s>@CWLyrb%7sl~rF6e8HruaT=R*kN1b!{7%%TEq1SSYzQL$2t84wO`xBJ~e0haJq
z|E*Rhu062h{yUt-{xlo9;VAlE#(w*&A9Z)DOH1?XLN5dGgBbVt8ETn&hWQv5oo$h!
zb#B9iQfZtogBn;57sx>o7zgw;c>uNfBqLk*g#cQ8IU=?Z9Rf6jmx`O136)ti>x$yF
zB^ByWPR{a^GD;J^PaSNgu<Eb>dr&PI;(gihN0bktRu!&iu)e<qIXPRBu4He=b>vY5
zFaf!%U%iZavmCby-_c30>dCf|2D2IgM1SB!%=Jtf-yo?ETtA{Asbf?k+YM1waF^qO
zDr8r=?$cgZgl|QY6KNt_V<K4~^-OAK2X|Gw52s?NMvIh>4#Ow8RR1BzIP&Tn7(}z|
zS0Trhm%}ty*}?%r850s>HiXw|klK%<B|mcnd~Rr_N){a~<C)jHyr_RQS&={<=tZ>_
z7Ga=BhKzE2Xj%u>PfCHcfR`<6^k>3vnpIq{0y(h5RM>$TS9P3?mg_WSrGuT670#3C
zpDANjZ9@aDy3Q_m4Gls6i=BgmVHAir=L@`6i{P@mR|1U{d6qg?=%%=fv-8yq3RH1Y
z>G!t-4lX1ovYN{3%BpI~n_V~*N=!^Fij7y8AoXU1sc+of&HVYax!dP)W4&<kQb>m9
zuoJdw@d$)O8JNdyipwZCH~87Ge^~1khdz@^{ySpG(b0+txLdTD<6rQrhfoU0YpJ`j
z=)rBaqA)u*Q}dwwTk*xreNBK;Lb_`#Su}yhIQVbNK+n$L#3lbND#@0N%@7);rCIkf
z|HGh1wxG{V7Rvtb%$A<Y;1bLELpgjHWXIp?*33LgSKtQVM>{Pa@?WTdb>HCLkSX67
zc6iP_^+VPjCo@$45H_J~jySqr4k~v0*$AJh6e*~$qKecv^7G~7P@EzVwU%Al8_=H9
z3}L<G=s{lGoyP#r8A^a&0ZRnW6f7|dER9Y9l?#>tJV&7AGG<_zLF@PVj<Vn~k+(8%
z;TMTp=X;p;0k<PR{r?C*YD+YU$%^QE+9*C9pcM0wNc)?cr+Mq)d?6SD7`e;KD?Iv+
zJMaI#j2y}y(E^%Bx)Rn^+w>pbdg&<CJ$Gw4oNRQhzji_uzx9WEOW>g_a!zz!Bt|B$
z;q_dapc|XIuXt)*C$x|LXDJQip_{haC)-w<b4&aVhmm@>swSR01t~ke52_%-pyaOC
z7nHnG2S`^{&4(c;JW0*q(6OiYKsfKdQcMgMCZ^^YBxh>hFEB!~u~JU?*$^f@93+*E
z=Z$S_BG;e>53cCdtn>5nD{j#s))`~J8#C9T@c$>OreR%hesN)nhxLJ*K9!FR4H$X;
z!rpmz@Vq~j15JF7&0upZySx_(OR&0~Q_!f2c1&B+HZ<JWSec~waw*`k(a29R`FJ>U
z-u^PA<^ZG8vK>e+=yGqs$U2fU^GCa0hGYVK!om&$3kwTtHpkEYIf+73rLmDcg*`Wu
z?wLg;kesZ{%vjBF+r(AW$AKS&B_UWaSs0IB$3_#o5tlgb+|kO>Y;@KyW>@EG@Q>e&
z30S@204p2m%OFe&f4MiY>`A6`T!{o4ii@ty`Qv4%fSH3Y$<|%(vOO3*Ce!vN;6E&_
zfoJo&(g!xg&9y@R2J7y}A-bpSqSx+Do}a(AKS2??q3ySt^Lmfhn1Kg_U9nW}&}k$;
z)DfM=@78@88T}pUW)VZ@gu@h*5+!I!GnMvxEG}z6Zqf;l?>w&P_qjyV&#Z9?ibx!C
zJF;y|dj0>G3-CRWJ~BfFo+hGkX8qvVu5s<r?{dfwdW|s6gcOXY-93jG@l9;L%Dedt
z>VM2~{}G64-~fosHZ|A$_u3~e>1+tIiD4Qe4JN`jVd{)J$;1`_YWx>>clU=dwfQ7`
zrP*NAgvC-~nUL8-@`UC!ZyP6D<uSyScfeN>Y&LHAz@!-%HylftCxx3NdU1XVUIZi!
z#5ScQD+}s%31nz6dQb?$!ccV?7>a^JQ`2nYX+|#Y%N7QHEcac|yGUUGb?9)LzMq-!
z<(X=H`Ugg2k&u9YyKP`ZfGI5Qt3$)Awvfx-c-OvKRZ<@j(Dx-zu)a{U*vj{5awKHl
zx{*9wj!9aiu#Z<M9&u~IWlC_-P+R@937)!97hGiUc=G}C519)G74Wsaft<#Gln}@*
z3Q5K+uApw>HJ<;eBz(y%bbHD?h8gJ+Bfl(1W99yUrkBI*z>d%uG^Z~v5k1IeNfd$>
zPksBxfKOZ3brRXBz5R8QW(>r}sR9a>Mjv5ie(&NYp+3lKS+}e-cQrdV)u5$m>hn%f
zt?^fPCYjD!Kn^!aZhChSpYzTz@$D`g0~ar^@4>&Su*3a~iE!5wDmXDv%=W^vi{(ds
z0m}kbRQPbX15|=QdoI`sOX1&C@pIx@MBr1DIw<Bun3u2BL-rfh0Y0Q{o(mC>Y2)VX
zxSZ})D^XG@pxz9L*i~Kr#4qgQWp8nFvgMlxGM|s1(S3igq>^c&Q>^EdZ18?n4y@0B
zMJDL&YHeDhO0qB<RiIk-sR=5QzBF6(V}WlkW&_|Tk@fLD>RVe=t@|8R5X^=g1rN;G
z4>;NCO;{8V!+kA6Gx5K<IB9j+=6B!R+?&*);S^=%ZbJwSF1oyYb2)7f0O+-Dw)OYR
zX=VG_g1!fzxjp4sa?e!g@orC7Ni!+aa&qX3T9~fz5Rv12r=QD8vKa}`wHd=qQrl=`
zabOWVG$RDbOMK*95ntWC+w{w5nj7N4c>+AV(lKOw+lG_~1ilOmL0s`T2{n4=(=;~I
zpBbvOkN3o@Xa|c8yLoSS)ZWOy0a#lF?6RU!wKM-1jAGzfNJv@e{6<3v#FwIxER;y@
z0|6hU%>iwC=$hN6i06<2hY1lpLcSWga&ZK`F%Y38qf+K}f{1zcwAb%Oz}HqQ7E$CX
z85!CGZ@RCC_D;C~iHbmi6OUfvI1`K`0$TiR4tN%G<4DB`xkI;lL(m6#O{$0hGVhR$
zTQ~H~ZTUu77vC>(#wJIz|7N{_rFmN_(|H}o<cx_g*of~eQrN7_aNe1~MNkjz2G8UY
zawv*TAUhIROuLWXGj52fexyl4CJcHj10NVjFl|jpU&Nwijq{dH{AlgA8zOM+8c&0w
zE2T|ufSf<-qKtSbcRFcMWa_klr>K?aFe$;_ba`<Mad{~#IVl^OHvV7$2P9PkGBdSo
zE0dWh0K0Ak&5uU2FEf38at!#Z*pdyVjP<gSZ)Vj;yfqG@XhcYkfZ9q~PCj#T11wSR
z8m1ymk@=umA+OR793E**2R2tiDA&TJ-S42pN;Q^guOXK~KO_+bQ#-&I`Vyj&$BZS|
z($NtmMO;8H4=2JjK?9EnF!xQ~^W`?4BTa7oMuY?Cs~Tpdp`X}<y3ES;uZ_6s_1k|*
zsbB+rVqTCSKlk0Gw0g_0b^Zei;xv6P!eE?wBmf&ifg{Ucg7<e;#0|31`7msPix?9D
z>g=*z>^-iqedbea6{y|6JGTrD>=I6Zk@-H2Ro17ewvo!>gNq_0mVOLB#H4oB5YV5p
zXZ+Slt}~O8Fe*5yu=-EPMT4^E5>KK9IRh?Ud1J`8pVLp{MTb_FS={Nd4GTKy1|6Pp
zH;YU~IA~Pv8*Gw@B4+%9D9AP%dcrPy%=Kz=31G;#w6w4fz|wD6AfP*ENKhy~_PhMX
zYIR0TEUc=~JXOTQ6~Dp)`tRr}D{WB`N;Y;1c#>AhL9G;-KMpc42YOrmXB4rDWEdt+
znzFeekT-rV{`q#pKZkGTyB0J0mriA%grAIt{=Vw@7@WQ&xh(8Y)Ecoh33)<lD4PB2
zYxj%=7Dul=QT6zk>xthzaHeNuIz=P&8<W+BAP40u-bh!^@r=TY@RKo|l(+F{k(MY6
zKc6&{U53h5x*#~^CsN3K0C+LemXA*x#KmRYMwpl1gvr`PMM2Xu*UWBC4A=%eQo+qP
z%|+92B6=wz;*MLV{XQ^DwSRii0|Rk49zbrowFH?gKJZ5s2uy|pWbgqI4nzstGF0GW
zq64JWW`El5@%rCq&2n>KFb~zWEd%vh*WGi$Ll;h@lU?X#CC~Ni*4i>GSt?5*{tLLX
zu#qv+eNw6n5E)?y?l?Y#!Q9R`NPtOvxs`)no{jlbGHS)~m>xKha<K@xA4;(envuE8
z96w2LNtwX;rodNI9mY@X`&Flx`}>puyfNE?lb?$DMqs%XOEP8AS%zN`0Wmp=tx^mX
zuLtQ3FE8kQ+1!*^g^peeB9Ne?#uOI&D*}Sxm4^5_Tyg~h6z0LTI)`_pDRi__Tj>#%
zUwfH6+Jk#g)rh97`2k&q`S4g=YZo#jLel2PdE7mz(+Z^QokZ{ykDh@456{CD23wiS
z6-dnD+BolJfWC*7TV*3W{7|I`LSUm#@-iz%&F+Vjde<8BQ9G>b6*~7${Zc(+eQX8-
z^i3q)yY~>oSJ3e``WrCj+qX!Ap-XL!e}gkJOx=&&a$~lM0R2KmB0Q$uEPf9S%r)IA
zO|4*KJ$D7;{Ggy-zuPsJy)eQ*%lmVjVVp|!7$Q~oZVx)7_-~Tr%nvrtVd!&M9mzZU
zl5a!|_zEW*9Gtvl(yUxu_#Z#$TF$wzIA|N4zi9u+i_9<O*5-FV(RSYyAsZ?KSG9%E
zVEh;e3JTJ!55tsIE7PYSBWWuq)KHHo@AU*BiZjg-e$)@#ZEI9Y>I+&CQK!Gz*tbDp
zW#v^b$J`V-Uu&($x3{$V&Q!%YG5*PEnf`lfD<^vsEE%9LPh1ofk;FV^oE2?J6s~LY
z?h8PJ5!|y8`@uRU1IsFX;W(O8F@eTu(%zhFX<@d5ZN92^da-}dd}y3ZQiUk|WswRs
zY9{nxp_!t7{38ns40KbP8fRwtKx*bIJKVUjc}=7xv6k%R(Rs<+A!N9#NKA-^V$<kc
z^vh*vQn$(-fp&FlyhU(VYbX|31hMT{+u+iPU-y(qp&W-^n=>ZlU8|4fVUxR=zq^UW
z&DImfZ@X9`fQq~41m7W7<TG>clChOzEq8-5)*o9UL-!L_1YrG~w(8ct(n7@`c{)*^
z@Ct}lM)sii`jJ`5D1DNEV9H0hp0XSAo)nNMmEvVrU9RIGB_^ieZ9tt4l#qyWt?%Mi
z4KxF4iCBk=a#2M!HaLru2}<^+SXe&xtg&;ZgZKg99H(o8pS)-DGcPB%kdTl7cawgE
z{<~4vK%Md=lkaf36soE*TZ^60S&k|FQ5=y!D6|>UF>E*t7mM#15qi`YH2ZPK0#2n_
zvIM+db~vW(`<Gx9(La#4s)<T&>BqCiWB;BO<0`Kox1H`t`sZRwa(1fT-=g=WQz7+P
z`^!)}{ss@vp_r`xf=?K-_-4nt7-AC7I<}pJN%X6)ZF^)w=I%igB3k1+J1===cJzBs
zac1qc3q@8Wk~7oO#zf(Ac3q72V}t9}=o8o0z6Y6&3+CLH&N+p{snPZmY_K})cH9ed
zF7rK}(L+H-P6Xpt#>xF{Y^yP7Mht2mX#xLo8(g<1lr5b2X{4_$5b*L;bSS^D9QQX4
zHVDcZ+j`QZWvdkC)631dCft8p<PDa=rH@ue%a3z*ayA9qd>nGJr9lSNzH!R?z4{3n
zG7-qj%0$rfMnxnOH(@&;*j^{9g7Y;1^wDyC=49GIciz35CophVSkVIq{3eOwW>=?`
zEJKT>SNs4(oIfWMw+SNgWD`dL5mYccS#@$UGK$Y9wEdy``+Kg`aKQV8uL%d3;y<IK
zWk0LSHNuBPl+_o?{4g2H?hGx`|M>O{(rxD3@c~CN4zaXR=|O6%2#kRHE)O##L>g0z
zj!u%74IdXV4RScw_H)c44b`R!<(qUxqv%TXIN6jz#5Pgb^M;X)8e>u)Yh?<xDtgk5
zgAk5&mABA7m+e-q=VO)!*LJv@{g*Gn5j~06Z0!^j43Mv%zJm)sm~8lM?}cJ5bL&m)
z7VVPr555UA&HF6USIDIAHy{^w&|jyMd~bU7!qrJcKvru|a@*O6iRQQ6@wfLKa@~S%
z^Vy%3p26$>T6_5!T-Bfj9MQrgLqkKQcnR!xv+4YRg;cM1r(u;k7NwASnYspDnA#ml
zhV~nfYWqBT|7QmCDszjXL{)Tv9rU&(z9FA=#WNJS&Fej&ldNOYS@R<anmfH5-+iDx
zlOEDNn-`71{{xmF<9m>SH8DB9@f2l4gkET)!XO)uH&7mPUO;{&-*GELXn<Wer%loO
zU52Y3n8qLnI28b(?eh=Nh|QiOj(b6PRIEFLo=NA=-w4=$-*TvMAb~geahR+_L`Zaj
zuPx{RJpuqq)aw4Q>Lu6%7ZGu6sC5Mkp3ldQeTR79Y6|YsoyazEOVKixk5I4!A|hi0
zPXQ1O^62hgrH$OL0DUbyP|T?^$^Z*iw+5B|hUwXHe?&lgl3->Jns}e8R3}Uoq!59i
z4?%#}wOcKfs`(o#;9XoAWhDTJzLUD5W?_X7Y@^iy=jHCRu=j|;3dn8PH$E))!;n`i
zRM7-LpO6D{&EWI^0IhoE;?dHXPgT7%>=!k7yk&Ynr$vY@mkPBnmVQdPYx(c(3@xev
zR@MH;v-e<pbfkU#ZoAD&8)tb2-6{CXI6{d^b;h*I<;2zOqCey!(jH%`?0UVWve|S)
zv)nT5Ibm*m9?%T~#w0h7y|FgrIwpc2{)_qTrv_QIM>2gPT+GF*Uc}LCgG4p1rnw1!
zd;i5VePazoUg`9?Er9r6HLcpWj}R{kALv%W0`0fgu4R4B*8@BAMMNTGHlBl6>Xam3
zL*08ehJJ0tTzKa-e-Q1lTQ{IfAWoWHNhM8*S?y-Lf3{68&g@LB$xi&PP#6)vcWoFZ
znNN={KCRguF~By2MHoB%6@he5;U3RaA}T>!`yor!gvgr>q&sxFY<4bHfE}K<fF2j6
zx$&)GK-3~FD<eaG&K0^L*f7yktGdGH9)oQ~9mduN<A<1*5l!!P<jP*#`t9ov4Ze5o
zBVkw_Z_%F{cAxZO;%iD<Nav1fHlS-e)i?R#`NiCP7g?bxCCv%tG&t!bR_gmy&Kpd4
zk#IPGwYq-3@NQK0gQ2Aq->Kc`S+!(fe2lW{r&St>6R#qjQLQC$Fll=Vc@;X1r_JnA
z1ts}yH`46#!8_w_rp$K-y4_jnBsu(4HZ8D0ei$1l+=1Y}1xDTU1v`UQCkuWJehpB%
zFscB#y1Cd58UCSyuf_m~#ca*YJ~NT$!vrQEKG7qz4i7q6x+S?NkZw*wCQhCcdGomU
z#+!o$G}ib)PY3r`Zhl3a0H}hxY^jIu?H;$T<}f~-x@lO1)3py|l6|L>p$~`^#cyj<
z7WYNQh9qYRb_}<DqVFkon2ro4;~_?k!$bSw@ml>crsGo$*+*=vot3AnD{(Ag=ZCAq
z2tDBQdgE(#``M=k53Rb-<I}9|foi~46=J~GcC6Sb?{n^6U)X+5z)mZJyL}HY_<E1>
zId)+%XUOP%F*^X#x9g4<;a5@;e()?<UgPhQ$3d|m?Ts<?qPX$FtO<1^z;4v^eq&<0
zt2&L0%XH!ob;*IH%e-DMT-?Lv@;k0?{+B!fmuF@kVYzV3ErpK+FsPyo4<O1H8lw@X
znotC4)g{4!JADIhjP6%BV6q1Xug7B;XN?;k?h8Qm86KcaIP(6q3e;kl14J!-^tYcl
zCG_+NQ@xl(A(Y;O8iBOmV<;$iJ@#O2Qxs%7@Ur9^?v_J78a-!p^4bUb*S0p?RPB@G
zA9we5>p|<>>lJKTwLV(v-PrN$;cakc+74sue%^?4>+IIUHW^ZRM?yh@**|STyyvu*
zfer3EY2cPgHE$}}eXry_AV3ZcpIV_#LC^7fS#}V5ny}#Kb3a+C4*KeCvG=Da%)1j4
zHdwX_4LM7rko0J^@nlSZUFzr4)3OQT@a@fY+#fh{?jvtse}C116UhTjPE1IOzsE*v
zh}mx9E~XBgh>`$j7VE6V*d?>YF(k&*%;=h@t^au|UKqs&u58q;q2OVK18QZ`i%*#i
zxmXv{UqzGiF}K{0KR9?D^C%lWwFf|9t{LkN+Nn9OCpo@1%0joTW|W<ZlIEv44r_rf
zl|<NYi2^6>#o%a&5zKWD_lo3y3S7u=q<bE(zIZdlT2x$L*ZA2jerWDEo1jaa4d)%h
zQOs{tvMY~hFtg+!v=&25feZYpZC;iNU<V>qehDpQYXBy7_D|AzW}zVsEYXP1Oh25W
z=V&-*5^*K3ecRy(Ce_2A<QTzAr;>GH8b5)B8&TUk2cLbY=FMjETAq!ejg9=}9_?(>
zzKS04_{tEfo%bRsWQHqQ#G!TN!d~P7rQ^P{l5da8LG!-;?+-eI3IJP89RMvUNQg9Z
z&YU$EzWMVRl+<3|yVtvxv6#~#YO$u_ATb+b<oPmwQZ(l9WaIG3X-ncD-Gf5dpXHkz
zgCkpr3ovOu*_1TP@Cg{6r3K^Uqtc7u7>C1*O9gR5X8x0qG?%i?*_aoTUPU1FcUq(h
z2@$MAP-3-U+a&SD*tqAD4X$RPm|36>HnClDa&q*HU54EN&1rg5XiIhSh_|`_u^_RI
z;mcIOd4TZ65^nc}Ue4XHv=IB3^zR2Dly`N!F*e0-V?Q;;@S%Fp!hfMs6#Yd2eg}{J
zj#r#nPS0|mFy-aq$L-Yb0Usj|4>zKpCs|Lz!Y}-TJ+;{=abv9c2t?z1y*kC;ai^EP
z!g!h5MUBad;i#NKbm5lnX-w$f!UYz7if~2lQ8HA?zhwy^OG!iWG&Ri^NP^*ozWBrE
z?B0ZpY+<HOwzeI*l{R*$=g4>i`*-hZBXyDqQb?i)^Tfa1Kp{V6gxp#`(=Rbo(`1-q
z2|aCY{}et;{{icwLuY=+Gt|;as<P=<JRFR8=qh-UD(Z{`1*ov?_4eJ%BNVnN_o{kJ
zC<Qr>@gQ62u3xsEoE#UrnihAtbTJ{K5Om$?dfcdNT+pSHW#<sQ98Q4PaHc!>4Xq+O
z$lxE66jsbbU(TQuLaqmd{(twG-cOg|5P%tz<fu*uTE|`we+u7LbU!E)q5On64bi<m
zQ?7X*=fQ%S0`7xQviaRCJU#CUx-Z6jZciVRe!d+2d|vW-T@84A3V6Z_Xow1dxf^=C
zoKHRfS-)L-rZeK@<7?fw^xs-Qc{vJV@r6DuEiLuGUe`nJ9$s&IUk|l}FXDc7xHms;
z89fd3SLJzh@2~UI9n3&|_itav0=yuP8?TeA@)Meu&Hl$mzDH^~@rXh%=RaR}l>JKe
zKZb;BDGl_FO|+cwP_c6hsA{L$a9uDbk+DokT)~-F)qxOUsH&`96({e$_9s~0te1nS
z*eOSd_bcR)9QgeA;^Ja<b~cV$+PX0vwM6Ggux^ED(cbTH%;=Ms{T|oQPbkSp;g>sH
zEZ=)LY`!)RY31O#f|;+`zBfCSBTCty+*UiGsKGreycqqrFyqIuv9X-jqk^A;H%kYO
zPX6|1K`0dT1V3PbdBPOoCMz-9yad>0<Fi|{xXJ=`EiIlfD?9vrdd2$a3fsIImmTDV
z>{^H4E5w#HVpevqF)d;DVVa%if3X61r)z7ChtQdsuPp>ogWcJ0b6{qzFNY3KH<Zst
z0ktms>p3r1C9i{!r!wKkdSNDl^*LqX$H;*D8bg=;tel7EfX8WZtmnU$ul;rWF_fLB
zH`LAR7U4Iqvn<cEGm)m9hTW`gDoC`PL$aGJuNSWd`ucaRSZlW{ixjU@uTwns-OqP6
zuY-bW`z!)pRu3CK5CFGmY;JB!@K!&bMn~cGfbwOnwdl$v;DN5Hb#O@Nrf#w8>^IEf
z(t0>hm!+=Z()*FW`<_?}L^j4-1N19HxF0q{N(k&yi>=yOA7)F!_C4Kv@Rr;0&;YO%
z&=a#a5RV7pGF&&<q(XK~qs}!%O4;e~NjPg-y8dog9pQ9ku7u6bVN(Uew)n*UM5Ij|
z$!3AJckkUR{D#Oq*8GRa=K;oDx#wP}L6@)BYjs|Qvsy5f=hg^af$j2&?S6GuOjg92
z2gDEDq+5lFm1VNmgGk7tWK{rbZnu~i7$B9h&#7r?qQ6^PTcQ5YcKILj!WYRri^w+F
zj3*Z6!pvJsb!Il}-f#?*OBNQ`Fo{5GbQEPmW5Xa#{r*S&FQH;O&AK1NFsxP5i(M`o
zAul@t&uQI{Hn90udGSl}0|(UWZpOj)@J+zW+3Vlu$wS=RwaY`{r>owXEp0B?HdQRX
zH4>pYtL3(<UhQ(oq1*14YQV$cSXlz6OOw!Cy0CD=<MivrCFR}jZI<U#<WTpGjJFqU
zT$0YfTUOi;6(m(Ixyk7|@xd8<k55H&B{7}b4q_(8uDqqm@+H|m?#@$ZL5|aWO7*US
z0ZDAMW6a$oM7Q5pH60yagQSzc`uhtRAvv#kHk-Udy;V}cOukSrBU}8%?o$-4S%E)P
zH>3L|N6=@lhT{39Hw5JtO5#2)3evV&{Ww1e!olXVlvEHNVQcs3JT~wNhb=uuwYvU=
zvH1Q&ptNn=>ps7(nHpD087pel)?$P$N0Z9R$}9?W7*i_ie=k{ochRp|T&=oU=CH(~
z5ID#hp+)`G*oM3g{B}|({63&sVHH`5*aLRT1eq4hfRf!Ssv>Mn`&lzH*IbVNlzFhH
zjPAm6p77s<X;viB$bt}ckD142Ik`k*i__e+pcI2c9w$VU4vl*9^77B-(@tco<G);D
z(qe5bs_J25j9SjqPRYx4cQyE7R2+N6mY{i?6~hP(_t1P2Z6vXAg<V(5N4~>#G1vRq
z_#Bh^o%|+I?kk;i4CQc!^E?(@Y>x;A0-O4rr$Vn0R!B2mK6RqfZ~5<e70akmJ*deS
zc;#BeV_W#b^D82anys8ZhqL1f)^<niW6Y+Kl~nWv2@M~%qS#K|nI=rDM%WSFfo_!Y
zqknPF1o64<IHnKMDGOdsNK<5I<vgxZz8qpb?I_1YVc>r^DN`pSCy&nm>SQug;Ric$
zKn!pAs4?bqbK1$t|2$r1sS-EwD>`~61vQz9nGoUy(R;a@%i;68Sgu^RrmeD=&EIWe
z=7#rZ#o<)YnBrnttltXrdVKoRR~^#KME;%u!I_A}5v{}y8*ea*=6#*cf_*cM9c~G7
zCJs|Bl56R25Vb5(x{TEXsDfToMaQhCX~tgA<KaH(rm{fleW_+a(Cc>2(?)Z4i|fmp
zni^q_*ObqO8a>`>Rg;79ty~Y2{D?^03Y+2REV*(`s%FLfSnX8Yb`iY0dK9uvW2AMf
zI%-F(8r|7|qgnZtbBC(C#WUQxlH2E!0HrETQVL?e*LA4><0`~^;(YOh;v<aV4rW$m
zOzLM9xIY<@YwhbtP!@QRs9(ki&K34P3Q&yy;_v@*IQUfX(_c?T{bNc>Bw+02)oNJd
z!^GY7cy||bo<OJkpZU~d-7Upsp{Pl}EW$DGvw+iL<Pe3=lMlovN-~B_2uE_}+8<so
z-_dORKN+O{_wq*GP#?%+jnH|dne;cwyZe&t4$t$gsh2h3yG<0Ke?tK;`!xa2$3LT>
z4@X+v=*)Cyz8}zX1EG{#;+t0Kx|RjG>K~FPxr_H<$}O-l4a!z7t`BWKJ!7b7udchM
zZw8#?(bIiBjJ9=`27Q^g6uwL=I|+p^f4gu4U431Bead0$LxHr|*!xdnL@6sMq)vF7
zLu#qc#->_GKr;7jaUdYlUqGi;d^zvD7p42Wb10t;n^p}DkblRp8=KkKS{7%<#AI<x
z4G&1c131V=%%Vib@WA$&FP@~Zb#Ui)uS)->rZyiS(=K);L3EX+dT|w;VO9`E6rP6`
zOe3oRx`Lkgs147QQ-fN=Lx&92n6NN~&hK!I?jIJPAd+G97~+iT8;+3G)5Y$af7Doy
zQ;_SXX6RBY0)TUz>6Rqt^**_hRh>afS@51001$;Q2HPF@e+BGo+nv8Wc0V<KLm%kN
z)*Jk&Wbm}m+~qeV=+S*_0DZVf>GpknzD4NC7EHM9dbt+(JWj(lf05<T@~yi-DNA4=
zMmdw$sq@M;gzB?y(czxEi$WZD#mn((s_U-xr{7h<>m$ok!>d5VX!nf`rOW51<$!-b
zXE1zsEMJ9yljZh(9-)Ws&hyFsDk-yDnKC|MkoNFZZJE*u<+5I_NfFqg3)%?r+WGVP
z)ci8}?PbU#;6R*`gn_4`clMY1+*j$Oy;45Nj$m(3_W4MmK!>Mn^r_D!N<ND43roOr
z3KkjfzvAYXrx*D-e)SH0;`?3Yr;LMyoTu%8Tjc;~^ZuK#E$GuE6oy~xd`vmMen{8D
zrBRny_+(*eA8|*tagY1T1jGVw<QI;d{OL%bkB9^HlrR6j1?)XLs1^EZQKOKc1q2ez
zRq*%@tPJ;!gP%@UmY&3(1|)enIMx-S7Z?dXfH7s6k~r*RPT8vqFt@?rctC_+2ZT8E
z=K{tsfkfhkH>_3zfs2|rXY6N5>wFicc^SxtL@+7J?#1p{yZhP7S9Ca5{u-*|YaSm1
z_I!G<ssU5-x^D1|uGQ2*T4&o(aE_83Y%UBFi^GHY9Nk4w^WXT9Hn5!x*uZ6)VbADZ
zJ79BbbkIqru%O$s%>lq0U0DfHbt8)**ov6c^KDXo_XG6xdH63i45nY&nYquZ_#&~B
zsi&=dP`S@YMnNLiGPlMUV`f1piS)KK$@EyCN5Lk_#9~v%YJf93Le`8|aZXh-nCj~n
zwE8#i#S1?XfXWI}$?GFj6Zx3H3!kvj;Bh69C?S$3rJsL0RW@GeYz?Lw3Lm{CT3k7~
z%y}KV?S%U2WeXt!N+3WiGO|>0SNM5O`1v>Gi&vg@VRb|r^x*I(kFFkm$FGjj1&fH%
zL?LVzT1Gxr0tNHant4*4WI<BQA*U$rKcjfRd|QX>%m<Mm3>@%*!8Q>x10V6_2i9pR
zh{?Qe0~zp+5bP>4-ACa>q(}gT$x6OzW9lj{Z**onbU%ghNu4RLh>F$v7x;_~T_eWi
zc$!0x)qJq>d;|^nRFj`I2#kY`8y*p7gdajLSC0qy?s3$+jGrvsn)~WdpmK!pLg*d8
zel5LxcfctxN{sC^>0QveZq1QPjoyG39GF(mY}33dQP@};+Xsgo`JD{Ev9YX?8@-Q4
zw!^Fy^tGsAY-N-l-Z3VGN<_i|7i^MV+$Bo~s52(<#xNy)ci|qh1raHar!H<+_qR+E
zMTbTVj}Mss-3&r-W9azTm&T`N$E`@lbj&QbkwP_eBN7-&^c5G;!lR5=K)}~Aknw#v
z4U+^OukI9A%2Y#!SHR%xY2iUz)9?xm`Nj6zt!UJ#q56hbXNG-j<*67@3B6+hUwe0U
zyK~FN(=!qkWNlLcMM*R;a5<vT%GxeCVvwk)fvtGmo~cS;F<IW+V$r(UOZ>JbXEtIu
z<~fek@h1dK54Jhg_-62E?YYfvMJJ>=(J6=+yg+L%MN<{+qM6#qN<(LrOj0DMVN(@C
z1ta`>q)n(+M29o!n(1Oo1@<5^$eZFS_J9pP46Z~;eh&-2<+*x^<c9sGSH5{1D+XzF
z_<|h6#JCNFHzfBixRh|l=H^?r(=+CzPDv#(Mma(nLf|^y<?jQz_W94tm+w1kwR5QF
z>>JZ`+-^NK$g^swYMd+Au~dlwsTLSMIrPK&tLN8W7C^EB!8W^Y5g@__7g&cleOOO1
zM>3|EJ>+qzfG>82m%Y-1IAI~r09GA5;HtOHr$6$FPiosDQpq|S+894&Wy@;|f9hy&
z;VH;31ppljxImdYGv(&-NxkY9+iWcFfe*TIw^<~1A~pPUY0L8ez+0nog7rGB>fzVz
zd=D{OxVQ;0%~?oDqiNkvD`UNlj1skRvQ7;iCh(`z=Efkmz5hlT4O`X(2y*y)Mm`DN
z((=I;MKwSU)N$AWSE6w+^TJU_!aL><z{Md05H!9qTbB0|I^Seo7U{n~`O|M#*1tRO
z<!Z@J+t2iSIJBgtr8RVmYM<Qup#yWHphC5E+UyA;e*<rY+&7(Mj)?8}(MamT+_j2f
z5&%LNs7)hR3-M$G12kLRj!!8l!whtFFD3|m&PE$~D{U4HiFpj>_<!~8+0JeI5b92y
zbmc1!g%gg#4rch=O^8SeczBmGR;a1_CoC@e!rs7GIqHnmf7AUkl4?;AjBt~s-U5^I
zJK&qa8lqHkcdoSuB!x8Mo)YG&Y{dvTDsdD*69;ho`e47XdTc{SbQ{3`JXA?|3Og(?
z)YgvJzS$suG(3$uuEOmvGoy8u;RV(39=p4Rop+>~T81RAw(xCN*XM%bxQStQI#_{l
zfLt6%oDe>c`VF9TZ4STJwUd$IB>9V(V=y*fwTwtorF}g+Bd0#i0Al@QVyZ8p{ylM4
zw}KU;pY_jR&w~n1PJ%|Yx|Fmu4B}SK@y|1?si7l^${yJv8AN&uoYc2Js)O-r7&B(@
zzXu7WZ#POH1R55wyaDRI13eYQx~RD&#laX|qW^Sn^B*$%pNHrho8;s`h>a_o8=a5#
zt-Hw?IZiyN@pY(PC2*(!uZ5)@ovr8|W6|wfS4x+iC?;@PqeNi@9(KF0OL9TKudWp;
z6_}CWO@F^Q^RJC7ZRH+&HRMi4+O`;TDZd>{9`iND6n-ep?crP(qUMa0^VRtH32+6I
zmQ7FRzE1nt*HleQ8k_Xm5TyuiKge}-i86*~OS<lECZQte0>GJ>eggoSW8D69V3WLT
z)7`q4&~ZVbMJiDP)sXtFTJ|++qrqrz&?VB`B@4Vhk=don^kgmuX>b9P3)dmAjFIG{
zU6;dcRg<vos{ZBUzD(7=;ks_)kCvd?An@96vEsJugr5kkPTb{Yc|52#6Bbj|(<6%1
zv`aNi)GbSyqd8ufLgv|XW=Xei<~qI@T_F1pNh)qTTs!HWdKiW>z}P;{gA@P%H#<=o
z|NE#TzgCu!1Pus8KsJ_U4sA<-HD@n&%l}-p<2g@Ki2=kAVZ#x}VyA}kYz}@{Zs{cX
zMM?`!{omD3pG73}n^SfM!@~3!n`Z;%dh)5^-@^l=aHh(_?En33SSi}g8#iBoKv?pv
zwuLCFC{pkUmg)A*vCNJg+<)#BR+K+gK6HFHi68((ni8rbN<SIFQ3?-20jNkoaI;T3
z`~Urt7PT+SR}(Qj?k$Xb6HQX>UwU?1jV&#;zkacE3aoMX4xsguyp?$*4c+_Sa|{1z
z(WD((t)tmWLLtsIteIjNcknKsSdPQvBNe#+eF+ITa&2d@MM#8~na;blIkoA#_P=oW
z_}{zkfUgtW!@-eqdMATOHt@mop^QUW=!HzLigjg^(R#ni0Uo&W8m{pE*2nzf0tPo#
zY3k`yqXwH2NvV{oP=gO*Ivj;Xj5~7#=K20to>(2Gi-EigIzAYTa<X>PH=dv@bU*JP
z@N`m7M=Wj@6_!o!pj?B79~axzS8>wThYWu(oPq#{z=%&f>37*qXVlWr5nyWS>)Qbe
z1$xTe8bz5mm#T&;kF76Fs<V^-TOIZo^|R^RXDcV65sRp-*ftV~A8BQs{rA>dUG|GD
zQdDP3qmW$Jry28)*gw9*wtpWpHcpeDC^xrImQa%IcOi>CQwa2k`CSu8v_*|QN3GUW
zrNY){|7{6j9QNJi6yW?LHhOnE`RE9Gb8L%&!LR5rZ_1%9vi^s6>ZdH!0M+l>a#HjN
z18TiY3jolVZ|ghp#`~eKSEOg6oF#|YHtwDDbU_leS|aQlEt)y!_`kB_dah?Z`Ie%b
zv`BS8`SUH_pT7}DMu70)K|nmb#2Y{&3Uz5l+v4+*jYt>?!{X5YHD-I%|F2!!BVMgo
zaCwj|AlBkTKIS)9!C_0RCFOX;(lP#D(_vmXu3ma`Y+rN?e&-DFs+Jp`eI_h8b5aNt
z+pGu)gj>X5xNJ<34z2jacS%dY<^Hlvf-rRo{m-)xpNFs?G*-6k^*-0FatTBE^IlV{
z`SwPqtdcZ*q-_8D46qLO{@dADf<Lw)#J`UK03k|Y>$)*}w42;_8}4)3>{^STg-!mq
z6AA|=wZl^3tv#bE)<Q#DMqQVNbXM!Mp3j55S3PR2HPyNgC)WRhW*eWAoz_>4AQhQ}
zD7*h{(1a7s$MXZDw1&GH>EbjrEeoqB)D5eIb8~+x$Z$jze2Ocm+)HE2c+M*1zC?~6
zIco76u=ZIC+SkC+(cqjBnC|8Jiq`&bC}6>9prGDb8KhC8)bj9=gv$r7Z$qw$(gozv
zx2!FtbD6f=Lur3*|6fny`GOlO9Q@xuBW@en_>|Ya<~u4<Akc2;0Cuz|o!nqLc5Nn1
yeLp_`{ND~e^tP|*$iBvysqNRN2*=LLr&s-v<p;4<2|fV!l9g1Fs1`F0{(k^B)wwbN


From 6786e758ae36430ebab66391a9336ca0a88edce2 Mon Sep 17 00:00:00 2001
From: Albert Zhang <zhgwenming@gmail.com>
Date: Tue, 15 Jul 2014 07:52:50 -0400
Subject: [PATCH 130/516] since moved the ./dockerinit mount into lxc driver,
 fix the lxc testcase accordingly

Docker-DCO-1.1-Signed-off-by: Albert Zhang <zhgwenming@gmail.com> (github: zhgwenming)
Upstream-commit: b3b6e05f261cadc2ac4a6eb12090920c32043915
Component: engine
---
 .../engine/daemon/execdriver/lxc/lxc_template_unit_test.go    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
index a9a67c421c..ad967818a3 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
@@ -35,7 +35,7 @@ func TestLXCConfig(t *testing.T) {
 		cpu    = cpuMin + rand.Intn(cpuMax-cpuMin)
 	)
 
-	driver, err := NewDriver(root, false)
+	driver, err := NewDriver(root, "", false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -71,7 +71,7 @@ func TestCustomLxcConfig(t *testing.T) {
 
 	os.MkdirAll(path.Join(root, "containers", "1"), 0777)
 
-	driver, err := NewDriver(root, false)
+	driver, err := NewDriver(root, "", false)
 	if err != nil {
 		t.Fatal(err)
 	}

From ceb0c3835ceeb20e60cf1f610a52841d57f3db54 Mon Sep 17 00:00:00 2001
From: Harald Albers <albers@users.noreply.github.com>
Date: Tue, 15 Jul 2014 14:18:28 +0200
Subject: [PATCH 131/516] no need to create a link to the docker binary
 Upstream-commit: 88c601764415416e291d492b137f09e9fa175106 Component: engine

---
 components/engine/docs/sources/installation/debian.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/debian.md b/components/engine/docs/sources/installation/debian.md
index 0ad54b4328..4fd3465e62 100644
--- a/components/engine/docs/sources/installation/debian.md
+++ b/components/engine/docs/sources/installation/debian.md
@@ -23,7 +23,6 @@ To install the latest Debian package (may not be the latest Docker release):
 
     $ sudo apt-get update
     $ sudo apt-get install docker.io
-    $ sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
     $ sudo sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io
 
 To verify that everything has worked as expected:

From 9e62037a6bb5c31e0baf4a452539c85e2655c502 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Pailloncy?= <mpapo.dev@gmail.com>
Date: Mon, 7 Jul 2014 23:17:54 +0200
Subject: [PATCH 132/516] =?UTF-8?q?Add=20small=20note=20about=20AUFS=20lay?=
 =?UTF-8?q?er=20limitation=20Docker-DCO-1.1-Signed-off-by:=20Micha=C3=ABl?=
 =?UTF-8?q?=20Pailloncy=20<mpapo.dev@gmail.com>=20(github:=20mpapo)=20Upst?=
 =?UTF-8?q?ream-commit:=20d91d381856b7c91fa992c3cd1943f27c269219f2=20Compo?=
 =?UTF-8?q?nent:=20engine?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 components/engine/docs/sources/userguide/dockerimages.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/components/engine/docs/sources/userguide/dockerimages.md b/components/engine/docs/sources/userguide/dockerimages.md
index c3f5461c2f..5056361053 100644
--- a/components/engine/docs/sources/userguide/dockerimages.md
+++ b/components/engine/docs/sources/userguide/dockerimages.md
@@ -328,6 +328,13 @@ instructions have executed we're left with the `324104cde6ad` image
 (also helpfully tagged as `ouruser/sinatra:v2`) and all intermediate
 containers will get removed to clean things up.
 
+> **Note:** 
+> Due to a AUFS limitation, an image can't have more than 127 layers 
+> (see [this PR](https://github.com/dotcloud/docker/pull/2897)).
+> This means that a Dockerfile can't create more than 127 containers
+> during a build (each RUN command creates a new container).
+> An image flatten strategy is discussed [here](https://github.com/dotcloud/docker/issues/332).
+
 We can then create a container from our new image.
 
     $ sudo docker run -t -i ouruser/sinatra:v2 /bin/bash

From 6c75ad07a9e41260825c8231f41207dad47f7460 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Pailloncy?= <mpapo.dev@gmail.com>
Date: Tue, 15 Jul 2014 21:48:08 +0200
Subject: [PATCH 133/516] =?UTF-8?q?Update=20small=20note=20about=20layer?=
 =?UTF-8?q?=20limitation=20Docker-DCO-1.1-Signed-off-by:=20Micha=C3=ABl=20?=
 =?UTF-8?q?Pailloncy=20<mpapo.dev@gmail.com>=20(github:=20mpapo)=20Upstrea?=
 =?UTF-8?q?m-commit:=202a230729dae91a54cfe617843b1dd7141ad51948=20Componen?=
 =?UTF-8?q?t:=20engine?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 components/engine/docs/sources/userguide/dockerimages.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockerimages.md b/components/engine/docs/sources/userguide/dockerimages.md
index 5056361053..26f969abe8 100644
--- a/components/engine/docs/sources/userguide/dockerimages.md
+++ b/components/engine/docs/sources/userguide/dockerimages.md
@@ -329,11 +329,9 @@ instructions have executed we're left with the `324104cde6ad` image
 containers will get removed to clean things up.
 
 > **Note:** 
-> Due to a AUFS limitation, an image can't have more than 127 layers 
-> (see [this PR](https://github.com/dotcloud/docker/pull/2897)).
-> This means that a Dockerfile can't create more than 127 containers
-> during a build (each RUN command creates a new container).
-> An image flatten strategy is discussed [here](https://github.com/dotcloud/docker/issues/332).
+> An image can't have more than 127 layers regardless of the storage driver.
+> This limitation is set globally to encourage optimization of the overall 
+> size of images.
 
 We can then create a container from our new image.
 

From 19c5a08bfaf360d1bc70aca4231b010c110c9a15 Mon Sep 17 00:00:00 2001
From: Henning Sprang <henning.sprang@gmail.com>
Date: Tue, 15 Jul 2014 22:24:08 +0200
Subject: [PATCH 134/516] Adjust Link description to match target

The target document headline is "Managing data in containers" and so should the link be named.
Upstream-commit: fb51a330bb1bfb442f2e220a39a991ea0c69c69b
Component: engine
---
 components/engine/docs/sources/reference/run.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index f8ced8d734..9e4ba574df 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -435,8 +435,8 @@ mechanism to communicate with a linked container by its alias:
     --volumes-from="": Mount all volumes from the given container(s)
 
 The volumes commands are complex enough to have their own documentation
-in section [*Share Directories via
-Volumes*](/userguide/dockervolumes/#volume-def).  A developer can define
+in section [*Managing data in 
+containers*](/userguide/dockervolumes/#volume-def). A developer can define
 one or more `VOLUME`'s associated with an image, but only the operator
 can give access from one container to another (or from a container to a
 volume mounted on the host).

From 8d23a98c519fa3c12c07c22ec789634a6a00145e Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Tue, 15 Jul 2014 16:40:43 -0400
Subject: [PATCH 135/516] Removed legacy api.md file

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: 4fc8edd0df742a559fe6a4961223a644ab088fa7
Component: engine
---
 .../engine/docs/sources/reference/api.md      | 87 -------------------
 1 file changed, 87 deletions(-)
 delete mode 100644 components/engine/docs/sources/reference/api.md

diff --git a/components/engine/docs/sources/reference/api.md b/components/engine/docs/sources/reference/api.md
deleted file mode 100644
index b617211037..0000000000
--- a/components/engine/docs/sources/reference/api.md
+++ /dev/null
@@ -1,87 +0,0 @@
-# APIs
-
-Your programs and scripts can access Docker's functionality via these
-interfaces:
-
- - [Registry & Index Spec](registry_index_spec/)
-    - [1. The 3 roles](registry_index_spec/#the-3-roles)
-        - [1.1 Index](registry_index_spec/#index)
-        - [1.2 Registry](registry_index_spec/#registry)
-        - [1.3 Docker](registry_index_spec/#docker)
-
-    - [2. Workflow](registry_index_spec/#workflow)
-        - [2.1 Pull](registry_index_spec/#pull)
-        - [2.2 Push](registry_index_spec/#push)
-        - [2.3 Delete](registry_index_spec/#delete)
-
-    - [3. How to use the Registry in standalone mode](registry_index_spec/#how-to-use-the-registry-in-standalone-mode)
-        - [3.1 Without an Index](registry_index_spec/#without-an-index)
-        - [3.2 With an Index](registry_index_spec/#with-an-index)
-
-    - [4. The API](registry_index_spec/#the-api)
-        - [4.1 Images](registry_index_spec/#images)
-        - [4.2 Users](registry_index_spec/#users)
-        - [4.3 Tags (Registry)](registry_index_spec/#tags-registry)
-        - [4.4 Images (Index)](registry_index_spec/#images-index)
-        - [4.5 Repositories](registry_index_spec/#repositories)
-
-    - [5. Chaining Registries](registry_index_spec/#chaining-registries)
-    - [6. Authentication & Authorization](registry_index_spec/#authentication-authorization)
-        - [6.1 On the Index](registry_index_spec/#on-the-index)
-        - [6.2 On the Registry](registry_index_spec/#on-the-registry)
-
-    - [7 Document Version](registry_index_spec/#document-version)
-
- - [Docker Registry API](registry_api/)
-    - [1. Brief introduction](registry_api/#brief-introduction)
-    - [2. Endpoints](registry_api/#endpoints)
-        - [2.1 Images](registry_api/#images)
-        - [2.2 Tags](registry_api/#tags)
-        - [2.3 Repositories](registry_api/#repositories)
-        - [2.4 Status](registry_api/#status)
-
-    - [3 Authorization](registry_api/#authorization)
-
- - [Docker Hub API](index_api/)
-    - [1. Brief introduction](index_api/#brief-introduction)
-    - [2. Endpoints](index_api/#endpoints)
-        - [2.1 Repository](index_api/#repository)
-        - [2.2 Users](index_api/#users)
-        - [2.3 Search](index_api/#search)
-
- - [Docker Remote API](docker_remote_api/)
-    - [1. Brief introduction](docker_remote_api/#brief-introduction)
-    - [2. Versions](docker_remote_api/#versions)
-        - [v1.12](docker_remote_api/#v1-12)
-        - [v1.11](docker_remote_api/#v1-11)
-        - [v1.10](docker_remote_api/#v1-10)
-        - [v1.9](docker_remote_api/#v1-9)
-        - [v1.8](docker_remote_api/#v1-8)
-        - [v1.7](docker_remote_api/#v1-7)
-        - [v1.6](docker_remote_api/#v1-6)
-        - [v1.5](docker_remote_api/#v1-5)
-        - [v1.4](docker_remote_api/#v1-4)
-        - [v1.3](docker_remote_api/#v1-3)
-        - [v1.2](docker_remote_api/#v1-2)
-        - [v1.1](docker_remote_api/#v1-1)
-        - [v1.0](docker_remote_api/#v1-0)
-
- - [Docker Remote API Client Libraries](remote_api_client_libraries/)
- - [docker.io OAuth API](docker_io_oauth_api/)
-    - [1. Brief introduction](docker_io_oauth_api/#brief-introduction)
-    - [2. Register Your Application](docker_io_oauth_api/#register-your-application)
-    - [3. Endpoints](docker_io_oauth_api/#endpoints)
-        - [3.1 Get an Authorization Code](docker_io_oauth_api/#get-an-authorization-code)
-        - [3.2 Get an Access Token](docker_io_oauth_api/#get-an-access-token)
-        - [3.3 Refresh a Token](docker_io_oauth_api/#refresh-a-token)
-
-    - [4. Use an Access Token with the API](docker_io_oauth_api/#use-an-access-token-with-the-api)
-
- - [docker.io Accounts API](docker_io_accounts_api/)
-    - [1. Endpoints](docker_io_accounts_api/#endpoints)
-        - [1.1 Get a single user](docker_io_accounts_api/#get-a-single-user)
-        - [1.2 Update a single user](docker_io_accounts_api/#update-a-single-user)
-        - [1.3 List email addresses for a user](docker_io_accounts_api/#list-email-addresses-for-a-user)
-        - [1.4 Add email address for a user](docker_io_accounts_api/#add-email-address-for-a-user)
-        - [1.5 Update an email address for a user](docker_io_accounts_api/#update-an-email-address-for-a-user)
-        - [1.6 Delete email address for a user](docker_io_accounts_api/#delete-email-address-for-a-user)

From 4e422543813f7a3319ffb274079979b40e168772 Mon Sep 17 00:00:00 2001
From: James Kyle <james@jameskyle.org>
Date: Wed, 9 Jul 2014 10:05:16 -0700
Subject: [PATCH 136/516] Closes 6937. Allows setting of docker config dir.

Can now dynamically set the docker config directory through an
environment variable.

export DOCKER_CONFIG=/path/to/docker_config/

Default behavior remains the same, e.g. ~/.docker

Documentation for change added to the https.md docs.

Docker-DCO-1.1-Signed-off-by: James A. Kyle <james@jameskyle.org> (github: jameskyle)
Upstream-commit: c0471ee35aa58a99b423ad914301194e8f3663c1
Component: engine
---
 components/engine/docker/docker.go               | 12 ++++++++----
 components/engine/docs/sources/articles/https.md |  7 ++++++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index e21d0a4d70..cd3a29be0d 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"net"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strings"
 
@@ -29,10 +30,13 @@ const (
 )
 
 var (
-	dockerConfDir = os.Getenv("HOME") + "/.docker/"
+	dockerConfDir = os.Getenv("DOCKER_CONFIG")
 )
 
 func main() {
+	if len(dockerConfDir) == 0 {
+		dockerConfDir = filepath.Join(os.Getenv("HOME"), ".docker")
+	}
 	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
 		// Running in init mode
 		sysinit.SysInit()
@@ -63,9 +67,9 @@ func main() {
 		flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available")
 		flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
 		flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
-		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
-		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
-		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
+		flCa                 = flag.String([]string{"-tlscacert"}, filepath.Join(dockerConfDir, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
+		flCert               = flag.String([]string{"-tlscert"}, filepath.Join(dockerConfDir, defaultCertFile), "Path to TLS certificate file")
+		flKey                = flag.String([]string{"-tlskey"}, filepath.Join(dockerConfDir, defaultKeyFile), "Path to TLS key file")
 		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
 	)
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index 81570105e6..7b801889ab 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -125,4 +125,9 @@ Docker in various other modes by mixing the flags.
    certificate, authenticate server based on given CA
 
 The client will send its client certificate if found, so you just need
-to drop your keys into ~/.docker/<ca, cert or key>.pem
+to drop your keys into ~/.docker/<ca, cert or key>.pem. Alternatively, if you
+want to store your keys in another location, you can specify that location
+using the environment variable `DOCKER_CONFIG`.
+
+    $ export DOCKER_CONFIG=${HOME}/.dockers/zone1/
+    $ docker --tlsverify ps

From 842f5a9ee6e9b5f014232b7e29b0a242e5e59f85 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 11 Jul 2014 23:01:23 +0000
Subject: [PATCH 137/516] missing doc for 6896

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 01d16150019c9ffb12779d88bdfe3bc146d44408
Component: engine
---
 .../engine/docs/sources/reference/api/docker_remote_api.md  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index c2916e5de0..65bb4f3870 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -49,6 +49,12 @@ You can now use the `kill` parameter to kill running containers before removal.
 The `hostConfig` option now accepts the field `CapAdd`, which specifies a list of capabilities
 to add, and the field `CapDrop`, which specifies a list of capabilities to drop.
 
+`POST /images/create`
+
+**New!**
+Parameters `fromImage` and `repo` can now embed the tag using the syntax `repo:tag`,
+therefore the `tag` parameter is obsolete.
+
 ## v1.13
 
 ### Full Documentation

From cadd66b6cffee6846d10c9d96e3843cf9535acdb Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Sun, 22 Jun 2014 16:33:19 -0700
Subject: [PATCH 138/516] Add cli.md documentation for docker-pause and
 docker-unpause

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: 5b8a6eb05f8c69670814e400f7f85ae221c8bae4
Component: engine
---
 .../engine/docs/sources/reference/commandline/cli.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index e9d21cac47..e31e3eee45 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -760,6 +760,12 @@ log entry.
 
     Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
 
+## pause
+
+    Usage: docker pause CONTAINER
+
+    Pause all processes within a container
+
 ## ps
 
     Usage: docker ps [OPTIONS]
@@ -1263,6 +1269,12 @@ them to [*Share Images via Repositories*](
 
     Display the running processes of a container
 
+## unpause
+
+    Usage: docker unpause CONTAINER
+
+    Pause all processes within a container
+
 ## version
 
     Usage: docker version

From 5d75903f2b9b73cb94b412692098663c47e08110 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Tue, 8 Jul 2014 21:47:55 -0400
Subject: [PATCH 139/516] Add cgroups freezer info

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: SvenDowideit)
Upstream-commit: 3957d72f9cd613fa8a0eeb03517e4f78f9cc58f1
Component: engine
---
 .../engine/docs/sources/reference/commandline/cli.md  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index e31e3eee45..d75f2b1443 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -764,7 +764,14 @@ log entry.
 
     Usage: docker pause CONTAINER
 
-    Pause all processes within a container
+    Pause uses the cgroups freezer to suspend all processes in a container.
+    Traditionally when suspending a process the SIGSTOP signal is used,
+    which is observable by the process being suspended. With the cgroups freezer
+    the process is unaware, and unable to capture, that it is being suspended,
+    and subsequently resumed.
+
+    For for information on the cgroups freezer see:
+    https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt
 
 ## ps
 
@@ -1273,7 +1280,7 @@ them to [*Share Images via Repositories*](
 
     Usage: docker unpause CONTAINER
 
-    Pause all processes within a container
+    Resumes a paused container.
 
 ## version
 

From 5dba8f7a96449373501638ae49bebbeb134b1936 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Tue, 15 Jul 2014 10:02:29 +1000
Subject: [PATCH 140/516] re-jig the info into all the places

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 58955a30ffffb8e9dafb8593f4513d6dae53abfd
Component: engine
---
 components/engine/docs/man/docker-pause.1.md  | 12 ++++++++++
 .../engine/docs/man/docker-unpause.1.md       |  9 +++++++
 .../docs/sources/reference/commandline/cli.md | 24 +++++++++++++------
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/components/engine/docs/man/docker-pause.1.md b/components/engine/docs/man/docker-pause.1.md
index e6c0c2455d..7b4b091a06 100644
--- a/components/engine/docs/man/docker-pause.1.md
+++ b/components/engine/docs/man/docker-pause.1.md
@@ -8,6 +8,18 @@ docker-pause - Pause all processes within a container
 **docker pause**
 CONTAINER
 
+# DESCRIPTION
+
+The `docker pause` command uses the cgroups freezer to suspend all processes in
+a container.  Traditionally when suspending a process the `SIGSTOP` signal is
+used, which is observable by the process being suspended. With the cgroups freezer
+the process is unaware, and unable to capture, that it is being suspended,
+and subsequently resumed.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
+further details.
+
 # OPTIONS
 There are no available options.
 
diff --git a/components/engine/docs/man/docker-unpause.1.md b/components/engine/docs/man/docker-unpause.1.md
index 8949548b67..dfce16324e 100644
--- a/components/engine/docs/man/docker-unpause.1.md
+++ b/components/engine/docs/man/docker-unpause.1.md
@@ -8,6 +8,15 @@ docker-unpause - Unpause all processes within a container
 **docker unpause**
 CONTAINER
 
+# DESCRIPTION
+
+The `docker unpause` command uses the cgroups freezer to un-suspend all
+processes in a container.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
+further details.
+
 # OPTIONS
 There are no available options.
 
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index d75f2b1443..dac7c1610b 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -764,14 +764,17 @@ log entry.
 
     Usage: docker pause CONTAINER
 
-    Pause uses the cgroups freezer to suspend all processes in a container.
-    Traditionally when suspending a process the SIGSTOP signal is used,
-    which is observable by the process being suspended. With the cgroups freezer
-    the process is unaware, and unable to capture, that it is being suspended,
-    and subsequently resumed.
+    Pause all processes within a container
 
-    For for information on the cgroups freezer see:
-    https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt
+The `docker pause` command uses the cgroups freezer to suspend all processes in
+a container.  Traditionally when suspending a process the `SIGSTOP` signal is
+used, which is observable by the process being suspended. With the cgroups freezer
+the process is unaware, and unable to capture, that it is being suspended,
+and subsequently resumed.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
+further details.
 
 ## ps
 
@@ -1282,6 +1285,13 @@ them to [*Share Images via Repositories*](
 
     Resumes a paused container.
 
+The `docker unpause` command uses the cgroups freezer to un-suspend all
+processes in a container.
+
+See the [cgroups freezer documentation]
+(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
+further details.
+
 ## version
 
     Usage: docker version

From 60e4a1f5df6c9551c3901e787b7196fd57fc9bff Mon Sep 17 00:00:00 2001
From: William Henry <whenry@redhat.com>
Date: Tue, 15 Jul 2014 15:56:48 -0600
Subject: [PATCH 141/516] Change HTTP code: 404 to a more user friendly Image
 Not found msg

Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)
Upstream-commit: b45e8fa945f9c8ba1fa5ef5ae15a9c2e51a3c926
Component: engine
---
 components/engine/server/server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 114a3bf46d..1bc679ccd7 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -1195,7 +1195,12 @@ func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName
 
 	repoData, err := r.GetRepositoryData(remoteName)
 	if err != nil {
-		return err
+		if strings.Contains(err.Error(), "HTTP code: 404") {
+			return fmt.Errorf("Error: image %s not found", remoteName)
+		} else {
+			// Unexpected HTTP error
+			return err
+		}
 	}
 
 	utils.Debugf("Retrieving the tag list")

From 69f799334bbd336c89319ad0041a603525a99ea9 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Tue, 15 Jul 2014 17:41:59 -0700
Subject: [PATCH 142/516] docs/google: bump container-vm image version

    Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: c6197058a87e18ba7c7568fbc7d3fb29db79766d
Component: engine
---
 components/engine/docs/sources/installation/google.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/google.md b/components/engine/docs/sources/installation/google.md
index 6c1e9b4f50..3f61ef8f49 100644
--- a/components/engine/docs/sources/installation/google.md
+++ b/components/engine/docs/sources/installation/google.md
@@ -20,7 +20,7 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput
    (select a zone close to you and the desired instance size)
 
         $ gcloud compute instances create docker-playground \
-          --image https://www.googleapis.com/compute/v1/projects/google-containers/global/images/container-vm-v20140522 \
+          --image https://www.googleapis.com/compute/v1/projects/google-containers/global/images/container-vm-v20140710 \
           --zone us-central1-a \
           --machine-type f1-micro
 

From 3db76fe5b300f410d718a7e47e8a03d3db5cd8f7 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Wed, 16 Jul 2014 11:02:44 +1000
Subject: [PATCH 143/516] re-write to put the emphasis on the  format

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: ed8b017ee085c26dadd6a976a89d63322a02738b
Component: engine
---
 .../engine/docs/sources/reference/api/docker_remote_api.md   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 65bb4f3870..a5bf3d577b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -52,8 +52,9 @@ to add, and the field `CapDrop`, which specifies a list of capabilities to drop.
 `POST /images/create`
 
 **New!**
-Parameters `fromImage` and `repo` can now embed the tag using the syntax `repo:tag`,
-therefore the `tag` parameter is obsolete.
+The `fromImage` and `repo` parameters now supports the `repo:tag` format.
+Consequently,  the `tag` parameter is now obsolete. Using the new format and
+the `tag` parameter at the same time will return an error.
 
 ## v1.13
 

From 781eab6c3f988c5403ab1f0792b3f8249b5fc338 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Wed, 16 Jul 2014 11:46:18 +1000
Subject: [PATCH 144/516] the package now adds the bash_completion too

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: fa5bce2859e0b0fc3eeade3a97777d371fceca3a
Component: engine
---
 components/engine/docs/sources/installation/debian.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/debian.md b/components/engine/docs/sources/installation/debian.md
index 4fd3465e62..0da2f2f5d0 100644
--- a/components/engine/docs/sources/installation/debian.md
+++ b/components/engine/docs/sources/installation/debian.md
@@ -23,7 +23,6 @@ To install the latest Debian package (may not be the latest Docker release):
 
     $ sudo apt-get update
     $ sudo apt-get install docker.io
-    $ sudo sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io
 
 To verify that everything has worked as expected:
 

From 013dc5d8c5bb598135f22c80048659fe690aa5dc Mon Sep 17 00:00:00 2001
From: Harald Albers <github@albersweb.de>
Date: Wed, 16 Jul 2014 11:12:14 +0200
Subject: [PATCH 145/516] removed default --rm option from example build
 command

this line gave the false impression that containers are not removed
unless you specify the --rm argument.
Upstream-commit: c5f55a233de09f8aa4ce7f061e8da2d435017fef
Component: engine
---
 components/engine/docs/sources/examples/running_ssh_service.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/examples/running_ssh_service.md b/components/engine/docs/sources/examples/running_ssh_service.md
index 579d372ba7..a8405e748e 100644
--- a/components/engine/docs/sources/examples/running_ssh_service.md
+++ b/components/engine/docs/sources/examples/running_ssh_service.md
@@ -27,7 +27,7 @@ quick access to a test container.
 
 Build the image using:
 
-    $ sudo docker build --rm -t eg_sshd .
+    $ sudo docker build -t eg_sshd .
 
 Then run it. You can then use `docker port` to find out what host port
 the container's port 22 is mapped to:

From 077977e932b934174dee171985121c50ebfc67b8 Mon Sep 17 00:00:00 2001
From: Gabor Nagy <mail@aigeruth.hu>
Date: Wed, 16 Jul 2014 12:22:13 +0200
Subject: [PATCH 146/516] Add Content-Type header in PushImageLayerRegistry

Docker-DCO-1.1-Signed-off-by: Gabor Nagy <mail@aigeruth.hu> (github: Aigeruth)
Upstream-commit: f861bfd9ff57e87805252d27da3a9cb18f60974b
Component: engine
---
 components/engine/registry/registry.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 24c55125ce..c8d000823c 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -522,6 +522,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 	if err != nil {
 		return "", "", err
 	}
+	req.Header.Add("Content-Type", "application/octet-stream")
 	req.ContentLength = -1
 	req.TransferEncoding = []string{"chunked"}
 	setTokenAuth(req, token)

From 5a03c34f92699e46f4cbb79bb929070573c2f89b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 11:47:55 -0700
Subject: [PATCH 147/516] Allow case insensitive caps for add and drop
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 7c19499c635358719c5a9c9fb1cb66a5fcf12718
 Component: engine

---
 components/engine/daemon/execdriver/utils.go      |  4 ++--
 .../engine/integration-cli/docker_cli_run_test.go | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index 90c5177421..2fb431f17b 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -38,7 +38,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 			// if we don't drop `all`, add back all the non-dropped caps
 			if !utils.StringsContainsNoCase(drops, cap) {
-				newCaps = append(newCaps, cap)
+				newCaps = append(newCaps, strings.ToUpper(cap))
 			}
 		}
 	}
@@ -56,7 +56,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 		// add cap if not already in the list
 		if !utils.StringsContainsNoCase(newCaps, cap) {
-			newCaps = append(newCaps, cap)
+			newCaps = append(newCaps, strings.ToUpper(cap))
 		}
 	}
 	return newCaps, nil
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index dba8e7fe28..d01c00ad6b 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -808,6 +808,21 @@ func TestCapDropCannotMknod(t *testing.T) {
 	logDone("run - test --cap-drop=MKNOD cannot mknod")
 }
 
+func TestCapDropCannotMknodLowerCase(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=mknod", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	out, _, err := runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
+		t.Fatalf("expected output not ok received %s", actual)
+	}
+	deleteAllContainers()
+
+	logDone("run - test --cap-drop=mknod cannot mknod lowercase")
+}
+
 func TestCapDropALLCannotMknod(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
 	out, _, err := runCommandWithOutput(cmd)

From bf242e249b6ea3f2272535bfced894f4464c6749 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 12:14:26 -0700
Subject: [PATCH 148/516] Fix cap drop issues with lxc

This uses "," instead of spaces so that the flags are parsed correctly
and also does not do a strings.Split on an empty string because
strings.Split will return a slice with one element, and empty string
causing parsing to fail when it validates that the cap exists.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 47917135daa38b40a1a3ee11f31153b031ea7963
Component: engine
---
 components/engine/daemon/execdriver/lxc/driver.go  |  4 ++--
 .../engine/daemon/execdriver/lxc/lxc_init_linux.go | 14 +++++++++++++-
 components/engine/daemon/execdriver/utils.go       |  6 +++---
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 2faada2350..1d315ca3b7 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -123,11 +123,11 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	}
 
 	if len(c.CapAdd) > 0 {
-		params = append(params, "-cap-add", strings.Join(c.CapAdd, " "))
+		params = append(params, "-cap-add", strings.Join(c.CapAdd, ","))
 	}
 
 	if len(c.CapDrop) > 0 {
-		params = append(params, "-cap-drop", strings.Join(c.CapDrop, " "))
+		params = append(params, "-cap-drop", strings.Join(c.CapDrop, ","))
 	}
 
 	params = append(params, "--", c.Entrypoint)
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 40956e442b..de7a6385a0 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -49,7 +49,19 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 			return fmt.Errorf("clear keep caps %s", err)
 		}
 
-		caps, err := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " "))
+		var (
+			adds  []string
+			drops []string
+		)
+
+		if args.CapAdd != "" {
+			adds = strings.Split(args.CapAdd, ",")
+		}
+		if args.CapDrop != "" {
+			drops = strings.Split(args.CapDrop, ",")
+		}
+
+		caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)
 		if err != nil {
 			return err
 		}
diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index 90c5177421..d09e27fec0 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -20,7 +20,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 			continue
 		}
 		if !utils.StringsContainsNoCase(allCaps, cap) {
-			return nil, fmt.Errorf("Unknown capability: %s", cap)
+			return nil, fmt.Errorf("Unknown capability drop: %q", cap)
 		}
 	}
 
@@ -49,9 +49,8 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 			continue
 		}
 
-		// look for invalid cap in the drop list
 		if !utils.StringsContainsNoCase(allCaps, cap) {
-			return nil, fmt.Errorf("Unknown capability: %s", cap)
+			return nil, fmt.Errorf("Unknown capability to add: %q", cap)
 		}
 
 		// add cap if not already in the list
@@ -59,5 +58,6 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 			newCaps = append(newCaps, cap)
 		}
 	}
+
 	return newCaps, nil
 }

From 96ec084181e2cfe7c986620ff08dc88c2e79d890 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 13:40:10 -0700
Subject: [PATCH 149/516] Use : to split caps in sysinit flags
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 50b580cfecc8e438223250f058fb7b61c7477a59
 Component: engine

---
 components/engine/daemon/execdriver/lxc/driver.go         | 4 ++--
 components/engine/daemon/execdriver/lxc/lxc_init_linux.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 1d315ca3b7..e7aaaf7ec7 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -123,11 +123,11 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	}
 
 	if len(c.CapAdd) > 0 {
-		params = append(params, "-cap-add", strings.Join(c.CapAdd, ","))
+		params = append(params, fmt.Sprintf("-cap-add=%s", strings.Join(c.CapAdd, ":")))
 	}
 
 	if len(c.CapDrop) > 0 {
-		params = append(params, "-cap-drop", strings.Join(c.CapDrop, ","))
+		params = append(params, fmt.Sprintf("-cap-drop=%s", strings.Join(c.CapDrop, ":")))
 	}
 
 	params = append(params, "--", c.Entrypoint)
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index de7a6385a0..0eee2c4881 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -55,10 +55,10 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 		)
 
 		if args.CapAdd != "" {
-			adds = strings.Split(args.CapAdd, ",")
+			adds = strings.Split(args.CapAdd, ":")
 		}
 		if args.CapDrop != "" {
-			drops = strings.Split(args.CapDrop, ",")
+			drops = strings.Split(args.CapDrop, ":")
 		}
 
 		caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)

From e8b7012cbc246d6bdab3757791c2641181ae0874 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 16 Jul 2014 14:58:02 -0600
Subject: [PATCH 150/516] Add "Acquire::GzipIndexes" to
 contrib/mkimage/debootstrap

This results in a dramatic improvement in the size of individual "apt-get update" layers (on a clean wheezy base, from "29.88 MB" down to "8.273 MB").

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 2e61e8267ea6a668d728fe72406619075330a26a
Component: engine
---
 components/engine/contrib/mkimage/debootstrap | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/components/engine/contrib/mkimage/debootstrap b/components/engine/contrib/mkimage/debootstrap
index 6f0cadd3c9..78afe50bb2 100755
--- a/components/engine/contrib/mkimage/debootstrap
+++ b/components/engine/contrib/mkimage/debootstrap
@@ -95,6 +95,21 @@ if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
 
 	Acquire::Languages "none";
 	EOF
+
+	echo >&2 "+ echo Acquire::GzipIndexes 'true' > '$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes'"
+	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
+	# Since Docker users using "RUN apt-get update && apt-get install -y ..." in
+	# their Dockerfiles don't go delete the lists files afterwards, we want them to
+	# be as small as possible on-disk, so we explicitly request "gz" versions and
+	# tell Apt to keep them gzipped on-disk.
+
+	# For comparison, an "apt-get update" layer without this on a pristine
+	# "debian:wheezy" base image was "29.88 MB", where with this it was only
+	# "8.273 MB".
+
+	Acquire::GzipIndexes "true";
+	Acquire::CompressionTypes::Order:: "gz";
+	EOF
 fi
 
 if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then

From 697ca2953b4b605b60d6c25e8608a72236fe32eb Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 17 Jul 2014 00:09:30 +0300
Subject: [PATCH 151/516] don't allow links to be used with --net=host

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: be8cea98560f4e63ff367a632539bf9f6bf929a4
Component: engine
---
 .../engine/integration-cli/docker_cli_run_test.go  | 14 ++++++++++++++
 components/engine/runconfig/parse.go               | 13 +++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index d01c00ad6b..7ad1816282 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -722,6 +722,20 @@ func TestLoopbackWhenNetworkDisabled(t *testing.T) {
 	logDone("run - test container loopback when networking disabled")
 }
 
+func TestNetHostNotAllowedWithLinks(t *testing.T) {
+	_, _, err := cmd(t, "run", "--name", "linked", "busybox", "true")
+
+	cmd := exec.Command(dockerBinary, "run", "--net=host", "--link", "linked:linked", "busybox", "true")
+	_, _, err = runCommandWithOutput(cmd)
+	if err == nil {
+		t.Fatal("Expected error")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - don't allow --net=host to be used with links")
+}
+
 func TestLoopbackOnlyExistsWhenNetworkingDisabled(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up")
 	out, _, err := runCommandWithOutput(cmd)
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 3e52007544..3d583d1e8e 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -15,10 +15,11 @@ import (
 )
 
 var (
-	ErrInvalidWorkingDirectory  = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
-	ErrConflictAttachDetach     = fmt.Errorf("Conflicting options: -a and -d")
-	ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d")
-	ErrConflictNetworkHostname  = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
+	ErrInvalidWorkingDirectory     = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
+	ErrConflictAttachDetach        = fmt.Errorf("Conflicting options: -a and -d")
+	ErrConflictDetachAutoRemove    = fmt.Errorf("Conflicting options: --rm and -d")
+	ErrConflictNetworkHostname     = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
+	ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior.")
 )
 
 //FIXME Only used in tests
@@ -115,6 +116,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		return nil, nil, cmd, ErrConflictNetworkHostname
 	}
 
+	if *flNetMode == "host" && flLinks.Len() > 0 {
+		return nil, nil, cmd, ErrConflictHostNetworkAndLinks
+	}
+
 	// If neither -d or -a are set, attach to everything by default
 	if flAttach.Len() == 0 && !*flDetach {
 		if !*flDetach {

From 03e13dfc552420dc7b403eb13793cebf9261bd63 Mon Sep 17 00:00:00 2001
From: s-ko <aleks@s-ko.net>
Date: Wed, 16 Jul 2014 19:47:50 +0100
Subject: [PATCH 152/516] Added :neckbeard: RMS the founder of :water_buffalo:
 GNU and :free: as in :free:dom software

Docker-DCO-1.1-Signed-off-by: Aleksandrs Fadins <aleks@s-ko.net> (github: muchweb)
Upstream-commit: 352909dd54e864186d6050f4601d2fb78d889810
Component: engine
---
 components/engine/pkg/namesgenerator/names-generator.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/engine/pkg/namesgenerator/names-generator.go b/components/engine/pkg/namesgenerator/names-generator.go
index a89e5b29e2..34df98b37f 100644
--- a/components/engine/pkg/namesgenerator/names-generator.go
+++ b/components/engine/pkg/namesgenerator/names-generator.go
@@ -61,6 +61,7 @@ var (
 	// Rachel Carson - American marine biologist and conservationist, her book Silent Spring and other writings are credited with advancing the global environmental movement. http://en.wikipedia.org/wiki/Rachel_Carson
 	// Radia Perlman is a software designer and network engineer and most famous for her invention of the spanning-tree protocol (STP). http://en.wikipedia.org/wiki/Radia_Perlman
 	// Richard Feynman was a key contributor to quantum mechanics and particle physics. http://en.wikipedia.org/wiki/Richard_Feynman
+	// Richard Matthew Stallman - the founder of the Free Software movement, the GNU project, the Free Software Foundation, and the League for Programming Freedom. He also invented the concept of copyleft to protect the ideals of this movement, and enshrined this concept in the widely-used GPL (General Public License) for software. http://en.wikiquote.org/wiki/Richard_Stallman
 	// Rob Pike was a key contributor to Unix, Plan 9, the X graphic system, utf-8, and the Go programming language. http://en.wikipedia.org/wiki/Rob_Pike
 	// Rosalind Franklin - British biophysicist and X-ray crystallographer whose research was critical to the understanding of DNA - http://en.wikipedia.org/wiki/Rosalind_Franklin
 	// Sophie Kowalevski - Russian mathematician responsible for important original contributions to analysis, differential equations and mechanics - http://en.wikipedia.org/wiki/Sofia_Kovalevskaya
@@ -72,7 +73,7 @@ var (
 	//	http://en.wikipedia.org/wiki/John_Bardeen
 	//	http://en.wikipedia.org/wiki/Walter_Houser_Brattain
 	//	http://en.wikipedia.org/wiki/William_Shockley
-	right = [...]string{"lovelace", "franklin", "tesla", "einstein", "bohr", "davinci", "pasteur", "nobel", "curie", "darwin", "turing", "ritchie", "torvalds", "pike", "thompson", "wozniak", "galileo", "euclid", "newton", "fermat", "archimedes", "poincare", "heisenberg", "feynman", "hawking", "fermi", "pare", "mccarthy", "engelbart", "babbage", "albattani", "ptolemy", "bell", "wright", "lumiere", "morse", "mclean", "brown", "bardeen", "brattain", "shockley", "goldstine", "hoover", "hopper", "bartik", "sammet", "jones", "perlman", "wilson", "kowalevski", "hypatia", "goodall", "mayer", "elion", "blackwell", "lalande", "kirch", "ardinghelli", "colden", "almeida", "leakey", "meitner", "mestorf", "rosalind", "sinoussi", "carson", "mcclintock", "yonath"}
+	right = [...]string{"albattani", "almeida", "archimedes", "ardinghelli", "babbage", "bardeen", "bartik", "bell", "blackwell", "bohr", "brattain", "brown", "carson", "colden", "curie", "darwin", "davinci", "einstein", "elion", "engelbart", "euclid", "fermat", "fermi", "feynman", "franklin", "galileo", "goldstine", "goodall", "hawking", "heisenberg", "hoover", "hopper", "hypatia", "jones", "kirch", "kowalevski", "lalande", "leakey", "lovelace", "lumiere", "mayer", "mccarthy", "mcclintock", "mclean", "meitner", "mestorf", "morse", "newton", "nobel", "pare", "pasteur", "perlman", "pike", "poincare", "ptolemy", "ritchie", "rosalind", "sammet", "shockley", "sinoussi", "stallman", "tesla", "thompson", "torvalds", "turing", "wilson", "wozniak", "wright", "yonath"}
 )
 
 func GetRandomName(retry int) string {
@@ -83,6 +84,9 @@ begin:
 	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		goto begin
 	}
+	if name == "evil_stallman" /* RMS don't like evil */ {
+		goto begin
+	}
 
 	if retry > 0 {
 		name = fmt.Sprintf("%s%d", name, rand.Intn(10))

From 9b124873a62d8ded1cbb5da0f0ad952e917ed3ed Mon Sep 17 00:00:00 2001
From: s-ko <aleks@s-ko.net>
Date: Wed, 16 Jul 2014 23:21:55 +0100
Subject: [PATCH 153/516] Removed :neckbeard: RMS test case

Docker-DCO-1.1-Signed-off-by: Aleksandrs Fadins <aleks@s-ko.net> (github: muchweb)
Upstream-commit: b0e9d370c28ebe6d783f0008c3c0d513c8c030e8
Component: engine
---
 components/engine/pkg/namesgenerator/names-generator.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/components/engine/pkg/namesgenerator/names-generator.go b/components/engine/pkg/namesgenerator/names-generator.go
index 34df98b37f..ebb5850bda 100644
--- a/components/engine/pkg/namesgenerator/names-generator.go
+++ b/components/engine/pkg/namesgenerator/names-generator.go
@@ -84,9 +84,6 @@ begin:
 	if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		goto begin
 	}
-	if name == "evil_stallman" /* RMS don't like evil */ {
-		goto begin
-	}
 
 	if retry > 0 {
 		name = fmt.Sprintf("%s%d", name, rand.Intn(10))

From 19a14797ac791d2da4ce7c04e773acf1e2818474 Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Wed, 16 Jul 2014 16:39:44 -0700
Subject: [PATCH 154/516] Added info re: image[:tag] to make docs consistent.
 Fixed a markdown issue.

Closes issue #6833

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: 41d6ab6318cc2c8905a174ed28a78dfcad06cef5
Component: engine
---
 components/engine/api/client/commands.go      |  2 +-
 components/engine/docs/man/docker-run.1.md    |  7 ++++--
 .../engine/docs/sources/reference/run.md      | 24 +++++++++++--------
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index dfaecef48d..c4e4cb9821 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1877,7 +1877,7 @@ func (cli *DockerCli) CmdSearch(args ...string) error {
 type ports []int
 
 func (cli *DockerCli) CmdTag(args ...string) error {
-	cmd := cli.Subcmd("tag", "[OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG]", "Tag an image into a repository")
+	cmd := cli.Subcmd("tag", "[OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]", "Tag an image into a repository")
 	force := cmd.Bool([]string{"f", "#force", "-force"}, false, "Force")
 	if err := cmd.Parse(args); err != nil {
 		return nil
diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index d6a305b6e9..03b18fe474 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -34,7 +34,7 @@ docker-run - Run a command in a new container
 [**-v**|**--volume**[=*[]*]]
 [**--volumes-from**[=*[]*]]
 [**-w**|**--workdir**[=*WORKDIR*]]
- IMAGE [COMMAND] [ARG...]
+ IMAGE[:TAG] [COMMAND] [ARG...]
 
 # DESCRIPTION
 
@@ -241,7 +241,10 @@ can override the working directory by using the **-w** option.
 
 
 **IMAGE**
-   The image name or ID.
+   The image name or ID. You can specify a version of an image you'd like to run
+   the container with by adding image:tag to the command. For example,
+   `docker run ubuntu:14.04`.
+
 
 
 **COMMAND**
diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index 9e4ba574df..903d750d74 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -26,18 +26,16 @@ see [*Option types*](/reference/commandline/cli/#option-types).
 The list of `[OPTIONS]` breaks down into two groups:
 
 1. Settings exclusive to operators, including:
-
- - Detached or Foreground running,
- - Container Identification,
- - Network settings, and
- - Runtime Constraints on CPU and Memory
- - Privileges and LXC Configuration
-
-2. Setting shared between operators and developers, where operators can
+     * Detached or Foreground running,
+     * Container Identification,
+     * Network settings, and
+     * Runtime Constraints on CPU and Memory
+     * Privileges and LXC Configuration
+2. Settings shared between operators and developers, where operators can
    override defaults developers set in images at build time.
 
-Together, the `docker run [OPTIONS]` give complete control over runtime
-behavior to the operator, allowing them to override all defaults set by
+Together, the `docker run [OPTIONS]` give the operator complete control over runtime
+behavior, allowing them to override all defaults set by
 the developer during `docker build` and nearly all the defaults set by
 the Docker runtime itself.
 
@@ -126,6 +124,12 @@ programs might write out their process ID to a file (you've seen them as
 PID files):
 
     --cidfile="": Write the container ID to the file
+    
+### Image[:tag]
+
+While not strictly a means of identifying a container, you can specify a version of an
+image you'd like to run the container with by adding `image[:tag]` to the command. For
+example, `docker run ubuntu:14.04`.
 
 ## Network Settings
 

From 2dd031c537ec09a71f78d9ff66299411c8bae4ba Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 15:15:29 -0700
Subject: [PATCH 155/516] Update libcontainer to be85764f109c3f0f62cd2a5c8be
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 9fc6058aa110d5b59c5068a289b6e3a30fc86f72
 Component: engine

---
 components/engine/hack/vendor.sh              |  2 +-
 .../github.com/docker/libcontainer/Dockerfile |  8 ++
 .../docker/libcontainer/cgroups/fs/cpuacct.go |  2 +-
 .../docker/libcontainer/console/console.go    | 86 +++++++++++++++++--
 .../docker/libcontainer/mount/init.go         | 17 ++--
 .../docker/libcontainer/mount/msmoveroot.go   |  9 +-
 .../docker/libcontainer/mount/nodes/nodes.go  |  7 +-
 .../docker/libcontainer/mount/pivotroot.go    | 12 +--
 .../docker/libcontainer/mount/ptmx.go         |  6 +-
 .../docker/libcontainer/mount/readonly.go     |  3 +-
 .../docker/libcontainer/mount/remount.go      | 16 ++--
 .../docker/libcontainer/namespaces/exec.go    | 38 ++++----
 .../docker/libcontainer/namespaces/execin.go  |  2 +-
 .../docker/libcontainer/namespaces/init.go    | 18 ++--
 .../libcontainer/namespaces/std_term.go       | 49 -----------
 .../docker/libcontainer/namespaces/term.go    | 29 -------
 .../libcontainer/namespaces/tty_term.go       | 56 ------------
 .../libcontainer/namespaces/unsupported.go    | 28 ------
 .../docker/libcontainer/network/loopback.go   |  4 +-
 .../docker/libcontainer/network/netns.go      |  5 +-
 .../docker/libcontainer/network/types.go      |  1 +
 .../docker/libcontainer/nsinit/exec.go        | 66 ++++++++++++--
 .../security/restrict/restrict.go             | 10 +--
 .../docker/libcontainer/selinux/selinux.go    | 13 +--
 .../docker/libcontainer/system/linux.go       | 60 +++++++++++++
 .../docker/libcontainer/system/proc.go        | 27 ++++++
 .../docker/libcontainer/system/setns_linux.go | 29 +++++++
 .../docker/libcontainer/system/sysconfig.go   | 13 +++
 .../libcontainer/system/xattrs_linux.go       | 59 +++++++++++++
 29 files changed, 422 insertions(+), 253 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/std_term.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/term.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/tty_term.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/unsupported.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/linux.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/proc.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 93ecc8131e..f3347d374b 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer fb67bb80b4205bece36ff7096ee745ab0cee7e06
+clone git github.com/docker/libcontainer be85764f109c3f0f62cd2a5c8be9af7a599798cf
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
new file mode 100644
index 0000000000..73789d1ab2
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
@@ -0,0 +1,8 @@
+FROM crosbymichael/golang
+
+RUN apt-get update && apt-get install -y gcc
+
+ADD . /go/src/github.com/docker/libcontainer
+RUN cd /go/src/github.com/docker/libcontainer && go get -d ./... && go install ./...
+
+CMD ["nsinit"]
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
index be1805205a..7979009c08 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"github.com/docker/libcontainer/cgroups"
-	"github.com/dotcloud/docker/pkg/system"
+	"github.com/docker/libcontainer/system"
 )
 
 var (
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go b/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
index 519b5644cd..c0d1fb0433 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
@@ -7,22 +7,24 @@ import (
 	"os"
 	"path/filepath"
 	"syscall"
+	"unsafe"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/pkg/system"
 )
 
 // Setup initializes the proper /dev/console inside the rootfs path
 func Setup(rootfs, consolePath, mountLabel string) error {
-	oldMask := system.Umask(0000)
-	defer system.Umask(oldMask)
+	oldMask := syscall.Umask(0000)
+	defer syscall.Umask(oldMask)
 
 	if err := os.Chmod(consolePath, 0600); err != nil {
 		return err
 	}
+
 	if err := os.Chown(consolePath, 0, 0); err != nil {
 		return err
 	}
+
 	if err := label.SetFileLabel(consolePath, mountLabel); err != nil {
 		return fmt.Errorf("set file label %s %s", consolePath, err)
 	}
@@ -33,26 +35,94 @@ func Setup(rootfs, consolePath, mountLabel string) error {
 	if err != nil && !os.IsExist(err) {
 		return fmt.Errorf("create %s %s", dest, err)
 	}
+
 	if f != nil {
 		f.Close()
 	}
 
-	if err := system.Mount(consolePath, dest, "bind", syscall.MS_BIND, ""); err != nil {
+	if err := syscall.Mount(consolePath, dest, "bind", syscall.MS_BIND, ""); err != nil {
 		return fmt.Errorf("bind %s to %s %s", consolePath, dest, err)
 	}
+
 	return nil
 }
 
 func OpenAndDup(consolePath string) error {
-	slave, err := system.OpenTerminal(consolePath, syscall.O_RDWR)
+	slave, err := OpenTerminal(consolePath, syscall.O_RDWR)
 	if err != nil {
 		return fmt.Errorf("open terminal %s", err)
 	}
-	if err := system.Dup2(slave.Fd(), 0); err != nil {
+
+	if err := syscall.Dup2(int(slave.Fd()), 0); err != nil {
 		return err
 	}
-	if err := system.Dup2(slave.Fd(), 1); err != nil {
+
+	if err := syscall.Dup2(int(slave.Fd()), 1); err != nil {
 		return err
 	}
-	return system.Dup2(slave.Fd(), 2)
+
+	return syscall.Dup2(int(slave.Fd()), 2)
+}
+
+// Unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// Unlockpt should be called before opening the slave side of a pseudoterminal.
+func Unlockpt(f *os.File) error {
+	var u int
+
+	return Ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
+}
+
+// Ptsname retrieves the name of the first available pts for the given master.
+func Ptsname(f *os.File) (string, error) {
+	var n int
+
+	if err := Ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("/dev/pts/%d", n), nil
+}
+
+// CreateMasterAndConsole will open /dev/ptmx on the host and retreive the
+// pts name for use as the pty slave inside the container
+func CreateMasterAndConsole() (*os.File, string, error) {
+	master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
+	if err != nil {
+		return nil, "", err
+	}
+
+	console, err := Ptsname(master)
+	if err != nil {
+		return nil, "", err
+	}
+
+	if err := Unlockpt(master); err != nil {
+		return nil, "", err
+	}
+
+	return master, console, nil
+}
+
+// OpenPtmx opens /dev/ptmx, i.e. the PTY master.
+func OpenPtmx() (*os.File, error) {
+	// O_NOCTTY and O_CLOEXEC are not present in os package so we use the syscall's one for all.
+	return os.OpenFile("/dev/ptmx", syscall.O_RDONLY|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
+}
+
+// OpenTerminal is a clone of os.OpenFile without the O_CLOEXEC
+// used to open the pty slave inside the container namespace
+func OpenTerminal(name string, flag int) (*os.File, error) {
+	r, e := syscall.Open(name, flag, 0)
+	if e != nil {
+		return nil, &os.PathError{"open", name, e}
+	}
+	return os.NewFile(uintptr(r), name), nil
+}
+
+func Ioctl(fd uintptr, flag, data uintptr) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 {
+		return err
+	}
+
+	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
index 10f0738903..daec6ac865 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
@@ -11,7 +11,6 @@ import (
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/dotcloud/docker/pkg/symlink"
-	"github.com/dotcloud/docker/pkg/system"
 )
 
 // default mount point flags
@@ -35,10 +34,10 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 	if mountConfig.NoPivotRoot {
 		flag = syscall.MS_SLAVE
 	}
-	if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil {
+	if err := syscall.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil {
 		return fmt.Errorf("mounting / with flags %X %s", (flag | syscall.MS_REC), err)
 	}
-	if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
+	if err := syscall.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mouting %s as bind %s", rootfs, err)
 	}
 	if err := mountSystem(rootfs, mountConfig); err != nil {
@@ -56,7 +55,7 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 	if err := setupDevSymlinks(rootfs); err != nil {
 		return fmt.Errorf("dev symlinks %s", err)
 	}
-	if err := system.Chdir(rootfs); err != nil {
+	if err := syscall.Chdir(rootfs); err != nil {
 		return fmt.Errorf("chdir into %s %s", rootfs, err)
 	}
 
@@ -75,7 +74,7 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 		}
 	}
 
-	system.Umask(0022)
+	syscall.Umask(0022)
 
 	return nil
 }
@@ -87,7 +86,7 @@ func mountSystem(rootfs string, mountConfig *MountConfig) error {
 		if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) {
 			return fmt.Errorf("mkdirall %s %s", m.path, err)
 		}
-		if err := system.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil {
+		if err := syscall.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil {
 			return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err)
 		}
 	}
@@ -169,11 +168,11 @@ func setupBindmounts(rootfs string, mountConfig *MountConfig) error {
 			return fmt.Errorf("Creating new bind-mount target, %s", err)
 		}
 
-		if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
+		if err := syscall.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
 			return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err)
 		}
 		if !m.Writable {
-			if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil {
+			if err := syscall.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil {
 				return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err)
 			}
 		}
@@ -183,7 +182,7 @@ func setupBindmounts(rootfs string, mountConfig *MountConfig) error {
 			}
 		}
 		if m.Private {
-			if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
+			if err := syscall.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
 				return fmt.Errorf("mounting %s private %s", dest, err)
 			}
 		}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/msmoveroot.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/msmoveroot.go
index b336c86495..94afd3a99c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/msmoveroot.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/msmoveroot.go
@@ -4,16 +4,17 @@ package mount
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/pkg/system"
 	"syscall"
 )
 
 func MsMoveRoot(rootfs string) error {
-	if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil {
+	if err := syscall.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil {
 		return fmt.Errorf("mount move %s into / %s", rootfs, err)
 	}
-	if err := system.Chroot("."); err != nil {
+
+	if err := syscall.Chroot("."); err != nil {
 		return fmt.Errorf("chroot . %s", err)
 	}
-	return system.Chdir("/")
+
+	return syscall.Chdir("/")
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/nodes/nodes.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/nodes/nodes.go
index e3420b48bd..6a984e33fe 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/nodes/nodes.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/nodes/nodes.go
@@ -9,13 +9,12 @@ import (
 	"syscall"
 
 	"github.com/docker/libcontainer/devices"
-	"github.com/dotcloud/docker/pkg/system"
 )
 
 // Create the device nodes in the container.
 func CreateDeviceNodes(rootfs string, nodesToCreate []*devices.Device) error {
-	oldMask := system.Umask(0000)
-	defer system.Umask(oldMask)
+	oldMask := syscall.Umask(0000)
+	defer syscall.Umask(oldMask)
 
 	for _, node := range nodesToCreate {
 		if err := CreateDeviceNode(rootfs, node); err != nil {
@@ -46,7 +45,7 @@ func CreateDeviceNode(rootfs string, node *devices.Device) error {
 		return fmt.Errorf("%c is not a valid device type for device %s", node.Type, node.Path)
 	}
 
-	if err := system.Mknod(dest, uint32(fileMode), devices.Mkdev(node.MajorNumber, node.MinorNumber)); err != nil && !os.IsExist(err) {
+	if err := syscall.Mknod(dest, uint32(fileMode), devices.Mkdev(node.MajorNumber, node.MinorNumber)); err != nil && !os.IsExist(err) {
 		return fmt.Errorf("mknod %s %s", node.Path, err)
 	}
 	return nil
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/pivotroot.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/pivotroot.go
index ffd6051367..a88ed4a84c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/pivotroot.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/pivotroot.go
@@ -8,8 +8,6 @@ import (
 	"os"
 	"path/filepath"
 	"syscall"
-
-	"github.com/dotcloud/docker/pkg/system"
 )
 
 func PivotRoot(rootfs string) error {
@@ -17,16 +15,20 @@ func PivotRoot(rootfs string) error {
 	if err != nil {
 		return fmt.Errorf("can't create pivot_root dir %s, error %v", pivotDir, err)
 	}
-	if err := system.Pivotroot(rootfs, pivotDir); err != nil {
+
+	if err := syscall.PivotRoot(rootfs, pivotDir); err != nil {
 		return fmt.Errorf("pivot_root %s", err)
 	}
-	if err := system.Chdir("/"); err != nil {
+
+	if err := syscall.Chdir("/"); err != nil {
 		return fmt.Errorf("chdir / %s", err)
 	}
+
 	// path to pivot dir now changed, update
 	pivotDir = filepath.Join("/", filepath.Base(pivotDir))
-	if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
+	if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil {
 		return fmt.Errorf("unmount pivot_root dir %s", err)
 	}
+
 	return os.Remove(pivotDir)
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/ptmx.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/ptmx.go
index 32c025202e..c316481adf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/ptmx.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/ptmx.go
@@ -4,9 +4,10 @@ package mount
 
 import (
 	"fmt"
-	"github.com/docker/libcontainer/console"
 	"os"
 	"path/filepath"
+
+	"github.com/docker/libcontainer/console"
 )
 
 func SetupPtmx(rootfs, consolePath, mountLabel string) error {
@@ -14,13 +15,16 @@ func SetupPtmx(rootfs, consolePath, mountLabel string) error {
 	if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) {
 		return err
 	}
+
 	if err := os.Symlink("pts/ptmx", ptmx); err != nil {
 		return fmt.Errorf("symlink dev ptmx %s", err)
 	}
+
 	if consolePath != "" {
 		if err := console.Setup(rootfs, consolePath, mountLabel); err != nil {
 			return err
 		}
 	}
+
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/readonly.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/readonly.go
index 0658358ad6..9b4a6f704c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/readonly.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/readonly.go
@@ -3,10 +3,9 @@
 package mount
 
 import (
-	"github.com/dotcloud/docker/pkg/system"
 	"syscall"
 )
 
 func SetReadonly() error {
-	return system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, "")
+	return syscall.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, "")
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/remount.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/remount.go
index 3e00509ae0..99a01209d1 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/remount.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/remount.go
@@ -2,30 +2,30 @@
 
 package mount
 
-import (
-	"github.com/dotcloud/docker/pkg/system"
-	"syscall"
-)
+import "syscall"
 
 func RemountProc() error {
-	if err := system.Unmount("/proc", syscall.MNT_DETACH); err != nil {
+	if err := syscall.Unmount("/proc", syscall.MNT_DETACH); err != nil {
 		return err
 	}
-	if err := system.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil {
+
+	if err := syscall.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil {
 		return err
 	}
+
 	return nil
 }
 
 func RemountSys() error {
-	if err := system.Unmount("/sys", syscall.MNT_DETACH); err != nil {
+	if err := syscall.Unmount("/sys", syscall.MNT_DETACH); err != nil {
 		if err != syscall.EINVAL {
 			return err
 		}
 	} else {
-		if err := system.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil {
+		if err := syscall.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil {
 			return err
 		}
 	}
+
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
index 9053f632a4..6f3838fd22 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
@@ -3,6 +3,7 @@
 package namespaces
 
 import (
+	"io"
 	"os"
 	"os/exec"
 	"syscall"
@@ -13,18 +14,16 @@ import (
 	"github.com/docker/libcontainer/cgroups/systemd"
 	"github.com/docker/libcontainer/network"
 	"github.com/docker/libcontainer/syncpipe"
-	"github.com/dotcloud/docker/pkg/system"
+	"github.com/docker/libcontainer/system"
 )
 
 // TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work.
 // Move this to libcontainer package.
 // Exec performs setup outside of a namespace so that a container can be
 // executed.  Exec is a high level function for working with container namespaces.
-func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
+func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Writer, console string, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
 	var (
-		master  *os.File
-		console string
-		err     error
+		err error
 	)
 
 	// create a pipe so that we can syncronize with the namespaced process and
@@ -35,20 +34,13 @@ func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string
 	}
 	defer syncPipe.Close()
 
-	if container.Tty {
-		master, console, err = system.CreateMasterAndConsole()
-		if err != nil {
-			return -1, err
-		}
-		term.SetMaster(master)
-	}
-
 	command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.Child(), args)
-
-	if err := term.Attach(command); err != nil {
-		return -1, err
-	}
-	defer term.Close()
+	// Note: these are only used in non-tty mode
+	// if there is a tty for the container it will be opened within the namespace and the
+	// fds will be duped to stdin, stdiout, and stderr
+	command.Stdin = stdin
+	command.Stdout = stdout
+	command.Stderr = stderr
 
 	if err := command.Start(); err != nil {
 		return -1, err
@@ -110,6 +102,7 @@ func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string
 			return -1, err
 		}
 	}
+
 	return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
 }
 
@@ -145,7 +138,11 @@ func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataP
 	command.Dir = rootfs
 	command.Env = append(os.Environ(), env...)
 
-	system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces)))
+	if command.SysProcAttr == nil {
+		command.SysProcAttr = &syscall.SysProcAttr{}
+	}
+	command.SysProcAttr.Cloneflags = uintptr(GetNamespaceFlags(container.Namespaces))
+
 	command.SysProcAttr.Pdeathsig = syscall.SIGKILL
 	command.ExtraFiles = []*os.File{pipe}
 
@@ -157,11 +154,14 @@ func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataP
 func SetupCgroups(container *libcontainer.Config, nspid int) (cgroups.ActiveCgroup, error) {
 	if container.Cgroups != nil {
 		c := container.Cgroups
+
 		if systemd.UseSystemd() {
 			return systemd.Apply(c, nspid)
 		}
+
 		return fs.Apply(c, nspid)
 	}
+
 	return nil, nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index 3e79f4cda8..5311adf2b3 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/pkg/system"
+	"github.com/docker/libcontainer/system"
 )
 
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index 4674944cb7..7c917c015d 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -19,8 +19,8 @@ import (
 	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/docker/libcontainer/security/restrict"
 	"github.com/docker/libcontainer/syncpipe"
+	"github.com/docker/libcontainer/system"
 	"github.com/docker/libcontainer/utils"
-	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/pkg/user"
 )
 
@@ -57,7 +57,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 			return err
 		}
 	}
-	if _, err := system.Setsid(); err != nil {
+	if _, err := syscall.Setsid(); err != nil {
 		return fmt.Errorf("setsid %s", err)
 	}
 	if consolePath != "" {
@@ -81,7 +81,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 	}
 
 	if container.Hostname != "" {
-		if err := system.Sethostname(container.Hostname); err != nil {
+		if err := syscall.Sethostname([]byte(container.Hostname)); err != nil {
 			return fmt.Errorf("sethostname %s", err)
 		}
 	}
@@ -155,15 +155,19 @@ func SetupUser(u string) error {
 	if err != nil {
 		return fmt.Errorf("get supplementary groups %s", err)
 	}
-	if err := system.Setgroups(suppGids); err != nil {
+
+	if err := syscall.Setgroups(suppGids); err != nil {
 		return fmt.Errorf("setgroups %s", err)
 	}
-	if err := system.Setgid(gid); err != nil {
+
+	if err := syscall.Setgid(gid); err != nil {
 		return fmt.Errorf("setgid %s", err)
 	}
-	if err := system.Setuid(uid); err != nil {
+
+	if err := syscall.Setuid(uid); err != nil {
 		return fmt.Errorf("setuid %s", err)
 	}
+
 	return nil
 }
 
@@ -229,7 +233,7 @@ func FinalizeNamespace(container *libcontainer.Config) error {
 	}
 
 	if container.WorkingDir != "" {
-		if err := system.Chdir(container.WorkingDir); err != nil {
+		if err := syscall.Chdir(container.WorkingDir); err != nil {
 			return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
 		}
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/std_term.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/std_term.go
deleted file mode 100644
index 324336af28..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/std_term.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package namespaces
-
-import (
-	"io"
-	"os"
-	"os/exec"
-)
-
-type StdTerminal struct {
-	stdin          io.Reader
-	stdout, stderr io.Writer
-}
-
-func (s *StdTerminal) SetMaster(*os.File) {
-	// no need to set master on non tty
-}
-
-func (s *StdTerminal) Close() error {
-	return nil
-}
-
-func (s *StdTerminal) Resize(h, w int) error {
-	return nil
-}
-
-func (s *StdTerminal) Attach(command *exec.Cmd) error {
-	inPipe, err := command.StdinPipe()
-	if err != nil {
-		return err
-	}
-	outPipe, err := command.StdoutPipe()
-	if err != nil {
-		return err
-	}
-	errPipe, err := command.StderrPipe()
-	if err != nil {
-		return err
-	}
-
-	go func() {
-		defer inPipe.Close()
-		io.Copy(inPipe, s.stdin)
-	}()
-
-	go io.Copy(s.stdout, outPipe)
-	go io.Copy(s.stderr, errPipe)
-
-	return nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/term.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/term.go
deleted file mode 100644
index 2a50bf8554..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/term.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package namespaces
-
-import (
-	"io"
-	"os"
-	"os/exec"
-)
-
-type Terminal interface {
-	io.Closer
-	SetMaster(*os.File)
-	Attach(*exec.Cmd) error
-	Resize(h, w int) error
-}
-
-func NewTerminal(stdin io.Reader, stdout, stderr io.Writer, tty bool) Terminal {
-	if tty {
-		return &TtyTerminal{
-			stdin:  stdin,
-			stdout: stdout,
-			stderr: stderr,
-		}
-	}
-	return &StdTerminal{
-		stdin:  stdin,
-		stdout: stdout,
-		stderr: stderr,
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/tty_term.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/tty_term.go
deleted file mode 100644
index 272cf2cd65..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/tty_term.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package namespaces
-
-import (
-	"io"
-	"os"
-	"os/exec"
-
-	"github.com/dotcloud/docker/pkg/term"
-)
-
-type TtyTerminal struct {
-	stdin          io.Reader
-	stdout, stderr io.Writer
-	master         *os.File
-	state          *term.State
-}
-
-func (t *TtyTerminal) Resize(h, w int) error {
-	return term.SetWinsize(t.master.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)})
-}
-
-func (t *TtyTerminal) SetMaster(master *os.File) {
-	t.master = master
-}
-
-func (t *TtyTerminal) Attach(command *exec.Cmd) error {
-	go io.Copy(t.stdout, t.master)
-	go io.Copy(t.master, t.stdin)
-
-	state, err := t.setupWindow(t.master, os.Stdin)
-
-	if err != nil {
-		return err
-	}
-
-	t.state = state
-	return err
-}
-
-// SetupWindow gets the parent window size and sets the master
-// pty to the current size and set the parents mode to RAW
-func (t *TtyTerminal) setupWindow(master, parent *os.File) (*term.State, error) {
-	ws, err := term.GetWinsize(parent.Fd())
-	if err != nil {
-		return nil, err
-	}
-	if err := term.SetWinsize(master.Fd(), ws); err != nil {
-		return nil, err
-	}
-	return term.SetRawTerminal(parent.Fd())
-}
-
-func (t *TtyTerminal) Close() error {
-	term.RestoreTerminal(os.Stdin.Fd(), t.state)
-	return t.master.Close()
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/unsupported.go
deleted file mode 100644
index 8398b94d7d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/unsupported.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// +build !linux
-
-package namespaces
-
-import (
-	"github.com/docker/libcontainer"
-	"github.com/docker/libcontainer/cgroups"
-)
-
-func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
-	return -1, ErrUnsupported
-}
-
-func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error {
-	return ErrUnsupported
-}
-
-func InitializeNetworking(container *libcontainer.Config, nspid int, pipe *SyncPipe) error {
-	return ErrUnsupported
-}
-
-func SetupCgroups(container *libcontainer.Config, nspid int) (cgroups.ActiveCgroup, error) {
-	return nil, ErrUnsupported
-}
-
-func GetNamespaceFlags(namespaces map[string]bool) (flag int) {
-	return 0
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/network/loopback.go b/components/engine/vendor/src/github.com/docker/libcontainer/network/loopback.go
index 46a1fa8c86..1667b4d82a 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/network/loopback.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/network/loopback.go
@@ -15,9 +15,7 @@ func (l *Loopback) Create(n *Network, nspid int, networkState *NetworkState) err
 }
 
 func (l *Loopback) Initialize(config *Network, networkState *NetworkState) error {
-	if err := SetMtu("lo", config.Mtu); err != nil {
-		return fmt.Errorf("set lo mtu to %d %s", config.Mtu, err)
-	}
+	// Do not set the MTU on the loopback interface - use the default.
 	if err := InterfaceUp("lo"); err != nil {
 		return fmt.Errorf("lo up %s", err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/network/netns.go b/components/engine/vendor/src/github.com/docker/libcontainer/network/netns.go
index 64544476b8..1ff7506452 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/network/netns.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/network/netns.go
@@ -7,7 +7,7 @@ import (
 	"os"
 	"syscall"
 
-	"github.com/dotcloud/docker/pkg/system"
+	"github.com/docker/libcontainer/system"
 )
 
 //  crosbymichael: could make a network strategy that instead of returning veth pair names it returns a pid to an existing network namespace
@@ -23,12 +23,15 @@ func (v *NetNS) Initialize(config *Network, networkState *NetworkState) error {
 	if networkState.NsPath == "" {
 		return fmt.Errorf("nspath does is not specified in NetworkState")
 	}
+
 	f, err := os.OpenFile(networkState.NsPath, os.O_RDONLY, 0)
 	if err != nil {
 		return fmt.Errorf("failed get network namespace fd: %v", err)
 	}
+
 	if err := system.Setns(f.Fd(), syscall.CLONE_NEWNET); err != nil {
 		return fmt.Errorf("failed to setns current network namespace: %v", err)
 	}
+
 	return nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/network/types.go b/components/engine/vendor/src/github.com/docker/libcontainer/network/types.go
index 0f1df30e85..3b7a4e395c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/network/types.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/network/types.go
@@ -25,6 +25,7 @@ type Network struct {
 
 	// Mtu sets the mtu value for the interface and will be mirrored on both the host and
 	// container's interfaces if a pair is created, specifically in the case of type veth
+	// Note: This does not apply to loopback interfaces.
 	Mtu int `json:"mtu,omitempty"`
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index eb734545b5..690af5f5eb 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -2,14 +2,18 @@ package nsinit
 
 import (
 	"fmt"
+	"io"
 	"log"
 	"os"
 	"os/exec"
 	"os/signal"
+	"syscall"
 
 	"github.com/codegangsta/cli"
 	"github.com/docker/libcontainer"
+	consolepkg "github.com/docker/libcontainer/console"
 	"github.com/docker/libcontainer/namespaces"
+	"github.com/dotcloud/docker/pkg/term"
 )
 
 var execCommand = cli.Command{
@@ -34,8 +38,7 @@ func execAction(context *cli.Context) {
 	if state != nil {
 		err = namespaces.ExecIn(container, state, []string(context.Args()))
 	} else {
-		term := namespaces.NewTerminal(os.Stdin, os.Stdout, os.Stderr, container.Tty)
-		exitCode, err = startContainer(container, term, dataPath, []string(context.Args()))
+		exitCode, err = startContainer(container, dataPath, []string(context.Args()))
 	}
 
 	if err != nil {
@@ -49,7 +52,7 @@ func execAction(context *cli.Context) {
 // error.
 //
 // Signals sent to the current process will be forwarded to container.
-func startContainer(container *libcontainer.Config, term namespaces.Terminal, dataPath string, args []string) (int, error) {
+func startContainer(container *libcontainer.Config, dataPath string, args []string) (int, error) {
 	var (
 		cmd  *exec.Cmd
 		sigc = make(chan os.Signal, 10)
@@ -65,13 +68,66 @@ func startContainer(container *libcontainer.Config, term namespaces.Terminal, da
 		return cmd
 	}
 
+	var (
+		master  *os.File
+		console string
+		err     error
+
+		stdin  = os.Stdin
+		stdout = os.Stdout
+		stderr = os.Stderr
+	)
+
+	if container.Tty {
+		stdin = nil
+		stdout = nil
+		stderr = nil
+
+		master, console, err = consolepkg.CreateMasterAndConsole()
+		if err != nil {
+			return -1, err
+		}
+
+		go io.Copy(master, os.Stdin)
+		go io.Copy(os.Stdout, master)
+
+		state, err := term.SetRawTerminal(os.Stdin.Fd())
+		if err != nil {
+			return -1, err
+		}
+
+		defer term.RestoreTerminal(os.Stdin.Fd(), state)
+	}
+
 	startCallback := func() {
 		go func() {
+			resizeTty(master)
+
 			for sig := range sigc {
-				cmd.Process.Signal(sig)
+				switch sig {
+				case syscall.SIGWINCH:
+					resizeTty(master)
+				default:
+					cmd.Process.Signal(sig)
+				}
 			}
 		}()
 	}
 
-	return namespaces.Exec(container, term, "", dataPath, args, createCommand, startCallback)
+	return namespaces.Exec(container, stdin, stdout, stderr, console, "", dataPath, args, createCommand, startCallback)
+}
+
+func resizeTty(master *os.File) {
+	if master == nil {
+		return
+	}
+
+	ws, err := term.GetWinsize(os.Stdin.Fd())
+	if err != nil {
+		return
+	}
+
+	if err := term.SetWinsize(master.Fd(), ws); err != nil {
+		return
+	}
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/security/restrict/restrict.go b/components/engine/vendor/src/github.com/docker/libcontainer/security/restrict/restrict.go
index ff7ae2fec6..dd765b1f1b 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/security/restrict/restrict.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/security/restrict/restrict.go
@@ -7,23 +7,21 @@ import (
 	"os"
 	"syscall"
 	"time"
-
-	"github.com/dotcloud/docker/pkg/system"
 )
 
 const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
 
 func mountReadonly(path string) error {
 	for i := 0; i < 5; i++ {
-		if err := system.Mount("", path, "", syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil && !os.IsNotExist(err) {
+		if err := syscall.Mount("", path, "", syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil && !os.IsNotExist(err) {
 			switch err {
 			case syscall.EINVAL:
 				// Probably not a mountpoint, use bind-mount
-				if err := system.Mount(path, path, "", syscall.MS_BIND, ""); err != nil {
+				if err := syscall.Mount(path, path, "", syscall.MS_BIND, ""); err != nil {
 					return err
 				}
 
-				return system.Mount(path, path, "", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC|defaultMountFlags, "")
+				return syscall.Mount(path, path, "", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC|defaultMountFlags, "")
 			case syscall.EBUSY:
 				time.Sleep(100 * time.Millisecond)
 				continue
@@ -47,7 +45,7 @@ func Restrict(mounts ...string) error {
 		}
 	}
 
-	if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
+	if err := syscall.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
 		return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore: %s", err)
 	}
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
index 709eb9d815..8dbdbdbc21 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
@@ -5,8 +5,6 @@ import (
 	"crypto/rand"
 	"encoding/binary"
 	"fmt"
-	"github.com/dotcloud/docker/pkg/mount"
-	"github.com/dotcloud/docker/pkg/system"
 	"io"
 	"os"
 	"path/filepath"
@@ -14,6 +12,9 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+
+	"github.com/docker/libcontainer/system"
+	"github.com/dotcloud/docker/pkg/mount"
 )
 
 const (
@@ -153,16 +154,16 @@ func Getfilecon(path string) (string, error) {
 }
 
 func Setfscreatecon(scon string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()), scon)
+	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()), scon)
 }
 
 func Getfscreatecon() (string, error) {
-	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()))
+	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()))
 }
 
 // Return the SELinux label of the current process thread.
 func Getcon() (string, error) {
-	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", system.Gettid()))
+	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()))
 }
 
 func Getpidcon(pid int) (string, error) {
@@ -192,7 +193,7 @@ func writeCon(name string, val string) error {
 }
 
 func Setexeccon(scon string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
+	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
 }
 
 func (c SELinuxContext) Get() string {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/linux.go
new file mode 100644
index 0000000000..c07ef1532d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/linux.go
@@ -0,0 +1,60 @@
+// +build linux
+
+package system
+
+import (
+	"os/exec"
+	"syscall"
+	"unsafe"
+)
+
+func Execv(cmd string, args []string, env []string) error {
+	name, err := exec.LookPath(cmd)
+	if err != nil {
+		return err
+	}
+
+	return syscall.Exec(name, args, env)
+}
+
+func ParentDeathSignal(sig uintptr) error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 {
+		return err
+	}
+	return nil
+}
+
+func GetParentDeathSignal() (int, error) {
+	var sig int
+
+	_, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0)
+
+	if err != 0 {
+		return -1, err
+	}
+
+	return sig, nil
+}
+
+func SetKeepCaps() error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 {
+		return err
+	}
+
+	return nil
+}
+
+func ClearKeepCaps() error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 {
+		return err
+	}
+
+	return nil
+}
+
+func Setctty() error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 {
+		return err
+	}
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/proc.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/proc.go
new file mode 100644
index 0000000000..37808a29f6
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/proc.go
@@ -0,0 +1,27 @@
+package system
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+// look in /proc to find the process start time so that we can verify
+// that this pid has started after ourself
+func GetProcessStartTime(pid int) (string, error) {
+	data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
+	if err != nil {
+		return "", err
+	}
+
+	parts := strings.Split(string(data), " ")
+	// the starttime is located at pos 22
+	// from the man page
+	//
+	// starttime %llu (was %lu before Linux 2.6)
+	// (22)  The  time the process started after system boot.  In kernels before Linux 2.6, this
+	// value was expressed in jiffies.  Since Linux 2.6, the value is expressed in  clock  ticks
+	// (divide by sysconf(_SC_CLK_TCK)).
+	return parts[22-1], nil // starts at 1
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
new file mode 100644
index 0000000000..a0a259e170
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
@@ -0,0 +1,29 @@
+package system
+
+import (
+	"fmt"
+	"runtime"
+	"syscall"
+)
+
+// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092
+//
+// We need different setns values for the different platforms and arch
+// We are declaring the macro here because the SETNS syscall does not exist in th stdlib
+var setNsMap = map[string]uintptr{
+	"linux/amd64": 308,
+}
+
+func Setns(fd uintptr, flags uintptr) error {
+	ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)]
+	if !exists {
+		return fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH)
+	}
+
+	_, _, err := syscall.RawSyscall(ns, fd, flags, 0)
+	if err != 0 {
+		return err
+	}
+
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
new file mode 100644
index 0000000000..dcbe6c9cdd
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
@@ -0,0 +1,13 @@
+// +build linux,cgo
+
+package system
+
+/*
+#include <unistd.h>
+int get_hz(void) { return sysconf(_SC_CLK_TCK); }
+*/
+import "C"
+
+func GetClockTicks() int {
+	return int(C.get_hz())
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go
new file mode 100644
index 0000000000..00edb201b5
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/xattrs_linux.go
@@ -0,0 +1,59 @@
+package system
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Returns a nil slice and nil error if the xattr is not set
+func Lgetxattr(path string, attr string) ([]byte, error) {
+	pathBytes, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	attrBytes, err := syscall.BytePtrFromString(attr)
+	if err != nil {
+		return nil, err
+	}
+
+	dest := make([]byte, 128)
+	destBytes := unsafe.Pointer(&dest[0])
+	sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
+	if errno == syscall.ENODATA {
+		return nil, nil
+	}
+	if errno == syscall.ERANGE {
+		dest = make([]byte, sz)
+		destBytes := unsafe.Pointer(&dest[0])
+		sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
+	}
+	if errno != 0 {
+		return nil, errno
+	}
+
+	return dest[:sz], nil
+}
+
+var _zero uintptr
+
+func Lsetxattr(path string, attr string, data []byte, flags int) error {
+	pathBytes, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	attrBytes, err := syscall.BytePtrFromString(attr)
+	if err != nil {
+		return err
+	}
+	var dataBytes unsafe.Pointer
+	if len(data) > 0 {
+		dataBytes = unsafe.Pointer(&data[0])
+	} else {
+		dataBytes = unsafe.Pointer(&_zero)
+	}
+	_, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}

From 81d8d0838902d97d5cd9b08986dd335d1874a60d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 15 Jul 2014 18:31:46 -0700
Subject: [PATCH 156/516] Don't create pty slave in the daemon for native
 driver Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com>
 (github: crosbymichael) Upstream-commit:
 1501c342d815e3a128dac393b69e23f6ec39c2d7 Component: engine

---
 .../engine/daemon/execdriver/native/driver.go | 27 ++++--------
 .../engine/daemon/execdriver/native/term.go   | 42 -------------------
 .../engine/daemon/execdriver/termconsole.go   | 26 ++++++------
 components/engine/pkg/system/sysconfig.go     | 13 ------
 4 files changed, 22 insertions(+), 86 deletions(-)
 delete mode 100644 components/engine/daemon/execdriver/native/term.go
 delete mode 100644 components/engine/pkg/system/sysconfig.go

diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 3f2036b8c0..5b1b96bdfe 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -95,6 +95,11 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	if err != nil {
 		return -1, err
 	}
+
+	if err := execdriver.SetTerminal(c, pipes); err != nil {
+		return -1, err
+	}
+
 	d.Lock()
 	d.activeContainers[c.ID] = &activeContainer{
 		container: container,
@@ -106,6 +111,7 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		dataPath = filepath.Join(d.root, c.ID)
 		args     = append([]string{c.Entrypoint}, c.Arguments...)
 	)
+
 	if err := d.createContainerRoot(c.ID); err != nil {
 		return -1, err
 	}
@@ -115,9 +121,7 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		return -1, err
 	}
 
-	term := getTerminal(c, pipes)
-
-	return namespaces.Exec(container, term, c.Rootfs, dataPath, args, func(container *libcontainer.Config, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd {
+	return namespaces.Exec(container, c.Stdin, c.Stdout, c.Stderr, c.Console, c.Rootfs, dataPath, args, func(container *libcontainer.Config, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd {
 		// we need to join the rootfs because namespaces will setup the rootfs and chroot
 		initPath := filepath.Join(c.Rootfs, c.InitPath)
 
@@ -201,11 +205,13 @@ func (d *driver) Terminate(p *execdriver.Command) error {
 	if err != nil {
 		return err
 	}
+
 	if state.InitStartTime == currentStartTime {
 		err = syscall.Kill(p.Process.Pid, 9)
 		syscall.Wait4(p.Process.Pid, nil, 0, nil)
 	}
 	d.removeContainerRoot(p.ID)
+
 	return err
 
 }
@@ -266,18 +272,3 @@ func getEnv(key string, env []string) string {
 	}
 	return ""
 }
-
-func getTerminal(c *execdriver.Command, pipes *execdriver.Pipes) namespaces.Terminal {
-	var term namespaces.Terminal
-	if c.Tty {
-		term = &dockerTtyTerm{
-			pipes: pipes,
-		}
-	} else {
-		term = &dockerStdTerm{
-			pipes: pipes,
-		}
-	}
-	c.Terminal = term
-	return term
-}
diff --git a/components/engine/daemon/execdriver/native/term.go b/components/engine/daemon/execdriver/native/term.go
deleted file mode 100644
index f60351c609..0000000000
--- a/components/engine/daemon/execdriver/native/term.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
-   These types are wrappers around the libcontainer Terminal interface so that
-   we can resuse the docker implementations where possible.
-*/
-package native
-
-import (
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"io"
-	"os"
-	"os/exec"
-)
-
-type dockerStdTerm struct {
-	execdriver.StdConsole
-	pipes *execdriver.Pipes
-}
-
-func (d *dockerStdTerm) Attach(cmd *exec.Cmd) error {
-	return d.AttachPipes(cmd, d.pipes)
-}
-
-func (d *dockerStdTerm) SetMaster(master *os.File) {
-	// do nothing
-}
-
-type dockerTtyTerm struct {
-	execdriver.TtyConsole
-	pipes *execdriver.Pipes
-}
-
-func (t *dockerTtyTerm) Attach(cmd *exec.Cmd) error {
-	go io.Copy(t.pipes.Stdout, t.MasterPty)
-	if t.pipes.Stdin != nil {
-		go io.Copy(t.MasterPty, t.pipes.Stdin)
-	}
-	return nil
-}
-
-func (t *dockerTtyTerm) SetMaster(master *os.File) {
-	t.MasterPty = master
-}
diff --git a/components/engine/daemon/execdriver/termconsole.go b/components/engine/daemon/execdriver/termconsole.go
index af6b88d3d1..ebd849209f 100644
--- a/components/engine/daemon/execdriver/termconsole.go
+++ b/components/engine/daemon/execdriver/termconsole.go
@@ -1,11 +1,12 @@
 package execdriver
 
 import (
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/kr/pty"
 	"io"
 	"os"
 	"os/exec"
+
+	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/pkg/term"
 )
 
 func SetTerminal(command *Command, pipes *Pipes) error {
@@ -13,37 +14,42 @@ func SetTerminal(command *Command, pipes *Pipes) error {
 		term Terminal
 		err  error
 	)
+
 	if command.Tty {
 		term, err = NewTtyConsole(command, pipes)
 	} else {
 		term, err = NewStdConsole(command, pipes)
 	}
+
 	if err != nil {
 		return err
 	}
+
 	command.Terminal = term
+
 	return nil
 }
 
 type TtyConsole struct {
 	MasterPty *os.File
-	SlavePty  *os.File
 }
 
 func NewTtyConsole(command *Command, pipes *Pipes) (*TtyConsole, error) {
-	ptyMaster, ptySlave, err := pty.Open()
+	ptyMaster, console, err := system.CreateMasterAndConsole()
 	if err != nil {
 		return nil, err
 	}
+
 	tty := &TtyConsole{
 		MasterPty: ptyMaster,
-		SlavePty:  ptySlave,
 	}
+
 	if err := tty.AttachPipes(&command.Cmd, pipes); err != nil {
 		tty.Close()
 		return nil, err
 	}
-	command.Console = tty.SlavePty.Name()
+	command.Console = console
+
 	return tty, nil
 }
 
@@ -56,9 +62,6 @@ func (t *TtyConsole) Resize(h, w int) error {
 }
 
 func (t *TtyConsole) AttachPipes(command *exec.Cmd, pipes *Pipes) error {
-	command.Stdout = t.SlavePty
-	command.Stderr = t.SlavePty
-
 	go func() {
 		if wb, ok := pipes.Stdout.(interface {
 			CloseWriters() error
@@ -69,19 +72,16 @@ func (t *TtyConsole) AttachPipes(command *exec.Cmd, pipes *Pipes) error {
 	}()
 
 	if pipes.Stdin != nil {
-		command.Stdin = t.SlavePty
-		command.SysProcAttr.Setctty = true
-
 		go func() {
 			defer pipes.Stdin.Close()
 			io.Copy(t.MasterPty, pipes.Stdin)
 		}()
 	}
+
 	return nil
 }
 
 func (t *TtyConsole) Close() error {
-	t.SlavePty.Close()
 	return t.MasterPty.Close()
 }
 
diff --git a/components/engine/pkg/system/sysconfig.go b/components/engine/pkg/system/sysconfig.go
deleted file mode 100644
index dcbe6c9cdd..0000000000
--- a/components/engine/pkg/system/sysconfig.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build linux,cgo
-
-package system
-
-/*
-#include <unistd.h>
-int get_hz(void) { return sysconf(_SC_CLK_TCK); }
-*/
-import "C"
-
-func GetClockTicks() int {
-	return int(C.get_hz())
-}

From d18a40b4acfe59766fe8697e484778c4aa9d1ca5 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 15:37:10 -0700
Subject: [PATCH 157/516] Make tty term exec driver specific

lxc is special in that we cannot create the master outside of the
container without opening the slave because we have nothing to provide to the
cmd.  We have to open both then do the crazy setup on command right now instead of
passing the console path to lxc and telling it to open up that console.  we save a couple of
openfiles in the native driver because we can do this.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 0d67b420b59c953cf331f735e49e7acad742a41f
Component: engine
---
 .../engine/daemon/execdriver/lxc/driver.go    | 88 ++++++++++++++++++-
 .../engine/daemon/execdriver/native/driver.go | 69 ++++++++++++++-
 .../engine/daemon/execdriver/termconsole.go   | 80 -----------------
 3 files changed, 153 insertions(+), 84 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 5a6055fc43..fe3a3ce228 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -3,6 +3,7 @@ package lxc
 import (
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"os"
@@ -19,7 +20,9 @@ import (
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/dotcloud/docker/pkg/term"
 	"github.com/dotcloud/docker/utils"
+	"github.com/kr/pty"
 )
 
 const DriverName = "lxc"
@@ -78,10 +81,20 @@ func (d *driver) Name() string {
 }
 
 func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
-	if err := execdriver.SetTerminal(c, pipes); err != nil {
-		return -1, err
+	var (
+		term execdriver.Terminal
+		err  error
+	)
+
+	if c.Tty {
+		term, err = NewTtyConsole(c, pipes)
+	} else {
+		term, err = execdriver.NewStdConsole(c, pipes)
 	}
+	c.Terminal = term
+
 	c.Mounts = append(c.Mounts, execdriver.Mount{d.initPath, c.InitPath, false, true})
+
 	if err := d.generateEnvConfig(c); err != nil {
 		return -1, err
 	}
@@ -462,3 +475,74 @@ func (d *driver) generateEnvConfig(c *execdriver.Command) error {
 
 	return ioutil.WriteFile(p, data, 0600)
 }
+
+type TtyConsole struct {
+	MasterPty *os.File
+	SlavePty  *os.File
+}
+
+func NewTtyConsole(command *execdriver.Command, pipes *execdriver.Pipes) (*TtyConsole, error) {
+	// lxc is special in that we cannot create the master outside of the container without
+	// opening the slave because we have nothing to provide to the cmd.  We have to open both then do
+	// the crazy setup on command right now instead of passing the console path to lxc and telling it
+	// to open up that console.  we save a couple of openfiles in the native driver because we can do
+	// this.
+	ptyMaster, ptySlave, err := pty.Open()
+	if err != nil {
+		return nil, err
+	}
+
+	tty := &TtyConsole{
+		MasterPty: ptyMaster,
+		SlavePty:  ptySlave,
+	}
+
+	if err := tty.AttachPipes(&command.Cmd, pipes); err != nil {
+		tty.Close()
+		return nil, err
+	}
+
+	command.Console = tty.SlavePty.Name()
+
+	return tty, nil
+}
+
+func (t *TtyConsole) Master() *os.File {
+	return t.MasterPty
+}
+
+func (t *TtyConsole) Resize(h, w int) error {
+	return term.SetWinsize(t.MasterPty.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)})
+}
+
+func (t *TtyConsole) AttachPipes(command *exec.Cmd, pipes *execdriver.Pipes) error {
+	command.Stdout = t.SlavePty
+	command.Stderr = t.SlavePty
+
+	go func() {
+		if wb, ok := pipes.Stdout.(interface {
+			CloseWriters() error
+		}); ok {
+			defer wb.CloseWriters()
+		}
+
+		io.Copy(pipes.Stdout, t.MasterPty)
+	}()
+
+	if pipes.Stdin != nil {
+		command.Stdin = t.SlavePty
+		command.SysProcAttr.Setctty = true
+
+		go func() {
+			io.Copy(t.MasterPty, pipes.Stdin)
+
+			pipes.Stdin.Close()
+		}()
+	}
+	return nil
+}
+
+func (t *TtyConsole) Close() error {
+	t.SlavePty.Close()
+	return t.MasterPty.Close()
+}
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 5b1b96bdfe..711f29429a 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -5,6 +5,7 @@ package native
 import (
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -21,6 +22,7 @@ import (
 	"github.com/docker/libcontainer/syncpipe"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/pkg/term"
 )
 
 const (
@@ -96,9 +98,14 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		return -1, err
 	}
 
-	if err := execdriver.SetTerminal(c, pipes); err != nil {
-		return -1, err
+	var term execdriver.Terminal
+
+	if c.Tty {
+		term, err = NewTtyConsole(c, pipes)
+	} else {
+		term, err = execdriver.NewStdConsole(c, pipes)
 	}
+	c.Terminal = term
 
 	d.Lock()
 	d.activeContainers[c.ID] = &activeContainer{
@@ -272,3 +279,61 @@ func getEnv(key string, env []string) string {
 	}
 	return ""
 }
+
+type TtyConsole struct {
+	MasterPty *os.File
+}
+
+func NewTtyConsole(command *execdriver.Command, pipes *execdriver.Pipes) (*TtyConsole, error) {
+	ptyMaster, console, err := system.CreateMasterAndConsole()
+	if err != nil {
+		return nil, err
+	}
+
+	tty := &TtyConsole{
+		MasterPty: ptyMaster,
+	}
+
+	if err := tty.AttachPipes(&command.Cmd, pipes); err != nil {
+		tty.Close()
+		return nil, err
+	}
+
+	command.Console = console
+
+	return tty, nil
+}
+
+func (t *TtyConsole) Master() *os.File {
+	return t.MasterPty
+}
+
+func (t *TtyConsole) Resize(h, w int) error {
+	return term.SetWinsize(t.MasterPty.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)})
+}
+
+func (t *TtyConsole) AttachPipes(command *exec.Cmd, pipes *execdriver.Pipes) error {
+	go func() {
+		if wb, ok := pipes.Stdout.(interface {
+			CloseWriters() error
+		}); ok {
+			defer wb.CloseWriters()
+		}
+
+		io.Copy(pipes.Stdout, t.MasterPty)
+	}()
+
+	if pipes.Stdin != nil {
+		go func() {
+			io.Copy(t.MasterPty, pipes.Stdin)
+
+			pipes.Stdin.Close()
+		}()
+	}
+
+	return nil
+}
+
+func (t *TtyConsole) Close() error {
+	return t.MasterPty.Close()
+}
diff --git a/components/engine/daemon/execdriver/termconsole.go b/components/engine/daemon/execdriver/termconsole.go
index ebd849209f..dc0e54ccdb 100644
--- a/components/engine/daemon/execdriver/termconsole.go
+++ b/components/engine/daemon/execdriver/termconsole.go
@@ -2,89 +2,9 @@ package execdriver
 
 import (
 	"io"
-	"os"
 	"os/exec"
-
-	"github.com/dotcloud/docker/pkg/system"
-	"github.com/dotcloud/docker/pkg/term"
 )
 
-func SetTerminal(command *Command, pipes *Pipes) error {
-	var (
-		term Terminal
-		err  error
-	)
-
-	if command.Tty {
-		term, err = NewTtyConsole(command, pipes)
-	} else {
-		term, err = NewStdConsole(command, pipes)
-	}
-
-	if err != nil {
-		return err
-	}
-
-	command.Terminal = term
-
-	return nil
-}
-
-type TtyConsole struct {
-	MasterPty *os.File
-}
-
-func NewTtyConsole(command *Command, pipes *Pipes) (*TtyConsole, error) {
-	ptyMaster, console, err := system.CreateMasterAndConsole()
-	if err != nil {
-		return nil, err
-	}
-
-	tty := &TtyConsole{
-		MasterPty: ptyMaster,
-	}
-
-	if err := tty.AttachPipes(&command.Cmd, pipes); err != nil {
-		tty.Close()
-		return nil, err
-	}
-	command.Console = console
-
-	return tty, nil
-}
-
-func (t *TtyConsole) Master() *os.File {
-	return t.MasterPty
-}
-
-func (t *TtyConsole) Resize(h, w int) error {
-	return term.SetWinsize(t.MasterPty.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)})
-}
-
-func (t *TtyConsole) AttachPipes(command *exec.Cmd, pipes *Pipes) error {
-	go func() {
-		if wb, ok := pipes.Stdout.(interface {
-			CloseWriters() error
-		}); ok {
-			defer wb.CloseWriters()
-		}
-		io.Copy(pipes.Stdout, t.MasterPty)
-	}()
-
-	if pipes.Stdin != nil {
-		go func() {
-			defer pipes.Stdin.Close()
-			io.Copy(t.MasterPty, pipes.Stdin)
-		}()
-	}
-
-	return nil
-}
-
-func (t *TtyConsole) Close() error {
-	return t.MasterPty.Close()
-}
-
 type StdConsole struct {
 }
 

From f48be61b0ab68d07eb3c03241d796f1fff27983b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 16 Jul 2014 16:39:15 -0700
Subject: [PATCH 158/516] Fix cross compile non cgo and linux systems
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 7a8ea91392e0cc97caf2a6edc3b262b33a5b446d
 Component: engine

---
 components/engine/daemon/daemon.go                  |  6 +++---
 .../engine/daemon/execdriver/native/create.go       |  2 +-
 .../engine/daemon/execdriver/native/driver.go       |  2 +-
 .../execdriver/native/driver_unsupported_nocgo.go   | 13 +++++++++++++
 components/engine/daemon/execdriver/native/info.go  |  2 +-
 components/engine/daemon/utils_linux.go             | 13 +++++++++++++
 components/engine/daemon/utils_nolinux.go           |  9 +++++++++
 7 files changed, 41 insertions(+), 6 deletions(-)
 create mode 100644 components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
 create mode 100644 components/engine/daemon/utils_linux.go
 create mode 100644 components/engine/daemon/utils_nolinux.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index c45b8b9d32..d3f73f413c 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -13,7 +13,6 @@ import (
 	"time"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/docker/libcontainer/selinux"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/execdrivers"
@@ -300,7 +299,8 @@ func (daemon *Daemon) Destroy(container *Container) error {
 	if err := os.RemoveAll(container.root); err != nil {
 		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
 	}
-	selinux.FreeLxcContexts(container.ProcessLabel)
+
+	selinuxFreeLxcContexts(container.ProcessLabel)
 
 	return nil
 }
@@ -761,7 +761,7 @@ func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error)
 
 func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
 	if !config.EnableSelinuxSupport {
-		selinux.SetDisabled()
+		selinuxSetDisabled()
 	}
 
 	// Create the root directory if it doesn't exists
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index a96270d8b3..280ad70a6e 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build linux,cgo
 
 package native
 
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 711f29429a..37c21d6f94 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build linux,cgo
 
 package native
 
diff --git a/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go b/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
new file mode 100644
index 0000000000..9979099386
--- /dev/null
+++ b/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
@@ -0,0 +1,13 @@
+// +build linux,!cgo
+
+package native
+
+import (
+	"fmt"
+
+	"github.com/dotcloud/docker/daemon/execdriver"
+)
+
+func NewDriver(root, initPath string) (execdriver.Driver, error) {
+	return nil, fmt.Errorf("native driver not supported on non-linux")
+}
diff --git a/components/engine/daemon/execdriver/native/info.go b/components/engine/daemon/execdriver/native/info.go
index a27d5640a4..601b97e810 100644
--- a/components/engine/daemon/execdriver/native/info.go
+++ b/components/engine/daemon/execdriver/native/info.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build linux,cgo
 
 package native
 
diff --git a/components/engine/daemon/utils_linux.go b/components/engine/daemon/utils_linux.go
new file mode 100644
index 0000000000..bff2a787b1
--- /dev/null
+++ b/components/engine/daemon/utils_linux.go
@@ -0,0 +1,13 @@
+// +build linux
+
+package daemon
+
+import "github.com/docker/libcontainer/selinux"
+
+func selinuxSetDisabled() {
+	selinux.SetDisabled()
+}
+
+func selinuxFreeLxcContexts(label string) {
+	selinux.FreeLxcContexts(label)
+}
diff --git a/components/engine/daemon/utils_nolinux.go b/components/engine/daemon/utils_nolinux.go
new file mode 100644
index 0000000000..399376dbd4
--- /dev/null
+++ b/components/engine/daemon/utils_nolinux.go
@@ -0,0 +1,9 @@
+// +build !linux
+
+package daemon
+
+func selinuxSetDisabled() {
+}
+
+func selinuxFreeLxcContexts(label string) {
+}

From 35e71a0cd05c60ea276ca868ed67bf18a5c5e4b5 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Tue, 15 Jul 2014 14:02:12 +1000
Subject: [PATCH 159/516] Tianon made a micro-image (sub one meg?) that we can
 use as a very fast to download 'yes, your docker can download and run an
 image' test

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: 6ae07e24104af6eb245339dae3a878fb983d112e
Component: engine
---
 components/engine/docs/sources/installation/google.md  | 6 ++++--
 components/engine/docs/sources/installation/mac.md     | 6 +++---
 components/engine/docs/sources/installation/windows.md | 6 +++---
 components/engine/hack/install.sh                      | 4 ++--
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/components/engine/docs/sources/installation/google.md b/components/engine/docs/sources/installation/google.md
index 3f61ef8f49..c796d7bb5d 100644
--- a/components/engine/docs/sources/installation/google.md
+++ b/components/engine/docs/sources/installation/google.md
@@ -27,8 +27,10 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput
 4. Connect to the instance using SSH:
 
         $ gcloud compute ssh --zone us-central1-a docker-playground
-        docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/'
-        docker on GCE \o/
+        $$ docker-playground:~$ sudo docker run hello-world
+	Hello from Docker.
+	This message shows that your installation appears to be working correctly.
+	...
 
 Read more about [deploying Containers on Google Cloud Platform][5].
 
diff --git a/components/engine/docs/sources/installation/mac.md b/components/engine/docs/sources/installation/mac.md
index 2aff0e5b89..b6afe33873 100644
--- a/components/engine/docs/sources/installation/mac.md
+++ b/components/engine/docs/sources/installation/mac.md
@@ -56,12 +56,12 @@ and `boot2docker start`.
 
 ## Running Docker
 
-From your terminal, you can test that Docker is running with a “hello world” example.
+From your terminal, you can test that Docker is running with the small `hello-world` example image.
 Start the vm and then run:
 
-    $ docker run ubuntu echo hello world
+    $ docker run hello-world
 
-This should download the `ubuntu` image and print `hello world`.
+This should download the very small `hello-world` image and print a `Hello from Docker.` message.
 
 ## Container port redirection
 
diff --git a/components/engine/docs/sources/installation/windows.md b/components/engine/docs/sources/installation/windows.md
index 9908c053d0..6220cd6b6e 100644
--- a/components/engine/docs/sources/installation/windows.md
+++ b/components/engine/docs/sources/installation/windows.md
@@ -51,11 +51,11 @@ and the Boot2Docker management tool.
 
 Boot2Docker will log you in automatically so you can start using Docker right away.
 
-Let's try the “hello world” example. Run
+Let's try the `hello-world` example image. Run
 
-    $ docker run busybox echo hello world
+    $ docker run hello-world
 
-This will download the small busybox image and print "hello world".
+This should download the very small `hello-world` image and print a `Hello from Docker.` message.
 
 
 # Further Details
diff --git a/components/engine/hack/install.sh b/components/engine/hack/install.sh
index 641ec64155..52f058e147 100755
--- a/components/engine/hack/install.sh
+++ b/components/engine/hack/install.sh
@@ -85,7 +85,7 @@ case "$lsb_dist" in
 		if command_exists docker && [ -e /var/run/docker.sock ]; then
 			(
 				set -x
-				$sh_c 'docker run busybox echo "Docker has been successfully installed!"'
+				$sh_c 'docker run hello-world'
 			) || true
 		fi
 		your_user=your-user
@@ -150,7 +150,7 @@ case "$lsb_dist" in
 		if command_exists docker && [ -e /var/run/docker.sock ]; then
 			(
 				set -x
-				$sh_c 'docker run busybox echo "Docker has been successfully installed!"'
+				$sh_c 'docker run hello-world'
 			) || true
 		fi
 		your_user=your-user

From 17983a728d638b6939c0c8e81ceeaa6feb43fa25 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Thu, 17 Jul 2014 12:04:52 +1000
Subject: [PATCH 160/516] this info is out of date and forgotten

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: ade6d780d6222681e16b04ff1439240afc880a4f
Component: engine
---
 .../engine/hack/infrastructure/README.md      | 90 -------------------
 1 file changed, 90 deletions(-)
 delete mode 100644 components/engine/hack/infrastructure/README.md

diff --git a/components/engine/hack/infrastructure/README.md b/components/engine/hack/infrastructure/README.md
deleted file mode 100644
index d12fc4c63e..0000000000
--- a/components/engine/hack/infrastructure/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Docker project infrastructure
-
-This is an overview of the Docker infrastructure.
-
-**Note: obviously, credentials should not be stored in this repository.**
-However, when there are credentials, we should list how to obtain them
-(e.g. who has them).
-
-
-## Providers
-
-This should be the list of all the entities providing some kind of
-infrastructure service to the Docker project (either for free,
-or paid by dotCloud).
-
-
-Provider      | Service
---------------|-------------------------------------------------
-AWS           | packages (S3 bucket), dotCloud PAAS, dev-env, ci
-CloudFlare    | cdn
-Digital Ocean | ci
-dotCloud PAAS | website, index, registry, ssl, blog
-DynECT        | dns (docker.com)            
-GitHub        | repository
-Linode        | stackbrew
-Mailgun       | outgoing e-mail            
-ReadTheDocs   | docs
-
-*Ordered-by: lexicographic*
-
-
-## URLs
-
-This should be the list of all the infrastructure-related URLs
-and which service is handling them.
-
-URL                                          | Service
----------------------------------------------|---------------------------------
- http://blog.docker.com/                     | blog
-*http://cdn-registry-1.docker.io/            | registry (pull)
- http://debug.docker.io/                     | debug tool
- http://docs.docker.com/                     | documentation served from an S3 bucket
- http://docker-ci.dotcloud.com/              | ci
- http://docker.com/                          | redirect to www.docker.com (dynect)
-*http://get.docker.io/                       | packages
- https://github.com/dotcloud/docker          | repository
-*https://hub.docker.com/                     | Docker Hub
- http://registry-1.docker.io/                | registry (push)
- http://staging-docker-ci.dotcloud.com/      | ci
-*http://test.docker.io/                      | packages
-*http://www.docker.com/                      | website
- http://? (internal URL, not for public use) | stackbrew
-
-*Ordered-by: lexicographic*
-
-**Note:** an asterisk in front of the URL means that it is cached by CloudFlare.
-
-
-## Services
-
-This should be the list of all services referenced above.
-
-Service             | Maintainer(s)              | How to update    | Source
---------------------|----------------------------|------------------|-------
-blog                | [@jbarbier]                | dotcloud push    | https://github.com/dotcloud/blog.docker.io
-cdn                 | [@jpetazzo][] [@samalba][] | cloudflare panel | N/A
-ci                  | [@mzdaniel]                | See [docker-ci]  | See [docker-ci]
-docs                | [@metalivedev]             | github webhook   | docker repo
-docsproxy           | [@dhrp]                    | dotcloud push    | https://github.com/dotcloud/docker-docs-dotcloud-proxy
-index               | [@kencochrane]             | dotcloud push    | private
-packages            | [@jpetazzo]                | hack/release     | docker repo
-registry            | [@samalba]                 | dotcloud push    | https://github.com/dotcloud/docker-registry
-repository (github) | N/A                        | N/A              | N/A
-ssl (dotcloud)      | [@jpetazzo]                | dotcloud ops     | N/A
-ssl (cloudflare)    | [@jpetazzo]                | cloudflare panel | N/A
-stackbrew           | [@shin-]                   | manual           | https://github.com/dotcloud/stackbrew/stackbrew
-website             | [@dhrp]                    | dotcloud push    | https://github.com/dotcloud/www.docker.io
-
-*Ordered-by: lexicographic*
-
-
-[docker-ci]: docker-ci.rst
-[@dhrp]: https://github.com/dhrp
-[@jbarbier]: https://github.com/jbarbier
-[@jpetazzo]: https://github.com/jpetazzo
-[@kencochrane]: https://github.com/kencochrane
-[@metalivedev]: https://github.com/metalivedev
-[@mzdaniel]: https://github.com/mzdaniel
-[@samalba]: https://github.com/samalba
-[@shin-]: https://github.com/shin-

From 777bf1081fa297688c322201d913a5cead56a590 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 16 Jul 2014 23:03:32 -0600
Subject: [PATCH 161/516] Fix hack/make/ubuntu to install both docker.service
 and docker.socket

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: ff08357c9be7fce37b4be2f08d85e801d07af2f0
Component: engine
---
 components/engine/hack/make/ubuntu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/make/ubuntu b/components/engine/hack/make/ubuntu
index 0d19d7528b..98ec423073 100644
--- a/components/engine/hack/make/ubuntu
+++ b/components/engine/hack/make/ubuntu
@@ -36,7 +36,7 @@ bundle_ubuntu() {
 	mkdir -p $DIR/etc/default
 	cp contrib/init/sysvinit-debian/docker.default $DIR/etc/default/docker
 	mkdir -p $DIR/lib/systemd/system
-	cp contrib/init/systemd/docker.service $DIR/lib/systemd/system/
+	cp contrib/init/systemd/docker.{service,socket} $DIR/lib/systemd/system/
 
 	# Include contributed completions
 	mkdir -p $DIR/etc/bash_completion.d

From 21ff4631f158ba11c646518013e2d1ffd16aba94 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 17 Jul 2014 08:54:26 +0300
Subject: [PATCH 162/516] archive/tar: update to fix writing of PAX headers

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: f565862abcceaf74c2266ba40f34c1b24c6f40c3
Component: engine
---
 components/engine/hack/vendor.sh              |  2 +-
 .../p/go/src/pkg/archive/tar/writer.go        | 15 ++++++--
 .../p/go/src/pkg/archive/tar/writer_test.go   | 35 +++++++++++++++++++
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 93ecc8131e..4bb5970c02 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -55,7 +55,7 @@ clone hg code.google.com/p/gosqlite 74691fb6f837
 
 # get Go tip's archive/tar, for xattr support and improved performance
 # TODO after Go 1.4 drops, bump our minimum supported version and drop this vendored dep
-clone hg code.google.com/p/go 17404efd6b02
+clone hg code.google.com/p/go 1b17b3426e3c
 mv src/code.google.com/p/go/src/pkg/archive/tar tmp-tar
 rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
diff --git a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
index d107dbbb51..dafb2cabf3 100644
--- a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
+++ b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer.go
@@ -39,7 +39,8 @@ type Writer struct {
 	closed     bool
 	usedBinary bool            // whether the binary numeric field extension was used
 	preferPax  bool            // use pax header instead of binary numeric header
-	hdrBuff    [blockSize]byte // buffer to use in writeHeader
+	hdrBuff    [blockSize]byte // buffer to use in writeHeader when writing a regular header
+	paxHdrBuff [blockSize]byte // buffer to use in writeHeader when writing a pax header
 }
 
 // NewWriter creates a new Writer writing to w.
@@ -161,7 +162,17 @@ func (tw *Writer) writeHeader(hdr *Header, allowPax bool) error {
 	// subsecond time resolution, but for now let's just capture
 	// too long fields or non ascii characters
 
-	header := tw.hdrBuff[:]
+	var header []byte
+
+	// We need to select which scratch buffer to use carefully,
+	// since this method is called recursively to write PAX headers.
+	// If allowPax is true, this is the non-recursive call, and we will use hdrBuff.
+	// If allowPax is false, we are being called by writePAXHeader, and hdrBuff is
+	// already being used by the non-recursive call, so we must use paxHdrBuff.
+	header = tw.hdrBuff[:]
+	if !allowPax {
+		header = tw.paxHdrBuff[:]
+	}
 	copy(header, zeroBlock)
 	s := slicer(header)
 
diff --git a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer_test.go b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer_test.go
index 512fab1a6f..5e42e322f9 100644
--- a/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer_test.go
+++ b/components/engine/vendor/src/code.google.com/p/go/src/pkg/archive/tar/writer_test.go
@@ -454,3 +454,38 @@ func TestUSTARLongName(t *testing.T) {
 		t.Fatal("Couldn't recover long name")
 	}
 }
+
+func TestValidTypeflagWithPAXHeader(t *testing.T) {
+	var buffer bytes.Buffer
+	tw := NewWriter(&buffer)
+
+	fileName := strings.Repeat("ab", 100)
+
+	hdr := &Header{
+		Name:     fileName,
+		Size:     4,
+		Typeflag: 0,
+	}
+	if err := tw.WriteHeader(hdr); err != nil {
+		t.Fatalf("Failed to write header: %s", err)
+	}
+	if _, err := tw.Write([]byte("fooo")); err != nil {
+		t.Fatalf("Failed to write the file's data: %s", err)
+	}
+	tw.Close()
+
+	tr := NewReader(&buffer)
+
+	for {
+		header, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Fatalf("Failed to read header: %s", err)
+		}
+		if header.Typeflag != 0 {
+			t.Fatalf("Typeflag should've been 0, found %d", header.Typeflag)
+		}
+	}
+}

From d2349e06daf2e384b7f7adcebf7c029d2de7cd8c Mon Sep 17 00:00:00 2001
From: Kohei Tsuruta <coheyxyz@gmail.com>
Date: Wed, 16 Jul 2014 23:09:17 +0900
Subject: [PATCH 163/516] Change switch to if so that the break statements
 correctly breaks loop

Docker-DCO-1.1-Signed-off-by: Kohei Tsuruta <coheyxyz@gmail.com> (github: coheyxyz)
Upstream-commit: ffe885ec0e8a06c1614949bf383f6d1532f02c1d
Component: engine
---
 components/engine/daemon/networkdriver/bridge/driver.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index 9cffe29f3d..beb01243f9 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -415,8 +415,7 @@ func AllocatePort(job *engine.Job) engine.Status {
 			break
 		}
 
-		switch allocerr := err.(type) {
-		case portallocator.ErrPortAlreadyAllocated:
+		if allocerr, ok := err.(portallocator.ErrPortAlreadyAllocated); ok {
 			// There is no point in immediately retrying to map an explicitly
 			// chosen port.
 			if hostPort != 0 {
@@ -426,7 +425,7 @@ func AllocatePort(job *engine.Job) engine.Status {
 
 			// Automatically chosen 'free' port failed to bind: move on the next.
 			job.Logf("Failed to bind %s for container address %s. Trying another port.", allocerr.IPPort(), container.String())
-		default:
+		} else {
 			// some other error during mapping
 			job.Logf("Received an unexpected error during port allocation: %s", err.Error())
 			break

From 5a160c1d8419a4ed5e0fe5b20f7ba84da7e5867a Mon Sep 17 00:00:00 2001
From: bdevloed <boris.de.vloed@gmail.com>
Date: Thu, 17 Jul 2014 14:44:18 +0200
Subject: [PATCH 164/516] Update usingdocker.md

Change --help example command to match output in docs
Upstream-commit: f9b3147e2c3463207392d0f7a8ce533b42632815
Component: engine
---
 components/engine/docs/sources/userguide/usingdocker.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/userguide/usingdocker.md b/components/engine/docs/sources/userguide/usingdocker.md
index 857eac5e56..a882a79c7d 100644
--- a/components/engine/docs/sources/userguide/usingdocker.md
+++ b/components/engine/docs/sources/userguide/usingdocker.md
@@ -76,7 +76,7 @@ command:
 
 Or you can also pass the `--help` flag to the `docker` binary.
 
-    $ sudo docker images --help
+    $ sudo docker attach --help
 
 This will display the help text and all available flags:
 

From e650e69f7de04c04ec2eedd5e4e35fa37f23114a Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Wed, 16 Jul 2014 13:47:12 -0400
Subject: [PATCH 165/516] Bugfix: only use io.Copy in hijack if attaching both
 stdout and stderr

Add regression tests to ensure issue is fixed.

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: 1476f295aca20e1c35383c133219d54a5373183f
Component: engine
---
 components/engine/api/client/hijack.go        |  2 +-
 .../integration-cli/docker_cli_run_test.go    | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/components/engine/api/client/hijack.go b/components/engine/api/client/hijack.go
index 0a9d5d8ef2..1cb7ebf1c4 100644
--- a/components/engine/api/client/hijack.go
+++ b/components/engine/api/client/hijack.go
@@ -88,7 +88,7 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 			}()
 
 			// When TTY is ON, use regular copy
-			if setRawTerminal {
+			if setRawTerminal && stdout != nil {
 				_, err = io.Copy(stdout, br)
 			} else {
 				_, err = utils.StdCopy(stdout, stderr, br)
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index dba8e7fe28..2c349a9e6c 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1218,3 +1218,51 @@ func TestDnsOptionsBasedOnHostResolvConf(t *testing.T) {
 
 	logDone("run - dns options based on host resolv.conf")
 }
+
+// Regression test for #6983
+func TestAttachStdErrOnlyTTYMode(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stderr", "busybox", "true")
+
+	exitCode, err := runCommand(cmd)
+	if err != nil {
+		t.Fatal(err)
+	} else if exitCode != 0 {
+		t.Fatalf("Container should have exited with error code 0")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - Attach stderr only with -t")
+}
+
+// Regression test for #6983
+func TestAttachStdOutOnlyTTYMode(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stdout", "busybox", "true")
+
+	exitCode, err := runCommand(cmd)
+	if err != nil {
+		t.Fatal(err)
+	} else if exitCode != 0 {
+		t.Fatalf("Container should have exited with error code 0")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - Attach stdout only with -t")
+}
+
+// Regression test for #6983
+func TestAttachStdOutAndErrTTYMode(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "-t", "-a", "stdout", "-a", "stderr", "busybox", "true")
+
+	exitCode, err := runCommand(cmd)
+	if err != nil {
+		t.Fatal(err)
+	} else if exitCode != 0 {
+		t.Fatalf("Container should have exited with error code 0")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - Attach stderr and stdout with -t")
+}

From fb15d12a83043a0ea7718e4a734158cc83e9428e Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 17 Jul 2014 19:50:50 +0200
Subject: [PATCH 166/516] zsh: update zsh completion for docker command

zsh completion is updated with the content of
felixr/docker-zsh-completion.

Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Upstream-commit: 67e3f7482f792ced05b6fb659d0d4cb8c9899a32
Component: engine
---
 .../engine/contrib/completion/zsh/_docker     | 295 ++++++++++++++----
 1 file changed, 234 insertions(+), 61 deletions(-)

diff --git a/components/engine/contrib/completion/zsh/_docker b/components/engine/contrib/completion/zsh/_docker
index 3f96f00ef7..faf17b2bea 100644
--- a/components/engine/contrib/completion/zsh/_docker
+++ b/components/engine/contrib/completion/zsh/_docker
@@ -1,58 +1,118 @@
-#compdef docker 
+#compdef docker
 #
 # zsh completion for docker (http://docker.com)
 #
-# version:  0.2.2
-# author:   Felix Riedel
-# license:  BSD License
+# version:  0.3.0
 # github:   https://github.com/felixr/docker-zsh-completion
 #
+# contributers:
+#   - Felix Riedel
+#   - Vincent Bernat
+#
+# license:
+#
+# Copyright (c) 2013, Felix Riedel
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the <organization> nor the
+#       names of its contributors may be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
 
 __parse_docker_list() {
-    sed -e '/^ID/d' -e 's/[ ]\{2,\}/|/g' -e 's/ \([hdwm]\)\(inutes\|ays\|ours\|eeks\)/\1/' | awk ' BEGIN {FS="|"} { printf("%s:%7s, %s\n", $1, $4, $2)}'
+        awk '
+NR == 1 {
+    idx=1;i=0;f[i]=0
+    header=$0
+    while ( match(header, /  ([A-Z]+|[A-Z]+ [A-Z]+)/) ) {
+        idx += RSTART+1
+        f[++i]=idx
+        header = substr($0,idx)
+    }
+    f[++i]=999
+}
+
+NR > 1 '"$1"' {
+    for(j=0;j<i;j++) {
+        x[j] = substr($0, f[j], f[j+1]-f[j]-1)
+        gsub(/[ ]+$/, "", x[j])
+    }
+    printf("%s:%7s, %s\n", x[0], x[3], x[1])
+    if (x[6] != "") {
+       split(x[6], names, /,/)
+       for (name in names) printf("%s:%7s, %s\n", names[name], x[3], x[1])
+    }
+}
+'| sed -e 's/ \([hdwm]\)\(inutes\|ays\|ours\|eeks\)/\1/'
 }
 
 __docker_stoppedcontainers() {
     local expl
-    declare -a stoppedcontainers 
-    stoppedcontainers=(${(f)"$(docker ps -a | grep --color=never 'Exit' |  __parse_docker_list )"})
-    _describe -t containers-stopped "Stopped Containers" stoppedcontainers 
+    declare -a stoppedcontainers
+    stoppedcontainers=(${(f)"$(_call_program commands docker ps -a |  __parse_docker_list '&& / Exit/')"})
+    _describe -t containers-stopped "Stopped Containers" stoppedcontainers "$@"
 }
 
 __docker_runningcontainers() {
     local expl
-    declare -a containers 
+    declare -a containers
 
-    containers=(${(f)"$(docker ps | __parse_docker_list)"})
-    _describe -t containers-active "Running Containers" containers 
+    containers=(${(f)"$(_call_program commands docker ps | __parse_docker_list)"})
+    _describe -t containers-active "Running Containers" containers "$@"
 }
 
 __docker_containers () {
-    __docker_stoppedcontainers 
-    __docker_runningcontainers
+    __docker_stoppedcontainers "$@"
+    __docker_runningcontainers "$@"
 }
 
 __docker_images () {
     local expl
     declare -a images
-    images=(${(f)"$(docker images | awk '(NR > 1){printf("%s\\:%s\n", $1,$2)}')"})
-    images=($images ${(f)"$(docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"})
+    images=(${(f)"$(_call_program commands docker images | awk '(NR > 1 && $1 != "<none>"){printf("%s", $1);if ($2 != "<none>") printf("\\:%s", $2); printf("\n")}')"})
+    images=($images ${(f)"$(_call_program commands docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"})
     _describe -t docker-images "Images" images
 }
 
 __docker_tags() {
     local expl
     declare -a tags
-    tags=(${(f)"$(docker images | awk '(NR>1){print $2}'| sort | uniq)"})
+    tags=(${(f)"$(_call_program commands docker images | awk '(NR>1){print $2}'| sort | uniq)"})
     _describe -t docker-tags "tags" tags
 }
 
+__docker_repositories_with_tags() {
+    if compset -P '*:'; then
+        __docker_tags
+    else
+        __docker_repositories -qS ":"
+    fi
+}
+
 __docker_search() {
     # declare -a dockersearch
     local cache_policy
     zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
     if [[ -z "$cache_policy" ]]; then
-        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy 
+        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
     fi
 
     local searchterm cachename
@@ -60,14 +120,14 @@ __docker_search() {
     cachename=_docker-search-$searchterm
 
     local expl
-    local -a result 
+    local -a result
     if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \
         && ! _retrieve_cache ${cachename#_}; then
         _message "Searching for ${searchterm}..."
-        result=(${(f)"$(docker search ${searchterm} | awk '(NR>2){print $1}')"})
+        result=(${(f)"$(_call_program commands docker search ${searchterm} | awk '(NR>2){print $1}')"})
         _store_cache ${cachename#_} result
-    fi 
-    _wanted dockersearch expl 'Available images' compadd -a result 
+    fi
+    _wanted dockersearch expl 'Available images' compadd -a result
 }
 
 __docker_caching_policy()
@@ -81,8 +141,8 @@ __docker_caching_policy()
 __docker_repositories () {
     local expl
     declare -a repos
-    repos=(${(f)"$(docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"})
-    _describe -t docker-repos "Repositories" repos
+    repos=(${(f)"$(_call_program commands docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"})
+    _describe -t docker-repos "Repositories" repos "$@"
 }
 
 __docker_commands () {
@@ -91,15 +151,15 @@ __docker_commands () {
 
     zstyle -s ":completion:${curcontext}:" cache-policy cache_policy
     if [[ -z "$cache_policy" ]]; then
-        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy 
+        zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy
     fi
 
     if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \
-        && ! _retrieve_cache docker_subcommands; 
+        && ! _retrieve_cache docker_subcommands;
     then
-        _docker_subcommands=(${${(f)"$(_call_program commands 
+        _docker_subcommands=(${${(f)"$(_call_program commands
         docker 2>&1 | sed -e '1,6d' -e '/^[ ]*$/d' -e 's/[ ]*\([^ ]\+\)\s*\([^ ].*\)/\1:\2/' )"}})
-        _docker_subcommands=($_docker_subcommands 'help:Show help for a command') 
+        _docker_subcommands=($_docker_subcommands 'help:Show help for a command')
         _store_cache docker_subcommands _docker_subcommands
     fi
     _describe -t docker-commands "docker command" _docker_subcommands
@@ -108,100 +168,206 @@ __docker_commands () {
 __docker_subcommand () {
     local -a _command_args
     case "$words[1]" in
-        (attach|wait)
-            _arguments ':containers:__docker_runningcontainers'
+        (attach)
+            _arguments \
+                '--no-stdin[Do not attach stdin]' \
+                '--sig-proxy[Proxify all received signal]' \
+                ':containers:__docker_runningcontainers'
             ;;
         (build)
             _arguments \
-                '-t=-:repository:__docker_repositories' \
+                '--no-cache[Do not use cache when building the image]' \
+                '-q[Suppress verbose build output]' \
+                '--rm[Remove intermediate containers after a successful build]' \
+                '-t=-:repository:__docker_repositories_with_tags' \
                 ':path or URL:_directories'
             ;;
         (commit)
             _arguments \
+                '--author=-[Author]:author: ' \
+                '-m=-[Commit message]:message: ' \
+                '--run=-[Configuration automatically applied when the image is run]:configuration: ' \
                 ':container:__docker_containers' \
-                ':repository:__docker_repositories' \
-                ':tag: '
+                ':repository:__docker_repositories_with_tags'
             ;;
-        (diff|export|logs)
+        (cp)
+            _arguments \
+                ':container:->container' \
+                ':hostpath:_files'
+            case $state in
+                (container)
+                    if compset -P '*:'; then
+                        _files
+                    else
+                        __docker_containers -qS ":"
+                    fi
+                    ;;
+            esac
+            ;;
+        (diff|export)
             _arguments '*:containers:__docker_containers'
             ;;
         (history)
-            _arguments '*:images:__docker_images'
+            _arguments \
+                '--no-trunc[Do not truncate output]' \
+                '-q[Only show numeric IDs]' \
+                '*:images:__docker_images'
             ;;
         (images)
             _arguments \
                 '-a[Show all images]' \
+                '--no-trunc[Do not truncate output]' \
+                '-q[Only show numeric IDs]' \
+                '--tree[Output graph in tree format]' \
+                '--viz[Output graph in graphviz format]' \
                 ':repository:__docker_repositories'
             ;;
         (inspect)
-            _arguments '*:containers:__docker_containers'
+            _arguments \
+                '--format=-[Format the output using the given go template]:template: ' \
+                '*:containers:__docker_containers'
             ;;
-        (history)
-            _arguments ':images:__docker_images'
+        (import)
+            _arguments \
+                ':URL:(- http:// file://)' \
+                ':repository:__docker_repositories_with_tags'
+            ;;
+        (info)
+            ;;
+        (import)
+            _arguments \
+                ':URL:(- http:// file://)' \
+                ':repository:__docker_repositories_with_tags'
+            ;;
+        (insert)
+            _arguments '1:containers:__docker_containers' \
+                       '2:URL:(http:// file://)' \
+                       '3:file:_files'
             ;;
         (kill)
             _arguments '*:containers:__docker_runningcontainers'
             ;;
+        (load)
+            ;;
+        (login)
+            _arguments \
+                '-e=-[Email]:email: ' \
+                '-p=-[Password]:password: ' \
+                '-u=-[Username]:username: ' \
+                ':server: '
+            ;;
+        (logs)
+            _arguments \
+                '-f[Follow log output]' \
+                '*:containers:__docker_containers'
+            ;;
         (port)
-            _arguments '1:containers:__docker_runningcontainers'
+            _arguments \
+                '1:containers:__docker_runningcontainers' \
+                '2:port:_ports'
             ;;
         (start)
-            _arguments '*:containers:__docker_stoppedcontainers'
+            _arguments \
+                '-a[Attach container'"'"'s stdout/stderr and forward all signals]' \
+                '-i[Attach container'"'"'s stding]' \
+                '*:containers:__docker_stoppedcontainers'
             ;;
         (rm)
-            _arguments '-v[Remove the volumes associated to the container]' \
+            _arguments \
+                '--link[Remove the specified link and not the underlying container]' \
+                '-v[Remove the volumes associated to the container]' \
                 '*:containers:__docker_stoppedcontainers'
             ;;
         (rmi)
-            _arguments '-v[Remove the volumes associated to the container]' \
+            _arguments \
                 '*:images:__docker_images'
             ;;
-        (top)
-            _arguments '1:containers:__docker_runningcontainers'
-            ;;
         (restart|stop)
             _arguments '-t=-[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \
                 '*:containers:__docker_runningcontainers'
             ;;
         (top)
-            _arguments ':containers:__docker_runningcontainers'
+            _arguments \
+                '1:containers:__docker_runningcontainers' \
+                '(-)*:: :->ps-arguments'
+            case $state in
+                (ps-arguments)
+                    _ps
+                    ;;
+            esac
+
             ;;
         (ps)
-            _arguments '-a[Show all containers. Only running containers are shown by default]' \
-                '-h[Show help]' \
-                '--before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \
-            '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)'
+            _arguments \
+                '-a[Show all containers]' \
+                '--before=-[Show only container created before...]:containers:__docker_containers' \
+                '-l[Show only the latest created container]' \
+                '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \
+                '--no-trunc[Do not truncate output]' \
+                '-q[Only show numeric IDs]' \
+                '-s[Display sizes]' \
+                '--since=-[Show only containers created since...]:containers:__docker_containers'
             ;;
         (tag)
             _arguments \
                 '-f[force]'\
                 ':image:__docker_images'\
-                ':repository:__docker_repositories' \
-                ':tag:__docker_tags'
+                ':repository:__docker_repositories_with_tags'
             ;;
         (run)
             _arguments \
-                '-a=-[Attach to stdin, stdout or stderr]:toggle:(true false)' \
-                '-c=-[CPU shares (relative weight)]:CPU shares: ' \
+                '-P[Publish all exposed ports to the host]' \
+                '-a[Attach to stdin, stdout or stderr]' \
+                '-c=-[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \
+                '--cidfile=-[Write the container ID to the file]:CID file:_files' \
                 '-d[Detached mode: leave the container running in the background]' \
-                '*--dns=[Set custom dns servers]:dns server: ' \
-                '*-e=[Set environment variables]:environment variable: ' \
+                '*--dns=-[Set custom dns servers]:dns server: ' \
+                '*-e=-[Set environment variables]:environment variable: ' \
                 '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \
+                '*--expose=-[Expose a port from the container without publishing it]: ' \
                 '-h=-[Container host name]:hostname:_hosts' \
                 '-i[Keep stdin open even if not attached]' \
+                '--link=-[Add link to another container]:link:->link' \
+                '--lxc-conf=-[Add custom lxc options]:lxc options: ' \
                 '-m=-[Memory limit (in bytes)]:limit: ' \
-                '*-p=-[Expose a container''s port to the host]:port:_ports' \
-                '-t=-[Allocate a pseudo-tty]:toggle:(true false)' \
+                '--name=-[Container name]:name: ' \
+                '*-p=-[Expose a container'"'"'s port to the host]:port:_ports' \
+                '--privileged[Give extended privileges to this container]' \
+                '--rm[Remove intermediate containers when it exits]' \
+                '--sig-proxy[Proxify all received signal]' \
+                '-t[Allocate a pseudo-tty]' \
                 '-u=-[Username or UID]:user:_users' \
                 '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\
                 '--volumes-from=-[Mount volumes from the specified container]:volume: ' \
+                '-w=-[Working directory inside the container]:directory:_directories' \
                 '(-):images:__docker_images' \
                 '(-):command: _command_names -e' \
                 '*::arguments: _normal'
-                ;;
+
+            case $state in
+                (link)
+                    if compset -P '*:'; then
+                        _wanted alias expl 'Alias' compadd -E ""
+                    else
+                        __docker_runningcontainers -qS ":"
+                    fi
+                    ;;
+            esac
+
+            ;;
         (pull|search)
             _arguments ':name:__docker_search'
             ;;
+        (push)
+            _arguments ':repository:__docker_repositories_with_tags'
+            ;;
+        (save)
+            _arguments \
+                ':images:__docker_images'
+            ;;
+        (wait)
+            _arguments ':containers:__docker_runningcontainers'
+            ;;
         (help)
             _arguments ':subcommand:__docker_commands'
             ;;
@@ -212,24 +378,31 @@ __docker_subcommand () {
 }
 
 _docker () {
+    # Support for subservices, which allows for `compdef _docker docker-shell=_docker_containers`.
+    # Based on /usr/share/zsh/functions/Completion/Unix/_git without support for `ret`.
+    if [[ $service != docker ]]; then
+        _call_function - _$service
+        return
+    fi
+
     local curcontext="$curcontext" state line
     typeset -A opt_args
 
     _arguments -C \
       '-H=-[tcp://host:port to bind/connect to]:socket: ' \
          '(-): :->command' \
-         '(-)*:: :->option-or-argument' 
+         '(-)*:: :->option-or-argument'
 
     if (( CURRENT == 1 )); then
 
     fi
-    case $state in 
+    case $state in
         (command)
             __docker_commands
             ;;
         (option-or-argument)
             curcontext=${curcontext%:*:*}:docker-$words[1]:
-            __docker_subcommand 
+            __docker_subcommand
             ;;
     esac
 }

From 554507d5b799ff7a395c73e9a6526eb5942f34a4 Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Thu, 17 Jul 2014 11:57:16 -0700
Subject: [PATCH 167/516] contrib/init/systemd: add philips as MAINTAINER

As requested after #7021 add me as a maintainer alongside the sword
toting @lsm5.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: 81307680142d5ddd8e80c70c5da8afc799318556
Component: engine
---
 components/engine/contrib/init/systemd/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/contrib/init/systemd/MAINTAINERS b/components/engine/contrib/init/systemd/MAINTAINERS
index 0c6b0e9d70..760a76d6fe 100644
--- a/components/engine/contrib/init/systemd/MAINTAINERS
+++ b/components/engine/contrib/init/systemd/MAINTAINERS
@@ -1 +1,2 @@
 Lokesh Mandvekar <lsm5@fedoraproject.org> (@lsm5)
+Brandon Philips <brandon.philips@coreos.com> (@philips)

From e695b55f9ef40ffff893422d2c81f69bbfb3b5b9 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 8 Jul 2014 23:25:22 +0300
Subject: [PATCH 168/516] integcli: add JSON utils for testing

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: e5e8669c7289959a2634bd3f66f89eef1bd4ef01
Component: engine
---
 .../engine/integration-cli/docker_utils.go    | 10 ++++++++
 components/engine/integration-cli/utils.go    | 23 +++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/components/engine/integration-cli/docker_utils.go b/components/engine/integration-cli/docker_utils.go
index 74576ba489..e3e5b36d93 100644
--- a/components/engine/integration-cli/docker_utils.go
+++ b/components/engine/integration-cli/docker_utils.go
@@ -211,6 +211,16 @@ func inspectField(name, field string) (string, error) {
 	return strings.TrimSpace(out), nil
 }
 
+func inspectFieldJSON(name, field string) (string, error) {
+	format := fmt.Sprintf("{{json .%s}}", field)
+	inspectCmd := exec.Command(dockerBinary, "inspect", "-f", format, name)
+	out, exitCode, err := runCommandWithOutput(inspectCmd)
+	if err != nil || exitCode != 0 {
+		return "", fmt.Errorf("failed to inspect %s: %s", name, out)
+	}
+	return strings.TrimSpace(out), nil
+}
+
 func getIDByName(name string) (string, error) {
 	return inspectField(name, "Id")
 }
diff --git a/components/engine/integration-cli/utils.go b/components/engine/integration-cli/utils.go
index ae7af52687..c414c9a2d9 100644
--- a/components/engine/integration-cli/utils.go
+++ b/components/engine/integration-cli/utils.go
@@ -2,9 +2,11 @@ package main
 
 import (
 	"bytes"
+	"encoding/json"
 	"fmt"
 	"io"
 	"os/exec"
+	"reflect"
 	"strings"
 	"syscall"
 	"testing"
@@ -111,3 +113,24 @@ func errorOutOnNonNilError(err error, t *testing.T, message string) {
 func nLines(s string) int {
 	return strings.Count(s, "\n")
 }
+
+func unmarshalJSON(data []byte, result interface{}) error {
+	err := json.Unmarshal(data, result)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func deepEqual(expected interface{}, result interface{}) bool {
+	return reflect.DeepEqual(result, expected)
+}
+
+func convertSliceOfStringsToMap(input []string) map[string]struct{} {
+	output := make(map[string]struct{})
+	for _, v := range input {
+		output[v] = struct{}{}
+	}
+	return output
+}

From e55262927d0da1f776450e485eecdf756659d385 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 8 Jul 2014 23:27:58 +0300
Subject: [PATCH 169/516] integcli: fix map randomization failures

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 68bb56a4a5a5905a7f5eb0781782e1db5cfc7a89
Component: engine
---
 .../integration-cli/docker_cli_build_test.go  | 24 ++++++++++++++-----
 .../integration-cli/docker_cli_links_test.go  | 20 +++++++++++++---
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 64264cd813..3b1c1c230e 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"fmt"
-
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -592,8 +591,12 @@ func TestBuildRm(t *testing.T) {
 }
 
 func TestBuildWithVolumes(t *testing.T) {
-	name := "testbuildvolumes"
-	expected := "map[/test1:map[] /test2:map[]]"
+	var (
+		result   map[string]map[string]struct{}
+		name     = "testbuildvolumes"
+		emptyMap = make(map[string]struct{})
+		expected = map[string]map[string]struct{}{"/test1": emptyMap, "/test2": emptyMap}
+	)
 	defer deleteImages(name)
 	_, err := buildImage(name,
 		`FROM scratch
@@ -603,13 +606,22 @@ func TestBuildWithVolumes(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	res, err := inspectField(name, "Config.Volumes")
+	res, err := inspectFieldJSON(name, "Config.Volumes")
 	if err != nil {
 		t.Fatal(err)
 	}
-	if res != expected {
-		t.Fatalf("Volumes %s, expected %s", res, expected)
+
+	err = unmarshalJSON([]byte(res), &result)
+	if err != nil {
+		t.Fatal(err)
 	}
+
+	equal := deepEqual(&expected, &result)
+
+	if !equal {
+		t.Fatalf("Volumes %s, expected %s", result, expected)
+	}
+
 	logDone("build - with volumes")
 }
 
diff --git a/components/engine/integration-cli/docker_cli_links_test.go b/components/engine/integration-cli/docker_cli_links_test.go
index d2616475c9..d5336a62c8 100644
--- a/components/engine/integration-cli/docker_cli_links_test.go
+++ b/components/engine/integration-cli/docker_cli_links_test.go
@@ -93,16 +93,30 @@ func TestIpTablesRulesWhenLinkAndUnlink(t *testing.T) {
 }
 
 func TestInspectLinksStarted(t *testing.T) {
+	var (
+		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
+		result   []string
+	)
 	defer deleteAllContainers()
 	cmd(t, "run", "-d", "--name", "container1", "busybox", "sleep", "10")
 	cmd(t, "run", "-d", "--name", "container2", "busybox", "sleep", "10")
 	cmd(t, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "sleep", "10")
-	links, err := inspectField("testinspectlink", "HostConfig.Links")
+	links, err := inspectFieldJSON("testinspectlink", "HostConfig.Links")
 	if err != nil {
 		t.Fatal(err)
 	}
-	if expected := "[/container1:/testinspectlink/alias1 /container2:/testinspectlink/alias2]"; links != expected {
-		t.Fatalf("Links %s, but expected %s", links, expected)
+
+	err = unmarshalJSON([]byte(links), &result)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	output := convertSliceOfStringsToMap(result)
+
+	equal := deepEqual(expected, output)
+
+	if !equal {
+		t.Fatalf("Links %s, expected %s", result, expected)
 	}
 	logDone("link - links in started container inspect")
 }

From 563aeae59f1693a9a3f7d516d499fe460fae1970 Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Thu, 17 Jul 2014 16:41:50 -0700
Subject: [PATCH 170/516] New screenshots and a few small edits.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: c92e13f6789ceda5b5fa78c691173e5c0bd840c4
Component: engine
---
 .../docs/sources/userguide/dockerhub.md       |  19 +++++++++---------
 .../docs/sources/userguide/login-web.png      | Bin 31788 -> 30565 bytes
 .../sources/userguide/register-confirm.png    | Bin 65441 -> 0 bytes
 .../docs/sources/userguide/register-web.png   | Bin 72463 -> 40136 bytes
 4 files changed, 9 insertions(+), 10 deletions(-)
 delete mode 100644 components/engine/docs/sources/userguide/register-confirm.png

diff --git a/components/engine/docs/sources/userguide/dockerhub.md b/components/engine/docs/sources/userguide/dockerhub.md
index 5bb1edec8a..62438b9948 100644
--- a/components/engine/docs/sources/userguide/dockerhub.md
+++ b/components/engine/docs/sources/userguide/dockerhub.md
@@ -5,8 +5,8 @@ page_keywords: documentation, docs, the docker guide, docker guide, docker, dock
 # Getting Started with Docker Hub
 
 
-This section provides a quick introduction to the [Docker Hub](https://hub.docker.com)
-and will show you how to create an account.
+This section provides a quick introduction to the [Docker Hub](https://hub.docker.com),
+including how to create an account.
 
 The [Docker Hub](https://hub.docker.com) is a centralized resource for working with
 Docker and its components. Docker Hub helps you collaborate with colleagues and get the
@@ -23,7 +23,7 @@ worry, creating an account is simple and free.
 
 ## Creating a Docker Hub Account
 
-There are two ways for you to register and create a Docker Hub account:
+There are two ways for you to register and create an account:
 
 1. Via the web, or
 2. Via the command line.
@@ -31,9 +31,9 @@ There are two ways for you to register and create a Docker Hub account:
 ### Register via the web
 
 Fill in the [sign-up form](https://hub.docker.com/account/signup/) by
-choosing your user name and password and specifying email address. You can also sign up
-for the Docker Weekly mailing list, which has lots of information about what's going on
-in the world of Docker.
+choosing your user name and password and entering a valid email address. You can also
+sign up for the Docker Weekly mailing list, which has lots of information about what's
+going on in the world of Docker.
 
 ![Register using the sign-up page](/userguide/register-web.png)
 
@@ -46,10 +46,9 @@ You can also create a Docker Hub account via the command line with the
 
 ### Confirm your email
 
-Once you've filled in the form, check your email for a welcome message and confirmation
-to activate your account.
+Once you've filled in the form, check your email for a welcome message asking for
+confirmation so we can activate your account.
 
-![Confirm your registration](/userguide/register-confirm.png)
 
 ### Login
 
@@ -61,7 +60,7 @@ Or via the command line with the `docker login` command:
 
     $ sudo docker login
 
-Your Docker Hub account is now active and ready for you to use!
+Your Docker Hub account is now active and ready to use.
 
 ##  Next steps
 
diff --git a/components/engine/docs/sources/userguide/login-web.png b/components/engine/docs/sources/userguide/login-web.png
index 8fe04d829e1d2ade7c7e9690b6d8bba8af22ce67..e9d26b5e80437c6e9de93e9768ea217d6e004dd1 100644
GIT binary patch
literal 30565
zcmeFZ<zJNB7dMPb2#6>Wf|MZL-Ju9bOLun--Hl3zC@?fqgXGZNokMp?4L!s#blh{!
z?|6>S=lKWj7dNl2S$prbzH99jd*<4U@Q;epI9McDC@3g6G9TWnprAaeL_v8l`}iS}
z@@$ko4EZ74T0-KZjD!T`M`s5MYddok6ncV^I1#x=Z=Z#%M2^v8zI<ba6^ACt4BLp3
zl&|W?ND7k-!?N+HPYeGVyYBq@>e0Sk)iZm11X~y{VWLUa7s|)&E0m}YsaDgPB~;K}
zVYqM2d02{BpgSf<lmZt~1_&nlSbOK7)4Xu*)i1czVJ7m*w%*L&we!A`Py2srt2LnU
zpHaNp^V|91<iu6x%=?_Dn>^It+`*uzAdvk-a0<A<d=0Ps=Wd9MuPif<d^()ksqF_Y
z9-jaa>D@+J<y^Na=F7b~)L&S5*Dg;-99j9B+O%01y&`0uM?xsV0<+Y<ec24duhhKf
zPmpsPnBX;F$<&zBqCU*$h{6A6^jJa)70(1zBYpWWys*V#pD=<pQrVm*@n<5Up@5i5
zPIFQ_?#qTia_@156K++7JKN_mV5vqkD%E%K6=Ti8bQF(s@uPwwh4e?Ak!=T+r7t5~
zD2CrH+|D%Aa8XpOqZyKJ-<K6nbN>=R7nDv!_?c^`+j?hupMAV~@W#XXSC(AUcjTs|
zTdQfgYAMJInmX9C8k;$on6rA?J0dp?1x46X5cz0t?rKcwX>SK`5%d(H`g?{T^7$_^
z8x`f>Q(SFDsI(M5Qc5^Dn^W?za<j5iiDFSwQVKhpSqQ4Um-=Tp@{<Uam8+|xARC*9
zhX<<%7psG_B^!r;fB+jiCmSax3vvdFix<Gv*pmg|Lj6A`zxlj3cQJLgc67CN08swL
z*Vx3t%~gbo>Mue6{{0W9xu^Aik^nCMsD)IJ?XM9w4pw%ye|aO93jakF{AlfIZm0F$
z+TI-Cf|MaDz|AN8_x%6g$bS<5SgHNrN^U;RKUe-S^3O_Pw!akkL!tj!>u)O3T%uUQ
zZ2y{G6l;IJUIqn497X2+TQ$!I`%Bn*YUWoMM?~lrbvVxI^|{o=o@|d)i>K^fu=LB@
zsuoYWE6Bkqa!Y{Ix$+7VMwQi5ZXV5cS<pOg`R)NZhK6@3gb{q)sA}j=Aqzt&@Bm0!
zvT-2shBLbG`l0W|ldY4C^QOad5ia2-c!o>bskcZc>VwDPC=Z_nqM%Zu1o;@WU1kuW
z{Pp}Vng7B29)8?E2$XG@l$<?Y|II*-DWb%2Kpy?a>A_>ihhb4p<o~ipvI~46ZWaaq
zE$eUoX@PRKoIhn{r;8VUg6TaHUs5^KS!(1Jee=56`BH~sm^sai8H4sO6eL2yhb1J$
zL@OHhx2v9BVChr&!}sUPARmTCZy&Q8ejCpxRO^B`pCtc75~M+BHPxrJOI2`+J^gv*
zP|rZ+0Jh_OE8BfY?#fcPKj87Y)_KZ_|GyOv9&0_WvN4nIbt^1%ZuXz5msj81IY`M=
zWjJ>!oaCURi=;9p{KsN{L$jwGE!6xa;PkxA;BY@T|9Ow1qPHci8iz4j;@uzW{>Tt7
zIwSV5S}|aADmXd#0c_Cp@tjDCU~Hvqj*QRV^hWE%`V&P}VW3f*lZ^Gw%6(;=HIJT$
zV}b!&+-O@kWB6xvbz(-f17;@{CJk8!y^;p^_JW282KedJl);u_9U+usR~T@r=6EYr
zF1yrh>zQ*d{_Zzxm|)OK=_ZRoT)Z31*WhitzGmGt<44Ed7?B3IbUv=tmao621!-d@
zz6LrXrSD8j?95y}advhuwea5B-L+|Mkyu8{XKi+a8R&r>)$_Xe-mew0HpLa4A6ZPP
zbJu0-6zyo`<*fGNB$S`k>{Q-+ukTK64lYxSf(;K?w1WTfEpgI^_=K(Oms4WR{C5Z1
zm|5-TfR9P3z*;}e-Jf;97TLMkre9hCdz=fYZCHwe1*Ks*2fDTK-iMH4Q$t?i{{C7y
z)0oB2kol0x@BBjQ-q+S5o80W#!KFn-g^b6T^q2<&i^8WWwTvrgkdzY}hx>035hh=u
z?WS8fA$O;5b@(1T>Z=ROGKNczP-sb``$5BE)^+p@u=x_w5j7+a_a6G~x|CEwl7rvx
zZpJTU*rFPNohCMHg?IM~ew)#nhOfU`a8nQwg8fGsu9-e}*PMO`@%<29Y18#a%S=9Y
zB8LMH#+bKYpVwG8svrrL#8aquIaZKS4%(P@1M1G~B&?a%j++3Abap_j&aEY`rG<9B
zna5BTLp4_lt*gFU$@LfOmXHQN-Kj7^US1i1e~^Y8*=&g*L!?9P?y)2L|F*PEpVCp7
z+U2xww($q0hvai|3eF3=vr8zxxkJ-;!l177P5!**V-H2TUlUo@dK_qVic?dIFHM@4
zk8~86eu~YORivPkPCW78!kU*&@6sdj-t>;7iEhkv^78U3oh}#`d+)BOdH3s6Asy%q
zB%qNa!A?F!|GLG;e>bXb=a}25fn!HE1JsmlVsfLKL#rTj3%gF-3L*U`V^HD!Xsuax
zt`Ebqo5@xgapJ<z-6E~BZ6{@f2dhRG#2ESY`1|`$+Ul)QsNucT*_|nW!=5`?D^Xok
z%*d`rG$}cgRmsX<Tp>ZHqdL!8_J(pcsYmRm&f41E-a=BvvPQwc(#BMVsA7Y&jIyM4
z>+_w<!tCtqo_(KQ?v=YE>b(9||Ml^yMIl<kH*XEvqv1ejD`EHfAPUs}XUV^}*ii}d
zM`zvf@KWCcy5XjWv3FCtX*V)?ibY#6rnh9>tW$Z6bHl=3?F6(=PL1l~;Ja?V1%i$3
z&a1ixFG2O4LYmT20n5dTfN}KYe2?>7?31J}o}(M33_fskdfn*KLamNrf13VwJB2q<
z|Nagb?c#c>fJH=JM=5=D5=Y_uJ*&EA4KDNHWgnm6A?b~0)JYFciPSm+u-0LPgMG9W
z5)-X$w`G4bGBqVRo^;Bhv~IV{aE`E^Ia&Pr=)Y7gj*XT=OsuJ<wlCxdv)NczRCJ}o
zqAe&acJ+ALtWUN9%{o2>IT5(-VTM=AsUHvT73y9U%0`&eOid-IC&d4dFe+2r?O7@5
z=<b)95p{KGbcDiWfG`0~P4$5#q4e4F6j^mK&cwmZ3g-mX<idHOwgQzL4-;0{Ni~z0
z{Jc-qqEOj<_f%d}m#Wu693VZDLI`$8zO=ZsNCIBBYj7deywFG<!pM#={hb7m$<fLs
z$U>?IuR*!Imcs3k+~AZT*xj{X|BF&+#V=Mo53p=QdbuG6a8J{fj9@<E+wO@9bhX3{
zZsS3nKU6DGun6?(bAzx>ow{x}MK+8+j@DS$GuYkVc>kJ5zgg4WkaB5rc&fWvG#Z${
z<yWdMYo5W%-&HSvSiq<n;w~n%`e}UhF%&9!I~*mYt)`hNcHeqG?B~-dcAr(pR^?Ay
zC6zyspsvO*B;ey+m-=XJU_fY*BB!FTu(&wQyI5p#scx4Kz*saIPmIp$Gv1zpSFkW(
zkTbQcMmYBJiI^b;8!oPH|1LN`b^E#VEkf(jf0e8ao12Rhl)l3#Xq_BEwQfU4=ba$C
zlwM7s$lVakTJDk{2wa>lau_4AmL$#z4N%i;Oay+&BZs)YH7JO{9xE)O$Ke7oxRrv0
z)Yw@wzbz~-G1^51#9XgajF8>bG@VPRXx2vHsmFNu5RQf?0L#WrU~yCiqUvOygcbM6
zIn2tY$~>=O%|5ty;^!ZkS(tLJS$%xG+_4Wiq5Z3mt|hOoFJ}em&U^!`wptv(dW{-7
zvTjb_e7s$;aL5Es%jw8p+1V25C;?9oWUtR;VLUt(#6F&`Eo`o*Wxb}RccX0vUT8Cx
zEwxD<E8Q+DyX52+$tU?-t$@X|DYmVODH@upWd&N*MIt=-_Tjozbd|h@Wd?av1&`ZE
zc%~8&!3s!dubKC_+c@@V;dk`N{~b^Mw%(i3p}wRBMFw7w<8*z+_)%d_(6hyK`a)N3
ztR$b3NoVTtdY**hZ#5c%dsTWQmX;DE60+$b3pO9t^%$JioVhkSmpD7U521a^IilAW
zopLR22k7XaiyA6z!>%NNpIjn>T@%2B<)=!QMn89N45v#=CK@c+46cke^XGuh%riuU
z*4UAN+l$sAOX(-Ac@@r&>WXGgmX+?VlU?Q#eHf~BHcQqr6*K3`eGac(EYPQ4;VSqv
z1FKGE_OTOvl$r1L>g}!sF89C=t;Y?Uv@Ysw`t?`4X_qwk0bGf9t@49?7fZ3C%Rax#
zHVp_!hUc(>+m=4N8Of@K;W4|m^$D5xTb8NQ0p*_rlZI1k{F-|Kaplmp9YZXh@vnep
z2^`ZJ9xnkpc!b%>kCvt2Cukon)A_+B<IlbX7%PevX*;m$Pgrta(kbyVFqJ+bNuKn5
zQy=irs;qUWX>o&CBG1g<@0va(H5|GYE)iM@Cx&B%hmkIV=PtP`wtF-l?@b7es;w=$
zSe6!4KWNwQ{DiC~H_*+Yb>g{t8z|YcNj}Dk&}Uw}6@ar3J*!s9;RCLy(Hf=O1mqt*
zs;w(aRzS7lnaf#j?o;%YiiXPlH{Pepo(uE3fe5#e09Ls|IY;o(FF`b$uJ)80nC<%v
zcNvpZ{hyuMDq0ZT{><yNCbgeW)!v^TbOf+ZE2-5c>)ddt-#?3~?eQ<MYfU>G(0Ccw
z@vf1Jh)+Yg4ePutU9MimUAKdL8^Y)^d-gezu%Yw)**4edBDOnYO!_*PPhfO%Ct3NC
z+}YAqB9yJ`Za6B+Z@xOmQ*o)~dn8D29j46yr$?L|v;LC$Xk`YNGH6kUIp?2cO?C54
z1-<sJr@&zbIknlux*OCw>;`wbl~&j!OIHu2qq&b4MW_X3LCBp;QbVWp6}{YreVQaf
z&)jT0Ry)4D=pDx;6L4?7{uQCP1YTw?cK^m+5dY8?D@LSr>jK|*VRa~It7Borpalde
z3sTkA1`qr9rWpejv-Dw&;EIaf8Tb|hCkV0Ne#qm%Gx9O*DnHq!T8E_-r24_JE?ZUI
z4N(sVmJ$(;4@_)T7^ZQ!z{T#M>-zB8sE##EhbHsoB9Gd~l2#w`S_GM{ZxR-T=l3ST
zJudCOl%meVElKeC#Y<NvJ{<~@$>U_Y&|}PP!a*?Pl1Z}d#v~M__1fp`YrU+CGx+%R
zb#?G7hn7aGorOvaoS%q~ZCyy`wR|q`@e~JSXXqOP`5>eq$wa5HFswB@gyYjAJ-V`R
z8`(=knrDi0OS|spomdNXp8r`eXeHpK?t4>Z2BiovS*atb3&F~h(G~USRz8T@lquJ@
zxxJm<$Q2QDBQTv%G?TYd(@0^$RLv)5u#I_{T;*nM2ed%@((~lDhIDSJR%6V@*}+jU
z{lt6dp<+L`<n3lx3P*Hdq;)LlmKSqK56D}MYiK@vNBo_LNxN;&HnwT8(Yk(0p+w$G
zq(;N-<=(ybc&h>VENN;(a&3P_N^e2HKGbol1E`ZR<w_fyk}{;V#UjnixA(r#P~6s5
z9_?pkiGW*{hbyFgt6)gMlX^zL&Xy&`#@-3ScQ?u_=F41Jmiv{b>s#y9+!&LyeB)DH
zPj8v1gxZjTHjwMhA)&AQ6r_&>C~q}vvxzRV4|MqyY9AThIhSh4$p%N$S<>EqHhoK6
zV@J8i6XT}IPW#?$AC3y7Q%LZc6%c)@QMSBZ$J0$f6&VHAZ!NdDMb}iQf1yv?n^aT$
z-g^^xh8J$I)`4T{=zLOIc*;^&d^ow(zce`dVt+r)@165y)H2wV2j?O0DWT79RSRFK
z29t|^E^Lv6&a(e9GmR~?;0$-V(aVvnjl1LZR+J^I{?cWu?)qXJCw51R(ajn%oV{`i
zX!un+h1>jbnNDykv9O}4c;epOy-&3C_^IQJx+}ub|EKMi^l};r0YU$zjy#RIIkb$Q
zirH>{knJ?!m%qP{y84u+&w0SjAr4eLaT-3;sVsaopz8qNlMt*?^4uK36*C)3E~U+d
zE#&gtgN*UG%Z#s@&@%l@d;vJoM!bhp47t=x#_R3NBE#kaN&Yvo0NB@{F(}W?6ST!I
zwSZe|sGaEhr<l8S?w5ED^+c_1ccB!=#^q{^3Z9#rah>FRy|<PS3x|c~tp$o04Gj&5
zL6z&^ZUX-GiI3k25>(m67fWdozP0eDK@Z$wm`+VT>ZPr~;<M#2AhtcyeOmr09KRL<
zcpXF$A2u@ty2!=?<|Phr^lPvR62vfh2XY~bt?`|^=evW!IbunB-5aiTQi|ixdg}VL
zo{La*$fc)y@#lw?4}IS1890ZLFOt3%?X++|h5Ba>^~Sw;@g2SVv_CvmyQd<4f&-LP
z9hYFE!kH5&*(w0nU<a8QCl;l|=W&$Nx|MP;KYhjPZW4cA9<Sc$GJC9qx2(Lcb*1&u
zrNZvoFZXq4HpZrB|0YfEd7jJtvq}hch?{y*WC#9m9fl&y&AesxszSTY2}07e%qIQ*
z=Bb{3aC9bbbbmH2j+^}GWIP`-JCq1&Mm85nmoCZkp4H@*rGeA+Tws($gx9gR7WzX2
zao;@-<pc%TECLe(`fYi>Kci5s9$Zb5WBJduZ=;pyUUja0t1K={a*MLSf72*gxwT@X
zIj-G{rQxI!_|A#ia!;Y^+m&?*pb%I?put@;axt(uD5PX~#lo1_^P$S)yUas9?IX&}
zZzd7c1#qnqoNyxo5%irwIjg?Uuj^d1G5oh-jVlZ6#ldo&G)~#v+|08_eYk~Wzz{d@
zAL#-(n>k?CgS+eWQcjrmYdt(VzcOj{`?H3?kKwTx6Xh$V(Cs%Wnp4pLy7N2xOO>nd
zo12?cZDes`cQb;l6g~86w@Tv}dJOU}^gr-fbRA(_pI)hU*pbW+f~Q}}-e(RQ9xc@d
zJ@DWACU#m?Hy!Q#<9QG6=`M#CG)=cw9SDYwe_e~~tQ+fOFg#epcz|(nS*l-N1tD;b
zl{(KS=bmV{^}lyyUXRpYN$Ok+0AGm1Hv1hQ{BF>r@)z7nIT157Y&rgWDN8T+mPCU6
zIsNbQMjchR0vwjF6mRz81FuTN?wyG;Pnv7jLZ5nfIkR04pTETGRH3ht8#FIp1&*lR
zbBN`ovqs>Y303o@6Lzk7`%K)Yb2EVVR}!k6%}Kf&MM7xa3`b<es7!5sV$!q|O-q+x
zYTkUlZV;P!T4v|A)`1{iBxeG?A&q?5=sKMP<=4t#?H}kfd;a#uG``{tpjAbS_@*<Q
z)YRKn4u?i#^3iQ_{!CuhZ{dcF-WE5coprguv9-rG2(0z)qiMwu@M<R27-zJP?-i3d
z{p7`5KIF^ajxcu8dL?DsF2?Va^Q2y+!Doi`y|qfrBg%_@eoeVKV7hOyFr+mnAmjl|
z4`KQ}N}@gdRn;~8;E{B!GCk3dEP!uv^oJ5nvxqaL>D${Ed=!?&9~IX7N^Yu)8Jb15
z>_~KqV$9!idxheiIWbAS0mzaU{7A0blEO{GtEBvNkmPoB5am?tzb@KCW4rs@9+cno
zIn#`z@|$U$9nV5SETrG)c8gWPU$LDcU(r_Mv&b{pD}Gid|0jH$Z=3zvZzg>Sg<MvX
z00<pb-7;^$w@vNaWlvKQoXqNULouxkVNm2I$4^Uc|L@=WZ%u)ah^)kvW)qC`zI8m{
zQ;VI-7anClAby*&g2_8Wq}&X5&Bug>59t*yXFU%mm9df=cMPe`5i2Ahz5VNjk4a=F
zVcYHPTQkM$%TOpT1=AM6AozYYr`(CeWs_HRG8wE%$FhFEI4Q(olaGI7Iv{&s=gT|I
z8Z5y)$In#&NNF0{j0A$nn>+9&@`YbHoqV8GjjFkMp_+e(lP2b-65(^)OTPbd%837Z
z5Eum`{WX>Db;S;j8S0)z^xTzwk`yz28Ld0iJt|73Eh%`t&B43xGtHKwzEKtt!`v1s
zL7#;<ohcc6ktt!$QIxw*;!H2xrXe!DefvdbcD66+;o6D&K>}`fMFgG)8ylY`$i<Wq
z^ZO`;6YFlZ3P}S=?6l@!^70oM02kerL)+Xe^<X{-wMtJRy*p#5{<DClR)54`k|3~}
zq@blRyJ~lSSdUEKfr#{Ze2a+t5w(c-^l6_C!vn-{k(yz?--yGN(X!oO*=$<NpkJ08
zv>9QsM&%z3e9gFYs?OM2=LwNV4mN3iyl&e(9J+-M)mK@p*O2*|HF@Q8koY=GzjEs^
zfyW>$ht`vXLQ%n&j^zT(p!oac8?;P+XuQ}IW~8-<zCNF2f2gmPd?W|x@r5CS?nQG?
zEb*L;F$dXL<3f(H9h@f7pI3=`P_z#iWZ*&3r$|ojv`t@Y;@Voe$j8aOX{Y#M!+*k+
z-~3L<&ztVNA9lWI2he^#muXHuB4a3Qo3;<f={+|mbhgztmVyF!C)v0A%jDU1(-7BZ
zmHU0fY+S?PI62UgY`0qsDI#(Ou^U7M-ALJsh2mIw_8aQ1Tk|6r9{jD|_(nWcV#zc+
zqT!fl#f^~hd?dL+%=R*-w*F2L(O_vxv^7f3O+dg1Ce3UR1ERkfEqe|)`OaxR5I+{l
zW#zxEDM#-<Vt9JAjR>(nRjG5Bf?spC3VtI6DU*Xfic-6T8mo$*U*@mu^_!{TA<pV2
z=$SzU;Es`_MjQh*UYrumd<<!;G-s}hTKSDhW2^~5uf>6?w*z>zh!cp=OXXIlTJk7$
zK+TxVbnHv#2FwyW#*iPa3it0^lBWR*vB9dLY#hTum>k?G^lW~RnN#qOmG=QfW3e?b
z?Sqw6)+mvon_>`Q)k8gth1$G<oLo?$CxSxMv8}ItqL(cPoAlxJhq;uw$+;19Rz1nr
zcjlY0Cxssxb|{vz$(ZmItu+q31S;GMCX4KwJ#3f?CIuqNGgR+OjJ;T=AljoerR+P*
zoqA;Jp(8$b)*6t`5$Zi&)#bNLnaaAjG1hv-=1V5D6&nawNbKU!0f*ze74!w&pRon}
z!%vy2E05=9>k7l@)gM_}K=$JnABzJ9=2|_w{Q<NAM?O*7zGY5(Hngv{lujJ4Uag8x
zIEwhhqZ4PEiN%<T`FE?^$rHN3jR7Hj{5N9z=OL@l7SSn8QRSVu6ygIzuvOn2bh9{p
z*W|ud#k=;%k*0$SBuO|9yf%7#-AcB<J{GdCv(sH4v`)(JJ#_QS#Np6gj}9Qi!KA9L
zoL?5z&#Lcqzge6CE7j0uQ7)n>T==%o{cWL^hA|;Gw@X`9<^jj8+-tFm^h2UdRjuOu
z*X`z;dJk1O>GajBg}&<#9UHbvdDCbr(NRZF(SyJKREI96sn_mg02DJSR4g?&lPO&B
zZ9@_6E&lZjmpS0(OOW}h*g}n}zKTtK2z0p9g~E$|e0PcQ;&d#|PpF2^KLNHiQF>7m
zarh24$C9o2nd7YBI~U8@_Elr4F;+_dFx!v4)opb9+6adUs%TT#LL<>Iw{`Yg{CgP#
z3u3|vzcq*<Bun1PO!8JpXY|)j-45mr&lm1dlkQ-zM>*shu@{5&aBgZR_l(nC%S)b;
zQ^rF<op!R_(H(gHcBVs*1#8AirvJg<P=jyJvop!3VeIz|N7ujLRr^tsUdoHCUu3JL
zRNwKH!^G_FcI=Dp8tr@E2LPHw&~BNi5A-EcyyE?blXNn*Z!||ka4T%*^fI|k<0=#1
z914`Vua#weqLNi3>1;qZe23pdJDsN0NEQ0+ipD-Km`v|g@9lx1nC*e&?vQAC=QF}<
zKcm@r?x;bh?kznsoQXR+ikLizGL+(aD(>8;PaC$}>Jo5$+w1S~CViJ*^)2?!AnwK}
z+d4jv{ra?muGCrlSeF&)yP-5c$tvsjYaz21df4Uz)n8ieiI?jIU5zqyIJk!@zL=ei
z{`xVBQjh4FvPt!Rue+nGb({zTSPfS@I2w|Y83GGU_Nndz-c6o9&<NfBAT%XXWUj($
ztY)^v1lQ5w+`Fbw(&qP@zWMBRGtyy8a#ia-lsJP!chfYt=VArk25U@`JQQ+4#Oz0%
zMswv@FXSol>J{HYROb8-C*#|GoR<5pkS&w&2+cZ_!a`#a@Cb%o?iZC;#O7DH>oMKU
z7q{r}R@A6&|MULQRG<qhwBWFgn#QWXHy$xR1!(Vye;Z{@!q26ik4xOK1_@YkV^6&s
zc)~qBa`I?MDq$}}jQ3l(Jp$qh$Ym2#{!DU(>T@H<%N9B2_AYUqG&|(wM6OupawNFA
zzb>ep>(~xKx=t&a!RuhNG4us@*2hmfD@&N0J9%I<;yXfgy`rMxh1fl(L%%a)KZwmk
zOo$3pk*lVoyyh;nlBc%mcQ6yUSUG;0u9(7!_)5gRbfwvUi*Us-X%Ko9E%{@iT-_#p
zN_HlAumYQIQOWO6&wJq-D3N!YG5N*4$Q=mp-&Vx`7K~l7fA2*;_j*{QNTjB+X(VSJ
z(#-VeUExwQ0#6eb^MZTqg+!t2eh0xwj-gbVz)!3_A2-Le-fq<~eW9Ykfk-&kN$E--
zKLUOxV$D5`d`nzDH<3>-=)oD=#lpa_&VeC33(PD>%-34Rits(1(7>XHJ2-J*DU9KY
zwvEhsM>n+MimWErFgh$H@)N5f8e3yaPHUzo95<8*X{L9^K|*!M=LOsIlFF97x1ljj
zm5cm!$tG7y%SumRvq4G{=Pae8j)qeVf?vkTe(ddAZAo4R=2OklB@1aV3m3oX?0bMK
zJ$N(cWIlgF5W<n7EMe;%a?^{$<2xv9WybBc`mx<i-=x)W#w|b!dV+RbU<fxAygcEx
zdGGuI^>!Hakq3VHdTdC{*<^9sYowc-0n*pMdY5C=iFZ+SjINYUn)nX5x2bAbk%-%f
zK^w)P_me0!X*vL;L7Q_Q2|kkCFnqMub3)LRXxS&5%xj50Odq@DxKO#xOVWdU%{@4P
z$wQ=55TI@LGL+qEGp3f}=~|`DCryT1L^Z&3NW(3JX=s!C>GVjw^LN(QJYaPuHp0SW
zd2&FGlYMnc33bTF^_t>@VaXSOp2?I4BVSl9Vc$3pw3bm3tg!eDeunuo!#P1qx6wfQ
znof7a1joEh=QZ@;bIdgf>S!s5^r4@j0srxymW0+2v_w}6u8~KEf9w=eF7YTMeKA1t
z$|=$CXSJ1iPbo5Zl4JpDg6@HL6S?Q_n`=Y5>&@o70j+y}7qf!6I~v)EELPWCyAVnB
z^o6?(=F%emwoJi?+vmw>E_9^J9$&7YN&zZ+nO{TTHjv&)fvY5&F-y}<$%fQgUPp_Q
z%-si0$04gq6&ze^M5GD;HT~UmvFLd@)bO*4*rmC^H)m}xm;(Vy#`NWK9%uXK`^Azw
zj|82uX)tD6z;(%$;PF010LUU68*$geLO@#)1K=r2W%o$*69vlM9RTh2`FA5N9^jTm
z=BIppJNRunI%)@MB4(LBC=8eDDVUf%-=TFIY;`j2oF+REURna^A65nAMAmdvSN$y3
z%R6h06_9%)mRCL~w&y3bYfkR%J&nFpnnZqB%rH@ez0-q_pIAtZzOA3jD(SV~IHDa2
z@fHmM<tthZA_kfUbT4atKNSihoLTE>E)gFP-KyT1XWndv%|%g-HL>ry8TF^^^9G}f
zSk)U+S8w$h-O@e$cC(nqx`oScCU{8fHx<lZi(FE*&4gz7I#vF(LRh9=o$V8N1&ov$
z>pwZ>(C_F~VD<2YR_+jcE+$#~7jx8V>Qji;UV*&}`3Yv(lc_eY3hYX=Fy7B#Mluv!
zGQ7br)`eXjD(KGm11>mYTD%UY;5l7h+*osIfjvwU?1Vb;J}Ipu><(4e@>;F!i_&E$
zvaiVo#02GGVB+cIJUs#5_-jkk(XtPW^!MjU3{6pAcv)3j_e1;_qiL;r`^KEgLseDk
z<(X-Tzw0nhr6XW`t6kH}1q(G`rMUo^<odf8S2DNI4;52cJ)C!p#H_f8JABqK<2&ve
z;GkIB%BZ%2iwaxB%ep~?)wJUV3S3f?vmlCs-fGsypW)_>sQm>j$p|#CdL0yz#2sw?
zN$SZS%Xb^@;w~-C!TV>Ab3g7J9Bz^E_-Pb{bXyE%Gw&XNWCrbsc|VfDlZl?aT{qhX
zA3{~VCf+G5Ez@bXo(e~+8Jo5m9^5BY_t@_~H&?JWcWIpU=vhoTG2lY4_?#ojq(RFO
z!|g2}zoS>7|8PQEp_cFT)v+U6W&VK(>MW;|>^nW6_odZjA?f-+u`mtSazj^H&k8B!
ziNgZZ3>HsfI*!W1A(?3mZC+2BT#x?#dC_ucYzchyW~ZHRf=n!jg#M)Z32g8xur8On
z65YZ+nxgv6E&Kibkta-bZ1>G%?<AS6C1RUO-#Vyg>Q{`V#cP~%PI;(p^hI}w!Ctx;
z4h`XOjq?7m+v3l)wD&b249#7D%>JAwt7y&qj$96H)OW9*s_cpmeveR;!r3Z`Dh@0@
zmYGwD)XEdh(e&n_g#!`Q+Fz$rfRV5jWg_TlIGYZ6DxmLZ7XE@0|F)>EoVIjmCbW?T
zO>Ae|IT%YrU*-V~QJnG!M|W5$C)A`aFXgrDdXLO@Q8Fm4@s@pfbc5O0b%s}ybJLwu
zesNu_4i))o$&ElHTtcZ9M9*Rw<UKu@?$ecy?I&1&E?9NeOeFP$LUgf8b7_SpgwFP8
zwIIJ>BA)!~@z9ITUD|3bQG^^}>&7ariwB>3b;i|H-8hwT$=pz;5`2&wtD|!%JyT5k
zu*I(Wti0xE30HcB+3;lSVW*f32$eft8@40k(e|rX?Wl-|SxHgolv?awZO9aEA<sp_
zcL$1?NQkKt=SwQ8EFd6kruIJ1XN$*?#(E`1v{25zyCGNKK_SS?_!IO*4=hs>em@X<
zKls*9Hc~}pW@aA3>I4MMT~T+i!W4AM<OEz*Ix@5mC&<>w*Gr4!#L{vw4=v1r-{&+#
z1~wV1PmWSrUrK!}8*_TpT-7@I09%#UY&b0UY31UhMT8^w*d1qm<|gR-ee%%_T?izD
zARR}BiVt=*cqg+y%@he5nRPW;s4Me-9u<=ORQF<qh9mwLbf@Zo4uX2N!(u93e_Fk#
z$T8L>^Md}FCI_KaAEcDc*R{p78~T=s_VXYQQ7q|3x<v3s%@d5dVnqd+N7r3XO;UGk
zfuCgtA5M4UK2BT_P8W>Ej$|MS(=d179&$7eGGFIKgw-opZ>Dt2Azugbn17;;Hkalz
z%q~Av+sltKq~!K>T-PpvD4!=UYWj(4=2(prk>OYZZ1?*2_p>+!0%#qrH~h1l=d!vd
zE>;h#OnRHFKV9#~;P9G%EkFCX{1Rr^G7(zmF#U1~q|<XEuUpUe_*^V->O6)cPNx41
z`Np5GaU>bbRP<{JoV_WP19L^*<0gvJ(#l0@_||99^a8b}>j+l>{tDk1zCxEJ3UZGT
zhWqD;y|Pc#d-KYZyYn2R7oKjHncTyMbw-mXydcD@Rqsr@!Zs1+JuMVKQa-Yj`6jgf
z!twd;A>JGXq~fr}WJ}Tcxy=$~-0~J0v$%1cr6eBHexEl}U4ybLTrGeIPCJ+k>)#I|
zbuXk&J&JO2lX>cP?gXDyz755g^~l$nd<KXE`1>9+b;>g}PnHBlz8_a)1qV3pj_p&B
zdspmF+qYh8g^$ZHI%ONo7TQQW=}BV3;R8{u;~^R}G&L$Xy(2=G`=iMtEK{sBERGM+
zzVzwrYSbiMP-;V^LW@AEjZIPNLdqj7=cCUe;KIJJ>zzT4bm3QzBN^BRU!#in6G65z
z+_yj6Fa=b2vyjpB3E#@yAzpDy@LA=|{CFBv%F5a>FkqTY2X|P^eVj0o3t?IcN}_<u
z&7D}iC7V|joddG!*ZE$0=r>HttQ?tmOF?z9fxi3!r2@oDf}hC8Jl3|jTrr+BNT4m1
zdhYID=2u3o*vNZv0LI~_L*XSuRgz{yX8NW%v&T<L`9FoY=FNypx}q%DZQqhz1r{)k
z$yzHEVV&FS&6I4+FTWAh<0_sme3JQoFTV$bbZe2Nw;l0y(+&rh>(X31Tl0%MuLXPq
zTsBa?AgY9*3hWpU^k|g>vIh5?c-U}E3PQE7e#T8m;hG7xfXF`*o?UUnY&Tzj$0)z;
zQ8+E(^TV*YDHYCKNbd>8V6rHQG87X{-h9(q$tURbYZfKZpw7Yn^U1IG_t}U=$=m&<
zl8GnQdo5P+mW0J0Knp>LmzO^;cV4-@z^rDDOnSa`j)zuET$Dj-av^6l<h6~zTfS_$
z#J<@2d@4?|snK_zV*A>}d{>TIm1ST-z<O7_CNeUrgu66aqtdI(caNruUr!g}eNH@l
z?<4*tiL=GylVpLL#$j@9TIFXUjH{R^OnXPZx4hE=_dEVQK38UncPZC=&?UE2v!dQ%
z0iAeuYl(Y5=)z|r1quO^QTA@*&g7wN6WeIo{9`T&yA}_dH3x~Y&eW6XXSo&816@5{
zA66K&{V#myLkEWjtQW&fj|>a({Y6?w#&S^rWyE3x3gnrmOD(8H(FXa+DYqP(DXlrj
znbDx&aD<0FcPq;ZxZ<*4+49J$#s-5)hu!V;p^F<%fbEdn`S=in``Md4xuAkq*SEm^
zb3%1Ce(`{ZwuxM4WiYUF<kGsW#&k4|ZOvqQ<HZ9e;$Hpit!$$l#R_HULHB-deen!e
z&*n;|*)3z8s9g%<NJ<8#iK5*~vX0>dpYKm&35vs{bEXMRCnp<ifoKMhQ1RI9%<g>|
zR<zo#;A_UyRrUbC`j}TH#w^JR3G#=`PR__H6Ra9L4ojfWEn;$B{b4t*!P{F_Qm>1v
z0<=R`ySlVQUB7uRF~o&wl~mEhu(wC}CM{fesnrCwhI`pPn-x3p1gG;QA7i2+92$IH
z;@|&nW?|UCY{+qv9l(~dCMD86a$`Qm*$@?**}85kJ&_)=W9^Fx(ltBsxxM_db(w5l
zq!F8$Ve~X|B{jh@wCo~Ax?1z0b^r<AkV5*UaThZs)$}MG9{c{7PP#EP1}{R$`dbA#
z^}6(gtT}Y8>vFF$+LYpaVpflqLXa<m0!urogg2MB^`$$n8G)#?wF)U&gVpV~FOjPB
zcn3GI-OK78*%Xh8B+MVr`@@T(aA&?UXdLM9=(HyU;YLa~Wt<Y+A7KwF=sEu4<8V4C
z_IFlQR3V|J+T*=CRC3ZEY}}%;?8ksz`Wgr5^vyavj=ZI1UG7?;i&^N_^8mDSYkWdG
z#=8-`Zho3n?R6l(zB5cgWAtm5#b;}RsFxS#5lL}OL2*_rjc={Df56~8g9#sOUfjd3
zda6!ABzyQ2#5sFiD-R(5Vj>uC?q?ps;B+(d*fe^pl_6o%p_8bkdc=kyfVFyDz)1UL
z3hs9zR?a9l%t&2=8EFn$4u+^{M$O^5R8!eGuP$*5tjJ#fO3rD=(&?t_q|H}dM{MT9
zKA|HW#gla|{jPei17>_j0IW~$6Ti=k!fgXCTx&0h&EK{MfXzie7oZ2-;?=w%S@sy9
z+GTkBlHZ=XS=*|}8BRe+%AHqn*Z74()&8!u+@NS$>(y)9UqkT>iR81VZx?5ucZS6H
z`>pnLo7Uq^+48$^yy6cSvhEV8guiu%nk_Nn+nLxJtb5yAuL*^)we+;;^vYssNpdiW
z_B&(S@E!}n`-gTe6L`S+v(n$|e44ct6VUb-oQ526f}MEGO`b$z&(>hDOw@EVIibEc
zjd>qi?&&*ODUESkpt2m4Kqz$Gmu_{M=OzDz0eknX#Qodtm?nG_Hxog6H|e8p+{?D~
zwN6HU!TtthV1mi#`_8bmfR!!(TE8qMuH75DG{z*hmql?0U%}b?^eNcR%-D|yr}QNu
zU--(II2blT*Yf@xg_llYgkR>ZWxK*v?i%1h`MP0d!z+?c*{exTFLnw=b(Cu5eD<a^
zv&pyZmm@<=0*?B{oc#y$c(@6@X0CXAGdbM2#4bBB2Y%k1-kl(lFLyUyKf*{l7j&cD
zTXSd?kw0%|7ha8Z&o=_rD3Xiu?gkk^d*hyj?We|H)Odkwfu$FBy{>R7kpaMFb{C4F
zp^gjkrofir$Qf)75kwxM{5ItM>BTo?wpJZAy~TXpu3cQBWDoqoD5(<AeNhvOl%j5Y
zT0`cAm^tCzF2si0rlCKxgmf2F(;%-s%16jq-*nebGHWKnRQU8<zcQh?8065MK%)No
zyqi^DdRxENl^3Ue+WNg4J@L|Vo<F4KRc(QERdNf#gFSLtH-Ybf?(`ayIe@nv7NUdq
zEGRfyplFZ0XeyBhSbOdTAdXB4@K#`6*D=&Nv@1|g>}h>Vg8apHU<rnelcvctY<A5J
zkiX<+Y*2L_6#a40$t`Ygs`{wfR=)p>(u?N=3Vg!PMGb8QrukM!4p8p1WHMXDD8*f@
zE<g8kAB{|Z!YtWjxM;8lZrXa|DAN#aBD%EGQ?@_r%_Ja}-hDMbZE|+-?95d93`$=5
zC<$gMA3I<>K52}9O|~gP1Wz~1KO^zj<N^!#6N>ebdw${|0lYrtkMN+EZSI`>+?V96
za~rD!%wVn~<q07m`Z!Wp8C&~81U(iz#(MVi3y)#arL5qPr$UX*Yl(EaJhiH)KO8Xb
zy$*MZ@H`gcIJ&#IbF~ahX0}f^3A{^U0Jv}0Ii8^9WARtIlQo@;NZ!@mISeMA@`$v+
zo=z1uCx=jtQm+l|(Tl>!$qlsCFZb#rwTW1hW*lxj(L`b(O`az+l@rh*KDP0rJ%i`^
z1zKCI2BPL9<KnuSer072N)me{-z?Hw+g3J`R^rHIXL4-o<Y}8dFZu4YR<XK!V(VFV
z2U|B=jKZQaZ#r|}>xL@<+o2wb_t7hn=!(oKT#-^Wqg1yNC*$|cUI?8afzG#&vg5l8
zi|S{F&T|)l6%gT&&s6LAh8eQwu{jv3;OE9>Lz*wZ&z_}=PX|avU46b!Y=ZYZN-Yst
zkau-6NpVTN8hx47c>jEKEk`n3o9ofr_Kg!FoL9{)(?^&M=36mZof1D#g+8cq+R%pm
zigW5Thkfk=^~@+ZuMyYihCNFJqzx_YtTFq5L9Jj|xlSFkr<uG5s*m^NcBh|oQShPV
zE)~GjNl0L(zG#A@Bn03#1R$tb#3m~mtmX*tZHYX*e21t-Bfvk`5%z>+D?+&K+QT2(
zMuhArntBg>9#1~(6bHhU(+)NdeGnUu?iWs0uMZJ>Gb1KjpyBc6WT5X2gZ{9E8y{BK
zO8TXg)>cYcl9K!W#>k=HDMtWs?Mi4|0s*BP`Wet^3IG!X<g~XVJhFIVg(nX?FDtE~
zCXgxModfOg>7h@+iI3i6#n@Qh*ga3vlR?u=^0!RZ*{L-5ZadP_ile{_4cdn1Cs(<7
z<e>ahWi#Q8dZO)wj91@I3OFWfDqd;4MR^#E_3|nz!Ij4R+&^yBt#K7iM8(zu1W^=m
z{?adm>&Kscr%7L;{fu<*7&V3XF&1W)=;dveDe)X|vRJxx`BO;O=hV<XOt1JJ=#>0d
zjhLtcUNYK>)#E6@id1K0WP$Fvy8FJGDbt)|!vlu>AXxDl^TM+k#}23ifiNd1`{uAq
z3EX-uy0=)A+qC9>Y#&|}SvfhiBy+f#d;W9$vuE9V57@=Xz*+tR!id};3Lv?!$B-pz
z<Z{T<-Gcwrg-@!;B0=3dI<av)#yg$G)I{*fmu}dy>!--k;zKI7`!c&r>7|AcK8lXA
zd|CZ>BTAy48?%UafPGX2*YMP}mTM`TfSdYRx(gnJ;STZGtCrc8!_n9q8t?c(0Lb0Y
zu{Ym@Jiz#L0x<!%-3}SuYn{z-zvvBq1u_*7s>OZs^6EN>+r1;9(I`$iB^<L7yh+p~
zfEa;3{HP|fx73Y4Q>s_j=6r*mCzf(Nk*MEjeSvyEYojAEgFW81ef20Ne?<3aBH2({
z_-@v4rOdyd$nZncKm7#rvOki8jF9#CuGgOS!=7}{S$^62^Zn<<s!sQ}D<iE7tq!|;
zU{zNi_!Ulr8DwgBcxFWjM)Yf@MItQKRYtM9$$kfNV8$&UTtx0c#6c3$7M*0Yi0g)@
zxw})-o1nf(Mn{kHr5hSfWkC|Vx=PIgIrP3trF;0sh3L)I^+i%`tuIt6tD>qYE!(9Y
z2y9hql(P8Xp}@+(loRaj<&Ad1QzJa%z$hmtx7{+Lah~neFIgKQlvLWbE~lcURy<`h
zqy+n^D$FQhJjSA*2U(aXg2X`MUFA%@nGJ9AWl~=lq5rSJVzlPr@DtR9n$a_1Z?3n`
zi1`YX_wk8Ui8Xv1pz?~aeGe#xX9JW`-8GM7X)q~UDxyDEk$JKA0Jo7XjbD=<^K^6~
zC%52H5^G5gWs+d{PJ(xswL-e0$w2%o(bsuNNq|j4Zw~!9KhK_AqKtrLPnQr{b<*(H
z|Ma%hr6O-sKVBYIx6z(U!3^%Jli80Bi%NBz;T@D1@wFf5^z**)y1_26#+bhxk4814
zaph@{&C@6XuV`#8GT*%!Us=&NblZ_~ld-OD$Zg1#H`IVczkv#c@62<;Jxxfg-zrz6
zrd98KVEV**^V01oQ`J|Fuk;SpxI9k)`Wr-GU|yiXu6=#jB|7TqvKt#+WlG(#hh=Hw
zH4|G8Vt3kpHDbe5dOXw9=KY9ha}i@vgu@ae8yg!vcz2ijdTj>)_H|iZbEr+u6!J(Q
zcf-_GJpC!W``X=Yi##cx<(&D7<;Rh;_}$zrEQ@;U&am|-{a{s6=s#^5ZE>i=A|jK!
zc=c(3t1sdDgCn@RqgevaB3?85Sh~13VVv*G)^a2O=Jgkfp>-CW0j-PI`oOTTWxvD2
z<x1)6r(}Bic?1awSV}<M`2ln309_X-dUTDEN&`mn>hufz7ZXM%={?o^HMND}r46rJ
z(`TeXKEC3UhZH`-9jB9mMZF!ezZ+Lb#eYqGuJv|1<Tc$j!}uvTSXAbWm^XxETubA5
zsLs$TT<HSmc3Tv6_G&wAR5W7JllJs7y~q1&2g!;U#F70xKN{=p=gZ;O6yx9(MjHxJ
zU&DOG7JvUz0IdB$_}#qMev?|$>efv*R!O94f?S?PA(ICa(-|`hmecsz6U?yf>}@g1
z28R_4n3l$yzx$<-7n0jJQ2iSd&s`TIkHLz>SF<^<6?{X0rjL)Re=M&Z2&vxR&TR>)
z-uW1QaO5iNLF@Hd*KU`go0_uNhaELKexm<b>*?ui+JU^FOUubyIljKa=`ZSXGQ@U?
z#;2Z_XTE8!o{(?{P-(9G-X*!ln&34ka@*7_@lK-g^OrAfI~^;?d%Hpwznin_q*3Yl
z4XT70_VnEE5PRnz681E|qbr|o6CR%xe};bPMsRhd5Mn(hC9W;wo+bPL^f1wk4*957
zsXIC8{kHdCTxVra;>y#F;#mG`GYITMeMTHv-2U;;i9*Phu$mXl6<_{q9eb9HLS-7q
z^D+YazgzD{bjW5h_h8AIKQ44rA=|>3E6^pJ{&jd1)crSseY1*XeSfrBiJKuC$|R?a
z=vn`Ol8%J3fJr#_N1IicJQ8sq$&>Cspp<<_LJ?}G()~lVI3!|1?N3>Ce?W1^6F0M?
z(=z)5F(oGwF_kSlKGA>HYEwi)IY5oH`vdWN+Q2?7Gn|mMKcM_S<NZJ5eGiOGKSBDt
z)we*!{6=k0xtu8tb#)$V={F&Ng-X!XL%i_!v<c|w7Yz*!(<>1?&jJHk9?&%#IM}|L
zmiXa@O3w@#W;(LoI@sI^!abhm=v79>WiR265%q+I+>4q9RjX&Bnq-Y7%0k9y&xo=2
z!WUDhzXAi6mX?NR^7UQZdqn?sa3hId8pj7GClSAXJmsx1<w2$VsEM*3wHIMjk3bt>
z;$C(JPm8g}JpL=Cm7{G(@<(fI&APomprkBD#*VQ_oURM1)dyUha9c>mEXLolV23@*
zkEPdSoQk1KX(Wk^Is*LSKRSErFpzjwK1IhcO8nOZsr4KgVQ6SYzcUsxjl$j{BkbHL
zCuiV~NYp?Ew(i?@#{U8~$mb(U+_A{)_D{|~5&!{mt;WYPtp9@Z7dgJTnJ+G{VBwQL
z^3MP5@Y=cu1dD?MJyB0aZnLLVob*36NcQEO(R=J9ObC$ln6<R0OZXi)p=@COqg0zd
zRbbx*tMz029IuCYp-`GTh2Def`D`~f#Ic<LE6#!XH?Hf0uA=x3x2|P-w!v4j5%$0B
z8>Wkr!_c+lPv5NRlM|$W6}kF5;k7lt2^3xTDX3PSv3Tr>xZ1knS@bW>*k%WWP`C&E
zFSmz%KyGyy3AUs?C=hzZ*2rgfIkRdQN&iT5CTpymP4U9?eQ1gS^yZXoP{YruI4Q)u
zPE^eJ%4lVODHLACd{OPih9Lt!Fl>Zj9nAW7*}kBNw+7oAG(m;GpIvowrAOj2>-w~@
zk5XM+hO4e+!ls5!jQM{10qiMq!#$*he&D;m7)@I^p4H8qF#}H=h~3a2>!Ou@v9aDs
zLOS-^^qr0DkA;fYUXf0#J#ZbuT$bg4iw&i!9=eMWJu^LDdbp;}V!GFO6}D+Z6N~K&
zIpO=enO+4`A)6ZGr@x(P?6FZ=xm5}lntfthHLikjx#3|_EVR3IY$0^Sa%`bra~niR
z)5^^Cr8}J}^U`dYi8^YbUQG{NF?nR8RoMKY{G{`+g~R$MQ*AV8NjD%@SIg*ke26za
z+~y*5SjgJ&ARJ8-Doa(`<f1a?@URTu-fr2imI-K-vQ+|QG9A$KoMKF<0FU=xNDsb@
zjC!Ih3iRBM@oIcJS7Yq`%#<T8XzqpBMvq#2qH?Z+z<>O6|Ke}mnKc`YM_;c#l>h4J
zlp3_RC7eT{dBilbLeIi)Pm0fRdfd|UL!<De-I%={oIOL-|AtpdDI)f=z+$7q8pr>4
z;8IfkRRnFA@vHkE>ad*SKTFwAnfQT0Lb1Bj4pv)cOuQn=G1_G5)Q`KwiS|6ew~xqu
z757r+caT5(f=nUG+%K@^<R6F`uG2VOPmH8iB7d*rr&wa?VpD4e-&-#bEtZ+~SfTW^
zMv)EQ5blBRc;adhs9L{0GjJP~9iru`5b{u$=we|3ynj^giEdzReYzoe{K?zh#Lys5
z1aiaWW%)}k;Bo&wtWqG^_q<GL=A%;bmc*l3V2E-z-Fk+Pxj0d*DG**vfnxi+cssfx
zm5W*KIRAL-su^kPaRyD~0Am1KrukqK-@D4p57t<0ZTUkKGl+KNBA*AO6LC2^r5H;b
zmk(CEuov?@?K2v>LUY#vh|vCaQc`hbggoM=Dm2ok>;t|!9=+_Zt@ZLxEL$9Pv6Fv!
z(^Gs={;Bau?ru!=tkipB6!K`x0e?b)?Xa311%+$vum1%Qi6JH;U%y&{rq^0=94xrb
zW*DnOG@DG6TYBd!1zH{K`SgqEcN#Q#;W)mBFk#{v*t2>_#HxR(uVv{oBkQuK5w1a(
z;632Sg03Hb!|CU{rc^ov_8YoV%6H@d^s^mCDJ_m9fGh{5J%m!JjeLN(mw#<|*(dQm
z-?sUzUwwEF?WvLJpvI|JS=Ue;x@Ws-(P<E*Pkb%Y8&R4U?RynKjgFQN$BnZno_H}r
z$qcx)=y?8*S?%cqk;lo`qEG$!9#;h%WIEum6Xtr>3NVwO4v6K8c=E;Ln*TmS|CmA@
zwOq8B<R8^%q}&@7v);121VXm9mOmzP);nB7mhj&uQnSLwgLAZgr?AJ&$m5pLM>9Ib
z2i708*sh*it}5I7w*TknZB|&uq;c54ErhJ8v&do;*^H*_|9cYBIgOD;275hB@3)^K
z@pQ2w`R=oXo&0uv<Qe!eHInvHdgI}L^@P$L=`$t{Z{sO`=ZeST;xCc34t^@4KO~f6
zBM+HA*x5I~aU(m9J02rxJ<scZHy<M<gy|z4W>)vv=I^gv$ZdEgg`}~^^r8JBVIO(!
z>|PG07yCmob|meK(|guGB$yB(Pt<3G?=OG5I8w3C$imAUMeY1g68}s1vqofCme*1a
z;Qpal)L+&9{|?jDg*88<zi(#w0TFaE=*~6v^Trs6!mHnc=&9O13T_O+7(BEmoh1Lq
zK0zSNA0u_v1|R%9Fs(}8$fuu;PxdcVPJx20&qk7N@Jbeax~tGz|22tt4s!STA~3^Y
z8V{_)vdlQG6&^GbEczyG7N$feefsx%3@;jcN(U_tFMpu;^fFH5bgqGlYHY>twuUVX
zeXEmN@Xd9KUovAvR!+}wia?eF%ESg)T4J4m(XVX|tj%EU{<q*^SJAs1VJdIOqf4H>
z7?lC?PP}gx-JV>a24Ba`h~dym7puHlVUxwZ<L~6Eqp-hj|A%eAl)M|@v1X)=P3Q1Q
zdspvip+ZO#8Fop@5fsy*FdYNI8YwmaYV=XjLc(x(qMtYg(ux!O<IGfee<cMfM%IYk
zum2>4EvTBp_uK!|-d9Fd)ph@p0{T!QDM%?D(kKE)-~b{i(%ncLq#F*Mg0zH$2q=wo
z2uL^5&7lP4(B0g91eAB&@&9n|{cy)S#`A?C%e~iJYtG-A^Ec;SYq1nSPi|~6z4R)o
zYBN2UXCmv#V|t(6luA7%F_*f}ISdnLsOh)DGj%>ZYSxjpxI5pyMGStUtpj)J)1i2V
z(>XD{RB5z0bjDuu>13sD5$s{yG)K|y{)JY&XOW07;#6&MlN_=)m50%4s(2h)F!o+U
z!z36{jnC~G?z83HB~7_FJGT!u)C|A@4)%g<(G$**Cnjn2g)sxw0b(LH<;LJ9iZb$L
z06US^g!S39t?p`*o+t)5`V%*c<2tOeaMW|fQKG+?>xBuEDYg5d7x|G<(uYjT$*Nz)
zt>brzPK6Ghyou}%nTx#{WA-NVem$(<yznrqJnv||jDp~_a+fSGHeTGWOY?n#yWxN-
zgvS8&e9J)mh%dyT@-VdIIX1bLSz91FHPd45L!btVSXkpCz`({uC|WJhkr{6(h;hX}
z6Yj+gGCqqSm>2JLW%IwmMBXXTOQCbIeeh5gmOF6B;?1tS5F11AX++sJelG*bWl~<$
zY9}?KkHzO!snLIKXv`ws5{TD1Z4LV+!I3`#Yz6eG$`25`VI#^&L;BoEIwviHgg1=s
z?!Bn@_y#>UxULp^Ni7o1{4ifD{wlTZa-k7ejnx07w5uBCOQ7MJ1(~Q7GCF@?w0I=<
zlYTdmwmqA?lp2g5CH~Ozd!XJ|qZe=dW8_CWWE4bQRUIanYC@m4bW7XoqY6v<d|18M
zAZCu<8r;K;S84pA))2zECapGA;%?X3IJ^LTbmisLpCd(Bn?IZ9-@~5~?P+G_#Z~8^
z*37STTA&h!^52*Au(s;=*6K)$y1m!sqGS7LwP<OP_{&b?qlBlYG@~QGEJhp7*=CPS
zt&(LYJm#czQ>Hl`qM6gbI6Q^3aJJy~V+KBd%xO-Qp&cEmZr*0|b*Hr0K(8z;zh}A@
z9xBB|`8X0j+H!S?4G0c6T!_0ZxdK13T2m;0UEGUc)s}4ffY-zm@tJ9g_i*%&dnkny
zo(YdE%Hp=qx;oHeFc{9B8KA1V%+?;_clZ#Th71D-(q(F@?Gs+X#825K%dNG_Bh6i-
z%>0^(suQZ-u_}{Rh5aHTRSuUeFMC()U5!$}4sI!RXh6C0%6a#p%p2-hWC2A{^-#6M
zksfYMnDJv!eSML}UQbqav0u1m!W{|GHzC99Y8Cu`4X~c|{N&y@(U>F^OWS^@jKGZ;
zqN*!=)|;6XY?&VFXCnNHkgl3GtGNIC9{uCQeROZ&p^>qqo>VVPPK|CUz?sBx(PQj!
z)k_FJU4A{+fWcK6bsVL_T*EwM-f0)zx8n0#aiuowJF)FGH9y=)%!I<k(}&GIzOYhz
zzbl=tY+Kz1U(=l~_9BJom^<?pK7TL6`pD&dZsG6TFcykOSy;B!;)2PaiX^VcubVy{
zr4;FmF^KIZgTonLqb+YSI$ZPaU2oZg<C`%)pS=&TFQW_eAqt5M^?z3g`hSSt_273F
zZ*QTEOM<cnrdVn+`pj~&v&TPS^0NRi@mj=`ynj3XB^k*Ke0h01>9hzJjY<~-AP^29
zaBSWKklv=%$W1r*ar7Gpl~r?w5LQQWAnC>v0cGX9{QNwBanbQ6w#aK1UxqCx6bYeM
zB$_X#%wCCp;5$UeM^3aXkQ};tprYnweCs<#TwO|dN&&8WG>-tm3SdP{W`NMB$}J3M
zqx>Kwv#M0dxpx}_5%H)#LF2Ll#B&I^pBvsl#^lxkmiG2)p-JMcpSvzWXiKjX%TaFv
ze1%&F>JnxhFSdPHNRQ@A1bRtb!m#x>Wa8mv0W8A0?5@<6?Gb&K0BvdD2+FHf0+2F(
z1Su<?lK;cpfZ&yesA8}NpIj$pjKFx4R{dXGCuOWao2kMA#x?FD3+Qjof-jov8f7vC
z+C)NVgs<Ec(5>}Nz^o?KX@gf@6d*$)2%@Hb=kU_sBZLPk0tAeI0z2b(q2@vio;uL>
z{X-k>H3>-wQZ@!*07@#rTL@wWg?>knG9s|YH3@S-S%Rg<LG<$<1_F>WBB1TRQgt_w
z>FI$w7WO}g3C|IJ|Hbs+_6aMI73znDFgmDXdV1+kK_yB@zVf+=Y}f3LPXOp=bWxb>
zgQS`43#HN?<KYzmaM&!Pkm^A}Jqfmg)hgwFkR^VNP#<0#lKX4Mkl<gUp+X%^N;c6%
zC^#%LbM^M3L*&}^LqnyCrW@T2G)Dv8dW1Nz$xl>h<kHX^3i4JQ?ty(0@jgn}LtaoP
z1hmRm<!xl4XCKfo?4js?%wt*!IIfaOyhp!nbwTv_y@BCKn1Tn9|5`Tn2Vg}FNZ{2?
zMhIh)KLr3lTSBvZWoqE{?=}F&Soy?ou30;b3MgRXtK-`P?_9wGkV`WkdzS{|8Wtt+
zK!z)rd4Z3wjip2rSazM*5!bHvfzkp=gM+WK7{yg*K)>ohu2S*CzwO$P>+u0nD<H!B
z;rduufplQfMs(rYkY_M~sZpd6DqI_jS1clSR#Mws8}e&3U}|CCgFjsx3#b!NZTY|I
z`&WJcpU|hNo{Vk-1x;XmDwa(eY5TZ{(pGcQScTT!)#<n$N_W2S%Z(0qd4lyPgpIBP
z2xEw)RpAIM448oBY9P;$=CgN?S6@sefUPD=?LZq-_wJe7;0Oux#2>b%jPmtVLkJ76
zO2?qPn7Z8HyQ%YU8?Yor|8e%izALc3`-&hXn3pA^j+<8L!6e5@bd)sHl8v(D`X1i2
z?5@P+w=J(~IVATMN1en}F&W}_{6^}U#K8~gyGSb2V1r65Cg%^j-xbze9j#aR@+bF`
zpH_3_V^NQCd6s7^J#8>E>b%|Jd)Hgh9DZ^9y}hMNlVn0B|8bF^-V}9apiBbceD~l4
zahF`TiNPY<8*DbIQ@7QQ==4diI}wVR(v$<?cd63a1^8L5ZR_j%4DNKG7e|UNLezI(
z_iZ&lR}9zIQz#;!jgIyw)mEL2AA<MaRBLJ?ElLZFenc#N;nKW#0XH>y<0t>eQ#1%u
z0SV`R)Dq<i;y|+YwFAi(@NcR=78SOY`<5?qNXj#pu_%+#AWMVMAnf7c)*IOaxF&_U
zT1y7iU}FkZ*8@|0frJzuT4U&5*H*#6t#}xJrNiz4a6?LkXy40Elfov;XSqKFraf2!
zUquISajJ<g;xy6?<>_R-aa%9cOE&tL-!`*Uq4H*{D>%A4)IKbut-_dR@ybP-Dj|nv
znkqrayJS&r8Fz=J9FGvEP;4&Lyj;UWrNkbLLpwO$rQ|)|DN{P1Dl_;XT&|uzq}?gI
zw5Ym}`=H$wC-*(S#n05h+cExQs_bxK50(tJNk{SKLHd0{(!H;dG3g5L(+l4<tYHb-
z4wE(L*L}=;HAadt(gN;Z-Yp*1=DyEUD<(5hVL#AXD@@Wb*H&7MV{G!#{b5%DUC^Ms
z5M87>hIz-E%S;L?3e+z~(-O9)^Q2{u*2ryF10ZU*=UGi)1@J0iTH8bKgO~ZXBm911
z-&Gf+kDNUuxwpfUNcdc)Z8^B1PmK%&;oGJp6K>DqJ+?Ge$dtdy1<0M>j%);v`p|)M
zY+|jM10FOvL=3EdQ=|{b_zw0uG{Y_*e+Y)CJxVJG)#_r%Y%Z*5_o>W5H7bgt>l%ye
z%6e-b)ZP;~yR>=plGlJVfRCmSW@mC0NiY1M9OIq6ezW+OYm{Uwa$Z@>zIyc>6ivc5
zcA6`*(JzJg_x^`7MK%?AyIa}>>7(AEUF}>9$;Jf4>@V}))fu$w6qAg2KA~fhbn&e=
z(S!=aes#VZWQG>0mv;t|jW_b!jlSg^4e7TfAS5QZ3agG$Ks29}$@BWct)dHB*Phj)
zaj^@*<nwKg#uk1|L&e7E3d_zY&TLMwsjc99H6Fa0K#k?f*)M0MC8@w-@GHQUyKGo-
zX)V<xz~*xW&U}w3W!OD3Fc(-eX;rw)vrw9DNq?>(8e7d@c5V_iF?@h?)!6BWwzOdP
zN%lN5uMYReC(a3!BYKiqJ=150d-fUwHs&q~-N#p{7m}CqZBU9e^V9i<4uq-5O|eCv
z4pse*dGq1QHkMZXF5681v5#KD2G~a*YBZtRt7`gE8fn7nr%f16R40$9{}=aT#=63a
zcc3Glg^Z^xyAPjJ^4N_3^s;Cj(HyZEg%5m6sgMP>wHR6;rCU>cmJ92mq{x^o3a?Xr
z%N$R~ZrgK{Os%hSy^TcEt2OBALqUlj(oyIHP}sPm4x-C*{^wqbV|c`7`e!bc_)323
zvm=YjG^=;3!tW`6Z*j)vVN<U&oSnN9tS?Yk?IHv&DjT+~L>H4)cwN^xcP~Spzpyub
z66H-UNq@}o1I66&QnM0o0U}DGa3{fEIdQJGi3jc6J>KmY9;HX@n$H-1)H3_b={K4t
z!#ZFSBq}qc?Hji)_}6z{6j_(AwU%L_=_2*_U(fc(!2IlaS+Nc^(v{5-scQH48;WaW
zZ`92#qw;n$Pc6<f1$orzqB`M}xqGr?F$s6^R^7AgO7|OX13&@Nt<iPVvPT);gzzfh
zKtXRV--_l=Av#Lg{7W)QiwD}7_jK>V*EIvh*BQ5K4L01C(y9OO#fDqD+<qIGZTNqg
zAt)5V`A5wdxUNtLaQ+Ph=jQ{5U1Ndz2+rT4EE<2E^COD0HH<dCe~BSpIzT=-%E&sd
z!Vd6XR5d``tV{&$H3=jLPFpl2Z+wkF&LYw!t6=hL5}Fu*)F?F1pYwXU#16DMDJ~##
z_=}Pj6_q%^?er~pqDik!%n6xzwpc6-&lHUOUe>XABUU^oFFV_;xp7V&F)wu{st8HL
z7q4`o1vxq9&$k=SfQf^EiKBaq@mf;<Z)s}?Z#@T)gf8CvX&1v}-##>XBAfOUGb}MD
z@RW+G5LmdF{{*k7E6y0};rlh$3Qc2%Xhc!80w2lH@KbTwJcTKNI~0!?2=0p-0>$?$
zUM!l36|G`g^F!Ox!HJv%7(6Hhz2=D^x4KqH@zWc?fUZj7mNcm&@CUb(8ZGt1eSm!#
z4Vd!19Bff|{<kYZAWUR2LJ<ZU+&}t2Lf%9qfu46i0Db&1jtHV!FM{uUr8Pui2&BbD
z2NQTaf1d&}bD#|`xDEB1E>933f%$(zzGgx^1W4q??p>2GhXBMGuNd}K+yc7w1>!A>
zFU{6<33Z5sshryE8jYv&1=^_ZL||N#aDV_w9k#;t%b2MVA3D+kpInpBgaE{eWgywL
ziD6O$ZJ6K%<ZB@D06+p9S{b|q4MI3VbuIses+$$mME#w$y5pjzE(19EiEdXV6@=y)
z0)~Zsf;M8#O#OT)<IJwyG}WDVP`0d{`)C<hk^I3>DJ_~PDT)l<PZ(%o2)*sdII*ix
zJ*+P{*jv?TW?HtZjH8fu1T+(hvhyv2<>-8G4TGUWpl<#EcPs|I1O*>uA)LIAz?y8>
zOtvkfLh7+!{Gxv3Gw+dS_uIK6O86q*kv>aQwko0TnY_=xr1U0Tfs1&=khA|g>8rc6
z>e%Cr1UC4alw(d5y7j^#BBO;=r-Gf7Dyo5=_neYpYp$)xdt*z7r?s#V+_>=YUN*?#
zeY%v6m$@kk_?S}2&*dG!iqtf^rRtP5!j-#oMu+KsolGKzeXj_-Qt{ssE3_3iZ#|P1
zib0oA<o1Rxque(bQh7KCj}umij9SCCM?aE4LPo;_At4K*RV0Yuf?I%p{{9^ePhJOV
zn0rRnkBovz1w}&qfZhY%7raA?di4kh<c=I!bYw1xarFoiiVNo3&|P`Me=d6g`rAd9
zY*{X#rnu|{=;|jmh;vvpf&(G=;<-U$D$<-ff4d7o2x+MSNbRcs4(Pv2Lr`$|Qxa6<
zMzkIsh-dMZou&D4`N$K0LTh3IxkQW3z?7YQgGEv6s5N~O9Pp*>DbOTa9#e7pDxfT}
zX(jGg8(3-yiW9!x-|hghpOc@|F%NkPcpeExt$TpPFSX$%Kr~|(ERZ=5@<GqnsjEE+
zQIu+(d-`<DZw2hYUE#-m2`t?c0DALQJ)uXKJ3Bk%5Q_m57J|^N))0y>v;=oVur5&R
zn~&7aZ#Sa7+hY_~vy7b_mFv0ub1tc985T7d{u_!_02Fr#|Cu^+b#?X0J)D6vv=Ie5
z{1)P^4K*a+c`ohK0pLDHjp^p^X<@!Vj<kNu#$rkR2hfw5NbLu_-$p6^EFLOJV02Hb
z3IU#WwZvX0qTHXKKr?XkL%%I_aQ7I)Gd|S>W3#<F#m#BT&O<aH`BUh{(@+IqEv7HT
zJ5Hi!(i450(s&#DX{kvubFo*FNs^Wn9@L?FF*}k6^;QAAQpwJ(TB#aN3rSN|JrfRn
z&dP&>e9Mm+d@ctF<p8=fn2aA{K-Q=aGRaC&f0tx@D-PG?$$KN6WYw(z^DTI2om0h1
zpYI(@*YKPSE;{NjX9q#KsBw@`e2V!41(CTSSF^|$or@AG$*Zrs0=H#m^PZgTHlVWd
z?JY20dV_~wkyI4lc?2=M&PAUy;r$^<Wl&U|_qDd$ycoR5?qaAIjJNqKCM4331p=`i
zDbbR9_U;aCgTV({2wQ8UDVAJNSfNb3DFJ>Z*PK}EP&(^-5mgFXlPAvG`IDlTaEiM1
zHdLk-6wSAY0w<cHXBTvEx21D{N2qDkF?_O$tK=0HaR2eamxOv5e*UfmKAM!L!_U4O
z`m$pNOqTpyCL%HWivtCdWrTnPn=I)s%re?b-$x1<%UF}pj7-ien&Gf~#&szRwj)!u
zEnI7jg--w}l4u`joDMcP9l?vMD1kGJ*HtDY96NmaE_*j%qC)kR9s9itz}FiBnvP<{
z{1I9Wm1ye>EZCP&x7>rQk{1GZ;<s(rjtJ(}3W(ef);Q?Y|JB>zRbaeE86<b<Uv*!2
zX&mTT^>;Ad@)E$`2!xB`Z10$=2;E_+$?`mw%glIHbWkNx?LtH2sO#z>weuFWGUO6m
zPwDDC_iv1O_xIppj%G^dxt!tSPw!hbV0~B`|H7_ulZbw7spk>?$O{-nrIUY6mFml3
z53Pe!Un6H5*A}mzM2?e#&HJY7nrZvhwTJ!-sF#p^Cki#R2(wQO-o)E@&srvCC^U0^
zcAH?uHEdx-jDOX7kMhA-DW?l?o{x7OcPpe|#d^5oP?6%*e!D=oC5&D+h~&(ntu_v3
z?^;#*O>pXLJ$91I&7=~S?+P(_AXO`?f>$Bwg?RY<BO9wbgRjabEKE#H2CZ<X))dlL
z&KGtT-UY6`r$2`I9u#=$v%jZM+Z0x^N*cgXKdeb#@CpoOKN}!UkRV;`p*&h!FQ%oX
zT|aRO69WL_k2N_)uu`Zu3I%<_eBHwj+&nAfDL(`2o!ZG+N$}%YO%{HxQPZ}W#p~E)
zDB=A?Z*pz0=Yj1d*1Tr!%n&+#tIW5v-$yAuKR)(O=<H6$+QZ1~P+fu8630=DIq%PN
zqFkv;32NJ7tVO!a=~ds;>shyLOECEK(g#sJWJ5{fx<_nG_w*_x;sJ}LeRSu!nAhLn
zI!^=Q{2v~oy(L|S*2}lyt`J*TSQz2@11J~&c9$f!UNcxk2C~g)bOdi7al)r(4&QVa
z8_+&$p*to@Cr3Qx^_GB&G+;6kL#A<dcGjG-(({GW!z7a!tu}2s>6vwd?{2RBn21?G
zBT-K7E8C1QsNZZee8SAJR=1V8bYJ{|gg>(x4RhRXCz~Pr7g}(2s>OwHZ&Bzz7fzV{
zKh10lq{@fY(dQ>;zTtCp&R?gKlkX7{8j_W%=P4*Cd?D^3&8hGn3`KwyPa1H7y6W9;
z;ougjct%<pn*3u3(;oXkVNJXEf&?Kv%lNYQXMpdO&LIu{df@#ap7Tyzax(t!DSy|3
zN~Q@gqSE~Fz6^{YPQ<v${&-)IBS2l&KK>K<$N8py1l)YPQM&1+;()HEfJI*w#YuH(
z!QTqFZ}1@Q&4&v?2x)czb%D!vK>u1v>Lw5hG<k!?|CkaOkYVn>1Ny@N|F1O^vPKJ7
zW1ivruWW%|L}##;sfMFecku@PVX7=Lb^q>!x16+NytUxTHH-WzGr5zMk^@QS)SR`A
zzU6HQ$5`^N>Y@{T3NpL$JFr9RRk02vf{PM-tno>hy}}02&4nNF+wJW1gvW--FzqUz
zWq#B@vVGvpWtG6COFB&HS-cw)9mKb4nkn!;#$4E$v9<p=_^a_m_M>CL2D8o$7c=It
zJh#K4$W}^D#m|G@zp+)%kM%aR6)WLYi&(vx%pLuwJ&J?{U4#@<r;4hyt#m}@jeIKQ
zD$@85L=!4M|8qE6dL-()<mQxlFfh>bfY0P7H3pgUh<+jskt%TEV@hcAbK8`u&ABIP
zmD{VO&&yPZgwNzdBT6~=E<oCX`TBhk$68l*I!OOzu1xYqXxPg6fMY`0d`<DkrnBuB
zJ>m1L6CMHh)VObQOXDGP*-%m*n^qC0MRV)D%64~~?F1gZafmsu=bp8K-ZOBz%7p#F
ztQN79O0M=CVd=53%^k?+_3wLIbr00(k2~JRG>vVOKQ{{9Gt--L-+R3otW?YB7V{6e
zYMqtI*^5W(Qm(TJ6gtW4cg;pydV(W)4(lG}#xNB)^H+3htE$h#!FKQ288v_8R_6*n
ztQm)Pmkmen@l~5`FSQ=|Z`#@2<oL|5)1vR3XyNG;+10wn1``yzfDxWP;3n`iHgqk@
z&-8Pu=f6~!Ht#QeVHeY8IIP}}bF*)b;Bs`7?N3&;FV<$aZ!a0?tH}D*m86tX(`Trb
zoXpa6I5*-*n7maJw?6uwtMa?Eo9IN0aXC5F_t}P6PFf*R6!GT8%+~STMut3(bJT(H
zmjnA1)#F9kZl{h#)jF|?O`TG)?k+Ec=JKa`;f;?u*bQKv+Y}#8Gv2Jn@wlK`mfWXv
zT>tzymyo??H=t**j7Mp(v`rw{wiO21ZfcUo(OlgyuI?dbg`N5rjD3~6PYhvaw;%`-
zaoDw6mpD%v-tWb7++E&s;4se&Vn_L9@Pqck#0E4o`^9e3Ehh44Ey^HmegzGsdm2hY
z{M|u$aDp6RSB*d!t9(^nIakK%x!iEtk$db@p0$QmKos3B$aQ@z-ZH>mo=dF1FVKAW
zi&JNDEM3YtMkm6RoAMv0gVKH@aPoLeV)1rxfEF!v=cwAIbw@KAwH%gfL9TGdn_>Zh
zp@FIbW$DM8a2nvxg3N4?tA7>sh*ccqxv9tKv^X|tXudX2%4p@O4`0Tq;9wOHeMz2k
zIGo6v{&_3fA$QwJbTb_*-z>h+Gb!GJB5gdayGjUF@iY*3nvv~$0-;L3V@rO)fdAbZ
z`y@7((<nijy{1HGpNRvM-=5p+?QI}Z4ccJn6>p(gwKNK|y7sYEmE=$@z}sGY@XJxS
zF)-L%tIEPR-oMSO7A~M6*bo;g>_jaGK*(H(e*PC~eC<bu^-R__ydN=JxAr9iZaL3-
z{Zord%x&&?0?`id%y{2T2n$*=$zbdB9FCxY?alt0&Wq<6N{R6pl2;zOufuXsvmO}T
zx)c=LQByvRuc!~}l<IZ21*_K#adFg(Q*){W8yF1{Z_OtThdis^Hi+YwtMZIcD27Ev
z2&nMB5Pnh0#|M8EL-#Dq%h-VPo(9vhX085_&`Suc_UR~&1;d`7Qys>^?aS%n1Jmt#
zfnk;YYQQ-2zOa+6Cuhz0iFSZVP!O5hq;X2-SGjnHfqc(GoV7*#TISGF4Dm;ru1*Is
zH+InFYWPof9g>Sv!1<49_H~kDv`^H{=3;5PYke%+oxf^uh249s>F{&mE}_Ii%Kn+2
zb6+|#AKj9P#^TG7d|3$L@L1(odxM&`ZCP0tb8zvo_B5YVsYkcj_E8<Lg6rmoPL<I0
zMjn+IyfHccIV+2~OO`Jp1BHi*S~mL>!fJ`D4*BSGg6YMyj9})!7EtqApD*x~qK+Wr
zitA~V)Tma>{;Y@O`<$u}hk8`7%N_UfZrG>Vw&!QhZ%MCyrhq^9EaG<jrt_l%%iX8~
zXN|>1yRFML-*AfEwY;`UHt>rrD>7e4-@q4>kW7O^4KkvIuF#-oTJ%-KwbhQ{PbTu-
zM-in12O-o}gBSeM^SyRps>Rx-Bc!;KbSAZX1E`NaqdFe`CLK@^0}!=Et%rPSm!gw2
zo%<RTtzx2;QgREXR0?Zqlt+X8Yp{y&Y|7EcA$57V0$RmZ8ZdARuO8{?hEKp*^<3xK
zen16JduB&Anacb#llJkrnmOIw%|*6DHd12V6_`fNabeD;h|DfW7Vlf08Sz7?<<ZHH
zEgLiHn~Uv=^H^alA*KYRW7{uE(o5JNpT{f$hF63;jC(s_aD|;%2fE{yJorx7szh+o
zsg<|2fq>3M=7uMQqA7zfl|$kCRej-6-?yl5d`BT=>jz5JmP&_;>udeI>IVB?x6O=0
zH!6Pc)xh@MO1|3oWF6@2v1wLoL3HAxj`q%OP|Lx?URTtRQE&U%6&0~r%}*1MI@H0f
zB^X4L*W4E??Ukx;mahzVNJ>rZyf&CsDebY9yTj^ix!%kw7ZX>o|JCmGx7<*Q-Y(go
zFv?m5f!A}QA;m0rvllY($3vF-zq|ks#nU*`RIc-ilr|>j9T+Ko%kJ<qhsCwBzKf~a
z(ew!<9sCK2wUXSQ!i<yO?`@*LWO$lXx#i`2Z5kg12W};qA2_%ymlQD!3|PyEYr}SL
zAp7r^C=2ZKJWf80ck4^8X)n(XoN`KAhMg%H|E!((8L+=@cPqthe$<WF3iI&no5!w`
z;1+Ron~qHXe&(xFQS`}!#(_!w(zE81jnow{B$VJ=p;H98a}T4#LAqYwxWv6EjhRuT
zZjF8@jmo8+vS`?T(TrbIr?+k%&p~WX{P?a|zveNBC062%$AM%c4s1<0Oot^_phM>t
zO|JrOCHf@4VG5GtsR`D`Mt!Enq@}K-&_z0lCxVDw>K5u0OnB$2O9f4fxVX8~73IpR
zu}l2Qb#M6&B1_W*Y$-3<s<#$2htb>JPw8j)`HG@m%qM(gwCFoCSjq^tI*;aLb#s0t
zp7am3tp^CS0axCQ(m#9)lY}0`$=j10|ChFQ-3M9*%;azV<+j$qYyWl>kAc?EASNf*
zTQ7KFt)H|ryDp85hffP|>C$}zkv#Q84AW$$j6ZfSLaNP{Z!_WmnwOWKSuWiR3?d+8
zNs7dOC=F!AB!UFEH=E?%M719TA7?-L%25$<QJ7j&1qr>^u3Cwe%iF@*3&WTNp^3=<
z20GeArcp6g8~x^RNL=0e^75}rNZI%&3`GC3AZ;<~UZPG_i&FI%=45aDhw^|7Dj~(o
z0tG-d-$?>6kuD*LzTlk*@~N8&<d7h@%)hC~!w8^7EaWNU-+bi;;Q6qdOw9h~Jp=$_
jmHD@$|6?81pQEnjr=)ulYBeDK5bHCrtXRH?uJ``}PCdC5

literal 31788
zcmZU41yoeu);J|04Jsfolz>P{HzNW9A|;9--5?CjkOR^nF*G72p%`>`cbC-AHN*@s
z#1O*_f8Y0g@BQ9d|GUmz>)d^IoxRRo=bRley4q@#cOTxx!^5N0P*-`4hez-c4-fwl
zDe+%O`;U(=@bD;99hH@JHI$Xvbv<0|9Gz|P@YE?w-`T%;GxuPn{*~otrlAf}btZrM
zZ}0X@brYZTbUhV&s>~D>qSWg`5o00n!>~d{{E5|!1JR=gDhT3U7XfOC$B#t}EAmgq
zSU(vV`Q5IV9%N&dU5~1d>Ms;7N<8su5aD-K0cDhl!osh4R3b@vzI`KSya*wFHG#*q
zMy?w1Y3=gT@G@^Mi}|Bo-*4?VCAWL%BVyLdB3+`7y<DE(8+22l$HI7z-WBOSz@K<e
z<0@0AuC%Tlex9n%-o?h3UE1eW1UM5VsYqMo<>R>b@sP5^hCE`(8PA1r<4$jZ^Svnk
z7xP9!>4UUp@opd0pQx~0JnSkwIW6WYiC~|%#R+PoS1WWs%dqG_9s%?bHtH&eF!Aue
z*&?(5$%e}_4a&XyM-!4+m@D}91^3rxz%N+e(w@jYJFXV<Tp123OVe=Zz>hc*x8HB>
zr^P+pUKM&mp;}9%*j3)!Rlyh@kMEZLL`ue&21c4j`V)(yG1BvzV%OHw)?ti;!Us-y
zbWaI;JK^fwlgbUxUo+-L`xfDk4<@UsaK*LVZ~LwCCH2$OsTiqy!>@VRM^qcWJ(WtD
zde+<cnv?RIZ!Pq7+B3(x=YjU=qM<{yS2T#5=ixIbGV&x{tPo*OGlND-0S&Z|uF^`w
zP`YckwdYZcyq_*L$J=`my6%r}=~Q$5gSc{3A|44RZwS(?m>FhEi=(}gL}NDemZO<v
zy4+_1Rlmd(e=6|(#gm%rLqncVLrkEXpH4Q-L1I(7e7?Nv*g=Q?T=%)8dWT~o)5D}+
zbpv{Nq}<2614%mT#|<>KZwY#%Z^cKb;=DrzYHJM@I2iziQd=o6Z1DEf`U(_DCEiVC
zoiRP+op?B<L0ud*S-4B<h2bDpQTGOXc$tVLX9#nqOU<D>Kgnll>nT+DUONexDw|$(
ztmn9c(^X>{@%rMN<e}c_wuPEVD4=|!8v2AMs*Hneiufm*U0FT2h|Q7rs)$xP>F{xi
zg(%JTPRM-zzTU65-HUBA9zPD1gHk_qu6nR+HBy;CmF{OM8|4ejyom{Zab=Yh!syp~
zGo5moAg!Lwp-lsi=2B50jowrtbWf6gxvn%yyT5Nk-7ctPI%$#`<~-2fINLaUwK*~E
zR`$F{_wEnZk2}FhHg>dMf@x$;MKt+_(;tw9PCgN!RT)+-R3kIVF<rv{A(3-}@7w#X
z{14;p4MW*ivW{YkQv4Z@Ctq9e!qf4h*a(kT0@nr13(P;<>6jemOsn$kfEKxkTjbx-
zr>5w<C(uc?y>&NtjYNrtYLlHRnVs@`!7oh?wx7B9o)#Rb&t*zJN>t$2bx6+N0e0g5
zh~jc1(C)s|Kry#Y^@W-Bn8JUJ^30O4uS1%VTC8W}snZCpXKza-o&Za1FI|PW0O4@o
z*5|ufVUYMV>-+P>&in>p*f`ccZ3}pXBtjC6chF^K#pXs}zv<sV<`M?&Y(-hf6YF#p
zuPylEn}rJZWvm|@e+Z;Di^}T|UYkRKZ<tmz@$xl}$vnGaj(MKPNOR^4aHjUi7sUN|
z^ed)Sh3k6uT@1J&%U5Sg1Hi|gGjS8gnW8~!^lXePBbj-?)P{B8xfwTGqQaK_!zjB~
zo<&zv1&%2W3pGqNuitZnNRTwhd)Gd)4z9aivUx6=7te3)9x6mBX0@fZ#k4_JR9p*z
z1s9@>6v~lY-FdYAG@_pvzr~%$Da38Y@yAj1$$jUUj@uiGv-mEyJ)%1Da>r#yWas`4
zy<J{pU1V)!`HSpGL+kWDk9g$6_=g$dvf|f<vI55GK>nDt?)L-l`xl30dz*&+zy18_
zn7>yjqo@D9@tJ4NPS9xe7i#g<YVQRqgf7~q?o(@AYszv@+h|blx|_4KQnr^itvyq5
zq-U~c-f6<{X2Q-3&)%i0r6(?|7k4ij(<9Ss4Ju~el+u;HEDd{~QPWf_Q3I+`u8mkc
zt@&L;?X)^`_-B2uVYg>*>p<YoLaC>Av3^FrQz3I1|Ey_Av(`n?As3*tdMn~YrKQ{t
z=2z^?>hGms-0INE((2KgclQ3=|IGV*`CR|Ze*fJb+aFgreIRp?I1t*N9sDsk?A9`T
zFnWzPnO5@!g4Nx&$2csBSc#Y}Of(EaJV&X>c$cD^(v$Mt!&&APG0u3FIG%^2PZyoN
zhJFMTt*Eyr6(remQODgZGfIJ<YCp{dwTxaCxR=NL)F_JSvS}UENO93`b4+wh*!wVT
z{oT|~z8X&~bKyhvrk&26>re}&T#KBqsuR{O&H&po(bW$tA6D!wosyg@2dwgX6*SYo
z)!U|Te;BqK2JnmhMj3dPd?*d7pRGXGrN1w)RkX&=_RaGA*)h)Y&(by~ggL<IVDDkg
zV3y`*%>>OKnw`*I0j?Mmj21eB)s2Lj<fn34H@Di-<h0&S!(b)o9w>GE@zsxgJ*k{|
z?N04p?OJW>7pH3d31;F=L1(8T2G&#kB`ltHBlh;xaCta#%*Vvbw69UX!_mucZ-4EH
zN2y2aPM>?MTh`I+8oFzF(sZM30h>-TZr##f4;TgH$+ya<<pwA;x0JMqwn+LfpUs{o
zT$t@cW}|lKH^f%q(c=N;I;)(kgl)lBGFRKzNb~`VlbnGl7&EVidw_d>TZ%*ChklIv
z$VRY8I7%21@+X8kOdzaBNiH;(2u1=YIwA`KY_Jqi$lN=ToRRW!anNU^eZXY!VD@1d
zb1q98$4yYUstQ;Iq@q)#wuKn@{`mcyS2IIDvL<;Z3wFQk=DM40?j$(HSoS~abB^|7
zJfQg<2V#Lj*`$L0TsG5}@DA|K^edToE&XZ;K-Hn{pxU*IbmH<1B~b36nqAr9Vlgc}
zjxo*jtB)cc3F<VZIA@f+bkUxCnVJ1M<wR0Kpq8^1GWA)*lh;&T>}AR~i6XHn{VAWK
zi=g|sKVQmac>-Pu<pf%PLZ)Wwk7-GK`66|`D_-i@<wzpt!1R-;SxoWnX8513m66?%
z_)LWY-O2ZpV(y8)wGEmZ!aoz`2T#U-4eXDg$Ia4~xhYc(UN+n2S5a0m$mq!!d#vpA
zZ6A&x$2CV`8RH}413-bfH29G5_blx^nO3d!ACKSGFkC(;;oH^gd+c-1DnkD*^QW_k
zovVT&?eqA3CHH6UZ&A%md}35%GnssOe(verCEV4ysVb>A(plMpUzX+j1IM~#sCS6R
zmu0E5GGxmA+O}_cPvst{2+h|f);{%Fca6<vcq`zK_1>S0kJWl0Y<RPqHQ@R|v+>)|
zRMzS>q<LHJL~g;SRC6i4#Qdc3l?k|Qsj;Q%X7lyr)ahz-VEZ8kXKOV4J|jSAwI#Ie
zdD}+cP)Azx6R#&Pp8!f9w*PXeweVippL6<ND)Vm7tkG7`sq_N~(=_i*c~ClAZg}e+
z=GA@vEAbbEIbKR=;S!wUJDoPFly%`EvhccXyPLX-%>@*{^!^=4-?TBlt<)E`iR6Qg
z-|S+oN2v-~x8)R(sYlMMX%)Y}_5J>CSC2Z}uJtYbRp&ImrH~PP7xUAye0rr6bBP(c
z=nndWD+b!%1a3YX3E2r-A-TX=VTb#aTa<0R4VO!ra{V140m|={Ve9TuS<Kjn)L7Z;
zxg50-=o{8Qz@{6<gZT|>Y`<p0g(TmXCLNnR-x>MRtFb{1-tyX4&W;NAJ@*lN(bK%+
zM0qknv$u#O&o($!-i4xhaOdgsWmRZwRM6=qQunvL(=vCtCS?XhNUAO#BnRd`9*X&G
z`A)|?whg>~9ex0kN_JgplDV?O2%<{IV1D)HH)b~ht2uXk9DRll9an$1xCXXg1JSn&
zbB7B-XG-&7vDEZzD}Ims&k)cqpdwfxXvELtst2K=RqO;$DvK@~)@k=&M7=_llsBL0
z<N&1<>jQAZ=1Re)h|HO3)bp!?+wG}$k>%hvaPaaH^J>7Y7A~u;-u8%M73qJ3#f?PG
zQ0rXV1=<9fTnys$H{qYheK4mO%>C!zbXytNb)ojQ_$^Ch9U963QNwrwhaH)k$PmhG
zdfGl>X4P9l>g?gigp0}@W9%Qd?%-8w;brMnzxW(~ID?ksBXyIiUyo$me=_3X`Ia!Q
zRK+;O2a7F#g~u3=mzRpgLb9$gK#*F%ISfzh4xzomP?oGRj{WO|YkKwQPt0ohEy3^S
zj$d`X`epv!E6Ci`jXd%29&rEb#n*WK==krIBiHebp_if7D_Lt-kdUQ~tCg*gFUajL
zHXfe5uk7D0$kxk}-52ES;wkH^!1+HIvVZ&k0t<7p{|}0nlLDuqmM*)ptA{PSgpjz<
zQ%=RZ?Ck9F9yWHeuT@_BANk)e1x^PqFE?3XVILnKAs;azR}Xt(5g8d7;isa)qN0L-
zF$6vRT)ZrO1zkM3{+G$W`KZ`>T6;LUc{#eeu>Xs%rIo9<mjWl}zXbi~`CmP4eI5Ui
z<l^~%)A~C>;eU+?iwHdx{txfJr1JlQ%IZ4$+BzGmID%|lJpam26p@yBD*rzO|KHF*
zBL9oj=pRyPNzwnN{I8M!qm&o^*9`t^M*nNB|AGFsm*QP{;s4lP@$S#(PkZq2p5bYz
zD82E;N3@cBG*fN7y>(u79{he$wHN=WC^2y&E0q0fD5*h%+4-+Ig1Lh~2jk##pY!1J
z@&ZG>@;gL&G<!sj`9uU{f~^<1S_@{u<Mv>CKO;$+D%WJlDwfJwJ4@_z#C~VwD%XA|
zTgrMoS3&DLI|1i^+Jr5s4LCFT*VlhQ>;xeniM~DzC5`_0f6YsTfbOGdN!MEwS{nTS
zYXgdQq@to`qrWt!smvqtCH@(at|Ll_!E<(Y7C!}wTTBFHW~T22-~Dg?{ka{J^dAqm
zh6hF}e(itAlDc(-nd><=`dt~Ao4Yn<YJvL@DJ8+Hin9|FYh6z}<$MuLkJbK>u=|=Q
z;R~K~70<<qtr5sJ0*mdH0AtADnQ2E7!$Xy3#s&+^Tt15(IBX~$;&snk!+%Jn$B1MF
z@Uo~x@}SuG_>ps`D!`qqS<o6yR#ojH)fR)%QD1&~W{67QDa~|7#_^~TU*tb_V4(`3
zBJV(yl+2C8$vv@4grCzujg5^;yKjvm|1@m;_WJ!POeoOvD(Z6hgGPH<nYMColz!nS
zu7B+9`uwXh0ZsW*I;))X^iHV|fq71U|9gFXYnqP|+Zg9yzlih4Fh{LgiJj?N0nb|@
zry&+p<adeKc4t_9`N$Ce5NKd6|4`4_x7(BIVy*J*NpeO@MwGGGC*FU{a1$V9sl@9E
z&e$e6j(C^8fMGMXlXUppzIQ-SS~pvgKUQ^3SxbC@Js%sX3%M_0P!pKXT2fve#*{hh
zbSoLGWaBl=--%?PpL}Ef&go**+@d|uCLg=|#b;q=Fr{1b5$pXozW4oD8z*lQ!0hEb
zY<Gbz_(z4H_$h{euM8Ue>UsgZ!V3!I%q|_2!-83~EApJp=1<F{u`x(t`OfEMr;id%
z^G;6=E#r;fE$mF{m#*d_>tL%yhwpSPv?$NZI=`qI-mt&A2S$ve@;A?!=N3R&2Z#tw
zMSJr`j4-;}<x0}yjFBO-oQkC1ld4`crrl>%ad>pFlCyr(A-1Cmiz#Jq&)VMJVL5N1
z$_Uwr`OiWI5$FZ5N=6_MJARNxA%_!>Qvp~+>eYmc^4o8J-o7;id8hrEy9D>*JC#T~
zP`2gjy|X@Ss?PrMizee$CiCZv47lS~<oQ~fW<|kZJ9C5kfp$P!1vF<SxMDQ#L=tn*
zt@Az}o^o(ycXiXXW_s#b@K{S4>;1cj19#YJi(Um@eOnI1td=gerjd4a%iMaCwRI+Z
zp6e4dMrHwTek!!BF~zh?t$kDGbZa4V8|7(clU}j?FnaqqL$GwA_W8^Z>QQ3d+z!Xr
zKBp%_)U>7D&8x{IG?g`@@Eg!-TQ~f|_I+LOh~M&cZCS@jNnb035|^<j9B^50TEbC2
zp%5<A6v$XV7!`8*d#JR`cK1)9+1jVK{H0B0o%?}?^X-fdgd`LdZLI-UZa;&?WuvQJ
z0L|?0H!hb}-F%GS2lfCK<vUg?KSWS68+>?+^UJ((xii~Z6lLq%6sYr5qz3dfFzzA7
z=V;kUO3-&@<#71I#H($)nKV8hDdP@=*D_Gu2lg#jc{gK^!gS_46kDASHN;9PzGnTA
zYG4(lrJGiG^FGGis>yu;oh|i=d3^FUk;>Xz0uyBusddW}t?<`z!wWG7<=<yfwe_iG
zFirC-JC13L+R%I*G_d+~1tDEWx6vJNxpteC<3#~&=T6tC;GYTi+yM}0rtU+js|C67
zr!BehHTS6#ZXAdbc-uIZ__~-Y3dX{g1?OH^F-O1q;LNOdpvyCspItfn+H5Qyu8%Hs
zhp^V+QM?H77BD<3Fl}`!Jl|V}fiX*U9O?G-tzkdG(CpvO89o9$;dXMn5rfZYnmP^+
zyIaFrp5nM24i2LrU*{ETtGb3}%PIi4lYur$CnTEuJ8Z!|+vS|}8FW+iLZ|mDH-v}7
zQReH=#tM29c2wUI#N}+Rl|wlOs%f+)hQ*}tEPlnu8pDWbs&80i+jfSIIUJ>+kRth}
zhJm}Mr^<lQ<1EZ1slq4KwUpo`m(h-QRuSAQ(xS#s+S^p)cD8I_Yq-|XjFdnbURZ<}
zT)crM?!LdYV{ar4XpLnme{!ONaY!3X!ge}!a!htC`sNf4{W2bN{sKa4*asOE`EskZ
zl-B^*tf?0U91K*Iwu+S2T}6PXJXm?ddwgRK$n@UJNiGIBlnc(0p~#|S$Em|_sQlzb
zQn(Cxms!|4EsWm2z3(FG+<)*`#C)Fuwka`O%P^<hzw9v$eB(zq{Zd@Q9cZ&xZPnzO
zYOofqa3&$>o&4EAKEro=n*{O!oO8avAm+$LyQLbeaa|EcT_~Gm`a>?xp)&sM^Md%8
zgHg5B8{fE$hF7n6&5RLFrCjE&PHG!hgND?gkAd<}Au+oBftSiNTG4AL8LmYZbnS&s
zC^p76-Z9*k6E3;ecV>J?O|Cy?dcp&e47lpCl?NgmuHfF_M*u{JtY0sH=eH_RT1G|y
zvrzp?tN)!`4%ZV0{hdV6MjO?9lJAp?bLqEn{yY<7l@gUJ3w@GkcMuK9dY`222cDsq
zrw)YM<a4pE^mz^0<Eyi!#>kEk!qS5JnwptUv9ac!t=4L4-Iin>7OC(aQSnF-{gS6J
z;K2rgn~xqf{}bU;nPABBCY<#%HOaecU00^Ok0_|(JBIU`E(PO}7q4nca+q0P)cx7n
zdhf0E?Y{RBX!*-SlaZ^4=ht2ZxoXeSl0aeC=aoPC>lYMB=1cq9Ip)h}Tt*=onE?!8
zvR)2A<FgWMk#n1=_tkdk@oo<_i@ZZK_^4J8R!<U5czs@LsT^sTkk@@`q##`4TbgKY
z@Ze91CCulrDyP{8hBj?3jp_zWl;@Ez=NhbeQXd?cV|(ew^1Gfq;a}!z8kTfj-r4?1
z*6u9ob^PqW=rx@*t!wb|@3b$-SKz}1Cpj>($})_kQEdXw?w_ggyQ*pkv}~DG52}6$
z4{22<@q4fE@)`Zc9rQ6OvQGv>?aOq5K$#o=ti;Fte$wiXCUrj_ujHOs1Uz|y$h6O`
zG^(~U3YimRz+ImofT99M7y5evt}nCc_ouaNHF%XtM*QQH`J&ZiZ+f+h3%_w`ovih>
zT6Bh580+cjIoWsrp#epMlYt@Vhe$iQo<gy+O$4-G1}f=4QQpm)7dWM@cx7|2&FUK=
z=6{3g2ld4<%@*shZJuiPa0SU{c##ziDxNqT`FfUcVKUBkdFz}PtaKF4->A3um9M*R
z_AQKLika)b+oF;4{9fuNgfQ%HQ)7e7Xv?E|W=~YW*=kEYvbH%86eIPw{QgtOOmJ&#
z<Yy9hy6F!J{eEuM9Xu)wl8^f0_o{_g*}O6YjI3ZS=8bEi<Sni!J{cEfHG;kVCdft%
zuXFpjXJ7hycN8pJ#`F2r%8yo>44UBwOts5C4d>eOQ$>n%rN;KgH#>fxV4dZ<mDI*`
znc*WT$JCC=KHpYJ0DfDvztJ}q<jji~6Zy)@7#HKRdEyHG=-BjYr|}})cY<?oqmSUa
zvpwR{!l*^EIjdpCvGs>s9ihI6!aF_Z^Xa>U>4L@&_D_pawC{pST4gy)EAspi7RH={
z1OnFBN#4#xq}aH;n28g$!dYVLMe7kIhL9e}o1W>(r~it#icC)Sn0ha<-})2|oB65V
zT?;;Hy;$5U&T|PPro4L&z=$&5ZnE8yVigZsmz9XSa~1p-3wmP_Y46M`U6z}SzTI*z
zYE;|#w;KZX-O-4JPBc6(c!h2119C=Rr#7BhYO#7;(TSe7$$I$I57o=i?Y%V3w)Wu%
zhAQ<Z@~7()yurAmD+!r6fm>hCx>zY!rgUVe0Ne4EP~TFw{h#}QX=_ZP>v!eh3)=+p
zp1!3(;34INLI{&$@HiXv2Z;apDn!fgPI|Y94u7+)qGd_|CB6<Jv#4)$PMd2k)^}K%
z`QQ|f-$a+{Kx*CtOD{$#^k@zVbF#NjTgc8V4)?SQGph>xhDG8?kogg@ph=<I^Q7w+
z%zCeFGID~d;)Mij5B=sRmUah<v$LkA#}`X4mR!fnmmRXu8OA=hzUMK7*NZUiOi+fY
zSIF%L4fFQIFQyaXBU*~>N3-p#);<cjn$~B4+H=Vg`^r(4w;%GZkJG?YGkl}0a#qv)
z@fq6SCPU2Ck!#%%7L<#<a++K4v(J5CR<Kav7mGd5#UPHLNwWaBo+}sTtRkg9zJ`D0
zib~FJ=gdu!L6I_txPA9q26Bu9P{nKh{=+zE(ZxJ)JOW)l7dUaZHA$6YvaYHYaz;8~
zx2OKD+>Et{3KXtgG8NJFT`Q|AKB;MwhZd@eQf@9i^=!ThBhIySnbI?{vG=UL_(`|&
z(@m_HQumgXa$fWOZ-dgRz3JkpgQx>hMQ>}~jnIRzXYd}Gd2Ja!W_;sHa?E2AuxIu&
zKiZc*D}MITVR%L@zLm>2#lVHnBGx6rx42v$$C*0tWfB>@zoznzoYe};fqJx5)-tZb
zXIe{Y!Lc~Uj-KZgsm{_<jzosK>Y~7zgP}BjWXtIoxd0&Oa$UFB>#R@>N|hrAx8yCc
z!g3rR19~78AzUFfe9R#v#EXNP!mT#&oB)@DT~!-AV??AJT;DaI1-Ndf!fuZEHnygn
zJyF(THV_5LpC+$_-mp1;eU%DF!(8hD3jXu3Rdn4kUK|al1tHj)@L<N#6E}(^&1H!V
ztPb4zku)CZ*OX1tYzRnC&GcVqIkDHU7-WMdQXg>Rj<v39b9tq<8a?5WB+voq=|B|H
zhG?oF@BpiH1RBc^xHzn{?2eo$D{DD<$t+@}QlYTOxM?j+!N+jA*J_yWJg*`{U@sid
zl5X)lu+9iB-|)y|hY=I47Jc64Fj-KMcaVJ=t#-}Ai#ypKE-fh;8I#_OV>dY#?>&Vb
zl)KF&syS~KrNuono&K&togV!G0PthqG^~jM6ZX&7Jtpy9<Bjy8d(1|WLR(=w`b8o?
z_~V~KT!k8r?PiTc`J^IC)b{1BoQ3zSk^LRxUARl*_Jih~FHWI^AEV5B0MtFCjkyZH
zkqqsZst#=PpLP|ddxfYAXC}vT<Uorxj*=f{9+z)^xcFF5p3FwYhsWpZP(tO|?vvV5
zJA7=rjo+hP`F8tybo36u6>IktI({cp3TAhVn^FU{1=P1tJv?aTIwr84!I(TNSNX*~
z-D_3*jy*3v-}s~l`)&igPzEyYia0RM04+53n;F&()oq>CaRh~=UdeYTkX*n3i|=cF
z#GC8q-){3Gsu}XOS&u*C<=piLPm-hAfDN4wK#O+vP`=vnoVg_>A=BzH99;NfzDNlo
zD9#<Ft!D7{EvUU63C2vtOTpFvz2H8w&85?Mspu~I^pcA5o12TnOqgRHb~h?43Oe+@
zIw%Z#LD^mb13+fSWZYXI=pOn&FS&k&=w>AKt?%NFc9s=y?o+;sA3uK8ZWKI+ZF^GP
zUd+M}0re}kaBU`6<z+(kZqquCG{`|euwIU##lrs8L(p7qutD_g$)`VH%&9PJl-#^(
z)eIvHp7ewJLc{}Nb`)e++uXX#oriO=;Jr9{=f%%SlGZ0ZZc1*|8U~xiAMQ~>pEa1Z
zfF}4hXk&8RzX46|J$Mj_mRZevRNt)j#UI``I{Jy%*d^NwV1l6VJ|-GSVPoxj5Io^~
z*a&}K+%XzH#$yx$4n4MDLR=iAB;*w9^w8>*$R}-d2ChdiJZF*jBMfX4vdtIUeDP9V
zR@H@b$%aSk%gho-bAD<R@;oTaq{+*XMo&zh3M1o#yWw>{-5Jdf18%44m$U~g@0|?>
zAFp+CAn)@VgfrhayN~8B3@dgmd_@Y}4;9Dwt(@s#AiK8fT@iJ|3g<JdE3Mov7`ot3
z#bZB!vOzAg)pp}|r35!xZ%&5SSz5A53;%8>FseG=sK@--w6VO|ZqI)_C*od_L2n9n
zU_!N)KK4V|Tw}3)raR^W&mQL;a(c%H)YBAHtiUmr>e$YVEcx>uEm|ebD?s*z#YEr?
z`IY}%V(PQ2ceV4K@rm+{j(Sw-OE-_nVM{&7zc!ePk=AnF12Rj7v`+ABPwnHL*W*un
z#VG8D?n?FGAw#?uf!^I$HE+xAm$8<~g+Jb-XW&33&yjTD2UQe6CdX)xCYzrJ%`Z$o
zgJh(qN20svsOAT~<1(U|WhJc$F~_8xWa%bzHNcivskE*%D{mNI1JILFYrWj8`^<Vh
z=PGiKDzx64G|yno+E>|k*VJJhfW^miPr!OEWxUSo(x@2CfKc8!f|X^EnSJ11m}Eq>
z-@K|sq3M}>c5Fwah{@ldo;Cdj<)+Hof4$B~t$tIfZM^n=!_p!DBB@1pDCqhthvH&J
zTu^9><%^~wHNT(Kj2@$X)~T$3%EO=S%&sjW^O5#xc;*|{yqw25M}fu5kc;JfL36K3
z)eydm&=)=gx_KtNXAxU!t>LjUMX4>pRc)8O!a-QwLA_nA6`5O%FwTa$WZsIpwP7k3
zR<~N!S|*0Y|JA{)R~cI+AABk`&HrRr^?kaleY20Suvq`yz{d@ry)*n4aCGVh-)>pw
z?H4d$<Ai|gPyA@(ggn?dd4t`wP{3tct)%NVRdet%KBhbULvy1|GLj{r>JNNt;V_;b
z`HK>|$Sp&HNRAXl$4qjAx9`})5-q!xt?e9q4ia+EVa&ny)Pm;Lc_{0-pqqyQS>ycK
za-NYnqMlzU9}iT&Jz$DNyV9a}U0mg`Zvw!mSajvl?Tj52lZAQ94k7p)BUG)g{l&7_
zuU`?=W%#>P+Ts=i<-M7fXcXG#X?j{xa}bP`!z^>@Eby-Sm6>A3-@)#{vn{KOb*g2=
zzQg2nvTUorYt`oB9yLrV1d!*NI}>U)!8W)xk+<y^9C86Sk1_l9Ku3L^gp2hZ1@z`B
zuG7VTR|7NWljAxUg!mAEF)D_=x&Y)VT-fk?D>d0JU$1Rv$$2MJTT<7-%>xJ9&I<F4
z<4<wp)FyVfC;7iadEG~%Uk|T8mw#jX;Z~3PSyqAmx6_@zu~DZ8pE2PEOwiUq()z{@
zvCklPMmSaaSYAS27HxO;((&z9Ze^u)f8-eY@0pM)r&nJ`VJ}Cu+>P+|!2I@M!n9ux
z^I_71y8%wir+r%C%;Gt8tTJdWX}{!c;vUMV%_Wt_pNGfH1X6{~hfVy5;zCu5woTR}
z(yrqW5&)^xI~PQe8vK<#RahSGtT>-=n?;^s$)Ulr^}zJ#uKOP1m|~-mLy>i7^%i%*
zJ`p|a-ov;@EU}q$nnWb)jcZ7vV3r&qreb02;kPX&G;0Qf#0VMIp3XP>K;zk@6z7L2
z@tSGG<R`fdDl(|pP%jo}MwjGc)ZQ;$(#p7f8>5}5NrSmG3(oLL(YesccO(Pho>clO
z4P+Z+N)@^c^S*!2t5KUX98z}Syv{V)TTx$M2y9_^>uKt1<W#shD+-a3%nHxL(DAJ`
z#{0=xT<An8&{_exa81yP-C_GJPWMG*<#B@LW}%?jy`d1&tw5qXR#9LgwIS4@Pdg0V
z=&Kq|Lo-{``q<$Ip-UXRsXx{8Gf?B}7>yK5l%RLl1nYJ&YiCOS2Sl;Fo<(@d>ISez
zb!toYp%^$0_)I*&Y&}FRBdQ3b_z04;ilEIW#kD~&kq1%!xro&|ZpuZ@IYp^}9?>~z
zTYn5}6|hJQA>7`&{#xcJT%l^g73t`T*z^zMFaZSIh-7(Bm2{-Z)4nPiuZ@FjkrnTb
zDrZmmpgNvq()`TuWkoI2!dsTzwG=nJqjXhm6t<8-AB$BNi{@w(ETRZEaunTLfloQB
z2IwEuK!&7TSLEexZ%)JJtyq)9gK?YS6GVzKZ0%vU<TcySB5js*2D<ZH6~?i)tZ>xg
z*)5^d-sx?yADSmQLdb}u2b*xEMjXV0Uu125Sr5F%E4zP<zb{y4`CV97sz~)q4dJ4w
zC;na-?J=vM{$rIcVEHND)HhB}#yZ4~>w@H!NoxS+)zhrNPvd*1#XsfWRZt#MZgu_i
z8PCh3Ar@h&o38ur%w~4pwSBzDz;-x#9I2=LDHo8>2U}jwRLq`UgZnQz>kRYWF5F#>
zQmdRC|9O$W9+W$G+2;>~7kD%Wo9%3|4kJ&G<d^&6vKYVL{+X4M-9k(xMSeP|G558N
zS-w8w3|P(HL+iY2oqIva_8^?j_6Z;B4yLSvFo+hnmK!`jqOn=BBnPu+Xtyvhu)Mvw
z@>$@9=P^9A%r;c$kKkgME33kyOJPTqv11A_G^?}&FyN9*?oVqhTg#0pxa+cV)X#Sz
zwl$RavPCr##TXf3ofII<(ALspfC=oWenD058i>=E^y~6<Iu>njac;zJu<0xYXy-W2
znfNuv116Ue8R;z46W5i^J{g%E=8dB|Qs%gHgxp+vWHBoYK+B`x@o$y`8L`lo4V6DM
zMz<`U1SZ)gBVHY-NNwIvyfIm{D`K*gvb^#PUNv48OJ8X;<VUAuXrdCJS$v=v@;qiT
zDNor4CmIH8i}_(2p4whuubTPrC^GjReIP3nD+5RQH*3{Pw^La+i{Q@(D)ukrYzE`A
zvlRB+t?gOM@8mEJv&z+B;)6lEk7@O`q6{~7!Uhnl<-rYu6CBAv)+Zwk3lUU*FvQ=B
zSR6ZqWGz%4ct5*p9BWkC)XS&h!zk9X!hEZEg}guIcumL;>f6t&22Ls4q@`0)=SVw$
z=Au}gf6&mGq%)GoESn?GD(|f+KefNNw{g`y+$U3!;5{~4T2muFLw|)*%bAR{7;O<7
zQkJ1Hbly}jIS?4EFXVV#yfkw^L{g)*0t(h<g&w0d1D-KfQoGD+!M?NV8q79Yz9u<l
zR`7r00F2HiG<(pHLPhWZMhK6yE0?f+1T3R(d21q9Bj-y41(q?NtV=(SVwQndYG)Oh
z>H!By=kqo%B(D!y+N0cClO^ZIG;kl)j2g|C1CAg{MeaG>G18s<TS#))4|@cUuFuo2
zuWEP~A35s&O*vd-Te1x6kEZdP7~2gX&1TCu<NN)t{AAQFp+=Zd^{>yP6-7rd$8*)~
zkwY%JALC)cFn6VLk;^rda^E6^@tZ)j{Gu2@6g?e8V_d_!NRjQpFmI&0maFATo*Gd%
zkf*GXZd3{im;K%X!Jx_K_^Iy`oqVJE0X*q5+lXu%xx<RROFeUTE3vY(>l8DrOodF`
zT%w*=GyV!W=}>9y{Ci4iX5dw|sgIz0VX>)ww^M(n>g{jjoYd`tq_6eQ@{4*9`6q$$
z4mqg|CIzr_g$sWk`6~MN(aP|{PXR`S?Yoong?Yl*6ak^#6RGm5jXOR@V`ZhYYo0{i
zD7vGb8)2?t@<z*__Z4ry+NL3EUN8imN8k!nm3$7&=a-2uvpe&>SJqukLFeO&7DkFQ
zPI8h9QECqseu!+AcHt``T{&;j=`iQ<m7N5_wULy?I?s%Sre!cLvv|?%BAw&&WBRUW
zzZcw8sFrDMRX!uB_BF<Rqc(7>R-Wjh-K!jyCm$QR#94_<O4}zy$CzP*hmhZ<ZQL!7
zx+1K`K{e##(!DPzm>>3-4|H#OuFw3D&>2g3mAR#9oh=7Wg)A!sM*}w`nkfG|=_HL?
zddK9vwT}-cIVMSGK}*i7SEz9WFvvS4c8CCT8XP#wlfcY;Vvg*OOn7L++gxAS!Ax$O
zdK_B=y-lW)SqU`cWN~0K*(GI>myhP#|B{ePbw?>gEgGyuGQft6+pGZ*;jt<OCWXq+
zuTFNzMQ_DwO(rB3>qxBaghz#rkqEO$ef6#WE}#8QKYsZ<Utm5C8xx}akb{g+wvNB7
zfm43eGpuOZnhn72lD_nL_c%5-_NKGgPd%Gi-jS2Efl1X>O>|Mtw&Qo-60^$7d~<tW
z$qK%er<Nc4smEV!5e49$1U~u*Nm4a2kfWF9=~-WdN8U69s2?@La}(L5+{ZShbudSM
z;{h$Ft28ZPGkgLq9-#by7e@X1cZ|n4CWNe*E&Y{Jfa+GlSJuKSTYHKRJL9vNDYD=B
zHWvydPuf+)%kl{dQf}~Q>wH!4?B0A4FRdhSycWg~2VsFCv#a_=E2v@f{a)Dvk+f7B
zZrN3|Q4HYSBlRp0g57j1W;+(60R@kW;4H!{*7{^SThl3}0m+ONX*WND<rOC7`fFnu
z;q(4^vMN}Vu2O&+WA$h)iCo$J4b-z|U!99IW%!iEs+&6SzDqm)ASt8#{&r$jceQ7m
zWuF<4L@RLAbZ~@Alo72_jfBW(2O>T)1tYj1*Zj`P*%k~C!eK+`jAj*~pEY3!cU@%>
z#k|UD%rdEybU#Ur91dOYCMbr8&#BOO8Q@yU#W*uX^^*i3{lmCrQV*|-2RB*X5w9p#
z=RVaTG&E2f|ItQUggVrBl#jv8Xi;V(x2Xu>YX~LS*DW%jW`9u%t64}dGqHsNPqSOM
zgp~z6-Dj$e6VCZgi|1R7OJG5H)>WW1+jLOfQc`tE(3*pjfB>0U`^c}bbR)lsDxdOt
z1oC%l@vjQRH>lC!kCc+i;@c<cE>gq4=IxD|CEt%lG6)tnEqRy)%}=}4`)C9^d4(*b
zX4x|-I%oG9_hw}@&YOTFlzEIQi)$^X)G^pR*LrV7-u?Ua<oSK&&e>0cvbBJg1=MM0
zcil>TEH85{9_QRn*U_FKr-z9z1juqcTUT4aeh<3?$JnI!7>PP};1a^7G#J&H>gM*C
z=GAtMT?R5?qt9;_Cqf9jq=+^n9-KNgj|>jgNE~7Vjw1fLJ2mLP1o!sjQ8B{He|U*x
zW`Pt;Se~*a`BbNu7&-#4N7)eL<82o3Jn2ascJm#qhW<<5y>6{OVMI(Av0>6`#pk%;
zlov43x>_Yze<a@dGkCYEX7ks!`KTZEyUCXNksd?T*YxWP_7S|UE;B5=fQ>Nk{Z#D;
z@;s`9v5<t21`2LEsJ!g!qxlzrt*8#`9Oi*cMT7?2`=GQwve+n`tt-~j?4(%V>PMJm
zCI!Q%Y_-hFOmSLJrPh>Q6?81lDb|zJmt}s(F*hN5aLOy2LMiRiM`18((<?VxIPxW*
z=g(Ed25g4)r(T1*wNjkOMPve_NZ%+GHAw-qF*6u<nx`zeWPxg0a||OaD9O8EqEOOf
zON|xnzdrrsc&?(Wv%RvQ514o33KK(yHChUs2L5=EZ@R^@K8)jN8>L}XR-@oA^P#4I
zdkQ(apZW#jHqmF(<e~j|mG_Ymv{Gs9S6WHTJaLVd5#t}dh_ds@<(zjyh?Srdmh(v-
z>w;F%8O&^Ty5L2HS29q4?uu6?#YfxHngpQas*~t2wFpq;S_82<1HSt5q+Muz@iq&9
zB3e@xQEc`@%}lWXcbsgc?`p3Gdo-R9>C2k*pk*+tW?cvN&6ESz?S14OTU<W_6FKkn
zR)d_ZiJbTR1oyN0gmVO!@gm@idnf&}Ac31JN$LlwX$<bZc#I-e;pc84_r}-T?kGR6
z!FRnL$>fcQqU^ahheyEb3g|9-W&M?s%aBpX><E<LL|^Ig{epap{vgcjr?RuU!B<m#
zwC!+4ge;FaU}{ZShR+&7y_OJPBNO?j5nM^4m>SFNo=nTBe=T<{G{p^R@sIXJL^4w=
zRxWpM|N32a7s3XfEIxVGr!0gepCiYzfs&soxKW;dea>?Ic0XP=UopX8;FuR`_tNZ#
z2g4(h)}*O5H;HanI2wcwcFnTCxDP#VbmlfV?CK5(8a~lxuWp-F@TFR;7rQF?6a~o)
z$_+SgvTrt?>9i5MhajVcN(bI+>QulBa;kY1?7uA+l8F<a%}$U4xBtNM%693xYgkr-
zOxosyB#O&N75rTALQL__KmXm(P@e|w=Di#|7r%9bA<<X2r(75;rTJ+F&)9h^_KzRg
z8#)H~rVh~hsO8WJ9lR3!)AX$F6akyN9jUvdIT~-jvSpU@P#Fjl_pADzO#5YS^|Bqk
zI=5<bfkTmW!oZU-pz~_``fv0)zYuweI<uX~#Ipw7-1nC)kSh{kZ2{udg(A3KCukR<
z$magNcv3$6BBS}R5*oa9fZjBR^p>5hFGVP_U{`^+r3&biyUo`(VhDP+hN-@U54r5G
z!ZySt%&{xyij^%xZ5Xz^`gP?Lu}O)=Qrmt~-6JntKEyxZtCm~!7F0VtAx1`PIWT7|
z71?uXvRlI}6g2A??6nb1AS*rfwNS&L!|Y`J`!0jyW%~fq>b9*4qO|5-2$!`}7xiUr
z5lH>r2z3BRerG}L<QNi<b*In|ZP~69kNSz24|U1vv}LnRLmhjv$a86(<D}TfGz{3O
z=RK;)fYb{fDO|vlUNc$9&@-0(SY|%&A$Mm^D(^nUDeD~H5-vJE2C2Xum-XewC7_Y&
z*X$xPk`p&Z%LMn@@mRaV)e!6<*@;VpKRgnjYbYTn*HJn{KHy>>$@QSTHlyMGip%A_
zmo1KZkv4Y_><UAP12O0!5tWBX2HF?5(b(fPYRO9M1lS5vx7_coa&;Moe;!`^MA0o#
zs6<2TyK?RfE8Au9(T?5S;0<;=nj_!T%B-7Y+KRlhF7K^_S1Dh$E6D;X*Z`>^P0<(R
ziv;cseHBpYr?!eh=bG}2i9xWSQ0x-<1ro-VFiB;-@H60V#J>Xgol>qPzK7QoR}m}w
z$SvE$0!Woy1+mSi?t0;@^-8P~pix{Ha{ckXfCjXwmkI%wwPZr_3Q;Sa#YYS6bXjpx
zFGRlp@T9!$FH&wz<h6|y4gn?T`4BDoZhg%8dv8u+c9+(EKcnM2fD%{don^3%M$L~m
zvdFz(e|vS9=`AdDQXIY0D93pBcm>DWBx9WpgJ3?D=6{W1^@66c9S=SWLRF}Y=w6s;
z3K8}DoNg+%G`4iPS{!1#s{7rK&|$h>1UNnT4nYLZCVXN(CpCZ)BAMT=<%A1?cdm3u
z9WGktF(o@PWM9;|(e^j`MOP>CTwz{@QQwMsjn<z#8wxkW*ZaGS8@M3R>DnJVRD10W
z0cTPUrb-diM$`}IS9ubc9D{F1LFk@P`);3$yEhvkFq@Rm7CDwXNiEmZhLD#6)u;jK
zrYt=}IHK#L*y@d@bttZM2Z^2twER3+Y5mxJq1Q(&d^#1Mg&YRnWI{02w;Oq-nd^Xd
z3I;dj(*B=?AYAqMoq8Mu3UnN<bFMEBycBKTfgGLdjGvLSO7ESh<s<@biNS4U6Mm$+
zYF>t@&~I(KL=9_>TwV@XtYg-u$vkM&)8&UXP<TZ>M$P_t)TrM&Pf8JI3Q+jr@p1)Y
zMM@p4*fp<$e+%A^qN^B-=OsquL%+sVj>OomHEA#L0H2RY1(ikfF4w(UdluBA>gLXa
zvR35Ce{@5*>T8|g*Y(lEJ&ePG1VWu7hIY#qRpaT2@gAjPURPm>OwTM<dA}7=!9}^D
z+dm_C5K>*NkAS#kA5B*m2hUBDkICzv@R-SG1l_ajmfYJwY1Bxi|E^GVv*3dB^7jP#
zT~Sfxvw`KTb5xBjRMnkH^af5o(zurNgs=v?v!Qv+fR(xPI`Yoy@=@ZXDB@V%zSDlm
z(_0#-J87GYod>R$YCnk^A5$P5N;0PqH_uj9{-7BZ=SlT9AU0y<XLThVC4Fq2Lo=5d
zG}(PLezQh!<)$qVuptxUNH1KuoDA6Wh^K{mPj&Ddt|CpddN^F16t4Y62^?Rqn#j$M
zOQNkb@0B>KX_t8BbP<+|ZEq|wN-;?$y|9ACBNm{L$~?QQz{2IH8xL)mwe=9RP-_H~
zMT0k;kaj_m=E5OjuH{ag5=ywMSY+n1*c^9uBFlev71Yv_1Yc>DkIFj|cD&cXc(CX3
zsGnR!b{ZI4Vc8b{WT+Ni{V7m-u6=K-U+i)zwm4@SRsDVzg|oeqG4jR3c8z#(=k0Y|
z+N~ubSYU{hVd3SADlF{n5e0+DOJ?fl)sQx4Q`ew{P^!P7kO`_wmC39fpmjtpgH<|l
zr_6yAs1Ame3l0vlX^Ur(oKQRzHch2sVhQ@>vO+F=^=R)Lw^K!Z;a@!LCeYm)YaY}a
z^fx_sp&Ms_Di)F*A5-)$J4f>_eyUOcPZyGxbgudep{TOte?byB08O^PXTyhV+SYk)
zpPenA=GEyJ=UNm-QB?K*o{Ovx;f-UoQ(p2Oop9akBt*wX?HFe^CsP|3z`hla*It<V
zS4!o+H$EFmK7KSjK@*~}4ZXU!OZx+U-O}k6q-ibto>FD6O@g4NwvNGhLs7Q02U&L@
zB88^6Qkz7#FqRi;o@m^}*7e_5T{{Or8Or3)wY74&49Em{?Xva~+jxv$FVa_gX-9hF
z$bsmDz1@M(@6ir32$fTsO$Vh1_Qhx>Ob4Gx*$hm$5q5@!Tv|x;=R)y5UG+hVI@w@)
z$I05SvOFuecbGS;Sf{OWPOaZ(2a6N<C4zsjF$C8@4HFzRmlDv{YL5x|1-C7lOXESq
z3ub@weI7M3a?-zycjE=&7!~6-*cb1Q@9m0K*=d-GU>lr=!*0GbN<g#!>ZS;*WQlsu
zi#+b)n6uNAo{@>Uss?2CoNl<+Sq49Drk{2#?f<NvoW4bSTM-7VTi%_pD=1CHhlpDB
zM6=gTkW!FC&yY4__!NHisqyCnk)|MMCF@16uiGb#k(EzeN^~5gvL$A?M|#jKI3DlS
zh<HhWivX<{Nk*H6j`;a;Uf?M-@Y>ojJ{FMvM~lh8Y?EI9_d!W{z#X->p!%xoSH`a=
zfE4u25B<;MTX&JC;$&JvmtTGbMt}ZR+<O}aQ5@l6kcFoT*1DQ`hm3nO-haXnaU+X)
z|BwU|@(!WXtW11X9q%-^sD)#0(Ychu_i3*1cOMkR<dZjMVdG&zinm7xc@2GbxzfD~
zQ8;>U+|1LjPgjFZC+NYe)8ruR{@c0*IFsV;O2h5ZPWya88Z)9Bp1qN0>=%6bjWSpF
zcm#Q@(GnbVBGcS|XTg9C6TH&9VSX4e(T0jBU+B>5zUfV-cOI@of?I>Hw>K8VZsM0U
zOD1{iSJ7Lib>nb4t%qW=z5*nTt@oRK7CjH7j9qU_Er_=1@=5}`N9z|Z+ON5p#jaH3
zESKilUsAIO)JNs{_dS6Wp!|wQ$dp$rCyBmZ!yD+o3f57^V62!E+!q0IGq^f<uP>`<
zpVy}7_qmli^N;HfA5ryNOV9Yjd_{s_SmaI`O(PN&uB>4czsH--wfMO~xGy%d&l;40
zGD$x(_RWvHHp%-Npd+SvPCo9dh@m@;K5%CmCmWV@U%2?<O9n##KX6o1kX_Z-YyPGr
zLv<<E!C-S9&uf6+GaHt_*mb>>9}}8w#NT`?_(WFL^>tt1;$nuy)WJRvDx0w!c?B9y
zVib1Ami9SijUPB`{D@_g5@~P1HOV?DOjM?Qh93<5v3j@RUdGMxbmWdrn>Ya*Dr4kW
zR*sI&H9%l7orb#x*#LCE`Xb$y^w|Jrt>%Q0AUO8Uly)N`2K=yMTWB3@H7dT?wYw8g
zcO~qHsLhukaW)(clH>Ah&&ds#crXJudYe~S$6a2G^icY|36Nl;bZKk&DKD$2L%j}v
z(#P8=u0zMWN_X@a<E!ejSPc`JKP|w{y@g{Q4Wg88Sg9B{-15a<$@wiY9vG*x?FeH1
zCix|Ax3>)zn~P1sJ1os(?dMVfed0BC$97M{Mf%{l(Z{TGJAy(BYq`&Z@vW~COu^Sb
zUSoP}k7}SMC;&4;7;?O&#B`}O%7?qkQ0iU2QJ$|w&kspR2LJKrN7al$Fh*dMpM4ay
zg6oAwPJ26ymt*|P2m6ss5Pg3F+FbW%)hZTC+k8Bd(w!(~*20J5)D&jB7V;GCEYy6r
z*e%@D3RyPG<39u6)+Q=ag!o+@iz=S=Os{|U=rk&hkP6>ydBXVQZ$7%0A_0Y^2+O@|
z=$O6Pwec2&H&;|apxFMcetC=Ec=7a`e%I0ja|qd%)|j%x(!T44z(O4isJ#b_+B!6l
zmE@_V@)CYuIj(xy9czq)#nu@Ivk|NuplE}IhL`4$1=Of5lxc31x0hwQ`R8SmN8s_3
z)vc||zPIQ>00wD&6r}ds_`<En+;}?EQ*ZB-OzJXAqGjf}S@gUmE_|YOp109Td00bU
zN#$t6ERVF=@-*EJS{T5Oxyp{~RMep<XS3C+iIBgnp=e)j?&lrhQe=YjDt7k}MLK7c
znjo#*EYxH3ZG&iSN`vG4Lj&;qQZg(7Q}$&Wvq-rvSBw>#XUIz|H}#G~FEdG9+3``a
z<xztkR~UceH^%q>N!E|<u%wq3z>hwDc6_{$41;{Gu50LNR}klKFw<KJ3=@{(??%r`
z&et<I*A;^=;rC9eKvF|XP}G!K<nK<3DR)%p?%&j=!gksg`t^EP`@C7(iX!;6<E6H_
z&V_F;S!$GNa(J}f3`Z&*p$-XBfrBRR856xK07GNW;@S+{S|^YUg5)+3p*^WkSKY+u
zB;n!XMuyd>V{5rwWs?&f3giOwri$KYM)QMzN&?)ZiKsO3l67f>g>)}z;4Nx^YE{KI
zvXEJ4=6%=26XTG}>ngD<XH4fq%wCtEr0c2D@c3vAX99<d$=PwFb3A!x>nldI4y)mU
zWY+8ExfNhpagLn*_W<k*;>mk=X4dbm>ADv*d<bYMP1KZMS&?zQm*=^P$o7^0KHW4r
zIL0l~V;zIp@N+khn+6BVmwo#u<-dg~r2E0gN8y(pg}tj!*gj>qPnbLWaIFebtdX4n
zc6Kq~$WJ^<3kHLu1OK=*`(cClfB!lk1PgYz<4!`amO2+2|45Dk1H4b>IV3?F(#%iY
zbQu+U57ZJH$QaL{|HxsvPvEM7XNAv66VlfrVb;78zmO(Gd~wbEi{yrI%oazl5pf51
z$K&FrwP6{Uy}wGxvgS!Z;&o)#9q{1&QL@#ocqsXcTl706rF>h|C<jB3$a3N9m)uYO
zT^8`S;A7(Dnjm?HuU)mpChzY{e6ic)*!D-A?;5Go--TORwGC&CnzRSr8Uccv>y3k?
zhA*fkIRRJYo$x!6)N+`{lS|cK??3%Jkv_U(lGm+=;OUo0nn&y#j1Q>@#^=b^quKuY
z(jwKD(l1#uj>AI#tAd2Zn4lbYZ;5s%>+!}4VswV4UX=x436|9&QhE08_BHHZr5W_6
zI`_h2FttMet+^j*3tHJPr(ej3^S{7usif+70Pc#H2LER9j7XLrpR8l-y;zmzKd=P4
zzpz3ggTa5)e`e2}$O_z?GNMd1{bw1n6AW^%0e6#T7(!B<a$eK_Q_(=HE*pY~&ywU-
z(BppmUn)%ak=fi{qW)iVUl|nz7qv?&DJ6n}q=J$r-H3pINH<7JOARFqh_sZvl$3;Y
z$Iv0&C`dO*Gc-dF_l$+>uKVYHzdjesr30t;+0V20K6^vKSKwGIdokh@x)rSAu2rgt
z#7xqw|Maq4gH^oyAP!nyzWeb`*TvFBus%rBRTtfj?YPT+k*l&ihV?qn5#sWB6Ak#_
zv-^X7?Y>9`b69w|{^;FD21lwbw8mXK4`{mR(4E=LSULYR_G)7C3=^YJ8Ri~I4>S)-
zjj~aBc@yF*9jHDq@@ijB4)OE@N0b-Oc#gT1ja-7UtNuLlR;*pS(JeHhfTx%LPAudy
z`V$h}qSIX29Gh3gv$uU93%HEz!u${YSrAJ`CcZq*z5ZR0{B!ygQp~nFnjv1~(`~Xo
zch<GE@fkdFw|suLs03ZUuMm}C&GPkJRV_o;A4y9v1AA}$7JNyfA|+o0z8H7GXG`iJ
zNZam*%I|8QBBYhfF48q(&~yv)A|I=M`})dlb=3+MlsanYJ07G387<!NR$UQerTw;K
zfKRWoMpN!h6MZjDD}TYn_<Fs=&@z-ido@?m8WxmApywpIh>_Deue!6eL<o;E#pdYu
zAOH4s8OiUP<9D!T9Oo3Rp`qh#tfD%8<zQpKud7JNrBZauYP&eHTCHSccTz*kCW-B)
zk?}$#!Y?u|_d9%g{-nyK^3pNi+v54C+Bzdr&jQmF!M}3U7A{g2RN@p&Yi)RG52nTi
zFWfi2Z1rU|7&hQDa9#XlT$Vyss|%qO9F+Nt!rwnlzxLT%r_C?qYgRTY!N#UWnxfBP
zJ&y7dUE_!f=Ati)1hnREEZMnq+-=9?<m#I#)`<4bV3-HAlH6s&$X}#zuu5)3b#pCR
z{)QRmvp~3y+&H{Lj^CSNS5Oz0Tq|Qaka(uLWbCd#4`I#8E$))MVpm-?`hv5|gCgXh
z+KP}vG1M2Q`{SE0)%77o|Kw@C7Qnr?UODR17a1Wrjy=Gv?n9J}xU+uk$$(2lo2H{m
zS*^{6au<YXdQU+-PtP`)yeg*p)gtbf^=<LXBhBdUmdKAi`aF*6(&6sQ?_*&m<Gov&
z8;?zUO9g}v=3>dLL_!VLrc0`O5DrmQ?QFX>c9Z<hX;WMRP=ciots3)^BV+Jt_y^q2
zkmI!b`ZV*gz_I=1?6OtyxKl@N$Ix=)hQsvmkFIU+6Ak%;Cn50Zw%!Cj4*$W3iFw|_
zd($*~#STuku4#~)*+P#mZ@n-o)%$ZlXJSZ1X6`NJwfZ^Xzo{r~@RQlzIa`cX%l%So
zw2yRZ3`43aX_*4cM@_5LBvs|ewGzKv@Ny@7PitwkXO{w7fqTqn(u3CHcI~BuW|FOx
zS?oO@m7(uroHQOo`Db0?QEN?wriauuJzp$Fwr5orF+RvcDPqWcuaxp9xp$<WZRl!M
zy7(pVn*Eo+V-S`%Qrcs3_5(6rY?^e_K|v<A@bP%dd^S73<xs&Uj5#{L=$rSkro5@b
z5<?MuqV+}Ql~YFa5p-uhl|SpD<HaHt!AVd&a6LO}QGv9*rLbykPevpy^_9Ij*m-;e
zrFx^QV-10w!2?Sy8^h3H#+yjG_p92k<siup4J|J}2i>iC?L5ELX<XS>FtIda#a^)E
z;$;#m<U~AM;n0U(U6L!{|K&{*qdFD&tII)6+TuI2M4ZzmeN8Iaa6WZ?7wZ$>1Y@o=
zdHL%3&XT+gB5|8E0&AsIe7!~X2e&LI?JSer#4L20AGCcVx-BS$#&k35LM!r+VmMbG
zQg?pdxVtvrRJ{h-DDv2lUYlZ{uBybDsM-9qP|;?Ms33uPEa_GshfCB6^W!{O+*~-;
zYCPiQrMH;6IyJ8=IIId;Snoi{+cRke5HT}mA3Jasb0+Y2(YP+%)ps9-O%C-9&=bB}
z4!_i_mlvdfWn4tGqUx$4^m;V_GSFggwQ(2@Ypiw4nb@cktg2>y?Jrnqndffu?OA9X
zZ4K0a{0;4faScUL%+d-qHk=|bgV$41vx`su?+IjK5qs7o^Ow4L$x+=O3DkZfSZ5TR
zH&WO3Kqr0{*hqz;R`vxN3Lc3%ihK=_!<wqv%Pf{hA+@SM<_dY3yL3mZSP8DvzLwW>
zSBVV1F~Z$VrM<yvpnQaX<4hY(Re4yQlOi^>ws>qqt9I12@-j)mZ1|<#ZivmKP+v(X
zK6mq?PEho?NMF!twDp9^G<3(fx?K-#WzC+fe0|bX-1VSv_hi2m&SA;z7E5_$3ZB@w
zU)^b`uAlgrHz>N6?Oh1YK$u7z^g(_Nl1Nf_j4QxQ>Ce&tq>6nS#a|Y$M4k!PI1>aR
z>_i>AHZT!iTQWvtM9<dU4g~cdo>|RwJ&!f1N48;{)CZ}J9=Xfpg8g*U@!W^pkA@q3
zc(ItIoVEMNZi3u7iKq>E{9gwGVMeyDXXDbqRq0n);5OmPG&<l*I2-pa@m!Z89$Sb&
zXU!lad5X4vi8?1ct7whZWlHFQ+XuOQ{S9dKKDySD4Fg3r`#y&qNh-OJQ_(~pJR*sz
zGkhKT16`I&;qyg8WHZ**GxFmtW}CX59wDK=4-1WEr9mky2V=oIHtRjx+)kIP4+ui1
zYRIW9{b>ykqbLM<h*l_SwR|?n*|r>>Y5&+iSjbFlL0)?8<kli+cSKX<mo!e&r{{*v
zZg)Zwf5dU>S|NxtI(5Xm5xJ+ontlnoR$kv@OJwSFK+2(B)O*cpiu?&Jtyiy;+x&Pl
zPNRAVVrQjY$OVmGOn&JvB>@D`w*4U<oq#vN%Fgv@MOuc|RG2x`2iiO;5wYo(YIE39
zdZ_#;QB;>S%Z^AZ<%KMSo^&8&jcr>B;aD(*1|2m{>LbyH7WNCq^XlgtuvrvanQ;ob
z<5UT<j9qMoHf|}oI8F^I#k14a4LsV;9=pdaFF3cSq)rw5W3JiMJ!saPd_gPVU@L6<
z;pWf&i>_~1I&6wUo4A{ft0|l3DdumDhlqcU4z5-fy$}*bFOmG9bOGAux3OlII#=>u
zU3Wri<Zqir8nRdFe(u`Dq&Vzi$rNg)o$4{XS<HRpWODT{%K-nVy5jYIDJoyUgS2Ap
zwW_ql1t}aLZqLlm{ts>a(ICC}MU$Cjvi5ugxB1m4Gg7$sEJWprC7;PJ0p^f~iN5c>
z@*+s5fMB%Ea87@?DSqm9`tJO}HF8wzPdOwrj4fFEo;rDpO7%6z1hT8c`Wbgb-QC>}
zHQh4qJ$;HYq#EwiHF(=ZL7~q@u@u8Sv0kzaX)+hZGEZBcj~yiny5(Bx#X5FvGLei(
zuRb*aEvR)c{OeiHgGa%8H_d~M$-Lw*!YsMrVX62!S<I2314Ua%PqVp&h1J&vQIIv1
zM29wr3+aJ;QVbGNqi<;9JevTiVZlgwcU`rtqdgX8+7?w}uPY><c7txd)P~#<O<+T@
z&V(3|^`!?7A8MV{J-5u4CG&#dN}<7mB=|%B6Nx8wPg`0OKrz7Obu0s6is*z%-BD%?
zI7t|qWoRJcFRStwxj`0&COhA$^6g?jKM8^qZ@9uYp+5`~okYqId}O9w$@1~SOevKV
z!6^J!py)8nWJNIU1+%J2T+n4N1R&-xNr{t-{^^3jOw(-_vS0nBNeo|U053;mzDm02
zKkYvF=uy5l`9Fri7$Y6}2n{*>pZ*^)(V@q*M&_javnV&LTWI5{Dei4PXu`QuBO|Zc
zb}tWgBne~xUXhe3#^{PRPb7O8j**cOCA96Kk;!W8vh$AG)UPSE`Fdi_6wT&pU-1@^
zknn+zm-ht*2Ii)v{kYdFWqnluTJ5xXB>=H9(01!mM3-9Dudy9yFzlQh604Srqnhc5
zeefy9!sx}<H>x+Uuzk#3iMbab-m9Xbf{5*V(~4Y4LUs_RzH?rWp-hqey*D$I;Cuw$
zNKqc4p|KC6Y5_d`6xkC;_UhFuobc7PwP^u6F@h&!vv_6PL0TYDd~k3OH>=*`ahmP>
zW}x7QX?`znnFpN^-6=j<QHs=y=X~?EpYAp_EP;DuN~qhyA-sLPF-9_l`29(h<C;l5
zcn>XRhKG;e^Z}YuVH99>-(!NdTuc6I;O~QQumdNbQ1iAb#YI8AR$(-iGRSu1slUWF
zWjQa+9L%NiU4@ko)e>TDn3L&xugrV0VZ$*i(82fry8|QL6D(rAIBpwQMv}*vuJbIm
zAyU`OEUPC`aNMLjMt^j4G%t~V4rFZ&(zx#_xPkZojl`R|8YPw+6P2@{Bid-(x;d(r
z8K}6e<Ifg2p}0#rZ?;=}CAUzyUJ^mqeCEM-O5HYVhanpiX0@*S#T^mM;~*8#OwbMS
zCPCeD+8j>)%l`7}6$PSe|J^&6M;7DT31YpZ?^02lSp<_@aX6#o7?H=8cUY%W{fW-W
zUWTw0Ha51t8^}$8e8Hv|$yUi(H>5pLckVh|%_+FjM(pMPrKU!}aATI@d_D-~F?mc!
zK;jABwZVv>hfN6NLH)FK)d~~Hta+E<JQsjSr9Hb7f1XU_-tKYOMEeZu(v4%upPG|S
z1>BSLXL23ATV5u<X4}mPkku@XEj)OBHPZT_X)ggyy-qb`)W&0%>ST_hp3>J&cqcqm
zT}MYJX4vnr3Dfy_CBrXyTHbwC331d1ohmLaUboOY`MAIQt*NuC%W5OOlFNAKzoFUL
zI}FlpU*2MiTACd5x*e<+fp_%Z>b8SzMs7!I8*F+URI7;pzL#MSu=cLK?o^H>2;Myb
zX-@h%j`{}~!jqP!N$xPm%_%|W6JH`)8Ug6KI960-<fs?s<#i}>3A)azcNCal+j>2(
z@k;1y{b^VI$W5mSea`w*J67!}3=^J8tHX&UAqs(zH>rgUg5GcPFBQ<C+uWKG_x-s2
z0_EF7eTkSdgUdc@A%(!kP*9)!=7v04Y7!EFVhPbU*&>e-a0@kUTZx#AHfqs1vg3nI
z+9*Q8VA0$nui;QnDOrN;g^*_VqoX7Jh?+Sk{0@uWcwU%cTgcEOvc7Lse}r2VCER5u
zM$u5%!oD!RnwFNuc)1NxV-T+^mVmcE?9PPqUGIi4>(h9APP;AldXV6BPrG~DxGSpY
z6}cZyd(2awur2x1r~2KjG|#%ZHwHkO`cJ&#<45@(bj5W>gaoX<m9%|mh!^yIv%S$m
z^t8>;_PX$o?xU8L7Q}AS`Gf~}{ybIyJzJZ}<9FVA=^S_P(IOu_8#tZk(r<hh#$~{f
zP6D}gYJW%HIr9)V!~74|=er4pc&>K)0ZzE2{}flVTKsw23%0jb1L<-waEpjT=eIGx
zcF(%4W@R)Y59NdxSKa5xl5loGUOy!<)(;;F-B)V5E}zeqph(l4=zEJK&pq(ZUky!b
zd4A6PB>)L;J*O}>t`5>MlHzWWUV_?=Jf<<MPD{I0bNHn$>GTIPqQ}N#;Mv&;)L&%r
z<P2^D#iyw+@Yv6pjbLvcFVy#*gr1)vs;AF5YFdE8)D_1Gp%LVJvqmJ(Fim)?u)Eh~
zzt}&qzJefJ6REFfZJlpijx*G3sQJ5mgjcWZ%pkvxDNGUOh>Ov^$#~DGi~E4oPi^~D
zaH|0mGVOjadbE^eQ-3^Iu%2{&lw>tk<AU(vd_zyLzZ1Tshun#twbJo*O3gGp2U)<u
z$$I^<AfN0o%>McF=k1)WjP-&@7Yd}olx++zM-wjlIk9Qa>f?f={jlcwi#a?4s-k2_
zmZCIBK9_F8mypVYoSghi&eA607?dZWA37Wi=8^64i$D6W%c^|RWLU>Z=Ti$e^6<{?
zLbTq`G*y}>z7eCsAR+A@7Ijf^Qm8}(lg-Xf)IFNoETxPaVvnwf?~>xS&2`<{eiJpa
z6M{cYg7wmkrm?x=ViHg2nuNWQ@5&}*JymSKCh*d^&zUtkd337Q?Q-8}cp!a^<!SA=
zqaV>LHao4{??^084mODlLd)M4c{jw1U}+i~e?D6`6)u6EltWAEk^2Q)EAOOXh9@ES
z{I&o*!L+O^Tb}QSK6@ze{*%#i>@MXPc+8;x>N@%jL7$?)JJ3DN*2C?XC?FLpGM*Mm
zNd0k`RWfvWAfqo1p|c_*ep^NbT%;^b`-FxKBm9PP#alZ}rOelOTWQ5YW~U>b^K~G%
z{Dem?3vGD~8+l0?NySd1BY|$T8P;`!TZCAMqi)R@qsTb}K=<o#ncEmQFrI%NTg8Aq
z)pu%7InF@eMoP?5G}DA@@fjg@DFy;KKQtc(tS}I}?XQwUTIi=2({#^hUQ)lc-aMs@
zUPunHm;FOX`KVAgQI%0=BC(t$&7W3?0^Ze3JaApuqejPZQ02=>o2g+hA}L^=LL|np
zUB2Qz5iz}UvKu<?c85?pxgyl6fBS`c>l@t?C92<Q@oNX}E1Zf5wHKybL`DB~^Llo0
zSX{O5R;W2zjDsJq6%Zx83pkoNJ2`-!A8hsG?4EBS%Gx_9C1g<W?0nN}r2N&DnYFL4
zB=G>;%O-cOTBbuF=r{!<3MF+m({)=EdaDg&lu#m``!u#ciR#P?ECVP#y7L{eu_QdK
zM_BQAWw)q8W6;D)w}WS%e2I>EDUetp|Hp?O)(hCrKqW*4CgREKv2A=Mal+7l_kbt=
zPoW>306;?3vf&)sLx&F}ue$3{`UL)Qu`&(&-SE2LVE?abKVfLfRA3>$zq~k}f(sI)
zQW3~{;R_}8G{^kCStw_73xGCA5uTdu1(z4WcwzOI*aOZ_2@Z)vbvB`_;>{=CZN{FF
zQAl;k7)SMQW<)oLvn>8KOV!ZK+{TUem9>rD$7^~mq`%?Z@R<lrgJGan?9D(CAnMx`
zm{awbm#?S;B0tiyxzFT^r6E7j2AQjCjhYWwx!r0Co#VBwwxWg|Dg9Z60|Q`@&&y)p
z8jHRoS?q~34HejtvcM(w5Jql?TCEM`>C@H^QwhF}Z*rXzf{`5<!>E^jz_tw&1D1$6
zw@)ek1m<k8+uWN~{&c9!^of2(IluN%aV-pncuXS{2my(Ps@r96j_kn0muf<4o_jcD
z3H(lDz)Z*m6(H>F?Y$2QtE$ETTIT^VfPvK9nMx|5H_rZjNOmoldVy|j<91aQUrtt5
z5fCmvXK}wPWq{j^04)$~FBMS;@^}lWxh&PCm@SuS|1e!!a53-ddaW1;>B4ezbBE?;
ztXSFD9=)6G;hv^`r}O+di0_RW!wg#Rs+SVo-csJ0lAzErsy|)e^bT8_tS-;fsUBi_
z9{-B7?l2_*iadgV6s!?UB7v92#>OzC4pNXfwZ<kaJdNDfJ0CRZOT77n&c)c&bUa_D
zI#)hPX!a-aqgY>S`qMZb{S>*Fd-Rq`uB%yj5Oay&U<u4BUr(i?q5iKXzIxl8B*c!k
z95lMMel)J_Pv2AOqjG@>Ne(ABJ%+d1<&uOZQE9+hrLPpW&={6`d6%eJSy+nY-^`IA
z1`9j}H|kET83_?dcAa<W&jxeUw8X{5iDQzEx=r7XRIjARt%E0x#plNb=XkmeezYDu
zIDL1O(nsEHlZj~p#m?1T>;1>?8McZA{0I9tWNlAK-2CeSregQqY|)S7^>jX_+&SxY
zsv~<hh05!u&~;AUUmNag4Y^5$H4)4`MTs>(*Amo(1a`yt%olG=a^LszJhNDa6_iAD
z45Xa8;7_|@dl<dG|Mksjay4y|cZ`Wrh=<w&X8pI;rt6{pCvC#WZ>_;p6#c<meuQU#
zsz%+F0)l=ONXvuK78?DXA03Dc;j<1J=(_EAk)hw@>n1|qgJ6A)CzB}X*<I=*+T9yL
z&71DZ^-lIXcW~YY&l=SDcb_xTF&r^&yv4@11cfVRPa|2?00C>N{Wjj-#q<rc(rh4|
z?%t@$#*8OAW^P5rh@iJI3>2-P!x6vqo2`mqDgGxi6kWIXxgaAG{-BzSxWUj@Do~6d
zVr%B6H5~^7FqLj~w>2r1zn&E{<d~KeKK>TQv3o}R8jyci%FdP`zqU|)O<k<(ymm%g
zm*&WyY|-OL2Hzm>Ul@4slkK(wzR!lkztbEfMH4^3hC$WHC*EE2=B;`>mz5@^7?VxS
zJ6_&VQM9PzAZFBo>BOO(;keTds4Uy7*G1M9SPUqw@MC%roDXU4I`Qy%KQ5;Kj6)Zn
z;&%nz?~{R^B){n5((O9p4~j30ask&IBlAC-fLV<<wxe@~Y;TQztK)=!$?{AH1d_?G
z;^<&yICnXk1nN+DN<tcK3!R8|7I^a9KdAzq<<k>$nab~3>SJpeq}9CdyT6gVw0r2a
zSRWcAqpj1KJzn!}OMi51)|?aSq&X;?gl1a3)9Lo!C7Z7`nf&Nicog%9evyppqAfbQ
z3);XZ(t$jj00Xut`0Im~Lpb|cx!BnFS^CLX*NL3GBGw;kuNjExdUGV>z{JTVtR6)b
zC8^68$WvRRP`Z^D&XE8IKa~KWS+{)5;HHWD>7<cR$*D(`NmJSiBhQMjEQo#$sO5f7
zfC)F04fw9nPu)3CeKb-GFN;bDz<Xa{nr0ZFlJ0Q3;p*EeUnZ(y&bH%grkDL-iDvy}
zFcl6GshcS1S5njI>c56v;i6YN_?>%nM3h%mr!9z12jBZy+!&T~xPUNoQ`BZ=38CAX
zH`;#~vT(l0eTFa&6jFU=8YrdaK|bBHM#QI?k*MTyh<N(N=qwQGd`e?U0cVp<3}7<y
z<7y+sZui!sN5`hxKQPuC+3EKKr<OSy*r0*QgxuwG-&wuct^rSlJebakMuC}1HqUC%
zVFXepCtL2M(Fj&^KsA<k_2t-bIo=(NtS2JV=(3;3KIC1%R2UX$Deakg>o?{Ac%q9$
z8D)xA9jbre4h(<+pz4;0GU-1ppMiBKWx<ScE|BvUD4h3_l#T`WpO&{#JEg2u{D;AV
zfj)=;j|nbu<hzTOX{ZpTayI+uKLJ~5Isi{t{?EjIYfR8m5ryI`gHe{hjaq<(Ubj#?
zh4JJz{RI?fJ)z@|d>@&o6Ct7`Q#4;}q4*+8DICp;3$tm^S*hsQs01hNF&MBkf9g9(
zt?A3XChTZZ5s~f@tNb=!oG$fqkBRGi@S0A>9!nO=CIjA<kyr~!n1*<&hKg0mNgAw9
znp>eP;6H}1KjgT%`J1xWKITr17yk_SI$Q%QPWa4ZBw3B+devy`A(e%tld(9lH~eY;
zbCPA?jeWV9XIX0IZO>m6`2hHNfJ+WYs`=wYhK1lJ<0jXIk+4MGA%9j0;CuT|B%OPi
z$A=yUzserijXG*F(7Typ_=+}xb^L_LPpb5jQ+yB?N%E4uBKi5B2=QHUu+hfZ&wT%S
zS^Y)q!09sir7DtKu$lkp!A3t&xh;M{RX|AP7FtA;Le_7)6lI!rqBc4<`$O_SLO=~>
z(=nT={Ezq;qr^v6rQ^jvLU09a_K(-fEdR6wX0{C7T_u$jn^#JWeYM8az;=1{;CzMm
z{M>mw99fo6`fJkEL|}+E@2VZkXpxi=F#;y*a<@i>iCBH)fc^1)WvZ0A^sl%uwLBou
zLWz5kPOM(X$F4b<nT04m<ml*_b106(b*z`-bZ;Ywnc2F8rpC#m5YF37WJ^V*=foBt
z9oC1$Jb?rJ2+??T_qQ0CNr1h}%YL|zM<y`_fDI137?~)vL9EC_$A0D#Q`UIKBHJDW
zmR5w~tjkQ82s#5IzIMNG>IV12lE;D}e)c?^^hmF>%j>|>wa9t#9@4s3`a2x%rHpdn
zb(Te6f=TMDsH&QPx(RRHXYut4EedLfP=1mzKymV5uput1F(a^uJh9*kt#a$fHNO5Z
zknHDUH8&$@But;)1DqZYninXShQ5C<wdSspB<^FRks9iVo)>i8!?BfORiG};`@@2>
zWJT=JlqwPZ-3U?dOBxUeEchn>5WqvScVlxDx`ps@n9o@fFq^DKi;W?Df(Polx`_$)
zy}YU~Uc4-ygv60wyEX=@Dp?L@t32h)h_?%Lhg;~C^to@?i;m3pxNW*kTX0V~r!Fim
zUJCd7+TGVzzE)5#6ee)8UP35;>#g1X>L6H8DIIkZ6zLKt=my~-x_|e6j0vH93rZlp
zI8b2Ep}vw()Q(einfA?B8rNm|lUD9JeQ=hgs3KC896Q7&=Z9^=mc#ivFi?(VW}*6c
zHOISc3uME?P}C4uT<CH44So0F<HJ#)OcaWU*+5UmVG#Hj-J&aE{d#|rfJ?FaQI{TU
zx0k=qx^`bRCp){CLfgn=CnBj7@Y748{;%JhpG?z+&?ATg@=`Vj6&8B^6}W!8TO0II
zK1(*)K!;LXy22`_O&VXTKE5?J6fd*{-tRBfZDE_z%n4V0Aq5q4c&w<@H|v%D&wzAB
zW6vJs*|>M<x-5{#@j04rZO{{dxlLaRrK71q)$`Gx0#&?xQo?AOS{4=-AY*138ucD$
zmTe(7zYIuX&CRN;14nr~KQl9PjW+2L1&tNWvp<2|5GHWVQl-_*Xt}(+FB6UZcUS4H
z>6K7gnlG1Woat~HK|P#H1vD6hHq$K>den2sMecfB-7mX+!qd+|nXZ$mgE~|9<2~Hn
zL&~Yzy?z<*J2mqm{FeP`(qH)7`5HHS>nB&n&vG*}?>OV$ci3D0Ci>c-OUG%_SPN!}
zn_?eFB+C8hQE8pF-H4CklRr3}hE)s*6Q_G^#28bFqNhlDy+RO0u)gBrJc*{C4AFqc
z-0qN-s;Vj_VnKqiU!wcIK($HF4U`2i(so)CXH&=PUxD&X>W?6X>yeHzIZg|aYQD*a
z{i3oA)Gk@`&1CWf<BXCa1Y$dNCmZG6xw0o;{e&p{e=HEqg;L&U@UL^(UG#Zy?{e7D
zJCu1t?AI;-ow}hZS6PD0>k+d^y~MO6t@w1?P9DPDEJUhh?FZI_Q@G@LEhaXJ^BNYh
zxPJ;Dv|7^A0s9-1{3{r^eN^ZQZG19Q2no94=l(Wl23^TwDX-@V^#tAr&~NjsJp7UK
z^R~fB{LipcG5070a{Gy-K{P<-gpbureEL3rPD^o47xAZvU<OWG!N8IcT*+CA@^Q>3
zZPcNX+Z5#iw4u9ewD->t{eOcIfZKe;jJZ-4lWy#v@?H<&zjl>;HtNpQm^CflWwYj8
zjaGPJiE&)CfRy|n4?uscr-0{*cD30H*pu*U!}AZW6~G}A(9DIn7HG-5-!rw7-^%`v
z57tqie<6IWF*50?#IU!-4VCmj1`IP4P!qD;pA7m$Wm+{{*!e4t_Bt2DGH5L3Iyc!#
zX39Me;M0B8*YOy_im|o~c9ZReqSJovKmv*lm}X*+Zt-DE+}l1qG7ZelF77|PTYe}V
zGb}N51qFuA5eb`W{plp0MOID*5yl|YB0>Rhe*~L_cQ9xKl$V+jl-{>%N9N0T`d#;M
z()_tTK71hPy^3VT^I=#iOGJGEZ*kIYpf~GTHf5PquLEu%r3XM`MXTIQ<3TO)hp54i
zFrPpocJp#GtrnIToHRCccN{+Boaes3Ulaj!YY0bO=?B()|Gb-0i~<YjR81hbDDCRS
z2!b)rMiUNE|8N&JFq{AK_^$u)CjgX_1P+3&_KFp@e?U+J%;~O{;{)vrJ`?gDgj~XH
z2Q>Zx#$pt&f~^`=T#P_{9gM&@pI-7W%%b8+mV+IyFGk>b07j5(l{5V(D%42|KzlSh
zVit^$CHAS~qhgElD8RU{5&)(l;epRb4NPK;jShur<{lV#F*H?EdySYp%&jDJ;zeUA
z1gDX48=Qt&&Qo8}Pgz+VH>jvE35Li~B(a&R>p_0ThcgtjqjSeK%CPyST<ky>78hZ`
z@3c{xoy{^SGLS4*{qp)2hN_yH7BJ<jUaqJZ0WIJA$G=$4dL_Y;bH&=n$4B(ENM5Lc
zW9pt_?jgbH+)*mr#Ml^n&2apAQA)cuX!Ho|e2fYCN9z{-4P^-IqgmBpPUkNp@%0;A
z;9c5YD44ilFf%bA$S1Ja9+~{lKBB~;ExO+Bp93{~4o)hDQO)<_2tap0zV(ouI{%y$
zFE|3j5bf(1RH|Y7_NPq?YVdPsayaj%U%;Qxo)2(OOr<qCsQ+w8cN;~8o;-HcVQjL=
zTs2j$w#IzX@oS19c%Z-3w<-ZlK_YT;!SK<Nr3xegwXU#7XvL>bBEn0Nxq&Ktzvk2i
z0;n^#Ed|{~5_HHnL%>sG1wu1imLvCaa&q{U_fo5bA3hvF1y=#~K!9_Aa{RA3--(i@
zN<@`EyvdKK{9CHzWfF+M;!L=yyL+vQn%ZUgPgpN0%$!-$QM>dz`Z(cm=f<4H=2R`r
zeyMjDM?~Nqcp%Z(B<C%#B{YY<F6FWEf|kYm=eCNtqDWz=tL(Vq*0tAwPb~cS@y^8)
z=iWOlpwtg7Y}9$K&@zjeRfobSCMJk)<5k0KdD`oiw<8W^Ze=_ElwClDK6S`uX}jrs
zfjI5aH_Xv8uyJy7cDK19MoqnOWCdDno9Vln&unQ=j=BJ&h}L!OxW=hV-H&N(5bw-!
zGUuw+koVx%xi}DF?4Ut{U7xQgK1FYR;JN`>AJK;bq_-T()kwCi`Aj9~lS>xO?XLsZ
z(6tWfo3uduuw`>S-9qDf^ayK{f#zul{gu(Sc;O*jHfc_4zl00hKL#iRJT+al`+|6d
zchEE#rjGYk$lhH~Ax3YLxd94nm5{Tljl4G-u-dqrf%WBZt0{B@l!t4IYX+R86d?O$
z8(LkFC-bP%oGpRm!0d+6?Qqm=HEvZ#-@!0Mrf-r!BAGJmQ0oAe`B&oCV`{dm6vSVK
z5kv~t1l_3(GZ9f*)<vd?F0H-%n*t{*eI6zRB%B(>x18|+Q`4?Km~!)OpLg@XsYeAH
z69K^jd@<oC%>mx%y9Dg#pvDdUN(=pLjML#A$JKdd+~4}7;TGB;4xgacvR9B88^>rL
z?NkGZ{L&$X_Os+iCwT4QAhz|4*wbP-zYG+v95CsPHv{!Rivbyg)txG6Yg?X%x0WTH
z*Yw0bYy&Lf;CfRR0WBk`p)T7t8YD&U^V;4%6Xq|u=i@|$X{V~fjoGnCCDh-rQhf6j
z5kECHHq|J%o)lY0Ir(na(}+<o;xJqStPI8STDLgFtK+FWOh*jK3WkJt8z+Q^t}~fP
z*9GXd&Y<tjn*0rMJA(V2rR%NJ;L)sp8q{LkJMC1ro3OQOdHD)84ozK7epP4PexA+f
z_!NTcWF8bbl((t)0{EM?(}b-b%9}L>Sdiv9@+_}I4@cj*ye?nJU-Su0QiMM3EbwXN
zVchfYyLO*)cj!;ZOEE#jcUoYfUus`d;5lMGxG4gVa|r9*yG4M#`$cmQTihf}ljA!j
zptgbU$j}jV6%#46hHZjkk8eGjQrli^WGbY-r`PikvIf<jxJ<e!Q4Y!V0OrI(;A8uK
zjYFGq@z5Pnl0?`@QavvqyhHiu)e9+#%~?=GS6t}Zl^timhTcksKVSv7*FguPNN=X)
zJ}5Ux&tCUv$T2JPN7hpjr()%tB92!!d&rjC2{sA};c^Llk8#ApW?IDQLTH7jfTNR=
z&)C=D=u8(ee?)cfrRSu}QUc1#;d@~e_eh#ZApqwGHc5@I!)j4P=n+J8kEQt6-T#Qf
zmVrRIXao921F5S9I6{m2w|(Eg@7}r_QxR&<S^49`Ov01HNC(a$y|Yy{(V6YiL`vcy
z+g?4Z;PW3^CcB09SG@vk|2}oj0;>4lpvAo&xa8jbY0jF`*|#C^CPIJi8W)0drb{($
zH3D`#UXO@<-&F|2?_T{CLk91&9s*U`tIc1`UK6XOp>ch2v4z*uhFoTEuIN?`If?Ws
zk3hFy`X5V~?j}kpi?gTOUO&8rPnH+Wp>t#L=w@gN1LfMA_81DCJ&gA4O!S3cc3_w#
zkf;u(?7a_SbgnC?_^WBW?Nh~mWrn|S(StH%&2j(!|NqDJ&ys%uPEu&ug#TFE6sT7p
zEiBqC7p@L;T#>TBRy%m*VgPh|wYpDE#l_fk=$Tx9j6LwF4&WCrDRN$ut6d-&xa*fL
zc*Lh5l=H!WJb&&2*uZZ;7z5%&iXn#!d35x24$?@U_xrmdez-<XJlMDCFr?|evN`KU
z3S3V#d3x!bruM5;IxhY0ou%k7mFk?LQgw1UGdrqKE<Z@{x97jqd?^zh(MwG=8}q9i
zcr;k*r!uf*v($Zzm>4x}8XL_r!r-Chd&F<a9rwRr;`kvfg{NRF&|fXTqgt8|>vd|;
zHYY_JoYdiIRT<k5^Ox-tauuqDC-CHk+HjX$@nQH*EWREvRgCjV<H_+<)L{WlAI{Vx
z0rNDU8iU&2mZ2aj$SAUNtgyb+#)(SslcYNHHS}!>K4&~b*Pgd*tvE%eNhX{+_QyR-
zEj1tWZtIp51}$-GHGWe&I7eiuKw6iPFc+K3$vVq8!n@sN(2xAB$I(}@s(IA@u<j3{
zz<f1&p?pJ9mM$=TX=tM`h*ndds*A<41Az&%f*MPaeIpZeXqLb%>OnTw7xwk}Z|ez~
zz{*ovH{6YtWKK<#SS?o9)A;p@kJg;V0~0P=cGD&mnNIpTd&q{41RNEenUD1te1Oya
z(6ls%?G74(ymkM!If(X$4G8D1SEo7EM9J5>-H^Ln#v%b{>j9C}crL!=e|_n|rACBu
z&;^8`-q#fC_1rK~>%BhyQ9Y8#Td3|$oE5)1Jh8}wD@8BBiiNe@ec^FkZXqtF+ela3
z!KF>@`jqqGsmV4~$6;IQ^Sz_kC?T<~<vUdD37D_|!XYdsg*PuXqWr&ovW<CVFbC~r
z3u+eLBRaF-2+4%TNWV9EcU^}o*4v8SQtA@x`!b&|&ek$3O`kuP|0ncKtG<4Kre-Y=
zw_NS{=H$t(&j(ZXy_*O8;FtKk**I`|-l15QrxzBHRm%>)QOq(Iy~d(qJy@a^H@-KJ
z3LlG%%62?pSA72TqssTRw!q^3dC4`EkI|n?zboIYA@1+*$3BjRZ;qYJb+RlNrLQTQ
z)?bN-tLhwK<dt*vX}z3q%2py$W(&)qM!fUeZ?84h^^7a*G>BB;4AsHY2<uXTJgpi|
z#CO%pF8JP9W0|l*^TOF#*&RYnH0oiKw4rR`T9tn#ly&%6OQZ7Z!#i4Gsoz;K%LSZ0
z(J*l6JVk1-GSOOPK0p?4g~dhY-)!UC8y^<_N;}1u>=kY+SY4oU!tP8yR`pRwuF5jG
zU=(9IyPkSmY!>0p{GFR8H)mLKFTtIb#Zsj<sdlHX*YDC}Gtu>J9m(%zDxm%Xf#8P-
zYn6&nBHQm`rb%$BqG&C*OJ$jKGSQaPc=%9Gn1g1RrBXrJ`AAn=S<0hnu@r|dL+3M*
z^VxShRjMA3Sk2mWC0<)QNk<;`npr{fG#G~t9@->+FM{Q`wziVh-Omo&-#wd@yFp!@
zRnMjKbx1I;%Hv^5#<|NxtJ@?$Y)Pv+uO~}S+DVpwO0ZxvUuTifb&-&jR+u!A{^$B%
zn_?)VZFUFcoy%izv%eSAj?eM^_@Kai$m&bp?MG=8b(1qHEfCF$aT}F#hMXa|x>}x9
zFzeo2M|oLUk!pmhj$6S})!2#ef99WSlPonCf_ECr^b^)AvRh9mRz$RtxW21Q-f++M
z;ie#k7L^a;+wrcLjh)UY25T-94vXnXKtA#{GU^%^@-eEIx?L_ahTFL%rf9EiGP)sq
z${yRPR24*PwQL%M9=9?*(qFrhv^KQFiuZ_5C^;~m;Ow<{?eJ!7J@=@iAN{7Y?uc^1
zjU1W{>y58U1M`BzP;o}peTT06REqsWyd2jtE{@YmJO+H!p`&4JlYYXW<dhzZjc7P*
zes^O-Bh!~WQnNN!+a=ZvPfMh_Y~(-qcSp#;@X=^sunPWO9Jl6PynCLWV%pq<tWF8>
zBIib@z;JV+%A`pvvlF{6Ob%PPELpWraJ$gsJnzzH^@@|$jRR$U@Y_(TuN!`caKIXl
z%JbH0%;s8!Z+`#U9;17#o4Uc?JJ6Zn=g?xUJE~nS6<TMjX>pCh+}_G3vC#a7d0Zk#
zSKrVl9}%dndsT~1p93p%m2GgvxJL$sn!=v<RBKhsac8!<O;2~x$@uO~bnwg`%}X5{
z$Fr!jNKYI4sU=@&Te{#RX}}ZZ%6oc*#z)7Ma^V|7cF)H{$}CcKBDjr`vxYY&9E0%R
z$a6d0ZOShhFRjuf8r5mySUEf1H-QT{YgTjY=X`k^kFVMX(-}ao9<nyzdo8hkk|S<7
z_4us>L?=<p*YZZWl|YJ6T(O`5w_nY`P=WZ8+uqK%U0oh+6Qyr?5WyK4zdqN#6ZV%=
zrMAOr<T8@g%6bZ!k7WV}&pkrTJMs5Mjg8G$XooftN#A$5@+NKFWi8e})(5F-I5^Q(
zuj*!%9d!w|Ssfq#=iykPV`iN=8r7SK?sLhvrtQ@G_a(+wY@FSK$`Ef`Cm=p(HmH>L
z!xw$>^Em(s&IV5;L(a7WSOY6ZdqQ4}r0X$i3Y}%BPb8EvstWQOCHG)A`7V&_zN{Ld
zLL93ba9dcOOGcP?;VByouh%-}s|lOe^ug|akIS=y**ww9)X9~Akom`n3BE~}p~r{B
zS$^am5Q~aS6da}LKZ|VXEVsZqGaDMXwiQz5Q#$rm+u2$6vxJLzd7Kc3UUhQc;C~ib
zJ}~bLzV+5nlDw*nCrL$|2c{N66(c#WZtE;=Jp-Y;#Sg9)Q>i1*6f)FmwQZEX;^(C}
zH>Q6M%HyjT8H2b}A8r*p?LG^~9$W3lh+FJc9T??MiTq(vgsp$xJDY~opPM0;qC-D-
z+5r{8Z_v`Jfj5orl%=tkI0mIYm9)RW^*kkLW+M(oTjo0uf4MimJba3NY*V%25;_^L
zaIoZ5wrN4+oNO5<H));4J{$p&d$~ti8+u-K(rnM2u5$Kb<zTH&GSn2d|FAq@N~r24
z4Wp;XYYgP(ZS;E;_9A`u6f;a=l~nzW)Yub#CI`N&*UriIzFTZm)n^Get`AkM&7Z<M
z@$E_va`s)}&BkuEO7cSLSv_2Y>({tz*Pz4)<M#SpK0*f*M9?V<g}%u;kCSiow&q6G
z@b5?@*G46@N7q3MX$Y-BB0bKPPULkqmuODb&JdH78Lj;L<yR)x*nZw|oMt6YG)j57
zu|SOmBJ*#A6~s$zk3mIHn{rsX*aoYst$ydE(S7@EZ_T~6lG?>`+DWlJ!}9w29{5<G
z^{~}RJtE1f)`Gh#c-h1G{VzEaz^cH#MH5&`;xFQGyEi9I<2dd*4C6Xw0>e*jdan;V
z6Rmfbta;0tb0*sqxwm4eQaQfaaRYTV(XoUkF|Zos502yyQ#0nGw=%*oQJ)gyh<M(e
zLHoKw`tt^(K2QYnP7`ux`~^{H80a{}XqX}yGQYYZ7NL_u$9Nfbychg)R^TrzIuSGi
zv;+>4pB(}<KnK)-=;{FXFKvfIN9>7)eh<x|>IrH<)DOMAN{4nSOMd#-P5~T519SVI
zOhWp*llkiRP{n6>=lnLL3947H(XmWOwx*X(4{9~IW^ZFH)`}e0(9&bZA7Gf7nXOh#
zBzt+GOE84H2<u+*2XpUMY4E9k&6E4#!-q<)79<W9LzsbZLxk6!Y=$)BjM((@awZcq
z^McUz>P^(SiWK7=ZrXET0soWBrdx+=F16YY-V1cuDSNl!kZu*U-JP8cO{l{=RL>OX
zCW4Dyu`j8eSVYijl<vdM-+AU7N-)J9pJ5Sjg1-9k)BM*GBapY4SI|k(BKDf6;7xOK
zTh>7Xw7+()2>&(3>vhO_z@MGIl?FDFUY^SP>7Si6prAu*wQfuNyOUyg#AswYrT1U`
kJuV11uK%r_G(gdA^kJoK&S!l={rWv=iRVx9#a_PsKMFSumH+?%

diff --git a/components/engine/docs/sources/userguide/register-confirm.png b/components/engine/docs/sources/userguide/register-confirm.png
deleted file mode 100644
index 4057cbe965412f5402303a8e35cc5bbc92647e55..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 65441
zcmeFXRa6|zvM7uN3l72E-Q8huC%C%|4uiY9ySoMr!QI_0!GlY1cYd<>clJJO{crc_
zKHOO|YxQ(jb$4lZRds}tf+Qk5E<6|*7^1Y4*jF$x2!Ajza86k0kDkjWvL!Gu1aTk$
zpd<|d5Gy&^n*(jkz`&#st2HcCRexe`G|L&K<BavdO5u2-muMX6DaF$c^f9wB18~9u
zL<a2;A`I!vHS5IKX^j^wp~x}CPM`<v=#e?7saZ7Z3a+LIBDJ(U-Z%9AWIwOlpZ_>-
zz8AQ!0)aK01jCCH)*!|+F@2>J3x%aDDfx_j9{?>k14j1yvv^44?}rD?hrFLzc>c;m
zl?tj=??-p%&;;L$m7x3w$v~woO385-Okm_1#Y&jqGukNjJVjC>TMEIq$x_69L^Rpe
zL(av7H>@yqDJxVoBpCi@h&`sCL&j{t?69{#4Hnv9gwaX-(qc><Mb(dS@Ry<$!@tMv
zE4sQaBdZD_{$=*Ypm4WYr<BfvuR=XRI0V_M1PH*Pq*L96v#20?%hU7Cg<q8Q$tcQY
zP?Mm@Zzue=I<$7gf?-b9VUWv1f@Gu@95+%P4dYO$`Xwcrd2f@E7D2obO0chXu&)j~
zI0oDym6nUg9c2|Z1-9b#5=Bedd5%~?SwRsyI__ZPno{W+a<KP6ieeVfBKj3OH{87#
ze0nrdT#PKb>q}RqSY~o0^IQZM#`srC;tBDV5@xQ1IpM+9ucU}2?u~I@Q-py{qTUv%
ztbt>wk0>WEqQMK7aGw*DUKt?=+OedQ3Q^*Q(7qc>YjXD;b`Fq7@OvmBlc-^YC^=HU
zqlxEw`jX{{g^)8PZZn{4=xb(kv)?%<utsbvuZQFD^f@kgi)TiZMHae$qfE|qL-|~Q
z0u7;5kP0_X0%Kaee!G4M>_Gz;RTAZt>H)^%;3j-)8d1)JrMRFPNl@InXhCUIgBT2d
zXP-cdb_t|!Y}6DW#Ud=?+D(!$1v`=)Dinm}(3s1*!NH}P!JU&vE(@D2Iz)ATCV>`{
zav`*miGTf!6=Z{!oP&0IRe;|$P$W>=I7>KJGrt0CCi(QHB#ATOoN1HbB-QJ%dpQ$Z
zh^Q(aNJ|-3LqaqMU2#VYkn$@g0#ZE|qjD#lQ70L)qU`Ml{3<wB{-)Ny(zW1Jeg^PO
zw(8w<!ryI0(v1`Ok^#^vVB%4Y@RN8nP6)vE7<`#edWhwg$|g}jIS3~c6Mzlh5rcG0
z;Fj4EnM6H4Hbw4c5Yd~}O%Add8E#!_9e>=JnRloW9Z-TVxA))oOE5J@&GbXz)nk#R
z8BfK83!J5;M->|vFOr1Q&Cy!}FXza)0(T$Os9nT<f5EEBhwCXrs0LqfqRsCB3r+<K
zBZ9ox@ZO>~C^WG8)H6Fyno{rH6IX1<ZdmY11sS0igT5DOZx=rIH;f1h(hf0FA~9lV
z;Wt?lqKaH_kReI3C{L9?M;&-m59hB>LcQSSVPp;v3jLp25PohUW#SQBAb9>pyfMNa
z>fy#lW*eAbww^!*4R(A7qsNaLM5|+`ha4Z;O^444@`*_?`SJ_ehE6@`HJV^Z!SJAt
z^Mvyb>`$M*F_8m=#g1nSoLx{{Z|9{UKeS?B+3#g{aQ#50p|q_(7gpZL`eAuJOuv6#
zy1w9S$buC}U%-L-A}%OJBe+R(Mo5zf_zR=U$-hN(ijh4nX+*ddX1OcQNfXi#=ghoB
zlO{={Y6(w~r6uBx=$R5Mi|SJl#S83O;D(vYfr=mJ3V}(M%MCaUU$rT0VNOv_F`nFb
zE$t7TdGqXK??vCuaRtHzv$~SIBD&%>#O#ZN3h!C55dfiN{duUvD6Em#CDFIh0?|9s
zbkRsde5I80(MMy^hNWzK6XFvx`*!;*`(O6a&GSN=LK{PCC9*>`O;U%PVoq^maMRd%
z*`G9d>2*?t=ps`3wMVpvSH^h<+r~XhDk^{lM@2l!Dy6N$pqzc*$sd`>?3+JamXS`B
z?o68^JEJ?3)(5&KeFwK3Y`8_TofS|maLPhKiJ-je*zuj%eF@Ou+T$9n9l<^PeQRoH
zYNLAHl4><twM=!8c3MMQBS(X61E4Wv<+`D=0oi(U;cRj1sO50rX!j5O;&L@ep-d&M
zz`6*phHgo(s$KrR_>7FO_s4F?l~_lu$Ert}JAtROfKI1nCw`|>XWotWt>=x)?fR|C
zjm5FX5z(Uk0lGJyFS}4&cebCuU(mZz@M!pN)I?NSi4y`xvjLr;1ZWXxv>?_XALyTm
zg4pl~{fHn$4csNX4K~sk{AfztN#+$B=dp6H;ti?pgu(<fGUVu&b!;wIW(DS4+m6YH
zLdV*O3hCmAKGV)o=_EUqE?_(`_Q-19q*TwG{|6Xb#<JCq9dpG`Pl1LaxrRCU;xi_8
zHiTw1teaLFRvQ*Z)(JM>M~w3Z1!Pl8n$1%8tj5j93F+7>FV#U+R@J`EOLccmsoJ%T
zf+nv^Lrav4`#M>kSqeIktCp*1tJ<sWuK4Z3?GWu&?bdhBUiQzr&+>O^1P(CBFcpB5
zehSI8*?HytmeKFF7`DmN)Q{!I%3L|W6nYf~6&e+gC9WlhWA)kFd~dE<)J^7wtMEbQ
z6BZW82mA-8Q*OG>dPA-BPC#dmqvPMSPSsAG`$LXV4q4|*zwi3iXZ5zbmS0n0rcFAA
zn+Ycg^Y}aYQ*ylo+B>Q`SUWg9*Kd}tWAF8keU`%Z(YM()55lLt3=}s>HzB+H9(f-3
zo=)%n;9K*lv${V2l6=E_6Me6KI|UE)kM<{mSb>~`3<+2aKn|i08W7<N%!OKoIe<Ec
z^CjHIFGS$MxZ+&ka<;Qn!A8ZzQO8`ut-;I1?;?5e4Hg%36|)snESB6o87ZaKR+U>A
zE6<vxoGm=eJj`{}-`S6~jxZV~AF>Je!2W|$8EuOn7e~b9yZF$KUPU!RwJ<EA>%8`@
z#p|-^^3!FvLa}0Wo+ihoW1wtbb}(B+#{e**9etBLgq%UKEy*UWO2$rMRwg6+Ytj`b
z2Yn-Hqt9HrG>A%1icKb|grk^kPG!!m_}=%++hS%dFQu0pV~)2;<Y{t-%9K1uW+vC|
zA$v8j4+z6%iBo~o&L#-I6TH~BF>yE%lOa&3G^;(!<{0nZ*dn{lR1wcVdNuuR<apw4
zT0do-0x?-#rroTd9<d&aN0~>*X=8tA?`-09T6S_ZZF*vQM2P-p%E6dUX_i7BPpAA=
zIkj2?)&pi0&7txTwHt<UhzdMj<ju_fW8s*>ZOpNVqp+jeWjhWH8`9K522GxaV`_gD
z#gE)%vE&!-tZatNb^c-RsXiX$edy_RUgWGao?4Hty_dmjK1?yjUybpN%x+uuQQ25(
z^q#LS$3J7D<T05vUk<ZI?5$*5OUCB1HlKXj_xP^(mffml*HWttu3F`EUAxv=JL+F{
zzRu2FZ?=1PpFO{sX^m^Ac`<Hw1a^sbZ4Zt0q_opI)5_2iR^xVmvuiYTSw8-0U0Thf
zairgB#$a7-W&7Or%LVaI^-`_oyJL`Z|LwQ<Z$5Z2T#U;Pu1W6mDU%{u_jWAHU%U4D
zk?V=<Y-856HEdP%T4TDZ-B))`X;!CS4qr_sk%|cR_ykXr&uunS>MBcyDof3qFVFTG
z-K)PfSx@f@r1`-=R~XgKZ&W`&JdfS?`!2qf30b^&?+8x>><4YY+`k#Wjt>Dk0A?<l
z>s4*Jo<JWjfHq)t%P}kq?-dvMmG|jqj^sp~D#4;q+Y9!eU)v_H!?LmWoHUtjil%w)
z3;flOQ=`&UwT*H%K!Goy<CCNCd8%osJRaYr_mc!r*8x)Ay`X_#@3rW<cwAJN@Abo}
zQl*9UIz_E4Vww*lS5u5FpDV@1SVX0fhN3}Km+RJ3@E=>QMEkWio=5X%hRf=yRgY$a
z7yTEn&74neK)3NT;AUlqy?6JM(B1p;&$DIU8<Af@QOM{-8y@7IHz#p@LV~XJz7rn0
zj{_&t@@3Ws2{qw0<BHv$E0=PYRkiImiaA1Dg3VrU;|3yrdM6nR^OvHJh3|WF8lknW
zU9NuXYj~Sp@A7Y1UCn0a2%D##=dW)QVGGELPv+jH-n#drZz?+n>C<k{*U!&iL`#%9
zv51x8EX=?=*5G=i0bXI_VDx7_8M3DVh}r0<L(q8Q?~usZ<J6EVfSxI0|J_eu-{rxw
zlz&L1$DA$P@zKCKa5Zm*Vjt5^IDyn4qpQVqlH6WjYvsVOW5Du~UtfK)o}PtlCB1G}
z!Q?+dS_q6~@dDn6^JnZ+e@s?9Z`Qs;REh%gm7IrpKH>^E2PrKO7#JqS-ygX2SMrOG
zkRunUs_CpLFUM<QZ_8+8YHw`D=x*!q0SyMm@6P+tv^8@!B6hd6u><kC3y}T`g7>5S
zx0{KS_+KE-)&iuO@=C-2dnYqu4n}rHW>P_TVq#)`CsT9YuVNDapnv=mAhmRMcHm`V
za&vQIbYo+*cd}q&;o;$7VrFGxWo7t)U;ug8IUBh%*n!CYJ<0#fBW4CNaRNFx1MTgI
z|ITY<Z13VMKuY>|q5pjTy-zcD;D1-L1N}qR2Z2m~N0?X`nVJ4G_XjHf-(FrNpu3rk
zrWnxH%ntOih9C<&7bpL}5dMEd|6THbp=$jXm5YV_e`Efyk$*7xnf_AnzbN`QyZ+Vt
z!7o90ey0EMUJxD!tc4p4Oc+dBOhnZk{KN;wKSzA|w$;r`w#mY6-s?OdJ~%iY3Izp9
z<kKa(--&msqR6MuQeQrO5=VhT{R9pSbcQHKm64J<7s%>bwyE#jc+O)x&&kR%<62%n
z36*!HY<+H`na<8|+wYj3;NST?*UJ;;59lHJjp6{y4TTSZ6o3@u-`&5vV7BnzKJdRF
z#J^$lD`AoT)&6IQ7aJlL%(V`}ZQ14D$o~v}07CvhK&b!6o_}f7|D8%POF-Yv*p3t+
zfeH&96eDOo3Yj<kGtrPS`aj07f)6eUwu*0@))NuvPi8|UBhAA@0P!!q{;i4X0Ck~>
z>b#{04+Rkb*0gUgspavhurSuvJeWO#G)bV{1z>F4Cmj$s9{kUQ*}AaY5bjPXW#jT}
zsCA~*H8n_nUN6#XcME<jt$xU=OVF7(Ne2Qe=lucoPR<H413PZ-m_A<j!SY4osBOak
zu_sGND12}mNF}{wDryLk#I9ppsBe`h^lRX%sbI5?!ud$5M<J|(9)W^Zur5rr(B+kI
zL_u%VQ1e$PRo5g+I<oK8d}S9<;)@Zd|CszK%3nH-3b+#l37`rKi%`+gg}q%hpv-k+
z4Zm8T^~s>|cTtjt4JE)HXPY9skb4-RVcW9%IO3&|nqA_P4-HGk4=GX!F{=H?k+6sQ
zlljMx?3}rALve$UIq0wo_D`ae1g+q`OJGo=6@%l*nW@pF4vNf~u(6O0#AyO)fEQoR
z?_<qiP!E&AiAIekv*HRlImT(g_;eASa9sc8U8s;gyiG2**&ewq2&%(KpJ+6<yA+<~
zyeoL6U<b7k#1@z{Cx6@(6au?@8|t@iybvo0$?|zq;`A3VT>p;IN<wij-Vwo@qr@Cl
zDl6&_+CL5tJWTlWhcxR#dRh&sxFF28ps_+98Vb|sf`eXg%3A&S?=NwNy#bPfY(K+7
zBi2v4liGb-)_DHqE71u)Sf_Y{=6uzR2%&p}TFl8b@`<RIdg^{&u}T5ZoB2L$p^Z%{
zWUd@8&=kYYsQw=oHPC(#(?pxiSf2zB{^KI3N|7)4kjf&KzZqAgoqIqx?8RMh-Qd6A
zI#98b+qUhKspu0VGefYNmCT$OPe1Rv_;~+r<gbb46OjIfHRPkmpi2CY3jg)zO=3N$
zJxyXi2meRj|A)}(;LZJ_N8zNSXSqu=Rt$re+OpPj#%+R`Ah`6K&gA~1@wF)Oxs7gD
zCc~UnudO0G@rSJv(0|o-`a}JH<;s>pj#8qTW6iDXT#j_jr9^EB_V@zM5IWh0@_Z=7
z*Pg0zyT(}U-ct=<j_}tgpv(rn)gg(R{Q-K2O8O8ND<C6yoHo067(fre^q2A6TZt>$
zKO7L2{VT<ikyeN5Q2!Chn7dzJz**QY9#E+%rB|nv%fEdS&2fFqXEO~Cu63PIg{p7!
z++|`+$Q&hx$Y_OiRgjEd=@r(-w33wDXTfs;D6&bOYytqYvqr3|R>X})V$g1=7brMQ
zKW)>CqgMVo00qrHZ1E-eb3PeWt&xV1wB*(sDgW!XEHxb+z{aKuC-(NnVNxVaZt6nf
zjYX{V$Wv@oX}o$(-F_{QC5f`ADLu2>r(H?%imF<lxfSHD%bSiS8$;9_Dtiv0np_YY
zJcB>~V{+D@4pM5AETUnxkAn(%c+=kBN#<HhPcLTO>+?*Jj)uKdc4+mhFPHekLt41(
z?7y~#PxP@denIYbRa{ZwW3I&7t4ODpql$y?uKUA1;b%RJR<i?}V!{pmp#qV=Li*AV
zoog%>2orfAq-i$PZA<V|8CK2(=IiVT@<8D~ALdhSITrD+_msDsyS2AovH4sv(Ab=m
zn!P@w<#vp(zR4fqiQ*)HlR@r$8C7{HD3UU8u8YMLP3%QCv_Jtqoz&e|d0ad8=MfGt
z2)!VgXM2Q__<>78kioC#{7ZNNNuU4PQOy-U325iQ;rN13FTn{ZJ|ib4lEow%lUDAo
zuUL_`%QI6z7NVjz>Kk=H-1Q}dbOl(LP0UISYQ4F1RvNTV;;vdsDzTET)HZgAHh>eL
z%|EET8F4czjvs`<0RQ%c=J~d=yg6dD5hti0ZS8w6Sw+tuK5qZQaJJU^IZe+A6%8FN
zno}M3>%l)3^?O(J!*r4=`4vaj!lP9e7q)+QtzX3PK(2-=2uHJ9b}$)JK5Z!rP4->a
zIR9KD1OF^G*khm<adNLOu{Oq2-f`@@aEosmYM%uaJ{J)qd2@Fw<-V&?e#D3CHQfT`
zk_~hC6NR}kx(fxSiYXvL5h}rHNg3~#*`#C--+L$%O@?%{-*y9sAD`XxJmfEpuaVPt
za{XP~tlqCpUdl=>M4K<iU!)Xe%~;&&O0t4Wu6O@&=u}V;_}xxZBr`}T!~s_tDNbE_
zv|k)%rB<>OZE@o}yyyyBxXFN<3InPdBwL0g+v74QDrx}(g`MG~Jkne7w#+1Oy$|Fy
zW9vc0SY{8cyj+n+FE?17Ahs8L=-4R(MbcrT727|*4`enh2PYRhl%L(mo`eJ7!mP$n
zvi#cyOv%sJf~k?Ps2q$W>38N84`vav8Z5F3+@#x^uxT?}sPfu`Vqd=csydc9@GWI(
ziI#czDGI!k>U%#6M30U4#J;JZu3I3Ky2K5;+zZ8Sz8wj&F)2j>Foyo;s><zw;(*(e
zR7S7(kR6^4RM4Y8xS+7p4dq2^8$gsr4ObM~PE{*E*&t$hz9$u))YTJZ-G*<Pe-|dN
ze#QQxwccT5Vrj`4UQR&n^NCM6?dRuNZ+$%UsKb(LZvHj6S=s$7Pu{{M?`YwB@CyQZ
zFf_h`rs;T;P(i>;;u3>|!wffhJoQp(afXF5#k2Ba2^AU_gCxU_%t{?Xqb_-3i^r#0
zKD?L`p@z(sPOOpoluC#7ZiBwvw<GE^7WjY)17Vu)is?85%d@f<?NkO^$0ximFOr)8
zb5Gtfj<yhz(@wb@?|(b#3RrGLLzM)lw^&Gsjf)z&Dyb~2V#*oIJ9mtu&raoBD0pFp
z2!6T~B=R{2RLdw#iqc<jT~mb6B;y}Gp{ww}Yfn~kSCo8~0L{Xl2fg*QpkhtGER*OU
z3Ou6{kE*_aBO${a8W_oC%JC6Dn!-zDN{-@Dc~tyh-<jjg-2u~LOR8HD%INgCJzb7p
z&P<;;E5{dr^qtDODLKf0Vbj<$%$s*`JvUu@&C7VWHXssV2@7we)g+(!kDM-1Kjeho
zji6YFkA1hhCuyV5?H}7=7Df!X_ql5o2vv@^-~}06!@AUvDT?k6TCh78SmWsr*IkE~
z&q^H==6SFoxttA_SX}LyWQU#|b!B5M@YxUhaoMhiT9|i+smy<5n9kXuet2Q`FR@yk
zDxL<89ceg-$TOH5g4=mMXqj4=ZD(ot4q{I<k=GMgoU5Q$zbUmgRzFn0?V{OXfNQA7
zi0%+Nqd;Xt*9BoTjF$p>=ndf}<#jt<1=OoH!-FUI7j6jmfuiEk6_a8vpQMR3Op>6~
zcM*pdx^gbN{a*MsGC79*5BH&b>lri75qzjoHb?Tjm#A>_5KhnV?V(O2<xI6&op?7&
ze$PEO{Jk{JGlHje0e-uapnP>wcf1_F;`q~|SpwTzwZU#KzcVcXiF-x78cG^K9%g3Y
zn;}u#ZtVVzsQdAcP@P@>&<@2ZTuSULbkYmlYF{Dgb!F9VYJhVrb8~m0YQ{)Pibj4z
z)ml1V{ryT_g92%o@G9}|Q2$kE4XjE){yK?aBVh>pWxeyHC&I~qo`%yCY0oF-jlM6n
zD(r!kLB&7<=hLXfh&0mYnCFYT6-4)wj04Blcc1BBunm`u?a{t65Y<}E;M3h#w4Ao9
zcIFVfE~7&fc>>5}p@?uv!ji0lC4CiXCsXTQ7kAknn(dBB89!IbEZpSsSaCYN?#d75
z^?0Ea^#2}A9^*@UANLqyh&iR|$<2V|Dd57J<G~lkZz2qhY9!U+Sm97gfK2u}JuX9p
zF}LgxX|wm<>UR&wd4)WGHmbZ0!!?4_Qi|TJCY!-HyEcN_?oKdB7%y_;)1`HHm$xwY
z7v%2Vp0`(CT=rAO?xw0c%#;2}xAh<xzjtyc${V&t-=Evn4=;Oc4nGlpCP3Y>_us`<
zHMf&GLo~8N*ul1>fV<54;KGVA{(fMe6JnWbAkdx-2pTz1_h4CLp_rlRybPfu4c5l!
zQ=8c<DkEd874j~5zRde+zTMMnT(o#RQW?llpmfyDcCH6_o8mEHznW7?NLqqBh#`s%
z`K)pMMqgxx_6EPRb}30*U$sBwm$!Sa?7c6m!pzOJ`ZCq}o1OoCVAcIPhev{2Lw&eA
zS~qf-=;MTp6WV7Sq$Cl(>V4n8UL%y}KJQxEBlO%5=D_q|5yF!^%uHjwG=})o>d3ot
zJ;T6sHDmIeEs4jJS4sC%fw)w*+3|=JU+ww$gaMpi^J`$@+*dJ*;+YO4`EKk0yaY8(
z;JN7(Iz5pmw8FT|001P|6S-K4$jPaITps(_oJi@?1bXK8yO&!~GSOC3F*%`11qmAd
z>}vhh!a?*U1z*AKOhr=onpLAp?{oB7*h(81ZKbtRuK__d;zQWJF`L^E4MP!$8?WS&
z(CxMpL<0*1;!U<~c45?8F+dp6OxDkcnICgdHdjhkbTUb<$I{-w#43bR+B8s{Qg@<p
zYI%9AAu4XQF~fnf9_4wCEhOOxOQ88};`_?LPD$?p_~XuWkrO4RVyN~HP<UGG++N%z
zt<PX}2s&$uaU5kd)(TnJT?fYn+~DFIfV`9LV8Bf^c^=8w;>UVUGuSRHi;C|ljP9%(
zMq(S1@LrQ`dbc5JLsB@bVNYfck0=J!brJ7UgjFJJ5n>EfW=0L^C@fl@{{#-teFd4)
zcs*@xIs5JM!m1Le;L8>G(ltEVfHtm>+s7G<it=$QB};a~J5VOir|71}Q7Dayh?s>Y
zCLtAx$wZ*XBb!zZ&4)6L=AqnR8<Xpw0>?4l@8rb^HpgH2p@Hgd+xl}B+6*ickk)I7
z>sy*Sj_qH1X@00Jk!>cWy_L?1(Y)UqqUIJ27zmy2Yybdh^-8AMA=&Y(1p;HTlbaQQ
zm((~D4(QXyU$}A*sGFgPLVz5@Q<J>a-o=sdf<}g8zh~I~9MlyJpcIq>)4%B#F*8qw
zX?+$Piq&fuut(TfL-z0A7Q$f+t~Io&8@ch#M#$j5yv}!;8IB&&|8>c(%il)S1^etk
zg%ps42Hp(2TTH*yG@X3<XW`O*wF?qgJ({HTYyZl^oeFMJOA9wr-l-Tz*d$s@injmr
ztGa`usKdfhsIFQZZ-0FCH;gF_vd1ek7mi)I-SM>bMU>XD@AC*W?6{qliTqYCR?moG
zwcqkQ2oLA_<2!||N|&{YpQ5M1*C@#2QzS)42t*DI$Y%{&qB;Q$vp0*ZOd%%I?8P;t
z)lr(+Ftlcv6;)E>to>z+MU)_ocqmomyl|^C{KP)nox)bS@LxTdw|Mzmy}0}G2>CQE
zuo}wC+E$oJiHS2mbTq=L@xCt0(37ID2HWl`2THo!;1usCJ!m)+MKkI-T?~!g{%T{`
ztjfgbwXI<bPQZpsQKx8|{IbjakmfqtdKcucfg95i6SHO~G{+~64^bWV5g=EGnGHvd
zdecOeFKo4984PjU^GE*}LKKG!Q+in#;@CK<2vI}#KD1oXO-$THI1~QvBT!$S!5SRl
zC<`bd(EvO+H;6?ZSu^H^nw6YhtEG}1gWccApT`{T5fQh<nJQ@0jnV}6)eVh&5A~G3
zB1S8I_GAP~L%n)6fzxPRfVwvu)ILX-&I~`==bBId;Y2XoiqB0L9>e0L)tP;?MqTAe
zA{%IIIZ{N<<elZl+;@D48;K7s`MSNs3>x%&xr&U^nckHV8%|B9j-hT$PuA)0mM=V+
z$SN$K91*v1wKv?5+tooNKDQ445h~W!(Sfg~wiw!ToI9fD?2NJ9vZw#m7{YBMitQ3R
zrkqDb6KSVXS100kD7Zi@RjI3(p*Mb#t8^nJ1g(@xdNoc()HunE;NJkxCv_Z-LM=yX
zF&Aw?Rjn}7Yy8QYdrJ=x6{<@^cZ?(5Gr?U;VN7bcV3QCo{_!m{#b(fbN!^ojzt?9)
zM63OU@$gMn>LQVQx;EN09xw<FoX2jA%jC5h4P?pLs^ktgEX#%6j}c?0LHzzBFQ1=C
z37YZ`at3$AzJonOm>>?;H=fbeOu+~=xMI0zOrEkCW+x)C1hCSs3%-ZQW+f9T94pxl
z_KZ3bIc0Jd4z=W3^gX)$1Xfj*P|Kkd$!a5+QkG)fad(L1S+ZPxUu3FWxp~u2fmo7?
zM%V`v<*by?`1EY#Uj?=MBXqUXP^Nw2DjLPaSza1$HO3{wa<vT*@x?JCB=u<bWNUgP
zG6l6d?F8;-Yx1W)-+dwVyVu7cq?Q1Rf5H-5sJAJK&qj%>YM45dX?JgZk*-{>wkB+I
z@M<-+;;Dw7MG@JaA=ko1nO=ALC-YlM_K`rC|L!D+Cqf)~eHl*})uK=Vi<A?*Vv0tJ
z#tnFo!$!;QA0dj!!m+v?LA59<VDuB%USbkG?NL#3>vcmQxl)cQ-BJhKhys3W!0TJ3
zib;rJib3$aPig1}9-3YMUTuWi+hG!O*>{U}y@-d7&lH`UO&XfP7Z(HU#<51~4t?Zg
z9GCH-fOxg$$F}52r0(RNB&>AC#_aKPVlr&Ny?K=ShSUzCMn@cuc#txWA-+{RGV_Yk
zkDdWb0tTE0V3;c6oVPS1q9hy9_f_?H!$Bp`Qd?~qfrNrIB^>1?ylOIWWTuMaCS?Mn
zagEXM`T^B!&X$i;RX?DWh-tV=ej$5bWe2xP%=3U-{S(o)aUoo7DU@Y^7{{H)QUbQR
zvbfBt$vuBITRxWp0Vg*4P;6fvNzg0<6O$ZNb$01-i_ky$ju}eW20P?=O42r|RX&K&
zA)D3k%wIUa1Rhkyq>CgH%^LL3^n;_wr9V>@(vB%*rAJ$$<?v2rpo3RX&dQL1N98?h
zEaZ57`6j6t(A|R4D`vGhR&KPT@TDvAt8f%2b{t6(so6qbK$N(Wn#d%^!Nuu{=+!N>
z%+ov3*gPw$e2ghUgcio@qGPOqs#%3JTU!T4Bb;=&G4~|hP14Asa+ABAPb&949287;
z;IZR;I%Q)lej9s#52^Q9RH&DW;<T8vY{etGvZ*fw&4M6nEzA2W2d#zor)TI`5&XQL
zPP5YNdm3FSehiG4Sp{ZjN{Bv*1JLYH@;sI9a&*K6+X|nmI~^9#Dx(|NZ}w_SPlyYF
zKd14otROxmOQdl_q4AO|VTnBkyq2$Y6C|l*oaYvy<li+?CJdEm)oACVGvn$Y0p~}Y
zUDbGu$0C0-t%qqNEuQPPV>f$WkX)QQ>+;%hGYVQ{vM@3r7K8>?R|T&9Psm~E^EW%{
zBgbbLO^QrzzECcnL|)9~hn&*di3+$vzxcrxN42%u{aMY!CqWod>!|1ZVZ$+GG7|5n
z2)wkSs!dp=y{|#)`j(;QuP}EcuDx;#vFX8w6rc%~$Y7Eg5Q=w*u7?aOmfY^l*2Zc1
zACB<M?#J@ni4cOhzD0a?@)FP+v=|Y+n2RUY!1<d0l|CS$!;U2qCI(Qp_&I%_n*8LK
zu)GmrA$1vMh^q6ELZIYV>6p@q>47OfoW>wUk%cn`{3Ur4Lg^)J3*u(1mp^HRsh@?7
z1#?4IW-W+42cOGvcrt>MwfQBev=WidB*%{9lve!6zb-MdJ}MZ$(X}Cq>h`(<M19Dk
zWx6vze?{Z0740pjq4Zhau!f+pR@NJrQta=s^Y~S7!!~z+%G`e{f%nZLQ9eDaZ0lV3
z(lh^_dmuJF@D*oWsh8ws1?6%+TaK;69%YBf2PM8GDtuTql_VFt^kg*>*uF$s=k^(s
zK`Yo|^BvnDhZi}`=j=zi^NPE(j5H<F;>kdhhzQgVnwrjO*%Ql0rHsa(tl!OMm#&tb
z6+)k^uP-9_kNSTJIuCOKKC&#FK}|*CC!ICN4X^l|DeAJ?LV2+HQ__~jsO;133p3wZ
zDQRZvs<LBxbu~a;ga?>Uv~<{UFChJb?V|Vm&}{395EXn+387F^u>s=~7$<CP$4ArJ
zsbW2kL#d2n$E0ZANv<jikLX<}?H*yof>D@$n4@X#P!>)winuFrA&Gfu+aex9Oqgry
zD=g;6)VrDKmR&`_?i=rv;zHfG(D6yOA(Hw9i78h(tqdG&o;sn8%zI9S)lN8Hq)%ia
ze1TBu&14+y^u$D`D~rVk`Ma|Bg&nJ43)u6#*;zn5n>|UP02+F^0w-k@I7fe|@AWFs
zwDoO8;lccE&ZNAjnqg-;sribt3LOu#XfM}`t(tdNJJ?f3TYxPcnD`NeA!EmebRD#P
zOGm;#*Qq1L_jA8-WI8Gyh19j;FgEu47jh`Q-G8;%aO*W^c^|IB?)8pY)K;$zJ4MrX
z?+>kFUg68?V=RrC?f|J3ujXfb@P-KD{${S@2mn|?B0a1`uCFI29McNdyA#<0xp=4e
z9KjoG=j8>upz6l}CqhVe(DMW-B2ho6g<~WH*W5Qd)Td+*9b9#7KilYt3jdeb0Q69?
zVwNALd=jQD<Vw*QD12^Y<N=`qp~Sw>(1dZ-pOP@El<-jZkwu$vs9=yhQOKD<W`i$y
z9+Pq|(&LdsvZTUY)G0Ji3k4~v+=ZzD)^s2~pgeYa<~BDbyimO{b%37rIZsL%Dh{#!
z5a`%Fn~wt&W7$+DuL*^fL_yF&C*4t6<Mf>@QuT$b(4rn05ixVdf9kkr3L2K*?1cEJ
zqC_Hi${iew-CSP-iVLR1Dt|TNu8h%l0x<q$H7eua>?`ROJbB6`atPINe8-?kiYbX*
z(ZMNBjdmIf%X<u8;zMsk!UC&}!$^ah3H8I3)$xcQCC4#V*RN918W~WH&d?b1=q4#F
zIoNuUSo^URJFI*pIab7e>H?V7CQZ6XJnehh(-22jSy?X5B>L&{!kk1jiI)njerVA&
zF=*`Km!RzOy3@0X;AcQAYG9zmEFv4E5L$Xqcxkm@ko+)@RFeZy&QSjbO)G5qopO5(
zSDAf6$cvF9la~mY3$gy#rHrm9dGvmddz`S`td@=<kJ5vL?h$TL$BYJmZy#`(eKLX2
z1>u<`LPz@MB0hR4FL%tZc#X3rKKlyImC}yMPXbz>h&Obb<w$Io3cux6krZ#C01_r&
z@qDA4b}itLflg_)T1Xlv3leC8cO<unou=|fd$hx<d=qOI0)IZKu0TD_DOsNa&FDuv
zJe(=QfxG#BZQ)}&{6eCx-`N@{K0RJI9mj;siTw*sHEokb%NL2_!owc$lMNk18%0b^
z0%5pQjWOn?xg-^;%=F|Dl0ytrr}7RytTN}(DG95CDI+xCYbMz6R-F8FJXk4}GBPHX
z$$6L0uPzfRc=*rCx?jf_Cb)-F#Do<})6sygR3U()iX7eoYdfUtgb?<rpBOxKjs%M6
z{I}O6ea+qFu#Xe{O)saEM9)!3g~2-C)f}3Uu5-VCrJx)tQgLFP(}Zs2(VMB1bW0*i
ziKr$UW+Q?&eEU8i2dvfXgx0adQW@Ixx;+W-^|6eVA*vWwinGnN(Hd1hCR|#N$!a#d
zUb6kwXu;(A1tUK`eRQLIZXTlcB-(k`A;d>t0m<|JxL56dJ$|Z<-uiQb`|{#Fr;x3O
zsy^wacu5JveM8wpZxGD)yyv7pE4vxfH&ckXGjXLwEtV6l|G3H}@ik_MREpr(yLzMP
zg7&Kg@;J%p5;dYFtYO`s-H)RfWYRNKd4%13bM-#JW2m*qS}GQgSD12q{#<hh&slFo
z4O%Y$M&4NX#BNq37nL~R3${Grbmr+V8kuX_PMwu+_X%ycWF6o4z|I~=o0&~#ddwv?
zgoM*A>-v-Ej1TI4cPQy~TH%Qp^&{^!s{6-s8gR6FNzSQLGhW0obEH%WuG2BXX7$<)
zAvEanSgoKWkcc9|eV&8)C{Se-Rj_edy4V@I)dg>U5HvP1ueNxwU4O@oN@W}lqf_7M
ztmX?qJ2t7<GDY^ICZZ*+CN&<GRS(?In{$-u*5@`GV2(BxguXpjL`%VoU3HydNNc)`
z-$#$H|K**Wnqsm(6r<T;^J&B2fn`Ix9!<yX^g7)Zfg|<%tW-ghqQWw@TFydTrbs=0
z^kG62+i+~pfXa~ZMEKU>dSw|2*U&o)3S)@<w;%2)^J}wFwOz4z?^m!(_B$`T51I&*
zlYP@&Z(nqsdLJ2{(kl$kNS`a0YK8;juuSe?K40|BHPVAJ>m%bt%)dhLCe27%CkK1f
zR#o(KCLFN7g?s2LKu_TaAS4aN7_}k;{FV$RYt^(yy0a-l<R`sAFU#yU%S49yoU^72
z+PI?{x$0G`;kSJEhANJ5v@%+8w;SK1U&&v&^q;i6|BTfVhY>MGmND$vDC8<oc7N1G
z<w}mOwo$loAxLUS8CD<JO1HVDyFz)9Acq<Ju+)xPFB~=3PRa|7PUBVj=}rMO8a6uB
z(LPHjMYv9hDcVQ@RCc<NYbo|dJH5EsUMsM=&Sw^V?W3C2lAxV55?f&RZUf&WDO#7t
zh9}H>CI^w1D;6o=4>r#dx1oi%b%D8=^wf{)MIwJn0{NTulvm69BNua>8)29Coocqv
zK29lH%z;u?_T3Yrn}U9x)fv$^(drh?N$d1Qy;>zRXbGQR0K}PEwF+%ug(hKEY%Ei&
zI}k62x37^GhN~4=PKH{(yEY$U&H4Mt<1=FK)AoaM%SF`@w@;tDNg9hBY`EmBr8Wf-
z{Wa}ao%5qi$Jmwo_N10(w+oijk9kePibKAtyf6}Ujg3d46IC&2gAMdc+UlwSNc*W?
zqC8I=HU*qerW`+{DPB<Itn+BzAS1pAU7qHZTYT|e!f;+s+_^j0PUv0V4JxFZ%%=q_
zpIccWz>?0<!^90R>{tSQw@zDpuPE?QS2Xcu+uDBnjmx~i^j!pDWU?nYmxmry`zO^e
zNaL_bPV;t$C<;IkQ{O$++UV!!!g+ZVNM|lLw5-zkwA!i?nLvG&0}Kq8zcY6H3bqXY
z>VCx9!EvwG@o*NVX))r20B!CpVPW-c*mYFcSs&9!#+5L=7SHd=#A-|B^0d}x(c7}o
zrB!Asb{`-7#FFCdYPA4W>D~@+PPspH>q%B9X!GS-Ya;(K`#4(=)=8GnK3y9Sp)W}q
zG)1A?Ss5$3rE|<qU+WRqNKPN2qh7cgHeFOz1%XF<d@<uzBdUmWI@-woX>a^Q6i`@a
z`UwB>9P+;1%+v{NFhswuXW<W9y=Ot@SXf(B8rNWmnM2LyofSJ9W3BNb^cL`@F5N#K
z^5YNcW}P}WZ~|xKJ;z5l*_@teho9E6uDC#T(nQPGnM>_>SiyT32QeAF)<8s`CIsOW
z!DOCwNr3jG!mV13U!@ctXYku{wQvq)5x%t|-vloHxx876bGRH}d04?>9BQB`!z)@N
z%z#C$AroH-wn%vV)nSYGc70{ta({&Nz2pLHh>gf1hEOg9c|7Q`d>1BE7wVjkK7_ey
zA}X{_@qF>i;ir?r%S-zWS7b(SYfRsVTRN88n+T)R)T{NCsYF~K-Iu)tzu!;oL_-;6
z4!vl4Ja9FFx=zyCsWDSzTUr4}Dy8YIQFl3fiTwJnx2F1?t_1q-DSK~ybR$fR{l#ZI
zQse<_E@|$IOO8gkWPI94uiihQf1DwoW|~C**nFE9Z@KQa-<CX(AI4&Qp_homw-XG`
zB;8Cfjq@&T*}YLFfq2^L6L-&S7hiv0;@?2rR<)8Ui^CUQek2*8p~`H^XZEDpYY0+;
z=kO1j;>Q9B>ITbFTcpujfj^#Wt`MQOK7;-~+9HGwYj=RnUV|+!;Fx5Klg|Eg7emL`
zZ=4vA^QaTg`wmQYnBF5s)O_Y{Rm_nkz&lKY$Bm){T4kumR$O-T?tmRU&~zocM9sML
z`YDY+`VrYM45&04gt1Y|v-dO?lhqT%&QY5Wzx2`7?zqLhe5SiU>pv2>MldQb#H@}+
z-=~PCfW{1imet)2zy>BrA)boKFpz9JF2#3I?`QY^A@oLIn#v5@)P07G-mSBOh#<{S
z3sUAdD7_-hPB}aAxV{VvBOJ7jQvaPSsOPve<4a!Mh#z|J&GE@vLGV~kf1%eC@ZG1)
zw7@=1j()igC$IfZV(mgGZTpWwE51Nmg661(*vq~I+q>o!RUi97=e^^-!Fz0)pmwZE
zM%>%7kCHf=wstpvdT9ZB@CF*5j>Nvy$LkK|VWU2$l~mQYAADu`))KhpHM(KVwcR*G
zudjj#gguW{w!h_arL2k{pU27Kwx6Eg0)S-*a7nBwSq>^VkB7C9DwGXn&6u_LqZwR@
zII6y5Eh*d9Y@5C3L>>r4Hfy1momb59d&N&W-wO1MP*5`}o>A}V^_TK4YRl)sVy7n*
zvsv=7IHJ@Z)<4(oXjwJ+J;u~-Uw;%}=AbiMc9Sj}7sQvcPWjxnMh^^nrU|{E;mDto
zc$|rbk6@p`Xpk3;=*klKlFKj3O?`JFbZ9m?Y#C_W+@}D!>s#q4+)k7HrR92tVZzoV
z`THdG5th~Nd=mUt$sxI!E*xh~9zW}9_J_?}&w}NjzoM$up|aGzepxhlpz&V2=ITNE
zC`>Q1rp#9<1bpbn+$?`D@xcvLvfZVxX{}bzrVY|`>Q+%_iTg>a_2uK|X)Y(NQyGxV
z;2#H!J_}5A{)f0>$JNc;q4c+P<|02PG{oAS<QIL+4h8L%2<)k>#G#og6eJ2-q{7&Z
z`6`b}E88$?w5lnASoGKF?fAW80<VixJp18AgN|Qv1Lwme%SFI1amie=nUS)xmkS`K
z->ZIacu$l=Mo$-S<Y@R$(d1x#DNZt+h~U<N?*;sx_EEWBkFf4Ze-Od+Tbvki<KG3B
zGY%D6?cWaAG@Cu>YTmaNbx8z&4Os68B~Bm;sBjNf4{}U*-@w;A^}ikxVg=z0$YG~4
z6O|Iy2TGLz&dv84uL|mw*5Q0gFKB9AqH;0Rxkr{+QI%0L_>=g?JD!HZG)D)qN&P)H
zzCQjrkgk`K*pmii+$X)PKOD}dk2xjWeKpmauF|EA`n?fkF12FQt|`<PZar$*e_DKb
zAI4Mcy+igsRM#OlfxR}oK$X%ShIK7A4R6vkz3WwC0&uTbqsZEziAt&NW<lU8GC;=v
zo!wq(*A{in!nJi=StE8|;}O|8*do6D%5qS?ahn!)vAc%MQef{!ehFFewRm%1oCc0<
zFHdq0kVb1ypu#P_Cve8d9*FDOjzZ4rYqY=i{UcZS`@6|65)&nWX(s=?e@HDqJv&U4
z{dbnu!e%YONrBw@04_R77lJN(W7f1%4i#(;8*fH7#!~S*Np!_SeQE-eR0@nwkRA$-
z!M+=Jj$zvkj#)*Q=#kT*AK{?wfx0+<TrwZM5af($3?nj#^K8UhGsBkO6EijCNQ}E+
z1>b@XJ>>gA(@r=>b#X&<6e;I+%<}cc!URuvHKQaJ?hNBOD_CO^V}PQzuoa^WaHlSi
zlConeW==D}#`G@pXjzAsWpC;V?T9Ug(@kG`qZL(eX#%izcB`qb8C#$3&hIs@c-eYA
z%~6RJm-1r!du+sD(*yb7kB>jF2zo|WK0cEb_|g%pBRPsTImHy4Ddn<q939CsZRKay
zsI^QlBu!3obW+9Z2urJ_EnqIypVUP5C3g;%_5}>dj3$=v?GdA`%taKbQTgg8n#HIA
zs)pFc{l(^GrI28xbkUQF37RY-QrI(f`{{@aBSe;POz~97GJPq&IDhK*d5!M_S0221
zWlluqh-KoBCJ4%jYmvifm`3E=E=zT9?w})?lZQoymV==`liTo*QF6^RkM)lz5kBFj
zFDpX)!4UvY6)#+i20;neA-XaUqWo~ZT=CY*<YE;c_k_M&VNaO8(}W~zo|}=DshbR^
zSRY>3{fj1!_{}U$ZsjP4Vq*${II4cgbCkn$5b{=&WbV+7GNiJ26~~SJxVVR6LAI=v
zE@P%3AzP^eOCWn_fsYS{ex;}V`;L$MLyA^9Zv*nq4Oe(tbvMTg^{RnxWDdFG^S5+2
zqte8(CHkbj+~LI@;AljH!WUT{fq7mTNuh*8?G?gB!u5I0GdKQQQdbA@%b1@pMDonH
zH`_qU-~<nEi;eb&+0*V}!l{sKqlP7y+`Am$s%P2u7t|QD$1EU@XPFgnEc`r9uu$Ep
z4RBho*Rs3+gQWk~3G=`_a=(KJ{BJr0OhMACIIU$=!S_*=E*L9%SG>9W_#V`i&f-jO
zGD_~fvOh6g-P7P!)1-7AOOcykwv&daDK<Cc?~KztZ`fZ_z2t4R*1CwxmGWsf@2H;Y
zzA0?}#~f*_n#9CGp)f1|X%P#MAcjAis^oOVlz63<3{N<3dk*x(CN^(ME@sB9dPFCH
za)%XtkP32!FVf>x(mxr+N}SinQ+y($H>K7FUK}2%JM5QR@5$EFAd_eK;$$xg;F@w?
zpJV8In36ZiIX4`5>TWI%t#8EH(0{VUk*7al_%)p3_J`RX+-)QMo`iGHzQ2WiMRWWx
za_qao?i8g;fX!4t`Xd>Tt_;<B)etYy)>6Mb-<jE44N5(+K09WjgXtu_8+$vg!Gdn?
zN`ut#r_~7!eP6wgT8r@$l&;TS8q4K^%App>mmeK<zi`>ldx(ArvHKY^_r>r#4rMiQ
zM)*m(TGbpqMZF0<m9(ezXN{@)dHe+qJfCYPM{R8jfLL+^Chdv2WVaKQyiL_+C_f`E
z&dAo+MJ`m4l*qxRK*s@)RHdIQZ==dWea6%L2}1C-pa1T89I{|^)|nsvyaItSZ$CU*
z!;=}^cA1CDc+<H=@0;<DIS_O644%BazNn>9WcWrG<lwJ5FDA^Im1yc3%iNwXlbQ3H
zz5Ft&d*XYQgN(Sb1V4Y!r6zUg-e<L63}^X@$Y(Z}7gX@n?<)4EBfno8wA@X>u((VR
zUt3A;1JopevY4oct$0n2Zh6>p=d0*R5=i0_+Eyc>dNU}1gzfd`I}^b$u_&ZeLxh7q
zGY5*wxymKJAwOCj8#)OH4$11Hn<=<=h$)Va`z=X_Rg>wY7ev-#88gE_fu;$m)(3Bp
zBl4%g1~0#lFC5x#ui;un9qlJKkrp?H4;Xs1vhk>@OZOj^oywZ~|D5j=cy9%!&$RPR
z5iJnuv9h(mxLH6R`=&k;X2NJ^bwh%J=^EG2x&4?UnuHorq@cz}`XNw&sgttu4DL2(
z5WeB-QCWVji1&L_9JcaBPCv)P2c?<~{Jb!y-XE*6GZX!{^gz<az!n1+h6T=%+KENW
z+6y$R@B=#|{RU$m9&jz)+3dc1nylU1zFtU&BZh8fkjfW(Q`|P!8kfJtZx;uC8sqOw
zKowS#*RivdE}7-*3knMhg`g2LpRl4(ow7y8I9)a<DO*K`X6?$eZ15X`fJ_A-^|=u4
zV$R&wxd4J%4qJj|>m&+X2|<4MN<kS(dTNL^qYSL6GdOgNxIdo~R8osm3~&St<nQ$f
zX8worIK!{Nwbh^2Ky2_v=r81~vul;j608n`x*Rb`X~@_?xTR{GhV<X&>lbMY)P1QX
zmAv5bV)DohRo7~p?FNouP4_*Ilzl-$)lmt^YuDWAGCX1Ozgf^-)>s)w*p*tsVi<kU
zqO7du#-0(_G?Q-$M*pxU-x5aBJ|QcWf?X5izq0q~CiOvgykjp64P|*KWGmaLcS%E%
zTOgumMHRiw&e&0K=wwzlWEtGywZt1P@@6Jze#f+D)D?ly35ILUnFUGtsovqmeG}P1
z{mtnkh_gW1%CIv<Yli=}moLX%l0U+qGaLEUJf$)&snJYU*^5RpLCM;F4;yXgA?TA7
z_1e@Xr`>upBHukh&kLkWI;$1z+g%RG@l0zzel^7G+ruvssjNj^3+bZJNxR4Xyo=qJ
z5N<CA0{}HbZ@#xvq=Ad7%TD#Jjx>Ja#m@9p&%^hk*)j{omBBx9tH8CQjGV-5cDnis
zjUEMOj!D&#lcDZ?@9+)X>T(_s?$8yluZmAJ=U{RHvk~s33+KD`<s*vpyu6!GBu-fz
zx13HH_m@UFA1R$Cr=R*Kj1@gUOLIeM%5r4p**g<55(1_g^stLM=035zC9O2{y*__8
znm3=II_kE+^9tX7r4hK|zZ&R}a@83-jt_I29?bf~xzprzHk`8n^(~wJI~yw3)$neR
zV}!fa!&4^Tn=z)O<)?b~(x%RMp+>A(`fIJM<|3H!ozPluLiC{+aiUBR>SL6d06U;p
zZXCfZ5hX>bsKxdfX=3MXR?$iPWMa_TlCFl$Gu{S>{azwo$+FL%$&16XCROfilNl4f
zc6h3^$g)?_)@nUXxb}De<9H9MHGG=s3greWl*DYt3!$AuB-YaUA_~Z?4aE?8i1FCG
zt}E&!-}7HE6Z#zpWD6MQ&nD9d;&CY=YJK(HAT1atmTtQ%oHo3AP>Jrnp-=UK;PCj)
zDpt!Grl~f=9%Cc+ZEf?}5|uEQ2TQ!9ow>w~s|YpvC0_Z_QgCBA$aCl1euCo;vi5oF
zKDq*%&ZJ2AQiOa8wD}BX@U(b}-TUPjCtF2x=;HxM@MW=|Pe=Igu0|)ar(M(SVXW+s
ztsod2w5;Uhf%*f?%(Z<srZn=r=ag~rQX{(-p^t~vAI}z`_abmmZ)I$_xF-ggII8)R
zpa<;3XA*eXYJbfCG(qG`c+vBU7r0Vgn32$>zrU>heTGE($%Wj~>DbVUuMF>0-ON08
z)-}b#jbpW5&7oF5V>X-wD14{+aCgq4)BdULh8ed>*iP}zJbS!P!0U@jyy+w_s+d6K
z_#Z@}`}JF8Jgk#7EEaJu<;?jc@^KU66!Q2?e!F@4^SQ}!w$Y+1{o$b>v8MD9UZ2S#
z2I6r=g?7p(|CpH~#<Oc<?FtSc1p061htkIbcp|ijE9v5FF7D1H>JALW9J_UFMKq-6
zXl;v_6QJu7p}xASCb@^|3~|TZq*#D@AsWp&7838U*`V4#!^=a~@Gz57=6WPO?e&pJ
zqY9?xjn$+V+Y|A<=6J!^8CeSo7A~2NbNZTr^7f3hF1dej?M>pvUFDKF<{zLym0Xgw
za;(TC3Zizi?gNseE%6F*#XY`abpl6nq#DEP!}FIV6f@PVo?lW*!fW!EnyO$Iv;R<S
zUy7h|l&q0G^r;N}&IBeo4h_sl2k5%MTP^I_NLnyvJ`B6cu@b)C`w4{jbqJ=>$-oeh
z`W3h*2l8f%BBd~_>xCQW-|=Mo-62>tJvq*Kl}V_K7och{KW7Oe?mZq%^z6x|?nGee
z_o3TQ51USnN0!`)lCO^0UC&tt$MA=r{L=R@q4a&qf?>9uyMP`s`2PTsKyAO!%sUj3
zdVBe1eB=Bx@r4V{!^mMnkj>SRs!t6$+5#rY?SWH9kHR_A&ctOGujR_pH}U(Y{)@4F
zyP`7}0ZChG!z(}1$eq=<2mVDuGGfrP_~Ey|$(<#<p=O)k`e_Mg`)u~R^YM+l?#Jn)
zISkJ-u223%##NW+t=)<rUwR%cyXZm;9X!z3%c~!6<h6zYWdK@vx!|0$uyDyTyt`l_
z7SWDeEZd=<T=hkK`I66}KMgP+lQVVGi$Na+GPZozeI$R+zGCJu3NJ&@LW$@+k>qbb
zKN|9BGU(acZ{S|mr<$jc<r^uJ?u%H8EI;?(mvPS%FJi{HA&1Ccgy#fmM)#6fuGqaF
zKfnBQ%scDvzyXHrM|caL>Vwf3gJ$6mBeBxz?n^#<9$tHU7H<0Yi|F4e2|Y5?Ot~wN
z%3gUWXTGLU6Zo6IKZBuz2H=WIKW}7gEDzxXLnrDxe)`+H(Uo=(Gx=`GRF54!Q2o$(
z0?U3i`wEVM;LfYB#I(t$n<3{;^l$56{dk+2e*JLnx@icoUu5Y!*I^N`FPOe^uln)z
zczxX_jLJ%<rh`MO_20^fn!@+lbmDrkQ`kX7Yp9p!fdp#hILC@A2=xjfTum3@sWI5_
znP>JG^5f@X13!m}MX-X@+L<|nB!+B-LUHk^Ya6Gkt>)1MDW`U@Aj$G;IF=f$I>|s%
zMFG8^@fQ(SWSnMziefTe?Kd2yp=Qb-NKWOEU)3a-CLQZfpcpwq@|d{fhh&rYHOwqB
zRL6V-jMgyHUr2r<yT!&rL|GY^AyphM_7gv88A|wdUdy9!Ho>fSbM!O?Wo*26u;Z>P
zr<RVpL4bq}!E*FWO+Zd&7LvI4F0}HpOK()>_CsBE56+h&k!C*4jvN|BWBl6XqlD#P
zB;z0L!Xk}i^48VJe(^4|XL4bA6^T9xA3NOuhrl%SS<c_yD$YTwB?j>+$mLMu>4W;w
zHril}<d$<X?yQ|CtftQrxKLJ_b+GkSf&NSLD4+Z8^_Vu6+uBiv!-jqNJb~JTje84`
zNAmECtG{7PgxCq?3a_{tYyO0XB{lLZP2=+~y^8NY_z#TXuyAK;E2PPww?>_a;tCEW
zf9Z?~xZ_vXhs~_mcx_&muUd_ZzyA}?*`xMDLv<vV;m(sXYMA)|wRy{nN^$?y{|^^&
z-lX<(wyrt(kXHE3S+jA=1CJODVV~>_lMfr0jw&a<&K#QEj@RzF#n`gbefzPf^GIjQ
zQ}fuq^RpYUZSP)Uo@(YUM&?zEXG9E^bJ+TUAAB1ZefBeEml7M7;yIFwEEACyePk4J
zQHD&NXorv#mWiCjH8L)HPs7tU-+4EF_u?Cv)~B0Cg!t+ulDND>jpX;vnu42tcCFD2
z@7%Q;zrX*l_``o*GpoO)Df=Y(i$xI^G;N_dqo+7zDI1Y;joH?-a>&p7A1%bh@BI`L
zyQG^b2wEL$@zQgZ`w|ZGkM7wGKmNv*m@;t!>yS4Rq34l!*>H;AI{UuqS_Z4%Ct<$#
z(Z})Pl2w@8lZ(9Q)%w>_D|CyQk80k3{P(x<17m1|Slak)UbK+xhCA-UpQ)KWyMJ%a
zM`imEdNJfjL%v$%F?;<MTzTe1eETbxV=N7;$A(5XBIDD!l_|2ktsi%6T?Cv4uyye~
zVPn$}R59m?4dle(gkTM#t2xI_#K|}{D(n&XG6zMt!p^(zs}1dIO9B*CxP?T3lkcTP
zjA)E_;l-y$-jJryQDjPS$0m9E>Xz(*KYzbRyv){QoZ}bXqD&gSkbg_Wln&?1AcotA
zC2+`qL#t86JE>x;V6^I;^<x<2B{FT3HyandNRAki&sa9FBz^wft4Ss~p*)Ht(BxV1
z$k}`l2O}4Wk3DMd;)GNL7>B=PFXt9AeEqbQjv=JNF2YGxkxix-j3X8zl)O%$)<+$$
zmyZbl5vM7{vs*If5@vVdT(1G}lK>+%2X(309A3}H0UmXZgk<=r?KC;joJljR%PWR2
zr}j3I{F$<5zNF<$$|n|-r#7=UhEaQ<#$4J9X>&CE)S2_KGE!5`7F1oRdC>4pS8hX<
z#(NslvCej$ksXtL*4(4W#-IQB1P1lVp={pJV`QhJxp2}pOc>Y?H(WzgEklQxB-FXs
zj_YV0jP)yd^GGnhbJbUk#^NV;{t0_I!9AO+r!}w2cD~KYgOx!Gavpp7Ic%hn-`-rA
zsRbR8`B0~<)tXhT0x#YEOA?H!EH1AuiU8O=97zV75BZU~k1u@g0;4Ir<K74G(vlT8
zjYGmBv({<YRYS@BGE(rD$DX7{XpmVU8YE-zh0?Zu6}RwFeUQDvH$Pr!3?gfup_NIs
zS7cb)#RBH<xtp)Yc{D<;=V93xZ&T`p&9gAl@TY!}&f*$*uPNt3G{}z#HCgeT%cr5)
zJN|S(?tS?!Odr(843paWtN3)Td52nvQNX#NPv82>@S+br^R)G!OxeE4T2S(je?N;v
zwg-tM{ldnUyF!Wly~Fu&-{i-`HQ)Uv2KMV~A`9ci{5OP`#ax~v{mStB^fM-#VdDX`
zU-;bY`RK;EuPQe=h0{Wu3@)^pxqLmIfB7||t=9*WFt49hB+jqSd>em$n#1E`1|P2Z
zBMu^e!gltCt+?%~%W>5emz$kElxC!S@?>SVNBMECZ4qz;ux;@@VPe;CS{WO%tOT0u
z7&HOZc_b1dB%u~dFKZMvVzC<5Wn<wz@UkZjmA)p;T|Lu}_q;m|K_Jia6Zwpt3&Vt0
z#6~`9;<;zQn9+u1s29)($b0q}`Pkg^WYBYO<#42jrkyJf%Da)lB&2W_3wvxRE<Ow4
zW^kYv^|jHucN9mdQO8cWn%cU$c#=mR0~)I4u(n^?SUSIvi{z8TZ(iB(CW)vT+lmnR
zGamIvqR@XG7e2%l?nTP>RanP)d{<1If**b78?<>BZ-(|X1wg}OF-${5PoyET6SMKD
z?#MOt%=&4{(RMmIzCHI{%zSqV&Ym#bm=&>ctMg5uW+9)821fMkj$5z0CTthZkO$&q
z{T?k%VWXeY(@&k*xih925_QdOcO5ecRQd}({up;Y^9s%w&@-e_^vYZ5X@z73S150j
zcIh?}j5DSfk;5d2d1;CZ=Ys`nJ9BLdcH7T?g1F!R5ic%Sg0bCm!o$ImK;~|Ga8KF)
znl9Sk002M$Nkl<ZzPAJyzB3zN|DP`#5+J!0pLO<n)ta^V+kalc7~1(0fwcGKPxJjm
zG#2hF!hdeM&J4rrzLh01KHWc(vqVJkN2Z~3J!?)};dGcCQ$v~OWD=fDTeeZ#`!eqR
z>oYiO`q)OvpEQ4)xPam5TYi3s{53$9Y&u595O#BE8}Y%XU&oB`L(Re@TPGz)BHyLi
zTX*1pxogLDKlop>C_{0ywEl*}GHnf`U;Dl9pnwE-F3Eon+E7$kTc;Jc<GAC^le7+S
zDa|tt519nA&+8wx#p1n>J%!QSSw}{lCBJHij%pipK9`GD?)%}laOLG+G$vha*|oU5
z7^icsgMcG|t%KtUAB#3$Uq&s&#N+^qbNgfGz*7-RvS40lHXLfy6R15(<su9<R(grq
z+InO`Z@F`=jsWQzYE%G6bHv{ifr^ABCh``g@{zVNlJF@Wm6?9VaoCsS&u;Oi`H-Gt
z=gQ7h+TP?H>kzen8}`)2;hd?H!<|vcV}l1%HzJ<2s8fyzU;lJ#em?&7-&Zkma8F~3
z!{$fnYIUI|pKFfdP1k(?5c%UXOCIXSceHECub(9>TD|<+pZy4zUH5AwF|BwK&d9lL
zM~hE#D!x)`++U^9-_BeCDcNMFO-@Cw&Xc8p54Y~blQ;kDF!I;pe6W0_!L#Mlmy0fL
zyyl0fxb1gXxNZY_aah?d5Kvwv$DnRm_&0Z?m^yh9<lo9}<P2e|p?56+Siz27J3Pp2
zO=OvC@ye{V+whlbzsosnXDetJOLNhJKekM4(8%=cy`~;j>!tk~#T_%Y?AU=nJn#@^
zlN?Q+Ji?IThBSX7e|t&JpSd++*!KwJFH#n*#((;y*U-CH7q+X1h^(;HoYf6`_Tdul
z-+S%V-wv<HRrr>cyG`3-v~lwmYB&$lY7Q6Dsf`FZJr_}zW^>{80xlxsC{P2=)&U*g
znlld{a-Q)tYDr~o#<n2pBSidXuiJuqzW;Sx#bIBW0x~3)&yF=O4T$A#wEzJ}09yds
z$rwZn34)rt!Buq{(v0KRTny*cSxuM-g|tzAnN8tQFTZnbkAQ7ZTa=Ow%<^i;m2)ni
zZ2jr!A@av_7Hu81dNIX?=)7q$b`_Q2(g~+x<nW;;8hs2{jYUK8+K#57XDz*FI~|2z
z#03De-(QXy6NVY>jLn^PU(oRMf(`k2{MPHZ(sztW&JwqlrftKi)3R|*;ewWXe)L_g
zdi*V>QhTRoO?@Zy=1Ass8#dyZx$k2Tht-YNEOcMbwA%NbP5JoM6`#iipE-wjj-51_
zNcczPBU$y+%G;m*@3-*fYkpyfvxXjJCr*B<s2S2+zL^VFaQ@gwh5*`p+BkI7>fBej
zE6RYbnc;ZNbEXwft?(L}qWQ*IlezWS1thkIFtqZthoeYdazY%|Z`)z&R5#jn6gg{%
z{2k<w{DzWpJlhQN7g>L`C+<`4e1J1Y^fN1pEmqR_YAD#pX)Hhb=2b>pXX}*wwA9%;
zD{}W5hikul^PT9<Igi<?DaPiWjag|)27N#c$;m*POv}*O`fAg+d6D^=7v6jaLvv}>
zfMM+@ko+m04{1{9$DcnJS6=o-L;h69^?o|neh_e_(SFLJO(d}m$k8I#mPKs&s3BlS
zX0#99i*IS3j-CPMP)ur&PK2Mt{nX_Al(7m?yO0#-U>o}~Y5qdwFY>wPNqR)uHQTuf
z@dfL#wy+KtpFP#=$EoKcf9jAL`$fjr)cO}0=1Aw7s_@~*OAwXAxt8p7tW!E#^zqTQ
zUHH~#r{kRIXPQU0^Rxbr^=L_;;yL%M8TjcJ&c|#LHKpB@yvmOy&r4UV;!yQLYJIdt
z9!VGDRE}gIR~n{qd0lY%=Re0`vxG45RJyI<A_>K~Q6uq-Z~PAy(C(pzxvewUahgC%
zW+%*fe*p>#3(X^&Phlaqfy02WFI_|Xcb&}&W*c`DwT;q@?xIPfuU&SjG3cwX_2&_q
zNZP?4?LjL7oJE7)Va;4fF4Z+@#)>#+b2aDvY1sGdX;aP9=F~AQ#+dW|hwyji6b)12
zCJJ*VP3eM7+wp&wU5s&KMwtf&FSTDSa0;uR%1Mh~{`urHxR5sb26awG7k=nhbD^J&
zS@llk7SFo)(UJ|g;xp6Hw~-aqw%oPf_M0o#BZGGPWJ}V<CBxzexoBw+7Zd(J4*RBZ
zuB<R}<gW#V*v3H|0c>M{KdtE1fy?QoRwHmUrx%p1p7HMm)$1I3r9%f3kJnNhA-bcd
zb%emJ|455Oj62?P8K5+7!(RP(r`<4&Dn^x|vGdmm`P1;RY!v#-N|3f`5%zM$=JfHy
zF=_mfO<OdSqSCTtpec2*p*ZT_(`xm17ca+1YR&AnU_w{6<uvqI!i&o;x&WE!wC%|B
zZD&<Ko@2RIoQhlKHZGw#mTv4&wLh@59!D!_i-YzoUc6!@;<(kD;<IE{<WRrGJE%3g
z^g?6uL$X>Nk45hKVHKx&@A=>?E-tzF^l>DlMV{TcP@0+_HY78hcK22wpPD|o$Z)cW
zxNg&C^YN&K9yUJZQ>%X8<;vP$Uw#qBj2vOYn(($=3EycyCz4y5GFwiP%#uGX#@SX{
zf#<l|_cPPaG(s!C&8cI;@QwFB!kFxIL;4ko>Wu16AxZzpUfqo877_90#%%-&{W0?M
zg;!b0Cg8mfJ%X>_dN(G~h;}k}hLI6yJ~ED3MieiSIk)%qW$SRsd6V(wOD{HBJH=x^
zSmfE_BC}J=R&sGz6o-2G?%8rzdRnCPG3)QQzi<&v{0uT_=)QC94*^F2+h3U+lSK9f
zt)NMeHS0HcngzamdO_{8h7vGCfJb{r*-%(w`H48xipXj8s&S#~(A9B0gk@odv_hC#
z4D+-1+gcc<BOKJ|NwX@gib?y^!$d`^j;w^luS~nLG(uIhctyYD9qYM$+e$3kU4_fe
zoe|#EpefL)p6RDXUz&#vo3=D1Sd;v0-?0<#Q{$%Ly2$xUu_UbvXdwB!Qzy_E@GukC
zk?MPs5<7w?8~2cb1MrpUQ?OwB9;3Ny1lCW)q@5*})8tYg+GX>qhF3SFB`M*%JE})6
zrcRn@!s*>@s}9u0t5wdIoO>3x2;50cjrR_#&WH?YE4i(kcN)XO5=dce{zYV0bN(RG
zlZ~vlhASU3YeIH_b7&ex3x`Y?MS21`Oa7#h-OOR%Ct5)Mgo(vjZSrEy>r4vGhZ7Wn
zM5JlSo<e-~^zml(t?o0BIW+f=a8`Qyw~0pJZ{`+>*FW$W&g2$znp^6bFY@A+Uum4B
zwR>~vT3mJZ6x{KPpPJ!kPlUr|u;pHK-~d*z+`FdGhA98p`_lTV{*F=oJ$)jdc%;$h
zzqxsF{@WG-M*!Ov-%l-e*=c)`leb@f{Y@i-zEW+&ZC}<#g**J6H+`DgB25c7omFH&
z-Ox{+hKNppjlKw%Uj0vajttn^=OH<iCeznSSZ(DNGxs_8xesknHvJ@{mAAE%S9~^Z
z&YugiA&gqX?Ug=y!y|!QksHS3xZ+|`H8uqg(#D^LeU1G;VkB)Jg_h(Y$MRJf(w<`G
zh6UJDRE#M!P&;+fgmB$CQbVqKrJw11SYbr|9(nvpEMK)M9NwnXoTH6XVPubwt0j!q
z#lk4<g@{URSrw*E93P&$r0EQ8<*e2xnYQO9o;uEG&#OpyG{@~o&f>Ro_iilOxf`8n
zMn}WH1jq!_FyKPk4!r1$N$5o*&T=-4xoG7-ircmaqq#D8@SvU?zAH0?KuL)JnY_kE
zV-rp9$k=$KGem#{e|S1~)Zq$J8=uVAtlC|G|9AQ+VM1fd(NKcO7~1c-C4UDv?7NjK
zv7ey%ny{U}=4k#x6;*X~?S_pS<7X2^+(Yl4@D+Bf#27nrxFO3zB~tU&RFon=7M4=O
zeBEuo#eHwg#`IzRjLl9B$=i5U9(DoKESYKf&R1~T_1B_b?_MT3TQ3evJJdI5hoR+L
z^3jD_@WbnG6c%z3%Q>fwL-%epj_+K%M&QV;Rl6453D*z;Rux~x;jp!vHshl2{T%;z
z@@ed&!Bjal(6*6|)CxxNE08*WE*zz{A=F@n;}3BJH3-_Z!y`I8%84*=b+EKX{v8_;
zGy7@y_U$kP%sf+E_UDCYrN1`bkUZMEf?A-kEF^s~bDlx;tiK`ljYkl@ZV}~RBTHEi
z5kVXF7(_C8vsifPYro={MQ<bawFeP1>ruqK{}RBRP7JwH`oc`khSjmPT?liPwJf|9
z(&k_E#-+$!_y%`fDMSsi3dlr^h#;TKgpL+}1bE$P+ZrV8T7{*1s_^CW&oT=I8WK<S
zL7k+nN49Rs@20I=xy98(_`$coVfIngJw3PeQ`gOP3cFYH&|*FF5(+QmM7p$>?ZCV&
z3<%jvliyHZ)!by7?BC`^yM~OXQQ;!ady1hf4R)NNScQR{jOUgVmz$wKX);Y2@R<o)
zT1i8>!)ch8b>%oXD{l_BeVfYFr;GRQ_lC1swvtP8<Kj}2kx#-ZQg2)+AG+RDu;0v&
zs|)2r&qc}$cNbwSwXxc6FEWgG(Z2r*6Eo*enm-QvK6&%cTRiM*bE^5P+i6@ngW793
zCgIgzl0n%`9F&`7wkOmxTeo!HRHrZ^lX@q#Bg@slyan@Dt;3A|o{1qd&ooqSCVy=2
zi@3$!`_x|l^OrxykG}gY+UUzRbx_Z3U5!j%+CDkW2VKK@B8(#E|C#3n#TdhKm)6(0
z_Kg60Eay&i1oX1%CnpuZ+`I38fL9kS!|B8O;cK_ujc<Rv7+<{bd}G~Rdn`tF*76@M
z^2CNI$ko3-uJrZksHVik>%H{)V%2UR(jb}C)JW8D)!Kmql8a@CUOW^2?MvX_vlTUy
zE<&JdKTi`U&y3HQB{A`NvXT-gY0pKR+FM>Cy0ZRtPLJ|SqQchB{7g3`c{#M{r!4+0
zD~&9^qU}KLQ0_;&9Wnp;J^ZI$h}yy9xqmP>J0}q{M3;@GA%-FR!ZOvDCoF<JksSO9
zZ)z5G*QCFDE25XYgQ#V1aa%bWsZHsE=sAy5rWM><cq;0;4KUl;X)j|#z6_zJ3`Pzc
zw>?G(5pgOMjI-VjyRdSxJc&=G_Vy(v$s~WNi(W%?!6wA*+KAF2lTe=18#Ub8P1;e}
z36$v+fAKzKum1p>_a4CMqXuxhrb(t#k@muLE-G`Tr>vVgq_jhwiaH=|o%P|uMffWx
zoWD!0!YSuoglAu$iSgscn7XGpOy|ZhRuf^wZ^9pKJ1F8rgM-Gmt@DaU1h9YiJT5fg
z4kyRirE{l|!M%Fm^@SwZTtHy)Xh;m(sTv|hjgN-@>gv3LR6aC3m&H|;UGwrx@Wwjg
zhT?AVy-?lKoW}mWd!hE=o1rY|fk=J;Ib1cmpT@8CVJR01f^rhTe6C#W$rYt~g_IMc
z(PDiei!=tLZJT7nm<ZbOA7L&HriOhtlKeeI+l6OOn`$JsB&#{%+cGRGFT)<%r%WSh
zvQC(YG?mh%O#g0qP+e+?vvNtp_up4v$Cq!v8v|%wXfPKNX$KQIi@(Y!nVRPf)X;Wf
znZI_|%_e`Ue>NTypxz&w58W=MR+JM7&BvFWi>vUOTgVkArrg89dEdGAi2!>E=T0;P
zOn0FUTP-e~8r;Z^MMiRO{qtXu%Z<ZhI0xs<fxYm;`~`UM&3U-`oHKCdq|-34e?RWn
zki&`W$!14~PTV1&A1%YzRB>x14&%xUh~o58&<o4~V0Q3zBox|i&0j))g}bQrTaT!X
z3*p<dk*x~NK;#YQP9Dn<``mgGp6RITI}(8mc4kQ;8dl@v#p?AKJQoRS$gy)Y&6XOF
zP$OatEGysaU<~=>wr75tEAj8!Nm<sxzj+Dw<IQJ!+z6HAOIyStfqPAIE@1SWe<Ett
zyQmv-I_kI&ZXhF<R#&xkof>2{!;;1R>d9nf2ptU#lE#BOW%$bWA!=_vaaaof>UrD_
zjwGcM(>9Lrb<X85^jgZc2+?_iP}iH7<n$pC?SeoG2}>MzF)>5bQpktoP}s06j3ZPM
zx*c})WKvl96xo(sH3#=0n7<Ag>lY$n^T#AkwCbPH3$ZM#v>mIEoYNmwJ%*u*Tg6qU
zW}-4F6<He=!?$BK*4M<~jw>%m|Gs@pa*?Y;!|C%xLxTH@ijdE_c`H}1r8$r}cy8Vz
z4DFtcQ@ayiO0=5WS>1ZiefY`M-{cV2NYiQ9I4l`7B^@eb`>g&^L_~Y=#+u<X@2SGc
z6>(B}kDP3?-I}>^l(>waWBn6KLz<2(cHFz!(Q3aDE7Ospm)Rv@W8Yhqo6fb@>;SHw
z?3_X(d7PZl+AytX66<vC-oi0G)3zvks)Ew;CUDrYgk-N)b|oX6Yyg^fQGUJJXYyf&
zG&w)a#Ao~;%4<aMc6X}$YB7t*-&)T3dx552T5CnQY^@gX14dX1DpTe{fY_C>K4fxb
zZdhy9#QGcA2WUR#lh6GJ-}(ImIJHNPA$jE_mNqJr9xswfK<97Sjw${7;O1+8VD?v*
z7)K(1dLHStnprsz>60^Y^S!L(J20HarR`qZk)+Xhbbs0v0*(N-tKw*yFy@uxi)T9z
zh0-3M>o;w}8*k6XozK36!5Q4Il-v5qvb$c=k<^Z8#oo(Yfp-6EvoML<PL1O}tpmB#
zzfbR8I6$MHxzt`%(kw+((Qd?Z7&ltviHjJb`14m*aG%_Ri03}FF~!uf?cL%LtvYrH
z+JcSSgqhw#iyl(AK|RApfA~D2mcB_%;9wF%ZVsQ>)zf~7bj2pH$Kk3;X&$3Q484Zr
z5CUvc_%-WOe4(F@+q-GcU|(4=d?bB7%IVv;9sYu?@RbxW4ic!u2w9|c)IAYQ5v+{f
zX0P7pxsP+pv@`^|4W(TD5y<L_K&K3D<Hk-mmRe8|)v!#VW?FH{&?)n!J%jz_ltJ3Y
zz1uwExpNJPag`y#NbAPdlya*#F?4{(WNHJG(ivtCqThdpteslaRPM)_)e}MC!mZjw
z27`&5Ot0NMq#-oegfP<l#rjS|+QLYkvSibK%9Kl5P*ARDZs8WQcOxNS986oJ)knDk
ziK#~W8M}WwVt21Y61UN-OYe#rZX1_Wn2&PA<IH|tkjPyTwrtBc^(Ka$mPm^<43*Tj
zm2l{&fU66)=5IHX!RN17gSDK*K8*XCo;_-yAr11Yo?$Qz?5^SbvG3h*8@|bvfwH03
zlRFZ~Fswdan&VWLg=&3QP+e<CQ(Q>9QolCU_um@VHVq%^m?6jw3D!tL-n+}ZM1;{R
zpjEfITy&xB$d0#DevGz`G98kOcX=(NzS2&r4KeOe=Dl}U`3T+9LBoO~8gVRRImP#h
zSKK^lUw<?QQ%0d<IQ;(d9X~PKr%6J6d^ESN*3X&9kZ114f_KPA6>-&eZP6l!bf5Hb
z$ge%K<WF^J4~<Jd_~>J}@qx!Ng`+-_HPRrr@Yhs{c*Z|-^(Oq!8RPMbAAXODfW9WW
z=I4(Rs>~ytCX-Zgey$<1%!_mF9|1=I+kY7~D4{ejved2(%U7;hhxZqLjQeKJ1;_3%
zWK3U9_OC_(zhbp2OE15^&b2ZxlbeZWQZu-L##!foxB}Rvxq<PBJ*5}M(fDU<=PU%)
zeu%t{i`nXtRFHfbEmsW<2G>@yWv^m<eEH)$QFFzgNQ%f&W$7U~wVSvIOG>uU()l^0
zh*fV>14T`jhDG@cN+X!a@bM%(+O~|c1w>TXn2B&2p*g&asxtU0IPa*kgvSz^n>fHD
zHEh+q&x{2br;$Y(KgRJ1Sq@3%ok^}vIV5o;ldI<d%U?J72$Hl0Qy52b+9A2*SKz7V
z645QE3|t`LD<x(n`*_?-JSbx<iKB?8Fp=yP#SQd!YAqR$_7;|AQn(r-O@daZohwK>
z<C2*+H86?9CZ2JUkOt$44fh82hTS<tL(=S*_EV%*X&HQoy-2aJDWh!V`#s{Ez`0lP
zjElG!ZK-LoNdiHlDp{gAM<*s8Q6!I1`|=U9XA^wPzs$hw;hfPM?*20uk5F6=7iotL
z4YNw4utWQw7P1W1?q)ocqi;6)=4E1RH|{yi`C^;*QuC-Pz$9$lOC}N6$?d1U^|fDN
z=-DIj`Kgnrc^GLljM-V4MiVV<_0gPAY{;4WOi#Hx{*I|DqYXGCjUF}p_!A-IO&$8D
zlaEh`bA%g5##vA6h>8B4D9&Q9k7j-RXoN)0XtCP3UMUTI+%&b^jZA8n=(N)J4}W<G
z_r3f!ri~tGc9ikVym-&$SMQeQWxlm^9e#Y-1^B;je<M6h>!sbi4>6N){XdLf+rh<?
z`0Inwx%Q8ME2Z{dMxkz-T!Y$y?K^j2!{)8nyloq{<nO?y{O!nRha1O59A6mA6=W0R
zOaq|d+J-*4ZNo8`q#$~nH(^++f2r=(=_?JRB@zb{0TN*mQIG~n1WV>kH1ACWL}?tY
zf%lQnq;m*Ztt+)pJ`pLBNEGb^sDa|AwI1*}yNXbQrXeTeq`fmgHe@=AY?2@uqDHc4
z2%jRB9Fj-Dyf)7Zf26-0?nFj6ldi~}G<zs3GQ`e{%ah5AkP%BZ$si1rwn$p1EDsB%
zBNA-oK2o~jXN=F!@QTysL8MTcLuwcep%z9aUlFn}7_SWZ^~#qwR31Lc#LOFl%^~OT
zLKn$pfZ?G*N8Fhok-!)de%bd*;*e(l9^K5j%0hKU3js1aQDc|tBiZA;Ms_GM)1%Bs
zg<#hlK{K3d%78M}bBbdq<@Ar{-o0EbF?-PxyvyyjdgtY!XV*OR?%54}d-dY42eLCW
z4GF3jg?Gt#J{dcUQUsOpR&#nn0txH!a1_N9fwVf>LM@s$(ds+xlP#@UedEW%LoQV1
z&AD#H(yw-dP&piLCz*tw0G3>ygvuoA9G_`uG^_=au=Hf|Va^Xpt8mgbNdr~MyvRk4
zR+t;@@Q+GQ^;jP~1)T4AD?fm4`0@A6bQy`OydFzFWG^p~A42;A{6MVd;tXC@rv0t=
z=o6QbL$!-(j9Jqwo?o;a(}!?7Hfd>DAFZ5{S;noUS)RLQEAITkRk-Sk%aNYOc2wm?
zXZ?O6p%&j@yk68Tj==>yJ_xASaIT#rpoU3K?^L`x=RUp6PmQrU7d5u}a@5zheW^{W
zZ9+Bn$9qH72B=}uu-*fYK8^>Teg;EFoPzxRr=yyhxhRq&+vO?+{r9th^s!OVdDEOc
zG8ZNz5l0i)i?h*qY?%6fLyeawgz?m96pcTqFPDv{5t$-oG3i@>p?Dfk=m<~h$snJR
ztRRHBjX)wOMA(J=21po!>~L8Dyhrw^E1NAF$R<fY()LAh@l3aM^H9qn-I8Do?!5kc
z7&df>8S-tkb6{96rATS&Cu9?}M=xQ;DW4)0nnM;KNfp7=eJw@`iDv_akE-vn9Ga_E
z2N$|)Q%~a#2D>;6R>qZ<ntybxopm_TBc6DYY9YifeuU-P;ZBB;eEOAgXiplEFmVdS
zXEh}DeU)FGYe$hSg+*qFJ><2`4;CwpDrlctE#5HYPI=^XUcm)8$r_?0@sD&`sVteL
z`StRsMI&59A%C1hS9Fk?;*hiH*z5Ls)Sk>)oIdl!2a8bs+dtse>#o5-t}Yi2Ey@GK
z$w{l&g<I>b;)i=SZ+Un5fG{U<{$(NO2Uc<$Ho3;qi6noT>-~%0{|P%-U$oM<oa8Su
zoX$l!WyWUF?tOUl*Vp2U7hh=R8LEtwzA0yuVr%^I>Px8Fv_^z3jy6W%@VB{*6LZlY
z8v;_}=VViB)JAUDp#D_K6(M>shkL2%tKi~^SZao>X3iwbw_5~IKku4<!!4P2tI@xv
zeefCy&rf74*k~xzK!*N=JT)=g5u!Zo(P45OCGNvox1;zyERiN$943eSHz9tKp#aHy
zfL>+Br|C|K`B6(!mB%@h$>oK3YvUd~@XH_KjMFDJJ(}a_Glp|BrMaLw!=!3EWEF{q
zn743Mqozg3sPXZ1d-oP#*`}??<f=;%*+UGLCU~eB?39vhKGY<W?VyvBIQ4-aUY7Xk
zzB*-TYqsqw#2&_pp<V}V!?bmtw1{BUhK=ZwmSSYF>1k-PnB<}}SB%EiTY)V*h&`D<
z&G$@T8Av;=(Fd8skzG3(?iR_{hpK9vs_BW~YM6(!`uD<X%T~ir5_k(qpv?W)I@cWH
zWb>Rv0+_?;4tw~a);9!#Fwv(}3g6weTr9P3|9-9jrv|^CQyq{K$re$6>9sfT-QV4d
zE(x(1n43-G?wp&<=Qb_*mL`8|L7{oa|9i&`IPdHkMq?jIA{D1|9Tx#d08hZOw~aw-
zh;HIytKsKRWRGqf67AXrb)|(!;#{&4E=us5Aw;HRT9(ikFuzj$(bPJ!F*;URY=hNU
zUc6?nv8QcwzcHCU4Ox^!E00az>wHKUsFev+aHx=-ujcm{kMg7d*0UmrbP>;LS%#_m
zwjp=x0<59&;r}`J3|xHvxyHAKk<{@YZ+E1QRVGu^fs$>o-W`%mvL>?weRu0FY~f;)
z!2|lYvS#B@TJ}u!-fHzU2X|HeZcOD6oU}(4Hgh~sZicuciIeh}nURj1^iF2zSjKoY
zP_ImxI9V=BSFXaDQ%?65m)Jzx=x8z5f}VdbT#i$?O__G_(0!3o%^fZ*E<-LqJ`=ew
zaio*=fZ;v5;={EY(2oSiEc~Gd&Hu~FNyoxvE4WJh0J1VU_m}s=;6z5!9?vOj89%Hh
z^vuJ{OIM=qH+SKdpZ+LZw^aTXx2B4(MIOCr+`Ec<u6t1M{o;x0ZzAjO!gX7)mOF)v
z95&R{0}(?rvLnxQN>65x9)IRJ{NV0~Fur##7mmc6dAX*p(T{xUy-nnY#QR%!U{c?n
z_%(;IC!8`?QSgJ~*cY>yh}@r(0s&1xa_$5}Kn+1_{nX)j19Ct&etAwE)EC7E4<Mnu
zh+p#D6H_El?G$~PW{7F)3qQ!AEu$G!%X17r#c`zHvBcfdu#L&n()f-woR!DK6C&Mp
zT#Ql2Eti5M9PBMT3{^(L(;gebme1tsIMf==MKyU_K0;M#F?K~K;_55E3@yko<c48e
ztBy4%o`zmUg|{CXMmxe)vURMRCSK)*^-=rIvUkG=i#|pLKTz~con2cwD~~ib@4WW`
zlDVauv|KjLaQd=^*R5+<3>&U17Z{ADnVkLHVL~fU4I@xq_+E|ZnvGZI%s1LI1@yZA
za1^b2B6%dM=DxkRU?Hma78x?4YdO^xBXdb5dT_30*i4Ce%DI=cDLRVQ1h(zr$N}>q
zSrwn=q7CkniAUf4$XF+kcM*6yaUc}D-5+E_ZzAWX&Ro74KfU#LSV2=qa>}DE%cEr?
z((lkg1B|9#_}ULF4WA3U6l#!XzxSbM>ynWMdEb_g;@G-<JMQ@7efYthf5908dze-9
zn!C+M#)&72tZSw3TO^ZTm@pQ1|N7^S{2i@;I`DHx06TEu*U!3!*T%9jUr|s*4d6b+
z(5#7ehR_ZXhdH)1K@M%%PV2B|$N55{MgER+^2awhHuOPiX6i^9jOI@*zHR-RD2Z7)
z&BZ-IE;z~Ex&+C^J28KAA^v*x*Kq2X(cxIs;j~95E%j&kky2Dz?rA+Kq{?3;a5PsU
zKR;_e)@|6>rlPA;w%WhNOPAx}+3#aCcX7~Ga27Xp#Kk1&r%@}|tpTIXnHd=v&3A1>
zF;{TY*>EzSlAfH1S*tf1LZ)XT3QZ*&^4}7-anoiz_3BKF89)tHy?ltwA)R(YIrrGg
zY4a~LFVeVDRcJ_LB&jj;9GRb)v*#I7&RiN&(-QeU%`j!0Upu~MSNwnWz5+n2VtxPF
z?f`aKa+B`vFaWXjs#sUA-HO=V@w+xA>cs>b3`A5!DXCq0fn}Es*zWE)|L2|aosVzV
z6_Dot&A_*(Cf<2w&dhV(nR#b@aw;DBzn8eRVS*Azu=uCt(v4=fE*#Vw1?3fr5L@{Y
z&2j&*c6evmYHZrN)w*rRd+YWcc;xw)@xr`?ICTI`YO&IbO-!piL=M^0*PSGL$<`!1
zH0>NUcTx7L7Ux)J?UCyfr$;~&K&P()djSxm(Ea&^+ECI6ukt+j(wvFf`D3pa^NbCj
z3_mLE(=j9p((!wer}$9@`FUGk!Y$=J(XRz#Ht<6F8oAO{k?(`$XN;?XzmV)iw9ngy
z#py-3^P<yn-kDPssSyp9)u|khu!)9p!tlX}&ndJIj|vpE90qU8`Ww%AfD3+E3^7zI
zB*oIm9nQR1oqkSU9_Gyd9%0-iLxy-Qt(nwI4{8H9aEr9D1N$M&VcxDqoMbp~$iM;Y
z#kq&EXoD!LIEh;{xP57o>63ZiD-$2qedXaW{t?@6Qr5EK_?rbkVNGf}+HjtqkP$0Q
znRlE=8>3VDbVEefuIj#3M<l#BF%~|E#8HeVd(yw;L8`2nA{iIi8Bcuu1J+S9D^Buh
z;iqmKXMY3_A@7b(>X)p{?$@~k)+DCjK@JBWED3BM8j4eB2QwjqyC;d21v-hpp`nS3
zX}l1`^uPMyC**NKmcok9R<2oxJD+@>J3DR0<X%x~+JNl7VZEn<r|ewPz>m76+f(t{
zT{q(1+iphZj@<D`>XRxDNku!2Kyw6|*YxJk^p&$9z(z;99dUho@@t-rb`AHg4J^wu
z8xU#DTRIX2Lo@@&$ceN<`s(>9oXkZ5$+ZnAq|rKG-jj)~W^Rs=aECcryVj3$lGLYv
zYvpkOX^Qr*o(8T1XkMmMdK|KfDlm$}Ti0Jfvk=??LOKeIh#Ww4$Ha>eEv2bsc`E|q
zfQ692@ll=e=$!f73w4!}Px5m(Nub0faSCbscHts?^4p*2M?=@Lm#d}yl7y95*~J(&
zbnxEYNo<H&^7QZ18>3>naItI+NypxIOy<$amU6!&BxCN^^VR;lhdUpttf}1>Cs;i)
zcOJ%bKjT_4C~lKe4l*>EkX3;3LkFQlSbK*jJhi=KGOz8daig#?i=>9c*K#tnDO#y$
z4%xr`@n>qc7<p!q63gH5auh-(b05WgjblDUK6xf~Fb8(&h&XBjg#>O(IPl?M32$QV
zf-xh8p)0rht0wWb$fnd6F(ovlOBiPTuow$}U82ky{j%hDTy)=K$lxmTA)GQGGDtk)
zUz`+yEWRn{sKBb+B7Dr1zBm5o3IqoQn)RL@EuyFb=sy|(2Lv<$bO6IyPo*u9`6l8b
z!^3gS=pjhvt`5PaS#YB<W<!R7t=3-o;vY6FO(cK@J1cu@WIa2=N0C&BUNWuDXOr{|
z5B9~$q5ddmXCq`#+zC$trG;mi$O>P()=x5KYxw2#pEx0Z4O~U*O(WJ_l2@alyad~-
z8u8@qH^3Su`X})nZNF9rD(McOiJB`;8;4!F1!}&N>JWL~T5UQYG#Jmn^FM6ZVh*Jp
zF7jlNKat_LrOR>4J0D>zHD6*l*v5ra=PV{r@=D4uam)a2eMc=Ho!M!dg=clh(Iigi
zoiY&{v$>U^gVssn5-r?>$WC}{&OChi?GI{k#o@|_g_p=BnymlMnvDTmkm5#-l#n)Y
z@>j@PCFfIma-ZJ`V@9g^e-c*Y5GO~umes8%jU7#OyoVw+VpdAROKxR2IWnXzzS*#q
zW~M$xAs2*L;U(;$I*H@ZV=<*@U^#|xJIsIpKNN6iUhEz^I?0a=2luBYa6@t$9_H%c
zgP9Z9i$mr&oqIY~CGJ+MzGb0}I9U-c_z#Ngh|j+N5l_DODxQAhT?CPYcjfkKm9njy
z@@bZjgz}?_AzA5L!;3}FJ&MbxU7&W6vFfVj-xf@j*Wtk3iccR;Yy>m`Jh98~ut{%q
zO6|BhapK5f$S$mdS7{~!NEjL&I;Um{iWZPx%WPGe-9C~Rl9G_W6b_w@3-ZRSkr8-w
zXh+QGABs<hb;31WgOI`D6!9mzh@&UjVal}-KaranB_VzXJJ-)q8X<qO=tJ!NbxK|b
zpRydRlzD%*U5!a6O;BEyT`*hPj$x0-b6HV(A&0Ef)ALn_Xw_Xg%6zpD+HlLFZM4T<
zdY$vBwy7*w<mq5KKM7-Xs1n)g*f>1+(i<2=b15FgRkVSQ9jy?DEj#w$va_ag*pw^l
zTR4$Z;uM>DQ%;_Uupob>brO4?;v}v{*@A^<V<I}@hS%T2S0sUA{=*_&7HJUw|HMf?
z6ke2JS85ub<D!D3>|BIU<0u+b$9%}}@2ZSk+&Xyz2KDc+l4*&bbuBAbuNgN2i5&L!
zBqok8p2RyLyc3?A_aol=--l{=Q)G~z$a667sH7`D6%Qp-@$mX!oP?4^L~FD2(7#7F
zJbc?t7}B#FmhMPZ`{_DHEBMI5kiN8*u!bw2|A{70WEGjkcH$Y6Pely1edV-UX%3sS
zv>CZ*e*-u@K#Zl&`SlNO_QSclB&Ag(p7LCr$Sc}rS^2&`JsXiU1M~jVk6`MlC#w$$
z$GWQgGflZCAuZf3{N%ZI&WnKC6Lij-eVua)0jqJ6qckonHf=&<c_DncM{Z$oCz2`0
zuE7?H{$w?<3p*|sb{0q4NyDeeA2oj?xhus(BO(w|n~&IEenLfFHpUL>!y&bf@T{!C
z;=(F~(42;Zk>7Feh^080S7}h|Cz?OD+GekC2*L~bYm&J}++n0+ax6j%67XAE0UrO)
zg&g|5yqUJ(5Ry46L8Wd=M<z#EL{VOxkA+*dBZe9#YvF=CtLF!R81mhjnS<C38_|_R
zmtDAmRfhGfI7DDM-<PvGNg-V-9I^ak#h-Zag_&H`P>pspf#SI3mXI=EYGlMP?-0(J
zyW_g6Xt$7C>+!zh@UWGp#2LyDE^qF@@;<lm>cNh@&PFChG+EdpB&-vMP-p)92f{pD
zlo=7xxG8y5r>-*6+S_R*qezGK4p`bZF<tXK$=`wvTe#{tOzrb)p&@={4x<c*W^vx>
z^S9lI9^Il<JXUxsa*;!vn1}JC=I{LlzoIKOhHAwx^DR#O<#{xXAb+%c4eAQ=5ZSde
z^WIM7Lt-!q3QriHC5MD{bXIxDJxSL}+wofbINo;*FZabR<1((={&QzCqS^$Kyz?Dn
z7@0$tl2?Qg-J|fIOD@8oetocW`*!Te$VMmnv&zMaPc*b$NX%kW_h8q~L^XHX+QDXD
zGFY;PaxSYk_ws)Co1f96YnVNLkx}Z4?7iHcby(_+q~(|=xhGQw{@9j`OD2rMGc->#
zWS~jVE%K+ZvI#3;&G6<pj^JzE+n=mfeyyV=$Chn7@a^v_5yic~MQbT#ELv<K$6_z?
z+$oc&Nu{kzIxCF2(0`6A1T+CWu8QN>3S%_}{(ON8b93<didggt_C{$?XEbm>T4fWE
zjY%`d#!85aD~A`^>Nk6IxGyASAEsZ(`CpF=>57hxC3xxC7cu+Q7ZKTSFouj6i9j!R
zwDEMs_Pk2$pubR(Q<<sQLh8dU+M&fKn6e{kV&mDwAvc-x$5zw)9YV|&`IF{3ENv4y
zWp7f8KCV4w4DO?rqg`8)6DhkRTyBSug}(;16{IYpXv+@xy+yyFJv(pdz-0*7?AT-o
zwMliLxy7ZJyLc%AxRkv^SQvr=0-AMxe@$TT9jlX+JNX5Ln7?2l?tb|#E`X{-DCbz!
zP}^vAZt@xkX%hMpm$(NnKQNu<H-_0Gv;0{%<XYZ0F&!g@tA%W&a)0i2>@;QDE-P(|
z1a=MZ#k;>OLsfpRG6vs1B$Q!IVk(eGTz}`Rxa24%a)iV_@yZ)mosh&iZ5>oT9K%X{
zVw-T;jubq1^~Jd8+_ROO;z#0W=`2z%i(P6+?&fWbM@+k5lekD2{*?ZSGIkGXg9V$m
zA%4>qwdI;DiV$0Nb{XmS@A6{zLm5OHnz$<&o8q^r{m|u^>;NN2s~u}8r#x$w0P?<+
zT{>5m59XX$8P1jk6hr&>K_bcB^2Ag`QSN#U5j#2|h2bQ%8%P2ZxJq|G@1FK;4EH62
z;3Z@!tbGX5Qj@W5cLq8H2bvmK%A(4X2}#+jcpMUyJO}~Y%AGxCTzDq#z4a!p&W=+4
z9Mcqk)=#vGIk~xNxPR5UST%Q1J|fx#2kjFthh*)i5~ny#0PT>R&?lMzp3ud2c!igj
zTN)ABZcA+aeL|BOon33;=@W#aHXS*yu9Z$k8U*^4?|hdQb7l^wbds_c)5>MXUhm<C
z+k1y$N9-!R`PGk@Fk!s<B9@h(2{fP^L6Z$t4Q^PQU%@?M-4p>loU$CYxCA@mEsJTI
zxXMti?iDEI{vkRce`3Q?1}8)J#G`9^EOzFVVmx<ydFtLf)zGAr^$A7(1RCicSsA3R
z3UTVf6}WGI{S&%%3RRjD1)uUK!)c8O^7Dm1HNirj^3qbd_X&3m;RlWn38auOtCMW)
zC>^j6zg25vG3%2#c=+Ql(VcVUf*HPs1VqA!le#IVqW$}Qb0QwU{xV!~@r7z-@csz4
z#396`BZswL{b~WVO8!byDQR0W$+-}QZX_W;ZQhQ!*!5_vt5u6j{Fpz{5?X#+JBo~D
zG&>TXkbt@0%*VrT&*mPz)rckmsTL9|9&AqPgzO-(BP$nEhYi3zx87*qH&)_q&B=WU
z=gq|kov3YHwtN-p8LuCQDAn*dpG!!=N%9g!(v(|Nj5mJzo!Y=$H3TXeL@_BN`D`r@
za!)j4MKpvQzhei<_)mD_qq%tgn+5oN`JdRZaih{a$-GLb(;`nxdF8rQ0!YC`d%3Hq
z6l1zabMEG7HQ!OD8Vu^w3%hsi!ZOhqavq*&<18n65)#-&k-&6C76<h1p^RQjTCK@o
z56kCL?qSpb&;0RMbnx*~!_Y0YeU^XgsE8^*YHq*q9Ncl^b@rX1Bt6HU_%GqEI9sWy
zTk!L*_~h$v@ygt<G5e=K@Xe3EAuTN#J)<Mhksn18?m(U8R};VkMeO+YrwQQkT|P%$
zI;+tN=GS3WPBwn#*Lt+CD=LCIq0XCITFK5JEgKA8%TTb~KawQSo$;4&xS@#+{1s7c
z*r6xk7aE$4Vdr1L{Vr#}{RL`kOK|d(DM%`B#2OO7w#Op@6#Urf2;mdrCz?M+qUHX9
zx5a;3H=2>Z^lb>=vli(^+#-#Q{YwwugTB3b+QV86y8Xrpa3V4*EeZ)-bYvtNX|8DQ
zvbEe2D^!s_MaY;B@h1etgY&y$NS-!wySDeJ4a`YSLT+vzSJzf56Dal6xYn`^<O4!F
z&5W#UY)?p}{krAcbzwdp`{YaPNK414@Q#W!HnYDb>F_7>u@)!q!4)TsrU{Ol5Yo2o
zezmJ2pY^_pvFNUWzIf}4h3M8fRFNf1v!?P(LL=lUl4PTTdk_Ebm!(MDM(r23S}Wmx
zyVaaBAoCwZHqr9Q`yi%7WS-y3HEZ$p_X{!elg}}SL$G3Rt|f_;Vi#G2v}G5Sz=LG$
z)kp3_ukPLKGK!ylIgwMefHG(8wJ#SSGPI2%V|FrY3oII`KtCUZ2l?T<joYwr*-B)j
zq#&J!j%6=m$&c(FQd(Zl@+c<>FHk#VETO+II2ZEuIbY$^-~WUU*?cz+&jxsTAdV(%
zW)qY1IS<iVtt|35I=OC@0Me5Xz?9-LjEsrIDHFyjGAsC7BrttfGJYosjBbqt@<XF5
z%Vj<5*A5acA&nAF(zD99r5x6MDfe(cZ@e}42SjxVrFM@WZA`bN>=ItG!{$$E03$ke
zP#@_9g@webn2T$QspZSZp3F=nC8yv|YWlumnZNSUXZVn~6qb~r6Ni+0aLBe7>+!-r
zVmT|M8e^!X7Hzs!*Bs?+?c9<}6TsHcIq~it`H5R69wtsLvGw)bCMXE!OgR;A{JI>C
zB{>MoO+vC?8yepg9SU2aR-BL-X&_vv31Q3EijRZ8C8UOHjuGkRf+Vhn%dD(NA5Kgk
z*r^?U-;{_xY&=0N$Fz&iLlcLqH*jSfC(<ZMMUv)S!NJRMNFk*KXFin1j~XO3)GIj2
zefb>*XOcgz=44zU8Qaix_iAJpm&3!?A1~Z@r`l#plCe6V!;s`Li9+hBXoSSv#qHN!
zjcgK!xvSS>a<>RI56SA#q&|u!u)(Df-8+OJlH_Ccww?HV%|?V#d)9}fu_LuG0X&y_
zQeIif1yIFE$}K=9?b?ZEMphNekf_WvwBnUa3x+Zb>%(V4{w^5Y50A{aP3@>7&kjVp
zD)LF3GC%Q>f1QV1=Ht;fKE$NqvJtSU#grjGt9Hm@fI!N6a?eO)Q9Jo4&9}IaybPf>
zFFdp@+7b`Z2+9y?VQCpsXcsZQfV*^X&e#AB%bwCbLTRyDYA_`~{v3+Uq~CgC`~Kq(
z*yokWv;8^AhgGM}V7oE%?kr4yawbk4-H$=t)v&hYL!9^(vML(bu@RlrR%Sn~+kn|L
zsO`?7{Ag-e+i@jsplx2E%qvUf`z!=4m}D=8r0<j-ksMYQ<I_TxfU(^o@#BJ3NJvcL
zf|Y(M4ND%C=s)-)ucSB$FRn+o7(D;bz3_SYb$q&JJx-18N|`xF*XATwvO0JG&9p4u
zkpzDZuRp`RgJYs1Z9e{bu*zLDo)@2g4)RIl9(?m7oHBsh7;+><>Y9a@71|WX;Kzn1
z<}X=}=Rf}*UD^eq6BqEv%5yOyUdlx!`SN31>`Q!m^ZCiWq7_DhRSn~nc*YO!jW3v&
z>-d2nQ$a)??VJw*tpRktGT(2Gt%g$?hVsk|T9!{hq*oKF1Hw@48|=N~du89!F5KO5
z$LWskbZn!;728f$Y#SY8#kOtRw#|-h`^|5kz4!B;Kj3_OKF@j0Ickim8s&Sg1#Jqg
zw0lDN9y&q#C<;g8mubvgWO!`%Kw0;Ey1k>O95p=V!z|7!4-OFWfj{xLwS(0rg37uF
z1f&c*CKV&)<<>cokV{H$=R(zA!eM&~pL|<GuRena^}pQ{zC4Ly&j`R?s$Cg0579vk
z@o}BSb@M2}>x1pHpho;wL?9qswz+ELLAJ(0)4zU;lB9}G%G`jQd}r`6{ZJS_QCHVg
zo;o-HT72CC;EO!Wq2jYvP##uFV|cD5;D+X8XjGalrsldFu}e%wf^lZ~W4V70#9o^F
z^ZH0?JO|@OD<;ZULIi$q>e=BoZ(z(WLFeT8A_5IFicoQS!VTl@@iAz#c-d+)zNf5r
zPXDu%N3H=BdkZGIWI!lrY&MH!(kY|Nd$F4X@pP8WS`=om5NSYEV2ShwVJo_#xkRW}
z{<y0dh-&!AnE^5~5Piap;WJza`1TRol5<UX6&-eayn*|5qvCP15ro{2tG=r}>LI$u
zsG?A3ea6A2Fp~G<W}Cl8ebP07^fikr2eK;AfGSw14I8E`3YS5K_=ZHdm1=@$uXrut
zVl8%1U)MXvIJNfrSE5~q4m?4~?(oha1$-825RM_k<e!ap*(xqn*zF(Fu?8B)v9dy?
z=`kngZ6Cc0=|v->{lWZT&F!floBBnUM5eLX7w>aekg~W;?s(|avJwZq*Rs9il3gX8
z3EckhUL+&YB+l>DI{DpXTh@7mCe{s+gk`PMW$0QVg#qzH1taOvL%ibx+_B#!Y@T*Q
zMs5@P&Vu9Pl}B^;0Onsbi0t*X&Efxss96CN%_Lwc>=kJ{|7v>l^%FSeLqLx%g^GU`
zX4~BC`Xa?7cbb4L|E%FR-$jZ~-2y{r{Y)uo(3&#frZH!X<7jZzXVPF(EC)&tr8@jP
zUrU&%%<;eZ;4UVF9-!0QJ82{YL%)j{C{7e%To++(ao3Ym$IK8L5-bYxC!dUgtW*02
zIPonO@97hSzmwm|wjdk9h^RZH(YO=*DKV6p<YsGH23X1{KTNB}OUAi(yt?Y;BJth<
zL@NGzjYW7v66W0QhR`nMygSA7`>-3Tc`N(aO1DPS6Zo()V^^pHZ1+{pZ!J_w3bhjL
zQZD($ZizwT;ug1**yk{qZi`FVqG+f6CBFcC2@;oRHqq4*hs0}o^;mPbLk&LEPx0Wu
z2rGA%=50A|*@Fa+aoLcO`b&=$Y9(lywA)L>Dep)EKWYJT*ndxJB;OZQ=RCUY*KH_M
zMl1V?5QDhd4EOZiM|JG1x8M^X%iX#euUAyF@6!RHNXx_QL!D`qXQHxyF=~6}4HR({
z&_Lkl+!vfda`guvkr@&4%CU^+PLY<*<9?(aZ55g^9=3``z9Rn|^N4y$>a(87l$)Tc
zZfm!?6`e=OK14@G=}Y1bsi~6^!cn?SU#!ve+4mKR(;s|W%%FAEIqBUamJ9fM4WgC3
zJHM!kvtzsZ-e=iY3eRU`<$43=0DHOheHF<NC_hxe&P8(UYj+iaA)@l4n@YbdWSm@^
zZmO%HJ8Yy!Y6@}Po1Nr@z*VbVzoQ6YD}V5CoIGFd_Xrd>$#+CTJ|qBOewF$X$@rIC
z-L4l3vFGNa8QQt+o|o*2#2&UfVhHA9k{=iG9C-|Kc|pEZC9^zyUU$T%iV7PW6QSW;
z?oI!}x}oNjdg+TeF{v~zrie0jt6c7unhIED%J;_v^lrc2sfu5zQ&SDFHGp&w1xo4@
zhhb8tP6(4AyQa|D!1Xqzf%04qF$)*Yn=meM+}D%bV{pWMA0E`tHlle;WWHwdNedTT
z>16-ckZ9wF7PC4Tt;h(DE71`;K~+&`Z7&<hfe2<6@0rI&9A(ZlI~-6`Sqo{^NYv`i
zgCv02@?!m^+c^04K}1ruXa=0pGCb~U`kc~H6n0!W&y6}y)f<Cn@<V^+USC~EVJkV;
zq6qayJ+@pL`ODVM!{1k?!V;LbPe&~J=rf!Z%NV1jX4QUg=0EE&{^PTEk-fmt&H$Z-
znW8|gFOr=Kl~5$1_I$WL9+4yQWr0Zy5D1ryOEPn>#aVwexna{xM1`CdOLl$%4RUMB
z<dYxtclZv|c2z<(ub)nyjM#lja?ZFbK0}lz0$t87L90a8(55Cf#6*Rkz;{C7<^Oy5
zb<{r$=N4xT_pK=Z$Aj~=#I0{;p<pZVuOeoOMyz%l$v?I*+9;W?c@aF_!irXvZ4r?l
zVf`csP@@7^Aqu`BPE!5z#WYU&dBq$BIm_#bOjkq<#7CVG1<3}4quBV9{XHzH3`u>>
zxFNMj2GcH~aND~SrYV`^-r?&bzK%cf8OMKHAnebIJ`L#Xn8aRju(Z)kzW;hsuoHza
z+ZSTpP+&~4V|6d1i{Sbv400a2`-n7TcH5_V262!U5Wg10=rpQ~0Aa1%+l8u$dO9MK
zv3YvznYgGml(w9f3SR&lWaSUuA`Uh*00>Tp4T)yPJ|0B)EegW^%>8#<5-i*27EI>W
zfS<oM$L;2JM8&Q#Iro+pBb+TIFFGFQvn!(RoQdR+4+fC<mdxibRHimUm2cadgnSEO
z28>t7A`#5d({Y(5Zx-H*@AHsWar2!{yqZ;#Kiv>%r^|06$tMNRtC3=C)?#P0yg0$(
z);W`hetaS*LKG^g<fHgcmkn7i>Xe^0jlXYWdsG{sw%E%Fe*%rAtf1LHDu(tSOOoQ9
zXl~bti%&o>-2sisVW}6+hPRzG9h*LSYEAI=Bw02knQbWB1XU#(yxkNH{#^Lsvlye>
zOY24^nRpDm1?s%t8`s_43E-Or7#yl`dY=>?r_&G$^C`xgXCQ_eje@8dP5P`R@Fj<T
z4WPyjZjHcB_F{OE1aqL-#-I<sWV5S{5r9ty?OLq39u&R#@*Qjp(0R2&TY7L$2Pv?s
z?+fOef7gwn;6QJ-B+VHaNI<Mj8}khFj@b0`TFbHA7j$O9_O+Jsl8F$nBeksrVt&Vr
zX%6o3&xiX}l>$o%3RLG5li7{cktFE|#`*J~SpY0P59<&gY@6L0b(`!Vxkx$T@!77W
z9ip1ruaEJZ&IHo&T&oI*2uB%C$HRxy?bs7fK+JtwRsYSVnl|gjduARIvM?dw5T_)3
zW=v4@==8LjAvvJ*T-+4RUT>;korB%=w~Pnx1r1hiMqZe_gbP&|ko$!b{j9mp+~|Fb
zRcl1E0fAZU)@RRM$Mnz`fcKRWQGG6hII}={3!MKq=Z{isWCaZ1h07P<%2RK^KsJ>}
z^GLX0#LO2_Fq)Ju5gGgxJiXq(s`<N`&{>6SYo#3c;TogUOh7V*U8Df2dUvV$__W?W
z4r)W;qGAd`OV?i|>|v)rR=%e9<W4op$Y2m^RTZruT3K?@;|>hE<S*MBkCHWf&2KK=
zgD3Q!S;9pfbchE6t&uy)Fe~IzNWTMl_`dZ7FUX9w&DBoBXF1g|H9FtWjSg71!rDGH
z>AAQ((;SYw+HNBh`0#xr!jGp2a8OORQkJGwF4OjV;`<1!+-5CB=pa83hM2CZflC!T
zFhN5eoi1UPFV1tirm%-LtQI1CP?OrTaf9yFo>1yAmg0oy4MI?6h3Ibtrr3G1rvcOQ
z)1Vs3ta#8~Tfj3bH9<Ku-zSb>e``!6#zIgCXrDgmZrjmbgJNsYb0`G6NHuYyhB&fu
zUIq+_A-8>J3n{i2eW;xKVTyGfYdUX^_X*!k6A&wowXhq%^1VJ|?^lNIne8wNG2#>A
zG~AIfFx}`S2!pn(_HxBA3oHK8n~S)js=%mZTf0DMI*fp8+T174z27O$G$?Q4UeJ(L
zr`V04CfS^uD5-$cMcXespNNKOD}iiDhz9A=;Ou15kjT_%-e)u}^!HU@8M1ZiVswr(
zqDJDeQLaV@D;d&b)x!b8Gb8xFsEQM}^WM+I#rkXbRJH~;RdhdZIXT^1QX|GNDg(Kv
z`lm(!09jZXh7J^XU)AvwsWjFk&12;#mLa+I!vPekxS=tc%afrjP5n`WJ&|Ny0Avp-
zE~7{kreaLjoxZTOaDVp;GFr>#rJ(*O7s|KBg@QKu=7RIH=Zf0*?wdp}^Fyg?({(kv
ztyw1YoUKMRq!VR-nv2%tmOA3Z_z%ylGS*#hr)(o)GH>A@WcF8Z6WDQjz#|g_=%NHJ
zH<xD{1mzb5Gee+FD^gu9B)|)|)j=4;GPHij>MJgLbxU41Dq{IcIE!I@aP$#x+@PdS
zcq9Dp=7w`z21zC0=or16U&_z?BcOI1CJt-UNWDcAVlBNuW@;0GNFdSbK3VSUx#}N{
zdzwv!FsRQNCykn(q%C%jvS~_QL2CXxoSc9eLSLiV-O<nK@yM;VObsL?`Y-2_786ua
zcngI1^8BtxvQ8Bwq{PigxiSXqf$)c;o}N%ST+V&a`)jJUzU58cB|LII2!CZpA3>&I
zbPODrwyCT@;46Y*3R%Sc^RW=f&{>&xH}K4oz!akob*jC^X+W2j6@$S5$?f5^qAp*#
zDj`Yj0dcU}khgD4f=DV})YT$vGvdtDy^57eMk<kh)_%-yt$NQd7uvI#zEES3{&v@+
z&BxQtUgvOw8RBQQWODGN=e+ZY8V8GBE$=J%gKb2<aTWe5S%(a1yvy#fX_D7${fK|$
zp31hx5zb94K<YTizOxIgmhXqeUrqn5z?3;|?w2X4rkz0Zxbgwd{&_~LX0#9aTAUDF
zWhVrwA7_1>-4=t=7E+^G>pdt;>|0mF#fkk)q?)JM$1FQY;pfm5l6Za7f2w-}ZIm9q
z_}jbr!$E*v3hg)oi}!zKI`h5%WXf>CrPW&L0Xdch3fX&n;JKU>1DcBR8<QbF@UB?Z
z^7B4$;J&4N!GklCMjJTBp=>I-%x^T>8kRZOF{tRW6l}FyZ#Jv;(Mg`yl=@|#SF&8Z
zFf1F~BZ|d1UDMQ+7<;|u;;>_5NHA_yM>>47Mel2(|GHYI1fNgWN#ObVI#+=pKyl`t
zTLL-#_qauJt(5`0-GfJV%pG7E)lCFJ;-XKWq0C7Yp2^%mQb!Zg8(o4YegZ(1BF461
zLr8R9stwq8ZI~WV;b2Wr+zC(p@bk8xX)X(OJk5)U;~uncE8o)zj#-iz9UtAH%Pe3E
zH6dtD!>5Ngt3c!5IhL`;5_lj8<Tt?|iHy8Io0oBts$vGkSU(ZOxOwJru@QcYK?lK!
zt}xE2N}|LkW=7)dlXhkWL&h}!4#hXne-~C}7#)$v9Eo!^tl3M!ctyqbtQitQLr|68
z^Fs%O_NgBYP0O{CF6LxY5*EjE??&YvR7v)|>!3C+$394=>7E~)1nHXT^f%<}k_xRL
zR*ZaBTU}18yOu($zao3bEPiiL!RE*(b)3Wtuuhat7rlHbwQGE>gI+n6mt#hY=p(%+
z{@8^cHi}V$S>+)UFV9KfbRe*00WEC_^n}_|r(!kKLzFcNKr_|Uq8jBhKPYIcWgiE?
zHII($$WDBm%~boXe3Lt_ngbiHN2|O${T-p4F+xSD*x`ICDKGv-O_tGXPPE=Ks}K0Z
z6~$hk3H19z_Gb|C;Rme}2;69I_ir`2cJ}oA9=r9NZkpFd^Wl1B=CMOc(NXL&0X$<|
zo@%r~tQN_~Xr4I;&>Rc?e0eel;QSTyd%k)mvfCymf*B{&WH_2ZbZ~3D@+9qAox6?*
zf=a@Cx_49xGk~?z5RoZOT(*EZ1O#_#Gk+|Ye?)wgn`XC}k=>j2s*_8cAt|l=^qt77
ze=XDD0TMi+0H~$RfX?Z^6{1n8WFM4g&!@h-TWN>q?R>wu45KWca4dRNPRIi2G29cM
z7jZ*BSo)Rf9C5n&wkO!mB(Jh(94ljBL4!|p^uEm{-@L5Ta{aDhs5eY-*1I(pG<4~_
z*H~$sz#Rbqd<dB2(}s8o+D1&`^uEs8hX6Fq8AqAaaO45obi`DQ)YN@C<E9qTQytr;
zTaKNH5w5i(V>8s^x`PKV;gas`M*pbku`IqTlm_i%|2(axm*S6J8SIAbI-hpi4N~-6
zz996xgXlL^;U7h5$DfTZxy$~`R;z(N`Fe>VOC{6WaxAxPi!)*`<Y|&*7<6J|{WP}8
z!P((_4E>alC>F)_a8A05XjG`1F-YFxF9dlqfiBpR*Mkf5X!r_TdEkhW)T4<r&&aWm
z6Xmx>#X_rTBo1RMzK|2?n*16;i&E)-G%9l5dcW%1B(BBTQ3_ZJXGMPhT6$Ca*QA`O
zK7#`<H2|o^5h{E^5%{(i?LRW^HyWh41x)=hk2myUWDgY|=^f=wg?nNWUkYqdeldFD
zm;#z_skb_3UA?9ANf@0p=bkRKCjbWNp|(2>A3e1i697y+n0L!6qHm`z{J(#6?c|e4
zf8oH<c?{Rsv0a?~=r2kCg~30IaG=EvF9?8B>1}{dLu#uW7;q!I5<@3QkB;I}v!%x3
ze~NL4$JaoPm6XpE?bHWv$*K5yQMMZX;GCG#7|9j-IRBzDvV<bpAVPypa^zvbC;TXy
zCMks<l92|x6??E9!Ea91Co_Y(vnU|s2dYI9=L+*7ZH-P-@ufzWX|p@aZ~9xtG&hwI
z{3|84b2e_s{w#%9*GYN&f<s&FZtiO1%B7>zLzKr%?ah%_5}f)J0idQ~3$p|OyGp<Z
zqZz%m*)29qqp4JaHLZ{JaABUY_~qBZ>++AI;&PhCn8$3lAc5Cv`{Ug0URYXW^0#wJ
zA^X{@J%iJl>Z7fTij?FB6mDeu6-h|~nQS0~Kir7sZw7Ay?y<z1S`=7Ho0pPx(Nfdj
zYzXj)as|pkzT*qSbH`%DhA+diwduQ8Ytr|-&2}Xajp_JjesGx}PoZ;<o;*(~5VCl=
zPU;$N(E;TV->ihql|ORRQ>a9fuRS{q6HJbjRjFn~Lmwwk_#ctq#97GfS4dOfmwi;V
zK-y|zn7EL+$j(>D1REuN#1(aHwj;$fPD7NHpgKV?@^z5%aVE--*hV#jvDXqsow;4Z
zoULnuBaH;j;Fm??Tqetpkk8_ajR&)DV#i~mr+G5)f}>K{YBl(%DT6VW$^E7i$s||A
z)0Vn;Jk3MI%zWX39WXXj;{y$C@-9%2JKdvneH_f2)5$;D`i}^8e(=4ie6DW_+64R^
z^Yg-bXKJgn#{L#TBCG7f^Dw}bRBMO(4E3Bdd8wD=wvQPc5vrJ1<^v+{ds84P`nLQI
zok=XE;6IZNUYsFxzDl#~!j%0*ZsWXYpQ*Vq5q#y_3gTeK?y|5gdvvz8{RtPF;rwQK
z#dk{(<8(&fWIKEMOKSo_bit2{BsUb=or2FwGekvoxsaY}IGmihLaeX<-o7Qe&!wHC
z6P;~cAlZ-*xHB?dZ4_p1Ez@-Z==kUyLW8^Vn4|}FS8!mnOwk#n2v<r334Mry#J=_K
zCQyxV;M+_DN{&fU@iU9*qRx8&JfWgG!Hjht#GXm;YZ7ZtGl)hd)|$Hn$8SbueAz;D
zSf$)gDJlo+<OFS&n~in1m!?OA0)(iVKwOH{N+i#b|2onsXm--iRdE_t<9A4M#UL+N
z|2?_z?)rg07QmnCgKI+XeE4Xa<Z><Ka5kfsOon8cMQqEhD&`O7I@6#l=g7mWnd$T7
zK7!OMOsEuA6@mDn{llf|7oHpY^nG-FvEGJ=+Syn?uJ$}CH07{>=sT@Tq7hMJ7RFV8
z5<5`UThn9Tl-=-E)!}GPj`TeEE?XiO_|G9Sf5ZA}Eb>`aYE1jqo8%0d3yEHdH(%Jk
zL*(m!Wx<}Nnu6Mzp2qMV5yPN2Ay}DFEi&mufI^OA=J`xzSCt@ST8{LfYhvO^zx-j$
zqjU$yM<kJr=G|9mur&V}j&FalAzO;(4326{)MUcOJz^In9Ihk4&r*PJ5ou~H+1<yG
zJBI+JjI8#kzW7}9FRuDrkdNR$+DVXKCde}I&yKHu9nVqH#}3i!X5x+Mdgssf6>$Bo
zsBR1fBjy(S$Q1(hVP_Iwl<96b(@=RSW}kePyGK2DS|d_4!YFL;#+~->YFkuStg+Wa
zI;tX70lp(h*2FNy5<oDI<|^V(sO7IDUS4zeEb)89zZ#*JS!kPd$8^(}jts&udFRr&
zhUvG<^ltpR_lFJ?3;z$_Gk+te{5;5vB2wqHk+Y)W7|UXPHjBQsCqCVUNr^2><}8(<
zdyK9CIKMyy{>Jll<T0A`zEjXC5s?9)2lPVj59o23(v*a+kEDu$z1(f^sDL&V`WY^~
z$WWn9C5?Ks^#+`&YiCy2zk}H_-=0L88RUrtqXZ$z#=zrO>^ss-3c89Rv+gH?`B>VV
z4CgW!ZnMLkZ_2>msXs0BU0f!_Mo9fzLQ{ydV07)dZ|C)X|AtPsp*05}Ew|b&m&`vN
z4`yD?AH$OvJ030){se=(7t}c?Kv^%x7HDFtYHVzrS@=a{LhMI|%N$TMBxg<}?sjff
zaBk@?&B42x0NTTmhc95Qf=3UVlSfwt@CD_-EA}?uLzB?F`yaw=?YRDMX1BF0BR?t?
zA`r{utM}A4Y_|C|DyU?NJkzY^rX9;gc6aXc3kc9>W;3~%ErnWvgj%g7S><48@fP}X
z=5rVFZ;3GhM?m^?<`9u6&dxH4r|gVFC9QPd4^|u>y{;}EEl@*r#V|R8z_Yz8tq$i4
z*>Z}IPv@GMd_{x(;Yw)6hfb--v&5)ze`Whg3iKT=h69$BNGfyCBuuGnjKmp~{=l2a
ztorbdXlG@Ql`pxb3I0qgF1%l}bduOcT^agt>LE9XR0%}t2y}B<T<ofBku-hwC=LB9
zy}c-_{AXqcB`;nn``bCj58MzKK`1?D?>Dyx#nigdj`oDl6v`QBSKaGQ?%yZD{4FT-
z)2a&!%|hsu0aqtxRpa0YUT?x2Rj%xpDcz}JvPDde^vT%LJDlf%jGlvb%EnBds=9|p
zumaQJ(}7ltky?=Q6{;cm5bN@1D`vI;A6XIA9_yP^NKJ^+h{%ljUPVwS9|oNR4-asU
zflhH4C2^z#3q_7u3V9BnAaS=N5|RndHhI9B`-X7QV&*cdovGva>ywzR2^|GtWXjK^
z?JpXD5z86g^D|Jskpk{w6Uy)Tp6uu(z^20g-dGz)%lwg@ck$rA8kQa9AM1)lcHZ_K
z!e=2^TFev^CB{h)_W-71qY4w$c>Y^YpoPd!5BY4Gr;Vv4FesO2Jj=hqI<kR~5E|~g
ze`F<H8xPOc`4$YDRlvTqz(J3zzW@R*i%9|N6ola?<N<Fh+~`bbbx9FceYkibIVU#?
zH)dP@j~GBL^?4eI;+cmHLBXAQp*xn!soi{JOKj#qNnrp8p;;m>r=t`RYIi=YAs^8u
zj>1ca4;OLj>qFw%-YT4HJ&AXS{39R&m-Ch8DAoXXFW&s@9~Jnod&7qLpG(&yt8BK4
zm_SIj&blT)b??{|o1UBw@mI0wQVq{n4HOjQ)F}V))tIm6o}l}VOGJ19<^%Y^fEe%w
zQ_yd3oyP_kAHK+UZ4$rtua}qCf#~BsLu-Q8W?%Z@;Nrd70Cq#}zxwA@Q`G(AP|Pk3
z7Vv_sc|=dwL|=u-50!PK{KimicJxsj1F@QHz5)a->xtZz=I1FYO18Lp)v=hHZfsf`
z*f}_H+KF0-DBECL0Kx>6L^yh9g41La7}{~e)5SDbyO6cz4fXaOMUyQ5r7RBllQIgh
zir7`qZ*wZGlj9Rp)&lU)dL$$TMy^<eYGMwEVN5mEdU9AP4Mvlr<lg45UIaHgvZdtQ
zo^4YDoA^E*yq8;=e9j1{?sCLKEQFyJ3$~6`P%ye#kwGi86@gsALnS*RC|w25>W*dQ
z*1u67Xe)LZGKCNgHTlL|gP|=!yd>_(dW44pcIfN%Ohk_-KhXjaaB>nLaD2YLlX%4C
z2gJV0^&6X!X>iXb{tufa{KIC{(~G85;Bm@PDg5^Hm)hf5++`KT{HAJ{22JdpSxC)K
zPeT*qf@IzS!u=GxZ`;>)aVpB$Rc$EEERIDLWIm<liYu(CEy#bXDw6{FtLRo-+=+q(
zhxkdtI!Ii3=N9S-Ltyvmx;7)zD&czsR<gBHb?dT|Q&@4F5a6Ky;5XLAa(M6xz-ic;
zy%XMKi|J7PJ=FLQ%V-j2!ThyV!coTn3Du`f9t2DB)cdp4I~J9f2f&Sg7c1MV=bX9M
zg|AF4x{KXX29OI@YHw(pF@&JQWWmk4+2Lgu264rEYMbp<2em?RyU<|q4C<K;x|G?2
znnvzAcI#hHa{sFgBhde`VztEuMz7Gp%btAEBDs`d$%GI_hnK4p24jTr|L4G~{@J&x
zp(7i>C+0HIg4wo#5mZZ;ey1%5iA`B>p&#_K;{T{7)PHm=RT^gvF#M0{iXp!I(wsAt
z_|FIASg*YQUdlhvzCQd=wxekh$wCGHSzS9|qTyO$ZTc?@;$PzP+ui~T{ND!He@u%5
zflt%ofYLf$<Ntb~4pwyXe+=FKyl5==+x$y<d7q=#e`&}<wsHHU*WsBm>+64B`}|7R
z@~4zeEsJX&{KpXeM}Ys+8iV!a|M#Ob_)o(A_oM&2r~lD||I1SUk0fd>9q%jr7r5Rf
zy6?2Kv@dt|%-q3cgCJ@EaVKXualoH$H$?I>3Gea7otMhZa=%jRh_jfTr|$j*Hwq<b
zi=c;Plv;W0mz!C)+vkcOM1On4>pwO&VSJ|5c<-S_=i@R#r6(QO?S4P!@j98424T8+
zhRR;OF(nfxqv@3IypCGDcYPLqnSe(K{-YofVE0Ty9Ee!n$z#d@rLPX0|MDn06@q*-
z5K2E?Yvd`xE^;qSJVk_*A~pNHL~mPu&V));(6fk2Q*(1y?<{P_xm8hdu?R5M=edQm
z?gS$MW=EvUk4XfvV0Ov-b7GQ&Si$j$*)NqJZEbCTMQC(g<!F^F!h|OYiILXx+o6ep
zE>KY)3p>^p7QZbm(?@EdZq{Z(*0vD}ooqf->*8|mPQXHpy}cCQp*J@XC>cI{yE?8b
zx0fO_7wo5At;}m!t3Ax_<#@+|kDp-A+tO<&LF*9p7<^vLZEDpI&!+7ar{SKPlZfDv
z?WSkpce0cBn1#LWF;xs`?xAK35l{Db4uV=rnEH!leb@6E^j0Iw7<_GX!qIjgtLnB>
zIe5^lP@mn9H)f#U`TY%gI^}}q*Qa!8z?B78H9cBoY8{Xdkepx+QMKV#rtcO%FzJ#$
z=(EW)tv<m^LPr_Pq)cva7X>Fm&(od4`gnaeS&#V&H~#1qeyPR^m2z!WcP{EZitGN;
zZlgx=;l_*V>E37SJ%dT?EW#fAmMChc?N3CK3t1z-k{aQ@_dOx+^DUFd#~b&W+d?wC
z<*{Ph^#s)8d#m-;eQG68>C}liDmbKe=(mDGteNJ!G_NU6-{c1Ue*LX*!s^K&j&FSh
z4WF$9`gS)!n_t_s{=0lyY#`GF54MJrVadsYK@|Hg`9!FU9FFi$Da;g6i~ha5vo6oZ
zbw3(0%;OeUcKeF#-Nt$c#V_x2rlKhe@T+p?8dq0+VSbZ8y$}|atBl??LVDe-aLetg
zdR8M5Y&E>pN9b&ap#E?tdW(Q+6esgfcR9Qhyxp<5qoo1orR?h6q8Y=J(=4sV?&lbh
zkEm+GthNDazg!OQTdQb!g|!;PWY#VAA|Dm5*ys38GDxRO@DKDyiYv1Vy32AG>`N<#
z>R+iBubUkTzpJD|-8^Y?&(#aMTp1+@-f-&nZ(f`9H>!M_4O&agJR6}EG~Y9Lig%!C
zJWX}BUCDEoQ?lOBxH;ht<GPddxLtLNOHf+Mso!p-9e>uBSqKgLlm;BDVJUa*y^eVF
z(uyMUpdo4w+#M6I$+22g>Fp=3gF}Eva?-_kBx+^d*NAJ?hj|{VG#X^oLP4#V)rc#!
zgS_oB?{rXK8IfY*{#IS>M9%_AZ8!?GIwx#x!V%Z=%P5zcPQav2N|<$mWtHnHs2Vr2
zfb*66K(FoQ?V?ItbA!}<!@^-H1OMe^y^W@ErlG2;V%$HquoWE$IJ$cZ@%^*#C4++0
zF=@}i@iY8@fc$nj0nqt6R~52<(HIN0b6d(gXl~sZ^c9(~sH7w?wH4h%=<VRI=8;Ys
zGub`l(EVD=;%f(N?9!@D<350eU4Y%<N)gp)>rREY8z{q<bzT>F7`~gQW%6S|POG&g
zS)I!im@gA$<378#+O?V!TPO}Grjcf@z_amuiL1%E<K;+WD>_JEH`2U!AFo1MJDw}P
z>2yvJBt*8N+-l!s1rIg4xxtQeW5{E<X9AX^rhdCm(dlm&r>4afm;cu6*OuTdp?tIC
z<{1?sH)9{Cwf%GP6mN$O*|sadi=>Q*+T;9u#y=Uq4a8K@Ig6%k3+rQ_DLuT}6YDrh
z?b^jgfYD3Fwq%fHK~yVPmQbdwRo!!OSJTL=(Zo(x{0cHwB9mw9?*uctEgK1$)R10j
zJg!F7DZLw^G!Jqf5m$f?H1RLvZd%&-fqdY*n%T2^f;~MjDM%~V#D)BW&if0W_cM1J
z%@>lgC)VXn>yzksmDSaP89C(T4_S38>o)RTem!&HE_e6O@?6~dehWkG{?-Rihv0#X
z97p}({lmeYwf8Z!O5iP;v@*BdYpYEH{z<c@bMSFcpZ{kV3oZQm*3x9uT|1-Pxx4@e
z;qH%@MnPrhLUlzjzBPW`nFHgRN1LlKAjwd%&!GXQ^_hTz1d@<fQE+8Vo38;oOmpkv
z%b#K%gSZAx(!IUIGILnLK_|^uHPt0wF39<VL5^?bi!(c#CNvvcf?ea|xE)^ZpFPcH
zx>$eFk-n(#-W<qj>P=XcsnsI1&M+b)%^>#%!UI0Er%M>Bu^_J+AKGAA8>~f6pQR`$
ziUnj>k>GF`;ojT_ZA^MB{B`Gu^-he+!dHW1LOJ~b&VxzSK%|8M{8hG!{>+m`y{=0P
zYW1cseo*kj4ub@7Xz0XQmK4`a@<q)OgI^G!f*_w%*HPtB8VG1Av4A3xyHgoH{xm1m
zUb99&6X#_E?=eX19)g9GS7=|aPf&zj9C}w!JG=9Z*gxSm;Q8<ondg-Cfoq%=OHHWo
zcwQKsc5s34r&0p?X1!w#3RvqRr%O$E0gmSwoS&eXYvoq8(MMK7Uim)Axq-bP?O7+w
z-WEsOp%E(npi7f548q<ez3-iYDdH9@O_==YInz8jeqEx*x{C|&L#2+rMS6a+QORL_
zVe+>pv#`V1iNvh+;0Ni>w49<F`Fr`boH6TSt5vM52(H3=m#`L~cfUY->vnd3Yp0*{
zsQs#)Rx}M3GQOZ7y65Yss%|h25);-}5g<(iqmC_hLsr|w@5YRFhM4O>@TZm0#*#MZ
z6X2pg)y|(nK1evcP(rZhp2gAhM<u<R0jWzwkkDk2v^eXq%t(XOP=$rQrl4GWX82ig
za&Ryl;Ci1$wb2oMB`^SZ`e=KIxAB$ZsQB?MvH$Q4J>t&%{ZFI>%V!%S=!=d_D_leH
ze0TN6*;);zp<@N~y>oBilH(9{+3$yqHwLp^8-K_bst<u%;Zn=N2+r6zf0r`tc7&%n
zcIOK|44|4*x0kjNqX?MOfVIGBpcKWgN+n0r%ge39bsiL}G9>xHRJK0--UQ2{t<P9;
zQih~8_)0A;=*KRs{k`sdW@%I#7k2g*0|uKFH4$f>!emM`_p{V`HD)WUIlaS@EVxT+
z>RsxE#A^XOMfnX;pdW#?rQ0>aNE=$RYksgk-e8zf$`}x+1#xm=RClxn#$TcIXgE#e
zfXn=Kef1@~qy`c-KVNj~rP*x9$wfIpzduw7`tCu{RgHnu`NHpTV*e*>u>vZoYjF6g
z@6ZMqQvVCuLOp7JFeqHu#zp2f{7Bq%Omj{tzNVtmcxC!f!UOAx*HYherRf)*QeT1b
z=2wjFhkU6&h<=y2D{aX0=iL}<m8m@fRU=XoLOmJWaJW2>R`U?Sz_-KhSEYRty=i=N
zn`4gIsZ#S`EwolioEhy-D|lAR<*zE6x?vbhXkaf63Wjs4Dt?dS8h^1DFpGwI@x7@5
ze#Qg?VSF&2Ih?u@r<7%Cov7OU*%;jpFArfg(YGQbmYY2_o54LXX5h7NnDh=5&v#*Z
zZLcP~iUBh@ME-Uy-*g0i!k{!b#}qmlqmXnn;a7WnIGv08Z5@w0Rbq?OR3u#_hJNdJ
z#Z;|zV?mLhndT^<6S<A_-IBfr*j3`p{@RI4YN|I!?qq`Lrapine$I-B%pcpGb(yRv
zAEI>@ys*-$)>|gZQ+(Rq_D+Z3dmyve{0VZb#+Fl`?R)TM7m37x<LhYM7Qe1pTBsC}
zSBGqS^_zC?LW0AcL)@^~>@zGR)w@e!5uKzFkZnc4;EuC2yD-r=++Q^diZgyYcog}A
zs>D?&k~M5%VM5QoDbq}9uMMQySPYh-tILh4yOROpY+7~=CfQE552)n=^YYnvpY)2S
zO>X)T;zOY{NJL_*Z(AedGWlaC*o@X#)-igH=uwQ82ZWe}6w0q=(XC6}$<y7Nuev;)
zi*I~p&*`^+D1=pRc*<$j*3wVW_Iws@^M&8$l^<{5+lCBeSbCS-&?S^LjxNh88AxV+
z-zmea#B}^=c+~a~pE+$T&2*k(8-$#DJvF%$m1NaN^EMr|&rFe1In6^h)wJ)k7#2eb
zSwh8R#Ovnw-T6++86z=+MLE6mX1)@^)lwfps!{je{`je2SF;soz8`boDC{Ky{h-Lb
zTB1YQYb89%V9k9}3)1-VvZb@yz_QIvTdiskqu>2vQo}T|mmVu@8Bs^??`dkd`i55L
zsRZhvUnEai1P@*3s_1B?>^n!|G#;(faO1J-pqxTDrt>7d^s)7JhwhWeUSSS>ughx#
zY<%X4b*kQ))7#$h>jt_pHtOB&j3RK%^X8Z1#i>Lk%X#Ywt0V9ErX*dXV!vEkqS2c3
zUGed|W1|#XMe8ZIqu0aD1(s475<IHwfYAQI_+;YBo_^mzTA?)~{k?o{jI#n;xuPCf
zx_bwM>Bw^2owQ^420EsxYre>9Nxulmj?Kl~>ft=iP}Awe2Ns905+$!0H10NwOe&To
zOLg^t%gYtlSd)N280@=eIm6q+$^2a()diu^9%a{BB0j5IMC&v~F>5c)+ZJ#Z@nrjq
zO{;u@F6})nT1T$%mF{`0tQ0uWvXs=_GA9wQmsd?o=r@TSPPgeMAJDv8f*qz&(J7w(
z!0Fu*EvH+Mh|)QLL8JFAkm=Ro4yU^iGu7F!_;H-OT6?*s;W}t}Wb(S)^tk!8cuYpY
zmiuv^?RaBgZ<C7eP5LR(_P~-Y#Z=p-Fj_%*P=Ac6g0nKxb}QT&D^VJ^EW`8d1#4$V
zC4<>5%^^2BCFQe#dg$!f>tMn%tolGxZ!G05+BT3cOe6DSDyl@c8Fe%DVmeT3`B+)d
z@2RdLr>n^dJS=*V*D`MLoF*369IeD9(Lz$MS_Rvh&$G0p<M0?ejLWJ;Bt6q{hgc+m
zauRZ<dXyY%k(+b%U0RHYsxu@1_3T$E%e7Ob%7HWYV-$nv*2cVQE0e-7Q4`C`NJk0t
zqKngW|HuV=<GN{@w>Y08ukqG*h4T{qoedBf#v#iX`&nIWSgLjVJjRBP;SA8%_91LF
zT(5TkYxbgJ6=Qwb!+61BGq>lBVUij|sPLY@Qq#SgZlsZrmvOP&G10aWrypl<A%6gy
zXvw%&J8U$+{0UpT6LGU#z<__e-h55u=rtN^jhWA4q%|hKp)ZMTRbV@~{_rU*-YwIu
zI?j6+cO09gE)vNTH0W?D4_4{6jkbIJ2bf?%$ydBAC$M`5FESZyNDK>2A3m5PoAEO3
zqpTGxk9#1t`8$q89qToRd1go6x2FeqS5(St`S8?9+&*{Yf%3*pQ%#3wjJwxPe2>Cy
z$<2-hjM0neDZ)aG*}_dz$wSi-4(nmgJ59>VjTGID8Sh9P@LdUEE@ME~v14#AzP<5v
zz=g5JD205{T--i}a~igp?qAY@d&OF?BFb^54VN_%G24&^gfRH@`Js7b18n1f-lnVK
z4@{+oj67zl;iN8+i+&DRr8YDl_uKHvuo=qQSgG{}5f;{m&iCf)+RI)Q7tfUFxah(P
zCKR@kgU-P-{Y(wLHAc(<L&Od}#pOqt=ZN~_CpwP}MFrh312^Y(_QfKWRi#{$2PZ#;
zweZIMw}Nd6)rZz2?|CDx<`-bb@>N+xBj<()YtjXUw{3_~Au(>m{L$_OtJqPh&U?vr
z9N(&PGOq4gg(hp!Fy(2#bGxnqda?llAMtQgMosPmsfd+f?6ho#aaw=GVJw9CsV#JI
z(#`4FK-0%sA++u*C)0#<EG<()zZI+a2qm0ZRh+j(!oZ3?@Ht?5AP@UvawB=}r!i)t
zoas%MhEd_=?BGY?uG(!O&187}z@$!F_IdewveoHIonm_D{ZXWdQaa39Lp^A|eX;Xh
zEC1nX%zf@|n?(cFD%^2?pt1qMedC%&M9{I=c5ljQz<o0bw=%hyY^OBwoC#9Xrk0SI
zws*l)`)!I!#Hm_VpjULQPO|^yD6(|kab#is__=j+G5KhTQ{k?vKeHXYYT@xQ07|h5
zvGb$1s3MV@8SBd2Tj>GM{XzrPZUZ|Kv%;@ZC0*O=nC$NKtP*XNt1^zJbgo^-TN^m1
zxL@4jegJC^Ut54BGM#aD{Io`DE8?nGP-6bj&H)(y1#?=ZcRw0v&|5^uR*;FX<BLg$
zA>1&cE*GV@=GslL^KAhnuJIQCFgOBGldfU#b-X)z=&T>DbL>Z?93M9g5OLH?nGTxF
zOt}l!v#mVU(g^cvd$>-^3{P1>*(qL~RD9R*u&$^k=gM?!*m%_6j}_UxV#5dsU1G(^
zeBE3hNLJz1?R<YuAH>)vA!ezR+?rF=Fygj76WW=9(qS{R;Bog8<S45`o(~r@;_9NK
z0N&TKVe=oX=kii)d!^?ZJRY|4!A&%h5L(c)mcNRvyYKtqCpU`h)VF?EuDzd<-+PGn
zly-gud$nL5<+F&$-8&J7J$=&;vqqy~xdw@caVk}WO-Qq+gk8)JE)f6~YL=xjUx(5j
zGCZ>GSW)aBuLKyMFYBV)@T|%<QgW^v-8Iq}B)9RrimNRfpO6zfW-S04FHYgpstN{a
z*k5-7$&In+8|)~@C7A~p$0Y2>8>sCI#bj0bFIdHwCSaOZCB6h8U1h?zqQdgYPO8jS
z?xA@;e!GCcHYH_gQ!;LI%l!N=3oA*ImszQJxV2F#eqZfAjdFK~%b7On<jft+aZ7c@
z$fIEf=0og-SN=K8(}G3gyW<U*h^9x5+~Smph0Y7;`@_6GwqEWeO~dsg3v2gM+uUoB
zs{V&;CBuH3U8avh#cq&r{nf1d{-B;f!ZP1n`~kL%Cfjn;WyL|b9X4;cvQhlc=gF(E
z-#6V}3!48l)R`iua3!-_Yz&J^cb#k=?3}1v2w#X|W-$N#fe|`dnU2t`-r?1HeYj1J
zKD<taVNJarKyK9xeJ)i$G&(LIppRmA$kY|-#@6yUKl<qWrJ`dO2i$H+Nz))Rda0QM
z?Ss=axaA%(YKut)91^_5{6t2}lE(UFYwe@WcQPY0;I_@~&cyumd&Au<eHMUSv+WxL
z+b`q?9d`uHWAms~;E1ev<_6yWTKAXL%ZAL#PIZPwMTNl44ln#zYY*tNZ)?#R387(S
z+z#Q{9YI#6rwESB2hb_KgoK~4gbTzfTk~}2IYlCP*pK$Zh!~Fjy@&X-c&k8_5_-fn
zH&V`}Krlg0=iYUhH|W#HZ>tK7Tig5H*=T#?TZpi~1MPxK#fyvOc-$XCpy>6MzJNnK
z78~2mrsVEypMzSpHNzq^I=*&Pz*7v34n+8;_d!9MqX(xPe}8>{0&6<0Ze%bV`x0;5
z<YvcyCSIo1{v8*Lr~0{3xa&~DcGy+n?1uLxj2%;BTX`ogn@3hI4OCg!>HlKn6(~mh
zQp~Q&)5h?$HcIcwSf%SqElzpDuJdc4BdIsz*Z$x-YiF<!V7=r08g`m+NhKXHc-!rG
z8h#^Thy;Ic_i)273fLcetFNG}bpN1#KdwO$O83N`$aF&qD$fhC7v4mUz3OIS+b)ho
z&uR*!>TLHw%1NjPTV1SF-g<Go@J}m~%quwaVGH_tk&G6StV1Van9IkznLgIyz}ltP
zw{|K?VzVTb1~vGF2XpaviH(lSfjzZ$17tEs*(YGA8s<?FJ3UsbvqiUL52s@f!CV45
z0S5;}JbVQP*Aw@c`yOwe0a|I(9M>RsC@eInYkYDu5Wx5L6++3VLPe~-<(lC(!UTkS
zviN(WO%E(bE-p1ZZjQO>5q!I5Rk}C!CXt}BDb!w*3dwO=u<5E~bgEtu`oOHYbc;WE
zM0Wz#!LPEBE$Ga1>wxMa3tL2*+ix&m)1?*!NDzkH+*uyAIZ7rkE`~E;G&{!(Np$1Y
z?GqYWeI9I~Ic{m8fUU*%f}+!Tp+jI{-A<g`?D|WE-y>|y)E1W5(qvnIs_1ch>gZxH
zLA0Bw*fU6nR0k;NVfz3!z%m+=BqD0Rnvl^ZaUv61`u@!xiMPh?h0(7!e0nrI7i_wH
zmq6|#Bcow~P~#8|J`zkPbfV`o<!;GpXn~CEaOD%Z18uWRu`r?lC$D;MW<SDtw{Y$Y
zPNrBORb+7epHr}!YG_iQ04NzvcLGiJW<nX|xX~y#cdUD{xBY5>n~`U#>$CLUCF@;G
zQSs$)pE7gQ{Qjl%w$B+PvpyNU^Eju+Jvd_?Ti9*%2c&T4m=#1<2F)3sTYG;`0z|e|
zwA6fcjN5}X-d`BV5RQspo7^6CN0JYA?!|C=%8TS5u$In4+)W0~FjgA5PD-d)ZCYSk
zq(mGRorc6W!`F}0pueAmnS%YnPZ+Sh){pvrbLY&b-@AZIL0Q_rtg;R&o75J0`LYn-
zpm+R)2<ts?-)Ep`kFytXaPW5=%IZ&KxYQw`F2pp<)gaC-AED5^03HwcJ?p?c3yFq<
znKV)){2jc_!{uM@wg&c_G@GBhaYYA4H-POSDwPSPE3&W2A6t^t8m-BTR?J88Aws;d
zBBGl7a=#$cc?0ds#zg9}v-!t4P8t5db?uj!9lP%Pawcnlt!h$d$bqsv;BYvi2V0Rc
z;{x$;-Ty{HTx@r1Wbmv0!7NOa!0m8(5H8!*6ktPio>Pt|@FS!~k=LQSnq8A@@0*m)
ztH5HRB~*Pqw|`t5sf><G6a2x97aW=(OdeKSqgh_Tln4tgme3rQ!TvM`vN>TgCStiE
z1b6<z>wc@H`SK?2!l=lvhv^=7gS@biCZQ(t%1t35dN2_~G7?IaL@2#NMlI#8hmKdw
z`IDiaxT2ch;B4T@R%^~tP>^`dvcTLQt=KBiU}AF=b<^{S*GmIAh>UO#ex874!0?p*
z1j{UH*vqXiKV9k?@bpxV;Os<CEMog7rrMy;Sa;>`2J|h97-Kz%8lCMHUp!DyB_%af
z5s&WB$Vr;<Bc#-yfTZf9coAr&&Ty=zU6GMt#vlIO;Ds31z%QI#mTIt66#UT!FKL`*
zZho{*c5ZcKkrKT$P4SEfN3j42XO-wXRn?nGRzbzrLU<f#zF%JwRDrQ#dBntGyRhiF
zCCbN<u)Zdc`PJ13s4RByYo4P@OIVFCRvEm(!RNlOb<Amf$acw2dwUDPh?_15wyUvf
z%CtqsS|}<iS`adwtS-B`@X&5|q>?;hHsA%CE)W$@lk-hk_UMYyqQUN4SMFCX+GLca
zsei{2vuSbPkeM$nP?Q&t>$YT$V+~^l;DOSlTOOCpc?Eo+C>v*wr@jxHac6IFDTBc=
zH^GNPEjA+4QDqFPjYH8{QFkYj?Ne+(Zc9!W$t-SS_#TeHjic;4X}H@jFpc(@hl=9i
zAMlRhWhYjLIP2JvI!s@6Xw*YYHIW+Ze+=7Bdh0>M__G&>%SW(gg#JdEUlmoXd~zYQ
z>bPaLNr6<pdV=Z|LRXuNEV4_px5AIbK^lTg2;d6QRqX5rHy|~mG{;0&Sz!vxjb;9_
zO*Uz9m+c*i;ixjkHvDR^2LR70EiM;ne-QO}-+V#tJQSow8&xFB3q)Xok^ix|F4E!t
zH?5Q4qa8m^bM`y>rsxZxsE>40eFKsqx@BB3kLJbfzEl+xebV6xZ(f<=`poL(us$TK
zD*CdVqqf{;3lPq?Ew*9I`+;G{zBspD4--<oS#?^#Kw8|YBnkv?Z%q*b&DuY@HTTZ0
zBJMmnlI$sM%7S=cy7JdG+WcOTj@a%ugN;`Sq{mFMCt08o%?m41u}WmSHJ0iz7PZ~*
zVx01(z!R`xtW|!Vf2F0R0*w7ZR=rtmboqO4&Tu>2s@SxO?}nAA!wrwyD?oo924c9#
zbz2*Z41L)(UCnUW&OU0|^}Rttqhyopp)y{<{rIQa;x%!aA!^FPi&QTb(q@9Wo@_gh
z@W-O)wPI8Yl-8tTdl|Rfq>zL{RK}khV)x#Mk=Coj^alb)q8O@KtZCF8IXP0AsA7)g
zIF$lUV@E&S%(}wX*lju4lYs2EmQ|G*4m0%r%DVtev}rIIO)g9-_GDLCD6r8^iJn?S
zI5}Lw`wA(Hc~AO4xm4%HF!$yqg722xCCCf(p{@*uRojk+E8A;Dgr*de-Hs2P!7mk^
zziA*%nGGE4sKmv^|86$;EgvlzR8<`=I8)FPTWi&NF|93=(Fx<X@x<X0;4aq9Y)Be0
z*%RA!W~4ydo|7aQ<()g}m*B}3sITajSu?T}_|gT1oZ5Gl$2)JUJlo5a#UEUBpT*{0
z0us$Hul#0_aWVPNQqZ3pTcP_==Zxs35$R%@C~K)n8QEf5MVw4loz4Xa$QxfCA+jji
zzlAGT?jMU>VMRB2Ql)tGBJJ-;|N65%VkWjC4KCC%)8_E_Jo}EZ^K)j`i1=lM7+4HU
z-?C}L6@&rq__5NRej}x0#aG5VD@FJf8<(u~Zj{ye?r6^trJyNZ96|?F=!-s>SBf{V
zI4{_ba|{<O6sOuRfF5vZySk_Lx7iXUy}G);7l2?1$#}Pvi>roLx!duLI>GOGYk0=l
z)egVEdlMxaj|`5G^Srt>uVr}aHja`WAIa?WjFgz*g}{Gr!Xf5Lz8IRFY!8(4B$icI
z7b(wXOIeCetkERmY*b1%Nv<r?2D4@0I9Z{&x~#nHyEqI^7Ig8O5H|Ja+R0zs5EKf=
zAE7MS8i&xF-^-`xew~g`pAQWcuhUbjbI6IV`Q9x)t1fpTKK?WZs_2b9@D8<P%Lt#R
zO5EOBrQ<))Ee;~%kAL(pvdfd%V)GhtB`Jw*Dl*}8D%T2!E&M=dz<umiP=VCJXWNZS
z!k4a59T2aqi38^x3&%$w%0zNlHAbcS(>JbXv{AX!oM&Vo=t_9k<F)Fv%}?VdHKD%t
za!S4CvTRyZ{I}>!y`carsOh)h%J*VTDb2@Oli7mR-2A7X%@>EqPtuQ1Pgj2A@aWYv
z_HPgCF8a^w7Na>+6NPxlR<Uwc=A$^hZ+B^q>Yfy#S&(QR*PIhTo)i{i-U{5QAJcNk
zqU!cv1GTtf?W(m5ut_TFMlA3(RTJZZI8UuRQ-OCn8^G+UfW5Lw2b5Z0A20Fm-`PDU
zAw#)u_j7(}ENF&AW1qp?XWG&5dYySipv=YE%uJLNLUmeluoCqm^*KF?8Sf0T3=fTr
z38{}rdpvI6Vcf0ds@C$L61xMoKO=&J#l|{eVYd#a+c~YPbj{yoJnDWHcXmb&P5oYg
zokjUWQn`K={%83HcazcVD1zwQzD-VL`<A7QRJ@1t<clk2Ug=Gi5nwIB(R=%){O|Wx
z3P;Nr!rHCjl~`Yvwih_DAu%9;utow3D~)Eb@<yS#Wr<l1Y26S0`gyX-6p-@$f>viC
zpQFj!%)9Mv{X3KNJVR@Z596#N+tZ*l^wP9c`=J^2$Ci29OXu>T*DUbRcvkXET1tTI
zjo0e~H;LYegov{q0FT}L1Z$6kVPdvZCbAg|pT#coK>&xtgY~hR6y}tkJJl+~cYCr5
zwWZ0?Y_f4Mw0$g7n{BzF<^t}&HPX7-17+Re^Z&K?RRM7|%ep|&;I6^l-Q67m32tF<
zm*DR1&J3<e(BMw6!QDML!QJ6b_SySC`}IEEmpgCMtEX0V*Eij@>g!ddz2S?G-sQ_y
z*len65W0hXRP*&l*3G_jE^@c)wY;i`|F~~RfnLo{-2Y=iD_sEN``gV7HB09?o5U<y
zVm}%1iG5rDr00q|Ti$ZXL?bkrs4E+-8c9rMB&!p}kk0EVXVvv>h}h6*VqMv0)EkSq
z7Lo${P)_p>%MT8xO%v*Ut$Z?V%h%gO<VZCfLk3N=Rr7jRccYD8nN1+3G^yq79VVZx
zM%|4XKs7A|7Y~QP&_(l8S{{e9lbSooh+aV_>bZv!H{$sl<9OeeS9Lx>DCIa)@@eHL
zYd5KA@py9-1?d;YzC>Id|2H7&O~c^$sJMgwlySZ6Fm}kj^KiF^qe$RM+s`?cso7cW
zovjr$(q9aa5<78X+NyOaSjkL8IpwEohmLS4XaW6SkD{R8Jr>C&ILPZX!4kWda8wGH
z%z5wq7UBr{Vb`mhVFq_xA%lCc%78)>X5D-d{YLJfEh?Bo9!unbb?SdjIGWj=5PUCP
ze=<o}#u)~>gukKS3|t;E>hLaXWQV)LW06Uzxzqy9{s<5|$La)KA-x*=>_h8(c6+;U
z92m)s#UPIr&xB588N^{hBjKNHt$AJ1lWVZiw`Wn*xBt<vchnaa{7yz(H~1$Xqtb0|
zP|eT%5v9|&C!xEw9ZVQXjO4_Pu=aMJGs3PbfxET4u``eH7RR^;s05Ka?rJ8Waa}R>
z-X<BIe}TN+QuNCLlD%i;$wm#%mA0d-38aKYbF8XYcMp4NuBheJHV=88$XS>@8l6WA
zPA>xPR{zH$c3UZmaFk=~c%=Xmx<Ps?Gu!n&O5vNMFP?|}9|`zggjW4#Ot_>7uitxg
z__E6;Jip^T5$#E(y!K=%J^@Ee2!}!3ouI``Cx2G1n!9cZRsi!Jr^H9z2<p*{<go^m
zg&spkzsvC@5}%$zz?4^aoX+S`<CmE|`O`_vq37cPIRuj}@U~NIo#8vr4?}5gtJCz%
z<cW8f`w6IJ25;T+E|+q{oofRjuM=e;AKiD&hbo|(2McMLl{-wj1i!h*EU`qAf+JAM
zMmilna;aaiKIsF(X&ZpvvY|;1$I|F*y)`YMKa47qVi)lh)BVl-YrOv@?(|jPlY{Y-
z5N~xq)5bZeOmzTk27BvulUOg=+Z6*^F~0i#a^VG3#L@FhLslf(encd&C1ZpEAvq7Z
zQivL`wqQJkNfe=Fzgz?WqgkynLNo0t_pADsb{g`dqQ6{hI3e^q?fG(6HSftjKQ$bd
zw!eFR=XiNP<$0Q>MhN{q!fYLKy1<Q}HsFQ>eC<0>K#a5Y(<=w|HojBK7Up?tzA_y<
zF=%%DcFgCNI>_zmSfZ1Y-YYzd5alS!^39S(zqTivU&5K-1qzCTTR~dl(>SSt@by%H
z9@ynXmsCTx)<dHw7xk9>PaD}Au)%7{#dculVt#C$(5p$5b6W9t{@ZiKr=v~@7df?`
zw8}5bkM2v9N8g?tQ++yk0&d&^<G~7NnJ<>P0sVSy=G6_3KSXo_vOU6csE38?XNc0x
zIteR0=q9)xcFb44htZxn=6bK|DHE6ay%zB7B-8FKp3}XWTX>KzKZGoG9Tm`3SZ^@%
zq{wJ^EV~(SUyC075V)!gyRy*rKzHc=%EB+dnj5=SuldIrUYKmXW2%*PxDoJ+(Z@X>
zbcbW6SN*(8syShM7T45iSUXB2ViUR);C>A|ezU8UX)SV>FJcm~727hu^<b<|!eupW
zaMLZX6dqo!cOJE5+%=M$b0UPXQM(U$c_(17^-o4X{T_>+sUH{M=S|GfQ>O2`Gw<1D
zSN^r-R_~xCGT$@o`CyunN&#aPUavpKPvvO?)`3eA9(p)Tcv$fInw`0hEc)CF-jGT!
zd)6kEx8pEtn;+!;ch?ehUGZ5t%&$E-)VjrOub{IS46Ne3zm|Wq?5P)+Pll_j>=HJe
zcs=%*I6KkpHWJcutjl^I4x?Jyoa>h0Ygu@#CwFI8lkFOC(2<~H?As8SqG5I!wgx%3
zzW>f=o^wWlEH%~B^3n5sMXgcikXYMTHvfsO?L%_deB_h8k44p@)iCMPYH$4+Z49=B
zwL|#Lb%$SE2Y^nwHl0P^?&YpUZtS(5Mog!T*WYn{<1QoMN>9&1CFeegr&!<6_4oo`
zR$sr-p~jy_{IN6Y=5RI(FJrQ1Ai--46kt2;tGN+dTQvH*@%9wokP1oJWmUfvaNg3S
zM5lf4kCt=9XuiUD;geO*mA+gzP||Jc(Ri~QX`H!T1om@a(eIq~-VeBidbulQZ4^HJ
zdNhE>iDVP}ZNrQ3u3ee5IVw-zr|(r~eDcKkg^c+OyeJe^viNu@va;Tm`<&1p)okHv
z=Q6xS##)j>oUZ&fxHx^94zBp5y6V&zBDA3A*Z<mQTVZWH!L@K3(sa#ky<hzsme9f2
zlMb()*BwiYOsN9@ZCC-JbZo8ih56{9^Rq?3a4;&ZpS3Yi<mdUiM`LxZ*p*n@zO(IZ
zu+03bW2x>!J)XO^j*t03EgiU(3v=Fh1GG0b)ZP+N;q%zz{k!)kAPls~p2}sou}NKu
zqgsKff9gBhlHq5%#+~0G;J#86(12!+uM^9g`4VR9p?k=nKl(JZK8Iwcp=RBc-ds6F
zMaI4lR>^i?F>W37erOTP@`F?d=eyl0n?vqo2ZxJ2de}})@6L}hY*#WRpV*qr>iF=U
zHm237WJ`Dm4^KRDUJ<qf24(gZQ{L*d$ughUXI8t06jkor$@Ozw?ecC$f;6<y*F7wC
zl`@!XWJL#@(JBIl9t}aT78_&^-UrsbPKR3$^ITmWIs0slyr%+IEIF@13Qzk1U0+xX
ze$MK#TbA-XM^pd!J>hSDqE<)eDv&a*NO1(TQ6e{?=5z0KXvhqF7=gS~Y6?$gyF<2t
z7Xp7Rg|c9PU9E{+^)}b#gD{%MLzt)f2(wYS7KiZ052GgP#J5#=>~;X^^4x8zcvxuC
z7h=v7B}}37i@Ir>c3ueS0#A<kY<DEF746?hO*YC<dZXM65Y4%57omfHk1%klW38Z7
zcZtBi@Ym?tMaM=-q%>P8=MCLFCi{?ob2hx+_nK^Y6Q}MQ%4CpbA@~^^xs9{z{lR&m
zk}tENe#cY!h5x#hA8AARmBiSW15RJV#rdo#;8&u*;YCm0Mt54%TA+I+aN87Z;MHMB
zcn6+We1a9fz{o&q)p=%aaP8uQ=)I@#0{JsM3u_DZS-c<Ihi0wJha;_?M2#rB^>bCv
zPp~4UE9^`z<gb2j>{ppA{v1<B7?Ra`j$aiOyZa`@2Fw~=_bJeGU-#)(U9aYDslx(I
z>aEt0FrjG(xb_T{fnB5_5$n-D4lN)+_@4spyO@uON$?&{Tqvy-Y+#k2#-7CPnK6Wy
zq9CKhD!(?<x#Mq{kfKmpj?3UEPIQy|G2fpfk#v(DgY4I*UPulks|Z5cW4+*QvEB*+
zCH9>lv8^#o^nx$U9kL`7yyxRU^(Hg60sni7QWaoWrq;Xj+suWj5*6%k?{5x2bUb7S
zEp|C@4ER41?y=mXt(`TKId(mvAWSb<Mnh5m6q#a0KI^zcD;+iLO`KvO@%T!!u=gXx
zDC4UPhlrJo7Rn>qafIMUEF-fNVTa-t0wX0z$-9;U60*f`(tbCly)E^R+#QZ<0_m}&
z-DF0x?rYG^7Tq+7CCIzP3Xi?#`3ts(qYU)1hoKSSH@)?0;LS1TJm*M5{pY)espj?!
zk%wJ%8%8WPhj1kyx4p$C^{=OHaLGh-zaq%|yKS8X<M-sYWV~Ig|17}O*47?4V^)_$
zZF5*p;~a}>L_%sy!tfc)f9QHUxgvPo^lRRYmm?q=HG5U#csg40)f<BrerWng;Lbx=
z=mh#~x}w^Az2$yyb1C<X;uqzpeb$$k`yov3)scXb0DhOR&-sNxSUFEtnv#K)z!~2-
zWTonj5UkvKj6sZVsdhR|JOs+*c}=O!<j!*cz}QpA))~AKehu-C`OqvLi)bR~zFyt}
zQ@yBf$g|z;Vmp270qhHILc=cy%>xDqRoD^agF2etIS05XTd?sN8w4R@ue**1^Q9aV
zD+Ricl7uN2Udiiu1?%Fm0f#)#m*@clX(B6JQ7A|kQf7AVP+I-y|9H7?za)t6ECZ1-
z(gvNL^w07q`YTnscx>jQzZ@gRmX$e-%4tqsO#iy?mGUT*(f6nIx!c>)3`4PeD$ss=
zeO`^R>@d}G+X8-BOq5vca;F&Zzhvml<sn;h@P!2oyrQyf0n{bWF1~nRWY-^tqFsAu
z#evYw;VBDL@avV#gj&*^+D~dX#kp<VFc+APL;Vd?*!N=;GC9o|=bdAZ&Jo@MiQx@{
z1D+4X2wa|6tUl3^2pAOAP0VQ*qFGAfnB(LNoqbf<8j*Z*e}gA4Fvlu9Jb!Uo^;FIi
zL`KSaH0?|2lKQGZ%lq>U{`_i9xRwY0%C$Xvy_sWMbl1B~&grN+x4U~iXR6tYczK<~
zjffXK`Rk?jEaJg8dL}~We2vw>XQhMI*f&M%V6*{!CV@mk8B65W&xbsf42MvSgaj{6
ziM0(o&UEJDS2H@hJ>yv$rh?~94#&aBYdLmaAVtPa-$2QR3FR5Z#<?Erx0KKf;{d$1
z6n*jnT`cd5S7FQH{b!JGn1Jhk(Gm^cHjTHuKFy#`@6RtV@THxfY+*pY{Xz*2irq@$
zk^s&@qXF2VjPGaoDQ)cNOC+{CTjUSr@<OAVK1R{!YZDV=zoG6WL&Ie*k%LoUJON{y
z;@gPf2f_T9J?qS7&L8zyj{*nF52l?1Ts{-24D($Jr-obIFVrL1^M8>nQx#y{UIO`1
z!8fOXom52WQbNPz$Wyn!DDwZN3ISMB7FvaPV1=PD-feppOiyxN4M}4Y{-6Os0qCV^
zzS01xctIi$$=E_Mt_ddh=FSI~lPJRO3!mNf&g4cGAlV^GP<AV}&(-~rovwDx?`y`P
z!eNUT=*?YeedIHBB%M^dGE+p^I(Kn)_FYKyp~0bHuI_aGxLw6FoSZ}CSQMOliTWJ<
z>GcUAHS|vHUo4jOA3wdH&lvLmZ9^OxA1~lPUvfympfzl=7-23gC&ytxM>7&Bq)(oK
zgHORlh3t>R#4)An!ygqHvRoo^8D=)%?=`~Z?tGkaeu+Ay@D|xu_p}fa<rvo!URX+S
zv3VkFv!G3@F6{a8EuyxyhG(7NMhNYCWIHrUSh^Nns(k@ell)k6W(F$!ngWnSi$KD0
zN{$RolIp1FV_h1qq6tSJtg5RnAu&?oumI6VkpqRBSK+}L;jZZiQGN!4okM%~Lnh%?
zR8)+wC`%1#9oZAq9)408oi91y3x`XAlvmWNmMUs8F=nvg0_9?H$GBzxx(9zM(hqa4
zfr2}pqFNC*cs<@kXG6~QiLXxIzI5_VQiaX0RdqK3H77eDRZA%Ha3H7ZdKJW6I)+m2
z3U|DdYvEQEN6w8L`;Su=7YSU?l914Us&`!1x}wvwOzg1wFt9{KjJknanZ@F@cN<P#
z4zgQ!L@9C%2a?UN&>Oa^1)d17vyY@~hW7pXeBHxpSLHxHglD>(vO1z=rauhcaMy~8
zQ7r3rTz@^~*Rq9k<$FmE0Mpr}iH9gS(RL|S?S{5G7$ftx2c1;YIr9h)g%rM&B~xJP
zGBdH$kNT)J+Go7t3WdhZENBEQy^OS+rIT}J-x+e@X=*G2Q-Lf1lm~F2FiLk;`#y+`
zc~FYAdK*d`1Ckr<9Z69R>|>iOhB~wkRqHpKIBq`Ib?%XX0YAsqPCPB&_TzafYn7~L
z!`E;JvL>0i3jtqSNZCr<<;^FRvxb7LM>W$7^mk>?J<rN@v%`gl+ZX4NQ950gG|9ku
zE<R(qK7Q*F{S%+nJHLmoWo^dJgka57?#tcZzHCC~PkT3hXFf)pLp&xK&Ni~RX}?q5
zTDwMy&2-}dPxIRkZ*jeA=)$TA6|s5sGBJ@Ke4cGEbGzQ~eEsuz@Kn5^Da?D<`kbDS
zYkapm>=^@C_zz2NqsJd4xdXU!3Jt*HKhqb_RNdQsTcdB8#+kMnVSJbvH$wq5@=IOB
zzy(*6x6e`>*8$rXcN^<Au%8}UK|lT=g2U|Bn~|zt{n?|R5_%T#Nh6fW*_4cHMO@Zf
z&_<?nO(xX@O)|VpS0+lIqpt)j-xT(;`f$^<JGp1j&MZ&Ncrv+#y?Wfdexitind*Oa
zT8+90@1Zxl@cDpgTbdca*A;U5eV=WbOAXu(|5m#9O?MwCF2jfS^v-c(Fo!s3m5i|!
zGqPiMW~B33-e_O;_fEqR(^IljJkaIdG_UDy=V|UZqfJ22I(~#H>cNfejz@rPe@AY8
z<q4#4u$D1x?m9i_LudG~{qw9X4QF@j<t@H@1fY4|4??n%yPyN6?%H+U@Hetcgjw&j
z3+$V*viyimn)tT8zU)T2VZjg+chT5VF|OG#QM<6XRoUh1Q@l09Dz*Fv@U1$hb63!O
z*inG>jf5Bkz;w&rQd1M@A9{DIL0a-ql4EftMcHe^SD)^b+L2XaM^IWnQlB8OEBLV6
z<W~_}=jh#-zJJ0C++M#<mJ2QOEFRhCdpT$rsoKBiTvP<40QQIcGn(cUv@Kk-4Bc~Z
zn?A;;vyIg13Wr^{nV!whH9vm`UL4WAhCMm7eV4qTV?OA_x=M0)qI*OoiM0(E3&$tz
zoQV{JHgD3lN#$L>d7L+NUq7`K@Obtb0^~6@0O15Wn8Cx2s#$dDpVLR0(CFS0$b>pK
zNKTX0Xe;?ot}2bu(&zrne*M`fxDfBR-bB(Czpa#fwL6nqtv0Sb%UWA}3|eE|xCFUS
zS3CNbi3+g2u=xSTeO7e6J1f3DR>5Paqnn@}Q1jG2VkN4ZKGp(geKnh^KC~ti7p-GV
z_~m^7f9?z#&6tY1!NJ>cC3v^sxc!qJ9N?Clsg*#YCN4R9hysusn3du0UA;6{n*`Hc
zE-`KOELvL=BJPgP(w|YDiI&||VyVN-Wd^?QwpkUh(Ho<30?B{#+SB%l39EkQ|9xZQ
z=!D974*SjHeG<!<AVr5~I6a;kE50oT3eRVxSr`~bC|e0STWqG3K$OSy>YnXhzBJvU
zbUzyyi+r(^a(Q8%vgmO^82xttT{=IIpopt{W=Em4w=xoakd1;koJqqm9*-gtJv2=|
zY-%7xlQg;REDB>U9;+cm@&9U`i~g(N+y|RjNT2^)Va$Ux4qI06{O`{d^Yt(x%T8sh
zRNTjZ`lX8RVnZ4qVjJN9a~p_=PfQTqe|+{R=lG92hyvxlkVdAw+WCL0^Y>Dajm%#~
z|Df^6{+C8+YUDMSKPHL({s;x;au$9qwHr<@aKdw*F51AU<2&m2aM({!TD__tQ&PJR
zG0wN~AysVtJ*4qah~iuYrCzDxJmlmP?K~3{S|4;!y`@z6>0l3L(=9QMTtO2^DlF1S
zpkzo_&8?{v#r#LC%q~+J3+5+MH%cmcSf%gP1vXh&{BY2OgXHUW4??tD5T@IR2Qg>4
zF&M>Jo$ZdH`;dXgDIKClE{*tD73?@2^p*KxCHsvIkrC)lM3B!u@OjHL^}JZ{-Grs1
zmEnGHpur4uyVE-cn1v6*;YW|R!ub6*gb=Nt5utGd#bD&sn1cQ&k}vK`rrZl!VPYex
zIU_N@YC`K6`Y4?U5<+7Jz7D)Qh=B3_`R*NzYWk-HCTJQbG^BDU;RyBydKxEDB>BkW
z{IblgY62NqsN9L=238uUQ$+dl45_!o-$`O-Uo~MAH+?ZC-Jm8A%qyjkK2buy^i)VU
z>s>!k<>OyI04jMHpt01U%QJ%h2M3=-pg(k}-}vR@%`*Ol;%5(AK-ym%{d=lO#XI2t
zg{%Mhu6~4Aj!-l2*21gvk15MfAQLoy%Ot*1{XY<dbe$FaE6gy%Hsl{+LCdNT6xesc
z)W7^&Hf*YRB~?Dm|DCw*7K(gy2Yx=12AscG6#tAdX$h?j=T@nSG^-9n`M6Up8z9<-
z`#b^0EYdM*&N)I5$ZXX~NY&q}?EUm9icKS9EjyaYdD-(jH}1Z0U6HCE?rxPbv9G{=
zXZ0YONGU|*7&SyGi(8;xCG7XWKr%^~cj_7%u`p`2n2J?_P@(YfJ(>owl+pE?Na=Yt
zPV6JBwTkKnri8y33TI3|#BV--+kMgT7E32Pn7~ul#Z5~EC9dL%AC5f6SWP@E!aTpI
zJyfWo+gG3{fxN?l*wHuD%;(%h`E5Qxrsb0|WRCg`uFD}7FoL1vjK#=bUG!!~1;#Mf
zqa#U@H)v$9#Pz0=d4r`XKnT(#FP|{!cQYoao)~m>7gLSRU@fqYgg|)-=bISZNa!4r
zleX*DZ{N#FhnT@KJ7zV{xJz(W#CXwrNfff4%U;s3x{E1EVQyjlcDB@ohOan<?sL2L
zO$oWXOksOL6?VsNKI(&aa1}~_FwbnE?}`{&h2-SOg}WyfovZ8;{Z-97d=|ku0LsLy
zya+=(*S2z}(A@3T@#I7cZ3qmR|Ke6DFxwEx-~d({=YHy_iKYyL&;2NVN<^qY;YBB!
zl3Yj#`^S7GI09LlqN6WtF&_%&BOyl&=I5=?b@$bwJ(E8&ViS|LvF6i$?t=N^FacpQ
z1dA7@?Y#MPh0mAleoI8u4R&$uR8JRst7jOPm}mie_>Lw}9q!NOycZaXyBgv0LKmdN
z-=@7ijsCdVVe0M{HVY;04@^86M8DNLhLid0gz;rK$ofi`E69ma-|paUcQRFrH}%2m
zT)Z@S2HZGs?|OYR9=<~TsATx_fi&fI_@ltylhO3BGx!I?ezXWF4no+LhZLJsOl#68
z)vZ$00CW^ow3vqj9wbx{Xl@-AN#)9i4L1$2TDCi`eaNu1eg8XVmdaeQwx?(Imj{9i
zveSNkP;>bgf&pb<T+kY;Oad)Ormzomr;00;Xs8=k?E*;||4StVm8gGF3GberT>(3e
z4~_XA8V6qJGWr}`u<(1F$(tfmaQk4YXz)(QYVJGga)U!iJPX$OHG(mDB|WSgy?nWZ
z@}jzA1f^s!y{fePL%14Ev0l$rSid__MyPNWFBcpB&35({Uz0%u-c66Q=NnodpKAA}
zzer-M0Kwb63uzA}Wh{cmw9<!o`Q-Bwc_KckY11~tQhUf?delQTIIbekF@Z1yHscJV
zvJ?gf%irF$*4stq_}l?p6h&FTW5=U@lVi`nq9O1<!9`>n?^*S7{Y_`iE_`B<rIB0T
z-+Nc8Z0!rD|Lu6kYs40q`WsWC-*4&o)>9n=BQ)2rwa~4Dz4_1_cZfzoTD;YOb*Hq%
z^mic~zt*Q<*#cI@S*-VtNF#M)_5Ct#`vq3`Pb6rxAk~>ZqXKFQBg|Zlvd~LN!a%Lv
z)(e{j)`K*HAT~??IMtIBXI-$T@7)?!yB9ebUuessv1v7jw(;K`>DS*iZF5|6CQaNN
z3xg0_nWJ`Bp2*=;4ABGiG^{&VIW~(Q7hB6-jx=mUhDGmp(u#w4*|^BXc~WoleqC5(
zC4SsmmhPgOvqk~{{)%4t`Q=?A4q-UrsU<!hWka`pyF55L+G`ZgOd?3a3S6^2P>*7e
zyGR<x@XA}I8@tmL5ctJVXa-p~7=UnBAlf??;o=fE$WYv5hc1<>@Z}c{H%Wv%kW)Z(
z%2=B41l`;(2uFYcrDWi;186Rd09SxHv!a11OWhC`*R8oRDg{m-bF#nV#qkNLIlobm
zp8$M67bNii91yM_M95|FTaBraD#>1fjh@}yOv8*OG(5jHwA8xy*Q#&0^~)4BW$0EG
zaX+Nsi)ehJoYLM13$wT?$I_$zqT~c%CJ}==6hTR`E=sK?&|I-Ixm~&a?!t00)t-Wv
ze=?F6vjq;$YtgqJ>Q}#mT`4|0(4Mt`5qT@&T9-Y5jQQ(~#rhTlXUHLsG9tQpj=vLr
zOD&ZUx&X?W+*BNJn?ZtLf^K?Ubm~iHlPA(`mB$zRYy|BXR1IFXaCJTH+WH%!s;<A*
z`uNvc<)<2ewC)EgllG6KeA6&RPHQD=7=7Qxa)b%*RG;zQ5xz$)^1R>JlA(7G`<-`Z
z5MeO}B%k^mYcJriI`sp;>L5L~6-PMip+%>~on?T{IHG|NuK9-#{<R}85Ow9Q(9gw(
zx_?1}R4RK!yQ*&ldEV5stFzgDvjj0;=f?s&rl!9e*IvbnjG7^aq+!rtQ}D$;F#^TY
z0rc_kWiQLSHu4+s_ae#Nn9-Aik8x8CpRt>-Tx-nwJ??*(6E~r?;>4NuCZ%P?dyRDU
zhc*ads!Y+Yt8AkdL;b<m3&y9NkaUTmwVJ6#ASJCKY>Ll~&?f6jDA?dXUg^XO$mK^5
zNzvQp%ea$WDZQZe^*uLvU&^W%{!IwI=*y=M!p_^fkrxx-%xZk9Ih7!VAf8zJKhxCj
z0c8_1;M|u<%3(6s`LkZ7kf)wq)m|~N?D(%t7*l4$%=N?f&je_!J=v(l?A~ga*?sT;
zG8t+^ciAYznR>$957XF7))DGBSRqD33g>LBecyR(IXr9`9Xi{|l8O3~?RnFy^`a8G
z)?$6%_rkoH2z#xGU)wFLBJNOnK+oH+2CCsz4^S)<Ne_JaC4rOD2%ZX^vra*@ScBNK
z*$J^6s@>^PL%$Gq9O4;~2fYRjj*d$<(Vk2Scap*_h$=rgU_Vmxnq@9*j6QZWdI9WK
zIx*io`BFIg4T{rYf7c$tZ@*QwrsndYqmige70Jd;b*d28TVqA!P6Wh;%Bnbf<>eAA
z{y-4Xg&QmcR|p)*JItYg(LRL#kPu$xR%2hUYle?=c0Mw&Q@Y!HWO^hw_d|SbF~RqC
z?<Ba9WGzKyl@3Grc#lI>U`;7wNPfxhOaTNeZDn&?2#h5uP2p^6$HuNo8q88d+XMTl
zxLlcOkCn@`IYZZ3kaqEkj6QMC7oYYZaN%!d303uNLcd(}NuXC9t;BKckhEVdeY)qf
zi_0J*i04HG#AS}M-OA<djZL-~V)bm0hFH4m5G-^EZNbcNSg%WZ-**o&;dy(U2Ip25
zUfi_H989*dupUhkba><B``b~YmD&|GoARf3$c>pdPH$X;c<m;kI^IQ3QLf4)>6=QQ
z|GGv|jf^tOY(^%MhN~NUuyYmtGpiuZwCswzLev+<Xsz2~wn8wZpz<;GPW05c8Q)mM
zg|6y&naIH#Gr?lFz`w2(WqZay06jc5H%=*F1G^(TY#S(pJm#tTASK?2y)OgoeJuRD
ziP7W-%+5{5Yu2TSmtdJxBqT|j;d)PkDAp#`qoazfLDb#4E!P@Do`M&4xLmOW^3FUS
zGg{9_ZDR*hts)LBv0D>4VGHYi=sCH*q+LF4%(v!vg>uzO7rtHd{MlIm<%uETQ2Y&F
z>^M>{JV(C<5N`MvlRGp|yB_NH>xTvU;&YuY3x@F5?a#+si`+<3c+D~N>CuF;H{{&R
zB!}OGE*3J3e?7VS2Z~9x)0~p{3VspZ3V1;o7<(msmH0(Jq}Iz-^cpjeAd;Ya{R}5J
zF9$4jUQE=M7dloTpma8~2FBl*o>xC0bNHZ&gra6|tG#&;XG^!#IQ{Z{wx1#u_S@!>
zeYV%BBk@S^#eA3NkD14+7jvG;zsj@2$<5?Ul?S+8l_3RGhX%e|LPM9Dqh~E79@{`P
zdV|83tPpO0y6}u8;le!)G~p^*=yhta!x~^Iykldh#6w^6AftVIkZ8XitiBl7?)r5U
z;0Z<Lcn}dgsvI6l(|}NCp(^tnLUo>p<f<b_{xlf3u<k`1H}rcO&elqrK#$itFmciI
z`grnvR)qVPdu*yn&q+Ve;2SQh_+ksxxHwZEjun%_N!aaBzYiZ7dH(#%Po{%-Bzt!S
zjS#<;2pZFn61E?SS~3vZV$6b;dyoT@*&h-y?%}Y*30c#lD@5C1HSWYgA2Wz!bt^ib
zPd2}|TW=cOm&~}W<o8)%1<c)zT#VlNObXAUGc_IWHuI531E8FD=-tcAYenCygga|j
zZP<p!FOma8B|<_BYF4v6ZJ()QpM4qPU0Mk6!wyeB0MFZ&egu*u1JOwfxnbt3^y5Ar
zX<A!C^PY&A(JJ51>}i+-6dP7dKMLQxuRVWE)m?O^CZ0<Az1ZgW&Iky}Az!JNuQ@Vs
zzEie+5;b#Su8KrNPSzBc7oP*ZOq^uK4B4hqA639IH{!Amv%4H#8YZD4Am6@hR>`};
z^?#VMs}N3Ag|<Nc=o-uh|6@oqm?Yj~baYt40xjU@N#1HZOe7API~@7RChPOv4;maV
z=*86JU^|!9MmH+|uCGj#lrOd3YSBnc2+hGC6EnimMe}0$Ix}PTDw8iBBYm7S6K)4q
z^mL?y7;{*F84Vpp)sP1UgGg9zSYL|U?~Mvbpm#8ouRVma!pWN5S>@u)bjGvD$bFdJ
zIh6FmJMC@d7+Uhouikg4o`O`kPd~@%5lF^IWqTJ1`ZUFFqGDu+Yl}eU$kO4mnM1^;
zxufFtpCimUKat=P*&(YCZs1{tTU9;L5m6^%OJR`pVpQ$aG)d+r!2xG<_Zk7Z@~4@R
z^s0#%9E@**&N-cc7Seb?3ZyPtVc73AUISH{nm&NV;PUXq56K+KjxKXqXJs9N(&N?W
z6_4V4^Or`QCVvr8rLh4XdwtI5KMAYtcE#)!KA+bRRhgl&;`g>pWO*~fkmN{KzN7~f
zba3iYh4M?5d)gO_vNMik=(b~Nthb8IAr2RpV|eSC@8qq?d$E|cipMKmn^|r)G_Ch^
zp?k6Ob0RL`bbX<Gyu6%bXN?L5odA}b59I4hsblwc@aoFZRzS)eA5?!4N`Ij@f3H_;
zNy*&G8gA$%@W-`Bj)JbZndX)m7-^a^c$_H(?qU)tcKo|dK_Pm+t+qkw6{<j<nKwb0
zi6v5IF48!3igtpD(Y=S);r(=*KW|ky-nu_>xoU;ZY9k~##p+Ue*DFYyhR~CYjq&gf
z!p4LwEg8r+W5jT|U|?gyW$kAhe}bYLWia|_7fyV|panA5)uB%NQmd=cAITR#Q8dgQ
zkuxx)taXuy>k7}YAoz<TTruWeA2xN7MU6%QFgT|hp(Y%Wr3@U~Zal`Op%%k+Os-A}
zP07)dIn=1%ZAKo$qNgw@V#@|x&bv+>#IBMYXWXE-(2`eB&Tn%ljYS@emXwd|zFK%6
znJp1475mqgg-VWZsTpysOiW%4onQumuj;!3#afh^4igfi5UtvTtG*3#Pg|gOBv=4G
zB(p|{^(gA;4=yeAK3(^8NIg>Zu;G)bK4MWB`w<5`n7scvn6R84C2YjG?&4W~oWr2|
z*XeE+|GVXj3u*uhV8?l&FPOu^Ln*`R?DwnJ2e%BHUj_;YmMRJ7H8H9Lv*T^`J-Ve9
zZuve}-#gG)I4p-4Fox$Eus;sPV6mG|NEpml;5z)7nJZqZ@uO4Zua)4%)T4ySar%ac
zt8b@Xb>4NH!AR@Hw10w6nw~;wyYo3T&u{#;erRjFQJ&jKf)*E?ei6dabv0ooIuw&+
zra{k#nWiGZ<gTVg)OadlH-NF;YyKtpvW`7OskZ&=jd(r&1u#2U03p7+m*2}uhZ?I;
zvetd#i|}fjP_lqCJW8#i_~N3~amHTl%QHjQ5GFuqLPl1$FyO_CyR4}mRq7AR!%Wh;
zh!<8&j;vlEFC?_Qz9P$@IWO{+eONH8l4wApN7Qz{qOW73Jpn(%L2lyq1f##i^F4!>
zIc>DU1pZT#VQ#8hVVcV)K1f)^h7lSSdSNzKvn{RLi(H%zx7Fn#^{!dg=t%a4BVQ9)
z_~ravGvEx``;?j69@Jd}z-YA788bKH{o<}l-f7fGD&^zRJt#-om-B?~`f)!zG6t!4
zK8}gQ^j1*#DJFNoMb}q{)Rs240xDWk*F-Q=DRDB+d>$30z$S%8;b6T8fdz`<6ZtQR
zAYX2x-tVAQifyQG?xUTai<0G$W*tJ9RdCnKaMLmSraGFE`9Iaf2oqZ9VZA_ZKmvET
z@3LsSH7NKa$tpc#y3A!UBR!UN`&2Ct_6J;>ilb^a37|r#dKEimM<WOwuNxe9?e4Ie
z7VMr;-<xvx2H%7}BC#EQ5s7(M29|lULSLY`Mz<IQ;u1Pq2@p$<w=5bVQM6GWZ8m{m
zFQLHN(UG`QBz=vR9|Qt9G&7t!BajQ2)#e{Z_62kuIYQkK5%}&xmK<~s^n!nXp<rdb
zONLQZmhE~K>rJ;FLPSdtFM4$If<5^95xrg54w!X9JjjuAdEZ8^jRB*Rx0pS2DUEUj
z*(tljBp~NVnvjbamfzE;3nB6w{~~TW>*+&XnT-A|N4M%#g(Tm?i8nTp6Okomw>Qm7
z0tPQNxd8wlBPI&RMuxhBX<|73T<Oa1KKk0zf3<L2jD{+WiHkSQmiK(`GPXTq^k9mn
z<wS0B*Q^sygR=SP4y?Iy!o#OP+g$8s=l+HrWZ33zI#u<Fx=)%a=xN3MxO>!3E|K6v
zh=p6Bm%kA2v0&&psNW})v`I$a9k^>#NUwu+K)BN2N|$~nY=tLYMTR@X5lOLFW6sn_
zI+~vmqx8M6FQ1hzr((Ss&L@7?Nq|^XCdB?LuiPfA20u@=aRT6(xni{jbH&P%N)+9L
ziB9);F=IH<k>JnI3U*N<`;AVK`-2!l&j3iRh$ysvwD^-4S}N-RZhY<a7C-ECyVWr_
zq^la=4}{?|zdmP%^dB{nhfJ)Z7D4hmvimXJ-oue6ous+FT)vMUoe_UeputK{zjJJh
zo{>M){e5f&gNQJQ3gHg$yA)DSZXh%~xyWfT=<~H`c-<I>uZ`k%rn()?$UglzP?LK=
zRwfgPwf}gb#h};8SQgW?1vGxTCX_gQ5%){ROQ+d_3yeIFeK%s|p$d&ZWdYJD93AI5
za1vVC=rOD}e{X5=)()1jnyv|Am_AIXV==z^8?mK?j;FY7dCKuLN`OSx)#DH&KRI{$
ziscC)h`oIkta4BX$7V65aO}^UFldvKY4y>``{w0_Sb&Zv8y)I(5xvP4ihvop5lW^E
z?(}HoK&u$AXHVfnXv|(x!QiGQyZ@$ZsL)6D`CYR(=IBhn2M6v={$B)Mb|m`LUbn6%
zolf4MEy)nYJE}v!@8B28aJ4(voHi%#@jo*uY1t`YbtX7N0(@6mjG?ZK2dONv+<h7T
zW&vI&v4!3rfIq*fF&m2#>vT1AJbZQNj~KCycB2$@1Tz488uXpi_Bb=qWg4U`9+?2*
zrWPe94m#i<Yyt~PM94^MeStVmwJzG#&`%zgB_l8S6+Le_8e^QW`bGWj+R%tYJ^LOy
zS0@1(XH%^jUH*aEkjvs!l6X3t>M~C#^U-)ut|ETgTGX%r_=S(mg>ss?)Re!C2;V#d
zL6Tv_0)w<llgCs*Z=8rER<YwvPT}9jK-rzvyt<f$b8G4~hS_a;3s(WE;z;Hh0ood*
zkqJwEw7SYY2FkD5TH*KD#3fyj1o-h5TO$#tven}`%Jlkh`IA#BNT1Lkf%&xF&q|+R
z(j>*}dmiutr!l^1OD0P^r;qQ#hK@>lmy{b668OiKOeWU+(4WoY%ZdFpQf4&*;OC1Z
ztwPjol)*EwAle85yQ8I?R2Y-6?*AN(j!nLm_i;6&gvSo8v;XOk2eik94f17E6CJ0e
z5+Lip2;uzmkyPqVlh-<72CvMXZse?3Xvu588IjRT)d{-y&omzePRTT17|w_Q4)6;~
zi_#m&!ArHp@<|_Va|vtqS#h%ry9S}<`Pw&I3PP~xNsGfqM&|n3WRgdRdwS=W(|E=L
z&grS8+4(7DriYT*Si{Kx4D{54<Z8=K(}Ru|HEHOgnE>To&pr@$Ji&zsTd+hapC=EU
zQhkR!Zu$^R4kxwYgUhat46uG;R)aNwVujLNT76L=+mwhRMqcU3+&DcsDeA+XaDo@T
zZ@(+87xk>|ibKNwkMi|tfbtnrx>ADA2ERFB%ic_P^s=^h>`j|>Y^-ByXA<Y-Aw{Yi
zCZO3OP8lajR=z{^VVc#e8VCt^<KsbWfv*){W19+jIK<!}S8DVm5$S&CqU=BHNEs_^
zbog0RMJBlLxmNQeX3|yJ=?_buQGDJhM;Xe-MxmE#MZd$3S>qjCncWrIr{wCvAF3aC
z<5_T*PW7v=UcXK&WM2X`6V5I!!OCRb*aSYh@rY6YrVXKz+<4T^n**P}`{rLX@RU{0
zYS5_LBSw}TeQlgkb{CZS+{P_7-$*88Jcr8YX#DW<y;1E565`HxK>{)MsJHOg9{xjV
z{N+wQOG2XfX(kJb|BxS$Rlp4rqtg1|Q>pt8aq|D5BZvojKMK{-FcB{w_Iq|<OXf{<
z)gOn+M_Y7gKP>r^LtFbpI9c&r24b>J^o%ZHuk-}6nX_@^iU?aZ*B!mveHoGu80x<P
zaJJ}3_TRAh10Z9{6`R*f!QwB2jTR;?F1Fk@(LsD4qokO(;jPLv)sqVGKghS(0x6w*
zWE;Kauf57OeyGDV<U&X}y#OToz--08$)lSZ)uf9u>HV#vpVSNkc^cSk>(*T69*4xD
zyVGl@5RuTT#`x<`6gS&3&+D3VnwIM+A;uaf43cajCiRA<@hv6Wat;5C{9O^IJuxKM
zzzOcVV<BUk#8K6Uzk$Jc|9LIOe+W{={M5kLtk2Ps8}vchGU7RRJU_Z-muINE)oVgS
z-5~rK#H!^`6$YJptytyUFj$XsD*v`vch<j%wb1On|E5M!Y5&IMJ#w?F{$ao9gSaU2
zVa}Dytw|wzLOk1l(P^_Le>pLy{cryb7Jh6<<HY|L`7iT`|KH4I5YOVRB9Gr#HqT;L
zfLL%y$QNC$lKGM_$OioHIiCZHJ3DhwQc)#=K(UL9i+}8ot#!&^CJ~b1ko}+OR%!v@
z8owuZX=&;F;^IEKw9e1}VLf4Ou%X4o#EReySn-K??K~wA#l^gvW;;Irf+PcNqp&d+
zH2mvk|HrbCQuO5H-O>oQf~b(?qXS{i|GzFiOT!Ssh$6AO#pc4sl4||?7V0rb2J}f1
zxPf#nk!-1Gq6$~nHU9&XzaB#j(g7!XL-SR`|3XFl<S+l@e%scl_s;@S-v1ZgTjL9*
s|2yc06v$s|dFgD~<{usM@v!d$LIV`mRw^Izp&%ax8CB^jNt59J1B988!T<mO

diff --git a/components/engine/docs/sources/userguide/register-web.png b/components/engine/docs/sources/userguide/register-web.png
index 2c950d2e4b9fadbb595211c8e644e201c958a642..6c549f8fd335133f6a0d74ed60ce6c0466b93de0 100644
GIT binary patch
literal 40136
zcmeFZWl&w;)1XTTF-Xwh?ry<7xVyW%>%k?sySux)Lm=qE-Q8UdF87e%|CO4Vnz|p}
zxieLFs8B`rTC11s-mANx-aA-EO86Tz1~dc&#5Yk90XYbWcS{fukn5iz!B^xZ#iGC$
zf=&7PWkmV;@nr0*jZ7^JAt1<*%cHr(-}Ax;tc6aHeL*8KfsXzlNOig$CMZ!i_$et!
zFbLWV(3}<=6}e@H|M33Uq7L5jJBT)j86`n4+aK?9_Zl7)B*8{nJHOlq%uh~x3jkvt
zqmMSpAr*<s5JSjQ12p{$yR*z!j2r%Ngh6@|vgWQ-v8wq|IJ2I<U5#4Ao^w(UM;-@R
zwzdpacFYJ&e{cdl4Xw3Gi@oVYex+0v8*U<27aazOx{FaUNu*y9+ID5ZA+oTcV!dpq
z)h_&z|AKb30JRQ{_-GG1W<$f;)}=~K;SwT>5ITw*<ejY$<G&O1y;k{^HD26tXo^{j
zI#X#uh48G9KH__f&S!ohC`7%22H|_i;F1pOW0Vk*P+3E!grWpcOEEfuxbn1WwEs3+
za{on!EnHoV6RqDwVueyW6hZ9IHC^T5bO^xh&-3C^$@KR<p<O4n6=)&$xFdW^&vPve
z47fF0AGERdU#rSy8Q0l9vI{4GJPcLS&0RBHZ)6_c5dlosv&GwD!JCq9s-WVaA}PVH
zZ*57VYhbNsNaJj21Ku<U2u^2q@Sm234!U^GmKIj_?9N;Se`~OV|9-nnOMv&cii0^9
zfr_LI9>2AnAs!PABMlt^H#8m|9;cmw5xbm#(7&34|HnmO;^1JzPD={_0B8UVG}d;;
zwDfFjY_xPgXn*{m2G^jrcd>HNb*8qmC;UgqzsV6WwAZ&YwQ(@Dw!(XptE*@2=)grl
z@Yd14|NJvfLub?f=*i0dU(*6lkoK*FmY#-=_TOcLn{vKgWtTB^HndO?Fts$avIqCU
z&B(&U`M3UmSMnb{{->6z|Iw0#f%!kT{7)tSYRO6aHi7>%p?_BE?^W<}aYJ*`{`=B%
zLsRUi)<Qu1gb)?rRd9ZH+zzAhUAW^`(*+1Lc)w+Lfk;!CrK-EN<AH!Acx6WS%bdtn
z0O>m?<YREk`;-qzgCAlbF!4!}K1&m%6|wQI=olz!d<*)8V91n9IY5&IV`VU47fdFC
zHo)Gqdr^Fv!NJh;^;(3m^W{AGprYbIyF>B$DCKa%Wq-BZ4GQzKH^gUe@b44tyIybj
zpAb;se`t_024U~vA>P5mL%$=dk#U8zeX9lW9bNx#xgQ@y2vuChPb@qLNIVF^J~VJm
zh<DlW-UKlDr0}2KME;DX|M({CCmB@M0N=rv-gn@dkZ`F2<4a3!M>p8{VxX%rp42jL
zzPD~5-W`1j!(b94K#9cOqCyO&s&g$m>&z*zTb{o3ouU=yVCOVzuKv)<`r%CqUKa6B
z$9nOJmHS-1Uxle3G?}sosLNTrE<%OV(mjjo{jvYb^yx-wn!4ZWd~uvxv20_LCz*|Y
zbyQ|kJ2a_yH^lpQA|HjkX*kIg+ff!%WDHs&coR9P>blAQY5fj9>j*gkcQjdM`&|<+
z(!YuHCV<Ppr~11bJm9H4+4v#96`^syBfDHj{|)&z`E!1V5Fnhe$~*APz@zv-sY%y0
zZ6@q$Lr$?0N$WNLl=O+f_70niSr-+qbYOR?hYWSy><op1&|q-h7Uy!`)n~~WH9-0W
z0nX7D$LIh$EO^=ces;lzEU#4Y9Dve3J|Bw>bXX*sBDhWQYl1@Wmy{JU+0<xIk$$-B
zV7y*jdpKKi?IFt7NW4sk4sbAW(a+B%2fDXZT1$!CXJ8;wv$@<g%HdFP%a8=z!@FiZ
z=n;|j+?M#4=$iXQW0hVwO>a|&Q_3uUaw?^wEo>qyZ7OOQ$*WrEr}R?79vM+}+Zp_V
zc{9A|Y(q?9l@@QisS6n1#D9K~_<D;!t?kLm!}<BVY=FsaGL$iRED6;X&uwobtd|Z>
zQkGxK6NEkTF7pi0m~=EPSEaXb<<V;RkC&*Kgu~<zu{ftg@OIvr#WsBm4vr-kYXMFY
z{`I=UU=Yx6PBHX!aV(UBEsOz$^fWBJ`!q6iY!DO@HmWm*#ko>5dt2yx&{|PCFddHx
z*_+4>9B7?CNKZ}N*b<48RKC33#x9Ekz;AADcO3ffR~a%89Y)B`WWH?S!p18$I67S;
zqDD^{Xm{2h<vf#uz8f5Ks?hA2d1Rz39j(_9SrKZsR+&gz#yQLx73=|~RCA}~Z7)Kb
z#x6q+e}%nQ{-ZauZOl@Za+ckus$NI?dUaXKNI`)3;e+3k@pdTp@?ua)@}NI_r3>aP
z&Gsp$<p=au^WwvB7>OVcwcm<#@ns~CzPE`4b5PQH1y%U6ogN3*qw%VS#|NdExaN1y
zHNg&Ra&#7o4Sc72J74(;?4VN`xATi+XnPFdT9PD+8-_Zbo|2X)k{OxV{uo<aBc|?I
zTcYefh_qu^u`yGQ!d9RLIUm*zx3dp(FU$8;tTqJ-S_Ww|$HOlg76ihJf2YN>dHsA|
zJTMec5_&k$zBOxW2gK%}8Wgc@BO?_cPG(IgvPv&)bM=qPNpY6Up(sH(snHal5@#gN
z%dI6gmUbOI2#QtBmYbB1K}*-j<q~Cg<)EF7(+r~(U&+Xu6}vGI?onhH1z0St&qSH8
zri{WO@GQ#O*T<0;rC@iEIdiVa4&H3X*Bq_uisLHIB2$SBOfl`BP*d}Wy~a%1@fUEw
zE0QJ-Lq$r}69CpIs4H_85J+!Xg`#JW!(wL88JFcj*OS858p%t)LB)l`O=U~gF9I-+
zUjm9{n(*+IjcXcfuT$G5tzVj`IRG82zdt)>72WCO?_No$EC(t?P+v4sz+8F6JsVaP
z&dXUmXYLfEQj}h=*KMDP9yrb4-yExx1dh|W<7JD(y7k0CWR{{(<lJ)}(<f?eJfs>t
zO|Ki`cMtRJN#hEC=s(X3lG@2@uRk-}b{?DrWs(Sevdvt?ysVLGj85HSvOCU5NpP_P
zsQqRH1wLGMhVn>-&CrBFQHQ@ci~laMwG*GcCPb3{s(v_%{2h6Yfn#MZvIJNBp*-bY
zK0qi!v*3eQ8X7LkNN{OdLfnFgHDQW|gESQr@ikU#!D*CvKZ$t~58(H7sq-QyPsNj%
zVSEhZEz(!h;fVoyRLgmR2)VOVQ~wrZ_dQ{+BAPqN5?2>;5?kY^-@(_lzlil_4Ro_3
zDN+wOr}Zon#%>auNH|MfyG^ak(u^D?OuMtM#DuMp_)Q2R*X-zL8p+<jlZU!XBWxTp
zo1s~>lC7RBV@|RwC0DPZ*|FT!Cp6_u00Jq$Bv-LsoPdB&u68XYaf<w|BSgR(am{9p
zo%15+&8cpMDbdK(Jr%hrzS8=&w!K;lpS)r+ugo-@(Ii}~b;{HJ#osc|^99r}`2B#X
z2Gq!S@*H;&$z+n49U4bNvlTlvJG}IJPrjetxWU1rInewi298`>9S;4AlBs3&-}WcN
z&%Pf96|eEPJi_eK+lq1<FOuK=eE7($c6J(nA?UEU;#8V?SM<!h?N3?^(2oI>rw^8y
zFnY#T4laIwbxCRPOB(sDTXWC-AgT)J=Ci<dOdvShr?tg&<^AsLye9PE$1v|@;i2%c
z)@kA@HiY#K3JngQ39rqk>zTN#kibp0o_(~42z?KaSuD4;xh5c*e)ITbj4H4um5ena
zUVnFeR9a)<_RoQRXtU;sxpd)>t=_rVrv(=OnjTZtVrn3C@kBv#da1&3q37^y*eS|Z
zW`zA>`i!WEwdzSa)8^(?+DT%9<f#?K){QZ(o7$BleW17hs%qJTw)GLdn&9beaE@n<
zP<JZNagpv$lF~U=X^Z`e9o-5n<0qrkb~+iP^8Tg3*E?qAlF4P-X8s!xz4QpAy;tva
zIF*5Jb!5w#N=Uh8Lu{?}54)9x?%Q9!u`qjs-9Cpuat9U#33Bm!6?-T@FKa`(Q~bE4
zPY>=)j%M~6`6C6RHVm*FY930nQ}Z;6#I5CLk%rUX*d1c3q#;09IoWSpoVR%yX_6?1
zp9=KU;-XeAx>>9_D07T8jd-BO-W9$#G?YC#;%d4Tmm67hR6|@RKkeY%djOKmAZb+h
z<Z9@)3K{O}>c4Mavq2IiF+x)J8cZ?ab2T7UF>yHMnea6sn$e(Jk+d5PnqH9j>fuh*
ze|pW+CVQ*9R`m;~TJ?|trKZW{<sM}8Skx*ts!E5Rx>HNBOa8t#Sv-wHT>J6F|I0hi
z2i(ZIZ`JQ1A@RXGDenHhXF&F*$8@itmo{SWNy(#l>P*MRP9olLLmn|FVG{i%wmva1
zrl_)o*p_2Wi!~y5N=<V~OhNAxoUJJaX+J|o_zFtvPl^J#0;gw^`aD_zddl>Ka`Yj3
z{T|DkOLRXMEWib3{YaM0t{bYJu_IA_&C#+lw#m*BYNfsBdv~tS(e{tnENc6F)Ui@y
z)F9JSzg<NhRmtR?TO3s<v5zw@PB1BFCpm|tN&P{%Y*d9apd8C#jfUuxX!1{&zggw|
znhHq*H6=!<a{Aj1&rV^Nn?23EdaZ0NsSRYksMh#!xpu9|8`_H##_Sr|pW8mp!&E3O
zmo(w$>G}iUn<}C1+-rn``WLC~XEs<+sWlt8?Qau5v;sJBqkn5W0e7z_e}HEGV9`^4
zJsdILAh4<=qs+}~QMD~Bx3gXx%8Qc}J;1!toa2UeNZ;n&NphI;s&M%_P%mdzAe(vi
zEJsor53Dwk+)}tbWp#}2eED<O;f|xIPLRxM2&r6b1lX;nJXx`1>UU~W9rQn8Onzy#
ziQko)R86waX{aw|X0R=EqN%KvzP*lNB4gnk5L4@9k9iRUYN9-wRcm-m66yt4@^^NN
zaDsBn6&)JWhevgGl5WD*^y4raU7$uY?;SMs@Bj`w&SHb#6nUOzsHu&ztF3Dysrs3_
zm*lpQNRBeGHE2zc4r=uo{nT0?r+>ctJf8`XX>Wj0e)KewIXl3D+*lP2*u~{3$>dYf
zz^IMO&iHneiH|rIC7sFDa)8;gNG2^6GRLuZZMr-)IVA2!$1HwJ6n{FwAqr5%k9u&m
z7oW#w60Ds4{wHrot;%R#%Y)I)kgj-onYDoWb}xYm%h(-$3pIlul~Lp+<Jz5Tj`s+0
z!4Ulx0zr39+V#p_Zu-)A(x=|PeGMS@*)`SV)aUDstifwH@J?qX?wm{6RR5u!=Gi26
z6IE2fj>&mf6(#zkK%o?sxKXEKOj_0B`9?TOaI%W;EKKx5ysNAFA)#?-H5-RY$nu2G
ztJe6c7?bHWHlO)HBWCsAr`s7;a_|Zd^O22Suf;PuDYautOiBZ#RxMWcXf(1sh}#ma
z^J;3K`S261MR920T7Pn~!rd~8)%;CaV*?2jD&t5xhlPbn?(hezt2v_kQgIVDCX4Qr
z4D6K(16Q4>T{05)1fxV}u0#jtVLOn7s^%e1;|~7_L4duA(vyXyCEu?Ep`y-^LRBlJ
zOhyT%O8<qGFF5j>dU8@YtH=4Opi^43&3Y<OR|4_JiI4(|;d$iEqo18F<yrzctzpuE
z>v2$yBdaxI(v0eYKzEeqo9O)ceV*!Scs8zKH`*XU42(!S>~X;7<P)?sh<B|B&TpQZ
zP~WR<?uBw}TNv~wo1$Z@qy0SGbHNBHSUKUNLQIN3=~6A9@ttg9*fF5JON4C;11l&w
z*f~s4v%(?udE7#XTby>wP1PssgId%}8fqlj3@wt^HuOcWdD|um+UyI}XDCrPMA9X<
z`4Uy<lln!O4o#=i*7%3JWwb*$0Q+-NKtXeQG|C`V6Kg?S)rgTx)#2c)Nf?iSD1QrE
zXebL39aWu^q5)=Mc7bnkGul)llV!@|#*yOk`>_@HAs?*3js%VkWCC*Xt77Ozxcz2K
zBYuBRD+~hH=db#ZoIDGd5ky2&JrQTH*>J7<#_r1Ul!!g_<h@@Z@#wI={ERlOWNW&-
zm&fk0MZ+@!`(M29T_yf_E$?{$I%dRRpOo(ZtxpPeb>AG&{}NaCICo%WB)*0+oaNxP
zuwcdYkkahrV#%<4W;%K|aHW3r;k0PcjKXXQM0lwFiTD}8q?}v3%5Cmt<wLxqWx?Ug
z(U~&s>+@`<M0!oJ#Kmo=(zA|WWsT4YQ(al){35SOyWlidG1PI+Ks?)*)XAxyDe?U?
z>f%PL`_f|a{BN^b1}R3*9k*%XVsJcEXN?&(6*l~4VzSt0@2-zrRFq}Xhl7?}%QA+u
zf4Dsl<pIMsJFz%38p(CHW|58~uMhU-<QrX&aFuaOr)V(;JjVdi?lyRhvbu^(RxS=^
zL%gYh3A|=XY(LZo!9$sakn;8p@W%eGs@U0?_FTUkkXsL6^z8L}k%~KQOkn)u>siQy
zE=Yp*T#zZ6tJl|@JD*ZQvJ^S~+etO_m?ZUaL_Rfy!<bgG&Bpn5uHP<}Bqk><$BB@F
zV50KNeZ9$e6gE!hjnJK!i)c77mD}NZR8mTnW1?5uGP$CXd?vqu9DToa#@8kbcHC+k
zeqB3y$<QA)c&actxK?!UW$N$%`NNQA`%nP`roPkcwB}%#i>(zf5lGb1nvF-Sds>6K
zM-%GI@)+i%l~=@3%Vfl*+(B=voO?63XgzC0(pSB6beqY#)_tvL%)9(B(ppK^dOYh)
zb#mWC8wUCnWlw6?*e5XFFeY3um@<83C?DY}CO2yh<g85Jnmd!!N>?$#R|_}ZU5Vq(
zX>&2s-;NjxVMtAu_y)P(NG-o1b>itbi;ybcF+D-2JSyjrkuP>IQ`;!CGjfHgOp<0U
zSGhuFou-D}Tq|ox!mMa-B;g=Ldq6g-g5A9JKpis7MPl|5v%H6K7hts1GLvx4fX9P|
zWeV%s@o2Wh+!@4z6C$Gayt>+H?q$_ld(*k*c7|W@)c(qyfQwsO-jttMv>0-Wto%Ih
zb~~G?-0x2Ec$Ar&3~hb)$6al9(pXerMyZapu|eL@$L6_O6I0o4ehW6k950}lp3Vi$
zFGb=47Sb25tCiq3ZOPupnd&x^QGbxp&Q?3Sn(C%b!<1$zDk@`*3OeOfvholZG{-=Z
z+M^`YJA$dMmWG|-5-hqm8h`G0oP%?lmjn_GCDkq_ciH+$Eni{g4Db;194W6F02Naf
zZf_gxIUp);ZtpDEUpV6+qdJ*W&dbki9Ou4N>sEw$wBJdJww{F+AN|7SDAkhW93m?-
z6^6CK*&brKpPOm)*?sC!Zsl4b-p!e@*X_fTtlJUW^Or1M*k1VT3sGh&p3*3kzdc^2
zJXx06qT<5Hc>{AZYuJ#MPjRc=#;JRuAV$khk?b=?(m6?K-QMH*E8Ej8weze@j&7$w
z4=J?ZLCVMzW4W74=Ydr?a~!6>#=R+$4N&3k+~hCewm7^f&9!E&-bwjn4S+-)<*XV%
zS+6gZ?ll@p9(_0+nfIWdJ3UpwcGk&e+${|$!##T%cS($D6;?lcN<UpTW4qf5XT!xJ
zy)w>J;rMgV??vN$#>!>c^h{))z%rR9VZ>VqS(85DCMMDqGoAF=Yci((85F~ulbNCd
z9L8h(3N4IBhX?8Y8Za;-j-F0Lf*<vffybRqlwD1&U3cc1JClr5C=Cdmk1M7wUATi3
zlah{lEUNDJQ9=TCt+CZ}g{qR-<&*6zBgahUz3E<ItF$ocIH15&iyYt9v{f}V6taNr
ziKN~yLHe6E|ByXQ$yx81gA((z|Dwd_TYYu3HlS8=4PnT=;*{z3!w{DuPth!=QQt(J
zA#Kc7tGM}M!G|#U)g}QiG$zM|>DeiCl3dWl<Fjc#y6<v~<Ql}a;E2Z3>{K%&gyrlM
zNlg4w={|52l(S%mVJxvZTK{g#q=xsZ<4JOIVk{Ih#{HX#&9F#VQO)l~mWK5^1;w4v
zN7Rbo$jgcP;|ebpif8DH)%Ye6WfR-8z}o&*0;0W{xtAkRl8hbuORwsBf~#u)c_-Dg
zchr09&SqC=Y?!fou9lPFtwl$g%g^OQ6<z|=;lOXkt|xN_OTEu5MRBhw-&EE}<-1UB
zM)*`UrN2?bX(Jtz!+MU65!0j=rCrN!nZqCU`+C5mp}osMZr+`j#SqrD?a<Fxaoj^(
zS@XJ^EIEJ)`xUC*7^L;fL7uUGVy>*tk03`b_|M5VJ6GrY?0#d{egC#XN?H^nC9Rlv
z?dOaa0Y)y~qsEB`c}PY?+H`cz)VMlCf{Qdv(xDOdr^LJDPz>pDG|0Wjo91uhsRG_C
z<^fH2a_uy^Q~b2rQxOAqg<ArxwGoPcK2f!3Nr33+y5yH#7d7hGwGr(<s`h)lUw7~e
z9nw%wh@mlWyicVC8mmn+Tm$3BzUhH|wOA=_971+A=POdZvVk;pP-*eJYf^BT7(<~E
z<&a&BSnyPTD?`D-O5oS8AhvyrY<3P)Hp>3%Z9@5sVFX2Y$D>oYMzzoPUXW;PMh)6L
zSFh1qhQ}4%!<(d}w*8UMA*a);`5V`=29~}ZsuG?weybX>`g24aE`cL3UnM23Fr=4`
z<iLw+rr!no`D+qHXUMYqHEVmH2*5@5BN75b&p{EV+ElwvN;mN~qv92o&~F8M=yT9+
z#pz&&JfG;9fiYhvMl~LOVg^hK>XY1ZS*~jHiG<|unK=fM0&ygT=r6Vzoujmrg;mu{
zXPXzJ=+WICiBu-U$b@t);fwTpL7qyPomOH>QeT*y^ONXB41G0gnGwoIbBKK<$~)ev
zOeKuCrgcD2C{hHgSadv*Vsv_X2(M7{@5wk8#zqO(_b2F2DIA$nk!~-{dtanLmae`^
zIwmDwl{5yXvo;d2KM5>ew)XyfV2U4H(OT4KG(9>BxxRTY!oSdPz#pr;OpVEzGQ97%
zKhT~}NWZvp6lmi8(~mbD`o8tAmQ&Q^<U~o4Ac5mkO!g{<n%%$r+MX_VO<}&}Oo^4u
zF9b)ai_cmbD3g9}b|Ggdbb4V8>}wZ3I6mvjR=DB!kQR2bdUwn8rQpRs1ru|Hq?$RU
zq)6E6;h5R_J}fN`c)~%8IMEN|@%1U0$Ar_k4*`EVOI+$<&#i+h|KlG0#}UC&>(yVp
z&t@dIBaQik35u)BXu!iPzJ@K91FwbnL{h`ukb)s>vV25UdB*3oQPvihgDa^`!FNA)
zu1Onb*8H2aJTs!INeJo5rl*Zzu#I{Jy^aqoWxCJT>4l8HH3(yQ@(#?@B&_b7mK~`h
zFL~x^4?5o=d~$W>FCb6MY&RPZEA*Y6YPCCj^2BZJ^IAx0Y{lG%ZY?`S+4!C;Iik@B
zs{?=e{Rc2i1Co<_;VAkfSG>i(UL5*+N$>3e9iQ0k_nOFT2^l9hW{ZypE8pX(O05cB
zA9TzugggxkcNq?5?04$RCF?(sAJw`J-qu`|J4A0RRDJOy>Mu+$wK6H=zOu5Y7%keG
zuD=pMrL2qzHaB8D3ZXtWH3E`g(U)Tt_DK@uuZ@3-rybSFAJ?mU@C2ewSN=XVhaBh8
z%_*O&K|Mff*q*N&YT4~Ol(#O>#>>&671nETw`FV>C+;VS8!$Vfl(N*yT;WaAQrjg&
z-;*5X;W_VrDA*n1H%)D#B|qetTbk>;c|PDtNGnym%_`yM;Q$=1!T|YY8J4<-y=b@}
z_ckYyj@PO;VH{UsP%Cq!zcg5IxHjLMd2u0N1D-0kqwn_IP45{b?ni4%9TiEr_fVp7
z@%w&RZ5NKka^+rq3}l2+l(#gs?VD}i!%R&vr%9ODgI^36ABnEyEh_O!^lT<B=z_#5
zH$V3F7KMBww`+Vdd7oTu7oF;pX`4;iE@~ZI)|^N~NVoO{Wn!$fMS4g9)L>YaIpGGH
z$#Z_FgbNvni>zglf#Ke`(3K)0r8G3O5bGN$)O$)7v7g|5IOD)7JS_kX&alL4!ATEQ
zWHJL9f}}KOVmr`7eT%QE&I{+qvOn5Zc^=$GgJ5v;FOnR46~2EGsQIYvtY$ebQTHG;
zf?<Hjg5a%anQn|N5}GuwUQdqC&1rgzOxh`3J4Y8<xjTei=$VGjp*|gxmVubw@|Xi=
z7F+yYu8D}!;i1>LM<Nr|7pXV({#-|rp-B+HzFqh#nj{A$V(YPK_qB?~bWhv}O<zL{
z3~M+Bap-c;n1|C-^DDXj>nKlS=Vpbkw$;NVnJi$x|1sk(%c64NUcgKPBE6F1F5b|;
z<6?OBgZis+-wWm$t-)OA!l-)~js18tGslXNlfzO^WRaV?avn>a1pG~im{|IrmIEsT
zC$lHNQuJ0GF)rQM7mysGJ1ifc=cHf&7kpK87ys?)3WM2YBxZPLioh#ZzsE}43Q&=T
zN#o1_Mo>;k_@G1JjEXCdkAOaIepY{w^7hGLT_)fK6|GFP=NDn@$ihS4#Nk}sOjf+*
z$bEge#tc8MX$Us9#B$^HR#nf-3J&{BK`62Vg73oVYRl71a6(u7aNC05$|y`Go7cm0
z<AQ0J%2j7^+)BH^F&=#rC1w+S@C2Xoq`b$cY#%`^@1MAk2_KZmLY7G_mZ0NUXm@bQ
z*zP2eRnsmVsnXx+V!}dMJ>O?HZ3%2Eo!fa&opjRN9e%V;y|0Y?O~uoS2^)+r1Wza4
zRYP#(g~MpBhnBYAEVwg2%(H1Za6z|EEg7W$`s$S*`?~5yvNQFoGbV5g<zqpa2drIL
zw(o7U$ojiv!pPnV{!uVc?1}Q;Vf*1FeG`C>;RkjxAs~MdKnS8J0PxVj01rVDB7`%i
z6?f1V;`8Sai0`U0D?U14wkgC2Mt(u3o<wkvcz9%BWXkLK=@%IJp-q6fAYsd6G$$CW
zW`RlQhZ*e8AEAEg2!Kgo<o>Df<^SdmIy>D<nw;)kQ4yq5xGl?e3-?kF%~Fs{=ucyD
z0g2EQ_E7KN)_{+&>j+DAq3M2SzMi&{L#}dsyO_$ua79hcxkgt07vRllhIlsx<*aBx
zaHG>M(#vj~+n)R^`XJa6JOBQ#Pd$#X4w&IHp4(onkA0kULSB^_N3XjMW-CQRQsx|`
zwjxuHbg!|WD;}aLSz%DNcA=iM{wmv$7B0!gY9zG}eRi`=ooq#4`CKW!m(Ts~YNhgQ
z=s985U2kF+Tm6?X(&UWIO>87=!rZXwhDq_*q2$E`Oq=NyiyU;2^v^255oxPfOAzCB
zJd2WBV_|2*7Do9lQX91)1L(I!L0jw+Q|3;>G6}bArJu8zl8yw4|6dlp9{P{!)PVk~
z&bFa~$xL?5OMY|ojvvu(yuhPfY2OebW`;}cFQBWXc0=UxU}9}?x~e^-l^10z?`@lQ
zr@QkXlgSij28T)?UvD1GfwXBmg9jK~vrx^sC*#LNuW=kZ4)IBtABA&|R35%;*EgAh
z6tsiME7SbO%0<wH!uu%<`9e!TKncKK1n83J#l%Gr3t#yJ^XWNjKxp6QGdKt$16H1d
zHANV4dgi&|`KcH6)iElXC8T;XlMHD<Vhm&Y^58)AQHeFpz#%2H_Eo{BniE62hk{k3
zzEhs-nM9br>Oh*MOEHuB-elm!iIczF0$1OR;cO0|1kU(%!-hAGQocf=ILK&cyM7G%
zh}Io>=sVJnJ<t_$4blNV&{J^m8_epTGW^YtOhziY;LUELg*u%p@lSGg{sb>4`uZF4
zeNd^Fg0smcOt%B?y56uO$<$2@i*`20$uiNcnj_`K2E^T-7ow<f@zBS`1nApCJf|Bj
zYg33~9U`qC^xG1r+mj(fCxaLM+QU}%;dPZ2rAnNl^)t3N5^_Ha4}D(rlZj!x_@KYY
zk{^TwqMyaALCq;cnUCmvddpupegBSwyvFF47<+|cm1@zzJ}DtBZi<rg-N5Sme3nJZ
zTTii9Xlads;~2_$3~Yg8eg!LW6v^12c(F;zotOoqk6hV2k{~Aq++yk2is8qmKky}&
z*&FyfpP;`9EG&i6Fdi|p1B{p*_00|wT+SY>98s!1y=jaSVOK4Iy<FnUM7ImBAUBPo
zCt!oB@#pad$@A%U#P-$+??h^7qlF@K9F_A%`jUVWjq<45WS~1WVd&~(&m%DHTFG%R
zdYDPSP&zisI=O7=n>-6Uk)Qfkbfk{0-wAAWPK!Q#zQhOIpl>75qPuOBhmly72Z-Xn
z2|tirEWiW6v%&p*UNV4~sr*}W7H1z1d136s54a0P_3?matL<r!_?psW=WZjj>p*jI
z*{g;1;8sOxAN<0J{MlVyX1LwSyjzHBx(L_zQd9Gp#}oNSdym#s=~KEW{q}+s@_H=<
z4#fiPd%A;kPsOc~$RtuXPlf1j7#n|6DUJob_ekAp8?lzJFdmmBkj|6XN-w25_&axQ
z?k3@!{HF4^Bihe86Ft3$DwGe6&*&%-^>@GTwX=lIR+1U+%o9^Qm!1cwxRBp^OX`Q4
zz%^g#UG`4i$*9e1C1+fYuDX)ndNjzje3hKXNO@Sk%_f$!ViR0Ra$(rhq%!o_9LzxB
zasqGtv6T0mb>~5jqSJ~I$}eKX{s}p$m%6<;F@G^~l*k0Mc%*#3ZpLT~mhpzVs-8L~
z!zn(bTzTIMD+B1jw*}OR@ZPcRyl64YhT;9;8dkk-CM8BR$*l*>z)V81H~KV{Kns%s
z1rC6KE59e|x+?htk^7V3pGP5I)&SavHz9c6!KXp?HPq(cCnVXAzPIF=&!7FlX9pRV
z4=Z?>KOsWG=)pB1Ao=jYCykgi9_*V8Zvy?VZxKvy8St^;KZz9d{_S=Ki+%q;6+8Ai
zC1Y)UR=xz-A6tHYx*FpXMfjVs<Bbd@6plfR5ZWJMixMoLq|hji%#EBpbitGAW#ja)
zGfxj@V3`RgG3;T#-nzx{SzYx4khgSNo29QGFe~H$_e%bhFJUW0q^Aq<M}S<>TfqbA
z@r6L9QAQ<2H72Dn<VU8@40)<-9h#8q&mMyEd`qm+Ifuf+#!)PB{bX&dgL0>^?RI+_
zj`63k+b7>o>1`%-I*<+poPLqrcv<gHSs9_;4vP$MSl8tvwEe%z!C5!C{QPf=vYrg_
zJ=r*m?yriyCxH;ep=1BQP5!PJI8y?SOThEx{`DLS59kBl!Y&V@@ukNz+1$JDLaBOt
zQx~*2E_qk|G^xwEKmOi?AwLsy)Co}F6h+)AF2Vbs&hz42SR1-(5I})@_W`^SK0XLp
zzh_n_L<Pgd7P_ducFgqnvSioeAqJB;x2(0S@XG(b^hbetQ?`H)?^;xNjr$dPi{id1
zc7eg`h>y|cDYIu$jF0x))}hTp-D%XL&Emm>Z6S!yU)jJGQxxDG<X^pDdPnvn;BUUv
z|2ob1uT(fs<mSTa2Qf*<@>T8joK(O77YMn&+?Q@i%_IN9C{j_kcoE}hF-}SGq%)?b
zwfsVe|7e8!W9wPns)-30s?b^LSKX&HP@Kyts!Ix5wu-IGs^Q|;o2qaemNl|FFqJn4
zF*-hAcReeu6OTP^8IEVK9@T2TO05<GTOb8TO7dxe2Umb?YwX$j#)^cTfR_1-Myn&U
z+wz%b<Zv5f$u%Sou@>p)hyo<7@_qZ=jLYM|PPa2@M-S;F%HqeZR#$@tg{Q2F`O6by
z*PWx$7kN_)URk7?Yk!aTV{`MXRjeJ4jj!1%r~0$ZfFet@1*xyqX4AF-psk6u#*y+B
zGj)3e)5B}G?n8=s2KjCcVX*x%$5xZng!n_(_II+rcE;c^m;L^5?82AYFM}d%W=1zG
zS&zZF04uwp#bDU?W)hgeSm^^$l%8e{AOR!0_vJiF7DMu_Wr9vq(_dl@S)>KeTG_W2
z=C@p$`x&;3k?srPAdL=JG+UY4{hXn2=TnDk4&50}#r2i+HU)zQ(Ii@2e?tF}=!?*!
zd<ZV|vpkYfPp?VeHxy@nxY$2iI$Yoe{j;R)Iv|R9`YByI?2D2Ci@nwmEFu9aTZgR9
zT53=la_w~RwNuF)S_>w$9O5pGo9$^$5TJH!KX1>-(nt?Wy~Fc0`04|>ZE|61Jj)n3
zv&W`F^toHnWo!CyAU*tA<X@rkd<*tkdLv`Wm3Uwh>RzAwAat7I4M!Pz9?Mu6uoznX
z*f^)6gpGlOJvY(eyKz~>@`Q-J{*`OSh`Ih|#RErQxSIJ3-x-u`HH-!}wgxE|_BOAG
zI;o`Kg3SRm{*oNCGaHADQl~U5Q9JS6Bct`)BEv>eArY~aejmD(X+G$BbdNBWk`1OL
z05|~pFmvofen|phhCPwaQU5rTj#$mMBTgdeBtM<LfKi)qB#=_p(DpK45l(43)^X=<
zu-t7AEDu|dxZfGw*BW8XK^{#XSiwN*UX+MsDn?C__&Cmj8asnl=&_P~AVVX3^7G{A
zx5H3NZ`iHFbCFj8Ey1(%Y(e{NO>j5!-Mqx5>?&t1y`8Y(pX3psPJw1|kJMLMxhd4>
zLG~1w1W~n5JXWvSv}@rKWZ9^!${PvG`!$ESmBGV4Dk45RUafdm&$}zvHS*Ts{gWAy
zkG~z}Ob(aF058a@JS;mS;%xmK!BecLB!vzC1F}G_#MIWxP29Pwq_X`m9WQTZ_k)2#
z-GGH%H1$cWvJE6fD<5dpKC%W-B1iLh5uK&7&f5WJe54FB6Xor(g#IdUQ@7;dD2z=W
zR$pHHF=yOLB^j*B?BBvrL5?B`N(UNjuj9~pq^T?ecZvU@1k;pE#1pcEz;u3Vd-bHB
zJdAfiUo^!k*s3YZlYuIn;$j1E@rr&;JiBET6a}?_NjFVGF4vDunz0dB%bcDqa$48#
zw`3LVTgq~;4x0~|U9-wsqt+G<_9b{ElJKp+%B<;L%@)OBEs|537IHdPUz#`{qXMzP
zNqPSnpiCL8vC4>tE*Wy<-o{0F6BpAXyyOv^KOO<&jYcawaP|5S)b}=7h)+6b3o2lo
zj>}w`F39ZX=#jiHbm){v@;J6&>!Fnc58}Sr)oymh(LOuBtl4%lqgfOj%CiJ$E_hk&
z-qqD>9JE!DGo^B3>Uyu-5imI-B$wwl>xlZg$_P$&Z^hM~nV1%~`8IbgK(D|ZXe)6k
zk_g9f%f=?Y$96E1lVQQ$`pa=LcA+i*!8lWyc>9m_XD>ZZDTTO9oje&o8dU^bnZ(2d
zmVRi(!B4un0=V&u7hJkCrj1RydbiI#T94*NViNY^5fKv`+-4j~u>Xxiyfb*>O=p`;
zFa-?szUBWZtf)yBs#>qv&BiZW+#8&3faFE76@eW~P5+q>Y&`W5ooZmxMJRnsx!tjj
ziSX1~K7TYs0;x^HeN&(_R~E{%i4D!VUj?cfQ*<l07CTkni;z4>;t7M)(2pB3M)SYi
zIL6i4d|}H_UdXz<Y<H{<FqLza#o_VN$Sn(t`spQI&35TP@3+7R(M)(6|3EQ$6laPw
zICP@uz|Pq$xyrlDGa>~lJc#-WSgO7)mL44hdhcwQ|Kj@7J$B#RYlx&+$=1m&p$;;d
zMR4=H8H&S}l|MLTwDZ`>D8W@Q$6-M7UQ8oFHPrMOWF2XGv|NKd;gAWpnPKQzU^Q$<
zD2W)jOhp%H1#M-c;FSMBv+#|SG=(MPfPK_M&1ANX#>k&FtA=G-_B<uSR`_Dt%D+JA
zQNz!7t=l{sloU2G*5V0BGi)=W{iNMzu=ag=MR;KPoGFhp(bFj`^PtS)0p{e7pAC;C
z8h=MmEdj$lt7LHU-Uzu}e%ZF3v9+5zEjq0dm~O<Xntl-!$VUua!rZ<-7vmobV^-rP
z_C6poiXHu$At|QT{GL*4YnD34PJ*T5n6jjEUST;krF|h>ilNz`C;iF%{h@AQ9#At7
z#K962ukT8h-oYv4P<L*WnaspRn&GN*J9^qs0vGFKOq6$rJA?;dC#NlUF^qk3D-Y!6
z*u@e};A;2Vjvq?l?;i{ea+BL`s`K!YC6XwoK6OyV5IM6184b8qN7O@ruxmOT(l?pC
zuKe$hUDn27T%?t?sDNc{M3kLkx#`^~Zd|B*5ob~nnz6^**vzzajPxVsZA~4^4v~*0
z4=Kz{dqL`c$++tyDWo(V*D2(=nNe*(s4m5+T>^Ufku(nWLB?Ylr1vwQ69?m(>B_te
zx9B&9joByq^dski7aIg;p_&$d1WWcSrQB8&`JU>OTgHCt*f}@iQ)<#)hb9UdAGYWt
zH(Nt5E~NF^Tcwe)9Gz=#8q=6@@{<1ax$>CV)JFr3V_lRDIG~NFG#OdO!6kxI)_hX6
zMIPFkm>nLd*d+@Nk=Bn!Mxsa_rM?ii$EJT#u23W{QCARnpr{E!s1$zuX_r#s(#s<9
zh%wA1h<+_3MH|yJ=H^Mj<#1BN^573DMo;cGYLWa+WzM=U`52_1`C`clD9LdCG<F*u
zflG?rX`-%n^(!wYB>?Buc5A<oO7paxQTSwFLLkqD<;-L`##k`bKoOK-M*yAHIZkM)
zZDhG3pWjYol+9vk8SzyY#mEtY$ukMiFv$9x7e|5YL6=oVsSy<=P6;&v<4JBcJ5i=#
z6)m>eyw8`Ry~9E*SU7wcxi{HaMa{vFE>7Z_Mm}q?i)Fi~7)Eu#3_YX)VL_}(vs<F-
z)bCP*2wwLCVI<8arQ>9fVL|!A1Nh-)4Su-USUu|PJso~5DGse$V@ITK_jF9GiZS64
zN*!oe`wrBG4Xf`U-@mu{Zz<7l)tW5c%d&xKy;d=}x_MvjKP@VnrFgZyK+@~K%!TJ1
z(e6slNb2Ot7M7ymiEku4+$we+$GRjZWB}NPWx|GFp3$I9%Ol-+^HV&G`Gl-`p(7d}
zl-(1Cn&8I-vP+*{ReJO=9RB)RsF5zgMY5--zeyF%Bsc|k92TCM$bCknl~To48j`ZS
zy;=Nn70X&nQ37&63f6EhgqL%y&JIjvev#1>B(|v8#p$V^X-@$##!Inu47xFeN~pAm
z9C9*;U3a7;@a_>>OY2#|?hZtK>}x>D8jWsgD!bh6TfYGM{0GP32E=)0vDuKtr_<dy
z80?``B{yWO#>?;BKF%|}49~W$to%fsHFRuL3NJK}xNc&KAi-3c#9>PL;$50G^2eP?
z?T>)gR8uNkYG{0uM1ceqMNR2OQ5JnF=+7#3u&0NXKEs%>_@Yh!vS5jJ=^8uicQBAD
z2)8<pzw9~q@jTn&!94YHk<y9fPyjq`9#Q8eBqg?g91Rt?zTm@Us1GPedL?xWaA9?p
zM77NwK3S+j&jZLS)ReU}*FQYX&WAk>NtJxk8ViubBVyw|(QxF~2PFga?b%>rY*!T$
z{}WId0{N|ue*zekdgOq?2DeOvZl`~N@woAV^_D(Mnc?dup|NbRJC~vFtMkd9iqeOF
zu#2NAmgJU1gd|z?%&c<SVjFj>FKc@pFe|m)=#$*eO423qNdE3M>c)Yg9}tvDlpv8(
z?-!Mp7iaG{5?({gavB>OJWP5dE$O%#l;|RixYmWow-4<|c17>C{NzF~DXNk2tpJAB
zfk8Nc%k<%o`9kRRgrS{<8u7QXhw0P<)F85XaqRj34pm*7y8Jt}G5v))yzl$2MRjW~
zhj442k--S*9h$OXgrq|4am0~~FvI(q0sq0ck#7_gC&;Rzg9i-6q*B#h{=|ES)P$Rx
zvQ^<OK_g`E<lVzctNOpUHis&7dUiVQLl{+DtGMRRDdQ}md#XsK-nLgXNt`8N$bLKp
zYtF+=lgG%wM4D|{i&MtF-j3oA+mWxv4dY=LCK$_|0MESvf}uGR0zB+J-p&cfon7m_
z$jlaM{pZv#t=f_y#+OKv_pEO33DG0u0ku2UB<)g>Boe6{t-E}bD@bopCUh0R$eu7d
zyxfxk8hs5&_<@;j`a@e8c|!W<wRA0;nq}uHr0wje%fdlPU%*6bOfwAU5Y+)X99E#W
zW4D2u=%v$rMcWFlabHJrRC-#*Z$?y?!UEC<`xPJ-L#o4WfMzro=5#asCjISHTzHv=
zE0IBkb@<w|5#(^Msg;%5=f{Ic^FmL>y(89{GQx{q;wypt9sOn|tV$Q@*vp!Fn8K2!
zRQy~<$fC0;msy{>Adsj_>a@?jM@n@-#hiH0R?m>UU5%WbiD6_j{fn|aMJVj7{~uxE
z{DypD+)*laph_~G<>03c`Cvl&l`SP!J^kD@;n~UuvJ(efhIhTJXkS0t&ukW^j)r;?
zOr6QZ>SAtO{z(2&Y)p8{QIsU^%a}-P9Dg8Zr-oQ{)=1)k-n-SAS~%~JF>;|xpVB2o
zE3_3ly-uJ<ecK*2<Cr9!2K;cu3MyUsqK@=qRYELhPIP{=`Th@T6Q#IjcNXfTL>QUo
z$1tYYMBhu;+%F!&u+-Dex@ABWEQz7e-@h||v@Jh4VaeZjSb4lEM(%jYO*VFv69bS}
zG@+4RHzN|(3|}16E|2PI{f;M}QrU^+?<=UesTR+!Xg4jYEt)IXI$g`-Bq9p<be2-s
zv*%P=&HV{2HGR|HF)}U)@Tj#^?)5nQA_?EG*K;Z_&b8FzhOk5~mt<1xVJ){a))Xm_
zXAbHKd4J@7@Ksg0Gjm>ru;6~56a9381c3bfRl(lz^hM@=rlL}v@fGssW+C!`C#ZaX
zZ|&+P7BYO4{d<7va_ihB>4UXN<G`cnpC)A5{<k1ITaDr^;x2AvQi;g$!lo9oheWn!
z4m^j*HxjV|HH-w1@mdwLm+<b>p-a}94?}twvZbSuMM;^tQ081Rex-K5$(jMuGha*P
zT(85g2M~w?^H@z@c<E<njV{C@1u(+j?4j`M;y$*De4x||5LBFz{{kq#%CFVeeD>6v
zV&S`WoE<q+l^@Z-{&E0h&q!5tCugD&m~?s>@jwmgw|lTy+nkk#t}FLML6Iz$p7bJ$
z_R88`XHnKfDXfa*FEe#`J^boJaGRQD?tNQgdYui=436=93hKK1K+5nZ^K5WzF=K*P
zfH!o`ytCX{JNCHQ@jR7+_BE(cpJ~|jcE*Ee6es7(CYR#1Y2vO_bn#3cGrbr8Et=!q
z)%8UMMa9i)PH){dm-y{c7$c<2cJ%Dl04n&+zb0_t^7jd*z(;VrZxS5O6jqBQe2WTg
zAcEf$Y_x_)2TKqk1c&oXxgy-(UMv#_zg4*0!D|4H01}2ne0RwMv0j2BQt&k3cMxqJ
zKSqP&TmQF%|09+N?kc5fb8+WLELg={esiDQG$&QSjcOa)&|J}xGP>pdzU2#>L@#*b
z&moZ36{F+BQ?(=7btNcuUN7K`T46L3;xB7;X^j!*?uHAMBAKP$^}j`ZZFoMPx0>PK
z=;&wEnar4{>g8s@=|mcsYm*<h;5L693KXC+TyzWd_dG&VNH76&T09fTw$W&&WFgC-
zZ<!+T)R*!3j~VW4sRQEHWXcj|Y>$J&pN5Zi6w-yoJ(R3NBDK~f)ipSpX)TpEzWM)x
zKR~iqA||PDPD2)y-zjgl_K;bXQfj-=3aYF-x{Mxa-U|W@L{N9<25*X7a`=}U{87jC
zYXW@VJ-OfRY78T^e*K2YT;Uv}8YJ`IAWIx;k9e*|eYb~C{%g!J$@sF|Cv~v8+5;yk
zV|L<JNSQ^-e4N?iUs2zX&8@Gu=66-hyYd?$r!~Pv*PB7qRh^smXXEH0aXZzAgqawA
zWBx_B7hyeS>I^2*^_#|;%Ss;iiU1AnwqF{n#wDBvWqe9nycO7;IGaaa<rdQSjo8~u
zv*wjhV@fj?uWC-IO=Srs+@YVJMMj%)mQHRaS+r@|8`|+qeK2Jk5|tHVLWUr36z0-P
ztHr&vM^9rzen(O?aqTKDXkAVC`1(2f%LvXQ>%+Z~h+}bYFmrS)8&qEn@;W+s)o9*s
z?&T{m8D-EvbBwfgOs?NgKkQlXV%31(8TwACShDMiUMu|6*p{iP(Lib@JI<MTN<&O9
zPm_#X9WvYDQBn{}RwCtCWr<li7_aH55K+7=EERpGyEAXtpB?iMQtS5n+4N$S+O0#s
zv_$(KcKPb`!a&*o;ueuvUP-plFd(Qb2<#IM7-SIDTz<pOXsb}i48jS+A=_#+y!U6H
zA`@a5nq$Q&DH=)pQGdj$f_69f=TaySv{iH<Y(bIGaFXu$Ni^RblF3P@GLr>hS4|QX
zXCw=TQJ0mpG>`C&<2<w+ekMNg7uZbfMg_|~aKG+2#=?#VhL=MV%LA=m?lT1*L<a!K
z>DM-LcP;lod0|lzhwaqDAI%ss!QCL_?qzPRHz=~+flw7nKr1@vX_%5LCfF;dEDcbm
zaMny*_+XflQ0iskEOPI|Clx2mgYI%aUiZ64_y&ipeL}1GR{lZRd6RE<Yj-GLKG!H_
zJ7mbQQU;q;_TbFX<65fw(OR1j=<f1Ig5~1FZYw}vqgj*&U$39u56%5q-)J1^FkiQ!
zpp~$E%z{zlFC?VPgF3D;qjy`J?k9cV+&H>orR-<qwL;dDxQlp@U%<5p{x-4wv@(cY
zjf*Y&(Tb)bN)gvJvV;`B#;$o%gDo96s*c_}tw%DT#cTimm(gT8tk9aK@`zocNM0Dq
z8h6zh1_!wn1&4Dm&XmzH<yB6ys=Z($H~Ss7dTmLHI*;xV`C;TX_8^zSWL~PO`I7!$
zW_v8yMPqN!^0TbcXK~&-b20O1X~o^HU&}K3@FCwCyj@r7m|WY-y$fCqjegUq<fOg!
zM(1d9LsHf6NksF9y725u;ucfC<8UT)e5gnlh8_++=1J%a7{&jf%^-gunyPouHZP)y
z3#Y*pFb<0Sy_e7sFls@|`iINUfIz-Mq2nGwv-|u~9V3j??JL4x#q{^q+#NuyKFvI_
zRpqQ^<c^clTB4kiUtLhAHQf81SJwi%$j3eYTqr(>?Y8Dc`wXEdT{%6rntf<mkyg#z
z=jF?C#ZCT%PSLGj$kT&0jvUrC2u$tecyx9uV%Z9f-6BqPdOBz<!M6SIZ{Gr#N|IkL
zP#wdY1SilOJCY!(T`6p}okxi}WO599u%JudOb?ucAF4K)pE(`QR=Eh3|2dPjg#6pE
zD3GD^RXEjh)cMAf6e*A?<O_lE=8MT*h1BsB1kqxT><kup$8vNqtGSP*#`EC(;5Q5h
z56&W(r71<({mobz>F_+~CpCp$nQUi|<FKRD7#DV`T<54%{SVqE(n(Z=;pl^zdTV&T
z4nD(qnmj^*Zxjd<Om%FI=zC%Q_Y`Ej7G|%muBtbljlbgF?`3-7Sdqcgf{lwH5<0VK
zvIm|o|9n&+02(SYL}KSIbA*SL<Js;Q4K+GQdYE7E(;KrCg8iSPPvKEKp#r?~F8Hk9
zJBORwo5uqA7DX|e^8b8NpyVEZB3tb9KkyU&-{7aNj*R5Jg2975QLfO1sf|o>HvOBC
zG%w{n8W(s@j|Me;gToK=#>uMSz$T7I({GA@${|85I2h{wLb69N6J83WEc=URPrw#c
z1H=Dq^3RHKBj0BS4vg`<;y(6%DgBoLaeedRHciIuKT(i%@9-2VjC1f*Jxp?2^slV0
z@%;USpg;V`h?yarPGRDEkvyvh$2ly?*+YNtf}c7%P(?QN00%jQTsdYs7+-79`MRVD
zb&x>LmyFX!E5LYMm3#J|U*Hc+_~`O_(<qHE&?D2oL2x?ot!1B;+|(M5TVk*dHh;l-
z!Ss$>nL2>!GZZ*M3<8p03Y<o^t?3Q^?g!X72IrK8WrH;d;=d#T;J*@c{;yA0`2X!_
zeF9wsv%r~mEpi02i*c+iQYrf+6F4v~!V7AOD`I(8o*h<B-)c(*J<Id?HxGCBq)sD+
z?K<UZDOu1y`9%NpRu)uZw(?}V37~KAe(vW<I-zk;RT>%#XipQ>*rLr;<630>uo_W`
z9r+sh9o^h&=ALt|DzWxUaJvS=V56|%;0+7+gA!=y1{)uVSj;7O1?xiSV*vPeBzvcY
zoE*gUIXi^YbfQECcW&u&s9jqg6kYC-e}1`v>>dg`wnB;^jvl(I=eEior`Q~ZH3s8l
z+++RJ-$L2Yz9W*yeREz^l(-TVOM?>A%hlx>p#tX&&V^hL1Sjj4MUb2ETigkhFho~U
zt=tl&e;oR640IBqe>c!E|3?OTJlX#z26_^<Z+ZK9sKsoSL(J{=`8P~{6<-IYuC`pr
zV(BjT+oM*yWV#HMI+uRRSh%*E4J|hPTQ!ft`sNqUkW+Ky_}+f%JZX!!e8tO2mrW%2
z<CTZOiWnM#Z!SCGGpi>Dl_yO?v6o*~6KWQ$zv`EiX2Z=i$BfCXE~$5?J#Rmcpn51h
zbMuur_QoxKXEt<e-K|}YS?VP{jE9$YTjokisscN}bWk`gfU^vQV6SD9rx_yJT)tA+
zco6MKI29=oXk1k(dJsUm=0;N;6_te)=$om2|53kp$qS{pjmX%^v_9&_H_QO(hq+YO
ziM1gxB=GjgflrdAR?bQTN3P=_d1Nhyeq#Z(;ZA$G!{EdRmapwbo0U}^bh6wv(il8E
z8vDt*4eKd74P(+$b_pg1rHLFfLc(i<-|`^o)%7;`^@S^ZR_DsI{ox#%e?fM;;;U35
z=Cmty<Mz(M|HIx}M#a^%+oErPgg}G@mjJ;nKyZiP?k<hHyGw#gaCdiT+@+D=?oQ+G
z(0IdX@_l>XJN6y-jB(D7^W%*Dk7lguRaL9j)6bkWpIKWq@hTh}8g$}Nwdlu^*_E=n
zYcJj!WA{HnTJ5Oa^IED<lZQ?|>_%qJq&pc1@RRtEdS<>?(ateVxUM^Y+lVLh!eUE2
zoW%XGn)c|*7o~MfCbB;-?UMe>6_Zfz`L7o>s>KT((c(Er>^6jVZqo+Mq)Du_m+DV5
z>0Lb}*gRmgnBbZTs(H3;{5lvPqFt=OGUpIh@?VvcNmPl$p=!c-tGvon!syC{MPH`M
z&r`G(lqp)IUD`+r`)?}kkE%E2#JzeJc-Eh4T~8Buzzi%bOT+Wfp!R$4sE@JHkk8n8
z4FrR13A4#m2CvlxK&J~sG<X)aeZ)IQqHghk#0RIXYTC$Nxg_>jGy4{c;av=};v;W;
z>j6Sy&)^-TqF;kmRbDvU5oUt@7MU2cI=9quTuGPrcgPDNj-2`Ac{y8wF_iHIMW}4)
zB)A<wj78D%>F5!?2AbfcV_HV3jB)$2Gi12#SQxfU?l%%Hl%OBr=y^Zr!{>VSCyJ>l
zdEEhHDRy&r^!-Yy`j@jaB;6+Ez}IhX%ZAB$$4JRVCL?=y2K!`uj8Uz|=}KWM^<QYn
zqv|&xGyLOTjE)I1met2(N-`lv7#foDnk<oHv^m<zd=}q23RxY^izSdj)?v$ZJD~g!
z5}}mI=BWtA+p*N{#C<PL#o<$ZX0QLl0TiL7ig-7Pt+h+LZJ+1N5;l!X%jzf`IbG$(
zUR5goBKX{wAhoVh$Iryr<4gD?OSnTI7#vDY${?t`8(d!U%=ojC49)M5#t?#$EQ`I&
zc~!1YhyXL+fOA$C)sBgQ4l;|zhX&^ZGfsd<(^757{8~`KZoxqmbVfyuX3~4Zt!=?6
zWE8>$kE|;ZkL^|2eVz4?cgc~dG>J0dDdI6S)N^eL;;EwfpgG6{*XvV|SNQh>kbXhx
zEnKcM3}l(%$CHaTFPoo1B9r-Xjr1&<xhC(2MY>t)LewE&Hp>|(KTFPs>N|&83`95N
zYIHiX!7F~e8gi_v%3syag^ZPuD5ci?P+k(tNe{9JJwmPTWnYCQqHn}uIB08Os(_bw
zVi!p#vrnC)fXJR{gkhcQK-S2ok}LtbHX`)&U(uPD8W~L@%}D%|+j?s}zm%l0?-2$w
z+t=V^KIiZEC(Y&wEkeXbd6(C}yyn!_&Hw+w*~F~ksaW2ydEl(>3|6%4n>T!SvrR!|
zE{2wqk5#O!z|aZ3Oy`{<bDC8-M~j;#e7svzP3r%EbB54z;U!EiSW;8}sdDH`GTo;`
zi!9cRrNZmoduO)H<tkOpyk_tHC5ijF$5{~+4mP{%%wt+2i1FZl-*s}QffyB6&&MRv
zcxrgR{$d4l8wJ<zP&rw+xlxjUZJ}#INdv*%DBp_Y;;TIADo1V0Jc>v}Ag<uvfy26k
zq^6)rJyx3e^qYLpCQhR@0hKadns}qR{KTu+0@?b>==Qo_$9Te{IN1TqR=o(yIS2YP
zo~J`Z0b#2&t62_*W-NqOct(=jse}x&*N+KrJj^9wb{k)H5#gMZNhBL1@7>pV|0fu5
zsO<lX0U0>{Ul`EQD48RR2K!fRGFynt_4$#UO)nNjpCs$??UYR+Lt&$I&Et<eho`HB
zLn+eQo#I}%b)w<Wn(MOW`s_|cW`V?_I3CT6xW%<#G#O`zUrot+cgFZl(GnXBz^25C
zaiEzyT#bBDZvIAarNWJP=iDYhyOL&icvl1+k0+$UW6d}+>qBt<(V>mt3cc3!;r};U
z>;fF#*TqW&3{F!yY~Nc+pH3x6U_^`Md!^&B$~jXdy*{0Q&N3N{n~Mfo-*GX@#@~;R
z=7mE)xXt&zTE|8ZdGl%r>|HZd62MWp1BnJcr;M9%HZdt$kNN?Z4-#S~prNc5Gim$|
z+s$%EttJ`NPL|iaOj~+O$;iWg9hEPTGE7e#jvrQ7@v}qj#V5@PrGxJU1DV43ViwY~
zzcO3Fm->roo`0TU>*{M3OfEYc)xq_0(R-MJ@Ivn9pU0Q>KLcUvT0ywemy5nn!+?_D
z3jEpM#2XhT#{GcQ`oDCOj>~7}>3=!Z-9M8&!z8u1SgwdK>PWpGy3<ASS3ZOIT)pa~
zs2`LYVY0{gO&`|hwWF({Dg!McVqRJl4Ez@@B{m0wyT|iN{@zo2v6FA%l3WNQ%&`du
zBjh-oopC>K5ODZmC;N853;sk-EDehdt3ive&Xx$36@HonY?~JE1PKLE6a7n+$^XgL
z(N(GV0N?)?Kg+ga^yx|qn>l*s8^m}V+`q#=M%a^bdrRoY|HJB(;lHsXEFJjYg3fD-
z(S+{7kB^tnRkCT7$S(lx#_xyCDM&PYLlN5wIYqV)<hm6-O4wp)A36B4*kGkUfKclY
zHEt!M^WuJkzDCEV+s*V*I`>$d63>4jL72@TvZ{wD#S2t~ulatff`YQ@KkF+-nzFX<
zedvrRjWmR%@ooO4b_f$;Pycl~zTyl1RC;w;+|P`d64J7Cn=SF?U+jV!+M2_RzM9{U
zv%f2S>t&^{zJB{6DMxr&_SndOJN189f&RY->29IQg&DmE?ynhcaa1urOJ|&rw4vlF
zTd~YEEEmW+v7Gr3eu?~wRX(GtwCUN}%Qermn{kiaRC=nUD(b<>px07Zl~d9#z0G9v
zYtGAQWQzupe$dN4)B9agy^xmqbE%W?eL}g#FAYJNHSNsfdzTAdqgf0}a}`=IJ()}p
zazMb&U=88ZNgLmcdXe6F9Pn-h1VwRbJGEKCJlx#Uee38W%;jP-qAPU;R*^?zM2Aw2
zLGjrfLCs@=V)BB}6W#O!{YF=H&3QfsKip=Tjf@N<KWcVtg_qi#zuMSIuHg;;wkq$u
z7FCCu&*I-k*%ysy87ZUzOJJvwp5f(rd2T~KVhfL>ZeT$FM2J)+n=V84=63r{Zi&dO
zKtVYus(sJ<CiF!_8+s^oUnR&Fn1OR3klH-~_{=%PipTGlP2BO!SzYQE>mN)O@iB!@
zgc7Dwwfwy-uWo02`C@Y6aemj&tgeV6&tlRmWO5Y~vGIE*nhUoDY2TVsOgsx?=U+A$
zzWF)-MZsD;ox^DP1eF~Q`Ip(no|bLAbn;Bfy7NKg@nU04812bg(;J|iyo<5LusdBw
zct}gq+XXFF(UU0Uv<-Xp^jl#s#p6!)g2hW3vn69-`GD4RVI!Neps|#e@iower0FLb
zGR<Nm6FGEJk=*Y{ab7V7wSi&tJz~kf<*cWbfyI4)<*cuUw%jmTq{}mCnSR~>)#Xa+
zLZ8rfxf*ZZ>sW=VfQp*}uiCxOI!;_>phewXL@d9P$y>Y)cHEAOiomI@oK;aAwK-EP
zoy@0^Au_qp*{i-81}<FXgZjXTU?lc~>-rvDOVNKzd96PQvZ;y*5^cS>bYKZt%G|}^
z`Pa@P@O0DUR0)m+51g>NDVM}{Esej}j^Hh&EWtG1U`xekr<&Z7^8YlM2%dK8j7V3m
zASX}`6;|}3Xc_;5zYJdxi59lRNTNMfWcg7O=QEp)rJ0?x>ke6<gzQlKPW1<*{kxHz
zto>Cfqy`)olU-{p5S7`Dm;A18u~~1~BJ$-d-4ae)p+CYm@$ir{3R?9g9eOi`XfD+*
zwCXVT<yie$3fc_M{DQ4;_&TZM`h>7_EN$r(TELg+TGzoF7U791Ds^hmbkcTgay{WJ
zQ`ZVeG3S0C=J(`nCl1ZiU7Q7pW+XIMRRa6cbYl5asL`9;9v$;r_YmK-mh3pHi|)=i
z%>16EIi%ZiapvTl+E-%=(>MXSx^-<7GuQ1E8H$AbmMg_w1!TtPIM95v_c|D);^0`|
zNI&ZPYA)H5oNY+`-I?@iE-It&=IoSa=%5czp8>zdFBP%rLi)+++F1N@kk7MjX$qkK
z!N-bJ=ql;d@VcKzcapuzOw?;_FJ%ea@3Y}WY?=D1>n>3@cB8;Oe~p`klElYj-}u^h
z8UOb2FfPzXZJEFzn#EyQSs|~G0BFzSA;Wp8Dt)7OxGJxpk)Qo@qb`(Db5#R`Ri->a
zQ5*r^cvagF7A^{D9TKdgX_5<cD!lZR>1raD6`JE`IUuriJa>fP^cqJ%y1<I_=xKx;
zmlvCrg9F`g@(i1DLl}@KF!P=QZ@dkU%e!HF+GWM%+1qe*5^RRq*#goy?<xUEJ*MTl
zOk03gL}%N-o4k%CaR^l(GS;u}-RCiqKAOZ5;C*CTx*`BTa)TUJITwt2D+azwW3ECY
zM4q~$K~s(?s|FsVTis#Pk}E(bhXikTO+R;V0~^O2z{kLSH=S=~O<^j>no8eYs0Fy_
zbjRe5JtQF4H$47bdcaV3QN^)OOVB}W>*#C`@3M_hX0ph+vdK1N%DXlc<jw5WtEVF>
zV*6fW3DvI(pX~A~z^@E{7#&WvpDgFtH=%}bia~uu3%#Ifs%RL8Au)QObn+|Lmotfu
z>W+)%2&qCt|HfO<Q>|T5rDgx3M0VG4dJS7b>Rm)v2R3{x9X^3U^xDwIpyEP(%ybOt
zVQxAa+H9EL_kYMiBe80Z_%~*086g2501gGHL|%a4kt9em@S*GHoCDF;?a9_W%Ye+P
z-X)wM+Ei<=VnsIAMFy}{ElJ%?T*VvWAz*CFJ3oihPSBj|CR=P^FjsBX)TDKlZa*?d
zS3o&GVs{`p7RnmWh6V<wTv;%R<<A>#$<h<K<yY^F+g%WEWT11<S%G!XkrXY$xBv-n
zCRu*D2M#P}{j^In*}vLm$jJ?0^C51R`h{7S6Rwhqn)Qn8Uj`iZR?HQsI#Y2{BBf@3
zT2n3hXZFLkBPx=U`uOlE7So-|sCjiKAREL2aPZtc<%QCb`R$J^MEh@0mt3IT6U>HS
ztB}q|*V&#dmeDu4hj9P$-H=V`lrgzjd^b2Ayzu*8n=ufaFqzUh3jGSJEu4yKBbT|p
zm{z1|`!-EoPNf&G;_!oB-gu6xV=mR>6Z?XT1m%AEkyIbHB5%Cg)x`7cT!4CwdoO85
z7~R&LvbUmwWAnFXS32msrD`VQM;%Pktw|03OJAMPR3~Pd20%qfdoI#Pk>aE=;W4-s
zqxT0aPL5d|q2hpbEk$qXH#mG?p{?`FKHBUJ7%OlShbF)F7(ih5z-V!pL48cd@UE>`
z7AZUI<l{Yx7QU0CQxS)w`>W966g;ZxYT!628Pi0`=_}?p4j=ZZV%5G3_a1%sS&1u4
zi|Mrn(e$J<5&P}0L<3G)VTS3DCsvwu?3609H=4anORqPtJS2)0#Q*5OyLu0A5b@18
zFPY0MW#6fx;O*&6^gqv`+)--_^kTv3>2I6r3|B;atp8bUjZ0SK@=1f&Bdk%!rNjj3
z=*^aCXO$PaK*86euYtuR$IqK&A#k0+KjCJ7ma2tnAe5Tw09vz@N)PiPv+n!WRyrMC
zJuCVx)wGSY)|ys5&+cxe&ZYJ72eSvWLnWqdXC>1ZwZzI37?p6LKgE8Ce}eMuZV|*_
z>%SGhO-CVQ+)Yk4$+#Qcav^t+(OucD1pR44<vow*n?oNj(45^~+N3+p!O*{Nkh~L?
zw%T5l<{Dwm+l*A7q>QKd#g(DV-X=?_(_jfcp~mb060)rVC%#G^y0Ao~eYp96k1^ss
ze;=e=*5}W#G0Hoo1|?KTWWv1O&1k)9MmzXjhIg6Ma;asL{?r;OKGQapvm>&#6<~4h
z&EvKd?of*`1I_xOhs8psfh;9Bpd_rQmb9M)4V1pnXgInI*CEvRl?{3wi}>!&!goS4
z$vXJ5OjXHa(jS|EE3-~J{sX~C69(Z*e9d6BN(A8g6r$OHEUl}mtc;R>Fl`yBWOTNH
zjbQ0xa%!m}(z{NA^UPUvfA{2nGO5roH|X`DT8r;7^7p120ZHKpUC6r~a+7V$#GQ=W
zuhw_hY1FZ&|KN)b9+YTuaXL#Vpm}39DlhkQ)%x5arpltPP`00KP6%pH@DYv;)3il5
zFd03SxI6P43Kf%^TH%mTN#f?4UtROIkdPfe)Z{lHGbR*Tn^-POPCVjEkR0QFm@JCs
z4!ai$-$@LOZAvEwuXiJqg}R0RzTWhU?;R%5la7!a?jIZ~3=-L?C^w7&OK;Um-9$yC
z&H9Cs<q?e0QV#N5XfKnmXr<TYPaG)8lZPwiz0Xy1PYqchan$?7b=577d3N!Sc9YbF
z>J~^eGV#xel65XiXb_Xy+rCQRHUsu7vkP7NE#u0)OoZe}la^MT$62}&Me<h-=xfZ)
ztN!#0{LYnswj#+P!Qd-bZn8R?*2ScsR&)Ju*01F~ncZgO)4!7)it>Ur*F-Q;=rkP~
z&r^XX(G{XK7&rqo$a6L;XX_Vtr=-@mf(me|VrRpJ7T~Y1qaB=@4thUYL0E=*<zJCV
zzZDE`o`I03r`FbfV{sE*Y{yS)5(V24j=Ybr_BTtWI#kIoBT?)apFhi-+df)ycGD<p
z(bn-_9D6{o;Z%z3W0TNsS|I%7YPwl{j7QZYA`6INA5>+YcWpru@w@tt%CRen&1{{t
zCRY$?-yq6)<d)#(cul#jpY}b#I|cJbW@B;7h)PS3e{Ir8vWtu94&Ui9EuN<S7h$wZ
z4Ca)2WV;}u4(|ZxW#W6@Oz+oYmIAd063e9np<azz6<-CvIRY4PnN(AdNOpy4@^PlL
z-7}tH0n6HY+~V}Jo3eO2FLd%`N$ssDKptvt_C9=<$xBIL_2+nRhmZHh?{vic!qJq>
zS|@(u=YlBza_uK%tD#_Nz0*Q3(K2vc)`cZdw0D)Ugl<LA<wM0a$#~!iF>b9hL_@wJ
zLjgXQM|PWKc?GHJ<f>Nq61F(|_rqufT%t$g{VK>lT}sHBx%W4VS0z~}MYC<@$L*Wx
z$evK;>60Qg<LWg7Ncdyw*&>!>*hc~i6*J#OPOy17HtuaHREJEM)1(5$jBaK24dfe)
z_ODErJ14sb6zAR$E}VzbSy}zyEbeu3VoZ&y4I#{xaWz0AFO;W{-a`sq^!@4ftL_+g
z0rPxvBYz@woZOq%R#L~30UduuLpt67S+k*8kG>Iuv9vgUSE`YI8hh(NWqOPSmGrdp
zyFGl6h^&()gT@cDX_O8zegNNnK)6ULM7NnZo<Uo+A#^r6L@Bqcu8%G88=&sC%3kUT
zcZOx6cXOEa++aEc7(E&J?vF8#yQLtdF3T%XCBss#O+$<T>*!ZwVqOr|S7~MMMzMeo
zSG0I(^yWg#<}gx6)4C{tAL%fmUhC2n2jNG@`rG*@^>;ys#BgvgMZgp=ddE5Dmp~E>
z#FoPj9B9IL&)5v}J6I!yL0cI{xwmKtKe8}jd*Thg{32K|x-`xIAM^$BH^_Rh4f0wz
znEFuVd;cCWj1G#0UBor;gGdU-*{HzEt(TGC-~eES#<r+1I*0;?(jN)#>p1dDk2=5R
zhQV$p13T2<h!j5HJM3FEUcI8Ur@=OK{0!@&IP9Wy!>mu_Z-4%vfgN{X{o3z09qe}O
zNU%-&*!SpNux~Ye4eMXIZq$VEe-Gk+;Yl1@;T9fkB-7YO%Z(Lk5nZD|<3VC$^V4W<
z`%TLV<k#;GH~So?q#=GUmMLG?IuI;N`Y&>XZF&I~)0(HR@nqX)8={+#-ni-Y*0Rkp
zV!DufL=>IP*RoBiCHgZVnz*udB8L8zPUNCh785h+{bP_uj3^TE?pn?nKwf&ZUm>CS
zL2!%kZatGbi9Jcv?A;xUYu4F-%8E*#Z|KWC$F&eFOZ!VG`Lv>0$;9aO-3F=}6rHQr
z`u92}LFHpb#vA7#9}f}To@zc|Yk!i7?Nty}SXXNk^~~$Or|W_G;m0oX>M%c(Z(>Po
z#By|{O-bq9zR+HaR+Y2ji+7n;gOnzn4nBPCT<99`h)A%-vr9VuE%b3EqHW`Cwm`Pf
z27~F*Ct3BL_M>kJ>2<OJ#r6&o%f>9#7m7;-v`C`>K5Zp?%QZ<Ghn<cy{%^aEdb8CH
z#=-48titk*cWXomgijB1Nx-u~8amII_Hc%MR|Ug5w${H>5{qhzDa@Px^tA8z;Zw!2
z`~&xl%fr*{!YbRtz$yW!0mU|ox~D!Q?g0K2RB1>*G}=f`2v*eIT<Iw_5qjM9!Kc^H
zFE${z0qWYvI6FB3ICgM9Ij^UlGu2+IJpO%~cZp$RS#}t{YJxs)aU(Tp4WEjfQ2+{L
zal~*B7}$M}hmHMmy1W``!)$x684I#5a<a}vSs}b}={3Y0dZ!s>7kyReuZ4F_MEQW|
z7qIv8M+e7S<}l(hFM|mwKQBYF@E^siQ=dz`KIA((EPb9aseiwfQLI}gdApUo$uxDt
zs}h$E&y@4mUf|tJ!_1*ELR!>P{{-Jp9upc#TyYJXab^afu*;hMBOZtCfrdc2{pqW=
zls0379-P>1pN0p4Iyr840p^n<98m-sSXjCI1e>(gCc}>n(q+7RZd)Ys2WU^qG_#z>
zjMNQ&Lnz)&#j?`pzv3gK4SKi8I8HrdL|m@B#G;+Fh+qNdAGlGm4gzq_2~`1}L+d>C
zY4-$@Pod18g?+h$?>C-y{r>&~N(ICw>Vqw*m&$nKL3>N??lVqWNIk8H%L|(fYgjLl
z4bAj&Z-T^+POD92y0mb*!*oosNs1f`nMYV6zusiX^xX>=n34$lVX#U7gi#ztiG2&i
z<|7hRf)UuZB5>F9b+#gO!LaBH6LiYLv_?KVrm#5o55jL41CO^02OB0#q?8GZt53rd
zuu%HXTWpGdgjq*ltH74$r%FCp)PpAHz682Y-(i{-%d~f8FK>#j4=k`gFp0jz(yzK{
zu;%PoYJZ>E6D&4fn?zv#{lE@uZbw)7cLhRWmJi2cUuge+u!CcLk`#nMAPqyO<37C>
zrl#LlzyAH^wJ3zeItvO^WUp4PcL=@-$m0p2QudFM=Od#rGQ6wWaKC7I8qo1;VfwRi
z_qWq?d_@T}S|Itw+!h_lkZM{NTI)pBm@h5~t^yI7W27Ro{2fMbqimhdV_cmQqT=e5
z3N4HKZw|LI^dl1vkQV=XAW%@Ot)GyqPV+Sp9&*nsMDK&6Yb{J9gJzwO>R>bVqr)7o
zR>8V+N%xanDdI<rza#5~4U_c^vdiD`!?q@>XZGa&&a0&qY?chNZ2t=BRA7^=8UEi*
zUM8^@0XFkii<N<aL98D?o&25H2!w+}!k4+$vs5^$w`?>B`l#$unmWym{CAr}@H6b;
z2K#p<AP*#j9&H{gJKdb5mzX#A*DCpp)4eQKHPN5`r8(81LcjBdIZ<S_OQEqX<F23H
zBJeanfaxmo==2^0{9eC=+QP3tQZZ^d$v=}&Srq@YD(;^~JO}~l%q1MW|GNra6_V=?
z0p1n9`L*`)fU|mF%T?3!?I+l7(?4&EU|9hJ#@{Z>!~VoKBK^;Uj}ZU+zkd&a`oDG_
zY8$BF7J8Uew}`W~M&a%u$8-vJ35n<#G{v7o(53dUX8Xnr!!9Nrn)0QF6B*)J)fc+n
z({-7XPk)FkEnZ3s$dG&g5^pVK*5q?H2Yrz77QQh}Z%2F}TuyzyJAOiSN^j=5RPJ4!
z*ms$k?X7T1WW97^Q%r7_+}BE>uduMuDmBA&@_+Vd*J#KwlAgxbYPUU#o9CH3a6Bab
z@bW8@fcBlfvK~P44j#LuSBIH#F0+Jyt0#8yf@Xi=;7}|}uFYCS(@|UaDVp$Uz%RtF
ziBW(ku{&|D<}j{-x;RwsPs^NZWhIij_iUYjN_lZ0!pn-EkNatbp-xfT6}~%I`2NPY
z!GTG}Vi==D$*Hpn<W)_}1d5s-QT)Pfz~9yS`Io)=NYBw1%p*2!P%99iZU2qVsF0oA
zzVSI8k}4w)iDC#-X~&SBq^BQHuR6+YD-2az+hZ$ulgX9b4M*W~HCr*F1<!oE$I9Ou
zhFG5m1bax68%TX&G`x=?Q}phU;FEOoVe&D%ThhUTVsk@t-2klrkxOaU@a5VC|Lw9G
zf7Sweva&U=GP|e1+CKgg<+oEh?QM+sl3R(051#v0boki3!P{wc!y4DK?<X4i3Mi4;
z2)X}Ubo)HxPQ}V6M*y^=lhb>uYp#nutA?*!z=v~ev=UF({_OEpXXDkfAMNh)yPvzR
z0L2zK?FY<6d^Ou_lCuiG_yviFWQ~kY?rsC#9SzT(O(8lA-kEPNa6HWKft2FBV`N|s
z5ER0!jzJE8e^dj1IB;7qxbG7-8CmZXq?x;|yC72GJk1jBx|Vjw4q1q0A%?rLx%4eo
zI3J}g1q?;e?6qf>_-A~H9SL4J>@LT-TkuE}vQ-|WF`Q}YbK^(=E_i+8<1*O)ga%aF
z5uxXlM&C6#Us$(+vRFM&ggf;8CcxBE9D(DbXz+B9EZT=C3JLI9@0eg)k$}I$p7qb4
z0SGCA(duH;xBS!I>-AUoI>rjb`j1&_bc3(S(?fiF2^Zp69f~Z4?YqW<2U2G=aWF-O
zF%B6G90?iP-lu*lF3XRTKTSrOc*={~paRL7`m#ZDUUf=ja!lnA`xOF>Izigih95!n
z*$qf^$f2WSql05I?|zXU!vBHQh5ej)xx2+5fPjhp&_IqX?}8-#W<lV?c&^Ps?)`9r
zH`>lO3GpRQ2?om@*O5i_bem3#tRRUu+wK8FH0E);%b`n0L<*}M%qqPOYiUeiAb``s
zQFgGrf1&k$1uF;jDR(MLtj3g01s_%n2g_+vemGE83lO1xNGWdO+hs8-$_yruS0Oxr
z91TADS@5~j$SBIZ+#}bh&RoyK*62QY@*w7&&jU%r=i#^q<le{hA^K*3wtKD+B=<u^
z)$<oMoSOlciz4BNni_kMS0+f;&<N8!Oe^-hnSSWm`p_k{eWWpagkcu-Z$XAG!>^sD
z8VVC$_`VxMk0y$BI32=o#`Yr_0i4wrFxSunMMY2DZR5Iaac!Q551GTWCx-C@HZn4^
z?B=A)DQW4FJ4e%L-zzF6b>=dtfN8w(f_yzbp(vEgLx=>t>`|E8)#j_~J8XTY_?J&l
zZW#YgO38&bM>7%#6kzc}_D2@SZ2zMbqut(VpRJv=w?VLTZoE!ypp;mWR7hx=5!I>n
zC>D(i?Z=4*NL-|F5oWz78HrhY1$E0kKeD+T`t8Jo4R0EU*K*QCELQ9DcJ;m%hcrWb
z%)ZVQLT!DMj`XeRw$!2oaQSiWCNY0EYKIPb1n{m=<Gz<g8Z;fcG?Eg-TX0+(%`gM@
z!?wXqiGQ(PDWmyOt5#q@4yahZFFq>K#SR1r$VRIGGxLz#I$faJ_wy}7d-0ll*hjQ{
z?fRpK`@)vP4^2Md_4Tisv<kj|COTGBJA{aHhBU)QI4axG+QB*o40t^)q+j(xSsI<$
zKO<*J%g*##?Md8_?w^WyoA*Ax<U+(%#X~)4u5~}(hr-^2S`9ebg8q8)lSIew29MF3
ze8#&vu~kvOyn=*<pCy_qbPp5O{#Hh%g!~+$WIX>I6pk&+HzI`ma=^uptR^JpzVx=8
z2%M+C86pcTfdDvYP0+v=oe3$7>FAXg9ENocC=R0@QZ_@iVFFKf5?JQQ6oIS%29~T#
z!&2(GFRE9_uw)4b);Qg6`V$lE^{{}IU$pEr=BU1mObpiecWz)3>=s(Fu(X?{52FnR
zzhIfZoT14VmX|X#)>2@(DUbuWhXHHMgj$(Nth(BS$71x9gkv`vjKuIawZeZpe`*7Q
z+U*Y-sB`ek-YsRTn!>&OPNhZvq{X<CQC^wY6fPW#ONhI8##0Is1qhyBLt6$aue<s7
zlcN8EtWV>pmHEVk92!wRf~@8erWL%r$BR|0R*lAcnIZ#*H#s6Q*;f^aP}Sk!?8V;H
zjF^>vuGCl^_gslRym79JruG%CRET_PCSX2a))Wh+CO;)%;12x;336%raTn7+hq5Kg
zW2r*N6zd6$qanxNAZ8^`cS8>sPyQO3*m2SZ<<#5^zRBXxUJ{C(%5O5ES%!bORzfk7
zwi^v#1hvCIPUn)hB)H_Opsvzqg#g0?O{V9C`XcFpX8Cp-=kd~smE~+x$6pIyBaJ^V
zFtGz43&%V3*Y`Kbp6^el%bD^cM^`-^fkzXvk0@lu-|mC&0z7W;p?o&SmE-Xf`b~#m
zT*h^>dmO%i2Wh_3r_1Vz80y@ku3IE}D-In4pp@dJAy&~!{MKbi+EAp|Bj0H%iZ=as
ztGnh)pTd92j^d8G95Yg5GA>+}`#c6Ai`BPVA#Y7JithsPM#f5J0+(4T6m_TObmZ`;
z8{~!++e;KPHSf)txpPG%c{H?u=cE&A->&uYvdC}yT&G4cNn~`*&ER%k&n8%G;q`29
z09R*j4wvfPrUO4daXLH|X4cz0Ba%J0ZXHh{T5I?mH#u#EuLQu0^m-+I_kFODW-;PQ
z?4buYdM@^V@R|vu65JIK;UEzBl?@di<$+@(D|AG%FAUg;Wv}R`9*AKk`e@}w)R0$K
zttjvWcIYFuj(BIl0tvleqzM9PR~k+E<AsuxlC#}`5Rq}9K3b(%^9Q3XqB8Hb>Ndf`
zEH-DGt`zj8q1C|MwAd;+?<~n{MpoAyxg~#-)TEiJRQH)=QfeXGuwv?jd6rJT(NyPp
zwGB+8FCjmrGwWRQqGouOtG9<3NOIb5^(Di7m1kysYAqMKgHZZ}B0Y`A-(CmvQfj*O
z4<Q#DZ&mV__+;#^bJ5XRSN_qFAKGe=`6DaM?Jc;i<$b*No5LdXwubJvl_dB~`=~4%
zO~>0#W@Gh;(dhCHToIXh&uF97c<lO%x`4|~hfZCrHyh1_R^qNX82mmF%#KRfveUI)
zV^&3v5)Rb>QZ6;vDQaWvuEaU0C{{9&$?xyB)rlHXpB`Wd+i4uNZbQoKpD%D6RP4*o
zwsp3a!gZ>7pCg*{E|fu!5RWv-Er``C>p;nTHe5sb_2qF1aupq%%V)Gu?&Y3zuWlWU
zI9`@049gXlWEXvER0G3)oq$COMf6Y2Sn>1W0eZpmiqTcp(SkUogEVXKjSkyG)U2G`
zQ5cyj7l{~Y?W6OJV%|etNhYJQNG%g*t_F9b0hd@-?4=<&dk@oCSl-#RW2OrD>dYoa
zD%YLD%Z;tv1_M}kY!~&kX=5YF#mpw5@lHmGk)EH1aLh)>=cx>gIb(&k6|IOG&K*>C
z3<>3%z3d`J&&-JEA1{_Fz^SoG*%^~5>>paAS8T}-$1s(-Q|`ssxnJSY*q3iai;Zg&
zCE93!SV=a=vGCX)?c0hJDaINDY*tF#Zb?JGA>%Utta6gvZA-j%lCky{4i}jA`ZGu?
z+1<jZqT*WLUU?<c7V7ME4k>Y9)Q&cL?ZUHb>OHrYUlrSB@lG+Z_q0t*GrG=rwf8+H
zhqc*JnXO8-d5^yL0hZ5qHlvk*rKy5Z9ZpCSp@Z|t?+0JBsl}L@9#OEER(+e=_hy~1
z1~=8A@4{~De{&X^P8!o{XDD)89h3!hdwx9D;bJ<jU1k1+Ebwr3O&r_eW5}nIU719$
zgH6Ch#Xx>_6!6>4AvQh{O_|p3;xY8OkC2i2zP0rVVj5ZE;G<S8If~(>)k5vU$vCK)
z$1rhKvIaZu`VRt5zTgRo82{pMkH59vAb0V&5OyGTe0&o)Cu_XZF?@h3ulDF7L;~}=
zWnP^}ZD0ZJWKt>4DW<BjeFdo=X^i|>DRuVj&HA~>4(+k_!{$l3`KS>WTSn>87pX+G
zV|kSegP8%oZ!2FTlH<`YhavACc6##56#OTI4n{_jBQN(A+;@+L|I|I0Lu2)KDSEC7
zsyw)OB5$(NNzH@ICDjKON@Cw70F6jY_EB_xnct5Psm3^II^&m6mrYBV)nP$O2UDYy
zwR*2i5}V&>r~Che5itZjF*+?nZ^BdESe_@>{SZ}r9=*HaWyo|QW&0Cd+I3`I?p*gP
zKZc9$1(_jb((BYfg8)I^^F4P_+%=ARo{s)Dxw4~IC&~+ACar;Fp0T&w>N!CH%EJ=k
zE1vp-a=Zq<;!HXrCv?BPiH0rKH42L8d0Nc~4c;lTNuBPF&L_3=TONcu)c)BUsr#cg
zUIt%E9!8bDwrZ~hAIH4YdRpXTV`90#SU#~*+`rYIwUw;Nx&`8;RBNf*z)P=GioU!^
z%+(f8!qakRk00!#Q)l9uOr-uza1EKy17x1k-wyrx3jA;~PD2lRWJ!J_E3MAK7KiG!
z5MPWpwxZNZJiL6?=**!b5;6MAu{hW7Ep|BRtXHW#qt_kJr=D^Lv*MwKIYjSfB9`jX
z$}8KHiSK*eTrQ^Hsb%9q0k3l5)y!4eJ+1fRp%m)lo@R4v18~>d>oE&Zf45}ivQs%e
zI_^z;^k>s$0?TjQ*2A|Xjyp8p9HvH>xsX1mZ?iQLNv7cx3@Wyt8F1f2ra@Bg3+}S|
zQyN-X?>m~=Oh3Lq1!6}##z;);)=TVw+>a-1t!*<aIJj*JBi?P3PB5HJ1van}@J5ya
z5I7i|x(&VWA<nXC4Y_g+)|<?3CH+?1v1H9PrFOJxU($X`!%FjVax0GkJ>By?17tmH
zbUSt%EUx`gm7me9=U5#rr>-XiA$VQX)EgON6lET~^*f^@zBE{jOtZ&)iLK1MHUlYY
z5P*BGwn<+R*o+_>gh!<orM^sS&Arq{#BmaDD85#!2lJN8lW0M{WE#TuAdm6jvkd~D
z2~z|)AZ@c4t{)n(b67hvJ9`(R-077npxsO~D^iwGQszz7ysqmsA8U=&_~`H3qBUSG
zcbA>(#!;YX2NJLH1$fx3Y=)V6n+?%Ocay-!BUSKDx8z>^`q6*qX4x_*aSu9$NfS?}
zRTZQA{d)(ZnxiSpG^^4auy`Z3lC<3@M7p9bBn;tlJ;3t6EQgv>S;h#*^l}aMB{q4#
zid385m@ORoZYo=T@i}JLcKcZzal?R`QLvkHB8Y{|I`QNr@Fyw9XW})lxhvt!xW%BH
z{*TOmj`u5fl^lM82Ps;L#<pTLGso`iY&1sq%Z4+}T!h`Mrc@ZB&AB}<hWMsLUyWS7
zBfuDOw)`%yX_3&bYe+uT$2oE|i77lN{&rp|I(d00SNfse>Tt16^XYl=2^&jCQSnkm
zK>^^gvpsR$+07cMbZ`72b+X%nxBva)cca$%+?rbOS6EVW>G-(3t=`mN;I==_uDo2V
zKP>I0!B5|cNh!;-ybqwb+T-2XnypMDWW2`bZT7k$zfZoNO&QQa(m57Ls8!4URJ`gD
zBi9^1xA*-Zjh-Up2(8F*re%yNR^7{HYVQ4Kl5?jytGRA5#Xzge)b|=BPSK$A8GmP%
zcuD#%$_3KGT^_75fgZbv{yomLnu#^nLr0YhpVOrSJC9NE`owTnx`L`{HES4|J~Gs^
zr=juhpHbF7n5r1_0BDVGAY@@wV+BV_`F5^`N`&b_AcA`HmDQY-N<tUa4@qd{4My2?
zc|%P>Eu&H!@A~Oa@uM3<Vse9opRL!k0Hv&Uie0{fbF>({fwE#uDlBFL#3su#_f<jt
z^HMU{)}09MWfthBL~!-XqSuGy-nI|Tf5OF=m)??UFM%Y%nN=;ZnK~vntcH2tsCAv#
zFxW1}b}R>*d)tPTL`?{1TKWM3nA!Kqp)|=9(`1dQHhne7GlfPE&Z-PL&X;HRH}&X&
zvYy*xrL1Yo_vg&L)pXz;FqWu;b@AYf0K?U6^)-YI@E#oINtHVqkWQ7fXjiKk+wm;*
zftD8S_72x0mJ)u)cdUPMxx2~f{*roDcm>O8>#<Zmx7mOD_<#fCbnmCUYwE<BmT*Q+
zlD(QrTJxRG&RJrT-8zgfyxwReNDrL^@?)CEk(u^v?zjY9C}1-DRW$++Taq$a#gMLV
z(Q0c?oQa|{8Mfb9oCwT4TQBxaWlSxG#VkYTk$h*fI%Yvw#A(i$@;>-!lRm^oC^8gR
zMswD<4|bA}%!#bFoUC7JP-F^C*(ePQZ|t3ADTzE+pGDXw7?MEwz2`)-`v<BSklqtX
zx*=*$)IzVD{wH!T?suH<>#~zP$Aeaa-((cSk`GTp6Lr2h%V=g*VP@hm-*eHep<{pV
zjHk#)ydDm40bTzzklr*Ub0s?F8oDs4`5I@a34h6sUbqI&E$Ev5S@$v|2d@Xqn_EI=
zFG|KU`J|q#FMmgij&6|WcC<QH>J#k@poJBArO08w-wa+2>f1D+-qe%dM8O-Z+0Iia
z;gSxtbAX=lF-GjV^$h2(#crZ9RbO1}k3K!t#Y<gqS)Wdx$t9@jkX+gCGj5yMwV2c}
zGJYf+xSd-~HyaS#r7sjVJ-Uzx9Q@}W91d|Iex;bZT6r3l&mlOBk1<iE599?h`bWFB
z$`s#F1S{aXI`kgvo919~K~-IEjXmC|Xi|T$hKlRX=1YclE<tup5R&)sUGnQT#*V8X
z>^5o<8E@W<WL0+(8<W9DWyq2HY=}ZSi(m9cuauJCn!^+q9mLhzd-TS__=Gagm$`G8
z5ZQo9U0s+%(=hb$W{)FkK7DY6?Q%8h@GXL6lLdqMmP6!66C<mK>lOtK`vd$ZZ(ev3
zfuf%ob>b8R@T`So-(<y?+M`=s{t(6l*w7}A9(UZ+rJ=Ff3<2HjYK_k`Ss85~P&DSW
z`F{nm(!s8*`JK^BY8O`#Oh!v9DZLt9Z-Z!ZG~u!=$|ShIzi~CKei>U&CnmL47E?Jh
zq?1k7rnOe^U>9RA_H`OBq^!yTd8d2(5-h%a7DT!lxt1(D*Us-==+h|LPB5ZkNLoRu
z1#;>xG_yM;1xjltbj5#0paayCF3Wwb-Jbh~Cz{WFwOVGa#oZ<MZV|&45*kTf!6{KO
zJ^!;^zD6e#qxi8sO|&RP><tc?AcTcd2&%2lbFt@3ILTPxZN>b%7yIrXW{|&^Xh2o?
zZb78Nig^B05$&%M0Y{5DN;O62+;wTG$v;xoh~p0A$qxl1o)O^tafEJ)M!PwC%meR!
zdD)P)WTYuZ#o2NRbx~pXz}~>;Ryq@K{m>NZz3G5yiXz$7$^~t4;A!fI5JFNq9}23F
zUL%d+@ngqWMVq*$>Nl%-4&ft)8U?1ta|J@}NQ*e#>t7HS$FbDj6SujS7pcn5wAuN6
zyDYp~t`f*Ds;DUR=O3uIT0%yE%a#*E@+&LI7_>0Qa6Ie+P_oY3Do@+9HFEFiE%gQo
zXe*AruW`*C2juacay&Z*jdZvfBx;1o@0JyNr)X#|wR;~7K$9+X2Z7-BgEH}eaQE*<
z%-aibD{+L?iQbvqPMd94Hi<Mg+$mIM<Y6|dUw7zZ;tCMkM$lQ~$v{rdb2nt&CK0OM
zF0C84gGe+_ZSI$|B6G&MAAgS-<_has+WiHvq01Wp;eWpB61}=BpIVw?s)yP}^yD3d
zysN8JVZv;2GTeKtllp<;7=aa^?rJh5j`@ARgY!fY_ahdGu6DFllf}CJ+Bm){xtvGp
zmKrYa;aJ4iK7{7OV0g2xF*a+RI(;`XwBHfQHXGvnssw0P;cs=rf1AN}G5>+PCeif{
zf6QxXzCJ|M_`9dA3fl{HhI|%zej!GJV04RHFLE?&1GAA6#@m!ee!qw9@~v^h=$26?
zm0)xjZ!_~k`gr+I@WDu*-4}UFMwLL`3+V&fJ3Tre`Tg`l`n>o*T>i!&hHXCDI>C4w
zRYJWh7_Zdf_M$y8Df>hP<84Y|JBKazZ*zTKNFPC1V{U^0u@}-O9oCB(QEVv8{Kl35
z)_50(MhI59vUc!7`tWw`5yBc@zQ|$5)QA*dz4$*dgk!6v&S$0B$MwDKOzS!Hfdk9K
zrk*zO9{dc*`7LwFSVb$h1~)d-tGE@Khl34O;p&{wW@M(GsBK(?X2(5Z3`w02ZZmTu
zb1d%DgC2U4!tEMFc(;&97mN>d193oxD~F@rbf${;Co{rFNnWHJGMv$lp!Ifxz@Q>a
znV-OxD~GBJ{e#QmPe!Smbs)jiV-0T4TibOMEP!$Z3%nqHp0$Dr3ucgnr`x$?f0bZ(
zu$ON(e_?imtfpzcI?}vUG#)PQQ^l5bP4B_iQHLRm;+l`BzxlBfsp)alY!@ZoY9#_}
z$atKNtrr!dOAqlKw@sIb9`jY!D=iGaMOksp%4~gT_>g8=IqYxFB<y{)7oBXZ^{rId
zX||{L<I1a7qU5?v!p>VVi`=Y~)g#eeFMevDVTV89{-xe?U!K*V*nb`g@$ujPt=wi4
zD%+dt`V6Ju*<O{NP8c9ed)VF?CJ|0UBYeKfUJY=2?bA$M(?wCDCe{I7@o~@GhxdF_
zYh~c7=Y6}kzOZD{09aK~(9~bEI+{9%Z+qlILMVIEmftRBN&IO0`cL<U2ZWw}wXOW9
zncq#6g9SJHChS~RJj`3Yrtq;!@7lEr97mM?xPsksvt}(0NoL`@#AlniA$Q$L-RY*G
z)~+c$s*29~NrPs}FN|3TVs#ZsbjEF#eUQ-4Ky_KQ|K)U%F|l-NEXaYb4qwQDO4|3i
z{j&&9tO!kw%1+rd)i}u$NFmVmt#U%dFt|q5hkiemVy-3v8svzt06A;jq^@Qa5T6Y8
zC%E{A%tfqw8wGr7Bgg<NW)x42^bS-N=Ne1C#%%#9p)%$jc0@+zWl$`kxv4yCrQ1fw
zB}WPY2rB3#I&AF>8?1S`_RL~7n->S&Qc-Hv?XpII7KsN*f7rgZVHvm#ftnOjoCj>3
zj2q@t8nRP-)2Tw}Wjx*X{-~cz&hCQOHDdoO(X-n6xu|vOAW2~+^kB26?~rhohJbo6
z2(>RXa^RpzmSPYtMa>;ygq%aApWfSfV@CA`bZ<U-663ye!oi*Kl+^{jEVNEv)H&!d
z&q33ph#m)UoZlht9TKKI8!JZUeNOwLs+_4I-nROD5W@u4il<4UB=sJ5{1^erU@^t1
zp+rr;5NoFVg{et`cyBLRo=Vn}YIA8?p)KAYdldRfvh~l=FH-9M22H2LNT3Qg-m1@>
z9Ju3SZJagbw-);IV^^vN%R#@4mNzYgZ3=iZOQrCtEl;M`0iQ*$cu&Leua|+H>DAR^
z5$s*i&h)BW#8Z^RTM(Ea+-NLL=E9^d^kX`wL}T-ZT_F00+g%Jgv&dX_tJ#g?-{BF-
z%s(;cz?lp-)^;$VbIVLZ8ZGa=$cB6`LaqVa@#nWZFb@e8rCDX*7yv|NgEqiWM`KBo
zhX9R6sQO`9nYzBY5Q4m1&Y4lXEJeL^t!!7}-$7t~!ZY8kO|<$s<^g&WmwrkVt}{*3
zCHiBtv=IO}+1UqZBwep`BO&oX=~k&f?BjM-R9Vnt0%hCc%9o~|I>nKAd?1-!wbPQz
zlQqvwRAC;jguFFt@2(dQUUesJ0JCx<xm5Y(9S?s@E?99oktm4t+_>ImGJ8+lA7sri
zX!|l@DNcm~nNH_aP`)@-Tn+W~JZbrVBidQ`wcP0O{+YVKN4tkd!rcROtzH|+CCy+=
zO5OZ1AUG*!XWBQ`B92y@9vo|*_q3U`@U)=~#o?mgc(6`3nes9e0)ubD$8yL#Ny8tC
zEWdyNX+OfKF8JsN4l=Ia9<7|pSjx@PyF_Bfc{^@_@gvU~;g?)2z`#+!AI}U9&dJDC
zKDMC}>(J$H&nCWRayu+1-L8*P=u?_Xs+#G_G{INL*ccNJY@&lt#Y}4Wobt)eEB#15
zj;69a7~+j5^@+7MqV~fF=GD{-Q%?kXZ5|onO<cO5jI2Y~YNP6_GxC_tc`^%QQG1_a
zi>u0tKJw#xPal2-!uI$qbwm~E`b$EFd*SPMb>(pe(i`p&r~5E{PpL(ng?wRTKA%jW
zjW?@)*UVrk)=<s0mISo?!eVLFI>x!nU7i9aS*0?3yKk%vnQ4LJD=y@laY1uJt&|ZU
zcdIWIBBF1mb~)VMM?+=j*-)qllD^|qz|o_y?;`Ydwq{<mUe=!-DNmQ1p9q>s)G9af
zM)fh9Ln?*>$+ykTO~487Jlr0sCsWhuPr;JI;?@;FsQLsX_~$21s>H;YUtyJ2-7AQ7
zG0y0^R`HJ+Y0oOLa$DV$B^sOZ;yi5wnr8W(7tb9V&;u{S-kTN1v0){`cpVoEvE|}O
z#$2zh?6t&FG}9`;J7>tFPiATB-B0vclAZmZC_31;d*#t4K2w_TX-_G;OC(<V$Bz37
zKyU&fqUG&+Dl$YT*0m$Pq?Gcw@nkxRwr^^%f7MPQtAILlZD=pm@u)7|N+lD!8X~j{
z$e)%|tH`Pn30+(zZQ*a`b7ZFP+X5`xD3tx&25+dCJAU)@`klU=gbM}5Ja6L7Js3^*
z56*hpLG_j49kA~B4%s|KKs`D=o(Y^kpSMQmfF?&hQEwGmVkXBh)1<^XuXl=Ztyf0y
zTQ|lfE*nH+6lCZYb)=n7-^v_1e$1!d$5s;02Y8>)bcZQcV}g<$La8OaD8}!V91K+^
zdGz$?`Klo|n{1wBCq!|0R0Wa(GdSK8(uEL|Q8Ik-ZEM0gLwfe=TWk=IA#cf(ezO3j
z#9)&V7l$nF`2sli8F-HqjoPWXpO~K^4UymPvm~66UZ06as!bzis=pftK_@@{c|4pf
zklfxqnOsu;F*Gw-%#XXOXI<M>4t~xx7rg5h*e*0u_SV~%HZu3Yfu0XI;}6r_h&ww)
zN`lT%oTBy*?x1zQolL>fY%L3u#3CDqz=xZ7p4+i?PrsP)ugBsw0lIsQUU(#Hzj2F=
zcgBj}F=|8EZ-zGW`7l-}Y)@*n0Ql!Qy~RpmbK{Gbb4oOWE8BA{>T#5y)O>Cp`rIHq
zf4G{ONOJ!Zd4(n&Cyn|YZmQxA>AHlS@?9TZ*$G#dP+f&$E-MSAImT$mZ(&iWhbdtm
zj`$3O+EsNo`@^D6V?PA%6c?>bYAvyvCK$DMO;b!t=JR+DnEmsHP`^K9n2u^!q!Bpz
zbVfD(#_y+bw~}S0{k8NcC)2zzqSzu;W>9<UrRJiEA<E`wgKdxZdAZYuj3$=chwoVC
z^v4WpDosU=FK~0FdC*Wf)wnTM*T`^1uHwtz;t;3LCDXsax^-p_nCy7x)4{#@zj4ic
zu1|9nf+j}I&VNDpXbZ{CO0j%$GQ>E|Z`cl+j>p}f+Q059chz?Fr8g*3CAG&7nR(tK
z6;~poi;9Ti9J-MydR5EKEIZ4O`r~`_xIl7w0yle9i_d>SMJB0Rixix2Oqcx!^;xO6
zdq}pZwu6c;i~Cj|t$J<1+>hieqCwv8!!^DiCQGnYMTS3iuh}DLNJW!bA9FdLNnx)D
zhg~H;w6dCia7yzJ)fXum9DZxrg<35$3i2a7JH_kO_cUuN=PZi<0kS@*$)dEcAQ?CJ
zsA-ij*qONeFklygqwaRMfQU7sqd7ndO2uCO7OuW_bq!tWa_(|L1U<AqUk+|`!v(gn
z-M0M#AhH6F$sN&<^BBhVjxd!H@X9W3`JO5EpKD8`^4Rus^F`YfOlM?yuWs^66A!-X
zU7w&A^LjA&tF)I4l`e`L-VCD7%5eUX>@t`5hz`h;v=r;85olJw2{Ud{*KC})P-2s$
zPY1Y0tAJ56sVer5s;=J3xT|nwUk#?-Jo<Yvn<5ngMLYT_R302J>ZZ0YwfAr_Su3YO
z_CDgYhie2=VXIO{#w=FSMF|5{3r5dSUmdkSHKNNyC9SO##RS^*V!SBm)3d^^yeo(M
zSD&|I3gPsxdRhgsK$9F+ASyW_2!z54NIla+GyfZbTYyhG%!9(t>Y^GQi1GiFW@w-s
z_`q5BepLeQTYTlk_c9$)o0btW%deB&<?T#YR(%^TpIq0z_ITzEpU;C?k)Xw`quhn?
z1oaXOwwUo+gj1l61yK$X%-94of9DmC101gUWF4$;_kAOae;P|nq=d_VYOm<!^I9FT
zNcy#f#1mLXK;2Ib!bAQ3dq?~j(AMI+MbvVuU!KX=qez^~10E*6dyf=S@OYrgoQ+FJ
z@R`bQ!v<SR78i>o>?mxd;bH9T9EauXw9VQ?CvN5P8X1T3e0Pwwnc7yQCL^;lGR@};
zope?Ydh&L9>ekJ2!S@R5cI`{gwzw#I=!Il|1RUmkW<u3bCwzhn@35q;W2MXV)GNbA
zH`Ueh*x=b3ClvO(qFlJe+)mqcO|{C>VUNIyzTa=H`JHO&vr~bTe5QLlODvs<r8>%X
z7QOW}8nPp4sE{vJ_I+>Nq-o0^{u}@d<;MmnK$*+Kw0O;hHro?(Kgh4sT(cj$>RRUF
z7F-TaOb6v(NvBAn7nUEzU5P|~3Nh)ol|5<4!6%Ck!ZJD4TRmTX>gx6=a~(l-X~@eM
z3%vb6Avgo2M&dENjhbPz-B6W%T^l6eLgLGmcsdF^;rlb?BldMaJx2n#Myl+<Oi7vn
zZ@}GjxtPLaA#=zJ?Zu+z^91lx3*}L65Qep@0U%|Oc|s;b0vJR?ygF`6;Gx3Axv2Z4
z<zxRop`Q7SBjKZkX)14p;;~P~C}0(@2^{spUnOQkr{%VQnvP4f>u8%VAg!bysl7gG
z7YB7Y+B|h!ewfZrPtXTziwI3MwTAh5?I&3eq!Q}W%odI7SnD_cW410f8aldL9{)QN
z+?^3VL2mC1xvvj{7yY%DsZey^Kj-D<bmrQ_cW&Q5qiwlBQ~1XJi{5q9&&}nuT=K(r
z#g27ro*c;aowu~J`r~2ivNsu-nby-5zt@krH|yQ@72BWZ|NnREd&qQ_s;Cbp#`hO3
zGx}TG{&VN<yQ_8ewNCF_cR%j`f|hXRnsd+9YeSEv?y<=D%A<eMUpzi`-M-1I;_sY@
z<bThx^2FP`LN(oz(Dw2_;mqw*V*XcrJRd5^c<I-xGoRh2?|t>?>~|?agKPdL-d&43
zQ?p6GTl(c<wT#059OwP6ef_w4#(I;y2?Y_r!HjKBubs$BU|;v@#L`<UYWALF@h|^a
zQ+4UYiuiY7oks$<i2qseOuGB&j5&WoGFE)*d0*Jhx8>KWAL()2dpCdGeKRQii@Elf
z{VHc!op!C6l4cw@SO4-v@4rQ%XYSs2ekK1e(&OpX>bFZ3w}{^fn3TFvX7c9OPusNC
z?^&oVaAC9P^UdA7dW^q-BYBZ!8^4|Ur{XL5a`CabZ)(a`&zmYGu-4?_wTZv~UVd4B
zesTJ=*SFeipZXTXlx}}DH&)%uKJf^@+?|?$_=@n-<L^1=F5Jb~_?mU){ENn?zcQ`7
zzFFn?*6-`<ipw@0oUYBY%I4pfhkIAG-TL&qTs~e%)#1QN&Mkk|wHh;(^u}_htMtz}
zD{x?4tE5HW<kY(BhZbHx(Z?(}5!}s{1&(;UWsvj*b6kNV7-ES|ir__B%#6`mn|AEg
z-FtK4=WC{d53cR=oo#mQYVNxz*;|pHrha<X$Mi3{p<%km-;xq;lRmXvw*zTXUP`7*
zR=+DZ$Prt#*pln*or{U0mPfq59_4j!ZmXCzyWz^_llK)f-c5LLpNq*X_(|E@TeTlz
z%KOXsc2#U)>b<CS#qm|z?QLd{)3%7N?%nL1mOL}Z)b{yWk7hsT_j^7n7x6OA*5uYK
z@-ScDtp7#o>e;jVldXN3^(HUy3%tIf`HJtWHOb#jUq4%Z^YiH!`wbr&uSw>caCY&c
z#$^wefyNtl7F%qwXPj-@@3YX{#N<NxO5nLJ?)4A4E`59Nvw53`mW}|&ojZ44{JzY$
z`ovi;hI7E-o_TW`em<X=`%^dTlBST(M2{~M?C05(w10B27A*;of4SY6wGDJTaZDR<
z(ay{TA6Bs*ESmYUu@4xYH>NUNxx8-2MG4Sq&Kba=C^KgENZ??SLP9uj)M)o3w`4E}
zc#zIb9+?#2uv9}sEO7AZZI^T}m?H^PWn3_U6*Mqbrpn;DO*_v7cpNPQQyMVN&K__S
z1FsUD3e-Mo2{7zv7hDp7Pt0;7oSmCv7dwFC47ic)%Ju8pv(sHlO=Ha`UEk>3zH0Z?
zSwbG5Tm+2x7Kg2C+*Cwn6{fmOtlhKMW8(Xe(8+UVuk6$T<tzq9Zq5mF!a~9(Zkcpo
z*2+uIE-rTO-MsSC+fQCQoi1MZu%S>-2b3}xn0%EWE9Nc5I9SrOq{35-MIp&S;eroK
z&zmTdVDAFpE(}nTng>h<Hu6s(`#eB-`nZ%XI2Ba_Q_<&|31DU4fXDxDlh5A50@Cvg
znAXmIb_6ftztIoWUbp6=5Xkv6K-*8wv+o3(YY)`^d!w5-7EAurFZmO}x9{+jFa{v-
MboFyt=akR{0I4)U!vFvP

literal 72463
zcmZUa1yq~Q((sWMC=@HML5dU$#XYz?ZE-8bibHTO-lE0bp}4!d6AHy$gS!*pOYeK%
z`~L6wIEQnRd3JVpcK4axo%tn9RapiTofI7b0RdA^R#F`S0m%;m0nr@|1unsEOtnKm
zcr9fqA)zWKAwi|;XlG_=ZHj;(i&>^={^7$c;Yx#|aT3XJCz>pY2VTDBp1x`{Q*Spr
zC%Xhmh`(5$?dvcjmS0+xl3Yxm|5&_uODK7W(r3$p&CSU8UaK<ue4OIDwzm88ivB^`
z!?N8;%}K+J@J*=`LhWH7x)fzOW;76}PA?gZMxURLL44znqBwy-yM`eZ^nLC2R_iu%
zHkHgzt-nP1L+SJ0^$7|^Ri5e#zdl;0f=1Q2s8b-qTg^OGLc|Fj96SD8S+RBHz^gb}
zs&2r$w6cD19_1wmYGwQa!#iqxzhlhKFBn0?)(E!58!!8EtnovbrRTKS5{7UMBJBNS
znIy??NV{{-FA8Z(gQ(_ApIDWzS1VPM_{lXGM=AS}n^YzIN$8nBY`ros0z75v`(&U`
zD|jd8X0U#grps!fEMDwi+Ix?0M%!wb!B354tREOP_$wUMzT^Wzd^r2|DjU;lsk#>;
z-4%V^mBfJ&i1rCgy!>uBi)is^MUQ7V+G^lQDrGfg72@zH=->st>IHIN7gUz+w?w13
zI&ns*TOJ~0=%<t<ZFoCDdx>O9+;{fLFkbu-b$Y5%sm6SE-k3?zz9w}V%zU@HDD`+z
z%X)Dy^8}7>!?<@ihcNNLKWDEnVpJd5kb7H*<YIGhqWa%deU{VW>)vhaeH$j^u8K|l
z5kE-Pf${l`RECESZMtO8Tj0+PR-6?Btu#KaYj6xl*oNA2C>ejZ!yhlHl(53@Ic~-D
zaT%^S7}+=|NUGThucoL`zmzRsE$>=(zCjdM73Y!dw2USpjVZ1lRLex8J7pM*QCUB2
z#Hss;)ED~9HHsDP{EelqPD_}Eh%%RVD^~go!k$cjjtCmJ=49$62`R$_>7*QXVaV^?
zU0m=3HHxIHGv!zL=tm5q0P8n#>2I#iv&q|gbA=1)ep61CPc2wBP``Xql_41gr&z~0
z%68drolQjMV1AJL#zY@dP7RnuDY~YTkoC<2STfw@;qt{CGsYTm;B4>s&t>nc6@Tnm
zX#eB*>sZ1k?rYboBl%VnmR^(?L9&E)Hjw{An6LER=NNxt_deKE>}@2UY#OyP4m6Zj
zQW!0CQxe%BhEIN7Yz%jQ{|j~ptC;?8y|@7D!GWfkrjfhNi7ESX@m^K*Uv_>wzA<0S
za8rD71oYo4yc<a%eD&=&6AP~7h*Yl3E4_66CB$Fc>F0=UeVP^1#LqCI@~l^#g|EvH
z|2Q&bwIT#2AcO#rPglIwSqyUwzrO7JJwg*-?baEUXUk=j{Za$_br(KM7uNO`dd3>6
z7!KAZ71mEG%z~U^1!_Q12BMP@b(}bVsULSGVtpsi+)Gdw;;#@|dnDzamyNGy*RfK_
zC{AB{tYKan6Zd!W5o2@qj<Q>g;yU%URw1yE|LA*D$;E;^(!Z62o*LjC5pO~;hhokA
zDc~`jqF>nvTFG<BbB%D&ZSWajk7T~-(fG<XAgZhF%t#1DrMqx#-VM><8?Zld{owSg
z7q&r2W+!lM_RIxFvZ8>HEqD6LsXOeHUObGCCVh}5u2(20{MXy!ur^8B`x(tJmz-2L
zl}S0ucU0*UuyC4KIb3bgaoWV6WP|!&DCWft=m62eTjr!8W{OUEcau4mu@>{SB(>@~
zbT+6*I7j&Rt^yWzyI_G#TZJ3(XERda5RugOxc0F2s1-@OTu{yp2k~o(VA`Hc+yNYp
z@5K4xSK-3po8ipiSp9+p^i$z`!{J5+oZF*Pqw+hpJMVW0cJRzHgX@Fqf-9ucg0)N%
z`W+*VNFzuSxdgcGwFFpn6F|&i@jW_&Is*$M0)5RR9{EK@mf3r`{AwBnO`=ZeJ3eDI
zDcD@AHO})`hpN|K>c6*zx5X~^wvYMrt=n7kiKT&+am`5zgPndlWnM&%Y)0-#JM}Hy
zEiu_r+@RkyB?KqbeX5-KQ1+%wzAQi|v9`I6yVj;wqAqCRqPC<K+iLaC@$~v$<8JTX
z)&a}(e3_GSp+;i1RW4aM^NfCJi_%TrF)d|R%~sI4WNU@{qI;nmg$Gzzx6PuByv?yK
z^HS%^<I?$R`AXx`d|z`9Fl`6L^CI)%0!4MC`TF?=JR1iNg|6ZL#8r?!q;N3p)eVS2
z5kq+sz!Bh$GK(ofjQ+X@(+N|PbcSq&lO}>ZoSt-yeZd+${L3?MMYba*C&rW(I~=x5
z%<ICg%${M>I(D1mP!U!nmlxLkrEN$q)>fn4GTJh7@9UIFfxekg4FYHK{MVXIGnJS3
z-;BgEjMB5DCQNLtDNV~cR==)%T`@Pdim|R5{G8b*tdNl3V4AS~b;N9hl9{vQ?2}XJ
z*D{}mnab<>1f7aH5tGN6{u%n|9o<xqRApV{MT^BZi#m%fF61quEl4e2Tdc0Zo^}s<
z4@%dG6!xgts6`U-J#;clzo*o88i%TE@NMECjCa5G)p*nAl)IGsl<SnSr7vU#A`Q5j
zeJ(HFe=?aIC?$6?8#On_h6+KC#$ENm`u$BTj+S8ez5O*N$1=yZoqmTO_NgZ`YuDY&
zzx6lT=N}VLAttQ@4U}V)nL=$s@fn`NEv==k9IZSa%a=13kv9hW-ZLRPcpIFn&`^k{
zp~@=FDssE;9sk|-{n7OSxs~824wr{HnJ2<0@#nIqBgAih;eG(51>`a0ApdE9>;RU4
zUNOOM87~%5p)XEe`A}|<=e*{}Kj-<w3%0e;AjTym`9wHFT27Wh-cAkk36zp_k+hLi
z$&=YS94uhe`Jnh`_*d$0`rkRbDZ3dC2AeyPR$;~iZ~Lu7-H8uyO2Tc(qoM%3KGU}?
zc%=-341Wg1^uSBSjh<)qXD`n>l=D==Gqt$S9KI=Zrv-9`wf0(uwcxG34SLI}(j04@
zSSoL;{98UbO+EIUhnuC2rp|jZNzREuUzSroHlI6>b5di{HSflU;AuLgLV(^=kuBZJ
z<oi)vvc|X)cS;KH)h<_=Ww#|Nrv*t7Neib4`exvC_sZz*XhgDbj_Pln-<%H7Zgq_c
z8^EGyp`mj~@!<aGHN+r(nGQ4VlYEP5b~R=-5x*M0uH(v1|Mv0d5kz5ZF%dEf83eJ+
z#zTj73sRLc`P-D%e=&ZnCAuXneYdOD&*+N(IY<MY?EB@!&Rx#1@>RsXn1iUp$Fmla
zcbr(`f0Ey2x;rHFl+x8?#7V}%_)^nYQ<jAWyvDovv3F1)%L3S`iToAr?c1=v3qe9j
zwz<0KI(FA}yB}#pA6Yyeo%d%Wekc(FwP3rcgLYpPn(~JyQ&;c3Tebzy1?OGM6qXW7
z4bPht^<3JQnp&%2o9e$OFIHQ;I*uQnOtnXJ5<S^gTfeo7w{P?hcgD9cftlo)D9cDY
zif!wRoagsvtqRKcHTMjfOj)hUzS=xA&pBfrl+9FVJv#(|d#;M3i@nJrc-iJ}U1Hs)
z;>W~NZ*1SstG93WU{?cdZ6cO*G;K8Wn<CoF+!i;F-Yr64yN@PgSh*D2f+9z8C)TU+
zl_mN8B?V>;XUE%hZe_*wR*)^>L|^oWBIAmwm9mH1hvAzZpXsMUkU7k2Q*_jSCtwBj
z=IQg}NWVm@gsHREa%pphho!ftgpS1Gx<g1R*&`|Tqrm-ay3A<Q2a0J>GmQ9PZo}kp
zKq2ym=Uqy(%9l*HKSE`9<3n-`6?KZ%mcj&1`-gj>Qw)$7nfyL8&xbKi?NF@D8xcd_
zt_$&Hsi+?zJ{Pw~swL)D%XAeAn2FwOy!8<_f-ZEY!(k=Hnkt4r+FjP~0}pI?f7&fI
z^WT|0u%4BTFS<7v!VF-ZtLZOYEnP>BEmuog?YuhfLD$dov&Zv3mtu1PKd|utEADSS
zE)S!+K_V_JKBMk>cfE&lN`+R?nDWr_5tR;)g)_yo(u$T#m2?oVNQ39oh@qIT{$cW;
zsWb7roagOH&EN``b{F5}C9+k|XQijq_6F0F*Q-Y!Cy!5~A%Cz{?#;Zuc<J2?J!x!0
zlOV1S7Y`2v;`yp=L{zF#=B9|PORqZRBs@b#5Lk{olNFBqG1KsH`%%cGo{_QBMi`M7
zBs#~b{I*^qR4E~(s?|s*MI8UR7JP?h&)cvbOuWxD>ge<lIlN3#H`ev>u|g4nI07Lv
z?(xw(_5J~5Bjb6sh@kWm*<5%yRY2m2Dr>?np=PY;VYT8JsYKi|OBFo855HHuvX|9%
zLO>v-`}>b5r~dX7e&xut{GbKaQc@H!v9n<_{$lspl+De?9$p#&LC8%2{?W!1Y)s{5
zV{Pjs;3iD-uMz_A&ws^08mfO40b2>vXep^uN!U4>QgO3!v9Z&Lpi@y%2|0c-6Hu3w
z{<k{(n=p+97;G;91iHGqvbl1y**Tg6-}CeH1KBx%92~6h60A<{wqRp7R$C|9|Ec7E
z>yb2dGI6xD2V2_NQvI#h__LieSeS<9Z$tn2`=5TAx>^2TOSVq`HVbYb@b44gdp369
zf9i&-3jLJ|s9L(2T5CyK+L+op!P^kwfM2JC{-yB$J^H^U|Dme=f2!}_^Yi>u^&gM^
ztttfkYr;QF`k(RomlQr=BIrWE{|vqe`p=_Dc?1Me1UX5u4{nHu>8O7CQdiF^^<QGg
z3V3Dxtlyxu1<-^B8hpUVf5((HC#rTA#(1l#ii7wP*V^w_=r?fQ%?k3X=ojKtZ4F91
zL$*ANE6-lzo>0^4?Kak-`or<Jb|-Bb<7s!}qsg4+JL5-H9#{K;l0>+nXp%2zkZ}D&
zMJ1_dCTwsR2R}|y3VUp!e}DS75a-`zba9ZvBqclzm0wntmn(D7+KFw4mrDPi^51fd
zNW@p?=jWtGzeN!x*GC|b#Pf5<cg)POD{Y<%-rj9=*3nEN|7h^94*2Vfi33&GOqni2
zPcUYzi1$4jiU@u;3OZGOXH9dnPB1orO(Fz~o7qSY>-f(VS@Ms6cDWK4iP3M@9)pOD
zYq>lx?=3}PwlMp)(pGH|yX{NG00O)J827g=>vw34h`^#L?hm`wOn&$*ZO;|!8C|UT
zqcM<w4Z#1}x=e~VyZv)E7+oK3tu8Gg2H@X=@UJn+!l1<==w#Dts<Qa6F{-A9i>-f2
zcKlae`o#Xf5M0)WBc%ST<I$LKv6%$jz0^O4aJL&x@?|B4rY(yOd_MlSJGlPVa4|a>
z({JEEWTB!&(o{@-`i+hzzyHh1FA{L^ylR-wfAy}J9Z3!GusfdY2jM@Bp(2BeM}y@r
z|EqTsLAaslMnvUHTDAXW%sdWU%=00~@V|P;7A`7A#HI`Hvk~o!{ey$C3YjR%Zea6&
zRKYSY7Cs^>zJ1dToa*c1!;4`(nLkKq9xYv09ox6aX9n5@{MOaY{YBci?N7lU`M(p~
zX+|@_hHm7YV{q=VmE4z~OW-%w%S;dP7yZ@CTcAFD@WSsj(gKy6o14S?9<1Hr({@<d
zgEiS;XP6odegWh+3Sarp5LghsSkOc4<p?|v(XF>mX3?q?9Ud9Uudn~~{rmSXYn}ca
zpL@|->J`FLW8^Hxz7LCWB1|z_&6d}B^mP+{HoL0uk!t&%XD4Sk1cC5=W9bW?Y24Ya
zwyau1%qT7{-a4#-BoG;Tsjc`vd(T@Irsp6vT1MA<7SA#8Vmb~){8<5>T|g%w4`C15
zdAAJkS=_Bgt8GFGWl!d{%UJR}X**vFz#g7b0kz>K$xyoIrFrZZoyS*rNugt42zsdo
zLm6N278jIKmJceW@u^|)Z{d)Dd|Fv_8f7c*zflLspRBZ*wj9;RK3*@Xh@6F~3=V*v
z9QIZ_d|PHYVd0d*3;3PizVX=IYoC43NDW4C9>69_JWdTUW(yj305c_@(X>Y@wo1Qf
z=0URIL2p)d-;USZvN9CZNL&%&dJEx)lFz$C)AJh}wT6d>zbw>RI$n(Nj-+r~ZPiXG
zAK+V5=r)X(YTITX;w#!vEB=|D9%`f*c!f@AgP^Ic{SI6BGWyX?<mq;ETeIUn{;&y}
zaa8`I8!+x(6LMRqK`W|XX3(a?#KdHs@Apay96`Hwo*18i4T7oej3%29U++(kurGNW
zl$oa5)Z=ETp=p-uz2h_=uMJz6$d*`aGvqNyAtr?{>e`n`HaQ5*A9t^24HE;f1O{*W
zn_XAjp+n^@$6pmX42a{9<GQy;5>v0ReKp8F>^>+G81EpBJ+c@KuUg^~2Dfzd_1UVf
zo?Zox-j3gxL<!R~WVq$P4h)}vR`^_%eDgJ1O4wQTBidfnH-XXn&sBmqEy=Nc$NN)5
zaETIG0oWKl$&Vp-9tIKHxCH=S+cdrFgOR*Em9Q-97%Z69wJ$W?b!)+@A|92}t<$HX
z?K(vpd5AU^1R+{zEI3!`muGUBA0`NX@OHCdQZjR+@0d8}qm*uncUVUHJy$;XmMHJ)
z@|NqP!4H+*@cJ!xye+m^o~Nc=^ZqdcY|?SNa-pz*i&H%tW)drtj4TzMgyZMc=Lg?&
z_)<`#SIJ<3uaDF^)>Y-Ty-n^gzs+EE*D>zdLDNM21cDSNh_EJG)7BdjE{kZTUTmRL
z(bPQe`>D+O<|~hp6h4o?j$T&?sjM7<#%pe|&o3$-^`@@ETdBNp1D%A&T8osONL>r*
zX5Kur7R0;mw|6FPyoLPACmUoL7KQQXeuj`De9l7|nl8fStwLI3rU%IoKH7h}&hqUR
z>h?mz?h*3Y;pS8_<AV&d`tmrI=b7cMo4&#`{Q+H{@9y>@8yT_uVxZj(;IdaG6~qRx
z8~KHka?4-OnPA`DL44U<mz@(~ry(FNDV!exv$$uEB4obv!%4~Xx&ly>+>-hqdR#rt
zqj@C3{7O-qmmG@`0~i&QiM1IkJ;I}zk16FuLR|VLY!nS)ZW9(Pwmb$LcbIpBgfnUN
zQX-A)!ZTm4lQvpaq_-h!bGz7%uMa!VAihsE?|d0O44=*uO-st^tBJC9AgMqVk*mBV
z*Hv%FvpyoSh^_$Cktm-_+8XqY^;?O7gSS%v_hFD7@BD@U#mL(cKw&xw#L^vrp82>k
z6vM;W7Sd-0cdOB4{+~1vgiD~Az6O-;TeyqQK}KSCJv5RbSc0XlW;dJ3+eU%t551=Y
z0-;x-yu9-YJIJqQdh!(#(G}_$DJ6nm<KknIgY_7*U}AQ^bEN8Di@Rltcpq-#85X}~
zOF-EW!yfpFchky^?mZa@eq~twMNS}%<N9D0G8ud}N_#7D=SCY(XJ%pM#9hZ-?V{v3
z!Tj!>oUTk)RP7HUV7*w3e>9P$Y7V1Bl3m$Gn{?v1Y!6ulo1!pixIaoPUdTQ!-mz-5
zA6uwEIsL1Gq!yZZYnrkfod`@U*0TcnwmUu{VHoIhhT(ot*6;#jZ8HjF>j_dbNpsyV
zX>MMqG+hg^E5)B5MpK%+%k#h2s{0zhjmeWomKTs3f(HV>+J3LHsb*W574hw*^Jc4t
zVJ)XyH$bEl4=SW#wh`of--QYo><+@%_Cv;EXAv%k0z@vp;p@_LzCP5-F>#FBD=qzw
z>eY>h#|ryJv;eX}gx0pT`C({nV0#Zo&wmmwZ(z;HmT4Kc*4<KZKZDHF?<!nEDsB7$
zLO7XEl6>B84#Q@%p7Ta0{=6FLIA#Q%$tkQ->x0Q~jN*~|!o6p;l+<9V=c=bm#`yr>
zUAMcLhW2>df!oJp*Nz&->^E|c9-z}pJqgf4*hA3Mt-D|?n)cI|{u{<y&!nj}{??mD
zy=BnlkDI@{79QF!d!<{IAS-dy=ibBl8ax3i%S`#*+h5m7W&%+y?H=A6&rc`M#AkR!
z`d~G2RE*rU_4z^fBy?AWhd!Xs`)qNMvwN}%2Jp~;Mcc!1O9H;fJ%`+emATItY$#;)
z{Q!AvBYd~O6S(CXv>T3l_o_~SJGA7%@C}iHn{jj6+s5ao2i8b7U53k`pul4_1+POB
z0B48c^Zo3e<F6q0v(p}I1~B9^atcG5y|}oci`*}c2`XRD36Oy_1U0;q3~C%X%?S~T
zRrOC)J+KrfK>pE_$-Cl4o2{^ic^)J~u=4674+|x19c-`UwXXrU41>p#bZgUH_^cOC
z8d{KQTYU?2hwn0DCq;!B@~T8%o9fK#X!54qJvIb8fUT$B`W~(uI@;8dLqjkw+V_h~
zSlZdD7(Tp{m6m;+E<+AG@qK<EJa#StM!hX>zuyOwq@#9BngKgt=Yj1;lT_(g)?s9}
zja`hf*jl0*Q2}yLIf`HEU!MfD3hoLi)G`?|y&REKYL)g^FM@F{vpfeVT(usbuPS`&
zpb+n4r&k|8vsAFRuWFe4!oB1hfhNo75Zh$g-PB>sNq17%o@UEQyJr9wd}DVNXDvzS
ze^yLlr_RQ!3}n*8+$dI0$%>SaS$;l61zF%g7G~^x6O%x`?NV3u`SPDP=1iivt-;^S
zj8CCQ{?{0kzIP*rlYDzW#CHnudR{n}dWw;4Nj?8=%h|iF1$|U!iBuMO1D{|!an`{-
zff>1i?F08<)4lSW$RM_OGF#BoS=5xOsw?;Xg@7XJE@pLtz^8nX%laxY2ESMPw#Q3N
zpLlD{@5vse<L^;yByPy)>6KFACfb(we9GPwA}aa%X{IN=1=GZqJ7G_49|UF)8*`w6
z?%5!G{Y2?{+9I50qq4h_v#>VbISCjZd>1B0S^*MUfj?V366#~OMa?^xyz^u88r+?b
zz~)BGduStNk10`3lS9#u%Q$LS6*(I?c(&mBqaJg+a?_ruIuc1|-U;qQ=nFJYKPq@s
z)zKRiyD6<1uVzOP-{6=#z@^$Ld@z~p4nf3~I!RrHnTfOFhjEVc(K;+U&(g8AT~782
z-z=H9=PqSiyFX3*$xrB2flpB_Ai#hJdaL@X<*@okpYPSQCM%P1B%=5g>;lqo+VT8&
zVySMlch{YIT&Mus;q8!PPuh&yxc@B!$ls)8Ka+Wfj%o=(r3<zn-aU@jG<*+QCX3^{
zd4Mhm2iTQ+Tyk*BAij+ny=A<CpGz(e@tz-6pIKCHbHaUZdjO^3<#TG%Q76vf;&~&w
z3CcG~^r{<-c+MrCIs@6b$sSb^zaVspZ8je~8Cj}fk%Zg74kcnnIqixXLb^J{BZECX
zp7`qOJ#`}c1mY!n;wL=AprAdz^@v%-_1^pl^~{dPBfBYY=x%P5GCR%&IWIoL#sxCQ
zu&j0w5N45j3<g>Wlpi0+>%k9o!BB|LHRpwS^%hp&$X-rd55{At(CMrVDdqxUEJhuc
z4haS4@RnDx>Fi{7t*3UnYn;0UrSl)PexQ50&;8yW?5Y;Q1mh+0b~?u!*FV41!Z6qx
zsT>}!W_1DAud=6Zs=?3_6R}mz1Nf@%;dwXy;qVv3Li=o@&K9OG{mgNawTHg@qUiV|
z6}OydWH$aAX~8GBYfLSdfF;3pha=ztBezq}d*axl6ECP>fo!m`@5AD1IN^8t;~=6~
zywOBMAAbK)SD!|j2i`s-<G{^K_$5fD^Fg=eogX7Lnw0<pAzB(nik_BWETbRTK2Btk
zRx63F8Nu@|K5?uA3@*}UpPb=IH>If*xf@c^;X@juNI-fKGtdVJ%CD{cgTn6D#gDC}
zHuwNv5EXYJzFw+Q)b4xviKL7v5aAoW&u}MDTRZCK&@>$JQ<ky=whf$e5MrBotN+BA
zZ+0Idrx4FfoYw?@7pFccpLddOq9YLEy<m<MGrB!p52K9~qN)1ahklV8ZZIwb@c!c_
z`pyN4PIYG#gUD-!p=DCd4{gdvr~35rd@aNoF(g01T)$ss_bIP-JDeRKtJENnlf=G+
zRI}ktHWw#jP-J~TJc10FV@VmaALI1|Y}8yNww~=xBJ2zRzZujq4}^>1ZTBxWFfYZ)
zBpQ`1e|DCd7jt*A;^LBkURM5@uw@K+5W9%eP_BYGCkv&&RybV`0oXn<KE;huSiWn)
zPFgbAE_lsYF5*rj;w&v>cVi?b<WuWy2kNE6#{b&gInO$i*GK9)XB?6rZ{~J-eYzE^
zqC<-B1|)jK6Q~^$JZY^F6Ny_bE4W8WP?8@4$SgkeYp+(;u2lS_KC|O_v9uAKKYehO
zlp9s`3PYaraXwuoM-MS?#a^*m_Qz`~%%im!nb^xpWlxaP2(Lqo>7eIAt%`M$(EZ!~
zMSnv}^Gx__P^SNWug{&h<jut8b$IDj^~6pkdk;}80H*!kK6#BR+z9TFc6ZR+d@Xoi
z;!q2N=Tr}pSWwrzj0QgvjlV@MfUt8Cu;cSJ)CSG`h~9yFO6-wYR&!<E@XecyDBU-D
z#MR*;s&^0@xr2xcN+vS2S?lqaKY@LwJ14bz*%H4^=3hXKwGswFAF!%C)?BZ+H4AHk
z>ZfExP3WkxhEXHwD7?vLS>)&OMFCWoN5fo7EI%iV_?Hv)CjGT-)1V1Ve(P`7;XaUO
z*j8K0(w-;*mky`Bo8$f`cLGx>F5f_}<t_II1d>j@b#hKK#Q-{E6j{yA4DV}gm6f&c
z`NSei9Q)|32?zG>O=3BOLT+S6uNEi>zn%--#l`ZHeh`i{Y{N8p1k-U5vDvDbYp>{s
z3KEJKmiHkA<l5{yDA)H<rM{dX5H0o001hL<4s@R}>6KT4E7dt0@j{-~v81}nZco~7
zGTc2$qwp%oaO_{=02UhCU!{rSB5V3E&J8kr@?E++Z?(g)f5}#gy1{W5h=NWtPSB|u
ztmXIgTLYh^T;+4?c&o5#h2i~VVyW;KCO;3Zr2OektMD{R1~Z8DfKfM@Kxyx39%^f9
z0~D`641VxA{_c0vV2y5++WMkf`qm#AWw<(j#JZ>6Wt@<I6*eO6md4~$Z|OCEZkmH!
zZSyOW+bUs~${c80Id6zzN!I;wO`DWr?TGa0xBoEDHZ#t(dH|CYVd-}<Vw)b}&r<0;
z<SoTWG)xGli#82)K)GKCHqjumGkzzGLiA+)tB81%@sa)lD}&%QCCiT)k_4!p^J4MX
zzfDyYdJyNWD-GJr>V94I!mucOf9Zc5oY&-DivW=A@;6K0T!mr%%<*in#&fpOKabc!
zQRLc0JbVlyt-Oj@8IxToWn_XKS#!|T#2Cigsclb9QaTP&yI_u>VYl`Tl6)hd+BE&+
zKe$m$*R|hwFf4QxwYdq4#fGZx_ez4RjeruWg{?-C#LmCI*X(ZftZ41b;qIsNpkdxp
zVI5)15RV@aP`aPJKz+_TW50O))R`J`wt-$dn97qC`{qZ{Oe`2ZU2FcaYJl9z85x+7
z5%KW#MFZ@Y(??m>ayHt<AMYaRGPV?S?v?V}zhukT_D$Q6xm-0;MiEJa`5`NF!R1VN
zLtg53Bf2?+uyr~zi<S$HQ+4!^pc3c8t{(tOph0Q~0&r;l2f4@g9IKCchI_$op2D96
zmgaC<)Qio5z1Lr3>aG!-D=-ob1J^%@)%XawJXBqm#<G$Kd(_fb4qPtw)Kcsxh~#*x
zvqmSTI`S_V&k+h46l7jF-|rc6`}BB$)h&iTgc0Z?R@d)=H@M;Plfekl5+=VDId?(q
zAZhcEYn~Lg#DbR!wx4(c-JmkNYhI`2I+~^-@ibbhU}7%!)actS{kC?U{%{J~uTqt~
zG;%*c0ZaixP@HB7#LY6fG$_>A=j!~nMhD?YNhy-!Hxd6K>mbS<a|h!aG-}NZ>+$qA
zKPUX@#iKZ=8&whR<cG~c584{i;C>sKJbOl-Z)7q}{Dadg7E14kgt>&VJjOc`2VSxn
zM`laeb^+q3eHs<XbwugSKWL_bfqC%?H&E^6pPdAZ6*ug@fM`8S1`4eFC4FL0E5i~4
zMzi72LV*spbrzBY1bZ7lM7>NQ{(9%D7KAaN7EmX!kh)LEe-+|C<PczB_Cz_m$O3bc
z<$=}}1&w}FquB%TEqoUQUJS<2E;B1-imjq<E~Mya(1b~n*i!?RJhe+|l^(tft>Rxb
z>XBLLQrjiSaX$O0@t~?axm*?0FIt0Jax>rgFBG)tU+~;KJ)GEq=oS7Rkfa*2le(1*
zPX%u7DJMYgDM;0UwNLd|rO88KQ4IvKcIcI}M9#ZhX=Wz3c)W>kl315N>C#0YO<eOR
zrjpbxGd_&|8u_%#!|-hF{x?MGDwg$;KosDIgVl_<66xRdIm9vGV`YB&q+p{a3M5T0
z>SG{e7=Bw!S$icY;C^~hs}-tRTRG|w&GHEgMe6pq(pioI#uy>KG9GoV!UTsN>OSem
z`|54TYht2ccm5^2DB&9%{e@~^_AbXSqqClS|DF`+05}>5!dD%hiF3NAgxp<2cMLf9
zxOnx;-L8r}5J3wskKs``!eurp=8;c2%NsI$kv~zIorZzhKG3m>rZ{v3d>A#QjqDBX
za9P93*SUiX;RiN$<4A5fi-G1mJ7g;Pbf{EP11G+`9x>sHu2DZ=@(n5mhm7;?dAqhL
zUqi&n=UCt;qve~pCl|*gndVY?+C(Qx@{#@xcM_e2`a$GYp$hh>ehbt78}r*NTl<K7
z?2E9QCR}?x&P9aS4+|jlEZr1+1O8)FN^lnL%n@-8kSBQ>lO#xwhLy`cBgAm5=B2M*
zhG#1MbHByi*6`h1HXo;*@v8W2YxA~xzjR`5nu#(T*_0TaqQOxCT%OnHTI=?&zuL}c
zO}!bP_I*k#oAP9Ey-wOYyJIi?!m@hr=Z|v+FrRhsNx^>0vYidv%Mdj#_|f-Dfuwda
zGj8~Oq}fiCcz^aZ%Y3z>W;AJ~kX?C32P7%|=2Tugd%3VNik)oW{oKI_dVT8<r$XZ~
zW7M$*=ga7e4g2P*;RJVa$|~@NmkU<?l2atjCuZ_9;Rsz^)~xs^QQaFV67F+sUmrpM
z^jY6``HC>40&DAPkTYlrl>lhsJ*>V3`{^fP?U05W=A^(pXSrv6dV1ThP~4{d<xwJa
zT~W?^Pr~OsHgj&WxqZth79H>+d+4n{C;C-BY7Iw-Gx-cBURZ(vG^&O}?dkFtR@2r`
zg;CM~Bs3)ufa8z|`O42`34Z53DkexSSFjM!U&zo6aIVPcyRwfkJ^MvOe)Q4MqRO*g
zc1>t>Z#}Whrpw%Hk%kS6r1BlxD5vgyL3d65UZfA>2WyJ#M^&PAY#}|7rtR_f=N?mu
z^VUO|*Zdxr7O_Pvj~8Pu-XqHkjF#Qkdt51=eZ}L~NcV`bx@l7v?MZS!Oby5%=Qimd
z+GUGKUo4&P87J>;I>BQ^m5BaIv6Ezzc3>z)RF7T9S%jTdBW3Pq&!2i|xC6eo4krQQ
z(l4faEUUS8AL4AAwh47pE-J0}z!#n#z>E_a2mcU1$uQ1DE~b1rzA;7W-pRBKZ?iLS
z?4|U~0GB`EQl*g3;O$wC-Bt=m7Fn{?>Zu~ol4C6!;TuEbqn(i{5{^S+_fHabq4nDj
zgji2%NosC-vK|yTkyme^+jSvhu-L?kPYXGD1gMn4pmIKza*x+xA3l7VL!2<kJjA%*
zsBVpNg0+P+iZr_~cYC>~<!hz2b5R4l*q4vng!F`cF(yFcsEzw%kvVp0iyS~af(Ev%
zKnFiI-Pe_ulb_NGrp~NPj%GH$7^D-TvTa^3SOGP92LUfJp(AbA(f2hE$3q@{0<t>8
z8?~*al6`;_K9+4QQt!?$esAH|);R416o-|1@ulp(H}4hJ`RYMyp*?wl!VLgrm19pj
zHc*-h-(fbvlN*2f$uBfB)M*E?@yDI>)g-#)SMhbMHW$;})Aha|SF5>^JQDKs+b9Ib
zt(7K-+^rqEeRQv>e1CbORi#XUE``Jtpl59>66KCT>)4sK)b!qmypm5{w8pi(pTv`r
z+}zVZB4ppaP8&;4jq(TF1+TfNfoCG{t!<9jpGOU0uk<yGmeysf@Ij@=c;b=s=F8Xk
zoG564uRRxU-{PWEU?Hx3>#4YHK``PJh(y#~C9U%|@lXs5lE7m|A(S~cN;p97uf2&S
z+dZQV_t%H$aq8HrIZ*Ee5VdZkp{(D}q}=Ug_tZxPk4>QI-qKPabEfX={~o0aXCyNo
z^;4NW!R)DNZ?me^M(-D!nrZ<6BX`Lh&8o!TQ>*Z}8a}p^M4%YzJ7h;*K?o3Eh{#iM
z;by#E@;V@fy4#;5c_yD(MP7gpHG4PY+i23<wZECOq}?YJ9i^Jk3Va7V0MuZNsLHFK
z>zUDM2z9Rk)A_g4oA#ycm#iOZL>p<uAG*H{_-O2!P}JY6GQZsp#P+2|+AtXC^*2B5
zuI^GVrF>;_H|280y2b^xrpRJ-6L#vW4(6u0pd%|K9dq6a2yk6sN2UQf`VkO!mQeoA
z*_Pc1;DDGDkg&{iqP54x+y^k&(~BrW>|$vn`MMX-k>A2DOo{h1TRVpq+bCI0EHBHP
zendH^3;6Tcpy*Xi`Vk1N-8O%3s3Eg$?b_%<wJcChUa(j^7ho4B@f8|fj79Y%>)Hsl
zvU~swEN{zuHtyWa&Y>gESPNT0_D@PHGEKh=IuE;!UzO<u1oHSx@N7hnSx<?Q<d*rl
z0@6d9^UGBinZ_489#YNsvEe~UE{zozhhzz|zOynnpVG<Gy23@<ma+Tt*%qlu(CO$8
zrPkL4g?xi^RVGRaxk>kV6N}M>VY7eJZKz1(FV{eIq4WHP0_@h;T`2++766sG^{TH*
zU8TmLy1BWoOmdYj|C;;yqC2O&Ky+$BoDZxaJB6IWx!K~K<;t<Mj~^Z6r?%G2u)c^q
z9M&AM@SIQjuTI_~Hay;6*96$}Q<}AA97&UJIBm0kj%1<oO#@hVCld16MO+MlRqNTG
zIujE^m{F4*Q78<%?0q9^JByG^X03f&^@`upeQ=|@ltK|a{<ev0Z(z{jcpX0lZIuAl
zJUFxlpj#`HbkCOi+_E_g22_OFPw+r|h+W*=*ay6DP*@j`$1fT}!a)Wo6f7+1<GWKr
z0*1+&ShgR7dKuk4Ae)xLp);Er()QbPI5(Sm94ZH<TUw!&5e^0v<|y~Gl6+r?3j=h-
zZ*oalL8v&s`!jnQH^;Catbq<L6khfdHJO5;9ZW@p>6<)mY^<zG0F8B1M-QJX4kx{z
zPz8R=fR*4utAnz7<z0>v3dv*CWk;__z>S0s1$$X(<Zn6;s#?LwS${j|50faqyoHBE
zK)j^a$Kk0~`&*z5#=<xNRnEMg74$8HujRP;M_pNk@8dy2uumk&(A<F>MlL$;@F(m?
z)t>Qq4WI%U#E0$byFh1d;dmLsrobC&f_)Z6ExNk)T4g_}g34i#AC=RoQ2^D;=>@*y
zYPvFgX}Uu&K$&3hQqvDSnP!VxE3@AnwfQ@->2N+OBd5J}oG(F+!Tq`q%c2={lf8*X
z7g@Xx)AS*ix|&I~o6p`Qw+r&Ts@ppIkhWKhUX<=BpBh4RUvX2U=N@?1_W(briFZD{
z*rex3tI;D_+<Pv&r;Aop6*kcyuU0X4_zucUI2Q{l(WyVQ2E{RL(7F+G-G2YZtiRGE
zanI=X^`&B(<32pLOhckn=Q6Je;Ok8kazGPDIp2&FWJ?Er&(u+Pvt2SWWr$;p;NnA)
z29{2qpbG-0_&!}^N<%iIGdRbU1@`j5<N!Y0a)ARIoK;GWCq7pE_8N6V=Jf;eMr+f4
zz<LM*h{f3;W!&XxRA77z9db`wE*K{eCo+&x5pD02u0wIeO#RjS>X!>6X9#AlD1Y#{
zxq!O;rkCRkkzu(gNdXHZ$x~01zhBKBF`rO`A+n>30{M#;9n{IWoV7;@h}$Sj?uB%~
zrxJf9CcVA&@8Url;koN29~Z`JO*(trJ;uGZrp!*m#rLobZd3ZsG8a$hIrft;82Jyz
z50bCfLKd2<cWTo=)iXP<$>Tlxi=~J~`iQ#ok0!UT;h|gDAFo94u2@_tKgMG9k!@4b
zVL;udRQMz&A!oE~nc)(+d8|PWYTuJj1JUWB)aM_A^-ObY-XmVr_q`3MXv!jYye2=I
zToycOH#z%r|7VR{6dNkv<g(yic&VL`{S#t7<~1qKuNMZHjudZRzRRfZ+?rvSqb6KY
z76%<alFM!3o`>B(8{MPsR1gYSIWgLn?X{Lmq>N{(P<km+DVw!<F0p&JMxlXSU$h#2
z(LnG_BK$RpUnn}y5$EEv7&tEN2;)dJ`B{~EqsgfPY^l;4I)5{Qaa&W`Y3372a!N;W
zPD{DY5_UEMrdFAl<k0fE9zM$nE_}6FmHET_qqUy7<(~_UY!gq_xz`ZN9(K$TrFO3_
z1=>@2zVY|ecDoxwzJ+5xY}b0*j**yl8&$RaBo>GBpDT>pb~b@Z(JR-%mNOZ^kz8`k
zZbwv8vv&lE$>Ty-*xPGImINt;tE=p0dnm15dq3?@82||*!l1&~1JZ&KLe%^9$?!yB
zPTNplrxD_W<V2odc(>Vlf8K3(ilyeiFTd@If)WL*`JNsa=Y4!RwZMAQnuX|-yzTFz
z;1EFREZRY3c>fKEiPxWiQmJk_V-eCAWRrOwc$89`3=6>A%T`&cwC!oE#oOR%uqpZ+
zqgQTcw)m}l_LWyK*6Vd#*wmx!0fxa|$sm2VgLUSh6hq#;{z=!XrEU)wmg=B&ndOOR
z{@~&)D#Jw0=L5OPS>9C-jq6oA-$f@yq1^b8yhW{<pd%(Fs?GijXS@3v4H{vgD%6<A
z$yUFCAw*-+5s(ajy4l}+J~Pq^D!)gBL(F?z?eBVXS}k8q<91uwJF&AP9b?D%W7((U
zR2d>M5byz-K51;V_PrOLD~Ff7(yyF+;{r#WrqhUgV}ITrXN6tB)L!T%pYuuU=9=P#
zQid?kt<C)jpW06563IT7N&2mxk^zh#grp}ja8j%XzTbW5S~!-`p0pD$M0>w`-<f*;
zbta#GZ!G|D=P}P2hBq_Gp>75Q4JUVq9n=b|Sa2euQTR}1u#UQm-QDm;348x?Q_oO!
zxZqRLA4(NaRWKANPJFonBL`t$KJ_}4*Q*GS&-UNmIGXoMz1oJ3-wjRIcb3&He5!9h
zah5d1yl{Bh;1)z$8EAc)tg3Z)(^^omYh9))yqR|eH0^f(0H3VQyU-vyE9!pEIUk*Z
zXmR*jWrpZgk6Y?|Blk@sf^u4$TXw{iUN%NoSCX3!#eBT{OQj(FWk}uv1N|@@8ouyj
zvr)mmcevh9KsFzyUm`kiZiei^RyOZy3?+PTE=odT7<`T)PEHpLwmeW|PT;%UH>px*
zKqEJ;dT`S@ru&GZj8=K|S`@~V`Nc?H^3nX1DTax>3Z=1#_GS^ZAOY9In4g=o+9ta2
zg7|#>X1?3;3~Ajy>%6r|K=?S-u@}>QhhOo;cpUXoXsJgWgni*9ye#dYakYNdxbr<#
zj#E)0>32V8{*tE`%;9O&n+F72-bROvhTNvzC6pSgP*lw0pq)Vok9{KF&vGh*Bt(*~
z{lfvE6)btE)Vogtu)g<L73O_NvwHU#D&<xt;L6vVl{_t0EbRmTbJXBPI?6%txCU$C
z&4mv~G$w$pbBn;Kj!hfe=OG3r#u<iA8*WRd@&e?Upv|$d=ZD{LT$Aqfg8kU3DPbp-
z*{8m>`fhuJ_Hy+Pm^$KAga~4sHu_L7$<=S7VH^?EBcrjN+<MQs=a|3zhrRG<wtv@+
zyrcdtn<b0SdB5Bo!LwrG7%+TF%dOn2`|`}^0tdk)&OXv(J<Gy7W>}fT2m_Pw7@mKe
z63O3X=I^yB9p{Nk#q|Dqx%=CNjT(x#vA_Wt+vYEb`U{2C-cfe4z6`zInhK(SXh|}5
z8bva<b$BaoGShLr1^?**JgWsZe4!`3E#9f=xFCT$vPE~nPZaeV1V63ImN!qR2!6pf
zD)o!NwMQ(l+n$52@;!eChOaG1WZ90YU55ROXClK9#iB0M`{a%W89Ksl_H{Qwu8^^s
zwxS2BN!K&A#%S?MQ|TZGR-RW~Q;+6|9(2lwYRmjD8<zEhW-YeS0`c$*!C~sLAc<~F
z`hVam$rsIhNJCDt&2H3!PG?@p`J5NT?*E{<vaF~l%Iy$cS$A~`xg72qobAIu{DT*>
z5JCElH0M?NdGsGO(je(0`SWNXxOa8=vPu=VB}(ZEb|g&FiWtVP4R|Z)DQrr#G+F8l
z$}7w%57@8)_g<8NCE9J`dBJT*4O~$P{dRPGIuVL8rz#oAcV-t>b>g;SfgBEly+!#_
zmQ3DeKCJm2O=n8MJOQ#A+ZNv?6($?rvfa_YxBeb*jjeJXe`sZ#Ow7;?-Eo{rbJQV!
z#QCb*qO{&o=KdA?-lqOVYY~u775Au(WkKgon|3l6S4TeTc0CLo%qS$@p%;-&=bk^v
zlL|5|8Piv|wNo-%;4mzKAhd#8ETkjq=?qhUWMT~UyIHeXJ6%BHS1w+g$}Ciboj5>q
z=0C!w`0}=jL3Us7NEHAZ9YvSCyy?E_1E%_H9ue`hnkf?<bbGpQW^a{;u=@Q)!vp6V
z4!p~K?4E{=e#!{*$Toc)ie7KzN*LedD(p<1deZr+;^a23zEPX}(tf5?`+O(WZuoCt
zVRHlFjgAzUGMlg>_>*{rs0e>A^^kGO)~Kz?h`j97n_a+e-Xk}_>Q|9y2ZNnRcz7zG
zLyp(&dWg%351g72*Evosut`}6p2v;|^#yoe#{7OO;;@_?4>Tol29ZAJ#1n9M!}<Pp
z`+OE%eM^e(kzd?(wRz(FZ=J7T1VzO~v4RZa3Fpp3khe`Qs|<R)>C+0b!C6fPQ!H#1
zwU>L9AH0OJ6+M<VHJ~G~c&np!toC>mOPGuw)Feh7LM^i1)~6{DdDiTFu$63{A?Ld?
zwC6!uI26zBntT>Vi*XJ%)<atR-ILZ2=ZY9ySDjr`h`NQ-r=a_L-Ry<yXF`z=K;3#p
zv+=Zd@bqz|U7<(IpnQ~%=*oRXL4ow&49CM3VJ*2`p$d87I!sGwpFZFjobthY+k?I>
zk+${5D~%2E3Cm{l*3{`#rNbtichdd7;2iS;?asm1PG+h=six=8dQ?=}=5BySfnwFu
z?j2W<7%>(mgp*U)Sod45rYgWo1k?I9Z2?Z)vBt*_J*l{tg%`Pu3)|9?tJ}m?zQUtN
zgC=eWwf|Pt+467o-HhO6As09nPpLK80<yVh3a?sQvMPNygsyIinU0@xt8145nr9zs
z$ra-<MDC`U44*yCBTI`FeLi8iryN>gJ|OvIUqIst4z{~ocXUX*;Xk|!SE3wLSW?`E
zb`4z|uAEN@mhW*rmHOlboV*mE>`d*ptX`S4)Y=U_NNVl?k+BsCIE8oLE^Wg0Z;Z)R
zWRh+k;2_%wJk?DL=Z##cW+i7nO%I-PAB4MZZ2qj}S^J(Dzj&*>qr%_ylf#n&hXG8k
zuU=O^+}i3j-f%Gz5AfQ6@rR!{^f)?1>9)9(wVrlk1Q)u4b3tXr2uK{q@Wgk#RYluO
zTrqQbV|O6ulh(^S?SRRzkb@Yn@mfNf+7<5`{hxVL>@}N)vb3*5=(}GGcneS#sblu^
zH2!q;@eye_9~V5yBT$B=Me;Hgn#Np3fg}>8d+Ume<%vV>y;f&W!hQr0nx581ezehV
zgB@nW(Kw=l5pSjs%59rUO;_=I3H`&ymOo9|eYoBlcKCmX<HWI`)|O5IDoC&zlh2z9
ze8Ss3>;_qa<`F<<Y5IFK4Ua&<$5#BuSu<cFLCLIkv)8`zW@qektD@@lInKa{1q{_0
zi@KZK6(ui((qj;XzB{eFZ~$`f?LVtFP!Kep8-iPvlOukcuxH?T62B8<Klz@W-@80x
z+|tn*dM1SRgyysG#M%HGL0SC4);xGl!@}J5A+_LjP*BkML=QHJZ?9`>x`;y>iYCxR
zKxiB4a0+d&GKY@rxx=h2cM~xPS=beY>?T{Nq}EAAyc*e6*IqwlJqcratqTERk0PV9
zH2F_oE^b_Usn+otzkS=vL1{e?qDY&<c0k`V#b8JuSl_=H7hF%D<{vNlR9<_Z#AW%j
z>if4Rc;vc(L2pH*6{0S!7aD6E`!zREDMM%;#rN2O+6BH3iqA&?*z)8ArJo8cp@Y21
z)y50#ASeJto>*7_{Q0r?!&<b-N{A4JDa*w5%^a%27n`pe;X+FN7>juYDrYZQEkYpJ
zD!O?`BFQJgUO(lr+^K*LB}~Oz<2OIiYqqm}^rkFf+K=SVv*y59e&(NeCz!1^yC;K^
z8v+Ge5_hn9d%5Xk6a0SY${7_aRtI}zA+7cPpCUc$4R)79EfVgpaWFXNFgx^V((nAb
zH2?fW6I9JN;k>ZN@wJBIX>I;ixxR+CHqA-1v<hsX+#Plh`AX()-_i5(JP0P3dHa6P
z#4%Po!5Y%9LKVV})<}+V;VRO+&;8tu0c?HCLhgt38O|KS3D&u92$k<pEqXVHvs{mx
zpbMI8A{WV!K|e&~7hR(WU3RByU4+<O5z#w>v2Y%}20cm8wR~F;ysNsm*kI=&9rjHs
z?PkRj5{Sd)d2?*Dhil)<x~K8knq$+H5S?|BMY~!O4itxj;%fYnQB$%u1Y5OU4+2Us
zzazr1cR`)yafPL&iUyuXbzD(v0gfTlm3eu+=X6tl+2QhzCyxhF0kB2*#D>pcG<5=R
zH*R|tA~qj>Fi`<8!H~QqguHH%=X{SMWF!%g%7lvbE+Gb4VJjY+XsEY|`HOuf&E8ar
z>VDi#V6wvY82?CqbG^Zi6{>*8K$+=!F}il)j4*g@pkOq1`e0^cCWZ1@TS4<+)UD2%
z^H*;m?PcVgX`oAc9fyfrQ)>Z5qY4CxL{%@ZW;3ugPaGWFpV<zMIP6$9B3Wu^XubaZ
z*<Imc$wRb?MIGbw_C4v|Y>VtldP6t<q=;0Idal-ZCNE?d>pBj1{XLw`o`=)BWj=<!
zkIu>Pgsrf~Q^Tr{uE<r9%8-x}>dK$x5nzY4<^n>%%Y=-(3n<x4Z9v}-B3-h-kf8ON
z%$}&bcub)!3KprwD(e-`E1UCe_lYdAJ(ouKOprzWK^1a1S}tk8w6A@&0J@SQJ_;4G
z0M&A%Xn?fvOanN&QIW!3u9i=HG_gc(jrg~sCAM5U9@4`}IHhlWn6~pVZ{YCbZV#R}
zQd(A%(GwE?njdmF>hO2usOb{Tk<+pdO*-{Um7VCw!f_TBKRa$-vFCYDHZTHjyYQUF
zNrzFCCcnKWydhxzM67a2a1XjO9y9JdneFH}^B7@mAf{*^kY8-@4<()C*!;_LK9pa<
zlWM?RnJ6CL+s|}aDw!g|WUWRdbiy~xALXdSTUB=}(L=860<W+eTTH_^)_+;ulWgZi
z#W1W+yL3Da-&`-+*?FmoY^YIwK{R~}IL}KD<_PeRH1L1#g)6P!dOpm&gFT);@7`j5
z>IG+4zQ8lx@ln38&0t;|n<(LH_O!03^8m~_bq1J4rd`KH{pCC58IsHBs!Q5?>eW|f
zm3h9=8O_vK=fwQ-ExEwo!MnV*R+AdMLIDik0}iMr`*F-d5+P6iv;enymtQ`$1Y3+=
z6RUS3RRhxnNeL!DJ|25#l`stsb<r^ieiSh#@v=>sDH<NtW_sv9VPAq}di(k-8tSpp
zqFl$2D2yn<r}*4{GR<_d!Bu5XJG#O~_Dix(lY#0ypYBxoC%TK%beX}F;;-)Nn)1;#
zv?!M`Na=Bjnx95APR4loo4)Etz+H%l#l!k}!tgvIU7I2ysLbn<l_`3|K-jcg=hdpN
zYJur=mCUx6j}P{Iv2PVVGj>J6)^YR)l2%*G)Nlo(gH4PhGJcsw6!X)9livw@7;Hci
z-#uh_-YjNgrSFsLnw)PSTXm=dcJf&7J{0ua6i&`R*^a2REb*iLB20z+SM7yq#zxZz
z%$EQ%K|M=4f)mF&Bay2Wq`v$~d#OG870zNl&39%5)7%`ThE=bRW*1BS0Ib?{72{e=
zZRmBN>%I76gB3!H+|uF+o}tWo8QolO&fqDmzvPoni}cJ!=jSIRn+n~i%BLT%^OmVE
zI$z8qi^Mgxw(3Re*6J?A$k%aU>#w7bMC4CByn96N*y743kVku;nVjY{&hH2(-9|8Z
zmy9B!`>#8Zu?L@@Za`$#mC@`9FgR~#-hE#^!d5e!<(Q;BVgGy3(hKg0!d@Ygc0S&$
z+JR6?|I&kI#!YZg)MhQ0V|f|=9!n$tKd#;~Dz0FQ)(!6NZo#E-cX!v|4#71z1a}G0
zKyVN4?(PuW-QC?@=bZP>z2p7wvAcFvtyQ&Z&-oQ4P}H=RDx)VvBpNJ{-<liIqhF*O
zHC6~|42A<ACg&X_e&fu-`}^^-*!BC$gw##yP=uRBIUX1~^2Hk@IZp)_f%zv<HJ(<1
z9Y(RFa<H?pe<3ah-}&(x_iOR6Jbu;iQ~JWwva?*R$L%H)!z_7H`%=BDtCLf$T7OcN
z(k`AZ1mN4O?e}=buG85lJK6EbNUN3jwz-+X_(L(3wyBdvZPLq3w$|7Ne^fQ+jcl69
z?|bRmClgVZfnvuiW4`}t+3fzt2!gtFMKV1V0JuR{aFN9<_90+hnN(ubw$&rUYIjZd
z{LXeccFLAA49H5e5RI!<FEjcaQSvi^;17Bmq0Y7qf-o=4`U4S+@l==eMG=u3u{=2F
z73343?>h&nWK$T!L{q?aNj{&#;P_U0h<>b*fvgC{(;~vk4%(c=o_A=c!(A`?Rr1%N
zf<c6CkvHxj{o=ClUJ!BpA1=bcFJ+_`jjQ&Fw28&TptDdC0yA7kt0|h>U=?Uc=ttOj
z2fy2N&LuK+J>gf|Up>dsY?IX@XEj5_Y*Ezv(-A56P;bL9QUoF`kpEE!O5TprSJt;z
zCkcKm?G~BodmR^2T}k(mB2*&wa&7vs87y3OCw)j8iZY9)Kfrcr?>pUbK%>17`C<%-
zLyO1=<st>07k;DO16xQ!`IsoFKEw-CRU{l0<0b5U0jVn!kuEks!lYWVaTWN^+ssQ`
z!>8Q(8N(c<kKr$b+Ic=(e($G-t6Tk~629aJ-L*;)$QvsMN4ih%+bI6kPaiP+u=xsa
zHz{50(aoO|4t}QfBP8X@4+%<lroF`eZ%$==O5Pwp%I`o3{VLO`d^Wuj7ibob{Bb4z
z>)`FE40?4>Y2WEs|GRt=9lrcZE3SSR-IEY6y*g0Ami_Thr@R{HF1ji<x$dzWgPr2I
z_ghKR>kmhaSANC&KER*FJn*HU>L;UJCa2p7WeP4}j>0bP`pcTr9Lgvn^71$&LY5W5
zUYKnF^=M#?am&o${2#)$oo5u=o0r6)qG5t^qw<npx1U@x3ndLFzp0CdAv50;v$|CM
zgv#V^>KQ*iMn-OS#?4t3s7JK;S#*k+^eDMHnH7}bKW|RtX;q<Mw2I(2mmd|?C5mN<
zeH;?XHFcW5QTH5f+ya^WHAh@X7!yykv%WvSZFM%84c2nhN+x%O?4K5BP5C?zMUf2C
z|DMvVOBsERQ=I;W&U2ajV;?GcebZ~p&hzR$L{&Yt-eB|XMLw+*p3M0XIl1lB=KDTo
z^5>ZPNZ!QG5y~7}s-uu@@?rMJU2!PND8bDRNLN=p0(TPQ{lZ~9M`pK`)pl7kVzl2X
zYdl`?`F>_8#P)L6g=6S7J+s=}*f}~V2mVj&I;tW?R48kv6m`mf9Wd|E5G!<e#I0Vm
zJIzMIlt7T>s{}lLmxz-GZa@j_-5eH=6||T;cQM6uRX_*p8f23-$){E%S|%i3q|qR_
zS>sBjo2^NFux|8`yir6YP;2SCB^wKS?}Yi}`8vj}iTJ0!U6>_O){`ZfHwyFL&#7U@
z)r7KyJ;3`tm$WvHw~b_*McEYgwl4S_<%X>=B#I=*`W>WMu8iA{FR>i!P=Fsd@5W+u
z290fvGsOMGih|RGPv35T`JM6lemUazdSOXOUhlqY$EAjEMM&ca3pR5Oax5LIGRx)G
z_=7YB^~-3Hq@I6`QyB$5-)@~>j*Cwb4={kC$TuxhzKY1aN2E5eup}06+=eqIjghE9
zT==-2tcmV0hU|Gn?n^z;eE^?r1WoK6a&>DT8VFY^j~tPmU+c>yU#p;aA>NGUd1-0N
z;^ksj#a_zH?eAZ{c?v&P$m_O$t9(1l;`A<^uHE!qwQ+tffKqke*k=8){N1ynTvc(i
zE+zVWRStL(?N;#(&Vk=TYq^+RC#$*+`LE739!zxddDvr$_1MBFB*%!7=1Z6Sev9q7
zmrl9pVGG`v*<vmwYk6}q!#7<<618t|Sbt#N_Oa4Dd$uijf?ZBbiZk7RB`Wfc@Z#Qo
zf($ns!Q6q75nteu>)h2~)l*rl*m#U`M9FfPs;dKp>>y#Lo>cs4P>rMo{wCBAvl57J
zJqy@D41{}}oj<KCc3Nn1tPCV730j|{(G%RCUw|T%>!&CYtC3yXdgIMPf0KL*DKb3N
z=qKl@t*K8p0?_0H%VrZziqN>Ao3tNS$)iXQmX%?5+{hXSmbhF)i1$;9)m6IIZwbPq
zC(gf|Z4qiAma0QQCYJYwrtY`tdk`1o`#%R5Jh5FQ2|VsID=xD(t4)|x`Pcd;07zUv
zNRmi1>a~|3HOka>M*h!BMCiU`ESU{!6ajIGp~OGU07p}h<g)4e$RXDanirP6crQi@
zo!Y*CF5`U9OeHZ2Q+-qrar^%j;`w7F&?re_&<HO$fxfQCR(-*|msOsoJy$Q(Bq!;O
z;D$*k1IZCo@5uWxzM|t#Dm2@Pf^oktV!e3wlhn-Ko~|`f<|t}IxovgGGTZ~jjEf8;
z<A@nIKOUMYvS5qPy*AfDK0G`0{X4!fj$F;JNz5y&zK`pctg$Z;7^4?%l0t>;G|u%T
zR3>*yd-zMUS-8qAGk~;m3WySn9U}j?YfTs$bZwj(?CtLwI?p>eT~<rKaPH-G3nwUq
zdazzz&zrK_x$XtjP_6yt(R+Y`azu480q&CC{U#yp!W**=M?a)UT<Ue^@%C_z_AJ5&
zRp7n`x%NhCn6~+K?A-+oj(lm@>hS;6{Vt<xg0Z{lXY9X}l>9x!<oWu!g?>Ltzmaw9
zy<cMAd3)M>cw(vx5Vro@SkC<kORFA5Y=5)1Upo~q=o~u3@6{yx{Afcm()L}Su<SYG
zd4#A?b9G4RlS_p-gI&rUe@WNRvELqe0ikcad_0)455tF)V59Vss`tLc$68rXjJOc-
z`e#QpO{-DUonTFhNzfi}T(JOHTlfwo{-BuJq`Lo^Wr3ylO{D_6meTocqi}>fvPt*d
zx=-G<Bp(8W|8K9#Xaa}!MJnp_CCD=3oG3vfK(jH2=a!V6;*dH!czj!~rwnsf93<pf
z-H;iC%s;%x=`rhYe5lRPG8Dq<FxtLfE9QT-sq&qDG6Y3F31@DnWh}>p$0AOp)@;Iy
z_E?{$&lPb*Ygt7-p4yU#S@L1YJv>IJ&XuqaKkApfcL1kzAWL$iY>PDtgA_#-UKm`l
z(hLyy6c2@|c?&#hs6Su(_;1!T3s0_o?DU6%XF}LrkXNQKX<1vMT;qi%14~SJtYWdi
z%Td09v}tB;?s@y{r1S8TnC*h*w{O22zcQn$86!@zGeGm`sZ^2c=m6`_a+lS3b_ZkF
zwng{ztUk11<nSREz7Vn*LGL>Fp6Xg03!?>7Lt-I=g((}OI>FclBg8@<#`YkbqRBa2
zg{X=Y_rMEh<tBsm^iO5Zo|g31R_Aof@3U(|vS`*S`JTj^soSlcYRCjh5n9}kba3h_
zE?Lv3PqRk#=7!&&myDIKNT<#3Ecrx@_<ZL2nw3r#fRtNm*;%zIbXJFijZr?Y@tK99
zDJ0sQ?qP*B->e<=t1|0qTL%LpH5_N~%Gk^0A1k(iN98y|=Ra#_H6iw{)|--775Td5
z?_9KwC2zKU&0^gb{;D85=DZ=U7|Hnt(gW3!eg+A8#y{KSDjczevoRZq(9gU7Wc7bo
zw$wcg=Clg~L!yKXyNPxNi68wpt!~KSUR9MltubJEq45ZbHj)%N4!>#V;L;JDV2cDm
zAOLf4hpQKA*rRKQw+`*l$f9;+H!hkg=^BJsQSo8vwIXw3s?9kC3}6habCI@>C=gql
zZ*B@mnztW8KHvEjoO)R-6v(wS-lAIX!vBv25W#ysR$RDBdz|WMERf4cUO$2}FqF)+
zvn47KZaEax!Er}>Bf>MFaV$^5%MGB0VDq~ps)Cr=`a?h{CptvzUA`Yz8?mE6#4I<&
z8=<<7Y>tX>QJTD86wK^+&TJ2(_L4y0ec6yQFO&#FD9eZu?)$Jjbb=?8gnHSR1S3e(
z_G%8qJInmRTvV}r6^4EDlXHv>f+{Gy*Ji39-){PcN~iBmx3j;civa*}gT^`uDTIJW
zdNaSXC-O$EI4OqGcSX>x!FgU*ZOdBePG@Ljl~HR2O8f6cbu{^*m{j&q0uU^{0_@J=
zrF;=A=py^`#?pqM-oc7|HK7hvhd6ol3iFw$ihp~_<_TF}rHU*}Nn^%jd3UI-mZhHH
zPU_AoH7nQ9Y1XW8*C_Q!(wdi5(zx&{o40JTgC4tnjZGj>{Aj*FIU^g>s2uG!s8vp8
z`yoMRnNm8B(j=*6vg8+(J)j}<fT2nE4#q2EkP8&TB+&~w_|YBS$%%Hj-zG?BIfO);
z5af<erj=2hO<1}5W3=?No{4kV%0RUTHb9SVv4X!Di!Lfkb@Yf;BNm`WPmIBh>3M?2
z6DHqtjYzctW3{NEaXM>Cs>xox7g^pt-Q*-_ukxdkVcPx(hnwnvI_n9l&9Zy|?ckB0
zjfznV(GjcE3ZT00Hgz5<owoC$+fX~XSaXJ98ahVjs0o8*VAX%G^>*~*0%WqE@#L$T
z<2g^2p)!Rs6)>-uZ3gMm7CI9I<oV;tKt|)NwH#BF^Q_LOwc<DW`Zw-TDR21Igu~7G
zs*3MmkPO0Ro+uUR$P?)B@F)RwU&j#x!Js4}W&2qOE_LSABE6^>#nqu>;O(;ZzsxXq
zXM3%bIKSF8rBeogrIP?*pcNllwtSSu|He<nlLb}eSD#5(>S%PzDhk}IKi_75+Pcch
z$uV}^23|SKQTdIFZhF2FVW<bQ{H;+J4<j2ViutwAQI2P{1(A;}4l{pmk?FM)K|N8R
zz%7bF8H9JBoQbsl$KuBLdxN)&PKciW)r0fWBt@YzU++D@kERep+Y5uoI9nBuqgwmp
zY9_4q6Sm>k-6<pAY5Cn@*d;mFQThEC2?4z!E|>hrN9_fSTJB?slkNyIes;&#izNg$
zdCSz0(LPuW?B(4+(+3^if~t)BYZm8ywpp{O?f1QgLYsZ^d%njlryJ@CmsmRAzGSI~
ze$r~qOz%H$dz}%rx5FZ=dXMGJ@i}Kn3A|g86w%9nCYCgoyGw-$L}bK|MSm7k%wlW*
z7MGDanhnM6PhHPlO1@*P`593t$;)*8$9rW+fot6i0_nQuXeSksxjI+8db~gQr<a6u
zs9Qnw3h8iwn86%%o%IS*VEjX*5c?G<+KOmN>K&63ELQ-DkWVHSAB6zlk%tu0ZW_yy
zMji%2Z6jRLs`vLxJ7Fk<a(SW7tszc|0h595@iWW;*fPrf`?p~X{|5(SUsLdb=m%vD
z&a~zLqStR*L}%UDl<<WK`#dkm*h~-O)&9vJG6bQ9B;vzC?o(`@EXN|o*=*jiIx--r
zgPkt~*!T_FezDJA(PL7S7x?>K<ZZ;xAT{4a{%xdh+JP#mC1SxGqi~V>{sVA@p~>Jc
z>mH00=At#Ef*$#Abzix)PG1D|Cx^g)xvwC0FnW2y<|F0Ct8y|^0QMkLld9;Nz|eU5
zYw^ZZxHXxoxjlT-EvcV&-<Z2=Mt|1IuFu*xTcS(68ZR%_aBl}=$VZ6b<(#W<&2ebg
z1xKsKk;{;nm;~D%;z_Ock`MPU+#(wXAPeoWYf3*nilktny`Z~=<;nQ>lPj#|#R;E2
z?FyA)4~Yz7zzZH*QPX7798L<|iCNAJekgB_pkl_&^!V-%*NE+>|4@jpdG{Xci&_{4
zxGCM?dE1$e4ZhmVD-9x@mo1dgB{vPQ?#|WRAm~eWo;9!AP2EqoIZy|=racUOSI{dj
zBkl7#7$Gj5LtMn+XHxDmFC`=vu=qpRaLRep$i(J<dBJ6NY5cB^Fqz1vPIcMf=I_0H
z85S0uD0GB=G-~NeQa!p4F^HT<uEC4IK|D4&d}lys81^Sx(6}k#rZ0?oEGsCgP#&uk
zVu-S$Tw+Bs%=#5Vi9u&;z`*;Zn^3<4zwkYXx0f{*QCQ{et~jpFaSz)Uq0oEd%~P|g
z-VL*>o?jj;lH~p8Lw_(5&jjQW^;WDmfN{vYRsT<3t>kk#aO#pxc914iXrb_mGI9)#
z4>55%azI{R(BDa-@a=53u!yE^bM18abXKX^aphaoaq9#3oDhZp74%g!zbG~eF}t>X
z>ory4wY+G8i2Pc-R1(^<h_|Pjlc}EY1}jSl_B%M<!wo%P%xQ?&Qu7Xp-*vr>m^WXp
z^!l45KKgGVO#};ncAza$8!dOLLfZf|erHBxyoeDZ9<TVz{kdgk=Fcx-q=PJcQn1Y7
z=!3Qy`$j+#R7G`cU|LU5*q^l4E~GPdaA;hI?r~Lt7=-UYH(G+b+_9YgP8#`j#H(j~
z&2p{m_t_jrnv?>G_+A_&D4*_-P>HPA=^e@_HxfN(Q-MsFpR$7Nya1d?*v!!+A-mzR
zF?u&o<23bS22{EAoX(E>{W!rF(Ga>k0k7e(*5GROkQswjWMF59>q2D%hgyYw)Y#&P
z6_)nz7DkvV^)ez^Jb<nI%sxEtqN477QySf<egqTGR%z*dA<lVHpE_)<Q&Tow08NNo
z5=!NGchUGF(#UU=^y1f@;$EvF``E08JW)xc6I0EekJ5T%72^T9ue$VIe6fVKk>E>p
z!7zqvK>!G*djx12-#N<Imu?jjS3zj-6(R^ob17qS?d=>E-HG?DxEaWzIhMycq*y#=
zw>~4q^jj}7hm+sPC_-}+E0GPQ>R&5h{^k+uU>oyXfqb%DUT?Xb-@n_Kf$ExFIKhL-
z%zPiH^eGNva~G|~T6sG9Uu@q;CHWksUW?0V_$<t4zIYVrd+UZsc~Ajng76-<z%C1J
zAK>(_z`5Rf;@Oi@8s)mW{TI%3TE~;A3s)?Tb&X^;A?XR-LX3*-yK!@;lIyQd9}6e|
zE6m=bM{M;@NxnBwawoAO>8(LjY_~Hig@fsfaL*#?ol?s^;SXE)89JYHjO;zIwtwVi
zwx#f-5#snMEU$tD{kUg@F*aJJrnFAu>;uA3p7z2D(LYKE^oDVKNqD|o-03^CVb>(S
z=f)^AouIc{ug)0*?CP|oVe>lzd5nko8M^N%M+XJCm9y(1R^V<3Tc1=Ox4Ju7Fn?e=
zT#D86tbo_k-FF(SGJ4kdDEZC7-3t?hQ9C|1jyH?6Q40FvZ#Zr#whfXH4`-8D(;}2H
zblgel@Msojn*%!vifW@%P_!kEQ(Cig0R+{H$U2K!=HvjoaeyvGnd^uf_gF056EyIy
zHiCzm6tnb9+yZ$Pj;Rb#KvDppWrjNlK{9&?d#RO45R4-R5{_M^7doSHB}LTCe7!(l
zU*(iGw`drBNW+gkqnv`*_#MA`6+!-IBnCiraXSw`f`GMp3XkY%gw=l|&nIOckoX8g
zGW&<(1@1k7`wr{vkJgG)$>^6WNWcoen<)3asDP@{Fs$Dk#l5(Y<aDv$wN%Mtr=Ery
zy?G?oF3Q4K?z>xy#&u?A_4p{8`_mU9HO=Ad`EbWheEN;Q`%gHop07Km?kOLUU{AG5
zwJ8e-=1{r@y&^0+6`m9n!znLe4k=PeaU>Xay<1T?q}0cUNjSD1MKRORJt3S5p0r%G
z$=<!zYW37+FxswIhxg(nlAWqQ?kGl=s6b4jt&E7G-d>Mwfn(O}y6MroKK6<M+pWxr
zIM}p1mjN5$@`SMXtRHLRN4NJ9vCl8qsazhhA=~AGgm%?U?vXzF$XgQeE3JFca2R}n
zQRc9O-~*4P@x)-^LCEaGs}{N^VOP>c6?L(aJ{J0CeOt2pz#x%m@809ND=A`rik$E$
z;qk@gQ%$;l*@ncXWHD6s@}3wM_!?v}ws!*W!4;ozmZ8-7n5MdS8kpjgw1xNd)?cyU
zwsXiXPh1jJC0D?D-CYH^19T6C<d%{v+xCMU08WMN$He{ExR5-~hUFkab~*t-zOHbM
ztJrpVhe2athuru1;PHEhr15Zc;&VoX6t1H8mVYH@YT80Jo3+^kAZ~GKzSRhO8+~Rn
zSukC1G?__vP0w{*C=n?1I=|~Qai*5$^c&tmSWe`+b+};n+WFbr;~<%<7T|dTda_^s
z9tDTdxPBo(kGM-I$jVs19<xf`k2RaXY;J;>Fv?x+%Sb%QWW9Vns@uh741!P>%C6<c
z?U^g9b-`{a`3^W~^zL2S@{_<KGqTUt+U8}8MN|r-Qry_QK9xXmAzm8!!i?mFE8lH0
zEAM35;}y}1Cy!``a#AYG?$UTxg(65S0)IPpN5SNm_VIC6pNeN}ZPYj{|Ci_-`mjB?
zo<BCEc!m3sILxbPpU>YI*YD!;`aO-_kNaYl|EPm6Zp>w=(X)}gpqL3$EW<QXgK~W8
zIM@#;{26TQm(5reucdVA=SSHwOR9J@)e+{Djcil!0TKWS*fDk4K5rjhzi&9XkEwBX
zO7A`=RMxe||L|a!w}v0FFt_#Q5hWCpXZZC2_a2TQs4ZLF|Fl35XY*`UK<4YRqCiEW
zI6HYzpS34w*8Lg!9;`fOcsrZ!DzJTMZq6DF5ozl;B242TAC)9IMotN`RTy+qv){?7
z$eJE$Q?*E6$L}~mT*{7*rew5>5%6M;5rG66g~vr!=H899Fx!7e%W>Wq>~fO44Vd`&
zk+t-+4YDf6N6V6jvJ%;AEd2hE@NGfG3rHT%G=WU8Basqafj~huWk9KrO~5sj?^|s$
zia&zfNX(rJJhu`|%=ld{iLw5OXUnPr*qQ9sK3!DM$)eu%@0;Qdn>stXZ|PyWJV)*u
z560zbL_fdUEn9Qq>~g{YEI{xoN!Z|bmi9|Y)c(9iR4_?yl5hOhoI)s3iwk1iuU4E;
zj(w|O6)A=(MSDiAy}OGFjO@G%q0f^=s@5T{wB~VmX%lAYC2tL)lM26<^rF+pNwIn?
z`hL!rv>cnX|5Ka?e1sG39WKmVsDEfL04V})QtE|IkW8~0bLB&-_ti}!CnQK)#@t;>
z_N3ziVD%5!jF;b>pAVyLIO{__L!Lt)Tdabe@Y{Zv2O~8#wAv0I%*i7dSP&}+Z~+Z1
zR`i_M<gyv{hb=u&6o4*Eq-SHeA2;yEe@CO^gqU;%N8*wE*>=qYxg^7?qPn%bxuNT5
zfGZHksYAfnFV4(#{<>a_jeyT+#tedC4m$tyDBsGp6>%_jH<4uMY}#KuL7ntUm0!$m
z5q8muKUj}FbFCE96h^UtcN`L9*4!wH6pQn>)ET}egjL<?x$W3O-U|$Tfq7JJz^qF$
z_%WFmW+nen12ujRy~>uIR{y2knPcTu_KHI&$&Yb?{T`=waLbcxO-3mMWx>wz9)hxq
z-ukD)V=K!C?@GT*Cy$4lHp6fwCZR*SP-3hek!j*7`yCJ_;eWt3PK1B%A{A_(c$BJ2
z!eBqgsb~I-u7g;|&5Y5GPi1)4*<XXlp^sMqa)xTIqOI5>pJsBG##vlb?SYdCu!LYe
zXlPe`r%zcMmi@Wp(q4zF)}B6D?;E!uqSD1NKZCp&?j#n~#d=(A@g+xAN+vh=XwYtX
ztAo!jfx9O9kj2%Cz>qz+!qk-Y_1Pnt!rR*B?vslL(lwcXFYB%22JEd^djx_0|5{59
zo*pNheg?MZotL37=;=!+`n){lw~)k-Y`@1)s-`F~0K9)<B00QstY%%HnhX`?*@`y;
ze&vY^gCOE*3ag4h4GXg6*(Uf#L)+dkl3b`Qh}DP3Rd-*`ihQ=uEPoV_64v5O!(j>L
z#7&h=PmUZ3ea9UD?33{<JD*=P(5O&8W0Td+=9bCk66a}7s)OYb3uF7Etk}yXsRGZF
zlggIJ&EO7_ls@oKJsmjeAZPF8SP7bj<hiXC3o-WHweuoF9oS%B1<wqKbnFhraoG@R
zD-X^p@=Z(*2V%ptIS<=kng}#0cP+~hA}c@>2$uA-9a1=j&K`StPy=O8f_L$^Ao#U4
z_ffS+`+insgo!U-AM#U<4*Y|T?Pm3rMToWJ#tCT&_JopHDmwKFZ4M8_)f2wS^KB`c
zkM{qpOv+{(<vvPfMrJ-ZW4?Jm(dzo{Hf&k`N2+=|XX@zxR)GpYuJnTsv(kn|-IQQs
z5+tEx!eHjafsm)gz4_JG8jy;=KkMm4X%KxDLL5@^5U&)JFvVtWCbT-;w+t<WpSN#C
zea3JGkfN|g6G>i1$+~^2f9JzLp@T)j!K1>jp!i)u<VT?g?hN<ja{~q8hOX_zck(l?
zB;b%!#C61VC>@ey%L8c2J}5G?v*Jwpz(A+i{b3G*7BQ-Q$!bd~8BhF3$c6Vj?@SD`
zRAW_11Z6a%<c4ftP%!0gByxMvEVlzgH2si|#3KfBJzQo!(_W65pL`Xu%r`#3q%g%h
z0|G^(YR9D-YTAEN$eLSQm+V6r(8STyW-!H(BQ*NtjWD|TR6zJV6;Zo|++)a*7gyzr
zJLfQr?G=E|6zb0C;b~m2WcjwD=#roi=;Z$Tq^Cjf)IbJt-1nrg{*im2*x`5Z4)_1R
z`g6$)@&*Jc>XqxAL)=4b*7niM?QNY!AHu;>&fs=S$7oa$&N<D#7U9|2v&ZCOkfbp{
zywE;SUaH2=i#Ey>i|F~)U#zF?C!s>d7>N@}k?kZpvNPu(_!?-AypcO`7$!Zo-Kjkg
zj)If~kIBFg+b_l=;VCjrhPV$y2?_Gc4d##M(U^ekMmi5+WmVJMv@m%Twi|^x%MfCU
zViH^BndRQ85DS(ByJ3uBTX$Ow$LE$dcUZ}irslxj=*u4&ffYn&yu^l}W+-FRQpZkx
z@zggi+{5^`>d@7(A0--N5;7yh12=RNHUr1`SE{EU9Tt#8kfjo<;;iELd_kS+xWDJ`
z(G23CRIL3CRbu`k=h5<f&~+?xMj6VIy`EpLt<V!%1u?GidkZR#dj)oswzw%@{TG*~
zN_G++Ln`54WNT_hyEvfCe|SRw<%QaZe=((Mh1sRvWq-l&voitf2M;z!9*Cuf-~&=a
zdt$;R!6zXzC~yNml;s@@24+G`FLAPML}WzpcH44j6lmyak_*J}j6E@<NH@jYhPbHy
zeaHHZg)k6HIRt{Sj3>pvUUqFJabePwC+~&T9>f-^`cWTqsVE6Po8`ycG~S07u!4s(
zD3}-rqckaBN4v$eU$mYwsX2l~lzb~UtfTbD%HhgZ$^ptBjv(7ylg@p0s;VTW2C$=N
z3j|i-jKW{~N&S|$mZvU~9qAS}6IzI7AU$Lmu!S=KKY&L`cuEHBl}V(+2PPp!F(7*x
z$*u>W+$l4ukm`_!8NPKVu|HiaDBqYyfR3WObW#EwxbSHv8MsVk`spItR2YM|0(J{A
zfR8Fqj-79a=l|r5qa*12&&rw}k)zonSfBrct{T;$T45lNE^t8G2&%`-gzh7SM4D?b
zNFwgoTlcL5OGbtuK*5Y*3MKI;kt9hmeA9+rrVj-l7}~126G?x!dCJ!_sp$J1+$+Wn
zvIxk|{~ku6#DIbyLyyFd#O1H$m*tj4_SwmC3Ha7fy_OrCSDgTmWrW9<g^NVzS0gU}
zUFQ~Y8_RdWObI8q<X4J&jeVM^Bw)S32@D(|I9)D~aUg)!Ue5_q4atMF1G?mfv4)z+
z5o@dWK<X{$bE`9k_A{Pnd^MGfWAWQ2Ag-1*L4yhdl%OM2^@}A?`D2Qe*E6)4OpAd9
zqc}<>^z}-oDGyhB)h12+Vu&Qw6eraD2DJATA{!+hJ%FRmpsBN%WHrYySgs4l`c+$Z
z7quU^?{h*TMf8_y3&}h_0?Y~Y|KoyEz%*KfQTqFSUv)^N&i}wW|4Yq{A@BA`n*d*;
z+61?7zytW@NCzX=<?FVu2@#H~1S_LD=K41_U!>qI-U?qg-_6L`p%BOxwB3meT};C-
z+O~(95g<G=mxl|zA1m$WMKQ5TjLv#D3%N`j9PW2Mc6t{YZu%A3hFCinj!BNqh8Rz@
zJi6*_!@PCfS2!%Q+T&u+IDgvu5o1^Vk8uhjU=o6n=;~C65B2`-i^P{TPH%^b))>JO
zzyxbr*g72dV1acJ()xhCWnaUHbrBM<Q}j9#$|%0~jxqbtey!%tee?7J=MHA|QJfvG
zrb~eN%oLg_+J%1Rx<ausn-H5-!4$GhtDh7C@;yMCNVxb{8h>c+1yCOj?K%<hTUF~|
zwEQ>|$eO*eoJwy_n`G83*E4RcFLCB0n&D===oo*xrq{5^<U0&u^>|^n^B|eAj+QDW
z`cM0B(O_S3N<?)I)qA<!mAa73n6B|p>x?}(LFN;XkBJ<dC`>qA`-^Wi3KXOSdm%Zc
zIA`H-%Z%miAw3Zkt&K^lmJ|)<@)LsR4)FvbR0~fkha>>!A?>;0jz=r2<t;ZmDrIn{
zKB)@#pJihyAYhEkK-`pI3?#%f|2h7#OffMkf5h*1lyWM_W`DqTd~_@LOihS0T5s!z
zP5bfBz_9`ec3Hg45MXzMF3l+s`s*3dSxqjD-k0;!b~O7s2UzmpzWg+{2X<;nLnFYi
zy8;>+A)E)|&XPqv&x0H4Y`u1NpoQ9V)bYPX0!h<D6BG66V(GJQLzmFoZrSh*0z#Hx
zDt8x(@8Qd?$MN{?4I*P>Icb$%?rs|Uo#%snBGA!K-afPQRfPH<S2xEL%_@;{OIh1h
z{hAj7g^|(Q=4vgi+@?Y$3uuD7D+Srg0bT;fv>+rz1<$YC&aD{9b?I40TzEE25m(Ph
z-L&CVCL+o0aI^^`)D?{<WO>j;pW*Rdw%?vfQ*As*<$~CX2J*Z7i|7ImC5@E}1_wJ(
z?6LN|hZ!zs;=%s_WI!Q6{B<A>;IPHKR(DZ@!ACqN2<=~H=`G6Fx7^At#I1*(${cB3
zz~8r~4Q25I?dan5A|*Ush6Lb=iisVA=VYie%>c(v+I;W?#YAhavkLB^v@rGl`}Br2
zO}9K@xBtj&^%xr&q#&teW5+yADg$jkVeRG%pQXPPGT$4s0K}ce^94x526OAO)B6wl
zM$MI@ZQwM3<^J-e7>=1Inh7-4N80~3HcK@UkuCpq)7VFTiA+}PR{6{QI!iRf=d?Dv
z*!AJYXZ_Pf2P7yG*PYxaREquG3W5qK<nCr@##--qFqH>#8z`4mlr-$-DC6=#ZZbyu
z82mDAl8nW*9@40JhaNzKO32U2naX|jp$xB6$|b-Ou1fQWfpsMW2dz|R%{%=W6#s#2
zKT330TrkvZcrIo>j7W4kyFTxyj6GfNo+F6TxG@af@JMzx_od~~L}&bnbPf#+(`~b;
z$Q&9Gu#Bi}irY7wsa-^YihB>pn27AdKa#bSFb`oQaS5fiY!)S1Im7DjJ@Wb1`(L~;
zD&)!@=@Bxm%s4x!7eM|c7f9vu>PqA3U5psQ>M3+axlW(TgsKZi558@}zf&nb+QbKP
z0yK_=g@ug(RLVG<S#Dq?fItMJj2Py^<w+1`{+1$|o$y_PkimCtms>qM=t+gx(2M1n
zk`&obO6HDxy}i}sngaYh@QZWqI&z?W3i^Qj|F<Ec2d6Pj(`;1m6=5K#C{HWm*TwH*
z`NqQVFBbVB+l4Inps6mv*7$8rPySP>{5?i>lp~FHx;(sP!4015V@)0yze_vzQNH%b
z+IUyte4eVQig<}hR*56ILBIUhwGR>?=Jk2hk8#HTylp)Kc<!%(ECIcvLwS!>p;wM*
zf(;B}LCdzLSy<IDk-K5Jb?$A@0Et8LLjA*HW6q<d{Wqzf2L<Td{vE-`hghY)O_dWT
z6(^lX?voM6CA?h41|ho}89Nia{!^YDslyh)tXid>s^8DprA3@q_mv9L1rR~|j&uLF
z4FK@=V_h}1StGb6U!L$52}peM0Eyphlsus{t^dFFy5fRoTn`!PDl4O+m|j$W3&-OF
z*UnE%%7L_RT6e!7syYuAR{ydJca*B|-~X0|#5Jp_eOeUY{gsmXL%bVpi%?cbc<p_s
z!S^4c`*n-Z<-fMGOmHx0J!DVCF2oty=16&09Y}o7Wmp8#bC%Xv5m28I1$mGE<0*k=
z2rT#qdblB9a73#0qexCf3cm^8S#uGHX&&1rct8mH#eX*uOmP7^=?zJK634rOi+D-;
z#PN!%-5|vIugGxQ|7|mJ%18qO!}7QsHu%$+jRWTv7FH0Xlj3lMmO{H9OP&Yo=|lAk
z&va#Zehu|G(5^`e{x?4U^KwfjsHwberRo|QBb~1o^dR_q1IZ)J&tQo~r+;+x-Rd}=
z|6`1kqX@uq1XW<HAQJ&S^@8BVwJBWc)e$fB&t}LqmgXV7|2_EcKAP}$Syfev+v&nc
ze*}hI%a3f|2Nt2X{8MhoJn$u_rJ?^fN<ppoTZq=(yGT(LM(e}yzT@L>RR7^-J1+%Q
zZF(K||0a@uS$K>*pf+WZLg^nBd%1T1+hlOLb`5za*c#k-e!76n9CUJo|E<nPrLacF
z1e~_1XPvM1n*G~-VPkm`Q9G+$M0(qxDYyk6zWje)tBhP(UHz*=`*mo!PTgQ^U~UEo
zESdDU>2C;v9>@KGbT=9RH3p(5PKQgJG*=Gdpw@?%<^sz)T*D{wKjV~%2bQwjel^|Y
z?_UDC2dVqwCk!zSNZ%0!Zv>&f@<{fdXi1r<VA*H1$qnNAbc?E%xVAZQ$~QZsbUN%E
z$lm?$tN=v_2{?^E&CeFXNaLi#mcQ1zpZ|#h{ok$hX097WNlk+Rf5pJreX~9)5?5aE
zOUg^*f3MuD7E3{@m+MmWLEBOKMnOxGP2-0DC*VO7O%&26V|ehJ`de-8jGvzhn5|HG
zo1P*8uY>5qqGlRxS5f0PtftmGU(q<v(uD8&YZYn(m8zo)3><`-l{!ofZXBu_9R`|O
zNvBc90tH2#vI~nEGS978wUu5CA%Ln>M$@n}0L4pO0#Vbd#Gq|MA|?({x=RpZN7qch
zQeptS0S27l#m;*V`}XJpmVJ3+N8~Tjf;eaf82@!h!>gN%YCs9OJdZO-!Lmt__03ZR
zRv7$=G^|L{U`QOjw|%HcC@jM{T2^u^-P1@F)z)n?z-rg{c15hJuT_-vot+Wb`RzSo
zZa(sE{FGkexvzk<stFStTUN!GB#r$Lbg*Dl!Y^RjjCfL)Y0Kfk_k7k_JeEZvSmK)e
ztvaLKJP*Gm7PcM*oUmP2OUrW8*lwJ4R&cFfuaytn2d=<i)s!E#)%2UF`WHUvM@BBK
z#_f_`4GlFiE&=!CHU51x9;@m<d7Q%V2$A<IhVVDuvVI0X>72YK7M0$mJHMTJNl*2X
z(;l-Z!^3-Sh}<CD+@+xK&>od&y)zpdbTUC7Ld4Pi{w+BdoLU8M97o)imZuZ1MRQwv
zk@CC`lL{_9{+~00BD8Mw#O!PU=+=d3c%xaz0o?O|FLt#cmcEA?ck6@Hzf>IOxj3wn
zVheMRPZox>)Kkg90Cp;80985=L&zZ<DF^SSnZistg~_LJpnRcT#RkRdnFuDqi|9WO
zeO?&Hub}E6geftDLPJ~(Z=sZxq!}bG)5Un^AZL(c?aX72K<{nV<co&O<6NM#yUMkg
zsw<x31evF2LzvwN9|LcsOSU?2oL7I<E9vIjGDih1ryqx}-wWD%V#;RwL8)pNL=v>(
zF}YP(W@_m#Ei(@9>iqdsLCCT8`N(Mh<<P-|NA0@Y!q!^P3ge<PD&bM9UDEY!7}zeH
zsMi=&T{H@<YzawuGgpEdeqN-eA!SBI{@3_lX6nn?tYtfx6?{X7TW>C&bmIWpsl0hS
zLzq(%+V*+_Itp+5FP4wyDP9|<htE+{)sHjM>sh5HFYp|vN!Q*mR4V|JIgATOax7<Q
zW<v56_TlV=x32yLCVHd-g<4Z4w8!%RzHQPt4}$;Y;-Y`aUJZ8OsvOo)T`r`vL>Dx0
zGAnZ_bDrbOg`-o0ql%iU=|^b;?TryhoB+H+^|FHR?G~A{&ZowlUeO9M<pymt(pnl-
ziEgL#9EzfJi^m8oG(!R>g|+T6<%`w(HrO^RUbMPxdYgU*Hcn%7K-oOS&C1G>+KxC+
z0eG_^yNCGqA!71(Z<K@?G*dI9Yg9H?NwKYic_VqE|Fp7|;@|oj+pqy|&QzsMS+>9k
zB=@yxGWc|p8e-wBQu0@{V9csK#L`TqjN|%kb2o8t^85Zp@=jFkjIMOd+-;s*ZBMh(
zTZz&41%1M6df$2V_zy1f!h6E^T{ZLH9WhYPAur$xxkN5~flgW9J=$^EoF*}DZqCXI
z{6`dP->ZZ61DwLfdiZ=Ky|C_7B;r$b<YU)sOia=UBuIT;xzaT{r~C0!t(T{;Hg89=
z!Wy+R`^-_sBv{g#4zm@@f>ZUbGalrwONcXTwQxC!Mpuirv)e2<1-{~7Z}{a9E|eYa
zop)z*-T$WlR48nsER2HR0;=m~hA;ZeOW(}X4ItqEAv(8@Q`=rvnM`J!<nwVGt#ckg
z=t@|Z^ODKS8Lb|^>>-$@oS}D!-#gZwlz4e?G5#Q>o#V=cxm)3UHi_;;6+?rEPXx3q
zt<HFkh%hK^##*@UF&-lU{$6o%jBar=x})f*@`zYy+$Ab~jh#6ZB!ZF{|A8P*N+{1|
zj*2vUNaqL9Dx&}hkF1w&{Oq2^l*=N>SJKA4cxIOAeP(+k2BZ-PW)2m4%F$M)_u`ok
z@KgY&mvBFsJEoy+?h#p#cIy{9Zb=r@TyErxXH$?gnDML9d)0o&{*vLyS0JmCD2jmJ
z!q&0N{CQk(HO(|zIi4!qd+_IVk9UQv;08UU*1IZ!wb{s9V62+g(=~>b^ZV=17gl+t
zeYIrX`9tM|#8(QH8&y%=D#AEZCMfFBLYvux<QvO~wAA}n66PwY+@!lTSudPBtuFPK
zugOnb<bP?v&sg-ebV_s)z85-leekkOyDS~al_a1@M7mF)EQ(E8&xY0iQmOJ*1F5g%
zoSbT29HdiX9bCh+scp0>{swK9nYGzT(NP|G>h70%8zzTkc`Z=K-Vs3Wm~C7fe)Q|A
zb*gGsR>oJ{+Z~8P`;Ju^U^8jcyu+X*3U+w)R=!Z1O^z?Ky7o)cY6_*`7!bz@7scCd
zl@sCv_t<&n5t8K&Y16F4xIc)YtzQI?KQjE|#Im!wykqaw{9Yd!8(sU?<2%Ey35tR?
zUDv--tiu0X|CNGOOcr{4haYkC#Abcs8YP>VwfDD<xdfcsp&txbuP0kbL3qe-v7wvu
zam}A$0MV(&9-jZH0kjre2|bw1Vhob9wQ++XI*GgmO9A`_MC1w1bj3AtaBz3i8xQ6i
zfcink!7gmFY~&k!>EyF=ELSOl147P@+qC~M^Rd><>Zs!HQ1-JLxsRIM5;-6PcBveB
zz_7WHo{C5nGQcnsIaE%Iar)h7zV)<9*1z>mw@DGDvvTf!9VAtsaanZrnVr{vrwkzm
z9}2<PrFKwUReF4#KUNyD#E7P%Pjnt0P5WizmEB%8%T>)2zz3>dT~LkUXziEVt#6{_
z04YPnp5m3wC-`Yy?Q77wNeEi5R@sQ%Z&r3A55HBvxGJ5D0oqF)-phoxIa6V-&v|&t
z)tL-Q<Ah!bm-Bd*2C(uEiCfh!ymy|H44st?^JMh~TK9e!XTnrYdW&|U-<{PdjY2%G
zGy1=sGOAX5#b~vB2tBO?@?Eq_Rkq&HrPUa<+=%-%+zg*T4%a4Q0i`TF+w~^93>ghd
z<!NeSBj^P~Wq?=ln*}Bby(k~g#ru!k!ChC~eYJV*qaFyi2gEoByZpJSxJWTUhWjTP
zwPwe%>Ds*K^52NF>5uiFpB+bSZuZJB7y(+P{7PnXJD#^1vDWD-gol$lOF3C}``dn~
zh+`*DcqAJ|-Qvkg2x<ct&r%n2anN5+BObs=nwQl!;%P}Hl8)7iM*}I%4^j?Ps8<03
zpQWQ4U#sRD3gku?%ybfc%od=;a}wStYy1v2Ud^v-=Ou-5!I#EFd0Jb?x<K}B02~4w
zb26_O2tQ!y3@rYMY=sNh_+bcXg<@_49C5i6EC+Cu&+bo(VmP}R0NG)X05uRfx&&l5
z4T5P+2JV|D%FB&HW4W%^W>WU&Z_YDnEnfgW4;Rlrvf`oWg_Ld9NY#d~7C%|FS&o+F
zQijtG4z}VvMxI94M-KIBxE%Ys`z>!n?^hMw@!SJ0h~(+|&SU$afjj!tQr$57`%xC7
zYomTQnQV$ctXYHjf%|v!yLfcZmt#vaU*DgI1gy$}UY|ss=Dn+`Dms+DvXSQ78J?=;
z3%w0xz|lOc{h6-MFAWQrBVn^e!}WN#=EFHZZ#MWa_TKSs&H9J!3M}l>+V5t{SUqpr
zRG0k2&pK~oLy=$aa1H53u}3W*d6kg`&*hg**N)5#OZ6DL-j|ikE>?VEgd{gUKhJz&
zeDnqyK8hJnI^=+6V~q@}&VXhkQ(NYuPy_JXTXa|%Y2V=Zl=$Gi&t3|+pTWXM+`-t9
zH8Ctk1pn^#DSb3>*ZRDj_+HQu9}}h7_RI24cb)Uc!T68M%xBOQH*C5KCeJ4^;gJgB
z;<y}aZ%5@vDIBm6Ud2Wi<t?f1%alt`1GZ<C@Iy+(?I>_$F&>s5vhsLBvOAonr>zsX
z?BDChv#WaEo^Mr@HN)x+MwZ%aV9s(A{xC5nNzhgNDWd^8Ymn*bX)zks;!0q-g-1mU
z{uJP=wq8~2AEYMZ9!4&fU;0M2*mNeC!(P0~SvfSF2Y>gAy-XIq+T+?J4cAgc)rXz4
z$}pq?9Uv%jfmC0{s+odiy4@Qx3}6(qHbz4x;)|@kasK+1lKiooi9xpo*?9UI7DFxJ
zT$j^$swW>dUh&|CqpW{pB_gTcV@@+k8b2zy8q@SX@7d!t-<;cFjYd6X&v>LZxjIC=
zn+ao_(@s0=ZAVtSU+8qEP!3E-g_aWp?E1RgNP2n2w5JI}T5RY*scUM7rO9MSRXb10
z%Ydr%{(?jE9bU4b9T4~aU>!{;gxoVTtzT;vk)+~N6M5jg*f_D|yY(lvS-Zym-WgMi
zot%<Kq)<yUHL6e!7<pcYFhc&g-O*O<IcssY<oyMXwgVEQ%%~opfXlXjLu`oorX4OE
z5l;2-fOsP;xopw+6v#M?%M2Mo{v){EWwO=T=jHiO^n`x;>mIvmR)PjER2RtKHchyW
zFj8Zz-C#lsFKd(V`}ZDIs!3vp`@CxTdNa|rOh-W$@X=&e(srd8?fE8y?dwMFx;H8|
z2F0Z}*3Qn3vca!7u@;H&xG1tHGs^Qr!^g#_A@?HCwP?OlWMpI&zt!`>-n`D_qmfa!
ze)MEjSZ?t=o)EjDxV&*pd05s}2}%gPkn*7q=(}>2yn6BeIIyCb=uO+Szu<>KgGGcN
z{IIjRIxfC-%HhX-$LPJ<yCfN!ZWn#qJ?`4-coghEQv#CGGQlf-9H<a7()6ad9ORc4
zfrULf3>F(Q3=DFtDyyi5e?A@o(C~?3B<eN?VQ#gI-fO3>&TgxACYm<Td_71{=;c&Y
z=r^`0mB++yV5Eoy-yAtRKljvN>*}qm8D}EorDepjqcLsuu6Ygs>#=tQR{W1=LdsOu
z&3v-hdk89CdczSMxm-)<Jk6J+MG69j`w7WxgznRwT4Rv(em}5Py0{jA+xIC3;znky
z$PNaPA!7?hr!UD%?Y>+azWadGHY+4fc#)+VZ@@<SGrFe3Mik1X7oJ1ME6d0G)S)sX
z6>%=v1@b~MNk@>vYh*$iFt8Q>dpV)U_9ejN@`J+TassDj-w5v)MqbTcBFgoPzu?eC
zjNJ8Wv4L7GoOjRI=NrrkxM;{<@tpeRFKE|Jf9M5*Q4X0f8<L1TVVbrZngk^!tl>T$
z6S8~APc!BG@$cP|Jx)qe;&qi7p4&qsi-f-pO3J~oK|;VhNO^vU@PDjQD{H5QQ9~{&
zSxgO$HwlSar6PSkh7GAKn<cU~Ypwj9XQj@J=p85O5Bend^ns@5I`3KgVbHtkf=yvF
z>?n?K9T^?jpOf*knrm@4P3S|2%%;U-|G8_sPbYh4pi3xhYuM4}>Jq2MPYcY%)J!zz
z<O-fuLE)xs!0_{?eONzoYQqzvP(hP>G|p(FmvX7im(jwv6Psmvd#Tnp+p80^sPzsv
z%iEZWJm1vG>e8TaeT~lSYRS0Adci+FbpwYW1<>254^!=aO*bvR8b2*0H|&Hd=<{mM
zu;~NoRHMTBYscOn=*Njb-?UFA<1^dIdaJOvzrQ<B{237(y`jx=sc*aNjoM>8qmzR6
z8)YLaf`1yf>KijmTWk`IEeQ5I(u3Na_2$~4&8bh82;KOL@L79K)&7RXlm2LG+M6dM
zYwuguZgVwy<^AX}rAK59&+{N1K3e`gpG3Djd&rjv?e--;4QwJYUq?dpyg<k5Jh1%1
z*uEc~E+nN0kGY#mGPr#9;Pze5-&y1wr6KU>%*Zj(wi6-|p=OH|7aTw<F9C~}Blg3^
zS^!y|b=%EKItwd3n78bS<FZ7e(-<QcMgIx0SK~0cE24Lk!yqeJ{5*&GljDOPrbbKH
zNBK{(qjhS6{7@uGa|vRmR3}Qwxb)y?@pLQG$oY=9yqP-aU4STR-U+hF<+h19TpAs%
z8_K4Wbbaech_EveOB^hG3~G!H8l9Q@`v6Y#klUhRZoM<bQ0&l7hzp1kDYcwip<UO7
z$m6S4<2FSc&FjEm|8{Ube4HJ*=O^a4JO`I|Zt4}YMA4VGxbA}ijY1sFTqd^0z0B<C
z+Q?uIP5a7)W?eGSBL-9BHl&G2#D|Zg*agCXu^NmR80rMF+CWxz_~1h$5=P(cVanqQ
z;mrcFe*Pj_bz*M%;`?Gw!9gx9FG`r|F+Y*Y%#J__C1s2dHL#Zep{$V+2I>kfJpui~
z1U5%hNkoF!VIyifQIk2gwo9f2in&;8HVY$VP0owfLq&BQ5()bRZ`kC-3HA6^Uhd|B
zXvt8urt|e6G}FPYlhdw<lEk4%Xm&Wz*8$OoZiYQXV%i%?V=WOl$r!w-)yr0djzm-D
zr}kSGDofPL&I`$YC@z!D9ty{XyYO4*I5OouVy>?klSPs>*QbDE#h${H$$+v>Oak#X
zuJcldt@a2t$Nf2$9ptffm0_V)l4+ej7R9UA1v@Ud2wU-ZtMVsU1``xq`jrE-W150u
zYPolufK+a$h~%`G9v(5r^Oz=BzlkO9t@!30=O$F$ANE80T82SRIPy}#9mp^P;zl#|
zaxARWFl<Fiq9RT;Rv1L#a*9LqDf+>ShHupF$?Utm5qT28Zud%R7_l$jH?#L9%SVTm
zDqgqPWMqcZ4>AhtvqBk(qGc`F8(Hi($A({zU7AbLurh*C@m7qFmgnb=P0cQjaDNts
z@&*qU?uM>ji0JK#l&`vB?mDxoD60m>S2IVa`+#XqWygR>LOUIvQNd3UJW|4x2R{5L
zhCVIw3TuB#O4RT>b^?8pM}}E;6SDo~sj%4d{U@2thQR9tb;AAMUk(4b=%|p#oQX^m
zvfP~rLHc_?(8?301sPL-)+bRtT<Z!I(}?)Km~gqHAPJYvp-6KCr{-q74mGnHCphyE
zDV84_KIPcUH>K(3R-E{KLyG-vY=%8A3h7rnLWaFb2ms9We8`d%IyvOL`kuh20N!!k
zE6NSeN3pxpRTSTs$G-9~|DQii2co~0BikS+=PPY~;LZUco}ofmYe?m#oiRscBbC)I
z-Cg4Xgz=cpgPJydAo$FWZqtfC0=}sjadK%G%|2A*9lPde`9N-D^P#+lMN1YU{v35>
z{7MOriyoMd9&cOL(?&8e<lf>xL`=42@?B$-v|sg%<uJ;EL;GgE#Rel53z*Ybq}k~N
zgFXI^LdbetwztHIImaE34*vGK9#?I;NX*h#GFYlHrg9436QCWTrosqGi@&}7lZLS@
z-b<(6F;KEV|BOt?FkB$-oQ}3a^~Mo=Di8|6Y{>&^!EWUzn&=k7%`F;@8NH-*!>med
zA^l=FV3yZ*y%|vozKq3KoAbu(h?k#S^af5!My8~>-B~8X>+V<X=He%ZT76adou2m7
zwf7%~#+=GC<_97ks>C1P&0uRKM|J7@mKAXMtzbJd-kE@mI>AkcOo0;zS<%0KC4`)G
zoK~9+(6zt3$Q%1|swbzw!^Mht6%grk0EFcaP!UHayA%4JM-5sli-b28lSgB#lqBgs
zIBqqPq6U8(|Jh?Zd~XW5ifU1H`N|sHOw70A=Wsl>u>I@ztVW1J+XID7zsLVW)n7)%
z(RNLsaBxU)2@>2rcyRaN8r<F8-QC?GSa5>7ySuv#?!n<}?)N$CJLm7L1wB_!_m<kV
zt1NTgJxKrI`HLS3TQ1j0OV0eYP%(fg(MG$ua6~3-UUhM#IIwgTJQbWNtTp<sV_Z3`
zU_+GW7y2{ImIhjuVp=h@OuP^asg>3V3yTlMtfLmp&<qN~2%<^N^3zY3@FEgX>MzAg
zEp6m%zQc83=&M7?yNZ+>RAM#ag})9dMO1p&4F~@gk4XM8QB^92j}CJcgnXD-5s8RT
z#{KT>F%6;+GSNfHFXXU+w@13bT&2ehj=~BkkAzeb@3o18`|4#cYVgv;NQoRJqyFBF
z#p6ji^E)moVSAL<%RK^`Tm^QX5OM_hFwWpnd>lmcktPCeuoQw$qX<|v2Ox~%6G#0)
zCALdve#fg}D0GIKV^YE*wUxHA*5c#hiof+AQsF>kfd{_?Fe*F#srQKu)5^iAVE?71
zp%<1n!mDiECjZ?hO2|!)()-uL;QrhTi{nvW3WrCykisBDTvFPXjQw-M1ObI}<a6wd
zP1DS&E$TA*^q!H45mA9GUnZY<No~wGc2_L(k<aqPXs8OaGa}Eda+W>%${k~Tf8Y6+
za9MYn+QDY4+GG;_oj?gZ@MctD3Vob&Y*3-WCz6pkjNp1~6o>@ln5};e`$ib3NhdQi
z^C(mDbV6c>r*{V_xmYJG@$82kiCDa*wqU!K7z>b5=vM0e0O?rlh>qm|d2Q{myn;bE
zMwvc9%DR8!JHee`dB~TBh6Bz%(x2E9-=f<+oWIB-h!}5nfU@G~mx4(yh6Dhq@y(`F
zeRlId$msZa#v(8g2!{HGSm`BtU!n%)N-^_F|6o1p?+(}AkB$h}EMfmU;`?M)ieifH
zQw5}N(d}s=!Rt)%6r#EEa_?*W{%{U{Fv&l7P1{f3Vo@n36_4}1^Y_astB}Vp+57s0
zB{*thW050ra|x&E2S%svbcgw1_j~fI+K#D%^0eyu{JOWXGS`usnUuIxvJZX7c*Wzf
zH{<eD(md;6@855USdwtN&JB!Gorj?Wg$rWiv;99$lZHU91cv??;&LEiitqE56%^eB
zgZ*5BS$o=}tg0RCiftc#kwiMl3Qa^5C!Tyb+v<`|YlcJEJH&MADV2SOu}H`%Y)pii
zLc}Y-k%uo=f4zD!1kI3JTU)CvD<F-S<|;3b()0TV7QuHKggVd6&(b#+nPU8%NM()R
zy9;czgOE)cZfDjSxRnaU27@GJshjInH`9Et$gGot`}AnK=L5WhuZ~hihss#+wWPcq
zv*(?ZAJ)fm^yfF!LJ`N%!IyyDyp?|2;`d9^>FlZ3K&6l@O}{BMN3~aPO{Pn4&1|p6
z#O!cS?}4mLc@tjlgycz-sZDyQ=>#wt@;M5dcHcnxSw?sM95gYmDE#P&&Ut*f;carC
zCv`FGED+8lpdbQz=3HK!iW}0285~wP6*r%BP%s!eEAM<E%7mSqh(9ZjMa|{xD=meV
zeczYZlS=hlJENJ#<%4z6<P*|1RH>%G8RD)X#nY=c=~Za!H2jYL)~%HV6{PdKU^G1?
zh2kthQQV<Cm5v>K!n(aoC)6wuBm;Xnd#x5L>5tJ+6`+o!R<5Y2PtezrmDKjxK3Cif
zbM9U%HmFLE?a>7l{13$Zb-X=!Nd|v2+T!zwY9ajaOyPhVrVa@X$+Wfvp_zf{CVOj4
z%zgcUYsHaUEWX!wih#P#N~2lnhC?T>oZl;)!@h^NZVOOPtBPpSl*J+NgTo|liloUQ
zSPat8Q6VNB=QmGZ5-JR5IH~xJa;@)Td!@B0Qz*2p)z(u>ZmE0?e@0?EX1kY-_R~$)
z^HoLfr=to~o;+|@-KWvt^XzYN1phl430tVUb+S&wH`?n%%(C`S<DT8=c&cApmDl{L
z8Lxa*XE|1O*DQh4HhH6cuF*HQzl!wsE4b#KXgB_3ijO$}Jp3D$Tkx7B4h~ZC;F-5*
zmi#p{5*@+pto;qQ(aw$R(9nR-IuVXVb{so=<YGbqkuT5V(Z8YED}y9ual?hoNx`31
zyPs_-4=430E-JmaIm{+2e|SQ-4?mnDUs_JdG<}ca)wx=FfK0-^cY;{AJD=HVh{g6=
zXSVX1a9Evo%AU=U7F&FbtDg)ptGzle$@(YN>yUF_mn3!wvOZlMG+0}hlB89is9XOd
z<GQh$?0vExE>$;h)ufs;yV}6TnLNzA5%$js2XDCB;^T~7GMk5Pr(tf-9*%AQ4!I;Z
zv)FE&F0%euN<{?HveSYKg~Zryo=z;ic2v{SnXHZyk-d&^73_lOb{SqlP09D|L4*xP
za}M|LV5iNK3lwC#A-_FjH;{eXy;{j2QM#u$#NX;>%FzOz{se!%>cuQ{&ntHN8)k`o
zX#lyD+tRt)0KFR1&zgT{3&{dEXBA;DxDjTwaKt>!roR-1{a~gL{ORc^;L4|FjoMz8
zBdI9YC`x17PaE#suyltnZaqY`_KZPZ1^v9k<fop~kGkHagWm$V9z?eEtbyw%!<iW~
zf1XszklH_WH$QYdcVOK01h7cB6Zlox<NbiE9hIVG9Fr3g--z{pY@m8+kLx`udQ>Kr
z`4Pk%CM!+(`l$hGb7(rb6R=0Xf`kW$_B#*sCGuTAGJA|GcU<2$cYao%(XUsCUBL4y
zq_EMb14!>6It<F2INGz?#CTRham2pd4GYIsue`Aufi6N_WCqw<bV%S%QOVXujLK_i
z&{c{b>m}?b*J%Z#Zf6qv&|Zao_RPOAdCwi9n-8a9_=;;1QzX&--(O~C03MRA*1Y$B
z=~+`kQ9En!duujGxJ~HF8&T!dJJ=8iQ3$ac!U*`^K&1l~<TTW)4Q=hp!U>iC&y}S<
zuADYGe^Qv=ZOJu>q&=B{9qN{cbA1bQT(Bk!3&kq~LGACh`m6b;FI(Dw2L=n^j}h&P
zB)S6)p0xKoX8O9#4xFRwm06VtXeqK<ChHo6xP+&snQ8@m;v&n&Lz|^K!da81|9{=6
z=JIg#>zu_Q?0PF{*t$SsroMLmw(mrxCG<ifULDszLCZ@|3giim0=^0UFF}`At+}-1
zAD4a$0q*qMy;Mt(aQVzUvaQAXh783}?}A0KBI*6&aW>2UqXi(HZ54cwzyvBstylL)
zHbmgf5^hITrGuh~XoEPfk8O`19!BLM@sv%@ZC+SMnF=iX{TmXHC=^jtM9a_5XK=mL
z{Z&zGnWqje?PG8@hRI3EJ)CjA=6c>3Gh&f#c7tDe3qV0R`hXQWXuY+u#XEnVV5Qh3
z8UY*{?1Dts@>6?^UCfvt1~&!AFTD`0q118I68EQngjdoOXA$JKmRJuC31nrKR_540
z==Y5gs=pNeE!FY0T<23;2&<IVoVgT#8rQ!qetm0B$1}BG7_CB_FeZqj=W|WB?3jNl
zzU?>g7wCcjlU`u6T=E5cx51s9oLm8IovUt`i?Uy&x=$H<aP2<%6(+bvUbU{-W)}G=
z85t3P_xeKHeDtFU@Weepfr~<bFk|wb;q+?M<!Gfyi@Zt9(?^g|W5X#uIKi!m1V2Lr
z<-&2m#rDq{H87Zkmo=l%Pbac|v2$Qs9IZhEQ%PgAsG)jpR_PI^%OQ>>^>=h!i_GoP
zh5S_>3NM*hCJ~A#&0oT^W+Ol%aAUlMoWn{eS6xKFj|LB}BjUT#q+!#JF<UG<m@5!)
z2{^**@ATc&7!IRCLPP(#+1}p%Rih8(e7fWZ@O<+C*}q@ax?sSX{JfpEHhwS?LG;Rs
zx)VJO%@-QgN?~Vbw(y9E8UTL%U0l4o6Y*Vz)aGy^i;|vt;1Z>`#_h(~X){kK#I_p>
zlag4HN=Q(!gSwo<;Nvbpf(d={0{6HdPsI5YY!^UbusrE(aMF#i)MA77xhz`uXd{iE
z6?uhQawrS*&(K~tlt*P5GI(jXPlaB5c{FH=7(=3NI<6+RtGWv|5IUGfT1QFTe}+jI
zvY(Kf5*3V|$e+FynLol5r<4^PW=Q2*j}@aNVg;TOjQ6#ynV5ucJ922}=zie%*T`zZ
zcd~A6$`*-h7Ub$>%cV{qKEUMt5-<tRv)Sx07kBRR1xw}eU=x3HJqKijy8*}b;D-m-
zu^c{v3^uEt#*RC>z@VT~S4Kw0rFsiYKrT2eMcW<jqVt{Ccr4Wqpk_nfuQ|lDgs2ao
zkce)bw_Xg;RJBC{Iy{(gaB$(2ynz16heTwJ^O-s;d}dr+UT~rlk3EhElRWTL`^kuQ
zA$Q3@-)c(GGtqv2xs#aaF*?+W32#9?U32*keu@AaZCfR$hnD{p2a7zGg+#c4t<1Ed
zT)=#DBu_^*x5)`bI=B3!3<nbNz5#jcJYe@qIA(8>n)g!$8}@)THq*&VZET>2#^lnY
zLI!#(BAEGOGMz^7)RbJ(5g-SbSLY}ejVoYjNo#IyK2@grJra*g#S98?g;xg@22oEI
zt5gl627&WZ0lLuz9m9+U1C&t&yQ(TGJAh=LVtW7FoKoAvPDJ<`&&y>m)(>lL-X~MG
zj_36YVoFNb&c|^ZIW4WI;RK4tuN}``yA}BvctDI31dfb<$KG1WAUR6b7mdSS20u9v
zOs2n6-8YNIPiJ((CS>G(-UT+XptU?Lh94;A{3>=M*1Te9$XK5LS_cc}$k7*ClMwKY
zB1?yY!aDwh5jNH_uJ1#YsKV&!?Y=YS!<REx#pa};0`MN+1_)fefNN{%1mELc!ow9H
z&lDW-;iA0#bW$~#NTqlQ2x3!L5Wo?$2Hw?zPXUA|2CEeo%gqkFZh`Lb)1;)NQW+$Q
z?9+{Q4e7Tn<eL)tf<$<3o5od*eMT;5umE2h6b8tt#s`<xwdIIKQYrZcG&|Js819D*
z`nqSO(f6<8n|A8VPNf0goWOZEI5VXMUo)9%`mM^AL?J~OcI=W@q$;TFcFXNhd)B0)
z%m|q;8Ntatd_;VO+M=SOB)L~0>=mHl@J#lhVPFa>8xYGD%Lo1>m2KIw+XA|pdM67N
zlHZ2zqYY!sJ_PK9-``&60l<C^M<JledY$tH5V(_b_9jgpqhV5zV%yUOWOFf@=}qv(
zgoP=4hKNiipn1=~-K&0z(uDSN_~iFV{;-j4{e@wfhL)OIfsL^43nRe^$K}_Drcjw;
zwEcV@Sd3N@oUrF-uHt=-rZ<C^y-n3zolEp>Lz%R_nb6=T@;>sQ{LLxSv`@PV2>ImZ
z$Gk!H<PK{Mr)3o$Iad$6<tExLBak@pmiVoGNclgF-=PEdc9V%@^(?EfkJHI_dA$?K
zJ@^ECH_<nV77mZwEsi4Peu_0R%ne-O)Vm?VX!Q%z43CbECM8F+`NB(yO`hMa9kLdQ
z#EVzpOOX3WCHNg(|MHncOoJbY14k7E;v%$Pr4YZ*d*)ofO)4I{^V5<VGfr2f2O@c~
zGb{-6Z*?^?AO*{H-udpmX4{K!rvG@MCnZcfU^vzl+<POhf%H2FiQiZ81&vLkaJulF
zrKMJWPTDo|K?F@h%#1u}ij@k1C@kxX;C0_-R6(=o1ealOQPThlOoU1rA)0<l82wDB
z*oZKWIrdpHG6w~ksiuIw39K-5D@D)4cR^7m9ilCXx;pZ-THA*dzkhD<>7Xk*BMM^9
z6=}%3#-p_8jm1Srb#8Krxk?>ZDY^p0F+RC9;k1wP<^dBNDA*Qn*o%KpBPc2;paKeG
zoNIu>;0SD1udMsh2mx5$no>s07*5FMK&P)3jC1bqmQSM%lY<AZG;$%-O@_4*KlPUl
z517}NfAzoT(Z%v2L!d~zun9tw1neZO;%2}fiiVI%Xr`T=CZ<j7;E0VoCaZPKBoovA
z63;>AZ}Eal!k%TjYRB4&mtfJi7}Blt`3!w?fsQ=2H|{XHdfPa3a~8u>Ww&|LRM6D6
z!Hbtv@_$(p<Kv6Z@3P+q>In&qcWb$<7s8L3F?85$^6uyNR7vEzD}jlJNvQJSYqK1G
zPE<`Is=6lZ(GUDRtfLef%S{yEtQrcxSz8XaGcjP*IanbQ+)q2ByV7qoVFvZ%o~uGb
z$}qr}+~%wi2ivQoU^hX_z;p5>`<avOFDp=7zI*{QfB@-C?q(*6qP6#iAQ=E6&?Bt<
zH<Nr-mPxm)K9Hgo@*^}Oj2;V?h5hhfTvlbW!rCM)1ey7*l1|v*P8q1IIF`0W9A^Hj
z6+bE{e_!ij&RQ@QcgUOY2V5}oPZGBv(qtL)P48!`wwLSC<NkeCkw{PaeO0I_^=LPO
z$zD8{4ZpS*Zj527=yWs1`6r5WzPrJS4V%_K|6ECC6@BP>E$PJ09nRhywiY1+eE(Nh
zW>SG0!#+sGG2c5;gQtV+rk`T?-mrk^)~s$kqC*j6I!^kUWj9=*s_iDyJVHpBdFHA)
zr73L_(`t$c53UvRss2+Y*ccq%+e*zbCySI!hp2Cs_5^bAcZn7MjH!B{=v}IJ%~+EG
z^8<v%#UHVDf5$49scg61Ox%=75LvQI{Az|=cz@k|FLhF`>Uc6&X40Nb?^dMz6Q++0
zVuCCQD(dV=OiW}0r$nfRg9ghXoKlEkV__+&FZ3er<;X52@;!X`vL)M3VMpw@!=%FZ
z(2c}z1*OWo#hGteSGO>(W0(zSU8_S!jG9c71$Pb~erLz#c!30~p)1VceL7>#Lg#ZM
z7lps$trfBoTqMzzyKo<CHHx0YcNEd>6($yWH`HvP{_z8|^J%_n?x~=hls#b~#jjR=
zAOHr5x{(!N*FyqjPNgtY)SvG;k;BhQ$ht5Qd_auQ3gdsipSW3Si_v-{jh-Au?%KU#
zr-&9mP=8m)fqWHcu<DP<5;N$AgM%O6sr!|6PfVmFEF1b2GyTy2pQhzolB%}y<BZYg
zn|l%64tLN!P+;@}C0OD!PWCP<Pz+ruNo9ZJ3O<tD6Vb`1xaaJ_H(DRr<Z*bgd*9+w
zq(~pD1#T-3?$Y55`eQ(YME=g{{@=qFglKojFp`~5cDkq7w}WSHmCXNGOVioyh<P9P
z&@=%JRV)U=FDY8iY9^#UDrO(b-^*`wzp6h0wMXzv7DoDkG4SZ*78B>LhNP$Clxw%E
z(=m_M)^6Z(IhU(T#@b0;B7D4x(DyRq%6CQFAf4yFqy-rn^D{h&Orc~V2lfm(WsN*z
zJyuQ}Lyo^VVUSAm%B5su>6uZs>gk4Blbq-(cp{d+h*5hy@^sw4?)1dZT^njmM`SP>
zK)(Si8f9tS0NuDN6osT^Z9``D9*@fzKJoBJ=OaRqRN4%_xq~GT$NujHBKH9@t?T`|
z%RElqil*^kG@dIUy={9l{)2>tMX8@P*NF%Cs?IzIS=k0|(o`d5Ka+~8;1FuJ{t89^
zlvDivGk!SMO2UW;lu=pRfa-)$AImy21^OdYV0t%l5+3-8Eq_BkYUD}t5!r91r2>_}
zG~USED9d$87#qt{S}>sOlK@dysP?9yy&=J^^mq@bJWM?7yds(L<kUY-(|o5tNsyhy
z6;MZ9`fCznk5W+O<lJ#KYak*TMT$A&4VW{`8C7aYsp4pn33;UbuLA`k!g^lyV~%8o
z6#O9dhF{clKsXrBfYB}({f_1t0Q6iP-R+9@WNK*9frYEQy#)jt{(g)Fa<hp@8MKTC
zs0cZ;^OTVNRL|0M|GwhB)c0<qqJrQP$cB564a5AEjiI4eAdH4<+108Rs7F)A<xa-b
zt-dC8j8D|tWMFJ>D;U>DiB(tGA^pRB`lL}7vgL8e7XZ@5{+!gg8=S(Gmq@Bjs+MW=
z449_t1FY;3k+Ba2)`jeX#`@S6idN5ldv2hrOJz1eWMXDku1dQ8FX?>zSXQtg&c6Tw
zz|A4I=mIodu+-{O6^@RN9}Rd`P>$=0hy<l)Z8$eBpHP2v!PLLoW08gl1}!Ztj<?E@
zt+J3gBg!zr%fAvis050^kZ?1}ncZ1Bt2wAl+~CJ^Z<wI@!$hn)#};`V7hw1gTEK&u
z>*QY+HO#^yiN^|+!IS(TWTKUcH?{K|Tg9qM2q5<}Gcz+!LPi8b!e)X*;=c5q89N#&
zO8Bch%xHC>qoClg^M1VO3h1!T**k3vjs7<K@0oK)1$X3}cuJ^jH|4$APtp0a3)KDa
z-`J$6FhChIt62}(fo3Mj{m5Mt!n0y#SG)2NvXF8xhw*umDNASbB!xEYJMlu>JFb=b
z5!U*L2QK)LGJDPrKRAl>o78YwBe}og>Hi#FJIu-zorWtm{aTu3k?h%y_bV(maymHh
zAE_g%v|tGyg9nLE;WYZ%uYpBv4}^%XbRSj$xhyfppv7;Y87v<yLbk6jxno>hoMdYw
zkRD0N$*IxsLwfU)U-wonSPH_z!v)pU)MP208)*ReYyCXV4OVJ{3^IryL&&b~>wsu>
z5o}KCGu)#C$3C|hwQSd{dcHg9>4vgn)mhG<6XGqC4o6|7hvu>W`p15}`B(ZgaW<Qc
zNT9K!ju(wzO3Pa&TalmkpFz2k^}a^)yzGVnEmq}VKb=X%N~;4AjXy@%7ta}$yK+xS
zPA>P@tn#Uwf1Gg9%LIm(o&DGRCJ!nk-}gi!U+*_x8Pe<p8M`8D5ov5eL-gdop30^~
z?%_Fcg<-)mS1bgv^=QLB<cAWDrEa^nJpo9(p<1oZ!;x!0YXmKC-0#oVOG)LBUTaN8
zusZ=6YZ&^DhaF~=)wPd?6AN;J1G4UG?3=>lYJ=4`pi3)d@tcFUR}go0ZXgceJm-Lk
zkNL9JOpQi>d5}5M5wyq3#+qB#A_uEmNBJO=yK^GYB{wRDiiL{mF9t9H;UgWcS~p)2
zZ<z~2!ng{WS_IvnD;lq^1_^dCJ6)9?%k?*&)J^sbX8tdD@nC~R=T}?HNJ^sWR6@ii
zB?WPvHwl?Rs+~LJtzR!5TCn)OJsHX<(@!6(8A8KYy?dgRDDBzWszOWOKK(n30EV9d
z6Zwy=huI$J90mW*EydFtE(~Js{4RKNRfzTa`@7nt|L;oBeu_fAXAmcbGA~Vc3mQpW
zbkRE?_lC077{!FAwNN8iT_m>&-p5ekZSi;im!?+E*eyn#7F57Mg1)k8=QAk<MNYje
zRgpxz*gceHzyt8K_1!J%RD};(m<Z9f;*ccd{8wmP!azEDNqg`?YfU}{SRU5G2Y>o^
zS$rXFPJR=GqK~ACBMxP-NDZ!$vqqMpnIG&Y0nTMn7(2=Lj{DIV1I=Op$P`=q$6ghN
z&EMH}l&#jW+{X1*7SSgF(>vrUK2e%<STCjJ5l{i<$~}sw)$n!Yx*`{JpRow7b#X)C
zQ4gn8Hrqs7RL#)D7H;9hzu#;=PPil%7+12EhG20976&A7@=~N|0u~kzCpz!pKwnyt
zDtfaBrhA~&DCB#=XkyHi>e8~x(}7RLaANZjYXvrbG`VP3_FSxdn~uM>6JI*JY`&>A
z&xx-+yR7E94FZpi!V1&S)XY?;B4uU8_%Iuv|4vJLn#k&M8e|Vjk&)1GKO)<=xy;yn
zDWa}DFKzhV$-xHeNCEj!arrtiI;z;Q9C=X4#nYZmRpw36JXQp!6$3<gtr)lBgCV3L
zVxMs)+*RIRR;Nb^$!<Tt4B@Vt=0teks3TITszRaui0?{FM6cJrY_i);)JP?G*@BT=
zwWEfNCQT1??)HZo8Qj|GkFX<G@2jN#J3L5eOAdSaEf0y!JLilm+9W=^8Tg0|wtAva
zi;yBHb?WY;kh@EDF^@(phG31FuZ9wK{FT@0mfARkC87AO-I7lzxo@;0$`Nxp<9DnZ
zGao0O7m#QL&hYSrbHXopd2UDRshb%d0qJ-#sdN?zxHIWAt~(KiFl<N}Ffg`;736pH
z{0z#E*B|Kv!LWX_J%Xt&Ay!>@i{joW(MU~eG}ZZL$n-)zQCv}rs3qhD;e4?iw6w%t
z7)C-w;%5FGV)$zSxr+O0^1<@OI<R<YzI}BxTTF9U02FGxc|3#?Bu0fQd;OR?N<Y!3
z#W40cF~+x-e_ALoz&hfA|M__^4(3-$6FyuDL$np;oD0*vTc3{w4q`QJrPqru|0i5l
zW`B50!a~jGxRpwK&ZB7r$ZGrO#PL5(?5?!mKH;OI2M(1CA-;mBr1Ov&^|a3I#q~NQ
z@j5$%%Z2OME;c+a`T^2kTtY$s@O`pv3y~}GG@ESm)US5`PVy?A8#;38<dlW!A%l2f
zOD;xKlSJ<QhQ-a1*(s12w5>dP48HE{GDB0k{oqIs)HTw*itl#?wk(s*aKq*RBZS<x
zj#-EotH$+UlWcF%$5V}F`$8t+!~88$byDlO9yP;JueUh#mc8QP?a~z*M!X_yG_(S8
z0I%f*bjG)E659rD9k+OIXlZHt0PX0X+yKOs%I#L$V(I=HhwQ%&=cDJ%4)vY>^e?n{
zMbzBUt|dQVa$XF)qPupkdW^kcmBDSs@U8%U4*Y9MV(y<>)DT3xo|SqF0lHNoB%a?Q
zkRj$Uh=8qx<J{NyIuT*vAqIQPFDRB#f1Fvc_x#9B-A}L;6T04BpAE*3S+P7eennz2
z3NGBVE3Owy5MJz`G9$h!bbR=$m{CXli!pVVJ5OHxxfMT!Ve|Ed@&6EZEXcMn;QiPT
zUJNm#sr_A~>na8-lAZny884I4`_maU+6n~qYZe0(r|dzD-ri7L6JRQWu}uB_`(TIH
zb8JRN8H<f$)644Sn@ayKAN|olQ(9V@xRki?f-h~oD|?k4Rx{7`tYP$`lP+#0-!Oym
zY3hOmQRe)p1U`IQ%+*4bP8G|CX&FjW9qwcTzw`T);8w@VkB6sxILBj-<5c|2Ni-WF
zSXO>xi~sUV3&BV6*=gbo9>$|#X4VzdSB-K{3}bja2!&W2&q;Yq)F)&kQ3pCr;6sGD
zDenCM4!K`%XU#*MN0aH6n(RoTaXI_}3lswLQCCtcY;5dQCZo^nc>%()-tSEfh8}`L
z52REtrEt{xIj(?V#x9U+R7d;mymX4XpFa>wz{cU18F8^p)`&){ku91{__;T+wbb0~
zV(~<YrVM+Rgy>zA)8{IXT%+*<Gb8VAawfNIhS&cZ$4dvG5WBsBag^MNvxM8$BZP4X
z=i~K=#rR4yocbfc@ZbP<&?q0)uf_4jiLM}8D!&Jg_=WNIWKlMbHQNU;bwCFzuc&}h
zJ$L|w(lOKu&@_UHgo3wPPAV1u1>^EgV8;i<ZXxgQ5VNq{vg-p`G(R|7g8m3USZJCw
z7WaBz7^RXB6(4_t(@)rFD(X!QJbLjLr>1oH0~fFtiivx?p4&?JbZXteK0UV<*z%;F
zsDjZ=&fGNmM{*iuid?%G`X^m7jMO=+L@b~HpY;xdvWgD1q6FiJ5h4~jEs_WzqLP!M
z0BBwH>e|YtHDn6P{Qo-h4<Ner(Sm=Yn1$cao6b?zj_HD_lUZ=QB8~G+Mf!8|z7rk=
zBV&ydC<Tq#^t<?KTmBBQ<#HR;<KrVx=p(%Wh*~aS7e*$jAf_<%02G>`NxPA^jv@>a
zm+aVqGWn%;ZJ_*!xmvrr_X529>`41I$2X7PtTwE7^GjZa8N@sF(UKxN;WRga4;=Dp
zs?pSscJVTHMt+I%Lpi3mxV3>g2?dC(()~S~RwY){@ecD$!a70F#hREoJ2Km`&f7`O
zKT-Xy7@1~Q{ez-AiMVNT%rYj#G=DLP8pibRozlc&Wf#@8i=u%#FCyZ`{yTM@7!Z;F
zg*yH<K%B-<!c88=BKm`}utUSU6z47@c9~E??&<!shFgLt#w?+@KCq5v>^P@?HoWc?
z=-0%;q}ZrvXnH5IxN1JYLm+CZ()cqVo*@m!5X6j)Nk!tYe*RF4xGErc6<@}ClOz9a
z>&z5TyiRbV%2a2{$YZ1!_qt60*D<83ARl<~X2ES<<|ijVu)L3{9}~Yk?pMnz75ZQb
z|Mi-@_kufl+twMY$r*mpra^<)@H!f5n+R107N6o;F2nT8ZzQp9VV0q<%0i)9zfWOw
zbBRIG2b?U>dwT!;p5x-Ubx`={@8x)qd_D~hZGDFYMQfQ16`VkIzTk5e_>v<8@MDtb
z!s=o|Y%DKND@(Q)h~gX&HiB0dqMUO==^i#dwfHY;=oiuW$i9fLa9e!_su$0xqS$jI
zz&oqj<KBATIygZ_+if4?<=*GLu_X(KFJ1&SpX_HcrF~jb(!3;-Ss5tJMeMP$^BhRw
z=dIwl;(g+fL$<UMxUWq4HQ0G5e&XU^R1eG9?wNOz6AVnt%*;3r&ne|{N*)YPRFVYN
zi*l;^bXQO<!QwGbLlLkjAZL|`KBMzJ7iXLPB+HdZ{l2k0F{W5tIO@O_Yk|Ny3yQp*
z5dG><CD5e`o4T^9I^?3zVVS)Q8&Q~YdNk0Ifcl<pxE3Y#ljeriZt`Dk<qOa3^lv#E
z><~2Jhc92g2<7m4DLEouc+0NMu&}aGXLM><H$%zG%Rc~W$>rXWiS$DKnA)y+IGhKD
zXd9z<R2=Bzb(|wPM}LsF@Lx_Tqq+R=-+r(x6fDS7wsfE~Lh16-V;^ALa}%rosxy5%
z&A;1)a$_xdRTQvVhp9N6%c4th;=Yr);vYG@GN+2CvXJF6`r7pSxMTR`{u`wFu=FVN
z>_s6tr+XRHKkkJ-`OSh|$GW>VS)IkhI{3Qn`Uv%OzRBF(E8KhRmBS<Kkj2uYVz2L3
z?%20?|1>5osPn}%y~e()Y#ydn@fPpejXJ<*U(LbYOcG9wqp)wdw`BmOK8B9696nv$
zC%YH<N#S4&CZ9RT>p?Fz?(%9LpSEO5dR_4YVAl5uwF@Z0cY#5HVprSi#A+&sLy^5Y
zkIT8{2gEW$A8W1mcGCIwa~Zqi>9{Nx!h%gOX=gR|=irfNJ%k1MfM;nE8OI!xE2h_d
z!oS~o;pM|-Dad>&3ALe`dw(MLuxqk(r6gYW2xg}q{@em6CFB6v2KfULxaZ-6;lGQ`
zs=5te<bt!|c8JHin>Cpr;6*{V8OnR0vRMY4UP$bsCVVv>|K5q)tLpje6Ys+o1TMQR
zzt-X=B$6X{R&=sN;q0}{74EAe)8*=Jq!*{vVIN&f+|0eJHFnD5C2l}+#Vey2oNIJL
zpQA|OZbQtXHZT4O%e?eKjzI3Wk9XvUw<`r|)_hH?jI-+4`JYSSn#q^8S>+H=ENPkq
z&Qg3%qdlh+_VQ&l>ivtE^g6H(emThZhVs#B+e6&|DWNPd2A4NqbL?gE{RQbO?XTS6
z7zy+bt2KB$PNlek){BmBXyj6Il_tQ<EN^XOEaL|fjY_#(f_%x5u5O2UXnj!Zbt(e1
z(WU0Hu*kn_z8}zu!(7-BVaT)%#UD2+J@a(E74u^t_gf;t_Tf_R1t|L!1mooxqu+R4
zYvoyX;h(g~IIiKd?e5&NXRqeG1Xr5oH`AjB+Z?$UL?e51Crdrnlawvq(zz8>=$VK4
zWj_In?49Z}afrL6aE4p2k;RSNgVAXwPuz!YV>Wl=KQ@)J*kurZN=WFTCk2~ud&#7P
zxq)(y9w>*#I<2F9vBA#|kgBCUmD?Nejzv4yj~ZZ2TE(m~&;%N`k^|e4r`6y_Mluk<
zS&4saxEA1C7gi8{Bd<ii27m_Y>p{^V(wGh??56!=B6#T?{C&U+4i6Z^CPDkZeO9f~
zj^YERHWdh?%Bot0nzM2i;wdcc3Ld3-)a{5&-w-ErznQON-KamaXJ5%$<irSiOJ%fb
z!^PX`=HewA*YGI&ap36;B!4m9C4n>@;a`*llvZf6ecs%R&_)pvQ$+U4-8**Yrl#vr
zcV`yKV@lUM<i>~|vj6@Ss`ydwn#mz+wG#-p8x(t{f>uG?pSTmfYNPsh@^CD>0Cp>t
z(IC-^ZWvwb`*br`fO3aW(G5^5Q(=QHvxIsbulj6m(=93mfXVTO`w1QE-**5U8lmFu
zqyhkOLy3hFzeAUPIGtNa{tT^jFFCH%%*=9c&E*i%t89<+?tf>iHHJs1!Xlznw3KLB
zle2XJ7D*1^X^O{T%RBJd^m(TE_JepXxkW|LK$qDOAH~+MsgwDr@GPF82OzlXcwhx!
zr{}VAI9jc&=nJ3BB8{L;d|#F>S0Vb5a<N`oCHP@j_*cx=Gn{PJ?`!YR-VzKL?;0V+
zIl(gVMsl?F4V0Os$oL@3!e@1e440Ry<%IaH@FBkOnq#;|`OzC_1O1<J^LO<+@hk&R
zRIwnunmQQjaR?LizXE%-`ZCmd1=UU`DnJf>?*^J;@Jjn0qTMhw@;?umxjlD5rB=BY
z0&K#TN{%aiS=UF0xi>d!)P56t1UXeNZp^k&SS=ZLFc$~=<My|Gb!MF-c?$7aoo{zl
z=4_r-+U@9JWo2cGdtru=7rcw7<S0AOK9^epcTv?2eKKgfu~Ix&eQ1=FlyVoB#&*5J
z<M&8D4?_FKVS$yk`KX%GCQr9VxkX+})p{d`Mc$iXjBwk4CvJ${?qI2h#M_6}EvsF`
zdBz){Mn;V)Ry%NU4V2Xl_OO$+)w4xb4jhI*Q6GR#Oc(GwJRY<M;!i-XbBw(lo3|=y
z^er0aZalX6d`^W%quxXH_Mb@7x;bxq)?C(^yn=;yqUIPH=(xmd5ADCk2-cYXT<*7~
z%9T$~?&z49_kF4ZiAT7?U8X>ZCgc)Uu!*-%gS?sPC#O-46O91ySLEFLRm^gaK#gj+
z&rFp1c}{}#*vW}}@sO&_-|UElNfGGIniMmkm^*$pFjeqtIkPN|aD-Wyp;C0kl{8i+
zdPe^^SHXT<=3~S9m_;i=42sHGK&kPvp_Xqgmze}~rS+b!Gb2_pHrXk19j8LZuRuVz
z6b=s$%RkSR$6nS<7c|61O#+CmGReU50K6q(>3(iQP_M(>uWBMvHA@@HD(hIE#2|su
zg2v<D-r4660}4Xpegc9^{Z6B*^o;{t&v-w)Iq^`BlT*ZUm^5;Tx?B=3Na{`N%*fn`
zr-{0E11X&CAMj@?qq9iNtDAQa;ZVE`6datFjZ#W&f-lI=j3vqkqVdYk+qe9`%>DS7
zN@L`7u$Sr;ze~rHwrCUEwLTtXXoRFntUN?JjN3w+gTyBu=osW?#jN(K^Lpnvv?=2D
zo@Ehu7GX`cehgk078UIPqZ~yeVm|~#M3u^H@vRb+J&t%4?*Pra5W{KXzr-xGN`)fQ
z1ob{rF-_HNc}(4bo1ilNo1gh(_6mqCvH1;g9inER^G^`TVu4W}sOSS|kS56d%EiV6
z=F?*KHTmKJcNM8ZNNrskU1?M<lnxG#NrJg+nNmGnbpImiZxDoVK{1PmAbjaC8c#~B
z@D&DyHIM5CJq879nC5PZdjC`xW#BT&yw`N?Q-Id#E4UVleF`$E1@n_Il5@n4iB%`L
z+uV%S2lDeF!pVtV2#4MnIVgGrz;%@~l-#5pU}o%-qQb@9u76zV0%M_!A*Oh%ftx+&
zCsSN{r&}N?{aM1;$*F!sto8S_-G`S}Nf?DC2vigtMf{C}&3q2E0jUK{A>N5F0(D+!
z<KMl@NKFpUjSQ6{l0;x&$X;k~IlO0z+51TJ6o8Q?8po=$qSAJ3W}>_UDM>vp2MG5<
z2woc`LfI?<AJYtsD}%w%23M(wiMeK+$>JREKOGqHq~`FCmG-H(A7FyntUOo!K0K*r
z8?Vosr)_HLCb$H~EU6hO97)(-@?Mfz{4XXx=Re{@SmG<7wM-537w&rd$le=xses-k
z+<$NLRo;c1E>aoJ?TJZ3tC5P@@|AV}a5u<_vUofih*Ms&WAM0&X7usZ5l8x>GvENa
zSTxXguiwJ8NJugF2$9$hr`qVg<bIh;uYmb-ue%%VL}|uJ?Y$+Kn4pvK6E-`R=a&{N
zQaCE$8^~md8(0$i%Wi)=F%0(#wqcZ^c9y;`xVNL0H_#L*Eks(pV7|wz@^jwVYscsG
z#*lBF>AS;|)p>czLic+dR{=P1Dm&SM;m_P+XW-vh&2O?juO+wvF`1EIS+t6O&COSQ
zZ{_4c?xXCaDK9lOdoh0L(B_}12%_$qc^SWvBa;2KGsNO{jYaMjkaXx3WhZ6=x2v%m
zfet@9VoFpUWwNHXi_zOR$35Tv_2c_ZBSn6=(VH7K*sFFeguwV$h!n8jyBA{KZ=u9O
zZKA9E<}js&#uWQ;V)*ig5u~A;;G6QTk;Jym!W}+yr|rP9a`;2+mfg@lAY-fGFw$3v
zpW#d3L5vf+5?Eb7tj9etRtxn;e+>yW;}ozT$x~m!yI#5PxaSceFV!;`4DlmP-lVG!
znCoDaYsEstD-fsJmDe^0VU<+Wg(u5i=l~L7;e__$DQ4B>@N?nuznLnCID`^U=T;P-
zC2YVn`7$Bn9+_h!6`qIn^t}HDf1>{NQFieAdNx)3foIcXDJfhC6w+it<&}q68XsLZ
z=u<U*yM}b?ulk~LQW9@+sMII3;LPv)vrhag@9|&7RZ1g8-`}&>3qZeUm9Bm;v0~pq
zCvl3YPr~AKtW;RIRXs7hVdNFnAkCs)ys!fh2^5HrEKG<AF6IRaHs92aPUh^Z<&ArL
z^B7jN=>Xq!?70*6x`^YXg)aq#-K~aC@U&>-7X>z&(XP+zYCVhVO{}b(v9UN|8_Va=
zikqux8l3)>jd%liLhs?3hQqCCLI*nYO3udF<P`v*?IdV2_0BADXt+5tT$!alyq12C
z=EawN<Z+%ud8QcF>mkd!5q8aZhydOp%-`8*saWEu8xn>`<Shn}?M5kP;oQo?wZ*Xr
zY7srF^BQ2iKpT>)r`BKBu2%FLg)Mw~0x0ZLQqojuwr`p?;{A0j>w;r~S4e;U2P%I(
zQwl2h2j~%JLJbjpM@-0)zO*c7F?>=xLP|Jd#^=(i8=diUR>PgyVZaE9ZFYwXiA$l=
z2*=d+1UpfwLOavXHMP6L(`vhOJ#1k&Nm!Qv$Pbe@ulkN&<&D`AK=tjd<AghT^Mt#5
z^cr1xVv&8-G+DPgxOm93>+IM`UciYkS#j8ocXq<<I9T1wPM4G^qq;d8N84uXFOW+?
z2vp~?uHg#MDw^2>X3!ckO;sRc0Rp#y<kwvr8<#7K?>=N5RWcwVtrf=U4$y84-?=TQ
zvE8#}=P>y%@e!hb0!xGS@}IR9Q~l+)4rY#pNl6<g97{_jW?BvH-6>2Tc--WCX(9-#
zV#)rAFq|hVw<xBz$-~|OWqR*%2PHVi89vF?o^PB~A_-C^#8YptGlT9YX{yf-Prq!i
z8w*|)d5Uk2DZQU9@cO6gQ;Ko%`fu7cymJb`IUQYXM)wh`hNH3%oj3sy4Kx9p%9wHf
zaw|j3MI-gPSXjPA%H;NpDuDxG@;coR`ql@U@E2GeD-A$<F@Tz6X_`Z)Fq-lPbzkt5
z1RJu}aCcW^*{45xaK<^K(Z-iI5HRQ8tiY!YA89|Q^saNSI+^p299cRO3L9s^tk!Fp
zYV1myN&RnV0`?Ao)co(>yrM0N!oH+oq*1|ZfYuq2CMr9$HrIS^7(T)T2XlOMKHyB-
zS(et;=FDl9Wu8qDUJTn7ONUDTYM?oiJ6x%G%)k)+=7hCfE;BP9S^mQkAz@h98ew0J
z%*2}Qf23u4u`YNp7mhu0AsgbZde5T)KN+o3Dz1b)4e47D>JDHzD9;QHP-3IFF4`1P
z7*T0ZnRK8g+c1VLD8&ChxGF_=8Cj-UfO(Kq-#S7G(-p$4!+_!V-IxHx)EwlkJ;jAq
za!0xkD3Wf2{Kt2~TnYU3Qn?#37Ys)&0ei=Wq>+9mkJK_UTTuoI(<!S!J}90Wm1%}r
zrboL?^8^f0cD7S8aB=uGa_BYYyjH?4wSyOOkaN&x2td}*A?})>O~K!L7FQMe|6in0
zMwCB+dm?#1UR5(b$|5}5O1HnSuGyPPg3QauE|>vt$k^C8JI?sZ(&!lU7CgWiH!D4$
z6yTj{93MI5(LDuop?4CMc-Pnyyr39y8r3G14$QDbeCZ{wZ*F8+Tf!E@V6n0+DE!Uh
zukpZd4#pMJf!WLEyYgRyQVi}@(dc_-JVaSfz~57q1{Ro#03r{53K2aPyk8_|7b9mz
z^jX5N%n?9{L09wuFXyMjj19^Z-nUMSDcA)Al-y=mE~4W@J<gupzZGR3w5HnhsYJfo
z&`YEjJdiBIyE7__IzBwvZU@-)p!Pp<Yl;SwoDR~r3JMCB7e4Rb91h0hEuL!^M=Zuh
zRlB9n*pWSIw|E|vItI;fWywRDjR9mhvkbO`Gfk94L8m0=^ttw&TQx`M**=44>tAT<
zuC?DM8YEPPm6(?^8z05Km@ktjmrix!gIq}!<nEdyR>SdRAHaPrOxsaWhRnY6#Q+D#
z^Nqp=X;LQKX`<v>h`QYOqzTdw1lkcFJp2XjYB%|Wk~vUJm@-8*D<wkWND7$&@={8U
z`ThX`T$3xs;@*C^E-(<XYW2X*C>9teB9dmzeU67e{yagE>sjGH`3*j9Z<5GDC}bGt
z?*KxiY<BDL9N`oK@>cbCR_|uF=3jNT@+a_)&VP!fGlBtjX93*pwgU^~RLE9F`6N6T
z;%hB9hw~{`ljaH#YBpL-TN^DUQY*>bH=h<7=cq|AHEsRUac8P@_^Qw*X9Xq2iHz=4
za-HXw*L)c~paoC$&Mn)zncI~={YRAFassA|!|qR6E*oGcqkDUXNj3rke)e-dfM<D$
z!$x^koA#7-re6)%=>XD&CVCbI)Ub|$LBUKPN&tW;Xh_dZvH5NE1d+zN*^Y1MyzF2C
zl6}-~&z<kz049kfx%Q14vM2anS%dn1PKpF!A5!k>QRL)LE69(i@B$CEj{Odhn&;Aw
zf%RQcZSCx*C|nK&x_Sw*=eptryVr799&KEpqr8e~GQp6$r&g`hEM@U=d@2t?5r=Qb
zON9y3wzMp-<rxF|1zs4Rr`eo8WP5d<8_5AjF28q44!<B{S2$l72ypS=SJ6mXTz_1(
z<qLQVetAg=zm*jou=HFmDh)Kf#o@@<*kJ+z(0ah6Ko{3togwc8g`vcS=YV{WS(xAA
zo!#?;=t*_98u{}(Pw(8s3tK$@NRMO`WMc0WE_4Sl2UeC<QS~;-?mb$Qpvh>^71dv@
z2JSaNH@ZO4^%^2bIeM|b(%;u$B_ZjBe|>tJ2BIOKE39Z>l^FjwH0A?99|We-)E00T
z?WX4uGv8|wd|r%81UO`5+TM>wBI3;oupt~R{-3D1xKq%`Fbd6otBMvUNyZvZRivC)
zQkTqH<YmO?X$So#(H!FdMh;tRBK$~4q9P(hg2pe_8*SK{>NgqsH)4|r5HN_4s@6O8
zB_K+4jIUX(x{uX+0RITtGvTh3r0dSAxo#O4LtSkJAnowIKOzC^Wa!J+P>%*s#bNlY
zKILNrk=OxQTrSj@j9NmH8Ad8uV*?o0#(yEh$)~7P-00b(H40P}1&M;g$xt26NQ;B0
zM}mb0|8Uz^1no$)HSpXg=zF>$#v1kQxv^(P;q}=Kvb=wAEF8XpY4O<u(hyep1qCR;
za4>cX8Q}YV`<X(oTt>TG&Zc~yxoY}YbgQLDxt9^2rs)9>UM?<vZAx<u7!PZktrm^q
zw09tqDv`RE&*8g+h#+BLb^$AF#g0nK?^SNhu>-6v$2EeQ78r{c0&45>j3v&*L*(ab
zv;x)8kbiQZ{HnX?ujRC1?HqEar+uNt@XRwt<k#i=)lC?2GDhV$HHkZkA2ISLl44p8
zJm*@j_gv6fD|>C1BDUda1>}A)@8qKyvJW1Q6Q|dG9LGA`_uTg1@%)zp(Wst<3XS=e
z<D7|i^ycQ~+#f-|f0Hu9^@U6>ntt+v?HGQ#Mc$ga2qEwe1-MzhqJ3HgMqJI2>7c^m
zVuRjbgpq2u)1{gRfJ9s(UUm+Z!=1$3IzqIhQT&QILBNS&;X*&SVZaru(TqnEO)q3C
z{ka^WG`^bF$fOZYxsGt@E6LzEY`y4bI}(Aq;bzJj2s5JahEGH>d7-f3s1y|{!Xcz3
zdK<_d?8E^EdR7g@U1Wv|EHx?-2zuSyp|FvPJr-FzX-R!+MnDL>Rf2TH8<HUSv1S{9
z^AC^D+tb31Ro;?E&$$KuW6T3@o-m#Ekr9XI+wV6bfY7eB9AjFsmG*mi`92m>0e_{Q
z7NEvqYB|OoFWZ}@3M_yB40Uqa70ygo)A$sH#{lOf&B~tGi6mx^)Qd{x{gmG)@wc}!
zlT{;-HW)^Xno2OBN3ZcS7&<B@z2PK%x?lt{7a|eh13pYpSU=<hEp(0!4?wD2gtpMI
z)!F*5Lnx@xYwTGvN#W$dCb7Sp3lo4~U7g^|GVI6;p1!B7s=E7OT%K;_(T}0(2rRdy
z?tHM(=M-g2x1&C0t7}bml8O?~A~ulveaNOr3Y~y)9%K2%((L3hDM_<=cFjmpmUOPt
zX)ta!@7w`mKv#3HFS*~EdWF6at<Tzz?na<F2Wh-WpHm3%t0Lq6^8#3EiIbF1o3rZO
z32Q6+DUMKsBWE92PkP~)9^!;b5kh36;Q|&FPXP=c38P{N*tJg1d-_wunf)rhpAxBT
z7U!F1N`NI3%SR}q1GjQY!dAXa2{9%2dl*e%u*VJg1cwG;60z?6d^U2#^m@){J2X!K
zLBl?R2k>fuM+^&%LZ&aq`&I}*e`wO2(%MK`r&!GQ)V+IF3^%o=j~z(uDV_~1?<cuX
z)0Mnpe6gKxUYQwCJu$#|;;-gu4kCY`FyQdp<Xg<}l0e>0eNXXt{uo_Yo-`T%Zm1{8
zyIRbp2<jUg+y&T|%4LD@*i7g#FFPn#YNjr&>Q@GjuNbN%i_0Wk7r~ngaU^1M3~S59
zrU0cN6A#>z;s|r99MayIJ^N@q_)|8O{Q++kNww{^AU9yJ{fl;EcXwx}1;K4b*y-VN
zJC)f5v9fJPav#{>C;+HA52${1b#*Evo;o9X*KDw^#Qd|^Xf603PbI!X!Y<GgG}r@#
z#$KZot>DeqbC*;Gy&j44%Zs0?n%+S(koL_@Mx)84dU`3QdbFZnK$}RFA(Dd=a6bQS
zXF&u1W}Iv52P`O0rv=XSs4yi_^JC`(2Y;$>$|mp?N8r}>Tce|Ei`}khrqA2smOjYq
z`QP2j@7OAoQO*Aqra&$b>~e$}kJxg79n0qV_JJ)jzRy02OG}?M7>4b|^d+5W*$2gL
zw0rCV=pn@M@v-_Dwk(n-r)(_WG~xB+|A&Jt3gKEbl=j@=?@LTZu}9W6WqlnyNMus{
z$E*x>bl-G9=j|4~NN28gEkl#|NRP1eSVlnhvxJ01cP7VQMn@0>JT40|(%SncK_Q`S
zb7!~QnMzB#kk8+gLCHKZrq-HkOU^$mTV@?jC2Egt!i<i~T||qQ)s7x%HnQYpil$51
zCEQtP^3Ysj{^ZRPS{8{xm%0EVo-zp&q>jLG!Cl!vSq1mb!nfkmN>Fw^I3QunwY~m%
z+KufDG6cI+&wi(r{Ja{0g`x@(Ifs&^(R!*s%22ctjC?-uc=|$*g{hec+%6M?O*<o_
zjK*`nG})a-7884=-Pf0@5gT$#)ojho4ZR|(`PG(%P<Gg8Q#(8LcVi|`G!u_baIR;G
zICP>;-m*Q&EAjiH@Mf4#Bfat7ibJwA5Umu~mO*8=GQGxgT6`Hepxf-c3;l24Ag<F^
ztBK<q>s{Q6eN#uau5HVBJ=x;eL}*s=<vmk-fMgreCyjhfT&XqkCwz+Z%KW%YPED~W
zR9eD_F%vQ6)^LC0fHO%np#TMLyA&&v13V3G+5BvIs2a5J@?v)=yu^a?Ed?T>Sf-ES
z%K<S534VXlV>qZ5H`-UUp3)tl%;KaULyEyjQh(W#^xaZEAor@(IV=(MQUu_C#%>9$
zH5bY!QezUqWVeX0&>wq~1UjEP<4e`rO=OBqvxB;pPMzIM>Vma4v^l0AMH0BIW4I{d
z#M!wgRaFxUv{~-2>=-K!>o<RHoVax!db#H;W{7-~(eB^kbv~p?`ORyqb2(@4Hn7Ni
zk(Rx-Mx7&*W9EL&EMsBZwuCzOS_^!doVB|0=kpv3XB;wS*}1N#lPrwe@v|fD2z?Un
z=Wt163hR7J6^`WR&`t^!y8Jr*+?X`P*}0>ZNtmwXUm@)<h(sI}Nclbf+vrhvIY_(p
z2Xt9t9F|GSl}!<o4mcX3rf`WNp{s_@=W#;MQ<gFO>P(B!E@D$g2YJa6s&$r#Awqg3
zV*GQgg?Z>!MnAo!q|j8ge|*$vkku!Q7ymfEs_yF@Zd;j}mZ%CLMU|k%AM%$Xx26w#
zCStgwjAJjylC=0NH!DZfku8q+4Wrw_UghWhPU5R5dq!Cyc-@G1LZ6Lrf)Mqlai!un
z+Cw2-1nPm8tTfpAK?C7V39Jnh@ZjQ{n5Ii%6+P7AikWM&YW3v!KZ2*c4H&GftP0J`
z=xG%$bNMX|xcg3Iwi3M>TB=d3g;DH)>GdVGDuR81?f`Vfuo~23)xWIqBn8qM5_C;0
z94Opx#3-gwU)OML)g4gUi@$?gp<u0;Fp0wPk}#7KG3KZA8Q+}|EXg^ec}9HNq%)6=
zh&k)Osp^Q@GgQkO_!@dr*(uObn7a_1p};omqNQ;mtfZ8Rs{Z4cd+NDmx{8)Y$WRJC
z`fNG+tQk@BIqHiNZikoUi<9ZL(Q&#=z+&{KO9HxA%pq&Uph7sOO|lpoYR5(7rnBtx
z?(U6(Tits3-`l25yiPhEm&EWjuLsN7{~uHD9F=L*{SRk1*|uGiZQFKDwryLJYpR)S
z+n8+Iw(Gr{=lQ<RZ>{T(*6KdzT-Vt+`)qtR@S4Nyy-*gIa^lYg=as`{B^vkPc@6y-
zH+>HT1fCn+$HirkXbLqgOkFvj^4sY{$r<;}1(&hw>DmtWBd>Q=6)V^aF1=Ns985$S
zw^2Mg<qSUqgc~bb%oTooKd%GRwU2YJ8s}-b=qwI=B%%O((+3$8N;-N`Yj0XtTaB>p
zW>&bP)zjuj0i&@R^A3{}s&{Xn8aA*gjNfjvJT4)%yH{pBPlH8JDR%6X67}k`h!jJ$
zc1ZBaG;jd{J=KuGy+7)@ZOJm~NQUvl2_uYC^cZO9qO5HkvjO-*wyN5LhX@69^~>uq
zkYRpBlfQk%PZxKW@;#2SpF)ZKeFq%0PHK3?-L{78bio`OfgEhe&glcsYt^dAV9?d0
zSusIU5jPC5I^k1t2aJN&k)gcew~DGI)nZ`A7>>HBm#TaBCebDIHR+Zl@Jee8rImJ;
zVmu(xiAat`MS)}+R%H2^86qm6HC#-g3tr)Rb({36!gJ=a{f)yAh#2@09;!9qCb9hI
zVGj)#c6fK%-(HOZ6~o3?T?^d01SP`14H!mf&u$6HO$a<MWHR1nbP-zasocdi5Is)m
zm1|<e@@2dyAmT*uayRCc5&;Q^!KJ?Ryz{1^9~iw}yboh@fC>H{ddPmAGVdn*MLsy%
z<byZ_bAyx_A31CQ>w3ZIPedY4@|_rryU|+6Sb#AU4xjQq!a4HS3>77%K>iy@ATguN
zUgaOko`v%^q|B_)^1se1DQL!H57`oz+=wGg`Af}~C<Qx-rldWwOZ_GsMI>g>=-fI)
zrmFDc60vdpFD_Pw@Ues8`9TWm%0*db?5llK6m0n1Zs$GI9o&exXA2(*Z>rKct7Mbu
zsXS#Fhq1Z<G?lmwOUcN+6x2PVv}7{n(JWLVY;`6Z%~lgmWE2!eN^a>LR^uiERTaIs
zY2(4Xno=+qdYr_a5Dfy(==5Ndx#R=m%>)oQbe2Sk>6;pQwO@){fn{n{qCZ|3nV@S5
zI6k2o&-wh%1pDH%5Mz4Vb@tHENAG=aWQgtet_1tZiiqY8dh?A#B&20~I@ebfPGS1v
z1wj?mNYhhOBc)~n>ytUGS81EW21i(+!c<xPiFyKH4(~G?iTT*@5(L$7xw4|p^81kR
zr~D~=uPN!f4t;+O4H40D3C*i#vR8_B%*HB`h)Z;6(4^yw8Y(g+GQSYB&}j}3F|h(v
zUp3zipo@ox*;raB0CF4qTEO(zgjFl#HrC`>ZYI=~?ozcC+Jdbgfn|U)(%wmkgf>KA
z_OXPNjBu{+ad=uBKRLaSXP{zuB)q7IHDkf95F!>v^zSD`PK@9y3y&`1^P4&%j=zz4
zjIbcW5{@QIL<&%G_IMv4<x10l#Lxy!Qx0ON>Fp8B99FbxBIpy~r`a}1%~*8&-kb4T
zBmzckB=kRo6~|DPa^gD9T+HB^zkZ?qc}hacMWl&Q{B0o*hSMWrSjY$?BqBrD%ldtr
zZYdbXaA655f$tkm&yX3sh=~PpXt9i-jzlRAj`E+JOae>DqJ`|Hl@ldz4lnx18(4!V
z2>~e+Lf_{O0wSL!DB4_pSV3s4>bVr7*B+z2JNX`IKR>l$MUsQRuR7Rvka|x;EST;a
zCU<g@h{y}!^HCT*__^Pn`)eF$zY{6uKN%fktDxczQoyS3EPcpo)Rmy3h{1;n&%6)x
zb%|JO@e|=o{;r@LD2^$+-af>!-?*}VJ7@0_a=-l0xPA80Xrx29&ZqZoaU_93IP2X}
z)vos1RXU?{G@Oh7h-`n~3AiMzR@Xn%=s=7iiU?2gG#NX%cYi;ZAGr4Xw()eROz9>{
z!p(wJx8aGl8oOZhl;`_&R_JCJA<>UP(C$ydX84<{73~$atok#bJ^uf&0Q_bhaVdWY
zTs+KETEm1El>+fU?V~iiuYf;UFSJqGAu6@nLZ3<cF#Wg!3URc|j}ARsiCp}6j~Kn(
zWZ;Q`Q72`dQ9{JQ`?Ir0z#DF(&AzqnQO3C4p769&m|+nsIS{J~yPa&;cyi?WSF2j@
zBucA%sToqSN7k|ZTVdE;PZUEtkXIg_-Gn#fz01D)ZQ(%kRp71Y>Ey2vR%mGbI!C6T
zMSRh<3)>Cs8{$%qJbdn#pe6`dp$NI3DBsgKn0)Ufj-9oxpCPLX|00KN4T8KKCKdgr
z;SBVERomXGykE-Ij&Zr=7sy%C6%QX7oo;s&31v4PDDJ?_S%)m^)QH;1pmM)|J~V(%
zVm&iTB-Sxp9YoWpe?SyFxa+$C&n>vTn&zlAg$*R$t#;c@(`X<eh!K6QA!$Npa;3ok
ze4oXnzU<4an(XgZ-2Jrylc@Nu=|Kh9?8Ai%#5%LI%yduI{y?c{4*xcb$Upm=3xb@&
z3C_dp!ns}m+Uo(~-y9fmmaqW48Oz_oGDc84v%P4X(8)RZ^I|*XCUU;s%TK#`P&RUV
zyv~rzj=4XX8|H`TR@GSd(-|t}5BjV3qTW)0@M-v>MOQZvZS+ZXj24IT&$+OaNVa9A
z;t<Ep{4HLC|H6#8?CvfEw$>1RJFn&hrmuKH%0ssXp_PM^>=eM369&@W#HlMpoC2$E
zf1(`CGHkv+DVvgJ<r<G+<H*tuvWpaB<kYI?Op$|=xePg4(i@gS=!vRB-wm~@6w#_O
zVU2n%NIt{WVX{d~XXe;%`zE65z$qr16*$~2rXl3DJvvrmJefFoec;E}AF|o}O}Orr
zh?yGwoq3kDQ&tQZL_tN3jy_>Vk>tTS5eA#)2a~&fYI%lkl(ub$pcuMN_&FOUi<wMc
zsOF{NLN8gm?>!qPpd&a^qMBLg95;N!l3zW{=Ep-e<`M&%6Q6#VFV@I!8;iigcDSI>
zIFTPpaNqFx$XCW_e@SV^;d6!8cY?+zAO|s|GKl*GfzGR{QkMVdUow2J@$OUOvEN+B
z<ZS0Zpw%G?W(E@;lI{P6l;M6lyZ^NP{%Ex1&$pDO9c>s?hgLaPJs)visC<Jv%#&nn
ze<VRa^I{S?NGH`POA$Ld<3&Gx$DXoiFtznDJYEK9D6|oq1>C`Od233ESh23!v=-)I
zEM|0F5SPI6gZanpgTZ8vZ~++(n6@t8gPNwp2>31%8dd~w0b6|p`W(>#DS8<m8k%VV
zRW_9R06y#B{?-YW@}B1Yjz&l{8&pEu&0uB%CRV{-OiW~dWJ;N$f<~~R&`VQ=Zg8@o
zaY#G7fV&2!6ik%EDX$xe!mww6MjqVwaSXONRIxl(6dq0!3G3ew9&yZz_G6qIxjQ8-
zZ7T!B(#TSWZPCL*(kfI8eU}zo0u*f#gW1^e=JO3Z<GbHTPu@L;;StfIQd;C@I?V8~
zqr&#VWQFS9_4V+m^6$!yKmD?!fL7CDp$sw;#10S4l}>A*pd9jFA_T+3U~U{+!bkvB
zz#_3`B`V=JD4hr7o?JO1=-5j_5ZV{2hkHCDrjT6=8tub*O&26xuksWNvJ*<Ga!vMu
zvQd9o+e?7!$3Su9iHDF|BOJABxOzo$tzwGuh}<j8|HcaD34`evm3e7|Zbe4H)Yx6>
zB`2#Fc9x3yjLI4nYAbINURt0m*lEPAki*t07fxBjCK|5cl2VAmNG5FyqOCD#2U!#~
zUaUnF6fn<8Q^e;_8xH-VN)j<vjryh6VY<|q``V5;T>lq1T!1Xc<AuTf^j&j?DN@+<
z8hB5twIQX!=pE)dNi$9?K{#5P^wM7DCnLoD{k>4>3z0ahA{=@de2BQK(Q@nf(_5YB
zQBsb-JijN3>;fVfq>9mFz<ap#MbI54%?GWPjFkpYsQG>GuHOsIjwy%p2MGe9)!BeV
zV?@mLg0~66U!)2R@J^iuq+FjDEF}~7ByyUN0Wzaa<N!={PPOvQNO`_@u>A(xOr4t4
zesQ}FurNB*o>c0yl`euB$&Li__RBvQdMJ)G_l7p$W}PpAaACDsuL=rk5yoEZyHTpA
z*T+25sUufzu4WLOPu_fuc3Kg=j*!g3TW0qWeJ+dZ;oF5`h4Pnh9H&;OYP*Bq#8oYU
zrA9~BlO#yvsEPc^&{V_arG^$%rK{~eZOe7KaC~NyOeLBW48{L)JQ8y{5n{(x_UCTs
zQ{+H}Mv#Bk47UgMyuXO*0cDwwcg@CK9IN|*IBqBGgBK|^YFZ#kA{E)+$xwqa`e@f(
zoDErhF&1~dmU&4eD8~8?Z;3c*<;Nb@fpHkzb()lpl|9Fd38vR}AeqMfzIU()d1T{c
zY(b!7WRRH0B=#PsGLEh`!{8>lGbaG&WobX&?GjFMs}WZtEXB*5q&Jm*!Q-2#7VbAD
z?8A67+W9dXlgc`&GFFq`RO<&bIO(6Em{>Q4TONMU$)>9x<LM30bfjSS2@%+`Qhai6
zP;q+-cE5jEpaq<Y<gYJD*ljLE=Z`2yLsX;GoJ&ex^VUQxOsHzd@J#EVsn3O@Q|PiX
zM@Y!XCB{aoW~GXg)X8&6!6Fbd|KTT(!3$(7Q-{H_7W4EBg<~L(f);M~cE2EMTN0Ue
z$KxwMdtiPoCLt$BUWiwaX*n`tRoyeLTk4zMpeOpS#l;u1RO`U|(|Wr3BNQj(=@%h;
z7Z@l6f|!NKFN+gT5-Lu`4dYC28Y3}eyjXz*^OJ#Dg#<su)qz-gA~Li&BTnp-YMWWP
zn(aCgjqrhJER1}0Ddbq(akR|do^V7P^mF*J6T0S)6B<QrPnl2-8vFYc^?bWf8M$<C
zB*%UVbFC`YXmqc^xnE!=@WZ{|u!L-@2X{)P8HB=@w#CFmNvO6zn;!A~9aPO%K1nRa
zIv$PKv@bf0jqOV~{ACG)O>e=!6G=<dX6~)BBBy?u@qZ72A0yAKZj($!P68LY#I)7{
z3UX-L+b|iSZuDd*yz$#)X`PWsEn_XjI_7M2UZuKx&gO2NY%f`Jk0xM;@OXV7qV+{J
zlg*{Rk4Vra0irt2proc2JXnedhe~4}lTw)9i_<p!Q{ry8O|hG=Y?`&6QKyPob`KZV
zA54YfP~42z_#3rc#}&TTG~j785rsobfk?+TY56T5D#^2|*_Vx6_OD=8cxAAH!E0p)
zb22%;xSNf5hac3;K-nK6MoO@0rWy$pZDf;;33KiTqwQMNbY?!BkDY93Y5BAZ{Wfnb
zH#smVnepD8=Q`79eUMu5IB^$AzHfN^A;G^)OkyTdze^-At-4}GBFDJ@F?Uu$RZ843
zNE;zACYS3^ze8=IXe8nI4(?PUFA@Xwc#SehM9v4Txh%;{(t?SlxhydzF=T@E>2Z_i
zyu0XP6ypw2C}ip$wU<fyynIF^5${S*L!V+U-kywQfD7^Rm|$oRePrInkC3NtV`J0g
zC)NgSeX~tNLnEB-?Z0DM+B)yT*nGgqu1`vsoitc?e-_HWwYmAM{R@JDRkz#IsezR{
zJ^>|aj;Y4N?TFxKPendome$J8c+8~WwqpL^y(`+9LCeXlRA<u`&D<n6eh+wlcL(^v
zQ2Io><`^*`E|W8r#Aa~j!6B^6O@lhcj}wOmNVly@tj}-<2dDPP@f0M}(jJODzmv(w
zp7yDR&Qy+Ft;hD$`P=;&eVs+;w6;y+B+ZXo_Q{<~{I}HM>HtV9F*`rbd#kqA3x*d#
zK7yDJsbfxa=!P7Yj>jJZuNbs}oC@R%%`2|?Gv!ttJ8sau8!cW3!}H(DM8?EU(^q?l
z3~K19sF<W{2L=a!rcm6q7=|W(lVkd8+K)VC9_j6Q4|+C{XAFOSGrmZVg5UlfD(aTk
zC}td^ougZ8L|F2ZDPG_cEQ>$|FEr2ZO*aVtG)O2&&+#NP$H`}xYd70#oh{dCc6fbx
z^4yX)@8!TFzx|8|NyBGR_9jGX5PZy?W6@go)~TUq<#J?kq%WB!iJ;;|`?}ml-g|$?
zq~wrQ!?OHV4SQWr3OD4O!lQMiYHXE~G8@w{bU{LIA<riUg9@LO=5DE2*vj*4`gDP9
zovY%U^RWG*yzanK*G=|tjlKA8bgZ;auPHD`S=&q33EM=JN&7U}G}C2zUhEXN>4HK4
z_{ev#uRIu#e03V8Z&t7}5K`sWyoPo+nf~$T?EP>?w@BBpQ_1HMsX1Qu#UQcBxL<ix
z0OXJ&Z`Vba;E|W<p2!;9YVkhHW!z<T^ZsLkbCyFi(#muF5@+*%$z_u*yNi}4g_o=B
zRV8l!@L&;d#I%HBGbfq%P=^=*ytG(ef!4>>*tp=aSm83h(yGVu3eq+dSy|>dfz4fR
zPD}LrI(pbqa`$J|X=m}N*V<#29)HOh-!W+<w3^<+g2w~#VtGG(LWT1C{w{J%8$MyT
zBq6>(k9Fjc(sy3J^el?#gIRu3Vn7P=-DJwEG?oV4%SuUd)@JlN8N5r)(RWQNMqEWA
z2T+!rKa$<zP<J=qpToz43=f_~Rt@&XdBo6xVY(CMH$clOC~?rd#&2@;vK7sIf=<zS
zE@s$4>sEIEy!PecEA3*RUG4zUIp4T>0)g(GlfaQOB138T`H2bXYKkM<LjuDHxGCTj
zdz4;Q2t#~RA8WHz1&RbatNgQk%6Z1ekL>1YjA%%Xc=m!Gw}G)1I9S#;w60`qCIvz&
z077a{21W@~6}$o^XFO<U;bunwVQX)FPt|iQ;FNQw{lcjjb`=a4%x8Ce(Uhr|aNBzb
zj!Xy)crZXv{plH-y)40^qaC_ZIfpRO*zsy>J3Way*y_h#8H>Vn+I=dS6%4TU&nnbr
z>Hm!iND%V}vH#WZL^!vox?<t#d1lM|n{VhL7Cm^Wz$8FT6K#GhaQ1eAie_c;v5h{X
z?V0kMeDb#GlI1t(cp&KbZZzaPpmrg9nFV2ikT5K-1$C?k5v->i_o<crjy|GB2~DPr
zSFpUgz*hPd1<u#j)M1BRW*$&GkpsY&0-h~8Fb>lxZLQw0bA|O1>AoWw^~V#0l3|BZ
z+DowSth^ngqIz%)r>$;XCCl8`Q`87ZQ)EgyX_ATv_xrI34Kw<-TnMTO1Ate7iw6SV
z0s@Y0-aFZ5{`CA|+pb6aVSV$1c<~Q5FB62_Bor;f#p&55^bg+X*DfvvuAgO&HLHOl
zAfDISN)TF##a*NzCoz}uSAX)_RG8d29T-L^#fX8CuebpFs<%k0XRDC*l*rDAH9c)y
zQ8em&il0BLoceg7i8@hp)s8U{;qgqd*HdW+bA@n~rf%$lW}>paZ$5z9Dcc>+{~V~M
zt{%3tV{{8s^YGyMRl7AkJ$;~I^;>AlTWY+C{ZO0YZr(T*R{xShw(2r?a(rA=Of2-7
zsfvPSv)4NlrGf$&IX;J5h%i8!C=UT0-X{B7eLcH?9?vul<}wiigxg7$9=PXzfai-R
zju{>##IYM)(JY0~<q;@{<H4BuEfC_jpkLV&;9NDvL*IA+iQ`KhUhH4sdN((Y%G|f2
zg8kVr0xZ_TT^!Eqtm{LLa(w`>FhE68Kzn=p#U07(txfe61~eQF$Q{tP%wlIJQ5F4R
zeZPBh)~4@$^pjB1sI4t~zO|3NL-E_YxaRZsa2GY&e;e>?c_~`NK`uz9R#qabe9o<!
z0d2BdVX3I71OaW=ug_#NzmI#Tx}C3puTPGQ^Z-Jw4rfbDGC4fUxaMYN#KgoPf`WoK
zId*L$;{2cAaR_kM6<UNr_+<R?1qf{0^BLDUKdQ=Jhj$?)T6UChxVD%5LSlG{Z*cJ{
zep{6aR=3{?Q<z%VOQ|kyz906~kus)(0peWOceC=lO<nJFfKms}q<a7iTQxv4k&=>b
z0lFe~15h6f9tb@4kh1uEu*b)l$M{IW5cuC1v9Yo9t{Yy}+X7ZsR;qp9Jyq1zGuz9d
ziGwUzZok-s7T7oCmewxSH3Uq>z0s{Pycs4)_rubDw3OzrJ!6uKhq!h>i<X{x<dlE<
z1`8vvQTgH&rcCYMQy6Ft+;6lx&4}!q-gVb^8QKc1o_1aDu3xn|V`&WRIbDDrJ-gij
zpv6(@Ls01G=)~mYgHYX9SN6Nlr$_Nv2Qzf-Mgx(09=iFKGGYLc`qCdAzlglo;dV1v
zHaH*WL~ff_LH7hrFt#b^zoWEE-~E=je^f4MJ=|2;vC*5ZgxE0)hqA!1S5r&PXg18q
z6Osd9`p?apdt9p=*{n5B>j08`UaJ9^7c810RaV&J(%^Za(%GWc#J3pG@&4*4c|dn3
z2iJVN6BMj>JzL%!926vQjr%vWiEJ0v#a62N;D?vy5#2rXBkZ@zROLG5VXbxxfocfo
z0mH)*vngdpa&2y3WdTBy;9wm5><cD{bn^U7$H&LyIdYf)zcQnqU`O%pXJS$k0REAH
zke{DGUEhbz$k=$?M~vxrFs4Me8?*w@i|wjM%sw?2hzY!amw`VIW<M=E=YhBQ+8u;}
zq><HWZ0M{TY1j&hCwkz8O(1uqNsgXG_syK;VrA^3GD428tuylwph%{Tt`m>~)=J?7
zfaqCq2eSge@y*Sdw8psLpyJY6Nv}i;02recDd=Y$L}Zt3@){9vE*aoZt&?SU4t+cX
zN2LhlLCsp3v>~1{7mYz=IhoW&Ru~d*BqC;9ahD9cm@pXG5E9^ZdzsZ&5d57a!g|yx
zcQch|{COuXTpiB87@wTH=Q-?yOc-D&08q@BtOXQh3Y#inC!x&2D>HlB(-%thrFA{Z
z7CyXiW)BV}vBKEx%sSBobGjwxay2Dg^RC)?PH^)EsB;WBSQyL7I|j+UJl+}IA?^E~
zpXsMJijM1-tpT3ut1rziK5oZem-n%MNdPB-J~7}Uq$~Ep8&6~wLsPYa!TS5~3H3lc
z1UR^~y)=t+1QxfvEjZ*$F=w{S$)$(o%oqD4+}d&lY8M;Qa~iTD<;sulW=GI;<%ySX
zTM1Q@OkG4HLr542MQ9=(zJ)Q(n$6az`*a^+fu8bMllme+mTer?UO&!S=}inOY%$0q
zHK!{$b!>F_U7Rl)UxZZN_wV2Xcnbjuz+3r)HxSA$(Td^%G&h-##J@yaW6lbZu+m9k
zg->z7O;Rg!W#$xk3wn#C>*|}hP1M1%-s)W>h@ow=WtlDWWeZ%o$?Lq>D)kp-gi{n+
z8JvC~ZIwuO9<}S^1cKTyFI3a$Gk6oaIM)~UC<YOW6P=X7BAw(0F2&0r1qCR{*Xa7b
ziIg9ME-sVN!dki2W676BZn_#8H)fBA%0l8Y-!5}PNNfJ~b*@F?6C&%LTpl>QBnUUi
zq>VM+_+H?QCE*YD^=$P5q>|xpn0gzOhF)Osu*utARM%h*iGJ_M?2tpP5q~4DAHJ`w
zfa9vFg-gAgM@LpKy+E*JGu?;`0F4?!xS6+a4-=mfU*wYz%z0@aukrg5$XPgCEV=`#
z|5Ueq@KT=viXjRbvR!H()DHyVHmKpPZUfGTN~~`5OvIYkoRrO;HwS5ltA1YqP}D%9
zvV37PvV>J;T<mv#4qOnadL4zlNFn||=2`YoNZZ!p8U{a++zlTv`vzkXBS;eEA$G(e
zh9q$P`p8%rXU>L#$s;k;z#KCp`+>lgP1n-KIUC1r>Te*(zYGxo^L{`*%`YstK3n!f
zlh{K0jLU0kW?*6B5)jx;Xd*O!FmJUaNDFkRnwLf@I3KW%o=Q*QdZSBD7m6f<5h?UX
z`H2&9y_>rJP-u296B!<6rl-DO4Tcbn97eic{DUu?K(jM*a)FMIF2Sv+=!OnXR$|{M
zwiKL9OvEKR2mtbwA7p-UgWwFQ&^6PdhD2(}4=@ZB4Ch^gGRjn7<!uX%d3n1F3jnLk
z>IP_5uZmN*eNHAaXt-~{*?%fel?Dd};N?R97GVI-yOeI<sm8xhi|Y<bZk`n$9s!?)
zL_($s<tZ;@Cbfz0g%czii)9eV9$MHj?OZC|9K{;<%RVNYadgEw`_W8Gd*-c_Se=e<
z&{<t|_%`nlC;p97>mgcibG^3EYYacl;VwvVQ*!uN&>?Har<4XA^@!+_%wq@`925hf
z3;nzYs(=*U<lrF(mPed=l@CL0sILc<z(;~ip-jCd3j!}eLLo570d&|O$f;-jPD6>q
zBF_(24Ppr$U0slY0jK%P%CQl8;9bvR?b$mn4+rirVzIa;og++#;;uKDw91v)@nY?k
z7L`#`^<6H6ill`Ft|}(dyDV4yTXyKIF#ioN*R~EX==58WT}$LEN?_fr_R7kMLepAC
z3V?yT0j)06?Vc&(f9IZ^WdvyOn-Qg+)n!M4N-dV92~$Dvy;E0E>oN#T1?&fVJfE{m
z*J0gBP)hy?pKN#Q=bi7I55y$O(S^Z{_cX1;6H;~m#8ugHx0T3uQ1fA2h#-Hmm-2Ii
zy%8RXEk|gL$J~aFwYzA3dw?nS_5c6M6hN%HOP~O%U&U!!;~(SwV?Rs|fE6FWV)E_F
z!2GY7sSJ=lpVAf!+J9Cnz;Fc^j9CDKu^WpS@_!?*r~nJ_&FiqH{*&2%k_#aR(8F7B
z8KD0g`GgAi{@fq**wX(uzW@j*;A+KTANn`oe<Qskfxz?R*)U?r{v#D%f)M~XEO9x6
z|7-pJdpSPQ?gQn8ng4u105H<g*%|9`#koJTu@N#R5U>vd<7FQ(5Uzm|OgAuyiR0JX
zUZH`!bi+eIF&>=ofkMNv0cVawY(xpq!l3#K_hlC)0=~~*9QsJOv7rHNe}7*LZ02@H
z@r|~e0OaH2!@|-spl|!=kXpVa6Yzp<&@6uc=0paGh=@1{C_9)s-64x%4ji9iAaZTP
zLqb9#N$;If%?7bQTB<Yo_fyJ%>T1R#gnwJ20Ca=@Pv((?{MS24e&zdA{A9+Rm;YdL
zPX$bG?or43H3pLz<m>^D`HnUntUVTJ5%{i^JYVqtA&?$m=P&lh)+GO<F26{73Lveg
zZqgLt*ZBWD_6&fXf4nih_<u&ae3?6yk`{>nBT#c1U}djoX1D*1{690EHT;V}p`ij4
zTw%oqsemijmIGjEeDMj8ucf=+!JMbft+vhAU5DlUdhUPH51#(4?0P!nHcv6tWq(#s
z(Bfz&1Fj<J4$1rf7lq66Z#b%hVOqbu<b|zVTv=TO825%7<E2H~i}drzWjr*UF5WHA
z8pkaFP5^v@C(!y>T1(Owm4={yr?1u+Lt^9L#5@6v4dx-w4H)VNm0u~z$pG+e(Bbj1
zfnwQA`;$2;TrTHfommcSm43}ty;og)K00#%6qkit#ODY_ZeDBa3IGM`;TqxxpPC-I
z)5n)dN(tDkxE(XYug%)x14+&MVQJa3*5VYCH#@`kb|vgoE;J7F@xkl&aqh~Ejf1VI
zsR<3>q|=`b4ecJSF6&LKx;{R<IleEJ&dpGNfwTqO__T`mgS;<09%VQyJv6^N00dx*
z6XXo!0oN*3<VzTA$?|-;&QB`J%KE-wb?#3WzaTvU_YH*VAM@0|DXQDsaRJ8dcYyU)
zV>XUW@-#P#frx0(>gS>_x&_DttaiK9%i{Gy|H_v=nJ<eGzbs1AV<u+g;=%?rm=<w#
zto@_x?d|Qht`e>lD9;<D-DuqdsDh7AObi^t_kwF$bBv<W7BvtO3Z!b|W^x0Nnnx(_
zkS0$&(wOK!JY!2THLt3zr4@-|+YHRU?u^3B%v^0W0OS2}n=5{t!4e)F-48%`s<B$6
zC%KwCZ8GeGAUT;sNl!})0|1oncJ~Aob3aXRU-kpaQ4;{5<A9oO*yZJAjaFx>4Zlwx
z07kWodQnBicr?)*$_m;W0Ehagx9@wVzVULcDInVrBr!43ew=M_tF)|=*>XO#bN%l+
zmSY%z^C|#*ydIgB@sBSKp;c5=2+7GI0BCe{fI0YRwd$c992_W7>~diE?l1nR%k#QW
zzszNp2zK}b(8Qsjp#>ET@{p{4UO45x;<C!$FOiXxV_z5JcWrHLU5r}t0d7(UOZ506
zXkjPUucMpZ-~iOnQlun+cn=!?HZ4O`t@>3wYv4kc3Hrr5_S^v8X(BNL{>M95AgSTh
zw6v^7GHs52fPKQrFAkKZ2>pk5#BEoJWOPF1%z;~MrNQgYWhp##+c3(BC$6EaZ49?q
zX*_NP$QA#}TZTG^=mY?8dquEk%P8sSSO*tG%HY{)Xlq-|ta+YRGy|$6WIo{G;fry!
zSSm|PcSH~;*RW|rz$S>gnfwn4x1qnJ`N{?aa4jt^Q?ts?5r7ADvj=o%qx}K{SJ(GI
zJBd+FDB%a7@L}?L)+2>e-;vAy3<kh$28V|JtUo!Qed20V;0<oA+EHwCo`?ON!+(Fm
z3xJ}wu(ch`;&h6>QWkt!bDG2=`U2O%k>C9<BsDfdzAL-cqjR1+&Umw6#N?MWVS)JG
zz*l&=D7*umgmsmdm#+>?A{3cp2Nr#KMf|y;?jG57M1R7t<N1{kkKf>)Ff+B<jen?m
z>CE!qO$nQU4E0B#IDEc8?tTH4-|Uac^8FOs{Yl6*@e{1zP{pLx72~vq&#Hbb18|^p
z`+${CR(T%X-&Q1b&8=4DIsr7uP&Vfmr*y}oRQG3>5m67`^-QTB-BSQ`M3qj<3@w$@
z&7P!=&;7hvXw8AuKuu$%=`p8rP9+w}=lv2k%@KCoD}c5+UzZon4ceH0S~1IiAI+Xk
zBqXB~cIjrVMX&C`1)|E8=rmm*8`sF={RPDr;GT3%Tb%D(^*IATPXi{v|C&H?jW+t<
z1UcQ$V5=ehxmp#yvO_>8aW3AS?J~iY`aZjNysj~0fO`$_B;ppW!KA$z)j!Uf2UA(g
zW;kLyZEdL1mLAqzoJi~J0ysgfR`s)JcuPF=q&n5wr6a7Cjb=0;F_s@D7E>+<&g-n5
z&>gOyFqj5(8qaEO8e<vADh69-oYQ{t?|P&H@%rcNkI#G=34k-?2#|y2<P+02#YS`S
zJfpSvx~gSaZsX^mGpT8`FLeDn*phzkbK9!n-7q9o=y+k|lv>d|;i*xRO;t4X{?=2(
zOPfiL`T53q-)gjMY~!Wd9vlQ)bUOBdTx*<6L@t1^g~$#R1@O)g0?Q*$LApG~p;|*n
ze^^&ny13Sl)H0C${$s~DU4G{|bzmXb^GAqdg*)qcl(VCfCEBG-@Ug=9uo0AQoX#R`
zIlKfGW_oUCO67fU@h%mQTA;jEHb?jQF-BR_72SM-3#0P;zT^gZXO!&E!EK8a7lhL(
z!b`!0DR#dx-}N7!4K)%A8s&D@OgocYcBAne3pM+vPW6oieFI|3;lJkG$WLFQuv^a)
zeP}u`0|#5Nv*@YWzBhblE2yrPxN#hucE(<$9+EP@IjNnm9U0Z1<uG|@m;j?oWA9Z_
zTa;Yo+_JD*T=N8U412(JlgL-&Boh_=ZDkR-P$s*g9epHMaz^W`g&y?y<qY`vUJ&v{
zT}BJAa>#~dsmfNH1jv_1{3nXNbAF4_<0I!tcBhJbZ26DFUHAKY_Uomt4_vRfobQ%*
z+jfD4&<yX#Y??Czn^})Zw?E}5!jIH~F0_XxD)<}i-ck3_QZycSa4akr#TC>1k5Kf%
zqYsqTRU=M*LYQOeKEGzZW%o+&CZnZUI8bslBXGMBu)G%YjI7Q>l<c3o@3-)8UGrBC
zu*kmycfE`gC@8MZ(fEzmDQg_5&6dRwv_HW_PO4?LSKLl;ah|)Sn$sK4ax?7i@`jD~
zcvY1TtP)(XzOJ%&1>F-|GQF<5jwGby>QT~g1T5-r80^%u&u=mGF6rC<z(q4{Rc)pI
zD0e2WqSvO&EPrDw+=YDHb@yd@@Oz+&#i!{{X!oI{rAnjecy7jjmCjGCbG)^(EBO5z
z?$t!_`sT!wtvJ)l#|5o)FKeaXJCi#<uq&{aAI`MUmlniC1vz=A;?fQD%or%!k?c?=
zBFfiz{D9zjiOSva+WZKm5+`_0t)}E?MPTrAhGXD=#Q}??s8(!u0jIc4NaupFp<}DH
zwQixkor!f@><A0)H~E{*2|o_N%IY-6=rvMivRVPdU28&lCQHHOB^O^)i1}@0Eo$uu
zBNPO>Z$pf?)a;wx{+(XZ40BQ_ejGvk;Zju6G>Dd*7ex_?sK9aM`ecQFN5q)4^E11u
z;N^_!Y?L=}WY&y`n^)5XYDF9SDwqG$Tt?#=++-9t#W?K2$k-m1TrMMaui5@=qZ3ay
zJ0P9S7&{R3etI$Xq!@k8bBGr+6FbUH&mE-8@4%GjDyB=Urv`MG*Ku?&myH@4ejaV9
z(TAef6uv=C8&l}qm&4(WvcL#M(e(vv^aMAZ#R}pF&17UZSIAxYwS;_(xRDTTBR)r@
zm6=?3367qquo}0TE(?ywt0U88YRk@t)xbg=zo5Md2q4-Ryb{R*=om}jSo}Azi&sIf
z4TFNE66b1p!bbv`?<F+NKTqM;=<^$jI1*B3bn_9EN)FvX4ayLa29xia1ulO*f#5V%
zI;RKi&BK|HY!pGI79#>vZ614IpM%<h{@vrPxU~=nh)|$I;}fgg@C+Y(MRvN^Jcvjr
zm_bu`|H<HY4`Uga+S)oKWE0^$T7qAJ%tV~fhCPCm3{=Uk9Kj<=C5ErBRR*tr(7i9)
z^o3<iEFRxkDB0;*9AE?dA@Sp@eCP#n)b+OuY3j7gy2}d8|6@vD$%3S&b9<hlI!@LT
zQZnIH_y$}d#PxOVmN-n>EbiX3Zw{Pk&dR3c@IkU3ZGH?Naey^s_2hm$g3mRrGI{8r
z>pfLbB(T|#PwZWG4|#<ArsfDdy0gYzZ2=z-P+WSv=JIyTgNs7{+Z)k-?!J94Z$JN*
zLCH~#(DhNpZ#Xi#ztms|n^-5lyA_Ktg`X1m()&JK^+VX)g~<1HC{4s#ZMVhE&0xP4
zeDK!AWD_4OGA|nX$KdQ_XUH)zt^UicmWfPOKzg{sv6_wW#RQ(jXht+6tD)bvX0&8n
z&ntm<@T~ZQ@#=;#B~LxPmmJ$xX$Fd@iqsn*ds8Mo_Ndyx#O#;h&;)NdRL%DO;zr-E
z2u}B71_na&9kBN6wOI>TNmilS-+3DSn}#ZE9QFqy_!}F|DDy?))w}*#n>FC#Rx1wo
zZ_7}%kc70PP=GpOaTSyJYB^CU6+~-Szdei;<B<l~tFy}wv@mI$n$z7!MXmY3xD7AZ
z``B;o52G~I;6nv9Z>$gaJkeKB9_mhE1igV;S2Hi?>HNHqpATc=OjgrMHSCDmn;vMH
zj`GGjo}|8ag}H{?i33m8w_MI(Vo@44Ls7jW=t;mTX?fM<NP@l<P*5>Kz8AJ&V*T5@
z?78Aabl4yFqDy{KtrIv>)w{!*q@j(w&rMCct@{(-IjX%F5@%SdA9rn_qM(QTK8L!9
zxNLZ8S(Fv@RQy}N;~Y%nkY6UC2hcr!O9^s&>zJCX>D*EL{C4EkNms?i>%TG0S0DIw
z>aU6Col1Lax}azUB`Rudgf~BNTpze>$$#FWR=)1A$7iM5j5c*%ovIOFx?W?hJ3MY0
z$vT1N_}w^^`_#Z}?;OLz!v~NsV*~rDN=#%0vawf++(*j*0L$nv+CLyv+V3l|*xmPr
zfy+P2+8AxDVUUBk>{~lgX33)mdStbysMgyI6|tIkVVel68(=;^UegqC=7J-f%#C~g
z)(rnitud=OuLg%8<Yj?WW-jTidS)D)(2jn-trBwDmptRw@}K_WP#s}zeV0Cx&TU10
zB7feadW&v2-N54DJ|=&?_Ud)TzWIT#)CW4XbE(ri2!;B`SfSb-lPoz3L-wV{lxNpa
zrtQJ=I$c&&*@mjodYSlMW)RP+lKomPVz^_!>@(!&ppU!xdEsyl7pRj{;?&+%UuWE?
z!{K=u5*D__;HhXo84=M^0LI4+MCX-XXYj+QvinCy3FA5TA3JdrzV#-8CZGMb@HR7i
znAknTvbo1H_VKVzdIkkg#m|R_$!%>r-(WQ9l3hRFPcGZ{9qO}<8XQ0G6D%2hM-nCD
zzGzwC0K?|z!GUxpD)_NR++H@=%D^Y;>kM}kit!wOtl5$tdJs;+Df(5Q?Qcky0ZNaA
zlA96X=_)!6)?~<M^G~xlI0~8=L5f&d60z5PPc?XmCD!U!Zk@(jdRxe-*nk517aHs3
z)UbnCO=Lf~-dSQqEPU%7SBjcM$5R(D4v4AKpTQ6bUuLlvl=I7Kjefg-nR&mox-mTf
z{4=g;fiG11^1Tu&z0yHj*J%0%TP+!Ni^0zWdcZUVs(M*88hp%Z4f{Ih*Lv+U2@=-_
zhl4%j#`;};yYZ8a3?_+gA9IVbvlvW{&xK|`sj1QJD#Pwn&F)f-6#@1>n=|&wk00ZE
zfss4H?$0rgS2wo|ge2x52NT&L)JVo30Yt;`Jb@x_mRBf(x7Ur6TLh?KB)K-|lPmPr
z8?E}I((H@(X@x~F+z)4>#~D(rBPQVI2R65`efKnJ1-0$C`NSIHMP#l6kHWGZNZ)PO
zqVaOAdq_TCtaR#}!Oi3|Ln|)3$eu5|Q{^9ww|mPBs~85YPQPzY1@L5*R&Qre_(fyr
zdtwneWLW$u3+83TJ)TiLv#1od(OneDh;?OJiB*h1a=#+b@A-YF;-T-zjQ?_|Pe^8i
z3KB?CwCWZaomnO(VnS-hpcBq?-SfNBPDD$q)VU0D%PNj9c49`@-Rpg5X5JTOW;WWY
zDkJFivQ3_2{Gt>xFG=Kw)oIrHsj7>T)p80nzF*6y?O7U=-!zio%te@DJ_^6dO=zw=
zP+ZQaxQk2BH3VCv+i$%yTT2@uQ(;)g!RR5ot`0CiUvq9--Hw8`tcgZ0+%(%Gh+`|;
z-xaAFdm187^V{<-IMdsk5xO($I<AelL$UjAMcW$Pw(fe(ee?zl)~G-Kc?^Q21akUH
zPh+zv1sxQ~i=zp`{5l`StUcbb-gZ$=rxO{$C2eL*e`fspMueh1rp}PpC3Eqcnm;Is
z`GSGV1J1VH7HcqiL}cU`q`xS3PzH$!r9?)^M;2{|h1}@5poNl#Go&CALdUIdT!Yb$
zzSsJEm|r(iahWrn%aX^)xBxK)G3==y41o7EJx$yfYw~xcc0fIfV^qL8JQ|e8RcUZ(
zgrl`tBZ!!f3V1%nbQqT%es-{kP<?QLuHyqedQyrhN2Gy`if%btQU)s}#2P6SX`3iq
zMxvihIyJBE4-Cbx*Y8Z6XwwNN;CI3@&OErxgO!@?(d^|dpvpsL#5`QU#}V7a8nD%8
zFRH^MxMcU^f`8@~iR|RFIb2}Sb?bog13oa>J-!<SaXUP@^C2fHF`B)(V>P8w?(UyK
z6s(}4rTKGr)gvE|Kr@HZqgpMjg*q75%3@rTVsWc`6eEh7Q!|?NqW(on9r{Kf;FL))
zBUWViwnvrDXNoIQ8{x(Rny+{bbzv<w_uI1Ba$x>SSv@Bi2^lHi>6b`wSO_s6ouqX*
zMm~P9ss1NK@A=F*MoRE>1_0Sh^F}ry*CfMZJ@RiBlLS)RP9jPX-Ol(_6)V=Qda56k
zL{=2pE&29t#cF&C%QvE#3Y-#S<f14p^ImsSvcWtF@>1te^6ggBs01RA=9VJ8PDHR_
zj9?%SWtnJ8_Wi$%^<Z~=XH~FERgH~}+6AZVd_ID1nwnU>y}gJGpkftv0m4>%(*N#V
z$jwS1FXDOxeFWCy1Ng5TCZelX9|V4u?SeF&4?r*`Z_8N|C>pH>k=LV|an`y({d6QP
zv_UU_roid%QMBbbm31cSPP`rN+hM57KFHlzV4rTd#>(F+Dwx`7?CPr2#%lP|8Q6Jl
zpQ_^dF3D+gSn|DS7h9fn_(U7}n6GE=8FuU5$Z4|@WBGY+A$)J@a)~9$U3K)DnQ`c=
z;08M}flv8pzS53>21Z55@25_Ag@N6fJlo~I{AGM{-JVcqOFlqe+I<O3T%d};=QrJ#
z0ybfIAr!ET;~V~*%$&WEtIDRjr{h#=I#tJ=5G7AjMH*RD&L9zbbvvbl(|47<QnTrI
zo;5U;BhoXaq%(pi2O0!Q*y4dB%8e5whcySsIxvGG4hP3;Y+Y?*2_(un*7rJ9Jam1!
zH#0R6Vx7(dY^KsYG}+Qf9XIFH^{ZmMuEq03_F1W!z)!mO^*8hGY8##tD~q=ic?(cD
z8SuL9txyqEmV-eS*2y$K#e$0KX0#9Q+Fj%xCvoa46Xi>mUAOv?j+ra%#3q`r%>Y;>
zzLg#t9+|F5uxhVa+K`JXYmcbFWj>TZyrNnA|NJEwNY(ftF3fV)L!Cj);tTqNx12)@
z4P!#xM8s|f!{saC!{O2>uzD&@2|psqK6sS<CQ}bGxMHG}$|rsOK;rBC#Rqx2wE%wa
zXakT`b}{gc#1N+`YP;Ym$RLOgbWBt*{%a}CA+xZq_C$Y6_WPNZd9IR0^{A=WzE;0A
zEmD?8K*&HKj>J6R-?fz$ESf+(STDXDe1UyxXf`d}4c|*F`WT0AjfSZs>0-Dx62#u5
zf!zw={bUS;)`)W+do|Bz)WbjZ*9N%wkpuw&0})mh8p$sL^Mdj0ik?u#c>(_35cda}
zdR+-d|92Q_L;XIS<h+@rTYgn3uB;2=1;`&L%ZJi?jWxV{t(%{wt_}4rdDzKEYZjLh
zklr`C!GCcC0`l(4jeHv(mWkTMUod6Lz82?3$3c?aZY#+k_Kd699{(oCK;a-geOFzW
z>!FwKc9sQsFtS=V_{ozw4{Dy|_92JIjUC{c>D0l`jylgSZIw7)^QKIhuvnB)D{ew^
zN5+yB`~DX@HQ;7qA1jGG9mC4q=^Wr>Z*j4}`4>4M4p?lw=#6{8?JGEfVy$m#^Pox)
zWc5a@RRT7{xYQ1r^U7K$nDlwICFzYuPQA57pnmw3b+6sD`!S?1a`L1|X`7Pv$_&UR
zX@&9>H)c^Q?%zq#=dl3G^WDB$U}{43?>ks97X5PI0K%rkeM0uSO1R9#LendifWBdx
zf&~3^N|zR&u|zn9X!zKH(UKYI4ChnCReL8MZiB-=qPEpn<-o#$%55A7xv5neIu{{f
z1gh+au_e9;5+p33FT6lnP^h}`v3=yZzOuD<hSPG??TyxHvy-A2x1|7P69jVoHlF<5
zB7q=uTbNLwQ{(8cO!k6FA1duJ)Jp$1k`3v<fJ8G8u!HQAzuOK7+7=mr@`8i{z#LGB
z8Q}kmL_8q_7)$>L-O7J*yZ!}yg1#dAh=k0rUpM*xUdG4(F^JANt@@NNgZe)YL;xT@
zMJQl`{>793dA6j#!dQPAENK3>0vre++9l{eO#9z~-K)??D`CP7AKL~s*DkM+QGEt`
zeIa>}LBzLTYXu-lbst<(jKPd@E0{X$yFLT@U#7ZX>G*)72fadrK|JAn_*kAQ#Z}ZE
z)z5!xg=*B@P|3euxofv>sBqq#6||Xds;zfRsc2l<;}EzY)BXMGEm*Z$|1D7fgE>vO
zuIe!dt(@!R{+7<|&;F^8SAK2zTj*^nh&@LW{V5<h1rQ-1&O=c5iBDx~C{Ww*MYL%m
zqMnMy_81e*<M|aNl73Y9=8a&;p0VF(ttz2uBsCEA;p{90FY2W+WJ~kLgB1nMp`{xq
zEKB!81mP@Ju73rTQG4UL+~!xW<R({bTdi6!IwLvHTzHq3Wm$7PVN#pa?@pWf&6eAA
zBQVp=yY~TA792bqi)1fydQuIMKQKLVDr`*!)h*yjg}txRq22yK$zxuwkL;|(Vh`eB
zVR@P-zpC`3zI|gAQt0x>E&C&0z2-%Avm!jMKIQ~JTG+GQo$x{~lTv%<{tE(-JGgRF
z&i+Lk9U@>Klas#2(gyfNvm!!G{9hDfr4G&QFtbU!3iC_E2&d%1OV)!dzZvxE`h)rG
z=M8sXsJZS%ET?$pSqc~LldtJU8)fnLD)sPDmV>%fp6)4b-rh}6Q)Zn>zOluY1TvSQ
zPT!sH!&V!dh&V?MjX^0fQ7ZI5jqI?vzh%o3D{w0ifiRH~!|~^^%(oYx&5}?6vVk)G
zEcvz0xzDReSbCaP37!_1T5xOX2~}k4_NRDG&>C7cqzuk~uWkP^(F{!9aUosz^I`r;
z(?KyD9#*(ASyy9`G>{I+%1oxaKFj(|&w8P`(x%e%y!3ZZ>2%@MewNG}JDc%pLXre>
zz$qe9b4T@DxX$=tk9KOIp2$uTfvtEX)Vf%U_`I1Dq|~wtv1ipNeh9(etiXm-evxd(
zx$i1995W!`TM||d3u#|M03jhT5a1c-Tki;bApciTSQ?gCNa$*1K^K#q8d`j>=VNx9
z8;J}=f#8Ga255nv56#{5Mj*ESnS_pYi3(=l+a;=x=Z>U5=r_LTE?Q!<OROtvBoG$K
z2Ch#yLI_lSzrLv{S)<KrC?J*UEC1^J{G7w*g;h#Q>Z@@~eLZVjgupoj9ZCSNJlLAL
zt!{|G_8PkkR$9=>3xxOcbJKNp2Fmq2!+L1=72{J>Yima<`YGRX>_A<~?oih!3m<ib
zz#sR$!AOd6`g0`G=iHPBI%J1>LUItM9>L=C`gfRtzEtY-Y2y2;_|tsiR%}!LrhMq#
z{>*d|eF!cQ8P2^!3mf=a(cp%tMy0r1m|As&gWU+P1%r<{$>zsJ`7IpjgWXJq^1jCz
zrE2#JnevZZj9>g5KxN3rTNKB0ULL=Sfx9|xotk~8RRPXBk>)ikCr1QAQVvYfBJ+LN
zuxiYth)e!^@`aBr-{j;J<5hnC5UVtKQ4<BiNKwR6buP`(&npoo+gx@$>BGsvDm@>B
z%*Zi&W3gJKdM*AAeQ_y{$4V?JHgn$p#BAv^{XISBqL=~242v?E{%(A$QIj35SaB2C
z7K2&yO^uQ4)i8C&h5cnL`1>yKJEoQa0QAQfd%PsfsK^(wcAqO!p?$%sb$6#(lo<0L
zxljp3g|kzny1^&+k`Zvi$>A|gH?jGRqWxlN;@7n?oxNbGPi2*rgMc;}!E9CwgbWM_
z6mnVJfS}=ZjGZ^=7YY@V>1Z+y?e=KmpRjT%%z>yp<?Bby3&Hkw4;u2Kl7e5g*bxp)
zPnp`b0za%-?aNWiK0j<phg)!b?^x=kT2~Kcg*9dI-rNo&AS;3WnhYQYi%Yhep&sQ%
z+5`dJK&U}1p|6*k&G}u?QwgPlRoo2-FMhJ3ug2zx{IGyZEh5cRYc&-XY5wGJLX}HN
z-Co9Pkw7HEB;jYDNDn_3za1Coz_c7H+#&Kk3N71*6{gvEb;h{Rbw&G_lwIth#~%Yi
zO000aEC<}^celMRl61qXR~@Qbzdh>n!dj*3N2P7728ZeE#~n-7D47wGo0k;oRDNDf
zunnUFYbq$l3?7(?gof;lgmr}mvh2G%isOH1f!TM=QK|EUZ0hr@>eyNT=<OK8*cqF_
zdz&foQmA@NTVg`hXRbV>$8@LuUj_xE5tN0vW;|3AjK>v5PDOX(G0Js*^uDM0rQzGY
z2~(r@ZB_OA74#Yz!nwt<D_m-rdxg7&RM`(k;da)NF`5K&BT_bUn9u8N`nhnz=g$K<
z(WvmzPtOZoo=$iCNV1E5#Ssg%ss!2K9_!<W*L?SgyX|t~8Rcx3R3IMrE5fhlzGyUR
z27vJC(>{YARZf>txlRl67w*b2{W+q1QI~rL4_dv~8nHwD7OQWIB?UPJ{?JFO*xPwB
zuJ`i+y;O}Mhj%HW`earpzwc|=5_wKtm)0wnZ<8lhr9R`3Gu~#WBNMgNj~dTowxw2f
zgd{QZ2*TSi;T5yv_Kc?yzp8<@AsGAHW?Jv}hs=b}r=;|pjL_9e?Z^Ta({xS;+Q`XN
zV_BK{@Ij5W_ZzOYl$20FM_csZu4jC)5^}?bJ?N(kKb`=)bqClV{UnRzy{F~%b>sX%
zPWxK<dng!qA)<A~L{#+Xnp6=_7rFX<4%f`|S>K_H95>fK?r1dFs0FR-49z96I!QcK
z=jTbJg6#pZc(l5b2=hizlv<X34mfBdc?VN?TWwFalV5-J`5(Y?JhrrFc=aN~rxezz
zEjpdkR%6(2@UO)}S9rbrJWljD^*M9ev?tAhC%+<yK+sQcz-Wdm*$cEgTY^ZY+7EcW
z9M|}~Z$;WyWoWlC@zNMb@uc|O3~wKz)+=69?%CJ_pvp>$A=6#%$g2o=L(y4qcoqw6
z^nW=A8N_bRlN~I~&NAE~{B94#-nKH><B0<uJmk0{O|A1?{XDsXBhmpyJIn*AX=#O;
z?J@xYGj!CtxhD-XTO-$gS~+D<YWd}cq3-G>;=u(Xt(L0srT(HutRKzKEIe;R<_dI1
z$F~6A%ho2oh?I9$w3pRTFIJL6K{Zri)oZa%m9VI4gJlrLz-sCZ0z#DAL~Pl>X_`J6
zzOVx?c0SE{F}~J10{Y|@6H@xIn-9XO2oHTy<$T6YfY*Zx6O6PJllcsXNl_88lE?}M
zhCbP2ASgI-w@{Jxa|=8{er+Q<zweGmvbvh&qb*8p*DJ%5!K$1L0lykKGWhToPsS0E
zQN1YVm_h)V(U{%G_UThn_%h=2jzePsa_&B!h~NlTx$jjI6kz=vVexpERX2szDgTtZ
zl03~&%5*|~9p|h<-S*;@l(+w{w<~{#vU}r}EZLVdmTHWt6e3GXV`ngSjh(Uck|oQ~
z*q5j*A;OzwtdZB)Gcwkau?#87o?Vv7PGsx*=w0#`e9!g#@ceS0`?;6vxz73ApZlEr
z3Are6?4Lbndl%CeXS{HDrH8y4&!HDFN6AvkEmi5q%faiGrx)IZb@0RTW+5RnB)+Fx
zlQSK1R$*=Z#EeJVJnP>+Y1~{59rrr_HJ(JweQO6zJSSx6;CDC0(v?$Br-DAlnEmSB
zhtCLl^}keKzf9B1v?vvz&@&u>=sA@wc|+dx$<2Roy%2dfngB4tp)xYVn4=2-EgEND
z!vNfA>72ZW=_AjZ`<^c^92-&P?|Cjo*=*i;3ZT1H>dW3^J>2H?>46Lute%%da#l{Q
zA-dDo@4wy#gT=9x#WQNL7~jbc(Z~)B#M`3YBZcI_DJmCXmssg3F-Z}9Xr2MhpD&ed
z#W=Omg|*sm^~=k+?!J&)e?tkq{@I>SKv`IOIwbWzJ<?GmPv?}$%12JqIvY_2$L?{S
z9|DuWy}rtq#InK-_}^+h*my>nBfvn8+c9a6U&6G^c>gRYx;O(q+tUItei>IihGR?@
z^Nhnw6omE+;}|JA;Y4uEm!#54)Mm}-x35QiD{Hzu883GdiNjFT0G-27IJRFl-Jv2+
za8<0v{R(w`*rOzQ(l62@7@C6x&ofym9L#PCuTw8~B_n8NB<^_fH`C{H%)B$`zpTKb
z{hl}Kfxwjz2&Zz0?<U8oMQZEJJ8#0JC6PvgbdjAZR`pS7J(+QG69nqw^~%Cg-S(qH
z5~vJxJ4@|PH<FlAjP@PpWV)uJ2nIzi?%VRqz%?0?$?_4J2%}vJ3Z@i<s*+(uMBFZN
zb#MYWxs%T;|GTN(M<kvm1~c#iW#}0dBj^_7bh~M1rG2+^x#YS!!7xi{wtM)lNS!Ok
zk^7>+xxFO>yY5pWqlvk3bftucUVEp@V95aaGqc57z=~~<`sKJGRZKL2i`6<2IU7?X
zW*wOkAPfGnm-d8Ce-tU_<5Q^J^8T>bW@G5%5CH~)OUT;z8FEXnz^<S^4(69NUC8iT
zY3)9352wdI6URU#!l517<Me5jk<E4Ue(cYl5G4gG=8h`(lnPs^%VHCVoO}vzEU(V|
zF>%1)VNu1FpTyDq&3b#b*i-myy?4P;!XatmacPp3+vj}|RkuOW@q=j&oSEM>zr(5Q
z#7u56Ur`lr<#Slz9`4H?DHzD$GAu6IuA2M}tyeRrpTfD;Ld|-R>^imQUTDB8pr7+l
z6I@5DH!)Q9-81{w9?Zs*-c13+v@g8G1|6>tXYw;)e;Lb^Uqh3-QDGGRitH?p9U;*9
zN~CHF`gJFH1qLQ$Nz9D}E}xtInoTTvwE6LB1Vph66iXpvWE9H{oR!Jg%Wqg1Gy+El
zRm|t0zubTzBOR~>#hmy0vunS-gP74?yfe-6&LcRrIE;xMg+A;?=qd?0i*3dAy9!bH
z^6~JTUS=7v4>n%%*-&=b$EOp&1g_Craj|eZ1QpaYXii{2u(KPF&m=g9)2||25E5Un
zsSrF$RIj+V_DCGv%Zr;r>WxaSx~nDQh(i$6fRX@rYk{kAqwmlC6}2Fd@wz0*Kg8`1
zxS>S(kvb4#0Sq(zY#n32X*`=H5*eC-TU>C4uS8P~seT}<W(q8d>ZW#HDk|XH>0wo9
zyT$&Ld74=yapOCf)GlUi_DGd|iQq9|cD1B2m&F23?*U@<QupB;SnlFf8sbOQa$)ZO
zG>F94Lev`kVXWudycRXfL`o99NA-my{q<rViJHn1d#2lh+($hkNpeYSe9#$6;k7<G
zFr@h<w>m>ig_Wvn6*{<tdq6y1-9dYnU0u=+HtMy779Z&Pw)LsPrr$UNze<#6&!tPq
zR;?b3t+6B7hx)g6dkpZj283D`gY*?ZJ=4SSX?x}7QoZPGR|~86a^98r<|MLtNaJJA
z#(OFbv^63AAALe<YHGe%7j5Mc?vlE?x^*sq!4ttV)`(nfm0uh4Nx4%YI~y>}kp_De
zRHX+u7H(dM#cHzq+)llsLD(W9nlj)ogMGTV4_ZrwD{cS4uAe~(l6w!oZZq$up&of5
z@5G60_X&_9UO|gp+3mP|e=zqDGxZ$zSA7Jh$k`SV<%c_)rh$bV*$GdiBp=dkcn)-z
z(xGvof)@_EmLIbzIYh&dyYLVfOXdOUL+}2(1ck-}+Le%Cs4<CY#A$h>;cbq;%T52R
zS#hY0m8@0PEugy*jrV8}xqpYh+TPV+?1d=a68d%-x~O?mi2y6oguUpJkR`KZzQwj*
zP)x^s!Upb8j|o{RFCXdbf7kOW6=~&w_%DN=Vuh9qe%!s1h94F67wqsdv*lqq+|hH?
zc3^ZGTZhJ>ZVia+=h@S6rEH8}TkMCkwP_se%#NFix({FU%T5it+?ga^SC#1d^ph<f
zLqmF@6;Op+Ho5d2`?M20Ge_|AC37e*JrA_*i-iphiKCW2T(r}Q@_dD18cZ9siF=l>
zY%)Qc1c_Ly7~;8hp@mzfxvXKNfI02;j53vh(9G#rM}&ZZ%4@ZOOL2)}aKiV=lo*8@
znrXO?m!4c!eKeyGvU_d4`=RB)p`(y=M>8(aFip76V`FH@wEuJ24r_fF9glQ1^cXUE
zs?4tysfL#qHv)AUgL6onc|h@O3wt<;?B-4OXkh+Xy`tiF+aQw9Q8|L4S;L=RJ(j;h
z)<)<Iu`@|*k3t7zd*`xNa?q7zEi|g7IrRV?l*14Plz`~+b+&RBdG{{VTlwrX$q!Mt
z*{Aa>)Jeqa3|}?b?n{ZGyI~n=fTO>O3Q?CS)74s#M!-|>!@kK?YYUs@GgvanKDxU}
z4p`9sOo`?pA*a~{7A;0^UpKnExxlTh6(p#+k4vrfbj~;vMQfXZ+4+<&720{RAljtb
zKsGA9k(TTGW&xuK$ZSB?m?SWD%`QQAMc;NrD8d2%xO|wy#9cFGA2A3rtmGEMlk@sC
z#~v$Q)$6xV>Rr5XP2~{>PWQ>pxdnubBcZ)L_Rmikf@p4vu?{j&4Ss9hz%?Y`9<$+r
zi+s~r0I@1<a~3;ZXkt!>9}%@`y82D6+qU1mf3Q1OR7Zqyi=k?-in5}EoyiGYXuVBu
zjfq0h-5`yI8+?QAZ~}VN>|TDwwD+irB0R^Bu02Lw%S#A32NKTHmx^b<{g>HxgCD7$
z*0C&4+`8c*DRd_ec?02q+BIvdW4BH+hNshVS@0UZiWNO`I23=2r+ufo_GWYuYscAj
z6R``j!dOW>^0C=|Dsy`N^H&fHuAnld{t{<b6Qg;Ky^;r{IiIDX>9GLeXkv92zR&r*
zrHXYus+@T+n4x8AqzVT#Kmkm0NVxVohoi5Ykx}NB;MsjiJ@}I{$y>&Bv$1q9Ync|r
z+B)Qmf-J4=3vr(<?pNmM<mYKNK5*^hh^h|w6kv7eC$3a5Sd;11_oeuS**GCKg+v}#
z0ifc*k%&}a`oxwBNKQm=5(LD_87y2Xpf4BAv?7=@E*-3s!6jN$DpfY;Sf7bDHXCEP
z24I1?bG?1XJ93*Lj+`rNPYNAjKh$8%_!LX}fQo1dg%hBoHvl?XjVnqe{DU|iLoNU%
zeA0%~G2{g3ICo62ZU}b<8ghPZ7mh8K1{A%y+;wmaI<}OY?)YXtA6ky@lOy`~ciW*b
zQMRwyuDcgE2fZ|qVZ^*13&znM3tL8pHF-fz$KU3}(vW@b7W5o_+N-_q*YZ^XeUIzo
zefor?TDOIIZ{JEM0C!ac4X~uv2)l3m*oac3Twp9!<@;q88@*Il2Jd*e>pLNT{Y5RZ
zy7`CNm`_@b=Ql(rb2plA)V!KRBWU7DqtbuP)wn?Q9<mPB>yC#(r;iko!UD5L8#H?S
zG?Si<ATzOJUo5Eb!{iwhbXn95O*P7E)wiOh-B>?UFC@YfT2;1CcuJK!y<6`v2NO}r
zY#<&;xgq(G_Z39^aTE(LWvD{vtH&=BVq+qkSuvD{cU@iUvpx{^2t7_J|CFl0V6j!u
zv%%JmM-Tt*46wPyws4fJa8Af4%6C$7nc<E2^91$^DN6(*+W)7wo14hUtXAUE?Es2k
zoVbhVuk4DWXzOj+6~A$siIu8J{Eio<!s*&SVDGW_g^y|SaLEt!Cn9?eK%ILloe(FY
z$aNgWJRav$zoUqW2Way1rqvfuNHQGf#78EnU(Albwa6ZqEqrih9491c00rgFw7g3H
zLel`16beL1W<VtRcQ!Rd018Z`sGs}?bOZd)<Cd;}>EeHXpA}Fs`5>GguJ&JkC5Fu(
zTNQsp3*aLED_jo1>kC{xiqI3r`v6wSwWnV?E_(d^gqg4b3Syjc*iRTQ16YN%?@2l#
z`G0U*i{DkaZyx7f_KBttjh3C$nI;r_`>?DBAt52}&Hdbin!9k6|9(DD!a7Iw*CNnE
z5NPz;nsR7(I2vdNQdL!LnexoBIQ3n#i~2u@05A70<pjL<sLd}fJ}qr=uXB*B5rtJ_
zVP=LqI=(<mmZs#PetSWY3IzN$nt@a4(ZGOh9{~B<%k!m3Ink;)mfDf&_q=N~R7;cn
zVBxI|3Uk4IwW{|%Cpuj&PVS$2%@ns<3vvCgFri451`nfJtMU|=_-)9peE3grj8?B+
TQ)&=B1uzhBUDYyWn~47bm5$pV


From fb5c0827a34daf6d602fa5a8d369e70c1f315eac Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Fri, 18 Jul 2014 09:35:54 +0400
Subject: [PATCH 171/516] Skip whole dir dockerignoring with warning

Fixes #7093
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 7d97a5f4760da388c22a5a29ed95888b89a23d57
Component: engine
---
 components/engine/archive/archive.go          |  4 ++++
 .../integration-cli/docker_cli_build_test.go  | 23 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index bf6e0b7797..3de3b09a25 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -347,6 +347,10 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 						return err
 					}
 					if matched {
+						if filepath.Clean(relFilePath) == "." {
+							utils.Errorf("Can't exclude whole path, excluding pattern: %s", exclude)
+							continue
+						}
 						utils.Debugf("Skipping excluded path: %s", relFilePath)
 						if f.IsDir() {
 							return filepath.SkipDir
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 64264cd813..d3d01d43e8 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1565,6 +1565,29 @@ func TestDockerignoringDockerfile(t *testing.T) {
 	logDone("build - test .dockerignore of Dockerfile")
 }
 
+func TestDockerignoringWholeDir(t *testing.T) {
+	name := "testbuilddockerignorewholedir"
+	defer deleteImages(name)
+	dockerfile := `
+        FROM busybox
+		COPY . /
+		RUN [[ ! -e /.gitignore ]]
+		RUN [[ -f /Makefile ]]`
+	ctx, err := fakeContext(dockerfile, map[string]string{
+		"Dockerfile":    "FROM scratch",
+		"Makefile":      "all:",
+		".dockerignore": ".*\n",
+	})
+	defer ctx.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err = buildImageFromContext(name, ctx, true); err != nil {
+		t.Fatal(err)
+	}
+	logDone("build - test .dockerignore whole dir with .*")
+}
+
 func TestBuildLineBreak(t *testing.T) {
 	name := "testbuildlinebreak"
 	defer deleteImages(name)

From 6b13e80c3e4a67acb1c10c41f3e826c05f74a57d Mon Sep 17 00:00:00 2001
From: "Brian (bex) Exelbierd" <bexelbie@redhat.com>
Date: Fri, 20 Jun 2014 14:10:49 +0200
Subject: [PATCH 172/516] Updated Red Hat Enterprise Linux installation
 instructions for version 7

Docker-DCO-1.1-Signed-off-by: Brian Exelbierd <bex@pobox.com> (github: bcexelbi)
Upstream-commit: 204e080932db1cab17de2e19c826663b8b1449a6
Component: engine
---
 .../engine/docs/sources/installation/rhel.md  | 34 +++++++++++++++----
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/components/engine/docs/sources/installation/rhel.md b/components/engine/docs/sources/installation/rhel.md
index c144573687..a8b785acca 100644
--- a/components/engine/docs/sources/installation/rhel.md
+++ b/components/engine/docs/sources/installation/rhel.md
@@ -2,15 +2,35 @@ page_title: Installation on Red Hat Enterprise Linux
 page_description: Installation instructions for Docker on Red Hat Enterprise Linux.
 page_keywords: Docker, Docker documentation, requirements, linux, rhel, centos
 
-# Red Hat Enterprise Linux
+# Red Hat Enterprise Linux 7
 
-Docker is available for **RHEL** on EPEL. These instructions should work
-for both RHEL and CentOS. They will likely work for other binary
-compatible EL6 distributions as well, but they haven't been tested.
+**Red Hat Enterprise Linux 7** has [shipped with
+Docker](https://access.redhat.com/site/products/red-hat-enterprise-linux/docker-and-containers).
+An overview and some guidance can be found in the [Release
+Notes](https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/chap-Red_Hat_Enterprise_Linux-7.0_Release_Notes-Linux_Containers_with_Docker_Format.html).
 
-Please note that this package is part of [Extra Packages for Enterprise
-Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort
-to create and maintain additional packages for the RHEL distribution.
+Docker is located in the *extras* channel. To install Docker:
+
+1. Enable the *extras* channel:
+
+        $ sudo subscription-manager repos --enable=rhel-7-server-extras-rpms
+
+2. Install Docker:
+
+        $ sudo yum install docker 
+
+Additional installation, configuration, and usage information,
+including a [Get Started with Docker Containers in Red Hat
+Enterprise Linux 7](https://access.redhat.com/site/articles/881893)
+guide, can be found by Red Hat customers on the [Red Hat Customer
+Portal](https://access.redhat.com/).
+
+# Red Hat Enterprise Linux 6
+
+Docker is available for **RHEL** on EPEL. Please note that
+this package is part of [Extra Packages for Enterprise Linux
+(EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort to
+create and maintain additional packages for the RHEL distribution.
 
 Also note that due to the current Docker limitations, Docker is able to
 run only on the **64 bit** architecture.

From 0085f61a68e281ed028b35a2841c02d158d461a3 Mon Sep 17 00:00:00 2001
From: Fabio Falci <fabiofalci@gmail.com>
Date: Thu, 17 Jul 2014 09:29:52 +0100
Subject: [PATCH 173/516] Move `docker ps` test to integration cli

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 261dc5e2f60d8c47c36e719db0ecebd77258847e
Component: engine
---
 .../integration-cli/docker_cli_ps_test.go     | 201 ++++++++++++++++++
 components/engine/integration/server_test.go  | 115 ----------
 2 files changed, 201 insertions(+), 115 deletions(-)
 create mode 100644 components/engine/integration-cli/docker_cli_ps_test.go

diff --git a/components/engine/integration-cli/docker_cli_ps_test.go b/components/engine/integration-cli/docker_cli_ps_test.go
new file mode 100644
index 0000000000..4ff3012194
--- /dev/null
+++ b/components/engine/integration-cli/docker_cli_ps_test.go
@@ -0,0 +1,201 @@
+package main
+
+import (
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestListContainers(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "top")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	firstID := stripTrailingCharacters(out)
+
+	runCmd = exec.Command(dockerBinary, "run", "-d", "busybox", "top")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	secondID := stripTrailingCharacters(out)
+
+	// not long running
+	runCmd = exec.Command(dockerBinary, "run", "-d", "busybox", "true")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	thirdID := stripTrailingCharacters(out)
+
+	runCmd = exec.Command(dockerBinary, "run", "-d", "busybox", "top")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	fourthID := stripTrailingCharacters(out)
+
+	// make sure third one is not running
+	runCmd = exec.Command(dockerBinary, "wait", thirdID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	// all
+	runCmd = exec.Command(dockerBinary, "ps", "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, []string{fourthID, thirdID, secondID, firstID}) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// running
+	runCmd = exec.Command(dockerBinary, "ps")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, []string{fourthID, secondID, firstID}) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// from here all flag '-a' is ignored
+
+	// limit
+	runCmd = exec.Command(dockerBinary, "ps", "-n=2", "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected := []string{fourthID, thirdID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "-n=2")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// since
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{fourthID, thirdID, secondID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// before
+	runCmd = exec.Command(dockerBinary, "ps", "--before", thirdID, "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{secondID, firstID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--before", thirdID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// since & before
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "--before", fourthID, "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{thirdID, secondID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "--before", fourthID)
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// since & limit
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "-n=2", "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{fourthID, thirdID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "-n=2")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// before & limit
+	runCmd = exec.Command(dockerBinary, "ps", "--before", fourthID, "-n=1", "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{thirdID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--before", fourthID, "-n=1")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	// since & before & limit
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "--before", fourthID, "-n=1", "-a")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+	expected = []string{thirdID}
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	runCmd = exec.Command(dockerBinary, "ps", "--since", firstID, "--before", fourthID, "-n=1")
+	out, _, err = runCommandWithOutput(runCmd)
+	errorOut(err, t, out)
+
+	if !assertContainerList(out, expected) {
+		t.Error("Container list is not in the correct order")
+	}
+
+	deleteAllContainers()
+
+	logDone("ps - test ps options")
+}
+
+func assertContainerList(out string, expected []string) bool {
+	lines := strings.Split(strings.Trim(out, "\n "), "\n")
+	if len(lines)-1 != len(expected) {
+		return false
+	}
+
+	containerIdIndex := strings.Index(lines[0], "CONTAINER ID")
+	for i := 0; i < len(expected); i++ {
+		foundID := lines[i+1][containerIdIndex : containerIdIndex+12]
+		if foundID != expected[i][:12] {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index f70bbb0b77..aab6802f53 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/server"
 )
 
 func TestCreateNumberHostname(t *testing.T) {
@@ -299,120 +298,6 @@ func TestImagesFilter(t *testing.T) {
 	}
 }
 
-func TestListContainers(t *testing.T) {
-	eng := NewTestEngine(t)
-	srv := mkServerFromEngine(eng, t)
-	defer mkDaemonFromEngine(eng, t).Nuke()
-
-	config := runconfig.Config{
-		Image:     unitTestImageID,
-		Cmd:       []string{"/bin/sh", "-c", "cat"},
-		OpenStdin: true,
-	}
-
-	firstID := createTestContainer(eng, &config, t)
-	secondID := createTestContainer(eng, &config, t)
-	thirdID := createTestContainer(eng, &config, t)
-	fourthID := createTestContainer(eng, &config, t)
-	defer func() {
-		containerKill(eng, firstID, t)
-		containerKill(eng, secondID, t)
-		containerKill(eng, fourthID, t)
-		containerWait(eng, firstID, t)
-		containerWait(eng, secondID, t)
-		containerWait(eng, fourthID, t)
-	}()
-
-	startContainer(eng, firstID, t)
-	startContainer(eng, secondID, t)
-	startContainer(eng, fourthID, t)
-
-	// all
-	if !assertContainerList(srv, true, -1, "", "", []string{fourthID, thirdID, secondID, firstID}) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// running
-	if !assertContainerList(srv, false, -1, "", "", []string{fourthID, secondID, firstID}) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// from here 'all' flag is ignored
-
-	// limit
-	expected := []string{fourthID, thirdID}
-	if !assertContainerList(srv, true, 2, "", "", expected) ||
-		!assertContainerList(srv, false, 2, "", "", expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// since
-	expected = []string{fourthID, thirdID, secondID}
-	if !assertContainerList(srv, true, -1, firstID, "", expected) ||
-		!assertContainerList(srv, false, -1, firstID, "", expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// before
-	expected = []string{secondID, firstID}
-	if !assertContainerList(srv, true, -1, "", thirdID, expected) ||
-		!assertContainerList(srv, false, -1, "", thirdID, expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// since & before
-	expected = []string{thirdID, secondID}
-	if !assertContainerList(srv, true, -1, firstID, fourthID, expected) ||
-		!assertContainerList(srv, false, -1, firstID, fourthID, expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// since & limit
-	expected = []string{fourthID, thirdID}
-	if !assertContainerList(srv, true, 2, firstID, "", expected) ||
-		!assertContainerList(srv, false, 2, firstID, "", expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// before & limit
-	expected = []string{thirdID}
-	if !assertContainerList(srv, true, 1, "", fourthID, expected) ||
-		!assertContainerList(srv, false, 1, "", fourthID, expected) {
-		t.Error("Container list is not in the correct order")
-	}
-
-	// since & before & limit
-	expected = []string{thirdID}
-	if !assertContainerList(srv, true, 1, firstID, fourthID, expected) ||
-		!assertContainerList(srv, false, 1, firstID, fourthID, expected) {
-		t.Error("Container list is not in the correct order")
-	}
-}
-
-func assertContainerList(srv *server.Server, all bool, limit int, since, before string, expected []string) bool {
-	job := srv.Eng.Job("containers")
-	job.SetenvBool("all", all)
-	job.SetenvInt("limit", limit)
-	job.Setenv("since", since)
-	job.Setenv("before", before)
-	outs, err := job.Stdout.AddListTable()
-	if err != nil {
-		return false
-	}
-	if err := job.Run(); err != nil {
-		return false
-	}
-	if len(outs.Data) != len(expected) {
-		return false
-	}
-	for i := 0; i < len(outs.Data); i++ {
-		if outs.Data[i].Get("Id") != expected[i] {
-			return false
-		}
-	}
-	return true
-}
-
 // Regression test for being able to untag an image with an existing
 // container
 func TestDeleteTagWithExistingContainers(t *testing.T) {

From 638498458fea1aa0b550f7d369e20def57bc061e Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Fri, 18 Jul 2014 12:32:04 -0400
Subject: [PATCH 174/516] Update docs on --sig-proxy to indicate that SIGKILL
 and SIGSTOP cannot be proxied

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: 31351d08a35b2c903a2b6407bea09ccf1449e79c
Component: engine
---
 components/engine/api/client/commands.go                    | 2 +-
 components/engine/docs/man/docker-attach.1.md               | 2 +-
 components/engine/docs/man/docker-run.1.md                  | 4 ++--
 components/engine/docs/sources/reference/commandline/cli.md | 4 ++--
 components/engine/runconfig/parse.go                        | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index c4e4cb9821..579b9722cf 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1751,7 +1751,7 @@ func (cli *DockerCli) CmdAttach(args ...string) error {
 	var (
 		cmd     = cli.Subcmd("attach", "[OPTIONS] CONTAINER", "Attach to a running container")
 		noStdin = cmd.Bool([]string{"#nostdin", "-no-stdin"}, false, "Do not attach STDIN")
-		proxy   = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signals to the process (even in non-TTY mode). SIGCHLD is not proxied.")
+		proxy   = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.")
 	)
 
 	if err := cmd.Parse(args); err != nil {
diff --git a/components/engine/docs/man/docker-attach.1.md b/components/engine/docs/man/docker-attach.1.md
index 1b4e68b65f..e26db07f3f 100644
--- a/components/engine/docs/man/docker-attach.1.md
+++ b/components/engine/docs/man/docker-attach.1.md
@@ -25,7 +25,7 @@ the client.
    Do not attach STDIN. The default is *false*.
 
 **--sig-proxy**=*true*|*false*
-   Proxify all received signals to the process (even in non-TTY mode). SIGCHLD is not proxied. The default is *true*.
+   Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
 
 # EXAMPLES
 
diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index 03b18fe474..33ed4e43c3 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -195,8 +195,8 @@ default is *false*. This option is incompatible with **-d**.
 
 
 **--sig-proxy**=*true*|*false*
-   When set to true, proxify received signals to the process (even in
-non-tty mode). SIGCHLD is not proxied. The default is *true*.
+   When set to true, proxy received signals to the process (even in
+non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
 
 
 **-t**, **-tty**=*true*|*false*
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index dac7c1610b..71f9c57bda 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -135,7 +135,7 @@ like this:
     Attach to a running container
 
       --no-stdin=false    Do not attach STDIN
-      --sig-proxy=true    Proxify all received signals to the process (even in non-TTY mode). SIGCHLD is not proxied.
+      --sig-proxy=true    Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.
 
 The `attach` command will allow you to view or
 interact with any running container, detached (`-d`)
@@ -972,7 +972,7 @@ removed before the image is removed.
                                    (use 'docker port' to see the actual mapping)
       --privileged=false         Give extended privileges to this container
       --rm=false                 Automatically remove the container when it exits (incompatible with -d)
-      --sig-proxy=true           Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied.
+      --sig-proxy=true           Proxy received signals to the process (even in non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.
       -t, --tty=false            Allocate a pseudo-tty
       -u, --user=""              Username or UID
       -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 3d583d1e8e..c3ce8a5a70 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -71,7 +71,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flCpuset          = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)")
 		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.")
 		// For documentation purpose
-		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify received signals to the process (even in non-TTY mode). SIGCHLD is not proxied.")
+		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.")
 		_ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")
 	)
 

From 5dc6b4a8704f302beeadde88facd9813fc3aa36b Mon Sep 17 00:00:00 2001
From: Jason Livesay <ithkuil@gmail.com>
Date: Tue, 15 Jul 2014 06:32:44 -0700
Subject: [PATCH 175/516] Improve data volume container example.
 Docker-DCO-1.1-Signed-off-by: Jason Livesay <ithkuil@gmail.com> (github:
 runvnc) Upstream-commit: 8273cb4b9bd22ddfdd899682f08ac8327e912a28 Component:
 engine

---
 components/engine/docs/sources/userguide/dockervolumes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 02efbf7c1f..86bd663398 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -98,7 +98,7 @@ it.
 
 Let's create a new named container with a volume to share.
 
-    $ sudo docker run -d -v /dbdata --name dbdata training/postgres
+    $ sudo docker run -d -v /dbdata --name dbdata training/postgres echo Data-only container for postgres
 
 You can then use the `--volumes-from` flag to mount the `/dbdata` volume in another container.
 

From ee146b71d5a613143a4e5c101c446d1e0d508f91 Mon Sep 17 00:00:00 2001
From: "Daniel, Dao Quang Minh" <dqminh89@gmail.com>
Date: Fri, 27 Jun 2014 02:52:36 -0400
Subject: [PATCH 176/516] Add logout command

"docker logout [SERVER]" will remove the registry server' credentials from
.dockercfg file. If a server is not specified, it will log user out of the
default docker registry server

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 06bc4e07529a93abede35ea8fcc2906c5963f2a3
Component: engine
---
 components/engine/api/client/commands.go      | 31 +++++++++++++++++++
 components/engine/docs/man/docker-logout.1.md | 24 ++++++++++++++
 components/engine/docs/man/docker.1.md        |  3 ++
 .../docs/sources/reference/commandline/cli.md |  9 ++++++
 4 files changed, 67 insertions(+)
 create mode 100644 components/engine/docs/man/docker-logout.1.md

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index c4e4cb9821..bc2a9ed75c 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -68,6 +68,7 @@ func (cli *DockerCli) CmdHelp(args ...string) error {
 		{"kill", "Kill a running container"},
 		{"load", "Load an image from a tar archive"},
 		{"login", "Register or log in to the Docker registry server"},
+		{"logout", "Logout of the Docker registry server"},
 		{"logs", "Fetch the logs of a container"},
 		{"port", "Lookup the public-facing port that is NAT-ed to PRIVATE_PORT"},
 		{"pause", "Pause all processes within a container"},
@@ -353,6 +354,36 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	return nil
 }
 
+// logout of a registry service
+func (cli *DockerCli) CmdLogout(args ...string) error {
+	cmd := cli.Subcmd("logout", "[SERVER]", "Logout of a docker registry server, if no server is specified \""+registry.IndexServerAddress()+"\" is the default.")
+
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+	serverAddress := registry.IndexServerAddress()
+	if len(cmd.Args()) > 0 {
+		serverAddress = cmd.Arg(0)
+	}
+
+	cli.LoadConfigFile()
+	if _, ok := cli.configFile.Configs[serverAddress]; !ok {
+		fmt.Fprintf(cli.out, "Not logged in to %s\n", serverAddress)
+		os.Exit(0)
+	}
+
+	fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
+	delete(cli.configFile.Configs, serverAddress)
+
+	if err := registry.SaveConfig(cli.configFile); err != nil {
+		fmt.Fprintln(cli.out, "Failed to save docker config")
+		os.Exit(1)
+	}
+
+	fmt.Fprintln(cli.out, "Saved docker config")
+	return nil
+}
+
 // 'docker wait': block until a container stops
 func (cli *DockerCli) CmdWait(args ...string) error {
 	cmd := cli.Subcmd("wait", "CONTAINER [CONTAINER...]", "Block until a container stops, then print its exit code.")
diff --git a/components/engine/docs/man/docker-logout.1.md b/components/engine/docs/man/docker-logout.1.md
new file mode 100644
index 0000000000..1334fb3a55
--- /dev/null
+++ b/components/engine/docs/man/docker-logout.1.md
@@ -0,0 +1,24 @@
+% DOCKER(1) Docker User Manuals
+% William Henry
+% APRIL 2014
+# NAME
+docker-logout - Log the user out of a Docker registry server
+
+# SYNOPSIS
+**docker logout** [SERVER]
+
+# DESCRIPTION
+Log the user out of a docker registry server, , if no server is
+specified "https://index.docker.io/v1/" is the default. If you want to
+logout of a private registry you can specify this by adding the server name.
+
+# EXAMPLE
+
+## Logout of a local registry
+
+    # docker logout localhost:8080
+
+# HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com)
+based on docker.io source material and internal work.
+
diff --git a/components/engine/docs/man/docker.1.md b/components/engine/docs/man/docker.1.md
index 602c6e2ace..18e8978af6 100644
--- a/components/engine/docs/man/docker.1.md
+++ b/components/engine/docs/man/docker.1.md
@@ -124,6 +124,9 @@ inside it)
 **docker-login(1)**
   Register or Login to a Docker registry server
 
+**docker-logout(1)**
+  Log the user out of a Docker registry server
+
 **docker-logs(1)**
   Fetch the logs of a container
 
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index dac7c1610b..43acb17578 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -732,6 +732,15 @@ specify this by adding the server name.
     example:
     $ docker login localhost:8080
 
+## logout
+
+    Usage: docker logout [SERVER]
+
+    Log the user out of a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default.
+
+    example:
+    $ docker logout localhost:8080
+
 ## logs
 
     Usage: docker logs CONTAINER

From be50882dfadb6a43ce87801356d515b428094076 Mon Sep 17 00:00:00 2001
From: "Daniel, Dao Quang Minh" <dqminh89@gmail.com>
Date: Sun, 29 Jun 2014 13:10:20 -0400
Subject: [PATCH 177/516] fix doc references

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 4b5b3b43212c0a1883c56321aedbffc605be31f9
Component: engine
---
 components/engine/api/client/commands.go          |  8 ++++----
 components/engine/docs/man/docker-logout.1.md     | 15 +++++++--------
 .../docs/sources/reference/commandline/cli.md     |  2 +-
 3 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index bc2a9ed75c..446d9b7b0a 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -67,8 +67,8 @@ func (cli *DockerCli) CmdHelp(args ...string) error {
 		{"inspect", "Return low-level information on a container"},
 		{"kill", "Kill a running container"},
 		{"load", "Load an image from a tar archive"},
-		{"login", "Register or log in to the Docker registry server"},
-		{"logout", "Logout of the Docker registry server"},
+		{"login", "Register or log in to a Docker registry server"},
+		{"logout", "Log out from a Docker registry server"},
 		{"logs", "Fetch the logs of a container"},
 		{"port", "Lookup the public-facing port that is NAT-ed to PRIVATE_PORT"},
 		{"pause", "Pause all processes within a container"},
@@ -354,9 +354,9 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	return nil
 }
 
-// logout of a registry service
+// log out from a Docker registry
 func (cli *DockerCli) CmdLogout(args ...string) error {
-	cmd := cli.Subcmd("logout", "[SERVER]", "Logout of a docker registry server, if no server is specified \""+registry.IndexServerAddress()+"\" is the default.")
+	cmd := cli.Subcmd("logout", "[SERVER]", "Log out from a Docker registry, if no server is specified \""+registry.IndexServerAddress()+"\" is the default.")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil
diff --git a/components/engine/docs/man/docker-logout.1.md b/components/engine/docs/man/docker-logout.1.md
index 1334fb3a55..0196f0ed7d 100644
--- a/components/engine/docs/man/docker-logout.1.md
+++ b/components/engine/docs/man/docker-logout.1.md
@@ -1,24 +1,23 @@
 % DOCKER(1) Docker User Manuals
-% William Henry
-% APRIL 2014
+% Daniel, Dao Quang Minh
+% JUNE 2014
 # NAME
-docker-logout - Log the user out of a Docker registry server
+docker-logout - Log out from a Docker registry
 
 # SYNOPSIS
 **docker logout** [SERVER]
 
 # DESCRIPTION
-Log the user out of a docker registry server, , if no server is
+Log the user out from a Docker registry, if no server is
 specified "https://index.docker.io/v1/" is the default. If you want to
-logout of a private registry you can specify this by adding the server name.
+log out from a private registry you can specify this by adding the server name.
 
 # EXAMPLE
 
-## Logout of a local registry
+## Log out from a local registry
 
     # docker logout localhost:8080
 
 # HISTORY
-April 2014, Originally compiled by William Henry (whenry at redhat dot com)
-based on docker.io source material and internal work.
+June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io)
 
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 43acb17578..56acc33310 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -736,7 +736,7 @@ specify this by adding the server name.
 
     Usage: docker logout [SERVER]
 
-    Log the user out of a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default.
+    Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default.
 
     example:
     $ docker logout localhost:8080

From ee8e73d08333468c2dd275dd3cf2e4593e88706a Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 17 Jul 2014 10:15:23 +0400
Subject: [PATCH 178/516] Tests on container state changing

It could catch error that was fixed in #6954
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 4162309d116fe5cb171d7d212842fe5406c544df
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index fa1a12c804..932acc9d7e 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1295,3 +1295,69 @@ func TestAttachStdOutAndErrTTYMode(t *testing.T) {
 
 	logDone("run - Attach stderr and stdout with -t")
 }
+
+func TestState(t *testing.T) {
+	defer deleteAllContainers()
+	cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "top")
+
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	id := strings.TrimSpace(out)
+	state, err := inspectField(id, "State.Running")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if state != "true" {
+		t.Fatal("Container state is 'not running'")
+	}
+	pid1, err := inspectField(id, "State.Pid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pid1 == "0" {
+		t.Fatal("Container state Pid 0")
+	}
+
+	cmd = exec.Command(dockerBinary, "stop", id)
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	state, err = inspectField(id, "State.Running")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if state != "false" {
+		t.Fatal("Container state is 'running'")
+	}
+	pid2, err := inspectField(id, "State.Pid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pid2 == pid1 {
+		t.Fatalf("Container state Pid %s, but expected %s", pid2, pid1)
+	}
+
+	cmd = exec.Command(dockerBinary, "start", id)
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	state, err = inspectField(id, "State.Running")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if state != "true" {
+		t.Fatal("Container state is 'not running'")
+	}
+	pid3, err := inspectField(id, "State.Pid")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pid3 == pid1 {
+		t.Fatalf("Container state Pid %s, but expected %s", pid2, pid1)
+	}
+	logDone("run - test container state.")
+}

From 3d4e2246d30537904933e78be67c8cc44dfa17ca Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 18 Jul 2014 17:52:24 +0000
Subject: [PATCH 179/516] update style

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 56a39ca5d3010785e3b4be849c6b13c69a23721d
Component: engine
---
 components/engine/api/client/commands.go | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 446d9b7b0a..65c06ba15c 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -369,18 +369,14 @@ func (cli *DockerCli) CmdLogout(args ...string) error {
 	cli.LoadConfigFile()
 	if _, ok := cli.configFile.Configs[serverAddress]; !ok {
 		fmt.Fprintf(cli.out, "Not logged in to %s\n", serverAddress)
-		os.Exit(0)
+	} else {
+		fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
+		delete(cli.configFile.Configs, serverAddress)
+
+		if err := registry.SaveConfig(cli.configFile); err != nil {
+			return fmt.Errorf("Failed to save docker config: %v", err)
+		}
 	}
-
-	fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
-	delete(cli.configFile.Configs, serverAddress)
-
-	if err := registry.SaveConfig(cli.configFile); err != nil {
-		fmt.Fprintln(cli.out, "Failed to save docker config")
-		os.Exit(1)
-	}
-
-	fmt.Fprintln(cli.out, "Saved docker config")
 	return nil
 }
 

From 8cf0e7787b19be676d56b1e4c9e3a68546923895 Mon Sep 17 00:00:00 2001
From: Brett Kochendorfer <brett.kochendorfer@gmail.com>
Date: Fri, 18 Jul 2014 16:16:19 -0500
Subject: [PATCH 180/516] Update runmetrics.md Upstream-commit:
 95caf8c4856ad477dbc835c6f9af5af5668389c0 Component: engine

---
 components/engine/docs/sources/articles/runmetrics.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/articles/runmetrics.md b/components/engine/docs/sources/articles/runmetrics.md
index 82547693f9..b78de2403e 100644
--- a/components/engine/docs/sources/articles/runmetrics.md
+++ b/components/engine/docs/sources/articles/runmetrics.md
@@ -363,7 +363,7 @@ container, we need to:
 - Execute `ip netns exec <somename> ....`
 
 Please review [*Enumerating Cgroups*](#enumerating-cgroups) to learn how to find
-the cgroup of a pprocess running in the container of which you want to
+the cgroup of a process running in the container of which you want to
 measure network usage. From there, you can examine the pseudo-file named
 `tasks`, which contains the PIDs that are in the
 control group (i.e. in the container). Pick any one of them.

From 5aa47fd32bfe8442ecf291d356cd371d64f20128 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 18 Jul 2014 14:55:04 -0700
Subject: [PATCH 181/516] Update libcontainer to cf45d141db69ce11dcccac178e5

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 1b9b11db4f43c8b55d48e0aae5e05155997fe314
Component: engine
---
 components/engine/hack/vendor.sh              |  2 +-
 .../docker/libcontainer/.travis.yml           | 26 ++++++++++++-------
 .../docker/libcontainer/apparmor/apparmor.go  |  2 +-
 .../apparmor/apparmor_disabled.go             |  2 +-
 .../docker/libcontainer/container.go          |  8 ++++++
 .../docker/libcontainer/mount/init.go         | 17 +++++++-----
 .../docker/libcontainer/namespaces/init.go    |  3 ++-
 .../libcontainer/netlink/netlink_linux.go     |  5 +---
 .../libcontainer/netlink/netlink_linux_arm.go |  9 +++++++
 .../netlink/netlink_linux_notarm.go           | 11 ++++++++
 .../netlink/netlink_unsupported.go            |  2 +-
 .../docker/libcontainer/selinux/selinux.go    |  2 ++
 .../libcontainer/selinux/selinux_test.go      |  5 +++-
 .../docker/libcontainer/system/setns_linux.go |  2 ++
 .../docker/libcontainer/system/sysconfig.go   |  3 +--
 .../libcontainer/system/sysconfig_notcgo.go   |  8 ++++++
 16 files changed, 80 insertions(+), 27 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_arm.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index f3347d374b..3b71004de3 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer be85764f109c3f0f62cd2a5c8be9af7a599798cf
+clone git github.com/docker/libcontainer cf45d141db69ce11dcccac178e5607a385609e15
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
index d4c2045d8a..5ce4587689 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -1,22 +1,30 @@
 language: go
+go: 1.3
 
 # let us have pretty experimental Docker-based Travis workers
 sudo: false
 
 env:
     - TRAVIS_GLOBAL_WTF=1
-    - GOOS=linux GOARCH=amd64
-    - GOOS=linux GOARCH=386
-    - GOOS=linux GOARCH=arm
-    - GOOS=darwin GOARCH=amd64
-    - GOOS=darwin GOARCH=386
-    - GOOS=freebsd GOARCH=amd64
+    - _GOOS=linux _GOARCH=amd64
+#    - _GOOS=linux _GOARCH=386 # Travis can't currently do 32bit cgo... (see https://travis-ci.org/tianon/libcontainer/jobs/30126518#L168)
+#    - _GOOS=linux _GOARCH=arm # see https://github.com/moovweb/gvm/issues/22
 
 install:
+    - mkdir -pv "${GOPATH%%:*}/src/github.com/docker" && [ -d "${GOPATH%%:*}/src/github.com/docker/libcontainer" ] || ln -sv "$(readlink -f .)" "${GOPATH%%:*}/src/github.com/docker/libcontainer"
+    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then
+          export CGO_ENABLED=1;
+          gvm cross "$_GOOS" "$_GOARCH";
+          export GOOS="$_GOOS" GOARCH="$_GOARCH";
+      fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go env; fi
     - go get -d -v ./...
-    - go get -d -v github.com/dotcloud/docker # just to be sure
-    - DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker"
-    - sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate"
+    - if [ "$TRAVIS_GLOBAL_WTF" ]; then
+          export DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker";
+          mkdir -p "$DOCKER_PATH/hack/make";
+          ( cd "$DOCKER_PATH/hack/make" && wget -c 'https://raw.githubusercontent.com/dotcloud/docker/master/hack/make/'{.validate,validate-dco,validate-gofmt} );
+          sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate";
+      fi
 
 script:
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-dco"; fi
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go b/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go
index 704ee29ed0..fb1574dfc6 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor.go
@@ -1,4 +1,4 @@
-// +build apparmor,linux,amd64
+// +build apparmor,linux
 
 package apparmor
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go b/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go
index 8d86ce9d4a..937bf915c7 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/apparmor/apparmor_disabled.go
@@ -1,4 +1,4 @@
-// +build !apparmor !linux !amd64
+// +build !apparmor !linux
 
 package apparmor
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/container.go b/components/engine/vendor/src/github.com/docker/libcontainer/container.go
index 5fb2bba651..c4d372ce35 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/container.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/container.go
@@ -21,6 +21,14 @@ type Container interface {
 	// Returns the current config of the container.
 	Config() *Config
 
+	// Start a process inside the container. Returns the PID of the new process (in the caller process's namespace) and a channel that will return the exit status of the process whenever it dies.
+	//
+	// Errors: container no longer exists,
+	//         config is invalid,
+	//         container is paused,
+	//         system error.
+	Start(*ProcessConfig) (pid int, exitChan chan int, err error)
+
 	// Destroys the container after killing all running processes.
 	//
 	// Any event registrations are removed before the container is destroyed.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
index daec6ac865..a59b4a76fe 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
@@ -26,7 +26,7 @@ type mount struct {
 
 // InitializeMountNamespace sets up the devices, mount points, and filesystems for use inside a
 // new mount namespace.
-func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig) error {
+func InitializeMountNamespace(rootfs, console string, sysReadonly bool, mountConfig *MountConfig) error {
 	var (
 		err  error
 		flag = syscall.MS_PRIVATE
@@ -40,7 +40,7 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 	if err := syscall.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mouting %s as bind %s", rootfs, err)
 	}
-	if err := mountSystem(rootfs, mountConfig); err != nil {
+	if err := mountSystem(rootfs, sysReadonly, mountConfig); err != nil {
 		return fmt.Errorf("mount system %s", err)
 	}
 	if err := setupBindmounts(rootfs, mountConfig); err != nil {
@@ -81,8 +81,8 @@ func InitializeMountNamespace(rootfs, console string, mountConfig *MountConfig)
 
 // mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts
 // inside the mount namespace
-func mountSystem(rootfs string, mountConfig *MountConfig) error {
-	for _, m := range newSystemMounts(rootfs, mountConfig.MountLabel, mountConfig.Mounts) {
+func mountSystem(rootfs string, sysReadonly bool, mountConfig *MountConfig) error {
+	for _, m := range newSystemMounts(rootfs, mountConfig.MountLabel, sysReadonly, mountConfig.Mounts) {
 		if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) {
 			return fmt.Errorf("mkdirall %s %s", m.path, err)
 		}
@@ -192,14 +192,19 @@ func setupBindmounts(rootfs string, mountConfig *MountConfig) error {
 
 // TODO: this is crappy right now and should be cleaned up with a better way of handling system and
 // standard bind mounts allowing them to be more dynamic
-func newSystemMounts(rootfs, mountLabel string, mounts Mounts) []mount {
+func newSystemMounts(rootfs, mountLabel string, sysReadonly bool, mounts Mounts) []mount {
 	systemMounts := []mount{
 		{source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags},
-		{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags},
 		{source: "tmpfs", path: filepath.Join(rootfs, "dev"), device: "tmpfs", flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, data: label.FormatMountLabel("mode=755", mountLabel)},
 		{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)},
 		{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)},
 	}
 
+	sysMountFlags := defaultMountFlags
+	if sysReadonly {
+		sysMountFlags |= syscall.MS_RDONLY
+	}
+	systemMounts = append(systemMounts, mount{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: sysMountFlags})
+
 	return systemMounts
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index 7c917c015d..62452cba16 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -76,6 +76,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 
 	if err := mount.InitializeMountNamespace(rootfs,
 		consolePath,
+		container.RestrictSys,
 		(*mount.MountConfig)(container.MountConfig)); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
@@ -98,7 +99,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 
 	// TODO: (crosbymichael) make this configurable at the Config level
 	if container.RestrictSys {
-		if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus", "sys"); err != nil {
+		if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus"); err != nil {
 			return err
 		}
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
index 14e30aa026..92accd4aaa 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
@@ -1,11 +1,8 @@
-// +build amd64
-
 package netlink
 
 import (
 	"encoding/binary"
 	"fmt"
-	"math/rand"
 	"net"
 	"sync/atomic"
 	"syscall"
@@ -951,7 +948,7 @@ func setBridgeMacAddress(s int, name string) error {
 	copy(ifr.IfrnName[:], name)
 
 	for i := 0; i < 6; i++ {
-		ifr.IfruHwaddr.Data[i] = int8(rand.Intn(255))
+		ifr.IfruHwaddr.Data[i] = randIfrDataByte()
 	}
 
 	ifr.IfruHwaddr.Data[0] &^= 0x1 // clear multicast bit
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_arm.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_arm.go
new file mode 100644
index 0000000000..7789ae275a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_arm.go
@@ -0,0 +1,9 @@
+package netlink
+
+import (
+	"math/rand"
+)
+
+func randIfrDataByte() uint8 {
+	return uint8(rand.Intn(255))
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go
new file mode 100644
index 0000000000..23c4a92712
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_notarm.go
@@ -0,0 +1,11 @@
+// +build !arm
+
+package netlink
+
+import (
+	"math/rand"
+)
+
+func randIfrDataByte() int8 {
+	return int8(rand.Intn(255))
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
index 1359345662..2c4d31940c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !amd64
+// +build !linux
 
 package netlink
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
index 8dbdbdbc21..55da87ff26 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package selinux
 
 import (
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux_test.go
index 40ed70d166..34c3497441 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux_test.go
@@ -1,9 +1,12 @@
+// +build linux
+
 package selinux_test
 
 import (
-	"github.com/docker/libcontainer/selinux"
 	"os"
 	"testing"
+
+	"github.com/docker/libcontainer/selinux"
 )
 
 func testSetfilecon(t *testing.T) {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
index a0a259e170..32821ee2bf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/setns_linux.go
@@ -11,7 +11,9 @@ import (
 // We need different setns values for the different platforms and arch
 // We are declaring the macro here because the SETNS syscall does not exist in th stdlib
 var setNsMap = map[string]uintptr{
+	"linux/386":   346,
 	"linux/amd64": 308,
+	"linux/arm":   374,
 }
 
 func Setns(fd uintptr, flags uintptr) error {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
index dcbe6c9cdd..3e2f43b1e9 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
@@ -4,10 +4,9 @@ package system
 
 /*
 #include <unistd.h>
-int get_hz(void) { return sysconf(_SC_CLK_TCK); }
 */
 import "C"
 
 func GetClockTicks() int {
-	return int(C.get_hz())
+	return int(C.sysconf(C._SC_CLK_TCK))
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go
new file mode 100644
index 0000000000..4bbb69896f
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go
@@ -0,0 +1,8 @@
+// +build linux,!cgo
+
+package system
+
+func GetClockTicks() int {
+	// TODO figure out a better alternative for platforms where we're missing cgo
+	return 100
+}

From bbe750e1102067fd1d05df693619eb4ca9e20319 Mon Sep 17 00:00:00 2001
From: Ben Firshman <ben@firshman.co.uk>
Date: Fri, 18 Jul 2014 18:44:41 -0700
Subject: [PATCH 182/516] Remove blank "use" documentation

Introduced in dotcloud/docker#3070

Docker-DCO-1.1-Signed-off-by: Ben Firshman <ben@firshman.co.uk> (github: bfirsh)
Upstream-commit: b82778b293e35a147d66001e6406843dc937a233
Component: engine
---
 components/engine/docs/sources/use.md | 14 --------------
 1 file changed, 14 deletions(-)
 delete mode 100644 components/engine/docs/sources/use.md

diff --git a/components/engine/docs/sources/use.md b/components/engine/docs/sources/use.md
deleted file mode 100644
index 20c5eb2c50..0000000000
--- a/components/engine/docs/sources/use.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# Use
-
-## Contents:
-
- - [First steps with Docker](basics/)
- - [Share Images via Repositories](workingwithrepository/)
- - [Redirect Ports](port_redirection/)
- - [Configure Networking](networking/)
- - [Automatically Start Containers](host_integration/)
- - [Share Directories via Volumes](working_with_volumes/)
- - [Link Containers](working_with_links_names/)
- - [Link via an Ambassador Container](ambassador_pattern_linking/)
- - [Using Puppet](puppet/)
- - [Using certificates for repository client verification](certificates/)

From a502f604a3427fa1ee42779623eefe0e9e2c6470 Mon Sep 17 00:00:00 2001
From: Timothy <timothyhobbs@seznam.cz>
Date: Sat, 19 Jul 2014 04:12:16 +0000
Subject: [PATCH 183/516] Give context for the error that occures when you try
 to bind mount a volume with a relative path

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: 7aed2130f95c22e1eb6249ffb84c1cee070cb284
Component: engine
---
 components/engine/daemon/volumes.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index 1de8ff98ac..98a1913288 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -232,7 +232,7 @@ func initializeVolume(container *Container, volPath string, binds map[string]Bin
 		destination = bindMap.SrcPath
 
 		if !filepath.IsAbs(destination) {
-			return fmt.Errorf("%s must be an absolute path", destination)
+			return fmt.Errorf("cannot bind mount volume: %s volume paths must be absolute.", destination)
 		}
 
 		if strings.ToLower(bindMap.Mode) == "rw" {

From 48f4247a5676501539032419b70b5fef5829dbd1 Mon Sep 17 00:00:00 2001
From: Jaroslaw Zabiello <hipertracker@gmail.com>
Date: Sat, 19 Jul 2014 05:38:11 +0100
Subject: [PATCH 184/516] Update dockerlinks.md

Added missing command for logging into web container.
Upstream-commit: a781de0c10d33f9af92ba8270193f218a3dafdf5
Component: engine
---
 components/engine/docs/sources/userguide/dockerlinks.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/docs/sources/userguide/dockerlinks.md b/components/engine/docs/sources/userguide/dockerlinks.md
index bfbcdb3bd6..d7a2abff9c 100644
--- a/components/engine/docs/sources/userguide/dockerlinks.md
+++ b/components/engine/docs/sources/userguide/dockerlinks.md
@@ -208,6 +208,7 @@ In addition to the environment variables Docker adds a host entry for the
 linked parent to the `/etc/hosts` file. Let's look at this file on the `web`
 container now.
 
+    $ sudo docker run -t -i --rm --link db:db training/webapp /bin/bash
     root@aed84ee21bde:/opt/webapp# cat /etc/hosts
     172.17.0.7  aed84ee21bde
     . . .

From c0a07344c1c8755aa1a8d33118c213e1ef1dfb06 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Wed, 16 Jul 2014 23:40:04 +0400
Subject: [PATCH 185/516] Move TestCopyVolumeUidGid to integration-cli

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 9a7c5be7d1d71d339b857ec20ca03cc09d4bbfa2
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 29 +++++++++
 .../engine/integration/container_test.go      | 60 -------------------
 2 files changed, 29 insertions(+), 60 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 932acc9d7e..6be4d92d7b 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1361,3 +1361,32 @@ func TestState(t *testing.T) {
 	}
 	logDone("run - test container state.")
 }
+
+// Test for #1737
+func TestCopyVolumeUidGid(t *testing.T) {
+	name := "testrunvolumesuidgid"
+	defer deleteImages(name)
+	defer deleteAllContainers()
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN echo 'dockerio:x:1001:1001::/bin:/bin/false' >> /etc/passwd
+		RUN echo 'dockerio:x:1001:' >> /etc/group
+		RUN mkdir -p /hello && touch /hello/test && chown dockerio.dockerio /hello`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Test that the uid and gid is copied from the image to the volume
+	cmd := exec.Command(dockerBinary, "run", "--rm", "-v", "/hello", name, "sh", "-c", "ls -l / | grep hello | awk '{print $3\":\"$4}'")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	out = strings.TrimSpace(out)
+	if out != "dockerio:dockerio" {
+		t.Fatalf("Wrong /hello ownership: %s, expected dockerio:dockerio", out)
+	}
+
+	logDone("run - copy uid/gid for volume")
+}
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index e70da5f14d..ebef2bd4cf 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -370,66 +370,6 @@ func tempDir(t *testing.T) string {
 	return tmpDir
 }
 
-// Test for #1737
-func TestCopyVolumeUidGid(t *testing.T) {
-	eng := NewTestEngine(t)
-	r := mkDaemonFromEngine(eng, t)
-	defer r.Nuke()
-
-	// Add directory not owned by root
-	container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test && chown daemon.daemon /hello"}, t)
-	defer r.Destroy(container1)
-
-	if container1.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-	if err := container1.Run(); err != nil {
-		t.Fatal(err)
-	}
-	if container1.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-
-	img, err := r.Commit(container1, "", "", "unit test commited image", "", true, nil)
-	if err != nil {
-		t.Error(err)
-	}
-
-	// Test that the uid and gid is copied from the image to the volume
-	tmpDir1 := tempDir(t)
-	defer os.RemoveAll(tmpDir1)
-	stdout1, _ := runContainer(eng, r, []string{"-v", "/hello", img.ID, "stat", "-c", "%U %G", "/hello"}, t)
-	if !strings.Contains(stdout1, "daemon daemon") {
-		t.Fatal("Container failed to transfer uid and gid to volume")
-	}
-
-	container2, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && chown daemon.daemon /hello"}, t)
-	defer r.Destroy(container1)
-
-	if container2.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-	if err := container2.Run(); err != nil {
-		t.Fatal(err)
-	}
-	if container2.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-
-	img2, err := r.Commit(container2, "", "", "unit test commited image", "", true, nil)
-	if err != nil {
-		t.Error(err)
-	}
-
-	// Test that the uid and gid is copied from the image to the volume
-	tmpDir2 := tempDir(t)
-	defer os.RemoveAll(tmpDir2)
-	stdout2, _ := runContainer(eng, r, []string{"-v", "/hello", img2.ID, "stat", "-c", "%U %G", "/hello"}, t)
-	if !strings.Contains(stdout2, "daemon daemon") {
-		t.Fatal("Container failed to transfer uid and gid to volume")
-	}
-}
-
 // Test for #1582
 func TestCopyVolumeContent(t *testing.T) {
 	eng := NewTestEngine(t)

From d628315a5252cd1c54437a24f4e94081c958a67d Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Thu, 17 Jul 2014 21:36:45 +0400
Subject: [PATCH 186/516] Move TestCopyVolumeContent to integration-cli

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: e88487b321fba4d1a6d9dcd080ec5b9ae024865e
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 24 +++++++++++++
 .../engine/integration/container_test.go      | 34 -------------------
 2 files changed, 24 insertions(+), 34 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 6be4d92d7b..293c835f5e 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1390,3 +1390,27 @@ func TestCopyVolumeUidGid(t *testing.T) {
 
 	logDone("run - copy uid/gid for volume")
 }
+
+// Test for #1582
+func TestCopyVolumeContent(t *testing.T) {
+	name := "testruncopyvolumecontent"
+	defer deleteImages(name)
+	defer deleteAllContainers()
+	_, err := buildImage(name,
+		`FROM busybox
+		RUN mkdir -p /hello/local && echo hello > /hello/local/world`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Test that the content is copied from the image to the volume
+	cmd := exec.Command(dockerBinary, "run", "--rm", "-v", "/hello", name, "sh", "-c", "find", "/hello")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if !(strings.Contains(out, "/hello/local/world") && strings.Contains(out, "/hello/local")) {
+		t.Fatal("Container failed to transfer content to volume")
+	}
+}
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index ebef2bd4cf..cd2b9ba070 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -370,40 +370,6 @@ func tempDir(t *testing.T) string {
 	return tmpDir
 }
 
-// Test for #1582
-func TestCopyVolumeContent(t *testing.T) {
-	eng := NewTestEngine(t)
-	r := mkDaemonFromEngine(eng, t)
-	defer r.Nuke()
-
-	// Put some content in a directory of a container and commit it
-	container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello/local && echo hello > /hello/local/world"}, t)
-	defer r.Destroy(container1)
-
-	if container1.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-	if err := container1.Run(); err != nil {
-		t.Fatal(err)
-	}
-	if container1.State.IsRunning() {
-		t.Errorf("Container shouldn't be running")
-	}
-
-	img, err := r.Commit(container1, "", "", "unit test commited image", "", true, nil)
-	if err != nil {
-		t.Error(err)
-	}
-
-	// Test that the content is copied from the image to the volume
-	tmpDir1 := tempDir(t)
-	defer os.RemoveAll(tmpDir1)
-	stdout1, _ := runContainer(eng, r, []string{"-v", "/hello", img.ID, "find", "/hello"}, t)
-	if !(strings.Contains(stdout1, "/hello/local/world") && strings.Contains(stdout1, "/hello/local")) {
-		t.Fatal("Container failed to transfer content to volume")
-	}
-}
-
 func TestBindMounts(t *testing.T) {
 	eng := NewTestEngine(t)
 	r := mkDaemonFromEngine(eng, t)

From 992eebc368b5a3749b80ad67ab1f68000edb09ed Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 19 Jul 2014 12:04:27 -0600
Subject: [PATCH 187/516] Adjust Travis to also compile, to test that
 compilation still succeeds

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 3cff015169f5ca215a42f81650edc9f31095dd6f
Component: engine
---
 components/engine/.travis.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index 1e8d41184c..d25d0b3962 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -11,7 +11,8 @@ go: 1.2.1
 sudo: false
 
 # Disable the normal go build.
-install: true
+install:
+  - export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper' # btrfs and devicemapper fail to compile thanks to a couple missing headers (which we can't install thanks to "sudo: false")
 
 before_script:
   - env | sort
@@ -19,5 +20,6 @@ before_script:
 script:
   - hack/make.sh validate-dco
   - hack/make.sh validate-gofmt
+  - AUTO_GOPATH=1 ./hack/make.sh dynbinary
 
 # vim:set sw=2 ts=2:

From e6ce9e7e5d7ad5a3117872a0bf2e0b21135f3f40 Mon Sep 17 00:00:00 2001
From: Marc Abramowitz <msabramo@gmail.com>
Date: Sun, 20 Jul 2014 17:05:37 -0700
Subject: [PATCH 188/516] Fix minor grammar issues in dockervolumes.md
 Upstream-commit: 4ac6375790fe0c7bc9c1bb9c3fdc67db233ff8cb Component: engine

---
 components/engine/docs/sources/userguide/dockervolumes.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 02efbf7c1f..ffa67a3067 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -59,9 +59,10 @@ absolute path and if the directory doesn't exist Docker will automatically
 create it for you.
 
 > **Note:** 
-> This is not available from a `Dockerfile` due the portability
+> This is not available from a `Dockerfile` due to the portability
 > and sharing purpose of it. As the host directory is, by its nature,
-> host-dependent it might not work all hosts.
+> host-dependent, a host directory specified in a `Dockerfile` probably
+> wouldn't work on all hosts.
 
 Docker defaults to a read-write volume but we can also mount a directory
 read-only.

From afa8623ab8739f70b83c576a9f8f574f43a4c898 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Wed, 25 Jun 2014 11:59:43 +1000
Subject: [PATCH 189/516] initial work to make a mockup

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 8a4b79ca5016ae8de0f530ae394064dc5142e5a6
Component: engine
---
 components/engine/docs/theme/mkdocs/base.html | 23 ++++++++++++++++---
 .../engine/docs/theme/mkdocs/css/main.css     |  9 +++++---
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 8f2bd0603a..0768b4c8f9 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -48,11 +48,28 @@
   <div id="content" class="container">
 {% if current_page.title != '**HIDDEN**' %}
     <div class="row" id="top-header">
-      <div class="span8">
+      <div class="span7">
         <h1 class="header2">{{ current_page.title }}</h1>
       </div>
-      <div class="span4 text-right edit-on-github">
-        <a class="home-link3" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" class="tertiary-nav">Edit on GitHub</a>
+      <div class="span5">
+        <div class="span2 NOtext-right edit-on-github">
+		<a class="home-link3 tertiary-nav" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a>
+        </div>
+        <div id="versionnav" class="span2 pull-right">
+          <ul class="nav version">
+            <li class="dropdown">
+              <a id="logged-in-header-username" class="dropdown-toggle" data-toggle="dropdown" href="#">
+  	  	  Latest (v1.3)
+              </a>
+              <ul class="dropdown-menu pull-right">
+                <li><a href="https://hub.docker.com/">v1.3</a></li>
+                <li><a href="https://hub.docker.com/">v1.2</a></li>
+                <li><a href="https://hub.docker.com/">v1.1</a></li>
+                <li><a href="https://hub.docker.com/">v1.0</a></li>
+              </ul>
+            </li>
+          </ul>
+        </div>
       </div>
     </div>
 {% endif %}
diff --git a/components/engine/docs/theme/mkdocs/css/main.css b/components/engine/docs/theme/mkdocs/css/main.css
index 6b6ec3f731..3375f797da 100644
--- a/components/engine/docs/theme/mkdocs/css/main.css
+++ b/components/engine/docs/theme/mkdocs/css/main.css
@@ -847,7 +847,8 @@ div + .form-inline {
 .navbar #usernav .nav li {
   padding-top: 15px;
 }
-.navbar #usernav .nav li a {
+.navbar #usernav .nav li a,
+#versionnav .nav li a.dropdown-toggle {
   font-size: 14px;
   font-weight: 400;
   color: #394d54;
@@ -856,10 +857,12 @@ div + .form-inline {
   padding: 0 20px 0 0;
   background: url("../img/nav/caret-down-user-icon.svg") no-repeat 100% 50%;
 }
-.navbar #usernav .nav li a:hover {
+.navbar #usernav .nav li a:hover,
+#versionnav .nav li a.dropdown-toggle:hover {
   background-image: url("../img/nav/caret-down-user-icon-over.svg");
 }
-.navbar #usernav .nav li ul li {
+.navbar #usernav .nav li ul li,
+#versionnav .version {
   padding: 0;
   margin: 0;
   height: 28px;

From 9bc7000fc7a2f3ccc0d98eb7bb254e80e5e569cc Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Wed, 16 Jul 2014 14:48:12 +1000
Subject: [PATCH 190/516] The UX spec

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: c550ad59006c6a0c99b88581bb4378accea63043
Component: engine
---
 components/engine/docs/theme/mkdocs/base.html | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 0768b4c8f9..04095141ea 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -52,20 +52,19 @@
         <h1 class="header2">{{ current_page.title }}</h1>
       </div>
       <div class="span5">
-        <div class="span2 NOtext-right edit-on-github">
-		<a class="home-link3 tertiary-nav" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a>
-        </div>
         <div id="versionnav" class="span2 pull-right">
           <ul class="nav version">
             <li class="dropdown">
               <a id="logged-in-header-username" class="dropdown-toggle" data-toggle="dropdown" href="#">
-  	  	  Latest (v1.3)
+  	  	  Latest (Version 1.3)
               </a>
               <ul class="dropdown-menu pull-right">
-                <li><a href="https://hub.docker.com/">v1.3</a></li>
-                <li><a href="https://hub.docker.com/">v1.2</a></li>
-                <li><a href="https://hub.docker.com/">v1.1</a></li>
-                <li><a href="https://hub.docker.com/">v1.0</a></li>
+                <li><a href="https://hub.docker.com/">Version 1.3</a></li>
+                <li><a href="https://hub.docker.com/">Version 1.2</a></li>
+                <li><a href="https://hub.docker.com/">Version 1.1</a></li>
+                <li><a href="https://hub.docker.com/">Version 1.0</a></li>
+		<li role="presentation" class="divider"></li>
+		<li> <a class="home-link3 tertiary-nav" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a></li>
               </ul>
             </li>
           </ul>

From b3754356a2475ac9935fea47ab436cb22d88f3aa Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Mon, 21 Jul 2014 15:51:14 +1000
Subject: [PATCH 191/516] dynamically load a /versions.html_fragment file so
 that all old versions get the complete dropdown list of versions to select

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 5cd0f0824d04a73fb798207231b47157a51604d5
Component: engine
---
 components/engine/docs/Dockerfile             |  3 +++
 components/engine/docs/release.sh             | 10 ++++----
 components/engine/docs/theme/mkdocs/base.html | 24 ++++++++++++-------
 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/components/engine/docs/Dockerfile b/components/engine/docs/Dockerfile
index 329646ed01..516a6d843a 100644
--- a/components/engine/docs/Dockerfile
+++ b/components/engine/docs/Dockerfile
@@ -27,10 +27,13 @@ ADD	MAINTAINERS /docs/sources/humans.txt
 WORKDIR	/docs
 
 RUN	VERSION=$(cat /docs/VERSION)								&&\
+        MAJOR_MINOR="${VERSION%.*}"								&&\
+	for i in $(seq $MAJOR_MINOR -0.1 1.0) ; do echo "<li><a class='version' href='/v$i'>Version v$i</a></li>" ; done > /docs/sources/versions.html_fragment &&\
 	GIT_BRANCH=$(cat /docs/GIT_BRANCH)							&&\
 	GITCOMMIT=$(cat /docs/GITCOMMIT)							&&\
 	AWS_S3_BUCKET=$(cat /docs/AWS_S3_BUCKET)						&&\
 	sed -i "s/\$VERSION/$VERSION/g" /docs/theme/mkdocs/base.html				&&\
+	sed -i "s/\$MAJOR_MINOR/v$MAJOR_MINOR/g" /docs/theme/mkdocs/base.html			&&\
 	sed -i "s/\$GITCOMMIT/$GITCOMMIT/g" /docs/theme/mkdocs/base.html			&&\
 	sed -i "s/\$GIT_BRANCH/$GIT_BRANCH/g" /docs/theme/mkdocs/base.html			&&\
 	sed -i "s/\$AWS_S3_BUCKET/$AWS_S3_BUCKET/g" /docs/theme/mkdocs/base.html
diff --git a/components/engine/docs/release.sh b/components/engine/docs/release.sh
index f6dc2ec59f..de54eb3f5f 100755
--- a/components/engine/docs/release.sh
+++ b/components/engine/docs/release.sh
@@ -27,6 +27,10 @@ if [ "$$AWS_S3_BUCKET" == "docs.docker.com" ]; then
 	fi
 fi
 
+# Remove the last version - 1.0.2-dev -> 1.0
+MAJOR_MINOR="v${VERSION%.*}"
+export MAJOR_MINOR
+
 export BUCKET=$AWS_S3_BUCKET
 
 export AWS_CONFIG_FILE=$(pwd)/awsconfig
@@ -69,7 +73,8 @@ upload_current_documentation() {
 
 	# a really complicated way to send only the files we want
 	# if there are too many in any one set, aws s3 sync seems to fall over with 2 files to go
-	endings=( json html xml css js gif png JPG ttf svg woff)
+	#  versions.html_fragment
+	endings=( json html xml css js gif png JPG ttf svg woff html_fragment )
 	for i in ${endings[@]}; do
 		include=""
 		for j in ${endings[@]}; do
@@ -104,9 +109,6 @@ setup_s3
 build_current_documentation
 upload_current_documentation
 
-# Remove the last version - 1.0.2-dev -> 1.0
-MAJOR_MINOR="v${VERSION%.*}"
-
 #build again with /v1.0/ prefix
 sed -i "s/^site_url:.*/site_url: \/$MAJOR_MINOR\//" mkdocs.yml
 build_current_documentation
diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 04095141ea..6505e26fcd 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -4,7 +4,7 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-{% set docker_version = "$VERSION" %}{% set docker_commit = "$GITCOMMIT" %}{% set docker_branch = "$GIT_BRANCH" %}{% set aws_bucket = "$AWS_S3_BUCKET" %}
+  {% set docker_version = "$VERSION" %}{% set major_minor = "$MAJOR_MINOR" %}{% set docker_commit = "$GITCOMMIT" %}{% set docker_branch = "$GIT_BRANCH" %}{% set aws_bucket = "$AWS_S3_BUCKET" %}
   <meta name="docker_version" content="{{ docker_version }}">
   <meta name="docker_git_branch" content="{{ docker_branch }}">
   <meta name="docker_git_commit" content="{{ docker_commit }}">
@@ -52,17 +52,13 @@
         <h1 class="header2">{{ current_page.title }}</h1>
       </div>
       <div class="span5">
-        <div id="versionnav" class="span2 pull-right">
-          <ul class="nav version">
+        <div id="versionnav" class="span3 pull-right">
+          <ul class="nav version pull-right">
             <li class="dropdown">
               <a id="logged-in-header-username" class="dropdown-toggle" data-toggle="dropdown" href="#">
-  	  	  Latest (Version 1.3)
+		      Latest (Version {{ major_minor }})
               </a>
-              <ul class="dropdown-menu pull-right">
-                <li><a href="https://hub.docker.com/">Version 1.3</a></li>
-                <li><a href="https://hub.docker.com/">Version 1.2</a></li>
-                <li><a href="https://hub.docker.com/">Version 1.1</a></li>
-                <li><a href="https://hub.docker.com/">Version 1.0</a></li>
+              <ul id="documentation-version-list" class="dropdown-menu pull-right">
 		<li role="presentation" class="divider"></li>
 		<li> <a class="home-link3 tertiary-nav" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a></li>
               </ul>
@@ -148,6 +144,16 @@ piCId = '1482';
   });
   $(document).ready(function() {
     $('#content').css("min-height", $(window).height() - 553 );
+    // load the complete versions list
+    $.get("/versions.html_fragment", function( data ) {
+    	$('#documentation-version-list').prepend(data);
+	//remove any "/v1.1/" bits from font.
+	path = document.location.pathname.replace(/^\/v\d\.\d/, "");
+	$('#documentation-version-list a.version').each(function(i, e) {
+		e.href = e.href+path;
+		$(e).removeClass()
+	});
+    });
   })
   var userName = getCookie('docker_sso_username');
   if (userName) {

From cec25b5ea24535b6027e9938be2bc4c194120f99 Mon Sep 17 00:00:00 2001
From: Rudolph Gottesheim <r.gottesheim@loot.at>
Date: Mon, 21 Jul 2014 10:34:54 +0200
Subject: [PATCH 192/516] Fix a typo in the tutorial Upstream-commit:
 9ff7bbe0ac4172ea15242218e9ac4668eddc1e7f Component: engine

---
 components/engine/docs/sources/examples/nodejs_web_app.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/examples/nodejs_web_app.md b/components/engine/docs/sources/examples/nodejs_web_app.md
index ad99c9bf84..03c48b5175 100644
--- a/components/engine/docs/sources/examples/nodejs_web_app.md
+++ b/components/engine/docs/sources/examples/nodejs_web_app.md
@@ -127,7 +127,7 @@ Your `Dockerfile` should now look like this:
 ## Building your image
 
 Go to the directory that has your `Dockerfile` and run the following command
-to build a Docker image. The `-t` flag let's you tag your image so it's easier
+to build a Docker image. The `-t` flag lets you tag your image so it's easier
 to find later using the `docker images` command:
 
     $ sudo docker build -t <your username>/centos-node-hello .

From c7d63374580bd505b56c3473ed0bc41a333e2b29 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 27 Jun 2014 15:04:28 +0300
Subject: [PATCH 193/516] resumablerequestreader: allow initial response

Make it possible to inspect an initial response and pass it to
ResumableRequestReader. This makes it possible to inspect an initial
response and passing it to ResumableRequestReader to avoid making an
extra request.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: f033ce3ee9ee055612acacde537687e41865e14f
Component: engine
---
 components/engine/utils/resumablerequestreader.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/engine/utils/resumablerequestreader.go b/components/engine/utils/resumablerequestreader.go
index e01f4e6d71..bed202ec0c 100644
--- a/components/engine/utils/resumablerequestreader.go
+++ b/components/engine/utils/resumablerequestreader.go
@@ -24,6 +24,10 @@ func ResumableRequestReader(c *http.Client, r *http.Request, maxfail uint32, tot
 	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize}
 }
 
+func ResumableRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser {
+	return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse}
+}
+
 func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
 	if r.client == nil || r.request == nil {
 		return 0, fmt.Errorf("client and request can't be nil\n")

From 43007a03a714aa20e4e2033d0a85e138d3e86460 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 27 Jun 2014 15:10:30 +0300
Subject: [PATCH 194/516] get layer: remove HEAD req & pass down response

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: c47ebe7a351bc639028cd48aed9d2fa2310a2a65
Component: engine
---
 components/engine/registry/registry.go | 56 +++++++++++---------------
 1 file changed, 23 insertions(+), 33 deletions(-)

diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 748636dca8..57795f1c34 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -390,52 +390,42 @@ func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([
 
 func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, imgSize int64) (io.ReadCloser, error) {
 	var (
-		retries   = 5
-		headRes   *http.Response
-		client    *http.Client
-		hasResume bool = false
-		imageURL       = fmt.Sprintf("%simages/%s/layer", registry, imgID)
+		retries  = 5
+		client   *http.Client
+		res      *http.Response
+		imageURL = fmt.Sprintf("%simages/%s/layer", registry, imgID)
 	)
-	headReq, err := r.reqFactory.NewRequest("HEAD", imageURL, nil)
-	if err != nil {
-		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
-	}
-
-	setTokenAuth(headReq, token)
-	for i := 1; i <= retries; i++ {
-		headRes, client, err = r.doRequest(headReq)
-		if err != nil && i == retries {
-			return nil, fmt.Errorf("Eror while making head request: %s\n", err)
-		} else if err != nil {
-			time.Sleep(time.Duration(i) * 5 * time.Second)
-			continue
-		}
-		break
-	}
-
-	if headRes.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
-		hasResume = true
-	}
 
 	req, err := r.reqFactory.NewRequest("GET", imageURL, nil)
 	if err != nil {
 		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
 	}
 	setTokenAuth(req, token)
-	if hasResume {
-		utils.Debugf("server supports resume")
-		return utils.ResumableRequestReader(client, req, 5, imgSize), nil
-	}
-	utils.Debugf("server doesn't support resume")
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, err
+	for i := 1; i <= retries; i++ {
+		res, client, err = r.doRequest(req)
+		if err != nil {
+			res.Body.Close()
+			if i == retries {
+				return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
+					res.StatusCode, imgID)
+			}
+			time.Sleep(time.Duration(i) * 5 * time.Second)
+			continue
+		}
+		break
 	}
+
 	if res.StatusCode != 200 {
 		res.Body.Close()
 		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
 			res.StatusCode, imgID)
 	}
+
+	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
+		utils.Debugf("server supports resume")
+		return utils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
+	}
+	utils.Debugf("server doesn't support resume")
 	return res.Body, nil
 }
 

From 21d78da869fd824fb09716916454013245fdc72c Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Fri, 18 Jul 2014 17:15:47 -0700
Subject: [PATCH 195/516] docs/installation/google: update gcloud options

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: e1bb99d925895f4eaec54e7b8254f5250dfeb7dd
Component: engine
---
 components/engine/docs/sources/installation/google.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/google.md b/components/engine/docs/sources/installation/google.md
index c796d7bb5d..fa2fa61fc9 100644
--- a/components/engine/docs/sources/installation/google.md
+++ b/components/engine/docs/sources/installation/google.md
@@ -20,7 +20,8 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput
    (select a zone close to you and the desired instance size)
 
         $ gcloud compute instances create docker-playground \
-          --image https://www.googleapis.com/compute/v1/projects/google-containers/global/images/container-vm-v20140710 \
+          --image container-vm-v20140710 \
+          --image-project google-containers \
           --zone us-central1-a \
           --machine-type f1-micro
 

From 41d8a0c6c0268ba69fe16a5f8b825e46da1258a7 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 21 Jul 2014 11:55:43 -0700
Subject: [PATCH 196/516] integration-cli: add more tests for BuildAddTar

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: 30519330c723374526e7dbfc14807cc8da86c2c0
Component: engine
---
 .../build_tests/TestBuildAddTar/1/Dockerfile  |   3 --
 .../build_tests/TestBuildAddTar/2/Dockerfile  |   3 --
 .../build_tests/TestBuildAddTar/2/test.tar    | Bin 2560 -> 0 bytes
 .../build_tests/TestBuildAddTar/Dockerfile    |  14 ++++++++
 .../TestBuildAddTar/{1 => }/test.tar          | Bin
 .../integration-cli/docker_cli_build_test.go  |  33 ++++--------------
 6 files changed, 20 insertions(+), 33 deletions(-)
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile
 rename components/engine/integration-cli/build_tests/TestBuildAddTar/{1 => }/test.tar (100%)

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
deleted file mode 100644
index 2091b0e4d9..0000000000
--- a/components/engine/integration-cli/build_tests/TestBuildAddTar/1/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM busybox
-ADD test.tar /test.tar
-RUN cat /test.tar/test/foo
diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
deleted file mode 100644
index 830e9ddbee..0000000000
--- a/components/engine/integration-cli/build_tests/TestBuildAddTar/2/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM busybox
-ADD test.tar /
-RUN cat /test/foo
diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar b/components/engine/integration-cli/build_tests/TestBuildAddTar/2/test.tar
deleted file mode 100644
index 33639c647642cce352588cd4f13c021a0b222455..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2560
zcmeH^K?=k$2t~7=Q+R`M8WXQD*XTe4T?Ja_{$rYUGtle;h3ZC(V!rRow93=<4MgM+
zz?B?p#(}n4pSFP4;6r3aW(L%P$U*2Ut8V|UGA=4j=1*Q4AL>|2jsAW|IZ^`}lb32q
t@jvC<Q<U<ERQ*2j-~ajVk-P)!DeBmLbN}D-;~-(#2p9n)U<7VN;0Ma)EL;Ep

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile
new file mode 100644
index 0000000000..df4e9c9016
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile
@@ -0,0 +1,14 @@
+FROM busybox
+ADD test.tar /
+RUN cat /test/foo | grep Hi
+ADD test.tar /test.tar
+RUN cat /test.tar/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist
+RUN cat /unlikely-to-exist/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist-trailing-slash/
+RUN cat /unlikely-to-exist-trailing-slash/test/foo | grep Hi
+RUN mkdir /existing-directory
+ADD test.tar /existing-directory
+RUN cat /existing-directory/test/foo | grep Hi
+ADD test.tar /existing-directory-trailing-slash/
+RUN cat /existing-directory-trailing-slash/test/foo | grep Hi
diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/1/test.tar b/components/engine/integration-cli/build_tests/TestBuildAddTar/test.tar
similarity index 100%
rename from components/engine/integration-cli/build_tests/TestBuildAddTar/1/test.tar
rename to components/engine/integration-cli/build_tests/TestBuildAddTar/test.tar
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 3b1c1c230e..66bbbf6dcd 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1747,33 +1747,12 @@ RUN [ "$(cat /testfile)" = 'test!' ]`
 func TestBuildAddTar(t *testing.T) {
 	name := "testbuildaddtar"
 	defer deleteImages(name)
-	checkOutput := func(out string) {
-		n := -1
-		x := ""
-		for i, line := range strings.Split(out, "\n") {
-			if strings.HasPrefix(line, "Step 2") {
-				n = i + 2
-				x = line[strings.Index(line, "cat ")+4:]
-			}
-			if i == n {
-				if line != "Hi" {
-					t.Fatalf("Could not find contents of %s (expected 'Hi' got '%s'", x, line)
-				}
-				n = -2
-			}
-		}
-		if n > -2 {
-			t.Fatalf("Could not find contents of %s in build output", x)
-		}
-	}
 
-	for _, n := range []string{"1", "2"} {
-		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar", n)
-		buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
-		buildCmd.Dir = buildDirectory
-		out, _, err := runCommandWithOutput(buildCmd)
-		errorOut(err, t, fmt.Sprintf("build failed to complete for TestBuildAddTar/%s: %v", n, err))
-		checkOutput(out)
-	}
+        buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar")
+        buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
+        buildCmd.Dir = buildDirectory
+        out, _, err := runCommandWithOutput(buildCmd)
+        errorOut(err, t, fmt.Sprintf("build failed to complete for TestBuildAddTar/%s: %v", n, err))
+
 	logDone("build - ADD tar")
 }

From 5d850a0bb672387ea8794f111f52fda258f090cb Mon Sep 17 00:00:00 2001
From: soulshake <amy@gandi.net>
Date: Mon, 21 Jul 2014 12:18:59 -0700
Subject: [PATCH 197/516] Resolve merge conflict, attempt 3

Docker-DCO-1.1-Signed-off-by: AJ Bowen <aj@gandi.net> (github: soulshake)
Upstream-commit: 319a8a241e0b9182ea309b886e2d23e2f4d73c6c
Component: engine
---
 .../engine/docs/sources/articles/https.md     | 44 +++++++++----------
 1 file changed, 21 insertions(+), 23 deletions(-)

diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index 7b801889ab..eca15b543d 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -1,5 +1,5 @@
 page_title: Docker HTTPS Setup
-page_description: How to setup docker with https
+page_description: How to set Docker up with https
 page_keywords: docker, example, https, daemon
 
 # Running Docker with https
@@ -7,17 +7,17 @@ page_keywords: docker, example, https, daemon
 By default, Docker runs via a non-networked Unix socket. It can also
 optionally communicate using a HTTP socket.
 
-If you need Docker reachable via the network in a safe manner, you can
-enable TLS by specifying the tlsverify flag and pointing Docker's
-tlscacert flag to a trusted CA certificate.
+If you need Docker to be reachable via the network in a safe manner, you can
+enable TLS by specifying the `tlsverify` flag and pointing Docker's
+`tlscacert` flag to a trusted CA certificate.
 
 In daemon mode, it will only allow connections from clients
 authenticated by a certificate signed by that CA. In client mode, it
 will only connect to servers with a certificate signed by that CA.
 
 > **Warning**: 
-> Using TLS and managing a CA is an advanced topic. Please make you self
-> familiar with OpenSSL, x509 and TLS before using it in production.
+> Using TLS and managing a CA is an advanced topic. Please familiarize yourself
+> with OpenSSL, x509 and TLS before using it in production.
 
 > **Warning**:
 > These TLS commands will only generate a working set of certificates on Linux.
@@ -34,11 +34,11 @@ keys:
     $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
 
 Now that we have a CA, you can create a server key and certificate
-signing request. Make sure that "Common Name (e.g. server FQDN or YOUR
-name)" matches the hostname you will use to connect to Docker:
+signing request (CSR). Make sure that "Common Name" (i.e. server FQDN or YOUR
+name) matches the hostname you will use to connect to Docker:
 
     $ openssl genrsa -des3 -out server-key.pem 2048
-    $ openssl req -subj '/CN=**<Your Hostname Here>**' -new -key server-key.pem -out server.csr
+    $ openssl req -subj '/CN=<Your Hostname Here>' -new -key server-key.pem -out server.csr
 
 Next we're going to sign the key with our CA:
 
@@ -51,7 +51,7 @@ request:
     $ openssl genrsa -des3 -out client-key.pem 2048
     $ openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
 
-To make the key suitable for client authentication, create a extensions
+To make the key suitable for client authentication, create an extensions
 config file:
 
     $ echo extendedKeyUsage = clientAuth > extfile.cnf
@@ -61,8 +61,7 @@ Now sign the key:
     $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
       -out client-cert.pem -extfile extfile.cnf
 
-Finally you need to remove the passphrase from the client and server
-key:
+Finally, you need to remove the passphrase from the client and server key:
 
     $ openssl rsa -in server-key.pem -out server-key.pem
     $ openssl rsa -in client-key.pem -out client-key.pem
@@ -83,9 +82,8 @@ need to provide your client keys, certificates and trusted CA:
 > Docker over TLS should run on TCP port 2376.
 
 > **Warning**: 
-> As shown in the example above, you don't have to run the
-> `docker` client with `sudo` or
-> the `docker` group when you use certificate
+> As shown in the example above, you don't have to run the `docker` client 
+> with `sudo` or the `docker` group when you use certificate
 > authentication. That means anyone with the keys can give any
 > instructions to your Docker daemon, giving them root access to the
 > machine hosting the daemon. Guard these keys as you would a root
@@ -112,20 +110,20 @@ Docker in various other modes by mixing the flags.
 
 ### Daemon modes
 
- - tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients
- - tls, tlscert, tlskey: Do not authenticate clients
+ - `tlsverify`, `tlscacert`, `tlscert`, `tlskey` set: Authenticate clients
+ - `tls`, `tlscert`, `tlskey`: Do not authenticate clients
 
 ### Client modes
 
- - tls: Authenticate server based on public/default CA pool
- - tlsverify, tlscacert: Authenticate server based on given CA
- - tls, tlscert, tlskey: Authenticate with client certificate, do not
+ - `tls`: Authenticate server based on public/default CA pool
+ - `tlsverify`, `tlscacert`: Authenticate server based on given CA
+ - `tls`, `tlscert`, `tlskey`: Authenticate with client certificate, do not
    authenticate server based on given CA
- - tlsverify, tlscacert, tlscert, tlskey: Authenticate with client
-   certificate, authenticate server based on given CA
+ - `tlsverify`, `tlscacert`, `tlscert`, `tlskey`: Authenticate with client
+   certificate and authenticate server based on given CA
 
 The client will send its client certificate if found, so you just need
-to drop your keys into ~/.docker/<ca, cert or key>.pem. Alternatively, if you
+to drop your keys into `~/.docker/<ca, cert or key>.pem`. Alternatively, if you
 want to store your keys in another location, you can specify that location
 using the environment variable `DOCKER_CONFIG`.
 

From c5f83694a2edf32b9c473e0723bdc8f655e10552 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 21 Jul 2014 12:10:47 -0700
Subject: [PATCH 198/516] integration-cli/TestBuildAddTar: generate context
 from test

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: 24c00c8508b33de4229280f0be2e7b5761d6ed0e
Component: engine
---
 .../build_tests/TestBuildAddTar/test.tar      | Bin 2560 -> 0 bytes
 .../integration-cli/docker_cli_build_test.go  |  50 ++++++++++++++++--
 2 files changed, 45 insertions(+), 5 deletions(-)
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/test.tar

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/test.tar b/components/engine/integration-cli/build_tests/TestBuildAddTar/test.tar
deleted file mode 100644
index 33639c647642cce352588cd4f13c021a0b222455..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2560
zcmeH^K?=k$2t~7=Q+R`M8WXQD*XTe4T?Ja_{$rYUGtle;h3ZC(V!rRow93=<4MgM+
zz?B?p#(}n4pSFP4;6r3aW(L%P$U*2Ut8V|UGA=4j=1*Q4AL>|2jsAW|IZ^`}lb32q
t@jvC<Q<U<ERQ*2j-~ajVk-P)!DeBmLbN}D-;~-(#2p9n)U<7VN;0Ma)EL;Ep

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 66bbbf6dcd..0cde4af086 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1,7 +1,10 @@
 package main
 
 import (
+	"archive/tar"
 	"fmt"
+	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -1748,11 +1751,48 @@ func TestBuildAddTar(t *testing.T) {
 	name := "testbuildaddtar"
 	defer deleteImages(name)
 
-        buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar")
-        buildCmd := exec.Command(dockerBinary, "build", "-t", name, ".")
-        buildCmd.Dir = buildDirectory
-        out, _, err := runCommandWithOutput(buildCmd)
-        errorOut(err, t, fmt.Sprintf("build failed to complete for TestBuildAddTar/%s: %v", n, err))
+	ctx := func() *FakeContext {
+		tmpDir, err := ioutil.TempDir("", "fake-context")
+		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
+		if err != nil {
+			t.Fatalf("failed to create test.tar archive: %v", err)
+		}
+		defer testTar.Close()
+
+		tw := tar.NewWriter(testTar)
+
+		if err := tw.WriteHeader(&tar.Header{
+			Name: "test/foo",
+			Size: 2,
+		}); err != nil {
+			t.Fatalf("failed to write tar file header: %v", err)
+		}
+		if _, err := tw.Write([]byte("Hi")); err != nil {
+			t.Fatalf("failed to write tar file content: %v", err)
+		}
+		if err := tw.Close(); err != nil {
+			t.Fatalf("failed to close tar archive: %v", err)
+		}
+
+		dockerfile, err := os.Open(filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar", "Dockerfile"))
+		if err != nil {
+			t.Fatalf("failed to open source dockerfile: %v", err)
+		}
+		defer dockerfile.Close()
+		dest, err := os.Create(filepath.Join(tmpDir, "Dockerfile"))
+		if err != nil {
+			t.Fatalf("failed to open destination dockerfile: %v", err)
+		}
+		if _, err := io.Copy(dest, dockerfile); err != nil {
+			t.Fatalf("failed top copy dockerfile: %v", err)
+		}
+		defer dest.Close()
+		return &FakeContext{Dir: tmpDir}
+	}()
+
+	if _, err := buildImageFromContext(name, ctx, true); err != nil {
+		t.Fatalf("build failed to complete for TestBuildAddTar: %v", err)
+	}
 
 	logDone("build - ADD tar")
 }

From c36c61ebfeda636678689b45649a175ebe16efc7 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Mon, 14 Jul 2014 19:31:19 +0300
Subject: [PATCH 199/516] archive: add buffers to operations with tarballs

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: a377844998f6a866d59bf356790f76d0d25bf01f
Component: engine
---
 components/engine/archive/archive.go | 23 +++++++++++++++++------
 components/engine/archive/changes.go |  4 +++-
 components/engine/archive/common.go  |  4 ++++
 components/engine/archive/diff.go    |  5 ++++-
 4 files changed, 28 insertions(+), 8 deletions(-)
 create mode 100644 components/engine/archive/common.go

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index bf6e0b7797..550ef3f040 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -131,7 +131,7 @@ func (compression *Compression) Extension() string {
 	return ""
 }
 
-func addTarFile(path, name string, tw *tar.Writer) error {
+func addTarFile(path, name string, tw *tar.Writer, twBuf *bufio.Writer) error {
 	fi, err := os.Lstat(path)
 	if err != nil {
 		return err
@@ -181,11 +181,18 @@ func addTarFile(path, name string, tw *tar.Writer) error {
 		if err != nil {
 			return err
 		}
-		if _, err := io.Copy(tw, file); err != nil {
-			file.Close()
+
+		twBuf.Reset(tw)
+		_, err = io.Copy(twBuf, file)
+		file.Close()
+		if err != nil {
 			return err
 		}
-		file.Close()
+		err = twBuf.Flush()
+		if err != nil {
+			return err
+		}
+		twBuf.Reset(nil)
 	}
 
 	return nil
@@ -328,6 +335,8 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 			options.Includes = []string{"."}
 		}
 
+		twBuf := bufio.NewWriterSize(nil, twBufSize)
+
 		for _, include := range options.Includes {
 			filepath.Walk(filepath.Join(srcPath, include), func(filePath string, f os.FileInfo, err error) error {
 				if err != nil {
@@ -355,7 +364,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 					}
 				}
 
-				if err := addTarFile(filePath, relFilePath, tw); err != nil {
+				if err := addTarFile(filePath, relFilePath, tw, twBuf); err != nil {
 					utils.Debugf("Can't add file %s to tar: %s\n", srcPath, err)
 				}
 				return nil
@@ -394,6 +403,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 	defer decompressedArchive.Close()
 
 	tr := tar.NewReader(decompressedArchive)
+	trBuf := bufio.NewReaderSize(nil, trBufSize)
 
 	var dirs []*tar.Header
 
@@ -439,7 +449,8 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 				}
 			}
 		}
-		if err := createTarFile(path, dest, hdr, tr, options == nil || !options.NoLchown); err != nil {
+		trBuf.Reset(tr)
+		if err := createTarFile(path, dest, hdr, trBuf, options == nil || !options.NoLchown); err != nil {
 			return err
 		}
 
diff --git a/components/engine/archive/changes.go b/components/engine/archive/changes.go
index 1e588b8eb5..154a527aec 100644
--- a/components/engine/archive/changes.go
+++ b/components/engine/archive/changes.go
@@ -1,6 +1,7 @@
 package archive
 
 import (
+	"bufio"
 	"bytes"
 	"fmt"
 	"io"
@@ -343,6 +344,7 @@ func ExportChanges(dir string, changes []Change) (Archive, error) {
 	tw := tar.NewWriter(writer)
 
 	go func() {
+		twBuf := bufio.NewWriterSize(nil, twBufSize)
 		// In general we log errors here but ignore them because
 		// during e.g. a diff operation the container can continue
 		// mutating the filesystem and we can see transient errors
@@ -365,7 +367,7 @@ func ExportChanges(dir string, changes []Change) (Archive, error) {
 				}
 			} else {
 				path := filepath.Join(dir, change.Path)
-				if err := addTarFile(path, change.Path[1:], tw); err != nil {
+				if err := addTarFile(path, change.Path[1:], tw, twBuf); err != nil {
 					utils.Debugf("Can't add file %s to tar: %s\n", path, err)
 				}
 			}
diff --git a/components/engine/archive/common.go b/components/engine/archive/common.go
new file mode 100644
index 0000000000..2aac34e840
--- /dev/null
+++ b/components/engine/archive/common.go
@@ -0,0 +1,4 @@
+package archive
+
+const twBufSize = 32 * 1024
+const trBufSize = 32 * 1024
diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go
index d169669126..34a887663d 100644
--- a/components/engine/archive/diff.go
+++ b/components/engine/archive/diff.go
@@ -1,6 +1,7 @@
 package archive
 
 import (
+	"bufio"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -32,6 +33,7 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
 	}
 
 	tr := tar.NewReader(layer)
+	trBuf := bufio.NewReaderSize(nil, trBufSize)
 
 	var dirs []*tar.Header
 
@@ -108,7 +110,8 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
 				}
 			}
 
-			srcData := io.Reader(tr)
+			trBuf.Reset(tr)
+			srcData := io.Reader(trBuf)
 			srcHdr := hdr
 
 			// Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so

From 597e28c8ddf76f8908b936932c73c87e7bf3492f Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 16 Jul 2014 21:50:02 +0300
Subject: [PATCH 200/516] archive: add a benchmark for TarUntar

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 76429cc11f6e2bd731e9ee77a2a538f15ef80eea
Component: engine
---
 components/engine/archive/archive_test.go | 39 +++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/components/engine/archive/archive_test.go b/components/engine/archive/archive_test.go
index 61ee0af8e7..1a68234129 100644
--- a/components/engine/archive/archive_test.go
+++ b/components/engine/archive/archive_test.go
@@ -199,3 +199,42 @@ func TestUntarUstarGnuConflict(t *testing.T) {
 		t.Fatalf("%s not found in the archive", "root/.cpanm/work/1395823785.24209/Plack-1.0030/blib/man3/Plack::Middleware::LighttpdScriptNameFix.3pm")
 	}
 }
+
+func prepareUntarSourceDirectory(numberOfFiles int, targetPath string) (int, error) {
+	fileData := []byte("fooo")
+	for n := 0; n < numberOfFiles; n++ {
+		fileName := fmt.Sprintf("file-%d", n)
+		if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
+			return 0, err
+		}
+	}
+	totalSize := numberOfFiles * len(fileData)
+	return totalSize, nil
+}
+
+func BenchmarkTarUntar(b *testing.B) {
+	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
+	if err != nil {
+		b.Fatal(err)
+	}
+	tempDir, err := ioutil.TempDir("", "docker-test-untar-destination")
+	if err != nil {
+		b.Fatal(err)
+	}
+	target := path.Join(tempDir, "dest")
+	n, err := prepareUntarSourceDirectory(100, origin)
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.ResetTimer()
+	b.SetBytes(int64(n))
+	defer os.RemoveAll(origin)
+	defer os.RemoveAll(tempDir)
+	for n := 0; n < b.N; n++ {
+		err := TarUntar(origin, target)
+		if err != nil {
+			b.Fatal(err)
+		}
+		os.RemoveAll(target)
+	}
+}

From 07d7985c4e51042e815a1c148fca463125ec5c74 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 21 Jul 2014 15:02:31 -0700
Subject: [PATCH 201/516] integration-cli/TestBuildAddTar: embed Dockerfile

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: 5d8e80ba8da808fb70d529711359e2d826db2407
Component: engine
---
 .../build_tests/TestBuildAddTar/Dockerfile    | 14 ----------
 .../integration-cli/docker_cli_build_test.go  | 28 +++++++++++--------
 2 files changed, 16 insertions(+), 26 deletions(-)
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile

diff --git a/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile
deleted file mode 100644
index df4e9c9016..0000000000
--- a/components/engine/integration-cli/build_tests/TestBuildAddTar/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM busybox
-ADD test.tar /
-RUN cat /test/foo | grep Hi
-ADD test.tar /test.tar
-RUN cat /test.tar/test/foo | grep Hi
-ADD test.tar /unlikely-to-exist
-RUN cat /unlikely-to-exist/test/foo | grep Hi
-ADD test.tar /unlikely-to-exist-trailing-slash/
-RUN cat /unlikely-to-exist-trailing-slash/test/foo | grep Hi
-RUN mkdir /existing-directory
-ADD test.tar /existing-directory
-RUN cat /existing-directory/test/foo | grep Hi
-ADD test.tar /existing-directory-trailing-slash/
-RUN cat /existing-directory-trailing-slash/test/foo | grep Hi
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 0cde4af086..32005e87ff 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -3,7 +3,6 @@ package main
 import (
 	"archive/tar"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -1752,6 +1751,21 @@ func TestBuildAddTar(t *testing.T) {
 	defer deleteImages(name)
 
 	ctx := func() *FakeContext {
+		dockerfile := `
+FROM busybox
+ADD test.tar /
+RUN cat /test/foo | grep Hi
+ADD test.tar /test.tar
+RUN cat /test.tar/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist
+RUN cat /unlikely-to-exist/test/foo | grep Hi
+ADD test.tar /unlikely-to-exist-trailing-slash/
+RUN cat /unlikely-to-exist-trailing-slash/test/foo | grep Hi
+RUN mkdir /existing-directory
+ADD test.tar /existing-directory
+RUN cat /existing-directory/test/foo | grep Hi
+ADD test.tar /existing-directory-trailing-slash/
+RUN cat /existing-directory-trailing-slash/test/foo | grep Hi`
 		tmpDir, err := ioutil.TempDir("", "fake-context")
 		testTar, err := os.Create(filepath.Join(tmpDir, "test.tar"))
 		if err != nil {
@@ -1774,19 +1788,9 @@ func TestBuildAddTar(t *testing.T) {
 			t.Fatalf("failed to close tar archive: %v", err)
 		}
 
-		dockerfile, err := os.Open(filepath.Join(workingDirectory, "build_tests", "TestBuildAddTar", "Dockerfile"))
-		if err != nil {
-			t.Fatalf("failed to open source dockerfile: %v", err)
-		}
-		defer dockerfile.Close()
-		dest, err := os.Create(filepath.Join(tmpDir, "Dockerfile"))
-		if err != nil {
+		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
 			t.Fatalf("failed to open destination dockerfile: %v", err)
 		}
-		if _, err := io.Copy(dest, dockerfile); err != nil {
-			t.Fatalf("failed top copy dockerfile: %v", err)
-		}
-		defer dest.Close()
 		return &FakeContext{Dir: tmpDir}
 	}()
 

From f24b5ec2fa2c96e96f1f4cca7721b645e894d294 Mon Sep 17 00:00:00 2001
From: Olivier Gambier <dmp42@users.noreply.github.com>
Date: Tue, 22 Jul 2014 01:26:14 +0200
Subject: [PATCH 202/516] Joining registry maintainers

Docker-DCO-1.1-Signed-off-by: Olivier Gambier <olivier@docker.com> (github: dmp42)
Upstream-commit: ebc05cbbea55d6a77f1ba159b7df4c4a9c6468f3
Component: engine
---
 components/engine/registry/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/registry/MAINTAINERS b/components/engine/registry/MAINTAINERS
index af791fb40c..6ed4e9d650 100644
--- a/components/engine/registry/MAINTAINERS
+++ b/components/engine/registry/MAINTAINERS
@@ -2,3 +2,4 @@ Sam Alba <sam@dotcloud.com> (@samalba)
 Joffrey Fuhrer <joffrey@dotcloud.com> (@shin-)
 Ken Cochrane <ken@dotcloud.com> (@kencochrane)
 Vincent Batts <vbatts@redhat.com> (@vbatts)
+Olivier Gambier <olivier@docker.com> (@dmp42)

From 25ed902e49b4ef38b62d9d06c04954da2156a13d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 21 Jul 2014 19:59:44 -0700
Subject: [PATCH 203/516] Always mark as stopped for non running containers
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: a091d949acd35d93c4f66af7bfad93a79b591990
 Component: engine

---
 components/engine/daemon/daemon.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index d3f73f413c..8d7d7764bc 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -209,6 +209,7 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 			}
 			daemon.execDriver.Terminate(cmd)
 		}
+
 		if err := container.Unmount(); err != nil {
 			utils.Debugf("unmount error %s", err)
 		}
@@ -219,21 +220,20 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 		info := daemon.execDriver.Info(container.ID)
 		if !info.IsRunning() {
 			utils.Debugf("Container %s was supposed to be running but is not.", container.ID)
+
+			utils.Debugf("Marking as stopped")
+
+			container.State.SetStopped(-127)
+			if err := container.ToDisk(); err != nil {
+				return err
+			}
+
 			if daemon.config.AutoRestart {
 				utils.Debugf("Marking as restarting")
-				if err := container.Unmount(); err != nil {
-					utils.Debugf("restart unmount error %s", err)
-				}
 
 				if containersToStart != nil {
 					*containersToStart = append(*containersToStart, container)
 				}
-			} else {
-				utils.Debugf("Marking as stopped")
-				container.State.SetStopped(-127)
-				if err := container.ToDisk(); err != nil {
-					return err
-				}
 			}
 		}
 	}

From 71d1cc48f004593497a75b9efb023540d9baf651 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 21 Jul 2014 22:00:26 -0600
Subject: [PATCH 204/516] Reorganize and clarify the DOCKER_BUILDTAGS docs

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 1b31a80eb78789834b8a7d4daff583f0b9a938ed
Component: engine
---
 components/engine/hack/PACKAGERS.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md
index 82d959c9e2..4312d5d3c0 100644
--- a/components/engine/hack/PACKAGERS.md
+++ b/components/engine/hack/PACKAGERS.md
@@ -152,11 +152,16 @@ directory, and the local "./vendor" directory as necessary.
 
 If you're building a binary that may need to be used on platforms that include
 AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
-
 ```bash
 export DOCKER_BUILDTAGS='apparmor'
 ```
 
+If you're building a binary that may need to be used on platforms that include
+SELinux, you will need to use the `selinux` build tag:
+```bash
+export DOCKER_BUILDTAGS='selinux'
+```
+
 There are build tags for disabling graphdrivers as well. By default, support
 for all graphdrivers are built in.
 
@@ -175,13 +180,9 @@ To disable aufs:
 export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 ```
 
-NOTE: if you need to set more than one build tag, space separate them.
-
-If you're building a binary that may need to be used on platforms that include
-SELinux, you will need to set `DOCKER_BUILDTAGS` as follows:
-
+NOTE: if you need to set more than one build tag, space separate them:
 ```bash
-export DOCKER_BUILDTAGS='selinux'
+export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
 ```
 
 ### Static Daemon

From eeb4d6b698b57aaf1a090536a5e7a4f030fef31b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 22 Jul 2014 00:16:26 -0700
Subject: [PATCH 205/516] Copy values out of hostConfig
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: ddb2086ca9e0991ca12e0771a0e581e782c57f50
 Component: engine

---
 components/engine/daemon/container.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 7062d6796b..fd3d79659f 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -446,8 +446,17 @@ func (container *Container) allocateNetwork() error {
 	if container.Config.ExposedPorts != nil {
 		portSpecs = container.Config.ExposedPorts
 	}
+
 	if container.hostConfig.PortBindings != nil {
-		bindings = container.hostConfig.PortBindings
+		for p, b := range container.hostConfig.PortBindings {
+			bindings[p] = []nat.PortBinding{}
+			for _, bb := range b {
+				bindings[p] = append(bindings[p], nat.PortBinding{
+					HostIp:   bb.HostIp,
+					HostPort: bb.HostPort,
+				})
+			}
+		}
 	}
 
 	container.NetworkSettings.PortMapping = nil

From eb7d72cb32123a51370b67048b009d0d0a859217 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Tue, 22 Jul 2014 17:21:03 +1000
Subject: [PATCH 206/516] the build cache is too agressive, and I am regularly
 getting builds using an old version - forcing the issue

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 3853a9c612e3d19dadea26153c9cebaec8cd67a4
Component: engine
---
 components/engine/docs/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/docs/Dockerfile b/components/engine/docs/Dockerfile
index 516a6d843a..e1f6c5b548 100644
--- a/components/engine/docs/Dockerfile
+++ b/components/engine/docs/Dockerfile
@@ -16,6 +16,9 @@ RUN	pip install mkdocs
 # this version works, the current versions fail in different ways
 RUN	pip install awscli==1.3.9
 
+# make sure the git clone is not an old cache - we've published old versions a few times now
+ENV	CACHE_BUST Jul2014
+
 # get my sitemap.xml branch of mkdocs and use that for now
 RUN	git clone https://github.com/SvenDowideit/mkdocs	&&\
 	cd mkdocs/						&&\

From 7bd6a5929be9959f4199a503bf6d7ce6d3e62487 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Tue, 22 Jul 2014 18:04:48 +1000
Subject: [PATCH 207/516] Add more details so I have more of an over-view of
 what I need to automate

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 3472c006c4246977eb4fd8c9d55ab416eb5c3d50
Component: engine
---
 components/engine/hack/RELEASE-CHECKLIST.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index c8daee4874..2209baa745 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -249,6 +249,16 @@ branch afterwards!
 
 ### 11. Update the docs branch
 
+If this is a MAJOR.MINOR.0 release, you need to make an branch for the previous release's
+documentation:
+
+```bash
+git checkout -b docs-$PREVIOUS_MAJOR_MINOR docs
+git fetch
+git reset --hard origin/docs
+git push -f origin docs-$PREVIOUS_MAJOR_MINOR
+```
+
 You will need the `awsconfig` file added to the `docs/` directory to contain the
 s3 credentials for the bucket you are deploying to.
 
@@ -257,13 +267,15 @@ git checkout -b docs release || git checkout docs
 git fetch
 git reset --hard origin/release
 git push -f origin docs
-make AWS_S3_BUCKET=docs.docker.io docs-release
+make AWS_S3_BUCKET=docs.docker.com docs-release
 ```
 
-The docs will appear on http://docs.docker.io/ (though there may be cached
-versions, so its worth checking http://docs.docker.io.s3-website-us-west-2.amazonaws.com/).
+The docs will appear on http://docs.docker.com/ (though there may be cached
+versions, so its worth checking http://docs.docker.com.s3-website-us-east-1.amazonaws.com/).
 For more information about documentation releases, see `docs/README.md`.
 
+Ask Sven, or JohnC to invalidate the cloudfront cache using the CND Planet chrome applet.
+
 ### 12. Create a new pull request to merge release back into master
 
 ```bash

From 5fa2981ff01e85b60287872f5c4fde25574440a3 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Tue, 22 Jul 2014 19:05:18 +1000
Subject: [PATCH 208/516] avoid publishing to the root unless specified, so old
 version releases only goto their own dir

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 4d109f6158c7607ee4cd9907b17ddba5f4d29d04
Component: engine
---
 components/engine/Makefile                    |  2 +-
 components/engine/docs/Dockerfile             |  2 ++
 components/engine/docs/release.sh             | 10 ++++++++--
 components/engine/docs/theme/mkdocs/base.html |  3 ++-
 components/engine/hack/RELEASE-CHECKLIST.md   |  4 ++--
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/components/engine/Makefile b/components/engine/Makefile
index 444ac3c6a6..71a3f32ec6 100644
--- a/components/engine/Makefile
+++ b/components/engine/Makefile
@@ -34,7 +34,7 @@ docs-shell: docs-build
 	$(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" bash
 
 docs-release: docs-build
-	$(DOCKER_RUN_DOCS) "$(DOCKER_DOCS_IMAGE)" ./release.sh
+	$(DOCKER_RUN_DOCS) -e BUILD_ROOT "$(DOCKER_DOCS_IMAGE)" ./release.sh
 
 test: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross test-unit test-integration test-integration-cli
diff --git a/components/engine/docs/Dockerfile b/components/engine/docs/Dockerfile
index e1f6c5b548..345de92bd0 100644
--- a/components/engine/docs/Dockerfile
+++ b/components/engine/docs/Dockerfile
@@ -35,10 +35,12 @@ RUN	VERSION=$(cat /docs/VERSION)								&&\
 	GIT_BRANCH=$(cat /docs/GIT_BRANCH)							&&\
 	GITCOMMIT=$(cat /docs/GITCOMMIT)							&&\
 	AWS_S3_BUCKET=$(cat /docs/AWS_S3_BUCKET)						&&\
+	BUILD_DATE=$(date)									&&\
 	sed -i "s/\$VERSION/$VERSION/g" /docs/theme/mkdocs/base.html				&&\
 	sed -i "s/\$MAJOR_MINOR/v$MAJOR_MINOR/g" /docs/theme/mkdocs/base.html			&&\
 	sed -i "s/\$GITCOMMIT/$GITCOMMIT/g" /docs/theme/mkdocs/base.html			&&\
 	sed -i "s/\$GIT_BRANCH/$GIT_BRANCH/g" /docs/theme/mkdocs/base.html			&&\
+	sed -i "s/\$BUILD_DATE/$BUILD_DATE/g" /docs/theme/mkdocs/base.html				&&\
 	sed -i "s/\$AWS_S3_BUCKET/$AWS_S3_BUCKET/g" /docs/theme/mkdocs/base.html
 
 # note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525
diff --git a/components/engine/docs/release.sh b/components/engine/docs/release.sh
index de54eb3f5f..ba309aaea9 100755
--- a/components/engine/docs/release.sh
+++ b/components/engine/docs/release.sh
@@ -106,10 +106,16 @@ upload_current_documentation() {
 }
 
 setup_s3
-build_current_documentation
-upload_current_documentation
+
+# Default to only building the version specific docs so we don't clober the latest by accident with old versions
+if [ "$BUILD_ROOT" == "yes" ]; then
+	echo "Building root documentation"
+	build_current_documentation
+	upload_current_documentation
+fi
 
 #build again with /v1.0/ prefix
 sed -i "s/^site_url:.*/site_url: \/$MAJOR_MINOR\//" mkdocs.yml
+echo "Building the /$MAJOR_MINOR/ documentation"
 build_current_documentation
 upload_current_documentation "/$MAJOR_MINOR/"
diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 6505e26fcd..2b2b9bcbcf 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -4,10 +4,11 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-  {% set docker_version = "$VERSION" %}{% set major_minor = "$MAJOR_MINOR" %}{% set docker_commit = "$GITCOMMIT" %}{% set docker_branch = "$GIT_BRANCH" %}{% set aws_bucket = "$AWS_S3_BUCKET" %}
+  {% set docker_version = "$VERSION" %}{% set major_minor = "$MAJOR_MINOR" %}{% set docker_commit = "$GITCOMMIT" %}{% set docker_branch = "$GIT_BRANCH" %}{% set aws_bucket = "$AWS_S3_BUCKET" %}{% set build_date = "$BUILD_DATE" %}
   <meta name="docker_version" content="{{ docker_version }}">
   <meta name="docker_git_branch" content="{{ docker_branch }}">
   <meta name="docker_git_commit" content="{{ docker_commit }}">
+  <meta name="docker_build_date" content="{{ build_date }}">
 
   {% if meta.page_description %}<meta name="description" content="{{ meta.page_description[0] }}">{% endif %}
   {% if meta.page_keywords %}<meta name="keywords" content="{{ meta.page_keywords[0] }}">{% endif %}
diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index 2209baa745..ccdcaee020 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -146,7 +146,7 @@ To make a shared test at http://beta-docs.docker.io:
 (You will need the `awsconfig` file added to the `docs/` dir)
 
 ```bash
-make AWS_S3_BUCKET=beta-docs.docker.io docs-release
+make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release
 ```
 
 ### 5. Commit and create a pull request to the "release" branch
@@ -267,7 +267,7 @@ git checkout -b docs release || git checkout docs
 git fetch
 git reset --hard origin/release
 git push -f origin docs
-make AWS_S3_BUCKET=docs.docker.com docs-release
+make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes docs-release
 ```
 
 The docs will appear on http://docs.docker.com/ (though there may be cached

From a1bdcc2e103a9737b0d2669002e5b1172e1cd0c4 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Tue, 22 Jul 2014 20:25:21 +1000
Subject: [PATCH 209/516] Get an extra pair of eyes on the Softlayer
 installation docs

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 29f1ed833cc4cb06dc3f65f440736915111152a0
Component: engine
---
 components/engine/docs/sources/installation/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/docs/sources/installation/MAINTAINERS b/components/engine/docs/sources/installation/MAINTAINERS
index 6a2f512d46..aca13975fd 100644
--- a/components/engine/docs/sources/installation/MAINTAINERS
+++ b/components/engine/docs/sources/installation/MAINTAINERS
@@ -1 +1,2 @@
 google.md: Johan Euphrosine <proppy@google.com> (@proppy)
+softlayer.md: Phil Jackson <underscorephil@gmail.com> (@underscorephil)

From e47a5bae71b8ea49324a224d182db278f0b41357 Mon Sep 17 00:00:00 2001
From: Phil <underscorephil@gmail.com>
Date: Mon, 7 Jul 2014 09:28:03 -0500
Subject: [PATCH 210/516] Updating to reflect changes in the SoftLayer portal
 and product naming conventions.

Docker-DCO-1.1-Signed-off-by: Phil Jackson <underscorephil@gmail.com> (github: underscorephil)
Upstream-commit: f1e072c8d5266b9c4b320458bffcd87254b36c55
Component: engine
---
 .../docs/sources/installation/softlayer.md    | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/components/engine/docs/sources/installation/softlayer.md b/components/engine/docs/sources/installation/softlayer.md
index d01866720c..d594896a92 100644
--- a/components/engine/docs/sources/installation/softlayer.md
+++ b/components/engine/docs/sources/installation/softlayer.md
@@ -6,22 +6,22 @@ page_keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, inst
 
 1. Create an [IBM SoftLayer account](
    https://www.softlayer.com/cloud-servers/).
-2. Log in to the [SoftLayer Console](
-   https://control.softlayer.com/devices/).
-3. Go to [Order Hourly Computing Instance Wizard](
-   https://manage.softlayer.com/Sales/orderHourlyComputingInstance)
-   on your SoftLayer Console.
-4. Create a new *CloudLayer Computing Instance* (CCI) using the default
+2. Log in to the [SoftLayer Customer Portal](
+   https://control.softlayer.com/).
+3. From the *Devices* menu select [*Device List*](https://control.softlayer.com/devices)
+4. Click *Order Devices* on the top right of the window below the menu bar.
+5. Under *Virtual Server* click [*Hourly*](https://manage.softlayer.com/Sales/orderHourlyComputingInstance)
+6. Create a new *SoftLayer Virtual Server Instance* (VSI) using the default
    values for all the fields and choose:
 
-    - *First Available* as `Datacenter` and
+    - The desired location for *Datacenter*
     - *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)*
-      as `Operating System`.
+      for *Operating System*.
 
-5. Click the *Continue Your Order* button at the bottom right and
-   select *Go to checkout*.
-6. Insert the required *User Metadata* and place the order.
-7. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux)
+7. Click the *Continue Your Order* button at the bottom right.
+8. Fill out VSI *hostname* and *domain*.
+9. Insert the required *User Metadata* and place the order.
+10. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux)
    instructions.
 
 ## What next?

From d94a180ef63e62c235893780b2c842295a2a0eff Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 22 Jul 2014 10:08:41 -0600
Subject: [PATCH 211/516] Add "apparmor_parser" warning to check-config.sh

If AppArmor is enabled on the current system, but "apparmor_parser" isn't installed, it causes all kinds of issues.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 75ba7a9b32bc5904ef1b2751deff94283fce34a5
Component: engine
---
 components/engine/contrib/check-config.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/components/engine/contrib/check-config.sh b/components/engine/contrib/check-config.sh
index fe4b9f1b9b..cb6a4f2b50 100755
--- a/components/engine/contrib/check-config.sh
+++ b/components/engine/contrib/check-config.sh
@@ -113,6 +113,23 @@ else
 	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
 fi
 
+if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
+	echo -n '- '
+	if command -v apparmor_parser &> /dev/null; then
+		echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
+	else
+		echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
+		echo -n '    '
+		if command -v apt-get &> /dev/null; then
+			echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')"
+		elif command -v yum &> /dev/null; then
+			echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')"
+		else
+			echo "$(wrap_color '(look for an "apparmor" package for your distribution)')"
+		fi
+	fi
+fi
+
 flags=(
 	NAMESPACES {NET,PID,IPC,UTS}_NS
 	DEVPTS_MULTIPLE_INSTANCES

From 64c32c0b31aec165e7ef4b104c57159b8b7c7d22 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Tue, 22 Jul 2014 00:37:38 -0700
Subject: [PATCH 212/516] pkg/units: Increased test coverage. Closes #7159.

Increased coverage:

  * Added test cases to size_test.go
  * Added coverage for duration.go

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: c47ab1425f0cf08168af7e5561e39ff2e39625e0
Component: engine
---
 components/engine/pkg/units/duration_test.go | 52 ++++++++++++++++++++
 components/engine/pkg/units/size_test.go     | 23 ++++-----
 2 files changed, 62 insertions(+), 13 deletions(-)
 create mode 100644 components/engine/pkg/units/duration_test.go

diff --git a/components/engine/pkg/units/duration_test.go b/components/engine/pkg/units/duration_test.go
new file mode 100644
index 0000000000..4906f8a18b
--- /dev/null
+++ b/components/engine/pkg/units/duration_test.go
@@ -0,0 +1,52 @@
+package units
+
+import (
+	"testing"
+	"time"
+)
+
+func TestHumanDuration(t *testing.T) {
+	// Useful duration abstractions
+	day := 24 * time.Hour
+	week := 7 * day
+	month := 30 * day
+	year := 365 * day
+
+	assertEquals(t, "Less than a second", HumanDuration(450*time.Millisecond))
+	assertEquals(t, "47 seconds", HumanDuration(47*time.Second))
+	assertEquals(t, "About a minute", HumanDuration(1*time.Minute))
+	assertEquals(t, "3 minutes", HumanDuration(3*time.Minute))
+	assertEquals(t, "35 minutes", HumanDuration(35*time.Minute))
+	assertEquals(t, "35 minutes", HumanDuration(35*time.Minute+40*time.Second))
+	assertEquals(t, "About an hour", HumanDuration(1*time.Hour))
+	assertEquals(t, "About an hour", HumanDuration(1*time.Hour+45*time.Minute))
+	assertEquals(t, "3 hours", HumanDuration(3*time.Hour))
+	assertEquals(t, "3 hours", HumanDuration(3*time.Hour+59*time.Minute))
+	assertEquals(t, "4 hours", HumanDuration(3*time.Hour+60*time.Minute))
+	assertEquals(t, "24 hours", HumanDuration(24*time.Hour))
+	assertEquals(t, "36 hours", HumanDuration(1*day+12*time.Hour))
+	assertEquals(t, "2 days", HumanDuration(2*day))
+	assertEquals(t, "7 days", HumanDuration(7*day))
+	assertEquals(t, "13 days", HumanDuration(13*day+5*time.Hour))
+	assertEquals(t, "2 weeks", HumanDuration(2*week))
+	assertEquals(t, "2 weeks", HumanDuration(2*week+4*day))
+	assertEquals(t, "3 weeks", HumanDuration(3*week))
+	assertEquals(t, "4 weeks", HumanDuration(4*week))
+	assertEquals(t, "4 weeks", HumanDuration(4*week+3*day))
+	assertEquals(t, "4 weeks", HumanDuration(1*month))
+	assertEquals(t, "6 weeks", HumanDuration(1*month+2*week))
+	assertEquals(t, "8 weeks", HumanDuration(2*month))
+	assertEquals(t, "3 months", HumanDuration(3*month+1*week))
+	assertEquals(t, "5 months", HumanDuration(5*month+2*week))
+	assertEquals(t, "13 months", HumanDuration(13*month))
+	assertEquals(t, "23 months", HumanDuration(23*month))
+	assertEquals(t, "24 months", HumanDuration(24*month))
+	assertEquals(t, "2.010959 years", HumanDuration(24*month+2*week))
+	assertEquals(t, "3.164384 years", HumanDuration(3*year+2*month))
+}
+
+func assertEquals(t *testing.T, expected, actual interface{}) {
+	if expected != actual {
+		t.Errorf("Expected '%s' but got '%s'", expected, actual)
+	}
+}
diff --git a/components/engine/pkg/units/size_test.go b/components/engine/pkg/units/size_test.go
index 2c4982b16f..de8b44f8ce 100644
--- a/components/engine/pkg/units/size_test.go
+++ b/components/engine/pkg/units/size_test.go
@@ -1,23 +1,20 @@
 package units
 
 import (
-	"strings"
 	"testing"
 )
 
 func TestHumanSize(t *testing.T) {
-
-	size := strings.Trim(HumanSize(1000), " \t")
-	expect := "1 kB"
-	if size != expect {
-		t.Errorf("1000 -> expected '%s', got '%s'", expect, size)
-	}
-
-	size = strings.Trim(HumanSize(1024), " \t")
-	expect = "1.024 kB"
-	if size != expect {
-		t.Errorf("1024 -> expected '%s', got '%s'", expect, size)
-	}
+	assertEquals(t, "1 kB", HumanSize(1000))
+	assertEquals(t, "1.024 kB", HumanSize(1024))
+	assertEquals(t, "1 MB", HumanSize(1000000))
+	assertEquals(t, "1.049 MB", HumanSize(1048576))
+	assertEquals(t, "2 MB", HumanSize(2*1000*1000))
+	assertEquals(t, "3.42 GB", HumanSize(3.42*1000*1000*1000))
+	assertEquals(t, "5.372 TB", HumanSize(5.372*1000*1000*1000*1000))
+	assertEquals(t, "2.22 PB", HumanSize(2.22*1000*1000*1000*1000*1000))
+	assertEquals(t, "2.22 EB", HumanSize(2.22*1000*1000*1000*1000*1000*1000))
+	assertEquals(t, "7.707 EB", HumanSize(7.707*1000*1000*1000*1000*1000*1000))
 }
 
 func TestFromHumanSize(t *testing.T) {

From 951216bd40b72f063ce0a0ec212d2cb3d0d55c86 Mon Sep 17 00:00:00 2001
From: Nathan LeClaire <nathan.leclaire@docker.com>
Date: Tue, 22 Jul 2014 10:41:58 -0700
Subject: [PATCH 213/516] Add missing error check

Docker-DCO-1.1-Signed-off-by: Nathan LeClaire <nathan.leclaire@docker.com> (github: nathanleclaire)
Upstream-commit: a1c5f268e5465e0b3cdb4e2a47c0ade3de7988c0
Component: engine
---
 components/engine/api/client/commands.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index e057a35b4e..056bd27bc3 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -188,6 +188,9 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 			}
 		}
 		context, err = archive.TarWithOptions(root, options)
+		if err != nil {
+			return err
+		}
 	}
 	var body io.Reader
 	// Setup an upload progress bar

From 10f00b2b3a614bb1e6cb3ebf5ea8bdde58120520 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Tue, 22 Jul 2014 12:16:50 -0700
Subject: [PATCH 214/516] pkg/units: Remove unused named returns

Remove named returns since not used in function body.  Might prevent
potential subtle bugs.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 588090c49bf2ec077626d89196515e6bef1f7a69
Component: engine
---
 components/engine/pkg/units/size.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index e0eec3ec7d..1f77d607fe 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -61,7 +61,7 @@ func FromHumanSize(size string) (int64, error) {
 // in bytes, kibibytes, mebibytes, gibibytes, or tebibytes and
 // returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
-func RAMInBytes(size string) (bytes int64, err error) {
+func RAMInBytes(size string) (int64, error) {
 	re, error := regexp.Compile("^(\\d+)([kKmMgGtT])?[bB]?$")
 	if error != nil {
 		return -1, error

From 24cf66b391f27280cdfb7676f99d0a885a685901 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 22 Jul 2014 23:08:28 +0300
Subject: [PATCH 215/516] pkg/truncindex: add unclejack to MAINTAINERS

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 7407664c6621782101f73162b7f0ad76a53fa46b
Component: engine
---
 components/engine/pkg/truncindex/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 components/engine/pkg/truncindex/MAINTAINERS

diff --git a/components/engine/pkg/truncindex/MAINTAINERS b/components/engine/pkg/truncindex/MAINTAINERS
new file mode 100644
index 0000000000..6dde4769d7
--- /dev/null
+++ b/components/engine/pkg/truncindex/MAINTAINERS
@@ -0,0 +1 @@
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)

From 724ac122399a504038a46a65cb64c8540e59652e Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Mon, 21 Jul 2014 13:53:58 -0700
Subject: [PATCH 216/516] Initial revisions to b2d doc, new screenshots.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)

Final revisions to B2D doc.

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: 4002b4623c91d94d93f8575c4a554392202aa44d
Component: engine
---
 .../images/osx-Boot2Docker-Start-app.png      | Bin 84313 -> 0 bytes
 .../installation/images/osx-installer.png     | Bin 105000 -> 102026 bytes
 .../engine/docs/sources/installation/mac.md   |  65 +++++++++++-------
 3 files changed, 42 insertions(+), 23 deletions(-)
 delete mode 100644 components/engine/docs/sources/installation/images/osx-Boot2Docker-Start-app.png

diff --git a/components/engine/docs/sources/installation/images/osx-Boot2Docker-Start-app.png b/components/engine/docs/sources/installation/images/osx-Boot2Docker-Start-app.png
deleted file mode 100644
index 21e2b7717db4394f9ece495919623805a0a59998..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 84313
zcmY(q1yoy4^er5uK#>-QBE>20?nR1Aai@53cQ5Wzq<Cp@3KaKH+=B*p3m%-H`SN@3
z|JHk7?#f+@o0;Lxxo6Joz0bL^8fx-5m}Hm$002i(K~@t0KvqY5F))x3S75OGQvd+7
z(oRN3Ls3SCTEpGN#?H|i08og{$VAuBS|S^o>^e*&#*kAwP)$(-9P)b}exak6l8)uZ
zm31s<tNCY$n`(oSRk`^Kxt>^-@H4U8E4G7gY?w#w`nW_HK4J2{(1{hlE1;+u$OR~T
z7XpXu=4HPHxC<&%D|{;fDD0PEhKrdT;H7@{T-6GF#YGJupdPX)!^lHH3F_Gx90~?Z
zB;6(0G`$3`hv3+$IbxCnm~gj9)i6chZ8aze)W7Q0251-;*R;{-aE<w4jA7!1V^HPp
z!Tcmd$GEQoEuGaAQdoP#0h=RinOyGyGo+ejWpz7vlsxav2_&M2<bQ<yMado8rp`+`
zpV{5@Y6wI&@A?rk9SawnAgyDJC*s_{ZyJBKo|r|eVBz#6*|HNN@1FK`i~L9-txdX?
z+Nzi)KsU1$BtQN{3J-m?@3y}`$*s3b)c)^;aH0Iw{@>L=V*PZ|qt1V9TiYF-+BU<;
zSPQRWZ|)UefELgCr9UjSR>Mhzk{~_Co7m0@Fyyj}-X{_v2JS^$x1_384#HQl;zO^+
z`yEu&46X-l*n?R!$hR3x_5S2`EWVZ07L!joqMgU1f5qXic1gIPHS=u%T1p#jA4Z_R
z9u_YWwk?k2{Erew`<5~SnfJ>Zl~i=MG_u?R5r;Xi{4c*#NG4TFMCk+>GC{iyiCHrf
zDk|)NA6-6IA;*vC9(S*QZIL)2%We$f2!{~GH<2;`a#9<9D(L^Q(?Ozsha{!NXhg4)
zTU%rs!WD`^AI7GES}8?vfJE0{Nc0y)EymIX7a%P~uaB}Aij@|I>j=p0@lL^U?~!oD
zO%MJ36InZ4>n9#xIMya+>l^1V(VuU{&}6<4b|MpO(*1~{#z6l}%~Fg}@o_nY#tMy_
z8hx1ZGV<F`1tzk%XjlryGWKbNdr@FHs>mC#RJRnQh*g7R4of^Ds>tnt^7_@M9xHuf
z-7v3BYc3S;sGv<;Uw(?Wwb8trY`$-eQM39!Y%#(x1F_D+qc`===`sHsR*BL&!s4g#
zXQXl_Z3?BB<+#z0M88Hq-<0cWe>i$?k8wkG^Da?NYud9BZ~4t><Qut$>EmgmX}<$}
zPyY7TYhl3X_n*{%c3U!$S|`v968H7Xe%a<G=UVz9t-`QRu}@a|mN)J`X28Nu-{cSf
zJQjJZ>Obe+ee<`L<bRzOO;0eq@uT~gx3S%BTLBbUS#e{7L_2ER96M**pWF)1={w2R
zv7uqfy;m2a=aDeOCx$1JC#)yFk8wX$|1zNB3PmJFbVU$E==M7GGMVQvsm?Jh6UfB8
z?mz9PwGh7`b4!60$kN)SI4ZCzh-orb#CYa-hV!XBsASTRr<jaX4bxt}cPDB~d`fvL
zkS;pV$Yc7Pu08r*31^RGk9qGqs!p%|H|CzyMaIu8)AVk7+lllaHH~Hr+!L*$tcrHu
zjjW{AmSAX#Xx3=5Ra9%1XhKTRiWy5PW=dy}W=3ZGW}0S9W-NJx-ci2ud6%S;sS-J^
zla0p`SE=Y#QePoj@u7U7{CB;+fr&w><2T2e6XvD&ORt6B31hW!wRyH_w#B>4@DZv;
z4;C{_-_DTPJvVY*vRr~L>n=O?j`yIW>db7PT{UBLhChGRIM9OqQqc3%Q_)_nUHk)+
zeO+z!vr*bEd<L(?L8&%tn4`|9*EFr6*lmQ)T7OAOSi$eRd!&2IWpP|(Tv?n{iT+;Y
zsDn;U<#+pU_F+d1U^o8CoNzMrYN^xuW#x8?wd?{}&R;%LALcT^U2}3rL*Rh9GJa2f
zX@2jod|$<;>Fs&=cKERPR`@?O&NV(Y3OIo6#Ag`4@;0_DM>mQ#m3ex4^?G?9@*O7}
zvK;Vu@p>M6qTew2C;1=WjNY6bTi(2Th<%8@fs+11%S1B{*9>2Y`dgGiGkN~k9I834
znOpKyvZsumF#HMh$?lWar@lcxOS2uy!HGeaOgr{?!{!hJNIjG>lTnfJgUb8d(I5V~
zXIxJFLAEwu1_fC8J6zPb@3=N>)-7J<d#7mUw_^rSlq*XL_c+G9$6R#hb)~EPtK1ye
zkG~%C93w@s(WRsgwVH?5xz#P%c=YTyRA)F<I{iL1^Zw)=>)qsSIp&o$#35N1*l*fb
zU>&j=JREk0d+IuFKKywtbx;2cHm*1uyQ6)0-D|KR+;d-iMNUFMQZy!<#jIzvz+U6z
z%p|DZLecWx=iQyg9sXU}d$RWz@4em=6l50Uimh~VnM#;GcA@=XQ4wf}65et;?HcIl
zi#{PZ(b~QmU-+kYuyTa{==Vr@PJX>`3wabo4+Yr#3k&@a)*g0@5@Hf&g4g=XbKr`4
z_UFXM{GPeZrk<uADj8$x+bFR&U@W4@=4i#JYRszFxtKm!lW(cw^oi>jwsng&={f5e
zFiD7rb>8u}%>?cBWc;pT)3dHUGOO+o3G!MXE8$mk;Hb$k9y1JJBqN}FZ$kc@LG+Ks
zR&|iea@2xxvF1ePM33Tw8j`Kpyo7+{tz2G^aqy~sXV6m^%&ms5CFL;(GRnHurFyO;
zl*5%lnxdZ}^qsI^E+s)dNljuhYwN?M=zK+uve^PF7oina)ci_~WNWbW0o@;!FiqXE
z#^O<09JLk&_3QAjLK8IAe5bQfe{pPQN@nj5*T``M&embHeRMkz)dSTN)ze(Cpv#6>
z=YZeXMfKGDkLuGEz7}gI@`>y5KkI6%1+C95l#HU6K7otxfDQc046M8kyXcctNA(Q#
zkxM8YC*G9Lc+Ygup@Oyjj(DGt$*tYhasCnZ@#mZ&P{;lELv=aHiIdos*@gvsXll@6
z&{NR!BjueQL>Xecn@n*oI;AbeIm`@mbv^B=k&f^E9UT)b8yyuF7;hNY6n94y!oHPx
zozb2ykj|WS%8@HFE*y9lGn@MGn?>FuIaqj5^melqa#8A@f7y%aC}%iuMPU9xB*f;)
zSgS%i+vvVJ&WvB1QhV*QrHPhSm2pSQn;HUeVxh6uC5X92i~Z))%@FxloVKzayXnKM
zZdv%u#=-1jaFko=%b(k&dXG5|VO5RU!O~b8=PM0mD`lu3^y;+QyBZSA|I&2y?ICg|
z-ks#ml-6{#ozFvf=h7<o=jlxbjFs-xVTH;pvDLrZQcix7ztBOjCcwCR`Eb?mKI%CU
z%cR)^;=<!Buu<O*o^x6XIujh*0Nv={@U1li*W8Ep)f}Lg>&iZqP}4SuH}oNB|Jf+$
zC8+DU==m+0E)KT%rWk3!kL&Z(-;MIK$-L;?;lk?01%whh!G<p#FHjsAT^W+-wWyB5
zSCRo@z3=^Q<VUH@<QodK3P^w&0iSto1iZ~xEuTPR8JzNFuT53EK`&Ylll6lBE})ma
zYrQ+!{{91_t(9yaKPb_LUeI6Il*Bus`)kX~p~H$i^|-=HNnQz`;Med=3;#a7)rDU!
z4;zNvkAYNqiUrwte<S|1=>j6@DM--&i59E>ltq^6LIHfX0CE;!eFbI}(w+N=ZHP`r
z5&?*u01;NmoAC()!{y<{#RPybg(xAU#Z}`xctX06M}r@`ChtrRA!xi){^4Vu1YiTr
z#-=pa)&{6UYeR)Jb?XMCD#WSy4xlh{AUir-@%ku1@Ff3)(o_InqffDKM1a@Vt_lVo
z000)je_td(P97=ZBD$xdsvP<{8U}z}M1dz3fo`b*in1TIeV0$V{C-gAc?kxBy1<Vr
z>gtm~dt$};eYs}qzwGY_EXh&oP=q*1G0Y#4X&6(of_(nb^avOg+y#WuZ{!MM^$&)9
zvE=goevu?-P|r3p&qFr>yuQ9(Z(0oiN}j2FuB>!U+|yCYmrpLpE;y<*>JB&)zdP|g
zT96!;Ap;<#pdu?uD<FRfHN*&`;X(b95K4f+-zoI8uL0Od7#IKmJ+f;GK9UsR9las|
z`D>mca|yN7t~rPg4OL2tp5Zk}2oRc{htV1pIvgs6gNSr^03-k@Aa(Z}X(}3E7#j_F
z7+G3&P>2@5g|CSiR*HHA7Y{cSi3Xqu01OJH>?&YH$TA`QAPY}PQ|Q8>w)_Xc#S24W
zD*`a#Dc}PXQquZo_D}&43EWY69>}=Tq4d-v!ZIK{jWqf+42+mzA)3%vQvDc6Qpf<L
z4^sHb&^MUIuVtkoTKRNinL>-`X=$mEQB$NM(o$kjXmIJItx%}}Dv^BD_`m$$8t2HP
z&ZN*$r{;WmCE%7w$8{r&{F)glg?F&^6M~Q!;^Rf)h7R-Lq$;N2$Kb{mH%j4$r4NH;
zQ2<}b?1%AEL+Qg%HNRKcB>-Zi(og|u$e~gxy_z(ADWpagsI*h;%J|gsv-rb+cTv5c
zcd-rhk$?22NCRl8X}9rxXpv>m6ygNuP7aA*zm71}-bvsc<O9WqvVD{a4GpD_jiJZ4
zHKq=wXU0Hcz^4IFBZZ|a`~x7BAZMnAT7N=Li%Z0iQo>COrJ<$<Fzut$hcd-;O96O3
z0&r<?Q&FYA6uJK3ev^lV+sj8(Soug$0dD3C({2I)gn1HCXnSXTaq$4Jk#KQ^<Ok3I
zsPt_3$Ppzr-{~x4G!;;htwLKnsqp}@Vd+eGF&|^xWYIJ^E`Aysqaq^}KV&F$MWkz1
zR+x~XDD>claa&;vvtWO<D?&jw3Km4A*6x(WNbpEXpp&7d#n&{n@C%Saqefx~1*A!l
zaSdXCDQNJJ@D+aTQ6d#<_i0iq)Mpk9@$UlgV=?Ff1j@&`4%lJJfY=C(2n9`iMJozd
zzY!(bL?l`~B*njM|E%+fBzc;z(~e5rW5Y8SRh5vb=@s4Ic>s_!FSzjy?8kJ}EfbJX
zWIrXK;L*LNFD69BzyrL)a@)1v;zE{6ix|tTl1&5Hf3U>Ben*E&t$fNKit%^6hx#1`
zfEj$#kDI;hl<J0ogrrbEoPvLnulyQE3YWUXIt?`~1{LvqNVoAls4MfMkQAHfe)`wr
zb5Vz-6w@m!)eG@_`9~<jv4&Jk$P{ar;P!?>ru>$GA4OR-zg<v9c9w6eH72w9i{_Y}
z-N7V0=i$z0-D+<m=q3RU1Cno2{m%j4-cD|>S;3sRdMvd>1-1BB)K)~=aJ_ta>Vbt{
zpzpjLH1ik-+Y^~u)Ni1w(TX^8_{l|){h!Vo6d`}KS!(CBt7Qv#2V)K*^FEqldRIsW
zKh_Qf4(WMUpu*7q*8#ulF$<VJZEG6lw}4FLQ?=I^T+%PJ?nf?q6mojAQg!=`a}L1F
z7+}!#5ZILQIuPs{Fgpl-MtVVl|2IPS^7%qw_n{aW6HGVwQ#nJ630*@-xtD6SE%#vH
zP(vDI{#|#_gtGVxgde0Q`4YW<xn{C<lqBWpYVW>tqz8asKEXWsMW$9T;S=X?VUqtO
z|Aj<O4!E}k&XC50Uv!T*1`Pr4joZq8Pk`)y<YhlU4^zUGLo){#k0*_xU5eJ*6)R_J
z-TS>QdD8@<XQ?V;uxE0rCD^pODK1J7l(Hqs%glGAw0Q?;WOFCpU2xKVnRb&J8uATc
zLP>+c+I#yPHNSGy3Z4QM)}xDjv$=O++`7trUWdi3Vsw83pPJ4NgE+kc%ROu=eiwCn
z?t~C+ck7osiasXnxhO~pEY6nHN79GNrO~I3`XB*4?l{h0vkBaZdrrdGk|eKB1|=ov
zJUd|??1T89GY+(c_=1`2Vd7N+FFf$M+i1Enlhzu3Y{1Nq>>x%K&ahB8%FEkxNjro|
zPs?s1ceyvFye5f~d?WYuAfyGg%&R_6YGr3L^APhU!wqrgfM>S^xK4~Do{ndJ<|ZwG
z{#Q7GR=7!inpCK<5?5wKc`9erUg{8|Fl|pisBd64nqVkia=Ba1^a@fK$bP@}>&=Vy
zdRxH8a$?BOU<b+LwL&pv#iReZ3B~h;JfJE=dzb0Q4MA<5*<-nDvcOa5a{XG9<-GLy
zkA+rKupguU)=q6mu<-u#>7<FC|4<0>j(WX?0&1JFHaf#dCG#7V39ptCTv9wmTB#K2
z?djFpL4mf%Sj?uv5Yywnx6rlw@wur?HCcL(quUVR?~6`eOrMPoDuAW~2mE(DdakrA
z*f!X0wg}{*yZ3(WMJ2Niwl4?_I?mw(;8JVR{W_{C-0=JgF3Bofe+?LjErYgSolVP0
z$u0%;$gc;ta|3sp&DI2Kd1;TtPtyduf`hcJ&K}^-qxfRp$8f*mxr-sHHnFD@CrR>C
z{|zErSwOkS<2hyb%UaPZ*#sQt``^kSr)1ht;4wrn>CTC=M#AgSaz}RB<K;XgPc$7l
z^m4AoD7ZeTfEyqLPlliTsrmX3{(&8_FbXwb4!4}9TPF`23@fK3-s0ej`}x?Gi;NLa
zTZM-zJNH>2*pORteW=Z}Cm`|IgJcrid+OJ<6B{RKNvy~i$x=|PH_>*o-L509PDRR^
zk@%G!yD~VPC2}v^$$JR8?|P8N4)L6jtcU)CdUHA-s^B4MH04OTPPz!1p6|2fvb=q|
zY-xEOLxDaoMk)dt@+6-+IzFK{cb<-(jmSfNuWv(KRDxjF&BN~L*ho^=+>*15vBNnl
z_aVXllBEJBFCbnmje-e$bS_qZc$=QFz@o0u-{*PsGymI0a9P=Qu4%~n!RcF{{0sEl
z4*Wyh-2^{N0XbRJ_!aoppsnjcT-8f?<mAh3cd*ya+o}-vn`5nnKlWSy!n;LMme2QF
z3WcBlIjKJ#RV3<}{YcO5fL{T}nMt~!Ug0HeZ5k|u=kSqnIMT}p!k6)vTux@YlZ3F(
zf?nd|!USrS{6?;SFy;*J^q@PM_d)V!k8Ds#O{^bqr*@#?raM4oRgLf|(pvF#X}bC;
z`BH!@TP|n1mt|luH~wq&2~Lm=)+A-YvY-fqc7@s`>8Si|BK6AcvN;V|izB5}p!bHX
z!86$E<eK%RFkZ0s@V(g0gp29qBJXztBtYhf>od8e+kM-!_%p=xB2%qKJcz5o5#7L4
zdDub<z~ymn7d4RuzZeKVt=La0&{8|xl4W<8T=8E1V#zc&-z^dKr!qGp6;!m&IB58Y
z)*c{2rvUh;LHBEP&Lcp0<MK8>S|n{`p5LYYNepy%lFx>h3a~nb1Rr#f)E-hAwlrsL
z`PL{!i1nvTOj?ajElDntStG#<`=6*bLoBvx!FQPLjh`RYy&PMcXY9>(kgJl!7xX+A
z+$?MQs}8|?U6<V;pDxQQ_aCeZ3x0Ju$r=6p`7tmQi-B~Cn9ve3a+cB(yRFDThJIY(
z56JJ|U}+hCqerIfQivIs5iPVz5O<rb9o*J0AeXUHKa;30c_d8wO8begu~@2KK?ciG
zOlyvL0Kf%K(YWdOJX+$u2B1fpelLuS{MqYL>itstCub$;4i%5HVS<*82Msjtw1k`l
z_9eYYF5Hg?05@6GFUmAy2{e3OCDPK>Rjw$sme_cyDw!fBoGffe)DdKyv;y5{A;#LR
zevh@z{=~nYvw$}<Md`!{R~h}!Rfu15X6X#abdM8D+{_`3TmDzP|Fo87V}H+@o;2S3
zn`9l?(nPecGeC|LHoVZwnD2k=w7`#eelGCv!zAj6by+FkRm368BlT=Z+X-3^9s~Bx
zjl+1+kIS#7i!M|^Gmk5|+o>8rd!@gql!+mS!<Gb{UOSnyMwU8bGxIeCD}K-d8TDix
zwZjE^p3;kw&lw)^sHp{>2@3L2<?I=H0E=P$9|Y6xH=Yc~nO6G64ywE>+$Mkj#&ULt
z^WPt@ysvN!9+RJ>vf{e?4&6|xTouRTDP`Z00wf^ehB1(`j$0)HYq$Uk4PQmy<EBQ)
zdGoQLC~7LjG*yQTnf+lMKkI&$gtqU1$~NFbxqS$)DE{AGF&Ri_KJ{_*(H2XwWYE9R
zlfvy|4N44@|Hw_v{X(hwqGLOMj_#zVW6%sD7f47ZNf6=VY;SjW`}Y`CH=hY+B&$Q?
zr94hliT-x-h^VSbxJ_fugW-2mThH9U3thI#XF+yz44QOb<G~OcxHF0oDCpF{LC|s0
z^QaWZVWHdmID44*mf{CWDA)GRTS;y$uIr~=%R6XaX=1(`0Px->atIn=!^SG>w-N4R
z&DDONuEwyV{k@Rk2@q561k?W4>(nC2mCa7vFdO}5;x$r&+aKMl$nk<l=p^81Z#1n_
znu02~k~EV5t}x_Ewf+6=*$?J-{%#LGcM@-=1Xqc_rvY%2Sr$<70e|i(lTY(a+2qnD
z?5x=E_YfB9{6FjFQbojL&7|UH{p(zYuZ79HzR`;))$TLq+yU%M$eP!i%38L^qc#rJ
z?%=M_2e}n{bIoIY?IGU4Uz;wZ{ThJ3?gNev4u6#B75{~DJI2_1w8hcH;$eV7^BkId
zT^Af3`v$~waPa|BDN`bXjtQr$9q^bo;D_Fn3GwInTyG@6r)c<rQ*CVdnPChYO9AXA
zL;@8MYHNC%w1t+AYV7c3JSpFR>}$F8tWMTDN%#ao_tRt-0C30-rCjyAtuXO9dpS)+
z|7m^mj=bY4pk-rx8!Ay-^}MQO1YLE5bVI-T?gVVSvyNr>r$1H#Z9Pdc3Jy9>_Q3<h
zzcKR%9~%kbQFB?1;kvPZ!{$Q+xZ4i}B_jx_)cP|z$)A0Mo#y_t6YW-aYwN)T?5cp-
z-sGoMsTPr!T`Q<ucLPPCnl5Vg@;DcKFzRi*wKXh=U7@@GTl|Gcq6+jJ)C4n}6#sk<
zpWHZ8XuP)niu*-|)*|Our4hzYX+BGHcKq%50T!8bw!A{|%cO-ur{r(kgP|%k6fh5v
zFtWizzxvCKp2Nliupy_y{)<p$sx^|O?1Ppd{3|?%b=}K5*IfT+qztvTyopsFoxU^x
z03l1`iZnz^2rnliw%_`S!A^rGY@id~TgQd0*hkOa9}~l^iirgvMdk)&E-xZe?_jI+
z(f-n)$JQJ!an%M%k!1n^HIbyDgv2yEd02fZ07D^qb^@+V`1edW%9A?V6Tg{caa^C<
z{-@T}WHq;=COT2omeKK}06;~C-WFxK)0WqAZO|kg$ieZdhJ?QsW&TjhYbiBolBZ_j
zV*m7Ukf&|#+%R~P;8h4Ux41Xp-*n2--XCv@S+d_WLlvs{iep^}lA*}VK=1`wS6PRZ
z2rKeS1xcIzoJoJ0DL;D{_Q#w|9OP8v_hq>4C?WL#=_1@PK9$IXST;g5yVn2)>_{ou
zF`i6hRR(U_u|YFK&CnxZPPQ?$j~HGkQnJi{7>clF_+IhQGqcYkNGjs#HvaEbkQ^T$
ze@mGU0AITL^Wv_FZchJfP2V;ITN@Wia72}d5W7ySes)9UzhvrqnKZO5H1uz55n`Sj
zPWr<etk=B%Iy!{IjNY!I7K0{6LGjJNbDl@jkv1V6wLqCBYj0tt{H;18I=Ys*_cg)Z
z({PW4rAvqi{wCFVNN7kX{Hm9VgoLCkYT5AjHClVCg-j6p9Psu)BofqFt9Q({6JU@p
z>O09lr2TZf8p5yud$V#^i}dp5=^bt5Wll{l^$zu`>dlY;hmufPk2K0Scbc=;P-~aP
z<0pY9dW1cVCU2s!!PE2k(QiO)S5mw6J^=)rf#D&JYt2cJ=K0<GPpkgFi#p4QvTRNR
zYF?k;ZE|L~&BaT;9&<o@{XfJ6{sXqNz5Q!!*N`=5*1F`zCUH(Uyw%gnEPuH|DS)-a
zzsY8S-|LrM*VlPT1K&v=f!ujv;<ghMV397+J{U34|9!xf6XBn$89IA@dh<k>un%VE
zK?y6@*(7V7k6HfOj0HaK-&(H+5<WVE;(I=emFik0i3dNTyU5lOctYC-h26d0xa<D8
z_=M7N`6aJF)5Y-X{~dWORFZ>@Z7y!I;wH!zP(HSE<X}+=UhKVN^}?=Szb3RjQKh_U
zyhGiJ)422(?fSrJo0oP)x}C2Eb#llq?n-S!*zkW2&Q~uvT0Nez4uBsyIm_K4@ZDXj
zI{iN-TOzigiuMPQ4?5@T`xCiAME4@?onw6ltn&4lYi(-F-9BW26I1IX7uLE9tMas|
zgM)+f^Yc+rXd52i+ntIuhOKz+1J||9kAtnZ?QvEN(1&00JkE^lIVs+J_&$=EnK?N4
zX#r1NPOXya^8Tr}S6ZS_5WCOF-X+rduCqwj6f?R{RaJFjVghk)IznOz+=oE0BEQuf
zn?5-(T+eM_1PW#;(9g`xrK^=W1?IVZy-m_!BCKC><jCSxCBQpX(Eb2_+&25bIvm>_
zROKqPy12MFGn1ym=pa|PVyrFMI}woQ!w>-O*?7ay(tW&2+?7-!0`Z4rv>7`iK5lN@
zg_C+LL}T@xt2cr78}nfWoG(LN@Hq&4XECJnaYX615HbdDLi51iNzPXJgrioi4<RWn
zE29dAZ4C?zAPk{8JBQ{Un7BejJ76(g&o;{kzvP71C#@~%MLo6)9*1-VdurwXqk(?A
zi^2ydht^kUR<Ln!sHv!2-`wyE2()`64G=_1n+FDVHZ(M}wFwi)gWb&@>yrfcTZ3y#
z#0y?tf}4s0+?WV4<&!85&(3srF2qf%Dc}zYpDVQMmrizfi^-B*Hg$_MgaTo%>gvfP
zg@&mU>vi`@OC4B37mAGEZ+X0f5z|agOk9G^8FT?xRI7VxQK=R>TJ7;gT7Ho9!q*S4
zsslfNsDJta)2jm0$tR6ZOxWej&&|y(E|SI%2tkGxiuitp>PqKqE0mQt_+4-Igx?1O
z8yd7``BZ0(%jERk^7#UABKi<Ek)x3<(X4Yog$>>dMSjdLIVQRRT8wlk<%@K<#H1eY
zVvQ~3aIi*PJ?(X92t(M}*<~C5{{2#gRU_lZ`2FzY1hMzh(UvIRqpi*3!A<2x9rFJU
z%`PujzF(f2+N^wC9Q>oO5PEoMXJ_|O)~F>s!%L-x0b;*3N$TL>p!L@4Y#(%Wvbt)l
zuC8uml#AQTg>7aeo&WhhDiJKATzQWis=~M<mM`RzHe%)P?@yQzW$qijr4(_w&n4_&
z<$Fvla&I<40$>U}lGW?@c6Su*77+Bf&ih?l%%#c9wz<|P(}eR_JeQM=jY7y3fQOET
zHgm`a39P7<r9MLTS1h5V$hU)DJE^IuF@7I$6{5h5oEzLVa`lfa9(Pcx7cuz*jO%>p
zuV-7KJu)&hIwkY)@KE{%BWuk=b1vJMX|fZU#plgVxQYVZd9BR~+Rt}{)8oh1)p3`9
zW}?X&ySctzL{AcVHP_|z)&vQt=6BLj!Ca*$Bh!~kCvU%1I0*>|2tfK03G3MOGXM1}
z`goHwLV+It_wV0LEYQ8HdmvDvZ0F&AyY|};hb`z{2><&9XJ@n8bG$MBNn_ZG`k(M_
ztxQ+}jq%gQ)D)M1fOjB_3LXB)agOj2wWo%qlb7d5a&mHXbaa`b6dtlyGaNs&be8>i
z&#S=p%F4<@6uP!58#;y?)Q542pYy6=>rFwA-WZ-D@J=U>{J5-znQbxo$Edrx%Z+wa
zDN5yh*5u+OIVQ5iqxLhA!xhPc_V=-}#y+<!KS5HABri26FwN7n-*;>Qz6o^-^cJL_
z*q?CvVm|#I>W6C;J`e&{UHfo2DG;+T%Vo#QE`68y$>fdA`LTxa5Uspy%c}d>UY40@
zRl%Pt2%>jRDJ$;3m!*PQL)hbBrSQdFrKss-Gy-YTYgX%;3A~_pms)T}z)y`1+a-8-
z5D_FgDr$~f1lJ3x>rbZ2#^&dyU`O)OQad%qX0|HB>Pm~xIi+&6sTxdH2AMU-M=}GW
zM@Dh!XWO3azH1905qDEbcHhym`HEX7sOq{l(W72jvptkVO)s!oEp|PzLU-(AE%$`c
z5xE#URaca5Ejx&af0LivFMqve7<uEt7Z~>T*81@d3Ozc~WE@h>6<8AFB#zh8(sG#p
zBh2_>I@`#4vS@@q@<vp`#*(mOrGBjQ53n`h?o6}7b1y?LN}7gq#rLfdkXneYs4FM2
zWv=M>WLrdPj-_pv{KKXDWp^!uH^Y+|dWb9qIr&cB+qZ8K(cM+(kL=p&>Z-@2c-Djs
z5_P^>q5CNF=no1FDNdj>gnSONtM`a(tFla_XKWs_muci|XK#P`JmvM}nz+WhrX)G!
zY3D{pt^2ME>PLxIBVBSkPzdY)AOw-d0JW9cNn_0Nf!${6*>2i!w?#MZlNz$Wv)mq}
zQ`p}GUw$uqnr{K_X}w!&SQD!CJlkw)7yV{NXUQL08@R{XtcekPgH_Z0;x8n^KU760
zGLYbdt@e~JJ#ZiX@DPTA?%aM@y1&2Q(sk+-aC;Ivv;%M*qV#cGZalP=d^8Zq?K-Ng
zii(al!Jiv3G`&Bv;I(~7tvW5{loXQehQB<5lk9jG|NZ-Se(uUgrt?w1O1FB(>sem%
zVOmGegeX=vu+QEY_UH}zlL6UHSB!o`Nk&DbhnIUZ@t9M3b9?*d&70mje<RTyo31wv
zhWS790m~ogvzGO!LTsxOMV_E5-{suWd(GrlvERIj>f1utIcfUw_H?Dmfds%OAfUuN
z^uIoWF6$>^!mkLY;!9UPCNk;UI!Di{^^$76e!XDqk@z54IEmO)rHeM7{%SB4YclI)
ztF^7p%#s(z#YjGFy$zbIygeV?t9NO0u2n_>=vEuv+)sv>J_q*U2nHT$6>5gGzdRgE
zJ|C)Av36f1x`dkj`sHw=#N5%|4%kF2s5u<L)${DhK*nqp5&0jJknZ~lm&$H$FRvvW
z@1T4UQ$-a1ZT1W<6!j5`T$T*XxnX_RLxP%<yoWWs{3uoO=$DrlujBc5QEpcgf`S49
z%`Ghi(=Zrpy(_@T&`?A~1QBoTBNtnhq+6%-U%zZ-xo^(3c$%ow;~!mVFnR80+Y0dW
zpRTk(V?Px9$j;_g^;m27%DZwDc$|bkO+th3I>^b$?6;t@D-yM#X7h=)Nw9tbb==Rk
zwq;I@(aT#f&C&b&dlg2H+a=q8y}Z-&Ta#h|_`(I9?}g7Rj~d*NGO21Jp?yAbp?kBS
zAaiq?_sM0mb__?Pmb|>Y9p0z*j*epRrz`M?Z*cHS4?5Lqouxb?JR2Dq{r!l3ou(jK
zK7DN>d}>@Te?Pf%(dv|^JxXB7ma4E=CJdP3n`m=S-@N9a_foCUzD&fqV#&X)*M565
zVV<s;sl?z_S94sVIda>vco=R<knN$vdR(P{lrtEKD=scB+h{k-NW^SA`}8CRK&1D|
zS;5CEAhiXD_HkoiW%$D`Z{a;Qq*I&ad2Qo)jeo(okCZiQY~yKPu=@dATRHjPb83IT
zRj*T->KlLO+l1uO$NuPSPn94`>k_y_4sG2@YI0aG%+%q?Li$-!Qc_h_Wz1m~crh@#
zqSq}{z&k!^P3j4%|28ba=X<B&609#o!T1Y{qgCo1OBMJi<Y_1bk+^JWYQn+6iIk>c
zsGB)#OuyXEbqU^hT!$PtqR2;L8A<!n8FaR}9Yv?6;(`2lviY!oYcMg@7CXFZ)728m
z2SKj>TQg*2?uv9-p%+cQ9sT;%+i^D+KGxPk7cHDMk=@GpD`Oi2@Dk06ii(k2Fw(z<
zNs0KFm1d`gz6``Om=wQTML37#<4HqUBi4ajrgw8wPlc-xN%Gj79VeP>BmW0Tbm8MF
z#1TBzl2<;)4qdfBC7=J*{k+oc<vi-GlA~;3?B8NtTQmkOM?Kf{?ke?Ttq}<lPz#9)
zQr`oKVGdbC8EKdIwX#Zvs|1B|xrD`;)QndD3jtJ5o9ME;Pk!J^9X+$4o4am!(1PBa
z>RAUAn4SHONU`dd7{a|dI?tu~>B;%ZdUvJ4Z7s`Xn6%4vmeHklnxpz`w}XPfRBmr*
z*IlMki3Za(!gC$h+KDLSY);A71E5{Nor|U(5%w=?gI6~+!jUOK1R4BpW9%)YQQTr;
zjya{~q|z~8`9_5Wu@NebsrQmK$J+1+z}p%4eaM(YJS%8&FvJ^SktQ$~w#mXmtr=&@
zYIjHo6QL&0;sPd1#8*ehyxd%^TNQ}tgUH{mr?<hBruI5tJ?Fd2GYlbn@Qh8DWQ5eo
znxUkpmxZaLB{*WmQ=vU-&3Jfl5F<;Qt-=^%^!k8d`ZTcPujpwuN3<UTbF_3nI}v>#
zj+I43ni7fsqIXH9N%>oofsM|!4U^yZXFlCn{6{Ih?y5L0bK$I&D=*(03SxrB8^eoE
zVZJU;KX7~B?UvrkHW^hM3q!n%!)YHqXd=@5Y6w4_JJ>*ZCfY1+0srd%a0Xw*A9^m|
zG~jMynZcwzJQ~K(e*=MtSR+prq`ef+HpYX!!(Z!{Sk-TwZ+HTPg*+ddsh4OvIXSJZ
zt=$K{{EFw$EXziC^ya*gi<7-QB6h<cyWx+H0s#~J3$3Mnq6G+fV(5|0rIf^%<r2&s
zZl(N2mV%0E(u#*A%i-n-j2LJ7>orL?Eb@}n#Q(5lo$I^d6V%9ies9HNyLL4q%KVR6
zx2YdG!t&idP}35B5xuZ@I9QZX+XVpl-?ad*ykHv@CVuxrWAJq|lhiJaj+7KV@Ku}<
z=Ziokkh!zeZg9tKBXrB~4=G}|t#7<K3#}pLT5<Zq>ntN9gLo`y-qT<CQWdBzXj2c)
z&b)&UmOC=ET`@l|G*@9K1B-~&6gS-=zLX!1cp!%>_i|-a(=A$PzT1DDzL!>SAr@}d
zdpl7flXd3vu@*0<PwVBlH+@4Ax7;_?7Im<?<RFzGL{t!!yt|dON^n|4RDP{@A?O|7
z#Le+S2cZ!Eu;DF7z%J<G`tGi!rG=H35MsRGbu$XK*Lhc}&0mioF16XI9>Cz|hoHyX
zr5(5TvVp&OJ7J<a=2^>SXn$;ERi|o9I?_gV=c|n#A0F7oH1+n~+qSm07P?<<D#daa
zxDG12j){oW^zAPSf=cXij#e!{=*?Ar0mw(swGUbvsUDqoE35g6j<sq;k_A;AZ$d?w
z{Tud8u#_%-I3%6S1CQ!GMZ|e|wU`L=j@GWP8*7eDOiaR@Nv4#KTRiG(wQO2%9s0P|
zuL|xKeeRbggNc)eRA)VdVP^0fGZx3mY`snU<IUw)z}u$Uw#@SQo$kwwTHj}tbws(y
zg{aol3FRzvN$1wfI@vCZfkqqGX<<IZ*{H>%0C+0io87kOS#)ocAUrwu-%j1YQ>;vl
z^e+o|&5(7fEH0j}*3#Sznw&(O1q20I7wCK~B0D?&=FmMNKlZ!cfb~%R5vYrC3kzo}
z(4Qf~wK7Lr1h+RN--i+Z^(-F()3-P-Ap=GWA?erBG1@HF$saP5+D!Wy_JbV$iHZk;
z+#A(Wzr0<k|I-4zsorvJHLPBKuA4{rB4Ujo!f9qEvCAicIVQI4j8Wk8ps|7Hg>T?w
zfjEnzCE|=A-@qac0V)yru6wAkOkCje9}cXxvBypKo@J0i*&_lb)}m%$g_w0j22qtI
zq-zTB@s%t65U4ik@V2qp2R@#yw0l);$F;S!MN<VYdWWGS@C(~%r?c<^GuXlF^O;W*
z*fij@X~2RzL#g6z_tPFH!F1DtsSy*Qc3wu8qa(CY@3-dh#5<3zT;H-^%8qog3-=Ih
z)f2!wy}t>V<#kmbR?+}Zn4^oy8mzi)6pnqR3uzSv$4x#x)BJ3m1#fGY;$nb^op4@c
ztJ3FlXe*oc5f{+^#(uB0KK|4{lEIfHwiUGur^#Q#$LFrUUzU$7alk_I<suocuB`0C
z`{b;#Jp?f#O2;bbWj%s}tMrcB|Ld+tgkPpLyMj8_HXYCxZo(+v(Y|7xWm0Oh^cv;|
z$rt42c01qv$Pmz3!?uv#b_qA`Nl{bICxGAH-Xd^_70=S#T%+aC8zR50#6wq5B&NGA
zca7Tf$lwNpnG<>Vgu*&m0I=<<`KSB(yddQOdG(G;SSZ=4%&9!=GK7zeJwpi*^VW49
z9v;%O?`~II^l0jj%KJ$J9uCV^mY3&L{zHj$r^d%U>#@d~{ni{>8A89N%O5m!u(YWv
zc?fQ!IW~aHX(xL}A`Or$KQp<ZmQM{qu$%S+a4n0hMxsGRie44SK+RO==B8lPgox?i
z=MP$7H(lC^_i1Ep_z<8sefe}(Z+!Pvy+du6?tp3VnMdIxBE}=YFlJ;g3Gh6U+_{y8
z;tfgsz+}kFRSlCwnblgO-FJL1)7k{(58i`hi)3lfz$51jr9DL0Jv}_E&}O;teY&1i
z*F&nQJUV1YFth<8J*KNB!6TEkz}ZsO%1^O^LM53xv(4tq-6GMun9Pl48xm7Oa6^`i
zPoF-eb51N6*<E#eL~!(Mo@(wJlI7>;w;6L3P9o6e?cH5ffMMpI(z)wpNS!`*q%`73
z&^yn;-d2(C!jcsX@+QiQ#DgF%y@iL$$nL9HAS}FWstr2wr>LmNn4`n}76HCjmzUdp
zpzD#5uK-^i9F9*<*SZ2)YL0z2g6`x<Ob9VLLrtyLKt}x^>zeA<gk|RD%=)&t0D<>o
zX3eKz&Fwo6Q+AeaA|}Ss{x{wErn>PG2&~<q!m*wc)@+rgi9oO$I`8%n1nwT>1GI!Y
zhO93w9WD#yrH!<Cf;$3t>8M5^SI`jnqY0})iFzQck4o2#Pi;2EB{+9sb$3}ur*Uj*
zYN})XrY6_9JvL_kkHJ-qPuKAvxr;XA&#IdCqtaaGdaB(C2W>Q4v&oQZQ!dlK{2&j|
z{nJw?+2Sh_V^`Su76P#V4vvlto9w|scWY(%m2-zZh+4egM2=1)CD?vJ*#e=aZ_Bl2
z-R~v91M1>8>0^4ke0vqG8W74np7j;i8DYaLfqk~6z5b2*KZy9EiqJY#RVf?5@$Ekm
z$g-hfRwBz+E@oD}+5P2i8(Nj%UtMbY<b(u`?-raJK0ZMWm8DG`+jDO-c5tY=N}t`>
zs7-n$;N|JLinyI9bEdE|+6H9IgGeRO1tr(P@HwRd9cz!;?w1GqrpolTurMSdL@v^6
zfjNT%KepWU$WUh{2rRnSQl&$$$E*V?#qpjCUGNKyp?a8#{`rZ30AkNZ9Iw>qYsr{z
z3EM=M)aS_ZXv-56=wElZyceSlJ`bltGyqD-K{bM^3>S|g%}EzbeDX(6c~!64k82$4
z>^@fm5WMrjQ{=Rs49xsxzrTld!DJe@hEM3`xKgKzjGP=i-{5^}s52OhK&zUgf}LA9
zmFdksW4F3@K8Bt_qDKBi4n~8%`~r`)v9iB3D_Sf6`aioiHTo_5HNh3m-XQAUX(}O)
znqFV8(d0ErEOW}<+6`eY!OU}$b9|`OFnzfbc(@SRG>Pmtz8K+nsg3Mrk={-70B*5^
zaEbI>22>blS6Bb2%`|zJAOzQVj`o9sfHQ7vx~#GP1R4@vrGbUW9g!(vYaK1E@9tPg
zQV3Xh%X(8}ms6=$iaB>}sF$Za$MEIyzH^LpJ2&Ta#_}WrX(2~%UQRE0%@8c)RAC1h
z=pgP)v*HM$@wNZLl6r!3*}RtMCBo_-&i`_)4%dFp8{2!?RezC9M9`Ej1pRLc==Ni1
zuTrzDMy(KuJvG%T>Xj!N`h2H1((N5+DU$DPpqj7LQ1!LR#e+i6IN?~gY373?mtL)@
zN%ulRVw(8ACEA#fj-Vb}Y&^Pg>^<O1G|Bz^_2nLJEdhvm+2Nv_HF`3>+a(M8oX^R%
z9W5}q%``-K?yP)I^*gRKA0OZN<Yd)t80e}o%h1S(v;E+gF^3=@AEDzcQrFjD(b_5%
z_E=e3^A%nbe^SV*j-5tOxtL!Kxd=`;hhXm5#lG<e?{Ag)?6xZ(@`pZcTvBb4eBZCX
zY>V?=79QZhJK%4hA4&CD%6EJlZEaAQ5#dpO>(saPx8@iW$o5Eib>B((t}5`oeTq_>
z=cn;@p4+^SZZ#b20F7#0@J`@`-cB8gh6!v%vYbL9K-~v8eKoMbg>8N3J@Bc56CvD~
zEa-guNcp7mSqU=M?myfnw3_jZCJ*@--Dht5zRZLr%%kS~^XSyY7Ci9YOsN7klm$2W
zbsTxsjRhwG!3Ee7>JUN*V!jd*>nke`(beFY^KX|^NL|D2`IIVOuUag65L;ATT^#}z
zG!gibEOM_*c3kt0)mzjd76*#@p3Hf1lSokTx)K~zUG)2RpSAI&?)=@pTSw9e2(uZ1
zs)5!T#?b~4o?GJcCO9Mya&=!?$_Tkw6@IUyVU+EV2MdU&Wic7`{@p%9ZrsuA0L)`X
zXEAQhY@SBw_>&OuCoS}l4)jD9@8!`8NFE91s|;r7vAC17bMue~1uWpWvF+UFqB|}{
zr9`vo90BBSeUnf^^ge#Kyp*K1X)p)?c0R$8FYYe?oA5B4;|U?Ch~%3Z8&kY{XXoIc
z%=rD|P+_R4gq>}N%*j>$_D)SrO`wFNpkUcdoF46NUbKWuLI*A_KEea=vOId<*_|d3
zc;pxuvyOUMdFuqY7dYu8g$Z`dXGcS-1;4tO*N}bY0QVfWG$aqIsRPYPv9PcZx&T5U
za$gd2%F;oEu_J4;<ROCC2-dF?k!@96zm+bUMN8Y=$GdKLD#7*@+By08O*_cO_aR4!
zDxGuly?h<hng`elavw>EEn_G_$c@G<A3|M4$kt|Ng{;IfK_(cfYGq(w1Yy?huVrU6
z3D(NmA{3k0&FiR)t8ALq+Nfu%(qI|~ftIiKaL(<Voh96NV=f6R?=>4X$(mbUVt7|a
z#^5#XLEbX07Ii`hfrE={bEUjLQ&a8939EYozCJpww$bL|UT`I6OuO;^Z-Y~e@{Lbj
zn3k1&PNrJf*xu#hqCOk3!`H7dLpz8>ksAMWD6;=ngr%h=5Djx+^gb}y-rnBayr;qg
zmUD9~ZfRh#RO8#B+vV`#riOJRI9ILZmxt(;p+>SIFypZ6qZ`nMV&UU@NlHanWZ#xH
zONLsRj!3Ftm&%qgO9mpHBao|8qfzTIX03SZl`X{S(Pnt6PMfNLu(L?M?n)z;jA+?k
zeKs4OY(#>Azu*DZVgE{u^9igdnW4nb$JZM1ivaB2=9oOhPuFyQ$F95mYKp%B0fZ5>
z1kpf1U^!UVTHDip-5y9xOzdgm<A&wCt=#q7Js-;iCQ2m4Z-xNDm5ctAPeENptXm-)
zXAsk|Fu|p6iI;Uksq=pG?9z(k_M`Me&r+c4i=@O;vJ2dg<_SJ?D#^M9H++PQ#7VxF
z2we2S^p54z82~p4{QNYYTZ?h+)OeapdGheR>M~_P1`y1hxt=)Qao9nt+v&9A&{cbP
zlROfyRN-~g;_*tn@(HI_acE_J^9Srvt$EC~j5hY4R_;W$UoUBcvfaYaMv2%xhqhh?
ziJp<+SpA8sydKxz>QAg5?Jdgo`TDP+#=aMK?lCjkc~L=GXtmV!5G;FJ&E?&=IOEsw
z6;?TnEp1RBk<Yoq^^pa68SU|(8p!EDyY!3CS!@kP7ST2|&<*nOH1fO~iuWXRZg&5o
zRR}jreTKkb8y)aME7<S)5#QhKCcbTqeJk(YiDeZ2o335uH(w8$U-2$eGtyg0*}LiM
zU>p>zn(UDCUwd397B&@49`k}~t_61J1%z{Tjg$P}a@b!xwSF7@<iV%;Z}n8Ev!-s}
zU!Q#cc1q%znSPzAdLgos|Kh6G#O`WkaWBw!g{Jbz*cPBwZL$d?iwV@C%j5Q1r%Pzq
z)cXJBO5Y2+_Y;M0R)%hp|2kcvUP;RH_Dc?A&sIAHliTczAp2H{32kgFb*u(Fg^?wi
zceS`@2N~DV1M6(n!e#QE%heLsTmHHI-yxOby7yHjBA30G?7gtVem_?E&AJ`^@XSv{
zw)YaflHT{PaZt+peq>}fOGND~?}Df~2jQwNxQz(2Rt`p7m2W!|9Ocowq!|4_BPMmn
z1^K+P0H;CzQxLlJj5!aL!e7ao<LRXtRG-n;geQz;L$P6|v3>L8id*EmyG`;db!*K^
zXJW%JVzcHg?}3BIK~%K=srE(G>k`6v&*#uDZRWm}VRp>EJ<M1E0eL}vuY{J%ggHHc
zEEFc)qkiHrofLP*fF*^co<v}&M;R5V*ehmZXU(#%#cbZ=oY#8Qm;vLUZ88vvkDK@Z
zbGLDl@cs`HTNA{t!sI66CMI%(Cb9fLdD4!RJXX|s9p9<>y)HFv2;M)h#jxL^g<)mT
z2G)|krT2g4Puj&sKxqW)n^bxf>EeDhp^lLF1(x@C|JMODH*3YOr(`}R1xX>jBGi!j
zAZU(A8<sqD-K_^4mSmy*L`7UgdgYmhheeIS^fMG0lPSgff3-xM6gvL<8*$Me{GC_|
z7txS;#w*Ceg0^sSC3WuulN;#!h!r9gYL7>xA%&0&5lw?Rj}Usht--wFIfrzNqX2?^
zB9sUc1f(Z?l{t<W4g>JT!eV<D*Gs@4lb@R#Z`|?!^i;nOl<=(xMYbbB{G<F`&tH#6
zFOQwtQbY1#8yr6g!g;b08x?}w?71&-U`NDEe{Do0?8p+E8yiuX5G;+mLM@{<E5;r?
z@TPceOsTy_uS%znD}6|Mwh@saO#Fm0d0Q3X-nP1WVq9SyH?)K3Ut23l@rL*I@tbdy
zIcQ?Sh6hVNDS@A#K~zKpv1^4INg?^!1qQD2soF-jWrb-cj%qN?t*nqMbYx|)jpgL#
z@~X~qVe_MJx$4hmx~3om=n_YPDqmWPH__5X2npixTd1i3LNogph9VtPP*4DN(B+I5
z1Za3ofwS>?xBhm;+1NsEp^{TmDf(UhUVtxBNWylA7iEk&?rv{&t8_s3W4~Q0)G(&M
zdIkmtB7XS&n=Zwh6aB!x9*;X!fsdbI=VHSFpqa*iig=sC_6;LbmNMccR7b~znC%N+
zdHJC#Sq8~NJ8y4qN5?={S45hrPqWF_I_xvU<j3cq%Vmo?Ybz@&%PT94jEn_=?nCWf
zW&JxBfRRw-`U(2P#KiC4zn9u2CMRPlhr*q8H$buSW<P_QB*l(uWsB_$U0ht4iV-m%
zAumZScSYc<9iAZ4W?*~%R0V7toC-<t23vR%Wk+GK|6Lf0<@Z^vdkeWA#DH^GrX}3t
zGlkmsXQDTas=0zLtF7jV?Mv6!<3%#jzox$;B)EoSSt(8t#2rjbP8NF2XCF~Z7ccv#
zuG#k=`bwc!6i_47{OamzQJ*uhn>j7ZI{i>vDI}y&YlA3r>TNAiDwm`5I_>d=u%UPI
z0Gg6Penor?QcG#fBnn&=^C;ipG-(+%sWf`qRYKhu58A)Q1F3F<40zPkUy3w*?IG8~
zMxdrHxv<6nMGU;M($djAcai+F!$YJ{d8(EB*}`@21(Ub7^-BtD;(z_YoBx&*ZM_AG
zbJBmSEhJiS2#Sh6&oxAcyo`m+S7EVN><b!uo~_gd&I%i;p@%vOi1P5@Cl4V~LEmn!
zG^d`Pp0@gSj9Ln?0MZy8VSDcJN<=>|AHCXFyWJ{c=`2;0Fr(?n1)Z0>9<$kvKyRpV
zn5Z>~@tLc1=m-bmIRo<nR11_S0{nt>Y}51W?U3xCpf2$!>;3xsb>LawZ+TKkSwX$|
zM$z+{IHH7y!r57^Bqx`#taKh5hmwMFE8*?UTQysoQpPf)<(b~JDDwi3`RtapOQ|ON
z{vB-7PqtejBz9$uHO3rSBUT6k79AZOnJ&2T6i*chH!Bq76KJ*Bv33c7*xBZ-FM;tA
z2U6UuX^ooWk!WR5)9MW?)YR3X{`Lz&ck6dMg@KNz8c=zO%d?iQXH^6aKwu6;uEHKs
zU|?^Lnchj_b5`JQ4=GhG!%M}bFCmo1q$z%IF__d^7Y${=D#bMXyq)Ax^C0-?cb#U1
zh=jyT+~Xh$=7CNz3V<FThw*1^!2r^jwWUR1eM5Cwb;;vM*=?TJg8}**iCOT{+T4`C
zm4%}}#}$mAgF~(5+Ox+0dSnPBeDy~LeQ0?$AN@Aj&iMG`Oi`ftL;q^8v75h*jVqW7
zDSn9Dl;Lq_gz+@}Bs(u}&MU~(6&Ek$rYZn<kqD)HKWU6e4}~1m0vBgDq7#fVt?@~%
zDRIH2e(A4`ZWdoT9v`(ehHR#_bXso@FXnf@Ou(PUTM&6$_+upJ%Rnwi$KR$V1SfCQ
zX7TdzK}UuT{F<Jgwg>;n&sQ!<iy5zH8>^4_%jTfifC2!KQX?5?VlYSMFsov5*Wh6p
zWJ<}_Tx4gr4Gxy3ruHEmwrQFM&rg$&R#6Ht*nAm?PKLzBIeCi#sFUpvMZUj>(0}>=
zXgbTNsQ#~u4<QUa3?U%R(A^*)HFTGBgLIdGl+xYZ9SYLj-2&1r4I(Wi@Z8_C)}I%=
zVhwQT-tReQpU>VS$%HvaI5)8zQd>~)$NCFcN-VA9==a^0>Y|2ku0`g^Ypzm8pZASC
zJa!30RV3cKeaX`EEbzW<d(*$XH6m5b{7>iRDh(bo&<KVOs0|K%Yl8;X3J%3P;CuyW
zg|bpB(c5KUPnLsYcp2vObeC2w+uW3y%8=|K7K(|G{A8y)h0B)n2_*Ik4hf8(EvHs>
z^Bry%J%1i&>;Cup#bX@x-SwWr=6PoK<G$5@FIZM4BO~+p__(c=q~R(tx7}~<;E<Cs
z(U(9oQ(cYS&!IGj-v^a|B3P+1?Zrk<$HuafXK)?V*Xg{%U?lAwqFb07TDawN)ZvE2
z@Zm=RBoQJ=QBe`KylbUgHanRZOS~Cq))x)M*rOVv;M8qe7re||aLMBt_-@bL$ei!3
z<Hn~I;5L<~i<&nZEFaJ}E6Zy=YPGt3U0IT&a%$A=@6gL&%c+D)CNS_T;RzK7UNqzG
zI|jd6mP9Rz0EbuzkO0LfN;E+t9C%;d-{vTn0c*mpIHRYM(xxuE>KEmgo<P%#C_uH0
zji%DT)`Uj{wlvJ9?yX(Elp}&tmS~`s>zIRYHtxG_bG>?Bz1($ob)R~iJ#W68FsB)G
zc$k`Q|0s||LPBEKS3Q$cOiJQDJ&i6VA{Jx`j+Um8kY%Jb*I|53{^`1P^POXKG=K69
z4-WlDo`S(&dQ7C~2y+A6Q5dUUe{77F?t^ZfY-C|$DV2~yRR-kD+p0JVa5zLYQ49t8
zB~zIlm6NUnmT%3FYskPA+JzX7;OX8dC%4Kb{8~0KxHOe+>b^3lYt0NB@)-6|oV?2R
z@mq2ou#dyJru>z8^JSbLHgspkx4AM8jS0QFcZEk)eWfy~Ip@iP%_?WK0;(fWhO#m<
zyI!6G?)%cZ9#fe&FT$Jxm?`yH-p6yAM6)uVm46@rBY@+<@fBOT$doY6N-_v8l`JA+
zB3S*sdr?WzPJO^rit)eSsa_o?+?#g~#{ceRHYNorh>3|wNiCu|30c;5%G4_W5TQqq
zCUH)Kds|ijiWVk8)v5Qq*Ezi*%9YG2^Q%8$V`0eJoCP1l1~)cSi)pV6TP604SXWrn
z9=pb8vVNz`>5!dJq0JFYg`{@NwB|)iMTrmy0}(3z7%zj$GMa7Uv+$wY+<%~4Vxp*=
zgg^p2l;0u4K?<kk$l(mBUfLe0STigT>ZlOjIUXLLJ<AwRS4ApNbab@4yE`mtw8rpp
z{p{1(rs!Q-fXBX|zPuJ*JonUZT1ypnC`e;ph8U^JjLLeu#65vl4HXn!3_^n;fMucJ
zA0e+`o7W4>!1}-IeEw`|(z5$<uL{=%cvWj_h958^FfWXxl-`QE7JQJe{#Z2QEKHb}
znc23($)`?&)hxxZP$gBAIy6&POr<o(#S+Eqh51jMqHF56!P5Hbdi>;mWQjao{dXS^
z<G|ypm|u#=iJY3^$1LbvJ-e2x%m`wORhgxngsuoRJfa|rXtEUkFfmug`!LQ>%--#5
z8W1Bbh>Fx>LAw@5LVmoGYl!l@MHfSG_<t3^!9j^GY0-b@toy0+<?gWTolu9TQnjiy
zxx{3uTR8l?1wWMq7z(ChiH@3*jhRR$&->{OJBE0`L6kv&dz6|IfifJH7+7hv{Bgx5
z;JJ0$?;vZDGt~Iumob<MxU&Ep<qNOJn)_HAZ@2I6{(h=EHF;EUQG)dV4^62l(C#(o
z(D$Vf{&tLQY@*LhN`N!qf6xO<l1fkxNNi;0I8H0)@(~fH$XBZ}X;&uU?Pwc%cn2Pj
ztHh<<x1f<E!W6^uMM&Q&;!49YX~Ycc@T=GmL2{!!toZtB;pn)UXl6l2yCGm9P)d>>
z3n4)4=6DNd*Sf#`W<!E&$wfR@mwj0Qs6@53xFFZ4R)9KL^W{|n^iXm5cpWfBYwk8Y
zEow3mL=6@vduoLPtrjIviKC>8fD-z0t|Hp?XZ7X5isB_t<f-a%5Z#sv1*%HzEG7Xn
z35P;{7C<2gMCok|$<cFRvqe`)c+%l^pIYA$u%LFaFng*e&R!uW09Wqx^z7w_@zcD=
z=7XoN%t@Z#A=#d*x4r$>8ulObu}M<`I}OH-o1Fa3V#z25*7l0&(i7pCwbr|{bF*1h
z`|0WYW?En=T!GARt)LVp{4u4_jKudmA9i1l5308sFsUdh=lDKn0Lxv3N_K9!KuHu9
zJ&2_>B>9z=w>3FW=)fy^Sbxte1t<dbp;iJ`Eua5yKj%L5m#htMEq5O=3`BuA?G-sW
z_@1j^(y0Af%M4ri2oWG{|Hmo-ED@lf0KF(cA=W4M14LDs|F`#5CyO=OZ?mD<088rN
z1BfYhi`BqQcI*b{QM$^o$_1K^h(WV!rt{UDbNUjXEZ8=#%+0x-IZ@pIKIrz_^W9jS
zUrb}x@<3>l(n4qptfVx2O3KI3dC(1H6MwB~R*+K^HL_&4Slq+FYDg!S_Sdo;Zw{?0
z_^qjys@6y)t-Hdm!hChtGxO%{^R)lA?`puKEHEckp8&XcZ`)gCPmAB3XMXgbe=_^9
z<r(YfOt9@=-uIbRbL8pTLxzZ{Tv8K69sE6?27WS{<CQ5Y)=XRQYbrR*7p53z=S;I%
zyslqf`?>4>BDT1?;VA_=VwS)SL=HnP6G-9=B~i~F6&MkSB!XBGp+<6tBMquje;paR
zDJG!6YJQe1@Do1=ZSM$&L#TcMLKtx60AYwlVcroyjGvyKE<Oq;ji#5jewZYg<I!3&
z1WHzkI<OcApjqInzrQ~ME+KD|S*m^qJXWmZV-{S%juQYj+N#~AJPfDzT#ww_nwz~G
z9kFpOO-4TzB+>5ycq_0@`S<DX^vf@1D~C?&kLzupYCj7H_uzsOKxpFBTp%;C9&ivu
zE~FfUc>d$rUNDK(vx&$4m_e9F3rng{L5ny9MleK;29p~FPC9CF7)&>jrBZXeYOz}I
z<a5+JpPR)$o6i8N&?Om$@DS4eKNbL+Hffa7VDGNHyZePE;Q2Y=KJ5*zM5t*z<s1)9
zf-{ViF^y+RaAySKGP<YCL^j>P(rK2=WNFA>w;ZCOV)z(@^AGJ{+DV_3jO?4{_05S2
z+K25yu52pG0w$VQn8bk~lWG%p>R<wJ2d)V0I}e5Ob75gOKj)i|!*Ny;nugTW)WDGV
zIO*h%7dH$*Rm!4I?(?z=;GpnOQ{nR-q_%2cQJq=p4Io)et>AI38vt7|8d@T@%1)4l
z0rk+dHO{0_Z@tS;=)hpE0RRq1Y17KBD#E&cX?U6`v;+JwP%mU*mk}@bH+A7of-fBs
zwde+t@!?Q4&?RjJ%0L4xT9{b*XO;-u&yZ5nOBtLA<ED~rUOT;8<+$l|swwAD!!R-R
z&&le#T&z^AXsIwex&0to4-HYPlUC7{_S<per>WbQ%^Kh`0>2Cs6BD`W<j#7%tx?<f
zsX*VU)9;f#Q(|;_o271{-n`&{_WSfs`|x58%lRK3hWwQu8uid*?pHTGmqTj0x9<NS
z-flepcs{5jB{_RMo$~6qN(9a|#Q~SqD6q{;A4j}Yk3cZdUh$9`budpc;ega0HY#+a
z|M$`dMMiNe(m;#G2LV0<65T`0R}Ok{GAn3Qzzl7vTWaI!?hY?f`;WMfgi}}It1;jM
zGaE1;0s``=g{z}uHGq*iQ59C7z<<up0)u@ri8fP;L_s`2N`@P-EzZva#1>uzoGGPJ
zld04uwBM8pPI+ns$tcxjO9M<<&M!!D8y~OM)4C7*v@{?fL{yaU;AjXfbpZ@6W@_gV
z4nrV<@TlJZ+X!crm?qDD7vLvTN9DQAsPxiRZ!(kwHYh}vgGInT!|IUHv}zMlNk0<C
zGmdbmMPjhG{~ii>>^^Hdu659F{=Hm3%rgma_blIcigI)R#C_UDiWB|2dq%#_DVm2C
zQV8RfOdoM!jK`EiPlSae`$(~;MI9}aE@nSwI;>6s!oI)JbY^Cz_f}UK)85cj6PC=7
z^jW}`*X_F3BaZ*w?HDV?4|!{ql)Ye!@Wk&aQ5w*MmO;V9_#e>1<gdF}Ul2h343W<a
z%yww;i1981996=4P$&dM+p_|0v~|>q;|zx&PzHVde*P8HOQM8Y{59lPJa~eExyeGF
zktRWwEe+_Q-|*S1l4RLrwi--vL<0*F*VgRG4**&Lz$nGZWMpLOW598%!y*j_#OM_H
zWn;}ekQfii<cE3ybnot_z@0Y^fdE1fNlYc{6+vDJp3VxO1C-3!Pz@~BJUv%>Sn=@i
zrd1(Ik`hyDlzdL1#Unz3i-neVl=TE6Ko19Jn-KneQOW`R$lGndRmo}gwl;LS8mj$u
zcF9FLn<{S&#YMn{azY8gun2XKE<9B#6%<u$L#J`1^@cCt)XD!2KmrxZ=75snIUW)i
z`vu}ME@+k0xi<k6Xv6m0jLgh>7T^X`+YzHIPEOTj)aF`V{wRF8FWT|(bcGiQsVetO
z!}Dz8X(rD9U&o@6%ffyXMZm9K8UNd?nf~_iy*>bg*#v;<%~$o`p-{0nt?x_%AhcjY
zi%|<$e`9<yN<aD!MJ)<`Wb={0a8N7XxET~?P8k$rDy)^r8Cz<B5{NR(d<x1};r3Ec
zP6Q2p**mYf`kg<;oC@aDA;2)qWay?Nhu4rQG$+m0ef=n$JH96^Ba>!+o+@7jtnXa`
z#cp?CAeg%$k&_TTB)QSt<-e~PN0h3_Ie-gwncBIy10Z*U+i2+`07Oi+Oi1oAHVr$8
zU^-<PXG)O=N`cqfO%II<na^Cx8I!i68I=VHlNiY)5K7FM90*OIl7++Ra3Qz?$;?i=
zWHU_n#%uSxf>~jqzOyfPy9wM2w}V9m3Ve+sewzll{M=%c3Q*LNA99okuy7W+)Z|i7
zlq}HFMiKX|IX@6Luix#oH;cNCzL^RDfDG1g^p&12=Zs-N3Zlc+7MJyE!)aiBZ;WL_
zvSa#_`u#jhDj`P5M2dEo`PDu*Ag)ma{2K-4#Q8HbOTG1<D$hIB3hd86L~j4NKX!KS
z8f2v}#f48!o_7Bm%n7(l<?sB{hw+(Fr<XjEvsecl9tbYPOpixv=u_0|DTIgrC@#=T
zCd8Gohbg$i6A2;a@fJ%xGbR?YTZd=;LP7=|+{Sf0M!c2Xe3HnxP(qMQ>7;%FYavu|
zK%OOIEImWML~+jDlVg!5#;uw~ea!H{;LF$@8tBMf@20ourIJPGKQ!$^7WT{jq-db{
z0ai}x`HzQ}H${;S0a&R2lUuCR_z2URc@-=%0ujuA1$-+Mvlt1sbqvgZ+YhP7B>8#G
zZ-2a}cRO<T?<tOqgZhGOem9i{<KXM5wcHRJdGx>4XL*JMN>GYJnY$30qC9Y&WuGWn
zQ4r-o#1a@%?V-x|y`ulF6Zy0A6akT_^s{~Nj!~*a_~__pMn(qUM~ZpFPu0ggEi40>
z!HRNY#&wM5=anv`im^+j?ccUmQNf{(C4I{yDAMWj^Z@)HG3vTHI`+1<nt7s^=R3C>
z^<HzO{De{WfBwujzw8^cj9WV#DGnqRsPf>WKkbM<&AqBwC4@_UJyb<(NzM%k9LFZv
z69<)EM$;np@A-Fx2P2Pt19f|q(DY~SS3k#J?Cbm~n@|00l%kF(Z-Lp8N_j$d(aO)K
z`NcMCxXFSo?R{Q$wjvB_OI5ziL>MIz4s7j#wbpnYG$Q!2VVMf>#IS-mxVe)Q=}x5z
z+9s|4bK>v_35^TJNf$Ml;7KIQmn<y2*BKMTDPDI`V@uQT^to$&D#Ceo+^je-HmFV?
z=pO;o7KDt%%OMAahi6lnM?=sOh!E+wsOsJKQa!6}Kpab}Z-2~PcAp6vC^oI#uT5lp
zVbzme^^qU{VxHt1^HFvVrVED;M1->>j~UXd%1bAH;VA(@#R&5ue*Jb79cQrze<}W)
zIEa2cH=#U@m7I!+js~`R7F-#VAKKg7eSLh~4U@<B_V<5o_4I7_)6D1;*A}ShaA`0|
z(Ij9PH_vl@lP{468Lo=}d}eif6Vk|hRTxmyKp?M8x6OhtVNoT}xPb-Cn;f^lM_wEE
zTM4+e{_9PhkGUOIk19CiK1_rWuS1B@rIJS7wQ6?jGGxdzvh(ts?Cdb;_K32;Uzo(j
zL5S#u)f}OqI(&4bdYB3)E^0b&Mrd##DFOl)7hFs>JH8RRi(CcLDQ42VXFx~|wzB+f
z!`-CAHc*25E1ISubdcoRzlWBtw@ip?UK5s<FQTHNo69ra55#2(j3E#}Q6`T=>H)S2
zSNER^R9o(TMF}2c0|YBN`WrH`^?EBDkUhXrnwW@zdj+)-C+fZmopor84mzwh;U>r%
zs-}L+5%L0*NTAnRLHhVAE{?vqq3V5AWzaHvz`Z`woBrC+N-8Sk5!_dSl%=0JX}Kim
zaKXeb$(Y2{E{q(G$t?sZI_OsEnfjmJVk~7ZrPwU_S!_pd|BWy0eEPY&NWu1=WcK){
zJgkIKE)gF*00SKQuy{>JVdNl_a9I}9@1e%em(Se~1HQ${0L3XK@~Qy}bcI>z>4%4h
zs%+Ch(+UuMUr=RsE<$Y^-wF$VTK6!1yq|UwbT%3I!B~7z-)#T!DvNEs$-%Bsk3d~s
zJk?T)dZy7%Wx3Jr05|}F?R59w#)IEW7uR2K-o4V1r+bsoBz*aU+t9%Z6T8Xb<#d|D
z=e(&RL(L-I@#y#AVO}P=5+5JCg%#mz?t|QRsZ&IR))Cl<zASPy`>BD|@b@-N&p2L6
zm!H1ruV4te_!bO^4pfcNs^&i?CSfT*{|-ac73s2iriN|z>`evN)af0>FV&dq#^p&l
z`l3=}Q=c>bUaD#q1~ZhYQtsrIIm*C+w~!<X!1E0kDSUs|#>U3>_Vxm8P6Rx1klM-s
zTyXLL%m|V=BJTHlX<`3w+c<d(3hp=6vhf47QDEyq7zKc}Qy(idZLO_=))LIg$yspH
z#*|DEHB>oYDKGJHFV3<C#qId21aPcb4*i?YiEDKKOHBCm^4rfV-B7Fbxp~2{EboYy
zJBcylIyXKeIQR!*Fdd}jGbO{hhFYYvR86>%R1HIGd0_rl3EJ!+M2~@rimEf=t=xyi
zqt5KE6TQu|IFEgfU}U`T_<^f;2N?$qozoeeQ+j6)E03HJu%j5<K8EdJ=lpC)F*2jG
zydbS6H3QOE9dWCx?Lylr>l;tLJWg{>Bjv4-$xa8o+AP)av?p7`x!`SG%|w~ks8$D3
zgkFQZ&7s(ZF(W}VQt=Q$YAI!bq7g=}UeCa2S<HG21>*qUr(361E(qA&)3a0o7aPyR
z!vn-&GYbQ4k;2awbQCu`eWynfiqNP+O=E~Se+`R1vybzT?K9LB+p<l~a9~ae9E>F3
zQKni}Rod;2sGTf+i@U#0Vb->?c;)-BLhf(9y+65{+SUFPt--Ez7$H?7yz;X{1pg=*
zCP-iQ<7^t@pPRbi18+I+yYj!vGWPA<xNi9bZC5&4H1wCF7N5ibBpGDcAW9htG@0$`
z;9bdBcxuInISPmpjC@|yh*P1MKr51+?5wOaMj%bApD3;_=!OD);wwlp{Pa00qURGy
zUT@z{_IRDWZmO!L3u#$HgQg}fxE>SNyf&S(?CV#+_vx^@;9)p$;BJ^^379w?mg_7B
z!f{hlQUC)$1o|o)c^sa^f6o^%3`9j?^>eUlr0x|6vfHTaCs2{Z5E2l0xc~jLyq>{n
zR_N%WNa7jnEFTXQcgjwLZOb9U5V>d*D^{<rmVR@F)DPo3R@(U<b)LFXerI_v%Oyew
z@=4}3?8;$%+6g^Ch*zNB?|6|`>CREWg@B=G;tkVu2F2FY+u4-#JwX^&rIVc*%f5dd
zj}CuhA^&r5I6V^ltAZOf`1j8@b|xl(obn>&QHpZ=kojJ+|Je^q2~Fg^p@=;GAW5i=
zK3_^X%P46t2j&n&&=o$EacCYZOFBF{GJ<Y_?DczT`}T3sX=U5BqK3_gZ7%U@`hF<)
z!9iiu*VOB2fBbnTl5?l}v0GGxNo|nlrYndI^xgg`R>=R;I4ge%ji)4TB%B*@G!gSl
z0(b;nRm&401<s1#ih>+=J%Jb>6o?#&d;uwEQ(Yg)?nQ)xKoX3q83PYL$UsaqUSjx#
zIP;D&7Nxj+X4r-B?X|#nnoU#%Z=kf9r6s6`91cQig7jm}YmUvOHu_EWjO^^MTVd31
zq!vBkKRwp>T+yg`lr*%oKoDNfI+n$sKdmzXK0IVvqj=}2ZHkDQg=J!V9Pgq-v(xac
z<1I1jMAPZluM@YaPQPPJn||{-fF#5a#u&Eo1xjQ`w_>QN#296RWij_CDO${Y3Iyhp
z)du@9J}-99ydED<v9610C7!r{j4iD#Sq_#L6rV1kN%r*`G&EvY`H<~`jjtwQ!B{D&
z{G%Wn*BQi;Oz@3=$ZMWA*JmtwXozmgTTgp$uGZ&f1!#E4K-9Q~i&$_%5-|U7yW^8L
zhi7Nw<Ks|q#36x$aHxDZH5~?J<)3&rX*4Z-Vgx}{MC<eqH{ohHFZU{oMz=AMb<}aG
z#(Kh8@|OVZ-r4-SBsZ5(;(V{W+eGN~{lBiM*rp)Wn$>SP{zHt~1{d@9R|jRNmJ9%t
zOz!8RrnUS%a}@8YuAV@GaeJ+abC#xYK@Lkl8?DStoOXl>EQkvK3~qXL0k&B!a{PqE
z9rg9-O3o8ko(V!#+ebxSilyIhQ}edO{Is@Sj)Q`SU)|<=FBf!|1!|_h;X+IOu(WK>
zy{>_eB(|M>5;5?+u+Xgil}xD6bz?1Q&fGn{DQ8E(vAMmw+xR2hmtM*Pz(Aek=BS%G
zyki>83t;w<)E50dzP@NwfHd^+23TzhlgH`IsUI^Xt7~b6$bS#N!j*70L=F5X{KvCh
zL!HH@Nr+1zc1Hl4%6&NY3EP9aIQ9!Af(t_e8i$&OG6F3qB2YpNA(>GYsx}eqKPlVD
zu$o5lq}}Av*p6<<B=F@?>3Zy}>5<*$&l@3O9MFE;v|mX<$<&2<p>u5qx}P;0LRlb`
z>oYd4F4G~UfNcERpPlBz&vX0Ac$@F-qh<y0d6axlzTK87=31n;RsTmHD?RF)*IM%s
zo}QjmS7ZzcMv@gfM>xj@Ly4#xt1B~E6tdl>1Q6g`6Q<GPMvl)I)9eppuQs#!yfy9Y
z#_RT8tQ~5E?4E6^-dBTh1}t^G&(^)Jt}xo#R)%6Iyw5r@hGWUH$Yb#_v9XXY9-frm
zG@TN0e78{<f5bYy7t|eia}94PlqrFS)AfxIo!Sokrk-FCb3#!?k5z)=hF{M(^UoJy
zf?=KtB1$a2L?2!Ut)fnZI_Lddm7wY5qx$h(*LI~BX_;t3%9zfYynqO6+p)DwDk=nQ
zlHZxTxA!c_edy9keeuyLz?u?D75w|rdAci@+h5Z|O3lB3nYG~F##3Uf=<xQ@VbzmV
z#yR)<@uzorl)|R{C3kX(u$o0?TWE(-jis&xy}k2sMIW%f`ILS26AeKu)v|k&orzHW
zC?9xB5z|W<g-5Wk$TE)`$#y|KU{f(7h;q0jc<&ua8i#lbx?+K1fkEwzzO;FoGTUpx
z#^l*22a)NYwEv{AV?x9D_!LKG=dxD(wGz=ZJuAi*hkVX-<__HClqF<VrB@}!rB^>-
z$LY`J(<eDA2WnUZzlG0z!g_p*U{a1p86#;rm7V0&x+g>N)qvY~>TA>A>gQa9{vR|m
z*1q}*r(bO{h?lcDCBk92T3YZhRy8%QB?V}3hY(1{0^2<L%9%mE+4roWqD)IuacYbO
z01{61&pN*QPD@K^)YTmrdk!wX{Jqmib@1@wRRPNQui#^$vwsQG2MTe6K(Np4nZX{1
zEzA479Q#EH*<f|Y)os?SbQ?JY(HTusUXWGKy$o?muLMJ>n01}nCH*EI3#^}>Izhb#
zx;x@Mn-S3iLn^@>A;t;@9ds2+09DTFI~+mnqdo}ywQN>e>)VF}3NdY;pYPV2@N^RZ
zvryA%vLBrfsCC^jAqE;XIH1s%!Tw$Wx1UhNPu-R=INqA)`0745IKBEr@<}J#O-fCe
zT%~eXc+yiQRI{U@h#o!h!!k13EBp+`WM@R#l8?W0Yhp=tQ~T4?3-g&~ztlLq(N^2K
zVn}tslZamq@OL_EF2fQnk#EY0<0C@`(N3>NP0o8ba1SRh@nspN2>P9t)~K*nGmKa%
zUVFTfEA-WWsPXOSO%Ul}q!w2W!m~(T0&AWgMxZy%d5C-yzd33->l%Jvvob&1u~Sh-
zZn;+LFn9VF|23BA)AgKk=DYqnR;?69SCBje9E87aD({{Ogo*BOtTvHl-QZk1E!SzJ
zaF;1%rG)D{b=+V2jz7=L=*D4M>iS>S4i81Yp@<6eZ4=^Y{<+o=@LSL-0^7jm(*%iF
zWF*GjuwD)oNKI3adGY9UCtJSG=dh6g1g0(vJ5-Jh`xqWw9~=ubfa*gjnBCnSP|N##
zC2`!qai*{a)lE?=p>0D=g2vKPX<7boTLi%US8b@k2skx0%9IH%eG9<|AkW`RGn<?2
z_*}sA9u;1(mJ}2e1USlHed*O<d9R^C)53b=0?1>KsR{F-)7b8hiQpteF@gPoK2I4H
z9@1tk3>G#a15dFg@g}lAi?XqsDMuRIezrzG=2kZ5=0%(rf+hODlMW{Yc0Zb$XU|{^
z?fDQSZl|g@=j)Go%rV=JJvX(9s~pDm8=#9=8T_f6jA=!novX6&nODrqJYD?9W~SfN
zU-9Lq=}*^iM>7Fi4|f@JDrVC9!D-8Ko4g_V+PnD@_RhOhn^0Og?64wWU6WYsvqrqP
zH*Ym16va7}zO#hwMmj|FpU&IbPvk}##yMQ;FkXk*&xfh8h$YDn^jwS88<}}Ru6=hI
zrw)eG-RFl@HSac7>hud;-+P++`!k9I5hEOC*VeEpl>i^qSC`L`DFw0uB7~^hxTKgm
zIIXxKuMcz}=T-4lIj+@VrxCRzIR`@GyfewzyifhTPT5z%M{qNWoK&|;rVK3t&BUN9
z6~R;!pKezj``0njQDFo)J|iTarz^B8)hJ(jWnqO3@<vAF)Y3&WZEbIdUBFa;FBh=)
z5k{q?rbb=?f@>L|If5=PFD-Oq;ncvUxHmeVVFu68lt7o5&p!R|IkV~X9R}$zZo62&
z1gx^U2!XEFeO~=%ex)3xO(J5VCHHs}YZ$IXi}}mm<SB;o8+KgBm1qbw@>r$Dp~L$b
zHr&MOna{smXX+a9Lfd`Y7;}U1A=dHax1;Te0TA1~{ajsFNIGoVmtdwFI~g$;NW2!k
z?5V?FgceO~%>j!vjhOqT%9z80-ShnP?e=AxJ(@Vw)RqkkK}FQuQEeMMw`FN5)pW`c
z#yOSIM|6NLBU6|N9}LxGsf^v>7$VJDZYp}?<L4*o)cnqJtfKPQCg6e2QpjD^YVQ4E
zPF}-KG~v?T*_InV@SwNyU~4t??&jK!{N-faG3~bF-YOOQO)7b8zcJ5xMuuA4xEv9S
z>4-nhC+YwKgdy+r>t^5S)<e<E&Xk0fdle0X)>G$o`0)LqeYj>~owTNn5j#1OoF9EO
zy#_u3D3D{{e$~^Se$NR|WP;;MOG|<I-15T*6hwqMo)B#y-$ZE+0FeQHY4tQ$(5*E5
zAj146c!~&Eghogg0qwowhbHIZ5|NBN@1Eef2w7+#3$!3%gpek-*WFCPWHgjm<*=<_
z72C&PY@FGv($Q-&JiEmaF;FHYPp7f0P{8+75WC|F>Jxtd)?$u<_rZ9UkdK5?&P@G>
z=(e{sCo^7NPya57QwJdlg0O@ikCLG~T)Jxm!INZS#bU60E=YtbnizgeNpm(Ts`>AO
zmrjlZ4pbB$#_h=8Z*Q`fMPCNvUO)fE-8SdMN}{Q(G+Rw%5sI{*6L0!b+(zU@x-ZaV
zUa!iasohL3TH~|u70s`6hJWLu|6t_cX$}@BJ|pGe)>2jO&&dgT*rWaM-K5j=K@9Dg
zN|t}(^vOn(gSM`&-sS!XT|seWS6`v3ACg`Zo|5c4{%`?XCO6qc-vnhMQ9rvSKEHqQ
znld0ri-X&`M8add5A%VhT3w|~3pe+irWgLQa=C8gO3T#LRAOSHHIF<aK}AX;j24(&
z?2T&p$>V^rE3;H}6rv^~m#C?Qg^XCM6AdY3h!hYekK&$!zgM76h=+~3kSfj1+TRi<
zKt-=x3_zS9;=?T^b#e6shG^Ac(<VzH(p4czm9F~7#l;+G#1Ls{9sJ~NoAKs?%ZnCw
zf33g{s#={m954R|vr6TJKCmg;ETLyak2#*Ya&lU3Yxel47TZrW_S2Jew@2_*J{Sr@
z$PdJiM=Z+~M<bAvKZqbBRY>#y?&XwK5au9MQ2D2?@ZaXYzpqnmIHxqV%ndXb1w*NA
zDhtaaSrn4xlcDm7te(UNK)cyA_j7G+oq$BBjgQ-W=}+6!S;ymSsnWQ_Ho219t1p7&
zDuJBs_4R_}IIFQouB~sfR#6`$rKumfF#=ix0(OGYcINtBicd<}*{3-%nN2ByE2F6a
zrh+G0XrX=N0a@Fe{eHta?U`<~f~w4Qk?!UwxYqE)lzP)5ykMB1S;!oo!VHnsSXbjE
zNF)oum%_#JvtMmu!2n_Q1E~g0r+_t5F45K1m5Ylj82SMQ#g&RFJR+k`O-TW=6(6X;
zD7={Flsq6%Fhng#nUUaI$n5-H9xfwR)<izV5(q*phER#96~rV)KwUvuRT)fTNfIL3
z)!ON4uj^ec^g#ebiS#mlX?UQ*#HOmd)^JGGlqJ?<vY)b3x8UF6WTo*ql89I%zaP!+
zXJh%4lV+7ULV#Y0OvwmWk7o)N0HZ^Q!;vY2l(@eb)e?-2jmfLje^KsOG&Vk7x`0zt
z%W;7=d``UT>gx3LS9z6QCEo<+hM!>Xl$&R(Y9$e9so~S6T=o!I@x`6gw&eg^ct=v{
z)IquZQp@pr3HzVr_CbzcM#daOBMUrU)VL?74%}GldmgVX2(2rv`X9)iP5!pH6n*a9
zDwe~W>%Sl#!U2ymvFH8a<Aznc6(T<1GcFeG+cr!{@p**=Y*<S<NQ~w;rt&<4DG!>y
zq{d)N4kfZDQCUg5A6TG<;b<FF^URa+I%9)K)!dB$pN$d$6corZUWmE2=L%qWQRsr(
z!T5Z6;a9|=xDjx5n~cv(00GIMcXoJ4MACxWX=<ta!3;7-0G2^lnhPFoZK1^bhyjj8
zKobL|=Mgc67Vba(C7k7_yyB6tC7R7|k;Hrl<)gEyL)D9B#3G&hbyE64ASE<@*j#=R
zrxR|jHlxGk>lYWvO^QoyRo5I*!Lu<LpTD9V2}^`~EM{W{tRPsR#E2|nGOh*a6%pgq
zG$P1waZUmURm#fh;KAdK68BVVk?qDzQPs4t8yl#_pmMduMN@GudMNR;G_?cf4hof6
zV2_EV_oi5Yq~Fc}T0Qd^eX!&<?}<@Bz~HZ@zd*?R#K_e>H%yM4=nxId9VsZg<CA=Z
zjZSU35pSV9|8>Ir{87-Iu(N<u(_x2Vk%1{6A}FDPs(@vA_BZL`HT7m@DVPBtq^kLv
zgN=wSqgi5P7|}nxr*+r!Q6co+)h#F<xZ+B6coo#)g?t9dL1jiI$><o0#Tl44vJuS@
zwt^S4Ke&+OE3B2+l!Y3Gmt{~Re;zeB+!8M-4@gxpT?HahzETD;!XB;EK=KB?w>Ow$
zmX6ZoU1C6n(P}p27tzp{)&8mQqy-x&L>UZT4~_f$%YcFBt~|@+e=Go<Wsd+7b(O=U
zlGB;Bhs&cAMZ@_-g2FYTNsk8}D~cn09mGZj-NF|Dp_(9r-)rq51Ujq&a}C4a-!@#B
zt942e4CYh++@|rb07m-mi_viE4RUb*%<tcd@PXvN)F4VKWYS?rz{f+sRN=;sc88Ib
zNs`7I;5}D*iy|RXS^5e|ki0q1Wnq3DN^)r4vtFsMC7hGPT54&55*G87{Gy1$Pjubj
z+3ho8gU)Q9(I#!sfMPQivSL`lDF_nM*SOd9boxYwgd*$i{914z`puYIHd0`*&Bi}r
zC;zUmHluy*Jh4rZufW^cGDS1M`HpXc)|d=9vP?LLVx+mbxa#Wb!xrWn8yia=matAK
z7!wVE4fy66PKX5HqLyTa2>h23W>k}gN%+@q)c&@2zjVj02VV+7;@8FDVS-eojHiH9
zJQ!@5gnu>qbEmNKEnEFr1Fm=y)xp{~S*Oz@9R+zL@fsGSltA@-Xz^QHv?S%9-CQVZ
za?c^ZwqF`)_%MKW{jRtp&~ua<X<ZLZZC$w9Z5@;k!dLCH7*Li_#^)y!sbnCJLyW&p
z^ihQuAzge-2gxVGX>G=m(SCWy4ez*C7^u<8ldVP!<2g2CKoXTXK=6gdP3>m8>F=gA
zQzBOH+zwM&?NYmLfBg~3QsUmeKncE8Uo`LRB%86`jjUlM67}!H3Ame6EuTKUIBDxm
zZ*<yxzHTASAqW=BPNJ9Gm<$!!v`VeQrtN_cNp$IV)qhx8KUvB2fx;LkZ(WQT=;kJW
ziuL4V?M#g&N=Zwu6hEfbk|BUY`irDvNJM-Z7&u<f8rQL~8+RFKV*FfKKvz(<wi&C-
z&dKQnfErMFMFk@Z3qBpCxgt2a^J3@?(27F9+3vG)O%7$YcbZ!BJm0FT*|@o{(oKZY
zj+I5iDR7YJ<Ps|xL_|90weF<`b4w9mvLJ*O$YD~v1{^WC(A<)__QlU<aj-0=g7iHE
zJM5(ewP9=<Up<CCX=A*1QzG#kl=L2X8$=3|<8otS5*{k1ZjRZF)$`fOTHhL#Kp8>f
zh?GrGGeIVLRcs=z7F5$#nBQKet(D@QIwp>*A`m{(Qc}q#HPf*X=W~*rjK8qh>@sDc
zTdSA_(!$SxY>}GRel*uGH#W9jn5dW0REm{0vs>tFG#mW&H`Wgvk2`U5&uyWL7WVk?
z*v?omKTku*)*+L+ClzI++wLRz!Ly5c94t&2QyR9#p!X4cUQqp;Yu7f7d)`vJf<@t1
zxXzLG>s*7&yXsu8+c3qbvafHMfa@`46h{KK_U}IS#FLZ1T6+!Zl}w%mIvVhDm!GdN
zc}+z{EsH`TY`hLQw^c(N?d|Oy9dmi@Qoo<8vyK$al<x?Pr?O@Vd%G$t$2v!ngi<96
zk_{i7ot>SWR8?2=DQSE^;-vo0rr+fDiC3aH85kutHl8a=O6KVBc{<4vC|*fJ(6}Tx
zM!f^M<lHwuId<6~zntBin#*UdS_VV~n29AJXCxGuo$iXQAQ8cYk^59VT3^p!F-uD!
zBD{2P24S4|Ja25hVk(e~$8!cdBa*7>q@r0J+k~_VKJP0%e(p8VgFfUlu#To!j=ES#
zlsgDvVa24R^baber0m5!3K_oh;vsPXA_M!v4+Vsw5e<!vA1n!soi}(90>lALYD}x9
zTK{oDtXzNIfVh`5jy`b2*LT%yCLE^Lyy~~#!5vJ0e<1pDq|MfX882Vgmp<v;2EHt>
zE&y>Mpjfn5+b?Rx4b;=-vR+VHBIq(#Tq|SHHF*q1uxRL}YHGdLlGBo_b5z$XD)asm
z_5D=fpb%9;n7rAcy|z{@+#hXKK@I;R-tEuTz5Oa+oVa*=lJuoyh@9QrJQJAe@_P)<
zP9Kp*0J)eL8s;4O)4!9|nm4DVPjVZevi&kVxKW&+Z*sLiDYo@{j>%ZBfsk~DKbx|w
zhrtyQJAbmCmS*~3iY!&6z+yk3OTBx7mq{mqUM-(XmJ2dtjv)@d!ScyWYBJ<P97Z6f
z-ocmSXVvLyzW;UfZmw5f1*3Xpb$J^fLERb51xM}0J)<{SJ;*kC6&x&qw6~Wu7h{ec
z+1F<#9|Tg<;-|W<C^Hh?OV;aE1P~#h>D;<{#gM`Rn9rFLe$XVS%E(xG+%zPW=AcoY
zt~J^$KeC^#G;aJbHwvI68gXeCF0Ht|_ITUG$XqwPW0uXX<6LmpVl!9zv}+~$Z!|98
z$P?)FNqK$XKHyk30nn>>G*JGi9CMPMSZJ?FPH`Jz$+8(82XdGjBBf~?$qh!yTLdjF
zRv?4t3n!o7!?g|zo$c9xLWNJeH4l>_zu}^k3nGXpRGbkwLyC(B4z41Qr0&V6fn<{@
zZx4?~YpMaFdKQHacb4R}(d-?U#hr}<K$l%v6;jSJ)YYkLr3pfoOUxGdj5LDA|4}zJ
z=Ljp)=T|}VZKsN~ca%bSl42eVoQw!O@9_u_G0;{ZXhgK|tqBOT2jRQG&Hl5W_RhZx
z6nR^J)%$1rqoy=p@hcko5g5b)Vjqai%%Y}}r7^!TBL|klz@k9!4@*<b;M)6w^IkCa
z^vcS9rRAnq^!eto*$5R>S*e`C<vEY4zs{yYo$E{l=(90{6S~~p>hC@&vJkG<dF+j)
z)HF2ByG?O(xgiB9O1&?t4N@(SqiI{q&CV8%8~44;CdQ*vl=b`7+<n8^Jbv>F<As5d
z%oB)915O!h9|N#8G8B{H-ujFI4}XoW?;DeNsEG^1g)BE$!;NVf<5cnW`}3&PIA;*#
z#uGpyYjs#GMS~@%K;Iqo@wd^w#6ct&9qjCoK;w1DtAKd}Orw%m48%X8hro%y6f&e*
z^78UVOo~v!VXfgv_qA$4V)rKODE|LGLM?Qs#>N203+tOyzupe0tPTiS0P&zF$=i61
zV|X9$)wfNymB)iATzR8cwedoMd=Qj16i1xP45T%b1}Zsi?5!>CHIh%EL4~&ZMXhh%
zJP<?-C>?Yh^=AG;CZSFVK@g`*Rz+;{=oPfI?61?;*Q>9q3*Fx-bpZj9Oo~(9PEKL4
z(IByX^Ei=5;OWN#9UmVPvimnTbbQVK4ocwX{e$X0E$A(7Gg|)lZ))>~|NhNlp0#at
zQS!dUYl{!NvYNnvN=kG{n`~kEA&!{We|CUzXDF`ge&31WJmSB|u3y^5{^z}qSC^Nw
zi!ateRQRnUSpCJHUaNtZz~pF`ynVPt5>4m`uUN3t_U3HFe`$|AnF}`(U%td%T9m`S
z4L%KKd1bq$ji*4bq09l5z=xROPM1~w3I57W-M0QmlSl=hJUmvka6@^-ymU$q?9yt`
z7vmlMk;{8*-m}BLo}t9j(h|u1h@ii&Vk5h{t~wheMmz{4P4bfz^Mty|Z&$y*6<OvT
zGS*TionkCVrhMgyv?s?;$FW7KYA-9LOozG~$mfjuL)wwX3q(wXnbCcBA9LDB!z!oF
zJ36ZVYs&%=<cxxiWHHi{Hd@mL1lbkb-rUUp{8{|PGw<^iyTHK(ecpPV_f@WlKAm!Q
z2}3pNpGO7bGqKYNGz!OcK?wTdRAq+W3Jcs=YfvuuN87so`%mAkr~kyX;d=Rg>J@7m
zKCO4C@9tjxP+C~t+WM+!IGT}#0r7j+&8d@xg+(#@<!g>N2{Z@-qbiX+D^~rRzIR&p
zKj{-JO*ibeKO5LO-%)-pvz)Cp`u+WUP}$C5>3)Z(Mgk2Hu_PXQ#Sfu$-DHxKs<@^`
zg{8PcTME5o^^^~@sJlDBdZ^BXeY^Dd=twYMb-KwRZn&t@mWQN~#qRLg=u<WzbpK_%
zpIycVwTvLW^AA<}2<|j;@_Xv4*r{TFSGF}e$ob0yiJB5MHZXqAN}&lycu{ag<Gr-N
z0d@(OIEq*h9wjLx$YqPA;#3Cirut6D^#G>uClH~|!isJ1)UT%XFvRlFDi)n>{b#$q
z6Wt7qoIjB<cZ7<h{VuVuVkZnZUWX5^(BkZTGRe>*3;!*~Id=S6(SLkwZ}xBTf!_q<
z($K$qS=$uVX+-I*sGL~UHhztMYxUu^PHLy+$z#>KkKY<Qb3rKobf3jaOWUA6EcnOb
zVrlzqtQAE3{-0OB5fEAe=d-_&k>dk;0D=ZC^%Hys7S}xANAcT|KTTegAz_2OXYnEX
zr6Qhz>Xzq1oxcJt9*cA1YySp=IrujE^4(8+_ag%;(n8a7WJ(c@uJS={@;ECiE0rw1
z7&kVOTQIldU?f4RB@lXQHI=RTfCivKbwG;f)8j3Yn78-+NCJ)ELE=b(RP^u;^ZT!m
z;*S9ChGQute>4>H20$m_VN2`*=0gH9u@bK5cX|vmF(mT~3m?)Kl(gffN6ogrTS!%6
zYEnJ9{;e0mD_%33*~gRWgJE(Jqki~e4r&g@;y-M2PvqYXjJ4*FOC*yD1O+A;Ud(w|
z8helYyB{+XQKg3R;|fwDy>WBBQ`$^7Nq?`ezY6?Sa|DJj_`uY#*?prQS%`RUC<GWb
z@7hdna7~^%*U!4@Q!@JXZcPK??x$w0(pc{8^bd@hSAjzvP*ftnVg~!5ptK=`ukL;O
zN~EQxHnY+eV3L0o`lc(Rw2eLd*naM2O~QM=%Fuw1Xic4ofZ<%8BJWq&o5&JrBtGf$
zV+kK+!ez){Io1>3hxS7ayeBC(y+5gS9ZXJZdr#vzKh~qwR}NlkZcIy`>7Wq+&c512
zY%b&pKrV;CVSP;;H)vM)QfaB%+1Ux?NC2kaR7-%B0)7<8#z{&t&n&gn&Ej+T&w)bh
z2^{kfF!<>Z-+py!bQD*RU9!6;?Zaxs8A$Tycw8EpJYXe}mL38ut))siA5VDqME&z~
z9@apz3?S!tt<i6|k)-is_!ej*`KPEoN|eYjs?NS7iQf{-p*X2)v~sZ!<j)4XHqb&@
z_1<%xLRmh{>Jx^4xn@M>Gy2`4W@{s#vEDRCo~82r#zqB_aj-!Dj<sLL({sYZP#@a0
zmOW;qHgh?iEp{z7yU511I}Dnw{CG$+`2(K49Pc)sfM<C6kI03N0KnO#V%0mCn^3mZ
zJFd3H*j>YS_p`c_x{6<17ikm3iaiCfmEbTD61OccR(spPuHqy=ly$oqiI5s%6T0CH
zVpy+<Br*ms^kAT1_Dr8FhSJ$Wwj7tf7J<WqnkNSQYDztcv;q#6+6}J%B3q>z8BG4K
zga^CVTjF-M$)TSEOx5Sa7>N~po%TZuw-bY9JW{&Is75<^4k6GcvyMeWUTF?Uo*o|=
zfke&*LxzAImBb;_9$6!cLW8*I`(K_ERf0nP`IX1%oaU+BFa9#xn~iDFJ^^kYM+uQW
z8CeKtcq4K_P%GpuB4in62jL4PvTuq&$U!)%3)?1ax^;Ath`WKv@et)eJY;#WGb~ya
zwYN99gUE`A_h9nE*mwCbcB<>opK3w3{qPCk?@l@&3r%~zo%Ww^$crNtbm*1ZBsO|S
z2PMCAUPYz&bZ%>RVni9AkyGz~IwY60IFYVfZ#(ZwlW_OItG(v2IDOXj*xdctFKML0
zu{AwoF<(by&SE(8QnPFhd{7_wc2*S!il}=}X(tgYOZ~$xX%W?eghCait%<v7GLP2s
z0O|bpL4b-9&)UnPP)5#a7{k~88b#K#ps+j{l8+x8o<|-gD{Ao?1d``6#Xee+p?=yL
zALxJ<+HS$L)r+B2$o+mW^3Vz4A8SXwf}h&ntX#;jXk2_Wz>gTO`^pgceMnDF4~T=U
ztgHlXc_#X~I+g?{AYo(r0PhSRErZ&_vYe>_yhtYbbjm?%<kfK+2c`-VGx<4^u-fd9
zCGxmyyvgG^9pGTcWq-bG%?#oSlq^?d;Mj$#<}=uiX%y%pn+Pn~1jEi?TDlzGVMvs;
z3{<YjW8x%V6~wSd;sr-Y!?X56{yI5kRoWc4d7Mbck`jZFXG7O<w<oxjG448VpPu(H
zrn==dM95Ajfw8gGWoOp8n4XzFOK9uj&V$C~<?MAVIlmy$H4sHb_Fsnqj1QlCvpd!h
zrEba-OUFL_Ye55|Y*|>zQUOG@t5RmM7-=;zmEF}rPyQD!Xe-FxuFoDqs~D_~c=@ns
zXlGQk{SE}0G>@)oJTNM4@#`U$ud8z?`TM+C@{A4oTxTC6y8Q0U2e+CgF}k#%>yp0Y
z+dKbLb}H_)h6Ou?JgvWHps7IhvhrEs8?LWJII&oX003>d9Ccjn0V7w=_GQg;@$~uh
zEGQrYQZszV!9lqsYoP{Y4FT|rVX>vBmlu#Ia^nN+2j5_aF_t9A!q3fs1a(TtR`$W(
zUdh-*h}zu|O35AKaG*mP*GX*ijc)25psE7MoKjZvMEbkEE`1pTHx+Y%0#_}nCdC8<
zOG-}4fo%|W0zM@^18w?m9j-fWQ2s8>YAoJXp>_^(c#oRqkqZbloI%$_uCm_Y=cFR7
z=O&JfcG|($&F{;no>5aON24Baop#TsSuaoHkG+d%2`8RTy7#@z?OsmdgES$7gWZo$
zU-X;(?+%Th6Mqyvb>>WPcHiW@sqT6>1`62Oa(%$W;l-lg)v-0pA5U+LsLN7ip^EZy
zlkrrgxiS?&X|o;rP+in)<{HucmAap#hC9*O=-E|5?_1wLBY|H@B&d21iVB~JSm98Z
zPduQHMb>%M`vNi<mTuY_xKd%|uG;FNU)f*R?78vq@7N6mbXDGw3GJ0gHJgv>YVBK>
zV@t?HXsq;EJw`9zO%nT-R7yjc((1q5+mOv+_NRC6V~2H?o_<m6?!R^G8~tj5Uqgx$
zi*!VEFG|}^m8%H<{a@F!6UQ+F>^y+a=?;TY%l{`GoTn`{t<TTXs%sCt!Ix6Qm%1*w
z$8Qp%^PvnUg!H|C`)5fR|FdEykInt%Ui<OisT?DZO|P7@cT2=kW11;HO7aKA+yE^s
zSOb@kl2oiAMm&*e8t-$z9J(TtBO*u&2EvaRh&ZLhm1Dsq%X&k2Oc<x{AH5dfJHM8h
zXz1~uUqV@M4__@YG1o8*sh@-7_|1tY|H4^pG&wIfz`d<E{riGrWaqFMH348@5i*mT
z>+R=u+5zi(YH!{=x?ZAVU|eQpt^!+XiYO_b`PHSLdhg%w-FSBxd2wuM6IkYpCMF~_
zn#=r`C8$vleqHiR`iC8)OXYFWz&aj%WVL$Wj|U?LMWfZHEIv;++Azv;9of5o)3c9B
zH#6|TaCrpHWb%aV5&EWfnw%L#X(btq8(G|!3@!R2_mXa{k!v7jM_f^sRC_(s-8Rwf
z8y!z{CR0|98zXWjwEPOwd4~;I{y2|(-gS}QVBW~>8rk6(G26iG|EKX^aXknuz-Q7H
zxXtlRh^-?^Le}z7fw}@tWLjBSYR|i!*WjS9NNqYAK`nfNGVB8P-yfc6iMukWL_E_u
zx9Gb#93{Q3`C-B#U_KNLu#HTSKD~^z!9TLdkFbIFc3g}x0Zk3eAX`3wMitCK$wOO?
z29U$a4r!X7#gNrT0vV_v*wIv64WteBj!P_#F6&#SA{f-SFZsXzwbEieW}cj!sJy%1
zZQ$77E-ESU7|lBI_5J;k#bx$7X;nyXq1xB0KePl1X}ym6{&OpNT%2l~?cSq^$U12D
zs4Q<;6monNp~JV?<d9WZZsaue-Be1GI<wHHgH1~95tTaB)baze-pVmEb6C3p8?b0I
z?U+{bqC8ziam+LHB?lplBZHE)d>8JIs~g3@4$DgR<JlevF5W#{0}~e9Q>GMMH9wtd
zMG#0%6|!B?klhk%N*72GgSknLl_y%4GJF{kf}Lw-Th>W5zVr`&Hm8DE-bYnivg;Ax
zWv{r+$THky<(SgkCC~NL&fPQ0a72Dtl*bR%*4FMf8O;f=E&<y!*hJ9Zo^7&!6_Ely
z7PnH}3U7TBh#kkaiuAi5GmXB8TT354$fO(xY*&AxiMfI7#F+4dNw(2*=H_=R8k-^U
z_Dkr&&hhwih1p;S8VT?=NES>R4w4NzxA38(4@4G3gd+C^x-<~4VDqyO^6IYby7V7K
zXju&f+^$D1Yhawb$@Ds1(FGFr0LJsLDLLKynvE78ElIhHrEEpZ&90oPg^o_Q#r+(i
z#Ur1edzZ+F8JYY0(OB1Bc!=wU4zCT|y-kh8g~?w`ZYuwEurw>I>NX3pFGfq7x3(@T
z?p=KBGhK5bLNLqt;A`g<5D);QF1|H9EN4m4jB|;j=y=w=4sk}w1+}dOf~66)2tEtO
z*AWSz&JR8j!{hKoP=YTfI^r%_ML)Q3yjSh}U=+V*n~9=BhqE6DE6Pya@EPm;qvU4)
z&12(c3j->m9F5FejVy;SERQpRtCqttPMt7PESJQ@%uH-PW38EL*}VG1*pvp7dza?~
zoH8KiF~+jp-CfK^3;;d^LTVJ}NZTl*lrb2;aFxv8SZY&#vPbgjkkFd%>+4HW&a4H}
z66d&7as_@ZuQukrTfcdzhBQM+Lz@)p1ds_T)#Aaj$*O$`kOZd)$_U4=={%PL)QB>u
zGiEH?&g-UXVIf%bg;(+0nDFU5xc^1Wab)5|PW#`5#l`7#&Z6(%IXb_SW81I#UkuXT
zwD;fNTLK(`TUBG{MUIydc8E_PR~~!+8HR1<ILD1@c^b{4fu4=7HxD$E%lnh?ug*K>
zgESm=tdRDrE7w$ZW1oHEgR{-WuS}6&8It8evY?ybvTuz_;HQ%HbQy%;OR@hW>aC;N
z_}*ymV8xvx#S0X-Z*dDniWM(bthl>tDDD(mpv8hqaVhQ;ch}(V?j-O0?z(rq^H)|9
z!pW@3IcJ_{@6Q%kY(wgPQB%XJM+0TE<d=u^b?@T_gJX1G9oTFL_x_tg0-2*pwP_d^
zY4KB_{O%M!vEF8Q$9%<xNr6KTQqw!N*IxDS7THUeQSYRbRFyomHAOL8DowC%nWOl-
zw`3KF%M>Pbi$rSmMsCQbyCgEQT6ctRbTl2%H~wca^i$PDRNas+GMbk(rdK9NQj7tM
zNaONr36~U5X>x8dkk0&V+-~?!SXIDJbZj0~c^VKOTaBgx@XtTGd?Gee|00~+UmWzt
z&sLAm>@SC!J}DNjOfV+Mz=#@|zGJ9KF(MNoA%B`#;5C;FqHiEn?!z5Z?lTpL(c`eK
zt?Ke+kTrUFnm0FavHZrtel+KFczOzyv$X>Q1DoX@OoDlD`;MIA%0!rG@c(*UpDz6^
zaJ;Mk_RVNoaeIf<yG=q*+w?;IEulw?SRkY@BxN~$a&@xWtUtcB?75~!W7@U3*|$&?
z+U^Jow-`<xN%LW2N^%ed;T0skRcg6A{;ymY;15q=$h?6jA7Z%neN+kg>r|`+tsX;=
zqSk;w-Qr7r<MfHTJE-Rt&c=my2Uot@^xLV(phMo1wmoZ(<Ik#nxojyqn?_GxTKze2
zD3L(c|Dw!71Tli-Stzwj90Kt{#}8|$kQDyFLc5dnsjZIe>TmZx^A~Au^fd1xC8uc)
z#)m!sCuEax$S5u)Ui^g~dV%*<baEdZ^l6%8xnGxK*R!R7o*=^uBoh&8R<NadsFVT1
zb5@=PR>8fo%oayj^WCbxfXU{+qdk0452<_ZvryxO1wo#56O#rKwG#b8t|(ig#P5yf
zZwaN4Sdb*^2!pcYR!pshK3N%9aadLt4@&zMni_bfxxyBEN)>}o3<LDR&uZ#Fo80y+
zfn)>=O*~qz)T6%iie?~C5Mb0@k7cI&`HFH*0~dz`6rYeKxqCwb7Rk<5K*Y&S%f#+#
z<&{2P^s6~aerdVI@2Q1v)UyS)_Au6v<-HlzPYZGO_R%u=P@P+Rp<5S-pwTnMCR^RQ
z@Ro7fx#mZ-`u9^AX*i6u542tDl{EBJq+vuVzC>I~%57e=S5;*Y{DB6B-6ey4p!Z?I
zu586zO*W}h+LfwcY&jJaz1cm(9lrzo)uKR$`0@{_Iu0w}KL6JaCzfQ4w-_;`J6k>t
zL@;H~WFeIOcF|nzLTa4YhgskH8u&aU48czxbsRf4%)07>YU?U?_o`3$l;7h>{~U_q
za&NAHG&=w(QU+XPpvXLsB%?{;7pBN}p1B={78XqO|LRWw6lhxEyT{3*r)6pnmgpn^
zR{~T++WhV+jQ;+qt8>5JPwZ&7U6@ymYOQ+L?yYZa93#b;-2D15rC71}T?lF@(RUU)
zI<p{D>iAby;iJR?3Cq^$uPJWPtgNwBxX3k0BPr(|<7ff)cLI&LFJKFhfO1opifVj<
zN(8`t`0wCnP{XtYUZ9rb*JdQEz7-|!<<zpJYu2xA?03S?u2bRfHaIm%Y}Xf0apKZ)
zd4)|Jb)VHHy0k<Ix%@%v3+S5ruR>^_vvYDxV9g!?erm=;oSAv=veL+XPS0v*Z!hM>
z^3fK8mqO{9`rh+0EK0Jld4t+vSrPPASoUI?%goFc!zu_*C4<__uWq)|#^dOl8|g?C
z)Q=kK`i1~29!-nb%=n4hqjz{|jK7oo?o}CU5q)we<+dK$`h}>KK@Q5$Q~jcE#(i*K
zLBoRGnwpoBb7f#$DVN>M=Mh%qvG0mv3<>D9_|3nH<c^)~MfFmo0dw7(*RyCB-mR6D
zXKLwE8yO_szj%tVIETn(pmZP1f>!~vgo(VfN~5HO9x3T|D#9)BIBb@c*)oUwe_tvS
z6au6nDAyJhSpno|;A2{Ib4|T}uN@s8&d;AJbFA5vIhZ=25Y%I+p|Q~ad}lZIJA^9K
zz+KWa`n`{Glm8I;U95WhGlwc)#o6+F9Rwj!IWG##r$DU+*xei*ScTZ6VUuz!)VZh{
z8Rh)34wcVv>xm8P7AG_EzSZgQ{k`!1bfMa8GFO(GIy007W2RuzWvkBs@^S+x`Am&j
zgE!uye>vur?MMO?2CM>(E8d;&l|Q}E7LD|MHsnFldo>*7O@a|5h><>3VD|sC0MS^|
zW;Qj*@wgW}&ha#07oYG#<y=PMF?s<|?6+ZT8skgd_eg2XO<2E0tQ{p$6~7IAj|@r#
zX-PYM$4HitnusK33;Bb4Bd6ZbFn7?deek@E;P*J3xn6f26Lef@gdpHDZ;>L?hMCH$
zd+6mia!Ir^`?m=3O?V7{Xt0Up{`nIPm!QSPDoC;T9gY+Vm~;UFVu@x^U{tL}-%sKz
z)FpCtMMEwfb#-;1;skKq>K&Hf+#U~db8)e9NqG65qP@3fv8=!T^3*a?XjCLRB84fs
z0iwGY5bKe?`Y*qRO2_A$c2c>;{pY^w^4h16zbzt5ORYv{fc6iV55)m>zQZ)}LG6d>
zIv^3_uJwv5iAgqzWSWo2_h0>}%hpE&pPkpyxfp$EK$WCSuU0At@M>w06ciV;fWgKT
zp$lS#?|!L)iTHlEcSC7=leBtoL|BRAWTw1b?Z2B76u!PpP^Sh734o9wq#%OrLGu*)
zQ#B9>@(%Q{P|Zb4r&=MEW~Ek{g3=)A7BY+-IcSCiN^JBG(UL0B)I437w&oKzha#sA
z_maD{!0K5(2)T>je^9p6`*#w`w#yvbVSeUn$P5+I*4C0up)l(vd$jQVk7BD|->;?T
z{TEEaKdW4+rP<lp06OZv1?ad84g#bU)&ZROHz_$R|DkoGw+)3x;$i~|IxM*sk*E5*
zYXH+L6tAhK#sjntfa|hhIWzth_3K!`KvmHa=zGNJwY`HI!~8a!MikNQ1Jvfq=Z{`%
zr!|g+eg|UIa(3zRpZ~qg%>5U@gwQHQ>Fmwllh}=K60<%GSvEyAht><Y-X3W8F~_f?
zcR-5AMb^cWKJm}n7r9X>=SLiC&h-GBHNYo7Hm0&%b5FLflOM|R=Zl(}ny&8s4p(|j
zPCwX}L<|X7<I;>O8-QIGY0S;d4N#FiS!tSfp;9c#WyuBoc2nn2_%zLjBh3;#Tmu+1
z!9JJUz~F!&qr;!mVqSG$mv5T@uOE;Z5kce6(Ls0j)DVc+jNv9#Fo@30Cu-Ap>i;bJ
z!55>Q=kw5RT<Z>#ks7zn^Dnz0>7ZJWklS&++fHCq{+1`So(O1$M-ejv?HIsLtE#Fb
z-0Ucj(ElE=U;^EwuRQlVV+H`=PSe;9*swBxTsfUsRvaU*by((8P7GrI3h0Co12ttf
zX;uV|4f@l3)t7}1k$HIiF8@|Hf!m`j5s$;`gK1f6)gk)dmVdd4ps~vVb=)7UrOH#;
zLr$dQG3n3+HwtQ!r8880^hF#~k<B=ONqNg9QQ)$2jEYcG7vmFPO5--1+FxV;t;UfT
zo!baI{mS#}m=>%{_WMm%PN{=$*US8eBu3@w&suE<h3V_Wm$EigqG}kQ32UR%4wPJ4
z#~UT-*6*HvEQdkFm#LkZM?H<>4Y^;@m1p1Y#CK0@#?{?qe0*a((kfagzwd1-`U$(X
zFtP6fU-6&_!<MRJ?vw8~kuLd1>l(wy{=|=O5aAf8$hm`in7670a<~6F6N#po7ZW#`
zzXPhB{0pbZ&CN~XPp{=uc7O-h1MuaVEu`<@y@M&hC(fsWQ~XE7b$g(`zFwZuwY7y$
zR^+3LOLeiY3jQf($oSUy&*@JoAK%zuSf^>Lt0%VO*-#CWE?Zg32zxy5-I*6+{ujqL
zCC?DYJ^xFTg_uxkyC<iZFRmc5FRDR~hMXL5F#)kq^$yT;L}e}@y<ui&X9pO@hSNU5
z6mAjH(dbdj0RpB<(<X0hsN{H*-PYOzN{lQJcvS$Fu1t+(`@)-zjcuweRh0+(Ozn1M
zBI4Sa=)Vi-25M98$2wrepi9%%P~Ac;Y6cEfwag~713P`+go-a%N;1I0w6Df|0;|5J
zRq~>ml)F9EZ8le)-g{61*zFY+V|)l)cavCaRX<hLamg8>{F=1)RVPsq#<u^(AGg{W
z`<lwOT*$)Np>ZL2-uU7fKLYC$5Xcj4*EF)~r+Skw52}BUlKn^^z*$i@(oS*h>mmHK
zwLo3QC-Gir58xU|y}kumF2T221UzZ@@pweF4fNh0)x95=0CJC1OPWj+U?12Xd>g>N
zcL@!&6w3~fYpaG<+6Vu&QJ0MH@bI7J>rs(#!Lx_>&2ct1b~d)5;melf7+UatTFOGh
zaq}7c&$LMH5B;NdU)W{Jzto!!Y6)8E^Q;7m5~}tvZ~Fze$$8p)UeNP>qF1}<Q7N?4
zBT4h_NGZ_&fq@<F-b>Qf66jRADJ8>`Wk}$EQ5MH-1m<!e@c$NaQ`vm1((_}Lx3Ubg
zLum2lOcdv>n%6`Wo>uk{RL<w0f$P(XmzBiLa^+`akVw1J3gYwV_6AKPhn^6^s>8o@
zw=$Jl?V#KTJ4aDGH{s_j=<|a_hlC=Kb#rz$J~SjkzqeF7zis?7(kQnI^U+hL*q^MZ
zZ_`iz8M14gor`QfD7Tv<O@)3)pYV{%ou11uwBaop5hyK%A-+xtab@-v%6KT?X@%7v
zKlYxtof+bduhf=tKI9v9+$Z@owAI~j_@ouuEIFu_{Us!17+-N7>`_YP$|$l)6Szr3
zKfFO1OO8aA!PWbbAKRTcU8Ex)xt!H_bJ$yT@2AOs60S@rb8Ost4upa7DYxwEaQ|JT
z4On^4EuL+&gp&S9SnYVxU9y=+OG=yBmxEq<`nzPwVfpQ*VmqJHp@YYxiScbo1E<mB
z2-E+@fWrP}Sz9a{U>S}2d4~zLv|oSQR@bc5Yb>XotZ1<rxdFvgrWYu;?M7kb!s>5z
zQX{L=?mE*wq#<Bw^lMaUW8<|PBMpMGQ+$N4AD|*VNe25>%o3<Z=se$?F8!YaD&AZt
z%9@!_eq;=<@V;&7FkT~+`}e2=xm#oZ+UrzNR^Haa6>od-PqRq7kySR0*YnuE_$-Dw
z;l%iI;sluE|E|3()>c*qb<(RwMylN1%0W{6AFV3qnCEHu2nn}t@B<odPg8q4Z@6FY
zm9+)f1ds#IDxJa?-AZ-9?iRq9#={cMHK^t%j*QzLDek*+bt=-daukwwhgqnFUs`>B
z@cpZQJs74w&E;e2;AP8;7<lWyUcY@bFGl#G%x^Q?E^FbPQK{c<eTkqLu|hc_(z}Y7
zX6#uuR?Mx3AHVfsSGCY~X$Bq7DvcU%%Ri|cPbf4{M2GraK>%yTSRCZZ>DSe{>RI!R
z*aCdOZjip3h`N#svL21b?SB%t!_Cq9{0$+vcgNmLIC<!M)8{s3qkG=H978kayIWrk
z*1P0on_}ZetTyU6m1TPNpe#54_@pbcceF-{?)>mFtP{{OV$tDcwGk}ZoMognUlmCB
zycr#xZd8K~K22jM6@TugEFx=p6cp!i>7o|oTvKm2thNvwdzg-DG@u#ns>xk8u@e(^
zJ{fLs!qtliSZn}St!IRhwO-tst);syQ!ucPd7m9LthFO9cLY~2?*e6H*u(SIbd7Zy
z;9+G}r{4Y+42ogKkb6JSmSeNkLyzE?%YlcW*2n{zL2Y}E$?UY7V~g`<<-fD-Efn8P
zT$#5n^5{P`P!m=H?etHaXj<>$*Y!I(u2t=*+y%tkZ%^=V5toyxq~bo@Vy^vR*r_6s
ziOqZ5Z3hhur{2z!xg9X|%N1oZL@QT3n&#L`f?|+Q1NeELDeQ29*o(u*6K#ZjJUcRy
zlBVsT1M0r^w5<ebvGg4-+?H~gAkLixY}-e)KBe2M%uon?5`DZBhjBhFJJobN&&uE?
z|LzvyWx}6ZyOHB|=Iwf)7efm3!d`Kil`hA7n+rqCojJAf`ww!{wwe|0VQ}}l#L4@y
zcV@)cV&hANqU;9CmcDsYzXEwEMVv7sBK>2JkD0u(d^Q~LS01h}o2if1?sv^8cxm)n
z%0&-$>T>lPDo>Ql?;}JuHb#tP>YB5fPP(z5+HbCx@u4SA{`Ri-PCxLo?|Lq@Xo%aD
zt?r1yi-CK~dyjP^=@8-55lX0Cv!}hyrCqFF+rem46R7Aj?CSo#Y8lMysBH2hga6q>
z^IDb;76|*yZzn%})$tMfo?T){{>Jcn*~_@H-43pd5Pq3NJnw+(*F-A2bwmRFNk>XD
zc>|_&c?1xTH21rj*xYHKvDBK+Peh@@SHH_U+KaIWL0L=igcx=M&{%25iz>O-UcTul
zuG#o2@8^&g!B0c-qP$>_s(-2k1X?Z#d9J4?GM&cQV6<~d1o#jN)j@6X%0yodwHom{
z#T5hzeIyx!qNpC9{&Q36SFL=tAmZ6~t-uxO2;a)%aa=^ec;@h(C-G@S&nldrH{#Al
zo3SJWvYEfuR68t3JQkICHXfgnIf*oZK#mVxmz8U^g<H+B{Rk{F_~mXB0@}uoANl7I
zzUNTeg_9n+*}dB?X<MM3_C0wicujzv^{=c$zrgem$?!kY9)S_GJB_k`D^t$W#2sP7
zUpJAlhUjp3I&ntQf8XuG)@Z#N#VkLJ9_j?_J*(gE!k)%nR@~0?PMhv-BSDeBZXYy7
zq08#e&sELTP{|cL&5!-;ppPAO{(fV`9a(~R`_r6U7_Z)4A5Al8hZ_WpQQmQLDi|gE
zv>?-O3pJS7C|o{YQ<^aVe{#9hez8U`x#_gZcHB)fhV-lHwtzB^1eBQAsFDATp~D;y
zG4*g(I`|+~=|aEfdH2{h?);_C!I{EseUG>LSaAISgk|z|aaM9dPF88!3yTD@@8za@
z%^ucWf5RZrO-GB&NcI9smF+z_6a41}KRWa}wnK<})?lJrU_p@NJoz&p2?8I~QEYAa
z%167nE%-uIGREGr(QmSAJd0|5Q8dfHfx5wdE1&`T#k9%cK31o63XV+iXKby83MApP
zT&H08_<$Ki41N~8S)`OAKn_yNB&zLXk*5DV_%`$yM3~rBall_C9@O3!ZCZE9hT;_P
zU)#oN#GXXpu)Y~Bjhe5wOk)oo$P--(<GTnEU7;IY#fJiHbUKL_!%6CkyOCtyAYwPC
zV*#@H`>H9(>Ar<1Ha1NaC&ZW<kPU!B>#=1pzM+g%C}ukz^;b$<-wIAt(q;s;oSLMs
zp>9jcV@7HXrLg}B6+I2E96^?{FU5NyBLc$OG(Lks!l3SMLw37Z5t4QLHt{BEN%O{6
z;LoVxAU^sT_Z-mXM|bVUPZaq`Lf87ec>&EB7~iGqJ;r@lkD}01yMEYtsYGkE6u!ch
zY$4DId&`FeLOy#PPhAXZEU-eCJ@R;m+c}0SYBKlOVi?Y-5sqvRUvEO8B@hn>bxwjp
z9z7f>qahaDa=2};zgqkd)Cx2?t6}wOYoyJl1>rzI^r+@5E{Bpq#qEUU@BIIhKq9bC
zN7sq*+Sa2FW~b;Fa17Q*@BjO)!=UHyhVh{BRl)YTTc}!0{gwaC(3SQQX&U%LKF9L=
z)o>Rlt`>&54QCvKTZQ!>C6(nXFEiN)d3ofC8byEHHpW@0a`r52#S|BDejOy7qc`h2
ze|$waHZlv={1>)1g5Cc1^yp$D;h~4L4T2_0CfO7|fWCSyfWAv7F)||kN;FI&0TE0{
z;DG`(+D;UbUTy49BK#g$9lS_Q85M$;4%t8sS0~LnNG+j^Ab(D7I!vS_Muk614d*!x
zxcY&m?SD&cd&p1v@4X`8{8d~5TaT+ksQ2c+HbzsX=h*~=9-!aXF4`&Pg@S~_UE>H#
zF~5G5OR0Qi?etecgARldObtR+fLYM}q$=5FmRAI=lY__?I1Q2*#jpj2TLaGI@VP=t
z)-1%A;$u-1s*r=E{~`Kni?>UqHiSCA)qJ5ZL}8d7)DBwKbX-doI2}D7y&?)mLWRHW
zY_p*>qMpnt;7xjsB!rq1hg7Ul0#ELFPsfP7F4Nb?APsG;@OT`k9`tHka9FI=r#<v>
z9PPn`Huc4pjvp(Nf_fI;*qB>2y?5`PV^JUqI(aTBCva_HR3MVaK$1!_7vI#&LDk_2
zWWuDc5~gx}hEWMsz8NmXyDC74@xS5pIzB%>-ra8EL`foJq<EQS#ee;jwTPu;)q1%e
zf*(%{26AMfzpCA-%sGYayA7O14VvZ|F)aL23*oO+@nd8$Saa8J>bO-u1J?s2wa76{
zFrv=x^*EPahp&~wUp;~m#ET6&==y{t68C%Skn0b+?9K(ut@XTv-^_nTTMw@H-Wx}l
z-1Vak&D#-5jZFOH8&C>>yr{n)PiIr1<t(|aTrjM!#flkH#N#@0x${FEC=E5d^{V}s
z#%_mHhoLtNZ-H-#Vf^K%5B*GU2&#u0sJ+8rsXEFw`7U@hocZoUvCyM~FX<<LUzu!u
z2gFA#JiOb#6<r=dvP$ioCAEu(fy>VuNZz@|-<z*s4Lxb&?d&DBOCuJP62_<~Ng|~O
zzbG}=_n(?N42fiqE;#M*B@H?%K45(7!I4w`Sj+M@)ZU`0R-h+nxkVs3IYT1g5dcXN
z(&z8<@ZhBc)NEWA944W#zYFvx5uuY@W&i9&?JU|^7JE}vI=XvUvu2Q2g82%^_qp7u
zsE^uvW3{PcmOei|;QYga82gr_LguJt+h^CMucZ1i8+Vcy<L?TGi?xVN><+6AO7XR?
z#GEQ50-Rs2z1jsC^3f#ad32x)RgUaIi*L#9JKI^urB;tLb!a(w(@PUhVfuXx=*Zqq
zSCi2-oL6Ul_t+p#jPlg>RxNL)t%e(uWSx4qK4qBq9~!~1of063d)epFQ>RAlPNxr5
zWv3#%{UC~$^IPPvMB<39eJ9VX(|Iza&S<8)GI=!6uY1{3vjAkm8anJC0f_Z62Pla5
zAdDN&sh7w0{&evPY73vwsDw}~e*3_39^YV;1s`Bgr^O%UT)SMC>mYx(#>01O1`0Ca
zKGPRxC8x)h0(}X#I=|t5X`S)}AU?Dxpw3@mU<ftwE%<ct@1&meS&PFMkGH2c82CR2
z<DZ~L;RMZJ77~x0wB)Hsw|^xjD2D>#crvsA<}n|i5z*R@0X}vIGe_ZEzZdQf)L#nm
z^>y2KqFz6xd}_Uc7wdsQ_@j&Wj;^1s2qtnNPN*V6LJQV>zRRIOomkar-3o)hK_J17
zD)<HxMwbJ3<$vu@_xaoWAP`C)B-vAyPU@SW82o}AmmB=vQ351+%pOCEgCT`c5-uhj
zI63m$tCHe;=QeCI7zC1gZzYj}2?AAfKUX~ma-zluS{Ze1y@%2?y!yILjE|>lgoBa8
zQ~6qIWVm!!j~4oH-Sr7Xe%`HvZPra-4MJtc^1C0_N-0SI|DbB+x@$@=1dt@F>B6iO
z4co~(%V(IVc;8@Na)7$D>;xW{S@vm+MUO(*th+X^-Fxn4Kj(Us&EnXM8{cocB!?Z8
z_4~nf&8OCPb@tR<gwWe^WTiW7E&@vJ0jmYh$VurN8o}d>_VerWEaT39*W8xfwY^Ae
zp#*ejLAdnW<=vN@Til|7`nHWV7BvER8j1by!~;Z|u<}@<|CE%_ckJx!#8C;?I9Pc8
zU1W!N%p5nAaS5J@=r&apsg1jR`|?^vrrLaU1+D#0#*${SQ|S8F@`g`X`T=HnEW!UZ
zW~L;A>(7ykW}8ia2*k(+r9d9#hpJ`;vDhwMz<)7Q3fdE~aXfnt?>bLa>K}dSd31-7
zbq_fYzv@(eIXucKaB}WFM3hw2ES~^Pkc-yo{sZ^_a8Nu;7x6?g3$+MKXE9?xP9N5B
z7Qt-qybtU2PgL#%VS_e;f{V!_nNu&-saQxE+NGH$KNXqWetYVbtAGkV_84?+S^&)t
z_)SDaRLY}m%K#E3`O1Io_9?z<=%u;@oTQWK>&qOZ-?r-5lI?>Yf4vXTxtEJw8!i<Y
z&n}qX<3yBIRP;qh7ur-VRp8Q|A|~6eN>1XfWSGVl^(>p)wa#?^lgfMJnU(I*29};u
z4Mc8%8GZROboGq*x;zUY1>EZp86yy^hbi+^E!Qlp1liT#Vh2AD9go8y<1!4CT-y7G
zy=oc?mLc@O2Z|+|XJLlGOJa~S)qJ^r1Aw~$T>4pi2)R>9wbEGtzy)x^NMs+1f;(yz
z?Lw9?44d1wQf3dDFZwybXkueTE#1YtYi}`V7IOT&RJDKMO~Se$Iw8<!#=Q0a9f)4*
z2nfwR`i(qgduF=h4|d^8)dyZP&ZT%pcV8O78-ICqGr_G9c=-eRyj^5>akZk-d%g1C
z-c5jpVpi$YP(#ml$wq6%?8_+G`SUh2_+d~LftR`0L?U<nJ6&n-;Og(a=jgH+q4KoO
z=CWaV#GX#z|NX2|kAu$s3zl{bE^&TZ&*R93ej@7d`IDvdlcn49=fqF{`>4RnY1-0T
zu~~geqf9Hy=x2JROCBH}px3m?`y#hz<GWpBsfI`3+8FRgV0`W;ig>M@KrqRuWW_1~
zCIpBEwtuPmH=w$$gEJe>GxPIqRAf|CWwW-)icA;qY@eL*d1_xBDOU#$W2x55;4Fdx
z;cKkvvx%CHyq}a2I=UfLsN-6ymFxExcUx!uYY82+i2Bm*Q9{%%AS7(mGHY)cz{^cp
z?~Oy{FlOiHv4aW7$;nAcUx6;&NViKe%pJySJ)e!!3J3R?6imrq>B!b`Rs7Rbs}f+k
z8Gc<Z_I$W#uaLyGyy%#DC?Z?v5&dWWSj#wAzFlcOMJ@ssI#~NkFmSulWMTzR>E{0q
z00M^V#Ditkae9QP;tvmP<317-5lN~4WCv1hszW0p(9zH~M4{V5KaT(9vtZS7^(XQr
z`C|%dj8*HG4)g)rZ;T^H>Y%kdv5VO3cM3%Co?4V`3GP7URY6w+9wo=N&G5W*R+(wO
z3Qc&LKI>(0tJ%r~11|kI+K2Q1e+2Wv9n%N-HX?L%K%0-Ag(WhVg%q*tEQE}V9H}HH
z(pjss?HNjmmEYy6CT|v*)StW#!*dN&h0}o($uRaW-8G7)S<xd0ezY<WO8xsxztTL2
zS}n6}$lmbFnaQya4c^QW?HDw$qq<5kLJ5~9k)4tz7Z=PM1kOM3^#h+@?u{AXDn*)k
zlb>~T8VsnEJ(o5vLuH#%QoLSOqeULEA&6`+O<=f+!V|eHo2u)oTl42@Stfco?6T^Y
zqeP8Y=W+^6|7g8_&@`aQj{q_@N94nI;=fc45|(kl=RZY#Ppo)5P{k1g4poIEV;8s5
zJdZ&`5yyf>9apFRU^v3~{%Pm`Tnu0o1ORC$D=X{k`xtH`jFYkVuvlx=ViS;7SORoy
z=|aZ<iA}k_ppPbO<>c|tP;S7}IJM{(pHnL2eR4`lH<(9&V;g^QKxiwjW0%Eqe*5iI
z34<SZ24^uBJ5tbjabpDx{f5ff&RJJ(Je$X*jW_kLN1rhkK1t?us+IwW(c^>!#w-Bu
zyEoY|p<XdXRw*JLj%)SXZXJYqB9r#X2WH2nFNR^JgD>A0p!fOxvUJQ;44#*H+&LTW
zkJYDZKe2Fb%Jk5CUW1Ar4QxQs@!AjK8g|u4EGon<P70}si&{7NS<b>cC`nxHj-X)>
z&EA9eyFo{f?iL8p^GQ*lgmZH<Z==%lC`#_{;f*sJem^6{OT_=)_j|Li^WG@)U@f9!
z+F#L_Xn`|FlkTP=8PV|`j=;Vehem?~v(nR*rt1_7y0w7c&YDX<b-ulikB@;th8-;4
zzLo(>@5o(ITBZiMPsiOs>u|@!ZWI2Gh`v$xi*NC|{6qDYpoAFLABfo8lw*$VF}Jah
z-|;|Jr5$8A;gFnYt$_jb(@-pLe6W&5_`k3Jdep^V4Fu>nB_t4tXlXPuoVBbCB{U>p
z9ZA$NNF{A-hQ&R_L)kc~0)}72&7KH_d$86x-*O11ZcjQl4Kl15oHY@!tp!9D=+WqZ
zm+RX>!rGK+p%DGWj`MScltCbd`+2!N9Jyl)8-aFZdA8hOby0Lx)OsGys4%^jF<Siz
z2*lxSU+Of5tNzy~Pw2D0soK-wf~b-8`-244sl>uMTVjCEZG<edR=h#Ppi6i|%r-BN
zNk;j%Am#_9S6<p5Jrl|n96C;$Sq#(fiHXUFRo%|=YM%r+UY?(>Kp+B9_m!W_X9<%{
z-%ErqdLpoOpup1qZv}pwQ4~(Xp?@DjZ@oD@euL3@f7Q~iIIg+E>()IQZP(MWxsHAY
zNpIXvmkSAmJ}-0m^Eer8iYoQr&Ax10LLASU!=MmjOwf{qYQBWvABYhA??HDL{uF5@
zAHzP+bzFlH`9fBk7`!-e`LcKI#eF1}pdco|`qJ$VHnFG-x5KX4gJ=r!pOom%uF1g>
z7gq`R4^ERS^FoMq@GE?p=QRX8l>^cYJ63##kuvL$$TmR~*9CMa@he{n;rEj>qG$X5
zeo3wi%0Zo3cUQfJO~anMaIDXg*4FY7@#F?8Z1G!F#>U2e2m7lY`y)A4(599bWiygy
zLeS5Nss=X5k)TpN6&fpDai&0{cn^>36PlZzzSBxdYQUVkYj-VzV$tohw<I#?vtGh6
z$I|UhbUBME)?8TltFYl^4txfJ`$$1fuLnXYZ{E2B_f6wW6=rxcxw7kCny#+*>-pMR
z*yhZoE>aY}C>7p{B-M+vQg9Mk;+E>dt*w6ILa@#=I0Kr};5AMbvl|wU3Q6QWdmyuF
zXK%fkD^(3gMK`f@zG~aVuj#=U=zRA9LKN}v<0AEq%Au;}OTWQ<uStnSE26092{L4q
z#`9D<-)vKX2hoxwpeB;R48HnuAqah{tX3Lg9;P{y)(kG`<GAmG&IDc9z>D8Q2JN8R
z+Uh7YzL0KZWm&&n&cQ5~`&6C(re1|kn%?A)t?EaJ#QWOKoriCM{o5N-$eKPhF#C%H
z%*vHMTB)=tko2CEo}K(ZEkJm%hmxBr_+djowujz;5*{5y$0ih+%(!tk2xbwPat|VM
zzI*w0>BPMzyfvKB#p*OlL0WaPC8#s@B;<Rr;;0BZifXEad|3*3w!$X%91YwGNtO7d
zf2mmZ=z4!;k?uOaCK|9>HCA;pEm#W<<m3tP(O{f^i%40UnywwrPM@V0+V4nsM%3=n
z(q7^NbNb>g{%;77NGjm4Gy}}924HQgMoZ)p_Gb2udxKNfA3Udv0Y1CI!RUUTXXG%n
z<e%qCI_JaM*=|gUyoR*Li*4{!W2H;HAssrGlSZZJn<ur4oNBYj(3``sk=ON8$@NpO
zlX?l}YVQ_!1Av#@m@l_)3A-@p-LJQE-v4C|hrM2_wG#}{O>-I=6SOcU;<}AH3^;;a
z6xm@xIK_e}`Vy^uRzP>vV(3vbu|HHUuu%y)Y|U9;%MI>e_nO-fFQbMk1ansxokuw1
zUS80ps$UA5jtw|vdiAWaQ_6(%I2v6T-*@>v-Ja-WJSdo_vV2WWG|VNn3cS4P3UDL!
zpKVh5DK>Wc8e+id$ejp|1qH_IUs!Fa*4n2g{wP$*e4M&oTomnqT&)^WdHrYBGg;be
z{L?xf$^GOWo8LDJ+uR=TUnXmL;H}*g6F4iOedsj6d<}-Qul>78t22Rz8W}blK<<84
zu2GJ=gzv1;CNf4<mYOb3EYfy(2N;|sZdsn_-bUgHzph67&LX!QMjZCX1hb@YJlQ)9
zh@Y*%C^F{b!8}wb0|zp>`|d_<&!U;0@hBg^E#9N-bUd!G#w)1=Y(Gv+WT_UanCKNT
z(gWKdnibRa@W96nhQtrB!jbgBnvN3*y(4##E<LyNB8Ir~^9I_*>NOU5m7?jA{VT1p
zM;B?|P>*B&o$>~u_^0xJEI$y1oX`O4b)k4Op@TCf1Y+f(KlPcI=~`|SEG#T+*y7n6
zp9gd7AK$rexS!6)HLp&*pTD1NCVp(U)e5DHeq39~ru$Nk3<78yxVVJ53vva2#659d
ztjfgTO0i+SA??O{Aj2RH4)IacSCd$;K|*LPwbdWUvXAG5*9{(A6q?6JKX-9*mvBVy
zQxIiqW(ts^6$g`0p@Z<cRtNO?L_8vl==c7p5Q0-XPe=)vm1-Odqg!jEV2o!du|X@Q
z9x<&yB$4VTS4h2KxdhvotYPz(m|(`L)2I%8wkjobzGZ8=mOl#dh={ZCQLy{h*~^hg
zl|<uf%4Z|#m-G)n^;M|VawqA6Rn?8->X7n9JojQQc$B?k$rlF%di;cNf4;c(A#?QK
zEf8&)=Hpa|dusQ;bCwyR#J?_OTX}TpyZZ~8IPKH1`gBMmFZxhxtYSR3F<Bi?t>l%8
z5(*P?cqDEMIk4+9MvgAD-(6bz0%%M<J2jnRAAE-5TQjZtd;8h4;UjRS-$#mNz@0XH
zuc=>-+1b0~ex&_1`&?ET5-6w<ovdAgh$XGCiwgrs=w>Yd-mB7&jcs&7CZis=r^A&2
z)xiTHd5McMJT%`XF=npaJm^@N(wypFEiQ>EPbtxYXIdx_eNYMS%Gg4ao(NS(wFIcR
zl?<~`y~k|P8g-xX8^qzy4Oj?yI4kUCCn;&cr7aFxDVnX|@3PSopg>jfd_T^o3{Lh<
zE&nrz2~t+JPuL!O5#SR4>35qLI))=X9Vdr>n1?P4IQJ=7LK)MXS}zV}9Kjtefuna5
zH``9`9oPMjbAtSYzY(xYZhG8u4-#tl<8(m_Qub9`Li_o4c^9aUc)4Bo($I$(B)L+B
zIiA0gFDqXrn%Q<A17p$#MYf#99psrJNlH(rTt&=r=vDWFCLGU|DwX#syNz0&?cBTg
z0@jNdyzpYCG9GVOlp|~?1`q7TT=qGrg}El|ZQb9N)_5s0wsD<}m|=$WDm}hF>R8p_
z<>#~r3N~R>5NZw#+&#T~YQb%7D-F)oo3t-W1)>~jKEte+HmoVSEt+CF*bAA*18(-b
z<}gObzKiXI3YmNFHwo9kANt+kE_SR6oQV;F0VhlyU!M8j;11Uaq~p@_0rHjBR<ZQa
zj~Vj0GB#<JQSTVT!^KFH)PHUn=y@fxWl#Rex1~tO{cH;YQI7NJ6})S2QS@1tqQG1-
z-H&>7*X91`iL3tSTiClLh5uDiehz3BtCxfiRL~c388WuF`j=|}Fg-g9^A69SZ>WC8
zrF>^$0ZBTG01vfu;thLB14|ggU)_d9AxRO?CpxZ>5~<P|yDO<)dT6Ajn{QQ#63Qjr
z$Q-)I*smj!WbKKJ=rD&E3pb)V{MFOSs+xUXT(RSGi^H&20Ws;`UAjPcSU9LCGS-ZQ
z&B2_i$NA5IN~U07%PH85_N(=7fsWO8b-C%f+Rb?jQ7pN(%L{4ojq8I$XAIT-;p3IM
z1~JwOh7<QW8hvA3sK3r#VG`{coX_f9vzB?SOb-lP3VRXbP<}Q7bv!@V*v@d?sqbzk
zX8i1#RXHr+s;p(Jf&xOw5-z1t>n}?Ar^&>t|I~n6NOn*=@yW8!>m&mF_k6Nzju_nf
za*(=LUSea`f=%YtadFW=ka*u0jF6Esyg;L5h*pWpWu2gN_wPCGeX^xhHTDgNY@1ZC
zKKzT;aT|EORY%xo7(-@0c6PmrK95HK#dYSjBfO@nU$e3m#!&bJ2hmA?2fKpF>6fhL
zSxL-r^Mp$Ly?7b-N>1>-XnT4rK|I}94TA%F;E(7HvNkNvzv7*SX70NAzn@AE7`f*D
z!ff^mntQuo829>+lQ-mXs>r)&|FbN9)9(k9y{RTN1U3H!T-3CiL|5QY{mv?@=^(Ds
z(?JaVu03;c%z%4>v+(dN1p?xCc;2|$5r+nv#h-SshOPNusmr$roB4?zZwAS&dcX87
z9EQZK>9;+m>Z9YF4J4oH{jIFKTQ>f5@U=<J5;ui$@Ib~kZMD|YW1e?>ENff$C2(%u
z&q+n;)aB%oR>b_7LI0{<1>#|qU)VQsJtC)<Ns;9>wVr(t%2I_*q|Bht@Vawic9v9q
z#-q*Zfy&!<Oy{ghwNRYz{QmJl>5@zQ{8s0#SKbm`NEV%s`GU;xi<aW_k5}%_4_aCg
zyG|U3Pcyms`%9dBVT=k%oen}R!c_Uf^YMrdS9oGeGGnWPfcjT2<*ecZ5BOa)1PFlr
z`Zb#pF1X?xVpKVA`!^~oN~P#(PTvW@*QfVv(B1zitVYH5slZa71Z8ViiKJ+uqq5b#
zQOrXsAYyq#o|a>iT}&6QAt*Y}r#wt1#TpId^~n|o<IcH=01-@@WkjIw@=A(daueUq
z6#jAZzU4cWDu~9#!om4$hpc7$I`1=&V(51|UK}};kl?y_-{j=RDOaeWBgZ;kPd(1u
zzWEiFLLig%=Cy%oP9wz!$7Nx(4|I^Nv>kNxbtb*0WSREhr>w{~>bEi<ckZ|DB``n!
z2$G05W(XCEXSl`g0(;HJ_rDVZQfzvz#CmF6&MNhiZ!A`x?0$0Wp|XjH>{er{RvI;J
zhou(%C>H>&=QE}ia%YL@(fCML!s!KKn7n7aE$^nD*KE&Dh}|vMRMOf5WCU*wZa;)a
zwH34+cB8q!{K^5Bb2JVl9F~AYmGS-EPh%%D-+1?PQtLQqv%=1uT0i^mCjB-cN3Ja5
zvlDSoz}6W&PYo)x8Jaa$NV5LIGn-CcNPR-0m_VC-fK;hUo%8;x`CCG(n^#xMGK8(|
zy|z$bP@(9EH{$nc(qcSv<ryf>l3f;^XQ>(5j$qjfG93y|ZV2U@y-?{#dm#*`2vo}W
zT8w+*))p@j*kyf6Tm0c?W}(@t?z1Cz{bZk@9<@p^L=8&$#3O3|LTuXNPBg+?<7tf5
zY}S`gDKf_|EcYp3LwD5<9h)1r#2Sq(+Vf9k{L@jMb<MK9vZn$8s@N^xn>4)7i<H!g
z;q>?Do(Hni!bQWJFyD`@b?}%~C9vV|mZKkQp1AUX7Z-%Q81#xYsCUiZ3L!|=Yn%pk
z^oq7wdIp!=UsN(#s%tr>ec9-R?NuUBkVS5zv2_Nvjgf(~_;P+U<Ec#g^ZcI~LcB`F
z*tEUDs)!!{&YY_7usO25Cxl$wsR6~gE-CLIiCAv@FXd7TehvSkjDnPBIK}yXi&O03
z!ajl1Y1Jiq0Wv=NTSV){^KT`~BrDZzXg&=_Fu_8JP69@p0lYjsCR`-E5ao!Ck|Lay
zTVlG!3$=$XI#=|N<gJuE385{YQTA^ZCT4~B!Z&}8#MyVz+pl+{$pS}n?Z5rl<!C9d
z%^N%Xqe+08QV{LQH8#Q@>m9fe`E`;*O{Kp8_p03_Tmqq@A?cy~x@RI|sz60-yd{Zw
z?L7`d<Hi{j@?{+Hub{`C;GrK%iux^auw(i83>#6|0e{Sipuxhxu(q{bYV~mo2zXHz
zgt<>E3-<Q+V+X4l8z(F_KApBy`^kCtBsctG78|eSh*=JQ=qpV_a^c<m^M;M@7uM_t
zd2-Z)pxjRToKGGkI!+&x-tmoWIDfBr`^<}zhZ$x2{jkNhuI{4}y7f0~RFI-IDy5Pr
z+WTTYdg=?ZsKF4?U%AES>s%Un%DpUqu{`L=@=cJDIuGs5sc->EtMY_Iag2fWb|UJC
z@GCs&PjhBFt9*_^!}UUq<X#ayAJj?uU4rQbQWJMbv8rdzhfy_?yv%DCt2zfolQ38a
zxktdi=~m9YYG<}f^n&S}sjPt405VlitcBBRli!|am{c5r^!t$$1}7`>xdW1uxpz?>
zY$VZ=4(nd}ZWqqIx`4matKDIjfo!+Z_+|BUwhPlsnL<!ZtZEH~5CEO3tS;tVRftV{
zsKWXLW-`DIxi-_edS`T@ENtHk&G>#YMyrS_d&Q}z>ij0C;YXqll8L41>S#BBwlo+N
zX*M$n5;IIX3V4yPa*5QnQ9)!T*Q1|X&Wm23Sf_bKrnt%39qcD+_-LWXs(;Qiq>!4{
z{!o)b#Xoti{HOWSH$0iK1T#TPL3V!IVKwIMM`c<nU7hJjz(AoJUw8o3;kc(r5d1=!
zi~NBgW8kA4j?=ht8R^PJ10|(BiA62{-0Zv?N&i$`awWImoC}qXThsxC@==T;rPJ9l
zDkU{9N4K_-g=6BU4+Jb&KNZs|Sl=u3EGcl_r$WU(P7}T~+uj#8D|z0W_ggVBA?mN&
z9?&88_WJX6%PlOR`%L3Ng=s#?(LJbR=F5saKPbx`_%+Tz#eV6ROt5}Iul#~6hZn)%
z{`J!*@}$8I&6>%jv80?87Wy>H7Dkx~znK9`c6NgX+lMi>XpOL9pXgi=W-x*1WAAp-
zHLW)1N<CKi%H4B-bh8GAJ;^MSqEB^AN-mW$2{owVA#tFiAeYDMPIl$Y2p{bJYm~5O
z*=th$zX!4_2?P)L_#1c1Dy=2Ixz)&n<3q&e`&zl)Dk9nWp9WR<3E8OMw)i$C`9?+4
zjy<XSFK|D~O-#68mZlsLGKz@_<yQYO`Z<d8+|G367X1tJ%wM>sR(G03Bs2HKAI{CE
zjA*|2Yjfn2{bs)z-#AU;u<5sgI@|XyrE64$9fsXB2>c=g(%H|C#<(B-;GPcIz5;K|
z;Ud0&{|*2HxL8?P1qB-b{}mukl}n%j64o1ZIkwqzSxo!m*Vl*!8J~s*4_V;9^P^wg
z9_TDO7t47IQ4)RfiVm&vlvG#KXW+%k()^r8=@IZWxD#ZbE{TB_dRO7NVzozJ5MJ=}
zi`pv`P;XGEw`f1P4}Dbtt<TJ_ZM<rZWu`hmJ%?{nn=?P(MdD65cY!*wVp&AWRI)1T
zy>L%ro<5SuZq5#gE5-5)yp@0CuGZYPt9PVFTR~mHbzReO{Fk`rC`a@CAG19q@g&3X
z$ud%qVXb~Msso_27!eLycdsQCu?=1{EK@6Lfz-;Rh|d*&X%pi3<N8m1b<s@+nijCr
zs^t^LPaFSTQF3NF`31sYn@%mYtHw<MR+SQ4uVhxvJ4e$=&z=I!bSbF$+l=X)G_Mb*
z1Fd8ud`gSFK4Qpe+YaLjFw0KX%`7mYmB^~20ykS|z`A_7i+PaudST=;a70)+Cho7+
zO)CxrizUr*jH-}D@jvLJNzu1>#nXH>_R55XrlYc`Hw4krp|`Kn@U#`9SEZNFRy^y6
zK9-Ph-lJF)EhnToEA<X3(*}Z6C4Q4*gMwinrmqd10&kqT`LiM@<H(MVNkGcWRHR1R
zVi!d$(IzYksGx|DnrZi^iB8LByJ*~4NAt3eNh2i6%l|&6YclCqfI!i?W{!<v5|39o
z#C^PNA?X)_@HCyS{g2`5Z)JgfwAl?4d*1Q$b;jqHs~EOYO0_-D<cPVG=7CRebDMeT
zgW4LmTKrodcV|B$7gIe_Rx@Z;<`~@|>s9)W1RruXQ+rK~%FjV?u64MJA_jT1R3zA=
zH3bi(AlBh&QQ`6V@DMYE)oL)Ecoiu-L&fR`C(A>5FT#cmaWQ;XBNzZHLfFB`nMZjv
zH1kOEKMp9U^Mz%Yi}V@N@?Kv&csVzYi=X9u#Ng#%7nswY)6?Hx^DG${kO5CD`<}M`
z#wO2vwC$R9!yY$ielJol%_j~0v*jRw3$$@Ow07z|&F|>aNM#7=hgV}Mz*z}tmrI#X
z5=M`k%z10xo0f*};YIZvj~jJdH??5_IYVm0W?h<|D*mTU-mesphcAi*${!V4?Vh(@
zdMGwuzEh$5xJEqxN+NxJxk~7N=3cv%L>B%>;Q@u1Ux6nfj`yXrwwWq-)2d)uSy@0Y
zqfTOGYTCM~%EL^Gvc7B()x)mZM2}|~L0KXA*+}Hj8ONG72M^N>#Y0l_EwYhR|DV$P
zVy?_rxFo0_Xj=QI-s4R3TFO5-Sul_3FzpA=C^Cm+fYyI98aZbPS=omcs~A?K7TpbG
z&NZsMDEEfPFqifKWk@QeS{%>>z^*9)o<PZ@_I0P0{QTc3XsU#fLA(7*`gCFFeQ=~O
zLn>Ph@+Y;P7y2~>y>alnw@l-cNzBS77riNDQI_j}oX?0-jpIA~RSU$vNQpT;?7kL;
zf5}YIDj}40!@?~Jsb-M==Zju65yV)nSfE|Rq+sxGXsa}ESk$%9X}n^|vzp^6hV8qj
z$jPCRg7|{*wXfSm<emtYb}gevGjAg7=|%2JJHF+pk8bIUp3!oJ)i_-!dA#(%Yu!SM
z6r?B|v)GRE_CGU>KAYTsvoiI!&OqVBZ@5w@%IJbey)B1RP%H&De_J{2W!#)>I&IuK
z!kYHB_bKzr!i{xKO01k{=96DLV0u-F3YwR%Jl`*vn5aQ=k`7>%#JQ+*UAS*<Tv3zZ
z7x?UCqW$2^8D(m(Vddk~Ol%1?<;E7B(3*;&uk#*Jn6vVo&K%0>BqvcF7&riI{=`|x
zx?brrGP@Vdxwdu@^&!#VV7x`8=D0YJPz6ND%Q2mVc!#fB@(6RYn&56adjI+^fp)2!
zdWYxK7^=1Y)ydbE+=`5wYOUNUnu>(BK<iihOI7b!O`DmN>{g}mDa(=YX(npURMz!%
zCU|V+Wow?<SA1Sh$;^a6cJjcU$AE`;!+qJ2Y3;-8V{C!i9DJ+U00s+b(Hq8l*6qFZ
zuj*Jb(XQe!s}R<3F23G#NYxeiQ$ZsV`g3=W20!LtmA}={p858tcn~Qea=1l0nLT6l
z4*5_3N92tb*^wbiT$$M*{sG;GD$;{Jkv_R9eaMQ&%*|@!*S*SRPc7G#$omSFqM5T(
zmooTrdB?w1ah|g6qQ4!^E1?@M0@Z|3vwo@mzjdf@E_3x<ex4Mn8Yw|eek4dZ`R|s9
zF1ZXC`8WrBV4zGKAUj=|-_FnY?CjnU3HqpkdUHVhO)E}Q&>FV-EFpM{RV%O{Gfy(Y
z6AKg-PsxN)V!bK<sa}qQ9k1{wb+azH*XZb>kd-mYt7tIDnlH_$&3A*03QtZ$gJ|s5
z9tD!S{$=jOJByhsUu<5Tf?$F7p#D%AOv}L)pI_{WgH1B?nSwofe2M=sUfM~0KbQ&+
zUA^j(1#1|s{!E~``MO9tLe=B=%X~!uDrknhl*_Q#w#MUdf+0#1%|uzDnSiWr`Q(ko
zde8!4hoPAFv6}j4W&jLx3sSQvW8>sD`<H!W>NLfI%=?qEhGVU7pA@?<V6djFXG4uG
zc_HfEZ}8<mwzpWiWtb9|X0tqVjL0g!unlMVq)=&s%O14If8XQYT^1N7SscBFa6~#T
zt8K6Hyz0V5OjJ2%3#oh~!>9XW_jO+DBWfq>Pf3>?lMUCcF$*pFtJQMw2@DHFu(}5}
z^F<dfHw|dJ9m_wjyuG+fh%BqsL+T_IGllaV=E({VON^p`g2uLt<FzM)(+Y(ZiBP)^
z-09MCSY=RO-kcW+^E-&vTkP=8udKK&G`ir&;S_Vf7iP5Brgl=PYVYvfS`-5XP0-_y
z2h{01$d-#-?|MP^_8?6T4!i20pxY?kwzmYtBNJ*aB^=N7Iz?SpG4%nppMAYeO)I0Y
ztym<!R9W1R>4QLD7q+IG_hq7S3t6{GP}7;=b#F6FI22JqN!ADOfn%5M;J72wGoZMc
zALSHx%AxgJHVxO(njk&Sm`KS*By;Wy*F#>@hnV-S0_8&6w%Vx?Mt-+*7#A9CnXhdF
zVd;n?qj~%WvB$&niSXlu2HwoGKuhnhan*!n*KO~aX#%Zo3gaGN@9->`4!&#~n^WUV
zhlxMIa#27a!*KDNm5HxEg!i+Sn>k@mhP%9x<j%`gjvipA=PBOP13W9w7u`)$`}2Dp
zQ;L#Ru0Isvc^AP{VJvA<Z)uX|-yuGk9=?BlU>tDu5OMD||HABHuk+_m*C`IUfK@K9
z!_81`CJ=%sfe38v))-du)O=9aT(iM8K2|f<W&*LiH8Q?F%$?Z@e>CZ$FJqa+>5+Va
zYn2*28zatR81ne#fgQ*j!&bc@lbN_=k2hg45D>7n`A5lMXT$l_VEv_8;2BYVm0;l3
z0^EhUm^!j$j3A6IQrTrc5ID9!SVr{FcYL2^hjTv7;ZuujyNirxiBnQiDy@hDu?_JH
zRDcIEw#P)mudre}V^$Xply*x<?^69i+&7wPeqkZ<=KbVVBXd<lkw%H`(4?A2UCu7!
znl~Y6=9{6rNkFhDj&tyo?O)%lPl_oZ50OlaTWl@a)I-I?(OD3S?y|&xW%_&PSyTnK
zz!5bykmT!vN`VM{05}ssxJ)??pepd%PNFB{_xaw%X$=5<vWqS@Q_w#d1e%UDmQ()d
zAr!mtQmX8RDU5K{3~=;Ak$?Vjr-WY*ca11%c4ul^9T&~s4`#udNJa<Dfb!3eY0ucx
z?D{V!B)x3p`m%Zj1FrucTVDYbSG#OGxCRLB5+Jy{TW}8qcL)&NU4y&3LvVN3;O_1k
z+=AQN{O7)N?!E8rnks6BZJ)31Z*?zN678TrPPoHb>MCoyy<l$a#AWth^zxcR^wGh<
zEF71hSm47$;Tyjtd`l+4FSJ^yuMOl#RAJL$c~$=65T9ttrLC|z);~<We)yBGO4|sA
z&aj#rTP)9@Y!8d(6c$J|>+kRfdz4LsfVFVG%0vA}0`({EPhC#cv!>46BHUt)2)pU?
zsn-}cT~JPEt6&zgsG?K}xE(EZJtwed=vWo|4C$5Ie3yl+8HU_d^G68%pF?xWLM#`k
zzLGDIhZ@A=&YG4LSprFcR+v5u8@8&MIj~lyZ_!9-HLw?PI~)!!;n6x#fY5LWjfz=k
zS-C;P*`5oLQq?&zSQ*(!2zhuBdt&B6i$#J}i5Z<n_S{^N_IBNCE&f0C=;>H;&Evea
zgDN!0`xMG%=E)SxewvjuDKijrlhxEF)+~|L2Udrn@1P5@;uTlX;|^J&iK<}u;Fcn?
zMWC04MOs<2=oHn#qW1-eJ5F8nUneA*CwVLU;T8>C!ZWh~|7x~U?7wVh2!S+RB23Ct
za&pu5YqlYeZVx&R(9hFYqc2eMDQ;`)p5lF*^ku3(#T${9b?Sxu^2Hf8o(QXFL956V
zg?Dd5&8-8Di401lBiX-D1Cc=;^?E`;=YZ%z1(M<F+?FD1;b8;q4G8N8BIRN^j{*>|
z#G(iZP*5h>UjZQxKDWPm*n!+On?7Wc0P!s(BBJkE|1RYsqJ6NdOR!u8(B@=<K??e9
z)yTohx_Kj*yUWCS^{g72J8R}BDCi@W2gomTej2@QTe9d+gtbkvWXJoFDV)>g)u>TE
zZ&pv80KXw%UJIy8r!84DELj*4B$G7^*81+LL{WwUgsDyHL%e4WrftSvyN5XI9f}N+
z&U|oHnvL3A1<Jt=#mF5S+MfkK4DyC1zT7#I#;ZP8XQQnINyK_=gyX-NWMQA9oaX+v
zJ>c7+3>bzB-$nmX=(&J=tR5iTP2H*1k(f>LTeq9Bj*RO^YWMxf9h|;VY7knvGBrx<
ziPOLv%WLpgn{YBXr`APy?|@LlA3+&OC;&-CJrYP_*DW;D3FF=Nhk^S9eMj_ls0Avs
zQ=%1}noR^u)^BYe)cmaE;G;nv3clwMI*9c;OGNheX+S{^5<Y*L3O?2!_La6UJDNB+
zI9DA$T|yYvXNxm1mrOBwvohK{8z<o>nuV;KX@Ed3S41qvi3(iu$hbhq#ogz(v+F49
zhr;J;c|3r+;{TRNr^$-@VQNpMw7#L?cHRAa?$E(<)0z?6?e+w)^y|Ifyd-1Cf$0hZ
zBVZ-Our=8*Kv*cZi&YlT13K<ODws3td;XYDCodSAm#09fmY9&$FAH91#c@BRZTw7!
zh$gCt?cBN+DZORtLm3Jm@KX(*b6I+Ox!1>TMf@-k%a5j42paXGFF%-y%==FRg>tcS
z3qg!HBo+cb)7fAR3#P1HFbGH5a+5*eBL+gtnw2%4ck7xJdm50I>C~xJqZ|ny9&iUE
z!oqe%v<pA)Q9S97U+P`#c&k6}EtCx=O+Md00gSgdo{OlkFw%YSeUb2-f9C~QHLk^p
z5CczDeFg$ywU@1ccvsF?91ILmhkB0z4zXcN=l17JLDkomAjzK_-5F9Ru+K<da!n*8
z+9$+uy%Y~RD6S=_ulOH1E&5Qd!CIr#cu;+#3x`ncq5UG=gR@1fB5hW{s0DB%lX-V#
zz)qM)NSAwKV}m}PIPqXIr+0?s^n0VM4F87;_NI8R`t94z$x@s?wsDU?9Bd8{R=ByT
zXV-)y*+zm#GPEYK+j+&Zk$q#!L*^j;m##aex5-u=HIaPDyeVK;6}2t#oI8Fag6y2|
zVQH($*rI&!T5b&~m^4kpCM>up1{R{a4|aa{0z8(JMmLIFbXQnX&WAiP)q{d+X!+_t
zoH%dVS3rbaUtb?22&B*4mM{i#s_aoXp%uoSWI2aj53fij^1-2yrHFSpW^s-$miN=M
zz`>8isY_}lL*|88%V`-u^kcP^9W@Y2H=J$hBvsx~qr<nZ$q7$DDuFXC%?0;CX~OrS
zkaoL0<iPbZcB^d>gW!Bzmd$^OenJ0NgS}G}--yDzWo17^8a1q11MU+fSA(dPm$s{C
zoQDo)S1-CVLR6(h6Ty$L!5N<f!UwK19VfI19`qrvULGK&08W$kAeneHWW74jCG~c1
zT7-W>KNNXT6l?helkfG1tYCDJ+0k*>w|Pzdw+0}&*L7ZVtVj^ZB@}pjw!e61iULH?
z!*f|c-12a?SV=|(QRfNBFJGro&MHfT4xj(E7|50Y4>eyVEBk&<cWTYt+TOotp%ely
zV{qq^hS*{`3PsA)<tpaYYGo>=H7UUE0*7Lqkz>o+_~t(}Q-B-V85qnn&_dpS|IQQz
z9{X3Gq^;ZsKUB<#6UfN`-8or<qnJr>EXf|0UopP@s$8c|i+LIKeaSt;07$Fe_xW{w
z+xw%dsAS#j+}vD<m;Q5HPG!X{cnxs2LG??7T8(;zLi8Ke?zgsfc`Q|>(gPPP%S3>F
zyFxU4z&0+ex-L^`t-~Va)xvGYb(Fe_xwSrm(Mps@Sucl$Tawp5&NsKp;}~#^%2_X0
zxYJKhX`To!-51k0)BhE{zG<=@>l!m6zo=TAm-}uubfBo3#-igGo#v`QLCe&%NN$Yo
zigLrrb|gkLK0Ow5;i11L?xB>@ipD~S>W7s*l)?HoRXRN@D{H*8hQjo|M0-Ky+jYX+
znW#NSl9utVCOj4zEv5xMnUcKd`X{M!^9}y^yaECeY;`$0Z0SQ`5l3z|w(l7qy1q6A
zOR4#HDtfvwi7FyoQQHjEEA-@YgQT}YF=q>Dt^62VGZK6H(AgR$_v7+OkBz^YX}`an
z;tYEtNDY%*!79G4=>k{r(UXiwT!+XFZ&{~zWx>HVfcf08ElgZRW@ol#a#Def&B-1Q
zVn~Hk6#6rj7v1m4r?y?sHusrW9k5H4)hCy`^-lt>g{@~T$K!xB^=ZS(S<_CWA|M%o
z!y@)-9u~RM=6YQqo3=lZ6{QiU-sxnwy!^>;$YL-H5hY8}2SvDu6@!?IRCn`c2o!?z
z083&t9tGnQKQsiwf%@!9?xBbY0+C@QYc7l*e`jznMZ=i^)3Z}4PT|1BK*zo>r5VQy
zdq1Q<Kzrf}dbsgliRz?uUTwFLI6u99ja#yqoiG)Xq|`wGr96oBCKXV;rs%#6pk;wY
z>vT1~#Hwe3G3E`L4(g^sgW_t#J_-jjNI)m2=VSR#|NY`Kd)m}fKLon`;f7|-epJhB
zCsVPFW9&crSPzP(rpZjz)}y4OqX!N)_%WhsyzqP|E-DZsm$+$IK4RSQxr|S*N3C<B
z3oYW4wClQ7dM7(+D^NaK;1ae!_Qs&m$s}AUK*ra23upxGi(|e4i_)O=-I-FCr)2sH
zwf*);=MLhJ#C(nDBuY-yg2NhFC>Ky6C|TtUZ1IVhSV^fae_;?s&e6h>F3&`S+rYN#
zn-(t5%0<0C)tN6;^z;aO=w1Cr7HG5E8}19k@&<A)>v}!x#ga<{IX4MicRv=+9NKWc
zXGy2mY6ASV0L?~7PHy~e!&|_5y^XzO-h@o}N`sK3!<0_Y0MN}X>qli7gC*(ywSb3$
zTC+{kJ~v2}0TvyT7WeZ290#LZHqd3kXsceXgA;*R-5S#+Zpxmp$>I`|`7{b<kp6}*
z;ofN7+?L-&%+6yQv7G}zlu<!-9%N}cABFR|;^0bkLUq>`-aav7?ETWqqvUt&^c9D_
z>|45I<l68@5zb$kA!aI977S)cjY&?9jSb%z<!HHQ-8CWK-X1y>-B09VWn&_z<HJ};
z)9y{XG2hYFm6Qn&8d85`ug^e`_bezq9(zReF$yQEoB&BsZO7;hg8AT!(DaT%;Y25Y
zr(7dMW^^srVHXfKK8|EPW+CQ>5TG8Hf|lT@@BVt7=Arl*sDvdR={9~e;<-)jg}OQf
z5;EAfrBO8IG*>W^EK0b1_2Qv1M(cx^i8E6X)4iR+ClTwbL(R6e!Y~>l+x3A~E&)Pf
zfN!3YJNm^y=YG;Dq!}7Oa<|m%IuC7#(w6eHHJ4sXDcv;0<zepO&en8SaSWF48F!w}
zJH1a9tMAsFHz1ICFD6Bhhw9hFi9G87rvQ=nb4;Qx(lM!&jaj#}`)2{$T6jSeGY~3I
z@b}7_%=lDxoLhX#dax>zmnU)Xi~ae%NZQoDue+xVpZl;^GoF>sBPJx@j;c{W7m9^?
z^$@$g$DEF)?gZlHoL@b^^}%6S-AiO8yPBXM*E;ei-zjQQuBGN})Xq^4rYSYJ?AQH>
zB1cTEnDDAX2Kj(M2eKegS6YdnJmx3fe_9i@WCU-Dr`g+zN?1Z*jk|3o*9`P+6+$;Z
zi-6fcQGcuD&s6QaR}5|+xX;aQCSTwy!_{Cq&+C1(?FcPMA&J9n@Rwq9AGoy^9#i{W
zEuQ4c#JM_4DOt{}5&fJuW+{Z_`4dud*bHbIlYYsmi}mewUA0I1E=|nOYsM8JSOu?_
zLbS9B5#*C21nRg&6*MrhH1FjkKS`OTa;x*QyFG}yrHJAIlZjBJAOj8sIHmb!VbRCo
zT8z2xg;(?C!y)pm{Jj*UQj?vmoIu0|iN4KwF^C&<PFu`<C+RQGP0rh(ciG>jgmFdf
zKhJj5>7rJsgf@LRI|5I~uYk%SfW>#{@wGbSK(<f57aDdmkH-V9e1P-nb+Xjs5#9Rk
zaC=xh{qC|tHkk(^u!u;rO3(Pb*qs@H@Op{hC#dS6L5@2^PF!&YNi{6#;JSwPAytic
zz#Wg+9elgJX~5-f`IEpyHj`ohs@K!0q@*ONcx2m7BoAPZoMH|+WPCjZ_}H|OwAice
zW4kBF=Mi=vu3Q!$x_`+}U(FB_!0TO1w>E`Ivm?1lszx)xe*pt=R_qnV%AS||{w;(F
zs*}OjIZ_4}OkDRzp&rlV{V}<aSW0u|=KL_5j$^%+_mY9_hPfd3IHbq;98X*sGq=Wg
zmD#&Xu>%&F&IIyd=XZtnK+Rya>|Uj6r`Q9{YKm_3Rc;@9L#dAw%|V=~{hbF=Utw7c
z!l;EM;X`+J(76vvUtaFa*nNn)wPX4oc;A>Q_tn?w{zbk!^M-=1={`LE7pDq_*G8R;
zntk*lw{h^qn~i~TFnh^cm2V8S-Zu@)r`yYHM61f_K!4Lp;bH`khY}wqDhLG%4`c&M
zKmQbG@~cM`nciG|0|G(N%&GhKG>yZWe*JmelrE9nMS%Rfk;C~`?d>m*JEz$5#}g3C
zyv0U`>(eb87s~}{C9Tk4RYt+~>5O%g!)Dl4I}iET+Nt?E?)~;>4hSbH?{epOi%0p6
zpQFujJHpB((M|3|*abIJ1eOvRK$AaAMtFoZ9yr+U?OL|2AP!uUcwKz}6lI1$FkW0c
z_QMOG%Q#X|ge4e_@;#V$4?i@FT)2Lxb<I%Y?RQTTS%E+~@8j!lZNz*ybT%p81nX-^
ziBoSNCUJX=wz%Gg(co4TFpu>L1pA<ZMF@>OC$b`?XStbLE9b?7B`EO2=BG|2jE~UK
z0Q_hvj2T$AQMaG@^evud1O<cRGFU9k4HB47k(UUVN=AK~3tL}xQq38f1Qjl!Yd~HE
z<A#`RJv%x`W2Kw~A}$tMc)DtJcyfikGte!dO7R*}>FTwOn!bRt(f<60P>u!OKW&VW
zPd6kr7s3v5nle*4?wR?j2?bKHVuq-**^})q`i@+l3p+-Ka9zTxy!y??m^mF>;v^T!
z(gkLch$%GtyAZ)_M_+{BvfI=(DGtuHjtBpd$8)wMM>5BUS%WnY6JM*in3-lfPL{39
zT^Mz>(dUKJ1dK}S)Wr=B27+8t(t1!sGNq3Ph=>-L_iXb3mGRj;h5}j5Y`nS-7qPDl
z)~PSEEkAaqqXv5aX!UoyUMn5jSLtv0q846*wX4#$OJ+3M?!M#%y^m4r8K}i!xePYH
z&n>Fy4Rk4Y%<HXLFHZBB%D>OBNWuCs!4{rsIVcd%@~<=ssd=@aKwV-;&Ey|DinhR%
z`5)SZ6Fp>U33t{g1_8XJvufDpZXTm+`;ZL?gu0#yUc~0d0`gg2FONVrG8g}zu$dh&
zR2HeRwk0Fxl*?gjMR>vC<xl=HDMKI@J8fHQV7;K1jS9k93A=Rj(_;thxx6VO+I2$Y
zORm1pzL1k7V~f<LXXSEj${ia%DAa>eBqUEXbde~+`(?W{QkNG->&~|J#-DsFaAG-*
z?y%xhp@cR+m@7%z=rW=wUBQyrPa*pB%CuK*t3KRx{)GJP1R9*i`zQ=<O*_cYLy#2*
zADs>?l}I2Q7pN!zDM<`XlluQPSJEog>R&Y`&6oh*t(R7(p(ggc1G?L!P|!e(f5VQf
zrP8tW@7GKQx<NTeiGG*V+X0AQ2e>HACWXS+Ex}ZzgnCyRc|IuCqZ4$Sn&0EGS+>Dq
zYe&aMCl+-^(_}x#4H+>bl-tY8JRG{Poz+N((5X|et8Gi$*V@6$wE3XuMkjzr8(*lv
z2@hIO&Nt?MB0WbS_p)RbG;5FqVsbHdk6m@wwnUEF!bypc+lLA{E^oQDiTy_(LO`I)
zq!?H09fE_VJ@mAXs2V~Cz$!>PynyE-v?(i!Gep)tIKT+BVVf*1e}5}SbUWCzm~G?b
zS)QoZRgINN<BBD_rlX^yy1F``%>q~^fPa8PdegBLkhljhlq;aaRi*zs&>C=x-kvO-
z?KBhDCfr(_VH<i~U*F@9!Q>E=s^6N~mHuS{fF5dER(t{Y=%Ax+?VU!UzBlxPlT*y0
zSy(G7W(9HIZ<=fV(6rjGAmRX-pJS4R6{hM|R19dIqlyhf&X=XnkGfy-n{jH`%h^bk
zQ{&(n)vfzqVv(YoHYhg_6aFg7RhNEyJi!@5R=SPz|40i>IQ)AteL8kk#SQOc-+kQ)
z<`(sOrd$&(Bb)c&udEn}%~56!llZ0%i&5EL^^7+D`~(k*)@hl+w87+$42{ZdM#Y15
z8KpbC>f2%VsNX5e=@{M0e_39Akz~ZIV`ceHH?@(uwk3Pi7D;;UH<ISz_R(5*MwDed
zDG8|UwfH!(_3(*NI#K?k-J2Ty<aC|UyoSInjM`nU>U->S9l=}p;L7dHoi*{W=iOXj
zq!92pmF4949=N8B^<R4cRc&i~2{_(>{9H1hl?)9@C$0et9`L@M1ELB5ghdv37A)88
z)QSBC$XAbL@;!w*OR68aOzO-@Aw=q*XD%JG*MqeaxCS^b(>k^lA;BrWbO82b2zweO
z>`#?a%bUrb>#hLPx124QwEW0}S&f8Yj@$-P$)h^t2U$;lZiS#aw<+V|9Z^dO*r!4f
z>uQ%{XF#pY_NXDbbK7yW2GwtoT9C4;MNV;Rxzu3Dxc0*Pr-ueD=H{%%>L`254t$`#
zrr(G=%^T#U72mpM2N|faeKqOJRFCEtg+}AU)Q7*!)h-0*3!K_ou3^uRHVK8om0Ha;
z@>%?>vPuBS^25B7{r>2s-=D(L6mw*y7Luni)8t#-)qYY#M?X6a0qIdnASJw@w=-Z~
zzv%*r5kCu|2#bigW)3*dl_*mK-aK1;703Hg)54jd>*osX)~W`>p--7aLIT<ZKhUJY
zq($D=>`R?C3%rLX?{)tm2|NHH(^gGe&;S@Y(;uK1j}9}-ab55wljNN^Uu{OC;k>ou
zK>>URy1zn0!>;l+&w)!0&t<+0OnF%z{LAKl)SYtj`tnMRIwF^#{qR{;v#+=(wx#s-
z%T`RRz}_uX^|rEpUxGH9eknbd-Tg&O5BwVm%DZpi6$w77zvRri;DVNhFt6yB=v+l7
z8l{=kR_87)*v{kKJYMDfX`H#+KqZfTLe}QO0J4Vj{sbrMT1}brGt2<JZmn8_`dY_I
z_E4Peiv`0uk=Z|Y)%`~B%0Tyaw-Jm8a@Sc_h1TO@{}DmhMGgDrGC6XENuiKYP?@qG
zl3P&D<47*bDim@lb!H}jj*hIV`$vj$*Hz?j6i=AG@^myGg!6p4(~2c<B%k)~Lizi4
zwg@Ju88cebh9NoTOm9hB4JNo0*(|BV-qKdq(l&rvut}48BxmWghMCAnSJ?v%(&J%c
z`EfFua(`*alWKi%RW?Jj<cN|5%jFI)ed`g_4i5rVohI|le{(xo?P<YOHRxkqxUNQU
zVpTO;;kCCAo*vyeK!3fo#F7WH7#-C<JmAF5T!meohtJes-oz3h*hI7!p23-~TPWE!
zrQ}y5Xq+Km&pYve_{)zkwyBh3kIm>AJivX*Z8WA0?XhHj3s~^(q0x>MJ4(Vy#${$S
zR@ObN=%oFiNl%Ps<lH0oNrI*zi=IhrXF30;alJzt%r8&d#;v)2Q#cOOi^1ZA37ix|
zgMx7#t}`nMS2aI?Y^V?N*z`s6>euDRV5%}#<Kl>TQ?O)~;ugYnoTpVY)(?5Zz4<h2
z8TUFGCrpeBA)4eU&RGotyGKcTt<PC#UL(dn`9xiBc3&&oX)c`&P=-pSE_pClQNAWv
zVnHpCRsPt>Ti8_e^E}(epka5$<KqJo(<IMFD@l5+(ruQWW`ob1HA{*V1RmP!L>YKq
z!ey$W-G8!de6qWx$BDn5Yfh|nY-dxN<2mi}9m~oG`{n7p*|m;*J|m2WMf#7IYDQNS
zP}$L_Hs}L#IP%GhYoq}VjM&VC3|%7&u0=*1RF*Il=5bJR^~RqT0YqXZE^;7rg`A6!
z*sF8N5l^3<Kf~rNd><{gZMJwK^`!r+v5=@3uMsAW-B-|dtyEY|syr=v=$%Pn0U5<-
z3JMDLEV<p&TxL~>aA?1rhcY3fWH3gqR$>m)k9uOo#3%B8_lUaAB`-LZ;`vXtsZkVC
zI%&E`*V$!19qc>|6pal$+=Q-!jIlN7m8I!!mYnRbO|*FLcWWP}2cK!$g-6n<I)f&}
zS=!S<hY7C#1Z+QQD+3Bq>}kMG9Uygop_qac1O)JUu-DBTqKi&#*(_Q#0ErG8H@u$G
ztUHFr$E|kANKf<9MqjRxF!5h(CC*_eD(N(yO&LIQmMqhR_%#o+<ry16@wqu$V+`);
zsn!raRUk}|AjT@#U;g70&$re<p7j`SH3Hlw-0bd>j4NB)k6%P*>Fv4r$njb}$m^!P
zt(EbgPIy0Aj0^LC>TC%;j+KT)h$a|<v3VIG8!WA{(Z*~+aezFZxBd!=*<!COrR!xp
z`Px9S72efXZ!e{{5dyebx9aH~D=;F<#xxQxK6i^DzeZUNi)B{wUaTy7_*Q7cA!!!R
z=*qB<|MGlRX0v}vX^0gz{9C1nru$56!n~Wru~|ssM<^R`*zO)BFXK(9tCf2;38AN=
z(@e+9%lm~UQ{V?mWr3Uu9^q1IYSa)K32%ieXV|q8Bxqd&!e$}3+m^&^gduHSFc}pj
zIQNocl-%MXodHWcPrxNJe@HvhU*vei6r>II<y&Ppga`<voVUJi$&NGDv;Df<S#{bF
z>v-&>syXT;t6<}UDme0xd^V?F4PrQ@ss>X&Q9svcoN+pYVKg__C-6Bv7}FKpo|G$_
zXjm~P`SEu#BrHtHzF@s`^WxiWOeLrkR<9Of5$faSk(9g1`aiDMS88F{dRx2X=sTxI
z$qG_%B|B*}Er2pRz#J>!dgyV~Bvb(tllL0ceivo7({b&!QA@*@I30<qm%|@TXj7%R
zqaAgYdJ5)j-Wq$pRG+pIyt6zukIAQhM|I!A-_N^}nt(T>{cO=5?O<qI)8WI>hX*lH
z(8Pu5tnFUg_iNK=>(JLij8BZh_mdSVp!7GF3K@|%H1%RgMmy=;8?4(uesH78ocZA4
zJ<3SrY4U4gWMhXO#g2ORt?~r67_;Pyzhkk%=W3+nmkVpw3J6*;(tFvcg%$RFTN4mx
zdd~?>No5w%<6c}}%F%N7(nsnLx|I1nut7sFu9%5Ix%L8$*J`}cX@*ogBv;U8S)Spa
zRpSVr4w6ob>?QRUrdySnOEM7g3cXV^BuOneDBTmRP}2S6*k|P<9HmG9ITL0)yHyr<
zHR(42M-OkMmZ}ZZwCL${?re3$Z<Yp`2J>$<Jn|@z)wr&5vNo$>3?28E14L2b;ehj(
z5tHo4tkr@do4{#u*;54>6HV?!F-#|ZS?{8+p3+>Obshf5JQ`E8?T1F6v+CpX1NbTp
z1IVAmgcjhwKCj#<0?%8>Zx_Jl&im~StLZvfrcLtvzy>WV$9%!TpeFG<Zb5h-Jg17|
ziO*IP(VO8+E~!~vp8Lt;Q#1JLOh4Sudw;|1Vf|8s&YchfRs={Pl+yn6jTOZnQdr<2
zgUW@k1Lsp(D8TQ?ya*;dRM_#qzEKXPi+R3$6OJL5%q<~$|Cd`soJYj>baIv%119@#
z8HXmk4{kGuXG|I2KHkhP=o0)~mn)sJs8$RA9)T8r`F`hB3kv5%thvaAu$isN_{H0x
zEFJ%ry`(wEjur0G%j5FOPHLH1gdp}Nm{0msTgBy^91>XYLMXj{DW~y6sz|Pz%}2|r
z`rEaQ{EjDZY#*6Imuk(nq}SzWOe&zwXgUlU?Y?2P9aYGL_^v-b9-?0@MAQ92B^~To
z81GSW{ss9;f;{Q|&{<?A@UMIJoWDU=@o}FojGY+VhHKn=Om*PpOu1#hHeU<0Grb_|
z(tL%eB7<%@J}y)o)Rk^v)D7<<Lv=;2Dp&p7p{Z=!)`8m2@yx7E4b;XRQ)(x@3BPxI
z{|3rdix~qe=*cWq@vp|__Nxam<kq3}DI-qR$YIZv(4jJ%HRGj+T%^xR)Nb;b3O^IC
zzpjA&?r0h+EeWU-4uTit7cwz8^wEYVr+haV+gk*(CN<NmU2>ZV3Gx0H+LDLGfv-u{
z@PThQ!2<~80Rm=O{_S)g8NXG^IRSnAwIrqTUR}?-H@Ug1vU)+Ni)KPOy_^V^0G~_q
zZd+#8%Js)jV%Y8OAt%NPi1jyu9R%E=g!`Ot2yaMwQj3}*2H8+71>?f6G9h3<d9x$b
zR7qOEr%-F1Q5LVcm~GG?g;pm_`G;67otmI*?=~FPzk(j-H*fU0P7QARwZM|xt%nt6
ze+?#L3j#8V<inV=bB9_?;CLOTNoY1s9xPbhSaRQf-%#K<<OBVSH+l(akn^_WkK2<%
zWX#SeSH7$PWVOL9hA<%5=DYy!d0J+0>m0U`=0spA;#i!*awfomScK}w;)*|jb6s%-
zZct!x*yBYyu%{eWL^HO<X&9zz(61Z-fgucJUKX>LyNn7%+vphc{EK@iP(RgUi*Mpk
z$DQSVRbfFAfK8&`*ZM#Nle&V8VXL*jWxEhOBKJ>!^Zanf@OH&e0+CZ)9n%~{CMlNZ
zDmV9>k5Ri2i~Ywq!3Y5t7yP{zbz&1Cww6q?=Jo_ZwH>e1p-T+vDpgW7P$f&i(7)`u
zaG&C2#R9rVFGSj@DLgO+V27Q6uaH7ZRuO_7@AoiZT9PA-RIS_PjI3p^SQ{SPr6C5+
z!%RDs(Hw^Y&mDkj3VePo#h9<>hP=XfACqC@PK>~2rPXp3p;{-EfB?q|q+Z$6ua;Sw
z%HnE!eARi@V!;s$MyGN`ZOrBJ`M8XZMecBNCSqMM;K8<)H3XnhC8*U~<gU3LB2!ZV
z9(yaPvcFn{2oN&0-R0(Zck}GXke_mrq(m==-C2ARdwo2h-b*kX>y&|_?`gIEC{DuL
z#?)$>CR_f}$B4JN@M)7@E!JG{j04x7h8abPl93GhUxhgP-e5Qz7f%}aJchKYkX;1t
z$2tZ*gbMMma?nVJQlx~ENp`k7;x+NnjlH<Nt)BBSk3m1Xffc<DUC<30Ch_#rqGeP4
z``zcAYSgT#Zb2Y;TE~XKoMVaxoQ1wRs1R;0ubG{jh6vYH91v0=%1Uah$*fXmHD@6>
zNKXlGWNqi%77MmIqUZ!R!GfJ++S|-9U>P-?@3rq9-cBlP85!)S`R=EO_x1^Xu)(6&
zQXqhx;JqIG3QnH(0bP^{8xaJJSDs+%e%;%!^d*({zuqS&D8Y{S5803faR!S<2~-g2
z$j)K?4Wz%nx4|IPpsFCySY`M$jhNd}{sn}{ZSL;-e;?>HYpF0k0`-Y((BS7gLBE<V
zt0V)QxN1M>`+k8!LtMU|LM&0y*OB306Fja0_o%y?hQIy%ey>ZGILHF)$<HOLrfV{j
z1|wsQQL&2s>BSS-`}cXby8dg#*Q<tJz7MzkR+W*x#O(@XytVtKKd8~x_8Y`of%r~h
zkmMI3<@AWYgoF*(*EvS*Lf}Pc;!k(0$G1gHQlFl;Y)l=p4Ml{9Ms-yd9<1;dMp4c{
z6*0wKf<fi;Bpy#zD)XOqOuM|V5X@gV{zwfXH~qHmaBbfs#t0&T{i#-6zZMRO|8^AV
z5f{Qh%jIJ6W(<mLoEc6j^<56FTrAg`gQ{#f-__GHP?-Odrp-3Aj_dw#*pK_o)n<r-
zVJ$Jc`?2k0HP)}N*I4}ckVa^1p5%f1RK>k7hUj^f=y<QUe&)7By82J|tDSj*>a<k`
zhEidvFQ3zrs$r!fa=d58cQbh->xemx?K0>R=`t1bZ-vXMAC!PXLRR}*n7BEFeK5H$
z+l!z}di0Dt66-MCh?q3xQvgEFv(}SegDNqKB@L{9^krsFNw}2ku+)o+)Atcki1oX#
z9QT*K9!BeWyfPtFDQotCTRd*-1SbuUkIg?sJn>d$GThd^nth%hc-|H`wdA`vq61yH
zdM#$wxBJLXag!FvsY1A)BsZ_SYx6NOUuPCNG9z{=D|_#V-Cf@ZzKn2KwLPBj6Hc;=
zzK?H&ycY!jaDqyisMnLD1n*8atAj0whQ~}*xup-#XcGs!uuU%#kyJXIqPX57{>LTl
zlc1B*A7WGHzF|+-U?37$hzb6L2?!jXD=<OzTsk4-T1kpx$1c5X7CSr0(fRE!w^*(C
zrXEX;h1AD=@KL4byjeAlVlwR&(1BDxVQRKT7sLCPuJt!v38Q!si7B?kpKuG_XD$P(
zB_u{8^fRDcC%O%9*dh|Qlf<-d$Dlz?5Xt+U4J;HE$%^qyUFsn`bW4d<pcybCy{D5k
zzFLP-pC65-uYx}strzl4Hu0A-+ZB$(lijpFQ1w^rH*Z8ni7aLl2+p9tPmHv|w~fl5
zD|G)5A`Qb6chb4}iqlm?8joVwG~X2<iUJ(aw-X{TN7XhVL9g~Fe2bN9R=Yp3mT;*V
z8Hsx#Thin0CIn;On~Uut!3Ujvcs_nt*^5^6xZpGk3q@MOjVw9j9h-M-#!WU1+R~?S
zt9;(ZMDaKsURo53U@}Yo^gaWS8}U#Qwf&(SXT{?h*V6j<2b&vz;!}aP_=<wI*?#!b
z#0Ln$2JI8OZ?Gx&ChOWXf9rYBRJlUJ1pk?X{=GEK-sv>Ei}BrH^l_!T8fIYYs_dU#
z-Zjzq<45j<@277QeK7At*MynHOdf;kE40)WdDE!Jz%7TE4tNoZ94W?BR89SD+mCsJ
zM-|v(*9d_UDWG0f2!yid9oe!~4Ok6s95~INj&3!Lma?#`?HluuTzZqf6tZh@0=JJ;
zIk1=4I9w)&{W&=Sj^xie3t5AXNaG>a|I?j*DzPe**86zKP&F+C+f_%LMw;!t->trt
z1w)X0VDq&?=ti}KD;>OQ9Iw?8II=b_esBI@d1`b07{LYrh63ne!pTVbeVJ0hv?G4+
zv+<|%pY9@hiRpGFvz%$0j1N2vnmPgLRvQ-?^-Twfb$x3E^?+&`wDqm(O}-AqK_y@U
zG;WA%!)j9B5&Sli`vtZI9iD0onueU|LYwknn0|1C`_l`PbpsY$hIM{w+|X8HDs$wH
zfk3)i=J;_s%H9~w>BdHLZQZ@p*A;vDAO|H%OfMWc>sTy&p0EpPVcP@E>2{v;-D2Y4
zC+Zc^yeU)G68AThO;iY_R}y)h<E@B|L!Dl64Nv$0bYs7S80^9I&SF#N1umHp&Rhor
z{=ZeSYK44s)0;_Gp~#(gIN~RTmm~A8o@fSc+sY#}q+@z*hZ*kN;bM3eQOPrDyHNcV
z-M_)-anAQ#DdeGqc&p5LKq&Lp!(-zcx4jz;T$8wHgp35RLwNP*@VJbl?~C9~U_B(8
z&@;sANFndfRu4^RpX#$Xvw;zFvlIM*1U6Y}pA()R3_Px1zmdl4;>BU&D;mg{N+24)
zAd3dM*BUr$CDL_2H#;$*wBO5r2j7j)Sg7KzIz_`(8u-KOb20iXWj#8hFLYiEUteDG
z+AM#+-)9t|{kt$nMyrS_%(~<AfB;JIkaJajXf1~vrJ&nY=q`OsApp{~04CP!L)O~^
z&&GqCG7QNSf#yoY-?<gy*}E@!Q-2(?K&(Yb{!(2_7*osGa6!re!V{*Ptb7Eazbpm`
z08QK}Q#A`{3z4I@FFiSj0Gie}eLP#=B7yN4W`A=SWVrnR)nkU(2ol7GJ;YWs>V;!P
z>@`4YwzRpqhr#t3j-jeXZRk)a!_XAb<z!y_1~-fRMJdYEYSff<7do9Oq&pfLRy=P?
zq6;G1)s&i<t_76lPRYLA;hRj?4W;ac`ZI8~XSJGwgLMvK^GKN$HzKl*OV1o3KX@p!
zWp{i+fa-EBR!$s98rU<XkhKEc%~w7pf4i8HB+I&842gd>b!g+_Hajzi6)GR#KDeP|
z4WX60T)w#VYRXFOqzwK+>F`4woAee5i5Esd;HnRIt^_6e)!iJ#O<vBV17(?GDBMpq
zr*+qZ3<b)+-GI#Q{Z<gb({Hvv$cy6t3ealfqXb^>ccKJT(D#5}V!v}?BYK^?ZycYT
zcpT;@O}{|(aBqgsxQd=&fF1mC<YC2!O_5;&m(IzKQ#-9N3K2R1JI<Yh1Ti{2oUcqV
zYRAS@{Tv(9e53Ra;xNXttW`JGbbZw1k%2z3Yq4=q;QrQQ9!1GzT+>VZT!Cyuw3=us
zc*~JyscMjCu!8#6Df7Fd#K$-`$MErigYRc=HFDyxoQnD!U@HXT3Z7?lhiY&W!9(~w
zD}^LsCYn>UDwxK}K0Oq-SpAqWcnXSIAXvT`fyLno!U|oT7+#qxWdP<%w=A6@LEdfN
z7=HeK^2>HdSC`ZFfvTSVdn|-+v!YT?bSPOZSe$4H+-#c8j_>VbM=@8U6PLl@#!1%)
zD5;+7)-rh<P}ko<w_y8qrq2<ST>IdteoJ4|i)B9^gIveerLBVX9VKvBq!;{)f*beZ
zi&bSqj%abh-#)l_ZzaPSE;J>EV=^Aat;2OsO@3o{(sLFa`MX!*V)Swq`k?&@7@L#s
zt-VhKJs`w@4Fb~(Wo2Y(3z(k`*!ms9LU@TwKIBZ3f=Q{Mt}o7pG)Kti5|6H}>(-l$
zV!fe5(b&nggb*d}14eo^clnF0G!1lM3PAFJ0&9rQwA5HK^{F$DnmHjFV-2((ta#X>
zCuCiPm>uh1YK6bStLJv0Ha+tZ7T>TZB7r)6s$sHxY=H>Ue5ES_N!hqC-csL=KUJO6
zxtDzZ+jMZTfD02-(DtcW8koXh-K>)?_QjGt?OFCP^~^EzrivE#LI><`p$sbhlktE-
zIV+g<0kj$1USPmJ%iF3@bdDR^34*KV+IQ$s_tZustQqTAln$QShup;1*lf>u<J>%g
zBeOzHBlxKqE*6N-?#zknw1R)+&Vy%BeaDfDCu}ca|0O)xp6C4JveYmXk(I}!kvlag
z7nnwQHLSy|ZQ*TtadGV^kk*;d=gmx=OuBcX<XgpL=4XHOhl~C897`|@_l@p9gbf?_
z7u8vikl^`jeuA4MYh*U~J#B3@C)0obo@O+710p-eni@Ca(S6l<rSe3=I{8FB^l!7_
zivzc%O<lnLGZ$+RCTAZ2qeJeTv;f(5KtAr|`XL!u(Db-b9Kt@HVZ<%S@1L^6<QCeg
zl7Ch*AeQbnss@`$tm+-F{30{f@Uwe~DL)luezBe&Pcl}I^*CCTmbOx2iu}E^;+ohZ
z`R|SVV~|y=)Dp}MkpW8@p$Fy4J3x;=1-`)ktkDK9&Ht<bq#!8T<$VW|Uzg4@i{Mb<
z+<3~xYWobB68nxmp#tak)>NLVXv;DNg}7}^Lf;9J(Q@<FV;n#qKEL0MCg!y23!AT4
zjEi;$_|o07`r=V!e3!s3m>Waog>WqJpnFJ@R_wHnCamo}TR71De}k2mmj*^{jqO&W
zM_EV@eFsFfplDtmnkxg*?W~t)Z3K;8?>^F7os^JYW=#K&cVbr=0OrIFRkJ^lf0V#|
z!WG?ie1xC>-(G<)s&gjqg`IZ_Gg34If8E@RzJJb1pES=G<@%P<vE<Eoo#Ih|1QV^M
zs;G*~`OP2`4$Pfjyx;U47Jjc;`#KA$0o?fk{ytY*u50OXObb$%^V^4oETc)d_d0c`
zf=x4b^leu8hUVeiN!=Jnf6}Pz0s`f8ISSTdmn`FII*rxGiayF)hM&TjL~XcnSP}ZP
zLDe}2j=gbCrYmX8dcmS-kz$=XyuLRI->P59q%<As1brG{W(#?IQq%hO$32=^=JR@8
zd}U(tJ>sJ=;5UMdK~koO1B#VxA^tCr@_zBpnl)5)VCO}{!t>Nor_ob5@t0ooaLY$X
zTU{fbCCzbiJxllsJ&xUD*}~R=*z>57!*3E)HhM(W@G3!121nT|{5di@3<sRGeX%J&
zwua@NDEB@>R_`x3eT3s&XG6bu5(kdf&gxu8X)kr{gVu~^`_{c1>R%|FjOtLOzh9Ug
z-A>WA?lwG&It<Ae3E&Zx-HtLX@CrJaeiF~SG>E`1K0nYkKRg5g$HNk|AYrS~UJ0}x
zh|%_x)kL7&YZUph#SlTrT=vbVO}UoYHm5*lO>5po7Ml3U?1Zi4kKnCi;y3MBu%VS7
zd!uuLmVK%xDiudRIU3mYT`@kx?7#=q^e?su-DcD!W$+d^=z3Yw-kAL)vC(V6jn&L*
za$44Lq+)N-^KPymruh-|Zekq?8GgB{pQ#?&9hP(VJ2LxrKAXSbDi-y3nc}`2MpKSp
zH9f8SAQ9hjrT3VhdQ}#sH#NJw{1ku?S)JDz=U)y!654@-fI$EWn?R6b3M|S<tc%1=
zqSX+B0}_<D5n_c;kl8r{L=j?rky6?Ez=R-1nkm(_MVNsUR4C4;?fHHUAu2JV|N8_4
z;DFT`;4dmtfY`C`W9F2NsT((Xh$As7l5EsG#0Qa?YP#w`G19H#$ajzuB9;e$4?Xig
z2;v2;)V`0tMbIQuADZSA{ril&*wLS|{s%HSnJ;t$X=S{_m>6~#3rmu*YV+Rkz*TUR
zEHK$cQur`W2ww$G+z+~rU<sKL8cInj2TMSfZ`h|Oh=F4outMxedO??7IAynIMF28?
z-^*}bhYJuU^0?>@BJ!dfxys;i=70P{`YyWt@Qwps?+ry2-+xh0^y}Wd>$qzlA0JQB
zaif~69GRm?*?2KfA<HE`qoCxvoT*@{CC=`ku(4r576dH6|K$}FyR@K5?HlevL{qr$
zeHCUiR%w%~n}RJ07(x7;IRSVRpJMRQvJ|knhf0YfI!SsQ=X6X#w{xs{f9kvXULFKt
zduBG4^_lgOW&-m3ri)QCkhMvjRjaSHKG2qm{67|BC7Y8DX@Slhg#DMmpo?RZ$aGhw
zpX8969Qr;Be2$MiZ)fr){-N`|<E+R5NVqfg@-pm+==G{j0hxn^$nn604ux2pWn^{#
zT(G+8dS`t2vH{-3Gebhm(NX>Cv0@wc2_mo{3_26WC=cqo)adhn8HtRofH*4i(P0&r
zekBh1tz*c)!9q)52AR#^v~BeNGBnG%oKBOC`O#X)M6bnvg}=D$j0Z;gCLK5IhQI9w
zA2jp)kjpq5_dfN8em!}ze@q|Ru@o#TMbY*(4O!wz*2{{f@URZLQ0U(8@h>&XozhUy
zT*fe4l8=N3#wu*_`ii=bGlUXgS^?5=*^hJf`K_N17?;6cOUq$GQ-Lu%dMp4ld(%m3
z0vs2^_hUZbU3G`YNcdI{joILo-CIJHh+P*|811TFwg|8tPJ6U9^JB(c|K&xEUpjvx
zcg47$c>Sp0+=mCbyU;q(-N46i+G9fN3xSq6N0N8HX*-LFK~Tenzh>dHzgVw2;--u&
z)5CHO7UkXii}5$@%eI|+ixQ9m7n+~PnI7k}<&*zkW6>C5^wU-@o=>i2K#9`!ZUvsa
zNw5*6{w_xn2iN;PuAf!DJyyo8w+4@M@o)zUD|Q}mDo_Q!55CC-(Bfmkrzz9fjh&8G
z!{-mW?@M}^wL=LWsppxRa^VcL_{s@FS+Os>qi&G9gy*-}{p1;sT5MoM86=sr8|V_}
zcI?%3W4dEewvey}vFh@(4MbrawFdUUoex>mo?mP~F>6MN<%w9q5W76bENQ10n)HQ>
z<>jzbfDR^w&rh*Q;iKjUC}y_MH%;Z7kEZ|dh86qXpTJebOtyvXo&^hwjM*<Yum$}g
zhY&(B-)z?&^<`vczB;L$pr^AQ{>o^<di{AO9SR5uWK4bVkElTp$97#eQWNHZ&x)x|
z#D_hpX5fh>>mIx=aG!OpdEdZ+ZaP4MY)JDtaMgaItIu#Bp}wJVWmc`fHp&7_;f{bK
zqxa?i|H1_VV44HGcr$*?Osg9k8v>lXPUj8~rN4NZymvw7lW*COenOHef1(nJgZD<A
zVjDwh*^4>$HT~%D2iR`qD<-v1{$tu6@!FIJ?#SH@AYUceYt3BPh2W^@I1{^{4}+Z)
zwo|3Weh$(!8|I8Omt3ywEDqlp4#aYIv1?Qj&#Bs7UD55sVPRpRGd7%A?LJOH0p_E4
za~?%m_YAK5peW~v%*B{iW=}>w+mgM67~@|RC*bJba{(=-X2S{MUh7CfmLqm^_qtGP
zLMnZ8{BI7FtmG|j$LUnNp#NqRA8f$^Hl)5uy-7}QxhrSfH$_U?7|plj#@hOtF(P>R
z2t>~x?M&@(00xmrIQ`@^_DNRjDb}W_M#O_&=g(K`A#cFnpfdGxF`5DOl==b{<ik=a
zPYJTR?SL$_kE6<<2Sa<Y4FEUkWW`*uAF6@!G=@;B@SKQzM$DX8Z|M|5u@+~&WA(1k
zM*PC?s+8i>OhR!KM!m{MNFf}9{^18<W}C-?WtLuq=apMt{j;!zE!_uI+wTjX=iGQC
z&k*)K%+m9AYpJ5NivvVF<{xlGnJrfv=oaDu(krCUuVJTt$3NwRG>bGUPA@av<<$}0
zuMAjR4JF^M%}t#4+15f2`Y+dSTbN3{xp%R$yhp+H_Khn|He-fuj9N--JgpDL;)7~w
z%*KN@z8d-+V4?Xq>;$au1a;_1RZ7R2m;k^SSl2ReJ#Vk~U1tA-_ry{N_SdIF`ARId
z{&7K4O=5opeR)>pH8@X5fjVy*{xUL@nrdfmTfXS17q)K|7+$Vv?`vavw!c*n%95ZO
zwZsAWwK3P0(~vvtc1-~Tej?-TFyherUL$7Tzp6j;DL`BO6hn2u2!!^wJ`L|KSplZd
z(y6V$WTm=><^8Z&_$l>zh+Dj@7AK_{!UZyHDm}%J$qp;fI-i3C=;#Pu()rVl_~kG<
z!JULkrTe<(ZY@AE?aKjRH9tA{t2Xq8$nSlObTi}J7VX_nUx<(dogW_r5CCjiRxUR(
zPEV}|ug0*xY?YEf96B8$<C_Y+G)7?2zffN-mDfu9H!*FV<(fQy_()&aKB+gnt~wKb
zy8wRab1nAkwq)DHS8&s09?JW{vdUxY?YU&^QWc!>S;ei<)b-@6ZT<Jbb{Hwh%i-n6
zOP!+a{b^>}v1N*RzF5O;ma};Y$yAiv#fR8V`>o0AN{DVO<T}Fhr7SQ(%!!8F2Z!(a
zfkW|%z}iXBcI)vui!`FP8A&jWlORG&yp@_J^ew4w7wE^^ablqy-<?5?PcQ?K`%wse
z7`m|9>zJ)+#|#e>%4ntpNWqQYi5-V2pRd61Tdsy_qC$Ig$=j5tm&gHBJvsln5V(GS
zH=PTSKtM_d!%^r$T%_BOy<!nvJ!Z85{S=w$%;N0q&C$XIF*yk<*gi0FiRN%kQ3zI@
z+e;n#$;ZI{LE+CfyUzKRs7$TUGwX4!JY#=HdkF%R>_SINBT_;h&)h<b##z{}2Ub&U
z_Uj2_Y-f<Tts=C~v%oS^+kJxrVk(+2fQ(<4=@Bi;xz90q`}VMY)k(intX<S0A0S9U
z&b|aO6b(}8vhP`0qi7IBa+{oHT>|-UX`|bepm=V19ZzuN$)VRnRyGo;H7CEbM_ao-
z1yPWRD((&e3TZftgpmO<^ROUbV`us=kc3J}DVB`J=fb-ah+Mj<&1&anbNlAAiDQX+
z&kAVkeVE<-rIge4S{DCyKp;1<z7|9<CXO(7S+$Dwco65x{vfOC&^7av6$k3|CCs*f
zsN{R^f--gZumFf7F@B7cyIJ%Zu9#w#dNnVCs|z~|dP=1M14Yi7o#z-I7|=n6*nv!<
z1lnY3ptOzsE+jO!(Y9TV5hDb(R2ahyDS5pO&aEWxYywvWgM@`NS()Z`!2L5JkGV!X
zyHn+Xor7x&=tpCY<rcAmxP*@)`XvbRD7%7cUNAkV(yx{NOoG-j>WMwv2oDUM7D6%K
z$x%bfWNZ)If7`^h-#>EvPRdHXBj#B0j2ZW+884uP`W?#U2d{+IOOY|>KulYW{VFv(
zy?{4kv@KiUJ}2upWW<<47{5|~QVvjF1=IdW5~7mk6*6U&X%BS?qV%F>bEov?3h1Gy
z;}d+43CdaqJbb{W%W-saoEoc#7s(#iPhwNce=HqjU>m9J_xdJokt~D!W1C@E85-ZB
zDTDcCMZ(M{<Rshge#(c*fa#WBo3U#dlC)OE;pDEg$9!0zK>N(>aSmf&+b;3P!(8#f
zt*WNsZn2}>e6KFKfq?(4SVob{Eyto*pZy=RiX)51$J~gTaZ<n35q6`4wV)Yr|M{JM
zyly8N6+vF{cMPK<VY@w_2y19yFs{r&yDs!T#4KfyqrJ8HQ2V|e`JD&)_`1ek8YvTS
zMwAy;7Dd6P^nf9_$$u;QeqQ=GCwyO1*{_pl24<vdqCQ9NxKM2#an$WpdSg^5&+_7s
zrHn`QUz?u4#J(p^XGN$xG;z?pk~`8Zf!lw-tDQMb7_bc4ur^snbr{C{T#?Z*Fc9``
z+epog9y+suHp5;=LuxA{$ZxfhEQCfZy8bFNPAGCK0kwEZZ1it?oGPK0xb8-c6Zgoz
zv)%r@nHV&xb>3cK2KI^N+*O0(H^@qRrKz#Ol^6xCU70#mbv<p$?6ScdR6+PADDt$F
zVy|S7e{iLitSzORa<cw@Cg8hV<JYVpO|bCwwbSe+;!jOUX2x!ST&oHA|Lh@+%z;3R
zyPlF=Jm=*6#Pj5ulgxOGd>G;O@$0jIcVU(2*Cm3#gcfJ?+~2>)vZztEdR-J5gY2Im
z(~GLod`=@ti}>#n9m;xx%Urs3>-pQkqP^(A&-}=np?AIVgqmXQmWazH{<|L$g(2Vj
ze;5cU=Z~PfZp$TTBk$TJr#<%UIr%Z`k)U(XHN0?1gMT>@r&GciH5F@qBo58)zc!yX
z!?clDJ5E-V5^f9v2IibI<<Bo5_j$v2X}mBOiI|KFUYEUBE&j1fCMf9D4mika#}(cF
zsd~`&)<YlUDo>RWUt$Q9S?~ww9dC&BPWMW7@Gk3t0TK&|R&%@F=*}fyJotFX85$*7
z8xA6hY&uN|4J1BVy$bDbBZ=8c4SLI`B?1b|rz<yqa5%*qOc-YKY4`67zm%o5N;dw}
z+@`^fk$>d@%+~uNbVQMIRYxn2sB3q|cWg>OGKYzzM%>`m25PHx0DB_Z0sH-1<*&{|
zA06@iazgE(28@p`z;_eC>40)Qu?tGB-?VhMVm3^i<}l%dR=$fI>M}Z)uD)~n(Sm!=
z@RCq|CjJ8V#ApHcqi>Xw-vz&3R5ZxqgE$8s<`g+4+M6QGz&afc+={~x<}7+YBOW9F
z5##t2D%(4G;7+^YfA16dkT^$m4rr6?0to?G576ICIl)0<gr=1!oRMhMy%jM#OCZFD
zr`7S63@-d6SI2(n5pK}n8p}~}CFS_mDBf{zyz{YR;v(v2TeetBtX8f65H94<^adI5
zOr5ydQ@Q9XTR7$;#RS-vR9>A;`EIhDy-TqE2a#gBMQ`-sm{LT)c?Ar1Ad5EAQsUTV
zQ$Q0bXT9F>4Cbe!E9lC>V{W?c*c7isdMw@ct(i-}Fxj5=7(buK@x5%AlCfSlrMiG}
zF>nA(?f_wueXEf}!RVjeu6AJR@M7T}1|%MUbP6<tPq&yk`SLn%HQi}UwbbFr*JyHf
z36TcIRps0Cy}x~hXRo_*zZ0vdUtwIER-d)TO8!X3O-$J#0xlqfd<h5Q(b3WSm)DdO
zoH<|6rc&0UvXD@Bp}@-_h6C{h4i3U8#sA#K-!s$7<M+b-e%(mW>S4RyZK2sya!(|)
zLNCTpG45FVw-{hcHL0$)I35Fmmdc_6)I?tQTY%UP|I4BL#EN}_K=ZY@uu>GvdOM%}
z<8xy9k^>L0A4iOdFkstFoTssS?seC?8&Ud_KHO!3Wi?(9_XR+mv@xcvk5l4AW4Kx$
z8=Kdg?I~OjHkAHPTVEYe)v~_5=?<kEN$Ktu0TBeG8>G9t8>Iy44hiY**a%3&raJ_r
zyBod*=iJ}D=iYDrg1z^wHSx~O8_)C3uT4%%V6eJiQ28(ow(Q7XV|CsGC9u;_+E9hY
zdr8{-I$xiU81baEa^>gGPlvfxNiTqX!Hd0$gb(wZV`r+`92o3qYJMD_%Sn}d9}xX7
zEWi^+;8ZVsK#o!Gry>cW0!`BpA5l011Nii=c;#2bXTZRTt*WC$=n#~ZPqT10&LxPb
zPbZLqd5G2PRoAXhZVRC1$Bc_6vkL{F=^g`OK5Udg4D~A4NWkmc)8m*Y;(nzzaeI2X
znLG^0_f4DE&oM;Z{oZ_NMxm12tvbwY-TNc$?08+vhD7HDCu2u0dNHM5N<D0m)zoEC
ztLpq7M6M@5LWHj7GM9SPz~lbb{E7@1L(<Pycx$nnqJQhHWY3PG$CFC=#ZuaDHBNtc
z4o+J<+GfUYiV3KVcR6@Gg<!rahft2|#P53w*iyuo>mQ@TCWY<TE^PU<k^b<#?v7N;
zTr4QtKWW=T4(b>+yV^<MU$Je%8G4bo?h71s4I<<S(D>-E8iMm-CY4pJov_%#m0&v?
z$i|24zrb3a+&X5%-;U1eU6N2|)}2<ivYd*7rY~?R6k~)Dpiu=OYcZive~zlD)6p<i
zrXj?9r}?lli0!r=pmMgHnmY_&dNJhcZvXIMM&M4dGl#fo$;skaB~{1e4S(B?Ie+&W
zt7wHm{Ts}uhaKm=9wJw6C)5`0dTP@<S}8%u;wb6IrUwMT#JdGKko&EOvi>8uaCDH$
z-j?-NbkX-JAdGl9AK*tJG+=$4AT5~XpI58kM0hi{<GdmC`<NvW+axJZPuoUKKD7ID
z!p?Ko!Bva2v;O)wH`lMGQxVuBiA@I?eU>~g?Uru59M`jRWWQgtz*B?%D{ft$TkQOa
zd%40JPR5aZ&=UGCzh~Fl^n^ExV?$>hPW`3heanly{iheG-`a`XjD8gcd|{aoDfA$B
zbRbC+)lahxHD%X!VJ8V<#3y^)ODJjLA?$hf6a3#IbUZ#RKMFjI+o2!#e;PHbsi}!0
zMkE|)rb2)Q`AC-+BxJo%CqM{zSSg8k^arFkLk#^Xat%0ttLmkm|1_Aq7D{<SU<FjA
z)5yF)-;#KOHnKDW2sccI#Qj_pV{PaQcac-g7CZ9ByuSm`nk`6qG_C2X-)9Xf@dpTL
zU#~qo_iO5!Iil7wvi+7t_<=HKlYSfACV_(R&0+E15oClpdaUz~Y_tRacj``V77W8^
zV}(zE167)NC?amFz99$;BTxoaz+!#a=&Z#XyQQ<X58BQ6pLOpF*r8m%p0&E*)-_R5
zA7QxrEe$+MKyw4FH;|}WY(o2iJE&S5zs6hEqBQpMsV<C%<pmLYoy`zjM|O~POs}V(
zbu0VvVouoFdHh!E3T+=MpnX-UD?UJfB4+-oeoCvs5%c*tTb49hy#uPEXai<Mr#ds;
z;??hXQ~Kd4j3D%=v{FxdnyMcTy}<auR{oA1lp<y79UdBjKp-DZnyDCPt^yOqS5HG7
z-jv7Vt}9dXY7PNrRNt<w;_imAUS(NM8K+%Qmmn7Og;!MA!Sg7`?1Ki!F<FCQ28*si
zXVZIX{~1h!`rlYW<I`~AhQB&Duv{8oSK(CvP`Vbw$3|Ak(@&5tse9Y!*g-&B%DsV>
zyL~MJ=)y)2rbprGgnN9$m)LBWj>$p<7O^ZQ+=XA|X+O=;h=B2@BOdvY0_NnLfPeak
zHeu3{oRwk4Qh7*^P}vc1@dT)&|BwS%GyrHX3iyxwukcV8O!R)7KI`knYJQq0q*h}-
zBVw*G@V#4mRl1;kYZ`}%34qYj)&K^)<=4P;s+{Xr>PKdIkL-7D8@dy{R7`+>3ZNIy
z(;1cpEbjLR<afkGgKY<FAHX<6eBhF@(?z+5PrBWsevg0fRPPhlpC5h|WF#Qn;(&{O
zoE$hy1Ct3}Lx2e7ZKU=6Y&gg&8Rba@8QVs--Z>dY7D+YyiJkTAZzJ@KEP5LaV53wL
zjYLmeH2EC46ts?Un&XR`en&dD|9eYz<M?Yo?sJF&1nExGiwXbCxj2>gDblc4$Y4$Y
z^!;;ib^0S-;;TI-R*-^`MuIUMDB#{xhT-BYLb5}NB(so--+`{}=u5<9-E^eJ{rD^J
z)tw=3sgP;erLI~$VodU-U}@|pKbARHN={9T2@%(a0-pTG6-x<=w?1pakmAj7p;B;4
zvX0Ks!rnQmpdvw(tgA}h;eJb@%l3doRH@KYAbx6iZ_u&{E;<2N*a0JeU&+;v5fmMw
z#|qr;cKRTOG<HQqp)Kc`{WGq$JfC2{9B%bClpIy?R@nzW6YShmryV<$p<$uWZU#Hi
zVf+`OO8xR()E7vD7VocTm{bs7E3%l|QzShkLPrjd8STA7bCBf+`Na5mt_L^Jmcn#Q
zQ9|}{N1mR9a5I-{RKhFFt7K<$&5)bGdH;53x~HI%I)~YmqQ;|C-j9rEzXfZR(Gk48
zgu|}KUuj1k){-Ah42`INy_@5B1-W<eBJK#8^=*Sma{4k-Eo=+|jZ^Nv8n!7BS$0{-
z>GjLr&hg*Owjijx0CS&pgA;K{e(d3!^EL2I(E^_BMKK^So{=Et1eZf?a!CF>O{77!
zItO?c0(KjR%%}r?f<lwwmrzHU_mo)&VLXVv<*u25)}9%XO-6_2ZZly^4B!ShSiNQk
zT#en;W+F#8?Soc2@#GI-3fQ7;SU}qN4Ic8L|M6u1-|)BFHuJ7tTT4_XuMNU^T9+w(
zJ^mkj6rQx>l*ynF+COztt2&N-{<)AHMGn&iUmNugGI$q6e9Q%!Z*|PkdkC<6kub&8
z5!$1hdzRPAFdcxSBgHYym$Re|cke&Jybf%d@Zot`s$I#gL`(@_Oyl;7f1-NBYfyoe
zeTjy`k7*<w)^4`(A*9RtXGMpp5u>(ZN^Jon9Hpd>T)VMoLcpi*$vo6S)X!@(um_nB
zQ`W1>QyZM(SG(E&84drV^uQBH^M^vZ?DN6#x3l*NHV*)M8Gg=TQ8GG<{!sy@zd>zQ
z?jpevNj)`SU_2+`K%Z1GJl>Mnq^?jYBC9&v6V)9DsCBSE$4mj$(;Ncr^SHIOWp>Gv
zQ0(wI<Un88mGe=e9AC^-{1W?w9(d=%npG%f#r3I{!|5psP)@7S+W*Ew8uUH`B5zV{
zLxTO*8AirP%&w5t2bzr7pmzZWveN|?p)Oqh&L_GmxW68CYn6yV{B&YWTCA6-q`!>T
zyDMk~9D1#AAYll`e03e(ktQy5NV%xEYt}l0e)~&GR&-OI+~!O|&wy+X^%N`r7Gz*V
zi^Yrd5{u>8!MDFk-o5o_i$#dO|HX_zsCThn*zZx<v9==s>0yG^_#h8nqB_P$fcF~v
zVzpLM4r)$gCMJoKi$Aho{JAgX@Y1)o>;}2c=l6_CQ*kcq`q%n3gP?h&dHm37!m(v}
z*2_PW=Vh!%drH@W(Up{BAPU0t&1W0(qbU=dYb$bgAf@T9ZrYbEW(@!!E5;~OhXO?;
z3<gqBABR}~mkHQYPpg4w1dPu&XM~itfQdz|BfA7OF<+6`R%Ch&eywQ+E%I_8-FR1j
z?2dFkoEr}-waia_R(#a%Hj2#uz!BPTgHmvznSiHQ>HXyY?Fvq{7Q*-J=)t5k+eY8u
z$pvR_N0>?fYrs#fO#k?Ec=Dt$B|n$-9FH|_?1W|#KfAlW)tQ@c>sLwP(QjPaFK|lc
z{WzLUwIFwR<+-mUfw>&CedjBpbjau0*uXgp{VX-A!EhvqH=ooI$9Ub$+X9@>r<dhh
zJ(*SNM0Mc+NnB(c^T&*={)5ighhFhkPmDj5W$1SWbUN*G$KH!Ovm-srD=>xsI@5$d
z&K~F%B2gVy@VJppD5=tf+yVt5v?tCJlj9d7Q|FghTJNPw{kil@^sjJ*FS&vB#692F
zY5WB_s2dIim$n$`OapPF7q_1ufmZ2INF@I+M4oO)<6n3_M%(SOprrnP8zSorA&sJg
z&7}n?)ai0xl&hVdT}})`!=ZXF!vvOd`m+F;pSLodb702A6k=}Y`g5sQTEUDRmQ6Ea
z`bxnVWmQ=}x0B1~M-8_#_4+kiBml+BWM^@wF*;mUu4&#S9=P7`<zxHsx7l(--?c?)
zJlHk$^t-P~=NS!7rrX(})*VeX&R7^I>ZZA1F<?1b*98J%<2oL4-hT7p`nqwJMsyrM
zx`bw=3X>HH5GuXs^yX`Qonk*1TT%EwmIZ5;16AWo`b9~&XLVk#K8a46hzHCXy29%(
z7S`w4Cq7NhShlc9y)o6$zHOf(spvwCNZN5QF=^{Hb6_Q{1`h0bSL4+;A2hs9xoRo<
zuySx>XPe+!3+N{hRqkWMroN2x{~Am(oF<(7h(~fT#GWTWp|WEHVx3X^HEZZ0a(@9#
z<Y(hP7f`gab&xTtejyU46M_|E`~I@DALrc(IIIF^BMJ1!dlm;V`1|P5B$IQ;vJ(TH
zVO#5`=eDk18Z0l9op9D9^qh_jo-gh0`2T%GlLsG=OGmUv6qdc+tRvc6*3zsjFy(xi
zv2!JBJsKl}40^q|%=`nt{;OPQ=lJ)hsKLYwDtSbKe3#wq(w--9-R*w5Cj^d5E^UfV
zE~-%0#dbk!UXT+f*~XR0;w?xvsm*6j*MnE)EUlL(*Z4`zdKXwjR>U?4|5q<$-Lh;<
zbxA-o3qqTdpZ{qx`6ax01#oIka+$YlF+uG!>tI`{PN%-biD;bi2P@8{bQ&f#@o)J4
zBpe}jmm+z`JZ~Gy=1|bu+fq!hTX7p2MD(6q{u(8WgRD@&@_Q`Gv~g^&N|H27L;bLD
zT(Bw@?O`W3m%c^CA6XT^-eS}KLIv-_EFjby6Gh(-nasz}Z$}{}p#6Bw3<}EFCbL>M
z#h5mKRutQ;dNjE!hTvt@aiQT~j<B+NQ>;vt{C~pEbcR*Uxzlg_D!XC!&%KpSPrjvW
z`UnW4e+o>AtJOi%;5UT!d$ItPS!p9oBtL@inWU964c@4;C6}W74R;e+4`SU^@_c)m
z3AIJ|!cX88FJV)EH~L<gS#p~;&exK0VPJX3z|&<I(SM`5znHTAeNjUtT?oz|R>1Ph
z6ByBC8J5>yNxt;!0c$HJeM<1LZzR#!9g8d+e*@CbX|BXM4|O%7^@9IT1%Z31Dd9j=
zPnPQw?!WMD#-KaXN5mh^t7y<CyNjFp^BJZf+0?d!_LT%*6nejx#H45ag)~M!vZYf@
zm|8-*pe3~?zx%JpbaH8BFOvTgPv<FcPYG?e={<9qAT-JDvEX=R85#I)zTnB+IJ2S+
zU&odCdBC4l)^1>bCsN|9J!sXg{L~YD7ILO`{<Sm}8u0e9$9%FN0DyK^bBA(W9%sZp
zEwd8K3<hDDl9ZNZfKy@#{^=GACsa~$jjplz^eX~w@ITGjXWk!ukZcskVHwWNT>4Hu
z57@`2_k6=&ma>O{BRum`Qt`t(MOl~Kf4bcY<+M+{*bN9z2H;cDqasbB28s_N<-Z-g
zfKo^3{fjubUCLy=2ab>O1~y>|v<5s~H!)}OyQ5GMZOimnDx~gU-5aLJzFpc=msFTh
zrN+K(UBC$@D5B<<CFL4Tk>8DgLWi$<6@dz4c(u`mzLgw3Q7ZHEH-!~Sq3IVkvL>lG
z14-Qd@h6nFNep^Wtsqr~o_(xq**${h4MKjh=+^^si9t?H12jEIP_9inq*pyyV@xFH
z%p?dfCM*B{noXBr9MW>ogYBfqh>d@IwAzB!tM0H`W|?{$YB&=cDj*8p?=lwb5LI2Q
z@;w)2T{WusM3_AOMS<?kZDPLD;XQdXT!OrAWfhxRsk8f48ETiVqc?>MJnd~NZ#6Y7
z?Rf7bYLCb@m9>}OqY=<<-FY~_rJYQ9(3r1EO?bO3mBTXR{H<?z{6MjF`OsQJid<%f
zIH^&+C_PiBW>~VxuFR-CEV<K{2RiUf%l6&@Ek8Br<R~V6GTz#NYSp$Pov92AUmA(A
znu#h_qF5)xd@W+XUn9f}D_Q|w(9C-vPX1W0`#nxri!!>41O=8zuyv_&DRJ`a&`yC~
z9fF^Vo`?=YN7z@LW1-g5qZofESL6Hk-u6tqe0r-E+(qa<PxcQl=x~rv_00&J=4oll
zc{B%Dx|pHN8^RcxxeG<b&!YvMPiCkY)VT12JWTj*x3M9Kvr0WF?)g!H-m5c4-fgc%
z1blbZGM&U)N<m}uJc4$__u-}R;ty=~M5Y2>?4IAdfu>^uTujNn$N!BFOc!ZE81u^W
zUc56P4wZ8fI!kk0E<D~SgD20mF>wdg?Ce5Z$$PP;2l%3@Gb2RM-+%P50ubwO4eB#P
z9fa!}jpV;<$U}gqkh{z0)4kEkZl{nQ$eI?8`8!lRi9zvqq}ZPXfD7k$+?S%+Ci*n?
z?d~(qXieK6xV25m%g-tm@SUDI6YpUaBtHZjG%xnA?+Yt!Uu(i=4fbO0!O?&|zXieC
zNX-z{J{Tbed_L|#VX3LBd-(czERu7I<jf2DIXg1N#mbJejDO(JJ|*}vQmzrCwhW-S
z(a;*9W{82KX2l87Zv-z)vQwNJ03QQ@6#mK0fZyomUD)&Vo6d#qW@AiQ?o_|+q2HwX
z=Au=g1p}ZJqnh&FhVf61yu{q?Q^a9KXxSR5Qn3iEIEb+MtB;s=Q1LqALN-LdPoyZk
z&oLJa;)dQw2<;qNI(CI@ZQ&nD)y|PxfDA$-IOl^xvfaeX{N}#KnEY<gbKJ{z<ERui
zyWqeT!$*|Bqj85EMWb;$%cwi`+?24nMEW)G;{Zu|UijioC=4d;jlbA;gzE9k8Qu2y
z?IthEK;yYHfu)HAI^U^GDG=YqrX3Qr+?y+{Hl5*knS>mn>nz~E_C3Zds|PMyBfWFm
zAO0M}zm_fcm{uGUgZ!}NRPHtQ&F?@A;k%>GrKKe`J>X_Qkw<snVqKv4J{LW`Wgt}?
z)qn#l{@v1L+w|=0^_UDx-jBQv#%tSuD#nnh53)sCEP*QTGhbA1Sw3<cnJ&v)&7@s#
zhqvz&wC#{dNku;<U+R5k@|Yn7xp;dIx{@3DIO=b4P|vd;jThI074<ox;|<Jq>7z)l
z1u~k5ookfSm(Oy|UCqy@j@C<2a8NZ2ZTuOhn(6hU=%BaN*=IE2(=Wd4tLVHoYr2?h
zb^bxTn4HRPGB!Z~dUyDU3tCD>hbk;?q0TfYEso-IG1=WC@Tno^nGX``k(((>KMby<
z_7v(`p@VCI+6Z+tP@}b^RQF|v729(E*2jGPU&{LSWT|Nv=h1AV;}^V0#b})dzWJ;+
ztFLD6AkLj#TENarl~G==GlvxJW^WfN<Qg-8!weI9_yx+BzrArK^|*?WFNJaY-pzE_
zW{*<w;e~no2z#z!ChMO^_t5cb*UL{*r=xEIO=K@7#J0=&_#*239xZnLbMnQ8GTkc*
z<W7rZZWg+1biywSd>Hx^?XJcicO(*C{3g3Mgen!;PKC|&wJh{o1KY055+y(P!Q&g>
z?E;$J#nqv34S|CI2mn|Q+5q&SL&=go#3AoNoR^Eo2rMaVn_P>G?IgaKSfu7K#NsP|
z;j=}ModAF~>Bigq5be6zA0*kc4+2oUc;|wqaNVRxoMf43J6rhgkIxv{NA}Xtw#`Vx
zgiiKTyu&y5P`dcr2|a&kh<1)R0XWSoArRqB{>*)ZtMj|V*g<zs$(w~rAO3W1-nklx
z07urAtok44$RJKbi_EA(QatiA*}SN}B>w-wi)jiO%aIsvaCHw0+7A-QZMA$aWx42e
zJhSMunin5`5gAGN)M<J4HF<VCJMt~MYmw&i;imKLE+cRMx1BIq&24SEss?+a6@@#i
zJepC)yI<Ty8sL)hKcC5&eM=AndmA+L>3ZF#t_;X0<AxP-Id7xJu{nE~`k0q8R8dh!
zrZ>ir3nKyiCNcTG$60UZsZx1bn%&W8Ns@bGJQ{#@57kK~^3annA*JnU<DVxbJH@_L
zCEvS5Up<0c^My1vDoN(x^{rbg2e@Vmt)vr;DvbQI(-VUp^@%|*_@R?McQzpQ`*;8C
zBPA_!ex!hr<HDGHzXo{`o<Des8GwIa>MxY}$!wGchHf(c!QtT{88K;dXzl#^-}KJD
zAmP`s!iTxJ^-4Dru-m`1b+OG2Dn#rbrhnLx7iR9Ys{XF})UAy*O$%7wDf?8mC_V9o
zB9z}+KBU#swKjR~c^v(RdG$;6IJTT8{eV=<3r*BGXFjdEvZ3lk00K@K5!eo<SV?{y
zBT~&wA#Y6@kh$7VeD8{E8?2NWMNQLe{Fx7&Nl0tmml!#m#4w5ppy&c74)@=1#JI7&
zWE*PVvpCDAm8<nyZ|61~O_u<(-WfZm-{l<&S8k<hKQlr}Q*WK?BECa`za?jL^giJL
z=20}^$HE&2@yXz=y5Zz{UZ$!?C7s^%nGi4&d9$hIyaM2q7jw)mEGghB1Jwr8Vx*+W
zEvO*VgTe6rGB$|1%|G3iD)qaiY%HFZB~vd=xfFB^YBh`bC%vil3KlKOc~1f}Z}Z|h
zjf#<GbUuXfO?fNs8@hjpOkZoL%9oaK+%X}l(ki80vmsBf#-?;2+WJtEUnv<3BYi)i
z4M(HH-IRw(xPz)X_$N}+kQQ;(zu!f=f?=V00v7bWLx>^RB4INVL$Bsg(yRuE8y(!q
z+sZz6PKQl&o=+w5;7l$zjNW?zjM9@xqH^J8`TO@|VEfF?$<tpMQ+h+M=|cKcvCN#g
z=r*h$LE1tO{vj9D9Gm%F?;-1z72OkyO?CFR)~BN6FFgvCvCCU{Vy74jlX&<-LnP}4
zb=*qDRzTI6O~USZl))oS!pZ9@o7S>yE`ZfaIrh+u_Lsl%-^`!RBTS$B!59wP_Z2~)
zI~vp@(f=a%^zHF<2L~CC0N&Dn;s#87>KF7^uhWR3>dE@peiawKTeJOar&EhZ=;zHf
z^xA{T&fd4JTOUX%MTr5^D}AR@@w3bH4?s&zcSv%ZMrgpW8Q><rO&zLZs8@n8Q07+%
z^Vr^h$0S`!(y1BB?{~&m3e^kuyVVDPXN}8dm}R}@!-`fv8t3cQhlT8=3pxRmLbhow
zX0->`oj=Te!K2GALX=Kk^Lyk;_H=6B&5q$sJ&~&g;8N?Xb2oW%amo$c$nlR3s|7lS
zCSs!A^1pwZ2up}4u{~BvTfF<Hp*N9YlmVF7(Ni->0dCP%=@R#8mT9Nvu0HXuXk1V=
z^b0UgR#(fKS;D5N9Rlmn<GV6&cZ-iA&WWB;tIoe@N@4s`b4oo_ks1a|9fw#ee%z-l
zL^_I}ft1BQvfYxAl~}OHqJn*#B3&?~%k%Z1?el{HOin<CCSeDWFLxGe{uPO1q})Hb
z`&Z5cWdh3-t__XX$mGjV2XC=OtL^hs$oG@_JCu6L@%(l&QI`V*T^hxei8PzKez#$w
z=X&r8URI5=Jc&ZAp@p?kR5}p-L$yYDWAtO+&5I>eiis9daxx5H(v-ie$<$nO6~n8A
z5{Bty=mi4k+*+<sfp}ukaT``JtFM8#H^>ZEobcD)tVKXDHgaW>LAAJD_-Jo*=LWh|
zr%md2mRxgZ{PPJ2sbx3@N2x}WZ!ip9H|t^5C`0f_l97pQY2;~-91x%05cOk}evxz?
zyjx;fg!HX=)KYLmOVRxyPqjh5Abq_|AXCseEC(MI9uyck^}eRn-C+J?aLk*MSbfJ`
z9#|VXnf#-K0>B0b3FF1oAM*?xQN}Xb@+t(^gdG&CVE9naNvH5{r;REy@e*s0%9oeY
zk~13KUVgFDFWjWOw$N^&pj-#$wm~ne9@7%@;hoveaeH&Usa)oA6_+Q|g24wkS}7@T
zW^&>!lGC8qH=xaN`=8^57`$9oHuh>KzROqH`5B=A*dNiq!-eV0V@$NZEbAZ{vOS@l
zJHmMUCtvL5lW!N|Gak&aOPnSf0~%xe>o*Wg>2$rK1Tnp8OJxJVQ)~||-=}zK*CLaK
z9O2Z^jS)ZP!G-c7HG_BZr2ieqMhm==jdC9^;Zf#YhqtERm(lAd+C8o+1!E)^1KX1m
z8B$I1rac6LXS8V}tUgVjwMZ0QTeKmr$LG%Yo;P|6YD6<+YGy#5XX?kT-btT6A&k+o
zbaQJ<i|it=n@qKdh&n0AWOIC+o$8#U^ycPYjWQKLvAcDBNsb0yJhmeTfk>vF@&eqI
zQ&<J_(L@$q@4WGE^hg4W71;UhLyhQ$MExV0!(`Y#IJC6XK4rLK_G5D-HBY{cT&y@w
zxD%#*&nrbU<oaH=zU_f9?s=pxXQL2yTsG{}@~%cw4>C@Re)?%}iF607|FKs?XLWs1
zh>XDQ!l%=~`5J1h1i^3lE)pIJWp?2WCVYlBy+|NrxyewgOqvT```;+j&?ZTwr_Ig<
z3%H~4_HfI4J0F`N@301sP<9qbx-$Bp30&X}Gvc-~R!)(*m|{7$=cPSRaqvWc$i~GU
z4NG2-uWftC-qb?~U?DXVTB;VITvxn(8@veX)4Yb*HDD{9QV=-m9vSk@(89UxPnUf2
z`(n725y3A2V6Dqrtmy03vu7vA=z)Z{(87n9Wc?4<J8I$)Db=wADnq}LTG$U|vycmr
zSxi*ICm)gV!gAk78C1a8KlOW#InE2qRBZ^sDKU1Mj#%FVboSjCHK}w~gxw7X$geV#
za&Lv<C%KuJYdoT-_vn-OJccryB#56zvyq`T!d|GWoSp-9S%~#LL7ZW07_<6BDf3Dp
zY~+G*BMn0wgk!3&S%p9)!v%T9`sYeO3Kj&hCqb+<AwgtJQaMc|vBvQ8*&u}Z^QpP<
zVfJX9DTaKIAV1jRf<p*o&RsSD6Rir=`S4UHhK6BHRKJoQ?m)>6ggZa}E*CEYgOc^Q
z$>IWX2`cI0%mbPz7W>r15@gGZ>RV(tkXy0uL}p`tn_Pp%`FUY9kZ1>BhMPeWmSOb!
zSqAkirM+u+c9mZF29OJnM#DVC@3O3V-oym_{2h>YnwZ_z#wh(WtEMHC1-P6w`VCpk
z2C6IoU;KGnbNUp)VV$SDXHt=r0V1pUqf5LAIbB~Qy}ivH8uIcZ)*5haTPFV4VI_WU
zrAB-m3mCh@R+T`KjE1W5O2yc!diqa2`JbdMzfY~W^32J5ZsxZ<<g-UH5Xo_1ykAO~
z^#LG|iQ5kuz)MMa=EH-A>s9&Y^Tw}LMxPLsxvBecm1Kv43v+_3IB2&-3eDx_3XW<f
zz}t^x+<%2G-$qbgz*vKR*LxW{0cC;=@$<P~#pYu#sN)cPtKi-9PM;qe|Hs*c&@4A9
z=yMBNw#*sA-NWcd-)mf5%kSMQ8aQgVcjMV3aa%j3j@{hQetXRo)pON9kXm3GB=ezR
zNa{30kM?B@2kaFUw<yQfo_yE*Ydg9hx1D{s&Yn;Rbk*rz`%W6#wytwTumA(x^XZ7?
zmc5oIEyorxkl@1afCAckx;ght^lVimo?5ky(-;pIC>xt8zOG2T=SFNGpWUAcN(elg
zCP$6bQj6TjO)PD`swS#5naLXJNts9c9oIy&p{Wl0o-Th(kGw9X?$H9=1YU}G<+T0i
zSX{HGz?R1Mx$I*vzRy+DwL_oYGzMs4g4Emsn(}%dX^q+>pWr<MSPan-&Qo#qsFv4c
z?PF3EEyxj$L9pI$M^~2M`bS=4;aT*rek|`JM2mFJROX4Bo|xf_Vz5k6=1hM%I83Ye
zO7jMBqZR;5RR&l#x3DxrXWMZCR~+TZU8UN<iNdyD)p$syJ}|x2@K3M<y(=rX?VV}j
z!b1#IA9DA-6Ca(r+dM7W9cb&`S?UMhDPj4&gWXz8H?34>B*p``vh%QGAY{qbq?HuX
z)#FZw=^)hom=8&%A6C{CGFiq<ay0rE+j1+t|AXEF%JE4<*BD|FGWYkz(*Z3%PCh!Q
z{@-6A!g2AxE=0O;0lzxjd~vi_R9xRdq^D(SXg<aGep&F;&VRelDG1RP|2HR3;C|f5
zme&bRPTtp%rUYOQNq7@h@ZrBHS9rwC*w{0p`l*Gbrywm8>{<)qf2NG;p1rx5Ip7W0
zakQ20d9Ub=;Ik(cDpZ!?=;)ek#d!TVFYuVfJ<RddmnUA-!Nyo7%?|m%FK{tH>n(Dk
ze{L<-m%+&|TH(@ZWX^UhX9&D)6G_S3#BxLDN42C2ykccNFmj4sZ26nNjTr0s90&}F
z|H#=p<_tL)nn80lNpeCVOwJ`OD$gI>zj_7hp$2bgWhIgcUJdp3-Lv>Eb+|Km+GkE@
zi&6#wfrJlxdy^(DLfE}37+bdlT;KO_6DEn7ID+`c(=WaE#|;PM>y$5Ac9)~mnJ`G1
zesH?y)hc+fe*6TG#uL+zY!SCjZ*N;hf?%>2WAb1~ODx_Fm*0hQFWfWTKIlDG(r=r2
zjLx?G&Zu8huNNV?GV6Hs^L%f4G(li5H7F5wEiF_HL7lP;!nlE&?)EB1pR(ng(*sBA
zpEGk3i+)$gFy;nn?D80yqrtYjXldS959n*Pbfm=E@<<2|y-j<memYYB@qSgK(!k+j
zoR-Wr^yr0mS1@%Ud<G8{|F;JbYD9yjs&w|N{xGid&}O}2op_IfNv4BM5h##O_g8Vl
zVP;6^&AK<qfI|_k76l0ajM+=M2YrKb-x-0Dw}g3roBs~v)qKic96lHDf#_;W9CCCx
z=xi>bS7-R>j>K9KIJf~CyhfK2CN35buD~XHY)kPzm`wLmP)(vmg!Y48qp>|w5XJyW
zE(N?(<1iRp#+VVoBCu+bBp=tMP$s><&K!pRSvNHm`(rjCKQQ9$L+JL+=WTC#;VDZ_
zu5+5Vw$S6qFE&L%<e^RkvvO&wSzYMguhZwx`g#^$0lYB8ix^-VIz6FMA{4<WX|87-
zu)<yzo?`!~r$=xBcS^iFy`1ga*f7=hYZxL5uwkpo6y5^YUo(SzNeNy^xUW`z-&#_#
zEcT@rNP$}ax#*reNmrI_3Jwz`C+`QvjXrR+c2?!|`akf@3w(_0vxH3^S|8Pw|0=JH
zEkSDY_=|Z4Zx=KlTOcVZDVN5}#Xe#aI3!dtjqC1-qvz3X#x88PF-8Qx&Zcp3PR!H_
z{yD4uEq_Jyx7wVHfU64kf)Hy(o{M9tLN(1X#$v%XWs*0$9;IRbzNqnL7AmSMsq|HA
z`loeDIV+nRV^OF$QAn~bUuF9%n*s9{r2sznQUNMmvTScEKu1^@aUn;Yn5FFDm9e%9
znS}k>{Uxh3-<mPT&QC{gc{l7Fk+=0*QISROA^dOB6vkq*Gj6%$yjHd!Mc+n<$7_5<
zk*AMMVP}VK4Wiz<mk{eKDzFlua3?~)j#R_#dWoF_GrKcKqh;xiv&URsbYtn4g6``y
z;`RtLPWN*w_MR}fiHNqmwVEwPn1XY)v{K4bh<GBYWn`<S5ti$Z^PJ8%`o_KCvaI~4
zR(F%+WPcsu2l(d(q$G$ruiuCq=k<5ddTGQ_Z4KSksB|i?h}MK&-P|~eeS9mete?it
z&+%haHz8i(b(dZ+g3)RA3;pvxk4W-x|KwYuw;zL+cz@-v#`e+Ly*GmhKcFYi10u2D
zG#C!!ACKb%pOLIGV|+?*e!dwX*V99Unj{u^0UtQ5-#{N9vnfv5z7w0=Xv)R=Jv6yS
z{&!r`F3u}B041e{f3qj6&5SZa_gBEWVU=Mhcry-A9`wckQq!kgPW>3ezCl;J&rz~c
zV`4f>W`Ii~kqEtY3tqQn=shk=P%WmYMrU#*s=XsU@Riq0Ni}XGr3Ki1_9{~@vMV4N
z1J>}YkYG`Q3uQZx@LvY(JD0<%;?W~ktg##^D1Stg=Ku5o`MJ8dApiO``TQH!8||AE
znDrrXG4ou=?fSfl)(gFHE7tEEDGWf3@&Bu#kBE@;GB6oI0~gx;=-h%g*i<HwKIfB!
zkB_F&E?+UOaPc27ka<F7F*8p=-x9Xh|JnGkiL&Z(LSdzb=fDW~^a?T37rMckrgik2
z#h4?4rzF&n<`pUvOp*zVs<SVe7Id?`1NoCe^_d89zu?1{1!zYCyQW~!JNOaC2%#8D
zQbEnioZp)mg<3z$f+1t<thYugm(#qIk-|W?p2pB7%&K4;7o`3&kN}}T3(@Hc)(-bi
z5|okG3iI#v%dS!e|0~TaD<+s?d5-2Lk+le?6mI~F3Sdo%5rGNLl4qZ_fkON86E#p4
z1qys(L%Wa;CWR+=as^QjxVtcUne_RZWDf2;404Pq2my8ehywAckT(PV?M^6W(x@i*
z6IGa3%{j)0`_|rubGmSneZHl_YsI(Kkk6$r$Pqf?{DD!y>_XcYO$yf1-!M~0G-4yC
zldR@zi+ikjYFJ>%tiFe{ZzP9-1?&cZ+flEkMF3zNjz*-!h}Cu|gT!bkP|Z6+l>Jle
zW=UxIWF_{JrxYLxgpPIju%|9)Z!d@^`ZdTty#`>VtkOJpOq=I#CAF3$oPmNk>65#U
zyVKDg*|6cLsa2ynp(Bo`XGp@VLoyNlYN{Sa9qe;9B<=IsbW>ZTp7@|(sQ#lq=@rqw
z;RinK@~;V-c%ByymAom?v9@VFk%bJ%{R80o!#M0=t7Bcb<C4<$3-HTRZ`b#y47}G#
zvNGsFjj|a}tz(R^qP-;3R@#nwP`cR)lyDBcy)zW^b!}|E7=7E}FN4Vhft26ev_F;T
zWtIu3x?0z_Y83D75bdN7TO6y*DKXH>19WXey}!hqw+Yl<<D_|^{#!=h^t!Y)rLn7p
zHe>&^L!%dVH5`wMoHaKQE<K`4)Zv{aEBgp3(So3|_n#7#0Qv4UGziSQMabY>1T{fH
zc~I`bdGVsgpLBI~C5jQz%Axh&Y(`bty?R83ROC!*8=e4@{WKRmu64V!T6M)O-o=KE
znYCN<I<p!NLo5VYAL}!4WVJKEm+?XYt;Y-mD@8GU&IR&h%W4P{tu8lbg{EYGviDU$
z0gYPJTr=w)wnO)~Fq%WjvA`7bVFFe%(umg_)xXsN&{jc<FWMpV;9pvWpX8zk41=3g
z&dFV%$oyW}_KZkOf|DS`u+IQgn0T}Ais{xg_z862U?aBv;QFgH*ehT|i3a2E^_0pt
zpYH8UOCE=_ffNABYH#Qx5{!eu9PJMelrUSMa9h7qSkWCrl`{!0%zV%yQkbi!v8IWQ
zI;EfKAcRU6M!I@^Ts><ZtM;!|y+NB?M=Kv05s}7gZ()?R2%qYyUml6@=bz`D1>gil
z;2Jm$KM<;|yD6w*sjc*<)B3Esdgxt^He)AH-l!d!DaeQUyedAV?>n{3TGVQmnpk>R
zAS)*1r8@h$UA(OYIjNeYM9_r)TD`+~F_KqGvSSxNtH>8MPNan5GleyVY!c_hlfbWr
z&&S+ag_ZwhFbCB&p|O&qMa0-+>O)4AzS)uyyRj<DjPoOM>^7SieAcFa0y|NUeI0vt
zscovtcRt6HyMAZq3!QD^p6&5@cOqFfhF&MocH$gM5~{K(VPrC#z`pg;V@WR@s94;r
zn66rbcUWE9de?%E3&d)KEAYv6F)`lR6-~i0bN?mnz~;Usqpx634v(;lq|s$xTFaD#
zNq)1G?$K1sX@vyD-b3bR+fsD*pYy)_UJ4##54;$L$A)F0qg)Nclfl$ig8rTv7Lvv>
zG2^x~%P>^DPsf@Z6+rwzH(B(Mv{PNbHjTnZ)OIQVTOy}XPJfFgkqkDSNBkC?tlu0;
z)ME=GMob)kUUb?bBc`USRU(wndqBTSS0u)>wAnmM^AmC^m@&*>bfMcz0$1W=<K6}%
zwgxIJ^x*2p6Fc8SeRBI~zGw<~X#e((rRlOO4?)teo3fDK#G8FB@23a;0LYy(#kz1j
zbTe~U=+;tqkMDg(V~Kkg=HNbaF4H8mtTW=0F`^H+;lFz0iOJG3PLd|?X#*V&|A<DV
zk8XRW(4PVGYA`C`BGnY<$zTAB>gj2s_BE3j(J>W}3t&-f%tirDi4nxB9jmV_uFj!U
zKex-6=Y1uMWn3KdXGL+_)TR`c*>Z~vt>+hp$=bM?7TJn#dtjCN=bA&h1Ae~9&abYk
zX+-b?)YX(B1j1%1W%D1TlNbkR5RNlaE9;JEUo$g(eY5eRS(_$chfbrBe>z9Xoa+pc
z5RwR?8XwirDyD7dx}vAioJenVuBtt}*gWfk{mi)$gN30F8U<ijeP7K-C7iAl83HE*
zWBHpD!~Gpp4v3Z`&%}HX%B#2i`3>B-nxA^zoU|H&%gU(URpzR@g;O&yP?{_Y{4M)K
z(fc*QFzwipqOYAuE0*)G+A@{uO3R4T3qt?M;8cID#biZTJ$0GN>TNK;JlN+;6(DL&
z9VDE*=aP9~Xv^PMQAs^PE()#-Rf7Vyoz3nJ+a5!*H_<qtY|IgjG#mD0Sz^4~gb(P?
zJG=c_mJ)5!hhlR=f1{bB4f%e;ou)vdTS5yxQVeQl6OmFrj?|mw?U2&D;dxtm7wCdz
zpG&Rl;FrZs;9QjxJ=3PswsLO|tLwgm{tVZ9qN-~5)N1(TWb}#oo?^?z_9A<@-=|R#
z5gMf?uR9S2#=_ei3!JRJLjm&kJfqoFi_~8~W1&|NBfhatR#;O*iEK4BD1zY#pXI<o
z9!GcyY15o<9P)LrBvcqf@E&e6eJEu0wov?Jl7jzVW`XsT@f|Pc#@>n7551-7O2z_<
zN(qE^{aQkhXrk(wvA{)UB25dzAJNa~uzzV4=h8GvyzOI%M|_uY(0QTYn2>fE0s4=p
z7$&6#7bP2m{%7He{vnS9*iaH%!f0MoM*3=(rttrxpLfU$dH)pbxjA>;(qk^GwXHn$
zW1sWQcU4!#<{No5@uUr7r(M$dmrg>i>vjAqKR>^yh@K0*e1O0)Yn-7_%yuoV`=UFm
zsHlj4Oz1`Z<QW|0P$<84tW*LSdQr;I8iL{^o2w3|ndKh7qKb-&_+n&UY!8=5ZGfVl
zqipCpi8!Ep7ZF<3NEOU-1CK6x|7I{|_y&s3<KpLrA}DVuE5$DhQ;1SaCzWST(=6P_
zSaoh4LxSI_<KU#I2n_#Y`=}VGq${wu_|r~}d4|wXGPa3upmQ9VtbI#~@JA{yrD-AB
zu$|+EiUAhk@zl)sR#J2eSzR-yIqd+#6aIZ>>3D4yQ#Az@YTLm96IYBb-NNnIuV8|S
z-t=)|(&g<Fi$!k0j;d^Ve7OAyT=4o;q|NQvz|?fJP^n<aW4E;IsW5--Svz(ElJY;C
zB!YXZ03{*AeIt2lY6`dq%nrykZZPA2wBQICqO-0lK7bS^wNivDnt6EpZt#|5Q4G9)
zjh&)-q8=k59k4_^pO^Fb+mCj$wyKwalvkKMuj7s0S{L$)fvKme!|fGEgUYp_^q*NA
z_^62oiUn)#r}4gGz5aIBu@p~7``;S+lU5f{MPiTjtWuT{Ju6c{G7LkC@bBO43874)
zf$zz2o$6vexg}hic#Gt2D8K?l7kldw`4h_F8O1xvuLtq*urX{_d8HcmV%_YNNPASy
z6#K*hsFVRz+5TNcEs{8;_!}V8#p-z}1*p+<Af^Ar<P|nyQ9Td#L@QKj7TH#b*8sw2
zFoWd_zhi~ZWdKqYw(_WoB>JQ=4b@WeV4Ael-%bpw>r$?H#cQWhJDu6Ecpx|g$jc;f
z^#zGrU?IIVFufcK)cZ*i@cS|LTA98nC~aTqT^kE`jc+Dnhv{!XO{E+M1+7CJ=^<7I
z@`m<g+Gw45Z3hYrbJb14h&4?Clh^fT&_!%!K}s{K2BW6=JqGV38hteL1Hn7=M-`+#
z(3w7h2o$dAQtL1c;%klDVCANfr%KR6E~5QagPfL{Q*)*A^Y$k#uuC39K^ZZ2P|Lq!
zh`Ujt8(4?SeQmN1-)<{<y}?TXhEu&__TYOAhJ*&{8S%Y4t>PI7ycf<*>{e@ukLf$B
z48K{gcD$$WmWN=eTBm}yl=&uA8JL65mJ&Id^xK#R5L8cr^dX(0YeB!s^4jV0*K+0X
zeh!B-l<=U9tE@QU@kZTD)TA?yrn%={4Y-8di5GdiW=^ZU*p5ES<*jY^(T*;6GgS<+
z>GgS|l9^@s48iWIO*bK`v-j(tdLsIuU>C(o1EV=I7uB$HcUB-0i2-mQm-86Jfe$SO
zfXM~i!1W3WUiZT6PpL>1>N?R%74Z2^zEe^<Ed#zyg*q4;+28=kcwA4OTD@|Cqqd5r
z$fDQNqbcUE1rbQF0-C=EvV)e11W0hCD2q${OqFyc$`L{S4{I+7bamrR)!{*nzRll_
zZZGWI#)$%RR5N8cv5`-R1Y{^mWn3=gX3n#&&{ZW?shgLRwv>h2TB#tF_b0f)Y7YzX
z4`d~?EqTrJD!S8))A#X=Sbx3w)%=$OF5_)$n4+R6fL+2z2{OX=Dm-oPERclCT5c_%
zUN4g+MRYqDvfpq)Ei9r}{#q`LA>vOgGQWMGtH>POJ=d>wU@KHSNlSzl{N|>W>me(*
zNb$Bva~@2r1`_3afFv7l62lmN<K#XXnzv0?hYbnQbwx=p|0;i{b&<Z%WuInv8x*Aa
z5y+v-ko~ShFYab`ucJ2D-02h;GRDufi^~F|Ri~lN7^L^&TO5t%@SuvN#f`3m=^Ovi
z#DN8_$GRwlE=MqqAI}Bw>Rh8shQ;<3pBJEjiu>OJ#c2GeLU~-g9+DGV)tCBkJn{J%
zU%9Z6n<TE*<m&`CUb~l661g49zXWNR@%nYAuWOhD{!FX&>D+l2BX?v>d*}1`rKJ}f
zy2~DpSL-hDz6phK-aBk{wvc6J-t&BTF?x5$!iI&u$ZE!F<-I24YHQ<(PHRDR)k*?B
zR%e|)WjM5bY<|7Da?<Jjfv6fv-2TI2r$o=~p++4_p0}$8Eqa+}wtK2{4AkP1I6sgn
z3Pe}G18T4M!;P5Yy&-sZ_~3gtJ>wsl02YAN#@}SfAlee|9{Z{rR`Ls8Popyb!S2$s
zwpbC;+Vtz*OT9FU2TC7jh4Ta#gaxO|xV&}2%rwZe2A*RPj4qspS%1TNNuMFWt}0?L
z>&&gvQgQN8-2S6+nG<7T5d;ue?cLgR!5M*XjX-KQE#FmUsmoiuj*pH%yRCl=_qi|V
zJ}TFtgCgp^aeth*uxOR4a+IeD?5dfJ7ev+Pe=yF0o^=Wi;PfF?ceVYLF#EdAy9AD|
z52UYt{TVAY)rUX<L_Ok2b0d^~H3lOYd+gtv^D<<w!;1riKXt%MKum-blHzb(>~?UX
zZ@Js|k?pE4=a-Dl2Y5H3`zipHyh?8>5Vf}YfPJ#3{%MsrYFq##PWaJmsmp@ZGIjuI
zrcOu`6Djw<Y=h1jVRIR|2~*-ezgKeE?d95Prpxie_G!Yc>GiLwAe~3OC`&1>q;*?-
za<+6c(?ldfd?cd$O0DgwrCvEk92lEr9AUPHAGnNFxviLATZrtHLh_%I@UcPORuf$U
zAhi4Qa^L;K!{usI3_~%B@G<2@v4Gkv{OB{uCH;o3%IfV{|JPw7r!D>jJSQOx3E~@T
z3;yj(Vd8qWa~6}r0ra7Oh*Py6UZ%?CYuPjguQe>+ZSaf=k&Q0o7g>D#IJ*3B!6W?*
zxOnaK8shr^ki93Um(tPTmsrOS6HMsEl0IaX7!yDs^ggqLJ&iC;EM>P8-daEd?IotH
zf!j2*6%ds&6@a^VddOtsJImPbcFv34o1SPyj*==W)w9H8dR0b9hJ`QWzLXs9f3}1X
zssZvGCcRQEK41M6zP7eD+FM$`1ej!o)4nUPt}>jE$f&5X;3uL`8Kql>UYpnTSe{Jm
zx2KZ8tkdLm?GQ^>^@R-+@vWooAJ698Tq-flu<-EhIiR1I(`p?kwwhvt%<)H=OWv1@
zxw*MVzRNFl*OO%dUgFKo%~r?L&v-z>nTMC)$9td&o#qFRP+RJz@w%2%T_B)HOUS(~
Jd!rxl{{X+$Md$zk

diff --git a/components/engine/docs/sources/installation/images/osx-installer.png b/components/engine/docs/sources/installation/images/osx-installer.png
index 7db5a7e0f72ce41818540c0d764d19a2380a56b0..dbb6bcd2d903d55538103eb343c9490d563b9a7c 100644
GIT binary patch
literal 102026
zcmd42g;!MF*Ep`CqJ*eONea>pGSt9`lt_b=bmt5WLn{bKOM{ejHw+EZFbGI9LkUCo
z5CaS`Uq0{qjpuoP|G@9Ab=SIgpR;@4bN1S2-!L^5d18W>1b6P-Ay#-VqjBfXy~W#`
z<I%%g2x+pi+MPRh!)&Fc)fA+q8Pr@Ht!y1E@7!S{E02{>#FKg&vJ^4K_L%au4MFS!
zS+4!nNLi)2LHv|&vfl{oJe$(PzQ>?kUSaWe9qOKfU!3xO1CS?~Wd}1n>Re*De~)oF
zy-ix<0X4qI2Ex-CWcAP~HM}Bu{tldMVt}U~u|5qrezP1*!t~8dN!{L?D_$@EJKeN@
z(60s~X8#!#?2g~oPiJSrDi^>rp<cRBe@jQB(&Ep2?*o5S7F(`7uP)jSQSkl1C8U&b
z%;fy*C&_bRQ3{%y)%03KujXUQ9mM^=1kW#BpNu;3h_wFF<L2-RS9lgNLjUb^_Q$y3
zwQnzKb#Nkyitg|UfDw0=HbR%_ppZZMMV!eaX}SB)%?e=h7x%(S+8uYv!&xHKErpVb
zl1`h8sTdV?CiP;2S4C6%(V5O9bu}KmU&oRwwA=18#=l)M)fvjT<9YV>u((t?1Ft*c
z*IsP}Ww<N-@VmL|nP!+EeGTe?G0i5fs%-krU(ttR@=2$DmU<cX-dWxlHSFEjp0<Cp
z6<gzPoswbuQP)jZSxL;?5zJ$1;b>;b0|h(XI_=IKAXM!35p3yZ$^ZpBKwQP35{&;f
zL+tkXKVV))hX0!4W-r00tE|Q#?dW33AjI>AhmTQ`fPsMl=we|drXeHuztL~sBp7Yn
z+?>RCc|AQnc{~Mq99^t=`9(!VdHDo*1q8TnXK=fELEKEC+z?l$|0eQ(=*U>Qn!DIK
zx!F2G82&@o)XdS{O@fi}KaBqG_1|(@LT&#aCy49+R_j(l-v5m7^7HWV{$JX+sKEa~
z#nfz}mJYfywqQ$$>n#sSVZk@R|C;~*8To%4|ADFZ|1gDw{)PFEk^hYe<o%BV|4`_^
zt@U5fTXRVg0D1qf=_Lt5!e83lx%2jpf{fHh=-pkv$LVCf^*6$tczE5>y9}j2a~Pi!
z^L%?LZJ>TE6BP#(dT#zkE{a7C_56lchCio|`GfCgFSGk^o-=bWhBsFJWT+Vs=&B;_
z=DQ>k#2vdYITqOLXFPbwtb3ZfkuIj6fh}onZgyNE{2L+vi|OyP!$;8jz<YFeV?O`?
z_VuYO13Smzso1l_l&QzD!vB!?uYTa$sfN6)sPSP(6wA@v?1o$_m*ls9YVt)+?yr8m
z^OCV}_N9HtORtJcr++Dn(YudnQNFmTlDclj9=g}pj*j?erTmM+{YSorX{(i`8TS|F
z1<?U3RyEZwkTMY;z`ez}e_HTY1Id>@<Xd6w^h(S7H=2N~mb8t1>=eaS8*N9s7gYRT
zCN`$H=i^h`(t`G!IoRnUzC7xy&TbN#lq5LH#LA;Cn*S-m-I%xEeq}<!skfKZE-Nk5
zF}=f9(k^!2xbK3C{Boph%0$9ee474=@x_n!R+M?b8x`qYYO|IZ^r8;nJMmzyB<!?0
zEU-mfa*VQl|KGl^;=I>Vd$%G+)z2Y8S=wQ3qUa=T(E*Tm-R!V4PTGi_?ZJb3Ua#~X
z3H(csOQw4*E!E{Q#)bg*EyGr7vmNXnKTa9Kwlm>j2=FPP_*~yxtjrpqD)H|i`-}wC
z*KZl@Zr99dO3amThNP+HqL+FKY9ztaR<$i+f#jpYnPohmJ^KqQQj8A%DeGU*<1Y({
z*1qE~R#)dD<&GAy-pXNPK$Kj^KCy)#Qqf{UO;jozE3<?CTo$7Y1Px*)jh%s~{|xj)
zWu~e^>Iv+*JUGXlB1on=1inK$QE&U=W@rBO^prN^b>;x+#q(CA+r0)r8q)3PZ1P{8
zzWMexCyM9tQ<{qIq!nu0z^J{xeoW1$S80{iFZWNS`LV7Jb^R7<%Pzim;#rZ5%NNQi
z`JI~5sQqYFFuHZ*U$oi-f9*Rc<w}lu*Exor#6>jwpC%5nX12NI-5PZ6;qh&l=;~a_
zV4+7yi~6mcpN%jc`g(JTSjkx6%iMMkb&&Ddzg2sswlr+b*dpU{+CSCOdXk4;jSHKe
zS*%xlF;^c(u{3o6=nxhTaqm^hi-G65duR)&-+fx%0#i4VM6ZsCj5Y7*Q+KrZ*Y}=?
z{maunq+b>mpmNvSC8Z=48AJUOnk>}nh$gYY6+};Me47m;Xv;HVe>loCXO=it9;`*7
zRY*FO>w;{lk!f8CZ}zAk%sc)cR*Zbx8f6Pi<#TcmJ1;7?mp9DuW^7vNJx=7=)=xIT
zF65vA2`yx7D+z26zcqF7DcLE5R_~8;`hzltsb;d473KD*qtj~VJ&FGjAGBX&(zF_k
zE24&m`Vzw^5{cO@)xG|Uw(MyOXR>k7*5a(lG`V0V4~ODM&owkuM~>lRjK-JOP4=9I
zz*KwQ7O241zayp!#Q4+^k2+Cyr>8TqskJoT;Ny8Q&o;KPwbXNMOr)g0wzzVnzLa8V
zmbxFg(mNq*2{CLf5?h@fl;5d~S9%j0>5>HXQ1>#Syg*@PKTb_yXFpQ=^!+OmgulIY
zL%rlpY<4j4V>EKkr^q+(P58jtw4KK>9;UH>gx(IbNT`*$mfnI~fp?WnTcIsX@iA;I
z<ZHR^h}Ur~hXZmS+bfhmt|Q?*nMz{+{^WLJ9`($9YZge>!5OAP$BLpjSu2~__6%>S
zbJdW#TYiz+jVVoTZ5KcYe*>)d@vD~=wYIy@@W4y=HPH9pw%PzwOCt(BEmw1yw|V^-
zn@%#l|G9CTt4c8}$|W?h#>u<akZN^k#c0eJiw%DCEQTUphtns{G-M8_96cQCL%wDS
zCrz9w+(*h>Ku@6pUl?eM&!J-Q=UY4DvZ&(y;(x7U*AMP`29-+QT61B|w$eMHxq4-b
zE#AQS`QW@R&jFS*<m9w?2=G$=$a`Ybs&+B@SvS;qo5>YCAirbRH#Nw@5uYxpZU}ZZ
z$nZ6Mxn{|`4dYC;0gEA^+y7iqOpM?Cgb`c$xz|K!oK7T06siD=p@UkU?r4h|R!iqS
zEs_`2pzvyOftf;;_G&-~dPT;veyZ5@RNcrOA-l6}^HH_QV#QEjXT2{Ws<bjn)#3pD
zKVy>k3p7mw)0xP+VknM~v7MCj9@L9rjVO$<RuoS{x{c$9RD&RCasBZMI=m&rR&9}_
zl)Vwp5~s8aN2VfT<PGPbt-dKGCwaCWZ(?Y-<n$~!#dXLjMF8p<zPT<JVa*<KUjIWU
zxm%qIN=r#b{o&D*YsH-PxdYLA9tm@=s1d0)6sZo+w_bY|pW7I~wG3!2$GjO+uXgf$
zn)xF)=>HE_R!>Xxc~RxIa#<8Wc**y8**eo}ebBJQgEliY7135wLZG0az+m}o)Z4|y
zr5>o(cQYU-Fs=7O(PdD^wm-L~M&KLwHdfY4I0@+vF4DQI02>0$s|IGuBa)5w6e@rQ
zOGt~bmG>&}Svz@`sRfT>b7xB)dOK2_)^9cpgy;x(bv~0$^3s@*b1^1BWHd*lu~zjs
zJi!C_=1e9(*Eqq`d@R{}Cd9k`06E<&_%OnEp&7b0mAMM<J}p;HVvAnQi!Aqet+N15
z79-bLKgtH6je8@_4*D2IyR&fOSv%^HSLdO}T;W0DmtU#a_n<cWVISl>*be$~cuy;c
zPwkfK%Ok9b$S<1R(c`5OgNdO#`e|J1G=mCMEk#8(?j9bPoly|(YRGfmx&IxhBP@v8
znVh987v>Gj;3QRruk?MCQ0uw*`gZDl&M8z<XxiNgnLcfrq((am;&9zTLkI10C!6p|
zOB~xyxf|w>GWgB=3?}MqCpu|1X~jKuCtoSk5fpE9aY~w`gMNI?`IIL_<)x9Im-n$j
zs>v-}c^g)Im@p)_*WwY*Oa(@fZKvWF>#uIWdxoZ?6f#|AR0R-&qxI@aV@1*KYpfYI
zt><y<nMJ<3tfM)t1B!B)vgXp;<iby`ug^m_ADyvDLJTQe1Ss^6)M<D8uk0b%U<!2f
z2#7-bNX&xMIJx;;ZtWyOXR~`{d$46sK{a*vmQ~=}k*r(lpc^4d0uD2Hw_$+6?!eCX
za$m#k73xI$c>_@|Y*nN85yWR)lSTZZsfOYEF>8tWLQDX0NMLx%(K##%beWZu6cQL1
z7*n8>>T;0bxp)yB219oCejrRb$4*+>?~7l|XnVS=OBzYUMjnX`jfmHZ4SVu`+c<z5
zWR8@u=F~W!t}b-fJFkWLHV>x>A5gS;pEjpZL%3Op7>x*}o{GTkG<hF!)mbalA(D*H
z^XDg;842<y_j8E}-8t+O-G$|Vsb(&w5!hzTYHDG)OHxM~o_k4z=T3q`#RDy8g~VE@
z#+uyAQF(#B#4HCr9UmTIqCJv1R5l=IuZ4f`*u;lxJl6C2BdeAHVmw(`zs_16crm2n
zu0a>s&FG~THq~3oJ!Pp_vI2h*FDmP2=yL>DZ1vUkL`|r;qahgrgH%DS`UzRoI!&>C
z$FWM)l+v)sT#P{pz?Rbo4M}Gk6`RvE5RP_WH|HW><DvDt^_Qy*iu?}QrS$w)tryZ!
z#V1FaG=p2L`bf2k#+)NdL(Iy8h<fI&TV6fvNeON&eq=x0t2o;H1pWqc#GIcFSW$3)
zVyl!-61f|*@_vM}CZBjMoRh<N+LCuMigZoy422tx0rh*HZck~(i0?OEg1KgpoeG<D
zG-eI^M`3Oi=|IA3-REO!`njIqe8tzUr;jf(D!)G-Ug21|kh|Uae5KjI3qfI3bQMp+
z+#%F$N!<FFyxZs+OO<8iQ~f}m(X*QGY8j@YG?NVAiext)FRDBlBh7Gul~cll+<O_c
z77`UkC?USR=K3o^cQBzITzUHiubv|5`|?x>e{!<&ilUmUbDH>I*b>SdyYAChmA+Iu
zV)Yx_RH1<1Uxc+FJazFZ7sZB1{>;^yd?PWP0zfhA0XafpB&8y<6?*_Tq(ZUlBzuAf
zN{Kak$#_Basy>+D-Zi{0*Xm0O|FLiI>^Yjm`q2j2Mu_-9QFgkl%gWja^A`KWd=9uZ
z2Vg*d^rP}5S!J)uyDyK}^>8ELTQDDKNYB8Uo^^Ic5eRpEQF-xHiQuyPI8q?Pvm(89
zHOlWsf4<)D64UnUhpugC3;#Of%Jg7q=KBrg0IYqoOQ)Z8lyRww{3eRk_0;)dvT=NY
zbib9Uy4tm?5!hQ20srVezPbL%zhZuE3q@B~D2ZTEYZxCNHxaOXXM1-hCs(W(s?4GM
zVOlSTFqPaNZadU$&lG^=VDW-=6Nb1H6%{?Qm{cziySC;0AQ5q;kVp-NvaxQbMC>Z)
zS^H}A{xm?dYtr0)Ciz@K?i=jVscuKs8GEJRX}wKO$)~gQ(^GVQA6a=;*mcCO-hU7?
z)iE+MS|Hz>&!I_3L&h1*ma1?V?QyW|aQ#*U?yM$~g7rMXtGxPCh-mEF)V?$i<Fj)e
zt)y&)UY9xtSdUS~PT*dCXtqnJX>3xbTi^|!Jm}_f<J>h;wEYKeRqG5zU%@W6vEZ6E
zyGybGy39te(;VKy&|Oj}rS1MKwy(kGPf3<njl_F3M>Vo`I#SVhZL1swUy8jn4;IM$
z*8I!W{GG(kWEhDs7faO&@_TZnTN!Iy3t&|*2bS$7d?WB@KLP5mp1Pgm5b9e;mpIgy
zU-zo<D5_sk{(}VJ#bN{nZ{~)P+CZ&S&39JI!MVm~5gQ%RYxI6!PfN8Q-mcr$yeDE;
zPBbo8k8Kd`ekT1O1Bcw31WvlGX>QT;tDu=`yRFOFMsMaRo2BcwG|)flBAWxKv6A7t
zQ<zEqOma^RW!>!oM?~}E1OJ*k5y=6OTE^uCc-|g+VPD!vy8m>?$cB2*mR_!`_YG$N
zl;Q;GTtBJ@6zS0Aam6_cZcYyh%Do}C6q|)n>$d{Z!=*|@PPFC{hC;p98H{HZPgyI|
zw|0=~Bj+_?Ffz7u(Bu%vNJTwhN?|IbtEt)`btO)~n0$>}eC?;0xh$%BzfVJA?7WbL
zjKQ`4orN~{yV{yjV*N`ouOaeZPg?H&u6&Ee-kqKH79r55rR-TK?4u7p-$hy4jBW6_
zIi`kR)hkvx_z2Pfeu|4Ih6NqI@aPIk2=*SlC-ooB#<Sx}t^(VYV(bw+s6K)Oj69|W
z{2RTLc`cgcINH;BEtadW8=~i@os|%Zm6jlxN~ExK?(YzxK3@0xb`|dCCb7~Yl4Gy^
zhZPeM3c}e}oZiNgJ%m{dSFAGz6^34M%enFJS3CjTERCQ8PN#JE-M2r^CbNv?D^eKv
zqI*TqJ*1^GWFv&-tUp43$m2aEqJ$i~1k>JAO|w(cfkV~$G^ly?)e*Hkl6~6!?mOyf
z&{G+K-Y`Y`k=DlTuU$pPV0WEDVtzbDm6vPG@xVp7H2&9~d$~a2Mc1aEMVl)HU)FzB
zV%?rCV*5c=>)mH#<yz$4bvq^$3?`@RQMzf#G5hj#Vdnnl#+zOP*;5oR`X=(8jTR=Q
ztJx><cKPtCb{D8F$;IIPK>ezq4P5W|z4&#C8kT$gN*-0DDVHn1Bqc?(_Ks=2Bv|ou
zG&vv~Q90bx#S4;ap)3DWY%gA0+S6R0R%Hp6e0cgYazaG}|JsM1=3F4ej6>d2-O>Qg
z>^c`u?+%nYNziLluL%BhQA|9gpl34#jg;a5AruP$Yp8Yd`{CEGV86qHt8F%>5p<Ri
zU~hQvqpN`-mXc&z^WuS!giz$`%6CR6UgP!mseF0md_SYGKMjg>=wGC{)5eX(1beYP
z1nb&J8}YB@Qd;h`|B@PX%u#5NeajzkQphE8cj$xX&!QRv<+MD;Ad=>Cd&}Sj_2%oR
zt5&puT`YUw6VhMyXw#n)s#QvyvvTd@%&&IyGS^?M)AR9XdcDD(Q}Fhw2Kb7rG^3o;
zmpZ7DhFkA-_-xB4Vf!Bp)ZCOF{0_P{zQlf1@;>H#Bb1r%+HtV58rz?vDJPQI#dDjP
zHVT-2fai{&D+hWb;^})MlO=lq)Dd|}eoi;40U_$r&3%0xPb*cM>5pNrUtKBPwHeQ$
zZ9b#_Y92}~6{>5bB#V-R!}PWVZxplIi5h?sU3^VXJ;b$W<=eO8S2$o*x#`!F^NI9p
zo##4by=}Rbz4z+g;k3Pq#LQ{>G7!8rtnUS;t)%-q7|)olPH#4<`0e@pJ%(+Iyyi{s
z9#fdDw2kJ}?SwUAYe>IuMaq8HBw{-K;#HKjsy9i3nB4R<x!9RN&t6YdkFV5ZwS^jf
z=JXdJz=sj-)Gb_XbvT`6v6{>JQ?|^U`A5(3NYGIgl#1dM52u${%%*kp8qc@0R=xw4
zS>1ugMt;8c)(bNNsRP{J{OFtJTkE>YL3K7iiHgNmiEniHP950zz=MxI^)H=3+NGG2
zI)(&|a<g#LcP=|6Hw`Qd{nY7GLb1i^lK}{s(;9OwGQ{^IwX{{OftkpF%^?`3{?z!|
zx_vj7Pt*7-;aZE}&Ai)^=aQeu%{j_>;8m!}SdMH8C_u8J9cvd!$)D3KvC;=ii9zN$
z{QdQXDbfa|%s@&T)pnr`EKnCb7e7`vY!$PtPs&)LE}E)ag#Spjaa}}*_iM5=L6gS~
z)9jOzl^ZV~nZK@4TrPd|!$j&SwGG*mbC`14;d-6zEOt=75#56tLnXxjS?yWAJD*=U
z(p{3g@wd~<@h>fPxK;V5T;=}gDONgGVpeN!Z|}E*8*7j%<ujaV|9FGb9vRagbkD?C
z-f8i)#dEleaTj(bt9!M7eMO?h)*hK7RP(8x1hA8Seqyb(KJ>0x)RW1o4g02j_Jp0M
zefv#1VAIX*_si#-Gix1D8<MHP0ats>ABRh2w2!rI=EPb*^3z@RuVj9lZ~f4J{^L9^
zL9>9E=b}bnE~VFOOJ>=O(Rf|Shy2Jc!utrwW^KyV&<IE<<tdrhwKi=DA9N<u&a(^h
z_#H1AJDzzHE~QVVa{$jTtaRvU0f%|^XSE-xtNhjq7NE0>fxRRhOe`(J?%w7beiQ*S
zA=P@Dqg~#n`E5s<b@vA?4}RtyJxWN(Grz<Pvn{DxVOcs0nYi`q-<Bq^zaRA`v(4xJ
z9_wiATWlB91;7ge*!Oi1T+s7&_GiF@s!ea~BD~lf;d;-b1J=k}-?+2<c+&Bx|MYiR
zCjKtHt9DjNKPaDFEUm&88U1sCW%v_glQL)C>=na!S3-hl0{HTtq9pd7VGLcgN7iWf
zF{XI>_+Wh{d#;_{VezZw_q^lK_V8CmDHB|OhX5vvb$SC;^D$d+YAX8<8{$l_3&r&7
zIkZRxC*Ngz+F{INVFvrI7et`XuJ!jW6eau2XhH<>J>~Uo<XR;Tm|IVgiqP%KP!vqQ
zLi)gJ`QjI}OI@U@B0UV;igt`c5Ga)EBS~BnbAD3=3=1uDL@JOa10sh2&ogkroQvK1
z>w@cx#gwi^;626TDu}Dp(;(3a9j_VDo9e4g%^GKBBmLG{My@{m!i;YRr|=>=9GNRF
z*i#Zmqcs<*+wdXQYOh74$}nm3d?Ey&@Ul3ky1b<1m%OHb5NLGpZglG%RKS(t3%?tV
zeds3p{K<4n<MNHTGc@gWf}<~?&h_%+kM5$x9UXg6huZqH_NFv-t7=VR-qYF|0b=<K
zZ;}0$8|QiPJvE@)1;13h{!#!zfS)aY#rg5@``RY>lv>ksPOKnkje~<`LCgy|&boL$
z5n8P`P}>NO)gd|}rVY4|o72&s<aAt)JG}Dj%aS~@RDs7|=w#unP%}6`*DLGaDPQ7M
zC8>lLq2^T{>8>N9lpueg)ku1nd5lC-x31xvk^OXjW?@pGf>+nk-`DH+$sHX|+xdaT
z(mseW9Uyq&-Q}UhBNRIic)Po$+9Rz}@5?s*JB690+=ASbunkqclb_tj@oi89yQhXu
zp;SDV9%}_TfySW7-y!nWFJOBAZ-hQ)G7WSKpVx-ekNz;Rd7VFNIrtR4FVTYETu$%%
zdCifh$jD%;^g#q+AV6nG(w{bQXt686uR~ajM&Q??=>-9^v2H6bo!k_xev{A1<Y(?M
zT$V7fH%!#oSwo5YV?sdPIW5;h<D>p`$)|YUXT94;WGTslLL$>im3==Y@%VQmzv#vt
zKVCFGv8u8e8#T;(#6n0RK;CD)?+^nU^Jsdj!K07Rlv|t{3jsH!Xp9C4(4D-JJSrsd
z!iFWsAmd`p)JD4ug54RaKoAwUw13G&)-`M5@4XJB=k-9#?00K@t~kL0@f*m^cF>`E
z%S-%T)44h=rFy9*qy^Emo(xrtOT8*+8>%K}OvmBS(0kXgnz2DhdybV^)ZVxo);e0n
z)Wohak(R3`c-g}uO5G${$>4LL$Tn>JC67h9DyJ1(wPj^c-<h(i`6)lga=apCTw8a%
zVj3-fcfGy&j()tSe`uCucqf!=SJkVjjljH8RrlatDwz7aowX$Q*XpbH@eWL>Kg8~I
zG@S~cPn@Kl9|UQ9uUW?{<E}`>MINkk1;FGp{TNi?j9xAu9<TrQ!_zNGcP$<4OgXul
z5W$K2#ZFa_@N}$A{|&Jkqu2=oh&-9+Iu$w9h@=%KpP6?PFBrXG^#|E~M)-w?O@IiH
zCX#lw*{F_OjzK<tUq;mEuU+ZS5nGcX*!O;ZBRH$nR)w7}cfkaQT9{8|OB%YgoZ*%k
zDEe;6L;E-~linHBdVA9(6;2s?xyF1KQp{cEsPsmgGOL|y7vD>R79QGoo9;UVVM9Ef
zajnDeX`QI7uF%g<YGe9i&O24nBq&YInU(6)1N@Z44aXYH+}{zO%D&h(ENb=Gv6mC)
z^X$i5Q-KhB5A5Ec#7LK;id{sGFkN3nsUmkWFS_GwRCZ3?bL9jAC^T#0#K+pI#9FII
zmkGOFk!Ii`sn<7W0!(>JnzFs5x1%3>MMbTqYxa0=ph;#3ks2y(W;Mjvq9QPoqX2oX
zN)v#oSIv@~ZS@j7IzGljws;=g!N>IPQG@l^W=ypLyMr?l@Xy@JS_De9=bFUemaInJ
z>hOhkP2od|+7#fbm==#IGGMHvdTyM2@roLqM3L)WuRVjss93~9IpFDd*hVsEkizI-
z#h@y_@;P@FPfxb;#26y;U19)?(w4jCJB{x&Bm%1N7~Zgv>uUMn$>96`byZ2JsZ?t%
z)#tsdvL9J(_mQf6MfRF?cA3#fWSD)2h@|(n;|a<+Ic4|7VUC1ub$Zq7=Evfkf3`@D
zEg@phk}U&5Jg#fLBWfO#SL#QuE9>Vdh~WfP7z)c?T*%Iim03PSo{e@LRg$At;S+cP
z+d_j>F|zUcs_#Y6!O|us0k^4<hDz#@2BfTo@DW&dw!nc*IsvnqNU_(%$BwU&TxjGx
z$XT%pp}~ZC3*VvxUUK$oibD+GMLObeo$G{XZ@Tbez>9b>^653jGBRE@mh)U#s`$06
z?FeS7U{|*=YCET{Fg@5=7p~JD#M4A?=A)qR@X7t*586YTPkCk1AGA^pY2fNc)x^bC
zKOiI!ux{0Pt=kL7O9HCy5m_yV3N}_)e7b`!Ga_DN?&x7-QhATD|23tUffG60*q6w4
z`cv*+OkaJ+4gbTsy6REm=tBAn!gVfAqN6R>k*LPyRU)8&_uj0@HFUkgcsVr?&$$ik
zfVFn$`Tdxb-v?3fi+mxvk2k>M@k1D4a`~Mh+SVcjsc(=t;>hX=Foo&Z92Zoby-4IT
z<M^vN!NP4jHFA}#ZLB&K{FXSU+_*KQpAIW-X1gq&>mN<;7w}ZT>{uw^!WVdyTs(!%
z9ld_QgI#<zQ1mILzk<*;z@zIF3P|!<vKnMtOpm%ZcO{UltVOkHUH#2ggau&KQ|`nG
zKzb^6#RYcrTyl@31h8iYfS)8?J3aLlR_ID%u3Q-l%`AdkrW{v1L8{c=@B>^gm--7=
zCMcCQeI!|Kuoi^2es$D20^JPU#m@<?B|l$UC$E&CXI2hjuq5sq;r)waqWchl+{_a6
zF&6e$O#AZ;JymE-OXimwgsN#D{;&G88!CJu;yLrQUVGzS<pz*#$~{lq5o^)58_&&B
zWk-w^hUhGJBkR|-;9~e`F|WVd^_oa_z>W#9#@O#Z3HM&u7@qL*4Xcs-x<W^f1WxFu
zcWa<?Eicx^p|<8Tab;_;&<3##MaxMNB5IuT!JtSPebqq0=o9LVqZ)VUdgdkiV6A$@
z6ZCK<x?Xf#(wEszzB3uR999h7$5W9>l6IQF)5%S~#`Q|+S0B3#vpPNm-|RL|sMkT5
z;CK!Vxe80QPHUzUhlhbW)kis<N%G+ca6f*f-?xe&aeUv3;qn)0n)|J&c}~uO?mt;Z
zG5*H^F}A9bp(Pbrrlv=xjT<XpX5&V2KY9JfE{43iXk=}N0hrY*YX>?YtL_z+zG9*)
z9ZG6G6(rPm$Y>d>B4WpNqd6V0)+XHFp;fAVSNkd#^Nn+@B-Gx-hP>@2Ey2V!P<tsY
zBxy>uwL3zusIYw3ra%k~b^2^*H<j^0<nFsz`wi^gstFlFcI~u6xUX*x9QnAHGp^-h
zt35B3t;mEl{I=*w-BsxH-OH)Q`LF0>sM9a6m4xz7K|v0h8Cn{V1^NvPO?9(IjYPt5
zKFRt<O09fmtN0Kv`<eR@Wbsx+l2qe^{Q%02G867*_aTDCc;#A8Y~0?=tGJ;q9pX5S
z@I7m70z6u9QkgOJYQYs{GHZhh5xn6=g>+%i9K)cbH;*!hRL!0Md}tSL8eEB=pl(Ic
z8!dq}JHFh(3&8R}$$H7Jy51{BvOe@6S)koV9xly#XD%rwE!m<@E0%YsBHg{7`2!US
zZPLO8p@XaXS^FeZf49!&C0q;7_NcGUS6TX5kcCuwbJG*Vzo`m3vI_+d#sJ;zVyaP5
zpgmp6WargNKuQ+2NVg_8tF$m3P@@xIQ3%j2EbohNb^1wSUe)fQ$^R*d{8g>(a}D@q
z4zyb}cE;`{(zCA6?;$@3JHo5<&J+@m0Nx5Kc|Lc&JNu0`O`EZ}d@AFnc9;QYf})LP
z=7`@-Km=0YFv2ImV~)s{x_dE8XdU3iHs94vq@=EpC&79J<+nNdw&xiQm7VY_rMcb0
zmB><_&J9nAFYVSin%sx5ccnyWrOf&7_guyLjD3iZFMPv63nzC9+R%pcE}tAfCLs!X
z4(o{m{So<NfK=Es)CgeYTt{1|7OiV;>~?dHdZsm6-dMShq~coglYV;FuGjgngz6lp
zsm@=2p99$WgkIy;D9Q3rj{V`K;H62wPUZ59r>cD6Gf?+61+nZ{&c<Py4=yk<cxL6S
z(7k^P)IpiGbbZEfR*SE@uiTj0z?zU`oWHj%>JgEZ5t*pnvHJ}#kVaEumnM9n%Bc+c
z2V$=x7F`dp#${z>ktMPX_&*R{5X7UEkL>lMcp^J!jjNfb`xPE&{4%pm{n-$4hDzTs
zsa&@GIDpGo^XqH<<lhTeqBlZ7Nq?+1@MPQSYIVOKol*AA!RUq&l6g)Pa=nXN&OER(
zK`PInGC}pd=lb$FO@>D$FmUHe%ne0Ej0j0bv-4B$Pgy0qEbmZR<ED@Ny>A$me7%WB
za2NHPQzfF~dsli#qv-P?MTE$n4$66?lL~q;c!{3zfxJT~d!l+E%IaEr;oS6~pblT)
zQ&4T;Ra;9a)M?Sh|6!<9d^+$^vf(uT8S-+T-q)W;jCi1HT-aFVC>s|w5!xC$YK2@M
z*exx~vh@Q;Uu{#?)tq%4-0THGkD|<-F7>X}^)iD7XRe<eAgT8^aM&1;CPx-+UgJ;z
z`@HT{8E$ZpO!pL_@w(w<aJRs*nvsF)jn3-&@~>Ax->>wZad7S?cI_{9Iu8n>59AMe
zE<>|I6i4X3Eba+%9XMq?9>LF~)P_RVlTP}0D<tV=Bo7^dZA6srbFb?VKO*AtoKT!T
zQK0K@Uq(FPwz=5MOkCt}>%6;;`SuL%I^cR~4uxx3x_+|I;z?q}c`;;s^Zd8r2tp-8
zEIR;q)49Xiu;lM^T0fT&+S%lIJVBuPWbe2U@srPBH>&y_)ehH6choz!TouW@y5)y~
zlibS%X4ZZ{aqR7>IC^_n7}KXuTq<4G(z+cN%ObXdu;bfgGJ2C4$zPHMt<4FOFHzPG
z*%SGcFC<(0+sbDAH(*{F9BNNrIR_an_#C`3HFQ3mWGCkZb^aST@IZ;s%&D{C+@NPX
z?e(1aLh5_)!aZ9|1y_~_Yku&7zjorB6<2rkD#x2aPFZir`Lh?U=B7rUB8Aum1$J|<
z$cM*T^#to|kT0m%l>>u3@)I$!UO(27KLsc0tqnMusZN?xxNwh$_j}jbROhEdtCZ`9
z+Q*Us+lAy{gr+<-Jhdgf%93l_&GeNe-F`@-J901t7;&^An<~~@Xdqc<4mr8aPo;cd
zd+RK>XPWP)=q|HqD3gJHQ}XTo+^sL<8`VbMi5~w<zdebq><SWtNmGF*<^Iwf7iI=~
z@joQAJaPBhW}E4RMk<Qm7PG?Ty^_15`}+2-zt^v3ZT_iwq|C85kwV)cv%ik;plEpZ
zK(tLweYR8O#~bm^-2%Y{$h*|;k_SZtHc<&ydQ;G9Ro}IsG^4o(!AAsX@gWFx^P8_r
zz8y?Q;UAn0Hu?`8<V0}sg6BO>qLN+*gmo7cZDLc+vy#=tGBZJ!xosDxG)~|B2p2!`
zuvKBaQSu-vo5~i4ZWy_QbCm>t!05^&LP%@rZaf=#fz6ajciQu`{+_oe)%Wr7gy?`X
z)klX4D*KT^V#3nZh_Wk-_N|b=!sapZ6Z7{hh}-XYrk_56qzO^jtL#P91UufxF5UQw
z2mrv+5lp;2d)Dm{bGTE2c5LUU^Pg<Iu6dGe>!!k=d4G(W-cO$=n~v?u9}Yy=JB{-m
z^oN!2$u+al1W2Ogw1#~;O+g>Nr&$Z*2KT<3`RTW@IixjNLb!=sTCU4Ho#$LDO-=_T
z)Ss<RQwifn$u{+y78VhsJ%91eBR<US-iOx(G^Gf--plmjCI;b-amy{-N8jzKhjvHF
zb*cRh7mV0->r0+Xt591BE7F^T$IiwYiv55_4jaSYhxkqlNY&NVEKutA^|8NM=j)jB
z-}J}IBSYNec$zWwIw!k^msi7C%fZPV?}lO<{&vJ{f1M8`paEfC`idNUYOOxxoP(ZK
z^CUgoTfCah5Me97(;GaeZsF;ZzLQ>>-c5!vc_oT~JoTZCGF8C!bSxPK$6h1NZ+3zy
z(P`bWiNk1unaEX^HvaV*so8cfQkeB=SErr=bZJ_lkJI4h)nbFMYBN?<WaE$93tjQ+
z-Kmc8y%0^r$VNbj-@90cEH!dRPO0X#U(YksU@D&bj(ZY8%!rH4@mykmQItB7uLC1X
zn+SEl&FTXpi8C<+s6oRo`3=L<3**dCE5Fd$bQEWB#-BoIQ38)cD|DJDF6eaz=+h|M
zc(cMTG`gB3ukO`o4w{ud6X$=;N{(aS0lB&>n#X`Dr?~ZDJ!A6pdjQfypm5QKdl77>
zgKDlzw~cqwDm8&ZdfOmVfE+%k*-yw!g6`|%uE=Z+_to?C+B!?w-|9<KC~oux>M^#h
z@-UAEnbg=Y3@Gw!BL_xKRe3l#N{n6yn!qSs?=C01zSlniKJ`ii+|k3xzP^+tt+OMX
z>;0ri9zy>ZvS3%LM0ez%8H;F=J}n3%Ob~aj*A;S{!_(gzGHVk^V`8p-5V!YMEI{Yi
zyCl8Vm5-Otbw!W<+#jCvD3-LXS6I0})fX9GC!Gc<nm77d09zjU;AkhWXi@MLP2lMu
zZ*&Cv`_4S;DeANKLSS!PlkGAQ($ct$PhQ!38c_fUE~^D|*F;MBZc2-iAURYu$iU}N
zvuC8+HmU(fzyuOhwejTE>(^^i^xN*wOs>o>d%n1D>lSTvc2U~RMHSwZg0c3_d9)<a
zpa>+{=<G@EZONnB_;(O&vYO8Es@PgxACl4Pq9d7L3#3f;#>5LO_d<Wq?8S3xDlMas
z8vQxIz;opvsD-Qb%{EJB?>WzxMn2Zh$a#=onMfob;rY0I9cIfbM6e2alrN;{d{!3!
zlzsV~ba(38o4mfhB<GaMVTL&iq=+`so}*{5+1SBvdzy)ub7oz4agD8x*vfT+^kA{j
zFw`{(cXt%%FKi|8gvRrxUSv4)-m&?G8HOK(-_(R@7u`Tis~-MYh_5oKU(QUm1wAsQ
zcAfiMOWTey>jW=-qKb@I*w>}EuX3$6%S^0N4UY3Mou33{8zWg-oerX)f7gvy0@EP9
zm>2+4(+vA;ELfN>$wy;Q>_t9;RY^e>BPRW<o#<pq`l7_0P5AoBTw|hTT|G3Ijfdkc
zWDBOdPyIdF+Urws$x4(i|Kg7;d0>kOS@QKVfBJkqjWL*=pig89f@wm-u2DRwtn}#-
zGm6~bDw|XEb1bbhXKM8jL6{y$!{JF%Uc+N#g&JhAKUZP@lP+%{EW*sSx4k)PHL7w&
z&nG^Af~w)K_%O^wT5@z4tlQL67B7s-T)N>&q1MuZDX4CntM(5mIc}u(Zcer^!OHaL
zefAiE!a>f<K<=gJU7$ZQ`D+}vel`0Pq=+*<7UCZqtY76Jy<<X0L0(|`w$j44)k5e<
zWj};g3s5OW8-ocht*T}O;zTpkvw$L@oDSwc(hUN~OQuE8zg3_c7sBYp&zN(r!M;kJ
zmq(xmO2G7*NAzoo@?UtQH&(7anMZRp#T<2_X2M*Z$VFiH%IjS4@x9g6kR9^7Igz10
zH`cS=ajQ}GRZUlvZr_H%88~~;<)2;g<)=Po9o^Wr?V&d`pmjjH8^-#4XV3HRsr7;E
z4o?FrVV_EhepYVy!Z<LQ&YQu8m)$m3q7z2}!6CwIp6SQ5haDU55Ff8LW&78tTwP;3
z0xEGnu2*yQ_7qot?r&(czLOXgAMwcy`hm*>n$7U>ShP;K3Qr*^HOY-Eq$R-YxtT6g
zvdS-BY{{~J{QZaVBssFWXGVv&MT|Y({=Isr{c-Vdh}f1am7*`O%_8r&j%cY$z@P$i
zGFPM4MsP~#!{qoFcb@OV_%xC37@6iGu+K-B#2t*@<3FX9*Y_G}7aS($_U}x%S9wbB
zxhLGk3knWvH>eAYXy(>V=ZhR3Z|#2Tz*hcN;fK(|Z==(JDrMhVKxgdaB;YsZep++-
z3N1#qAqbDY&zz{w+>}d24c=V8XHOw~Nusiwc9e=~S15J!f3d_P^66!kt#PD%O}80@
zLw3dkgRbp0d!?lk*&TFkMZIqoB`_5frT1GqjdLwu%v`X-o?0SovzyTv8NZP&vg$sj
z#kE$EZX<1MIPjI!TyvzIjpAr>LfhlS+B75d=+Ais2ZhEuBRvGBH}5;E(`V)b-0bci
zW^$?lLFnpCvq}23+Z|Lr5~}%<?4_Id7}umyse{l|{k`GNx(Q5|QdviFzQAL+J!XeW
z)od{kVG~zFMyTT(;_kJxtC?tV=^hSFx!$LM-bATZOBR!Hq=g)8jwj3d5o3FZ^T^eG
z?qxct_BV=JK5lmKMoxI>O9`gC@4Qy>bGXMtH~-vGCE(tWV&mib_*t_<9S&VMoZxU;
zlVo{sx7&GUsSrgU1B%Xat7BcpY^nSyK>W$%wZU(ieg2E2(4z;-3$z@H5*-#Uzj)56
zoxEHWA5C)Qy7yq=M&4cK=m&3A=Q{CT7`REISgG1rMWKGi<l#eXK4xvu$$Zp9@k7Ip
z0L@EL5y*D8s_!_Mc&xFCL@~34e$;P~U<L$y+z;cF!K@#)d6?;bvWqbei!e0a%=Ptj
zxTF~!Hi}rq3(eJZ5qlE81{?IX>A!-*VV@wwWqVd4HYsbFtuLqvq%*{C61AA$Z@E3J
zpp>9Yv%-O{oToRck3ocZPqLSuHC`4M@(ufsZEY3etokd*#F-*VSG5hkY1k)&1*{t!
zd(siEC@`Izo}zqMlwZFGcS(OyjSF78uK9sIJ(41oyq_!9z~IXs48sq(ItE4Rs~ddY
zU!t|G1~t%Z<gT5KND*G%v-aX!62Tv;W=LTQT~<{E(*BOc?I#3kv=qO3qTrD`(CPwM
z!#`CcACb;DdsQwIldHlv7jw8jUM>X^^{?aQF$yKw2nb#+V;V!Y<9DXV$HS{$`H)Q~
zx_4Q68pUwgn|CK&Ing00w`fcwcOL}wE0)GPPZ?+a%JR3Ei5B8DZN4tc_kkR|xd{;@
zM7x8(g60a_`T|`B-!Gtb0;pod=)`bj(gITomZbn)oy%=~rx8(D=ehn!q$;i7B#+<g
z-1#W#fGbZU$E}?T+i>M3GtL66>IZQ|4G)lQ&g)8AA0|a>Uj4^Ezz~O!r|Wv>KKK<6
z&8+%?mYuNL6D)MoYKxLCmI<X}VTS~wH!`Cr?$M4(&}#nVX>HtdkWXFZareU3HVUA#
ztu{L9w=DGNsSytcb#ySF!)Dkl<048PZ>^{!AAQ_5G;)5!P@`ptDT#PU8bbOlROPJ-
z9bHB!k(7E29keiyXbwsLd3<`Ws=NK^VD2OUHTPumv!{a;dz~`0zcVN(UYqa>3j^u$
zyTRFvCqRN=b_w(szh%~?#aG<*G4Y&x8zs<$PnQXPRStqM*3-9_5c&I}{LwDv4t?W2
z`*WvHEwV|cXEg`m8ZB%HD~5cy5r1`%Z{lE)y*lDC{;3F1H!lUBklmc0g;iYjspRrc
z13-fMC`NBUla(HeHjy-_s)K6EQ4iLoB+gQ3kY#z3_j#bIJIYF9!j(bD8WjnzsYG6P
z;B55nyslIbMjq8E=BmZjXL<>2eEMDBiSunQ!Uxbcnf%4~Ba>KOFXULV>?|AkUNGsY
zU8n$TSR{d87%4!$2DIrGsdK(mqFoz*EUrPvl^5BYQa5q#s0#T)j)7}#lySI0997wO
zhkEodF9!l;hYn+Ab`!refTT^0c$ym&8kX8CI%WLSS|ar=4@y}O^92=MMqKN>-(Dlq
zt>-3L^Yb36dJGLI9<J%T9*(y*9Ih1*)a_4At(z%Y<RhRuv#l_%rq$ZDS)&2xwF%8M
z6ei*or{u-cN{KUu8;B~mt4>7?FV}O5Zb`}(r_4hNU?Z9(gyW^~G}w(>o35tAz+Tm7
zsVAY>HSqYS<y?Wt-$Rsg!&BGw0Mp987q6@@cA!`J26;4~=lDpuy3_3b2UvtFi1=h@
zFCu09?0rL%x!Un*Qg0Sd{TZs8x_+h7sDEi`SpGwQC!5hZqmkc^G#A$9*))XsR4Nmb
zw#nR78rvpGZ9h}dJAP)=_Z6hv`y(N`aeIU5yTz=#$gaqc>$4k)Gr`q4-%(grBOy|9
z|8g_)Q#9Ta@u?Gi^z3ASsh&#3HLFSK;UKHMn%(Ri;1N4UGd48qi1TW_^)AN$8kKUg
zO;B6;t}vUaOck?ul@ZXLM$g;FO5Yxoj1$5~U|u~nrWbGuDulnZ))<x@mY1Ydtu|IJ
z<|3K-T9d~^>8?Qz`|batl6Oc-U7bhLZ)-`{Vm95)3IBy_g|0RY>&TkP{_NZ5guUzO
z%M_MDyqw50vm*hL-a)_!kYrS(BJ{dJ;bcu&TQvLw$L=~)I@1uyo1}7%#>-5R05(gL
zZMb$fbVcOYCt#a2rNfODHpdB6q~MWJQ9rqAXdon!AOuz6zHJS6fIcS^bufxshab=U
zT~jz)UWj`^b7oE*y5drHxoLU1Qo0ZcsaCZ)npx>Bw91}EisU&K8jj%NP7nTOQ?&Pd
zCOqhQ)oUN?(X~dIni!bRtJIy-dg%K)Y4>u*?}pTxj?4cVhbhPT*k6gpxJNBZc1y4o
zX4)%&H$a6J=}gTHgawe_(ZEx&&4VNLHn*I~QnkM4s;pinRjdJ+RV`BH+3y%bdNdDn
zWsq}kJb@B%xCLY(aZngKCFA*t2p*gnH2Us`Y2{ZpN%U(6?@Q%YGZ6Fa)DH=U-u5f&
zXMnP~&%0zpYIgMI9+KXa<N7cH^4Y)lp0$|REL#BkRBE%j#eOao&sMoaODG$JR7f=B
z1YKi<hx*cKEGm(aT{S$LZhs!-3ER{5<kGV;5wfxoT0X#3*cV9f)6Z|*_if%L_QBTl
z+%&+=+;(5wgaUW=bY8X_w7j$x|AhL}-hUtVJ4zJY)%Pwl*coA*NyIU!Fp7byjS{{K
z0r$O6O;&k<KA{LX@kBF^ig4xC#b+VSqkpr`ru3?4BQ^VoNw1+ZN|^#!{t&iPco^DJ
zT7uBM>x;WEXicWccTM#+neaaCkJ6hv=akpDt?JoD_*of($K<ZFmBiqa0q~|RD^r8M
z93xrx_4fhWcGS4;kc{wv4TrZAiM)s~S%W>>+9)6FlexS(d$nsZi=01_^?IMi3FO_W
zKhnmay{f8|sZAAU0k-5!1N|kbfSclK(YI7tE-p+XGrWK~)ferD@BY$ViLS?`{aMI-
z4N*M^JnopGB^kcJ-_J}AKCZYC4axMBG-|gOV_Cw9ddi7_p`hRX*Irka+T<0YO;kUs
zX%&NA-yn>LmqRKT0UHa|X3~kp%3vDB!%9{<LTblpTI-m$7fi^6SHh<j^Uhw+Ah<bD
z)k(eD0;YvxIR>;Hl`cd*RyT2`WbA<5I$v?$;w3tvt`*LO1K=QFzBrx#8oLryh!AwO
zmblqTZ9YWO<jTM0m`#Fv(zf}sPGN)dsYfQlr<a*tGE{+ndJ`Y%_{EqH`@$#7hZ#WS
zp#WB`!KLRv@&p>i>$jLvEC=w2Jx!ZgdnL3(d3j{Zf5V3sy}Di|>3U16Dph%xwtN($
z(k>BeTx&)3L}Y8Gk?w3cb0f2dDUssu_(Z6AS7kh(e;3i!>7s7oA6g3InT6@6Y34MV
zY4YhCFI_WAr%;ZnI~S`N$3NlzL)9g|)ZWH?Pe2?vdf>%bD8KM@xh78=aiM!XZr46-
z;U+Hx_0eiW$XHQbY1nK0d5agSkQiXA)?80yeY2%agh&X)6KF8s@qqkJdzGKz_fkDE
zoN4r$x7F>8NXd^covAQu7L>w7()Q=MPS!jL#q|Zt-+=wDdE1!2qpffB#xpbPO2gPu
zzz~4Ne9{j!c9i`%g&)P=sxI+b!fDL0vhOkNhiZ?AwjBc))xn6NiG2OtkeCbNXnQS(
zrHn_TgNIkVUFodGZ$HGSHy$+>%+_V!5hwVtH<3Ano_55ASX;FQEhhW+W7Uqo>NOG&
zW{UglT<KtbC*mtQReVbGzpiWwae^Gg?BEt(1{l@Ol-C*$t{^Gcd*ZyukrlZ0zS}~V
zK;E*+eTtW*!8M<&K_2yw9ds#F;qL;laYt&gzw;*tjXX}XTTrAu?zg`wNY}Xfq0k9i
zKV!~i5*TV9xgo<?qxyH49``2P<};_)Mz_tDta@WzIh`Bt`Xc~4sjzAlA^*8?<^jX%
zd%<bDz3(|w_r!lHA1vA+0`73^4!O_mF}d+X?lTSsE0TtRoyLXgd8G;v@^MW&iw(G+
z)?t34?Bd^M>b!I=D>v|ex)(B4GqHCsh7y7Nt$-@;xtk*gMIse5jdiQ6H_lzI3(xJ2
z304sYgDyt(c4K!9#ZRQpp5X18V+%UvGKia;=YtddER_&NxZnD?$3%Nxe5`QGp%mns
z52|pW!fhuEJ=aNLx;tV()q9yuUt=cA9l=I%Awcf>98#0m;pUJQd;?sG>M(;xCy0z`
zJFks4!oz^a-=aa_{9JC=r~5n)9YTWv+xR<mu_RvWQt(Eu$=Je}z61)TEd+qj4_c+h
zsy}UeJl5i9HmpdJ8+uLdX?2)i_o1v|c({*c!MTSWbUz><v1u%+zXFvNzK?$@JCQ@f
zH3XXx+`UHO`5-2S-8rj9Rz4!ui!`(F##$|y+I96mN4I(B%4*pj5=h&Hw8gjhwOy-L
zT%|~oftxXPS%AElYu1m5QuWDJ!Y2+(_j@rfU}4t;iq+Ta9{JZCPXpKoFx{IAg-jn@
zZWqf{jk?`&iVXc(($lq_pxJGD^eb(>4DW37h{Fs&OfK9%q{?JR&bJAo_*o(1$-<vt
z+^Mf=F+#XD>lxQCcp@f3+5>Oo#yYh<UZOltQb<VfPo-WwX)ESeT9S4~OD=QP{2c1w
zs<I|F%hWh;$E-4?m%!YKhCsNi=Z8T%$_8YNEEKM>+y8>+=jAL3s4$M%vlK!t<w$$F
z*@F)N;!T!wmz%wqfz)ezueT&_Ff?bCBYOd0u#P(J-H=2-gwi`()Ah2)#Ma|5i=ckj
zmqBc9G&%{aZw(Uv5vp|QuTTi1!aR`oVeU1`wO<4h?<8|K9Mt6HxGotDa4mk$w|5Dm
z>!HR?mho)P<)=!R=!UhrWZ;JXWb0E{%vL5lk=^z)5UuIYJgh`i;fBRe<z~3nPslik
zNLRWTec#6misv-=q20UTYqM5aU-K+sGRG$z4x<a?CrqV^^llLCuVh2J_m-Lon;VpC
zc@<e6xaQSOj?~t4nM9Wj4>nK-l5ZkvNj(x?@KfJzCLfzhwGloS%iVX%1Eih|rfyE=
z5{~bI?!g-hw`gWO@at-LX)0?yQHp`bthJ~wn^wk>!wtN|bCsivx#fNoCO%KJ{py2R
zKbnwcrg<2h9Dpll9Qu<vrx8GcQQU3U?Vmz@`^!85`XTKy5<U%F$8D+OdIR})2Is_M
zM|=$^!$nElNcdog=w_W&N}rCJ4A&oLEj8%ZS}FfrX`(y00-a83^6~}o?miNJzFhEw
zLXytF2Kv3wsMW0^!=i@&IKzxhJ7Ihzu~-HEF5?5E5w`J7x~;R8b8y9NwOT+U*_v<g
zeLcTN@kzoUOJ-yX+m@mJk(hxWj=~7K{P>9^g^bD@h}xTHjj?~MUJv<;B;gA$BR3Dj
z@M6j_4-_?wfRquWa;ydQ)C2Dq!X|$M1aANQAz2ZsHde^yokOh-4Gj^l*lNI&4-%a3
z=5bS)VXF<-yP@-+j}_j4XUVeyIq1AF5wdAOOrnQFDEcF-YSV5ig?SA(QcbnhhScbN
z*V)QI?f3D}1paTFUPwVt@}u9<lDDmx+mi){dFhy4K|)uPjQ_>fTZYBeEos9EkU-Gj
z4#9%EySp?N+}+(ZxYH2aEx5ZobmQ*s?(Te?^UlmQ&zbLc@2*w0_Nuk3>Mr-{A_Pz#
z5}bFg^Uz}Al77ZrU8(iUqU{p}0F(Jq383S>-9*7hxl4yGW~G_@(V=#w;(1eU{Q^n;
zoOgE!eyf^Da_+Ync(7fl`fSVd=85rJpzpu209b4d&JPIeV4|Pj+|4F?e4@zNGKZ8N
zYI%od*msFMZvj{eW4S92mZV<9Iu>a;@iR9^ZxcXhaF*JaZQFBvqb1vubBcBSw9=Z5
z;KWWSMH_&qx>@CmGP$wlj5!aBPknUftDAc&FB<^XCy}8|(hxBn)6ZAKBYRz+e^Xsw
zx9%tC?4k4>$8?V<vM4Uyy_(|OLhB>^`ROutU0h>*B7GVM6XkmQuzbveeYgB3`Epfk
zJ#ftbc1J1B#lJ~aoxExJE6V<@aKSy+;FWS4Pz&<m0=&*Nu`E5>ZvW|-&#{U=VXz9g
zo$k;Zq&K&C31iibplnd}dytCTgLd4&LZQ!iH^-Je{V4DaTl35H@9EOH4rx}^@J+=s
zNthF>8AW<qg1e=$0Mt!__#4Km5E|--AI`fU$CGj3I^TSs=ia@oU&gtP%Lvuwq)#^_
z`vc$#+!R#BGSlql6PXs9l-r6SJrx$?YMN$twY9BzoWDsoNlO&1Ng~%fA8%<NUBUmA
zW!eoxTr`8E<sZyTvsrA8uU_?d_kFw0QmXsp5KC4W^as;@t~th>al5BHf&!BmgD<6k
z9#iLN1ul*5Z=|FSCe|EwgpbAy<@QH9ZF?!s6!9;Qnn(hYAu|T0aa;0nyY8GjkqP`B
zxM8qVUJMsQ@h+`DD*p~!^-?m0+4&>dvA+B%phkgVeF(s9^qwnL;xEp_KaM2HbY7}q
zU~`{kbva2}(v!iMqb%fi-<8&VswQ-f>U<h>yD@#fnH>FCC;F+(KEM5`KuaBST<xRS
z@KR#6<4++zB@%|h64h7Z$o>ZP1=S<>le35Y1#0<~oBN|#YBME9(M5t~RiBe2!uJdE
zSr)Or&^D0P_9)}jf&$onX&#itd6=$G$a0qJ^U@na*cYsJYP;V__-<!C%`?yWY_0x&
zpMTjHbx#)D*?Q^1KC`op-=-&)_1h84Sh{^H2H-Ri9OQwq80Kmo4^%C*N<um7aX|*7
z&zx)s)gR@?hm+3|H6Lw8mxztGl#+auk;EsBB-9exX!Goz{;S=xHtH*;h>nEY0n~Qb
zu8tN(VI-y)!HSmrI58n@M|@n;SbodHRB##}!HQL!B1krF>nc|!Gv0by^(|f!ka1<G
z6F$sCxi82+bSRwpSY45Bo`>gF^HHzK++am!=u5FJn8M~9nbR=^v>uFh#@LnRg!As3
z4!+!>Zr`e{;0Ql9=x?JW&j+@CHr6^?$lS3|eKnvtN+DU+&#0cEZ>V$;rHn%|t}Dzk
z7*>t9t{%{}F79aECWNZz?@4lwCSTs|c5yX*c{GQ8H)VW+B?qZ=#G8A~h$}|roUqso
z0Ua=w!V3|$2UR`#O||XO=7GL$(I~hWo6;SOpe#33Oa3>JI+HcaHw6%<%nIf5`k3!W
z+soOluP)AeVW!7XmP^YeKD!Q26QMFPp^mc4++Z+^#r{zrb@0h*i&0IKVn1-`Sld?O
z(>xo&hiZv+a19n?g1O^UqiT)fhu3yjWgFZ+TAJhUvtD~n!0rn3d*Kn}aP)6WpUe!q
z$P3Z~J(x;H)7ZXTZEg*7EY(%hWjgfdr&mkNe!bP`3lKR$GUi!e^Ztbv=e$SXZXiFl
zKywq<Zcv3!P$mt+q6zPQIVi+iG`*UNtC5$(D<Y8#$E7$$qF)+`y^91lSxH|W4CAR4
z(mQ)NjAF%4>IVJW(fKnz%4Dbu3@F6s)Ms?(%#XqAz)t@6UT4w$&@o%zxA~Vpe{|n_
zS?4R?H_5kK-X4zM=Urd<Un8e|4U+75FZcGu0Ofgry49B9<H3d(WmOs*WG(F7sn{9`
z3}8}ZyeOXnpFHS!+pC^Dvt`m~bBxxW<H(q#gRW%MC4Oo=fo$B%#H31n$3!Mgl#Yf+
zt&S*PE(nv1maisH?ro>O+v#;ssUjkEYa$a@Y|fpD8Ic_#zL^nS)mjS7<xUHAqolc`
zz9L&{3FtIah+d*$4t`0fU5blx&~LSoX%J0u$Q@hVkq1Zc8V^N0%AaBEZZrTqt>Mw;
zZ*wy5X#NffGA?|zc8gIZB+bjZvU?`=RamMX$ZA{8EX_-Yw$}FD1GRkYJw8}h1Mn7@
zzpp!kIn_43a_99?*U?a}E)?$4farGL_mk)?S84sv__-G{6`s0=<CVNGyJuc;QG2;_
z3Zi+m#yy!XKCk!3{QIBxQTD}zE8f{En;0kd1aS3EkKHb_qa76Iis3N*9(bJVlC+yH
znFZ5{mpMv6sFaIOB2L!Zmw#f#+y|iwq_y$gk3<HKvq!vhWt)#Kox&X_KvB4ateU$2
z0W))_0LA5WVAq^)(uss)mDpVEf^<K~_9()oIu^xtOowi}B|t9K>?vQ-;+8ZAQo?Ms
zb6mm-!qr8;RM1FUt0!BJ39zppEFg5h9o{wH{|_{qu8y$Zt+uF@yg7F+CG3GUjWw9(
ziXXj=`eBM6UGpbrgw6)8uL)|z?@veO`%5j(gDIsubP4IoJlDv8qyIxIO2FwH^h#h{
zv9byoKCc6G#u)5f8gpKhz|8k70fLr`D@0sT&II!tjPgsP#GD~guMRdpGR7`t$MPe*
z2Z^r#z#iE^UKsv>V(2x0-#@$6`l!-9Qd2XH)$+2AZ!uFyFY;<UlBysYYmNKumCLe3
zcYA4->o6;+eW9(x);bL~)A>KREw0ECbwI~^r!CQx*x^z-DeX35_jpjPENPrA@hja`
z<*};lf*lLzTwcgYuES%?RZ%(HLLJdLLEUZt|3;tqEv~mND&Wa(Ttv^VD5vu*aMT~y
z!lg<uI|z*DqpDHzu2gU_vPE<GEy_|hJCo;ds7<&;%9ZRY>}2CL?)kr=ATD4|JYhuc
zT@Y5!o8M0GkHf;9a%+^dm9NBdqM9$|;(zQ`&=Jt%9*TT4BN~fyx+8=>ZO-K<$yNUo
zapOZz_un@%Y1ee3Q^a=TMel>+i{-(@xQzrBE~{BXVjhzs4u{9G_eM%M^xr<Z`zHgB
z^72MA@y<SpF5f%<1G<F3&l~Qu>v;pYr@$$*==N<*M~j=wrP1Zmf@lLd?zy%<t9<rf
zN$pI1i@4?n1@1XkGrIBQj{g8gI%$Pz@@%9SFQc4}Ejk<OkC;;RihT8u^k!SLfj*AQ
z;38XII{J_dkg}5-d2CZ*ysfCJo5e?^`cE7VH>eJ5sN83ES6j^8)mMCHni^z67{jZU
zhax~*i$PzW&GO}q--s+%jsiZca|2uL(jR+gx^cH~+U6psl6g_f;nCy&*hn4jP)AGS
z%^oJlbAz>^;i}pVehNDPYp!|aYAyAE2hf5WxdnrcL&eB0c5iu{D(}#+ibo@zrs91?
z7~B7kkY<GYXPcxXzhWbu2lJQ)wQ=Y933StBT6lA#>Mvcm_kW@R2ojo|ueh+tW98Ux
z^KIlZ{{cYrZ@U$pchF^KcnIT1SfWa~tf>x(aVb2O(xpn!dAFMxTDL8#<pz>sCX{O?
zMJo5t#;JaEj29Vr{0qQh2GZ}BBVqsTye@F?y7pMVz4N0C^(=229%!GOrCmel)Bxe0
z<`~m%f$rdNC4U)pGtkXqYHO(R`!NozKXb8(#b<$5;j2e?=MtgI|CelFP$%dYTft&|
zq`9EgO06SX-bNbsLpyvFbEUz4iSF<n(@qp&2azZDA`@Ja>gs5;M<ZzsaA}Y{R_n=Q
z8nogz->Lv+&=J?dc5jrMFOu;X+*T-*9QS~_V~4uBI4D9q_^1u~NlzK-Y~xsOwZ~-5
z?7*Pkw5ZKlI~FB=xx~(3JcP#c?0)w4b<XCd5W-S7+00F*Z@;<6fxU-=PWq=Vb|fa4
zh9`J?$bP!2#J-1{_H-n%EH!8opDS;@OAw34iQ+55QOH<tWnaWFi|uc1M>t13$Kkw(
zAFUvp{Q-n>&SaaF)(joiW43h9UJ)9#Hmvg627{p+bmy`6r~86W(;zc=as4-wd1h{&
zbq<i>&%EjwN6jCd7H3A0M-%t~Uy=Idai_bxlXZZYNjtO2iDf-`s)*v13r$D_EZ^I?
zfZaV!lDqmfPb^*#A3zn?d|e6MUhQ8>x2%?=6GtOQcSY<irxrca|688~OP-VtZM^A5
zR)5;UsR5*pr`ouey4=<WAZ{IKoIg%H?`~a;1(wulZcK|UY&CIZM4TR)z%E}bh;qA$
z>R$i!{f<_q5nfwP9kuT@wsab}4CsqlAN3|1f8wA?NR(%<*qJAcXAP<W#Z-x#PkKsv
zn6JExV6xC@(yt;O8mj}WP)XMn*deW;)zDZ-Ov9(X(#!2{*SK3crKcq+jZnBbjB!cI
z%fHYt4K~Oc4UQrglbQE9SDgDL^e&yWcuv@q*R%S|prhNqx~@87f>u4EcA-anc1$Ai
zR^X6E#*3pH$s-w7<FK5cRW^DTl^|-b&oqCV{v7WGaq<h6w&1(=8hp-7uPs}u)Z3))
ze#C&eD(#ON^13)kz~XxPdZFBDutLgnzXHGFi~x3mrQ^%dwJM{!*lNmYa&O6aVJnC$
zknNq3blnWUej=i^VJo+LJB<?>-MW0}ha|+(^*8Ut4?6^{vhH);$gIv*=Ndd$^zi<P
z*PFZT4dCQ)mwW{rY46YaE@(7}C!b=Dops2zNiRyy&g#!f{?b}YAp0|H;%e5G{B4`X
zX*+{KUPM6^<?<%}P@ZE}`?+YOJfg7EP4VNPerAP$49-BivAwG$`~sM};`8Ni!cyYc
z9UTvt|K`BwK~lx3Z#MtCB9$Lu9*B*uwGfO%7yxZDYc&B8Fp!lVRLgKS#CX@o;?=|M
zH4=C<sxby#Yd4&rUxwH#zA5F&)nZpm5P_~Y*F?>DH1sX`y<2OADI9Zp6U%X!#c1Ey
zaIc9`A2H9ST9wm+pnI0PGu(>D<8T+IQMLB+87_D`F-2dOijBTIZ@Z##9=<1CJgS+1
zdA-6XxX}^GGK{46gp7XMPmNz(`|*<n0oC4@%DkC6N4UL;lEa9Xyc_O!XHJlo557$c
zMVr0GOTX$YK+F=1R#a|FR;triZ%FtpHSP7mw){PhVU!QSoKKI1pzWC|-D4&8uI||^
zviZ^!MsqFD3qh4;kbq>YJDJhY?(rA9;Z<8gvQyA$NBN5V*{T{wZ8<ZzjVu{&gU}|M
zYk?<imq!~Z4c66u*hIDqD-E|%MiVQP+JUbNvQY~=&32O<VzJsqx@Lb%%F{Y93uPqZ
z_BZe4>2K-`+(-tSFl!F_ezh}<avGl_q~Knxkr$?wzS&GqtFa}o6duchQS~%_Rk>1v
zGzNnc+ono5s%b(W<W1po*f#Ft%Zw3!DN#fdxuO&xk7`901L_&BOnru_O;>n2Cgas!
zl_UF@S|~R?KcqOJHy&t(2fOwIQ*#*>Z1GF<^PCsXwH5y-@@OnSrE#nPZo)Qf$W-tS
z@}J3T_>pGn$m)&gW4l*c)eQ?vi=C!LEasw)Mp{-ZxioHemo@lC=Pq7bsf+FryOrC+
z@nn1YuN?GgoQNMMecBgl;QPsQgU$&24yP>uaW9OI633BD_jBp9mSd~h@=}jGhs6w*
zOfu&@DBN;7;Ts>e9f?N=GIHqI>Pm|n8+oR3eh1UMju+1nD7tW+c5!XVO*~FA-pl&x
z1C0hhyt2hg8)tS9tOV@x2@z-w2oA(8`r=qUb%$=b=37|+R9X{_wr=N79gSLG{XiC=
za@YfOO*mG9;ukaQ*8heuLe<)X^T{_RgT}zqtjJZ5r_c-sJJO8yPgZpuJ7S(F9@Jm=
z_H!24g#2uF^4*M{AUuy;2yO5oWEu<e$dTIWp8OM@`<-Z#`3Ux-@uD8htYa~kQD;gS
zo7VLry*UY2rf798V9wlK%qJ`Yu4?g?5OGlYvK{AQnC(QKF$B7Ww0JL|R(R}T8xWh(
z?^m4>FczlAt4$F>fo=e6)c$Wwu<tT>o|I>5ZLDUN-8bA9U|)xTadO93hNr!-xiRhJ
zyNjr~F%m4^n}#OBLGI0}mr+bc*FDIG(@`%IP86i|8*e*$W%2^&8(P*pGOm6coQ3W0
z=}v2lSPMS$g}1iv=fc&vb%F;dtAPm#+{J9*0qM$!*>$i+YjFuP_zziA%lfyb?h9SL
z&{Ye-cqMjnSkJ<qdbcLa7l%E$t}1D;q01b=ZuCHKa{&P-jGG`OdiyNZ2(YIKodxq^
z=JgOJAbO@Dqg(YOCaU8G(W?HNa+6X=WM;TrKy*naCNCl<EI-G&nv+eehU?iL{)l=S
zJ-Zec2GB~>8E;ox7A^|c<s025{>T>h1=o5ng?i*5DyHE^)rCp^QiB1>UZk#H97wJ|
z5<AXL^!Q6MlMl_AxBD+W#btLDd=k)(7s{H1;YL)`K~pq$G4LhFrl??}-nf|K?&VtO
zHNN^_Rv*4#R2O3<@_Yxa7#@e2pz*7#aRlRT>>?ZQc~9UlFj8$+2R&F7NPwTt&U0=#
zhKsvL2GHM8!@d6kd3h0uo&0oBZl)_F;D?cc6upWD!5hsD2_{%s6hm8RaYAO;Ax|~|
z+@H4=K$`%vLLGe>N#0}?zMJp!JD1a<H^Wuybz4Oea^o0+H9Mi%mN|b{o?1h#w5PQe
z8n#x*x%YiUs5OqoTP;kFBF0fV>&v+3A{h}bf7!VGj-Dj;p2A$6|1@`eL}VwvFm+ro
zrqGy!iw_62WDf@ki&!ps*8Ty<r(RwSJE(1zfU>V^ZYV8FWJmp;AZRT3)?0{lZ_xck
zfKm@a58QcKSb*&3OhR9AicTYx%#LTS54T4r@Y<7ux6sMMbsL5EJYvI9UG?s?t}^4p
zMKuWoWTy4y>M-AGk9h8x%e0W9!M7TqsEm1joi<&;f~iTp=so|smo$mKujMLgW#~j;
z({jm`?x>|o^E}_%Exz5h=+={Y6;0sCoC)WOg5^6Nv9OClBABjr^qKR#VsU}PmVh9f
z7Xgah)17eJR!OKdOUsTb`hBgriSghat*x!;j@%x&V#g>3Y$sWHiROWY^dGffO`e-=
z^p6(bUV82sRRJPnZk3dR^yFJF1|5>kKkxA|d^KI`j_OBGzV3Hka6jI=<JwW;z7xc<
zXH>CTk>@2xiF&RvJqK?3e$#or4`>?7%v^uj2*AR3A9<R|@{JPAv*ycm#l(;!2ymIx
za(@4+6Cgdt`=wCZ&7Pqng1m!ZZA7_~gb^O8^X|*u=yK>_(sHnO;h%6p)5!jXi*8ym
zEw>cj_D(!;*RmpJ*Wk%?-t&t6j||Var=63XQk@cNi4%_hHC+dB(d+eY|A3Ee;^<p!
z(-|iJqI+*9BMg#_*Vm*BAJV5gUNrF=L`bWl%~lH5?P%>WW>#fk$N9doSpsdB(c$Jx
zD(cFv-;?+HW4-fz>89I9jv+bM$>PTka)RP72dY=qo7jvjSZS&7M|&0w@Z)LoE7!qi
zyT;W&j;rbD5kkDrsaCxAIR$;W2)x<GDhXP%wy!3|p(_UvupHTcuDj8Fy*r5@0pKV^
z+3xtz2|C=WYZ?&hN4BAV*v)MJd9`7T3}(OI6VA`=nZuQT|7aDD)YX{o9Avkv(D8v_
z+37JGcWhi=I(hc<R}$eZmy311*gh!Mn`a2C!n!S4XAgM+>AP7_j%mnpF8KXId_@mQ
z9*EC}NA4Y>TG8+J(CGUq%QcI=4KOi}Q4P+4JLAAy<-X}L^W;+1jD2P0=b&;s+F6ov
zU6X_~*it!IB>|n?pgE9^apV+IDo&b8Bp)wgW@2d>F)!J-{!&7#?Rd=j%dw{wntLG&
z@i!lwsT_5p{VI1(1kS==TI60nW2<Y~<*+Yt26>s9y{pylz54sJMi>C1{BXq(h4yuX
zE!R%Vx0|<`79*<dM}=f?O<jp=&%3@s`eItq%)W~x&lTFD=T|Gc;y}jj()Kkeu<bP*
z61X2LdohmNWFKAL2@EEkgV?4>7@Jh3XZXQH9Cq^|r`0=p0D;r!i6Peg4CUI#`32g{
zQ2q86!;No-))=*IK-%g{gc6c*Fw)nVM6W1&b$0|^)ic49g{*UUUeY%$`zY9H`-#wL
zfAYFoTRv=lF4tV|lr15=>2gt;^JM#O6q%}dm6m%Pv&tv<{)GjEG$G1LxBV0=k>#5+
z%$i!&6Ax7ND(qv!VA@oNf@RqOPIklXA=gWW_0Og$-j4X|lmno@nq`F5Os~ON`iX0|
zu~nHYYwp7HdywN@-boj9&VJroE<eBC9{pC>Hc{!U$h%-QRP}$n)A0-$YlrU?#B$j~
zn0)~8W}$cG^fXn}8}Ee1P1Gj39|zu8Z4+nnYPRua7+EMdKT6PPB(2q>u76K0TGcQ-
zIRj}5x)v&Y&cO;Z^FGl^b8BvT5;=8i7T4<(*yzduL%*t75ymZ<u465=lC&&>k7?je
z4Bb11>}1~U0$O=pei68A!<Q|a0h|rM%&k1E@GC^mNxG}f0d%X>=aq<2r?U~G2GfSb
z$h?W+*07H(bUF$nPkXAUB&eeXn8RDAqB(BPqn^{$>nXTHSHnjODD!>AVF;dG?Uo&*
zt%Mq{u@Bmg9Yvr&$vQgVXtwqgUa8@OP-N4WA9p)8N>$a$@2L73Sse*UL4=F@Ngz8t
z@rPlwS2>VK8sf{1{?)HSmG$_hSNMmUBk<6jkULw!+hy>C(T2i-zWF>icri==w4!R3
zg`MW1=qsu?65^UL5}NVQBP`8^68MPo2|n5>i*GM!jxm~bv`I_5xwYXEv@#3r_2yz!
z$JO@qjduKxCOy{O`=TdqQ%Omg?+ds4Y$-8H&=)qd?9Ji&3&x39f^7I}G6$?}Bwn7Q
zAIyqSoN{`GFN2J}V&9^%;Za#t#jt-q=wD%l;Y5840_H?Tt|~K0NOot#oKh9dKb3py
zobm44o$rcDRkuHCjrpj1p4NAIW;xEOo1S{ZXfEbb&v88MMYx4kA!#H6zaCAu{-I|h
zEi-OD$uM1FJ5PRqGas|++gl|^>&IB)y9E3ls`(B)bfx;_h#jCCi}cVs9yW9z8vy2_
zK1C^fU6kyB++hZJ@sKp9_mS;NN>z)@j0On9J2#SWInv|sm5UKI`&Y}?U)skzIk=<F
zS_~IE(0qScTGYfz#k@VA`W5AWyiq|IjfMXOdz-G3b_rUgn(O_&mt;f2*6@*rg9=l+
z|9v&*kdB^Amy>RoxX{z7O{2e6Jjy)OSg+;i_aC`vOEvZKC5Ps_qWpdH=q`ki-*02Z
zKU#~iey)Ys8^JhTCU|wKpQUqNpq_QpC8v<C?&xUz<~N##sJ}NSLO%V~uA>o8VIPY~
z2jkA86G}K3CD!vK)CRaot7V_wlG?g$>Wje8H%>yyI@uq{ii?HbWWR>Wf(rw<BJm~w
zAO0ASm!xQ30^6(?d|#+#k~<}oL(NTtO(pht^DDQDmG9(*Km%m@cj$85UV*S<Z_U_M
zA`pDL-NtU-xR2K7booJkburT|?Rnl`J>M=(jiwD+Cq9z)!x`*0lde(bu1{==HK8iJ
z?<j+H(BNen4y~7PqxzrAmv>gA<fK3Rd?GL_gIu;l<2)k=#>Rd=PJKVRCH$U~2D5$K
z`7<eiU_jzr!=HG%%6j~HK|48W)Kjjg%guQ8c!9F{6EAwr_w%f3y_H`3Tp>|s-{<Fg
ziu``}R%!NWh_%~{9c9MaxEO@@hTIC{#z_}`6C&}@iFcH7RFB5Mkb`gC2HvOHd)K3d
zgd4uFx?n1EzO$DLNIdrAjC9kZC!wP|=qeq>6?Qs!k*nkUh4;zlg>;OtFEXu#7b9ta
zDMZq`0Y+=aQ{4{i*7bGzbm-%h2;?Bn&UBM|9y9K?l$DrJ=;k&WIA0h*$3?gRutfQz
zHn$1O^(qUmss&x{G>5avh52r_zIU3T`{@(6S$2_`t`PwT8tj~{$l<g2H$Y15H^L6x
z@LK?%1RXD$%bCdIB^$;u@y*uK)E9A`m3<hqTXxP-90PmnnBfF*+9;+~Z7$;sz9?Pk
ze$B<$Oo*JnruG;+JdFMCj!-@pFbBTT-#6=Ni`zB@w=6vytCOkKN)HIQd`o6AZ=#_U
z6%yXl?edndUX((01mMEV?6Y4ymS8iCstK+qsIHK`#j2{Ty$>mAemuqR-@`;upSvAk
zD`TlIB711dcxA3j`SeD_=q7}`D?g$yuP__EX#{ZmjkFmiXLd*lEo2foWoN&&=c#!n
z-C)CioDJ&9ZOkBbbkd@d<Uk(Q@y4VN2F6;J0Ph|sD2#%-jy};09Q$8jB5lu_CO?nJ
z{pFMMS%x!5HaQc7exqRv=62NWxu&;9-bqF6#5gBVC$pNJBP&=vSU&BJAi`lQl_)Sf
zsbG$Kj<SX?X|T!REpIfSeswu}LDMjNL)K7xc)1>r^J?Z`VuXoEG|t`{XoVpp=V{N;
zWK!9Uh(I*oJlURvtGX!Ozud$;W&5NyvgKbK=04!2?8K>NcQ4J6lNG+=+aBh&1ipZw
z&5X$FcZb_njPVr7(~?}~DZwsL3dpCU-q%Q~p;l7^YsJn}QVrTaj~EyIAiG#C*=L9j
zrMVIzilBi*-Q!1S;2c5L@Oqw6`qBh!_=83u+gM=WT8=$7#_Z>}w?4COBlc@k<B~@%
zs+YtO;|Ez1nu*KXFTC#Qsoddf1n%nHM>HC(i%>fP2IJdF(@3>WwPQ@cmqb*x_aC0E
z)iCF8j9OKs$L8$m>{-a=JDLRV{0{?V$RY_h!KI+{-tZh4$eru9_ETxA#bo~jP9m6;
zYYz3p!xt}Oa)UtUPjqTkV-z>119GX5aBpGJjE=GN1A>lRbcoKbydiFzPYtN{&4eX?
zs~RZx?{1cI(;1kMeA-lCC~mnq=?Gg%;$()S=XspOVaTHJ<_QvDd8p%jX>_A&w?9$R
z?$_qE6XqH6H_JrVl5pqm*5R3&p8{u%-Qx~ejdAeZH(>0bxQO)pnn&Ry<e+)gHEvUJ
zO~@S-$&5TOF)>GvwVP#-*poUOqT}6N0DRIR*d`9UvvF2K9Zt!`z!_}(;q#SZInL+@
zC*m0sHLfCWI46kARddN<fwaWubFAr#r=N+aJ}f`A5i1)WZSp;T<mmvmr<f_rUZ)kb
zce7oj8!AFu65FW}dFdOoh137`;3e#*Mx<SN{n?$$xpp_H6m>ZN)2SxOvFcHpW>Th}
z=42z^%EG<5C3a5pWZ<!cnh$oLQQdrTno;E{JYY`a>VK&1aGFRt+3VRu@eWI<(C@h|
z6~FEcw!g3N<~_rzoPdKeOB-NSK1F@f&RKVzitVrGcacmQR@agozuINu)E!eI=uA3T
zh@Gs?dogr!NXOspx>Aq1t`j#-5h!{E$8T2n{}GF}1j-B=3#N>3)oju1GmEN?B>|bD
zt|+J{X#lvUrl}+1(Zei5d0I)-YfxB7c%P#`iT@_)LjISsD@>t0irkp<lPE_t`ZZM=
z78RnY(QP=#j)q~`@(cyX;;!q%S%*yp)94Emj3ILF2$kfXxfp^pRO%AiPIoDXJ#mtj
z?OjeN0dnL2rpE#CU*zqqk?jhW2aUZciMERo_(iz=MKzY?b@TDRSyeiE&lV&CNwDjj
zct-!vzaFY@**v)pk*Io+^e@lOViu2+)AwOQ&#v~I{=qp11U~{4-eFXYPO(V0PG-#u
z^uJ$$XUXutNhXZAT;k0W+{do!|IZQ=o!<|_-u5N3ocgxKMYlZU+ggvRct5G*V+$BJ
zGXbJq`?Hc9q5emXf2m1}5N6;h?TSL$gdRX=D6Zn89rBj#rc3*K{`H5JHMG0;|57Li
z1p6ll_O`J*CHXen-|hpg|4+~VLvLaoc_ZA_mr#(7|9_0|?;iy^1%6Yny&5Dp#r%hy
zulS!U-0ts@cdq_}uNye1rma=_;4rwsf2#3gk%`-TM7u{$2!2thNU?1|^>W+ze_JNw
z$9GIj*9?iN&b|*;-f`&ZXvMq2yK0Pw%j^j@Kb+#<{B!|>x;}ETzGVeAO)gEPg9z+@
z+l2pvvw0E-t;-Gq@u1<pe==a#OVovaj%y>~9`Zku|ChswfAH+h8x5Nj_FpdeUk_{q
z3xCMZz7lhVX#XGT2g2C(KYQSz)1m%TWgj8aC)GCFCZb*Zt^a2G|G9P(!H1UbZ#k&6
ze*VKYcz(EuAIe;}6CUFJPnLO!KUhAtS8kH|4=LI4AYS4w|H+wvP<9@|ZB~ZB^x`!Z
zi`jR(Z&+@})>y~K2uWuapD>tlaOARYE#ZFs>}Vmf>$FB|<JICA`JgL+gnV#jJ}=ym
zp8g^J2b%{)^xazrS{q}?a(&zpwWi`5XE7m{x}DL1orP=PPH$Cb6g@u?DieajD#yO{
zAh_K2@J{<Pj&6Lr{W2c;2i<;v_Zx?>;m*P3MV1HQndb)o=DvM-byYUizIvO(1$89e
zSC*`-$ea1ZUh&oHV@r7&S&G4>-z)5Qxl=|c#&F|8jtY1cDN82iUBSuu3$i4(xSpx^
zB!<<j)Fp9R^<<@04EM=Lb)3(S3_R_u(E4lh9&#L5XVG8dU&tUCi^ZU!1Pn|V6X{c+
zLkgSnzwB0i%>3cRof;^1|1$j;*MJB7@@O_j%bJpILACz-vAET~(CPJqm^x1#9n!Ec
zuQAG|nK=b`N_>91%`1cJnG*!YG;j_ChDVcgK)fRR9X~p(5?<~wIYL!fLeXGqC|HyP
zzP1)=+zbsV8dZjgYg`hQrSBKgy-X^(ppD@vawKp8^E2ZqAr+<ZVKCGE!(UjS+!p9O
z%gLn$S5Jr;{NerfmJBET3~i0`;)CVk_hVmRHylS<)YK8h#o=6djw6z-#CPW@I`hz<
zzll&ssxXRen0cT<D7(327qCFy$)$;FygO-AtyveKh(LoD4zud>gh;tLQ5FX`Dfo=~
zc=&%6`XxfDF>yf!9Z?-A=ObV0-$V?H8qNtd6-#sH^SnaZ7g8ov2sY#nHCGzE1<h6!
z&zQ75f*&c2SX5f{UVe@*tAv3+WXJMLd#XOsa{6%J4RHZI*&Vc<nYvdPT24zLMGiPP
zeHM(|Iy?RaO<PTdJhNuh{4``0lOIM-@Q4&GLiB5%XjmAfE;IK<a=NHUH7RCa=1xZ6
zopHHj77PG~Z!g5kz4wN$zcbqpg8XQ);1%1@LIBCuk2EHnVMyr~Sr%8883wlXZ7n%Y
z%R4lpJMqv}d4in8)&qbOp~D8oPm!0Q<DA(e)r9vjLSpv01vHSj;TGlY*3b<<R03SJ
z*2Dtcmk5%}`*?bg4?;fnZYv=o4rU6;gey!S2^sAdO3EpEM&!-z8WaOdvc(4iE~`OH
zl;gj4RA;?=I4$ayYel#{sIe%RWwG^W0Gox<!CJE3k4WpMery99LPiOyxtI~eUBklB
zMKUv#lf@TIdx}!F92@W-y7IiSraN=&w6hvGc+pbC4EgFt76Lzp`m(|x*4*4yJ`~!8
z`0vx|@fT=T>#i`)<i~bJxmaOK)BZBUv6Qv~K05~t3B)?rKPhai2})$0In-U@pNFo#
zm;2?gaH6uVHc7aRdt#)d-bGc@=ZKlLee-o^Qm6I3(BQ#zE?;jd7TuzZ?wb9P-Q=u|
zfUA@AvA++1FoCA|`p)Tlh*J2)>#>N!J2;w2(T%X-jcbX*jBrOtC!o7V*UfGE0e^{~
zeb@Vb_V;Tc7om>~98P%osn)j(+Aa94YtIWRmvi<_wl*AlAvoC<g}sr9wsITH3B(ti
zeEf@n3Khb3wS~BHUQY64>JLjyXf#OZFLH#yF+bbnQxlsZ3Sn=JBK*z+v%l7A2mx0m
zO*~&N$*^G}74!t@FB(snh@5gT8cVzLJ`<kMfpeZr1jar1v2=nxFCuhh0$dwayA)U*
z;f?^l)O5cML$$uHczbUY94KkNem+^d{T%HzDD&>owCVy~00pJ*@f(QaN@Z<X)E_oC
zJaM>?+p?^8aSc_fD|HLVXh&BV#w=O&R!dVfvosg<JeFh`!ggZ$I|BO4cxH8ECWKU7
zTbDEE1d-&-r4~AGZHRE;WZvtCpZ~CNLD}?13~Qgmw*N)eP%bX$+}j@yN7EgV%}0x5
zqIQz)8{=iC_s=rIbNzW}=u0xn92=Iz0Bzg;rb{KWjNhN5lVH>)<gY&ut#d=AeimAe
zp8vUEo3h)W{E9!AaOB`ZXI0=Rcm^y4^OP;mM#lUC5;F-4YT*EBp-o7Lx*+i}Qia3y
z)HMCdc0bSIApvZyO40-M&-}K8!{imifqcxp>l+67wS@M)Q}eJfJUWlR<wI|B3uDec
zYDI9|;2bi4hj@$eB#}(eBg<<=Kj*(_nf+^9TYPU?kc32OdK~fkzNr?VNPQkLm;9Y^
z-avQ-?fGpcNUV&Amz}W@f}RHcpzff=1^iVeOy<}1N139Pq8&n5(ZU-9#9!6n0)Gyu
zpNpi(lCq&GThfzy$}F9-u(?+@_|XY~P$~AjTlnxk4Phq5a#He3R!Y%~*WB^E4D}Ob
zj{wBr(1fCaGC_$N+29_3hc=O+lwU+muskwkhdBM2lGbqcDaHd5Rg`iKD6)}WE2_MD
z0>SlJWh=jH;-0?`y)2pMXicUDh5n+_q{5h7u*vQBR{^_U)q6X^{waI$uXZ_Im5?1x
zwD_{!O{&=Ti|4P1I6|)Y_`!~$)lg{P0emi_QEoMtV4cT31b6KrVKNiR;*x{imd1)V
z2m0b40_=3o5HwrM>g&*YUljFCXpTn>w3oovyf5{$+(8gQ3M+K{($WZXH0hs1E)>iA
z+Pu{;cPlH_O@utWe#|WtB(<yv*nVp;`B674nvTC<IFqj0oid<pV|&)5w|2zy_w?o$
zWs9%py^`SNTg_dO)K^zkZbVrR$d4HMLjTfUfAVlY3)pp9v8qJrw1(^?7gRb{JoOhl
z{5WdCi-Gb5dG4_YCG20P6voG!x_n2=?q4P?LFVwhY}50qi&>O^OVK=veP4+yNz2w>
z;z;9@@@bVM!KYY-4XfD}zPJdc5=E5PjNg$zY(Pn^LEgd@KEvA*_7ly!);tV^add0g
zP~=uupbTX@n8YIfyW<PVs78~>j7M-<gb8uFv)HLPU%Y};N`3KbL%~pMOZm_w3MX!#
zm}q?uvJ^vv!9qy|H?pouxzq_0uLLc@rtZi7=A>M_4XFP6H9~|!zFi)+Q{hbN2BbD6
z#VRp~#y7C4HeDo#Z(_n+YjSq?%IyY&dsUB`|0lqhjdHbIYOt(-H3BMxWJO~&lmww>
zTm%mBES~jRPek0(i`3|B4~Hfn8o^YGon$mR!w*5~ckvnuJ-HNnsS%UG*#la#QLI|#
zs=)r|c6-I(czzKM`@>6-nIRD}P8sy~f)uF8)W1F)MWp#07NUrEb2E9PR-S72z+s`=
z3T+CirJ$oD;*sO4&8|7Et|_M?&BlbVYLOk%#j=wn#mqgJ8`XbB!MY!JoKfThNGK|$
z-VH7%3N3Bz^3K>igwXNC1cW&lb*}BRMvaP6Hd1OG`UoMcT&0+l6fqSCXT6t*BeJNR
za@gUz=!HIRGG<isu%*=e<Y%wqjWq|&uF9A{Smh=%lzYI8WG1-AgPY_=8%#Q_rr#D%
z+D%o6K3AU3xt66v(``P4!9=UfBkIdDp0fTb5bBcWtOT^4)hxvmOTkz~)CLCWH=p#W
zsUpY4%4OH9(PN<NOV|9{4<{!&&<0A}ppj9&BXHNSVoel*^7XBy()}?b5{XY9|BSu8
zz&ci1o1`0O(%c0MTR)&{a%bZ=>N)J^ywnYZ`5y~cR)2tKCWsSl?_=Ui6%-YRddPyy
zIN9=_e1S|MNU*f^MKQQAnZeKJ_~d(*Z;h|d?Q*TYefh@3me#PNcFqg0=csd$C1w0h
zC8jVy;q+5Vfn3%tz%o9+*Ef+wlPGQ#4uX#P>7~T>(D}Z>qZ8!bplhvjk5;ZM#r(y=
zWbWQim9Z5t>FrRZ4p$03U4cJ?h}Vk$)WT;VWtI;(NyMsOmf^cHgzU6^T+3{~e_S{^
zv8m`N#5Zt=VjiHEm}IAvmk~D-Sf`%7B-7*lg^SkeaK3$`R&YAQnzL{^SWtbZRGUS5
z*+#EF_9OZ-JK9>sMf90^9(_}7QNtNJ>hOX5v~C0Yd(iB$j&MbI<pHqW#yMS>&=6EM
zsvM}Ue>8s{91qr$r`S6Z!_PmlXrB={zhpRFB7TIIwniZc(I}0rk1h)(r)CN7K%R9r
z;qJ)*H$?6xmtx1&)fk4t*~J}bUhG-yt?R>?F9Y>e=cH(KGlCqQjgO#zF0t+<w-@|9
z>ZWY28#u#~3DM~_!o&qQN2)8S8s5Tns@{_DT-~clK2i@NiTI)~6fgf#>K>pi1u-gi
zHNG{9<-|+k5!m*xzD<9i3Q&uXHJ<hn9jCL(!1X<7mXVeWgdMGx+$@EQ8I{WjtX$2y
zwQ@=SGVulooN<VaHsw#uWz34I4^Wkei6%ZNRNA@9?n4uk?MFLu6v!xP`Ebk_X~sP%
z#LXJ&YD7)r-+1GlyDuc=b8VJ6tMw_XheqzWjUassq^I1Ho{G@(mdws|%Cv)13*QnE
zHqAYNps62QAM57{A(_bf_kERsmyTO}11#{vlP+;*9)>mrFww(hoYt)_5hj1ak$o+u
z=;8MVV&R#RlPlT&f%ccIQAZ-gE*H)D1ZfO+BXP1_lg^#zfga(C64W4}W^7&*)4F+O
zms-7p^c~naOkZP4r?B!X5NTaSvvrz{bcyDc;PZpG4s1_v-e5aXYP5Y*dt6E;B~89s
zEvTp_2E04jah$W(z?T9r?6j&!cL=zI>m)L>u*j}NX4_07T1&2&@|LOwVhk?AO{SnP
z)O!%Y^Q~Q6UN_J!)QVH@R3`w3velF(JWt}`cimWq0B1ct@{n!bUI!83yk0e2{4lO7
zhK`jCr@Ru57##L`ohzRT9)UrntohNAK<_9mTExjcijb;G144|*=Ez_V)RMczAKQR_
z3j<2yw-b{3`sFH&u<+L_$Xp*_{DqzVOI}_tGW#Q2t5*e8TxMa2Io7~A?8`Q+d^@l7
zrhguhGAZ1ApF!I*?9893wOTz;N?gexr3!tSpM~p3=5}`m&+iz=kD$Y@z2dniX#3-;
z>k%&CgmL%kLq*pZ=Pbhj)D~MlG<0L8CJ+nKZ)M=a2Lxj3r+cX;E`0;0TU@^;UODM(
zLs1w0DrY$bQ#zJ`4%zXTK^CL=Tr%*a)P(9<yYlus(u&0W^SevDjrbbZBex6{r1Nlj
zcfmFS-8tnu*EEjj-LW^~QO{)?Ci;i01f8=i1kupv3UDT&8d13v2-v(`3lPVI)5)?W
zA#jz;EJym}yCr|Tg2k5?7NQt~ny*iZDBS$DkJgOt2)MK3&^GT4OK>^}!kxbLw!d0m
z&nf!>mVE-0&>KSfyFA4V^%7h#LPrl)+Zf+!zS+L8VtyeLdlE85N+Z9z&|SCHEE_Iq
z#j0v4DteB*sW`Aut{>r&^C?q#>wRSeJ&g##Mf7gTqcvd3)`wJeK7D#?Y=Q8M$}f2|
z*-nWv_6_T!>pvrJV0x~8`h&^UED;uuEisTP+U9?vy3>s3=M(v<(d~Y_dpq~z)`{VF
zk!@c0n#2zQ@v?b7?(-QYqw%|XowiOm2-ai64Ob4IyU6A$my7c6O`~3VNyWpE=LCan
zK}JahKVjjJbBh2#l=3Ink*nUFgs^FTnoBT6WhrTvDJFM)%b3BOWEw2!AVmMiVSYPU
z7)jT+{=Tvo`di_a^W4SUh__(-cffvlmMcPg3HmeL)Mk^X%=v{9V-iX`xPrOyB4$uq
zbDdkYb~n9UMDu5~Sj=o|F3Rk$*@rH!gUw_iIB5D(-Bz{ZG)w6XF0SvFH+MPgQjH0d
zvm#C;jEhwKhRWghZ?v6^HRDZ>wc|5iK5}de63~FoPa-rjT`gtA8shedQO+Uq>1lI=
zzU>b8pY`nvQi}u7${!`{t|XOapT0xWxUq?6^Ak@j{+%TB>^44QhT@Vt>3%w4a*9le
zFhwCeFd98c3#Q?)fB4bC!To)^K&JoH+m-$t_tHm73$5~PcJ;1Dq@axQmTL+gETfM>
zktX_7#*0wCEj>eVEE!3kp=zo#=SIX(Q+X_sgi#E;Jl68;=M{{JOI*&^?9hMk(SJXE
z<u2#q8bgVXKT079P{afU8S<!qrELf0K{}&{tHSoZwtYp4Xhxu2Z-^6;I8}4HxVWh@
z3{Z(6D~ObM8zxTMjeUG8$wm@Wu}4{<r>q+g4EWKh&?NHcy4F3CiQ`96=!yh=XVlix
zY?QS<yLZIM8ptxQsIV*-6<Nm!kJycc6N1`+CmOj2uE7#b6%B|@M32y2IYsK!OugXl
z)fx>*3r_!&F-``zlxjxrWDg<0z5+=gckeW>9|N)_y-m=5u$~Ztp0~ex9UqeaW&o2y
zkxuT(E~0;in-y`cWOlYQdB&kIhd#{J<o=|;)|22yF#uih)gz581UaCUQ=D7=560Y~
zR>I-{cp<QJ!%us7))rz%$Y%%UMhU8^zZLlPto6J@_!6;&BmY$wiucwxh(x;93)~&q
z(@(<aup?o`XXPSuN0O*E=Is}y+3@2&OLw99^e*9tN!#lNiCUE&BCN&oQ#j@RG%nQF
zW#797mNp<yn$KyBqp=0!5o<mzVSAwpQ}Wc5q&|h{rDujkZrg%|0a}w>r)OkvYaXd}
zq4+XpiDgJ$b_;S^OSuygq;*X0Hw?T1-Ni#{A9J{Z<@zcYLL>_@<1zaFyOOV>%NQp*
zhhKDcbt4H*rNNU6RyDp+dT>{W=%iFfQ+FQ401Lj)6%=edf#Q3k!XhGpx9sG0Oh08Z
zBL{C<O^=)+U9T=lz7+CB-NCf-S*sg?2$(@D%-S+lA#$QHJ``PkS5hMQg_qSw*i^9?
zgJ-#4{wlyATm*o3=~=E74a(drie<cUhp>MKE4ocSJVz7Ijs<WmCy}A&Qs#Q_R8h#r
z7EpMjndaB=32W;K{u*PJ_%(>YgTW*D0~bW#W*%E2xj+dDv^FLzEtRIs7!$4U_+)y@
zTj5->q<D+jXV$@z*3^y|g>E_9mr(4cbIIxMOa!opdLoBlzXeoR(if*VWZW1a-|3_W
z_K{;w*?jIqkER*D%Aj61(4})$9j(U`XQDhJ5vK!f63`nR;;_GdPYavukeXvfLJ!h*
zzfG1TRCm9f_2StY9$lqs^VtzGzr@&yBQ*E%>9}pw|AnFj9-mjs%N-<NMxfh17Y~;L
zS&5MEYPzzRF(&Bcm|(_Uh(ip7@A+4WTI@1#|HKhfU;GPfjW5$EQh@5QU*}-Aw1j;w
zi*e0-ncAHYAl#j_DGX@}v3FELmy(iF?#%tu9@7AmR4NS?vT~;-6#bZWfS`tQ5FX<e
z6)ez-B)&@il%b12Fl`dc-%4yGUXZP|gp-@UCtIe%iW^m&;kBi{YbG*w6QC=SYodjg
z^~n`GKwSzGN{I@i;9MZ>??e5>82wouxR=3)2Q)p-u!i}Z;YmU9_sqNQe&M!bw8Elg
zl~vR!OV1W2uzk26hse(mPjwc_uW-t8z>ayP9LbK>Z9AXFS^E&>n8~GNL&=7Eq-*NN
z!G0g*t~&2TOB1=j$5ht7>_s}BAg412C|X=H33&+r^ywF(g;`F`qLmn`x4TpCA8Z)u
zIUe<Cp~HnAlL~9jO-oKXsW|>cHz+fW$w9Agqt>)Vyz>5J+a$l}`x(ye=!^sNF~%(`
zkh6pGDfK_1tkC*v&c~0Yzs?o_Pe1a(_`g1pA&H$wHBwdW4|!ubr*ZSW@4-q%>wJ&a
ziC?>3_14>6MF30B$Dvy=&e?hrw(0^f$~JRyBC1dGn2n@3g66k<B4{CMGt_R?D5e_l
z^W(AeEm6N$b6}@QHxkkMqg@9I>0>AEmgc#6TQd<0i4Jq+EjGNz%ce&wQT%Pm$;p9<
zlIS92YqOv>td8DR%c@FttL#^hoWwMa>{^=IR#{>Wk*-cW5DE(MkA=~0BLI&^?|ey(
zR^DE9<?q70TFv5tT&LFp_9N#QWPJ;$PrFxp{lYDGDhQ!|fHG&(yZIWVMspML^#1f*
zvTLH^=l0hVM%jdfj}7DU@^VhsB3No0^#Q8V8{+K*TXH|3ALqDa5DUPK123w#As>kt
zIZ1J{De+eM$uHzy7--3tEJ(QZ4HuZ>=ZAH~g~OOy351$%t3RbE2zZt-PBQB}oD?oT
zgS|36>jI;5Cj=R!@1%0`qcAcumgriIL~v|w<glhSNJJ!5OGt?lDRr?Bl|FGUzxAm4
zh3Iz^*Vo6K<X(eY4ew3_A~SOqqk^<FPi*}p2nA5k%xp;$Ez5$8PDfB!FxY9_q_kC<
zf1>DA_!(%{T}My_?r-TRyek^tyKhld9XqNU1rzYW#G<PncWiuJId-g-nS3-e7x&I5
zUatFkovZT0w3ljxfD7l6CCn%>^5{AkV{&9`3)sYx50bN`ni~o6+^~Y0di+l98?0o2
z@BOYON)nw*@NoLGzGsX=7GyNS5Q$My-Vyx$?^4Rb7fwbMSDMZN)9fX^P`CJsFhBhp
z3H{FZSe-mZGE%Wkr=LSgRbD1Z6+eHe4|91#|FE34C38h#rx~0X0z~*_(K~b`<Sy{M
zk0T#o{wv!;6%wXi+xS|F5TIoPY5;QU@wgHAzPoZq&h9G+{XFcZ$r@@kyfw*H(?H5A
zvG^Dt;q@7#U`}6dLIjVq1{KJ!O{G?3)BLO>6K~|wo`mt@29K#&o@FCCJ4P!J=84z5
zF7TI;5Tt~9NZe`<*U@~>+4iSeCfofb_Py)rUNV+E!Fl=o9TH%@B4r&Z_AsKr(R3Ty
zr_D7XyL&O0p?t2S6+>f`8~KaFO^k)pr=B0zl^-i4O2qX#*EA;f67OfGrSP+8S4SI$
zm;Db+&BndlGrZ~FTvgnsbc%>NJ!2(d18%I4sGW;pQIwNS5q#656g1_!dX~S?8*IGr
zkod09#-dC*K;kiJEuVgwvYcCyO+MxTzlV;Ab{G^wWQFd_>zSTwmuBXgvDLm9r(MZ}
z&pFPzQ;~`Ms8?m=L3Iyj6O6|1i6)0#Ggyr?YjoNe(dWjgNt{b<cyu!>KTtt|j;*)y
zwb~^J6`8l>SrLlOD*R<D@i<j6X87z`D6WQ%Q$CVJrq1hckhALHKDq+0AHm+3O<tv)
zx5EhiCTAUs&~UN~E>n>fx90o}wz+d}rC|E1_TN|l%?2iwA9EmUHAS5UCx*y$MBD6K
zixg!|R`$Barw5<;GYBz^OVG`fD7~vFSbLwom!xMDL^{k!BKZhPrevULEs>^)iQ%J|
zSH7J2aIN-NeRtkXvG^*d^wsFsO!4FKYm84(_I2}7Ai&j#Wgde_=6L;&nv5m0R$2OO
zom`%Prv{c`wZ3g!La_M9*D>smberz(fjW(<-J2(76a0Lybs)i0j>n7DgusFJ4c2A>
zn1QRtL2SPLNBdUVHQw8-mOno~>Q5D1-q07oc~@m-bQ0RR_+^M`CaCi58Zk%9<-0q}
zHZ9AUHE1o}jHUgRssT2C_~L#<M1)?hUvr!>2;J=v(0VxCS-(JsqIcTr3!46zso+_-
z!~{CKyOIX`3CZ38Mv&QQnGM0x;}K*LkrZQII1!lBg+9`A8)up=iK<0rZ%~y|V$rHp
zZ-M=t8j-4RcO?Uk!$0vJ!gJ?90T&jcyi#oMUxxpZ#{`?yN({fdhW)n5ZVMdaEbbP_
z0!K>=>O2yqFW1S}HVuA3KEBh})k!t{*&ViEV<9FKQy32F{~qK`eorKO_>`UdX^Uxi
zLM#50vuqdr6>vaGnVO@HG|D1N*s(M?Y?|~`f;hnvGjFlfL{C?9getiB5-*YZ9^8O(
zPk_`}M1w~?epJUDIKsujhzY(c|7c9dFnMGj=y$>^et<2+HJJLCIkxx!_9>`3KyGlr
zlre5TLMou(sBVxcPy251i>cmv(N0PEn7E`?haXDlQOLM_mixp>Si1~Q%_upb9+ryO
z*ndS>S@S$9`?yrTqBl@Ckcv`Y0zNP)J@5Y`>zv~=dzOSh@x&9`wr$(CZQHhOXJTVw
z+qP{xc{BI^cK7bS|2?0B=X6(}>QmMA?J71eYc%}VL}0@G0^EVk!eS@Tw@1DYs!YrG
zyVQoJpeCqsb1q{O?J?+C5x>#18tPt|$>YTt22y|{X=Q@?xtIJZ?CjJafvC4*1Buo8
zC})QIh+J4rEP)>NO5}<|y-;a^wBNND^v=1Q8h6e?#s)9-cNMTn_$FNV*&CZDnW}dw
z^q<ZO&|ESP3c#71gHLnVAH(`Ot@=Gw0W>>pc>&vp;^iG7u)f*UlURo2uY;Z-CS53F
zXj%Lo=klX$u;aiAzb6O;2htrO=^R6qjg6~YyDNxK-(ZVD&?``C{Q`o+oerPXb@0&r
zeZ;=^1nBs;h~l{Z(wXK7f4hW7JJA$^{G&Sa>63MM$fo(nm?i^5*J@3@9?}ghtMyYy
z5+5RFH=APsBkeL8JQ0wKRdHvFWQ|tn6yk8&{0%(6qG2-<t;6jY0MNZF=w9q0h^urb
zR1xf}G^vI5i-p$foh*HodYXG1$S!TX8hg{5_Swxj8xo!(D}+ZGS*sfXn%Gl*Ef7-C
z2DhAb9?1I%b$i7OuUJv;DvI@c_uaUI)pOHF-8A;vZQsBE2*3hL&1_sL%$-(^?HtG}
z8{sh@-_^}EOn6_FgIp=o2L?11GiJw!sR)!!Mob$i6d94)LQAe4Ml#64o8XMIjhubm
z+zg2$UO2U2e9n~#>w=^5E9nfa>n0O2H+FgiIN90c>S_PFcJQXJ6bf}WTR+!O^uwKh
zg7+$dP?Cu9sT1K6yHauLb(pG1`$bah8jDmiq%%n*7``$}9$PJTPS&&f@}5`d85XL<
zk)N$lfgAGCPhc}`5vuBeE-C1yJHJQJr<`4|X6?-)Cu~r{>6g0w6;RB#LgbPRnwg9h
zKHauOC<hFXF0s8Gu|d3&o&gNFv3lE`Fh|DBcPJgkMsP0!Cr}uNzNw+eq8KEzqbP!C
zOKvS&Ru`p4&c2$6!4R<M?x;{+8krLexbV$~lW(VK=)=W3=HeL!uhZ}W`<3B6Qq}8=
zi)`~^%iyVN68s>tN@NF~3}3pBHrB2~p`~!Spz=fGq}S=TL6=N7W#|?5Db#6FtM`YC
zO^>^GV8aq9eYa!_*7L4vRyqk6O=z{@)DESGb2r-gMyrz09Th{V9I4OMPk9_%V&?!a
zH?-doPlmuVahPJZ_u~|)w86y(X`o^y*`Z+tqW1PVaJ_6EZ{y-d@7H?-xlg`$zTO?C
zD-&zJxUUb4$6D*hQSvetAENgi0|Cw<*LSe|Q|IX&7YW$e-1okFb8D|WvK^cHPe5UF
z7){js1eY>ho4_cm`81*4URcXRUhe_NE=-Xpfd;Vt_mUGp-^hh+(ob8JgmRGU;vBrh
z&Sp=QJ?2caPG5knFDPsQ>)s#oU0sFus-q?cEO1&mz~%VuNMFNi!5>3i_QTG-??V3k
z5d<_lX%9im3a{+h;z(BO5y^o&iyXvwlBHh2kOc@e*~n_316GQ61=V?OkZek#9?WRq
zc`gF_cr&fI`!}v}64s3HrCCo~TLBX*8Fra!`)vf(832%JZW+CMV=4uXuvGJs-;sh%
z2W*k;i}x2<!H}<`{{cdBc?iDAj&jTn03gSP(KQeWoYs)U^XBWGNBH-SYptE(*%$?G
z3KPdk|8qUlqBu`*CxLaL9P1Z~X=;QU#X)>O%6~(Qg^dsqQ2IG@2?1-4`zk2<aA^rH
zo%e_@=f&~#9RI~L;+1jKRE(069ckRm4iZyp5Z@YCk@8PR_4uHrfX@(UG;a_47;i5e
z2~xSG67HpjDDP~j<iPE(i(gQx{)+mBET{8X$`+~Iw64olK7&+tk78FiQ0!(JWD~Ms
z{dXCzY2*);2Bp-f<=A(=Y>je|UN}ep6TR7X=g;LZR{a-xX9SXcK=F;<WhCD%&&=5P
zDh@`kvd&SeaV1af(nmd#&PkeETT2uD!6B^K5NBtn-aTJ&cwY3(_SB?-<Van2oRjj0
zJ+)2IL#69Qa{th+b7zQqC01o0r%e!2lliQ4530Hd^#Hrr8ok%WD!3Ay_iJi`AurfS
z#=6$mnPHe)x?5jYG_MIx06Anf7rAXysynS}kDTQ18}+8%I7t=u&k>(BWt<g=f9Abc
zIAORV`3LU#rmZa3Tj1>M?7XO<yku>u=sp6yEk(kw3JD@Cd?btF%=TL{lg$oZ&ySCX
z-hB_~kyCsqWunJKM&V6Y;tpzaxybK;0WWxptP833PONde6Hj^qz`#cvqY)<~8f*vn
zG0y6qbzh<GYV-txZaWqKq^Yvsww{@5Map{?=W@X8XKaEn6en7wxH%n)jMim%m0gaG
z9X}VIM^aAxHy!muB=?J;+bNS9wGRLYRQGrqueTa@*$(;tqC>cVUPo`XK>mGg{|7hv
zh65=6#;sID?YaNYO_%^A-zNAPIBR?8|3;*~BPc3=eZ}h7eb4`cRj~p}f5%pu5o}%I
z{t@Fp7}s}0tN%t_bnr%A{`=5>(SMn^-AFbh+t>L28<P6Qlyv^`Tb=yzcmL7jf8WK*
z_l;>uckc-O-&Xr|@_(Q43L-q}`_DJ>?_IY3-<(#KZ(qd!*J`hz?=x=@Vv|R&LfheJ
z4<a$UkuReU6a*=e|I>Fr3~Yc6=&io9KLHodrf(Un?^Lw1@d_-4tiqc+kY8k=EwHBs
zJ2Y8?k6j%BYezx`tEG5e<C)7J)9(||%W|6GGU}6%b+G7%LDL{#IPW%BfTa>ruH_Ag
zd-(9QHklGzPZ<vT|1)2Fiy8Xw&_Kuj5wJfPMN(8$-2Sd)*%JhbLhE=eE1Av+j)#Yb
zN~`NDfNUbeln;V^-PVVd{AhC{q(y~(>{62tIwST4eYJTyq@phO@aQqU#et$=MD#W)
zlxc3!bKUt}XKDJK1J4=x>b>z-jwX7rhe@zOVG;NnIm|BR&ZZIWdkFjt?@-?~5v1_6
zdppFHS6N@cU9p~Ev$^g69xCSVc3So2FV$XkzQI&?zLJB&Vn=4!bgDhm89zKcu!>W|
z$Z*~OTmKoURhg;*XQ2B6u=)MrJa0KQ#L*bF{5UE1Zv7dkJ!&K@WrZ~;C1;u;;Ca0t
zj?}SVQu!!wx74uo$t0}_7`%ZI4OUEFLEKGy0RSDhw{J8gv_VbhBNy;T#+OX5(A7oH
z@QPVMdiZ|^zFP+LFSXbsd$syq?%Ng?lawPeRPw>SL-)e?z~N}pX+3@*pA-Y|>m_D)
zf6Pb7>cX2*GyR8+{H=P7%5GHr$FEGv;FsN*fv&)qu^*aj8ZlaHoA^(Vv*Ki~k}<-T
z)41(vN~F_^mScPqMH)AxYExdIjJdQX813FjF}n0cIaTESU!FG(fm;qBYvNA<cD8pJ
zVPEMyNd5wYNyzQ>2VeQZ_7}bxH2BybM1xVLC&)gxTs<?R@`;z#2!;eFziyAKX(vP)
zP+V3z6(v|jr(lmTx_CL-XI_MOIV7*z!|Kw7{no8!DJe6LY(k=uI7+xQzVO6dlyl|o
zP4Q|2uAeI?NI6N3Exp{ZK;0xoJS}U0KK*~b<NPo6L;{SSs3E7%whio_@_uAUl_WMz
zvQEoBsQ-3|KDMLDT-xAXj5G;l!X-+|uT|v#*no%gdU`Ux%Z5~DP>6Z~OZ&7WBwlL3
zVZUMY3x^PF!xYoE>53nB=nAV<w+X<((E$;FKvsS)r~V0qi8#)-JJ9EtWKqnkxz|Z$
zrNCtP;F?x`lX*XDDDB^q=b&zr87zp<hkG;qxxRXOJ=v46aj5e(xdmLbW^-8ZJYl2%
zYu^J6Ny9<TDP0W4aix=&=mUcho#8zgAWCW2{pITU+BKpM@!@JeVb%*7ZzjJYg~tud
z#=EpQj)JwoNcG5?s0gDo6{F*4L_PuS-DTXg$2y3QdA8+cDmM$}9sec#b&}gH!G8+K
zuj=pIrSj8BZW8fyEG3JBzUDTYY_ogd5t4sweA?qQ0sZv~G@u%TTFbsi(8s=!)d#Ue
z)CbAxKqv2{0gZZd-+N~d2FliNYQNTB=We(bfzCP;c9_+ggtj$APuUXC_(i6Be)^X<
z02T_-fJZ3H;RI}O%+Svk*H_)d+;#*$muDSwULh$A(3c>CPeq)Twiy0tf01pW1q*Jo
z{4Yw!nNCr{51b!;??Z50b2tIi-<%mCEX|h}EU-Y=JTfP-0i%;+w=L{Ce<S*rm!d1H
zT<wX!a=$xjFA9xs&ztl5B^QiBNpxQ>U$eoiA*?>rFPC*DfIUy^5G_%qs2kw_mc=Us
z03<s*d*Pe6&dt83x8>jY2`tp5NYO>fS|$(xXvMyJtObxkI#ZV##)@<;KBT?9E5Gm*
zsz~H#c+Qm1C%j?lV2=w#T%$FXv!|oFq00b%X=9D3ctdLWi%j@c4S4D?p2d9Ah7vG;
zQ-tW|m}>K<k>LUIbg!_GTgv-@h`&U<la}Q&)~4YwkI!ym;V+k&PGR-g=N&F5WbY?O
zPGjlY?xMi}(q*@K;e|RJjn7w=cP1MObW)et)w?0#A$@1FHM?EbzE|h<)s++w70Poy
zKYo@)hw#9qIUk0|`Va_eIm?~u$L5_0XjJr6f%-}Z+9lbQX=p~EHWYX9>O*rrfeC>5
zCdbnH#@{dq$+A3=#0=xa1S8GB#nfe{YWJiYaseyz+R?>a3X_(=*1E8RDma-t#`KR`
z94b`5i=dg5m`n{ySfd0I8DUf=nnR$*i!nnSlm||S;#F3n#eKP@?~Abp-Y=pUlbhTX
zu}ZJxcj~iY!|xO}ve8~7*mZmWO=$Q&0akDes%8=riz<;1I7Uxi@!D+C<+AGm{rvn=
zxi}zBUX*5;CbKd9Ld92ktCH+DvKuT5m@;mI&Mf3RN0L{-YLkJ4fnl782$DJKU>u*!
z*TJA2kiYTqr<+S4Q7=!=z${5n=sL0*`ZbCD)t=ETunF4K7|2EamJP@$ynS|hb5xk7
zsP25EFDddo=1BaAhpS)a+yNh73ZWlg?>OsBH)4?q<F)KsD9&oLL`m+2h3fJIDc5*6
zZ-oOGbX^h16&p%E+9Bv!>dHg!PWfCOtRB9xeQJ!e5Bk%DG8r}veUAt1&e1@^x~J`^
znOq<AFy5aaTB1Xcf&rdKyDpGW&g71h_JVJBc7aY4Xbm$0!6Cvg$TUMJwzUjx-mwKk
z>ro4-&ThD%O-s6ZqLhb-i3T_Qa4ozBxi-~;<QpXO1r*K_JjT?cqp3g&Py8|`3z}4<
zIdJ}k<K~*8w)Dvj)cJAb+J<KYz<C%m-cC;vji{@M-cZ`>omc|ab3i(E{Iy&rQ_kwh
zT18nqizye5L?TNEB(wyUppT8(zC6G6O@bgEjir||tI~UWGL`N=YWI~I?gDyeBAgTN
zRG_7w<V%_eC<7PKwN$O2(D4{*v;9Z!6sQwp#+&%?SUJ(P@53KF3&4w#f<j@<`kxQA
zejZ;22^$uCejR|N;-m$RpDI7Q9m_WE$c@WX0z>uCPP-Q{-IqU?VYVf22|!0E8L^>5
zLduy-7U^)oG#dBBNIz_X%q%awS0Y7i*3Qho-fw8qDsi(Dq1=(Qn2Ed9@!)k+ZK|-T
zZ~1(2;S&(poz9c-y(rfitU+XRd#RI}I7as#*kstgj+-$uGHySMcw8T4!msMbYVzXq
z0~?t%d>NLlhO$6X*d1DOtWH$k^QG>wN@$!gdEVnmLQ}QSn*wvTFXs>VHRLA1#4~%{
z)+5k1bJV+Y#D}k|0#mK~JD5!EHk@E7&IE;1Su@s?Yu(`NOL4CR*mfRLDK0d}MvSXr
zZrsWAz;oSD%M3-aleap8CS57!eM(ZSp6C@9eg1%9Ao`T1X_3{y``iy!Pzk=kSyb>@
zvuiqFydZT@N1hvOgk0qyenGf!OGLcn^%_&#o#W+x#m8ZBIqbFvuaqJbprLC7zcm<g
zyuN4X*1ZncN)&5JNbj;*=emZwg=*1q9cJ~@uY(C&ye3+fllY-f)8HLk_w@lap1VHd
z_~S&*4_*pU+?@SwhT_CRLRoL54AW9HooXIjGd{q5gkDR>8nI%yf-6}^0-?O=n2oSj
zH~}b5Tl$L1bZt2Qo=Dz9pq4Nz3j^_-lsVttoKH%QT`f3OiRu?cq{qOE`R}1%BC+8S
z76{~3O#6U%0TD0oeB)|Bw0bf}-Jvp4%9R?GhRZaI8vRFz`G%~%&Rf{&!s*K_iasmS
ztysbbHmt!+B~hB+M30TCLW><((C|O`*&&4H-H5Eup_gDRK9p#YReHT@2<=3GZdC-s
zQh}-Y;;<y}`n;Uw<1VO#)&L0Q+79Ncii(7pg6oQE3z|YHy@le1V#CU$AuAE0Phh8h
z<umxJ{7kJam%d4Mqy$f-tA?*JXrWfq6BOglP>?Id^Ta5-MKb6FAnvi89P|QFMocS&
zsk<i^N6<zDc1sC$pe7^1VJlb84U|I0Th6JM$5XoOY_E{kuwvUGR5vssIZ!>Qzcql9
zh;Xu8Uf1GNo`>PM=<Z>q(~KXkGfzBXnyCKXLFwq`y<#>r<636aG@+xXS^9y$M{Wl*
zvz#b;^rz!-f)N%QMv}<+_j3^=kGaeK@*tf#5)7kRq9n&ri8!{Pfx!&1<!S@CP}?J}
z6lsN^SG}utLz?q6>+n+AiYQH4t=byLsb1m{&kjx_zD`TA<9v$2i$g15Nmr#<-rX*P
zB12Ke>Z(dB<iZ5f&l1IhOP{q#$Wb@DdeZMw#7@KE#tTujp9xi5h?%2$#`ctO6(@d%
zQaVCQ=xa(r3&yyqa`ByjViL)^ebMgX^{oQPuFeyXnNfw%9Q|i#T41v&f_g&k+~LRV
zu$u8UT(D>*!MD(=ox<!qt1@|2X@^}vn5bSK(T;*tVj^N;t{nz8pl&VR-*(HBQZ$G{
z=?dWJLb=M`qJ|Ap(=Sf@{ZL!O6Q0kT82(m*0SytCD+wng(q(yHe)nDKmm|K&YslXG
zLXwdn!3Jembfm~FLCKQ(7)>(!`q-p96-%m*A38d%fi%&|xfQfA$e6}?_qvdt0>*tI
zXqzGHez9WKrfjO=nH5WRnwnFjo~0s9^03onl{5IiB-4J4f$e0+o;3K@z!kZ*lDak{
zeR^Z}?hba<L5i|GV;m06`j7gRu8Myy(;UTnLZ>n^fYukrd}q?o;h;^CRZ$44)c6$l
z@<MadD5stFVAsb+uFU7IN7k?ELNTXklJ}{P%}~LmJWs@7v-|+eoPj|@3S72TPhGtQ
zZ<6nFxPy>us+L~98SvV5e1>mQ(hv)#6w8|nU%{C*jDoL799Or5mMk9=_8gcX-BR%z
zKjs&teh;y|Y0i8@T(OXzjj9G(QxK>zR^^1jV#s5?pwu@W7l<kp7_G3p-=|z~hYCU)
zd0r*~M>1-)rI8fwEk^%iHjk_44bLC`w3GT9(}C1SToc?H@+X3Iba0C#=kXcDoW&hn
z+aYK86IO3tIAEp@Lcn=Pw2s(P3guAbGSjn@9mr$S00D;?^=_nN-zjUzN02b#5Q*OX
zD(5(+0Ymvo$7TP@C{&`4Fbm0;i7P_^V$g3R#=Dayw|g$bxsElgN>>Vw07|{|$<eGu
z%<@^2xS|Vz{p72@RgV|~GBzM2sdGZhp%BB3xB1bKB8hJ{`<{87a=FbM8UMHU;-h^9
zv^kO?Djw;k744@z=k8Oqu$mK7I1Z4$fT!GSE~bRL81p1X(x7TN|NQkPGAcz#&r&&>
zh4552I%lv~!?B0QA#EMwYkp{UFlB?0$?qGBa{mG;NUixO!RNWOToG2os_=d+LnOm9
zesb`Px22gzQkFzo*uIR&tsrGYV-h^#PeS^;Y+nrl?!k}&15IVLC^ry%bOpHMBmn00
z3!N(==K{w#_*o7zujs)7zQpDmy7ZKT>#|T0d*P=0AN#J85OsAvT(Kxr9&{F?-%&L(
z-iJJUNsjEuZZ)-heM2MBvN^C7M&_g1j@7`^I!VK!5WJ7R9&}C27=*q7(d31~Jw8^$
z{1?6>t>xz<S(}r=mxbRv@Z8RW3V8GrK5OqtgF&k?REq@_{)Z~AWcq;)8{Tg@8}N}O
z411wkjPbkP09syf#e&3pm+kiGLtf7hHBf=?m(V*snhV8qf#6@mbog7Qg3_;dq;RGP
zaNCt7cv}F~-J<E$#K0mVbCTu#>C0%U)SRJ>xJN0Vghna!32eP5w>s%quzfU9h4<-p
z?TM34$lPDQaIiQcS`XH0JKn!Sc<QyAb5b@Ze<CjWq*Rtflk_4N{(K3MX>z6-Dv*rk
zPaS>$a)dFNZX~V@BwNx)Wqzl8JnY9amST=Px)QqQv`MT^7jYoLAddf#eiBDjAfU5Z
z&@SU$`-ze~>%@#*`&&2_{eUB7cx+akMzu|CwBd=B`eZe8`-dj0LcnY<Q)rkNAYPCI
zM1bFL+*eofPsbNccdDQ>8mlpJCq+d>Y>&vxKzZFak9yd%;RE~53s&GB2^HMs<Q>{W
zZtB#>Z5aQRb!p@aK2-WZv!z18&nE~;63A;JbCd2|JXFI6N;KfU_M#RFNlrf@8dMxg
zrSm;5a#m!D#3)$#l(uK!1fB=SI@$!Iv{i!&lhg@Bl%(XUX9k}8To4(2U&`rm-m2u7
z!~p75laG4PI>n(X*Yt`H<GO5wW<F}v9ejP<StvifMIQrxQx39`hVJ-J&=FnJS0Neb
zXtS`ip+K<fwzf-zO+?zX5Y?B+UjHpRG*Ld?7v&x6#87~P!K9!0J6VsC$nhoZ0aN4P
zsO1QZ+;v;iRjlWo%u%*DyFqSbL8ac;h?mpaLKXLd9&w8A$DHj=p4qxzZgy74$=VG&
z3w9^;njQW%xBGa4o+l6}IT<&!6C;3My1>uV0S4FXmRm<5wCcmU#18R18>SL4S-qzx
zkLMFs%SqOPwujt=)5`I@KOT)b0?=BMOe50p7}Hffq0Wv$OCerw?rT8yXI?`IpJZf7
z5igP61-W=!fkZXIX2Ak+@$<?y*!Yx3E)288*R?}}__BGYi4k$A`prR#w78Ym(QmYa
z!O4tB;84V2+kW;wsuReAH%G6^6V3$i`klB1zQ)Q1H;PJ73F^Jj3HHOW%G=Tf;>GRS
zoZIlK2BMJLM+vI?#SM+d@s&vi*|EKwWyW2T7=Bj%I&;D5<2+H<#gZn|mx659(rw{M
z#TMM`jZ6b**l!bdHONu+j(-)eQxC@F<i^m+DF8#v%Lg!u68h-`1Y`LVxc9CGk6Mvb
zT}?F_zM8gOBO`F6e+D-dq#x$EuwmuC3D?GL#~v6iCU@dZc85B;NYu<{62j{&uf6!`
zlYdkS{Zv`lR~Xtrhk|$T8C8*mP%pa~I%tt5T8_+P9o7FPPeM)w%ePu9q-WcxPe>=_
z$~LpNxE28yCPX_T0H^k0jHVBx;7C8^<f%|eE^h8lBC6{$b!Nv^n5f2q7b5<-$xWmM
zX|`25Ra$0@-yD}?31x++YlD-{`w%$YBEam3!sd8&RZbGN3GWUt_sX=de}vI)^SNm#
z+(o$V+FBwxHhLH7LG>krUt7NiuOi|)!05ujb=ieG@@(vSoKS^u?p?%{SQ?pV8njVr
znRX53caj)s*K}kv>_M-SIOi^l68<D^c7wN|wOLuOy}gj3QUK1Mki$wU(rQA2p=czC
zWev;{`{%8)cmviKr!RWi>_wVy?_Y2;=$@BYQv%A2RXO&D3_bIE^rQtm_JN!5y2A_Z
z?%<S=*&uRiG7r%>DIi*!QIM*A4ojg#boV$3IZ*3bWGD^vP_b7AZSr8&y>lCDVtPKU
z&@OVevLtLT16^hl^Wn}b-*)ktNa802xI#r*ycHfK{#uXVXD#EHONHxG!xYf=?ykPl
zpMzB((Q<5h!QYN!M1?r=X<S<l7(ys?Vk0RJZi}52A$92+J3OI=4um==l@{S(x}jq~
zBXJ=E)K8k?!oum#>M3h0B{3YtB|eaAF8f19cnzk>bjCWmiqhz>QHkk{BKe1m9(C?F
zjp*oFaBmwqfid>zj2bwC|4j1V>{JtiNEFNAq|uGoR_Bxk$Z4{qRtQiY4?!q5M5g|7
zZG{bbYfq7tm|~D@MZrd*88t4wbG7(Q(*f@?AX-hPYol?6S<$W(ejfN`X$735LOd0#
zod-J*Nm%zJ%8g#ZVjy}s$rtmZu0p9(Axhxu4Zwd6;yCF$@y0x6{?cq=_(aZpYj{0o
zT@_C8EnRkBrDDMeU+>KB59b6G5PPDxSbA%RdahNs*O7;TkO@?v9hvI#5SRy|GbRuU
zZF&+L!76BBy-NUhRi0qVKVl>kS(HfJpeIELMGx1R#7lBGR%ONPIn<8)!Ior(EzzjN
zBjQG<YI`s&esUNvU3|#nY6%q%0IzWVV{<Cb6?QsaBMlJgu;+UH*B0vp7UHjTuA#Rp
zmPlVNOeSF!Yq#`9?$Dkfnr71RvlG2yXKUbi;9cK!Zi7(ty>n?a&9n#M2a$~<WgF)P
zSkd0;#6ewKGJJtBBCNA?%A8XrH!x)6+#hrDO!^ctrI^j5r)+vIrXA&6G4czR8cfJ%
zY2$6}ot}C%4=4GKQrEE-`Iqo8jfT)?)|W#E6NnALVWZHN-#5WCD~v|TxMCwQh%lX4
zJVJFKm@fuL#_+3xPXG!X>v@$=hfVPwsdi@V)LPu9Pk3Ry<x5FepjEbL?Q!vnIEqj;
zQou%pdgWT?#n^I`x=047*;5489ievW{Xy97gM*fZs){lg+d+&k3AV}o`ixOmj^PeD
z;0e-ZsS1(K6#VyUN$0`bC)CN)HFurjj@Q(dK-q`*bS1uwgQfyQBC?-H*xp^azM~yi
z+?XJ004Af(Ti;2_NC`~_;A}&ARaj&gI<eq=D~~4gYA=6{-r@%?mD@NU@Q|8|@t4=J
zTj3qddOSL`*j6D8!6@OnNE5V5TIMcYi0_P(YQu-Y9w8P~)g~><HsGh+%QWhj<SuRb
z$0bG*NUX5!uC1?zC-i%Gta>#C<;BnDml6qflu+ls>2YR9GVSJpU5P9U*bS$C5vn!z
z-fVO2QfX_Hj5Xxbm|zGB$xmyR?&`h_nzO}BVbRI2Q?6xbfRK+FF<?P2YcGX6OiY+s
zSqU?BNb9^@FH36@CzPX*-_;mFcKi{Bz(!P#sO@=1)gd>u;Hs)1Cs(07TC46flwyMd
zLb|0J=ysdlbC$oR$UrJEF++LvKKm6mqnnn8=EN~@L=+LU&x9pdKi;_q?5rSA7%h=k
z&PFj8SA}1XQfC<4WIr|_d`hDxZ|2Q{uvr;3Br9CS9S3@1rijnf3?rz>-1kMOr{ilk
zXh`|JSDTU^eo;DQ&yd~3B2^!s9E*#+tN+uHDZ9-0kEr9-J9AP6AxeZDDUUP!k?2ar
zTDE98bs8oYWV3r~&%gw<H8wZu6%qF@AG^UwIfG>gM2}0jxoz>wBz{x#WMfS*?mXBY
zvp(G{(;X|0Sb??aVtG4Sdy3N<iwDlNM&2^RER+VAU6~vF>JtF($%9zNk|~T%_|^tR
zysS;)qw~_naQ*K+PmEgC!|=W+sgMv-t#|xp_+>K8b3j9M>MZinb+;&V(#)bR?hws&
z_1-N0X;_rE=mpfavfRGQtT)Sz!rvjUC3j%gx9=?)r~pMwKTQXN$w2$9n0qGXV4t|I
zAx+%V=CswM+oQ;WXBvj50d2Z|1g;N_S6$o}v>}|NR+?xWFEo~7Zm>Bcat>Rncex<!
zrhU50Q6;TU8)dN=56#S$-qSNW9`ES0g`Jb(rRpqC7cog6ec<#0(jYvTj<T}2f~|{K
zilssLpd!q>r>tkTXq7M(g|<ZU5pLKfd|k7jPGFfXX9Uzh8UH3h?<l_}e$5*7QTSSw
zy?wXuY2%g4fQpg-VA2Q_GB8$WOcpNoHg0i2<A~B$%s38E$LZm>(eC6@_V2EFah3Tk
zCNX}`4Xaz32R||*9B3j0afv|fB3X!y-1}VIqFVXeJYgFi4u@0OH=8P#q6nlOS)M;T
zO@d#-22$}ByiY!CbxK`vg`XdjUa6B+-CZ(U3Su?=U^ZWi!P$^gj7v-~H0Ni{iA_-;
ziWN!glM^A_y(E|&+Q8--%I*Toh`o$8G{@{0ZVO~7`ZOW?M6~rN$7%L2^xH1Isal(3
zE0pUQo@D*Yca>#F#h?NZh2bb01oeAtTHuYCH^G4Nz?{&CJ3D;@JR~&BS}N1Fwyr{j
zoP0Wm_n^xxo$yaqESaQvEfQ)Dj;<i)uKp8dc8V^e81T#I))cT-Tg-0AyLvTwR*yF8
zASxM?Jj4+?Io->&dNVqUW%Qe#`@Gy*R0Q5VUOXm3Y&Ibw)kfFfx@gRW6TOCgUi*at
zeTi6M2N<_;U3eh1{#BWwE1>RF_!C|0JRd=eESWt#v+*F>=lSwl?|{kEfP<v!!&Vyb
za^XCb#%^*Ao4A6G(BPB(K42|uDSb9|HOK>rbScP6$a;MYW3|K_7)X^(D=tTUV>jy3
z+0)+6<6n3s6>GE`-SI2S@|w|4o1?`We!a9TmL<MfrHK-|t8Ah%nEYX5&(yXx3OOcP
zJU>e<e=NnQYQq2B!5SjKOVasgff;ulF)@w6Qkg$*94u^rtf3}clPzA5T|ko>dqx#F
z2tF+35s;wdAy{;O@FS`sY+RTsxIrJm)6tq01qWJT*7Mz7kV#uoybvUgVH;hBG1#<_
z2-HBz936&o9FcpFaLLGg^;aGKlti`gD3Bj*q$E<raM!J@FzSF5y1RxH-C>xn{X{ng
ztluJGg8w<q`u5ZpxolnR3FCvBhdQ?XDzshDf@yT}!B1hv9ll4!+bmot$e(?wv@Hx-
z-MD~GW54L#YCW1_9s73M=@sK-%J^{gkxtNfW!IryTR9;+9s80adY6*%!VrTddw?8r
zq6Ns+Zcu`vP$D+?<8(5KBlVck`qe_m%DVN@1+egk2Z+&b7=#0Qu*NH#9s#*HB?;IJ
zfR1`f^b*ifK7Nf1D1i<ICp@*A#HF;L#3{5BR`rmUdLwTp+UH~iZtshtvmCM(bdM20
zIn8gqG^AktcF78Y-!UMPmmODQE6=!f2c{Z&Y-HN!r$>ip9Nut|zwS#`tKCb~Nx}1+
z(0u+gDz3#i`YHN+iec5lsKS9+0+TRIMPLl^ViJK@UlH9@eRsb3Qgja6xM#{qv^dMh
z;B&Ei`24=O-~o@L{zFRn)IEV!c~48|1VKR*sTgGb&fZuzp;1oCW6{%I29ubWTtY|$
zGMRo_zwepH5I4M1<614;tF^%hzY<9_8p#aGPHj0IzTb1^oBTwbP%ynQGH>7J?nU-O
z#&M6X!YXuW+oG;WE2ESgNI(#tMfSJvBSx(!+9soTNfNRLsElYBfy+#dSkhJ{{Zk9f
znnDnOyy(r%lD7F8R!_uQ`=b>STy-u4@JcU*ditdE2T0f%oInKaTr;Pi{{@n1cu{Mn
zWJEt&5+00^MoOQ8i@d9b2~wFtpfXpaGF1BJ6d8=YOwgG)i8kk+I>B|l_0QbGxV_Z^
zOE#02QJk@*;sZ`+$9oLiq}l@J$*SWD>@gF&G+~cKGh!wd76})<{6jwiTOeHB!i^uv
zR2t4w?)r4ixwVa0Kp`!CbA1P8hTpjg@{yi!b>v`MT5IOipw7=M+0}pb+q18#UsGN1
zc-Mzu6jANhuLE$U5n9dLQ@xn-X-Gg)!(v8fY-G-i+<SSQcl*U(u=-31H2jDs>qkBp
zwI49g@ha86q+wi~Sq!%M4Tepa)2B;UP;{UHMTn!qQkh^Jf+n@qU@&~0q10mL29C2y
z7R`586;!5jj;#KB_122RQNWrQO?0IeG<buhVRC{^XORRQ|G3d!?S(Zu)ok4CwR>X>
zAsmk+d49`=64kptV}c~9X@9Nu!$2~dM@DmdRaq!`gtnrLBg8E`+JyILv5kf%!)9w*
zVA{4<izp}D3@jZz-7FfqM^py(b}~7j7>i@iuxg}dxF}#ovjg=)YD;vFV#$Qo@#tN?
zdC!&8%Cil_VZJlSi!Kh^8sy7B&wBRV09EdYs^NGe-=#K6!v({Ee`w!S&qMDlc&&BP
zF*m5Dewxj(9>QlZR!@Lv-x}Y;k<G05J5i$jv<9j(_G-!uoW%{M!PS%XqwFM>$o=GP
z*3Ndt=0b|qzv&>ADbYT?{oyzZvNMF&S}wHCglNjDkJ={;`Y6nlIr>V?94xGlPL;&k
zmUn}DdrfZn<n9nGHEhV$0(u$T>Cdx~Bngd_5;j0gzZ_gZb`)4wju{jWz_5&v67vv%
z)++5<2%W3qcD9p1p=$c9kAmoT;k2Mjbr7!APZs1m1K);q&g1eWf(6vbI`)hKahc9a
zW}^weOm-AkSN0$2iI_4XMv+))N-9*^{!pvhR1P|M;wQ!f>?ka*v(*l|%T7ZjS%@{%
z9MfqWV|ID9wQCfMI#zRkoZHbb#Hu*LhNB+(JZi;ggG}&BMZ{Sw8sBc~UKStD^MrnH
zZbsG;o37S!NTZC9k9wY*^h6{ITOEH-0M<h{uI8;SS<dsF@3@q<)8kTEb6`7FYYiej
z`?j0|4}n<)a{9~nS>}6+FkD$8*^iS19$fKv{SFl+jr*&o1q_(;iJVR!xZM@Kod2*w
zyg2y39{CB#!yWvlqH`xGu-{HU!ScA2k*oP}H>euG9;)M1oPSE3?8$#HAHT;6Xh<Oo
zy2B?nre;dKm7@%-c&VPzc+JQB$<c(lyn5{^?{W+s`<txl{-<B32j#h3eP-&vIG^?I
zpRv{M-R(j5ZNgsjZu;7qy-eoqHW>>Z&okHu_h%YSOOY9qeK>HID*%5pn03p*f8!-z
zgdtfj=>*pXc)XvHQc<iT-1RVCy&ycQO)mYvI6l*Pk~7<}{+n%jzy6Cc;$RzW0*Y+^
z;ms{*8h+JF>qg=j9#VuVekWS=G>B@QGBjG-CIb1>JLbYU7=r`5HA4W`VhCiezMnj@
z&`5|Sup!c$V(RH7(&u$-iCT`%KBAl8#XOqP|0?D2yXv|&0jadH_FQpEPFP7AK6p~w
zuc`^}%7R_w_S*BGhP2%L%}o`>GuR%22><|aQ-F<+T6}KK2r*iQmea0cDm47~f@q<9
zh2QYjUjX_#&ak#b&IzZcme!l>PP}?(F?ehe1bd)*8u1IYKDcQfLPXsdnSO2=;zgWr
zX3>QRx`}3r4&dG!QZ{oKnM7It6SD0jFAo6YP+kkd%xH|m>V+6_`9p+B3aqBD1yHY{
zi-}x@ec7j_`s5s<kKtP#{-%f9CJFxLvV8P`Cfml~e!(q=ts;l3N$&w=Y*Hc5AX~qb
zC*#IejQIK0$2E}SG%5?QS|zC@Mz8q!DI$jwQP|7Q6)MN0C8Ybb<9i<W^Lnf`Ay*by
zmB81SZP68iV|W-EyyY=7Vsqg)pnRS&R!D{l^o~-VkLiy#15_S0e8++c-dcGeaVmZ3
z;OXQf2E1$w?rJy{JKFq;%xILSL)ell$n$09Yo_^dw8ipcoGQ9Ei<#T8Q2mDsE%O3D
zFifM!2oAZ66>bmh{w4G4uVoLE=h9P-t1pJMk$vx=A7Z$?Kj40bD+P*!lqac|HY!%0
zua4n+jTR)8Jm_3hosC`W?d|<ha#;YgDAzF5Xp9=*2$C;FS=I;06NUz~hXeGB<sCMP
zPm?sJ|C)MoIV4QLOTi2L6@O*pVn6w!)z$TsHhScF<l)UjM5_v3dW~J-qJ6|=3a;sM
zl(lY{kLa@^^PSr;Y$Z_t(Xt?PgwS{Cvh|k)b`knf@({zIvcXG%#Px+y22}M^iVund
zGFNESy`f2c%x=l$AX0>~{a44ZV!(xsdWJmZ%VeWfIg72yh>z<rwu0T=8(0foU?b*Q
zSsTp|m4r|Dk&XuJQscUCryT{dO9PqAsUzoW@PhY3S=9NFd&O6b#_B6<#`Y+cAUw+e
zsrUUB+G4Nd7WMmK&q1sgJ%oMm?%TR}XO%S$b{qG4Zl8cL&C;3euL(s!ab9pzKR#jJ
zpeNk69pgWIu#Z>kVGuDDbW>6h6psc+pAhx%9V62`K<T`rsZ)Dn^?p3wEg@~wNw!sx
zH;rsoy&lUb*nM12oPjw!H@KItn_FneMHt+LPc5KV)eXQ85k*&e7mM=W88;i=P{CH&
zIuPQx_|mmvB!&vpA0Kln{BIt~<RehI?Z5aPI?P`RRPE28Ti$zTL_6O}NPmYtx@t^7
zbUr^Bi-<WiK68983W~ddsOl;@k!`N@R31Hbnlxp0e%5xew5_E*gtn52sFxFA<=i`W
zM2pO566FFX`og110xP=a%(Yz%JgO*fCs7@ESp<ENZWg}TyveO_K$gBAOI5hLd63jr
zZDc6d9zb)xiBGM$F!8tEcj$wBmn8+cBcrB<$*I=;#2~$MSx_HiCyZr=Pw{O1S!DAG
zV6pTS_vbAlm6N_bhT&sKpx#f*rybT|@F4Fv_`0|n4cyiZMmK;p-42$TDi$OT!tP2!
zW2WU14zY1flF0W|{P)n+vfpFp^=Jo<1c3R(mgIQX6WhEJc0brv<xsfMQ{VCPY{|7u
zSCK?Vfa2|WS739PF`j^QHdU>^SbjOO*8=>##^)cT3>ItJ0mv?M9!<feMT>uTTo%wv
zfH%m6#tsHF!1e8-`2~K3{{7s9he4z@`Mpa1B99!i%<8mE{K=@t+|qpy$&#iy(6Jdh
zQ<|_|zJ0Fj#GY<+AuI6OC}pDj$+DNCyg4u^L5XSE5sK+eIuj|Tl>ra><m5zDqQIx_
z@#pC1D62Dk^;}vGuuICKx!w?PJnap9Re1Z2-1>(inbVUZR3jhrMgNp_3r4v(ih<M#
zoZ_YWNa&fZ`2OSap(9E(8f-J{S&la<kJqzXgAWQl62qZ-ugeKTd7s^)<?&k70W7DH
zdn%n9t9W+jK!y126h?b0s}-`fnkS9-$GJf<XWzTk7l~{W`c{_)=ViT}%(8;_6H?3_
z)0jd+`8K3$r1nP?>}I6ftns74v%i}vYooP=G;dSEQ}>WT3fZE&mUDj4Uu^&&qDB2y
z^~<2P&DmLhozL5p<t`tdy1Kg9oE)3zZ@W-_(=7k+;44S(HrMcpJM-rtepY2(OND(*
z{E;m9<Hd3?0$ldt`^wgkj5mGro>i^~qqs%^++5XQFNRG&G|Rd#jdapQ5`*2x*2qKD
zcuoXdldh#jzRAWf)9WDulii@oM(Q?0sQ3@)owFa~YI5+h&0sWKjgfKdJNxJ%XZsr>
z?sZpPPiF1+_gpPImtZ%?7DI8HlY0|O1UBtl@A&)p`&!M2G77m{@m}EAOj#Q-Un3~^
zcQn~%?B1t`khS+W2d>^Peb1LqSIlmG_Hz@p7c$V^UQ-i;$t$oQ7}zaOCOarhI0IZ`
zM4H6x2ixgFgQ^NOt}{%rHZme3pIiPV_i9iW%uqT$O-_RsWjWSd!23iCA+_FJZsKN3
zDcaux{MNhfZNglP<NIDOoi^vnoArUA=9KBMurS-%Hp+v$!-+F*LLap79POa<a^pO=
zGxqaXof(Bey`JXIXmB)XV2dY%i*g%%k)$Gb2V?5~d^PL#x{Bq{qIi|o-asExYxP$u
z#6RUVmn>aJV@7&>Nh99Y`aCNe5qGCt7&o`46Q$r0XPIG3+lLs`L2aG{;mv9v9q;`F
zwnyXr@j~@-9lud2crb#9w$g=k7!#T?&$QjJh(s#>T(+CFq~Wt|k@qK~WcQhXIN0W0
zc~vmjbhXl1ZC0jg%%?HdO@ja>--Cy0osa3%f_%MXbm^Z;ZS|e^+EUh<@MycfN`0sF
z^|uSz>^=+mUOWzBa<$rknG-u~VQV=UM62N{qhH$UXj*~KF!Y*p>5A^1zeH0*&eHMG
zx_ML(XV7d#$xuBxNF16QG6BR<br2Ix4P3kG!Y;@5gt)764X5~^V#NN=S>7ghxi^Xr
z+Zp1~r0FM;vSp=A1>m9fH8`u#d_9>tSp>Yay%}^@<GE+QZpE)iI*h^{c=WkPo$4fN
zOf|5G;?)u*0YTkmV`lMlWOrzBdj=%vVjElQi#0jC9>ZmKWUVBvZq4Tt6+2Vl>V4Ly
z_tnj(yHQS~PNw};_;oO4ZgQpN<}~c$)uIhG*zv8)zX~{EqBI>w9`+QZ>}IzBc6SWY
zTBM(%80)@L?H`p={ki<L50(7#_{xa|112sZ5tov(q_>4XSmgQn{_-=3A8XNU460jV
z%3$P=({Ls|7-SXHc9v2`jrACxWU5B!EtOB<F?RSF%0!>+6&)sI=(6Kpd^vSrp3@rb
zeSSHufg*cwSm&+BcQp+p7B3_CS@fs9#uOIa4d(KkrW<zdJC^5I9xv=pW-?e3vTS85
zZ%7<v$$^SYNLnf*261$GT8GVrVW~;_JnWugglilV-5N0^SA&&^<tWZ^jb|w+m*hPe
zilv<aBW=pp8|dM@Vk>h?-jzcp(t_!%HeL47EwzAnrmG$LsyEB0*;=CuhYbP<IzWt?
zmyV58CD-5JNn~HPK+&?wQ`m8V+uAhfqs(?v$C%^k%|FPJaN>GE+iR#Xcv3k4K5wO-
zk%U}&DnOo<<p4Lm@=$5M+<}rmx6RK0@;_{kK9qL*Z5#$-ZJH+y)C>rcS5&sVVWQqs
z883(wH?;@87ohhIM_nj0X@bJ$uDci6*WDVz&vIJ+teep{UXxQAY=EgP0rTAi4X$Ti
z1I6DDJPJWx4lMp@lT~t>wLDHpOo|vMy=t8w?|1}Q{q)UjDjq*^p{<UvnsKP=RiFG`
z%LupWnh#}0-yX}3SkcKySvOz0bMGy?yWwaOcS!Pumjx8p)kT<=O<-v6!f(&WxWLKd
zxRe|%(xw!1A1xqxd%H8y?JYcMiM?uH>ClKP8M13w5198CBPB1CbSlobJ#|H>=dye^
zluVWVxmP1a-u;eYTtG_#^jlM#YRlPqP`5wS%z@5F8LloNp7zuqpP&i@{lwTgrW+CA
z5-uhVMY1=r7Y@#DXOSVZ`P?AfT6a~7CBGCGjO}IadcsC?FmvO1J9jA3`Y_H7E%|+0
zSTaL4&<rKK<c(IkA2r{aozBOe){A%zdnHmvYH4A)={LkBnGUaCT6HW%w~KfC&-!p;
z-PMI91LCYUXb*0Nu`R4kx!zkz#Hg{rt(@?YISADjgb<mvXyypeQ8jbot1P$;tcl^E
z%yrHE!^6zF#I4_rTEmP^YF$~!(WNKiP)|#>-#>nr{98?OfhR2hPj4=R)|RqLFRM6b
zf#bsa2AA<r`1U{=fK(x>-`R_ks{5Oq2Ht-tRJ9`A(M*8(14v|Mphnj8J|^ltjH*=D
zAhO(*X8dL|5GS4w%-%*{bpFohYGzT_$MwfMfgYqFIIRVKZZgdf%sH@ahfsky$_DzW
z<~1_r*G*-glZU+RjbqCR*H&j6`krti>Wt6C(FH9C%sw`#@JV0-2Eov^*dYSS(Cv1&
zA810?Aq$22m|q@OT^}}I%zt&^+vYls^o6*Z9L^N>*3-lD$+r&F0Jc`Vefx;LofG$y
zR^}HQ9a<OS=~c>xu=MUg&De6sLXrFgAPx*F8Z)Ah<Y}t$6j1`O{+Qw4yV$(H6Or8w
z-*J9>+A|8j93;ED-g^;3%sX&>j6*T&TxdRUvJosft4T$|L$_^MjS>5e9Fx1H&RK;O
zaH$+^s?r(}5ea$y($2J8<A$Y7lyY;Tk6bJ~P`jqMf3jB-YQ;SQ{6c<Q`i^K>KJq=n
zw^YFurt<$Xi~s!{TOrELBQ_aU*=@4vd@;u4_FN9V8om^aOi4+}xV_wKBhYYm#1>q6
zq#~s%=bz5<%jCSlpOc_0qpz5Qz2y24vvez?afJsetD+HcJL|M8*s)@}9}8Z4T>7;5
zy&d)~T~<RQ=%RcHZK}C>5&~gl9J{y7TM?%+n1xf>LL-|nDzo?4T6b;LMNauFsJRL1
zOvT1P8oM|$GV&_Q(kN?9AV+<cyTpr&rFcAba3o0&$Av8OR)~Ue(7Z<o;bZOkbTF&5
zs1k|e%YVXg??^JkR9P2|%Zj`ltA}C$Lk_RWy{xr%8hgG8C--C9z38vK{H?)%eFALw
z&>oQ0zHBft2DtfKzylyyPTwR7m2?y`FK!$|p@jT={B`fQi^HN(>J-FCT_QaqtL(E-
z!0-(L4i?=xjYVTzd3x(f{wi&J69PIDapFZwji8d|BHf-@ob6pUhMUi^j9T*n2B>Dz
z?uIZnP5W3HgsRDbn5xEP+J+&!KZZ(Iw&Lhv6vg|x6Vc7r<z9}sF&V*OY>mqu)*#9y
zTYfJICi?4bZ#5?eI(i7jJ22D)%T*m5I9r;IT;5;!&F9|5{ilh0QyTYC(tG1sb<wN|
zZlN{mjyEi5;8xU@3N%i=M5tiY4#Qn3GNDiwdZpk%mVj-_J82WjDQO5t`a2b#4m*=M
zQCD_s7HSLoEY2X*>@IUL#Dak(su%aw|48ZYD>9kLOKI~iv{*Y;5Yu#|c}u_(kK<)^
zG*Vk1BT7M*U~u2cNx5ufZ@m=8z3Nn~sI0s><ZePG2G#6oc+%a%inb_@-(&=Y1$Sg}
zdDHX?MejH;#htZ&JxE0-0HE_<xd0fVMd26me>3e99UqaCwM*M$h}N-%a*#bFI>Tu-
zWWRP`i+>On65GX=diM`pK3qc!uEru-30lBbAUuY)y~G<Q{;q6v-y>9Q#2Qm>4}wzD
zwqw?bg(|6Q_KDujQn)F=89#&%(N@0@gjdT<_g`ln7<)UqEPS6wK4Ld{xjlH^f%S2%
znwY-%XNvy??|M5zQtNuNtDVF4B<~uUb-69#?O_d$bHMpZ5LfMt^|s#GbhdhNu)HFY
zoKZivzy2wj?PZOVW^_6#cS|UQLvSY<bj)*l6HPoDV4<NpMt3VD&d~*?<-FQI!g|}Z
zguJF=fwb=21Q-7Zk|H5-!9HJ5S!`+!;mAQyhU2y<cG^S(*P5kf?y`;{Lc`qkh>Qcj
zp8C@2?~DaXxLKT+ZItPe(!?qgA=Sor&;Qq||Cci;3rGhqyMskgs#=x>org8n67UD6
z<7OpgvWE%0wFURI75^!p#$d80u?Z}c4_ch0`oA?I(*lsZed+;g`erK9mjNh&I%`G`
zM~r}2FPK_o77ybeSNiW`UbA^Mc<r}hDhbH{`>Fp@DZX!a>?yZ(fnDyu8uPEi4r1Sj
zTMMfVDE{+uDD>~=flX8{hW)R9$&~op3?eTqjsNJAxbE~X*&QxZ>qcqC|2({{2|s-R
z{Lj_jUOujGdKtNE>y)~@G7LS!15Z!DIb`mf()TAj7C|=V3HJ-|_#O-r05(}CC31g1
znnxzZ^%Yg{hY``0flJa<q{i*@fvETM2X|B6-VSHc*vJWU;%tNU#ck4V^8VSiH`Fud
z+tOaszT<urc8J~HARY||mPC#>3LWFcvg{$K`J=(y+Z)~+k%u^T$wo{;@!YEVKZA0V
z?)yh$@~?1{cyoS<_P3KX>kB(@?sgD8KV}L&k4Bu`Y>c3pT7m{ghOIu{RjeU)zfv6P
zo)~D%xQf8t9&trKOc+eQme#`B_PZ7hIa;XvXryyQXZ?e%g0kT|J1}<L)3qKtBi7wx
zRlObWb|;(m2%!D?*pKRdk~_M?Vtav^`{#z5Fgh)S$-=j@GXYDr=pVy%8XVxk)df(v
zKB>DKf1CfZA0H7(s=r^NSeKH7#j|&Sl+jJd^z+(H6Xh{j$9rv$v=R>I^!M-cjf2XE
zDvei0=a7wZqYQTIuD8aV-KHGwsG$^XllF_0tw+YkxrFw&BA*`llh4bso9kEl`Kyia
zD37v}-i??Ln>J_}o-ao0w)NY|ul<*&D3PV+H=^~r`yypnySK9+;@a-0DH&{<(K(bc
z6A9}pp8XB3-s%^-Zn>vk@At{qG@vP4!As)N;*HL~_g`{$Z_m8_<DIRKeth1u3b9-c
z^?X-1q$5EH`<<5Rx}b0AbtpaWt*L*ASW4d0*F1e^b7%{h?Xz{d)%?Y@-gIx*-tb;h
zX;cl@9>Uq_{^EuC#qF7;X<qiEKcVx)?=5f~$>G^{Gk0d)cS?Vj0($m}+}^Nu+qQJB
z9aFTUBfS6V{K#d>V%G7`w<Y!4zm7&*_)&&>ulqHbReB9PQOJq(R_ovcQc(`TD3c{V
z1PrK0LlqOx*_JaDv_#z#Xk<}S?g)g8*$SI-#1(F;c0y*<;U*!~0ozn1xcUG1`pUSf
zn)Yi&BoyiH?(XhJTIp`3yAB}T-JOC6(%s$Nb?ELxH~-_~t+)4w_x*Z)`^?^ZX0Gd6
zv)0-(XN|V~4D62cE%j~~Aq34h1Q_()0c@j$jW<?HAT8Ll0^QI9E~oMJ-qWwPd*66&
zcz9j1;7_Ns^S}rCFx2Bz;%h{5P=3hNV1{m8JQ8VhhbT(OWF*!)jA&YZUeK;H827yi
zjK?`$P9byoyvIwcqeDH-Et@_}Q6W^M4Ip%}xxnQO2|U%=Q{iRF#jMo<ab5*x%Eusk
zPwZHCqRHTQ$3UO7R}J;)0KU0kBt6clMxi7RpXXQ$_*6$O2{Sli-M2y@te?zzQ7yaB
zzLwbz>y!aV!?LR6y4-rGRWT!(vlsV@%$9ciSb3t062KAgv|w^q5BeG^fS?L2aM^G7
z4UjioddW~@LEBR>t-oejqPpe>nXcL#TA#S|h0k86YX)J)uqUI@_IAnmTS$dE!>=Ts
zwF4%`uG6#`sxA!fX=qLd63%pX4_F&c3A$5@RP^r^OFw<M9ZyxeJac+NS*rZ-n;W~f
z_+UA$3F%a#4yDx!5y{Z<=C%K%tu@FERT1Ke>+p4T?|fs%rHO!Vpt`leIN-tJ(NHZ+
zJkDXdCD<GDt?KH0<F?`5$CaK|z7Kx;<N+e6I^Z)ApehQ6doF|(3+HiT`L}IO7x~Pu
z^g-2?Hb>4UtPsu1GTE5)=HZd%%_Z#%fr-j<ErC4S^1ZBXF)Nx*d@6jE<%2FeBin{D
zO6JQ6+8GnosKB<Ag5!>=4r0Ll_>VeMeRS+XRThQtkAn&8XJp-KHES^F@{tL%X$)Ql
zb1qrwI7>aBBQho~4_jey5@eqJ>#ic6+YH6pT1$awC8~ax-Ph~i_bP4fADa*Wf(xNq
zTCT&S->=o{Of+6<l|U-b>h1Y8@_qX_*-{Y!rUg4(wp5oIUx=ZYt}UDDZgO7ho2%dK
z<#;$Y|ALm@_=skY9L3O<)l!h&dW=EuaM<;FBk;^DELa7=M@KQgw%;D|p4<!jHvd$0
zrGN(iRWUeC>WzxwB*C)Ky79TqCw^avMwu##WXJVRlX@*w-eXb+D`U;TX?OOubb0NY
zi3coHT$MNMcp}3sq?bvx`rMHtpHIh6q?z3NQ8i~Fg0aX^x9VJkG-II`Wt(L*41?@V
zfZoQHpUWQ3Miyld#1dsKjuzvi-X)c~zwq2^q_TrEXADlp=Vu*mu-P)Ce@*GJR**OI
z?BaT*_bMHH9BB(gzq7=LR6dS%;=8KK+f$4eEn2S9%sE&10l|JU$f2ig_N+syKBxoJ
z&?l8m2acXlLzyuUoFJ@B_3bKq-&75@uSK9m1ZL2%%;wn%V>X*04^lnLVFcuy!0Nh<
zeP|MzI)2oebgG8e>oQG;5n#!<Q`NIG+z2FK6+7`kPm^dAKE$~xYr4$I*e&~4%`T7-
z<XbN2E$UpLqocdoV(<!nyuT))p?Q0Id%I0J8^f@bPX1Zv=^2Y0LE7o0GgyyyVjlZD
zi7R3#QicfGT&*FF9Okr9bzkPA$HOLtz2<9m+DEhWCt*S)63SC{6%FALHMCP7ZX}Ud
zjjwd2S}M&I8$SYO<C+3`6TQ9=0jncjN_an-)H=;Rk>Wy;BqI$E#{(rEL53eLhoo_R
z^m%DLL9eE!Kjv06U_%Scec?EM7RFfVAK9+#?~<%+{6?yB*a7Qqv*Jlxkf^;rjiYup
zG^4HdJZ7=vd?b)Et+2o`($)Po<VNpwab^s)Xem(Ov3I!c9^u}V>d`CA(CNA9`?BHm
zK4=BT<_9o99$9P69mkCETB8Ss6_04N*QTrlK0bc>8-K-H^JTTj)X)zO*EjfPB0rId
zAnHrBWko?ZyLzW1jg2+A_eNQ!qA}*KiqZpy(of8&0wDWh8mjhvQ-XGq$kX$4)v|(_
zkQVrv<KBHVd9_<w&GK?M7%<gt+`Uck9HW|PGXHjtfr+G@x>yr*KGP7%JLvh{Fm%0S
zxe{rV9|>Q#$JMaW^>$FV1*v;c)P!}_I6<J?AQx7iYUM*1h0fd*`uBCZ-Uf_?9?x}u
zM@o#;_Xc59gCQIVIYz*cG7ot@?LzUG1;4wiq@coCpp?XpwwmQ~+=bp{u0R&TwcJoL
zCRH6WsJ^s(Iah$`5`2)9%R`8!t!^@SYtBNCi{fuDZt0C3Ek9BSb2RXmhMP4Z6iI)t
z3tPUw>2-yB>N6ShD|#_Y2jzc?9e0Zyjm;TUK%eZ36Eb*Hx7yh_NYHb3No+-;Y<iv@
zfuI@+;FQI4Wnz1xe%OvjzS?ci-#KoZfR=fGBSU9mxPJpN)bO~1X{jByi0{c^M`+K#
zL4dywqCy4UaY{$bwC!+(Tt=>Vi*>g>J|A$y;c+EDVi<DWCw{^QUf?EJK_(30dr9j$
z1(c66as`}W^S|thL7rstzMQdqh&un)ZvMPOzidvkr8~5xDE<7_`h+|9!}8rx>m&a*
z@br0;y<PQ+9{;KEG7G7s1o{^Q-F@jTnW%!0VvZ8n>8;cP7Y}CTh{A4eT$K5}o&bKr
z+3*Kd#!#!5912k-BHMA`6V!}foD?tkIcmZibSw$SS>KX4eR$V>8M>|i?HaS$kT`6q
zZu9$~jTw*~u6dVw2s1uH-^%2^*=!^uB(;SZ_EY#hXkiei%qn$Se$fRl^A-mHxV8L6
z%gM~@O>ftp>UVz_8mNCUsl=X}NA#LyM>~9JlQu#we8mCcX#<Xku`q<8t2qeR*V*L1
z(q&`H^;Bhtr=zvqokOtl1($m(6&pvPCYhMZ7<ZdKDdNm|hEeW@PpfBZ=1`|2eQ&K8
z(WW{8R_glo`7;*HF#v-@*T5^#bff#nbC}P!a{JOp(<YZu3Cqin<1TmSVL_qoIJrfM
zz@Vx}XbO}>di9`*uN<ofSehWU12uY2`vnRfJ1)ls2wF`Sjsz_xY#BA<D~raAx90>V
zLzmNuxn^@7DkkHPH>>03uE*`=jtJ|?$+`wZF4@2~T%J?}_!9$Hs0FSE7SpvY4*U*(
z4lVBjbaf!DW-Ek$iD7_oCCuv7r<)b)rB3ei(+TGyTbXRSwZc*R((d+amDLd%^tF(W
z`Z!e81a2Fzme^$0RZBX~X-;~{IBG9jUFM+xiOVMRXjZOQKlD4jSP<otN-nf?&dFw*
z-XG3OD~YMt;_Q4gS0y?Ifbg~K4yyYS%F>97+7VmuQdo}Yn?MS%R&@Z@4&^SE6TB`_
zr|rUfNCf_dm%8<d@|-EZh=QzM$eic<rHu$Ea}lKF;o<0(a%CyW`l$mQmsb<Y%R~M*
zGZxW&p12<FC{O6e6P&d+xDtbWm@Jk`2XA2gm3v8&!TRA%f06>BQW90+i*su|0wIBJ
z0MQu`$EFR{;n}pSsy=D-vu7zrAqHxD^DPWEHkKx{0c8IBVWIwQldvW|<Tsrn>U<iy
zWY+V&;F@2RY9*@Z-Icntn!56>2c>)Qv|R{c8=af3*Ld4l?d-8A+^nDLj^D|Ge<&Vp
zw=IlF6o@VVe3kTKBUX3a9mbLhrIxn>?fir*<a0f=YrW*rX)9c^+G(4{hvn{cjA*~K
zp(z`T^jd}nL%N!pcYb{bpF%T5E`P{(cIyUcnH61Y@hmEpyA)Z{jAj;fh70geE%Fny
zO!R%|(X#&0sl9|&!Nvbhy=pi`n7ZUi_xgO6$kR(+Dt(9|wls`A;I)b0<LlXF|DOG4
z@9%dnCMxPkv#<ygX%{`msq3y@)_APOMU#@4VkaJ%H+l1@W^7`w(dTV#R&DUwJ~e+U
zYD#}}Ut52$W2Rfn&~SjpCLzp67n@V9d*KN81D4T&G@77Mhtw2{=ge*02O3k{4r5>H
z+Y!Dr-ReT4j__p;b=sy^&_rEje)!znm`mVCspnq{Pr*o7hnrFJNOzpPcVZu$;~Quq
zEoi{QhI#+4Bnzp~3C?9LUbnaEEPk%0B#A(8fUVZx>FX`(>`Rh4Bt%;zmCg+2Vx3!R
zzRe+fmdHS5-J=lP`Xeo2SshQyN_C`;^z|AYpSKv$!;4x?yUd@-zyxJAm6@s1;(=y9
zjvTY`#EnX6(X=VxJ%e+NdZB5vEFoK<4^M!cG7D87_csjl`@a0~HT7s?yv)WZsrCii
z7-rB5337xQW}}U#li{Et3+Lr|z{1B024v;v$?d)xd-;tdGmFDRuTc7ulk~ySJ<@~r
zEe8$8H1b#k_;gmO&ByTkIjN7sD!*v3Nz$y2dsc7956w}7Uj5SKR!DV<{U_HV1M)Pl
zxfQFWwAS>;BW>afAX0T1dbVqIdSAzSeSw8riQ2UDm#2)c{ljFsHG0bmctMg~z5S?i
z8S#8~jWZ79G{*PjZ4EN0!yV;6BR<gZ(A2r^`G&Df+`!Dx&9-V*O%SU@hcD#S73%IZ
z9hA6pNXtj<y-X1ma(lhJcn|#ihjMijBrJiptdfF!2}@9ayPax#bE;3$LJ~6M=;~Te
z6-hQkT5(jkBNS)3;xkb}4GF~R>qlW=Ztltn?Bsr2U4C`y(tR*|J=WzY=jEzxNjD%f
ztB<l0Y{6;Q*F;K1mQMaZqH+*prKVKJly_yBJMvRZGM}G>!1qX%P8@uiiqgDj<@aI7
zHPt6M#WQcMEwN@wmwTvPlb9<=1U_k+yYJTE@+tpCs<shj;h(THB@%zzdOZM*@A861
zwS<*H=?=i(C%-EOu-&^_wB{%WYSU9;>ihb|SGksuyrFbLI9mE5Yi(&ZjLTuF&pF~o
zy8XVtE5)+t^r8lpR_*SU7OyG!vX?81$`6--Z1UGhJ+FggoUA)aRd&`T06VmHxCJ!z
z)$*j_U1-X7WhT9vH`Dw91!1W@)uHC)sWef=a;>k<DMq{MoUipK2U|PH-*@6^iI-`+
zJM*{H@47uab$_Jv3@GB4T)#O-_vmz4{t<TN^^;jt#u!Ymwa!xgivZ_DfOWu2vyi2%
zi15JosN&m+A-Iix*fr;ok4X3Eili~N3*%1=eBJnd<cND*qH!b+te@YjofMM=uO&oU
z#GznNbZSU-)mRjhtUnC#EvsY-1(e*(7sTQ$*BSR9Np)zDRtGdCVbHjyZ?Z@6;v<YI
z%YVWc7dt3iImn)p7ygV49lS50b*O`|(vka4YFxbPs*PJevW|zUX4q9DbziC$GJ!!i
zg5c>i5I8gW=J$iUrM7`LNDA%_#kh8=#bmdb6FGE%7C0kuk-4GV87Bw^R3FUkTvcn&
zS~2vF@K-FQX_N0<Nt_+p-}lift4737P~BlBn^KEDD@HoAM&oNOc4$OIGbk<G^6gek
zlFRi(*EZM8wP+Nr)>Nh!<0x`{MBfQ#!t%D74d0i@aExg<3UwrguDzeg{fl0Oq5^}_
zW|xi8fU#q-^D3JEQfHD`boA@E*x4fg;m#<%z2(51nqX@ux4?g{_Y?vfB3kR-efIn7
z4smUQ6j>eaSu6VKnScK**h-ky(Wtuw#r8LUD6N-;0_NJrPRd5)|K{4VbiouHkip6q
z`=9m4uTEtg`)M26bynLc_(LUv$;dGV7_h|vqgE*V7bWr!^M|<$UXmkR@D!i_6)j*n
z1>@&RJ#;Zk{9hgu+&rAaPm1skZ|0WjZ|3mgEkuc@em5a|j@zhsQ<EFZ=LdAZA+Q=w
zU{!~DEHorqQ1b7icza9!^oRhb|Fa4ewX<W+f1m8bWxw6F=itOCUDg2E>SoCj#SCx1
zBQM@*x>){c6gCJ-bqxsqi1(L^=zovU<|^~Exuu4L1oVfq#8y#ZVF<8wVo0I^2sTkT
z9WMnhTDRia+7^gk-k4LX4~Dz0G$V->@}@JwR&GOmEhPWXaJ>ZklE96PRh!RZBRB&9
zfW~EH6qN8<&4Hca)Y+2aqmD>lcNzs&OHt0js|fe<E&rX<`MFX<FnO=6QvMaQ+g)70
zzt)5ZcJ0hZJxQSz&HCt@K6q!`^K@&Xoz+amCjHD$ELJnJb+#%*qw=-<h<H%3os3DT
zSWqORFk7i1pu22dExs#K70bDI*K_?r&lU{%%NKk@^l{klGag;m_Ba&FY+y|=NY!2M
zRR5X`zHx1ZR&zpcatbD$IB_ZI=)|gaYwlwKREcimRG&6cQ5o%f8&+0#x~+4Ixp8;#
zO6C+6zk~$j&zL+x1!Ut|n>AbgPhEC&DPks=Wk?EzaDKIXH_U<xbgVOJzpSH0n5+Ht
zYM=v{VddfFi*P%+v&OS>k6)6R9QYk*z1I1rs8TN$<DGFTRYTF<*H-+Mx^06ny{Mt>
zYp2eu`9!a}ml9FlOe7y1YL{906#wL9C^|6LnYs1@LkPIEv}DYnM1Luqt#I#l44{1g
zU6<`4SnEw5TT(tvvxlWtN8x{t-cb2`B9hotqlq4+e{P~*2>LR);xVogXDQSBLqH=4
z02O?X0<W(L!e{l5Ki!)lV6vp&wufn*4V`)$vbqd_d>2mKL<XS^HQIG4gRZXxB~Lay
z)ZQ|j3M$-DdN2K>r$+Xpjl6mrG(?fwKVamSz|4qZrfln*+<`UHOk(Y1l&GD+Q^|A?
zAeN-l3|-`Tjm<aJ?czSAqy@}xCTZaQ7*MboZZH>|P8pyaK*U4q;Hw{P1zjrnW3td%
zSoY?u0J6MJd1?ErygMmLlQOw}7+r(90$2tOIcJ;uC4=g5oR{1-`PKg|41Pfdi`+Ul
z@TlnM9VZCA_M(>*U}uoFovD0V_)5AdpkE?lrskvb{HVClhs-?4h?!+?K}~J0gN0l8
zE{&B|0tRIV4!Pt&g6B<&n{foId@oHUzpzMrnhgj5KLTgRY2wF&nsFljx5||y`>9uV
z5`RyxSg^Xv(sY8%Z+AY-v2nWAX@b?>cWk8Ies*T3>?xfDOQRCk6z-Vnl=FQ?WKAb@
z;(D1wXUivgp7x!vun0E%v6$;eu9~JZnc~=MvRr@X%`eTaR?wgSD@IOsQ(C=GW(pTi
z)YnC0+zN%0-^-~%|0~nzF(Q=#3w=M0G;^!|za+xSxU8vYGU#08vSS!&c59LT{F<0x
zd#esw*s*-0=G}o{N>_6n9W9{~+Y!{EG?y2t2({CEmto%@Q1v~f#YHRW_bL7@*J!W3
zw(CA6B`Jpj4^;FV@9>hgr6YC=j#z(cd4b4>8!LkpqFvclAIDk#N+WR65C!zrw$uTA
z+*hs_<5y`io|_V9xur+ETuxWfH<15-i7q#-@3KM6Vz7ssxQXY?1;_V6$EC@0CU<J2
zPcUYPnE18&v9bDRB~4OiQINX8rTbpEDXQytO!N!i{Eqa^2sqA9rXppZc@loOyv1U{
zFc?3Ce>J^0JsX;Vq}Br9^1SIJxGFBM`7JoxKtW~z&ZKB{nr`6ScI)=a^gHnl`r$n{
zot;5y1Le7qUGoc$;BvcAVqKePXiA`d*+Cy`e^26iRqtVxP)H-uAB*Y{HpGIK^Zc!s
zCq)vW#8RKGw-1Br=z+e`L3!$IQr%A4)zsf3>O@Z3@-2pK!+7=6wZXZ$wc@u%rgQt(
z9(w8Uf7LJV^FZ)a(`iy=f<4l~EnRUGi*&jAYHuSeOi$05DF5~mJ`6kWuVT_CmK`5}
z%&8190{6bbp(pt&=ja#L{L5EI2rG$O^`8{~vuKPkgDbo#R+-bkV%z`9oZpu>){prA
zsd$v${6A|l0^tGTZ_M(KV(nk+3H?XB{$D8)B=}j7p`#pO{+bLwTkFtlef8geXCeHo
z#;^Lg{{suaxn}Lh%KzH>t%`#SH}ua^{L%>TKbSxeT;yj?{=Mpdvexb^aCyFeQSo<&
z{%q}o%YpO%`r{w*3;Zk>FJGz>gk_6RdY^|0!oUae#@1Xk0JEcVXYZ%r|MZ~uxi5G$
z&NuiA<2^+6u3JV=ht6C5XAgYGmzz1QzLEJI9@0K+;K@W~BrJsTng5GN+inHHaOl=1
zajJ)(WcAY3_EhpUHZQ(gv->O$aAE=i;dL`E+rN?R8wtKmyYr}Hk2WG=IdB45l#+CP
z?xjR!CK3e^*O9t`GUo=OU3V(K2vPsozrznF{u7RDXwP!>O18aR*-VBZFK8PVX{IFt
zf<8(hdEHE6_D+5N)AMbD;GuBOT2@b=O-9Kwy8?htkos^CB+9U|IVo_F$vYkpU$x;~
zgmtco20cqSvm^FmFw15%B}rLxHE+{_U?n|I9P0+1DwbTg**_ut+bkG?B%<(ITc=|$
zV?c`9P&`@kRd|6&x~9_w#X+5t+K+Hr64&~D8!LeadQ?j6%^`=nk0|S(i=rMgpM&C_
zJ+VN>JW-Dq2y6KTi%4)6{)OBDe^BArDD1c1#>^E$wi8?wy`kFN!to%ha?%m|7|?>%
z#*vef8Oa!2VB}T?N>3-A>L^Jm5}bymM#?A%(!u4=EX-;}RETu;sz>=O@k~Zolsaer
zc3@oRNK{yc)KSH1w(|3y?w@Oa3bSi`eXTFJJ^uXm)1A>m1P%jh&I8In@BMS~`KEyf
zPUz|N*xrBO@WnfDfO&MPOZ;2v!J&e=`4elNF?^BJ{j0V}XIcM@1)LG?kUwt?o~Lbu
zKOu6I*Gq@H|J?C^4&xP@8O8s^9uyb&hQ1GAZCUjXxBy?Ui}N!e0xBbN{!JNRw{71~
zguJQyBHi;E5|>VhGbQy$h_?x+&r3p7gNzki{Q=hzQdcE{?1UP-qOVV2wfdjn0pDeo
zFtZi>_*EpU5s}u;bP$bP*1XuJLn3`x2rFXtV=-v~32|_&TDGq=m;-X^^^ga(VCs>_
zI3EXLHsu9n?hsi=(jxUfqvyC;thDO<6#xN0`_aDWzE@P>&In_ssrjX>tn6cF7A4K+
zgM(G;oY{pnMl#!QM>Bk(HNJDVF1GvCR5!Bb`3s9cAG5l%)C(()N&sz&eQzhyX(x{d
z{@@;wX?jnxuAvw-?o-b<MW~UlHg7;{qOpJac#IF+Wk8k*>}JWVoPEw3PpvoBA|$k*
z7DLmog;j}(Mc`1Ff_FZdKgBLva4@)2)8hr1pJ7JUxr{<9ard~p)~#cbhhc?ZR84ua
zvZaUq)2?@=FgWnl+rOtfi4)S(N5HQUYLL>W#IJXNCeo)P$plC}dbngiLK~Kaiys$$
zFJO1-8V?;DLy`jZMpm?zA#!l>-E4%3yzTq|6?1w8-nwoBnAvf1om*1^uS}oxWsOV3
z{e?v8?-Y&6`*TKRxC7-)u&?eW?r99F_-hgA!orWsC6ax3vTNQ*O-syY;yiWq!_=dY
zY*TN{Q#a+Ff8&+FUH?qI#_!Y?blVV(g6KeTxx^n}P<J3ld`tTJ;f0h=CW6=fO{|S1
z{QJ2v=&w9B?RCOocx)AH?@hnFS1tHmu(D=<PF=RRh4DQ^8wD3=<QSXPfz<Idwxu(u
z+Of*_C)FUhQ2hLz`7`!Fj1{EON^N>yDO@K2v0d%cORDEbYK;jc1%VTHm@rJ!1uiuK
zQKI3uJz6Y&emg1|Ft$B9wKS%5Sfgl>d9tM>Yt_auWMmtNx>*<SIK#r&q*uvLMyIE)
zZ_j0&A10$80gRY;Ydo0eiK@g4()Z^qQj{YRK=-k+J_VxWS{tGl6Wz<B@LA&roq4bu
zt8w>vQh#F5OhWM4(IQZUVTAvsqPbI!*;{tQ8|VY3weW%$y07Q~m#~{pmUt5b0^OU5
z_~HOrG;wR%9>3|<FO^TE^jf!=0f0OHfWzk(VD~%Xn9YPn%V?19)gWU+-mo?Cy}*fg
zr?PMH&av2jgKnpz8ASj;$b&QTP-I}SRcz+WOBk1LYrgdcDW>+}CCI(jurIc@)3tc$
zVtk*pAPK+1o`wAJ$rPYjfxhu{K@;{cI4H@j6Hz$&Y@LS-3|&K=LDBWVjR?Tjx*6C=
z8_kRc9J0KBdTb@iKFdP7xe6OSAQ8LDCXrBd%vpf3L;}(U7pf#7jK1<F9Eem|&6RgL
zW4DnKll>jwae_SHgt53b7FsDU$eXujB)7FCLa^TKNY2udjXpxou&x1NGdrtP1+{kO
zhB!Jc)>XQnU&m%{Y_Dy};a|OFTg|f>4Y4#n^`-6(r3nV4_Ac-O52j7sIgOa_3#V>#
ze`1Z?j6LhP`{EL$=@F<*m8U|$tw(+PYAWS@dFR$SCKKI8Xu7Q@!_jv!+<TP!^#}gS
znc6w)rqv(R{5dP<r&Ym2*LajHIhvkAX8JG@UPIkx`2Aa`+E(^nq)yLspwEE5Y4Z<&
z%s>ux*?;)NO6i{g*<F;LDNQ)Bfkz)tw%0*~dzO=j*4f6(qvdVvR1eD*jTsokUJyp)
z;jdf6noX2%{mHQT%X~s_g3{;(#yEL{2$oETLQ)s}BKlxU8J)i7;-RVb;?wTa$mD^@
zmc-h|U>rIu{~#Q}TLnO^5xlS0#fPdc7L`mNUQv*?6sUP)vKer!CmHcC5^DoPr60PG
z;1bh7hN!nI$(0BX7aWye2cK_bdrsK1J-NZa;~b#GJpTT~`K{q`_{}y0nnc7$gV|+|
zAHvOxLRCJ$6VA(@#LJ7;_ML+ZVhAOTf-yxM^X!bYj}W~@@;UvZvXLFf$9hf~mpMgz
z--Ax_SXn2}>GUaxTgVRc!gS8;-q`#*`Y)dMKEO!pwIM0^FE`f45jW&iyjj1jF>KVF
z2=LpOB?&+VrKgP~S<~-f?l3zVv*gJ01AQ0n?t((xzW-BT^lZQwj*s)iy*0BMPXhOo
znS^WfmYb&&3?!D0lBUEOEduL$zuYkMAiV~bqM;I?HV;9_e%Ynyi{-<UN!;;5E@)Zt
z+lA7v*n}eZS=CN5GBH>Z9J6zkC0xfHha6j#b_+&wMN;o=O)Q(Chbu_FEupk%Ep*%*
z)5iv#90DLoasBbFU7f2V@K2hxki>qceDC)6;GWWJxqsz!ywf^&BwyQeaM>~X6%x<H
z5re|tdAm@bd>m?01|O3NpH6D8M}{8fBrcvnh_5zf_BZCzEBpC+YA1l!OlJwJgNQTk
z6v^UC?$3*hu8;i*8N)vU^vSh`mypMnEUO#~d*~ZCIuV>-T8`jZC+MQS8Ad&E7vM3w
z+p8!<|Lrlu{0UDH#&8zB3c%kKHIURVDC#_?@3fT{w=bH>imx|rP&K8~>-5?XY#9$$
zSwOPbscFxg!`sdd#(ukWfr7_P5B@z9Cc#Mko>lMD^fDo0D&Sah#xZWTT&#Tdu&#M~
z0g|*Sudv@*TgfF9gNHrRxemGp79OXQ3~F9(#P=n5lW_~@Qi<P)$2a6>Id*J>9yBsU
zx%Tz%NgiTBguz^K3Uw*2M=_;r;xQibsL-Zliq|>O7k7~<z6PaWv$}aOIcKB&2G4M)
zKf&ohI<NJ%?RSoa_9#Ej%Fj^M>A0?R2Vy+F7gcAwS&6LleTny+63~Nq0NYU^A=3e#
zq}q!evzn%=h!?e-rtXvSUvS#W1Wq;1T-)7-3_WZL!~(VPrwhV%;1+kX@NCzf(#|@v
z=P>kJjR|&0t_CrgmtE70j*e@nI1%k8?D1rhq&Cy$g&1iP&E0v1-%xnEjYX=eO3aMe
z|9MrPFOcS+l^{IC35j(4G>zV5GnulYu^Cshz*CR|;Fr@BPxJF~_k9M(59Ne`--2!2
z>Uq-#{ZTNqpmfoj3&L1RQaF9H5fpXx_m|p&gm3ak@+BSGRUOEDxNc#-nq+}u%!jCP
zhI7fs?Nhr>10h|&?j7$nL!|eE2Dj6+^1-YlFy^{5FcEC&@~=UhTu#(J7pv@Kd0BR6
z?_KKk-!F|RR`CQ8_7-K>Q0=h1Y1w40smJx437;xNZitTSvz#7HG|Ips#>d~}7t`ut
zeFt*0cSO16#Fk4@K%0*$AQWK8-`4nD>e>W}5Wi|b4OBVcH;ZLC%oey<FRtvO=Bw6W
zOqd43i|}U5%xn;KO>Sth*g<?Y>O>1*i_^9Hu|<}jcri9q%3O*SzrnE8hYFy3iJS3+
z=2lFnxi9d{Mgp-h#MWGn>IW~7*g}&8_x!E@!r^}W)ZaSksY^uXd8>QKTzv9oG&>kV
zop&vRVfpi2d{2fsMl$q^LCq0RlGb6V)tuQB0*<i-7yGUBwjH5cJ;I1aTNB~u7#6c<
z$ibFTkK}H+LBxC0Ar6nO;GGO9QD?r{%BOB?9nqZB#qXIyF})b`NE3J`J-gAjL6Ijr
z&&v6=JbmHL>)7(hvTw2LM6*i^VS`~|O$CKge@7l?E6l~Y*N;(#q*vn_^A|?bnJdN)
zP@QaUM6bz=M4R%Lg1V<SyOW$lWnqLz8=cBBp{nXoF!R?X?r`MQ8D3<RsLrr|so?_P
zPlC@iQ}l90qccH6XzbV{FwUTp3s66OZsI3+x;WOQg(_J2Xda5wdgF@A34ko5>hBxH
z^Stt_U81hnB}e+s`{9DLT>Gsmr_h#ZzCdOvY(_wjoPRA=x#LpJOEPh-Kl$rC9vqeD
zmm`<aK)C>~pxQ?NWfLiKPmQX`AKmY*4!uaP)K$7+g4@2%auzmp_}O<YcNVgVoK0i~
z8HVs&gY59-f1tR-U-wqs8|HS!_PUMoUtvh#$O2puZu^(~(n&$MwTw>>7UYSpdN7e~
z?i5UiA4UpBlPpC*!CDbf2$INNqx4+|=^J`M2x4^)Z`MCqbOpy!45#@B1r$i8o(_j?
z_@<CjoXGNa#s?Ug5|dFS>+`^du}?gQ`JY7L|5~qPWulCEmEYaI+n3+=U)M6*WM4gt
z(TYS7)AT9828BCbKs1gIF~T!y2{#S$NuwIrUQ(<U7cw(Exnf#dCX^f~np%k7Yc0Ex
zR*WKcXLxm~wGAg7W-RnRtz&-<^Ds~{bfVY5)bu3ppPzC*(8E!biMFuJB0+cu!20Ot
zEFS}~rfeZ%sH*6#=-m2N%pIW-u)@j#t%rZ6L0R2@HwFF1Q^1exq;^h8N3p#xk5FkB
zH2Pkqvn*RAIz8Uoj|FaRufM7){CC3r`GImo{1jm+1=ECQi%XsRvGZ*Xu?SQb3RRJN
zP{F*5wkutSH19^l>8$jKtScwK)<8XV&u%z_{#+mqqTY}-ki#=*^_1x_B13bMAUDxC
z9%(OAm;g?eNn*|VF4k`Fp8l5DKzYR#f6wcIfwh2aqmp6SCqJ8nF56;}!Xwls;VH}`
zhjdS<dXVI(Ae@W9x-02jt3*^I>x|ct6XY2~)#2U{I#Le&i0pvzG(t&~L8Jr$Qw&F|
z_eJ$!xE^ilr6cR6T-3bZ4ta)_r*ImI?sC<3&l4r1<`K)4J-mUy5&l`fyM=Q1(}*WB
zQd%D)exz^eu1!XdruDhNkG1|xbJx_5ikmu|!Y21OZjsggO@wetk|=(+T~gwWs4d&h
zB1ur1W^XHbmwZ~HGtP4X>dNa&5}TWPA3W)qCzRYDil?m9{;{ZniJnl%O<fOJ=~Y%3
zPR7HHcbJbO)-QYLBQ?+Az~~yWzZb#qfxr_su>hT<wph45Ulo%E_ytsyDb%wj&$L+?
zIaJ?7i-lK^dh<jO-EyYbb|TVq@`NU(`3$3ai*NKa`xsQj=RGCxjJ;RNKZ3^eIU3aQ
z?CpN7Qg`j~r5NpbDDiTi_QwqOE9eU6*2oTlA6cf;k>y@b?*hDT;6*ed)_ph<+qIR0
z^}jxcmmhe^-eWTzM?ME1HhYOkcfWkEcFBr+IgRQ>{L~S=Kl0eG8+DuN#dI!ZNI;d=
zc;2OG#OICxra?$-@7)$25pl!ujUKL^i9wG7?H@r{%wCTSHh2t%5=g``KHTZ{sW*4A
zHc=~m*E$mXuJzdaHfuD`5pXqw3#vZCNc*zklzHi{i?i+8s<JJuU+zWgE!8vel$ASZ
znxp*ZESi_FnF^BV^iyGkWRGN-iF1EIlfZ&t>tfgBM|?67oMj6|#^Ttg?oPGN9;nn|
zNJ&$5Nkr9I`hpN>kP{{h*zc%l1bpZS06~#X$Lv15CX-b;zb8CDA)=G)Rl6j2R~sRr
zaNIg;aEEf!YGHif7~{S$t1{eIl?0-Q<uS+*O$;#y+}F{Y>3J`l6-5Vbse<vfOpk24
zlx;$yLJFeZG2@bOl45|iGE?HE(kLPncA3%BmPc+#+{al#%zl_ki1I?#yjw`v3PxH0
zLpr5fLPBFH)bDg!F=gW`epLg$TKA2~SDB)34BN?;xxels^44p~MLC8&uAwPu9OZe~
zX2ez*mzIw@7Q@jU$_Udh1v<Y%J?ZgWILeyke(K|gw0m=d)z9u;Hz0i<ZXinCkg^}`
z6jo#N&=nis^Y$?Bn(t`t<p;&NhNh}aCs=`UWluK5#!1eaP#SO1kXaR;(RC?t?nKcz
z(vH-kCbd@KvCfrF(iI$AH<?|fN{f=%Bw?X+OM`<~$RX=7Xu5e20@3|JPRkZ8q6eS1
zuR{@Rtwv$%ZkUS!twyqrw_;iID`A}y)R;YX5V>!~a|oRwm#}@1rIbd0L8(<-B!xAP
zh_=kxPH9X(zi>wXo3r#T;ZVv-)#oTo8y<KqmGh{?mtP~&oRj7<gBYc@$)xHN*eizX
zZbZKdz^X^vxkitKQMf8C3x!|~R*+d_Vu{?DS9V|E7(Y|-RV?A_ik2m(mdjgYBci%n
z-f#AqmyhrBtQQh4m3I^KX2PhT%jj=e7=OBv@><7W_sCpWp}M-V6aQ?-oJbcY5zA|%
zfY=LaFB0o;eJ?q-2aldJCnusT9)YxY*5=DO(vLoGcUY|32%r4g$isoWwK$F#B5j=~
zJ0HU8iMm4&wJ5CB<q+ug!qM@vE-z?MW}tcEH`rdqMJ{`~6bOXc9Rn{=FRURx6&7A#
z_I8e@bBm$&+M=W-5ZxA7vo_zg=o_wmWleCg9z3EG<{7BOlNkjcrcB~rCqOm{=(<mL
zazIF1PsYd|9u3mxqHZwM|L*v!8m$(iAgZSPZ&fB(0NJIS#v-co%{Yf*rGE^klDYqr
zYZO@w4`k_sv{1H%PG5C*<@9;-<GX7#qi5t8qXLJXg2+Cs&$|1H|4<2STwsFrK5c!r
zy^(Y*nxrbXiJoV?W0{aKZGD<bU*zz;6J&VN4_0E{?G~yqj|!+dbs_R?l>%)he}>8)
z+j`;P%gEd|0uCqE$h*w?NvOhizn>Cu%qx22jmlA#DvSea%%Y-BDO`TKgBT$V$*WI=
z{cBP0N*w8nih`mN%Azr2A{hcxs_W$kW$;CMozOxKMET)JXFmEH9@aO=s*nfFXSg+H
z;QvPHX(C{hK1u|@(|}ErhwO>KHioqh*{REiDq*$ndxNuQhYWv%wTKrrZ7`CsYtmZM
z<3_5A$Cw~F6`X4Brpswn+~efzYF(x9s|W5<zzC&<ykvvQ`#kQ8Uuxc959|6Cdifw3
z0$w;<dO(^DNC*<s`Y18nb|h!liLr|G$GUQt;%cZRGBS()A*S1I=OAH5LDRIwFL;jW
z@^f+2<o=yS3BuI>OOp{-xecur`Alj>ig`^h!Lsp>13DSz8kvM$c3WV%SZ<X$-lTui
zZvSN?3&P1NHMtf;`jr%~^YJMz>gG=Ol)uVv*=H;fY@@3_94vP%ZWqof=qSp?pyC<e
zS>bw<nZdljQIF6+(y<%uI`cM^*rE9{h+$Db_#{ZGPcBBsEo)RGr_IUzdp*rQ#ZdzM
z(7;d|m{DTu+AQ{-jrb>G--Br}eiXL_c6JCpv_ZV!@rW~n%ADsJWPU#5sou)(Mb}v)
zlVj}EughW?*czy>ssmyr!>Uzvn&22fvnur%Bb*t<VKGD6l9Q2#+sE;qm0Yp3_DS&>
z`s@S2iLwc-zlqb`K*$T-Z=Np7Q>0{LnJ|(;QjW581MrEtU_#R;Y>|CbKwlqkXh7@>
z&c>YZq6E{DaHMl-11NkIp4gjMps*oLvn%wb0H(kad6JKn2M0qo1qKcHxR;t+^NV2=
zWCbt4$3-t1+#!gY>Uh&gq4`qb-3ake_18U6L0fu3-c7sYRB{7U9eLpF6PMQ_vcSw$
zH_QPR%R3Xd-+N62Qte<W(c|O=y?dG99H(XyY21_8U_daN$^Ix7#{*F{88_Ktb4#Ty
zT^~jh?37eL$on`!u+xLab7;pk0C?Y0rQf`}3G;dl?wTTP?p0CWlF{-ZO$UGZN?Fy>
zNk4t$I8>M2Fertyb%VlO!Ltg2!u(*!?hBEt$GFR`<`{D3m$p;kDg~F+L<-kP<M}qd
z(jY75^4b^*->!yO$<2h*3YM=@<oQc|UST-edi)J!09p=}gJ197R{zt8rZpiz(3?+q
z4o@Q(lta_?PWp3?7ktZ*{wZ0(+NPh(IBq74{1YT6m4dGv#yLN<*8(CWO6pKOl5+HU
zzU28%c&=Q0Jj42GDl^Kk>&AFY!n+f(N+fAXAFsm?UHwTVkS?JnM1+g+_Vt`6V)k{H
zoUI*53p4GZ`G>q|v`tBmT#AD=EkkRkWM5ai{07I;qTo)(6iu+22>HIUZP1G=tKg?7
zO(^m`DM12Z!DqmTEMORUoJ=t!u|K_~7m=}p(m+-ocj?DKk{<RENL*gt9wpgy=u~xh
zeY68mVm4ceFHT)9;X#^~-LwU)J3#iAdQQFG+!bz%58A*OS*_VoA9CIxJz~B>)A7r{
z$Ube1RiFdJDo2aHTsR26{%CS!ex__Ro0C%!qH~N5Sw}1-IdFrNOoJdwbPSI*G?bg@
z&N_P}!<<cUmNniL81$l>!(1$>*S?-rlBBL?1}1UR-V(W&2|)tz&CdM*aYgN|vq<=5
z8`(!S`R|<l^mJ_9#X1uWMJDE%Zol=5EH5zs0u(rrX)TwY5s7$D@8&O$s$&pL<tB=t
z;~HBX{l<T`eV!xrM^_}8VqVCC0nk^KdDNu{?;BN;5u}=$L9$i1`(Y+)Y$nZ%5{0$;
zV=sliaTa_F?;UfQ<Q;$K9so&QTRaW#`E$WE!KL=&Y$)c+pw%u}O>FGrH0t|JQ|7#<
zH7wm~Kcd$s-bGItSGP6>ORQgrabFS)m;lYfCD@#8M(7ShGptF#d-T{v3>$`y(OLrD
znMHBu5bvdzw1RqZJ7x4Upr1F@c?%xTTdbSSB-{6I7t&|yhbYq0F3M)#5%`Xlv`i2E
zSkGb5cvP%9ex7hPi**5Y7Mne1W9e3I_n!Gywn}NzMb-f`Y3C`j(aXtwL*sp!B}VGA
z$3qtyxNkT|4dF;YcPa1HLwR9rQ)Zfx892IYLw$IB^~prUA*4S2&@#4AFKSd@5G4;W
zQr{o#mKVgI3QJ5uvmn`wyB_I235><vN_=%YO_ZTI(QDg{dj2+KFY?{)Bl~)$2l*)v
zSANzDL-FnOnI#h0$v;%ej*p=GM@M?vF(&tL!FR8xysYP;GQrkvL#ce0qb7$@{LhMR
zTvRFRIDAQE$E^#HA0oM(2{ST=^qO$wt`eWlHXL*{bVc@?REm!5?<qyZG8RQbwdJho
z_{M_8tHM35oz1eL>vw_=l$8Z*$M})f_KG~^?p;Puxmv)Vx$@8zD1@E6?UFeqU*#^l
zqtWFHe439Hy}$Y5LvuqYs4)!Jc~g9dxP;mbBm;foIQPyfX~DmI_inpopcHNx5QL~m
zBegF{8T?>Jc#dHWpd|A5amQ?4B6;xyp|3UagE*C4!Qr0FDA3+A6IYU7T@K-qX+-@v
zSexFkIz3f^?2RSKu`Gd8a+i%v<OBP8QcPS})6$wrp`bJ1`aC}2ANMvG#ZW+)<|y1v
z@=l>6a}KF3?dW=-TsmH&QrEa}v9P{$i`wY$2zF-PGulda?3*FlljmPQD(0u=;yYG0
z`NUg@8b!Q>Y#x~@<(z<5H9Xfxqk74N)jn|2t~<z|Tw47_!2lS{vNuv8$Zd@5=jp|A
zMX(7UV>hmiT<WN%x443!epOmc2L3ddmz2@y8yN|7`;>)W3?@BEhkBP&(P~0F?Kn^r
zv@(8!?3<~eI}A_u)H-}XV40sS!;fxH@;K~FAE9G~G}mcwcXMV$Ui)R#ASk$-sR5z+
z7uWuh%!VJ#YkTl7eZ{oAU}epT(6Qbq%u7L%H`tMal)LWlOA87?DgbgE7Y78j>g-W2
zz3a{e>Xtez9$fVUelUhDmovbz)5e8EbN57q_a)r+%cP(l5Vw)}iSjPeQ6;0!e}W-5
z)yS~yu^V*mKeL(41=9PAaS#k~BLlT|!G_WgEbOV-EWC+C8<>eex7<7itjs`8idN&Q
z-o5ow>MAlG78Ef3BDpgXySMj=y2d~LA3`1z@h8p*0u!#n9q<~IHO5RZNNi`wnMd{E
z8Tl~uu0nL;&FDa_()*X*=q;4k?(2yi->jfJ?UcrZ8EQnDhQbi6*WRZ0<kEGh@t&uL
zSemm&4<b(jlM5E7)~^|}YX$%aVh#nQ6#7d^<EX2aE1aIM=VM<5!=XsaNelb%WU#9n
zXtlKdnIv$mKdI9(JU$giA04qb7y++tP$tU{ik=A|D)vSF=F0PNgugF_<CZib?H6tB
zK_TvVGR14ttY+G{9_Cl=X_Ex(nZVZ?dp`~aAuVY?N*ll$%Q!frPU0QM<fy9<2Xn|g
zgYNrIHv5{i!iJ2)>i)<QzDZ#G_R`_}fDeB|2$jR>%kr2YhFoXK*7OUX9OZJDDo>0}
z(Jm*4T}j%kjtnce##^xiX0j=13*J`ai>$$X_FIwwXLa4TztJTe6vSQr#EXW(%cX%u
zw@(qEMXmFc@yb_bPTcX!M2LHL{OR~4I(diRv6_K$B@M**)(7`HZD5ct`MyjgVDEcj
z!f&MW)2EsIE{kW0R;Gcee;;4Sm8qoYGTr@qD-<F_y7VFB10c9!Fv+Ts=8g6IYVYB)
zRB7GhRu^SJvcmy!?c%{7i2i~cEUUi&kLBzvJI=YC21Tu^=rxt?ilyx3dstEAD7FT&
zlE!-sd@Ex1Z@>2fs5jx_=&+r&?-zBoja{h>t70|Ex91Z6S2+37LwwPDB8bAlx+fKb
zCTk#lAu2um^48!h?H=*q<Yh0ZQ!<(9U9K(Ooah>@j#X<g^a=Sl%@lj93iXJ2+nDK%
zx-dQcc1q7tg9jZaJz*o2C>~8PC;dy7v*AbCEqJp95O>?IX>Hsqy*Z6dH(gdN;Ion9
zYSH6Z&5;$IvI}+X?WguL+Ub9atK)ZE>VIR!c2e+>DQM2#lBX3{Cm@j(ryR$(`N5wo
zLUV~?%GQ_c+&uIZmX@!(8G9l%>#QkzHuzwL?1lvMDf2%!#s^y=fC$z)hPfE>^j`R0
zkBiU+#@Zd9f@Iaj%E%IIP~2(Go>~mEEG9aB%*ED}3f~<dkR0C-g;=|`Un~_w@w_bQ
z<N<RrLZpWeZ)^2-kRu=G&gpbR#Y3z%^dl}?l(l3moYQ#Kf?!M=ZFAqcVEdY#Y@_!_
z6n|~xKN{_8NcKkmZL28zDKtB;_@M(-JRv1$s837fdBfLdRc$qGKrv34$iylUQPoY0
z)+fLgk1qnx5>_S?Ephsk#C5k)H#U4qv;1Q6cE0ryCC($@Qx3x0Oe}2A8e7FDYS?Vj
zc>}^!pV2_~wf6WI0O!k?z4^2ky=bHEIgDDDoM{=@c@{4C!Ku1iZjnNR$DU+uw=yu9
zeb`u|csbYH%>asx>iVrli|>>1U(mCMb+M5@FE#=9J{9(1#dwH2q+;1sZ%p#txa?R#
zeo~dSe8jpe2>%@&;0+EMBChLOUMX%6@Hye0Sk8;T?2@&)xdo;c?cLJ1uh7-uPck$F
zVON}+evSKJPSJ_zA2a`b(L!17B~TH04G+)4psA;LG)ZSR8YsDZ2emFhvqnv|^lno5
z?Py|4;A+{pR=E!XMEi2^;!$6f)wyV~UFbO?hqtZGd_$M~iqJZ=`5L#PTq(ynS+OrM
z$K&v`;N&LFIOoQJS^v;iU|9M|D5pNslGeu_b=MdDULIJm?zOhi<ENc)!2UuUUD1x?
z){g7?gH;0O<oSHy968QhTJF1Wqt-qXPYQtD3C=;ZMmYvOzeTtE!P>P^XKH+)puu-X
z^Bga#>{B^@*RGJGZD+|Q;6}ZSv3xV|tVCFB+V*hX>&3feaT>-zotsXH$P`%@Vgkm-
z#}c#GzZILuAaIiMbYO{4wBWti99{cVHM^0YJHOLeaL?Z<a^Wf8qKDgZ;m@GA{S||R
zj*Zrb_)uO-I?u|SX+%nu#W0;J>YFOJ6skrXD+o1+=ndI`aMv_m;C-8f<Xj~dDA2im
ze91`E0!FSY@kF?1@EK#dP*-$vs))*{{w)y!94_%Om|WmMz`3wcwiw*ReMhnOoj%Zg
z);&nz21$!89<_$Hw$s3<r-FrKC-Y`}@dDr_`10vBt86`X`yuaD`*R`&l>4xilO#?z
z{~kxlcer4JR)0Tv4w4AsnsjY_o(&oSk%vrA@9jfHGkg}br?)1=lD0U~BU!*r>Q=R&
zwy!XJ?oxuMB7~m&QLM^F1&msx(Wxs*pxb7`k3E*E?MGa}CJWm#qe3jTsgYsX&bEQl
zg@(Kv7SW%2oiYQ~4E&ou04~(XUOT<s-{;%Lz%tC(qkv?1u00(e(XMkjBdx1%Zu(OX
zc5uM!Kk#w7QhmMo*R_V-G7Py*!cGt7nZl@(!(r)<r?J|Uz<TJtR{8d?$_4B8V#<uR
z0HTUIEloQ+Wbv&?xX^gcIzV_>aQKGXa#Q!Z6xwS;equ@2;c04NipY*```LEnx(K|i
z#8lg=a7VC%Yu(B>+DCB&kN-{Oa4Avwg*GerD>SdQ_mCA5Ib`XL$kLq9VmUBuNcZAV
zIBRqD7uM-tUCKUb_UT(2(&PDc;!p~1Q10XEAgu5CJL3UgVTcvQ8Z5RO9}D+1F7?l<
z-Jzb;)<!Jfe?(oYa-Z@yDZ1QVf`u`LW6Ai$Ln^_0A0Vr$W9ll&R5Q@|<_O&u+e}#N
z66xG#eYrLrwA46M;Z}3q?3jT>p+w&Q(E}6II~et$0^YkA0BKLzB_S)WH>VbI%375N
z&t`~;M1RE;ELk0s*4?J6(brrX%e7Mt1F&*JS?6<BwkbHpq(C4onA*X0wKh%`tS!K%
zgIhrY0n_44x?Gqy_O`rzBdwOcP6WU0joh$7+L+%E$Nf4bpG}v!G0pa^WUZhk;UuGi
zfMryHC-!UM!^vh>KX#Mu84-ONBfLmug+Yo(SJ@v;el-nwSF}7$ITdPnwPJEpqS49l
zGINE=wwSo2@jWVjyTXfU3Uknv?o-IS)Rh8-PhjTb7IV;eG2$aWN6z~^HQY`iW~vX5
zsFK8#+Ni_FchsaG3D}4*Y*Cl{Dd5|?=gbxxKX+xpsJqqiyhrUM!VrO_G(r)$wGNQ6
z5T=Y?H+Lb5EWB9K@gwBRS+|5&jH|Y>s6(Op)=A8!6dFuv%513o(9KlbE)-b=%2DoX
zh&aw|<JT+E{s@gYt6(l#?wg^Gv}h7`gV~&+--!2sMyNk}k7$c)S3nrW15ZbVbsE_m
zCgElaltOJtez9X<QPZ8v6fdmMbbq1O%hV*+RTIlJj2wb8s}ShIkN9OsEK6LVDk<3M
zN<uBzIiue(2W}l!K8r&4gDKda1{n~xE)qTn18NJhRavoJa}8DHrCpVUu4%SIs+r$p
zF<C^)vaCSosOL%Ht-8%~wXyB<O$f5AC%Ed2_=I{XahzTsDLUHH)tRo~wKO-skl?||
zmAHZ08-5`-$iP^v#~m}A4j3xhaMt0SjoIhJXJtKGt_*h_SG5Rzh)B{ndJdvY<gf9n
z>MTxDVq`{`$HF3S`syM3&n5<7jpX@f9o%rYTi=uddlS0d7oP$w$q3fwKq%zAqD`(q
zvj`QLuNhrmYHz5TlK5$O{6x02zS9ppbGUVu%GN(1$yXt1JMH?w@E`$r7nWyd27u{)
z{>6K<vtJ+s>?Eb<WZTWQ*94=4Yseg7Ub}`+@oYuHh_E1yq$0c~Hrc>7mrd{s5BkF9
z6EPh&#-39qo0l=6ON+%kYr`25WWym=Nvi%yw8uPHUYL;tnkWPWk47k_iz`B(R(;XN
zqO&wd#k7$Ys4tmO6BN;%ro1m&9a+Q|0og)HO|>>jcbJ-Cdd9XAXTCG$X_ts64c>2I
zdi*eVEJBSS<1xu7)UqO&OA6R`w`LEryH82MOnt-(?N4da2wdY-l5N@9=0JjH&{wow
zb2GU}l7%4>B+^y<=s$omEh!@<?qmXG7l^=NAizHZU6Djl{Kuwn0S``b&7I{NI+V;2
z%D8bXR*th7&0+FD*>R7qhdlas5D&@PI-)4eNR`{WdZeJlfK7i1q*>$=qBnv44`1t;
zOid7x<`bN!sX6uo3-po5lli2OJ=;lh#-uL*XItW`k5W#S{t`)mMm2g3iXjvvU4u%?
z+6xp9y5;R<xo9V4%%0Z(8x=fA>TU&33-?^ha0}DSMFdvUe(}ATb(&HkjQ}aNsQ8Y6
zg{zc-HDY@+!^IRF6QEVb5C8Hs$xNinj%%F?VE|<qtJr5OBz#3}x#8OUOCFSubHiV;
zQhfb(yGx6TL_9qB;PJV`^86t46oLjrsL$|4!TkNw(ByBfJxk!{!VUeT<IasD;bUIz
z_YMh${hcp^^g@HIPsJ<LZf>qNA^R7zPXy~^Psu*ln`Lhm*zTB7Ajan<BSb@xIa;B{
zr3)*eQdZ<)aD}y(Ul&-)1Px-=G-S&+Rs-8!QV?7ynMW{+Oj*Ow!Ht3<Q(UfE7O%#D
zxXo2tqyz!*l^MCw=AoV8dw`jt|6}Sa1EOxaw<+mda;0G@>26q>B?VMMq$Q+#>F!>T
z4#5RP8l=0sk#0~zx>H_!|Bv^5f7)-qotbmyoa<cYnwiPRNmm)QsQ-gWpE%KXBo!<Y
zPPq-SV)J8Uohf8UZ)rmGF)V>10Iqe6WYPwXkKD75l3quMG`g?z<8lVS3#+K_V2BIj
zA$OsKQlLce_#@&ICB4QjuJ?QATh@43R%ZN8TLbL=nn>yu7#4`afCdaRHUg-O<`!BM
zIJ^G1^;`A1@cdd_+*mAfb>8suUHMAW`qEL$)2%^8N7<%;ZVN8|6?sqOC|b1L+-+`|
za?cMm_?GkZ#)jMd0>H4J(s5KCFgx`@L3|+Vw$mi-?^}APIc&Ay6U0o+<@Y$;{W_FB
zrR+9WZSOe`f|Z7lvDM(6G4p{Y!Ale(L^&`)KNcdxibuys!}szXn~d`4nrGH?T?_ZO
z;+o>bdcR)F59!Y#vGZ&ZGGZGFqzC}=6^TUFf1h?<IdCknk)mj_n3G;W>hJb|!Jt0s
zFQkU#0!@q<J}$5LJC$QQ1X+>KGTphSMpG)*xT=yywa=sJKA|%sMf%fmt)c5|EFn_A
zLE9%qIVScp+b5dh=btj@*1imT3yyCj!^u6PNbnt3cjty1JO`sF*55_CblEWFH4q8V
z%P?TIGC*iP;C${fdpoO3d{OxKv!BrMpQh6{<?N46u7Xc!swmcvK=!*VNkm`tUcaCL
zCT5&iNcn<8i&$I`o8Z$oQ1sn`1ticPk;J)2wFdq5z;=(`h}>6N?h}o#)1-i8<M8VA
zlK&g<C-kiVf54Gg`}5P+kY)v13}vg25&r8>w+q@xr*@Rl1;&FDpjxq?eq4k7uXvEu
z-3|9HPcn(V(NtUEC%n2IUYn166Pu{>9fbl<Dq`Tok;#?hX&L^kMjsGKsX4Bid=ML!
zz~YRP5KGJ9;u!Rit8mC_QuM3A5eMya64Ers#NZ~pd<OFsnguG5-V13Y#tJ)`oz3tu
zDoV*}`+<iF1l^cd|7X&dD4wxTL(Mi7<a<l^;8|}@HA%BE6G-pTS*oej*=;5~k13wo
z?{8J8Hugq!49^%PI)!{y-+`d#ZayqzATaVdt!~v1(2gXJWAcRiRgrcJp6yK8|96%r
zp9#nffBJSVRNK>(P;53KqB{4i3<X1mjy%2qcDqbty1euOP{-Arzx@4IjO{}05dqD_
zPoH0$Mfi$tkWDE^`l&+NbDGrz?nDNIH~CmKt!)_#pa0K#?T)cvL7RP{oQD%3al2&M
z!L#F}XNuOiBZ6YfKU^2_-{4anlwr2OX@g0=wWPoMP8n?-ok`jg#~fbpKsCgjxneXY
zif>wL-LU)PFbwfTg=k|DpgbF6NKA9X-MtrUBEvxHs`qyqh;lTND15Q*zEGUFg=0N5
z3(myA3(hWsu<HuivS!DeX>GOL1!V{wsqEej(&ISYnvM#z!e7W;FQnP;r_f0w#Uy@Y
z|HBbQ(kvcLHlHAY(>j-QWRQp*30ui+DQMG`m!$c}uDqL)VXo|l3P1nVNbK*=^x6>f
zC|Un_{~xor{JFrUrO#pK0^Be#{S5G4lQ3RWL5z_YP0-bzX}~%j!}T^{+|^#L@A=yF
zXK$*T6EE|D$82uhuUvRzGj(RZ6>kpPEX(c}i?qPqP2=V6`?lA<JZ7XuDDn73`89sq
z0hP^j<S(b8?RwM4Z;9Bv6&nd@R+Sp>NPQ39{on3iyOw(zL*I{<XBsb<6V{ri;MYIG
z5_%@t-z!`x8vi1|Ad<dY{#XY~H-;VM1=0p!16GGhhYI`W^XUw4ZUxP{7F>JF-nQKm
zr(xRv9&zp)m@tyHGpr#cSBf(&cPEES)9#e8l<$sNnViUpyK8hw1jFIMJ<r*Aj0?Jz
z8|;nH*#|?r3BSt!|A_EsO&aK*4vsHXJ~!Z(ikHSx6FfzD$?qt)2(NPE4SyxLVhkwd
z+G12`oy<YuB;{MT%F@*UX{%8()IIK#o?fQcbssn?OBv@z=e%S$DA(Rgf4kK+#rj@9
zffOrJU*t)6nfm&hFwJBrsq6O#Pj!lZ6`(x&pbymG82ebaU79U&B&l*DarlHwMt$V<
z-<=dn^t3s{rVn;xOg}xw#HP{Z>N1%ozJCRvS^8L$(M@Sri~ibO=Gof2AM(Av44%tm
zh)0K2C+{bpZUHUv`DJ@@=d%`wE3~z^HA=lqd$sIUe!q4niO)#_)KVaRyRv52NI{Yk
zA<U~*yFvBsn-2F3TBpO)?nc~oQ#g(ZQ*BHDG4c3@!VUx44g3BVu!Rl@UT*m4uWkgR
zB<o`rMUZwc2J8^A^VmIlcAt+*8F%AE1;A5WE4TtNs8R^M(AQo08=b9**Fs&)7iZX=
zj+Wb!AMP$q%c%j)sZ1WJP0dA{1xY9(b^%O=(gTWo$ltD6idU__Eeq_%(wZ5W0R*&8
zb%i+E)W}NE-uC@(UC4^inNK9LkHmP$<gLw>Ef=JXLD512{V@woRC-5U$Cf`GegVaU
zKn@j{=og}4Z{a4>%tdKDx^zkHpeQWz7nIlbx6!*B?955;Vvccx;CMr@Do4%qlNgkX
zB~a732;NH;@y55!x#n!+{<K>RCmT)?D)MxUq@-3|-cr0^vOTW<ZK6o9J36*j!Q}F{
zbI%t@rG;hj!F{ITnWW^~y$7Czean_D^N11DEoGq92K<X@sk;p_W8~E`+ho@mf}3lF
z^2DzbuK_k#f&L2c(o)p|wH!u4-z_~4bNj^o4+tkzLfH$X)zw`5t8DF;^3ZzP+)8x!
zRhOK%oEWsbm-#Te-hdoWq--Gde!!Mo)W0d{90N(%68F}O;=rr||I;ja_Rx4q&&KL;
zV>h^c=vS@M{I$oVjsVrlh+W>RcyBbR)*Aywx|uOT+KxK$_Hl|jW9Rj@mPS=y&)*a`
zhjneVoGrJF6e7@<jNes~oyR0(YP*|HA5sJ_sx^F;T25XdyUWL|cZQzSqm4H$OOUU<
z#q@~aoOT+XdiT;M!H(0Ufwwb;<SEnt&wqA!QIeonz$BS^dMNwbu~vDpCV@!axfg0s
z-Qv174ppXRbwG50EnoAyIdyd&vEc#(T6EnU5`0^x0RhyGq1j1hU(kI7^d7)m=08o#
zLH<kc$8F#25EF?iOp8<3m;@`D)#s|V>-1O6;ud-*24?f7Ol!P@RxuT7a?*$cGQ$X!
z<z&nWSqnUgoTV!u7VfnW5&k{qB}}O??0yrD`r`lMBevwzDDm37lG}Qs9e8Txk%m^8
z82nn)H;z4dJ>@Qb*HpEcv!L^bTf2vB#jogkHt*hq{uZ%6syi6@sS|1=(oKv@r!i!F
zB1ruahJ2)CEK>?a#sNrCoKhAVu#e;`B5g$uWdDr!e#kG4r=X7!Cczp3RV;<0bBLZp
z1fylmfEXQJs-3o+E~uuZ{$6W{^Bf<RR%tyUOa00ufiA^`8F7XGtmz*(yRl6D1-C~c
zVT7k*A8=x;%f7OFq%?exP}#H+KU4L=ime<Gs8T?CH0q|P9UMUzmC#Yq6rBLt1*Jgp
zbnz`oo`e`1W+&^*nhq|K8*)L=*|$JIT1804-SuIB#R_q5cgVqslIOR9nhfA#`gT}V
z%3^IsEzgN6QB;O+To;Z?<BRs0D0@Ps=lB?mv3LDFcw&o{Fr^5UG)|0<DJ~(|23mh3
znrF;Y{x*;iQW2rKxq#;1<i#oXh_8Z^5(O01WEt&zrMweKmAh3R1b}6)<1JSt_RkN&
zEwYs8P65<THjSAYb9@kiG+USt@%N(?X?&Yr{B3^ww}jzW8v5_W0JTz*G=3WRlR^f)
z7>5^%6?yXMy<^Ft8i~;*!LLP=_6uCU2ryIcd@mHt#!BKM!4<2m1e!HrAt}HsDlc{9
zm0*XFm4LFeppqO#F#HrI<zeRX^8Z{nAR*{!+zHO*I2h4y#^RH!C28`<mQ2r=e}g|y
z+uU1YV)pgB4-Slmy?b4aVID|yuOkQB=hC0S0EkhDE^~Y)0t(tTMwhasgcN4cwuz_4
zkF3+-OT}O4-~v)dlX32WFkAV@Pwp857R*eL3%f-qcJuoKdJ-AEPA^+xvS2TKIf23c
zZry|Iqsu|h|AE*)KM#RV!}1MqMR&&>fGo14L|Cl8VbQtc*?Oi@W*R~g-Km`MX&d-6
zQF&5z`EWu_Eh3Gc@I1OO9s;m(#x2}zPS%{2bHagO7B^MUIt@0bY3k}BZ8xbWXL=+@
zzhF<&*koF3dF2gAX)h4*IO{3hp_X-fx+BfTImiq}cF`u8LS)4jnbO9^nD*tg%dt*9
z*!d_E02F+ew^{hs;4sNcAc<Cc@h|8JSpS0y*L~5>YN@-)R_1?V*%QqsJZy;9Q)b(D
zU(2WQ+h-@eexoE~jemy_1PFOWH@OsS=^n2dFB0_W*#goAC$oR^f>rap9Z1KKG>DIs
zM2P^-^gi5kBlsQ^z<vK4DNWd~H9AK~Lo9Se)Xc?|e~<P9>TP7YZ^r{oA3EI!%wV9?
z2^?@U@<n>yn@E>8EIqU-%LciNxg<X+xLb6$gDJEK3vlL9;cFDIg(aY*(S_(JJ!Z?)
z3jx~^6{WFOI@##uFSD#FVkZ}gl>LpkT$)e&Ph9iRWlv0sgi!9sWb;O~=I;#q@M7Yv
z=Wrg>xT}0^16qcUuNkFODY}JX6)7BL#!GNhn?qR^(+aXeK#LKIWK=dY=g=ihgc!Gg
zRnBJ;)MdgdjaNEKCC5U&j02;uc33&(53k5cq7%zo>&3M`21w4T)h1@!eyF?I1J|;%
zp{~?p(+4^@8^2zH;!nantJ^CDHF^nH7{%UagD{6076!(3)LH&wzeunj-KXv*$qC9q
zpCB=LT0zUkeJ#!3<F*?p11q&wiT4|Qbwf3RKKft#;sgVP)<#k7c^4T(g`6QUh+s^2
z_b?&(1x=l0M={W9?A>v2qW9gylVVJ2+BQN-FcszV(_O~}`czpjUld>ROZ^gWhtDuB
zBpIg0htMp^SI1oCD%IMm7&kF31-=YGBY1%yMLrtx%uPYzwal0}Ido$Yhhdq7<5uf$
z!XPt3f%&DOL0?hYS<?8EEv)Mf!FM<O{7br?sn;rB9xk!8HJ&k5S>NIAREUS_Ol_)C
z3a%ccJfw9mdQxV<kb~nc^pHxO;H?_50(?r!*6oUKbW%W><tib;D_9W&q@=3&ZGDs3
z7GGzXwk-oy)ok-95sYnniYs-Ez9}NWNX?VCF4zRFBG_AYgWWnL>^`xHSBV01$REFX
ztXAw`$mjvmnh~zZe%WMB<vnf4{~?2*KjEUI!)GTt@_Mo(aWpa6SrU6WT&^{aLIl*-
zyou}K{vdyHOJH6R7J`z=fPLiYY#l|R20JcDHn;3qgn=X)(s)Cn74UDix+mmLf6sre
zbgYaEr?ahu2m}RaWsF3p=-?ZL7!e%&Bw>{)gb;NzAPl}_SWI^9m9VeS9mKOIm6Yb!
zTUA}7BZY*IQKoxTb<5A{V4-nPefwvSk?o&oKWQdP1^J@mV4F|~5$|rU3$c4#O2|?N
z)IE1fX!1KHY`AayWp;C_wRRo@9CK4I5okRC?Z)KgDAFKFL<z0+cgvIt)vT*|7Z@yI
zaW-L@3F5mCZmW^e+f&)V++*934@Mnh`YU`vso2{Vq%fPkDvxZ=yVO}6U`R->qBqr^
zY=!`ntxHd*=A1s0M7KhpY{?mf)7?e|hb~1WADvp~OLj(umB!!fflB^VUkCZ1g?3+)
z0BvQIJkSKBN!lFR>KR@T1P^#!uXw>P+YuY~Pls~lJ5W^yIXrc3)P>~v*Rg`6dU-1&
z=^dhtNWr(KX&%H*zp5|h_AyQ~u~-D)<gP45TyT+j$2&*NfuH&Mw<>Pj*Y*{ZP6X~`
zPiL8%SVWtrWZAf#X;OQK-qEg~@Pah-jg7$+|6R*?@EX|=5b*O0K~N|{MA3<Nd3=Gg
z1dC&xp*{p~H%X}8U+#P9EIc`9>9Xo$`}xFo3OV~ca`6GJqQTL(NI^oNZE#^t5kt|P
zQ}&(Jtl1*vNfydtv!*(3is{_pInAcotKP%6tj;rHX4vlOmfZF7oPs>+@{A+N<I#yy
zjlh~<EKrpr`(I@G#BscOIthODvVl;hBNlX1@H69fZBoG(#9=1t0{(q6nql7`(Bk#u
z>n{nmGtyxN%>i_Z!3X7iFpFxzP_cO|?4i`y!$pQ&td-ufv_B+}kiZz9xB07E;;Vyq
zta2k^v>0?e%t_zDDb%GU$(9!`kZa8EL$<V^C5ivgI)5s4+K6^^6K)y6W3Ckuh|w6T
zMqc)q9-LsZLV!b$nWgaj*M}blJFV2Mk5c#>sS(@DtAsQ)aRF<7m+%k5)_cs*9}501
zf!)s`F`0AMB0t+b(;hDAd2X_{;T1nBx~0CwM5ETHjwDX0!}^n+^@AhfvU@)ckNPz3
zwEsGbXNbRNv)8j#$0f2{)X%1cN?opoiLgRHtI46J3XM33tAWog%Y3T`FYG{{#hG-t
zV?~^G*vK!}_#jcGzl|*ieH56e?Iy6*I$zZmy%*;T`TDG~US@>nNrJtEw!#l_*jZ;>
zcSG<}prbRkOP9?pL21%ljHnkblKh+T5ao>epCYYS|4KTo5gFeqhF>mU={3c9moxnO
zW;KF$+y>5s=4PAHbkzJ#P2z%2_;Dl3>^ya%vn2U}L6Y`{vG0DtD)Gl6O&;d~_)V`q
zeHJz%b9DyzNZ>cnL`q}9<>jDt9Sz@_fN^*`O8+HyCnaxilkI>UAk(k0|83j1#_5s7
z`P}cUf1RQoUj`g;h2KOgGfEM<A!GH{GeVYeIBCPekG|E`J}L~354Zn;#n~@vJv#{8
z&So7N6VZBlP3Jboe{t*1P^#5$&3Py>0}pQsCy{0m`z&ljHgsT6=4hja7|4Vdj&%x<
zsh8@d)VUU-z`#FbnRGjS1`u0kBVY^0x9k1(eIyY=cCPwQTxWbL;;0w}Ka7vS&rtwj
zp~a7Km~SNM<;o@K%6@th1~t_bX=Hov(CS_+6g%BEY!3_!B}1%qF*HXNaD<PP7i0EO
z%+4R*ib;KqYH?a!L}TdgL0n#!X#@=je6EuX)Ld~u&}DR|1+BTAgyK`-GsIf=cHx}H
z9CHJ*#SD?6#!|-j-_uE0)<f#kS`GeFKVd8X!Tv*w0*dmyC)j3GwuJ_axw=vL$2AK1
z4hPB`k-_)}qwK@bo4F%j)^f4ClFV;5MQoA}F2H9PN=P;hf*8<A3+2-o*^ASO22(Th
z5JTT)ryL4PT-=s$rX|pByCk=h9kh06PpUTV5OsZpCEEd<Ic`IKBrqV<D*h={^v$am
zxgpAM+jU_;mJqqqb3B2h7wc+%sOQ!HK#nJw{DwHi(Sp&!Fn-{1WA9L(;?VmXp3|_6
zSt`P#+PdzTV>gVtw|jWA1J!Yo9IS?(8s?lrQfd<K8&onRUf;{fq03l$ba)j%v-p-M
z0BuZ(VNE#7k$h)o*rIN*I%TO?7BMSMMmF!*Pk{6?{`DlXx|_#?9gEG^XS*vw-Ga6o
zk#cL_-7?S@&mBY+zqUwV&`+6Jb^rmHP5K+erj=Fg*aUqPjaeP35wTCT`roAZ;Qt4#
zBDl)B3}7ci<*a`yAqyD5prmD<n$4oKGKCa!*H$Uto-J&}Xd5QhX_vydzZ05WHVZp#
zOy+CyyG0WP1uICg5gwmwvaU=4Vj0X-0u+94MzfrP1oT(1b_Ws=00-yp&Gw$vyMqD-
zwxQQi;hb~KzA)RJ8V~(xov2|LK_U*HR8`C#H_R4VTXYipF-BmOBG{b$BYMlCgyf4g
zy{6En!Y`Jh|JJKyk$>DY(*3>AyzC8z67=T)KwiaatSm<J_^078s*1%YNHa%Dgo~5W
z5yyO+S7G!0lC!3`ab9!|pN5)V)vLi5L+^*@92qHnD5z{aJ8^)8eS&=exp$LmLxtLd
z8;)|P#Wi7D`B@6<T=LW$2D@_H-69N2K9j`<R@V4<&9fn;3UIPh0zsEW2An&BLr%Nq
z1&ry>28&hL0{Bc%v#9RU`U$bTrHfDzmjXQNnW2JwOg!IUw9@)J1tTcUQv`x873SK%
zpHv<)<47pN>UOn^yI%EB^(NPjyyG$>0ZpGvZ~7dKQdU{qx#?c)6{AmTFeetMBveIW
zrn#S*u&^`7Pkx=?`I<LPw@&mPF4Rqk-b89)Xw{ra-7w%}6QJGdxhLCT^daruPA02F
ze9p!=#p>+6NYSA`k4=xO#TPluwHCLHdISs`rPzIenn*odDG>m|1Zqt|AJtMi06_Ak
z<|HWH7J636!Xx5I*MEt07CAjE6W&WVq@`9>x?&rY_WOSX!b=o+q$g5Lq4OP8zc5TC
zulp;b;;;ExMWdS^8}kpb*DE&}(5q%FK&#=f44S$Nl9|x-3}ePjDX;CDmQ&2kPBj*4
zUbU|;Si2GP48*rl()7gTo5RflU!`r3^S^n4UsW-;Df<;Tq-*oM@Sa9p($*w|t&}50
z`$}-2D+An)SCfwYtCwG`+!ZNJFt>rj61hkKNG+9o(k3_!%6Aow5esf!BDawSkX!bt
zA`Y0RyCnr9uh_iey3Z*_xIgkQ0U<uUbuw%QNqVE?Fv<cbO$SY!OvM}&(2B1@qK7RW
za{t{f^r%l@hyLdqykptK=f^0TIpjdhyiY=J_j+3V!mb56uzc|o#BmR#&Emp|G4Mfx
z9dk1@)fZ@2LkSOFF&#&A^4DiS(N`>XdRu<H*3{Dn$x)d(@#zC4_hC-`TK7As4LO)&
z&RdolvO8IfS^@`vQ0QI!mtM$QUE$>zTmjVqbi;z<#t4gkiE&hhbyjKbGYEi_En$3^
z0T7Y|dL#b*^g{-wrA$?6wrx<#f2_mv$2zCW)Zq<@C5#Y@C2ed#Yd^lDl)i&I<+lk}
zub#Ra9J6j4B$id&a>rL+qJKsWryDp1yjdVRCl=OZbqynQV#Zq>D8d@Y(;RbQPVP(J
zolERaCuSkYMWg7-*a!~G5LlCKu29J{T_2Hm%6KY^f6C3Hw=AGr+7Y;qrpOvZxB<XE
z|1b_jh<`w%0N{4z5gi`y0NdTU1_I;+hS&1WXvcBG?{*N+4rR=U1o<|ikEML-izh~3
zVw4NQsnj-IYttNK%?ll@rUDP00Ct=2nNH08a3elyE7?q=M0h1spt|OnT7$$Karu}G
zpmk9UZz5j$sljaUoz9d1wyHLXn=#`b{>i=la!<LpzvU`O)EVZW#HA9zkts`2S%Nd4
z#Y25W(?zqAR49bZ{)QjgBi^fws~HOy2MsQh4CyZCJ{NXxt{?(=u{D1u#Mgy)?_o9`
z2x(UJVGXJNRGjK(oV#x~?VTZM{SO-Tr;De4vcp-Ivh@`yQmrg~=_6Dstvd=Fth*B+
zk1ny9Un@JG{CS~q;X%D?D$y)!(>N%9!u4#9gOQz4LI(4*+}}L?2g<d|f+O4w^NM^f
z#F5T<ih~-C9KTcj1$s{)r=39Y@CEs?qbvAt)cGIZXC(XQE>;59CfBMPy7sLUZs_uj
z9Vug%i%gJRVAdSd#s69X|A!du{t#I>U{7IDB+%!r&)AoJI8j}>vWWss#`fBb&ITG^
z^chJ+e%y2WrfCPpqzDaol$FHw4~5Y?F_RINQ${)nsTkP)(}f}mkovRYpE@PI(YAfN
zA<uA&&Lj8HLGWh*kWjIk(2+AG3LX-HayunOYmy9MLA>AZy^ZB_m-IIi0gd%qgE*T$
zRgy$0N49u_$X-v+n+WF@Q2mb{{Qnuv0sG0V`YOghQxJTbg{oD`_zF$E55HoK!MHgs
z(D52gqi6z-e=weFE?L6J$WoN#Je8J_Zf#^ZD^um5X_aVFlo04h`QCdXQMe>fHx4g-
zJUH}+PM>8Fv$p();2}Y3Y|zXJZYBr^2XYsW)0(ac+abGW;fx7RlO4=YpB*~*KlfKA
zpIk=0BP9}s({xqwMq69NUAjOTwMHHmqLGR?T<~rh3KvTH{(9n5X(03`sZlJ2J$!MX
z!4mq)A}<(2_|gzPuIPbLm?`3*tb%$bYR%vFz)fuRUFEMTO2hp=P|fgoya_?;zAx`x
zBLN*nbz>!Jad^_Hr>QK*yYHYQ-Farga{FY|=NW7tslqaKfAn4ptIXKJkN)$wbOilt
zXXFV&J8-W61eR^)9GL=|p<6y^XC<BnE=}cD_Dks*8D&-J(UIugknXhSCk^B8)K5j>
zNa~xkJ7rgBgjJOcv};XB28%`UW?CFo^-Hv`f};E8N_VUU7i_I+77A<W)frz)$fuNY
z+@$$9qVIi!Ec6lAo2e1hMd{_^Ftt^*zOEIZ_YtQ{D-nL4@SfP9fkiHqryRYTeACMn
zXx&xtpW((MJ{cGYp3rKbM`&f~p~-yY{?727W`Yg$ZR-=L***aL=wiQwfBecs3Fc+@
zQA<L&gGDP5*SwY<<LBLsKtj%^<-uEM*hmy;ke8P5rtf(nTi|FWN~S;srJ*a$udDC9
zKh}dBWkSWdw!EXAUnt%ZMF-XR?^5f(Yemf<$do-)SoX2Sm{JEmPs%R=;7U>W;x8m2
zrSyCi{ypKMErB-kAHE?HEQqdSlb507sY|efi71$zr^L4YB@1^$4o@%+(yWdu+=`RI
zrB43CG9~+Eq!T~-m0+Rpdpfb1qJz0?PT0wjiu+*5=d51Vk(2pV0R9g3sMCPvxiVn5
zmLkp;3Hq@!mQ%%L&;mSsqCxUecvxtgeB*$Nhm5bwTrpwF@nDY|_l9TRNX72-z-Pyj
zy?N2iql#n6PH-&2pOf{d-e4Jrp06q*CbjjS{$nIq07Zl++@|KdnQj~h2~-U#Q(Y?&
zD^LJ_#o08z+<dT3e0LfFes$TN=%be}BO$&*Hyw(?v^asKCasc>1`!z8CuJ0Vk41Ko
zOwtbq_qK`6TlMo(O!qEQ`s-xiTFTS0bWPdx3zfa&?PVcfvyEe<NWP*J;8rpEu#V(^
z5yizAA=rm!v^G{^`_a0R&a(3)=q~Ue!fC<8@g}S&#K|qBu!Vf#=Ec%ayO<A?u@O}N
zpx8*T`BQ;l(JMFhGXO!Tn08TekvfHGk1e7P#j;isZPHtMlK0)SGEd?D<FTvmAD>O%
zG4A3%3{IP@`Z41+C?FAN0yF~%slx>CrQ@AFD|b6uTNfA%mnjlid+XO|-O0vksm(ly
z&o?DkC`kvUm`xk7A6A7%tw2oYfqpj4%64-7?W@y_Tg{kZx?~lU^;I4<{@;!QNgl#>
zf;^o8K7ivcvg^Byw>ZXE9bF?g2`+w?FvC{<V*H%gk72l>W~?HbaaY_b=ZgOZcpiF$
z=Xr7jJCsQ0c9Phg57w4d<Xy+lgU0P_)cR*@d(B7%#9&D<*_;TW1(inL^10LCM3=T;
z=z`=jaY`4yAw2<nKa};ZY0<O_08gI<`rV;eHWqHU(k;wqANzcHET!b0Ur_4gnDlo%
zLM>{;^R)F`aa1bkkdeUEOn#JV!E2@bhz35!I_^HpEsPPgiymYWlzq>>5nl+ffY~c4
zDK<hTyH4u8&6IMNFuJsU9r$-|wb961Q2vMQ_=N5f_EcRQ;y;g=Em}m_9cCbA`0(6g
zU`m1QRB3Y1`5a7*2=pzWTCvQe5oYgccy{a`6qF%t@<4{(q*~ws+typh^t*Rhg66Q`
zv4ozRiR9%I1!*L{tR7{h*}n^#5xTbAgAqO6aOHjZgfo`#O&xV&+vUsSPm8AG_$Wjr
zRn38KK3PXe*~irVDdxljc-us7{-1HPeC%YRD8PO53x${Ob*E3FeKr5G6GQ<CAqXBJ
zBywwHNOqQ@?QZWBta}IoX%>fGGQcY-qehHzI(qWC$Q-xzk}c+a`xWbpuIwyUgy2i`
zE%D4+FQhexJ1=c!RwPI3%s+&QOnb=?Pa5nzn2X+h_oW>Yz7y%Y{CrZkO*$Z{E|=Mz
zRD~7&P*5{cwWm03IjP0rDzSysi#02Xa}2icO8KXk1STL$K>yO~CA)ITmgv^d-Q*fW
z)N;!leuWru7X^ZD2m^H7xSz-0>Zznst(fmr0yTmu+=;UDfc=;a#N6K+a$zC-yB89r
z(-VgQjA_fkIC0T|oo?sMoKj{9uJIq?DO%&B$?4;~J}5Ckmf#+K;VWtAXwj^IffY=T
z$nzU%E~V|74rn>Xq0s$s`D@MrllbvRhpANz+o1*)au(gk(t=cP5{L`g?Be2bs1lpW
zQkWZr_QXcy1xB4h=ahO<J4=eOYrOG~_z@cM@_&(Z-?Jwy6c@EPhn5I-BGWd_O1j@=
z+OPvbT%wBe4aEFfv`rX(07TYpDs)+gsW1*M5t`?(ca&jE>NH9a%B5-h0NE*1RgZy-
zIZy+N>>M;s3bu-}yMl^y<*WEI)h`ql|EmJ%L^|4nQiO@YW0+!;xOIo`l@Xj_N-2-_
z>r>Z?ZqKWuWLYx|*x@~LC+bQIr`?_gjEB_ho>!<(Vtlw?S)fae>P(*_Btfl!c6i``
zDXD*Ba_a>W&ivzNbap5!Y?lI~XKmL_Z{n3h%xSus6XDvfrS->2g(IS)-|R4lJkIm=
z#mnSwpJxF5dxH`pgy8?0l>1M%=dNqai11w6n6J@TVvm7wodQl}<NGXS?~lr0;}J(v
zXe1|$6H8cC_iQdR+A(fqV}jKRzh|*inny-rX@*TdeKC?H1n2?`Jrjx+?T}`@Q5p|9
z=|%+vg`7-(w$Ubxq)%WJDO{ar=LEZbvBPXxi8ImyF@WOM9|AE`cH`g=pJ@(2mrVp|
z!5NI|{<zK9o3Nd;vnd6s8RX-N&v>z`?~Fg1U_;RquLfA)83#~X3jJ$$4mP`#6#OuA
zY`3R3Z*>jTc}CL*kRl?A-3p<&b}2&ni~}3t!99<os|--U$@G8HAw9;Q(rMSuU0Az9
zUiPSh*}N|@mdlNMGA2v&dbiAnTNvYJy^z+0W<cO#(L!3Jvol-K?Ir?rt&Ij?^hEzb
z8%JNgr3oz=lhq`zHO+c|t+Mi=t}8d9d}Jg|eU>5G+YFg5e<`LSD2K|vhW;iSr%Id?
zxE{9&JQ5LE!u7ZvBX}Q@{ec&JI#M+{8RHy14d}SHAo8Ns?vS0tgj^O`ML6%j2yt-t
zvvIAiT$bo_w@5v7^XlFr_I8u4)C^zy(fOi-EOkLC?q86-29@*ISBRn;=SSMzBB+7L
z#&vo<Fm%uQBA)_0%Y2~eJA?`(Zkx1>>*iBUxZOXry-Iav?^Q4c+}(S(%4xoXHsp)5
zY!o&|-1Z-7p}lQUFa1GNY)Q`ds1NrPC!M<G_!l}tRDJmcnYOD4QjdGJsr#y-JZ6-q
zZ<*zy?J_Z(ci!PuYA88MQ%wf@uh<gBZfgwE=v}qft5Jv`+r6nv4gaspIii2*^Xgtc
zZO!0fpg>#0ezb@`a!vsFLedDSER`h!{i&;fRfI5WQMFoCLC7bd`;#nX`_2P2C`^3P
zl9m!G+Xy^ObgzJ%h1}LRBeGzr0Rd{os$Tc?SSO8-s3TWi+&^uCu}Y-Zh&|itIy>&K
zdh5mTT7<-RlZxg-;P-Op9*YvnsAoi-xRWw!Z}&TI_HAN@@Z3>;IP?3SxVd>RzFu67
z%S(J*US?z`P`+CBmBRa%v;`9=KJldP&uMPCB~cXL>?Zhbyp+!V8YM-KlNZg=E~EMd
z>{+JE)N(8~WGLmIBO2%i1waCeFf0~44AdA#3!F~TKId^sjd?;BqPVC8ohFf2FlPmA
zX$MC67;Q~pl*u-3j!U9-H3JV`K^0*+jU2SlzF!1tAsOs7|Dp_kx^d#CsMRE`Q2rwt
zVSodRKC2?WYGHdgf=zN?WLUzA6tH_3NjvjJfd^;1fdw?RTvOBc>#H9JLhN|RN^1|V
zmu-4_#FmA9uJ*q(GlKu2qv0zzzUhJymg-9Ci;g8L-$u-f4-&@Q-i`f>&YtQ=&Oh~|
zoXRg&q&{LKo!U88Qjr_y<5Ozwso8;lhKc+~j)#cSWEdtr10j?~Nf7RCwh{P9!H=kl
z+GTg#QxcIS?Qs6t^;=lcR8g86=s<;Xbnc_M;oik>u>#eDxefu#8k|QJ;8X`!lz=aC
z1f{JE9eofvcO-yb`E$03fp6H)c`#w?XU<;Y6ro!=V{=tU)55PF0<f_`umn>t=CJVM
zEDqy>%Iz|D%z4;9{3zR>mMoi{774wr398eU^am$xpHj%pAvPVGBHFEDXOv1*;!j1F
z4V8%3uaxsD=IGWQ(i$`26T2i9Q^t-0RDh#P*Nw78pXj+Xs|kUy?kH9epJ^p1o`F}S
zpf{b1_x&a5$)<Gsv%C0rlkb`gpV-T&yLLC;?9a#z`9A(%tMmdZINv<mk7RX35*5B9
z6y-q8Q>?AN6+SuCVXD+1gxd~yF&MmBsdh}vkfiMJ7fMK&p7(x5QL#!O%}fTcKV$P?
zSU&+GQL$3fWB65qys=@pRrV&$Z|m|6eV^YssB>8??6kMI*VY&r8}-D;ktRb*i0Yl!
zXV&KrNv*&A!~OkvHezF$vjP`f*w3+RX-l%YFx%6%&VRDM_<_NOR%2v~2*ra<=P{D@
zb;8#OKz5C6AX7H7v~~<-WOVRy7{jiV+tKQa-*wr<tD`X+BA(#r?bI&#BHE%(<Qoav
zlR%S*=p0(xGquFyOf68rm~^>~A+ZdX_=cG0OU#)TnibXJo*=m>`s5|z4>rpDTvik-
zn1)`j@@U$-%MP~A;*4i!qmVbkP(<Iy-J|QuJlZ9gK)rl~?CLLB0i31%lrf-nHvvlG
z+4YtUx^;Ph$xCUm{Z3iPKtp}peu|JHv>6UKqp&BDmxoQxqGVng+v%g%JE&&{Fmhw{
zU2b2`wS<3s4S^0~=nS*m)Y_;0Ek3Y0{}BA;ckc)2+VvmoC0IlJ?mk2JE>nS^wU!^O
zDI0PxoH?7Dp4tDFTOessKq@rgaP-sQP;Dv?dKU0&oQlQshE|3s3*>yv!30je-YXN5
zw%u54>}{qim&9FMVd@C6_zXnXDM{hM@?0}kUmuiQzX+}e%g1~Rp3^W-kU8;h_T-X$
zTpUw28VISd50OK;i}Vh1;nlLd33`mN=UhofIsS$<HTJ}dOY4ocbx3^g5k==$EJc=`
z@o@;NC*MP$J*J;fgPlajXoc4kZmnV<9hONlSHd)&q!-Ute4$HsvZqp_@ufsp?J?UE
z-}U{5B^HbfzTx)`Y<v)6D+|^0{>4RW733qg`Zv7<tOtPYRBWNcKd$R0ku|aCUfrh{
zM){qQo3}OqdS5wUOQE5;p{D0wGvJ$@e|NdDpyd^kKh^xT?V>Wm^_vsA31sp8?H<p|
z7dRX^?&(DT?ZDLEVcz)^oUD1-C)!i@zJ|}xg|NAd#wRJ~9Nvz56=17*x@{Qleq?S<
zJ05gXV4{7xZy)1c`=dqha;a>(!9}W3m7fhC`WV8p-Sh(TAh7*Q;_1;>heVq*Z;2kp
zcFWBVCA<c^b2||~$uVT2y&C5}vDe3Cx4iB4*+Nj{gL5>@g_)1mnn$F0oI4RD<KgOQ
z|E+g+=%37gMG*h664S??P5CSTJkGrxS$9zsW<!oumDoO{)ucS=cV#Q{1u$;5{f;@t
z-=Ka={gE}q+K^}DjByEwS|fh_`=T7!Ie-1zuc|p~$t+d<<hBRx$akRn>ZuDxkum4K
z{EPv&uemg94<L%~{@B|FSxdUoJ&jv|Zb2HQUJOy+226AodNwZhq3XuGj;;{^*XF2*
z`oB9*^}1}vI^t?x0*wjHzF&W(+n8E*k{x8(bW$Qz5k{lQi+6UVYw)4i)lSlin#B7_
z=9Su$R#_@~x1Vinv4l0^friuSqw%j@bK}5*ehFc}QRIU|jw!rykMi%^V^kw`#iwZG
zr(cM6(h`;i>KUAESnPRLLzyA6yO8s)>LrGoK@<TqP;|7$@3kwq!^j!TUy!F5j&f@>
z!+)8-kPOhJpTY;_nmZof9Z45r$8j>yH;}|1A}PKZ{C&?mT*)uGTVQKEXZ|aP8xKva
z@?e|C7_BI{VKgS$1385U5oQ-Zaf;Szk#LBe4P77xiefCBVpXpw$izxDwk*!-!83xB
zyG6Cuz3YXEjxgj2j9ZeN)6!E}^3=6AjiXNl4jIIbZlDtrGZ>Hv_q(?nHnw~Kcu9pL
zH`wb7%XT2@(R4;1Yu|b*>A&f;3ok&7Z1^~1$<de_1Te779-_L#P&7agImDjC2@OGx
zP=aECg8LaN2P=EY(~gPP#rg&FWQ5*6UwiLOIvGw9MONqqgrov@>2sv3Pyw%Q=MFX&
z&ry5B(D-Dy%}8z!ErkX8R5NW!a4}?yXskY?rkO2O<5eMBMl?9|ZzcQ`zDfwvygbIs
z|9$J%SD*})XgcFU7JYmUZG3d9liT3293Cl98m7louc|ElhN<^+K%Vm`v|!G|rEMb6
z%iWeQDiNjS4pOz-UNEhAfgM3hryTd$cP`uRL!*03qN9c!`R5;>^NW@@bE<@^DD9W9
z;+^F!xZwg1zZWhP&5Zq?=;LyL<=u%%FgcM@+_iVAJ6rc~CeMWo63)i{e2Ye>R^>c*
ziXy$`rll><C9pHQ$nd$;T|Kow4}(of%$Y}Dr~jo>V&S|FM7r!BW|%DWPhBx6hy#zN
zMN-bWmi)}X2!wEgX1MXctOZtspr_Ah;*Zg9F-tyxm}~n84eUcNSat4@=wigs#%|W5
zQ3P8aIV8JU^PbwzzugVSR2my-5V-MXhd;JYMlp!l(sq(1`-?Gb8!v{D&BubVwg`?C
z*H?4+*3a6L*kK<{5Pq;`Ba7y5?KZ)8Bgfu456O2bPP^N~U>1i`+9YYpyMq+ZIZt;W
z=FV1@mzofwkIywf@b&EosyHcXVni2}azM|3C*^*`@M??$LO{q>&5ight-3e~h4@5v
zqKoOe#%~13Rc{Gg^o@wpb8T;fyv>65abRSpz4_{AS7aGPyzHM~I=m`IM9u=99(KJy
zJe+Z+x{>I5x1XKm%df`7G;xUW&bVf(v$uz8l8kj^0n)g-*xEHY-GzQ4MP)<TFt6>l
z7${$?1yy!f!TB^~m${=5C7ATL=Ek@n!oU6%y@awLK~VWrN~saeNhO^H``sxObuH8d
z#d~srOpqZjNydpvEo@^RDj8YSfma*HLUq|!##W*yVl1A!SDM!|SZ_c?8FOYIk`5@s
zOVLj9fk@*sChlJ_(@@2aN4DQZ^|Kt+Y|$n;rjCbXiPyT6`FQ=k3t$?HSH%$8OLrnA
z_^#8VOF3sn(2-f^stSXZRNq@7FUjml0eizGqBOwUR@FRRQDche(Itq27>r`mu!h=Q
zEH6vCkX%%5CewRj*KoWE&}o$xqlpIvuNPr~XVx2zFm_Rk_~7KHz#}S~%V7{_ZXr4C
z`SbF7rihtgL^t41r8~vIO0X$<`!Jk@2gmX=eWJNC#Y38O1M00k=QXsXojx{o-ncna
zRiOgIiPynqcS%reYN;96(@CQ-Su?wO-f?}JCbpcE(Egb+jcY2}dcWcaNT1KO;vn^-
zC;TrvfGzk34SW|x4cwLUwv(rT7@5BJq}|2MgvRn2-a-iMoIW#EHc4B_v!S2zE2V3D
zt8FO4wazDlAoix|3e`ic%+~0Tlc+Yq^c}THd;kl+ro0ku8VPi<8Yb^W;mL!;;;y(8
zT%90mQI#a&DcVV8_iHO{J9Ioxn+i5QoXF1U+PKwyK=`<t13rhb14-FJU2<xXjBg|Y
zJ;2+UG2;uhCt04B&8htiW}W046a$`kih}&d=b#jcQ&ZMXr2;u(MefZvf(9ocWe`ER
z$%+opV{X=NUBVU8!p^aoO{f_Ug*^Ul?V157!k%I><2c&n%r?0AM6vI;Fv;y1jlOZ}
zpHQ2JfQ6*pl{*Y4zsfRzE?88V|1>i!2sqFD2U4FCv|rWhg;F6I@zLbUu|BfBA?b;=
zi3CK@C|Y1a>Ihesya%WuW}p|P+xoU}z>;ig%3A^~L{0${&nuff*~l0ogvO-;W&7k~
zmH0z^5)_XCWbkc8cz8@2D2DnvFSt*Yzwrq7Dm?oQ=q-!>1;~te1viCR+2I@2$IkC#
z?Qd6ZPJRY5)UOSLcFoOI*yK-HO4Rd4wGGayP}lQ1<`-!4$G>J&gaQ=>#V5{P1obf{
z#XZXS-w2RHY;t7;sdmrpIgF@z-)V+reY*d`1W)d!v^AwU0_G5G;Jg!RGv4VRwBpKs
zD`tJTunf!qcqx63R?E~o%%1Br{<p2xg%U72Y?eyqtDmv!W?a3_c(NbXCm_y(+mFHD
zHbUx$1Sict^o}qUb)c!I>9IY&ujOb($o@q%FXffRhDKu=Vx2vtDAqtwaWOp<?|M4D
z)O@TPy4Fb_ixW4(Dq+gEznekYFfb9Pk{L_lX{<$My0hk!p-paLC$N!!J|-;Rt0u2<
z9QPJfj@B)l-;_=1G~ocvIe8*U@e*97WR{@}e9Pm#?gueUl_7N*fJ8Moc^%rA8X16?
z-n2t}sO^*A`A|%`ftftNtcVs<{D|4o`H&o<*xgda01k{26GOaJJlrAnTT9=VW0=83
z&_AY!6DS(9$t;W}yr)1<JX-z;QMXs<l*WS&rBTNV(Tn-JTr`fK`5cCYSZ&2*<~8B2
z%b9<$XOx5(5^+^2k?EbyXq6)v4@=!nF6$icEA)-Q+O4!x$9*ZkYLx|y_^jC4OXd0F
z#JeG;UE1C@Jrs3`im#Pgv`SWs<;#rt{s!k^+)ZJ%d3*|M-1W%`DD?6bgp-#_nP;(I
z=r%7OGnx|SM^H@>PTG?2Vw~)+_~Vo=mdd^9Q<&hPhW5$7-lTe|5Z9ysp@W}^fpHg$
z;uUXHU_|wC%rghYw(Ny4s()(UK7yx$H*8@9#1h1`U@8`E)f-@`@W}@^%Yji5=rZM_
z0p22{@v<G_2;ibYD`zHomfe!k4GbhrtaW3?n2Ni`x{FnjqF$-p@ivBIDFd8sz`mEZ
zUUzdC_}0A<Zqy6kS(57`jChP|gMYH2xn&8uQ~fe?h^@DbFb*=Fiu4PXwIFC^@2^VW
z`7Rc3YM!(&s}He}3O4=BxJE;&>i(fnD70`PAcWA=wFxLlnIme|H&7|H^H~Q$zHd5p
zGqz=I-iVK^AW+>;?RZ$D%`QJ@Y(4GQT;;!nb13`&pI>PZ>D2dE7O<q$)CrbL;WZ%k
zh&Zu^5Waf@XG<{6Np8bX33Ph-BI?&+<I^<@R>2sc)XEAO=VaXsT&?}X@432UMl$rB
z5AR_aFD3WECKORi9mq?1c>6Sxw7M!R81Zdufm4+P#M$$QKT{{|XmD|M<(az}ZJ;<~
z`kCar1;*HSVRMUF5N<OHbevT1=_eN^m%1~E{M!>dpCPfJU7_?#)HW28RP`D-opi}m
z^YVG`l)zc3$^sG&7OH&2#6KioG#`pcRbqm`U9ON}JV2oyC-;1ZWgqGVu;WB$4hN!Z
zKOGt=s&9MMNx1E@(w{1U?=o3-i<~S=^W!-K7Xf3RapqwwV{NKEzA>t(hgv{f({KFq
zUC5DSf6ahRTJM=6CSf)bhPosR1Vsy*dSAw~5z<&rvs+Lo>K+mMF*oT#RF&-3Y6-3S
zT9Ll{-3aL^X|Ly1fD3P;mB6H}Ro}K0Dj%<~TPQbdtnwzA?z@<TwGKXLZMlxV(B(bs
z-{TOmOix{~rcEpJE+|K@R;rr8&4st4u)v$x-L0F0#3DL&FB=sO5qr;%X<){Ws_XQf
zr`)*Cg=ap-6cvhG4a(dm=7k&5Pv;*$%y*4=T@PbtWkn{)M)zzWoit8STx9LxZee_A
zG$u?$<o5MYJB7Wv8_(9z6Jb{be;Uz08Qyy1PpR05l_8<};+pwZ<*v8=9GPNQ&VmlE
zLu|%ImJ^k3(__Y_+G6M?2cj@px-45*c>Qn7UML%Xhl1u7n!fCir5uVPgd3kNWXh0e
zbEzEA*@R%wuM*7aD#rGmA{W6Io(<QvR5!`|nSZ2HT$lrHmYPXjS&H{f%oEG!1js!{
zAx|Ahgk{P``gF%aoUUU!;%U7q5+J7O95Qn~K&I^<yLLIkZ8t{Ew%UVciKM0Bf(QIf
zLg2S-dP{e85ru9{Yf^q`+1wI-&*W&9ne;T7WEz`xlD);SP73?H`j^5u3O=R$Wx)bk
z<^QM|=ofMx@(D*JD6v!`;G%@PO4LlqxhCEp7(;hSQ+O!qFz`KN*FV{Sma}nlL=#^+
zr_D{YmXW*f6iG^Q?VC6pI$?|j9g2mAsNi9elI>!By0mM23$A=pTi2&#FCXbO`uL8z
zJdWhyL7=HciP?LHitbGWy0~O?&f!a8Y$SVDf0YtX98J5S9=i-KVyMoqS77ECi@K>0
z31KOdAw`nqP$IZz0K|GSoG=2OK$05c=3_Ehsn(BHi8zgMhyUqt?nXZjAuDK(d&-Q&
zAlq8o=XIROZeX23eBeiQqb`fFnYJvR&;qg)Dn!N~FxP%LY%cx;<$B#@S#e7871Q`b
z%kNMO)v&@0$ITPn|41Ouu>-OndXDCG7G5ZzL~qfTa<sHOoq%)fJuHx@wa1Dms%|CO
zD(0=M$upfZ-la)k2EY3F4d$;f-*ee=5n6CzEzybfE83{bYEvVM#_fv?PziC=pF!G9
z>TN@~BKvta?+U-5F)pwH<L6em0(@)NFr8n;VZiGQ*SY=<uT3$_yl>Mr+<wL4J*B5-
z<CrI*ZdB{<C$WO-^7pbb&R?(pE}hZS%OV@%MlZL8@Gl0&>HAtj##sw(GU;!yYa@&8
z;y&s#<ftSzV8^I>8YtodiUus_a5s6h%)L-BcLIPx^OHvf(4Pb{i`DMV9P~d7(cml9
zUey!!?#HJ9);em41&n}4U-75(;?76ahZzLfrSDKO40l|J3(}s`0S^%-DSEtTQlK}o
zxz*cD(VJH1ff2@A)tmB1)n?ZwQ4sG&=+Ml2QstrioV^mtK1RK(*bB|y$F|{>K1A2t
zC#rhu8yKq}_}aF+CTs6`tfj!Z$`a48K6R4%aXuY1!`s~}+O3TouxUJ}vwFhL%YIEJ
zf_ptpbzc<i$Y+^{lqZ*OT6SJ#{G&$^m;LnFx*{ygvRXpc-{5U<U{p#>pu)G!*;`zY
z?}@$dXXJss!~}xHg=%}=$r9?F{S*26CT7^>w;}ursRROcGB1&u@uB?=RB;RB<`tTC
zA3ZRNPsSV9J(yFZ<qsifN8&Gqc%4K(M&vZm`kB2qaqWAW^ej)Rc0$l<{TPG#gXVp4
zPUS}QHjfx7W%xP3!X<%EQw6WheOA6(P(cyQ<EeFwtM6?u$w_?WHx^txEZfLJ8cF&Q
zf~+}HmxVMrA}e9_ux*k(^N-Y@C}0%*oLgp3%s+d85HY?FI>5a10rEuzU|%41)pF-<
zW)ZxV$2q{Bnf9#s(ZuT8V#M=()O8b`#+_8i)1!pwHgM19qlNDa;Y6sqm=C`U1Xd=+
zEV5ceNS+-olds3D&UthMfFvd+2rFL(oQG`TN0GpK(W_WsmW3oRjn&?d8)gN4t=$~1
z@!3>bhB&A1Zl}xPYcWr>fSE!^T6j3jVC~?FVuf|3w3z)tXrN`0U5-<n=DpvoBy<ot
zt5TL)e@>3IPpOOFu(x3B$FWP0i}in|Ch@1gkRvr8MoBy3ZaD)Rr3@5n%>B%vfAMNH
z;cc9DbB1<=-;`26uE>ixwm2vL@GGKzUYIP&5dlao;!QN-yy}@}&@plA3DFi;6VAjh
zu>i5Lc&<R~<mO}l8etw+jrKC|r>?p4*~5fqH)`=v^-S0OOmR?uX;ZEmrs1R3s<Fk@
zGU*X$wLLN2UXnyA@NUx9c;97MQcvP}xA=hpSlHlvgSwl*l6yHx?4(WezVm?$IZ9Ye
zVK>B>tSiwR^5ANyV3G;E=_67<dMWu2hKd9;JylcgfoABL2oWa9J(j}#wj#OGe9@h=
zPlAWDk)?iJ?J2|w^MX!T+fvr_;zCuh89mgv%Q^n5coxbnCW!A58~Rbya|;LzGB|=s
zJ}%MiwOp{#FDOhD<H-nA=2nL#^AO^z^?o!z&A#kpOR0#_kZI>xR6p~-y$Jm7M?6-`
zPd6@tXOQbI(PO?C58sCqRS~W>k{WMv+kShO-zC~c8Sq<z?`T?Wl6ufyOyN?x^AwB4
z>l#f5U)*%JVTzQqJ^U0_>rn_)cW*YaS;-I+or6>VO&w3i_F11mRJAm3I4Rh2GygR}
zANs~Z`q@Tz(kX-AEe43}$c?e5AsuJ(0GyXyrC?8bwH|bg<bLj^b&JnhlvEpH5d?Be
zvORWQ#IRrzeCGyQoyNIyD@m;C^Tp<gv);|%cdo+2LQqt>f1;)3%Ku+)-~H9p*0rmM
zN3fxI6e-e+3IXYzph%OZqV%Fv=>k$h2#5uwh92oE0wN_+LMN#78X*vRf|Sq#0RjmG
zLT=7?zxT*{|A5QbKQI`KwfA0Y&S&;#t50OS$Y*o!JNH9J0d+o^CwM-8BRHz4@6<=b
zD(<%Qu{4cM*}Kn`o#ar;8R)3AXF*O=a${jCatGg}Y=K@*V$ynd!fqlFQZG!90>y6D
zp%)d>{7!gIG{4MkeljgS8_t1q`7D*IBo=2BS9h_>t$k7C$20lm_dCC*5aR!W>}MfH
z$>@v5@psRLBA3{b2B*5->+s)Bo;K3`eDH&A9HR5P*(iQ?a3NdIy;-!$ZjVM6u}hq1
z*7FYe{oYF~Ps-QZ&XD5i|Mb2xV~kdEx#^ast}yQK99)0z1l{?f&0M_^sj!IcS$H9g
zhy1suu@(yce0|x@%6s?Cu*kP<hhSIqx2M4GpLVLnCD?paDntTx+3s=T*S~hY%2$O~
zdU4>~biWp<o$xLmk>xdAiIC2cY_?<)%Yil3UQ;KD7Ai0Xa@*6ik&PPzb9QYy@x5VE
zx9ofO^IXp9s|XIu<$=qpZ4OvHyq75%B$20!RcTF9Zp}-&|9O1|Mac<9EgAGu{=;K^
z?^yAIol-VINqKz_T|XU}g|l)$t3r!X)dHg~zs|awD1|YBNDH$@rwC-QZh8f4_Yn6Q
zf`iIyyWA$)mQJ37=1E2@5PKz6Uy@Z`zP%m%^Q_Qgz15%FtCI~nH;H?S!Q~$<3wg8W
zxcBrkA(1mbylsL634G0aA|}%(hvNGoIon;|kM~=nsENW?@rid8n!g{i2w#sJa~b2;
z12j@*&flQ-E1ta)X_0(?^8L7g4FRQ3SOQSsAyz%%^lK6~k>bc5_$MQ_L)N72Pqw7?
zyi|+`hp0N~8qw#}R`cQIH{PzLTM}<64y^0#Z5f<I?IN?(FEd%M3VSs~BK*rEV5&?!
z3<6sFQrEW)KDbC&KkYhXzH@e(DcX2K<E1fVmG#K3#b{<C`90K|Z(U`1DHmz1WH9l;
zSJLKWe7PdPH$k9)^@a_J=jU3pz>kwfx4DseKjlenpD&5s5CPp)cWu4sbi*bpF$5kR
zBqe;4-zwv0_X9AGZfYXl02m!S`_3lWC`9wqU!SHze|KKUU2mLyGU4AN{P6U?Yw5EP
zZ%%nen&51HccH{jCo?C$$SJ|U1@KF6$(aux*z}*<_(>Xkv*z|TNs%d5Dv{9y{O$UZ
z;L2YFZ}mm1O`fUfJ?|Ac^9j7pn-rNg##h7p6=ryHLzwW#*re}>4oRl0vCqlwC9wIO
zqfbilTXi7=V?(X6$#@bx<vXXjv;BwaQDfDaX5Wy~U`8{xHXQgAR2Us)`%X;lups=P
zSkB?&<y^4UV%=1!2QD_&Cpl*S@DjTqHg<sf`kFUqp^TDa(i<1aR(!8$TyHy9$19^@
zu<C@BuM{?wsc*D*j6mRPZ&@Y|ZG5!uKYU$^daM5KKUFP8N%lYB`!45Lgr_q7FCplL
zcT`kEO4E<0dIhq>H?_s{QhzGaWBQT{*eMZmDWRM)Z(pqPn}$BHOMDRW-Oaz1kHt<%
z?c=b1*3|*qAIB#@r7Ye<zg5&z?t1!Dbm)fH)edNTV|c89?<SM*saNS^g0=kMU&^Y#
z^#cW|f0@2Vb5Da3%%X(f{unp-yzq)!#rsROWY9r0NVe|@ItF#eY)idr@YjXDRI7Ba
z-M^lY+&#@~U!T-1Zj0#=8F&Xc&^dnQnCme(M%0n7Rk={o?8~U+G3<{^s2|xqXE8UX
zgTkN5jh}Y|5j$_?p5oR|2_c`KpLD)*YymnYxzqKFGo$8~Z1-aGcXf}3UA_%K*R^!4
zs+WKhciX-_3$2c?VsP%=N#54bOT2kMZ~^oDcx$QhmzPg8wT5clme9zBZN!}wIJ-9R
zC%(DQT*;`GtBT8M%`<gLpg$<u?VJpD4QGb$SS1PvJE700rDOKqBr!VjxgWZJk3B5|
zi~p4wvr#IV2&mfZ2~XW1m^O$_2NLzZv8!yVxt)Fs0I_rj{q>X4QLm)bjS%O#>(Lt<
zBa093MV=+iDlMTC*H0E1phY&?Oe>j&CcTbxI#=d(l=!3#0S`2r5UQ#dTuYh}&wp23
zVs*{lIHr0Z^|ynL$@41&y|(^W$KO2C91}T}Qkq~IHblB+pw|m7*R2_1x&b;2%23CB
zFC$1N5?5QiMOb^}!m+WJ22w@!?%tyxoY5MqlB|5$C_CnWC;SctsXiBHZwd-c--y>N
zbVyd&<UQ)PG+q2|Zwb)iJ)T$^EKtcBHe<l<w4{_`bm0xaQ6Q<^tDvZ!=A6_SH=^%8
zXzyegKWtB;U(mSlxlx=|x6t?(@*FoH3rpclc^)OK?D0_%HedeQEA*_dhL$w9!C>Le
z_T{1Ac0l@p$ff1JUzqGyaw3s$RO0y#W0)6nnP%BQF`II(&l20>KckywI2CG!@Mqsz
z1s8sS3Zb82G-Rt+U&P$KB5?79E998l1pKuj3nd*s{OVjnIaOuTlsG-2W7Vfvx1>I_
z@k2`gZ?52b{+`8p?m>8^0OYP{d!iQ>W=JYfzpAL@?^|O%QVdo<GKz8SBLCdrkO|B7
zjXM4;*6`zMIJ$5@hYcItCt{N+Nbp(xfXK48XvJ9x2wd)a3YRtu(tAN<oEpWU8a!0L
zwCJJNCet~Fxxr;nQ<E{EMZPn1wK&sB?{gCDn_b9!yrCBw6~S-%a4=Zp8<=>GCCfZj
z__N!*LbGiRs_i_phTWr^Wv-4S@o2?v{}A7oZ7wRP5aH%)rzaed5wgJRMjTVYhWU9`
zr{0V$)mH7ejke#p9v7FsqZq0+VXW3G!Q1C>J*RJSr!hp)|0E~~RB-a*{X1s{`XmCn
zCv>?ar^j;<dAYXFk5wJ#t#pla|6j`=aWUfMJtOL-0*A7|eiuPvZTyRH4nKQ@ERM|q
zahFlYzZ+_ednH;sm?(aU_J+6D^JK2woKZWNiEHCR@^-bLpT5%ylYy)e@tM!*u4jKs
zf4vbk)1gLRacu)XgK2B%zf6{ijMGY-dEl7qq(As|b0}~KY^bMo$-besX3)TxVBEr#
zbsDB=LObQD2SMur>UM7>vroXvURHBuoctEMAKRzM7J-J}F+*kc-Tiy#hJW<FK^v!g
zg~F|esN?!3pF?hbO4WSrBdq9lV%BD|7?yQ)P6Rb|?v=^3suQ1Z|2HVNt8`Me4yOha
zJb3(>Tf^2BRtXiH)8Eda0V^YA3|<OP)V-+sD_Z6)XSwy@iHs4~K6$O(j<c<3y8#^6
z>-ovb41L%q$D*s;e#vK?S5!Owg{MD0x!*ITJd@^_XJvG8Nt~G};-#E|!aWZUam-Xb
zZC!r<8MWu-?e!?ShW`y-#_-jnN5am|&JQi#;j+}PN3rpxtAojUUS4Gvf&hC$nuN}T
zYvL)QM#*2lemzkAb!ClZervu6QvpTeygGi8iluT*=$?6V;2Mr`A^4^`?S1UYeJ<#l
z$}%x9XD{mfHR{ckbHSjG0s{8RHj+Qm(~*2xekU%7nNRa35*2R?nn#~to|=Bnl6Cnu
z=ArsmVXt38y1ktam!7aHbV`3}?`F@rg|0lq`&$EW@b+}&5=%|YDS<O?S&Tjx-`hb0
zed%Vu9e*%A{HxNa(P7~+dr7InXN6ZRLT5p`Qs0a^%BYYH+31|cz*7olNC9j=|4hHG
z;XM$kZlZ8pE5ft$UQg1kFFkK=oE-p;2!2$;iGbR49?&ye?roA<beYqH*rODHas5d~
zu<$D+0HUi}U5BcAI2QcWdN7tvaQnByg&=r!u3vHW&(*1g_sg^mS*>HUxpi!7(n*e?
z#KUVzRtXNR>jJ%z!@!r>9&QC09>E>@>`coEg4LhvPwi=lu?SdF=cPW+lr5H#uZk%J
z)h7x2%DU#^MveVD<L|!6)-62cRGHUuo{{_4I&nN1cwn16JL^zfTAG^79_o><#Tnh!
zSYL0Mz^i@}u&b)#()YfpTT!1v-B~SYXs~kW&vd4C9d|EFjy#q(+MlJ^8*$>4(~nmt
zX*x(>Xv^D=iZkuDrn^EOj4wDI3i?*8j&+h<8_TD2iQ{(LXU9i_JzIhYG-`0ZJ;MvC
zsEW@mMY*z<hr&Ob#%-@2WLtG=7>C!=zix)E#4e(NlZ(5#YufDn9ts)8>bweVVDnp&
zd<+WG=fl6rs;`xIy!4axLax?-90JWBYpQ#9;b)s{_XDHt^LnPA^dc`siDn3p;!eri
z3#P#rB43gMe_wnlHu~89%q)c2N#z*`I?lIpYeKJyc~Jglr!|*%Zjl$Q?BchI*G1D~
zf!i-d7WDduS?gI^l{$JlHN`asV^WNN=7<OKH%kf=e19X`AYm5*B?6~{v;C9$o^QT-
zC$&!F#})!uZdK2aAtHvL%U~pb+knmmqR{>~rJtW}4YZ#Nxi=th_aNTYxk;c*r!jZc
z1|9#K)~UX|j(vCGZU1|%q&H%%jy}Nf<(>V5Dy^7l>H2Up!>`Q;ml-|mSGiaSleKL1
zbxktPJ*iD+xuV-9|9ZAKkaPb|r1Q@=tmNWsEG~HNoE8S9u}{ce@hB+27`)le(O>(Q
zLAu0pg995pfqB-*>~lfhg&FfH=Y%gjI&>Szw!z0Yg7xFK)^)G`;0lh`50<%nPg!sG
z{d*Vw)6rG5%Qy9GJ-6>h$Cq`h$*lVE2GaTvRI=ykz_Z01+>gC>OxWEStYnjo@%9Ix
z%ZV5=QdyUM(MC`4)DO|elK0~N?y6pJ_{t&TjNBYL%{s^ZmnmV799X_wIOvjkE145P
zKk?zwTio}vn$b^oH*?=SDjs$^_6sAhb^9fDGD9{6r-Vm8XCA#K@1E*8UMb?ky!5e|
zP}#fXU35-H=vL6W4d`IAQ`UaCN?Cy6&WODaF)RN2km`ng#}l*HKJxf8G&cZOf0@<j
z#S=ZF#UG8TC$6O4IcO+RpBe3c^*Qg`su4~YPOG@O9B;IT&5j5r%Z|-&?m1-wZ`!>v
zH&m*6^R@4nF@s!$7Jp2=w!X)JI+=dB(gLEJjbFQ-sw~@)1uqAyp5GMo-n(M`DcMK0
zERXYe59D2OdM+cdY+M`*m>gn7k%k156de<9o@L)#!swNKVBv{k`31`R4)yQ7a0+NT
zwLkZKK&9aKYfYlCko0&36}~l$4o|VliVBH!CbV6er;XZPcf9_quZm#5_eHIScRW62
zO~=TFzbFSB6IWp}Kh9S&irjmtw%eh$H``(_P=8~rk?*ruUHhJwv(LTfu!G;7wcUzz
zoL8m7IO?ard6!Y`AvE+*u!~Op=(*pjxDe};dz})tzopSyF4a$vFNC=D-69x72LW-_
zq~1$gy+U3tr!;|V1=EaNh$j2-!{Tc>EIr8%*1-H<3<x<Bakb@mUzITX0}zP<Oc$&9
zK4+o!Sh8vM(GB;qv@&j7Dq?c9`*#h=`O)p%oKGQ>gSHPFi|k^=jMF}8sm=rL9s{jT
zi|!2pbH&t`2CmM0k9_{)@T$vhzZ}{oKXV?KH2~228+>O%q|R8wwn;B6K~joN0WTE6
z3{$kSu<1bD4(DEbkM%+ohvBlCMXoCuevor8?+l;XDxmZ(IZZx6b8n3W-4ovKf4?n}
zV34ab{{X^IwB~g=SMv2<)BaxINbse~KE7m*OK(L}o&ed3{&~$~7c~RX{`ag3WPZf=
zH$R`ekr|^2Wb}=4#$n10lh@yFbxYYuI>vdSov@!w7an%qve^ZvOj#wtMljxSr|V~h
zM!Wwuk3Cozm~?Wc>5N}iGIyaQf~+Ba;qsn6y_tP!V6EL}S|(RiR*8qX0@I_|&4wvj
zw08PaG07wYjTe{Zul(TM$<SzQkZ(yOhFQ+XnAi)X>Gkx<kf^6bUZ|h1l&~@^xJ~^%
zD+&QL-(e)&;4`bpic1wRpo-ai{A)Yb>M`7zK%BA1KcN%qg67@e8$Sy1t2!lppIuqp
zOCmJCUwC-oXDG4;hw#pkUh5N=N_?>V`Rto7IW{$GX+^xD78rtu{7&<wE8Qb}O?sj(
z0)sVNLhO-2To=FTK<`vhA3VgjFEU8?11LnNet{CH;`ahX`me__B}0Nw;wSB4oxI_8
z$y(8I%BINYXwLT>%YimOzoF0MQB+N)#h~TUU6=FfAK=sLFPz|~_~h>fRV%)&n<wsI
z0WI`ST(rcl`5p=?r55Qml=zCtWXtBhT{A`1??*p9r^zpViZT)2ohD{^xN1bf-K;IO
zlfc<uOo!S(uPW6oqtI4gZ-vwSigy*K#bfE4+GuZ3hRGEhQux-C6i{&g7hVW1k-q5N
zVii-M&AT^sYTl<8DZwF!6B0*mgNN<;adZ;jyzJuej1q_z$Jb3M&-J2C9CnrY_4@~c
zv)wJEaP^>!P?AYglcqPl*U=BX-2H^9P}>{0RqtBAqa@?8v+l;5@qR&lRa=`?xp(r}
ztkUAN1@}J(VaHOJxb(ZHGSM)QB6Hf%F5lhxAF@onCNG(1DI4Xu6P2#w4n*)`*Ay#n
zZ;GLhU(u)lXubw~yP<b}$ipW&tGq?;>k5WJL#{3u^(kWoEo8)JQ$oO1m|~C{AJmYK
zod))L3t}Kqi8DohA48XPws$`Ie{KpZQQM*9xJ>=ZHJ=xwynfMpHZCB4DtPU&-{H@}
zS*J!}o-iJt19T4m^#1&?2T<7mUedSHlzvOXJxrBv58H1?gfj0w|8dmbh=myOLu{|c
zrX43*yKy8abU1Mxj-|`Y+Q8Erkz<0RISQ6x6ytnO@!>~eQq!B#mVrOkwgz=`)Aw6~
z5C_Xye5sw-+qtpPy$fL1!GWszA}A05JS6ySJ}JGAwz6!gET6^{PQd09vZRtOhiCIc
z)hKnLq{^MG0)zFmX8p$VJ|KO&FCK1ioSzbcX1q7L$v^!Tm^`AY&^rgT63uIT@>b0}
z>(rHQ-w-fg!gNv+<Z~PN*gDWWx;Bo3Gxq(@Pxk1u$7WU9-f17>zEPxXwJ_)SVauh%
z1Q7H6f(}2BY31*`9NM8Y2Z4;WUkY4_k&!OZv!PEGC$}WO=4}69>w1-WvpDnlCmYBJ
zdp5}2jCfa#wq1jly?wg3myK?myUT4+`*-&|YnqvDc)U%+tVD*@<D1%DhH6PYWlnrx
zOpDu!UD({dG{%C{TGsT6RPGI4|7#r~nF~H9({JOm1Q%`SAmx(6>%F^fr0yp|f35ib
z&h~;Ub~_qNIpykjGJ`^cJjm3D0Kd*MXzu}BO{A95`kHagwd)k}FmFq`x^W+FT^bmD
zB~-<f*NR>`6^iw%Uy4M{rs$b^XwG79_^r#E&zVN|**Dl+k;)b{o;U?g()<LOx?nC1
z!-`HGZU-p)Y-ackig=Qe32v46pDUMl2Q}cSWTVyGB>L?&DZ2)i{o}JT&dbU&d|?#D
zT0V6%pswLNfr{ZFRpv+TL#hXU-s%`mn0065e93;&U1m1raNmF0y&^R39vinb*x+94
z9l7{9+MMxyT)`6CofAwCI(APbbr;>Dq*n7L=O@02Gf0|P4?E-qJqai&-6a5I2KCfp
zoMx}Hs1Xh!U8%9jnvzjue|+4IP_8CB;0BBha>)0&BjAx8c*zb#9R;TEcGC5Yx7Sm|
z_(JX~41YW?vvL~SbFo3;ibv9#^>tu|=;hSUpN&LvHK#E_3u(2QbBpjqk-3M2+a;mS
zXPN~<&uU#gEs*c85gufHXNX1BL@LJM*44HLk*^4S+2lwJCROFK-;lOoOGsEe57M{h
zjnKKJ`O}t63(?DBS7qL4u%FIEm31lgv%hkg;uYZ$(0%uQ)jJ!}prjx3^wg?_SB&rg
z%G*YFCs=scTTAJch*qWg*;_O^N*5)=JQbP<dWesy8Lb@%pr=qIq|P=H{qACZwHTiW
znEdzvY*MeK@pwdV{S*7b^oh5P39>R5jx7fY87#qcYP-AJsUBX8wwELY1DIjv!`J%6
z^igbi@2x#Sp{utERyH1KCv>4}H)7rb{9qp+M43jaHr{mZ9<szAd=xU;qIB{eTP{!c
z0MbSFh5(GL?#zpeik9IKhS|6Co|nn-aNjHdUO;}@^TW)#yG?JrpQ3Cfq<XZ@e5=#J
zo?xP_C?ZARx6asg%trj=Y6_`Fe5?4%lOAsp-Dj<EiAr!P){Qy0f0fvOqw@*?3-G$J
zD8n0Bn#l>@{0y~^`gV8WyWQ3MPa*6V{L<+My$Zz)%1~r3%mZIz4J-ZPbK>pG!?#@5
zKc~!vmfo8$O#W+AkW&+LHsyq8%K0LevmVTv4b6$~4|<nAG{OBWP<P|anH%mt*`BSM
zvA;5YI0aw$4a247dp(^4d3#sradzAOcmw+B<zJEqdJw2sqi;Ru4I+1sD47CCqA#>-
zG%-PIDbv>2^rF1!msG*SJMiz)Q1&Ezht7EIZ>cS=?5VPS3fE6%U*5{0SMxx|5N~CE
z`2()iz~0Dn`^mpgJT)DYibXXWn@R8jPMK*4w}geAQRNmbuqmf*L7%LaY#r_?cD0t&
z>YZTk<k6@zH`Ac`?=AWO0k`Qkdu?T;`4RZEARB!84BOUIOArb*Pye;j+FP_JhmyWj
zFW{F?m<;=M_g;7LgUV#cs1`pNUTz~|P4-UeY@rF%r@Op%`1Uud(Zc)3{;1?G8)*Gn
z!XUpY&JsZ6siCbFW*%PEWaz2P%P0O{nALE3T-Vav?PEj5UP&b-x+VJ>|I<~h$#!8Q
zq=2cV{Sfpb*5*+XIQ0#0+-IY|BYx<9mp3k_9_(z%JPd@}?A3YNXE-Dm>6~7EM>bAm
z!#>YY+nwxOh{$X4di)&`>r;0})G4;qjjVNd9?^NB{dK#kWUN%3#X$CbVSsCnU<t3)
z4Je(usAMlBHoyz;@d+_n52>{BuHTib|6Q4QK;9hL`UMA6N-h+2RqtJDTc{DdkLJ`M
zO>sNDof3nVg&Bqch%oMf9QR1h6=2MwolurtaiR}oD}QU*U`E^ch9aH9$0!=OhHl>8
zb6ZN;T0V27)}BUHhj)oxfn}k*eHNDl=G!!&+ASS9<lFVmSm>|Z*!T2QBSc=Jq1S|J
zX9PEEibbhp&%!Gy+)exaC15XS`1fwMP}{H<C0zh`=FKl^50I71CpV}45^TT&>fI@V
zblOjaj5E3)(j#>FVJ(k}0|;~5L6iOiM^hT%kPR*z8oF0K!H9-O^}}md`+zT&ewjb;
z=}LRt&$@@b-9mV`|6%0x%e0bpaM!f3{4+hl?}-t)vksO^ZYfe`i0-L72btYMYU7F7
zsa*077c3eB%OtF-yOzpGgMEdVbG7pK47jru#=hC#zb|pp?vT|GAno>AH@n^X{*%M|
zg?9a`N>{D~E&w(%!`{nG#Y#^`we4Ja^jzTYr>?3p&{SwgRsbh3q(4)>^7-$deb-!+
z!8iz|+emRbwWXs`EBt|*Qs`AGgP;*!_thp@pmx&ZWCUvq&-49?y^-1Bwb2IPyL$#F
z?utLN&JK4(L*&K;0k=Nzv~W~ip40($M94@Hf9}ta_U6kQ*OOPv8zqV4dO6K|RG*K$
z=Dyo{cbdKbCwDLvcx`{|&~p?qNm8GTZR<sLIPSOmlPhQmriGF?P=W|eeJ8s(@i70?
zucDxjdEl7u4-fWt7lsw~jBG8!_yY7}8}%H1D7<l)rTq_`z%omlUfr3~1!|a^qiOQp
zx;pJ`)4f+)mK~Q|wVx>Q&j7Bc^ho&D1NQa18cP%R<&xgYAWCLm_(iR@w~tRP*R!GR
z<@K*}o>4=03{7>sFaV9zNtRI2(#w^BRPEZoVb;7`+v4?MqQ8mdQP^=7sMxJO*B_}R
zYeHqY48Fvsxn1Y`vw>YjC71k0zPvj)&TW~Spt`{SlO?(ndRav;SRx?`aw~qg;&Q}o
z&0`)W4Hx6MndrwD%%4tS=ep%wvutdz@4}_VRPUbRJ3PlQsgc}FymwEzd3aos`utE>
zrZ|`ITLE@hGb$R=7F)MqUAL>`H~%j6iG7+wj#NnJ$|NPif;|3e-GU;tqQ@XgtDkmk
zKEFp8tDCwdDqy{F29KzzBY2+cE&syJ`D2#-_?ZVW(s#YnGY5$*w*)hBmtkD*%*5(i
zWtx=)T(3krsUUGXo7@8NQ8*$+^VAZMc}ZF$Wcy1T9}t_ko}|a(B{+JyC-55b65KeK
zT+Ss1kLOl2uJN9}X#kV-q6Dwr5j!>W@aq^Q!jI2E-w?6Q!ze_mca{^ae^%)RU<3~=
z9`Rh!)wX!Gv2yZ@+0ZAJIDY1(wZJDRE$L)qQ2tZ>U_zN7vw&@{%Bz=y#k?FWsp;wW
zY;AK0xEA}H;^Ld}3BV%w22||lvy}RE@9U2CDKAXT84tL${xzt<&eZg^o;bJD$k)d*
z5bBHKFW=?}0bjq0HE4c7BJFCtCPh!3=SkcnEe1U>l?wRZ(fhVl)>`w>tGJ>dw+qBq
z=hcH*EO48`Y6s>Yv@a@!UHCwV5N;?g?oQ0mYdd{5=%DW#(d7<E|G|T#M~@$K*6ShF
z(W<?135`KShFuAp&<ovK(^?fW6cJV(+r93;IPe%6B*n*4@S>Ude%8M&2YdYAjoi0G
zQtl_eTwLiMK-g*2oHd)aQOA~cayXxF1K@tPS*30#%E?$?*RM-IxX4d#8wy*%y{`Gj
z;861t`uH#5$M<6bnu6#{g36lsYv!%jE!E1s7r*5h9`<%V1v=;aU)KC1TqYa;3_k?-
z1>F5p^ZbV@=i)yDkr#u}0X={I_a8c!6HvzABRXw#|M1iNLzH+m;-6(A6m5(C{m=u$
zx-b}8Hdx}AXZvk<j(jrUACjC%1*T4QSMKv|s*^@DpnYec4ta4nXg~8v74V-YJ?q8%
zP&pgoY3&(~2Nx!<g%&ov_Vd1efmp6-c<NVq)_JoU((=w9Lb?ATocT`2VaKbxDzCYY
zcIZ5DJj+B6q_Mh{78hoQJaPPW_o`eY``GS@IDk#bN~s1ax=~iVq@lqi0OzV@c2{jP
zN!8rr0#7-P;&^dvf@G#Lp@u2*t0EiC5$l7`2mtSUopdR1_Mx#~kNEe><Bb?es6&{3
z4d=M$Qy=UD89O~-4LQJE!>&MbteHga|L1zn7eT>JnyD^lVSfXz5X;WMHP(^9-hy5V
zVcdU#kG|UpY{qM^0sbt_9<0jbXg)c))~CKD)0e#nz>+wic1^h1*|6Q}OTWwx@>*zX
zK6Gbs%Vy?#AO3UA?6dDyme3Z@)xHOR+&m|QyfM9^8$Jdao~8XV$UzQ3fhvltl^paa
z`@=05{a_zQKeXr5DSQ2Ag%8ZUcV1pwGjE}e0COT~&qMIMi>iL3rq<&G`vu}i0x~@4
z(0<KDs=FnQi<V||E_~<P68weTM{lEvG!w|mcpfz`oYIJ+jq)9CMA3K0QDI~tkiLha
zlV2Q0a*$IsS^vF4`IvwQ8?AX^q%7RQoK)CmEbfpx+TyZ#Sc@htqEmWhD>9MN0n4s=
zVR(}Tsj40Htp5@urL{6-%_;t{r!W#V$K=`f2|fVsMn!SSc~PH*U#nlX_K?CX5{(am
z*|{x1b<ERds8t6E+kwvQ$aZz;1`U~)9NA@8(ZtvyjWZIRZv&m_Qd`4~+n-$H;AEm$
zUik7MREn#iew$ADJgG=4rKpSd^Q6CCQ2o+Rd|<9xV82Bb&*D0So{wGiIM2}#P`@oy
zzGGP%)KdB*uT$;V-s?lk^3xyKkh)7IlD|9fX5`_mpAk(_%IbfFVk3#A?!BKYrKEb@
z9L<QrW<Ac;m$_n$%}CR-c@;zhuLZuctY)n9O4KZv!^bZ34E`f5C#HOd_33K9+1_v=
zs=2U+W8Vm~YuiT2KHytdr>))iBR~|<L@+eW>Ocre(Rk=_PMs>=m|2{z05;9j2%uy)
zQrB&ppmvD{^?mC*1l!!HzLJ9SJY{)o8IUAP&Xwptj72o#-3|UoRuy|!vn~*Dh;2QO
zfT4KKMyqF-jy_BQfghRxXxT~BZ78N6skLb>g|&MHwE)am^F?X+yBC}E+pJKV^5_B^
zxX_X^!VQSVybW>_{72wsiZuBtytL|FYgCzm;!gI6T0oh68;_$W@6PbH>ze%Zffm6U
zfDIjXA0!WzH1W$s5mTCrmx~G%=9Y;IB=y|`HV2}0Dg4N(qBLJNcjxB?u0QUmm6#@b
zT4GyzjMRy4wA^%MTADMa6;&3i2n+6KZ&<-mzYT9f-XvCpS*>SOXwdU#fCAFStI1v(
zxB?)6##8^yRFz}9=s)`Pfm!3&@gVN<ukgo0NV1J}TkV!LQSVw_N>JT(d!lD{Kyk6j
zTDnrb&01r?CQ@ai<JE|>=_QwhoXnjSiWP?+cHu0pmyQ6Okw2pxs3BH-bm5c7gTys-
zfMww1K#vHG%vx_0-gdhf<=8UOmk*a)#Z77WZQ`}I?7_`V4OgxK9T5aEVnwb6Jqc4V
z8RRf%^Nj|qtWE%L|EpiA-(7`gG}>yHi`psO1*#CzM02)0#e%2@7lTwk&dx+)lqUew
z2T%9Ev}c`J7$TfBqYle-P@eK4b!m3Jd{Y^Hw>qeK>AM<;(AvWl`<CuK+QcxS?8rvD
ziZRw#XXs^>xKaFAXOpy<k%xE3O6?eWm-I0zrI}-46;kW4-&Yji?XI{FwQ4e#!oRA2
z^DxDVT9VE8&Io6Ph%0N~((Th$UG1vy^jNFv)Slv%s0w{oHA?xg51-ow={l^091)fb
zmOh9Gu>(0*alU{0Mj67rL`A*~;a2MhVp~ymGY`XLbANJ8n;arQ(jaZK{knG6*H2b_
z6<RzC0rqGF06;WAmi)nS+d_0LNBrE7XCDOgW$wwya7Ffbtjqblxom@B+`s6~9<0Gs
z4_|8JzKDvFde61vzROvJ+!`ShR&v}e5@=|k*qqqvox>!9>5_q@_DNWuh~H}au<M##
zcKxy}pV76|-_TCgJ`;m5#50p=kY%rp;}((wvSaIRsms^te89d_`$w#D^N#H&chW@H
zwxdCWUJIO>yxNLxs0W%_j{X9(?GJU=rCHX-4Az_{B0~}+u;x)ymfufWTD|>@s#EtO
zU-T#ZX8T>Lj$2TnKbP!r@B8hWP(e-&*>lYIt=`3+YdI=sOc7J|+lVPX`b6ux(>bJx
zd+lz~MJdwK+*qFP3U$IV>acuKo}nKok(Ah?^uvQMLdx!2zG3dmsHR>S`CW+-i-B~L
z1Roiwk70tPyIcR$LG|U5k@SCo{k!a?CpbpPucO8nKrZd$bcF7btvo`ZJH}%pPw|*;
z8!84a=if+{kEQVRiI~L}!en6qREyR3Sx9M`WfY3<uWP+@^9|0$t!yOZ*)qC!GuI*y
z07-K#?6mAa9Dz>)vmb1;+<k2C{_76OH03!rS1&xeHet_Hmt;$|U{g+z=d_oBF>d$8
zt@Z^eYE6iP7<z-lX?ZwP7W1`8K59DTC2=-ezE5DWvELH9Q1@=Gk*CDjuthpuw_k}=
zw5`}VrRebbh&VVf5mZQDo{~NeyjSm433aTF8!^wUB6KT3TtBBDE~iNa{m6^5N+7dC
z;)}cwACt?j5Jw7jU)tQIeW;#~HfNJH&65s4b~uv770M>-U#zfb+xGxkIKbm)VT|8K
zz+&Ld))gUMe+;CW`0*e<B1}3=WB6*L<I}<F<@{oJDagNQ3l@TVT?k!p%04t(pW0sN
z<ScHE4oA)QFW4AE?Rs+ET*Je5x2rgCQNXhlfsP={fdl<8OQdZzV*Y>^Jo5hOc~x56
z^6xK3^lXC3k^3nhC-b3tf;wef36<H>{=fRyEd9xjrUp1Je34J7NUh2Wy4<~14qUqh
z93omah06&uOD4v;ejd2rWm#1@?0W8HjxIz4|7%E5qkB;cxTiKSjA!@0rkt1NLQF5{
z%%=VK@r@OzQN?5NTI&1h(iob-wJfB(DQXNv9?#bR1n|5_0MXP9ym=Q5Y2~{JhCq&6
zOG5Fq>#i3kOHK-d{H+3Ro3^Gj_?v9)U0wWHmM;HH4g2Fg7evB!B6i}47Vp+Ek3}fC
zP5&5<FA7j>O*T-4IId>LdmA_I@V-dcGuZa>jIVdI&&neqqwO1mRpSgAf>%sbJ!DN1
z!sK`pkbwnB`B2~++HSVZS9G58{uf_f`K1z9{5$1gziI{u?3@0_%e&8HV*C=)l@HhM
zq-0d6C~z#KLGh02(qaMrOUm>wc@V1GrgGn$Vb(<b3^q>}fYrrH@mw)Is3yDi-<yLz
z;X`x`Q=@(sMJjQ4%ds`jD=p!-`%6qqe2h8<^kZ>H?!%XHO!cCx^WeiE4y{&2praqY
zC=Y=z?a!|2_KlMoTnI9#vNM=&%%)g1?eTMrj6|_UazOw);(Wh`9c{m@DF)qxqzK`I
zIq>U%5zIqfD73-9dd0$cg`=S5h=NTqkAc<1`HXCVfM$Y2F(<r~YiF0Uq|9>ww`DSC
zw;s_FuoO=6Co<#?|F9U}-d{qJreX~Hd3Q?f_YR&aZEs#J!Z%jqtCu8jRxcbE-Mg0^
zmC<&?z3}?s71&Y0=*sB^e=TUYZ(mt=mK?I$qFV48lPy!~AA6CF^4_;fB#;p9i}SEh
z>UdGPylZF|wlR3|xm^?DNhW#-hLld%N^p$-MzXIS`Qm@utZE=zg)-OuKIlHQoCuCL
zDfY*Pd9Cd7`0=cXP{~136ffueBU;VJL{PWx%uZ)0G_890n}0$2X1YnUGNGr|1#b#O
zgpt;pPARiB=-QX$21>yKvJL^Uic;YI+4nH#1X8ulLq1i=mL{2=!sGF4YksS2U_ZEz
zQ`S)uxBX!+%%g&5ZaFW-eoNfGtmX*XGmbA&3?k=%NP|ZP=(c_>Y8mR<S85F==iakV
z_jmnh#25d1KtBrsBdoOyG){neXCVP&#V<Lk-iI8Ajf`gnU_91NN}jnTwmMR=J*G?e
zNTef~w;ODP9^}Oa;7RHOxfo8Xt=#QF7f;*&1{Cr~HO@KiqQ|%@f;&FLN3Beir@;j2
zfsyU4w;;LW&98XnKE{>Si-&E`Ha9TCT#p+WOb^TWNXmzvH{<)p!|}pV&SfJ?R=3Yr
z0dsPS;^ajgcA>}R#P&OyxbGZs7c*GvTo<m549)tqOSbg=s#S25b1X$t?F@}HiZ(<r
zqYsPVwr;Smid0DdY`?RQtwfbBuq-cwOXJjrM5~1{wZnom)z9TJ<6)Z(fhs$0QN<_+
zIpnJzgF7vCQXNyV_m7yg-0Wkjztr5vwu?;-)a7?<KJ}Nl4elV^+uYGXyy+>v?)U+1
z`;~2|)#A0X@M6Z%(PZZ5pGVX?h1}TAP=v{D7oQUCy(I=&{NTGwY~G2s{jk{#^*<Q(
zaZMD1QCe%IAg-l;?nM|91L;XeA*_$t&%_{4mD>?5wrH&2-(j_~T`?ZzV`uBtQ8dKY
z?^}-O5I1OvQtNCm*xngEFkd)N#I$F@?5ss8?oD#CmBxHo$be@&0u4_t&6SvHu~kq$
zkDi=Val~n_Vf^pq5Z?s2SV6Y3IqipgiFT5!M|B2#@j1$>*$4k_gj^Z`#x(bFIfQzx
zU^3^*cRMhj=KRev8!%S0AhI8Zx442V<!#$!&()&T)aNV%S$${#B<=Ryg6<qcx2wPw
zhKmar;${MHJru8%bpfbrY%do*?hNVj|9{bqFI98hnQ8^>zN*US{?PGM){gtq`ZKB<
zy0&wVTx{Cgs$UY`Z4<_@7n#FDis56(z)ft(MVKF_QC^6Yp&cKDmqd1qSbkUrEx2M!
zpGQid+y`3mbD;==_S~-VoLljOR^pKe26dM|NP*@yUaz#IA!`P7$Z(yO2jWtYG&fl&
z@nc5{a-w7{pTkG8-b!->?YC!{1v=Jf*tk2CZw!da)*!vxgP{j(vyL4*-K&51_9Jfy
zVQ}$Lh=wKfyXv5lwSxcR&oA=j|Lx4$EvU<4?8k>U;ximW+ZvqEMbL#OXcWk_NQ0=^
zSHTE>!g3#n<9)XHDuVq5V1uFc)M`wr#v5fzI9u1q7T^hWqd5vgAAX~hXS!?Dl$M|1
zXcz80s5E>e?)~n{e~ThNm-cwBaWj6Ws9(i@J&<$NvER|WA+rjxV)cTJi($a1|06Cs
z#9W5BU>j^)OsIB2I|5B7zDP_hPdc7Az_y1<PU4sSuk3)>9QYVw$20ejh&9Q(wU~{F
z|A_*j`roe^^_qVsntv=_CAJTIjI@nUftVI`fT$SPa4H_L2y26q5{ID4wiJA>4Ns65
zbe=F7E4%2|rxZZg9vQZMziho{*|LakNfYaohQqZfOCE#h+VUf4rg0*|MrH>Q%7^r|
zqLo&dHNvVyy(CAi!!UD;s@qa4qwV1<WXm8xjW-(GC{a!=bSYh6-<8d6kasJ#1WXmH
za;(0}lN~C8req?i^)m)W?!%y(gU5FNjhNqUZq<9Zi`yGzsXrqLpfVbymDAlF5~!F@
zISq&j!f2;oWrq?#BdP&pHc`4KI?%qE)fVxDyxyMCs)*TYC`K)eXAYxl?G4oT_7cXm
zu8Hl}92hJtC@xOq?E$<na*}^G%~kN5)%79;$8~5Sasky~Q{HcD{i#Zf7P^?eu3C*9
zz1pi!(+l-(Aj`r!J$5qecZ>m!G;0aO-bUDLz1m_Qqq_njwfYOsBR5c*<%==Qt2+W#
z8r%^!I_AiU>gSrKsP+(i<@s=g<{}Sde@JEjN)}?52j?3t*&+@g8Q|XfWvKC&Q%w!>
zd^@Z$nSFDMDe}cWJNHqRBVRoh&%S^v&jP~n{}quz^`1z+=k(bN6;mdmVXqqkO=?}N
zLJD;l6V-Qd*v`-i%i10<H}d)f_|RT{{F+j7=yS>9!jU4|g^}vMd?~1ZsCkF`aLHW0
zszFIPA_%{@UrZTuv^kQ?;!FFE9cWc_wqsxyF4u~x+==Zgv8=spGEJGNt+Y(pD+UUO
zt+s>h*!d+3mrY$u5ilha{LW$@CmLF4Oqd$p%yG-L+OIDD?ce8Yzq0u0@JPUV>C$^}
zoOw=22X$gRKVbxwIow}j8=E2P;a>wnaH;}HKKMonB>rRxr|D#Dw=+Yzssa}#TPg4D
z-SFr_AE<)=E~rv8;GlV`)XV0NTZYnn;=?)JQ&0{B;1uK?<VmB|eXFXDy?D>i1O#j;
zq-mvsk_Z`gsLPZ^G{3iDIJ=(HakQ}vU2`;QV%V=xJ_ARpT``5*|5=hR{=1EFbNGt2
z1_ED0D6KHg2`(txDzREo0xOdie@X%OjCayp))NE9)gCpOR%iO(?d3Y)-0$hLl$8$%
zaq;#s#uJQGA*+ZzJNY%cfy{{`9*HOu_zZq9I{;11DPB!McdnFhyLuNeLKLUwP3297
zw@-OC?mrUFcwTwe72Vm=jKiCDZeexGrH418YSLQLvq*6sM@(_m1*OVt7bEJeTe)T$
zOC>fd1LH$}X4C;ABR(*|XRXu}=($)4s`GtNC-1SMJ6D>;&|^q>A;UgrSTC5i=DCuy
za6|p0M<P63fo}*;@8wW)M%WToyIDQ%W8AM)hLpD^6@|%RznZpmYlP_A^f&5O>GtXx
zg?C^)msvZw%9<@@5v2(4f{ddnIFueg%(g`eu}#^k8n7^sLRJK>bXX(=Obid4v=5Vk
zhdrt~6y0BH_w~WvR7Aw>Ai^v<c4Z5VjT#F+`kMuq0yz@$2;9Z64ZVH?-<&_YxSPOi
z7Q5IqfXM9g*&C39Ymeq(vKyo^j>fUMhc~f9zm%)!pRk+zR}6k*`yP9{Tl=nv1Lf~u
zH4zuxDV47ss>C*=x%?N*2}O(usvtO91rXb^MdfLE6$;=XROpI-!sb`}Gs)HSdp-yy
z?|${KC>6&tzS@`~ow7^?c~>KVN0lf|NZ!)E<&OiXp%PI)RgM(%7^+o}hm^@%R2TcS
zTQ`tg4(+CqS!>pk3D#9UgRW&27&dH7kuk*G8tIR)tS$QQoilubXe*cFbn@=aLs;s1
zi(`j!YFFeH!SH1~v9jdtR{8DNLXWE2Ek@W0e~6}1IbGMb*DRO)2jZ%NP%X7SJ}&-8
zy!~|Mn)E>rVm4&dVbR%^TB4RIZ?!5@RP)tx#1cNeA{!2athR4V9F!g0!=cH3mkcq5
zz}0t*1Q<2jx7wR5e*{2@+A~W-^^a={_SG{?aB6`CC2mlR>okT?YT1uEm_7tcM2=!B
zVD<~->c{7mtQ%%r!a6W(<KPf7Uf%qVj-l?%<T}3~_XUSdn%UWAL3HK8W;^(Aqg$5X
zDtd13EF#Ej!9L$-hsj+^tgAV*`M={!PF4co3s~8bFybT$0arkWa_Z$#jASBM3aX2(
zee7Ry{=>NJ+~qbQ`4SDpC|R}Wh)F{#MvO{+)}^}k$EEx*TQ{S1^_7C&(aqU1{3a8H
zVwdguo9oN0*ZaXvC`{?fkxjhF>IrBB<0@Ay-IN`r!hHtzz%-0nAGYd+#>#>&7E*>s
zfLfe=2J8k7k7)e$h&4Jhvw|*c$|C^YkMn~?9U8Sz9)f!J;UjjvC)V})Pj56sN-Rf?
zWWr?G>uN6eKuAeQ5Bbrpy>)B%D&ojtl|*Xo)STX0QYI@gH&;2|_fK@6`W?zTRYl-k
zR(?3=<z0+e{7B}6^;@sMFaXSWm*HN~z9?IhN{)nORhNQ?1;MM?)+;{65PvMHNfR4V
zYrQHqHA+T-;{O252WClTyT)U<iEs~E<3Wx_PbG+`PFzzxO)p#IYt~&o^3csJO*;?4
z!~^g?Hg>Z05FH!TxUsAawF=~uUsP{tCf@vGgi)F^4-B^Q@l6aO!Ed3+QN^ZFFm{0r
z2RmXePOvtOG9B0vLHwEUe2rBZhNH5&YF}>m=cPlvnfOAw?PzXcF=tjxHnYsb_uY>i
zS2Js9!$Jt#GuSV6l~tRJvie8=I)uB+7kBjm1HfjWPfOh&&HeK-|E9+OfBk~Z{Z2oz
Y%tu6_Y+|~OF@E&5jqjG<dGhN20GcY`@Bjb+

literal 105000
zcmcG#V{m2N+BTZ*bl7pncG9tJ+qP{x9ou%t>DWfcwz*>4D_SS}-TT?+{c(Prs;|Df
zYpq#z&!IVo?(3S@h)|Fdhlj<61p@<vmy{4u0t5RR4hHsR2^#X#b5G{+8w?D#)KXYj
zK~h+lP{GOG%+kgb3``;-B^62`X%&6=>ZzDrixBl^KD(e-3X0cp*D5p&Su)a(z(8GO
zGz~?OqMu*sL{W9V6Iu(3)YU?>)zXa=6jVk*;80zG<L`8_+aFDGGn-%9%S}D?9BpND
zJA)DG8{Ytb)}n&_>2wjSE&a~RM3ouq4O=UKH3I(AVASY4F#4~6{&maa4c{-bC2lch
zE&seHec8+(6ei$c5X89S$o0y|d@;{3Z2IvCV39!stjk4r<{lJ%^<Rqwf~n0o3}fXd
z9L{mwCl7-mJBWFp!Ez^zU{Jsa-vb6tu+G1Ughh+31P|}rA~g%FB;<?;Jra@h1PuQ9
zW6A7;Y1p;mKP&mnKB-Yh9+g6P*w!$Cy%j^fUs}rqnm&65q-GLl0)+7#oeKU^dmK)T
z<fxLC0>d*f&IlN$b*5}SXec5(`wlZ`U1D<05ymIYb45oDqdm=F(7O*xn1zot<I!oB
zj*6dOBOmtCjbeYahfO&1EC+E;YewWF-(~m0KjoPlI)zUQ#a3|8Awfi0$6|PdPp4Dq
zl*LSHtx)qaE=c=SbFjNR@^&&fBJgjDR`$!o=#+5|D&u091&8;@if3BoCTVO1eCG<-
z<^DoM_~RN3=lKgdQlJYG)VC8yYx5V_){+}$h>hR@7cOv5GDjEkINQ#2J2Rt5m+gtH
ztXF9O;#4<Tc&L8(jV0JhJ5iT<15%Xg*WYL-;G%s(G8G75qY_|RYz?A;(QPX-72t4$
zUnPr#M1RAw1mH7#HTw&@0&c#I&?yK84WVd2rsPU20r9mKvJy&L0AU2&`>&q@B$Xh1
z8PssE<P7Xofb=$1E6mGZ-fL*M0L5!;nO|`Ruz`fQA^~Ob#6^&n!lCh4Cg7Yxm+|zd
zaH4{Y3SS3;L}t7!aFU_WgiICC7Qo)W=7i7*F6a9le_?@(5xn|c!vIU(UtbGb2~Hni
zYXEr;9@a;_{mp|l8^XN5V+W-bn-8+(Z`yX&HLnM>AG~}4SY&WP{(_<yB~CIm6&PAf
zq&SQMj$&JxkqT=$%wp`R*rp(S{*a>nj0OvutT;~o#jM^j0}D<Ub{BF^9G&oTq4tdK
zG54|I{kIpW&_Kl@OrvuK85vUYFAb1MK|hBUjHV2#4K5AE7zye$Xy7ZNnufd#3u`4;
zTvvR~1#Os{!Pn#PdgXQ<I7G9FroLeOGTxbU<ZM;iVB8Shu-%}%WX=s%@6X!dy`J^J
z_oME{^hfpo;*SIR$}bvEZ1Lk9`pY*2q9g?Y4j~JQ4dQ5&lJGeZ-2!mN<aCh@AsQk!
z<QgP`AAlqYQusvLpWy>!w&W@Ca`Dv(p_2L|OeWy<)SjH0B3rW6B<}G9@c?B?RJ=%L
zvdl!eRawj5Iwd^CKB>Q@Fr^vDI8d@k$H=ru?W8*sNF}VKnMl>8%p}pJa}ztsIO#;=
z=MtP!j3jN7snWQpSqWKx%BHZTAjHe1Or`Nr`RcwD!^w$>59x-IB+)99IBS{(M;2Hq
z>He`fWjjSaMLR8{QBzY-{h39YMd7W}tnMZxCpINSr(;*8)3)K+MuZ(%B5XXTWC78b
z)cD$1b4zs#2jl?i-pby#9Pt07QF2fVR~}KdP-`u{R!yiru1>FPRj*UMi9pdB75FJ(
z88b&zOf9t+WrDFvZ$v+)>*6#kY^t#;z^UPx;}qi*cUu%$9$5;jU#xOaKh{bmyQs-3
z*(C80c$$u_I;j{_p;qLkc!8!HJN3JCM*3Ly9>&$wmEJYME5)nkB{{TOEPY5V#w>;+
zQ$!YL(qoc%Qf?B4mX(&j>Om_;3$Y1ijcqMr4XUxDiT~vIROI-4#&Xf~PsQ)?g~>VF
z1>Z{XS?4+JD)lONb%F}}!n{g<g`R0Jwptbm7E1P3Q)nD5EGKwG>__?`nr7VzZJjQU
zzu`6m3}XydEZA%%Sg+Xjtahw^4I<W(_laH7?P+febu5yMoJO}JDnkqFE)|v?C)~{7
z%*~o@tGdpSZDBz2JGQ$P^iXt1^e`Go+CQm&soXT&v_0CI+Ax)wl|z+HmBy9Sl~6V&
zwqI>;ZL3#}Y;<kdS92TQjm%Bc?A+%r>Agu_O<oHh>C;Z>Vzj+XPQrsi!N>E*3`Y_!
zG50)H97iNKBMww9?k6<oGxl`O-U9QdC5&*5I~^Gvkz2DJf%{fR?Y&L?@CSz{sb@=P
zbbI)RdWRni!u=$@g|o(e^K;HQ=3y8^<HOc9%V5eOqh@Rj6rELF>>lpGcwZr(F`rx@
z_A{){`nv(YeUGnS+<Viz=SS5S!e3am^xKlZ?Y2+<>Ic;d1_&MqP6x>bEkn77DF~~D
z;KBnjPf@gxUMOYgWl)!}=&-tZI*HztgSABr2Nd=bN8l6K3zG|46>Vo*kFSr{jz>)|
z#~<l&bnV)B%z^J{?bJ)vt=&qNrekAw6{PBQYB`a;10n;sF~A{M1Jwp{<BU4Ax*s;`
zk6#|GW0_0CnbD7s)G?okw}`qKK1>6J`?`bcL`nyC2OO)ZTcTgtMydZWohUmAIO*QH
zNQp=}Q}MBqKhVgBrcInlDa&eSElsoUA6<v3tygXJcnNKjl%Warq4hPpXqvR1AfH4u
zM};!uGLJFy)xhXGTUFg_ZLQ_X1Wo8>(AV?S`{{-04eKqp>G{5=KJ?>Y;*_%q;TW^K
z+0AVvcUihL938&U4$zKj`>k8mH#wYz*&?s6HK^9Jo5$HaZEU5JB#?|?tr+$cI#GC0
zxSL<m-RTy0`0YD6+3#oUqaFE<n;!w5NAF7$^Ge)@uP$k8sW=*;I>K6xKJ-ev9zy0q
zG($*U-yWM#XQP~=_|Em4KwfpCjt5_Mzsv^YqW}_{m8#}=iveRO<CiHN$?WQs>gVOp
zF7eLSk3>hpvME$4o+<i>&WMO=o@z}hXDS%W2G&egxdbr$bMFn4)9_7FO`c7FGY?nc
zhu#NW_$7FF@sv1pmcE#Rp*rL7xCcCU?yV)01(ih^>nZLpa^Z5FFJy;luN1y=Zn^cG
zi!NHPE`wO785`(jWDTYTtaYwswB=Qx%BR&Sx7SDJ9&C`7yWG1D(6j9h0wWxwo?b?O
zqMc*4_X@Ko*}<~NS@o!JJR$AM4Z`(7@21V^qI`I9d^7qoY8kgWr^C+u{Tx0Er;5GG
zuK8Z$F&j8}+rr$X)<xS=Y2Wm)`q=bDf6?Qxe)3q%ZRcLSWxCbnIStYSz1O}5fsaFl
zLUIPt6BO}yyfW<VEEG=0F~&LPN$~#kD}QTzaeoJ7g;j=5A$Gt&@qG7uv<T+CeL>tI
z0Eji@Dd%GJD0t6a&z&E%F~-$(tB>o&bRYKQVow8=U#273z3k;c2XE@rBKrf!+P&*1
z?!YTFz_M@c^9&~z2k_qbboh^aTOJz!vVR?L?wxh_Eb0#{zyToDedccu+PT}iaXGzb
z$s;qEjQvVEu=DHzwngOpl?)cliU3R`qAkN?>318aU+Q1L&Bg|gwHnxh3m8&67MQ*X
zt*9E_09no#Xc3+TtiOkcMxaudy~)YLMv1Bs3nd=jcl-<p#}_akg7n;6tDM{qy(rXI
zq+hXd&JEAeKy0GH3NOY98M+wj08pbp*oGuX3Ju;m5)2Fs(nwld1Pt^q``uNV^yz_d
zkkE7n1N;8tU%xM4nc0}1PAC^iSy8AhC`52ZDr9i$U@$O3Fi8<X6_2&^98VvW#ntDY
zr>Pv1L^vX%VAlFE;)p<4RAdyDBAP*o5RIbFdX3*zC)$p{G8Mm0v^4aTr{x9xgg}Wu
z*IzA><BOps2q^>4VNewNas^OO3=$`tj<x^<?q=ySmnMdauTI^0(*lQd=H64zm(IC&
z+1!Lk(BHlW2>gFs1cT!J3{L*JTaEbs%5q-B)%`t4@!yHJJJ_Kga13drmObN85B&{U
zVE<i^5C72btzXvm=>eEl=aNMJ(tQl5|1RZO4_=h_Sa<{g&xVR))hYRa8LE`-+$Zp#
z+pV6E1sRNG%f^&T)}&O+2DqVqCP`O2(Nh0uUhe}=SpHBhx)G`sxmW?n>kl7E9Uu7Y
z1jjv2FtPwC61YZC?0E1K)qmOnT|Lbayrw5ad+g7y0MFs;{~E`>BB4^<%aQCmWO!a6
z8g(frD~mT<u3ABajEs!e(~>&pN-8O|9OLx@N+mrB)d9@B3D0*g-P@_XzYp81z1ypJ
z34Q!;TMk{n;Pd-<1JbUy*n>R!f?-~Njq{Nt3}Hqn@qRvxBPDp<cXXO#cB_T5G$SLU
zmlvGFu(>bQA=~%<4$2ToFQE9=Ra=UE`u}AB2cUGKh^gs8u4;u^*T;gg{KYL+gx1V3
zjaZ!^{(!=j;q`4DL^u|Q!}j&@@o{%%iLZGK>dR9TEK6gMuDusP{k=vVYr>3oS(}Z>
z|9=_iO8uj~`Uf7~rup{Y0Fqz*0>z-@>D2ka?kq3lVlFrl=IQ+1*Tz3(Wg6y9TI*Sw
zjmzshew54wp;R+5YOMrw(G0D2u8aC3|Jy)es{V1q&P;T4cHbNj6nyg>atE*}A27pu
z#R|xd{Rgd@nxDM7N^*o#O<82WuN%a;B3oywkxYgTVJ<A*oSn|(KS?L5nEMJ{{keLX
z@$Mgt49;TwwhZ#(HnJE-!00ei%iA^<`XIj@jymLuQsoP=lN^wSa?ur1BMx~B`S=d}
zw*g#$uehF(({A%VASiDHYZh@|d=ciWe11m=<KbId^=h5fAJqXt)C#JqgCXBBT0L%v
z5yHTKrKe+}prA;6hQ?f6?P|iGZ!ZRBuByDepr|OgzMhGS8XmE7)2>vr!K~3@wm=Mc
zs#LixXPD~Gk>+Nc+{qVWQTf$ZUvTVUQUoU}*B=Z>7u484mS<)11VbuMRDT9n4<{mC
zXiepn66(bX)3vHQ)A)cW|Iwc0Tsrk*wH^;fk!jJ?ob#%2w%S%`dsDTg{jFkr%5e*8
z)YdlBuub#jifXT-kfQ97ip3g`f&il^1On;a>qmoxKG-EcUZ1XxlH~bzb_b(ate2w0
z2>jB$FWX85f$WxZMTidA*UvoRTS)Q+e=zE*F$ZRz`wb8aSQ~}R(60ugFgP7|zv0J)
znN4QSHrr~0(dl=~I65+7(CZZmhan6M4?}&kH4}WL-ip6pYq6JaFq@S5>=3N+@p0>-
zwB%$JbKoh8iv?5-wSU9Z{EVDss=n_5lk{+<jhSWecp+VJ&r*8q%f3CE@%PD!>I`*X
zQ#gvec1TDNXc0qhejq1~?2^=@@)w3=>P<QJB`lQMV4zV-Eorupt7-vSld$y~^5hb#
zCW5LkhQ9ADqq$b;t%KCAJB7bGj5YsDI6i+)-@7Cm9lFnic!xK`0Y4Oy=^UM@{)NGM
zol|A^)lF5q!x67LQt1XM&>IhTVzmz=4EE2QYteD)#?wsy{Ymn6$JSs%6%KHW2x816
z#!5)&%+2L$D?{Vp<-otr;9`-j4eO;QrOt2*z*)X(Ve1~)BKlXL6CY@uLa|csNS{{7
z&E#>sIS`t?Uh9WwB?K!>&>1v>Qx3u&)c5Tz&2n?@b?+8ke#PV|qmNKjzv}VvqCZ=@
z+V*KmFpug8WjGArR<Jtm39I4P9o~wXEkeMNS-1E}_|&hx?5NU~bpJ*7YdwhW;j^P#
z9-sXi4tneXd`p#@{W<Piqd|y#Bcn+anq6M3?bXW+C}$&p(}vAX!CVo}fvA;jvO@)7
z#ubT1F!UaVepk}cc}YV<BDIQ?{e6>y!a_w<5^h!1Kc55q_wQdnDCCfkkp*2`T&fUI
zbasYHFwoFcD|)RwzLr<uB<p?V`&<=QY?=kUdJo_zt{oZ@4XgqDXMd(mbpbM^d>Ed-
z)sNfv!t8h<)Jdyd4~zUBL;E%U7Fi2u^NRYwckqY|AM81F*S5!?af8%u@%r5=zM#R}
zu+xj!a;nzsv}-FWY&DvC2yGP>MK-Lc3ncU~_=^HDSCg-#E^wpTdr~`Cax0q_nQj-i
z%XH2buXe<VP;<PD^?pEYRHFn1lS271bQ~oY(!>%h<%#&tP4y|Kl4~AEypFk|XX{5a
z^!lePsS+MP_U5yco+p$r_j4j*Pr}Viam<rey6eIGyL;Rh<@SO8ovMoGw>`uNY>>6m
zF0Dl-#_-9HY@&$V3lxPMbxIzm@R~cs+f@p@k#w%a)P!XU|5c-)GU#isS-ZfGjw%1~
zWr>Za2FZJSWAM$W;j=EgcXw4($NdScZ8*T=sbEbia)9&E-P7%4o3n%}o&qbafq`z%
zhxgA3V0;{+zEFD=d*S6-aOt!4k}W73@q28-$HEVn@Gn=zHJbO+I^ohg6eR7tJkH^?
z5NNF|lOBN(w<&E^-r8){E2HfjZg0Cg)nFXm@6ohjQ;9Fn&@}C_Pu?^Bj30otJ<wz-
zXex)h?I_n9lhq0}v*f0b;2pYRam+l=SFA>_3!B(qdS=)j*NXg6FJ>qa#}Ic+aC}0_
zL7d6?038i2|BUNmy@i5_38iK^YW`&4#AWxvD<V3&$oKWpB2&!K(XmPl5zX%N8Z<ZW
znzOsRi+yRr9KcTA<$N>+5p0F-j!YLy(umM2)>M5Ka344w66FY89S5+0?gpHBhX+p)
z3h{q<PjVG5pH;b=p=HbYGNPKnVrw1Eyo6bIY`=Bs(Px%Gd?4cEPON<{AzIh0y+axf
z-jIkqJNuvHL3Y$4W3s-BWAQHGqAJDAzJv)`WH>Z^y-UEDw0E1z3z^;#r%Mz>SQDpG
z147AdS|O^9VX8Pb9mooS0GK(RxnThGrcsBoC56#Uoar0UPb8&DU4p~m44hT=AN{oi
zyA%abI_*Zjb%z+kr!1Yzq{z!1i)(KrqsynY><=RuXQG%^{WeB24hu61?y=nq<>9eH
zBJ+MxgE?ElihjUy#>eltdApoYJK_|hcrSL^vq)@Q$3pURD^T3EFqDU-MiX=(L4*Ds
zJu2j_P*jkqt#4LXloB0cwS)v9@V-osXS|0DB~|g|?Y8dA#!@|6j#u$bl=!P*osP-f
z5#YBacJ7!H4LWxm&j&+Gi|ugEJHFvdu%Ad)GD-ab?^~-j+-0EbIsMIV%OjwRFdrkY
zxRZSR?5pls4<^X|;s#_kuD|TM)@T_te$cmfv+dSlIbR|hbTGXLKZHKvzc9dZUP~lB
zq2Nr>08pr$b;u9MNTbswW@JRxO#M?`EtYzK4S(43`^S$TKY#xG<Ek^yLW3^-yB-Y<
zEk=r7W98#M(3~cQHcwL=e)&d7ch{@|hB*pAZ=#uc<JHA#hH1vk>+dUMF6T#fd$c1@
z;qi#hrLCgcB<AJns=_?T_+9I<bgxEUmyz_tr*D*>rE9w$VtPy{E-cBv?9)NB@eAv1
z(~&DLyuKzug<D<cJ>24!lg;{P;-S#Iib@r>=GO|<z6wFdgy_R|k%o@-MM{t=P&yQ#
ze|vE7^H5*9dB(*+f8jmPp$zqYrMf82E4~O5>tRgO&30>~*I5os>j_8nMOTgQeVxDc
z+qv!&`=d(B_H3!25Y7Qg9_Y^a5lxp37SM@95{6Jvr7QgSfcS=pOiC&#KKD>jbAf0F
zMM?^@LC20?A*92MN5?X3w>ab4>ckc|iQ`P^gk`(h1%g)cZbI}ZqngIsNs3v&M$58$
zf;Tsqb`w$PJrt#GqtSf6-Rr3vwoL9yDKMDT@p$(#j4CLm*>m*teFt}Ox%RmB;OVZH
za=~ZG=I#OF0QK?q-+m!9)*h>%`3{!EtW&~{abH{_X!tx-P`yOj=GpD-lj$3-!<jgF
z!Agi_S+vK-4vo^Y)!Nl$?SO8eFN{s9vpN4}vgSE{P6p$S+v769#)#(MXLQ|b$+Ct*
z_G`%(`*-$+`}+~3qB<9G)rtKynswhLQ&+BA_=Sc1{XUL2HCz!Xp6tyxk03t!;xj*x
ze%fY%IqYmhvY|EYe-w>ZPLERDR_8I)`76P{r@07&3TzxWL6jI!jU;+=3es^2SIHJx
zWzJI<ckyKyK%>caY~TF^L&TY-%XviipZa#M$-IEnm$CWS;gYvtk+zbLG+Yquug0(|
zF}IGJmnqTajx<3@{rawLh9hNe<eC6dPEO}r9?6{Dvqg}dr7*|yg%%&+hD_;BIXg88
zlleC|eqO-cf2Tu7yuXbN4SH0um?xSj5gS{x;4LB(ToC^jl6H-t^hExMS?+)X<M$7t
zb{)FUUDVnWSBQ4~_}D^+PCW);AH?k;HotN|f#2B+f9%4AqucH9rRD*KU#C-~l_Pjt
zGek2CQLW@NNLn%s;+EEBMCx6JIKo;poYXnXzeQwi7B-j64-$0%PVN(MT?bQ%v|`3P
z+#<5iv*HlGfy;0J)j4=rT-(BH1B;qOx|ov7kLBxz^#p~)=X(zl98{b8wO3I#ZNaN>
z-9?d?N~&b`YhJ5_3u#^O($;$eCbKNJ?gYg)j}97KxkosCpp0Le4~4c$ap~+PN%-Xp
z|C|w<TEVqf$7e6a&F7t$m`)4cTcHVOSLV0nSird7u7Kx+yXBhBi?6Tb0%GzWY-5(K
zD>;szc~O7ay;Wt7=+9S5=oB@UrI*k7@coRJ^rQ?S&kQZ4iR-BWX187jJ!=ADJ*MzY
z7E|F-ImMZp?X5daJ>P5}js{%iJG}hPAS1Km7@FOAeg<9cO;B`Lu395?X^H-zunr)^
z+N1y}cepD=4!mDvzPv;uB;pphZ#%9ZFEJ;Obg1%_hjyGJMXCGCb!u+;YUiioAKF*A
z6R}?OUe9)gr<J!UT(YLFu@;69yX5@fPOIOk4SE%q|Lx1tN{_pLMc^-()|kiC-jG7i
zKV~*ru0bB%l_mkRp^lsV^DTM);__gJfMRx{U=O3C`fNnjj-<(5yZN$1;z}?`GCD%=
z(TlUi8|@5HZ@;=X&QV^QI;4Z&^fi;rgCJ`lXOd)w$F3UHuQznhR^s)Bq|qipqmUoV
z>l=#gF@QgzN*nR^Aw%kgT-5P#<ja2Zdt1dOOyuL)aptV}{h|BK3OHUwIbT0Th4V`4
zatejt0{W(QZ|V02pjd3dbR0pUcR@-NnR+<+!jJufw?B6yie1M@*84S3LtiXryW!_J
z5%E>~*9v~*tPbbPt2uNU+vA_RV^kSc89o4vZO4Ox?92z7-+k0*W}OH8XJqbv`^&%3
z4}rA3-+ESW^&2gaZPywNK_BlnTb-N+=P&GsbULl^5kDxFeu5Zsg?kb(Q`?P@$R_mD
zX~CV!T=CXc5=rwZVbP-oTkc7gEd)Stf{Mvn%wL$P-?iqxV^E%Acp1-qKXPNwLJJw6
zr<v-d>2hdDcj&0aMw!5&18c3W4~|NMcF)nw7SrYK4m5W+TV6y1?Xt3JG;*b}3(ea~
z%rvZ?Gu``C(EaqFvM+o&!y6E3SGcDny((1ETSeS*(n(wU-IhgshEBRMg3dm|l~Rg;
zJYNhWW#SSZ9aAjx1|DCslR&lxvViONCf{D{+}LuVfO>xyOspFrL&Z>?>9p2fJHyt4
z*K)Iv{sEKOVk<r_f~7k@Q$>4{w+5^0x)*6BYMnLkb5)&PR~$C60YQT%)Th$yR$M%l
z_gv=*InhQi(a17q<{KV|KMz4vF>gP<1o_gL=;>VEeSK0TuS@)#x7OZc4#9^3tgH%J
z`^GRyF~#%q%onLEEObh5p{#X_)jp$S-L$WanWc}mCVRb6F8<e!O1mbVTmfVTlFL@3
zvj>$TiAM3RIp0I{4HLK*DA!3$DKx#W!N}Y}nDRTwCT&0a{a?UZM6E2mXk@db%k=2E
zkdZV;cj(m`sHgkDvE*lY_4+D=C3n;{Xlak<$Rn*vWrn%!k1D3S4+78d*TgJ5cu|yI
zzsTUHMw8VpU@YX(xN*5l?aqU%l5Q=fs;OPKN3J;6W~c8X!=2B4Rh^gg+ZL4b?MfsW
z9+!}`2#JM?+6c_&mp^KzG+veZzG$c`p2$1Ud?H10f)o~uK3{6f0~F_V!COlpPwN&-
z^nEe3l>{xYd2GsUDB4Ez87W3%j_%rXR8zY6Z!^BQL<<V{*~N)3v$9l`&}mhoh=>t-
zHenBCkxGiNT0_kFO{J>Nmz(kkmwaS*Zd9GWS@B!L_Uu1?#4%BF&gy_%>FaE{2_=Vp
zed$o(c^Mp^tN&jpMSzATDkB3|S6An9y6{KrlRZKHL_IZc!aQM0cy4+@?u=n{tjo1L
z?`nR>m4EdKvnD?&o*}aaqH(7xvJHXX9qY0xD#?~JW)2WIS$bt>oUJzXH0)emFR0`z
z;93Ch^uC`Ft2Q(q>s}nijLwEor5M?A*XN`z5q&a01Lv8Y53)vk@`G|oB?F4#YnE{|
zl**|625pwLw*yS-(jlqB#sD^{HcN8(%$@D~^y}xS-p1i=4xz!p-(vl}BO6MoEb?4%
zsxpUn=BVp5NJ+8i)YW$C2b{D!yc2w`L@Ez@Q%OlTTTCE5;w_elA=B2uTOH4k^1VOf
zuEulL;M^mAGeC3G`6eVUWXWCOdRD&oW^2OChN?%`Pzi0<DQ=$amdJ-EhKLxkCu!y@
z992&k)F%H~CzoFOC?MU3{CZxWM@$+B8^#U_l2@ZMQW)Z>#&stoyC>}HX)J3?sAQC=
z|DLuy2;4&`Ivmx|rDM??I&&iuUyHdb$EdmNrIkD`|539XKEyJ1ba<Sa;^QY}Ch+2+
zq$O5h)h_>`WFW0q_GTJ|=a7FYM~BK4k8=69q};<5kA=OS6<gD7_c1MIy>8r2rA9vN
z?IjcqIHu@EkZR$z?9e_KFkF#usrvaPAELFdN9`?6o~R(c7+u4q-(sFDf}9p*X47tg
zFb8_czjQdhWw~%yP<)P+1|2JHI7VC5cU)YtQSR4#Y1E%?3S`|U0UHbylE5*X0uUEh
z;=W*1_+Bh`mJ{(6CBSDs+1be%-_}~VYg@4IT0>ihY`=1KAmKY*kpxa6)%=D!lw=*@
z7q<?w+9K;}5Q>`UXUGuQU-5%tc>yFnSQ=kc(ijm3#*%GEJqk{+6WcLe|Gwvn`)UMV
z7qQpIJ!@5PWrtw96-YYz7mdw!ZTd(573rz>!asm6+5dCss#Pp5l&PSGq^GBANk4x^
z5I@{CN*z~bK9PSR<F+6i22%MMms>~9?XA-%DEkVT?hnuF(bnAA$#Z?#=fKVO9<wlW
z|H(zl5VZGtvNZej+MRC4S}ZwEnlbL|N=^i-pE-GlEe+c&{lFbYt~L%G3JFHQG|OQ_
znpP19b8XEqaCjF^q4%gqmix$OBsFW`>xu45>9--rdofzxz74_Q=pO}~{W0?2`jV~p
z9la)q!yDC{u1rL<g=7j})^ZSSDmB&lWX?4468je!SMw0cgevfrEe&Xl#5$?r^yrm9
z3K5@Rvf3(=cr7J+!h9=v>6)6<a$(#(vN>jZF+78fCz-176}%=aFx%BfbuNKX9-gST
zAgRUYi)W-_o&a3IWkt`Ww!;!jC;9Euuw*;0oldGmdx?wb@~F=k{Rye7MP#ynfYdvJ
zk?)gdXNrV~@holQDbjb(L6y_Zy662XMd|<x)DtU)R+Kpk`75pdYG%c^=Og|?-6E(s
z^@_G+;?d*aN(qkX`Xd7@r`;|V<w}W*EW#uGzxkFdH)*m}LWu=+W5|uCxKTdGU(<B3
z8539!t`>PEWUq|=UZ9<Cw8Xk5^m}j=Lm-KsvB`3(Y$Zoq_J=>w+Jk#+(B(nN3f+3Z
zUFqSy#O+5Fe{<0t3KFrAF^NC=+Z*DPQMQl1LK-ptYk%p+iVOW`_6H7l>vF|xxizfP
z$I<?NHrZ)xSj4i+6baB}ay-G7Kv`iaV>SsYsqF90!S|7*Vu4qw!~s)rR<A&%(hmx^
z(?FM7OmTVc<K-><B2e1%iv(vPZHR_w{~7C?Lx=7$GOdKK2}3FWhLGhd+Wp~8(>-Wc
zeSJmU%5Y{Sf)rPOx_t9>gg0{_XmhVe{T*WuRK@!NpaE*rpeutj*7B~Jw=9r>2(JvQ
zVkjR5F_z3xLthtGB7SJK4Gf4-QB!|{M;J_lUbIBhjKoBgPlx4dy=jbhP}-k&&qkZo
z`rZ>Va`H^KIfMQh&%47<XvxAx*tpf(kv(DNZPqc|2hkO(N3b!~%bhpjR-EB_Ig_DQ
z<^%!4!>&Otx9H^_K27v*ZH?b1+;d>2W(Gom@G4ErfMGZ$!tNy@kP2biPS7zmFcki!
zs4=uc<aAOL-GA`Nh!ZI*CR$3TZx7TdINn@|=!VHq&ec#Gxenq;iOxRWd=c&6t-3$=
z{3S9L*#n<m<k*}x0oDW-+34YNk$eg4L^`5z^r>9Bz7sWHJ&sR&KX!2I6xj{TrY|?4
zqSyI*z)TE{e@}{~SuXtXi&RxfO{Wjo0I0pYBN;)@D6^oxx#%DqFI~-Z52b3!iY(ya
z<JF1SIFQrQBHLYa6>ZKo1nkVKc=M>B9^9SmNYUtC7KIQ8kP~U6PUX;+jGeH-jYN6c
z(3TCMtmD(=Za+sPWz+CTYNmLpBGgA~X^Nc;DoII6ak$&?ua37Um|2efhPosbT8^*>
zplR|=cK4S$mQ!I&;~&m<N)@eNk<Jz*%`if&Dh(c1b^I(ZE2`i9N+F+$#T`k8wrX4K
zJWT}G(E^WwU}N<D(IA1sa<u_3$<;p;<4sA`GjSkon*H|pO}+EuF<Ay`BlGqtq~rND
zl`Ns7W8DFFOK7XjX~PbR;_2cbdQj-8$fGkeG!~aZtpBWsURSk$y%BHI^n0Y}PIYzF
z&C8l>stS)DePT7?I6hrkn)Bs~`FVMA84YbOjKs}Ft8Oag#>Y>fIla<B>qJJM5EW0;
z1AoaL?*>+tLai<QE3C9*1=VHw_w)5<WPpcB`~8(%G6Gr%)H4$Z6)k1aLlp{u%M-1g
zYPnuuN&Buo-eWd-dDnQ7C3hr|vXab_Xv<{oZhs(B{N%m(-=(+*Faqah27!|UAMc;j
ztYd71G`Uo4jeI%>cVY6$o05`|IUY`6Wy?`aX0Z?3wcvE{;UP##OSie4ph!weiin7O
z`>ND`;Zm<v^*OLxNkZHfhEnO7nCer1O>P{Sfx?z3HV{}FY=LGCiS4@teO*vg9NX+F
zoc*+j-#XTX&-UTH=(RaQU|kQwrdk8Xk?B@i_%M8rl>%06re!|Nz|D?nxHb^F+xG!g
z%f3E(YOzlfN57>lGK0y4dJ8<Sy(%ox%==Fsodlca%Uzeb_U$pvQM?G*80Ls^I<kE6
z#Wq`VM3#Azb6yg=MAhMorrty6h2~}|VeU_6qiuofnvNWif`tUd^Ict>Z#7*ux;ZiU
ztFgJdTJi2S^aK}?<`bJJ$o0{KN3@9t#{xQ;X2kyc&?aqxUE1uJ2X$mK)DM1%S%K>9
zQ3>EWm6Mx8f8NC`v$j4+LIHWf>w826qVo7y+eQ~txb=vbN5<SwrXnCx9zC>Vv-@t6
zT-&hbx?2Ml#AwfCkwxoHqmo<d=C?Bm1C!IoZR3q~Diq1N1T>hZh)o+xIE~uIi><hB
z-^7R%oiZ+sOu*>Kt8V3crP->Vm%g@&Y(L6!P9ERB*=8!Zjh?c>0PE0`(Y@`>h!b35
zk@A7t+}o5P+$_K0d_YxY8orrD4eHRFhS45{x8~C{IA2?{!S!BM_^s{l1d}_m@(Mjo
zEX{hzK?*O)Q~pT5tp}evPg-wRJjuipMg!8P#`@h^7ZYigdYkCcREL+E6T+XL9D>!i
zrw^BJc(_cHyKjhv&_(Icq`ENo3G&Nt;Kb|m4c5}Pu@|P3mmFeGc9NiI!&*a<*Ji&7
zJv`E%xxIz<Bugkp4j#lOIgF8I+43tL#&}__dyd4TlPBzNL|&w84&JPd<x#ksdBX`^
zAI<S6ZUBbMaFS~|VNgZfqwQ))u_itK`7COjy6}_O+$#k*XE#+E-g-~L1Jd5X8X)W=
z>ISrg53)~vLlez!Y-HK~3D?w*D*ERD$l`6P0REJfu7~u-`|O_f&R=B?LHtYNFQf|<
z6_wTxtIg1M4m43gRn<@UDB$Voxm|j5?#6v{bMv{dqlhXxbZj;??}lj|`bD)>-)nus
z&JpH&SFm2o*BI@J#mM2kKg?a>;m|zz@+-PZW>Od%ZGn4KLgw&(?p;0o>0RSLb*`;-
z=~3WSDH{&HHvHb(mcy;2+0m<0$b0LDxBIYu2W5?p$b95i`!sBt=0DU(f9#}639VOG
z>pGd;^1G47?X`_d)>5z7D0-;Uqb=%{+f*ITUKy@6Sz}Q4w7rp4A}46Lpru)LKJzin
zMJ`_q6k<WfpdcG&KUq*NL7PlQm0ONTeXGCht@;dDu%e6}Y}aN4mS;$*k?TW;sq-~V
zStd2Us-k``#~>!D+J4wp>Y_wutE`V*zktCE@3p1UCRW%t$guKIMWl;ER{zW<B7seJ
z$Zh%SA1y!}hGe~ws*8@Dy8%hGQOp39r3&XJWhDGy!H%NpwI}ntDSK*<tIDQO(V~*H
zUgl}v#bQl!mdJ>(5VM|lzba6>GC^dFYmpAI9ydUB_NL70cP={F*NU3+dKAH6(cufl
zgtuW|TjI}(snA(!)?1g12CcrNjR%ox)~;51=!6<t#e|D2@wW18)xOYc6NfjBeMTpZ
zzi+hb#D05k4B^<NK$A{}44?V;dVWiYj2%Dt^WZo1%cj;Ks&?D4LxB}9N>nh>rL%l_
zC3-(8Wc)%<jkr!quP{zTLjbB}JY*0f^7jc!^9VGL9eX>SVcpnqIg~2%y#H!?ZAZC7
z`B0avk?|*s(%CMbW<t$2D%~_5R4qx#I7`_+8)tReV>g09PuBu9S_7&NoGkxkhr8Tk
z{!jd20TdS(U-mkXXDBaM($&>1eba8Sdxv(wb@)p6H|D0n`y+2_-be62%YkOM2{T+#
zptQk!x*FjL=U09%|L52%pbQAT@A$K6=N?mazGFl!RCTg_|Awces`@z^|4!o2u=Ich
zF5kZoql&`#ye)fliCy>f_?X%AJbh<5<`rfQoSNLlnc#B2ZkuUl>6o?=fR4#$I2*|~
zg@e~ZP;GumCS$24$)1?di$N-Hj7jis-L`4)NC_PQ(1dd~;#G@&6c-nte;m_`Xpz)5
z9`|j&6A-hpJ(7><v-3oMcnr>%;z^1<d6Oo@A7p+xuO|)hu(nHnqy2U1Zygu$_TKYY
z1U0oBUu7RYH)|jGMmtg;T!Mw;WHk=3pa6~c;gI+@Jhth*BOWWnN89IqjPqsa$kIO-
zpY)o-KK+GX^4CmFU~oGQ>t-4SP>|`L7w_M_eQ^Kt*&vJ@v~JfyyJ=3S=1&2+`$xG{
z4a&Vy!QIkAG;r_j4IYQ4b!JKnU^5Ex%AC;%4t?8h)||0FraN@7S9)6Rx4A}y_hF5q
zX2?ni&bkS9uFC3CBUBN5t4lV!yqq}z@8J<Lx9oLgRQ?q@#=o(C6l9(mlhCsYrnW58
z&IepZTkzq%<@f*K!H=W3&e{?BXi5FA0sw@xpO>8MA`59`?8X=tqX`}J#C#_4kv9ah
z{G1<<yYuZ7R9$XG8?|n8q;?E9MuXpLv&rY7X45RXb&mF}H`J^uPwu;7{WfOcwsWt&
zAp3ef{u;R%_e$XU(zz>CK6BfQW;iGXyq6veKDUZR?PJGnUAN+`|3az*9~g#01F%l<
zzdj@<0%^;C2!TF@37_UqdE0|ty((}IB^LUsXvJ&|I5*AgWzKM5MA-4WZm*^Vxa#Ty
zp0-_1UuQ4cPqp-q9$N}~Xai|K9Ox14B{;EPcv;W~C)UsC^>wTL{+Eu!p9n<I{MN$^
z?zrA;ThfPkWNH&_K6m~evNQMn!o&<-TYVS-fwXE|Su5|gwc4jzwC%KGsxqe!f-MV=
z*;8IA=nVPNo&4X8{O8}l^%f)tH$WsD`i~Ik84yO3`CnNOoX9^CAqFIf|Hy^@tJ^_>
z2LF#FNPzJFO2Tb)0otv>Y^?c=geHjL7|DdbppKPpU;4q=s~Wu!?L%hY7Z<)2zeC8S
zyD-HT?e7%Yhtp;+_p3Jidv8;(({HpPEh^R+SCeL5UR;0v{3((jFPH)Po_s#uXLGm7
zdDY_>_=p06+xboi6x=?L?5DIRIwwmN?Inf~`1~Bc6^g+dN(v4>slA`hb8B>ZFjmB-
zVof><p91^K)@j*7cJABTX!Ll}3Qec3Izg4MkGHfenj1p5@qcKhCPSV*oYXH53ts+J
zpTj$40nE3r%##*F>FiqugvcTy$+f4e?4uBv3^D9tu3w(eEZis}AFkom$Z-&>G(^sB
zp}pLi0r9Bc8_Z|CPkBOnx`N1lc(GhpV}cpI>sKMiRFrx}pU}S6rSI7Ab_C}(XDPD_
zzKaa7S(y!Fo(QM6a^$tRXPXKkuCpFk#z3F&w*&@w+%(<{|6<qZ@q&fF+FAZ%{k2zC
z$m6qLmBH)K;$$-Vl7Ie4XV}5QC$PiC=d;39CYLc7OO`2#?oN{cJ=EF3y3sy(;wfh^
z`g<FAO3-deFGX7xy-dkwbtN;qwn9e6`t%-7a&xHK>A2WT;?B(vGgEkT;~dFT5D^6|
zEZmq}(IRXpdzp|hm&80BBnSw-*u--7YPKc-<Z__?zC7s@^Rng?i{q9JcBJFE_*%WN
z9NP0NVY<VtI+rBno{rPA=A1a!bMAdxV4le1$QTr>p77yG!CDoUIfF#A(dP=gIr-D=
z6m9+prG5R1kz?M>K+BtB+0ek*YW;Ih*}BDE7Pm5kH|GBS#D<>jmU8p;%ijEa#!auD
z{_6Kp>?>+z-G^%|8SjRgRQk^b-!!l<)!iQ%sJo%h&&~Uu6hrC)X4>gY$1`b^exOLm
z%9>AQk|d+s8G3n9!NB~9&Z|S!U;OH8{0L>O!DWv92j)*vNgN`LdZu!3DzE|ERgQo^
zh&DtFCeE~HY+w)w*2!-Ry=QI$HHLqQ4>nv!JAs)eXC?IYWZvvL?ST4>RpiV{-M_28
z8S}vbUwh9wi#5PH60!QvYS{4fPI|+KbI5ucldq4LKwSM2E)10#k+iuy1urWrVb7{{
z>|%}iaJ{F`cEgZp8$BZrZ_ejSvP#qD?SDJj!^-1}IX8ya6mY9`d}JAlBbbgZhN{7*
z+Z?>VS1~gu_+i{6fEoU^_ep$aE_>bBZ}cS%lZiNKydMe-IN@!H+BQhVfpF_`i)1#b
zJ^Hr=<L0r^Lv3nuKZ3m_tf7;m%Nw6seQIxgT&z1cDr{s@cREX1obj^Q9*d7K<L&K1
z#@8&yP=_P#rXyf4y~T;Q3-A%IO1-t0F_qw<qEN7FaUspw<_jA%98KI70)GS)wxP26
zl;Bkw4SLfHT}tU;vu9is!?PkyHvlK?v3M?o)vB}x8lQF0dpJ|v+0X)ECofNB>j7?;
z%!wV^1DOkxqeECZSSdjAGiUGXM{oQ2LLXk|yvg5p_pBUWn$B6Mot-r~-Kh{`NA{gw
z;~%R+a?le*_Ydg~3w8Pn?+(JI>-pHzJg4op;kMtn!ZgqBEEnrUHy^-o#XrJ`lw)qY
zTCC6ry4j-!ti)IR>K%t1#AI>?$2N3ICcT2##Slm#6|hy8WthmP3f_O2+}=5RI`0a!
zKTK^)?*{lRO^=(%b{C2P(qGR-n3mP%j0O0BZD*ctD)MZZ&2dSr^V~@{b2?+*J(H17
zdZg~}JWO8GMG7J0lB00fx~qQM5|HE+`3ug7v0ZQV`jB@^M}6t$nDOz$yBl5;xn66F
z`ZbdP?D6XIqk>sBZ@Pl7#U1q$eh$RW>eUn<qZppA7n=92I)W)$Pi?yw&d0n|NrPwF
zNlnMRUJbdLKcJXE1|dW}Y2Hbk?u-Y#L$y|$uv_??@#u_--6h{^%vmIj{w8&6n%rUz
zMPp8EO4c=v#WY0YMJ+e*xszd3VAub$p(u9$dbV6+u6GC<3$$D1yMjPJI-Kv&7iZ-8
z9vnc4^j3@Y*PC0e-fPsGXRjezF2~)$W>Q}RCjJfXhZy1x#oka7-2U{Y9gmJ|c$q8d
z&{22xU~m26+d(l=H-$&AJ<MtOtd`Ru@ni@5q5Bn&JR&z`)ys{|66W4**ib?SXF%>G
z+Bt7&t?z?BW2?D(;w!x2KG-jx*j!r!o8MIwcVlXIQQ}_nO=me9o2zO5H>R~@j4wca
zBO0@~onnkUa~CV6i+0XiVAReAsr9fw^XIvmkIrY_y}!F5=X4O2t}QiKKZV7xByISj
zm3fCs20xgcN2%SMc-+w#Lc<cXmUR)q;?}R0i_3@u^@N!{kD6u=$HQWMKA5JjyC=2O
z|5|4#r{BI=PrPm_*u<2dVX7UZ)$J2#KFc7ORdI|wE{=P8KQBgzOm^Qu0@u?R>|Ocj
zU)GNLWAw8)5D{x<mhqE@;K^){EdUQuKvIBUg&#k>$2b9Y+GsMxi($o4t}zb32`|{Z
z#@i9#=FPf7lik{5^SyM-4ZcUDYI}Q+-3&`VS7(5K%QF||2UAAN3#-@K8DGoI1$)dE
z%NdN{%ZP#)93!^%CI&?eFpoa&t-z?fGUs{qu7>d-pVU9U|1_gYl|L7Fz>ud`avSwC
zBl<E8RmpBIFI_B_Mly(rfyD!#z*qAN+B$G^!zaBtuvgLuS?hoH-muB*VW1=;w?V1$
ztAREB+S5RWbkC#h37Z2|C`?^gRLll5!&`os#Mkf#UXQmMP%}PH$1zra0w;S?055k^
zJXenH;8f=HF5#8=NpEoxMPre3i%Ft4-$+(lOl8d;wDa5#i}h}t(b2Aqc8&!_)q~f<
z#8ZX`7oU#h@G}#*E-tJ(yD?i{AH;qggxt!q9^XkHy3Lnc(!XQ2HtU@UgQRy8QSx7F
zjnBxJs>VYs<K`CC{CUqu<KiDonBvDPBS<9d@&sPaZKOVBal&0$`r^9EC+lMlI>XPG
zl3n~T3bN#gAKi?<)W8O2n|(d(TlV&e-U|HOB$#N|pAIMA3<{Ouol?1RT;hgzk{+&2
zP<$VygoHND6pYu<1nQP5+cuBT{mn!GT8>`uoN3(FsJ1`Wk{H?fJ(l|8Pb%Ot_NR<D
z;<p-QB?!lRestjTI=`S@)UUfZM>tNbJ=YB`CBe{R`)#uGYxK_be5Cjo%+k+`L>K(e
zx{jF3fC#bSCv1t`F_o&Qb_l9G+#0%^hi>VFck$eJPtM^Vja9v3B*z-jpTMEM^My1j
zRuoZh0?2IdWn}DsZBRQ<R&!(8&WNmKvr+C#IA`}@#(?CxBQhT!TX_*94A9z|E@O~f
zTL&CyPw9*%5bK|z<@JR_OP7did%s^;zX)86#Zx2&3`XOye}|OW{S$!&2X<&Gw?C=l
zaWmYdh^>TJj3(dNkkbJ08;xv%-y?LtRQd3%Etq=Q56$i=X@|`HNLkPZ3IHe%T6d;M
z>NH*OOoLlm{BRZs#?$ARt5a*LiJqQcG1Bn5jnrz*y?GhK;ceCPaAU84^(Fb*CT~5K
z)_%4mtzV8HJ6j{~1Rpebi%Vx+6O}U5)x>(MT{~}z6wfrV{I|m!{CF!`w7*Uj*mF3+
z_e)>R?#1w{b&DKkof)o$!O1IurR*Aub2#lo4<ghZY5vc!<{tKqd2;pK$LKcg^OX6x
zuvxNM?HghxU@%_G{wsXc?uc*r*ob9vv@du@w=uuoGK6W#v#srRd3cxE+52`*i(Aq9
zLO9CbnsN?g_FOVoIUn1UG}aSP)~gNjr^}h1NQ?fqbTxL6E)0Q2<qJ6*c4gjhmL6eG
zNf&Yx`aR}P&pUtRYJKP`eGD^CWq;{Sq1y5(f#NZ%(TM8RT3L6a)mBdLXaEV1hx{Gn
z;@(6mP094fuN;8d{L9qk7vZ0M<>^aDj{3fO*tevbt2nFOWLcF!Z3njcYAcf0otHGG
zj0P8Yf{ABVXZRoC(Y?Ad;~YTAJof8enL~4Xlkp)|lgV_sM`YvCt&2Mu(0digZ1Rz$
z>|tZx^OwCP>l0aSHeVLj9(R&voUev{$4kuA!xbn3i+K(!9qW9pDd}<CQVf)n*4xM_
zz1r>joxsHRFXN}M2of}89^K6uiBX?gZ~BT}e>83OS;=3)$9u~O&Gv+(+;8nqayJKQ
z0?A4}xfxF)1Z`J$x93=m7rY5?)+e)gP<M~NDgYR~tRrd7NvugwOb*)uYUtrD<gowR
zf_#ove5uVCkquMBWde)O)gaEFZkK~9(%E=2-cp=1(i3`HBc_?IB;L(5Xh{ZI#!5t3
znc04QJMeTo;3+YSHZbUc^0aj11JCsd0{Qh_M>a}j{X#}b9hX*SUU{a4^F4v@_sL2b
zU2s*L@G@(i7QE5-IV;OCx8U{WdBL4eB=Y~<)R{q3zu5Iy#u{(Q*w8ut=1$lH*eWAE
z>19m^hLXr#8<=0Fp++;=aGj1A8I6gZm-~NN+B;v@$S*|SeP8Z2v~a!J7I@S1(xM=Y
z{osGX^K^n6eGFYJZ0}4Tbj~9)9ua^<$dIBN<w<Ia$a`XN2CaGS_V_*!rD-Y;Gg28-
zHMnJq+p6f22&Ezze?1gy7%)+;6X3HqliOeQY!hIzxA%(kb4+grlK4*?bzuyHoq1ZG
zaxe|ank;qF`&Q(+iS;yve-Ze2X_LWif)M9@TJh%TU83oy9M|PZ^W^D|nukOx`3?5a
zY~2zzjCDJ%KicV8H9F>1C&quwao@A@l1o&PVsFM|r2;uUwI=khXrw62Z@3!KoDoce
zhdL=*5lhC`l1{YyF~(kPAS+`Jlc|=Vkm*S978Cu#BR5v+-OFrA-Ih1>_7PK<FY0J&
zFGG|5C3?q1Yj92GVZC#Dm~p{;<944o)TI%^Gb9F-75-q>3oph5qyt9>fMADe4If+q
z5`?hFDr#!YS}b`2GtlCB{ThMFs5orvF$9x2a!}>ie7+?95LugMn1tm&N?{`>pD!!R
z1e#Xs*jsI=<idW~xY@v#$w47dtn8hC0U!3CFk`QV$x583%!-@~f3rt@SQH-IvF7gB
z-1^;GBjBr2yKc)~RV~h!KJ?dI9dgU@#Dz<+&d^$e$dN-8RkYXadknb4u0vVVs}kPR
zXSs5V@lA7o-D(<iRVmOADA>Gp@E#N$RX7yT8d$L1rpzi<*;N-U@1X|Oq}||WnVE6X
z(8?lnI9{8^Is%L5;ihetsvCG_2gxB-K6OkI5)x3c;ETV$8#DIpy_Wrg^za3peJd&Y
z8nDgXYu3|7AJ)8j9y88A5MMhu$jT&MES4ELDVI&l616rgqg=n*Gu&I&?M1nA5o4Xz
ze(FqecIt@JU6Z6<?(6$^DP0JqTRN0eeV8|LGPWz>LeIQ|if#Awf(Q1o_Wf~f>SrXp
zHy&`Q)ZA<Zr%IdXM?f(>_V}am)?R5J2da-bN#Vb!hYwmy?rlwU+Dw^^iwjZXx0=C-
z(t|=8t$WIgR|KK-u)r(Wx&fMhA7HxfNw(HCLeEn9=QI;55@f+Y{KY4b`44|#Nchj`
zpnuK!{~T`m|C{i+8i~J&0_pkrx*t)L<X@S$y^S|o9sk9I_=UgiV)P)z{EI&cyvpwR
zc&OnoyA3BZ`#&H~*wJq?aRLOcyMA-!ltl*00-ta~v(d<OT6N%;D76~p2Gly-R8UhK
zu)=K<C9-wlnpzZwhw`abY=sU3{q2LH6bW0+s15m(3JStufpESry0Ey*ukk+(pGstH
z)_rjo-ODVVP?%os^QUL>Wis1-b;9n+^xl?Qr+hjjX;wW?+bhyrOi&aRlUA-;6W~kh
z?=~e_BH}1Mx}VBgs~d4?GWKhpNFTX<IkUAy3G}s1Xjc5eqx1$6F_^;bH)HKK+h?nk
zxpxbhG`c&Ets-LWjg<1p8!s0k>~gqfx$0n&wlu}7$W`L*0&Ak>>FKXGJGo~{Q}<cB
zXYpRsW+<#ED^5>-vA=Ky=-av{&XVR1Jo7KE*4%C3N#(ge1~JD;Dk{=glvU=uVqv2V
zc6ct6BR1`Fa0d+~<LL2$-oN`i{SUg>_<smH=itcNuHDC(I1@V)+qP{?Y)_0y$F^-x
zJh5%t_QbYzdY<Qd->>SNKTcJ;Qq}3+U7fw}wXXYGzqR&BBpy$4jj=>L*dDECv|d8;
zc6%k-6blPqmSNYXFDxfq@*I^7tkvy}WNxIX6Z7%h%VQ=OuljEgNh#cs<r-t`jAUWG
zN#-K>i@~<Gs;Rf$eGuDv2m8d&*LCJ^QA>IkG4JjPaA<beZd+LTllU77dbx-kzt<6y
zWsmz4%Nqo7s!U9;NB39_=ul_5YYMtSPaM2+GAC<!v0mS-OiVj^B@I?0XWq=7uhU1U
zvRu7ytw3lqub^*Km!FH%Xu(t46Pc(G?64)2KzTUmb~xUPV<iv|f6rg;aSN5K5*W};
zCFt{KHFMM7LeR1!9fG73`<+{z4&#=ovosf;ua3GLkU$lCsaE;9PVC<rqVoy;T@4^u
zTsi2MT~n`@RR#*r=8+K1o-5|xxK}#f?tMARrlyNE)welTdoxuOYPR>c62N00@uoW3
z!U9e=!M2|likF)mpb2H=K@Y0ghZ{KVE4r>fUN3Jy2KmmO4VXcuI_??r@g{d^U5QAx
z4aZ##VTQml%9Wz?yk4e@6$r^YuIOJQgvYfZDOX3vi*w9o3ow_}3jWZpPMjtLL-8iV
zv13EU-ac`Yo5~s;w86Q0DHD>@4Z}GaW*YUtb(vROT8XWYspb;f;VU4W@6v23>gjiG
zxrTE6eI*n_duQPOC9hnLl*|dMde^W3T=zAD%M!P`Qgs+6^9wTiLP(wni>uf3h3{AW
z_@?M$mdF>R30J>;@=bN~9_k`ma4Z@58F4-D6DqxrTXDxt9Jua8AZDdlMhW>XLEz1s
zTY>MMSq8~d5NDgy<M(0!*Y$^f&CgoHb@{guMX0WH@JLeghmu%RE9f#aemU{rnFkOt
z9!y3ml7J<3bbITSDeO%C0Y>`MZE?Lr-p=sIJQk)*8TrMDaf4Z&wMcI6huhw1%;igv
zp;DXi@vD(W1*pqPnya=ojmOFFmyd8VfOPra(RNzhie1sNH*SYnkmGpVVa~;w-aCv=
z7Eohe*^?@3m76Sg$1c}pI?cQ2kQuJ-M+>{&m+f^H996Gl1W7%=-^mPPc;M8oMRN{)
zx!RvzsHNeO6Rz)W1bv)?J&}&kK~gk6?i9@`+qlCx8;+fWgY~NP4(cXa(7u;(##9;2
z&Rte}_KcV9Uwt1g_l)-6e=C@RH-L(HnWfWsyjW<QNFBK#ZfM*LIf~Wf5fT$j_9CA!
zF$5sO#QmB1M<A=2pKEPuRtG}DVKCmdq-eku+@1U5Q)+zR{Xo?ti$NQVmLp*>C(8HW
z8!sYeduw4qq{pL%C;gllkzS2<O<5@8xKjNT72F?%>^rjDygT`FaiinaUKII+)Tc<t
zJBBXp`Z#04T(>B^Dk)yny;@F1D$wc+Yw+m*`OT)cY;R8p%#C);J^BMx9f~jYOi{0U
zTs|PJ&YoyS-~$P2fN;M>{zrQ&ZAg8MF_AfT+VMzxTNhZv?@&{#6sE%#Sv}q4A+8jP
zCzzoi)Q{Hv>eo}p%;LqF)+q~&gS|L*04>$t)k)yT8^8@zalp^iYQ)_c7S)WF^ipTz
zqC1Eu8idTVk(#1EeZ*M0>SyiZ0TbXRCX`NltPFKlqj}5E-4g%&CDLqXl^2DZJhqNK
z0w#daSX*j>bTmR9JoaIg^#!UW<Rv;o7N^@(JywJz0w6+h{o=pxsk9JsMzc_!%0Enc
zv^H3>l7S7gw~uA&&Hq|~bNp&L&3=KqSUExLu|y?kx>PHhT%kK=qr2*OXa`XAF3ikq
z5?@^5=eXh4&Op?eOzSH$MpW$DA#_@-wH|bz1dS%iiBAHDVTX=rLokl^qV~ACUAf9Y
z<mGq~SULBNU#AtHDlxjx_I$8*jVPxIaPu+`9a?M2(JwTQPk+aTe9pjbJmYeg(+ZMC
zZ*xjkQarf4{eCv7Df1&KoWu@hBiPi@V-X7RY@}$S_weZc6A;WNKf+FMku=FsDzoBb
zz~a^A7R`_J8HSQso*g$>_E3sPIZW}IG{!sQ!}*$ZFw|wa5>vdH4ljE!l5;0oN^N@H
zJKJ3#i14hJP(<1=VmMij&{_BcI%Cr<DbtM3%6&P@w0t7HualX=@;f$=*)b4qj6&eb
zaI@Ld%6@td;p|O()exqh+e(LzBy+m)q8v(@v$}Iyzwa@Fy%8|>_d@*f*+Tm^DzOYu
zUSYpA6rXzXFJH)TtN0YFb^NA=75Yzk#40V0D`<RN_JEd^;0A`y*jL4q(~u~(_hdKc
z_Tv?Ig~f+CcF5ny8|7o28<WAOJ+uadr0(e`CSUSoF@;D3YGzWe=XYBEhz{Hp@1rwp
z-F$&Y6tv7HJuIN=pasuhPdjt9*&p2_`c?}kHeqD7o#kwV{mo70R=|8W+fxra4Gixf
zaLydBHj*ml&Ipl_ohC#;AlrYp3=ab=^4*v07TB6rm<HlmZTYwWZLoUl31|-l{uA+4
zE9KkU=k=SOJ@1B;GFR@9`VJfKKybHwa;9Rc$PqN27P+N8$$Zf^S7Q~PhfsTIrDFDz
z4kdbf-|-k;($C!(pOeOOZ)bQPR%zPf8`1^ZxdLkXX2GCNXXGNH&<-vQcf+Ih+D%>c
z6>_SM%V;MBKm@I=hr!Y-sBAzS5$*kf2hJ3O6`W+&o5<|m{um);5BsxWV`wD2dvT~f
zRs6Iu6De(F?!LkoBhMPS-2kn`HIN)6I7$OAUz1PCZXF(VG~Aj}Xm{k?$dk&6!hX&d
z;ZDDGX!DksPex7Qm?Cswze)xBqpa@v3`u~ZP!~7;vXjC7bzn}y%SUX+Yg#q>a)fBN
zk#SSHDP)=b@%E+^+>^adf4eyi!O?my=bH_`9Y0&BEfvXA-$7HVEZMVR^riOu=kP8%
zMh9<rqAl<pZ-ucO0UO1ci3Cu;NQizTkmx-TKJ3x{%Kw#4*wjSse1+eQ&pY3Q8qU@a
zW6tJ03fcTv^9)R~(9*u)0qrT^+han5|6u`chwj<$k8~?sU^6}sO`+~Pa`Y$0{oC=P
zxq1^BCe=F=KX`w-@Fbdb3{OrP9_&5>d$}ayRc3Rq95uk17_51+%uX|Tv$v|Vi-Xsv
zVv9e<Ph=^7hEW6nOL_j<S&2)-3{-g~C84{}wZM46`$+v7KE??f%beV%jZ5-+?&Y)R
z^r#E#gV^o1aC$&kz3?lG7k?q0;$Tlunw(3lt5~<0nTx>z@f%&#S_V!`LZY{qBt$No
zh&b-puM`G!BhJd~!%YC}bXbb|S)ThYp%hFl->qj^|BPHZnEg(_)NXezOuf}?pq_#W
z_L9wT{;b_e<mC3nBEZr{8F79h2$h1OiyvNaiQXp4+`yB#2E;9c@@~!Ihl-n{Vlg*>
zS7Odd5U1J?;q*fck;JXU{Pml05zN;~J6ATAEI?RRBs=^=EZF<yg@G%C&%62WvPVXK
zQYgmK6vI@V&NG;~#f~F`0KlWbKsL=j-qcp#Nuj1mG;8F{VeoqvF^dwu{$w?mo8QP_
zqJRwx$0|49uoYEz?bOIdOF~fhaB0l+i^u5``%5Ig%w*BV*{dh?k1AR+D{F$5*T=Xz
zsu=az1cWWUXQ86{2#ViQyyq{xp#4UWtx@SCG$bi;o5iSdztR~UHVJr@h@eU<;DFI)
zJd<M90-sRq?MmRvIjJQM9ZrzUBV|91{pF%tlo%*AZVyvlotE#Okcq3ot7b=<=5e;p
zVL;>)sZ7Q{ed~i%juz;%OURMx{wPvWJ}?dm-9HuMli!q8u>s9-w{IRkU&)}=5{7OI
zoXf^yT|iNfurV_aO>?tv_FEJ|#cGrjSrYn7DAW6!%$6hZBty&dGYwade|~NAOP0$A
zQ*S&@2Y?&<K>iJGAG*g_GPrG7&CQ%zE}a30A45q-g+WshE`#R#y4Q3nddW#whnBo@
z#8Dco=AaBNIOD<wH`--XE4M>hW3h2+U1Em@3#U`KOpz|m-D>-|r4cfoNM9+QbDn>V
z5$8ub+9w*3XvE1~c215jrPxysCowwSXej#vQ*MF{*>r&zO`olYDVx|n+27N4fPlN)
zZb2&tKE<Gb^{9H4!@gR7X))inC?49$+O**MvLyBAyaP*yV9IpTub#EFzQsMk_!BnU
z)ft;A?UstNs^#a21Gd^xkj#Sb*W!m>xT?BiS2-l3gvDUc43=Fw0910$_r{J-pQuLL
zIfw>>u&<Bz{nCGU3K>o2Ro)zqaR*UYp*eMFd}{+gAIo5Zp>LlLrND3W@G;Dworp=i
zSulo;mba+{VHFUM_3YX>vk>v*?}K$QW!pRm0~%DG?gNA1vEM*Mym`~Oj=K(8GUMPc
z(n8%W;edL`v^N+$F;QJb_XGQf&LB7^z1H(e+rADJ*Fg4!OpDi!ldPs=v-r#JUE=eQ
zcf#LQi7NKrLZ163nTTv`zj?FIo}9{BqKj|)?|;_0d^jknKY#dCB61sp6LWqwO}z`y
zmJQQRO^K{AY03TSMy6%If(*Yg@gt(UO5AbfY6)s~m9|Yf-c>gZxiyf|wIwy0$m-)u
zc@HT%$BPgfF-at2Kdsm26MUDCW#eh%;j`;isv&=l)8y;hi>F@BBUg@-y$>?{J!b1J
zqdIzg%{^9Sz=wD0*txzxch*ZXhHMdeI*uh39W}+9o<-WWjF1c*g7ZS+0qr+ATv@;C
zG9vFLc<Mi`()IhjOSuG<tQ(rKl|&w=?0~l>M7bCLJVKC=0cPsg$RL`TlZ)K;#_Z%q
z_LK1XY0i3J9p!gsJGvKd0Z7FbYxt`_GH~1DYec6I7=lVb5M7ne5zlbG)jXmpr}0bc
z2KL<@-_0#e6tWl$xd;a9C3TCndgZVd9W%kFI$7npt8NHx%d<TriHRu?I_Oc;+eD@p
zH85ldnV^7J*&JdXjW#3Vb^{3&4$Ik)H>V~59~(yW6to`V^$8h|#;r15-7G#OP0&J^
z`bQ9X=HBcCl(6J`Uxta)?kvP7fFU|tFJ6P%Gs0gP{Dmz7<_jYE{qT`3e23llIZv|Z
z#DXvq7KWHT{XwZ)PW4ad?8pcF6E*VnqmlOq+-mnCBo*>I?z3qY%B3emstnZdHnI~m
zJ3<g;@DD<so5pzLa<O8WLXkz6C%p@7Y571^HBbT}QggF-yxU6%3Mq&EcD(T0bC$Sp
zmS_s2#Tw%wwfJ2%DKKUeqQ`ruFAE3n$)s)2F6T5=v9_3%4iWl<^J_=wSGNRFd0_`c
zF<;-57pc9uq=GD!@x)KrIIFrAAD^hoKuIjU-BVZyI+4J|zrgGekS(v$gV|>c(NUU`
zKU7Bafz&rHbKaX1wjY`r$CoJz+<ifkfREgISTgc#=Udjc>+7>3PhVm2Q;SvDL(Cnw
zN1-u;)py(cSZvMA;jav;7kyYvuhFy|xr!hy^~S4%ddKJWdh1E;Yb(xBq~7VD<n$Ne
zaEP-TzPctSKP1WA=tzAp$>}(g6M5UzR{|wf(lPBd;~)KmlQ%Bl;J850gdHd)JvRI?
z+@bEwb%Hf}L7&li09Th3ePGrdq;02WXvI0Ys)*k#yoP)&kNrC{aqi2UU@y&DX`S>K
zFIh3pxn_gI&mnH+v6FtUKRL)X@x_An2#jcJkRe)82b+-XH*M&y!`&p$Ha~M1M9UN!
zBA6w|OHD@L&6{0Pjn@OoA;Kdf!r-z8c&t23lpO$o$H#89=DINw1I9br^Iy@0ly=~L
z*^b>22n&#&yQty-<xEzW*e|fZ6Rs0Su5?tS{=9k@m{Ldz2WyPF2!ya)aY=UzmqD8K
zS5Od-AbA0>o>$2&!)M*7SwU?IOxndW`Wh|RGWo%L9aB9F?XvcGov4yDbN*l!lMuBo
z+jd4bsq;cKYPE$pp$%_bYvzLH`$-Vo^{<Sq?+1#xt<lz7P9OidniDE#2m9&n2utJk
zkaS3?r7LIgJDbx(tepP0;Rnby*<oopcj^u9ueoq3nIoJcM53YUu;Me*j-pl&Z&dL{
ze)ND2y#=DOmE?QXEsg}b?{D;4zoUMN@Lu?OSTona44B}mXlg$>eN=bX<s^*691?$%
zM_MiH5uq=fRk?d;Dbc{PE{vxUu*+SNsZ$gA&5vwnE_fkAJKbtugqEWYa!iDLKqqHA
z-A|5^Cr`5M1eddrgc6SvS#0djSNTQS>hePS&xw7lkyC3QcsYGZkIF?DJIB|YVGwdM
z$#+D98wjooKZdxBCn7`shaQ)P<k2T+2bTweJC~%}ceIKM^7*9z3lAL4q<hy9RSP(j
zYnWS+yz>(^&A{K6`#VBD>i%~+<PF!@pJDXGew+eGe?X#&mTsl1>^L63uGeXn`H{}1
z@s&JXdVC0)o&*MrJAG+O8a}awLb-BqIq;0akQ2tzi~a#(foe=d=jWE@ZH-IHw;*yY
zl9<5KWJgmt%Yt<&1;dw*xLf!&49TS^9u;f6&hHQZ_0*sO)Uyvf<KhQZU6U!aLFPMm
z9tbZkE^dVAHH^3H*?LQYdA8dDbl94aW$pk}xDa3g>mqf*GRUfNEfifv1eM)H7N`0(
z1VJU>N2qb1L7f3}gKzKGq}xaBnQ1d7L(3Y!@vkmPH_#=JG~_C9h|vl51STnPWh<g8
z83<|lunS*!aw6LkU^QgPwXE4qmU68>T51g0(~j&@14lJC?TWwBAlz?FGs$v+rOF|&
zHu)vUZ1EehW&99gw|LeXCtp>B=VYJ1RI3XsLbT5;_~mlHMoZq=z8oCTTd2^6ck<}x
zW(PJ<pmb3*Cs^B?5YfU0PKa3fO8~*r<q|*A8kkSm(GpZC_YLYasz;LGn_$Kj_vfAI
z>{APH>V06u52AqB)yyxkC0;#s^(Dnz#1Wx&M9+vlg$u#-&Q+MViI3+jV4mpNQu^x?
z_f#X{Hw3-SQp6h>mD)ao>j@jf_&p(Egc>3KYb}2on8-IFr)CG`0RoUi{7>`c!ioPe
zmA45!SpYdB@#f~?{>VBUUy%N5MSuA(N%uD&{cBJYAy*NWA3oNR^JkN8d??Ysc(5&V
z`rLd8LCo5wiJ)})_hsr+&hPQk=H?X8h<MvaGx<8LKf{2Hxy()nvIK5>Uk4+xrPs8E
zqte40A=o=#sb=OruTNuE(gk)K&esedyhts5N>pjj+<x*?b&u9Mk#1hnYBl}y`Tk{p
zTJOIB0D#&bbL7BDK;!XbGLi}k<|FZBI-Q<ravAJ1D=S<^cw5Y)USc-pp)Sq?3vA&D
zi&i<9&w&n0YH>)GRhcbqjWwoY^4ZP0R9cPy9+ogiaJ|kPsiLByxuwOBJ%h{Zh1IMM
zn}dTxOIv#dNZpp~a@X-hO;1zK!Xnl%&=9DrtG~VHQ*vITFY{AaInb_wQW8B=`NYG@
zgJJ-xG{r4cdAZu)Bw?KgoHgk&x&b?AnpS^c?p+2J7Luk*Tw$X<HxqL2og9~F`?j_S
zKc`L0mz!Ivgcex}=pu+&EfI>#J8a;AFg?pgv6r(WhgGuJ&Lwr>E@9Fj_L$;>a9`;o
z6@yRAOA)=H^?{--j#A!-^3ycs;@;WNy3K)ia!_!swHzo#%pS`AWq4VcfRttka{l~3
zC-LpnQ5TWP1psh-dvYLG$d;9pLy(u3k0cbxes}<+XJk11{JHmZz03QsY}^OW_Bicu
zEkaE#T~a~`YQ|#M$U%lqM(ed>2sV1K<G2Oxnli5l&iNe7xGPQpLce&Rq6CIcw$_8&
zz5zNWmF&SM&A<Kr6Sg%~#zNmSDm?x?lcAhwMqjGuc5dbXeB9V{6fIok<`u`pYQOId
zh1!>0+YXn;z?%jHGy3Q%I|r=$tXRGFnx9Jow(D0z7SUP5^~%h|UP`xuPtvfCf&T0{
z?JE2gDQ;80{oXyM+xY;B-m5*Xz6o!1#Wl+f4R!7>|F<QBhxQdkm7as|aIR0+RWPkm
zv<Xyyul$}a;-y098M8XWx)nw0q~_-4?W3bm;k@pdnXj0bn2FM+k6ih?P{+o4uoSov
zPjl3-l{+d!L<tH+wAbqE0i*?L6|$t`KCs`;>Aqa;4R&~XmBfi;ko;JFryy;41Z%<8
zBF@)0vm3PrVYglnSy7gW(?zQEc~l^^)GsQqeh1O??gI&;e<zkwf%90D`4d~*bPW(E
zo|(~N$E+}IJsp0KR+_(}XxmkO+`J4!j5t7AYmyYOo;o;!bU()u$e_FQlAejCYu~1O
zSN?3cBKo&j1o6k29NCl^+pz_Yf`USo8r{~`wnX)}t=%tK@-{F(i=_~!LuSZsDHK)K
zH6#t~bA9?b_F=q!O_qfXVR?32e?De~Ry}Z~SB6}fjfR}pP?R>;jB~OH$V9FvUW#c$
zovqKLi`hfCTXV#px6uX+zWeJi)MtPv*HJPa+l~+l(30)F;sZU%TeO&se27F>dGsvd
ze=uEO+z{dB;c2;F)NT{l*w|>f9>jHUaXDPnw%c#J>^$Z77V}(V>V@IRjYYyJmk4dt
zJo|Gt$IyCsoaN!urEBj!rm>U}n`vKM(qvUV#b0?^?7LH|o2OR`>N(&y+u1jr40T+0
zwvkTLh$+Z*&rjNA#$Swc_Tck9hE;ne!^8HNOe;g;ojc|~QS4JlJPJFYt4rW;GAlnX
z&o4R}aWEQRMnVD_0RbVC#|6>H=Tm7y01th`pDriM4#R$LJcvl4<1oxZ%5}l|8xvj1
zdt2RfWxQvw!q7+Lh|0Vq_%a(UtiJeay6L#qo7R@(p1doFV$T@OuI9mI6kj;KTgZX>
zSb+w6NF6O*ib%*qLjKrJq;ui}cUf5cdJwJGN7r(P4~LZ+-7hGEO=beLTeyGe<u?`>
z(KOk?{xDR{W_zL>&l?!`j%<!CPt*>*DT*A=-rgX%G)@O%=9MdAbDhr~%~!@s*&SlH
z=gii-RE{Y-PaNNgvSenTtzxeLuDkFdH{d9q%Rk2}inT&APk+A8Z%@E!Z|*M)6@#j{
zehjm>g^ru|Ss}Dv`J=hGxYz!mU48H;1-Wf<I@yV`mWrESM*!d!L%t`wG?n+`4sYd}
z_W0ZD$*w4r+0;K!!@TxM{Tw?G8Zg5MVK`_&N$s#Eq1Xy7n96OM>#kMd{sQ_x3y)d=
zd+(E}TjRAD{`fl-bXz+P5+%sg;Najd!qJk+N%_^))xUG^CMG6;Bfq9sRz^~pjP331
zyGKS~fGZOXcA(*w7>vCPG6H>1n(RjDh@@=5A0d`12_Emb!H8Wujw(wD@oUP2(V$Vn
z&Kd7Io)|7h9b|@VuyW}ciJOE~)r4hFFgz}Eq9f5;uo3VI;JqDZ`StB@Irhrs@c+)c
z7T~LXc7BMjIS5A(A7-C#l{D+lr5L~*7NA2vG%yh4usb-jxH!1=@xTGRgd&9V1WQ$k
zQ^u-FIU!<4k~qgCd^&ZwGOH7Id4)}w3t31mU5G`F&)z!Dl17rgX#QK-HJDF7a%ZzX
zTdrBR??d?e_?7%W)!~om$gg7mLEVwT{)?|e{D1QFf7o~7|1Bf`XL=>_m;Ws&|Njp7
zNvzTJr$0^vkIR8zErtjmq%3VpKw#=H$0umT2;aH-_O&iFCWhj0`tX<Tzcp%zKMnbH
zbqVjUk9FSf?rN1fBQN)-D_uSUSy@?qfwi%?`{89)T>_tqz-)Eci&RoV+wcrAso(w9
z&8P8Xt}rwhwoa;J*OGNSM`-Z!)6O=>9Zr)%BE@LU{IbUD6#%Qi5w1u6k90u}U6RMM
zU9ArrOJS%p89|wyo71c{fk|P|Hv<}rB%z{VZez;8`X3*SzAKI;wd?tSef#<!t{)#C
z4_OS7y}(pllBu%MHDZ@G)<~zl+&D(~%tjs3rOpj5dNd+{TCxE@Zv5Vub++0Pm1sI<
z?|@|k&jGT1*FjfP%d<%clmL$Mnqo2N|5VrYHNRb~)P*cAs;#fDGiFR=@_XUbtwd%3
zN7+_XoB<_7Kj#6xd+^Z_CyM@L?zIj!kk!kQ&|fhpOlPYTutLcDh)-c+r4D;P^x!qY
zls_l=p^5gPt2aE&mRaL}|HhxK--_)U&!PVHgi!i|3QmLJ%G-?#TEL=u$j<OF-84{q
zAfe4ipw%?5x%CCLRd$G~O|rquIgqVm_6kW?e6f=yo)yQL`)VO<gOm>L{2`fMX7rCq
zQ`=7yo|idAr~VJQfp>4AaRhg~^VNpHjr_B(RUwXHG4Zo^k1@hcuk(xzOrDx+<Hf_8
zs0t-rU3^GNXZ*%HvO?4mO-mqG2epE~;$giNFU$XxQ>UtbHQHZ+frpO|Y-8Bj8%gkd
zyB^Bqb&F3=#{oXc<^A>)s@HGF<L;K3d3mUgdnmOv<rM@;)3$3z;kjVN%2yqytF5N2
zRGW4M9nWP4UT*ICyd!2k$*|)W#Y45;5QJ$<s1Sl+0&Bj0KI5+N9rbDttlcir*rwdr
z$(w(Trt<{D7SrmslyW7Soi{U4MNSX_{h6xVM*>A<u}YwzyeHrgfL?1gCS5XYzVJ%}
zQ5VaL`>*Ig)EPf`gH5hjin{^Xv(p>M*NZsD`ARSn{jvUhl;FAs>71KFbFKOM^jqD*
z+nF*78pC2m?@zSt8U{gbVB!E$0$Yg(prDq2;AV~RU|^|HrH8M;dVLt~aox8N9Ix1w
zWsP8LK19TI*#nk&#_pd*`m}@^%ASD$oZq2b+CMM=32X{OgN2Najs{ASTvh6}sTLHx
zv%YLjzi}P82f*=Gs+f?4f3L<d9n7!KvKkQljUCw>eUn;s5C(Hn#~2h7j)^~FS$i>=
z+%8|WY*^<g#&VagtWrX;%|AUIjj^Lb5U=%8B;VD-^||<>MZ~(u3|@3yr(j7<*aZ=a
zyBK4b@qv1zSd#cANO*Bj?AOHb9;BTw$}F6G)Mzy5I%~>?1YotJvf68bxZMuM^pT3i
zz;J620c2c0Y)^m?$;dmGl;W}T^SHZNobr_A^OpM=gm=QjG-F0w;`ZiXLUc2KuSoNA
zL<OL7NI#2$$#n{itA_bc<gm|z17^BlU{nRh`6THe;M$>1f(6PLAo3prlrKhp%ZrYh
zFSBoSDg5uTu&<X4Q0}|z_n_?aKea(_JX{^t;6M`Fi}rVpn|4nKr@pq~R_tmAV`{vo
zvdxWsoCouF>2s#Zl$7B%dARNJy(_V+-XU<L|4amM>?VLdF8eqPI-P9q1lJlfW?sS@
zIqep=x3LUd$dwyh_f^>sE+&|Xje^-aWJy0+v55>CW9OBd?vhLDAM*Jgg4{2u40-YP
z{<};1Xn-&R?tPjz-K`#r+uC?IHeE?BE-u#HPb)khH(WM`LX0y-Vpgj&w}xn_$l_z&
zE!mr7JE}a69CzCeEv&82J|Z$M;JdS8x@32ka&Gi?FtYEUEE|F2D+cM;No!WtH`#yl
zdaW^~rZ!YlXv#pwDr<-s?-u{$dT6yKl;i%Zgx)k#9w()ZmzEszYm7M)WsznbkDf4I
zKMyS$9}2iUOo{X#soQ=vAA=iX<(03|R?POq<M87y@-j95!zlH1l?&prn8AO1d;qmj
zbZ{^fH#avH4}caQAD@+#)&63g>+Ss=o5jra7Otr%f9_ZVm2hAl8beC2e1)nV&l`!e
zEX+%b`*J{{!36!x__K54DE<!>rzz+u)grCTuWkc~N1o?n@OY%C>v&0rHr<>4?*-))
zWd;J~<6Cy`ndu3a%CSk~5%IzMk^_e0`O*?n-Bo(kIk#Y~8?RK;9kS90-PYM|<FCKZ
zxDql%Ej)1`Umu)~ruk>RA6wstt!<U4VO%G(4}u}fr}t|=r@dio7h}~JhcgGij=p45
z{5l77WU0d-SE~L*esy%-I}>0CTQ#FP%bD|;x)3S$erh26cU@v0w*DL$Hen{0&m0EI
zEG{58>+?LO|1_fD-RrXD6;f741BXd(@~1y+*rYE*zvjK+B2VseMd4;oB~DcAW!D;0
zEv8GW591Ln*%laOX5%YaR#51?+ETmH3ZFCDb~E1Z+`S2@+=gvuMH84W*_5TJH5%&u
z6KkDl)s_|TOl(pd5CPh4yzaZCxc+JthXc=L!wNI;0v^~@4C5sG4JbG2@5$!GhmN0=
zvuP;x@sEvB<|}^?3TP3V%y)kP%qVsRG}&Q!pbT|z(bqUsYC4we>hujRG3Yoz$Gy@>
zcqrnlDTB_bv|8mo+{b(#BFxcD&v_%VBmnW5)uHF;8Jb!|NzVzmhbU3;)ps^%lUlN3
zBUZHZX~Qjp9%s(~Dwpk$ZHj<50Vpi1&qSgQlpTYvg&1fwUvpz);~6AVRp2_Xv9Zx<
zca1wZFaushM`vdy<Ec!XoSfTxdw~%VaIir}q6~jZsx@mgJP!CC1}z&5>ilHMCFlt$
zB`YxC*iD9$Zpzfx*lE;ohxe56)atM^bi!)Y-ScIJf(NX7$P;$U6ZHd(Y7A;LYF4d>
z_a<cl$w&!B@GUxFI)HoAjRb{K+C47<ka7*$MxxUlt!k%3d7!J5MkqGas41ID-{=<r
zmeh8_?TS)wXv;VQ&&l=MUM>6>%-@H;9D~NO&{gch@`7YI$;f}2(sehALjyQonJs2%
zVSx>;1bo#Ou&rId;lLA1{^A1WQ|IHognrSAZ<IW?4~*T6ZZ{^GSy_M8`Q+rJY&I`8
zP`vIrJ~w;~0b%BnE_77vAx@z=AA+*mbSy;KfBYKqaJPSx&AB%@>D9k;G#8im6VOTi
zN0C`3>~?Qt{pXyVNNC^Yk7!}MXvIaoXVnMP5Re<gQ=w^RHg=_EdMJq`=xjYbS9kaA
zBV3WZ8CFLP8T1`k$ne~X$ok}V2MKssG5GKK8i}*Y>f(`ABp2D)u5RvsDjiA5jjO!)
zWN;fKkd)N`Xmj7k@vGCUsMfT_&n>{Tqxvb)C|};62g`Tu`x@LqN5#Dslq}_xJqO3X
zd9wWOl<>p=^uyP?xgGReHV~9d=nU=TJ8#UfmEVVGVxr0`Dk3wDXqPr9n3hgx^H;a`
zE;-zJB&H0chV^pX=2-Hn+|Iz0m)0_Amwi#D9A?#Pxp#J>QKUpOQS<uD!f9Pwc&sk=
z;i*<N%~dop=o~b4p%;J}at@JL(1%z`!)Vh(zy*dSj&*x*;6`^Hux7LF{d)fQH_*p%
z=tJOO1e|Fod4LJ&LyGEULdTW53-(!NMK@?6VBL$pxW}q<^onV?p%SfrA%5GC@ZSE>
z)NNsV-N>zXjVNXp7~0=(^s@{G^iIl<H$@$K*_DASb$Z&Q(sJpdYKw%GHu0uPBA=e8
z8e~-moQ-WkRUKIP(v-fED23q7_KJdth+-B%;BT8;Re>1f@vOpH>w<7LqGxMpn4ecQ
zrj(@MAxcg1IIZHJo!TN2yhUX1UQ`_H(*s45|6;N)O{WrVdF|kn&5irB-V>bEsHF6m
zz6!G7*R`jAK+z==?();reAS6&u@rH~&5z9eISqYPQQx&B{=f`Z3SDSH|Bs``Y>ABy
z_JQwfEY<kK#S_K#Klw+kblmm6jszA!!8^Pkujxbl-5mH63KJ|IpjJSK7S7hkq$JZ4
zeJpsXo)CkC>ZQdjXpOa|+8f2gkqOPe`e;L+%No?SOV|@kXiLOaF?4oz_LmPA{O&rG
zgkr@bcY8*WaJl;r3*cyEq-I~8w^cE<I0^|;|8|k&noR2!wtj-g>boD|KAG|!M+XH0
zews5?un2pw%B&Xn`b+T%1r2SowLM=0)M`V|sMlC>a(%QFOFw(_3Tmn<d9!lLjm)n-
zpS(Jaa%_yGsyw{MR$`)ip69Y}ZVrxtfuY@OT&PVAZZPJ#7q-ETMk8)1U(fP3UNcS|
zu916jpg*>SBmql*B%#r0s2kVIMvqy`7eaqAX<^qFbr7{pvuS<lqGG(DbBxi7k4G&~
zCYx&u>n55VUbCr^;BotS$FH~;ljU$IzB0JZC+UH!Debog=7rVcRZv~NI`4gm3-bIq
z)kL>Nqhaa9F4Gq2w=jz2L*VE{Z7j`+&v!!@r-Sjsq^41&go(CdI_0oZzUHC1y0&(`
z)$cOIQ2x&7B*i}VRxU3>V=SfTm)W%ob<S?cJEx=7#0&2?x!Jc-y4mBsCdua3WF+E3
zt_OlK*5{k!*`C1^PW3%d8dPH%lQ+)T<zG^w2g+&s=NB$gC=%3{(dk3SYgc>te1fQs
z=8tL9^B}ZYlJ?PA>sP85(NXGn1KKM_HryD>*^p*99^*{lg;J8fv{rbU9P=|4;4iic
zCo@bLoVH?7edMC!RbDRr_E=%jaYOn$a@OzpkES&B)aq+gTJ1Q&<#jlH%)R}4x0#Wh
zcoicLqKw1He1TaIa!1k6{tsr8R&cC8?O#uvn;*~<GNlG@axc8Oo3m}cRh99(H&GA)
zTY7sIc#=;>zNFA=1UU<gZ)=S~9xJ2A6O2Xb+4^D&=!<_5bYfA{DqY0P7g)9EDtUa_
zT9r(r$JI@%589on=n_Q*-cROBCDzO-%9VEJ)~SC*V3AflAGqY$q*<@eTRhhVxL3^V
zGdHilkwz0+%%ip!mBkNZ^*6juo8PAZa`c?{M8t?V&K$*`1LDL+g#D#8sq+>HE8j7!
zD-ez%?hD8)q!w_0JT(T@4LnRAZXJrAFB$MDDF0-g$%BSM50&pOl-XK7T+(99u%vRA
zfhIz7jKI@kz!Q8FvwD24z?7cxa)2pMDOo&~3YF=$v*8kJ)%fXvbJyUd(lWr|i!6wr
zA>WNJ&!`9UqB^;mC2Z=3Sos3+r?w1)MLXw;_@dh;k$^{B2tw3~m#UobNE_!8BA5=?
zQ*mX8NI+{m)T$qE0AVxSA;?$d`V=P(k;KM^R!9>z=NhkWKA_wNUggVqF`cBWZEVn!
zBK6eTB|S#>(O*0S_SM4pGb`g_Nm;A2dd<n?qX36wdxtwweKY{_7>BZ=hgaui5Z@Kj
zszpRy`o0Ftc2d6kFeZfTF~yyiS=NO2Ac*~yKRyRe)RudA%2Sx@G-s^l#L+BUuKUrv
z${36rM<F4rKy1n~`=O&WCxII&ryAm7jH<Y?DBi*pCw=Rv#wh<ol6|FA3fVAsHMUQp
zG;Unm1<Rt4n<wf>68w6|l5$}~NVo(^8ybE=i>qiUKl&j-FS3qZxm;#9K%Ay=QT%R2
zN)&ULiY>8@y&!d1{|rxcI@6U0kvN;2n>Z6WoT~f`WkzJp(8`9ChX>|dQ{cB1wPr*#
zNR`QnJ4c+}1N`?*k))V%eV$m|-(o2*>ZO<FADPpEk0VU;in`fB^hBxE<G&4G{Yr%;
zG?Zz?hAcVN(xd6=eVs$dg1DW<za2$zEmf&JTr!9ht;OU`;TGvhSm?jhLquk4!53;a
zpP)WDKXm_$(k7tbUJw>CWm^c=p)HL&LS%olu+ugYP7%C%yt>GuCn?pqNj%<qr-9>L
zSmKSEDvN>l7UUOdea7WKa4O5W+Zfq=Hobe>dgU>TMn?mW)xO2Va9ymUf1^^)5cpH2
z*2XESu)gaaDHu4}O_;50T*)`?r?SOpi|6@zPHGl1PSl|@^bA5L9+0gH{AtrXE^Od^
zRpr*SGe=d&>#cFo6O+S-TdEu!ItI;te(q3hcTYCT_uGUk%9ko|T!X#%PPIdY9?kDS
zyYWCEGw)c<78_rfFXXnB%X2~LHxE)}i`%MU^`!=mRDHgqk=pU-Wy`xzmbSup1ka^f
zj$AZD&Z!LDy|Cc!jzSci$BT9R?&qM!3t2zL)j{1Ys74oiRx_Y_5hI^X&~}1m{5mnf
zovtk5?r2QD&S2!5O<$_?pWC2W^?cHBTz(eAAM_*$Y{4A6g(3dtERs_*33@L~bF2Cx
zv3TBHCWy@2g-xSWKaq0ZA`V@dw`~<;%rD@P_FNf<MB;BGZuP`av!H6Yo?6D9PLXXU
z4BP7idrfzzkGB>+xGidzt4$E4w_Wy+Wf^q_PZ$XzO-Y9=X0TC8ZQUUmxUjZfNW|4t
z9%sSU{dj5}rEbIbEZ&`D3$a<b5!+i#wvkIBkRTzUSZ~dVo6@h<tOU1c`M$A&uM+F&
zGNJ-8<6o$*!JRQwA74S#Qp{0G)co8Lj<su7lmWqHC)geP6m*9>n?a~A>r6u~gz73E
zi!!`>@OAOdq|eC?gE!VW(5%)CCdI-=$Fe51QoQ(ZhT3DAU$GW|?Pq6CZU#KaGR})A
z?Izm|`Dh&yjD>_`yGxgd`~;jT?4oW+-}$9o-aHz>Gn7V?#w|(tdb&?;+_Te5!FWqY
zxO`pQ$&xj?h+caJrsUT=QvH20>JnRxJ6TuNfzV_NE*qrI$>ZBxao74A*N#Zx>se&B
zJ7JJlK++*?vEiz^2aD)lEV=+8cD48UX@3Kf^`mV%YdCesm(09gBPc>PH18|ys&NNQ
z0$@4O-g)?wF1CRP1c#WQ;~ZMbIDCp0Bz?^TFjY!Nv$y@q<_VK~z0)`&|GhSI$N)rg
z&l?GQdqk!!dZzL6`+UcrYAbYdPI-v!gbq+qad8w33@H;6#vF~F-8?cps~^8A53s~q
zxa)~<Kv4WYWx?57EBh+g1uup<Pc@Yr@?1-J!(>_D8R<xAGqEqEO_-|zl6h-wfR(rw
z76D5b8H{l})o)t93t|hbtn(`R`U<*HexhuoHXmC;e9@Sl7gAl=_8Dgu3WpeA3yfC;
zMpH2zh}<Ce8yt@)YLyRmvoFeVn+a!q-?QT_YzUi;l|5K2W@8-AQty@)&3=7TieeX>
zA_F0AE_=P8Iy`^|)p}C26Gc7R*oBN$Fu^gfY%n|pi9Fw^UHdD~g@eesqZV3{>fd%s
z4T08b2}AIYgmd8^)py!lc^toBPFrfq2;7qe+R-ekQjC7O`$pWAZ&X1jU)LjT$=!rQ
zY*$68ajy#DyME@fkC-5`V#O;_p>fJPQgDudRPMIjR;2wt;dhyxZ}VlI)Xv350G(@#
z=E@ISgil`rY<pj72XmrCdFexXXtE=5j@^Ce-3e+{L&FA<7_JCj%SUIlt}ZYFO1zp2
zX-J}#-<gi!2ggK`n;cVbj<*mCj(E;mj@%SmSB8)x32&opj=Z-UzNIY?xeI&o0Xx8I
zU2mDV(MB&q=6_&u0tR`1`d|}n%&c*!x*^VWg51BmI5(wbdvjN3x(vDfQsn&Q_(-(y
zWv=rO&lso@{C%8F2>LHA^DAr!;dqk-BvGOh3NuoPez1g0_&zgseTgFF{DuRbn|<uJ
zZbo=xa}m#uA24+tr?4#!B2RKo|D%xB34i1iFztb(DrpU2`Hkm=1CO<b&v1y6j;^r1
zJ#$tWT;<e75{!~LM=IMA43l<eVf|h*<;;@5?#|Vie7HxsA!1mS&(a2?K~4^9Rs^br
z0SQfM*W*0hq(Q4%1KI~67dy4271G=s9cW&;Or-@fEObj?x<eQ}LT>f0DBI(2(fI4}
zd~JwnG;+^cp7DyY0-Z-&V4E>wo|!lKqv7_oO!xwiH~QM^J@;|a6`65PmdBvrk%v3V
zoDB5j;~Q3I%lzr!>ZqF_Ti#Z8+%u!$W}aukL|$cKR0_s87GwSVp^pr@k1V)cF2@bg
z93f4izE2)S+HYazMuI_Up4@$nccyxi-B)RB_T2n;8O36ity%w(c~KP+x<ax2z%3q6
zA0~`S(XzIHn^kwM)zuQ3Sz%*^JdOwMroudeFZFO*;D-!=t|7Uop6RmS7mW8I^Ujvl
z8t}~tdH-eF=<hOMU9Gjg$nbBEZMsgo!8Lu$yt(g){8t=5-Fz5@pW)lpxV9l=GnW%4
zQ;MmDyf`>UgD;?yBM{$s>%uTp_=ZNET1a^On(+zmYjp!IvnIC~Hk7hBT-~CVJE4w?
z-w7F9=n!|`x4}+u(k-m4h-FxoN&Noe3ES?s%I-n&xNx}?-F%^Y90+&bh|y0m*u#k&
zJKzSA2Bw2*i|<+@4gyFSKfiWnZEK9oCA2dqw2wmwqbf_$u<npva<c@^3$#luY9SbW
zdusBC^C(GUF-Jt=yF&&Fcau?FmbhPGyJ4x$z$#7BUh{V>5Md0*9OawX9yh@L*?t)l
zpLEG}pE5fI8WOn@l+H+#$(xdv`+(K}14XGKUyW(%KKDzw#0bpFt^@PIS<xg=`WRqn
z?dG0tA_XAe<Xy*y?QCMJZ!$$7M_Rw<pe`p$Yw^?fb9_q#*GFK2t~vWMxT+N?P9ibZ
zSj)(aYh-SJh-No`G~(R`i#u)4iCY1hY&pM<TOKrjxT0+ZMSJFTuNi4E<4SeD|G=i7
zT7d<}ZYU@+%HZ{b-=^P!Rr$NAsFqtlOyqqgqx27Te0q~-5^prro|l|5CB%de1;Qm^
zEn*L=iDlXblP9rwRXf61b%lMzr1buqhFmyPnWQu-{ttukosBs;$|QRubG)9sjAl;Z
zFc(%1aQb!kI#}&KrN!Wr?(bSxHtncbsEbb3J>e79dr|$Y)9!hRj^aPV2~el)S#yqz
zLR0x{d|3gRP?tV#Kj!IjW11Q9iFA>UYv2?;N|nkMTqjbes!)Y;Ix**}0g=%0t_{@~
z)rt>8_gJCdwl8`h>O6;UK1LY#=i2b^M4h3Da3oz#dG6J!)5@0dN+mkF%{8iSN(ElG
z`515$bb?;;BwRUvrO1BFhZ+`qFt7fU;Iu2bX<vO<_-ti5pUhC=8Y|&RmCH1|f?gzy
z(id4*gY+ki5;f_$JRNqBBIcG;(29SLFINkgkyIAMQK)YpWsqKq$H^20#A65(Pv<u2
zx8tAbi5$-|`pA)mUB1R8XBh|($UI*h+C%Y6z-U-BbVoMdi;_O)O(BX@*$|JGEp1nh
zN3bnGUS%-W-j`zC0TP7O>gZ0X_PYCI8Vsi6isW``Zr7%N3l&H7DL~h(ewjWVp(@||
z@k%Z<s<+A7QpSVRovZLi^WHl8eYJ-_#_{bNCI@ue@~Oujxt$NACDZ&Tm|XQ=PHXeG
zs-Q?9&JR}tXj_8$(j@_O^9y|(KPB8zRMeO_{%(Kzz6ERQr5$YK?gEH54uB2S)C68{
zpK|#?Q%XFN)VQI`4VVe@lT(kSXYbpzn9PuoGt{pIX_J$b;TeK&<Hc6qiNWi}3_GA2
z6r1p*+q)OzJXT~?GO2c3He7QwauAVSUnNPpIVxUVock?Dw;HFoOeU+356Qik6FRkI
zOy2^o+?*fJ)$SGXxN4+CU*F?m8(qT})lg4P{rISBsZX!t5xS@+Hy*fe9TTnR$p?kC
zz;2nnT;-{G{rM<XrWTc-eQx83I(&1VnGuo1GVi>cK^<7WgTEwR_I`=9^YOo5!5)5X
z3ILrG%d$UOAU)Zn>kduc_STz*#yI*WCo^CU9n#pBeOxa|*eWg1Q7@lfwNfVLys}Hc
z>FT!S<xp~Sz1y*!4X}S$cJ=Vy<4yZM3R-2*?v6vjc8vr&2oz8Xm?{5~d%{a3RD}&L
z;8znXF}{LD2#Tp*uVXyGO+u4=aHHLk`*-G-2ezl&8W!)VA5x*WeN2do64hE|L~K-P
z`3|qCrEk|8N|j?-su2D@5CWZ9s@A!RxyoF|Ovy@oJuzGlJ2n{ukwG(O&BlH62ED<N
zQWw;nQz&N`31JvOwhaiuIc=4dPFN-ZVB^O?{!70t^d7O7tNlp9PdiITBPb%rjZVmH
zS#@5iP_ufRl<do~$jd852-+>UY-o!F7SHErgJqduzITb8(-lDhjnc7+i#z#Vvj%CN
zZ@K}(xa?kaVeDw&C!WK^Oc@p@AVX5r;<}{laO5hu;ZoFzj@6p9%X?RcL#k+j_{Iu%
zHmT{>C90FkSsG<u((A+T<zAcDEPt7DzS4e&D1Fn=TI&Uiu{u-19z>M+PX4?3IyG8s
zZgD!Wj}(0}|HwBW`7w8&#KxBKCr`DJrA2Qr(6qg!?2uB!IqAyl6Y7cDSb{@6MI+D{
zJ9XP9TA+LxvzWu*Ygd{-{oYXJy`#;Ims;Q`9*ht%5U%590|;-~1So$6D$;F<P}$Pn
zjwR<AP5j|Z{-G?1mYfFoq}K*F5rtA^1TN79b=eW6(n`_r(aLi~9%eG?g~z-7QHdX2
zI$>>XH#n(hk!`bXp^h$uZ~KTXZ|NH#!E#%g&SDV^V_Dyu_2shesU^~s!{Fi0p%@_=
zi4&+CE_I6=5#g~c8l;X9w6#aE-<T*ME(49y0d(8xwv8O+_~#Fpk|rhV5?kM(=`MxF
z%nJbDy23jdhBo^0rx=O?eiYOu2ZyNUpE2aixy0UzD^;m4biM?oJhnbiCJ6{H<^2om
zJzW!1G`E8gKDI$|u}00V6Z1-xKJey@_HF|{JT845$pFK}yu!9$-{vkqc)1csTVExf
z1z-A-iUt1%`vbwwMw%FMniioxp#9SB-<+AoWj=^x@Mjt@tjf|%j9R6ldJ>}ezVZ7_
z`t&;^-XFUEwvQu+`XEhSP7(9-XJ?A!fE&D?eEA`DO?v#`w18Wo`9CzlH8{NUmyhR~
zv{G)Jpl4`HyyV~TXyK8D$uZbO?G7|Rt6KatDWqcbO04GMD9Jfx6`vAqM^&@3>o>D4
zLN7=D3GDC2=st<l%H}P7n`S*GMSbT)t%Q3*v=5wO;|gNQyl-<)NS0_FbC(<X72>_<
z;X;iss9ypF@e+Z2$;0K=6c9?#Y;h#}JM0N~50Re$0HO;nF~=zSKV|)oU2g6F@&+<v
z^;%sYu?QJWbuDjoWt|$@mbWmOUB1tL9#46W0A?CkAfRdZ@r#qF(s1e27{(jaJM+^I
z;+N;Dr?kxB?R$}l57l|9V~}jxr^hH^4nWMX;F)DYC#Eb>_j(g9r%S~5Ad998pac9G
zy=CJH0aKNApSf2{ocPbIi<szNw;zzw3l=HfH{TnKQ^l$w!HAHdL;HZJqr>x!X)>**
zFmP0$Ofv1x&Hk7*@J3k>ag^8RY&UiPOE{<_pFrg<5w{`kzHBsC^2$BaIjuCB!mR<G
zKMhb*bT8q^OyAuX?bann;S^SVvLr?aqpWqhvJ>y~n!~J???Wo0onxe4V_*2%!SW%i
z7we40n(Gt7?BLxb3gz}IoP+wym!)^2(Shd&@3|y4bw6#-M%NF>(Q%Lm1V}vA5=*Ye
zTRt!LErYBL)FrBB55Uf2kfZ)%0)F#Il|4C|#FYWw<D}2){5UwFr3rxLU}9t?%b6BJ
zwswMKhK!adTjBMX+(FZ;+0+!BTz6^A>7+DjE(@Q=!yI;<bf#UiYvH0$1)M<h&BI%N
zwgZuKWsXH9xn;exBFi5=4Y~#dXas+e-lU<kw5c=_Q{?3NO-lHqZ%4K_<q*LY3zyml
z=yDn*o5wb>tz^q{1~uq@sIhpkB(IH8r=5X`Y~gFQ;>jXNXfB~Q5oh*Nqb9HN65Psx
z#k=;}Dx7c1QsuxxcJ7Se*~CicHZrE|V{4CuDqZD#-nW77h$qBs&L5EFLrPwm>T2>C
z<Wt+>cfvx#1~Jey5}ZXhRa#rc$T6kOYeB(nrChuyQ-0CPmQr_EAl#gxsf3R_$bLgu
zynre&w)$qLE9>Gl1hjP_46KT3+x>&t*S_4diSpYxoAlFCI1Q=wqQf$mxxXC)ze{gG
zd|_uuQpd<nzX@LAYEfZ0x)4nX^V*yp7fWszHz?$1$K+<Em!{#Ri^0CZ0qo*=1?mzP
zP(*`xJe=h<G@t{i*KsqJVuhSRYxdoP192-W8sJ~BopsCs#b0r7#I$;d9!v*zPfo(S
ze9#~%I!{hkGbtrWsOP)ZR4^LM2r;^WRm~}e4S2zkjIuBHNMw(RkZbA^8g;a=KCjOo
zd1J$?E@pR+w}!n)N#u)g?fQC?JxDmMcA<@M#lu>E`4Th*AU_K!!QbWI{&+h-4l9C-
zDWUU|waa~Us}d=|jhs9EsF}0gK?rLu1$a*sG3ASqY+uZ1WWtlFbbl5Nfvu_9X~pD<
z5z|jw{Jf8kr`Hgas<kC6*V*xpa<+~$d81Fao%D7~6OJ2KPj1Wkg5p3XF<Y}!RK0%u
z=BQcYA<9r+izteqdv@!Js3T`B;@uBv_sOc3(z>r+0I(TT4kf+pv5pr~e>THmOmwC6
zwsdP7kQXhQMwx~q<xgsxh(%W%FD)=}1-jr_TAh2CH|{pr>go-eRMvgv=!JR3mvtM`
z!1v&M;2=PfO0)z;(y)XW>3Bx0S=Y;QbnBd2UG?!O6}!Dz{riIKE{H`L)zf>@ezNVR
z#!O;e+Ez{k;71+gr~Nf$-E2UEw*-3q&a(IIV$A*@<C0ouJ(H=RV<N?OKLPv*e&CE(
zk!0nULhjQ6)jMyI$l=uDYA8QX*bx|4VX)(3FdFJ}M3zRi1LL!KAX!IDWl3g(H|7lX
z|6%PN10(7Bb?-QnWa3FOv2ELSGO?YBZD(TJwr$(CZQD9M_x<d1_PgKn@qFr3S6BDy
zRq3j=uK(}4R=24SU;VH6e0-&r_|sJkXk}L96V@ok%Kxn&W2<T5@aRFUCn?BSN)ykF
zGBI_{7&I(N0tUp~01jZE_tifxiUGIdzw6xdC_GU*4iq!s5EPP0xpNT6bqn7B?i}pW
zfv)V>)l|Db4^YqjKXw;sJ#b;dIj^A??Sd-fPYuA=(=&XgaN!L~Hhfk1u$+%2N-F59
zx5tP)HgpQ~lAV^eWcCt=LS!1`<kX}a@X;jAh+6$%buIH%lLjFp7WGcU^ln{42wyFb
zcI($0S%Q4DDS5}NJ0pw*F^qmw>2i*(nGPJsN#r*=o&s@zHtWlN#VT}tQe6D7m@c>x
zOZA;C7o9c*b!nS~UVa|W-ka8;4LM8SzH--S(e4Nuio*SUyFW5NKM$yF_X7}WQ)}y@
zmKJmX&l8EuJ82NbJ(x^SXucj9hWkriUO-qFiZ0Eyu7kXUOz#8+9@&NrZl$E@n`SGp
z3t(vrb2%^jScbQL;*{PN_X(n_5;G9v&5)-EyK)^5F*QHPsS66jUvqEoPA3q`O6j{>
zX7D?_uKQf-T{s-=ThXSAHSD~&##03Bh}G$aElYX(pqsKq*<mgIj{{4^WGj;|y%<Oz
z))@3xebn5#7thMCv+HYUWkMf5l*CmBf+3JIJ98}x5J4<ey6(cToQy?!=3G)<!r+RE
z(eUH$b}T3_D1aj7^yw>38X@-zwl`;3li$-E=E_5Q$aMi`F`4P!^AfrgGR|ljU&yOG
zY~_zVR%eo1d(LSLyrx5xLzhwhj>H9Vw|k?amlY}?<^tHZ<h}2xdun_UI}<L(6nX-!
z5FL8-Bl5n(7Ocnu6cZK7HpdOlV*f*GloVwKG-)z9%nd17{R{iq=4ac%_-hNQ0B`qu
zDH^HcY*hlY4$_4~ygq^02P<&}gvvadgH8>S<e4hN5Vl1e)Qs`my4k^djsCZjniD=F
zMv5-|Y7B8%y6V>U%p&7bAXzgzxa|z>kX=3?vtR5h*P@qPPGCTSD?_Tg+~iY%_YzmY
zN#i?rMTPGbNiM_a#>8i0x72&##Qx56;Y5jxb%v49F2T97wc;4n*p(45xWMp{kOLFr
zIyb08AUwZA>o}bu*I`d@#xr(&$Ja&peSs(5Q-&*y+ZQmVS=X8#%^@NpL9J={p;R~A
z1KM&umNgQJc=0ioPxAB%Ney`tB1k%7e;-W&8UHGw?6VF7zN00wPJUQ}OSke0PC6}9
zyKX?1m=f>ked<_ECwIqYQnOHHfF!<dyLBM>Nu$v5<oIo5=SlJq4^-Q&EM4FUXw*E*
zU=ZP=vMOUTnaT8rk{cqMV8Fn49y7A{ZAR@B;+MD~cnzJfVog>Lo(AxSc8;w)9fi)c
z0sQKVel)Hlb-#MkX<(T&i*?N$NJ|VHrv#o%%-4IB-=)<+Wn*U{Zerk#Q2zZV%{C*@
zY{(5|5oES8$lu@zmMvH;STH3DkN|iD01cEU`@zP+0ay^|4*=KY`R%Z-`{Z9>Q(F_v
zTT$Bu!RwgrFmsM1z%;Fk6C@j*7~Y^q2D~C&=ORxE+aQzC_N{^?^(4-StZ2x#__zs7
zste{y&DVb%qIl;XEibK?SMxb%_MDrA6m;_Z6B&?c%V!msIDDM6lE#4P1B=<#?nt=*
zL6OWriZ#+Y(Qd!~{ZO#|T^*KcO}IOL6A)Xqc0;>d(-K@8?+Ubkq@>HD64#-{L1-+G
zkeW@W>;`Ia^kwFcc5})Z$+TA42QfP+ig3a`!sBr$PI14=I-ii)ak=LE?Xs3r5DTc`
zkfy|QnFC@Yyc1Mz%Ui`6)9&Y1-I=}locJymNsdjre~>j1cVD~T9*+Tz+~7<pA(nt7
ze<kY27tWqv7nV<O!1`uY4hyJN9QFnF4nUKho-_&{fMD|7<i1#?F>$}0HW--T@zQ-y
zw%&iLR)qC_*#;90or=?rmkiDc-%}EuM*MSl=^G^{cvOWQY}{&}v|guSZn{sl%_2V&
z_o;<(a_>dJ%S8z(?S#dH6DP;^8Low^4V2Ph7ICo*lrruMA;>@x05T+g2}X+Et+c9M
zorgW|`{eA-?H+{b$@99)AFT6VEI{buW2KY93z#3`cPOt7!6vU&eH(1}Th0*KC}Qeg
zes4tJafcs~vg-VcoF2UJhfp1e(#zpi8cOioW4PL>Bc>fS*4(3{46t+!tAVD@A9F3^
zmu#{>phXogdGayzR-ZpxFiSfFM~XT=q%%$#j{735g}?%9^E|GTo~Fwuh0*l#b5B9P
z8;K|fxxvrr6u6Me$laUQfdB?QpkM%Jgdk1Q9soy@DCnJ-fK8BCxR8z?F;u}rxWF*I
z)GP#IlRi0#@tJ+Ib&z!jMaieijCxX35m@?RlXGUgT!7nk(K4*{KgdE&H5^fBUe#34
z^{zdVWyZsm3n;}m+UQQU2S<4Lgr_nAo{ZxJC;Zg9uyxkWY>4GYN@<-L_A7FbBJrqk
z87)p=wurosIrx*&%P`-~W@%3!SY~ckqMoNdeu&0MR6c2WEo5pEWNB%V$ON<+iv3A^
zfroRg^%=)2tdPgfKZxDRUAWSK+iSr>a_Xvyd8rWNY#0HB^<pWk|Ddq`Gz6Wq6OfrF
z)0D`W`1^}2q<8d5^#h{;)n0n{we%ES`gqP!7&2XrDB|5giG<wNL<9pdJTICr&ADrR
zpgYvHw?CgWeUEJnLQOR1tMp?>>ARzf6s_%}^d26m>i^Fg&ELhU5%E7w&&ys$OUq>=
zK^_dOAT=!ufCW4B%*=8-SNUd6gJLvj7?_{COaKL)##KJ$>m(s_?Yv2r`|X4`Ki%T4
z>5s6M(&+FCrDmSxCY+iEI~+ObXxNp@*QCA50ljuyO+GC_WJ^nFL(|IbSXL>X1i$*O
zO_%j9gwQ<~7LK%TAJK2`QL3{7S;RdE0^JS^(H{*>cxZp8hJk>op;gDj;-##!v$IwE
zjmSE{r~+`Tyj-?jwMOY63WiXxNDCQb?S|P8tu)+#15s#ejDDpvtqrUii7PZTIqLX4
z5}B6({em_(v3QS<i1iD%h0AmGG~B-iox>7KD^Pm9Jwe+*9+>Lr+M)q^>&U&kXz)zB
z^QC+95&fj7$CS`rnf#jCd>Il}I|%!#fMdu5jodX<)vLuonG4l0ph+|ss6~+67jdXL
z6FJsTlWH>Z)woSKo5*GfZZtlj;NNW(C!$t?I<c$4QfYx`NrojZQ7so|&Lxz({TcQA
zv4`%(=u>Fqv{{8ld-!5I`I0{M!gch*m1UoKWb?G}A;>*xg{}^Vd+H=LB>P6*)bhyt
zHHojTuHO2EWPH-E<hm)V45ZA%ZX(KQKohe({I!N-SdrKmB}pGBbaRPzOUJroO)l_e
z3sm{g23;{K<7y0|ysfw<cW~N5NP}ciy??Znx40$5rrXz_Q776;mYABwTMwqpTiI@c
z$9%KIo0>pM{P3MXI{JOyEtM!5+p%0t(O*vwL0xyXT?d4PZli~(Au^3nI+QAA5SZ34
zBHs(tL+!#LSL=XPV%wse$g{yRI!UpUfRrryxfg!s1;S=6qvz)<*@YyJvzSADBS>7c
zaVbtqOJFz|%rjY7IUL5RV*zKE+we39HR**I1#fQ>AHOlXbSy^2J9;7>vb=CsPmvKA
z_^bRT(H<Hd<ea6wkAmmilX+FvhCyKYk5Npl;YkR)KWH(FOo?fI6V<P_fTw)oZjTZT
z`ohWiIO}hmlk(>EUdKz09VsxH(4uv*sX|W*I|7T3Z1QL*y0U7Js`a*iFP&U7ZdNWU
z8xpaaZRk|_>5OTK&07o;b^U73CqRHB$P)z&?%!XqI2?lir6_*_*xbJ;E-Nd5dc{AS
z%Hqv^2_oDXW`PlxMXNoN<LqSB+PY{DcjR7`ei8TCWvX-wY>&0XI)2D$d4=E1A)?LT
zwNPqwzFK#b*$S~w@+xL%YrffJ6JC7%Ek3e3+(_-3oTbR%W->xcb2=+hdV<g8tugh;
zvE-4%bM6rfIS0K`OCR=4CHOvOD`oohJC*A&3V-{Yl=jG)g}XaUVm*-r50c>c5$;Mx
zHx_6=`c<I_%e8(&K<z#Pi5b%~I4MGke2;;BYk6;)Z3pH!ok=##wQecp?%W#}JZlfV
zBj2}`7zFHM(Y=G90~fX$2+EyLb9Q#s78>K!_!4;MiB^#7gUKJD$plcdPqbB%nVU7T
z#GfZ<H@H7&e1-WtO-LZB6UF#oD43s)ln^u$rMiV+wL5!M2^h&_Qj3Pqe-nWRhqGiu
z6hexEKwPGrvC0kfElf@G2C(8#VB4O>--42wO+$+48C54KzSAe=%NZ*NvUI%n>WSmX
zLr|AODfm+T@z5D$T@MeT0%>QGx@V=QF@jQ!YvF9N;%mE?Ir^!`{rafGVWo{4X6g9j
z>F|<tcSZe|7@=Ghe;z!+Saod2N=`8>{XR84*^4O?n2=FTEfJKr($#$<5BpnSrLI9J
z{0x7m%ZcAGLvo2sD@s=|%8yihj$yP25m|>scuaFZ;+_A-L&Dv+o~RUZ$!~*_d&0V-
zILfKgs&lg?wvTmL{A-d2jhTKcIyxToM#<d>lG$*{82w0ikDct5#|BmR9aT%8b|pjf
zd2g+8D^IIti#Q0hCEq$VL||*VF@Em7R@rI!;gH3pask6`Z_UouzUV_eOt5a*04yDm
z*qnox8*Qehrh4<m^6A{}sJOVehm#p&0Fy@wlPQwHP$V`&##*xr#$m<vJ7*RmtK^ty
zK$OiJE{pBc-BmTd73%B`wg2WV-Gejl)NjmP6B==Y%Cic+06s5kS6@=pjq}tXN3gNJ
zI@JTaU1cSl-OotYZ{aS#R&3V@%NbZ|P6I0V@Dj2v_!MTFq>e-bq}o2<w<+dYIIV~8
zS<4_3U#btg-u83A(}S8~K3%?_IX}jFRs@jd{?7TMcg8c%=<1#Fmi0E!SOgXB3XG#Z
zbj1GTAga+i2kh%BcZI>z>AisYKH`yNm-!A(Ok1wMQkV96?0IonAvE>wh05!F(XjM<
zVeS3q2Tv%0RJ=e#D`hw9k&7L%B;=sJ;7sDzXI0c^K;V{vVF*=JE>QMqHR`;ac5;0!
zP<3W4iu8DhJZv)kcG@|B>2{>XyArao88{@w-HJb%kl_@GV?89u2&LmGi)|<_pj;wX
zrdZj&IwLior{s6;Kv353J<&4D;YbZ$JXWq`fhNPT;7&hRW=%8-&YiL1Vw+ohYiRSe
z@M>v_?Yuq@eOg<_opESQZ&p!9#H_VrEC$PIm4hp}cqvC<@FZT&yy0m2^771erc$LR
zDpf_>H2@OV<ND9h+1?&9I8*L-rgVr-esrB<n}IS;U&hL>-?XNXH2`B5z$FZr&dLB(
zA;2XFpqnzd-J5W6aa}(?0@4x1O_)+)P=&$Ji{?VYp)1m4gzT_Y%(bvHsPISbPouGh
z%`S$m{Rzc*v!$G|^Ayl0l}sD9W_B;(Sa@!c$J4rN-|SH*6ybMO)t^232y8f_m8|Xw
zB-siw*^9PFlY;#IfzEgEyxbvgVm&O-x!st|8d^C8mNz#i0ma(C*F}s7hzjK}^@>iP
z$(&s13a4X!wT4C=A%TL+yZ*|>jJ@p3Z?o`Z_W8A1hCHj!V29G(ALcI)<6e<kOPDNK
z>@h$aa&Af`GiJg=|CsK23i^pLmv8`Yyf+l}`~CSQH-Uzoh@)_Qtkv;}!E*8sFrwsx
zQq#?9t7CSWuR59JKS%B0L3@2KPH|NES+|b9u#XAVb|jKR@{c**D?1#O;vfI<K>wzy
zs9+uP?>bnGI6<=gKRf-(27NT_rsZXMBjlZVWC(w~`#+&ue1#$)B1i&Tt?v%-Mnu|0
z{6yk{rC(z<|5(15Fk$H5p3w+g!kwC7H2+XsQ%w&R$;0ou6!12a*v%mQ1NFKlibdxA
zb5Do&q{LH!Fd`y?iDe~*h%*8f@CTEAQs7h_m;9dk36YmigmXiRNS^$n+$Zqzl1;4y
z?7*li{maHy$G{7sNL)<o6wh|Zw(chd4>HNWO+!)w^0u-j>dW@1d~TP=bZMyp0fl6L
zAcU1Mfwfi4@7|fiLF<X(m8w3`d3i>fuJ{5qEeDfv*E~)UHLFZBCm=TA*t<Ttz_{U^
z0!RA!Q*7H4lg-736dnw)^<#JqGNbSCWz2%p$(@@Lb`qGSvI7ubnPpO_U*HR`!AWEJ
zhLKZ#>H}#~Yuvq~Ejdy=h!_%5GG~lvMrS+bP&4hr#|8icbgNB-_MB!7dZ$go^N*4Y
z>K;6#maQmBXO>YMp$MC5b5vY%W8UYJFAYL&^oXqFa?wvikgtIUON=Py4Cn$)=}1u9
za(^;77Nq>tLPU^OrD#jl+`%0Y$rbUVCyCQ))XEPcKkDDNz^z36L5eZ+vu~JcL&j95
zJ+_HH!}Bea-i#?fi3KDgACviK1bsXUo7PD$-C%!Q>S_W>g4RTzyAJF?i3t;6&&Y6u
z1iD_x3lpWY9?6@qKII!sN(uc>W)URDFw?~N;>nj$gC@(O=3<a)d399@Q&aka1eSfh
z19XUz5ZDdN5`2=ncpMb5`5#a9DpDRlF$^eRk$liplCy238R#)!F(P8tFSyH`znk**
z(Os6lj6Xi~uF)b%4&T!(1w(!+hCv}WG>HHF4pXv`7D1kuIskDn2N4-Ks%?ZZa-viy
zQ6XH`@dt{>j~lOKrqodi=RCU(&~4S3#ag%@%{O~#O~}^Y3CD}^YgA+SP2CCg2I*Lq
z(*=)*I=ETI`i4WpE4YGw=0O;!5>&<i$nmhO95YYnKOdDFEKz)>`EFF2bPNjK%m3pW
z7^szg!ZB#y3T}P)=_zkcC6j{xF5am0!83ZEo*H<>#KidqmbjfF!pT}1Fl5UUgud64
z8->}~in(X9pRn@g8S=#S;W6)LP<lCoRp|O~>%2}bIEExHsmqME@&XIMsVgPCPcHz1
zqZF98uoT<c6nfoP21Os(-G`!>ph_p5#ic0~z^U*xIv7A*uKi;&m-e#TY(vV)0`K+g
zl87CZ0xk>e{dq&Dta(9sa7Te5`yeTbE4ZRO*z;89*OsbeV^qLU*e8AYrI+1rD&tYM
zb%LDRH)8JwRDEi)ovaQ}HDwslDh&y3M~FR%z3VPk+!N9xTG_W6zjN0sJfJt;lDtYQ
zct^-c{3yjte%okoYapm0ff8$;o{&QIKN4s=UAeOdE+mxZbV-VHa@IzbbI^^R=??5-
znVY(lKB7-7az-s7``1e~@aDXI$k*M_sIO%=uv(L|>>Z0liJaGi5=OS{2?+^5k~D5E
z)x&2xGjza&>1kF%J1QbX%o$AO`3)b*?M<evbh##FCb4~!d0`70Yf=hdDM*rNdU<mk
zhV{G>uBg|YgHX;KU`h~GW>kL*rlR&_F?duXjkez`;@|IWW_BnEjzGf>L>Yw3^wp0_
zY$7-PGOL*({T7xQKpA_jQWByX<InHGB47iIXiX0TmIU?ol?YnM^;xTrZ>IY=sQ&0i
zJO}KdY7DG^vm%)=h4d0gQ^b)My`AJ-y_<OQLtW2)PJwC~^!d*1fwkSu;Sc3+_;zx_
zQN=*=wnUXA%vM6et8!`}{TGKP%yvbn%*Z^Sgi%lSpNGfSFwN+^xWkPsbsmv$s@?5~
z^TJnX-Q$!V-I@Yx_K3wk?Dp{nzC9!+O0Be8K50-4%`Cth;Va2>*NUg0&*nQlq`%0@
zaQH=wyL`{SPltY|zy{`p>7Re|pR3TV+@6v|1EPELE~|d#nIxT^y-OUj?)jCeL6_tS
zF6zo~M{fLd84(mWWO@BSN35(nqSAi1I+i|&Y09BnvU_ab^UmGov)t>JDEbT<eV^13
zt=7j(GqiiJCsqOoasfNmOGS@k_wAcR!9pMPLgl)y;Qg)i;!GJSZWeh(3mRA3tEe!c
zY|)LKb!G4&$=RdO3sheDNlJ<OoT<Y<;h4YjU9lt0A1Oaw)Yuk3vAf~i-4x%x{t{PR
zss=rJdxVIG4;M>7#FEi@TEODABYpk#IQkWRG&3kPU&RQmIzK<=0I{<hYqMc>hL)F_
zgVWdMFS0*;0+dW&a%5bAF@(|~dyT_+{m1$PLhZm89>O6tbE9=7Ogwdi^EW6Z<E5^n
z9YaEwSD2iRlI%UnVs}HQf~{N6vJVl9wbvhXR<kxjuA-3s=efINOh=6GbA@oxEqe|y
zEG2!?DvSJA2w`Tu@iBus?6A|!Uot$xFrZ5Xmr(2BXHLtV30zty`=1>*V*BXrqE8Ux
zO`ASd%4#$_s|9H#&rPP9z%H-dY?f7l%8=3bihNmA4#;lUSJ;(yzj?Q2tu*LkK8lX$
ziuoF)cT_ZfWYpsTyll-h-DtQ)@PMeq!NZATV@=jwjpQL8W#!epC%0{i2vievWtj`u
zoc`5VwXV;iP=&X_GA8A2PmT9&Yr^R$Om`<zb2Nnq?u#6ZBPf=cC8$o!euO$cn-m+z
zX%Dhs5@&Z%nWBu*^&)a08SJEF)6l?LwnZyzAqcF91g<z^!p9wUlLemfp26EA2~#Ht
zwhP$(A@ga&MKas)s&lNtAa@-1$kp}|p%>EXvJv0#NK66P>zw{@*BGwrZUL({J+8*m
z3M?)f$}uvI&Rs*8<tPrDW$f^CN-T!hxt^Lh>SZ3z(7u!IopW@c`xH0I_{;nm@;S{q
zs5;pExS@o2Qkhu+m`Ij`_q|72(-<s5H_2t>>IH1R*o<=uRlf+-b4vz1+uM3pRpq*z
zLd3R?nB8%(a)0}RSB+6Z=jlHQd7{{2kt7tXhOr8pbm3fr*^fKw+jEPQbkv%|y~8?m
zmgh+p4LCv~VfeE`{0<Op7}#R58CsPsk)xQWmL5i+qPQy+Y^#AaS=M@WT1FmDiZjDA
zc{+b2d6%Z%h;{qSPq9#Ws-uTFt#bFeWlDLTf8A7IM_Rqvc@!)s?f;6RVz+I!_%^a>
zDM+!EMrUv^l5Te%8-8w~FDSzFQ$K}AQ+R&KK5Iq7t~MZI5xUU0KwdY@D6-1z=f`);
zsY^p}X2vU@g+eK_R4lf%vte-=h(6OucxUVpX$!Hb{91V=?7Z#v7NRA6)Nh^eUeD(A
zlINqI@zMLaUT;a&O&3$wyeVM9RhOHXX*DTHu>vz7c6T&5Pw+X}XW8W7XRRpXDbMuu
z$bRIE`O|W5KNK)owo&4N_?#Lt4p<v%c5d9o$c~}R`zzPQL}mq+V<Np3m2t)O?;dYY
zcYX9q<%{B1+_Oghd|VWSmOp9{JqJuTCB`VO=?tJ&k>-4-JJ9nsXSvZ98TBC!aDTZ2
z6--)FOcCT$!~lYbgGyU~t_gT&EQv4=H>OLbTQ08znna?&s8!o8`b@kXwwO{Aa!D;~
z3{-`_`y2+Xd$2lSzd4;2Z2dLogaiBSia09dJQht22N7tQTt-JqGjYLjobT~aKQZWa
zPBm3*I~N2mb``nm*B2(Ytr2(YSNnR$M>?*|t-*cr7?AQW%Z@*~aVtg|6I59heafjJ
zw(_zmfx|y)Go_7uw~mP1z#o>&VC=;~r-YyN#-e&mXwKZHmEe`;oMJ(H-<I7T&Q8V`
zVR^HSw-Q2hhUGC<>t4F5LkxqI70#d=Sexgj=pMP^%hih_#!U#zv?c%%IMwQw$+cy!
z?l0%~RXNomJ^sq9aZDQREAN6kzcj+s0As@*qdmMwA)@qJ=nQ4<W&U&-sCo7JQ(so0
zqB-E=8M7%%<rKiID@UM0$y@YJ*)Uz^CH(+vb12a!7ekR%FzM}LKZY0z9p&`%0FH7B
z;nh|wTNyr8*@?pzM7`p1ebxNuTZ<S(L?3zHqFGC{Fb6iAVS?NBnc=q%4lD+a3=B0p
zf|7a@B{UsgnIO=4j{05VAAp%n5L|9DV49<8Ts*Jta0#Eg(9$(#(r|=kDF>J-nHAq~
zNeGp7eA`G;=a%ALPXM$*zGQ=Kv2T>oKb_+u`l5i7mp`aJE6i~Em_`6W%3V99bh?Eg
zg5m*>#XIIcZy|&%d%I0^oWETRYco;w*DoYM$Tt~$qRu%9C3OhX7|Z0F#?vg?`AUc1
zhC3V~sv^=q*8J-{2Lw(|&Xq<>%qgzB@3LGsV1FM0t9k;WKJ0@PWmsq)dxnOBdf_{}
zjDl9bUYr-JbYxGw4ldYE#yq*&jJeHAKV3H`GwSq^a}Z%dzInpbWXJv|dn?0l84&Rj
zM%y{Oq~kp?TOc_yIca<{Tj25Wu+;v%8`j4b0==b~&9=4^%jDtVp{n^j!=4XFjLAv|
z>Nc==LR@f7Ea^O@Sp;N+x3V4*7Uuq&LjrhJuyw}+YLQHa{%AZo8x|Y@`-$q?0W1(n
zp3dPI`q!V|?~1(~E37!LUn}8s?WB#w!^1P4)s-B}t<yXiy{r&Buv`4{{7g18G$7j*
zfgBCjHL*9g2vq&BKpK*YJ1`iP4saYDo`|9{ZaIFw7mE(NzjX&2VNi6mF~mgPXe*(t
zea)<2yp9g>5L}%Q<sMSL2vN)A8a~C?7q|VJM8vN{Gm@kTNJet~`gls=a%FgUcyMud
z-#a-OIhiXmwX_@<8w+~^q*?2HoT`N5aJNUT*?Qn|I$IeXO;&VUu6t_WX#h4>uB=H7
zML|lVv`HOS>bgJ5sXZ|+RB+|gioWlbGI6wauHdpw@C~P@fNAH5yn5g!On7lUijX7A
zwhwvJxF?c2d-XrSawhY-K66Ouw94Y1H;#)eTC9RKO%QW~+j#NmcV}3DfZ(bJ5PuRK
z^0s$RR-CbGs>_bPQwCMECBOc=ut_#=k|CIUqLHDRNZA5|=`2xud;7ErlZ&e>Jz%3=
z-SUZ@P!Rp{;8MwBx;Ev@jX`lG^YHc7bBML_F4fd2oS1A}N=Af9ozL+=^HaA)hy9}x
zl0I!OnOQBsNg0Hb<%<-*u9DEkiY%rHc)sq-ekhpepRRWIHq!yeTE5k>0NH-B7^klz
zyZn;xJY@mO^!&8MA}sk&SNFgV@GF)m7B85!cXZ60JxHZ6fOlwbVM_y^Jle)<^~i6#
z+%*HbDoenw1XpPAebRL$Ls%Xu4I=!OekeFUM~r1(aQ2AXb)qJ7whW0Ga+}gC3jzX_
z?npXy$<@RGm*iE=@Ro<cIjKbdbt#su_bG4?<h*rV-PQ{8Z<NnF9#%h~!cf_An0omI
zu+D1Q4xl{0zS>PNFWEevuUzgO`E&l3bR-V5bGm-Xd2-!**#fP;3ov@W01X;bdsDwD
zk!fl}VsoY37?;siGUcYG&boQu7>%jHAq3PIp6@}&u*BN#;&1orrrNg5c<wh@l0cWQ
zP%`kbr2mcO`y;u@j|GrS?vAF8rgH=V^6}ivOb;Mi>G=3KyQL*XFbIy``|}+Ukb4Cs
z+NdVx)*7u9w0hHV;%1dMrlz28qu`ZGHPc|fz__1avFDRF^icY>jV*CI`_iXu<o-0N
z#WtB^;d~NAQ5S}J6`^2Q;hh*?9$~Q-8}uShoEMb%E-+3DnBf6ZGHhPhf+-S0p^!;z
zwmhG1Mo6>d6czi+syZd)<q`j8Tmf=2aFI!*_zE!GP&a(koGNK2ikafR`CnR3*JnNd
zd7ypwO`cwB;dVghgxY^fl=yrQIpBOzN!?X-WbKy8)I{xD3&J}e`3<yOKRRA(2V3S<
z<qyQl{gQ=c2S-(hX$^EyeFB+ya-Ia4oi=8E)zu@|)U)_|qMz%X=mG5Zt>Nl=oqJAH
z(fL0e_o*3c{x>sk7N9fT><s~amj!uwet?rH5`_~H6a=}sxha*(1Qj7--;*0Ws$ME%
zsA#oBnxHw<wv?7YOw{r_g=%Dnk0*(lO*GnzFU3l3QXz2~X-kZYmnNwp`ET09b)R7Q
z02j#L_fxO<E2M>Eb0z|$w#jt%KEN3Q{Ekc-)aT6}z#ZUFl)g8?Rj997A4n&(PVL^D
z+H29;gPlOev;SK8PiWNS8fB{xAfMy^h*tmE(J3eb^G{&W-^-8xzjE5&@A#jTNI*mW
zY9{|)n*bu#e~$Wp^uj-qKNpNN7)N?y3`l`s)idBSl&RG<{t?W4w}USKW(M6Ju6>E#
zybYO{f%96sY$uMaqdnS-L^+|o$FJ1g@P1>iI;nd~apob^OH{6J{<oby@C*FsfLsaJ
z#jT%cE@<RYQusEZqz^iohY_i?uB2zy`-Sgra-=gaJvv&GI~!bem;7D~kC;5KZ|+jJ
z2oco(WJ&SSA<?X`2Mb$Y7_J@bR%Yhz)y4f@cFWF~lF8gDCFf|2fGRw$$nYyPuiUzL
zEjT*drn`i0gR~ccm|>-u=>yfM4GvWgH(Emk$_LeOA)*Ks&D{K>U`xMpdrv6D9Xk-o
zy(Six8WlC=fm&p_AH4UCSeAAWaL0U+H$7*|&5w?>us^7YvDBa%f4b58d?%}I^yshY
zTN67?7(%Nh*g$K8QNv;e2<^BB%Y?GdM@!UwyF}1U@zJOUep7^JWS*~xsI=NrtAp@v
z6do3=;_`Q{t@}RJ|6y{Is{XmfroE*XHy|&odZ#iwUX(Y9m%oT|3OCM$&&h00c*+27
zLXi0xu16nWAk~@EK)A8Dn};wZM=nD*o`5XYgi=9jpkeHxm3n*9G_$C^+YPqO>X3}I
zOd~y$@7})&<fayxjg3DHQO77WpukR@D|cRIA&8?Ay(wJVbxDGn$>jcv1vuPMl4_%l
zetpg0db_>=TSw}9>$qM1RmJ8z^mGMkz-1kur2q24)M(}A8!#qm^O&f2=Jt7g&9Ip6
z!^hQfgNoZ|wK0luhlyna)n*_~apt^eKem3-oBD6ynPw+kE>+gf{L0O7JJ-$4qv1N6
ztVqOz?z)RCiS%{9#@R?o-CoQABPg<tE1HH=*WgFx#Dgr4*tU|q#mn%{DkBci760f3
zhBfZl>(|@T=I^0HR<)<-TF*7YvuBGT<4@&R|Ja}+O5vyLhmZKhrs^GO80WUfa<@HD
zCkvXxm$o)@$nFSRb_*AR)Nb>tzMpnUV<iP^;uo<ypGRXacA_wxi&O-<{NZKV=FeA8
z*xSoJU+y_LIIe!tWlI0;OY8#V>|~}#%yuS&8TY6G?^;q;nVWvV!z+}*&1|^Q?6Nf*
zz?PJK;>g&iI(LhH)!sOI;Bv9QvzB!l+4^7$%{|x}vuj0wCIzWD-Yjf8hRWkYs?Nu)
zc11Gcai|F;re$^fF`nhjj5pWxBLv$uYMapr!`Ih$JmMMj;Uj&X=5Uh!{#;>-;4)+l
z$ffZbmZkF+`k}jZD+S>)C!0$Npg~Lc&AV6m!QNmn>9s5ega!^I;s(+eUDlS!YDFSS
z8&AkZ?J+GZOzS3zxO}#3D_Y3TJ<-xTyFZDIxPl{KMVyzKo_i%HraHx-;|i*({=7MP
zVPcCXgdGS09c38=z-?3+-VqipCgCkx5}%ujg%nGLd0QVjfR84j$})f*2tB{Sd`%#i
zPc;+Do2l+`x}0S@vzs=tv$>x;3aG@b^=s8~WZQ>vxX2Ln;x4U4teT0owhx87w6pm;
zlvT5d2q(>;YF<R1W5yZpm<63%z@bV$EIIEI!Ep#~fuyeM9Y1&Rt}uT?sOWeLsF7H%
zs(Jj#d6fyU*8JiKtQlRjjwjmKTwUUJy`Ov(BZkRZ2jlAH3{p3FImag6J?3`u$y@3g
z*T_Yq<YnOwd0DBr9yVX6&J6;=(-%e|p?Y5%<7Rz69K}Kk#iM=0zZVehvuo)Xb8_s@
zDsKJ#8V#p!R2`Dd3Kx0(ZohXgPnU0z-<jk4`r4r?SxYVkcNB74csF%F?2WAdYHi48
zRk{D@gCH>!aNCb;Tv<tvy#K})!QfEu37)T8QT6+3v*Wy?QWw9B{$*>-sm<f_V2wue
zZ9HTW$ef`q)qP~|J^2AO*z?(G9@}!XGdIbl>j^p29@m^Y6t9SLvV-RI1W{2@DEp#l
zs`6E<nR8U{kKiA6DxG3;>;0F9WEV)$DFxYH{`MaM7~H9xN1MT4F$}3u4UC89WF%#x
zjDhkVw&fY-UoWW6lO49xP08>UQiK%bVX;k3fDHFF!;c%{rI@v52^j1x57_QS6&(U<
z>d>``Guq<wOR4L$O-$@92c3|si)Deut4l-5?nP({c(%ZC9cFI-BkQvj?Is7`V4P3g
z=$QPl<PIwwS7PIGQxb_Zpq0TcVIw_NwH|#xDI+UcA>szgP(tQt98_7?I7zw^-}~yH
zp_mXnmSc|?vj&<oKMlAF94AIQN=-RW=tY)3f7*>Dw6y#(AioJ=|8Z2*HX4yrub1s9
z2|LhFgz79x?bb+4VUHv}K90YjWaVLO>P)2AxD<nK?I2vh5}lSQVd|$q&dQuM3;S2z
zpJ&g>;YzB$B>Tm|yuoS+dB7g39e#82BVP69<{VDC2A{dGt#g2R0@To&Oq!IcrkNCE
zzZjpMDsz-XJf=#LHuWb<^K4sHRjiJ_3=jJahQ1x7hyoUD0#P9O!#BzCfy3w?c|kMP
zpD70sq1vfUaX(Q-CLc*w;W~pJx@`~ini;x8A#Ylk*m82%uo?MkW5!3dkH#Vl2Z!R?
z@RMBf#*6_WYERbEYj+{G4bC!FBq1R!Of4tx9`9EDTT}4fUqFXKRQPK^ki3>BrhWVl
zVAJ*Hg0!yo)$E4pumkU-$q@Or*8232&Rvla3GY`~NwvECV6q+B0lpxcD_3CZJ=;SO
zpPyi0U<h>Xz?7RNc;J*fi5Y!KT^*u2dLb>}>9krx-uvnF87O1c8z$&1OW)MMBz+!~
z-rAm4wyLtfgLbtrW=E;0-^v(F`RP1psJ5kFf3m2hOQ^cBBl+Y-&R73rnJ4dMy&5GZ
zsrfl{<7ZL9GhE~Ks%UY`$Z}BF>VPEc>O6pbv>4=ZkDt;74T1Oks0aaZy{_Z#_egHH
z=kvb)!0l<B>d6XOM+sEYQW!-Yzqk^#PK(ul6+&+?xP4JzWcnPTIai->VXajCInh=3
zQ2||Px+>AT!TNV6AkzvIIm+_)(d%!uN8Rr*XgtGpX{S4lTMF9NhZ1<(Xz&y>t*_GM
zYI|V=x#Of*Y~;4@-Q_`R^mrg_oofQ5C!lR{#f4v?OPS4>%Oi2{yyH1ON?dlB-O4zh
zRU4jR*T+|%C*R!9pGK#G77;nLJb>PVb}(6DD{u67g<xMCBg2%#b^4*HNL1s~1wR!=
z;%of73Td)Qo^*mGyrKlmx!ucdtBHb;Gc+L6a|hLh1SOM>+(I$T(T8M4K=-{zr-V?^
z6_=J`oy`%${^(@OJJs^wrBhunn4O)KxSXrU=6ywAkPa8AlTnBfRtiZ6G=zo^GoXH)
znS%ya?JEqCQL-&wc-&izF<sDP>pEietFM?-@AoZ)HFMgd4NG$!ppBpA)hH^d&@ZI&
z*(C<#6&V(2hNTEYWyNYeld0fPlaO(wWT7h0$mvL@v%t)Cq2S}!aetr*6?Fs|*`uKM
z4ArRitSPj(9&BOq^|mejlGl(Fr|M66C%-rX*J7T7H|N)E>RY+L)FG>mG#H$(`tcH6
z(At?fv7(M7_4$KULU109L;X=9+PE+{fy=PHwkr30?L}Db2jr1;zLPbIJsgR_`+(%K
zqkS-Rz`{(_FN3B#V|6xg>YRR>>%ILV;c^}iq<jvX2nNQk{M5i#ir%nTs8Cv?P<nr{
z?rNg6X!OmFN#2poT!L8SSg6Tj{W>G4L@;DwSR|P>2$0?h6Y8{*$xtF{S7vbVMIKsE
zr=1hn#RltI&n22h>ncORLu;`{U-ny)?2(GdbXd%9-^6tT3;qPUQNlzO>fL)rHkKX6
z#dm-O547(eX}Z>>gqFS?zxGz_#dRzL@!~pv<l@5ANz2Jc85G}YIi~BC=vrGsDZs=+
zxw)b_071wqE|0t@0UiFyiv3h2Gjq0N)J!V{3Dz>rJ};11@{8)9j9oxT8DGDQ_NGca
zC;nlm(u^ZSRC-$%JU&d~6pbO1n%kH9Kq3l!M0%xPlX$b*HcC_o9~MiV=Ei&)2dk>=
z9om}3v)}@Pid4=~T3TT^go=34YCP2f&(0m<9$QPVi|4Myq*C_AL)F&xxPDJQi}G=6
zzxCAIm!ZW>Si?TiZ+5}($TF``Tbm%<<E%j1vi7ytY^fF7Lz-aref4H9+9;)kpRq+4
zFk#~wJDxF9q|j+^AI!t%g-bBY_G4q@2%`0V_#so|Pc&9M&p~oF-yv|OXYqV%k0k@u
zpd6$Q9)?<QKgvIr3rkIP+Hf@3%v|69;Nha-Zh%EiZEMveKcz1%3Byf3zaCfTmzbWZ
z(EE$!`sFHJta!#$sryRImQB8_!N<(!dq-C5=E^+?P~uhq!FnGq#4iPEwaP8xg&;K!
z_s0QfLZl`uM)Qw6x+H#)1qcvBO!^UJWo71@ZY=I?S<js|Fk_WH&0MY+ceuE+yFTbz
zpU`z8<1;-cCu&F;%boc0-uf2*(-mjE<Zq7(ypWF%5~kUw4=CevJ?joIrh^i2Y)On7
zoHiEX%*#%cx|`$nFh@Z4%eAiXpYm5Xrq9~7baD@FNOul&SF{V~$v@YN)<X|jRkJ}?
zX86QIP!#&H=41W%{GdYBW7tMH)mVN}q^h>^!H*l<k%H%EK$PTsuR~#3<Q)L<X8y^b
znxZTuf8d2m!+fv#7AQB~eb$!tO^XfXY!&1?x^m^RjyNhrc@+t{qgJM%lOEy<3NEr9
zMs8>QpON0SDw=|?-yfD~I)j4}7%Ei#Xvr~6G37qO^Gw_#Lcegxg@Kdb-+@4hVWW0n
zJbd8;wf&rDS+QMYGloJ7JE-1gF)O}=2&AvoqeIv~IZj(AouQI`%?!_icjC#C%xdzT
zk%xd@b%IH<#5OVgK$*5^*fTG6;1x2_kRIJD7?n+9pjv&G<(yQ0;z;#+B@U+Am#svM
zMX6GeKgASSIEu3M9){Ju-mhHoD!wuB&DvF*|G^tXP6Lzp1L?eMSHW2@B~yZF+dS><
zwu<uuDf!mL=>(*{8@H?${r3mPNFTCALjF)%jjF=3`z|@iysrC(=b98|t~9V!=M}wb
z2A{M&5+X8hVKLAzio?9X%b=31Kv4rRxT3+%bh!x}Z3@Qdn$_VmQ_#D)Eu=rb3m((&
z42<RpK7I|i2I=CTiYR<ej(9HTN)|F_WAECp@s^e5j|+f*f!>NQD}46iSkNIU!z_DT
z2AsYO5)U%M=SueDR~O97DsG#lB9pfRQrNkt@B4XntWFCEvS&fv6`9#75<;hE^MP19
zW(iUc*>A#NH}2T_kM~$%R)1LINKOFUPVbmG*XE|SRBFB;YY(RERE?F2f_zECF^TNq
zC}q|89@ZlVaE6R6T$k*;dc_#KA`NtgOpx2pod3qpNbTT!%E`S=4b}F8^~e73>KpLv
zzJ(=b?E?z5*gZPozszoEA_b9xg@#xg@?ajW&VJf<R>BMLsVoj$?N+F&?9L8UAmzd9
zu_nN%3VB9H1KzBRl>xOKpLHDg-pbW!?{3B{eU`$_ZoBHpM=Z+0)iWK(dV1pjh;DVK
z_owvCch1k)oWm^wqAH}*zeufT2sxoH07G{aOgc)tlCgzBJ`fTWT*d*G`lSwI+hNEj
zSkWOcB)6e~Ed%#176m8l+0=Reh{JM9aCcrKsLFcCl+J&1eA}GI)OX>zEpUhgf-EXJ
zt5M7c_wak&E=G|d;?9z6*l7xp5iP!X4AfQ#2Fd1!C=WY0g<(M}=xIUyeEf(u4Sp5D
zJW$a~Dz`9;6hC9zfpWy1(^_JYMo+w!q-DkJ(xz1r(SQ$oesG+X<NRPJ0cPQJw>Isu
zv@VA(FEODrP~+SNqUvu0;u{R^!e%OEtMbB&DR{d1RJEbhQQcR=Btb^im!fzMk*Ui`
zQC@3yZ|#`}KJCDQZ`*9#bF1r36VsN^r#=YEAZN}@yUR~BMnXu8OHEIE=zE2my#^#M
zp1%nnpI8kDBiZLjzJD@=Jc=ZuZ-0H(1Z@}vjcm5Zh?x^#EnN%>5EWuNcoIH)-n(K1
z6HgPD&+pXw-(3hA4pc%&ePQ0NV&=-8BxSvI{-%?G(^E0izlEkpAwt+^MT}UYburkY
zmowcsM}yma8U@H$KUrn`yl#mqTUL|Ii?k+~Ro-&5xI%3AnEc>rbv|v${^hEwZYE20
zLXLOfp>+~JUo2PGbcpA_cAM7OtZ};)PKFe5TtJaY?(fY+c}pSsU^RDEAJ0=q@v?TW
zx0~E_d8s$5B3WXyQl@-C*XRZ+NGkPdACWKWvx*0WD6x;IY^PwmE|!y~k@NEkmeedK
zr1{9^xMln-Wv3>@Iiw2G#EL8Kp~e%@6`7f47B^+~j2Y|GaS(dI*dCOYp5)hnK+`Z~
zr;VHJcl|R~ODDL{+3op0c{`r;sw)jXUO_DK5s<Q-PR0h4I;_H}Aw`vSoE_46paU&Z
zS68doWNmU=d_yOc`q%TpQ(cLNa_3pkj2fTPNQgP37^&ZRO{_Wj`?M)tcSJ)NJNWi&
z?jGGYR%F|Dg}j`79?BFvJ63b9&(HQZnckGU`O7r0BL<$7tGyg+Rlt9=%}1R%|8_bj
z;GheIp9o-TY^c-UIR}2a<XM~K(4GWQFu^lxI*5`VwdPn<kkTS&e`$+mgH0~6EFF*n
z9xS3rC;=91oVfPv<4zPCtzEjlO=Y5^9mu{sD|Ife_ovbjkT-@?n^F%RhY>Bhw7F|8
zICvb=uMy&nTyaCjzq`VlR}^vSB?#__Lhp0p%>@0(vR(;tX|^whXnRZzyi(v&B;>5}
z?pR+-5L#m+B(}6<V!bTLwZT_Aw2`pTX<qr-b0KtN`h)umD^$%nz;=pTZ@l$abI_ld
z)QSHa5dHvW43w}4A8jM|I=|=FnP1Yu@eS1I{a}KFDE*wm<;UG=$1wIN48qc@R)Dfm
z5f>vcrA_HX$I%S^aU|2|>G^OZ#wRydSmnwofSZx@3cQ#=s_h%3Bv;dg(;Z!4^d(qq
zSMyV_lgoTDe9Hg$JoumRIA5C+#|%velY|5jg=YgSuI%(=vLq49?N=kDT3Nxx-mh?c
z`S!N}E-{B^8HVr5v2ifL_5Is0CRK3#e2C!Ii};`uZP0WYdMT!d(GS?6WqyZ#717R*
zS$t&y+*QN~I1dCvzOC!t1`W(e<_6s8feZk%^3#h$=({O8zpqz3>&P?sc#p#x)^<G7
zlBI8AoRbJkg~Y%EuMS9Al7d+s;flEn0UP=?&i&vyV4yj=v5bLHy<#!1cxb<s3!=)9
zmSW{-xLs(&Snjp{@W=mu1M6qATS*?5(bWm<!6?XOUIzJ&U4U3}5v>f^gEH<-U32{?
zY4SEJ74i^gFa;5+srN9wU>1h!I`{GD1OZn+(3KTFnQMaCR5_ec*tz5!*63dez=>pw
zi|m0GX)(INs?aPjWntY&m|WLj=pI+WgSwR6`T;=#?`^&AehikIw7{6jm%6FyLlZG1
z)jhFdd)?gvw4SXU##2r3F~H>>cGX+RV+c!`>pVhPvy@%<Q}*^>4%R9~!%)yfo!5d6
zoxtl(zpKwuCN7P?qCjsz%K2>6c42wAvG+b)QQ9#PWV-tejZ_RF9>nkXzz-wH!Kk72
z^ci&JTDwL7&Ug`rI~RL<2w?dh)!lfl#8Ss~8$v@-0f%gc?-uH@0_FH&HeU@`<wnuN
z$xl8ef1DnxYWhjy5Y9zGbQvCG6-1i9gqExs7rrokB_Jb|P%okA_4KNRHXXpztiG`t
zNJNr!OQwLE$*6&-jjU&2j(=5@Wv}w4chhtL#bo-dc84jUz6)x)0TVD%xL8D5A!wb2
zh-nL`YXZXuXkX1Pfqbgh#%3Smcv9D>hA^7Q?{szwdY%dblB*}s-9s2&cSd8|Pf5J&
z>anW!8OAZsQufZKWWUtK)a9^J4szZL$3VUVaC7o=D^i~X;)mxlhjdNUunDYz4rH^D
zOX87veo$YEcT}FS!|<VChF5Y+D<F#{#+405^AvOgwJBpm34D!NwA^1i+M<B~6n%@B
zqu9K7p?`1{<r#R^zl4v0zmwyWQ_%KjZiKIA=y+u#@~$g*v~Vze*$`rwmiR(iC3_In
z&)WA0@;A3p)_<7x$n%Rw_xn2}GR;^K&Fe9tM)*w@;8H{{lp$w0*O+J<wt#7EWCtaj
z%+Ura&{ho>DpaIMW5y}8==dDXDgIu2GhRaS?oSg?GhH_uqUm04`wutQf=ULrlRMpt
zqBQeIt~Z1Su*08tlP;`t7Y*Ylm8p?ztV@|3c>R`Hv+Jmv8CeUR10SvzV>7V&V_t}t
z=Mq6JL;=~yx=hANZi)MdM$I8>kQ-GW^6SF?2a11C13>Y1{{_XXt^0!~Ay;)gVsw36
zSkvxdNGzwx;^pyQm7U!=kg;Rc=Ll3`7VgERFRvN4lRRejQSMc*om?jeYZpPN^^%uO
zXU-Anpa*?`nUFlDCY=%SO38{lP+JdZg?;#kYhT4`nB{uh1+D);@y)`pIqyBj>@6K+
zA@G1CS8>vBYRXF~7A=EVIT2DePv97qIe%o~A~~ITNK*S3M^~|KfzTg=?^C_Sdu&2`
zN--zl#9m%ol{eLFMX&87v=9!;K*ru?mY-rL8PKyXY`|_OJ$Z|#6i1?Ha1%lVZL5fN
z=9xoAp~qy_-Aahm8UAs8F~**?R_KoHJGVK0<CM&_&?Kv6^e?8~=^1V?e2eY0I`iFI
zOVg+Eg$KQbXQ~KZp681B_}#5(X;aQq;_7{}>dMw!MTS!}s%bAL#lK3M^ZXNLg0iZ;
z*AJe@rRVP9<|YIL!`CT(g<z{$e+awsC_`pD{On5&5kQ7|ITX*ly~2436=ANVD>tBi
z_#i7C-*?<9l}zm&77G;NK9gU~DOU$(3KY!luDw;4X0Yz%hOnfJxIc4jMlc$L)zeKa
zN%v4tyKQO5pjR{&-JLm?dwY6%1~uc0vCMkk(Wx1+)RyVsZsV2Ib9gkgA}%=#NoUXP
zxo4tg&%H4uGnqXM7nQp>EC+|l5Hbw(dU|Cc{BEqyuTH${uxwpIG<oRsJLLTJ`%xpQ
zYA#Emqf>g#BP(1p>u4^h*v4Gjs;VRBHGcCYLuYGmv9jLny`FH(yM++zZ!F>nNBxcx
zG1!YXtJoAu_n5SM$hxMC)(7d&TM85HcAyRCO}|$ga}%t9s6d-7i;bvUC5O5=lkyMr
zgM@|i7a?gqB~bYBJLE$ESPuDjg_zE?%MovFu+PhNQBNS4B#7#3ca)i=;DRx42kJd@
z)$U(?AbPm~{w3TcOzq$L8y_B^A=`HSrenee;|IS!1d{4#AR|a1gG?v@<-q2BM8R>8
zo&y2M@2@dyl3)+_-zX^fDAgqZ2h+F;fyv`FYhGW2X+Wiv+>GAZ=#^Ml+YvA;AsI*+
zCUv;mGDs*Gh*4V|$7z~T5%c_)CVE~;NkUT7%t=7bd~d-TUx=KQDJi4>69DiVc+f;3
z;jzY|<H}wJYVJmi)*6&xnneS@Jo7gy;|gI=aO16=4TrPl&X|aeZ}3^UQ53++@ael-
zQ2_MM+={=IpnuTsebo^Tl<<be(C^kTJHWEG_o3*TdX(AQ8G@tak56ib<a@2%Wv}`1
zvJG;E0Bm4Kp%w=BV3hG6Ije&x-J|q(Tb>cGu-eG-`-Cdx?KQc?;mjY7Xqnok;^2LM
z!#|9r%NA;Xh<k+O{ro*@fyYi|gJft~Z{l_6%Ay8;DQOKTnuCm}p+;uL0;hPZQ=dQI
z=bQX3$u$oL;~V>K*Yc~8HttMG-hdvqn-z#z=kD$~c*W^;*I!<>-}3<tnM(jM=J-`Y
z=w|1>z@i>^o0eUziM!mNGRZUvSm3*g19;Wn4B7-c4pSrKC=paz+c39=1QX!(nX&QT
zj_6J@a1&z!d`p+&l8gLYy-SRT`YQ{D>Z!c)G6r&U0DZKbOGp5Kpbq@?FydNqzqpd&
ze8y!7aX`=1dF(h=>N<e{z?`3V%VZE#=}s02Cs5zSlH=9g^||&^l(O!qA+1Vo**9jg
zN=ibps@rQYL9Dt~9`fQ$88Xnhe}IR7&OrXMTiY+3`c_R&fT@eJ<|YY{x}yOx^7QH8
zkDhsnqi@CeXtd?1F8k#8{Oaa&t6TIi<;LgMvd6Uic&(&jcS4uoPyzZ6UIM5_(=bjx
zzIx|;fk9^ilGhSeqit(H4h+kw@ZU+Ox5u~>RiR_!YA_g@=e9m(&9FVa^5vC(i#p9;
zU+t)E+uLd}U;KYYc0`Mpc}UEd3?o%P0M;kKdT;|G<NQA~9pJD&<J)tk(_dRN<k6mE
z_AQRo?s?*#`)Y|@B5+CLVO3GlYk+j|s$L!6wNzdn5WoKP{4d7dIXIK3`}d7A$;7s8
z+fF97ZQHhO+nm_RL=)S#ZJ%e}-+S(<I=61s{V$cOes=fn-Fq*5*7|A>%EX22`J(FE
z4YyA%Pkphbt{5W)eo6pIm*zI|yp`OYJX)O**jl-%8DWrh^Cb^c{d^8iPv&}{L&@-|
zt1-1P=J+Kn%KdNJ09Y-*`5I{i@uVJrRUa-_D55jp0w^bCU!Ck&A7|iq=Qf9yG_}%$
zuSR@|aAVQ)uIUB{sf;YIFvO!;U~u`c_t5w>$DHuz0!@lIujO9-ssFIC^vYTFdS85c
z+G_vZ)MDkudD%QroR;}Af~dE}GaLIqhl|zW8g;XOWQkpCqq4T*KL!9tq#r&{p-6mw
z)g!dgj5|Of`iuiM$86WzXQ;6+oiSU*!~V&d+-y4c@PoM%r_Per)90E!*`(!|N7h{v
zxLCPfz|B@CShnsP&cyC`vdz3u#`F%aC)RC$Vugry;vQ8e<zN0DQo)|HGpY$YkdxV#
zr)bLQZD&<s$H30iS}92WI6OWB!Jay`%PTxw$3Eg&0=R3VDedp%;liR{AYonL(a_JC
z2(f=i$-mWM^&QWq#B!Ii%ycFVX(k?Lpln7S9oSeT#$0(16OA>XG4*G)k-?M2Iae^F
ziz8COjQjKfWBeua8=yuQr~iOaFmIs1%x%cn=tnVk2CCl1;vZ7D3wR|vUcy~NG%r^^
zgUn2s@U9H6DX7u5+yS)*qD|k8z>8^l1%9UvJYTDQFV9prl-`lEH6yng&w0_`y^cJw
z-hU3d$T7Vh7>cI;3MKppt<WX`Y?wE^?%_okk22gvaxD~clvBvj3NZk=400nJy?)FL
zg*nRMre=mSYjPt^Eez5eL*-*ku{<7#oIjlZ0cds%iHO1juO}rhzK$l#XUEtmgvW$&
z@kynZa9cJQSTZrrveEgjO#vQaY(I_@rj`fYe=0yi7d|dwG`ltg3dQa(50k71tys)i
zB36oji9cUG5?_d~$no<YkL1sqhmY2EhL=brlT&dmn(xs|WdUk|q`nwmIS~JIzG(l(
zNIh(r1Hwf&(AF1sWT?Z(JAk<MhBtC%a$;Yelkd!so80AT-Q>IB`EP{~P+3n5fh8zC
zyQ)64AiLZDW&w5x%IFCFCTe`?u$WwiP65?SfA*LwEK<eXrB|k(ZTLe=uq!kzcI?lG
zXhbLJ8!uNbAFEk7dUK{WQV?!{WR_q!c>aVil#tya5Bw|dIa1xjXyE<%A6%sew^CA@
zu{$Lv>s}Iu*^p&8Ud#4emumWdN`F*-07`$BwRWb&?vw_!M_2~UQs-zur^u+HoHWcr
zx>2(z=xIyZ+_|4>rJLF37mUd%7yR=GF_M6(&f*@%Tmc!vF&RSMUYx9&<DwPeF=E!l
zJgj*i8b-e8L0GoKVHO7vzCMm-X%kPFVFuXYK|?hZ;nG?b<f1CP%z9;4R>{rTB0y1>
z5kS?*x>EvPX)0oLm9N?|CuUvJC8v%t)PQAJev1OO4xhv_(rXks36RSZozvmGHUFcy
zDxWF$L2$|1<kyyGw)gw*`ubny=gmHj6iefg;7@P*r=SH92U8-kn9%fvw0gXzM;fUE
zF*n$fQ;Y#a1}x+Xr-&K(>_|qM==yYN*PfgR1!OTx&kkx3E0We_Dq*T-w3;VqvKJW3
znV?p5f^{oTYn>v(203N5VbxsWXoVm~nglheNQ_gV^r^UC4CoVOJ*Raa-e)g8_v=&3
zrvFpILp*>?ZQ($=@g{=jr^%XjU``yD#zw%NvTqh0YJ$qb#@^`WL^7%%SZrqpadEJL
z82&mhZ;72{QCVl`cuMqvER|q>DDXJ~)P(mD|9p0~(pZ+u)=sWC`#33DcIlF66OZE<
zG<VFdRtOJc<~PGsS@j*<F(-{U2J36?fpf5h9sas`UQu3SR`+NCho<q(?`4LMcIa~a
zIn8S~(RV{u7#Jy~oX8<r50PY;$w<kn_$!*WiqxV*Os5f><Z?g6wu)K~pSCnc+m^VY
zQ<IU+f<;qn>38Vh@0fWuYhs(`(e&WKLPCgSL`(zYt*iFy<2Wx20S{zW`XleIqdytU
zPE*%kIn2+mQ`dkN0$$U|dHd#X=T+8Q%0o6DogTK2py~mkW7mnFH;lgW%M#+^%!?k!
ze@ESguw_}~j2|1Y9OY~Y$f+Ums!C1$IG-emAs^4z=?@is-+|Y<bg^3aA*QG@xlJ$z
z`KQo(Vtj6|DP3^@ZH96`Gp-Y}5~dN^C)}IDRca1t{M`9hsr~+x?oCMez|tKJ8?^RE
zvEnoNY=Kyhh8C1WJl#Vz;j?q&jp;j>u#_}6f9wZCuw4Xj$Q(VLcQ!op^pS|8KG(dO
z*%o9JO^K0BXpMn{1ub+zwwpZ}Ra07)c+Y#}a;U}`z3ZS%Z;RfOCbW-ZmiGX0{!QoX
zEU&REE^tLh6|H*7>im`On^yhNyyCZ`|NeYc_<I9NQrJpsi4n68;%rJzzdukzJ!~x(
zJWqQ<5P)>GIo#w0&#is(aBV_Mm-+gEV!pD{P*s7vyN;z!4#N~rP!_j1qp$LR@>($=
zX`DAH+^<PltNLqLZ*)f8S**J|jZ>r4enTlNqQ0ormdz|pV@_Qa0eW?c=z7pbF*QAR
zy`N9&Z%^G@q3J`EUf1rcTQdso)KuPmUA8+Rb>i6PJMcCp0nd3<u=P!qzStXx?Uft$
zbVGY-;Bx=$lnuST>9j!=051D#ilYr97~2Hn;CMJPwPr?^7*7|}L`vq&q|D9$nlN2L
z_`u?&f@iBP8T>FCj*dOPz5AT#Tm=Ncfxd2cRuqTkJ|Af^Ga&l9ShX}-31j$sj!lmy
zv?PS9>P+Tq`e<UaGSi>zVfi0SVcMRHHoRfNka31wb?fm*-ty#Tnw<GV=4(Jp0Wa~k
z6~Fz}B@&0tQd^FB99r5h6%=2&9xeaXytl{8Yn+-#0c<*J&-^{F+4$ItV@Wj>9(z06
z3Y1woBYtr1(<&n;0fhaN`ROq3w!n;+5>(|8$fT#;1h^F$7Pgm&+lX<++CRyNd~+hx
zHovqwu;d+^B0CLa;(#?Q>flcSEF=5JBP<Y_nXR$rC#dyQdH&z#q*K+}%1P+pe{z$;
zF(8<oy-N;I#Qrz1JX6lE=smptaRl)woI#j<`VAm8yJmbJ{`@P?J7smZ2=FEoVRM$c
z8cW^lh6wt1KZp|h5GKoW@h?X3R`p4su%S|~(vVB}$Hq>1omv`dANbf%(49`szbCU%
zgx#8o`-TUTm3bQU$J9pyK(~$VYL+BKhUD-xTJ=_!){&1<8oiz+Wqa=3yv?=^E=vt#
zNpX)?!B0Wo$f=;j1|QlGXg0qDhW#XchR9+u5_#=D#OYM3o|Kq}1Z9_42;fKHYl8mG
zH{heO+hO`9AzA5zza!`wpP(mgy+B_P>jvj|U8HBKXhE%K@@`X@!58<mv|eGMt?Tc2
z2^fF4iGpn8RIbl^JIaaPBbHKR@;Xe)+_+R1c1Ga{+X2l>!auSzT)eUrQ#(vdX@H7!
zZ5$e7wP*}H55fSHn%JTo+&7U6-o8!Z*tpJW`=$GhuLj#}>PWX93ojbB;Mxj6Y`})O
zTh=56j+iFKJ7SA+ynG!6wRtoBE=xd{y6;!*E5707qJzr5?v9gtlK=K3C9QIsp#ZI2
zesvx8#%WQ^^<YVQ6V_U7Q^O|0P4l2vK4^Tj=f#VQ64vsQ0H5*L8c7DeXvj=Tk4XAc
zMs4x*a?^IU+AtVsvX4kRHNUq<BFXb|Fu!0UXX5+jsB7m;oYY6_WPOtwH`;gy5X}O9
z-ara!JTj5ZP7{3Eb!fFOK-HG9-JoO7C6sx&znNpdu(rY)LAF||H}%2ngx-lM{kf@G
zBKNJH;awLa)1JjKcOjVS!$F;AN*m9p>tww^LP59nH(}TmD<|w_c|)e&b}gTL1PoZ#
zE1k=Yj}7R3Gg=OVN2Vz+uJ;pT&bEZ$BF{7~Y<SsCe|v`{;wMA+HIi+fu;3!Zk}Aqh
zx$a14A*{5gw``lwOWTg^$R$^uirzZ7rp3@^fsFb?`zE5-CT(UnA0`ZF>S@UkR1&i-
z;Ud-jQ5C%+oOYW%9s~0s--`bB-vlxC+@m6EIy#7~y!)Ux!7NVCtz@CCRyE-IhZf2N
zgCm1hjezifqD%b_w$!FIp!%SzD%e2v=$Ctktc~?dQAY1te<yOp99}-bOCVQ%Q-JzE
zJ}#n|9VE68W}EAYUfSh}{8UyS^|It1Z){v`RR2XsRc9Iuyg?qP0KTLB%XCc>=x*#B
zNFuj6G4nU_!GWpR7}(!QiX-)rM$k2-Ir)Lt2b?)}m-T&$Zd`A1jYLNLG8<F}2#FjI
z{QB(dXx`+-4hru(c56HL_=#lLggZcY$Wr~}jHB(8cs~B@-6j-Tn|DT6zD&k&vl?k#
z{Sk$1VZ#HVRK@%Kb)wVHS8|(2yOl#<7%$Idk0rJ-tFsJrPOUYu*>1iI%+t(k)yqPI
z#|y#pw<&Q~qjB%_CSHBL4iv8;O<x~psE~PN2x;WYV`OvwP#9nB&Zs)m<D?#70L=|s
zxpegVl5e@MhgpuS4(Lg`CoIFw$|dQ!WE6-6kA~1K36#wz=p9?{=)%p>0puS49lZAY
z3u*h;XmR0qXnnWn`?-gw?i!E@*56HC5!Wx4%SMl1l=TCl8!)z<Tf>2gTua><A-qM}
z@9CQmQ_VEnuK0B*aQ3Q6oI!qcdXc>RNzm3bv{d<qub!!ND<jU-1Ga$gGHPMO2{#}9
zn>Dzk7m=ZWR_!;?DM0HLGWZ=#c(>;5`DHitdvO1j;M6%=s{`0*emmlGlTZ8m!wBh_
zUzoxG1^s%;<Y0Pf=Ix}{z|uSIr1vv-$xmB+&gnaDiu;N*-j>+m+H{J)17bex8qu#l
zFkV(}>_p+iYxFrHs=I?Q0$tBL!SAiiuY)l#f)AewV#0Kw1j?O<k3p*;lm6T1#Gx|*
z))cAQXA<>(_da0Nx<^Qh$K6<X+XK!tZUi>HL9?!2It~&aVnX%4`4yGsJs#Hd#^YvG
zzge^HFaPh6AaMw%z~&Kz#<&`%Jc9R>oB?hKg{R%y*;YFUDZp#mx8pa^+Qh@O3T&R{
zd4J5A4uYgsWp>}doA~th<#<ply|~{=g8h7(+;<J)44}5r1^lFSiy@o+<oZQS-?Z-&
zGoHsmf>o}aqT-x)KJZQ9BqmfaXscjTJ1R5+^tX!Wzo1e8WBU8)3XEwr)aSN;4HW37
zA-fS9{0N%Ww{U6Dsu8X(SigR=VRsAM;)ewu#rD^yQN8X}&~mG9mZ3PRaX0vZ;|2Wr
zD1%;xjOsbVoXGp@%evgkQozQ1-L+>Er`4b4=E`0s*rR|tza3A!l{$!8xhz!eFkg}X
zkmY>7S1)gI<&A0Pa?uXb3_tS#ekMSIBF~A0G#CZO{5vg3f)G;~mGT5qB_#K>A1D#&
zEQb!kd$^&r*ytCcF90hC$gA;{rAMc+FsqO<m?GtN_Ck9SZ>{$R8#WY*jLbPqg9teg
z|A@_t6t@##O~0AQ4$97yrC>vxMn6W3j6jz~^)|ir@W!Y;++YLv;{fsJ8T66!?c*J*
z-jVBjy`GB`C4tV7pzUk%M3#N$Ex5oUvbhXaNXnBDuXCOJz+x)x310-s1gKakVh&HD
zM4Z9*5c;4>f{K}pM<59#ur79MAF0G(s={J+0$W}6ThvrF4oVl6M#m%A-$F{RP7g6j
z(j8V@P|F44w>X>9j%+MmYD_qB9@*RyQ<WvPHsoxK(ewZ<=@*Z^i+0tox2H~k&g1QT
zIlKZYs*1`VIpsY)U${m6!V$v?>J<4CZ#?Dh-B4^>*XG>gqDI<{WVT#&s|i$}rFIuO
zjUk7HjwV1mRMN?*BKMI^u{RTFfng7O?DPAm3ZeC$V&m0|aq_nD$LjFO;=rz|#_3~Y
zNkcR*bt#?o#=IIhJ-*2(RM{mJ_6?3b1pg%CV`HWDBa=6m6NQPSBL$sF6*?@7LM1T*
z1Z`l$q6_Q-q({$Wd5SxN9mwA6N<2#jgi*Q2cX=OO<?kCjFz+>-0S2*U@$}5E*oq2+
z^tfK5HhbA9k}U!4i;Kb6t@msThg-Gd^`@rW-ooj1yzMD2Y_K|E^3V4@YhA8YarkqO
zpz069D?WK~pG{y{)Wf?612uepQD*n0b%6?4t~x2&l@|+PRyJAhVJ>g@6st%FAZ%5i
zu%PSSfg@7tmA5}|Xqq(Eyk}yrxF-95XlT%WqKymbaunuNo?De0k4Dy9Y&Kv;4GAqJ
zPU7%6#xFY2s?(sUUbuh$Ms_=={*~ToNPks}z9Fv8=mr&r<@1@Q)SDJU{j_&Fx5t~i
ztd?4D2v8fOZ>YCFpT#R|4T#Yjhah<WRpsCbq(@9&ty_MW*Bso<TW9nLN2RA8GxR&2
zznit`JaIa2=Wq@A<&P^3<?7fGs?z|Vh&G7+Vt05T*;z+zNeIx>*r&8v!5Q^mU%fp3
zjv}YXEdeb}h#K}y!E>2b_-jTJt{lk<38^0{Wh3mI$k$Eud)>|F4$lPNy$7sXYyk_-
zHU&^Svg7$KW9a5NfX4oD6?%P1*`dy$qVPU^{Ni!FLECk-6Sr^PINV=wWwPwByvPGT
z#AGaw;~-t@4Q<ghG=8pn&R`<K(;W+{8f*Odqfe&=|9B$63wxo?%bsm&Fgh%iY0@|U
zx1d|gV+wer(r>hXOzP>1H@b>i=^O?NTc<kPh<GwJW)os@MDF?T69ehbW5Whxh2Q%G
zvSx1Ly!pI65U$P<Fyq>)G#TTO=uOPs6A`y0z_X?q!lXY(Gpz`ziL8xdRc%SAy>V09
zt30}A(Ifb3>(&2iwk0g*)F~mM5&dMx$7{1adrmZIkXKv<Vv$cYA*8k<OnJofe)P()
z8Z{g}o3z&MMu;MfLdAZbQ!!>&y?U|4(=WP!+}>?jiTbdR10NcXN>}fQ%9gaLmK!$(
z1z*79p9)~29=|-ju(=_0Yx!MPm_8IXEU(m<wf<C1x||#LngFVNtt&370Oxh)h0ftB
zg%uk)gk!NpRe9TdTwyQ5%-L+>?>MEP;y^d2>&XY-((`L*jp(U9)^7r9zGyOLuRq0P
zrC#AF$a^?r^TM4X=&(+vxT7}q6TE&USJtGcT1VUi5uTo3bhVZoqX_1*<KX9GvK<F%
zgVA)UVfLvgM`deLQ&~DWRV)aeZ*Iak+4=qgF2C$!5;En~H=H<6p&P=F&?pSUo`87e
z6n$kD@@owN0z%F%EOh{S^xg}7LL#4XwGCkz=L{q%#3aV}Hr-3Q>3}q3UE*`qnjkLo
zV;WRho)kBqsDi4p_-8K}@EqxB{u#*(b~xW1l|nC-c=MqBS(M&D8c*#ypX4&FGbt`b
zC0m+e;#-Se8Tn}qKhxoJ@7e9@G@D%>NB@wlT```Dq>uuNZ1x*a-L$yan}~Bqe;q3{
zq!s$W)7d48ws%bS2hG;1Pjub{hoGh^->>m1i@(#wpMRr_r=}0AT|m#xuvfgdS(ap}
zN@{mW#k}GgEfnBR$zA7LOrWpv{UH6HknL_mr=zFYGpk=4C70MBNI1PE!be__hGbV#
zoTA7WGT{?=Z1_CRU6tNH6_oi?2Jr4EKn{k3Kv#?m&V}bGY;{CkHsd5ttM|E|hMJ~+
zJhjbnWPZI-WwEO`Xsz0+9&Lu9nwNjjt-`m~_tqvr+Opk^*ies-x)bqyTN72qE!OXA
zaUK}k=r7h<T1Lv+(=a&h<R8jBD`^9nkki-auD_(|E!guhhb84O9j#v-Hxx3VrPY<>
zTeHVvx$_+xF!^o^-cyfzPG<b-9f{4M`i-A1nprKn+acR>!{JsBg&mti-Mst!XEOP6
zO<3cRd!i9^w<$w4oUXBP<Q9W8ZmOT4EO7*4joW9&=%;O!4V-A-FF#A;sX%3%b*lOl
zE{w;k0>QD<SxO8qK08P+&bmu&*HQU8)b&r-#B!qdac0KvPw+^b`u7)4)3U67)v=Cd
zuN9{gogT+lSKP(P_w*bfyyJ)hoixVEbvQq6lncZ6F%Jy?GO5=3jk=OG_=_^vx3mV*
zz^ePGzN|teKtY@UO2Ce-@{iHzx2&K+_^m^csR84zH=bki4WW^8mN~s|`m<y2tcBJu
z0cCM)*k|vYie8_9Qh=~41nB;@JNWT()C^@oy@V1W3enqiSbf(k<l5Kncl^t_BglT~
zULIG@;8>m`-#52Nw_kF3k}Mt116ag6+y3VtpT7}B5nhMK+4L`JKSDatXDFZ}9{mh1
zwsE>X7fFkIeS!R>L29G9+h0?3x}Fa~s%z&-Si45OIOF1P*U>rIN5w|cBc#6u>fEot
zK#FTQW7vVpvZiO|)=F*miz<U@RGoqG6N!k&nE?L<7$)_bJgA=pM6-TKQdZCRC(hIi
zId7k^#s|yw<<-y^>y%n-*v#=vW$|lsI>z4*&()(6#x?U|lUCFX8o;Iv4%c*JWj6bh
zv~}`rU*sYxYCC%ExqrUMKHKB&j8zdm4x4G9ub)1y>ez#PxToth{4vveI%AC*hQI<^
zE63hjkEbLr9Qy)>A17oXB#ukgfVi{vh{s4{sgBmG>eCh*8fTVJ>ki!3sr*4?KP~XJ
z-~^L9q3rEXCMQ=+$>LKPgPKSvoLH1Nn1RzLs|BwUN2SMGggafwrAN~ROKZ+8nC45#
z1Ql4hf0}_ZG`43(CaZKEYYb21T1qW}+0K-0daMUPA&Wh@3j-?=U$ZB9suinxm0$vA
z`Bb{zrv_!>rX`5^R^Yz3aJ6`wP-)@Z95A;E-%J9Jo%TBYc<W~~6WhKA>a6_*aoI=f
z?yhNA*Lv{UIp~9Q8@j8fhEPA5j@2-Uky2~|>fG`f^QXx>d$T0cz$9P?i}Gi`8Cppi
z9~e~5c36c{=TIgOI>TGHM5MHG7`CJegC}n~*Ls3{#9iAgIOs{BU?JBUo!$#!z`?c1
z_7-&c$@+BBy(>Y8@dLUx;1C5^+&!N><&{r-z373!54LG&B^R7J@`*FxpCTSjn2M!S
zt}uM?iIoV8v!TU*PeAwzdC+Gn4BkQbNJvGL!?dEP9E~RUVZee|SaO#J38|!#Lv{w&
ze?<3UF6z&L8Bq+bF5P!M+VT>b*c;$18fg`@1tW@h&Tz~h_WoE0efa?*De^4AqFyav
z^^yV4zXSiodpf=B9^Ov5%95hmXt(;Ho5PtT?mW^AGaG&O+V6Xj04tVQpP+y0%W3dd
zRGpo+r9@U=+w?=+fiWzTIH=Gd$Hd4`ipprDG|_We3J$0Is6eYG;rV5h`22}liv;PR
zb?*WEJyrfo)pOFGdBlj=A{=v^cQ7%jkym@ev(U|YWoEwatG}`5vtXp}7Ki`a16)=$
zA;|zwi1X_&g40NQqds;=Tr@;{5Uzg=D6EZhn|4!kdwCUS-}8Ox1NME--1*sSZY@><
z_BZ7F9xP2QUue~2RBH_y_a&I<F(6YFKv8*%L_*24@Uv1D9TP-#0Fgpv?omoSv1$4N
zy&%y!e?BZ~J|xVw<Z78D=ZVX_F62I{_}N6yuVrREHQXoR0XuA7#_Z;;8Bb1yki!$H
zk`bEJmLvd*4J8RvQbj?CP;;vJ_9`OutF<p-dOjCy=$zfDX;swe)8LEN47tU{jd3#<
zUL|VPwG9~4o*ieeqFELiFH2Hr%m!t5=RFI4?{4&Ou9z;xB%~H_(w`2h|6jqLtX~{-
z_qyeO&CYi{dGOG~TE60;^Y6RjC;^8ID>)-Fd5E0a+{Nv#!(yXR1o-$cv1WGt(2!)J
z`^{)s#d_}8$HQUQ)`=KdfY#B<4lRC?*<pkEEXY+mDTLYNcs2*Um05R(R@)48Eg8FQ
z8ul~-dIw3#7I=zZaX<0A_dyy8XTKX^S2%?wQnFtfZrHhnZS8SL;vq+d^apBneM@Xs
zXbi9N#~B6F%!enqD4hESpUH~Nc(yNp2^-|l5b8k+J&8%ZV<3=K1=pF7EB>yY6T6_|
z!VdT-5Zo5`?jNpK+dKQ;`^$cUEt;q9Wr@|<uU)QUJ<<z0zl`ft(UIqe4O!bb+8j9H
z@*9iX+IxlvtZ7yeHCBiae!Pjp09sS!Ar#1mm!hFp7MdsgSrJKoN!a~CNipjHMz+R~
z<5>9fMLrn;KgUL}ZrNd6<}}R)>0m>3LKCtN;&&ArkUss|(72VUfeG5kQ)_$%cg)_+
z`%fwOdJ_c*p!4%8%BjDkHo_dUJ&|kMd=YHjGg4bh>l(Q^let5hjtU;E#4tO29??`l
z$C^y@OCa%Tx{v~Q)hP?fIRxbF%!*_JwqlGUT)DV2xrw1zQ)S2TJr(PC;-{B8++&H+
zuN*d2;miVO6Yu_q2gVl#)k~tgNxcSM13|{6*5S!&^|tKbMH4LFwZRXsyD()I;^`>X
z{KHe?%n&tI3trF^_D2k~9ySNfu<b(!9Zw-fVUjqSDUu1u^{5Iuy}8lA*R^7bUVJj?
zlk`t@#LWCzcl7|}aBg+$#yzJw>O`{(=DZ&0U#7aZic560JNU;NJm#DbJ+dBxjN^^-
z>ToNUpD7*{NHJ!muxMsJDU!8ZxfPV;yyRhn_CrT0s`m#IV3%Cs=cpBUcP^`MEk)<;
zoWx<jdH&{=HmkqSsi3T|C1mx)AiF3eI37OjTdy1txJ@!SfFk`nz+r+{VqcSrnlC|m
zYEKHl3J@tZNm{IYOA7NdYrx2)iO&|a5VkzaZ;MR#jEp2PQ#PpiwRZWsLUzL=r^BLw
z8{6Nha~bVmw_;QNCzkRg!CW?Zq*0fK-@f@5f*ERQYqu`=G;Z(l3zQE(eUf+16m9R4
z>cR1_uli4pGtFk8IGc7VIpFJ&$S7IecK|i5PMDT8%WEAWJH-TC#ka<cHc~Xbq;NwF
z&j*w4m8;HV#;be%w!2A@WY#dh-j5cyF@P51>Brsj+iXRRBYcKM?ilr&8quU_e%-6_
zIoiYO#GW^xY9I<gNIC|p#xAOcx7M2R_6i+Tyxw_xB3*C*KV7cO!vv**Qqrui3Vy|{
z_a#aMF3z}Rq;ZnxJi6dk-v+G0OlXF-US_ehdNd5W9vd~&4xC@2nF{yTUOnqriccSh
zymPq^9uk?u=p}W9(*6dnTAk6UwaI@107n1f`lPRv_9v@O$MGf_SzhM95q`&>poQsB
zKv$Bc_O)p-u;M|AiYcIManAa)t_f8)Utb2n9{I*PGN(6?J@7wS$Y7Y;=3?G6u$8i<
z*L>#rGp6${?b=Y-)N3~A-g7bQH$Od9*7?$B48ai~|7wW2bg8>7w|ODOu7)aBuj?mU
z<0B{C_KlWNksY(t>zF|QOfv$w3Lfe`r;BV8s)~x$`1fvO0z!^b*Da);9034DtNxq#
z;GcYmLXnZ3-NZy7!b>7E*hB;4X^|qNYzYEq#?ocm;D8<8{^PTk`95|%wCOWu=S@G?
zp5Mh~7ef^xk<3>r)|HXOVL5x~!jmY>PFfBDmGnPT0TaA7LM;pfE0uS3{!%@=dy9~4
zQUl@ancQC}78#hx0ny$FDtvAc@7%V|ZEnspc@SYyXyIoF&4`&r`#NuyMi}BTJ}6%a
z=<~@(^g!^k5&l~aS+_1ufIwhb%AS<#>u&dOyi!0Aj~R-Ti>}L|P0C1#Id@8SSN>l>
z2yi4}(9I#}?Ne<%OX`f6Mg7FZyIjChPA)(BY6b03E;@((Yh)W~O^E^nVeyi$z+&^?
ztJ;!x^Qef92z;5`xwu)ksi7-JtDy!9z${R~hcX2ye3M<P3o7U4&PoTI6gX4>1N{qS
z)yl9|F7M_93W~Io>^?(w@LDmz(FS6?`bY9m!7l29C<_s0D3$Re#r~(k1VVUVoX*k@
zbZuf|4G1U{m08&YMlo2v?;E6maxqcj5pv>xo*K+8`u}DDD(B8z_a7tn3IEe{0<4hW
z&*7d>S@6v0T7fDTXLxaNlT+d$P&rjce04Y6$pKJeAwflC>XsQIVR3#c891l}p$0cU
z$I0?n=z+cG3o9vDC6Z*Xv@O-9$*GW_^X|t3AVOEEYuYOdMfh0%-6$=g(Bxhn=~|rc
zi;)FYP9?R6p)482^Y#g>xxTSi_3xPjtpZn$jvxre>`#G}snC-~f=CKZoSURSK>&Xv
zhQ}UGOu7+fO*F;iMfx773qgR=VrsY}Ckd7vPtdv*VZo%ChVgiU<h1%hJwR~TbwZjL
zLrY2Hpqm}!t5<`K$cQp#D!`I)F`E&`Nf8^%?CeF;7iAWCMG316WpQLOvrmgGV%p1e
z#Kdz#a8hNGX|ehKqCpprEipNRLFo=itzd3T=ZVc9s$8{;J!Rdal|(u!FQ1kTsd&I^
zNOM->3#_Z8K%)i>=qZOS;W^dRhLOf3=KbH<-7`yYll{oyU&0lI8eJyog$K9=H}3;Q
zeN=Dxd9e%5Yf5B<Awn!BQ%i;3m1AMd_yW+Q*`23w0z!&H*|`Ztq8I_gosJ30Ga*9$
z!Ign1H;6dwAv-IS2+(t{Lms;}swiBJc%kvp{GV)Xr>;Ln-LF19IReY~+P|~bEI0Mz
zYYi-YX2g&GI%MNzM4}`*Y&x>%6H!9rd*51}2oZ7>8d=CmiYp3vvwZrJr~s=R4peh$
zE-<4+hY$R`y!<$hqDM4g(M`dxLF)Sa+Kynt%wS+c4cb-udYn0h8X_sYZwjcKIlbS%
zhhz}X7)+D?pB3!8#IgE<xES^wj)N!EttsS)AeksIXYk<0^m;?DP-i?lP$Gc@u`Mb@
z#@wL~cq|)z1~|W*ND@L1UJ5eia;j6m7kZS>MONOR?Wn?KV#3+e$J=%OkGi9vD*f5d
zRTef@WNc*Nv-H_zIRdE}o65E4Q%Ye%??2GANCdl&uP1;eC29mxiN%w87q2+-Dh)uA
z|GlrhlLsUziC7T?QqtgJrVAGWE*0<`Je9<FA;LnftoYjB^J*@hHn!Q7`j(tNDfeFs
zS06y*ugsbvH<~MuC(5E(-xRRxJPYCKit;Fj9dx6B?na0O<&)bmmXQj$p}WHr%0|k@
zzUF1i;&VT4-ax<tfw{PS+NScv6`E)r7Vtn6$WMV#B@-DkqDe?e5O8h!kx&<HivDdd
zfX&|fqudiTH^HcmYtQV8Bkpt$93?1XCq1HEZ2m?RPzcu3jq0QIvvNxU;31;~-Bw;O
zySnOI@P|>I{wOZB^7@8d=93h<b||v50^TuHq$1p3oD^hv;lbZdldThvdX<#W`RNgg
z`Kj#UsayoEBQU-nR7$3)spa72i~uus^7t0c0i%Oeq0H(~K7Sq`|8gSz^EVB$RSe-0
z*1$<I2@>)iqt4+>_kV9zJ7P)!^#hIiQO_e-UK%7{hyu)$mtr>shAW3HkG@M2wS-zH
zBAoL<jO?Q!aiOS=a3r?xbEX$T3a`v22MIc03&FP+&4Pr)?Ygtfxg_k*>!|_^S+(B_
zDimZMF$Vf%#Omuyk|K-XvWebHIlJ>)z0a=0e9y)5DW=DVU&h^<u8_j4_RAX6L2}lg
z<@Gq)T|y_J-%pzEa70|ZR7i||z9}zhZbXE$_R~SmvAM;Eh=~Jb(GvNg0?RHoNGHX=
zF4UTSlj0I@)qqY}By602773_CFlEFS%i6r?zy&fzzn1SNsVD~>;j5&a+-P4kTeQ%O
zOPITq^s>;ckxB^@DoYB%wN|*sLCTqtn`urNFkxZlWDm9_qwH1BhR>P<w*MDzf|mAI
zX9>~7xMil<27I5skz}=8;@brWni?5t9}n{3sLSXouN0_nt&pwl(S@_)dbZCTKrqDA
z^3jO^l0Ir!BeqA(`%twwKQCDCEBK`M3r_f663Ootr6ZQDI_w$oJIh8Q2bZKvS!^M~
zC|#Bl^A;e+;K7>)<0eJY<rkgh`wqxO5PZ7PGoID(0|?OZ$?xu%@}I{NzVCjL-+8<z
zpSq=8Z%#;9TO=Ka!c1^i0)W-?r0XiJ?1LN8=@)!(O>%VzZTKZ0(NhzG$o)+p+8Cq$
z_2h-*`+6<06-9Ef9({OX07HwP__7zrkZo7E?EbrWV9h&G%l97t1e9<1`;@@wTz6<;
zwZCc1v6?n!Fwfa>z5sm&vTNgk-%En`4NC#nwzNlEaN(61-z!F|MpdRr3Q4gqs+eK`
zo9G&8uG`nWT+>)_5v;>Ha@bC05S<%DPaCPHEn!z2sb>Z8r6%I9!YsjQ6K$xnjc#!v
z#mk2;7Qbcbm7SeK*H`e0)jvd=k39UxUYQWSR66%sxP=Xb3gMMCG44L|4>65!?ss4=
z(%{w2K*k;6GK#^RPoU*wdi@7CB)6v^zPtH?&Y8%HSCVq7(o%>6M5CD)jF?krUPX%V
zf@VzNb4);b>a+;?g}KMy5}>M5y?g{I#S5x}1c(RhX_qA^r=&aKBQj~UaZm|-WGDfI
zG64^3sDodiglee8cOW!IVw|MW$lpcOk>-QGnJ(K4Um1C8P2Ay+--|;~d5cTZtJc_C
z0W1k?@OE+ymNY^fBR%B&##`+FohXnQ+`ld9eNXvN8CX&SE@~$N9TIM5+jsJ8_|Ss9
zd`HM7O1SihcmfL;^wx|o9A?@#dr-sZj}ro^^OvkL=a14|_@rOE;pLU=JM1GwSw&ET
zB!wpr6k<uPXOWenE}g!=%+qK>iqe6d`+?r%{mWzTF}(4jzou>q(QpF<`~ioU{m}*|
zSuFNQTk@>o$v?Cmuz_jYDd*5J!7I#S%ai1^#2L5~hE~o$OQ{Vc6#1%wo;xRq;#6+s
z!*)s~x>jQ=)`{X(_UDThkmzva@QIco>9*ycJtTZI-H|HmxOEg>kI9{F^GSwPvWs0P
zxxCrFlT`S<KMwN^WpjnsE#UPiK6ozNFf^H-kN8PNvvOrpBti9Vm)U6h&c-06IGT`G
z3b?-$h4_=A>3K5+q>C6Qadru{|AML9RQloRr~FHaHIGtZHkd?4U8;ZpLXSN4rx_p|
zl(2wM2^}C1k6gx=zq!8~tHo67dHA0k<v(K_Ob28ZD`?c50Ac1x<BZpaB0{Zaw7EF=
z1cw!oK9LQd5s4IM%DCTFu;T0i%xLe&@Swqs3)1ojU#LGiD~<zB4v%8EFkokB3qW*2
z01uP{f|9^v6yjDEEfc@C5KgSKuEK-*Q9;GmEf^(GwHqR_{KG~IhZdUpQ5_f;9eE%<
zL9!6(A94>cvtfg{2A9E>a}<ch^?$&R|8fMX_}no0DGO06g<3~bL^0;lsE|l-v=Md^
z#HUR1;K|D_gF_GKi31oNtZ*k(2y4$O@LX0%8>fMBHi0%U`j{_J-v007Zjy;mrQ_z2
zyi{Ur`ID3SnofBln;A1DW559-vB)75z+(I#4R}U}4|V6n;K<;E-teAgiy4YSuoq#b
zfZ9)@x+sq1nRlMS7U#OeI3~<=E{ni&mVeeT2;gJXmJ=f-MZ~wdj3w&e6S;GJp#C6%
z3Y7Zcck&h~tivE6bpL*Gpl@vMaW@F1Ze%D@@_$Aol0;G>lYyBQO(q~Q;?k+h`Qa1+
zlnkVya1(lP&Q2>ZSMcm5$?*y2*$c0dICJV;94lq&Z5dh4@IPbUoT{P?d~6(>Bt#CH
znc5zP2fLF+%ZQ?HohvM_#-2WK8zijwa1yHYQ;#p#bdX4jFAT9E$@WI|Z&&2p6(&hU
z$C;hUBn`UB{@YQ+!+j9=t6<bfy>-zl%JXn{*RO78c5j`tYUhjGTJ;$+6O_sb3JRTT
z)O+C2NhP_8<E5R~#YOV$gcMPgCBus66A;kHap!G^%@JAw%k95&qede6$EP4?xYTs2
zZ3+=O<d3G#x|cj&LLiSNNU&VP)0m(T#j^6`uSB>71O?pVaNExxMb|`?#q&ovSPvxR
zWQODEfr9^8V1T*4fr5e{4VHxi$p<J>qKI+_%D|cX2{U!X<4C3{gQJN4x~A@pk49OT
zE7k|1BnhfCKgOt{O2k=UGZhm>f3Om7poCVO*=`N!zW5o4By?tww_w(RBnh~v_BRQq
zKMJ(vE7(V7PJulBQ`MT;+g~|F)Q8<?E8n@;%y~#wJ;}(qaXuf8Uf;`3SuhabspfVI
zuJyooA#Os^h-^=Q{TVqbZ9hSh9IUX$T28ekkD$?wwkIEn(@#FiR2o$yqQ?<6yAGT$
z3QG#55;AIGA&tYYdg1m@lj2{dpHUfgy8M;`U~T2(Iw_g%$ViZxH|%A4lK*Cm{AomP
z6dy$430hmh{9`ayfbE@=-38)=4xp+OqCZBWObV6=S9fU}NSP#G4draQrXXVql2nR_
z!-@w;px?K6#fumF3(A=tSzlflHJ4S(-^OAHpUb%AOL48u*%dJxpa?p#0KAXjLK<xx
zPB_Uj@!4~Woa_j82blg7b#0|<5k}EjYGD<^WR}z^K)Qm9x2J+xzGz>5Vpco*)+9OI
zJ<y13r`ZQl#ct3`i_LM2B>6<0>$(kn$ner8uM(l2%<(BTBiPxKE;=u=aJ~qmki+R5
z9ZF<`_&mBvwg*(S?)XEdbwBDCkulT$SX)v&DZ~cta+xJ?FTX!vdd;SC_Pf?&Xu{-`
zS&5`cMFm+gpvYoKlX>74&6lQ(RaLwRGx8lPIFjiocO40TJRrDPzK9C~CAESonQ@m!
z***yNmI@ABFP}dSY8s{UFvcWAMC^G{{&(JGrNxZuj^E_tTOwL#*(9S<eHhLK<4s6Z
zc7wc*h`~XdHauI=fT6)(^q0KjgZxEC+9)N`%)uy0_VeDrKa|V}z`dOhct9efiz%GF
zT__d%#E+wK;z<DZO)O+j3<;!Q$Wxt3zLY;!<U!d_@KX%-j93Sygg{@u2~UA2HY!5d
zt*khdhk3S9v2__Yf>B?-7sFiD+)Br@Uq729jN<0`iuL{VH6a2bT8Un}wX<3IaTcNH
z_`dbx1NlCP#rCJ$kSR}!jHX%%NQgs(0Cy14;x3%fd6{IwGrDh){s}JujBjTBZ2lTz
z{N?-2E(quRPIXeoXl2VGMd@^w8y5d(8L2^TZg5UM;SZCHLK9}-mMp!^B`#PH@Km<d
z(D6MnHMCT@IHryn8MZW-I0>>8R+MGzY;Zv#0dP-kH=I`rsRg1br@tXXfop_-<QZCa
zB^oU&Sl8}fTYri;Y{>*x1q|QbHB^}eNfFE#z><%>r8KHNS^H1FJ+QrFBsVYaW<Nfu
zvT47`RPW_Ho{9)4$*_vXplD(GV7W>Rvc%wu#+-OYXdg33s9s;RhfoRc3UM4tB2zk_
z8nuOAa|PF3{)R1p4MCc-3trT$jp`ldOBTflr5yTJWxZd&!|<KxG%>h#KB$sCALO*|
z8$EJsuwLz-tENXjF$N|{gaG4sH!z<b%J3`;E>wVUiHo<!i-)2jS~idP1FV^X@B!nG
zYO{I4mcU<}f8dqW2ZeHyhL@bWh?`CD<+V{2wn}2St<~_HE5wlg#WGzE(p)KKc_kUx
zz^ijJvt;6oB!W#WnahOva7lE}MOf5-U5y7}rC&cgt18>=3qCU^M-mSSI_z~5k%-<t
zR;#9%i9nJOLY-u^Cy{h3eo07hk*Eyqx$1mI?nn$m!_=772KXo*3?hz)I02}(t8WMp
zK`bme_?jM-W-qt`5)0FE-oldI0^>z}5ylLKy+kMtWCdE)nNwoK0X*A3^y4pY2x0k?
z{4r<dqC%qER$moqYTu89U;C3ilOIpd-x0@pObvGL%Mt9E7%AC<e+R+D21l&c&woG+
zwHwjJHS>#Zj-CF&Tn61%I3n}Sd#qJUx46tX;Oxjaur`0HCE3M7ajCiQeDeKERyQSD
zFv+zs1L4KqBXKk)#592)xBC0sCD(VCh+1u`|D(drTI~v7&IuHsF)|wE{P>8P(lb=B
zZRK>pXBVUrNeF7RyuS|!o_`Dhk4puL9(oq<jP*r)nx{^YR#Zeb&F74@{w8z1OxNgr
z0k7TaOF3m`2VMnO*=AN=VhL>?2t&HO)I3nq2r9Z0)9=k0<a9nkTuvk=_Ggqw$+NbU
zWE9R@a?g;#GGEABK7Pv0tv45FqHJ7oBg6e@UW3WH(}(jo78&r*U%3T_%d);L=N>%<
zzXFpajW=!gbF1m?o!&^q$jIRIaK;|1>(%Sk(Hs|?SaS-JNdGZ6(Ahn5&)t0-@t;54
zcG}@g*tp~7c2eIffwCc6f6o~98#dH?j_mS{KQCSnInrLdW1Nq!h=<wavc#R8d1zPF
zzG@!3$uP?8Re(bN#pLzQIOO}CG=#m?|H2sR@7qcl278rW&+*`3AF{+on@XzY7T31N
z#^vsHeTpCF1c??E0%*+*m;Sl^WrUUSecL*n@`VWEfB@1DBqb5?umkWm-1n2-y<d>T
zkg*aXY4Gw!A^ovXc^|?!Ar`GgS+$_ZN_X(H1ob~?!A7<t?e1Vcl6w8KxkBU>E7^MG
z%MczcqvYro|7LQ)0L-g5otkQ@bo%V5;t>(8dYSGBt+I{58l_Ul=}%5?mnk2fcq?+y
zmp>ccJ+JUl?#2dut4iV^HXlzR_(;geK|{ZTgC4K0uuVS+RVNm0Yn{}rhgQodP6G&o
z%(`Kd*YfWxxrDL#ZOVs-p|}pupLw5H@JfvhQkOi8X^qeOJ!|AF{&7tJX%_{gs|hqk
z%-g7}pe!~01^_psC^X~?DXEYKXbF|+Vt@ArGxE{Hk(DO<w2Lu~ZG4FC^c=u-b`ED>
zNs(3t-%00YH%x?uTVg-wmr{7RUs1+^qinbSS33$EfYVIwdj4;S$^UH(DK**J<UX=}
zw*!DN+5LFz@`OyGuO2qk_?yRnF$HfNd$lQ{+BT7E*tt6sTTiRW`RG#t*PhXhoff<v
z7eb0n?Ew52)>`*>U=96+e!<Y6r6SuK*1JDvAqMZM_0JMc_^-`MTKD3a-FF0+joV98
zUw@iWE_5Z|Mo1BK!ZP&W7DXF7uwdYm+wI$98>f!iJG=%{niSNqN2=6d=eE4wM=Z6X
zpArJfRyG<|0`?Ou@~A(FL(?G(9=ot}WC3Bg7uwsd&t{@P9j9Ts2rG>kvSE=C*J)m4
z?-qAE_^(knT?-ne_o8#WyDKCoO$MeeO%2<fk_QVMpwylX=~&u=G!7W&hymYe{Zs~B
z>yeYo@N9b~J`<P<BeCb(UmZ~N`U1<uLKxu5jT;TInVOIzW0wbhRuHuvLe;ec-lR@^
zk^nB{d4l4}hdivh?!}^7OY*Lybt!a!=d&BXp`tQH<uJ}^4eHtX5pgQ$qj%)4!X9LW
zlKTcG#EIz-8*6>hffq`O8nA0B8qjmf?L`sW{{gAs8=oXlrMHHxrs@7fPRx##X?)#4
zG+9TLulD3>SeV{$Y9yo&VSAjvNJiwSMLDe;_;<}&KGkGzRtdj&h|y(1k5zE{@*nGd
z%Q@cn3a6f<+Fn|l$PH;ett=~CmhaY?aPoZApgSz`PUZdT5&9yd;FlNH+{ZgY7u5Ya
zylNSY12LoRU0M74wP*Qv{LqVEbMnIZJm2?}eG)*91*z~H`?sCxIo>3r$`K^I_cCS~
zgX-r98Wlwy7*jJKcEY;i@=w04j_#i9p)Gyu(~>8p{@!_F_aEtezXQH-;D*1m+hxh(
zjgzdo^xj8**GM+Nb>(GMPGz{<wY*d19d*09z2AHl<p|Ij(WV(Y!5wG>!H$e;SXUSy
z>wrEwHbYWdpJ1;j^A<+2S`w&#)OoUA6A?W1#aWD#PwdPlH#NSO+D#5PZ|@4{Jy2*l
zhZ=tQ#u}|Fxa%~gug$ma4Z28YADx;!L~*%zSB)n>LU*|S(rnqD8;!N#H1<?HU1`l%
z8#&#0B8Xy_HuSq>B!k>G&G|GKYs6OfI|l!1DhsUSl~?}9o-qMRhw{st!_PXn=<wF0
zdw6k`d?0_$c^;ftl~j5oe+8y&SX|Wkpgm!KJ}jy!9?<Nl>w1zzew0iM9bEBEy@AUo
zvc_26sozKC(EP36v*4I`BX^{917hQ5+k5HXI?hPrd+6Z4`$I*+)pvo%4imH*i5f0<
z_N$1s-slq<C50P^LcKL>Zt<rCBaC+)5IiJ1pq5Y=6{w|4F?YQuv39*;)soERz`RL}
zgXP;lAi=_e<C%YY7+zLE!#A;W3ANGnkVtVt<cgX6?yjv>AC#FHiRd|{oBEE@O7gHL
zLSDBA(pq%k!<4vD(H6#nlqft1;7pl2%__$i6+%gFhB<4$$p?4xnFUYZ|7?XvDS3Ao
zwF}-6cftAb{p}Z*-6f3!cj#?$AA)8>fz5yg6OGAx27TGA(C7r)SUP=h>qiS&7WB-!
z!*ipQUA^DV`m^3-!f^6wb4PnTLF_eAV3aVi?C{R^Xn$ep3+%pt=qVqzdn^W0a(pao
zq{_nF_Gl%5C-T@#(XkEFzVWfZ0;SuPdC_Hr^T<6K*$by@7ViR;+w%V^JcDxEg2&&7
zbcu0xW>Ly<i_MNEZ!(a*7g5EpB78o8aQyAK(_m@&lxCF2a`$_?{|WTH;`6q(zNCc7
z<_(?xdHk1EI<FI&T(a|PNyN5|<L}BhlhnzKp=^_B$9(hrzCpamuf)ENwM(8<kKhf9
zXNMKmdOe6I4etMkcN?B9`Z%N?ISp5i;G}`;-}jC%Bu6>k01^1yx=u{#MSF+GvHsrD
zQBLJ1+>nG<FFi+~)Oc;8S($8j+qWLW7fqS(7w;AdRnwKT(0fI<Y}poHEImA!s5^v&
zgX|oa!nA4cLbd^E!S~7qXD(wdyAe-b*I&1~4q&Y0F5I;X3)HdJ<BZE_#6PT1#IE@&
zSafo^=YvL{G%aqY=4W5TrUu|giX3)i^Jer#Ej)3RHgFw#&OHM0Z3`OJ7Cd4$qnl}~
zJZn7>pv}_^c5gD#IiA!RY~^3)VF@?CX1_dhb=$+C%&I6I`>wjrGi(|e?Mx`o{dvQ-
zE}5;7S@qv9>Tt)Dzuh^X?oy0{?-{q9`G>&eeeOWwhkHK?Lp!rovSF70-?e@N7Q&U>
z(+W~cT&vxCUwoIR#2bH)-b)pnE#X{XCt2|742%y4is|bH*-rpd<Ieq#J7QtYBPRH+
zxzwx4Zyo{qN*-90U0N}|qN^q4d}ug_zgEx;{O_gL?KecIDCb^WJUSf(`1yjFE#hsl
z@b}$@a*ZX9y<X+^M*i447AJ5GMaM5+;|mc|`WYJF@TZ%`XHa%1s)Fa`P>X2KJ|CQt
zH>7;)ddRy$CQ4BXiE?x_U8a<}z7HOSf%c<l8y(F28ncyf^LN2Axoq<rK@GRm&Ho1)
z*58x!+oX{Zl+p>hf_78%NzQLNlbgI@92gR7IgA+Qv`ZOV-%QCn%`Lnr^7V=8!o=l*
zrb*Pd;M-OUT)wY@|I%ojFx-(H7!Izx9dmsGY>vq^J{8O)))d-|45%?<ab(f$KS<UG
zUO-6KO|}q!eL6Rirz_p%j>X}Rcyzl6Zz7k<?sb#2S69jrw^|Zh{Wo7Os-)LhU~;+F
z_vdk*cc;&H>un<F<?rC~Gw2WMWhL`-Grr7s3OQ5M1U239LKx<qg8#cpPDo}IPFW8A
z@DrNC<Tw*tJs{eIzhF2ol6%WL<uUnBbcRwu$wD)4)FjMA_Np9rvr(3QY|}Vq)TRCC
zjNX5EveT|;1xZa*81-o&$w9rfeUGhyT`+M6w$!~`(+S{v6xCE(ldl0+HsBTLmFDK;
z@iYpZ1NQOxjBR4e6m*jdOG)W;2BMG3Cm$bo&1+t<`;UIXo>rfx>8}I1`zoHUkyxXs
z8gcr(iKdI%7Apc$BZ!QaEA2w@!~W3b<n-@}^x0b;-JU!TcB^f#AeWntsyc6I@h!S9
zYMXG!!dD8b95zc`t%w!~Gc;^Kd8hXp+tvn$YrGdYMiHNWjgMw=?4^e=e&5wRzYafF
zWTl5|2HPFOXDe%RnRnVV&v?2;b7HD(kxwA++*F4|Iu9;4+ftpbNCzt3>lRg|rCqk~
zukswhAE9#F05Uj!E1YWv&%w}GV}_pcfaej~3(GAL^9smE7%6P+=J%n{Pelnaa2N<s
zBPB8TfzWb3KSYR68GY)ah9c0ks+g7|&r0}(`Wv=$6I^BhoK`2#A~H`MifPut^Zf+$
zyI%r{4T*-=wt61l<gn`@SBLLhD#{*EV_2?nh5M7Do{^C>rNKx^vfGLj5>EMkre^7{
z*T+GEi`Tc6!r}0De~&w8R8`!r<^7&b)sQTAKOyBi9#Lb7i$8lTK@0cNuL~0M%d?mF
z+h67cc^0%_|DZWs<Xcui8w@EnnUci|ttG9NVlp@Gbp+f+ufH|DOrMwfQD><9=_+lZ
z9;ZiDb!GYZ))~@x&YK}YO0+t!Z}zI3Z_6^g>xcH|t2~JceRG>5|BI}54$h<tzeQu)
z_QbZ$$;7s8+cqbhiET{s#<p$S)*Ie@=iJ}Dr|SIKRbAD!pWVId>9wA<*2#%w|KgJ5
zJ_|JTk{@j2F+aNV7t>Ze=UD>JO3wO#@mu%&OeHV>g%5o$m-F-d%trX~`p}bXfK=$Y
z0+KrjCldR=*<I(^rK5tHBarRsZ0E@<)`0hCUroSOgW8Tr0G+%+-So@M0MFpXmfi#o
z+sjm!n39rUu^OU)&_=-K=;OPm7v>@U(PN|Y>WmZu6AT6FCi&=pQcvcQ&I12o=OYKU
z#z#+bJG)5&O|!yBxB~qT;Bf;}JC!08-T%x2@Zi18V1Omv@Eb-F`-weji;^ITmM$+h
zmX>@$LikomHNy&KTfXsIQx(1Z?j0nR{)Uq$E|1Av2+)nI2Zo3Avx$X!S|)sYTVu96
z*TWa#0=%4fTJLjr-+x^HpW4RruSSojTP3ySt*;z53syFx<X?d>us9@;<gA+1h;uJ!
zl}X8S(yhfShH4P_Idq}kouJoY!Alrbl*QIX3^4ks*1}fvBgOT)v_(s*DaOhK12<?S
zB%qWODW=I2<6d5$+$mglW7)w|ufE~TK2xhc)lJW<ZyrlqHVp1HACUM#N7~3H$>zOJ
ztySwPQ3x%x9(NPY&{oI_L)JtCrUdl9jJehTXh35y;yt~ldisg%g%*_*?m%ZuZlS9m
z0^8o4SNB+0Y+Sv{<xPFWETF`B+mEf)?gE6M{c~bh8`l)sep%~mI_N$XK7Br{9iRRO
z;3PRVmM~n+xxvJZS3=muWI9{P|D4+Vhse=<t@0_T$DzEsIZqpJIY=DGqcEqCL3@OC
zI{a`vc4j*v7FEKf8WY!ZNuxSF7YqS3@@~?mYDez$STTNCGU)LeKaNlc*&D6Cry&?7
z-*SVu4Wyy@1b~#zisOeG<Hn*{)#wC7d%AY!7O?f)$kDXHzZ5*-BEP~Gx{(2EDYccc
zJl8ZKLWSdThkKkR9Y1}3ai7zWoB6n0PIX*S?+)u!g86y<16=Xr^qA35Df)+*;I~L3
zgf;=U()Z7|pnPJ44{5lW%}AG?ufo)LpDM+5-L$RE^wcc@4_z!(uE2R(axNy&zAAWW
zRz-TSH(cmSqFLLDKT$#S4#7P)jp?lQ(pt_xH&vJVT}A`{H7`Sl<m+0s&8$Lpi>x0s
z=T*CBGL4v`{%XOINUu58OyRhW22qe-tyXqfYFq8&M>@X`qfqp9bPGSD#`^s!Z>3N!
z5pL1Rt*PQbK<#SKJUMxL<w}P&*2+8%N6T|-LF+E{hBG|ZfTXfVODMxCQkloulw<>R
z`uJqIibbIJRNF?&pDTBNpM``7ZwKxJ^ZM2zw9>}p>dJW<vao#f#7#zBd+gFFj9o__
zr&hfdUC`%}Ht#7XB#pw)&LyvK7b5H&rcv+5->b$?zz=Lp7|q26|Jrw6$#=Bifo7Z-
zja?d9C0h@OR>~fuVFVgcAyp>B8V|BDL3R-jUR)kuP2&9tX-|*Ar<(D45!I;w@+8!M
zvyqdgwFVh1VQaYY6r#JG?_Z4Z{Bj<H;Jq3u9<Wf}dO<r}pJF97(_MG4s)X~r72E_G
znH@4(?<Yr%BfV$*3oTIN3Mq~Cx@B`*Nk?H6nK*C&KcyHxPExrr-Q5Fd8F(?F7pw!i
z=hZtz*4)f1w)JE-Vui!@3m&(Z((lK>Z~w-L-;N#>^;J2&!oC&(Wu+S}QqTbL{l%N-
zgVd`TZ$e=h!^O;u4SH*;DjM)(6{++jQAd|F1CWe*_0@l%_a=MD1<nS4`quJ-)0IzG
zQ3<dlbqEie9$>L5f-TQFH-mGhv5~sBPU+awkg&L!(a=5pNW{pk9M3j|9(JBv_RIFb
zdYVYc^nAkh9csaarN7QQho)R(%+EEwBZ?*S^ReMNZKFM-Tr$drJl;px>tlW3b#|{e
zEWk`C?97c7Sn>0|wm?VO8nrH7regU>FQx~&gY6f9DX(iN=CENldXb$UJ6KmLTrYnd
zdqJ&B>;4fj_a-ws4HSsO#Fa5+FpwDy;Tdqni*(mt`7NvK%vvo*>!wB;L$%%}jWIv$
zvaa`%^&F6baL>mV{ZA{^L6&?nX@ikG@prOJ^u3(q^sfTy#=le<(=`^u;8%jLHPOf4
z#zPWHZW<A|t-%u~u(q}zM4p0d&1yFr51KhO)D&!jVJlTnz`U0)EcCF2dtK02;HL^j
zT(-o6WFW=Sw8CH#M+kH+-QjN<VwAs$B0ecv!nA`^T$z@aT0-{2*E0HDgcmX$8SL>7
zfk<$4X{dCqtGrBEt?N3qIU=r{iK#L7e~FX6<}nC*Vk5TufZgb$f0E)tY*~kY-_QBo
z8o-4N0k<W3P+sUDbA-rWLE+F1LHDNq@@Y6Sz_zu&fY;#jM>=uoX7GGvHl4o=OMQXm
zrnl{KDLXy)TUO^Cyl=vV1Z9Bk!uUo>qoDW_K`5~OJaF^=*;N^afCjaUn>qu-jMKUx
z@EIH8CGPh{rLo|=LO(uIF^4>E<fGjgq!!N^h=WTsbpX51Bs=qT)+qmrR1#{<Hi*lg
z%FQ1pCbn;Fyt44ZX+Q0Ut-6bc(4M<bkL{rKm3GwnCD?>!H8$41oO}B%iBWSF(_OXt
z(4p%dmn51Q+qv(UGJrp4nOWX~d}xH)_NYtesb$l!dG2s->tQZpswZR^-26W5bmG!E
zXjKwWaTP+Gt}|qNDH%_<r2zWPCq!-IlsqpU&raJthoM?Ey6<fsR+Z#K_CZS;o$vPE
zwESUzjT4t#O-yuZ7s#kyx^mlbQqfxu{z2a`{K^<U)@)w_jQ^+4Z)vt+-+JCi<&*g1
zTej<ITBrSnOQ>99dfx_K#Q4X5ws&Zg5xc?k%AN7lsU}gNWs}uB`!RS(bNlsFLMj)%
z^ZjmoBjD>Jy>m+>1Zon5HVEqh9Iq>obd8ufq%sigrPA+^K2mOSvg6@Q{%A5srf+%p
z`AsmT{wp4&0;;0K=)~rhQ`%e5NaP~bZT}2Bf-Fmf?B9jmFHB-(p?#LrAQqUvte(Cs
zMYv)xJYI=)gf>=LcYgfn$*Au+m2=6|c?sX9?wAD8AK;BajS&Ugm8C)$5_^&e-Sj&*
zjq?`VjxEU!D-PBHz4a2Pn+ZNY8k>$GMOaNP&6EJzO!hQMRZFr6*7Qa((N`0t3$@`<
zZGjW8M>$x_|9cN&fn-Z`m6J<4R8M0Gmt-36ve%`7dW^JZ_m{`_*XIMWuDKv1wlQap
zPzq;+rkUT=V2~{V`n6A<0&evtjTl^@*FEIZUyNaJ_<hEx<E<gf1eY+=Bjb{!uE+V9
z_^yHnOrDT3=Lb^`Dh0Ls3E6Yc^MLK%>+9SfRfVNxd9<DOjkH<O6;=Y;C>$XWP_QZc
z4xyJDfjc(#<C(rqT8JDp5WUw%Jw6U-+7004&3Nm?jj%jVELpu}rBQF9l2xE`tj6x|
zadnriIC$qU>mNS!#Q{(fA}OM;W`E!Kd-Ds**(>2Hwqq_ELqgeG!AO)&HoZ^o4W0g4
zt?wnkG_rc`^vLcFUq9cUCjBJ9{HE=GhYt<y(Bl-5K+;HyoIx=LK$g8u@I=cBiK=0C
z2!>VjZRHpF5;tDU86|JVQ$KYmBG-kV?Z~6BymUrp1<!@7VW=(6Z@Fooy3r9-1mC*;
z$S>xD;ZY9HE63S*WZ(Kgx!W;<iT;Wa*r$TweL+KvoJ7p{_8UKu;!CoY&%=$iRE9A&
zAw-3o-ml*laq06=BCDBK8806@21h_dQ=XI&6{7C(t;3K5kz)-mL2W*Eo4_QVd5<f9
zk@O>+<QG1cQ|V@|EFcLqP_t6PEW+a2U6e}fkPBt!+JPmOmNi9a;9>6iS5vMgdS0>K
zoQ7B+t$Xo^?dL0^rZ$yRd3ZCs-;$lZ-g6#xHZP9ciZl-yHUX=g7>w~<570dhc?%nB
z;NkVs{K|p-de;5Fe>bN|h5Yw(-b3;6`&T;Mg9lMuCWwfaa42F7WfjpRfd@7sCz!S{
zFR08>$^P=Fh+-y$%8OJP$iGpP-9UP;B~oH7ahP+s1MSuu*|&YEwwwTk;^ILSC%uWa
z?3x&E@M)BI!YC-&=SgSs=*mi>BlUjLZWc3OX#?>jh;sePT``H|W}ZWv;m;-OiFRTS
zp0j?MnoKDALDU6NP!MXpj#q3G@!du>FCg{hU2F!yft0u`IW-goHy$t0!+ZEVMB5n-
z1uNls+I_+*C<{yM9vYeePzR6NiX8_hw!BaJ{2DfxieRi2{pJNemiF_TaLJvh$UcW=
z_vFzXyS}*{+ZZ29cx02Co)P#(5<#t_hgCfJ96>p;!gh3&MfNzX1nA*XXxso3ep1q*
zomfxA#NkVkwgEPO5xDP~KKzD?{94hOs$BmZ7@aR|e=o7370gWtAS~-qa>CJR`3?J2
z{|nE;;-L(6rLQV9TpNeelsc<~6oyPv0X>)`m^!HBEKmieNOPW@eK6sSH>RjuS`Dd)
zZJ5R19i_gUNJM3pLI&X3bVq`Vs*P8N^@Tb<Eb$__ayv*xA|+WEiU<_~s)|W!n2w=c
zZKVA*RZ9v3Dm<r63DuE=i4fNWlS3K%{q9sCoAA3}h;8CRtR|Qzx>i~sKU#mkqAmj9
zf}Z%}-R}D_gfSiyTuBkJqKL#B<}8o`{-(L=9UunUHaMh8;)#AZx)zD@gnh0>2>Vgs
zky}TcHs&4+V~wgVVEd~kq5cop2O{6|Nj1YBA92)5^_Ez4V}T<`ThrF~8P;zK0SNJ;
zrR{5CBvx?2wUAB4Nhr%&eOYIy;Pps+M1nIAsH&JQ`#cj@+8CpuOza4&1mR5Ve?U2?
z9={#6BbAaPzt+n9>krb+d<BJ?YP_w_9}}jj&bMB&hHis@ysza>-8Z^gFsLnZA6Fdb
z`h4|7w-X&f7t0ehc?6)1UTVrN^gm=B(MfA0>)PtOBA?<DR?$`*-HtXhMQAp}G$1Fi
zo~1>t)bvCjFzSe@lBojt{gtLL?1!NW(4uLoeIVO;xZy%DAR?FPIXIejxLqSX+`r=f
z+u!5!{(RASMU2cWUhMW5S<l)7a$kL>!W!bKNTXTRT!H0qT=7*Y%||2OG-e1niMtjS
zt{n1z&3GcWCW#-KHu5B1*={yjC1=Nv2vF<@0>OpqJ!VcAMuImU?6TZl`A(MRbX`gA
z3w0u|Se0HN6+aLrEv=zdL@l&HAk-vonn=8}QTgTC)Rdn{{|ZLCKDBgh`aR(ktQUjp
zNi6mLwiG_ERf#7lkRki7xyxWg2GR%mBs)mJgyjM#>WieDI3l7LJWC-Gj1(K<jF-It
zaoOn?Ojh*Fo}{h4aH3x%B1b5}X2i;Z@JM+G$(!qV_5vI8g*D+KU<{Pv*eSL&!SM6I
z4+UZ&viAkr02vAv*p@URCVAGQm%8R!>c(%dddpw9^n@%bTuRMqN#dD}lC2BVKwRGn
zs){QzKLf!sqalFM4HC#TqEG)wWLYL6He&z>wj>!MQnaL&FuXr#%-IAgC!uuX*~#9r
z$<F120^!KTv2SlLih)>Gu>^TZ+XG}_RaGmVwJ>=)v%u93_@lkdY>SE-xp{jDQ)2MC
z7q}p!zkOmTVRV=dO#tSYI&dH!eXgD12?>?%wcrW|-#U<<rNTbmONvuei{(f2NA*mX
zQBY8^_jP&uK&UatNbTyHdh@vF{Ja}b4N?{zJY5-aBIMi=-Tm8lAm3z|SC7m5*(Ubw
zUfZ7bo#D3Kz(oA?%Xu?jxqx;Y*K-e@!lBWgfmIs&h#3_m8U`v9i|eT0r=B|+hDkTV
z?wpqFz9G`{9GC1aK;mVc2}S9K9~H8ja!-L!Xc~IVfQ0NzL%ais(A-fPwb2$GDRgA`
z@urhOC)neAk{fx|_T&;FIX}qv_n*C33>1U`d<nUk=F=tRdw>Cjvn*CKLpRADGEXQr
zgs076)6TLu2EW3$UGd6iqTE3mJsIFV_@>WI^Qk-H^hHqdFi_<ujPAv0J15YUuK2{+
zSWq(<D9p0dZAZF?JdN6FhMDBRk0?Ac>laG!mXWwmd>)W+Y4b&}y{zx=N=*9uFeBbq
zT>4N7N2pS`f-f%rR=3C7JLj<(c@AtD5Zvu<Qy4hBe`t8f^68cr9N?=uCG?bbo6u>N
z`Z*p{xQ8;Vkh5odiK?&H7Rm5KEwCrEfuYLNn4HQFMDXXb&|o(4pS~WDcw+ja$qmSf
zUzuYjs{wtd;BxkR`*W;F{_a@;{_n634lg_&n)KhU5+#CJvJy7N+VS^GYsKH!^l4rf
zmS6dkV@+<e?CMvR(*uf4E*$e%c7uqjo!yyMLEh*`)xEoO8k^D8vRZ9T0-I8UOTXzi
zwP&j_?S``?f}YSdTY(?Ki5u3<H96SS0A>d_L3xnY<i-1=diQ(nqaP>T44b-hc6sI=
zi$v;E@-yes8Ix;-mzNrst20B-|0HbIA7)irD~+jQN}AFEW2fbeMs7CvX{!h6JU$H9
zJ%qq<RvNH|wD(lP2&6jmEwUy1tsdK$uqHD`Qwyz9Ue0vYb2p76Hiud5W_!)Gl4pS*
ze42PW4zuCU?I(p~0YARiVmB@oTNx@be^lQ%Ht)iRsgp@~a(v&daquk>$U>~jv@m*F
zYe32aBrk5uLXg}(6?1O{mPSv?T0p-V5$W)a)w_ZNv(t_1CyqiA-l)=beKLfwiHFd4
zOt!|Fs<hY{9H+Hu1^k|cT;sa`>!?8Y7A3PJtLH}rhy6cW{Gb&C0pVZ1)|hlTI{mpG
zAHUJ56bgWTFwwE!+Lz*EGC?SI_SFc=H(t90xD%aDI}21u&`HA?p@PW35}g~yd^-^p
zw;oD7lz;9chL%<22aO>a$k%pX1ZOuq1?icz<1pod!M%FRNNnuYh$v*y-ks@vCJDYV
zcE041k^ab}7V*Y{%1fEs>YoXzCayV_F}2i|SyP21`fWt*Z+T6pSRybFh4%H}-|Ytr
z`+{Lvt<{&$XK6lEeJfG#wGA<P^^&AW?fIVIW{;%Ymz)Zws+Oe6VozFUbjes*bZiN2
zUKVU=M%*A3$_)3@E)>CA^UWv?Q?PSZ_Yt-UzO@*0*6yYT4<=u_f!P=K?)7K*MxPi=
zm-o**fMZdw?ES7#O7n{r6r+E9Q}+iC=~rVatioqbiiLnM<7s>Uikhytyf#sz|GPIn
z$;{}`O$J#*E-gYJJQv@xsS>**jH)fAAkW{~)-crzCgY>>Lke*rDUKQ4#_WyhwMJF;
zWsKxEEkEqI)G8oqV_LvSNr7_oR)&nbH*2>?i&Is5daIUwGiJJq{sYui70<y{Ih2CH
zp_i9wiA8dYH8y1H{ivJ*S#94uWMC&=u4uCxXz|;#N{c5&W~2YlDEy81$$?T+W?n$z
z-JIQk?SyHc!`5{@!7<TQCUZ!?M~8?Nkdcyjiefhh+i5S~&<jm#2{KjV!eTud>WIQW
zomD~MkPz5-_jp|b=I)&HO0(ae^+Mu6o_UHJtJ@THpyb9+m@SQEg>k*DAQJ!kp@_R#
z-8(URItjp%(#jXnV6%)LJFO%CbM8B07F+RU2#(X7!ee&0j-?*M?vJbt$zT1&tK}6<
zjIoo9#?F5#{ZDZmc7~1n9$&2rt1bK?{OUJ~eKSZtn#)et`#dZ4DfbKX;n{k&FaG?e
z?NZ8`+GEY^8QB<8{=cinld^mNJeVBVdZ*@Fe;p*B(~V5>E)7ZPyHm!uAVkA0vr#jp
zNO7e-u6>EX&1w9uY27Rkkb}~94tHrAiZK5R0&5_plsb-vU!%iM8@=-RpcCt6fx`Yf
zEB{tCAp_#)^pZ@kZ7>Q=Mm8|3FlAwI!*SO{T<L)%BV8N}YEY`>9K({ASyi<9C1QKV
zVgIxY8mp&&^3QnGu40$|Q@sTYAdL7>%-m^P53pA~74&cN{VmxFWTM<Fd)t{j2mcYK
zJhmm%<hnMHhAH`Jo_(U{f&r}$8ueYp5@hIh99x~)o_ga>oG}yK-Fc)lF^cf%n)1U?
zz_eK9N_XV%P(XbR%u@G_oZxCbgfiFdJGloL=y>x5nGkQL9%f8E8;lP$e%x)xbsOwx
z?{yk>eNkTW8>JL@;cD|9M$;!&IE9&tBEj@Rlv0Zxb1xE*`0vgsjW?kz9G%y}lw~4x
zN>+VRxH+=x7!h5PYF*r3l!r+IgvC7|&<})Q4M;{&eVm@K5rygLu7Q*<A$M_||6Ul3
z$gL@I*pMj>{+&oF;{HzXv*JkUp2aZ+mY(I8L0j0|K?*{;X>>coHNF3aoeV|&-+}9m
zpH)>lyV`6jErj?ZL-Mn93Fm(Gj)*+jcOx|XJr5KlH|wT!p+^)+8V}5L#2L{P!-+rD
zvHdhJRYpOYeH8~6GFdRH*CYMZP?!DM8WY@k>1l`JxA946(l=}Qoww9$G2irL5RCbv
zJQRj}P1$fIZiYTfTiK=%p46%|bELMW6k08!8KsOKvp1~30sD?$2dr6Zz#C5CHOeI+
zK|)wh^Tn7VAD`>5?;lbalv-5Y^To1eq(QoHKgLTdWtg7}j<HRp;OpUF_U9zt;sIGu
zB`Bew`Mnzx%Xl1r2ORKb4EUidN<zeTSv@7-$?}_;+St&+vOt_4s2A!+{C&cuDBkhw
zvO=VW8gd8UkH>E+Jp|1vPQhP#2@3ki%UJOuJ5Qk&W?(jrt>eIIF&ELKF|Dw8-k+#8
z9&YSHLnZUTjAUdp(jjudnLve(+F;QACu4?*HD9L5U3^((1MSQfW8rCfdeM^i%-la$
zMCO8>E>q%pf|UXrv-|ZpETT{Llt|uqAb&+$`#nwmGI&A*k(WYuC>>@g^h?iDO{vGs
zVm5W$A+o|zx!iO@oOJs#HoBl+tCSv$%<l9;O2+zS3(lzoU_2<+*|e2DsUaZ1ZwApC
z&}!ga47m6+aPgSElEa-2i$4#_C+pnk<=fC1aaVH({vz-?u?Z53Gt0tgj>q*cpNWkH
z@b7bb{gjK`P@zra8hUlRnvo<;t1?+yTVpKdd7~#rqV6RuySKYG-Q8PX_g%kE;qSr+
zPmg-5=?uDi?;oeX0#7RI&iKe=qHUh7?}2`Eh;|*gav=}a-WUJx&f%g#ZkCHG3U;IS
zcbz0<Ap1sAh8fzql8x!BDxKj{ymmxV?yF(e@koCR`h9>uW)&2S-W}GX!IK@CV;^Cq
zU*#3hj)X+yhaxZiHGGu?cObK~MV<cq2jhRosqiakC3j;yT&O2@S;NQ@@p@lvy#w&L
zw&>2oj=E0qaxk#kY?CE8b-a0Z-g2LfhY~EJ^2Tf}$;L(%HGudf_J<?A=#Q~63%VaX
z#^1|2J9;h`3~4*LL>p_p_)P-FP!X5u+-fkMl67^v%xA8S$n&Q+?x!1i!C$MAhhLj=
z{}4G9Vh$eVNAmO%wyv0eE*i*WWlP8#@gU1Z4gbWQC;P$|N}lpilUr}9Y4FuwwJ}iz
z94<RmK4Yx7l)Vmv(G%gy2#!Plpu*uI!b_m2tFA{~^$NY~{s>BKr5TXt8Pm(({LSYz
zuoYn=k*%xW^KBc>sj%Y`5maA|owY{k6QJ;uJHh_*v%l^=!1Hl&mRnQQxdWHLuW8?I
z-Ppd02mFcjgQ!aq)--_Jur%*Z;0i7!=?8ZQ0O#w`B+tl!%j26?AgsN8Uj1K(boxLZ
z-0NIoq_198mpdF-Nt&dnuUx0YTRGmyPel&{Wo0wm$$-|L{H`WjJMMWXMGh6}&yyrw
zPjID`<Dx#$7N5H~9O$_3oNx)Wr|iNvt%%H)RD=<|zO8;YYB|jJYmd1RzSVouk1MR%
z+j4kAAFT0vLy<Gjo{5+5+q~&_R`$$?UErM(MU*>`f(f#>O6C|;nk)oxkzAQqqMBxl
zN<{x-unv=)(higU)c-N@*Hb7Q8bC2iDcfjFdLZjr|2ovOFNZWVy<o0NP9gl}QNXhB
ze{?xHK$$WbNrl0$>h)#~@X*)78T|wtqHygZIoj@RDxBA88(p8D7EO2tX-_qn_i-QD
zz2fM&ep{RWj?@DLJSlDkG$0X2{N?BT%tyd2^A8}$m8c`Jnvg)2bJ@_VYQRp)Y)x9&
zSQUR>j3+kaSs(v1QiGNwJsK`j;!jPS7a0=qS5r!X6cZZ%vjuzAy7*RD5O$Pp#ZUXn
ztwWFYapUXn`lITl(c>7RT|C1#JTepfqDCnp5>F6}#)(p2j0y_lp|+3943kP!LMtbB
z`^FNA6S6*GKsKk!V93$Y;fJRl02Q)_+){4&QXrKdrpZVvCg-~65qKF(>_KQal*5t}
z-1*GvtoV%V`{qGjo&7s$TYty|_w8ko5LA(eGej+63#@dEPcvGZ=KZ~l$Gfv0P)`e+
zmeOxm{|Z?@pI%R6!qrImFL;q+i&{^To|*YaNYR8=Y|I!~vUFpAxqXk#8hrZ;Gh^n<
z$S)9O4cmRvH%BCfDH1k;q&nB0oT2DgiiWh>qJv%n<F=JQZPtARxxeITC-6#-LFBW#
zL)m>eX`If>?6rpQWuKbv?WXfyZgnD?<IbD;$2g;c)ea}5Ba0Vd+PYezJ!zt2?PN2U
z=}=`QchZ38nMTCZmz!zN<^t^QY2)rx-P_H<u#IS=i0r&VfXG&NIwELS@jpZM=SgjT
zyBRq=xrZ)XcQXt4Z?;l<+aq%06ap-1t|T<&rJU2(OE8q{M)rLkxQFzIVS23tKd8`8
zjFmMo8$282(nB0Y`5M*?S}!*5jV`3Vh#5JWn&`MLsOZ`wQ_T_}s0K*<PGwGx+F@|O
z0*ZUsOvQx=jKS!IH(Fhe;ksbL0gKlB2E_4z)>D^-<dGhYT*{(0G^KfNHd}fr`;N+I
zNL>`>P%RMzdo}~Qhsv}7<5mmz=N(1$8I0fKXI>OAp`43o>H%&2OU?*gEA<+J>#{;4
zD%S%MVK<Re!h<9-6x#0ySC5YkS-;b`t+!XEW!d(5Kla?!Ro214O$zGWtHj**t5RTN
z{uy00*&{PrkZY3FyOs6qJI|ePq2Zc|i4I*p88&M(?J#Kme+)**MK6P_Cip~)p1gJ)
zirINpLe7`~<Nqc_&L~PR+?^|$Aq&k&W|fu%$C*aZj@)-`ZABU&Ok2dAZ8IeMn%|td
z?uAS5Lj(Zi`_4;lr`ew;Tl=6cHp4y}s>@A=u<c&T2fY6?3ozr&I2ylV^94;Kt&yeg
z4>Y^#{`wr(zs?g0`3`{-hJPi6CvH>PNU-nMnC(As*FFd)?-oiUpAGc**5u0*h_i&F
z=xfB4y(sy_xRh43Vb0pZX`|L2b}h5BYqh?YBSV4~PKPw@R(<N1Se0SXeP(diU_E=d
zh+|-bv+!dA`MHgd)-x5ntaa13tCeOq`RJt83kqHbahuC({$$z_0)N+OGhvv@tQ7Ft
z4$2<M_e@#GoTXjoj7>IE7qnxtMQhr8jWbDuRmNGKo52)ZI@R6ve&;J*k(7GMVgtSH
zrTUh-<u9CbTTRlls>P)Owt(K=|Ft!zm6E+|ksou(fnTqli3lXZk;{{TLs?rPvhZLp
zz8Zq1&WSYy+^QHKRlArV5d~!E`T?{%O;zc@hy)R~tXd#89E~rIip!FU>aFZv2>b=d
zT2x4j*_kdUW?G|R0Yh2Be~;isgixDFc+`E`j{$zCSCI@1@gii!R$oEHC9!mFQ`43C
z<IZBB{Ug(tEwV0)b~fwr>uD6I+GS6!g_J`<RfRP8Mey^bCx+L<b5V|VHpR<y_h5&+
zt(h<BG=U!Bj8t0W6;5R)c!hY59R{(VZ!A7<gt{O|#3F%YtV^&r@aR#$X-9EhScx4&
z!tSfm+TiqMtD?YyzBM^*8#In1LkG{*v8<fBx%V3f(_LgjjUL`)QJ!d$Xn+P#Wk_>L
z8xY;KKvXEisODmwjOMRhqB$<Xw1f~Xi@<>m&>@sSpiU#E^caFbOfWo#E^9ph?blRS
z?Ch#!q%0_~!jTB_*@wEbzKc8XJC^kKIJUfsoeha8GvJ6Rr3XANV}e@;N46FRfyT*i
znrO`{%H_Y*BrFdP7dM~N>~pc0AGrd3Bl^>K=G7W~IFJVrkMcK?;gzV>%zmhHKQ4~e
zyW_#yj4|%RX$`S|gAegrF8QNV&zXc+GO7nLErQ#ii!z@L9I)R*9lkXL-#vDn=F#p8
z8W_Z?+UVPl-y?zR^;oif+KfNw^aqLMH0`-OUMcv|L`P3!asivUIQ2z%tyQb9rb&|u
zS&_duP@nrz_WUi$?%dIVxvo3&c7~7S<^{@f15@m%ZV8!QHpTWYC@b&Zc3GFCt`q+>
zf$1ppfb3Q8vc`)mKT=J5<kpkpGV9!+=q$m9Qx@iHcQ$-MRM(G9`!kn!_bPyGHSRc`
z7)l)k=-#nx@Wn6}84-_jWDcC18jf#U0WlYxB@q*~#<Z5WT8Ic`)b=Loa7;=B%gF_5
ztkknhAs~Emn`rVZbT<QGFMT^12gK}W4D{fpZ`e8->@5fS6)z^tP<2pmAk&kiK+&Wb
zSTWJgl|grZW55S=<!3=a&gXb-B&VKj94j=J5TfkX(eJMeUy<j_U%!m|vLk|oFL>w8
zCS;9>2H7AXDUeV5<BoputZVgswhaS)73SR10$v`DSKY45m<$th3xMO6`~pC#<dn|^
ztW^Br;=k#4?VzgB`u9qo(Fu1=tZb+<uSPIF){Oak<FD#ub-O_*bK7BZtAZ8qovPi3
zR9s4iQ()-XLbHv1$4qR=VLwlG^v~crQ$KY{9byJL7>=2q@vOQN>&aPnmy>J8=h2=&
zL@7?C{IBrmz2sSk$1rNr>h&qE`LOXaZ>Z{Phr?9@0sR@5e(&xz9xtjw?In=YAJE@b
zmdDFl{dwQwKuXP;WoWq5N=q--MDma?sU~sjS%XH?6F8Kz-H|iE`~qZKt$G2{staU?
z%r6EK2Sp5t*RKdd$N`<j#25F)tXxBeJqClyD12Z%{`Oois+_{YyhOx_AU5hPxkOC%
zjK~0-K31Y)@oEDk698<&!CA-#``DnBdjV!uyW*XK_pb?u_t{ijiVbeCF2?>Nvq(!r
zDttLd#U6ndJ~S&@qvh{EI$nnp))|;|G#XrOAV+>zWdb6bvbmVojdw>aa!J5R*n$@M
zDw)yZO|I9g^iu-|jY*BRv@5iUVHGg5)2D`v>kVZxhL@79J6l+Dy=1u(yS-?z#%;%V
zvxE<zqCGzTo?&Tq+t1>CgLUQ0MwxQ{VekqPf-Y#RLAIYZZi4oCXCITl8a2WAtG-c3
zH^rpxWC<J2I`f>cRh#jL>q@RV%AV`FCcc%F?(k6I4;{jw-v%}2=Vx9)?hF$;e-qg9
z(&O*Ah&~ew#Jri!SG9)DR$=Wr?60UDxSSt8B^7(mB<NPNx;aUf*_W;^-uJ8#syfVc
zG@xG;3{S%a?67|Phf+4*r7&kV@qs;$%ez-;El{q{O<n`+EZS(@8!WT*1?^_nI0fAG
zFPM%#bAYyurfRl_KCt6KhrR)`OFh@aUN)C=!aDb0y(@1T2KcM&_ISl;LXtl|%`?sL
zed$F=4$TO?$2i)|<N?fCD;)s8ty=Htk$-`QPHX6rZLZn$4ZE=Djmy%WAj_mt5>}VX
z0Ho6BOHz7m8`DW+wni@3=1?9X=42-{&d#I#E*e_S%5b}~KJsbrQCy_c?)h^;4~z>H
zj0-W233bFbJ%9HP>HQ)5hRB~{X3dOhyVGb)T^5G@(-Z_{RR$|=^2z7opSrYrus1x{
zxa2lDGYqw`F>!Xi{dC)Q%MyLY<e2tlFNI10MEV>JuX?DaN!2!M)y?-y(%ktvsSXGy
zwe9EAwSf9L;aSxD<<C2U-x<&1FggbCR&NYnip&IhC?xu<1&TLYuJ9FJfk^+}84v_r
z${YfzVRr5dfgd-J31VvVkqHQ9uaBHdov%Kh!07~Lyf_3L=D>Wh2t#(fayKqEpU}Ac
ze8~kSQpp8V$idCnrMZG^m0HtWm~U)I!BY;_>v?1H0(aZ!xYzq#Op*jSzV*U_P%Oyg
z%QL;7__yNi?whLbiy)PJ+bw~A+#uV0l>ZZ<KK&<tN@e=(z{+tMcxsx<`^TXK{}=JF
zr{iUx{3sJte0x}S;0p0qv<#Q{UiD^wu0oTJPPPr)=tmV1|D$grAZg+OL9%9T;JG_R
zl-4jeSM2V@ky(qBDW=~fx4?6m66(+_xvL(*v3~dMw&<Ej#>k3hea_HcnE<H9>U__0
z_ide(;vf4*E`hb9uztoR{<3w|*LAAU0N}*q0?4GHUmL7gxSRmqo{x~1+(=LP8VVx&
zU7wF&W=AQ=Te#YjV!p*>cv<tn&Q2>KzD)a#4ISbh)CWhPg`aIVvX=d+i|&*A2I>At
zj1fSO!+9iSJEgY5*6x52oL`yQr)Ap>9;RY<2JzV-wfa=xrX_C3e7>4^nG#k*S9tPr
zCehDPZ*}Je6VRQ?IN4TTXd!tJ*FqfPH)iscMh?q9t7PzHP2i%hIBqTZn0=a1OidbJ
zHIqfdV<%=O^>rX3^-NaY(wORCE4Bp)g~doE^PHEaw)6s@b<G(ZO7dKVio<vgN~juN
z{jj;89j8Na3A*+Xe~x>w039h|pF7H!ZU{jqB{sI%axYB@-JuhXC!ps>GQJolG6Hqy
zVr(yH8Of*^60|@&A4|LR&1KC6i$v-J;gd=&&eB@<mVGh!Ax;y*>K@CwF!8!4dQNgj
zQfpJ9XgHa7F++&-rl8QkY=~e;3pGv5+G1NJ_j0_@BG65L8r-tAjtTdHlX8Ow{OuWH
zfVxxkvNS#(eJ&CM$?o%zw9?am`}T?9uDB)<--d|Sh@0?d4Sn}ORL#L^am!CHRcX()
z*;D?o{TX^V9&4)F)4cpX;BK*DgE2aZoe1uG^syR9uAXn%)R)H!p76N^LIj>5Xtfic
z3oQ4XRQQ=01e+j(kXd#%Emk0UM~ygKf^u}!-`pfPmYeQ$EPK$ke9yZ!|JXlO3HS_^
zR{u>j)mr+QtOIcuEpdb;x_j@hJ_tYIrQ6ma1=>Y{@nGDQ*rczP2#q|9E)+H67a+za
zE&jJA&%1?ib>*2ef9;~zkU3D~eNS|=94|_&zpR!|N^7;dPICe#SXfpT{yY5C8x4(8
z>DCJJ>+|Gme<%pNOz;%!yE(f234(z+xDT0Yu>AEKOBMx1?e|UF^o;zKiB8^2=RO=@
zn#fBc*eE-wThNIq;8M|DWl88Ii3_`=b8G|pY5?SYeW+WR^~wJG1Ds$0iM0R*0dTOL
z^!>=MkDkOm9emLWr6iqGg9hA3q>M~a++*$7WQLmIa<YlwJ*DM>m#HXNc&5S&Z!jjd
zhv?u-!EYui2<AF>%2(tiQ9J6ttgd3&Li{l4(vFh=_bOMJV1}i2uX0!a+=N`3Otkpg
zo9Xw}@qcM$j^Bm;B}m40mTJg(J-ixqy3lbUF0$VPN?nPArP-}Y_`9;U(_*nDK}nC9
zJ<}x^LJ|}sG6&!@39w=w;3yxPvluPonQvK(#p?@8UU4F|5nHG#b3zW@{`!j(whoDY
zk@z(Wo6~h4FMpQ~`EcNVL4nUFQOiFiPFMH;1Fl6x2aZe&wU=S)7uw^hJ{T(jB2#T~
zRqI}n#Bz2YixRtMaTJFbjgGJ4hOC3Fd@{Nkq321n6qvS!o_m`s<h`r!42HxYO;m!A
zRe@pn*Sf-HR$#|{y-GLu1XX#?tG^0@X3w`t`23N6sKsOweH-rUzI-4%S4jz8UP?h!
z&3bpQ$!!R*V6CFgtkaFREW!c!lVp#+%i_GP;1qCn9u`abx?Q4xU<xiV{r1r1IUpq;
z6!oV&dSi#9$1%)6u*{)bFq;8In|>z=Bz<ITkkVP9BK0db!IO>q)3PV%=iz<>V?eX8
zdzSd93=Sx>uF-SMC!<blb;m=CWjh3(Y20aL2S$gHX}=Dc%NFLku<5Rj;1xlITYIhR
z^0O*6mQjo7Tp1A-m5hzUHuNu5&2B|WupD4g&;t@rjesCbg1Tl}Ez9=|wUkv6Qo5(#
zpRofayeaX_;89u?2ldC}At>M*M2`GP*D0xhUO@X?`4%htMPPgSXI4(xa_c!j@Po%k
z*AxhrBxe8WI~5GVBJF2C$Eomh=x#J3FuJ@rDZf;3_n>Sv@4;zBYF;r*hZzCpWABeT
zJ99KyMFrWoGyczHil`81<h$EpVm9Le7zmLbYAE|1JgCUvJaDmGjp@nC3h&ip5F|)B
z@`5W0N(Xf7iDlq(YVG}cpV6<c-i78{$JSBsqL1RNh1(>;pXV><o5U{j8&3c1v@^+C
zkSr~4q0NJW{;Fg&ts_1(%5+`L|6KY*Q{Yx?2O=4Zv*MnMy>>_X2Ku)0RHrC8Pa=>b
z^jg7Xp=(;|t+IYcjZ9WBtu+Qead_Uml%~@Py1K1>WNeTVQUtlbMkU|^Q3ztu7`qMs
zRGzYibtwNn=8qQ`85qp}iKJt|e(UZ{z{ZPHtSmRgc;`{VZeQ0d_L`ydnpVhVO%iob
z3xFzZPGaYZk|V^j*?^{T7FIGROPfGClzHX0t$D+SH?f#y6s46U@jv>hZmVD@DVpOC
zd?(29y2Hn*2m4=`^{vyzpNRORE~b}H^f#Zw#`&@ba3lv|DSeVSr=XI@PpcD^t53yA
z3oryLKU5{Y2mFDJqOZ+2B#IA3JA6JRmG=&I2@hq^pbgd!#3mOEkfd)b#@t*1bvl%N
z@Haba!14RLAR$CEgrP_Jwk;m`4^RulUw$*g3(&p$Slm~MBYI{ehe8y8y!3*oh`@ym
zut1Wj5cxl_!;ZV=-^MG6>$a<!1!N^tN<2ce4sRpa&G{`T-gwAY*f|9bEsXQhPaLz3
zFAqs49Nm2Fy{}_(YJ|GC;<0wFUS+8cJC5n4H<cV?fTGKO5|Ttu9Q=jd@jK6j(NN(z
zFD(HUsG#qxKgY2>iIgxL7dTOkVoVpxl3si->7sfKg;5}eVn6XD8^ih$iBM{1NzojI
zm2^5@dHS((kwyfO4H;ozEX5acdJe3_F~uPmk`KQ06}F<dfZiK{bVoFszdXDg7*;5I
zsW=`9kA}^sz;@GO90{ykIGtQt66JN~I*0mh-SrJ0!n#oFR1~$O3g>0?{-(_7LB4yO
zWsKYF#C1VNPr1(oZA>VU(5jxLY+t3LaXAR`#~`aTD{1LT$;uL*r@RKcek0SFNNRui
ze9Id!o&KrY`$()9s4j@~2YN9tgWhjbm)6%KS?Cd}9ZFzSwGg`eFPMCAqtE$|8^gZ^
z%oK5O{~kS?11XzxOILNJwsS;DhY1S5`{9?)(w-bKH4}1q3qrR=Obo0G<ENK<Wfc9B
zkCdA0r0Fh1zLJ`yc>ROsr(xqg&YNr@u{lC(60wAt*6oUi?pZF8S&Pg2Xq()DtYw6t
z`!w2Opg${$^vDvSh%0lcV$*s^<BaU4J8_uMGuvCq)^X^rJ0c3ri}*=H>~S}(;a79?
zA_E%V{J>HnD5fUIUg?Y1yFcQ_W=KBaG|p<I<f%P!ySeBUQ|yP!#OalnJA7=*y41Km
z6K3s;RxXSSaY|V#pTltnFmxayiuLz;=f93)vyYptoNV~cu8*#(S2}5tK+obhM|Qc)
zcyk0$5t4!BzPf$05Aeuf5dB;vv~Cc(0us3Q`>Jg4I9BAz%*jO3<=MHp;OXPS*49iG
z6UqDiH~*fTGs*a6pPJ6iLr%jJ5i3j4drz>Qn|m9B8COS3d+-R_u|ODKatG0ruE@Mo
zb4dyd;U|*|0bS^p)wey-iV?#NOPdIfvrnbPb4UW0an(yLg>dk`)2+J^9&U~6BET}~
z`3X(Yo?$=nGnq~`JJARgsTWkc!nht*F8q%#FJ7G7WKgXHNCKRV3r~AeBv$EYfWGMm
zZ^Hk9%onIv8a?0XL?raf6XAa;h9jtUcPGV?X(qClXz=i>`Dk`Ji)E7wOTj@O3I2{i
zFJttIX<aA1Y<5qu>c)^A^Id82hE^kDQwMUlq9<o0c@Sv34reCS_t*XW{uh%kg|W0x
z1s*)3<2-N1aZf6(IDBvdN+AQsLiu{?qdbJF`>n$|YfDpD_aUvP_s@f`ufr6|*QW&f
zEoyS4(!WH{!~j#5AL0YIQ9%vJ6j;T$tMNl@UnPcdvvuTkw{{_04#d)?e?lRnXt!VD
zuMX<>69X@>v>FwSfflb$$hLTe&~)^p>brVTZf_8TC#?t_K8iDk+vXI9GUYL!Q>A4z
z{_3kFCP7h?#E~rmU^VklOGROcaYOgWw1$hCU=w;J5hqDzpvOw!HcN2KKhKkS=Yb+H
zjay-ul^-iVS{{{z?op+IwK4G1<QljcH+fNnR3z@PqH_#{?s*%IHTeSe`(;XaN}O?H
z&lGbC?$4r2K%T4H*ZVU_@5|cHNo<j`yFQGfPaV{c{^6b0+iXoiMoE@%=93B1se#yH
z7P2;nT2&E{1Y`*mX3bw3@B9UnFub0N?Ba68TIyO#&VRPIZaLJ29@(O0pPZj2aBI3h
zz3tzYOlg0ksQWoWJZgJ~pg<_9sn#M-o`XvO-$7eQNGjlV-E!T)A}R)>9S*qvq0D0{
zbmG9_6xXQt_Nt`UpHTUHa}U+6<|&>Rwc|JlK~Wq8Dfw?SWL09`YbWj4Z1#i5EdsAJ
zBvI_`L}_5Lu2XcTCUe2;1h{N3{^B$|$BS!2`Kwd#?aooM@|3J~h#74aiGwM2o&>xG
zoA@tNHq%>}oVdkP-GlN5LnX1_sfIH(AzVMxQDrr3LhJESmNJba6KyFN|1XMy;^Xht
zAz*X#8c=Q6S0(Ozd?s=45|d#AIJ<iyiP&(=sJd{YVDbxXvHzFkO8Zw+w(au^b6q-@
z0MhO?CF65kIn9?Z$Vq7&oL5W4Yf5$E$l6)iXo=e|hS%y7ZSG>VXrOvu+>Eqbi)J9K
z>1w(}Ns}e5Y^5Hfiq=9>lpYjS(?ECeNA(^TQP<4dk3FBA#__V)NKn>H6uW)L@^a|T
zM|zL+S&V{p*<|d{f5_!gwC!oH;Ky^O{$FfKu-(kbZ#I6e6JJretz1^pTtKh=eiZXb
z_>4I_+QF}y9-8{eD*}$e=@M~t7i>HkziEZu1ksH8o(0A)ZKhi^?pJ0x{?9bz`4rM3
zCRox=yI)oqN5B@hI{W%>t810FYcv_53&XYCGUYDqD+Cm?q+BM{UB=8|2jmG^^DwGL
z2~I|qn~iojg>APjU$gU1pyh{smyEezL68=5GoW+NLU4~F?v>b@TR-i^zh#K+xze<T
z1FczoJ6zu>U2+L4Dw%lnPi`)~>YVh&>1#yCuQNr5H<u-s053tS^uiPb5%z^R#O8Ak
zRAz|JpFv$*1;kjapjaeV-y9310Yv}0HAhY@^6>h`Ll~_*I-+z_DQ*i8JCea(T&}Pe
zt3N2a^xLcVqY=#tFGCK8{%CxwI*S@AFh8)o9JH_$b=7i+i$qiizT7&tF1*gt7a=7g
zJftEo3d)_Z_7L!<;4(#Lf>H~5Z?qGee|Db_eE04cjWK=mniu)y;rmqpWTy5fI}_|b
zv6Dm(1>r{M$G4DT)2fN?*vN5NY|-iAWyiahkdK7Yj(qmUVOd$SAS6nF9<{xClUvv?
zX{&*h)uiA&|NXaobIRIU$I$Q>dwL;F!njP~wzO#~A}lUoJ!I8d;!MJS^|EhuCD=5I
zVr(hlczfSa|G?(G>acYRWL9P9-^kZdW}64jxzk)^7`2W9mJ)9Ie<~8mqRF+O(xp2P
zrf)=@-iSjsFygGD@g)wcCMNz2f|>t+C>@CeY?lB9-yEvA;ShS6jN&fd`hdsBanU0z
z$2LfcM*GP#_8PEb@M)%NuML=mQ55reMo)q^8*yuaz#>#O)pK>qWve78Tzd8DZGJsQ
z=fy~NPm+z2IVWy!{<f>4!1p*-aipd0_DwMJ$|aMp2Y0_=@3(aW4f6k6Vv-hkxroi2
z1=Y-_ILno!%9~LYoB=d;imD)yLhS#jzDBLTe=ZwBAv=?2eMk*asow^vCYCbL0c3Ny
z$`(-T)^RAIL;PE+wi7{4r3H3o;7y^eX-bK^K`yniWn`V*goUdly@+Y|L7AYa#kc#>
z1BY2+p+Fl&inNwgE=e5`1I0j9AqUUlJ%8A2cHj9jRz>3YF@!GXir)ErGZhuoOEA8L
z7nYLqYM@A<6Cnky2g|55u_8uC{-D1aTXU<wWg=1mf{dX{WtNN<vgSHcJLE=9+Ha`_
z4Qr9jPeQJMw;NJQ%=hk^C9zcnR0;O+<NMi8jukA-O^;U7D-g{I@!_E-Y7f`#wbsZt
zpS}Bz%Gdk7*@V~6+xi~8ge;gjjqGpmu;H1*KoRwC&L0vze#XR)f4|!B$MX|lc-%oG
zSXtjKY2r}Dto|WFSLc?tnL-w?#xVDwNgpoblOY6>$ccgcVz3v@vIY&h$wEgcTNH_I
zdP?<=D``G_N3?P>xp@P7280Mpgiv-zJ2rv$gKTTtyozdd-8mt=fg;ImNq!few5)*$
zLPtf33~Dci@U7LB4*GOlLH+F))>^xmRw1=-VIa4Qq7=65HeT)Qoj$XX)3=NQA~HRN
z9Z`-|S?CcI%1%FS$3|p<q^2P9EGgwihVq}h&ZKCq8)-BQ7P@HVaorM9Gz2?@9C=ku
z7U&c$`z#1pMixGE`!r;O3xp>cgsGaClA8FpdtA~{5V_;vz&;U9h$E39>Z{>p40L#q
zovD`OJrE3-49*X4K%yXQ=|Z^lI?szDHN!9t9<kT{3B@ce;)qj3#~&i)bUaZmA^`C%
zdHH6PDv{c$;qDTX*td9MB0coQ*l_CDTVJyFzjzC}{lTWT@T@x}h0h)HDPdkP5Y-m{
zvLYmh!XV%aWaWd~ZSWuJ*a{Xp^<YPn;G+Dtp*U0N!PiQ`RP8p{mb|iL!06K4`fo*_
z>}lp2dFKyyW?ydgFA;v#asQ3Ud_VqM7y)uy35RATG?|k8tz-zDxg-0Bf}WM<fH~d}
zTTu~tLTWB-2|#JyMHB(ByMqX1RTNm^WtHT+gWv^|kjS7F^ag@RLxC4Mv;+n18sUij
z`t|ddY2KpfL1MmmxE8EPF;JR;7>ih}WzB^S5KQ~cG>r37tJZ+o7*P>PP^`u@eY$3s
zHrVfB-Xgx?-OVI<ho@G85WLd;AoBiYs+N<W1YYy^xcr+$O2hg6(yQHFOQ&N)IeT7u
z==6h|^nWkm8{B0m%6+tvmKWpoh)z_Inn7r@`H*{Z5=S72tQ-v)-WPfDy5-=^qYk2{
z%#u`bLC2D%hEft26JwResou>H6|2{t5D(2ll|YqKVaaBQ?YfmLFeylaAXG(cyW$m{
zG~eXYn#Gn@Q@Ziye+fLu0Nr4p`DTLBDz9UW@TnIR&APk7s>&{L6<V|d^QS^b=cT_#
z1q)~aVfC}Il)m-1)Tkk~c#bgDq|p#H3?meEF8N8Z5%2%_3m)Fuc2zzu?w|qpA^&N9
z{u?>tR95>p<9MbrkNfh<_AO$f4vwTBFY<NZRo9{TKEl<MzT*TJkSylk{e_Y#NFjtH
zsiPxFDZjlmsbw<6C?+V;j}lSDm4uZR<ew`mqL=qiLEHL3WK2Kfl-@0z78jGaYeR|^
zAIB{ls&eTrAmD1rNbq5_OzgO0ip!DwQiOJ5(eUEGIkSH=bzS@4Ig6_IK?B$7_%9T?
z<cClnAeE#bWuHx}FJG%Z_uTCjtV(ZMHrIY7SrHV!y@+67NrRZlVOU`!J&RGDtdGk(
zo4ps8?AyDWb=H@BB<%18PI-5W>qRJ)GEEbCghh{p!^d>XTc<jn_0Qi-F7c+zi)hO!
zAghj_=|n50>Ylc!+;Z-_&ixF!+}e3+)Ai6DCw;`wgjcR^)@$209%&V;ffw7rKb#7V
z>lV64A0|mEB_NQacDYWOpFeWv_mjVX@Cg70RNoz`<R9ah+y32q&)ZJGUdDNci}2?#
zB1%w;|Ct475kAIB@BYdfS8(t3vIz4%zV=O9=qvFt_O+=tmnl7{RDesPM{d2`_Iuy<
zc}MJ-7U*J;y8q49Yq$OU((~7Rb6Jn@rg|Fk-!{vO`}G|m5rg%Veif`X;pfLVk-@g<
zC*+26$h41w(gC2=_s)Fu2UQ=mzbRQa;Pc=A!_zkg#=$*bH)=L$%*HkvG`4LtY^)|5
z+qP{Rjm;*Fxv`DLcJglf{D1G~VDFusIWy<X+<S-Su20oJL<|_x5E=iBjFJe1=<UaK
z)V)M)z!rhb`1)g)iepW7G<%JlFQw%;R<@|LvOGV(Jba{__RpW=vhwP)XAhPn(lc&O
zYT<54%7miEs;o{1SaYj$@{~#RU=nGXK4yGnfQmH9Y=?;@yO~0@C_xOHL(Pdr6cVIr
zm*8Ro$;ohTJr`^Csb*9!-f3G<Kb>ir)tV6P+C0^oFx^Wq4aPo$2o>F65WcCphvz;X
z(yd0&%e5KiarXK95?y!XWz`By&Rg50OBa^?`zhnbV^N^s)e3UUYS6a+`>z8d1Za+z
ztiiVrO(&QqM~B^%+IR464!KvhgDOZwu84#$&OI~O6e(Ww6n1JoullMlyAp)mOQgAT
zd-=$19d#_5tvOGb^Cv&AI=>)&@DADJ=yuWMA={k>2C{V=UJUDV$?8_OplRBx4{4iP
z&A)Bn5VfFtdl<!~*Z?Fqj;;a*O@>d~oTa<ge=N7WUC$BfOI+?Ug|FUvKOCAFtv1P_
z>_T_DDPQ?LZ@uApzB%P>uH`r&TNwrp7}jbEHAGI(yg&}LQh{#gk^OeSm-X>9+3b`E
zbOdFMkGp1@-C@!OsZ*jYKF>YhuXlz(bt(Y-l*45iB_uRBvex*F>stARFobW!h(q!r
z6yW*08^Q|dxXQygzlZ{U#WJT*jqL;4L8XrKk_I@@3N-k{A;NU!ZFfow^N|M!Ps=b{
zt{A4-z5+&hWvcT#WQ|L8;(e>JF<#W)*UKQ@Z{$oEC57zoPcJ5FFuAPK3`fc!HeO3j
zUx^5~Ik;9~Ja36SO(zvI?<sOBlFh^8&Ix}gUl(v-a6L!*cDr>42a)J|X!Ja$1nIyz
z9(+GNCz#KFSUP}A9z%W{X@)vX<ZVX)6+5{NG33B=p6cWPyAYP)6}fnJM=Yjn^S2w8
z(xuE`R-Fna_o!%!C)6@^5bkSGDVm|i(TF?Ow^pW?lPA@6UbaX#%7V^$XWuK%dNaZ^
zeWZt|1h9omj3d}Z|GIo{aca!RJO!KKrBKi0KOr^)PFp=)uP+Y*z<oZV7b`4!Ey-F%
zPFdg=VKqd^@Gb>PDq8~BNe4TEkkkW+z7zIHn~FwC#dP#z6&-<YKcX5SgbN}+9wLfR
zqFaKxP$*J?qaBLWcYX9@yHtL{{nYJ8wxl(N79qkYW+f3!w0Sn=OcoAl8e~gupAKyK
zYxJKFkYf5&a!gv<fF+XVYW>Pw?HLA)+*D<vSK{iHJ3M&!qMDf5+-@2y)jOHpc-F*6
z6Es8uZK^bfvrS5`l@%BjUka+SE`32go%?Zh1{65s{x$t5J2kWSjhe`mZr#>K2-$DE
zheTAP`ERp+uW}}}n)K=@F^?-wII+5JsDM)M%>_>7Y0%oZ0<bNuqQ-}VPT|{^{F{pl
z?kOf#A)IYkzc5n6@*=(kF+f<Nf9e5A0brL3i~Z_{Ogj6i8@^d!{yd!<)O@)}5E5j)
zch$4W&-=Sj2nGv1GP36n9MtjB&GBQ-y}q5n%XXI;raKDh2K!nSm+DV>m&!l8I^T78
zI^Wv}$Xv=Gpn_JKB}?a3Go-0zAZA+yg|4O)C}h@6^7Hk8fG;QwA0l9R_0NAjdo_K<
z=?2UOvuzwDj3KNFUfdw~qhnh+^YJ|JzcJTby+6f|vYNsCcoiMm)q2=-vh(Ki_aS(O
zDviQgoJSmM?oOb`iZEeY#JE=S{Doy8csCny*ma>xOrQfdU>NuQG{Dq)-}MaP=TJIK
zLw1)ztp%Vi8paOay>eq&!UsoKgNqYrc}a{vV~Z8RQWE1j@Cea>lBcf5asCAFL_R~+
zjxu5bJ6AE#uqW2@;lZYZPqmQ%n}fMYd7&-KxENjTUGLY=^6b8jgiET)X!sw$%^FYq
z>DX7#uTInx)V)szqq)LcwiAahA~JNe5Kx?@-W&_Q|6U4TmI}uOyuHAN#e4_(xV`Lp
z!_lN7R(k*Td|!IEwIJMcFJ_pYI=Z+p6*8fye5x8Wc|V--F6AlCtJ0p*c4qfzN-F^0
zeUTD#_L(?Y#0FN8OROHcSK-VV;M=Lt{xZ(^u=wqlJ}c1>$9o#k^K|e>BNRK>P6N=g
zCp4Vt(Ku4uBQjHEmgVQ~xbh@1%Hbhrtszj)ch^lWT>-zBKYMNvX`kX!f^S$6#!_qb
zv{d4IKN#pFlZ{0p^Azp~W{UoBMEnafs-1(y<Uq!D!oCpx*_7s3Gt&@6?;kw8!)D2u
z`WwNM|5Y>+j~@@}`){<h`<j<ZA4JW2yOc>C^gXi!+OFqbl<kY4cZ$ccX1=rTftN!O
z{p&Q01)V#Z0c;ybxA#*)46jOgOQQ+)*GV47obANJNjS5I)!S+u4KMl$*!=S~dn3Of
z#!3QvB47_}g-Z2w<!jvNN(K8yhu&on9$&f5O|JSiGPZfw+q+J-myf~JX&1=je%V+5
zwR3mZ=klS~WxT-qkc^*5vvRlwb|g~ZP6yDoaCr+97%|a*{Q27XH@FhJPBT~pZSw`z
z4qcjI`+YfMq4yga8`qq8v0hf3$3N-LVbrB9B-6EhF<e<t@;Hd%Op|ZeL4DxAl}m6t
za9XG{-xBWY5jaV_HfL(1gW;&M-r~SR^1c2DPaYwO7(n`|O50+&HF)F<%ACY?Vc>w(
zXdSY_5pYbo#W5~Cn6Ojcyd^o*fFKN8ZY902x@P!9s;)4L7_N&Ay@o5PZq)%ng!jrQ
z6x|!M*TQH<;q_VK;gV&8<`9ruuCBs0^SldV(^pt~o#mhX;m_ys4UmOUKFiaR@5(1~
zNd%<A@kz?r<*#4C@$+(BK=c}VT+{76M%0{_w?+G%F80^%_wdx+u$ZOjDqrTO`g82!
zC}Ki7Cb)16Gp4-PCnhC_4TZ4N<-p^Cqs8u+oHa*Qv#fVh#?})wv@bEloNX%y>?oGw
zgDJ9w?ARAQP0_V9T5g|0^Hjz_Q%z}M?F-6tbN*Plg#n@BD8X~L4+*Au<(38884L0m
zM=sqA-iSHlZn_=x>-JhheD5oR;ABc4Q0wnXPcXoQBAY7z+}<U48_*o@e)I*OMoFkA
z=lq?o#%6sCQ=>Bq2H_wtnC%y#RpQt3hdmX_jKurs>V*<=X;>83Ahu5o+UCpkamK|2
z45B$W@TV%7EU><PnI^<ys(CNV+w<)RgS&3xctQ=}Q-u+jqN91_Ul5723!kr$cNFvm
z=YBPlu<E+j;<Pt)j>G^v;y@Gp83>GRvA=^qdcGePWhH%OyqQZ<i4(r)xtmxBBZs%e
zR}3FHdu2QE2?~a)L7Q|cC}I^v6bV<^kL9~Hyoylo8*NU1X|E$&`5U2zFw^#xVbJ95
zFOcC02a2~t*5pkcp;Wqw%Dk5szbdsmgE@3<`Af3gKB^@pNyuS%P+XpC$QQBf+aA!J
z*3{DOLMT&5t#W%uw<QzEF22L7WqH^_ZiMFTkotchVH=>SAFghRec5K6x+EtJorzpN
z)2RQu&jI-DOV!Wag3NZ@S?4eG!zqMCS7Gh8Z7ZQ}gnYVLt6tAO*JB9^_Ggd4{awt_
zvhs3rfd3Z-K0453&?KXkp|nXPQTM7aiRy2BeFSA{=ou!(wbq>FCW2X_MQL8(ZzF0F
zxqfD9f9w)w54a^vU@@}~7k9ECG=Cq{GIqh=QVE>L2IIB^Apk<odt$o>3<cXq8!DGG
z1)SaxN3Hma%{d$E?sPGHFU)lE+QSwlIpSU-P+G@imJPb{Xzb}OlfduZa+yB*jVXM5
zL6;g^^w5Ao<G5E|HG=0dYhZD;6Hl%1N8FE;TGZsiG@^&->htmXj)bj62Pm>>0nWUl
z<^xlI7lB0=x`SJV>W!+qCOBDiPSw3jPn**g^N@^f*C^c1XwAUzvUTR+dNnQat;3Oq
zPQBWAe+-vgnWm4r+_kW-)X%e&)5H))fD?$dq1_oX=<I}?UE?_x#EhnTBzU-kSvTu^
zQds99;B?A!3I8o~N<wOZ4Gw!o6u}5CT#j{^fh*&sPeqYEN=biY>Sgucf+8@%4_DBN
zmZJFl;pKiGG`nc3DcF954F!7PQeDJV%Y04PD;v!DKF2!A;`WCPi$SkniY^&6wJ0e@
zD~1wm?qrNPHJ}JewS9b-&-o3N(B9%^jc~dIR%a;TS?|V0;V4RdUAr<gNkl|OE65#m
zRh>>ng87Am%#ZS60)<J1i3&wDdE&sUq8`(a7BFGt#^QjX@v}Dh|7&CJ<a-QvNLJ2t
zBCXZcmh5@}glXsro3@4WFlt#jvja=qp1%^hU62&Z<xI>Tfi#;8Vb~kl+2m8dYaNQl
ziB(}(VxayOw1U2v|JF#Kle%4UtnKz)f=Z~gm#fd*u;v32n#hIyT1%b+El6I@gEc#+
zq}Yf<m<DV+iD$U+5oqW*jCl^F)Xvnt%mnHQoj`e2-`~Y?41YtZ*8hPUV}SaPT4q=5
zc4SbY_I>Q)4gT=$<aQI=j%AcHx%qf>mG;uz2p#Y313Eb!Z7RD57Q2%ZJ^!O|IT~E~
zAH33<GM2hf)6Gb}D&fR=3Yd=1)Pdn}a4|KR+-WkVs@J1Y)|JaZc)<~@TEwL8UIAzl
zTX@{<N1H$t)xwoh3sx2H3U{pwc-+8wK#`zt{60lFb0?e_PCgoqfAG<+8AET58{~k+
z_4FkMz@TtS9N~Y<Zo?j!0w`#1i0+>>C+NDtfh`*f^o(}B7GH&G9}jXQ*Mh%VqPNnh
zf!Hh?B$SYr@&XxC&M%PQ5AO!aq^`||Qn7I|UOvIis;et*Ns%XJO;-AXC>MSjDzht`
z%Q!sKSyyt$vJ-f?-&0!#X^){!I+3YKo+BQJ=7lUnt;Era0zwbkq)fS=*;LIFkQVxc
z5Dc>Q@xm}iBzTYpioccqaR=iT8k;PMd3u=h>fsBt*TK;LJc1*cx_m0q+d&5&>=mgV
zXe{6x-fGhN_tjjVn|4lDq7l6eg#%CyOFzl3WUn=xEW`CIr>Nialg>DWE-2&{*ZE6N
zhG`Kag(4!sp~3eg__yZePh}UBvI*a}<^HDIm)vcOGcdQ&iJzZ0Cz<Y460a)Y=V?1{
zb<FqQF2pTW#SD6+16Wd_$fn!m2TpsPbP50U1kFlft&d#EX9;8k3QC#vf!moyfNoz<
z8(xhy)8#l5as8TWyS`W;1kz{NIi{$YBag~$Kd%$u^a);6B_s_^DNY+3$rM0!wxP|1
zB}~zvn_fEqra@e7c3Wb)XS?AMTIC>ro2D;#*nA;^H0*PpFkRq32mDI_)v@B@b1krX
zcb9gPvjeF2?YOm22JmYM@Gi8Rg>W_r7Q;Yp#LG<7v05Za`JVQV#DOAbB!w0_3?>c8
z)1qH~rGNDQT~?}z7TA-+M&R?uv*93b2Q#oSig-=(qgpr0G9>!{Huzf*s{sCx-{424
zVd0M_NU}hK&@o362izUURyMt3MzHJjGBM}ldgRYi1o<+nMU`g>PBG&ql}6rCN~`jQ
z$*X0Aes7S^_X-it=tJ+D(i8aKKaLJ#{v+A(@gYTC9ksZ8{2jqhz(^_aDryYK<|iuD
zt%?-+0cq7^F@y3B;V%7OIsvCK7XAUHTdCZiX21S<#wbc5AIyJ7p-=W(1my3fqMNgp
zQQ*f0Im5IF<6p-9-w)MM^i!@1AwsSKq<@onH<)VR^O9Hj3iehO?#7G9h+!g)U~pgS
zX!MYs@_WFC2R0;||HW-^rj9_R{#1|dFOJ-_%eL10kRn>OwJY6Aj+}ioeS=tUT12wn
zgKb9PwvmW~DIy%SARAuWUHTy8;HQ5^vk7PynEAI%x=^64=O-CD=#A`C#pB+3zVyj%
z?k??a47N-ahR69IVN{#LHsjdMN!8zs3NLdGid&j!zMkyJg-gAe=%K;A{BX%mjUw0j
zn^Ns{eu~lV1m^n(NeKnOKBDYXLaS^eE|+i+eoKT@5Y+3<Pt5J3IgM9QwN(mmQRKoO
zIxwY3&363#TC4rPQeZZW5)DcmvGMEno>e_ZZE0>U(ps^ifsMxOeplzc3YqKM`pVO^
z*R`dq6u}hNbfw!OcG^Cl%6354y`e&newF-n6Sl|0YBA!P(0jscoB#E(E~NFR>Azb|
z-tm+B5~G5_OhTEO;mai@R0QP_@v}bHjiic(8od>d*0l?4OZjqC*%$;%UCzy4+5V<Z
z;viJPO4<GSh5ctUb%f&I2GX*zYEwE>KgQAp_@<cxyS`e@nvk<j?K@X9+jFs#q^10M
zr;pc2pR^vSBO%y^>s85uptItw#zQgCNwlY?4PA+0{$HfvT$aaPAhY6Ay1#BykUeT;
z%)QvwYzGmpQ7L{_0oYq~?gq%kA6>qk-%GFE@vhcsTxzC#R)yZS(#%Bjv@AEakluu=
z4_*ftXn$xXQheF>B~{#%a<%H*jkN5IYzb4fBxc+sGUIH3xyZm8i0%-FxXmuK6jYMV
zs98$VD8%;*&F=n1gtpPJg8UDLxoj36#yAI16^~OffI?}rKwz7j#Rx`yN2|PIXb0`=
zMHl7p#$>E)^rtR;lBaak5TA6K);gh?jA;f-&I+xIQ!XT`5@?}B^|MZWd7&gIq8$3i
z6V))tiBhzeSH$6ra=Ann{Hgu@2HM^gJZSxFlDIxkpod;92`I<cyL7Fj^a<wc9zb0c
z`K_{!wZ^vU|2q|GznyH2<89z8YFi+iGIq+vfCZAa1BCXqtx(lwK!UM8kr-23&J5*t
zO1wBD0YpwZ=~AXj<z&w+r>8-B;fSASqUnT~KQ*)}52a<=f~`}4v6uLc75XCr^D{Xt
zn)ow?%8V+b)u%MU>#|SZ)>*m4U2<EUfDpK1%&d9)AXc<YCD6MvA{*~C;pP&p>Hjd|
z=|~RY-Lre!#hS8_hm7Rm24fgbsjy}}sF_3BX0@Qj+uuleDh_{rsko(4Ea4OTr|eA;
zxp<C+^iZQBsPnYLi=Zl!_kw8yd)e5CyXVft`Iqm_hQR5<nvHepRvUlO?}eA03HV(N
z47<%$=?+%V)y&(=+TRnDepUcBHmWX?P<14F-u$=qoA+Y{Nu?P|M8=;>`XAeuhJ^;b
zH~dKPSn{&U{{teszT(tDnlBLdO?2KZ8q-@MTD^Z7_UTrHoiW*>nQ1ob%PAbt{9$O&
zzuiFd&Q(3GGY-7vQ&xPp(!0LhkHwxTo+@;i-0DmGZV?o=$OU<a$^JfrU&miDOl^L>
zwa*v6f}H9I43$z*2<zp@5Ls{K-<(hv6HdogmhXk-fb}$Y=(*-|R}5c7Ronu^M+-v1
z6g?i^KyReyd?xqjxeoVP$v$7<vG@mS;IjM}n?z9h`XJ8+zEI>rB;+ijM@lxZW*{V_
zJ@U{ZS2_LTN+$(jwXerAM%UMOCekHYSX-ZVVNr_>cvviQ7|dwm$g_LL=HgbtoC~gL
z!ak1`_MlRhr3Gd>5){a~>FgmrNAfVCo7Fu)quWW%gw)k->#$Hs!P<hSfkU!xYuuSY
z1N?t$0oS3_%XUIm#%6RFSLRIW>NYnYPH7;6e%`1<4h6qr%R@;G=X$g9m3QP|eY{~y
zoKC^H*iHM{;g6ZPG&=MF?zGC5vAJujVSFLh5qd)}b~^!t9^l>7p8GHxjHuuU-H&uz
zo``ljAmr=J*KoXqo%W9v7=^9{xHjx5a`!h?6<rN`*sa{<$733&WJ#PQB9Mx)?(YHW
zshEh^8>$_?8^C`x?sXb7q9LY~!?gPnehBmVtEpU}l7Xm=Nz&#cAz$ghr&M?&jT??0
z8w56(qPSGRZaln@^5?J<xo0f4Of3q@p*K}Wvs_$jgyZ~RafOSV2s+Ms(~D6XFYa9*
zn~|R+1o51z2H`u~4QIvMWzS%KG+ixWa3-}Y?}ku1)wTH#wrl-4Cs5H!O0v>DY<f?B
zh_z=wKIeG*l~<B<KOl<Yd@w!VOvc|8CiBY+MwX3lz`&fmGY@1g+eZE>m8_Odn$!}=
zjywK4)3h5|?hBdWf^6)`kQL$Kl-B^628T3bSpr6WU)-HweYpfk2PoQ*`~6$cW<ml*
z^NGrCl9U)z1&XI*-ATfDroUWk@3tE?<R=7`_;bec?-oTMrpeE5i)Yu5QQx$}!&}(I
z*dU*@b`kk<cI#)?y%1`3Gp1%lP0_XWL<iA#le0oDBJP~b{!6a?ml4johCCcQcaHf+
z#SV?)q>wrN#cI1LnV;f_r6E?X(+AtwQx*`e;L{ELebV-RGFA-Jq;B@Y(STfja=5z!
z+i472OXM!g%4Pt?zDx=(E%`zqT)`{^8RdM1Lmdd0W*T_-GfS0Bjh)nnreG^7Np)3t
zXUuWEe)M>M%LQHy;XbmgbOx?9>@Z#o_)=#W4*K%%!ymZF(Z<5EcZ&xwy;KYWnX7<Z
z8<__|)wYUl-(<pEzGJUvYbe#ejhJm=Oa5@pUX6D+iJ17mG`~XtQNAk3jWY0(>z}mV
z>Ct@h>6_LTGnozf7sjm{+G#3PZ}Jd0xaKDF?DOeD^3~~b&LU-7_r}(o56K##LIsyS
zH&ibUDf`)9<wpFlLFpU#Q!lsV4&C{|tx~-&L*4$RH3m9@4s2m!$8SZ*s}7nr$GJ6Z
z5#_q__@p77${qR3G#>l$$`@TJATM;?r!$qYB&;Vu7yv#r7clLu@DEn$Lt+?|xoplf
z+ZHBJO>M5;mp|8WSA~U9ugT6Pa-)fmY-%us6P>YlLYmC3KH>3*5FWF<BJ9kFo<ol1
zgq7OecAkd&SRg&`Q}94~*KzD(KVycMZc?=Ahg#HS#s1_jcnl#RSwVO`wQBgPHU~!3
zCCpTe$M0|$jxgaJpR*d&TK!WoimEw&V7645H~p=$Oe%kZ(@!wfcQc4LXR9F!Cx4X+
z^6Pj?>s8bqI<E16EK2*umA8+Pg^iCF$SWf2%5<CsS}YtEflLH_`}n-eWe+mVXI2KF
zXE-5*7K@neGQ#lzC;vw{p-!{>Fl~nmofz=NSj8oVKYT+5$axpbQZZPM&IKBdyY9H5
zV$5XJFMnmh@bj`qbNI)QXZh_@wIkd>ho@#0|NBz^)_`&4g1@q=(%V;r%XP`@#Y}!5
zNC|CZclvQE0sEhq+3#HfReAP3{DP}XO`@qrnu{;<X=p3l+0?3~Xy|gOn2(NH=)ES^
zk7zm0mAoePZFC_Y&Z2pn&lol%bCHepES5d3_x>joB<Cq(#^hTc{k-uYYt=Uu6zG2d
z=!`}{*Oca>cqzb3h6V`e8$w&z!!%%cSd}Atc}%wD{lheM6oy}9F_*7M^CwS|KkJkJ
zkM)_?c6`B27jIUZ`&SWx$*VB8If-n5DalC3rNmlcqj>4XVz_VY;rh~qaB@n#xtH*<
z5s!%|puzEJfzm|E@Ei49cbAddSs-%(azWlKDdISHv?idy-o8q%-o}JbrJb;)dbskK
zdceCfNC`0%4%su!JbKdozgqK>U7|+NJPJ&Sny)|9YAg_6<9<BPVZBnx?E2s{g5S3s
zc4!=g8eKqb1Wp3nL)l2HXX+iNco#?~Cn+&qjc|P<+~E!>d9)R9pG(qn0(+;?A!(+g
zBZkZ_mtD5lf&DA(4DqV$yQ@Nq8=?khEdEbYhvA>=n+j;^X8fk8TJM;^08eI~Ds1!k
zSgP6>H~R~mB|?Rf($4yhEF=O+@>2t*RADTbY`XBV)p#J1N(BeeULk!F1w@IV1Nrk~
zMFL4!a)cgCL&~Jp(ADSs64lZEnH9!P^YO|s^hf$`a*1T6NBSbTfiB#{B(3@M5wVOt
zra%|jXWQ`#L7t@h=0{&!SZEKCL+iBg=Glt8{kRc%Q`MlwiV>;Z;mk5J>gz$7hf<kz
zxXM9-w&%y7$I<C9c#x{QY|*laGa+%~858-}PTyvr2b;L!y+rv(CZxdJtFR4J*;H}w
zUYcEb{+jpIsM??AN5uZ5>@M%IyH6!ioHTOwI}Q!{&u)$;<E7Eqg2g<x+V?o%XJgzC
zQ2#(o>wFu^FhUhPCRC*t(o~aJWX4rfB3Lts6jMsY-CzNQfu{Y(9LXFk(4|a!8mH2K
zIztA1i-_XYmikY;>?gSjqHNuVqs?x^2Kv;yy*uil*Wy9ccCLh;dIyE8A;*8SgIEGF
z3Jt0lQC7<z6VkrhBZqyOBu3z}#cyEK54j2Qj0Q7z@~_>#8*C9{X(@kq4!M>B&v(+u
z#n{Ib>;48ooAbseuTjC36Kyq9LDpln6xIxcElYWmb>AD<m2Y>HEzr{926PLq5eN`>
zJq~o$hI|0SvSgKe?9HPOJIfagv^bfa(~W45-G@9(Er2729KD-O?`9a6H(`wvvduHU
zsvOi?VVXF`El#0(fi+592^7$WRbC;awM$sk3PS{%AaeqWGpj1_lN>m({)P@r?fIwG
zs4d5nl0SJHv8xX{H+;aGn4Ol*mLXY=IiEL%;qi*Yj_rbwTg_MCgE+S`6QA^7UDtzq
zsygJ(umB78H2vB2*+ucW{hhpPPppl}9l1Q8JN$-VqV?ML{yg^yS%7N21C>Fy0b5|q
z0hR?MSHUL_{NF6VI8^uVVY8#w&E;Qu3zB;%9|nI}uLJ-hLXw%P?CybsRu<w9{94jv
z!3FI&ho#*GAh!=oYx2wn+;6+zye91yYcMf4PnS%iC4x+?mBA;;jTz;re}uLEr(%fv
z@1R+&i;k~x>@=P8(YMkFNjF4povz8hzCV8*D7&7zVwSIW6bw>*-8xY1xGDX1Za!ek
zi3=5PmEB{#A~HCaLs|)B@t~5p=G4pVPaiDvzR=)2I^&1n>+j?=ha#Yv*2~;&D;cWn
zSS<94A?_<H3K%jgeO`;|*Z-zV8}h+VL6ZaS)D`?9*%tPNvvu#OxsZ$jd|>pA766^%
z_Rd;lAB15>FWP=NU6NTOy35k<Y}0pi#2mL57hW-c=sF|*AGv}-{V+(;wMSuj{zk&G
zz}kU-r@j;{<fCQ-wEQYvl$?QFsf(O;O4)k!h+0wx+qH%MF#C2Uj)n&YBzB!Z2^vwH
z)1`zNKq~xmgmti#(6J^y@cio^;IjZYmL4V1B(Q2hdYQA=$jYxJ`o8cXG4Zq}cl%Nn
zHe`iv(ZnAt?iiBsQ!qjeAy7Xak{$jo1#i-%w0*~;zqyLe!%J*)hhv=F<0=F8WD?Jv
z%<lpLj7`6!T=3b7nA{N*j8zS)zYK6mr<GqDROcll$(zyDGUswWi#l{l(Ed;+1?l!X
zS4v>nhpgHYe^gUO==<{#jGq7VO{I3iT5GGa&SO(i5^a9>LQGP`=}Yp*GAfjL1z`_6
zRo)<gmoa02tP9#kEkv432FHG$5(UZh1T~qQaBgGq-8xa+;zebdD}zgY59|@jtXwX$
z7s+x&p7I<qIm=4GMMS?du-AIU%D5u3--07}r7fgwV@-0!Nne~QUTJ!?cT)FiZ?Nob
zXOfJD0TT^%*zqqOKMAWkLG>0MnGX&eS^l!v2m!6hdp>g;H}S;(aL5kSFXVLMFVEk<
zh~RK13vu!EapgjU@^1@s?Aigv;Xj+yz!(Vr7<A8cJotHKaz`TFH}YAv4lS!vl!6Yz
zI$Xpa*SKj=C*`oID4yERojZ&jn9qFNA9vatS?vV=6wzAdAG3<oLC*NLI(^0_Ih7Tv
zm_l9&Rfhj64ouNP@DXz9Q!fFbeHQZt1~O!R12Oj2A|OjrV<Y;LnA~w!Y05=JXf{&3
z6?iUwK*E+sTRhd0FVt5mBwWHr#(phfZ%>gfa0bJafzsp80ETInue|zQgx2{}1B=Dr
zT1~9`nL@w5t`Vt(2)TsEmyR`Ua7-*X>R-kMoCScQLz<t}%HJPGsg?H=F*ST<5LwLh
zguK^T9Ls6TanxUx<Vi>nZMp9fJdY*|_1+Lz)?m#2gK2JbY^%zs1v2?UXZ&>1+uq;!
zFRiUYl79Uxj+?09mtwa2eSvu(ym`774qDSwM+yRKnPAZpO*YjuTn?Y=kDK|fy4q}d
zr8^EW>sm`yyB)Xo^O-hjSQhNX9mkGBnwPD`anz5qMPKUu(UH8V&kPhoujKx}X~eZ)
z?@A)|6x5Oa0^wCKw&*8SK36*V=eIhKr$Bw;?(Z;sz}D>VeGR3+Tw#psJ))Yn=&_7y
z%H|t<+MJezaBM={ucw|vja-Da`%$WVPWq3f#Vn}fX9yc&XNA|YFm{I${wm`39XLU)
zR7#m%q?d9PrEegnal%Ft8sO=GWR-X1b|v~S1J44RJ0lhO0Ph^~%ZTW!w5X;CPCVBw
zDVeKMVdHM?#~)6rjp$PPt^`X-DPTMU2rH+y0+iJxC_|ckQXZnCen}u%QBAqsmRy!h
z;B~DjkXzXtXJ5sMR4HD<zZ_k|Rs4a?3g~S<CMaZ3N^-)WJB~d<0twTkFrxA>5UeJf
z_WgO<Dkz<n8C`jWXIW9v(@P?)to)tBf~=;-(=r!3|9V{ax18OJVhmlr1xxGeC&$+v
zb@r*>ydn5fx{yzQKYfNL!YGn;uPKi{8x@e%To9eh0TN+Y;NwD~VwHKGG>7&u$-&VD
zl~)#BTN4#<-jkzu@~Se4RFS!1>|*Em2^f5C1Sk2$GX@I(lA^+^OP=A$Z}4R!@!Ke;
z{ov#ms(D>}HNavZ`IK29nd1{>fyEckA3@7D*HlJ(MU{;UmkGS{h`w7EAOB@_-j=3$
z{rl>Q=wo0b`l07@2@+$7upkQ9d!nb5D$@M~=EHxsWp77{9ctPek9Wedv1q8>f`_ht
zt+e8nR8&Q-2Dv^rtE4*2Fdrvyo<0}&r(MO3=X#S493k{Z5v<T~|4o{1y2KltA+#ud
z3Ip{%k;U$a-V4}%3N~A1H#$%Jv1f;5nzW+O5NQtU;`d?;5(!-5*=?X|nUgto$}4tN
zq{fd61;<y&Dwz&w`I<N;T8d;ZkOn&#-0PPd7$sv2eEdh7O{XNceIiBEG9)NVjI`N4
zJtrn~Wb>^F>!SNFR!^kW1@$~Z0MaeKNXL?7G%AqP>A4NQI#L*E2!VzVywCDW077MK
z3&FFTWAzx|*U!4-?XdxKCOg-wA`IGOLAALQuPAd8lveZY;i&^`$Uc<jqSliN8FR6z
zDN(z9Lt7oXkpHS`SH&<}{Ekj-aO+w}ORZA4FI~Ki$xUE6jG)&TA&MGnDBBtCC<!~p
zCOuraP|v;L#36z?_n?vv-2eJgSGsSzj{Z;z{*&q#fPt7(8g-t`pS^BkmaJEg+5B@V
zJ>7tnre@=fJOJd&aQ#u&;hMO3^q}`w@a|9gR_dKJxm4#qIqJPiy_AK-i>Rb-H=QyN
zK{)G%gRsSueurFgqneK8Hk;wCpJ`Ap+)0QI8jJHMk5qs_(Ft-Xl?vu2yH3mgWXEOy
zByX@(ol53}zn!5jHdkH*tmFf_!<O5S3KO_Fn4&@#ZrmWfgt1EB7bbPWn|5peIM|Or
z%mRpnCzvJhowA53a$YqC@e6@|%$Vt`ar<a;a}qEVU%7lQRJ7X8$R-l+pg3|^w+UBD
z<n~_B2)z<xr4?11pLW}mxGZ775&EM|%&J>_tAq=2O(oAECKN&!qP26nD*NMnehWq(
z+}#@9bWOy`R|nT+Cg&9d*gk(cN)>;P{Nq2B#DrH--!KsN$i5o<Eh}HPL4!8@wd#ke
z?BH5d%+@?^Dq7~pWW|tYo9wJKc(F5ItWD`(NLv#oC{j5)MbU!b!QD@{*p3lL?DaPS
zisv=aO)yIdeeuUM67X=Rk7h-Lqq98h__Kp?Ku@FZsdB|6oNDK{2R#;rI<LSl%asV|
zmh@cF>VRqw21*rR_6Ax&qZcQ;5u&d-x-UN$*CKZ4YqIvLDibLvHUDcZ^e@B{k7PTq
zPRz&iISO0ZQ)L?LQ^pv~ib0EAAtYzOFNp9}&vU{$r-<XJNrLmK_uKH^^9?~<k9wT8
ztK||~eRDT%++=!oB*3_7RJ1Di#%)$OR^OhoWxXXrGmM$MvNG?wTtP9j-qF||$Lo9S
zQufTC3Z+*?=c0L2viSQ5z9^%d=ke#viFt!3nsn0S?cF7el5q~2x4Z+k&k<(fuE7mM
zsPR9&XAT!k|LQfPcxot(v7v^9B_&={>)gyrd3`S?A!=M6)JLE&X?PGeLER>}*<~}x
zucFE<sh6~Lo?MCV0f7Jo@1Q`d0!?DKa(^$O5(F+7HB2iq#RuatOqp;K(uR#Ze#GH-
zy`n4a+U}OQZDGfG=bg-=CzXejyJ0K{gGr$?T1|Dd)=c8LM(B=mrW<7MF4wPfB7A0(
z;u|gUr*wz^>ucB*!luil6rVJZR+f`hT87eQ3@)Pb#eCnMMI9;;G;O1){Yl)D!;KyN
zeRuWeWGQ=je(=w7=bw=P2wK5AETPc##!rnDVpEHO;Z%bu38g4Wm4(-*Ifa}a!$V{t
zP-ijv)LaM4c2i*(rKp5IW+Rs^HY7ZcM*-cOvaD7?(Nxr9-z;YqLa1-PlzH;)egQMd
z;`4$vkH0~c{AKeK2v!N>iURl~Ow;$L?U$t`U!R#6RfV*~MbbLrx1nU$T$H{O8XnqX
zkSVWz-H7ZLRFQjZtnt1;->Dc%A4Gl^S|x+0lPGMF$in91aAXO4&Zm4r)Q_fYx@l}b
z36E;wApomhE0=fH90zS<>=;^k@kwCw3Q^G_t;LH&mDUmAIMN&ZCo+IXA||#n3oPiT
z&0A3cdTD^-WO;Jhr&4-3gs@~ZKmLB!&?{u({72AEzl<nO>|a(IR6+{h`YU<NfUL<L
z8p4I-LsYZXsIOt-l|7F7oJwZn;)xY+pLdWcunH`efGI`fCt&GUj=g@fG1`>TP74H!
znWQZMsffJArN}!@X90>32BkE0gxk$l2coFsng3=f{rLs?FvaaQS)n?gs`KwVNg|`g
z9WGU;pRu92l0S~QJCd_tt5omsN|aOUXW7Jv63UJI{!?-X@F@K?ZJ@f7XBybJq(PLT
zn>&sTi5R~Hfzpb%xQ3~f{dB0ZuuE>6r40;V3jW}hInl%t_a!QvV(d}*v*BeOYd}^u
z5+J-d+>KYXCQvYtfA0Pr@e`O?17}ZNkXE0Mw|rXMel1qrCV?MRGJ0^$@P&<8D(eEh
zo&BZ5bfGm);1e#c@R&8sN;T_=z}c_;)+<Ko)G>DK)d0`!aXguVZ^9_*95<M};A+h3
zvrtHnuVl#%%1UF<i4qqLQmt+cX&;G0PNTR7oJws4JAj}{?Nf9gJZN?0)N(*Ujr8}Z
zC<loUo#oj(uCSo<(h$XE@ZNcVVfK^0SHj{OK>+0$m<B&Zjvlq{dQo`bHDdn)Gr2W_
zcR$dYIyWuqSO^M-_`P;Dna3Y7Q@Mgw*3wSSvhG!}@f>fHC&RmH21LmmZ`>n<8Xn4m
z+wC$84%x%~S?RF9#?{N|_~QM`DoS2G-x3d1B;T%&32oy_c?tKI#7$y#NV5waxO|!c
z7~-JFX0GR8I`V;Q#ZZzma|ZI-wHnfPZHcCLYc|3nVQ?-<di9=SZUxeYO@-%n(S)NR
zwOSvdZ#?{v^2oL$36oZOea?x~c{O)4z&mqNRuWm{Y!qE@a11-wj2SZfctV3|K1f!3
zCk3Wr8^wN3t=AY2r6XG0)o*M|DvT^ib4|JZf2BI`%xW|EY_<u5x6zR!{3$0n2d@>a
z+n{nE8@ax#v28y~JUFKNftfQ*a0Zf7Y#>z_WDHmuyS5dugwtjWy%9H3(e8n8d3r2;
zpd3Q-7HDy3+<;Z3R7U#(ry@gIsntflz!z|0L*(Gcccsx3*Pp)euCL4#C5)yf3C8Bc
z!Z8Ba8WXC^Dl1u0P05BG<;&f*zY2JMECXN4G;C~cURbo1fP%qRctP92-2Vy2AtYfz
zFmxlC5U|Z&Ol8=FgsgBNo5+WX3Mm`cHc?sGKpXh2Knt%vioOrs7GH&a6;hA$Dt_0c
z&3Pu1U&*cwn}rJlc$O1(7O3ixq0&x#n_()~Do|0wC}E(kYDh+FHWDa1cw;Mu<SC9X
z75O`vIXo95W^IXN=iV2)T{!^llpsCR_*rhx$c5A%_XC)cIFu80jc2CVJLHPw^o@x%
zbUu$h$kmH)B>Zddg8f|rJ5LzCUY`E__qnSozY`OfcS?|>!X}9firqD+y!J2^{MjRc
zEEc|skY{isB#?>axjczys}Cb>Qh5!@$p~JNz$pXQcz=#I&^PYvE&64Gpq<cZ#<=Y+
zxchv;Gi0Q2vlKBJmoHHLO*O2iTG1O+zE{uZqCoOXGxB)>lXNMf?SR1Yax$0gv?34X
zq6nAoRA4#~p5AVgzr7@oiu}Q3-z*|m(s_8vQRlk3H2t?7SH<#QYbSGb5a*BK`8Y3u
zdESdKF+7*$St|_io-TwTY}pQVfVc5})!!pmwqF4Z(c<<p6T+q6Lwi2%%JU}tG!;Jb
zG+rRP{9|c(_Nru2J2Zred+JWUz$-L|-c5&hiEbbW{=mcVKSI;Os2`zKOjT0rp;4hJ
zASwTT$}>$}#chiynivjvvO8sU#$n8jpsia$T9M>$HQ(PRB9jk*vL9t4u4Hgvz>k^z
zGbmN<)Aq7s9tH56G1HO1$0YI-wS0*p{U^YI+jl)2-Z`t`2p3fHOkN;ooz-gfKQ`SY
z;cNpV#h*e_YH(OUVr#%|iI=%KlL8CUo8e4*lJZE`T#WLjxSOMtBux0z-;!M~(2eh}
zUZNV><WyuQUQ`szx00O?0QUR$F;UVG@y@>3+^(>ba0D3&6wo}S!#*aZ;aAljeC%dx
zCa2~NUy#%0lu{dsJ^zJHlxxjq?f^|F#bMXYtFgKcPF6QdJWep!_Z`T?Y6HAe!IP(m
zJ`DKHC*C57kTi#F7i%{<H`(St@@V<=I7~n1N-X@ta<Fp^q8BM*HiE0nX!DyiMz@`m
zG<i!O7xcONSLo@vaOci9w(TCKK(~PVZC}dT%Wr>tZflfKMR2*mWB8zb@J!R?&m(cv
zhh6oKwCx)hlL*`fJhIwHn9n|sHQ?_GNh|FjWx64n#A+6-$Zdnk{ojC?>wYgg($*yH
z`V3t-=|R<2UVWm9jrtM8jPWa^x@lk*xI^X9r2KyDLsomq6&oG*)9-)|jlAF2L1Qez
z^Kx=_-5UyQM?N(0i<v7N_T&p#BuA|eorMbRZ1JlBlH0*%a!eyz9qbpw3_h#_xCj!-
zgwe_%T@CNZ6D|!B;cg#V8Mc&f9(DjIunzTQVJDjib)&7R<Hvu)9{6s*I$6VVCA}|k
zjWaluFUN?aDM&tBYt;S`0{=Qy^9_BtgM2=xwYTbA1!=EctS&)+GmyCT&BAaTPgY2x
z^`-${2~*8c_io|P)&3!|VBVZb{(j&*?+pyi;UvK)TwqIp*2GVBIg~VSQ64GGlv15Y
z%iAVSdO>XplHk@H`pOdvSkc~bY%bu7sWaMmAx%q4iPd($6RP+jh7-$wZ`t9sQt%e7
zH@v($fo1vr{EV@mBMUw`0X`z~eZr!~SfY-CRkxp`Tkubj#3fkP*VZruAvo&35Z0M>
zINdzoH9&5~dyhJ8wyE;F#Ynj!M<z?d83>NA35fDA2Emjh<}BgsMpVnJOZ=*O4<0f@
z{;Y&09hcFa`LddT+S;(BhjMF74nTRN53^=U(0awG-Iw!1%U-=eJYDc6^qCK%th4%C
zyMpH(cgVvG1Sd0U2CO$EUXs{NW}=ivICF}x%ATht1$?FFa?xnW;Iv3yAX!qxO+l2O
zzv^H}25q)D>RqDx(>Ne~8>a31;Ir)6#^}c6<gyldhS}wJh88C6xnK%T@?ZsDwGMoF
zzmy_GU95<yJBl}dIQj2j%>7lkl4*zD#v&LN6KGi~y2G|Bve`9nsCB<A3J)X?GYP7%
z{0g4e2&Lhl`$n|Dtpc!`oGqUzO9h^98@tIRFpE`<U@jy@)6c4;#T(}>Bqu#=-PAQ7
zEc$cFGb))67UpKx+{nOt&E6hE9~miK^56=o9_5!jJ%3}BCP|60u^cSgE|QS6@kCNn
zlThTC76raS+N|&!w?R>X*07gOJ)(u9chd)HCiE;r_P+gX+Q4tyQG_Eo>D|Ivf+d0n
zI;Nxz4yq@WA#h_r)&((sDDU||8UW?UD|RrKQ^*W_3|+|tGaqj-++s#hGE_Q!`!XGk
zfCN@SOJYj|ifCm8<wLjbp)6G_GI)-3z}6#jy+oDULNO2o4<Zh-=M>#VzY{mPSf!O(
zbVCpS-~dC{kMpnf{3PRxT?P|b&VS`cYOJZUKff|IOE85kW)3>hF=dpmr-1pmqavhX
z1CWg_YoaT+`jnMc!iikoTiC-){8@~cir_(V6z@x78Uw$v+rN`|9?iF64vmTXEg?%l
z>cqMz@H?y#11#09za~b|XhkV14qKi;yUCegvW|pS#X_T9$hs+$Yyo5u><Wi@DNbwX
zK1RUUXCeX*wtzpPy2ZD;g5OVCo$%#tI=idaD&md;iOdZkG})>Fa@vz1$;O`x{fhb!
z=#+5Sa(7)!5UG#jt>@^tKBhO38dnjJ$%6_FmR%Hw!>1*XL-Yce$vx&V9d#Y~geztS
z9q=>nUctG}VQRz{3}(sMBG2qTGKwJA3n^--n1u*jnnd}>ojG{?l$V#i#f$%=ztIUW
z2$;gWLJMj{CCBmi>92l5mlp%%mUjM$#`4{XcgJ0U0$#la9Fkbxeyj2I=G|{H7^aNk
z&~I^#vPvX<Oxp^XLeKhM(Ki|Iv`=q`F&cpoZTZ2~&0d++G6KHxYU10D&<7JtxwKZY
zs7iHp9f5Fewp@5GxuHE&9{b?6UwMn36V8y>Ga$5zh+q6wcg<+5&!0W&Mkirukl!2g
z8@V)WBF_+N3T*o<3RZz-GKA-g-fd{PRnuUs8$C{2&<W?F=t13Qu$NuWPo&`<&UWJ(
zXdNweed0&c)?+y`K1#Jb2xx3q8WAl~4V71o&FRh@J4#9Wv%t)|{c)I-8cjA+XwXTY
zy!B2hzJidv3Fsm9WUq;O#GnJ=52rFr-|f3v=P(@>P6k}B6m~cR8>Mg61YE*!ghf@v
zE}b2&4hL}D&5smnsD(<a$7|bTrLoo!n`dfyE99y}e@ajqrZwhY+i2mrp^?vyil!LB
z0z1B-^WMOwyXyPa0iYYD@%W1ed;|zP`f!dMl1NugVIhf#!sF@@Oll+zk4J|b5AyWs
z0-_tk!KjeHb!_i1#X8!A`T5Mfyo+n;^&L_a2TeBJFS+hVx@YAca}JZ@k(N+H$J>x;
zy`z&;+^{h<*6D7+R_K7Cs;a7@ii!wr5_jdGxwW;)!9>={Mt6=Z<#jM`3??R~Y&u)m
z5vT;TxX5`nPc`zQ3n_n7g5Wx>ffx!U^<7?DdqsE9s8_+!s%u71?rQ?>b!BF>a)bN|
z;kLFuW$h98i5G-sFM+yLjy~4SPeg+xrB=d4<wKJ^X??2+0Lsbe^@hO~QZ+!s4hj4>
z!|{wzpf?2YTs_l~O5SB9c65nHq&5Ag4W!Vk@fB63xZOTnX}Besz7c^_Jdzf73#>Dm
z&mP5ghJOE%&9Bo%1^tSYw*+kVPc>AP7KO|Q<X2Rc<f&{Rz`YQ;1P|kI3Q@_Qt@plD
zUf-*2u>AN}5R_0F+#+)aORU{(!6Sob#7zg74d?|2W23{_9=D~+C!NQFfYo_EaDRmY
zoU=2*8cWlwsgB`>6$STvx;R*yySh$RO6~T~wJ=TmNVIn>N>~1VL#NEdyQ-m-!*faB
zw*Dk^VK_*fPTk|wYGfLH6vlCaggJVwilnWjRa#wL+|-mD9uDuJ988ihJhikW<>JDD
zP9=}uNZ!=cROkKbUM!zAa<WuEScFf2prx(7)MSm<?s9H=xji6p%FD*arUUZ>#$FJD
z8q)g)^8-AfK;YI&9mQo2^ZbWAD&cr*Q`|`|Cd*3H-$ty-NA~aYGeU!C;3`>3&52kS
zoq~J0N;)t!oIJ3s@Ql|t;Y{!W20iaHae{%#CxbO|N8Tl-Dv58z?i6^K+m4Of&L<KW
z_5m=ml8*H9ilESPAj>o_`;|ip0d~pt2l;1jM_wUj3oK51(K7o}SAakaxX((9#ev$v
zyn9h@@DaZTDUL6z<@7oB5wVmQ{wmGrlND9E)mB>p_q_cAQPrihwb1?ynE(1b`FH(!
zDu@zSJf-$#)%Y@8uOvEp9J1E#k|0T*`qes}50}hKV7)QIlYeryOhv+}`yksRIz9dK
z1m_N-2by0=j(2)>HKTg94p%kwC3}it^&R;w>30DMJE$V~=X_0Wr7(d;_lJCVO!2Z`
zMv2jfYX>-C>Wj>2wtcf(z=}R2ZdlFIp9&w<<e-Au!a7aAJQx9P#1JIfB~$_-%8Pp&
zCc?s%#M@$&1Nk`_!F3oilfO&s&Rh~ZM#V8K5fJEeLET9oeG?!@{xFah@l3=6hz`St
zeE3}Kk^V8mu&HB0vIHcX&AXHxs-&o)F__GtE$-Fb>2YsALQ}Gcj`Ib$&U@B*4}QC{
zdLffoor`(!dI^s*cIyiYQ58zw=Mpm!WVA%P5am~;@ynY<D2nGs`;I-)d(O=P!?AF)
z%f6myxQ32uY7F?A=LUQC4RvQz75Y?AAnV5%4J9R^JVj1=Tme&yz1#roY%Q7bc-Ay+
z4*n$YU1D*L+}1Fcp&K}UDk}a5s)$L~;Bsg1Vk5`*y5gt3c`YKT@t};){+5KgUGBa0
zaK-n&T`?WI@gP}FM7)*z7q8Xsyv}pEHt!L*Oy{#Q*-(NvT5a`>0lo_Ci(w```8~TR
zg2+?YqihYLgJ7R0iLSc}iTv}-el-o<p26;WImW7uG5zi%Ih}V$9(~?Uo7FD=#Lqr{
zr3=OdCkR$sB?NADi+6TdqhFq3KC&G_($P|cw3~qpaTn6D3FW_18s8E$Uu-tf7Zy9b
znb4ID5q@7OX0HUU3u>Qv{z)kCnbkR9L^?Soony;VU6G$ZT^nuFaDUhh*$};Aj#1#u
z#tlaa#y{^!P#%$m=Mm=4euO}uc+>t)v(b4ynaMYOuxCcJ9o+rOk^Q)>(ORm+f)F}<
z!CZ4*`>@H!FSpN56AI!TKe~iOKE@zzr~=R@8~I}&yoA#?atj)fg(fdh6(l8J^jyc`
zXZLsrc;ljfNFC@)P`6jA4MhiqsNtEPsr=He=?un|PnYnvM__WcHZ{A`*{4FjUwn99
zX@B1=J${ManLPLI&NwmU5FjQY@eS`rNeZ*Yn%og}r{$}31@JYxDpxd2XR|CHFI{(J
zaC4kGE>En<t~?iH25?8;D7Hc=$zS#jVJ4~Yz8Rf-_<&?DB`Tzf6DUqTU5*-sVjQ;g
zQ_8u%eFONusQXao$zd~OAAI3H=6TSbv3Bl~g8aPGcs_aX{0NB@y_2|0wJzx&wZlnK
zntp0F$CqaNaI;cVznlNz1FPAj(b5_+I+bsheJEtKQOpP}f$t;-w^<-315~~N4t>V=
zpF6QRnj5+0p`;~G3;Z9!Z@3kq&vw!q@!;<#8+y&mf9%n~_72cm`Ar~%ILeJBz5TrO
zvMPS(cx&bjl*{bh&Zst0&h7DFe8z~E!dofLwZTUrkZ@{^%8LB?m~y=6z*)~!UQ%~a
zjMw^Ir<kd|*$9@YsYCuQFZZruwf@9v$&0)22VMr-xsBeaj7PkV&w{m%Dtm|bMVxx)
zj}<~Y%r9?ez{jl>+Z_d;-h70YK@Gqs0q<zFPp1uDH&=PO$B#nS)|E>Mt;Yc|Hv3y9
z`cxkZkxsV-e5S@?>Nps^9ARUaG9Y^VP8IA9I!xbSzpn@U@OUChRb#EgVb`h%DX|uW
zHiz%+$i`vP+)JfVLlu)hf)!&P$_X-*{i2flCy$zVpA<gF8UN!ujLz&KkzqTa``aV^
zIjHA_BBG4rzW%Y5fw!Gy!sV>pkGp<q!GTHlnZLOEm_du*AE7#1u4-o!@h;)B%a@3K
z1uEXD-rt{ATulxJGks1~Ki+ru?%=HlhL?@$+fy{+8~6l{r4`nV5QN;N5E-d>2&6DQ
z(iN*cNzbhDtTqu^2;$>MLNUMpxkk`{J(X=_(-4a6ex^5@Y)z=>euoC~aisV)XYU_3
z>kMX0FSs4Gvs!rUlXy4m!)q<)>{PBJ@k>VYw5_>ar?;MmZCvhh&}!adYcL<o*K<D1
zT%krCupx@*j+OMe;Nd&}201S6mk9&}4y8R6StQx{ed(#=hLsHx;bIjwjMG0)#o9zh
z9XfB48$3FdK`)1odoe~nhf49bLd8~q`_M?Qw>Um>`#yRWW2D2wzI)00A->}=!)d8o
z)mD9{Wz2ytr!VK_2tyJXO+mhBx;rYSe)1XA353G*bU12mp@vpecugEbA{d19i9F5F
zsP81$_iRrSNXOtjid7G1+>e76&B=P?y;>1*Br<zHGd{0(xkm5#e|=q7R1?|~l`aty
zLJ2(-@lt}q1;HRC1PDzHigc-h6lnnje1e23U5E$-6hXiM(z`UN(tFg<LRE?oKtOtV
z;ohJ3_2%QOGwZA~YtNqfnRV8gu{u7+dHO(G{_Jh{B2H6Wp@DI`&Bq{iV2j^w4GQl?
zPPSw%p+G8TVSje^9$5NxH60VTY<{CRGWwxNjenij2pd{F;$S?mGfm937uvg|r={Pr
zlrs_9TxwwW=vTj_T+Ih!J0h{wiRJ{XCUpD$#z%U;&xhCfEtt&88q<1e=;+g~Pk&>z
zFiB&*Hl5(2td|vo8tB8%AHAi>6g}#bPk1=v2a@jv4sRXDHj*;vn}uH8{W+FPd>*)C
zhrj?8POl#{R101@oN+o*W_w!`Y|eTL7W`zFE{-rq%cVJBFc>YG@=^pba+-^B87Hy1
zpn&UOH0+^|?y##tG;@_Sr~T3jouXGYLD6A?b!|fXJP%Ay|I_8YZWDNAk1nC;R22rf
zZF`hbd_lTV`i9Nil@>Q$G2OUX|4KU^?B*}`kx~lrq;EB$ki{f!qss=YcGFQ)OMm-R
z?rQADx6V50T#Up#7>5u1?l615W+VFP6tv&SZdB4XI4o1>P5J<O7s72p)9=-vo~#tV
z`hNZLTA&x*hA*iy_rQAH-NVt3?NtghJ^qOY+kRaBk~Bv0B6^{h@QiVKvSY&i2)+6p
z^z{aYc{9ma=H8TasGXx_09WG<P<7ozPvAlu{Z-*Wk%6=7<iS1v&28mtbK<p#?m;tF
z`I1k7Pho<%i#XkIT?ZJhd&n7(KsMdO?|(f*7bAW0Q`O;d_REP}IGlH&TJLcX^y3|j
zX8eR^Zeo3!51eUiZ$jQ}Y8RT>l|&7MK=c(KTwF`;%2&GL2i7^2H_(l>Ni*&q48PLU
zT=IMBnBe=rX>KCM+82vAXzp6yOX+zdro>M9sXhtuV`)(*1sw+W5S=d2xmnD#eb$v}
z!l5T7fDU=pdKywK{dG4gvs_d%DHGl4rU<zE<aGL{U~Iq-DYJ&q0_?U#aR&HdIkf(!
z#lar~Y=8RqcN{fJ*y)G1S74+@q!=Wp@(*chZ_{<N#odx!x7?q2sj<E`$;g&=Nzn>m
zG+#SA%1}#duvLq&*3=QxF3OAje#4JlFP==QQGlF+U)o_zt<rB|h0b18Mdi5#@+C=l
zdvAzid3_<r<o%#U(lS$OcVhoDh~i9tO{$F}sRXi1@g^?{8ALGe^Vh9>KTxSHiC{IL
z3`{Ggxq38(bZU^32n=H5<&w&bBQ_{v<0_tLhMak8zD9kgOmTWgd**OW$x|f&G1ZE#
zy*{jR2Jpzpw6(eg<In5~*Z=6~wf-d@?<mX7p@dyGgp{S+DSl(tu8}gRx>V(M3Nt;9
zG5zaAd5?S|ODcLk=G*s2<!C8QvjZ054dd{CoW4H0R~T?GLAhjJC+ag)2;FC(fCd;I
zR#i{+kPV=deRKwHA0#hWetNAc)2=#W*}69MVyYjOk$T@Lejv4G&Wp^1AFoC&CZZ5`
z8DG;OXB*oiL7qJEXIZs}vrd`Gzp;M2eh<|b*ikVK_IDuwuQaZufNEv}gTzyyH?Eve
zU7egJ@AL|tXYlN{ncVa(H(^$So-B{(?2u4S>R-?yBgjceOE=m-70qrCikR)9KRi5?
zxD*aQOk5Fr{u|j}5!|&cfqW{<a+~O|w@$vUpup-n`K{2jGVovvoPbn8OKF>my?A79
z8&Ocm9N2oYu+uSbW`f6z^)^VNRg&8P;mmK@P7QZ<I?9SJ%we*`C}t)mo%RW;os`;{
zAbsn}>gwv)U{DB+Fb#_%R$Q!yv(8;Ehu6*03CZJAw+G__CcMj-O^r+{qBby|FBQ&+
zvcFlQMuTcp6aRaYDfDaJk+}))LdtK&l+gFxWe0S|ar|=fczW6^09S(0UI`kWP_-h?
z$=6f~{6X-SG*_=`yZsg(M-yTaoK7n;3ZQ?1ukXwz5C}gg)WHT#ZTWU=a&x7tf{^%I
zm7kThW8F6k?lYcx&qu@6COh*s5K2UN9UtS^iv(NYU>qOyx5MBcW1UasjE|*_6kf}}
zdSu?Q;B_2ymakUvq$*rF_^Haff-%<nvOKvB4R0{;K<!%J62XRs24=>voDJ&4EB@wb
zkiS8hxngVA(QkMuD0gMephD(Rxo3;xFz;oZl_*XTiu&*pCTO_J0oJ1=@}`bUa`0-T
z+$1B>=yDG)OaRCcuU$}D+T|q>(IInD;e{Pryf$-WB$j8RBbsAndD-@Rk-1LZxDs*V
zCg~-?Wpreum3qL%b~YQRCKXHogb`vmweQ4y8p=XsNap98h&ln7HkH^a+<Hg#1p5B`
zGKIgExAgT@!0G;2{<*cab?-S}mCSunoG@Sf=;Y)rD=TtYE#hdc(#6x0$@bURf-95?
z)r_5;oy`#)p>ph55Wyg`BzXS=RxdrMH^lpvr?*mAd$ut_o6W1BsHnqBAbUh25-2E|
zEah?fs@&*6N|EhB3QB@An_A!Y_V(H#(DwG1YuvYc#50Gdrw3bFTJVooA5Q+w!!kNN
z+*0L2barzyQs)GNdEEomgp7@i!!_Qw<+<NiS1D<_O;jl$c9^Gp`O%Z);_NJ(tj}85
z)HUHcSW%P{OPd`P)h%(-1}$FtBIv5^D#1=VLf#P;r3xVGe9aD)`2R`{O!($FN{cGm
zwMo71pY7HJ7&O6PFpj7w0m=9oh|0Yap>eL4^FlJ_=sS+Hp0=^ae%UR2ett<i&&|Z=
zg&BZvkf&qnrJHS8aWREep(%=rYWelR<FN5H#`a~d-RDT2euH#BKXPr*$sq{@RT(2J
za#M}+S^=s18V_<kDfn|EOR5cWhb7)|+PA%W@T#MtZat}UFhlu>k&zK-L@gCzFjyg7
zh`QOC;JHgS@0_nsR0r&>Urj)q?r#^G6hGsSqGc9l&aI54SOoap;D?gp-PrmgkQ|#%
zsd8B=4M4hY;~zu=8j_oue@=j$KcmjwGAy@pWzu~_XCuW=e-r}E;*P?tIHDa$dI@Du
zHSSgcR4_pYBfDnv<APn5bHg^m!hDC#)IfnHne)`uZ`W%)yvFkE5xlg>U!ZS+CccrC
z;x=4qweoez!cf3Qq{`~32NVT}Imat51c(GgS+BlctsjV905|P!m?Nb**#%!FU-kh#
z{z2*UEB2weH+PrHYHk(sZ$#!#e|d2$Y~NK>M7svf$ZG5JaY25DHj)3#4KD#A*Z&O}
zgl*diU%su8tt?z$7-=n1o_}po!=TMCLNilm%%|c=-)F4_lBokX(mltlRA;-)#qQH8
z!%a&j_Z}E)4bd6KutvS?@}1<`9A)qrG6wq4fWLl`ro#1>3e8r|{K?dzu>ji6tC2KA
zRehdi=7BPQTkS~`D7^N}7{moU2cgf+-t;kQ{c-jYp4#JZ8wx2BwLpby!cTP_x7zH|
z?a6(0w$9%3xs&H47}f{l8`hu?@P(p_k)0YkvY9(PT9zUsC;r50KOy|9H;3BxpmVF}
zJL*rEQ2y{ILgQ`$;awsiwB%pHi>6?*$Oy)2C_;0uO3`}muE@P}ww}xl!^9RNk)^$J
z+<t#^b4)Z24y{=SLP<?E9Ooe(4evNkbmG1k8v)eyiebjKvqoz&XqO&EQ`1z}MKjyf
zOhAea!Uc@vpN?znvqqK=|C8IfJ5<)a-`koQ!BxgL7r9OW#+SG_{{i=0mVV=RbUWb1
zhl}ojuye=qbesk5b;FF!&UwbkAY@~x#{Wm&>Ysu7-h<O@HDAImP(=@g)+*7k4gD{$
CKlY{o

diff --git a/components/engine/docs/sources/installation/mac.md b/components/engine/docs/sources/installation/mac.md
index b6afe33873..da0e172892 100644
--- a/components/engine/docs/sources/installation/mac.md
+++ b/components/engine/docs/sources/installation/mac.md
@@ -7,13 +7,13 @@ page_keywords: Docker, Docker documentation, requirements, boot2docker, VirtualB
 > **Note:**
 > Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer.
 
-The Docker Engine uses Linux-specific kernel features, so to run it on OS X
-we need to use a lightweight virtual machine (vm).  You use the OS X Docker client to
+Because the Docker Engine uses Linux-specific kernel features, you'll need to use a
+lightweight virtual machine (VM) to run it on OS X. You use the OS X Docker client to
 control the virtualized Docker Engine to build, run, and manage Docker containers.
 
-To make this process easier, we've designed a helper application called
-[Boot2Docker](https://github.com/boot2docker/boot2docker) that installs the
-virtual machine and runs the Docker daemon.
+To make this process easier, we've built a helper application called
+[Boot2Docker](https://github.com/boot2docker/boot2docker) that installs a
+virtual machine (using VirtualBox) that's all set up to run the Docker daemon.
 
 ## Demonstration
 
@@ -22,50 +22,67 @@ virtual machine and runs the Docker daemon.
 ## Installation
 
 1. Download the latest release of the [Docker for OS X Installer](
-   https://github.com/boot2docker/osx-installer/releases)
+   https://github.com/boot2docker/osx-installer/releases) (Look for the green
+   Boot2Docker-x.x.x.pkg button near the bottom of the page.)
 
-2. Run the installer, which will install VirtualBox and the Boot2Docker management
-   tool.
+2. Run the installer by double-clicking the downloaded package, which will install a
+VirtualBox VM, Docker itself, and the Boot2Docker management tool.
    ![](/installation/images/osx-installer.png)
 
-3. Run the `Boot2Docker` app in the `Applications` folder:
-   ![](/installation/images/osx-Boot2Docker-Start-app.png)
-
-   Or, to initialize Boot2Docker manually, open a terminal and run:
+3. Locate the `Boot2Docker` app in your `Applications` folder and run it.
+   Or, you can initialize Boot2Docker from the command line by running:
 
 	     $ boot2docker init
 	     $ boot2docker start
 	     $ export DOCKER_HOST=tcp://$(boot2docker ip 2>/dev/null):2375
 
+A terminal window will open and you'll see the virtual machine starting up. 
 Once you have an initialized virtual machine, you can control it with `boot2docker stop`
 and `boot2docker start`.
 
+> **Note:**
+> If you see a message in the terminal that looks something like this:
+>
+>    `To connect the Docker client to the Docker daemon, please set: export 
+DOCKER_HOST=tcp://192.168.59.103:2375`
+> 
+you can safely set the evironment variable as instructed.
+
+View the
+[Boot2Docker ReadMe](https://github.com/boot2docker/boot2docker/blob/master/README.md)
+for more information.
+
 ## Upgrading
 
 1. Download the latest release of the [Docker for OS X Installer](
    https://github.com/boot2docker/osx-installer/releases)
 
-2. Run the installer, which will update VirtualBox and the Boot2Docker management
-   tool.
+2. If Boot2Docker is currently running, stop it with `boot2docker stop`. Then, run
+the installer package, which will update Docker and the Boot2Docker management tool.
 
-3. To upgrade your existing virtual machine, open a terminal and run:
+3. To complete the upgrade, you also need to update your existing virtual machine. Open a
+terminal window and run:
 
         $ boot2docker stop
         $ boot2docker download
         $ boot2docker start
 
+This will download an .iso containing a fresh VM and start it up.
+
 ## Running Docker
 
-From your terminal, you can test that Docker is running with the small `hello-world` example image.
-Start the vm and then run:
+From your terminal, you can test that Docker is running with our small `hello-world`
+example image:
+Start the vm (`boot2docker start`) and then run:
 
     $ docker run hello-world
 
-This should download the very small `hello-world` image and print a `Hello from Docker.` message.
+This should download the `hello-world` image, which then creates a small
+container with an executable that prints a brief `Hello from Docker.` message.
 
 ## Container port redirection
 
-The latest version of `boot2docker` sets up a host only network adaptor which provides
+The latest version of `boot2docker` sets up a host-only network adaptor which provides
 access to the container's ports.
 
 If you run a container with an exposed port,
@@ -76,14 +93,16 @@ then you should be able to access that Nginx server using the IP address reporte
 
     $ boot2docker ip
 
-Typically, it is 192.168.59.103, but it could get changed by Virtualbox's DHCP
-implementation.
+Typically, it is 192.168.59.103:2375, but VirtualBox's DHCP implementation might change
+this address in the future.
 
 # Further details
 
-If you are curious, the username for the boot2docker default user is `docker` and the password is `tcuser`.
+If you are curious, the username for the boot2docker default user is `docker` and the
+password is `tcuser`.
 
-The Boot2Docker management tool provides several commands:
+The Boot2Docker management tool provides several additional commands for working with the
+VM and Docker:
 
     $ ./boot2docker
     Usage: ./boot2docker [<options>]

From c8bd24665b6b97b66bc9ecdf0cc4ae2b82e54651 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 23 Jul 2014 01:13:52 +0300
Subject: [PATCH 217/516] integcli: fix TestInspectLinksStopped with Go1.3

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: d0cbc54f234b01585670e19b49a8c931b2719472
Component: engine
---
 .../integration-cli/docker_cli_links_test.go  | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_links_test.go b/components/engine/integration-cli/docker_cli_links_test.go
index d5336a62c8..cb48866456 100644
--- a/components/engine/integration-cli/docker_cli_links_test.go
+++ b/components/engine/integration-cli/docker_cli_links_test.go
@@ -122,16 +122,31 @@ func TestInspectLinksStarted(t *testing.T) {
 }
 
 func TestInspectLinksStopped(t *testing.T) {
+	var (
+		expected = map[string]struct{}{"/container1:/testinspectlink/alias1": {}, "/container2:/testinspectlink/alias2": {}}
+		result   []string
+	)
 	defer deleteAllContainers()
 	cmd(t, "run", "-d", "--name", "container1", "busybox", "sleep", "10")
 	cmd(t, "run", "-d", "--name", "container2", "busybox", "sleep", "10")
 	cmd(t, "run", "-d", "--name", "testinspectlink", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "true")
-	links, err := inspectField("testinspectlink", "HostConfig.Links")
+	links, err := inspectFieldJSON("testinspectlink", "HostConfig.Links")
 	if err != nil {
 		t.Fatal(err)
 	}
-	if expected := "[/container1:/testinspectlink/alias1 /container2:/testinspectlink/alias2]"; links != expected {
-		t.Fatalf("Links %s, but expected %s", links, expected)
+
+	err = unmarshalJSON([]byte(links), &result)
+	if err != nil {
+		t.Fatal(err)
 	}
+
+	output := convertSliceOfStringsToMap(result)
+
+	equal := deepEqual(expected, output)
+
+	if !equal {
+		t.Fatalf("Links %s, but expected %s", result, expected)
+	}
+
 	logDone("link - links in stopped container inspect")
 }

From 204cff966e1e0cab04581e0e980faada14dbe084 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Mon, 21 Jul 2014 23:58:59 -0700
Subject: [PATCH 218/516] pkg/units: Better to not use `error` as var name

Better to not use `error` as var name (might eclipse the error type) for
clarity and to prevent subtle bugs.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: ea7b8ea03f5c2222060afe435e907c1ab855a44b
Component: engine
---
 components/engine/pkg/units/size.go | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 1f77d607fe..e6e9f21b47 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -24,8 +24,8 @@ func HumanSize(size int64) string {
 // FromHumanSize returns an integer from a human-readable specification of a size
 // using SI standard (eg. "44kB", "17MB")
 func FromHumanSize(size string) (int64, error) {
-	re, error := regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
-	if error != nil {
+	re, err := regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
+	if err != nil {
 		return -1, fmt.Errorf("%s does not specify not a size", size)
 	}
 
@@ -35,9 +35,9 @@ func FromHumanSize(size string) (int64, error) {
 		return -1, fmt.Errorf("Invalid size: '%s'", size)
 	}
 
-	theSize, error := strconv.ParseInt(matches[1], 10, 0)
-	if error != nil {
-		return -1, error
+	theSize, err := strconv.ParseInt(matches[1], 10, 0)
+	if err != nil {
+		return -1, err
 	}
 
 	unit := strings.ToLower(matches[2])
@@ -62,9 +62,9 @@ func FromHumanSize(size string) (int64, error) {
 // returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
 func RAMInBytes(size string) (int64, error) {
-	re, error := regexp.Compile("^(\\d+)([kKmMgGtT])?[bB]?$")
-	if error != nil {
-		return -1, error
+	re, err := regexp.Compile("^(\\d+)([kKmMgGtT])?[bB]?$")
+	if err != nil {
+		return -1, err
 	}
 
 	matches := re.FindStringSubmatch(size)
@@ -73,9 +73,9 @@ func RAMInBytes(size string) (int64, error) {
 		return -1, fmt.Errorf("Invalid size: '%s'", size)
 	}
 
-	memLimit, error := strconv.ParseInt(matches[1], 10, 0)
-	if error != nil {
-		return -1, error
+	memLimit, err := strconv.ParseInt(matches[1], 10, 0)
+	if err != nil {
+		return -1, err
 	}
 
 	unit := strings.ToLower(matches[2])

From a347eb0112773a76a3006c4778ef328c501f3292 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Wed, 23 Jul 2014 12:40:10 +1000
Subject: [PATCH 219/516] user facing documentation changes in master atm

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 5743cc3423b48a0a3c78c7640bb10d840c911604
Component: engine
---
 components/engine/docs/docs-update.py         |  8 +++-
 components/engine/docs/man/docker-commit.1.md |  6 ++-
 components/engine/docs/man/docker-logout.1.md | 14 ++++---
 components/engine/docs/man/docker-logs.1.md   |  5 +++
 components/engine/docs/man/docker-rm.1.md     | 11 +++---
 components/engine/docs/man/docker-run.1.md    | 39 ++++++++++++-------
 components/engine/docs/man/docker-tag.1.md    |  3 +-
 .../docs/sources/reference/commandline/cli.md | 33 +++++++++-------
 8 files changed, 74 insertions(+), 45 deletions(-)

diff --git a/components/engine/docs/docs-update.py b/components/engine/docs/docs-update.py
index 31bb47db3b..2ff305c5ab 100755
--- a/components/engine/docs/docs-update.py
+++ b/components/engine/docs/docs-update.py
@@ -7,6 +7,7 @@
 #       ./docs/update.py /usr/bin/docker
 #
 
+import datetime
 import re
 from sys import argv
 import subprocess
@@ -15,6 +16,9 @@ import os.path
 
 script, docker_cmd = argv
 
+# date "+%B %Y"
+date_string = datetime.date.today().strftime('%B %Y')
+
 def print_usage(outtext, docker_cmd, command):
     help = ""
     try:
@@ -204,9 +208,9 @@ def update_man_pages():
         outtext.write("# HISTORY\n")
         if history != "":
            outtext.write(history+"\n")
-        recent_history_re = re.compile(".*June 2014.*", re.MULTILINE|re.DOTALL)
+        recent_history_re = re.compile(".*"+date_string+".*", re.MULTILINE|re.DOTALL)
         if not recent_history_re.match(history):
-            outtext.write("June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>\n")
+            outtext.write(date_string+", updated by Sven Dowideit <SvenDowideit@home.org.au>\n")
         outtext.close()
 
 # main
diff --git a/components/engine/docs/man/docker-commit.1.md b/components/engine/docs/man/docker-commit.1.md
index e5cf05a9fa..31edcc0397 100644
--- a/components/engine/docs/man/docker-commit.1.md
+++ b/components/engine/docs/man/docker-commit.1.md
@@ -8,6 +8,7 @@ docker-commit - Create a new image from a container's changes
 **docker commit**
 [**-a**|**--author**[=*AUTHOR*]]
 [**-m**|**--message**[=*MESSAGE*]]
+[**-p**|**--pause**[=*true*]]
  CONTAINER [REPOSITORY[:TAG]]
 
 # DESCRIPTION
@@ -20,8 +21,8 @@ Using an existing container's name or ID you can create a new image.
 **-m**, **--message**=""
    Commit message
 
-**-p, --pause**=true
-   Pause container during commit
+**-p**, **--pause**=*true*|*false*
+   Pause container during commit. The default is *true*.
 
 # EXAMPLES
 
@@ -37,3 +38,4 @@ create a new image run docker ps to find the container's ID and then run:
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and in
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-logout.1.md b/components/engine/docs/man/docker-logout.1.md
index 0196f0ed7d..07dcdcbc33 100644
--- a/components/engine/docs/man/docker-logout.1.md
+++ b/components/engine/docs/man/docker-logout.1.md
@@ -1,18 +1,22 @@
 % DOCKER(1) Docker User Manuals
-% Daniel, Dao Quang Minh
+% Docker Community
 % JUNE 2014
 # NAME
-docker-logout - Log out from a Docker registry
+docker-logout - Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default.
 
 # SYNOPSIS
-**docker logout** [SERVER]
+**docker logout**
+[SERVER]
 
 # DESCRIPTION
 Log the user out from a Docker registry, if no server is
 specified "https://index.docker.io/v1/" is the default. If you want to
 log out from a private registry you can specify this by adding the server name.
 
-# EXAMPLE
+# OPTIONS
+There are no available options.
+
+# EXAMPLES
 
 ## Log out from a local registry
 
@@ -20,4 +24,4 @@ log out from a private registry you can specify this by adding the server name.
 
 # HISTORY
 June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io)
-
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-logs.1.md b/components/engine/docs/man/docker-logs.1.md
index 5c3df75b9e..1fbd229d5d 100644
--- a/components/engine/docs/man/docker-logs.1.md
+++ b/components/engine/docs/man/docker-logs.1.md
@@ -8,6 +8,7 @@ docker-logs - Fetch the logs of a container
 **docker logs**
 [**-f**|**--follow**[=*false*]]
 [**-t**|**--timestamps**[=*false*]]
+[**--tail**[=*"all"*]]
 CONTAINER
 
 # DESCRIPTION
@@ -27,7 +28,11 @@ then continue streaming new output from the container’s stdout and stderr.
 **-t**, **--timestamps**=*true*|*false*
    Show timestamps. The default is *false*.
 
+**--tail**="all"
+   Output the specified number of lines at the end of logs (defaults to all logs)
+
 # HISTORY
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-rm.1.md b/components/engine/docs/man/docker-rm.1.md
index f100ddb87c..87a07a8849 100644
--- a/components/engine/docs/man/docker-rm.1.md
+++ b/components/engine/docs/man/docker-rm.1.md
@@ -6,9 +6,9 @@ docker-rm - Remove one or more containers
 
 # SYNOPSIS
 **docker rm**
-[**-s**|**--stop**[=*false*]]
 [**-k**|**--kill**[=*false*]]
 [**-l**|**--link**[=*false*]]
+[**-s**|**--stop**[=*false*]]
 [**-v**|**--volumes**[=*false*]]
  CONTAINER [CONTAINER...]
 
@@ -20,15 +20,15 @@ remove a running container unless you use the \fB-f\fR option. To see all
 containers on a host use the **docker ps -a** command.
 
 # OPTIONS
-**-s**, **--stop**=*true*|*false*
-   Stop then remove a running container. The default is *false*.
-
 **-k**, **--kill**=*true*|*false*
-   Kill then remove a running container. The default is *false*.
+   Kill and remove a running container. The default is *false*.
 
 **-l**, **--link**=*true*|*false*
    Remove the specified link and not the underlying container. The default is *false*.
 
+**-s**, **--stop**=*true*|*false*
+   Stop and remove a running container. The default is *false*.
+
 **-v**, **--volumes**=*true*|*false*
    Remove the volumes associated with the container. The default is *false*.
 
@@ -53,3 +53,4 @@ command. The use that name as follows:
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index 33ed4e43c3..4bf0ce0247 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -8,9 +8,12 @@ docker-run - Run a command in a new container
 **docker run**
 [**-a**|**--attach**[=*[]*]]
 [**-c**|**--cpu-shares**[=*0*]]
+[**--cap-add**[=*[]*]]
+[**--cap-drop**[=*[]*]]
 [**--cidfile**[=*CIDFILE*]]
 [**--cpuset**[=*CPUSET*]]
 [**-d**|**--detach**[=*false*]]
+[**--device**[=*[]*]]
 [**--dns-search**[=*[]*]]
 [**--dns**[=*[]*]]
 [**-e**|**--env**[=*[]*]]
@@ -34,7 +37,7 @@ docker-run - Run a command in a new container
 [**-v**|**--volume**[=*[]*]]
 [**--volumes-from**[=*[]*]]
 [**-w**|**--workdir**[=*WORKDIR*]]
- IMAGE[:TAG] [COMMAND] [ARG...]
+ IMAGE [COMMAND] [ARG...]
 
 # DESCRIPTION
 
@@ -67,8 +70,14 @@ the same proportion of CPU cycles, but you can tell the kernel to give more
 shares of CPU time to one or more containers when you start them via **docker
 run**.
 
-**--cidfile**=*file*
-   Write the container ID to the file specified.
+**--cap-add**=[]
+   Add Linux capabilities
+
+**--cap-drop**=[]
+   Drop Linux capabilities
+
+**--cidfile**=""
+   Write the container ID to the file
 
 **--cpuset**=""
    CPUs in which to allow execution (0-3, 0,1)
@@ -82,9 +91,11 @@ the detached mode, then you cannot use the **-rm** option.
 
    When attached in the tty mode, you can detach from a running container without
 stopping the process by pressing the keys CTRL-P CTRL-Q.
+**--device**=[]
+   Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)
 
 **--dns-search**=[]
-   Set custom dns search domains
+   Set custom DNS search domains
 
 **--dns**=*IP-address*
    Set custom DNS servers. This option can be used to override the DNS
@@ -92,6 +103,8 @@ configuration passed to the container. Typically this is necessary when the
 host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
 is the case the **-dns** flags is necessary for every run.
 
+**-e**, **--env**=[]
+   Set environment variables
 
 **-e**, **-env**=*environment*
    Set environment variables. This option allows you to specify arbitrary
@@ -111,7 +124,7 @@ something else inside the container, so you can override the default ENTRYPOINT
 at runtime by using a **--entrypoint** and a string to specify the new
 ENTRYPOINT.
 **--env-file**=[]
-   Read in a line delimited file of ENV variables
+   Read in a line delimited file of environment variables
 
 **--expose**=*port*
    Expose a port from the container without publishing it to your host. A
@@ -190,23 +203,18 @@ outside of a container on the host.
 
 
 **--rm**=*true*|*false*
-   If set to *true* the container is automatically removed when it exits. The
-default is *false*. This option is incompatible with **-d**.
-
+   Automatically remove the container when it exits (incompatible with -d). The default is *false*.
 
 **--sig-proxy**=*true*|*false*
-   When set to true, proxy received signals to the process (even in
-non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
+   Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
 
-
-**-t**, **-tty**=*true*|*false*
+**-t**, **--tty**=*true*|*false*
    When set to true Docker can allocate a pseudo-tty and attach to the standard
 input of any container. This can be used, for example, to run a throwaway
 interactive shell. The default is value is false.
 
-
-**-u**, **-user**=*username*,*uid*
-   Set a username or UID for the container.
+**-u**, **--user**=""
+   Username or UID
 
 
 **-v**, **-volume**=*volume*[:ro|:rw]
@@ -374,3 +382,4 @@ changes will also be reflected on the host in /var/db.
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-tag.1.md b/components/engine/docs/man/docker-tag.1.md
index c4bbc87484..a42ebe7702 100644
--- a/components/engine/docs/man/docker-tag.1.md
+++ b/components/engine/docs/man/docker-tag.1.md
@@ -7,7 +7,7 @@ docker-tag - Tag an image into a repository
 # SYNOPSIS
 **docker tag**
 [**-f**|**--force**[=*false*]]
- IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+ IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
 
 # DESCRIPTION
 This will give a new alias to an image in the repository. This refers to the
@@ -56,3 +56,4 @@ registry you must tag it with the registry hostname and port (if needed).
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index f1142d2a4f..8b03531fc8 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -738,7 +738,8 @@ specify this by adding the server name.
 
     Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default.
 
-    example:
+For example:
+
     $ docker logout localhost:8080
 
 ## logs
@@ -953,20 +954,23 @@ removed before the image is removed.
 
     Run a command in a new container
 
-      -a, --attach=[]            Attach to stdin, stdout or stderr.
+      -a, --attach=[]            Attach to STDIN, STDOUT or STDERR.
       -c, --cpu-shares=0         CPU shares (relative weight)
+      --cap-add=[]               Add Linux capabilities
+      --cap-drop=[]              Drop Linux capabilities
       --cidfile=""               Write the container ID to the file
       --cpuset=""                CPUs in which to allow execution (0-3, 0,1)
-      -d, --detach=false         Detached mode: Run container in the background, print new container id
-      --dns=[]                   Set custom dns servers
-      --dns-search=[]            Set custom dns search domains
+      -d, --detach=false         Detached mode: run container in the background and print new container ID
+      --device=[]                Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)
+      --dns=[]                   Set custom DNS servers
+      --dns-search=[]            Set custom DNS search domains
       -e, --env=[]               Set environment variables
-      --entrypoint=""            Overwrite the default entrypoint of the image
-      --env-file=[]              Read in a line delimited file of ENV variables
+      --entrypoint=""            Overwrite the default ENTRYPOINT of the image
+      --env-file=[]              Read in a line delimited file of environment variables
       --expose=[]                Expose a port from the container without publishing it to your host
       -h, --hostname=""          Container host name
-      -i, --interactive=false    Keep stdin open even if not attached
-      --link=[]                  Add link to another container (name:alias)
+      -i, --interactive=false    Keep STDIN open even if not attached
+      --link=[]                  Add link to another container in the form of name:alias
       --lxc-conf=[]              (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
       -m, --memory=""            Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
       --name=""                  Assign a name to the container
@@ -981,12 +985,11 @@ removed before the image is removed.
                                    (use 'docker port' to see the actual mapping)
       --privileged=false         Give extended privileges to this container
       --rm=false                 Automatically remove the container when it exits (incompatible with -d)
-      --sig-proxy=true           Proxy received signals to the process (even in non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.
-      -t, --tty=false            Allocate a pseudo-tty
+      --sig-proxy=true           Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.
+      -t, --tty=false            Allocate a pseudo-TTY
       -u, --user=""              Username or UID
-      -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container)
+      -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
       --volumes-from=[]          Mount volumes from the specified container(s)
-      --device=[]                Add a host device to the container (e.g. --device=/dev/sdc[:/dev/xvdc[:rwm]])
       -w, --workdir=""           Working directory inside the container
 
 The `docker run` command first `creates` a writeable container layer over the
@@ -1272,7 +1275,7 @@ grace period, SIGKILL
 
 ## tag
 
-    Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+    Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
 
     Tag an image into a repository
 
@@ -1292,7 +1295,7 @@ them to [*Share Images via Repositories*](
 
     Usage: docker unpause CONTAINER
 
-    Resumes a paused container.
+    Unpause all processes within a container
 
 The `docker unpause` command uses the cgroups freezer to un-suspend all
 processes in a container.

From da9850e0f6db619f2d3a8f31e91c71a5fa1ad040 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Wed, 23 Jul 2014 09:57:41 +0400
Subject: [PATCH 220/516] Add AUDIT_WRITE cap

Fixes #6345

Thanks @larsks for outstanding investigation

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 29ecc95c31ecfe15e3b3d8db94cea1c555e526a3
Component: engine
---
 .../engine/daemon/execdriver/native/template/default_template.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/daemon/execdriver/native/template/default_template.go b/components/engine/daemon/execdriver/native/template/default_template.go
index cc5cc4f428..be3dd5a5c1 100644
--- a/components/engine/daemon/execdriver/native/template/default_template.go
+++ b/components/engine/daemon/execdriver/native/template/default_template.go
@@ -23,6 +23,7 @@ func New() *libcontainer.Config {
 			"NET_BIND_SERVICE",
 			"SYS_CHROOT",
 			"KILL",
+			"AUDIT_WRITE",
 		},
 		Namespaces: map[string]bool{
 			"NEWNS":  true,

From 6f7c4cc1d5d221b121f25308d7523fded308ec9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roland=20Hu=C3=9F?= <roland@jolokia.org>
Date: Wed, 23 Jul 2014 10:23:14 +0200
Subject: [PATCH 221/516] Fixed parent-child relationship description

"db" is the parent image, and "web" links to it as the child image. There was a typo in the document which reversed the relation.
Upstream-commit: 0a4b39b6a4e9faeea5d8c679e7b03e317a7b02f9
Component: engine
---
 components/engine/docs/sources/userguide/dockerlinks.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockerlinks.md b/components/engine/docs/sources/userguide/dockerlinks.md
index d7a2abff9c..c1d8c14681 100644
--- a/components/engine/docs/sources/userguide/dockerlinks.md
+++ b/components/engine/docs/sources/userguide/dockerlinks.md
@@ -162,8 +162,8 @@ containers also shows `web/db` in the `NAMES` column. This tells us that the
 `web` container is linked to the `db` container in a parent/child relationship.
 
 So what does linking the containers do? Well we've discovered the link creates
-a parent-child relationship between the two containers. The parent container,
-here `web`, can access information on the child container `db`. To do this
+a parent-child relationship between the two containers. The child container,
+here `web`, can access information on the parent container `db`. To do this
 Docker creates a secure tunnel between the containers without the need to
 expose any ports externally on the container. You'll note when we started the
 `db` container we did not use either of the `-P` or `-p` flags. As we're

From d72a08903066fc3a7f1c634aadc6e8c5f3e08aa3 Mon Sep 17 00:00:00 2001
From: Tim Ruffles <timruffles@googlemail.com>
Date: Wed, 23 Jul 2014 12:11:14 +0100
Subject: [PATCH 222/516] [DOCS] replace foo/bar with concrete names

namespaces are not well documented, and I had to jump around to other docs. replacing `foo/bar` hopefully makes what's going on here a bit more obvious.

Docker-DCO-1.1-Signed-off-by: Tim Ruffles <timruffles@gmail.com> (github: timruffles)
Upstream-commit: 455e837e207a01153947fc81e3a22d6bb37d2c89
Component: engine
---
 .../docs/sources/reference/api/registry_api.md       | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/registry_api.md b/components/engine/docs/sources/reference/api/registry_api.md
index a3d4f23d66..49776b9b18 100644
--- a/components/engine/docs/sources/reference/api/registry_api.md
+++ b/components/engine/docs/sources/reference/api/registry_api.md
@@ -67,6 +67,8 @@ The latter would only require two new commands in docker, e.g.,
 (and optionally doing consistency checks). Authentication and authorization
 are then delegated to SSH (e.g., with public keys).
 
+The default namespace for a private repository is `library`.
+
 # Endpoints
 
 ## Images
@@ -305,7 +307,7 @@ Get all of the tags for the given repo.
 
     **Example Request**:
 
-        GET /v1/repositories/foo/bar/tags HTTP/1.1
+        GET /v1/repositories/reynholm/help-system-server/tags HTTP/1.1
         Host: registry-1.docker.io
         Accept: application/json
         Content-Type: application/json
@@ -341,7 +343,7 @@ Get a tag for the given repo.
 
     **Example Request**:
 
-        GET /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        GET /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1
         Host: registry-1.docker.io
         Accept: application/json
         Content-Type: application/json
@@ -375,7 +377,7 @@ Delete the tag for the repo
 
     **Example Request**:
 
-        DELETE /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        DELETE /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1
         Host: registry-1.docker.io
         Accept: application/json
         Content-Type: application/json
@@ -408,7 +410,7 @@ Put a tag for the given repo.
 
     **Example Request**:
 
-        PUT /v1/repositories/foo/bar/tags/latest HTTP/1.1
+        PUT /v1/repositories/reynholm/help-system-server/tags/latest HTTP/1.1
         Host: registry-1.docker.io
         Accept: application/json
         Content-Type: application/json
@@ -446,7 +448,7 @@ Delete a repository
 
     **Example Request**:
 
-        DELETE /v1/repositories/foo/bar/ HTTP/1.1
+        DELETE /v1/repositories/reynholm/help-system-server/ HTTP/1.1
         Host: registry-1.docker.io
         Accept: application/json
         Content-Type: application/json

From ed37d36716d68bce1714be8aed49a556ae6341b5 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Wed, 23 Jul 2014 18:09:02 +0000
Subject: [PATCH 223/516] Change version to 1.1.2-dev

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 56bb7ce780dc5fc2c5134291fbbea28169a479b1
Component: engine
---
 components/engine/CHANGELOG.md | 9 +++++++++
 components/engine/VERSION      | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md
index 1c37152d9e..9b89ea46b3 100644
--- a/components/engine/CHANGELOG.md
+++ b/components/engine/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## 1.1.2 (2014-07-23)
+
+#### Runtime
++ Fix port allocation for existing containers
++ Fix containers restart on daemon restart
+
+#### Packaging
++ Fix /etc/init.d/docker issue on Debian
+
 ## 1.1.1 (2014-07-09)
 
 #### Builder
diff --git a/components/engine/VERSION b/components/engine/VERSION
index 8869ce2d36..13c00786d3 100644
--- a/components/engine/VERSION
+++ b/components/engine/VERSION
@@ -1 +1 @@
-1.1.1-dev
+1.1.2-dev

From 39a4d3a21d6868493dd918c2123b722f2f1c5b1e Mon Sep 17 00:00:00 2001
From: hollietealok <hollie@docker.com>
Date: Wed, 23 Jul 2014 11:55:56 -0700
Subject: [PATCH 224/516] Removed docker_io_oauth_api.md: Docker is not
 currently accepting registrations for third party auth while it's determined
 how this will be done, if at all, in the future.

Docker-DCO-1.1-Signed-off-by: hollietealok <hollie@docker.com> (github: hollietealok)
Upstream-commit: 9fbae5924471b63e4f33fbd87f797183ab68be92
Component: engine
---
 .../reference/api/docker_io_oauth_api.md      | 254 ------------------
 1 file changed, 254 deletions(-)
 delete mode 100644 components/engine/docs/sources/reference/api/docker_io_oauth_api.md

diff --git a/components/engine/docs/sources/reference/api/docker_io_oauth_api.md b/components/engine/docs/sources/reference/api/docker_io_oauth_api.md
deleted file mode 100644
index c5d07720b8..0000000000
--- a/components/engine/docs/sources/reference/api/docker_io_oauth_api.md
+++ /dev/null
@@ -1,254 +0,0 @@
-page_title: docker.io OAuth API
-page_description: API Documentation for docker.io's OAuth flow.
-page_keywords: API, Docker, oauth, REST, documentation
-
-# docker.io OAuth API
-
-## 1. Brief introduction
-
-Some docker.io API requests will require an access token to
-authenticate. To get an access token for a user, that user must first
-grant your application access to their docker.io account. In order for
-them to grant your application access you must first register your
-application.
-
-Before continuing, we encourage you to familiarize yourself with [The
-OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749).
-
-*Also note that all OAuth interactions must take place over https
-connections*
-
-## 2. Register Your Application
-
-You will need to register your application with docker.io before users
-will be able to grant your application access to their account
-information. We are currently only allowing applications selectively. To
-request registration of your application send an email to
-[support-accounts@docker.com](mailto:support-accounts%40docker.com) with
-the following information:
-
- - The name of your application
- - A description of your application and the service it will provide to
-   docker.io users.
- - A callback URI that we will use for redirecting authorization
-   requests to your application. These are used in the step of getting
-   an Authorization Code. The domain name of the callback URI will be
-   visible to the user when they are requested to authorize your
-   application.
-
-When your application is approved you will receive a response from the
-docker.io team with your `client_id` and
-`client_secret` which your application will use in
-the steps of getting an Authorization Code and getting an Access Token.
-
-# 3. Endpoints
-
-## 3.1 Get an Authorization Code
-
-Once You have registered you are ready to start integrating docker.io
-accounts into your application! The process is usually started by a user
-following a link in your application to an OAuth Authorization endpoint.
-
-`GET /api/v1.1/o/authorize/`
-
-Request that a docker.io user authorize your application. If the
-user is not already logged in, they will be prompted to login. The
-user is then presented with a form to authorize your application for
-the requested access scope. On submission, the user will be
-redirected to the specified `redirect_uri` with
-an Authorization Code.
-
-    Query Parameters:
-
-     
-
-    -   **client_id** – The `client_id` given to
-        your application at registration.
-    -   **response_type** – MUST be set to `code`.
-        This specifies that you would like an Authorization Code
-        returned.
-    -   **redirect_uri** – The URI to redirect back to after the user
-        has authorized your application. If omitted, the first of your
-        registered `response_uris` is used. If
-        included, it must be one of the URIs which were submitted when
-        registering your application.
-    -   **scope** – The extent of access permissions you are requesting.
-        Currently, the scope options are `profile_read`, `profile_write`,
-        `email_read`, and `email_write`. Scopes must be separated by a space. If omitted, the
-        default scopes `profile_read email_read` are
-        used.
-    -   **state** – (Recommended) Used by your application to maintain
-        state between the authorization request and callback to protect
-        against CSRF attacks.
-
-    **Example Request**
-
-    Asking the user for authorization.
-
-        GET /api/v1.1/o/authorize/?client_id=TestClientID&response_type=code&redirect_uri=https%3A//my.app/auth_complete/&scope=profile_read%20email_read&state=abc123 HTTP/1.1
-        Host: www.docker.io
-
-    **Authorization Page**
-
-    When the user follows a link, making the above GET request, they
-    will be asked to login to their docker.io account if they are not
-    already and then be presented with the following authorization
-    prompt which asks the user to authorize your application with a
-    description of the requested scopes.
-
-    ![](/reference/api/_static/io_oauth_authorization_page.png)
-
-    Once the user allows or denies your Authorization Request the user
-    will be redirected back to your application. Included in that
-    request will be the following query parameters:
-
-    `code`
-    :   The Authorization code generated by the docker.io authorization
-        server. Present it again to request an Access Token. This code
-        expires in 60 seconds.
-    `state`
-    :   If the `state` parameter was present in the
-        authorization request this will be the exact value received from
-        that request.
-    `error`
-    :   An error message in the event of the user denying the
-        authorization or some other kind of error with the request.
-
-## 3.2 Get an Access Token
-
-Once the user has authorized your application, a request will be made to
-your application's specified `redirect_uri` which
-includes a `code` parameter that you must then use
-to get an Access Token.
-
-`POST /api/v1.1/o/token/`
-
-Submit your newly granted Authorization Code and your application's
-credentials to receive an Access Token and Refresh Token. The code
-is valid for 60 seconds and cannot be used more than once.
-
-    Request Headers:
-
-     
-
-    -   **Authorization** – HTTP basic authentication using your
-        application's `client_id` and
-        `client_secret`
-
-    Form Parameters:
-
-     
-
-    -   **grant_type** – MUST be set to `authorization_code`
-    -   **code** – The authorization code received from the user's
-        redirect request.
-    -   **redirect_uri** – The same `redirect_uri`
-        used in the authentication request.
-
-    **Example Request**
-
-    Using an authorization code to get an access token.
-
-        POST /api/v1.1/o/token/ HTTP/1.1
-        Host: www.docker.io
-        Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ=
-        Accept: application/json
-        Content-Type: application/json
-
-        {
-            "grant_type": "code",
-            "code": "YXV0aG9yaXphdGlvbl9jb2Rl",
-            "redirect_uri": "https://my.app/auth_complete/"
-        }
-
-    **Example Response**
-
-        HTTP/1.1 200 OK
-        Content-Type: application/json;charset=UTF-8
-
-        {
-            "username": "janedoe",
-            "user_id": 42,
-            "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS",
-            "expires_in": 15552000,
-            "token_type": "Bearer",
-            "scope": "profile_read email_read",
-            "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc"
-        }
-
-    In the case of an error, there will be a non-200 HTTP Status and and
-    data detailing the error.
-
-## 3.3 Refresh a Token
-
-Once the Access Token expires you can use your `refresh_token`
-to have docker.io issue your application a new Access Token,
-if the user has not revoked access from your application.
-
-`POST /api/v1.1/o/token/`
-
-Submit your `refresh_token` and application's
-credentials to receive a new Access Token and Refresh Token. The
-`refresh_token` can be used only once.
-
-    Request Headers:
-
-     
-
-    -   **Authorization** – HTTP basic authentication using your
-        application's `client_id` and
-        `client_secret`
-
-    Form Parameters:
-
-     
-
-    -   **grant_type** – MUST be set to `refresh_token`
-    -   **refresh_token** – The `refresh_token`
-        which was issued to your application.
-    -   **scope** – (optional) The scope of the access token to be
-        returned. Must not include any scope not originally granted by
-        the user and if omitted is treated as equal to the scope
-        originally granted.
-
-    **Example Request**
-
-    Refreshing an access token.
-
-        POST /api/v1.1/o/token/ HTTP/1.1
-        Host: www.docker.io
-        Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ=
-        Accept: application/json
-        Content-Type: application/json
-
-        {
-            "grant_type": "refresh_token",
-            "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc",
-        }
-
-    **Example Response**
-
-        HTTP/1.1 200 OK
-        Content-Type: application/json;charset=UTF-8
-
-        {
-            "username": "janedoe",
-            "user_id": 42,
-            "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS",
-            "expires_in": 15552000,
-            "token_type": "Bearer",
-            "scope": "profile_read email_read",
-            "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc"
-        }
-
-    In the case of an error, there will be a non-200 HTTP Status and and
-    data detailing the error.
-
-# 4. Use an Access Token with the API
-
-Many of the docker.io API requests will require a Authorization request
-header field. Simply ensure you add this header with "Bearer <`access_token`>":
-
-    GET /api/v1.1/resource HTTP/1.1
-    Host: docker.io
-    Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA

From c26325b9c4b32a93341672d4833cf5a51552c5e3 Mon Sep 17 00:00:00 2001
From: William Henry <whenry@redhat.com>
Date: Wed, 23 Jul 2014 16:49:07 -0400
Subject: [PATCH 225/516] Typo changes to docker-run-1.md - changing '-' to
 '--' where approp.

Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)
Upstream-commit: 140337296353b2dd37678b0e30cbf0ebe2cfd9e7
Component: engine
---
 components/engine/docs/man/docker-run.1.md | 24 ++++++++++------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index 4bf0ce0247..4dee97f195 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -82,7 +82,7 @@ run**.
 **--cpuset**=""
    CPUs in which to allow execution (0-3, 0,1)
 
-**-d**, **-detach**=*true*|*false*
+**-d**, **--detach**=*true*|*false*
    Detached mode. This runs the container in the background. It outputs the new
 container's ID and any error messages. At any time you can run **docker ps** in
 the other shell to view a list of the running containers. You can reattach to a
@@ -101,12 +101,9 @@ stopping the process by pressing the keys CTRL-P CTRL-Q.
    Set custom DNS servers. This option can be used to override the DNS
 configuration passed to the container. Typically this is necessary when the
 host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
-is the case the **-dns** flags is necessary for every run.
+is the case the **--dns** flags is necessary for every run.
 
-**-e**, **--env**=[]
-   Set environment variables
-
-**-e**, **-env**=*environment*
+**-e**, **--env**=*environment*
    Set environment variables. This option allows you to specify arbitrary
 environment variables that are available for the process that will be launched
 inside of the container.
@@ -123,6 +120,7 @@ pass in more options via the COMMAND. But, sometimes an operator may want to run
 something else inside the container, so you can override the default ENTRYPOINT
 at runtime by using a **--entrypoint** and a string to specify the new
 ENTRYPOINT.
+
 **--env-file**=[]
    Read in a line delimited file of environment variables
 
@@ -133,10 +131,10 @@ developer can expose the port using the EXPOSE parameter of the Dockerfile, 2)
 the operator can use the **--expose** option with **docker run**, or 3) the
 container can be started with the **--link**.
 
-**-h**, **-hostname**=*hostname*
+**-h**, **--hostname**=*hostname*
    Sets the container host name that is available inside the container.
 
-**-i**, **-interactive**=*true*|*false*
+**-i**, **--interactive**=*true*|*false*
    When set to true, keep stdin open even if not attached. The default is false.
 
 **--link**=*name*:*alias*
@@ -149,7 +147,7 @@ which interface and port to use.
 **--lxc-conf**=[]
    (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
 
-**-m**, **-memory**=*memory-limit*
+**-m**, **--memory**=*memory-limit*
    Allows you to constrain the memory available to a container. If the host
 supports swap memory, then the -m memory setting can be larger than physical
 RAM. If a limit of 0 is specified, the container's memory is not limited. The
@@ -178,14 +176,14 @@ and foreground Docker containers.
                                'container:<name|id>': reuses another container network stack
                                'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
 
-**-P**, **-publish-all**=*true*|*false*
+**-P**, **--publish-all**=*true*|*false*
    When set to true publish all exposed ports to the host interfaces. The
 default is false. If the operator uses -P (or -p) then Docker will make the
 exposed port accessible on the host and the ports will be available to any
 client that can reach the host. To find the map between the host ports and the
 exposed ports, use **docker port**.
 
-**-p**, **-publish**=[]
+**-p**, **--publish**=[]
    Publish a container's port to the host (format: ip:hostPort:containerPort |
 ip::containerPort | hostPort:containerPort) (use **docker port** to see the
 actual mapping)
@@ -217,7 +215,7 @@ interactive shell. The default is value is false.
    Username or UID
 
 
-**-v**, **-volume**=*volume*[:ro|:rw]
+**-v**, **--volume**=*volume*[:ro|:rw]
    Bind mount a volume to the container. 
 
 The **-v** option can be used one or
@@ -241,7 +239,7 @@ default, the volumes are mounted in the same mode (read write or read only) as
 the reference container.
 
 
-**-w**, **-workdir**=*directory*
+**-w**, **--workdir**=*directory*
    Working directory inside the container. The default working directory for
 running binaries within a container is the root directory (/). The developer can
 set a different default with the Dockerfile WORKDIR instruction. The operator

From 1e857dc9988d4cc298b489b7accaf5efe3a462fe Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Tue, 22 Jul 2014 00:38:47 -0700
Subject: [PATCH 226/516] pkg/units: Using 'case' instead of trickled ifs

Seems the perfect case for 'case' ;).

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 03697f0a93b04122a5039db915afddf60ccec448
Component: engine
---
 components/engine/pkg/units/size.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index e6e9f21b47..d8410b4233 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -42,15 +42,16 @@ func FromHumanSize(size string) (int64, error) {
 
 	unit := strings.ToLower(matches[2])
 
-	if unit == "k" {
+	switch unit {
+	case "k":
 		theSize *= 1000
-	} else if unit == "m" {
+	case "m":
 		theSize *= 1000 * 1000
-	} else if unit == "g" {
+	case "g":
 		theSize *= 1000 * 1000 * 1000
-	} else if unit == "t" {
+	case "t":
 		theSize *= 1000 * 1000 * 1000 * 1000
-	} else if unit == "p" {
+	case "p":
 		theSize *= 1000 * 1000 * 1000 * 1000 * 1000
 	}
 
@@ -80,13 +81,14 @@ func RAMInBytes(size string) (int64, error) {
 
 	unit := strings.ToLower(matches[2])
 
-	if unit == "k" {
+	switch unit {
+	case "k":
 		memLimit *= 1024
-	} else if unit == "m" {
+	case "m":
 		memLimit *= 1024 * 1024
-	} else if unit == "g" {
+	case "g":
 		memLimit *= 1024 * 1024 * 1024
-	} else if unit == "t" {
+	case "t":
 		memLimit *= 1024 * 1024 * 1024 * 1024
 	}
 

From fc192c453a7b3c3ae5e186ef30ee1d0de9912193 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Mon, 21 Jul 2014 23:49:52 -0700
Subject: [PATCH 227/516] pkg/units: Standardized supported sizes

May make sense that both `FromHumanSize()` and `RAMInBytes()` support
the same units. Added 'PB' to the RAMInBytes regex.

Also updated tests.

Note: int64 is overflowed on quantities >= EB

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 0fd37bd7ac0f92eda0a55cf2bedf77f1996b8472
Component: engine
---
 components/engine/pkg/units/size.go      | 4 +++-
 components/engine/pkg/units/size_test.go | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index d8410b4233..4a953fbba5 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -63,7 +63,7 @@ func FromHumanSize(size string) (int64, error) {
 // returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
 func RAMInBytes(size string) (int64, error) {
-	re, err := regexp.Compile("^(\\d+)([kKmMgGtT])?[bB]?$")
+	re, err := regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
 	if err != nil {
 		return -1, err
 	}
@@ -90,6 +90,8 @@ func RAMInBytes(size string) (int64, error) {
 		memLimit *= 1024 * 1024 * 1024
 	case "t":
 		memLimit *= 1024 * 1024 * 1024 * 1024
+	case "p":
+		memLimit *= 1024 * 1024 * 1024 * 1024 * 1024
 	}
 
 	return memLimit, nil
diff --git a/components/engine/pkg/units/size_test.go b/components/engine/pkg/units/size_test.go
index de8b44f8ce..a2dfedceb4 100644
--- a/components/engine/pkg/units/size_test.go
+++ b/components/engine/pkg/units/size_test.go
@@ -64,7 +64,11 @@ func TestRAMInBytes(t *testing.T) {
 	assertRAMInBytes(t, "32MB", false, 32*1024*1024)
 	assertRAMInBytes(t, "32Gb", false, 32*1024*1024*1024)
 	assertRAMInBytes(t, "32G", false, 32*1024*1024*1024)
+	assertRAMInBytes(t, "32GB", false, 32*1024*1024*1024)
 	assertRAMInBytes(t, "32Tb", false, 32*1024*1024*1024*1024)
+	assertRAMInBytes(t, "8Pb", false, 8*1024*1024*1024*1024*1024)
+	assertRAMInBytes(t, "8PB", false, 8*1024*1024*1024*1024*1024)
+	assertRAMInBytes(t, "8P", false, 8*1024*1024*1024*1024*1024)
 
 	assertRAMInBytes(t, "", true, -1)
 	assertRAMInBytes(t, "hello", true, -1)

From 9cee4d41c4ab7034ea45184a233af9df8e39414b Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Mon, 21 Jul 2014 23:50:27 -0700
Subject: [PATCH 228/516] pkg/units: Refactor regexp.Compile to init()

No need to recompile a fixed regular expression each time the function
executes. Abstracting it to the `init()` method.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: a4d57d8a851bf288804215b39c9d56a51550a228
Component: engine
---
 components/engine/pkg/units/size.go | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 4a953fbba5..91b617634c 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -7,6 +7,15 @@ import (
 	"strings"
 )
 
+var sizeRegex *regexp.Regexp
+
+func init() {
+	var err error
+	if sizeRegex, err = regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$"); err != nil {
+		panic("Failed to compile the 'size' regular expression")
+	}
+}
+
 // HumanSize returns a human-readable approximation of a size
 // using SI standard (eg. "44kB", "17MB")
 func HumanSize(size int64) string {
@@ -24,12 +33,7 @@ func HumanSize(size int64) string {
 // FromHumanSize returns an integer from a human-readable specification of a size
 // using SI standard (eg. "44kB", "17MB")
 func FromHumanSize(size string) (int64, error) {
-	re, err := regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
-	if err != nil {
-		return -1, fmt.Errorf("%s does not specify not a size", size)
-	}
-
-	matches := re.FindStringSubmatch(size)
+	matches := sizeRegex.FindStringSubmatch(size)
 
 	if len(matches) != 3 {
 		return -1, fmt.Errorf("Invalid size: '%s'", size)
@@ -63,12 +67,7 @@ func FromHumanSize(size string) (int64, error) {
 // returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
 func RAMInBytes(size string) (int64, error) {
-	re, err := regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
-	if err != nil {
-		return -1, err
-	}
-
-	matches := re.FindStringSubmatch(size)
+	matches := sizeRegex.FindStringSubmatch(size)
 
 	if len(matches) != 3 {
 		return -1, fmt.Errorf("Invalid size: '%s'", size)

From 23fcdf4f5e2d5f21a3451d62a1ecfa7664fb8172 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Wed, 23 Jul 2014 23:53:16 -0700
Subject: [PATCH 229/516] pkg/units: Compacted var declaration and
 initialization

No need to have two lines. The type is even explicit when type casting
to `float64(size)`

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: d512294382c9013dee2820745db02ab63dc2ecdd
Component: engine
---
 components/engine/pkg/units/size.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 91b617634c..6535540ce2 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -19,10 +19,9 @@ func init() {
 // HumanSize returns a human-readable approximation of a size
 // using SI standard (eg. "44kB", "17MB")
 func HumanSize(size int64) string {
-	i := 0
-	var sizef float64
-	sizef = float64(size)
 	units := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
+	i := 0
+	sizef := float64(size)
 	for sizef >= 1000.0 {
 		sizef = sizef / 1000.0
 		i++

From 088f734e5e0daabe5c48bea648a5605c1c2c1898 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Wed, 23 Jul 2014 23:55:48 -0700
Subject: [PATCH 230/516] pkg/units: Moved 'units' out of function

No need to initialize every time the function executes since it works as
a catalog.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: e4ab996b9d0d97089b076cfef32405f5f3fedc7c
Component: engine
---
 components/engine/pkg/units/size.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 6535540ce2..027886e5f3 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -16,17 +16,18 @@ func init() {
 	}
 }
 
+var bytePrefixes = [...]string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
+
 // HumanSize returns a human-readable approximation of a size
 // using SI standard (eg. "44kB", "17MB")
 func HumanSize(size int64) string {
-	units := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
 	i := 0
 	sizef := float64(size)
 	for sizef >= 1000.0 {
 		sizef = sizef / 1000.0
 		i++
 	}
-	return fmt.Sprintf("%.4g %s", sizef, units[i])
+	return fmt.Sprintf("%.4g %s", sizef, bytePrefixes[i])
 }
 
 // FromHumanSize returns an integer from a human-readable specification of a size

From 22e53a9bae78a529ae866f75785b4e9513d77a70 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Tue, 22 Jul 2014 14:23:52 -0700
Subject: [PATCH 231/516] pkg/units: Refactored common code to single func

Both functions perform the same logic and they just vary on the base
multiplication units. We can refactor the common code into a single
place.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 386d300a6e07c99380a0814497cf0bc672df1e63
Component: engine
---
 components/engine/pkg/units/size.go | 71 ++++++++++++-----------------
 1 file changed, 28 insertions(+), 43 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 027886e5f3..50e8ec6c81 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -7,6 +7,11 @@ import (
 	"strings"
 )
 
+const (
+	decimalKUnit = 1000
+	binaryKUnit  = 1024
+)
+
 var sizeRegex *regexp.Regexp
 
 func init() {
@@ -30,9 +35,23 @@ func HumanSize(size int64) string {
 	return fmt.Sprintf("%.4g %s", sizef, bytePrefixes[i])
 }
 
-// FromHumanSize returns an integer from a human-readable specification of a size
-// using SI standard (eg. "44kB", "17MB")
+// FromHumanSize returns an integer from a human-readable specification of a
+// size using SI standard (eg. "44kB", "17MB")
 func FromHumanSize(size string) (int64, error) {
+	return parseSize(size, decimalKUnit)
+}
+
+// Parses a human-readable string representing an amount of RAM
+// in bytes, kibibytes, mebibytes, gibibytes, or tebibytes and
+// returns the number of bytes, or -1 if the string is unparseable.
+// Units are case-insensitive, and the 'b' suffix is optional.
+func RAMInBytes(size string) (int64, error) {
+	return parseSize(size, binaryKUnit)
+}
+
+// Parses the human-readable size string into the amount it represents given
+// the desired kilo unit [decimalKiloUnit=1000|binaryKiloUnit=1024]
+func parseSize(size string, kUnit int64) (int64, error) {
 	matches := sizeRegex.FindStringSubmatch(size)
 
 	if len(matches) != 3 {
@@ -44,54 +63,20 @@ func FromHumanSize(size string) (int64, error) {
 		return -1, err
 	}
 
-	unit := strings.ToLower(matches[2])
+	unitPrefix := strings.ToLower(matches[2])
 
-	switch unit {
+	switch unitPrefix {
 	case "k":
-		theSize *= 1000
+		theSize *= kUnit
 	case "m":
-		theSize *= 1000 * 1000
+		theSize *= kUnit * kUnit
 	case "g":
-		theSize *= 1000 * 1000 * 1000
+		theSize *= kUnit * kUnit * kUnit
 	case "t":
-		theSize *= 1000 * 1000 * 1000 * 1000
+		theSize *= kUnit * kUnit * kUnit * kUnit
 	case "p":
-		theSize *= 1000 * 1000 * 1000 * 1000 * 1000
+		theSize *= kUnit * kUnit * kUnit * kUnit * kUnit
 	}
 
 	return theSize, nil
 }
-
-// Parses a human-readable string representing an amount of RAM
-// in bytes, kibibytes, mebibytes, gibibytes, or tebibytes and
-// returns the number of bytes, or -1 if the string is unparseable.
-// Units are case-insensitive, and the 'b' suffix is optional.
-func RAMInBytes(size string) (int64, error) {
-	matches := sizeRegex.FindStringSubmatch(size)
-
-	if len(matches) != 3 {
-		return -1, fmt.Errorf("Invalid size: '%s'", size)
-	}
-
-	memLimit, err := strconv.ParseInt(matches[1], 10, 0)
-	if err != nil {
-		return -1, err
-	}
-
-	unit := strings.ToLower(matches[2])
-
-	switch unit {
-	case "k":
-		memLimit *= 1024
-	case "m":
-		memLimit *= 1024 * 1024
-	case "g":
-		memLimit *= 1024 * 1024 * 1024
-	case "t":
-		memLimit *= 1024 * 1024 * 1024 * 1024
-	case "p":
-		memLimit *= 1024 * 1024 * 1024 * 1024 * 1024
-	}
-
-	return memLimit, nil
-}

From 51f29305ff4c41fc3e76363ce270a68c6fdb9903 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 24 Jul 2014 11:19:16 +0400
Subject: [PATCH 232/516] Test on building from GIT url

Also I added fake git server to utils
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 5b0d4cf29629eabb8855400159c097cbd7502922
Component: engine
---
 .../integration-cli/docker_cli_build_test.go  | 29 ++++++
 .../engine/integration-cli/docker_utils.go    | 91 +++++++++++++++++++
 2 files changed, 120 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 3b1c1c230e..0ea62e2a70 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1777,3 +1777,32 @@ func TestBuildAddTar(t *testing.T) {
 	}
 	logDone("build - ADD tar")
 }
+
+func TestBuildFromGIT(t *testing.T) {
+	name := "testbuildfromgit"
+	defer deleteImages(name)
+	git, err := fakeGIT("repo", map[string]string{
+		"Dockerfile": `FROM busybox
+					ADD first /first
+					RUN [ -f /first ]
+					MAINTAINER docker`,
+		"first": "test git data",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer git.Close()
+
+	_, err = buildImageFromPath(name, git.RepoURL, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	res, err := inspectField(name, "Author")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if res != "docker" {
+		t.Fatal("Maintainer should be docker, got %s", res)
+	}
+	logDone("build - build from GIT")
+}
diff --git a/components/engine/integration-cli/docker_utils.go b/components/engine/integration-cli/docker_utils.go
index e3e5b36d93..fcaeef5ab2 100644
--- a/components/engine/integration-cli/docker_utils.go
+++ b/components/engine/integration-cli/docker_utils.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"testing"
@@ -254,3 +255,93 @@ func buildImageFromContext(name string, ctx *FakeContext, useCache bool) (string
 	}
 	return getIDByName(name)
 }
+
+func buildImageFromPath(name, path string, useCache bool) (string, error) {
+	args := []string{"build", "-t", name}
+	if !useCache {
+		args = append(args, "--no-cache")
+	}
+	args = append(args, path)
+	buildCmd := exec.Command(dockerBinary, args...)
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	if err != nil || exitCode != 0 {
+		return "", fmt.Errorf("failed to build the image: %s", out)
+	}
+	return getIDByName(name)
+}
+
+type FakeGIT struct {
+	*httptest.Server
+	Root    string
+	RepoURL string
+}
+
+func (g *FakeGIT) Close() {
+	g.Server.Close()
+	os.RemoveAll(g.Root)
+}
+
+func fakeGIT(name string, files map[string]string) (*FakeGIT, error) {
+	tmp, err := ioutil.TempDir("", "fake-git-repo")
+	if err != nil {
+		return nil, err
+	}
+	ctx := &FakeContext{tmp}
+	for file, content := range files {
+		if err := ctx.Add(file, content); err != nil {
+			ctx.Close()
+			return nil, err
+		}
+	}
+	defer ctx.Close()
+	curdir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	defer os.Chdir(curdir)
+
+	if output, err := exec.Command("git", "init", ctx.Dir).CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("Error trying to init repo: %s (%s)", err, output)
+	}
+	err = os.Chdir(ctx.Dir)
+	if err != nil {
+		return nil, err
+	}
+	if output, err := exec.Command("git", "add", "*").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("Error trying to add files to repo: %s (%s)", err, output)
+	}
+	if output, err := exec.Command("git", "commit", "-a", "-m", "Initial commit").CombinedOutput(); err != nil {
+		return nil, fmt.Errorf("Error trying to commit to repo: %s (%s)", err, output)
+	}
+
+	root, err := ioutil.TempDir("", "docker-test-git-repo")
+	if err != nil {
+		return nil, err
+	}
+	repoPath := filepath.Join(root, name+".git")
+	if output, err := exec.Command("git", "clone", "--bare", ctx.Dir, repoPath).CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		return nil, fmt.Errorf("Error trying to clone --bare: %s (%s)", err, output)
+	}
+	err = os.Chdir(repoPath)
+	if err != nil {
+		os.RemoveAll(root)
+		return nil, err
+	}
+	if output, err := exec.Command("git", "update-server-info").CombinedOutput(); err != nil {
+		os.RemoveAll(root)
+		return nil, fmt.Errorf("Error trying to git update-server-info: %s (%s)", err, output)
+	}
+	err = os.Chdir(curdir)
+	if err != nil {
+		os.RemoveAll(root)
+		return nil, err
+	}
+	handler := http.FileServer(http.Dir(root))
+	server := httptest.NewServer(handler)
+	return &FakeGIT{
+		Server:  server,
+		Root:    root,
+		RepoURL: fmt.Sprintf("%s/%s.git", server.URL, name),
+	}, nil
+}

From 53aae89bf053e9748c5ae2ed045c6fa3de3befe4 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Date: Wed, 23 Jul 2014 14:44:17 +0200
Subject: [PATCH 233/516] Fix incorrect path in ENTRYPOINT example

The ENTRYPOINT example uses "/usr/bin/ls" as path, but `ls` is located at `/bin/ls`.

Docker-DCO-1.1-Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (github: thaJeztah)
Upstream-commit: 2819d9b4062914daa5b6bd4d08676807859eae3f
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 57ddb52984..611b0294ff 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -409,7 +409,7 @@ optional but default, you could use a `CMD` instruction:
 
     FROM ubuntu
     CMD ["-l"]
-    ENTRYPOINT ["/usr/bin/ls"]
+    ENTRYPOINT ["ls"]
 
 > **Note**:
 > It is preferable to use the JSON array format for specifying

From 9c11a229c5774c780d61c73422b2a9410c64cbc9 Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Thu, 24 Jul 2014 09:48:20 -0400
Subject: [PATCH 234/516] Properly handle 0 being passed as a signal

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: be326b0ece345e7f28d663ac06c8614d58070326
Component: engine
---
 components/engine/server/server.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index a4117f8e3f..4e9e773307 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -229,10 +229,10 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 		if err != nil {
 			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
 			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
-			if sig == 0 {
-				return job.Errorf("Invalid signal: %s", job.Args[1])
-			}
+		}
 
+		if sig == 0 {
+			return job.Errorf("Invalid signal: %s", job.Args[1])
 		}
 	}
 

From 00689bb343641b223aba42abbedad5aaad0a2da9 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Tue, 22 Jul 2014 20:44:35 -0700
Subject: [PATCH 235/516] Added proposed Docker Community Guidelines

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: 7365225957046cf6364b30c56f3585d9c29098e5
Component: engine
---
 components/engine/CONTRIBUTING.md | 61 +++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 2dc73c100d..d4ebcfacb1 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -208,3 +208,64 @@ Don't forget: being a maintainer is a time investment. Make sure you
 will have time to make yourself available.  You don't have to be a
 maintainer to make a difference on the project!
 
+## Docker Community Guidelines
+
+We want to keep the Docker community awesome, growing and collaborative. We
+need your help to keep it that way. To help with this we've come up with some
+general guidelines for the community as a whole:
+
+* Be nice: Be courteous, respectful and polite to fellow community members: no
+  regional, racial, gender, or other abuse will be tolerated. We like nice people
+  way better than mean ones!
+
+* Encourage diversity and participation: Make everyone in our community
+  feel welcome, regardless of their background and the extent of their
+  contributions, and do everything possible to encourage participation in
+  our community.
+
+* Keep it legal: Basically, don't get us in trouble. Share only content that
+  you own, do not share private or sensitive information, and don't break the
+  law.
+
+* Stay on topic: Make sure that you are posting to the correct channel
+  and avoid off-topic discussions. Remember when you update an issue or
+  respond to an email you are potentially sending to a large number of
+  people.  Please consider this before you update.  Also remember that
+  nobody likes spam.
+
+### Guideline Violations — 3 Strikes Method
+
+The point of this section is not to find opportunities to punish people, but we
+do need a fair way to deal with people who are making our community suck.
+
+1. First occurrence: We'll give you a friendly, but public reminder that the
+   behavior is inappropriate according to our guidelines.
+
+2. Second occurrence: We will send you a private message with a warning that
+   any additional violations will result in removal from the community.
+
+3. Third occurrence: Depending on the violation, we may need to delete or ban
+   your account.
+
+**Notes:**
+
+* Obvious spammers are banned on first occurrence. If we don't do this, we'll
+  have spam all over the place.
+
+* Violations are forgiven after 6 months of good behavior, and we won't
+  hold a grudge.
+
+* People who commit minor infractions will get some education,
+  rather than hammering them in the 3 strikes process.
+
+* The rules apply equally to everyone in the community, no matter how
+  much you've contributed.
+
+* Extreme violations of a threatening, abusive, destructive or illegal nature
+  will be addressed immediately and are not subject to 3 strikes or
+  forgiveness.
+
+* Contact james@docker.com to report abuse or appeal violations. In the case of
+  appeals, we know that mistakes happen, and we'll work with you to come up with
+  a fair solution if there has been a misunderstanding.
+

From f664c760577182f7e2468a7aff333e1ff7d9d867 Mon Sep 17 00:00:00 2001
From: fcarriedo <fcarriedo@gmail.com>
Date: Thu, 24 Jul 2014 12:34:11 -0700
Subject: [PATCH 236/516] pkg/units: Updated `Compile()` to `MustCompile()`

We were doing exactly what `regexp.MustCompile()` already does.

Docker-DCO-1.1-Signed-off-by: fcarriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: c765134ac954f54f8b6aca6df25cf5e28911b563
Component: engine
---
 components/engine/pkg/units/size.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 50e8ec6c81..1594cd6549 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -15,10 +15,7 @@ const (
 var sizeRegex *regexp.Regexp
 
 func init() {
-	var err error
-	if sizeRegex, err = regexp.Compile("^(\\d+)([kKmMgGtTpP])?[bB]?$"); err != nil {
-		panic("Failed to compile the 'size' regular expression")
-	}
+	sizeRegex = regexp.MustCompile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
 }
 
 var bytePrefixes = [...]string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}

From 6ae4c9014c47cc292e642bb85211b74fcf01af7a Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 24 Jul 2014 22:19:50 +0000
Subject: [PATCH 237/516] update go import path and libcontainer

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b3ee9ac74e171e00f14027e39278013629e681b8
Component: engine
---
 components/engine/AUTHORS                     |  4 +-
 components/engine/CONTRIBUTING.md             |  6 +-
 components/engine/Dockerfile                  |  8 +-
 components/engine/Makefile                    |  2 +-
 components/engine/api/client/cli.go           |  6 +-
 components/engine/api/client/commands.go      | 26 +++---
 components/engine/api/client/hijack.go        |  8 +-
 components/engine/api/client/utils.go         | 12 +--
 components/engine/api/common.go               |  6 +-
 components/engine/api/server/server.go        | 16 ++--
 .../engine/api/server/server_unit_test.go     |  6 +-
 components/engine/archive/archive.go          |  6 +-
 components/engine/archive/archive_test.go     |  2 +-
 components/engine/archive/changes.go          |  6 +-
 components/engine/archive/diff.go             |  2 +-
 components/engine/archive/wrap.go             |  2 +-
 components/engine/builtins/builtins.go        | 16 ++--
 .../contrib/docker-device-tool/device_tool.go |  2 +-
 .../contrib/host-integration/Dockerfile.dev   |  2 +-
 .../contrib/host-integration/manager.go       |  2 +-
 .../contrib/host-integration/manager.sh       |  2 +-
 .../contrib/init/sysvinit-redhat/docker       |  2 +-
 .../engine/contrib/mkimage-debootstrap.sh     |  2 +-
 components/engine/contrib/mkimage/debootstrap |  2 +-
 .../engine/contrib/prepare-commit-msg.hook    |  2 +-
 components/engine/daemon/attach.go            |  2 +-
 components/engine/daemon/container.go         | 26 +++---
 .../engine/daemon/container_unit_test.go      |  2 +-
 components/engine/daemon/daemon.go            | 42 +++++-----
 components/engine/daemon/daemon_aufs.go       |  8 +-
 components/engine/daemon/daemon_btrfs.go      |  2 +-
 .../engine/daemon/daemon_devicemapper.go      |  2 +-
 components/engine/daemon/daemon_no_aufs.go    |  2 +-
 .../execdriver/execdrivers/execdrivers.go     |  8 +-
 .../engine/daemon/execdriver/lxc/driver.go    |  6 +-
 .../engine/daemon/execdriver/lxc/init.go      |  2 +-
 .../daemon/execdriver/lxc/lxc_init_linux.go   |  6 +-
 .../execdriver/lxc/lxc_init_unsupported.go    |  2 +-
 .../daemon/execdriver/lxc/lxc_template.go     |  2 +-
 .../execdriver/lxc/lxc_template_unit_test.go  |  2 +-
 .../execdriver/native/configuration/parse.go  |  2 +-
 .../native/configuration/parse_test.go        |  2 +-
 .../engine/daemon/execdriver/native/create.go |  6 +-
 .../engine/daemon/execdriver/native/driver.go |  6 +-
 .../execdriver/native/driver_unsupported.go   |  2 +-
 .../native/driver_unsupported_nocgo.go        |  2 +-
 components/engine/daemon/execdriver/utils.go  |  2 +-
 .../engine/daemon/graphdriver/aufs/aufs.go    |  8 +-
 .../daemon/graphdriver/aufs/aufs_test.go      |  4 +-
 .../engine/daemon/graphdriver/aufs/mount.go   |  2 +-
 .../engine/daemon/graphdriver/btrfs/btrfs.go  |  4 +-
 .../daemon/graphdriver/btrfs/btrfs_test.go    |  2 +-
 .../graphdriver/devmapper/attach_loopback.go  |  2 +-
 .../daemon/graphdriver/devmapper/deviceset.go |  6 +-
 .../daemon/graphdriver/devmapper/devmapper.go |  2 +-
 .../graphdriver/devmapper/devmapper_test.go   |  2 +-
 .../daemon/graphdriver/devmapper/driver.go    |  6 +-
 .../engine/daemon/graphdriver/driver.go       |  4 +-
 .../daemon/graphdriver/graphtest/graphtest.go |  2 +-
 .../engine/daemon/graphdriver/vfs/driver.go   |  2 +-
 .../engine/daemon/graphdriver/vfs/vfs_test.go |  2 +-
 components/engine/daemon/inspect.go           |  4 +-
 components/engine/daemon/network_settings.go  |  4 +-
 .../daemon/networkdriver/bridge/driver.go     | 18 ++--
 .../networkdriver/bridge/driver_test.go       |  2 +-
 .../networkdriver/ipallocator/allocator.go    |  2 +-
 .../daemon/networkdriver/portmapper/mapper.go |  6 +-
 .../networkdriver/portmapper/mapper_test.go   |  6 +-
 components/engine/daemon/server.go            |  2 +-
 components/engine/daemon/state.go             |  2 +-
 components/engine/daemon/utils.go             |  4 +-
 components/engine/daemon/utils_test.go        |  4 +-
 components/engine/daemon/volumes.go           |  6 +-
 components/engine/daemonconfig/config.go      |  4 +-
 components/engine/docker/docker.go            | 22 ++---
 components/engine/dockerinit/dockerinit.go    |  2 +-
 components/engine/docs/Dockerfile             |  4 +-
 components/engine/docs/README.md              |  2 +-
 components/engine/docs/mkdocs.yml             |  2 +-
 .../docs/sources/articles/baseimages.md       |  8 +-
 .../docs/sources/articles/networking.md       |  2 +-
 .../engine/docs/sources/articles/security.md  |  4 +-
 .../docs/sources/contributing/contributing.md | 10 +--
 .../sources/contributing/devenvironment.md    |  4 +-
 .../engine/docs/sources/docker-hub/repos.md   |  2 +-
 .../sources/examples/running_riak_service.md  |  2 +-
 components/engine/docs/sources/faq.md         |  8 +-
 components/engine/docs/sources/index.md       |  2 +-
 .../docs/sources/installation/binaries.md     |  6 +-
 .../sources/reference/api/docker-io_api.md    |  4 +-
 .../reference/api/docker_remote_api.md        |  8 +-
 .../reference/api/docker_remote_api_v1.0.md   |  2 +-
 .../reference/api/docker_remote_api_v1.1.md   |  2 +-
 .../reference/api/docker_remote_api_v1.10.md  |  2 +-
 .../reference/api/docker_remote_api_v1.11.md  |  2 +-
 .../reference/api/docker_remote_api_v1.12.md  |  2 +-
 .../reference/api/docker_remote_api_v1.13.md  |  2 +-
 .../reference/api/docker_remote_api_v1.14.md  |  2 +-
 .../reference/api/docker_remote_api_v1.2.md   |  2 +-
 .../reference/api/docker_remote_api_v1.3.md   |  2 +-
 .../reference/api/docker_remote_api_v1.4.md   |  2 +-
 .../reference/api/docker_remote_api_v1.5.md   |  2 +-
 .../reference/api/docker_remote_api_v1.6.md   |  2 +-
 .../reference/api/docker_remote_api_v1.7.md   |  2 +-
 .../reference/api/docker_remote_api_v1.8.md   |  2 +-
 .../reference/api/docker_remote_api_v1.9.md   |  2 +-
 .../reference/api/hub_registry_spec.md        |  4 +-
 .../engine/docs/sources/reference/builder.md  |  2 +-
 .../docs/sources/reference/commandline/cli.md | 12 +--
 .../engine/docs/sources/reference/run.md      |  6 +-
 .../docs/sources/userguide/dockerimages.md    |  2 +-
 .../engine/docs/sources/userguide/index.md    |  2 +-
 components/engine/docs/theme/mkdocs/base.html |  2 +-
 .../engine/docs/theme/mkdocs/breadcrumbs.html |  2 +-
 .../engine/docs/theme/mkdocs/footer.html      |  2 +-
 components/engine/engine/engine.go            |  2 +-
 components/engine/engine/env_test.go          |  2 +-
 components/engine/graph/graph.go              | 14 ++--
 components/engine/graph/service.go            |  6 +-
 components/engine/graph/tags.go               |  4 +-
 components/engine/graph/tags_unit_test.go     | 10 +--
 components/engine/hack/PACKAGERS.md           | 10 +--
 components/engine/hack/RELEASE-CHECKLIST.md   |  8 +-
 components/engine/hack/ROADMAP.md             |  2 +-
 components/engine/hack/dind                   |  2 +-
 components/engine/hack/make.sh                | 16 ++--
 components/engine/hack/make/.ensure-scratch   |  4 +-
 components/engine/hack/make/.validate         |  2 +-
 components/engine/hack/make/dynbinary         |  2 +-
 .../engine/hack/make/dyntest-integration      |  2 +-
 components/engine/hack/make/dyntest-unit      |  2 +-
 components/engine/hack/make/test-integration  |  2 +-
 components/engine/hack/make/validate-dco      |  4 +-
 components/engine/hack/release.sh             |  6 +-
 components/engine/hack/vendor.sh              |  2 +-
 components/engine/image/graph.go              |  2 +-
 components/engine/image/image.go              |  8 +-
 .../integration-cli/docker_cli_build_test.go  |  2 +-
 .../integration-cli/docker_cli_links_test.go  |  2 +-
 .../integration-cli/docker_cli_nat_test.go    |  2 +-
 .../integration-cli/docker_cli_run_test.go    |  2 +-
 components/engine/integration/api_test.go     | 10 +--
 components/engine/integration/auth_test.go    |  9 +-
 .../engine/integration/commands_test.go       | 10 +--
 .../engine/integration/container_test.go      |  2 +-
 components/engine/integration/graph_test.go   | 12 +--
 components/engine/integration/https_test.go   |  2 +-
 components/engine/integration/runtime_test.go | 14 ++--
 components/engine/integration/server_test.go  |  4 +-
 components/engine/integration/utils_test.go   | 14 ++--
 components/engine/integration/z_final_test.go |  2 +-
 components/engine/links/links.go              |  4 +-
 components/engine/links/links_test.go         |  2 +-
 components/engine/nat/nat.go                  |  2 +-
 components/engine/opts/opts.go                |  2 +-
 .../engine/pkg/mflag/example/example.go       |  2 +-
 components/engine/pkg/mflag/flag.go           |  2 +-
 components/engine/pkg/mflag/flag_test.go      |  2 +-
 components/engine/pkg/term/MAINTAINERS        |  2 +-
 .../engine/pkg/truncindex/truncindex_test.go  |  2 +-
 components/engine/registry/MAINTAINERS        |  6 +-
 components/engine/registry/auth.go            |  4 +-
 components/engine/registry/registry.go        |  4 +-
 .../engine/registry/registry_mock_test.go     |  2 +-
 components/engine/registry/registry_test.go   |  4 +-
 components/engine/registry/service.go         |  2 +-
 components/engine/runconfig/config.go         |  4 +-
 components/engine/runconfig/config_test.go    |  2 +-
 components/engine/runconfig/hostconfig.go     |  6 +-
 components/engine/runconfig/merge.go          |  4 +-
 components/engine/runconfig/parse.go          | 12 +--
 components/engine/runconfig/parse_test.go     |  2 +-
 components/engine/server/buildfile.go         | 16 ++--
 components/engine/server/server.go            | 28 +++----
 components/engine/server/server_unit_test.go  |  2 +-
 components/engine/sysinit/sysinit.go          |  6 +-
 .../utils/broadcastwriter/broadcastwriter.go  |  2 +-
 components/engine/utils/jsonmessage.go        |  4 +-
 components/engine/utils/tarsum.go             |  2 +-
 components/engine/utils/tarsum_test.go        |  2 +-
 components/engine/utils/utils.go              |  2 +-
 components/engine/utils/utils_test.go         | 12 +--
 .../docker/libcontainer/.travis.yml           | 11 +--
 .../github.com/docker/libcontainer/Dockerfile | 19 ++++-
 .../github.com/docker/libcontainer/Makefile   | 10 +++
 .../cgroups/systemd/apply_systemd.go          |  2 +-
 .../docker/libcontainer/cgroups/utils.go      |  4 +-
 .../docker/libcontainer/devices/defaults.go   |  4 +-
 .../docker/libcontainer/mount/init.go         | 36 +++++++-
 .../docker/libcontainer/namespaces/execin.go  | 82 +++++++++++++++++--
 .../docker/libcontainer/namespaces/init.go    |  2 +-
 .../docker/libcontainer/namespaces/nsenter.go | 35 ++++++++
 .../libcontainer/netlink/netlink_linux.go     | 73 +++++++++++++----
 .../netlink/netlink_linux_test.go             | 55 +++++++++++++
 .../netlink/netlink_unsupported.go            |  4 +
 .../docker/libcontainer/network/stats.go      | 41 +++++-----
 .../docker/libcontainer/nsinit/exec.go        | 57 ++++++++++++-
 .../docker/libcontainer/nsinit/nsenter.go     |  1 +
 .../docker/libcontainer/selinux/selinux.go    |  2 +-
 .../github.com/docker/libcontainer/types.go   |  4 +-
 200 files changed, 828 insertions(+), 515 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/Makefile
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 10f01fb589..a83074b1d4 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -193,7 +193,7 @@ Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com>
 Jesse Dubay <jesse@thefortytwo.net>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
@@ -418,7 +418,7 @@ Tzu-Jung Lee <roylee17@gmail.com>
 Ulysse Carion <ulyssecarion@gmail.com>
 unclejack <unclejacksons@gmail.com>
 vgeta <gopikannan.venugopalsamy@gmail.com>
-Victor Coisne <victor.coisne@dotcloud.com>
+Victor Coisne <victor.coisne@docker.com>
 Victor Lyuboslavsky <victor@victoreda.com>
 Victor Marmol <vmarmol@google.com>
 Victor Vieux <victor.vieux@docker.com>
diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 2dc73c100d..8320d7cffa 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -6,7 +6,7 @@ feels wrong or incomplete.
 
 ## Reporting Issues
 
-When reporting [issues](https://github.com/dotcloud/docker/issues) on
+When reporting [issues](https://github.com/docker/docker/issues) on
 GitHub please include your host OS (Ubuntu 12.04, Fedora 19, etc).
 Please include:
 
@@ -53,7 +53,7 @@ else is working on the same thing.
 ### Create issues...
 
 Any significant improvement should be documented as [a GitHub
-issue](https://github.com/dotcloud/docker/issues) before anybody
+issue](https://github.com/docker/docker/issues) before anybody
 starts working on it.
 
 ### ...but check for existing issues first!
@@ -180,7 +180,7 @@ One way to automate this, is customize your git `commit.template` by adding
 a `prepare-commit-msg` hook to your Docker repository:
 
 ```
-curl -sSL -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
+curl -sSL -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/docker/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
 ```
 
 * Note: the above script expects to find your GitHub user name in `git config --get github.user`
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 48d3f45d73..5369962359 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -6,7 +6,7 @@
 # docker build -t docker .
 #
 # # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/dotcloud/docker --privileged -i -t docker bash
+# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
 # docker run --privileged docker hack/make.sh test
@@ -62,7 +62,7 @@ RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper
 # Install Go
 RUN	curl -sSL https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
-ENV	GOPATH	/go:/go/src/github.com/dotcloud/docker/vendor
+ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
 
 # Compile Go for cross compilation
@@ -94,11 +94,11 @@ RUN groupadd -r docker
 RUN useradd --create-home --gid docker unprivilegeduser
 
 VOLUME	/var/lib/docker
-WORKDIR	/go/src/github.com/dotcloud/docker
+WORKDIR	/go/src/github.com/docker/docker
 ENV	DOCKER_BUILDTAGS	apparmor selinux
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT	["hack/dind"]
 
 # Upload docker source
-COPY	.	/go/src/github.com/dotcloud/docker
+COPY	.	/go/src/github.com/docker/docker
diff --git a/components/engine/Makefile b/components/engine/Makefile
index 71a3f32ec6..40c623a47a 100644
--- a/components/engine/Makefile
+++ b/components/engine/Makefile
@@ -10,7 +10,7 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
 GITCOMMIT := $(shell git rev-parse --short HEAD 2>/dev/null)
 DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
-DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)")
+DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/docker/docker/$(BINDDIR)")
 
 DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e TESTDIRS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
 # to allow `make DOCSDIR=docs docs-shell`
diff --git a/components/engine/api/client/cli.go b/components/engine/api/client/cli.go
index bb5d191e16..0b7ffeaa23 100644
--- a/components/engine/api/client/cli.go
+++ b/components/engine/api/client/cli.go
@@ -10,9 +10,9 @@ import (
 	"strings"
 	"text/template"
 
-	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/registry"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/registry"
 )
 
 var funcMap = template.FuncMap{
diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 056bd27bc3..1853b513fe 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -22,19 +22,19 @@ import (
 	"text/template"
 	"time"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/opts"
-	"github.com/dotcloud/docker/pkg/signal"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/pkg/units"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/utils/filters"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/pkg/units"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/filters"
 )
 
 const (
diff --git a/components/engine/api/client/hijack.go b/components/engine/api/client/hijack.go
index 1cb7ebf1c4..1dc0748f8f 100644
--- a/components/engine/api/client/hijack.go
+++ b/components/engine/api/client/hijack.go
@@ -11,10 +11,10 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/utils"
 )
 
 func (cli *DockerCli) dial() (net.Conn, error) {
diff --git a/components/engine/api/client/utils.go b/components/engine/api/client/utils.go
index 13b5241d15..d677242fa7 100644
--- a/components/engine/api/client/utils.go
+++ b/components/engine/api/client/utils.go
@@ -17,12 +17,12 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/api/common.go b/components/engine/api/common.go
index 228c9fc1ff..5a03cf6ffe 100644
--- a/components/engine/api/common.go
+++ b/components/engine/api/common.go
@@ -5,9 +5,9 @@ import (
 	"mime"
 	"strings"
 
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/version"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/version"
+	"github.com/docker/docker/utils"
 )
 
 const (
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 56b767c405..440a468e69 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -22,14 +22,14 @@ import (
 
 	"code.google.com/p/go.net/websocket"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/listenbuffer"
-	"github.com/dotcloud/docker/pkg/systemd"
-	"github.com/dotcloud/docker/pkg/user"
-	"github.com/dotcloud/docker/pkg/version"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/listenbuffer"
+	"github.com/docker/docker/pkg/systemd"
+	"github.com/docker/docker/pkg/user"
+	"github.com/docker/docker/pkg/version"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
 	"github.com/gorilla/mux"
 )
 
diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index 6814ca8a47..41b2581ce9 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -11,9 +11,9 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/version"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/version"
 )
 
 func TestGetBoolParam(t *testing.T) {
diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 550ef3f040..44f2fe92d8 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -16,9 +16,9 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/dotcloud/docker/pkg/system"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 type (
diff --git a/components/engine/archive/archive_test.go b/components/engine/archive/archive_test.go
index 1a68234129..6afe298317 100644
--- a/components/engine/archive/archive_test.go
+++ b/components/engine/archive/archive_test.go
@@ -11,7 +11,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 func TestCmdStreamLargeStderr(t *testing.T) {
diff --git a/components/engine/archive/changes.go b/components/engine/archive/changes.go
index 154a527aec..859c8aa07e 100644
--- a/components/engine/archive/changes.go
+++ b/components/engine/archive/changes.go
@@ -11,9 +11,9 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/dotcloud/docker/pkg/system"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 type ChangeType int
diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go
index 34a887663d..a805f2c0a1 100644
--- a/components/engine/archive/diff.go
+++ b/components/engine/archive/diff.go
@@ -10,7 +10,7 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 // Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
diff --git a/components/engine/archive/wrap.go b/components/engine/archive/wrap.go
index 03ea5083ac..b8b60197a3 100644
--- a/components/engine/archive/wrap.go
+++ b/components/engine/archive/wrap.go
@@ -2,7 +2,7 @@ package archive
 
 import (
 	"bytes"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io/ioutil"
 )
 
diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index bac130c8df..a42dec619e 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -3,14 +3,14 @@ package builtins
 import (
 	"runtime"
 
-	"github.com/dotcloud/docker/api"
-	apiserver "github.com/dotcloud/docker/api/server"
-	"github.com/dotcloud/docker/daemon/networkdriver/bridge"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/server"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api"
+	apiserver "github.com/docker/docker/api/server"
+	"github.com/docker/docker/daemon/networkdriver/bridge"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/server"
+	"github.com/docker/docker/utils"
 )
 
 func Register(eng *engine.Engine) error {
diff --git a/components/engine/contrib/docker-device-tool/device_tool.go b/components/engine/contrib/docker-device-tool/device_tool.go
index a9327f9de1..23d19f0237 100644
--- a/components/engine/contrib/docker-device-tool/device_tool.go
+++ b/components/engine/contrib/docker-device-tool/device_tool.go
@@ -3,7 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
-	"github.com/dotcloud/docker/daemon/graphdriver/devmapper"
+	"github.com/docker/docker/daemon/graphdriver/devmapper"
 	"os"
 	"path"
 	"sort"
diff --git a/components/engine/contrib/host-integration/Dockerfile.dev b/components/engine/contrib/host-integration/Dockerfile.dev
index 800216532f..1c0fbd8323 100644
--- a/components/engine/contrib/host-integration/Dockerfile.dev
+++ b/components/engine/contrib/host-integration/Dockerfile.dev
@@ -19,7 +19,7 @@ ENV		GOROOT	  /goroot
 ENV		GOPATH	  /go
 ENV		PATH	  $GOROOT/bin:$PATH
 
-RUN		go get github.com/dotcloud/docker && cd /go/src/github.com/dotcloud/docker && git checkout v0.6.3
+RUN		go get github.com/docker/docker && cd /go/src/github.com/docker/docker && git checkout v0.6.3
 ADD		manager.go	/manager/
 RUN		cd /manager && go build -o /usr/bin/manager
 
diff --git a/components/engine/contrib/host-integration/manager.go b/components/engine/contrib/host-integration/manager.go
index 2798a5d06f..c0b488b2f1 100644
--- a/components/engine/contrib/host-integration/manager.go
+++ b/components/engine/contrib/host-integration/manager.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
-	"github.com/dotcloud/docker"
+	"github.com/docker/docker"
 	"os"
 	"strings"
 	"text/template"
diff --git a/components/engine/contrib/host-integration/manager.sh b/components/engine/contrib/host-integration/manager.sh
index fecf4bf64b..8ea296f5a5 100755
--- a/components/engine/contrib/host-integration/manager.sh
+++ b/components/engine/contrib/host-integration/manager.sh
@@ -37,7 +37,7 @@ if [ ! -e "manager/$script" ]; then
 	exit 1
 fi
 
-# TODO https://github.com/dotcloud/docker/issues/734 (docker inspect formatting)
+# TODO https://github.com/docker/docker/issues/734 (docker inspect formatting)
 #if command -v docker > /dev/null 2>&1; then
 #	image="$(docker inspect -f '{{.Image}}' "$cid")"
 #	if [ "$image" ]; then
diff --git a/components/engine/contrib/init/sysvinit-redhat/docker b/components/engine/contrib/init/sysvinit-redhat/docker
index aa94c04811..0c985094e6 100755
--- a/components/engine/contrib/init/sysvinit-redhat/docker
+++ b/components/engine/contrib/init/sysvinit-redhat/docker
@@ -50,7 +50,7 @@ start() {
         pid=$!
         touch $lockfile
         # wait up to 10 seconds for the pidfile to exist.  see
-        # https://github.com/dotcloud/docker/issues/5359
+        # https://github.com/docker/docker/issues/5359
         tries=0
         while [ ! -f $pidfile -a $tries -lt 10 ]; do
             sleep 1
diff --git a/components/engine/contrib/mkimage-debootstrap.sh b/components/engine/contrib/mkimage-debootstrap.sh
index 0a3df140db..d9d6aae636 100755
--- a/components/engine/contrib/mkimage-debootstrap.sh
+++ b/components/engine/contrib/mkimage-debootstrap.sh
@@ -144,7 +144,7 @@ if [ -z "$strictDebootstrap" ]; then
 	#  initctl (for some pesky upstart scripts)
 	sudo chroot . dpkg-divert --local --rename --add /sbin/initctl
 	sudo ln -sf /bin/true sbin/initctl
-	# see https://github.com/dotcloud/docker/issues/446#issuecomment-16953173
+	# see https://github.com/docker/docker/issues/446#issuecomment-16953173
 	
 	# shrink the image, since apt makes us fat (wheezy: ~157.5MB vs ~120MB)
 	sudo chroot . apt-get clean
diff --git a/components/engine/contrib/mkimage/debootstrap b/components/engine/contrib/mkimage/debootstrap
index 78afe50bb2..3702797ee1 100755
--- a/components/engine/contrib/mkimage/debootstrap
+++ b/components/engine/contrib/mkimage/debootstrap
@@ -83,7 +83,7 @@ if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
 		Dir::Cache::srcpkgcache "";
 
 		# Note that we do realize this isn't the ideal way to do this, and are always
-		# open to better suggestions (https://github.com/dotcloud/docker/issues).
+		# open to better suggestions (https://github.com/docker/docker/issues).
 	EOF
 
 	# remove apt-cache translations for fast "apt-get update"
diff --git a/components/engine/contrib/prepare-commit-msg.hook b/components/engine/contrib/prepare-commit-msg.hook
index b0fe0bf675..c9389fb6d2 100644
--- a/components/engine/contrib/prepare-commit-msg.hook
+++ b/components/engine/contrib/prepare-commit-msg.hook
@@ -1,6 +1,6 @@
 #!/bin/sh
 #       Auto sign all commits to allow them to be used by the Docker project.
-#       see https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work
+#       see https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work
 #
 GH_USER=$(git config --get github.user)
 SOB=$(git var GIT_AUTHOR_IDENT | sed -n "s/^\(.*>\).*$/Docker-DCO-1.1-Signed-off-by: \1 \(github: $GH_USER\)/p")
diff --git a/components/engine/daemon/attach.go b/components/engine/daemon/attach.go
index 0e3b8b8a9d..665d4a20af 100644
--- a/components/engine/daemon/attach.go
+++ b/components/engine/daemon/attach.go
@@ -3,7 +3,7 @@ package daemon
 import (
 	"io"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error {
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index fd3d79659f..e80c661eef 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -17,19 +17,19 @@ import (
 
 	"github.com/docker/libcontainer/devices"
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/links"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/pkg/networkfs/etchosts"
-	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
-	"github.com/dotcloud/docker/pkg/symlink"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/utils/broadcastwriter"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/links"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/networkfs/etchosts"
+	"github.com/docker/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/broadcastwriter"
 )
 
 const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
diff --git a/components/engine/daemon/container_unit_test.go b/components/engine/daemon/container_unit_test.go
index 0a8e69ab00..7520017c10 100644
--- a/components/engine/daemon/container_unit_test.go
+++ b/components/engine/daemon/container_unit_test.go
@@ -1,7 +1,7 @@
 package daemon
 
 import (
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/nat"
 	"testing"
 )
 
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 8d7d7764bc..646af18e04 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -13,27 +13,27 @@ import (
 	"time"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/daemon/execdriver/execdrivers"
-	"github.com/dotcloud/docker/daemon/execdriver/lxc"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	_ "github.com/dotcloud/docker/daemon/graphdriver/vfs"
-	_ "github.com/dotcloud/docker/daemon/networkdriver/bridge"
-	"github.com/dotcloud/docker/daemon/networkdriver/portallocator"
-	"github.com/dotcloud/docker/daemonconfig"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/pkg/graphdb"
-	"github.com/dotcloud/docker/pkg/namesgenerator"
-	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
-	"github.com/dotcloud/docker/pkg/sysinfo"
-	"github.com/dotcloud/docker/pkg/truncindex"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/utils/broadcastwriter"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver/execdrivers"
+	"github.com/docker/docker/daemon/execdriver/lxc"
+	"github.com/docker/docker/daemon/graphdriver"
+	_ "github.com/docker/docker/daemon/graphdriver/vfs"
+	_ "github.com/docker/docker/daemon/networkdriver/bridge"
+	"github.com/docker/docker/daemon/networkdriver/portallocator"
+	"github.com/docker/docker/daemonconfig"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/namesgenerator"
+	"github.com/docker/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/truncindex"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/broadcastwriter"
 )
 
 // Set the max depth to the aufs default that most
diff --git a/components/engine/daemon/daemon_aufs.go b/components/engine/daemon/daemon_aufs.go
index ee3e1d1a58..12108888bb 100644
--- a/components/engine/daemon/daemon_aufs.go
+++ b/components/engine/daemon/daemon_aufs.go
@@ -3,10 +3,10 @@
 package daemon
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/daemon/graphdriver/aufs"
-	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver/aufs"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/utils"
 )
 
 // Given the graphdriver ad, if it is aufs, then migrate it.
diff --git a/components/engine/daemon/daemon_btrfs.go b/components/engine/daemon/daemon_btrfs.go
index f343d699c4..cd505c356b 100644
--- a/components/engine/daemon/daemon_btrfs.go
+++ b/components/engine/daemon/daemon_btrfs.go
@@ -3,5 +3,5 @@
 package daemon
 
 import (
-	_ "github.com/dotcloud/docker/daemon/graphdriver/btrfs"
+	_ "github.com/docker/docker/daemon/graphdriver/btrfs"
 )
diff --git a/components/engine/daemon/daemon_devicemapper.go b/components/engine/daemon/daemon_devicemapper.go
index ddf8107414..477754559a 100644
--- a/components/engine/daemon/daemon_devicemapper.go
+++ b/components/engine/daemon/daemon_devicemapper.go
@@ -3,5 +3,5 @@
 package daemon
 
 import (
-	_ "github.com/dotcloud/docker/daemon/graphdriver/devmapper"
+	_ "github.com/docker/docker/daemon/graphdriver/devmapper"
 )
diff --git a/components/engine/daemon/daemon_no_aufs.go b/components/engine/daemon/daemon_no_aufs.go
index 2d9fed29b9..06cdc776d7 100644
--- a/components/engine/daemon/daemon_no_aufs.go
+++ b/components/engine/daemon/daemon_no_aufs.go
@@ -3,7 +3,7 @@
 package daemon
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver"
 )
 
 func migrateIfAufs(driver graphdriver.Driver, root string) error {
diff --git a/components/engine/daemon/execdriver/execdrivers/execdrivers.go b/components/engine/daemon/execdriver/execdrivers/execdrivers.go
index f43514408b..2a050b4834 100644
--- a/components/engine/daemon/execdriver/execdrivers/execdrivers.go
+++ b/components/engine/daemon/execdriver/execdrivers/execdrivers.go
@@ -2,10 +2,10 @@ package execdrivers
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/daemon/execdriver/lxc"
-	"github.com/dotcloud/docker/daemon/execdriver/native"
-	"github.com/dotcloud/docker/pkg/sysinfo"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver/lxc"
+	"github.com/docker/docker/daemon/execdriver/native"
+	"github.com/docker/docker/pkg/sysinfo"
 	"path"
 )
 
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index fe3a3ce228..ffe7833a05 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -19,9 +19,9 @@ import (
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/utils"
 	"github.com/kr/pty"
 )
 
diff --git a/components/engine/daemon/execdriver/lxc/init.go b/components/engine/daemon/execdriver/lxc/init.go
index 1af7730cae..45ad1d1bc0 100644
--- a/components/engine/daemon/execdriver/lxc/init.go
+++ b/components/engine/daemon/execdriver/lxc/init.go
@@ -10,7 +10,7 @@ import (
 	"syscall"
 
 	"github.com/docker/libcontainer/netlink"
-	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver"
 )
 
 // Clear environment pollution introduced by lxc-start
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 40956e442b..1d0b395217 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -10,9 +10,9 @@ import (
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/docker/libcontainer/utils"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/daemon/execdriver/native/template"
-	"github.com/dotcloud/docker/pkg/system"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver/native/template"
+	"github.com/docker/docker/pkg/system"
 )
 
 func setHostname(hostname string) error {
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go b/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
index 079446e186..8311ba6e24 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
@@ -2,7 +2,7 @@
 
 package lxc
 
-import "github.com/dotcloud/docker/daemon/execdriver"
+import "github.com/docker/docker/daemon/execdriver"
 
 func setHostname(hostname string) error {
 	panic("Not supported on darwin")
diff --git a/components/engine/daemon/execdriver/lxc/lxc_template.go b/components/engine/daemon/execdriver/lxc/lxc_template.go
index 88618f07fd..c831564b87 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template.go
@@ -5,7 +5,7 @@ import (
 	"text/template"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver"
 )
 
 const LxcTemplate = `
diff --git a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
index 19501adb65..a7c2bf682e 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
@@ -14,7 +14,7 @@ import (
 	"time"
 
 	"github.com/docker/libcontainer/devices"
-	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver"
 )
 
 func TestLXCConfig(t *testing.T) {
diff --git a/components/engine/daemon/execdriver/native/configuration/parse.go b/components/engine/daemon/execdriver/native/configuration/parse.go
index 8fb1b452b9..7aba4820ab 100644
--- a/components/engine/daemon/execdriver/native/configuration/parse.go
+++ b/components/engine/daemon/execdriver/native/configuration/parse.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 
 	"github.com/docker/libcontainer"
-	"github.com/dotcloud/docker/pkg/units"
+	"github.com/docker/docker/pkg/units"
 )
 
 type Action func(*libcontainer.Config, interface{}, string) error
diff --git a/components/engine/daemon/execdriver/native/configuration/parse_test.go b/components/engine/daemon/execdriver/native/configuration/parse_test.go
index 0401d7b37e..8b1d275aed 100644
--- a/components/engine/daemon/execdriver/native/configuration/parse_test.go
+++ b/components/engine/daemon/execdriver/native/configuration/parse_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/docker/libcontainer/security/capabilities"
-	"github.com/dotcloud/docker/daemon/execdriver/native/template"
+	"github.com/docker/docker/daemon/execdriver/native/template"
 )
 
 // Checks whether the expected capability is specified in the capabilities.
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index 280ad70a6e..e602e49a06 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -13,9 +13,9 @@ import (
 	"github.com/docker/libcontainer/devices"
 	"github.com/docker/libcontainer/mount"
 	"github.com/docker/libcontainer/security/capabilities"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
-	"github.com/dotcloud/docker/daemon/execdriver/native/template"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver/native/configuration"
+	"github.com/docker/docker/daemon/execdriver/native/template"
 )
 
 // createContainer populates and configures the container type with the
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 37c21d6f94..5ffc6a4488 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -20,9 +20,9 @@ import (
 	"github.com/docker/libcontainer/cgroups/systemd"
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/syncpipe"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/pkg/system"
-	"github.com/dotcloud/docker/pkg/term"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/term"
 )
 
 const (
diff --git a/components/engine/daemon/execdriver/native/driver_unsupported.go b/components/engine/daemon/execdriver/native/driver_unsupported.go
index 797b7d436f..97839cf3b2 100644
--- a/components/engine/daemon/execdriver/native/driver_unsupported.go
+++ b/components/engine/daemon/execdriver/native/driver_unsupported.go
@@ -5,7 +5,7 @@ package native
 import (
 	"fmt"
 
-	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver"
 )
 
 func NewDriver(root, initPath string) (execdriver.Driver, error) {
diff --git a/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go b/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
index 9979099386..2b8e9f81a1 100644
--- a/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
+++ b/components/engine/daemon/execdriver/native/driver_unsupported_nocgo.go
@@ -5,7 +5,7 @@ package native
 import (
 	"fmt"
 
-	"github.com/dotcloud/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver"
 )
 
 func NewDriver(root, initPath string) (execdriver.Driver, error) {
diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index 2fb431f17b..c1317fb833 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/docker/libcontainer/security/capabilities"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
diff --git a/components/engine/daemon/graphdriver/aufs/aufs.go b/components/engine/daemon/graphdriver/aufs/aufs.go
index 0206b92e17..d1fa91d6d4 100644
--- a/components/engine/daemon/graphdriver/aufs/aufs.go
+++ b/components/engine/daemon/graphdriver/aufs/aufs.go
@@ -31,10 +31,10 @@ import (
 	"syscall"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	mountpk "github.com/dotcloud/docker/pkg/mount"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
+	mountpk "github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/daemon/graphdriver/aufs/aufs_test.go b/components/engine/daemon/graphdriver/aufs/aufs_test.go
index b3bad410a5..081fb88984 100644
--- a/components/engine/daemon/graphdriver/aufs/aufs_test.go
+++ b/components/engine/daemon/graphdriver/aufs/aufs_test.go
@@ -4,8 +4,8 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
 	"io/ioutil"
 	"os"
 	"path"
diff --git a/components/engine/daemon/graphdriver/aufs/mount.go b/components/engine/daemon/graphdriver/aufs/mount.go
index 1f1d98f809..5f8a026c57 100644
--- a/components/engine/daemon/graphdriver/aufs/mount.go
+++ b/components/engine/daemon/graphdriver/aufs/mount.go
@@ -1,7 +1,7 @@
 package aufs
 
 import (
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 	"os/exec"
 	"syscall"
 )
diff --git a/components/engine/daemon/graphdriver/btrfs/btrfs.go b/components/engine/daemon/graphdriver/btrfs/btrfs.go
index f561244c51..afca72029f 100644
--- a/components/engine/daemon/graphdriver/btrfs/btrfs.go
+++ b/components/engine/daemon/graphdriver/btrfs/btrfs.go
@@ -16,8 +16,8 @@ import (
 	"syscall"
 	"unsafe"
 
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/pkg/mount"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/mount"
 )
 
 func init() {
diff --git a/components/engine/daemon/graphdriver/btrfs/btrfs_test.go b/components/engine/daemon/graphdriver/btrfs/btrfs_test.go
index 3069a98557..cde23ce4a0 100644
--- a/components/engine/daemon/graphdriver/btrfs/btrfs_test.go
+++ b/components/engine/daemon/graphdriver/btrfs/btrfs_test.go
@@ -1,7 +1,7 @@
 package btrfs
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
 	"testing"
 )
 
diff --git a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
index 28a648a5e1..8dc57f8b4b 100644
--- a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
+++ b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
@@ -7,7 +7,7 @@ import (
 	"os"
 	"syscall"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 func stringToLoopName(src string) [LoNameSize]uint8 {
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 3c36a22cb8..518bef2180 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -19,9 +19,9 @@ import (
 	"time"
 
 	"github.com/docker/libcontainer/label"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/pkg/units"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/units"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index ee4f2a8159..ab327f61b9 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -9,7 +9,7 @@ import (
 	"runtime"
 	"syscall"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 type DevmapperLogger interface {
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
index 7c97d6bb04..4ed44cf729 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
@@ -3,7 +3,7 @@
 package devmapper
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
 	"testing"
 )
 
diff --git a/components/engine/daemon/graphdriver/devmapper/driver.go b/components/engine/daemon/graphdriver/devmapper/driver.go
index 29335377f6..bbe3c92695 100644
--- a/components/engine/daemon/graphdriver/devmapper/driver.go
+++ b/components/engine/daemon/graphdriver/devmapper/driver.go
@@ -8,9 +8,9 @@ import (
 	"os"
 	"path"
 
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/pkg/mount"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/mount"
+	"github.com/docker/docker/utils"
 )
 
 func init() {
diff --git a/components/engine/daemon/graphdriver/driver.go b/components/engine/daemon/graphdriver/driver.go
index 4536489706..90ed1d8162 100644
--- a/components/engine/daemon/graphdriver/driver.go
+++ b/components/engine/daemon/graphdriver/driver.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path"
 
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/pkg/mount"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/pkg/mount"
 )
 
 type FsMagic uint64
diff --git a/components/engine/daemon/graphdriver/graphtest/graphtest.go b/components/engine/daemon/graphdriver/graphtest/graphtest.go
index a667f2afa6..6407e1205d 100644
--- a/components/engine/daemon/graphdriver/graphtest/graphtest.go
+++ b/components/engine/daemon/graphdriver/graphtest/graphtest.go
@@ -7,7 +7,7 @@ import (
 	"syscall"
 	"testing"
 
-	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver"
 )
 
 var (
diff --git a/components/engine/daemon/graphdriver/vfs/driver.go b/components/engine/daemon/graphdriver/vfs/driver.go
index 7eaa22461f..2ea6325a1e 100644
--- a/components/engine/daemon/graphdriver/vfs/driver.go
+++ b/components/engine/daemon/graphdriver/vfs/driver.go
@@ -3,7 +3,7 @@ package vfs
 import (
 	"bytes"
 	"fmt"
-	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver"
 	"os"
 	"os/exec"
 	"path"
diff --git a/components/engine/daemon/graphdriver/vfs/vfs_test.go b/components/engine/daemon/graphdriver/vfs/vfs_test.go
index e79f93c91d..eaf70f59d3 100644
--- a/components/engine/daemon/graphdriver/vfs/vfs_test.go
+++ b/components/engine/daemon/graphdriver/vfs/vfs_test.go
@@ -1,7 +1,7 @@
 package vfs
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver/graphtest"
+	"github.com/docker/docker/daemon/graphdriver/graphtest"
 	"testing"
 )
 
diff --git a/components/engine/daemon/inspect.go b/components/engine/daemon/inspect.go
index b93aec5059..373b43b8b6 100644
--- a/components/engine/daemon/inspect.go
+++ b/components/engine/daemon/inspect.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/runconfig"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/runconfig"
 )
 
 func (daemon *Daemon) ContainerInspect(job *engine.Job) engine.Status {
diff --git a/components/engine/daemon/network_settings.go b/components/engine/daemon/network_settings.go
index a5c750acfe..bf28ca1b50 100644
--- a/components/engine/daemon/network_settings.go
+++ b/components/engine/daemon/network_settings.go
@@ -1,8 +1,8 @@
 package daemon
 
 import (
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/nat"
 )
 
 // FIXME: move deprecated port stuff to nat to clean up the core.
diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index beb01243f9..caedb7202a 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -9,14 +9,14 @@ import (
 	"sync"
 
 	"github.com/docker/libcontainer/netlink"
-	"github.com/dotcloud/docker/daemon/networkdriver"
-	"github.com/dotcloud/docker/daemon/networkdriver/ipallocator"
-	"github.com/dotcloud/docker/daemon/networkdriver/portallocator"
-	"github.com/dotcloud/docker/daemon/networkdriver/portmapper"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/iptables"
-	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon/networkdriver"
+	"github.com/docker/docker/daemon/networkdriver/ipallocator"
+	"github.com/docker/docker/daemon/networkdriver/portallocator"
+	"github.com/docker/docker/daemon/networkdriver/portmapper"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/utils"
 )
 
 const (
@@ -158,7 +158,7 @@ func InitDriver(job *engine.Job) engine.Status {
 
 	bridgeNetwork = network
 
-	// https://github.com/dotcloud/docker/issues/2768
+	// https://github.com/docker/docker/issues/2768
 	job.Eng.Hack_SetGlobalVar("httpapi.bridgeIP", bridgeNetwork.IP)
 
 	for name, f := range map[string]engine.Handler{
diff --git a/components/engine/daemon/networkdriver/bridge/driver_test.go b/components/engine/daemon/networkdriver/bridge/driver_test.go
index f8ddd4c64e..bf44181266 100644
--- a/components/engine/daemon/networkdriver/bridge/driver_test.go
+++ b/components/engine/daemon/networkdriver/bridge/driver_test.go
@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"testing"
 
-	"github.com/dotcloud/docker/engine"
+	"github.com/docker/docker/engine"
 )
 
 func findFreePort(t *testing.T) int {
diff --git a/components/engine/daemon/networkdriver/ipallocator/allocator.go b/components/engine/daemon/networkdriver/ipallocator/allocator.go
index f154b0bd49..1bf8e1da9b 100644
--- a/components/engine/daemon/networkdriver/ipallocator/allocator.go
+++ b/components/engine/daemon/networkdriver/ipallocator/allocator.go
@@ -3,7 +3,7 @@ package ipallocator
 import (
 	"encoding/binary"
 	"errors"
-	"github.com/dotcloud/docker/daemon/networkdriver"
+	"github.com/docker/docker/daemon/networkdriver"
 	"net"
 	"sync"
 )
diff --git a/components/engine/daemon/networkdriver/portmapper/mapper.go b/components/engine/daemon/networkdriver/portmapper/mapper.go
index 1bd332271f..693cebbcea 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper.go
@@ -6,9 +6,9 @@ import (
 	"net"
 	"sync"
 
-	"github.com/dotcloud/docker/daemon/networkdriver/portallocator"
-	"github.com/dotcloud/docker/pkg/iptables"
-	"github.com/dotcloud/docker/pkg/proxy"
+	"github.com/docker/docker/daemon/networkdriver/portallocator"
+	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/docker/pkg/proxy"
 )
 
 type mapping struct {
diff --git a/components/engine/daemon/networkdriver/portmapper/mapper_test.go b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
index 6affdc5445..5e64e1571b 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper_test.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
@@ -1,9 +1,9 @@
 package portmapper
 
 import (
-	"github.com/dotcloud/docker/daemon/networkdriver/portallocator"
-	"github.com/dotcloud/docker/pkg/iptables"
-	"github.com/dotcloud/docker/pkg/proxy"
+	"github.com/docker/docker/daemon/networkdriver/portallocator"
+	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/docker/pkg/proxy"
 	"net"
 	"testing"
 )
diff --git a/components/engine/daemon/server.go b/components/engine/daemon/server.go
index dbe6a8ebe8..1e06eda896 100644
--- a/components/engine/daemon/server.go
+++ b/components/engine/daemon/server.go
@@ -1,7 +1,7 @@
 package daemon
 
 import (
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 type Server interface {
diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index 3f904d7829..e500d735e3 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -5,7 +5,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/dotcloud/docker/pkg/units"
+	"github.com/docker/docker/pkg/units"
 )
 
 type State struct {
diff --git a/components/engine/daemon/utils.go b/components/engine/daemon/utils.go
index d60d985152..053319c5ea 100644
--- a/components/engine/daemon/utils.go
+++ b/components/engine/daemon/utils.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/runconfig"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/runconfig"
 )
 
 func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostConfig) error {
diff --git a/components/engine/daemon/utils_test.go b/components/engine/daemon/utils_test.go
index 22b52d1699..1f3175b994 100644
--- a/components/engine/daemon/utils_test.go
+++ b/components/engine/daemon/utils_test.go
@@ -3,8 +3,8 @@ package daemon
 import (
 	"testing"
 
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
 )
 
 func TestMergeLxcConfig(t *testing.T) {
diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index 98a1913288..2eee7789b9 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -8,9 +8,9 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/pkg/symlink"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/symlink"
 )
 
 type BindMap struct {
diff --git a/components/engine/daemonconfig/config.go b/components/engine/daemonconfig/config.go
index 1d2bb60dd6..c46f1853ba 100644
--- a/components/engine/daemonconfig/config.go
+++ b/components/engine/daemonconfig/config.go
@@ -1,8 +1,8 @@
 package daemonconfig
 
 import (
-	"github.com/dotcloud/docker/daemon/networkdriver"
-	"github.com/dotcloud/docker/engine"
+	"github.com/docker/docker/daemon/networkdriver"
+	"github.com/docker/docker/engine"
 	"net"
 )
 
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index f9f8e6da10..1ace730d48 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -12,15 +12,15 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/api/client"
-	"github.com/dotcloud/docker/builtins"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/opts"
-	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/sysinit"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/builtins"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/sysinit"
+	"github.com/docker/docker/utils"
 )
 
 const (
@@ -154,7 +154,7 @@ func main() {
 			log.Fatal(err)
 		}
 
-		// handle the pidfile early. https://github.com/dotcloud/docker/issues/6973
+		// handle the pidfile early. https://github.com/docker/docker/issues/6973
 		if len(*pidfile) > 0 {
 			job := eng.Job("initserverpidfile", *pidfile)
 			if err := job.Run(); err != nil {
@@ -291,7 +291,7 @@ func checkKernelAndArch() error {
 	// Unfortunately we can't test for the feature "does not cause a kernel panic"
 	// without actually causing a kernel panic, so we need this workaround until
 	// the circumstances of pre-3.8 crashes are clearer.
-	// For details see http://github.com/dotcloud/docker/issues/407
+	// For details see http://github.com/docker/docker/issues/407
 	if k, err := utils.GetKernelVersion(); err != nil {
 		log.Printf("WARNING: %s\n", err)
 	} else {
diff --git a/components/engine/dockerinit/dockerinit.go b/components/engine/dockerinit/dockerinit.go
index 1d0689387a..3507d3e5fe 100644
--- a/components/engine/dockerinit/dockerinit.go
+++ b/components/engine/dockerinit/dockerinit.go
@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/dotcloud/docker/sysinit"
+	"github.com/docker/docker/sysinit"
 )
 
 func main() {
diff --git a/components/engine/docs/Dockerfile b/components/engine/docs/Dockerfile
index 345de92bd0..03953989a3 100644
--- a/components/engine/docs/Dockerfile
+++ b/components/engine/docs/Dockerfile
@@ -1,5 +1,5 @@
 #
-# See the top level Makefile in https://github.com/dotcloud/docker for usage.
+# See the top level Makefile in https://github.com/docker/docker for usage.
 #
 FROM 		debian:jessie
 MAINTAINER	Sven Dowideit <SvenDowideit@docker.com> (@SvenDowideit)
@@ -43,7 +43,7 @@ RUN	VERSION=$(cat /docs/VERSION)								&&\
 	sed -i "s/\$BUILD_DATE/$BUILD_DATE/g" /docs/theme/mkdocs/base.html				&&\
 	sed -i "s/\$AWS_S3_BUCKET/$AWS_S3_BUCKET/g" /docs/theme/mkdocs/base.html
 
-# note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525
+# note, EXPOSE is only last because of https://github.com/docker/docker/issues/3525
 EXPOSE	8000
 
 CMD 	["mkdocs", "serve"]
diff --git a/components/engine/docs/README.md b/components/engine/docs/README.md
index 17299401e7..ba1feb50d4 100755
--- a/components/engine/docs/README.md
+++ b/components/engine/docs/README.md
@@ -5,7 +5,7 @@ Markdown, as implemented by [MkDocs](http://mkdocs.org).
 
 The HTML files are built and hosted on `https://docs.docker.com`, and update
 automatically after each change to the master or release branch of [Docker on
-GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The
+GitHub](https://github.com/docker/docker) thanks to post-commit hooks. The
 `docs` branch maps to the "latest" documentation and the `master` (unreleased
 development) branch maps to the "master" documentation.
 
diff --git a/components/engine/docs/mkdocs.yml b/components/engine/docs/mkdocs.yml
index b75e198906..389f05720d 100755
--- a/components/engine/docs/mkdocs.yml
+++ b/components/engine/docs/mkdocs.yml
@@ -6,7 +6,7 @@ site_favicon: img/favicon.png
 
 dev_addr: '0.0.0.0:8000'
 
-repo_url: https://github.com/dotcloud/docker/
+repo_url: https://github.com/docker/docker/
 
 docs_dir: sources
 
diff --git a/components/engine/docs/sources/articles/baseimages.md b/components/engine/docs/sources/articles/baseimages.md
index d2adf62a12..bc677eb8a3 100644
--- a/components/engine/docs/sources/articles/baseimages.md
+++ b/components/engine/docs/sources/articles/baseimages.md
@@ -33,13 +33,13 @@ It can be as simple as this to create an Ubuntu base image:
 There are more example scripts for creating base images in the Docker
 GitHub Repo:
 
- - [BusyBox](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-busybox.sh)
+ - [BusyBox](https://github.com/docker/docker/blob/master/contrib/mkimage-busybox.sh)
  - CentOS / Scientific Linux CERN (SLC) [on Debian/Ubuntu](
-   https://github.com/dotcloud/docker/blob/master/contrib/mkimage-rinse.sh) or
+   https://github.com/docker/docker/blob/master/contrib/mkimage-rinse.sh) or
    [on CentOS/RHEL/SLC/etc.](
-   https://github.com/dotcloud/docker/blob/master/contrib/mkimage-yum.sh)
+   https://github.com/docker/docker/blob/master/contrib/mkimage-yum.sh)
  - [Debian / Ubuntu](
-   https://github.com/dotcloud/docker/blob/master/contrib/mkimage-debootstrap.sh)
+   https://github.com/docker/docker/blob/master/contrib/mkimage-debootstrap.sh)
 
 ## Creating a simple base image using `scratch`
 
diff --git a/components/engine/docs/sources/articles/networking.md b/components/engine/docs/sources/articles/networking.md
index bf46b90ea2..ff1a8ae75d 100644
--- a/components/engine/docs/sources/articles/networking.md
+++ b/components/engine/docs/sources/articles/networking.md
@@ -539,7 +539,7 @@ values.
     It also allows the container to access local network services
     like D-bus.  This can lead to processes in the container being
     able to do unexpected things like
-    [restart your computer](https://github.com/dotcloud/docker/issues/6401).
+    [restart your computer](https://github.com/docker/docker/issues/6401).
     You should use this option with caution.
 
  *  `--net=container:NAME_or_ID` — Tells Docker to put this container's
diff --git a/components/engine/docs/sources/articles/security.md b/components/engine/docs/sources/articles/security.md
index dcc61f386c..12f7b350ec 100644
--- a/components/engine/docs/sources/articles/security.md
+++ b/components/engine/docs/sources/articles/security.md
@@ -196,7 +196,7 @@ to the host.
 This won't affect regular web apps; but malicious users will find that
 the arsenal at their disposal has shrunk considerably! By default Docker
 drops all capabilities except [those
-needed](https://github.com/dotcloud/docker/blob/master/daemon/execdriver/native/template/default_template.go),
+needed](https://github.com/docker/docker/blob/master/daemon/execdriver/native/template/default_template.go),
 a whitelist instead of a blacklist approach. You can see a full list of
 available capabilities in [Linux
 manpages](http://man7.org/linux/man-pages/man7/capabilities.7.html).
@@ -204,7 +204,7 @@ manpages](http://man7.org/linux/man-pages/man7/capabilities.7.html).
 Of course, you can always enable extra capabilities if you really need
 them (for instance, if you want to use a FUSE-based filesystem), but by
 default, Docker containers use only a
-[whitelist](https://github.com/dotcloud/docker/blob/master/daemon/execdriver/native/template/default_template.go)
+[whitelist](https://github.com/docker/docker/blob/master/daemon/execdriver/native/template/default_template.go)
 of kernel capabilities by default.
 
 ## Other Kernel Security Features
diff --git a/components/engine/docs/sources/contributing/contributing.md b/components/engine/docs/sources/contributing/contributing.md
index dd764eb855..7d65a0479c 100644
--- a/components/engine/docs/sources/contributing/contributing.md
+++ b/components/engine/docs/sources/contributing/contributing.md
@@ -7,18 +7,18 @@ page_keywords: contributing, docker, documentation, help, guideline
 Want to hack on Docker? Awesome!
 
 The repository includes [all the instructions you need to get started](
-https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md).
+https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
 
 The [developer environment Dockerfile](
-https://github.com/dotcloud/docker/blob/master/Dockerfile)
+https://github.com/docker/docker/blob/master/Dockerfile)
 specifies the tools and versions used to test and build Docker.
 
 If you're making changes to the documentation, see the [README.md](
-https://github.com/dotcloud/docker/blob/master/docs/README.md).
+https://github.com/docker/docker/blob/master/docs/README.md).
 
 The [documentation environment Dockerfile](
-https://github.com/dotcloud/docker/blob/master/docs/Dockerfile)
+https://github.com/docker/docker/blob/master/docs/Dockerfile)
 specifies the tools and versions used to build the Documentation.
 
 Further interesting details can be found in the [Packaging hints](
-https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md).
+https://github.com/docker/docker/blob/master/hack/PACKAGERS.md).
diff --git a/components/engine/docs/sources/contributing/devenvironment.md b/components/engine/docs/sources/contributing/devenvironment.md
index 606f9302fc..25a80af4af 100644
--- a/components/engine/docs/sources/contributing/devenvironment.md
+++ b/components/engine/docs/sources/contributing/devenvironment.md
@@ -32,7 +32,7 @@ Again, you can do it in other ways but you need to do more work.
 
 ## Check out the Source
 
-    $ git clone https://git@github.com/dotcloud/docker
+    $ git clone https://git@github.com/docker/docker
     $ cd docker
 
 To checkout a different revision just use `git checkout`
@@ -110,7 +110,7 @@ something like this
     === RUN TestDependencyGraph
     --- PASS: TestDependencyGraph (0.00 seconds)
     PASS
-    ok      github.com/dotcloud/docker/utils        0.017s
+    ok      github.com/docker/docker/utils        0.017s
 
 If $TESTFLAGS is set in the environment, it is passed as extra arguments
 to `go test`. You can use this to select certain tests to run, e.g.,
diff --git a/components/engine/docs/sources/docker-hub/repos.md b/components/engine/docs/sources/docker-hub/repos.md
index c219a1989a..3fa901cfbb 100644
--- a/components/engine/docs/sources/docker-hub/repos.md
+++ b/components/engine/docs/sources/docker-hub/repos.md
@@ -65,7 +65,7 @@ optimized and up-to-date image to power your applications.
 > **Note:**
 > If you would like to contribute an official repository for your
 > organization, product or team you can see more information
-> [here](https://github.com/dotcloud/stackbrew).
+> [here](https://github.com/docker/stackbrew).
 
 ## Private Docker Repositories
 
diff --git a/components/engine/docs/sources/examples/running_riak_service.md b/components/engine/docs/sources/examples/running_riak_service.md
index d9f2c42850..d65422b524 100644
--- a/components/engine/docs/sources/examples/running_riak_service.md
+++ b/components/engine/docs/sources/examples/running_riak_service.md
@@ -74,7 +74,7 @@ Almost there. Next, we add a hack to get us by the lack of
 `initctl`:
 
     # Hack for initctl
-    # See: https://github.com/dotcloud/docker/issues/1024
+    # See: https://github.com/docker/docker/issues/1024
     RUN dpkg-divert --local --rename --add /sbin/initctl
     RUN ln -s /bin/true /sbin/initctl
 
diff --git a/components/engine/docs/sources/faq.md b/components/engine/docs/sources/faq.md
index 667058c86f..d903aabf86 100644
--- a/components/engine/docs/sources/faq.md
+++ b/components/engine/docs/sources/faq.md
@@ -14,8 +14,8 @@ paying.
 ### What open source license are you using?
 
 We are using the Apache License Version 2.0, see it here:
-[https://github.com/dotcloud/docker/blob/master/LICENSE](
-https://github.com/dotcloud/docker/blob/master/LICENSE)
+[https://github.com/docker/docker/blob/master/LICENSE](
+https://github.com/docker/docker/blob/master/LICENSE)
 
 ### Does Docker run on Mac OS X or Windows?
 
@@ -227,7 +227,7 @@ OpenSSL library vulnerable to the [Heartbleed](http://heartbleed.com/) bug.
 
 ### Can I help by adding some questions and answers?
 
-Definitely! You can fork [the repo](https://github.com/dotcloud/docker) and
+Definitely! You can fork [the repo](https://github.com/docker/docker) and
 edit the documentation sources.
 
 ### Where can I find more answers?
@@ -237,7 +237,7 @@ You can find more answers on:
 - [Docker user mailinglist](https://groups.google.com/d/forum/docker-user)
 - [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev)
 - [IRC, docker on freenode](irc://chat.freenode.net#docker)
-- [GitHub](https://github.com/dotcloud/docker)
+- [GitHub](https://github.com/docker/docker)
 - [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker)
 - [Join the conversation on Twitter](http://twitter.com/docker)
 
diff --git a/components/engine/docs/sources/index.md b/components/engine/docs/sources/index.md
index 75414b4364..5267557f38 100644
--- a/components/engine/docs/sources/index.md
+++ b/components/engine/docs/sources/index.md
@@ -94,7 +94,7 @@ To learn about Docker in more detail and to answer questions about usage and imp
 *`.dockerignore` support*
 
 You can now add a `.dockerignore` file next to your `Dockerfile` and Docker will ignore files and directories specified in that file when sending the build context to the daemon. 
-Example: https://github.com/dotcloud/docker/blob/master/.dockerignore
+Example: https://github.com/docker/docker/blob/master/.dockerignore
 
 *Pause containers during commit*
 
diff --git a/components/engine/docs/sources/installation/binaries.md b/components/engine/docs/sources/installation/binaries.md
index f6eb44fa64..8e35d98030 100644
--- a/components/engine/docs/sources/installation/binaries.md
+++ b/components/engine/docs/sources/installation/binaries.md
@@ -23,9 +23,9 @@ runtime:
  - a [properly mounted](
    https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
    cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount
-   point [is](https://github.com/dotcloud/docker/issues/2683)
-   [not](https://github.com/dotcloud/docker/issues/3485)
-   [sufficient](https://github.com/dotcloud/docker/issues/4568))
+   point [is](https://github.com/docker/docker/issues/2683)
+   [not](https://github.com/docker/docker/issues/3485)
+   [sufficient](https://github.com/docker/docker/issues/4568))
 
 ## Check kernel dependencies
 
diff --git a/components/engine/docs/sources/reference/api/docker-io_api.md b/components/engine/docs/sources/reference/api/docker-io_api.md
index d5be332d35..e34e43f3bf 100644
--- a/components/engine/docs/sources/reference/api/docker-io_api.md
+++ b/components/engine/docs/sources/reference/api/docker-io_api.md
@@ -421,7 +421,7 @@ Registering a new account.
         Accept: application/json
         Content-Type: application/json
 
-        {"email": "sam@dotcloud.com",
+        {"email": "sam@docker.com",
          "password": "toto42",
          "username": "foobar"}
 
@@ -468,7 +468,7 @@ Change a password or email address for given user. If you pass in an
         Content-Type: application/json
         Authorization: Basic akmklmasadalkm==
 
-        {"email": "sam@dotcloud.com",
+        {"email": "sam@docker.com",
          "password": "toto42"}
 
     Parameters:
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index a5bf3d577b..4248d3c38b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -374,7 +374,7 @@ Image's name added in the events
 ## v1.3
 
 docker v0.5.0
-[51f6c4a](https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909)
+[51f6c4a](https://github.com/docker/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909)
 
 ### Full Documentation
 
@@ -414,7 +414,7 @@ Start containers (/containers/<id>/start):
 ## v1.2
 
 docker v0.4.2
-[2e7649b](https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168)
+[2e7649b](https://github.com/docker/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168)
 
 ### Full Documentation
 
@@ -446,7 +446,7 @@ deleted/untagged.
 ## v1.1
 
 docker v0.4.0
-[a8ae398](https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f)
+[a8ae398](https://github.com/docker/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f)
 
 ### Full Documentation
 
@@ -473,7 +473,7 @@ Uses json stream instead of HTML hijack, it looks like this:
 ## v1.0
 
 docker v0.3.4
-[8d73740](https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4)
+[8d73740](https://github.com/docker/docker/commit/8d73740343778651c09160cde9661f5f387b36f4)
 
 ### Full Documentation
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
index b906298b85..c9f2cd855d 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
@@ -194,7 +194,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
index 4e449bccec..6bd077a665 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
@@ -194,7 +194,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
index 264cdefc20..ff0e972dd2 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
@@ -220,7 +220,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
index ae2daae407..3e777f6f7a 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
@@ -224,7 +224,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
index 19fb24fe48..c0143aec6b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
@@ -224,7 +224,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
index 1cbf43f4ce..f6d8c9b46b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
@@ -224,7 +224,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index ce876594c5..06c36e093b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -224,7 +224,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
index 37a8e1c012..1fdaa18f4d 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
@@ -206,7 +206,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
index b510f660fd..d58bbc0f18 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
@@ -208,7 +208,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
index 0e49402621..42bb2e862e 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
@@ -213,7 +213,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
index 33c1aeca1e..5ccdca0e25 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
@@ -211,7 +211,7 @@ Return low-level information on the container `id`
             "Bridge": "",
             "PortMapping": null
           },
-          "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+          "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
           "ResolvConfPath": "/etc/resolv.conf",
           "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
index 4500c1554c..b0ecd50962 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
@@ -261,7 +261,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
index 402efa4262..cb2131bb8a 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
@@ -217,7 +217,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {}
         }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
index 78fccaf281..305ce4709a 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
@@ -237,7 +237,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
index 741a9ac955..36a3e109b0 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
@@ -237,7 +237,7 @@ Return low-level information on the container `id`
                              "Bridge": "",
                              "PortMapping": null
                      },
-                     "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker",
+                     "SysInitPath": "/home/kitty/go/src/github.com/docker/docker/bin/docker",
                      "ResolvConfPath": "/etc/resolv.conf",
                      "Volumes": {},
                      "HostConfig": {
diff --git a/components/engine/docs/sources/reference/api/hub_registry_spec.md b/components/engine/docs/sources/reference/api/hub_registry_spec.md
index 1a2cf9423d..b2d29ab4af 100644
--- a/components/engine/docs/sources/reference/api/hub_registry_spec.md
+++ b/components/engine/docs/sources/reference/api/hub_registry_spec.md
@@ -35,7 +35,7 @@ managed by Docker Inc.
    service using tokens
  - It supports different storage backends (S3, cloud files, local FS)
  - It doesn't have a local database
- - [Source Code](https://github.com/dotcloud/docker-registry)
+ - [Source Code](https://github.com/docker/docker-registry)
 
 We expect that there will be multiple registries out there. To help to
 grasp the context, here are some examples of registries:
@@ -479,7 +479,7 @@ file is empty.
     POST /v1/users:
 
     **Body**:
-    {"email": "[sam@dotcloud.com](mailto:sam%40dotcloud.com)",
+    {"email": "[sam@docker.com](mailto:sam%40docker.com)",
     "password": "toto42", "username": "foobar"`}
 
     **Validation**:
diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 57ddb52984..680fe2642f 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -175,7 +175,7 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See
 
 ### Known Issues (RUN)
 
-- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file
+- [Issue 783](https://github.com/docker/docker/issues/783) is about file
   permissions problems that can occur when using the AUFS file system. You
   might notice it during an attempt to `rm` a file, for example. The issue
   describes a workaround.
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 8b03531fc8..9a5ace4716 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -117,7 +117,7 @@ you can also specify individual sockets too `docker -d -H fd://3`. If the
 specified socket activated files aren't found then docker will exit. You
 can find examples of using systemd socket activation with docker and
 systemd in the [docker source tree](
-https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/).
+https://github.com/docker/docker/blob/master/contrib/init/systemd/socket-activation/).
 
 Docker supports softlinks for the Docker data directory
 (`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set
@@ -396,9 +396,9 @@ For example:
     A /go
     A /go/src
     A /go/src/github.com
-    A /go/src/github.com/dotcloud
-    A /go/src/github.com/dotcloud/docker
-    A /go/src/github.com/dotcloud/docker/.git
+    A /go/src/github.com/docker
+    A /go/src/github.com/docker/docker
+    A /go/src/github.com/docker/docker/.git
     ....
 
 ## events
@@ -871,7 +871,7 @@ registry or to a self-hosted one.
 
 ### Known Issues (rm)
 
--   [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates
+-   [Issue 197](https://github.com/docker/docker/issues/197) indicates
     that `docker kill` may leave directories behind
     and make it difficult to remove the container.
 
@@ -1008,7 +1008,7 @@ and linking containers.
 
 ### Known Issues (run –volumes-from)
 
-- [Issue 2702](https://github.com/dotcloud/docker/issues/2702):
+- [Issue 2702](https://github.com/docker/docker/issues/2702):
   "lxc-start: Permission denied - failed to mount" could indicate a
   permissions problem with AppArmor. Please see the issue for a
   workaround.
diff --git a/components/engine/docs/sources/reference/run.md b/components/engine/docs/sources/reference/run.md
index 903d750d74..a933a32bea 100644
--- a/components/engine/docs/sources/reference/run.md
+++ b/components/engine/docs/sources/reference/run.md
@@ -86,7 +86,7 @@ and pass along signals. All of that is configurable:
     -i=false        : Keep STDIN open even if not attached
 
 If you do not specify `-a` then Docker will [attach all standard
-streams]( https://github.com/dotcloud/docker/blob/
+streams]( https://github.com/docker/docker/blob/
 75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can
 specify to which of the three standard streams (`STDIN`, `STDOUT`,
 `STDERR`) you'd like to connect instead, as in:
@@ -237,7 +237,7 @@ By default, Docker containers are "unprivileged" and cannot, for
 example, run a Docker daemon inside a Docker container. This is because
 by default a container is not allowed to access any devices, but a
 "privileged" container is given access to all devices (see [lxc-template.go](
-https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go)
+https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go)
 and documentation on [cgroups devices](
 https://www.kernel.org/doc/Documentation/cgroups/devices.txt)).
 
@@ -262,7 +262,7 @@ If the Docker daemon was started using the `lxc` exec-driver
 (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options
 using one or more `--lxc-conf` parameters. These can be new parameters or
 override existing parameters from the [lxc-template.go](
-https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go).
+https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go).
 Note that in the future, a given host's docker daemon may not use LXC, so this
 is an implementation-specific configuration meant for operators already
 familiar with using LXC directly.
diff --git a/components/engine/docs/sources/userguide/dockerimages.md b/components/engine/docs/sources/userguide/dockerimages.md
index 26f969abe8..4b3ac7c519 100644
--- a/components/engine/docs/sources/userguide/dockerimages.md
+++ b/components/engine/docs/sources/userguide/dockerimages.md
@@ -130,7 +130,7 @@ We can see we've returned a lot of images that use the term `sinatra`. We've
 returned a list of image names, descriptions, Stars (which measure the social
 popularity of images - if a user likes an image then they can "star" it), and
 the Official and Automated build statuses. Official repositories are built and
-maintained by the [Stackbrew](https://github.com/dotcloud/stackbrew) project,
+maintained by the [Stackbrew](https://github.com/docker/stackbrew) project,
 and Automated repositories are [Automated Builds](
 /userguide/dockerrepos/#automated-builds) that allow you to validate the source
 and content of an image.
diff --git a/components/engine/docs/sources/userguide/index.md b/components/engine/docs/sources/userguide/index.md
index eef59c000b..08d6be0731 100644
--- a/components/engine/docs/sources/userguide/index.md
+++ b/components/engine/docs/sources/userguide/index.md
@@ -87,7 +87,7 @@ Go to [Working with Docker Hub](/userguide/dockerrepos).
 * [Docker blog](http://blog.docker.com/)
 * [Docker documentation](http://docs.docker.com/)
 * [Docker Getting Started Guide](http://www.docker.com/gettingstarted/)
-* [Docker code on GitHub](https://github.com/dotcloud/docker)
+* [Docker code on GitHub](https://github.com/docker/docker)
 * [Docker mailing
   list](https://groups.google.com/forum/#!forum/docker-user)
 * Docker on IRC: irc.freenode.net and channel #docker
diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 2b2b9bcbcf..3fe284689b 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -61,7 +61,7 @@
               </a>
               <ul id="documentation-version-list" class="dropdown-menu pull-right">
 		<li role="presentation" class="divider"></li>
-		<li> <a class="home-link3 tertiary-nav" href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a></li>
+		<li> <a class="home-link3 tertiary-nav" href="https://github.com/docker/docker/blob/master/docs/sources/{{ current_page.input_path }}" >Edit on GitHub</a></li>
               </ul>
             </li>
           </ul>
diff --git a/components/engine/docs/theme/mkdocs/breadcrumbs.html b/components/engine/docs/theme/mkdocs/breadcrumbs.html
index 3dc2dbbafb..c99e10f3aa 100644
--- a/components/engine/docs/theme/mkdocs/breadcrumbs.html
+++ b/components/engine/docs/theme/mkdocs/breadcrumbs.html
@@ -8,5 +8,5 @@
       {% endif %}
     {% endif %}
   {% endfor %}
-  <li class="pull-right edit-on-github"><a href="https://github.com/dotcloud/docker/blob/master/docs/sources/{{ current_page.input_path }}"><span class="glyphicon glyphicon-edit"></span>Edit on GitHub</a></li>
+  <li class="pull-right edit-on-github"><a href="https://github.com/docker/docker/blob/master/docs/sources/{{ current_page.input_path }}"><span class="glyphicon glyphicon-edit"></span>Edit on GitHub</a></li>
 </ol>
\ No newline at end of file
diff --git a/components/engine/docs/theme/mkdocs/footer.html b/components/engine/docs/theme/mkdocs/footer.html
index 0b887b82d0..fbe0c88ef3 100644
--- a/components/engine/docs/theme/mkdocs/footer.html
+++ b/components/engine/docs/theme/mkdocs/footer.html
@@ -10,7 +10,7 @@
           <li><a class="primary-button" href="https://www.docker.com/community/governance/">Governance</a></li>
           <li><a class="primary-button" href="http://forums.docker.com">Forums</a></li>
           <li><a class="primary-button" href="http://botbot.me/freenode/docker">IRC</a></li>
-          <li><a class="primary-button" href="https://github.com/dotcloud/docker">GitHub</a></li>
+          <li><a class="primary-button" href="https://github.com/docker/docker">GitHub</a></li>
           <li><a class="primary-button" href="http://stackoverflow.com/search?q=docker">Stackoverflow</a></li>
           <li><a class="primary-button" href="http://www.cafepress.com/docker">Swag</a></li>
         </ul>
diff --git a/components/engine/engine/engine.go b/components/engine/engine/engine.go
index 5c3228d5d3..0008d605d0 100644
--- a/components/engine/engine/engine.go
+++ b/components/engine/engine/engine.go
@@ -8,7 +8,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 // Installer is a standard interface for objects which can "install" themselves
diff --git a/components/engine/engine/env_test.go b/components/engine/engine/env_test.go
index f76d879114..fe1db04e33 100644
--- a/components/engine/engine/env_test.go
+++ b/components/engine/engine/env_test.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"testing"
 
-	"github.com/dotcloud/docker/pkg/testutils"
+	"github.com/docker/docker/pkg/testutils"
 )
 
 func TestEnvLenZero(t *testing.T) {
diff --git a/components/engine/graph/graph.go b/components/engine/graph/graph.go
index 0badd8dcde..e8b52331e2 100644
--- a/components/engine/graph/graph.go
+++ b/components/engine/graph/graph.go
@@ -12,13 +12,13 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/pkg/truncindex"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/truncindex"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
 )
 
 // A Graph is a store for versioned filesystem images and the relationship between them.
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 3201d6b994..82fee68670 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -3,9 +3,9 @@ package graph
 import (
 	"io"
 
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/utils"
 )
 
 func (s *TagStore) Install(eng *engine.Engine) error {
diff --git a/components/engine/graph/tags.go b/components/engine/graph/tags.go
index 7af6d383d8..343cccf31f 100644
--- a/components/engine/graph/tags.go
+++ b/components/engine/graph/tags.go
@@ -10,8 +10,8 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/utils"
 )
 
 const DEFAULTTAG = "latest"
diff --git a/components/engine/graph/tags_unit_test.go b/components/engine/graph/tags_unit_test.go
index 42e097724d..fdcc21ecbe 100644
--- a/components/engine/graph/tags_unit_test.go
+++ b/components/engine/graph/tags_unit_test.go
@@ -2,11 +2,11 @@ package graph
 
 import (
 	"bytes"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	_ "github.com/dotcloud/docker/daemon/graphdriver/vfs" // import the vfs driver so it is used in the tests
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/daemon/graphdriver"
+	_ "github.com/docker/docker/daemon/graphdriver/vfs" // import the vfs driver so it is used in the tests
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
 	"os"
 	"path"
diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md
index 4312d5d3c0..6a22f4fc97 100644
--- a/components/engine/hack/PACKAGERS.md
+++ b/components/engine/hack/PACKAGERS.md
@@ -48,7 +48,7 @@ To build Docker, you will need the following:
 * Go version 1.2 or later
 * A clean checkout of the source added to a valid [Go
   workspace](http://golang.org/doc/code.html#Workspaces) under the path
-  *src/github.com/dotcloud/docker* (unless you plan to use `AUTO_GOPATH`,
+  *src/github.com/docker/docker* (unless you plan to use `AUTO_GOPATH`,
   explained in more detail below).
 
 To build the Docker daemon, you will additionally need:
@@ -145,7 +145,7 @@ export AUTO_GOPATH=1
 ```
 
 This will cause the build scripts to set up a reasonable `GOPATH` that
-automatically and properly includes both dotcloud/docker from the local
+automatically and properly includes both docker/docker from the local
 directory, and the local "./vendor" directory as necessary.
 
 ### `DOCKER_BUILDTAGS`
@@ -271,9 +271,9 @@ installed and available at runtime:
 * a [properly
   mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
   cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
-  [is](https://github.com/dotcloud/docker/issues/2683)
-  [not](https://github.com/dotcloud/docker/issues/3485)
-  [sufficient](https://github.com/dotcloud/docker/issues/4568))
+  [is](https://github.com/docker/docker/issues/2683)
+  [not](https://github.com/docker/docker/issues/3485)
+  [sufficient](https://github.com/docker/docker/issues/4568))
 
 Additionally, the Docker client needs the following software to be installed and
 available at runtime:
diff --git a/components/engine/hack/RELEASE-CHECKLIST.md b/components/engine/hack/RELEASE-CHECKLIST.md
index ccdcaee020..839f5c18fd 100644
--- a/components/engine/hack/RELEASE-CHECKLIST.md
+++ b/components/engine/hack/RELEASE-CHECKLIST.md
@@ -7,7 +7,7 @@ If your experience deviates from this document, please document the changes
 to keep it up-to-date.
 
 It is important to note that this document assumes that the git remote in your
-repository that corresponds to "https://github.com/dotcloud/docker" is named
+repository that corresponds to "https://github.com/docker/docker" is named
 "origin".  If yours is not (for example, if you've chosen to name it "upstream"
 or something similar instead), be sure to adjust the listed snippets for your
 local environment accordingly.  If you are not sure what your upstream remote is
@@ -18,7 +18,7 @@ like:
 
 ```bash
 export GITHUBUSER="YOUR_GITHUB_USER"
-git remote add origin https://github.com/dotcloud/docker.git
+git remote add origin https://github.com/docker/docker.git
 git remote add $GITHUBUSER git@github.com:$GITHUBUSER/docker.git
 ```
 
@@ -155,7 +155,7 @@ make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release
 git add VERSION CHANGELOG.md
 git commit -m "Bump version to $VERSION"
 git push $GITHUBUSER bump_$VERSION
-echo "https://github.com/$GITHUBUSER/docker/compare/dotcloud:release...$GITHUBUSER:bump_$VERSION?expand=1"
+echo "https://github.com/$GITHUBUSER/docker/compare/docker:release...$GITHUBUSER:bump_$VERSION?expand=1"
 ```
 
 That last command will give you the proper link to visit to ensure that you
@@ -288,7 +288,7 @@ echo ${VERSION#v}-dev > VERSION
 git add VERSION
 git commit -m "Change version to $(cat VERSION)"
 git push $GITHUBUSER merge_release_$VERSION
-echo "https://github.com/$GITHUBUSER/docker/compare/dotcloud:master...$GITHUBUSER:merge_release_$VERSION?expand=1"
+echo "https://github.com/$GITHUBUSER/docker/compare/docker:master...$GITHUBUSER:merge_release_$VERSION?expand=1"
 ```
 
 Again, get two maintainers to validate, then merge, then push that pretty
diff --git a/components/engine/hack/ROADMAP.md b/components/engine/hack/ROADMAP.md
index ff797b380c..d49664b7b3 100644
--- a/components/engine/hack/ROADMAP.md
+++ b/components/engine/hack/ROADMAP.md
@@ -3,7 +3,7 @@
 This document is a high-level overview of where we want to take Docker next.
 It is a curated selection of planned improvements which are either important, difficult, or both.
 
-For a more complete view of planned and requested improvements, see [the Github issues](https://github.com/dotcloud/docker/issues).
+For a more complete view of planned and requested improvements, see [the Github issues](https://github.com/docker/docker/issues).
 
 To suggest changes to the roadmap, including additions, please write the change as if it were already in effect, and make a pull request.
 
diff --git a/components/engine/hack/dind b/components/engine/hack/dind
index 77629ad0a5..f8fae6379c 100755
--- a/components/engine/hack/dind
+++ b/components/engine/hack/dind
@@ -2,7 +2,7 @@
 set -e
 
 # DinD: a wrapper script which allows docker to be run inside a docker container.
-# Original version by Jerome Petazzoni <jerome@dotcloud.com>
+# Original version by Jerome Petazzoni <jerome@docker.com>
 # See the blog post: http://blog.docker.com/2013/09/docker-can-now-run-within-docker/
 #
 # This script should be executed inside a docker container in privilieged mode
diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index d5bcfcfbc0..843c84b1f4 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -6,7 +6,7 @@ set -e
 #
 # Requirements:
 # - The current directory should be a checkout of the docker source code
-#   (http://github.com/dotcloud/docker). Whatever version is checked out
+#   (http://github.com/docker/docker). Whatever version is checked out
 #   will be built.
 # - The VERSION file, at the root of the repository, should exist, and
 #   will be used as Docker binary version and package version.
@@ -25,7 +25,7 @@ set -o pipefail
 
 # We're a nice, sexy, little shell script, and people might try to run us;
 # but really, they shouldn't. We want to be in a container!
-if [ "$(pwd)" != '/go/src/github.com/dotcloud/docker' ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
+if [ "$(pwd)" != '/go/src/github.com/docker/docker' ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
 	{
 		echo "# WARNING! I don't seem to be running in the Docker container."
 		echo "# The result of this command might be an incorrect build, and will not be"
@@ -77,8 +77,8 @@ fi
 
 if [ "$AUTO_GOPATH" ]; then
 	rm -rf .gopath
-	mkdir -p .gopath/src/github.com/dotcloud
-	ln -sf ../../../.. .gopath/src/github.com/dotcloud/docker
+	mkdir -p .gopath/src/github.com/docker
+	ln -sf ../../../.. .gopath/src/github.com/docker/docker
 	export GOPATH="$(pwd)/.gopath:$(pwd)/vendor"
 fi
 
@@ -91,8 +91,8 @@ fi
 # Use these flags when compiling the tests and final binary
 LDFLAGS='
 	-w
-	-X github.com/dotcloud/docker/dockerversion.GITCOMMIT "'$GITCOMMIT'"
-	-X github.com/dotcloud/docker/dockerversion.VERSION "'$VERSION'"
+	-X github.com/docker/docker/dockerversion.GITCOMMIT "'$GITCOMMIT'"
+	-X github.com/docker/docker/dockerversion.VERSION "'$VERSION'"
 '
 LDFLAGS_STATIC='-linkmode external'
 EXTLDFLAGS_STATIC='-static'
@@ -103,7 +103,7 @@ BUILDFLAGS=( -a -tags "netgo static_build $DOCKER_BUILDTAGS" )
 EXTLDFLAGS_STATIC_DOCKER="$EXTLDFLAGS_STATIC -lpthread -Wl,--unresolved-symbols=ignore-in-object-files"
 LDFLAGS_STATIC_DOCKER="
 	$LDFLAGS_STATIC
-	-X github.com/dotcloud/docker/dockerversion.IAMSTATIC true
+	-X github.com/docker/docker/dockerversion.IAMSTATIC true
 	-extldflags \"$EXTLDFLAGS_STATIC_DOCKER\"
 "
 
@@ -150,7 +150,7 @@ go_test_dir() {
 		testcover=( -cover -coverprofile "$coverprofile" $coverpkg )
 	fi
 	(
-		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
+		echo '+ go test' $TESTFLAGS "github.com/docker/docker${dir#.}"
 		cd "$dir"
 		go test ${testcover[@]} -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS
 	)
diff --git a/components/engine/hack/make/.ensure-scratch b/components/engine/hack/make/.ensure-scratch
index 487e85ae27..9a9a43a0f8 100644
--- a/components/engine/hack/make/.ensure-scratch
+++ b/components/engine/hack/make/.ensure-scratch
@@ -2,8 +2,8 @@
 
 if ! docker inspect scratch &> /dev/null; then
 	# let's build a "docker save" tarball for "scratch"
-	# see https://github.com/dotcloud/docker/pull/5262
-	# and also https://github.com/dotcloud/docker/issues/4242
+	# see https://github.com/docker/docker/pull/5262
+	# and also https://github.com/docker/docker/issues/4242
 	mkdir -p /docker-scratch
 	(
 		cd /docker-scratch
diff --git a/components/engine/hack/make/.validate b/components/engine/hack/make/.validate
index cf6be53a68..022809154e 100644
--- a/components/engine/hack/make/.validate
+++ b/components/engine/hack/make/.validate
@@ -4,7 +4,7 @@ if [ -z "$VALIDATE_UPSTREAM" ]; then
 	# this is kind of an expensive check, so let's not do this twice if we
 	# are running more than one validate bundlescript
 	
-	VALIDATE_REPO='https://github.com/dotcloud/docker.git'
+	VALIDATE_REPO='https://github.com/docker/docker.git'
 	VALIDATE_BRANCH='master'
 	
 	if [ "$TRAVIS" = 'true' -a "$TRAVIS_PULL_REQUEST" != 'false' ]; then
diff --git a/components/engine/hack/make/dynbinary b/components/engine/hack/make/dynbinary
index 74bb0dd36e..ca7cbdab07 100644
--- a/components/engine/hack/make/dynbinary
+++ b/components/engine/hack/make/dynbinary
@@ -39,7 +39,7 @@ fi
 # exported so that "dyntest" can easily access it later without recalculating it
 
 (
-	export LDFLAGS_STATIC_DOCKER="-X github.com/dotcloud/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\" -X github.com/dotcloud/docker/dockerversion.INITPATH \"$DOCKER_INITPATH\""
+	export LDFLAGS_STATIC_DOCKER="-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\" -X github.com/docker/docker/dockerversion.INITPATH \"$DOCKER_INITPATH\""
 	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
 	source "$(dirname "$BASH_SOURCE")/binary"
 )
diff --git a/components/engine/hack/make/dyntest-integration b/components/engine/hack/make/dyntest-integration
index 03d7cbef95..218b65a054 100644
--- a/components/engine/hack/make/dyntest-integration
+++ b/components/engine/hack/make/dyntest-integration
@@ -12,7 +12,7 @@ fi
 (
 	export TEST_DOCKERINIT_PATH="$INIT"
 	export LDFLAGS_STATIC_DOCKER="
-		-X github.com/dotcloud/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
+		-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
 	"
 	source "$(dirname "$BASH_SOURCE")/test-integration"
 )
diff --git a/components/engine/hack/make/dyntest-unit b/components/engine/hack/make/dyntest-unit
index ce934f1849..dfd84cb3b5 100644
--- a/components/engine/hack/make/dyntest-unit
+++ b/components/engine/hack/make/dyntest-unit
@@ -12,7 +12,7 @@ fi
 (
 	export TEST_DOCKERINIT_PATH="$INIT"
 	export LDFLAGS_STATIC_DOCKER="
-		-X github.com/dotcloud/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
+		-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
 	"
 	source "$(dirname "$BASH_SOURCE")/test-unit"
 )
diff --git a/components/engine/hack/make/test-integration b/components/engine/hack/make/test-integration
index baad1349a2..9daa8a0a4e 100644
--- a/components/engine/hack/make/test-integration
+++ b/components/engine/hack/make/test-integration
@@ -5,7 +5,7 @@ DEST=$1
 
 bundle_test_integration() {
 	LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir ./integration \
-		"-coverpkg $(find_dirs '*.go' | sed 's,^\.,github.com/dotcloud/docker,g' | paste -d, -s)"
+		"-coverpkg $(find_dirs '*.go' | sed 's,^\.,github.com/docker/docker,g' | paste -d, -s)"
 }
 
 # this "grep" hides some really irritating warnings that "go test -coverpkg"
diff --git a/components/engine/hack/make/validate-dco b/components/engine/hack/make/validate-dco
index 8b7812982d..8f3bfc317a 100644
--- a/components/engine/hack/make/validate-dco
+++ b/components/engine/hack/make/validate-dco
@@ -12,7 +12,7 @@ notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')"
 # "Username may only contain alphanumeric characters or dashes and cannot begin with a dash"
 githubUsernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
 
-# https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work
+# https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work
 dcoPrefix='Docker-DCO-1.1-Signed-off-by:'
 dcoRegex="^$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)> \\(github: ($githubUsernameRegex)\\)$"
 
@@ -48,7 +48,7 @@ else
 			echo 'Please amend each commit to include a properly formatted DCO marker.'
 			echo
 			echo 'Visit the following URL for information about the Docker DCO:'
-			echo ' https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work'
+			echo ' https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work'
 			echo
 		} >&2
 		false
diff --git a/components/engine/hack/release.sh b/components/engine/hack/release.sh
index 2a6b3992ef..2224e0619b 100755
--- a/components/engine/hack/release.sh
+++ b/components/engine/hack/release.sh
@@ -41,8 +41,8 @@ EOF
 [ "$AWS_ACCESS_KEY" ] || usage
 [ "$AWS_SECRET_KEY" ] || usage
 [ "$GPG_PASSPHRASE" ] || usage
-[ -d /go/src/github.com/dotcloud/docker ] || usage
-cd /go/src/github.com/dotcloud/docker
+[ -d /go/src/github.com/docker/docker ] || usage
+cd /go/src/github.com/docker/docker
 [ -x hack/make.sh ] || usage
 
 RELEASE_BUNDLES=(
@@ -357,7 +357,7 @@ Key-Type: RSA
 Key-Length: 4096
 Passphrase: $GPG_PASSPHRASE
 Name-Real: Docker Release Tool
-Name-Email: docker@dotcloud.com
+Name-Email: docker@docker.com
 Name-Comment: releasedocker
 Expire-Date: 0
 %commit
diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 6f07ba68ef..6b780f0fa8 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer cf45d141db69ce11dcccac178e5607a385609e15
+clone git github.com/docker/libcontainer e6a43c1c2b9f769deb96348a0a93417cd48a36d8
diff --git a/components/engine/image/graph.go b/components/engine/image/graph.go
index 64a38d7a29..31fbdd9ad8 100644
--- a/components/engine/image/graph.go
+++ b/components/engine/image/graph.go
@@ -1,7 +1,7 @@
 package image
 
 import (
-	"github.com/dotcloud/docker/daemon/graphdriver"
+	"github.com/docker/docker/daemon/graphdriver"
 )
 
 type Graph interface {
diff --git a/components/engine/image/image.go b/components/engine/image/image.go
index 5c250947ce..e57311aa86 100644
--- a/components/engine/image/image.go
+++ b/components/engine/image/image.go
@@ -3,10 +3,10 @@ package image
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
 	"io/ioutil"
 	"os"
 	"path"
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 3b1c1c230e..bf957ada84 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/archive"
+	"github.com/docker/docker/archive"
 )
 
 func TestBuildCacheADD(t *testing.T) {
diff --git a/components/engine/integration-cli/docker_cli_links_test.go b/components/engine/integration-cli/docker_cli_links_test.go
index cb48866456..9cd1a3fbc5 100644
--- a/components/engine/integration-cli/docker_cli_links_test.go
+++ b/components/engine/integration-cli/docker_cli_links_test.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dotcloud/docker/pkg/iptables"
+	"github.com/docker/docker/pkg/iptables"
 )
 
 func TestEtcHostsRegularFile(t *testing.T) {
diff --git a/components/engine/integration-cli/docker_cli_nat_test.go b/components/engine/integration-cli/docker_cli_nat_test.go
index 3816e54050..caa41aa0ab 100644
--- a/components/engine/integration-cli/docker_cli_nat_test.go
+++ b/components/engine/integration-cli/docker_cli_nat_test.go
@@ -7,7 +7,7 @@ import (
 	"os/exec"
 	"testing"
 
-	"github.com/dotcloud/docker/daemon"
+	"github.com/docker/docker/daemon"
 )
 
 func TestNetworkNat(t *testing.T) {
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 293c835f5e..63d3b133f1 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -12,7 +12,7 @@ import (
 	"sync"
 	"testing"
 
-	"github.com/dotcloud/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/pkg/networkfs/resolvconf"
 )
 
 // "test123" should be printed by docker run
diff --git a/components/engine/integration/api_test.go b/components/engine/integration/api_test.go
index b8414b6179..e5f93fb072 100644
--- a/components/engine/integration/api_test.go
+++ b/components/engine/integration/api_test.go
@@ -12,11 +12,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/api/server"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/server"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 func TestGetContainersJSON(t *testing.T) {
diff --git a/components/engine/integration/auth_test.go b/components/engine/integration/auth_test.go
index 8109bbb130..42cd1ac64d 100644
--- a/components/engine/integration/auth_test.go
+++ b/components/engine/integration/auth_test.go
@@ -4,10 +4,11 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
-	"github.com/dotcloud/docker/registry"
 	"os"
 	"strings"
 	"testing"
+
+	"github.com/docker/docker/registry"
 )
 
 // FIXME: these tests have an external dependency on a staging index hosted
@@ -17,13 +18,13 @@ import (
 
 func TestLogin(t *testing.T) {
 	t.Skip("FIXME: please remove dependency on external services")
-	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
+	os.Setenv("DOCKER_INDEX_URL", "https://registry-stage.hub.docker.com/v1/")
 	defer os.Setenv("DOCKER_INDEX_URL", "")
 	authConfig := &registry.AuthConfig{
 		Username:      "unittester",
 		Password:      "surlautrerivejetattendrai",
 		Email:         "noise+unittester@docker.com",
-		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",
+		ServerAddress: "https://registry-stage.hub.docker.com/v1/",
 	}
 	status, err := registry.Login(authConfig, nil)
 	if err != nil {
@@ -47,7 +48,7 @@ func TestCreateAccount(t *testing.T) {
 		Username:      username,
 		Password:      "test42",
 		Email:         fmt.Sprintf("docker-ut+%s@example.com", token),
-		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",
+		ServerAddress: "https://registry-stage.hub.docker.com/v1/",
 	}
 	status, err := registry.Login(authConfig, nil)
 	if err != nil {
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 28210e7536..1e9f18eaf8 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -11,11 +11,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/api/client"
-	"github.com/dotcloud/docker/daemon"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/api/client"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/utils"
 )
 
 func closeWrap(args ...io.Closer) error {
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index cd2b9ba070..4462aba08d 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/runconfig"
+	"github.com/docker/docker/runconfig"
 )
 
 func TestKillDifferentUser(t *testing.T) {
diff --git a/components/engine/integration/graph_test.go b/components/engine/integration/graph_test.go
index dc056f7e1c..c6a0740ca5 100644
--- a/components/engine/integration/graph_test.go
+++ b/components/engine/integration/graph_test.go
@@ -2,12 +2,12 @@ package docker
 
 import (
 	"errors"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon/graphdriver"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/utils"
 	"io"
 	"io/ioutil"
 	"os"
diff --git a/components/engine/integration/https_test.go b/components/engine/integration/https_test.go
index 34c16cf9f9..b15f4e5694 100644
--- a/components/engine/integration/https_test.go
+++ b/components/engine/integration/https_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/api/client"
+	"github.com/docker/docker/api/client"
 )
 
 const (
diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 4c0f636d60..713c95fb32 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -16,13 +16,13 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/daemon"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/sysinit"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/sysinit"
+	"github.com/docker/docker/utils"
 )
 
 const (
diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index aab6802f53..71ec93cdc2 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/runconfig"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/runconfig"
 )
 
 func TestCreateNumberHostname(t *testing.T) {
diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go
index 7be7f13eee..e44bda85a5 100644
--- a/components/engine/integration/utils_test.go
+++ b/components/engine/integration/utils_test.go
@@ -13,14 +13,14 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 
-	"github.com/dotcloud/docker/builtins"
-	"github.com/dotcloud/docker/daemon"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/server"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/builtins"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/server"
+	"github.com/docker/docker/utils"
 )
 
 // This file contains utility functions for docker's unit test suite.
diff --git a/components/engine/integration/z_final_test.go b/components/engine/integration/z_final_test.go
index 6065230b92..ad1eb43409 100644
--- a/components/engine/integration/z_final_test.go
+++ b/components/engine/integration/z_final_test.go
@@ -1,7 +1,7 @@
 package docker
 
 import (
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 	"runtime"
 	"testing"
 )
diff --git a/components/engine/links/links.go b/components/engine/links/links.go
index 45c1935c20..d2d699398e 100644
--- a/components/engine/links/links.go
+++ b/components/engine/links/links.go
@@ -2,8 +2,8 @@ package links
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/nat"
 	"path"
 	"strings"
 )
diff --git a/components/engine/links/links_test.go b/components/engine/links/links_test.go
index e79ef1a136..c26559e599 100644
--- a/components/engine/links/links_test.go
+++ b/components/engine/links/links_test.go
@@ -1,7 +1,7 @@
 package links
 
 import (
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/nat"
 	"strings"
 	"testing"
 )
diff --git a/components/engine/nat/nat.go b/components/engine/nat/nat.go
index 31633dd544..8c402e94bf 100644
--- a/components/engine/nat/nat.go
+++ b/components/engine/nat/nat.go
@@ -8,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 const (
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index b3ceeffda6..434ea03722 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -8,7 +8,7 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 // ListOpts type
diff --git a/components/engine/pkg/mflag/example/example.go b/components/engine/pkg/mflag/example/example.go
index 8af8ff9cf4..2e766dd1e5 100644
--- a/components/engine/pkg/mflag/example/example.go
+++ b/components/engine/pkg/mflag/example/example.go
@@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
 
-	flag "github.com/dotcloud/docker/pkg/mflag"
+	flag "github.com/docker/docker/pkg/mflag"
 )
 
 var (
diff --git a/components/engine/pkg/mflag/flag.go b/components/engine/pkg/mflag/flag.go
index 52f786e451..6e3f039707 100644
--- a/components/engine/pkg/mflag/flag.go
+++ b/components/engine/pkg/mflag/flag.go
@@ -10,7 +10,7 @@
 	Define flags using flag.String(), Bool(), Int(), etc.
 
 	This declares an integer flag, -f or --flagname, stored in the pointer ip, with type *int.
-		import "flag /github.com/dotcloud/docker/pkg/mflag"
+		import "flag /github.com/docker/docker/pkg/mflag"
 		var ip = flag.Int([]string{"f", "-flagname"}, 1234, "help message for flagname")
 	If you like, you can bind the flag to a variable using the Var() functions.
 		var flagvar int
diff --git a/components/engine/pkg/mflag/flag_test.go b/components/engine/pkg/mflag/flag_test.go
index 4c2222e54b..2aa6fdab00 100644
--- a/components/engine/pkg/mflag/flag_test.go
+++ b/components/engine/pkg/mflag/flag_test.go
@@ -7,7 +7,7 @@ package mflag_test
 import (
 	"bytes"
 	"fmt"
-	. "github.com/dotcloud/docker/pkg/mflag"
+	. "github.com/docker/docker/pkg/mflag"
 	"os"
 	"sort"
 	"strings"
diff --git a/components/engine/pkg/term/MAINTAINERS b/components/engine/pkg/term/MAINTAINERS
index 1887dfc232..aee10c8421 100644
--- a/components/engine/pkg/term/MAINTAINERS
+++ b/components/engine/pkg/term/MAINTAINERS
@@ -1 +1 @@
-Solomon Hykes <solomon@dotcloud.com> (@shykes)
+Solomon Hykes <solomon@docker.com> (@shykes)
diff --git a/components/engine/pkg/truncindex/truncindex_test.go b/components/engine/pkg/truncindex/truncindex_test.go
index f88d667d5a..32c41c7d76 100644
--- a/components/engine/pkg/truncindex/truncindex_test.go
+++ b/components/engine/pkg/truncindex/truncindex_test.go
@@ -4,7 +4,7 @@ import (
 	"math/rand"
 	"testing"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 // Test the behavior of TruncIndex, an index for querying IDs from a non-conflicting prefix.
diff --git a/components/engine/registry/MAINTAINERS b/components/engine/registry/MAINTAINERS
index 6ed4e9d650..fdb03ed573 100644
--- a/components/engine/registry/MAINTAINERS
+++ b/components/engine/registry/MAINTAINERS
@@ -1,5 +1,5 @@
-Sam Alba <sam@dotcloud.com> (@samalba)
-Joffrey Fuhrer <joffrey@dotcloud.com> (@shin-)
-Ken Cochrane <ken@dotcloud.com> (@kencochrane)
+Sam Alba <sam@docker.com> (@samalba)
+Joffrey Fuhrer <joffrey@docker.com> (@shin-)
+Ken Cochrane <ken@docker.com> (@kencochrane)
 Vincent Batts <vbatts@redhat.com> (@vbatts)
 Olivier Gambier <olivier@docker.com> (@dmp42)
diff --git a/components/engine/registry/auth.go b/components/engine/registry/auth.go
index 7384efbad6..906a37dde7 100644
--- a/components/engine/registry/auth.go
+++ b/components/engine/registry/auth.go
@@ -11,7 +11,7 @@ import (
 	"path"
 	"strings"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 // Where we store the config file
@@ -20,7 +20,7 @@ const CONFIGFILE = ".dockercfg"
 // Only used for user auth + account creation
 const INDEXSERVER = "https://index.docker.io/v1/"
 
-//const INDEXSERVER = "https://indexstaging-docker.dotcloud.com/v1/"
+//const INDEXSERVER = "https://registry-stage.hub.docker.com/v1/"
 
 var (
 	ErrConfigFileMissing = errors.New("The Auth config file is missing")
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 974e7fb9f8..567cd9f70f 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -23,8 +23,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/registry/registry_mock_test.go b/components/engine/registry/registry_mock_test.go
index 6b00751318..1a622228e3 100644
--- a/components/engine/registry/registry_mock_test.go
+++ b/components/engine/registry/registry_mock_test.go
@@ -3,7 +3,7 @@ package registry
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 	"github.com/gorilla/mux"
 	"io"
 	"io/ioutil"
diff --git a/components/engine/registry/registry_test.go b/components/engine/registry/registry_test.go
index 5cec059505..12dc7a28a4 100644
--- a/components/engine/registry/registry_test.go
+++ b/components/engine/registry/registry_test.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 var (
@@ -145,7 +145,7 @@ func TestPushImageLayerRegistry(t *testing.T) {
 }
 
 func TestResolveRepositoryName(t *testing.T) {
-	_, _, err := ResolveRepositoryName("https://github.com/dotcloud/docker")
+	_, _, err := ResolveRepositoryName("https://github.com/docker/docker")
 	assertEqual(t, err, ErrInvalidRepositoryName, "Expected error invalid repo name")
 	ep, repo, err := ResolveRepositoryName("fooo/bar")
 	if err != nil {
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index 89a4baa729..d2775e3cd1 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -1,7 +1,7 @@
 package registry
 
 import (
-	"github.com/dotcloud/docker/engine"
+	"github.com/docker/docker/engine"
 )
 
 // Service exposes registry capabilities in the standard Engine
diff --git a/components/engine/runconfig/config.go b/components/engine/runconfig/config.go
index 8a069c64c7..c00110bf71 100644
--- a/components/engine/runconfig/config.go
+++ b/components/engine/runconfig/config.go
@@ -1,8 +1,8 @@
 package runconfig
 
 import (
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/nat"
 )
 
 // Note: the Config structure should hold only portable information about the container.
diff --git a/components/engine/runconfig/config_test.go b/components/engine/runconfig/config_test.go
index 3b57b0a603..7d3aa01b7d 100644
--- a/components/engine/runconfig/config_test.go
+++ b/components/engine/runconfig/config_test.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dotcloud/docker/nat"
+	"github.com/docker/docker/nat"
 )
 
 func parse(t *testing.T, args string) (*Config, *HostConfig, error) {
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index c68f764588..77e5fd8adb 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -3,9 +3,9 @@ package runconfig
 import (
 	"strings"
 
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/utils"
 )
 
 type NetworkMode string
diff --git a/components/engine/runconfig/merge.go b/components/engine/runconfig/merge.go
index e30b4cec24..290d5f3189 100644
--- a/components/engine/runconfig/merge.go
+++ b/components/engine/runconfig/merge.go
@@ -3,8 +3,8 @@ package runconfig
 import (
 	"strings"
 
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/utils"
 )
 
 func Merge(userConf, imageConf *Config) error {
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index c3ce8a5a70..fe16e9caaf 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -6,12 +6,12 @@ import (
 	"path"
 	"strings"
 
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/opts"
-	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/pkg/sysinfo"
-	"github.com/dotcloud/docker/pkg/units"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/sysinfo"
+	"github.com/docker/docker/pkg/units"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/runconfig/parse_test.go b/components/engine/runconfig/parse_test.go
index 94cea493f0..a45a864924 100644
--- a/components/engine/runconfig/parse_test.go
+++ b/components/engine/runconfig/parse_test.go
@@ -3,7 +3,7 @@ package runconfig
 import (
 	"testing"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 func TestParseLxcConfOpt(t *testing.T) {
diff --git a/components/engine/server/buildfile.go b/components/engine/server/buildfile.go
index 71fed660b2..e8e8dbec5a 100644
--- a/components/engine/server/buildfile.go
+++ b/components/engine/server/buildfile.go
@@ -19,14 +19,14 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/pkg/symlink"
-	"github.com/dotcloud/docker/pkg/system"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/symlink"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
 )
 
 var (
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 4e9e773307..d9787317a7 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -45,20 +45,20 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/daemon"
-	"github.com/dotcloud/docker/daemonconfig"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/pkg/graphdb"
-	"github.com/dotcloud/docker/pkg/signal"
-	"github.com/dotcloud/docker/pkg/tailfile"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/utils/filters"
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemonconfig"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/tailfile"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/filters"
 )
 
 func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
diff --git a/components/engine/server/server_unit_test.go b/components/engine/server/server_unit_test.go
index e6c5d49b82..91ca709f4f 100644
--- a/components/engine/server/server_unit_test.go
+++ b/components/engine/server/server_unit_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 func TestPools(t *testing.T) {
diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go
index 1b8746f02a..9da6a5fc5d 100644
--- a/components/engine/sysinit/sysinit.go
+++ b/components/engine/sysinit/sysinit.go
@@ -6,9 +6,9 @@ import (
 	"log"
 	"os"
 
-	"github.com/dotcloud/docker/daemon/execdriver"
-	_ "github.com/dotcloud/docker/daemon/execdriver/lxc"
-	_ "github.com/dotcloud/docker/daemon/execdriver/native"
+	"github.com/docker/docker/daemon/execdriver"
+	_ "github.com/docker/docker/daemon/execdriver/lxc"
+	_ "github.com/docker/docker/daemon/execdriver/native"
 )
 
 func executeProgram(args *execdriver.InitArgs) error {
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter.go b/components/engine/utils/broadcastwriter/broadcastwriter.go
index 9bd2c1471e..f094744e37 100644
--- a/components/engine/utils/broadcastwriter/broadcastwriter.go
+++ b/components/engine/utils/broadcastwriter/broadcastwriter.go
@@ -7,7 +7,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/dotcloud/docker/utils"
+	"github.com/docker/docker/utils"
 )
 
 // BroadcastWriter accumulate multiple io.WriteCloser by stream.
diff --git a/components/engine/utils/jsonmessage.go b/components/engine/utils/jsonmessage.go
index 922f3df739..7ad4548c38 100644
--- a/components/engine/utils/jsonmessage.go
+++ b/components/engine/utils/jsonmessage.go
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/pkg/units"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/pkg/units"
 )
 
 type JSONError struct {
diff --git a/components/engine/utils/tarsum.go b/components/engine/utils/tarsum.go
index 67e94aaebc..afdf128ce6 100644
--- a/components/engine/utils/tarsum.go
+++ b/components/engine/utils/tarsum.go
@@ -5,7 +5,7 @@ import (
 	"compress/gzip"
 	"crypto/sha256"
 	"encoding/hex"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"hash"
 	"io"
 	"sort"
diff --git a/components/engine/utils/tarsum_test.go b/components/engine/utils/tarsum_test.go
index e84abde916..7904292ddf 100644
--- a/components/engine/utils/tarsum_test.go
+++ b/components/engine/utils/tarsum_test.go
@@ -9,7 +9,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 type testLayer struct {
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 0d44ec0f72..0d3b4d0acb 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -22,7 +22,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/dotcloud/docker/dockerversion"
+	"github.com/docker/docker/dockerversion"
 )
 
 type KeyValuePair struct {
diff --git a/components/engine/utils/utils_test.go b/components/engine/utils/utils_test.go
index 6fd09b97db..5ea1f30b21 100644
--- a/components/engine/utils/utils_test.go
+++ b/components/engine/utils/utils_test.go
@@ -128,23 +128,23 @@ func TestParseRepositoryTag(t *testing.T) {
 func TestCheckLocalDns(t *testing.T) {
 	for resolv, result := range map[string]bool{`# Dynamic
 nameserver 10.0.2.3
-search dotcloud.net`: false,
+search docker.com`: false,
 		`# Dynamic
 #nameserver 127.0.0.1
 nameserver 10.0.2.3
-search dotcloud.net`: false,
+search docker.com`: false,
 		`# Dynamic
 nameserver 10.0.2.3 #not used 127.0.1.1
-search dotcloud.net`: false,
+search docker.com`: false,
 		`# Dynamic
 #nameserver 10.0.2.3
-#search dotcloud.net`: true,
+#search docker.com`: true,
 		`# Dynamic
 nameserver 127.0.0.1
-search dotcloud.net`: true,
+search docker.com`: true,
 		`# Dynamic
 nameserver 127.0.1.1
-search dotcloud.net`: true,
+search docker.com`: true,
 		`# Dynamic
 `: true,
 		``: true,
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
index 5ce4587689..7040d0bd71 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -6,14 +6,15 @@ sudo: false
 
 env:
     - TRAVIS_GLOBAL_WTF=1
-    - _GOOS=linux _GOARCH=amd64
-#    - _GOOS=linux _GOARCH=386 # Travis can't currently do 32bit cgo... (see https://travis-ci.org/tianon/libcontainer/jobs/30126518#L168)
-#    - _GOOS=linux _GOARCH=arm # see https://github.com/moovweb/gvm/issues/22
+    - _GOOS=linux _GOARCH=amd64 CGO_ENABLED=1
+    - _GOOS=linux _GOARCH=amd64 CGO_ENABLED=0
+#    - _GOOS=linux _GOARCH=386 CGO_ENABLED=1 # TODO add this once Travis can handle it (https://github.com/travis-ci/travis-ci/issues/2207#issuecomment-49625061)
+    - _GOOS=linux _GOARCH=386 CGO_ENABLED=0
+    - _GOOS=linux _GOARCH=arm CGO_ENABLED=0
 
 install:
     - mkdir -pv "${GOPATH%%:*}/src/github.com/docker" && [ -d "${GOPATH%%:*}/src/github.com/docker/libcontainer" ] || ln -sv "$(readlink -f .)" "${GOPATH%%:*}/src/github.com/docker/libcontainer"
     - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then
-          export CGO_ENABLED=1;
           gvm cross "$_GOOS" "$_GOARCH";
           export GOOS="$_GOOS" GOARCH="$_GOARCH";
       fi
@@ -30,4 +31,4 @@ script:
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-dco"; fi
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-gofmt"; fi
     - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go build -v ./...; fi
-    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go test -v ./...; fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" -a "$GOARCH" != 'arm' ]; then go test -test.short -v ./...; fi
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
index 73789d1ab2..1fbba3e531 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
@@ -1,8 +1,21 @@
 FROM crosbymichael/golang
 
 RUN apt-get update && apt-get install -y gcc
+RUN go get code.google.com/p/go.tools/cmd/cover
 
-ADD . /go/src/github.com/docker/libcontainer
-RUN cd /go/src/github.com/docker/libcontainer && go get -d ./... && go install ./...
+# setup a playground for us to spawn containers in
+RUN mkdir /busybox && \
+    curl -sSL 'https://github.com/jpetazzo/docker-busybox/raw/buildroot-2014.02/rootfs.tar' | tar -xC /busybox
 
-CMD ["nsinit"]
+RUN curl -sSL https://raw.githubusercontent.com/docker/docker/master/hack/dind -o /dind && \
+    chmod +x /dind
+
+COPY . /go/src/github.com/docker/libcontainer
+WORKDIR /go/src/github.com/docker/libcontainer
+RUN cp sample_configs/minimal.json /busybox/container.json
+
+RUN go get -d -v ./...
+RUN go install -v ./...
+
+ENTRYPOINT ["/dind"]
+CMD ["go", "test", "-cover", "./..."]
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Makefile b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
new file mode 100644
index 0000000000..843b761eda
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
@@ -0,0 +1,10 @@
+
+all:
+	docker build -t docker/libcontainer .
+
+test:
+	# we need NET_ADMIN for the netlink tests and SYS_ADMIN for mounting
+	docker run --rm --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer
+
+sh:
+	docker run --rm -ti -w /busybox --rm --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer nsinit exec sh
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
index 5755a5f4b7..01e5bf49b1 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
@@ -14,9 +14,9 @@ import (
 	"time"
 
 	systemd1 "github.com/coreos/go-systemd/dbus"
+	"github.com/docker/docker/pkg/systemd"
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/cgroups/fs"
-	"github.com/dotcloud/docker/pkg/systemd"
 	"github.com/godbus/dbus"
 )
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
index 0d19b3eaae..ce5c4f3364 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
@@ -9,7 +9,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/dotcloud/docker/pkg/mount"
+	"github.com/docker/docker/pkg/mount"
 )
 
 // https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
@@ -97,7 +97,7 @@ func GetAllSubsystems() ([]string, error) {
 		text := s.Text()
 		if text[0] != '#' {
 			parts := strings.Fields(text)
-			if len(parts) > 4 && parts[3] != "0" {
+			if len(parts) >= 4 && parts[3] != "0" {
 				subsystems = append(subsystems, parts[0])
 			}
 		}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/devices/defaults.go b/components/engine/vendor/src/github.com/docker/libcontainer/devices/defaults.go
index 393c438c59..e0ad0b08f8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/devices/defaults.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/devices/defaults.go
@@ -146,8 +146,8 @@ var (
 			// /dev/fuse is created but not allowed.
 			// This is to allow java to work.  Because java
 			// Insists on there being a /dev/fuse
-			// https://github.com/dotcloud/docker/issues/514
-			// https://github.com/dotcloud/docker/issues/2393
+			// https://github.com/docker/docker/issues/514
+			// https://github.com/docker/docker/issues/2393
 			//
 			Path:              "/dev/fuse",
 			Type:              'c',
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
index a59b4a76fe..7edea49994 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
@@ -8,9 +8,9 @@ import (
 	"path/filepath"
 	"syscall"
 
+	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
-	"github.com/dotcloud/docker/pkg/symlink"
 )
 
 // default mount point flags
@@ -52,9 +52,17 @@ func InitializeMountNamespace(rootfs, console string, sysReadonly bool, mountCon
 	if err := SetupPtmx(rootfs, console, mountConfig.MountLabel); err != nil {
 		return err
 	}
+
+	// stdin, stdout and stderr could be pointing to /dev/null from parent namespace.
+	// Re-open them inside this namespace.
+	if err := reOpenDevNull(rootfs); err != nil {
+		return fmt.Errorf("Failed to reopen /dev/null %s", err)
+	}
+
 	if err := setupDevSymlinks(rootfs); err != nil {
 		return fmt.Errorf("dev symlinks %s", err)
 	}
+
 	if err := syscall.Chdir(rootfs); err != nil {
 		return fmt.Errorf("chdir into %s %s", rootfs, err)
 	}
@@ -208,3 +216,29 @@ func newSystemMounts(rootfs, mountLabel string, sysReadonly bool, mounts Mounts)
 
 	return systemMounts
 }
+
+// Is stdin, stdout or stderr were to be pointing to '/dev/null',
+// this method will make them point to '/dev/null' from within this namespace.
+func reOpenDevNull(rootfs string) error {
+	var stat, devNullStat syscall.Stat_t
+	file, err := os.Open(filepath.Join(rootfs, "/dev/null"))
+	if err != nil {
+		return fmt.Errorf("Failed to open /dev/null - %s", err)
+	}
+	defer file.Close()
+	if err = syscall.Fstat(int(file.Fd()), &devNullStat); err != nil {
+		return fmt.Errorf("Failed to stat /dev/null - %s", err)
+	}
+	for fd := 0; fd < 3; fd++ {
+		if err = syscall.Fstat(fd, &stat); err != nil {
+			return fmt.Errorf("Failed to stat fd %d - %s", fd, err)
+		}
+		if stat.Rdev == devNullStat.Rdev {
+			// Close and re-open the fd.
+			if err = syscall.Dup2(int(file.Fd()), fd); err != nil {
+				return fmt.Errorf("Failed to dup fd %d to fd %d - %s", file.Fd(), fd)
+			}
+		}
+	}
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index 5311adf2b3..3a385cb77f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -4,32 +4,96 @@ package namespaces
 
 import (
 	"encoding/json"
-	"os"
-	"strconv"
-
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/system"
+	"io"
+	"os"
+	"os/exec"
+	"strconv"
+	"syscall"
 )
 
+// Runs the command under 'args' inside an existing container referred to by 'container'.
+// Returns the exitcode of the command upon success and appropriate error on failure.
+func RunIn(container *libcontainer.Config, state *libcontainer.State, args []string, nsinitPath string, stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
+	initArgs, err := getNsEnterCommand(strconv.Itoa(state.InitPid), container, console, args)
+	if err != nil {
+		return -1, err
+	}
+
+	cmd := exec.Command(nsinitPath, initArgs...)
+	// Note: these are only used in non-tty mode
+	// if there is a tty for the container it will be opened within the namespace and the
+	// fds will be duped to stdin, stdiout, and stderr
+	cmd.Stdin = stdin
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+
+	if err := cmd.Start(); err != nil {
+		return -1, err
+	}
+	if startCallback != nil {
+		startCallback(cmd)
+	}
+
+	if err := cmd.Wait(); err != nil {
+		if _, ok := err.(*exec.ExitError); !ok {
+			return -1, err
+		}
+	}
+
+	return cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
+}
+
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
 func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []string) error {
-	// TODO(vmarmol): If this gets too long, send it over a pipe to the child.
-	// Marshall the container into JSON since it won't be available in the namespace.
-	containerJson, err := json.Marshal(container)
+	// Enter the namespace and then finish setup
+	args, err := getNsEnterCommand(strconv.Itoa(state.InitPid), container, "", args)
 	if err != nil {
 		return err
 	}
 
-	// Enter the namespace and then finish setup
-	finalArgs := []string{os.Args[0], "nsenter", "--nspid", strconv.Itoa(state.InitPid), "--containerjson", string(containerJson), "--"}
-	finalArgs = append(finalArgs, args...)
+	finalArgs := append([]string{os.Args[0]}, args...)
+
 	if err := system.Execv(finalArgs[0], finalArgs[0:], os.Environ()); err != nil {
 		return err
 	}
+
 	panic("unreachable")
 }
 
+func getContainerJson(container *libcontainer.Config) (string, error) {
+	// TODO(vmarmol): If this gets too long, send it over a pipe to the child.
+	// Marshall the container into JSON since it won't be available in the namespace.
+	containerJson, err := json.Marshal(container)
+	if err != nil {
+		return "", err
+	}
+	return string(containerJson), nil
+}
+
+func getNsEnterCommand(initPid string, container *libcontainer.Config, console string, args []string) ([]string, error) {
+	containerJson, err := getContainerJson(container)
+	if err != nil {
+		return nil, err
+	}
+
+	out := []string{
+		"nsenter",
+		"--nspid", initPid,
+		"--containerjson", containerJson,
+	}
+
+	if console != "" {
+		out = append(out, "--console", console)
+	}
+	out = append(out, "--")
+	out = append(out, args...)
+
+	return out, nil
+}
+
 // Run a command in a container after entering the namespace.
 func NsEnter(container *libcontainer.Config, args []string) error {
 	// clear the current processes env and replace it with the environment
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index 62452cba16..e43db3965c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/docker/docker/pkg/user"
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/console"
@@ -21,7 +22,6 @@ import (
 	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/system"
 	"github.com/docker/libcontainer/utils"
-	"github.com/dotcloud/docker/pkg/user"
 )
 
 // TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
index d5eaa27143..cddfa44253 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
@@ -88,6 +88,7 @@ void nsenter() {
 	static const struct option longopts[] = {
 		{ "nspid",         required_argument, NULL, 'n' },
 		{ "containerjson", required_argument, NULL, 'c' },
+                { "console",       required_argument, NULL, 't' },
 		{ NULL,            0,                 NULL,  0  }
 	};
 
@@ -95,6 +96,7 @@ void nsenter() {
 	pid_t init_pid = -1;
 	char *init_pid_str = NULL;
 	char *container_json = NULL;
+        char *console = NULL;
 	while ((c = getopt_long_only(argc, argv, "n:s:c:", longopts, NULL)) != -1) {
 		switch (c) {
 		case 'n':
@@ -103,6 +105,9 @@ void nsenter() {
 		case 'c':
 			container_json = optarg;
 			break;
+		case 't':
+			console = optarg;
+			break;
 		}
 	}
 
@@ -121,6 +126,21 @@ void nsenter() {
 	argc -= 3;
 	argv += 3;
 
+        if (setsid() == -1) {
+               fprintf(stderr, "setsid failed. Error: %s\n", strerror(errno));
+               exit(1);
+        }
+
+        // before we setns we need to dup the console
+        int consolefd = -1;
+        if (console != NULL) {
+               consolefd = open(console, O_RDWR);
+               if (consolefd < 0) {
+                    fprintf(stderr, "nsenter: failed to open console %s %s\n", console, strerror(errno));
+                    exit(1);
+              }
+        }
+
 	// Setns on all supported namespaces.
 	char ns_dir[PATH_MAX];
 	memset(ns_dir, 0, PATH_MAX);
@@ -159,6 +179,21 @@ void nsenter() {
 	// We must fork to actually enter the PID namespace.
 	int child = fork();
 	if (child == 0) {
+       if (consolefd != -1) {
+        if (dup2(consolefd, STDIN_FILENO) != 0) {
+            fprintf(stderr, "nsenter: failed to dup 0 %s\n",  strerror(errno));
+            exit(1);
+        }
+        if (dup2(consolefd, STDOUT_FILENO) != STDOUT_FILENO) {
+            fprintf(stderr, "nsenter: failed to dup 1 %s\n",  strerror(errno));
+            exit(1);
+        }
+        if (dup2(consolefd, STDERR_FILENO) != STDERR_FILENO) {
+            fprintf(stderr, "nsenter: failed to dup 2 %s\n",  strerror(errno));
+            exit(1);
+        }
+}
+
 		// Finish executing, let the Go runtime take over.
 		return;
 	} else {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
index 92accd4aaa..6b43fdf067 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
@@ -17,21 +17,27 @@ const (
 	VETH_INFO_PEER = 1
 	IFLA_NET_NS_FD = 28
 	SIOC_BRADDBR   = 0x89a0
+	SIOC_BRDELBR   = 0x89a1
 	SIOC_BRADDIF   = 0x89a2
 )
 
 var nextSeqNr uint32
 
 type ifreqHwaddr struct {
-	IfrnName   [16]byte
+	IfrnName   [IFNAMSIZ]byte
 	IfruHwaddr syscall.RawSockaddr
 }
 
 type ifreqIndex struct {
-	IfrnName  [16]byte
+	IfrnName  [IFNAMSIZ]byte
 	IfruIndex int32
 }
 
+type ifreqFlags struct {
+	IfrnName  [IFNAMSIZ]byte
+	Ifruflags uint16
+}
+
 func nativeEndian() binary.ByteOrder {
 	var x uint32 = 0x01020304
 	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
@@ -843,6 +849,10 @@ func getIfSocket() (fd int, err error) {
 }
 
 func NetworkChangeName(iface *net.Interface, newName string) error {
+	if len(newName) >= IFNAMSIZ {
+		return fmt.Errorf("Interface name %s too long", newName)
+	}
+
 	fd, err := getIfSocket()
 	if err != nil {
 		return err
@@ -895,13 +905,13 @@ func NetworkCreateVethPair(name1, name2 string) error {
 // Create the actual bridge device.  This is more backward-compatible than
 // netlink.NetworkLinkAdd and works on RHEL 6.
 func CreateBridge(name string, setMacAddr bool) error {
-	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+	if len(name) >= IFNAMSIZ {
+		return fmt.Errorf("Interface name %s too long", name)
+	}
+
+	s, err := getIfSocket()
 	if err != nil {
-		// ipv6 issue, creating with ipv4
-		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
-		if err != nil {
-			return err
-		}
+		return err
 	}
 	defer syscall.Close(s)
 
@@ -918,21 +928,48 @@ func CreateBridge(name string, setMacAddr bool) error {
 	return nil
 }
 
+// Delete the actual bridge device.
+func DeleteBridge(name string) error {
+	s, err := getIfSocket()
+	if err != nil {
+		return err
+	}
+	defer syscall.Close(s)
+
+	nameBytePtr, err := syscall.BytePtrFromString(name)
+	if err != nil {
+		return err
+	}
+
+	var ifr ifreqFlags
+	copy(ifr.IfrnName[:len(ifr.IfrnName)-1], []byte(name))
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s),
+		syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifr))); err != 0 {
+		return err
+	}
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s),
+		SIOC_BRDELBR, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {
+		return err
+	}
+	return nil
+}
+
 // Add a slave to abridge device.  This is more backward-compatible than
 // netlink.NetworkSetMaster and works on RHEL 6.
 func AddToBridge(iface, master *net.Interface) error {
-	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+	if len(master.Name) >= IFNAMSIZ {
+		return fmt.Errorf("Interface name %s too long", master.Name)
+	}
+
+	s, err := getIfSocket()
 	if err != nil {
-		// ipv6 issue, creating with ipv4
-		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
-		if err != nil {
-			return err
-		}
+		return err
 	}
 	defer syscall.Close(s)
 
 	ifr := ifreqIndex{}
-	copy(ifr.IfrnName[:], master.Name)
+	copy(ifr.IfrnName[:len(ifr.IfrnName)-1], master.Name)
 	ifr.IfruIndex = int32(iface.Index)
 
 	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), SIOC_BRADDIF, uintptr(unsafe.Pointer(&ifr))); err != 0 {
@@ -943,9 +980,13 @@ func AddToBridge(iface, master *net.Interface) error {
 }
 
 func setBridgeMacAddress(s int, name string) error {
+	if len(name) >= IFNAMSIZ {
+		return fmt.Errorf("Interface name %s too long", name)
+	}
+
 	ifr := ifreqHwaddr{}
 	ifr.IfruHwaddr.Family = syscall.ARPHRD_ETHER
-	copy(ifr.IfrnName[:], name)
+	copy(ifr.IfrnName[:len(ifr.IfrnName)-1], name)
 
 	for i := 0; i < 6; i++ {
 		ifr.IfruHwaddr.Data[i] = randIfrDataByte()
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
new file mode 100644
index 0000000000..ee61d5e266
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
@@ -0,0 +1,55 @@
+package netlink
+
+import (
+	"net"
+	"testing"
+)
+
+func TestCreateBridgeWithMac(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	name := "testbridge"
+
+	if err := CreateBridge(name, true); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name); err != nil {
+		t.Fatal(err)
+	}
+
+	// cleanup and tests
+
+	if err := DeleteBridge(name); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name); err == nil {
+		t.Fatal("expected error getting interface because bridge was deleted")
+	}
+}
+
+func TestCreateVethPair(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	var (
+		name1 = "veth1"
+		name2 = "veth2"
+	)
+
+	if err := NetworkCreateVethPair(name1, name2); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name1); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name2); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
index 2c4d31940c..f428933c13 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
@@ -67,6 +67,10 @@ func CreateBridge(name string, setMacAddr bool) error {
 	return ErrNotImplemented
 }
 
+func DeleteBridge(name string) error {
+	return ErrNotImplemented
+}
+
 func AddToBridge(iface, master *net.Interface) error {
 	return ErrNotImplemented
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/network/stats.go b/components/engine/vendor/src/github.com/docker/libcontainer/network/stats.go
index b69fa91851..c8ece5c7b0 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/network/stats.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/network/stats.go
@@ -9,36 +9,37 @@ import (
 )
 
 type NetworkStats struct {
-	RxBytes   uint64 `json:"rx_bytes,omitempty"`
-	RxPackets uint64 `json:"rx_packets,omitempty"`
-	RxErrors  uint64 `json:"rx_errors,omitempty"`
-	RxDropped uint64 `json:"rx_dropped,omitempty"`
-	TxBytes   uint64 `json:"tx_bytes,omitempty"`
-	TxPackets uint64 `json:"tx_packets,omitempty"`
-	TxErrors  uint64 `json:"tx_errors,omitempty"`
-	TxDropped uint64 `json:"tx_dropped,omitempty"`
+	RxBytes   uint64 `json:"rx_bytes"`
+	RxPackets uint64 `json:"rx_packets"`
+	RxErrors  uint64 `json:"rx_errors"`
+	RxDropped uint64 `json:"rx_dropped"`
+	TxBytes   uint64 `json:"tx_bytes"`
+	TxPackets uint64 `json:"tx_packets"`
+	TxErrors  uint64 `json:"tx_errors"`
+	TxDropped uint64 `json:"tx_dropped"`
 }
 
 // Returns the network statistics for the network interfaces represented by the NetworkRuntimeInfo.
-func GetStats(networkState *NetworkState) (NetworkStats, error) {
+func GetStats(networkState *NetworkState) (*NetworkStats, error) {
 	// This can happen if the network runtime information is missing - possible if the container was created by an old version of libcontainer.
 	if networkState.VethHost == "" {
-		return NetworkStats{}, nil
+		return &NetworkStats{}, nil
 	}
 	data, err := readSysfsNetworkStats(networkState.VethHost)
 	if err != nil {
-		return NetworkStats{}, err
+		return nil, err
 	}
 
-	return NetworkStats{
-		RxBytes:   data["rx_bytes"],
-		RxPackets: data["rx_packets"],
-		RxErrors:  data["rx_errors"],
-		RxDropped: data["rx_dropped"],
-		TxBytes:   data["tx_bytes"],
-		TxPackets: data["tx_packets"],
-		TxErrors:  data["tx_errors"],
-		TxDropped: data["tx_dropped"],
+	// Ingress for host veth is from the container. Hence tx_bytes stat on the host veth is actually number of bytes received by the container.
+	return &NetworkStats{
+		RxBytes:   data["tx_bytes"],
+		RxPackets: data["tx_packets"],
+		RxErrors:  data["tx_errors"],
+		RxDropped: data["tx_dropped"],
+		TxBytes:   data["rx_bytes"],
+		TxPackets: data["rx_packets"],
+		TxErrors:  data["rx_errors"],
+		TxDropped: data["rx_dropped"],
 	}, nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index 690af5f5eb..5d41046656 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -10,10 +10,10 @@ import (
 	"syscall"
 
 	"github.com/codegangsta/cli"
+	"github.com/docker/docker/pkg/term"
 	"github.com/docker/libcontainer"
 	consolepkg "github.com/docker/libcontainer/console"
 	"github.com/docker/libcontainer/namespaces"
-	"github.com/dotcloud/docker/pkg/term"
 )
 
 var execCommand = cli.Command{
@@ -36,7 +36,7 @@ func execAction(context *cli.Context) {
 	}
 
 	if state != nil {
-		err = namespaces.ExecIn(container, state, []string(context.Args()))
+		exitCode, err = runIn(container, state, []string(context.Args()))
 	} else {
 		exitCode, err = startContainer(container, dataPath, []string(context.Args()))
 	}
@@ -48,6 +48,59 @@ func execAction(context *cli.Context) {
 	os.Exit(exitCode)
 }
 
+func runIn(container *libcontainer.Config, state *libcontainer.State, args []string) (int, error) {
+	var (
+		master  *os.File
+		console string
+		err     error
+
+		stdin  = os.Stdin
+		stdout = os.Stdout
+		stderr = os.Stderr
+		sigc   = make(chan os.Signal, 10)
+	)
+
+	signal.Notify(sigc)
+
+	if container.Tty {
+		stdin = nil
+		stdout = nil
+		stderr = nil
+
+		master, console, err = consolepkg.CreateMasterAndConsole()
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		go io.Copy(master, os.Stdin)
+		go io.Copy(os.Stdout, master)
+
+		state, err := term.SetRawTerminal(os.Stdin.Fd())
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		defer term.RestoreTerminal(os.Stdin.Fd(), state)
+	}
+
+	startCallback := func(cmd *exec.Cmd) {
+		go func() {
+			resizeTty(master)
+
+			for sig := range sigc {
+				switch sig {
+				case syscall.SIGWINCH:
+					resizeTty(master)
+				default:
+					cmd.Process.Signal(sig)
+				}
+			}
+		}()
+	}
+
+	return namespaces.RunIn(container, state, args, os.Args[0], stdin, stdout, stderr, console, startCallback)
+}
+
 // startContainer starts the container. Returns the exit status or -1 and an
 // error.
 //
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
index 743b20a929..11d646ebea 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -14,6 +14,7 @@ var nsenterCommand = cli.Command{
 	Flags: []cli.Flag{
 		cli.IntFlag{Name: "nspid"},
 		cli.StringFlag{Name: "containerjson"},
+		cli.StringFlag{Name: "console"},
 	},
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
index 55da87ff26..bfa79578fe 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
@@ -15,8 +15,8 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/libcontainer/system"
-	"github.com/dotcloud/docker/pkg/mount"
 )
 
 const (
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/types.go b/components/engine/vendor/src/github.com/docker/libcontainer/types.go
index 5095dca66a..c341137ec8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/types.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/types.go
@@ -6,6 +6,6 @@ import (
 )
 
 type ContainerStats struct {
-	NetworkStats network.NetworkStats `json:"network_stats, omitempty"`
-	CgroupStats  *cgroups.Stats       `json:"cgroup_stats, omitempty"`
+	NetworkStats *network.NetworkStats `json:"network_stats,omitempty"`
+	CgroupStats  *cgroups.Stats        `json:"cgroup_stats,omitempty"`
 }

From 2273fb0f55279c23c2ad52132f064f1291f399dd Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 24 Jul 2014 22:25:29 +0000
Subject: [PATCH 238/516] gofmt -s -w

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 5a0ef08c940b9a17c400389bca8e7f54935ceba9
Component: engine
---
 components/engine/daemon/container.go                       | 4 ++--
 components/engine/daemon/daemon.go                          | 2 +-
 components/engine/daemon/execdriver/lxc/driver.go           | 6 +++---
 components/engine/daemon/execdriver/lxc/init.go             | 2 +-
 components/engine/daemon/execdriver/lxc/lxc_init_linux.go   | 6 +++---
 components/engine/daemon/execdriver/lxc/lxc_template.go     | 2 +-
 .../engine/daemon/execdriver/lxc/lxc_template_unit_test.go  | 2 +-
 .../engine/daemon/execdriver/native/configuration/parse.go  | 2 +-
 .../daemon/execdriver/native/configuration/parse_test.go    | 2 +-
 components/engine/daemon/execdriver/native/create.go        | 6 +++---
 components/engine/daemon/execdriver/native/driver.go        | 6 +++---
 components/engine/daemon/execdriver/utils.go                | 2 +-
 components/engine/daemon/graphdriver/aufs/aufs.go           | 2 +-
 components/engine/daemon/graphdriver/devmapper/deviceset.go | 2 +-
 components/engine/daemon/networkdriver/bridge/driver.go     | 2 +-
 15 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index e80c661eef..fad6103c75 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -15,8 +15,6 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/libcontainer/devices"
-	"github.com/docker/libcontainer/label"
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/graphdriver"
@@ -30,6 +28,8 @@ import (
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 	"github.com/docker/docker/utils/broadcastwriter"
+	"github.com/docker/libcontainer/devices"
+	"github.com/docker/libcontainer/label"
 )
 
 const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 646af18e04..5703269431 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -12,7 +12,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/libcontainer/label"
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/execdriver/execdrivers"
@@ -34,6 +33,7 @@ import (
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 	"github.com/docker/docker/utils/broadcastwriter"
+	"github.com/docker/libcontainer/label"
 )
 
 // Set the max depth to the aufs default that most
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index ffe7833a05..c795d54443 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -16,12 +16,12 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/libcontainer/cgroups"
-	"github.com/docker/libcontainer/label"
-	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/cgroups"
+	"github.com/docker/libcontainer/label"
+	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/kr/pty"
 )
 
diff --git a/components/engine/daemon/execdriver/lxc/init.go b/components/engine/daemon/execdriver/lxc/init.go
index 45ad1d1bc0..246c56f0c1 100644
--- a/components/engine/daemon/execdriver/lxc/init.go
+++ b/components/engine/daemon/execdriver/lxc/init.go
@@ -9,8 +9,8 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/docker/libcontainer/netlink"
 	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/libcontainer/netlink"
 )
 
 // Clear environment pollution introduced by lxc-start
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 1d0b395217..dac8bb273f 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -7,12 +7,12 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/docker/libcontainer/namespaces"
-	"github.com/docker/libcontainer/security/capabilities"
-	"github.com/docker/libcontainer/utils"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/execdriver/native/template"
 	"github.com/docker/docker/pkg/system"
+	"github.com/docker/libcontainer/namespaces"
+	"github.com/docker/libcontainer/security/capabilities"
+	"github.com/docker/libcontainer/utils"
 )
 
 func setHostname(hostname string) error {
diff --git a/components/engine/daemon/execdriver/lxc/lxc_template.go b/components/engine/daemon/execdriver/lxc/lxc_template.go
index c831564b87..08b3e7c82b 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template.go
@@ -4,8 +4,8 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/docker/libcontainer/label"
 	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/libcontainer/label"
 )
 
 const LxcTemplate = `
diff --git a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
index a7c2bf682e..8acda804ee 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template_unit_test.go
@@ -13,8 +13,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/docker/libcontainer/devices"
 	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/libcontainer/devices"
 )
 
 func TestLXCConfig(t *testing.T) {
diff --git a/components/engine/daemon/execdriver/native/configuration/parse.go b/components/engine/daemon/execdriver/native/configuration/parse.go
index 7aba4820ab..e021fa0de4 100644
--- a/components/engine/daemon/execdriver/native/configuration/parse.go
+++ b/components/engine/daemon/execdriver/native/configuration/parse.go
@@ -7,8 +7,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/libcontainer"
 	"github.com/docker/docker/pkg/units"
+	"github.com/docker/libcontainer"
 )
 
 type Action func(*libcontainer.Config, interface{}, string) error
diff --git a/components/engine/daemon/execdriver/native/configuration/parse_test.go b/components/engine/daemon/execdriver/native/configuration/parse_test.go
index 8b1d275aed..1493d2b29b 100644
--- a/components/engine/daemon/execdriver/native/configuration/parse_test.go
+++ b/components/engine/daemon/execdriver/native/configuration/parse_test.go
@@ -3,8 +3,8 @@ package configuration
 import (
 	"testing"
 
-	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/docker/docker/daemon/execdriver/native/template"
+	"github.com/docker/libcontainer/security/capabilities"
 )
 
 // Checks whether the expected capability is specified in the capabilities.
diff --git a/components/engine/daemon/execdriver/native/create.go b/components/engine/daemon/execdriver/native/create.go
index e602e49a06..e475a1f2ad 100644
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@@ -8,14 +8,14 @@ import (
 	"os/exec"
 	"path/filepath"
 
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/daemon/execdriver/native/configuration"
+	"github.com/docker/docker/daemon/execdriver/native/template"
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/devices"
 	"github.com/docker/libcontainer/mount"
 	"github.com/docker/libcontainer/security/capabilities"
-	"github.com/docker/docker/daemon/execdriver"
-	"github.com/docker/docker/daemon/execdriver/native/configuration"
-	"github.com/docker/docker/daemon/execdriver/native/template"
 )
 
 // createContainer populates and configures the container type with the
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 5ffc6a4488..51767a99d6 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -14,15 +14,15 @@ import (
 	"sync"
 	"syscall"
 
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/term"
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/docker/libcontainer/cgroups/systemd"
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/syncpipe"
-	"github.com/docker/docker/daemon/execdriver"
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/pkg/term"
 )
 
 const (
diff --git a/components/engine/daemon/execdriver/utils.go b/components/engine/daemon/execdriver/utils.go
index c1317fb833..c2526e1b9b 100644
--- a/components/engine/daemon/execdriver/utils.go
+++ b/components/engine/daemon/execdriver/utils.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/security/capabilities"
 )
 
 func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
diff --git a/components/engine/daemon/graphdriver/aufs/aufs.go b/components/engine/daemon/graphdriver/aufs/aufs.go
index d1fa91d6d4..91eeb95e8d 100644
--- a/components/engine/daemon/graphdriver/aufs/aufs.go
+++ b/components/engine/daemon/graphdriver/aufs/aufs.go
@@ -30,11 +30,11 @@ import (
 	"sync"
 	"syscall"
 
-	"github.com/docker/libcontainer/label"
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/graphdriver"
 	mountpk "github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/label"
 )
 
 var (
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 518bef2180..bbe034b148 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -18,10 +18,10 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/libcontainer/label"
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/pkg/units"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/label"
 )
 
 var (
diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index caedb7202a..d66ba67127 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -8,7 +8,6 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/libcontainer/netlink"
 	"github.com/docker/docker/daemon/networkdriver"
 	"github.com/docker/docker/daemon/networkdriver/ipallocator"
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
@@ -17,6 +16,7 @@ import (
 	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/netlink"
 )
 
 const (

From adbef64a84ee335a1fb928c2f6340d5807b9cfe8 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 24 Jul 2014 22:30:05 +0000
Subject: [PATCH 239/516] revert AUTHORS changes

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 10822462624d9eb3e1801577540613d74b1bb225
Component: engine
---
 components/engine/AUTHORS | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index a83074b1d4..10f01fb589 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -193,7 +193,7 @@ Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jeff Lindsay <progrium@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
-Jérôme Petazzoni <jerome.petazzoni@docker.com>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
 Jesse Dubay <jesse@thefortytwo.net>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
@@ -418,7 +418,7 @@ Tzu-Jung Lee <roylee17@gmail.com>
 Ulysse Carion <ulyssecarion@gmail.com>
 unclejack <unclejacksons@gmail.com>
 vgeta <gopikannan.venugopalsamy@gmail.com>
-Victor Coisne <victor.coisne@docker.com>
+Victor Coisne <victor.coisne@dotcloud.com>
 Victor Lyuboslavsky <victor@victoreda.com>
 Victor Marmol <vmarmol@google.com>
 Victor Vieux <victor.vieux@docker.com>

From d2405bde3d22ad232539b0124ecc3e52bed1cd58 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 24 Jul 2014 16:49:39 -0600
Subject: [PATCH 240/516] Add new script to generate AUTHORS and regenerate
 AUTHORS (fixing a few new dups too)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 771ed2391536ad722e32be519039454cc98668e8
Component: engine
---
 components/engine/.mailmap                 |  19 +++-
 components/engine/AUTHORS                  | 124 ++++++++++++++++++++-
 components/engine/hack/generate-authors.sh |  15 +++
 3 files changed, 152 insertions(+), 6 deletions(-)
 create mode 100755 components/engine/hack/generate-authors.sh

diff --git a/components/engine/.mailmap b/components/engine/.mailmap
index 683758650e..bd6360a2af 100644
--- a/components/engine/.mailmap
+++ b/components/engine/.mailmap
@@ -1,4 +1,9 @@
-# Generate AUTHORS: git log --format='%aN <%aE>' | sort -uf
+# Generate AUTHORS: hack/generate-authors.sh
+
+# Tip for finding duplicates (besides scanning the output of AUTHORS for name
+# duplicates that aren't also email duplicates): scan the output of:
+#   git log --format='%aE - %aN' | sort -uf
+
 <charles.hooper@dotcloud.com> <chooper@plumata.com>
 <daniel.mizyrycki@dotcloud.com> <daniel@dotcloud.com>
 <daniel.mizyrycki@dotcloud.com> <mzdaniel@glidelink.net>
@@ -47,7 +52,8 @@ Shih-Yuan Lee <fourdollars@gmail.com>
 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com> root <root@vagrant-ubuntu-12.10.vagrantup.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 <proppy@google.com> <proppy@aminche.com>
-<michael@crosbymichael.com> <crosby.michael@gmail.com>
+<michael@docker.com> <michael@crosbymichael.com>
+<michael@docker.com> <crosby.michael@gmail.com>
 <github@metaliveblog.com> <github@developersupport.net>
 <brandon@ifup.org> <brandon@ifup.co>
 <dano@spotify.com> <daniel.norberg@gmail.com>
@@ -78,3 +84,12 @@ Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
 Liang-Chi Hsieh <viirya@gmail.com>
 Aleksa Sarai <cyphar@cyphar.com>
 Will Weaver <monkey@buildingbananas.com>
+Timothy Hobbs <timothyhobbs@seznam.cz>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
+Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
+<github@hollensbe.org> <erik+github@hollensbe.org>
+<github@albersweb.de> <albers@users.noreply.github.com>
+<lsm5@fedoraproject.org> <lsm5@redhat.com>
+<marc@marc-abramowitz.com> <msabramo@gmail.com>
+Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
+<bernat@luffy.cx> <vincent@bernat.im>
diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 10f01fb589..38f2f38c2a 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -1,5 +1,5 @@
 # This file lists all individuals having contributed content to the repository.
-# For how it is generated, see `.mailmap`.
+# For how it is generated, see `hack/generate-authors.sh`.
 
 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron Feng <aaron.feng@gmail.com>
@@ -9,25 +9,35 @@ Adam Miller <admiller@redhat.com>
 Adam Singer <financeCoding@gmail.com>
 Aditya <aditya@netroy.in>
 Adrian Mouat <adrian.mouat@gmail.com>
+Adrien Folie <folie.adrien@gmail.com>
+AJ Bowen <aj@gandi.net>
 alambike <alambike@gmail.com>
+Albert Zhang <zhgwenming@gmail.com>
 Aleksa Sarai <cyphar@cyphar.com>
 Alexander Larsson <alexl@redhat.com>
+Alexander Shopov <ash@kambanaria.org>
 Alexandr Morozov <lk4d4math@gmail.com>
 Alexey Kotlyarov <alexey@infoxchange.net.au>
 Alexey Shamrin <shamrin@gmail.com>
 Alex Gaynor <alex.gaynor@gmail.com>
 Alexis THOMAS <fr.alexisthomas@gmail.com>
+Alex Warhawk <ax.warhawk@gmail.com>
 almoehi <almoehi@users.noreply.github.com>
 Al Tobey <al@ooyala.com>
+Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 amangoel <amangoel@gmail.com>
+AnandkumarPatel <anandkumarpatel@gmail.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
 Andreas Savvides <andreas@editd.com>
 Andreas Tiefenthaler <at@an-ti.eu>
 Andrea Turli <andrea.turli@gmail.com>
+Andre Dublin <81dublin@gmail.com>
 Andrew Duckworth <grillopress@gmail.com>
+Andrew France <andrew@avito.co.uk>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Munsell <andrew@wizardapps.net>
 Andrews Medina <andrewsmedina@gmail.com>
+Andrew Weiss <andrew.weiss@microsoft.com>
 Andrew Williams <williams.andrew@gmail.com>
 Andy Chambers <anchambers@paypal.com>
 andy diller <dillera@gmail.com>
@@ -36,6 +46,7 @@ Andy Kipp <andy@rstudio.com>
 Andy Rothfusz <github@metaliveblog.com>
 Andy Smith <github@anarkystic.com>
 Anthony Bishopric <git@anthonybishopric.com>
+Anton Löfgren <anton.lofgren@gmail.com>
 Anton Nikitin <anton.k.nikitin@gmail.com>
 Antony Messerli <amesserl@rackspace.com>
 apocas <petermdias@gmail.com>
@@ -44,6 +55,8 @@ Asbjørn Enge <asbjorn@hanafjedle.net>
 Barnaby Gray <barnaby@pickle.me.uk>
 Barry Allard <barry.allard@gmail.com>
 Bartłomiej Piotrowski <b@bpiotrowski.pl>
+bdevloed <boris.de.vloed@gmail.com>
+Ben Firshman <ben@firshman.co.uk>
 Benjamin Atkin <ben@benatkin.com>
 Benoit Chesneau <bchesneau@gmail.com>
 Ben Sargent <ben@brokendigits.com>
@@ -53,16 +66,22 @@ Bernerd Schaefer <bj.schaefer@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 bin liu <liubin0329@users.noreply.github.com>
 Bouke Haarsma <bouke@webatoom.nl>
+Boyd Hemphill <boyd@feedmagnet.com>
 Brandon Liu <bdon@bdon.org>
 Brandon Philips <brandon@ifup.org>
+Brandon Rhodes <brandon@rhodesmill.org>
+Brett Kochendorfer <brett.kochendorfer@gmail.com>
+Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Dorsey <brian@dorseys.org>
 Brian Flad <bflad417@gmail.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian McCallister <brianm@skife.org>
 Brian Olsen <brian@maven-group.org>
 Brian Shumate <brian@couchbase.com>
+Brice Jaglin <bjaglin@teads.tv>
 Briehan Lombaard <briehan.lombaard@gmail.com>
 Bruno Bigras <bigras.bruno@gmail.com>
+Bryan Bess <squarejaw@bsbess.com>
 Bryan Matsuo <bryan.matsuo@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
 Caleb Spare <cespare@gmail.com>
@@ -73,19 +92,29 @@ Charles Hooper <charles.hooper@dotcloud.com>
 Charles Lindsay <chaz@chazomatic.us>
 Charles Merriam <charles.merriam@gmail.com>
 Charlie Lewis <charliel@lab41.org>
+Chewey <prosto-chewey@users.noreply.github.com>
 Chia-liang Kao <clkao@clkao.org>
+Chris Alfonso <calfonso@redhat.com>
+chrismckinnel <chris.mckinnel@tangentlabs.co.uk>
+Chris Snow <chsnow123@gmail.com>
 Chris St. Pierre <chris.a.st.pierre@gmail.com>
+Christian Berendt <berendt@b1-systems.de>
 Christopher Currie <codemonkey+github@gmail.com>
 Christopher Rigor <crigor@gmail.com>
 Christophe Troestler <christophe.Troestler@umons.ac.be>
 Clayton Coleman <ccoleman@redhat.com>
 Colin Dunklau <colin.dunklau@gmail.com>
 Colin Rice <colin@daedrum.net>
+Colin Walters <walters@verbum.org>
 Cory Forsyth <cory.forsyth@gmail.com>
+cpuguy83 <cpuguy83@gmail.com>
 cressie176 <github@stephen-cresswell.net>
+Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
+Daan van Berkel <daan.v.berkel.1980@gmail.com>
 Dafydd Crosby <dtcrsby@gmail.com>
 Dan Buch <d.buch@modcloth.com>
 Dan Hirsch <thequux@upstandinghackers.com>
+Daniel, Dao Quang Minh <dqminh89@gmail.com>
 Daniel Exner <dex@dragonslave.de>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
@@ -106,11 +135,13 @@ Darren Coxall <darren@darrencoxall.com>
 Darren Shepherd <darren.s.shepherd@gmail.com>
 David Anderson <dave@natulte.net>
 David Calavera <david.calavera@gmail.com>
+David Corking <dmc-source@dcorking.com>
 David Gageot <david@gageot.net>
 David Mcanulty <github@hellspark.com>
 David Röthlisberger <david@rothlis.net>
 David Sissitka <me@dsissitka.com>
 Deni Bertovic <deni@kset.org>
+Derek <crq@kernel.org>
 Dinesh Subhraveti <dineshs@altiscale.com>
 Djibril Koné <kone.djibril@gmail.com>
 dkumor <daniel@dkumor.com>
@@ -118,6 +149,7 @@ Dmitry Demeshchuk <demeshchuk@gmail.com>
 Dolph Mathews <dolph.mathews@gmail.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
+doug tangren <d.tangren@gmail.com>
 Dražen Lučanin <kermit666@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
 Dustin Sallings <dustin@spy.net>
@@ -130,9 +162,11 @@ Emily Rose <emily@contactvibe.com>
 Eric Hanchrow <ehanchrow@ine.com>
 Eric Lee <thenorthsecedes@gmail.com>
 Eric Myhre <hash@exultant.us>
-Erik Hollensbe <erik+github@hollensbe.org>
+Eric Windisch <ewindisch@docker.com>
+Erik Hollensbe <github@hollensbe.org>
 Erno Hopearuoho <erno.hopearuoho@gmail.com>
 eugenkrizo <eugen.krizo@gmail.com>
+evanderkoogh <info@erronis.nl>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
 Evan Phoenix <evan@fallingsnow.net>
@@ -147,12 +181,16 @@ Fareed Dudhia <fareeddudhia@googlemail.com>
 Felix Rabe <felix@rabe.io>
 Fernando <fermayo@gmail.com>
 Flavio Castelli <fcastelli@suse.com>
+FLGMwt <ryan.stelly@live.com>
+Francisco Carriedo <fcarriedo@gmail.com>
 Francisco Souza <f@souza.cc>
 Frank Macreery <frank@macreery.com>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
 Frederik Loeffert <frederik@zitrusmedia.de>
+Fred Lifton <fred.lifton@docker.com>
 Freek Kalter <freek@kalteronline.org>
 Gabe Rosenhouse <gabe@missionst.com>
+Gabor Nagy <mail@aigeruth.hu>
 Gabriel Monroy <gabriel@opdemand.com>
 Galen Sampson <galen.sampson@gmail.com>
 Gareth Rushgrove <gareth@morethanseven.net>
@@ -160,23 +198,34 @@ Geoffrey Bachelet <grosfrais@gmail.com>
 Gereon Frey <gereon.frey@dynport.de>
 German DZ <germ@ndz.com.ar>
 Gert van Valkenhoef <g.h.m.van.valkenhoef@rug.nl>
+Giuseppe Mazzotta <gdm85@users.noreply.github.com>
+Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Glyn Normington <gnormington@gopivotal.com>
 Goffert van Gool <goffert@phusion.nl>
 Graydon Hoare <graydon@pobox.com>
 Greg Thornton <xdissent@me.com>
 grunny <mwgrunny@gmail.com>
+Guilherme Salgado <gsalgado@gmail.com>
 Guillaume J. Charmes <guillaume.charmes@docker.com>
 Gurjeet Singh <gurjeet@singh.im>
 Guruprasad <lgp171188@gmail.com>
+Harald Albers <github@albersweb.de>
 Harley Laue <losinggeneration@gmail.com>
 Hector Castro <hectcastro@gmail.com>
+Henning Sprang <henning.sprang@gmail.com>
 Hobofan <goisser94@gmail.com>
 Hunter Blanks <hunter@twilio.com>
+hyeongkyu.lee <hyeongkyu.lee@navercorp.com>
+Ian Babrou <ibobrik@gmail.com>
+Ian Bull <irbull@gmail.com>
+Ian Main <imain@redhat.com>
 Ian Truslove <ian.truslove@gmail.com>
 ILYA Khlopotov <ilya.khlopotov@gmail.com>
 inglesp <peter.inglesby@gmail.com>
 Isaac Dupree <antispam@idupree.com>
 Isabel Jimenez <contact.isabeljimenez@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
+Ivan Fraixedes <ifcdev@gmail.com>
 Jack Danger Canty <jackdanger@squareup.com>
 jakedt <jake@devtable.com>
 Jake Moshenko <jake@devtable.com>
@@ -184,20 +233,31 @@ James Allen <jamesallen0108@gmail.com>
 James Carr <james.r.carr@gmail.com>
 James DeFelice <james.defelice@ishisystems.com>
 James Harrison Fisher <jameshfisher@gmail.com>
+James Kyle <james@jameskyle.org>
 James Mills <prologic@shortcircuit.net.au>
 James Turnbull <james@lovedthanlost.net>
+Jan Pazdziora <jpazdziora@redhat.com>
+Jaroslaw Zabiello <hipertracker@gmail.com>
 jaseg <jaseg@jaseg.net>
+Jason Giedymin <jasong@apache.org>
+Jason Hall <imjasonh@gmail.com>
+Jason Livesay <ithkuil@gmail.com>
 Jason McVetta <jason.mcvetta@gmail.com>
 Jason Plum <jplum@devonit.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jeff Lindsay <progrium@gmail.com>
+Jeffrey Bolle <jeffreybolle@gmail.com>
+Jeff Welch <whatthejeff@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
 Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
 Jesse Dubay <jesse@thefortytwo.net>
+Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
 Jimmy Cuadra <jimmy@jimmycuadra.com>
+Jim Perrin <jperrin@centos.org>
+Jiří Župka <jzupka@redhat.com>
 Joe Beda <joe.github@bedafamily.com>
 Joel Handwell <joelhandwell@gmail.com>
 Joe Shaw <joe@joeshaw.org>
@@ -209,8 +269,11 @@ Johan Rydberg <johan.rydberg@gmail.com>
 John Costa <john.costa@gmail.com>
 John Feminella <jxf@jxf.me>
 John Gardiner Myers <jgmyers@proofpoint.com>
+John OBrien III <jobrieniii@yahoo.com>
 John Warwick <jwarwick@gmail.com>
 Jonas Pfenniger <jonas@pfenniger.name>
+Jonathan Boulle <jonathanboulle@gmail.com>
+Jonathan Camp <jonathan@irondojo.com>
 Jonathan McCrohan <jmccrohan@gmail.com>
 Jonathan Mueller <j.mueller@apoveda.ch>
 Jonathan Pares <jonathanpa@users.noreply.github.com>
@@ -222,9 +285,11 @@ Jordan Sissel <jls@semicomplete.com>
 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Joseph Hager <ajhager@gmail.com>
 Josh Hawn <josh.hawn@docker.com>
+Josh <jokajak@gmail.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
 JP <jpellerin@leapfrogonline.com>
 Julien Barbier <write0@gmail.com>
+Julien Bordellier <julienbordellier@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>
 Justin Plock <jplock@users.noreply.github.com>
@@ -239,33 +304,43 @@ Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
 Kevin Clark <kevin.clark@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
 Kevin Menard <kevin@nirvdrum.com>
+Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
 Kevin Wallace <kevin@pentabarf.net>
 Keyvan Fatehi <keyvanfatehi@gmail.com>
+kies <lleelm@gmail.com>
 kim0 <email.ahmedkamal@googlemail.com>
 Kim BKC Carlbacker <kim.carlbacker@gmail.com>
 Kimbro Staken <kstaken@kstaken.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
+Kohei Tsuruta <coheyxyz@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kyle Conroy <kyle.j.conroy@gmail.com>
+kyu <leehk1227@gmail.com>
 lalyos <lalyos@yahoo.com>
 Lance Chen <cyen0312@gmail.com>
 Lars R. Damerow <lars@pixar.com>
 Laurie Voss <github@seldo.com>
+leeplay <hyeongkyu.lee@navercorp.com>
+Len Weincier <len@cloudafrica.net>
+Levi Gross <levi@levigross.com>
 Lewis Peckover <lew+github@lew.io>
 Liang-Chi Hsieh <viirya@gmail.com>
-Lokesh Mandvekar <lsm5@redhat.com>
+Lokesh Mandvekar <lsm5@fedoraproject.org>
 Louis Opter <kalessin@kalessin.fr>
 lukaspustina <lukas.pustina@centerdevice.com>
 lukemarsden <luke@digital-crocus.com>
 Mahesh Tiyyagura <tmahesh@gmail.com>
+Manfred Zabarauskas <manfredas@zabarauskas.com>
 Manuel Meurer <manuel@krautcomputing.com>
 Manuel Woelker <github@manuel.woelker.org>
 Marc Abramowitz <marc@marc-abramowitz.com>
 Marc Kuo <kuomarc2@gmail.com>
 Marco Hennings <marco.hennings@freiheit.com>
 Marcus Farkas <toothlessgear@finitebox.com>
+marcuslinke <marcus.linke@gmx.de>
 Marcus Ramberg <marcus@nordaaker.com>
 Marek Goldmann <marek.goldmann@gmail.com>
+Marius Voila <marius.voila@gmail.com>
 Mark Allen <mrallen1@yahoo.com>
 Mark McGranaghan <mmcgrana@gmail.com>
 Marko Mikulicic <mmikulicic@gmail.com>
@@ -278,30 +353,39 @@ Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
 Matt Apperson <me@mattapperson.com>
 Matt Bachmann <bachmann.matt@gmail.com>
 Matt Haggard <haggardii@gmail.com>
+Matthew Heon <mheon@redhat.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Matthias Klumpp <matthias@tenstral.net>
 Matthias Kühnle <git.nivoc@neverbox.com>
 mattymo <raytrac3r@gmail.com>
+mattyw <mattyw@me.com>
 Maxime Petazzoni <max@signalfuse.com>
 Maxim Treskin <zerthurd@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
 meejah <meejah@meejah.ca>
 Michael Brown <michael@netdirect.ca>
-Michael Crosby <michael@crosbymichael.com>
+Michael Crosby <michael@docker.com>
 Michael Gorsuch <gorsuch@github.com>
 Michael Neale <michael.neale@gmail.com>
+Michaël Pailloncy <mpapo.dev@gmail.com>
+Michael Prokop <github@michael-prokop.at>
 Michael Stapelberg <michael+gh@stapelberg.de>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
+Mike Chelen <michael.chelen@gmail.com>
 Mike Gaffney <mike@uberu.com>
 Mike MacCana <mike.maccana@gmail.com>
 Mike Naberezny <mike@naberezny.com>
+Mike Snitzer <snitzer@redhat.com>
 Mikhail Sobolev <mss@mawhrin.net>
 Mohit Soni <mosoni@ebay.com>
 Morgante Pell <morgante.pell@morgante.net>
 Morten Siebuhr <sbhr@sbhr.dk>
+Mrunal Patel <mrunalp@gmail.com>
 Nan Monnand Deng <monnand@gmail.com>
+Naoki Orii <norii@cs.cmu.edu>
 Nate Jones <nate@endot.org>
 Nathan Kleyn <nathan@nathankleyn.com>
+Nathan LeClaire <nathan.leclaire@docker.com>
 Nelson Chen <crazysim@gmail.com>
 Niall O'Higgins <niallo@unworkable.org>
 Nick Payne <nick@kurai.co.uk>
@@ -309,11 +393,14 @@ Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
 Nicolas Dudebout <nicolas.dudebout@gatech.edu>
 Nicolas Kaiser <nikai@nikai.net>
+NikolaMandic <mn080202@gmail.com>
 noducks <onemannoducks@gmail.com>
 Nolan Darilek <nolan@thewordnerd.info>
+OddBloke <daniel@daniel-watkins.co.uk>
 odk- <github@odkurzacz.org>
 Oguz Bilgic <fisyonet@gmail.com>
 Ole Reifschneider <mail@ole-reifschneider.de>
+Olivier Gambier <dmp42@users.noreply.github.com>
 O.S. Tezer <ostezer@gmail.com>
 pandrew <letters@paulnotcom.se>
 Pascal Borreli <pascal@borreli.com>
@@ -326,6 +413,7 @@ Paul Lietar <paul@lietar.net>
 Paul Morie <pmorie@gmail.com>
 Paul Nasrat <pnasrat@gmail.com>
 Paul <paul9869@gmail.com>
+Paul Weaver <pauweave@cisco.com>
 Peter Braden <peterbraden@peterbraden.co.uk>
 Peter Waller <peter@scraperwiki.com>
 Phillip Alexander <git@phillipalexander.io>
@@ -343,31 +431,46 @@ Ramon van Alteren <ramon@vanalteren.nl>
 Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>
 rgstephens <greg@udon.org>
 Rhys Hiltner <rhys@twitch.tv>
+Richard Harvey <richard@squarecows.com>
 Richo Healey <richo@psych0tik.net>
 Rick Bradley <rick@users.noreply.github.com>
+Rick van de Loo <rickvandeloo@gmail.com>
+Robert Bachmann <rb@robertbachmann.at>
 Robert Obryk <robryk@gmail.com>
 Roberto G. Hashioka <roberto.hashioka@docker.com>
+Robin Speekenbrink <robin@kingsquare.nl>
 robpc <rpcann@gmail.com>
 Rodrigo Vaz <rodrigo.vaz@gmail.com>
 Roel Van Nyen <roel.vannyen@gmail.com>
 Roger Peppe <rogpeppe@gmail.com>
 Rohit Jnagal <jnagal@google.com>
+Roland Huß <roland@jolokia.org>
 Roland Moriz <rmoriz@users.noreply.github.com>
+Ron Smits <ron.smits@gmail.com>
 Rovanion Luckey <rovanion.luckey@gmail.com>
+Rudolph Gottesheim <r.gottesheim@loot.at>
+Ryan Anderson <anderson.ryanc@gmail.com>
 Ryan Aslett <github@mixologic.com>
 Ryan Fowler <rwfowler@gmail.com>
 Ryan O'Donnell <odonnellryanc@gmail.com>
 Ryan Seto <ryanseto@yak.net>
 Ryan Thomas <rthomas@atlassian.com>
 Sam Alba <sam.alba@gmail.com>
+Sam Bailey <cyprix@cyprix.com.au>
 Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
+Sam Reis <sreis@atlassian.com>
 Sam Rijs <srijs@airpost.net>
 Samuel Andaya <samuel@andaya.net>
 Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Cronin <seancron@gmail.com>
 Sean P. Kane <skane@newrelic.com>
+Sébastien <sebastien@yoozio.com>
 Sébastien Stormacq <sebsto@users.noreply.github.com>
+Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
+SeongJae Park <sj38.park@gmail.com>
+Shane Canon <scanon@lbl.gov>
+shaunol <shaunol@gmail.com>
 Shawn Landden <shawn@churchofgit.com>
 Shawn Siefkas <shawn.siefkas@meredith.com>
 Shih-Yuan Lee <fourdollars@gmail.com>
@@ -375,9 +478,11 @@ Silas Sewell <silas@sewell.org>
 Simon Taranto <simon.taranto@gmail.com>
 Sindhu S <sindhus@live.in>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
+s-ko <aleks@s-ko.net>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
 Soulou <leo@unbekandt.eu>
+soulshake <amy@gandi.net>
 Sridatta Thatipamala <sthatipamala@gmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Steeve Morin <steeve.morin@gmail.com>
@@ -402,17 +507,22 @@ Tibor Vass <teabee89@gmail.com>
 Tim Bosse <taim@bosboot.org>
 Timothy Hobbs <timothyhobbs@seznam.cz>
 Tim Ruffles <oi@truffles.me.uk>
+Tim Ruffles <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
 tjmehta <tj@init.me>
 Tobias Bieniek <Tobias.Bieniek@gmx.de>
+Tobias Gesellchen <tobias@gesellix.de>
 Tobias Schmidt <ts@soundcloud.com>
 Tobias Schwab <tobias.schwab@dynport.de>
 Todd Lunter <tlunter@gmail.com>
 Tom Fotherby <tom+github@peopleperhour.com>
 Tom Hulihan <hulihan.tom159@gmail.com>
+Tom Maaswinkel <tom.maaswinkel@12wiki.eu>
 Tommaso Visconti <tommaso.visconti@gmail.com>
 Tony Daws <tony@daws.ca>
+tpng <benny.tpng@gmail.com>
 Travis Cline <travis.cline@gmail.com>
+Trent Ogren <tedwardo2@gmail.com>
 Tyler Brock <tyler.brock@gmail.com>
 Tzu-Jung Lee <roylee17@gmail.com>
 Ulysse Carion <ulyssecarion@gmail.com>
@@ -434,6 +544,7 @@ Vivek Agarwal <me@vivek.im>
 Vladimir Bulyga <xx@ccxx.cc>
 Vladimir Kirillov <proger@wilab.org.ua>
 Vladimir Rutsky <altsysrq@gmail.com>
+waitingkuo <waitingkuo0527@gmail.com>
 Walter Leibbrandt <github@wrl.co.za>
 Walter Stanish <walter@pratyeka.org>
 WarheadsSE <max@warheads.net>
@@ -441,14 +552,19 @@ Wes Morgan <cap10morgan@gmail.com>
 Will Dietz <w@wdtz.org>
 William Delanoue <william.delanoue@gmail.com>
 William Henry <whenry@redhat.com>
+William Riancho <wr.wllm@gmail.com>
+William Thurston <thurstw@amazon.com>
 Will Rouesnel <w.rouesnel@gmail.com>
 Will Weaver <monkey@buildingbananas.com>
 Xiuming Chen <cc@cxm.cc>
 Yang Bai <hamo.by@gmail.com>
 Yasunori Mahata <nori@mahata.net>
 Yurii Rashkovskii <yrashk@gmail.com>
+Zac Dover <zdover@redhat.com>
 Zain Memon <zain@inzain.net>
 Zaiste! <oh@zaiste.net>
+Zane DeGraffenried <zane.deg@gmail.com>
 Zilin Du <zilin.du@gmail.com>
 zimbatm <zimbatm@zimbatm.com>
+Zoltan Tombol <zoltan.tombol@gmail.com>
 zqh <zqhxuyuan@gmail.com>
diff --git a/components/engine/hack/generate-authors.sh b/components/engine/hack/generate-authors.sh
new file mode 100755
index 0000000000..83f61df373
--- /dev/null
+++ b/components/engine/hack/generate-authors.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")/.."
+
+# see also ".mailmap" for how email addresses and names are deduplicated
+
+{
+	cat <<-'EOH'
+	# This file lists all individuals having contributed content to the repository.
+	# For how it is generated, see `hack/generate-authors.sh`.
+	EOH
+	echo
+	git log --format='%aN <%aE>' | sort -uf
+} > AUTHORS

From 52dcbf17e984696ec2524bada40cfd1627911e91 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 22 Jul 2014 23:05:39 +0300
Subject: [PATCH 241/516] archive: add unclejack to MAINTAINERS

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 4fbc47e801531ae1738bb8d4cec0ee2450ccfcb9
Component: engine
---
 components/engine/archive/MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/archive/MAINTAINERS b/components/engine/archive/MAINTAINERS
index 43ec1d150d..2aac7265d2 100644
--- a/components/engine/archive/MAINTAINERS
+++ b/components/engine/archive/MAINTAINERS
@@ -1,2 +1,2 @@
-Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)
 Tibor Vass <teabee89@gmail.com> (@tiborvass)

From ed094d474ad79ddb282b71c178e8b55737240e5f Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 25 Jul 2014 01:08:04 +0000
Subject: [PATCH 242/516] allow sigquit to display stacktrace in debug mode

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 5b293f15967c3358b84fabd72723d4bb6571bae0
Component: engine
---
 components/engine/server/server.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index d9787317a7..41a4af32bc 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -94,7 +94,11 @@ func InitServer(job *engine.Job) engine.Status {
 	}
 	job.Logf("Setting up signal traps")
 	c := make(chan os.Signal, 1)
-	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
+	signals := []os.Signal{os.Interrupt, syscall.SIGTERM}
+	if os.Getenv("DEBUG") == "" {
+		signals = append(signals, syscall.SIGQUIT)
+	}
+	gosignal.Notify(c, signals...)
 	go func() {
 		interruptCount := uint32(0)
 		for sig := range c {

From 154cd33cd77e8570af72dec9de93a59df218205f Mon Sep 17 00:00:00 2001
From: "Michiel@unhosted" <michiel@unhosted.org>
Date: Fri, 25 Jul 2014 09:06:38 +0200
Subject: [PATCH 243/516] Typo in dockervolumes.md line 141? Upstream-commit:
 9503afbc9116b06585cf42715a7ae0bcd0fb7881 Component: engine

---
 components/engine/docs/sources/userguide/dockervolumes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 42b01ecf8b..4e1cd51edb 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -138,7 +138,7 @@ contents of the `dbdata` volume to a `backup.tar` file inside our
 `/backup` directory. When the command completes and the container stops
 we'll be left with a backup of our `dbdata` volume.
 
-You could then to restore to the same container, or another that you've made
+You could then restore it to the same container, or another that you've made
 elsewhere. Create a new container.
 
     $ sudo docker run -v /dbdata --name dbdata2 ubuntu /bin/bash

From fa3a5b81e86802b4de6cd0609464baa0fe80bbe8 Mon Sep 17 00:00:00 2001
From: Deric Crago <deric.crago@gmail.com>
Date: Fri, 25 Jul 2014 10:14:52 -0400
Subject: [PATCH 244/516] apache2 was looking for two other directories

/var/lock/apache2
/var/run/apache2
Upstream-commit: 3fb913ab7712634f1f311a9aab47c5eaa9f8fe9d
Component: engine
---
 components/engine/docs/sources/articles/using_supervisord.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/docs/sources/articles/using_supervisord.md b/components/engine/docs/sources/articles/using_supervisord.md
index 9188265199..90aefb4b94 100644
--- a/components/engine/docs/sources/articles/using_supervisord.md
+++ b/components/engine/docs/sources/articles/using_supervisord.md
@@ -38,6 +38,7 @@ We can now install our SSH and Apache daemons as well as Supervisor in
 our container.
 
     RUN apt-get install -y openssh-server apache2 supervisor
+    RUN mkdir -p /var/lock/apache2 /var/run/apache2
     RUN mkdir -p /var/run/sshd
     RUN mkdir -p /var/log/supervisor
 

From 3513533d24da1782b6b5a6a145cfc1f008b9d026 Mon Sep 17 00:00:00 2001
From: Johannes 'fish' Ziemke <github@freigeist.org>
Date: Fri, 18 Jul 2014 16:57:32 +0200
Subject: [PATCH 245/516] Make sure err never gets masked

Defining err as named return parameter will make sure the variable gets
assigned before returning and thus avoid masking

Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
Upstream-commit: 32bc8658793b278c793cb8755b94df3b210bea5d
Component: engine
---
 .../daemon/networkdriver/portmapper/mapper.go | 23 ++++++++-----------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/components/engine/daemon/networkdriver/portmapper/mapper.go b/components/engine/daemon/networkdriver/portmapper/mapper.go
index 1bd332271f..b78e7180f5 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper.go
@@ -37,24 +37,16 @@ func SetIptablesChain(c *iptables.Chain) {
 	chain = c
 }
 
-func Map(container net.Addr, hostIP net.IP, hostPort int) (net.Addr, error) {
+func Map(container net.Addr, hostIP net.IP, hostPort int) (host net.Addr, err error) {
 	lock.Lock()
 	defer lock.Unlock()
 
 	var (
 		m                 *mapping
-		err               error
 		proto             string
 		allocatedHostPort int
 	)
 
-	// release the port on any error during return.
-	defer func() {
-		if err != nil {
-			portallocator.ReleasePort(hostIP, proto, allocatedHostPort)
-		}
-	}()
-
 	switch container.(type) {
 	case *net.TCPAddr:
 		proto = "tcp"
@@ -77,14 +69,19 @@ func Map(container net.Addr, hostIP net.IP, hostPort int) (net.Addr, error) {
 			container: container,
 		}
 	default:
-		err = ErrUnknownBackendAddressType
-		return nil, err
+		return nil, ErrUnknownBackendAddressType
 	}
 
+	// release the allocated port on any further error during return.
+	defer func() {
+		if err != nil {
+			portallocator.ReleasePort(hostIP, proto, allocatedHostPort)
+		}
+	}()
+
 	key := getKey(m.host)
 	if _, exists := currentMappings[key]; exists {
-		err = ErrPortMappedForIP
-		return nil, err
+		return nil, ErrPortMappedForIP
 	}
 
 	containerIP, containerPort := getIPAndPort(m.container)

From 81918c582cd8ec3904a019e1d49cd22d3020d5ee Mon Sep 17 00:00:00 2001
From: fcarriedo <fcarriedo@gmail.com>
Date: Fri, 25 Jul 2014 09:33:04 -0700
Subject: [PATCH 246/516] pkg/units: including suggestions and enhancements

Docker-DCO-1.1-Signed-off-by: fcarriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 2fb63aba0bf991873d56888f244d6aeee0c5fc57
Component: engine
---
 components/engine/pkg/units/size.go | 61 +++++++++++++++++------------
 1 file changed, 35 insertions(+), 26 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index 1594cd6549..f04785e048 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -7,9 +7,30 @@ import (
 	"strings"
 )
 
+type unit int64
+
+// See: http://en.wikipedia.org/wiki/Binary_prefix
 const (
-	decimalKUnit = 1000
-	binaryKUnit  = 1024
+	// Decimal
+	KB unit = 1000
+	MB      = 1000 * KB
+	GB      = 1000 * MB
+	TB      = 1000 * GB
+	PB      = 1000 * TB
+
+	// Binary
+	KiB unit = 1024
+	MiB      = 1024 * KiB
+	GiB      = 1024 * MiB
+	TiB      = 1024 * GiB
+	PiB      = 1024 * TiB
+)
+
+type unitMap map[string]unit
+
+var (
+	decimalMap = unitMap{"k": KB, "m": MB, "g": GB, "t": TB, "p": PB}
+	binaryMap  = unitMap{"k": KiB, "m": MiB, "g": GiB, "t": TiB, "p": PiB}
 )
 
 var sizeRegex *regexp.Regexp
@@ -18,7 +39,7 @@ func init() {
 	sizeRegex = regexp.MustCompile("^(\\d+)([kKmMgGtTpP])?[bB]?$")
 }
 
-var bytePrefixes = [...]string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
+var unitAbbrs = [...]string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"}
 
 // HumanSize returns a human-readable approximation of a size
 // using SI standard (eg. "44kB", "17MB")
@@ -29,13 +50,13 @@ func HumanSize(size int64) string {
 		sizef = sizef / 1000.0
 		i++
 	}
-	return fmt.Sprintf("%.4g %s", sizef, bytePrefixes[i])
+	return fmt.Sprintf("%.4g %s", sizef, unitAbbrs[i])
 }
 
 // FromHumanSize returns an integer from a human-readable specification of a
 // size using SI standard (eg. "44kB", "17MB")
 func FromHumanSize(size string) (int64, error) {
-	return parseSize(size, decimalKUnit)
+	return parseSize(size, decimalMap)
 }
 
 // Parses a human-readable string representing an amount of RAM
@@ -43,37 +64,25 @@ func FromHumanSize(size string) (int64, error) {
 // returns the number of bytes, or -1 if the string is unparseable.
 // Units are case-insensitive, and the 'b' suffix is optional.
 func RAMInBytes(size string) (int64, error) {
-	return parseSize(size, binaryKUnit)
+	return parseSize(size, binaryMap)
 }
 
-// Parses the human-readable size string into the amount it represents given
-// the desired kilo unit [decimalKiloUnit=1000|binaryKiloUnit=1024]
-func parseSize(size string, kUnit int64) (int64, error) {
-	matches := sizeRegex.FindStringSubmatch(size)
-
+// Parses the human-readable size string into the amount it represents
+func parseSize(sizeStr string, uMap unitMap) (int64, error) {
+	matches := sizeRegex.FindStringSubmatch(sizeStr)
 	if len(matches) != 3 {
-		return -1, fmt.Errorf("Invalid size: '%s'", size)
+		return -1, fmt.Errorf("Invalid size: '%s'", sizeStr)
 	}
 
-	theSize, err := strconv.ParseInt(matches[1], 10, 0)
+	size, err := strconv.ParseInt(matches[1], 10, 0)
 	if err != nil {
 		return -1, err
 	}
 
 	unitPrefix := strings.ToLower(matches[2])
-
-	switch unitPrefix {
-	case "k":
-		theSize *= kUnit
-	case "m":
-		theSize *= kUnit * kUnit
-	case "g":
-		theSize *= kUnit * kUnit * kUnit
-	case "t":
-		theSize *= kUnit * kUnit * kUnit * kUnit
-	case "p":
-		theSize *= kUnit * kUnit * kUnit * kUnit * kUnit
+	if mul, ok := uMap[unitPrefix]; ok {
+		size *= int64(mul)
 	}
 
-	return theSize, nil
+	return size, nil
 }

From 012e97ea386cacf91866a658597f8feaac8069cb Mon Sep 17 00:00:00 2001
From: Andrew Weiss <andrew.weiss@outlook.com>
Date: Fri, 25 Jul 2014 14:28:36 -0400
Subject: [PATCH 247/516] updated article to reflect changes in config; fixed
 hyperlinks #7243

Docker-DCO-1.1-Signed-off-by: Andrew Weiss <andrew.weiss@outlook.com> (github: anweiss)
Upstream-commit: 7a5db6df995a131579020fd2cbacd49cb82e0aea
Component: engine
---
 .../engine/docs/sources/articles/dsc.md       | 92 ++++++++++++++-----
 1 file changed, 71 insertions(+), 21 deletions(-)

diff --git a/components/engine/docs/sources/articles/dsc.md b/components/engine/docs/sources/articles/dsc.md
index 94f5e9d4db..5e05c40c14 100644
--- a/components/engine/docs/sources/articles/dsc.md
+++ b/components/engine/docs/sources/articles/dsc.md
@@ -8,7 +8,7 @@ Windows PowerShell Desired State Configuration (DSC) is a configuration
 management tool that extends the existing functionality of Windows PowerShell.
 DSC uses a declarative syntax to define the state in which a target should be
 configured. More information about PowerShell DSC can be found at
-http://technet.microsoft.com/en-us/library/dn249912.aspx.
+[http://technet.microsoft.com/en-us/library/dn249912.aspx](http://technet.microsoft.com/en-us/library/dn249912.aspx).
 
 ## Requirements
 
@@ -17,14 +17,14 @@ To use this guide you'll need a Windows host with PowerShell v4.0 or newer.
 The included DSC configuration script also uses the official PPA so
 only an Ubuntu target is supported. The Ubuntu target must already have the
 required OMI Server and PowerShell DSC for Linux providers installed. More
-information can be found at https://github.com/MSFTOSSMgmt/WPSDSCLinux. The
-source repository listed below also includes PowerShell DSC for Linux
+information can be found at [https://github.com/MSFTOSSMgmt/WPSDSCLinux](https://github.com/MSFTOSSMgmt/WPSDSCLinux).
+The source repository listed below also includes PowerShell DSC for Linux
 installation and init scripts along with more detailed installation information.
 
 ## Installation
 
 The DSC configuration example source is available in the following repository:
-https://github.com/anweiss/DockerClientDSC. It can be cloned with:
+[https://github.com/anweiss/DockerClientDSC](https://github.com/anweiss/DockerClientDSC). It can be cloned with:
 
     $ git clone https://github.com/anweiss/DockerClientDSC.git
 
@@ -37,15 +37,18 @@ be used to establish the required CIM session(s) and execute the
 `Set-DscConfiguration` cmdlet.
 
 More detailed usage information can be found at
-https://github.com/anweiss/DockerClientDSC.
+[https://github.com/anweiss/DockerClientDSC](https://github.com/anweiss/DockerClientDSC).
 
-### Run Configuration
+### Install Docker
 The Docker installation configuration is equivalent to running:
 
 ```
-apt-get install docker.io
-ln -sf /usr/bin/docker.io /usr/local/bin/docker
-sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys\
+36A1D7869245C8950F966E92D8576A8BA88D21E9
+sh -c "echo deb https://get.docker.io/ubuntu docker main\
+> /etc/apt/sources.list.d/docker.list"
+apt-get update
+apt-get install lxc-docker
 ```
 
 Ensure that your current working directory is set to the `DockerClientDSC`
@@ -83,35 +86,82 @@ file and execute configurations against multiple nodes as such:
 ```
 
 ### Images
-Image configuration is equivalent to running: `docker pull [image]`.
+Image configuration is equivalent to running: `docker pull [image]` or
+`docker rmi -f [IMAGE]`.
 
-Using the same Run Configuration steps defined above, execute `DockerClient`
-with the `Image` parameter:
+Using the same steps defined above, execute `DockerClient` with the `Image`
+parameter and apply the configuration:
 
 ```powershell
-DockerClient -Hostname "myhost" -Image node
+DockerClient -Hostname "myhost" -Image "node"
+.\RunDockerClientConfig.ps1 -Hostname "myhost"
 ```
 
-The configuration process can be initiated as before:
+You can also configure the host to pull multiple images:
 
 ```powershell
+DockerClient -Hostname "myhost" -Image "node","mongo"
 .\RunDockerClientConfig.ps1 -Hostname "myhost"
 ```
 
+To remove images, use a hashtable as follows:
+
+```powershell
+DockerClient -Hostname "myhost" -Image @{Name="node"; Remove=$true}
+.\RunDockerClientConfig.ps1 -Hostname $hostname
+```
+
 ### Containers
 Container configuration is equivalent to running:
-`docker run -d --name="[containername]" [image] '[command]'`.
 
-Using the same Run Configuration steps defined above, execute `DockerClient`
-with the `Image`, `ContainerName`, and `Command` parameters:
+```
+docker run -d --name="[containername]" -p '[port]' -e '[env]' --link '[link]'\
+'[image]' '[command]'
+```
+or
 
-```powershell
-DockerClient -Hostname "myhost" -Image node -ContainerName "helloworld" `
--Command 'echo "Hello World!"'
+```
+docker rm -f [containername]
 ```
 
-The configuration process can be initiated as before:
+To create or remove containers, you can use the `Container` parameter with one
+or more hashtables. The hashtable(s) passed to this parameter can have the
+following properties:
+
+- Name (required)
+- Image (required unless Remove property is set to `$true`)
+- Port
+- Env
+- Link
+- Command
+- Remove
+
+For example, create a hashtable with the settings for your container:
 
 ```powershell
+$webContainer = @{Name="web"; Image="anweiss/docker-platynem"; Port="80:80"}
+```
+
+Then, using the same steps defined above, execute
+`DockerClient` with the `-Image` and `-Container` parameters:
+
+```powershell
+DockerClient -Hostname "myhost" -Image node -Container $webContainer
 .\RunDockerClientConfig.ps1 -Hostname "myhost"
 ```
+
+Existing containers can also be removed as follows:
+
+```powershell
+$containerToRemove = @{Name="web"; Remove=$true}
+DockerClient -Hostname "myhost" -Container $containerToRemove
+.\RunDockerClientConfig.ps1 -Hostname "myhost"
+```
+
+Here is a hashtable with all of the properties that can be used to create a
+container:
+
+```powershell
+$containerProps = @{Name="web"; Image="node:latest"; Port="80:80"; `
+Env="PORT=80"; Link="db:db"; Command="grunt"}
+```
\ No newline at end of file

From f70f5a32c78dc696ec1c3668fd972438df2e66b1 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Fri, 25 Jul 2014 18:29:47 -0400
Subject: [PATCH 248/516] address a few nits

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: d082381a93810e6c386382f24da93518880e9250
Component: engine
---
 components/engine/integration-cli/docker_cli_import_test.go | 4 ++--
 components/engine/server/server.go                          | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_import_test.go b/components/engine/integration-cli/docker_cli_import_test.go
index 9b36aa9ce1..f9e86f01bd 100644
--- a/components/engine/integration-cli/docker_cli_import_test.go
+++ b/components/engine/integration-cli/docker_cli_import_test.go
@@ -12,8 +12,8 @@ func TestImportDisplay(t *testing.T) {
 	out, _, err := runCommandWithOutput(importCmd)
 	errorOut(err, t, fmt.Sprintf("import failed with errors: %v", err))
 
-	if n := len(strings.Split(out, "\n")); n != 3 {
-		t.Fatalf("display is messed up: %d '\\n' instead of 3", n)
+	if n := strings.Count(out, "\n"); n != 2 {
+		t.Fatalf("display is messed up: %d '\\n' instead of 2", n)
 	}
 
 	logDone("import - cirros was imported and display is fine")
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 41a4af32bc..87c910b580 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -1701,8 +1701,6 @@ func (srv *Server) ImageImport(job *engine.Job) engine.Status {
 			u.Path = ""
 		}
 		job.Stdout.Write(sf.FormatStatus("", "Downloading from %s", u))
-		// Download with curl (pretty progress bar)
-		// If curl is not available, fallback to http.Get()
 		resp, err = utils.Download(u.String())
 		if err != nil {
 			return job.Error(err)

From 1da81ba36335afb1ab2e557d2c06263b283d92fd Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Fri, 25 Jul 2014 18:31:06 -0400
Subject: [PATCH 249/516] Fix io.Reader ambiguity on EOF in progressreader

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: caa57699283fd0fa47cac59c80adcacaa5c9950e
Component: engine
---
 components/engine/utils/progressreader.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/utils/progressreader.go b/components/engine/utils/progressreader.go
index a43ee55b0f..87eae8ba73 100644
--- a/components/engine/utils/progressreader.go
+++ b/components/engine/utils/progressreader.go
@@ -32,7 +32,7 @@ func (r *progressReader) Read(p []byte) (n int, err error) {
 		r.lastUpdate = r.progress.Current
 	}
 	// Send newline when complete
-	if r.newLine && err != nil {
+	if r.newLine && err != nil && read == 0 {
 		r.output.Write(r.sf.FormatStatus("", ""))
 	}
 	return read, err

From 7a670a8ee2383cdd83786842cd2738917b771578 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Thu, 10 Jul 2014 12:24:41 -0700
Subject: [PATCH 250/516] Clean up the docker socket on termination of the
 daemon.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 96f1a990346b7702e6f3efee42389b2736dbb204
Component: engine
---
 components/engine/server/server.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 87c910b580..495ccc2fb5 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -83,6 +83,18 @@ func InitPidfile(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
+func (srv *Server) removeUnixSockets() {
+	for _, sock := range srv.daemon.Config().Sockets {
+		parts := strings.SplitN(sock, "://", 2)
+		if parts[0] == "unix" {
+			err := os.Remove(parts[1])
+			if err != nil {
+				utils.Debugf("Got error removing unix socket: %s", err.Error())
+			}
+		}
+	}
+}
+
 // jobInitApi runs the remote api server `srv` as a daemon,
 // Only one api server can run at the same time - this is enforced by a pidfile.
 // The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
@@ -121,6 +133,8 @@ func InitServer(job *engine.Job) engine.Status {
 					}
 				case syscall.SIGQUIT:
 				}
+
+				srv.removeUnixSockets()
 				os.Exit(128 + int(sig.(syscall.Signal)))
 			}(sig)
 		}

From 122772c096fd305ca6bed43691a476057ab9c4a6 Mon Sep 17 00:00:00 2001
From: Julien Bordellier <git@julienbordellier.com>
Date: Sat, 26 Jul 2014 13:03:04 +0200
Subject: [PATCH 251/516] Adding the query parameters to insert api call for
 all <= 1.10 and removing the insert documentation for > 1.10 since it has
 been removed in 1.11. This commit fixes #7183 Docker-DCO-1.1-Signed-off-by:
 Julien Bordellier <me@julienbordellier.com> (github: jstoja) Upstream-commit:
 2d84b877bdce5e26aac164e14815e1c4fa8648b7 Component: engine

---
 .../reference/api/docker_remote_api.md        |  6 ++---
 .../reference/api/docker_remote_api_v1.0.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.1.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.10.md  |  7 ++++++
 .../reference/api/docker_remote_api_v1.12.md  | 23 -------------------
 .../reference/api/docker_remote_api_v1.13.md  | 23 -------------------
 .../reference/api/docker_remote_api_v1.14.md  | 23 -------------------
 .../reference/api/docker_remote_api_v1.2.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.3.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.4.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.5.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.6.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.7.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.8.md   |  7 ++++++
 .../reference/api/docker_remote_api_v1.9.md   |  7 ++++++
 15 files changed, 80 insertions(+), 72 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index 4248d3c38b..e968b2a3cc 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -20,11 +20,11 @@ page_keywords: API, Docker, rcli, REST, documentation
 
 The current version of the API is v1.14
 
-Calling `/images/<name>/insert` is the same as calling
-`/v1.14/images/<name>/insert`.
+Calling `/info` is the same as calling
+`/v1.14/info`.
 
 You can still call an old version of the API using
-`/v1.13/images/<name>/insert`.
+`/v1.13/info`.
 
 ## v1.14
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
index c9f2cd855d..ddbc165e5e 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
@@ -566,6 +566,13 @@ Insert a file from `url` in the image `name` at `path`
 
         {{ STREAM }}
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
index 6bd077a665..9bffc949a6 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
@@ -573,6 +573,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
index ff0e972dd2..e249065998 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
@@ -739,6 +739,13 @@ Insert a file from `url` in the image
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
index c0143aec6b..0679b18889 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
@@ -808,30 +808,7 @@ Create an image, either by pull it from the registry or by importing it
     -   **200** – no error
     -   **500** – server error
 
-### Insert a file in an image
 
-`POST /images/(name)/insert`
-
-Insert a file from `url` in the image `name` at `path`
-
-    **Example request**:
-
-        POST /images/test/insert?path=/usr&url=myurl HTTP/1.1
-
-    **Example response**:
-
-        HTTP/1.1 200 OK
-        Content-Type: application/json
-
-        {"status":"Inserting..."}
-        {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}}
-        {"error":"Invalid..."}
-        ...
-
-    Status Codes:
-
-    -   **200** – no error
-    -   **500** – server error
 
 ### Inspect an image
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
index f6d8c9b46b..cbe013c816 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
@@ -808,30 +808,7 @@ Create an image, either by pull it from the registry or by importing it
     -   **200** – no error
     -   **500** – server error
 
-### Insert a file in an image
 
-`POST /images/(name)/insert`
-
-Insert a file from `url` in the image `name` at `path`
-
-    **Example request**:
-
-        POST /images/test/insert?path=/usr&url=myurl HTTP/1.1
-
-    **Example response**:
-
-        HTTP/1.1 200 OK
-        Content-Type: application/json
-
-        {"status":"Inserting..."}
-        {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}}
-        {"error":"Invalid..."}
-        ...
-
-    Status Codes:
-
-    -   **200** – no error
-    -   **500** – server error
 
 ### Inspect an image
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index 06c36e093b..ad842fe8a2 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -814,30 +814,7 @@ Create an image, either by pull it from the registry or by importing it
     -   **200** – no error
     -   **500** – server error
 
-### Insert a file in an image
 
-`POST /images/(name)/insert`
-
-Insert a file from `url` in the image `name` at `path`
-
-    **Example request**:
-
-        POST /images/test/insert?path=/usr&url=myurl HTTP/1.1
-
-    **Example response**:
-
-        HTTP/1.1 200 OK
-        Content-Type: application/json
-
-        {"status":"Inserting..."}
-        {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}}
-        {"error":"Invalid..."}
-        ...
-
-    Status Codes:
-
-    -   **200** – no error
-    -   **500** – server error
 
 ### Inspect an image
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
index 1fdaa18f4d..75b56ff018 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
@@ -589,6 +589,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
index d58bbc0f18..9a4c79955d 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
@@ -639,6 +639,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
index 42bb2e862e..eac0cf3f4d 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
@@ -685,6 +685,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
index 5ccdca0e25..884eaae648 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
@@ -686,6 +686,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
index b0ecd50962..039277fc7a 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
@@ -793,6 +793,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
index cb2131bb8a..83f8176e66 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
@@ -712,6 +712,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
index 305ce4709a..a252bed73e 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
@@ -754,6 +754,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
index 36a3e109b0..529699d488 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
@@ -758,6 +758,13 @@ Insert a file from `url` in the image `name` at `path`
         {"error":"Invalid..."}
         ...
 
+	Query Parameters:
+
+
+
+	-	**url** – The url from where the file is taken
+	-	**path** – The path where the file is stored
+
     Status Codes:
 
     -   **200** – no error

From e0a3dfaf31b1efae532bbebd6a22722a7ec3ef69 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Fri, 27 Jun 2014 15:55:36 -0400
Subject: [PATCH 252/516] compile unit tests in parallel with GNU parallel

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 158e3068bda22ee09b00d37b3e4b33e42ecced1b
Component: engine
---
 components/engine/hack/make.sh        | 19 +++++++
 components/engine/hack/make/test-unit | 77 ++++++++++++++++++---------
 2 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index 843c84b1f4..e93fa2d5b1 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -156,6 +156,25 @@ go_test_dir() {
 	)
 }
 
+# Compile phase run by parallel in test-unit. No support for coverpkg
+go_compile_test_dir() {
+	dir=$1
+	testcover=()
+	if [ "$HAVE_GO_TEST_COVER" ]; then
+		# if our current go install has -cover, we want to use it :)
+		mkdir -p "$DEST/coverprofiles"
+		coverprofile="docker${dir#.}"
+		coverprofile="$DEST/coverprofiles/${coverprofile//\//-}"
+		testcover=( -cover -coverprofile "$coverprofile" ) # missing $coverpkg
+	fi
+	(
+		readarray -t BUILDFLAGS < "$BUILDFLAGS_FILE"
+		cd "$dir"
+		go test "${testcover[@]}" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS -c
+		echo "$dir"
+	)
+}
+
 # This helper function walks the current directory looking for directories
 # holding certain files ($1 parameter), and prints their paths on standard
 # output, one per line.
diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit
index 552810f349..0ec945a1ed 100644
--- a/components/engine/hack/make/test-unit
+++ b/components/engine/hack/make/test-unit
@@ -6,6 +6,7 @@ DEST=$1
 RED=$'\033[31m'
 GREEN=$'\033[32m'
 TEXTRESET=$'\033[0m' # reset the foreground colour
+: ${PARALLEL_JOBS:=0}
 
 # Run Docker's test suite, including sub-packages, and store their output as a bundle
 # If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
@@ -22,35 +23,59 @@ bundle_test_unit() {
 			TESTDIRS=$(find_dirs '*_test.go')
 		fi
 
-		TESTS_FAILED=()
-		for test_dir in $TESTDIRS; do
-			echo
+		(
+			# accomodate parallel to be able to access variables
+			export SHELL=/bin/bash 
+			export HOME=/tmp
+			mkdir -p "$HOME/.parallel"
+			touch "$HOME/.parallel/ignored_vars"
+			export -f go_compile_test_dir
+			export LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER"
+			export TESTFLAGS
+			export HAVE_GO_TEST_COVER
+			export DEST
+			# some hack to export array variables
+			export BUILDFLAGS_FILE="$HOME/buildflags_file"
+			( IFS=$'\n'; echo "${BUILDFLAGS[*]}" ) > "$BUILDFLAGS_FILE"
 
-			if ! LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir "$test_dir"; then
-				TESTS_FAILED+=("$test_dir")
-				echo
-				echo "${RED}Tests failed: $test_dir${TEXTRESET}"
-				sleep 1 # give it a second, so observers watching can take note
-			fi
-		done
-
-		echo
-		echo
-		echo
-
-		# if some tests fail, we want the bundlescript to fail, but we want to
-		# try running ALL the tests first, hence TESTS_FAILED
-		if [ "${#TESTS_FAILED[@]}" -gt 0 ]; then
-			echo "${RED}Test failures in: ${TESTS_FAILED[@]}${TEXTRESET}"
-			echo
-			false
-		else
-			echo "${GREEN}Test success${TEXTRESET}"
-			echo
-			true
-		fi
+			echo "$TESTDIRS" | parallel --jobs "$PARALLEL_JOBS" --env _ go_compile_test_dir | go_run_test_dir
+		)
 	}
 }
 
+go_run_test_dir() {
+	TESTS_FAILED=()
+	while read dir; do
+		echo
+		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
+		pushd "$dir" > /dev/null
+		t=$(basename "$dir").test
+		if ! ./$t; then
+			TESTS_FAILED+=("$dir")
+			echo
+			echo "${RED}Tests failed: $dir${TEXTRESET}"
+			sleep 1 # give it a second, so observers watching can take note
+		fi
+		rm ./$t || true
+		popd > /dev/null
+	done
+
+	echo
+	echo
+	echo
+
+	# if some tests fail, we want the bundlescript to fail, but we want to
+	# try running ALL the tests first, hence TESTS_FAILED
+	if [ "${#TESTS_FAILED[@]}" -gt 0 ]; then
+		echo "${RED}Test failures in: ${TESTS_FAILED[@]}${TEXTRESET}"
+		echo
+		false
+	else
+		echo "${GREEN}Test success${TEXTRESET}"
+		echo
+		true
+	fi
+}
+
 exec > >(tee -a $DEST/test.log) 2>&1
 bundle_test_unit

From 3247893959f0212ba62e766331286f3a3c0ea9d2 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Thu, 3 Jul 2014 14:29:07 -0400
Subject: [PATCH 253/516] benign whitespace change

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 3a1385702cdd69a0b85b726dac6e749eb0e97fc1
Component: engine
---
 components/engine/hack/make.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index e93fa2d5b1..93a3ba9c8c 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -42,17 +42,17 @@ echo
 DEFAULT_BUNDLES=(
 	validate-dco
 	validate-gofmt
-	
+
 	binary
-	
+
 	test-unit
 	test-integration
 	test-integration-cli
-	
+
 	dynbinary
 	dyntest-unit
 	dyntest-integration
-	
+
 	cover
 	cross
 	tgz

From de5528653f00938e67166194d6877f94cb8305b1 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 3 Jul 2014 15:11:32 -0600
Subject: [PATCH 254/516] Add a bunch more tweaks to the parallel test
 compilation

- put all the precompiled test binaries in $DEST so they show up in bundles and can be re-run individually afterwards
- support cases where parallel is not installed (when using dyntest-unit, for example, this is much more common, since it's designed to be run outside the Dockerfile)
- use "mktemp -d" instead of "/tmp" directly for our temporary parallel HOME
- update the default PARALLEL_JOBS to be the value of "nproc" instead of 0, since "0 means as many as possible" (see https://www.gnu.org/software/parallel/man.html#jobs_n)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: a6085fd430e8f155e4a0738de752df3c77bc132f
Component: engine
---
 components/engine/hack/make.sh        |  9 +++++++--
 components/engine/hack/make/test-unit | 26 +++++++++++++++-----------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index 93a3ba9c8c..4c7dea4542 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -159,6 +159,7 @@ go_test_dir() {
 # Compile phase run by parallel in test-unit. No support for coverpkg
 go_compile_test_dir() {
 	dir=$1
+	out_file="$DEST/precompiled/$dir.test"
 	testcover=()
 	if [ "$HAVE_GO_TEST_COVER" ]; then
 		# if our current go install has -cover, we want to use it :)
@@ -167,12 +168,16 @@ go_compile_test_dir() {
 		coverprofile="$DEST/coverprofiles/${coverprofile//\//-}"
 		testcover=( -cover -coverprofile "$coverprofile" ) # missing $coverpkg
 	fi
-	(
+	if [ "$BUILDFLAGS_FILE" ]; then
 		readarray -t BUILDFLAGS < "$BUILDFLAGS_FILE"
+	fi
+	(
 		cd "$dir"
 		go test "${testcover[@]}" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS -c
-		echo "$dir"
 	)
+	mkdir -p "$(dirname "$out_file")"
+	mv "$dir/$(basename "$dir").test" "$out_file"
+	echo "Precompiled: github.com/dotcloud/docker${dir#.}"
 }
 
 # This helper function walks the current directory looking for directories
diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit
index 0ec945a1ed..0666a6c82a 100644
--- a/components/engine/hack/make/test-unit
+++ b/components/engine/hack/make/test-unit
@@ -2,11 +2,11 @@
 set -e
 
 DEST=$1
+: ${PARALLEL_JOBS:=$(nproc)}
 
 RED=$'\033[31m'
 GREEN=$'\033[32m'
 TEXTRESET=$'\033[0m' # reset the foreground colour
-: ${PARALLEL_JOBS:=0}
 
 # Run Docker's test suite, including sub-packages, and store their output as a bundle
 # If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
@@ -23,10 +23,10 @@ bundle_test_unit() {
 			TESTDIRS=$(find_dirs '*_test.go')
 		fi
 
-		(
+		if command -v parallel &> /dev/null; then (
 			# accomodate parallel to be able to access variables
-			export SHELL=/bin/bash 
-			export HOME=/tmp
+			export SHELL="$BASH"
+			export HOME="$(mktemp -d)"
 			mkdir -p "$HOME/.parallel"
 			touch "$HOME/.parallel/ignored_vars"
 			export -f go_compile_test_dir
@@ -38,8 +38,15 @@ bundle_test_unit() {
 			export BUILDFLAGS_FILE="$HOME/buildflags_file"
 			( IFS=$'\n'; echo "${BUILDFLAGS[*]}" ) > "$BUILDFLAGS_FILE"
 
-			echo "$TESTDIRS" | parallel --jobs "$PARALLEL_JOBS" --env _ go_compile_test_dir | go_run_test_dir
-		)
+			echo "$TESTDIRS" | parallel --jobs "$PARALLEL_JOBS" --env _ go_compile_test_dir
+			rm -rf "$HOME"
+		) else
+			# aww, no "parallel" available - fall back to boring
+			for test_dir in $TESTDIRS; do
+				go_compile_test_dir "$test_dir"
+			done
+		fi
+		echo "$TESTDIRS" | go_run_test_dir
 	}
 }
 
@@ -48,16 +55,13 @@ go_run_test_dir() {
 	while read dir; do
 		echo
 		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
-		pushd "$dir" > /dev/null
-		t=$(basename "$dir").test
-		if ! ./$t; then
+		precompiled="$DEST/precompiled/$dir.test"
+		if ! "$precompiled"; then
 			TESTS_FAILED+=("$dir")
 			echo
 			echo "${RED}Tests failed: $dir${TEXTRESET}"
 			sleep 1 # give it a second, so observers watching can take note
 		fi
-		rm ./$t || true
-		popd > /dev/null
 	done
 
 	echo

From 34f8b9c1af042a53f60c0f231fa1006a55938540 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 9 Jul 2014 17:21:39 -0400
Subject: [PATCH 255/516] remove temporary line in Dockerfile that prevented
 cache miss

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 81e78db507c7523696b4115b5675170925a417e9
Component: engine
---
 components/engine/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 5369962359..416f53c782 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -44,6 +44,7 @@ RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
 	lxc=1.0* \
 	mercurial \
 	pandoc \
+	parallel \
 	reprepro \
 	ruby1.9.1 \
 	ruby1.9.1-dev \

From 36c95b11f7d48e242f5cabadb8b6bcf807a9f9ac Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 9 Jul 2014 16:43:57 -0600
Subject: [PATCH 256/516] Fix precompiled unit tests needing their "testdata"
 contents

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 0a7cd70924178304d1919ae5ea2cc86620f2be54
Component: engine
---
 components/engine/hack/make/test-unit | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit
index 0666a6c82a..91a853309b 100644
--- a/components/engine/hack/make/test-unit
+++ b/components/engine/hack/make/test-unit
@@ -56,7 +56,7 @@ go_run_test_dir() {
 		echo
 		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
 		precompiled="$DEST/precompiled/$dir.test"
-		if ! "$precompiled"; then
+		if ! ( cd "$dir" && "$precompiled" ); then
 			TESTS_FAILED+=("$dir")
 			echo
 			echo "${RED}Tests failed: $dir${TEXTRESET}"

From 7e29f226f3a7a2ea88f70e372c6d6f47119a169e Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Sat, 26 Jul 2014 13:45:35 -0400
Subject: [PATCH 257/516] Kill all concurrent jobs on error

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 4cfe806db2a41a97079a4881d4a0099a7b5b8149
Component: engine
---
 components/engine/hack/make.sh        | 1 +
 components/engine/hack/make/test-unit | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index 4c7dea4542..ca3c775bfd 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -175,6 +175,7 @@ go_compile_test_dir() {
 		cd "$dir"
 		go test "${testcover[@]}" -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS -c
 	)
+	[ $? -ne 0 ] && return 1
 	mkdir -p "$(dirname "$out_file")"
 	mv "$dir/$(basename "$dir").test" "$out_file"
 	echo "Precompiled: github.com/dotcloud/docker${dir#.}"
diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit
index 91a853309b..1ac3f4aa5b 100644
--- a/components/engine/hack/make/test-unit
+++ b/components/engine/hack/make/test-unit
@@ -38,7 +38,7 @@ bundle_test_unit() {
 			export BUILDFLAGS_FILE="$HOME/buildflags_file"
 			( IFS=$'\n'; echo "${BUILDFLAGS[*]}" ) > "$BUILDFLAGS_FILE"
 
-			echo "$TESTDIRS" | parallel --jobs "$PARALLEL_JOBS" --env _ go_compile_test_dir
+			echo "$TESTDIRS" | parallel --jobs "$PARALLEL_JOBS" --halt 2 --env _ go_compile_test_dir
 			rm -rf "$HOME"
 		) else
 			# aww, no "parallel" available - fall back to boring

From 79b92f27aa2690e85e628e6ce11033bf0333d828 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 19 Jun 2014 05:04:08 +0300
Subject: [PATCH 258/516] bump Go to 1.3

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: d0a0e91f1f8c3a43f04e7a58e37498124b283594
Component: engine
---
 components/engine/.travis.yml       | 2 +-
 components/engine/Dockerfile        | 2 +-
 components/engine/hack/PACKAGERS.md | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index d25d0b3962..d822cecc3c 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -4,7 +4,7 @@
 language: go
 
 # This should match the version in the Dockerfile.
-go: 1.2.1
+go: 1.3
 
 # Let us have pretty experimental Docker-based Travis workers.
 # (These spin up much faster than the VM-based ones.)
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 5369962359..97d3fdd62b 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -60,7 +60,7 @@ RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # Install Go
-RUN	curl -sSL https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
+RUN	curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
 ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md
index 6a22f4fc97..687b554414 100644
--- a/components/engine/hack/PACKAGERS.md
+++ b/components/engine/hack/PACKAGERS.md
@@ -45,7 +45,7 @@ need to package Docker your way, without denaturing it in the process.
 To build Docker, you will need the following:
 
 * A recent version of git and mercurial
-* Go version 1.2 or later
+* Go version 1.3 or later
 * A clean checkout of the source added to a valid [Go
   workspace](http://golang.org/doc/code.html#Workspaces) under the path
   *src/github.com/docker/docker* (unless you plan to use `AUTO_GOPATH`,

From 3b6e93d7175ed8c6d214143658f951c424640802 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Sat, 26 Jul 2014 19:44:23 -0700
Subject: [PATCH 259/516] pkg/units: Unit constants directly int64

int64 seems sufficient

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: c7a2e86b5186acb58999d7b2b3a85a9bb4421b1f
Component: engine
---
 components/engine/pkg/units/size.go | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/components/engine/pkg/units/size.go b/components/engine/pkg/units/size.go
index f04785e048..88d91dd99e 100644
--- a/components/engine/pkg/units/size.go
+++ b/components/engine/pkg/units/size.go
@@ -7,26 +7,24 @@ import (
 	"strings"
 )
 
-type unit int64
-
 // See: http://en.wikipedia.org/wiki/Binary_prefix
 const (
 	// Decimal
-	KB unit = 1000
-	MB      = 1000 * KB
-	GB      = 1000 * MB
-	TB      = 1000 * GB
-	PB      = 1000 * TB
+	KB = 1000
+	MB = 1000 * KB
+	GB = 1000 * MB
+	TB = 1000 * GB
+	PB = 1000 * TB
 
 	// Binary
-	KiB unit = 1024
-	MiB      = 1024 * KiB
-	GiB      = 1024 * MiB
-	TiB      = 1024 * GiB
-	PiB      = 1024 * TiB
+	KiB = 1024
+	MiB = 1024 * KiB
+	GiB = 1024 * MiB
+	TiB = 1024 * GiB
+	PiB = 1024 * TiB
 )
 
-type unitMap map[string]unit
+type unitMap map[string]int64
 
 var (
 	decimalMap = unitMap{"k": KB, "m": MB, "g": GB, "t": TB, "p": PB}
@@ -81,7 +79,7 @@ func parseSize(sizeStr string, uMap unitMap) (int64, error) {
 
 	unitPrefix := strings.ToLower(matches[2])
 	if mul, ok := uMap[unitPrefix]; ok {
-		size *= int64(mul)
+		size *= mul
 	}
 
 	return size, nil

From f378b5d004751db53312511b2028110bc0eee255 Mon Sep 17 00:00:00 2001
From: Francisco Carriedo <fcarriedo@gmail.com>
Date: Sat, 26 Jul 2014 19:48:02 -0700
Subject: [PATCH 260/516] pkg/units: Updated tests with unit constants

Also, now that I was at it, gave them a small refactor.

Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Upstream-commit: 81c7d28b842844778a652b7353f52332f4276afb
Component: engine
---
 components/engine/pkg/units/duration_test.go |   6 -
 components/engine/pkg/units/size_test.go     | 145 ++++++++++---------
 2 files changed, 75 insertions(+), 76 deletions(-)

diff --git a/components/engine/pkg/units/duration_test.go b/components/engine/pkg/units/duration_test.go
index 4906f8a18b..a22947402b 100644
--- a/components/engine/pkg/units/duration_test.go
+++ b/components/engine/pkg/units/duration_test.go
@@ -44,9 +44,3 @@ func TestHumanDuration(t *testing.T) {
 	assertEquals(t, "2.010959 years", HumanDuration(24*month+2*week))
 	assertEquals(t, "3.164384 years", HumanDuration(3*year+2*month))
 }
-
-func assertEquals(t *testing.T, expected, actual interface{}) {
-	if expected != actual {
-		t.Errorf("Expected '%s' but got '%s'", expected, actual)
-	}
-}
diff --git a/components/engine/pkg/units/size_test.go b/components/engine/pkg/units/size_test.go
index a2dfedceb4..8dae7e716b 100644
--- a/components/engine/pkg/units/size_test.go
+++ b/components/engine/pkg/units/size_test.go
@@ -1,6 +1,9 @@
 package units
 
 import (
+	"reflect"
+	"runtime"
+	"strings"
 	"testing"
 )
 
@@ -9,85 +12,87 @@ func TestHumanSize(t *testing.T) {
 	assertEquals(t, "1.024 kB", HumanSize(1024))
 	assertEquals(t, "1 MB", HumanSize(1000000))
 	assertEquals(t, "1.049 MB", HumanSize(1048576))
-	assertEquals(t, "2 MB", HumanSize(2*1000*1000))
-	assertEquals(t, "3.42 GB", HumanSize(3.42*1000*1000*1000))
-	assertEquals(t, "5.372 TB", HumanSize(5.372*1000*1000*1000*1000))
-	assertEquals(t, "2.22 PB", HumanSize(2.22*1000*1000*1000*1000*1000))
-	assertEquals(t, "2.22 EB", HumanSize(2.22*1000*1000*1000*1000*1000*1000))
-	assertEquals(t, "7.707 EB", HumanSize(7.707*1000*1000*1000*1000*1000*1000))
+	assertEquals(t, "2 MB", HumanSize(2*MB))
+	assertEquals(t, "3.42 GB", HumanSize(3.42*GB))
+	assertEquals(t, "5.372 TB", HumanSize(5.372*TB))
+	assertEquals(t, "2.22 PB", HumanSize(2.22*PB))
 }
 
 func TestFromHumanSize(t *testing.T) {
-	assertFromHumanSize(t, "32", false, 32)
-	assertFromHumanSize(t, "32b", false, 32)
-	assertFromHumanSize(t, "32B", false, 32)
-	assertFromHumanSize(t, "32k", false, 32*1000)
-	assertFromHumanSize(t, "32K", false, 32*1000)
-	assertFromHumanSize(t, "32kb", false, 32*1000)
-	assertFromHumanSize(t, "32Kb", false, 32*1000)
-	assertFromHumanSize(t, "32Mb", false, 32*1000*1000)
-	assertFromHumanSize(t, "32Gb", false, 32*1000*1000*1000)
-	assertFromHumanSize(t, "32Tb", false, 32*1000*1000*1000*1000)
-	assertFromHumanSize(t, "8Pb", false, 8*1000*1000*1000*1000*1000)
+	assertSuccessEquals(t, 32, FromHumanSize, "32")
+	assertSuccessEquals(t, 32, FromHumanSize, "32b")
+	assertSuccessEquals(t, 32, FromHumanSize, "32B")
+	assertSuccessEquals(t, 32*KB, FromHumanSize, "32k")
+	assertSuccessEquals(t, 32*KB, FromHumanSize, "32K")
+	assertSuccessEquals(t, 32*KB, FromHumanSize, "32kb")
+	assertSuccessEquals(t, 32*KB, FromHumanSize, "32Kb")
+	assertSuccessEquals(t, 32*MB, FromHumanSize, "32Mb")
+	assertSuccessEquals(t, 32*GB, FromHumanSize, "32Gb")
+	assertSuccessEquals(t, 32*TB, FromHumanSize, "32Tb")
+	assertSuccessEquals(t, 32*PB, FromHumanSize, "32Pb")
 
-	assertFromHumanSize(t, "", true, -1)
-	assertFromHumanSize(t, "hello", true, -1)
-	assertFromHumanSize(t, "-32", true, -1)
-	assertFromHumanSize(t, " 32 ", true, -1)
-	assertFromHumanSize(t, "32 mb", true, -1)
-	assertFromHumanSize(t, "32m b", true, -1)
-	assertFromHumanSize(t, "32bm", true, -1)
-}
-
-func assertFromHumanSize(t *testing.T, size string, expectError bool, expectedBytes int64) {
-	actualBytes, err := FromHumanSize(size)
-	if (err != nil) && !expectError {
-		t.Errorf("Unexpected error parsing '%s': %s", size, err)
-	}
-	if (err == nil) && expectError {
-		t.Errorf("Expected to get an error parsing '%s', but got none (bytes=%d)", size, actualBytes)
-	}
-	if actualBytes != expectedBytes {
-		t.Errorf("Expected '%s' to parse as %d bytes, got %d", size, expectedBytes, actualBytes)
-	}
+	assertError(t, FromHumanSize, "")
+	assertError(t, FromHumanSize, "hello")
+	assertError(t, FromHumanSize, "-32")
+	assertError(t, FromHumanSize, "32.3")
+	assertError(t, FromHumanSize, " 32 ")
+	assertError(t, FromHumanSize, "32.3Kb")
+	assertError(t, FromHumanSize, "32 mb")
+	assertError(t, FromHumanSize, "32m b")
+	assertError(t, FromHumanSize, "32bm")
 }
 
 func TestRAMInBytes(t *testing.T) {
-	assertRAMInBytes(t, "32", false, 32)
-	assertRAMInBytes(t, "32b", false, 32)
-	assertRAMInBytes(t, "32B", false, 32)
-	assertRAMInBytes(t, "32k", false, 32*1024)
-	assertRAMInBytes(t, "32K", false, 32*1024)
-	assertRAMInBytes(t, "32kb", false, 32*1024)
-	assertRAMInBytes(t, "32Kb", false, 32*1024)
-	assertRAMInBytes(t, "32Mb", false, 32*1024*1024)
-	assertRAMInBytes(t, "32MB", false, 32*1024*1024)
-	assertRAMInBytes(t, "32Gb", false, 32*1024*1024*1024)
-	assertRAMInBytes(t, "32G", false, 32*1024*1024*1024)
-	assertRAMInBytes(t, "32GB", false, 32*1024*1024*1024)
-	assertRAMInBytes(t, "32Tb", false, 32*1024*1024*1024*1024)
-	assertRAMInBytes(t, "8Pb", false, 8*1024*1024*1024*1024*1024)
-	assertRAMInBytes(t, "8PB", false, 8*1024*1024*1024*1024*1024)
-	assertRAMInBytes(t, "8P", false, 8*1024*1024*1024*1024*1024)
+	assertSuccessEquals(t, 32, RAMInBytes, "32")
+	assertSuccessEquals(t, 32, RAMInBytes, "32b")
+	assertSuccessEquals(t, 32, RAMInBytes, "32B")
+	assertSuccessEquals(t, 32*KiB, RAMInBytes, "32k")
+	assertSuccessEquals(t, 32*KiB, RAMInBytes, "32K")
+	assertSuccessEquals(t, 32*KiB, RAMInBytes, "32kb")
+	assertSuccessEquals(t, 32*KiB, RAMInBytes, "32Kb")
+	assertSuccessEquals(t, 32*MiB, RAMInBytes, "32Mb")
+	assertSuccessEquals(t, 32*GiB, RAMInBytes, "32Gb")
+	assertSuccessEquals(t, 32*TiB, RAMInBytes, "32Tb")
+	assertSuccessEquals(t, 32*PiB, RAMInBytes, "32Pb")
+	assertSuccessEquals(t, 32*PiB, RAMInBytes, "32PB")
+	assertSuccessEquals(t, 32*PiB, RAMInBytes, "32P")
 
-	assertRAMInBytes(t, "", true, -1)
-	assertRAMInBytes(t, "hello", true, -1)
-	assertRAMInBytes(t, "-32", true, -1)
-	assertRAMInBytes(t, " 32 ", true, -1)
-	assertRAMInBytes(t, "32 mb", true, -1)
-	assertRAMInBytes(t, "32m b", true, -1)
-	assertRAMInBytes(t, "32bm", true, -1)
+	assertError(t, RAMInBytes, "")
+	assertError(t, RAMInBytes, "hello")
+	assertError(t, RAMInBytes, "-32")
+	assertError(t, RAMInBytes, "32.3")
+	assertError(t, RAMInBytes, " 32 ")
+	assertError(t, RAMInBytes, "32.3Kb")
+	assertError(t, RAMInBytes, "32 mb")
+	assertError(t, RAMInBytes, "32m b")
+	assertError(t, RAMInBytes, "32bm")
 }
 
-func assertRAMInBytes(t *testing.T, size string, expectError bool, expectedBytes int64) {
-	actualBytes, err := RAMInBytes(size)
-	if (err != nil) && !expectError {
-		t.Errorf("Unexpected error parsing '%s': %s", size, err)
-	}
-	if (err == nil) && expectError {
-		t.Errorf("Expected to get an error parsing '%s', but got none (bytes=%d)", size, actualBytes)
-	}
-	if actualBytes != expectedBytes {
-		t.Errorf("Expected '%s' to parse as %d bytes, got %d", size, expectedBytes, actualBytes)
+func assertEquals(t *testing.T, expected, actual interface{}) {
+	if expected != actual {
+		t.Errorf("Expected '%v' but got '%v'", expected, actual)
+	}
+}
+
+// func that maps to the parse function signatures as testing abstraction
+type parseFn func(string) (int64, error)
+
+// Define 'String()' for pretty-print
+func (fn parseFn) String() string {
+	fnName := runtime.FuncForPC(reflect.ValueOf(fn).Pointer()).Name()
+	return fnName[strings.LastIndex(fnName, ".")+1:]
+}
+
+func assertSuccessEquals(t *testing.T, expected int64, fn parseFn, arg string) {
+	res, err := fn(arg)
+	if err != nil || res != expected {
+		t.Errorf("%s(\"%s\") -> expected '%d' but got '%d' with error '%v'", fn, arg, expected, res, err)
+	}
+}
+
+func assertError(t *testing.T, fn parseFn, arg string) {
+	res, err := fn(arg)
+	if err == nil && res != -1 {
+		t.Errorf("%s(\"%s\") -> expected error but got '%d'", fn, arg, res)
 	}
 }

From e1fb48415899fcfbc4f3c653fe0c3304a4609148 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
Date: Sat, 26 Jul 2014 16:41:50 +0200
Subject: [PATCH 261/516] Fix ordering in systemd service file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See: https://bugs.archlinux.org/task/41338

Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
Upstream-commit: fe68df36fc9c85ae30af9bf53a13e8af0534e613
Component: engine
---
 components/engine/contrib/init/systemd/docker.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/contrib/init/systemd/docker.service b/components/engine/contrib/init/systemd/docker.service
index c67c795ed9..1ff54fcd00 100644
--- a/components/engine/contrib/init/systemd/docker.service
+++ b/components/engine/contrib/init/systemd/docker.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=http://docs.docker.com
-After=network.target
+After=network.target docker.socket
 Requires=docker.socket
 
 [Service]

From d687489711b68736b6f1c44673072c8e43f9f63f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
Date: Sat, 26 Jul 2014 16:42:24 +0200
Subject: [PATCH 262/516] Systemd .service should install .socket
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

And remove the WantedBy directive.

See: https://bugs.archlinux.org/task/41338

Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
Upstream-commit: 0f26195a8ddd0bde95865816576d827a9ed0727c
Component: engine
---
 components/engine/contrib/init/systemd/docker.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/contrib/init/systemd/docker.service b/components/engine/contrib/init/systemd/docker.service
index 1ff54fcd00..7e32b02ae1 100644
--- a/components/engine/contrib/init/systemd/docker.service
+++ b/components/engine/contrib/init/systemd/docker.service
@@ -11,4 +11,4 @@ LimitNOFILE=1048576
 LimitNPROC=1048576
 
 [Install]
-WantedBy=multi-user.target
+Also=docker.socket

From 4569bccd5ecfd8beee9661c9e9aa57c93159a64c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
Date: Sat, 26 Jul 2014 16:43:28 +0200
Subject: [PATCH 263/516] Systemd service should not restart on failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This should not be done by default but used by adminsys with a drop-in.d file,
for buggy daemons which crash without known fixes.

Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
Upstream-commit: 533916fa6bb0b19fb887b5b0b2b704b224154b41
Component: engine
---
 components/engine/contrib/init/systemd/docker.service | 1 -
 1 file changed, 1 deletion(-)

diff --git a/components/engine/contrib/init/systemd/docker.service b/components/engine/contrib/init/systemd/docker.service
index 7e32b02ae1..0cb31e32c0 100644
--- a/components/engine/contrib/init/systemd/docker.service
+++ b/components/engine/contrib/init/systemd/docker.service
@@ -6,7 +6,6 @@ Requires=docker.socket
 
 [Service]
 ExecStart=/usr/bin/docker -d -H fd://
-Restart=on-failure
 LimitNOFILE=1048576
 LimitNPROC=1048576
 

From eec1c749e5e9766dd6a49763f115d944b2d86644 Mon Sep 17 00:00:00 2001
From: r0n22 <cameron.regan@gmail.com>
Date: Mon, 28 Jul 2014 09:39:55 -0400
Subject: [PATCH 264/516] Update HTTP Proxy Section

Docker.service file location was missing the /usr dir.
Upstream-commit: 2095e22121833e5d38890c321a7a67ead405e3ec
Component: engine
---
 components/engine/docs/sources/installation/fedora.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/fedora.md b/components/engine/docs/sources/installation/fedora.md
index a230aa6cf5..757b3e9c44 100644
--- a/components/engine/docs/sources/installation/fedora.md
+++ b/components/engine/docs/sources/installation/fedora.md
@@ -68,7 +68,7 @@ and above.
 If you are behind a HTTP proxy server, for example in corporate settings, 
 you will need to add this configuration in the Docker *systemd service file*.
 
-Edit file `/lib/systemd/system/docker.service`. Add the following to
+Edit file `/usr/lib/systemd/system/docker.service`. Add the following to
 section `[Service]` :
 
     Environment="HTTP_PROXY=http://proxy.example.com:80/"

From ddd05d0cc14fb3060691216aefd89d4657ac3dba Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 28 Jul 2014 12:01:43 -0400
Subject: [PATCH 265/516] progress bar: don't strings.Repeat a negative number

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 77237be0e23dfaba4d4d97a525c3ecc7fb819042
Component: engine
---
 components/engine/utils/jsonmessage.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/engine/utils/jsonmessage.go b/components/engine/utils/jsonmessage.go
index 7ad4548c38..e22d06eccd 100644
--- a/components/engine/utils/jsonmessage.go
+++ b/components/engine/utils/jsonmessage.go
@@ -50,7 +50,12 @@ func (p *JSONProgress) String() string {
 	total := units.HumanSize(int64(p.Total))
 	percentage := int(float64(p.Current)/float64(p.Total)*100) / 2
 	if width > 110 {
-		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", 50-percentage))
+		// this number can't be negetive gh#7136
+		numSpaces := 0
+		if 50-percentage > 0 {
+			numSpaces = 50 - percentage
+		}
+		pbBox = fmt.Sprintf("[%s>%s] ", strings.Repeat("=", percentage), strings.Repeat(" ", numSpaces))
 	}
 	numbersBox = fmt.Sprintf("%8v/%v", current, total)
 

From 65df9ecf1a5f5d917ce7a05906735bc6bd01cdc6 Mon Sep 17 00:00:00 2001
From: Jan Toebes <jan@toebes.info>
Date: Mon, 28 Jul 2014 20:43:24 +0200
Subject: [PATCH 266/516] Update nodejs_web_app.md

The image centos:centos6.4 doesn't exist. Instead you have to choose between the official centos6 or centos7. Both images does not work together with de yum npm install. When choosing an centos6.5 from another distributor (tutum) it works.
Upstream-commit: 2519872d77da8cb6a9c5f55e44cfaeb9cd603978
Component: engine
---
 .../engine/docs/sources/examples/nodejs_web_app.md     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/engine/docs/sources/examples/nodejs_web_app.md b/components/engine/docs/sources/examples/nodejs_web_app.md
index 03c48b5175..840d85e12e 100644
--- a/components/engine/docs/sources/examples/nodejs_web_app.md
+++ b/components/engine/docs/sources/examples/nodejs_web_app.md
@@ -69,7 +69,7 @@ top of. Here, we'll use
 [CentOS](https://registry.hub.docker.com/_/centos/) (tag: `6.4`)
 available on the [Docker Hub](https://hub.docker.com/):
 
-    FROM    centos:6.4
+    FROM    tutum/centos-6.4
 
 Since we're building a Node.js app, you'll have to install Node.js as
 well as npm on your CentOS image. Node.js is required to run your app
@@ -109,7 +109,7 @@ defines your runtime, i.e. `node`, and the path to our app, i.e. `src/index.js`
 Your `Dockerfile` should now look like this:
 
     # DOCKER-VERSION 0.3.4
-    FROM    centos:6.4
+    FROM    tutum/centos-6.4
 
     # Enable EPEL for Node.js
     RUN     rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
@@ -137,9 +137,9 @@ Your image will now be listed by Docker:
     $ sudo docker images
 
     # Example
-    REPOSITORY                            TAG       ID              CREATED
-    centos                                6.4       539c0211cd76    8 weeks ago
-    <your username>/centos-node-hello     latest    d64d3505b0d2    2 hours ago
+    REPOSITORY                            TAG        ID              CREATED
+    tutum                                 centos-6.4 539c0211cd76    8 weeks ago
+    <your username>/centos-node-hello     latest     d64d3505b0d2    2 hours ago
 
 ## Run the image
 

From b178420296d40a7b2bfc82978543a458e5cb9571 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 28 Jul 2014 14:43:28 -0400
Subject: [PATCH 267/516] jsonmessage: added test and cleaned up others

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 704b97d1c4cc6eaa6ecf9630eed2dffd5abaffb9
Component: engine
---
 components/engine/utils/jsonmessage_test.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/components/engine/utils/jsonmessage_test.go b/components/engine/utils/jsonmessage_test.go
index ecf1896762..0ce9492c98 100644
--- a/components/engine/utils/jsonmessage_test.go
+++ b/components/engine/utils/jsonmessage_test.go
@@ -17,13 +17,22 @@ func TestProgress(t *testing.T) {
 		t.Fatalf("Expected empty string, got '%s'", jp.String())
 	}
 
+	expected := "     1 B"
 	jp2 := JSONProgress{Current: 1}
-	if jp2.String() != "     1 B" {
-		t.Fatalf("Expected '     1 B', got '%s'", jp2.String())
+	if jp2.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp2.String())
 	}
 
+	expected = "[=========================>                         ]     50 B/100 B"
 	jp3 := JSONProgress{Current: 50, Total: 100}
-	if jp3.String() != "[=========================>                         ]     50 B/100 B" {
-		t.Fatalf("Expected '[=========================>                         ]     50 B/100 B', got '%s'", jp3.String())
+	if jp3.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp3.String())
+	}
+
+	// this number can't be negetive gh#7136
+	expected = "[==============================================================>]     50 B/40 B"
+	jp4 := JSONProgress{Current: 50, Total: 40}
+	if jp4.String() != expected {
+		t.Fatalf("Expected %q, got %q", expected, jp4.String())
 	}
 }

From bed02719c05160a757120833dd33ad221032db39 Mon Sep 17 00:00:00 2001
From: knappe <tyler.knappe@gmail.com>
Date: Mon, 28 Jul 2014 14:39:17 -0600
Subject: [PATCH 268/516] Correct Typo In Documentation Upstream-commit:
 331200cbaae75a2876bac037c8df2e609bab9658 Component: engine

---
 components/engine/docs/sources/userguide/dockervolumes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/userguide/dockervolumes.md b/components/engine/docs/sources/userguide/dockervolumes.md
index 4e1cd51edb..97593a1e04 100644
--- a/components/engine/docs/sources/userguide/dockervolumes.md
+++ b/components/engine/docs/sources/userguide/dockervolumes.md
@@ -131,7 +131,7 @@ like so:
 
     $ sudo docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
 
-Here's we've launched a new container and mounted the volume from the
+Here we've launched a new container and mounted the volume from the
 `dbdata` container. We've then mounted a local host directory as
 `/backup`. Finally, we've passed a command that uses `tar` to backup the
 contents of the `dbdata` volume to a `backup.tar` file inside our

From e2390724e7bb972dd8cac544d04de8d6405b9d59 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Jul 2014 12:06:34 -0600
Subject: [PATCH 269/516] Standardize "apt-get install" usage across the repo

I might have missed some, but I think this is most of the offenders.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: fc637b5275c2fe23c9857a34316a783042d906b8
Component: engine
---
 components/engine/Dockerfile                  |   3 +-
 components/engine/README.md                   |   3 +-
 .../desktop-integration/iceweasel/Dockerfile  |   2 +-
 components/engine/docs/Dockerfile             |   2 +-
 .../articles/cfengine_process_management.md   |   7 +-
 .../sources/articles/using_supervisord.md     |   9 +-
 .../sources/examples/apt-cacher-ng.Dockerfile |   4 +-
 .../docs/sources/examples/apt-cacher-ng.md    |   6 +-
 .../engine/docs/sources/examples/mongodb.md   |   5 +-
 .../docs/sources/examples/mongodb/Dockerfile  |   7 +-
 .../examples/postgresql_service.Dockerfile    |   8 +-
 .../sources/examples/postgresql_service.md    |   8 +-
 .../sources/examples/running_redis_service.md |   9 +-
 .../sources/examples/running_riak_service.md  |  20 +-
 .../examples/running_ssh_service.Dockerfile   |   5 +-
 .../sources/examples/running_ssh_service.md   |   5 +-
 .../engine/docs/sources/reference/builder.md  |  11 +-
 .../docs/sources/userguide/dockerimages.md    | 175 +++++++++++++++---
 components/engine/hack/release.sh             |   3 +-
 19 files changed, 187 insertions(+), 105 deletions(-)

diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 68f8f0b78b..f4fc9d7a50 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -28,8 +28,7 @@ FROM	ubuntu:14.04
 MAINTAINER	Tianon Gravi <admwiggin@gmail.com> (@tianon)
 
 # Packaged dependencies
-RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
-	apt-utils \
+RUN	apt-get update && apt-get install -y \
 	aufs-tools \
 	automake \
 	btrfs-tools \
diff --git a/components/engine/README.md b/components/engine/README.md
index 08d839c3cc..46acc5ab10 100644
--- a/components/engine/README.md
+++ b/components/engine/README.md
@@ -131,8 +131,7 @@ Here's a typical Docker build process:
 
 ```bash
 FROM ubuntu:12.04
-RUN apt-get update
-RUN apt-get install -q -y python python-pip curl
+RUN apt-get update && apt-get install -y python python-pip curl
 RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
 RUN cd helloflask-master && pip install -r requirements.txt
 ```
diff --git a/components/engine/contrib/desktop-integration/iceweasel/Dockerfile b/components/engine/contrib/desktop-integration/iceweasel/Dockerfile
index 80d6a55e4a..0f3e8f2527 100644
--- a/components/engine/contrib/desktop-integration/iceweasel/Dockerfile
+++ b/components/engine/contrib/desktop-integration/iceweasel/Dockerfile
@@ -29,7 +29,7 @@ FROM debian:wheezy
 MAINTAINER Daniel Mizyrycki <daniel@docker.com>
 
 # Install Iceweasel and "sudo"
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq iceweasel sudo
+RUN apt-get update && apt-get install -y iceweasel sudo
 
 # create sysadmin account
 RUN useradd -m -d /data -p saIVpsc0EVTwA sysadmin
diff --git a/components/engine/docs/Dockerfile b/components/engine/docs/Dockerfile
index 03953989a3..a50b396624 100644
--- a/components/engine/docs/Dockerfile
+++ b/components/engine/docs/Dockerfile
@@ -4,7 +4,7 @@
 FROM 		debian:jessie
 MAINTAINER	Sven Dowideit <SvenDowideit@docker.com> (@SvenDowideit)
 
-RUN 	apt-get update && apt-get install -yq make python-pip python-setuptools vim-tiny git gettext
+RUN 	apt-get update && apt-get install -y make python-pip python-setuptools vim-tiny git gettext
 
 RUN	pip install mkdocs
 
diff --git a/components/engine/docs/sources/articles/cfengine_process_management.md b/components/engine/docs/sources/articles/cfengine_process_management.md
index 6bb4df66ae..a9441a6d35 100644
--- a/components/engine/docs/sources/articles/cfengine_process_management.md
+++ b/components/engine/docs/sources/articles/cfengine_process_management.md
@@ -65,13 +65,12 @@ The first two steps can be done as part of a Dockerfile, as follows.
     FROM ubuntu
     MAINTAINER Eystein Måløy Stenberg <eytein.stenberg@gmail.com>
 
-    RUN apt-get -y install wget lsb-release unzip ca-certificates
+    RUN apt-get update && apt-get install -y wget lsb-release unzip ca-certificates
 
     # install latest CFEngine
     RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add -
     RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list
-    RUN apt-get update
-    RUN apt-get install cfengine-community
+    RUN apt-get update && apt-get install -y cfengine-community
 
     # install cfe-docker process management policy
     RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/
@@ -80,7 +79,7 @@ The first two steps can be done as part of a Dockerfile, as follows.
     RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip
 
     # apache2 and openssh are just for testing purposes, install your own apps here
-    RUN apt-get -y install openssh-server apache2
+    RUN apt-get update && apt-get install -y openssh-server apache2
     RUN mkdir -p /var/run/sshd
     RUN echo "root:password" | chpasswd  # need a password for ssh
 
diff --git a/components/engine/docs/sources/articles/using_supervisord.md b/components/engine/docs/sources/articles/using_supervisord.md
index 90aefb4b94..10f32c7d1b 100644
--- a/components/engine/docs/sources/articles/using_supervisord.md
+++ b/components/engine/docs/sources/articles/using_supervisord.md
@@ -28,19 +28,14 @@ new image.
 
     FROM ubuntu:13.04
     MAINTAINER examples@docker.com
-    RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
-    RUN apt-get update
-    RUN apt-get upgrade -y
 
 ## Installing Supervisor
 
 We can now install our SSH and Apache daemons as well as Supervisor in
 our container.
 
-    RUN apt-get install -y openssh-server apache2 supervisor
-    RUN mkdir -p /var/lock/apache2 /var/run/apache2
-    RUN mkdir -p /var/run/sshd
-    RUN mkdir -p /var/log/supervisor
+    RUN apt-get update && apt-get install -y openssh-server apache2 supervisor
+    RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/run/sshd /var/log/supervisor
 
 Here we're installing the `openssh-server`,
 `apache2` and `supervisor`
diff --git a/components/engine/docs/sources/examples/apt-cacher-ng.Dockerfile b/components/engine/docs/sources/examples/apt-cacher-ng.Dockerfile
index 3b7862bb58..d1f76572b9 100644
--- a/components/engine/docs/sources/examples/apt-cacher-ng.Dockerfile
+++ b/components/engine/docs/sources/examples/apt-cacher-ng.Dockerfile
@@ -9,7 +9,7 @@ FROM		ubuntu
 MAINTAINER	SvenDowideit@docker.com
 
 VOLUME		["/var/cache/apt-cacher-ng"]
-RUN		apt-get update ; apt-get install -yq apt-cacher-ng
+RUN		apt-get update && apt-get install -y apt-cacher-ng
 
 EXPOSE		3142
-CMD		chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*
+CMD		chmod 777 /var/cache/apt-cacher-ng && /etc/init.d/apt-cacher-ng start && tail -f /var/log/apt-cacher-ng/*
diff --git a/components/engine/docs/sources/examples/apt-cacher-ng.md b/components/engine/docs/sources/examples/apt-cacher-ng.md
index 34e4a4bf02..7dafec1593 100644
--- a/components/engine/docs/sources/examples/apt-cacher-ng.md
+++ b/components/engine/docs/sources/examples/apt-cacher-ng.md
@@ -28,10 +28,10 @@ Use the following Dockerfile:
     MAINTAINER  SvenDowideit@docker.com
 
     VOLUME      ["/var/cache/apt-cacher-ng"]
-    RUN     apt-get update ; apt-get install -yq apt-cacher-ng
+    RUN     apt-get update && apt-get install -y apt-cacher-ng
 
     EXPOSE      3142
-    CMD     chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*
+    CMD     chmod 777 /var/cache/apt-cacher-ng && /etc/init.d/apt-cacher-ng start && tail -f /var/log/apt-cacher-ng/*
 
 To build the image using:
 
@@ -61,7 +61,7 @@ a local version of a common base:
 
     FROM ubuntu
     RUN  echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy
-    RUN apt-get update ; apt-get install vim git
+    RUN apt-get update && apt-get install -y vim git
 
     # docker build -t my_ubuntu .
 
diff --git a/components/engine/docs/sources/examples/mongodb.md b/components/engine/docs/sources/examples/mongodb.md
index 602f55ca88..28f7824594 100644
--- a/components/engine/docs/sources/examples/mongodb.md
+++ b/components/engine/docs/sources/examples/mongodb.md
@@ -65,13 +65,12 @@ a MongoDB repository file for the package manager.
 After this initial preparation we can update our packages and install MongoDB.
 
     # Update apt-get sources AND install MongoDB
-    RUN apt-get update
-    RUN apt-get install -y -q mongodb-org
+    RUN apt-get update && apt-get install -y mongodb-org
 
 > **Tip:** You can install a specific version of MongoDB by using a list
 > of required packages with versions, e.g.:
 > 
->     RUN apt-get install -y -q mongodb-org=2.6.1 mongodb-org-server=2.6.1 mongodb-org-shell=2.6.1 mongodb-org-mongos=2.6.1 mongodb-org-tools=2.6.1
+>     RUN apt-get update && apt-get install -y mongodb-org=2.6.1 mongodb-org-server=2.6.1 mongodb-org-shell=2.6.1 mongodb-org-mongos=2.6.1 mongodb-org-tools=2.6.1
 
 MongoDB requires a data directory. Let's create it as the final step of our
 installation instructions.
diff --git a/components/engine/docs/sources/examples/mongodb/Dockerfile b/components/engine/docs/sources/examples/mongodb/Dockerfile
index e7acc0fd85..9333eb5811 100644
--- a/components/engine/docs/sources/examples/mongodb/Dockerfile
+++ b/components/engine/docs/sources/examples/mongodb/Dockerfile
@@ -11,8 +11,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list
 
 # Update apt-get sources AND install MongoDB
-RUN apt-get update
-RUN apt-get install -y -q mongodb-org
+RUN apt-get update && apt-get install -y mongodb-org
 
 # Create the MongoDB data directory
 RUN mkdir -p /data/db
@@ -20,5 +19,5 @@ RUN mkdir -p /data/db
 # Expose port #27017 from the container to the host
 EXPOSE 27017
 
-# Set usr/bin/mongod as the dockerized entry-point application
-ENTRYPOINT usr/bin/mongod
+# Set /usr/bin/mongod as the dockerized entry-point application
+ENTRYPOINT ["/usr/bin/mongod"]
diff --git a/components/engine/docs/sources/examples/postgresql_service.Dockerfile b/components/engine/docs/sources/examples/postgresql_service.Dockerfile
index 364a18a81d..d0f37669d1 100644
--- a/components/engine/docs/sources/examples/postgresql_service.Dockerfile
+++ b/components/engine/docs/sources/examples/postgresql_service.Dockerfile
@@ -13,17 +13,13 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B97B0AFCAA
 #     of PostgreSQL, ``9.3``.
 RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 
-# Update the Ubuntu and PostgreSQL repository indexes
-RUN apt-get update
-
 # Install ``python-software-properties``, ``software-properties-common`` and PostgreSQL 9.3
 #  There are some warnings (in red) that show up during the build. You can hide
 #  them by prefixing each apt-get statement with DEBIAN_FRONTEND=noninteractive
-RUN apt-get -y -q install python-software-properties software-properties-common
-RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
+RUN apt-get update && apt-get install -y python-software-properties software-properties-common postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
 
 # Note: The official Debian and Ubuntu images automatically ``apt-get clean``
-# after each ``apt-get`` 
+# after each ``apt-get``
 
 # Run the rest of the commands as the ``postgres`` user created by the ``postgres-9.3`` package when it was ``apt-get installed``
 USER postgres
diff --git a/components/engine/docs/sources/examples/postgresql_service.md b/components/engine/docs/sources/examples/postgresql_service.md
index 5265935e3d..edcd63bbbc 100644
--- a/components/engine/docs/sources/examples/postgresql_service.md
+++ b/components/engine/docs/sources/examples/postgresql_service.md
@@ -35,17 +35,13 @@ Start by creating a new `Dockerfile`:
     #     of PostgreSQL, ``9.3``.
     RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 
-    # Update the Ubuntu and PostgreSQL repository indexes
-    RUN apt-get update
-
     # Install ``python-software-properties``, ``software-properties-common`` and PostgreSQL 9.3
     #  There are some warnings (in red) that show up during the build. You can hide
     #  them by prefixing each apt-get statement with DEBIAN_FRONTEND=noninteractive
-    RUN apt-get -y -q install python-software-properties software-properties-common
-    RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
+    RUN apt-get update && apt-get install -y python-software-properties software-properties-common postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
 
     # Note: The official Debian and Ubuntu images automatically ``apt-get clean``
-    # after each ``apt-get`` 
+    # after each ``apt-get``
 
     # Run the rest of the commands as the ``postgres`` user created by the ``postgres-9.3`` package when it was ``apt-get installed``
     USER postgres
diff --git a/components/engine/docs/sources/examples/running_redis_service.md b/components/engine/docs/sources/examples/running_redis_service.md
index 0eeef0625d..6d052da09e 100644
--- a/components/engine/docs/sources/examples/running_redis_service.md
+++ b/components/engine/docs/sources/examples/running_redis_service.md
@@ -13,8 +13,7 @@ Firstly, we create a `Dockerfile` for our new Redis
 image.
 
     FROM        ubuntu:12.10
-    RUN         apt-get update
-    RUN         apt-get -y install redis-server
+    RUN         apt-get update && apt-get install -y redis-server
     EXPOSE      6379
     ENTRYPOINT  ["/usr/bin/redis-server"]
 
@@ -49,9 +48,9 @@ container to only this container.
 Once inside our freshly created container we need to install Redis to
 get the `redis-cli` binary to test our connection.
 
-    $ apt-get update
-    $ apt-get -y install redis-server
-    $ service redis-server stop
+    $ sudo apt-get update
+    $ sudo apt-get install redis-server
+    $ sudo service redis-server stop
 
 As we've used the `--link redis:db` option, Docker
 has created some environment variables in our web application container.
diff --git a/components/engine/docs/sources/examples/running_riak_service.md b/components/engine/docs/sources/examples/running_riak_service.md
index d65422b524..c3d83bf663 100644
--- a/components/engine/docs/sources/examples/running_riak_service.md
+++ b/components/engine/docs/sources/examples/running_riak_service.md
@@ -25,13 +25,6 @@ of. We'll use [Ubuntu](https://registry.hub.docker.com/_/ubuntu/) (tag:
     FROM ubuntu:latest
     MAINTAINER Hector Castro hector@basho.com
 
-Next, we update the APT cache and apply any updates:
-
-    # Update the APT cache
-    RUN sed -i.bak 's/main$/main universe/' /etc/apt/sources.list
-    RUN apt-get update
-    RUN apt-get upgrade -y
-
 After that, we install and setup a few dependencies:
 
  - `curl` is used to download Basho's APT
@@ -46,7 +39,7 @@ After that, we install and setup a few dependencies:
 <!-- -->
 
     # Install and setup project dependencies
-    RUN apt-get install -y curl lsb-release supervisor openssh-server
+    RUN apt-get update && apt-get install -y curl lsb-release supervisor openssh-server
 
     RUN mkdir -p /var/run/sshd
     RUN mkdir -p /var/log/supervisor
@@ -61,23 +54,14 @@ Next, we add Basho's APT repository:
 
     RUN curl -sSL http://apt.basho.com/gpg/basho.apt.key | apt-key add --
     RUN echo "deb http://apt.basho.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/basho.list
-    RUN apt-get update
 
 After that, we install Riak and alter a few defaults:
 
     # Install Riak and prepare it to run
-    RUN apt-get install -y riak
+    RUN apt-get update && apt-get install -y riak
     RUN sed -i.bak 's/127.0.0.1/0.0.0.0/' /etc/riak/app.config
     RUN echo "ulimit -n 4096" >> /etc/default/riak
 
-Almost there. Next, we add a hack to get us by the lack of
-`initctl`:
-
-    # Hack for initctl
-    # See: https://github.com/docker/docker/issues/1024
-    RUN dpkg-divert --local --rename --add /sbin/initctl
-    RUN ln -s /bin/true /sbin/initctl
-
 Then, we expose the Riak Protocol Buffers and HTTP interfaces, along
 with SSH:
 
diff --git a/components/engine/docs/sources/examples/running_ssh_service.Dockerfile b/components/engine/docs/sources/examples/running_ssh_service.Dockerfile
index 57baf88cef..1b8ed02a8a 100644
--- a/components/engine/docs/sources/examples/running_ssh_service.Dockerfile
+++ b/components/engine/docs/sources/examples/running_ssh_service.Dockerfile
@@ -5,10 +5,7 @@
 FROM    ubuntu:12.04
 MAINTAINER Thatcher R. Peskens "thatcher@dotcloud.com"
 
-# make sure the package repository is up to date
-RUN apt-get update
-
-RUN apt-get install -y openssh-server
+RUN apt-get update && apt-get install -y openssh-server
 RUN mkdir /var/run/sshd
 RUN echo 'root:screencast' |chpasswd
 
diff --git a/components/engine/docs/sources/examples/running_ssh_service.md b/components/engine/docs/sources/examples/running_ssh_service.md
index a8405e748e..7140678e3b 100644
--- a/components/engine/docs/sources/examples/running_ssh_service.md
+++ b/components/engine/docs/sources/examples/running_ssh_service.md
@@ -15,10 +15,7 @@ quick access to a test container.
     FROM     ubuntu:12.04
     MAINTAINER Thatcher R. Peskens "thatcher@dotcloud.com"
 
-    # make sure the package repository is up to date
-    RUN apt-get update
-
-    RUN apt-get install -y openssh-server
+    RUN apt-get update && apt-get install -y openssh-server
     RUN mkdir /var/run/sshd
     RUN echo 'root:screencast' |chpasswd
 
diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 80035c1e9d..730d176efb 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -516,23 +516,16 @@ For example you might add something like this:
     FROM      ubuntu
     MAINTAINER Victor Vieux <victor@docker.com>
 
-    # make sure the package repository is up to date
-    RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
-    RUN apt-get update
-
-    RUN apt-get install -y inotify-tools nginx apache2 openssh-server
+    RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server
 
     # Firefox over VNC
     #
     # VERSION               0.3
 
     FROM ubuntu
-    # make sure the package repository is up to date
-    RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
-    RUN apt-get update
 
     # Install vnc, xvfb in order to create a 'fake' display and firefox
-    RUN apt-get install -y x11vnc xvfb firefox
+    RUN apt-get update && apt-get install -y x11vnc xvfb firefox
     RUN mkdir /.vnc
     # Setup a password
     RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
diff --git a/components/engine/docs/sources/userguide/dockerimages.md b/components/engine/docs/sources/userguide/dockerimages.md
index 4b3ac7c519..e6583a0f82 100644
--- a/components/engine/docs/sources/userguide/dockerimages.md
+++ b/components/engine/docs/sources/userguide/dockerimages.md
@@ -245,8 +245,7 @@ example now for building our own Sinatra image for our development team.
     # This is a comment
     FROM ubuntu:14.04
     MAINTAINER Kate Smith <ksmith@example.com>
-    RUN apt-get -qq update
-    RUN apt-get -qqy install ruby ruby-dev
+    RUN apt-get update && apt-get install -y ruby ruby-dev
     RUN gem install sinatra
 
 Let's look at what our `Dockerfile` does. Each instruction prefixes a statement and is capitalized.
@@ -272,38 +271,168 @@ Sinatra gem.
 Now let's take our `Dockerfile` and use the `docker build` command to build an image.
 
     $ sudo docker build -t="ouruser/sinatra:v2" .
-    Uploading context  2.56 kB
-    Uploading context
+    Sending build context to Docker daemon 2.048 kB
+    Sending build context to Docker daemon 
     Step 0 : FROM ubuntu:14.04
-     ---> 99ec81b80c55
+     ---> e54ca5efa2e9
     Step 1 : MAINTAINER Kate Smith <ksmith@example.com>
-     ---> Running in 7c5664a8a0c1
-     ---> 2fa8ca4e2a13
-    Removing intermediate container 7c5664a8a0c1
-    Step 2 : RUN apt-get -qq update
-     ---> Running in b07cc3fb4256
-     ---> 50d21070ec0c
-    Removing intermediate container b07cc3fb4256
-    Step 3 : RUN apt-get -qqy install ruby ruby-dev
-     ---> Running in a5b038dd127e
+     ---> Using cache
+     ---> 851baf55332b
+    Step 2 : RUN apt-get update && apt-get install -y ruby ruby-dev
+     ---> Running in 3a2558904e9b
     Selecting previously unselected package libasan0:amd64.
     (Reading database ... 11518 files and directories currently installed.)
     Preparing to unpack .../libasan0_4.8.2-19ubuntu1_amd64.deb ...
-    . . .
+    Unpacking libasan0:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libatomic1:amd64.
+    Preparing to unpack .../libatomic1_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libatomic1:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libgmp10:amd64.
+    Preparing to unpack .../libgmp10_2%3a5.1.3+dfsg-1ubuntu1_amd64.deb ...
+    Unpacking libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ...
+    Selecting previously unselected package libisl10:amd64.
+    Preparing to unpack .../libisl10_0.12.2-1_amd64.deb ...
+    Unpacking libisl10:amd64 (0.12.2-1) ...
+    Selecting previously unselected package libcloog-isl4:amd64.
+    Preparing to unpack .../libcloog-isl4_0.18.2-1_amd64.deb ...
+    Unpacking libcloog-isl4:amd64 (0.18.2-1) ...
+    Selecting previously unselected package libgomp1:amd64.
+    Preparing to unpack .../libgomp1_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libgomp1:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libitm1:amd64.
+    Preparing to unpack .../libitm1_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libitm1:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libmpfr4:amd64.
+    Preparing to unpack .../libmpfr4_3.1.2-1_amd64.deb ...
+    Unpacking libmpfr4:amd64 (3.1.2-1) ...
+    Selecting previously unselected package libquadmath0:amd64.
+    Preparing to unpack .../libquadmath0_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libquadmath0:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libtsan0:amd64.
+    Preparing to unpack .../libtsan0_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libtsan0:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package libyaml-0-2:amd64.
+    Preparing to unpack .../libyaml-0-2_0.1.4-3ubuntu3_amd64.deb ...
+    Unpacking libyaml-0-2:amd64 (0.1.4-3ubuntu3) ...
+    Selecting previously unselected package libmpc3:amd64.
+    Preparing to unpack .../libmpc3_1.0.1-1ubuntu1_amd64.deb ...
+    Unpacking libmpc3:amd64 (1.0.1-1ubuntu1) ...
+    Selecting previously unselected package openssl.
+    Preparing to unpack .../openssl_1.0.1f-1ubuntu2.4_amd64.deb ...
+    Unpacking openssl (1.0.1f-1ubuntu2.4) ...
+    Selecting previously unselected package ca-certificates.
+    Preparing to unpack .../ca-certificates_20130906ubuntu2_all.deb ...
+    Unpacking ca-certificates (20130906ubuntu2) ...
+    Selecting previously unselected package manpages.
+    Preparing to unpack .../manpages_3.54-1ubuntu1_all.deb ...
+    Unpacking manpages (3.54-1ubuntu1) ...
+    Selecting previously unselected package binutils.
+    Preparing to unpack .../binutils_2.24-5ubuntu3_amd64.deb ...
+    Unpacking binutils (2.24-5ubuntu3) ...
+    Selecting previously unselected package cpp-4.8.
+    Preparing to unpack .../cpp-4.8_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking cpp-4.8 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package cpp.
+    Preparing to unpack .../cpp_4%3a4.8.2-1ubuntu6_amd64.deb ...
+    Unpacking cpp (4:4.8.2-1ubuntu6) ...
+    Selecting previously unselected package libgcc-4.8-dev:amd64.
+    Preparing to unpack .../libgcc-4.8-dev_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking libgcc-4.8-dev:amd64 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package gcc-4.8.
+    Preparing to unpack .../gcc-4.8_4.8.2-19ubuntu1_amd64.deb ...
+    Unpacking gcc-4.8 (4.8.2-19ubuntu1) ...
+    Selecting previously unselected package gcc.
+    Preparing to unpack .../gcc_4%3a4.8.2-1ubuntu6_amd64.deb ...
+    Unpacking gcc (4:4.8.2-1ubuntu6) ...
+    Selecting previously unselected package libc-dev-bin.
+    Preparing to unpack .../libc-dev-bin_2.19-0ubuntu6_amd64.deb ...
+    Unpacking libc-dev-bin (2.19-0ubuntu6) ...
+    Selecting previously unselected package linux-libc-dev:amd64.
+    Preparing to unpack .../linux-libc-dev_3.13.0-30.55_amd64.deb ...
+    Unpacking linux-libc-dev:amd64 (3.13.0-30.55) ...
+    Selecting previously unselected package libc6-dev:amd64.
+    Preparing to unpack .../libc6-dev_2.19-0ubuntu6_amd64.deb ...
+    Unpacking libc6-dev:amd64 (2.19-0ubuntu6) ...
+    Selecting previously unselected package ruby.
+    Preparing to unpack .../ruby_1%3a1.9.3.4_all.deb ...
+    Unpacking ruby (1:1.9.3.4) ...
+    Selecting previously unselected package ruby1.9.1.
+    Preparing to unpack .../ruby1.9.1_1.9.3.484-2ubuntu1_amd64.deb ...
+    Unpacking ruby1.9.1 (1.9.3.484-2ubuntu1) ...
+    Selecting previously unselected package libruby1.9.1.
+    Preparing to unpack .../libruby1.9.1_1.9.3.484-2ubuntu1_amd64.deb ...
+    Unpacking libruby1.9.1 (1.9.3.484-2ubuntu1) ...
+    Selecting previously unselected package manpages-dev.
+    Preparing to unpack .../manpages-dev_3.54-1ubuntu1_all.deb ...
+    Unpacking manpages-dev (3.54-1ubuntu1) ...
+    Selecting previously unselected package ruby1.9.1-dev.
+    Preparing to unpack .../ruby1.9.1-dev_1.9.3.484-2ubuntu1_amd64.deb ...
+    Unpacking ruby1.9.1-dev (1.9.3.484-2ubuntu1) ...
+    Selecting previously unselected package ruby-dev.
+    Preparing to unpack .../ruby-dev_1%3a1.9.3.4_all.deb ...
+    Unpacking ruby-dev (1:1.9.3.4) ...
+    Setting up libasan0:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libatomic1:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ...
+    Setting up libisl10:amd64 (0.12.2-1) ...
+    Setting up libcloog-isl4:amd64 (0.18.2-1) ...
+    Setting up libgomp1:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libitm1:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libmpfr4:amd64 (3.1.2-1) ...
+    Setting up libquadmath0:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libtsan0:amd64 (4.8.2-19ubuntu1) ...
+    Setting up libyaml-0-2:amd64 (0.1.4-3ubuntu3) ...
+    Setting up libmpc3:amd64 (1.0.1-1ubuntu1) ...
+    Setting up openssl (1.0.1f-1ubuntu2.4) ...
+    Setting up ca-certificates (20130906ubuntu2) ...
+    debconf: unable to initialize frontend: Dialog
+    debconf: (TERM is not set, so the dialog frontend is not usable.)
+    debconf: falling back to frontend: Readline
+    debconf: unable to initialize frontend: Readline
+    debconf: (This frontend requires a controlling tty.)
+    debconf: falling back to frontend: Teletype
+    Setting up manpages (3.54-1ubuntu1) ...
+    Setting up binutils (2.24-5ubuntu3) ...
+    Setting up cpp-4.8 (4.8.2-19ubuntu1) ...
+    Setting up cpp (4:4.8.2-1ubuntu6) ...
+    Setting up libgcc-4.8-dev:amd64 (4.8.2-19ubuntu1) ...
+    Setting up gcc-4.8 (4.8.2-19ubuntu1) ...
+    Setting up gcc (4:4.8.2-1ubuntu6) ...
+    Setting up libc-dev-bin (2.19-0ubuntu6) ...
+    Setting up linux-libc-dev:amd64 (3.13.0-30.55) ...
+    Setting up libc6-dev:amd64 (2.19-0ubuntu6) ...
+    Setting up manpages-dev (3.54-1ubuntu1) ...
+    Setting up libruby1.9.1 (1.9.3.484-2ubuntu1) ...
+    Setting up ruby1.9.1-dev (1.9.3.484-2ubuntu1) ...
+    Setting up ruby-dev (1:1.9.3.4) ...
     Setting up ruby (1:1.9.3.4) ...
     Setting up ruby1.9.1 (1.9.3.484-2ubuntu1) ...
     Processing triggers for libc-bin (2.19-0ubuntu6) ...
-     ---> 2acb20f17878
-    Removing intermediate container a5b038dd127e
-    Step 4 : RUN gem install sinatra
-     ---> Running in 5e9d0065c1f7
-    . . .
+    Processing triggers for ca-certificates (20130906ubuntu2) ...
+    Updating certificates in /etc/ssl/certs... 164 added, 0 removed; done.
+    Running hooks in /etc/ca-certificates/update.d....done.
+     ---> c55c31703134
+    Removing intermediate container 3a2558904e9b
+    Step 3 : RUN gem install sinatra
+     ---> Running in 6b81cb6313e5
+    unable to convert "\xC3" to UTF-8 in conversion from ASCII-8BIT to UTF-8 to US-ASCII for README.rdoc, skipping
+    unable to convert "\xC3" to UTF-8 in conversion from ASCII-8BIT to UTF-8 to US-ASCII for README.rdoc, skipping
+    Successfully installed rack-1.5.2
+    Successfully installed tilt-1.4.1
     Successfully installed rack-protection-1.5.3
     Successfully installed sinatra-1.4.5
     4 gems installed
-     ---> 324104cde6ad
-    Removing intermediate container 5e9d0065c1f7
-    Successfully built 324104cde6ad
+    Installing ri documentation for rack-1.5.2...
+    Installing ri documentation for tilt-1.4.1...
+    Installing ri documentation for rack-protection-1.5.3...
+    Installing ri documentation for sinatra-1.4.5...
+    Installing RDoc documentation for rack-1.5.2...
+    Installing RDoc documentation for tilt-1.4.1...
+    Installing RDoc documentation for rack-protection-1.5.3...
+    Installing RDoc documentation for sinatra-1.4.5...
+     ---> 97feabe5d2ed
+    Removing intermediate container 6b81cb6313e5
+    Successfully built 97feabe5d2ed
 
 We've specified our `docker build` command and used the `-t` flag to identify
 our new image as belonging to the user `ouruser`, the repository name `sinatra`
diff --git a/components/engine/hack/release.sh b/components/engine/hack/release.sh
index 2224e0619b..436c2875fa 100755
--- a/components/engine/hack/release.sh
+++ b/components/engine/hack/release.sh
@@ -290,7 +290,8 @@ echo deb $(s3_url)/ubuntu docker main > /etc/apt/sources.list.d/docker.list
 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 # Install docker
-apt-get update ; apt-get install -y lxc-docker
+apt-get update
+apt-get install -y lxc-docker
 
 #
 # Alternatively, just use the curl-able install.sh script provided at $(s3_url)

From 39b46f69f1168af3698d813628e359fdee4d0e57 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Mon, 28 Jul 2014 23:46:14 -0700
Subject: [PATCH 270/516] fix docker integration-cli restart test race

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 5931669343f568114cb209dabf8913be44cd63e8
Component: engine
---
 components/engine/integration-cli/docker_cli_restart_test.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_restart_test.go b/components/engine/integration-cli/docker_cli_restart_test.go
index c62f108cc7..946a7c7ca7 100644
--- a/components/engine/integration-cli/docker_cli_restart_test.go
+++ b/components/engine/integration-cli/docker_cli_restart_test.go
@@ -4,6 +4,7 @@ import (
 	"os/exec"
 	"strings"
 	"testing"
+	"time"
 )
 
 func TestDockerRestartStoppedContainer(t *testing.T) {
@@ -49,6 +50,8 @@ func TestDockerRestartRunningContainer(t *testing.T) {
 
 	cleanedContainerID := stripTrailingCharacters(out)
 
+	time.Sleep(1 * time.Second)
+
 	runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID)
 	out, _, err = runCommandWithOutput(runCmd)
 	errorOut(err, t, out)
@@ -65,6 +68,8 @@ func TestDockerRestartRunningContainer(t *testing.T) {
 	out, _, err = runCommandWithOutput(runCmd)
 	errorOut(err, t, out)
 
+	time.Sleep(1 * time.Second)
+
 	if out != "foobar\nfoobar\n" {
 		t.Errorf("container should've printed 'foobar' twice")
 	}

From cc850d8d72b7569cd326aad405624c0847451aba Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 23 Jul 2014 01:54:56 +0300
Subject: [PATCH 271/516] integcli: add some more docker utils

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: f60c8e9e6154629de8eaa19bfa0f52b2be4791e5
Component: engine
---
 components/engine/integration-cli/docker_utils.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/components/engine/integration-cli/docker_utils.go b/components/engine/integration-cli/docker_utils.go
index e3e5b36d93..e259c97ad9 100644
--- a/components/engine/integration-cli/docker_utils.go
+++ b/components/engine/integration-cli/docker_utils.go
@@ -87,12 +87,26 @@ func pullImageIfNotExist(image string) (err error) {
 	return
 }
 
+// deprecated, use dockerCmd instead
 func cmd(t *testing.T, args ...string) (string, int, error) {
+	return dockerCmd(t, args...)
+}
+
+func dockerCmd(t *testing.T, args ...string) (string, int, error) {
 	out, status, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
 	errorOut(err, t, fmt.Sprintf("'%s' failed with errors: %v (%v)", strings.Join(args, " "), err, out))
 	return out, status, err
 }
 
+// execute a docker command in a directory
+func dockerCmdInDir(t *testing.T, path string, args ...string) (string, int, error) {
+	dockerCommand := exec.Command(dockerBinary, args...)
+	dockerCommand.Dir = path
+	out, status, err := runCommandWithOutput(dockerCommand)
+	errorOut(err, t, fmt.Sprintf("'%s' failed with errors: %v (%v)", strings.Join(args, " "), err, out))
+	return out, status, err
+}
+
 func findContainerIp(t *testing.T, id string) string {
 	cmd := exec.Command(dockerBinary, "inspect", "--format='{{ .NetworkSettings.IPAddress }}'", id)
 	out, _, err := runCommandWithOutput(cmd)

From 93bee1a9ded8406224c53c5a14bbd84b6ff6a0a5 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 29 Jul 2014 16:01:56 +0300
Subject: [PATCH 272/516] integcli: use dockerCmdInDir in build tests

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 372f9bb58b820b85ed1975ea713958b684c17e94
Component: engine
---
 .../integration-cli/docker_cli_build_test.go  | 187 ++++++++----------
 1 file changed, 77 insertions(+), 110 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index bf957ada84..938682ba6f 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -13,24 +13,28 @@ import (
 )
 
 func TestBuildCacheADD(t *testing.T) {
-	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "1")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcacheadd1", ".")
-	buildCmd.Dir = buildDirectory
-	exitCode, err := runCommand(buildCmd)
-	errorOut(err, t, fmt.Sprintf("build failed to complete: %v", err))
+	var (
+		exitCode int
+		out      string
+		err      error
+	)
+	{
+		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "1")
+		out, exitCode, err = dockerCmdInDir(t, buildDirectory, "build", "-t", "testcacheadd1", ".")
+		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
-	if err != nil || exitCode != 0 {
-		t.Fatal("failed to build the image")
+		if err != nil || exitCode != 0 {
+			t.Fatal("failed to build the image")
+		}
 	}
+	{
+		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "2")
+		out, exitCode, err = dockerCmdInDir(t, buildDirectory, "build", "-t", "testcacheadd2", ".")
+		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
-	buildDirectory = filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "2")
-	buildCmd = exec.Command(dockerBinary, "build", "-t", "testcacheadd2", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
-	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
-
-	if err != nil || exitCode != 0 {
-		t.Fatal("failed to build the image")
+		if err != nil || exitCode != 0 {
+			t.Fatal("failed to build the image")
+		}
 	}
 
 	if strings.Contains(out, "Using cache") {
@@ -45,9 +49,7 @@ func TestBuildCacheADD(t *testing.T) {
 
 func TestBuildSixtySteps(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildSixtySteps")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "foobuildsixtysteps", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "foobuildsixtysteps", ".")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -66,9 +68,7 @@ func TestAddSingleFileToRoot(t *testing.T) {
 		t.Fatal(err)
 	}
 	f.Close()
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", ".")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -118,9 +118,7 @@ func TestAddSingleFileToWorkdir(t *testing.T) {
 
 func TestAddSingleFileToExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", "SingleFileToExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -134,9 +132,7 @@ func TestAddSingleFileToExistDir(t *testing.T) {
 
 func TestAddSingleFileToNonExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToNonExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", "SingleFileToNonExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -150,9 +146,7 @@ func TestAddSingleFileToNonExistDir(t *testing.T) {
 
 func TestAddDirContentToRoot(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "DirContentToRoot")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", "DirContentToRoot")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -166,9 +160,7 @@ func TestAddDirContentToRoot(t *testing.T) {
 
 func TestAddDirContentToExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "DirContentToExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", "DirContentToExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -191,9 +183,7 @@ func TestAddWholeDirToRoot(t *testing.T) {
 		t.Fatal(err)
 	}
 	f.Close()
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", ".")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -207,9 +197,7 @@ func TestAddWholeDirToRoot(t *testing.T) {
 
 func TestAddEtcToRoot(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "EtcToRoot")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testaddimg", "EtcToRoot")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -227,9 +215,7 @@ func TestCopySingleFileToRoot(t *testing.T) {
 		t.Fatal(err)
 	}
 	f.Close()
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", ".")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -279,9 +265,7 @@ func TestCopySingleFileToWorkdir(t *testing.T) {
 
 func TestCopySingleFileToExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestCopy")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", "SingleFileToExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", "SingleFileToExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -295,9 +279,7 @@ func TestCopySingleFileToExistDir(t *testing.T) {
 
 func TestCopySingleFileToNonExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestCopy")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", "SingleFileToNonExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", "SingleFileToNonExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -311,9 +293,7 @@ func TestCopySingleFileToNonExistDir(t *testing.T) {
 
 func TestCopyDirContentToRoot(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestCopy")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", "DirContentToRoot")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", "DirContentToRoot")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -327,9 +307,7 @@ func TestCopyDirContentToRoot(t *testing.T) {
 
 func TestCopyDirContentToExistDir(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestCopy")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", "DirContentToExistDir")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", "DirContentToExistDir")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -352,9 +330,7 @@ func TestCopyWholeDirToRoot(t *testing.T) {
 		t.Fatal(err)
 	}
 	f.Close()
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", ".")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", ".")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -368,9 +344,7 @@ func TestCopyWholeDirToRoot(t *testing.T) {
 
 func TestCopyEtcToRoot(t *testing.T) {
 	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestCopy")
-	buildCmd := exec.Command(dockerBinary, "build", "-t", "testcopyimg", "EtcToRoot")
-	buildCmd.Dir = buildDirectory
-	out, exitCode, err := runCommandWithOutput(buildCmd)
+	out, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testcopyimg", "EtcToRoot")
 	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
 
 	if err != nil || exitCode != 0 {
@@ -463,9 +437,7 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 		// This test doesn't require that we run commands as an unprivileged user
 		pathToDirectoryWhichContainsLinks := filepath.Join(buildDirectory, "linksdirectory")
 
-		buildCmd := exec.Command(dockerBinary, "build", "-t", "testlinksok", ".")
-		buildCmd.Dir = pathToDirectoryWhichContainsLinks
-		out, exitCode, err := runCommandWithOutput(buildCmd)
+		out, exitCode, err := dockerCmdInDir(t, pathToDirectoryWhichContainsLinks, "build", "-t", "testlinksok", ".")
 		if err != nil || exitCode != 0 {
 			t.Fatalf("build should have worked: %s %s", err, out)
 		}
@@ -513,9 +485,7 @@ func TestBuildRm(t *testing.T) {
 		}
 
 		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm")
-		buildCmd := exec.Command(dockerBinary, "build", "--rm", "-t", "testbuildrm", ".")
-		buildCmd.Dir = buildDirectory
-		_, exitCode, err := runCommandWithOutput(buildCmd)
+		_, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "--rm", "-t", "testbuildrm", ".")
 
 		if err != nil || exitCode != 0 {
 			t.Fatal("failed to build the image")
@@ -539,9 +509,7 @@ func TestBuildRm(t *testing.T) {
 		}
 
 		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm")
-		buildCmd := exec.Command(dockerBinary, "build", "-t", "testbuildrm", ".")
-		buildCmd.Dir = buildDirectory
-		_, exitCode, err := runCommandWithOutput(buildCmd)
+		_, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "-t", "testbuildrm", ".")
 
 		if err != nil || exitCode != 0 {
 			t.Fatal("failed to build the image")
@@ -565,9 +533,7 @@ func TestBuildRm(t *testing.T) {
 		}
 
 		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildRm")
-		buildCmd := exec.Command(dockerBinary, "build", "--rm=false", "-t", "testbuildrm", ".")
-		buildCmd.Dir = buildDirectory
-		_, exitCode, err := runCommandWithOutput(buildCmd)
+		_, exitCode, err := dockerCmdInDir(t, buildDirectory, "build", "--rm=false", "-t", "testbuildrm", ".")
 
 		if err != nil || exitCode != 0 {
 			t.Fatal("failed to build the image")
@@ -783,52 +749,53 @@ func TestBuildEntrypoint(t *testing.T) {
 
 // #6445 ensure ONBUILD triggers aren't committed to grandchildren
 func TestBuildOnBuildLimitedInheritence(t *testing.T) {
-	name1 := "testonbuildtrigger1"
-	dockerfile1 := `
+	var (
+		out2, out3 string
+	)
+	{
+		name1 := "testonbuildtrigger1"
+		dockerfile1 := `
 		FROM busybox
 		RUN echo "GRANDPARENT"
 		ONBUILD RUN echo "ONBUILD PARENT"
-	`
-	ctx1, err := fakeContext(dockerfile1, nil)
-	if err != nil {
-		t.Fatal(err)
+		`
+		ctx, err := fakeContext(dockerfile1, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		out1, _, err := dockerCmdInDir(t, ctx.Dir, "build", "-t", name1, ".")
+		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out1, err))
+		defer deleteImages(name1)
 	}
-
-	buildCmd := exec.Command(dockerBinary, "build", "-t", name1, ".")
-	buildCmd.Dir = ctx1.Dir
-	out1, _, err := runCommandWithOutput(buildCmd)
-	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out1, err))
-	defer deleteImages(name1)
-
-	name2 := "testonbuildtrigger2"
-	dockerfile2 := `
+	{
+		name2 := "testonbuildtrigger2"
+		dockerfile2 := `
 		FROM testonbuildtrigger1
-	`
-	ctx2, err := fakeContext(dockerfile2, nil)
-	if err != nil {
-		t.Fatal(err)
+		`
+		ctx, err := fakeContext(dockerfile2, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		out2, _, err = dockerCmdInDir(t, ctx.Dir, "build", "-t", name2, ".")
+		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out2, err))
+		defer deleteImages(name2)
 	}
-
-	buildCmd = exec.Command(dockerBinary, "build", "-t", name2, ".")
-	buildCmd.Dir = ctx2.Dir
-	out2, _, err := runCommandWithOutput(buildCmd)
-	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out2, err))
-	defer deleteImages(name2)
-
-	name3 := "testonbuildtrigger3"
-	dockerfile3 := `
+	{
+		name3 := "testonbuildtrigger3"
+		dockerfile3 := `
 		FROM testonbuildtrigger2
-	`
-	ctx3, err := fakeContext(dockerfile3, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+		`
+		ctx, err := fakeContext(dockerfile3, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	buildCmd = exec.Command(dockerBinary, "build", "-t", name3, ".")
-	buildCmd.Dir = ctx3.Dir
-	out3, _, err := runCommandWithOutput(buildCmd)
-	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out3, err))
-	defer deleteImages(name3)
+		out3, _, err = dockerCmdInDir(t, ctx.Dir, "build", "-t", name3, ".")
+		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out3, err))
+		defer deleteImages(name3)
+	}
 
 	// ONBUILD should be run in second build.
 	if !strings.Contains(out2, "ONBUILD PARENT") {

From b7f96039319c814153d3382066712c45061581f2 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Mon, 28 Jul 2014 18:01:21 +0300
Subject: [PATCH 273/516] move resumablerequestreader to pkg

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: c0517857f64d1148d02809e3ba3dd39bf8322ed3
Component: engine
---
 components/engine/pkg/httputils/MAINTAINERS                  | 1 +
 .../{utils => pkg/httputils}/resumablerequestreader.go       | 5 +++--
 components/engine/registry/registry.go                       | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 components/engine/pkg/httputils/MAINTAINERS
 rename components/engine/{utils => pkg/httputils}/resumablerequestreader.go (96%)

diff --git a/components/engine/pkg/httputils/MAINTAINERS b/components/engine/pkg/httputils/MAINTAINERS
new file mode 100644
index 0000000000..6dde4769d7
--- /dev/null
+++ b/components/engine/pkg/httputils/MAINTAINERS
@@ -0,0 +1 @@
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)
diff --git a/components/engine/utils/resumablerequestreader.go b/components/engine/pkg/httputils/resumablerequestreader.go
similarity index 96%
rename from components/engine/utils/resumablerequestreader.go
rename to components/engine/pkg/httputils/resumablerequestreader.go
index bed202ec0c..dbc9d9b292 100644
--- a/components/engine/utils/resumablerequestreader.go
+++ b/components/engine/pkg/httputils/resumablerequestreader.go
@@ -1,8 +1,9 @@
-package utils
+package httputils
 
 import (
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"time"
 )
@@ -70,7 +71,7 @@ func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
 		r.cleanUpResponse()
 	}
 	if err != nil && err != io.EOF {
-		Debugf("encountered error during pull and clearing it before resume: %s", err)
+		log.Printf("encountered error during pull and clearing it before resume: %s", err)
 		err = nil
 	}
 	return n, err
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 567cd9f70f..9563c3b286 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/utils"
 )
 
@@ -423,7 +424,7 @@ func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, i
 
 	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
 		utils.Debugf("server supports resume")
-		return utils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
+		return httputils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
 	}
 	utils.Debugf("server doesn't support resume")
 	return res.Body, nil

From 17543b1068175f2d454ad623bd3206b5d3021513 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Mon, 28 Jul 2014 22:22:58 -0700
Subject: [PATCH 274/516] server/buildfile.go -> builder/builder.go; add
 maintainers file

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 3a177ccd3afdfe481a7248fccb2efe0f2cbdfcca
Component: engine
---
 components/engine/builder/MAINTAINERS         |  2 ++
 .../buildfile.go => builder/builder.go}       | 17 ++++-----
 components/engine/daemon/container.go         |  2 +-
 components/engine/daemon/daemon.go            | 32 +++++++++++++++++
 components/engine/server/server.go            | 35 ++-----------------
 5 files changed, 46 insertions(+), 42 deletions(-)
 create mode 100644 components/engine/builder/MAINTAINERS
 rename components/engine/{server/buildfile.go => builder/builder.go} (97%)

diff --git a/components/engine/builder/MAINTAINERS b/components/engine/builder/MAINTAINERS
new file mode 100644
index 0000000000..4d158aa20e
--- /dev/null
+++ b/components/engine/builder/MAINTAINERS
@@ -0,0 +1,2 @@
+Tibor Vass <teabee89@gmail.com> (@tiborvass)
+Erik Hollensbe <github@hollensbe.org> (@erikh)
diff --git a/components/engine/server/buildfile.go b/components/engine/builder/builder.go
similarity index 97%
rename from components/engine/server/buildfile.go
rename to components/engine/builder/builder.go
index e8e8dbec5a..ae402345dd 100644
--- a/components/engine/server/buildfile.go
+++ b/components/engine/builder/builder.go
@@ -1,4 +1,4 @@
-package server
+package builder
 
 import (
 	"crypto/sha256"
@@ -21,6 +21,7 @@ import (
 
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
@@ -41,7 +42,7 @@ type BuildFile interface {
 
 type buildFile struct {
 	daemon *daemon.Daemon
-	srv    *Server
+	eng    *engine.Engine
 
 	image      string
 	maintainer string
@@ -96,7 +97,7 @@ func (b *buildFile) CmdFrom(name string) error {
 				resolvedAuth := b.configFile.ResolveAuthConfig(endpoint)
 				pullRegistryAuth = &resolvedAuth
 			}
-			job := b.srv.Eng.Job("pull", remote, tag)
+			job := b.eng.Job("pull", remote, tag)
 			job.SetenvBool("json", b.sf.Json())
 			job.SetenvBool("parallel", true)
 			job.SetenvJson("authConfig", pullRegistryAuth)
@@ -167,12 +168,12 @@ func (b *buildFile) CmdMaintainer(name string) error {
 
 // probeCache checks to see if image-caching is enabled (`b.utilizeCache`)
 // and if so attempts to look up the current `b.image` and `b.config` pair
-// in the current server `b.srv`. If an image is found, probeCache returns
+// in the current server `b.daemon`. If an image is found, probeCache returns
 // `(true, nil)`. If no image is found, it returns `(false, nil)`. If there
 // is any error, it returns `(false, err)`.
 func (b *buildFile) probeCache() (bool, error) {
 	if b.utilizeCache {
-		if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil {
+		if cache, err := b.daemon.ImageGetCached(b.image, b.config); err != nil {
 			return false, err
 		} else if cache != nil {
 			fmt.Fprintf(b.outStream, " ---> Using cache\n")
@@ -889,10 +890,10 @@ func fixPermissions(destination string, uid, gid int) error {
 	})
 }
 
-func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, forceRm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
+func NewBuildFile(d *daemon.Daemon, eng *engine.Engine, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, forceRm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
 	return &buildFile{
-		daemon:        srv.daemon,
-		srv:           srv,
+		daemon:        d,
+		eng:           eng,
 		config:        &runconfig.Config{},
 		outStream:     outStream,
 		errStream:     errStream,
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index fad6103c75..537cfc6a75 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -513,7 +513,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 	if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
 		// FIXME: here is race condition between two RUN instructions in Dockerfile
 		// because they share same runconfig and change image. Must be fixed
-		// in server/buildfile.go
+		// in builder/builder.go
 		if err := container.toDisk(); err != nil {
 			utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
 		}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 5703269431..0fadc51d75 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -1099,3 +1099,35 @@ func (daemon *Daemon) checkLocaldns() error {
 	}
 	return nil
 }
+
+func (daemon *Daemon) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) {
+	// Retrieve all images
+	images, err := daemon.Graph().Map()
+	if err != nil {
+		return nil, err
+	}
+
+	// Store the tree in a map of map (map[parentId][childId])
+	imageMap := make(map[string]map[string]struct{})
+	for _, img := range images {
+		if _, exists := imageMap[img.Parent]; !exists {
+			imageMap[img.Parent] = make(map[string]struct{})
+		}
+		imageMap[img.Parent][img.ID] = struct{}{}
+	}
+
+	// Loop on the children of the given image and check the config
+	var match *image.Image
+	for elem := range imageMap[imgID] {
+		img, err := daemon.Graph().Get(elem)
+		if err != nil {
+			return nil, err
+		}
+		if runconfig.Compare(&img.ContainerConfig, config) {
+			if match == nil || match.Created.Before(img.Created) {
+				match = img
+			}
+		}
+	}
+	return match, nil
+}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 87c910b580..072b36f816 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -46,6 +46,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/archive"
+	"github.com/docker/docker/builder"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/dockerversion"
@@ -534,7 +535,7 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 	defer context.Close()
 
 	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
-	b := NewBuildFile(srv,
+	b := builder.NewBuildFile(srv.daemon, srv.Eng,
 		&utils.StdoutFormater{
 			Writer:          job.Stdout,
 			StreamFormatter: sf,
@@ -2058,38 +2059,6 @@ func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error {
 	return nil
 }
 
-func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) {
-	// Retrieve all images
-	images, err := srv.daemon.Graph().Map()
-	if err != nil {
-		return nil, err
-	}
-
-	// Store the tree in a map of map (map[parentId][childId])
-	imageMap := make(map[string]map[string]struct{})
-	for _, img := range images {
-		if _, exists := imageMap[img.Parent]; !exists {
-			imageMap[img.Parent] = make(map[string]struct{})
-		}
-		imageMap[img.Parent][img.ID] = struct{}{}
-	}
-
-	// Loop on the children of the given image and check the config
-	var match *image.Image
-	for elem := range imageMap[imgID] {
-		img, err := srv.daemon.Graph().Get(elem)
-		if err != nil {
-			return nil, err
-		}
-		if runconfig.Compare(&img.ContainerConfig, config) {
-			if match == nil || match.Created.Before(img.Created) {
-				match = img
-			}
-		}
-	}
-	return match, nil
-}
-
 func (srv *Server) setHostConfig(container *daemon.Container, hostConfig *runconfig.HostConfig) error {
 	// Validate the HostConfig binds. Make sure that:
 	// the source exists

From 981a6f43debba48361ba638a3157fd74ecb929c8 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 29 Jul 2014 13:07:59 -0600
Subject: [PATCH 275/516] Add Go 1.2 to Travis so we make sure we keep
 retrocompat for a little while

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 38bce179040c80512c39c42ebbf776e58ac3dfcf
Component: engine
---
 components/engine/.travis.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index d822cecc3c..56f1910c93 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -3,8 +3,11 @@
 
 language: go
 
+go:
 # This should match the version in the Dockerfile.
-go: 1.3
+  - 1.3
+# Test against older versions too, just for a little extra retrocompat.
+  - 1.2
 
 # Let us have pretty experimental Docker-based Travis workers.
 # (These spin up much faster than the VM-based ones.)

From e25f77248db96d1ee547da6072ab19349a8b55ec Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Mon, 28 Jul 2014 17:23:38 -0700
Subject: [PATCH 276/516] Move parsing functions to pkg/parsers and the
 specific kernel handling functions to pkg/parsers/kernel, and parsing filters
 to pkg/parsers/filter. Adjust imports and package references.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 4398108433121ce2ac9942e607da20fa1680871a
Component: engine
---
 components/engine/api/client/commands.go      |  17 +-
 components/engine/api/common.go               |   3 +-
 components/engine/api/server/server.go        |   5 +-
 components/engine/builder/builder.go          |   3 +-
 components/engine/builtins/builtins.go        |   4 +-
 components/engine/daemon/daemon.go            |   3 +-
 .../daemon/graphdriver/devmapper/deviceset.go |   3 +-
 .../daemon/networkdriver/bridge/driver.go     |   3 +-
 components/engine/docker/docker.go            |   5 +-
 components/engine/graph/service.go            |   3 +-
 components/engine/graph/tags.go               |   3 +-
 components/engine/nat/nat.go                  |   4 +-
 components/engine/opts/opts.go                |   4 +-
 components/engine/pkg/parsers/MAINTAINERS     |   1 +
 .../{utils => pkg/parsers}/filters/parse.go   |   0
 .../parsers}/filters/parse_test.go            |   0
 .../engine/pkg/parsers/kernel/kernel.go       |  93 +++++++++
 .../engine/pkg/parsers/kernel/kernel_test.go  |  61 ++++++
 .../parsers/kernel}/uname_linux.go            |   2 +-
 .../parsers/kernel}/uname_unsupported.go      |   2 +-
 components/engine/pkg/parsers/parsers.go      | 110 ++++++++++
 components/engine/pkg/parsers/parsers_test.go |  83 ++++++++
 components/engine/registry/registry.go        |   3 +-
 components/engine/runconfig/parse.go          |   3 +-
 components/engine/runconfig/parse_test.go     |   4 +-
 components/engine/server/server.go            |  16 +-
 components/engine/utils/utils.go              | 190 ------------------
 components/engine/utils/utils_test.go         | 135 -------------
 28 files changed, 400 insertions(+), 363 deletions(-)
 create mode 100644 components/engine/pkg/parsers/MAINTAINERS
 rename components/engine/{utils => pkg/parsers}/filters/parse.go (100%)
 rename components/engine/{utils => pkg/parsers}/filters/parse_test.go (100%)
 create mode 100644 components/engine/pkg/parsers/kernel/kernel.go
 create mode 100644 components/engine/pkg/parsers/kernel/kernel_test.go
 rename components/engine/{utils => pkg/parsers/kernel}/uname_linux.go (93%)
 rename components/engine/{utils => pkg/parsers/kernel}/uname_unsupported.go (93%)
 create mode 100644 components/engine/pkg/parsers/parsers.go
 create mode 100644 components/engine/pkg/parsers/parsers_test.go

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 1853b513fe..ae1002b563 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -28,13 +28,14 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/filters"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/pkg/units"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/docker/utils/filters"
 )
 
 const (
@@ -204,7 +205,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 
 	//Check if the given image name can be resolved
 	if *tag != "" {
-		repository, _ := utils.ParseRepositoryTag(*tag)
+		repository, _ := parsers.ParseRepositoryTag(*tag)
 		if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
 			return err
 		}
@@ -1137,7 +1138,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 
 	cli.LoadConfigFile()
 
-	remote, tag := utils.ParseRepositoryTag(name)
+	remote, tag := parsers.ParseRepositoryTag(name)
 
 	// Resolve the Repository name from fqn to hostname + name
 	hostname, _, err := registry.ResolveRepositoryName(remote)
@@ -1210,7 +1211,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 		v.Set("tag", *tag)
 	}
 
-	remote, _ = utils.ParseRepositoryTag(remote)
+	remote, _ = parsers.ParseRepositoryTag(remote)
 	// Resolve the Repository name from fqn to hostname + name
 	hostname, _, err := registry.ResolveRepositoryName(remote)
 	if err != nil {
@@ -1393,7 +1394,7 @@ func (cli *DockerCli) CmdImages(args ...string) error {
 		for _, out := range outs.Data {
 			for _, repotag := range out.GetList("RepoTags") {
 
-				repo, tag := utils.ParseRepositoryTag(repotag)
+				repo, tag := parsers.ParseRepositoryTag(repotag)
 				outID := out.Get("Id")
 				if !*noTrunc {
 					outID = utils.TruncateID(outID)
@@ -1594,7 +1595,7 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 
 	var (
 		name            = cmd.Arg(0)
-		repository, tag = utils.ParseRepositoryTag(cmd.Arg(1))
+		repository, tag = parsers.ParseRepositoryTag(cmd.Arg(1))
 	)
 
 	if name == "" || len(cmd.Args()) > 2 {
@@ -1918,7 +1919,7 @@ func (cli *DockerCli) CmdTag(args ...string) error {
 	}
 
 	var (
-		repository, tag = utils.ParseRepositoryTag(cmd.Arg(1))
+		repository, tag = parsers.ParseRepositoryTag(cmd.Arg(1))
 		v               = url.Values{}
 	)
 
@@ -1941,7 +1942,7 @@ func (cli *DockerCli) CmdTag(args ...string) error {
 
 func (cli *DockerCli) pullImage(image string) error {
 	v := url.Values{}
-	repos, tag := utils.ParseRepositoryTag(image)
+	repos, tag := parsers.ParseRepositoryTag(image)
 	// pull only the image tagged 'latest' if no tag was specified
 	if tag == "" {
 		tag = "latest"
diff --git a/components/engine/api/common.go b/components/engine/api/common.go
index 5a03cf6ffe..ce92b10d4c 100644
--- a/components/engine/api/common.go
+++ b/components/engine/api/common.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/version"
 	"github.com/docker/docker/utils"
 )
@@ -17,7 +18,7 @@ const (
 )
 
 func ValidateHost(val string) (string, error) {
-	host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTUNIXSOCKET, val)
+	host, err := parsers.ParseHost(DEFAULTHTTPHOST, DEFAULTUNIXSOCKET, val)
 	if err != nil {
 		return val, err
 	}
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 440a468e69..83e2112766 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -25,6 +25,7 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/listenbuffer"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/systemd"
 	"github.com/docker/docker/pkg/user"
 	"github.com/docker/docker/pkg/version"
@@ -484,7 +485,7 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon
 	}
 	if image != "" { //pull
 		if tag == "" {
-			image, tag = utils.ParseRepositoryTag(image)
+			image, tag = parsers.ParseRepositoryTag(image)
 		}
 		metaHeaders := map[string][]string{}
 		for k, v := range r.Header {
@@ -498,7 +499,7 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon
 		job.SetenvJson("authConfig", authConfig)
 	} else { //import
 		if tag == "" {
-			repo, tag = utils.ParseRepositoryTag(repo)
+			repo, tag = parsers.ParseRepositoryTag(repo)
 		}
 		job = eng.Job("import", r.Form.Get("fromSrc"), repo, tag)
 		job.Stdin.Add(r.Body)
diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index ae402345dd..a99139896f 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -23,6 +23,7 @@ import (
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/registry"
@@ -86,7 +87,7 @@ func (b *buildFile) CmdFrom(name string) error {
 	image, err := b.daemon.Repositories().LookupImage(name)
 	if err != nil {
 		if b.daemon.Graph().IsNotExist(err) {
-			remote, tag := utils.ParseRepositoryTag(name)
+			remote, tag := parsers.ParseRepositoryTag(name)
 			pullRegistryAuth := b.authConfig
 			if len(b.configFile.Configs) > 0 {
 				// The request came with a full auth config file, we prefer to use that
diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index a42dec619e..9379c67c88 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -8,9 +8,9 @@ import (
 	"github.com/docker/docker/daemon/networkdriver/bridge"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/server"
-	"github.com/docker/docker/utils"
 )
 
 func Register(eng *engine.Engine) error {
@@ -68,7 +68,7 @@ func dockerVersion(job *engine.Job) engine.Status {
 	v.Set("GoVersion", runtime.Version())
 	v.Set("Os", runtime.GOOS)
 	v.Set("Arch", runtime.GOARCH)
-	if kernelVersion, err := utils.GetKernelVersion(); err == nil {
+	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
 		v.Set("KernelVersion", kernelVersion.String())
 	}
 	if _, err := v.WriteTo(job.Stdout); err != nil {
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0fadc51d75..ecd515e8fd 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -28,6 +28,7 @@ import (
 	"github.com/docker/docker/pkg/graphdb"
 	"github.com/docker/docker/pkg/namesgenerator"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
@@ -724,7 +725,7 @@ func (daemon *Daemon) RegisterLink(parent, child *Container, alias string) error
 func (daemon *Daemon) RegisterLinks(container *Container, hostConfig *runconfig.HostConfig) error {
 	if hostConfig != nil && hostConfig.Links != nil {
 		for _, l := range hostConfig.Links {
-			parts, err := utils.PartParser("name:alias", l)
+			parts, err := parsers.PartParser("name:alias", l)
 			if err != nil {
 				return err
 			}
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index bbe034b148..1aef141ca8 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -19,6 +19,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/units"
 	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/label"
@@ -1166,7 +1167,7 @@ func NewDeviceSet(root string, doInit bool, options []string) (*DeviceSet, error
 
 	foundBlkDiscard := false
 	for _, option := range options {
-		key, val, err := utils.ParseKeyValueOpt(option)
+		key, val, err := parsers.ParseKeyValueOpt(option)
 		if err != nil {
 			return nil, err
 		}
diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index d66ba67127..aeaed67c2e 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -15,6 +15,7 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/netlink"
 )
@@ -306,7 +307,7 @@ func createBridge(bridgeIP string) error {
 }
 
 func createBridgeIface(name string) error {
-	kv, err := utils.GetKernelVersion()
+	kv, err := kernel.GetKernelVersion()
 	// only set the bridge's mac address if the kernel version is > 3.3
 	// before that it was not supported
 	setBridgeMacAddr := err == nil && (kv.Kernel >= 3 && kv.Major >= 3)
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 1ace730d48..5ffa0e2e6f 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -19,6 +19,7 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/sysinit"
 	"github.com/docker/docker/utils"
 )
@@ -292,10 +293,10 @@ func checkKernelAndArch() error {
 	// without actually causing a kernel panic, so we need this workaround until
 	// the circumstances of pre-3.8 crashes are clearer.
 	// For details see http://github.com/docker/docker/issues/407
-	if k, err := utils.GetKernelVersion(); err != nil {
+	if k, err := kernel.GetKernelVersion(); err != nil {
 		log.Printf("WARNING: %s\n", err)
 	} else {
-		if utils.CompareKernelVersion(k, &utils.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
+		if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
 			if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
 				log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
 			}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 82fee68670..75c2b5c846 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/utils"
 )
 
@@ -78,7 +79,7 @@ func (s *TagStore) CmdTag(job *engine.Job) engine.Status {
 		newName = job.Args[0]
 		oldName = job.Args[1]
 	)
-	newRepo, newTag := utils.ParseRepositoryTag(newName)
+	newRepo, newTag := parsers.ParseRepositoryTag(newName)
 	// FIXME: Set should either parse both old and new name, or neither.
 	// 	the current prototype is inconsistent.
 	if err := s.Set(newRepo, newTag, oldName, true); err != nil {
diff --git a/components/engine/graph/tags.go b/components/engine/graph/tags.go
index 343cccf31f..f2a0646acb 100644
--- a/components/engine/graph/tags.go
+++ b/components/engine/graph/tags.go
@@ -11,6 +11,7 @@ import (
 	"sync"
 
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/utils"
 )
 
@@ -72,7 +73,7 @@ func (store *TagStore) reload() error {
 func (store *TagStore) LookupImage(name string) (*image.Image, error) {
 	// FIXME: standardize on returning nil when the image doesn't exist, and err for everything else
 	// (so we can pass all errors here)
-	repos, tag := utils.ParseRepositoryTag(name)
+	repos, tag := parsers.ParseRepositoryTag(name)
 	if tag == "" {
 		tag = DEFAULTTAG
 	}
diff --git a/components/engine/nat/nat.go b/components/engine/nat/nat.go
index 8c402e94bf..ef89eaa0fe 100644
--- a/components/engine/nat/nat.go
+++ b/components/engine/nat/nat.go
@@ -8,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/parsers"
 )
 
 const (
@@ -103,7 +103,7 @@ func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding,
 			rawPort = fmt.Sprintf(":%s", rawPort)
 		}
 
-		parts, err := utils.PartParser(PortSpecTemplate, rawPort)
+		parts, err := parsers.PartParser(PortSpecTemplate, rawPort)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index 434ea03722..43bef37068 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -8,7 +8,7 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/parsers"
 )
 
 // ListOpts type
@@ -94,7 +94,7 @@ func ValidateAttach(val string) (string, error) {
 }
 
 func ValidateLink(val string) (string, error) {
-	if _, err := utils.PartParser("name:alias", val); err != nil {
+	if _, err := parsers.PartParser("name:alias", val); err != nil {
 		return val, err
 	}
 	return val, nil
diff --git a/components/engine/pkg/parsers/MAINTAINERS b/components/engine/pkg/parsers/MAINTAINERS
new file mode 100644
index 0000000000..8c8902530a
--- /dev/null
+++ b/components/engine/pkg/parsers/MAINTAINERS
@@ -0,0 +1 @@
+Erik Hollensbe <github@hollensbe.org> (@erikh)
diff --git a/components/engine/utils/filters/parse.go b/components/engine/pkg/parsers/filters/parse.go
similarity index 100%
rename from components/engine/utils/filters/parse.go
rename to components/engine/pkg/parsers/filters/parse.go
diff --git a/components/engine/utils/filters/parse_test.go b/components/engine/pkg/parsers/filters/parse_test.go
similarity index 100%
rename from components/engine/utils/filters/parse_test.go
rename to components/engine/pkg/parsers/filters/parse_test.go
diff --git a/components/engine/pkg/parsers/kernel/kernel.go b/components/engine/pkg/parsers/kernel/kernel.go
new file mode 100644
index 0000000000..70d09003a3
--- /dev/null
+++ b/components/engine/pkg/parsers/kernel/kernel.go
@@ -0,0 +1,93 @@
+package kernel
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+)
+
+type KernelVersionInfo struct {
+	Kernel int
+	Major  int
+	Minor  int
+	Flavor string
+}
+
+func (k *KernelVersionInfo) String() string {
+	return fmt.Sprintf("%d.%d.%d%s", k.Kernel, k.Major, k.Minor, k.Flavor)
+}
+
+// Compare two KernelVersionInfo struct.
+// Returns -1 if a < b, 0 if a == b, 1 it a > b
+func CompareKernelVersion(a, b *KernelVersionInfo) int {
+	if a.Kernel < b.Kernel {
+		return -1
+	} else if a.Kernel > b.Kernel {
+		return 1
+	}
+
+	if a.Major < b.Major {
+		return -1
+	} else if a.Major > b.Major {
+		return 1
+	}
+
+	if a.Minor < b.Minor {
+		return -1
+	} else if a.Minor > b.Minor {
+		return 1
+	}
+
+	return 0
+}
+
+func GetKernelVersion() (*KernelVersionInfo, error) {
+	var (
+		err error
+	)
+
+	uts, err := uname()
+	if err != nil {
+		return nil, err
+	}
+
+	release := make([]byte, len(uts.Release))
+
+	i := 0
+	for _, c := range uts.Release {
+		release[i] = byte(c)
+		i++
+	}
+
+	// Remove the \x00 from the release for Atoi to parse correctly
+	release = release[:bytes.IndexByte(release, 0)]
+
+	return ParseRelease(string(release))
+}
+
+func ParseRelease(release string) (*KernelVersionInfo, error) {
+	var (
+		kernel, major, minor, parsed int
+		flavor, partial              string
+	)
+
+	// Ignore error from Sscanf to allow an empty flavor.  Instead, just
+	// make sure we got all the version numbers.
+	parsed, _ = fmt.Sscanf(release, "%d.%d%s", &kernel, &major, &partial)
+	if parsed < 2 {
+		return nil, errors.New("Can't parse kernel version " + release)
+	}
+
+	// sometimes we have 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64
+	parsed, _ = fmt.Sscanf(partial, ".%d%s", &minor, &flavor)
+	if parsed < 1 {
+		flavor = partial
+	}
+
+	return &KernelVersionInfo{
+		Kernel: kernel,
+		Major:  major,
+		Minor:  minor,
+		Flavor: flavor,
+	}, nil
+}
diff --git a/components/engine/pkg/parsers/kernel/kernel_test.go b/components/engine/pkg/parsers/kernel/kernel_test.go
new file mode 100644
index 0000000000..e211a63b7d
--- /dev/null
+++ b/components/engine/pkg/parsers/kernel/kernel_test.go
@@ -0,0 +1,61 @@
+package kernel
+
+import (
+	"testing"
+)
+
+func assertParseRelease(t *testing.T, release string, b *KernelVersionInfo, result int) {
+	var (
+		a *KernelVersionInfo
+	)
+	a, _ = ParseRelease(release)
+
+	if r := CompareKernelVersion(a, b); r != result {
+		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)
+	}
+	if a.Flavor != b.Flavor {
+		t.Fatalf("Unexpected parsed kernel flavor.  Found %s, expected %s", a.Flavor, b.Flavor)
+	}
+}
+
+func TestParseRelease(t *testing.T) {
+	assertParseRelease(t, "3.8.0", &KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}, 0)
+	assertParseRelease(t, "3.4.54.longterm-1", &KernelVersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
+	assertParseRelease(t, "3.4.54.longterm-1", &KernelVersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
+	assertParseRelease(t, "3.8.0-19-generic", &KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0, Flavor: "-19-generic"}, 0)
+	assertParseRelease(t, "3.12.8tag", &KernelVersionInfo{Kernel: 3, Major: 12, Minor: 8, Flavor: "tag"}, 0)
+	assertParseRelease(t, "3.12-1-amd64", &KernelVersionInfo{Kernel: 3, Major: 12, Minor: 0, Flavor: "-1-amd64"}, 0)
+}
+
+func assertKernelVersion(t *testing.T, a, b *KernelVersionInfo, result int) {
+	if r := CompareKernelVersion(a, b); r != result {
+		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)
+	}
+}
+
+func TestCompareKernelVersion(t *testing.T) {
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		0)
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 2, Major: 6, Minor: 0},
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		-1)
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		&KernelVersionInfo{Kernel: 2, Major: 6, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		0)
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 5},
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		1)
+	assertKernelVersion(t,
+		&KernelVersionInfo{Kernel: 3, Major: 0, Minor: 20},
+		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
+		-1)
+}
diff --git a/components/engine/utils/uname_linux.go b/components/engine/pkg/parsers/kernel/uname_linux.go
similarity index 93%
rename from components/engine/utils/uname_linux.go
rename to components/engine/pkg/parsers/kernel/uname_linux.go
index 2f4afb41bd..b29fcc3785 100644
--- a/components/engine/utils/uname_linux.go
+++ b/components/engine/pkg/parsers/kernel/uname_linux.go
@@ -1,6 +1,6 @@
 // +build amd64
 
-package utils
+package kernel
 
 import (
 	"syscall"
diff --git a/components/engine/utils/uname_unsupported.go b/components/engine/pkg/parsers/kernel/uname_unsupported.go
similarity index 93%
rename from components/engine/utils/uname_unsupported.go
rename to components/engine/pkg/parsers/kernel/uname_unsupported.go
index 57b82ecab8..9cd8a1eb5e 100644
--- a/components/engine/utils/uname_unsupported.go
+++ b/components/engine/pkg/parsers/kernel/uname_unsupported.go
@@ -1,6 +1,6 @@
 // +build !linux !amd64
 
-package utils
+package kernel
 
 import (
 	"errors"
diff --git a/components/engine/pkg/parsers/parsers.go b/components/engine/pkg/parsers/parsers.go
new file mode 100644
index 0000000000..e6e3718b40
--- /dev/null
+++ b/components/engine/pkg/parsers/parsers.go
@@ -0,0 +1,110 @@
+package parsers
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// FIXME: Change this not to receive default value as parameter
+func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) {
+	var (
+		proto string
+		host  string
+		port  int
+	)
+	addr = strings.TrimSpace(addr)
+	switch {
+	case addr == "tcp://":
+		return "", fmt.Errorf("Invalid bind address format: %s", addr)
+	case strings.HasPrefix(addr, "unix://"):
+		proto = "unix"
+		addr = strings.TrimPrefix(addr, "unix://")
+		if addr == "" {
+			addr = defaultUnix
+		}
+	case strings.HasPrefix(addr, "tcp://"):
+		proto = "tcp"
+		addr = strings.TrimPrefix(addr, "tcp://")
+	case strings.HasPrefix(addr, "fd://"):
+		return addr, nil
+	case addr == "":
+		proto = "unix"
+		addr = defaultUnix
+	default:
+		if strings.Contains(addr, "://") {
+			return "", fmt.Errorf("Invalid bind address protocol: %s", addr)
+		}
+		proto = "tcp"
+	}
+
+	if proto != "unix" && strings.Contains(addr, ":") {
+		hostParts := strings.Split(addr, ":")
+		if len(hostParts) != 2 {
+			return "", fmt.Errorf("Invalid bind address format: %s", addr)
+		}
+		if hostParts[0] != "" {
+			host = hostParts[0]
+		} else {
+			host = defaultHost
+		}
+
+		if p, err := strconv.Atoi(hostParts[1]); err == nil && p != 0 {
+			port = p
+		} else {
+			return "", fmt.Errorf("Invalid bind address format: %s", addr)
+		}
+
+	} else if proto == "tcp" && !strings.Contains(addr, ":") {
+		return "", fmt.Errorf("Invalid bind address format: %s", addr)
+	} else {
+		host = addr
+	}
+	if proto == "unix" {
+		return fmt.Sprintf("%s://%s", proto, host), nil
+	}
+	return fmt.Sprintf("%s://%s:%d", proto, host, port), nil
+}
+
+// Get a repos name and returns the right reposName + tag
+// The tag can be confusing because of a port in a repository name.
+//     Ex: localhost.localdomain:5000/samalba/hipache:latest
+func ParseRepositoryTag(repos string) (string, string) {
+	n := strings.LastIndex(repos, ":")
+	if n < 0 {
+		return repos, ""
+	}
+	if tag := repos[n+1:]; !strings.Contains(tag, "/") {
+		return repos[:n], tag
+	}
+	return repos, ""
+}
+
+func PartParser(template, data string) (map[string]string, error) {
+	// ip:public:private
+	var (
+		templateParts = strings.Split(template, ":")
+		parts         = strings.Split(data, ":")
+		out           = make(map[string]string, len(templateParts))
+	)
+	if len(parts) != len(templateParts) {
+		return nil, fmt.Errorf("Invalid format to parse.  %s should match template %s", data, template)
+	}
+
+	for i, t := range templateParts {
+		value := ""
+		if len(parts) > i {
+			value = parts[i]
+		}
+		out[t] = value
+	}
+	return out, nil
+}
+
+func ParseKeyValueOpt(opt string) (string, string, error) {
+	parts := strings.SplitN(opt, "=", 2)
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("Unable to parse key/value option: %s", opt)
+	}
+	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
+}
diff --git a/components/engine/pkg/parsers/parsers_test.go b/components/engine/pkg/parsers/parsers_test.go
new file mode 100644
index 0000000000..12b8df5708
--- /dev/null
+++ b/components/engine/pkg/parsers/parsers_test.go
@@ -0,0 +1,83 @@
+package parsers
+
+import (
+	"testing"
+)
+
+func TestParseHost(t *testing.T) {
+	var (
+		defaultHttpHost = "127.0.0.1"
+		defaultUnix     = "/var/run/docker.sock"
+	)
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.0"); err == nil {
+		t.Errorf("tcp 0.0.0.0 address expected error return, but err == nil, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://"); err == nil {
+		t.Errorf("default tcp:// address expected error return, but err == nil, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" {
+		t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" {
+		t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" {
+		t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, ""); err != nil || addr != "unix:///var/run/docker.sock" {
+		t.Errorf("empty argument -> expected unix:///var/run/docker.sock, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" {
+		t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix://"); err != nil || addr != "unix:///var/run/docker.sock" {
+		t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1"); err == nil {
+		t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
+	}
+	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1:2375"); err == nil {
+		t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
+	}
+}
+
+func TestParseRepositoryTag(t *testing.T) {
+	if repo, tag := ParseRepositoryTag("root"); repo != "root" || tag != "" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "root", "", repo, tag)
+	}
+	if repo, tag := ParseRepositoryTag("root:tag"); repo != "root" || tag != "tag" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "root", "tag", repo, tag)
+	}
+	if repo, tag := ParseRepositoryTag("user/repo"); repo != "user/repo" || tag != "" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "user/repo", "", repo, tag)
+	}
+	if repo, tag := ParseRepositoryTag("user/repo:tag"); repo != "user/repo" || tag != "tag" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "user/repo", "tag", repo, tag)
+	}
+	if repo, tag := ParseRepositoryTag("url:5000/repo"); repo != "url:5000/repo" || tag != "" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "url:5000/repo", "", repo, tag)
+	}
+	if repo, tag := ParseRepositoryTag("url:5000/repo:tag"); repo != "url:5000/repo" || tag != "tag" {
+		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "url:5000/repo", "tag", repo, tag)
+	}
+}
+
+func TestParsePortMapping(t *testing.T) {
+	data, err := PartParser("ip:public:private", "192.168.1.1:80:8080")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(data) != 3 {
+		t.FailNow()
+	}
+	if data["ip"] != "192.168.1.1" {
+		t.Fail()
+	}
+	if data["public"] != "80" {
+		t.Fail()
+	}
+	if data["private"] != "8080" {
+		t.Fail()
+	}
+}
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 9563c3b286..0d4f2b3cc7 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -25,6 +25,7 @@ import (
 
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/utils"
 )
 
@@ -956,7 +957,7 @@ func HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFacto
 	httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION})
 	httpVersion = append(httpVersion, &simpleVersionInfo{"go", runtime.Version()})
 	httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT})
-	if kernelVersion, err := utils.GetKernelVersion(); err == nil {
+	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
 		httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()})
 	}
 	httpVersion = append(httpVersion, &simpleVersionInfo{"os", runtime.GOOS})
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index fe16e9caaf..741c7469ca 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -9,6 +9,7 @@ import (
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/units"
 	"github.com/docker/docker/utils"
@@ -306,7 +307,7 @@ func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
 func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) {
 	out := make([]utils.KeyValuePair, opts.Len())
 	for i, o := range opts.GetAll() {
-		k, v, err := utils.ParseKeyValueOpt(o)
+		k, v, err := parsers.ParseKeyValueOpt(o)
 		if err != nil {
 			return nil, err
 		}
diff --git a/components/engine/runconfig/parse_test.go b/components/engine/runconfig/parse_test.go
index a45a864924..aa6e4f2877 100644
--- a/components/engine/runconfig/parse_test.go
+++ b/components/engine/runconfig/parse_test.go
@@ -3,14 +3,14 @@ package runconfig
 import (
 	"testing"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/parsers"
 )
 
 func TestParseLxcConfOpt(t *testing.T) {
 	opts := []string{"lxc.utsname=docker", "lxc.utsname = docker "}
 
 	for _, o := range opts {
-		k, v, err := utils.ParseKeyValueOpt(o)
+		k, v, err := parsers.ParseKeyValueOpt(o)
 		if err != nil {
 			t.FailNow()
 		}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 072b36f816..9db3d3d1ed 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -54,12 +54,14 @@ import (
 	"github.com/docker/docker/graph"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/tailfile"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/docker/utils/filters"
 )
 
 func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
@@ -383,7 +385,7 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status {
 		}
 		if img != nil {
 			// This is a named image like 'busybox:latest'
-			repoName, repoTag := utils.ParseRepositoryTag(name)
+			repoName, repoTag := parsers.ParseRepositoryTag(name)
 			if err := srv.exportImage(job.Eng, img.ID, tempdir); err != nil {
 				return job.Error(err)
 			}
@@ -493,7 +495,7 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 	)
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("configFile", configFile)
-	repoName, tag = utils.ParseRepositoryTag(repoName)
+	repoName, tag = parsers.ParseRepositoryTag(repoName)
 
 	if remoteURL == "" {
 		context = ioutil.NopCloser(job.Stdin)
@@ -789,7 +791,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 		imgcount = len(images)
 	}
 	kernelVersion := "<unknown>"
-	if kv, err := utils.GetKernelVersion(); err == nil {
+	if kv, err := kernel.GetKernelVersion(); err == nil {
 		kernelVersion = kv.String()
 	}
 
@@ -1746,7 +1748,7 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 	container, buildWarnings, err := srv.daemon.Create(config, name)
 	if err != nil {
 		if srv.daemon.Graph().IsNotExist(err) {
-			_, tag := utils.ParseRepositoryTag(config.Image)
+			_, tag := parsers.ParseRepositoryTag(config.Image)
 			if tag == "" {
 				tag = graph.DEFAULTTAG
 			}
@@ -1924,7 +1926,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no
 		tagDeleted    bool
 	)
 
-	repoName, tag = utils.ParseRepositoryTag(name)
+	repoName, tag = parsers.ParseRepositoryTag(name)
 	if tag == "" {
 		tag = graph.DEFAULTTAG
 	}
@@ -1950,7 +1952,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no
 	//If delete by id, see if the id belong only to one repository
 	if repoName == "" {
 		for _, repoAndTag := range srv.daemon.Repositories().ByID()[img.ID] {
-			parsedRepo, parsedTag := utils.ParseRepositoryTag(repoAndTag)
+			parsedRepo, parsedTag := parsers.ParseRepositoryTag(repoAndTag)
 			if repoName == "" || repoName == parsedRepo {
 				repoName = parsedRepo
 				if parsedTag != "" {
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 0d3b4d0acb..4dd3034322 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -7,7 +7,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -401,92 +400,6 @@ func HashData(src io.Reader) (string, error) {
 	return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
 }
 
-type KernelVersionInfo struct {
-	Kernel int
-	Major  int
-	Minor  int
-	Flavor string
-}
-
-func (k *KernelVersionInfo) String() string {
-	return fmt.Sprintf("%d.%d.%d%s", k.Kernel, k.Major, k.Minor, k.Flavor)
-}
-
-// Compare two KernelVersionInfo struct.
-// Returns -1 if a < b, 0 if a == b, 1 it a > b
-func CompareKernelVersion(a, b *KernelVersionInfo) int {
-	if a.Kernel < b.Kernel {
-		return -1
-	} else if a.Kernel > b.Kernel {
-		return 1
-	}
-
-	if a.Major < b.Major {
-		return -1
-	} else if a.Major > b.Major {
-		return 1
-	}
-
-	if a.Minor < b.Minor {
-		return -1
-	} else if a.Minor > b.Minor {
-		return 1
-	}
-
-	return 0
-}
-
-func GetKernelVersion() (*KernelVersionInfo, error) {
-	var (
-		err error
-	)
-
-	uts, err := uname()
-	if err != nil {
-		return nil, err
-	}
-
-	release := make([]byte, len(uts.Release))
-
-	i := 0
-	for _, c := range uts.Release {
-		release[i] = byte(c)
-		i++
-	}
-
-	// Remove the \x00 from the release for Atoi to parse correctly
-	release = release[:bytes.IndexByte(release, 0)]
-
-	return ParseRelease(string(release))
-}
-
-func ParseRelease(release string) (*KernelVersionInfo, error) {
-	var (
-		kernel, major, minor, parsed int
-		flavor, partial              string
-	)
-
-	// Ignore error from Sscanf to allow an empty flavor.  Instead, just
-	// make sure we got all the version numbers.
-	parsed, _ = fmt.Sscanf(release, "%d.%d%s", &kernel, &major, &partial)
-	if parsed < 2 {
-		return nil, errors.New("Can't parse kernel version " + release)
-	}
-
-	// sometimes we have 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64
-	parsed, _ = fmt.Sscanf(partial, ".%d%s", &minor, &flavor)
-	if parsed < 1 {
-		flavor = partial
-	}
-
-	return &KernelVersionInfo{
-		Kernel: kernel,
-		Major:  major,
-		Minor:  minor,
-		Flavor: flavor,
-	}, nil
-}
-
 // FIXME: this is deprecated by CopyWithTar in archive.go
 func CopyDirectory(source, dest string) error {
 	if output, err := exec.Command("cp", "-ra", source, dest).CombinedOutput(); err != nil {
@@ -580,80 +493,6 @@ func GetLines(input []byte, commentMarker []byte) [][]byte {
 	return output
 }
 
-// FIXME: Change this not to receive default value as parameter
-func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) {
-	var (
-		proto string
-		host  string
-		port  int
-	)
-	addr = strings.TrimSpace(addr)
-	switch {
-	case addr == "tcp://":
-		return "", fmt.Errorf("Invalid bind address format: %s", addr)
-	case strings.HasPrefix(addr, "unix://"):
-		proto = "unix"
-		addr = strings.TrimPrefix(addr, "unix://")
-		if addr == "" {
-			addr = defaultUnix
-		}
-	case strings.HasPrefix(addr, "tcp://"):
-		proto = "tcp"
-		addr = strings.TrimPrefix(addr, "tcp://")
-	case strings.HasPrefix(addr, "fd://"):
-		return addr, nil
-	case addr == "":
-		proto = "unix"
-		addr = defaultUnix
-	default:
-		if strings.Contains(addr, "://") {
-			return "", fmt.Errorf("Invalid bind address protocol: %s", addr)
-		}
-		proto = "tcp"
-	}
-
-	if proto != "unix" && strings.Contains(addr, ":") {
-		hostParts := strings.Split(addr, ":")
-		if len(hostParts) != 2 {
-			return "", fmt.Errorf("Invalid bind address format: %s", addr)
-		}
-		if hostParts[0] != "" {
-			host = hostParts[0]
-		} else {
-			host = defaultHost
-		}
-
-		if p, err := strconv.Atoi(hostParts[1]); err == nil && p != 0 {
-			port = p
-		} else {
-			return "", fmt.Errorf("Invalid bind address format: %s", addr)
-		}
-
-	} else if proto == "tcp" && !strings.Contains(addr, ":") {
-		return "", fmt.Errorf("Invalid bind address format: %s", addr)
-	} else {
-		host = addr
-	}
-	if proto == "unix" {
-		return fmt.Sprintf("%s://%s", proto, host), nil
-	}
-	return fmt.Sprintf("%s://%s:%d", proto, host, port), nil
-}
-
-// Get a repos name and returns the right reposName + tag
-// The tag can be confusing because of a port in a repository name.
-//     Ex: localhost.localdomain:5000/samalba/hipache:latest
-func ParseRepositoryTag(repos string) (string, string) {
-	n := strings.LastIndex(repos, ":")
-	if n < 0 {
-		return repos, ""
-	}
-	if tag := repos[n+1:]; !strings.Contains(tag, "/") {
-		return repos[:n], tag
-	}
-	return repos, ""
-}
-
 // An StatusError reports an unsuccessful exit by a command.
 type StatusError struct {
 	Status     string
@@ -699,27 +538,6 @@ func ShellQuoteArguments(args []string) string {
 	return buf.String()
 }
 
-func PartParser(template, data string) (map[string]string, error) {
-	// ip:public:private
-	var (
-		templateParts = strings.Split(template, ":")
-		parts         = strings.Split(data, ":")
-		out           = make(map[string]string, len(templateParts))
-	)
-	if len(parts) != len(templateParts) {
-		return nil, fmt.Errorf("Invalid format to parse.  %s should match template %s", data, template)
-	}
-
-	for i, t := range templateParts {
-		value := ""
-		if len(parts) > i {
-			value = parts[i]
-		}
-		out[t] = value
-	}
-	return out, nil
-}
-
 var globalTestID string
 
 // TestDirectory creates a new temporary directory and returns its path.
@@ -833,14 +651,6 @@ func ReadSymlinkedDirectory(path string) (string, error) {
 	return realPath, nil
 }
 
-func ParseKeyValueOpt(opt string) (string, string, error) {
-	parts := strings.SplitN(opt, "=", 2)
-	if len(parts) != 2 {
-		return "", "", fmt.Errorf("Unable to parse key/value option: %s", opt)
-	}
-	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
-}
-
 // TreeSize walks a directory tree and returns its total size in bytes.
 func TreeSize(dir string) (size int64, err error) {
 	data := make(map[uint64]struct{})
diff --git a/components/engine/utils/utils_test.go b/components/engine/utils/utils_test.go
index 5ea1f30b21..cf11182f43 100644
--- a/components/engine/utils/utils_test.go
+++ b/components/engine/utils/utils_test.go
@@ -34,97 +34,6 @@ func TestBufReader(t *testing.T) {
 	}
 }
 
-func assertKernelVersion(t *testing.T, a, b *KernelVersionInfo, result int) {
-	if r := CompareKernelVersion(a, b); r != result {
-		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)
-	}
-}
-
-func TestCompareKernelVersion(t *testing.T) {
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		0)
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 2, Major: 6, Minor: 0},
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		-1)
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		&KernelVersionInfo{Kernel: 2, Major: 6, Minor: 0},
-		1)
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		0)
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 5},
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		1)
-	assertKernelVersion(t,
-		&KernelVersionInfo{Kernel: 3, Major: 0, Minor: 20},
-		&KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0},
-		-1)
-}
-
-func TestParseHost(t *testing.T) {
-	var (
-		defaultHttpHost = "127.0.0.1"
-		defaultUnix     = "/var/run/docker.sock"
-	)
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.0"); err == nil {
-		t.Errorf("tcp 0.0.0.0 address expected error return, but err == nil, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://"); err == nil {
-		t.Errorf("default tcp:// address expected error return, but err == nil, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" {
-		t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" {
-		t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" {
-		t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, ""); err != nil || addr != "unix:///var/run/docker.sock" {
-		t.Errorf("empty argument -> expected unix:///var/run/docker.sock, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" {
-		t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix://"); err != nil || addr != "unix:///var/run/docker.sock" {
-		t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1"); err == nil {
-		t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
-	}
-	if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1:2375"); err == nil {
-		t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
-	}
-}
-
-func TestParseRepositoryTag(t *testing.T) {
-	if repo, tag := ParseRepositoryTag("root"); repo != "root" || tag != "" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "root", "", repo, tag)
-	}
-	if repo, tag := ParseRepositoryTag("root:tag"); repo != "root" || tag != "tag" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "root", "tag", repo, tag)
-	}
-	if repo, tag := ParseRepositoryTag("user/repo"); repo != "user/repo" || tag != "" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "user/repo", "", repo, tag)
-	}
-	if repo, tag := ParseRepositoryTag("user/repo:tag"); repo != "user/repo" || tag != "tag" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "user/repo", "tag", repo, tag)
-	}
-	if repo, tag := ParseRepositoryTag("url:5000/repo"); repo != "url:5000/repo" || tag != "" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "url:5000/repo", "", repo, tag)
-	}
-	if repo, tag := ParseRepositoryTag("url:5000/repo:tag"); repo != "url:5000/repo" || tag != "tag" {
-		t.Errorf("Expected repo: '%s' and tag: '%s', got '%s' and '%s'", "url:5000/repo", "tag", repo, tag)
-	}
-}
-
 func TestCheckLocalDns(t *testing.T) {
 	for resolv, result := range map[string]bool{`# Dynamic
 nameserver 10.0.2.3
@@ -154,50 +63,6 @@ search docker.com`: true,
 		}
 	}
 }
-
-func assertParseRelease(t *testing.T, release string, b *KernelVersionInfo, result int) {
-	var (
-		a *KernelVersionInfo
-	)
-	a, _ = ParseRelease(release)
-
-	if r := CompareKernelVersion(a, b); r != result {
-		t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result)
-	}
-	if a.Flavor != b.Flavor {
-		t.Fatalf("Unexpected parsed kernel flavor.  Found %s, expected %s", a.Flavor, b.Flavor)
-	}
-}
-
-func TestParseRelease(t *testing.T) {
-	assertParseRelease(t, "3.8.0", &KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}, 0)
-	assertParseRelease(t, "3.4.54.longterm-1", &KernelVersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
-	assertParseRelease(t, "3.4.54.longterm-1", &KernelVersionInfo{Kernel: 3, Major: 4, Minor: 54, Flavor: ".longterm-1"}, 0)
-	assertParseRelease(t, "3.8.0-19-generic", &KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0, Flavor: "-19-generic"}, 0)
-	assertParseRelease(t, "3.12.8tag", &KernelVersionInfo{Kernel: 3, Major: 12, Minor: 8, Flavor: "tag"}, 0)
-	assertParseRelease(t, "3.12-1-amd64", &KernelVersionInfo{Kernel: 3, Major: 12, Minor: 0, Flavor: "-1-amd64"}, 0)
-}
-
-func TestParsePortMapping(t *testing.T) {
-	data, err := PartParser("ip:public:private", "192.168.1.1:80:8080")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(data) != 3 {
-		t.FailNow()
-	}
-	if data["ip"] != "192.168.1.1" {
-		t.Fail()
-	}
-	if data["public"] != "80" {
-		t.Fail()
-	}
-	if data["private"] != "8080" {
-		t.Fail()
-	}
-}
-
 func TestReplaceAndAppendEnvVars(t *testing.T) {
 	var (
 		d = []string{"HOME=/"}

From 4d9bca3054088b56c04efa3fc25e5eb3e8e16332 Mon Sep 17 00:00:00 2001
From: hollietealok <hollie@docker.com>
Date: Tue, 29 Jul 2014 13:56:19 -0700
Subject: [PATCH 277/516] Removed OAuth doc from mkdocs.yml

Docker-DCO-1.1-Signed-off-by: hollietealok <hollie@docker.com> (github: hollietealok)
Upstream-commit: 2b9d8248d6136645d3801693370e23d752f748f2
Component: engine
---
 components/engine/docs/mkdocs.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/components/engine/docs/mkdocs.yml b/components/engine/docs/mkdocs.yml
index b75e198906..bb69b16cf3 100755
--- a/components/engine/docs/mkdocs.yml
+++ b/components/engine/docs/mkdocs.yml
@@ -121,7 +121,6 @@ pages:
 - ['reference/api/docker_remote_api_v1.1.md', '**HIDDEN**']
 - ['reference/api/docker_remote_api_v1.0.md', '**HIDDEN**']
 - ['reference/api/remote_api_client_libraries.md', 'Reference', 'Docker Remote API Client Libraries']
-- ['reference/api/docker_io_oauth_api.md', 'Reference', 'Docker Hub OAuth API']
 - ['reference/api/docker_io_accounts_api.md', 'Reference', 'Docker Hub Accounts API']
 
 - ['jsearch.md', '**HIDDEN**']

From bf7a3474f46cfb0813ba63a36a03ecaf80f46053 Mon Sep 17 00:00:00 2001
From: Vishnu Kannan <vishnuk@google.com>
Date: Thu, 24 Jul 2014 21:59:55 +0000
Subject: [PATCH 278/516] Make lxc driver rbind all user specified mounts.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: d82bb603afab96a83ff58090ff807af5d55adc48
Component: engine
---
 .../daemon/execdriver/lxc/lxc_template.go       |  4 ++--
 components/engine/integration/container_test.go | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/lxc_template.go b/components/engine/daemon/execdriver/lxc/lxc_template.go
index 08b3e7c82b..229b0a5144 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_template.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_template.go
@@ -75,9 +75,9 @@ lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountL
 
 {{range $value := .Mounts}}
 {{if $value.Writable}}
-lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none bind,rw 0 0
+lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none rbind,rw 0 0
 {{else}}
-lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none bind,ro 0 0
+lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none rbind,ro 0 0
 {{end}}
 {{end}}
 
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index 4462aba08d..fcf84cf10b 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -6,10 +6,12 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/runconfig"
 )
 
@@ -385,6 +387,21 @@ func TestBindMounts(t *testing.T) {
 		t.Fatal("Container failed to read from bind mount")
 	}
 
+	// Test recursive bind mount works by default
+	// Create a temporary tmpfs mount.
+	tmpfsDir := filepath.Join(tmpDir, "tmpfs")
+	if err := os.MkdirAll(tmpfsDir, 0777); err != nil {
+		t.Fatalf("failed to mkdir at %s - %s", tmpfsDir, err)
+	}
+	if err := mount.Mount("tmpfs", tmpfsDir, "tmpfs", ""); err != nil {
+		t.Fatalf("failed to create a tmpfs mount at %s - %s", tmpfsDir, err)
+	}
+	writeFile(path.Join(tmpfsDir, "touch-me-again"), "", t)
+	stdout, _ = runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:ro", tmpDir), "_", "ls", "/tmp/tmpfs"}, t)
+	if !strings.Contains(stdout, "touch-me-again") {
+		t.Fatal("Container recursive bind mount test failed. Expected file not found")
+	}
+
 	// test writing to bind mount
 	runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "_", "touch", "/tmp/holla"}, t)
 	readFile(path.Join(tmpDir, "holla"), t) // Will fail if the file doesn't exist

From 90b29cb0b4a30582c98cedbecf21db6f36420cbc Mon Sep 17 00:00:00 2001
From: Vishnu Kannan <vishnuk@google.com>
Date: Wed, 30 Jul 2014 02:22:50 +0000
Subject: [PATCH 279/516] Add a cli integration test for recursive bind
 mounting.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 3e1c1567eac59c7b808d37aa45f82ce67227e59c
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 40 +++++++++++++++++++
 .../engine/integration/container_test.go      | 17 --------
 2 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 63d3b133f1..b3f8870a57 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"reflect"
 	"regexp"
 	"sort"
@@ -12,6 +13,7 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 )
 
@@ -1142,6 +1144,44 @@ func TestDisallowBindMountingRootToRoot(t *testing.T) {
 	logDone("run - bind mount /:/ as volume should fail")
 }
 
+// Test recursive bind mount works by default
+func TestDockerRunWithVolumesIsRecursive(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "docker_recursive_mount_test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer os.RemoveAll(tmpDir)
+
+	// Create a temporary tmpfs mount.
+	tmpfsDir := filepath.Join(tmpDir, "tmpfs")
+	if err := os.MkdirAll(tmpfsDir, 0777); err != nil {
+		t.Fatalf("failed to mkdir at %s - %s", tmpfsDir, err)
+	}
+	if err := mount.Mount("tmpfs", tmpfsDir, "tmpfs", ""); err != nil {
+		t.Fatalf("failed to create a tmpfs mount at %s - %s", tmpfsDir, err)
+	}
+
+	f, err := ioutil.TempFile(tmpfsDir, "touch-me")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+
+	runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", fmt.Sprintf("%s:/tmp:ro", tmpDir), "busybox:latest", "ls", "/tmp/tmpfs")
+	out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal(out, stderr, err)
+	}
+	if !strings.Contains(out, filepath.Base(f.Name())) {
+		t.Fatal("Recursive bind mount test failed. Expected file not found")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volumes are bind mounted recuursively")
+}
+
 func TestDnsDefaultOptions(t *testing.T) {
 	cmd := exec.Command(dockerBinary, "run", "busybox", "cat", "/etc/resolv.conf")
 
diff --git a/components/engine/integration/container_test.go b/components/engine/integration/container_test.go
index fcf84cf10b..4462aba08d 100644
--- a/components/engine/integration/container_test.go
+++ b/components/engine/integration/container_test.go
@@ -6,12 +6,10 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
-	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/runconfig"
 )
 
@@ -387,21 +385,6 @@ func TestBindMounts(t *testing.T) {
 		t.Fatal("Container failed to read from bind mount")
 	}
 
-	// Test recursive bind mount works by default
-	// Create a temporary tmpfs mount.
-	tmpfsDir := filepath.Join(tmpDir, "tmpfs")
-	if err := os.MkdirAll(tmpfsDir, 0777); err != nil {
-		t.Fatalf("failed to mkdir at %s - %s", tmpfsDir, err)
-	}
-	if err := mount.Mount("tmpfs", tmpfsDir, "tmpfs", ""); err != nil {
-		t.Fatalf("failed to create a tmpfs mount at %s - %s", tmpfsDir, err)
-	}
-	writeFile(path.Join(tmpfsDir, "touch-me-again"), "", t)
-	stdout, _ = runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:ro", tmpDir), "_", "ls", "/tmp/tmpfs"}, t)
-	if !strings.Contains(stdout, "touch-me-again") {
-		t.Fatal("Container recursive bind mount test failed. Expected file not found")
-	}
-
 	// test writing to bind mount
 	runContainer(eng, r, []string{"-v", fmt.Sprintf("%s:/tmp:rw", tmpDir), "_", "touch", "/tmp/holla"}, t)
 	readFile(path.Join(tmpDir, "holla"), t) // Will fail if the file doesn't exist

From 190fbe906eb4a0f4fa3308d4c6d0d8befceb4784 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 06:37:12 +0000
Subject: [PATCH 280/516] Check for OS and root privileges in NewDaemon

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 419b9fe16425c301855aab781e1386f7a227a09d
Component: engine
---
 components/engine/daemon/daemon.go | 6 ++++++
 components/engine/docker/docker.go | 7 -------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index ecd515e8fd..0dc5470044 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -761,6 +761,12 @@ func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error)
 }
 
 func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
+	if runtime.GOOS != "linux" {
+		log.Fatalf("The Docker daemon is only supported on linux")
+	}
+	if os.Geteuid() != 0 {
+		log.Fatalf("The Docker daemon needs to be run as root")
+	}
 	if !config.EnableSelinuxSupport {
 		selinuxSetDisabled()
 	}
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 5ffa0e2e6f..5719d6bb2a 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -114,13 +114,6 @@ func main() {
 	}
 
 	if *flDaemon {
-		if runtime.GOOS != "linux" {
-			log.Fatalf("The Docker daemon is only supported on linux")
-		}
-		if os.Geteuid() != 0 {
-			log.Fatalf("The Docker daemon needs to be run as root")
-		}
-
 		if flag.NArg() != 0 {
 			flag.Usage()
 			return

From 504ecb28bafd53896478eed5db2bb2553177e9d6 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 06:44:34 +0000
Subject: [PATCH 281/516] Move TMPDIR symlink cleanup to NewDaemon

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: a7d8c732b1760fcb3d5fb99c035a34123809e9cd
Component: engine
---
 components/engine/daemon/daemon.go | 7 +++++++
 components/engine/docker/docker.go | 7 -------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0dc5470044..fa8f9685b0 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -767,6 +767,13 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	if os.Geteuid() != 0 {
 		log.Fatalf("The Docker daemon needs to be run as root")
 	}
+	// set up the TempDir to use a canonical path
+	tmp := os.TempDir()
+	realTmp, err := utils.ReadSymlinkedDirectory(tmp)
+	if err != nil {
+		log.Fatalf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
+	}
+	os.Setenv("TMPDIR", realTmp)
 	if !config.EnableSelinuxSupport {
 		selinuxSetDisabled()
 	}
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 5719d6bb2a..09862e6879 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -119,13 +119,6 @@ func main() {
 			return
 		}
 
-		// set up the TempDir to use a canonical path
-		tmp := os.TempDir()
-		realTmp, err := utils.ReadSymlinkedDirectory(tmp)
-		if err != nil {
-			log.Fatalf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
-		}
-		os.Setenv("TMPDIR", realTmp)
 
 		// get the canonical path to the Docker root directory
 		root := *flRoot

From f3b5291fed66f38ab798b1df61f4ea5a2351a84f Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 06:51:03 +0000
Subject: [PATCH 282/516] Move canonical root path detection to NewDaemon

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: e92a9e0b53d296f6e0caa925a56ebbd76b20acaa
Component: engine
---
 components/engine/daemon/daemon.go | 11 +++++++++++
 components/engine/docker/docker.go | 13 +------------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index fa8f9685b0..b8543e78a6 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -778,6 +778,17 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 		selinuxSetDisabled()
 	}
 
+	// get the canonical path to the Docker root directory
+	var realRoot string
+	if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
+		realRoot = config.Root
+	} else {
+		realRoot, err = utils.ReadSymlinkedDirectory(config.Root)
+		if err != nil {
+			log.Fatalf("Unable to get the full path to root (%s): %s", config.Root, err)
+		}
+	}
+	config.Root = realRoot
 	// Create the root directory if it doesn't exists
 	if err := os.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) {
 		return nil, err
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 09862e6879..155ce1cc50 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -120,17 +120,6 @@ func main() {
 		}
 
 
-		// get the canonical path to the Docker root directory
-		root := *flRoot
-		var realRoot string
-		if _, err := os.Stat(root); err != nil && os.IsNotExist(err) {
-			realRoot = root
-		} else {
-			realRoot, err = utils.ReadSymlinkedDirectory(root)
-			if err != nil {
-				log.Fatalf("Unable to get the full path to root (%s): %s", root, err)
-			}
-		}
 		if err := checkKernelAndArch(); err != nil {
 			log.Fatal(err)
 		}
@@ -157,7 +146,7 @@ func main() {
 			job := eng.Job("initserver")
 			// include the variable here too, for the server config
 			job.Setenv("Pidfile", *pidfile)
-			job.Setenv("Root", realRoot)
+			job.Setenv("Root", *flRoot)
 			job.SetenvBool("AutoRestart", *flAutoRestart)
 			job.SetenvList("Dns", flDns.GetAll())
 			job.SetenvList("DnsSearch", flDnsSearch.GetAll())

From 409af56c062dcd43b30c0b9eb17765887f106451 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 06:51:43 +0000
Subject: [PATCH 283/516] Move kernel version/capabilities detection to
 NewDaemon

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 4949e070fbcac1ef9fbeabe59e3f39cdb830e5fd
Component: engine
---
 components/engine/daemon/daemon.go | 30 ++++++++++++++++++++++++++++
 components/engine/docker/docker.go | 32 ------------------------------
 2 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index b8543e78a6..1d0f6748af 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"path"
 	"regexp"
+	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -29,6 +30,7 @@ import (
 	"github.com/docker/docker/pkg/namesgenerator"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
@@ -767,6 +769,10 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	if os.Geteuid() != 0 {
 		log.Fatalf("The Docker daemon needs to be run as root")
 	}
+	if err := checkKernelAndArch(); err != nil {
+		log.Fatal(err)
+	}
+
 	// set up the TempDir to use a canonical path
 	tmp := os.TempDir()
 	realTmp, err := utils.ReadSymlinkedDirectory(tmp)
@@ -1156,3 +1162,27 @@ func (daemon *Daemon) ImageGetCached(imgID string, config *runconfig.Config) (*i
 	}
 	return match, nil
 }
+
+func checkKernelAndArch() error {
+	// Check for unsupported architectures
+	if runtime.GOARCH != "amd64" {
+		return fmt.Errorf("The Docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)
+	}
+	// Check for unsupported kernel versions
+	// FIXME: it would be cleaner to not test for specific versions, but rather
+	// test for specific functionalities.
+	// Unfortunately we can't test for the feature "does not cause a kernel panic"
+	// without actually causing a kernel panic, so we need this workaround until
+	// the circumstances of pre-3.8 crashes are clearer.
+	// For details see http://github.com/docker/docker/issues/407
+	if k, err := kernel.GetKernelVersion(); err != nil {
+		log.Printf("WARNING: %s\n", err)
+	} else {
+		if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
+			if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
+				log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
+			}
+		}
+	}
+	return nil
+}
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 155ce1cc50..679c91b462 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"os"
 	"path/filepath"
-	"runtime"
 	"strings"
 
 	"github.com/docker/docker/api"
@@ -19,7 +18,6 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/sysinit"
 	"github.com/docker/docker/utils"
 )
@@ -118,12 +116,6 @@ func main() {
 			flag.Usage()
 			return
 		}
-
-
-		if err := checkKernelAndArch(); err != nil {
-			log.Fatal(err)
-		}
-
 		eng := engine.New()
 		// Load builtins
 		if err := builtins.Register(eng); err != nil {
@@ -255,27 +247,3 @@ func main() {
 func showVersion() {
 	fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT)
 }
-
-func checkKernelAndArch() error {
-	// Check for unsupported architectures
-	if runtime.GOARCH != "amd64" {
-		return fmt.Errorf("The Docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH)
-	}
-	// Check for unsupported kernel versions
-	// FIXME: it would be cleaner to not test for specific versions, but rather
-	// test for specific functionalities.
-	// Unfortunately we can't test for the feature "does not cause a kernel panic"
-	// without actually causing a kernel panic, so we need this workaround until
-	// the circumstances of pre-3.8 crashes are clearer.
-	// For details see http://github.com/docker/docker/issues/407
-	if k, err := kernel.GetKernelVersion(); err != nil {
-		log.Printf("WARNING: %s\n", err)
-	} else {
-		if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
-			if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
-				log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
-			}
-		}
-	}
-	return nil
-}

From af5f787532122441db820d783cf9317e24dab534 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 08:16:23 +0000
Subject: [PATCH 284/516] Move Server.ContainerAttach to Daemon.ContainerAttach

This is part of an effort to break apart the legacy server package. Help wanted!

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: c2496d97cc58e0720988acf4e989689945bb3a54
Component: engine
---
 components/engine/builder/builder.go  |   5 ++
 components/engine/daemon/attach.go    | 111 ++++++++++++++++++++++++++
 components/engine/daemon/daemon.go    |   8 +-
 components/engine/server/container.go |  99 -----------------------
 components/engine/server/init.go      |   1 -
 5 files changed, 123 insertions(+), 101 deletions(-)

diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index a99139896f..30c664653c 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -683,6 +683,11 @@ func (b *buildFile) run(c *daemon.Container) error {
 	var errCh chan error
 	if b.verbose {
 		errCh = utils.Go(func() error {
+			// FIXME: call the 'attach' job so that daemon.Attach can be made private
+			//
+			// FIXME (LK4D4): Also, maybe makes sense to call "logs" job, it is like attach
+			// but without hijacking for stdin. Also, with attach there can be race
+			// condition because of some output already was printed before it.
 			return <-b.daemon.Attach(c, nil, nil, b.outStream, b.errStream)
 		})
 	}
diff --git a/components/engine/daemon/attach.go b/components/engine/daemon/attach.go
index 665d4a20af..ad8649f4e1 100644
--- a/components/engine/daemon/attach.go
+++ b/components/engine/daemon/attach.go
@@ -1,11 +1,122 @@
 package daemon
 
 import (
+	"encoding/json"
+	"fmt"
 	"io"
+	"os"
+	"time"
 
+	"github.com/docker/docker/engine"
 	"github.com/docker/docker/utils"
 )
 
+func (daemon *Daemon) ContainerAttach(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+
+	var (
+		name   = job.Args[0]
+		logs   = job.GetenvBool("logs")
+		stream = job.GetenvBool("stream")
+		stdin  = job.GetenvBool("stdin")
+		stdout = job.GetenvBool("stdout")
+		stderr = job.GetenvBool("stderr")
+	)
+
+	container := daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	//logs
+	if logs {
+		cLog, err := container.ReadLog("json")
+		if err != nil && os.IsNotExist(err) {
+			// Legacy logs
+			utils.Debugf("Old logs format")
+			if stdout {
+				cLog, err := container.ReadLog("stdout")
+				if err != nil {
+					utils.Errorf("Error reading logs (stdout): %s", err)
+				} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
+					utils.Errorf("Error streaming logs (stdout): %s", err)
+				}
+			}
+			if stderr {
+				cLog, err := container.ReadLog("stderr")
+				if err != nil {
+					utils.Errorf("Error reading logs (stderr): %s", err)
+				} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
+					utils.Errorf("Error streaming logs (stderr): %s", err)
+				}
+			}
+		} else if err != nil {
+			utils.Errorf("Error reading logs (json): %s", err)
+		} else {
+			dec := json.NewDecoder(cLog)
+			for {
+				l := &utils.JSONLog{}
+
+				if err := dec.Decode(l); err == io.EOF {
+					break
+				} else if err != nil {
+					utils.Errorf("Error streaming logs: %s", err)
+					break
+				}
+				if l.Stream == "stdout" && stdout {
+					fmt.Fprintf(job.Stdout, "%s", l.Log)
+				}
+				if l.Stream == "stderr" && stderr {
+					fmt.Fprintf(job.Stderr, "%s", l.Log)
+				}
+			}
+		}
+	}
+
+	//stream
+	if stream {
+		var (
+			cStdin           io.ReadCloser
+			cStdout, cStderr io.Writer
+			cStdinCloser     io.Closer
+		)
+
+		if stdin {
+			r, w := io.Pipe()
+			go func() {
+				defer w.Close()
+				defer utils.Debugf("Closing buffered stdin pipe")
+				io.Copy(w, job.Stdin)
+			}()
+			cStdin = r
+			cStdinCloser = job.Stdin
+		}
+		if stdout {
+			cStdout = job.Stdout
+		}
+		if stderr {
+			cStderr = job.Stderr
+		}
+
+		<-daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr)
+
+		// If we are in stdinonce mode, wait for the process to end
+		// otherwise, simply return
+		if container.Config.StdinOnce && !container.Config.Tty {
+			container.State.WaitStop(-1 * time.Second)
+		}
+	}
+	return engine.StatusOK
+}
+
+// FIXME: this should be private, and every outside subsystem
+// should go through the "container_attach" job. But that would require
+// that job to be properly documented, as well as the relationship betweem
+// Attach and ContainerAttach.
+//
+// This method is in use by builder/builder.go.
 func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error {
 	var (
 		cStdout, cStderr io.ReadCloser
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 1d0f6748af..9bc5a66efd 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -105,7 +105,13 @@ type Daemon struct {
 
 // Install installs daemon capabilities to eng.
 func (daemon *Daemon) Install(eng *engine.Engine) error {
-	return eng.Register("container_inspect", daemon.ContainerInspect)
+	if err := eng.Register("container_inspect", daemon.ContainerInspect); err != nil {
+		return err
+	}
+	if err := eng.Register("attach", daemon.ContainerAttach); err != nil {
+		return err
+	}
+	return nil
 }
 
 // List returns an array of all containers registered in the daemon.
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 3e76086a1a..f4ad3cab16 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -798,105 +798,6 @@ func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerAttach(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-
-	var (
-		name   = job.Args[0]
-		logs   = job.GetenvBool("logs")
-		stream = job.GetenvBool("stream")
-		stdin  = job.GetenvBool("stdin")
-		stdout = job.GetenvBool("stdout")
-		stderr = job.GetenvBool("stderr")
-	)
-
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	//logs
-	if logs {
-		cLog, err := container.ReadLog("json")
-		if err != nil && os.IsNotExist(err) {
-			// Legacy logs
-			utils.Debugf("Old logs format")
-			if stdout {
-				cLog, err := container.ReadLog("stdout")
-				if err != nil {
-					utils.Errorf("Error reading logs (stdout): %s", err)
-				} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stdout): %s", err)
-				}
-			}
-			if stderr {
-				cLog, err := container.ReadLog("stderr")
-				if err != nil {
-					utils.Errorf("Error reading logs (stderr): %s", err)
-				} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stderr): %s", err)
-				}
-			}
-		} else if err != nil {
-			utils.Errorf("Error reading logs (json): %s", err)
-		} else {
-			dec := json.NewDecoder(cLog)
-			for {
-				l := &utils.JSONLog{}
-
-				if err := dec.Decode(l); err == io.EOF {
-					break
-				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
-					break
-				}
-				if l.Stream == "stdout" && stdout {
-					fmt.Fprintf(job.Stdout, "%s", l.Log)
-				}
-				if l.Stream == "stderr" && stderr {
-					fmt.Fprintf(job.Stderr, "%s", l.Log)
-				}
-			}
-		}
-	}
-
-	//stream
-	if stream {
-		var (
-			cStdin           io.ReadCloser
-			cStdout, cStderr io.Writer
-			cStdinCloser     io.Closer
-		)
-
-		if stdin {
-			r, w := io.Pipe()
-			go func() {
-				defer w.Close()
-				defer utils.Debugf("Closing buffered stdin pipe")
-				io.Copy(w, job.Stdin)
-			}()
-			cStdin = r
-			cStdinCloser = job.Stdin
-		}
-		if stdout {
-			cStdout = job.Stdout
-		}
-		if stderr {
-			cStderr = job.Stderr
-		}
-
-		<-srv.daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr)
-
-		// If we are in stdinonce mode, wait for the process to end
-		// otherwise, simply return
-		if container.Config.StdinOnce && !container.Config.Tty {
-			container.State.WaitStop(-1 * time.Second)
-		}
-	}
-	return engine.StatusOK
-}
 
 func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 {
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index dfb24c0e96..cbc5cddaf1 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -105,7 +105,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"history":          srv.ImageHistory,
 		"viz":              srv.ImagesViz,
 		"container_copy":   srv.ContainerCopy,
-		"attach":           srv.ContainerAttach,
 		"logs":             srv.ContainerLogs,
 		"changes":          srv.ContainerChanges,
 		"top":              srv.ContainerTop,

From cf5bb0be0a56f66112793a05b676bb743772e8a2 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 09:12:38 +0000
Subject: [PATCH 285/516] New job "log": logs a new event

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 0af7b5f83d7f66a013e9bd66a9b4066a1de4eae8
Component: engine
---
 components/engine/server/events.go | 10 ++++++++++
 components/engine/server/init.go   |  1 +
 2 files changed, 11 insertions(+)

diff --git a/components/engine/server/events.go b/components/engine/server/events.go
index 0f13d0885e..214dd69e04 100644
--- a/components/engine/server/events.go
+++ b/components/engine/server/events.go
@@ -71,6 +71,16 @@ func (srv *Server) Events(job *engine.Job) engine.Status {
 	}
 }
 
+// FIXME: this is a shim to allow breaking up other parts of Server without
+// dragging the sphagetti dependency along.
+func (srv *Server) Log(job *engine.Job) engine.Status {
+	if len(job.Args) != 3 {
+		return job.Errorf("usage: %s ACTION ID FROM", job.Name)
+	}
+	srv.LogEvent(job.Args[0], job.Args[1], job.Args[2])
+	return engine.StatusOK
+}
+
 func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage {
 	now := time.Now().UTC().Unix()
 	jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index cbc5cddaf1..961c7064f3 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -105,6 +105,7 @@ func InitServer(job *engine.Job) engine.Status {
 		"history":          srv.ImageHistory,
 		"viz":              srv.ImagesViz,
 		"container_copy":   srv.ContainerCopy,
+		"log":              srv.Log,
 		"logs":             srv.ContainerLogs,
 		"changes":          srv.ContainerChanges,
 		"top":              srv.ContainerTop,

From 18545c4dec62dbf8d44bdb72159ac26a0fe2f743 Mon Sep 17 00:00:00 2001
From: Timothy <timothyhobbs@seznam.cz>
Date: Sat, 19 Jul 2014 06:26:08 +0000
Subject: [PATCH 286/516] Apply @jamtur01's copy edit's to certificates.md

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: fae72c83be211c4331e1982a3d548c6101240501
Component: engine
---
 components/engine/docs/sources/articles/certificates.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/docs/sources/articles/certificates.md b/components/engine/docs/sources/articles/certificates.md
index 3772a7bc57..e8185a518a 100644
--- a/components/engine/docs/sources/articles/certificates.md
+++ b/components/engine/docs/sources/articles/certificates.md
@@ -30,9 +30,9 @@ So, an example setup would be::
        ├── client.key
        └── localhost.crt
 
-A simple way to test this setup is to use an apache server to host a
-registry. Just copy a registry tree into the apache root,
-[here](http://people.gnome.org/~alexl/v1.tar.gz) is an example one
+A simple way to test this setup is to use an Apache server to host a
+registry. Just copy a registry tree into the Apache root,
+[here](http://people.gnome.org/~alexl/v1.tar.gz) is an example of one
 containing the busybox image.
 
 Then add this conf file as `/etc/httpd/conf.d/registry.conf`:

From 5a8e5fe7dcd86460f0d9bb70c888b22a67f4b9f3 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 06:42:12 -0700
Subject: [PATCH 287/516] utils/tarsum* -> pkg/tarsum

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 1219e458d105461fd7de23fa4b04a1233f61f8a4
Component: engine
---
 components/engine/builder/builder.go                   |  7 ++++---
 components/engine/{utils => pkg/tarsum}/tarsum.go      | 10 ++++++----
 components/engine/{utils => pkg/tarsum}/tarsum_test.go |  2 +-
 components/engine/registry/registry.go                 |  3 ++-
 4 files changed, 13 insertions(+), 9 deletions(-)
 rename components/engine/{utils => pkg/tarsum}/tarsum.go (96%)
 rename components/engine/{utils => pkg/tarsum}/tarsum_test.go (99%)

diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index a99139896f..7f59efcc0f 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -26,6 +26,7 @@ import (
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/tarsum"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
@@ -50,7 +51,7 @@ type buildFile struct {
 	config     *runconfig.Config
 
 	contextPath string
-	context     *utils.TarSum
+	context     *tarsum.TarSum
 
 	verbose      bool
 	utilizeCache bool
@@ -555,7 +556,7 @@ func (b *buildFile) runContextCommand(args string, allowRemote bool, allowDecomp
 		if err != nil {
 			return err
 		}
-		tarSum := &utils.TarSum{Reader: r, DisableCompression: true}
+		tarSum := &tarsum.TarSum{Reader: r, DisableCompression: true}
 		if _, err := io.Copy(ioutil.Discard, tarSum); err != nil {
 			return err
 		}
@@ -777,7 +778,7 @@ func (b *buildFile) Build(context io.Reader) (string, error) {
 		return "", err
 	}
 
-	b.context = &utils.TarSum{Reader: decompressedStream, DisableCompression: true}
+	b.context = &tarsum.TarSum{Reader: decompressedStream, DisableCompression: true}
 	if err := archive.Untar(b.context, tmpdirPath, nil); err != nil {
 		return "", err
 	}
diff --git a/components/engine/utils/tarsum.go b/components/engine/pkg/tarsum/tarsum.go
similarity index 96%
rename from components/engine/utils/tarsum.go
rename to components/engine/pkg/tarsum/tarsum.go
index afdf128ce6..5f562762b7 100644
--- a/components/engine/utils/tarsum.go
+++ b/components/engine/pkg/tarsum/tarsum.go
@@ -1,16 +1,18 @@
-package utils
+package tarsum
 
 import (
 	"bytes"
 	"compress/gzip"
 	"crypto/sha256"
 	"encoding/hex"
-	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"hash"
 	"io"
 	"sort"
 	"strconv"
 	"strings"
+
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 type TarSum struct {
@@ -168,11 +170,11 @@ func (ts *TarSum) Sum(extra []byte) string {
 		h.Write(extra)
 	}
 	for _, sum := range sums {
-		Debugf("-->%s<--", sum)
+		utils.Debugf("-->%s<--", sum)
 		h.Write([]byte(sum))
 	}
 	checksum := "tarsum+sha256:" + hex.EncodeToString(h.Sum(nil))
-	Debugf("checksum processed: %s", checksum)
+	utils.Debugf("checksum processed: %s", checksum)
 	return checksum
 }
 
diff --git a/components/engine/utils/tarsum_test.go b/components/engine/pkg/tarsum/tarsum_test.go
similarity index 99%
rename from components/engine/utils/tarsum_test.go
rename to components/engine/pkg/tarsum/tarsum_test.go
index 7904292ddf..f251f0993f 100644
--- a/components/engine/utils/tarsum_test.go
+++ b/components/engine/pkg/tarsum/tarsum_test.go
@@ -1,4 +1,4 @@
-package utils
+package tarsum
 
 import (
 	"bytes"
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 0d4f2b3cc7..106a518141 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -26,6 +26,7 @@ import (
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/httputils"
 	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/tarsum"
 	"github.com/docker/docker/utils"
 )
 
@@ -638,7 +639,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 
 	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
 
-	tarsumLayer := &utils.TarSum{Reader: layer}
+	tarsumLayer := &tarsum.TarSum{Reader: layer}
 	h := sha256.New()
 	h.Write(jsonRaw)
 	h.Write([]byte{'\n'})

From 3d1163e7b440f9dafec2f4aa8868a5046e8f3fb9 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 06:52:24 -0700
Subject: [PATCH 288/516] move testdata to tarsum package.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 4184cccb0f291b329292da1a31108407cb1a4750
Component: engine
---
 .../json                                            |   0
 .../layer.tar                                       | Bin
 .../json                                            |   0
 .../layer.tar                                       | Bin
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename components/engine/{utils => pkg/tarsum}/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json (100%)
 rename components/engine/{utils => pkg/tarsum}/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar (100%)
 rename components/engine/{utils => pkg/tarsum}/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json (100%)
 rename components/engine/{utils => pkg/tarsum}/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar (100%)

diff --git a/components/engine/utils/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json b/components/engine/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
similarity index 100%
rename from components/engine/utils/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
rename to components/engine/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json
diff --git a/components/engine/utils/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar b/components/engine/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar
similarity index 100%
rename from components/engine/utils/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar
rename to components/engine/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar
diff --git a/components/engine/utils/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json b/components/engine/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
similarity index 100%
rename from components/engine/utils/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
rename to components/engine/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json
diff --git a/components/engine/utils/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar b/components/engine/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar
similarity index 100%
rename from components/engine/utils/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar
rename to components/engine/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar

From f0afd9ad9ae137f291a4a65e98574f415c858563 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 09:13:53 +0000
Subject: [PATCH 289/516] Move "pause" to daemon/pause.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 42a77de3d3867e2f34b455fc343e293eed994dcd
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/pause.go     | 21 +++++++++++++++++++++
 components/engine/server/container.go | 17 -----------------
 components/engine/server/init.go      |  1 -
 4 files changed, 24 insertions(+), 18 deletions(-)
 create mode 100644 components/engine/daemon/pause.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 9bc5a66efd..cc20954d61 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -111,6 +111,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("attach", daemon.ContainerAttach); err != nil {
 		return err
 	}
+	if err := eng.Register("pause", daemon.ContainerPause); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/pause.go b/components/engine/daemon/pause.go
new file mode 100644
index 0000000000..57f492e293
--- /dev/null
+++ b/components/engine/daemon/pause.go
@@ -0,0 +1,21 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerPause(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	container := daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	if err := container.Pause(); err != nil {
+		return job.Errorf("Cannot pause container %s: %s", name, err)
+	}
+	job.Eng.Job("log", "pause", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index f4ad3cab16..073d68d7ce 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -31,22 +31,6 @@ import (
 	"github.com/docker/docker/utils"
 )
 
-func (srv *Server) ContainerPause(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	if err := container.Pause(); err != nil {
-		return job.Errorf("Cannot pause container %s: %s", name, err)
-	}
-	srv.LogEvent("pause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerUnpause(job *engine.Job) engine.Status {
 	if n := len(job.Args); n < 1 || n > 2 {
 		return job.Errorf("Usage: %s CONTAINER", job.Name)
@@ -798,7 +782,6 @@ func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-
 func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 {
 		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 961c7064f3..189b9e52f7 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -92,7 +92,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"restart":          srv.ContainerRestart,
 		"start":            srv.ContainerStart,
 		"kill":             srv.ContainerKill,
-		"pause":            srv.ContainerPause,
 		"unpause":          srv.ContainerUnpause,
 		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"

From 9698011529e94e94a3c08618361b7e317c3911cf Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 30 Jul 2014 09:35:39 +0000
Subject: [PATCH 290/516] Move "unpause" to daemon/pause.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 63bd4ad9d6d0c55691ff33cbfd24684ef91649e4
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/pause.go     | 16 ++++++++++++++++
 components/engine/server/container.go | 16 ----------------
 components/engine/server/init.go      |  1 -
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index cc20954d61..e4304b2a48 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -114,6 +114,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("pause", daemon.ContainerPause); err != nil {
 		return err
 	}
+	if err := eng.Register("unpause", daemon.ContainerUnpause); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/pause.go b/components/engine/daemon/pause.go
index 57f492e293..72e5cee020 100644
--- a/components/engine/daemon/pause.go
+++ b/components/engine/daemon/pause.go
@@ -19,3 +19,19 @@ func (daemon *Daemon) ContainerPause(job *engine.Job) engine.Status {
 	job.Eng.Job("log", "pause", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
 	return engine.StatusOK
 }
+
+func (daemon *Daemon) ContainerUnpause(job *engine.Job) engine.Status {
+	if n := len(job.Args); n < 1 || n > 2 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	container := daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	if err := container.Unpause(); err != nil {
+		return job.Errorf("Cannot unpause container %s: %s", name, err)
+	}
+	job.Eng.Job("log", "unpause", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 073d68d7ce..b37fa521f5 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -31,22 +31,6 @@ import (
 	"github.com/docker/docker/utils"
 )
 
-func (srv *Server) ContainerUnpause(job *engine.Job) engine.Status {
-	if n := len(job.Args); n < 1 || n > 2 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	if err := container.Unpause(); err != nil {
-		return job.Errorf("Cannot unpause container %s: %s", name, err)
-	}
-	srv.LogEvent("unpause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	return engine.StatusOK
-}
-
 // ContainerKill send signal to the container
 // If no signal is given (sig 0), then Kill with SIGKILL and wait
 // for the container to exit.
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 189b9e52f7..9b6033b6c0 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -92,7 +92,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"restart":          srv.ContainerRestart,
 		"start":            srv.ContainerStart,
 		"kill":             srv.ContainerKill,
-		"unpause":          srv.ContainerUnpause,
 		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
 		"resize":           srv.ContainerResize,

From ca4826fd779be8914c847705d45d0ef2ea199c53 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Thu, 24 Jul 2014 11:42:38 -0400
Subject: [PATCH 291/516] Add OS to docker info

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: b0fb0055d279bc25aa2f91c112929ea8eb92c1db
Component: engine
---
 components/engine/api/client/commands.go      |   1 +
 components/engine/docs/man/docker-info.1.md   |  20 ++-
 .../docs/sources/reference/commandline/cli.md |  15 ++-
 .../operatingsystem/operatingsystem.go        |  40 ++++++
 .../operatingsystem/operatingsystem_test.go   | 123 ++++++++++++++++++
 components/engine/server/server.go            |  13 ++
 6 files changed, 193 insertions(+), 19 deletions(-)
 create mode 100644 components/engine/pkg/parsers/operatingsystem/operatingsystem.go
 create mode 100644 components/engine/pkg/parsers/operatingsystem/operatingsystem_test.go

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index ae1002b563..bc1a4f1a8a 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -493,6 +493,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	}
 	fmt.Fprintf(cli.out, "Execution Driver: %s\n", remoteInfo.Get("ExecutionDriver"))
 	fmt.Fprintf(cli.out, "Kernel Version: %s\n", remoteInfo.Get("KernelVersion"))
+	fmt.Fprintf(cli.out, "Operating System: %s\n", remoteInfo.Get("OperatingSystem"))
 
 	if remoteInfo.GetBool("Debug") || os.Getenv("DEBUG") != "" {
 		fmt.Fprintf(cli.out, "Debug mode (server): %v\n", remoteInfo.GetBool("Debug"))
diff --git a/components/engine/docs/man/docker-info.1.md b/components/engine/docs/man/docker-info.1.md
index 2945d61dfe..bf64a7b543 100644
--- a/components/engine/docs/man/docker-info.1.md
+++ b/components/engine/docs/man/docker-info.1.md
@@ -29,18 +29,14 @@ There are no available options.
 Here is a sample output:
 
     # docker info
-    Containers: 18
-    Images: 95
-    Storage Driver: devicemapper
-     Pool Name: docker-8:1-170408448-pool
-     Data file: /var/lib/docker/devicemapper/devicemapper/data
-     Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
-     Data Space Used: 9946.3 Mb
-     Data Space Total: 102400.0 Mb
-     Metadata Space Used: 9.9 Mb
-     Metadata Space Total: 2048.0 Mb
-    Execution Driver: native-0.1
-    Kernel Version: 3.10.0-116.el7.x86_64
+    Containers: 14
+    Images: 52
+    Storage Driver: aufs
+     Root Dir: /var/lib/docker/aufs
+     Dirs: 80
+    Execution Driver: native-0.2
+    Kernel Version: 3.13.0-24-generic
+    Operating System: Ubuntu 14.04 LTS
 
 # HISTORY
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 9a5ace4716..83590a60e1 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -605,18 +605,19 @@ tar, then the ownerships might not get preserved.
 For example:
 
     $ sudo docker -D info
-    Containers: 16
-    Images: 2138
+    Containers: 14
+    Images: 52
     Storage Driver: btrfs
-    Execution Driver: native-0.1
-    Kernel Version: 3.12.0-1-amd64
+    Execution Driver: native-0.2
+    Kernel Version: 3.13.0-24-generic
+    Operating System: Ubuntu 14.04 LTS
     Debug mode (server): false
     Debug mode (client): true
-    Fds: 16
-    Goroutines: 104
+    Fds: 10
+    Goroutines: 9
     EventsListeners: 0
     Init Path: /usr/bin/docker
-    Sockets: [unix:///var/run/docker.sock tcp://0.0.0.0:4243]
+    Sockets: [unix:///var/run/docker.sock]
     Username: svendowideit
     Registry: [https://index.docker.io/v1/]
 
diff --git a/components/engine/pkg/parsers/operatingsystem/operatingsystem.go b/components/engine/pkg/parsers/operatingsystem/operatingsystem.go
new file mode 100644
index 0000000000..af185f9f6b
--- /dev/null
+++ b/components/engine/pkg/parsers/operatingsystem/operatingsystem.go
@@ -0,0 +1,40 @@
+package operatingsystem
+
+import (
+	"bytes"
+	"errors"
+	"io/ioutil"
+)
+
+var (
+	// file to use to detect if the daemon is running in a container
+	proc1Cgroup = "/proc/1/cgroup"
+
+	// file to check to determine Operating System
+	etcOsRelease = "/etc/os-release"
+)
+
+func GetOperatingSystem() (string, error) {
+	b, err := ioutil.ReadFile(etcOsRelease)
+	if err != nil {
+		return "", err
+	}
+	if i := bytes.Index(b, []byte("PRETTY_NAME")); i >= 0 {
+		b = b[i+13:]
+		return string(b[:bytes.IndexByte(b, '"')]), nil
+	}
+	return "", errors.New("PRETTY_NAME not found")
+}
+
+func IsContainerized() (bool, error) {
+	b, err := ioutil.ReadFile(proc1Cgroup)
+	if err != nil {
+		return false, err
+	}
+	for _, line := range bytes.Split(b, []byte{'\n'}) {
+		if len(line) > 0 && !bytes.HasSuffix(line, []byte{'/'}) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
diff --git a/components/engine/pkg/parsers/operatingsystem/operatingsystem_test.go b/components/engine/pkg/parsers/operatingsystem/operatingsystem_test.go
new file mode 100644
index 0000000000..d264b35f03
--- /dev/null
+++ b/components/engine/pkg/parsers/operatingsystem/operatingsystem_test.go
@@ -0,0 +1,123 @@
+package operatingsystem
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestGetOperatingSystem(t *testing.T) {
+	var (
+		backup       = etcOsRelease
+		ubuntuTrusty = []byte(`NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 14.04 LTS"
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`)
+		gentoo = []byte(`NAME=Gentoo
+ID=gentoo
+PRETTY_NAME="Gentoo/Linux"
+ANSI_COLOR="1;32"
+HOME_URL="http://www.gentoo.org/"
+SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
+BUG_REPORT_URL="https://bugs.gentoo.org/"
+`)
+		noPrettyName = []byte(`NAME="Ubuntu"
+VERSION="14.04, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"`)
+	)
+
+	dir := os.TempDir()
+	defer func() {
+		etcOsRelease = backup
+		os.RemoveAll(dir)
+	}()
+
+	etcOsRelease = filepath.Join(dir, "etcOsRelease")
+	for expect, osRelease := range map[string][]byte{
+		"Ubuntu 14.04 LTS": ubuntuTrusty,
+		"Gentoo/Linux":     gentoo,
+		"":                 noPrettyName,
+	} {
+		if err := ioutil.WriteFile(etcOsRelease, osRelease, 0600); err != nil {
+			t.Fatalf("failed to write to %s: %v", etcOsRelease, err)
+		}
+		s, err := GetOperatingSystem()
+		if s != expect {
+			if expect == "" {
+				t.Fatalf("Expected error 'PRETTY_NAME not found', but got %v", err)
+			} else {
+				t.Fatalf("Expected '%s', but got '%s'. Err=%v", expect, s, err)
+			}
+		}
+	}
+}
+
+func TestIsContainerized(t *testing.T) {
+	var (
+		backup                      = proc1Cgroup
+		nonContainerizedProc1Cgroup = []byte(`14:name=systemd:/
+13:hugetlb:/
+12:net_prio:/
+11:perf_event:/
+10:bfqio:/
+9:blkio:/
+8:net_cls:/
+7:freezer:/
+6:devices:/
+5:memory:/
+4:cpuacct:/
+3:cpu:/
+2:cpuset:/
+`)
+		containerizedProc1Cgroup = []byte(`9:perf_event:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+8:blkio:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+7:net_cls:/
+6:freezer:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+5:devices:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+4:memory:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+3:cpuacct:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+2:cpu:/docker/3cef1b53c50b0fa357d994f8a1a8cd783c76bbf4f5dd08b226e38a8bd331338d
+1:cpuset:/`)
+	)
+
+	dir := os.TempDir()
+	defer func() {
+		proc1Cgroup = backup
+		os.RemoveAll(dir)
+	}()
+
+	proc1Cgroup = filepath.Join(dir, "proc1Cgroup")
+
+	if err := ioutil.WriteFile(proc1Cgroup, nonContainerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err := IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if inContainer {
+		t.Fatal("Wrongly assuming containerized")
+	}
+
+	if err := ioutil.WriteFile(proc1Cgroup, containerizedProc1Cgroup, 0600); err != nil {
+		t.Fatalf("failed to write to %s: %v", proc1Cgroup, err)
+	}
+	inContainer, err = IsContainerized()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !inContainer {
+		t.Fatal("Wrongly assuming non-containerized")
+	}
+}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 9db3d3d1ed..6eddd16fa6 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -57,6 +57,7 @@ import (
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/filters"
 	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/parsers/operatingsystem"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/tailfile"
 	"github.com/docker/docker/registry"
@@ -795,6 +796,17 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 		kernelVersion = kv.String()
 	}
 
+	operatingSystem := "<unknown>"
+	if s, err := operatingsystem.GetOperatingSystem(); err == nil {
+		operatingSystem = s
+	}
+	if inContainer, err := operatingsystem.IsContainerized(); err != nil {
+		utils.Errorf("Could not determine if daemon is containerized: %v", err)
+		operatingSystem += " (error determining if containerized)"
+	} else if inContainer {
+		operatingSystem += " (containerized)"
+	}
+
 	// if we still have the original dockerinit binary from before we copied it locally, let's return the path to that, since that's more intuitive (the copied path is trivial to derive by hand given VERSION)
 	initPath := utils.DockerInitPath("")
 	if initPath == "" {
@@ -816,6 +828,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	v.Set("ExecutionDriver", srv.daemon.ExecutionDriver().Name())
 	v.SetInt("NEventsListener", srv.eventPublisher.SubscribersCount())
 	v.Set("KernelVersion", kernelVersion)
+	v.Set("OperatingSystem", operatingSystem)
 	v.Set("IndexServerAddress", registry.IndexServerAddress())
 	v.Set("InitSha1", dockerversion.INITSHA1)
 	v.Set("InitPath", initPath)

From 41bdc73a7fdcdcfae884db6545a6d79b66558abe Mon Sep 17 00:00:00 2001
From: "O.S. Tezer" <ostezer@gmail.com>
Date: Wed, 30 Jul 2014 17:58:24 +0300
Subject: [PATCH 292/516] Docs: articles/https minor amendments and update

This commit proposes some minor amendments and updates
for the articles/https.md document to fix certain errors, inc.:

 - Marking commands / flags as code (e.g. `tlsverify`) [done before rebase]
 - Capitalising the word Docker
 - Normalizing headers to match the rest of the docs;
 - Expanding the page description to match the page title and the content;
 - Capitalizing HTTPS etc.;
 - Some spelling error fixes;
 - Line-length adjustments to make it easier to read the raw file.

It does not propose any fundemental changes to the structure of the document.
Certain changes were based before another update on this doc.

Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Upstream-commit: 711fb3e19d4caf7f084d8d1eaca85cfbaef6e978
Component: engine
---
 .../engine/docs/sources/articles/https.md     | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index eca15b543d..9817bfd3ee 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -1,6 +1,6 @@
-page_title: Docker HTTPS Setup
-page_description: How to set Docker up with https
-page_keywords: docker, example, https, daemon
+page_title: Running Docker with HTTPS
+page_description: How to setup and run Docker with HTTPS
+page_keywords: docker, docs, article, example, https, daemon, tls, ca, certificate
 
 # Running Docker with https
 
@@ -11,9 +11,9 @@ If you need Docker to be reachable via the network in a safe manner, you can
 enable TLS by specifying the `tlsverify` flag and pointing Docker's
 `tlscacert` flag to a trusted CA certificate.
 
-In daemon mode, it will only allow connections from clients
-authenticated by a certificate signed by that CA. In client mode, it
-will only connect to servers with a certificate signed by that CA.
+In the daemon mode, it will only allow connections from clients
+authenticated by a certificate signed by that CA. In the client mode,
+it will only connect to servers with a certificate signed by that CA.
 
 > **Warning**: 
 > Using TLS and managing a CA is an advanced topic. Please familiarize yourself
@@ -82,24 +82,24 @@ need to provide your client keys, certificates and trusted CA:
 > Docker over TLS should run on TCP port 2376.
 
 > **Warning**: 
-> As shown in the example above, you don't have to run the `docker` client 
-> with `sudo` or the `docker` group when you use certificate
-> authentication. That means anyone with the keys can give any
-> instructions to your Docker daemon, giving them root access to the
-> machine hosting the daemon. Guard these keys as you would a root
-> password!
+> As shown in the example above, you don't have to run the `docker` client
+> with `sudo` or the `docker` group when you use certificate authentication.
+> That means anyone with the keys can give any instructions to your Docker
+> daemon, giving them root access to the machine hosting the daemon. Guard
+> these keys as you would a root password!
 
-## Secure By Default
+## Secure by default
 
-If you want to secure your Docker client connections by default, you can move the files
-to the `.docker` directory in your home directory. Set the `DOCKER_HOST` variable as well.
+If you want to secure your Docker client connections by default, you can move 
+the files to the `.docker` directory in your home directory - and set the
+`DOCKER_HOST` variable as well.
 
     $ cp ca.pem ~/.docker/ca.pem
     $ cp client-cert.pem ~/.docker/cert.pem
     $ cp client-key.pem ~/.docker/key.pem
     $ export DOCKER_HOST=tcp://:2376
 
-Then you can just run docker with the `--tlsverify` option.
+Then you can just run Docker with the `--tlsverify` option.
 
     $ docker --tlsverify ps
 
@@ -122,10 +122,10 @@ Docker in various other modes by mixing the flags.
  - `tlsverify`, `tlscacert`, `tlscert`, `tlskey`: Authenticate with client
    certificate and authenticate server based on given CA
 
-The client will send its client certificate if found, so you just need
-to drop your keys into `~/.docker/<ca, cert or key>.pem`. Alternatively, if you
-want to store your keys in another location, you can specify that location
-using the environment variable `DOCKER_CONFIG`.
+If found, the client will send its client certificate, so you just need
+to drop your keys into `~/.docker/<ca, cert or key>.pem`. Alternatively,
+if you want to store your keys in another location, you can specify that
+location using the environment variable `DOCKER_CONFIG`.
 
     $ export DOCKER_CONFIG=${HOME}/.dockers/zone1/
     $ docker --tlsverify ps

From a0d04e4cbb1fc9aefd3aaa094c97c40cf590b736 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Wed, 30 Jul 2014 11:15:18 -0400
Subject: [PATCH 293/516] Replace old index image with hub

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: ba57d3d9e63445f43e4d53da44e8dec27baa288d
Component: engine
---
 .../engine/docs/sources/userguide/search.png  | Bin 101216 -> 72860 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/components/engine/docs/sources/userguide/search.png b/components/engine/docs/sources/userguide/search.png
index 27370741a7f7f6b05371fb74d6a27e308a16cefd..ded0d0d2d377db661bfff29b5f1b3d92413c0376 100644
GIT binary patch
literal 72860
zcmZsB1CS<BvToZpr!}o<+qP|c+O}=mwr%5Y_q1)>)|=gX_wK&;Zbei?oy3=@tP@#T
z6)rC;1`mS+0|W#FFCi|h2m}O52m}Od3kC6)(y&|m0t5uJZZ0GwFCipEDDPlvYHno$
z1SAe$o#LvjB!Ss??RiR+4~`Uv;(=PEcFN)xpxiGi4gyUYgeH73UJzg@AOg04u7j*#
zN8?uojy&7~_0&Tc8PPzCVO8cuN4Uzf{rc2vJDr}s-RXEd-F<(R<p}&6ag|sBqXH(5
zCMm*55HzhZAtAj8zz^~(t{?csDn|H#03RRvdu?kQLb%6mP}SyKZ}ICn04J4v7l?3n
z#o?FQz}UzO*3vpVaXlJPYV4Q{hPa4B&49X46i3*t0Y_=9V`r8U;Pom^R$H2|gb9kj
zq<(eJ38*+WEh`-$0l4_n#L$B204^9cNdL5Zv#K4ntj|r##U(bKhNz$ZhRAjLt<TD(
zVvsl`t9Ii?y&`+DL+CG@G_1@1bo-6h&}h8k9nC^wRdhRSz_4N!v#FtCDjO6KT+UQL
zb^t<M0DUwuut%Oo0zGu);6;~;kH*m7FzNOUZ5qk&Rznikut%nzg<4ogH<>{+6U#vG
z!krS}p0Kk5?Vdpx#L^G`(KZA<jrwykO<%&aY9JKECr^+zWthTC7B!T@a56=ot2cMT
z;M+STiGcjO*67R5U7#Oz5_N>?16cwT%|%$l=#{5rW&%cKl+?XGqFd2EOE9M&A@%q?
ztw$WEx(zi9ly{ULN_)p2OOXh&fgeU13Itf3KghctSPGhwj$lH_uMcllu%0lR&g9LA
zE)-x4&EcYy7W0HK4Rq&9u?*~1$@0{LR6XH4;h+V~9Z~N~>kA^?jsdg|wlkyzH1ghS
zLS|cswhCoe5lMo29DTlfhzjhv{VNZcQy+*-AG&1+s%8h=2MKN$DOe-{?A|YMI5AqJ
z0SIFdh9UrE1xhO)#HIho3S#IE6m!1>J1pi7j8i|28xYSQL^=bgtwE>&!k<Ag^ho$a
zNDM+&NMb|yw*mq2;y)oI1Qp|)gu_PThDU!Dfl-S5irW;Yxr228;fT~0?1=Xir(^W%
z65uUlPYSWfdn@DMM0XbZoP}aW$c`*2Z2t|c8CD}UF>CQaxE7WpQk&QM=f?vnXB21_
ziY%;IP~&j>K8U?So3S>IY?M|6)kyMgh5ch2hBo9CL=7Zc*n1H99=03V7RGfj;vit3
z<3;;J@q^O~+=s6Rc{`@p|9Tj4w-@;Yj3)rTKe3N^lDG&J11SQ^B*;5xKj=P4E68WS
zlQ_Oiq=~Qtc`!_32yTyfk8=;f5VSsdMdpG8AyND%eggbhCYp$0Vo?$CoXecR9QK^E
zBHt;AM!1!@%g@lb#4*7;NeAp#pjYNs&R1;rpaMyTLN~<%3hi;hafoqUN!UZ2;#@{S
zl|oJV?sEGDxHA|Fj^-SXoVU0)RSAhP^)Vsyk_3M9cE$ENgW^cZZpqx=XUvwGgw_Z$
zqFQp5`OR}zvs-hgPL3S}Jn6K>wWZ5*GqVKqe7~5IE|WCIwGU0klgFdSmy`9%<&`Iu
zKU9v&(aMs_@l@JN7|SFTSk&N^O)6<ss+D>2J;a>Vqw|mQFp5*ETVyZ&)<~O=&we^P
zKI%Kyc;vtRcyv7ThQk{SLLS|rS7mr&oMw7s3B$p_p^k=&Mu`@}$;J`NILnyMfX;Z$
zNX{r__H44#Jkq4Drmlw96l=1v^v)^b8}mi6om-Q5OstW6%j3~lm&+{GsoKo*mU?eQ
zP$E|+S29bKO`Imt>8feIlHLUG;BuZhN041gyI@IYYInPfAA5e3=dtX@>K5_ve5g5t
zKgT@@J&Sy3J<pvdVE)5+!!%02VraLf-xp_aVnji|Vdyq;1Fn>KIx}gQ!nB?)B<dk*
zAj(*{DVi-xGJ-L3J3<wW8%2;VFS8*tC*6|Pln$4UlOfBdW2I^4u^nZ2WHZ9HZn|Xf
z)W0#nJ?qu%p7`nrYYm$s;xCdtEF{%YTx(Ke(tIdGRgm1NQnH9pNo%>VHk@IrW9~f#
z(QMz0ymC=@nj@ID#~{L9>@kk7l~LVmonxJCU7MYvQ?x1BN!F>RBvVQzx5?aWbjIe1
z`A+@b{e+0OfIon*%Gt!;W#8m-z^=-<<y62G%ueHI;o@;=wLj^&b?UVoyvw+0(kzuZ
zp{B;BR&UvT?w47v6`_^9j_(Tp{QKGY3X=!w2k?&xZdnhnJEzAaj~}-m6BA2R^XGoc
z_vRS$Zu3vF=l85nrk>YNSGNXlMK2!*^ZS+u6HnDo-g{<yfXDUY=gIAHzQOOj?@FL|
zAp5>sKSci=e<={HKs$kafnkB{{<Hque)RrWp(vp_p)<h{K^;NN;Fb{N0pbDH;7x<m
zM)oSrCHXe3mxP-qC{1B2VUeLk@pEx|;|V7xkC%t3d4g&BOroq=G;oEgvMGhw0-6HH
zLf>qOENq@ehogC{(6nI&{Q9Vs*Lq09Z2<U?b(klTEjC@Gt(3e(TB3aB4G{xHJ#)R;
z(t?JRsgA^)49ZUy^27wxglAI38HAi}XP0lhR1OhGo0;acOupwi?oD@%d)X<q^qCxA
z=HR%5GzY>%Sgr`2sUNZ?#j3>!_8=VV>~!ru8#EihIc&8_&(u>~)y$Xf9j<Rj55PTi
zy-|D=P-x0fx@JKp7vnE+*vT4+92v=Ji*Yj3vSYkN%9y4w>yB^^ca9w*tOdjhay4dG
zOB+P?L2kKV@sr8SQY>`=#}$)`Pk~izGvu|5*ZToM;9~cScfqe}n3{Cjoi`c+;{7v`
zH<9d-YZ$mRy7g_Y;ok|HQt`#*QtK({)KuC_z1&W(U+4?y=~O;i=DiJ0hn*_nm6|Y*
zu&J0&pGa>)I`IziZ70(fwTqogJIhc@PBqS&o!*zNhBmi{DDMdk33TV|=d|A^H%70q
zh3E52t~Pd?b&e$Vg?9UwGCi43sTIi>Nl(@}J?-|ej#9TNu3E>o-O5MWEta^>nO0hI
z?#Ax-F7ubTt-j?uY8w@BWmaW#m6}?Q29U0R$7~<2bJx@BU#pL=<o$B4uAx^pRjjqN
z>p~let;eTZLEZR#o!{D>a;|z~J+&+Y89AQ}@9UPE7M6%7_$%_EOJipc2-6%Z&J-u|
zj@{OuR}j@934?a(E-%A$l)W3gDE38{W$&|ZMy7y@7^WCZHsWYl+|Y~{8J;PLsZH_$
zxu#~fX1wpktL2PDQF1Cd^PDxi43CbRhm-UGrorlhrT)fKv-h>5Rvvb?^Np#e^vmpH
zl4-pzB!^w?P+vfL<QAr!?p>GDUc>ug2~~|6PHl%a&sXMzEr3gh3%9mi$MWj##Nsq(
z$@{J2`mvEMz(%`mti%0qDN1Xzb>DWoo9S3~M(1kt__^V#yC>Jx_n`kSG$?d9R+%7~
zXUS9hvvctpo~MSV)FaTNmN(q{E-!Ze`3`Z6K<^DUcP=-DhsjIzedG3Z%s<Y*2D4G`
zp%<+i51aZ;>2jt*Eu}W*^YD3jF<(RIvv#;vY`e;{^1kIL`@XYf_hc7v-MAg=Me$X3
zZ~smHEQg<q%EyPRaTEMd{872MoMMZ-{UgRSHYQ@l@JXG<Z%~w(27X5d9*76J62Ake
zY<%DOE)9ZFcikw;>)PSg_tuSuMz7BTs_YgtOb-ER6{ZgL+!SlRPD7V*_!ao<py(t`
zc<ZORY>biLpCNVgJA0>xYF?mn@SRFGCnsaT$;ooJI*%`69*b)iZ>lA#3a}(ilS;C6
zt;Ahw?BzG$hG2XHYH6S$i{o#%3vDN^;Rpl-i~5ff7$_qP>u)2RZLX~Dq%I@PX=H0n
zYhY|^XhQ2|ZTD9i2#DK_^Y5j#iIV}Lo3)jVBc~e=@joRv|6c!tOh-)kPZ1|e9%6MF
zc|svu2NOaTT4q{$VqO?RLPBl_V^dB=VbT9q|GVNL{_W&s$4N)$>gr1C%0z4HU`EHl
z!NEaC&q&9}Nb^^M#?jrz$-s@q#*yT|K>mdzY~pC-U~cDRZfisM4_pI7TW2R8V&Z=o
z`k&*!{4{Yh|F<O@$NvuNZ-8|F;LtJ9($oD9_Fq-*e^5E)&D~6_)P>EhO>7+h+Ti8j
zVCDX&{Qt-Kx5fX^)cCh13qA9HYW@f3zcsn({t>``1oU6o`X}{ox_Du@>Ha76yf8zY
z;5a}){6G@I0?KZ{7dnvoDkAedr`@g~MEOCqG7*G2oM8oM;KC6r_4#?kFcc9H5jyh7
zBD`S2Nxve(!X6Ojw0=_tJ#2k3d2Y+-3i2=f?9JFb=ysi0YP2>rb6G0!Ls&BhV+O$i
zj`kDfC&@$p1NHkKOMe*tz7~+VKNA03{Xb0LU_VoSC!zlq{ZHmEIN&KiWvm5GqW>H2
zpE68@9q|7P9D2xKv|n%**>V5rz<;A+BW*(bZ{7*<GZCUgG|P(r+vR`xQMZhg6vIEZ
zuW(R@hWolQ+UoNE1_vD7rzg-SN+A5Aray1+zrgnf_@($I1!!7maw6b!LLD3qj4Y)j
zAmSbz91*rzU{$EW(~t)F6#Xk%|FZlCN*fj=1GrvLVxdNO`0OJX7VF^%?;vz32=Z>n
z_&V%T;h4VE)e#QY4)@~XLcWjBK)PxEzw-TWh~Ho}_<xg_6p##mXMn1U=-!N@0F@B^
z5#U8whEYs}?Wa9hlO+EZ|NkfJMhr@s6Qbzg=xz?U!C%P~2XB9RfP)Wl+I^Kj2H#4^
z+Zfa1RG{W&A*n)px7nxaKi%K4CCW38p4&yWMt}X5f(R-@FWk%(=8qp;7A05XggDT|
z$&YPi+qno}b|qjxI3{M}6JsEZaBm-Z`d#rm{q(edSB};2Qs>`y!{1V{uZX2)%#rl2
zNcm6#F_U?<8C?g82jVRec6u4Z)#S#c{~9quvm7h#<HO5ps|R#;cGk|piN2{EDsC@s
zbp@tO_i$$?Z0JS3?I)nHj}EMbL!+*~bX?_vbVV7ys|3QF5qEWUH7q<@L|h!|!el$l
zBzBBoA>60>|B9;uDvephMHXSHMk}@u5Hm2lr8|qG2CojS3nP>wmNBzAh}!MpB;=R7
zotxKBP4!aXP>YdWYk$~|vg2_`3}ZSprrJWGe$&}t_E@4wPe^u51=sJ&XWjRJx-o&g
zhiI(SARwhC9u65WNcm_7+I9^3upBp|R34CQYKG_vIpD;Qu>$b{oHeX>z14~+G}0Rq
zo70V%&FS)CN!+)mkm6y6AXwZ(T^gEDa{4eH86Nbt_^*QCe<jH~!9iJVZ+BP!m}+Hr
zeuJ|)T}So*`pN(%`Y`Ngj>eGjRexsMdbeZ!(ethQ^7{4xj7sbTA8y9@1HAVe=;8&0
z6&nEv8~gGL2pCrjjolRF(Q}~W6{xR27?|2km*~Vd2bl6_61t-*5IGwnVIR0NPj_5K
zb}*iUC2!A`9qE0%OfpqxlJJV#JMkDT0d@d>Zf69HYO)>L3JPuF%@LO)P~FIqF$4<T
z@csn)x&1|dDZS|@hSxOH@w(H=17!3zXNhGm2E@+UqSvLpPNm$GlQxy&TJHap?l^{j
zfS2Z8Q*-~A5_$di4iPug6+>I6J+extAlL`xBNmSrmg&qV9xkiR&%mY98=X_kk#X<-
zYfF8mUUF>2H^nBS)1JrqJ*YTHU>`j{khvvRwk;WRsPxuK`O<H9h@lMmmO|!1Ri`(U
zy`A5wu;c;8QmCDIqjO|D=q+8XQawQ+X09tHW&_F3;O-oD2awpWb<L0aVo0W$Np3ZJ
zD5HK|_?CgD@iO)Eba1uQ8R4#j6(rOJq6}n1#&KU1JqZ$rjyJ3IW^}Sy+`(7bTm$Rt
zmFiujpQ(?ZPdc5*_^!xoEjG}$a&m##ouc(x8pk4l(tlN_|9BX`rUi~Bt94Zxq5{)*
zW7Ci?HdB6Wkg4VTp2x*%=k=LL@~}z%dC=B6_e5Ui=J^d<@NSLlwGPkT_?_wvs>d7J
zEiNeYDWsdj`hbcm;QJmf45e6OEjh4|hZJAduamB!>my!}j3kpf6O~5iu+yD56eSLX
zT<z-BPFR;)r7mkje}50+8KlB|)wq9iQ6v1(xHinMg7Xa>EB+wKn2;Hd(th>#?p3Ub
zbLajvO(r_1ArHU0o}LsF3n?|FdAZyBJRSY@CboL7J?dJkxy}`6Y`Tjg%>0)zZI9bE
z%}0j`?pjONS4DJ{aeK|&4=Inu=l|G=wV{FMMqE;Y6>jg$%p<5o-u2vUXm2>VxGKTd
zENK!IJ5h29{hYLU7q3}B9pL{!D@a4*EuUD=oqXanEq%?yjlM<q?v_q*?HnE!vy#|b
zVzgYZ!D80ZAC!<PHUC1i+2}fSIR&{BwCrc40(Bqy!@z{`15-Aiunxznjr?aO3QFsP
zTa~6K9Qm~9JYu^ABW?Lucw4oZ8grFiZJop9bZ%y9=})Sb7I1MXB1oN9+Lkzlu#E=f
zmY8XAIT`=dRz$%7p`FWPJqiuVs4z^yGOB{@v-~Q%QGqZoU^PreC7Cs1xw&7vKeNW@
zN2$W4vTmf*xcC(o#-o@|r5Mz}xgm>R@*~^Z+iz~|AaS<K?hJ;k4i=^7hjt^bu}ULS
z&66H1Ll}Ig8q%IeP9Ki4|6^Y`6yZM-zpRP!`y;b_g?6kU%uIPCl=F#C{zzh<c1v+K
zefD)d^eG2p`5Wr?!-ndkCad?G8Pp*wv!Mj<C#2Ro;^@H<mdjklkNmdjMRe?(o;o5>
zLo=h$iz+8=>4HTnSGtu$<H3-GcpzKf7k9`q9^w|Xu~)@kcM^ETj%JiOs1SYexkll?
z*O@!8Kn+oLa;|><*?%f~N*QKVOO>8nGxnr@H-<MP!6A%>pQU@HubGh=slz?XGsCP<
zP)HtgGUX->cO3Ro=caV7J8&`uD4u%RAPA#Ob5^Zhkd|S$l4cAL+_yWkQ~D`tH3p&1
zv@CF`oE|99OeM5zNclvBvJ}u_*V6w$DRu5rgCS=a?VQ`ftxuh4{gqo}8Lqpjbw?aK
z>3QgHG?qJ+8y-&TQAuC`<ZhYVvN%Ddi*W=P2josAs>n|i$EWt<%H4KJ=;-Dsx^pX>
zru5B@O06E|yRAkke&}?KgGTn^n3*3k?Y~tXQtQ$+9M~WFn3kyU_NMfxGTxzBmmHi|
zZl*fFcW7#wJWf~b_iE-QAcpV94q_6>MYIMc6jSQ5sl{}*@iC=Py|a0L0DLCAq?>o%
z*xm*Rh`b)(z6<~OUU{bv-XA9%drfx(3UYq#0c#-8BEe)Eg0L*#<CmF`%wg;U`+i3x
zjtYP9b0#>^z$CmFbO{!%xZMuA7Rajd<Fv#zyi%QN3#D0teeezYrGb|BkqE~WMp7+S
zXU(pJoGH7wFN_fHo}UI<DYPea?5X)Tk~DY)E^NhWSLktsX{JPSHDqP&jta0WZvi84
zC(&o0X&{>`<{KMdXzxryG;RY>pP1LFrlqxfOm6NU9|7`OHo`M9V&0H8c5;$^>8joF
zWS+8kS)@P?-k^17qq^*LpGccr@)`Q*u|q^9k3M`(VBz86;xpo<;rftm3GNj-jbz*#
zn>&K_#0?H`0V=^M4!A77SAuY|x#0!qVax|d2aH*;+?3E2m>Rg#va+c%Sf)KpjSV;N
zyCh+;y<oF6=*=v0jH0`Xm4%wgNF?a}vUn4HzK21t;?j~M(>$I?$h!E*1_o#C*tRhH
zoK6o|dwY9vY0{^$rCeU#UJ9iyGB4xpRHRwhvOmNCBfCxu*v6(N1JQ@IxY!cjYRkQg
zDpEgPSF6JdUkBcFBdol?)!rQHZ%m2Lo@<c-YB9Cy2flYlwTHzN$id3?RS~)=?<(eL
zNlzEGrowAJ8Y9nY_X;_?<Aq+s`_zWKMR>#8$!2597Sgp=^JOa^sWMv=#52nnVz;*k
zX9f}P-3}797c*GiHF%1>?KmK6BaasOUz44c%ip=-<#->G`;@3+W06ST?%_p?Soy&O
zK(C<eu&+~)*bVH{QfdaW2afHcQbhX&+;dX-iNMmlDE>hvUg@b(PGy9kp09>pM@&R&
z5@L7yTs~Ehe9&6ASAT0H$?DHj5+@-E{Hw-QQ_TeYp)oriUba4oV$7uSlGKk%KWPaY
zgo{ILmAZ>DKPX2-A<9r0;6pTHRjX0I6;5`d+zPSRuGEfcR7!DEh<zq3Bqr<oWjcB&
zlC?!Zm&v_>?>a?RDb%0&VN`!sWgbH?%=X@&L}yqy*V^H!BYct}!)h!<<{&75F($J*
zr`KOyoyHupA8nHrCPBOLW>=!eE^LYceE>t^m2v3#y9wJ&`tMAWw0q=1lOMERTKgrL
z_Hwy4ZTBr&NUAJNSf~YaKjVAtP8qv8eq+;qc689=$>W2HK93j~iS9ty93_<0;E@uR
z{APMG<Tmx?MMTYYLrW}~>3az!$cw;wo~)x5i^=W7gzX)P)T=Gh=*-1Vnj=E`K9jk5
z(P`al;pLfa&|q2vp`VtFZzI)4m}m%TnM$qIh(t{N0>azwXA{`)`UcI=Sq^(mg?BYs
zu`kjeVkTh$KBm<UFtft~;aSmGbtx#MBivlV-_2J}HNq#;jp`pBl5Tr%Bc`E*1@`y9
zaWccLw*pD}kP<=`9XFmkNav>gsePDTT=k(q%SQ5peEMfU9|c&CE^W#U*&f`CWNKP+
z;{h8N6Ex=ZtQ$zW2=0ivkfpV5kI#)mazDVy$~EHrsCztAh1=_=I>w>WPYrPKh*$w_
zMc#_w(7y1~iVjnCA&22ESWvoItzq&*6<Hq<Vo?HyQpEk6)88wdp?N;t88<GJTc*)K
zChysqi4kRqvvyC2f_1f_I2n#BdNa9PkX*4q%Fs7^OhWMT#oFq$Bm|<}*e3C;Bg?5A
z?kTCs0f~T^y~$x|H;5p@22p1>c3kT@P6TLeEW~<+Yib4z-c-*XROoyMRrg;%)WTi#
zUuf^IL0S&kTi($!UX3S+H78Ra*kV!<Y<QvWo<q8$qf8;#695U;0+I!5-K4IHbY|*w
zPd)-rxA*#8ipGbqtnR1mu4EYQHd|2e52}t%>6jJt172&y;R1p%@UdkKN$zpJXFDD*
zU`lV7eNVJ9X(o*e;m+SI1@RtDNpd)#n56|X!-VTgs0J!tNtovzOaqt(CP|tFsUlQ`
zwQ0__m#y>@hYs<PZH}06Y1W}}b-(Od6YT|6j1;=nNAS)Y#Cayz^Uh*=6@NKTQGo|9
zx)EE8>Q72Wizqu`2v&ylE%L&X%aZp+e$LB{aD=eMF~FurHj>K)Y{E2K2={GDG$#q_
zL0mDa>IphYqhO|T$TG<={Mr|q5c?sEAabj5CO1s&-h8kuJ~oF*3i|6>^h+bHz~}ep
z2Gm3DC#$`TT+b*6J+|&*1<@ZBC{;^W@X4gq0@r}X(@9IFugM3ntmueP&)+K3^+l+Y
zqJR|r7lyMjxbN$a<bMCTFlt7E8f5;^(%=5g5CAz^V?Yfkt54r?)3~z{BCUlUm{0a3
zbTC{H&nFHOhA+6#T-IxSR}ookLP1^NfFe0Kv=;!;xQ0B`ND2J6GhJUjHsm(wG@e4g
zJ?Q?^e&fDWS$kt><$ccu-N1=>FELXB!Qi`<ZYmMa@XFU{G9T%U7zf4Rvj%rBNh|?z
zx$3L6qXrRkXXfc?ta5WN3BgyBOY-$$sJ89Zw3*4e(g5%kq(tGH3hiP;gS%eeaZc4U
z_czi(d|=ZqgtH6e!Mz5`VuSFR0%1bz0UZ0<fj#fEpehD7mPC5sj)vrqr`f%M6x8}M
zTvb^6ji&6l^l7ITWMcYgct%Q`LX@Z7+u2WrS|4vv@F(umvd|d(LD<^v;9Apa;YM8<
zdiymeu=xD3BAnG6&|agX4cnXjC!VsssgX-DSY>IYtcxjianGGW-8A4Lv%Ra??mu-~
zMs@{5B%GWO+utqda(tZlo|G!?udCz=-4-e#EOTgN276RYbtn5KCx3crI;PXY`}}}R
zIp84?evANMRr9spStEesn-+`*HAH?Qk0sf3-F}IseXR;IUoPg(Ww}JWBKdkgea8TF
zy}-|VG(&S-w}M;-w@PSi_<kyBHkcp(Re191`W~cHXLbkiaP5>x)*FB(d3;riw4Z58
zzaVJGTB@e0P{R#_k~FLcX-J%v$WAI|f&|=?Kj|y)%l_u|B{$ueMUy!80pJF9>gzQ^
zzueI59i{m>OKtU?PoUf$kW|wjje)+rHJ1LVv9D7UO5{#&s~D>hW^F{BF}SLn-{pHT
zf3U?9+%`UdiIU*_9B|=&e6iU0o>X_TMKzF4Q3Y*}$keN-*6^Vdxdwc?%89m+pA(Zp
zo8zekd|DWu1U?(;w_?~8nh~L(Gms*yXDR4n-<Z_VNf?_MEtlBZ0~WUHT&6<H<cI~z
zKhpidy<rUuxlsg__v+A=?m9iEQqy?7QF_K}f=5=(%Qg+rbUlw`m7iHz!7<+GqMomH
z(wx&APAPtzZQ#k6engSKw}v8iy6?3ox)nNtYG<|mXbfo$%`6;~)|hJoWAy<`EQnw_
zSMtg**N#|==9t&(J9rd}OE`iej{*G@<%u}H>P3YQ<dLl9f?!<(+i#`)l?x01^ICdQ
zc>gh(-1wYZL+sJDcFOI(0rhsuF?OdXTH&`|D<`)^*|BNS&VoOB9d13?`N(DjP|aHU
zAw^880>*tdoTp$=2^rp?P<BSaZf39HTwluy%ePF`bi~jgiN_$<E+HA;4bX>8u3xFx
zX2e~6wOPxvwAJgO<p!4x5ixN#Qep}sTagif!K{n-*@%0#n{2%kd<?}|ae=xhI<0x=
zt|WUf0I_7x72xmo{HhyQOxaiyc{U{7TlN)cN2TyQN0#OnZlHi?Vn5tgjOa-8d$^$W
z_5*{9I_H&G6KqbgsCYx<^%rkWdU>X)zT8I(N^UJrgn$u&01xdGj<b#f_m~j#x{UF;
z_loxi$AaT#tU&knVB)p(NMDUJb+)8o%3O*5)W&Ms=Ob$ySVV}RXBVfxQAlk)A<3(v
zcks5EtkuY${`p;<3CL7hQsO`>OSj*kQEmr58yh7*&i!~#zZ-Z-O<J9d3u7h~(UY6q
z(h816c)u;xOfyFT;e)t;$`1Emtkyl?I(emOmar~|_r%tURR){*&6~<muB#Ln&!RQq
z6}aq-x@+7_Hw8Af>uK>OMadrxpD0BwHX*9_U)8i>?}-u+W3~Lb#1n&qnbygEdz%-P
zf!BS4V2A8_c@5NcB|GP6KT6Qz%~y&`6w$%BANR|#evUiluLZltAwGKz4g+qK_&t_W
z>{(5{7KN~LCIOT_FIZDoM+ztc2TG$SR_b!+%9Coqxl(uuA>`!ZTB53b!MhH+Zw4U2
zS9()^qr#N3IOSysG`cMyy;hr3$ws!pm*tI^@=QFKF{`Oa!U$R)okgX6DU%RcvI*y=
zpyan#X>Rf4$&PlByka8*5H3*@>6tV4`*dZ=eCZsQ;$iCw&ZEQo1&X!%im+!TWV?aj
zsYo~bWX+segD(Y+7j|hIhc<dBV=`PMLsPJrhO~M2OSQACeaN&qTTo99{Ey;#%r;+8
zA0ME~*pm``3>?@5-mI~c0Kq7CFECLA?5L7xoB@UKDZfU{g2l6Mu6s<PWU4Kf$xLtv
ztF0E$!5?WsVIc--^n1V$m$Udp0>(`z4x?F4`|onZ7(4gRJp#%6zFjv9s1g3+h8fqB
zIYLK9;N%Bf45lmc%r@%1e;PuH+@IqF%G5ejBBVOvtQu@FkRu|Yp<kTmO{IOmyqV8d
zQLd#k{8+13piib5Hozo>mM-7$<>b7PT(`Ce;Lk-XTpKcccsViHT(|wiw%?FudLMhn
zE$>H`%b%&1KEgapy8Kg`D-90v*8jA=%RuEP^?UF)^r-rOU16#@7PCQkzUEou{+&H|
z-j3rh6J05y>8}5(gyY+@+aM|1LyPUE(i2kLv0BJW(c7@8LAj@&kV>Uk?GQGHD#qmf
zA&ZCB&=!Cfnj~E@X1{ZL11*>r%Ty49H!!ERC2&dBT42ILp!`UhXo;PAv00gKwvA!@
zWo*2gmY5I*i-{UHA=%=3Ck#bOFSsIJER}^K4dwsX`{jobD?RAVwh(GGCsC!zLO|l#
z6mVH9M&D&k)8ef087pFH!+Vj<6V}WJ=^ZW(@!^%z=$`Z8M0?Q|aDv&FEN{kj5N{r{
z<q@(U9~IQjKEtDeZ71?rM_A)!wl9cQEEqKtUb)*Zpbc;4ZnVEgiSKk6QA}ePW7BuO
zA8OFQ1-M=Bi4R--q_M$ggvqu&jq+R%s$`TxY(djuRC0+)%i;v^=qaz0_!eiuJL@SG
zwowcTXd_roNk<L0yCJk0_h@r}AffP=_+uw@h?hK&^HN5exCZ!&Q*e(~VWmxYN**iH
z>0d<-GT5|0=Dh1OcCbJX>_%5Icx-s9ryT^hsX+{G`&WLN(GrImMMcx>LqmmxR^s1L
znnZ_(3wR(DSGG(;!NKnul#1%0I4vo`F@{whP*U_IzAuFNi2kA-(iLvG=xlHmvTG)6
z6BjMM&x|gO`eRfzzS?jRZHpZ>(;5F~{S`IG`%!3vV^;^R(-8@C&0>(34IGoUXkc~`
zA3O<+R3T$$5}bf9hK3kSvK=dOXj0ovs(tlGl2Lco0UmBnc0^km`^CqTyR?HZ7Mt^_
z-v~H1yS+Zu9~sltJ4eyXePEj`*aBJWzPeJ(LJ{<s?~QXY%X6y<moOg8U^v-PgMOc+
z$s(dND{4IM&z*CdSSfqxEKqjmBNImhDnwl$f2f;1ett<JA_f>UoyNs1TGCNzDSm0~
z1V)=Z!HGzso~x=FkRoyb32ie_PmZj3R}vT-pCos7gZ+~gTtgb98f_f-`y5PR#@Hkd
zC8G37O8Ym%8Q9+ez;@FRn6`1_v)!1Oqyx@fn80F%fZYLiA`U_1N|7?l6?>y~NQ3o}
zN$E~si5|WCh@|jS2lyh#a~tR3F0qPVB2$A(h)$P~x=lR7J&^v8#!)4n6`xlW&Jg3#
zT)m=lx46Q7%${#9FL3YGJwsPF?po7%D3|D?GMu<Q_euI(yEUY5|0U?wNF9VqJf<ty
z{qannU(5ULWzK8cYlr?*E7~;6?FARORpnOEpjXtJ!Y3If!|^l;4Oi|OTn*F#-u_Te
z8o)b$)+#qWYCEM#fUua=W)68GzqkDEo1|ybMKtL!&NOR}{U@gohFLk`6W+AttoYdI
zuKJKYP27HJq6QO37|+aWTxeOlXB$zj_jt&Da+Hzj1&S81{b2?d<126Ez4XPfaK$7S
z@-uT0W0f2bsZmaYxXRIBW-<NY=iuC0SOoXHIa9!-7})x+@Gl<Nmpte{T`YfgSZPIj
zCxmJ^0G#&nlZRp@Yj26Gz?7GxF^5<}BYior%K!`z6-t`j0($Yt0f{td2Sl?TNZA@9
zP=(}Oi9)nE&N`w?BJBvp-o0Xn$w+aD3(D8uEPvIC{2Mh|WxHk~A)b0iJ(t=^IPiyq
z)JH6(PVU|eXurK>#pzyK$@rPnDc=zY02g7pI~0O2gAf8!_&aifW30)2lE=G^a41Tz
zNp@it=tlJHVi`xx&ifHE7|`^z1eh!9#3HIehssX3!xBt-WOyjCPul6NGV!uwkGd6Z
z-sZ=nJftZCNd`gs&`)<F))iMpj`|Zwu<B+pdrSJbQ61MmB<0#lgDmt*n9?ckeFkka
zZ<ne>P8izAN4A(y;LnyA^vbs@i2B=Xhv=I#KEDD;FX}if^u%GFJ-l8>aoNJl>I2`6
zhOz?}bC8+pK=0SSLR2?gcc&KDm?vM3Je@k~;XPb010JRCH%<8R0QmT~e?~hgS;{RT
zsHBzVnq3T^=y;f5YkR&KSaaB;IoVhMp)-6sqh3&fx1Vz7^&acI8=KuEKk%H{1grPr
z79ZmBfZXnOe!3bq+)FdZWOKqB@E1(y3=&u5LLag?$oobmHOTW+c4f!;%}H+v2F{*5
z?e+!GuqUqIhLa;=N!U&mb;vN|gp%#O+xmZPvleP@QU<Yv0Sek{4Nm~MLMut3d~ZLL
zLbk#ZGck-N;}}+ckQ5@(9~H|nG}sDFw!Pa_S*$@+Lb!@PG)mnJN4DZfgMS*64;!w!
zuFDsSh_U2Re;&xdd016|m3HDg_T)wpZJrGZkja_5eAJV&Oc{Xbcs>>tm4%~BZ~f^)
zK%l-1UX^+(u-)g!Q)j^xf`}Q$4ln7iemRJiz*=dC-nhK4^BrWA&UAwOdTvDWX};ad
zdZvG>iLpaFB|Pg3uL#pp^9ok=z5*<OXWqJ%L9+VZbBw@s5kQjm#Kh_^YRTn`feJo-
zfldDHPjX^9Z&3ilY^AirgEH#{Dmt!J8#WK9T%H2$UfJSKL60s5okYUpV{Sw|wK(aO
z2W5k4-(SkyUvH@+6IZCW^XG{9N`r)1uii|&S)9o87*&Uz9d15P(%eqVGB>Wq-z~;G
zPb(1Iyq<I;UUhJ>+v|{9(nU1Zw_;0Gv4La#%=_LTQWT%<)(1aHe1i6d-Su{M*VlGl
zW+E9J9zIvRWmPjP^fx?nchhIt`T@M)+rGDyqOoppW~9p3rML5yh=oczbX8i+u%97(
z0ub`ro|EbioL8OA;M%KV<6a3Z^vo?Aol70pmpjVgg}fYY=Zo&YmycaGR$0XliD}Nv
zHlB90%9h)}6I{Gv=+p=Vk~?z%1*tg#nH3r@M}y&R#-XrFjqrME><6o59=DFt!=;T|
zfQ4Ynvds_lCUe_B9;&y!x0>#F#lHF$yzJQ@ZDl{TDc15eB3n+>=Yum+R_pe$<#P~D
z)nAUhu^2Pk=)6%70KR?EpL%_m=WM%69_4OF`Q-MTo2X_>UV%nY`P=u6w`YTc$P!0G
zIjC)xHPxC$($O6LuLNCDp5(q&lJkZKj%mCxj~X)s3Z0mRTQAjVYlDb0GV5Wtj@tt=
z>9~KKhu9BWXaAU|eGdF?s*ngMoTO4GHF#~<%^Dit4G3jo>$lPV;_a9T8z>7QzZvV&
zJ1ynw+4>^0sYnRasFfW^w4GubXwD3)&fP-HEOTyi-*9R=TZ0p->BXE_?ul62QgGXO
zTCaa9Vz_d4f1&ZBw+F+M*ipL0XNHp)(W-l9!FY+nf_<m#5}K`g{Cs&m5V*J_5eV)t
z({$_0S<Q^*XM74jUph90vsBR0VJlYxm+9OZ?!pr;&5%|9K9qjwc5UzottqU32`>Hf
z9J02cJ36qG3`@Ve+gX1V)MXR;-0KN1WZQuNsX8;bL-f4YbY>S#|JwL`Gm6hP5DANX
zsEIF1`@P*O60MdMNUwuo1_$fD@;=YzcKRxy{!$4S@<^X-?fOuygM6Xj2a2n@yK3-x
zb7`J8JSAk1nG}TU!5ehC->HEyjTNM@HcDpBiAc`%GwTb!HQED~<s3|Zvox1-#P}go
zir!?h8p<H?Rc)UJiKC;e;n%Ew50jk_Ha0LL?t-E~2V3b1(pF<_oU}+Ko!<{3j&fXq
zr~xrhy&TY*zh4FmhE?Wj7jRj)hnm1J916NeLw?0YuttfHh@L8H7BJ*6z%N_yZ|`1Q
zCuN{<lHv6qZ*NYtNnj?Hu&~x*dQh~&Hl`h>@Vg6B2NfWpHeBm(_Y3`kRx`tFF2@#7
zK}N=#j$T7%w#5yCGqe4<SQA(j#wmVOp(82})=(i#+^FeotXdoT;PDuTtP1+dtwu6G
zg$Vt4PFQSVZ9J=Iy4dmYNAB`%v<zQjRvn|E9VbD&gs|L2r%1Ux_zYM@fsF#r`K4T{
zvD-N?aHk(4?&e*f=mu?6%2*qM9KU}je{g5-s3r|DUKEepL0Uql2=9nIJ2M`EfU8E;
z@6F{>`|nnsSn%~i71Rx@Qektw9!UjuwLm2i7#oYpILCA|aRr*x1x`5@YNd|ZyJWCh
zLE&E(s6`>u*Ava|olyv;1Gm_C^Nz7GeoS_65R{1Yk@!GEfbOSf2=i>{!8tD@l$J_<
z)br70$UBtFu8_ahW{qpd4nsoGk90IR8QT@x?uK03eb4*GcZWBv$Z}aoP9PjRjem$9
zlg%Ce?afZ`{B$<-Nz{#gpFdEsK|yzTPfAi{yv-X{>2tACiny1WO<w1_?*Qk0h5c}%
z1B=;WGcdb?x*}|Qc?LP314N1g>EowktX8$!3&{jn7~-OG+5M@q#%lcn?C&}~ke)_C
z{k_LB>EZGd0Ub<#plTJX?VOGK<+e4Ay95-{RAANa)g4;B-hsRo6P@sNg>2aC!Q+ht
zuYlt3-*y&8uMwBx<E-9VAjpme$@8laj2u2;u<+0TKYu^A^^5jRsy}~UV5_g`hPDDB
zZ_Q`$qRzg+SP4pn5B7+<R=!j(tm%<65pw(HmN^ag!XPP|IYG^EXm{qIj%Iui3rD@A
zKb%;8;4i?0zo!)9r^hPX`}Ey1h2As(xK1Pn4(y~ky*BUa?i0(|&sM=FFeV8T=VB*A
z*?c}8R33hO;jQsJGjuFNs|<xOqZ8}W%C6-{9lOs#Qd5e1I9Lzzz=`>$*QUjq-!Jd1
z)L*(WzEHPZgbS*^VNd$H1C?ZVB74eZ56DFV4DWb0Zx?GQ&?6b3m6A`o9<oE)%2}VA
z>X2TwXB+MB1Ut1t3@3H)cjIw`JIQVP-u0~Wz#gD<@zG<#`Mx8(#bWd?FAP>L8No6U
z@cTp16B&HBY{O#YMozOQ{sc|}nDlA^w@U8}3`Zt#8LcquE!O>PsH0wR?tdM?8+3K_
zG`KC0(Jp7j5RX#SfYBJ?o4Xz|splhC)FIETOfE^}5!u4t-up~lD%jdtzTNB^W1sQX
z2do^!(q{M3@lA`So^uwY*xs6l%#+XEZ8F%M=%l%;F|o6Gqip-S@|`Wg`Rjzx3A)>$
zBx5Sqk5_t^jiSdl1Jm)|Q;cwPV+e^wjf9bx5RNb5ZbEX0GYI779aGg7$bE;}KQFZY
z2^6k$)P+DXTsFj4!Q<O-Mmxut?rTlF?*H~#5h&;fZrRvRAOYj4f4l5-MZ0G(+jP0u
z{9w}jVnol*&5VV`W4km#wz$XRZvBOuOP3whaXT^U)fMh;*|IY_i+{p?jlJ<X43k9?
zJpdiBUkjwjTf>jBKlH_oiY!6t;v3ECI@Oo*xV>je-M<kHsCy56jd)GF8@9mP*X_EE
zXLt#pTMS$3uG={T#3!9Z#QNlf$G~URyDYMaUvZ<B(h3_~vJvQCa>W`>w7W^#2Mdm~
zj2FNdx3{28P#Z$1cql1O8;${#Zg;$|cLxuRkdJJHjHs<VO(B^F)%}o3Xf#rwEL3a#
zJvHr04J;UAY&46~VljI)1HIo}b|3Su?LF6*?Fc#3VWrj?nw~dr@Of~#5D13NV$F8^
z0Z01)6TUqF-KbX+Ug#xr*4^M9!^_!(9&%z)8*+)&(LzG__d%?J=xSn74K;hIsCEAk
zEvS9Z>%_`9_%{0WBfxR6(`dFNFo{{GZ_hP%xYgi!w-i+Db}sM8N@zkHHms_rsBvh9
zK{(|zfvtw$rkPdUMW2AzqX3pS=a~s1I~g2D;C(xc?Vft6#F%2GGs%;8Z!9eC#MZvG
zO5F~<iZ{F{&?{$Bg^`h{V2*%2LX)W*?r5JPJ*m1^eT@qscg4pd{3^_NNWV?PT0|w_
z+$Lc`52-w&=apuneroFk(z9x7HQIKdm6NLrZ}l2~d#8bl0vrFCMt*8EkfjWFblAD@
zGnmeZ9G^Jzm*TNF^URweukNQIG}$&ATr`OUo-X^$?Ij_pj@eE+3gpbTZ{XDIr}#A^
zkj5e|(RR88O@kqEcDQyC4O{9uc~&7S#tekU3-?_H0>4G+*C;}`a%p~L#{P~~stfeA
zSnGiGEY~RceEe1qokPXKZcaRqWS4l6eX~l%L`tTI)g0<>*E1%Vjb6mV4@7-6Q{W2Y
z95I+;s?w(ml6`x$UYo55jo!<l4KY9-CN{jBD`E|Tf}tS9Pu3jElPTLg=Q7RUQRu*e
zEET$^ha3KV&gS~l)NW;hMj>KEUhc$%5XiMnAc9C0%EWqxK^O%x1(m}s#FvG_;3~MH
zgx^!6asDh(p42Z{(>G>hBYG3XW7-sQ9|_hz=~j=hTWO-n)eyh3UTJeGG@!#JsHJ#d
zirON~>=R1&OABtkvfADD6NAfi*zjz59-(Z`gatPWOvy6!{M{CcSZI9p0+r}`zWbu8
zxqXVstmT;sAVQY50+)HSq9;Xe-CkRL?4Z`d5Zl>~l$8mcf0Y&>JnyjUp}^#m+FWly
zFS9`f>xAa?eZNe0|GL_VXg+?+R{vNO{F@YzT2rVz9I?;1jt$8f4?<KeHfdwb0SXwB
z@ucLAM97QLArG*nz6U^v;n$3wk;jn)807MZ(X(rCY#C^H<Hu<64gM2zxD_k9mIih!
z{GO;o#ns1jQ)bjKes)Kmf{q?oj60lLH!QibO^Y0_U+o_tf@d7RrFi5~-y0QS_`eTn
z8f;5-vPWLc7izDAyDuK^$%1S;;!1t?^UZ(_ipnY`PaO|sRFoZxp{xj#%u{VoBK_kk
zBoZa=%W1;Qb-z$yj#%lKBmMg>k+J$=dy_~d2t}^RGpYRq{kb>^GMd*fa!=JFVd7o5
zig}1wgiC*uds7k%H6CTlO-xV^7LoB)nyT$aWn0c*+g^=;7u0twVz^G%98ui~yJ7^=
zc=WI))KGD8T)bTR1GH-5-4Ao^Q73+3c@it#8)nw4_1N~@?<i-j=RB2Gt+JGzKr(MK
zk^t$Ab*62hI6aoG`!)Tb*LMAL#(oyCbswDx6#=u0U16lwYmm7P;k}aZ{oBV(s+%{h
zaAmVHf6S5Rod^<gnvS~>g<=D9tA-aN&i+I@gN-V3dKWj_HnJsQ-^}Cs?*rPZi57te
zkDA=xr4UI^QUKbt<E!k25i+|HDG+TE0?ThKNtRr=AV(vQlGxef=$zjrs!P4pp~Mw<
zv-wiwO;C@brm`4|B3@+;Qt-i=Gz=fBa`ctg6krJ6Fh(KIrIPr|d2McJnJXBzy!1di
z84H2}*;@8`>*RK<Z`3G`1L`5%>>ON#nHAEdh~3~(A8@TrHVC%I+z-C5&RuN!_<LrE
zg%KG7VAO9r3>$Ml(JZ&#!oVK}ZO?lEW1HaYUfEO#mtB5R3}aB$y1bnRlEl9*#j!Q)
zePP&KZJ@ui?oSwT)CcR!C9_rC4BhCeKJJXN*0m59wVnhCBzZoxc@%P`+q}1cnalKW
zZGc<ak|XhbtgfXn=?3~Y*C`)<!(g7$4jiaA=k6^t{`jM0iuZmX&D}|hS~#*1e7T)7
zaNA9F`w$C@wCaSF({b)G(&v^&eqLsb&~$aoO4}Ug#QWnIv3gH(77ebg9-p}KPs8B~
z8-vZ(Wtc<`l-QLJyCjCCX{zpT3=MF2J@sH(xwQeNXOz4B9MOY!zWu56SE#4j7`2j(
z5DTBVgo)PPa<DG}y@Jy`5AOAlwn%ap18kc<vu<0V$Wfe8c)S3uk)9#&;olXACA$Ol
zpKd4q8YjxV7@<?TZl*7W!o~L&4OGeDw-GQm2FxQ1)7i5HJ~D0FZlHCEP3b3tUzs`r
z#NmQ-q2^lt&3LfHwIpQL9L@<oH`Nm|r*d}9$)6;NpfRB7=mgV+TSbs}g?<D!N22Lh
z#<Uspbnn4dNXNVihfmbtDZG#iql{Qt+?Gz&e`nSVZ(&tK>9Ho0iR~~+6;*f$Sx~!4
zjR~(6f)HT@?#Z?iVx+1)dQXSA-m8Edk)!>a+eCJkJur*V(A`7{Il|;QSfW1b;iKCt
zc)R@{aaogSLtKh%uN}Asj#td-31A1e%J(46XCm2FHR@}J#`1UZQFtg_;e%U6Fsfu$
zG4cN4ks>urkhrIKuN!64$w}Ncx^h>~dBlttWxd&{NdeqvyvL5smHg!uf4DwZNbUF}
zAZTn^I>50ZpLds<NPe^ahH|;);}77=&a6!o2NT`fFIk=)S7L3s-ilmfAx5jWez0dn
zayDqfdS&hSI#fS`$)8SjpfCi!FW1DrmSTh<6{-k?Ew>n{p0SE-S$I!{n4Egmj&4&W
zcSqTDQPad7n>0K|B1fcASW&twRK}y2W5R+le{NZ6z6R2L*Ju4|bs<sd%P?4LtN-oI
z!-bt))e=F#L{JjU;O@$Tci^qTK^f4tlfg{7(L{38ea~=xCDi5$55~e9B!$VgANpK|
z&$Q3$c1u69fn~sNF;@{eYi@0vJOjW#HACFbbSBV$%cqy_=%zel`^m&=%i|zXWNI%L
z)}~!yp?!qr({g4ffxB(@fbE4?!P4osu(Gdgo*C;+K5aDe03G&VxSZTCyavOEcN7Oe
zN8DFWvAWo9Mck(OJKYV}-N@V(w&M`cqHcjMG-MAk>$E?L4vZ9-9Oq9R7h>GpFprmZ
zxA23^?ZLk8{$T8RuP4vg*i1(agu`V~X!O9caHJD#MwZK0&4OJ-y^Bw=jIC+LDNG4|
zjiVSk(|(66)xViy%P+ZrFzcDHb*vs|UYDm0V>dKX6u-C&SWL)5iEi$)8u8!YDu51&
zN49ie#~G^+Ww@^ojlaGM_ksVN9v-Q<%u*hck-w;r2^riYds>cLE+@tO3;6o1xr{d<
zvbnRR&~ZHk%8``GXBW(r2PYg_L8<<9^;cS>1CK*jW`SB~2)o+1Xw|-MC5WU(X47>j
z_7!|QmLtadlkG^Fy=VPNVrpFS1UL%)=Gh{W1`W{Sl`rz65&kZ^b~HQU(7Lg{5}oL7
zYxVYix^*c1d!hMnoJo39E_n{BQaV<qnttrdsRS^V!}_Uw+#fK}@}56;f5b4*AqvIT
z9vgPktSiN0{%OylUm0$sD2!H5nAjUHyC6+;naB@9yi{m5VKQERNF`LmdtR7mco|Ri
zS%Khz*oeMbTosGppq(DlQI;#96|VGFFFUFT+n~OJu4iJEuRrJL8yhCTTpe+2%k7V;
zs2RDLik?B?!AzmR%5N-|EPUX)l0ezhP!+RB#8HG-p$;z|ic>FF0Bx=a&ezPttl+tW
z$w+8-Z7HM5*iRTzUXn%rB73Cm?g^(`Ngg9jNH^R<HTM>In~0l@EtuVft?2doSaWO>
z9yo2U2jvKokL8Os*<Yc_tV)?ok71JyGE)3LpUp!C04C9+RMgcdgORcnL0*4p(kn#j
zdL;;)2fVBHL_ZZS?e7D$c9%0t6xKL{Eebd5AGX$hDc6tng++NM?q>>X#l>WEJ?Sse
z0q9%EpNs9e4U6R~hX|eVsP~(kuxVHCBP|@6himbk`+kxeJLIonR(C4GoNePt)GIL4
z^dck1tV>XiX13*Xrte3b*oww{ZTH@<vZ2>N+-YMaazRSoC>N@l#kE7AqD))P#Tb85
zGZ0BcC$|^H@9it;6Zjk&mSN;``Z~AOUsI6(O4|rEn&eYMc%ShR@(Nm#E<!V#G+VGj
zIQ~LpB&tRDnK+yJb2wGo_9hP@!;d^tU084}87<=-WOq3dD^4Qb2=_N$q5NAvhuGz2
z9Kd4cmv41^LR|_kaI768pVuWrmLf*FR+_8<))5U~N-X;b<;SZg^;CHeWx71(2aO&8
z?OSI$Tv*v#k}HF`%vEDV&9@iFmX<eQVRVUo0%8(>2~1s75kyj{qG{MtyHe6r427q|
zOOOyOT~non8RTyd<)gxLgDpp^M$E`!A<^JP=Hd2>cZAMdJ^{!~_Lu)-8+=fvUHdDy
z`TX;XzPg!HdwC|<uf?%Gsw30kaFOy~#560i=uxQTv&H!7<h*pz`C+|Dew)g>c`{0x
z9}ddz{1@R<XVsnbF+ni|&mKu|W;IDUocJQ#F@00R;58fH#AcB|scuUUx%1(@RKY4g
zUQGCZN8(9Z+xS|bU`Tr+SZg&OIJyhrWLaqV5O=S1$Nr+IFH<8&!ELn~_D(D{`qr%|
zdb|uU18k{DA5Ki>CTV1iwPCrUKUhm_q*NluD-SE#NDJ98KMJYPWgK?<S7KQ{6{wM{
zs{bGM-Z46}Z3!EV)3G|XJGO1x?$~-`+qP|69h)6>oOIB!ZGG9h_daKz?~FUfz5niy
z^Yg7W*PJzL7S^h&_gPZb98D5*QY?^{8B;3C>8e66j}1%D{n~S9b+A7<n|o^No*!AW
zLD=K1Nj#S{YXRHtj<A41IJol9(U=h4$}_p*tXrE1t`Bi3b}&v8=Lc&T5+&Y+^QpM0
z>>?|UaVVLE5I&mE#8}gry6{j(k5jyU)^i)#jHPhprnOn;r!k~_&3-x=E9@7yTsJ?#
z{g_>_PSha3+X1~l+aOthuSZ@}l^FCWS=O4Zss;jB)L18?yv<-aU2}$eJji|x6<^O3
zmeEIAZt8W?YO*2>`sE-Ht<Hn$<~5d!n(J!<{4`IP&9U@j12RWEP08d{D$8fVS&vhZ
zlIoPQk{xr<ZNA~T8lG4+Lfi2-l;172Uiq+3&SjTvM{HyB_2#zCJeZBKJ37G+mz$R8
zKW;U&R#-wJ_cmSFr~;+M7HdQCg!eyt3pPay8ObJ2e!&IvW3lOJ-?r`b+7=@S9FW;a
zMq+Pv;~?{d<G#|+vawtD*Jx1vRe&m&Yv`bM@_YkwYg<Ms;Z*5%e%l)z+;Dkysw{I8
zKAeFs(_55DVK!Gth@u`78~SACrbFOdwG7_ASv(@e;g`0SusQ8Ri-)-e5}nq){R7GY
z@qQtZap;V4rf#jidsG{T-V-?@5a%qTrBTcSo%zU#YmFRsNVWMwY(HAeEDvfbA1kFf
zhnyY2_&vYTZ1_#)VJl^_waJ+^I)V_frC;1!6%`NGV6He$Q^O}>o^{jorS`<qNbQ=S
zGb`Z66SBIoMO1tZjhhd^9W0v#+_EdT**uE$@R}eITKHtia{lwdb(gIa{S0=IiBEqo
z2A#oN+-X_VkJ+X}w&8m)@su`nF1R2!J(?8cf}qeoi6_^wy(FYw0m&dR=GYEth(4A#
zfs^lw^$PG07eeZK!fFJU{$!O5eUv3Eye{2j1N1GmX7*4`y6c|rH;jAepBNfr_V&PC
z^XZf_QF3q}-n=5UvVGCXxT9@skRHren5lW3@#Ln}Xrm}_el|e!*{qG)^FfHQzQj~4
z!OT>RM=f<~?j;&gLVXgTI2}-KkGD+kpsPDDJ~x9TH1k=m$INhMmoKMFMAN}*;U(8G
z!qFWRC;kDlBWJ0aCusmio3#{nKO{?p|NiL=V-AgW_?N)*r8cZZ^kh?Ko&BV;C@XX?
zb26fG0aQ)SK>obfrtxC9S0lM-w>?u=>INLTw+AqJMo08ML~~$GKS#&?D6DXaTuP=g
z2>B^L3(!lWJE`Ynke%*!mj?2jzKXwn!6Kdd15MTN<2`BAHTYgm0sqeo7=?L3`GP|k
zjQgE&GnDw?#-A0JNN{c3>%H0&_5PE{-I1VsnJL5IQ1%8vi3>7w@|LK-^qeUiO4#<H
z83_QNn&C_jj`4`Bdl){fQ**KuW$@4{x}0`r#R!S(%q2YalZpD5X)iKJEn2E@C(1!~
z@%I#jVQP<YbpqIKZYE54jT?!dJzdnq)H<g#JvvbsV%CxhYs<F=6c6kaV=#_y{5kj%
zcX6Rx9W-8_OQt066XB;Ci)g72FUmXCx}$;PPyu4#9n&Dm5aW7ox-2AMr)&3LL1iwV
z<fm9wrW41IB>V#F0#WF#Td$J8qsG$aWsC1XzeT5lvD;satL5tiZ<U7u;sYc5IIM(!
zO}HZ=eS<C6)}_g%L`i9&(5dqSg}ermr8i}(86>CCo@u+55vAW#K)R!ZC*A;1ObN>f
zj}c9%fGz{+HgF_YzA2=2SSxpDUlkD5d4>(ranu-cRU!UdZXnJa6(7k9B<5W6U6xwh
zJT|7f*gS~yR0XIYNP=9>U(IVPSXh@DFvxNkO}AL9z1R*~Fk1p}r*_QTHPYi7M+rtg
z+Ef!FV{k&va#AA|5{kFBN2fN27HD>xR)98|47ofTT~X1P)=M4sFPG!bYjY+>91wm+
zd7OP~IQS~`q_#vqX;3|2UFWjvY*^W`G~K0heOz9lEXo2`goVjwX)-6ORIORr2XywF
zH>%U6@=_&T2_Tj&o!emso3Dt$c8}_tFvSykKmBfRcBtm50a-Fhl5a_j&zwV#h%bi~
zrS_|P=vT`VRlatRn)_^{v=G@~iL=z2n-YoWeFwbWT{rk@igr(AkkWK&F$J6{EFxpw
zIDOM$Rmmg6I&;^t26dMU#y8eV=yq*6Pqt&yHEt82NQxVXjy6ZKl?AvxG83PUR~{M@
zr*0JMwz$l(kJ8(9(1Dj1i<K6UH7{KDo63w+&ugofr{&G_SEy*YcF>BwOwlPn+>2UC
zT9ET<jWBwAvBJwrI84i`;p)m8jE;vPD%Ua@wj1R)<1vN>p?PaeZwZ$alWjbC6a=qU
z9El&<!%JN5>WZa)VGYRzeBT{b222b#OIq^wt+i%&XTiH!@O*2Yn}sm$z2R`KX}z%*
zK;ej^W}Cb$Sc65t%GoE#%#U$GxrV#^aZ<`%AL{g7zsL8bqVNA21wP&Kp26+U=nNz;
z;fY$FWL@fVMkw75vLg4f*};n$e!3e7ZUWuxvZgq5e`9KlDCF^M=Y2Se0>zlCsUmGo
zez@5uY^~M+nr!LDe1+KXO=|fWeL!k?IT7+MbZn6w<i@D!PpZ!Gl4@85H#{O((zDsB
z#vZXmkn3*Q!JH3_m!^cu)&j>yT_w?-9Ig;8Oye_eK|%gAbh6XW1+Q<!X@1&F$MQwA
zLj8aTy`QFQ{5-@uHnOf2QyC^xAypnswBs6!h)u3{PgaS+W#<dKQ$=u$Cfq>CE0>`l
zq!?pp*5z?9OKPnHmYFrK%()jhsE7U9I9G_aX4DwDKAaYU<Cza%@hMl(R+biKoeOrv
zxgKsXB7z!DGC0E_3G+5>fLOpCF^6|o;A)ViYBfHZZ5z5@p+KRCR!ry6bN#cb2S2;Z
zGT>2DCq$z>!insMJ{jo_%gT*V_xZVK&KdShR}eXC;6^a1%Z(^~L!3qnFa+Z&-Hitp
z99oQ6iN2g6*>E;+$n*B6G;ang`#n#h>g#w`{xxuCmdQFD_4EX+_s1o|TC}Ig)R<l3
zb75?jq?_Jj{7J#Nng~0OWAwVW%?f5HnR!$AHjBu*2}~(HHw-BbnTX?uX~#-TmQPj0
z{-s272szz=PcCpLHXX3t;0}vCexi-MW_r`X9<J*`C4R&V9vvMvL1|QCTgkLdbu6ZA
z*;wnC$4?0SlX4qdd5h@zUSMIYoO>(ou1ZsH9(szB7ASl!_;04#<<Cy!1s8WN8(-B!
zv}W#P(&)?_cYmJK7ZO8RN~Q!ydZ12vUti9zShrR=5yN6Hp-Pl}9C23^9h2ltBE1Pn
zH1r<3!Eg)FBh$Weh249$6svqTOra`-k9UG}4+%kLB)?F(YTDVH1ublLA$Sn$%{V5v
zF(Jpf34cxdNW1dxoJSabG>Xlv#HV16K*?2fpk3`xKSp`>ZI<x%C3kR&@4v)IZyPvo
z^P=GwD%^Vl<FL~?gTktHMtoX3#CW)HQ67E@jyN?^7IvznXXv+d^ZN1GS)#nABc8I`
zwdfP0?`}d_>eUgfv}^=FOS)iGGMp1$W}yi87o03<e;l))Bitm@)Fuw_XKXpEzOffr
zu3X)mVcTG>Gn4^sX;ntiDo$Fz5Sah~e`8>_N68LwWs2D9&%#O(rqOTFVP_@uZ<oWR
z*QWw+!}2tgm^rtd8o{uD@tTg?2xH*Ezp((|i@9HEA=Z9C-otkaF@VXE+>yS*FvGPz
zwC}o}SJc@5S_03mxdi51H$$XebvYM^AiSR;Da6LZccg;2J053Z5>$R3+b#Dm_3)y1
z!9(->293aD4_PdYF^oz@XWaKNxVX_LRpaUJ-Qv_!$_0@xl!5K){pp9%^5jhA`sEMP
z#3OY?Qf4S+Vh`t|@g@5m5;DF!Ab5NZf3X}-+}jn_o)dJkFA|}NGIxHF8QgF=Rgd6X
zeqD1pll=`Y2zvsdjhE+Vey<_$KZJKh8ZFjSA1`PJ4u^9V3oJ{bxwVYY?zz_rz8ajW
z$fwAUmeq7nE1Yg`C9ZMp9G;Eclu^dThDslaySoD3A?N7<hvbB$8Mh}A+dy|CzcA@W
zHIy|r-(tDbA3H{Pc)+z;oVLYQN^oU1pIW)DJSRS<WAAV<!Z&{Fe_{-Y=e7Z9Pt1f;
z!=kn;&{SsqUPDGsKJ!%+4@diFYxi)<VR~0o$DU#mJw;f(D&tbPeB9gDb68us(S|K(
z0Fyb<1M<8KW(<r>k-G<~27BI-L0^&UUPws2g8TmIDWqC)Tz0Z_uP&{cep!64N~&@>
zg9(6iHer@v*mFqCp)ieOnfvQ>#HE{qK0!!^LRtDqmJ9E?s_~e_J{nST(xZ#ZZk|#y
zchYJMtof|mp<<gwy0}%n!|0|G>?!u9*tq)8L~`8NH%ZyNGMPz~O1?vwA*zDxgoLu>
z5fNay93a;jfT}rd$gKkfAvmV?O)dJw>#JFxy2&i}S+~UIPDb(3_cTS-I`$)3l&R|G
z0WOAY$~11A`Cg6rvi6ADSe){DCc8M3l!n&at<5bN%dqV5(5bC*RY?HIz140lT-)qL
zAf0wq8Zhd&m#+F!-SqVA!N<`ENE)m}LEdAPmGaG_t)sxiYq6xQu*VkIUUUS{aEF?;
zAWA$E3!3eQ9a=iJh>WlV4TxqB7x*5lcBo3wC3bpv(`L5l<wlZ&!$Z}{8%UWg#d-QH
z3t<BZiS&rE5^BY`FJs2MR#|KFgl_rC82C9O-X~DQ4>AYSZ{}+PC|mcpHBu<w4jWSs
zr5aXuzO|Xf4%F|=z!t|8$(hz8kk-EM#UDA_-v{%JlhRTVV@hy)42+KlSjdX5j_qa(
zOOQugC!tIgUX{clK}(OPZ5nIsyJnNVrn@2i7%=B(PR#Y7OxoKi6yBMREYAsnVO-WL
z^fd9gH1R=_X#`QRDQEoQ*jPedw9ZV5i|-PKCXCB|#!+FfGla?pc?YFgcw>~|+&C)0
z&6dQa6t(<wUR%B{@=AL^%IIBuauc|>F>_Z62f#sFY)=g^XuoV`oJyB*Xd9(C)Xt*A
zdbYwGTFuggK_e$~8r1Gct#vN^Jey<Kuvv~HL!q~`lp<gme}{uU7}$-XmU{hVR95zz
z@U2bu`R-2sQ$|K<=}SPSgxbk^1EhlK<mMi)7xeygcgA<>=D|c|TC%j(dQ`MpxONYB
zq#Vz3BE21h1O`3VOEcggnIVmd_Xi!%c0Qo(oNh>6Q}3bDh1b>;6Hwlc97u8|rM>CQ
z{-;Ea@i4<onEfc>Xkywzs5PT^Wq0JFU2yKcD2H;9`OBK*;emstI>V)UYp&omhSnul
zWolg}2O>YWcUfeu2zG{8?|7l7x2wuQ23oEpMM%b;Jfm6v)>zWl*EJ1Iv0V#&h#Zx3
zNj`<lN_NN_udo+)RK^c5A5FAXyOubdm`R|VpJIofM9{U3#BLxMsaDPS?Wv1U3;DJe
z7*7}`->q_*PkcU*-v$nCPw=-m>`8=E*P$5k@fE%?#)<A`6YJn0O!I@8QDPo;tly^-
zzSdrwkdoGQC~EmEjCM#tkmbyN77QH@%Rm^n{G}=B_+E*pA_-Bm8>h*mPiPEY;t|4{
z`f@18j)DbG7oKz)Bvt4hS|3a-{V7EjS(vCVZ1~4_U<s0N2RGFKL%Tr9a9diJ%&gD)
z!)%f?U!o!*xpFk$&~9mlC^DeEcwX%G9t5hP@%vs2@RcV*q%DZD9*Iqp1xPT3AmMt#
z8ul5^6Ly#6P+CqibV9Ha6$_Qh8}@;wVwdV8lC*v4Ol8UHHp=Ob$fB?edZpwHFCNe@
zZ$fgm7p=KmgT+Bz+uEt12I#n)4X4t1TCd-{UCnMjiP%ZJWlG@0kQ6vX?%8%fS$(vr
zL=4^DsuE{r%nqi{Zxt|8JS{_KqcSFKo$bAWS*!u#*WFK;U&@Z=0n_}|c7t|KZ(Q70
zv&Y;pM%*^7T^!^L_|l#`0>~7j4>nT*jj-^!iRawBdN(X`V*7i7=|5lfx40|c>}kHa
z9BQk>b1VvGt{`eWH2$JH2?W{_<CqT{agDvWt~C<DTfX-4Rf<C=FK5w+zVHRT|E#=Q
z!o1(tPqV8uyKH|2dx4JRf1|Zh<zgSg$G0Fm&9E=$W^=yTcWuNzt+Qt|n=AK7ZjVEd
zF;SUG881A*gUj29F`QR1J<6rF7sDMexEzOcNk`p&PzEvb)od5~OUNZrfb#4zM=PU`
zXqsdfRf<PIx>1{}JQ+IJj^XL&yipfH#IfO(QLf2vqC6k}l+l)$i+ZyE`V%av5`T!$
zgsk)BWxnJK{PmchE9AA|`go0kS~If+(g+hpW!BE9pKvT49H{#K$cmhs9#@=vVoXzm
zap#j3>)zP4)UbE|8i#|O^K^i^w=HD0-9(t`md2dssaeK4_p|tzv<-&$ny)RVm?l#t
zhAF7p-FIXWO39Ue>WW6l?5ORjutZw6d8jz%%B?A-Af8c@5it%5ayAe379Y2r3Et0&
z`8neb<mhq{jzWSBXUh`CdBk5DYx^;0uG&BG+?GamFD;CI&M-_ThU)9f9<%TLQBr!&
z-cU0#yi%6guvTxTu(PH>Ix$dlP^Jz3`3l_m;-0Rf&ecEyHTrHX0-FSyS|mC`zfdlT
z*fU%|5nGIr_3cG_j|A_|{*r1!PTtO*Z^*K%XjI|d7kL|FAD`>&^kz$7Ky|R2I_&)l
zl)PEwG4V|N_yWx1xK4cQ@K?yDJeG<2BQ6<FM*{2+>70iR#94b=SWqSlS~#gJhr=LW
zPbCUoiah&%ootXqV~3)Xjyu^KsazZVfi#Ey*nOh&1@Y$=#{(<xK%3ePIW4l65vKNZ
zBQn`I`%+P-s+pHhKS#jRUa9;rypi3ohhqXAz6zJDlfjKy9*P3?LQbg0OCawF%H3%4
zB*FN0%$3Oz`&3`zFZc6gI>h%M36(~7E);|IYj`{|<Gt<HstN9MzVcVrean;4>ZtQV
zz}x6XGWS!7^Z1f{WJ6MAbnAaasGTpuE=O3C?T&Vwe&_%F*2@g)3wTHY9R(_N1Xey)
zhjg(J#30BKKbpJ>jP{{&BqS*XxDoHk=!C1C2xAOb-*TrG!#W!pLQEUJil7i?Wof_0
z{-xxiiF*@qAA{2iikZC*v2<ED27V`Nh(KXbJvcao{@nCB2Ja?Xqs@9|x$GS!ZkQ6a
z-_7wnDBt7r_Vu9D#d3#=`sFUPTfZE9xwCl?!k%;<MrVbhS_1vviE03LxSscuL?coE
zRiD4D-DVcJC&kvt7=RIveh;nD+O0ECzT5y)!)gGs<qO1MO2uIeA3X%#PO+ZrmHo@~
zmMF8$G=EmGE)x;XxpZ3K-9}XpdWClntfpZ6D_QwGTXooIO}B(YzmuEZ&J|5YetqcU
zdqskKi&0M{c9{~(7XV<JkE=3oncBdpt;L(}oYsZ(WhMZ#Wh>>9Ar%RKb;;NsV=H2K
zoI5F9Ic}q3*ul+pGy!vHBFD{^!t9b-JxNbDRUcMP<PzOSmngixgN3q0S$l%}bMmls
zihiVv$RmwAX_C%b*v9y;+!U%Ix?WN^Rn^g>c>0%aZr<CMqr=ZrDvxWZNe!hk3@t$q
zl5axkcY{*4jR67Z2xZ#>YK&gGHdeW=7-6|2Xo?^x{Z|xGNR|p|)tTXO2zL_Bk{WQ$
z*S4W*>z=@qXhZ#x{S!5}UgozHZxj29HcmC}&!|UlV;WQqY$n+>m`b<$*&sGu37+YT
zK~Pc}52nqaD%pK0DSDxDc>$4(DQ1wxF2KX(I%zSxi=i9eUPt>YTJTY|Mtc>mXy{1J
zQ-b!n(pIH{kv2pLpdNBuijwqDHEXGgykV`hOP$%VqBI@*>XaCW&O}IJI4%;DBxst{
zz%n)7710+K6-kqk1d3EX|JraHtd9U2^gEKTPhr;!_2Hy_$|n$L;%iOdO}b0<z)@cZ
zXXgr&7Pq7|i(Thx34b=*C>crgUc<<a02v{F9T3u*Ps0;LL6i5-i_{b+F~Yl|WAtX^
zk&SmI%TeePFJlDAB`_>Qys)P1s8NoNx)+|x#!VQmLt_;Cry-a~?+G?E@7`^k7JivU
zqMf!FO_-7q{uvCH#Ifp7B3A)5u$V)o%B|mEB97=($HQRefFt{n7Iy@Y8~xz)#d2J}
zLnQ%;5SI+RjFtH%2%90V0YM~Z!-|%a9-%B3>%g*Zy&J-Hj*&mHneO&T6`HO;_-!t&
z!4yeuKCN(0nXwc8h@h8}+ma+!I+*>3?dWl8D|_}1)_5(qNX8KkUZVel5)TP?CDt}W
zD%vsde59Ci&!jvu@-UOCVp=gVS2&LDmvXgUKu^ISZm~F%-vTYx42EyU$^b2;TG)~V
zORXjg5u!k_XeMS2CCp$nK=A`5r;57m0?aHqkMnwajEDM{T;|Rp^5E_tf9J*8nun1A
ztw?#2`Zt;ua6EaiMT=r@cs{i1M!iz+Q^my?HLZ~y1Gz(ckO}2o2Z)VyWOTgl@{_4@
zEpKbWte=Q+uD>zbY_9F+fLy#ddwJREc$X`}0{&YWc^)OO&qqjZ@U8IzwW!5Hb?2T0
zldz_`6(Op6$T<&4=D~ppgWBOqW~8!%G%>>B6sir0!on|O`{(S%kK`(~Z%VMCERG@3
zID_PRG@=`Rpysx`k?v22%%ZVn6C|9|ee%B8a^gH#5d!1zM49B7<cjXG(w2D5l{+9u
zM^qG$P%iqMk>#K5qJB91EcM<Iw7KJU(nWFt>r{gOHM82DtF&LOEJIm+ZIxBR=U|O|
zrUq>&Q>*pdHtS%?2S^TY>ob0R(VT5G(VVE=!%D1-O5A(<qI>-E61Oq?YjNri>^dJ1
zkUhy_*rcKu@b^INw@&U<<HV%ZZuA8BDx?RlPpJd9d||+GSE<aQ3eE2u-UbGaClB^k
z%im5{?tMM!6JbZx&>%?CMaoJiWuZb&wri0l1F8w4UO-7n!=Y8=-hQR*=(WN#vLknk
z%L>OEjF3E1DcfMOW3!2l@_6;>@raJf883k<Vp%y6TN=)70;k^Ys(mV<RBDgLoimxH
zW+b#vgdY&z&-E*T$*wsM8|BN&OGjhlRg|GpQAJf(6O<mW!M*JrR1BawWmvuTQ@0J<
z&hv*FhR<VRdy6zfipKkiFQ~5WloVA@lxqx<(mL@l0rm4_ZO?18{-e63-o=awcicK*
zS`^fDXNsHhz;eF3GV$>e=th>n*d5`d237JaiG9Z~t<Bgj*7Eoz)tgk;zF2Qt*2nS#
z`0rgC?9C@ED!jLdF|p1dcCIWD38WC$cuOhswnJOA?)}j0EzF_$gsSt-Gw!TjDyhns
zgkPAF5L<Dlm<WeTDHZ-PRkp}>{pF`#SPrZ|J2v`u%S0DuOJ4+J31`@$^*R-Kx8S4B
znega4-(ex~LX{4T9G@fILiO`UAHf@h&B+`Ri{*TN5sX~<Y+PP$P|%FdD<aZS%(FLF
zgpuYLR9=ujHDT)V6X263B~5&2n2zx{2Wc3m+c5n!6=-L=SibQOF8LDOfIgW$2w+{#
zX&-Q-LwZs!nbBve!HPc3PHGz3ip8LmqDLy4?-e{$aKNax`jkV1Nv!)RXf9#7Ppbbi
zxg<Pbj#`(E-u{F622(;}#Y2HQps%wS9zO3`qT#TB`|zDwiPq3=(O2IBs#d;V)aIrd
zlZ$8Rh=>p*ew0SI*@ZVF%+~rK9&WJj8mQD1<t##WS925}ICn67mx*)J7Z#;>cmgPP
z*~)|YhtlaMs}8i_O3hirX<#;I3KkAlj(|HznZEfwU<(@UhH1unEH(o+F*9*guq#8;
zIveAx$z8-_@_(RdnSqVL11Fq`7dTC@t-Iws(^hQlt#@up{CH3LnYLs!V-{Pg`(5jS
zg^c?xbVbdgiwc)GfQMqF80^;~N6$itKJha{AY>aOu8zBM(qUPTD4_x{OULwAoM~em
zEAD{6Pvkag5NCYfeZ^m;3{l7{j_MaTk=Y!_P086f#IoA?wYHa;(d2>j*u(~|Z@yF8
zyg1uC`f^Quy|};IB=pj^YD79}v@=Z)O%!^UcDW6<dYbM2Pv+5p6CjZKX|B;}_b>&~
zlgvF8Y^zT`5D4lP(o*At^#dUDb+g0;iEcKNpne&oUgla9+T{e|?0$`n8`M3{P((y*
zqGDt0fnS3Gz@70;`KDr|X2eZ+Jfa@U&-(3Vy@U%3mA%(?j@Ho3*ACp|H=+2<qE+3~
zsCO?e{s$kF$iR7q1Jltayy5cboRe{s7VzAkujM#q-PE+&-j(cCM5h)*^@{ZQ3*o+y
zsru$AMFxL++NRUzl)g9ZOVhup`4_a^AAabHpWp1WOhzJ0ec|)xQ*z`4BCOg<rN{FD
z(_e+E7d2(-N#VeCqQWfXR6~7FS+`ARa|>n%mj6J`d^7)~PM7%h<Ld4`3twjV)n}3a
z@K8+?qR^53M(H2p{(`W~<wp9_)tkqyG;9BdE&s>Pm_a@?`U9Kui7XfRzkoZHaXw%x
z%h)TOB>%5_u>2%r{y^vSLYW5oFX&E6_&+AZS>Po7zggig68pgCOzMI%1NtvEP(%Kh
z5Z*E?{-3h?1OGC2mN*wPR&oQ38R);*2>%oCGo(pY;$If}*BJRjq-j|3B3lqFp#NfH
zknm%|@P5sb|AOi)z4>GYQ8>#64EG<fr+>2X3-M#ZLH#PF*}tI}{~n|44#o_sc$nb}
z@eiof-_V`%_J2(Ht9F6nzu;6UdH#^@jSN5Nzu;B>hWjjK|6@XX_2b0<lGFc=>mMTd
z-*Npzb^c#k*XH|DI|2|z`7^@i22D$gN9RVby<H=hI|^7~Y3`>lp$4`y>c}24%nVow
zFA1rs`3%JvT9G^oC*kU`M4!a@+}pXT@4H%V-#r@I7ugealEH1d3x-c8C#kNNJG1UH
z?$=?#zwiS?%lm?S&gEZ%p$CF`jsXJx7YPXb3nC{l1VLVdiNxpJk6(X{{p9gM)PF}J
z_&4d}svvm}5Q*agb=b#b|GJ=0_dz`20|EOt>0_w_Fbv<o$#hbMKNkLLEWru*2k}+R
z7wBK4kE@@ufIwrXH5y2MGx>XLVCM(1_Wcv$KW_I0$wT=Hgv@D~Ed1Ao{ut|5i~d2p
z!v_ZWbB}*7<p=`HFKGHb{_hR_!2{ym2eI#sm>=jrmXh@a7C)%eK>pX}KgRayeh`;@
zz&`ygyFZtjhWe0S7K>E=U#t92sQ(k{|1|aggZW45(@hHjYumUW{A4;q`)zOpp5TtL
z?~YsT?`zlDgt-pmvrNuG9(iDM8KdW<-e`XrFpnC4(;7zL&DuR1&RrxA0ndTX9XP)1
za!Kdzt(i@;;J$(9a=^O58T6l%23GiH>NsM<9%SJ}G#-rje)c>K^hJi`m<dx(Avnis
z-~#z@Z(_cV^;Y@ryvi4sy~UoH-A3f{Gq6kZShvuiNCKOJzkLk*C|Jj^-TW>Rs$WD%
z@vr;+NPcHP<i>LzfKwqErHqz5T!MW*09YKstz|wFq0^JY`b%ZsBfj-8su#*d!uT-p
zG7fM_#}MBQ-j%2W+n<{us08!m0q5ixs^L+O0>`%!`c<Fh>bZ`g9trWlgkxzbLBqSG
z3g+TKML<llR&I}2ex0yh@92)ZhK8~Se;PHDCZT_;3ou>%aHfq~H=$yK#!dVYxZUg?
z><~pmccEUtWdHVrK$&#?HE$}5k=SZ@J%$Zgnm~ZU20k`)mF+7RR(&mzgb+m$+F?Tl
z9*(Q)6kOwn&6gRBlq3MRMK5Da!-oUjet`gMckOhh1RIHDvee+xp?%~seHW|EO2hx_
z>=Hp}59{c$ZVpPK&t;rPR06viT=mYwpcQprOuErLBSV?;%3g!cCy1A@OY;kM$!k`^
zO&4){Fb=_Ij&D0cWoz@~E?zKvGdFExyXSvEXpQQ%{NQ@jh8s5k`c*^JQu5o;W_|_v
zNM@N2yYNj>ac0RjE@%NmeLX6SlK)~2#@Fx(D;S!e(HH|QlCzOjJ@2R(1d(=&v<Ikg
zxO3x3F5~0NQuek~E}_5U5Mr*cR#xJiyR^}I$WC7R^Dq<8jI)r+=wZBt+X@Zv8CF78
zAqXso+$>x4eDS~Bycne&5$m-|7KRVbA=gqvvmt``lsjJ=+rQ!%!2yU4XzJ!|uH$!(
z0~OO?^4t&cp<Kvt=&D>f1w8FVx@K2!kPKIdmTMo<CZCh(Wr0*k&|e*B*H4vSYfd#3
zR9JdMcQN`W>3K|g{uSQX8G%!*&?ruQ)y-i`$5%`DX#m>QDFF@cp4u6o6nRq;lzf3l
zMjyMtyBDrRW}EU>@77R&!MZ1i#~3hx<^Py`nKfgwf@jKq=eEk&QH^%-uVC!|CD+C{
zlMH1DSC)<P1iq~=ij(*Yl`*4-Z33RmRiSLOTQEWLXl0+!M+|iBnA+$}0hsigTMFn1
z(O6hwZOw@g(DDL@g<aBP?yQoDM;)D4i|^B9MyoQ9d&y8MD6H&4a&^0tOs&<fR@OFu
zLqx?T-AEJjsUAA4?O!nn(yCsWp<rW}6%+15#w0{l(izLr<%u72UKv`jnD4rwQAjSB
zC{t?o{L26zWPwpVZ<3n@>Qq2tK7pDP4}G<B1hZny^D-=eJGRtp?ANaEP#q-L;o@l%
zF#Ry=ES|nQ4NDnJRhs9|$IhtzW{mxt%>{${{FA8^?1oS5BqM3?EF|JtN%wFc*!@nt
zO6QnoJ03F6H0GW%muEll(nWO$<ZB%A^6hxuuAiK>UtVG2vXX&X))s}aQ5FcNWQ{qr
z6q38qS%w^8PZA<Ob%H)}scvS;QQ6<hz{H{%#&LI;+HvmMo8fYvr-b)%KkF&gBjD3M
zA>KlOYHDfjn$(wvi0qmRyT5Oxa=tR($c4@LHw&FHu9iv5WoI3o1OITgzrK>I^R59^
zljtk}tF6$<s2UFjEbmi#Q9_KuWf9%f(@AO{RrFS<kF+?dd8asa$vkHKsos4`{NVVQ
z01S#|4u%RBZkz0Bgze|zT)E19JVUOE^jZTKD4WM(L=^zVPcSG!Ww}o^R-dzTQuy!E
zfyD_dc*vqG(#ofEF*DSp3|n$Bw~I4_PIRGWzpsQ}1+>=zmXR?G4D2Qc2<gjYj1O1n
z?>}%Io=^L;zR7u*Vc9Cgmq}G4(dt=1Oo^$uv|0vPMp;W3+vPeAo2sL*pa(pWNx5Sd
z969%rZWN!oHSV8PGy!6rACPD$z3Y}w#Bo@G3!X^(3H*>9-5ckUH#2G$w;PHeCiq++
zW~t*##xAw4PS^XDqHZeRFfflTj#qe3n%&VU?>+tKoR}C&bG{W+)@a-I0w<rBfxj31
z`M73>EKd{Q$YGPXqTO2SgN&EM1g&w2Hn*C!q^^ok5J`fOjTN!BBQP>5-g6VvoZs99
zJ|h}10XHM-6NG|(&%*zqOu&7&rABv}J8E;pT~qv#+01C8>q;1)^|RB88i7@h^JciG
z{-Z>l1XWQ>?S|NQDf8k#)_or$tzhvPff#0m@{^OlF<NbW!&RY~HKx)M7A7@(xX>4m
zV(VYAL&RoHDUfr9z#6|RDC9sck;aTUD3-KZZN@d8%{orDFJgd7!(iY>x1aS@i*j*D
zgqj!eP-w1zS8@7IFG5b_GAC{{BxY{<IKP->k-1uxwA5ijd}T>P&uTR|yW51}G=?ZF
zjG-To>1YhuY^Y{TdbA5)pZuT<i_HU47T=<Y6Q#05>-43}Jf2`Eu(2zE!Ac&#^ygKO
z`AYCr4B97g`Gh4lNaB!^N7eCjoYW)9%dK_FIb~)^yt-1V^^lIA&ocx%OQH_kPy6tL
zzL5{j%=3^g`om`+bK}PfVVEP*vjz1tp=)vdi28|}5+Wj3d^q2iTD-9D(9|qNk%}>3
zu{e-B4RDvfx#Qlcr5nX>!h5z=!uJnF`xmt#uHG-x*ZSbVpZ$#C#Pl}_j}*?yGmOnL
zx=h}P%))NTMXSSLF~RV(T%{a_{L=*^s)8K3qSFm$F@`9)a}ix0V+u8G8ajECzTMsO
zc4+>LWOjQ^uLN7;c0(-wz`yGM0cm)~m4QSjCe=1ihz^Yt_u;LH4UV?352Zt!Qfs@v
z@^xu+;t@k4@M||>iW*WE>)G+hI<yvDQuc;a;bE(KMiym^Bhont!B(s8ST6_u`o@vU
zWsPwogR1`YMs!kcPe?1P>#{m6->CrtvKg<jy%`Ur|Gj*7shL<4BuSHGC$c{`9okCg
z4Y+G%Bd~D?3`0ltWGy+wKiow7<707axbp=1vOEjbx}XJv{^CmtolFSNRGRjOA1$yK
zab>pU_d=S7vL2v!=x7DsMoIfyBo)4N;=KmL3kTlFww|h}H~q52Fs79VWZoMuV$f6E
zPh=zmf-6#gI}}rQ$ptqDs1DD}`F3<zm-1eFX7ZNHX(0$dm+&W%X9+uF7rJ1HvKOX^
z@Yo7k3!zLfn1{-Si*EORf7skM{?Z^y#4;246kfGtzezC3?ZFy+8!a$+cB@|R2u^8*
zR!Ab6S6U0ib#iMKjqATI6r7vain!{0Y<CpcJF@YFy8aA6S5!pFL%9#Xg0@=K@^>&n
z5D;)9r8LrW3|9O+B6~mj-LLbBAeru`zs{;msqG9g&x-HR5Y}f+l<ED6JOBhtts2h2
zP)$lf)BPa^U$NKu!|%ZU;rX&8nM;4zFkWr0<Y8jOqlNqg_yevWwSYP5Oz5%Ysp<GM
zwPU=Zs$A{2T%~bRqop88wr_b*#p{G~HQ_^#Ixx|pJu^P^!1l-CWsO@mQ6vS1&sdpV
zE8ExAv8h_Oc}4a7?V0v-AlOmdK<{OZl@tjl3A|))rEmtO$-&4=P?6!_C@H?4_!`yx
zudZmbnS)EZX8kuXbiEImu#X^?edR810mjBnb|dplkwc$^M=umAXd$*I(}R=%N(x=?
zmX#wFLk}AJ22T&#!ma6bd)N21u0JhsQaL|gx)*@)%GAPQhb%LZ5tH_X(@>!sjxIhc
zm~*MX@N;`?1#>j>q0vhBt<b$i;O>pKx*pl76Im@OQTDgusFJ{C1vivL3Rbq`QK5H-
z*g}U-Z(@Z7ztE_6jt4u?c6{1~kctVu`Q&xEzB;0Hiwc484N*hkXlek(@qriFeL1Dv
zE2FNM6rU5yH?vt)ISDPdb|s8ZX^60Y))zIWN~oxsj<($b-knrfJhK7iyyKF$dFOPX
zM>n9>VV^8<=?DG0KL-Z2p_OHX%jWhyU$Bh3)tmr792=8}<TAkCcctF5QMlM}C9~}y
z!z`|zO@Flh){ObC|K<AGu)l;(zrY)WmcxrVU&a}ybf(_`(1XeIiOE!2&?X(mQjL0O
z<)>RIH;velX-{uJQE9U#z5W`#ZEVq9TnOBT$Hc}T-l0#1ANO>Q)Onup{HBtmw2gr3
zE_vLw(j7Kw{n`^sI)9g5Ke0jG_M~RW>6wz=!;W+E3^!!)dJK^m6s4R5E{4RvXIJav
zVcU~Rj=kf++>s0cBa8#nD^^QA*yIqnl$vU2-3$A2kIgcc$(+nY4%^SdytbXlP#-X7
zAf}6_{n5p!Ve6-%M<o=H9?L@l2}8#^{t}9HvaAwO{G^%4+J=O>)v1~2N!-NB5y$03
zL>6@f(^(*aHT#?^hZ|Yfwk*FG?avEMOqNO7pK&y;Roy%zzwP@IGsxaBMDik!m7bWl
zEyfcVEqAo|=uC&Zo$$KH2~Y=*8Bf|@O5!|&)&iU2PYAp{v@_;3VVpz@FTuDrs;KFQ
zbtqf?oi9}Uuui~`qS?C4*YVS+x9B)?DkToJt$?a?WecLM_mvb~uU}I&2&ATwcw%Bz
zf*S@L%dOo(LTr2@m@>K)ok)PT1T{(%X}f|-Zgs4&kWnHSEgT$sZ3C>6%IyKm=4YA*
zc@FZM$-(I^?7EJ=GboqBjMY;|2`?i3XsO_K0KO`<R`A-JMrahh;jD&3TwHl@9*a37
zsEU0W<hhP^?J5ns@sTp@ROF8Z<J+;JJ?rDzf?Oy}4gfdBR0y#*Jz$n6pr-M4Q=uPn
z<o8)i^5crmkJ7a@C!zTojZd4mSFWkhfmRT~eM!lNV;L60b#E#NZv=)PsWoddD&3l>
z?>a>+tlH)K%-#XSM-|cn6`(e^7zIzG613EDO`r%FIh4CbxZ=H9NrS;w4ZF%(H8e(Z
ztUynsRZJ*OuW!}209T=(fCpD16>@NZF;H|bS~(%#qIIl5qGq_#rdB;NSD7H{4MJqh
zrBld!&_qYpMpDfMjcFgZl9KuJNI1aL?NDYmG`V9gpDa^skle8Lr4;JmmeFI)I&{Xy
zx6nFwVT`prKurg?bvyqw%9Eo!xN(QXZItd5g;q-nkKssCWqpto&ZCq0A`3nROdCGc
zh-@HTMX!%+O2>xB!1$M!q9#^h%VVqv>T&Fr+F}0=w0^(4xlnDR#6eQ~<r!B_!9|a3
z;Z0Z)p@l5-JWdaK&S@fnBnVW1#$J;!Aqycyl`6KTQFf$)KTOj@b!|~_Uy~k%ItWFI
z4sDoKZ|<e3zQCM`)z5lVJ<mqq>QJ*A?970f;IdhfYQ|U>#r-+5RVwYIoK=hvUHfc4
z`=)&_h#Qfkr|+fIOA$vqj-O9y2Yk($5G#fZ-56sxw12-I<ABfA$>6f?hDM6I)ho$P
z!%55a9FS-b4<ARGK`|QDjnw_1bP%4?CuWnVe)uA#Q(?MZ@{Qq-Fdp_t7*{yTTP+R#
z<{8s7BOmFcSHqu7qe~`^@Z)a5sJX{zQZ#46GqqV+3c(*(;!weCDJvY@!IZE>4@4VT
zMcq;|wuMS>@<~g+@sWvILm||GPAimwBaME=!dQHf$WuNy1!{gaUadr?u<AGhl*lO9
zr9)e7t+@os88vUjAhtB$^Bm2y&7Dhh+^zu3>6WT(OnI1&MP>gCZOY=jdlvQUEbq@N
zZDX1scMud?$x&f&F0=?FD036$#gbn~FvY~gqm?Y{^E;QgkQH&oU9Rm~Buq-m%*fmM
ztGZE9xWR9SmUSh~nBU$m>BpA~9+tvd4^HAVb=HujKc6i{G8$6uK=-l}m_}M)SsJTG
zXdCF9Ca#9(kGW&IXZ$+sN@jEvEw~v_S4hi2Fm$Iyi_8S;)XuB?`s_~qwgXeia61@_
zIh#RZW77gmR+TbhnfnVGKXc{rfESRquDc|k9x}gLF28jW;qXjmW?Ytnu)oqA;Q2d2
z%A?62gk%q(mj@o1?X$?_YGfmW6Cd6L22}D9SOXtI&A=DWvH-4IrKOW34vb~0Tw8KQ
ziBO1-c2c)FKyJ;*&a@H1lu?4DQlTHPGG`bI%Y59KoyRXSo3wULTxD3w%Pr*rUt?~3
zt;8ZIfb9WH9RusHNUPLpPMonZS4U(^>6W!V=c<)2oN_i3rXih!!KHz&X~SEA1x-+p
zFbH28wA;q=Q?PMZS)``?zqN!&f4cYL8GRLvcQ@@<Zillp(iPTl;yI$c+NFNS+CkMQ
zYU$au4waJQPq`PT`w5mETQm-1(VAqXqo(YepHE4l<c?<~)|3OEQNC|ef(sFG<7jjf
zlE;YP_BdD?Ck3U6ZR~&F9Hri3UsEC`P;{)Ex<f8hyC#c?SG*vFxiWqxZbTy7OK}eo
z7AYm-u81=ReO+5nibeCCrZgqHm_@H<u<NxbRN^QoGST((`KoVC%bAc&6|ALJJ2Y3s
zm~m+`nuu8w%ZN5gOBGW4qGw<WpKipjdJFX;`3O?9(Mv{YX{VIZ0|9qyEJ^rqx1yux
z%aa;c%X`8Zfa3cBz3T%Ih9*h36LuVl8nRUQCAhp!&?@pJ@bAo7m@jAY@?4kX)B}EV
z$}emVq!b!-6*q^;PcKG-_?g5GJhZV?UthN({anRq&5#L)a|2YOT)k{rAjU-WvHAzX
z+TCtIPJlVw`xDq9<qDMWGr}a4OnTmS(bcccj@8j{VHz6!uq}@e<7UxKCsLz%8B7jn
z81vkY*gc8Vs@&f)Foef>*erI-n}~}uqXg2z7;Ts#!`!4UW<nw^f^>sHM|+Cd+cZ@p
z)}$}S;V@G<q=#ZyrEEiB#jdCU+q`L@3{KkM$u+L{9;_oDAK-vip?Lz!<nRcVPGlW-
z8qrcvTO{f4Y$WSSo}lm(67p(TP+1GES=qW0CjWTHk_I{Idcv7PKkW@t)Ah$_L1|J{
zNU<pOKo98;E*>Il{1$bv=mRT@uM|1O=Z>3U@awB%^T^H(hBSvIE8}*DVXboGp42&D
zM5V)mK&|=q4(kEy+y+z8IQBXAg#U2B9)ooYHW95m>R#6k?edZVd1>VKhZ2C^W#?;K
zdj}LT`J`Zk7nEwpGi6uoYXeCkkq`(73zkffHhde5r&ks#Qk?__r#Yu{=R1e4yFS$~
z18FmB8)2g{f=rf5HsuzvKyBt+^LxNcyBXVL_Z5I7!ds?uZDw7~6i!T5z6egx<_OJG
zw@R#98=gaSkh4C@*<2qV-bd-rDuz0AX@N#34$ACq{Dbj#XYQ9r=NE}HP)0>se7>uW
zI(7o`L!zCg3A3pS{UB!HGu*ojir32@HFv}eg5Tki2$um9m$;by$njjSSs(yld_9<5
zu9jU0@>*XD?FtUK^QxZ#kLR{x+j5fvjmsp~<HWYwtn(`Q-@d70b;8*l5FuitM;x?*
zwQ<{cuA+x&VV$WY8Gp1z#nNGb<{O~IrN<FD2o;L)W9_Nz79rC!=c`m#e5P~Yr-o>$
ztO#U~J+qH95De0uq?08xA0FGS^>lJrN;jVM;K15JZiWv?tibwp7`Ac~wXmnDtlUJv
z!6Q<Av~!4QW>cAf7eGc*XiA_-*7}TQi;Ybq(^Oh!9@|DtHb6ca1+qKatkT3<W=csk
zFHf(5Wl=FrpjRDsc&I35exmi!z@|d@OzRg;h|F*)AwDi1k0^<zH*{1-&3Y(MT3+d=
zaFj;m5@h`zp9CazRh0<k!B8I)2H-$Eb+eAr23e#`L5ddfpCcz_5S<+<ax_NvRI#Q)
z-ti`*>|zv;nO?8q?J0h8oyg)tFbB}YVYL<7xz{MC$r*^rs1!LjkXOjan8XM+E|rkG
zk&S3&9Pe~iEZ%X@GHCdJX^Z8TsW=HR&6(G03(r%w{r;^*uLnyDUz>j4DvdZl*ya(0
z!utLJ;ZKv#^abhKei=T#*PqO<Doxq;v{E)&t!r$je1_M9Z^w1%ykp58s}cJ65QStN
zj^j#<PDrt`gMj;}K!I>I3m<#0e@^syM4ZMbM*K<Ib)1@Rj7qzdv1|!=O7!?buma!H
zE<AU~6Hxq4Yo)v3oL%+Vn7q>wseokML_miut;G916&aD@nbK}WMaKjwEZ7n#GKB3_
z+)2Jgpy+Uk8Q)Lq8ZU;@uR~^nlA_5kj_Z;zWIOdr6adny>KangmW@ifhM4_vDX$-9
z{kbG^1=503BV(c|)J?(mMu}@Jg5I383JjO>d^+e=UNn!I`J@+dInAVu67F^@+2#la
zDDkAzmz7FRZ0QAYab@0|wk15rS8x{b`dXd!-;54^PRGZB9A+(`CDn+GjmGB)p<_4K
zyn|qe%dm@q_^qvneOYb5T-{yA3+sm@)SzWBi1UVxa4thyrtktoR`M8~%Hxn=05piU
zS=GNZ(uIv&MOQ1<96Q28!5+&i)Ph>VU@@2}@)b&5<i##O&r}bI{h7@mARhqB6OKmc
zEL8Jxv4*LBb}YeRBC`JmMt9V>u@3;L>CmiBA?+lzfZtcyE`k&eHku!iaeD7iptT@&
z;I7zR>JI`5`6!hF*wg5>&N20O9-A*%#8p5wX^z?!Anr2-7ePQZ%Bp@eE5tM{Dto9}
zo{m}Kl6iTwsOUgtQ_tVweWl5&oRgewzP2gAtFY$m+>_X@NU4F(Zu-E|bh@ZgPIHB}
zt|)LXQ^H%fR>tLip2>sn^5lHwb>#D;YuTj&p`_cmj*j8EjUJrND;e?3sHuIZQoBf#
zj&E7b5+B72fC7X#qpmwjS6rPxbZi^S-SV6#sm91YQ(MkC9NI5;8guY!d;`@eATv-u
z<3A<HpY(IvfTp2%&-<N_{{pOs82?2eR3y4!5U$F#K$Uj1B6<ng6*f_7cX2fKs3PSg
zP#YMZDa2$<#+FBI>`K?6_>}X@=OTW!kCdK{NZ&(S$>mS@>D#vbq`OT4p7U=q&)1Wy
zPALlwvg3t9#H~`C=G-pU1T85u$wDQNAsy8$JzUlR@lGBAKidr24++>jdp#_+C;z;3
z8y=>tn0xEDi`Is3X{|(FP;J+aX2<G$z7g_F<m`4dn-U(r!NsrW_{OXD{KJi*;C<7c
zozD$p*4>nlW&OIuXT&56<r4FE=&kdG7Ca((FpJ%|L}ENyLDA!{9*gOmy+)!!H)6on
zY1O7><1=$$2se%n4HupJDd5?_)1MmC{zmgr*6soip;OrW@Z#S15o=%Va$g*^=bnW6
ztE06Z?$v{cY&cSqGS}6-xy_r_@!spV7JjGAf<dwkLnpG7{lr5iol!HH$2c1%_QjKL
zJ;siTOoeSAs7;&aaN?^=di!Fd+h6`;9fE$g#PTYf$6xR!7hB_MT)rcIeGTGJ+>8%q
z55JSq(fqmX{lP~ywn;(}>2`QjJS0_sOpdjkYvM2d8G(PK-00mK+A7GidkBR}qV-XQ
zG!_`v;7nxxEWDA&`a(<3*;SB1@y>0Zfh3`neybdVBAWJw`+-s@SPAjF{`5!a>KP^N
z>Dk_K?~Zn{#`MKGck$i*Go<~Q0yd<!BVu{*1of9I<is`fHrWvIJ@-P7O?WM{edAxX
zdr$BRQTO?~8(;;jF&jb;rpx-Yg-<@CrF_)qssPK|o9z8=;?+|nsfvZSh}O9+j3ET_
z8EQ$0bss18qo~(>9{gfH?h>g`JyV6|w6E+O(R_S?^qaj+qtDZ{nnY2~Ezl%87D{3O
zyL;UCTR>5HCTv^(T$d(BQQEXvHh#_cPC2JY`Imt+K^slx8vunK?bb)9MPW(jJ`&Q3
zRV~Y7QYtUI&>89g-%0iznuE{p_as<wl8e&DmCMmLN`g@$;6S>L2OF4xb>ARj_wBDv
z#CRLzDdSG!U<CJ<?6eVJd`G&3Z2JS-^>JzRu5zh(kLx%onhnzgFb5?0ys|kx1m_Z|
zrX}klPKt%K)!>U=w{X04)&uy%x1xYTU_gPQt~1L7AO4!xpTc670Pm<`&SG9uOJdnP
zq%n5&UZ>Y~IwClQ-#OYPHt*oVb^fd}|5eQ%4hL|p)dI~QO`=b~tQ=R550QWr;6X}A
z#exJ;kjcJ_?EIm-?$cUl&&VrEGrr`ir@aw?<iakM>X9lU6xu(v^y3X9vk;_wx4J)+
zoynV<6$U-(6f$Ba_xmpUEOCbganE65Pd^1Y*{-VJO4>N0gBctu6n~+ZC^_HkE7BFl
zmjRE7U+}~|Ks)sG<j)o%nalE7T4GOwj`ins$8x``ya$IM<*(Iyu6W<;bYO&Kfl3RO
zLr`*`D*F_m>47*T`N{q&M1B-j^FB{=A`5B|jOX*mg0n;MjO3C_I<H{D%bs&6tivw^
z{8eTI13qNCc)<_sNCgLv&iT;wZBrj<sfBN>9QWI)SWFIo>)gjtzJt3)slI<t_5XeA
z-yJyeAJsQsJ898>^tu2;KYTRX4EQh=|J_payFCWv^G6E|0Zzg{n{9kS-afj0E;k}6
z{?wM=13%hjfIc!=V4sGK{ub?@wPN4*k7IaYGlc#JThQ_ZzbhaNzunW{Mdi(IAW+2r
zvHL&i{-J~aQ-(jy^Z!8^^fJ3W{>B3MpV@u5pilpEY9CJq|9|$u7_V}G9f~y@wz(MD
zlH<hEV~5*(TdidbcWVzhO^NknU7m$wuKjt6ZCN>zPASrb3hJ1zm)13wR5g}Fa=0p9
zg<U$j$|8;}dOECJv~o@E9>*@ipS|a1PXXox<VPP6lvHbp|BiD6U?804na<WykVWcA
zr(4)Xl&$h`UUCZMAX(T$A=Q^Pieee--LsxrKF_?*&7AAqUVd3%?qWC-xaXV=p8pP3
ze%VBJ(jbWQm$@s=lgSW?Dhv5-MM$zCcn}eob(dk{a^XK-8kfZK5m7zWk1OPLS7C*O
zNfeo8zXFyOG*p8{OYrLI>}xSJ6@F}rYPvHL!DjU*ovp)~S~5{mmFr7N3K=Apwaai;
zIjm^PYv@853Sz|@5VeB|&u(uu<`tJie|I+9wbaij59YS(_YK_ntS-%%FVndhQOTKP
z_mbT>r;=B^>=!u4ER5N`dM0jp1Xz;S(S;u%A>^PvLTn)Z9<ut6&>a}VKfUi;+69T~
zIfr`QGw$<>LUwx^(c9KfZ}fl&ix(S3b>;&bp?2;&e`sD(v1cdc1+4pYEp)J0L-(Y8
z=aAUQY`AfBZ@>M282iTPNR+PYiEZ1qtw|>4#I|j7GO?2hCYso`ZQHifQOEgmAH2`K
z|Gr<nR<G4{s;W=zsyb)aJ{k0PSLxwY?{7Sd48DZEtRG<st(X@ZN<A`7LbT8E1!n$)
zmm{OSV`q^hKY~r39xm`AfV(N0zJQz7pofbFldRWuS5uEGq$c9C3~T25DCe28dFOZ@
zO~2Um=(LoL$S(dm=$BDze!hZlRHehBV=9`@$#!Q|vyYs|*DuqyeC^aoNWQwiE>_IW
za<Q0QH)E@7zLM+6EjOA9EZU8P*2##3?$6{vZ&{Dd6olxG7*#M1X0v@3bfECGn7QF~
z@mFn~l;K))*$kNa+Y!dAT3GROb{Y$LpSCm_F=Dqqz7TrS5Fx$4`E!5N8-_)K(<0gQ
z2xWWV*G;|RSNYwsGjjWKlbXJa1|c*9;;R5DOM?BH%7Zy6b%<B(AK06Ox7dRIJ38=Z
z7_q(4P%KBksj=^~Ql)+^Y#@`StWlWnx-zGZV^?p3=6}Omn;duNA|GE8R&&OQg0#$D
z)7APyiqsKlB`gzzx{O`H5thwKq(F}!DapMPmlZ3SiLjRJAE0gD0Zm7%Kh$;Ef{nw%
z+ngU{#TW@&&C8VaI^TMEy0_NoONS9BDY$W0THIQ8PYAS=o;~b7HjtO>iIM_CHcswv
zQrV8C>Wbas^@}PzdbS*}ge<Mx`Yt}S<a6ou1LZ`WAwX~wUZE&yUTdNSa3Qv4Keg!r
z6dSel&bbIQCtA(A`FC*lUq?7$Bn)W1FT1wzeVf6*?D?5`Bv9TTCY_s&7QrQ7RJ5I(
zomq<giOAoM<#pc6ma0v!->~B?#e8?{h)>vM@dY47U-J9Zej}x;hB~J4U}y4yODXa8
z%eP`H#Lkj&sFC7ms*q_QL|R$e1ulSK=d<8bh_;iG^5=-^91^cTFLiZiq@LO$pKVt+
z^fC%npqgOci;IbABA4VMYO16!W0$Q?Z9pJcfpug&H5vIlSY)ug$rdZ=c8cHjE9J!<
zm-b@#zu`hL38CTqP!>Qt*^t*rPoE||kh%;D4;K%1hfad^u&Jo1)dD5=wE6Ysa7zA%
z<y$Xln)m8)CuLhdLPc%1T1lIUDQB8NOhkfs7t>?hlC9bb6P^xd4f9B6+Cc9%%pzna
z4^mf#g=kQekMjs~)ABq@vv5d%L;Wf;0m=;K@Jhu*^(e2ZuCqyglHtsQ=t3`}>DVK8
zD(Rg?MOmn7P*v(9yAGhO>nm0w^b|1{j3D_Jl^2@^K8jx`Gb~EXI0B+`{3229cDC_v
z@mv$O0X_I2b($gVBZx2j5Rq{IyV(BqN39~$yC&-~+%L2N24$G`>Y=WNUQe>NMG;n%
zgl4G%?lP1CKltoG1@(ig+^TwvyFAd@?EKM+GBu;U?Yl70ipKlq&+LZwUY<$)_Ru5+
z_r%+u76kE^A6OW@_x+14;zFwFD;A)xyUgFiPU@x-Z6`&0$0M(&_4S52cf~L6TX%gu
zo&)&+D-Wzww{Pj!OZuD9f^+6%fV<ln_lK|RPcK;2P3<Dyy7!>XrY<Q~;O=e3_o#};
z2Tk^PTWLNrR!nzSnZ$V9hKhK_auo|2PY?dp2A4YIa*5e>Onqb@8o|9*3U3vv5RXR;
zT)Xd7A0b-;K15D~vcGIGx7&&Mqhi&sg8NZwiw%YYcQ^F+YO*&%-_0{alW2~N)-l|7
zi0rGrx+aQRH!tnm_o5+fM5cz<A#>gH?@zuE`rV&HQQO7A(AA!6Jfmd21D!S6UyXHK
z4-p<;FsZEEy27|`T^}9p{cO{H(>uG#fa@XsX}dJ0vMrZX9)LUqiv)U?;yxMwS0VnJ
zeQS-UgV5%kyPD?16#Kl~T6}vUH=#|91~@IL7_D-@4-6gF4}S7e-z-lULZ6$i;i_6`
z%A2RS9euo%_Q0{Jt}ivphoo+U{29)Bq8?Xg0;ENpN;!yFf8W9Ak=qH86<z}uYjr*B
zqQMkCyqITI)7KA@Cc%DSW;L5g#>smT&N@@=7Um0RwANszL<wRb9ZNe-?RveQ);?jc
zGC@={6lmO!kkY%x^d+ii24=8>S>3uB9(0{Myz9X_&2MiM`TdX~)Qim)a>Vmv;fGuB
z=G;*bYDe8t=?MPT)q+~hWjrQhPjY`aWE$knqvwAIyWZi3`|flV8=r0`{>i0kK8e9Y
zp7RGM>@doO?@BOKM#b}R-($XNL1bWr!k0fGjr*{53k4^4L%-MzqR3`~z}$>j4mOcG
z>mF^&>Z_;A?(y}1gt^4e4BsU<bLhK(Q!>^L9=g;c?!aQ4zu1VPTD0kjVq@$>Q+R`M
ze1L6#8uVud_Cf(B*Zg~4mA&)qfV})ZYjPfqUfl0)z}UD<qwdD3t$tf9y`Tj3kI+!2
z;X&;wp}-fllh2G7;aBk_Lhr68WcODC!Kio{z%@`_!g@f2UcZ5$Z&D*b=CT8{RY6cx
zwcq0PJ`DzYoeEKvFJ&kBr*pN(G>6ASVD>OFE8e32HEU(MH`=L?4`S1&vbM1^gx|{$
z@Omv+jGq5U%g6q~0lPqg`lBSpFw-YR=LUQEu_rRMeOsY<ZzlA*hh~L(s}5vo!v}}f
z=3^icr~@t0Bdx=IR+M^s=3RZ9l;gmKZV15Z>U&Z?t#O>PXXfP_LECsDZR=}?)A@HO
z>|Zx^hZ|UMrY`{8ViMVI^t)QIu`l?R3er`fRZ3UZ>f(5NET`q<uT3-{w?~=bxlwP;
zM@QO@?=rV6wO#CA@x}~S@8CBZW&0XZG9s~!(USeiMBPFL$)vA@e`Nr=K6d<fhNk?Z
z))<ALXslEg#{prrDZ9CAAE7}|mBNMaSl@F3WI;sg!0EFEZTl06HUqSeqLxng2sw~3
zWIkdJp5#_F-EA3v+W0qr%S`7ID>ND?Q~=zueO7(&m2fK}s7&^<(S5+wo6r22a+wt=
zG6KntRq;6&f<K7f_L?3~<gkcEKr%Q`R&X#gTmf5-7pCS$Nfh5hsHDmS_N-n3m3S;>
z)#pw0#!%$BrTc>I^&UKvS<Fb*$^IecLQ(@|GX8-w@>3{s+v7E4$jZ7AM4k5(lT*c_
zk$I>;LNa1_>P)`-)c1=khmsA(hhdKB-#2NPaAV>t4POeu7iFPFcdQBaNxyNg`@H=`
z6<*jq*kb72ErtVZR{4e8Qr@X9bk7@#8Zfq@x_90{OyaQM(RAedahyE9WncCH8Mz58
z0hk(NKr$z2WDHX=<r6o4V4MGTvXD?jsC^fFFYyaM4w$!u@$(bYb|{v-xSAZ!gUmjs
z-MI-p_YrzU1`C)siQtY*J@&v?%q{b8-o5{h?)^Jn<CP&i4TgL%=)y`obZ9H(W~EpP
z;Hd4rbo<lUF82ElF%8NvkwnglPGFriRD^*sy;Uq3;-prq&}Nt)=3d8dECaHs55#&w
z&vIBVz?mv$HVCOmG(=EJ(RuS8Dd%oit%bZC9+x(LM=Bxz+f9VR_<)eKU>u!2Pqp)g
z^e3wWZO#3nHzMTyxX7$$%t=htKOYFmF|b_SiO48bnCMA@c(P#0Q3Qq|Y-AFgtgbvF
zcs?p6<}yRr{&Z7Ty|75e*b|lT>U;A{HB4vKfBn9zm=?Omlpd1<rh2`j0@fVI;)Qyc
z$%7M{f|XbO2h|m!EiiJjFDg81yN~3;#o3DUP_N|+_nvkArYG$zltO=&zR=ILI}B_g
zeyk$7i~!B0EyfNO0IR0nXgvFD7g@^J<PLP9G;+{Pll%~YlLGhRW;3M8)EeZuA>c2L
zo66xAlqD{#BVA`2KX!Yha-_u^)ee*t`M&kr$>i-mHhb|}RRW#qF)(XQ5JXBX1KN$)
zCVg*&#^1a&TT!$uUj(}sXE9BHI8jfDc@BMfv4(H8GuT3Q?36J$f!-fiD&z%Tj1%Xc
zc@!{zhjl_4<hw6oMe4vGkI-u}gkp7Z-$pW^Q`jx;S0DYRz^{^%S<5wG_kEafz0%k(
z)%M&?025?@U~op9)BMVte7$)8`F^-M_B>Nv<?#B4_!w;a<v(7!CJ`{C3^kG|L=6_s
zy!%ahLE!E(1dDzTxOU!d7=tGFg8}cBtKhbI?T0Gr5xha)7S=5p2GZsTd$z6w@c=Wt
z%LO7;A$9~BK#)@N?AX}F%pWv)tUKk_!cl@C120HM9Xh3I1L~7%RJjL&_+5`1L?|1y
z0#r`^XsU1d!ICh2`IiY@oW5dM(daU?xmqTmZTXI4?}fu~@m?4iX(s+Ern=Ri&lf3(
z5N1}IA4gd<jAVOvqhG51M))2V2>iRZ>CAVAmUJS=%%hW~4imm!6o!=0n+nFzs(co%
zZ)}M-aOfrP>s28x_R^eZW|b*D6<w`F;ImG8Vp&2ui`FZ(7LDX>PXr3!<&~7eV0P$K
zl>Y%gD}a)@sFR`mt(`D;T{iUo<;Qv`dEN&(Kd{%?!*&MMhDR~r$p0O&(>|(q0ZT9D
zrK$_NuWmk7pdz;v^xw>*|E#$`!q=e47{robT&+tEucx{3k1N*tM(_EK*l9HC-xI_O
zyfoW_D%%J>^?kySSa7c-jW^H@gGDP-^Ml|kY&SqwxJ<_Cr1cs`0~jr@CCrOM0Mac|
zIacM;(yI0Kp>S?~KdRJ-x|3wENX5NmRGfLgdl@4hG7O%V>2*(K`GBiua^bA3q=l8!
z4b-`JMSPnS9a~_%xFoV{#+(23XP;KNwAKlP#`c8E3zt#Ip4V<oC+OuYQ}Sd<29%yo
z@9_~<hu1jjE`WV_A&Ye8yL$A-+C$FLv<tQl#wn@dFq7>yI3cYl#CGX75n~iwdYrJD
zVT{uJVrdveEgi~Fl|4c<0jtOZ$bjLXno|646pZlc&R~<R^Wn9xKI@)qdOnZmRgMc=
z$}CnUi1e6wI=`eXJ+MZ^>=TIYRrnER<-Sw&BrOz#YN~mSGUpx|gxkasC!>V1OEOaj
zMqs*0ZXar!=yf*s-%BO<*6c;#G4{9~$p>_ZKWJ9wo7xr+WL<d2^OJ)$P(UdbPW8$G
z1;KTdc^*Ei*bO$6UH2o|_3ovSUGKXl8YY(odkRT+lKv;x^sfuzA1IjmCh}OPB9%PV
zpJ2)R^cn6ONP!;$VMThrV0<$Br7AbMZZM0ByyZSXhIQw@D#u0NCS%zTda0eH9a&n$
zgu)7|0P9E_d*(5m`$mjaF*gj$<0zCc=`j)e_E;>eD&dlK0^OpZ=)$k`Uhf|cPYp!U
z#=4gfq%-ot;Gm^L`JJ*Hi!X-H^CQEmJ)uc0q9I0aOjA*vv%~7qR;vDaQTaFQodONV
zcUA3`iFNmsB|qly9z810KOKr5Td*=a3iw%6n^gH(Sck0?_o`|$pw>)a_q#GO0bVrN
zmQTRkWD6d}Y+X*u*oQcIR6pERd*rWlSQUi&`WN-8o--!Ko)R3*;ZbQ(>1T`W1@r6E
zqO)momf+E@!)~+Jqih8bu9(n*0&s;*PGon14r~Nowppk{qtkMnRDLUN#bt5<CbyC%
z6f>B+df&uK<R);u3a1V|j#dOmoZ(6Qp9lUv81{Z?MY_H+zmyt%5wbqkm{2}`7&^6V
zkRKCNu#U^Y38|De4j9Dqj=Y#ij}0cl^KHJL;w8<?G+Jfv87b9!vQTEeeThh~pw_u%
z4MBPrOtxVRQexcU^BAW|<+ElbClpoAR81e=OlBeaZ?fSt8FD8XxP2c`Tv+3F$_tt|
z)eLPfpc@Tm--?OXr5VYy2T3AwNu;Dx4cGN?tBn2f<D-wsUMrw8yi|nFSvZ5?rmff6
zl_pyA5<}??MorUhJ_r|Mb-CQNJ6X*#7;l=(8a~TwS5L>`sLvuH9WQ3=B087h?7E-M
zX|L~tKcL5nqSz{}u9~R}+?c#8sgsBGXqROD;cRQSR;p!s0o|}K#Pv~wO4Lv9h3ilr
zFSz8U`fKHKI;pcb{~N8=x7CmM&Di7!(?@RUkguM3=oqZUgRQtj`Cgva>qXoiA5X*M
zBLf><oiN5nZ;%Ik?%VijT|3k~0q$EbT$Jy3Qv2is!dogZDI_p6i}%fEN3jMy`|(Ee
zQR@1hSZB_d+wo7zB)$x(%%+rnj%U*AY*(1)J{Ba;1L6itOCJMp_K4j=g8X1bnH!(w
z5&eU=Hk^@2OSz0BYc(sMDS!r^r*b+UbyU+-bcjzfWq^TXRvcDJlqeot$8af+kD`zM
zgZrNz*D=;CN4-CrZJ(^x9o{RJ@A968nR%*BpCUbM#|Aw1u-Hs*eA;yetf3<EQ+m0a
zWG)(TdDT1g9y&`fl)_gY-*veRhBdqT4_@4i-{%b-eqk8_+7t|@V?P2(aHPVb_|a~M
zIwSCiyo5JHYb0YVdb2V;Jp`R-_0p3mfWk9QwzsNN&42d>dXPS{T5#)>dO9g7J{|Lj
zLB$rHt)Mxo-UW@&-UO#4Rkc2pv;aE$W;CI;9oVQ-Dh9u+StHvZ2AWTjE*U?KeC0B^
zdP-?cp;7;rw0wTq5X+J4><}-y@fOWgM=Qi!1{Q2?7xcpDF=12Fg7w&3%rL0|0^mmY
z*`aJ)-J934Htu#zr07Hc+<{pL54I3DT*axGAIC!RV$n{54AY>iGGyQKbd+G<prJ=A
z%;GZj9g#n-Q-03{41GID2rPF-g%ivMdDJl%YGR1lC_bvfK|>b72}aGxbwQX5*7H7M
zBBVE|7ZP^FPd2BS@5<q|rMT?U%q*rowjPhaou~N(K`RgzH12PNrrqBw9ygaesRdGF
zZy@nPWK%=7HUOfscq=k^T9_!=B<j()KTyE(l$7+sLqaI~@6rRH{N6?B`K^QJ`+`Jj
z{n0|ma~oT65oYHMQdU^%m^ui#^jMKJYbe<xls-h#u*niTm5p{kIfB$<gyd%zO4tHE
z)R2ep@ny!*J#m{T#l^*9#)%kGE#}+t*_&ZJMF<Jo(wj&mmvipKgHhPUayIHBscUxM
zlrtcF#iNI&J4+;|CI=|Y5q{=%N_%(VWkN<}yF>ZCbnpyIHx3i5cpKjIqe$9RO4u5M
z<(F2I-}ec)Zv@^_BK?qh-kXPjX$NFp?e+YN<o%y$pn#+>RboS%z>YurOEK#m`?e}0
zBfC`I3Q1osy%G!SQJych!qEkyzR}VJuRzL+Q~jvPQJ7?%dCbU8UA(%9cA3m2Dq~{H
zf*Wg~$VR+2(=A&NC+0=m%|Xl&1MBjLNwRRMZb8fI7sBifqDp<6{@A1F5UC)>w(+^J
zxK<Y(-pjHzN}xzQiHdkhm;DL5{#UbPzH`<j*%0l94iEyiI5FKUs}&cWqwneziT#jQ
z7#;JF1o}&;K1V{EzA<sW51UUN)~K!nY%AI=EnaO>OSX?0|BH<OIf4OqgjVB=vHEW1
z7@aYyrkt5)ETCR^W1FL=EC403dUxKM`LMopldQQK&pNW&gkM>6uF13}4JETi%C;1J
z_z+NR>#Imu%opnMuw@b-j=K46BT9+MnR0*Cz+y7-b2lV}OB=RL2;aP@(R|T+q~~B#
z4tBH0(AN_L%`TFC2&fU@jGrLSX54_$Wl+`2V&zXi71;aJ{_XLh=jD#i|EX~)Z%^>$
zv?Sr>K^DvKM%LnElE3BeaYhAH3;Px*&#L+ysZIVhUd?t9iJ>J>#>NUmhG@MC)iW52
zR%?SYR{k?S`?AHRPug?hAI1xi<i-!%mrI&{17_lb-V#=vHTb;6H`0{Bg%F~W-)@_c
zZcGYqzEi&7okyjfSC;25voC)Bz?i3-?>HXZ0{7fE_$oMCol{v1KCVg!_4ZfVWB+g&
z?d??fp3@bRo)tchz_m?U(YpMx-ua1zf*@sB=l{@){)IN(;h!&v_xrtsH1Pfxr1{*8
zECP+WfUOdB5avho)AY8F8V<F_|3_2!>zCX+5HTzGacF*13IVW<QybhMw0*RH12DzU
zoX0r`3<zuFKXdr}pBeZ^segX=mGbj#y~#ZNf8H+thZ$h-rFZJzM5zBZi_H4TYa+=r
z6ZuC{|1(YR2l=<i`DfxO?k@og91gg@3t0R`2)JhZPuu^oA1wPxJ{T_6ME+ki^3!7X
zm*DJwun`oAO+I`5ReU1oA7(x~^9ujpzWuvllE0KYSgkPsuG|6g$*tHi|M#K$zrTl0
z`=m<5Db*4GebPUZhR{M_{}`L_@L&2OQNJPnmN)sd_&J3*|36d6Oeh1|wB}1+XTFIJ
z9TR{!J>oxPw6oP+qiCA-mz^NGKXU}>#sQ@iv0y#ERjF$=DBQ{ZU>ge>RQ}jesI7@R
zys-E`1D@+(?}=`eR8pj9K8N|K1ku&h_fCfV@FnLJ584YU3~%=OCQHuF$|`8X4(Wv}
z=?hh(u!#vdJ*LbwZOI$L@Ctj%*w4d5Gj9BtKL-<0|C$8iW>BvV!kL*FW^DML2@NM}
zTic%tR;Emn)23;L%n(uHc@JEF<TKoChM?-ADm@7j36U4JY3b<Zf?~tM!YWN~cp&7l
zK^ESQ;)qvlILR0o5Ke{BqY4TNATTg6Rz)P<4FB!tfoRIzCr-T=PGmGRFf}zbB4s9~
zrWCk%csVg3=O{?HbZoqkprsp?t3o9uC0gFc*yxUu$s$O?8S+#S5fSxlqo=V?8W~F5
zCQQvipb{j1yiQcQ>B(GYiWJnkd7fGs7gj1~XTOt^lM@RHW<g~Id`pY_L^ojz@YA!i
zhD7mF5KJtrqD+3?-+y}CQPmELyjEHix5Y3OFH%ZNY3COfr1*+sAJPOC1xP-Pj*g8r
zkWh7a0~gB|<Q;Rm!|AvAhWC$-tU-Rj;)Cky+;}qadMKWas(>_WJ#rxzQ_lV67u*k^
zoyNkVqCXa)l@Y4*PFmDD2uq>b?YBBtr8Ee^V&1%mQDfx0fn3uK2>vcDe%_~lVi1&!
zHy7Gt^*X#P3rdA}x8!}jIUZ?0DLesJ&c8D<$_acxVT64=>!q(kPa*COcG8iYULRs8
z{>3=!j)yMZQ9p&Rwi+tlwB7<f$LFiAJx*emZK5wk=86YArVqs@4_r_q%YtkjsWkk6
zg@vtektscz1g0UHX?C^;v2Aapr>}zC@15D1T<;hkUZH7r19?=lwK4edCvt-ver4mz
zc+!73#1_WL%KU33W<sc}ePbv+BHM-w^?>pzzUy>TJo^3^1xi&IP(_d*WOlF7U|N5G
zjc5dG^<~%i{*B}%>y`^b9unlf<^JuHgVott)&oJtbSUz#=7#i$v4=oh@eTQom%G&I
zclI&4DL*v^<a$^COQ}On1|7Qe3pN}X$t>*N`CNqf@*!t`dH?^d_rO1YsSNSbu;u>)
zq!2$DZTk+aI{#r@{b!Ye>wW^wv{V|&KY+%8`x8P!6L-A+*XpN%PmKk5;UM`@_<x$~
z`@}S!4EUx0_VC|*5&26M$mP44<llM*0*f#IDVeZi(wz0bjrP+|pj$sd=T9Q5=s(PD
zJA9f$r0To>C-6)|M2Sqr<9z=Mx4Ofbw%z(RbQxT;e(`z`xin3nR65JxTtx0KQ^;(c
z@!khj39cIB*V=jup2nBHxX&vdP<gu2e2<7v(xsav>AKXv(s{1&!92YY)!nSAH{Se<
z&G;8nZQrv>L;0`X^q?IVIuf>ztMWTqh<5GqdbS84U-MfcVYZ4RgsPlRckfQiwQe0w
zZ;KY#Y&E_tA&tC+sTIGeMhba8*Il5f?(%WMx_WLY5p>Fa0@PpcqnJJOTGIa-(kjHd
zgNC+&yQ{@XnLIR>0Xt6pCUgf0sQ3>(IC2$tu}}tqGZi!4#g`lP3A=@AS5B@!wWXMh
zqT~s)v&fbzKRvve_H!y~5GN1?cF~M>>}<dK)`1-!Q)B1riPtHOCfV}2<UZn#A*LfR
zVjFyS6&UAqv!)|{K}MM|%&%F4@s33Bs>6Zou#a7@Zffi;;38%1{gU2p7ZsKC?2brS
zZ;;#f?uJ;%t1{bmwb8jr(s4KqXbCx59OX)to%VLCsH-t6vR(G{mG~j=+4%Bw-d@tt
zWwK@J?}|c+eb51bkX?<`65J@dYSumSS!)8K6KCTw-R{h}RH9^mV#5x}=g!K%X?{uZ
zm*b&Ke+BDS`uVNu0}BthM8Ze{Ntvf-9jvaV&GL2^=&<rx&n7D{txvf@IG0X$NZfoV
zq;XXq0=^WWSMABM>H8vDzEKb7=1dxr&53X{nHJ3gme62O$m36@_XND9z7RrM%4C7}
zBod0O`aQ?u<-$mtp657I4v<U|uc-oA%W6XNJQM2UJrmY(6-OjjIW|kjEZ1tpo;XQl
z_I3%W`d-aN(C^IT`_qx_$f$SQ1IFk}$6CaNerL$dI2*ICBKkY<!Ah3jTo97-2^76b
zYbZjpH3ssNbnHcI)=+7)q?SaAljrPZS;qH9R^?6uQmwxGhNNb&z2AbJi9?g-@m;b`
zkFfadJasT7{fcAD*&f%PfLCqpcC&a%z;e5CNFq{5WIwLXaWXDg{$+oppw3o%G$zf9
z^KL=$=DPCudQ90a6svu}eK{D3MmUfe?byMJdi)`yO(u{TOA%ox#+;%rW3PYHcOmHP
z8BH;|BU;!Oeo!te{7T=Kgz}zcZ)Hv0c>Yea`Q1Ck@N3uRa??A5O_@cAOhm)lh1OoJ
zv7>w_7-yTPb^-1{sXz&)0yAimoo2|Ejx(H&sQGS+!W)GD>qRVcxhI(2#|7K6N44gf
z+uZKdwdn}4j`OA%yN!P6k-l|5#O<Mh&6Wzhe2i#5@Oa;ew}756Lq4U+u}nh82RDTL
zTc0zeoR>4cTm7dLNz4zZMPqf#JhkL2qNX~`4?ll|2wLrW)hsVQ#jGxT2#jcl7Tg+_
zJxZ8>^IEprSj3{n%<s<90y?l_+Ur`rI;&f8GF~wz9WF#G`R3vab6DIq+BY=sw<Cho
zG)-eL=GtD}6l+g6%JvmhYn0^^FOUQGv)*JoO6fJQg7c82@GA;iUJTJ*-xk*{IF}E6
z0SukO-8qfGi_le-HQ_P2Q=Gu@`pw~p=;_5$;1tEZimAsbxd1sQAHG#~d!%&9LxJkz
zTE|mqN;}WjUqy>;x{MQ_p9=%&Rc7038Wj7V+A6^XU%Z8TZ)}g`L+b)$a3Q@qI@9Yi
zcgmfDF57U?3KEl>t2kD2e%pD<Stq;QYK2a;`WJH<8_35zXz3`!$n!NI8;2r@c-2R}
z)QA&PaN^ke-qGSFbCOh5BeG%Xh0+~GeaoK=%+zlW^>2S9L|ne(HhyntzU(atOMEE9
z94~FHPu`0}$_~Aa>Dmd!QV5ZvqaeUqe<P-?YR92lWC|_O3f&TVW|cOZ=zIC_fuw+1
z+~zPxH>+HW3MboD(xdFFGHE({C?D*4f8uTAY(~yb_+j1Uk1>cCCgJRgLYrBWP=}{2
z=nMAYVT)tq1@+yDaxdhpa<JP3jFf&RESW@=04o!|4mSa1$x|bFo~Jhfv2Nze4;Iu8
z0t}Dm5h26)GVlRcOdZ!bhE!K+*3QSPE~OL!EG*g4kWIax165s-`!q*}0d_*0Z`4SX
zb!akO8Zf>emX9MBSbe?*JnwheP1k<&eo-<sqTgNEPIoB{c1~KDTTibKwC#IXTrejI
z<6$zbF6j7hSQq(bf2L&lq0)_W3^O?!^k8fa1=Wf7=&A>Q`|tyaY)bB>2pn|rRA9_>
zrp?8_*LYYwd)!LFQ``j4@a_54{Q620Hp{Vh#--mgcU3MN&4>us<&MUf#q)I&X^NRf
zp(>i-*T6T)DeN#^>lEXsL)K-yvFnu-Z<gEBTbAYNfLJWwsDx#m*X?I(W?L6~l?&Zi
ztoM6ZxA_u7YnEmmAG4^*gsgl@o99Oc{`)S~u#;cmel(b3Kmm-D;iEne2Rc2EQ%!oB
zVzDZbImed?bps3W`sZnvmzB%MEC34x^)wqqZyl7F?}_i4!jw-{i#qx=xXN`-azX+s
zIy(9=&eTI)`YPP((IZ^(6;(sAS~LCRCqGIC$;)pPv3FyZ{6f`Jjzi0L%}Sf_MCequ
z>Bv{zyq2I;B5&bTioOE|(VGtQ!r5T<Jo38liR?N%TQD@?w|LT(UW~*?13sHwJ5=nZ
zD@JKbM^ICW-F^NXC@Dv48LsIXtYZy)?Dw9~wUYqlix?J^IVOT1KL$*vzajOHdn!*e
z@!%ONqzCVa4jTAW;lmS5Lp2_f`lu;}u10{NLcc<MODo#zOt<f*VexFfe)rEsaho4i
zEWIy4px$agRsT33%XoX!z8>CK>T9t?*nFeahn<tL|8d8SZ?qSpIyq^5517}YrT%Ec
zpIswMJT%pl6m?|5b(Ly99zAoIz!_=202~1(3c)Ps^&{JF%o<wAExx$|SXDS8G(}<T
znm;`E`Chgwz3m4Bf)oJn303h)0{C^5QG@M(J!UrtNL-}K?!j703tw70zEkNgG0i+N
zc&qp(CGGt;n~JJ|Kwh*%#&*;u9cKJ4@7F7hPD7^7_j8Q(1|~$HfCJHGy9=z}TT=nI
zA|*)wDi>fomxCKP*ao<^b*{0QVbl05qfS7#Ij|*I)y)BX2k&b4qfCB#!6{$X*{3O=
zD8N{YaNi3MV|*yRXx<r_if4XgUkCO%Ujr(Tb{nFjo6jfLnCUFBHZ?nOD;A|;1mA<f
zz$W{r{GGTk;bVIh^mUjD?a+^WgNR;FWyX^NPEIw^s$ZhLYigSb<$eu#9Ax`Tyj{0E
zUQ7{om)DcNKIvcOitwh*AEk6uXEnWBe5l5(#vY-q((r9rXR6)6K*ZDudwd3vnRH#d
z)r7Vh9vj~(FCKXz<Uv6=LUb}2)Db33$C7iZtC6odUn&=&eGh)A8`Nmj|42D1KbEQ%
z6=;bd==A>GWGgn;$WU$jrWJ&2$$ttzE4fH!bWOvIL=c@iQ`DWBbh@A@w@3D9H`n-p
zc%noz56pR3IOZcN5Tugle|VE&Hcq%pU?12km9th-R1GcW$o|9428P0#);5C^?jlN}
zCi8Zf#R5u`rNqBl&5$CXHQ8+~=Sm}twB=*390bweeSa+AKrGK^%6`g%nOGDnl3a<X
zuL`C-7%Tq1C=kXbk!#e)Rm_akT_L0qAcARN@e#_**`)?&rJ@i5YnNM~zW?i^4UAES
z99AaMAS_BGYG)1Mu9S7N)YGr5Tht5uS0*^=Fm|AJRU7`Eb3v%7i~oAt2}_!DEd-3z
ztPH7GR{jm42C8AQ)HCfwIUZB*0oFuMH#qUm>D=`c0Y;b<51z6DK{RgE(6ln-ABVlj
zFvYd9Z{uX+Qq_+J{MHoCRQT~F%|NK7uy3v91cBKXjDw>Ep3Q)STYyp}xI!ak()<cD
zCCm51PaVMQj<YZ0rTj|@4~Q@z32|Rw;+Xq3y(37ei#61}br&8Q?JimyR!bWi-IgB~
z7uB@w&-9A7K~YR#YJr<1B;Hq!*++aISbkqYMNocZVZFZ|2_0!432Z%ex_4d2hKc{t
zM|dbA5`CEjG~ae+=PDausL^|3{*qeiE-FPe4HN$Q#9zKF07dpfQLTR@=rR@f9teG7
zEF-AeeDloH?DC8qtYUimK4jcqo`$_%1;(o$JM`|VI?wuTH^P4NC+LUdJ_aUn)jE{r
zOiwW#(@-abv*U;^m+}~E@Hx@-29aQpkU0dY`<S@R7<X``XrGdro}8Q#xf9n!U-Gyn
z_DVR?;?KIEK;?=JD*ZWn!Fz8fHOK?bU88Mu?8j3!;?;2oy(kF*Thp^qIz`tc)B&<k
z&l*Aym`s$^xG!DPiqfaeiCUBcZJn0GZ+k}D{QUvuUGW5;=e9&VJA=pTos73E_xzpn
zrL%5rUW*1%eOyTXaS2;PLZ>Y+7z(C$^aY}W9`i3L<iBBXas$PzR`9BX?LfaRy<z26
zHKU-2N+=&IIDg(34`eTU7~SOwsC?{H#H!P9S`YDXem<XSJ;v2QkMjgzL>?*`e~-OJ
z%ws8J%WOaJ>b6k+Efts}0<BP-bE3vFNZ!Pz1;LlxVeK~CZVlT!np>aI3cp3`T$0<0
zj)Cz$&16Yxk=PHdB^){(^M@i9q-)qCzhES74Ink$Y(+O#{aNzcr<Dy)z{_P2g;jop
z5FuOntiS6%X?|(pnS^_~?j8qsJX;<(Z&EDq%nLsALC*U7Py{sF;Z7b}LR^mG^zCd%
z;_F5=vI^k>=C1?`ps9C5m@S%Yop=#!FX^zu6K;~qV$yB;a7h_uor2j;@H0hWXHoJk
zMTLq6Gg-(;yDV}*r6UXXZ@q}!ApG{XUVarw2@=L!L<vx`agV%b-QXg>WfVAle-QU~
z7ChyuX85_#f|+qTOpKE?OT;FkgZsd+(+}IbU0)>@F=Zy_J^pDlv`!we2Ld!)3wCx_
z(}LnN{ILq=)TKbDCztCi9}l9mP~i3fP@Rmkgsv10RtZ%^XB3J;=u7xpAHi$&MBMU2
z@kqYEYy(p-_PoJS>j3uy3;-WDMrx0eWZfW4cP%G1Yh8$;Cjf(brPj-hVqk!pj!sm`
z5yh$2`O#0!N$OhE#f5!!u>PB(A~Pu|>EpyUB;lc`_14IExb4E58_V^8(RSHbz;g6*
zrQNHpc3iBqw4aO`{kN4?j^fQGsC$(iIG<uSM9IsLYC|$)PAm8zUe`eVbWW<un8pdF
zhqUI3Htfe<=06jMH)Bjg)>R#5&(LPvvwOAIOyz58E7co5KNHnzV7wPoey`Kxd*84m
z2?F>Y5ib!xPH6HGrM|Gr+WNZkyoLNgW+vC`by86r^*!G+S9&RPN9F*0o${i{y^$^E
zC3^hn@gn^g=Kzo}jrNh{7vAMzCjKH4{~mV5hW_#PhKG!$5uPct*;BYHT#u624Zsu7
zc9FOv@CK=TT)4&FdO^Ii!Lq|0S!uvVVjLcD_n*x+;eher6^3GdPVOEW%J##Vzf3ij
zz(c{ri0U}et`_J(CBs3Xb)WNjeP5_(KI`E_K*5l_=!t2{?vsEL1zhLFk|M5LZ+(!L
zM)k30)8Me`x4q+iO$TBihsO+Y8Xk3Krt%w*b3l_<vawyy2nmW+4Rt9HAqyoHm>U2m
zMX{$zU|iYnz1#;_;G0W@UTJ}O^|h<W%M=o9)quQ>=6%{mVdY%j5QGPfdK|CKY~#7i
zh4`J4f|g%~h<&+=T0O{J{Q8dcaCn&IL)$dbjRq|76a&kxo=lYFMJQ4{8l7}dD+lk7
zk4QjLugPq{78d;1%gJ9F4MrGOLs%_m$p*$=>~^m!SB^4IB>a9KXsP;mKWAo0j<<|a
zFFTE3Nv+@jBWun|Vsi28J~3>i_*5_Gn*%<HQx41ndtX>-Itdw)D?>v<^9-ic+8?*`
zQlGLRQs+AeI4AuHwbfO+Qw)FfwLThO{?<)p@grVU!!lfZx%yrV+=7lKRYoI>=2`NG
z+Dph)^0FX1?Ce0XUE>{(ZmU3TG5_MW@%@*RRTirSYqRkX;`v5LdLRfbLLxps>Z#$m
zkE}yb?JR2+@Y`1-Qm^~d=t<pH<PTfzp;mWD;3ejpmEoV6Q}?W`450MkipQypwBj#M
z^aCHBNFfiX1AD=rt8b`Fj&o<IAlZ%U>oBg~TzO_Qut`F1_ULy}BF6_@q&BbQ!7gVp
ze}csVX2GWLCT7>SCkVHy1=2a!g%}|xq2N_i6k$(5&Y%qZ{dGGpC@Zhd&uz$f<{e47
zj=!L;9^vy_s|&z{tuKB2m=$_O^xF%G|572W>&WTgLG;?z5U9{*ca0D&wwCT6a%wCQ
z|FW-uU0wpoBb1KVB}6aUZ(#K`rVfFjHCl_6Lp$Zj<4I;dhuOVp#v>JS_ypbT@+(VP
zf=FVO*nF4$(3RCIGtB^z|Hl(w^QAoyFXZbRFQ7Vz+2-8T!)M4C+h=CuaZJICtks3d
z?{(R_`58)R;I3w4*@nPM8aD3Y$U^wEOxoevB0y8^tQcV>`ydoiJ$fkko@hJyN+3#q
zlONfh|DJtSp#zGAJe4bDfBLlucZOy|>231N<EjI=U1tyR{<bU%jdb?Ynz0p{dQ8Oe
zSKT5Ug;wobAK%VloB8&r_2uA>sJnsmmLk3HgSv<3wXH`iF8W8SDE0C+dgc1}AoHsh
z@Ph32fB}{~$J=}<YW?(R9;8>85staIhUagu&wYKVA`u-StBIeL=?i^#${K5-B_ces
zhFEHH9uErK4K%idh-=m?+TGXCB=0kS-Z0qj1p=20F8i_oo`9%@p~bzI6uTc+V_V|K
zS-|V6KHcknfjOmDL4q4Bdhw&*eao+hb&tR?ZI;VMoM!5FMEmy}zU5TF7xBiiekdq9
zhZk1?=06wr9#)fJ9;L<D8(^&0LqhgLeM|{b6!=@TXNnowKcrc0RWTsAbz~vcAuQCA
z+sMWq-Hy!}ICvzSBayK)Blh*~HM*hADDY@&wnsv*zfOYt02gbpeV%+J+khhcH`gq8
zVYI!8aC0m>tyc9HY_NNwKC(lvL)Uv(^8JHLdg6Xnkt}5Mo#vN<wD?Wv<n&4=t#2<6
zh66XI%XQ{R2?=ev5>;6iQ#yRMq-(^?lAgL@`hv%-tTf+#{-iDp+5fEjsL^ZyQuSmw
zJZ*S9*HkqVS9~?7^(#4Mh~da+yUr+}hpQevlOWD>sOJY%d{UB0K8<<N!d$&k=u}EA
zNHd8#(U|Z`BLnqXJI=wap6G%^Stf$T-Iw4f{K(aES(Wx{*wZ}CNbGBx+*<E(=y~N<
zjXHm-Q#Z5UKe;UqO@igKe@+YfqO7(dz2+K|(^?&mYL48`m3{1~cP&b|S#eP5F5Vwj
z`r?EsLr>h@xsX#)Wjg{N^rU5E;u8~pFeWiKP*(5F2}pyn+Hdl+wbvLA?Y;rGKD3?!
zG;}^Mn%e~_dcCc#XV+8y?`U=AQ-eewj}rZZgEtL=L(a-)*h|%@&sruvpX<R3krYL8
zx7|hP4Obe)b?prLVg*Z(oW3*`KY*xU=D^#H^r&g6x9Ng-o<KMB56cosAb2g&L_s_C
zxLHw7kxY^qQBRD(lO(}B9EwPi)B?Kk(WI^o7X%F;KIt0EaA{Hi`eGd~Jicd`uN}?0
zX_ls~6ceEPeOicNV5~@3m#?{uX0o?Xj_;USZg-svnE<uTKv?L(u-9mTO=1wyB!^-4
zyYb0m2T@y{&$PcV>ZlXYSRt9|`Qa3FE6AmMwH|K;q5wKJd?-K!3`NvdW-y0fxXM11
z5GH52(@fw2pDtfW5)@UG*0G!x`BRNc-1ONl>8HzAD+#Mw7&o2bvi{BqyqY~?VA!Zu
zuo%Ukt8TrhRdlJOBg0!vE8gbNB&>ZFVhwVy{09+WF!emTnK9fO&I86gS&W&Ih|Uck
zB~aKzm$Q+m;t!05g0uaA$>IanbB=nf-8Id4_wNb5urbEtzUyA7rt-m<3|yBm>sUqo
z-~1GXxiV0@%YyJBAe)`8TsI>+s+b3PNt*JlE^?x{&P7T4_`RzfYjN6R(=7l;=#p`9
zDHqs~yC{jt7=&e~V{B0rs6PULbN)o!{HxWF=(af}&8r`k0<+Up6oI(d_TTH^+ZwM#
zEnXO*E4ick3U(yP$PU$2gDcVzNn5RHQCA^zxUHEU4raIV)LCmE?D|3~UX*&)8Fh`x
zl$4TWL^g<BkZ1?r1w!N1i2|6lp71sAL6gCwhQPQc#KcZm%JrJSByJ;7P-hUqj#G)O
zDT9V%7i-*CpW;QLH57@_%)g5oOr^oh2MIN{`<&<I=0=Sq3M>VkGSKF_p6yY{R3~M>
zgF)S7p2Ql!N>WHFb)}`HvG<I!dY3&T=4g8A*x>Wd_VWi4r5Tu-;B(jp|NLqEJb;xa
zF_ndIpgothP8!_&bCMSl5ue-Op@(Ue>yF<{7?(k3-hU|>JtrcJPO}ZNpiDj2>XNN^
zV*e%?6)u}PHqXqEGPeszR-Yz_cJKnsap~b3JR;i#l}3KbJrn{mC3SvqBF`+^z}|b}
z6mMlCeQef1|MtV^4Ta}0(+YG1)Q==n)L|{l^`Ffz-80kC!L_;1^+$7`$kUkOhx5WY
z1q-?yGb1|I*vP!hUv9LKsC07avo^yI^H8>S<sUIr#E#1~+Hb{dc6f6|?GEDE_xB+Q
zMLl}_=5pN3s*7H(vzz~gNp|Z`Br;+h+Y_6kbJoc8Z8;h#r_Z(N4`sF%^6IvAG~DU(
z&nQXcrIugAUe`vgG}B7!Dd_q$X7xqlxf9^hAKI;$9JKDUzPDZiIAk)UoV1$(ZQ^AB
z8o*L>>|hrjE(a;uTHTUns5+nDZoPzFp7kZ<viR-ZG{*rk0F|F(?g(Zg`#LWTmUkn_
zsR&nlj=`G^XOp7cA*b@m610yh!&Y<4b-C%8WBuh0WF43(GlO{Ycx#{CQ;m1o*O2()
ziS%cuxdnw2oqGuCK~S3w%qa=9c1h27!Gf)DD%B8NLc7VPXEruv+Qyy@@jPcc;CHMf
zt57SEzy|Jfd-5k)EbJ?M19=CF)i`z(J`d~;%8thENzrnnE1lVRJNS=K_#Cs~bDFcv
zx`r!!A>*dDWW#M87UH86m_-=4hB})?^&~b=8%|octFI#xa7v9vI97r>c9?2g?7!*A
zos19RhErpTw<fM*%hhD47`ix>!hU;^kV?d|(N#00h2O~GDcx@>7q1PxwIdC<kbn0f
zO>1zskf;Ns2)=`lp5UblInwr0$%#HL!_+%o3?C=Zi{fd_HD^`f6d}s%t-3yx!Mcf#
zOiT={x7Zs#jsChOLkvYQK7Scw6n%NP7~gHQUb1U{9W9$CM}mXvi;65Vp6w5>cY<@m
z>Z&^3xA+PCREhJtI~EE5m}GLi<O%+2Yl<<7B?!5N=&LxUgX1UAMr!u3a2<ORka3j#
z^@I+Xmo=toFhz&_(zo?zB6Wm1`;85~>k;nJ4L5N0*B!$)-@)*Uc9;W0m`+s&a=p&g
zT{>})_F0PGSotW4nTzhyT_Imty5{Ne)wD+e+l5ENnAVN5+p6_(pQVH!ZlN4!DYR;%
z?_QVTnj((57=rP(!c<KRzX4?b3^y1D)rEkk-}M*{90C4#bH|nHl8uwFH<HyDGZ8MF
zb-MRK4GvNoYP9SV1V-=D$-|>Bz>Hu1KC4r{w2GI?NMUcrHr4NmLJ{W(hr7%5eE#-M
zs&JJxqSSh@H}_#vMMjPg7(RoOymu7r_OwQ`w=Dv+eQCT`u$Xfx<n5Ha6v6=Nu@YUi
zzuJp$+ziB7U-g#*5N{2$O3cR(7w6scUJhxnes>4>F3#HVzX7}Ql#Aq>Jr3dXKkLBz
z3%s!>(`yY68}(SAVMNahzJ;mND)11EgRIT5VOE;v7_B~@=>ukRzcsro+Q8$ohpo1I
zjQhVZKn79|70(!V;-k$|Uakq;FAQ}*^#r7Ti>Zp&t$uV`*iSh5b79OgQ7*md3#Xdh
z8Tm}gXlt9d!<HW#{!ToY*BOEs(69h~%!iz_MHq>k_Pqe%4-EzfKDa*9NE=ZBK&i_M
z;s9?k$L9cb-Ymb45sv0i5C?vXBq@0|xWMZKbib?N3xo>-Oxn9XbUHT#3HubR{3W8k
zc$x)v5pT8e5<ne4g8`FU8fs!9X^<MNl5^l<&D~*#&jdS8TKsUi#hU8jYRew8b-kV6
z#^7)#5DdzJ#DtyTC8}$;*=pp%6AhAKqrBs+I5v5{&h^|~+1Of&uk>hR(7YsXV|FsH
zaByeCPk9M%GP982SDme9HuhWN(Yd>*cNW-{x0TM|i`JgkW>?1<kE<Bz^iB8^(P`?I
z>E-!<wE!@ChpIqHobA3jbQwaQt|LGYb%f?ZU4>p%6GrLn$3`^ieRJ~wM<w!wM477;
z-qAG@ZhoLpTy(no;wui@jMy*^Kjt#-eo5YY2X6ThE>=5u9`(pxbp~@$D^CW|8-7uY
z#D>deZu`P(Ike~yGtlm6d$!{3sKxRV7g2$q+mW8iigTF=CmizHPRF<g%fqKVY0!d+
z+t~WCgjdhjBio)^P;UXBN6bGj@zrxzAX{S%hU|PEa2n%^D}K(giMA$~vk@XgwY$@A
zey~ueZZ0UIgzXAwc)i}3^}t)b+3r_fd}&ul0anAnTT~!l!dbfAp9^J+eE*JGsOv%E
zE0oM8a+F9-Pyf}&$ehi5z-4~X%O~Qug-lVeWowC~hUO3}plIs@(|z5Ui1D}JhQ;?o
zR+hqyB@CPy2rRH8P_T+r5P()MKb*R+Cr;_`{a90;%Y~In`xAaC7Xis!4}`pXu0ue*
zdZkc?J!yaHMi64UAc+ZVu~t3{`HvB1osGf!Yt!@R?wD}s%b77|EDm;@1hC?aNnf1R
z8o|hi9?zC2eq~F{0554ID{JiEad52)DJqZdhmRVS=h5a$&+~QAzr_y^gK(gU*s)0j
zy!&ELC(-Ijk9I8^g9PghXhBki2s|-rXP+K(BjlYyb*qdqnOAZ~;VDzMOq69eL3G`@
zs0@2R?0dVj_%?uPivY?H1+1V&yO1K>zO;v`My>Bd4;u-!Za#;b+&S%1-@GSY)*4If
zBf(xSbSnWh6-$q=Cw|!~Q+1uH1o@|`L1WKk#|~#5(0|Mto`>~RtO-W<Jkx%%q9)sG
zDX5fthFb6VQR~o}Y*2?&{i?p#Nj#-?;gKiJvSYt=#R4;j0~-R`w8g9eA8hWgU9E<8
z<$p(d-X19#V1<=n=>#YUK7k_%J$}hGGMc93ji~ag@O)F1clE)!kjABfGm<S|DVZ#h
z)t;r=YJVYw&m(IsM-G7}fPG4C|Csctw_ifkZF6Nikk=}+$<t4?-;us{9qPlnZ~oTU
z^xYwu*^*iIaoyKjsWw5Wbg}&F!dMkE4jR=rBjQ);``e2QNd4b5j|272(Eg~64e+KG
zsj!1{RWe&YN7WB=f`~ejtyV(aU`f<<emn@h;^4%C?{~cNOJjDLv%)J!b&KPa#f?W$
z8XyQA@T>PuDIFpK@*?<2*x}>Jvwom{-(FfFTJUzyy~!$|#+il?F=qO@yiEd)$D2W^
z6@Fb%pOEB1H*mW`lngD1LjvtS`I(=h$D8A{CB+%|k(N@DQ(9guX7loJm?55fb2)ao
zodZa;gwYEYvgg(%U<vc01YJ-?4*x1HTXS?E%Ot@bxXQb5Yq{Q3VN9F7tFY%K7rm0D
ztm)fN{K;ZU2aG03AE}5R!o<hBoKko!)eOlY^gUGB8@G0UeYPu&0rF^1HJ<oRWLclC
zwPo!Hz;6upy8v__ku}JQ@otVfga6ELhGn_Yy!JMxa+GDQs#B1buXTZm?3vG+N4L=S
zd!#}{`@0m!l@f*&mUM17GeUN9!+Si~bV`6uh`KZSx!Gv1+vda$QH`bSKnXp=JTU)0
zx+3&Ozt}TE>9J5BrBhZ>F<C6*ynBfoafTuDU!0x#e&4VNKI27}G<nF8Ux41It_Cd{
ziqN-QvuE+kATc%QP(4pha_c9YVE4jBmFdeQ@AJyl_G^`8cHpHL`@~7G=Fta1_8Ol>
z1AJIL0mjQij?ar)5~FrdL__u;w-qn(5>orPMYv9i6=+=k<W6iXV)6<i(6qk36sEK~
zpc4r?OHWF5$P6*9n~mtn4F$D!`xn=!KE}h`nAMnB^DGI)E)i(?i@*f;P2qtyqCT#)
zni`&&$LCzyFh3HTqSPn}2q9LgQ4{F7@mbh&L!ArmXL|DK2i6D_Hd4{v9ie;yob0bj
z?<Z9;Rm0dJ00M4ols!u9Ay?}MS34p=%at5c={pxBLkKD6+;f2;Z}<=xx!W4^(kM3X
zfD{M)wcifj(g*KrV?t?z_0n$55MkaAKX)`UKn&j{vq$Yxha*WltbIDCE$d8%iyY#8
zhu3}Y{gS@DgY}rl(p(L+=aW#mMoq6z3~S*lixn8yaFV3VucV~lq$G4Sl2Rs7PA#*6
zHUhpvg_G&W^sU!I!*Ta5U#?67iQf}7HR3%n=6xXuk4s(erh`?{O1`g4{xjwA-+8pf
zw~V5K(KhmYqR>NFV-LNZ$kiFqekl=cP`4=GrG4J%jaTa}kJnr3EY}(j1nj)a_jQAQ
z-D!Gl2SP=K2jz#mF_!Aup59>0EE`dK&Wl%uY1Wo3x<V*5A0%r}e-1RnaqYo&3%2w6
zvh8YC$g0v(RLR<|^@Q?PM|H8wmhZPbU?C@@`Zy<>)PQv<h9nPJz!7(ps1?n0>K#Oo
zK!eeidv)uH4py7jVZsYca5f;0rDSW&I`jJu*1}}De>(^tIB;#Co2M_p*M3qnRKF+Y
z{CAG)VMB`k;DK|c7*(YyY=`%fuaHUV263f`Ddo;~ZGj9<2LO6-COgmCNu3ohM<<c`
zdjEIv{{x{wUcWV<nv6#=nUoz|D>tlPZ`R`|`oL<97pO0ROtVIf8I9-u{eRd($8@dT
zRa^)2%PLJypcB>;*70Yam}use2?=o8DPhQKnIeXIewR_mm`7TPauI?<x~s2X=KE<I
z8Vu#i`LaRlyaaAqn;Xwt{nkEYtu<Wc<Lp1JR>^?W<m8~>t=CcX>hq|2e+eamyzyA(
z>=@M3_;%FirZeQ^1?X`1j}Y2_V6#|}w!@zUZgBS$L@??@e)m-5{qa$gnbn7cFnV=H
zG3}{KsiCMPG2=HN71h*kl##e8<HRiGcO@l^mX;Q>0!VDgrniJyfp=GzVPA0>+6FN!
zVn{GLlL%?YPyJx}icq>=vvCoMmn=fbFMop=#y)R%*&Mc@);|A>XBQ|oc1o~|OXHWT
zx$~!N%yaQnecN`MY{x?o#WGg;rI#|sK10?9N;*TFH6EX>-&|j&AENQAx+rK-e3j8o
zEPV5u-?WF#ek=0WAO7%%hU*tIyy7+2T+{Ho@qxn4E?c$?{rWkMqK&WXw}^7VFMjb0
zJoL~*xbemt(XnGkbFT3psqnqWe8UYlG%j+|Z^fm5;)y33&d-`Pt6|Lc*^4m|p}vTY
zlc$3<Yt}RrkrqechA*VewC0y>uc3hFK%0=}pcpZInuD1$XJXErIfi*qoflqs0UI}N
zY$$%^l~*<#H+7&oyD7nZ=9y<2E>EZZwLq(a9~r5TaknuFA4BO*9EF+#E0FW@GiZPH
zw-Gbv21HJpLBUBC!||q3D-waC<%>}G&+o#wBh4k4i^4C3OJzs;QMuq^z{S9MjRCtK
zZririXrue}>u>I7+=L0{TWi^eA1=fuu0IMm;74Xcej)`-wmg80h=flTcG2hZ?Kj`z
z^+K}_N{Dpez<y(L6-B>Sf%;SUc$uiDu`fl`>d$>4zs?u`SiKYLGV;*QL$-)-C?Z$U
zJ}MmF9@HKEJ5nG+dgz_42M`_{fD3vspAHM{VQ!qCFW-(3u2~_h!<?MRWH{(?32kx9
z@Scbv6JqvpJ5bR@&i{rpI<WND2`4>2So|btNqM^$l#vE`ivpp84Bipy5qhaXt3hf@
zVN*K>&*?_f{L~()v<3*}RcYb*)kNn_(IZA6t45mwwqu{Q_vI7tqJBPSIq$Yx)A4ab
z!7qJOo@v7;o6ksA**D#aYR0+u>C0H^J$o>WE;rWdN=gT*iP%?w;NE=^lEUzl7BnN8
z`gpGU#k5CA-+pvDkD#4&xl@(|N(~*&E4Oc^Ej9f<XiHg1#v#9|f}cuMc$g18fA6_w
ze)EMD^5n2s#d1{)gJOsrj!(WJ3i;w2n+l%+gBZ&l$fNIy1KurpPMzlKgvn@I@euQp
zKI_vQXiR2Y#El3beN4m~&-v!+o$9=OVH(==>c6q1+q)g_I~U^-&Bad=2HT!@S$k}+
z2?w@6yLdG9vfFy+`?u9Jj2bn{+=`9ZbgKIj!7Y#$KybQDx5BM(dMc1+Dk&++Xs+(R
z|9<ErMn}+iUN#=H{e7zT8;@CY!aj5FdUlTM-o!Ya3Z#Wl8Qt4OOh~6Bb%Lhawe2*%
z7kl3OTXWVMl(bMFEnZq0%|I!fI2}luCQ$SlfyI#mHu!}{B7E{})F0)Ankpt8?1hro
zA42+1zD0kJg9z!)JQG7lp_cg}sxuFxIxC$)Hn{Eta!t!#PYvvBULS4Rb^o{+a4~Rx
zV!(SXTJ+(E7(0HvVHUP;+tzSHTFWvR?B(xIJdQkSgaav1UC(?*_uqb-3CSxBv4tW!
zsxSQDeTbP6XfIJ)5-v%&W7ow3S|x1bdF8VaBO|R!6g3<(yT@Z@QhO{*&&4w<w&Ndb
z_Ml5h0Iu$th`0#HJU6Gb98Y|*9j~t6i(@6EuL$uGq4<7U7jSjLKR(@!JPK=X?v;p(
zy2T^JqkU1|$3MsEEDtqk+A;JNkDB^c0q?T<-BdYyPS?Fbnxx?)MxYO^GS;tKi)Wwt
zJ9F)<K{Ru~w4-^Ng5~@#HQj%F;`exG{(SQs)Potbz8n4XZrdI=E_1?f-hWeY94DUA
zpR-(3eYA#itw#f*S)^w{LbHSn0(~wK6WJENVmkO~0By`YJEH94MJO6D7-7uIp^&;h
z%KF(1)RmT?a{oRQfA|5T%oM|i(nC@U&L=R$c>&3Apd^o+x(_-Ag`u1TK?&7zW&Ez@
zm_*`hh$7y#K!me?TTb4@&=7Q><T8RUQ~>L$oO2s>e7P%7OpagVS~AO>Daf|-;K4(v
zU^^X|n?U&qMC8b1MAGJbN;G5|qW<EUm`ajqOVFt=g_D#dU5knA<*g&QKO^b1WwbDv
zszj1_k{#)(KpebY1A$b+d2CDOFVbKL^s+=yizL$&5o6vCaHfFgkMO3lHs3~8b`BYk
zP;{YcS?b@$AfmHC<Ii^_I~qTmFpldQzX<H6>NRfXeEe-UA#D%>`@1FgqGv8R9dn_%
zWC?pQg3@jbqit~i{{2ldD{W8@KKP)SWAd#~c}ee6Q&Vx*U3VGnmG^k;81;P56g1Zb
z8c$OaBTKl;{7OD4x88cI8HXaL={_~@^)AfkCh^u=Z<(>l{OZu5L-_7@zl)_bQxL;o
z$LKvi)z!S#eOYrrix-vCb&XHvVZxIIsqF>Ax9T@FZd=xV+x}Jl1kl7Lg!dba@LTRf
z$<x1qAERK^`*uU+&QFo^_;UCqPk?V5+F<1$K>K_CfWY`pw7d#o@C>$90YqJSGeh=z
zm@~d-F1Q$QF>wB3K<kRKmup>8vefNlAS8wN<NhsB<jAoXTud{pY$LswfTaJJaac!F
z)hSaiFy^2tr*%-8lQ&*_4Pi2M<{GQ*{5?9HOZ%;C=mM>u$|)itPe=O2?%#ia=C`RB
z)FlpmIx#sb%{*_(D<<9KgAq(<Il4O?a6Pa;rw}W$3z1b=ii3GYNQewYdomysdv?b5
ztbB&X%*Sn$24YI8BeYSq;>sFi6qcZ<f=m$qMUvTxjg)V#zlYl3vPR8{Ot~6PsG^5f
z3=a%IARX?#SGtm_YE#FA^JY<dP0MQ-%Ln^ALL$*20_`ikm<vk2j(It`Si10i{_cgV
zXgMIQxag+&Z@<lmV}C{Vu`I-Ph{Yi0OKECvl`zTrOR8<H_1X(hw;zfj)Hv*zw2x>k
z+UwM22MW_f^U2iM`Zub5(FVtubW+bvbex2D%6KoWmiIVRwzWd*VL<Fm;l!w+n(F{D
zR>=r2%uQ>U0+~JuBq;=$hN|uBkp1xgpls^J2q7a9z)YVCsq4#!q!*-~leUgFk~M_|
zsM@=SIYK@}<(j3a=Z1|6zC_H-id=Q#Oj6%uN+bJDW?etjrXNBe350OI=oQq8crzl=
zoGj7N{zwcCK}=8}f;cWYehI{!2+CQfltfWJ36!FGe~27&u9(X$`Xl0g$&!!p!GeXT
z<RtFHm*QfYYiN;KPdm=do3|jFD${EAQOkQxN$E~I{Yx99-+FO&GfeTOO`A<ZKuuCh
z{Ad8-;bBOoy=dRQz1emj!;myJFxAnEA!6$Q)s$PdZZmz$bf%WiLXS-^Ob{b<BqSyv
zjf+_g?_FSDDD%VX_ny6b@%rm;m}G<^=#&R!?AS5p-fVwbcz5ie>X-Mbg;2jOeq{nD
zNA^BkI0g---76*Da<u!pgZJ}26I?v{=%cvy+H28{(NDA(YSEKKe>^2`mob0KgJeQp
z<K`tML<`%Ge)J;@;UYYF^5hfd)S2|zxU8Kk&E11#2*h{~WcJ@j9(lwtyK2X~uFRmG
zfBt!V?|a`f3wQ^b`)S@TSg-&x2~*j|eb~iX%-8??&;OWg!IB`_cI{ZjfLTVU@ikNC
zOkZ+VYG7KlhVWhUr4}USs&AtvlY)o0UZTI-0Qg2H(RZyBwc8e=p1x<kF-gdL?1x5^
zTVKn>VGMxL_80#!c|n|Ua3H)-7hDXu7&w11uye-_I*E5MOoMzkK3TaOH`C87CWby<
zgf2<RNFj4_fPNujEVS<iQ_#6~)oL7|<X-!tKxRZediLTG*9ERITK@v*w|bCfSj(0z
zWuo8|v+hf?y<__}j2JZ%aUJ7v<j`T1(dRXkYkm-EszF^kpm+N=*mg7z+cI)7Ate!Q
z$uyLaNmzA|^pt#KOMso3c^KTO1A@pL6w&8){gGVUoEU@t3GK~ziYlwI@klm4-kpx6
z8TlxswTM=$Fs@mn;-WD=H337(^o02PVP|$e-rRl|73G!i<+uf+rzGf&4-G<(4$&B#
z6l=6Cy0-ejF}$&pnj1E#`&12;r&}FjLjuv6W@FuBqtH9P9m42~qB2^`gGe{FkL`dX
zWS)FU_lYjiUMNlaFoq@m=%YnAN{!HljT?;MRrHV19(mSn?N0%uLA2k9flDUt1LzC0
zXZJ3q8Q4GuqTJa}*k2v**Lf6*{#k>bG?$YWM%D%j%CnwnAmrDRL4Qo`O^QgSeQ*4P
ziAHm-@rv<SPV;GLYf4EcOZY1RwCJSSmtRhXDyiY#gqPL|t%m{e#t<K-Ce2Y20l5r!
z6-lNbl0;D$C6R$dz7Gj}--!0yq|;IO#3Lx8RfBJ*o(M=t;$}@Ja+a%OQXS>-s6DzL
zb-S4kof=6^a$nj>`=^elvnDg2lbiKtC|-rk^=CLcKN8U;OFl%={+%rB3x8G!C)clj
z<qIN{td5*yq5SQqaqy#eLWHqCx?UuvgR!`a`K_14Cy+#izD@5uXdz@%JFs@$dP78s
z=-Ie&6S;0`V~CTjbP&^vBgw2jn*5t7xkyXvOX4Y!CNjscc<~a3>sy6lGBVOg_;E4t
z265Dxna3c<;Za<0ln5{>smlpwB=+Uhi?(X@rzGMQ8fRd&BVtS+3*~&ll+$C|w(Ul<
zqB?eLri`<8n3r}BGo<g{v)3?g85tR5s5Vd%lV&1v2&d9|eDu*`Ec}o*?mQNQr@nMe
zpmB+zI(YCfHqt41{P=MgMTa>_09<G}2IO!qiT~}l-)^Kmwx)gVVs<6<|Lt#oYo6)T
zPd{y>al3Zy;`8~4^JbJ;AXWZcf;I+e+QcX|25I%A9XWF32*g+=BqSJ<F_{)L2X-Fo
zex*^<`(_!9#&y21dle2n?^94x3gUkB8{~HHkCG>UV%8Dg&NSzYq&aFEYAb82nfGWu
z>NimqbL~h(-FFwFCNm>?02e~F<9SaSkKO(4V!*|~d4K_Dn=@;e2wG`Nw{6{QG#y*$
zn;}9}AR@URwbdU|xY8gDBrPB&WEDg84q_k<t%ur&#f<dq)f<PY5e}iCRul;hB(R;d
zgo0rx8dgTeQS8{t6bB`x#^F6Hdo8o5lW-ytEJz^nenE09wjIpEl6}YUjX@QL0m-4s
z)yE|KK}JMm&eDAum`u%wi2bc(RNl=g!mmg6LQGf?<f#7Qnw_}y<1J>L`s2u+=o=ry
z*6YcX<lwGPcL6lx`p3k6_{NYP=nx))0c04STDcwbH}0pJHw-@+-UH!ed|usp5TAUo
z0pA<a756e=M^f7eB(w>`;Mg|!<wu*a`%n&gb&JI}dUv5?ydU;bd-J2Ud(oAI-7N#U
z;%c_9F&gmTT*ne}%LhdJj6h~uVgz)qwx-r-B#KFYy#3ajhKU<Zt<w-DTh1l}_tqP)
z8`G_;ue}Z<xj)8Gs3+!N*~f2S>5|15%*d$YCX6?l4DBT=mMu3q(oz}VL=4Dw226U4
z!nOVsvdx-3n|oXUK3upE3*UbaLm4VrAbRhE4?e(C|NCd$bnAD_9LQ#{rI%lP5oHum
z&6s(qDR(~nIe7<fC8O4Skfd9Le-<BnK25K}eEkh0B6Fu;K0N<0#?lRsqPC-op?V8Y
zo3(=MF0~ulg#G!__y@wjYcE7x_Dux$?GOJrnkexhOH-l{mcG;i_%W274;c?Z`KI-#
zV2%-)Z25#o)8E7~vCy?(5(oNtgE(24XO)vNDC8K$bd-`g(!|o(_0b#2(KwnL@5-k+
zRze|7G!a4~jC8CBKx$jRMKtMH=M~a6A|l*OYDEiriz>s7)O-Z;zCy^^J7ucPLS*ac
z<x(5E_8|%VBS+HljVtHSd99}znaYXa7bCHF@y8}}c@@pnqz2S|>7KOc3D+uTi9xj|
zra|W{VW$RFUSP&TJjrHN*L8oD^0%R+MIZ+2la-&)d3e4lE9r}{sJ^V)Q+?U{7o+xn
z&;EytbcNBRn21R1?MxXy)A`r%kML-plb(&9n?3@~0fE%h-~ayiAqGT@pXQD<5SLTZ
zB5j12?-Sn)Q|$};W9AU&iROVFv+YbH)`olCb=MgNM5clQNvxz5Y>G*>_o=q5Sykh9
zO(W;(5Ahio*9mdA+>PQvBT%|#87f!3fx5i)W`pMgL+~`NX+N9FyhFp805#PanVy&D
z*`2GQy8XBqa4~RpF<|#D2?@nOD12@%tsN@4N3QvF4aP8huGToM+r61sS!-Gitt2FY
z*IE`vT44Fok8#-*SD5-*&pUVNjGnX@kaM}TC0gIKj%%-$*^bPO4$#sdH~ScgSejO|
z9hFgz5rNu`B{MLDnhlWnUznMXz0^*mP$RM<GZ(uVDQjG}I4mU-v4jjtdO@kffTU-m
zfSgXh#P(*7cyH?g-1_cXYBzlGuS-Ybl73wg>=BNR?w*M59is4^xhrt<ywwco6O2py
zcf%!plNo%Y8uQofL+{8CTtB=QlG;aMBsDVs{qhq0@1iXj(YXVXhWAE~*l1p(mWJc_
z&4DaTOl*f+$D}b@S0D<gUATl}yZ`N#_|e;+qNJi4chM}YEj1}xIxYATw_-X3x_>$B
zXQUrBIOy7~D+bbkPv-FQxjB63pkV-J&Atrfd|nE7{0}CGln;qCOEQ0(Jf$6zGatn~
z1|sUlbC+B?%LveNa<YxU_!CB;6mwI}XQ-e8>p%Sj*D&aeveN50ONf@weN1$oo~5)Q
z5<+W?VnD@c3S@@$yI=pB<CN(8{D9WSfEb#c&auKDC$6#ZBhnQ?p+H1F3G?7;U&Dw*
z@;HR*vOv9z{^VpC3b)?Gq*P@##Or#Q{Yb<H(WWt&PUt6x!gXd|b!G<gUwRIe3*LfH
zC#p#(W%LF+KQ%l(UNJ`HY`=h$qL`D^iI(Mz*AnQmnXE4>hWO}E`YfCgcnAq+5peR6
zSdLunh)~yWnau>!woxWCk_s=ST2AI!Vmvff*&j-(o5FCear6^Wdm`G8rl-@Fqks%R
zpkZ8g(%k8-x91sdy+a2_RjNg24ed!^eCcIF*GLMWbJiE5O=JWYy#OwZRYvuvY`p$d
zo9d-ex#mE(rt2Duz74_axnF5SWO}A+x<7qaaq*F_NJpxL6{SO_XOaqu5fcNWGV7=<
znly2OVUP^Bqnmf(v>33@K?U_3%(L*+(y?%>Z>e`>ruE!&&zT4-3V&<;Huw-v+t1l7
z;5|<7WA$N7G&x>v5Skl`>>^O~DQyDUtQ*fwwPC>?H*VKnZ(P@&KdavwkKPNKNkopC
zh=>70QGNM08CKl0vGB4#%~bu{%iqH@c0B{H`#7uPaT{|n;9}sMV?e~OXbDN(5ANNA
zgf7X{glsid2-dtx>s-G91DF|onITBceoCsTh^FVI6r@@Rr;lc8Y7dj!L#A4?Do|N5
zF%mLLGa_@La0+C#ziaK3hQ%)JTHz&R5`!?TV>DLp%fi;9xft3t0c&V}HIP0Zqf$Ge
zhGtkRG7GUiBL|7pNNi*DtgAb=MW^U+9Lz7l|E;BlgMK1+Ozwxtj6y2rL*r2Ufi&})
z)+Y%!P=oUDJ8SVW%chax>B@F`vtOgKAwD7)bu@s>ULTrtjbYo{cV{6dpMqx#^t%;f
zq(&8uOQu#b2a630F`AhJxrJEwCX+cX+l~u+Bw{p8$+U`U9P;qXp*CSD88`_uv*`En
z-n;Wn=J-oy&oa!1x{=V$2!=_MD(SKqIN_^%_iogHbTHbg5}HE^M8`<GQ9$!9S)zy@
zQ(wwv-@pF=OrJ5s&~CzkAFX}bb%-}Y*hoGL3HUlw0C*wI@8$C<&@+?CxtLN#LKE~&
z>q{E2A7);9snOP$ljp&oR>XjKHd0Q7h{R5a?%xGvbWrl4`4FiJGx;@3^pNBjUQWU~
zk1t9D8IVX4y<z;;Boo78CX)yGHODeg_{J+JUHu6{hmS_cAZ990=?VY%j_@Txtqoim
z(2JKYM(Hbm1rob+b{*Gzs2Mx5T230{6T%l*8V@BVRFXpdQ@{FXeCES(%Tz2PjxW#;
z{s)QUC#flduG$vOiKhRkSR>G+6=5VzfEJ$NRQqWmiY9Xt&dI-;W>Ra`tTiu&s!D6n
zld8Q@qeq%=IWVcd{7ZJz4C)iwidwBoBz-DArF5kqC-Ssu7nn(&P9|mEymyQQCX{Mj
znSj-BF^rFo#Xv54@(Bne10%KH{sRY0TRC)|vf7YF!*BMd?#s~@!T5z_vkl9{=vu#i
zed%*B*f<f_kl|DA1u<FMNCa!~te|8=p?$p>v}QYVFPww{OLU)ffhVkXL~7&-6DAl2
z#6Dk{IqCW6S+y3h_o8u)8#m7QerUm0_F&mK_vzE8wG8#t<KTNr<eD-*q2UPRr%6y5
zmDR@u7XvN^zA_jvufJYvzS~-3m3VOVisg_QmSsRBbR0fnB;I}dEwqVpgq*UT=+-@j
zf<+SH1g(W4mgQXCB{|vnj7VBu#l2Gw%UaJB6>C3}J%>k<&}Vtk7!p1;h7>XaW2t#q
zy*-@_NFJ8#Nyo>BbBt-$$S$#1zdIT$$eip>&oTK(Rvs(Foix8{6C8+5hmPUxy)=gp
z4@Upav1mg^!T|42%#A>Sd<L-{M2F(}ok#JVoC3pu$k|*VddoPa^LQ7ToYxLzvpqVm
zw{`ASW#oV!rd%Xk8f9iCW<j8!Jo053#`aS~1F<Ww44deSGL)JZnf41$9Z1_qIQxJ9
z{HF<TtUB#t+To6S?xp5wENPHVrY-$Zd9^I9x#*CRl46sWDwDn<(vpa#vY>Y2I(0M*
z%}0wqWaP3uY}v9IBWOCVHic{LwQ2qPQ&ZIk%a(kEo!jY;Gjf#i4@u&4vwiECOY89=
z&9Yv9^%Y}AH)JS-$B-tQG-YZ-lt{Z5+A*}o?^eWs5IveGoCqEIreWyAzsH_``~}(T
zR-xKYQf?*&V-fq&gRf%wT&gDv_>o^mI6v|g2_+Zl&xfh9DpyxbM|9d9R(<>dib*sF
zkD7vzVIvSaXeiAWx}j|I1{D7LX*wz?AB8HYmeZGxsyR8z*uP_DRcoBg?W?KcmhrIX
z^s0n#EK&8fjN}!K#DqjIu2eNX8)!mF^C6YorI*aafC2p*m<=%ttLe`n&48pAdLd-L
zfB9vzxmYEi(4npmA3n?^nEP;1ym55b3lK(=v_<s2P>9f2I%G+!uy5Z!qsG;By=W;Z
z-7$0K4D{+rpBr-a76#K9ygQwx=D+g}CCwRU#DqAH-I2BzQEFhG0iT{0L78BU<N`Zl
z#IOcJw`b2D#%E+T8K#{(cNs~=l*yBfltJS;A6`6*xAWm!&t4m#qDXmz%>860AjwZ_
z18u5ekOh)H$vMxO`L(vOHai~YMR3+du4H;o1ZD-%HT!W+yMJ8_xES~fVL)rHv>&o6
z=tMe2jD<f5YZ0y!sO=YnA;v<9Vmo%~Y|MC6r;yr@A;X3vlNw){ZT0pDUE<>6SvD1W
zcGAa{P)*bISO)KrpTUluJIsD73B4r$(vnm#h)?6aREY=sb)*w~bQm@t%g3?RJFuas
z4ENH+svjN5d&W{qPxGn`hqJMdCQcf=m==MAmnf^EpGF8G$dK5!8&gE``v{?BML9Jo
zRh9Avc8Gnd2T(u_%TvoX8y}FxyJ*ExS&Q4p_r?VJoHPfHNSaqY9YwJ1P_uRd2RZgi
z3N-@*B}DVVp^Rgg-6aXveTycpL5}&l_BTbMl9t1Q9ka~dWY+f5i!T`FLZN&|j2Vk*
z%snOC9*25_QVW%rORWWccDB)Hw<n*Ao|iX>X8Ydlx8ZdLeNjZRH(q;{!m}0hCmD^|
zmtAhm=p?M2JY|aU&zV1e9(FNU!MZh{q7OA7IzQu*ON}$U7$l2h?><`7aqD70G${ym
zv~dgJ%hQn(_t20q+7L2i8*Q*;=0pz*P7`NJiO@F;2EU8=!j#A)ibS%U#@kRM5=J5<
zkc^055KV_dx*3kOmN`C3-}ooW=Kd4KW2Q4x`A`!jt7`jt_=NC9VH+BSm<i?gP&6ws
zIMR05yddgVW%RNA>s#D=2>XlT3oSnt#k%&Rqj&BdSD^L}ucF<o%RM!m`{a)ngC>#)
zL2<v6Crvtm`A{P}ckQMh$5F!+h*40vabw5O22tF#q!}LS#j8h!vYk9>BAw4Nv5MM|
zNSajbVmq>zkBXwSg$#{lGSsG|;4_%qt{=_48iQWWp+lYUbg#a~B$5nUYU?&G+xWL0
zyND}E07971(P2nD+8*AsB2Q>x6hSFXj7-54onrd*3o(?@m_%&G#4z}PXZ|#9-~D}d
zFklx;>x*+bd}{%04PeLX>ye_hhB2Md7|gupns?^Q#u;_v7Irb<V&KcifF&HG85k!o
zFW)c-@iZYneE1OJDJ}nqW;ZitUSdM%YP1SPKAe*D_Zfn`J&%KEx+(tynVrh-O<`uW
zR!b0*)~_E4;17&xb~FR_$h@bhs1Q4-0SO7EAc<?X67q@G2xL$T8{yL~J^Jp;#DhcP
zqp^ls4&;|&X4g1$iitEPR6ThOu~GQs7(?f$=i{g2`=V1@k0wA17}wxZ(jqma?K~U(
zNeC~bNq4!Jl`#77a&K<{ZYPnfznGerRdj;qAn})3BQbkWD&nYBap(qH+KyN>nr9!<
z7f)BRZ)0H3-_pWJSgpz$9(y%fA(=*5?Z0hN-}c$4DIJS>6T|nxyYCr?^l=j>;Tu<7
zWpM6I{|NuNnMdf{KMU8<ze9c;?=wG@=qiEw63&&2MG?!sfBPMb0=msOsjp%<{C_?5
zHzQpB-fg#=fB_QxO`SH4Oh;d=T)x6Y#8L#a2YzrjB1rqqrca7+XUA(gX@!5hp6-`D
zI?wFjL(N~g6uGy4AHJy_5gi<ga54quM5dxkm2zUr(YuCbSq>}Wj9Yx9ek*^6K8i*a
zT1~A8IdGY2Nh4vjB7CXp<5SFpt6Z}jm5bhiPlt|l(qJwT)>Er8@lxpBB67y+OPUse
zrnF^x^jl1dKx#difJO47zGMpK$I^QE2#r7?13uIqISk4T2*+Ox^RoqiG<h{S1!G2!
zVy=cEM)F}Nm$V{M8%hNzM!;$gj?$l^l;PauH{o<^`{uaJe}?1Z3nZ1LLdK~NNi38*
zLClC=68jR$4`V3Jp!)W8OjvB+cKG_O7f#o=axq)BY&pkxTti~ZHT^AIIro=H?T+nR
zFOWhIi#gi9ogoS7@1m@v@s#8wCMF=BJ|QY^31K}YdxuT;bN-$+bLl)AzI`rV_OKhq
zp$T#pp`l&2sblZoXR#Z%DHj7S2EK+E5OW|VLRt=)^sHXF0=+09-?m{bb~6&8q~+S5
z6=`Vz&2L_R=|x18MVd_L5*F>*v&TfX%4En^`S8i|L3u<HsL9?>%ZBc$sph;w_R0rD
zPR)sQnik_zNJ3bN_$1-CAaX`Tde?SsFqRsRHFWZpx%&9zIBGQ<6VblZj?9X0i@BQ*
z&<uomNfO%8nu@6r2+<Lt=*leU`)IPY=U5&p=>rl<dc&GXS>M^MN6FX}mSGSXn`lqF
zW^E;XB2%e{CichNHoNhcCEJjh$0(VeP2VwqH>4eEJoFMtn}&5+bdDH|t(ke)%22=v
z^k)|Lw#Fe|G*bhuL+cS~%q7GXP1M}luJei#Hkjs5@~?g2KmVci2P3mm_}X|c(C;iV
zYvB<L15AHhWv-WyR{7Hu*hQKug#uQx!vqRiCo(Fj1g>fHTOKfAAj9CliceRq!l6qJ
z7#i(mKI_XFWS}RRl}^-t4I42W3m6&eC5E71vgjjBnl#x6j1A&j@t@YifLQ90glGvv
zx+-=}G-KlXF$rNHow)<3){|zV%D>(?qD$MMs8eDNRMl3u41&&A(UDwCOR#S>O|z(#
zV12croFZmYMKPj76cg<5C6e>1@^^@FDd41%=0lTJp!uzj`mjugeoNaSO^3|B!e#cQ
zaJQV~A{NES$X>CC{w1_hL>J}_`8=Q(qyx>O`t|SEU}|LBE2G(!OqT@eTZ@m91-|pn
zyABi7ELpBQa-s%lkyG7Zj#GXd`wtv6DpR$kzGX)*yHovExu#w)wIwM_H<nwwb{*^S
z<!!cam3BajnuUafM2sCX8t=aMzL5@y2?^jLC60g3-o4n%g;QhDVk(m$C1V=Ik9=ah
znz7BD_um%JTCl!su+kdgUtq`9+_)^$+}!ona$fV<g7>jK*W9<ohpy`#IbZI#x%+X?
zyBKgW(0VYCoSaNY<6I+QA2?_rcI?}a9yHrYPVI$73m0H4ecTkLSL<=tuHDd^CODfn
ztcOCtYCT%}>1y-6gT9htKm;-i8a8}{G1*asrVv^bY~Qh+OaOzuknmQ{2{9g$y6af`
ztUznMT_u&!uU`T+9W<i~VMg@6JPs!@FGysV+##LXVJ<`D%0WCOuB}ODplc~K&$?|;
zH{5kF8}E=o8P}sThIV3fEH46J9Zk39ZaQEzB{vW5ZlYSL?qM<{pfmY4e)ndZNz;a6
zB{d<x_+S$S#=xCZ2AkxEDy!y>6fu$)!|i63RyHsr$_28S%*_il8$)3QzA-EX{kz1g
zipi&@h+y3k<55h;K$-|KAeJdHh4{zrdBVAl<>)U#>$q{_8O5p^fBM7k@egV%WG**)
zw3FLRb!C3msbd_?+RB+gy1-a)$fraC<7ISsFJb88;mkK8W<<|cW_6-(I#R$YC-t3V
zIN#XLyilY$wOt(~eYTuJUWMwFiC7;-Lkpz_>)m;8o4&nJYKPt`zrTE{#-hbik0j!2
z=x}+6=gXPPBZ@DE2z}+<@aM;m>~4^6AkCcoQR*+VD~D+i^B_*To@LaO!-zO9jpMXl
zi2}B5G$O34HUmX8u&hk0N<9pXWjxe|{piJW7!MNnJS%?_qwQcj4LLzfd2-ksgM3C5
ztxINMMRm-w%xj$+USIzBj3B=YsapkxQ1Z+&EjEVO_x#p%=bYm=W8O%eYy#Ad2q{f$
zy-@NY(T(e6wCDA$=s`9LgF#FaZRwO=OgY8NOiEIO#xHO))f!IA#A*WLWXlHi<Byjb
zEsVw`2FcoBiqMnRN7AAFl-}&#wHuevC#JElOGBgQ;elP~EKzGCYS{DV>XtM=^b8eE
zZ7&%>fhE$Fa7l}w#%Sk{uG`G7hYufaU?NrLT#sF2IThIZuya&%*B+m$p04R$#FPuP
zQOQ?I@$?O7;c&slfQtba1D^u}id-dM%x&AYo1iaO&AGx@I<#SE-WAK1(&YNEVL;S{
zv?cv$Hl*Z&3f(KMM+Tjt!?;FipHxl??a8{P%;#YY7n_{i6~%=`P{P9ihU`~pd`Z;h
zD<>i3L`u=M&e^rwE^7f4vYOl-G<&+RLmO&D93KyjL(bxZnKd2Zp%_A+kWSIg8Y$XL
z(WovPkb?cW#rWgu-FW!DPjTnCG$sWkGei1lGflc4UbF!#G7512)B%`1xQ8|yD9idA
zo4EIoCJ?u=VDmmqV>>^dG6+|`x)hHu+=z7ga@@rHAPV<;lp%mWVv<909(a)vwJzSc
z2k~tpu!-&eXZs<nBja+}kZ!n_^<}!HNQpb?7qf!aB4H72Ovd?@)HcZ%CY<;SWdu$u
zNY!2^CPC52cJJDWat7ep$Rv>?=%*?ta4`!nzwkW%_T-a>c^o=y7-_09T5xPb5b?ip
z!v@S_zyL+8QuHiop60zd*Eo+8*@n)UKlgRh?{u2GiwRMRgdLm%qZod<Q|B&*#`57a
zc<L|zYswE{evn`?iaW?i?&p|py5&~xO~)PJ^;}vjv>pcJ1Psv(ioY|fYv}l`{2$DG
zO$~<3sFaICS_a>GG7vnL1|pgtF(M-R#XwlCh<#z~cLkZ5iYkX;kru=;+amYNNiKg6
zF&Qdr%WFvXoH4WV<ROu{l^F*oj7p2mk+wq-vWnS%5q(C=Jmc^QV0Ly-DYbW|U>5)-
z6O5zZgM1_e=DcBQ)Ia}mC{{wD>(U%Z8*$>@=t@)IIJjz3%g;ke0SgM~07i~prdjGs
z1iu{H4X7h;BzZNd#Y&E2Vp>%1OhNU<>`c4h0(9cbw}}p3inf%?s1agl#8^o!9LRC`
z`8isfRrFP<;j_Q~zrJO{5=$p0oSe^KaVO1>K#Bh*Oqk%@A8}-_f6@17Hy;t#fBh??
z#1S+X1oFcXSO!D{yui*A#VVJYxq)#tS6j~?J6=VF6XfRRIt+LVhA8|?>n6~qE{0vc
zQwC1)emDi(zb*z`47eC*8UtEe>>f60@)Z2@nP-f2{K~7Y#_iv}5rapKF_sD|mM)_i
zR+=F~wFdQ|fHLFgaFgdl;aQ{GwKvzK&6qf8l1U;f0gHmz3?k7g;#OhrGibgo0-_In
zJ5y<vr4Z|}6m-UU);I4_+WnvtL*w4iE#72CSBPDKz1Ei|Sd+TPV<4kVDP*p|?pK{z
z_TH(3k;XFfnc;lK!VT!lGBTUrOy7^os8M-p)^J?hpJ@Zg9IT;6<WFmM;UFVcP3hgq
zwDY@dN9f>QgKGz+;JKN@@w=5faG<Ch53JaUfw9MsU0RL`Uq4Ll>xg~-w)qf(NiTHp
zt;b~guH4N$BE!1UA-`QDN{Wl{=G-@!0e-s)Q9OxshbV^)>(`lV@)uq--7prGoDg%S
z@VQGrUW^WLv6w*(gzoK4CLkO?aS|??KEr5@B#>J5$x1SJ+YMnR6RT-tPDG@MdD%x{
zp6XRl$nHxE5BcmUb%Jt`TypswlN036Pds7hESb<N|A_p4B!Jdl+@?(wF1Y9-qp6xt
zhDL3PHu~|;ABN_P^*^zAHxHo|{%NHQh@-*KL{RjpGV0FcT(0O=QREtBMioL%TiOU|
zMZ%?t5F=6-;4mUAD~3c`5pP<+Xhm3F3`!-hi@O%+A*nA%Yhq3{)blp83S<9bTvX0N
zH6vY>ae@?+>ChOZO)>u7Y|v3H(tm@6>(t-p0k)?+8%+_`!NEah(u)w(y@>diWO~x1
ziH2!$v?Gl>*ByHp4;~5?tV#!`c1TW6rZf6368Mf|lqPdNbB3fdFhHL^y&E@Ve%r-I
z(r+;gQYmU&8q1l0ePQGWGJ<xEy?XVcgd!X1Oazq07cVC}2Z!0dKK`5shSB1^%H&IS
zu!@G&6pqeh46UK8Reg(qm*na%fB6gUx%VE!fap0};#p(0xc{u<mioOhs7-yWMqm}~
zPsLCqB_$bYkv1`Dx&-!_Nn#|B<D;}yPjCUf^UgaB1Jc}>)yJ0w(yB@At$ULeWA5C!
z_}R~XX715@yiJW!??gX3bPCjtK=WQ8e5k&~ojJ)r7N_>N`|V=D#ej=}CNbb4TvCjm
zMjXv_mYQ&^mt1)@J|$rrO+n!@YC$fWGsl=$X|2)zS4@X;ZRXpyY&GUpI=^-EMng=C
zxe&zD9P7dhFEWC>{nVI<2yahel89|qHj@2WmtAHw09v!``mVb6SkbU<8$+`n681Kc
zAg`(j+DC-o5&CH)GB=2{B?9NKIYcLBEC1#QCvw$o%*l~aP-51`IA$g9)}bvr^11}R
z0%bS9XLwITkJ(n_FDg2$bDK~k(g8g!iTS~}-s--M9|^x@3FDL}BKg~&v`lnZF#XyY
z0gGd{;|gLvrKuN8!}#$N%${m@BfI8HAZzbg<I!3#O@~aRM2}fed8IkfJ|f>#`Qxg8
z+m3e|s^fiL$6_qxgEMl}NE69Qbd7v-3Tdtt6&;17<Ya2Q9D$!`yGxnxL(ft4!M?qF
z$b8h9HoA51ZfHL{uGaqDIvEf?5JRqO6Q|_Ao<zR16ooRA;zybgMY$5=5ypvSd@uO0
zeaRq5E7FGNrGb!-h}DXyJ<mIRoPjWt)Okd@X2~#3D~0rxL%B38p`JeMOQf>Wm^ke_
zninS#q0^S<-Qi0>0=}XQB2OZyN_D`F!t?WtzEt-(SVCKbpB%K6oJOEUN1S>DH6Vj%
zJ1SyH+_7E=d&`>idMUh#BzsP6XtGO#Qb5VBt*_i0gP0hnUAvfu7f59V_61W!tsM-F
z>$K%uJCnbvCl#lp?9L0Vmpam9<JLV$BcMLEZrz6Eltjq)MdMRFsZl3SnrO!2eJ^Ly
z|Ce3X;!)D|%eV=={`%|2_eK&G*?cB-Nors|%%aNy+h^#_l(h6dR5y_7cY)fo{p-9v
z7J+`tEw`95!nNSud+()#oD&Vr_OFF^4mZSCUU>yF&yvZOo{=)C+p#q_W<9TS1@^wg
z<n>^l9Nk}g+C58)q0qug{-p8RG1>BVd^)cUVi?uy0%Nww@28)B8W&K4HiVJcEKa;}
zsyg}z8n<aqx_?{@xEOFTKn!So&^n{_b|y1tKl;$aMi_Vf4L2~4$6l0BYnwxXoHA!y
z{|@<VNZ>br-aJ|aRI`mx(?$r*tv+473NqD^Hd>~mqsNS8-mq2JylIm$nVoaxRc4=A
zwCF?hX4EVR{shgfQ!=$0NC$Iou(U-GCHljencUJ#-eq*Gm0p2*x-)W?K1wnzkTbch
zqf<I=N2WoaQ$ZR{z0MSD`vF{!<qOkN(E4pP-_6yLUyeSX1$y-8*-%aWX#cQ#iM=4<
zUSDdf1Y(eql9J4EbI;0LY^8sWvv6Pf06kNWvpAwt7qlHc0CgmcO#Tm^(?C^16GvuN
z8FcPGMD^8S*(*}&UPec9d330Zv?5|0;z(e0qEod#F*M-{;(3AeB4RewmOjq0{5!}f
zknl+G)Kh&qn9B)X{mZ{Yj7>KCQ{P9}cQ#{bOY0#}>nf)<jrRo^qOhV&^m_E?NE|zX
zX9>D^mO&FQIXT%(MiK5Jo@55Ia^)u^0{5BTbWR!#O=f-cTi@cK<wv0`(IW6I(G@`r
zL~kZ8l4F%X+6*QBTfBI&siQu<KPsa(7B5*sBJL11GJ19`yIJ*V5>B!W*}J~{@+<hy
zbI+UnB+7a&(2FmEQRZ11*TjkAjW$5{tNT!2CB=>;#Z)*?{|Ki7Es9E{C(yGJeCu1^
z!rO1Z&CrZ_4GWX*U0Nq?JTg%e=-jD5>U|3$o~`eKofE1ryvihL;lhQu>E@fvaZ*x}
zu_snt5!wRh**TkKXGY_gFkyl@Zwc+|uDg!OEa#c}b}{`dV>XSR<v-etM~@zTLaV?3
z{qM1!HodxkJHN%u%T!?-qq`|GoP9=;S}A9aG#@f&5R>@OLl0pC?R>52obFZS)t;V@
z>I*C*=JhB}7>E1A#ej=}uQvwlI@7&-3a<X<b;h~59R-a)eembT>~r_FErx;6+9J^U
ztptP0MWOJp0<F&yP_ASG!;Flh=A71~(6A8h`}?qH-fOu2=5LcB8N+((j03hzi2@nQ
z*U|!}(i#47cCn@_>6&&Ry9?1*oHW~U`cCIhRo}Z++lKeK=8kng{BQbgY5UE!b*|3q
zSv3#N-P?Ui<v!0dYrdZ^?n>*@fM|Abvu@w3HwN7FUF>@NXLKC*L$!})4T)6Z!F%F}
z@YhEP0)wjQC*tSHzrhz#IXUFGE^{q8ic2d}P6As|u8PR4RFPnnW0cxccwU)WNvk5p
zC5XqWYoUrNKlyhQ8lM#ULh!eIJ~SHdG3kt$8<~cw-$<(Zlxw3s2}EBKdS3)+!f67^
z0lQbPo>;ncndwFei+1nXgO^`<6_X}TKuT%~+E7JkC$vLUWs;#-!g9OKf_2&KS(NGy
zHTC6?Hge<$GBK-2ERmgJABq(A!GeWG`Z9{w#C`iw+96*N5ok+4UP|I^qvs(V$KR>$
zTWHirA@W3^$=6}&vK3qa1F&)9CPUPXVvO^IgpS6nNB3LJ=b&pc$&!S~61HNR?4o_D
zK3n@W`%I@!oocjDaw1GlPBx6<tXZ>g`Q?`z?TF5)tfH9YGhY0s^o0>v99YJs@%{Rd
zF&0Qlvv%!TV|FBFM_LQvQ_Rc`Iwn5*?6V96@UbbYzQkY(WU3@7nH{G&>G?C3kv#;`
zMkOUB;lP0d3=nV$X3+linrp5x_o3${J7bw@N&Dap8ng3Od7nMI$HI@sASOwwbb;Or
zX+d<qVk#be^iiV;5z{M%<Ub6txQ-jNGOEjLOZP4bl{7)RFR8`l6Z6(vZ<)^ze((bb
z7h+Q6<S6Du4Bd0jJ!kr}j{5dlnUn4x7XvN^Tnu<&z^<_}5lTOjj=w(n7yS44zK@^$
z^nU#2SC8W3#f#{7Fx^PRB|wxzxkB=5-4Z<_(Ap+v>2+M|Q&W4GHC~B}w=$vO&maFY
zrc9lJU9?(|iS1R_T-_kO|035WZ|cB~)0>uZMt=Ig-tC;O^cQ(Qr|bK(UYD@2`TfxQ
z?uA8`<lc5ZLF-~bJjkobWI{cLlS`m8b7WYA31usDC*xmX&@5E*#o|Y3mw8q-{Y1)Y
zE0If$ghK9`jOZk0#7wBHzGa>z#z4Lza(b#E6C!gdU6WZ?AWfzk%%{{Y%gC3+$$+kq
zzmB6iFPTZ9cGdrJ4T_i`Cm)EIk6<1Lge0Kkfk)tz&<P!Hx|J1Gs|C<xv6D~Q2`9Dc
z$PptL`+Kip24t%!0_y+?z~^6hkqb`>l9G}b($;z8nRJ*{7I8zw^WHO$Wf`Y$@9gTz
zY(9R%IL4-am&^t;oD#IiDLU0AG5|@*NsgHorMia>9X6T~Ep{4{7EW(CdF1x07$_b4
z7^!g<eLSRXQ8X+u8uIPfv11pyFri{XLOg2u%#Lxa`>2MlsHikjAN8eAO84#!FQCPX
z?d5#>wqqBOFM?I}p3+h!CnuX{`WmyO>eCdcj0KspHGU5IE#^}o4S@VhWICizQy{xx
zF&^q)AoD7X$AH&EwPQ}BYFK7tG9T02GjonijkF;8GzA*7tuM_%<1wp_^|NSv+*Et^
zoMph|peYA&+lQ{(<DoQ55EJqE<BuDylVY?>EBNCd|JXKTzO6}uv`+#tFlv7~H~-si
zyA6N()1S<yFD6b5+^>KAYx6PnoUQ@@01u8yL_t)Az5d8|MmVt=BE3&8xEOFT;9{UD
z3}~IwdMLq=Laxe8^lyKC65qQ120ZxiBY2Z*t%Nx;$x(>c71VS{t1V54B1sD57a<x&
zS`hhpNYEmo;Z;{(!!WOjMvEe+>p53`!$iR{mCoTGuWjTU_IiGF)jadjc>L!l7F!Pk
z!k3Ix0bjN{<gfh{MSuJ&f(DXXXB4bRssl?&%-fK=a!hxKepcagu#AXE-U_x;NhTzp
zPT}(7FgZF{*G8?9^O7_kVP4NqZP>@BHssGChDXt?)Teh;EvpbyIgLSJOupEMd`8rt
z`qE3U#Y1KC`KhHA#EHbM8Z8Aos#BM@TyjcEcRH6%BXRn=ab8kl8!-ej$CAci!-h@A
z8=_W8{x$L&F*u}oR<I|+mI`UnlT>#ar6ajy3f9xCM7D<_oJ4%(b0N%MzoDT$-K&va
zn`bEO90#6i7MulEj2xY~7}-I&Mr1ZtLFQ9h7>&QItkjr)ZQaI*5(2iT46PcA>K7Fi
z8|_b8T3_e-SKzPkuY0?QkuIchxclzAjTHTKw`Lgym6L6-CBkhzwQ0l0O3Tq0gnt`I
zK-UzEKyWcb0{-xaKQvN({kG%Nu?0I1rR@+Ca>pHa7$(GCZ|>WB%rY_1Gj9y5SFdh3
z<$c_6veALYC(VOE+8BWt0}IZ)t2YevefQmGv~Pd=+u!WvlfJdd3#7@=`y>gY-UB%u
zKKS5+#$V}?M;>ViReVwdo)eNhdV|_AaH^NYyMlY{V!*|~*9rq>t>XTuwMIT5AJQ!L
zslWb(Azx?WTAJlr;f$;h<P(y<Z#NU$m764a+FAW5kX6XnJciaia`>=eK$4P@%zF6t
zn{OJ+hU;&*5y@Qp)t3t{2F?`*S`P!_xno&dm69;d;O`FH-~;&`NJc_TgPhKz`69^=
zqkznT4Y^C9xY1mAzdF*2<QpbJi3sUXPE#RiMx+6ed6pQ224Gpq3KSVjjEgiLGS{-?
zib~p#VLVt~^~GpJvOR?emYJ7rS1+;g7hyYjl+sIPn(A@%ZRqoK2kb-4n20fbl*mRz
z6<3IpYKlu1@h2(Ch~dLbk@w&G00-!cAyX#1K$-fU+GbHBekE~MG>1tOCSb}W*?tP+
z>c;6u65Fe<{syyj24VH5YuFR-o5x~YyxUV9NpmG#*LcMoi1<~RIzAx%v*6suafZco
z#ghs{cfr)jCZ_dDn!1R96oIDuazJeyzkd<R(t>oO`PrN+E^7!2Yx_B$zb*cC@6tFZ
z!pVGQNmYDzsmf*dD?AH?cQF-W9`r3nF)1ktqehJ~o0iJhvTE<=KmR#o%9WLs#Y9S_
zCS$IA6D0Xxym+yS8<Qz9F!F7XQ}r0y2wTQQ&(x036!!eF(i-(Ko6<Us`Th6bHyXK3
zbavD@?KpI-AOjk+f*okg(jN5h-@l<B+lT6i$hST&8i#GiyMOOv&6}&Py2?0;YdjjW
zoZ-De?Td+!DcbLT_d86PGR63B$Pr!UVX7ylMb}lg50ik&RLwFC8iU%ECh36(9>BC|
z(~L=(>K|f!cRPOdsrwZ^<=dn8LdVj!NXsQK?|?aS|F{@%G2mk0L=4zHUTfxznKRA$
z@d4M?wQJVUglei;Go$DqdC$G~;Q%vaE7_g19@lei4KwDV@yyoUwrz|NqO4fH3|koD
ze&C?NCPeRNb(%hLl<qGV180T-A8w$>DZ?|Xds1m_vf6x;Nc^0RKsc$gAy7$NayYx^
zy@?f<%tmyNPKc%sK}5dQV90MnS_PR$i4jp`tP(K{{H<%2u@ISRZ_JXdCT|GaiXy{c
z{XBF{Z7C6<7#1-e)+j=4SWr2&FKvg7!X>{Fg`iUuF4Hfsi}4X-B<)E7nTE=c2vl$1
zj{$#w68&%fj&1I=-!e0L@x_<0gyv5EWS&Ii+<fzm7&3Tpvvoz}Yta#Lx{H1TD^{#D
z(W26iW*D;Fk7Kn^#WIm3<T`iiguz1wV>l!FDCtpikePW5t0;wDPpyX})}>@z{HgIF
zIt&q}FmMW;t7M4@i3!-WX)~qgyA2U0-;{5C>pEj1C4z1leLSB1zki!7qGGIO%$SZV
zuDINcNBt{=ucY&mbZ^_fgM_k^;LVQTA!PlysK%i;qjiiOJI0upo%x(Q@ovS?NJ5>Q
zoP6Si7W~p{B!W`}y%?v)#BK|kXtIcH*ZZR0F%iy|z*QL$#qvq8=e*0G?pWqYQrk<i
zFNbsy-cr-c;a?wbXlgv(*LB=fnWn}p=ScZTe3mgc?(_5fZaiKwd1B1PDAZEh8p)(i
z(#$jmjq8h1(j4%<FO`ugSYv!P*QR^k#ej=}bBh7{9%p1`P{0;s_FQ|er6aNBm4sFA
zyM!h7Tua+HRXOjrv{tWNv4SR48&O_Xjsf&t)7~W^qBI^70?KbwdwmV9LS#O=iDk1$
zTPSCUeBDwRb;$};PSvk_?dyes12mtOPoqq<z31H7#zL#pfS4O3wJ#<^N&QNzD-ld0
zS6T)+h|8?Xgx#g|Q4EE&B9#Hmh)zPb$S@;L$X*e~{NL~q10mBYh0j&KjzAVrJ0jY3
zPK<;4R2@sEtB&)bc7bK(*AYoacWF_?z=#>qKebW8v6}4XY`chKsiyWqb&t2Fqn1Ov
zb}`1BN=!i+iNn;C6!c`s&{KgK3-3b&qzH3qFGdVMgrf{wtHsLL{tGc2SbMgwoF9_J
z#>d4Q4ace4j$_iD3#VOx0sZ@JTzfnddK>2;mv+WPZSJ=@%StwmwxkQ&7{k2e9xdb&
zXEnDvtthd%&2^$=!;stLvXCy4JGqN@l9=4pAw^pCuJ?T2_x-$|bAEq3e}6yE^LakM
z=Xt*0=gEb+Zm6f5m+O~;V;2`6oNJ9-8vZA$`Fy3^WW@?HWqDRMq7+->^Ylq$ya&_L
zi=zuU>q=l+>@w4;%Q31$_0)KScx}mV=lA3DsQc8;HcQCPF~SM^B%ouPuF9A;l{FA6
z7aHi<^U9>*f*WpZwohMalpI$aDi`7z39w_<EcE4kekJulxS(Da`Xy=mfq>_$>@=$8
zcJz`@!^e-cE9y!^Bp&wlTNTa2V=e;ZJMy2kvm0Q7hnrSZ#H;GqHJES{MPD5bqTUZp
zcA|LuctoRCJj}OxC4=i|+UZx$S;Z4vIdIXk7d00gSPYP{OQkD6M(GG_yS1`h#t_4&
zn1TQjSR9(Ey{8o^p4CR%*n?f51ZmDa)iyRjr@#%E^q)pFCY9VdGA{N?@ESEB-Tb~L
z6M@kjfQ6G)zn>6HYIj%?QhQ{b?Yn`yVWhMUOF@<?R!|b005J?YqNH}t#NeYBpkGq&
zDpPPthbNn{?fE@vgg0}*6!@;tI>%}VZC9e3vDi~~$I_Vnsj_KoiC;es-4D{<Z=7M1
zdpsSX2;_VPm99>CM<Wf82v9oIN3r5D(Q|m7kYn^Z8SnnW(tQinB~NekH4$TuSn-(@
ze!WfI^Q8D^|A=lK8W%T-R@GN0yKM)_t=2V+t9<_r^?nNMU^<@PGikco5Gn|tPU$^7
zZY7|kM6<Z8x`?Uf>5`7%>dE&VUw>zj%by&4f4cw6gm=`_AHp-yI=2B}BEoVd8JrU7
zhuMT+PI}Aos)t)_?wqz$v3`=lZ-{O3v4PD#wqljbZ`~Fp<@M_#<vIP*FC_Q&W_cN4
zly$Lz&692dOc)BiJM15+Y|-znPu!7QpSX>~8y9$KgqBIA;V=bZ$`-Bwnzt7j*QWZc
zuowHXJIYd$SIf0sDg2~d=z0vs$Yp}TokH8&N^u`geJKy%2cR=YbYMymdN~#2<db?*
z<%s+P9Q#AraqAk-x;uj%+P(xx9VA8)YU{{A727rkSNqUi=N$#5`|t1e#b7>MwXq$^
zo3~ioy}I50=;q;AY0r|fi_}vC?!vsPFJ_Z#zy8V%8?tixdM!JQ6;;V<_!a=E^X&Zh
z{9&JH{vdcP9iQ1fxZup*U=S+&!@J7(l<Fq%_EB&k7C`qGrz(ux(Kj3SVk9rzB^G^~
zGE>2|(QaNdH>UPHDtn02rkqc6TJt-0E4B%lEsY@4!HPjvoEqX!7P%C>uFi4!T+&i|
zsBk&qI`N%6LM_n`I{$npfxbRy3pa*$ioYfu<&ZAYqk_ftQnrdD4)?ySsb0QIQ|Mvg
zkAKz9D6zK`4$kB+j5aO|eAu=>J#I)WH7w@c^Y;zDh@O2Da>BM_Is+Ntd*C<KKlz{w
zA~hD9M{2nuZ_<Y~mZ*Qb8fD!6YD84BL3Vk7Bnq!Y%8W10alz|<_*%2js<ed{*!i$(
zm7Cj<GBFO$YCQ1V8#wb&ObOZ#))NHege-1Ir^hx?v2*o?RdG3qXOPm4M;A~uC%6R;
zgT}7*8m!^<pd00?cp4dD^im$9p0t$aev44mw&~_;(Ak#=0|2n*cK4SVer#@ri)&@(
zrr^qu|8gANUyt3g2sXa9mHLCw{U7)@Ni8wGUR01<#H6s$Xs`#YFc6xkExH@tWq&%&
zh$>0pe%=dA19kuY8REQlB!o~byrMreaD$&L2ldRXrlrchfM>#T9nc<to%po%w9=S*
z$Z%p;!sF1ZTIvIkg2Wk8JG*N@*P6fQrIUN^*={oosAi)(Jm>zS1Bb5C>cuF#Kdt*q
z-W!w|9d0Ph<^yZ&K}EaRA1cvwRbwDx%1PnXvFw1;KivF-R`@^YEoa#gNUfiXiqKi$
zbVEE{6$QTR>YcL5gr_x8(21|VwV<M;Ig#08dx)p(xzD<p1%b}RNBfIhEC4hU)tzjK
zCQ72@U|xCtv|L3+IkJW_A@@r%*F@uT_@!G**<)GOwOZ3aghpC4Ew8X)jrK^3?;R$k
z*y(Vh^<E8qaTIc$aBo~}^*Q9sbI8_T!HHUdy%JS-#1Ri=YGp<VH#?$CSlgf?N9t!L
zit?G_SLqgCS^7=N!(5vk2B5}*?GhxPYJSBiMcDMu?94ePk%T9607O|?W)AVTyug`j
zHE?7D4iaR*J1j}zL50wFZAP%<8|^Lpa~Y%AdkfA*?`;hXU~b1YcZDaPw9@||n^MG*
zd(p^<-Gl|7IN11i{%emB1stMqXm+Xy|Hp3NN#|e(OoRh=W3H_0VF-|s0m4TwI%cKM
z-+CWU-iOpJ2z_H&WqsAInB>cO0plJly_}u*@^0T-xta5XsxA&Jx1g^<MQAp`NCnI9
zM2RkjvKa(g4=(&?+-$W5uC>cCaJux+jk8(o)wzrL7Z^~l|3vlr_vt{H<oK5V8Zik8
XF|3j)0?!YW6B9i=)*i#PICJA)N#yr$

literal 101216
zcmZU419aq3(r+?xCbn(cww*~Pwr$($*qGRuiLH)p+qU&)_uFrG-+O&dpY!i~tA4kt
z`c`*U-MW!V3X<@!IItifAn?*sVk#gYU_>Awp!U#^e@Fi8)INiNz=>OmiYiHqiV`U~
z*_&C~n1X;v!B=aTtEnwvY&OdorelxxKuckJp%!bL=qkn20Q;C&nMAR}1BD0d;35s^
z$~5c5*l3LAEx^ez#LgiH?C22Lsi>GW>+)|W@uPnJ^!(b?J<EREu)nImYJTE>s&WQt
zI1hmpC#ZpsXJk~N5DSB*C@%hv^%MvxHw{9%{arjXYWw+F^Eq!R3pYS{uu?&->g(k3
z3KIW!krH^o0I73Hi&8S+nh}Idqeuw@bXp6^p1V*=ct;`RAz6y3kB~aMdeEha;GPAl
zE@hRHniwtM628aed+4YQh#l50#6W=!S~#u5@=u1;5oEnshX5%WF}x?7zQWtPQqrnW
zqGi)hdWFZWI;C`OJXNZ3f<drWCDA}^3R<;&81r(%&pchfT-XI!-;BasdUXl%U+n}H
zYlG`2%xGq$9s0T4#0ZAEA%Nks7$}EIHT0Airh_d88aVMraDl$sfxbGdkXTTMR2oih
z52Q8d6zKAg8>FAgF0(`m$_k2DF@U4tI|`*cuz}tqDe@W777-P!+z5{%(5aC`aWT@E
zF7&QSvCQNsrrAhNv@sP5qH*z-VkXXnS)qYe6%zPjk4At>ijZZKh>v+HOVB9t3)1<!
zNXYyR%=ZMP4+bz`JEn9}0TN&k<+qWvCRg8aCy*?X&r=DJSRE}?$&u;{MLgHbk2FUt
zl#DTPmmX<TPcxf~?a?KHC307JBLbJZ&vD*IJTtO1s=%XyB01L`>3cpB<Ts`KRG2wp
zD3j`qhmB*)9u!a!B@qs(9?N)aoP>&|VdXq%@@vZB1jU`}7Nkb?ZvzouY~u(qu0eE-
zjhg%<m;{BK`$-ZeASaT81p?6Q8napV*f^BaIJ44-rQtJ$$H*>k#E@cAt^`&x@gLtY
zgKbcfb5I^`^YOZXh5RLrGX%3WbE}rk#1NlKlGx)enKlVdQoRoQH`8$i@M_{gG!)@A
z#Dueu<&Q+7QvOARmXt3=$Xp4RR7nObNC$_3%lW6u73%$~UGq+5m!f{jR=rzJc>Apg
zIsjqx4AGzYjNEFG{t_=n34vIi1MhQ5&v9H**~AJ+M-ilA{Lm45VqlI5TrxYt6Ue8h
zCWzhi!n!j$$-y?mL#>OgV=sHta}G5kKqc5R`+!6L1QRplOn)REU1nM8u~ZD0pcxuE
zWU(>vLP;2%9Nl%$GWMKXP>%tP+6Anycg&h!Fg>Mk)u8iEG`~7PLQ+A(3Bj&6eRk;d
z3-qlZdS=E*QvP`K0E+C`4DumV5#f5#=z0+j_F;3kp@fkT_J|M?iQr2LDrAWX%X2}U
z4TzIPxT^x#>p+`&IF=y<dqK;>Ngci^^h313E$tv=;^JS!d2Per8)6OiaA6^`0>_!G
z$B~@}I(~!D;YAOi)UnZljScRn!)68h#-<pfFGJeU{s{hv!5>sGII80~=XeA;>(etL
zbogez=hXsZ7Yyj_yfNT|RO~C=Uhx3c3t}8h+c~?o@<G%K&+B2_Ub=C6$KI3$$(O!{
zaqf$}rVxqbBFPyhNe1#2#FUX$M0SdizAkD+x)o%3D9%a~P!r`$zsHayNhALhnj}q2
z#2wZ(!Cw*4BPWdK-#5nzH<NQNdYLV-OtM&Mz-~~{BDaOQK)OJCb?33LKX&2Cvy*)i
z`7*=d4;RSlO74p60&I%e7YY_Uv0%Z8hLQH?ArB$3L}3-jJjC$F?8VT=APn-BP|U@g
zjK&z0upW$ykINj|9Wo!HAEKJ&g*AmWhSf@BhiMw84m!nN;KbsjvGK6IYVy!&rwY<W
zru1tKYYnZA@eH($c@>wJTjrk>ax1Hrv<f-r9QsYvXCks~)w`}BoGU$=G(~mBbS7;8
zyC(bwb{uTDgtJ`~kj=46!<-YH^X}rt_TmmDoCnrl)@khUpJ1O_Q^Qglf7C6iRijkP
zR0nINHMBLdH`q3aHioX=HB>erT5ru?F6^AN90O1G&*&Cbs+|=|RnzjV3vp{`7j>)J
z<)4Z!NeO!E_d{>RI%+-FJWD<By<GUUJ1si#I-NT6?zJAg?p+@?9#rqmPc=>m7wnHv
zeQ^EQ1OeUI{sI2MUxpzg5!=X#$g&dW_>QJP?cfARVMvr<mSA7VC3pcWSh#+8XLt>q
zMchqRl32VL3Y-b1RU4PlGVh{IsqTb=1XEJPnD-4VPB$h6rd->OiRS{x+Q@S0qR2jz
z&JpP(JJl}Bc+0pGt2yHmT{FIV5Y~(ptNJ}NMTplR1L0hQoL}P8#&$LYrZp^ER-0Cv
z=7!b@Hou3B@&@>2Q;VBTQxB}h%*F_4Su1aTI9FL!`!z4tJvOCk)iw$ke=H6zQY;*5
zXL)5QXoIa;tf8!Ft+l)1wF|X>Yqx5*esuA+f75xBe@w%7fI@^S7ftCWmt3EjQ$B1N
z`E844n><DJQg*7$nX|0Wt1zI@sDLPOCpi?S$JXX|f5-g8cy_1?&)IC;+#K<U@91LE
zUB^Xtu$9iq(#7-SbeqPh+Ntw!&@tK}>uPcPv2SBWceiWhBNb}OxMQf9V1gizuahq&
z*PFk+qpE|YgTrg%e(^5uN$=EmG5ip9mv!qXV#-@zaf@UNtjqs}`{m&E;_(d6n)e5b
z+uO3_C&s79SM}!wXiz{*0O7Y)unDlxz=c4>V7g$SFmF&U_!`s^_!W#F!7g3_95>o6
z$2_NtorNkEG6wb!j76Lp++4ga;&;CgaWOYBTQS8V$^G-;5-Ke<x%ttutQm@#g5%8N
zTt~gV!#L|m!y&Rkn+Q*=Go;EGTRZ@OkkfDBxgE8Na+q>{NLa^Zy`shYrs)Rardy#%
zF(yxw{l+m!wl6z`HL?R}8QG4yMHWg%uh^DklU5~Tr!XUvk*$(+%fU|9NYdy#n=b84
zsVl`QlT^%J#5$`w>t6KahyJ;cS<6G=Eys}KV;psnoS`}?&z_md`EbluZP{lD#cF|F
zj@`~G0J|5m(6>2$JRY0DU!XLjHN)x{@6p&IyUSP}&o^>ARWW=z{y3$VvOx}?{6nVQ
zH2)9$A53m#Zf&Q{!@+~g@rx<hiM6z;@u^`!x}}t(QSFi}g*@&~`JFN<^#;smj4JA5
z<v}WUG^0>eSlp=l>BE<TQH6)tQ(;FTNA;U_Y-(17$@vWGJWt2e{wnhN++?xjcdo2#
z`pgZ!A)m=UZp1^#sSO^)tTgUg&#r^_fjeFdF^1*F_(mr89sB5POm#Z157*PB*l2kS
zM$Px*tYLdA+1BFG*{rQs-}VFETizA-YT5PFD*fA5IUTpI_12C*?|UjUvv*tVKHZmZ
zpQb;@w9>p8wmO2kM7nkdM|)D*X<TSzXb7rtx-0A&4O~}Fm#j;wxiwDoT21M#tF3I`
z+Lm46&#D(|HNPB#UHTs?;wyY{V>uaCp52l>=29kvv!3jjS5&$V`Vs#S+S$ggYiZc3
z>bAyqReP-MT~M!0y&r!VPaqWHAMgrXBwyKVrPNgx4_20#HQ!twG<sB5G+9sW^QZa4
zzLgu+&TUq|J->}U_4_S+mI|7``|Jsg2Ob7*LOp#NeT)r?c8Hp~YHn1u<$78AdW&j_
zuI)I6XW@R}Ab#+?F6Bs$1Jv*r1l!)R&X#wLKZa!Eo;av8+Z0XmJm&eTUnWPSDQg?$
zY%KZFolnnCBIYQk!1K8M7QfCDoV$(?@}30r{d@03HpBtZ;eL0|7fO}p)*IxtvhZoX
z44h4|w!CiS*Q1e@h8l|c(OqskuOVl)oQd}9ZQL(rZ}d0SlWU&M`tN%0-di~k?w0Oj
zmzG<V9rixmuY!+XD@&Ive)q!5!O@7QgqxmZUiasKK0yIDI=^vGofqJ_w0x=cQ9?~b
z&6r}h*XoVjO;v6Cy<(0ar$Dp!=a{~*zwUX){M?PmOTpK{tVUR^TbG;v#yakn_m})<
zR#&s>72MW^*VV`8c=$Y`;;WgDiI2|H$fxSwQTmko+uhq6x=687Cnk{+z}ytHV;!bP
zTGTsy4215oCqwok5I!3fc@Pp;{0j^*dyEQfRkUZ4C}1A~<hMLXmU6vBdhF%=BQG_y
z184J27}hDxxRbLwSWLB;c9Q$YN39$PRxC(f^2dj7*6W*~t)%zE8i+gum^uGw7LVvB
z(XVOy)cT3?x2@W*Z<QjJzm!~txc}xAFb+~bok2h_$p7&Ml~y6U{+n{-TB>QfXv)j+
z7~9)27@F7{nKF3TI{c*u0pauD`TJ;V>S9RbVQXXO%;UjN@=pq$zt8^|W+Wl{Cy9$S
zKZ&Ni5|OCAlPM890~-Sqi2y7S5fPu0i5ZWIn8d%>|9;{pv2by5;9+ERcXwxSXJxQ=
zGG}Dw=H_N(Vqs)qq5n%k@9b&kV(39{=S=!PApeUaX6kJ0Wa;2yX>UjL4_reddsi2J
z5|V!`^zYaI$Z6_f`Ja{Sod2cPUj-TeF~i8rz{L1(?7ysh{}|;_vh*;u(G;_^HMMj8
zyM_P@GZPozKN<eNssAkbU#vg>!^+LU@!y>PHS;e{KE{7&@LwAJkGcLi`qy3puzZaF
zw!HwXyo)0{2#64fw3x7(2k5yjltIeEieF;ZzS)&H3Xx$LzbQ18C^+cT<|4n9t?k0<
zV{K!#>yNdzr%i8SXxJdQ6>o6p`1ttFr}w<0bssDeDk`ErZU^V?H(zssBcG#=E6<@D
z8ag_gFnA2m=m7B^5(DHqXiadsZ-Nm4X=#`;GBQfq+TV2vrSr?nVL(Aap}&6@b*?8z
z1Qd1gudnX<wx|y;4*i?y-xyp@$k*IXS#HqUO{Ka)q&6D+NClSBfBuR5AEF@SI=ErQ
z%XKrhW+q$|;3bOYZQm`CAhu3c;D1T-m%ax%EWlLA&nR5xd1ifnSZ6rme01!)-sY?w
z?;jUYclIg0e~A2V;D2b~NA@ih^d+HZgljBIZg5t;^0&o`6ZrEhRxmww5jz_j2@3_}
zo<yvem?jktE-rvew2=@dOWy2X+W!m6A(_+wJ3fyKq^a1xSN{);@fWd>F8%fyRC3zx
z{evvCk&?ehX!r*Z#m4FXGTuK#P6+-ha#t;5tmBLOLRpc`fpW7|*jjkSj|~+^IRL23
zh=%BAe{9DeBjCJgZyVN|fWrmr{|ypYhzvRw;G<uAH4v4JK|o*LQRX%<mWeaJsFt4z
zCq;T89A#B8qp3dxrO<IjYw~0sw{<}}(foW_-O&C2SR?KSI33t6KmXN@-9l!h1%<3|
zNg;V`+Sr=0%_U*PVE_`F=UYJ}O8n}p7h5}cHR_!=tmWPC&=8dTzEx(`h7_*Jx#IsL
z94Y8u;TlfGr3rNyFl9zZ>l{W@)Y4LV#6SD{C9eC{4sJXa<_*XQ{rtK#JB_dt`>l3X
zv4VtF1D;=BNxBN)^cD_WrrP~wG-(8F?=Zw9C5dTBzCD<jRFM^_L*bjH{m^nvca5ly
z`>&nQ4gFV(*^(@=YmMZTJ%7R}U=Z+A$b)TK>56;4kPR^+Vy9D6NlbVW2$fS95O7O^
zcD{~a&w}*HpnqOgA*3q0A;5}AVnY6+S?>pC=XKAW&0I#wAaDm45*9XF_@iIoXs(1>
z@a1Sq#sC#n($A%Z#n9+SXhQIuBBYNXi^C{7M>ws(+YBD=!hd#rU?KEhJDlg&cT%56
zl;Y~%<3#|=Jk(}#3nN4HEc_rzcGn7-n@BD8L6tT}Y3b3pd0Ca?XQSn$S^Io^0;5#e
z>}W}YXB)!T-Mh&}R6=Y_P0`IJGlGjr870hg(RHr6g1=AkK=t+t3ufW!6B4GC+o&4P
zF_;-VtrB+V^GFU1D5|24QAmWVIzWH!?xM78_(8+L@$LH-F&BEVImfU&uCM&BOaF6I
zZ>I(Ie4apmsAx6jJ-E0fnR@T&a4LPkq#TryvnsFLmgk!k#+|A^pp%!;E|sE9ETmjl
zR^}6Xq5D{SOaN-giIF$fc@!zHnilQ~Dt@><B8*Sii`72nB+Pzsy)z4<v36%m7rG&$
z?jh}lM`2+)W+f$=3xsEOJeaLKB)^-Om?Sb+vK>|9Rk$@@WHoiGBicKaot$XjJo&H3
zK5c$Q2tZpQ{KU_>t#>mqT&Q5Dsx50kiEqj=@z?&3hdXGJI?S^Yk+_*Q=L7Nt{QM4A
zqaO*bUFXWy30>dWo^SW|!p-zJTfwHs0WXK06cvgm?*Pa_`$Ng4O*WCV*od|LqY+h8
zi=$WGK$JAt)vPM`2<8wQFk5MrF!>(b%KG1=#=H>pb|rU#(Fa^7h#0~(KI(&$Io!`r
z!C(Df8#jtJYh4@byqcz$VNhe3a~%Gg-*kLd9-g1~%EOa;wyGJtUwTgs`v=)NuHRLk
zZC>F>JDpxl8Kn`1ZA<MdDk^S9t?jp4_9To5996i;e4T}~3|W8w=f`o|LUOz8NAE0y
zzqmR&OZ^|>0{!0baZy7*1}hp`5bQ*a7GxpxDoAFU1@!BhU49t>J{rySml9xqF=8>9
zp9*FoECxBbDfxhAw;{jNci33`aJiLEOTxtTX#_)J;&x~W$+qd?xw*<Rr+rb0!qkIM
zh;Tz)9hx6Cx`5%~GTnzevrl0;Ml)&3sxOnir1=I_sK%`k`>|9PzK{9BwoqEeZg5>5
zcNJ8(JGyfqd%}GL)`j)5wbmhVdzw0*q2Ixu)^zrE(!m&Rgp1Wi)>F+<eak1UA6bv*
z?3=kXqmSGc?@DdPkcfT3h#!c$?Jg2rh*|4N)e37IJmQ~9n+hFGCpm6Q^YaA(dosjX
z#u~G~`9qsd(9IQ1d2b%?t8Ba8P@8SF-q!x*gmEt5Mbf*Ldz(wi96+F5yw6ts2FYiP
z;A4Fpz01hv%`<k^Eh~oaJPQ#?QG<0(qci2_<F2+Q?gn;#!->Vduf136tz$TGV+Gbj
z*L)+V#Bqak8IAZwD$4wkd4IH+K59njVFz4@3i(j?A8@_-p|rOR3l>t`tapdIC?Ayu
z&-<c-P@F-)=5K;09S0i7hpXmj16L_G`?h;{gO$~frA{7{o%{sHbe=Z|y0s4cl+Dku
zYXmWRNHWR-{X79F8JQr)ViE-97Qww?=|arD^57&r@apue^pHzFo!_}A#3{X{^vK$!
zuCwX(5-c-a;m9l6S{qA4S#s&Hw}{uAKOwKzk|*@rOKsKjIi^f_3*1KBipx{*CpYyz
z?eEk_awSeTb9b|RA{A|H;21jh`*bTb6bMRY=^vEW7ZZ_tNxb0=E9*+%UAIQYq_2Re
zNqc;Eg%^>3g|e{?MwK*`)s=fLS64Z5PDiIyEKUIfFIMi<+S*d>imKdh$hXD&_xI36
z2s%+e$#(%<pW{DTVLZ{MInX+j+io+m$kgTJYep}%ebZK9y4cL)cJ#Zv;$N7l%CV`X
zO4<nK$SdyLmG_t6D=>Ttmwc!#Oa*1`tdR~7vx@bH{_`3mmddM?j9w0eY*5sXoMtdV
z+fCXLKZ(GMY&{&09WJR*lUF0@z^;v)O@u}XbtE=)c;Fh`D@dc!6oB|i^&L*!Oa#+w
zdN(ix&*u+}V;V*sA9CL0+6lI|9$o@yV6TOSasZBu;QRYGvGQ+*%;_t}EU+8BLP}*v
z1jS6lbUo8Qr*^t%rzE>KJKdOB-*^%qcF#<wWz{rfPvXjxRJ=PJTgz_`L`z7!)0^lP
z)Y~aw&HEf8PPIxtQh%Wn)1q_es}c^_%8sArLTe(|y1KfKKds@6rE9-<-R{Y*8);tb
z7uxe{Xd&;aq|EWFTKh#iDtkKV>gXwG;~z4D`4wuJpYA7MT$C$}E=gD3kIFtI1iGK`
z_-Sh+g6e5$4SLw&<kxp=L6p`!Jirf+jY-<+5s>Y`!ov&O=+FfP2gzwaQm`w(Y@TPW
zu4)ZW>)ImQ{SD(N5F0Hq1#l><gH)TkXe|g;RJ3IHMq{my;<pWw!kHE&4~}`09?9~P
zD?-D=QMx<5bx{=t1_pMs`BXZ79IVRzD;8Mh1kY})bUkl+x^KVmGTpUSwi2JdqTbBC
zY-Bhy(BpKLcT9CFk9%`Mty0c1Z--ql+p8fw?3>qcLH;^xb6s}U=JPy9&RdK`oONB}
zsYq{n%HC4RsikA+ne1b6IbKFypF3=`Ryl9=M^wo{9I^rMKmxJRUKgVaK(8<ah57_@
z-3S-R9L`1pT5w+aj>Qw(bw4@yz-oP8?B-eMSCIQxaHHeQP?}kIG;j`y3ns-Ge||nR
zUYFhj0aLf0j7r&Ip1oqrUV1FPoY$TzZ*g3#mN1ue<KkP7x-(Luk3Oq8$!@37TqVf;
zq$@&FDwH<EGLlobt`U(jOs>m$fyK9C<3E%iY%ba!H2-)|%g9i5G6OA0-5>Xu%<df}
zypZs=gQKjb>^fD$W>asnlhrGi3}y<*`9Qk{JH)KyMMS<y#9)Ob@9*mZt0|yU%IyhJ
z>bP4yHR}wBIqa5?O)T9Gz3-(4B8<avMLd^+Q@`&}Q_C3|G7Eg}tD0O44{{%6NAB;(
zg<&HL*F4hc|3(>0s|Cj4^FFt)N>QVfwYi>0>>RICn_}MW$!Q^Au(;??y$+Z0GIB04
zp_k^kMU8Yv`tAWWT$3e2o_UPiuY3^==gW*8XF`wqxAJCL9}`M*1f;gw&{aznSh;Ma
zOTjBEAn{iziCT@l@tntrVkicgXJ*=&0SdkqmDY7e2Q+l)-5}T|2o=Y~@^A@Q>Bf=D
zfceXP%WiAg{USyhnn9nE9K~$sJ6NT7{o$LGfFdAxHj^FQ>%*Dx>aWMDqKdV=&v*A2
zd{z_<9Y1U%qXPJT(nBE3s0Q2?q|yEIo}#l4=k62d7bHG+#${xr)9i}<zc%7E(e`*D
zZ&UTqtShz|gPXUrZIP9msWeAddM6gC1VB{IgXr`Wms`@CBO-bAXK-@(q7@3B&YLu*
zgRUz_q8y&Ul2(;B0_k?q!~8DM2m1rb#hg+kxBf(l8O)T@T|S0L{dZp|c;VX1oM}0&
z;Vh2&2Xyggn^n1cLdS1B<PyJ{Y62g~eS6?HNM<=$j~M!wVJL}t#yh`5HLf+}T)1|n
zNHp{kTM`<owlX}b>&hc{rL$vpLIFgExN?>jp$Tgt$Fn}jMNm~|YR%2-J*jwvp=6?A
zXg4zg5la~d)HS|fKZQ4o(4|QK_~*z^iY|l&&%X)stQE$AGM{pLadW5pNVSX}79_M!
z_*5$QD~4h&0N92n_*Fi4u{><moX34X7Jd0u_@<l{`KDM|)8+iu6OQhP^f;4Vwyn(|
z3&|j&u1pH8{V(mBzu$-hIrDyTKWZf>4OdoIN;FX5O4u0S*emeh&Mq0vw`DvpaHA%q
zr?=>bqi1p?1rCpl4B*;#1^a(J{Y=Iz&MIm6bbddEA=5-nm=(aOj4qQf`=&2|(y85S
z*Iz%?86lbLm$ljD)}UZk6As5qu%z!!u7D?q0Q&hE*6N^FLoS=P7fG4d%WL2LnB&ss
zc#yKRGv(g}Z)lhwmcGOfXy{LqQ-sj-*dbqc9MX5eEhp<62#6paonq{<uI-NG{k*}#
z9-+JIc*tYefZ9&o+6tgnr67*y;yo2L(lN35x}~k%xuMh-SN=TI9YK+*azCFAoNm5<
zsG-b_zF1?uo(Z?dMK7CE$m#PrDH1Y{didF71Ho^y5xi1ga*=A)uQfGQnhQ=@a27eY
zPy(;u%Vs#zw72mj&_nq3slQ5SdY-B$NZ`BwGu!#{#KeLM#yH+%4TeU$i5DPv!<Os$
z>Ui{MxAo<DuKxaZx#n<MPDz^0h54t$9%Gz^P`aU}`_rl)OZwCZgZYs0(3mv#^2>9{
zw`5}U`t_`qd6_G^*DiFK@L$R4H9k07=?@LGyYX6=7<|sjX^>eli;CLbQS?ft<K;bg
zU6M>uU?bi%TY`f<QFH#w2D#<8NDW3tz<h2<%ui!>N!+O%9Z{c`nath9RFH05x%Vrz
zgMdvYIm9zL1~5z9C6bOkW~{|#RE}ERnC2}{Lggjh;Qbbd!re`vSMlRz>@?9LpaH<K
zgtIJB-6))oe7w;P^}eA(=ysE_N&-0$&YTtNE;nPVXVbhWU`ce`%EXN(>}s=ncw5r&
zaJ=rG{*$yEpeRv?{c~+@8Y$W0n5^53htlY)RjT=f3yeAT)24J7M)Zq0)>9!&BBr20
z=~2QOFUsvh#}rQ;E`p~eOzej#y6!<@`V;w(u9iy3;i}c{RVa@D=3TyZy?4);S=V(Y
zT;>4ubr;+7{p|disj5$5Nx!#`-9E{y8478L3En}e5BgGNKE?rEZCzbY2OG)rt*5R+
z@PqtXld+c>I*J#(Bn&nH&+n89f_i}?{8U4_|EUANrNI!YhRgh${_N&k<J-BR0M%b7
z$iKPo_c)aX1bR*hh&t@T3}xlmGgD0QJu!4;^5ZN29#KP2v`RP<p9N1#ZNm2d9Lq_6
zJ$dUugu~-QL8XjgKQf58_Wf*a{%x^i<;O5MH^mn|C$$gj%<g}aXxg%!s9(q=nTW_a
z*}cujg1j;Qy~A=2qvL*;RkO+IqK1Rpq;WoM)Pre1oX~gIP@tp0@s_%9rqW$8=?9I%
z*UJ?t+4z_7DO*H43S}-ABr>w0%U(Mefd7Mm!+t%)x~6Lu$a{3oIv!FwLLUve{^kAb
z$anMnCAXS9>C1dl^!s?W7&Q!@KkOyxhBb*3cbdY2SqVBnGwrluMCoa<MmPM--}yU7
z)layqfXC;tYK?sN+FS{AxeBGcsdtpxj(ZIFcfvg^3t--t3vLdaSb7dp<K0MU?!d>>
zM>KaBu8*RiEekoNG*wCR=^j9^ACt9oH|I%Ea!KKaCKoK()Hy~<Bsn1?lJ~OXd!EmI
zji<{8Jg4FFHE|envh2a%q!CNsj~TtYYlo-5MaGFWXg2@t(jU5c(}|Vf{i%~elo>N|
za(-d4PoBcbSPSR!c}=%uD=Biu_i5dbOvVVI@z?7AX2^mu0cB9!g)s0iEI6PHX=FqU
zC=~+jYGDJv=zh8PpTDC3$;pkce}O`moDPJg&?@ODhvuyCB4<p)@bi$9*j`wf?4yx1
zUJ2b_<wPB}!P4n<!DTg@lSY}R!eg_=hjhKgBej@K92#B8BIf6`yGwR=@z3O<1jSl1
z8Xi5$&7+yAkhj3KuHQ$W#T#)L<62eL8Lgn$Y~(_8Pg~p{r;0d5%RvD+G`lU~qiCeR
zo0|8dW5p4Rh7l3-;6ZR_Xm(goS7ho$0HO~ee-e2;o`N<bW^mN>L-9tGz!Z&kgcHw~
zuw;<4gxGz70IayM3l_$@dc!8xwh8efm51<;B1O%La)&so<n?23Grerq+R*cvFPM{Y
zkc|d$%1V42n29AJz;<`obkU9$j9)dJuLn*iprNBf5F<-vDlXMLU-FN_LM6~D@F9@T
zy3|b_s&f&aO4N(4wIC%-vD;MCE4kN5+2ea#qn~_WVT>KSh)KBHd)iZv0<Zm;upvd;
zqNsPgcgBQY5C6ExZB@0nq^hgNHvG{VN3<JCLWIgciy&j0Mj%gOH1%0DbCG?+xgk>k
z8>XiWeceenZvUnI#2gVB%U;mw>pL?~fE;DyAyA;L%}kh|fbTG1dbE39KPA@w?6C^@
zELtJ>*X4!^0sNsE`t%}n`fk65J1qXVd)yRjz$4?}FJUj~dsCOl35<A@qJ%SggBAN8
zcLR(bGTGMOdPt=X$k+^o1Xr=ndsG$q&C>yD1eYFTSN_J(`sHZldMem$&joi#C@5`X
zg~<{Ap(+*L{15kc&)bDl&$Qs8;SXl7TLrkCit4H#XTgYqk4%I$n(Hom16)_@^)tEP
z?S-kXhuEcw*j@yxr4xPj_HEew-X)2xSV1f-V2R%%U#?-~fcEw+%S>{&P2?~!6zJHt
zSGFQZC9pW!M&H=5BeA_68ad(b9M2<uKX2IEGhNIJhbp`ii^d6;CY!u}OordA*DD%5
z*Aa8=#mvcZf5-4MP6r&fp!K8axo@Zsj-|SJnq)b>-wY{NpLwv*KRNv_=v0w?F%qb#
zth~8wC-g{1)Zn}9I(y=Jt76qk$6csL4u(Pm8mkR>orIceHfzU*nDddVV`lqvI9u5n
zid?e3=t-W$%r7m*=fA#fU72+&az6QgwOccrvALft9~u363<E^keEq9{+rt3ffMB7)
zXMKm$@$zb|wvj+jU<*EatE8tmMDn1Xelrukth5V|9)bsI<aLDOi>q_l_c_pIynwnr
zyAMzoLK(iiGnPr$fh8$&!}GU4?>%Vf3qRM|3kk0pjqChIHJ8VZE!Ou9d-_h}xN}1J
z2M#d0=-xc*rhd_*TNjJIE{8f1pU?$U96Nt~eK&ZnxGCalq5-#axPn<E+Q$$(lzJh1
zbJFLM&1Z;~5$Bb>Z?b(xuI(`Sv((_=J!9C3e7i{5=Bgv(*~N^Xf$PCz{P`a2x#=u6
zSK83y?ZTbO=(d&bvd6sJqJVHslQ~}Jp6b4=e_T<pcQk^iUi!pHux2eeT=mTv)oF#V
zLYsb9;zZ1(Mmy$7@Z(#5`;a4Pd{(PT)uEg(l;<Uy9Dy&~54!YNfGmyUBlRAC6U*r5
z(2q;Z^veh{Au+tD9(2bt%<fz(@{<Na5AHJF`0=E%mtD%&*4CwSabEaUPo;)KVp?iY
zVp3(sZ_y|S5YBm?t!4ega@@-EQ5AcQ(G}`G6)p74#j^(kcOpLGMJf$t^Ikv3yvB)9
zRm$Gr*k~oW?oN*$OP8vJk`pYcsTm7s6j803Yx@Z)5QMF!1j2^l;SiX?+r&~(8l$e)
zG<K)X+v>9MdH-C0Lgi)tp^OupJbrgSU+zU}Zle})-yb%H2i5!e;7<3mDbw9E42E*N
zTDy5KABvFElCf>u<^A-JED}1pB^gE=HP{J^iBR&;fyPG61a7L~;5g$jlk0)q07}Q(
z<Qc_9<C0EXl49;W3C{yk9SqFPpdYXhaRvBV$H<2?gJHyeArYmlr54sJ3c3C1{S_(T
z>xF$t6wND~r|^I@xTNb$P}80&#=3zQt%=Dovp#_7T)34_97si7CCcn?Em!rkGu2AP
z3P5Pr_GzT!JdqMXYD`(6wP*GfVT~Bv9IH|_MBqEua2ND_a<IkGSdL%L*F!^I<zrIt
z3eRRO)v!olu4IZWCKNb5S2Dq5+3tQ8gKO6U>HBtXws9t>t7g9PTgpm#a^xe|n@<Hd
z)_P^J%wFI7gFoqWaqDZ;;}{kZk<+{k3AR5z61(GbwX)9Bndi{|gS;#I0UZ(^$0EJ!
zZVDAONLNluNQmf+9d?TEj!)o#r0lu}?5p>rG)Lx8j;AX1h3VI_;6Fo21488O3i*pD
z3Ggt90&g1kixI40$f7DDtQ6PQ^^L8#30`Z5P4S}w**7kpmYV_9T6xjWZ9V8Xg}xiG
zxKexreehNfAE6bNm>oR)of1-HD<T^??PxqJRNx@l?e#uv3wOBv>YrF#S6675WM9Y=
zbb3fAdW*YM7jRA>hCe&l&$Dh}GYQBzY*vU7n1u9jBDq{H>>Se0I<pP4c?}HX{*r30
zkC-{;GD*oAz~=DA9}L+g6DRpXQj9N$7@k8e838X+k{;ZvNzIV+bv!h6w(ao*(rI#H
z@T^6;y;X@3Fw06Snf<2}idSi*y4VWqw|x_rcz9^X2g@4ct%Lm3O(oW5doc?&w$t+7
z-2!}j$3cbUK`1Qhv_<Q$Yw&D7JC?Agv#7_JK#!Y=aw;0^FyJu~i(!#3f)(LMQ7Yjz
zP?8R;AdsptKZnh$X7|#;93d41#gljk8IRvl3I--zFat&q0jZp4;kMI;1l0fwLG(S*
za+w{e$amNzo2uhw)+6o41~F<9*yEAl$Xx3ptJ7~KMW&H$jg=|kHO^AbeVxpiVvBSE
zG%exLFA5YhQx@i6dErY;f@I;?DS7le_8<Q}c&+J13lS==Dc*miRsl8gP~$A}+7$yW
z?`0)Re5c8D^_}8oh`Lm+1a}LF@ok}@hsiQ(sooqh+xO7&*=o@xM7$U)l`j|-Mk#K4
z7;RWcdpz9vTgxd?keW&`u_&Y}$_?%M&5|G~zi%aR>fP-f8U(5$&jM1Tk;?v#v{)l*
zW;t)gcI#0&z)#lxPemI77~~_co3LdJONsXphSt(W;7t~gGmuP8iM^|r2(lo0F-`32
z|FPE1#ax;cIMPFC_d*JZfM<XOCv7^N9P0-bwwIhlshW&yO(vv}({<s!V00yXs+h?H
zG&$~(Ac7JN!<QTx`dva`ReD-TL<ru<*H0>t8}`Y!CT3+$yJW-WMu?2Oqqenbu$$vH
zN=Evk#EVa%g_?H#qvK|8Xty<OQ$mlU*gjcoo+USCm(x}!Zo4k-SYaf|M!RW7LEKnU
zxWE#djz&;g7Z^~b)j7$;kWbv3Tn4U+;#A}Lna2AS{6^pd>;7@4092k=d`z^`a^HEs
zn-WG^xQ&xg{tY_w`9I}+K?qO=TNb&v7{$JA<1nIWamWxCDQN|=*;(^+SKt7=bhUQ@
z_j+>f+e~_U?kV@Cj^zIFU{%h2GPbBzNk&!)yK8KbaZ5=eh`q(V1mfh^Mbhp}oPyz?
z3jOew#+{$F*I_B!_S<aKBoTejpI117sK5<gCGm~#7bvL8+UW!Gx&*-Shq7E1kQwPg
zM?{#H9uUqYirra}QipPu-j+7<`XBx5^GgTeLiz;iNO*z!K&qMx=LGx%2`x8n1#Iax
z6eBOHAPegH6sgr(jqcCm8REDz#vIgq$cz(Qsj+gz%=q=z`WYq*%q@h%K}jO_I~q2V
z<ajqy`kn?YNpWMTffYdPQUWMR!@QfJM?(l{BB=6E6jc&s5kRo?`0@;*<#t?khMpXo
zov#oK9-=HN=72be9hz!FbodqG@cwo+5Oo?2V`KIS55lY}q0-#12G+}USUOyB6{UqG
zHQ#T0r0j|VTz=;_9)N&4Qd+3FU0_9f`)LB|x`IJe^y{WfQO2|@MlyxIQyaee_MyNx
z{3;baLRvc_AlZ+~Y6(U;EA`h^`en9@*t{7LDeZUtN$m)iRl0Szhl9ba1htrkJNmx+
z@Stm?ou8U&CIz`djkp&zwAHyMg}>~b0ZWl43IPV-5VP^wjP3-wBQ$dPWo&W4w#!IO
z`<x$7WH2YvfFH2D?uR&>f9zy3&>#^B4ER*J#Tt`-OpQO(l$^Ky0xv`(4SN_6{JPOt
z?Yw6p$jo+8=~cn<?jyT=1!7so6zOK#2<F{De7YU+FW1@O8l&xYy?x40{WQn^rY9H0
z=T8k+tX3=vRngVB%*y4N75;WT)T=Zu!jPdGiiR@;<+$Up+DePtcfL@dMS&aL0=$$^
zQIppg`U7_3=J_i8NIzIsSF9jY>jh(9u0l>uZa6A!T-Mh(gVj6&qPS}pnjFXc{3Hr6
z+Q7ltgHqC>q<Xp8C0W$@8UBbr@XdSh3~%*S?Z>7O1_!;BlQtbp^ljUlK43dNf5_;D
z^ZQM0`&CKQ`isQh5G1+3DC64&;s4f+DZ#~htPqy)v<Ey12O*0Rvh>x53!D3fm&rm}
z4~<u=JkuR)2*=-iXfj)k2~hE)W`le}IK7H4SmYR~5Auhz*BXDT{ZNUBcq~7j&Bvqt
zQ7!s3iErVo)hl1ARX9VGwHS;)emVe~qMlr6&Bp1;>nhTS;Bpv6N_s{kV~Q92tTIdD
z*8s5CV)&+7>JRf2k`UHfVSszqdTDu4RoofE(cZ8b@sqlEU;mNdH*)^7$)*w8<4K_E
z6c6S`(jL5OQ@8aKU_jK`4?U-6_^!kP#`C6Nj3^l$lbD7ae1w`hy~_X|avC?aR-=&n
zd^KDW^f=&b_m2#lI_6#_w{w}6AR29VZg5+GlpPxsZe~R&+S_mSw}E0_672YI6)RQJ
zYas))KMYybb&W(sZ+KjnNiCd}^t57fyVgH8+p^toTm-eXdqI2CLVz975-NK6zby{2
z35uS_qx-+-hAM+<c!G9#DoCR0N0bP$P+ObzHrkSR6s#7m<f(jTA;w9sVHu<y-8Gnv
z6L8N<QwX)*6Tu-1PlSnNK1lx=T%oD5cgwJwA4cAKy;CE^b%t7ZE89@myRsWApjqby
z1}jZ<gy9)s>d%6&*!774`E(H+NT#B?+RVwj{l;^et^2K6`^Yt(YeSm}ShIR%Pw`E(
z{}h0#rO*5Hd?5!Cn@xvChR(EPX12Q%^<KS^*9m31j?zk=m<{>toJJIHZqD^`mQc4S
zDQpfn&geRzKTA?9**&fNLKFba?x0%mdK?Ll@r@EBXEb6<R(NEB<@xFZz^TaoINbdF
zRE|w4U9H?M2ehv55iY1hDau@&u3g)DXZyWA{;Z_s_{lZuCfzHJE_86za$x(5>$xaN
zq35SL<Zl5N$_Xbvt_&@wbQ!3O)6n_mlqfCA3RlZN8U(My(!yS^Kb}=htAii`biLUh
z`H?@|M7Gv^OC%lv|7uS-hXI{v1PwGiUa3x!oQSaVXxx8!fhx3KQkb8P7%WnqEU4as
zTjeZrB!~lgQsxB^H6!lw7L(A>O(Pv#1|Yc<_BK7%lgUS1rN_h%OWj{?!7t?bNWH~#
zp2Sxme*g}`h{-RLWv>g_x3@!57ed9Kf5{%HfzNrTK;QG!uy%F0DT~adJf?yA6?vCQ
z&lY=|?;?d54#i5I++(K;*j6Oi-JdTeG!^EI<7B3<haSm8;PkDBtK`?re{L)LQI)Lu
zG*51l#HKX)!6SOvNrVGEYMi0+Ms{iB!-g?)c-<wDbg!cG?`?o8Io-zQv(&xEbB(l|
zT(rz7O?*b#ZTGy8qF&0Z`Fj#o8}SlaOo`)$>}I|K@a*@gt~hU;z^$QaM6F;ziGvt3
z(J61_ml!m~T&z_Z!bR+64v)H6dRH3VCuG{Vw4|JoeLbqO;sWZ5_c6O$WZP~ALB~3}
zOL@}xfsy)6ku}w<`YGF{5sR3O_ojeiW(&h1+dYNT1*{Y1Q8kwtR8VAc{wXO#p2XHf
zZ={7xzEqr;gMh7&!t!q<PJIu^g-DcGt5jf3+?fGKUzr|v`vW|kKIAaLw>h-tAwjR2
zG%+hx*zXv%y{Y%r?dRltjPa5(yB#3h$$B6rEtwWoQyk5O7eReX-}#Qh$SAyQ=;gFF
zIcWswL=yvS8$y*V6h}l%z+K6>VW_LLn|r0iL`IM*0Le|ROb=un)uKisbhf02NieOr
z{vT%-4Z%_z<H4tBVkKgRtMiDCclP%CH7eYCo)50;Zf92$AH&y|9`6a>4(pDju{g<Y
zsxCbRe-G=RcwI*UhzeFv?S!X@swk)zlNRxjOndPi7n!bVro4lNRzu7$wp|UD1ynr2
zD!)1Pzm`o%;fiKclgT1eI2TpX&*FIPI0X(ve^ZziA0b(c45?~=U^tUVXPy$9QPJD7
ze%|_j^)yTg{DN-9#0&%>o6#Qmc-pW{&%pKf&EYN`P!4>%iC9VgpI(w<5uv-f!+oyY
zJN8gQWH2%fIN}RJl;}A{!2yt6)YSw6QbyJ$T$Py{;xy%{M!$2iDQDzI<_i_3NWz0&
zV=5-2b?HMbN;^gFw{P?DP1{Do3v}4#)~qg1t_x@`L|+!M#5sEhusxBKo~Pxm;+vgn
zUHT4O6gj7@ibt*Ka@ryg<&=3ouiON#c8j_+GI5lZ$dqzSjuk7LJ;Pjbne(6nD_OsJ
z=m|@6JP~*XA&pNuetKM{G&}6o))sfh5T3RS@}3n-`+$5=={F7x;YTG=<k&c+Hb@L}
zu)S?B|2_v}sG3;UAz<A>gDXtRH>>#d;%JMG?{Rx_l%HMkXx}N0IgUDX2bavWm}W5@
zu<0o315)`GJ$xErBqXLLjkm(U5Vpl;L=tE{Ob-w17EZWvnR+KSdR^O0BuEtVnl_)8
z_DKxYl|Kz9Jib#DqZQ<aWyLMqB3(9fuCq3EeZ<e>#uO70`Dp7h<vqED;{c2259h=E
zQZ0*II*}ccNre+?AK@vXIK9qAgxX-r&LDW=vB#qrypfdbFaN>+a#C|Utq`R*?@R0^
zpAmyQfS=g)5pK8;75W@uXWKrTlzfhiR~|qChFrvRxAV6Yr98lF;y_rqX>uCGbiUk#
zp(>bVHy^N1F9Uf~k&#Zu3^A5k+jGa*WjHHQ&*#}DQ&1#P<9<NkHo6~4$GV9$fdE?5
zMANytx6X=vtq6g*6CL}#7wXDcGJNW)<BpMUyf(Ns6(^%Zej@LQ9FZe4ZmQhwsR!(d
zNgbqQditYD+yChI%eEL*d0^q^{>WNzsVYMK=gm%Ok!ks#Bba<L2`Ds%biwG&)=hE7
z)twj|_CABtax82U7Q&1S-s{PBr(m6!&)~QN1vuNFmSLBY7VmQy)En}Rdx6L0xj|QZ
z!d=oFHFz>Zo6T^Hm>kDKM>5Oh!3KGk#y3S4!d$=ZlR<0Cb1t~ru2;y<r>)rMDbc5_
zd(P`@Bx!|)cp63Ae|6Lud?8J*pN#h^$Q<QnXtxqTI;H8KYCVvtJdAs8a&-BfWdteU
z+3z+^A}UY6`;`Tke_zUI8Z$b3<y|V^ccI5@s-izTv#hLh+~s;$;&&H9A_?x4?ynMJ
zzhHDa$u7}uW{~)^Yp8=TkvZRFS5bIrS&a@~$gZ1-4!a7ToY}zGY0z3;tSn5A$1HPN
zI5>z?-)cUaxh%OvxMbVB@z_lId&KL84H_<g(*A_#bTyjMP5o7ZuHw58*?<?jT5zIF
z6lY%R^B-BQd_dYu3GDaoGwy&va5e+AItA9JzNS;JSLf~M2{sCWyt8<ryBU5N<&Kv>
z9)4$;gsE5ZZ%Cu$JK}3-lsSlZ01D&eq^56Q$NRB!6ggrAb4w1uidsFTQutT5)doS|
z!;VBJ=QH_)tE0J6V%}2l1wKUa@qlv<AfJV~DVTVOBHs&}Kn4dcyz2qm`X^Y}tsI;_
zO8LXzzYL2;r07&TVa>8`L%nsNlJFx3Pv=|rmv3@ul>H$B+(z4`R}wdqQv3Z%a#@vr
zHz+QrITk=Iaj;CT^SAgs)J9J|g$s$Nhe!H|V$3+E{;=pgRuP%|ue1m&I$gfBkE3XT
z1_<Qd8kkIbPI59;OWLF%H+gZNZ|-3fIT6}+FZhwyk2X_~ZJ?7zT{{w0mE-KfbfsRK
znEK;HV5~vrrf_TG$5&%wL?V8&UOWTq_J#Iapo713R3c1eH4GN37^iE$h>UHnTDEMn
zN@vHc7bNq16jFM8bR2p^+3>E+)Ux&bUP#rPj!YgZ*c%=!%~yX)QbMpVG^)j}n!O&b
zm~R@=Ryb_9E*bSjQl`T&r0dNB&pV$kdGCvU0Pr(1Tx#*m-Skbil*K;Ouq(!B)0r^p
z%VBg+jc_^bN+j#rZ%&4c1Wq0QwwCYUwV9{#?%C<K$1}TNkL(0N+;Jg%n~pxp44HP&
z<!Z9cx^C?KXAc$L2(-m!l4^V~GZc?=#iDmLVDiehcP_HB0Rg$2@kDD#na5U4=HbO4
z+_$=RSK4<CA1g>9r<_AaUp})C<F_<57Pk$PdY2Sy!m#@-@AAWE*Sk8@jE(|fy1>5u
zPKCen1xiafj%dGEQ{)puIFG-+H^N~(sm!-ooU*1I8g?4^fU;pKxU<|C$-^rU5|4=3
z{j~Wk`^RGNAi8!kswmonUmz$^D?S`?dYB?V<ifqzjNownu`xWLm}nvyqa-u=Na7a7
z?=t%Vrj8~V0Jxq^DsD>(Vyco*9gw{UVbFq?M03-kozVcFZ0-XTf=^7FbOhvbSlcy2
zyUQ!WMN!7!c^e7^F68LRb}aj@8<x+f<FRyJcTft&Tm!dpPJ8JgC_<koIvmxdWb?hj
zt#um(HjP!L3VB_ho0oKcbAiPgt&r~b7rpUZ{v{6+6y`S5u^&FqH*7`r8zW7Jvkor;
zD37ACA!Ix}uxU&e-dA0dM?YJ3Ue}l{Z!PdRPc^}3u05$?o-lL$VTS-2!_M5F!OzQF
za~f799jdwxJD&4^3%UMd|LvP0J+_#k6pi=MvUqvE6EU5-W0sD`)9-AV1cB9SZaD1u
zDJEgLdyyAY9YX5GuQ`0cE7Cn9O<QJRR`6glQ`o+rd&YU9vT8XRMhq{K(Fs9r)oe3m
zZ%-I%h=Q@)uTvHzcNGmE7HfCFB*g7i>l)x;wI0`5hyLC<>!46gqU+?S2GH+gwOUR!
zBAT&tmI+3StihPVOrgTeeal(U?rV>p?{^2B{)BE&Qe-_D#^0_^&ntW~vZvm)S^-PG
zobpbmk+-S#%ibYE-yR=ahp!LBS=>c#AlEe3GPz31P07}}0UY*K>yf1wN&8ar-#ai^
z!X=jmbUohv<D1R@?2eTD{!P&I;)~kSAHnCTxGSpgfg&W%KMcWsNktwo+DQiYmN=Ae
zvu5|ed=IhlFiX*B&PYHiq|P9@>P&U!(vso|WFhkYrUjk`IneX@;rLm=?$KEllI!2+
zL1aMR=Nmi&Ok%U9`c{QRJbGn>;>KgZR9l{%o5yoKO>`+Tc9RG#%R&%k7W88GvZIuP
z<3PreHR8cG!_db>5JLwO)1oIR0NAa0iL=FZ@Or_~@&8blD#{t?ovqbqCznSS_M|Na
zb2@qj?jahVB;xsX*;x)Z>$`t`Fo<r4g@<CFB+R;BEyi-7e;rDn0<cobGFSyd1*%1T
zR1n`^ns_}HhfLa*zB3WfH>@$Z=Kej9NBnv|0z=E2<b=ZEp{(FN`LLWP4-*2m8<R1N
zNc-sE)wJC@;kczFg1+Pt2fZa~roHKScE9e~c5}{RO-XNV|HS)p{lm7k!@OaECm{)1
zEutHZ+@{0!mA;L&dUo#=ODjE-&BDeY$D4igJNz4v$)?y^00Mi++9<`_v~lFX3*pOs
z$d`(CHK2LR%k^n~6Q(8D4d*D=8v`*gW^14-Gcw~*4s%9Z9qa9U^NnEevAXhRbWGb_
zR?uypSpuhshqg+u9)r;Dx~VmFzu!=R?Z>=54nSqDeJ9NNq?~p(8`bHG-~9&o94S#e
zg`A%ScmBWSgF0wDG4S!97Wdy4dCn!yoBbTpb*(oRGGArOuX@9#D(mX5y@!i}b>H)+
z^kY*(j1RM0x!yKfkCUd6D`k)S*dicT@7V&|WEx1Bu~(I%?KWMZt>}in<^I8+wZ<Yj
z?%g@Vsj!mH1H5>E7j-c4ZscCri7qGHFrgqaGqt;|=N!pH7h^)V9ZGDbvOlNjBh++X
z<GJJ`bl-C#KK7`6h`r08n~%&EKObfd9D>_#Xsk%zukbtV|Hhi`&Lb{cLrEu*advXb
zaKoNsV7asr9~&iiNUPC}IZePqUm@pe-y79N!S}V_XoJ_k^FffNa$zdEgmP%srIF%!
zR(Qm(7<z~JUOxH2rN|)|Orwq(+uJ&tlJHU@uYH|`TPq46C^vi3-`!=&P47yjk#Ihm
zWHl|zeRVloL@&&!?RwBogi7HypImBr+YEPjNJ)$Tnb~Ka9Ae?%(H4p6jey{{#>#Tj
z_nonRQ`hltf6865s{in_9@KXPe4gd9$cu8u6upOOm@8I+uS6P^uD^Fi8!YunA4Foq
zY2vc(@2k~NwFB?z*W_{z9E3_6&d{D}fZP#q>T6w&x2a+#v}b?9#s|XSabwvSXlP*h
zk3+>u=Z1h{S$yh<<w2byynsufISKq;QCz7HK1{X}l3AaoN;;z8`*PV@j_)M41kK_7
zP43Jeclv+a_UK6n4>)vdbxQL(%RPM2cZz1;vc{j5NL@tx8?8Zo4=e<L?tCZTl`)s%
z`&vEIOh|~`vj8J{gOaECLl0eOB~7K@MTX+z_x^Fa%J*(A54xbj7k2DNrlQ@QdPsgC
zyEd+SZie$Q+Mhy36_$P=b`T-+t+ky{OvJ8q{nJh>YK`}GyN`8B$Q$J&e6~#EVFA<)
z1#~p0a!58M{53T*b>9B(QBGDvjt;*iKNRtgL?ZOxG;C;7d0{4h#{Lgm-yE1(lkA;|
zjfrjBww+9D+qP}nwry)-+Y{SPzP!8p-rc+R`}drFp027>-CbQ(zp5GTA&ab~7wSV%
zHYl3}UjCmqH4w7HGqC&>SGTv24m$A&AIj=Q^RWJ};xCjsUP4l5F2qqwNj;b1+!8Mm
z(&7o_m*iyG*C_l|ufM$q+>8m%2XGJYmm4Wm9+cf>yK$xsfA78BE}%K0fgj|(vYREw
ztd%?ej_J5oS~RN3djy9XQt52wH^N{RC|1F&IDiS_e+d(xOI36yO?C0RfDg!Hb8l|(
zRFXX?s}D+3Fd?OVv-$@#CK?o&NmL#5kLj`5`fxy4ul$HFxD<jJK{F&di0fz86GEDl
zAPELx!tI{;A~Q~YJaF2^%GlRqaXy9S`-5|$@&Z9zj|16{8#8><3^(cW$x@9t0>moQ
zP%dokW8wkFPsjOjWjfiOiG#8eY0ee{-CfZ4OJEF&7%a1?Jb3wK_YpNGu9ZIgXzl~|
z$YRCfg&eGYd)dI!FhcXx-3~KuZL0h8x4F}_I|OYCg@@S^Ck`#n2gU4mXIpcxZMWj9
zC8srN9r-P*V<*wg3M=j3COZBl)#WXu&9`=^8|~O0zsJKWOsZ<KwqKQTs_x{uyfRG=
z_2GQfN9^W&bkv9JvN>;_VlP}y+e+9Tv;X1xVVgsk;W9&yCG1MEdV^&F6eR{CkQ25I
zgBTm9?X9@-3YBnwLg#d5vLbY~20;hRDy;5p=#I)cBxXl`zSy&T{bMD>1-C>F-+)gZ
z5-K3fG*}f9n_^aH$>n)6DY5->ufL$08j<Qh*~&BvSCYeqQnvX^oXR7zygTMtVF`?p
zZP5IT;jxK_m*paRuI#<}faB&nIeWfq$;l<VrF)s<qxwyz=OS-I%g%eJpS;59vwivX
z>B%_HZ$6mZ9CMp|psi=xt%b-m%iG56sbosV+hcsZtmLElpT{i)VEPvokbU7}wbgQ-
zz)q<VA8>6bIr?X^0<y`liUYmN0|zt)%ft%QaiAr71SbV41A=OtLNsQ|Iq>f@_^|{^
zi^*b+MI$!!v2-01wVB^oPKrw8_=xkGeTWkgx3k?`h(|8a!^ijmGbJXnz?3%P(vKmk
z+=_(#$p-%hV)bhO1rz&ra>7vozD4%RPx^urWB=UG4^Lz%V6|Qgq&=JxbvA<e#o;1?
z)%7(v(!yA+UuIy07HLJy{LEAZPivBd9~(wQy35W#5&AQZV$E4G{-m_*4}?1i8*AiI
z$o+9>b=I$$DoGWC7QA8u8~4YFA<+K-JHZ-!qmJy+T%xPiXhHo7vVX|SvYQh#3?^wP
zyRk`ZXZtmstjh^w!nH)!o52x0RO<R*#HB3nWNesEj8Y1^Y9asf?1VpB^i}1>!)E~3
z`e`s*CHOPnEn8ShifY>9ns^@n4Ls(iMoH&os1vt2|6kdCx(F*Ue*ud?Lq7Bnp5?(+
zK?{*B^@R)vsn+4$$l@y$v!=3C<N^V+iKv6T$}E_fmk85I-Oe1HaED_KU%+?s`oJN<
z|A^08KV!zo+*bZ!*PY6AE?ZDstpBIY|BrkNKOLICP;v*4SyeB)0lo50@Vjt*)#Ac9
zxrV+pD#aXuwDG@U9>v8EyU~!iQ3dfm;NS#z?FcCkg{F~2BSpDkrjZBj$!Pz+8~+<U
zi1GsmPM3cL`v*NTYzLl3)RGBFs)=WH05tMo=;-4>sq#ttL3g%$Dk9?KzanM-!}ed`
zJ$3l+Fa87_gsV>gjXBrv$Tl(ZWN3n`_HPK#KQp$X-GLotvi}>p_)p(dEZ#SCPY|$y
zdhp+1t-m3T@ZVh5?f)ma|N7o+hTnqz6U%P}^<P-Uzo_!e6nv&a`d@^8Yh<wRaS5)y
za)S*!ws#$uDCA5>2@Hx~K%j5T_yLEQ+PdXGj;g<*l~`)vY&0)fSA=CwG8sacYcQvT
zWhQVv&Ckb$HvcU~Z?qq6J2s^?NA$W}V9*?J=OOd&1p2jllhTu1Vr@7{NyvtL-Uv<2
zN$)`fJ9m4OHdwFa4zWHS8{2ubTglINguQorF`43TM<Me|fAb2954g3(l*fGJi*2UZ
zo)YI7+V-swwsZ*B;TX34_#PgLu@RM`c7lW$7#X`~`;+s7aK?AvE)zt+Q*#@JoKp`w
z+*xm)cMGuI-38HRntuu7dH_7snf;dvt+;EW^13bpTPpbTy-Xxe>dRGf%di8`_S$GH
zz_TlJL4G;L7RG_-sYa*9*#+EfwyFNtTgS)F*^!90I0z{_=lE)z-oIDAukenkKyOL*
zT&N)Oprzs>%U=s9MaPw8Z+~BYduAt2AE#Vm#on6)m`h&^y;*7Y@^}-DM`SG;Fc9pe
zU^d*{r<kX1Nc}&xhV35w8S6Je({dH|m4pNj2Z@W&a`omn##NF$lso#5+~dHsQZkqM
z^Ye3VYwHSl*C{3@_1%kuQ!w@Nw;HkOBgFpdn<mzHbd||ZGRc5^&vdfqP{+xB9BG)}
zl`|>1>`A<8MmuX+(0p9X)w)S6wBnI@dve}(^Um#&{!k;20>Ol(0t`v~VOLHgF6O1x
zrN?u6dOE@9kiB~KA;_0db_BBB<H##&xu`S;`_Sg^By{a??@vAd*WAAl;N$+B?K8Z-
zIX#5Pbo2$3puT%*<=Xg^ui0mpI0q<NBR7h?)M-c6e=VdRh}({SHP7_(ib-Ae$1zuO
z2C5T;V8sGy=DxO34;R<CIq0DA(prmjXl*S--b890EDzqyaiqSx6--_%$-^E$d@g+X
zqIe=1J~q(d9bO!f-9jr*KTSt9-PxDQ^c3#I;at33_D^rJi1&J%p?z(nuHOFBB<sf8
z**ny>_C~O88<}V1*^o2KZmJ5RvrGzWt9eO%;u_2}VU%3{l|<YFKu=Hb)or7s$U}hT
zrS|w(scESt58xQxJ0oL9L?X`T?l%7-MaW`wM94vfgm0a51)o$^{*XZPw4mH1I_^%0
zo{vqO6bcE)kB3ei!v4!|s{X3brEZJeO_<E|TEJXW6)HOXWbFLyTCOq&Bh#Jj!8{}9
zgjTu#;w(VK{3jC=%Z0kiQ}R-wo`_7gN4Uu)z5iOtbN8V5veUz_q^HJqE1vR<IWy>m
zg$06|e9#L5L3W(`K`4--gHrQbfnTn%WAo(Og^cuEMrH=>#pRF@P!zM2EYL&9-ys<|
zKEv7!tNTXTNGoT4_I`nYNjCe1maKO2X(054y~_Mw&(E*;(cf;t;K#s>-;TBOO<?4*
z9nUVP&Lr9uM~AF;_lIwXlEad0Uo&sTOrjFC?XuL|C;8^FIW;ve2k5#zku=t(P2>0D
zrFB(B|B66inF0%~C@n1*tjzR1FG2*&D9T;{+MtH9@e-z8CmtE4LeZnygYJpuivq{s
zLaYLOlE8>DtD#bikJH(B{Mdi(4GAnN#BeWel{nku_G--gbLBj6u^3px5JC6)ynlV)
z(6X1UBh4pmL@r^TA*ZC=Z=%Fzbzetx_+6-sb0%QdQz*mEJb|~1(pwT>?gV08M?))W
zs?6*99muEe4^P<2FU_IH*Z#@YPw(u3)WvE5pXQ)M2Vo~}5olh}l*o&iLy@JFX`)R8
z5dtJ^f_J{Byjw*2t_o}`I+Zr}%kj^jem&-AGDylx4KUro0FML>EtJ%EzdU#M^s_z|
zlo@>bMJD{$_KY)-GQAhM8A)6PFD54`2VXaSC6t7X^7d2tzLdfx$ru5Hfa3A?0PhdS
zj6^(bglF$=kyV@ZF6B#X*x%LMJYS>~<h937nRv2i6T$4V>0@)LvSiRN3aOLi88BF9
zdQ!zJ#NP~h`3%97z>O?x+#>u$G97kM?1*+f{p{I!k1JDcYyjr}@mY+GQ2@r^de>!U
zT`H)ZfQ$1!a`C*Lq)^L5I9(dsGOS_*2{hy~99-kZ%Vp)bMcK4SXLicTv;9DG)18sJ
zproSb>|X7rGc*d7Q-F`PqRpuqTE}{5<T(6yEr12LDbb<EZtIVZi;w2%`}M%&_eQ9E
z)W*tE0Cdj!v0eAL^@js)7(f#wPmN{=(Sa%Q@w*Gd_s#Yb@v~N$iK{J(q@$L&?gZry
zfJyfkO!GR!&*hbDtyanN3!;YYe{Jiwj(EDEzpB;7=b>z0(MxvIBc^>TssV|S7sbXW
z1g+JY^r+G^Fy+;>0x*95v0${9S5%7O`?&`qO#E!@fwPQ^Dlz_hwo6v${oosDO-9SF
z=7jy*tVK=q>4c`5vwpX-ylTG$B}$X<?(UA>LW@3ZVte;;-DWTmV&8U=d3h(z!$vSu
z7Dh8J%=IjL-FC!k+2B5RO0~OS1%3vs-bBcim1V(zd%dwKcY+T3w@yZQ6cJI1_XD!0
zfB$TS3LKGe2%d=nema`Z`V`=B4IOZEY9jHvy&OM@wXiq)6x$iJrq?WbDb*;yxDs}G
z8)uKL1?+Ee)d<_=SFhZFR|M&(l}<vq4138z@)?6tRPJEqIJ*i~$FPMJ35nlwa#vAj
z(>eYKWp=8a1@P7k{z5-87#!+|dyv)?7v;g2&r8xVe$ImositT_qtf3HC^W@eO;VIG
zP<RmRR8Ww6?R543<^YZ*AIFQ{AI1rxl*I~lnn=h^cQ!dd(I*}+04c#QE>c%fPzaKi
z<PlZWByfK?k3I&lL0V)c=;#F1YIhW#zSOEU9aE>8pm;ogY|vI>W;V7gyYd{xqfV_u
z`Ur*|idxnV?%Pb5sq%1fl#u~sQL)=#*4ss;lskhIn9k;&q38MOM7&5wTJX;NRv77J
zT+7Lay+`~S!-gvFyiCZ9yvadYz>x!uL~NkZz~!|+=`6WNmNXLFjzLB2JTzFH$);=@
z8QMopK|VBh(N=1#t^bp_isInTy<1X$$Gj}Mo4W+y;#d0)E~>O|MII!`#6ZXa7R)Yc
zpRa3J!Jm;7+GuBerkVHm(Xs|X?#+ez3PN(wD+@4DX#b-DZ0usjr?ljTV7L4%d{Vd}
z+R5p@;YoB7EAJ)eKeq?-Q_*RL&;HNpx9=0cl^)uerAnmeN|d-TLZqh4V$<C)Yjtv7
zYAwke$7yT(%IXaTd*8eD$T>|Z*6_B%`lh2n#ZWFDYf8X(Q8XVPg%q3dMwP#Ho(V6P
zxy<iq_`wu6y2g0AZzRVjXzmpB85C@P!ERuN6d!B-R>-p*f&U@tyKX|J^SiDi^wSV3
zBWs>QicG8J1mE+5ivHq;W+u~%p?f(O6i}gvFmq~QDj9IBX=Mq8l%pbWzaSt2I);SC
zl!&8gP9UeZ1Hu%C84&|3&B!9_R=7&Zl%V-nUhCz%cq*MS)^H3~Ai&QHg7CKS7D)j+
zyjKy-P$wc^sMB=2-^Y1qn+-tDe>}i9s}vzDu3`F!Q*=W4P_%>(B}IR<wh!k{9Yi1m
zyy+{(0DH2VaHj(b+KoNug~AyNNtgxhi_V)6a<L%v{qP2lj_f<|#M!kLQP)<3%Cf^#
z-x(A96*k<iZYZBm@BK$t3Tp-gB#5|Fe`Hu#m@u7!?-m0C?Pp*rozKszP1}<p)V+H|
zQM^z`AtzyU<wNC+Mgw=JURI5Ic>!@5LshhNaf?Fdt8j&2#}R)Rjk>mcbdwx9Bp^<a
z_}RR2^u<Cz0s`CBu#tQRM?8C|h`L2iG?OeR6dE26$o5#XJ8Sda$|^TBrd+rw>_xDH
zq9LMI3uuR*DA+L#Q(ci#*yzmVdMDt5v!q0kuH_tQN_#v;w`iJlg_I2Sccafs_#6a3
zZ+82LewR59Hpj5Lp|R9xgt%;d0h=XSixChc5i!vSx+T!kbetLvg1n@53XK}9qc|Qf
zATLX!1(PvwEh?gN<;F8B>x>95)XSbK#dK0tPL}oF41no-_8?J7ZkxRp`>HCrf$jC*
z43rulhFq75IflXvrBF8G=Xrr?vN_Xvj^<KL)8sSJ0EE%cUfZ~(?CBGf@hpe#4@ZwA
zrDTTedc_m#bLC!*_+jRO@s#9@fEx0y;TsF?l^HWYGbbH*#sR{k91llNSh~KnA|PVJ
z)D*kh&m*xWG?9^vpktwg$%UP#XH57~6*(3}(n<&!A_)gs52S<|Oy<dyr_}J0E|3ip
zIq}(I$>}HsFH)ia<&lHK-V5^a0d%Hg#%4^0MZQ7FM^bi;tIN1XB_=a1F6TFPLLy}1
z5xpuME-D>tU|);i%~ObtYJCsJjua8Hw*~!Wc|6pPe0Y?;nM_s;18M8PP$T?9INNC<
zB{D3GUc`ghvcnliYTawa`Bd<7BEN8W9WE~u2?#JCwHh)FeH{iz9zkyyU<T>mx&H_;
zzDwd(>D9EAgBL)r1%kTN$;QfiOBOUjmShmiYZRSNzwcbVtk5qzKHP;sUkS+Az>$Yu
zT5o@AUfw!0N)0tfRb0P_o1txWF!~F6UWa7Z^e;;)=YPitQ{QeVp9cagu7~c|<#iJM
zB(A_6r6YrIm&H?3Fq?!|pSK0S2=5wzaC<tCKi=+pd-VvfUoW0^?5;>O-5=Ser)XFw
zU=^<qjdi${x;odL1{hg&{A6wrHkd32`_*#xGbM3*VO%t$ENIz)<omo!@e$C^B_U*_
z3ANwPCehN@`sjpsG*_qD4S*JXe#P?n*S1#zl*RD)X?J-P1n?5W@gT5y+^RmuSHcq0
z>&RyY9A$f<)Ocn^SJU@_4T@=D=I?N5W1)qRUUtHAa}Hy;8^8FkvK=hT?##E?1ax?E
z%B0$(TzZ{KOQEeL%>|Im33#Kid17gI5Q4{avjaVCdSP>r-dM8Ep{7)7`%BimaaOmz
z$z;;Cro?3fzrO8k%r6aKqXfucuf^?@^?})Rh1);^U5`*s@rCx#nui@R#&AVOyha*x
z@9mg}_Zql-A;j>0P*rz7nnz;9nk$CVtad}Rd~9#Bos~=4&6e%&9xaLmmTC);C^yEz
zjTkrrEJn1B<8GHheR^DNLti8eyJvYk=-6S7D5uQ0L-TrbecE2lx0>$ZQEAuVaCa2P
z+NDdDhjmh<rSu)?#E5>n6Y38Dj%_U9Q;otMAS*r31AX-tmBa+_p48=Mt=m3rKIu87
zq3VxCim8w6`Pk#tNNgC=3V|9fh;`b1<;)a$Rj!V9TYf;k-#q%{y_Jr&9+WpAV4upa
z)dT}pa(LeEhM;-%6AfTVq|2+R`<mds&@Sb3U$%c@d44W6v_8Z=q<-#FgWnZFYPkZw
z1Nnzt)y%#$z}fCA%+pZ?jVLZGfBj*>nnK4~`UwxiCl2Opy&icoU!woG@v_owMTtV4
z8gfvvq&voXSL^rynwXThb4FWi@H(OPjo3mc_F|a~RsI+?ves-{+0be8B<I=xz;@fK
zw78ypZ&U5!ff+}k6(Dg5hHP-r9SV0cw5%s<t`_8<VyWEh%mOO^xjm5;#D3S)r~e)7
z9d9coDAAHn4N05l9muRX(mRZtzL~6NHjE$jm7_M_I;X8ACmazYa$Vw_TdMB$9~!UK
z+oY&eZ5cyjsM2Wzc0i@-e{HH*sRl9Br>Jw<m!LB2JcvNi-^xE2cBQr9T<57Ox>#?~
z|IAcN<&1IC%Ur}{9mwdAuu!2MiZ7C+-@lu#V>ckB--p=WKxp{e(-aL0+_)S0PSGf7
z8Il-%(H5Z-^-!U_2Xjfr3KqB@cw^93%#`o-CY0L_FUxfYY3?~dzx$l0+Hp<U`8cNO
zc)^IqP0&^6dVzugtg`drvbAgNgB%~fhEKGDOJ*TL#X6EtH~>Fw&(Rpsd#<LF-&*a*
zxmUE(S%pL@a|$)s7MqX(=OPEcm{t5s*n+c@{DTc%XxF-H%t_`vk{2_l&WLf#^T_Lu
zGK>CTDFT|X|6~2#v_PROv$pGr^f^@-GYifl^P-rP1fO9n)K%vvhO(U1#o*2UjAADc
z9Pb-Sr{JFL;TU4<0u9OqIxP_w(wO+oO1m|Aw(AKHuyE4|dx^9Fxl;34x|xohF9tEt
zk?t(#ddqIt6Az!eHhXXkRv7t!KD@+<5LJ;Jq#lC2SY*U-ebKmSsa6Cvrt(f)it$c3
zWsS(T%<S{=1uLD`t~nN?KGo&>COddxAq6=Npabt0aL%MgR32fBsDK<Jj?b;|`Jd0j
zKVu2-i>hHp5h(i?F}xu@LR>POUO#c%Tqv3qU@9BQLJSU+?$PY(<BF}eYcU#7t3=JW
z`Jc~ntozzXV??b!ow=UYMoP^KrGe1>K^Z)LRhb`NdNcME)i=9drlfMXu!BNl2Kjt^
zaskKxh>nP$w}OO)5cRZV(qFAkOpHFPH8;?d9e%uG)%F{dL)G>;fGIpmMqeym8wSW^
zHv)V=3%C37!5PRDwqS?dXpGo(-SK7P)6!?DZK~6fJXwoq+3@|bxwhNzv^`AfkdpT`
z6W98A3S~D%j!4D~gyVUwXQ;vyKXy=Ygc)%sgBg=aU2#3?VADTD?=+O8f``8mW!lY)
zpvTWAPyO@f&)pafD)l7eg%x9O9_$8`qC8w|F*NcR{-e<k2USMAUnz5V*13kcjhzq$
z(VRFu%uM0=Q#vu)UNh9h5EaQZ{47q#<rEdOG;NqNJO@aQR;b~N70Y@@Q`o9)G%#Kv
zk#w|b5|(snk<4UNRK3Ob&_ph0L5MPFA+UCFnH6nsa>_xlS)7Dn9b{o++;sYKHijiN
zyFzk7b)+)AgNP$}ZI+}<)*HhJyFvZ_zwXajfl0IIAlK)Y>=|-p^zCr!BiQ<yB3Nnt
zT6Y_x&Jf^NVMnleK}YVTg~czOsnnY>F4kNGwzs(D)0@&Bq(t>g6tOrx*?x79I50?)
zrs#}EMS><Kvg$6}6zuA+H%MmCeG-K?nVl~-IEXUYGDu%8VUkLx2WF4Wsx}x0AS8Gw
zwnlIGS!n!S49yDOwnI+z4Z5uQkI_LdD-oc9C`{2Sw32cwJ+cI$h4`0BjjDggWh-*T
zvSksBD9z>DWYO~`at%REV|e+<mRN~1ANKNQ$d@;2Gm<hIGe*pt<Av#b5D#zsc}bOq
zpG8gk8d~zW!7nv4Vi#XEWov4s=*>=R-*H-$8-iBY-^FOt$+vf+X4*f@)3wmJ-HG~5
z@v2^7uy~NZuQNI94+ifij~O>J<G6B0rAsRwrP`bfb9QGJK7$qWsCls_3X|{W2JdIn
ztomNBuz^A%=5L#&Z>H4LwAB4zSKVPg8_qDwR%_8Sqo(%~*UTAl!`h9~tmjX%W)^bN
z9qG+%2Z|PmK*)%DF`(r-;uZqtd>o9@{9Bz1tmDenMT#W|oQy2HAFK?s#Ow&;s8d4^
zJzeN3nNDy@1&}ipKD-ii7;!l*h$%WQgw>wUh=1gbOkd(bo{zSz2mB8(cQBCz7CFmx
zg@^Sg>VTqdnrb)!)aG@BewgK-hX3UH92_{FsRK$kx7fkO2wM2VhJ=JfP;H>XAPwVs
zQG{x??*O!w&H~o7uoH{#gT43wc@oIi47WbFw9_d`GlFcw>l@VwB!00O;?dM7oR1x9
zhWIAvRgCSknUJ2T*x)}3O+3G4(07jhJW$2DFB{VpyfJ4EEDvKn)E)&Mb`@Gd!v&+1
zC{aaIDniyIx7L2a4Dvq8%aF=ykV+B3-Qn1qUbMYauCpCzG2H`2*>X<wv5YIP7)Cid
z)-MRR6%w`XGB??X+Fs}^tmXCtr}b^S_2|nxM1}Va1HTSJOgfa07*5}M;Z4jeE)zT{
z1xcU!Le!Bv<igX-jHJniE4#<ru*rvh4Aus;5JaTx*HE)X%=0lg#<UUv0S6>9v0_EJ
zd9G<IoUknu3sjVd%V}LOa7eDga`kl)z3kQ$RiFrIKB5cl#t(k6i&-EiqafS10lLWc
zobjXS;pIdoMTe(hVNUo}|7Y9y<b|P>_Id_33K|L_iKFV!gJ@YXHqxwxDKhH9bR;lI
z;0K(2eS^3KeDn+Q@XdNRsJRv+Jp48&eL{g!45bmR8~|u6Cg6kB3_7brOQht)g7!>p
zVuAjhP0f%j_7|~}tq7}mysfZ<@nnUscyq%I?3uu-6!K;*u=&T|-zgf7^fv9ScW{s*
zXj&M*O?mt&O!yU_!X-^b>Fom8Ed<@`j71}TCZ1@G#n!_A<;?Dl5$qi=T{}Jx&-k(h
ziay(hu<3bWVY#9@<d})PU=mTehWnFD9l#nk2wF}>44oD#gV<&^{2&r&D~4Bu-8m(X
zby_&yyJ~>e(Q8RNE?-f2zQyBBl9S~a_%k6kP(cRAH|?rBGTQ`(|H>L$ZjjmPF<koI
zQ^;L=N&)E&z)F_#yN1j;$au@{X@zM3gB}}-Cp!!jnN=Ku9e$YGMR$a+N@&rW7CmBl
z2*n<Q6RE=RBXjJ^!$CUqy$NSoOK-E;uA-7swBknoo*8_U_r{I|U8En2sI&r7lB~C-
z+-E$-ghm4ls<tBw4aWy?r3M2kW3px8;BP46BH}`6&oWq<2fJYP$Er016byY!*^HGC
zz92J|P%|K($K=iM)Jcwkr!qKFS*)nbxV}nGnC8_SNWWlt(_vv1ogn_k2)Es&mbw6Q
zPeX?ZhcZ@XNw_fnR_0$uX9-VReIGGg0TDGH*jw3cspW!xis(<eSTyZHp%A<VDC6EK
z6`HFE^7N4+5;q;E#2&c-<pq?93QZDLx6ts>?AnxG#EX|kwb(f5dV9oikM#FxvWV5K
z7up*iJxB7p*x_f@J)o#?XMr^h5|Jw8PTR7u69WqYjf&JKQy2`7`1pC*miuG~h3P&H
zRv?GeT0yOe+N$r9`cfEc*cHjt{QPdrMOHsTZQ`y60~59iB8#)3i|Uq{cRa0c<1zG9
zV~@NTn@PYV3Lg`Gusx%Xn(o%ZrGx(2?MI8b5w?81<u|YCzAiEWrgheK^JYn=(a_^^
z8@vOd9Gw=0X}gZCwN<qIErjo4Bw$J#Cn<R6K2wDUQ{R4Hm~APcGV!s;NTrSJ`-d*Z
zb*0nLv(KpfQaY);x0layYP={4;^DsYtd5Wr_40bk^Tv#BI4fJ-{zjVUQ^BL~m$U^!
zx@SPE2frD}{24L|Dz5mU*<2#5BG?<Kj=YhD?v+gDv0or8xmaYeAKJP~dPW!=&nKio
zai*VXkAx?KS9Th}10a*F3ZM6P(Y>zU#j|coR;UF!W!MPPk)W7M!t=2t!hgrkcF2T$
zf!jjRiYZktC(O9d;@47~f7F4S+3$z%mJMI>&q0E)i$W9vB^<V!7dogc<t!5fQ%acQ
z4eUK>`#|7MZVPA(8B4LhsfeAj`ne7134WqH+i~AkJ<;LWd?Q{2U$sLrKCexnu^lMd
zpDshdb2vI5#+Z`l{6ty|^;288K<y$nDm97$d0*gA=gLXo>}1Lr8EDYUveq3KX`lrW
zHx(7OqT>){`b-oM<NBF-(|;mV6@A*btW&kTG5C_;OX<%}Q)RIe>27W`l>mo)ZSWXM
ziIKf^n6;QWS3&KF?rm;M8;7q!P;J`czJ8KRg__!^GtC#zPkNSyBjdzOX>sCHkf4-A
zVFp=B6oSTJ`JO10<Qq)?U^=d0Zbq(eL*u#y-ni|sq|$5$HHpLwS7R*hW95RtCfInk
zJxn>~`t)2{j!F;zg%rD&fZzD4+BdKQESFRnHz7>@I=56J*kSrC!n7Z$FeShqHS(6w
z>~`M=R%^N?0Da*^L(};TSSd9wr0K|Z=-mdd;XrA7X{3U0)O&-*<%kA|@q5%a6lM32
zj33!6L4Z0craL|8uosOe_+>AE-C^gF2bL7(Dqxk7S5);EEATweknpQabHn7u&O>pR
z&C?%X%kk0SQ2YY=yF0Vci_~yuCQX~$h~7q%FNmDqp8H9Y<D9?QUgAhW1By=4a%KoC
zdsxxs=|!RjTP;eWRqNTIx<sIRmm7?8XL(Vw3<R(DGIR(?bHO}A%`7c}S*q2e-##Dc
zIzgoe6K6+u4tcku>pX2lBH2JWmnKF!bgG8cOmYIkN^~M)+@tBQ=Gvv!Lg9~cYsoa-
z7Ms95jubovsdH*`eF?Q;#uvLKYkJb+T){ul^wT#i!NJzp!X*gF50MaR{MuXa;N;xY
z*5d>}CKbb*1Ok9!yS-tW<vTMolER=R-~|Ny$%CbioM>)cj16EGt2v%<d~vjX$tCBA
z%WoQEc$yd>_kh82qx5YhJqt8r-7m=vYQ;NabM$R0N>8I79IqBYNkG=ux?5qqk6w`c
zDv#yA(R+>7G_+n1lnQ?d#^sFUXe3?{!`&z=+k9b|2V+7{!dkOndLGfW?a3at-Hbrg
zV1%hhnfQQATPUh5{8O+>i}vyQ$WJ)rFs@uFOwKKCxz-4>m3e<^K_M@q5$nmo#aUku
zFBTS|qD6drY+cP61#E=WqxWEMcsU`eYzzu>Rv{<xmQs5RT<$4c5UY*BP)4{~r2tl`
zemnWq;DQaHjI8puzC}4+Pi1u?&4+-1fVosEZ@^S6YS125EE<K8@QzVH9~LHpC`pCp
zfyxO9E{1SYyP&1IvgPqzb86D-?(w3&5^o5^M0dN(<uZ|Rd!p+pll^ESmzn~B8AS6Y
zKlj_)WS<!?)@V}sv;YRip#4FPe3m~XS?i=izIPwTg*T537B8WaEZB>`1J4!-zr(6{
zNYHi$X}h}26LY@;zwt2BfX3hnJPa)}a+*{zv+_G?>lj+&H$+<|b;k9uMo_Bb23g?D
zyYcMYV&+9uzr3UOR<{$OwpJ}l!I-1bEEs{uE*1^3dURYPomeF7ka9X$&2}xq!G>*h
z==R}*aAxXy+ISLS1)VJb`bQs-oQ_&#$tNq+m!|=U2=p{vM3G_PpzcL^lIj4l{`|2R
zRwu#^DZjc71AWVhS3%o?EjcLkXm8-`Kx{%63Ndr0xn<dK)0aD_fe7@79OQQr)sZfx
zbdAca4-!*Z*`KG|w4ydN7E=I*pM<scLlji%v;O<+3EFDEdJp8sUB7StnVy4z&3a=Y
zl(qR>z#~!P3>O+gcf{2Cgz{711UZEW69vwpdRMZP-<}Arw<pPwKzc&C)P^`Nh!k*G
zvtchLT+GCzpgzY}+TYtj)a%D^?YamUg8B6ND{>qRZ`TbPmx8=|y!Ov@LLp5%4=URI
z)821@#Zzb@$?5j5;*|#!rgmtYbm$tUD4$E5L2SmSXtxYX-&xiOuW;zWdWPk^1h70b
z_VbF}h*ve!q}~I^4)NhfIG*rl<LPwiGJ64GPGTBR$x}Y4v^491vy}}#IYO3OjS%eX
zceVbV(r$v7dt}GZ#FI)z#NbC12IQK0=T#~?eOI{dhzCp_XCugY!M2@>$tVW<!_q5_
zRvoi56FHo4F!(o2F|z#;)4T!cvA~hoJS&kclkDqt>0W3*bHWQoQHSa-uBLMWLUhzZ
z{mLMapr3N4<D6+T8<!pA3;qle8P>r>Y<XdyL1NHlSA-3TH1A(5>kPwre^Pnh7mU+!
z5yl~I7>QkG_)Y6Pvnv|W4r5X_E7;;Ir<tvET7z76fBCpt2*dt5N#!-Y#v>XEO!MAo
zv?J8cenSX0fjPWe!ZqS_xPJd#g(gIaLEUzqQp&S?e7d<RP@Lm%^2x>dw!lHHw9fZ7
z{3$Nq$lJA)ia1u?Nc!U&diL#FZlt#=Nw0~Kj|q?4PSW8^QiYmhU_b~U;V`BhAbSn^
zmZ3P1m+qIhadS~nwCjtfZbj)&$&2-Ay1k3ci`AqY8>}9KlXs?6+T8CWHQkYUo}2=k
z8isjvY%`iJnNi;q1;c_ORy3pm#axL23|a^`-C)rSf}`3yDS3FY+|XrZ&bP&6TBL`5
zWN*c8VDdb0t!Ndx%2`RsV{GQybl)*C9%))h97B!|gM!>v$nGJ)FMwgv9H-3<L`?c>
z1esX9&DjwxexJ>Oe`3zmnFP7Dc11~UP>Do<-0q3lB29FNWCoft+oD+|Hy!rgt4&JZ
zPX32}Lg{^BxLmXz`ia-Gu7v3A2?+Osx_hfXZFY}sQzC1M<&M4oR^&p7Xi~-M_oiSA
zj<p3Yc84tjcK5=*F=M%;Lr;~5UXuBp<nW8kcQA;+!wTZnwkMQd^TV8&)H}Gyp=^f7
zZWxzO>Yy?2q!Gq+#NR3iO+evDk-_PVV${<9WfAxiqAtoid6G#onq)q$r|Bn<$P=S?
zf>q>v^x0YkK}{{%I>kC&oMcD!6r~V&k0c{#ar#ws_nl-5vH?{PJ_K&PF&n&sUV2Bo
zxQvw*%#yqXV_@{H1`A3;hU~E6g|19OUd%1U%Vf0hYP9_tmaxI?C^S;M8dYB3ZKI#p
zM0m2K!??H$$FI=oB`x9&UmEC-R(lol4+#+xAzdeL<miKPp_}`<u>#%tD9%Y)6YVNv
zH#{`5by#ZmhIkUWfu9EK^kdHV;=Qw$lAIsT$|_8{LJZUl&GxdeG(}uVY)A5`^XDEu
z)s844IZ1FVe+bhO;`F3wzakP=mIyA_>&ntAr0v8H=&Fy~d@;9Rt}^`j%k2J0Qq=h!
z7!S?>25uYUQcFWRRLr`#>Of0J=e?-FNT>_a6A@2E21s*4$|>#-g#HLyiPst|N(LkJ
zr>v|Z-;>A<iz{6bh%EEsum*o2C@|cQz9l|zOf>QQ0*2>digQV$_um)o$ab)IWLs}d
z@>s-U04;bO)<<0Tx%WjnFE2kZFJ@wfvtss26~LfqO{C5Ww_UJ(?XWlKh38l?v9G+$
z?=9mf7$r2bNe7~DCc^k_X>LKE;z%-_hSZ&6MJ@u(%v;8!w>o4(pnncr`8-_(Ua=BP
zS=|l7IMoBb{Pm1E`eF+k&3$pl6vPQ-P<k^~48ZFw1e&!-SQqTrA{ik9qt0W8&W4}x
z9HNhm8jCh`M4jCWVsmEe+LPv9{HcJ-SBWm~Vi@j+I$y4oMb?2vip~9fZ^Kl)xY>m}
zf~uvmq11Nw!kKD2jzAmCQYKCvMVMN_w})VUaWUni=u$SxwMvq&Nas-N&h$Ylkx7Bc
zPS#Suk(o_(YO(T?*p@kIS7J$(80f3M*DrTy;O);O#%zOFK#lz=Dhq9pG6tQVmJg}2
zhMSP%Xtrrm^-|^fmOEM}l>vKVRL*k83#4Ps1qrsvYGs0x=9AXp?I&<yZr~M6(#(G_
zJ|Q)wK%uaLzAlhV=r>Baj$}9Ly#Sg91YYr50s`;L5pWb=a9iomUkj}a{Mf5{GcCo$
zrZ2{ukFm5SCnn~wCpc&0u~dy(e7gnh5|rl1(F&&|YX6?bx`^4on>E|W-#E%Bet(m(
zxbuB!jQ1B~-z`Wid|wSTYuP@9==<>Tdj5BbsrLt~c(s`Bj<qN)5}7#7kfyK~<onMQ
zo1kt5F!lYa#|Uc(Ap74-@sF?CEMr^QurvAu%wedLQM-i|rg|7JLdP1VUeZDt&VNv>
ztdJu6Pipm_L1rg;5l7z48<>#S8e`O4y>v<MEjbMv7x-{UlKbPG^;9wzU~dRHmZR5`
zo%PlVy@|Ef6r@ru%G7Td=_d$BtZy*Z5(<R9hI6|{p=ps8zU&Ka^wgu^)QCs7`6W+&
zw+rrzdXpkB#mp%K^(#Aq%SxMvU+In%gdLdOaYt35Om4gdki<<Idrgq`DHt(1Xri^V
z1!6F1uaMl3x7Xa1(hEF>e~5gBU*uLm((i)Cp2{+O-4?;ekfg5$7)zB;0g-yDo;J<m
zVV?$lmq@uVA{<Azio%o3j)63{9cfzLIXByv*H$-Y(yzOhb^8n>y}n{iHjvA4O|N5?
zzdXpcA1qpp9LqHcgCYsdNgOqN)4HgC&o9~&<MyWD!E;wT$y?4jqN*C{e9L9he~t19
z!0{wuT#iI6s74h4W(G%$$<`&Z=4LyUgRyqXCv^nwB9lUQhXARmnfS%d#>N88?Z@T)
zYU!0MFgr0j=zb5o#C`%5)!&F%jGx9xCsE_NPQhJ^9aB&h;4e#xq1ygiZ|l;ZdKz5$
z6IEQ415Wg+Xix7fi5imY9D0%@!1ij?jci&<2MX1zRnr!n4Hyd$*6%}v@5;eSjy2J^
zxh-RPKik7)r>bo{Ha>pB1|Ho!tt&o{8By`w`1Gwb*Ha(Giys%5epjS)$AvKQ>O>Wi
zCfs6AC_^nb=-_0-Q{XtDtg)EtQ)~sEkn#uL0Sil9)vb@keHF?;^}Zi$xnRFv_mjM#
zHO%~^0|auqYl2`qnr_y5o87eCx(~8Y#&2^}*6Bo+<B5W-)EiB}FsxTNN4ZS~@sxcx
zBy_id`*Q4HXK8o$3&wt2O4MZic9?)Ehl7J9JY#)@M&?knr7%}a<V!daT|;-_)z1_<
zio8gIAO!EuI)dOd9C*WKgVOdHw(H?I(U5BC9(xj<6)2mCt}02<qPm-(Ta|JY!5gIb
zAy&xJRZ=E%4O9nlx(MQVOV4Y~ZfvG?00;74jSaj;bJW5S!-WE(l#>TPo^R-u4C`vk
zk8oHxR6d-LLPbb|_k-8J!XAz?1LXtW;z%w-yUzu=nwh{7%7)Btp<*yR&M^YoOqmnb
zs03AAt9A$J)~mt*qiCDH8sK5e00_h$O2Ec45&n4nXtz)&%)HKv2$vn49g$)HQi2QG
zQ>!hrXpuQ*=`LvCT%5I1N8XInemM5xaU}ZSQLUOSex`(xSPYAldEwk#y%U~x3p5bj
zif+V?!?wddfqh8J;}5)@1`j#UgN1}+X0GN5@%=XUZ4L48NT~67P|j3p`Vy{~b=6T=
z!I>C`-q~&j3TdlTxj?eOLUwEdxK%K!c*M8nJeM7<Ox`Dtlt6%e99_#?CpBBn0!AIQ
zz`!(|Z8!WlRFo)snii*3-^>`9$hN>?$|v9U96xS>=a(L`#|~&^k0=V}i%{Kqy#v<s
z9Hi@=b<dh;TN$VqEpAX?`#uUCi--7u!CDqKp0*LM3Uk|;logXd{r3Y-=$u~XQ@x)I
zI!kV)F_wxLtZJ>AjL5qQdt52kx2BF*e3qNno`Jj+xy?IFS)ERWJ_M>}YX3NId<;UF
z#-^b^5uh`8!570yFay@`&&EVpwM6%&x)aV>xIm5A(4k1V3x&icOm$5(f90|&`ujN(
zVoyy*6ia98Vzm$}twpbre#bm}4UM5J37NzIQTsrgQMa`+Cks3v{rm%_CZlq3m41Us
z!bKx^`&)y^JSnOyKUXjN0s6~4l1R(lYTHSqKV&ED<f%n6Ym)5@oMVefZ`|~sASZGV
ze6PSCA-#GbzGx<smF7U&li3yoIysQ2f33`bPyjcKv|uv?a1b-jLU#MzeFSj!%g6}o
zh>x2xI6g=v5@t;|D{ROUG#ufkEVOx9toMo5LJRt@co0B=0a6;rZN_qMCF>;4H|_qo
z96_)7{#9S0a?Lk~?|v;>AP1wO6HPP!FzwE{0bdi%1w;|Q3-*2Q2_c|AxE+$Cm_3j4
z${uTL4r0@FA*j1h4xp1Jq%~h{Uo_XvLb&6re|QA>zUuU+H?3|~NYTXo<L+n+?nwpc
z-g7Ar^;OrV1^BIEI|+C@fzh)57~4u2EH><h48GdY<x-;G42D?lu$N;0#s6Q5_?L;v
z2J8+4hz|n;6AgFHytxZ*_s=cr-vh8#!2>O<Z2pqYzaRc%8~YYw9-l8}Dn~%6;E%?N
zfq(tqe+=C5SCj#;8~A&s|9Hcu2p-tMjRuRnP>u5+wESxX-uuVXwhP(6X8AX%->>}y
z{rSX{l#(<+zLDY=6#s`@Hedl${{vunR@ncT?eBe8(BJp&2Rjj6hs6JV`2&APxzB$8
z|3|AKcpy%Fx~A~|M*t=`KS+H&4?}!`{?89>kKt_rNAm{O7XPv^{ueLL6NEd!vD5GH
zwgCU@`Cr3eu>oZO*d0|n(*F;QIc~t20JmwlfUp4nEwkP{LA>`Fr2}*O|C)&iyw$6K
z7s5QJjtid;{0kel4+1Ylkd__eKeXUkiV*&%y(?XE&WVhD)V9U<EcMHBZGr!bUmk4W
zQ;f5jr7dIQR<CO>4xv_c4{X3}Rg8XwT|q}fCV~M%5A3K-gar$bSVFbMV`+U)7Gs8m
zm{%wmr%RDdZeN<I|4|SR0lsZnGoH2eb-S<px4Kq+`Z<F6nL`Vs<Y`dcI#NqbPcT5e
zJiQh94xnY(Hk^48DMn8fo8{C8^&f>TK+CfiA)gbFCLur~`8T>VX2w2jKOE_PZ>{4r
zebj2We}M%IUN}>-^}p4U6(2eFx$z`9K*Vt?zMDPr!x=iY8}aUC5y15i<&_`d#a@Ox
zehbW<9?%_1rA3*Ll?pW!AbmZ<gT5)cQ83KclZT+6pq9!IJzWDX$8MGq1fJXU8wZiN
zvo<z>t;Tr7Go>FWDul=No*>x63!Q^TG){CO%kJ@JTcy>3^4+;0mB))Czn}of>B{Pp
zyNFRnIfr4pTlBqhhrhA|RbX%m7pqUowan)wAQq^|DIUJ9B>H-}MU={Y)Wy`=X=ts3
zX9w-&t^H}w)^x_X=`U3QgYz4m5xa*t3uv8T6ABW-?hMx)3&93N$U{KGU_qJ-#G=_v
zaOeZe3reO>zNSCh{rdLd92f_8R7J7GaNF^D@JBoYA*x1)Lu$SiT<|}n7JlBpY1B}w
zSVcsJi*T;n4?R^6%Ol2Yks50Xq!|IB(rAX}=M!W)EvbdZ#B7(?58`24l8ikTtbGn+
z+U%(Gydq0TN=5<b->hu!w>zEHdVjcQx*ev8$;fPxLO+&RuQ#hhDzQ6kfe0|?ntF_V
z!hCn~f;JP!VSz4tXADpVqBezJeTO+XSb1Nw5aT^1GsN<`|BP+a(4Oz%ce+g0wIQI|
z<T{+li8;mQgcs;*>q;{B85Slb!n3>9EsVkl8uh{o@KE^h6EmozS#3pl!S(drJ<1Gt
zj*N`1tM5U332S^<aEPpseZzKuW+0JbgO|27`p25{0|2}*6^*C?v3g&YK%^Q+1pe8Y
zFii!R*Dc5Nl0NZtVf!Ob1p*H{_obHH1N+zf>+YZVDFMldMts9R_sjd5mZA{YCOAN*
z=r&3F7Aox8o}wJWP6<m3>*R~wT4HN@p?G)78VUhDA2*N-UKbLy_B!6e^*xo#IzHGf
z8{h45AR!|G2-fB3dmuqc9S%Pnky+9+GURo1Vp?0-1QU$1&*@tucRKqHKu5rojAW8%
zS}TDW$_0a=A;7s0voZE;A|`Eqv(9GOq`GE=ifTON3rAdceYa9rZ?;;O1~^G9$zV{*
z1m^f?;Xhbo(+KHWJ~_rE)Mr8UdY~*uUkJ{~S9e{|q53N3`Cy7}zyF1>0Rfj2XlCAX
zn)(%G;|WB%Z5M*T$3z0dyMe7x$$@;%t#>};O1I|fqe=PJ(o_Z!H^`%y&cZwSxt=vV
zn!Q$jD=lklY2|h!T>1639hcWyN)}jHQouqB2h)jj+f=h#$oqvJ1_bJ8T~egx);@DI
zJAhe^-%71DPaeh#{B&Y{;FL0K{HN}^0NM2*oYHn^t|%LzpQVYJB|m9eK=D_63Hh2z
zr2ib)YhnUmjnA0|+ei1?w*b?rtFlf|?XpJN^f^jaKf32y|2ot>oe^St^IXC|T6o1u
zp@X7p#E<3#;KS+Eb4Qm4y=@W&Uit<4(YBjMI<q8iZ-GagR7yl;U0nPfF1OpP8YI|T
znahF&X9*VP5&YMe5!OAX-HQPBxOIDP=4JcIOR}~+X4gf3fA?>@o@*!pNsafKz!A$%
zPY<6h5Cy~PpiUs<FRW;Ap+hVLJe<mk(6H_TX~4+{;tv1?Nfpr$S-wvuuYXbs-n$oo
zgwaQnh9;EW1{rFxAMR{!R$i5&J8&G(07<c#e_X&Z<2iIN=AovZBx<?1B#)tHof*dC
z0DO73GnbWxb5J!TYMc^UielYs#eMH(18+w7`e|;QoaKU(?0q76++xlB8jWdD!Q6`O
z=SvTf8P@aXq9smfR|@~TaX5F-cMrmT()se81#OSS)d;P-<ARl&p08agNZ2|oO25a~
zH)=GCO-A;BQ#yplkej$cwz%aIn-yQAx%FWltIEp3bkgkJke(Nq_>riAuw^Zi*DdfT
zqJj~QcPA$+NtecRNln|VU{9ZQ&>S{wojej6qhmQl?EdE=pI5|Fvfdo;X>RZoGrTMC
zuCA&Wn0u8z5R~`BL<pq*?)xPTF?61d3Q@B__Amd*UFf}VC<;OJ^QI|joG&k}j(=J$
zutb1|Ui)32E(XI77Zwl9`HfAm;(BADxp?|LVO9&hiA~A)em8MQLK7`t1`ub@>B03>
zTH>{4tTx)T4JiVMeiyhJ>Y{+O%Ud(KiQ47|u>7rN3Y_b!OY$2(xD>SZ;)qJic<#I)
z%&&e_p4L*At3cujD172hW)3Nt9*wlu<!yC*0^=HaO%xOuz#}3W{H`dg7TJo{G>5;P
z-Kb=@z++$l{9pu&CCBv-6sptU12T!nWLH=tbTIvOxf}8jJcmQe5j>tRERt5Qo{sr+
z>$fSG7Kx(J6K71!qI$TFgKUG2)@2x&gN#zX`uK8p2nL+A!}Z%FEjKtARLHKG^V!=r
zEm=*$9n&V8E*U}h(2ZtNR#-SFoTV?>rlx~)4K=Gu<A9Q^W-=!!3FL!(<(^|(0Y|cc
zo5ISr_Qg_jB;xn5BYQka75~q%x}P~|=&fl24TXoKIfI?!G=e9^Q6d0!Oc{hAp(uLe
zo&!^Cgt0a@vVf75bh9~u2zz@?<CH}#ytv3$Ju$XD%2IBY9g8+3WVCl`Yv*1boX^J=
zaldgzG~kC##M)WRR7eymY7-hhf(+X;d~OjDmrvAQQaLO&0R6#F<ZByO3c~KK&*O~O
zVFSW?up%UXz6trThyf`H^Vh{q`#%iTn*kkoN_qL!E21{3pU#`6Z^IPmVu5R|*_bg_
z8S>2YkX)8c@u^)7{=>Y$!UMkdsxYO_8-tBS*$TOGr2p*Ho#{f+VT>nWpkrr8TsN<m
zpIwR^ow044x#5mJiIL#}b!*Cy+fbLqC*q22;k;F}m)2k}Uq3U&pYb1l6nU*7(w8$N
z8T2hz?m~o8zkQ~O6b2nnDO=qFzKXcHA@5>YEa<EXx3XX^mWV=v1`WDfhsTk`8AJTZ
z(_PpliH~1V+yqE`u~=z<NAL_|O)7gPU;^x31(1(l2G=M+DP61W`Y7HwV@SZm;|J|3
zc@*P(#F9pNuz+VuFp!hR4$e5umQgI~q)PY2-TAg;X{r8&k6}K}p0RE^7ZNmr$HIeL
zFf7|Q(J(b4PMQ-8K4nkorKiV}PsV2oa53roR2oblL9vn)f+)+5JtD*2jY+|)mWYP(
z(eO;ARuA0ae9@msu236VEPjg+7q&QiPtA7GI6qUP!&?yKdQy}^XS2m6mCghq8!w)0
zYx`ZG-JpLk%=NXbgw9|Xy0EZtXNvQRX)O--^ExD$k3F7J$Jv=B-n2fSi^Zz8w$6|7
z&vzBBXmQq5=$uBRpN59PM(FRT+OB<cUPtnhy8A?by54WckLOF^WOzRu=UJ386A}WR
z#>6T<NgxYOm_BAd%;t;rhQg6mB@)slY1#(=WN_NhoSvQ9F32N7!{AmugNuiWvpudD
zz<`>k6g9;+JY99a(V$SN>IMqvF&R&wDHN}{>;|D;I*q92fIqZN4TPG_&Ey?EoD=}e
zOtdTW-hzvGf8K%by1IWY_YCLWO^=i|Ob?%aeWC)%awDHC;8nVv%L|bZ8%&^f`_e&r
z4_Ah~P&zo&#T{y*E0pMi&nH{0`cpIYQR0*6Wwu?hdUJ^+Y_UDsY3bp!)Z$9A;Se;`
z*Pd^Azzheh)Bv@C`=ae=;d%vTx@?IIC0B*wlLW}{pbxBkf=8!pqIpO7=j5e~#rsF^
z&H>Cm5e9$4!ep?ZZ<A~yZgQs3iqeem6Ti_0dvW|pREQnw303Vr4x0@&$>t|$vJo$|
zqh41YwnLPp9+!(wp_(I%@<*1CavM*MGp^w(!mPYarCE6@jAXKO-E~W>QnNT6+d)Gg
zqDPU{gjA^#xU8tr?|11oIM(>s2`DXj6ui*#T-J&|rhngXm`(A<<jFp=(>$0+3!u=)
zU2duAGc7$P6@h%X|5B5MnJ<l?5#W3~{?PgSDY$AgU@|qBuGT=eQ<y;a-ENRbE%iRA
zLWMA7t@@V?#;A*NZzLl9`#obMd^s=!*n0nKbDa*e_8$$#^G*l)=fD&1$uN=Stxh*7
zr^}IlENS>3X%b;KNo9#J43*}h=pf-XG4IHrLQT7Q=U{THQ(?bkl7Dk>lTe``M|IFK
zf9QKYl{Vb0)MwmS9ymwl@x^cd3aukI*#k?U9g3j5?EM%TrzfbVZ35>pN8)0%4MUov
zD3!sm&CBNo)<J*$e{8*FR9wNk<(-gVjk{ZL2<{%7;Ly0cyIVtWcXx;2!5xCTyM)Hw
zoyLayzxQ49&aC-%KGj*LPSsjf&$EAfi^|H5vGQvYoNQ>d;WM54;8l@bg&Ac?Lzr~<
zjyM~*Y=#81iA9|}@W)7VhtP}4EXXI=;Sf5Yiv?z&#3wMVtX8#Y#EKK#<l(Qg3Cv1{
z=k;QduVgr?RJrN)5Ouh3O~h`piAMdB?}9zNpT{(mnlZ|@!aw^;<EL?6d$F=%<eGlz
zw0pVQs?0Zbq^KByFC;Bl{u2j>$$9aY=Sz1q-jQZn<Cb7$8B@U^O^%;qiEchs6@#{m
z6)%v=p2!xHNR1C;^0rAJC5L=#IT9MR=PVezuo$ifhw%xpjlNAA)(}@)m%Sv)_2&~j
z5(`W1a(eTZhxZeEjm!JK;qi=!q9jDtO_r>VTXs^z^%hD_Ml{d0=FR)euIONMA0+VW
zmV)Cx&jDU;_@6&9pO-|V{k4tk3JzTuKbIsR55e*-uK<$idp57fn7CvcWE1)yKkQ_%
z{7P)!)Vr>+UY^14oKTs#kc0&ELSfo(^;$9^pl`t_mR{AHHutf<x8#LY9swmBQ-aTx
zWS;k@E8Mw=^$lbnCuRY+^Yw59#+Fa|ugB_FsogKoug?!$M-((!vL%XJtJXCGgsdvO
z@;Uq~FSL44f4krAn8^Em&Yg1+;7G4!TBGm-!P6g>8sq69i^XFp+mB^A({6VQ>I7Rm
zAp~~Jw?99{!yLl0gOqvDbp&<p^Bvtt<Zn{Z$R%(;TVml&Y1?-$^n+dI<OcOi%F6*<
zvo^=)?H8O6MkAON|C|!kJ+JBGN0!Mk@mVdX?x0yy(38AOCZ7W4EE-C<<xIYDETIX1
z&JV9YrT2pXld5#WGf;%Y$e=@OO@cCM(?CBCUhp2kv9f@eV42}tWzr)B30~J-smB*n
zJJ5~XI5}gg@~2z0QXUf<0*$v%M#|!YJ{v-B{s7*cTzL|tbP3h#j^Hjh!8<0Rp|vCT
zq@HUmwTX;iXz&Xax<}5_4oP7Is3Am<CUK>P&91{AN^U%7ZG=DGCN>}lCD;nkxi=*g
z%bt-b{@55vPwWMU5N-&#Fju5k7S4BP7~0y+v>*K0ue-0Hy)wz0F%_IJW4GLa_l4##
zW!;Tn@yec;gAN#`04Ib#+u<Yi5fOLsVCeZ89=Q54c-Cyp{(QPC^wI;zT}=316HR2T
z_a@3i)i~XEOkX30KUDNJP8nc}z~dI;cNH17$z8qMV!=Q^_e*Tz{>-AH@&^Hqi=xIL
zBsI<s@80xJmo&iHKJJZ0T{k$<_uU()FK|=+vN9F5sWRY}^ydx!G}cT|A=38>A#1$W
z_$z8kt-qPWg(Kq62i~}|-^HIE7xmvG9QzO10T49I?G&NQPbqbiTi{nl2+(8XfUP;i
z*pxKb2|hhY7OeW;m9D>fWO+>JD;D#ON^8XU6Yhn#s7B@F)6-f}ABk`dgJJ1X-?Zzy
z3_cSxXohSlz0OSQMP|$0npXIs0JXX&ign2+PCMDZ1<QGQl)c%SH0tzo58f2di@Zr=
zbWY5Fx3OLc=LI1BG_)L!Ivjd7nM<!J5+F>3DD*uhsn{@%NLckM$_}TAO?((+u3vgb
zh2i>hX^mdpgn0xt4jNeQRB$uyD;FuECj6?cZ%sO&{cX)8X{Zg|NDYsR$AP#;puSVk
zv$Pd;`?+PSuwojU7az2o!!W_~o0@3E5XAD!MNCQOw++4Uhs}}fkq|s|vbN&JZeK%X
zI&L=Wr*3_xFP!XHc}<;|(LO84VR>p4-vI*?(C9ph15M(=R7M73R7T6^RI^EIb&*E|
zt@xU(Fp7y7a)@+gN^}+s6vQ+0h{>A>XpT}bR0=Cef%dUa0+7(8tt3_be)SzjNpcR6
zHBAWu@LAc`>$Fe-Q^u;*Z_9GCXomge)QrU2OOrY0Vuq(820}bE2rCg!Mv@-GudhOu
zEGC#ckG04s2$CM-UGbd)T(DgFk|7lZn1$5YfiFZR*Rv2~NSTS=90dPoX+r~Ug`iGY
z+c9et|1o=|7AHz~A@g;+_C;@Ak7iHN>0B#2r>aR9vRPb+@K$s8D+6QKqfuCy9odZ=
zqq%GM%O2BCrU~!V7T|}`CZ&ds^ugg$i&ks{CcvmGS)sRwEh`(_nNcWl!UUPp=Ot=9
zCFqN#a>KXuAQVfam~DXk(#-vbt;%m1=SvjUemeD-^C^J`ojkjR!t}6w(NGxKEzHuq
z$0?v_oK!tUwv1HERx=l_@U|yw3kEk^)ul1(1f9AtRD8fffd%DvXn1jSX&3#BWHyU^
ziXM@MY>(}53BIEH&X25h?z?%Q9Pt)=L<LW_LoYmc2pfbI&pU(dX0}PEU-LXCpi19T
z%$q!Yj-g0%euR+zBUFi}7)S7hIi~RbfFEGV(%%#iRfG6iIn5d)`@qS%|1^Ip^+~C9
zqTdjfg;2uZniQI+Jcc>h^tN#NH*5b7CNu3tJ!d4k;ZLOwdsS>SHjFPjB=Iu-Cz!;A
zv{|&6aYuUNj?6JvY&4HySE?FMk2@N-cQxdZX-N4cMbvi9VZA`8HR`IMw95rTrpE8a
zgU#Kx4V-)<l}uE|AjDUCc~UvnCG_aAmFfW-Fx<T`Ril$5Cie9Q9wW>!{e+2L)M-gk
zg)nl+WUOyWC;<N@HaA4a>N+LPGWW3^yyelvlwoUEN@c@vl|9CiHhSewcyUn>BJAQ5
zZl-EEPem)c{puhH3z+SIJ8=`l7@2ng#n}2L-VT2~aaqJW#>sJ_m6bwGlM*(@k5!t@
zC=<Nz;pbf|RbFEcz8iU$Y>VrCe}M(k8b}e4+bRz%GL#TMCDBOj)c%?pfCJ=FV?0=t
zC}~XbJ7Z3b_>;|3*%|2;u5_^#M;lrclY1jg9J0G%vRD64570aG7Z({e7Jj5)JV<d(
zSyZ@ZPAcd|S6ON<kDg6lBI~`;$>#mYqufMLt`L739X;G0u^Wb~|0M;{o<gfk*Mgc&
z|L5S#vnF_`X4@}NOMbC=22(~Sdb~!<lb9qqI2YxeIE1o@ywrw6Z}ka)8);EDHA^^L
z)Ky@{R;|U3EN%$y%Vc{GQ92sh^j=UW7yJ&hR1_sFs*Ajs`Vl!l#2?*z?CR0(!U8iu
z6wQSEO2?T53hGabKa07d`Tx8C(sEcnbKE_7P#*lW`l~S1DylHBTqO2Vexx=&;*FJw
z|KSVg*lgsW1K`AD>bZHck2jai|0Ho0X}bx7;^F)6?D1;<`Dz!QWV3Dt7>AY|)bu<2
zar93;+K6h=#=keHMUI525q=bgB-FvuXbH^;wT`3*)(EY!c)}SHA^dBGD5=rE_t%Xc
zrc3lRc9#9SN$HORn?UZBB38Y@lu_3(EBam*P<PN=h^(lOH<q47PH?kZSO0(x)wZ{>
zZ+L&0VrAZ^N1H8~aX-OHx#1t)QixPV(fyEKPme~6&jaxmS&2^^jNR)|OKzR=!t^oU
zR4*}aH=-jp(yYMTPYM;#K8pR15oIY8O_PCm-RHxzHtlL5bWHREy6!KZIaK!!mxK_Y
zJu@ATmi&T%W;vEVf~UtywzgF?!{Fdn=Z(So`g7s;o<gMtYl1h=gQ}ME{WXh>q&D?C
zEiHCqMtp4x#*&*rydq)6|H`0=zRYhL>yRFA?xmV6m-)of^F9l2X65pRW^U#uDWO0m
z$2lzaQy3o#p2RBj5`BkJ;ysmJ;EB=PR@D~|PZ^$8?RPvX#g;kGgrkX`=}A4v;^dDc
zJodG%lA@=5qOhtUy$_Avz7hmDjSGj2&e^b<@|7H(q^$-dY18g(DNp{{1i`#7wh&vm
zL=#{&C&l{01@@`eWYx&PO}8G=ku#o%L6PaM0zUN<W6vd>h)yU!k0t#56B%`C!dh!t
zC|MYx1&8+(y<hp-Vqh2oGLZ=Ov$-WV&XUkiAOwUJ(xU$SL6iSULyE9OS;h!D<a_t@
zyrMXRj3~L$07d-^%r?{K{;x57!S|$t9I@>1EDR_W4SVw;BZM^mvYpDQap7E0VL~<6
znLi*=DDX@hJ01z@DVS#v;Il$u9%pZj!1CKhdr4)NjSSI568`XJCa(oAHNMPBO*;F#
zb#cj$?J4#c5_l5)8uTP8zxU_id<m+DS7?b(@hb^mLyc+Yakm1GL{^$HcqDFUe%Nod
zWXa~!WoVSy24ns}4>QCJp6U1hg13WW6L^fmA4=Hg!#&Z+E=T3iVFTL30)jDPEXjQy
zPcnb_gJ9)aIP1F#X$gZ8LwL>brv!;)@<(BKHZ#3m&^#k?GP_bkWO|F(CE|S;x21CR
zIw&y#u+D@MjxVZ8mq}ETV_Y)7l=NW^8?jmn|I@oW{QMaNEI6#FZMZkgN^yhrWjQi>
zF+Z}uB22$OVj-vbKA+EELt1i|8}^NLO8Z!pnPW%eBU>?mC%W<Rxwd($XuOuDnqD}!
z#U;p6EeC3xB(@C?2Prcmq0NYbO)voYcmh-2NVHIKa^>v?282<HB#68q*O->{gaqKK
zYN0%^jEb49JGd=e5bCl%xeJKOGYhKuXV#S}#C0r#o4HP6id2lrtQ@a-iH4paL00bg
z{jKiip~Ynv>2W)4=jyf%n~?7k699*l_Jct}!sWY}t$x7#p$7mvA2){;ieOA~bNfoa
zKdlIJcS&tK0bc!^0NrPIJ5azXt{lM9Fr67uHZ6?l;r+A31D>pP2How?teA`F&L}pa
zWD82?_rCdj4_b3ZM*Ig3ijYRMNI({|1)T(y={7Yx-}BQhfrE<{jN3wz(daK)+~j2v
zcf0gZ>zG$E>dJ`6$=JbL-$bP#*{n<s|6Vw`f|dKQOOGgNypZ)(yhnhg407p_rVM=y
z2|LoyF$)NRAR(9^!phD*$Hl_>IdL}BXsjbxW0?~boOX+(lEl~}y7n&TZ}}~A`^rZE
zF}QC#WvJ}dP5DVBT<(u-9<F!x!>u{qko$%YlC_W*>=CA51cKA$+=*S^QkN?w3^G2U
z0pr38vz6M%V?d4m8_~-xWKF5XnT-_&d1#cf#&}Y@h9F4AOu^Nyvs8BRX${jM&W|71
zh%6x^5+<9sD`Xhh{I!;<<c{hP?s_3^+F)nkW!JGxmF4!jQ&BOilj$rp;Dxs6v(lg5
z&@{hd)z?|N;oC8o0ff?O;VZS@D(Qf}5M&NXdYj*N#cRO0O~YW8%t<S08y^bun$(%7
zA){|vDqXU3=)bG#*rf^!1k}6$M!glSZL?aFdMEY*=C6$-yRr~i*}cl<03X1-Rw2@+
z(!Ma&AHBwYUZcn!Vqr21Y7WKZeqBTASI^sD$R(R5fiHL)W&%u9r3ReOZVVu46VwHG
zB_WAf6`F?HcWc^TM_3&x`$F~gb(b5r7?-?PuW?VN#3trve94951whc?+z2}sZ)DUv
zyOnd%*3W`XmV|v@>B3^a6So=lh^q>V`~3x$fAh5oXXpvDgnyVDls^5;=Sd2J#&|Ji
z$=UfXPUU|Z$q8UW!rV|Ed9kKsf}SyeB;!65mL<3tvPu%jBF&ImRcsW~E<0lmV=I0E
z{z&9nC^i@hXq|3!xB}OItfFgPD-Y#Xb|=IMTr3;V>U$B%P;F35$!f;0AK2$hS<9?R
zk{nu9YG+Nh63>lWx$pfpMz4&GL^X3_4)8-E%&F;`+`)gt*$3zfsSbIpLiE~SoGSAb
zsmYX#>*>$R`=I~R{hh}8%<_~!&zaO5yqQwC(bp*H_vH&Z%+3(dzArZvMBqB_qtdLp
z-Li`jpPUr3y?VB+*h$2qWSN%0`k8!Np|@e&QKRXJ=hoX9urXd-M#q6ub_H~}-ZZW?
ze9q)Po|y6Qz4_L4up8g=zy!icIP$Blyky|dmGg_(zGGJc2&)}ibhYD0Es|xJ$vEjL
z#7y<}vDIBoS~imlP@$9TG8BDB4^9}h@ww}ykJDH0b9YACKd2J%8ddb+*|X;61!0z3
zyKR<b!Cuamr2a8DP)?dxH<nt({m$5ld~sUjXCXsbt;zgl&ybu37g5;Km3T4LtT4NG
z23}NN0uY=pAzDSn-RE%rNPjh){=jU@tG96pCGo(AXF21ztks03O@AGSDTF#y97|p^
z7j?IGU^q%3o7zs;2O$cqka+oOtju;b*%r!jIU(DTQBP<LBRiD-S~9&(huwGw?cuPX
z+hW=Wz9VCPqgSx+#92umpeb7oySgbc_Sxq-Bv^^*X6%45pL}9$y3}?bl+vmW@<>du
zuk=F|@_fIzr9KNxWSi_=0hP{CL}C2msaL{DkT;aT(DmLAY>SE9@Tm%KA!iIz!Xi&s
zh#t(W&+XgX0>(AFa&$RQOz12=AkOKrWUIv~1qt4cnwveA5z$hAxx5558*TnEzQi8m
zewv?)--tbC@muLcYp9OuT&0lU;}(46Z$VP4H`z&&f0Uv(OeZC>efxWfVw7ORn`}6z
zB|M!{VLe0fqH6A-l{rZK#dR5u*tS(z$saglbyOdpLUorJKzN5`5^=v!1Hxjt^^V(l
z5zvWIr7}j(NRqrQtE|4w9DkV+2zTu(<KW#o5aMFeGGl+Ls;~PggNQ{DMx){1r{nU3
zCyVjBIBKjkE?$KCY`yyxDUiD_S9)L75EeS2nKtUyc-@7y62$GCGlq1JJ(CrhZ941n
zV9dgTj{u?WS3b!DiB$ff484#NV*97-+bCmLl+|{GQ%LF;N_iW(ECOtDtkjonmd&C-
z%oc{x!VluK+P5Kc5?rE+4tb(>`#POezlOpQ($fP_>T%@dl0W7zC%V#kyO#xkSoPN$
zH$f&J#iYfX3q-5Z5T#!m3@*TKX4Z@x(ybz(U^ED0M!31S$~t$IrBqO<CQA%S%}5Pf
ztE{-*Bh2@ykS3}m-S|3#W4N@*;n}$UlDN^K{V>s$4jLof_KtmD?(_eYD<8p%M)KrG
zbNKo0tYGb}Ej0cm_o@Z%Tt6NV>nqJK$1n1IaPR!P%U#r$9a1E8m2^*G3F5@qSd4w}
zudMO-nZnVw^oz-rVveGe`}<7&JRiokLZ~F>+b3&<j*Jt@lSG`*;tPB;)3ZO$r0C^B
zI}D<OSJ$)@6>^gX%WXZ(`+Q#L{fKjLUy(4?&-%6RDkiv8E5s)@?uZ!)1+h}2Uj#$?
zsf|o032@UMd3<bNOy@NmoFX!C>bHmmkW7`Sgusw{&W|YIzLe(thWw0-c(KZjM%;k~
z9jTx$(lgsu3W;xtC?vaG{=Xl8a_87;18eaQQ21jpQupSEgB+o%;4kdG5sDekaMO4J
zB-l(p^uAo8fz;)XgrEWwT1P1xsUiV5&SofSz(=x4Qf!O$i1%vGWGY=YM`Os0hwT|T
zW`Bbp;5op|7Gl+qC;>v9-A+&(<?L3z$6aK$Q^o66J$j8pM~jqT^zNv)<9idGtEd?3
zju;UY4DDe+!_;fqJga-cC1gqJ&C0sr>k|DA`Ge%WuZ6ru<vE@|4DMhd7<ke?LQssY
zO_cAqEX_65D)uKGoMknOm~Y+g_n^yi8`Q+*JjUHw&g>@7G!tH-66B5zKO7JWDMPPc
zkUNa2J<sqZozU3Tsn%V>>gU&lu|kq_!%VP5Ur42grqz%O9aZCHk=LrS`h+JoCN}a@
zk1uV^WE94dHfaa|??k5_*P0Yi%+ccOTsRh6TqV=c+VDW}Yh6;(xa!h%3mOL>jQaFz
zT>|#7{wOhzlrUhTM%HABq?fKqhn_`z&Yd!ayFa0)saMiKZCzT)`w&(Qo2C_I!VYH6
z-4GV^wQ0%^T=|P5Dg$aKOm<%|Q+{{WC`*_jWW0FSAe+W8z|kM_Qd~B#XjG0WJt2xd
zQDEh<A@-i4F`GFo7)d<|k=gW2Y7p=h?lU>wFO6njW=;_ay+yA$<Wo_I4lWCXia)l<
zZ&f0^f~yvFiP*y4snUE00Dif?Ihx`<9tS`r)qoAs&Y2A}l7m?x-WGEb1oK=@@=PT^
zHNWHhn3f0tIL_xpnY?F1hTi*vbyQ_4U%l?@1AJ(0xYFR>V}qz7<HyUl4|kM=g(Wg&
zR}DTg7FETz6o@I6igaz6$$noz9eEl-Cz@EX2T79S<cFDd8Sn?S4o3H6?cEkiT;XQ8
z>)sBYq{$2AFx+O&1VB^y$aZ^#uh)DWmoGIXe%x&Pw0~px{*|i|!hf#wgh`h<>Tr=j
z;5e5eIUF|hVb_E(WG*jaYRgEhcSTC9bM;9r`Mm!SadLBRq}{*5FgwE)nNg}0^<X-e
zjE6NOBY}`tD%5B-F1>}~?xuzLM3zEaA~QL2)#onDN4jr?TtQrSf=Z|LMczv@h@2&X
zp5nTS-tc$2h@6QAyA{6McKN{2<}9W9mJna=4=DAVgy67q${>_)GDOlnv@i-Pf}y9^
zB7|JK6#bCnOP_OKi^(m{G!ri-7vmGHlS!}4T>1QT*EosUHA+mzFQR#$;r{Y2G7_%J
z4&+#S(B}*6E`<*q=B0={$ntJM4|vI1!qAz#nrETIa)0u>NK=y{{ay98rp0tZ*MsT-
zy0Us%nwXTB4JJEW1~@rzlny+qKo5{JeQ6RanSR)X%EEUiW+Z0EP`V|sH0a#pIC1C`
z(PCkTI4p+UL@kQUscm8Y_-0{<Aztb-^5bbiTuOl`<^r+fb1LOKfZ8ldQq&kedpR?W
z5z5hpeG0B>8=!mBdN_+3RWN9(xuJ7vQ7A<FR6f~6ANmj`wEY!z?66$h$+^j4FULbA
z6~|z-A@Okcl!ZQJ>!|wV)JpyOiTka8?vPK}3g#S{w~ih+WEW@#*DtH>Og&?gZk_Fp
zq!rWL{>-66M9V$A``fzhNUJSbIA%|4U)?q}MfeS`yX0sx*W&n_zlh9o3}t<Ba!CUu
zB|x?<XFK7KR<QKgy;cunr0gDSR^t+Di`r(~`-t|sj7S5WMWXmq!Emka!+a@#bpo9T
zpli9%=sL&+-}Vyb2HogQ1cJ8fdNQk*PRlynvtfG2TBvCgs|aFzYCPpRbftZpDU_3B
zDY;)=EVW9O-{;f~41bs__PMslmG4ex-M*i3UHX<Tf12(Rp^gfqX9&2Ks?W>YGvJDk
z=Q<GfuKH8>h?Yl++VHt3r6>84HFol?-6CMInpMLbL4W^x!Xn<e+v2Ku2=n+I?W}wW
z=1!YG{e1*8DFUxG+)NYDcQjnBHd!1}@++W}{hL+lVVqy!;bJ|tq4>V642{%JIHjx<
z)VDY-ni+w(9dY5Y>&5Gqq{(x1r=;rS9V<$8%eB$&_&3$ECLr#Na&w8CEQ#o#pt3Ku
zFWJ)kh{qbWRpB<iIK~*8fA27}l}EW}?diGq^bfNBc}X2LMVggCLA(LeXj3;zVc9mm
ze;1fxxko_1BH6wKPr>(jU~TrB3TrS>k)XlmPYe>Kd{FK&+j1f@gKnjgX)a3Q$m@Sg
zwqk{U=<`g(#fA$an7UeD)?ht+t7$~qIpo$|)Cwx2Wn=!O6^zo{9Zhoj2yHjf4x?b7
z-6t*vF_4x0nzJTW<+wlM@p2o=QVdqKB3M=IbIJi<6SG2yLnY<?5K9qphwLe;a32#Q
zkoL-pbSSNKN3e^E<^MXfy#+lgR#PPN!syEhVFfdohUFKwHD`L!NJ!*H?-UFfYV4xc
z?bq>cxkn>kbC_&TI5q7LG~-7C)Y4PV>81t=8gC!y!P3It@ZEE6nW<)n$OHC&3gN!V
z*pv_Ne+9DI30Yzr5eTwUDa}dxqA_LPeY4BGg4JQYbYZ;@o?q-w^C}|yna_lnq5oGV
zvrH+ksi548a#3AvYiO=j_-6bgdvnLW*TV{kubs(~RHFKj`;kzO&x~&E&d~qwqvG8g
zfRx66>eJz~kHKxZ$vpnAAHMINLPy{%wZ(L`aX2cx7qZQv16i6vQIuL!N{;OsF|IWo
zRQ|sDhR8W{daOO98w#uN`bC*s>+&>2lIG>;dF=IK6`zHbAHg{i{I_})-<L~<rF4^s
zkz?E*zm_*4psP^QByPg*Ct9i)!d=mZaA3VG-vBB!ZoHlLd9x=qTl|brBEK+!xt+11
zma<9KrfI>AB`nJ}p9P6MUJ@^BJm7wHwzSDA7L~8Q#^cPlnl#jz$HO|AdLW#Z>7q{O
zk6OqqYsYH6D3!DmFB3%}cO=^tc-!V|FIC@ebT&fseJ`piWoQAtWocSc*xP+~e?LRD
zxFI1~ZCN>u$GJq4Q@z5@@<@N?amK0K2akgAHxl|+vD_4#l=>FJf5oQp%;Y_iV+h*0
z$ZKY{e`stYJ2|1RhxD}lWhT$1Q<IZTgYYcP8-$CuUFVlkyR-rxaCDSaU4MR=b6uC(
zA>G$_=A`*Lh<O7Gn<=m5ze(yZ@<jQGM#=-NQ0SL0QGCaSd<Z1y{ki)Wn=1`bVyGgp
zK6#(t-Wj@-o%IMhR=|uftr2Ebgpn0hj>;WXt^wje<p;g9?{rs(2?#BunZGsG&lMrN
z06}a!dIiKGwP14YE&?^5ATM4S{U5f8ZkOk)^4Nh?0HXp9=9?)&Ansrnp$M5F+K_(`
z%$d0pD^V+s@~~&{nN;aLRaU@{FJtzk`}#D)l28-4dtbg~$k2-ME3nmLHkBUx!zxa;
zj9^;9K0|}a_~j3zfh5!LoxiR?Em|rJ6G;FZhF%TcAQJIhlwe!-Y;6THPt-NM-df<(
zW?;yMaSLy%2-{HdVd|$+QemcOL844zUtDM3H#Q37kzOTPda^T*m>W}ehPAs=Z8?xD
z<|07qy~VnE(8CXeUMUN9KLe&P)#{a~0ajlwRqjXltt#{ir=*3dCM6hBzmhQczd!@J
zR&Pv^bD54s;$*2`O0xNs`pxY=-B=hx{Z9w4i<GoJcX}Fbe(qqWFCtqCQGvA!jzx#K
zxj>M>o#_psY2M~9*LJtv3w)FM<PZ@_Qhu!`4)(l5EN!(K2fyF|^8-8PUb$wz2lYWN
zP1Q<RZ8)CJKibR+tKb>JiZEH0QVolcyBZF^oe0HJ@`SNrMtbnL0N0>0hNA7)q}^#$
z-gxlT4YoY<3}Px`tJxKXWziiN>wUY(44N^9I7Cu?V=TPMN(bMYB?YG|WbK5ju+ou_
zYEUO2)rmw*6~q`aL}~nU#^_c7cgzZ*w#5eeTz4bNaJ{c8WAeKB!zyGED_2hPw&%Cq
z?r2Fz?vKH2F=Z()1V7!55cy4>N9EHa5709?P5JIN2~y^z$A(VUnjaNpfWi=X#5x~>
z@|TCqHm%;0vx#G#tfLdkIbuIwXspfp?%mMyjkZ4^a!{puU`<E(I~D(z2jAu4<XR1T
z(a#$t3bG=*%)2R9YfJJyb~j&sS7(L?#bIMERt?@o+V^|nl`22N4LN0aGVGS?7iRW3
zEF}=`DwEHJCTh<Z9?ky{Cu`sQ^1TY|pFd+vTjZ)ib~=`JSY;Wj@mcJb^%2(_ZV6ok
zVpjOhk9F;5p7br;&mrY}w!XLqe`SA$K2nF(U}4lGXI2jW@b={Y0W)d!={wu^(37Fz
zBCUK;%*gyy7*VY-sEm%Vc$}Ro5L18DngO0tI`vO(%|8ZY51&TZGLWm}UD5IAEahx?
zEqRK5#+ixs#<Sy&(!<_yG}t#cNVn%NG&a=cH{h{0L$FeVlmC44sxlLmKeu;6K}`QO
zf+^$jmN?nr6rmosxF=*HZ=2cJyHFS_h_A7|lv3zLvb}*hJ54h@qlddbK&c>}d5;l)
zls5WIn;qB)NXeQC4pn=r+e;gVTp{3In{&sAsCqFc;(qseoHG69^4)y$8Il^>xMx9q
zyEA-xPhMyjaW_>$tyu5yeN7-p_Sm9IXV59iq4&9P<afy25eOEfc3j4Tt3cwf<kGb<
z8GX|<d(q1)gi@+FJ$fSYp+NHO@`O<d-3FHBk5ay2u>%umfplwYxgsg-_#wzb|NOTG
zt>FdXF(piWO=jb;@7mo&b0zROmHt>>vh7@(OYNL?9smB;gx&yA)HqY<*qMc7oNxlX
ze_~?G=dWb?Xh;w5QadQbmg!{M;5I^=kxRgv_`Ff+ds0H2eC!XnEhwBfQlaMi!Ee}o
zEw@#=cs8uiJ0|y*JVUf3DirlPJm)ASartr5`5yQWKjYI=kkF}ib@Zfrq*k$>Z4~nV
zB=*$VfGke~;ko_|LwGsA%?Erw_O^w>Bg7O+HfI0V{Uh)^JO-g<x9$=ZbT;orp@hnl
z;l0~G2d__{o-_6#LR=Et5)84ODA?poIGYC;?mu0}MsK#QxBjPizKj924Qe=$)VBgO
zjAU~zM(#>0n#yU{mf2B0<Vfv|D&`OJ|Ktl9rw0)!8IG)<6rgO-d*M%Eu{&KLX^H;{
z5aUfp$xAU*IvVpR`yFysCNW1e^{n(g(0WvvTsh>q`7QaII0Ynxa;xunK#HuMSYaX%
zv35~~iB%B03^SzYX_GyUB~nX^CDu%(mR&t!pf2L!sWq|y=>5&Ix<6}{%aU_&z@SCe
z9&_zd;%$d!N4W>@ySwF`Q&1?Cqva}hN5(tcC|<63h#$?7PtBt^zrKb{K7GWqg-IL?
z-Yyi@#M+hFt5ym)G?P&Rn5h`sEUmY{{|i)Be6=-0^icPvvCA>llM4Hi$=5ZMS6%xF
z4EErdjP3sA?Mp$Lk{C3D*|I_FgRZdmaUL}@cqM<*-ICU~#})`J1z3gs3|L_+O7bPs
zK3-CklG$;u!9=lprk^M-lsYf~SW!OOpX-`|<9)YYTj^hZoXgb_X`d`5?sw5xRt(sO
z=!eV?JG|H*oUl(En_ngb|Bc6NVM_Dkt;cB?^|2YbWar}A8r0X1#!wKzz|nDmKep(-
zf}Ey0yansC%T%no{EN4_2si9JVQMxy3TU2|DlN*q@Ca*<SJ=xd3~VFLAP!(Kep}~h
zIcYk1{1t38IDX@}z|s9JQI^k5#4P<q0LysJr{(qwTRqczqO_gI{oI8gw9v~+G`H_+
zxVP$L&S>*h6S4QdITr4!Nh~ibNe8du*B0wyrNfNL$bSO93P)}9#`?3XkTyQS;gzck
zhe6%3FR|2L%H&{8tr{(6M667@Z11JxX;=JbT;O*;(SwP2ywMJrL|^xCkbf^;O`bJM
z!*|)ssPaOy{L#I5eil+JnRS&bY{?Nxy=}i!;&L69J(jcT%J>c48s?pm1`#($O|%`W
z9r^_CErruk1G!z2)AVPDJYM<b{lknK=eap`1`!2ck7KUVN;tO5xw}}3mLj&53O2s3
zLWAWk{{{co-8cQm->y^>WY_2RW@EcP9TN#td|(9#`iDfps;zc=$e2(c!Zk3jk9Wnm
zn!;}KZeey!riU%}dN$0t?rGJ6$Y{<&-RTUa+5qh37V0oynd$&f>}GC1Kue=XY1PPJ
z-)w&-G6`*fn0>u&apGcovP4nGsb#anr~D*V<0gMFHm8rHfS1;L>BIXlx?6qxUEg+k
zKWdbocVK5^n)^FD6vz4*NO3#-@vTMXkHgxHN1X#2%$!)2znQt-8b9LMehm8MZH~I8
z9$}dpA$W%l_#oi(A(g+>>Y{I>Zrf`m*AdGdwKzC7e0srLXFq}|f{b1cslH2|z}aO@
zXnnu8QdmM2UR_eD>H$-~5wS^3Ex&p%a)>gu2pVya9xtEwZdeJqjalam2qd>@9|z(a
z5_`>(ZwdSLEa}oOj>(Y4aUSw=+dA+P*pHfd{Y#|!u>|;6tlBZ29WZyax?g+ukQOtr
z_NL^O+1=hjC+V{6EnsMHG)qh|+c8`uGloGw{8>*6H$AgTuXE5Ms^O|&eAGrT@lQL6
zPzpssdwbN$-!Yk4%IxdR-;-C^`dH=n>3<8Oo4a85SCh7)zc3jpzJF!ePLW`no2rA_
zV+Fc9Hhp(q2l5440_f`7uT3JTLhTzRO3Wa005!8GeW7gs``Yi&GZt$Ws~w>(*~d2r
zs#!z?bTWG$wq`3YBrQ}#oN3Rp=I3SA0`oXD3e;~9+58T~qzdm!DTX7lT!uL&o3!VG
zDr*quWYUiBe-O04Z{(!dYU92Kq&<0k4b+bv<hlp!L{}T>?2PMmf2>_LSDByuD`GGR
zY98_gmb`)B8)V)#J@?%uO-Wu|=z}>|NjST9&kI)D4+IoVx@Ad68{t(PT}iPW(5+jy
z4##G><*3tHVLX%dVSgcWAq#tPNyNya(9>5c>PM!J46oQDyk|A!=~-?*ZFAPe(d^(n
zOl2HFxpX5?NT4&i<?7oHPilmJ79kx%%Yi5YdvjkaOZhyNLT1*Bu<^wpMafvqoT@K(
z7nK-MyO4UAq)l(lgGivHf_zX9c6HDx2|VatbUTSzBQ&;2@1|f$>GO5AR!7$zN4D)#
zlRzo(%|I(~4DlnMi8)SfM>d1Z(%b`{l=UFtDV=cN6#JeFLO!f6PJl-DHP!xG+uPT)
zscJ4>{fpWxfnD%_iSw_Rm)=-ASjxQkAay`qp`Y17IK^u37x}p_njK>Pk(1OZC7T-B
zdJeDt+*C<yO>ZKP395&5-_xYt74o79nY{3m3$3&L>t2mVi;iYX{$1m)Ym~gBp{$#C
z@Lc2z#$!v>MCMKFz6{Oa=;TJQF1`68(XD3let=>htl;hB@#D!k=q5e%@Y5$!-`+zS
zAIJ~lUr-OVaPZ`;nUUMohua0;sUeO79{MA(G7H}4B*IW(LpjTo+Iu%-B*?Mw1)aRF
z2$-j@Ic<MS!ox1F<3w4lEhU|&;GoBTkW8Yycg=2K1d>GU>6Na*!dUBDB9%xUjMg~j
z6=s34>{_;9>M`xr)Kad5ctR@V1cXZuKO~%aK(EA>)K{0#p^d?n5|`AC4L-#ofd#{R
zEtW{0NAT%KAK--c@@=Sy`E?P9)($pK_oj1UI$rDS$T7YT3LSApJw8dtcVGHY26L~Y
z#vREcf-oAUBrUujFnmI_Grj0LSr=0GjqKCkzx<1_SY(<J^=>_tgF8^}zB0VZ-Q;WG
zDkjNdmyG+g?TEhCWVaO|u`w#5s*}M^#W>?4^_h#3kl!P0<*P!kluMM_$KD3Ake#vn
z&ez7*Z>`cOSV~8<`e>_scW;gnG4;e-tk$!HF=lnoC+@G);r2mAy`d%(lRpA)+AST-
zX=+vIT51}y^t1NWA)l#f@c3vgJ<~RhH{b7a$H$!XY8(LW^)Bp#3;!Dk_VI#K;Z)h)
zD^GRQy0z5NE%Q%g^*sqvh%F+oHginq`R=!LB096V$s0KJpwc`j%>DpO*JmM_&=Gue
zfS3I6>K|wBdfl&RIV;aKJPp@WQJtohLRNR#Xxk~VSH?Y(tdC{xcN%GWq^Oqt;as(>
zah@p5cgb7b{9WRAQwgE#!uq>^g1s?_r<c4jR^lr*j_p8QaE;N^y3Nb0U##M%r;?+c
z%{G)&`S;3M%V1O@Q!`V!s(>qpSG=e}VQ%Vst$!o`-Im-$T}JrY@6USJ?kWO-Z^?Ww
zXhqBGQvINuzeAymFh;eY;=$u_mM@XS!hNQ|-MhSm)4A;%yZTq*Yxg1i+$!g*<FL0Y
ziNu6P=IQ%bJeeO<I2GTzkO-8tj}H`4LaPcB$@T88ij}}Onhu9lc`K3IJjuBt8ToPd
z4KE_|@z)Z~^5u6YxRRdi2feSAsNVq5okj0N)gI8^>^SEKd87tHS;!}WP&M@P|Fwhy
zP*IJ`NE7oAO7tAQHjZ=b8GLi#_R){!{wxM1DXqmj7@h0z_xZzv$lI)c5Z3KZa1*Nq
z3I!hOzK5O3jrs>M`gkCH?IY|^tMmVl$Q9&+BXrc0HL_c^SOS;az2X(!O-EI{HNb{t
zgU-q#<yP~2nkokesS1UUXlvRJ{%<<i0qzvfpIrWn(ZA4Brz&)*)2IqnQ%JPE&Fm-M
zy54wkc?aTu4W=U$GE`dsVaNXuO!s5wBl?poep(?QeJPOQsuSZ<@&@L~?EF7o0u3dZ
z1;41*utNF&pr{2Y|BE%I{d`gG`oD?d&EX#g_AfHAQ7Pvjdaq~cp3dy9SW$=riF2+J
zMrG`YnmhPEiv9mo>pp1l&|hht)rb`b*vEKw+WNpyby%p*f2K|JAVE8+fB(+uR!7N}
z`N1*4ii3U`TOXsye|ln<jICJv--Gz;#r|sMo;Wv&z&k^V+I*X?74meKEP5FF+T5)B
zDw!bn?uN$RW*t7Urs{FTc;+8d?@Ds$Bvf_%@nxmKFTRTv{ub}|^}qW#y&s&hLT#Pf
z$b8<lf3wUI1Q1o+w}9Deb+wGV{rcX>JGwDXX}g!YME`mJi%nGsO%Wiw`MK?l@7^Up
zR!?Hp?`;>YE75hJa(<rwBQJUEd1-$Bs%GP5VS%F{`ht|Dn&A%1!)1{`qq%TBZuZsL
z#i4ASgv`S4+RZlkb+=Nl4N#w>AEo9OuyJK_q`MCvb@CBwUvW{zLLgu9x*FG3UHy6C
z7`z(tL+GTfapHOLx2^Qr;%dP0F>ga%r6`_C^ML!%V6?|(c<XQ5+6E#mEo8CwY?$32
zc^+_Mf0&v!aYD9FT`!-=C{BQ7<@L%g`ah@pAV=j2LOI*7*7>8&JKH-aye+hCv-ytY
z#LP0<7sd;2QGN*>x)l%#xHU+7iYsY#r_#}@)?L@b3?FK-pATNoD+OHxb1O4ox;Jg(
zZ63ES(3k(^`vP&(eN*c;@*DuRUf&kv?bl%ZS4h%>2DWDd<0)OL49}_4+U+ABF&F%Z
zjQ_0=6?--!ppG+(nd3`$2ZSFn!ny~^PcQ8GBMIrTr_9WWqF<=`YXZj>%Z0#255Qok
z;LF8P^~0Gnj@0-8i^qnzCstBTG@^@!1@~B;<Azc<k?UpWTCwjQ)(sIpzS$w1FYMvd
zg;s87H?>x0Jc7;CWFM#|Wvh-!mW?U8dS5Pu3W#jkaN(@$&F+nK^)&=J%B9BoUsL73
z^IACVYIlVT*6c=d?>_8~HXf+b9A?1PjFLrp`Ck${FZ3FlD?=#}ns3JB(`suG{unTu
z3f;Uow6*#Bnc`@lnD{vfYW6}lbGh_>IixH}d>+`I6?pTBgn<-0lekRFSK5M?3v+#i
z3&PRwFeJ&p_4X-#{QrxMb^wkZ`<E-U{Ei{MqJi0bwfp-`zxF#fRw9td50q?}RIa~1
z7F$tK0Ynb>UEwdXugj&b`uJyl1gA17qG?Uek-YjKbk<Xu*Th``Tu*khJHuu7whr^W
z{1T`Y0<Qd#N!c@|__x@N4NT+Q=FXq(HI}!Ib4zViWyl2e^-6Qo{ReB__YaMguW~ii
zV!e{iAP&owFvz}|9*DQWXSNBK{in-J_1W;q7#9P8QO4t9xe4!Sz|{ZYcWXDw4p~db
z7w7Y6|N9gelN#;7j$ZW6UCrCK4{Jz7P;RaA%b#W^@@<?ProO#YlF$$GS?A@fncCo}
zp1|Rz`=GF-jOajCLDD2`NI5t-7%yKJD(LOh*?7bIt>v%4ySJif^~vkM`1?_W$qIgL
zZu#o>=e5f+#%Qd!74{NeKcfBc{npv#?t*n2o%f}c-=%+xxZ!n(@}Hf&3RG=X!@?s6
z)BGJv&f1VmN&~6<GBs<6z$uK+wtp;DLy)8~baJYbeYx6XTlE<KEt!5?#2$Ap%(gQ8
zF8*dZH<NAccJHh_EPkWo!ApJLl;yuJWpfxJ5ex<Ecw(9frG|!Mz$!n6{fbS%-4Yk~
zC1!lR59K~diVs70&>|T0ZNAljoHa^zFY(5PoLj1c4>K*^PI0$f+tKV)>;<bk-!$hr
zyk9Y}iDRZ>rNv~EN+nT|uwf&C_CmZ!!(F#=T#NUVL!V`=VHsC5Y7Hg{Joc&{rk9B$
ziXOibf_lriz4w2HMFQCFXsZH<qI#Ah<_b3zjEGlJBPJlIG69@D@2DO)8}<%(Z@7sY
zV`J#ic!BPcY(nKF);TfO|4wL@Qu1*#OLnrDq&rp41WeiYnm6}KiA8-DF~|9RzgcdL
z^<=KXC2ci!3n->m4PkCw$Yd(qt+pjk_5D=w=-HS{o>WzL_iQV{K+QHcXse-a`F``w
zC=;ji=9?P__13Jj!VR#;lfaKJa1M6PdIt$K(dh9~E6H-+@66&Ui>+^Bi;r1S8N)C9
zDxbu#=nt6q>44u;b2Y20@461;oGI`sk7(L?!qFGAWH4W0kL+ui*@+#DI-(}!VBw6L
zoV6=o|6*t5$F1K{%*VC)-2H}-<GBrAG$fhc6ntH1f26Dl&>bp>ei)QS$nkqIyv1W9
zDkbF0Sw<%T23)%e!C=-HSnSOJl$zEzeW>JqAv5KUs-tC}TdqTD>+Y7+v9@u9p0Mq_
zFHH$KT1d>7x!XtF)|8V3|I&Q@b9~;)xtjrT*`K*6uD7kN&!zNS@z~z;e1z<!l5;SQ
zPE#0FNIP8?TKoFLnhAvFgA&JW^l{BMp&C3?UCIgzqlp)LjDH(vLGP3poi=t$IV)zV
zhu{!o4Q9cvg5$vr69!)=0im0LT;_(Jwp4E(AL<(l_DHGk>^qU1{5O9u;(1@&Tee?-
z%+E)#XdhM(S)gr`K8HtrptLP6Vl342iNILp;8(uIc`nY};>J=(!)Ia3&ThA$;NZgI
zd_ti#PBeY5Lynij*{NE`7lrBeZM!nZp}@#rc!7mGES9}+QRA}x!&{<`V1YaCSMZvH
zu^a{%dRD|k06ec4YReP+yV6qJ>m3u3D9dgG3u|xBg7ga>-hN+`EhSuRbkFbjFWg^9
z48!azYX(B1+Z7f3&Hm=OAWok4`E0Z_?NH<f+%^$mg@wnOZpa2TaTvYzMn8_NVYOV&
z%i-oE$3!(yoUX>l5<M-1ZSlGFU&{7Nis$+7;i%6S`hmqvYNo_BL<pVK_cvow-8aX9
zoQCV0g2Sg^YB(v92!sgQ4t3H1t$;0Z)_BY@_b;L{#sZus7h<j;0tkw%=wcqbRY?C&
z4`Y=mXN-x!@tb_%wT*zREFa7icGBRxSlpCw2css?Gvglz#1UEJZzLZ?DH=Yp|KV?`
z$5pNP_QFqFj_|liIpfcq4Ta3zaIK!nVKI?C4oysCRI}@qHDy#GPZql;KGSh7h@(>C
zaN(Di)`RcFJ{Vk`;22jFKO{>>!$*S|{KpLKFlX+;7!q6hzZueiH%ar&j>Mrf?qhCJ
zWb4TjnRu@ihr!q{TA6W)`u_co7Q41g67(F3A7m}nqT%pL+ZSlcyTinsfcQSv-^~W3
zg4<h7He-^Gn&h((O5?|A#6WFh5K+YFNnG0BI;Y5}JeH&<RtQBw_=BKERy5zma(McI
z?O(^lkb-2Uz&~+rr|X(wA=}cVoY)^x3S#W4tX{FpS4LqM#X_O6Fh!xw)sO~q4;&*E
zOkTa?jj>K$#A&@3&31!lVP?~#J);~dV8hc^X~WKTUiOM4zQ)TU0{77=0?U32@M>X<
zap16$o&UAB!omVU)L9PAOyCs?pPQNEv9hXAFAD<9S}j}(oV+vNer2dV;t$b0;th}k
z&%DKSl!yVKIfWuQ?!I3C!F~QgQ{4`+wdIVB(eotk^?xZLDxil_LW>UzyVc{Bu3+WY
z>S&@(P7C;?yI=i)>|uQ$sWBF+^Du1r_0M$U@x6mGeD+v_3p}hhah9ax{nWhm>Ph2d
zQ%^ta!W@Sl8x;V}M5Lh5c>F1ANx#3m>PcYMdae2zOT>Z>6$4AoY!E|sAkV!@8)UdM
zE*m|va<#LCnpGnD_~-02=u7>oWWUk!Uz{f<-%B9H9Z}fT&XAFT7s<<oeRmJ7em7w4
zx-;Eepr&UpjpdMu2KPf$4zQAuHcH@Gie06d511?04FGSW>vS!Vlf4WNC}y8AB_fs$
zh*&bb(t&4}6oC=cxt_?X6FHZLJMH^x*~om1ZlyCZ#V=<o9>>L8Dnv%Zabkm1WD%g>
zd2X5aSL@T_5SwfwjTPPwZ)}u3b#LC)-E4Y2?%`VzvM3Mnx-M=2314${Pkqf4$JI={
z35*d2Dwe5btw!dWf9|BK3qOfo0I3&G7sJPF&whPKj9yYYYj|)y^_uFc3AjN3x^@Mj
zB!(i&MdkX!6E{t?;h<qmnNL)Z)3L(DqiuM^<q`c|){mi;6*98{48^clGEQ@)NM!0S
zjn4jSQOuI8UQ+v*0K*UIQw}##Sv>r{mQnN)zVneUG7HpxE4>vPR7;iC1<@$FS9AtT
zK1<={BZ$dpRzZIdgwhd-CQ97PC)1q%c)DQCvf2OaxF9#RBNWTjUrQ|za`E<Ns>0cr
z-<Xf@_qOxy&?gXi*;_B;FkxF$(2~N055vdR;x!V={os@V-`PprZPvAfQ#rIavBrE-
z%%6pN(5L$_(X(nByxii&0h4oudhX}M5`*{7eC}}w0?NB;l2vyc!|QnOusvSeo9$!=
zk6j&i=%!(kggldYq1>d{avaHOdp41KV@!5EeqMiF79sR|d%vvU+xWDH^ea*O{qcnD
zaYcXM`2J+faX>EXJAD<KCm$87z#PSwpVk8B-OoITd^_;`FSp;K1h$0NJst=f6#u3@
zU+c(r`*J>E*Q|r}pW)shk48W>U2&EWq;}Ygn&kTg?njOdZFT#<4L2nHp!erbL$aB{
z1n*bKK`NrEw7%|rJCAdsGM9uWPYb&Cg$4d!Z=To)$xh(**diyQX==(veWcMDJ3Ocu
zd7p9T{LB*M@7NbMH`+e{qHZ=cQAmIK2wbO3d8FG`s*rZ5pRYL``eRxO4(7JGkQb)8
z&WGaWZJIyJd4TQlUv~W!Ski1Kv)kkIg8(auaR@k8QeT(s`iNd7(C=l>GOFX!lK=Wv
zBuel~cpZ}K9-S)-6sPTS9`JLVi6tJ=eb0^s|9b&Ia$ogr#%qcesd8JYdXk)X9Nx(h
zxN|tkf-dSg>~S_vx_yuz_?tc@4hcmF{hJCu;=K50{XDI*uI(pfQUm{zMxd3Efe-5L
z+V}2C)$<tCSz26t%<*+fsj04>)S1H@AHwVTn_F$W;r;%k4!)><9}u<#ih?>X*7SM6
z4~UjZa3%RCtrp4}*F7TO_KOb7NqV|b5EwGM(ltQxop~w6%z36yL9z`SOwxS=4Yoh`
zDFPnDY|pN)Zfmn2@Q_et?Q1u=CDxR;Ef$rPeZQ&F>|Aa3Ttn8E$xN*(F6&WO(>t=Z
z`~6U*-8ieRH)mpZI=phKU2D}?^SiPR_=Gv=Ln$8I6+u@c`_IPO^8O>z?)f-VOLld(
zK(|Y^LhY&P;ydE5?eD64ESyvbH@%67t!r>iWx?puyv7B6P31kuqU!S^vw|wfnN&gG
zMkV3iO7wva9P_gMxAS<^>EmivSX1dxYOi}wrSBR&tNIiHKmgrE>k%Yrcp}J*%645R
zK!MAX>3y`F+#!d|W+Efi3|%)01SiiAb2U#9GGm~C;;Po3W?JuT`@1%zuH!ZdCbFSI
zp~#x*l2LVC?TZRV`s*sK`i=f(_C*M1rS^_?yJ2BX(@dW*yV}yi^Jv6Pc<7(X>(T4f
zc@6!YF}?1|W<hV~PkfXX)|R)nX0P<>RaePL>Y4oI^(9S{>Uv2h?T@G7UEVn!1Jl;4
zGmEEdO{RtRcdK_@5mpziibASMsZSsA;2>zerYBCjkvmm&_2*-Pj(c{l`MUGQE{>C*
zOr={kd7cp$g?l7VPB#D_hN?H=-b|vM$pd=2VYagsO+};nr{fjBz5eck%H?LS1pxTN
z3!eCw5|%E3?-zKoc~oAwpbgOrxeS$JEmX83ny@oqM1&NUFl~XsXXwx3&}h(NXvuU^
z7o88-37?M0PW?7o@iauB4j(E`e9aB&+aKh4ZpPQWr_y=YydRg3P7a2nm%jF`yk_cT
zuRS;hOKN5?s{5#<oh(!%>1030IuCHCMqqj@xNaYkEj69-1@}y>FPozfEuXB`xn`bh
z7t<_Vb#}L}x*c!xGTqD|Qpb`c`kp$384%e1qqFtxZD42(3ej`<@EL25IbGZ1^%`B=
z%D7E-P&ZMD8X>>3$~qbDd96O1?cz$y0RF6UpJ+6lh-KWRztC#5Ow~bAA0IiS->TN-
zbBDViujXDG@sK!n?r)eOR&R0O_1<rw-<EFpi9zheS*D-kz_Xy>Fp<eKquMZFTrFBE
zqFah$?=CP?m1w<l{#q^i{Lpew$eo~qlbDs>{=e9J>%KUeZfiIR1Shz=ySuvvcXzkJ
z-3dClJ3)d3cXuCLf(LhZXLz~J`Mu9M_w^ahpEF&xde^GeRlBRJ_EsR|v-8YuMYi}x
zIUv)$bB952v_iA!=2<j%zPM}Px^;@9*`mjU5UIJNpD<f}>W1Tf6->uYzm|ebMD-?h
z4nJFM*(KDc-aU3xm4rpA7w++XemwgIyZEh)s5${6T#@_=nI`dkc@ec*mWYRJF`_?l
zPcMa&kL&?vZ1=Qmrx+=R7Y{T?DXt&us2^`TeIGrxg@w4NbySYx+#T75zQ5At7p_Og
z^=w{L)Jkqoz<Ac7e@;{~#dk-QbU6)AnKP>QXviHPavpP4B~icO6!YvDcJlhQc=>#x
zds`nZ{K3iZ{tYf^w{ES_D~Bz9Zl)i4H*@Wr*Z;WUJ7z)VPSfP8^Hs;1p*WNQU(+|%
zs53bDI7bO-eRqcqoAXYtBFpB@#`eWV^=Gg2RRIps=YiCTti<Pp0buv;@!$NElM|u^
zij<RFAWu;M80yRR20)gl!5j#$E!CQ8FSuR6=y-amyhv8L;p!H!Bc&-mpuK1s7w7WU
zaF!hDqjcVxX7VT(<<`l!ZMs<4-_145RiQ;Q=e47sb<gtvN^<W04Attt<~r|oys7Z?
z+Ge{*bMS=cO)`%`aKW#M4_nnHDabZ@H-M*LP*q-AHFwY_-$j=O-lknPFFxtRIC$P^
z^gNBeL0IcJ=4!Q!am#7LKWK9Ww<KR>+MYIGRMlhU9E``hmFo`@=4|s44!!hq9CXFI
z>W7DiwSCLuwgho^m}V6boUgbrf-t;y<9!Jabpocn1Pzm4PEv{vTJ{=u%Zc=n?!cfT
zeY)$<g}>G<#~%uP9!4KD^*6vx8;zDX7EiCmC*tB2bho=GPp{eV_CikjiNA?b58#+V
zjTgx`{54a_Kxcg-p1tHwk2y)S11s@p+Y1YS!gF5C<F%8?yzav&1r^^4J*=r5C;80F
zlmR?idzM)a$5YY8Ue!r~U7Oh(K=&a+kMv?#(etuxK(FOS+q8GoiErX0y8m@cxyT62
z;_XFq=F81sJ(V6oR<vvWliFfFn_X79^M&@NXb6%Xij$^(IVNKQ>u{Sp0p*-+l^@^I
zK2tj;fPX(K@uXWNm!v8~$j*gggvW`^9r2K7=FdST5kftLZgcx}YA*2<wA2DY_uIK>
zS+idE8MpD|MS>6XNtZ+SoIz99eo;91BM%Y(A70r+V4+wSelMJ(WXM^BgRIFMN8mxB
zIY^eboNap`!sN4|ytHs|$Egyj)Gt&sE(o1Yf7Z;&8QNIZE1?@{OUXqZXNhJcp@E^H
z9wEQ56EbIaGe!!YQ<i{?rXu=x`4*PrJs{|TQ>1*jtw1zEuhg)f)%gHKQ<#L~xVNTE
zpD6@=cWu#^JeqW+ly**?&H@Et=n2(2Hs9MC!l(4x7`kKq!kYNHA{w>h^E*43+ZhM@
zeF3>b|B{2!zYziB`~L8x-@)bc2ui7PS1FFy7R=5yz#RR+3`!3FxuXc;n}cplxZ&d`
zA^KOycK?^J0=YQBk`tLGH-L|vdp9972Qv%YZT4S>CRZXnHVELH@(02UyN6cTz@8oI
z>K#1J9plC$Frsbv*g_VMZv4adRl|W?LZauVBHKQMq3U=Z+m#+d;={!pHC}h3a_<%d
zsQps~SN(BD6W3p1U}yvT@ywFTwoDJ_3mC&0FMCU|5?XC68_LzOnFQX*oiVG4*`$Q>
z-+vq(P8abmytTpj^g|%uzAZ*XMvJ!(anu+MiC6HVNAlyKIpMT2-`;(uCZ8)TuuD(a
zdRx^r?xWi1zqqDJwp+mQa<&)>2YegaY8i)#KnhiyjPks>JE-w_L+#+S7L3}RjH1?_
zZ#vQAr|i7pJXWU<a*^^dUHTc+k_aX&is6kL$fjWNULxK_k`31;itf*ZKp9CQA!G?6
z@jTf(*ShPcKZP3$boP34yj|m{(0)bS7GIB@I5F8O*}1xFQ>FG$#IzIe$GMQh4hONm
zJ<m1gZKt^nBRf5l6P~|8?)x<%d`!WTjeSAbESD15lE|}EdIOC;v)CL(M3Wc#z+O{9
z(Lc0%wQd(U9fG%R$=@cekI!x|#9!F~P*B|h`g+B`x0+MR&2Jsp+xVwpO1{~N#-&M;
z6xn%YWXASm)nl6WRVZFrl|MU2X3&i`&<RNxwgsoBV?)Xsc7jeA#5iw#j}Xye%YepA
zcj7Z^;789jm~ovp2z6P^p5F}6EEa28?7t1ZX^JWukJqHtZY9G@)VIf%8R@&WRil5Y
zw-E8}ZqRy|OS9s9wLLYsrD1e<L9FiJ#s3OY@4M2+n<;V;x;@oGGE~3=LQtXA*v@$)
zyf|jE{k@3lpTA-%)Jih&{ON8T?RV!z&xahk-O6e*7AY-<&!wZc2&Zp}Lf{T1#F!4W
zp}5|ei(8k<QqWgsj3WxW4bWI~rzL$J7uo$ijV%T($iygTeK`nidiCqHPUV*z^Fp;j
z&})jW@lsD0cYq^@0U`UB-aXpw&3lH!%iT}x)LHP|^!m}hns3bJpy5*8Li)N#3X^F%
zF%%V2CjX~%U49-rQg4A-*|nwZtG|}2S65tg${Jdg8#P#k8#&R5JgDRwT=Ci#oeD$0
zhTG93@xX$Dk&kw-<q<FrLHT}!12Y7+(|5mQ(s_Jv;SRp_v}ooECt$u!|5ibk?Bs(W
zSY4y?atNMU7WZX$<NZD6+8uD})j_ET#2TUXpV`>C8ztIFz`E(N`2S-8q}o}!v=?cT
z?+36#mDH;ZPFwP2?dWRw#|5csnyfd>XffE|zDAU_T&!nmHJWgMKQf8($~>RZbq#j7
zX)=2cunl!?9XzQz37TrNmuDmOODTvJv)7#$3ByPtGJ3ob*80pbVPCJ~?_w?fSQ??z
zYTRjwUiS|!{v*3p{t!l@ItV?}YVYS17tvS50x`2&`%X-)=-=^t7_wB~#D`kIXtW`*
zS@=Lzs8jZ38wZuHN?zqNtf4PABu)mn>)6xs@OwJlqShH}tJ9$glpHRXn#Dz(G{D`$
zaRJPZ^k#q;a_n|udU8=d(=|2b+4NoaN8U1!aH=cnOX%2$-&ClC%fXn{Jvsl|(pw8A
zT2R?VSB#-Yu0$_BnA?#OWoNiMavb*H5=1Aa)Z%M?`nMKO;03X_GX<VZcPM(hIBC7C
zoj(mh>mUpKmIWKJA91@~_i(x?0W*0Va`#fGL_^NCey9wcF*mraGOu0;P^$24tuxuH
zL*(|}XLZl{NdMuWfae(hH&j;O=BM3N$G#7^K!W)+^b5BiJ;ELCp48k5`0#z`%k7cU
zXE)na(ZKN`7Q{QO8Cj*b^#aez9gAepd3Y+~Sb<!mFJ+#q|29f|DqGtmy?NCdPmSpq
zp`3QdXJagL%c^nb@YpCZ%EGH(Qst6+@q8m0+Ba!93PLg`0E^Y6szdT$WJ<aH`99w^
zlW=rVaGYRE;|aG=l&Mph@CX5DKd{1>`T{4n73k_L;Nsm-7tP&{k1ZFd$U%2bFd;%^
z3{$22lIx-r-$&?`ztZb_K_dEu{<JYqYw^mFdajxC+|6*7mUE0e`NQ*rPypDb2vum5
zOHY~8`6<{LYU_3K?eVdMp#>H5o7%P1z%Ohk?Xj4|P<>CYU5~?+t}iy4bU}gSY2=fa
zsvSS|yrv&Q!>22UF;3Urkl*rjqW7Q~w_dK0Ncb>54l)|l!`efqib&67U;j0?P$}%2
z8h!I*vyk(H;bG&+#X_eQ>$)v9sEv23g#-B^WwIklF1vaulgI6_YLt1ipr`x5<>#X;
z)q#r+#T%829T_PlBAv}y%=KjGH(bAPT+0ZQo27OH_dYpn$OT!=)sjEIAsbr&SR)uS
zB#XW5@Te%sL2ZSn)Q0<nNt#!z5;JA?l-Yb#vietg?@_vg-F=_(^N|TLqjrX4Nmcj9
zO~eQI=B%LF<!&Ms0m8yikWdy$XERkM;9<b1gvaN!KBn}uSx;r9jHnJ@6y>z3h*bqi
zs$cxBr2P-XvTFx*2TYI~t~j25BJxq;h2EoK5I_J%-(p27q&s@;defO(o|a~7+a$r;
z;Kx@Puh=aUCPXUR;;S_F5(RuN>m>0v7l2B@zSKAQRgYezn>v&Il8eo~F6fz$+}1O9
zSB$0Fwdiek$3Tw$;_W-GVd4@xgg8#RSdF)Xt;pC3$D?tSTPtPA8#;Bd;gzp7rpv>g
zMw`CT$FopA3%+q0Ie9}XXD`b6Ru1DCtWb(^nNjNXl4K#(H}mClEjWbq8ebKKuBb)f
z4h9kdf)c~SL|=bcE=ry;8&9~eX_oWHp6Y~??%5Q0H_naFO8!l$u`=kUB&Vc|crR}e
z8ksobQ?8R_(u;MMw;>5>$r=d+Iu?BwBgLG|0$ym^iQYV?)Osy9mo6L%aig?B9_?l3
zvG|cSo#uo`4Z0Ye##<&7iZjdul(57s1LDF5KSlC;;P-E22Bkntl1NPoM?V>HUIPI~
ziA+G_*#pBu^_^p@Cnc`e245arS1+hDJhi^Gi*LQdw*BHk-nwf9+bpFXJ}j=kBkC4<
zuU65I{PbYcdCnk|qaX4Wo<u*EhQBXiXTTH1dSUoG<sZ(pVPgKNj3oUm_~_P)AHD1b
zss4Q<1R#_Xfwhqx{EG-_FpVfi^0}^(xoIOw8t-F^Fq2@I^-bz##!I>Jqe}?0{VEDO
z3~boA0*(Po0!oC4J9}$4K`N7WAl%u@=GM?3X25Y)dix2j#ndCDSAB7RcA4q4X7b!e
z&gvi4Cvf`&?a_C6zR{b+SWxttG+Z}U^sn1^6>t+#QyWB-P}11BCo7*fd=0<Cwx<>-
z#q47*RnwUiR1vdG#Ng3|a@V;CWV)ROZ8Q-GpT(Oj)jQ#U)NFtJ9u`Ybc3;<OefvVG
zcogm|alJhQ-6h$Xwk{sR`zKzAS@^kP2Wr%Jyba|Bxzi~J5^7(RVWzTRd#A>JkM-93
zfeT-Y4{Pw+a=7}Yq|oW2m%H1SbHV=wCpB*>6i|#P^>d&k!1b`!-a^=9=a`6P`)>5{
zuD*3-Coizc?YLlT*X!`kkq&>k36+H7<)>um#o#a({(&F7$wD)HJl#?6Sh#n^Bg;!m
zmC5ph3yb9e2YoijS1*XSt2-*wtJ}@mN2dio6$_mm_XHAZB3_RGT%j}UprHN@@fmu}
znU~(@(j|ZF+_MG3+O3i+(URZk?=Bn-2%|wWN!^2*-@DR6)0Z!=Rzr|;+v&eRR22aF
zy-T^A1ic03@xz-dQE{?N9<Ja$e^0r1N~{qZ_}LTtl6~6=X>QIxpmWaQsEq7X$(vPw
zDR2W)O7nMpwkHaJqT@W1Y@Gdi`8OK&@Zp|)9Qzgd9t@^wLwtelmuQ{BCbl)*?Mjeb
zX)vi=@!YC!^i)TP5AkU>ZbX2>7vzC^8fZK&rvY9{bjO)<rPV+By?jQ%yQ9=gI6$d=
z{lV{OC_EpTgIx<ilI-A;t-3;Xwee&6{c6d7yjT_MJ4=k;vlS@6lZy1ybFXB&Q<V=L
zlt8#K?u`}ajvF*a<x%MLa{lOdKr&CQ3&|H?7<Ju<`*Y=pnQa8kizilp;Kz?2+yi4F
zDd5{VOS!a{9!d5@H{_!|83``*bv`qjPeQ&o7#a>MK<^abPMX);^zJVf82!tt7V}~e
z-->!3XaGM;U7!I}&0gDPE$C3l6B6{*au|!KGtyGhKM-RsJZelk?4;`j-wZ@5yAKdz
z=sDTQ?wd3$&KHhFfa%00c?j?ll+MME=LvAdA_Od;TvV<H@4L~0VuiAh_1b=8Uk@vj
z)_<IC2E*EVbi`%uMHQqW3?-MX<2^KYU|B9ONam%b87*#IC^5GSQFegoi~a5dep|E#
z7h1#bylEPQ0eqwFDruk+=umhrMkyT9CpnJRA_)|pA1<hRL{hYl4hjt%enj;KMJV2i
z<gST~j1VL<N@Y%F804B?C1A~zuezEs>Y^(OsC>qm9Wnv6VaqT)2p;jJnN*Q-p8uwP
zJ)LK5IU+lsV}Tus=fLX9et=AU?Lb6Ze}xTkb{GhbL@J0!aCah(ewZ#M$TS&i^VMoG
z;{&DX(S?LfT&{_66jisFiG6E_qCjC2O0;|_fcL!EgMzsljSL3lq3TOV6AKOZL;&;q
z6VW{VE}7kMgr75Ej!}8EH;DG0=1s;4ec1{~Xf;Pdbh@+qFr4(S8Bn4lRol1H_EuTW
zLd>m%tOeXV-{V^sue2w9=uVF5!Vt~BM|6kL<K+0$lifIXONYqSNegVp>j9SQcM=x7
zY7BBKxrw4CkrqVPMt8KDoS{wPa>Rxue<kGZK)9x0LKR$Xtu6y+&O`dOnAKJad=-)n
zoN?30%<LoSu??HHVd>x8pbhX^V3z4NLafPF$NXrCkHA}f&yA~t#PH%0UV@qxdI)DL
z2fgrOQ(M;~o~D7>LhfItkOZTM7P&|fTe+qMFtqCJ(A;;Y7-R#Sc#a{<NX-((a>-b0
z?1SNt=0GbL%QgLB;<#vu(1=j2o%)95q)7~6ijvy>*ktx%1W3;GoC}rqMUzK+xkFw3
z40&@UJD5GOEZ^ZnyoO|!GX@>oC><Vywhcgc^pqoBib#a^f!sTC&N3r%;*;5}wcCpn
zF!3mAoS*o(Ao$Fpqm!{{G*Itw*+rk=Qf533$*r{vA3>$UMnCC=6H8JHdrD+7mw%?5
zKqkfQQglJy$7k?t$-y#_&-E6WM%V(`FV&OZYFK5H>FuL`ZY)-ainrV#?}Z3@`OFDD
zf>OShsz0osc)c$pB`3LE!jDAnpYatM13Bw_#z=hGd}wXdX&GMP!bvTghzABKMo1|G
z^b!+7#CTRW!TT{2BPL4geV*XPxEiZB#)jY7(5;||0?H^Q-c}L(rEUmwT(^OHH@cd=
z=5p=;5=@RL%;c;vSJw<>lY=SUhA%@8KKMe_%h4tx7?*!6zq6R%ac2u%@yYUYsWsKn
z0e)+=*dfZ{+<$RD<&IeS>X$$P)QhHs&L`u4{UzT5)1a31qFk+j$RaqKkyZYgfoEWN
zFn<iby3nZ;B>7aW(@tV=$gM3Yr7&75jLXl`f<_CH?p|x1K!mk^Q*N~I!v_dJN)3-v
zUsP3=-aURwP8f9Vs^h-cjBQNkJAh=&5u%5((24NCm<84zGYQ^(#<7Z^G@0uCORZ0h
z-A$j%<d!;Uwfucdy0e?iO+{#@YvbY0AE(ibvY(0sU)LST1n7m*qOVuDa;hCM==#b!
zLfSn-mw^4eUQ$Y1xQ-B$)!h5=J<Mdd>THQ90aL)cQ7p{Wnd>{&4@SlNejwmIu>1_y
z<g!Kc@)Av80ND$*Qm2X8nuqp;s$=%?v3-<|O(u)00Fc)^f|ooxV7pw!X5qK~v9KAI
z6$+Ya0ECjViiZAxVOgpllN<NK=XUzi+se8*e6b%Dj2RyN@Z%#vm`PHx=fM`{WsG24
zIBx@*(5#8VvP|bwPZxow^CS5@>P|?$>mMlW8(%JMUr&S-GvsR91C6>K1wm=*k2nxI
zSXrSFBUZzoSfrA`(i@G7*wu7iv12hBm<xmZiO{a3{u{OO7Tac=q(WGvUl7l2Lj>ys
z`V6i_1U>Kh4USh4TfYoqX<oz1F@=TD=dN{cqp@c)V{TNg#DWH|BWfFPUvALFDr=I`
z1#VO`{=$9al&akO?4<4+Ljq@nR?n@<Xm(&s&X7%_>VDPP^<#qX;ph8zzbZESnS15&
z=Utg>Zj3NtoUd$b#@FZ|;s>G?b?u_p!?Exh%DPVm_N(~U(Se5dzK3tykiM<%RI~^1
zB9S)P`3S6cG)kq!3LkH!Wph$ayo&-6-vnZ(EXRejAN{zx-dVhQM#n1=v>sv85$3;}
z%})x|z|e*zvmOCcsDbAUz-<*P>^=oT%%zwb%Nv_hoxBM6I^hPLNR>oQ1m_e$$n%{o
z&ro=0i3|~=YCdkT;G@LrAkubAG)Qo<ohz1rJCJ{omBg?<T$!Jn3soUU6e`19fr_l)
zGb=7g;sReWCZ%nUR`2T`h#P5Lh1KQ8N+FH^k}T%431qU+AZSteJ^aS_ZeM={HxV(<
zmmqcmjdo`f;Bu8r{lYGY4f<mjk)S9PCg2mBADCC63g<{z!#~_8;LmzY=U`g;ZlpQ?
zTYC_JKVIm92*JsOyo32#V7^js*0*}Gg`!RV9cox1FEn7^PMTTasY74{!eGJmQ8rg^
ziPz-%JGCKup3GdEJ=J)|9Fe8@16=@1A2;3bCQ<xX!9|nWgF_NI>?i)<n-Mp15|8t>
z{T$g(e!X#o>*4VSW~rjlNMWMCej7b!y-oNrwRm&#&vrJ`!?+#m>T&8F&NSjq=JC-1
z!;!|K&0rQ@pCL3xI`<PVr*de>WM%d1#<A(h>aAy<^1qd8wny#KMvZXbxGAhy52Jsq
zsEd5LCP%nVdC~ujK5{TlsD~wa{vC^~I@0+ld~Vi5&@crPtJ^M|SefG+U_FewHBUuo
zbBDZ8Z*{Vbf-pYqmdccSSgN1N7MWLI0l)HsE{?u+WAM4_Ao_Ekh{7>Z{#HV%mcT#<
zEqYcQCla7f6=?w(=_8N^mXAE9&=?150IdFt-7pfKcfR$XU~Uhsswa3S)=Q9OB+c}p
zxQ4r69GUrFt3VFdJt(ToM1CPg(}h#{M@MPh23rkG7UPl{jRghAm?aJzNcUe;(ch3b
zQ3wh<Dv~^j$`^>(pkTfmNq2b5N3$C=_f^;tHat4gwXq|KoL79ds2mzs^!TaLJcK%j
z)Odm+a%O2RASI35b%q(;(j$I*!gwNj{nbRdL{!0FW(skV)SufPUJ!2q_JNBw_Pb>q
z=!TjQhc)U73oAs9=VtS&>g)9JI_d}tKS5Uef=HK5ud`UZop?+C3sSyn^PSa;8Ox*i
zkO}zXbSHla$$3H}A%blx;Oh#ONKAb2K40}i`gbhm;~4pL)?NQy5Irw&jmfjx<TB}?
zRlj-kLfr07)t}1cTyKvFLX=|6QtV{P{ij$xvgxTFtN>6Z<l*PTsq8HDEXYL`ireap
z{Odig;he?f+o>7;jS~Wo^S!Ad>XV#Nt8?|HPFKM9OCtzz^k?!KwLTqzX@z8@qj8y>
zL&~20^tlf`{e|xW9}E9#lQ?N2jYH3!2ak^J(pai(93d-|$Wb_75778>Nk$}(DI77u
zQvuT|1A_q3{kd-CHEt&c><FX5(X9GYU`s~a3|fpl$<a~k{iP)>9uy<SZv`<Jp`k%+
z(tC6o!(?%SjLpH2IB(K)K*K!?3Rx5gqFud~<?XHEE6}Q8kB}XeY|{mBw(ewbLCmS(
za1bwa(m5h3Qj)Wk+i#DThX^goR^}|-Kr$*ig$ZR2bVw+LXD&LEZ2ayxPoWcy-1-es
z^L!eOfPpW%W+5@|u}sXyxVVp?xy93L+yJ@rg)69{QDh)Dg*Es(V$^L?%G9iw`11wA
zN%$pMR_#+^s7Z2SK=3IsiP}KRb_1seRM~P3N}Hf>9yQlB^5MGbBrIEG5_y<0W!Gv%
zYEX<^9~mt#)Wk(6QcmU~`cuJ7rzSu-*=+X)=oTSUGdIZkn;a=d3+HVMrZ#S^0nKc8
z49cO<S41!Ai`jnFDv(UMeEHk!<z0!@f(wU60E@zkO7z*-?7^UP8%eb^{o-e-al4;*
zTjryS_Z+z52;1Xy2z$z;=OHXkSFD2@pA{R*nC@ak;&K&1F{*3dz78Kx4A&Y@u;Nr!
zMuplg{?wjeO<XGD0a&m&CpF<)Jxahbxg;gynHC@%4UB$~4OqS-6Wsbeulj5_i#P`w
z_UOJns%}?O={3{3+F2Y~DoAQ++>M9MY@rcvk9mb@rkkmqoK!5hT~;RXF)b0zEKx(d
zEz5<?S_Je#xQzjgaRU8jM68?wq>`DEA?g@m{LCNFHwL8Xvr)qEUAvQeW&}#UgT!)>
zbjwV2aGc^i@Gz1&)W505Zpzf`B{o*K@YI0i(uidr)p3tyNDMsn;t8ChFqp!lmKnD?
z<BAIvu85bJ3y`}0dMoKUlU}|2;(sii2)Xw8y!=Za^>TOaX#B3}Y7@gOF~@$1&b(p@
zo2-f9Nbs0yPdQ`Xug1SI)AKNa5e9ijKKF(-GaV&=*n?Q@SrxzfV^dmL3ZK-vXiK%M
zf-fDE3vPF|=Wl?mFPGw4p1WbcAA`<_9fhODGZ|LqoUmE<9T#J11vXLe<Ypj!99LBZ
zzI4smIP16^5CG+R`h+kPaK*!DHx<NKeT(tXC$~iQ#=`h48DM@!T3CcMdUueufP^KU
zUlRm8pAZQ4lXjnojEt0Mavi-uVTH$Jdcc<v*Klo&L480qFtwKW44;An2}QJQ)Wb+^
zsXO>R$8J+t%oE)*JX@aXOHlx8ja_|>o}g6Qos`S0xTByGB-g$yy}h;+j2AHVg%GPA
zkMQHcf8#927QRx!yy(S8-s#b}TS2^B+Q~65H^09)-*2fd%DVc?Yq#3+O)SqYHau*y
zSCs${G=6(ClD^2|Z>P(PdbrV@C0ww!;m9oa{I!~iMQ3jr<WtoeAWg)O+Z)QY{`Qrr
zu^k$bj@)F;XM;@f8It~K3#N%aY6!G0wMj=t!WS#WH#JrSr^ijA(9L1i`_Sb_z5XWE
zu~@>}*J|$i#7|9DU&8qqak5wRkty9!kFp`r)@z0RNk8!_Ws50IRygo>qgBdm=$)#e
zLKV5tfGK*0mCdP5#K4XjeshP}r&p4HKHiT;_WVzWcQ$f73);5;cih4;2H|iG45dyx
zl7k<HpUx{ak^4)k5^$F5ms*ctYPfK3{MUkiOxs~|Z+q~s)mF5Khi}=<jKk2J-KxGs
zPv!EVb)~nU60D?2Bo(_|R-B4!769p)FSHPZ#y7%DAJ#%VbduT3F&LDEuX96wK!ql7
z`B1WSx@;X51BD&^(diBmWS7Btlzx&8R<1}xa@wISY{O=fhc!LG-sU=Nu&W4`L5@4J
zVlzX?9BWUI#gp<juh;?2!hY|IV@vM1+LU%s3Ki?tbfna{gK5XGexk(wSzBc<6|jv|
zDc5>2T4a-KYS>=u9B#n!E?WfY#uI(?316p$`%B1Eg*;qBT7lD+PT(7@6RHz992nv8
z6vZV*(2&Q0$lyIOp!$F@kUiDh(=7(ukl<Ub&mBAXo$NA9**|-?<DE%>>P?~xDq;)E
zgBxFLm}y8gr##CP_yAn|Qa(s5O0eoHb6ZmMlC7$LkR1-b(^4Ic{t>xt7ScLmt`Sn`
zyhgEGoW`?HJ;n((d{ZFn;lET#q>>S&t-T-iqeeocIcM!}2%zV7fswm;nYv-|=tadj
z6J!z$&9B=xp|E(ZBj9l{$D$xX^v`YoHmsm0o{Il<n)*e?mw)H`kFn}z!u7__if&$n
z59_+}#kXb~mk{MS&>#Em8}~aOZC*cBXf>-hNy~?fZMV6L`tJ@MCkPf~vm{d+5^%s%
zZe|=j=i9HQ7Gr*mN|sn^P)={Z)NEyuGTylkeVjU^DOD*$4>q%L>pdVczPngO_BtZ<
z*JoFB_t}(FD0m#o#r$;-1^p4fU`=n|j~Qx%{#o5W;g&U({#Eu>3r)GAW_(0kUou@z
zaYZ4ExI0DIG(2BBi}Uc$lL!L%2_N^*Z*nQr8uugU?c6_~o?IZer>iEk9&Z@++VIH^
z2C6xaQNQ8y_Z3+!{Dv?<#){2>j?Lf{pgW;5BWWq??woOi+Rc9D{k;YduZ0zDZ#rY%
zJ$tBqf7E8V51gZl1*%}gREUUR-<Tl1cDR?zsfUls&4e#uD19PfwbA>fr4XI*NTOgE
z(G!{!&TOFs;3s8tyh;<R-G7*%CYQDS?$o@}Xar}L-#Cq8ZWzsC!_BxX&=2wf6z+RI
z?-?(-9g<g#d{bpx55QZtnNL-2#c#oPHz?jF2u+8|qBlyj$9BnAe&ap7yVg48^Ok%r
zqR#4j?|ZsgYH)(so--5eFJ_o&wPtieOn}aVT-`SZY4&e7KO6T>bpy9hLjM2{KoHg$
z(P|jO9Ll$%p^<D1lWKM5g)I~+IGr>ji)^f8O)d|N+1&o<?H&&O!#m;mb1nd*-kOqu
z&LJ$46q~IS!tG)*Mq%Y`@B4|0xEgj6EYN6`b_ytYpb$dR<RL*7CJCj`bXZ|K@saEW
za=$-N)3E;v;A6afN-?5e%KpqH6Rv1EC6$gXzi0*=FqMiM(}>p`RB8*>qD4kU-6?Pq
zj~xaErz6vWs!v(f+P&rZ*S$Wu;}++q)7U!K&D#-A3B6pp*d%L2-$2lDZ6DUE!i;3%
z5zt!p?Uu2LU&RfKhODv_S!!lzSJ1G%F2^${67slzGBy!sT=j#wqeYiE=l^;o7t)Y^
z_s65)(-;$tVa(tRnUwtg(U1Pu#&*YZ=MH5ZvR&Q|O0p!%5#51Wh}kAVYRy_GjY;g#
zJWW7ycw9>YsF4DwylhoRvAdO3O(!$FAe|(rR5g0->9$D>x%*8r!<j@HtCL7fGFrG1
zS6v=OEp{qAJnMGtz~)bCXA3!*!<92Xy=d$zUT^~-{m~Ln6G*<*GC?6G?bf=!-Lxt6
z23;s$KD4hD$*O*NRC-Wr^#o<w!Dx6%@o|Ve^m;FfBx{XK(8q&&0l-IH&sTEQzZS=B
zLl#1)S*vRiU8F*Z1g_0%AzMt|Vluv}b7Sqt4+0!046iM{Qj^xpiPV)(xS(0?v|Mtx
z`S4N3<T%W}{JKeD@NAD-U2t#-$P#>F*sbtjx;_{s*~{(e-BIXPjA*C#_?DqwsfIHp
zv;cwUPL$f^uI%3+=bto)%`^G8#OmrgB2!4xok5rOq0`DvyAj(jTv2l3_nsLP#b+w9
z{%S+40r&HHkrrPFrE&#`=#vdZyn(-eq#W?`u_iNL9u>6VT`Bnq8_i=j-t1S5|1|j(
z{|&A?NOAkbn%MuW`)NN5{L~Jkb<Pt4zg=QTB$BT;c^ZDRiZpqe0}$p!2)Gex_>D~c
zaHWzC_UA*Nq+RX7Wcr~fcog*uh!>TWgcOxb8;Jp6XPz>W0ylVe7_!Y*s(ktiOzWwe
zi7DztL(wZHcK4lwHHYWX-M&7)P5{rnmAy>YIv6Nh=pVl8xO6O(=Z=Qi!Y))f#6(*U
zAS>p5odTCI<k}|~K4%jd;7=2_H+zUi`r^d%*nXooyn=z-?PQVGsPVM6)A134GrtM4
z!#2KliH>mfyp3E)pDiq6Y4X0e4;Awv!n%kMMyFH%k|fEFo~DB341LhM@D%q`(%O=8
zEp|jRv9cmSZw>Wmz>mi^zNJXvFsk}RBl$)03$M_hPeLE5#>aWNAt-pR_l8&0JDG2u
z+AQp?hI;S|Zaw;+7cV#%YtW;3f3k5W5dM8>=*7#48WDz_eh@-3djA+An8+Q})#-NL
z4s0`n=2hyzrWaC31>y$QFiGoIq#rA|u%STo<mEBaI?4v>s1eM*uE~hxHO05fo!Q~(
zVt-hw7zAMn1OAXOhJc|TK^*ZyS=g9;>ys*umyUa~PDx|NmIJ=irTX@+7sw{FH;P8F
z{Eu$tx{#yuP2DZaeyr_OVIDLL5BKGs#R010KIMf7Y9qvPEuocqPt51A&K4%=O=h98
zT2FTNE*E1o56ui&yajTClZQh;g-1=a?iT#^rC@NlDi2eu{Z^pVLA+;<Z(*ZJgt+|9
zP(P43tM(o(Cgrku-TI<&d9cKf(Y*l0p}ybweIBF*j{fGzc=u$EBvOr;YEPOzOlnVK
zC*-hQuBL5_4$fUn!m30jNV0EkO}R_W{B|3Ej_xl|Qpo1TYb;L=4$$KsLUf3dYIp62
zzL4*kmNDF}M5!)(P`y5>tn)jx%?kjgHV&why>kCvIHqM3Q@FumU=k{AFkuOc^G0;J
z*&iO9!@7K|e=|3{D2k<T<RHri7nJ_7jdtx8&(|58mF&a+x@Xbu&$I4p+d;1}Nee&E
zXgX83vDXYga7WHU*7bBN(D5pV#BMdKrKj&)&_*A7BeN3@^~Z)JM~-O4$f4#s)V~xF
zm!r2=e(dUWjfUHq6H2JcdqZyZ{5x7;e6Uwy6&(@e9%GpBGDLR1cq`~paZzJLy`+#{
z;a4^1rRO`2r|CG~68J_`4cY63bL0obm_~tSxW(b4mB+0&SY{dX!rnFDQkg#66S33h
zUbuBO)Diruj)2P}j+qHfc}GQ5l$7PI@0HFShex!wQPw;j<{MoiZoLmPF?dLiEp+Zy
zmc?|;;q|FJ;1QQ7_HUTDwj=n;mTBaRKtRLA3{rm5hxbtOGGaGE@uLAhFc+ywc>7mj
z`u(|dbPSr%pC8h4xh&8U<`<7-T^aFoK$j2)hI49xyrUS~TEI@^x43Pz*3X@fYiuJ4
z6byB{bfH((pf=Ppm$v9S4`1P*W!+ZXBbq;djPDmooh{@rt71OgdDTI~jUjUJvcOa$
zdSgmGI0&aXyo+F5<xHT?;t=4fb6QU{lILAxmIqSM1;l^d0z@byQ=hBXZihVp*Bl4G
z9((E})9D>P`!QBF*oMZ#?Q7~}ME*(hH79SgOA(e!zih%$Pt0jmDs`o>OZ*y`V!nkh
zHt0Q3>p7|Gx$`G&z+Po7`-`*D(QfYuDcOpfj(cCU3kvpS9+p{<8$M{kj>$Py)WJB3
z%n+r6M3=G2`W+#2{uwi5$S-z=EIi-#VGrguCdshYK30UuRkTZ#WF(W_jR1@0L}NWG
zx{IkZ;!CgjZts5ham?!G%?$MAHE@aqSg|vj*v-C<v!=Pw%Du=#<c}cI3THGu7WZ?m
zFz0IPCFyduG>+Nn7McHUUPmvcD*{?_Lb61oaS+@YywmQnDJ<^r1HBtsvze!g&-^>)
z(8-R)sQ)=2e-*781_{d<qcU<!>?Pl76wb3w3*i|Nml8OU6;-#gME}jaH9Lr2xjR4O
zc`CKK0fC>sH$s`Lc5{rsj&KXxJ0fVINS1I-Q?*L5`6Q}xbKD37sQ#fQ`4<jDX@*%b
zgq9-{v=Ti|&2XNIU~M)~ukoZ}q1G+F3@VL$xIC_z@hp{aV~^(`mq`+_hy$a#(S2-`
znf)2Z-r#bPk}*opqugz5TLG-5Co7PU>-svT*8gk{&tlQXJe~l3Z=NBk*9FEyNBGFT
z6L$URx(#!CG=m|Z$u8`>urh*{E<tz+Zs}Ih&LFAn95FKoJMKQMTRfP~)k&nkZDIcy
zwCp>6fF`MboY$;+`2<zD7R{)iC!9lTK2tZAG{nK$D@5mg?~N%ml^1!X+e~aZV}s51
zGi#oP;rF~vNH~;l1oW}yM`%6K0b)g9yv~C$I64TM6pw2+frD5u<Ga!PG<Zbr0nJPB
z>poo+Qh;{kjOozM;)MkXKmV7T0G*iYx~|>ZAhOx&G3oW#(+;X+8YV{df>n&_d6@6}
zQ+-OyEkBJMKYMjaY&D{UY`W}G=bkU2rPw4(W-D4~L(l8zod2%D33s;lDe#(@U0l6_
zf_=O7K(6tYFq+h}T47G3Nj&}($F@YMQ{$=3Pr`(@%SGqCGUZI{0py)@ddi~8yV2vA
z;>WoxSChBMPU`EdBLQ{Z16SJ_Xj-J1ADxlr#XRFGwM%|?IAkA9*N(<8u@)+|b=+`h
z`dKOs3c5UH;icHBu`^}$7);^RTO{G^J>S=OF_A_wK{TtTMK0+E%b!q%L{8{%L!qYJ
zBP43hS#VMPJdMs9S|s8)(Qv&c)yu%C%-mf#GYFjEb7?v?Dcv}6r$vgQGNvbnpGlH+
z<Gb*6odvE_n*W&p{h4$N7u%G5wDu=|>$IE!LdT>RKP&6!IYB^>#RE@0hcgaeeK)F*
zUom~D<`fI3oxW@elf&!{Qk?lW1krx)Sh}iK53{MD{fQjT8Wb;nvD6B#Ygyg|p%&z8
z=o@&x?CJ__8i0XJi89wi3^;v=E2p7*ZbSnUZ%TE;d{Y+2OS)zn)y(^Cm<V&bD4Mo@
z$2&eEAQPQr4#rqNb8S&nk6ku%s)HD86<=v%J{&$~;mWSMPhW?pw11*K;{L17h!x>z
zFmsa9|JXI5)l+!^DnilYUf7a65Dctkt(y$J%YJSq;iQzcfT@bWlZ4W4PgriH-Yc@l
zYE@&gUUG>5ZD2$AG^L?klZiP)m?J*+e`go`BA#2ZJ?Bdn0XPkXXGKl=7L>u3G1zgd
znZlqvQHAG<Vaf~@TeH+9d9U#9Pqj|SE9}3xo2VRBXW@<jry%9rHq-WfI+QMkf9<G#
z(x_|f6wL#&c1z_^0_Q0eI&h8N)I7nh;*r(qfgI$oY!Q!Y_9KHYQaOq)jV!ud6Y9xH
zs;#f3d0gEoFA8gL_;i5M-fC68$tl#%2Z)eSALX1#2<*;|$Vq6uGKmW((G3P&32PTo
zpBUNUX2f=SUXh|oT#aUsz1*>G|6)WbNH4)q5D{7a$n0X6HX^miVZ&rh$|Tiuv+KSa
z6YnO2|7R+fti<UpUN-VYKHC}%9FathxqP@!!Um9WP)uXuxwc5gv!rBMKYYg{DO`tT
z4b4_}NCva2jQeH}|MtUb>SNTy)Ug2JQp2y~7skn<nhnr*wp7>Pu~lQ!<h7SAxu-;n
z=kFDaaa)^O$h+62ieiFwx)zs5j_61Yi(a2SjFj9VrQ6%`+R5)?P_V)(f`W!DGaa<`
zrurGt$ruF|ccJ95#510ehm1w(W9acyTU1K0GiY`~7OF%ND<dZW6*b=q&SddRrfRwe
zM!xhB8-olv+?h7~yJ#1a?M~?Uyv!xtTkrL@9r|r2r54!C6m8nc>gMK4Bl8L$;HRPz
zwn92rIY;dJwdB%yG%ZA<fIfP`cAP!hUs;IvdUqVLCRyh&Fr6eMX(8mZoIM0%8)naF
zHO%gllo^NJl=KP)^y42s3pw44(#p2S4ah_atp*0M#j*6IW|=Z8F3YY)dtQ5+yimyU
zIU(ZcFORVEUMIfB>ogdTpoq4e&QLJ@a&NMW$BrRkol`13nmb%?${%Qim--cBHvAh#
zn{047U(OY$_DycL&5=ZHtz@^0?2IaF0u)iSMz+hdIntNgM`Yltcc9_-PUF9Z6}M=3
z7%6>(cEoCyAUJ9}0NVi#avvB;mRQLh(n=h+7BAbXNVijtr7!47cabAqYf+8w)_c&)
zO&PI`U5xud=j<mn+DV(Fw~=w`ptc`<LuGL8Q}?Uom0HijEae3c!ty)M$<Rr#gH7?-
zF7Is$c#F!x5@DuKv}q}o0D(>B#WK-0$kxVeF0!ajPAJvX^}>wT=Ph&K`GAO|N6_Is
zVz&4+VH9F&qXlqXF$eHUUrbZ?pTHrMhEw1@04DXvxVm%p4*e>y$rG5ob8+dSPtx9q
zr#NC8E8)MjU=Cd??T@+EX1uBY^_P-pbf7E^EyK%k=r4nHB7#B~|0FlpAH`U0E`?O9
zy_&o4;2bAA$I0coL2~5$oLPWjn0!FHM>tFUZlez!5?$Uz|A-05BX*6pxgV5pB`H8*
zDI-j(pzYi3XCU)bQ=E9a;H)Az<SW48nf!UXEFO&LT+3GMYP>eVVgNZAy014qdh%UJ
zD)v*JU=7OCceNy<0X|?nX={=s%+e7+Pnfb2pSj(Nn<~*VZQH}(wqw~r_YN^^TrY;H
zB-TThz}e@Cy4!`NB>j#78enX`*GXY<4DB#VMspmTVOm4U4pV4&>LySdW4lqE7mq|k
zu=A7^yU};G@Vt(`f$r#%tvi(^-Td0hLAcDv#gCWagq`@n-~)EpkQbEUI@cZR>?Qu?
za&F$T)9SLOTaC7#qSDsRBe|Cdm4bM$v;4FwntZ{6@)D5C0Dt1L9etWP-zM#apxudM
ze>^R5x!~vmY|ZO_LfA8T1UynzuTD_FAngNWWx!N>Z1>N9o1MyDrEL`P1)Cv4&Bt^O
zxS!Tn!l?tCc@oq1!8uU$h=qF_^1Y{sD0OIm15a32d{5hb+U5l}7|+ipd7gebDki$K
zxRw$Wp{7@}uer6VM&5_F6s3j}zEi=p7!sZ5y%TCLL0qi0tEBF^TdP*f99ya|hCZYU
zF`3$Ut$V*tI%n7_qpnZ*%}4s&2%IjkzAq&RjcrX8znIRx3Dokem2DYH2)E_w>2m4w
z`~IX5xb@6t@^41+MB_SY_u-F>za@5Mq<?4--yTTm7<e>Vs`ulA>bxV7#c;>W;*nU-
zTu7dPj3%ygbnj0+!B-HulJ>SJnTl8U2NqF7Q%J1F_nwmP439=}VbE!^LOHL^&z<q_
zWb$5NcawkBWulczPAFu?4?<^=_azg8cZDClY4TcPrw@WsTd?y|p5_|u)-dZ%O%|#*
z!5vHgQmaOlN6wRxkub>P?~?INN;Nit!Q2a=V4AVy>>zKto6vR>AbZED5>=sbp0yp(
zk$CD&pd~d_@3!qh#l5!zxc@7Vd-J66gq?O^*J%e9-`q6$o9+B}2X}Ps*lcc<)n1T`
zK=F5+faQ*k7XTzwmizI+S;#AMRvmBjIrYZVuLquW2h(a{ucO0}CNr`eBBYga=|GN2
z+JtHN?~Mt+6ja$y$XrwNN<FUO&feZ!u1JUHoy$hA^w(Yf9jX*!^R-8R7jQGkWXzb~
zvS=YRN4MGdblB8<nBxGq1}}1n(?m~|5Q#h`rvv}sG3K5F<uBL_lnp@v2ZBO$9@o5P
zt1ppxpx*cU?ys=5=pxM+l5B=Rp-Uv`D#+L25Cbsz_-JCD;hmw9?Rx&if<##}?2wo+
zyo^OIdtE2jc5<CQeitW&=J?!5R`7Dr{SkkR;yq*5A&v7cv&f&41IIyA!NwZ=c*Qqn
zUOm`8`Vu$Lne~c&Fy;JMe{`-<)y<Y0J{34Zuw4Fy32xzN5-a>bUH85uRlojl$VfjI
z42N^nC9Fxcvv8w{eu;H3s^7Mz&kf$*X7@oNH%gI?!lbC;bgF|#4d|J7DsRm<^Zt4G
z{!9AxZw&VG8)Hrj?wgybu4~o~;d89*b^uKsrREn|VOZ**fFFV3c*O58XbiXCAlEP|
z_{9Ir$!-QD3WF9$D#>=%;SM%<$G0ob^6ymsso;tGnM0VrQi5MAw|kI4_!T+&TJ$|E
z!1z%Y`whPJ6%cibjo)-0Fv#9Dv8uZM9t(c=NZz91SN}%w6EZol8C3~lKv!4e<k!a!
zRHgs2;Pb~7{`j7lGhKcqZVVY%>VN+DpQ{(7KcON#8cP-=|MQ9``#*-Xd8u*#M{$Zx
zeaQJwS5^1(EB^wDqx=Ap;);VS`CsTCbvuB8xWwy!a&_?j1vK*y(BZ!F*8dpuUnM+H
zJ{r-!qH0_CpFsSXA3%hE`DwHNSIa)?UNU~M3G~$Tv9bRbkQCYnP+^u-sOtYC;=f9)
zO9&$(U)U&C#{3J&>K`E2n^MPrdhUN{>S>25{k*MzR@SKepFo82JswB1zX%zA{=3o1
zfe*-+JpQjOV?MtNIsR2mwkHYpQCv!@{PXrGLs1>g|J>=H+cJ@EX2r*EO8lAm{l9GZ
zFM~EmA$|RPefhNoQ{?}*f&X3YXS<P?vZ;;wzgQ^whlM#^>AiokU?Bd%0+WqgWz@e|
zaQ%k`Z}>9bf3X1khXsk4GWCBoCs*MEND)AiqWGUSd7^wMsH2pnk@jCebFd#kM+`+D
zq0at85={R{5sRZ(L*idRy#GkCGgM9RKZ;XqO8ldsf}#0;6QxM?0aVf)5Bj$hBR&*l
zFrTi2@h_mGe}HZ=Ri6IE9o9cm1b#$rE%=udb3TA_*F|ab{>2^XKivIaC;TJG|LcVR
zr<wnI68>id_`l)k|IHyC|2G`{|DH(C9PFcaTOe(o2a02>o<~J|T-+4F&YHa7D4WyN
zgTrk5uwt&J%|-@5){CwBed<*Ue0J@c*4wG~uv7Mjq;co`i9GJ+UHPItfq?^OZLS!T
zs&)JoY&pkr)@Zx<=>Fa4sX3{)b6gj-#Cg;Gi6zn}*CWan=%{EKM-kAy+L2gdx?Z+7
z#jgrl6!4clNJ=yAeqVOw?ChfZuNkUmL$T-JdT-2Q0p{JmwLzSTB0lrlxZD;4i`JtV
zm_<23l+{uHwBqcL#<jEb=#kjJZ@E(<pM~j5krwx)*XjL-y3&JoHFe4(i)e1iXiQd4
zF8LKzLSs!O*9V7FaE>Z%Y~QQI<AHx|XJx0Wt4nfW*LlU8Z9NC%p0?bH@RH%hEYw96
zcaqDsvu6Luc9bqOS37xrq+OgcW1W@!;&{#Ok(lCj?bg0Ix#MsWK*eLH|9GDJezsdv
zSGSRfG}j89OND0uf9};5(B#!p(*D=-!F$dAFCZ;1_rHCDpzhp{`7A)dl%Y4~69yzL
zc3CL9^<2-?;uLkgni?u9s)Mpgdg{SBXAM6s&3P0kXI9m#4vsQ~qMZ4c8s*7Ai@(2r
z1P~a4eb?f=2e-YmBYzth_{nTC8%Mj&jOEHR+d7fXk`n;39gB;K5)~JRd{oHr;`e*L
z9f>D_U^NFp1_T5oVezy=drVevjhS@ugDt<zwcnT$j>owb*WnNl*dG(%;8?Fj4^xw!
z$nj+4-dSYMAD=P0$g;93rb_Xwt^V-3ZcmAGIxo&m4mq;ZPY<xE%ixapr+a6(`JTp@
z!8<%KknZ~7s)-4QeKH%5N5NsUVAo3zxb8}Q^^tXJ9M<Am7+aViR0L0YHceIx|NX%?
zYW!m4{2_{o>(SgJm9}pq;eJ7jU#ekK^BmQy08a;uLaUn!cWxgVB=perc({Gm{%@xR
z?EmFB`0j!2J&z$FYP7l=9A)VL^ff3bNb*R!%1WtqGLwTYI3z^5&DDDMW1B8@!w*S{
zP%ov{_v<kxr~6aw!jVfon<%oI5)q|p0|9oM`4MVsHMs7leZ14<`eEvk@kIfFIjzEc
z@kmr^-KGlV>{8+O;d)kO3tSjHPCMpm0zUW6$E%&6!Jv-d;9#X9X%w|mrO$uLHKj%q
zDPjsz6P+ZqOG}j#-rpWJYQ67l$PPl`vBp_wo6ORL0zNhrX(0TPO%Z*%-b<j<WQ;QX
zl2XHAyI}NDx0vt)n%!wKo5!?;1wb1`4-C4{cq-}eUGC}7LIVA*&}MT<cNz_f^0cy|
z<^-%q%V%*KFIMRr;n)$ejwX<Wm)U+GD^==npwp_2B#VX4IGZig#|?MA-RqvNwa!tO
z-gCn@<SkRCQoKOL;5AX~J%L{?YTZsWiXIf>+|O1so`;5p*440dsrIFY@HicM3POQ$
z%OBQ>-|SDwYqM?`C7a-FjKsT+GvyF{BNB|>8%s0Y8H(X{KgI6r@0TaEOZ%X(&~dA;
z*nWxeR7hi)(xoo@?a59Lq1_5w``fws@|4+BM;5zv@ble?Ay?|D*FuQX5>q$$*_I5;
ztHI_E9EZ)k^o*xs?tV`YL@|I(kq)>g50Tgb#AL9klE6ixF@TT>!&%L?@3vp%bRno=
zP|W4GMzGqSIN>$y@}*WSj<zPc2ih&yWpsI7Zi@Kc?P*3tN3q}8FV*B5+ni*+=CEEH
z^qicRS9g7xyTSF@O^}lF8|hu3^3r*$`fqRIo&UoZ20w8=<|PEe^_HoYFdO$l7Dg-K
zwCh{V6(bt>UP-7`>inT5Q{zpC#+Xc@)5Im)c0c+%wKtiA7lX&ed6a<^^TT7^>!51a
zb3em!x*1>y2~^&#3S=Ro-I9vM@1@G~4X!mEZo|shwxl&;>bylI^nWxitf2e|q<P%x
za&Y<4D?63V>#{6yyU^{fN5M0NQh5D8qOdT$aV>YpryHzQ3rn5Vyn6yak0x#Wc_0xB
z!~Xggmq-n4<=XLb-Y)rBjv;CABl)(fUBCa^GY%PL4s-i4XT3Rw1nv(rX^A@pze3Gw
z1Ecn7m_mB?W5R$}C)I_}X?ScFlOHTfiFjVgc|*{MZLm93M&Q?{q4blL#`4kOPJy+P
z0cCI67j_tJB-&*Uv{HPb%N~g0_qtrWJPIL(-q~N@FDP3h`*}I7rZ-a`HDF6>Uv`re
z4TPqgX*DXW(0x2irzC3@kx!VtuFd8QNA}#emM!xn@&x_HIW{Nfacz%Y=ZrVH{L)$7
z;3yR{ecLOl^0N3ms#sD#_M1f}0HWCsmQwlMON>rLOkaRZU7rxopox4hpE>-wyw=JP
z1gihL{{j&I=|9}6Oj}w=Zds60ho_V4;dF0DJ01JMRNgR>(5n#wBrWEK-$M@0|3}ta
zhQ+ls(ZWFj!QDN$ySsaEcXyXzaCdhnI0^3V!5tE8aCdk8$a~KD?sK2}bN0;a-Mg!+
zt7=tsEu;N1YRQHluFQ_+WFISOkSo7VT$GsHENYa?LWs+MV`%ojUI3_eDReXx`1}?d
z!vd1~+^Dj<@d1}ss*1o0<ziS0`Ao>RrH;!%JagBz!NRX&N^ARheuUkxcUelNhx)TW
zR47?T$N01;EMS@()?=;aN-~rjaEZO{&jx6#I|4g^*SLkDyUM-Av}h@P&Fj9PWO*$f
zz*)5O?kLVcc7>&`<NW5w4LKgks+-xP(<v=rPi&!aVsKao$BQno&FWcYvO8hm;8-L1
zEWFdh)Ep1N2WPy~#xfp>RVIyB{oY?&_H(^7;kk?_&hhD+Nq4gmHt8mlsa3{@xg<-q
zeB%iD$1D7IEm`6PO^1Z`PL~_oCqs9Y=Fup>8Lo8zDXKq|AXBRZN#LR97aR;s?|24l
z3`(C%HuHCp(WWLDmSdA^?Ha=XW`RYbrLJu0x++zPFU^9flrieKE+?{|VbPg<;_4}~
zV~hoCX(wZ+xy;|-<&LYqT(ibZ2Y!YtFb;_<Q>^W~y>p_S^=@D#&Q>xK7zz53g}*<J
zCi<cH<F*hnUG}SO8BK=kQiK(9Y&V)v7EqvO2M6<tMT+sX!&pLoYx8mJ_s;t@*3ioq
zr|sxX@7GL>S}xiK-&fC%9J7jfQ|!k8PQUs&n{kf^Nsw2UyB*JG;NVTdYjGq8NzhoN
zEGnE+#DAG{nU4rK=MZ!edjA(082XF%m}Cv|ey*4Jgn<w{y-=yMfQ_k&Usj}enXfE4
zkO<2m`4fv?+ccS)CXR!N0mF$V5I>{%$~uJ-Z|F7Wk=22Q2VNa9)<dPYG|@uO9Xl?M
z$m@ie6;7$$-Hx??rpZpH&|mqnAW`f->qAPDRDG%~XYJ<#H)pG$VQU2X)Ui6v(o}jK
z-2T8iWodK5>dw2&gdArk1PpgvBDTn~?@F76<&kQmw)_X?*T2vdHin4&*xv5=6eu_r
zr`QOwheIXOo~5{Vjoao*6-?gWUI+PO>%XkF130Zba(9`zZa1P8ct}ZO5Jsi?&31+p
zJPz{1qDh4M2L~x7N2M1k-(H^s@Szd$E$1a22Lnz=xHvR3tb%7w!$~)r<UL~DzJp!t
zWjSQFO%K@q`KdM-Z>BFNx@2`QGo7zwe0?FkeZ$DIH;!NtjlHOU5@b7<3_fO-_mP1C
z)d!qtVd|}~Jd=YGLfNl#_`RAkQoi!)aF*;_OlmU`TFf6Dxt4Z~U7rO2r#*^z2@nXO
zaL;!Xf`UVt^%Cu|7Q1$)u%4@)*?V3_g6l)wIjlbHrg>=ohhQmmN+_p3-Y`px5LcZ|
zV6kcS*C*Ii9ML<*`==x%3u^4J-CEoEpn!T}__K=f0M)k|3zjOg{`+?MESXeK&40ZN
z3UE%gw(cK7^b#<d;Hr)Xn5G7*-^$|A6O>$O0IDTrza1O$BH1u{cVMAX1P9ya#&8Ln
zY|AyTd8d?M>KJL{vpc_UjV~d@db2uW2Ej6q6;#}`@6#bHm?_SbFbfx_JudMu3v4?#
z6{%Nhn`4I5bE>X!Uv=ruqt+nG^?Rt|<CHDVwdBv{@(I#tXPa$Qd|8bjj&v$Rra(Ho
z-Dyqcs$JvIx8^%_n%tY_f@i?DeL1rtR*EPA8*Fl_=G-l+6%V<6y%%JvhcFe&_(7Hg
zV?k*TQ=paj`P$jf;!Rg_P6vKcGz>Ar)E1A$ygUC&w%^}QGB(fW4yWL2p<E6ych@O3
z3<`FE!Vxp}%!X}z5sN-(=PI85xYK%<#>CN4wL6PyG5b+!Ei41tVy~=aE`DcR>8ity
zJJm|YZp$}%mlDaecRL%Sz^KPrCY8#{oEbYU6ek9)$?nRA0;vCTHo4?nnw_2E@pM=!
zFKEGcwFk^KS<}51&dq+^gr8OE%ww_l%?6shVyB(<1F~Yz;@QZSEEXl{ke(-<-{c+~
z=H4?{*#E^BU${R|p%-rZ%%k^&PZ-e81$F48g%hf0Tm=&|K!#t%EaD*)KtpeuG=L|$
z#^h>BUGl7Uaq5}Whw<hZPzDyGii@Ydoe}xmBq+UD`YTEo@?z|oYBdSm<wRmidi>~c
zCV)bKkDUY!+^~6;l_@8fYy_GQb&i-NixSoYFIle(`y?sc(R1C5vq2%rN24aGlGc27
zYspzvR);UMIGogzgia-)tdJbB?b)ifk6XA<Ris+&?v*$g1}%>H(%V@apFeBaqTchJ
zSd2=)4VcM8u7+ZB!3{Qjg-#U(bo2&6XSuL_Qm@c8LU$Y6EzR@o`%rS*$@}y5^@cFD
z=!sraKiiywf<k08JQH)AGOoE{lJ_0EiSzL|mYEtO-eoQho4t{q``^p`uUvDKNEJwP
zE}Q%d@J<|6W7~S;a!}jO_0WXvIuO73{l>C<qJ0tvgIE3iSraRWfODU=cu;X?*+L&Z
z>lTs*F(Q3d=RtczfUz)Okt!pA`|O5WeEarW#7)OPIGqP%fDSuP9I|Z4g8{K22HJg_
zHfhlQ2@e7d&3jB;qB8fHbsPWr+c)mA4W*GfXT@*6rN$B()Ug6CV(EovXJ@qIl)#$X
z0ujkHnn`fo4v(3W7cnf%5+i(C2n@DV6f7(Ub4`!ztHrb!1%~mYfT1&V+c)Y?P{YDh
z1SoMLDUvRRwr#+vB!EH3m1Gn%d4dYGW4yiW{V>V%ad?Cq7a@BF1`(0tm~l9c^tD38
zx|d%8M3FpDg=MrRH|6m%?qUaOVrEtDO60^EaajdhAaPtp(5vV2`gKdC%i8N|dZ7PJ
zrfyoXKuH+FVyVt-(a*5k3XArG55dUygwnehvrMRd5Af5^c?mmj*I7M2Y76J+_YV`(
zLT~sJ6}E4~zwY>5zNQG$^>^8#myqHC)?OyBme$yMEDx9nETFBTod**KEv;VzoH7{K
zlc2`}&YSR`Cr!>6U0yO>PCNxrC4>H%<rm%$r1<LGlCnBEQ6~5~3Kj~3f`(D`j%%z(
z2*SS}o-dE@0wBueC1l|GJUMkIE`HjLpdPWqn?gymrP_kch5L;YV|2W&s7Q0^DkBxB
z2)6gts_m9Zk=fjbn$<!|Q=#o+|Kgg7o+nBf=owGD-9CXEs~g3RTd$JSxy$oZ=$ok1
zq*%aS6z|iW>Pxt^iD-_Uq-2b`nvp87LDl=SSfv`@YM2EqCF`!tJ0z-m$XTxp=p7hu
za&Rm+aNY!7?b3a*m}+4N=e489!s2B3vM&b%&@*mjJ8Ox;w1~ydJ5+{Cj@g~Hi;dbo
z<QeSZa{eXd$Pq&NYKt~%_>61TbSv}2{ti1P^Coff?$6FSNB2%0vqKZ~qZ8{Vs7Xv`
z_0T9#t3X%)9_h4HK3FeXGu+ui{_D7>3e==fT^!4WwyCeF1VrYsm8GjA$e?X#^+z^n
z#1Ir<mKf5R`<VOU7L@WHbC=XK`!9I%jtJiN<#m1Ln?5x;1_F(Psz-&g1UXp@m4@qW
ztxn1;LSz-4YIsGWF-DFoO4>M`*i}f!c-*J}hANE|N7v`Ws@Tiy=O`yCv=lxXM|@$6
z?^gq-5>wd%5Feo|26HTzO6|AYZt3_wqCpb^%N9pY@<}pB3je|p)82#=EPan&TNJtC
zSYC6dOI8cKvQKmLQIRFDb`gRs&j}x=Eq%iI4t@IxqOn`T7n>sN+JCcb1Lw1DO>*ou
zc;K6?WDZxKp@7W%Dc=SSYK=oS2fZyJYftS2qSN9X|BN>{rZF>U?pImc_UE)`-?I0I
zBCtx3#>6F$HeFrj>@US}1&I`f@Y>CU8);8|cT^Hw@S1kqS%#V%SJc`A-oG8?Qa)os
zV0hrxv58c*In|iW9vH1RUS<s55jF9q__b-(=FNUF=b8NGR1(2p@9i|iT*X=U8Vn>u
zk{fE;9NU`$+&SRdWbf7tvaD7tBEl!<LE#|Gaj+c!(krv&C1c#S@4Ch{G}O6#>dvI9
zmvqio?%L@cm4t||N`ODRPuRJ<ZU1-Q!Tg)SDCd8(D3Z<^d<@_{R+)@cnW>4y@Iwl;
zq2Y3#P;#Nk$R@9W`jUb`6Qa7I@)QG!3#Y5lyFT~5PHrGvCJNz91|dbStD<k%L-j(7
zFou{$8@||#cEkT>(g~MBRqh8d%Ndc9Z@M6cT5OMsZ!A;&8eN{-*16oY5DtrL_(&RD
z<fHM%T?3n^Wwv84Z;C+HeCIcctM_Z7tD1m%cvJW0Tk{-h1I5|YALC)8CIwU(U0s~*
zM$CjMGBi!9{&ra^!g^iCtxn}%1#yjSy~?Rr2@GtpCYAY~4hjbcVvfTtca)%TJyr-)
zB?7(t>TYEYbAXA=3*b)boBbc{4lA_k<y7sN$2Fuvkbjry_hW;vEN6gFRFq0z<jx7H
zh#qGiHjqpykfIf|9ziS>LG8*@+id8=gLg3Y&*N9=j8ij;X6we;^g2!HZz7?#<;mc2
z^>IlVybeuM%1*5&J{gRD6$uQk>H=4VMj{-a;n3OSRA@<yos)=6vXTh==1dNz^G6g)
zpK_cp+ej!8{=uU!&WXQ64R;sjbbK4N{!^Y&Y1y57-{`cRuPnM70!nh$QHs5B3C@lr
z#1N$6rf8vdQU4(igNT8OOFWVyh?iz%_nldow1=jMPm+_U3h<ppY#_Rx>5pl0MnECx
z#^pnivb1q1L}>iVIzVpl70s1!*Lzg%Q@Q*T4mQ)f5pd0i#|q7)Z;pfp@GBJQur#ZU
zWyH#0udH=NU$<`i$CIv<xElis&+c0I-Ae(3`<8+kO6sL+oXT3eDZp#VuZKU)Qyd0M
z@sI&x^@HTio4e}uBPrfAAU=s=@8M(73#n4c@h#gnIj04NHtJT|Wll1wS2PV9MNFFe
zmjEeyjd6A!TfDck!8<$9L==b?`hz`r3Dq7X_qYgHea4fmJ<U;$Xm#G}YrWoA<}pi8
zBK3RBVlabegXO{-=<4@X(`;%kmc?ua+w;VDL;h-^LT8Xwn-Xzoc`-L^fxoAa(b^T!
z9#PA$3DA$~U>J$D8+P?(UVJmWeq%jv5@fCx#I@CXv*d~SH!yyO{~H+NoV{NcD;qTl
z&hH@x`R=fBl^r+&2;O=KFwn}wBlpY;R7Q#ddJQ5<vJhe*0iUz29&%VA)i1Z0@hbZI
z0B=3Sa|Vo}UuPOa1gi$O>B0(o@Ec3|#Fu_Rvev+7rExo^`K8CbHag4?j1B^5{P-lA
z3ESwL@N{s^@tI4VBshuNeC!rmdTrTd&2m5^&Z_I3hydzQg2Gzg<gvCjrrx|CoYxUC
z5$skOVU?_c?a=c%I{1`Gs&B3Sd4t3VY_X{-vB`mIMdb@+_P%~065u$@2vbWu#mOAS
zCM?ayh$@ffAeX&BpvzqVh`hdf+R*HIx(1)kGTsVr(pb^Fq&{Gj*TSr&9v#E)SbJ|W
z=v1n(x09cmb%}|wjf(j~d$R)ZnHs@zuUCuv?F=3Px$WF3jH4}#9BF(C%4U4=+`IG`
zvs%)*lospQ$%j~Ivc7x9ax;?(M6`0ek-M<!y%&vnJg_?3BJW^rH`YPL%k4~T_;hnP
zi0ulWhUeCn#ljx@uLWoQNQgdKw7gHH$=oBpIkTjA(y*%@ac}pc*wc`>wr^1}VBnU=
zx6{h0&*aaFq><5tL=O>Vv+BUX7!Brw?^m&DU7P_g7v@#qR8d>MXGE5#B-PdF(g-DI
z$RJzjrkAGBHokadJ3TzZtO%q86fTU<jsE)Rr~Sk7iWNhfCh(?vzYU@-*@;&7?G60(
zwbeX$lxDSF(;zEu<mLS`j#;QIEGic8;k+F4t)%Syjx^z?S{Ps&%89w;>K6_jX{|kb
zdBr%^A5`+0d~^JrXQTMgPKy6go^NAG#<-9w8IrThR1;HHM8U`iTn71Abg4!^8n2yn
zzc9;9id+t19~OuQ#gFnnLmgi}?&skJEjPi<F+2L8e$2w<cpMPaGev!?clFil?Gw2k
zx|TqU3T}N<-W-!*-p*4xzt<i1ZuV>1E{g)5Es*bRD~d7GSBhH`YQfzxfwy^yVA{{$
z>2aGq%QP&5Zjp#fXUP3~6yCbkms<HZx$m^35Ee1RNp(e-!-=nfK@fLOX8b!fQ2(T>
zAFz-WA$AO=rPipvVohHGaLX*GoAYGQ7J@F)>V7CX-K2I;dY67~P%TT(l~Hjfk6kG<
z)e;}eDST$8iN+_{s|YUq#pQd4FI|F%ltQ;BUmV6rQ^z++5N=7A!|gIi6?pbodY7@Q
zEW9nE^K9bj3RA$cU)9n&HdOaRSD6D>0N;m^^jInV%nnER!zHpvY9S1)(-!As$9Wrf
z+LI<N^=v$n0NcZ?cGV#*Om1mU>upHRf&IDK8M)6rCLZK}h=Uy#u>QCmnf+=6Qf4;e
zu?LJdGQXUn$3Fetd-zthGT;;6F1W^;9<OuORie&w@7(k3Je#nNfAx4O5_VZqT{Y{&
zM$w}Cl_mP*xHTS9K|t&py?SKlodR8y-!8mlhAdU-(pEcLl5n3BR&Pg3ws{e>aXC*Y
zUDXPme!Xq!$9@#z^I0TQ@meU&LKh8967Wu_5AbnVoZ<g2)9Sx*nom2_1mG&Z53RX<
z(p1wub?|aHsUuj_^JM%AUJw`_srP%afP})@Sk@R-K3Y2Zke`BiB=4tElIAp-HKg$8
zqNp4FR5L8iru((G^Q`82zSLE-w5stQ(DT|#2CGF^hSxc_%VY+vO|s?BxJYO#oiBzN
zxfHzb><b}L2kxmSEs+K~aX}z0r?m5bspBlL!M}lV_e1U28cTwgLUK|gp?+;Bu+g|D
zAOC>4hAOtSu~H^$PzX-5cV%(a%Z@54CYt-IMr~xZsL?r~#LVajF3nz6s1-)qzUE8O
z9>IP}LoOl)Qj^pvhMQ}ES6NCgCf$nia*xEw+!hN-88-A)jB35nF{Tp1SkO=&`>*&l
zY%vJ>v_?yl#48?jj@mtY@kut)XDSO7A<H-=DweA`!^}&{_KCgDk9MMySB}#%#`INM
z9(z3(y@6Wun~I}{QH%9Te`_={<}Vq3ONw?&uvU=lrg!IAJ|{@w)z00Wo4qJ0Wv;)r
zpj$22xpN(xXvR)dE<46MLP0-RVpweNdT1ufT1O$W*71;HYCeBc^m?KXDfQ8tQ2Fd;
zlS`$kCli&-Ne)6fcNYU~t<J6(qho0~+>C5-OxH=#><w?o>$6cPyYGUR=nd{DQxvPt
zN14bsA@OL-@e~#d;46jR>N@{JwHFWv1)k&J|30&^?(~QvAtaIoiQ|>*NUwp?iY~pF
zW+p;gj;aq*h8778PQaXHk@Pv=nUfGT&>W<Iv9SjE7CA}{FGvDW!%qY+X?z>tQq+@+
zJq{+8osni`I_*HS^GaajKPh>BmJ3jqh|R;pxN8?T-I77#YEaIr5bSzU_QM^9b7~nE
zbqv3X%fwu{>N6-)vP6`qb?ji45+wbqU+F2L(*9h_U;R`mp!r#aH&R+FNl3tEo{kh*
z#~XBA?wN`ARAzViz2(zDztrK3&Ou{PI-Lb-x`KFOV%cT=_SUMwC1rqShc$z>y_mQp
zPSXzJpWlm@?)?Qbt8tFWsHHv5#h3fBL$ZvWrWGNPaLVy50#8-gxSheZKbE$giw%LT
ziV>ll>!HZ+WeRtNkJUgbK=%jmiaQo&tYvCfTNQ|lH34Y-M03dF@%Ffn;O9&|_jq@D
zz;kg{{=*~NZ@Jkidq>ypU&2N%@h@DTchJF3Gr3X0VC?QpLO2I_hxNpG!4BJ3?8q);
zE|O|yd}CB@PmfM#VkMoYonm)K2s>q|6~HsqcQE?D5&<u7#|++Pzsz3+U=hivFD71n
zeIu{2()oSvd*5y@t5PX*d^%GXECp1=(PBQ~l^|PeE+x<GlW8D(iOL1Pyaj#P=JTsd
zTuu!vyHwh!bx-m9$c2mpU~;y`?zAM0$a8-~r}%6|P(~joLmIUrxS>BA0-G0)soMH<
zF<Cx~(l&`K9`a+=eR8Ex)zPNhq7q<Z$c)OzH)&kz>OQJ}Dkn>0HYzHrMS<cu&k<93
zTzxF7NOUhz?rEPLm}3~U92B%-82w3R_S-j^@_rDm#G~mkrTu#{*5#@as?RfuV4qGc
zz2|+z5%rx!Dq?wd8KW{wk;kx1!Lg9feA9w+@yQ7fvK=*ZpY%iP&VO44CHNVPqkHT#
z&XNs`5US&j^3_HVQl^^Esbk?E9a{fJtgVK=avsTN%i>jD0tQ&myu+vVhxiS05}ETP
zMZVBvs8$i5>#TJ)2Usjd)EhEWEwGM6k!HG2uy-kS`SiLNa+Mf6=CCeDX-8B{uc<or
z%;n3@?6Z+=#pEGkr;*UD!XsB-Z2}(>#0w@~M`dMg;xsHed9}G4so{5LNxS~oYinmN
z1;~x2(Fth_WBF~(!KN!G7KzEkW5o3x9+u_}UZC_(q%S$0Ml+s!->Qf-q6<=&Mv^4r
zrC)I4zOT7@Uaiii)Kpx0Z3IBqMEfXCH+$TlRijJAoVGV89?;)KswgD}mN^#`^Q4wM
z6}A@eNM>~(6@ph`s1y_tdv9t@wJG=Q#F_~fP?9T{e0P?q;~P<{=11Byh4xeZMl^sS
zEv+7%OqW>4^CM4Yo`%Eg&bF|E$^fM9ckZ>$%G+eswb)9lf1?LfwnP`p6JMxms@?u<
z<#gzuV{b;_@M_P#1<U<G0sO%W+5;o}eS5bCO=KCx=?i{@zus*FXwmZ{o~6i_1FujY
z#(*gJqYA_BIajY=RdP*J8b=5H?0ko#fd=EDEMaPQ@lD$)g()>RH#W<mYw1fB>Robm
zktf-o!Xg2w;iRmXU>0hO$iw(gRfXQWjjU<970IPsNR`B6c2dIasF~zq$00$^g{Xp<
zSgp#39b0&0FVey|d>%DR`BHK+i@(pr96ByTl|+hME%$5IU-me|I^jefs3N*v?OAvp
z3a{168oXT<qkGYF0pF<*#X!q6?h>#O=&&&R3;JI4q3{HO7d4J^l+=oFICS&?VwkZ=
z@o6tEHbhU9Vz<gVyQL=fx6>q#<O>=(jOT)!V%2ZwVlzLxyP8WatQNbLm`in63(30J
zB;1F{sll8T67g~?AW^H>88KW)qLP!%V>0#vnG*h#bvjmfz*8q=3fhTy@K*h*-s}I!
zw=!pmbZya@jwsG{#EVN^%f2)cne5Ukq@sK-xA8KZ5bkVT)%E(-vz2cnG?FC=vKV-^
zd^X;!TwOMGLlxZ8@|kxdeknGUVgA#u-9VeN*DuexYHD1ps?ZP;hpyHMlDO6&8qm-9
z)k<C-q5RyHK92ZiiLIvIL3Oye+Ex<y{2!ZZDFRrje>TU#)MRL*OgWiR6=}c>tN^UJ
z8gaF|Xd*GM+mR~TcZPiFzLd2qy52Qd7D-W+TFg34DWL==vfgjf^C=}Ixej<VJg73o
ziU;zGQv%O)z8676*qMTFmvIxdg@SdCe7DD?j&m`bI7ZrRbP8KzTZL_?hPQ__S|qxu
z*qcAdJW=6O$dKKG>$#VnBt1q8@{2q|CKHo+FR6M}wn=DXlaU4phUtgfpxjgq0-ik=
zg15MekTr9~rYLwRl(m1UJQw-0BQsJ1l%I0FucWUD5wvh`)}mq)4?tZbJ~G|XC6dyo
zkp`VL%F^o?7WoPm($_NA8klI*5x5pMpA$X{xo8u?+(^oLE)^wz^vp3E!&K3giP2qT
zGx%ljYzmy`=u}QF@|RjlP&P#WI%u+ZKRxU-N<&BJ&36O8rutOm==(Tkz%jZF=(;8_
zQA=>P#eyipKGGwJ1e=+k?tU0xgy;1XRM3zfZLm{lC`zXS8bIj%!AkqdNSl?2NqYk#
z|IdtEqd3A2X9!9V;USXaQ~7JszALjeuq-Ehw+i`EIe$bRfGT&JP@beKToiopIYiqm
z6}jYh0&<CWBWb=i?W8tIW8nO70%;6#IfmQg0f<Abv|ZXxTQ>ZOj9jvc0rjb|jlNgv
z)TUUQwzCdgDt!*N?&*6QPqk?Xzn14tNfAMa>0x|9aXK`$Elr_7(Of3!ag=&9xm-zc
zF^<vnojilyGNFb@8#=m{Fi)S>&2I;oL0DKU2WKp6S;^7HQ0N(Derj+}+7?|`bj@mP
zm|LA%q%D>7sN5R$Zc}<iy>jnGcQM%xsSLEKEsbsKYdh`~D`OumeDtud`DzUf2z7&t
z+Fw<_joitfOC}trCTnk2y_`|ZQGihFIvo|Szd2#oNl1asEAfSwpvSPqh6pSZ$bdF}
zGU8gyDB(~W)ZtsLuyMG*@NP+VSg(Xc6_a>3JSVT9pK>j}dCpzz>74!`xTN;%lW!Qv
zLx<CY*b=|#u+qZCg^Q`(i#R%4@2;l58=Ob+!#y4%^nzc|2ha=XzUDhEBo2r!R9YT-
zE?`@}S%0JQ72|_Jqb_qc`t4TLx|+kRjB{%<noK>2`_pDTwi+PV;pDVV@ORtv7u^^a
z>Ip+CIuneUg3l$uB65PPaCBrN>4&vIbxu}Yo99<T4quyj;L_Il$=Ewobs{^QL|mL=
zG?TVL(ToM7)#b`>y^&g>?r5W+<AX^6<Ec%O`kWs7R7vKkoGzvy`8t2(DY<x%t=#-H
zR50IXMB}y{cMz#@s|Rk0^Q<SnE85|CZKY?!vt5rTPoN~mwd8wP7I*6K+&9{62Fg1g
zaky1G{aLN-aWeyu)saaX)V!p|b%9xUavjuASZ*@wv|4gMZJmr=(`?KGtPYg$BQ)+#
zMEOP$3Hs?nzk!*bfkGgRzMEd6NT_Qy?7Obb9@}@T4)MA*Gp@O<0RCIi{C^#zn+@Oj
zChHJ*Fh@4wAmd_`NZy~@ISYDBouKQg^PF`(?bES{Pyy86FI3@AmzE&Ku3%@MicgkP
zZsJ4J1&-BqYrEq8v-NgOrG@KFv7`9(OLa60IajH<qerCVVnmm=R&HquvSahd3`nc=
z>#NSGag(u_Shq9JCS%7PfV@9d08o>zB=AnxLUQJ=$^v*;;r;v)d*q(H(3N|CewK`7
z@RZ&P>UEpO5LnGWpNM<)t+=)I0l5C_NUOy8s|bDL-?Q+EQunyR#OHw!mkEEP1*Y9k
z-e>cVuFqrmo-6Zj_P4Libm@?cw`Y6Y@2x-UTCDRHn2foH=_@=fB-N!tpPN{8xQ9*M
zx!$z%YHH=isdw2`xiUd_fX>bUpelaPg?evL;XU_rXQAhvuB4=Fc_k5@=`|0{x>By)
zT)V!)p%!kzxqNBiU2^Hwnp?8P@lxTHZJik}kHwg)tL^a+4DNdDvLo<cB5z0IzgtPf
zz?_oH|DoRQ`Ii&BO{fPA3?vQ)82$Ic|LnZK=s(|QQ$c<lVK0bxb^X6C|BsJ5pz!Mk
zdVHbC4(xyQ-2eXR??+15zm|lGjDX-@={x?PM{kt<T?l2!t^cUTe<S(F!H5v)p(dt;
zm6ja(f5*c`1O6sSzxnaJZ=b;3<KEGPMic(MZ-9!w{~5@WQC8#J-0A*Kg$a3RNlarK
zkX@wb7S_W|`Y}?I&`Gru7;s@>;l0yg{vX?;JpcMMhvMJ!^TA@|W4`0gl8}Odf$7mu
z5vV(7l)?w>?U}Q&v**;^>53u-oc(>@v#-0O1gzlNB%n?&P8nI*98~9Vs<y~~l>GPC
z?<v;;K2O9nG_a_qAj(w`5+Pss^0Ibma0B!{{6pm>3=)#0oE&_1@ew>W@=%}A-<e?I
zT8Tr8@VEDPdwVPU`LplCRw6|c2@>Y#=i9UIi3Ofm{?GdgK#TT2TO}bO(QI`lmx#rW
z_=soF+1c6cWI{WeH8eC#UY~BIq@|hfJt=o`Hv+gMoZY=?XlWBtQbMRzO44gxwq2tA
z+pH-+|CJ27CV^6vzxp&T9$rF1LcnoV`=oh$;eS%!{PJsPh|~pOUaC7vgGxXU^S2D@
zxCzaXH{>Wew+2>9T>SHVg_cPL5d-2*GGc&D1>VPt6yXuKejN()xA(phuB@(>G&KCq
zyxX3&d1-WH&HHz*1Cm07Sm}v<ySmEC%Y)(^hH5`z-+QN&1iaL|ygZj{ZY_ve(KdCk
zgwJAA`u82DB>q(o)WRR@p%l`5Aso4eQ<&fs5ElL4D7C&kD1z1g;8jQPQqa)yx&LWD
z(y~o0;(yV;gZv;x{2{EkUrgK-|L(v&B#x2D2l>dyvNjO{GWJe~=rKxI6H+M2;-j(B
zSmLYHVLeu&f1icmxlr@}uVjJcFPg_;vEMfMT?S{p__T$_R4GAJdEEHC-zGW!>PAyc
z%W?JJp9}k!2RpMl(KgwOa6!f*ft3eqVpVJx-py3nt^Sz|_8K+fOUGN4#L^gg976jL
zfj8gKpWDAm$At?XDbAyvk>v3v21833IVpYe^P}ONWDgDT-2?NvJ@o4J2aBw`{=#+!
z@`KM^tT=T4cHN}Z--k;eMw$HY7E52)elO&A<-?HVlU(p4BxHqED&BpsKgD8=OZkSB
z=_*bDPVm)`K3sjVaR?F4PmZ<N@!{b?`O;FtOq|>M1soX_-*wrmd;kOBz;)WcfqeiD
zrtn)6>+=fr|J3)wNkm8_Y4%K>_Og$*I=`r7?WHLd@_L)>-OAop$Vmz1r;WAO%B+z(
z9xT5Z`2baQ*%32=MlXqD0dh@X6@M;O8xaOimnu)D&FE$M(D}fa14CGzUyoH|Ri;yX
zNb~KrQt!+q(4FK%Wc4;3f-IdWOqPNK%yv_?nrS1c*9@lDt|xR$EIB!X+Fh0FT5xyX
z3$EJCmKwwJr_mhPONL_&<<`E-E;)Y$*RHLLVk9WBLDvMA3rhO;qh3#|N<LZp`P+|w
z6g7ep6P4R!@neJSjxTg&Hx<_rck!R*)tl#hIkWmw1|B``?z;!tDs$61e&hn`Tsy8i
zx<Oa+C;fQu-cZ+A)z-Xr)LOVrwmJds2DYv4OJ}8`8wX!JCUnZZHS_OP2|6=Q%H+Me
z%3Ww&b{<861T!_j5{C7ZuW-Z5SbL<LdFsfo9QT`|Y_UatQo>v_`|t{-y+4m*BA(Cw
zE`rI=$Ch7OuS?OvXz30^ZIiA}&I@xK3`%|YbDDuqXY!!uX8JiLFPa6dqp}VFo+R&i
zKCSSwK#R5ukH_?JG^gG9I;Oz+T}QW98KM5W#}w$!t>Iyb?-|sv*+{dXl=ahOE@2<Z
z$YkuG%-OpC4)mPOUtLH&=Q%sHfFvv&VCNQVdyK3n+dn69ykeR~Z#_4C9L~6RS&=hB
z_>{|@=l|Uh9-9My24%By#RD<yX-4Kxtd|XMd$WDd-YT%=q5w{dGyL@VYvVid!+j*b
zn56e*+JG*l9LTQ2Gm>y=J@#pX`uL3pvQ4B%AM4K2-cV1CE7rx`-sbISd+b<q!3S=A
zv<i#r$&uGkkKa?4w;H^jpfb~D5AIP_gV$}T%{k}lPZXwBb;K_Hd#=s)H2cB+zQZyy
zLSsJB^4|Qcn$Mq8e$+3BrUFqO`r`+iviC5pK+l87@}%^|*u>K@Y1@$m_b>QZe=$df
z2i;w?7=Qarjzh45u#kzl36QS_4nNaPlm0oM&ca?}snHazlp@j>oo|o1`!dI(l1Pk<
z%cr0w*JYy4LxM?zawhBNp}`wso8!FFOLgZk$iuVC>Y<;BN5BUMgL9@gdC<{X{#8lS
zZj4~tPL9GtiTPAkqP$mS2hlu~mFqxI@MjrVyO*YFT3^I5-e`*{ZgqRFc#tnA2S=aA
z^SamVKvt|ebp+4UN0z#)!B<M^lI)ybtbI#wKRSMHxvSVAi)~-$+1--E3lhBX_w=;?
zMwzBA|FOheO=UGv6VaL-)q1R>lQ08^?Z~f?xe{u;H(`>NgSzr@!0Tm6@w(n^e^YV9
z)TV6?lH@EhK^i`|9?AFCqSiHz(vyK{wPF)Ki)w0W!hirU%Oc*ws%`)8#QmZlM5nFI
zP*=^lNKcg^{u}X%G$aVo&s+Q=Zmkc~v%iPe5jrd$RGhxBEtFJ|tiruOfJZAAo=0Mp
zn{=cHjzefo&i>(F$?Jvy*G%)NqTgW0K@N_ONB*sTNxx&tk-m-)7t`jz)UQ82wD^9e
zTEA@=xB6kBKMXzlUxEDzZ@-Hb61q3xSFLMukdTHz#=;0a&EhO<DS%3tVa8_jpkjHV
z$O_XD)njJ?oc=oF*D9;B5mR-=4~@Z(NPf@{wRh8E=5PQ7wCtFo6Aeq4-+={(4jB&D
zpd73-!aU!d^kC*PmRCrK$vMCial`tcws?+1N7&Dsi31ng-0&t2LN0ERM69);LJ<gq
z<B6xvC?waWby^+l`{ogjr|~gE6b*dW>k!m-7@Gj#p@;;bWLKpE^Qx&v`?06Pqf5{N
zQ^<IE(Mp99`5LBWo81o^0w<H);SayohL<|gpkZZ@<pm^T34@ASq)wLGP(XllW}jxa
z?E<9Af_<XJC_50K;CmUmaQ>zg5!08T=Teo$J7E=30(W~*^eHc^(omC$v6l%p=vzco
z@7=A<G&*KXx}u-0b~jkDnp?QMRG;HkDl(pxM|EXY55rX#C2ttgHs(#FY|pS#;S4WD
zHj?$$P?(L1Xl3d6non6pRelHw<d4H&jt7R2N*j!f)ICj=I<@bHU_tB<3A2m@{bBGD
zmP|x<l_tc*CxFIQlVeQNQ(k|Gs})}6&!S-n;<~QEy|j$HXj-3lu~|%s-79q>2!LuW
zSEIDZI6D@WW$}X*wfP@qq_&$KOHrN=CL8`>_)*%B56?h#Hm$1GAB0}+r#)4xAEo?N
z;;OcMP)InDUDBNhF-KRZwktJ+OVC#vvLvL;#Yhsd*s;UYhV%9!leu#9t3g|{&QJc(
zUm2KjK1$<--Fy+<3Fx-@u)_&#Qc24jU{omcqD}~OP?9nOq6MV0%jsN*iL4G^YaA9h
zCPBK8A(G$U{YkKSm=FZy-E6%GSne^1yEK>tG;0^Xs6s%&i;cYTTOvjbhLb?R=bgYf
zvj9wns#d9}%Y{5l;aQ*%Mc$*kE=VyE*i#l;oX`rw&3u3)O{a@7=0tvE6vf657e);g
z!A+ZtFCVzPYlwdpql>}s+VViklkBrUx_s7FzuI=km>k}~cT&|!8x5dJ<nv+^I<OA(
zRkYKi%+47Hj~cV45AecKOr{3JvE(E~s-=EkbJv-j^3dsD37ii=qu`_k!<Fhsy9~jX
zI&TK;g<8|4KRbxs6NM$$P`q3{uMYq@eF!-XxG_SwGc@aLaX4&O0)H+;i49R~%+gj5
zZtOS)lYKH90DA0KzHj9K)<tCvxhUka1K}9c!yVVQae-*8nmJ5#Je0pV7;><jEbzfg
zF~GX3{a%k1veglFw~1^ZP0c=ByZ%@LUMBPLbdGwr=d2n+UC?~huNQII8cr`kZEpx<
zLR9|~Jy5OtHR3OdJ7HZp$U6)BzU=q$Vn@vWFgZAkl-tEDjo4_gR}|EPI9M8FhwfV_
z4*RL13$>twGO3-@v0r-xUW(#i&I4DwWunLheStMz&lI*x88JJ)R^hNn!o6>D9d}3N
ziwQY#>FJiR)@BceyE3Z3pGkrO^970Ik`o?3UE;D7`Y{F3T9vQ+VMVD|^}f9VFOU$~
zU+h2)grNJK%rFx%OJpKX*~`5^42cH^tBQdqBtapoPR5XaHc>%`bNdc<0E4@!d0|P{
zz(q={3oDDum11Hy(U`jT^zyyAZOLp6XEprcE34f4y{$nUx64~hN1gUfWP})SQ@BF&
z5iD(^AR#r=U!I6=@c257nBfOfBARiH$(+PP*ieCkGv7P|5PEFhUW{VsN8)KH%5zQ@
zhoR1%FWD`LfKl&DC+s`WhPl9NptrP@Fl)Y2!dHzo<PjeBs>{;cFSUac$z@$DFxB7i
z=Ib4~ZtZ%Sfi$@d*UzZ??G!A7zSIicUt*GlKe|xMH7doV-B>T>ML(sGZI+XZOni`H
z8ISvHuWNRh)20k)Dnb_}He>1l%t%QZ84I}0xj~%9y<28nHH^?8YAMR1J5F$3=?pTS
zEt^YT7cG18!2UuMe<)kcZbYE??w75f2h*FRD3}LPyHRU{S=X2a1A^EIo4t$eUbO1f
zpwObO*BROsr0X|cXq%>UNs0HjFG!H{DAm3Y(0BqIJ}vOouls&f<#r;~`plLUKYE&S
zyrjLjMqOAh_g+G{JPZX>`t=Tyn9-@3NgnRI^@Ti?{fdgoh#76L_82^%y~;FYi6g@!
zMS#6vbo&pV#mR|_0qFb3<|m9)?4w{gQe}`Fg#cT+dAiJ~4sAbJ{Z|C{V-5P=ZiBq2
zBXfgacaaiC_8h4$YyN$T+SXrj%YJwE+n6F$mv_7v2TO_-6nEj;aARGM9!=+6Q^#*x
zr3fJ<o}DiR``0d9Esso0h<`*$P>M!rZZpqa^kYK&m2f~HP)bIIMIFMZh=uaHP)7{e
z0qQudGX{<^FXX`p&FS*jjON|oHI;3|&<z~rcaL`l@8_=Li-)Pa-VJ874FiMlq3%n0
zTgKb|;<=JfYL6{WH$Y7-j7XQzn_kAQcYeO-69Z<Kd4hv9)VQZn)R)8Ow9Wi|fZ_3R
z_t4li=T>i6ceIr1h7BNg0Ik~><25u!H1ENZ?{NnWo99hAnjkyy&)EJJr=KU7L)BvF
zrHMqL<CM1dG4Hyl?y_b!t2LEfbzM)cuJ;M{;Zpe}H65LpjLfK!34mk5Y+->F3(NwH
z+hu64Vw;YMDI6))Q7(%aO%(cuz1&J1x{hf-MWZG`J%Z#=`T%1c39#Z8S4;KfJHO7t
z#(*EAkiIapabIHD#)AqrqR?y)%APRVpjzosod^wiwFz}dja8ang!F#&jttXBh`_4v
z`N)1!l2YX0O{UJM7Yv(cxpMhKOPBn*qQ*h95!nT+x`db;GDz7=h2yRTk${=Y`(Sj3
z2n8pMwz?D72bEvo(W}{^=i`I0urE^Lw!{oB6ZpNieV|f_n90QKqld*Gj$}C=ENR=h
zybfr`Tkqf8Nld#PwGvc}qpMMzZ_h*(Yw2+r8U}GnL9?3mpLGOuV>Q;j(?kx*#2&-8
zUjggFs_RBAo0(%My}l4Jnm6;^wXx-Q{ZEuzJ#U={IRfY!`fl7IjvLud+e!;%LqNDn
zF_f}$0sn*~hQ7~9gQQ$NNUdJYcp>JyM~zaQ#x#jf2)!2P1R)QLRP$gMnc^NMn>^^L
zxnTmGg|&cvOuA=7(#cLkD27ZvLgAtrsd8C0d5A#mql>phaVjg={!_r3RC!d`U@E)p
z<x}A9Fg`PU{}Z|AMX{mDfeOiLwpws`bvsI7Xi?T<yn@+PBezS9$078?PQ_SDh&{Hq
z4leRMEsTb)8@+KspFFqd_gl~!K~}Bzt+`yLF9t)l6uG8Jw-?;rqz~S0!%wM2hVi8c
zaanbfEpiQ$<)YdWb9r$Recw&)iuF2znYSN{?GA#2dXDrA0)Q40L3?i;kv>u-E$>fJ
zKe#B7@S|uMvm&vzkS$SYX{*K1>2-FyTtOE$5+1fJ=K4ScW2?>|J4d!u^k~9hxjHr7
zdtHLBzk&)K`)|``moX+TsruWm^@j@X*M!%9gP0$;Xg9h&z*6mpdl6Wx#B9;^c&*E8
zGUwAb47H5>XFF^=?$@4&vDsnL6!QAi7KDB;s2VMKxk&Hp(UiX?$n5g^pHh$&ZT}o&
zB<Uvk)d_QKsRq36R9p0##D<rZ<+xcP3KRNhrUyGTqOL8zp0<#LDI}nK$??%YUGVV@
zO)4&~?{-12-%AO>8`p;E{g1`PxVQdX#~EcT?k}4znC5j4eu|0o5RB%jzGx?iiv=~J
zg7=;PUHFKeeE~Pt*|6-OT_XFz;F+LkJPVOL*`7bd-e)m@i<e;Lj?$+sgYI_{eNF8s
zjeYvwhKNF`=Ffn2A5L7KmQ#Bd_Meeu9xD&Txz95i5Afll{MDPAhjAYSc)p?K7W(1Q
z!BoHJ|ES<_JwCrLG9OMpw6Y)u%mw@fH=&QJCJ<5L^K2b8$!4FN8%r9+Y@LaU=G<t?
zE8tUHr(omGLTdITPC!`^#%*cISXfFASCaBU7PM+=6~$T|2J2n%SNRyX(`8&Yr&*B%
zt+&`Lmi{P0;sV7;l{B4wk3yDWFd7lgaIz>Ux#KAgZBnPUZ1!xs1G{B~V=^Rh5@7iS
zGe*Yl{Pg_JvUQ_jqqp)3k}N4%sBOE7^TlIo;JC*&(d7z2HTKA{a_Udb-&1`wl%qvR
zHLB+3o^W?XfwitN(gm{W^0k6cW;ZIBNk~@r;vQv0){E;eLC{LNS_%X3i?zU@OS9DK
zI^77F2qmB!#Oji9t-T(FdX=^)prK1DJWllcjymkvl@sE5N;u4ZEbC~Pw$u?Pwn-@B
zucHb%bhU3^)jMON)YSLBC9B2XC&I!`>qa;zPx(VEc}-Zqa>3Rp3luF66Y)gmjTQvC
z>d}a)iaDH&tpvQb<E)FCmDjbPJD1Z^(LogXr{4<WCR@|ihE*xzh)PU14i|cd>+|WQ
z4#p6K05s<M)RZi|Yj+VjoKLW|b$235lyeOgreq9R@01_m&R3yLcJ*g?ynUXK`VTf;
zix(3ul0$r!o?9w#LqmVEXoIU~-3MVev&TxF^?I{K%al5!8PVB08NEr#m$2ZUDivH=
z`cPMXE>Ykbq9QW&KeO}=x94A%%DW!K6znfdMk1e(9k4h!cwDvJ+uU*a5w83=9r1md
z>duXi!@=h>_YMg+hY0_*>ISER_{=5b!qI)N&r+E+OfTfs*Im(CjsOxPY_BumgX63E
z&JMoN=(OtZg?Xo9&PKIIV)?d)8zQbxn`4#<TiL4CcD>#JKYZ{U62s4W=O&<EXBD%x
zJI!leF>axtHHteNNYghA#;zNdk~~4MS7nui1eCb13>0+U*9txUQ8i|(G$;Da@bs?t
z74#qnZM|+%I1L4UB+@WwlBlXkSxmD_?!+)(J{=XEQJa)Yy9UB!0^NY}^JmNw1GWfE
zWkGGS`^{Bu!QKg^SAT}&eSamQG7DWvF;zx1MrAeCkge68KMM*Ho_S)wRn<tM?^j0V
zsy=<xn&oNy!H!4Yt`!@WF=c!+=`ASdspML^Jos70yN}G3^B3E7EjVAc5BnreIEYFm
zl_oogUV)B17ACCtDU*h3+<B&qixbYFv-1<V8iH=GycqH}eM9C>CDy?pNDKf*4s&DP
z7$I=x>uu@O`;(siIt<At<WNf-kSf8(_B5SC5zYXuimAPd@Dljd@hut7vh(6gmS+v&
z@?%+yYWa#RfC%P#WnS$}Ooo1EDJ~#!Vq%3oq`Ur*<>sz$0AAA+URZ=r`-mo{W^^cl
zx?1pQo(ewwB(eZWZ?>ViBLb7df+{kx2~zL2vn2P`j7U`ErM1x(2BgyMV~HcR`O^<q
zZ`6~-=tK;CM&l`n{M`7__$)V>;}e#A=kSgE8AgKZKmuM?B7#U<zFLX91=uQMW<oQ7
z@{RM{?l;@@W?uRygDN%|$HtDaSrkIt0L4@ALa_=tWHzF`#uFrx5?L+epER_~E8H(H
zqRhb25UFC>^dGY_m9e|D<#^Pl!8j{&7azgAwqyZm0XCXajJ37~U;9`MHBGV1M7E&0
z2Hv&oqkLJ#4^c7f*ZLpm)YOK5;<gE8KaT@ss}610Q(BO<QM`S!lvGv6Ll<c$%Nu%C
zODz9H=I7mi#?p@tIcFT`;C%1zQE9V}!4LZ=bCjZu<dFRi!lZ|j!So{F$0NXYw&Tkb
z*^65+P2Lh0ywy+0^~jZ=af9_hK!6j+-gc%b=Z9@l6JlfJ8*yncQB;zL?(abk9y5rM
zwqVZ-EYrP(Ef$f9ih!hRox*RESZsP4gBy>tqsbjA5>=VK2EDp{aSim}i%aA`dg8_z
zncjb~v%VY(VYTmJ%%kc{BkTaNxy`6GZ-=cvW6l<ME4CD&ri~ws30<%xJE2HiT7iM(
ze<YiIrOmv#Mz88G(@JxHar$0qtauKsVyCacWfW~qd8Js1zFZTYp3li~Qs}Gr_UaaG
ziXZ{nb6rhf!Q}+>W<3bloiC#RIx2AkE#LbrBJADembXB8qjAz56=ERoWT!-?t9W}(
z!cegLAreRPzwj-q4d0}*y>`ftdA#~gL7QXIQ%z+Zy;$+{@xm-sI{OYF6zU<YYDPD-
z-%@8(i`z>ND-v4%XjrPGC9mqFw@KFyeQO^T1!*0Cro@1$YtCsJV&C#drM!ybs3Kb5
zu%EP(z}`ew)bNc{i|z8Gs(YZ5;Sg@e#Zv((kwnvViGgXncV^s(!)egSED=#5*Y7{7
zq})DV29e~?g9i-HI$V>0VEP;;h^chGMCV;Z!C6&p!6LMkDCB=EiLnDzb1R~Rw6w@8
zMK;SAruwfQ9r^`12%5*!tpoSq>NuFycm3=-!jzRNs_64|G+0xRYiaYBgEW{9o7v`Z
zG=4;t${z&_CS2Xn`v(d!ZL|Eew&53HO98w4T}0D{-uN(k8V;+4;KD!can$&APQu_c
zEEKXJGBRytf-FrZ_a`mQ#G))Vl93Mk?F6>;LbF&Khg<R!JbtVW&Vja~Vvqk_jAq*n
zf!NRhNp8R$y?o=&A5zzF=v&dzu*8RJe2~lj$o)&PwJ`b5x+b+5%Ypn<^+w#m6v$>8
zbO}om;c|Zusi>-boiF=N5E%8^u>pzn3&X8?!sO+GDQJg-=Iyid936}VDqXZ32x@=D
z$pxNyez(m3G9K|>?A{P%r0XoW@|@zZ#Y2M(;;8J$s(OVy`w~9r*Yyl6l7pgoLKs-h
z^ZTMoFb<xypIP**F3X?$JOPNgV)i?<mcwR;e~T#|)_yW!NM_3*xG|km15O2oS~Pck
z(oXh@0lT~YTrlAZ0rzFP00RU5EOmD(1n<<Ncua9L_Kf<cL-PX$?9=I^M;Gn6DY?tJ
znHK{$<fJKNEQ5T`$O`Y8fch7ygWKIv*XN>_PgUddGxVip9g)5#LD5(F&YwSvqtlr&
zbCE>???MD$_GodnZ|(gQ<|C`!DI$#HU2yd}Ii_FDHQd*X=zjnCgDb37eo;4>?z4eJ
zyZM-3Y2dRI3qZv}^?+D($9N4GJJx1$oF*>xKCntrc*`miV$0NwR_D<UxlV;eh?x&t
zGWz8+9+}hhE5$~`*&7ldsU4yVrO`}&RbfYg5tWb!h*u)<bw!IBO215EvK1m~6To1S
zD9o+W?1jf(R{-P@l>Dp^AqRTZ8iDM8&CQ~3fc(Fn$#BFAFSrjeAf2xiDC<}=lb28w
z{^Y{K<8-*6W<oO3PP5FJ`6l<us$2s+#kB>w^kg^t1v{veC)-QX`_~fqwDA5uBLHC+
zx=f44QPLiaew+d^zmYi#Iv7SSTzOPFu>a^IKkX&;l<&|j5FInzTVlrxI!Laq&f+*P
zFe46kiDgiGeVPGOe<@e5l4t}M)mA~%+s3uroIW#q3=v0X6Nyir#Y&=-FDgLw4+<d<
zk35bk+n}h>Yfb=%Ul3VxAh+xKUIZ)!I$_71L^Z+Lk8P)Yvj17*)Gwjx$XC?SFx}UX
zf%jSUIoP?&i%!fmMEJJu#bdACy|HezVEN;KeZWUA06vhkn6T=1n{)#c?s<nr5e<Q<
z58?<g9nLCAW=<8UZw0%NyW@@X^DWk%iFtI^r+c~l`>}`tRmjuqrLI!bP2l%1e31hC
zWsHEH(UsO588@^iGx%S-3oHIaFYAEX=f=_*Y~(;30AEC!?<4k_uS15?Ab%7XeHj(w
zzE2A(h@*P&fVV3EW<Pp26pdtfYBlbDeUsjQAsXo%+T07!?Ff0b_SH-z%FsxOIo-4W
z_2D><XmDAcxAoM4N~9Gc7ZdTP74SDZh7^+QpFiZL7t^=WzA1=y2)^K#ObhQbhd59l
zu|y9}sDHhGwh@FgNBx|X3V^(M$WDiu0^76b&$Zo@Sql6tLad>q2Rern?OYjgm34|U
zxhDX#nG|6V*M6vMF^UP+3!|7^H^Um^D|u-``1sB)hMKwfm~n+#0j@T}ORHW*@U#o1
zp1%+Ddz6L&5JfahQ9AsKsJJxA6>XN&D?+^@z>spUs~dG+t`)MMH4&tq#vi8#o6XK%
zc6VE`*xV>gUYN>E=BvAeh!iDEw`wJz`6iHA9{T-2h~sW&XSQQKT1__X>*diHwTCn9
z#un-}rm59|rh=>x1|Z5>?|`E;+Dl38v&L|1j;$0KLyKkR((6Gn*8Bh0-di@;u`CU`
z7Nf<?%*-rV%*@Pav1Bom#mvmI#gfI0OU%s7%(!&rbN0LMMBMoWccvphbVNs2b!BH)
zXH`B~72X2|m4=lT2*!PNK97l+!-@w7yk)^5Nt}vZ9kKRWtz3O1aqTB-rG&sCr;ADn
zOpe4bG+3~^i+~=iI@eKD-3^PBh{^kcXWH1PciY1P+w5X9wELsS>(SZESg=C7F<9qX
ze-QIDy60)#>k9bB*;2TqPv&&Gt$fk1rbPHttG=q&Bau;bB7pm8GAp$vd-Y~;YP~FC
zmBQw*n6|1D@;cr-t=s|+)3%;FLV70Wj2oWE528>UK?2&u>`%0VQUhaE$C<8OiOksY
z<B0S{6Qf@TX@bSoY%_6BbADT`!^J7pPK@G84~_Gq-NY{%NS{|62<rSxA>IDyFBl94
z!GS^CYY*HZfu5*!ns!HfGI2Pnv6u$Wh%d2N<F;-=iX-a_H#8Z{?QV=Te$=Xx6x)86
z3_UVyS4185EMQ%<aUEUIi(?sLJwa7LE|G}^mWjr!G}w!#hriZxK!ZeNnchYj(TVx#
z(Tmq0Y;IGsvG|XT@1!DF)kv|o^bPa^lW9{62~E<Jn?wF2jhaI?(%fJ0eo<)-@Ai_x
zNVAn}2yrlCNUpAIWAdF*H6?o#Ms<7oRf3zfhR~6S_PvF0VbuokTJ#yj{EQmg?-xcI
z1AHPH1q+e>OyQqYZ?<6Cqfu<-oR$^_@E-8rEHyFRWK0rwy747cHN)g)Jy?vjeuou!
z+^;sd>vp+_N)CS}G~fPJ>KiqTsT-5)dr<zg>wztaVBZVp2gHAfYcmjVVl-(P+%A}Y
zSIlXF(|MDL$}Dxf-n($uSi932^S-c>&1M2s0A68A?iWn*ZD^Ek+=;DuK2w=iTAZ!j
zyF9ZfFihUctme|PJKcBhn6mu+?zCe3S3@7^a=%cvy=r@$TyV6rqm_VRiNsCN+k-v(
zLXs0!-KjHc@=~!S2)p``JzPYeM4*^nj*AD`LqFQ(hW_ctGCkZQA|{W%M1m=%{Y>KT
z62)sOxS!gBD`-C1pF}SQVjsJ3)>Sdf73qyW>J<@%@TLTd_Y?7xMmv(zQx%xyHGk?}
z9Vj`9Wf%xsE(2HVFl}6fux+Qlb}zN!|9DalzU|OiFY@gUg-5PHv6O?vWJm6chkcbP
zCguS%mOEi!0V<R2ikLX{Ft?)N3Je@s^<4JMtA!$S9xc-GPgU}!-Z@xZ&o0$^g$_&3
z>tb#8KLTWr$6@Xd>^uzd>RD(4$IbV~z97;qD~E)5p&+`%vgSx$NP0!mk#N|%ipHQh
zvry69&xsSPJtMrFRU-WBm?iSusjH6%#GKX8%-#~iVk(S-TX&{Ujymh^t+>bh1k20Z
zS8$Q!mn!i{*ug&DjN;1Df)^C1;Q~Id>9$rO1|VRsX4xZK@~l$f*K1a^5#I{1;hi3d
zAw#Ilzj(5uN3-25GKQ#QKs+-Y6VsEkaYZ>3N3WvJhLFU5dm!IOUyEsBWXSPlhP;zw
zF)Pku8G?MDVb$IQZ2$86iD2>*3w*QG0B3#6J3iCvOEJ7YVb9hDa?mXHEmE+r)jJj;
zihok4mAKXKVuu_9Mafa5O$cFGsQW{X_Ws4#Taqp!!s22xG-*&KyB)MBe2%4d6LR8W
z#2|oIzA!9$ZS__frK2w7ox<*qJ_3SSmY1gMCD~Ewuk`d%{pD`emPxa9^;TXO6S+L-
zj>sTGV{0}q?AC9hS$-Sb{bNCLXibbMAJ0G^?ltjdc%Kl&>Uhb)&x9>XhpHzhXNZ}-
zlzAMR>s~2;XNsIyDYOdHa2xY>1$Ok5jp04+je4C-rbU?*Yc9iKpP4almM@vhhtCJV
z9DZoYsl}|J^FfaG=jZ3r@0l90Ul<qV1^dZL^7FZHGcC_~9crK#H+gV3-*(m|&DXS%
zHmzKGia8C(e)bHl)TOUhI(s>4=Q8FngYAk(Z#DLU#pmFKJz|XY4e~=gy=f2tG%hm7
zm*Vh(OW_X>aF5IGqq~t>^<v1s`Wa7mS1!0_%e9@T!yl!NedQPEPr>I!#>osFWylUC
zvqPE2!}bU10~kYBer{@4nIY|?Xi7pMpA)R9W!v(!bqpBJR;XLE#MN(!qM-EJD0Fqw
zahbyh<rnELZEt^@s?(i3X`Mj`U_g!wA@&c{!`ARL@OyV1%i&*r6VU%qt(;p>@`r^t
zo~nrrgIKpjFRDzH#J8CVF|_g8s2WwX8njz#U#qCptTX3qQqCSGGMJ3Kh}r)(^L?XJ
zrVD7OFja?^?pby8d~4eZnCRqu^jziG1j;NjbWktx!tgebbF$kGSfex<`W$XD61VYS
z<+i?iM$`~I=6|vKYV%w>$KTG`X#4v6rFWyRjb4nCxRs7gaZ0TdANA5P)kcLBjIHCE
zUv<^NED1^AQ7!=@a^M$VBcuyUlaGhOFzJV96Rj>9S2ZS*C*>uJIUiToUc_`~mW4iB
z=6S-tcCm}5-niWMX(>mmz2OF690qv5qPymDsCSf#XY)h#*3Q6I(b_6A(n+WA$M?ZS
zF9gq9657bMOCDUXzV=VB`{+x6`GiT!*D9^TN1SuOeyV}I4RceoZ3hwi<R7U(3_T9p
zm0;%<uS{@#Rt4TXw}SfqupiHf_thzI^4e50@2U*p8Mm#vpzfEmmplw)bGJFT-Si)U
zEzpHt;TE@1=B@H-nW+(>AxtrmkKgX&IWU~py)aVCBCdI6I>e;_LL0MXRk)+|6*xVA
zbgi#NznuuQU(7crA!dq7)Dn&Gsy&t2(gUr$IqcScUhe{OXRd2~+$6$;G@xBRV3yI*
z-6sBGTUXGUowlGgE%{9XQ8B3y!>uVf8vvtyi2?5+zeRu`{GkEUGglHK1mdlhR1ZfQ
zA^B_GV&C0Uf`szpRw2Ft!ZfRoHF;H7{tkgG39GpT<HPtM=^QJx%H@|@GdljrXwFMz
zbJ0tr%Q{_mg82f>qA+F^+^>x$6StO0V&xxYF<0!xi0?+~I(jhE59agYmx|L2T~eC0
z=i0hs_Kjs6Nh>3Nd>483zTYIVQ%3C=9fphxwpU?xRur)CY-(BaPO_jJ;b=FR*x4AE
zm}Wdo)$9kAdAlVc?1q5mKXU!{)@XMTo!sXJZ;kZN_9``xnQlnFNNt@w(i3WB_;WNZ
zsUZ&Y+Pa6+!Zb6)*r_Ti>;oDNYPehHzOd#j+`^l4vM{fFZK%}|8G%hPq43C=m}XyX
zh~Ge)a@Z-+WSBEM5qAH_JOkK7Ll9;{6w>c(z{l6sHuTV*)uC|LUQ)h|#N`UTWbyLL
zX1ZYyi3<UIOfClzI`izS9;Yt9>se55&gJnnlV@eJ?Uf<PW@n|#8K>K1(DW6J@ZKWo
zp9>|~@2fnn6~i-Ec6|ro<~qJMV33T$8k0~Ca^u8{Un&=<(^lH5I-BM(7gPo4<a8zo
zR!3_6$5pgmJL+#~cC%xs>{rg8shUbn{M?o?6n<y9El)f(nyutEJ#U=jy=?r}WfDm#
zhP@auJLMcTSc6s$o3ujYpY%q~jyYQ8lPRxv8gUyYb|68jalW`(_9UTl6AyZn*C(u#
zXKRFgZ^x3&sWjpYiZeDoM@~^tNXMwhZ|=<W!jE0i8-1go*N@^c0cMUZ2-e+EE!Vwl
zh&SDH7x7&d+0<4>J;FS$6FXr1Wk>7XuLOVVT^@;VC~aKdRkM0h?tF71vxR8^^qt4M
z#(wWpIk<XL7mKk4P!#7;XIx5InTY~oH0usKbk6KHrcc~+?LRsSIaX4SCoV6hj(^K)
z9L@o!CkQ7BnI59PF=-e>u`&r3&EFU&$M%h`8mwnB^6w7J{E+xWS4r}`Bu+2B10?eS
z^M9a?FS9pbn>dNfnU0ii%ibQ&h(iVz*v)LYWtK4P-S|WoBdsZ2<?kEH9>%)lpR5+q
zA7_ajw2?mfU#oz1_7^3wEmc8Dc?Nm)fvbV$+fv7#*eWGYDezf9c`ha9z;3>s<HdTZ
zpj|Wd`jZv!TP&24#-j_-7P9;DjTM^vdBdF5M=_ymbH&Vs@1j@>f)%b&S08IB{VbL0
z!-MZiv%^<j@K*6ph*EENcY+6e0u~%C>0;(sM5s6MP!FOs7HYBXU$Rmj{V&<0CfW7_
z57dGQbOB<!to)~i1EIi5g~tvL9+2={i4V7BF{^=)8?80uk<|oaiJ6<V*-`hCt`z;O
zLc(~*Nge~Vbow*bt@X|^{}g<4mOlYyN1hY0$|uZUY-@>Pw|2hHw)HR7>cH_Iw$SR2
zf{DR6Y}>M0e_ybkqhK^$OUXZYXdWpz&+_=M!h#X!^7CwB=a-xFwB~{0Sx(5R{i;uX
zT5|EJxt<al<he<Q(9KPR?^_-Z%YUI?G9tsv=~j!?OMLdi5VCB<Ew8AzX8y|M&eilA
zp1_l&11nv&AD+lHI%mAaQ*DEu{-046&o3#oo@dZUU+X<#R2>|yj9yC#dBrql|6!ix
zAwf~J$=grN{Gy}1tqh=sVOxrei#1z}Lp<V3P=D}#Ibk!kGBFgiqf=H>8%QNvaQh{i
z1NoqvhyW7wS^AnN*Dq*GF<JYOl$+~A!4K?DlGr@?tcc^}=YKfd&pa+iVj>9B$BXqe
zW|KkW@}oM>C9l`dl{LrTJ7{Hw9hrA%2w6dEYikeEX+h<=`OLBO1`>n)6+Apz4&^i{
ze}PCW5EFs_fh~-c`G+yTnidjbTuq#BJumjcuQ|WGyi{M}?cSFiPAE8fUwB{*VFZNz
zrEBdFvQWV9zMP&A|By~|i2jEh7m7uSyIPq)@z6N*oQtFNo<VY0_>~A*N$QOU&Gkvq
zewkD|7XbDA*`k(qvAZw*A8<Q>6(pb#rdop6kK(T9dh0V&Fw5ibjQbdFVl27D1@V0?
zp8Dc{@zuW<|JKAW-rWRX*M<21BI%zN67~0HtN`cv{|)J$^S2MkF*&gQ-;nNrpPw3!
zLFUpJ|L5iXFZUmDf7<vlw|Q0Qzh?jM)&JjA2;{Hc`BaQ&jF5~BoVMn8X~XaLi(M0E
zPjQvIl~R-9`5bvSKU{*LkJ|gZwo3PrWnj*Uz(dq%qRtAgeVD|erjB>Jj1S%?DR)?V
zckX`TxqH(2kC_Th{{8YMnVs2VKmz=`g`Si(AAOHby_}uvpO@Y);!<jmk&wR7x|G?O
zm=xxl+_p*pFgrU1Di%dMTUGkX;XR<q5ar~eEv@a2Ls53X1O+z<9_JgekdUDNuocFi
z<16o;EsIDP88Kho-kM}%+$?&Rb=Ufu_`Q3-4+*1Yc)_a!qBEE&*Dq)sfc-koL#+C}
zvru2Z_U;}H15!=KTjk{BBpBDCQ93J^tbv{hPs9TB{b9G;E|ec%{9;n$=EI!x!ktUw
zeJ(*ZPJ#|929ITr5}&Mc$FdARaNOTBt(Jp;&(Bauq%K|v4fd<=KmN%wF_GxLJT>@u
zK?Ufq&$~dofPqLul7~Q0(J+X~$+6SWj40_Vh1~S&()s#Plk6xXp%X|FAIDwM{YLTT
zE5HkxQ>Rwzbu|&;kBEp+)K(8=@wK)-K|;Za5b_fwwfq%@Y-ek$vn(=41>%c#MEe;W
zc<_>mkIRUuF%*P-tUPaOp!FD^t=aCA<QgkvTAi8m@9ia#wgmaUNLr*t_8or~4?>j?
z_9D7L&HWQr3x1Fnm32Qd3cMor?N~9<Nr};<qNNsg^+6R53|wwHSODVFOu{Q>7AWu8
zPdpdEjBaFx?Ys~bk=?PtW)vR=Y{$i&Wp4tr9PVxrMSaAG4?d$|MtJ3EKMiA<Mtidt
z$Y;gx%zRc8+_d%~l&O;)=(ZP}W6X5m2-Q>4fq1K6TC3M<tbP*F23RO2eM+jzF<V=P
z3k~;t$sMQCTGxp1!WS3#nzeSUFXlyk)yb5jxi7LLwh?g_7w!kSZk=HoSo$1QnxR<<
z(nTd?)VTEbYMNIMIzpQE{Sslg-gJZorOc|ENu`^O(S4&o3;PmFtG55h!PL0U)mYNt
zkIYtMB&DVlradJkYusp;hoF_zOcAlEAlLrlN95R~QWNOx|Ah><sS{FnAaoZV%Oc!4
zQ0SvKTFM`h@_wPG?yNC<V>6j<=N=s}a<qp0JXQ}|!+7W=rUgS|eKO8B73lxsYboGi
z`7^~<;V>i}gTR_*R8d(!`V*WT!d$*Fel7FlxK#AnZ~dP<X+Y%X^dTN&V3qG7^p(_Q
zVe(EW&zRpnVOpCxt2d4{HO?zZfd)!wzt~RDc-xfU7#e&Yk=C@PEy0uL(rM4-AwW%+
zL5YKd;}48MT@l*ZW;mnZ6;kgDf|yH<AOZoGf54&cPlZiKIEZ4bx%tJ+Rut{bmYwyX
z*y3XuGotQI!hrA9RRz$K0v|Mk@);2u@c|WuKN_UZkoU;jt>>32axy!g5)mM<2nAvH
zp4|@=KEl$QHp3jjP?h9}sr-Ap!0{?aRv$!Zf7-IEB^&mPGLo3hx!;|S|IlRl=~HX#
zu0Bc5r(|UG@jm1Q7a|4}CL-2-S%@r)AdJ;v$dt_?i+jZ-7vB#_W~{ZYs_x0j@+K>J
z5CMO!vj);iwvZtw4t{0l8bUFCPPn4L*?4k?oB=>vyj0yPKWM^?yQ;bGUrrWGUP(zR
z{KW}k->Lhp_O*tgt?4Z2RNm;v1~OlY6;MZ)AH-s<Q69`L#Vl3vJjFr_a!e?))C^Jx
zL{j(RmGM|V)8MP$@lS6|9OSw>mzrGJfer4Q1f7?x(6@&t0?Am><+YN?O^v=NsYp8p
zIbDQs8#*y?3^~#=lI6+5-Zg|QXjpI=4rGYGPf0=6Y%Z81eZWCM!I1EdVk^E9=26)(
zP4HT<G4F+!@U-7ocWs4snlM`%GCilNjTdT$m;4%io}QEBd*+=o+&oIpJR!V|+G1qt
zNT^|b&XD+q$7oDL8xzKH9EZsprYbj5WiRtp|LGN!ud4zN6)GgZq8VYne><R!!enHL
zjm^<FffaG#ZJ})Qgf)Fm>2v5XP}&JHdSDO88{Kudm@;LJQ4V2?38O>Y3-JiMk5}ix
z4&d|1Dlb|rcoupIP=%!LTA(pI09&nJY{BPc<(Px-&sF15rIg&2B>?3DEOvZA{+KJ>
z$x+aac=uvO9(zW^MGt-9;ms}Da}tOTO$aMB2M-H2ntXY@-kIree{#+hj<YA7eD2F-
zTV1gk5cWygS28(D_~*}>g$1sQ^b+1Pt#k|xBG9cvMfK;ZN8q-x?P}Ekh=wZh2=GYN
zjm!l;y*3}G*u*EHNq|&=K!k*p9qyC`yYnA4@aQX)fAjSP$<U@sQ$DH@)*wyB>c8vL
z=z4JVK3&}$RPcQv1;?la6bin9Ntfdy;h@M8hhanng3c*k#pPAEI++xpB1Bk5$3qN;
zEkqVQX~O2CtxzqgYG|nV7wSMJM+F9YtEw+z3ux~>^xsCKUCBs~Mj;&$qD1owIy26o
zk|?R@l+IGo(to4Y$ck=5yJix`LC+{4d8n*SPe~CFUt+H!OtS7b5JO+h^H(>}unDGv
z$<ofQq#PGFmVl;y`(t=x#%c8Ol%K@(+}4Tli5ixfY*y5icouu4KW!-ZMZQDqqrqk(
z6C?)52^l1zq30#2lfb0(_G~sgv*!~D63)ARJu9@>*A$_GkTs)X#_7aeYLuwG`R1+6
z0>Or;o~-M^Ku66ETLR8TEmQ}doQyHcqGXK*8lCSxZo!)pqu%XP*3G_<vb`)Q5Q5lb
zhO6(RX|Ss(Eu)}i*3h%Aa4Qi=7kl5pPF4Q9M~+iJ2<U?vm&S~e+i{Nr{^TC)9<2m&
zU14KseO`K?h;&j;`&F<rpyy|FjA_@HpVOIR`tK?#k#9=Ohh-AmaiE2&20C({VxsX8
zIInbK%Dbu)%napa;+CfH!a-zfD|<mpdoG1^DN{TeI-8a+L}t>xb&{5N8B1=zaY7eY
zLd|K=>!jHVI`eywX56jmqEY&@APc`JQ}4L%9pdk0Rj?oOMX10XPUU<2c2w+gp`)qj
z>3fv#f9!I^_XV!oI9w+CI4(bb^qkm2QF}vOd)|DrvZAK{lKcnBYN9;S_l&d>cE7)<
z8UE`WNrAC2655sp(-dB1p)tB>acMyX8pNL(NhPKA!2@v`C3>oo<oX=gx<PsAY&5I!
zWSpICg^-D>a_(xII`mU>8ncjoSxqR(YjecFpSE&p+_y4ZfFdl(`1?{Pa=e?LB44W`
z&7(5BxvMe-K)$MlJiX@nMk6*k2w25<Oj5?At|TTLZVwZxnGHb8;Q3Fkd85C1bev|C
zRaR~J{B#a5spKXU@-_3A<HJ<=jH&*|IqeP?>DCgG$4iM(wt!Z|3Xh5rx2$0-AR(FV
zzpPb4zM_s5SDEH`+q}#b|KrE*UC81vX(1Ty3p2g+#~ec6$A=&!ouZ$tc=sUFPRLvJ
zrvz6C6B0UlP;)a^e=r0I1qT75@4n-j)4S~VbuZk|`-i?u-&fwG1ts`Lm|l9fwQ!h1
zNK&^+4!(~^3x~XB$Zf}8X>4_fBqqQ76{$T=2fB#LxgqLHV*4_yfv9Z{D$|C3cAdKn
z{m)4|;}DmIeiPrK^17XO8(0<fa>CpWCINfLtV%Vm%m<ZAp+wTgZI1_At*Zh-=_-^?
z^FE9@ud4<%yN2im!f&;<5)5{E-CAlHv3>#{cn^Ci%0pmwt@nwR)EnUtHi$c;h&~vr
z8e@Isk#1YS$w_fC2w|99Tn&0q6mcU{5pLl1+btDU`8VAzkf%L*&O!}MBx_pftBrQf
z+8=$Md>?D|&DX88NVBv!ex5IjODq)l+#c*tV}}>S2tjeV^>Eegd{8aqs=aSPOsA+#
z#_k`gr0!}5=L1~^UJwIw*G_fyNLbl{ua{kf*JwOu``aKksS^NJ#!1$|LvBpH(9^1R
zaQb<2_v7NjTBlk4LOwm8(`>8^oB+&^YZ96=t<V9oos>+$009_g@vAq(V=v7=PV^6I
zZ_)2<=!da5{u&?m@alHM%!j4=%y6uwaxA@#;A`wI9@_23_zMJYU~f2f5?w<W6&qTi
zG8Bja9cN$+m>NhK6_<bOmZtXuYi`d^pp<5p6Eg7StZOOEJ?X%d*mcZw0xuR$o+#wx
zFX!H+pJ_n{8w8N+Ip;J83*<k&isk+Y@pE9SV|62P-7{UgAI?O^-3fxI?uydb@Xn1e
zWocwE2+8caQ!6x-DP|UCrMbSd_YH~K=%K25=;43l{~7;od^K49A#~6~qB<Y4{X1Qy
z#$n@hh(|Jific*`iSQ+ub4Nqr9Xt1>H#HtfF-Q=&@1g7Zs&|CC5G?o(oJ?afp}6@`
zHE<H$X2k(FU~$ob2=ndh698_Kl(%aQ`a)x}75gv>tGm-(H|wnoe()alkP?(#b*Q@8
z9M<=>@I9^GfpQQbY9O<ku6M1$1MMh4N+oo=gm#d~Up?!ivl0G7r<Twc@90+|t76|k
z(9fwaXUnblf*yAGolh-RT+O7Y&Kt{ebeYWNJ50Ll++QyzUcc}<mwSwZAa43`lLY!)
z_4ImZ_SJcO4t+h&(TCO>K*~AIl&7x;Dpt)&*^3aI^?lIi$AL?UEpR@eSu(T-m68z%
zg9#A!h7%tftRwEqAMt5&r{-9{KZCL#y^R%oY%dVoIbIiH#~0B<zruyu4VX6!o<ZuQ
zf3<IO$YS$<sqT29Q~y3uGF*bJ!qA4WIGGiZ6-~?J_Y9>fWWBwp8|%AUvU7rsY4{%T
z$khlZm#YjFJwRV?ZVU*Eyc!HdSG7K6I=5!{BFh6McYj87Y4LBra!tHNM+6AVEnlYx
zKS~jGi)n4;sXF3Fi><(SYAO3&F(AfT)vrPLjN@Im+4qK?NsWiL<%PHzSaw(2Z1aG>
z^nP)9{pN>}=?=G>(8r;saktm1qNNp{cSR-Jyv1_1UXT0nvPw9ez=dMqcg8%1wTP+k
zcJ|>AN1JI6yj2)_Q~+oYyyIN7o<kPh#fa7Tp<+z<;X9{X^q65r0}?oaF&3%#-PyT7
zw!z|%olL=3TBnD@?PozCtVxM}P$Xrn7;7>~<;rJ#fL>LJYI1xns-pq9ITQ47y-7d(
z5_se`M9a|AyZ8}Kug3f|XcD{AdmVH&xB#ZR4S~`5Op@d21!dRa%rQZT6Sf@7A2L)F
zP`2EL!q~+ERXz61DW1y<GQCYam@LuL@5SLGG%Aj)&Zy;I{EBm3TrCiR%b07ezSi&?
z7YQRoN~P4~joXCzG&GZmj2;_(;28~xvG<VB8;cb{x#h;#ZdAcn{jvL~*<6Z{YfK0w
zy0`<k`GGoOBN<dad9rwmC>WD+1biCY-4qu$L<U}lEGn%Y1v#{~S<Q2EGzf;ALNP`5
z-c9=6awa*zb5>~j8+5dSJPKTi@jWb&O2&Tew)cIKn-fFK6K29~;N2XYWqg}#-n0tw
zczTj*Hk`p4Yrnvd<#i*|8`JL<OxfFtH1I%s^m{RXJFzifUx+8Fni%b{9!hiM@_UmU
zYX_pHaUAPPDtWq%bHE1Ug?$JFMNJ>>p2iBsbOIsV@6XAp82Ek~_#WD%x!>cX{S*v(
z`stZ8&+%tC#>p%~`Y1?Y{rxkLW^~Ib_)h+SsaEi-5p)yy?5*o`AMO5z8*8{;-USHL
zVU6#wA?<wG%XOUWi``M-)C<|kzFo$QZTObzAAF)sQ%wCHwhLtB50n`s+woF(|5~he
zztnK@^?Nlmz&1B6-0$NVvn&!j(BAh{r`bi8knehSv#>Q}L}h{HY-mJGNgsj0OtA5C
zSPa;MSFz&z#X}X#?|n^o4EQGEzE$r=!ZC*Fe8?Bs#kd-_DtK=ti-i;dNBF{=JfltX
z6E-+CVZPU<F#h6aG@i4*+a2ARAla}c5TmmmR^j84sPnFS-~FyW@#;<?)tG&Cxz>Z%
z4(LN6;C2b`y_+w?<ZFq74&!HfG19BzryVN8NEn1cGdXK#5P1CNdwAb>oqkEzQ`f+~
z)afhu@VWQ(hC)uP1I@Vd5Nv(Z&hhiA!)d9V#DaCqM<%Yrp<eDlKXI-5UYMWgLnq(c
zb}eN*%XgL>B7%L~jouFoAAdXsH1AVf!JdZPc3gwk6HG^kXB&6tX_~X~l>h}nAf156
zqmTR11urrtdel2Fr{TCf1AG=MvI<4??preiW-cen=s{=HA?D=(X6Fs`McXOH+nEfa
z(fh=^<*)Mo)UG$I66Jg>!3xHds^y5F<+kfeMju!aN_jwb)A~=bk2iMxmr32Xa|OTt
zBP)%q(^!E(qvPShj%r&_t0}$zS@6!}?<6z;KD&Gg72KOjbaY%wq9yf;7Bl8JGMfv$
zFch)SOMy^#NbRz<7X@waTqNGlFW6zgd3@zw64#9#1-r;@hgnm@j++37tamd4E<V-+
ze?7{Y7QxW|m!Mr25SDBZVDgf@xZR%g<@+ZhRl0^*fBZ1d$c~H+21P<n4zV2B8Ma*C
zC7*w71TPEQ2Sr%bTa-_|)apntO{J(On_A1$dM%rNFE*CO1K~Jrgw~6WxnrT5uvfCZ
zOBjKTDKGA1%qJe3`7_;Q*O7=5cl8ltt4cu^@Sx1(I>`PsQE__|qa4ithfWrMIu&%2
z2W{bLTUy(=z%st&68OsW`jEN3_yMZRZ5!xlPzS1DDay942+HJrCMt?i)n^a9;;gD`
zVj>9Wd5uzw_mY;a))Wnu$aB-R4-T6O3DMqY*#)46ZE#tPuzfD?Mw@S#lbjiu?_*qJ
z^{zelGGI73<g1Ew%&IVumtMtYa_I-nY2b!^Ej7@<xfzpCK?nJ!LCls_WlJBGX=&A+
z;C5j2{vZpFmn6<v3ajnbxV;S}5E(DRI>kxf2OY*+2Zw~a64+p~KtkaI%3@3!bt82Z
z1wl*00_q4qf(Um%5N0D-l;=(fSzN4`mK7XE(2jh{amJ>OJzjrRW+^%wLeuDGziV9D
z{q%GMEk{BY(~Pn!{#D|;Hwr@u%c+h*ge+`1vPf0`KBl}74ZWC~_ls|E(;P0a!PnLp
z|H$*U=k?Nfey|ctXf!U#RGxm#=VKg;uSQUr6>^rx6<1ms!T7bxwt08s)scbTN<<<z
zQlj%!XCl&iHv=GLS;0}awf+!pGtEhkovP0c*MWNz?^c7<(*flupdZ!=lfR^m^i!w0
zV{L3)rn&><-TOvKbvlsNt{H!o!@hfA%%}POfH$s-5$<%+e&7fuYBh}yA~ot~U##Da
z^I4JEL~hTvPLq9afBvtfK@V-!(^!ep*d6cd{?i&b+4hOChJ)o{8h?!V-#0viknF~z
zRYA><4~|i4QiEH_VAuV9A~lZh1m8Dm3A;Kk@v=C7GbSXWGUxfhj&g42FT)}8dSaQ&
z;fJ2BFJt{Mq8oveu5r{sCg|v73>;FB(S)|^GN*$yBg5I3z#4VEk;!cZGYKs*`UqIZ
zVr7EhZLE;^mW)`H#RT4vyx)90Ot>9!eCQnYvdcje1l4E@7?e9@-c8H}K&Wyhz9Mw5
z8@z$4GaB?Y*9tsMcc@(L5`MsEvfj23i%@|!Q;WE3GLaM(AfaOqf9_IRgJe*lb(pRY
zG^@-UxVWc5@Jz;GzZ@+-u?f|6k5&>z81NMA-Y*usWoU=ttwNFC^83pvhh5**Fl*c#
zErN!g9~ki2Phq?3HkFu(Dht7wU_k!p|D7TW^LOsy5qQ%*Cm`CoK0GwZ3XG?m-pn>Q
zwLZS=yEmO$7Xc{&0l8bZhwTp@#x&II0@ntqI_S$qAdEsc5)F(WMz<jTct&bXWt*Zm
zp6+dNXDml<T4zPb#O#Xgoq>fHC;3ey?dZ>pj2u6GwSQtE;4`<KIM%ERSuzud!g(|M
zG&Uquq1g&5lE_%nCdK86NDxC?m1Q1$qX^vSJh4sESjbE9hJ={z%HorTyQyH4fx2P#
zQOpVptn8yMd#y+Gh5sQi^aNU*@f#K`m02LT7W(FV#1NOYI&0Y9uyW*;m}>};R^4J}
zrxr{pt|JU1iG^%>zd}l85rtw|938zv0E}`Mv+EUZp;GrJuH7@8zQ;Xxl(Y<+^iKy%
zrfW#?Hr873o7GfBxdqv=z#7|<&Bd#D6Nmk~+bH3@Zf{g9+0)RZ{)j+b8a#9%W%y4#
zNU4ttNeLeIGGrwI>}i0|FZkGvKfuw4>d5vLj-K+HE;ZsO%%2l}Z|DxPdbbbT&N!IE
z3xi7Kzrd<5R!g6Q-_8dDa7BAUe?rXt670Z-$f7QaAUgh)-NkJ+Y>4@=_OM{U)-=4l
zk(YxRc}#_+mgYqmGjj!Jf|%yd92B+-fn@H7qBiOSt6fpbh$2-o^dOexsTsBbWX@s|
zem^2X2V&~lE2=K*Z%z)|wXy3P@F2K)oEbRETA~=4$b$@fXnG@;Ymy(G0#RCqV+jVH
z8EHsRc!U!+H<j5N{+(17QQ!2%z&MEvv!F-k63l%>pif5292~-a1AjS|?X8V%82I~t
zE`|VFcoinm6_TZd`I%%%*gw)zz0En=v<qhdq}f49xSrY-EJ8PD?YtR)a`-@1$dJP`
zo(*$A(6c^>8&q84aOk8m7nkBKfJkr)X4>*o;OM-brGEl4G87lnqo%8xnrht?4%isT
zV++rC61TS?*wl?;b@gWVL93DO2H}*6u04E?D>R!hy>3HE_(-C1g=8~1aHgXecSI#v
z-4Zhd-M}j8zq)i4qL_-02T6ei^_YcNRoL`?VPG3;-(jJVUTI(e^;)3sztCV&8feB4
zg)F4{Akr?=487I0yWkk4WG6{mNa_vbn~Pg4Yc}-;mMa)fPK-a@912Fh<i4d#JCbR`
z&f9B?{_>}u5V@sJyX9-L6_~G!<(53>jowuqKb|p6a@JC4Kq;{4<zzxRG;n8rad2bz
zsD<fGNrA!Qyas*SjqU1pYc$=l*n9)+1?5VKnq+~1AGwJAXL=70?r*dhV@@|aht#kF
zg9-MViD|Y(jp_Hk0H4>WDJd!cK&h`z2ppuHlP+r<&Un7S@=c?M=+r_cH$lkgZ2xVr
z89sr>B!mOt^&%FR3lU1o?sx$I>h&YH{VrwKGnhC6Zp`f@Zp7u=)!|cbY4t$DVy;BL
z|1cJ}6Bo?{VHhCyO@QX2Wne1&s!~`^2$Z1t^~c+GX8koulR}600{+v?qHolZKSeNy
z1}Pu&*AA+seRN63>oX+sWTC+C`WGOuwBu_NiQgKL;hU4$g9Ar<&d#sQ;CrHEN=+U(
zyCPG5PZ}LU-5w3zKzRdoHU|e%^+R|C9=T9R-jI#~L{~%ZWWk(U@suACg73}@0^YZb
zPusJT+Y+&BLH_FbEfK;5@6k1P>mS7Rc?8tk@GwUHH9r_w&aSo;_Dd{RU(-G=gmqbM
z;n6FkQQvI(m5e(Q8K^*v*2GR)aj!!N-;$h;!LG__B@|^@N@VdYz|9D00vfyw2CIDq
zp*iIQp(cSxO0r&C8b2dr#d|hB6Iy-o5Y(Rv6VwBeq3W*T!G<l?U!<a*KOQFd8_RE^
zb~iCBsf(wCFVCyr?-zyh4Qm@BG}9!}(s`1Zqi10vMzXjb0XvO!O3Q0&auy}&ILLAw
ziSO)UsD<X7scB|fbK~0-F|TTSje#M;$V-o}IRs_$yYwg5PyDrakGzNcm;1Nvr2>;4
zxrZKYll_bsx<SmOF?khR&@?A3%`YR74uEsFopKG`u_Qosfv+$xkAh`!Z$;jB8i2&(
zZtZ?7bNK>!nh%gqx8Vr`4O20E{egu*Z#t}a@lVJX+dxVU97BFy%cv32d?#5mKPU~e
zq`fWniC719@h{kw%k5t^Ob?mC=8)cw4j;Dyu|K_om&j@FWkfYKmpC1LU*e!&Zd)yf
z3)`K=h{gwNAy|Os;B_|rUGzqv4}9anNDnrv{6JmX;dTxb&6J`OG@QL|Ae8T`DN~Ga
zNQK*Gir{vpAXbFP;&`75;%3-HdTL>(Cwya-2h6?dm_%xmgV`_KrnMiuodO?lPq({W
z;&v~1roTs-ikb){a^Apls*eY46DhZgOH;SgO9^^{5a|bgW9AN^`e}vyO2koOD<Tw$
z6yL3=pB&iN@JXeWeZ~?CI&#>i8r!4EI^)JRx1Yjt-`YN`@i|w&o7wWX3!mq*_vPKi
zqA-@&S6pj-a+5V1gE#W=x;o!{+^UuV6rL#}`qte!u8rPCo4{E{VH)37fu*^9!@Oy%
z03>hv;ka!&u#{j__A>h2)0sD>nn+9%%ktL7Kn~*eJk7BR9fMCmJzk1UBIB(0$v8}`
zF`8UA`3?eE2<URLccpFOa8-iY5jSJKC}q3<T&p#^Zj-FtEp1Lst4nc?csV@2s~vr(
z=}E}E=#5R~?^hjRoDw_DJ<7-uv0B!|(U!%ST8zxuAc1US#pgJj{oLj@zPuxeR?*q<
zekYT;&VO+7A@w@*(Cd2WD{Ad~2qjm^hM^^`^D=Gb5990o!$Mw(CP|zJSj)?N<n;0R
z?E$|EAqw6Y$Oop935K4k@$##&kp?!^2_fbn3pVuo_E#nl)K78$0B=VedbK#<-QWZP
z8t}ZtGXE*I9Ae8e{;oAdk!)qR{RpoYY6*9UnOD-7;6*!UOtLu@yKmgHa-SI|SOGmw
zKfXq5D%vbT3yD8lItvk`Raus&!9uZ(>oR*}IePt~v`3NUe-J@Zp<hoRr((XP3|X4W
zbgSU=gRjICU<|eyia<^GZ8TV&jeV}L!Iq`9MBXH{T;C;oC3-TO1;$3bdVAHmip$iw
zEZ;`Wxe)~W;yF)N5GM*)X*E=kA8?@pA6Q*pE#a|DMKh+_UCxRp0X7(o8(WoPU9nyR
zVVk|K*=#8A`*(S~t#!}cuk)p5JAB|MKhEdQCI|;yJ`c-BSuEl9*0@TN<W*T_k<XBN
z*RT+zqj6Sa1%V8Pry5<tkL7(&BY_ZXBRD|`48`?^?#vm^^za0mSS)sC8H2OQB^-A$
zUKOUt0DYOpW%Gyf%J_h;(<!g5uWScSWpsq7>as6KyC07Y?_4Ge>0C7ylspryWX(fK
zXt6>NudEeCc+L|U;a@*IU<ywucUEW_VU|ZrT(W{^+Y|=NbvTSJfxd&dvb|R8E|t{u
z{TZ&f4r$8+PW1FxeS2Wi@0pXF>kY2aOZB#-p(#oEh4qol1hz}vhI@r#`^|RK=tImR
z+DS8-(&tK1RFwz(*cT!!3BwRK@x^B+Tm~m~;{issGjlU>mA|TlO-v9HS9zKL*kk^9
z+~1Cb!(f$cLsvsj9x5DNsVRt0n-hSrQLpO0x}mEwU=wUMn_rkOjJ7j#Wmo%_PRQa-
zM&qG?de}p)(q^SwB}NQ(Tdm`Qo`J)P7t3P9ybSVnW+cTfYrHvSvGKdO^CF$D%SJku
zQXHVefa^1%ci(A&&xobY1g<vYER$Cru_}->-GVz-+HUkrE6r7!5{H!?Yas8P+nI47
z*invHW_H3hv)1ZVer%`3in3vrpFyPX8vJGl&lq0bC&lN0Z+<N4nl04+#%46sx%0q?
zOD~BbYc(M96RAKUk2<L5w9qDRoD#bb(g#VQ%ZRylHKQ{BFwa)+OC~jU-hCT6_|4QA
zGD)h3(Z-Y64Zc`rRnd2*MZeTl4wY$eDt4SUZE5$rKv$ep#UMb5bPomV{#$6mpq_v^
z+V2ybsd3HR=+lL;<n9v3N-SSfLXJI5lY={}BcqaLxXuTBSwRn$h)5X+6s^bejR@Pe
z$K5)yMPqFM*&b{Cdeym0?OGi^>%=pPdDaYaorW39{Wf;x0c%sLBP-x=*0iw+M<Ok4
zE7S&ahKc%c<V5KYN1~do+ECK`kVR_?cNjIk9@dW|*NV+Q=pj+1*0#mlJ?Qy<)w&^d
zW1_m=+bwKM={_-DU2Ip+ss|NEj6JVFlOtT&Ztzc$B(lHU=y>5h=>r#V0?n}OArBtO
zn28DH=RTq+@OLu1R9ew4zJ#wrb8%K)QK8<XDSb!X8zkMA77sg#mr?K@5-ZK6miYxI
zPHlwUUZDotQIM3G_+X~U4<ViXTbNI^>EyIjM$#d@Ajd0?ffT~!9G3kS2kv^DK~Fgi
zQq>U!K!8Eh?c}Jmd5fKyFRPaCmv0ZBWu7_LC(NVNQ2fJ`tSqMQjsCH=?C~x2T~+I=
zgq{8hnUYopnyKKFT5C8}GSi~Ir8jl<uLrTI6A3=^hWuLbR|iXrCn^TfN6B!F3|)wH
z2@}PPS>cUtai~Fee=EDNY5(KpD-=6jCrmrwaW<BLU`CZlROS}eepR7riP3=AWAH)2
zrZg#Sr?gi&Ggapf^nSj-Yq82aO^C7ip77!%=WV{+2I1Z~?w`v*^@JG5L-zA#f#!;p
zNMoOZ#-vb=6&O7$x7bPI4j9Z_-@3$dwRYyhr_rnM+4ayDuC88h9IV(X8H9ZO2bJ80
zONoB1<A`H*05HKDE6|j2V%rekm=Tj`0|OqURvp%?c44UxuLuuKlhKV@tsptVJr`%b
zx+U+qy7o8yILJU-FgQs2U<%YYv0X3MRL0v2!VJ44Z(dikF&J<l7^)b4W+9)usHHO&
z<oYBiC)e0qUZvIQ{+{Z!Iaa)IkUdaqpX(m-V%uKdFNi@^_m8o+5=f$W9PKI<&0Ylg
zCF-d_Nhg8$?&UrI>-0uWPdKG0gBwoJ3nll6nA~KJtkk$3v)1r;`%Rq(i8WV1Wf@kw
z!Xw8;Tb~72j?FY*tY$<|4(qVWp#Ipm;~(q@Egn+p#t-thQVhn|S+fGf8H6j3B9q>l
z-;~zTT7gx;E*;(nyCQZvEOzL7ggK*6fqt3(FlqiU-bA23dR~N<yl0_^iCoo2I%6b>
zOJ_s}NYp`#|JYzc`lNoV%@w?{i1m4Q)el3{rXIUSHbDG#K}QnO9IKVR;aR<d_tNYq
zq#CPQel+!nB-m5^;+@CHfSRh9_RaJSkC#-;G4C?$cqE^6PG+A*fbqUE7IHwSIw-JI
z;P`d50r@1)3Cnx#*Oln|-16?)-UiA!7IL;le!$DK9^|l4u8XTfSJ4z<QKqaa<@#VV
z>HF5pvX>gs>DNN+we`t&UIc=z4d^jE@(@`wH8<}gFSJSImg3`f)0+bx<T^VkhT14d
zgVaD@OT`aTifQYxB2)lNzisG)T8^NxXngP_vwe1I!K4uZ?JU5FXRfmf(N3`c%T-qM
zvFF-kv%a1(q3cnn`^CxY$2@1ZfIu}1kIUw_LBA`Nr;3)A58H#15%K*3FVM_@*C1s9
z!=_s7Y%{$K5&M+<l?38kTPg`|4WZsQjq3oBMc3SZJou$6avYg4&npkdaEeqr9({Q;
zm!q8B{ed{#p4poC?O%<M^(uw6-hKM4zuhH4G}z&|CtsS|_|d%vs;BalI;L;2?jOtO
zdN}zpPh^fjp@f4%2zMVgYz2<ZM0NE;?{y9%PU7KRsj5t`;sI$4<CMwQMxYdipcGfz
z(C!d>eb=|^6mdA9$`wUt7t60a(x3kUTsY~+`quknl-eDpJ7-xbi$@deLC?0%uGPby
zLf_IG8dQTseFiY9jY!k0_aH%u!Hu|@<=s<wA;$eqp+Am3pBD7jh(e*4zC6RjtctJ)
zxRDZRV4q7eU?x4uUA3+6o(_{-NsXR&R3bTuMU>k*)hCRqeupQIEb=n>@3Sc(*T5}E
zh%MY_beG2YubJ%qCU+wv%#{bd9RKoE1i%>B!z;=^ZF!Iy?LGf%v)urNZpb0P<Qjd3
zP#_Fm?6IT+<$41eQe6JsF;j~2msOF!ZdgDt@|Dd*FiihC^M9PO|GH*O0c@x>APMHj
zp5OoK<zI<o0_6}wp+Is2{Oz~@l^NM?NXd-i)7td^H1ofWO%v+<Y^_w9&>H?<Z|`4`
zWCg(`vP!7}nEx*Y8-l`+8iJ7-fjYYVTk78vqH*x={zY1?1et&J_pgve`G1Z3zYqOC
f3i&@m(^rBrE48lk<m+T#J`X7|dC@9i!@&OsP~H0=


From 11a2f7d8c4a65c4e82fcfb742fde18ffe21ab0ec Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 08:42:53 -0700
Subject: [PATCH 294/516] utils.Debugf -> fmt.Printf

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: ff02bea88302dcd21345f7e4258400b58b9c142b
Component: engine
---
 components/engine/pkg/tarsum/tarsum.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/pkg/tarsum/tarsum.go b/components/engine/pkg/tarsum/tarsum.go
index 5f562762b7..bc017d0c55 100644
--- a/components/engine/pkg/tarsum/tarsum.go
+++ b/components/engine/pkg/tarsum/tarsum.go
@@ -7,11 +7,11 @@ import (
 	"encoding/hex"
 	"hash"
 	"io"
+	"log"
 	"sort"
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/utils"
 	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
@@ -170,11 +170,11 @@ func (ts *TarSum) Sum(extra []byte) string {
 		h.Write(extra)
 	}
 	for _, sum := range sums {
-		utils.Debugf("-->%s<--", sum)
+		log.Printf("-->%s<--", sum)
 		h.Write([]byte(sum))
 	}
 	checksum := "tarsum+sha256:" + hex.EncodeToString(h.Sum(nil))
-	utils.Debugf("checksum processed: %s", checksum)
+	log.Printf("checksum processed: %s", checksum)
 	return checksum
 }
 

From 8be33461d7660fc08987653361e08fd67da6f818 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 09:28:42 -0700
Subject: [PATCH 295/516] Remove CheckSum from utils; replace with a TeeReader

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: ef6b78f7db890a79b40484fd892ff486017ff2e9
Component: engine
---
 components/engine/registry/registry.go |  5 +++--
 components/engine/utils/checksum.go    | 24 ------------------------
 2 files changed, 3 insertions(+), 26 deletions(-)
 delete mode 100644 components/engine/utils/checksum.go

diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 0d4f2b3cc7..9035ce90e3 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -6,6 +6,7 @@ import (
 	_ "crypto/sha512"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -642,7 +643,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 	h := sha256.New()
 	h.Write(jsonRaw)
 	h.Write([]byte{'\n'})
-	checksumLayer := &utils.CheckSum{Reader: tarsumLayer, Hash: h}
+	checksumLayer := io.TeeReader(tarsumLayer, h)
 
 	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", checksumLayer)
 	if err != nil {
@@ -671,7 +672,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 		return "", "", utils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %s", res.StatusCode, errBody), res)
 	}
 
-	checksumPayload = "sha256:" + checksumLayer.Sum()
+	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
 	return tarsumLayer.Sum(jsonRaw), checksumPayload, nil
 }
 
diff --git a/components/engine/utils/checksum.go b/components/engine/utils/checksum.go
deleted file mode 100644
index 1c85aa63a3..0000000000
--- a/components/engine/utils/checksum.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package utils
-
-import (
-	"encoding/hex"
-	"hash"
-	"io"
-)
-
-type CheckSum struct {
-	io.Reader
-	Hash hash.Hash
-}
-
-func (cs *CheckSum) Read(buf []byte) (int, error) {
-	n, err := cs.Reader.Read(buf)
-	if err == nil {
-		cs.Hash.Write(buf[:n])
-	}
-	return n, err
-}
-
-func (cs *CheckSum) Sum() string {
-	return hex.EncodeToString(cs.Hash.Sum(nil))
-}

From 69c59dfd2b6474e24c38264bf4c5e67a5ad7baf9 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Tue, 29 Jul 2014 19:04:39 -0700
Subject: [PATCH 296/516] Partition server/ by image, init, events, container,
 and "everything left"

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 74fdadc86cf8ecb90604f0e2feb087dc82227cb0
Component: engine
---
 components/engine/server/container.go |  925 ++++++++++
 components/engine/server/events.go    |   98 +
 components/engine/server/image.go     | 1274 +++++++++++++
 components/engine/server/init.go      |  154 ++
 components/engine/server/server.go    | 2401 -------------------------
 5 files changed, 2451 insertions(+), 2401 deletions(-)
 create mode 100644 components/engine/server/container.go
 create mode 100644 components/engine/server/events.go
 create mode 100644 components/engine/server/image.go
 create mode 100644 components/engine/server/init.go

diff --git a/components/engine/server/container.go b/components/engine/server/container.go
new file mode 100644
index 0000000000..3e76086a1a
--- /dev/null
+++ b/components/engine/server/container.go
@@ -0,0 +1,925 @@
+// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
+//
+// For additional commments see server/server.go
+//
+package server
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/tailfile"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+)
+
+func (srv *Server) ContainerPause(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	container := srv.daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	if err := container.Pause(); err != nil {
+		return job.Errorf("Cannot pause container %s: %s", name, err)
+	}
+	srv.LogEvent("pause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerUnpause(job *engine.Job) engine.Status {
+	if n := len(job.Args); n < 1 || n > 2 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	container := srv.daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	if err := container.Unpause(); err != nil {
+		return job.Errorf("Cannot unpause container %s: %s", name, err)
+	}
+	srv.LogEvent("unpause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+	return engine.StatusOK
+}
+
+// ContainerKill send signal to the container
+// If no signal is given (sig 0), then Kill with SIGKILL and wait
+// for the container to exit.
+// If a signal is given, then just send it to the container and return.
+func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
+	if n := len(job.Args); n < 1 || n > 2 {
+		return job.Errorf("Usage: %s CONTAINER [SIGNAL]", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		sig  uint64
+		err  error
+	)
+
+	// If we have a signal, look at it. Otherwise, do nothing
+	if len(job.Args) == 2 && job.Args[1] != "" {
+		// Check if we passed the signal as a number:
+		// The largest legal signal is 31, so let's parse on 5 bits
+		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
+		if err != nil {
+			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
+			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
+		}
+
+		if sig == 0 {
+			return job.Errorf("Invalid signal: %s", job.Args[1])
+		}
+	}
+
+	if container := srv.daemon.Get(name); container != nil {
+		// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
+		if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {
+			if err := container.Kill(); err != nil {
+				return job.Errorf("Cannot kill container %s: %s", name, err)
+			}
+			srv.LogEvent("kill", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+		} else {
+			// Otherwise, just send the requested signal
+			if err := container.KillSig(int(sig)); err != nil {
+				return job.Errorf("Cannot kill container %s: %s", name, err)
+			}
+			// FIXME: Add event for signals
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerExport(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s container_id", job.Name)
+	}
+	name := job.Args[0]
+	if container := srv.daemon.Get(name); container != nil {
+		data, err := container.Export()
+		if err != nil {
+			return job.Errorf("%s: %s", name, err)
+		}
+		defer data.Close()
+
+		// Stream the entire contents of the container (basically a volatile snapshot)
+		if _, err := io.Copy(job.Stdout, data); err != nil {
+			return job.Errorf("%s: %s", name, err)
+		}
+		// FIXME: factor job-specific LogEvent to engine.Job.Run()
+		srv.LogEvent("export", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
+
+func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 && len(job.Args) != 2 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER [PS_ARGS]\n", job.Name)
+	}
+	var (
+		name   = job.Args[0]
+		psArgs = "-ef"
+	)
+
+	if len(job.Args) == 2 && job.Args[1] != "" {
+		psArgs = job.Args[1]
+	}
+
+	if container := srv.daemon.Get(name); container != nil {
+		if !container.State.IsRunning() {
+			return job.Errorf("Container %s is not running", name)
+		}
+		pids, err := srv.daemon.ExecutionDriver().GetPidsForContainer(container.ID)
+		if err != nil {
+			return job.Error(err)
+		}
+		output, err := exec.Command("ps", psArgs).Output()
+		if err != nil {
+			return job.Errorf("Error running ps: %s", err)
+		}
+
+		lines := strings.Split(string(output), "\n")
+		header := strings.Fields(lines[0])
+		out := &engine.Env{}
+		out.SetList("Titles", header)
+
+		pidIndex := -1
+		for i, name := range header {
+			if name == "PID" {
+				pidIndex = i
+			}
+		}
+		if pidIndex == -1 {
+			return job.Errorf("Couldn't find PID field in ps output")
+		}
+
+		processes := [][]string{}
+		for _, line := range lines[1:] {
+			if len(line) == 0 {
+				continue
+			}
+			fields := strings.Fields(line)
+			p, err := strconv.Atoi(fields[pidIndex])
+			if err != nil {
+				return job.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
+			}
+
+			for _, pid := range pids {
+				if pid == p {
+					// Make sure number of fields equals number of header titles
+					// merging "overhanging" fields
+					process := fields[:len(header)-1]
+					process = append(process, strings.Join(fields[len(header)-1:], " "))
+					processes = append(processes, process)
+				}
+			}
+		}
+		out.SetJson("Processes", processes)
+		out.WriteTo(job.Stdout)
+		return engine.StatusOK
+
+	}
+	return job.Errorf("No such container: %s", name)
+}
+
+func (srv *Server) ContainerChanges(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	if container := srv.daemon.Get(name); container != nil {
+		outs := engine.NewTable("", 0)
+		changes, err := container.Changes()
+		if err != nil {
+			return job.Error(err)
+		}
+		for _, change := range changes {
+			out := &engine.Env{}
+			if err := out.Import(change); err != nil {
+				return job.Error(err)
+			}
+			outs.Add(out)
+		}
+		if _, err := outs.WriteListTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) Containers(job *engine.Job) engine.Status {
+	var (
+		foundBefore bool
+		displayed   int
+		all         = job.GetenvBool("all")
+		since       = job.Getenv("since")
+		before      = job.Getenv("before")
+		n           = job.GetenvInt("limit")
+		size        = job.GetenvBool("size")
+	)
+	outs := engine.NewTable("Created", 0)
+
+	names := map[string][]string{}
+	srv.daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
+		names[e.ID()] = append(names[e.ID()], p)
+		return nil
+	}, -1)
+
+	var beforeCont, sinceCont *daemon.Container
+	if before != "" {
+		beforeCont = srv.daemon.Get(before)
+		if beforeCont == nil {
+			return job.Error(fmt.Errorf("Could not find container with name or id %s", before))
+		}
+	}
+
+	if since != "" {
+		sinceCont = srv.daemon.Get(since)
+		if sinceCont == nil {
+			return job.Error(fmt.Errorf("Could not find container with name or id %s", since))
+		}
+	}
+
+	errLast := errors.New("last container")
+	writeCont := func(container *daemon.Container) error {
+		container.Lock()
+		defer container.Unlock()
+		if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" {
+			return nil
+		}
+		if before != "" && !foundBefore {
+			if container.ID == beforeCont.ID {
+				foundBefore = true
+			}
+			return nil
+		}
+		if n > 0 && displayed == n {
+			return errLast
+		}
+		if since != "" {
+			if container.ID == sinceCont.ID {
+				return errLast
+			}
+		}
+		displayed++
+		out := &engine.Env{}
+		out.Set("Id", container.ID)
+		out.SetList("Names", names[container.ID])
+		out.Set("Image", srv.daemon.Repositories().ImageName(container.Image))
+		if len(container.Args) > 0 {
+			args := []string{}
+			for _, arg := range container.Args {
+				if strings.Contains(arg, " ") {
+					args = append(args, fmt.Sprintf("'%s'", arg))
+				} else {
+					args = append(args, arg)
+				}
+			}
+			argsAsString := strings.Join(args, " ")
+
+			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, argsAsString))
+		} else {
+			out.Set("Command", fmt.Sprintf("\"%s\"", container.Path))
+		}
+		out.SetInt64("Created", container.Created.Unix())
+		out.Set("Status", container.State.String())
+		str, err := container.NetworkSettings.PortMappingAPI().ToListString()
+		if err != nil {
+			return err
+		}
+		out.Set("Ports", str)
+		if size {
+			sizeRw, sizeRootFs := container.GetSize()
+			out.SetInt64("SizeRw", sizeRw)
+			out.SetInt64("SizeRootFs", sizeRootFs)
+		}
+		outs.Add(out)
+		return nil
+	}
+
+	for _, container := range srv.daemon.List() {
+		if err := writeCont(container); err != nil {
+			if err != errLast {
+				return job.Error(err)
+			}
+			break
+		}
+	}
+	outs.ReverseSort()
+	if _, err := outs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
+	}
+	name := job.Args[0]
+
+	container := srv.daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	var (
+		config    = container.Config
+		newConfig runconfig.Config
+	)
+
+	if err := job.GetenvJson("config", &newConfig); err != nil {
+		return job.Error(err)
+	}
+
+	if err := runconfig.Merge(&newConfig, config); err != nil {
+		return job.Error(err)
+	}
+
+	img, err := srv.daemon.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), job.GetenvBool("pause"), &newConfig)
+	if err != nil {
+		return job.Error(err)
+	}
+	job.Printf("%s\n", img.ID)
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
+	var name string
+	if len(job.Args) == 1 {
+		name = job.Args[0]
+	} else if len(job.Args) > 1 {
+		return job.Errorf("Usage: %s", job.Name)
+	}
+	config := runconfig.ContainerConfigFromJob(job)
+	if config.Memory != 0 && config.Memory < 524288 {
+		return job.Errorf("Minimum memory limit allowed is 512k")
+	}
+	if config.Memory > 0 && !srv.daemon.SystemConfig().MemoryLimit {
+		job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		config.Memory = 0
+	}
+	if config.Memory > 0 && !srv.daemon.SystemConfig().SwapLimit {
+		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		config.MemorySwap = -1
+	}
+	container, buildWarnings, err := srv.daemon.Create(config, name)
+	if err != nil {
+		if srv.daemon.Graph().IsNotExist(err) {
+			_, tag := parsers.ParseRepositoryTag(config.Image)
+			if tag == "" {
+				tag = graph.DEFAULTTAG
+			}
+			return job.Errorf("No such image: %s (tag: %s)", config.Image, tag)
+		}
+		return job.Error(err)
+	}
+	if !container.Config.NetworkDisabled && srv.daemon.SystemConfig().IPv4ForwardingDisabled {
+		job.Errorf("IPv4 forwarding is disabled.\n")
+	}
+	srv.LogEvent("create", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+	// FIXME: this is necessary because daemon.Create might return a nil container
+	// with a non-nil error. This should not happen! Once it's fixed we
+	// can remove this workaround.
+	if container != nil {
+		job.Printf("%s\n", container.ID)
+	}
+	for _, warning := range buildWarnings {
+		job.Errorf("%s\n", warning)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerRestart(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		t    = 10
+	)
+	if job.EnvExists("t") {
+		t = job.GetenvInt("t")
+	}
+	if container := srv.daemon.Get(name); container != nil {
+		if err := container.Restart(int(t)); err != nil {
+			return job.Errorf("Cannot restart container %s: %s\n", name, err)
+		}
+		srv.LogEvent("restart", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+	} else {
+		return job.Errorf("No such container: %s\n", name)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
+	}
+	name := job.Args[0]
+	removeVolume := job.GetenvBool("removeVolume")
+	removeLink := job.GetenvBool("removeLink")
+	stop := job.GetenvBool("stop")
+	kill := job.GetenvBool("kill")
+
+	container := srv.daemon.Get(name)
+
+	if removeLink {
+		if container == nil {
+			return job.Errorf("No such link: %s", name)
+		}
+		name, err := daemon.GetFullContainerName(name)
+		if err != nil {
+			job.Error(err)
+		}
+		parent, n := path.Split(name)
+		if parent == "/" {
+			return job.Errorf("Conflict, cannot remove the default name of the container")
+		}
+		pe := srv.daemon.ContainerGraph().Get(parent)
+		if pe == nil {
+			return job.Errorf("Cannot get parent %s for name %s", parent, name)
+		}
+		parentContainer := srv.daemon.Get(pe.ID())
+
+		if parentContainer != nil {
+			parentContainer.DisableLink(n)
+		}
+
+		if err := srv.daemon.ContainerGraph().Delete(name); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+
+	if container != nil {
+		if container.State.IsRunning() {
+			if stop {
+				if err := container.Stop(5); err != nil {
+					return job.Errorf("Could not stop running container, cannot remove - %v", err)
+				}
+			} else if kill {
+				if err := container.Kill(); err != nil {
+					return job.Errorf("Could not kill running container, cannot remove - %v", err)
+				}
+			} else {
+				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
+			}
+		}
+		if err := srv.daemon.Destroy(container); err != nil {
+			return job.Errorf("Cannot destroy container %s: %s", name, err)
+		}
+		srv.LogEvent("destroy", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+
+		if removeVolume {
+			var (
+				volumes     = make(map[string]struct{})
+				binds       = make(map[string]struct{})
+				usedVolumes = make(map[string]*daemon.Container)
+			)
+
+			// the volume id is always the base of the path
+			getVolumeId := func(p string) string {
+				return filepath.Base(strings.TrimSuffix(p, "/layer"))
+			}
+
+			// populate bind map so that they can be skipped and not removed
+			for _, bind := range container.HostConfig().Binds {
+				source := strings.Split(bind, ":")[0]
+				// TODO: refactor all volume stuff, all of it
+				// it is very important that we eval the link or comparing the keys to container.Volumes will not work
+				//
+				// eval symlink can fail, ref #5244 if we receive an is not exist error we can ignore it
+				p, err := filepath.EvalSymlinks(source)
+				if err != nil && !os.IsNotExist(err) {
+					return job.Error(err)
+				}
+				if p != "" {
+					source = p
+				}
+				binds[source] = struct{}{}
+			}
+
+			// Store all the deleted containers volumes
+			for _, volumeId := range container.Volumes {
+				// Skip the volumes mounted from external
+				// bind mounts here will will be evaluated for a symlink
+				if _, exists := binds[volumeId]; exists {
+					continue
+				}
+
+				volumeId = getVolumeId(volumeId)
+				volumes[volumeId] = struct{}{}
+			}
+
+			// Retrieve all volumes from all remaining containers
+			for _, container := range srv.daemon.List() {
+				for _, containerVolumeId := range container.Volumes {
+					containerVolumeId = getVolumeId(containerVolumeId)
+					usedVolumes[containerVolumeId] = container
+				}
+			}
+
+			for volumeId := range volumes {
+				// If the requested volu
+				if c, exists := usedVolumes[volumeId]; exists {
+					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
+					continue
+				}
+				if err := srv.daemon.Volumes().Delete(volumeId); err != nil {
+					return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err)
+				}
+			}
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) setHostConfig(container *daemon.Container, hostConfig *runconfig.HostConfig) error {
+	// Validate the HostConfig binds. Make sure that:
+	// the source exists
+	for _, bind := range hostConfig.Binds {
+		splitBind := strings.Split(bind, ":")
+		source := splitBind[0]
+
+		// ensure the source exists on the host
+		_, err := os.Stat(source)
+		if err != nil && os.IsNotExist(err) {
+			err = os.MkdirAll(source, 0755)
+			if err != nil {
+				return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
+			}
+		}
+	}
+	// Register any links from the host config before starting the container
+	if err := srv.daemon.RegisterLinks(container, hostConfig); err != nil {
+		return err
+	}
+	container.SetHostConfig(hostConfig)
+	container.ToDisk()
+
+	return nil
+}
+
+func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
+	if len(job.Args) < 1 {
+		return job.Errorf("Usage: %s container_id", job.Name)
+	}
+	var (
+		name      = job.Args[0]
+		daemon    = srv.daemon
+		container = daemon.Get(name)
+	)
+
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	if container.State.IsRunning() {
+		return job.Errorf("Container already started")
+	}
+
+	// If no environment was set, then no hostconfig was passed.
+	if len(job.Environ()) > 0 {
+		hostConfig := runconfig.ContainerHostConfigFromJob(job)
+		if err := srv.setHostConfig(container, hostConfig); err != nil {
+			return job.Error(err)
+		}
+	}
+	if err := container.Start(); err != nil {
+		return job.Errorf("Cannot start container %s: %s", name, err)
+	}
+	srv.LogEvent("start", container.ID, daemon.Repositories().ImageName(container.Image))
+
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerStop(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		t    = 10
+	)
+	if job.EnvExists("t") {
+		t = job.GetenvInt("t")
+	}
+	if container := srv.daemon.Get(name); container != nil {
+		if !container.State.IsRunning() {
+			return job.Errorf("Container already stopped")
+		}
+		if err := container.Stop(int(t)); err != nil {
+			return job.Errorf("Cannot stop container %s: %s\n", name, err)
+		}
+		srv.LogEvent("stop", container.ID, srv.daemon.Repositories().ImageName(container.Image))
+	} else {
+		return job.Errorf("No such container: %s\n", name)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerWait(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s", job.Name)
+	}
+	name := job.Args[0]
+	if container := srv.daemon.Get(name); container != nil {
+		status, _ := container.State.WaitStop(-1 * time.Second)
+		job.Printf("%d\n", status)
+		return engine.StatusOK
+	}
+	return job.Errorf("%s: no such container: %s", job.Name, name)
+}
+
+func (srv *Server) ContainerResize(job *engine.Job) engine.Status {
+	if len(job.Args) != 3 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER HEIGHT WIDTH\n", job.Name)
+	}
+	name := job.Args[0]
+	height, err := strconv.Atoi(job.Args[1])
+	if err != nil {
+		return job.Error(err)
+	}
+	width, err := strconv.Atoi(job.Args[2])
+	if err != nil {
+		return job.Error(err)
+	}
+	if container := srv.daemon.Get(name); container != nil {
+		if err := container.Resize(height, width); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
+
+func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+
+	var (
+		name   = job.Args[0]
+		stdout = job.GetenvBool("stdout")
+		stderr = job.GetenvBool("stderr")
+		tail   = job.Getenv("tail")
+		follow = job.GetenvBool("follow")
+		times  = job.GetenvBool("timestamps")
+		lines  = -1
+		format string
+	)
+	if !(stdout || stderr) {
+		return job.Errorf("You must choose at least one stream")
+	}
+	if times {
+		format = time.RFC3339Nano
+	}
+	if tail == "" {
+		tail = "all"
+	}
+	container := srv.daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	cLog, err := container.ReadLog("json")
+	if err != nil && os.IsNotExist(err) {
+		// Legacy logs
+		utils.Debugf("Old logs format")
+		if stdout {
+			cLog, err := container.ReadLog("stdout")
+			if err != nil {
+				utils.Errorf("Error reading logs (stdout): %s", err)
+			} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
+				utils.Errorf("Error streaming logs (stdout): %s", err)
+			}
+		}
+		if stderr {
+			cLog, err := container.ReadLog("stderr")
+			if err != nil {
+				utils.Errorf("Error reading logs (stderr): %s", err)
+			} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
+				utils.Errorf("Error streaming logs (stderr): %s", err)
+			}
+		}
+	} else if err != nil {
+		utils.Errorf("Error reading logs (json): %s", err)
+	} else {
+		if tail != "all" {
+			var err error
+			lines, err = strconv.Atoi(tail)
+			if err != nil {
+				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", err)
+				lines = -1
+			}
+		}
+		if lines != 0 {
+			if lines > 0 {
+				f := cLog.(*os.File)
+				ls, err := tailfile.TailFile(f, lines)
+				if err != nil {
+					return job.Error(err)
+				}
+				tmp := bytes.NewBuffer([]byte{})
+				for _, l := range ls {
+					fmt.Fprintf(tmp, "%s\n", l)
+				}
+				cLog = tmp
+			}
+			dec := json.NewDecoder(cLog)
+			for {
+				l := &utils.JSONLog{}
+
+				if err := dec.Decode(l); err == io.EOF {
+					break
+				} else if err != nil {
+					utils.Errorf("Error streaming logs: %s", err)
+					break
+				}
+				logLine := l.Log
+				if times {
+					logLine = fmt.Sprintf("%s %s", l.Created.Format(format), logLine)
+				}
+				if l.Stream == "stdout" && stdout {
+					fmt.Fprintf(job.Stdout, "%s", logLine)
+				}
+				if l.Stream == "stderr" && stderr {
+					fmt.Fprintf(job.Stderr, "%s", logLine)
+				}
+			}
+		}
+	}
+	if follow {
+		errors := make(chan error, 2)
+		if stdout {
+			stdoutPipe := container.StdoutLogPipe()
+			go func() {
+				errors <- utils.WriteLog(stdoutPipe, job.Stdout, format)
+			}()
+		}
+		if stderr {
+			stderrPipe := container.StderrLogPipe()
+			go func() {
+				errors <- utils.WriteLog(stderrPipe, job.Stderr, format)
+			}()
+		}
+		err := <-errors
+		if err != nil {
+			utils.Errorf("%s", err)
+		}
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerAttach(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+
+	var (
+		name   = job.Args[0]
+		logs   = job.GetenvBool("logs")
+		stream = job.GetenvBool("stream")
+		stdin  = job.GetenvBool("stdin")
+		stdout = job.GetenvBool("stdout")
+		stderr = job.GetenvBool("stderr")
+	)
+
+	container := srv.daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	//logs
+	if logs {
+		cLog, err := container.ReadLog("json")
+		if err != nil && os.IsNotExist(err) {
+			// Legacy logs
+			utils.Debugf("Old logs format")
+			if stdout {
+				cLog, err := container.ReadLog("stdout")
+				if err != nil {
+					utils.Errorf("Error reading logs (stdout): %s", err)
+				} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
+					utils.Errorf("Error streaming logs (stdout): %s", err)
+				}
+			}
+			if stderr {
+				cLog, err := container.ReadLog("stderr")
+				if err != nil {
+					utils.Errorf("Error reading logs (stderr): %s", err)
+				} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
+					utils.Errorf("Error streaming logs (stderr): %s", err)
+				}
+			}
+		} else if err != nil {
+			utils.Errorf("Error reading logs (json): %s", err)
+		} else {
+			dec := json.NewDecoder(cLog)
+			for {
+				l := &utils.JSONLog{}
+
+				if err := dec.Decode(l); err == io.EOF {
+					break
+				} else if err != nil {
+					utils.Errorf("Error streaming logs: %s", err)
+					break
+				}
+				if l.Stream == "stdout" && stdout {
+					fmt.Fprintf(job.Stdout, "%s", l.Log)
+				}
+				if l.Stream == "stderr" && stderr {
+					fmt.Fprintf(job.Stderr, "%s", l.Log)
+				}
+			}
+		}
+	}
+
+	//stream
+	if stream {
+		var (
+			cStdin           io.ReadCloser
+			cStdout, cStderr io.Writer
+			cStdinCloser     io.Closer
+		)
+
+		if stdin {
+			r, w := io.Pipe()
+			go func() {
+				defer w.Close()
+				defer utils.Debugf("Closing buffered stdin pipe")
+				io.Copy(w, job.Stdin)
+			}()
+			cStdin = r
+			cStdinCloser = job.Stdin
+		}
+		if stdout {
+			cStdout = job.Stdout
+		}
+		if stderr {
+			cStderr = job.Stderr
+		}
+
+		<-srv.daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr)
+
+		// If we are in stdinonce mode, wait for the process to end
+		// otherwise, simply return
+		if container.Config.StdinOnce && !container.Config.Tty {
+			container.State.WaitStop(-1 * time.Second)
+		}
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
+	if len(job.Args) != 2 {
+		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
+	}
+
+	var (
+		name     = job.Args[0]
+		resource = job.Args[1]
+	)
+
+	if container := srv.daemon.Get(name); container != nil {
+
+		data, err := container.Copy(resource)
+		if err != nil {
+			return job.Error(err)
+		}
+		defer data.Close()
+
+		if _, err := io.Copy(job.Stdout, data); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
diff --git a/components/engine/server/events.go b/components/engine/server/events.go
new file mode 100644
index 0000000000..0f13d0885e
--- /dev/null
+++ b/components/engine/server/events.go
@@ -0,0 +1,98 @@
+// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
+//
+// For additional commments see server/server.go
+//
+package server
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+func (srv *Server) Events(job *engine.Job) engine.Status {
+	if len(job.Args) != 0 {
+		return job.Errorf("Usage: %s", job.Name)
+	}
+
+	var (
+		since   = job.GetenvInt64("since")
+		until   = job.GetenvInt64("until")
+		timeout = time.NewTimer(time.Unix(until, 0).Sub(time.Now()))
+	)
+
+	// If no until, disable timeout
+	if until == 0 {
+		timeout.Stop()
+	}
+
+	listener := make(chan utils.JSONMessage)
+	srv.eventPublisher.Subscribe(listener)
+	defer srv.eventPublisher.Unsubscribe(listener)
+
+	// When sending an event JSON serialization errors are ignored, but all
+	// other errors lead to the eviction of the listener.
+	sendEvent := func(event *utils.JSONMessage) error {
+		if b, err := json.Marshal(event); err == nil {
+			if _, err = job.Stdout.Write(b); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+
+	job.Stdout.Write(nil)
+
+	// Resend every event in the [since, until] time interval.
+	if since != 0 {
+		for _, event := range srv.GetEvents() {
+			if event.Time >= since && (event.Time <= until || until == 0) {
+				if err := sendEvent(&event); err != nil {
+					return job.Error(err)
+				}
+			}
+		}
+	}
+
+	for {
+		select {
+		case event, ok := <-listener:
+			if !ok {
+				return engine.StatusOK
+			}
+			if err := sendEvent(&event); err != nil {
+				return job.Error(err)
+			}
+		case <-timeout.C:
+			return engine.StatusOK
+		}
+	}
+}
+
+func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage {
+	now := time.Now().UTC().Unix()
+	jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now}
+	srv.AddEvent(jm)
+	srv.eventPublisher.Publish(jm)
+	return &jm
+}
+
+func (srv *Server) AddEvent(jm utils.JSONMessage) {
+	srv.Lock()
+	if len(srv.events) == cap(srv.events) {
+		// discard oldest event
+		copy(srv.events, srv.events[1:])
+		srv.events[len(srv.events)-1] = jm
+	} else {
+		srv.events = append(srv.events, jm)
+	}
+	srv.Unlock()
+}
+
+func (srv *Server) GetEvents() []utils.JSONMessage {
+	srv.RLock()
+	defer srv.RUnlock()
+	return srv.events
+}
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
new file mode 100644
index 0000000000..acc8794985
--- /dev/null
+++ b/components/engine/server/image.go
@@ -0,0 +1,1274 @@
+// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
+//
+// For additional commments see server/server.go
+//
+package server
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+// ImageExport exports all images with the given tag. All versions
+// containing the same tag are exported. The resulting output is an
+// uncompressed tar ball.
+// name is the set of tags to export.
+// out is the writer where the images are written to.
+func (srv *Server) ImageExport(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s IMAGE\n", job.Name)
+	}
+	name := job.Args[0]
+	// get image json
+	tempdir, err := ioutil.TempDir("", "docker-export-")
+	if err != nil {
+		return job.Error(err)
+	}
+	defer os.RemoveAll(tempdir)
+
+	utils.Debugf("Serializing %s", name)
+
+	rootRepoMap := map[string]graph.Repository{}
+	rootRepo, err := srv.daemon.Repositories().Get(name)
+	if err != nil {
+		return job.Error(err)
+	}
+	if rootRepo != nil {
+		// this is a base repo name, like 'busybox'
+
+		for _, id := range rootRepo {
+			if err := srv.exportImage(job.Eng, id, tempdir); err != nil {
+				return job.Error(err)
+			}
+		}
+		rootRepoMap[name] = rootRepo
+	} else {
+		img, err := srv.daemon.Repositories().LookupImage(name)
+		if err != nil {
+			return job.Error(err)
+		}
+		if img != nil {
+			// This is a named image like 'busybox:latest'
+			repoName, repoTag := parsers.ParseRepositoryTag(name)
+			if err := srv.exportImage(job.Eng, img.ID, tempdir); err != nil {
+				return job.Error(err)
+			}
+			// check this length, because a lookup of a truncated has will not have a tag
+			// and will not need to be added to this map
+			if len(repoTag) > 0 {
+				rootRepoMap[repoName] = graph.Repository{repoTag: img.ID}
+			}
+		} else {
+			// this must be an ID that didn't get looked up just right?
+			if err := srv.exportImage(job.Eng, name, tempdir); err != nil {
+				return job.Error(err)
+			}
+		}
+	}
+	// write repositories, if there is something to write
+	if len(rootRepoMap) > 0 {
+		rootRepoJson, _ := json.Marshal(rootRepoMap)
+
+		if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil {
+			return job.Error(err)
+		}
+	} else {
+		utils.Debugf("There were no repositories to write")
+	}
+
+	fs, err := archive.Tar(tempdir, archive.Uncompressed)
+	if err != nil {
+		return job.Error(err)
+	}
+	defer fs.Close()
+
+	if _, err := io.Copy(job.Stdout, fs); err != nil {
+		return job.Error(err)
+	}
+	utils.Debugf("End Serializing %s", name)
+	return engine.StatusOK
+}
+
+func (srv *Server) exportImage(eng *engine.Engine, name, tempdir string) error {
+	for n := name; n != ""; {
+		// temporary directory
+		tmpImageDir := path.Join(tempdir, n)
+		if err := os.Mkdir(tmpImageDir, os.FileMode(0755)); err != nil {
+			if os.IsExist(err) {
+				return nil
+			}
+			return err
+		}
+
+		var version = "1.0"
+		var versionBuf = []byte(version)
+
+		if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.FileMode(0644)); err != nil {
+			return err
+		}
+
+		// serialize json
+		json, err := os.Create(path.Join(tmpImageDir, "json"))
+		if err != nil {
+			return err
+		}
+		job := eng.Job("image_inspect", n)
+		job.SetenvBool("raw", true)
+		job.Stdout.Add(json)
+		if err := job.Run(); err != nil {
+			return err
+		}
+
+		// serialize filesystem
+		fsTar, err := os.Create(path.Join(tmpImageDir, "layer.tar"))
+		if err != nil {
+			return err
+		}
+		job = eng.Job("image_tarlayer", n)
+		job.Stdout.Add(fsTar)
+		if err := job.Run(); err != nil {
+			return err
+		}
+
+		// find parent
+		job = eng.Job("image_get", n)
+		info, _ := job.Stdout.AddEnv()
+		if err := job.Run(); err != nil {
+			return err
+		}
+		n = info.Get("Parent")
+	}
+	return nil
+}
+
+func (srv *Server) Build(job *engine.Job) engine.Status {
+	if len(job.Args) != 0 {
+		return job.Errorf("Usage: %s\n", job.Name)
+	}
+	var (
+		remoteURL      = job.Getenv("remote")
+		repoName       = job.Getenv("t")
+		suppressOutput = job.GetenvBool("q")
+		noCache        = job.GetenvBool("nocache")
+		rm             = job.GetenvBool("rm")
+		forceRm        = job.GetenvBool("forcerm")
+		authConfig     = &registry.AuthConfig{}
+		configFile     = &registry.ConfigFile{}
+		tag            string
+		context        io.ReadCloser
+	)
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("configFile", configFile)
+	repoName, tag = parsers.ParseRepositoryTag(repoName)
+
+	if remoteURL == "" {
+		context = ioutil.NopCloser(job.Stdin)
+	} else if utils.IsGIT(remoteURL) {
+		if !strings.HasPrefix(remoteURL, "git://") {
+			remoteURL = "https://" + remoteURL
+		}
+		root, err := ioutil.TempDir("", "docker-build-git")
+		if err != nil {
+			return job.Error(err)
+		}
+		defer os.RemoveAll(root)
+
+		if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
+			return job.Errorf("Error trying to use git: %s (%s)", err, output)
+		}
+
+		c, err := archive.Tar(root, archive.Uncompressed)
+		if err != nil {
+			return job.Error(err)
+		}
+		context = c
+	} else if utils.IsURL(remoteURL) {
+		f, err := utils.Download(remoteURL)
+		if err != nil {
+			return job.Error(err)
+		}
+		defer f.Body.Close()
+		dockerFile, err := ioutil.ReadAll(f.Body)
+		if err != nil {
+			return job.Error(err)
+		}
+		c, err := archive.Generate("Dockerfile", string(dockerFile))
+		if err != nil {
+			return job.Error(err)
+		}
+		context = c
+	}
+	defer context.Close()
+
+	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
+	b := builder.NewBuildFile(srv.daemon, srv.Eng,
+		&utils.StdoutFormater{
+			Writer:          job.Stdout,
+			StreamFormatter: sf,
+		},
+		&utils.StderrFormater{
+			Writer:          job.Stdout,
+			StreamFormatter: sf,
+		},
+		!suppressOutput, !noCache, rm, forceRm, job.Stdout, sf, authConfig, configFile)
+	id, err := b.Build(context)
+	if err != nil {
+		return job.Error(err)
+	}
+	if repoName != "" {
+		srv.daemon.Repositories().Set(repoName, tag, id, false)
+	}
+	return engine.StatusOK
+}
+
+// Loads a set of images into the repository. This is the complementary of ImageExport.
+// The input stream is an uncompressed tar ball containing images and metadata.
+func (srv *Server) ImageLoad(job *engine.Job) engine.Status {
+	tmpImageDir, err := ioutil.TempDir("", "docker-import-")
+	if err != nil {
+		return job.Error(err)
+	}
+	defer os.RemoveAll(tmpImageDir)
+
+	var (
+		repoTarFile = path.Join(tmpImageDir, "repo.tar")
+		repoDir     = path.Join(tmpImageDir, "repo")
+	)
+
+	tarFile, err := os.Create(repoTarFile)
+	if err != nil {
+		return job.Error(err)
+	}
+	if _, err := io.Copy(tarFile, job.Stdin); err != nil {
+		return job.Error(err)
+	}
+	tarFile.Close()
+
+	repoFile, err := os.Open(repoTarFile)
+	if err != nil {
+		return job.Error(err)
+	}
+	if err := os.Mkdir(repoDir, os.ModeDir); err != nil {
+		return job.Error(err)
+	}
+	if err := archive.Untar(repoFile, repoDir, nil); err != nil {
+		return job.Error(err)
+	}
+
+	dirs, err := ioutil.ReadDir(repoDir)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	for _, d := range dirs {
+		if d.IsDir() {
+			if err := srv.recursiveLoad(job.Eng, d.Name(), tmpImageDir); err != nil {
+				return job.Error(err)
+			}
+		}
+	}
+
+	repositoriesJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", "repositories"))
+	if err == nil {
+		repositories := map[string]graph.Repository{}
+		if err := json.Unmarshal(repositoriesJson, &repositories); err != nil {
+			return job.Error(err)
+		}
+
+		for imageName, tagMap := range repositories {
+			for tag, address := range tagMap {
+				if err := srv.daemon.Repositories().Set(imageName, tag, address, true); err != nil {
+					return job.Error(err)
+				}
+			}
+		}
+	} else if !os.IsNotExist(err) {
+		return job.Error(err)
+	}
+
+	return engine.StatusOK
+}
+
+func (srv *Server) recursiveLoad(eng *engine.Engine, address, tmpImageDir string) error {
+	if err := eng.Job("image_get", address).Run(); err != nil {
+		utils.Debugf("Loading %s", address)
+
+		imageJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", address, "json"))
+		if err != nil {
+			utils.Debugf("Error reading json", err)
+			return err
+		}
+
+		layer, err := os.Open(path.Join(tmpImageDir, "repo", address, "layer.tar"))
+		if err != nil {
+			utils.Debugf("Error reading embedded tar", err)
+			return err
+		}
+		img, err := image.NewImgJSON(imageJson)
+		if err != nil {
+			utils.Debugf("Error unmarshalling json", err)
+			return err
+		}
+		if img.Parent != "" {
+			if !srv.daemon.Graph().Exists(img.Parent) {
+				if err := srv.recursiveLoad(eng, img.Parent, tmpImageDir); err != nil {
+					return err
+				}
+			}
+		}
+		if err := srv.daemon.Graph().Register(imageJson, layer, img); err != nil {
+			return err
+		}
+	}
+	utils.Debugf("Completed processing %s", address)
+
+	return nil
+}
+
+func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
+	images, _ := srv.daemon.Graph().Map()
+	if images == nil {
+		return engine.StatusOK
+	}
+	job.Stdout.Write([]byte("digraph docker {\n"))
+
+	var (
+		parentImage *image.Image
+		err         error
+	)
+	for _, image := range images {
+		parentImage, err = image.GetParent()
+		if err != nil {
+			return job.Errorf("Error while getting parent image: %v", err)
+		}
+		if parentImage != nil {
+			job.Stdout.Write([]byte(" \"" + parentImage.ID + "\" -> \"" + image.ID + "\"\n"))
+		} else {
+			job.Stdout.Write([]byte(" base -> \"" + image.ID + "\" [style=invis]\n"))
+		}
+	}
+
+	for id, repos := range srv.daemon.Repositories().GetRepoRefs() {
+		job.Stdout.Write([]byte(" \"" + id + "\" [label=\"" + id + "\\n" + strings.Join(repos, "\\n") + "\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n"))
+	}
+	job.Stdout.Write([]byte(" base [style=invisible]\n}\n"))
+	return engine.StatusOK
+}
+
+func (srv *Server) Images(job *engine.Job) engine.Status {
+	var (
+		allImages   map[string]*image.Image
+		err         error
+		filt_tagged = true
+	)
+
+	imageFilters, err := filters.FromParam(job.Getenv("filters"))
+	if err != nil {
+		return job.Error(err)
+	}
+	if i, ok := imageFilters["dangling"]; ok {
+		for _, value := range i {
+			if strings.ToLower(value) == "true" {
+				filt_tagged = false
+			}
+		}
+	}
+
+	if job.GetenvBool("all") && filt_tagged {
+		allImages, err = srv.daemon.Graph().Map()
+	} else {
+		allImages, err = srv.daemon.Graph().Heads()
+	}
+	if err != nil {
+		return job.Error(err)
+	}
+	lookup := make(map[string]*engine.Env)
+	srv.daemon.Repositories().Lock()
+	for name, repository := range srv.daemon.Repositories().Repositories {
+		if job.Getenv("filter") != "" {
+			if match, _ := path.Match(job.Getenv("filter"), name); !match {
+				continue
+			}
+		}
+		for tag, id := range repository {
+			image, err := srv.daemon.Graph().Get(id)
+			if err != nil {
+				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+				continue
+			}
+
+			if out, exists := lookup[id]; exists {
+				if filt_tagged {
+					out.SetList("RepoTags", append(out.GetList("RepoTags"), fmt.Sprintf("%s:%s", name, tag)))
+				}
+			} else {
+				// get the boolean list for if only the untagged images are requested
+				delete(allImages, id)
+				if filt_tagged {
+					out := &engine.Env{}
+					out.Set("ParentId", image.Parent)
+					out.SetList("RepoTags", []string{fmt.Sprintf("%s:%s", name, tag)})
+					out.Set("Id", image.ID)
+					out.SetInt64("Created", image.Created.Unix())
+					out.SetInt64("Size", image.Size)
+					out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
+					lookup[id] = out
+				}
+			}
+
+		}
+	}
+	srv.daemon.Repositories().Unlock()
+
+	outs := engine.NewTable("Created", len(lookup))
+	for _, value := range lookup {
+		outs.Add(value)
+	}
+
+	// Display images which aren't part of a repository/tag
+	if job.Getenv("filter") == "" {
+		for _, image := range allImages {
+			out := &engine.Env{}
+			out.Set("ParentId", image.Parent)
+			out.SetList("RepoTags", []string{"<none>:<none>"})
+			out.Set("Id", image.ID)
+			out.SetInt64("Created", image.Created.Unix())
+			out.SetInt64("Size", image.Size)
+			out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
+			outs.Add(out)
+		}
+	}
+
+	outs.ReverseSort()
+	if _, err := outs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	name := job.Args[0]
+	foundImage, err := srv.daemon.Repositories().LookupImage(name)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	lookupMap := make(map[string][]string)
+	for name, repository := range srv.daemon.Repositories().Repositories {
+		for tag, id := range repository {
+			// If the ID already has a reverse lookup, do not update it unless for "latest"
+			if _, exists := lookupMap[id]; !exists {
+				lookupMap[id] = []string{}
+			}
+			lookupMap[id] = append(lookupMap[id], name+":"+tag)
+		}
+	}
+
+	outs := engine.NewTable("Created", 0)
+	err = foundImage.WalkHistory(func(img *image.Image) error {
+		out := &engine.Env{}
+		out.Set("Id", img.ID)
+		out.SetInt64("Created", img.Created.Unix())
+		out.Set("CreatedBy", strings.Join(img.ContainerConfig.Cmd, " "))
+		out.SetList("Tags", lookupMap[img.ID])
+		out.SetInt64("Size", img.Size)
+		outs.Add(out)
+		return nil
+	})
+	if _, err := outs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+func (srv *Server) ImageTag(job *engine.Job) engine.Status {
+	if len(job.Args) != 2 && len(job.Args) != 3 {
+		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
+	}
+	var tag string
+	if len(job.Args) == 3 {
+		tag = job.Args[2]
+	}
+	if err := srv.daemon.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
+	history, err := r.GetRemoteHistory(imgID, endpoint, token)
+	if err != nil {
+		return err
+	}
+	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pulling dependent layers", nil))
+	// FIXME: Try to stream the images?
+	// FIXME: Launch the getRemoteImage() in goroutines
+
+	for i := len(history) - 1; i >= 0; i-- {
+		id := history[i]
+
+		// ensure no two downloads of the same layer happen at the same time
+		if c, err := srv.poolAdd("pull", "layer:"+id); err != nil {
+			utils.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
+			<-c
+		}
+		defer srv.poolRemove("pull", "layer:"+id)
+
+		if !srv.daemon.Graph().Exists(id) {
+			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
+			var (
+				imgJSON []byte
+				imgSize int
+				err     error
+				img     *image.Image
+			)
+			retries := 5
+			for j := 1; j <= retries; j++ {
+				imgJSON, imgSize, err = r.GetRemoteImageJSON(id, endpoint, token)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return err
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				}
+				img, err = image.NewImgJSON(imgJSON)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return fmt.Errorf("Failed to parse json: %s", err)
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else {
+					break
+				}
+			}
+
+			for j := 1; j <= retries; j++ {
+				// Get the layer
+				status := "Pulling fs layer"
+				if j > 1 {
+					status = fmt.Sprintf("Pulling fs layer [retries: %d]", j)
+				}
+				out.Write(sf.FormatProgress(utils.TruncateID(id), status, nil))
+				layer, err := r.GetRemoteImageLayer(img.ID, endpoint, token, int64(imgSize))
+				if uerr, ok := err.(*url.Error); ok {
+					err = uerr.Err
+				}
+				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else if err != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return err
+				}
+				defer layer.Close()
+
+				err = srv.daemon.Graph().Register(imgJSON,
+					utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"),
+					img)
+				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else if err != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil))
+					return err
+				} else {
+					break
+				}
+			}
+		}
+		out.Write(sf.FormatProgress(utils.TruncateID(id), "Download complete", nil))
+
+	}
+	return nil
+}
+
+func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
+	out.Write(sf.FormatStatus("", "Pulling repository %s", localName))
+
+	repoData, err := r.GetRepositoryData(remoteName)
+	if err != nil {
+		if strings.Contains(err.Error(), "HTTP code: 404") {
+			return fmt.Errorf("Error: image %s not found", remoteName)
+		} else {
+			// Unexpected HTTP error
+			return err
+		}
+	}
+
+	utils.Debugf("Retrieving the tag list")
+	tagsList, err := r.GetRemoteTags(repoData.Endpoints, remoteName, repoData.Tokens)
+	if err != nil {
+		utils.Errorf("%v", err)
+		return err
+	}
+
+	for tag, id := range tagsList {
+		repoData.ImgList[id] = &registry.ImgData{
+			ID:       id,
+			Tag:      tag,
+			Checksum: "",
+		}
+	}
+
+	utils.Debugf("Registering tags")
+	// If no tag has been specified, pull them all
+	if askedTag == "" {
+		for tag, id := range tagsList {
+			repoData.ImgList[id].Tag = tag
+		}
+	} else {
+		// Otherwise, check that the tag exists and use only that one
+		id, exists := tagsList[askedTag]
+		if !exists {
+			return fmt.Errorf("Tag %s not found in repository %s", askedTag, localName)
+		}
+		repoData.ImgList[id].Tag = askedTag
+	}
+
+	errors := make(chan error)
+	for _, image := range repoData.ImgList {
+		downloadImage := func(img *registry.ImgData) {
+			if askedTag != "" && img.Tag != askedTag {
+				utils.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+
+			if img.Tag == "" {
+				utils.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+
+			// ensure no two downloads of the same image happen at the same time
+			if c, err := srv.poolAdd("pull", "img:"+img.ID); err != nil {
+				if c != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Layer already being pulled by another client. Waiting.", nil))
+					<-c
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
+				} else {
+					utils.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
+				}
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+			defer srv.poolRemove("pull", "img:"+img.ID)
+
+			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s", img.Tag, localName), nil))
+			success := false
+			var lastErr error
+			for _, ep := range repoData.Endpoints {
+				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, endpoint: %s", img.Tag, localName, ep), nil))
+				if err := srv.pullImage(r, out, img.ID, ep, repoData.Tokens, sf); err != nil {
+					// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
+					// As the error is also given to the output stream the user will see the error.
+					lastErr = err
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, localName, ep, err), nil))
+					continue
+				}
+				success = true
+				break
+			}
+			if !success {
+				err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, localName, lastErr)
+				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), err.Error(), nil))
+				if parallel {
+					errors <- err
+					return
+				}
+			}
+			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
+
+			if parallel {
+				errors <- nil
+			}
+		}
+
+		if parallel {
+			go downloadImage(image)
+		} else {
+			downloadImage(image)
+		}
+	}
+	if parallel {
+		var lastError error
+		for i := 0; i < len(repoData.ImgList); i++ {
+			if err := <-errors; err != nil {
+				lastError = err
+			}
+		}
+		if lastError != nil {
+			return lastError
+		}
+
+	}
+	for tag, id := range tagsList {
+		if askedTag != "" && tag != askedTag {
+			continue
+		}
+		if err := srv.daemon.Repositories().Set(localName, tag, id, true); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (srv *Server) ImagePull(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 && n != 2 {
+		return job.Errorf("Usage: %s IMAGE [TAG]", job.Name)
+	}
+	var (
+		localName   = job.Args[0]
+		tag         string
+		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
+		authConfig  = &registry.AuthConfig{}
+		metaHeaders map[string][]string
+	)
+	if len(job.Args) > 1 {
+		tag = job.Args[1]
+	}
+
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("metaHeaders", &metaHeaders)
+
+	c, err := srv.poolAdd("pull", localName+":"+tag)
+	if err != nil {
+		if c != nil {
+			// Another pull of the same repository is already taking place; just wait for it to finish
+			job.Stdout.Write(sf.FormatStatus("", "Repository %s already being pulled by another client. Waiting.", localName))
+			<-c
+			return engine.StatusOK
+		}
+		return job.Error(err)
+	}
+	defer srv.poolRemove("pull", localName+":"+tag)
+
+	// Resolve the Repository name from fqn to endpoint + name
+	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	r, err := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	if endpoint == registry.IndexServerAddress() {
+		// If pull "index.docker.io/foo/bar", it's stored locally under "foo/bar"
+		localName = remoteName
+	}
+
+	if err = srv.pullRepository(r, job.Stdout, localName, remoteName, tag, sf, job.GetenvBool("parallel")); err != nil {
+		return job.Error(err)
+	}
+
+	return engine.StatusOK
+}
+
+// Retrieve the all the images to be uploaded in the correct order
+func (srv *Server) getImageList(localRepo map[string]string, requestedTag string) ([]string, map[string][]string, error) {
+	var (
+		imageList   []string
+		imagesSeen  map[string]bool     = make(map[string]bool)
+		tagsByImage map[string][]string = make(map[string][]string)
+	)
+
+	for tag, id := range localRepo {
+		if requestedTag != "" && requestedTag != tag {
+			continue
+		}
+		var imageListForThisTag []string
+
+		tagsByImage[id] = append(tagsByImage[id], tag)
+
+		for img, err := srv.daemon.Graph().Get(id); img != nil; img, err = img.GetParent() {
+			if err != nil {
+				return nil, nil, err
+			}
+
+			if imagesSeen[img.ID] {
+				// This image is already on the list, we can ignore it and all its parents
+				break
+			}
+
+			imagesSeen[img.ID] = true
+			imageListForThisTag = append(imageListForThisTag, img.ID)
+		}
+
+		// reverse the image list for this tag (so the "most"-parent image is first)
+		for i, j := 0, len(imageListForThisTag)-1; i < j; i, j = i+1, j-1 {
+			imageListForThisTag[i], imageListForThisTag[j] = imageListForThisTag[j], imageListForThisTag[i]
+		}
+
+		// append to main image list
+		imageList = append(imageList, imageListForThisTag...)
+	}
+	if len(imageList) == 0 {
+		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
+	}
+	utils.Debugf("Image list: %v", imageList)
+	utils.Debugf("Tags by image: %v", tagsByImage)
+
+	return imageList, tagsByImage, nil
+}
+
+func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
+	out = utils.NewWriteFlusher(out)
+	utils.Debugf("Local repo: %s", localRepo)
+	imgList, tagsByImage, err := srv.getImageList(localRepo, tag)
+	if err != nil {
+		return err
+	}
+
+	out.Write(sf.FormatStatus("", "Sending image list"))
+
+	var (
+		repoData   *registry.RepositoryData
+		imageIndex []*registry.ImgData
+	)
+
+	for _, imgId := range imgList {
+		if tags, exists := tagsByImage[imgId]; exists {
+			// If an image has tags you must add an entry in the image index
+			// for each tag
+			for _, tag := range tags {
+				imageIndex = append(imageIndex, &registry.ImgData{
+					ID:  imgId,
+					Tag: tag,
+				})
+			}
+		} else {
+			// If the image does not have a tag it still needs to be sent to the
+			// registry with an empty tag so that it is accociated with the repository
+			imageIndex = append(imageIndex, &registry.ImgData{
+				ID:  imgId,
+				Tag: "",
+			})
+
+		}
+	}
+
+	utils.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
+	for _, data := range imageIndex {
+		utils.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
+	}
+
+	// Register all the images in a repository with the registry
+	// If an image is not in this list it will not be associated with the repository
+	repoData, err = r.PushImageJSONIndex(remoteName, imageIndex, false, nil)
+	if err != nil {
+		return err
+	}
+
+	nTag := 1
+	if tag == "" {
+		nTag = len(localRepo)
+	}
+	for _, ep := range repoData.Endpoints {
+		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, nTag))
+
+		for _, imgId := range imgList {
+			if r.LookupRemoteImage(imgId, ep, repoData.Tokens) {
+				out.Write(sf.FormatStatus("", "Image %s already pushed, skipping", utils.TruncateID(imgId)))
+			} else {
+				if _, err := srv.pushImage(r, out, remoteName, imgId, ep, repoData.Tokens, sf); err != nil {
+					// FIXME: Continue on error?
+					return err
+				}
+			}
+
+			for _, tag := range tagsByImage[imgId] {
+				out.Write(sf.FormatStatus("", "Pushing tag for rev [%s] on {%s}", utils.TruncateID(imgId), ep+"repositories/"+remoteName+"/tags/"+tag))
+
+				if err := r.PushRegistryTag(remoteName, imgId, tag, ep, repoData.Tokens); err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	if _, err := r.PushImageJSONIndex(remoteName, imageIndex, true, repoData.Endpoints); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
+	out = utils.NewWriteFlusher(out)
+	jsonRaw, err := ioutil.ReadFile(path.Join(srv.daemon.Graph().Root, imgID, "json"))
+	if err != nil {
+		return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err)
+	}
+	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pushing", nil))
+
+	imgData := &registry.ImgData{
+		ID: imgID,
+	}
+
+	// Send the json
+	if err := r.PushImageJSONRegistry(imgData, jsonRaw, ep, token); err != nil {
+		if err == registry.ErrAlreadyExists {
+			out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image already pushed, skipping", nil))
+			return "", nil
+		}
+		return "", err
+	}
+
+	layerData, err := srv.daemon.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out)
+	if err != nil {
+		return "", fmt.Errorf("Failed to generate layer archive: %s", err)
+	}
+	defer os.RemoveAll(layerData.Name())
+
+	// Send the layer
+	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
+
+	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
+	if err != nil {
+		return "", err
+	}
+	imgData.Checksum = checksum
+	imgData.ChecksumPayload = checksumPayload
+	// Send the checksum
+	if err := r.PushImageChecksumRegistry(imgData, ep, token); err != nil {
+		return "", err
+	}
+
+	out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image successfully pushed", nil))
+	return imgData.Checksum, nil
+}
+
+// FIXME: Allow to interrupt current push when new push of same image is done.
+func (srv *Server) ImagePush(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	var (
+		localName   = job.Args[0]
+		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
+		authConfig  = &registry.AuthConfig{}
+		metaHeaders map[string][]string
+	)
+
+	tag := job.Getenv("tag")
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("metaHeaders", &metaHeaders)
+	if _, err := srv.poolAdd("push", localName); err != nil {
+		return job.Error(err)
+	}
+	defer srv.poolRemove("push", localName)
+
+	// Resolve the Repository name from fqn to endpoint + name
+	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	img, err := srv.daemon.Graph().Get(localName)
+	r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
+	if err2 != nil {
+		return job.Error(err2)
+	}
+
+	if err != nil {
+		reposLen := 1
+		if tag == "" {
+			reposLen = len(srv.daemon.Repositories().Repositories[localName])
+		}
+		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
+		// If it fails, try to get the repository
+		if localRepo, exists := srv.daemon.Repositories().Repositories[localName]; exists {
+			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil {
+				return job.Error(err)
+			}
+			return engine.StatusOK
+		}
+		return job.Error(err)
+	}
+
+	var token []string
+	job.Stdout.Write(sf.FormatStatus("", "The push refers to an image: [%s]", localName))
+	if _, err := srv.pushImage(r, job.Stdout, remoteName, img.ID, endpoint, token, sf); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) ImageImport(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 2 && n != 3 {
+		return job.Errorf("Usage: %s SRC REPO [TAG]", job.Name)
+	}
+	var (
+		src     = job.Args[0]
+		repo    = job.Args[1]
+		tag     string
+		sf      = utils.NewStreamFormatter(job.GetenvBool("json"))
+		archive archive.ArchiveReader
+		resp    *http.Response
+	)
+	if len(job.Args) > 2 {
+		tag = job.Args[2]
+	}
+
+	if src == "-" {
+		archive = job.Stdin
+	} else {
+		u, err := url.Parse(src)
+		if err != nil {
+			return job.Error(err)
+		}
+		if u.Scheme == "" {
+			u.Scheme = "http"
+			u.Host = src
+			u.Path = ""
+		}
+		job.Stdout.Write(sf.FormatStatus("", "Downloading from %s", u))
+		resp, err = utils.Download(u.String())
+		if err != nil {
+			return job.Error(err)
+		}
+		progressReader := utils.ProgressReader(resp.Body, int(resp.ContentLength), job.Stdout, sf, true, "", "Importing")
+		defer progressReader.Close()
+		archive = progressReader
+	}
+	img, err := srv.daemon.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil)
+	if err != nil {
+		return job.Error(err)
+	}
+	// Optionally register the image at REPO/TAG
+	if repo != "" {
+		if err := srv.daemon.Repositories().Set(repo, tag, img.ID, true); err != nil {
+			return job.Error(err)
+		}
+	}
+	job.Stdout.Write(sf.FormatStatus("", img.ID))
+	return engine.StatusOK
+}
+func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, noprune bool) error {
+	var (
+		repoName, tag string
+		tags          = []string{}
+		tagDeleted    bool
+	)
+
+	repoName, tag = parsers.ParseRepositoryTag(name)
+	if tag == "" {
+		tag = graph.DEFAULTTAG
+	}
+
+	img, err := srv.daemon.Repositories().LookupImage(name)
+	if err != nil {
+		if r, _ := srv.daemon.Repositories().Get(repoName); r != nil {
+			return fmt.Errorf("No such image: %s:%s", repoName, tag)
+		}
+		return fmt.Errorf("No such image: %s", name)
+	}
+
+	if strings.Contains(img.ID, name) {
+		repoName = ""
+		tag = ""
+	}
+
+	byParents, err := srv.daemon.Graph().ByParent()
+	if err != nil {
+		return err
+	}
+
+	//If delete by id, see if the id belong only to one repository
+	if repoName == "" {
+		for _, repoAndTag := range srv.daemon.Repositories().ByID()[img.ID] {
+			parsedRepo, parsedTag := parsers.ParseRepositoryTag(repoAndTag)
+			if repoName == "" || repoName == parsedRepo {
+				repoName = parsedRepo
+				if parsedTag != "" {
+					tags = append(tags, parsedTag)
+				}
+			} else if repoName != parsedRepo && !force {
+				// the id belongs to multiple repos, like base:latest and user:test,
+				// in that case return conflict
+				return fmt.Errorf("Conflict, cannot delete image %s because it is tagged in multiple repositories, use -f to force", name)
+			}
+		}
+	} else {
+		tags = append(tags, tag)
+	}
+
+	if !first && len(tags) > 0 {
+		return nil
+	}
+
+	//Untag the current image
+	for _, tag := range tags {
+		tagDeleted, err = srv.daemon.Repositories().Delete(repoName, tag)
+		if err != nil {
+			return err
+		}
+		if tagDeleted {
+			out := &engine.Env{}
+			out.Set("Untagged", repoName+":"+tag)
+			imgs.Add(out)
+			srv.LogEvent("untag", img.ID, "")
+		}
+	}
+	tags = srv.daemon.Repositories().ByID()[img.ID]
+	if (len(tags) <= 1 && repoName == "") || len(tags) == 0 {
+		if len(byParents[img.ID]) == 0 {
+			if err := srv.canDeleteImage(img.ID, force, tagDeleted); err != nil {
+				return err
+			}
+			if err := srv.daemon.Repositories().DeleteAll(img.ID); err != nil {
+				return err
+			}
+			if err := srv.daemon.Graph().Delete(img.ID); err != nil {
+				return err
+			}
+			out := &engine.Env{}
+			out.Set("Deleted", img.ID)
+			imgs.Add(out)
+			srv.LogEvent("delete", img.ID, "")
+			if img.Parent != "" && !noprune {
+				err := srv.DeleteImage(img.Parent, imgs, false, force, noprune)
+				if first {
+					return err
+				}
+
+			}
+
+		}
+	}
+	return nil
+}
+
+func (srv *Server) ImageDelete(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	imgs := engine.NewTable("", 0)
+	if err := srv.DeleteImage(job.Args[0], imgs, true, job.GetenvBool("force"), job.GetenvBool("noprune")); err != nil {
+		return job.Error(err)
+	}
+	if len(imgs.Data) == 0 {
+		return job.Errorf("Conflict, %s wasn't deleted", job.Args[0])
+	}
+	if _, err := imgs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error {
+	var message string
+	if untagged {
+		message = " (docker untagged the image)"
+	}
+	for _, container := range srv.daemon.List() {
+		parent, err := srv.daemon.Repositories().LookupImage(container.Image)
+		if err != nil {
+			return err
+		}
+
+		if err := parent.WalkHistory(func(p *image.Image) error {
+			if imgID == p.ID {
+				if container.State.IsRunning() {
+					if force {
+						return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+					}
+					return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+				} else if !force {
+					return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+				}
+			}
+			return nil
+		}); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (srv *Server) poolAdd(kind, key string) (chan struct{}, error) {
+	srv.Lock()
+	defer srv.Unlock()
+
+	if c, exists := srv.pullingPool[key]; exists {
+		return c, fmt.Errorf("pull %s is already in progress", key)
+	}
+	if c, exists := srv.pushingPool[key]; exists {
+		return c, fmt.Errorf("push %s is already in progress", key)
+	}
+
+	c := make(chan struct{})
+	switch kind {
+	case "pull":
+		srv.pullingPool[key] = c
+	case "push":
+		srv.pushingPool[key] = c
+	default:
+		return nil, fmt.Errorf("Unknown pool type")
+	}
+	return c, nil
+}
+
+func (srv *Server) poolRemove(kind, key string) error {
+	srv.Lock()
+	defer srv.Unlock()
+	switch kind {
+	case "pull":
+		if c, exists := srv.pullingPool[key]; exists {
+			close(c)
+			delete(srv.pullingPool, key)
+		}
+	case "push":
+		if c, exists := srv.pushingPool[key]; exists {
+			close(c)
+			delete(srv.pushingPool, key)
+		}
+	default:
+		return fmt.Errorf("Unknown pool type")
+	}
+	return nil
+}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
new file mode 100644
index 0000000000..dfb24c0e96
--- /dev/null
+++ b/components/engine/server/init.go
@@ -0,0 +1,154 @@
+// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
+//
+// For additional commments see server/server.go
+//
+package server
+
+import (
+	"fmt"
+	"log"
+	"os"
+	gosignal "os/signal"
+	"sync/atomic"
+	"syscall"
+
+	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemonconfig"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
+	return func(job *engine.Job) engine.Status {
+		if !srv.IsRunning() {
+			return job.Errorf("Server is not running")
+		}
+		srv.tasks.Add(1)
+		defer srv.tasks.Done()
+		return h(job)
+	}
+}
+
+func InitPidfile(job *engine.Job) engine.Status {
+	if len(job.Args) == 0 {
+		return job.Error(fmt.Errorf("no pidfile provided to initialize"))
+	}
+	job.Logf("Creating pidfile")
+	if err := utils.CreatePidFile(job.Args[0]); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+// jobInitApi runs the remote api server `srv` as a daemon,
+// Only one api server can run at the same time - this is enforced by a pidfile.
+// The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
+func InitServer(job *engine.Job) engine.Status {
+	job.Logf("Creating server")
+	srv, err := NewServer(job.Eng, daemonconfig.ConfigFromJob(job))
+	if err != nil {
+		return job.Error(err)
+	}
+	job.Logf("Setting up signal traps")
+	c := make(chan os.Signal, 1)
+	signals := []os.Signal{os.Interrupt, syscall.SIGTERM}
+	if os.Getenv("DEBUG") == "" {
+		signals = append(signals, syscall.SIGQUIT)
+	}
+	gosignal.Notify(c, signals...)
+	go func() {
+		interruptCount := uint32(0)
+		for sig := range c {
+			go func(sig os.Signal) {
+				log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
+				switch sig {
+				case os.Interrupt, syscall.SIGTERM:
+					// If the user really wants to interrupt, let him do so.
+					if atomic.LoadUint32(&interruptCount) < 3 {
+						atomic.AddUint32(&interruptCount, 1)
+						// Initiate the cleanup only once
+						if atomic.LoadUint32(&interruptCount) == 1 {
+							utils.RemovePidFile(srv.daemon.Config().Pidfile)
+							srv.Close()
+						} else {
+							return
+						}
+					} else {
+						log.Printf("Force shutdown of docker, interrupting cleanup\n")
+					}
+				case syscall.SIGQUIT:
+				}
+				os.Exit(128 + int(sig.(syscall.Signal)))
+			}(sig)
+		}
+	}()
+	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
+	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
+
+	for name, handler := range map[string]engine.Handler{
+		"export":           srv.ContainerExport,
+		"create":           srv.ContainerCreate,
+		"stop":             srv.ContainerStop,
+		"restart":          srv.ContainerRestart,
+		"start":            srv.ContainerStart,
+		"kill":             srv.ContainerKill,
+		"pause":            srv.ContainerPause,
+		"unpause":          srv.ContainerUnpause,
+		"wait":             srv.ContainerWait,
+		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
+		"resize":           srv.ContainerResize,
+		"commit":           srv.ContainerCommit,
+		"info":             srv.DockerInfo,
+		"container_delete": srv.ContainerDestroy,
+		"image_export":     srv.ImageExport,
+		"images":           srv.Images,
+		"history":          srv.ImageHistory,
+		"viz":              srv.ImagesViz,
+		"container_copy":   srv.ContainerCopy,
+		"attach":           srv.ContainerAttach,
+		"logs":             srv.ContainerLogs,
+		"changes":          srv.ContainerChanges,
+		"top":              srv.ContainerTop,
+		"load":             srv.ImageLoad,
+		"build":            srv.Build,
+		"pull":             srv.ImagePull,
+		"import":           srv.ImageImport,
+		"image_delete":     srv.ImageDelete,
+		"events":           srv.Events,
+		"push":             srv.ImagePush,
+		"containers":       srv.Containers,
+	} {
+		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
+			return job.Error(err)
+		}
+	}
+	// Install image-related commands from the image subsystem.
+	// See `graph/service.go`
+	if err := srv.daemon.Repositories().Install(job.Eng); err != nil {
+		return job.Error(err)
+	}
+	// Install daemon-related commands from the daemon subsystem.
+	// See `daemon/`
+	if err := srv.daemon.Install(job.Eng); err != nil {
+		return job.Error(err)
+	}
+	srv.SetRunning(true)
+	return engine.StatusOK
+}
+
+func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) {
+	daemon, err := daemon.NewDaemon(config, eng)
+	if err != nil {
+		return nil, err
+	}
+	srv := &Server{
+		Eng:            eng,
+		daemon:         daemon,
+		pullingPool:    make(map[string]chan struct{}),
+		pushingPool:    make(map[string]chan struct{}),
+		events:         make([]utils.JSONMessage, 0, 64), //only keeps the 64 last events
+		eventPublisher: utils.NewJSONMessagePublisher(),
+	}
+	daemon.SetServer(srv)
+	return srv, nil
+}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 6d8574b886..afa4f65f3c 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -22,781 +22,20 @@
 package server
 
 import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"net"
-	"net/http"
-	"net/url"
 	"os"
-	"os/exec"
-	gosignal "os/signal"
-	"path"
-	"path/filepath"
 	"runtime"
-	"strconv"
-	"strings"
 	"sync"
-	"sync/atomic"
-	"syscall"
 	"time"
 
-	"github.com/docker/docker/archive"
-	"github.com/docker/docker/builder"
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/graph"
-	"github.com/docker/docker/image"
-	"github.com/docker/docker/pkg/graphdb"
-	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/pkg/parsers/filters"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/parsers/operatingsystem"
-	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/pkg/tailfile"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 )
 
-func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
-	return func(job *engine.Job) engine.Status {
-		if !srv.IsRunning() {
-			return job.Errorf("Server is not running")
-		}
-		srv.tasks.Add(1)
-		defer srv.tasks.Done()
-		return h(job)
-	}
-}
-
-func InitPidfile(job *engine.Job) engine.Status {
-	if len(job.Args) == 0 {
-		return job.Error(fmt.Errorf("no pidfile provided to initialize"))
-	}
-	job.Logf("Creating pidfile")
-	if err := utils.CreatePidFile(job.Args[0]); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) removeUnixSockets() {
-	for _, sock := range srv.daemon.Config().Sockets {
-		parts := strings.SplitN(sock, "://", 2)
-		if parts[0] == "unix" {
-			err := os.Remove(parts[1])
-			if err != nil {
-				utils.Debugf("Got error removing unix socket: %s", err.Error())
-			}
-		}
-	}
-}
-
-// jobInitApi runs the remote api server `srv` as a daemon,
-// Only one api server can run at the same time - this is enforced by a pidfile.
-// The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
-func InitServer(job *engine.Job) engine.Status {
-	job.Logf("Creating server")
-	srv, err := NewServer(job.Eng, daemonconfig.ConfigFromJob(job))
-	if err != nil {
-		return job.Error(err)
-	}
-	job.Logf("Setting up signal traps")
-	c := make(chan os.Signal, 1)
-	signals := []os.Signal{os.Interrupt, syscall.SIGTERM}
-	if os.Getenv("DEBUG") == "" {
-		signals = append(signals, syscall.SIGQUIT)
-	}
-	gosignal.Notify(c, signals...)
-	go func() {
-		interruptCount := uint32(0)
-		for sig := range c {
-			go func(sig os.Signal) {
-				log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
-				switch sig {
-				case os.Interrupt, syscall.SIGTERM:
-					// If the user really wants to interrupt, let him do so.
-					if atomic.LoadUint32(&interruptCount) < 3 {
-						atomic.AddUint32(&interruptCount, 1)
-						// Initiate the cleanup only once
-						if atomic.LoadUint32(&interruptCount) == 1 {
-							utils.RemovePidFile(srv.daemon.Config().Pidfile)
-							srv.Close()
-						} else {
-							return
-						}
-					} else {
-						log.Printf("Force shutdown of docker, interrupting cleanup\n")
-					}
-				case syscall.SIGQUIT:
-				}
-
-				srv.removeUnixSockets()
-				os.Exit(128 + int(sig.(syscall.Signal)))
-			}(sig)
-		}
-	}()
-	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
-	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
-
-	for name, handler := range map[string]engine.Handler{
-		"export":           srv.ContainerExport,
-		"create":           srv.ContainerCreate,
-		"stop":             srv.ContainerStop,
-		"restart":          srv.ContainerRestart,
-		"start":            srv.ContainerStart,
-		"kill":             srv.ContainerKill,
-		"pause":            srv.ContainerPause,
-		"unpause":          srv.ContainerUnpause,
-		"wait":             srv.ContainerWait,
-		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
-		"resize":           srv.ContainerResize,
-		"commit":           srv.ContainerCommit,
-		"info":             srv.DockerInfo,
-		"container_delete": srv.ContainerDestroy,
-		"image_export":     srv.ImageExport,
-		"images":           srv.Images,
-		"history":          srv.ImageHistory,
-		"viz":              srv.ImagesViz,
-		"container_copy":   srv.ContainerCopy,
-		"attach":           srv.ContainerAttach,
-		"logs":             srv.ContainerLogs,
-		"changes":          srv.ContainerChanges,
-		"top":              srv.ContainerTop,
-		"load":             srv.ImageLoad,
-		"build":            srv.Build,
-		"pull":             srv.ImagePull,
-		"import":           srv.ImageImport,
-		"image_delete":     srv.ImageDelete,
-		"events":           srv.Events,
-		"push":             srv.ImagePush,
-		"containers":       srv.Containers,
-	} {
-		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
-			return job.Error(err)
-		}
-	}
-	// Install image-related commands from the image subsystem.
-	// See `graph/service.go`
-	if err := srv.daemon.Repositories().Install(job.Eng); err != nil {
-		return job.Error(err)
-	}
-	// Install daemon-related commands from the daemon subsystem.
-	// See `daemon/`
-	if err := srv.daemon.Install(job.Eng); err != nil {
-		return job.Error(err)
-	}
-	srv.SetRunning(true)
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerPause(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	if err := container.Pause(); err != nil {
-		return job.Errorf("Cannot pause container %s: %s", name, err)
-	}
-	srv.LogEvent("pause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerUnpause(job *engine.Job) engine.Status {
-	if n := len(job.Args); n < 1 || n > 2 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	if err := container.Unpause(); err != nil {
-		return job.Errorf("Cannot unpause container %s: %s", name, err)
-	}
-	srv.LogEvent("unpause", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	return engine.StatusOK
-}
-
-// ContainerKill send signal to the container
-// If no signal is given (sig 0), then Kill with SIGKILL and wait
-// for the container to exit.
-// If a signal is given, then just send it to the container and return.
-func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
-	if n := len(job.Args); n < 1 || n > 2 {
-		return job.Errorf("Usage: %s CONTAINER [SIGNAL]", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		sig  uint64
-		err  error
-	)
-
-	// If we have a signal, look at it. Otherwise, do nothing
-	if len(job.Args) == 2 && job.Args[1] != "" {
-		// Check if we passed the signal as a number:
-		// The largest legal signal is 31, so let's parse on 5 bits
-		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
-		if err != nil {
-			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
-			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
-		}
-
-		if sig == 0 {
-			return job.Errorf("Invalid signal: %s", job.Args[1])
-		}
-	}
-
-	if container := srv.daemon.Get(name); container != nil {
-		// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
-		if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {
-			if err := container.Kill(); err != nil {
-				return job.Errorf("Cannot kill container %s: %s", name, err)
-			}
-			srv.LogEvent("kill", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-		} else {
-			// Otherwise, just send the requested signal
-			if err := container.KillSig(int(sig)); err != nil {
-				return job.Errorf("Cannot kill container %s: %s", name, err)
-			}
-			// FIXME: Add event for signals
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) Events(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-
-	var (
-		since   = job.GetenvInt64("since")
-		until   = job.GetenvInt64("until")
-		timeout = time.NewTimer(time.Unix(until, 0).Sub(time.Now()))
-	)
-
-	// If no until, disable timeout
-	if until == 0 {
-		timeout.Stop()
-	}
-
-	listener := make(chan utils.JSONMessage)
-	srv.eventPublisher.Subscribe(listener)
-	defer srv.eventPublisher.Unsubscribe(listener)
-
-	// When sending an event JSON serialization errors are ignored, but all
-	// other errors lead to the eviction of the listener.
-	sendEvent := func(event *utils.JSONMessage) error {
-		if b, err := json.Marshal(event); err == nil {
-			if _, err = job.Stdout.Write(b); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-
-	job.Stdout.Write(nil)
-
-	// Resend every event in the [since, until] time interval.
-	if since != 0 {
-		for _, event := range srv.GetEvents() {
-			if event.Time >= since && (event.Time <= until || until == 0) {
-				if err := sendEvent(&event); err != nil {
-					return job.Error(err)
-				}
-			}
-		}
-	}
-
-	for {
-		select {
-		case event, ok := <-listener:
-			if !ok {
-				return engine.StatusOK
-			}
-			if err := sendEvent(&event); err != nil {
-				return job.Error(err)
-			}
-		case <-timeout.C:
-			return engine.StatusOK
-		}
-	}
-}
-
-func (srv *Server) ContainerExport(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s container_id", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		data, err := container.Export()
-		if err != nil {
-			return job.Errorf("%s: %s", name, err)
-		}
-		defer data.Close()
-
-		// Stream the entire contents of the container (basically a volatile snapshot)
-		if _, err := io.Copy(job.Stdout, data); err != nil {
-			return job.Errorf("%s: %s", name, err)
-		}
-		// FIXME: factor job-specific LogEvent to engine.Job.Run()
-		srv.LogEvent("export", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
-// ImageExport exports all images with the given tag. All versions
-// containing the same tag are exported. The resulting output is an
-// uncompressed tar ball.
-// name is the set of tags to export.
-// out is the writer where the images are written to.
-func (srv *Server) ImageExport(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s IMAGE\n", job.Name)
-	}
-	name := job.Args[0]
-	// get image json
-	tempdir, err := ioutil.TempDir("", "docker-export-")
-	if err != nil {
-		return job.Error(err)
-	}
-	defer os.RemoveAll(tempdir)
-
-	utils.Debugf("Serializing %s", name)
-
-	rootRepoMap := map[string]graph.Repository{}
-	rootRepo, err := srv.daemon.Repositories().Get(name)
-	if err != nil {
-		return job.Error(err)
-	}
-	if rootRepo != nil {
-		// this is a base repo name, like 'busybox'
-
-		for _, id := range rootRepo {
-			if err := srv.exportImage(job.Eng, id, tempdir); err != nil {
-				return job.Error(err)
-			}
-		}
-		rootRepoMap[name] = rootRepo
-	} else {
-		img, err := srv.daemon.Repositories().LookupImage(name)
-		if err != nil {
-			return job.Error(err)
-		}
-		if img != nil {
-			// This is a named image like 'busybox:latest'
-			repoName, repoTag := parsers.ParseRepositoryTag(name)
-			if err := srv.exportImage(job.Eng, img.ID, tempdir); err != nil {
-				return job.Error(err)
-			}
-			// check this length, because a lookup of a truncated has will not have a tag
-			// and will not need to be added to this map
-			if len(repoTag) > 0 {
-				rootRepoMap[repoName] = graph.Repository{repoTag: img.ID}
-			}
-		} else {
-			// this must be an ID that didn't get looked up just right?
-			if err := srv.exportImage(job.Eng, name, tempdir); err != nil {
-				return job.Error(err)
-			}
-		}
-	}
-	// write repositories, if there is something to write
-	if len(rootRepoMap) > 0 {
-		rootRepoJson, _ := json.Marshal(rootRepoMap)
-
-		if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil {
-			return job.Error(err)
-		}
-	} else {
-		utils.Debugf("There were no repositories to write")
-	}
-
-	fs, err := archive.Tar(tempdir, archive.Uncompressed)
-	if err != nil {
-		return job.Error(err)
-	}
-	defer fs.Close()
-
-	if _, err := io.Copy(job.Stdout, fs); err != nil {
-		return job.Error(err)
-	}
-	utils.Debugf("End Serializing %s", name)
-	return engine.StatusOK
-}
-
-func (srv *Server) exportImage(eng *engine.Engine, name, tempdir string) error {
-	for n := name; n != ""; {
-		// temporary directory
-		tmpImageDir := path.Join(tempdir, n)
-		if err := os.Mkdir(tmpImageDir, os.FileMode(0755)); err != nil {
-			if os.IsExist(err) {
-				return nil
-			}
-			return err
-		}
-
-		var version = "1.0"
-		var versionBuf = []byte(version)
-
-		if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.FileMode(0644)); err != nil {
-			return err
-		}
-
-		// serialize json
-		json, err := os.Create(path.Join(tmpImageDir, "json"))
-		if err != nil {
-			return err
-		}
-		job := eng.Job("image_inspect", n)
-		job.SetenvBool("raw", true)
-		job.Stdout.Add(json)
-		if err := job.Run(); err != nil {
-			return err
-		}
-
-		// serialize filesystem
-		fsTar, err := os.Create(path.Join(tmpImageDir, "layer.tar"))
-		if err != nil {
-			return err
-		}
-		job = eng.Job("image_tarlayer", n)
-		job.Stdout.Add(fsTar)
-		if err := job.Run(); err != nil {
-			return err
-		}
-
-		// find parent
-		job = eng.Job("image_get", n)
-		info, _ := job.Stdout.AddEnv()
-		if err := job.Run(); err != nil {
-			return err
-		}
-		n = info.Get("Parent")
-	}
-	return nil
-}
-
-func (srv *Server) Build(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s\n", job.Name)
-	}
-	var (
-		remoteURL      = job.Getenv("remote")
-		repoName       = job.Getenv("t")
-		suppressOutput = job.GetenvBool("q")
-		noCache        = job.GetenvBool("nocache")
-		rm             = job.GetenvBool("rm")
-		forceRm        = job.GetenvBool("forcerm")
-		authConfig     = &registry.AuthConfig{}
-		configFile     = &registry.ConfigFile{}
-		tag            string
-		context        io.ReadCloser
-	)
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("configFile", configFile)
-	repoName, tag = parsers.ParseRepositoryTag(repoName)
-
-	if remoteURL == "" {
-		context = ioutil.NopCloser(job.Stdin)
-	} else if utils.IsGIT(remoteURL) {
-		if !strings.HasPrefix(remoteURL, "git://") {
-			remoteURL = "https://" + remoteURL
-		}
-		root, err := ioutil.TempDir("", "docker-build-git")
-		if err != nil {
-			return job.Error(err)
-		}
-		defer os.RemoveAll(root)
-
-		if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
-			return job.Errorf("Error trying to use git: %s (%s)", err, output)
-		}
-
-		c, err := archive.Tar(root, archive.Uncompressed)
-		if err != nil {
-			return job.Error(err)
-		}
-		context = c
-	} else if utils.IsURL(remoteURL) {
-		f, err := utils.Download(remoteURL)
-		if err != nil {
-			return job.Error(err)
-		}
-		defer f.Body.Close()
-		dockerFile, err := ioutil.ReadAll(f.Body)
-		if err != nil {
-			return job.Error(err)
-		}
-		c, err := archive.Generate("Dockerfile", string(dockerFile))
-		if err != nil {
-			return job.Error(err)
-		}
-		context = c
-	}
-	defer context.Close()
-
-	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
-	b := builder.NewBuildFile(srv.daemon, srv.Eng,
-		&utils.StdoutFormater{
-			Writer:          job.Stdout,
-			StreamFormatter: sf,
-		},
-		&utils.StderrFormater{
-			Writer:          job.Stdout,
-			StreamFormatter: sf,
-		},
-		!suppressOutput, !noCache, rm, forceRm, job.Stdout, sf, authConfig, configFile)
-	id, err := b.Build(context)
-	if err != nil {
-		return job.Error(err)
-	}
-	if repoName != "" {
-		srv.daemon.Repositories().Set(repoName, tag, id, false)
-	}
-	return engine.StatusOK
-}
-
-// Loads a set of images into the repository. This is the complementary of ImageExport.
-// The input stream is an uncompressed tar ball containing images and metadata.
-func (srv *Server) ImageLoad(job *engine.Job) engine.Status {
-	tmpImageDir, err := ioutil.TempDir("", "docker-import-")
-	if err != nil {
-		return job.Error(err)
-	}
-	defer os.RemoveAll(tmpImageDir)
-
-	var (
-		repoTarFile = path.Join(tmpImageDir, "repo.tar")
-		repoDir     = path.Join(tmpImageDir, "repo")
-	)
-
-	tarFile, err := os.Create(repoTarFile)
-	if err != nil {
-		return job.Error(err)
-	}
-	if _, err := io.Copy(tarFile, job.Stdin); err != nil {
-		return job.Error(err)
-	}
-	tarFile.Close()
-
-	repoFile, err := os.Open(repoTarFile)
-	if err != nil {
-		return job.Error(err)
-	}
-	if err := os.Mkdir(repoDir, os.ModeDir); err != nil {
-		return job.Error(err)
-	}
-	if err := archive.Untar(repoFile, repoDir, nil); err != nil {
-		return job.Error(err)
-	}
-
-	dirs, err := ioutil.ReadDir(repoDir)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	for _, d := range dirs {
-		if d.IsDir() {
-			if err := srv.recursiveLoad(job.Eng, d.Name(), tmpImageDir); err != nil {
-				return job.Error(err)
-			}
-		}
-	}
-
-	repositoriesJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", "repositories"))
-	if err == nil {
-		repositories := map[string]graph.Repository{}
-		if err := json.Unmarshal(repositoriesJson, &repositories); err != nil {
-			return job.Error(err)
-		}
-
-		for imageName, tagMap := range repositories {
-			for tag, address := range tagMap {
-				if err := srv.daemon.Repositories().Set(imageName, tag, address, true); err != nil {
-					return job.Error(err)
-				}
-			}
-		}
-	} else if !os.IsNotExist(err) {
-		return job.Error(err)
-	}
-
-	return engine.StatusOK
-}
-
-func (srv *Server) recursiveLoad(eng *engine.Engine, address, tmpImageDir string) error {
-	if err := eng.Job("image_get", address).Run(); err != nil {
-		utils.Debugf("Loading %s", address)
-
-		imageJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", address, "json"))
-		if err != nil {
-			utils.Debugf("Error reading json", err)
-			return err
-		}
-
-		layer, err := os.Open(path.Join(tmpImageDir, "repo", address, "layer.tar"))
-		if err != nil {
-			utils.Debugf("Error reading embedded tar", err)
-			return err
-		}
-		img, err := image.NewImgJSON(imageJson)
-		if err != nil {
-			utils.Debugf("Error unmarshalling json", err)
-			return err
-		}
-		if img.Parent != "" {
-			if !srv.daemon.Graph().Exists(img.Parent) {
-				if err := srv.recursiveLoad(eng, img.Parent, tmpImageDir); err != nil {
-					return err
-				}
-			}
-		}
-		if err := srv.daemon.Graph().Register(imageJson, layer, img); err != nil {
-			return err
-		}
-	}
-	utils.Debugf("Completed processing %s", address)
-
-	return nil
-}
-
-func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
-	images, _ := srv.daemon.Graph().Map()
-	if images == nil {
-		return engine.StatusOK
-	}
-	job.Stdout.Write([]byte("digraph docker {\n"))
-
-	var (
-		parentImage *image.Image
-		err         error
-	)
-	for _, image := range images {
-		parentImage, err = image.GetParent()
-		if err != nil {
-			return job.Errorf("Error while getting parent image: %v", err)
-		}
-		if parentImage != nil {
-			job.Stdout.Write([]byte(" \"" + parentImage.ID + "\" -> \"" + image.ID + "\"\n"))
-		} else {
-			job.Stdout.Write([]byte(" base -> \"" + image.ID + "\" [style=invis]\n"))
-		}
-	}
-
-	for id, repos := range srv.daemon.Repositories().GetRepoRefs() {
-		job.Stdout.Write([]byte(" \"" + id + "\" [label=\"" + id + "\\n" + strings.Join(repos, "\\n") + "\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n"))
-	}
-	job.Stdout.Write([]byte(" base [style=invisible]\n}\n"))
-	return engine.StatusOK
-}
-
-func (srv *Server) Images(job *engine.Job) engine.Status {
-	var (
-		allImages   map[string]*image.Image
-		err         error
-		filt_tagged = true
-	)
-
-	imageFilters, err := filters.FromParam(job.Getenv("filters"))
-	if err != nil {
-		return job.Error(err)
-	}
-	if i, ok := imageFilters["dangling"]; ok {
-		for _, value := range i {
-			if strings.ToLower(value) == "true" {
-				filt_tagged = false
-			}
-		}
-	}
-
-	if job.GetenvBool("all") && filt_tagged {
-		allImages, err = srv.daemon.Graph().Map()
-	} else {
-		allImages, err = srv.daemon.Graph().Heads()
-	}
-	if err != nil {
-		return job.Error(err)
-	}
-	lookup := make(map[string]*engine.Env)
-	srv.daemon.Repositories().Lock()
-	for name, repository := range srv.daemon.Repositories().Repositories {
-		if job.Getenv("filter") != "" {
-			if match, _ := path.Match(job.Getenv("filter"), name); !match {
-				continue
-			}
-		}
-		for tag, id := range repository {
-			image, err := srv.daemon.Graph().Get(id)
-			if err != nil {
-				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
-				continue
-			}
-
-			if out, exists := lookup[id]; exists {
-				if filt_tagged {
-					out.SetList("RepoTags", append(out.GetList("RepoTags"), fmt.Sprintf("%s:%s", name, tag)))
-				}
-			} else {
-				// get the boolean list for if only the untagged images are requested
-				delete(allImages, id)
-				if filt_tagged {
-					out := &engine.Env{}
-					out.Set("ParentId", image.Parent)
-					out.SetList("RepoTags", []string{fmt.Sprintf("%s:%s", name, tag)})
-					out.Set("Id", image.ID)
-					out.SetInt64("Created", image.Created.Unix())
-					out.SetInt64("Size", image.Size)
-					out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
-					lookup[id] = out
-				}
-			}
-
-		}
-	}
-	srv.daemon.Repositories().Unlock()
-
-	outs := engine.NewTable("Created", len(lookup))
-	for _, value := range lookup {
-		outs.Add(value)
-	}
-
-	// Display images which aren't part of a repository/tag
-	if job.Getenv("filter") == "" {
-		for _, image := range allImages {
-			out := &engine.Env{}
-			out.Set("ParentId", image.Parent)
-			out.SetList("RepoTags", []string{"<none>:<none>"})
-			out.Set("Id", image.ID)
-			out.SetInt64("Created", image.Created.Unix())
-			out.SetInt64("Size", image.Size)
-			out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
-			outs.Add(out)
-		}
-	}
-
-	outs.ReverseSort()
-	if _, err := outs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	images, _ := srv.daemon.Graph().Map()
 	var imgcount int
@@ -853,1646 +92,6 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	name := job.Args[0]
-	foundImage, err := srv.daemon.Repositories().LookupImage(name)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	lookupMap := make(map[string][]string)
-	for name, repository := range srv.daemon.Repositories().Repositories {
-		for tag, id := range repository {
-			// If the ID already has a reverse lookup, do not update it unless for "latest"
-			if _, exists := lookupMap[id]; !exists {
-				lookupMap[id] = []string{}
-			}
-			lookupMap[id] = append(lookupMap[id], name+":"+tag)
-		}
-	}
-
-	outs := engine.NewTable("Created", 0)
-	err = foundImage.WalkHistory(func(img *image.Image) error {
-		out := &engine.Env{}
-		out.Set("Id", img.ID)
-		out.SetInt64("Created", img.Created.Unix())
-		out.Set("CreatedBy", strings.Join(img.ContainerConfig.Cmd, " "))
-		out.SetList("Tags", lookupMap[img.ID])
-		out.SetInt64("Size", img.Size)
-		outs.Add(out)
-		return nil
-	})
-	if _, err := outs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 && len(job.Args) != 2 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER [PS_ARGS]\n", job.Name)
-	}
-	var (
-		name   = job.Args[0]
-		psArgs = "-ef"
-	)
-
-	if len(job.Args) == 2 && job.Args[1] != "" {
-		psArgs = job.Args[1]
-	}
-
-	if container := srv.daemon.Get(name); container != nil {
-		if !container.State.IsRunning() {
-			return job.Errorf("Container %s is not running", name)
-		}
-		pids, err := srv.daemon.ExecutionDriver().GetPidsForContainer(container.ID)
-		if err != nil {
-			return job.Error(err)
-		}
-		output, err := exec.Command("ps", psArgs).Output()
-		if err != nil {
-			return job.Errorf("Error running ps: %s", err)
-		}
-
-		lines := strings.Split(string(output), "\n")
-		header := strings.Fields(lines[0])
-		out := &engine.Env{}
-		out.SetList("Titles", header)
-
-		pidIndex := -1
-		for i, name := range header {
-			if name == "PID" {
-				pidIndex = i
-			}
-		}
-		if pidIndex == -1 {
-			return job.Errorf("Couldn't find PID field in ps output")
-		}
-
-		processes := [][]string{}
-		for _, line := range lines[1:] {
-			if len(line) == 0 {
-				continue
-			}
-			fields := strings.Fields(line)
-			p, err := strconv.Atoi(fields[pidIndex])
-			if err != nil {
-				return job.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
-			}
-
-			for _, pid := range pids {
-				if pid == p {
-					// Make sure number of fields equals number of header titles
-					// merging "overhanging" fields
-					process := fields[:len(header)-1]
-					process = append(process, strings.Join(fields[len(header)-1:], " "))
-					processes = append(processes, process)
-				}
-			}
-		}
-		out.SetJson("Processes", processes)
-		out.WriteTo(job.Stdout)
-		return engine.StatusOK
-
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
-func (srv *Server) ContainerChanges(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		outs := engine.NewTable("", 0)
-		changes, err := container.Changes()
-		if err != nil {
-			return job.Error(err)
-		}
-		for _, change := range changes {
-			out := &engine.Env{}
-			if err := out.Import(change); err != nil {
-				return job.Error(err)
-			}
-			outs.Add(out)
-		}
-		if _, err := outs.WriteListTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) Containers(job *engine.Job) engine.Status {
-	var (
-		foundBefore bool
-		displayed   int
-		all         = job.GetenvBool("all")
-		since       = job.Getenv("since")
-		before      = job.Getenv("before")
-		n           = job.GetenvInt("limit")
-		size        = job.GetenvBool("size")
-	)
-	outs := engine.NewTable("Created", 0)
-
-	names := map[string][]string{}
-	srv.daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
-		names[e.ID()] = append(names[e.ID()], p)
-		return nil
-	}, -1)
-
-	var beforeCont, sinceCont *daemon.Container
-	if before != "" {
-		beforeCont = srv.daemon.Get(before)
-		if beforeCont == nil {
-			return job.Error(fmt.Errorf("Could not find container with name or id %s", before))
-		}
-	}
-
-	if since != "" {
-		sinceCont = srv.daemon.Get(since)
-		if sinceCont == nil {
-			return job.Error(fmt.Errorf("Could not find container with name or id %s", since))
-		}
-	}
-
-	errLast := errors.New("last container")
-	writeCont := func(container *daemon.Container) error {
-		container.Lock()
-		defer container.Unlock()
-		if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" {
-			return nil
-		}
-		if before != "" && !foundBefore {
-			if container.ID == beforeCont.ID {
-				foundBefore = true
-			}
-			return nil
-		}
-		if n > 0 && displayed == n {
-			return errLast
-		}
-		if since != "" {
-			if container.ID == sinceCont.ID {
-				return errLast
-			}
-		}
-		displayed++
-		out := &engine.Env{}
-		out.Set("Id", container.ID)
-		out.SetList("Names", names[container.ID])
-		out.Set("Image", srv.daemon.Repositories().ImageName(container.Image))
-		if len(container.Args) > 0 {
-			args := []string{}
-			for _, arg := range container.Args {
-				if strings.Contains(arg, " ") {
-					args = append(args, fmt.Sprintf("'%s'", arg))
-				} else {
-					args = append(args, arg)
-				}
-			}
-			argsAsString := strings.Join(args, " ")
-
-			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, argsAsString))
-		} else {
-			out.Set("Command", fmt.Sprintf("\"%s\"", container.Path))
-		}
-		out.SetInt64("Created", container.Created.Unix())
-		out.Set("Status", container.State.String())
-		str, err := container.NetworkSettings.PortMappingAPI().ToListString()
-		if err != nil {
-			return err
-		}
-		out.Set("Ports", str)
-		if size {
-			sizeRw, sizeRootFs := container.GetSize()
-			out.SetInt64("SizeRw", sizeRw)
-			out.SetInt64("SizeRootFs", sizeRootFs)
-		}
-		outs.Add(out)
-		return nil
-	}
-
-	for _, container := range srv.daemon.List() {
-		if err := writeCont(container); err != nil {
-			if err != errLast {
-				return job.Error(err)
-			}
-			break
-		}
-	}
-	outs.ReverseSort()
-	if _, err := outs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
-	}
-	name := job.Args[0]
-
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	var (
-		config    = container.Config
-		newConfig runconfig.Config
-	)
-
-	if err := job.GetenvJson("config", &newConfig); err != nil {
-		return job.Error(err)
-	}
-
-	if err := runconfig.Merge(&newConfig, config); err != nil {
-		return job.Error(err)
-	}
-
-	img, err := srv.daemon.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), job.GetenvBool("pause"), &newConfig)
-	if err != nil {
-		return job.Error(err)
-	}
-	job.Printf("%s\n", img.ID)
-	return engine.StatusOK
-}
-
-func (srv *Server) ImageTag(job *engine.Job) engine.Status {
-	if len(job.Args) != 2 && len(job.Args) != 3 {
-		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
-	}
-	var tag string
-	if len(job.Args) == 3 {
-		tag = job.Args[2]
-	}
-	if err := srv.daemon.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
-	history, err := r.GetRemoteHistory(imgID, endpoint, token)
-	if err != nil {
-		return err
-	}
-	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pulling dependent layers", nil))
-	// FIXME: Try to stream the images?
-	// FIXME: Launch the getRemoteImage() in goroutines
-
-	for i := len(history) - 1; i >= 0; i-- {
-		id := history[i]
-
-		// ensure no two downloads of the same layer happen at the same time
-		if c, err := srv.poolAdd("pull", "layer:"+id); err != nil {
-			utils.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
-			<-c
-		}
-		defer srv.poolRemove("pull", "layer:"+id)
-
-		if !srv.daemon.Graph().Exists(id) {
-			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
-			var (
-				imgJSON []byte
-				imgSize int
-				err     error
-				img     *image.Image
-			)
-			retries := 5
-			for j := 1; j <= retries; j++ {
-				imgJSON, imgSize, err = r.GetRemoteImageJSON(id, endpoint, token)
-				if err != nil && j == retries {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return err
-				} else if err != nil {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				}
-				img, err = image.NewImgJSON(imgJSON)
-				if err != nil && j == retries {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return fmt.Errorf("Failed to parse json: %s", err)
-				} else if err != nil {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else {
-					break
-				}
-			}
-
-			for j := 1; j <= retries; j++ {
-				// Get the layer
-				status := "Pulling fs layer"
-				if j > 1 {
-					status = fmt.Sprintf("Pulling fs layer [retries: %d]", j)
-				}
-				out.Write(sf.FormatProgress(utils.TruncateID(id), status, nil))
-				layer, err := r.GetRemoteImageLayer(img.ID, endpoint, token, int64(imgSize))
-				if uerr, ok := err.(*url.Error); ok {
-					err = uerr.Err
-				}
-				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else if err != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return err
-				}
-				defer layer.Close()
-
-				err = srv.daemon.Graph().Register(imgJSON,
-					utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"),
-					img)
-				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else if err != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil))
-					return err
-				} else {
-					break
-				}
-			}
-		}
-		out.Write(sf.FormatProgress(utils.TruncateID(id), "Download complete", nil))
-
-	}
-	return nil
-}
-
-func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
-	out.Write(sf.FormatStatus("", "Pulling repository %s", localName))
-
-	repoData, err := r.GetRepositoryData(remoteName)
-	if err != nil {
-		if strings.Contains(err.Error(), "HTTP code: 404") {
-			return fmt.Errorf("Error: image %s not found", remoteName)
-		} else {
-			// Unexpected HTTP error
-			return err
-		}
-	}
-
-	utils.Debugf("Retrieving the tag list")
-	tagsList, err := r.GetRemoteTags(repoData.Endpoints, remoteName, repoData.Tokens)
-	if err != nil {
-		utils.Errorf("%v", err)
-		return err
-	}
-
-	for tag, id := range tagsList {
-		repoData.ImgList[id] = &registry.ImgData{
-			ID:       id,
-			Tag:      tag,
-			Checksum: "",
-		}
-	}
-
-	utils.Debugf("Registering tags")
-	// If no tag has been specified, pull them all
-	if askedTag == "" {
-		for tag, id := range tagsList {
-			repoData.ImgList[id].Tag = tag
-		}
-	} else {
-		// Otherwise, check that the tag exists and use only that one
-		id, exists := tagsList[askedTag]
-		if !exists {
-			return fmt.Errorf("Tag %s not found in repository %s", askedTag, localName)
-		}
-		repoData.ImgList[id].Tag = askedTag
-	}
-
-	errors := make(chan error)
-	for _, image := range repoData.ImgList {
-		downloadImage := func(img *registry.ImgData) {
-			if askedTag != "" && img.Tag != askedTag {
-				utils.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-
-			if img.Tag == "" {
-				utils.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-
-			// ensure no two downloads of the same image happen at the same time
-			if c, err := srv.poolAdd("pull", "img:"+img.ID); err != nil {
-				if c != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Layer already being pulled by another client. Waiting.", nil))
-					<-c
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
-				} else {
-					utils.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
-				}
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-			defer srv.poolRemove("pull", "img:"+img.ID)
-
-			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s", img.Tag, localName), nil))
-			success := false
-			var lastErr error
-			for _, ep := range repoData.Endpoints {
-				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, endpoint: %s", img.Tag, localName, ep), nil))
-				if err := srv.pullImage(r, out, img.ID, ep, repoData.Tokens, sf); err != nil {
-					// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
-					// As the error is also given to the output stream the user will see the error.
-					lastErr = err
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, localName, ep, err), nil))
-					continue
-				}
-				success = true
-				break
-			}
-			if !success {
-				err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, localName, lastErr)
-				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), err.Error(), nil))
-				if parallel {
-					errors <- err
-					return
-				}
-			}
-			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
-
-			if parallel {
-				errors <- nil
-			}
-		}
-
-		if parallel {
-			go downloadImage(image)
-		} else {
-			downloadImage(image)
-		}
-	}
-	if parallel {
-		var lastError error
-		for i := 0; i < len(repoData.ImgList); i++ {
-			if err := <-errors; err != nil {
-				lastError = err
-			}
-		}
-		if lastError != nil {
-			return lastError
-		}
-
-	}
-	for tag, id := range tagsList {
-		if askedTag != "" && tag != askedTag {
-			continue
-		}
-		if err := srv.daemon.Repositories().Set(localName, tag, id, true); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (srv *Server) poolAdd(kind, key string) (chan struct{}, error) {
-	srv.Lock()
-	defer srv.Unlock()
-
-	if c, exists := srv.pullingPool[key]; exists {
-		return c, fmt.Errorf("pull %s is already in progress", key)
-	}
-	if c, exists := srv.pushingPool[key]; exists {
-		return c, fmt.Errorf("push %s is already in progress", key)
-	}
-
-	c := make(chan struct{})
-	switch kind {
-	case "pull":
-		srv.pullingPool[key] = c
-	case "push":
-		srv.pushingPool[key] = c
-	default:
-		return nil, fmt.Errorf("Unknown pool type")
-	}
-	return c, nil
-}
-
-func (srv *Server) poolRemove(kind, key string) error {
-	srv.Lock()
-	defer srv.Unlock()
-	switch kind {
-	case "pull":
-		if c, exists := srv.pullingPool[key]; exists {
-			close(c)
-			delete(srv.pullingPool, key)
-		}
-	case "push":
-		if c, exists := srv.pushingPool[key]; exists {
-			close(c)
-			delete(srv.pushingPool, key)
-		}
-	default:
-		return fmt.Errorf("Unknown pool type")
-	}
-	return nil
-}
-
-func (srv *Server) ImagePull(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 && n != 2 {
-		return job.Errorf("Usage: %s IMAGE [TAG]", job.Name)
-	}
-	var (
-		localName   = job.Args[0]
-		tag         string
-		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &registry.AuthConfig{}
-		metaHeaders map[string][]string
-	)
-	if len(job.Args) > 1 {
-		tag = job.Args[1]
-	}
-
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("metaHeaders", &metaHeaders)
-
-	c, err := srv.poolAdd("pull", localName+":"+tag)
-	if err != nil {
-		if c != nil {
-			// Another pull of the same repository is already taking place; just wait for it to finish
-			job.Stdout.Write(sf.FormatStatus("", "Repository %s already being pulled by another client. Waiting.", localName))
-			<-c
-			return engine.StatusOK
-		}
-		return job.Error(err)
-	}
-	defer srv.poolRemove("pull", localName+":"+tag)
-
-	// Resolve the Repository name from fqn to endpoint + name
-	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	r, err := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	if endpoint == registry.IndexServerAddress() {
-		// If pull "index.docker.io/foo/bar", it's stored locally under "foo/bar"
-		localName = remoteName
-	}
-
-	if err = srv.pullRepository(r, job.Stdout, localName, remoteName, tag, sf, job.GetenvBool("parallel")); err != nil {
-		return job.Error(err)
-	}
-
-	return engine.StatusOK
-}
-
-// Retrieve the all the images to be uploaded in the correct order
-func (srv *Server) getImageList(localRepo map[string]string, requestedTag string) ([]string, map[string][]string, error) {
-	var (
-		imageList   []string
-		imagesSeen  map[string]bool     = make(map[string]bool)
-		tagsByImage map[string][]string = make(map[string][]string)
-	)
-
-	for tag, id := range localRepo {
-		if requestedTag != "" && requestedTag != tag {
-			continue
-		}
-		var imageListForThisTag []string
-
-		tagsByImage[id] = append(tagsByImage[id], tag)
-
-		for img, err := srv.daemon.Graph().Get(id); img != nil; img, err = img.GetParent() {
-			if err != nil {
-				return nil, nil, err
-			}
-
-			if imagesSeen[img.ID] {
-				// This image is already on the list, we can ignore it and all its parents
-				break
-			}
-
-			imagesSeen[img.ID] = true
-			imageListForThisTag = append(imageListForThisTag, img.ID)
-		}
-
-		// reverse the image list for this tag (so the "most"-parent image is first)
-		for i, j := 0, len(imageListForThisTag)-1; i < j; i, j = i+1, j-1 {
-			imageListForThisTag[i], imageListForThisTag[j] = imageListForThisTag[j], imageListForThisTag[i]
-		}
-
-		// append to main image list
-		imageList = append(imageList, imageListForThisTag...)
-	}
-	if len(imageList) == 0 {
-		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
-	}
-	utils.Debugf("Image list: %v", imageList)
-	utils.Debugf("Tags by image: %v", tagsByImage)
-
-	return imageList, tagsByImage, nil
-}
-
-func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
-	out = utils.NewWriteFlusher(out)
-	utils.Debugf("Local repo: %s", localRepo)
-	imgList, tagsByImage, err := srv.getImageList(localRepo, tag)
-	if err != nil {
-		return err
-	}
-
-	out.Write(sf.FormatStatus("", "Sending image list"))
-
-	var (
-		repoData   *registry.RepositoryData
-		imageIndex []*registry.ImgData
-	)
-
-	for _, imgId := range imgList {
-		if tags, exists := tagsByImage[imgId]; exists {
-			// If an image has tags you must add an entry in the image index
-			// for each tag
-			for _, tag := range tags {
-				imageIndex = append(imageIndex, &registry.ImgData{
-					ID:  imgId,
-					Tag: tag,
-				})
-			}
-		} else {
-			// If the image does not have a tag it still needs to be sent to the
-			// registry with an empty tag so that it is accociated with the repository
-			imageIndex = append(imageIndex, &registry.ImgData{
-				ID:  imgId,
-				Tag: "",
-			})
-
-		}
-	}
-
-	utils.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
-	for _, data := range imageIndex {
-		utils.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
-	}
-
-	// Register all the images in a repository with the registry
-	// If an image is not in this list it will not be associated with the repository
-	repoData, err = r.PushImageJSONIndex(remoteName, imageIndex, false, nil)
-	if err != nil {
-		return err
-	}
-
-	nTag := 1
-	if tag == "" {
-		nTag = len(localRepo)
-	}
-	for _, ep := range repoData.Endpoints {
-		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, nTag))
-
-		for _, imgId := range imgList {
-			if r.LookupRemoteImage(imgId, ep, repoData.Tokens) {
-				out.Write(sf.FormatStatus("", "Image %s already pushed, skipping", utils.TruncateID(imgId)))
-			} else {
-				if _, err := srv.pushImage(r, out, remoteName, imgId, ep, repoData.Tokens, sf); err != nil {
-					// FIXME: Continue on error?
-					return err
-				}
-			}
-
-			for _, tag := range tagsByImage[imgId] {
-				out.Write(sf.FormatStatus("", "Pushing tag for rev [%s] on {%s}", utils.TruncateID(imgId), ep+"repositories/"+remoteName+"/tags/"+tag))
-
-				if err := r.PushRegistryTag(remoteName, imgId, tag, ep, repoData.Tokens); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	if _, err := r.PushImageJSONIndex(remoteName, imageIndex, true, repoData.Endpoints); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
-	out = utils.NewWriteFlusher(out)
-	jsonRaw, err := ioutil.ReadFile(path.Join(srv.daemon.Graph().Root, imgID, "json"))
-	if err != nil {
-		return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err)
-	}
-	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pushing", nil))
-
-	imgData := &registry.ImgData{
-		ID: imgID,
-	}
-
-	// Send the json
-	if err := r.PushImageJSONRegistry(imgData, jsonRaw, ep, token); err != nil {
-		if err == registry.ErrAlreadyExists {
-			out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image already pushed, skipping", nil))
-			return "", nil
-		}
-		return "", err
-	}
-
-	layerData, err := srv.daemon.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out)
-	if err != nil {
-		return "", fmt.Errorf("Failed to generate layer archive: %s", err)
-	}
-	defer os.RemoveAll(layerData.Name())
-
-	// Send the layer
-	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
-
-	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
-	if err != nil {
-		return "", err
-	}
-	imgData.Checksum = checksum
-	imgData.ChecksumPayload = checksumPayload
-	// Send the checksum
-	if err := r.PushImageChecksumRegistry(imgData, ep, token); err != nil {
-		return "", err
-	}
-
-	out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image successfully pushed", nil))
-	return imgData.Checksum, nil
-}
-
-// FIXME: Allow to interrupt current push when new push of same image is done.
-func (srv *Server) ImagePush(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	var (
-		localName   = job.Args[0]
-		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &registry.AuthConfig{}
-		metaHeaders map[string][]string
-	)
-
-	tag := job.Getenv("tag")
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("metaHeaders", &metaHeaders)
-	if _, err := srv.poolAdd("push", localName); err != nil {
-		return job.Error(err)
-	}
-	defer srv.poolRemove("push", localName)
-
-	// Resolve the Repository name from fqn to endpoint + name
-	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	img, err := srv.daemon.Graph().Get(localName)
-	r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
-	if err2 != nil {
-		return job.Error(err2)
-	}
-
-	if err != nil {
-		reposLen := 1
-		if tag == "" {
-			reposLen = len(srv.daemon.Repositories().Repositories[localName])
-		}
-		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
-		// If it fails, try to get the repository
-		if localRepo, exists := srv.daemon.Repositories().Repositories[localName]; exists {
-			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil {
-				return job.Error(err)
-			}
-			return engine.StatusOK
-		}
-		return job.Error(err)
-	}
-
-	var token []string
-	job.Stdout.Write(sf.FormatStatus("", "The push refers to an image: [%s]", localName))
-	if _, err := srv.pushImage(r, job.Stdout, remoteName, img.ID, endpoint, token, sf); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ImageImport(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 2 && n != 3 {
-		return job.Errorf("Usage: %s SRC REPO [TAG]", job.Name)
-	}
-	var (
-		src     = job.Args[0]
-		repo    = job.Args[1]
-		tag     string
-		sf      = utils.NewStreamFormatter(job.GetenvBool("json"))
-		archive archive.ArchiveReader
-		resp    *http.Response
-	)
-	if len(job.Args) > 2 {
-		tag = job.Args[2]
-	}
-
-	if src == "-" {
-		archive = job.Stdin
-	} else {
-		u, err := url.Parse(src)
-		if err != nil {
-			return job.Error(err)
-		}
-		if u.Scheme == "" {
-			u.Scheme = "http"
-			u.Host = src
-			u.Path = ""
-		}
-		job.Stdout.Write(sf.FormatStatus("", "Downloading from %s", u))
-		resp, err = utils.Download(u.String())
-		if err != nil {
-			return job.Error(err)
-		}
-		progressReader := utils.ProgressReader(resp.Body, int(resp.ContentLength), job.Stdout, sf, true, "", "Importing")
-		defer progressReader.Close()
-		archive = progressReader
-	}
-	img, err := srv.daemon.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil)
-	if err != nil {
-		return job.Error(err)
-	}
-	// Optionally register the image at REPO/TAG
-	if repo != "" {
-		if err := srv.daemon.Repositories().Set(repo, tag, img.ID, true); err != nil {
-			return job.Error(err)
-		}
-	}
-	job.Stdout.Write(sf.FormatStatus("", img.ID))
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
-	var name string
-	if len(job.Args) == 1 {
-		name = job.Args[0]
-	} else if len(job.Args) > 1 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-	config := runconfig.ContainerConfigFromJob(job)
-	if config.Memory != 0 && config.Memory < 524288 {
-		return job.Errorf("Minimum memory limit allowed is 512k")
-	}
-	if config.Memory > 0 && !srv.daemon.SystemConfig().MemoryLimit {
-		job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n")
-		config.Memory = 0
-	}
-	if config.Memory > 0 && !srv.daemon.SystemConfig().SwapLimit {
-		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
-		config.MemorySwap = -1
-	}
-	container, buildWarnings, err := srv.daemon.Create(config, name)
-	if err != nil {
-		if srv.daemon.Graph().IsNotExist(err) {
-			_, tag := parsers.ParseRepositoryTag(config.Image)
-			if tag == "" {
-				tag = graph.DEFAULTTAG
-			}
-			return job.Errorf("No such image: %s (tag: %s)", config.Image, tag)
-		}
-		return job.Error(err)
-	}
-	if !container.Config.NetworkDisabled && srv.daemon.SystemConfig().IPv4ForwardingDisabled {
-		job.Errorf("IPv4 forwarding is disabled.\n")
-	}
-	srv.LogEvent("create", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	// FIXME: this is necessary because daemon.Create might return a nil container
-	// with a non-nil error. This should not happen! Once it's fixed we
-	// can remove this workaround.
-	if container != nil {
-		job.Printf("%s\n", container.ID)
-	}
-	for _, warning := range buildWarnings {
-		job.Errorf("%s\n", warning)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerRestart(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		t    = 10
-	)
-	if job.EnvExists("t") {
-		t = job.GetenvInt("t")
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if err := container.Restart(int(t)); err != nil {
-			return job.Errorf("Cannot restart container %s: %s\n", name, err)
-		}
-		srv.LogEvent("restart", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	} else {
-		return job.Errorf("No such container: %s\n", name)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
-	}
-	name := job.Args[0]
-	removeVolume := job.GetenvBool("removeVolume")
-	removeLink := job.GetenvBool("removeLink")
-	stop := job.GetenvBool("stop")
-	kill := job.GetenvBool("kill")
-
-	container := srv.daemon.Get(name)
-
-	if removeLink {
-		if container == nil {
-			return job.Errorf("No such link: %s", name)
-		}
-		name, err := daemon.GetFullContainerName(name)
-		if err != nil {
-			job.Error(err)
-		}
-		parent, n := path.Split(name)
-		if parent == "/" {
-			return job.Errorf("Conflict, cannot remove the default name of the container")
-		}
-		pe := srv.daemon.ContainerGraph().Get(parent)
-		if pe == nil {
-			return job.Errorf("Cannot get parent %s for name %s", parent, name)
-		}
-		parentContainer := srv.daemon.Get(pe.ID())
-
-		if parentContainer != nil {
-			parentContainer.DisableLink(n)
-		}
-
-		if err := srv.daemon.ContainerGraph().Delete(name); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-
-	if container != nil {
-		if container.State.IsRunning() {
-			if stop {
-				if err := container.Stop(5); err != nil {
-					return job.Errorf("Could not stop running container, cannot remove - %v", err)
-				}
-			} else if kill {
-				if err := container.Kill(); err != nil {
-					return job.Errorf("Could not kill running container, cannot remove - %v", err)
-				}
-			} else {
-				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
-			}
-		}
-		if err := srv.daemon.Destroy(container); err != nil {
-			return job.Errorf("Cannot destroy container %s: %s", name, err)
-		}
-		srv.LogEvent("destroy", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-
-		if removeVolume {
-			var (
-				volumes     = make(map[string]struct{})
-				binds       = make(map[string]struct{})
-				usedVolumes = make(map[string]*daemon.Container)
-			)
-
-			// the volume id is always the base of the path
-			getVolumeId := func(p string) string {
-				return filepath.Base(strings.TrimSuffix(p, "/layer"))
-			}
-
-			// populate bind map so that they can be skipped and not removed
-			for _, bind := range container.HostConfig().Binds {
-				source := strings.Split(bind, ":")[0]
-				// TODO: refactor all volume stuff, all of it
-				// it is very important that we eval the link or comparing the keys to container.Volumes will not work
-				//
-				// eval symlink can fail, ref #5244 if we receive an is not exist error we can ignore it
-				p, err := filepath.EvalSymlinks(source)
-				if err != nil && !os.IsNotExist(err) {
-					return job.Error(err)
-				}
-				if p != "" {
-					source = p
-				}
-				binds[source] = struct{}{}
-			}
-
-			// Store all the deleted containers volumes
-			for _, volumeId := range container.Volumes {
-				// Skip the volumes mounted from external
-				// bind mounts here will will be evaluated for a symlink
-				if _, exists := binds[volumeId]; exists {
-					continue
-				}
-
-				volumeId = getVolumeId(volumeId)
-				volumes[volumeId] = struct{}{}
-			}
-
-			// Retrieve all volumes from all remaining containers
-			for _, container := range srv.daemon.List() {
-				for _, containerVolumeId := range container.Volumes {
-					containerVolumeId = getVolumeId(containerVolumeId)
-					usedVolumes[containerVolumeId] = container
-				}
-			}
-
-			for volumeId := range volumes {
-				// If the requested volu
-				if c, exists := usedVolumes[volumeId]; exists {
-					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
-					continue
-				}
-				if err := srv.daemon.Volumes().Delete(volumeId); err != nil {
-					return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err)
-				}
-			}
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, noprune bool) error {
-	var (
-		repoName, tag string
-		tags          = []string{}
-		tagDeleted    bool
-	)
-
-	repoName, tag = parsers.ParseRepositoryTag(name)
-	if tag == "" {
-		tag = graph.DEFAULTTAG
-	}
-
-	img, err := srv.daemon.Repositories().LookupImage(name)
-	if err != nil {
-		if r, _ := srv.daemon.Repositories().Get(repoName); r != nil {
-			return fmt.Errorf("No such image: %s:%s", repoName, tag)
-		}
-		return fmt.Errorf("No such image: %s", name)
-	}
-
-	if strings.Contains(img.ID, name) {
-		repoName = ""
-		tag = ""
-	}
-
-	byParents, err := srv.daemon.Graph().ByParent()
-	if err != nil {
-		return err
-	}
-
-	//If delete by id, see if the id belong only to one repository
-	if repoName == "" {
-		for _, repoAndTag := range srv.daemon.Repositories().ByID()[img.ID] {
-			parsedRepo, parsedTag := parsers.ParseRepositoryTag(repoAndTag)
-			if repoName == "" || repoName == parsedRepo {
-				repoName = parsedRepo
-				if parsedTag != "" {
-					tags = append(tags, parsedTag)
-				}
-			} else if repoName != parsedRepo && !force {
-				// the id belongs to multiple repos, like base:latest and user:test,
-				// in that case return conflict
-				return fmt.Errorf("Conflict, cannot delete image %s because it is tagged in multiple repositories, use -f to force", name)
-			}
-		}
-	} else {
-		tags = append(tags, tag)
-	}
-
-	if !first && len(tags) > 0 {
-		return nil
-	}
-
-	//Untag the current image
-	for _, tag := range tags {
-		tagDeleted, err = srv.daemon.Repositories().Delete(repoName, tag)
-		if err != nil {
-			return err
-		}
-		if tagDeleted {
-			out := &engine.Env{}
-			out.Set("Untagged", repoName+":"+tag)
-			imgs.Add(out)
-			srv.LogEvent("untag", img.ID, "")
-		}
-	}
-	tags = srv.daemon.Repositories().ByID()[img.ID]
-	if (len(tags) <= 1 && repoName == "") || len(tags) == 0 {
-		if len(byParents[img.ID]) == 0 {
-			if err := srv.canDeleteImage(img.ID, force, tagDeleted); err != nil {
-				return err
-			}
-			if err := srv.daemon.Repositories().DeleteAll(img.ID); err != nil {
-				return err
-			}
-			if err := srv.daemon.Graph().Delete(img.ID); err != nil {
-				return err
-			}
-			out := &engine.Env{}
-			out.Set("Deleted", img.ID)
-			imgs.Add(out)
-			srv.LogEvent("delete", img.ID, "")
-			if img.Parent != "" && !noprune {
-				err := srv.DeleteImage(img.Parent, imgs, false, force, noprune)
-				if first {
-					return err
-				}
-
-			}
-
-		}
-	}
-	return nil
-}
-
-func (srv *Server) ImageDelete(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	imgs := engine.NewTable("", 0)
-	if err := srv.DeleteImage(job.Args[0], imgs, true, job.GetenvBool("force"), job.GetenvBool("noprune")); err != nil {
-		return job.Error(err)
-	}
-	if len(imgs.Data) == 0 {
-		return job.Errorf("Conflict, %s wasn't deleted", job.Args[0])
-	}
-	if _, err := imgs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error {
-	var message string
-	if untagged {
-		message = " (docker untagged the image)"
-	}
-	for _, container := range srv.daemon.List() {
-		parent, err := srv.daemon.Repositories().LookupImage(container.Image)
-		if err != nil {
-			return err
-		}
-
-		if err := parent.WalkHistory(func(p *image.Image) error {
-			if imgID == p.ID {
-				if container.State.IsRunning() {
-					if force {
-						return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-					}
-					return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-				} else if !force {
-					return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-				}
-			}
-			return nil
-		}); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (srv *Server) setHostConfig(container *daemon.Container, hostConfig *runconfig.HostConfig) error {
-	// Validate the HostConfig binds. Make sure that:
-	// the source exists
-	for _, bind := range hostConfig.Binds {
-		splitBind := strings.Split(bind, ":")
-		source := splitBind[0]
-
-		// ensure the source exists on the host
-		_, err := os.Stat(source)
-		if err != nil && os.IsNotExist(err) {
-			err = os.MkdirAll(source, 0755)
-			if err != nil {
-				return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
-			}
-		}
-	}
-	// Register any links from the host config before starting the container
-	if err := srv.daemon.RegisterLinks(container, hostConfig); err != nil {
-		return err
-	}
-	container.SetHostConfig(hostConfig)
-	container.ToDisk()
-
-	return nil
-}
-
-func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
-	if len(job.Args) < 1 {
-		return job.Errorf("Usage: %s container_id", job.Name)
-	}
-	var (
-		name      = job.Args[0]
-		daemon    = srv.daemon
-		container = daemon.Get(name)
-	)
-
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	if container.State.IsRunning() {
-		return job.Errorf("Container already started")
-	}
-
-	// If no environment was set, then no hostconfig was passed.
-	if len(job.Environ()) > 0 {
-		hostConfig := runconfig.ContainerHostConfigFromJob(job)
-		if err := srv.setHostConfig(container, hostConfig); err != nil {
-			return job.Error(err)
-		}
-	}
-	if err := container.Start(); err != nil {
-		return job.Errorf("Cannot start container %s: %s", name, err)
-	}
-	srv.LogEvent("start", container.ID, daemon.Repositories().ImageName(container.Image))
-
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerStop(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		t    = 10
-	)
-	if job.EnvExists("t") {
-		t = job.GetenvInt("t")
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if !container.State.IsRunning() {
-			return job.Errorf("Container already stopped")
-		}
-		if err := container.Stop(int(t)); err != nil {
-			return job.Errorf("Cannot stop container %s: %s\n", name, err)
-		}
-		srv.LogEvent("stop", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	} else {
-		return job.Errorf("No such container: %s\n", name)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerWait(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		status, _ := container.State.WaitStop(-1 * time.Second)
-		job.Printf("%d\n", status)
-		return engine.StatusOK
-	}
-	return job.Errorf("%s: no such container: %s", job.Name, name)
-}
-
-func (srv *Server) ContainerResize(job *engine.Job) engine.Status {
-	if len(job.Args) != 3 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER HEIGHT WIDTH\n", job.Name)
-	}
-	name := job.Args[0]
-	height, err := strconv.Atoi(job.Args[1])
-	if err != nil {
-		return job.Error(err)
-	}
-	width, err := strconv.Atoi(job.Args[2])
-	if err != nil {
-		return job.Error(err)
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if err := container.Resize(height, width); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
-func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-
-	var (
-		name   = job.Args[0]
-		stdout = job.GetenvBool("stdout")
-		stderr = job.GetenvBool("stderr")
-		tail   = job.Getenv("tail")
-		follow = job.GetenvBool("follow")
-		times  = job.GetenvBool("timestamps")
-		lines  = -1
-		format string
-	)
-	if !(stdout || stderr) {
-		return job.Errorf("You must choose at least one stream")
-	}
-	if times {
-		format = time.RFC3339Nano
-	}
-	if tail == "" {
-		tail = "all"
-	}
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	cLog, err := container.ReadLog("json")
-	if err != nil && os.IsNotExist(err) {
-		// Legacy logs
-		utils.Debugf("Old logs format")
-		if stdout {
-			cLog, err := container.ReadLog("stdout")
-			if err != nil {
-				utils.Errorf("Error reading logs (stdout): %s", err)
-			} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stdout): %s", err)
-			}
-		}
-		if stderr {
-			cLog, err := container.ReadLog("stderr")
-			if err != nil {
-				utils.Errorf("Error reading logs (stderr): %s", err)
-			} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stderr): %s", err)
-			}
-		}
-	} else if err != nil {
-		utils.Errorf("Error reading logs (json): %s", err)
-	} else {
-		if tail != "all" {
-			var err error
-			lines, err = strconv.Atoi(tail)
-			if err != nil {
-				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", err)
-				lines = -1
-			}
-		}
-		if lines != 0 {
-			if lines > 0 {
-				f := cLog.(*os.File)
-				ls, err := tailfile.TailFile(f, lines)
-				if err != nil {
-					return job.Error(err)
-				}
-				tmp := bytes.NewBuffer([]byte{})
-				for _, l := range ls {
-					fmt.Fprintf(tmp, "%s\n", l)
-				}
-				cLog = tmp
-			}
-			dec := json.NewDecoder(cLog)
-			for {
-				l := &utils.JSONLog{}
-
-				if err := dec.Decode(l); err == io.EOF {
-					break
-				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
-					break
-				}
-				logLine := l.Log
-				if times {
-					logLine = fmt.Sprintf("%s %s", l.Created.Format(format), logLine)
-				}
-				if l.Stream == "stdout" && stdout {
-					fmt.Fprintf(job.Stdout, "%s", logLine)
-				}
-				if l.Stream == "stderr" && stderr {
-					fmt.Fprintf(job.Stderr, "%s", logLine)
-				}
-			}
-		}
-	}
-	if follow {
-		errors := make(chan error, 2)
-		if stdout {
-			stdoutPipe := container.StdoutLogPipe()
-			go func() {
-				errors <- utils.WriteLog(stdoutPipe, job.Stdout, format)
-			}()
-		}
-		if stderr {
-			stderrPipe := container.StderrLogPipe()
-			go func() {
-				errors <- utils.WriteLog(stderrPipe, job.Stderr, format)
-			}()
-		}
-		err := <-errors
-		if err != nil {
-			utils.Errorf("%s", err)
-		}
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerAttach(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-
-	var (
-		name   = job.Args[0]
-		logs   = job.GetenvBool("logs")
-		stream = job.GetenvBool("stream")
-		stdin  = job.GetenvBool("stdin")
-		stdout = job.GetenvBool("stdout")
-		stderr = job.GetenvBool("stderr")
-	)
-
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	//logs
-	if logs {
-		cLog, err := container.ReadLog("json")
-		if err != nil && os.IsNotExist(err) {
-			// Legacy logs
-			utils.Debugf("Old logs format")
-			if stdout {
-				cLog, err := container.ReadLog("stdout")
-				if err != nil {
-					utils.Errorf("Error reading logs (stdout): %s", err)
-				} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stdout): %s", err)
-				}
-			}
-			if stderr {
-				cLog, err := container.ReadLog("stderr")
-				if err != nil {
-					utils.Errorf("Error reading logs (stderr): %s", err)
-				} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stderr): %s", err)
-				}
-			}
-		} else if err != nil {
-			utils.Errorf("Error reading logs (json): %s", err)
-		} else {
-			dec := json.NewDecoder(cLog)
-			for {
-				l := &utils.JSONLog{}
-
-				if err := dec.Decode(l); err == io.EOF {
-					break
-				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
-					break
-				}
-				if l.Stream == "stdout" && stdout {
-					fmt.Fprintf(job.Stdout, "%s", l.Log)
-				}
-				if l.Stream == "stderr" && stderr {
-					fmt.Fprintf(job.Stderr, "%s", l.Log)
-				}
-			}
-		}
-	}
-
-	//stream
-	if stream {
-		var (
-			cStdin           io.ReadCloser
-			cStdout, cStderr io.Writer
-			cStdinCloser     io.Closer
-		)
-
-		if stdin {
-			r, w := io.Pipe()
-			go func() {
-				defer w.Close()
-				defer utils.Debugf("Closing buffered stdin pipe")
-				io.Copy(w, job.Stdin)
-			}()
-			cStdin = r
-			cStdinCloser = job.Stdin
-		}
-		if stdout {
-			cStdout = job.Stdout
-		}
-		if stderr {
-			cStderr = job.Stderr
-		}
-
-		<-srv.daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr)
-
-		// If we are in stdinonce mode, wait for the process to end
-		// otherwise, simply return
-		if container.Config.StdinOnce && !container.Config.Tty {
-			container.State.WaitStop(-1 * time.Second)
-		}
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
-	if len(job.Args) != 2 {
-		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
-	}
-
-	var (
-		name     = job.Args[0]
-		resource = job.Args[1]
-	)
-
-	if container := srv.daemon.Get(name); container != nil {
-
-		data, err := container.Copy(resource)
-		if err != nil {
-			return job.Error(err)
-		}
-		defer data.Close()
-
-		if _, err := io.Copy(job.Stdout, data); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
-func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) {
-	daemon, err := daemon.NewDaemon(config, eng)
-	if err != nil {
-		return nil, err
-	}
-	srv := &Server{
-		Eng:            eng,
-		daemon:         daemon,
-		pullingPool:    make(map[string]chan struct{}),
-		pushingPool:    make(map[string]chan struct{}),
-		events:         make([]utils.JSONMessage, 0, 64), //only keeps the 64 last events
-		eventPublisher: utils.NewJSONMessagePublisher(),
-	}
-	daemon.SetServer(srv)
-	return srv, nil
-}
-
-func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage {
-	now := time.Now().UTC().Unix()
-	jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now}
-	srv.AddEvent(jm)
-	srv.eventPublisher.Publish(jm)
-	return &jm
-}
-
-func (srv *Server) AddEvent(jm utils.JSONMessage) {
-	srv.Lock()
-	if len(srv.events) == cap(srv.events) {
-		// discard oldest event
-		copy(srv.events, srv.events[1:])
-		srv.events[len(srv.events)-1] = jm
-	} else {
-		srv.events = append(srv.events, jm)
-	}
-	srv.Unlock()
-}
-
-func (srv *Server) GetEvents() []utils.JSONMessage {
-	srv.RLock()
-	defer srv.RUnlock()
-	return srv.events
-}
-
 func (srv *Server) SetRunning(status bool) {
 	srv.Lock()
 	defer srv.Unlock()

From d3b2916a280f013e18d089547aee2bac6a5af8f1 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 30 Jul 2014 10:20:52 -0400
Subject: [PATCH 297/516] Make --attach case-insensitive

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: a7134132933d899f30ab775ac9604ff4e87d7c8d
Component: engine
---
 components/engine/opts/opts.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index 43bef37068..bfee2ad217 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -87,10 +87,13 @@ func (opts *ListOpts) Len() int {
 type ValidatorFctType func(val string) (string, error)
 
 func ValidateAttach(val string) (string, error) {
-	if val != "stdin" && val != "stdout" && val != "stderr" {
-		return val, fmt.Errorf("Unsupported stream name: %s", val)
+	s := strings.ToLower(val)
+	for _, str := range []string{"stdin", "stdout", "stderr"} {
+		if s == str {
+			return s, nil
+		}
 	}
-	return val, nil
+	return val, fmt.Errorf("valid streams are STDIN, STDOUT and STDERR.")
 }
 
 func ValidateLink(val string) (string, error) {

From 8454954b9326d9a48664cb57ebbc9834b9a84d8e Mon Sep 17 00:00:00 2001
From: Roberto Gandolfo Hashioka <roberto_hashioka@hotmail.com>
Date: Wed, 30 Jul 2014 15:32:14 -0700
Subject: [PATCH 298/516] Added GA universal analytics support

Docker-DCO-1.1-Signed-off-by: Roberto Hashioka <roberto.hashioka@docker.com> (github: rogaha)
Upstream-commit: e13b1fc05f5caaa324678b7da2fc917943557185
Component: engine
---
 components/engine/docs/theme/mkdocs/base.html | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index 3fe284689b..f4dfeef038 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -28,15 +28,15 @@
   <![endif]-->
   {% if config.google_analytics %}
   <script type="text/javascript">
-  var _gaq = _gaq || [];
-  _gaq.push(['_setAccount', '{{ config.google_analytics[0] }}']);
-  _gaq.push(['_trackPageview']);
-  _gaq.push(['_trackPageLoadTime']);
-  (function() {
-    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
-    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
-    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
-  })();
+  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+  ga('create', '{{ config.google_analytics[0] }}', 'docker.com');
+  ga('require', 'linkid', 'linkid.js');
+  ga('send', 'pageview', {
+   'page': location.pathname + location.search  + location.hash,
+  });
   </script>
   {% endif %}
 </head>

From 4d9e0d4b7422bf2c71795d07e6ddbfcdbffc09b2 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 30 Jul 2014 17:02:04 -0600
Subject: [PATCH 299/516] Fix more instances of "dotcloud/docker" in hack/ (and
 add a DOCKER_PKG environment variable to simplify references to our "package
 path" in our bundlescripts)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 3a14eb066cef537e52f96c6ad76adab2efe02e05
Component: engine
---
 components/engine/hack/make.sh                 | 18 ++++++++++--------
 components/engine/hack/make/dynbinary          |  2 +-
 .../engine/hack/make/dyntest-integration       |  2 +-
 components/engine/hack/make/dyntest-unit       |  2 +-
 components/engine/hack/make/test-integration   |  2 +-
 components/engine/hack/make/test-unit          |  2 +-
 6 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index ca3c775bfd..2d883cd883 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -23,9 +23,11 @@ set -e
 
 set -o pipefail
 
+export DOCKER_PKG='github.com/docker/docker'
+
 # We're a nice, sexy, little shell script, and people might try to run us;
 # but really, they shouldn't. We want to be in a container!
-if [ "$(pwd)" != '/go/src/github.com/docker/docker' ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
+if [ "$(pwd)" != "/go/src/$DOCKER_PKG" ] || [ -z "$DOCKER_CROSSPLATFORMS" ]; then
 	{
 		echo "# WARNING! I don't seem to be running in the Docker container."
 		echo "# The result of this command might be an incorrect build, and will not be"
@@ -77,8 +79,8 @@ fi
 
 if [ "$AUTO_GOPATH" ]; then
 	rm -rf .gopath
-	mkdir -p .gopath/src/github.com/docker
-	ln -sf ../../../.. .gopath/src/github.com/docker/docker
+	mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")"
+	ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
 	export GOPATH="$(pwd)/.gopath:$(pwd)/vendor"
 fi
 
@@ -91,8 +93,8 @@ fi
 # Use these flags when compiling the tests and final binary
 LDFLAGS='
 	-w
-	-X github.com/docker/docker/dockerversion.GITCOMMIT "'$GITCOMMIT'"
-	-X github.com/docker/docker/dockerversion.VERSION "'$VERSION'"
+	-X '$DOCKER_PKG'/dockerversion.GITCOMMIT "'$GITCOMMIT'"
+	-X '$DOCKER_PKG'/dockerversion.VERSION "'$VERSION'"
 '
 LDFLAGS_STATIC='-linkmode external'
 EXTLDFLAGS_STATIC='-static'
@@ -103,7 +105,7 @@ BUILDFLAGS=( -a -tags "netgo static_build $DOCKER_BUILDTAGS" )
 EXTLDFLAGS_STATIC_DOCKER="$EXTLDFLAGS_STATIC -lpthread -Wl,--unresolved-symbols=ignore-in-object-files"
 LDFLAGS_STATIC_DOCKER="
 	$LDFLAGS_STATIC
-	-X github.com/docker/docker/dockerversion.IAMSTATIC true
+	-X $DOCKER_PKG/dockerversion.IAMSTATIC true
 	-extldflags \"$EXTLDFLAGS_STATIC_DOCKER\"
 "
 
@@ -150,7 +152,7 @@ go_test_dir() {
 		testcover=( -cover -coverprofile "$coverprofile" $coverpkg )
 	fi
 	(
-		echo '+ go test' $TESTFLAGS "github.com/docker/docker${dir#.}"
+		echo '+ go test' $TESTFLAGS "${DOCKER_PKG}${dir#.}"
 		cd "$dir"
 		go test ${testcover[@]} -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS
 	)
@@ -178,7 +180,7 @@ go_compile_test_dir() {
 	[ $? -ne 0 ] && return 1
 	mkdir -p "$(dirname "$out_file")"
 	mv "$dir/$(basename "$dir").test" "$out_file"
-	echo "Precompiled: github.com/dotcloud/docker${dir#.}"
+	echo "Precompiled: ${DOCKER_PKG}${dir#.}"
 }
 
 # This helper function walks the current directory looking for directories
diff --git a/components/engine/hack/make/dynbinary b/components/engine/hack/make/dynbinary
index ca7cbdab07..5064a799bd 100644
--- a/components/engine/hack/make/dynbinary
+++ b/components/engine/hack/make/dynbinary
@@ -39,7 +39,7 @@ fi
 # exported so that "dyntest" can easily access it later without recalculating it
 
 (
-	export LDFLAGS_STATIC_DOCKER="-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\" -X github.com/docker/docker/dockerversion.INITPATH \"$DOCKER_INITPATH\""
+	export LDFLAGS_STATIC_DOCKER="-X $DOCKER_PKG/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\" -X $DOCKER_PKG/dockerversion.INITPATH \"$DOCKER_INITPATH\""
 	export BUILDFLAGS=( "${BUILDFLAGS[@]/netgo /}" ) # disable netgo, since we don't need it for a dynamic binary
 	source "$(dirname "$BASH_SOURCE")/binary"
 )
diff --git a/components/engine/hack/make/dyntest-integration b/components/engine/hack/make/dyntest-integration
index 218b65a054..1cc7349aba 100644
--- a/components/engine/hack/make/dyntest-integration
+++ b/components/engine/hack/make/dyntest-integration
@@ -12,7 +12,7 @@ fi
 (
 	export TEST_DOCKERINIT_PATH="$INIT"
 	export LDFLAGS_STATIC_DOCKER="
-		-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
+		-X $DOCKER_PKG/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
 	"
 	source "$(dirname "$BASH_SOURCE")/test-integration"
 )
diff --git a/components/engine/hack/make/dyntest-unit b/components/engine/hack/make/dyntest-unit
index dfd84cb3b5..cffef98512 100644
--- a/components/engine/hack/make/dyntest-unit
+++ b/components/engine/hack/make/dyntest-unit
@@ -12,7 +12,7 @@ fi
 (
 	export TEST_DOCKERINIT_PATH="$INIT"
 	export LDFLAGS_STATIC_DOCKER="
-		-X github.com/docker/docker/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
+		-X $DOCKER_PKG/dockerversion.INITSHA1 \"$DOCKER_INITSHA1\"
 	"
 	source "$(dirname "$BASH_SOURCE")/test-unit"
 )
diff --git a/components/engine/hack/make/test-integration b/components/engine/hack/make/test-integration
index 9daa8a0a4e..b49ae595e2 100644
--- a/components/engine/hack/make/test-integration
+++ b/components/engine/hack/make/test-integration
@@ -5,7 +5,7 @@ DEST=$1
 
 bundle_test_integration() {
 	LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir ./integration \
-		"-coverpkg $(find_dirs '*.go' | sed 's,^\.,github.com/docker/docker,g' | paste -d, -s)"
+		"-coverpkg $(find_dirs '*.go' | sed 's,^\.,'$DOCKER_PKG',g' | paste -d, -s)"
 }
 
 # this "grep" hides some really irritating warnings that "go test -coverpkg"
diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit
index 1ac3f4aa5b..03172f9eab 100644
--- a/components/engine/hack/make/test-unit
+++ b/components/engine/hack/make/test-unit
@@ -54,7 +54,7 @@ go_run_test_dir() {
 	TESTS_FAILED=()
 	while read dir; do
 		echo
-		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
+		echo '+ go test' $TESTFLAGS "${DOCKER_PKG}${dir#.}"
 		precompiled="$DEST/precompiled/$dir.test"
 		if ! ( cd "$dir" && "$precompiled" ); then
 			TESTS_FAILED+=("$dir")

From 5d2578de8312fd3501123d7b392bc648b735a762 Mon Sep 17 00:00:00 2001
From: Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
Date: Tue, 29 Apr 2014 00:04:28 +0900
Subject: [PATCH 300/516] Fix graph/tags_unit_test.go on FreeBSD

- Directories should have u+x (0600 -> 0700)
- Don't chown files to root because we don't have to

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
Upstream-commit: 5ebe86ccf9bedf439b2c90e26dee0f27c0c116f9
Component: engine
---
 components/engine/archive/diff.go         |  2 +-
 components/engine/graph/tags_unit_test.go | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go
index a805f2c0a1..8bf7c3b1d4 100644
--- a/components/engine/archive/diff.go
+++ b/components/engine/archive/diff.go
@@ -61,7 +61,7 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = os.MkdirAll(parentPath, 0600)
+				err = os.MkdirAll(parentPath, 0700)
 				if err != nil {
 					return err
 				}
diff --git a/components/engine/graph/tags_unit_test.go b/components/engine/graph/tags_unit_test.go
index fdcc21ecbe..c6edc2d0d4 100644
--- a/components/engine/graph/tags_unit_test.go
+++ b/components/engine/graph/tags_unit_test.go
@@ -19,11 +19,19 @@ const (
 )
 
 func fakeTar() (io.Reader, error) {
+	uid := os.Getuid()
+	gid := os.Getgid()
+
 	content := []byte("Hello world!\n")
 	buf := new(bytes.Buffer)
 	tw := tar.NewWriter(buf)
 	for _, name := range []string{"/etc/postgres/postgres.conf", "/etc/passwd", "/var/log/postgres/postgres.conf"} {
 		hdr := new(tar.Header)
+
+		// Leaving these fields blank requires root privileges
+		hdr.Uid = uid
+		hdr.Gid = gid
+
 		hdr.Size = int64(len(content))
 		hdr.Name = name
 		if err := tw.WriteHeader(hdr); err != nil {
@@ -53,8 +61,6 @@ func mkTestTagStore(root string, t *testing.T) *TagStore {
 		t.Fatal(err)
 	}
 	img := &image.Image{ID: testImageID}
-	// FIXME: this fails on Darwin with:
-	// tags_unit_test.go:36: mkdir /var/folders/7g/b3ydb5gx4t94ndr_cljffbt80000gq/T/docker-test569b-tRunner-075013689/vfs/dir/foo/etc/postgres: permission denied
 	if err := graph.Register(nil, archive, img); err != nil {
 		t.Fatal(err)
 	}

From 8511e76574689b05f5338bbb4f26edc0f3c444c7 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 30 Jul 2014 18:05:57 -0700
Subject: [PATCH 301/516] Remove perm change in archive
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 6bc483fa59adc0be65ea9c804c69d861a02435bd
 Component: engine

---
 components/engine/archive/diff.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go
index 8bf7c3b1d4..a805f2c0a1 100644
--- a/components/engine/archive/diff.go
+++ b/components/engine/archive/diff.go
@@ -61,7 +61,7 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = os.MkdirAll(parentPath, 0700)
+				err = os.MkdirAll(parentPath, 0600)
 				if err != nil {
 					return err
 				}

From ebf6bae6b0b6d658cef57743ec53231323b3c4c2 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Wed, 30 Jul 2014 22:47:49 -0700
Subject: [PATCH 302/516] docs/google: bump container-vm image version

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
Upstream-commit: 294f33b37a2d029164728534e781bc118d6689c2
Component: engine
---
 components/engine/docs/sources/installation/google.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/google.md b/components/engine/docs/sources/installation/google.md
index fa2fa61fc9..23a9bfbfb8 100644
--- a/components/engine/docs/sources/installation/google.md
+++ b/components/engine/docs/sources/installation/google.md
@@ -20,7 +20,7 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput
    (select a zone close to you and the desired instance size)
 
         $ gcloud compute instances create docker-playground \
-          --image container-vm-v20140710 \
+          --image container-vm-v20140730 \
           --image-project google-containers \
           --zone us-central1-a \
           --machine-type f1-micro

From c62c2487930a5be9120bd95606f98832a9eb138a Mon Sep 17 00:00:00 2001
From: Jan Toebes <jan@toebes.info>
Date: Thu, 31 Jul 2014 08:54:22 +0200
Subject: [PATCH 303/516] Update nodejs_web_app.md

Updated to documentation to use the centos6 image instead of the unofficial tutum image of centos6.4
Upstream-commit: bfacdfdccf5e93301842309a0048990ef0ebb549
Component: engine
---
 .../engine/docs/sources/examples/nodejs_web_app.md   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/sources/examples/nodejs_web_app.md b/components/engine/docs/sources/examples/nodejs_web_app.md
index 840d85e12e..5d69fd713b 100644
--- a/components/engine/docs/sources/examples/nodejs_web_app.md
+++ b/components/engine/docs/sources/examples/nodejs_web_app.md
@@ -66,10 +66,10 @@ requires to build (this example uses Docker 0.3.4):
 
 Next, define the parent image you want to use to build your own image on
 top of. Here, we'll use
-[CentOS](https://registry.hub.docker.com/_/centos/) (tag: `6.4`)
+[CentOS](https://registry.hub.docker.com/_/centos/) (tag: `centos6`)
 available on the [Docker Hub](https://hub.docker.com/):
 
-    FROM    tutum/centos-6.4
+    FROM    centos:centos6
 
 Since we're building a Node.js app, you'll have to install Node.js as
 well as npm on your CentOS image. Node.js is required to run your app
@@ -109,7 +109,7 @@ defines your runtime, i.e. `node`, and the path to our app, i.e. `src/index.js`
 Your `Dockerfile` should now look like this:
 
     # DOCKER-VERSION 0.3.4
-    FROM    tutum/centos-6.4
+    FROM    centos:centos6
 
     # Enable EPEL for Node.js
     RUN     rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
@@ -137,9 +137,9 @@ Your image will now be listed by Docker:
     $ sudo docker images
 
     # Example
-    REPOSITORY                            TAG        ID              CREATED
-    tutum                                 centos-6.4 539c0211cd76    8 weeks ago
-    <your username>/centos-node-hello     latest     d64d3505b0d2    2 hours ago
+    REPOSITORY                          TAG        ID              CREATED
+    centos                              centos6    539c0211cd76    8 weeks ago
+    <your username>/centos-node-hello   latest     d64d3505b0d2    2 hours ago
 
 ## Run the image
 

From 4796299987d599f836a9dae18c9849969b8539ec Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 29 Jul 2014 13:35:49 -0600
Subject: [PATCH 304/516] Bump libcontainer dep

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: f4db3985d9b6ce481437c9524bb33640d602a2cb
Component: engine
---
 components/engine/hack/vendor.sh              |   2 +-
 .../docker/libcontainer/.travis.yml           |   6 +-
 .../docker/libcontainer/CONTRIBUTORS_GUIDE.md |   2 +-
 .../libcontainer/cgroups/fs/apply_raw.go      |   4 +
 .../libcontainer/cgroups/fs/utils_test.go     |  19 ++
 .../docker/libcontainer/label/label.go        |   9 +-
 .../libcontainer/label/label_selinux.go       |  56 +++-
 .../libcontainer/label/label_selinux_test.go  |  48 ++++
 .../docker/libcontainer/namespaces/init.go    |  13 +-
 .../docker/libcontainer/namespaces/nsenter.go |  29 +-
 .../docker/libcontainer/system/sysconfig.go   |   2 +-
 .../libcontainer/system/sysconfig_notcgo.go   |   2 +-
 .../docker/libcontainer/user/MAINTAINERS      |   1 +
 .../docker/libcontainer/user/user.go          | 258 ++++++++++++++++++
 .../docker/libcontainer/user/user_test.go     |  94 +++++++
 15 files changed, 503 insertions(+), 42 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/user/MAINTAINERS
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/user/user.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/user/user_test.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 6b780f0fa8..f916e1fcf0 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer e6a43c1c2b9f769deb96348a0a93417cd48a36d8
+clone git github.com/docker/libcontainer bc06326a5e7decdc4191d1367de8439b9d83c450
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
index 7040d0bd71..331227af01 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -21,10 +21,10 @@ install:
     - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go env; fi
     - go get -d -v ./...
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then
-          export DOCKER_PATH="${GOPATH%%:*}/src/github.com/dotcloud/docker";
+          export DOCKER_PATH="${GOPATH%%:*}/src/github.com/docker/docker";
           mkdir -p "$DOCKER_PATH/hack/make";
-          ( cd "$DOCKER_PATH/hack/make" && wget -c 'https://raw.githubusercontent.com/dotcloud/docker/master/hack/make/'{.validate,validate-dco,validate-gofmt} );
-          sed -i 's!dotcloud/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate";
+          ( cd "$DOCKER_PATH/hack/make" && wget -c 'https://raw.githubusercontent.com/docker/docker/master/hack/make/'{.validate,validate-dco,validate-gofmt} );
+          sed -i 's!docker/docker!docker/libcontainer!' "$DOCKER_PATH/hack/make/.validate";
       fi
 
 script:
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md b/components/engine/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md
index f02689625c..07bf22a031 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md
@@ -176,7 +176,7 @@ One way to automate this, is customise your get ``commit.template`` by adding
 a ``prepare-commit-msg`` hook to your libcontainer checkout:
 
 ```
-curl -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/dotcloud/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
+curl -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/docker/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
 ```
 
 * Note: the above script expects to find your GitHub user name in ``git config --get github.user``
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
index e9c06e1e2c..2d1a15239f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -150,6 +150,10 @@ func (raw *data) parent(subsystem string) (string, error) {
 }
 
 func (raw *data) path(subsystem string) (string, error) {
+	// If the cgroup name/path is absolute do not look relative to the cgroup of the init process.
+	if filepath.IsAbs(raw.cgroup) {
+		return filepath.Join(raw.root, subsystem, raw.cgroup), nil
+	}
 	parent, err := raw.parent(subsystem)
 	if err != nil {
 		return "", err
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
index 63d743f06e..6ea59bc506 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
@@ -5,6 +5,8 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+
+	"github.com/docker/libcontainer/cgroups"
 )
 
 const (
@@ -66,3 +68,20 @@ func TestGetCgroupParamsInt(t *testing.T) {
 		t.Fatal("Expecting error, got none")
 	}
 }
+
+func TestAbsolutePathHandling(t *testing.T) {
+	testCgroup := cgroups.Cgroup{
+		Name:   "bar",
+		Parent: "/foo",
+	}
+	cgroupData := data{
+		root:   "/sys/fs/cgroup",
+		cgroup: "/foo/bar",
+		c:      &testCgroup,
+		pid:    1,
+	}
+	expectedPath := filepath.Join(cgroupData.root, "cpu", testCgroup.Parent, testCgroup.Name)
+	if path, err := cgroupData.path("cpu"); path != expectedPath || err != nil {
+		t.Fatalf("expected path %s but got %s %s", expectedPath, path, err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go b/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
index 5c8228cdde..73869b36cf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/label/label.go
@@ -2,6 +2,13 @@
 
 package label
 
+// InitLabels returns the process label and file labels to be used within
+// the container.  A list of options can be passed into this function to alter
+// the labels.
+func InitLabels(options []string) (string, string, error) {
+	return "", "", nil
+}
+
 func GenLabels(options string) (string, string, error) {
 	return "", "", nil
 }
@@ -22,7 +29,7 @@ func Relabel(path string, fileLabel string, relabel string) error {
 	return nil
 }
 
-func GetPidCon(pid int) (string, error) {
+func GetPidLabel(pid int) (string, error) {
 	return "", nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
index aa502a3d6f..5b1380a2be 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
@@ -9,30 +9,49 @@ import (
 	"github.com/docker/libcontainer/selinux"
 )
 
-func GenLabels(options string) (string, string, error) {
+// InitLabels returns the process label and file labels to be used within
+// the container.  A list of options can be passed into this function to alter
+// the labels.  The labels returned will include a random MCS String, that is
+// guaranteed to be unique.
+func InitLabels(options []string) (string, string, error) {
 	if !selinux.SelinuxEnabled() {
 		return "", "", nil
 	}
 	var err error
 	processLabel, mountLabel := selinux.GetLxcContexts()
 	if processLabel != "" {
-		var (
-			s = strings.Fields(options)
-			l = len(s)
-		)
-		if l > 0 {
-			pcon := selinux.NewContext(processLabel)
-			for i := 0; i < l; i++ {
-				o := strings.Split(s[i], "=")
-				pcon[o[0]] = o[1]
+		pcon := selinux.NewContext(processLabel)
+		mcon := selinux.NewContext(mountLabel)
+		for _, opt := range options {
+			if opt == "disable" {
+				return "", "", nil
+			}
+			if i := strings.Index(opt, ":"); i == -1 {
+				return "", "", fmt.Errorf("Bad SELinux Option")
+			}
+			con := strings.SplitN(opt, ":", 2)
+			pcon[con[0]] = con[1]
+			if con[0] == "level" || con[0] == "user" {
+				mcon[con[0]] = con[1]
 			}
-			processLabel = pcon.Get()
-			mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
 		}
+		processLabel = pcon.Get()
+		mountLabel = mcon.Get()
 	}
 	return processLabel, mountLabel, err
 }
 
+// DEPRECATED: The GenLabels function is only to be used during the transition to the official API.
+func GenLabels(options string) (string, string, error) {
+	return InitLabels(strings.Fields(options))
+}
+
+// FormatMountLabel returns a string to be used by the mount command.
+// The format of this string will be used to alter the labeling of the mountpoint.
+// The string returned is suitable to be used as the options field of the mount command.
+// If you need to have additional mount point options, you can pass them in as
+// the first parameter.  Second parameter is the label that you wish to apply
+// to all content in the mount point.
 func FormatMountLabel(src, mountLabel string) string {
 	if mountLabel != "" {
 		switch src {
@@ -45,6 +64,8 @@ func FormatMountLabel(src, mountLabel string) string {
 	return src
 }
 
+// SetProcessLabel takes a process label and tells the kernel to assign the
+// label to the next program executed by the current process.
 func SetProcessLabel(processLabel string) error {
 	if selinux.SelinuxEnabled() {
 		return selinux.Setexeccon(processLabel)
@@ -52,6 +73,9 @@ func SetProcessLabel(processLabel string) error {
 	return nil
 }
 
+// GetProcessLabel returns the process label that the kernel will assign
+// to the next program executed by the current process.  If "" is returned
+// this indicates that the default labeling will happen for the process.
 func GetProcessLabel() (string, error) {
 	if selinux.SelinuxEnabled() {
 		return selinux.Getexeccon()
@@ -59,6 +83,7 @@ func GetProcessLabel() (string, error) {
 	return "", nil
 }
 
+// SetFileLabel modifies the "path" label to the specified file label
 func SetFileLabel(path string, fileLabel string) error {
 	if selinux.SelinuxEnabled() && fileLabel != "" {
 		return selinux.Setfilecon(path, fileLabel)
@@ -83,17 +108,22 @@ func Relabel(path string, fileLabel string, relabel string) error {
 	return selinux.Chcon(path, fileLabel, true)
 }
 
-func GetPidCon(pid int) (string, error) {
+// GetPidLabel will return the label of the process running with the specified pid
+func GetPidLabel(pid int) (string, error) {
 	if !selinux.SelinuxEnabled() {
 		return "", nil
 	}
 	return selinux.Getpidcon(pid)
 }
 
+// Init initialises the labeling system
 func Init() {
 	selinux.SelinuxEnabled()
 }
 
+// ReserveLabel will record the fact that the MCS label has already been used.
+// This will prevent InitLabels from using the MCS label in a newly created
+// container
 func ReserveLabel(label string) error {
 	selinux.ReserveLabel(label)
 	return nil
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux_test.go
new file mode 100644
index 0000000000..c83654f6b5
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/label/label_selinux_test.go
@@ -0,0 +1,48 @@
+// +build selinux,linux
+
+package label
+
+import (
+	"testing"
+
+	"github.com/docker/libcontainer/selinux"
+)
+
+func TestInit(t *testing.T) {
+	if selinux.SelinuxEnabled() {
+		var testNull []string
+		plabel, mlabel, err := InitLabels(testNull)
+		if err != nil {
+			t.Log("InitLabels Failed")
+			t.Fatal(err)
+		}
+		testDisabled := []string{"disable"}
+		plabel, mlabel, err = InitLabels(testDisabled)
+		if err != nil {
+			t.Log("InitLabels Disabled Failed")
+			t.Fatal(err)
+		}
+		if plabel != "" {
+			t.Log("InitLabels Disabled Failed")
+			t.Fatal()
+		}
+		testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"}
+		plabel, mlabel, err = InitLabels(testUser)
+		if err != nil {
+			t.Log("InitLabels User Failed")
+			t.Fatal(err)
+		}
+		if plabel != "user_u:user_r:user_t:s0:c1,c15" || mlabel != "user_u:object_r:svirt_sandbox_file_t:s0:c1,c15" {
+			t.Log("InitLabels User Failed")
+			t.Log(plabel, mlabel)
+			t.Fatal(err)
+		}
+
+		testBadData := []string{"user", "role:user_r", "type:user_t", "level:s0:c1,c15"}
+		plabel, mlabel, err = InitLabels(testBadData)
+		if err == nil {
+			t.Log("InitLabels Bad Failed")
+			t.Fatal(err)
+		}
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index e43db3965c..0e678b67ab 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -9,7 +9,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/docker/docker/pkg/user"
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/console"
@@ -21,6 +20,7 @@ import (
 	"github.com/docker/libcontainer/security/restrict"
 	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/system"
+	"github.com/docker/libcontainer/user"
 	"github.com/docker/libcontainer/utils"
 )
 
@@ -119,7 +119,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 		return fmt.Errorf("restore parent death signal %s", err)
 	}
 
-	return system.Execv(args[0], args[0:], container.Env)
+	return system.Execv(args[0], args[0:], os.Environ())
 }
 
 // RestoreParentDeathSignal sets the parent death signal to old.
@@ -152,7 +152,7 @@ func RestoreParentDeathSignal(old int) error {
 
 // SetupUser changes the groups, gid, and uid for the user inside the container
 func SetupUser(u string) error {
-	uid, gid, suppGids, err := user.GetUserGroupSupplementary(u, syscall.Getuid(), syscall.Getgid())
+	uid, gid, suppGids, home, err := user.GetUserGroupSupplementaryHome(u, syscall.Getuid(), syscall.Getgid(), "/")
 	if err != nil {
 		return fmt.Errorf("get supplementary groups %s", err)
 	}
@@ -169,6 +169,13 @@ func SetupUser(u string) error {
 		return fmt.Errorf("setuid %s", err)
 	}
 
+	// if we didn't get HOME already, set it based on the user's HOME
+	if envHome := os.Getenv("HOME"); envHome == "" {
+		if err := os.Setenv("HOME", home); err != nil {
+			return fmt.Errorf("set HOME %s", err)
+		}
+	}
+
 	return nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
index cddfa44253..bf05628ce4 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
@@ -3,7 +3,6 @@
 package namespaces
 
 /*
-#include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/limits.h>
@@ -12,7 +11,6 @@ package namespaces
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <getopt.h>
@@ -145,36 +143,31 @@ void nsenter() {
 	char ns_dir[PATH_MAX];
 	memset(ns_dir, 0, PATH_MAX);
 	snprintf(ns_dir, PATH_MAX - 1, "/proc/%d/ns/", init_pid);
-	struct dirent *dent;
-	DIR *dir = opendir(ns_dir);
-	if (dir == NULL) {
-		fprintf(stderr, "nsenter: Failed to open directory \"%s\" with error: \"%s\"\n", ns_dir, strerror(errno));
-		exit(1);
-	}
 
-	while((dent = readdir(dir)) != NULL) {
-		if(strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0 || strcmp(dent->d_name, "user") == 0) {
-			continue;
-		}
-
-		// Get and open the namespace for the init we are joining..
+	char* namespaces[] = {"ipc", "uts", "net", "pid", "mnt"};
+	const int num = sizeof(namespaces) / sizeof(char*);
+	int i;
+	for (i = 0; i < num; i++) {
 		char buf[PATH_MAX];
 		memset(buf, 0, PATH_MAX);
-		snprintf(buf, PATH_MAX - 1, "%s%s", ns_dir, dent->d_name);
+		snprintf(buf, PATH_MAX - 1, "%s%s", ns_dir, namespaces[i]);
 		int fd = open(buf, O_RDONLY);
 		if (fd == -1) {
-			fprintf(stderr, "nsenter: Failed to open ns file \"%s\" for ns \"%s\" with error: \"%s\"\n", buf, dent->d_name, strerror(errno));
+			// Ignore nonexistent namespaces.
+			if (errno == ENOENT)
+				continue;
+
+			fprintf(stderr, "nsenter: Failed to open ns file \"%s\" for ns \"%s\" with error: \"%s\"\n", buf, namespaces[i], strerror(errno));
 			exit(1);
 		}
 
 		// Set the namespace.
 		if (setns(fd, 0) == -1) {
-			fprintf(stderr, "nsenter: Failed to setns for \"%s\" with error: \"%s\"\n", dent->d_name, strerror(errno));
+			fprintf(stderr, "nsenter: Failed to setns for \"%s\" with error: \"%s\"\n", namespaces[i], strerror(errno));
 			exit(1);
 		}
 		close(fd);
 	}
-	closedir(dir);
 
 	// We must fork to actually enter the PID namespace.
 	int child = fork();
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
index 3e2f43b1e9..5efddefa79 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig.go
@@ -1,4 +1,4 @@
-// +build linux,cgo
+// +build cgo
 
 package system
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go
index 4bbb69896f..663db82bce 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/system/sysconfig_notcgo.go
@@ -1,4 +1,4 @@
-// +build linux,!cgo
+// +build !cgo
 
 package system
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/user/MAINTAINERS b/components/engine/vendor/src/github.com/docker/libcontainer/user/MAINTAINERS
new file mode 100644
index 0000000000..18e05a3070
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/user/MAINTAINERS
@@ -0,0 +1 @@
+Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/user/user.go b/components/engine/vendor/src/github.com/docker/libcontainer/user/user.go
new file mode 100644
index 0000000000..493dd86f20
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/user/user.go
@@ -0,0 +1,258 @@
+package user
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+)
+
+const (
+	minId = 0
+	maxId = 1<<31 - 1 //for 32-bit systems compatibility
+)
+
+var (
+	ErrRange = fmt.Errorf("Uids and gids must be in range %d-%d", minId, maxId)
+)
+
+type User struct {
+	Name  string
+	Pass  string
+	Uid   int
+	Gid   int
+	Gecos string
+	Home  string
+	Shell string
+}
+
+type Group struct {
+	Name string
+	Pass string
+	Gid  int
+	List []string
+}
+
+func parseLine(line string, v ...interface{}) {
+	if line == "" {
+		return
+	}
+
+	parts := strings.Split(line, ":")
+	for i, p := range parts {
+		if len(v) <= i {
+			// if we have more "parts" than we have places to put them, bail for great "tolerance" of naughty configuration files
+			break
+		}
+
+		switch e := v[i].(type) {
+		case *string:
+			// "root", "adm", "/bin/bash"
+			*e = p
+		case *int:
+			// "0", "4", "1000"
+			// ignore string to int conversion errors, for great "tolerance" of naughty configuration files
+			*e, _ = strconv.Atoi(p)
+		case *[]string:
+			// "", "root", "root,adm,daemon"
+			if p != "" {
+				*e = strings.Split(p, ",")
+			} else {
+				*e = []string{}
+			}
+		default:
+			// panic, because this is a programming/logic error, not a runtime one
+			panic("parseLine expects only pointers!  argument " + strconv.Itoa(i) + " is not a pointer!")
+		}
+	}
+}
+
+func ParsePasswd() ([]*User, error) {
+	return ParsePasswdFilter(nil)
+}
+
+func ParsePasswdFilter(filter func(*User) bool) ([]*User, error) {
+	f, err := os.Open("/etc/passwd")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	return parsePasswdFile(f, filter)
+}
+
+func parsePasswdFile(r io.Reader, filter func(*User) bool) ([]*User, error) {
+	var (
+		s   = bufio.NewScanner(r)
+		out = []*User{}
+	)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return nil, err
+		}
+
+		text := strings.TrimSpace(s.Text())
+		if text == "" {
+			continue
+		}
+
+		// see: man 5 passwd
+		//  name:password:UID:GID:GECOS:directory:shell
+		// Name:Pass:Uid:Gid:Gecos:Home:Shell
+		//  root:x:0:0:root:/root:/bin/bash
+		//  adm:x:3:4:adm:/var/adm:/bin/false
+		p := &User{}
+		parseLine(
+			text,
+			&p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell,
+		)
+
+		if filter == nil || filter(p) {
+			out = append(out, p)
+		}
+	}
+
+	return out, nil
+}
+
+func ParseGroup() ([]*Group, error) {
+	return ParseGroupFilter(nil)
+}
+
+func ParseGroupFilter(filter func(*Group) bool) ([]*Group, error) {
+	f, err := os.Open("/etc/group")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	return parseGroupFile(f, filter)
+}
+
+func parseGroupFile(r io.Reader, filter func(*Group) bool) ([]*Group, error) {
+	var (
+		s   = bufio.NewScanner(r)
+		out = []*Group{}
+	)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return nil, err
+		}
+
+		text := s.Text()
+		if text == "" {
+			continue
+		}
+
+		// see: man 5 group
+		//  group_name:password:GID:user_list
+		// Name:Pass:Gid:List
+		//  root:x:0:root
+		//  adm:x:4:root,adm,daemon
+		p := &Group{}
+		parseLine(
+			text,
+			&p.Name, &p.Pass, &p.Gid, &p.List,
+		)
+
+		if filter == nil || filter(p) {
+			out = append(out, p)
+		}
+	}
+
+	return out, nil
+}
+
+// Given a string like "user", "1000", "user:group", "1000:1000", returns the uid, gid, list of supplementary group IDs, and home directory, if available and/or applicable.
+func GetUserGroupSupplementaryHome(userSpec string, defaultUid, defaultGid int, defaultHome string) (int, int, []int, string, error) {
+	var (
+		uid      = defaultUid
+		gid      = defaultGid
+		suppGids = []int{}
+		home     = defaultHome
+
+		userArg, groupArg string
+	)
+
+	// allow for userArg to have either "user" syntax, or optionally "user:group" syntax
+	parseLine(userSpec, &userArg, &groupArg)
+
+	users, err := ParsePasswdFilter(func(u *User) bool {
+		if userArg == "" {
+			return u.Uid == uid
+		}
+		return u.Name == userArg || strconv.Itoa(u.Uid) == userArg
+	})
+	if err != nil && !os.IsNotExist(err) {
+		if userArg == "" {
+			userArg = strconv.Itoa(uid)
+		}
+		return 0, 0, nil, "", fmt.Errorf("Unable to find user %v: %v", userArg, err)
+	}
+
+	haveUser := users != nil && len(users) > 0
+	if haveUser {
+		// if we found any user entries that matched our filter, let's take the first one as "correct"
+		uid = users[0].Uid
+		gid = users[0].Gid
+		home = users[0].Home
+	} else if userArg != "" {
+		// we asked for a user but didn't find them...  let's check to see if we wanted a numeric user
+		uid, err = strconv.Atoi(userArg)
+		if err != nil {
+			// not numeric - we have to bail
+			return 0, 0, nil, "", fmt.Errorf("Unable to find user %v", userArg)
+		}
+		if uid < minId || uid > maxId {
+			return 0, 0, nil, "", ErrRange
+		}
+
+		// if userArg couldn't be found in /etc/passwd but is numeric, just roll with it - this is legit
+	}
+
+	if groupArg != "" || (haveUser && users[0].Name != "") {
+		groups, err := ParseGroupFilter(func(g *Group) bool {
+			if groupArg != "" {
+				return g.Name == groupArg || strconv.Itoa(g.Gid) == groupArg
+			}
+			for _, u := range g.List {
+				if u == users[0].Name {
+					return true
+				}
+			}
+			return false
+		})
+		if err != nil && !os.IsNotExist(err) {
+			return 0, 0, nil, "", fmt.Errorf("Unable to find groups for user %v: %v", users[0].Name, err)
+		}
+
+		haveGroup := groups != nil && len(groups) > 0
+		if groupArg != "" {
+			if haveGroup {
+				// if we found any group entries that matched our filter, let's take the first one as "correct"
+				gid = groups[0].Gid
+			} else {
+				// we asked for a group but didn't find id...  let's check to see if we wanted a numeric group
+				gid, err = strconv.Atoi(groupArg)
+				if err != nil {
+					// not numeric - we have to bail
+					return 0, 0, nil, "", fmt.Errorf("Unable to find group %v", groupArg)
+				}
+				if gid < minId || gid > maxId {
+					return 0, 0, nil, "", ErrRange
+				}
+
+				// if groupArg couldn't be found in /etc/group but is numeric, just roll with it - this is legit
+			}
+		} else if haveGroup {
+			suppGids = make([]int, len(groups))
+			for i, group := range groups {
+				suppGids[i] = group.Gid
+			}
+		}
+	}
+
+	return uid, gid, suppGids, home, nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/user/user_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/user/user_test.go
new file mode 100644
index 0000000000..136632c27e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/user/user_test.go
@@ -0,0 +1,94 @@
+package user
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestUserParseLine(t *testing.T) {
+	var (
+		a, b string
+		c    []string
+		d    int
+	)
+
+	parseLine("", &a, &b)
+	if a != "" || b != "" {
+		t.Fatalf("a and b should be empty ('%v', '%v')", a, b)
+	}
+
+	parseLine("a", &a, &b)
+	if a != "a" || b != "" {
+		t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b)
+	}
+
+	parseLine("bad boys:corny cows", &a, &b)
+	if a != "bad boys" || b != "corny cows" {
+		t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b)
+	}
+
+	parseLine("", &c)
+	if len(c) != 0 {
+		t.Fatalf("c should be empty (%#v)", c)
+	}
+
+	parseLine("d,e,f:g:h:i,j,k", &c, &a, &b, &c)
+	if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" {
+		t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c)
+	}
+
+	parseLine("::::::::::", &a, &b, &c)
+	if a != "" || b != "" || len(c) != 0 {
+		t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c)
+	}
+
+	parseLine("not a number", &d)
+	if d != 0 {
+		t.Fatalf("d should be 0 (%v)", d)
+	}
+
+	parseLine("b:12:c", &a, &d, &b)
+	if a != "b" || b != "c" || d != 12 {
+		t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d)
+	}
+}
+
+func TestUserParsePasswd(t *testing.T) {
+	users, err := parsePasswdFile(strings.NewReader(`
+root:x:0:0:root:/root:/bin/bash
+adm:x:3:4:adm:/var/adm:/bin/false
+this is just some garbage data
+`), nil)
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+	if len(users) != 3 {
+		t.Fatalf("Expected 3 users, got %v", len(users))
+	}
+	if users[0].Uid != 0 || users[0].Name != "root" {
+		t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name)
+	}
+	if users[1].Uid != 3 || users[1].Name != "adm" {
+		t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name)
+	}
+}
+
+func TestUserParseGroup(t *testing.T) {
+	groups, err := parseGroupFile(strings.NewReader(`
+root:x:0:root
+adm:x:4:root,adm,daemon
+this is just some garbage data
+`), nil)
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+	if len(groups) != 3 {
+		t.Fatalf("Expected 3 groups, got %v", len(groups))
+	}
+	if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 {
+		t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List))
+	}
+	if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 {
+		t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List))
+	}
+}

From cdc00db1ec171019bea7f6daaa8dd9725346df65 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 22 Feb 2014 20:06:37 -0700
Subject: [PATCH 305/516] Add support for autodetected HOME from USER (if HOME
 is unset)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 57b9467f45571c1bd98ebe4b73c6cf3d97ff051c
Component: engine
---
 components/engine/builder/builder.go                       | 2 +-
 components/engine/daemon/container.go                      | 5 ++++-
 components/engine/integration-cli/docker_cli_build_test.go | 2 +-
 components/engine/integration-cli/docker_cli_run_test.go   | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index a99139896f..967f37e92b 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -120,7 +120,7 @@ func (b *buildFile) CmdFrom(name string) error {
 		b.config = image.Config
 	}
 	if b.config.Env == nil || len(b.config.Env) == 0 {
-		b.config.Env = append(b.config.Env, "HOME=/", "PATH="+daemon.DefaultPathEnv)
+		b.config.Env = append(b.config.Env, "PATH="+daemon.DefaultPathEnv)
 	}
 	// Process ONBUILD triggers if they exist
 	if nTriggers := len(b.config.OnBuild); nTriggers != 0 {
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 537cfc6a75..d62eb6d2fa 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -1043,9 +1043,12 @@ func (container *Container) setupLinkedContainers() ([]string, error) {
 func (container *Container) createDaemonEnvironment(linkedEnv []string) []string {
 	// Setup environment
 	env := []string{
-		"HOME=/",
 		"PATH=" + DefaultPathEnv,
 		"HOSTNAME=" + container.Config.Hostname,
+		// Note: we don't set HOME here because it'll get autoset intelligently
+		// based on the value of USER inside dockerinit, but only if it isn't
+		// set already (ie, that can be overridden by setting HOME via -e or ENV
+		// in a Dockerfile).
 	}
 	if container.Config.Tty {
 		env = append(env, "TERM=xterm")
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index bf786070d2..823000b5c2 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -700,7 +700,7 @@ func TestBuildRelativeWorkdir(t *testing.T) {
 
 func TestBuildEnv(t *testing.T) {
 	name := "testbuildenv"
-	expected := "[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PORT=2375]"
+	expected := "[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PORT=2375]"
 	defer deleteImages(name)
 	_, err := buildImage(name,
 		`FROM busybox
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 63d3b133f1..8f54668098 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -676,13 +676,13 @@ func TestEnvironment(t *testing.T) {
 
 	goodEnv := []string{
 		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-		"HOME=/",
 		"HOSTNAME=testing",
 		"FALSE=true",
 		"TRUE=false",
 		"TRICKY=tri",
 		"cky",
 		"",
+		"HOME=/root",
 	}
 	sort.Strings(goodEnv)
 	if len(goodEnv) != len(actualEnv) {

From 0a4008fdb8761707ceee9bb0f6bd3dda7c86e1ee Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 29 Jul 2014 11:08:10 -0600
Subject: [PATCH 306/516] Remove pkg/user now that it's embedded in
 libcontainer

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: f34d0e55f3a1f15abf28680d84ab48d40ffafbc1
Component: engine
---
 components/engine/api/server/server.go  |   2 +-
 components/engine/pkg/user/MAINTAINERS  |   1 -
 components/engine/pkg/user/user.go      | 256 ------------------------
 components/engine/pkg/user/user_test.go |  94 ---------
 4 files changed, 1 insertion(+), 352 deletions(-)
 delete mode 100644 components/engine/pkg/user/MAINTAINERS
 delete mode 100644 components/engine/pkg/user/user.go
 delete mode 100644 components/engine/pkg/user/user_test.go

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 83e2112766..9f88d1ad79 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -27,10 +27,10 @@ import (
 	"github.com/docker/docker/pkg/listenbuffer"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/systemd"
-	"github.com/docker/docker/pkg/user"
 	"github.com/docker/docker/pkg/version"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
+	"github.com/docker/libcontainer/user"
 	"github.com/gorilla/mux"
 )
 
diff --git a/components/engine/pkg/user/MAINTAINERS b/components/engine/pkg/user/MAINTAINERS
deleted file mode 100644
index 18e05a3070..0000000000
--- a/components/engine/pkg/user/MAINTAINERS
+++ /dev/null
@@ -1 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/components/engine/pkg/user/user.go b/components/engine/pkg/user/user.go
deleted file mode 100644
index df47101221..0000000000
--- a/components/engine/pkg/user/user.go
+++ /dev/null
@@ -1,256 +0,0 @@
-package user
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strconv"
-	"strings"
-)
-
-const (
-	minId = 0
-	maxId = 1<<31 - 1 //for 32-bit systems compatibility
-)
-
-var (
-	ErrRange = fmt.Errorf("Uids and gids must be in range %d-%d", minId, maxId)
-)
-
-type User struct {
-	Name  string
-	Pass  string
-	Uid   int
-	Gid   int
-	Gecos string
-	Home  string
-	Shell string
-}
-
-type Group struct {
-	Name string
-	Pass string
-	Gid  int
-	List []string
-}
-
-func parseLine(line string, v ...interface{}) {
-	if line == "" {
-		return
-	}
-
-	parts := strings.Split(line, ":")
-	for i, p := range parts {
-		if len(v) <= i {
-			// if we have more "parts" than we have places to put them, bail for great "tolerance" of naughty configuration files
-			break
-		}
-
-		switch e := v[i].(type) {
-		case *string:
-			// "root", "adm", "/bin/bash"
-			*e = p
-		case *int:
-			// "0", "4", "1000"
-			// ignore string to int conversion errors, for great "tolerance" of naughty configuration files
-			*e, _ = strconv.Atoi(p)
-		case *[]string:
-			// "", "root", "root,adm,daemon"
-			if p != "" {
-				*e = strings.Split(p, ",")
-			} else {
-				*e = []string{}
-			}
-		default:
-			// panic, because this is a programming/logic error, not a runtime one
-			panic("parseLine expects only pointers!  argument " + strconv.Itoa(i) + " is not a pointer!")
-		}
-	}
-}
-
-func ParsePasswd() ([]*User, error) {
-	return ParsePasswdFilter(nil)
-}
-
-func ParsePasswdFilter(filter func(*User) bool) ([]*User, error) {
-	f, err := os.Open("/etc/passwd")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-	return parsePasswdFile(f, filter)
-}
-
-func parsePasswdFile(r io.Reader, filter func(*User) bool) ([]*User, error) {
-	var (
-		s   = bufio.NewScanner(r)
-		out = []*User{}
-	)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		text := strings.TrimSpace(s.Text())
-		if text == "" {
-			continue
-		}
-
-		// see: man 5 passwd
-		//  name:password:UID:GID:GECOS:directory:shell
-		// Name:Pass:Uid:Gid:Gecos:Home:Shell
-		//  root:x:0:0:root:/root:/bin/bash
-		//  adm:x:3:4:adm:/var/adm:/bin/false
-		p := &User{}
-		parseLine(
-			text,
-			&p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell,
-		)
-
-		if filter == nil || filter(p) {
-			out = append(out, p)
-		}
-	}
-
-	return out, nil
-}
-
-func ParseGroup() ([]*Group, error) {
-	return ParseGroupFilter(nil)
-}
-
-func ParseGroupFilter(filter func(*Group) bool) ([]*Group, error) {
-	f, err := os.Open("/etc/group")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-	return parseGroupFile(f, filter)
-}
-
-func parseGroupFile(r io.Reader, filter func(*Group) bool) ([]*Group, error) {
-	var (
-		s   = bufio.NewScanner(r)
-		out = []*Group{}
-	)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		text := s.Text()
-		if text == "" {
-			continue
-		}
-
-		// see: man 5 group
-		//  group_name:password:GID:user_list
-		// Name:Pass:Gid:List
-		//  root:x:0:root
-		//  adm:x:4:root,adm,daemon
-		p := &Group{}
-		parseLine(
-			text,
-			&p.Name, &p.Pass, &p.Gid, &p.List,
-		)
-
-		if filter == nil || filter(p) {
-			out = append(out, p)
-		}
-	}
-
-	return out, nil
-}
-
-// Given a string like "user", "1000", "user:group", "1000:1000", returns the uid, gid, and list of supplementary group IDs, if possible.
-func GetUserGroupSupplementary(userSpec string, defaultUid int, defaultGid int) (int, int, []int, error) {
-	var (
-		uid      = defaultUid
-		gid      = defaultGid
-		suppGids = []int{}
-
-		userArg, groupArg string
-	)
-
-	// allow for userArg to have either "user" syntax, or optionally "user:group" syntax
-	parseLine(userSpec, &userArg, &groupArg)
-
-	users, err := ParsePasswdFilter(func(u *User) bool {
-		if userArg == "" {
-			return u.Uid == uid
-		}
-		return u.Name == userArg || strconv.Itoa(u.Uid) == userArg
-	})
-	if err != nil && !os.IsNotExist(err) {
-		if userArg == "" {
-			userArg = strconv.Itoa(uid)
-		}
-		return 0, 0, nil, fmt.Errorf("Unable to find user %v: %v", userArg, err)
-	}
-
-	haveUser := users != nil && len(users) > 0
-	if haveUser {
-		// if we found any user entries that matched our filter, let's take the first one as "correct"
-		uid = users[0].Uid
-		gid = users[0].Gid
-	} else if userArg != "" {
-		// we asked for a user but didn't find them...  let's check to see if we wanted a numeric user
-		uid, err = strconv.Atoi(userArg)
-		if err != nil {
-			// not numeric - we have to bail
-			return 0, 0, nil, fmt.Errorf("Unable to find user %v", userArg)
-		}
-		if uid < minId || uid > maxId {
-			return 0, 0, nil, ErrRange
-		}
-
-		// if userArg couldn't be found in /etc/passwd but is numeric, just roll with it - this is legit
-	}
-
-	if groupArg != "" || (haveUser && users[0].Name != "") {
-		groups, err := ParseGroupFilter(func(g *Group) bool {
-			if groupArg != "" {
-				return g.Name == groupArg || strconv.Itoa(g.Gid) == groupArg
-			}
-			for _, u := range g.List {
-				if u == users[0].Name {
-					return true
-				}
-			}
-			return false
-		})
-		if err != nil && !os.IsNotExist(err) {
-			return 0, 0, nil, fmt.Errorf("Unable to find groups for user %v: %v", users[0].Name, err)
-		}
-
-		haveGroup := groups != nil && len(groups) > 0
-		if groupArg != "" {
-			if haveGroup {
-				// if we found any group entries that matched our filter, let's take the first one as "correct"
-				gid = groups[0].Gid
-			} else {
-				// we asked for a group but didn't find id...  let's check to see if we wanted a numeric group
-				gid, err = strconv.Atoi(groupArg)
-				if err != nil {
-					// not numeric - we have to bail
-					return 0, 0, nil, fmt.Errorf("Unable to find group %v", groupArg)
-				}
-				if gid < minId || gid > maxId {
-					return 0, 0, nil, ErrRange
-				}
-
-				// if groupArg couldn't be found in /etc/group but is numeric, just roll with it - this is legit
-			}
-		} else if haveGroup {
-			suppGids = make([]int, len(groups))
-			for i, group := range groups {
-				suppGids[i] = group.Gid
-			}
-		}
-	}
-
-	return uid, gid, suppGids, nil
-}
diff --git a/components/engine/pkg/user/user_test.go b/components/engine/pkg/user/user_test.go
deleted file mode 100644
index 136632c27e..0000000000
--- a/components/engine/pkg/user/user_test.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package user
-
-import (
-	"strings"
-	"testing"
-)
-
-func TestUserParseLine(t *testing.T) {
-	var (
-		a, b string
-		c    []string
-		d    int
-	)
-
-	parseLine("", &a, &b)
-	if a != "" || b != "" {
-		t.Fatalf("a and b should be empty ('%v', '%v')", a, b)
-	}
-
-	parseLine("a", &a, &b)
-	if a != "a" || b != "" {
-		t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b)
-	}
-
-	parseLine("bad boys:corny cows", &a, &b)
-	if a != "bad boys" || b != "corny cows" {
-		t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b)
-	}
-
-	parseLine("", &c)
-	if len(c) != 0 {
-		t.Fatalf("c should be empty (%#v)", c)
-	}
-
-	parseLine("d,e,f:g:h:i,j,k", &c, &a, &b, &c)
-	if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" {
-		t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c)
-	}
-
-	parseLine("::::::::::", &a, &b, &c)
-	if a != "" || b != "" || len(c) != 0 {
-		t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c)
-	}
-
-	parseLine("not a number", &d)
-	if d != 0 {
-		t.Fatalf("d should be 0 (%v)", d)
-	}
-
-	parseLine("b:12:c", &a, &d, &b)
-	if a != "b" || b != "c" || d != 12 {
-		t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d)
-	}
-}
-
-func TestUserParsePasswd(t *testing.T) {
-	users, err := parsePasswdFile(strings.NewReader(`
-root:x:0:0:root:/root:/bin/bash
-adm:x:3:4:adm:/var/adm:/bin/false
-this is just some garbage data
-`), nil)
-	if err != nil {
-		t.Fatalf("Unexpected error: %v", err)
-	}
-	if len(users) != 3 {
-		t.Fatalf("Expected 3 users, got %v", len(users))
-	}
-	if users[0].Uid != 0 || users[0].Name != "root" {
-		t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name)
-	}
-	if users[1].Uid != 3 || users[1].Name != "adm" {
-		t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name)
-	}
-}
-
-func TestUserParseGroup(t *testing.T) {
-	groups, err := parseGroupFile(strings.NewReader(`
-root:x:0:root
-adm:x:4:root,adm,daemon
-this is just some garbage data
-`), nil)
-	if err != nil {
-		t.Fatalf("Unexpected error: %v", err)
-	}
-	if len(groups) != 3 {
-		t.Fatalf("Expected 3 groups, got %v", len(groups))
-	}
-	if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 {
-		t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List))
-	}
-	if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 {
-		t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List))
-	}
-}

From 15ebfed254e204bfd99cd21d524335f4e095f53f Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 31 Jul 2014 12:45:32 -0600
Subject: [PATCH 307/516] Update TestEnvironment to explicitly set "HOME" to be
 empty so it gets autofilled

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 8ea72422502d65421bc36dda48d384588f519a77
Component: engine
---
 components/engine/integration-cli/docker_cli_run_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 8f54668098..cd3f302f10 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -657,7 +657,7 @@ func TestRunTwoConcurrentContainers(t *testing.T) {
 }
 
 func TestEnvironment(t *testing.T) {
-	cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "busybox", "env")
+	cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "-e=HOME=", "busybox", "env")
 	cmd.Env = append(os.Environ(),
 		"TRUE=false",
 		"TRICKY=tri\ncky\n",

From 5d2d55c083a9da8f4fd79476f725c89fbd45d560 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Thu, 17 Jul 2014 12:01:46 -0700
Subject: [PATCH 308/516] Update CONTRIBUTING.md with links to sections and RFE
 process.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 52db7b8cb7d3408753156e8e33766c049bcc3cfe
Component: engine
---
 components/engine/CONTRIBUTING.md | 32 +++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 2dc73c100d..9710c64216 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -4,6 +4,38 @@ Want to hack on Docker? Awesome! Here are instructions to get you
 started. They are probably not perfect, please let us know if anything
 feels wrong or incomplete.
 
+## Topics
+
+* [Security Reports](#security-reports)
+* [Design and Cleanup Proposals](#design-and-cleanup-proposals)
+* [Reporting Issues](#reporting-issues)
+* [Build Environment](#build-environment)
+* [Contribution Guidelines](#contribution-guidelines)
+
+## Security Reports
+
+Please **DO NOT** file an issue for security related issues. Please send your
+reports to [security@docker.com](mailto:security@docker.com) instead.
+
+## Design and Cleanup Proposals
+
+When considering a design proposal, we are looking for:
+
+* A description of the problem this design proposal solves
+* An issue -- not a pull request -- that describes what you will take action on
+  * Please prefix your issue with `Proposal:` in the title
+* Please review [the existing Proposals](https://github.com/dotcloud/docker/issues?direction=asc&labels=Proposal&page=1&sort=created&state=open)
+  before reporting a new issue. You can always pair with someone if you both
+  have the same idea.
+
+When considering a cleanup task, we are looking for:
+
+* A description of the refactors made
+  * Please note any logic changes if necessary
+* A pull request with the code
+  * Please prefix your PR's title with `Cleanup:` so we can quickly address it.
+  * Your pull request must remain up to date with master, so rebase as necessary.
+
 ## Reporting Issues
 
 When reporting [issues](https://github.com/dotcloud/docker/issues) on

From 8dc0828a888fa50fa3a8b6aaaca56ffe69735306 Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Thu, 31 Jul 2014 19:48:39 +0000
Subject: [PATCH 309/516] Remove the restriction on multi-user PRs

This came up in #docker-dev today.  We're not sure exactly why the original restriction was put it place.  It is not well obeyed.  Please comment if you know the origin of the restriction.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: 4c282b979b717a28dd7699ad5b124d82b6a99a29
Component: engine
---
 components/engine/CONTRIBUTING.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 46cc14a223..1d1daaf83e 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -120,8 +120,6 @@ committing your changes. Most editors have plug-ins that do this automatically.
 Pull requests descriptions should be as clear as possible and include a
 reference to all the issues that they address.
 
-Pull requests must not contain commits from other users or branches.
-
 Commit messages must start with a capitalized and short summary (max. 50
 chars) written in the imperative, followed by an optional, more detailed
 explanatory text which is separated from the summary by an empty line.
@@ -132,6 +130,12 @@ sure to post a comment after pushing. The new commits will show up in the pull
 request automatically, but the reviewers will not be notified unless you
 comment.
 
+Pull requests must be cleanly rebased ontop of master without multiple branches
+mixed into the PR.
+
+**Git tip**: If your PR no longer merges cleanly, use `rebase master` in your
+feature branch to update your pull request rather than `merge master`.
+
 Before the pull request is merged, make sure that you squash your commits into
 logical units of work using `git rebase -i` and `git push -f`. After every
 commit the test suite should be passing. Include documentation changes in the

From 604012d7420f6a52c39e2aeff13adc2f09fbac55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bruno=20Reni=C3=A9?= <brutasse@gmail.com>
Date: Mon, 7 Jul 2014 14:23:07 +0200
Subject: [PATCH 310/516] Fix .dockerignore when ignoring unreadable dirs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The initial `ValidateContextDirectory` implementation fails loudly when a file
lacks read permissions in the current context. However that situation is valid
if the file is included in the `.dockerignore` patterns.

Docker-DCO-1.1-Signed-off-by: Bruno Renié <brutasse@gmail.com> (github: brutasse)
Upstream-commit: 27cca4c70cc7f0cccfda693ca7bbb2422eec3e13
Component: engine
---
 components/engine/api/client/commands.go      | 37 +++++++++----------
 components/engine/archive/archive.go          | 25 +++++--------
 .../ignoredinaccessible/.dockerignore         |  1 +
 .../ignoredinaccessible/Dockerfile            |  2 +
 .../directoryWeCantStat/bar                   |  1 +
 .../integration-cli/docker_cli_build_test.go  | 23 ++++++++++++
 components/engine/utils/utils.go              | 35 +++++++++++++++++-
 7 files changed, 86 insertions(+), 38 deletions(-)
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
 create mode 100644 components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index bc1a4f1a8a..f374246a2a 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -163,30 +163,27 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		if _, err = os.Stat(filename); os.IsNotExist(err) {
 			return fmt.Errorf("no Dockerfile found in %s", cmd.Arg(0))
 		}
-		if err = utils.ValidateContextDirectory(root); err != nil {
+		var excludes []string
+		ignore, err := ioutil.ReadFile(path.Join(root, ".dockerignore"))
+		if err != nil && !os.IsNotExist(err) {
+			return fmt.Errorf("Error reading .dockerignore: '%s'", err)
+		}
+		for _, pattern := range strings.Split(string(ignore), "\n") {
+			ok, err := filepath.Match(pattern, "Dockerfile")
+			if err != nil {
+				return fmt.Errorf("Bad .dockerignore pattern: '%s', error: %s", pattern, err)
+			}
+			if ok {
+				return fmt.Errorf("Dockerfile was excluded by .dockerignore pattern '%s'", pattern)
+			}
+			excludes = append(excludes, pattern)
+		}
+		if err = utils.ValidateContextDirectory(root, excludes); err != nil {
 			return fmt.Errorf("Error checking context is accessible: '%s'. Please check permissions and try again.", err)
 		}
 		options := &archive.TarOptions{
 			Compression: archive.Uncompressed,
-		}
-		if ignore, err := ioutil.ReadFile(path.Join(root, ".dockerignore")); err != nil && !os.IsNotExist(err) {
-			return fmt.Errorf("Error reading .dockerignore: '%s'", err)
-		} else if err == nil {
-			for _, pattern := range strings.Split(string(ignore), "\n") {
-				if pattern == "" {
-					continue
-				}
-
-				ok, err := filepath.Match(pattern, "Dockerfile")
-				if err != nil {
-					utils.Errorf("Bad .dockerignore pattern: '%s', error: %s", pattern, err)
-					continue
-				}
-				if ok {
-					return fmt.Errorf("Dockerfile was excluded by .dockerignore pattern '%s'", pattern)
-				}
-				options.Excludes = append(options.Excludes, pattern)
-			}
+			Excludes:    excludes,
 		}
 		context, err = archive.TarWithOptions(root, options)
 		if err != nil {
diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 30562abaff..6ed7f56554 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -349,23 +349,16 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 					return nil
 				}
 
-				for _, exclude := range options.Excludes {
-					matched, err := filepath.Match(exclude, relFilePath)
-					if err != nil {
-						utils.Errorf("Error matching: %s (pattern: %s)", relFilePath, exclude)
-						return err
-					}
-					if matched {
-						if filepath.Clean(relFilePath) == "." {
-							utils.Errorf("Can't exclude whole path, excluding pattern: %s", exclude)
-							continue
-						}
-						utils.Debugf("Skipping excluded path: %s", relFilePath)
-						if f.IsDir() {
-							return filepath.SkipDir
-						}
-						return nil
+				skip, err := utils.Matches(relFilePath, options.Excludes)
+				if err != nil {
+					utils.Debugf("Error matching %s\n", relFilePath, err)
+					return nil
+				}
+				if skip {
+					if f.IsDir() {
+						return filepath.SkipDir
 					}
+					return nil
 				}
 
 				if err := addTarFile(filePath, relFilePath, tw, twBuf); err != nil {
diff --git a/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
new file mode 100644
index 0000000000..fb1fad86ff
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
@@ -0,0 +1 @@
+directoryWeCantStat
diff --git a/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
new file mode 100644
index 0000000000..0964b8e87c
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
@@ -0,0 +1,2 @@
+FROM busybox
+ADD . /foo/
diff --git a/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
new file mode 100644
index 0000000000..257cc5642c
--- /dev/null
+++ b/components/engine/integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
@@ -0,0 +1 @@
+foo
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index bf786070d2..7d22ddef4f 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -474,10 +474,33 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 
 		deleteImages("testlinksok")
 
+	}
+	{
+		// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
+		pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "ignoredinaccessible")
+		pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
+		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
+		err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
+		errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
+		err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
+		errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
+		err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
+		errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
+
+		buildCommandStatement := fmt.Sprintf("%s build -t ignoredinaccessible .", dockerBinary)
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
+		buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
+		out, exitCode, err := runCommandWithOutput(buildCmd)
+		if err != nil || exitCode != 0 {
+			t.Fatalf("build should have worked: %s %s", err, out)
+		}
+		deleteImages("ignoredinaccessible")
+
 	}
 	deleteImages("inaccessiblefiles")
 	logDone("build - ADD from context with inaccessible files must fail")
 	logDone("build - ADD from context with accessible links must work")
+	logDone("build - ADD from context with ignored inaccessible files must work")
 }
 
 func TestBuildForceRm(t *testing.T) {
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 4dd3034322..38cb906fc8 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -684,16 +684,27 @@ func TreeSize(dir string) (size int64, err error) {
 // ValidateContextDirectory checks if all the contents of the directory
 // can be read and returns an error if some files can't be read
 // symlinks which point to non-existing files don't trigger an error
-func ValidateContextDirectory(srcPath string) error {
+func ValidateContextDirectory(srcPath string, excludes []string) error {
 	var finalError error
 
 	filepath.Walk(filepath.Join(srcPath, "."), func(filePath string, f os.FileInfo, err error) error {
 		// skip this directory/file if it's not in the path, it won't get added to the context
-		_, err = filepath.Rel(srcPath, filePath)
+		relFilePath, err := filepath.Rel(srcPath, filePath)
 		if err != nil && os.IsPermission(err) {
 			return nil
 		}
 
+		skip, err := Matches(relFilePath, excludes)
+		if err != nil {
+			finalError = err
+		}
+		if skip {
+			if f.IsDir() {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
 		if _, err := os.Stat(filePath); err != nil && os.IsPermission(err) {
 			finalError = fmt.Errorf("can't stat '%s'", filePath)
 			return err
@@ -726,3 +737,23 @@ func StringsContainsNoCase(slice []string, s string) bool {
 	}
 	return false
 }
+
+// Matches returns true if relFilePath matches any of the patterns
+func Matches(relFilePath string, patterns []string) (bool, error) {
+	for _, exclude := range patterns {
+		matched, err := filepath.Match(exclude, relFilePath)
+		if err != nil {
+			Errorf("Error matching: %s (pattern: %s)", relFilePath, exclude)
+			return false, err
+		}
+		if matched {
+			if filepath.Clean(relFilePath) == "." {
+				Errorf("Can't exclude whole path, excluding pattern: %s", exclude)
+				continue
+			}
+			Debugf("Skipping excluded path: %s", relFilePath)
+			return true, nil
+		}
+	}
+	return false, nil
+}

From 88915cec66bc2c12a32107dd16bfb2230b6f77d2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Thu, 31 Jul 2014 15:11:15 -0700
Subject: [PATCH 311/516] Return error for utils.Matches in archive
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 8891e912b44c4ff597f7a45658c4d3030d730c98
 Component: engine

---
 components/engine/archive/archive.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 6ed7f56554..eea8db364d 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -352,8 +352,9 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				skip, err := utils.Matches(relFilePath, options.Excludes)
 				if err != nil {
 					utils.Debugf("Error matching %s\n", relFilePath, err)
-					return nil
+					return err
 				}
+
 				if skip {
 					if f.IsDir() {
 						return filepath.SkipDir

From c8eb8f3b81330573d04524feb2b4624eb0a28d09 Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Fri, 25 Jul 2014 16:22:41 -0700
Subject: [PATCH 312/516] First pass at replacing parent-child metaphor to
 describe docker links.

Addresses issue #7141

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)

a little git by
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: SvenDowideit)
Upstream-commit: 631ea726e425713415e7a991f9a813d02b3f6d75
Component: engine
---
 .../docs/sources/userguide/dockerlinks.md     | 171 +++++++++---------
 1 file changed, 87 insertions(+), 84 deletions(-)

diff --git a/components/engine/docs/sources/userguide/dockerlinks.md b/components/engine/docs/sources/userguide/dockerlinks.md
index c1d8c14681..3624bf72c3 100644
--- a/components/engine/docs/sources/userguide/dockerlinks.md
+++ b/components/engine/docs/sources/userguide/dockerlinks.md
@@ -4,48 +4,47 @@ page_keywords: Examples, Usage, user guide, links, linking, docker, documentatio
 
 # Linking Containers Together
 
-In [the Using Docker section](/userguide/usingdocker) we touched on
-connecting to a service running inside a Docker container via a network
-port. This is one of the ways that you can interact with services and
-applications running inside Docker containers. In this section we're
-going to give you a refresher on connecting to a Docker container via a
-network port as well as introduce you to the concepts of container
-linking.
+In [the Using Docker section](/userguide/usingdocker), you saw how you can
+connect to a service running inside a Docker container via a network
+port. But a port connection is only one way you can interact with services and
+applications running inside Docker containers. In this section, we'll briefly revisit
+connecting via a network port and then we'll introduce you to another method of access:
+container linking.
 
 ## Network port mapping refresher
 
-In [the Using Docker section](/userguide/usingdocker) we created a
-container that ran a Python Flask application.
+In [the Using Docker section](/userguide/usingdocker), you created a
+container that ran a Python Flask application:
 
     $ sudo docker run -d -P training/webapp python app.py
 
 > **Note:** 
 > Containers have an internal network and an IP address
-> (remember we used the `docker inspect` command to show the container's
+> (as we saw when we used the `docker inspect` command to show the container's
 > IP address in the [Using Docker](/userguide/usingdocker/) section).
 > Docker can have a variety of network configurations. You can see more
 > information on Docker networking [here](/articles/networking/).
 
-When we created that container we used the `-P` flag to automatically map any
-network ports inside that container to a random high port from the range 49000
-to 49900 on our Docker host.  When we subsequently ran `docker ps` we saw that
-port 5000 was bound to port 49155.
+When that container was created, the `-P` flag was used to automatically map any
+network ports inside it to a random high port from the range 49000
+to 49900 on our Docker host.  Next, when `docker ps` was run, you saw that
+port 5000 in the container was bound to port 49155 on the host.
 
     $ sudo docker ps nostalgic_morse
     CONTAINER ID  IMAGE                   COMMAND       CREATED        STATUS        PORTS                    NAMES
     bc533791f3f5  training/webapp:latest  python app.py 5 seconds ago  Up 2 seconds  0.0.0.0:49155->5000/tcp  nostalgic_morse
 
-We also saw how we can bind a container's ports to a specific port using
-the `-p` flag.
+You also saw how you can bind a container's ports to a specific port using
+the `-p` flag:
 
     $ sudo docker run -d -p 5000:5000 training/webapp python app.py
 
-And we saw why this isn't such a great idea because it constrains us to
+And you saw why this isn't such a great idea because it constrains you to
 only one container on that specific port.
 
-There are also a few other ways we can configure the `-p` flag. By
+There are also a few other ways you can configure the `-p` flag. By
 default the `-p` flag will bind the specified port to all interfaces on
-the host machine. But we can also specify a binding to a specific
+the host machine. But you can also specify a binding to a specific
 interface, for example only to the `localhost`.
 
     $ sudo docker run -d -p 127.0.0.1:5000:5000 training/webapp python app.py
@@ -53,20 +52,19 @@ interface, for example only to the `localhost`.
 This would bind port 5000 inside the container to port 5000 on the
 `localhost` or `127.0.0.1` interface on the host machine.
 
-Or to bind port 5000 of the container to a dynamic port but only on the
-`localhost` we could:
+Or, to bind port 5000 of the container to a dynamic port but only on the
+`localhost`, you could use:
 
     $ sudo docker run -d -p 127.0.0.1::5000 training/webapp python app.py
 
-We can also bind UDP ports by adding a trailing `/udp`, for example:
+You can also bind UDP ports by adding a trailing `/udp`. For example:
 
     $ sudo docker run -d -p 127.0.0.1:5000:5000/udp training/webapp python app.py
 
-We also saw the useful `docker port` shortcut which showed us the
-current port bindings, this is also useful for showing us specific port
-configurations. For example if we've bound the container port to the
-`localhost` on the host machine this will be shown in the `docker port`
-output.
+You also learned about the useful `docker port` shortcut which showed us the
+current port bindings. This is also useful for showing you specific port
+configurations. For example, if you've bound the container port to the
+`localhost` on the host machine, then the `docker port` output will reflect that.
 
     $ docker port nostalgic_morse 5000
     127.0.0.1:49155
@@ -78,38 +76,39 @@ output.
 
 Network port mappings are not the only way Docker containers can connect
 to one another. Docker also has a linking system that allows you to link
-multiple containers together and share connection information between
-them. Docker linking will create a parent child relationship where the
-parent container can see selected information about its child.
+multiple containers together and send connection information from one to another.
+When containers are linked, information about a source container can be sent to a
+recipient container. This allows the recipient to see selected data describing
+aspects of the source container.
 
 ## Container naming
 
-To perform this linking Docker relies on the names of your containers.
-We've already seen that each container we create has an automatically
-created name, indeed we've become familiar with our old friend
+To establish links, Docker relies on the names of your containers.
+You've already seen that each container you create has an automatically
+created name; indeed you've become familiar with our old friend
 `nostalgic_morse` during this guide. You can also name containers
 yourself. This naming provides two useful functions:
 
-1. It's useful to name containers that do specific functions in a way
+1. It can be useful to name containers that do specific functions in a way
    that makes it easier for you to remember them, for example naming a
-   container with a web application in it `web`.
+   container containing a web application `web`.
 
 2. It provides Docker with a reference point that allows it to refer to other
-   containers, for example link container `web` to container `db`.
+   containers, for example, you can specify to link the container `web` to container `db`.
 
 You can name your container by using the `--name` flag, for example:
 
     $ sudo docker run -d -P --name web training/webapp python app.py
 
-You can see we've launched a new container and used the `--name` flag to
-call the container `web`. We can see the container's name using the
+This launches a new container and uses the `--name` flag to
+name the container `web`. You can see the container's name using the
 `docker ps` command.
 
     $ sudo docker ps -l
     CONTAINER ID  IMAGE                  COMMAND        CREATED       STATUS       PORTS                    NAMES
     aed84ee21bde  training/webapp:latest python app.py  12 hours ago  Up 2 seconds 0.0.0.0:49154->5000/tcp  web
 
-We can also use `docker inspect` to return the container's name.
+You can also use `docker inspect` to return the container's name.
 
     $ sudo docker inspect -f "{{ .Name }}" aed84ee21bde
     /web
@@ -117,67 +116,70 @@ We can also use `docker inspect` to return the container's name.
 > **Note:** 
 > Container names have to be unique. That means you can only call
 > one container `web`. If you want to re-use a container name you must delete
-> the old container with the `docker rm` command before you can create a new
+> the old container (with `docker rm`) before you can create a new
 > container with the same name. As an alternative you can use the `--rm`
 > flag with the `docker run` command. This will delete the container
-> immediately after it stops.
+> immediately after it is stopped.
 
 ## Container Linking
 
-Links allow containers to discover and securely communicate with each
-other. To create a link you use the `--link` flag. Let's create a new
-container, this one a database.
+Links allow containers to discover each other and securely transfer information about one
+container to another container. When you set up a link, you create a conduit between a
+source container and a recipient container. The recipient can then access select data
+about the source. To create a link, you use the `--link` flag. First, create a new
+container, this time one containing a database.
 
     $ sudo docker run -d --name db training/postgres
 
-Here we've created a new container called `db` using the `training/postgres`
+This creates a new container called `db` from the `training/postgres`
 image, which contains a PostgreSQL database.
 
-We need to delete the `web` container we created previously so we can replace it
+Now, you need to delete the `web` container you created previously so you can replace it
 with a linked one:
 
     $ docker rm -f web
 
-Now let's create a new `web` container and link it with our `db` container.
+Now, create a new `web` container and link it with your `db` container.
 
     $ sudo docker run -d -P --name web --link db:db training/webapp python app.py
 
-This will link the new `web` container with the `db` container we created
+This will link the new `web` container with the `db` container you created
 earlier. The `--link` flag takes the form:
 
     --link name:alias
 
 Where `name` is the name of the container we're linking to and `alias` is an
-alias for the link name. We'll see how that alias gets used shortly.
+alias for the link name. You'll see how that alias gets used shortly.
 
-Let's look at our linked containers using `docker ps`.
+Next, look at your linked containers using `docker ps`.
 
     $ docker ps
     CONTAINER ID  IMAGE                     COMMAND               CREATED             STATUS             PORTS                    NAMES
     349169744e49  training/postgres:latest  su postgres -c '/usr  About a minute ago  Up About a minute  5432/tcp                 db, web/db
     aed84ee21bde  training/webapp:latest    python app.py         16 hours ago        Up 2 minutes       0.0.0.0:49154->5000/tcp  web
 
-We can see our named containers, `db` and `web`, and we can see that the `db`
-containers also shows `web/db` in the `NAMES` column. This tells us that the
-`web` container is linked to the `db` container in a parent/child relationship.
+You can see your named containers, `db` and `web`, and you can see that the `db`
+container also shows `web/db` in the `NAMES` column. This tells you that the
+`web` container is linked to the `db` container, which allows it to access information
+about the `db` container.
 
-So what does linking the containers do? Well we've discovered the link creates
-a parent-child relationship between the two containers. The child container,
-here `web`, can access information on the parent container `db`. To do this
-Docker creates a secure tunnel between the containers without the need to
-expose any ports externally on the container. You'll note when we started the
-`db` container we did not use either of the `-P` or `-p` flags. As we're
-linking the containers we don't need to expose the PostgreSQL database via the
-network.
+So what does linking the containers actually do? You've learned that a link creates a
+source container that can provide information about itself to a recipient container. In
+our example, the recipient, `web`, can access information about the source `db`. To do
+this, Docker creates a secure tunnel between the containers that doesn't need to
+expose any ports externally on the container; you'll note when we started the
+`db` container we did not use either the `-P` or `-p` flags. That's a big benefit of
+linking: we don't need to expose the source container, here the PostgreSQL database, to
+the network.
 
-Docker exposes connectivity information for the parent container inside the
-child container in two ways:
+Docker exposes connectivity information for the source container to the
+recipient container in two ways:
 
 * Environment variables,
 * Updating the `/etc/hosts` file.
 
-Let's look first at the environment variables Docker sets. Let's run the `env`
-command to list the container's environment variables.
+Docker can set a number of environment variables. You run the `env`
+command to list the specified container's environment variables.
 
 ```
     $ sudo docker run --rm --name web2 --link db:db training/webapp env
@@ -196,17 +198,17 @@ command to list the container's environment variables.
 > container. Similarly, some daemons (such as `sshd`)
 > will scrub them when spawning shells for connection.
 
-We can see that Docker has created a series of environment variables with
-useful information about our `db` container. Each variable is prefixed with
-`DB_` which is populated from the `alias` we specified above. If our `alias`
-were `db1` the variables would be prefixed with `DB1_`. You can use these
+You can see that Docker has created a series of environment variables with
+useful information about the source `db` container. Each variable is prefixed with
+`DB_`, which is populated from the `alias` you specified above. If the `alias`
+were `db1`, the variables would be prefixed with `DB1_`. You can use these
 environment variables to configure your applications to connect to the database
-on the `db` container. The connection will be secure, private and only the
+on the `db` container. The connection will be secure and private; only the
 linked `web` container will be able to talk to the `db` container.
 
-In addition to the environment variables Docker adds a host entry for the
-linked parent to the `/etc/hosts` file. Let's look at this file on the `web`
-container now.
+In addition to the environment variables, Docker adds a host entry for the
+source container to the `/etc/hosts` file. Here's an entry for the `web`
+container:
 
     $ sudo docker run -t -i --rm --link db:db training/webapp /bin/bash
     root@aed84ee21bde:/opt/webapp# cat /etc/hosts
@@ -214,9 +216,9 @@ container now.
     . . .
     172.17.0.5  db
 
-We can see two relevant host entries. The first is an entry for the `web`
+You can see two relevant host entries. The first is an entry for the `web`
 container that uses the Container ID as a host name. The second entry uses the
-link alias to reference the IP address of the `db` container. Let's try to ping
+link alias to reference the IP address of the `db` container. You can ping
 that host now via this host name.
 
     root@aed84ee21bde:/opt/webapp# apt-get install -yqq inetutils-ping
@@ -227,21 +229,22 @@ that host now via this host name.
     56 bytes from 172.17.0.5: icmp_seq=2 ttl=64 time=0.256 ms
 
 > **Note:** 
-> We had to install `ping` because our container didn't have it.
+> In the example, you'll note you had to install `ping` because it was not included
+> in the container initially.
 
-We've used the `ping` command to ping the `db` container using it's host entry
-which resolves to `172.17.0.5`. We can make use of this host entry to configure
-an application to make use of our `db` container.
+Here, you used the `ping` command to ping the `db` container using its host entry,
+which resolves to `172.17.0.5`. You can use this host entry to configure an application
+to make use of your `db` container.
 
 > **Note:** 
-> You can link multiple child containers to a single parent. For
-> example, we could have multiple web containers attached to our `db`
-> container.
+> You can link multiple recipient containers to a single source. For
+> example, you could have multiple (differently named) web containers attached to your
+>`db` container.
 
 # Next step
 
-Now we know how to link Docker containers together the next step is
-learning how to manage data, volumes and mounts inside our containers.
+Now that you know how to link Docker containers together, the next step is
+learning how to manage data, volumes and mounts inside your containers.
 
 Go to [Managing Data in Containers](/userguide/dockervolumes).
 

From 574263662b9b8659a78cb9a9d6991007ad0e206b Mon Sep 17 00:00:00 2001
From: Fabio Falci <fabiofalci@gmail.com>
Date: Thu, 3 Jul 2014 10:58:13 +0100
Subject: [PATCH 313/516] Fix getImagesJSON output for api less than 1.7

Tag can be a number, like centos:6.4, and so must be handled like a
string otherwise will lose quotation marks when converting to json
and the client (API < 1.7) will try to convert to int, failing
because the type is string. Additionally using ParseRepositoryTag to
parse repository names to split the tag because an URL can have : and
so more than one occurrence of : can be found on repository names.

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 103ae23504b9fdc52e4f7d4a50798553af09bfe5
Component: engine
---
 components/engine/api/server/server.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 9f88d1ad79..9e1d9f5842 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -238,10 +238,10 @@ func getImagesJSON(eng *engine.Engine, version version.Version, w http.ResponseW
 		outsLegacy := engine.NewTable("Created", 0)
 		for _, out := range outs.Data {
 			for _, repoTag := range out.GetList("RepoTags") {
-				parts := strings.Split(repoTag, ":")
+				repo, tag := utils.ParseRepositoryTag(repoTag)
 				outLegacy := &engine.Env{}
-				outLegacy.Set("Repository", parts[0])
-				outLegacy.Set("Tag", parts[1])
+				outLegacy.Set("Repository", repo)
+				outLegacy.SetJson("Tag", tag)
 				outLegacy.Set("Id", out.Get("Id"))
 				outLegacy.SetInt64("Created", out.GetInt64("Created"))
 				outLegacy.SetInt64("Size", out.GetInt64("Size"))

From 76040cafd810e93caf72a5b526265636cb10f6ee Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Thu, 31 Jul 2014 18:19:30 -0700
Subject: [PATCH 314/516] Update package for repo and tag parser
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 63a4ba229cd3da6ce7bc52e6b9f78d9cd631398d
 Component: engine

---
 components/engine/api/server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 9e1d9f5842..d2fd9a77ed 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -238,7 +238,7 @@ func getImagesJSON(eng *engine.Engine, version version.Version, w http.ResponseW
 		outsLegacy := engine.NewTable("Created", 0)
 		for _, out := range outs.Data {
 			for _, repoTag := range out.GetList("RepoTags") {
-				repo, tag := utils.ParseRepositoryTag(repoTag)
+				repo, tag := parsers.ParseRepositoryTag(repoTag)
 				outLegacy := &engine.Env{}
 				outLegacy.Set("Repository", repo)
 				outLegacy.SetJson("Tag", tag)

From bcbc563aabf5d4cb3339da5d3698f08e81b990d5 Mon Sep 17 00:00:00 2001
From: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
Date: Fri, 1 Aug 2014 14:37:38 +0900
Subject: [PATCH 315/516] Btrfs graph driver is not experimental

Btrfs graph driver is not experimental now according to #4838 and CHANGELOG.md is saying "btrfs is no longer considered experimental.".

Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
Upstream-commit: 58588009c00d1c7dd279b95d33759f61499c2848
Component: engine
---
 components/engine/hack/PACKAGERS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md
index 687b554414..265f7d676b 100644
--- a/components/engine/hack/PACKAGERS.md
+++ b/components/engine/hack/PACKAGERS.md
@@ -301,7 +301,7 @@ by having support for them in the kernel or userspace. A few examples include:
 * LXC execution driver (requires version 1.0 or later of the LXC utility scripts)
 * AUFS graph driver (requires AUFS patches/support enabled in the kernel, and at
   least the "auplink" utility from aufs-tools)
-* experimental BTRFS graph driver (requires BTRFS support enabled in the kernel)
+* BTRFS graph driver (requires BTRFS support enabled in the kernel)
 
 ## Daemon Init Script
 

From 6c58b89d2d95866d2ae052357c3cc8845b523b9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Inge=20Bols=C3=B8?= <knan@redpill-linpro.com>
Date: Thu, 31 Jul 2014 16:11:51 +0200
Subject: [PATCH 316/516] networking.md: Networking between containers works
 without ip_forward
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Erik Inge Bolsø <knan@redpill-linpro.com> (github: knan-linpro)
Upstream-commit: e6a084f4f8af3f7a5bc7c2c5ed375eaed61e8b8c
Component: engine
---
 .../docs/sources/articles/networking.md       | 53 +++++++++++--------
 1 file changed, 32 insertions(+), 21 deletions(-)

diff --git a/components/engine/docs/sources/articles/networking.md b/components/engine/docs/sources/articles/networking.md
index ff1a8ae75d..e465429cdb 100644
--- a/components/engine/docs/sources/articles/networking.md
+++ b/components/engine/docs/sources/articles/networking.md
@@ -170,12 +170,41 @@ above, will make `/etc/resolv.conf` inside of each container look like
 the `/etc/resolv.conf` of the host machine where the `docker` daemon is
 running.  The options then modify this default configuration.
 
+## Communication between containers and the wider world
+
+<a name="the-world"></a>
+
+Whether a container can talk to the world is governed by one main factor.
+
+Is the host machine willing to forward IP packets?  This is governed
+by the `ip_forward` system parameter.  Packets can only pass between
+containers if this parameter is `1`.  Usually you will simply leave
+the Docker server at its default setting `--ip-forward=true` and
+Docker will go set `ip_forward` to `1` for you when the server
+starts up.  To check the setting or turn it on manually:
+
+    # Usually not necessary: turning on forwarding,
+    # on the host where your Docker server is running
+
+    $ cat /proc/sys/net/ipv4/ip_forward
+    0
+    $ sudo echo 1 > /proc/sys/net/ipv4/ip_forward
+    $ cat /proc/sys/net/ipv4/ip_forward
+    1
+
+Many using Docker will want `ip_forward` to be on, to at
+least make communication *possible* between containers and
+the wider world.
+
+May also be needed for inter-container communication if you are
+in a multiple bridge setup.
+
 ## Communication between containers
 
 <a name="between-containers"></a>
 
 Whether two containers can communicate is governed, at the operating
-system level, by three factors.
+system level, by two factors.
 
 1.  Does the network topology even connect the containers' network
     interfaces?  By default Docker will attach all containers to a
@@ -183,32 +212,14 @@ system level, by three factors.
     between them.  See the later sections of this document for other
     possible topologies.
 
-2.  Is the host machine willing to forward IP packets?  This is governed
-    by the `ip_forward` system parameter.  Packets can only pass between
-    containers if this parameter is `1`.  Usually you will simply leave
-    the Docker server at its default setting `--ip-forward=true` and
-    Docker will go set `ip_forward` to `1` for you when the server
-    starts up.  To check the setting or turn it on manually:
-
-        # Usually not necessary: turning on forwarding,
-        # on the host where your Docker server is running
-
-        $ cat /proc/sys/net/ipv4/ip_forward
-        0
-        $ sudo echo 1 > /proc/sys/net/ipv4/ip_forward
-        $ cat /proc/sys/net/ipv4/ip_forward
-        1
-
-3.  Do your `iptables` allow this particular connection to be made?
+2.  Do your `iptables` allow this particular connection to be made?
     Docker will never make changes to your system `iptables` rules if
     you set `--iptables=false` when the daemon starts.  Otherwise the
     Docker server will add a default rule to the `FORWARD` chain with a
     blanket `ACCEPT` policy if you retain the default `--icc=true`, or
     else will set the policy to `DROP` if `--icc=false`.
 
-Nearly everyone using Docker will want `ip_forward` to be on, to at
-least make communication *possible* between containers.  But it is a
-strategic question whether to leave `--icc=true` or change it to
+It is a strategic question whether to leave `--icc=true` or change it to
 `--icc=false` (on Ubuntu, by editing the `DOCKER_OPTS` variable in
 `/etc/default/docker` and restarting the Docker server) so that
 `iptables` will protect other containers — and the main host — from

From 9001ffa4996e944fa14e9b00b38287e426d2df77 Mon Sep 17 00:00:00 2001
From: Rajdeep Dua <dua_rajdeep@yahoo.com>
Date: Fri, 1 Aug 2014 23:41:34 +0530
Subject: [PATCH 317/516] Added test cases for no port passed to
 nat.ParsePortSpecs and negative port number passed

Docker-DCO-1.1-Signed-off-by: Rajdeep due <dua_rajdeep@yahoo.com> (github: rajdeepd)
Upstream-commit: 4cb2cfed9ffd8a10e5a47b41b26313dd94a86dc1
Component: engine
---
 .../engine/daemon/container_unit_test.go      | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/components/engine/daemon/container_unit_test.go b/components/engine/daemon/container_unit_test.go
index 7520017c10..1b1b934f42 100644
--- a/components/engine/daemon/container_unit_test.go
+++ b/components/engine/daemon/container_unit_test.go
@@ -89,6 +89,41 @@ func TestParseNetworkOptsPublic(t *testing.T) {
 	}
 }
 
+func TestParseNetworkOptsPublicNoPort(t *testing.T) {
+	ports, bindings, err := nat.ParsePortSpecs([]string{"192.168.1.100"})
+
+	if err == nil {
+		t.Logf("Expected error Invalid containerPort")
+		t.Fail()
+	}
+	if ports != nil {
+		t.Logf("Expected nil got %s", ports)
+		t.Fail()
+	}
+	if bindings != nil {
+		t.Logf("Expected nil got %s", bindings)
+		t.Fail()
+	}
+}
+
+func TestParseNetworkOptsNegativePorts(t *testing.T) {
+	ports, bindings, err := nat.ParsePortSpecs([]string{"192.168.1.100:-1:-1"})
+
+	if err == nil {
+		t.Fail()
+	}
+	t.Logf("%v", len(ports))
+	t.Logf("%v", bindings)
+	if len(ports) != 0 {
+		t.Logf("Expected nil got %s", len(ports))
+		t.Fail()
+	}
+	if len(bindings) != 0 {
+		t.Logf("Expected 0 got %s", len(bindings))
+		t.Fail()
+	}
+}
+
 func TestParseNetworkOptsUdp(t *testing.T) {
 	ports, bindings, err := nat.ParsePortSpecs([]string{"192.168.1.100::6000/udp"})
 	if err != nil {

From 66a8cb6b3e95057bd00507ca6fb68afdcfe6e908 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:24:54 +0000
Subject: [PATCH 318/516] Move "kill" to daemon/kill.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 8652830661f648d585a61479a88ada01010b7fc8
Component: engine
---
 components/engine/daemon/daemon.go    |  3 ++
 components/engine/daemon/kill.go      | 59 +++++++++++++++++++++++++++
 components/engine/server/container.go | 51 -----------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 62 insertions(+), 52 deletions(-)
 create mode 100644 components/engine/daemon/kill.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index e4304b2a48..3876027ca6 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -117,6 +117,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("unpause", daemon.ContainerUnpause); err != nil {
 		return err
 	}
+	if err := eng.Register("kill", daemon.ContainerKill); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go
new file mode 100644
index 0000000000..f883495cef
--- /dev/null
+++ b/components/engine/daemon/kill.go
@@ -0,0 +1,59 @@
+package daemon
+
+import (
+	"strconv"
+	"strings"
+	"syscall"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/signal"
+)
+
+// ContainerKill send signal to the container
+// If no signal is given (sig 0), then Kill with SIGKILL and wait
+// for the container to exit.
+// If a signal is given, then just send it to the container and return.
+func (daemon *Daemon) ContainerKill(job *engine.Job) engine.Status {
+	if n := len(job.Args); n < 1 || n > 2 {
+		return job.Errorf("Usage: %s CONTAINER [SIGNAL]", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		sig  uint64
+		err  error
+	)
+
+	// If we have a signal, look at it. Otherwise, do nothing
+	if len(job.Args) == 2 && job.Args[1] != "" {
+		// Check if we passed the signal as a number:
+		// The largest legal signal is 31, so let's parse on 5 bits
+		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
+		if err != nil {
+			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
+			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
+		}
+
+		if sig == 0 {
+			return job.Errorf("Invalid signal: %s", job.Args[1])
+		}
+	}
+
+	if container := daemon.Get(name); container != nil {
+		// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
+		if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {
+			if err := container.Kill(); err != nil {
+				return job.Errorf("Cannot kill container %s: %s", name, err)
+			}
+			job.Eng.Job("log", "kill", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		} else {
+			// Otherwise, just send the requested signal
+			if err := container.KillSig(int(sig)); err != nil {
+				return job.Errorf("Cannot kill container %s: %s", name, err)
+			}
+			// FIXME: Add event for signals
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index b37fa521f5..a5ab85b2a7 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -17,7 +17,6 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"
 
 	"github.com/docker/docker/daemon"
@@ -25,61 +24,11 @@ import (
 	"github.com/docker/docker/graph"
 	"github.com/docker/docker/pkg/graphdb"
 	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/tailfile"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 )
 
-// ContainerKill send signal to the container
-// If no signal is given (sig 0), then Kill with SIGKILL and wait
-// for the container to exit.
-// If a signal is given, then just send it to the container and return.
-func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
-	if n := len(job.Args); n < 1 || n > 2 {
-		return job.Errorf("Usage: %s CONTAINER [SIGNAL]", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		sig  uint64
-		err  error
-	)
-
-	// If we have a signal, look at it. Otherwise, do nothing
-	if len(job.Args) == 2 && job.Args[1] != "" {
-		// Check if we passed the signal as a number:
-		// The largest legal signal is 31, so let's parse on 5 bits
-		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
-		if err != nil {
-			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
-			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
-		}
-
-		if sig == 0 {
-			return job.Errorf("Invalid signal: %s", job.Args[1])
-		}
-	}
-
-	if container := srv.daemon.Get(name); container != nil {
-		// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
-		if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {
-			if err := container.Kill(); err != nil {
-				return job.Errorf("Cannot kill container %s: %s", name, err)
-			}
-			srv.LogEvent("kill", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-		} else {
-			// Otherwise, just send the requested signal
-			if err := container.KillSig(int(sig)); err != nil {
-				return job.Errorf("Cannot kill container %s: %s", name, err)
-			}
-			// FIXME: Add event for signals
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerExport(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Usage: %s container_id", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 9b6033b6c0..5fdc542fe6 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -91,7 +91,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"stop":             srv.ContainerStop,
 		"restart":          srv.ContainerRestart,
 		"start":            srv.ContainerStart,
-		"kill":             srv.ContainerKill,
 		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
 		"resize":           srv.ContainerResize,

From 6c8c9d698df02cd580dcdaa7a9bb7b616d36ad44 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:29:38 +0000
Subject: [PATCH 319/516] Move "export" to daemon/export.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 8031c23b0f492b6f62dfc226dbf9b3d051d9546a
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/export.go    | 30 +++++++++++++++++++++++++++
 components/engine/server/container.go | 23 --------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 33 insertions(+), 24 deletions(-)
 create mode 100644 components/engine/daemon/export.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 3876027ca6..39c2eec15b 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -120,6 +120,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("kill", daemon.ContainerKill); err != nil {
 		return err
 	}
+	if err := eng.Register("export", daemon.ContainerExport); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/export.go b/components/engine/daemon/export.go
new file mode 100644
index 0000000000..204e862d5c
--- /dev/null
+++ b/components/engine/daemon/export.go
@@ -0,0 +1,30 @@
+package daemon
+
+import (
+	"io"
+
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerExport(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s container_id", job.Name)
+	}
+	name := job.Args[0]
+	if container := daemon.Get(name); container != nil {
+		data, err := container.Export()
+		if err != nil {
+			return job.Errorf("%s: %s", name, err)
+		}
+		defer data.Close()
+
+		// Stream the entire contents of the container (basically a volatile snapshot)
+		if _, err := io.Copy(job.Stdout, data); err != nil {
+			return job.Errorf("%s: %s", name, err)
+		}
+		// FIXME: factor job-specific LogEvent to engine.Job.Run()
+		job.Eng.Job("log", "export", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index a5ab85b2a7..cef405387c 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -29,29 +29,6 @@ import (
 	"github.com/docker/docker/utils"
 )
 
-func (srv *Server) ContainerExport(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s container_id", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		data, err := container.Export()
-		if err != nil {
-			return job.Errorf("%s: %s", name, err)
-		}
-		defer data.Close()
-
-		// Stream the entire contents of the container (basically a volatile snapshot)
-		if _, err := io.Copy(job.Stdout, data); err != nil {
-			return job.Errorf("%s: %s", name, err)
-		}
-		// FIXME: factor job-specific LogEvent to engine.Job.Run()
-		srv.LogEvent("export", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
 func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 && len(job.Args) != 2 {
 		return job.Errorf("Not enough arguments. Usage: %s CONTAINER [PS_ARGS]\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 5fdc542fe6..a172d55c68 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"export":           srv.ContainerExport,
 		"create":           srv.ContainerCreate,
 		"stop":             srv.ContainerStop,
 		"restart":          srv.ContainerRestart,

From 28fbe12f7b325bc384b71e82e0453dad3c09cdaf Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:36:42 +0000
Subject: [PATCH 320/516] Move "create" to daemon/create.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 80f3272ee9957c537271462a688a7de88aaa92c0
Component: engine
---
 components/engine/daemon/create.go    | 86 +++++++++++++++++++++++++++
 components/engine/daemon/daemon.go    | 35 +----------
 components/engine/server/container.go | 48 ---------------
 components/engine/server/init.go      |  1 -
 4 files changed, 89 insertions(+), 81 deletions(-)
 create mode 100644 components/engine/daemon/create.go

diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go
new file mode 100644
index 0000000000..8d008f8ade
--- /dev/null
+++ b/components/engine/daemon/create.go
@@ -0,0 +1,86 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/runconfig"
+)
+
+func (daemon *Daemon) ContainerCreate(job *engine.Job) engine.Status {
+	var name string
+	if len(job.Args) == 1 {
+		name = job.Args[0]
+	} else if len(job.Args) > 1 {
+		return job.Errorf("Usage: %s", job.Name)
+	}
+	config := runconfig.ContainerConfigFromJob(job)
+	if config.Memory != 0 && config.Memory < 524288 {
+		return job.Errorf("Minimum memory limit allowed is 512k")
+	}
+	if config.Memory > 0 && !daemon.SystemConfig().MemoryLimit {
+		job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		config.Memory = 0
+	}
+	if config.Memory > 0 && !daemon.SystemConfig().SwapLimit {
+		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		config.MemorySwap = -1
+	}
+	container, buildWarnings, err := daemon.Create(config, name)
+	if err != nil {
+		if daemon.Graph().IsNotExist(err) {
+			_, tag := parsers.ParseRepositoryTag(config.Image)
+			if tag == "" {
+				tag = graph.DEFAULTTAG
+			}
+			return job.Errorf("No such image: %s (tag: %s)", config.Image, tag)
+		}
+		return job.Error(err)
+	}
+	if !container.Config.NetworkDisabled && daemon.SystemConfig().IPv4ForwardingDisabled {
+		job.Errorf("IPv4 forwarding is disabled.\n")
+	}
+	job.Eng.Job("log", "create", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	// FIXME: this is necessary because daemon.Create might return a nil container
+	// with a non-nil error. This should not happen! Once it's fixed we
+	// can remove this workaround.
+	if container != nil {
+		job.Printf("%s\n", container.ID)
+	}
+	for _, warning := range buildWarnings {
+		job.Errorf("%s\n", warning)
+	}
+	return engine.StatusOK
+}
+
+// Create creates a new container from the given configuration with a given name.
+func (daemon *Daemon) Create(config *runconfig.Config, name string) (*Container, []string, error) {
+	var (
+		container *Container
+		warnings  []string
+	)
+
+	img, err := daemon.repositories.LookupImage(config.Image)
+	if err != nil {
+		return nil, nil, err
+	}
+	if err := daemon.checkImageDepth(img); err != nil {
+		return nil, nil, err
+	}
+	if warnings, err = daemon.mergeAndVerifyConfig(config, img); err != nil {
+		return nil, nil, err
+	}
+	if container, err = daemon.newContainer(name, config, img); err != nil {
+		return nil, nil, err
+	}
+	if err := daemon.createRootfs(container, img); err != nil {
+		return nil, nil, err
+	}
+	if err := container.ToDisk(); err != nil {
+		return nil, nil, err
+	}
+	if err := daemon.Register(container); err != nil {
+		return nil, nil, err
+	}
+	return container, warnings, nil
+}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 39c2eec15b..b111331415 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -123,6 +123,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("export", daemon.ContainerExport); err != nil {
 		return err
 	}
+	if err := eng.Register("create", daemon.ContainerCreate); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -403,38 +406,6 @@ func (daemon *Daemon) restore() error {
 	return nil
 }
 
-// Create creates a new container from the given configuration with a given name.
-func (daemon *Daemon) Create(config *runconfig.Config, name string) (*Container, []string, error) {
-	var (
-		container *Container
-		warnings  []string
-	)
-
-	img, err := daemon.repositories.LookupImage(config.Image)
-	if err != nil {
-		return nil, nil, err
-	}
-	if err := daemon.checkImageDepth(img); err != nil {
-		return nil, nil, err
-	}
-	if warnings, err = daemon.mergeAndVerifyConfig(config, img); err != nil {
-		return nil, nil, err
-	}
-	if container, err = daemon.newContainer(name, config, img); err != nil {
-		return nil, nil, err
-	}
-	if err := daemon.createRootfs(container, img); err != nil {
-		return nil, nil, err
-	}
-	if err := container.ToDisk(); err != nil {
-		return nil, nil, err
-	}
-	if err := daemon.Register(container); err != nil {
-		return nil, nil, err
-	}
-	return container, warnings, nil
-}
-
 func (daemon *Daemon) checkImageDepth(img *image.Image) error {
 	// We add 2 layers to the depth because the container's rw and
 	// init layer add to the restriction
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index cef405387c..64b942e208 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -21,9 +21,7 @@ import (
 
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/graph"
 	"github.com/docker/docker/pkg/graphdb"
-	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/tailfile"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
@@ -263,52 +261,6 @@ func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
-	var name string
-	if len(job.Args) == 1 {
-		name = job.Args[0]
-	} else if len(job.Args) > 1 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-	config := runconfig.ContainerConfigFromJob(job)
-	if config.Memory != 0 && config.Memory < 524288 {
-		return job.Errorf("Minimum memory limit allowed is 512k")
-	}
-	if config.Memory > 0 && !srv.daemon.SystemConfig().MemoryLimit {
-		job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n")
-		config.Memory = 0
-	}
-	if config.Memory > 0 && !srv.daemon.SystemConfig().SwapLimit {
-		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
-		config.MemorySwap = -1
-	}
-	container, buildWarnings, err := srv.daemon.Create(config, name)
-	if err != nil {
-		if srv.daemon.Graph().IsNotExist(err) {
-			_, tag := parsers.ParseRepositoryTag(config.Image)
-			if tag == "" {
-				tag = graph.DEFAULTTAG
-			}
-			return job.Errorf("No such image: %s (tag: %s)", config.Image, tag)
-		}
-		return job.Error(err)
-	}
-	if !container.Config.NetworkDisabled && srv.daemon.SystemConfig().IPv4ForwardingDisabled {
-		job.Errorf("IPv4 forwarding is disabled.\n")
-	}
-	srv.LogEvent("create", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	// FIXME: this is necessary because daemon.Create might return a nil container
-	// with a non-nil error. This should not happen! Once it's fixed we
-	// can remove this workaround.
-	if container != nil {
-		job.Printf("%s\n", container.ID)
-	}
-	for _, warning := range buildWarnings {
-		job.Errorf("%s\n", warning)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerRestart(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index a172d55c68..9ad5e41359 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"create":           srv.ContainerCreate,
 		"stop":             srv.ContainerStop,
 		"restart":          srv.ContainerRestart,
 		"start":            srv.ContainerStart,

From 4b7b997c6fbcf7f97fe1bd9202a0ca7ef7113aac Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:40:15 +0000
Subject: [PATCH 321/516] Move "stop" to daemon/stop.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 03c07617cce5167ac854ff84637be9cccef39328
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/stop.go      | 30 +++++++++++++++++++++++++++
 components/engine/server/container.go | 25 ----------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 33 insertions(+), 26 deletions(-)
 create mode 100644 components/engine/daemon/stop.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index b111331415..d4a3ddb521 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -126,6 +126,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("create", daemon.ContainerCreate); err != nil {
 		return err
 	}
+	if err := eng.Register("stop", daemon.ContainerStop); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/stop.go b/components/engine/daemon/stop.go
new file mode 100644
index 0000000000..5ce2e1726e
--- /dev/null
+++ b/components/engine/daemon/stop.go
@@ -0,0 +1,30 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerStop(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		t    = 10
+	)
+	if job.EnvExists("t") {
+		t = job.GetenvInt("t")
+	}
+	if container := daemon.Get(name); container != nil {
+		if !container.State.IsRunning() {
+			return job.Errorf("Container already stopped")
+		}
+		if err := container.Stop(int(t)); err != nil {
+			return job.Errorf("Cannot stop container %s: %s\n", name, err)
+		}
+		job.Eng.Job("log", "stop", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	} else {
+		return job.Errorf("No such container: %s\n", name)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 64b942e208..13409a4bb5 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -467,31 +467,6 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerStop(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		t    = 10
-	)
-	if job.EnvExists("t") {
-		t = job.GetenvInt("t")
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if !container.State.IsRunning() {
-			return job.Errorf("Container already stopped")
-		}
-		if err := container.Stop(int(t)); err != nil {
-			return job.Errorf("Cannot stop container %s: %s\n", name, err)
-		}
-		srv.LogEvent("stop", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	} else {
-		return job.Errorf("No such container: %s\n", name)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerWait(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Usage: %s", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 9ad5e41359..c543f3ee91 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"stop":             srv.ContainerStop,
 		"restart":          srv.ContainerRestart,
 		"start":            srv.ContainerStart,
 		"wait":             srv.ContainerWait,

From 3225e05f705db935c7d5823f6ba5958d670fca6e Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:46:18 +0000
Subject: [PATCH 322/516] Move "start" to daemon/start.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 4180b87514b98ed72498073382cbaeeb5e90191a
Component: engine
---
 components/engine/daemon/daemon.go    |  3 ++
 components/engine/daemon/start.go     | 68 +++++++++++++++++++++++++++
 components/engine/server/container.go | 59 -----------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 71 insertions(+), 60 deletions(-)
 create mode 100644 components/engine/daemon/start.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index d4a3ddb521..cc03c3d2a5 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -129,6 +129,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("stop", daemon.ContainerStop); err != nil {
 		return err
 	}
+	if err := eng.Register("start", daemon.ContainerStart); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
new file mode 100644
index 0000000000..0e64a4e916
--- /dev/null
+++ b/components/engine/daemon/start.go
@@ -0,0 +1,68 @@
+package daemon
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/runconfig"
+)
+
+func (daemon *Daemon) ContainerStart(job *engine.Job) engine.Status {
+	if len(job.Args) < 1 {
+		return job.Errorf("Usage: %s container_id", job.Name)
+	}
+	var (
+		name      = job.Args[0]
+		container = daemon.Get(name)
+	)
+
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	if container.State.IsRunning() {
+		return job.Errorf("Container already started")
+	}
+
+	// If no environment was set, then no hostconfig was passed.
+	if len(job.Environ()) > 0 {
+		hostConfig := runconfig.ContainerHostConfigFromJob(job)
+		if err := daemon.setHostConfig(container, hostConfig); err != nil {
+			return job.Error(err)
+		}
+	}
+	if err := container.Start(); err != nil {
+		return job.Errorf("Cannot start container %s: %s", name, err)
+	}
+	job.Eng.Job("log", "start", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+
+	return engine.StatusOK
+}
+
+func (daemon *Daemon) setHostConfig(container *Container, hostConfig *runconfig.HostConfig) error {
+	// Validate the HostConfig binds. Make sure that:
+	// the source exists
+	for _, bind := range hostConfig.Binds {
+		splitBind := strings.Split(bind, ":")
+		source := splitBind[0]
+
+		// ensure the source exists on the host
+		_, err := os.Stat(source)
+		if err != nil && os.IsNotExist(err) {
+			err = os.MkdirAll(source, 0755)
+			if err != nil {
+				return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
+			}
+		}
+	}
+	// Register any links from the host config before starting the container
+	if err := daemon.RegisterLinks(container, hostConfig); err != nil {
+		return err
+	}
+	container.SetHostConfig(hostConfig)
+	container.ToDisk()
+
+	return nil
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 13409a4bb5..a0a05c867c 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -408,65 +408,6 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) setHostConfig(container *daemon.Container, hostConfig *runconfig.HostConfig) error {
-	// Validate the HostConfig binds. Make sure that:
-	// the source exists
-	for _, bind := range hostConfig.Binds {
-		splitBind := strings.Split(bind, ":")
-		source := splitBind[0]
-
-		// ensure the source exists on the host
-		_, err := os.Stat(source)
-		if err != nil && os.IsNotExist(err) {
-			err = os.MkdirAll(source, 0755)
-			if err != nil {
-				return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
-			}
-		}
-	}
-	// Register any links from the host config before starting the container
-	if err := srv.daemon.RegisterLinks(container, hostConfig); err != nil {
-		return err
-	}
-	container.SetHostConfig(hostConfig)
-	container.ToDisk()
-
-	return nil
-}
-
-func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
-	if len(job.Args) < 1 {
-		return job.Errorf("Usage: %s container_id", job.Name)
-	}
-	var (
-		name      = job.Args[0]
-		daemon    = srv.daemon
-		container = daemon.Get(name)
-	)
-
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	if container.State.IsRunning() {
-		return job.Errorf("Container already started")
-	}
-
-	// If no environment was set, then no hostconfig was passed.
-	if len(job.Environ()) > 0 {
-		hostConfig := runconfig.ContainerHostConfigFromJob(job)
-		if err := srv.setHostConfig(container, hostConfig); err != nil {
-			return job.Error(err)
-		}
-	}
-	if err := container.Start(); err != nil {
-		return job.Errorf("Cannot start container %s: %s", name, err)
-	}
-	srv.LogEvent("start", container.ID, daemon.Repositories().ImageName(container.Image))
-
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerWait(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Usage: %s", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index c543f3ee91..50718f1749 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -87,7 +87,6 @@ func InitServer(job *engine.Job) engine.Status {
 
 	for name, handler := range map[string]engine.Handler{
 		"restart":          srv.ContainerRestart,
-		"start":            srv.ContainerStart,
 		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
 		"resize":           srv.ContainerResize,

From 82a821883f4a500306d62c74dac5f852c5dfbbd5 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:48:23 +0000
Subject: [PATCH 323/516] Move "restart" to daemon/restart.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: bd54a73c42760cc94f90df253ecf0818a3006277
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/restart.go   | 27 +++++++++++++++++++++++++++
 components/engine/server/container.go | 22 ----------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 30 insertions(+), 23 deletions(-)
 create mode 100644 components/engine/daemon/restart.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index cc03c3d2a5..08e710b1c8 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -132,6 +132,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("start", daemon.ContainerStart); err != nil {
 		return err
 	}
+	if err := eng.Register("restart", daemon.ContainerRestart); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/restart.go b/components/engine/daemon/restart.go
new file mode 100644
index 0000000000..c0ae949a88
--- /dev/null
+++ b/components/engine/daemon/restart.go
@@ -0,0 +1,27 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerRestart(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+	var (
+		name = job.Args[0]
+		t    = 10
+	)
+	if job.EnvExists("t") {
+		t = job.GetenvInt("t")
+	}
+	if container := daemon.Get(name); container != nil {
+		if err := container.Restart(int(t)); err != nil {
+			return job.Errorf("Cannot restart container %s: %s\n", name, err)
+		}
+		job.Eng.Job("log", "restart", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	} else {
+		return job.Errorf("No such container: %s\n", name)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index a0a05c867c..f8476e5c0a 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -261,28 +261,6 @@ func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerRestart(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-	var (
-		name = job.Args[0]
-		t    = 10
-	)
-	if job.EnvExists("t") {
-		t = job.GetenvInt("t")
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if err := container.Restart(int(t)); err != nil {
-			return job.Errorf("Cannot restart container %s: %s\n", name, err)
-		}
-		srv.LogEvent("restart", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-	} else {
-		return job.Errorf("No such container: %s\n", name)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 50718f1749..31c9e0419d 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"restart":          srv.ContainerRestart,
 		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
 		"resize":           srv.ContainerResize,

From 371adef863ee140e2477847345193903bfa68e3f Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:50:46 +0000
Subject: [PATCH 324/516] Move "wait" to daemon/wait.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: c4ce396f461a75ab887f3e1a2dcc54b10fc20423
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/wait.go      | 20 ++++++++++++++++++++
 components/engine/server/container.go | 13 -------------
 components/engine/server/init.go      |  1 -
 4 files changed, 23 insertions(+), 14 deletions(-)
 create mode 100644 components/engine/daemon/wait.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 08e710b1c8..5f497454ab 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -135,6 +135,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("restart", daemon.ContainerRestart); err != nil {
 		return err
 	}
+	if err := eng.Register("wait", daemon.ContainerWait); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/wait.go b/components/engine/daemon/wait.go
new file mode 100644
index 0000000000..7224b6231f
--- /dev/null
+++ b/components/engine/daemon/wait.go
@@ -0,0 +1,20 @@
+package daemon
+
+import (
+	"time"
+
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerWait(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s", job.Name)
+	}
+	name := job.Args[0]
+	if container := daemon.Get(name); container != nil {
+		status, _ := container.State.WaitStop(-1 * time.Second)
+		job.Printf("%d\n", status)
+		return engine.StatusOK
+	}
+	return job.Errorf("%s: no such container: %s", job.Name, name)
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index f8476e5c0a..ac02ad7a5a 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -386,19 +386,6 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerWait(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		status, _ := container.State.WaitStop(-1 * time.Second)
-		job.Printf("%d\n", status)
-		return engine.StatusOK
-	}
-	return job.Errorf("%s: no such container: %s", job.Name, name)
-}
-
 func (srv *Server) ContainerResize(job *engine.Job) engine.Status {
 	if len(job.Args) != 3 {
 		return job.Errorf("Not enough arguments. Usage: %s CONTAINER HEIGHT WIDTH\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 31c9e0419d..914f53d6b7 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"wait":             srv.ContainerWait,
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
 		"resize":           srv.ContainerResize,
 		"commit":           srv.ContainerCommit,

From 7bdcca558d9555c4ada3150595ddffe90df2f0cc Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:53:22 +0000
Subject: [PATCH 325/516] Move "resize" to daemon/resize.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: e0fd96f850a65cfa6b386fb6b91ee8ced58f5fc2
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/daemon/resize.go    | 29 +++++++++++++++++++++++++++
 components/engine/server/container.go | 22 --------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 32 insertions(+), 23 deletions(-)
 create mode 100644 components/engine/daemon/resize.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 5f497454ab..87837d8bcb 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -138,6 +138,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("wait", daemon.ContainerWait); err != nil {
 		return err
 	}
+	if err := eng.Register("resize", daemon.ContainerResize); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/resize.go b/components/engine/daemon/resize.go
new file mode 100644
index 0000000000..dd196ff6c4
--- /dev/null
+++ b/components/engine/daemon/resize.go
@@ -0,0 +1,29 @@
+package daemon
+
+import (
+	"strconv"
+
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerResize(job *engine.Job) engine.Status {
+	if len(job.Args) != 3 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER HEIGHT WIDTH\n", job.Name)
+	}
+	name := job.Args[0]
+	height, err := strconv.Atoi(job.Args[1])
+	if err != nil {
+		return job.Error(err)
+	}
+	width, err := strconv.Atoi(job.Args[2])
+	if err != nil {
+		return job.Error(err)
+	}
+	if container := daemon.Get(name); container != nil {
+		if err := container.Resize(height, width); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index ac02ad7a5a..b71bfbfa15 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -386,28 +386,6 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerResize(job *engine.Job) engine.Status {
-	if len(job.Args) != 3 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER HEIGHT WIDTH\n", job.Name)
-	}
-	name := job.Args[0]
-	height, err := strconv.Atoi(job.Args[1])
-	if err != nil {
-		return job.Error(err)
-	}
-	width, err := strconv.Atoi(job.Args[2])
-	if err != nil {
-		return job.Error(err)
-	}
-	if container := srv.daemon.Get(name); container != nil {
-		if err := container.Resize(height, width); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
 func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 914f53d6b7..64d6563400 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -87,7 +87,6 @@ func InitServer(job *engine.Job) engine.Status {
 
 	for name, handler := range map[string]engine.Handler{
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
-		"resize":           srv.ContainerResize,
 		"commit":           srv.ContainerCommit,
 		"info":             srv.DockerInfo,
 		"container_delete": srv.ContainerDestroy,

From dbae09b75ebafa0f1f55076416926320d370c716 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 20:57:21 +0000
Subject: [PATCH 326/516] Move "commit" to daemon/commit.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: fdad41f5b921dfa06eec613b86147a22aeea5835
Component: engine
---
 components/engine/daemon/commit.go    | 84 +++++++++++++++++++++++++++
 components/engine/daemon/daemon.go    | 48 +--------------
 components/engine/server/container.go | 33 -----------
 components/engine/server/init.go      |  1 -
 4 files changed, 87 insertions(+), 79 deletions(-)
 create mode 100644 components/engine/daemon/commit.go

diff --git a/components/engine/daemon/commit.go b/components/engine/daemon/commit.go
new file mode 100644
index 0000000000..950925ade3
--- /dev/null
+++ b/components/engine/daemon/commit.go
@@ -0,0 +1,84 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/runconfig"
+)
+
+func (daemon *Daemon) ContainerCommit(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
+	}
+	name := job.Args[0]
+
+	container := daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+
+	var (
+		config    = container.Config
+		newConfig runconfig.Config
+	)
+
+	if err := job.GetenvJson("config", &newConfig); err != nil {
+		return job.Error(err)
+	}
+
+	if err := runconfig.Merge(&newConfig, config); err != nil {
+		return job.Error(err)
+	}
+
+	img, err := daemon.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), job.GetenvBool("pause"), &newConfig)
+	if err != nil {
+		return job.Error(err)
+	}
+	job.Printf("%s\n", img.ID)
+	return engine.StatusOK
+}
+
+// Commit creates a new filesystem image from the current state of a container.
+// The image can optionally be tagged into a repository
+func (daemon *Daemon) Commit(container *Container, repository, tag, comment, author string, pause bool, config *runconfig.Config) (*image.Image, error) {
+	if pause {
+		container.Pause()
+		defer container.Unpause()
+	}
+
+	if err := container.Mount(); err != nil {
+		return nil, err
+	}
+	defer container.Unmount()
+
+	rwTar, err := container.ExportRw()
+	if err != nil {
+		return nil, err
+	}
+	defer rwTar.Close()
+
+	// Create a new image from the container's base layers + a new layer from container changes
+	var (
+		containerID, containerImage string
+		containerConfig             *runconfig.Config
+	)
+
+	if container != nil {
+		containerID = container.ID
+		containerImage = container.Image
+		containerConfig = container.Config
+	}
+
+	img, err := daemon.graph.Create(rwTar, containerID, containerImage, comment, author, containerConfig, config)
+	if err != nil {
+		return nil, err
+	}
+
+	// Register the image if needed
+	if repository != "" {
+		if err := daemon.repositories.Set(repository, tag, img.ID, true); err != nil {
+			return img, err
+		}
+	}
+	return img, nil
+}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 87837d8bcb..27c380b1d3 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -141,6 +141,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("resize", daemon.ContainerResize); err != nil {
 		return err
 	}
+	if err := eng.Register("commit", daemon.ContainerCommit); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -626,51 +629,6 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error
 	return nil
 }
 
-// Commit creates a new filesystem image from the current state of a container.
-// The image can optionally be tagged into a repository
-func (daemon *Daemon) Commit(container *Container, repository, tag, comment, author string, pause bool, config *runconfig.Config) (*image.Image, error) {
-	if pause {
-		container.Pause()
-		defer container.Unpause()
-	}
-
-	if err := container.Mount(); err != nil {
-		return nil, err
-	}
-	defer container.Unmount()
-
-	rwTar, err := container.ExportRw()
-	if err != nil {
-		return nil, err
-	}
-	defer rwTar.Close()
-
-	// Create a new image from the container's base layers + a new layer from container changes
-	var (
-		containerID, containerImage string
-		containerConfig             *runconfig.Config
-	)
-
-	if container != nil {
-		containerID = container.ID
-		containerImage = container.Image
-		containerConfig = container.Config
-	}
-
-	img, err := daemon.graph.Create(rwTar, containerID, containerImage, comment, author, containerConfig, config)
-	if err != nil {
-		return nil, err
-	}
-
-	// Register the image if needed
-	if repository != "" {
-		if err := daemon.repositories.Set(repository, tag, img.ID, true); err != nil {
-			return img, err
-		}
-	}
-	return img, nil
-}
-
 func GetFullContainerName(name string) (string, error) {
 	if name == "" {
 		return "", fmt.Errorf("Container name cannot be empty")
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index b71bfbfa15..6ac46ba3b6 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -23,7 +23,6 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/graphdb"
 	"github.com/docker/docker/pkg/tailfile"
-	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 )
 
@@ -229,38 +228,6 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
-	}
-	name := job.Args[0]
-
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-
-	var (
-		config    = container.Config
-		newConfig runconfig.Config
-	)
-
-	if err := job.GetenvJson("config", &newConfig); err != nil {
-		return job.Error(err)
-	}
-
-	if err := runconfig.Merge(&newConfig, config); err != nil {
-		return job.Error(err)
-	}
-
-	img, err := srv.daemon.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), job.GetenvBool("pause"), &newConfig)
-	if err != nil {
-		return job.Error(err)
-	}
-	job.Printf("%s\n", img.ID)
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	if len(job.Args) != 1 {
 		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 64d6563400..74cd923612 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -87,7 +87,6 @@ func InitServer(job *engine.Job) engine.Status {
 
 	for name, handler := range map[string]engine.Handler{
 		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
-		"commit":           srv.ContainerCommit,
 		"info":             srv.DockerInfo,
 		"container_delete": srv.ContainerDestroy,
 		"image_export":     srv.ImageExport,

From 410573253556b84ec4041886afafaf367c5a758d Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:03:21 +0000
Subject: [PATCH 327/516] Move "logs" to daemon/logs.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 066330fc9687edd3f8a5066fd4201ea14af15f93
Component: engine
---
 components/engine/daemon/daemon.go    |   3 +
 components/engine/daemon/logs.go      | 133 ++++++++++++++++++++++++++
 components/engine/server/container.go | 122 -----------------------
 components/engine/server/init.go      |   1 -
 4 files changed, 136 insertions(+), 123 deletions(-)
 create mode 100644 components/engine/daemon/logs.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 27c380b1d3..333a6f870e 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -144,6 +144,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("commit", daemon.ContainerCommit); err != nil {
 		return err
 	}
+	if err := eng.Register("logs", daemon.ContainerLogs); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/logs.go b/components/engine/daemon/logs.go
new file mode 100644
index 0000000000..edfffac4ff
--- /dev/null
+++ b/components/engine/daemon/logs.go
@@ -0,0 +1,133 @@
+package daemon
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/docker/docker/pkg/tailfile"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
+	}
+
+	var (
+		name   = job.Args[0]
+		stdout = job.GetenvBool("stdout")
+		stderr = job.GetenvBool("stderr")
+		tail   = job.Getenv("tail")
+		follow = job.GetenvBool("follow")
+		times  = job.GetenvBool("timestamps")
+		lines  = -1
+		format string
+	)
+	if !(stdout || stderr) {
+		return job.Errorf("You must choose at least one stream")
+	}
+	if times {
+		format = time.RFC3339Nano
+	}
+	if tail == "" {
+		tail = "all"
+	}
+	container := daemon.Get(name)
+	if container == nil {
+		return job.Errorf("No such container: %s", name)
+	}
+	cLog, err := container.ReadLog("json")
+	if err != nil && os.IsNotExist(err) {
+		// Legacy logs
+		utils.Debugf("Old logs format")
+		if stdout {
+			cLog, err := container.ReadLog("stdout")
+			if err != nil {
+				utils.Errorf("Error reading logs (stdout): %s", err)
+			} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
+				utils.Errorf("Error streaming logs (stdout): %s", err)
+			}
+		}
+		if stderr {
+			cLog, err := container.ReadLog("stderr")
+			if err != nil {
+				utils.Errorf("Error reading logs (stderr): %s", err)
+			} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
+				utils.Errorf("Error streaming logs (stderr): %s", err)
+			}
+		}
+	} else if err != nil {
+		utils.Errorf("Error reading logs (json): %s", err)
+	} else {
+		if tail != "all" {
+			var err error
+			lines, err = strconv.Atoi(tail)
+			if err != nil {
+				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", err)
+				lines = -1
+			}
+		}
+		if lines != 0 {
+			if lines > 0 {
+				f := cLog.(*os.File)
+				ls, err := tailfile.TailFile(f, lines)
+				if err != nil {
+					return job.Error(err)
+				}
+				tmp := bytes.NewBuffer([]byte{})
+				for _, l := range ls {
+					fmt.Fprintf(tmp, "%s\n", l)
+				}
+				cLog = tmp
+			}
+			dec := json.NewDecoder(cLog)
+			for {
+				l := &utils.JSONLog{}
+
+				if err := dec.Decode(l); err == io.EOF {
+					break
+				} else if err != nil {
+					utils.Errorf("Error streaming logs: %s", err)
+					break
+				}
+				logLine := l.Log
+				if times {
+					logLine = fmt.Sprintf("%s %s", l.Created.Format(format), logLine)
+				}
+				if l.Stream == "stdout" && stdout {
+					fmt.Fprintf(job.Stdout, "%s", logLine)
+				}
+				if l.Stream == "stderr" && stderr {
+					fmt.Fprintf(job.Stderr, "%s", logLine)
+				}
+			}
+		}
+	}
+	if follow {
+		errors := make(chan error, 2)
+		if stdout {
+			stdoutPipe := container.StdoutLogPipe()
+			go func() {
+				errors <- utils.WriteLog(stdoutPipe, job.Stdout, format)
+			}()
+		}
+		if stderr {
+			stderrPipe := container.StderrLogPipe()
+			go func() {
+				errors <- utils.WriteLog(stderrPipe, job.Stderr, format)
+			}()
+		}
+		err := <-errors
+		if err != nil {
+			utils.Errorf("%s", err)
+		}
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 6ac46ba3b6..c711b7cbea 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -5,8 +5,6 @@
 package server
 
 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -17,13 +15,10 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/graphdb"
-	"github.com/docker/docker/pkg/tailfile"
-	"github.com/docker/docker/utils"
 )
 
 func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
@@ -353,123 +348,6 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerLogs(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s CONTAINER\n", job.Name)
-	}
-
-	var (
-		name   = job.Args[0]
-		stdout = job.GetenvBool("stdout")
-		stderr = job.GetenvBool("stderr")
-		tail   = job.Getenv("tail")
-		follow = job.GetenvBool("follow")
-		times  = job.GetenvBool("timestamps")
-		lines  = -1
-		format string
-	)
-	if !(stdout || stderr) {
-		return job.Errorf("You must choose at least one stream")
-	}
-	if times {
-		format = time.RFC3339Nano
-	}
-	if tail == "" {
-		tail = "all"
-	}
-	container := srv.daemon.Get(name)
-	if container == nil {
-		return job.Errorf("No such container: %s", name)
-	}
-	cLog, err := container.ReadLog("json")
-	if err != nil && os.IsNotExist(err) {
-		// Legacy logs
-		utils.Debugf("Old logs format")
-		if stdout {
-			cLog, err := container.ReadLog("stdout")
-			if err != nil {
-				utils.Errorf("Error reading logs (stdout): %s", err)
-			} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stdout): %s", err)
-			}
-		}
-		if stderr {
-			cLog, err := container.ReadLog("stderr")
-			if err != nil {
-				utils.Errorf("Error reading logs (stderr): %s", err)
-			} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stderr): %s", err)
-			}
-		}
-	} else if err != nil {
-		utils.Errorf("Error reading logs (json): %s", err)
-	} else {
-		if tail != "all" {
-			var err error
-			lines, err = strconv.Atoi(tail)
-			if err != nil {
-				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", err)
-				lines = -1
-			}
-		}
-		if lines != 0 {
-			if lines > 0 {
-				f := cLog.(*os.File)
-				ls, err := tailfile.TailFile(f, lines)
-				if err != nil {
-					return job.Error(err)
-				}
-				tmp := bytes.NewBuffer([]byte{})
-				for _, l := range ls {
-					fmt.Fprintf(tmp, "%s\n", l)
-				}
-				cLog = tmp
-			}
-			dec := json.NewDecoder(cLog)
-			for {
-				l := &utils.JSONLog{}
-
-				if err := dec.Decode(l); err == io.EOF {
-					break
-				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
-					break
-				}
-				logLine := l.Log
-				if times {
-					logLine = fmt.Sprintf("%s %s", l.Created.Format(format), logLine)
-				}
-				if l.Stream == "stdout" && stdout {
-					fmt.Fprintf(job.Stdout, "%s", logLine)
-				}
-				if l.Stream == "stderr" && stderr {
-					fmt.Fprintf(job.Stderr, "%s", logLine)
-				}
-			}
-		}
-	}
-	if follow {
-		errors := make(chan error, 2)
-		if stdout {
-			stdoutPipe := container.StdoutLogPipe()
-			go func() {
-				errors <- utils.WriteLog(stdoutPipe, job.Stdout, format)
-			}()
-		}
-		if stderr {
-			stderrPipe := container.StderrLogPipe()
-			go func() {
-				errors <- utils.WriteLog(stderrPipe, job.Stderr, format)
-			}()
-		}
-		err := <-errors
-		if err != nil {
-			utils.Errorf("%s", err)
-		}
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 {
 		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 74cd923612..87be38a572 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -95,7 +95,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"viz":              srv.ImagesViz,
 		"container_copy":   srv.ContainerCopy,
 		"log":              srv.Log,
-		"logs":             srv.ContainerLogs,
 		"changes":          srv.ContainerChanges,
 		"top":              srv.ContainerTop,
 		"load":             srv.ImageLoad,

From 7de8df549dab60875a3dc5a41ce708c5c7f4cf9a Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:12:12 +0000
Subject: [PATCH 328/516] Move "delete" to daemon/delete.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)

Fix issues with renaming container_delete to delete
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: cc39d579f50b67617388117e5afbb47351b59337
Component: engine
---
 components/engine/api/server/server.go        |   2 +-
 .../engine/api/server/server_unit_test.go     |   4 +-
 components/engine/daemon/daemon.go            |  46 +----
 components/engine/daemon/delete.go            | 181 ++++++++++++++++++
 components/engine/integration/server_test.go  |   2 +-
 components/engine/server/container.go         | 129 -------------
 components/engine/server/init.go              |  37 ++--
 7 files changed, 208 insertions(+), 193 deletions(-)
 create mode 100644 components/engine/daemon/delete.go

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index d2fd9a77ed..2f7066e87b 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -678,7 +678,7 @@ func deleteContainers(eng *engine.Engine, version version.Version, w http.Respon
 	if vars == nil {
 		return fmt.Errorf("Missing parameter")
 	}
-	job := eng.Job("container_delete", vars["name"])
+	job := eng.Job("delete", vars["name"])
 
 	if version.GreaterThanOrEqualTo("1.14") {
 		job.Setenv("stop", r.Form.Get("stop"))
diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index 41b2581ce9..5aed3cf346 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -455,7 +455,7 @@ func TestDeleteContainers(t *testing.T) {
 	eng := engine.New()
 	name := "foo"
 	var called bool
-	eng.Register("container_delete", func(job *engine.Job) engine.Status {
+	eng.Register("delete", func(job *engine.Job) engine.Status {
 		called = true
 		if len(job.Args) == 0 {
 			t.Fatalf("Job arguments is empty")
@@ -480,7 +480,7 @@ func TestDeleteContainersWithStopAndKill(t *testing.T) {
 	}
 	eng := engine.New()
 	var called bool
-	eng.Register("container_delete", func(job *engine.Job) engine.Status {
+	eng.Register("delete", func(job *engine.Job) engine.Status {
 		called = true
 		return engine.StatusOK
 	})
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 333a6f870e..d632d8b20c 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -147,6 +147,11 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("logs", daemon.ContainerLogs); err != nil {
 		return err
 	}
+	// FIXME: rename "delete" to "rm" for consistency with the CLI command
+	// FIXME: rename ContainerDestroy to ContainerRm for consistency with the CLI command
+	if err := eng.Register("delete", daemon.ContainerDestroy); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -309,47 +314,6 @@ func (daemon *Daemon) LogToDisk(src *broadcastwriter.BroadcastWriter, dst, strea
 	return nil
 }
 
-// Destroy unregisters a container from the daemon and cleanly removes its contents from the filesystem.
-func (daemon *Daemon) Destroy(container *Container) error {
-	if container == nil {
-		return fmt.Errorf("The given container is <nil>")
-	}
-
-	element := daemon.containers.Get(container.ID)
-	if element == nil {
-		return fmt.Errorf("Container %v not found - maybe it was already destroyed?", container.ID)
-	}
-
-	if err := container.Stop(3); err != nil {
-		return err
-	}
-
-	// Deregister the container before removing its directory, to avoid race conditions
-	daemon.idIndex.Delete(container.ID)
-	daemon.containers.Delete(container.ID)
-
-	if _, err := daemon.containerGraph.Purge(container.ID); err != nil {
-		utils.Debugf("Unable to remove container from link graph: %s", err)
-	}
-
-	if err := daemon.driver.Remove(container.ID); err != nil {
-		return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.driver, container.ID, err)
-	}
-
-	initID := fmt.Sprintf("%s-init", container.ID)
-	if err := daemon.driver.Remove(initID); err != nil {
-		return fmt.Errorf("Driver %s failed to remove init filesystem %s: %s", daemon.driver, initID, err)
-	}
-
-	if err := os.RemoveAll(container.root); err != nil {
-		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
-	}
-
-	selinuxFreeLxcContexts(container.ProcessLabel)
-
-	return nil
-}
-
 func (daemon *Daemon) restore() error {
 	var (
 		debug             = (os.Getenv("DEBUG") != "" || os.Getenv("TEST") != "")
diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
new file mode 100644
index 0000000000..9c92be3fb1
--- /dev/null
+++ b/components/engine/daemon/delete.go
@@ -0,0 +1,181 @@
+package daemon
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+// FIXME: rename to ContainerRemove for consistency with the CLI command.
+func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
+	}
+	name := job.Args[0]
+	removeVolume := job.GetenvBool("removeVolume")
+	removeLink := job.GetenvBool("removeLink")
+	stop := job.GetenvBool("stop")
+	kill := job.GetenvBool("kill")
+
+	container := daemon.Get(name)
+
+	if removeLink {
+		if container == nil {
+			return job.Errorf("No such link: %s", name)
+		}
+		name, err := GetFullContainerName(name)
+		if err != nil {
+			job.Error(err)
+		}
+		parent, n := path.Split(name)
+		if parent == "/" {
+			return job.Errorf("Conflict, cannot remove the default name of the container")
+		}
+		pe := daemon.ContainerGraph().Get(parent)
+		if pe == nil {
+			return job.Errorf("Cannot get parent %s for name %s", parent, name)
+		}
+		parentContainer := daemon.Get(pe.ID())
+
+		if parentContainer != nil {
+			parentContainer.DisableLink(n)
+		}
+
+		if err := daemon.ContainerGraph().Delete(name); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+
+	if container != nil {
+		if container.State.IsRunning() {
+			if stop {
+				if err := container.Stop(5); err != nil {
+					return job.Errorf("Could not stop running container, cannot remove - %v", err)
+				}
+			} else if kill {
+				if err := container.Kill(); err != nil {
+					return job.Errorf("Could not kill running container, cannot remove - %v", err)
+				}
+			} else {
+				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
+			}
+		}
+		if err := daemon.Destroy(container); err != nil {
+			return job.Errorf("Cannot destroy container %s: %s", name, err)
+		}
+		job.Eng.Job("log", "destroy", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+
+		if removeVolume {
+			var (
+				volumes     = make(map[string]struct{})
+				binds       = make(map[string]struct{})
+				usedVolumes = make(map[string]*Container)
+			)
+
+			// the volume id is always the base of the path
+			getVolumeId := func(p string) string {
+				return filepath.Base(strings.TrimSuffix(p, "/layer"))
+			}
+
+			// populate bind map so that they can be skipped and not removed
+			for _, bind := range container.HostConfig().Binds {
+				source := strings.Split(bind, ":")[0]
+				// TODO: refactor all volume stuff, all of it
+				// it is very important that we eval the link or comparing the keys to container.Volumes will not work
+				//
+				// eval symlink can fail, ref #5244 if we receive an is not exist error we can ignore it
+				p, err := filepath.EvalSymlinks(source)
+				if err != nil && !os.IsNotExist(err) {
+					return job.Error(err)
+				}
+				if p != "" {
+					source = p
+				}
+				binds[source] = struct{}{}
+			}
+
+			// Store all the deleted containers volumes
+			for _, volumeId := range container.Volumes {
+				// Skip the volumes mounted from external
+				// bind mounts here will will be evaluated for a symlink
+				if _, exists := binds[volumeId]; exists {
+					continue
+				}
+
+				volumeId = getVolumeId(volumeId)
+				volumes[volumeId] = struct{}{}
+			}
+
+			// Retrieve all volumes from all remaining containers
+			for _, container := range daemon.List() {
+				for _, containerVolumeId := range container.Volumes {
+					containerVolumeId = getVolumeId(containerVolumeId)
+					usedVolumes[containerVolumeId] = container
+				}
+			}
+
+			for volumeId := range volumes {
+				// If the requested volu
+				if c, exists := usedVolumes[volumeId]; exists {
+					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
+					continue
+				}
+				if err := daemon.Volumes().Delete(volumeId); err != nil {
+					return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err)
+				}
+			}
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
+
+// Destroy unregisters a container from the daemon and cleanly removes its contents from the filesystem.
+// FIXME: rename to Rm for consistency with the CLI command
+func (daemon *Daemon) Destroy(container *Container) error {
+	if container == nil {
+		return fmt.Errorf("The given container is <nil>")
+	}
+
+	element := daemon.containers.Get(container.ID)
+	if element == nil {
+		return fmt.Errorf("Container %v not found - maybe it was already destroyed?", container.ID)
+	}
+
+	if err := container.Stop(3); err != nil {
+		return err
+	}
+
+	// Deregister the container before removing its directory, to avoid race conditions
+	daemon.idIndex.Delete(container.ID)
+	daemon.containers.Delete(container.ID)
+
+	if _, err := daemon.containerGraph.Purge(container.ID); err != nil {
+		utils.Debugf("Unable to remove container from link graph: %s", err)
+	}
+
+	if err := daemon.driver.Remove(container.ID); err != nil {
+		return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.driver, container.ID, err)
+	}
+
+	initID := fmt.Sprintf("%s-init", container.ID)
+	if err := daemon.driver.Remove(initID); err != nil {
+		return fmt.Errorf("Driver %s failed to remove init filesystem %s: %s", daemon.driver, initID, err)
+	}
+
+	if err := os.RemoveAll(container.root); err != nil {
+		return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err)
+	}
+
+	selinuxFreeLxcContexts(container.ProcessLabel)
+
+	return nil
+}
diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index 71ec93cdc2..7b9f5ade01 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -221,7 +221,7 @@ func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 	}
 
 	// FIXME: this failed once with a race condition ("Unable to remove filesystem for xxx: directory not empty")
-	job = eng.Job("container_delete", id)
+	job = eng.Job("delete", id)
 	job.SetenvBool("removeVolume", true)
 	if err := job.Run(); err != nil {
 		t.Fatal(err)
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index c711b7cbea..2c13e8d447 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -8,11 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log"
-	"os"
 	"os/exec"
-	"path"
-	"path/filepath"
 	"strconv"
 	"strings"
 
@@ -223,131 +219,6 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER\n", job.Name)
-	}
-	name := job.Args[0]
-	removeVolume := job.GetenvBool("removeVolume")
-	removeLink := job.GetenvBool("removeLink")
-	stop := job.GetenvBool("stop")
-	kill := job.GetenvBool("kill")
-
-	container := srv.daemon.Get(name)
-
-	if removeLink {
-		if container == nil {
-			return job.Errorf("No such link: %s", name)
-		}
-		name, err := daemon.GetFullContainerName(name)
-		if err != nil {
-			job.Error(err)
-		}
-		parent, n := path.Split(name)
-		if parent == "/" {
-			return job.Errorf("Conflict, cannot remove the default name of the container")
-		}
-		pe := srv.daemon.ContainerGraph().Get(parent)
-		if pe == nil {
-			return job.Errorf("Cannot get parent %s for name %s", parent, name)
-		}
-		parentContainer := srv.daemon.Get(pe.ID())
-
-		if parentContainer != nil {
-			parentContainer.DisableLink(n)
-		}
-
-		if err := srv.daemon.ContainerGraph().Delete(name); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-
-	if container != nil {
-		if container.State.IsRunning() {
-			if stop {
-				if err := container.Stop(5); err != nil {
-					return job.Errorf("Could not stop running container, cannot remove - %v", err)
-				}
-			} else if kill {
-				if err := container.Kill(); err != nil {
-					return job.Errorf("Could not kill running container, cannot remove - %v", err)
-				}
-			} else {
-				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
-			}
-		}
-		if err := srv.daemon.Destroy(container); err != nil {
-			return job.Errorf("Cannot destroy container %s: %s", name, err)
-		}
-		srv.LogEvent("destroy", container.ID, srv.daemon.Repositories().ImageName(container.Image))
-
-		if removeVolume {
-			var (
-				volumes     = make(map[string]struct{})
-				binds       = make(map[string]struct{})
-				usedVolumes = make(map[string]*daemon.Container)
-			)
-
-			// the volume id is always the base of the path
-			getVolumeId := func(p string) string {
-				return filepath.Base(strings.TrimSuffix(p, "/layer"))
-			}
-
-			// populate bind map so that they can be skipped and not removed
-			for _, bind := range container.HostConfig().Binds {
-				source := strings.Split(bind, ":")[0]
-				// TODO: refactor all volume stuff, all of it
-				// it is very important that we eval the link or comparing the keys to container.Volumes will not work
-				//
-				// eval symlink can fail, ref #5244 if we receive an is not exist error we can ignore it
-				p, err := filepath.EvalSymlinks(source)
-				if err != nil && !os.IsNotExist(err) {
-					return job.Error(err)
-				}
-				if p != "" {
-					source = p
-				}
-				binds[source] = struct{}{}
-			}
-
-			// Store all the deleted containers volumes
-			for _, volumeId := range container.Volumes {
-				// Skip the volumes mounted from external
-				// bind mounts here will will be evaluated for a symlink
-				if _, exists := binds[volumeId]; exists {
-					continue
-				}
-
-				volumeId = getVolumeId(volumeId)
-				volumes[volumeId] = struct{}{}
-			}
-
-			// Retrieve all volumes from all remaining containers
-			for _, container := range srv.daemon.List() {
-				for _, containerVolumeId := range container.Volumes {
-					containerVolumeId = getVolumeId(containerVolumeId)
-					usedVolumes[containerVolumeId] = container
-				}
-			}
-
-			for volumeId := range volumes {
-				// If the requested volu
-				if c, exists := usedVolumes[volumeId]; exists {
-					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
-					continue
-				}
-				if err := srv.daemon.Volumes().Delete(volumeId); err != nil {
-					return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err)
-				}
-			}
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 {
 		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 87be38a572..d37a21fbc1 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,25 +86,24 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"tag":              srv.ImageTag, // FIXME merge with "image_tag"
-		"info":             srv.DockerInfo,
-		"container_delete": srv.ContainerDestroy,
-		"image_export":     srv.ImageExport,
-		"images":           srv.Images,
-		"history":          srv.ImageHistory,
-		"viz":              srv.ImagesViz,
-		"container_copy":   srv.ContainerCopy,
-		"log":              srv.Log,
-		"changes":          srv.ContainerChanges,
-		"top":              srv.ContainerTop,
-		"load":             srv.ImageLoad,
-		"build":            srv.Build,
-		"pull":             srv.ImagePull,
-		"import":           srv.ImageImport,
-		"image_delete":     srv.ImageDelete,
-		"events":           srv.Events,
-		"push":             srv.ImagePush,
-		"containers":       srv.Containers,
+		"tag":            srv.ImageTag, // FIXME merge with "image_tag"
+		"info":           srv.DockerInfo,
+		"image_export":   srv.ImageExport,
+		"images":         srv.Images,
+		"history":        srv.ImageHistory,
+		"viz":            srv.ImagesViz,
+		"container_copy": srv.ContainerCopy,
+		"log":            srv.Log,
+		"changes":        srv.ContainerChanges,
+		"top":            srv.ContainerTop,
+		"load":           srv.ImageLoad,
+		"build":          srv.Build,
+		"pull":           srv.ImagePull,
+		"import":         srv.ImageImport,
+		"image_delete":   srv.ImageDelete,
+		"events":         srv.Events,
+		"push":           srv.ImagePush,
+		"containers":     srv.Containers,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)

From 0ebd9055087f95acbb81a96b47a8a4d19f0fede7 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:15:28 +0000
Subject: [PATCH 329/516] Move "copy" to daemon/copy.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 06229a4b76aa221d08cfb1888b919da31c49194f
Component: engine
---
 components/engine/daemon/copy.go      | 33 +++++++++++++++++++++++++
 components/engine/daemon/daemon.go    |  3 +++
 components/engine/server/container.go | 27 ---------------------
 components/engine/server/init.go      | 35 +++++++++++++--------------
 4 files changed, 53 insertions(+), 45 deletions(-)
 create mode 100644 components/engine/daemon/copy.go

diff --git a/components/engine/daemon/copy.go b/components/engine/daemon/copy.go
new file mode 100644
index 0000000000..9d18b010c0
--- /dev/null
+++ b/components/engine/daemon/copy.go
@@ -0,0 +1,33 @@
+package daemon
+
+import (
+	"io"
+
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerCopy(job *engine.Job) engine.Status {
+	if len(job.Args) != 2 {
+		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
+	}
+
+	var (
+		name     = job.Args[0]
+		resource = job.Args[1]
+	)
+
+	if container := daemon.Get(name); container != nil {
+
+		data, err := container.Copy(resource)
+		if err != nil {
+			return job.Error(err)
+		}
+		defer data.Close()
+
+		if _, err := io.Copy(job.Stdout, data); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	}
+	return job.Errorf("No such container: %s", name)
+}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index d632d8b20c..b6ee5e7afd 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -152,6 +152,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("delete", daemon.ContainerDestroy); err != nil {
 		return err
 	}
+	if err := eng.Register("container_copy", daemon.ContainerCopy); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 2c13e8d447..441d21624e 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -7,7 +7,6 @@ package server
 import (
 	"errors"
 	"fmt"
-	"io"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -218,29 +217,3 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 	}
 	return engine.StatusOK
 }
-
-func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
-	if len(job.Args) != 2 {
-		return job.Errorf("Usage: %s CONTAINER RESOURCE\n", job.Name)
-	}
-
-	var (
-		name     = job.Args[0]
-		resource = job.Args[1]
-	)
-
-	if container := srv.daemon.Get(name); container != nil {
-
-		data, err := container.Copy(resource)
-		if err != nil {
-			return job.Error(err)
-		}
-		defer data.Close()
-
-		if _, err := io.Copy(job.Stdout, data); err != nil {
-			return job.Error(err)
-		}
-		return engine.StatusOK
-	}
-	return job.Errorf("No such container: %s", name)
-}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index d37a21fbc1..fb011ff4ad 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,24 +86,23 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"tag":            srv.ImageTag, // FIXME merge with "image_tag"
-		"info":           srv.DockerInfo,
-		"image_export":   srv.ImageExport,
-		"images":         srv.Images,
-		"history":        srv.ImageHistory,
-		"viz":            srv.ImagesViz,
-		"container_copy": srv.ContainerCopy,
-		"log":            srv.Log,
-		"changes":        srv.ContainerChanges,
-		"top":            srv.ContainerTop,
-		"load":           srv.ImageLoad,
-		"build":          srv.Build,
-		"pull":           srv.ImagePull,
-		"import":         srv.ImageImport,
-		"image_delete":   srv.ImageDelete,
-		"events":         srv.Events,
-		"push":           srv.ImagePush,
-		"containers":     srv.Containers,
+		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
+		"info":         srv.DockerInfo,
+		"image_export": srv.ImageExport,
+		"images":       srv.Images,
+		"history":      srv.ImageHistory,
+		"viz":          srv.ImagesViz,
+		"log":          srv.Log,
+		"changes":      srv.ContainerChanges,
+		"top":          srv.ContainerTop,
+		"load":         srv.ImageLoad,
+		"build":        srv.Build,
+		"pull":         srv.ImagePull,
+		"import":       srv.ImageImport,
+		"image_delete": srv.ImageDelete,
+		"events":       srv.Events,
+		"push":         srv.ImagePush,
+		"containers":   srv.Containers,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)

From 5860a921ea267b29a722d77eb34ad27c87a173cf Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:17:50 +0000
Subject: [PATCH 330/516] Move "changes" to daemon/changes.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)

Fix issues with renaming changes to container_changes
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 49e61f62ced4e111071cf9439e3264f06b008c6c
Component: engine
---
 components/engine/api/server/server.go |  2 +-
 components/engine/daemon/changes.go    | 32 ++++++++++++++++++++++++++
 components/engine/daemon/daemon.go     |  3 +++
 components/engine/server/container.go  | 27 ----------------------
 components/engine/server/init.go       |  1 -
 5 files changed, 36 insertions(+), 29 deletions(-)
 create mode 100644 components/engine/daemon/changes.go

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 2f7066e87b..4d8d74f38c 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -302,7 +302,7 @@ func getContainersChanges(eng *engine.Engine, version version.Version, w http.Re
 	if vars == nil {
 		return fmt.Errorf("Missing parameter")
 	}
-	var job = eng.Job("changes", vars["name"])
+	var job = eng.Job("container_changes", vars["name"])
 	streamJSON(job, w, false)
 
 	return job.Run()
diff --git a/components/engine/daemon/changes.go b/components/engine/daemon/changes.go
new file mode 100644
index 0000000000..1e5726eda8
--- /dev/null
+++ b/components/engine/daemon/changes.go
@@ -0,0 +1,32 @@
+package daemon
+
+import (
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerChanges(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s CONTAINER", job.Name)
+	}
+	name := job.Args[0]
+	if container := daemon.Get(name); container != nil {
+		outs := engine.NewTable("", 0)
+		changes, err := container.Changes()
+		if err != nil {
+			return job.Error(err)
+		}
+		for _, change := range changes {
+			out := &engine.Env{}
+			if err := out.Import(change); err != nil {
+				return job.Error(err)
+			}
+			outs.Add(out)
+		}
+		if _, err := outs.WriteListTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+	} else {
+		return job.Errorf("No such container: %s", name)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index b6ee5e7afd..6ff82253ab 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -155,6 +155,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("container_copy", daemon.ContainerCopy); err != nil {
 		return err
 	}
+	if err := eng.Register("container_changes", daemon.ContainerChanges); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 441d21624e..2c8958e8f9 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -86,33 +86,6 @@ func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
 	return job.Errorf("No such container: %s", name)
 }
 
-func (srv *Server) ContainerChanges(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s CONTAINER", job.Name)
-	}
-	name := job.Args[0]
-	if container := srv.daemon.Get(name); container != nil {
-		outs := engine.NewTable("", 0)
-		changes, err := container.Changes()
-		if err != nil {
-			return job.Error(err)
-		}
-		for _, change := range changes {
-			out := &engine.Env{}
-			if err := out.Import(change); err != nil {
-				return job.Error(err)
-			}
-			outs.Add(out)
-		}
-		if _, err := outs.WriteListTo(job.Stdout); err != nil {
-			return job.Error(err)
-		}
-	} else {
-		return job.Errorf("No such container: %s", name)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) Containers(job *engine.Job) engine.Status {
 	var (
 		foundBefore bool
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index fb011ff4ad..77a52317ce 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -93,7 +93,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"history":      srv.ImageHistory,
 		"viz":          srv.ImagesViz,
 		"log":          srv.Log,
-		"changes":      srv.ContainerChanges,
 		"top":          srv.ContainerTop,
 		"load":         srv.ImageLoad,
 		"build":        srv.Build,

From 021f4f388626b59e872bdc02775097e05252d4ba Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:21:38 +0000
Subject: [PATCH 331/516] Move "top" to daemon/top.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: aa49632feff937287cd6f6413d665ec74f49779c
Component: engine
---
 components/engine/daemon/daemon.go    |  3 +
 components/engine/daemon/top.go       | 79 +++++++++++++++++++++++++++
 components/engine/server/container.go | 72 ------------------------
 components/engine/server/init.go      |  1 -
 4 files changed, 82 insertions(+), 73 deletions(-)
 create mode 100644 components/engine/daemon/top.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 6ff82253ab..815bacccd7 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -158,6 +158,9 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("container_changes", daemon.ContainerChanges); err != nil {
 		return err
 	}
+	if err := eng.Register("top", daemon.ContainerTop); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/components/engine/daemon/top.go b/components/engine/daemon/top.go
new file mode 100644
index 0000000000..ceaeea157e
--- /dev/null
+++ b/components/engine/daemon/top.go
@@ -0,0 +1,79 @@
+package daemon
+
+import (
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/engine"
+)
+
+func (daemon *Daemon) ContainerTop(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 && len(job.Args) != 2 {
+		return job.Errorf("Not enough arguments. Usage: %s CONTAINER [PS_ARGS]\n", job.Name)
+	}
+	var (
+		name   = job.Args[0]
+		psArgs = "-ef"
+	)
+
+	if len(job.Args) == 2 && job.Args[1] != "" {
+		psArgs = job.Args[1]
+	}
+
+	if container := daemon.Get(name); container != nil {
+		if !container.State.IsRunning() {
+			return job.Errorf("Container %s is not running", name)
+		}
+		pids, err := daemon.ExecutionDriver().GetPidsForContainer(container.ID)
+		if err != nil {
+			return job.Error(err)
+		}
+		output, err := exec.Command("ps", psArgs).Output()
+		if err != nil {
+			return job.Errorf("Error running ps: %s", err)
+		}
+
+		lines := strings.Split(string(output), "\n")
+		header := strings.Fields(lines[0])
+		out := &engine.Env{}
+		out.SetList("Titles", header)
+
+		pidIndex := -1
+		for i, name := range header {
+			if name == "PID" {
+				pidIndex = i
+			}
+		}
+		if pidIndex == -1 {
+			return job.Errorf("Couldn't find PID field in ps output")
+		}
+
+		processes := [][]string{}
+		for _, line := range lines[1:] {
+			if len(line) == 0 {
+				continue
+			}
+			fields := strings.Fields(line)
+			p, err := strconv.Atoi(fields[pidIndex])
+			if err != nil {
+				return job.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
+			}
+
+			for _, pid := range pids {
+				if pid == p {
+					// Make sure number of fields equals number of header titles
+					// merging "overhanging" fields
+					process := fields[:len(header)-1]
+					process = append(process, strings.Join(fields[len(header)-1:], " "))
+					processes = append(processes, process)
+				}
+			}
+		}
+		out.SetJson("Processes", processes)
+		out.WriteTo(job.Stdout)
+		return engine.StatusOK
+
+	}
+	return job.Errorf("No such container: %s", name)
+}
diff --git a/components/engine/server/container.go b/components/engine/server/container.go
index 2c8958e8f9..9ee77cf4d5 100644
--- a/components/engine/server/container.go
+++ b/components/engine/server/container.go
@@ -7,8 +7,6 @@ package server
 import (
 	"errors"
 	"fmt"
-	"os/exec"
-	"strconv"
 	"strings"
 
 	"github.com/docker/docker/daemon"
@@ -16,76 +14,6 @@ import (
 	"github.com/docker/docker/pkg/graphdb"
 )
 
-func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 && len(job.Args) != 2 {
-		return job.Errorf("Not enough arguments. Usage: %s CONTAINER [PS_ARGS]\n", job.Name)
-	}
-	var (
-		name   = job.Args[0]
-		psArgs = "-ef"
-	)
-
-	if len(job.Args) == 2 && job.Args[1] != "" {
-		psArgs = job.Args[1]
-	}
-
-	if container := srv.daemon.Get(name); container != nil {
-		if !container.State.IsRunning() {
-			return job.Errorf("Container %s is not running", name)
-		}
-		pids, err := srv.daemon.ExecutionDriver().GetPidsForContainer(container.ID)
-		if err != nil {
-			return job.Error(err)
-		}
-		output, err := exec.Command("ps", psArgs).Output()
-		if err != nil {
-			return job.Errorf("Error running ps: %s", err)
-		}
-
-		lines := strings.Split(string(output), "\n")
-		header := strings.Fields(lines[0])
-		out := &engine.Env{}
-		out.SetList("Titles", header)
-
-		pidIndex := -1
-		for i, name := range header {
-			if name == "PID" {
-				pidIndex = i
-			}
-		}
-		if pidIndex == -1 {
-			return job.Errorf("Couldn't find PID field in ps output")
-		}
-
-		processes := [][]string{}
-		for _, line := range lines[1:] {
-			if len(line) == 0 {
-				continue
-			}
-			fields := strings.Fields(line)
-			p, err := strconv.Atoi(fields[pidIndex])
-			if err != nil {
-				return job.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
-			}
-
-			for _, pid := range pids {
-				if pid == p {
-					// Make sure number of fields equals number of header titles
-					// merging "overhanging" fields
-					process := fields[:len(header)-1]
-					process = append(process, strings.Join(fields[len(header)-1:], " "))
-					processes = append(processes, process)
-				}
-			}
-		}
-		out.SetJson("Processes", processes)
-		out.WriteTo(job.Stdout)
-		return engine.StatusOK
-
-	}
-	return job.Errorf("No such container: %s", name)
-}
-
 func (srv *Server) Containers(job *engine.Job) engine.Status {
 	var (
 		foundBefore bool
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 77a52317ce..8a31a36379 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -93,7 +93,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"history":      srv.ImageHistory,
 		"viz":          srv.ImagesViz,
 		"log":          srv.Log,
-		"top":          srv.ContainerTop,
 		"load":         srv.ImageLoad,
 		"build":        srv.Build,
 		"pull":         srv.ImagePull,

From d37dbe0e162220b361a5a91b6981cae00a6c763f Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:26:25 +0000
Subject: [PATCH 332/516] Move "containers" to daemon/list.go

This is part of an effort to break apart the deprecated server/ package

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: d0370076585f506d2f81af3fb3dab56119bdc0e9
Component: engine
---
 components/engine/daemon/daemon.go            |  8 ++---
 .../{server/container.go => daemon/list.go}   | 31 ++++++++++---------
 components/engine/server/init.go              |  1 -
 3 files changed, 19 insertions(+), 21 deletions(-)
 rename components/engine/{server/container.go => daemon/list.go} (79%)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 815bacccd7..332c77eb2d 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -161,14 +161,12 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	if err := eng.Register("top", daemon.ContainerTop); err != nil {
 		return err
 	}
+	if err := eng.Register("containers", daemon.Containers); err != nil {
+		return err
+	}
 	return nil
 }
 
-// List returns an array of all containers registered in the daemon.
-func (daemon *Daemon) List() []*Container {
-	return daemon.containers.List()
-}
-
 // Get looks for a container by the specified ID or name, and returns it.
 // If the container is not found, or if an error occurs, nil is returned.
 func (daemon *Daemon) Get(name string) *Container {
diff --git a/components/engine/server/container.go b/components/engine/daemon/list.go
similarity index 79%
rename from components/engine/server/container.go
rename to components/engine/daemon/list.go
index 9ee77cf4d5..e3749346f4 100644
--- a/components/engine/server/container.go
+++ b/components/engine/daemon/list.go
@@ -1,20 +1,21 @@
-// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
-//
-// For additional commments see server/server.go
-//
-package server
+package daemon
 
 import (
 	"errors"
 	"fmt"
 	"strings"
 
-	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/graphdb"
+
+	"github.com/docker/docker/engine"
 )
 
-func (srv *Server) Containers(job *engine.Job) engine.Status {
+// List returns an array of all containers registered in the daemon.
+func (daemon *Daemon) List() []*Container {
+	return daemon.containers.List()
+}
+
+func (daemon *Daemon) Containers(job *engine.Job) engine.Status {
 	var (
 		foundBefore bool
 		displayed   int
@@ -27,28 +28,28 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 	outs := engine.NewTable("Created", 0)
 
 	names := map[string][]string{}
-	srv.daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
+	daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
 		names[e.ID()] = append(names[e.ID()], p)
 		return nil
 	}, -1)
 
-	var beforeCont, sinceCont *daemon.Container
+	var beforeCont, sinceCont *Container
 	if before != "" {
-		beforeCont = srv.daemon.Get(before)
+		beforeCont = daemon.Get(before)
 		if beforeCont == nil {
 			return job.Error(fmt.Errorf("Could not find container with name or id %s", before))
 		}
 	}
 
 	if since != "" {
-		sinceCont = srv.daemon.Get(since)
+		sinceCont = daemon.Get(since)
 		if sinceCont == nil {
 			return job.Error(fmt.Errorf("Could not find container with name or id %s", since))
 		}
 	}
 
 	errLast := errors.New("last container")
-	writeCont := func(container *daemon.Container) error {
+	writeCont := func(container *Container) error {
 		container.Lock()
 		defer container.Unlock()
 		if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" {
@@ -72,7 +73,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		out := &engine.Env{}
 		out.Set("Id", container.ID)
 		out.SetList("Names", names[container.ID])
-		out.Set("Image", srv.daemon.Repositories().ImageName(container.Image))
+		out.Set("Image", daemon.Repositories().ImageName(container.Image))
 		if len(container.Args) > 0 {
 			args := []string{}
 			for _, arg := range container.Args {
@@ -104,7 +105,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		return nil
 	}
 
-	for _, container := range srv.daemon.List() {
+	for _, container := range daemon.List() {
 		if err := writeCont(container); err != nil {
 			if err != errLast {
 				return job.Error(err)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 8a31a36379..cbe5340f21 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -100,7 +100,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"image_delete": srv.ImageDelete,
 		"events":       srv.Events,
 		"push":         srv.ImagePush,
-		"containers":   srv.Containers,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)

From 529952baedf2498e76d689c266391dde8705e087 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 31 Jul 2014 21:37:30 +0000
Subject: [PATCH 333/516] Cleanup daemon/Daemon.Install for readability

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: f46de04af65968f704f08681e4cf6c35e20b0697
Component: engine
---
 components/engine/daemon/daemon.go | 80 +++++++++---------------------
 1 file changed, 24 insertions(+), 56 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 332c77eb2d..3da5422c6e 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -105,64 +105,32 @@ type Daemon struct {
 
 // Install installs daemon capabilities to eng.
 func (daemon *Daemon) Install(eng *engine.Engine) error {
-	if err := eng.Register("container_inspect", daemon.ContainerInspect); err != nil {
-		return err
-	}
-	if err := eng.Register("attach", daemon.ContainerAttach); err != nil {
-		return err
-	}
-	if err := eng.Register("pause", daemon.ContainerPause); err != nil {
-		return err
-	}
-	if err := eng.Register("unpause", daemon.ContainerUnpause); err != nil {
-		return err
-	}
-	if err := eng.Register("kill", daemon.ContainerKill); err != nil {
-		return err
-	}
-	if err := eng.Register("export", daemon.ContainerExport); err != nil {
-		return err
-	}
-	if err := eng.Register("create", daemon.ContainerCreate); err != nil {
-		return err
-	}
-	if err := eng.Register("stop", daemon.ContainerStop); err != nil {
-		return err
-	}
-	if err := eng.Register("start", daemon.ContainerStart); err != nil {
-		return err
-	}
-	if err := eng.Register("restart", daemon.ContainerRestart); err != nil {
-		return err
-	}
-	if err := eng.Register("wait", daemon.ContainerWait); err != nil {
-		return err
-	}
-	if err := eng.Register("resize", daemon.ContainerResize); err != nil {
-		return err
-	}
-	if err := eng.Register("commit", daemon.ContainerCommit); err != nil {
-		return err
-	}
-	if err := eng.Register("logs", daemon.ContainerLogs); err != nil {
-		return err
-	}
 	// FIXME: rename "delete" to "rm" for consistency with the CLI command
 	// FIXME: rename ContainerDestroy to ContainerRm for consistency with the CLI command
-	if err := eng.Register("delete", daemon.ContainerDestroy); err != nil {
-		return err
-	}
-	if err := eng.Register("container_copy", daemon.ContainerCopy); err != nil {
-		return err
-	}
-	if err := eng.Register("container_changes", daemon.ContainerChanges); err != nil {
-		return err
-	}
-	if err := eng.Register("top", daemon.ContainerTop); err != nil {
-		return err
-	}
-	if err := eng.Register("containers", daemon.Containers); err != nil {
-		return err
+	for name, method := range map[string]engine.Handler{
+		"attach":            daemon.ContainerAttach,
+		"commit":            daemon.ContainerCommit,
+		"container_changes": daemon.ContainerChanges,
+		"container_copy":    daemon.ContainerCopy,
+		"container_inspect": daemon.ContainerInspect,
+		"containers":        daemon.Containers,
+		"create":            daemon.ContainerCreate,
+		"delete":            daemon.ContainerDestroy,
+		"export":            daemon.ContainerExport,
+		"kill":              daemon.ContainerKill,
+		"logs":              daemon.ContainerLogs,
+		"pause":             daemon.ContainerPause,
+		"resize":            daemon.ContainerResize,
+		"restart":           daemon.ContainerRestart,
+		"start":             daemon.ContainerStart,
+		"stop":              daemon.ContainerStop,
+		"top":               daemon.ContainerTop,
+		"unpause":           daemon.ContainerUnpause,
+		"wait":              daemon.ContainerWait,
+	} {
+		if err := eng.Register(name, method); err != nil {
+			return err
+		}
 	}
 	return nil
 }

From 22a66332f2feaa2dc40ed616bcc903f13391f0c0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 1 Aug 2014 15:26:30 -0700
Subject: [PATCH 334/516] Return error for bad content-type
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 78ac75fe00669f8d24ecab3273d47e805963e4d3
 Component: engine

---
 components/engine/api/server/server.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 4d8d74f38c..b01ce0d0d1 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -725,10 +725,12 @@ func postContainersStart(eng *engine.Engine, version version.Version, w http.Res
 
 	// allow a nil body for backwards compatibility
 	if r.Body != nil {
-		if api.MatchesContentType(r.Header.Get("Content-Type"), "application/json") {
-			if err := job.DecodeEnv(r.Body); err != nil {
-				return err
-			}
+		if !api.MatchesContentType(r.Header.Get("Content-Type"), "application/json") {
+			return fmt.Errorf("Content-Type is not supported: %s", r.Header.Get("Content-Type"))
+		}
+
+		if err := job.DecodeEnv(r.Body); err != nil {
+			return err
 		}
 	}
 	if err := job.Run(); err != nil {

From 13e82ab04775e16533fdfcc41d710638b6770b5a Mon Sep 17 00:00:00 2001
From: Lachlan Coote <lcoote@vmware.com>
Date: Thu, 31 Jul 2014 19:26:32 -0700
Subject: [PATCH 335/516]  #1852 Remote API documentation incorrect regarding
 private registries

Issues addressed:

- Remote API doco refers to "registry" parameter which is not supported
- Neglects to mention "tag" parameter which is supported
- Offers no guidance on pushing to private registries

Changes made:

- As directed in review comments, `registry` removed from all api versions (1.0-1.14)
- Have added documentation for `tag` parameter and guidance on private registries for versions 1.10-1.14 (I have only validated this on .10)

Docker-DCO-1.1-Signed-off-by: Lachlan Coote <lachlan.t.coote@gmail.com> (github: lcoote)
Upstream-commit: a5c5dc121c794daa199a813a95c0affd766a18f4
Component: engine
---
 .../sources/reference/api/docker_remote_api_v1.0.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.1.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.10.md  | 11 ++++++++++-
 .../sources/reference/api/docker_remote_api_v1.11.md  | 11 ++++++++++-
 .../sources/reference/api/docker_remote_api_v1.12.md  | 11 ++++++++++-
 .../sources/reference/api/docker_remote_api_v1.13.md  | 11 ++++++++++-
 .../sources/reference/api/docker_remote_api_v1.14.md  | 11 ++++++++++-
 .../sources/reference/api/docker_remote_api_v1.2.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.3.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.4.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.5.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.6.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.7.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.8.md   |  6 ------
 .../sources/reference/api/docker_remote_api_v1.9.md   |  6 ------
 15 files changed, 50 insertions(+), 65 deletions(-)

diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
index ddbc165e5e..197991de94 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.0.md
@@ -677,12 +677,6 @@ Push the image `name` on the registry
 
         {{ STREAM }}
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
index 9bffc949a6..928e3210f2 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.1.md
@@ -687,12 +687,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
index e249065998..6ffae3e07e 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.10.md
@@ -853,11 +853,20 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
+    If you wish to push an image on to a private registry, that image must already have been tagged
+    into a repository which references that registry host name and port.  This repository name should 
+    then be used in the URL. This mirrors the flow of the CLI.
+
+    **Example request**:
+
+        POST /images/registry.acme.com:5000/test/push HTTP/1.1    
+    
+
     Query Parameters:
 
      
 
-    -   **registry** – the registry you wan to push, optional
+    -   **tag** – the tag to associate with the image on the registry, optional
 
     Request Headers:
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
index 3e777f6f7a..a0187dbdf6 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.11.md
@@ -861,11 +861,20 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
+    If you wish to push an image on to a private registry, that image must already have been tagged
+    into a repository which references that registry host name and port.  This repository name should 
+    then be used in the URL. This mirrors the flow of the CLI.
+
+    **Example request**:
+
+        POST /images/registry.acme.com:5000/test/push HTTP/1.1    
+    
+
     Query Parameters:
 
      
 
-    -   **registry** – the registry you wan to push, optional
+    -   **tag** – the tag to associate with the image on the registry, optional
 
     Request Headers:
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
index 0679b18889..54e57d2916 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
@@ -914,11 +914,20 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
+    If you wish to push an image on to a private registry, that image must already have been tagged
+    into a repository which references that registry host name and port.  This repository name should 
+    then be used in the URL. This mirrors the flow of the CLI.
+
+    **Example request**:
+
+        POST /images/registry.acme.com:5000/test/push HTTP/1.1    
+    
+
     Query Parameters:
 
      
 
-    -   **registry** – the registry you wan to push, optional
+    -   **tag** – the tag to associate with the image on the registry, optional
 
     Request Headers:
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
index cbe013c816..cf21aefb00 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
@@ -914,11 +914,20 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
+    If you wish to push an image on to a private registry, that image must already have been tagged
+    into a repository which references that registry host name and port.  This repository name should 
+    then be used in the URL. This mirrors the flow of the CLI.
+
+    **Example request**:
+
+        POST /images/registry.acme.com:5000/test/push HTTP/1.1    
+    
+
     Query Parameters:
 
      
 
-    -   **registry** – the registry you wan to push, optional
+    -   **tag** – the tag to associate with the image on the registry, optional
 
     Request Headers:
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index ad842fe8a2..35f26c56df 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -920,11 +920,20 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
+    If you wish to push an image on to a private registry, that image must already have been tagged
+    into a repository which references that registry host name and port.  This repository name should 
+    then be used in the URL. This mirrors the flow of the CLI.
+
+    **Example request**:
+
+        POST /images/registry.acme.com:5000/test/push HTTP/1.1    
+    
+
     Query Parameters:
 
      
 
-    -   **registry** – the registry you wan to push, optional
+    -   **tag** – the tag to associate with the image on the registry, optional
 
     Request Headers:
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
index 75b56ff018..2530fb90ae 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.2.md
@@ -706,12 +706,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
index 9a4c79955d..ff6fcac944 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.3.md
@@ -755,12 +755,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
index eac0cf3f4d..77d8e15504 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.4.md
@@ -801,12 +801,6 @@ Push the image `name` on the registry
     {"status":"Pushing..."} {"status":"Pushing", "progress":"1/? (n/a)"}
     {"error":"Invalid..."} ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error :statuscode 404: no such image :statuscode
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
index 884eaae648..abf6e3397a 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.5.md
@@ -805,12 +805,6 @@ Push the image `name` on the registry
     The `X-Registry-Auth` header can be used to
     include a base64-encoded AuthConfig object.
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
index 039277fc7a..11dd45229c 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.6.md
@@ -910,12 +910,6 @@ Push the image `name` on the registry
     > The `X-Registry-Auth` header can be used to
     > include a base64-encoded AuthConfig object.
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Status Codes:
 
     -   **200** – no error :statuscode 404: no such image :statuscode
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
index 83f8176e66..10ff841799 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.7.md
@@ -828,12 +828,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Request Headers:
 
      
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
index a252bed73e..b8bc0087c8 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.8.md
@@ -870,12 +870,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Request Headers:
 
      
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
index 529699d488..38f4ca8f54 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.9.md
@@ -874,12 +874,6 @@ Push the image `name` on the registry
         {"error":"Invalid..."}
         ...
 
-    Query Parameters:
-
-     
-
-    -   **registry** – the registry you wan to push, optional
-
     Request Headers:
 
      

From 93ad6fba3d83a8c57efa185a6fd5de3cf8876095 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 1 Aug 2014 15:59:19 -0700
Subject: [PATCH 336/516] Check content type along with content length
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github:
 crosbymichael) Upstream-commit: 8266c381d62a0790c489e27cc93ed8f4618d03c7
 Component: engine

---
 components/engine/api/server/server.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index b01ce0d0d1..858dd4e4d6 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -724,15 +724,16 @@ func postContainersStart(eng *engine.Engine, version version.Version, w http.Res
 	)
 
 	// allow a nil body for backwards compatibility
-	if r.Body != nil {
+	if r.Body != nil && r.ContentLength > 0 {
 		if !api.MatchesContentType(r.Header.Get("Content-Type"), "application/json") {
-			return fmt.Errorf("Content-Type is not supported: %s", r.Header.Get("Content-Type"))
+			return fmt.Errorf("Content-Type of application/json is required")
 		}
 
 		if err := job.DecodeEnv(r.Body); err != nil {
 			return err
 		}
 	}
+
 	if err := job.Run(); err != nil {
 		if err.Error() == "Container already started" {
 			w.WriteHeader(http.StatusNotModified)

From e68d8fa768dc4a0ef9af5904d0e1bf02fce2ee18 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Fri, 1 Aug 2014 15:22:04 -0400
Subject: [PATCH 337/516] Accept vanilla Linux Foundation signoffs

This allows signing off commits with `git commit -s`

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)

Cleaned up DCO regex
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 4909a702045e621f236f5ec5470c8a9ec7fd7022
Component: engine
---
 components/engine/contrib/prepare-commit-msg.hook | 10 ----------
 components/engine/hack/make/validate-dco          |  4 ++--
 2 files changed, 2 insertions(+), 12 deletions(-)
 delete mode 100644 components/engine/contrib/prepare-commit-msg.hook

diff --git a/components/engine/contrib/prepare-commit-msg.hook b/components/engine/contrib/prepare-commit-msg.hook
deleted file mode 100644
index c9389fb6d2..0000000000
--- a/components/engine/contrib/prepare-commit-msg.hook
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-#       Auto sign all commits to allow them to be used by the Docker project.
-#       see https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work
-#
-GH_USER=$(git config --get github.user)
-SOB=$(git var GIT_AUTHOR_IDENT | sed -n "s/^\(.*>\).*$/Docker-DCO-1.1-Signed-off-by: \1 \(github: $GH_USER\)/p")
-grep -qs "^$SOB" "$1" || { 
-	echo 
-	echo "$SOB" 
-} >> "$1"
diff --git a/components/engine/hack/make/validate-dco b/components/engine/hack/make/validate-dco
index 8f3bfc317a..1c75d91bfa 100644
--- a/components/engine/hack/make/validate-dco
+++ b/components/engine/hack/make/validate-dco
@@ -13,8 +13,8 @@ notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')"
 githubUsernameRegex='[a-zA-Z0-9][a-zA-Z0-9-]+'
 
 # https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work
-dcoPrefix='Docker-DCO-1.1-Signed-off-by:'
-dcoRegex="^$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)> \\(github: ($githubUsernameRegex)\\)$"
+dcoPrefix='Signed-off-by:'
+dcoRegex="^(Docker-DCO-1.1-)?$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)>( \\(github: ($githubUsernameRegex)\\))?$"
 
 check_dco() {
 	grep -qE "$dcoRegex"

From 946ba40611d08b1f2e3e35b9fb1b31e0e0ed70dd Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Fri, 1 Aug 2014 15:23:09 -0400
Subject: [PATCH 338/516] Update CONTRIBUTING.md and test new DCO signature in
 this commit

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 6b04d597ee759ec72f95f9bde58716eda8495519
Component: engine
---
 components/engine/CONTRIBUTING.md | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 1d1daaf83e..7e190009f7 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -208,18 +208,16 @@ By making a contribution to this project, I certify that:
 
 Then you just add a line to every git commit message:
 
-    Docker-DCO-1.1-Signed-off-by: Joe Smith <joe.smith@email.com> (github: github_handle)
+    Signed-off-by: Joe Smith <joe.smith@email.com>
 
 Using your real name (sorry, no pseudonyms or anonymous contributions.)
 
-One way to automate this, is customize your git `commit.template` by adding
-a `prepare-commit-msg` hook to your Docker repository:
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.
 
-```
-curl -sSL -o .git/hooks/prepare-commit-msg https://raw.githubusercontent.com/docker/docker/master/contrib/prepare-commit-msg.hook && chmod +x .git/hooks/prepare-commit-msg
-```
-
-* Note: the above script expects to find your GitHub user name in `git config --get github.user`
+Note that the old-style `Docker-DCO-1.1-Signed-off-by: ...` format is still
+accepted, so there is no need to update outstanding pull requests to the new
+format right away, but please do adjust your processes for future contributions.
 
 #### Small patch exception
 

From 5c55cb76699ad5c77469fd55b8aced436857f186 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 2 Aug 2014 01:35:04 -0600
Subject: [PATCH 339/516] Purge the bits of pkg/system that moved to
 libcontainer/system

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 60341f80d7b7918d1c1eff7c38cbc55c9bdec4d9
Component: engine
---
 .../daemon/execdriver/lxc/lxc_init_linux.go   |   2 +-
 .../engine/daemon/execdriver/native/driver.go |  10 +-
 components/engine/pkg/system/calls_linux.go   | 185 ------------------
 components/engine/pkg/system/fds_linux.go     |  38 ----
 .../engine/pkg/system/fds_unsupported.go      |  12 --
 components/engine/pkg/system/proc.go          |  26 ---
 components/engine/pkg/system/pty_linux.go     |  58 ------
 components/engine/pkg/system/setns_linux.go   |  27 ---
 .../engine/pkg/system/sysconfig_nocgo.go      |   9 -
 components/engine/pkg/system/unsupported.go   |  38 ----
 10 files changed, 7 insertions(+), 398 deletions(-)
 delete mode 100644 components/engine/pkg/system/calls_linux.go
 delete mode 100644 components/engine/pkg/system/fds_linux.go
 delete mode 100644 components/engine/pkg/system/fds_unsupported.go
 delete mode 100644 components/engine/pkg/system/proc.go
 delete mode 100644 components/engine/pkg/system/pty_linux.go
 delete mode 100644 components/engine/pkg/system/setns_linux.go
 delete mode 100644 components/engine/pkg/system/sysconfig_nocgo.go
 delete mode 100644 components/engine/pkg/system/unsupported.go

diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index a11b0f056c..92c96cc30e 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -9,9 +9,9 @@ import (
 
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/execdriver/native/template"
-	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/security/capabilities"
+	"github.com/docker/libcontainer/system"
 	"github.com/docker/libcontainer/utils"
 )
 
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 51767a99d6..22c6606c0d 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -15,14 +15,15 @@ import (
 	"syscall"
 
 	"github.com/docker/docker/daemon/execdriver"
-	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/docker/libcontainer/cgroups/systemd"
+	consolepkg "github.com/docker/libcontainer/console"
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/syncpipe"
+	"github.com/docker/libcontainer/system"
 )
 
 const (
@@ -143,8 +144,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		}, args...)
 
 		// set this to nil so that when we set the clone flags anything else is reset
-		c.SysProcAttr = nil
-		system.SetCloneFlags(&c.Cmd, uintptr(namespaces.GetNamespaceFlags(container.Namespaces)))
+		c.SysProcAttr = &syscall.SysProcAttr{
+			Cloneflags: uintptr(namespaces.GetNamespaceFlags(container.Namespaces)),
+		}
 		c.ExtraFiles = []*os.File{child}
 
 		c.Env = container.Env
@@ -285,7 +287,7 @@ type TtyConsole struct {
 }
 
 func NewTtyConsole(command *execdriver.Command, pipes *execdriver.Pipes) (*TtyConsole, error) {
-	ptyMaster, console, err := system.CreateMasterAndConsole()
+	ptyMaster, console, err := consolepkg.CreateMasterAndConsole()
 	if err != nil {
 		return nil, err
 	}
diff --git a/components/engine/pkg/system/calls_linux.go b/components/engine/pkg/system/calls_linux.go
deleted file mode 100644
index 125fd25956..0000000000
--- a/components/engine/pkg/system/calls_linux.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package system
-
-import (
-	"os/exec"
-	"syscall"
-	"unsafe"
-)
-
-func Chroot(dir string) error {
-	return syscall.Chroot(dir)
-}
-
-func Chdir(dir string) error {
-	return syscall.Chdir(dir)
-}
-
-func Exec(cmd string, args []string, env []string) error {
-	return syscall.Exec(cmd, args, env)
-}
-
-func Execv(cmd string, args []string, env []string) error {
-	name, err := exec.LookPath(cmd)
-	if err != nil {
-		return err
-	}
-	return Exec(name, args, env)
-}
-
-func Fork() (int, error) {
-	syscall.ForkLock.Lock()
-	pid, _, err := syscall.Syscall(syscall.SYS_FORK, 0, 0, 0)
-	syscall.ForkLock.Unlock()
-	if err != 0 {
-		return -1, err
-	}
-	return int(pid), nil
-}
-
-func Mount(source, target, fstype string, flags uintptr, data string) error {
-	return syscall.Mount(source, target, fstype, flags, data)
-}
-
-func Unmount(target string, flags int) error {
-	return syscall.Unmount(target, flags)
-}
-
-func Pivotroot(newroot, putold string) error {
-	return syscall.PivotRoot(newroot, putold)
-}
-
-func Unshare(flags int) error {
-	return syscall.Unshare(flags)
-}
-
-func Clone(flags uintptr) (int, error) {
-	syscall.ForkLock.Lock()
-	pid, _, err := syscall.RawSyscall(syscall.SYS_CLONE, flags, 0, 0)
-	syscall.ForkLock.Unlock()
-	if err != 0 {
-		return -1, err
-	}
-	return int(pid), nil
-}
-
-func UsetCloseOnExec(fd uintptr) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_SETFD, 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func Setgroups(gids []int) error {
-	return syscall.Setgroups(gids)
-}
-
-func Setresgid(rgid, egid, sgid int) error {
-	return syscall.Setresgid(rgid, egid, sgid)
-}
-
-func Setresuid(ruid, euid, suid int) error {
-	return syscall.Setresuid(ruid, euid, suid)
-}
-
-func Setgid(gid int) error {
-	return syscall.Setgid(gid)
-}
-
-func Setuid(uid int) error {
-	return syscall.Setuid(uid)
-}
-
-func Sethostname(name string) error {
-	return syscall.Sethostname([]byte(name))
-}
-
-func Setsid() (int, error) {
-	return syscall.Setsid()
-}
-
-func Ioctl(fd uintptr, flag, data uintptr) error {
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func Closefd(fd uintptr) error {
-	return syscall.Close(int(fd))
-}
-
-func Dup2(fd1, fd2 uintptr) error {
-	return syscall.Dup2(int(fd1), int(fd2))
-}
-
-func Mknod(path string, mode uint32, dev int) error {
-	return syscall.Mknod(path, mode, dev)
-}
-
-func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) error {
-	if _, _, err := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func ParentDeathSignal(sig uintptr) error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func GetParentDeathSignal() (int, error) {
-	var sig int
-
-	_, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0)
-
-	if err != 0 {
-		return -1, err
-	}
-
-	return sig, nil
-}
-
-func SetKeepCaps() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 {
-		return err
-	}
-
-	return nil
-}
-
-func ClearKeepCaps() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 {
-		return err
-	}
-
-	return nil
-}
-
-func Setctty() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func Mkfifo(name string, mode uint32) error {
-	return syscall.Mkfifo(name, mode)
-}
-
-func Umask(mask int) int {
-	return syscall.Umask(mask)
-}
-
-func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
-	if cmd.SysProcAttr == nil {
-		cmd.SysProcAttr = &syscall.SysProcAttr{}
-	}
-	cmd.SysProcAttr.Cloneflags = flag
-}
-
-func Gettid() int {
-	return syscall.Gettid()
-}
diff --git a/components/engine/pkg/system/fds_linux.go b/components/engine/pkg/system/fds_linux.go
deleted file mode 100644
index 53d2299d3e..0000000000
--- a/components/engine/pkg/system/fds_linux.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package system
-
-import (
-	"io/ioutil"
-	"strconv"
-	"syscall"
-)
-
-// Works similarly to OpenBSD's "closefrom(2)":
-//   The closefrom() call deletes all descriptors numbered fd and higher from
-//   the per-process file descriptor table.  It is effectively the same as
-//   calling close(2) on each descriptor.
-// http://www.openbsd.org/cgi-bin/man.cgi?query=closefrom&sektion=2
-//
-// See also http://stackoverflow.com/a/918469/433558
-func CloseFdsFrom(minFd int) error {
-	fdList, err := ioutil.ReadDir("/proc/self/fd")
-	if err != nil {
-		return err
-	}
-	for _, fi := range fdList {
-		fd, err := strconv.Atoi(fi.Name())
-		if err != nil {
-			// ignore non-numeric file names
-			continue
-		}
-
-		if fd < minFd {
-			// ignore descriptors lower than our specified minimum
-			continue
-		}
-
-		// intentionally ignore errors from syscall.Close
-		syscall.Close(fd)
-		// the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall)
-	}
-	return nil
-}
diff --git a/components/engine/pkg/system/fds_unsupported.go b/components/engine/pkg/system/fds_unsupported.go
deleted file mode 100644
index c1e08e82d3..0000000000
--- a/components/engine/pkg/system/fds_unsupported.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build !linux
-
-package system
-
-import (
-	"fmt"
-	"runtime"
-)
-
-func CloseFdsFrom(minFd int) error {
-	return fmt.Errorf("CloseFdsFrom is unsupported on this platform (%s/%s)", runtime.GOOS, runtime.GOARCH)
-}
diff --git a/components/engine/pkg/system/proc.go b/components/engine/pkg/system/proc.go
deleted file mode 100644
index a492346c7f..0000000000
--- a/components/engine/pkg/system/proc.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package system
-
-import (
-	"io/ioutil"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-// look in /proc to find the process start time so that we can verify
-// that this pid has started after ourself
-func GetProcessStartTime(pid int) (string, error) {
-	data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
-	if err != nil {
-		return "", err
-	}
-	parts := strings.Split(string(data), " ")
-	// the starttime is located at pos 22
-	// from the man page
-	//
-	// starttime %llu (was %lu before Linux 2.6)
-	// (22)  The  time the process started after system boot.  In kernels before Linux 2.6, this
-	// value was expressed in jiffies.  Since Linux 2.6, the value is expressed in  clock  ticks
-	// (divide by sysconf(_SC_CLK_TCK)).
-	return parts[22-1], nil // starts at 1
-}
diff --git a/components/engine/pkg/system/pty_linux.go b/components/engine/pkg/system/pty_linux.go
deleted file mode 100644
index ca588d8ce9..0000000000
--- a/components/engine/pkg/system/pty_linux.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-// Unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// Unlockpt should be called before opening the slave side of a pseudoterminal.
-func Unlockpt(f *os.File) error {
-	var u int
-	return Ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
-}
-
-// Ptsname retrieves the name of the first available pts for the given master.
-func Ptsname(f *os.File) (string, error) {
-	var n int
-
-	if err := Ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("/dev/pts/%d", n), nil
-}
-
-// CreateMasterAndConsole will open /dev/ptmx on the host and retreive the
-// pts name for use as the pty slave inside the container
-func CreateMasterAndConsole() (*os.File, string, error) {
-	master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
-	if err != nil {
-		return nil, "", err
-	}
-	console, err := Ptsname(master)
-	if err != nil {
-		return nil, "", err
-	}
-	if err := Unlockpt(master); err != nil {
-		return nil, "", err
-	}
-	return master, console, nil
-}
-
-// OpenPtmx opens /dev/ptmx, i.e. the PTY master.
-func OpenPtmx() (*os.File, error) {
-	// O_NOCTTY and O_CLOEXEC are not present in os package so we use the syscall's one for all.
-	return os.OpenFile("/dev/ptmx", syscall.O_RDONLY|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
-}
-
-// OpenTerminal is a clone of os.OpenFile without the O_CLOEXEC
-// used to open the pty slave inside the container namespace
-func OpenTerminal(name string, flag int) (*os.File, error) {
-	r, e := syscall.Open(name, flag, 0)
-	if e != nil {
-		return nil, &os.PathError{"open", name, e}
-	}
-	return os.NewFile(uintptr(r), name), nil
-}
diff --git a/components/engine/pkg/system/setns_linux.go b/components/engine/pkg/system/setns_linux.go
deleted file mode 100644
index 2b6f9e77ec..0000000000
--- a/components/engine/pkg/system/setns_linux.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"runtime"
-	"syscall"
-)
-
-// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092
-//
-// We need different setns values for the different platforms and arch
-// We are declaring the macro here because the SETNS syscall does not exist in th stdlib
-var setNsMap = map[string]uintptr{
-	"linux/amd64": 308,
-}
-
-func Setns(fd uintptr, flags uintptr) error {
-	ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)]
-	if !exists {
-		return ErrNotSupportedPlatform
-	}
-	_, _, err := syscall.RawSyscall(ns, fd, flags, 0)
-	if err != 0 {
-		return err
-	}
-	return nil
-}
diff --git a/components/engine/pkg/system/sysconfig_nocgo.go b/components/engine/pkg/system/sysconfig_nocgo.go
deleted file mode 100644
index 7ca3488154..0000000000
--- a/components/engine/pkg/system/sysconfig_nocgo.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build linux,!cgo
-
-package system
-
-func GetClockTicks() int {
-	// when we cannot call out to C to get the sysconf it is fairly safe to
-	// just return 100
-	return 100
-}
diff --git a/components/engine/pkg/system/unsupported.go b/components/engine/pkg/system/unsupported.go
deleted file mode 100644
index aea4b69f97..0000000000
--- a/components/engine/pkg/system/unsupported.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build !linux
-
-package system
-
-import (
-	"os"
-	"os/exec"
-)
-
-func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
-
-}
-
-func UsetCloseOnExec(fd uintptr) error {
-	return ErrNotSupportedPlatform
-}
-
-func Gettid() int {
-	return 0
-}
-
-func GetClockTicks() int {
-	// when we cannot call out to C to get the sysconf it is fairly safe to
-	// just return 100
-	return 100
-}
-
-func CreateMasterAndConsole() (*os.File, string, error) {
-	return nil, "", ErrNotSupportedPlatform
-}
-
-func SetKeepCaps() error {
-	return ErrNotSupportedPlatform
-}
-
-func ClearKeepCaps() error {
-	return ErrNotSupportedPlatform
-}

From 7751a70b6e247373bb3e8ecd387095cbed2b4476 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Sun, 3 Aug 2014 12:28:25 +0400
Subject: [PATCH 340/516] Fix example of relative WORKDIR

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 5514afcd88d40a7a9321a966292e9f724eeafc36
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 730d176efb..73f48b8248 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -444,7 +444,10 @@ It can be used multiple times in the one `Dockerfile`. If a relative path
 is provided, it will be relative to the path of the previous `WORKDIR`
 instruction. For example:
 
-    WORKDIR /a WORKDIR b WORKDIR c RUN pwd
+    WORKDIR /a
+    WORKDIR b
+    WORKDIR c
+    RUN pwd
 
 The output of the final `pwd` command in this Dockerfile would be
 `/a/b/c`.

From 2b2d92d684db3a79190ac6874efbadc15ae159b2 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Tue, 8 Jul 2014 21:10:28 +0400
Subject: [PATCH 341/516] Remove redundant checks in runconfig.Merge

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 7dba5024e8cf152f8a597dd177485dbf9001ae58
Component: engine
---
 components/engine/runconfig/merge.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/components/engine/runconfig/merge.go b/components/engine/runconfig/merge.go
index 290d5f3189..1c81d25ba6 100644
--- a/components/engine/runconfig/merge.go
+++ b/components/engine/runconfig/merge.go
@@ -20,7 +20,7 @@ func Merge(userConf, imageConf *Config) error {
 	if userConf.CpuShares == 0 {
 		userConf.CpuShares = imageConf.CpuShares
 	}
-	if userConf.ExposedPorts == nil || len(userConf.ExposedPorts) == 0 {
+	if len(userConf.ExposedPorts) == 0 {
 		userConf.ExposedPorts = imageConf.ExposedPorts
 	} else if imageConf.ExposedPorts != nil {
 		if userConf.ExposedPorts == nil {
@@ -33,7 +33,7 @@ func Merge(userConf, imageConf *Config) error {
 		}
 	}
 
-	if userConf.PortSpecs != nil && len(userConf.PortSpecs) > 0 {
+	if len(userConf.PortSpecs) > 0 {
 		if userConf.ExposedPorts == nil {
 			userConf.ExposedPorts = make(nat.PortSet)
 		}
@@ -48,7 +48,7 @@ func Merge(userConf, imageConf *Config) error {
 		}
 		userConf.PortSpecs = nil
 	}
-	if imageConf.PortSpecs != nil && len(imageConf.PortSpecs) > 0 {
+	if len(imageConf.PortSpecs) > 0 {
 		// FIXME: I think we can safely remove this. Leaving it for now for the sake of reverse-compat paranoia.
 		utils.Debugf("Migrating image port specs to containter: %s", strings.Join(imageConf.PortSpecs, ", "))
 		if userConf.ExposedPorts == nil {
@@ -66,7 +66,7 @@ func Merge(userConf, imageConf *Config) error {
 		}
 	}
 
-	if userConf.Env == nil || len(userConf.Env) == 0 {
+	if len(userConf.Env) == 0 {
 		userConf.Env = imageConf.Env
 	} else {
 		for _, imageEnv := range imageConf.Env {
@@ -84,16 +84,16 @@ func Merge(userConf, imageConf *Config) error {
 		}
 	}
 
-	if userConf.Cmd == nil || len(userConf.Cmd) == 0 {
+	if len(userConf.Cmd) == 0 {
 		userConf.Cmd = imageConf.Cmd
 	}
-	if userConf.Entrypoint == nil || len(userConf.Entrypoint) == 0 {
+	if len(userConf.Entrypoint) == 0 {
 		userConf.Entrypoint = imageConf.Entrypoint
 	}
 	if userConf.WorkingDir == "" {
 		userConf.WorkingDir = imageConf.WorkingDir
 	}
-	if userConf.Volumes == nil || len(userConf.Volumes) == 0 {
+	if len(userConf.Volumes) == 0 {
 		userConf.Volumes = imageConf.Volumes
 	} else {
 		for k, v := range imageConf.Volumes {

From 3ee2b7b6cb003d3f6c8797a32b909dda93377b79 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Tue, 8 Jul 2014 21:37:20 +0400
Subject: [PATCH 342/516] Cleanup Cmd on ENTRYPOINT instruction

Fixes #5147
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 1b6546b8407ce0fa41340efefc081beadf26d41c
Component: engine
---
 components/engine/builder/builder.go          |  8 ++++
 .../integration-cli/docker_cli_build_test.go  | 37 ++++++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index fb344e97e3..a8c8d58d14 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -70,6 +70,9 @@ type buildFile struct {
 	// Deprecated, original writer used for ImagePull. To be removed.
 	outOld io.Writer
 	sf     *utils.StreamFormatter
+
+	// cmdSet indicates is CMD was setted in current Dockerfile
+	cmdSet bool
 }
 
 func (b *buildFile) clearTmp(containers map[string]struct{}) {
@@ -306,12 +309,17 @@ func (b *buildFile) CmdCmd(args string) error {
 	if err := b.commit("", b.config.Cmd, fmt.Sprintf("CMD %v", cmd)); err != nil {
 		return err
 	}
+	b.cmdSet = true
 	return nil
 }
 
 func (b *buildFile) CmdEntrypoint(args string) error {
 	entrypoint := b.buildCmdFromJson(args)
 	b.config.Entrypoint = entrypoint
+	// if there is no cmd in current Dockerfile - cleanup cmd
+	if !b.cmdSet {
+		b.config.Cmd = nil
+	}
 	if err := b.commit("", b.config.Cmd, fmt.Sprintf("ENTRYPOINT %v", entrypoint)); err != nil {
 		return err
 	}
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 57d004ea80..05ad5476f2 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1310,8 +1310,8 @@ func TestBuildEntrypointRunCleanup(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	// Cmd inherited from busybox, maybe will be fixed in #5147
-	if expected := "[/bin/sh]"; res != expected {
+	// Cmd must be cleaned up
+	if expected := "<no value>"; res != expected {
 		t.Fatalf("Cmd %s, expected %s", res, expected)
 	}
 	logDone("build - cleanup cmd after RUN")
@@ -1875,3 +1875,36 @@ func TestBuildFromGIT(t *testing.T) {
 	}
 	logDone("build - build from GIT")
 }
+
+func TestBuildCleanupCmdOnEntrypoint(t *testing.T) {
+	name := "testbuildcmdcleanuponentrypoint"
+	defer deleteImages(name)
+	if _, err := buildImage(name,
+		`FROM scratch
+        CMD ["test"]
+		ENTRYPOINT ["echo"]`,
+		true); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := buildImage(name,
+		fmt.Sprintf(`FROM %s
+		ENTRYPOINT ["cat"]`, name),
+		true); err != nil {
+		t.Fatal(err)
+	}
+	res, err := inspectField(name, "Config.Cmd")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if expected := "<no value>"; res != expected {
+		t.Fatalf("Cmd %s, expected %s", res, expected)
+	}
+	res, err = inspectField(name, "Config.Entrypoint")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if expected := "[cat]"; res != expected {
+		t.Fatalf("Entrypoint %s, expected %s", res, expected)
+	}
+	logDone("build - cleanup cmd on ENTRYPOINT")
+}

From c9f0913ee9a4d0fcbb68ba704b66d6729f564026 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 10 Jul 2014 09:46:11 +0400
Subject: [PATCH 343/516] Inherit Cmd only if no --entrypoint specified on run

Fixes #5147
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: aa2d6dbc0c64efb515646dd2d339ff857c94c3b7
Component: engine
---
 components/engine/builder/builder.go          |  5 ++--
 .../integration-cli/docker_cli_run_test.go    | 26 +++++++++++++++++++
 components/engine/runconfig/merge.go          |  6 ++---
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go
index a8c8d58d14..45f964daf6 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/builder/builder.go
@@ -71,7 +71,7 @@ type buildFile struct {
 	outOld io.Writer
 	sf     *utils.StreamFormatter
 
-	// cmdSet indicates is CMD was setted in current Dockerfile
+	// cmdSet indicates is CMD was set in current Dockerfile
 	cmdSet bool
 }
 
@@ -202,7 +202,8 @@ func (b *buildFile) CmdRun(args string) error {
 	}
 
 	cmd := b.config.Cmd
-	b.config.Cmd = nil
+	// set Cmd manually, this is special case only for Dockerfiles
+	b.config.Cmd = config.Cmd
 	runconfig.Merge(b.config, config)
 
 	defer func(cmd []string) { b.config.Cmd = cmd }(cmd)
diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index d02ebb54e6..2cfef2acb9 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1454,3 +1454,29 @@ func TestCopyVolumeContent(t *testing.T) {
 		t.Fatal("Container failed to transfer content to volume")
 	}
 }
+
+func TestRunCleanupCmdOnEntrypoint(t *testing.T) {
+	name := "testrunmdcleanuponentrypoint"
+	defer deleteImages(name)
+	defer deleteAllContainers()
+	if _, err := buildImage(name,
+		`FROM busybox
+		ENTRYPOINT ["echo"]
+        CMD ["testingpoint"]`,
+		true); err != nil {
+		t.Fatal(err)
+	}
+	runCmd := exec.Command(dockerBinary, "run", "--entrypoint", "whoami", name)
+	out, exit, err := runCommandWithOutput(runCmd)
+	if err != nil {
+		t.Fatalf("Error: %v, out: %q", err, out)
+	}
+	if exit != 0 {
+		t.Fatalf("expected exit code 0 received %d, out: %q", exit, out)
+	}
+	out = strings.TrimSpace(out)
+	if out != "root" {
+		t.Fatalf("Expected output root, got %q", out)
+	}
+	logDone("run - cleanup cmd on --entrypoint")
+}
diff --git a/components/engine/runconfig/merge.go b/components/engine/runconfig/merge.go
index 1c81d25ba6..8b1428ed3b 100644
--- a/components/engine/runconfig/merge.go
+++ b/components/engine/runconfig/merge.go
@@ -84,10 +84,10 @@ func Merge(userConf, imageConf *Config) error {
 		}
 	}
 
-	if len(userConf.Cmd) == 0 {
-		userConf.Cmd = imageConf.Cmd
-	}
 	if len(userConf.Entrypoint) == 0 {
+		if len(userConf.Cmd) == 0 {
+			userConf.Cmd = imageConf.Cmd
+		}
 		userConf.Entrypoint = imageConf.Entrypoint
 	}
 	if userConf.WorkingDir == "" {

From 40ff72d2d05ef333482533fb87f77c6812d7524a Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Mon, 4 Aug 2014 21:27:28 +0400
Subject: [PATCH 344/516] Print about "copy volume content" test passing

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 825ca10dfdaedfef17d92d898208c6f7e6dcb8e5
Component: engine
---
 components/engine/integration-cli/docker_cli_run_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index d02ebb54e6..548943f2f6 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1453,4 +1453,5 @@ func TestCopyVolumeContent(t *testing.T) {
 	if !(strings.Contains(out, "/hello/local/world") && strings.Contains(out, "/hello/local")) {
 		t.Fatal("Container failed to transfer content to volume")
 	}
+	logDone("run - copy volume content")
 }

From 98b67bd13abeb83cdade9a33581b18a0029a8449 Mon Sep 17 00:00:00 2001
From: Hollie Teal <hollie.teal@docker.com>
Date: Mon, 4 Aug 2014 11:12:01 -0700
Subject: [PATCH 345/516] Added "Github Submodules" section to Automated Builds
 doc.

Signed-off-by: Hollie Teal <hollie.teal@docker.com>
Upstream-commit: bafad8cdc444744069ef005f83bb328c6f8e3b16
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  |  28 ++++++++++++++++++
 .../docker-hub/hub-images/deploy_key.png      | Bin 0 -> 162811 bytes
 .../hub-images/github_deploy_key.png          | Bin 0 -> 80447 bytes
 3 files changed, 28 insertions(+)
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/deploy_key.png
 create mode 100644 components/engine/docs/sources/docker-hub/hub-images/github_deploy_key.png

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index bbca826e45..937912ec71 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -58,6 +58,34 @@ Automatic Build.
 You can [create an Automated Build](https://registry.hub.docker.com/builds/github/select/)
 from any of your public or private GitHub repositories with a `Dockerfile`.
 
+### Github Submodules
+
+If your repository contains links to private submodules, you'll need to add a deploy key so that the Docker Hub will be able to clone the repository from Github. 
+
+Your Docker Hub deploy key is located under the "Build Details" menu on the automated build's main page in the Hub. Add this key to your GitHub submodule by viewing the Settings page for the repository on GitHub and selecting "Deploy keys".
+
+<table class="table table-bordered">
+  <thead>
+    <tr>
+      <th>Step</th>
+      <th>Screenshot</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>1.</td>
+      <td><img src="/docker-hub/hub-images/deploy_key.png"></td>
+      <td>Your automated build's deploy key is in the "Build Details" menu under "Deploy keys".</td>
+    </tr>
+    <tr>
+      <td>2.</td>
+      <td><img src="/docker-hub/hub-images/github_deploy_key.png"></td>
+      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub automated build.</td>
+    </tr>
+  </tbody>
+</table>
+     
 ### GitHub organizations
 
 GitHub organizations will appear once your membership to that organization is
diff --git a/components/engine/docs/sources/docker-hub/hub-images/deploy_key.png b/components/engine/docs/sources/docker-hub/hub-images/deploy_key.png
new file mode 100644
index 0000000000000000000000000000000000000000..c4377bba9b66f452ee62f1c9c635de925e61ffe5
GIT binary patch
literal 162811
zcmeFZRX`j|*ESj~M34{y1PBn^Aq004ELd=N65QP-A;BfMyEDMxZo%D$!CeQJ8DOw8
zdH?ghd+&d9?$5<{K~pr{B~LAR)~c!wR`@K5`Hbk<qeqW0r9O!%J$i)B@aPfh%oAk9
zozX~e1mf3IyHA>qj~?Mu|M@|ZQldJ3^ho59l-LIqH>CYVbhkI4mhzJ*>Qav?Du701
zNXl33T4Q2vJJz=zQtgSvvhAzSe|7w9r~disrOn5u4L=k<nmvB=#)FNkp1=-i!7hd=
z#{}RCxHz&(nw_OESJ#qi0=VV`3bH#wj_6JyKz37s#>Pe}y(e$|9wGnjf`RhwG-P1z
zIh2%?)V^X|NGRFxol!v0pJ(26A(Q^l4|IEMMv8>`LgdkZF9t8rPDk--YidFt`y-=#
z6#f3R11noljvP^Qr=s8So?WVQPuM?OF-5v1nptIPpTYT4&to~nQ<;jBFaF+>w|;(A
zPpWHbKvQ~VRu<F1AI|YM<JkXcxDNO24a7xx!0+$9_^Utdyr>d9lH5CJ|E%u6Jy@|p
z{-M8UEkTI=@B=)-k5<)blb$qw`|m6N0O^oM<Px-K5_|H0VfX+3=@;|lg^zP|a3=BJ
zaQ)k(|J(fkufg|Ah&j)hx2aAzTz0P1a&=c35U*PM-Z-e4e!B_2VvgpZVDnzhJ^qcs
z=$a~2PFvS1Gl8mGd7Qm+2;cVFp5J@#O2+i^YgWJcSqvq~%<pf2*>7pN4F6D={}I*4
zTJ5`?Kx^^dX9Ijr7!7EiIks&AWyH|~sb>v8b=Qm>7k)~uW-V?I1x-R5H1itfSk!t(
z8|j99-zLBQ#iuQE%Kp4M>Y!|TO(;-bo1uzbhDe-RQED=Kvw}Z&3yH8wl(B}-C9qb+
z_#r_oV_rF5RhPFVlbQ&)s0Kby5xR$s$P_@Zhwk<^cj=`L)^Zcv$Tkwp6p4L6u=Y4T
z2VYLg=Ie!n1zRlNtWb|$HyWJ`3dt4{MaPUL4l}gUNbj-a0`i9jT0ro6DCL~QZ(PmI
zV*APjT}2F!;&bWAbZ_YGEvGkZOuVHg52R=tIJL0Nf~oZZ@P({;+Wg6X?aTkb^+Kfm
z3N6(K3P4*e8g-R#U7t|I-{v(0`q9{oN7~laDPUiPTl$jdI%0?O^;56Uq~(e_p*&Oz
zA*v4R4THOi?SjV^3=emI-Li;*iN0-Yiizv#@yYXukT<yd%L%_UWpot{-Q~VmrWDY;
zWpZ$G`lZjhXjU}9N)NQ0D4T&|zv1L#k=V~0TLffP)>qeRsj#?vTwkL}iuIsgJI(jQ
zdL}xe2l&2h)f-r<*41%Hr4zAs&P_!`pEcms5D17yE3a1*qgB^&J3E;PcnicG`NLol
z5m^0_%Qk~QJEDzHv<%#=oOJx6<+bZYPouT8FmudptzU>*nJ0KTS!+&Py{WNwB==Za
zEgA>YJniXtd0;?od*5E3P8g0^q~tPdk+SDL?eV6mSTp(|0qE2cA^GfR5meS**quY{
zVhRe?<4WUiF0fkYP^>*j9ZRe-AB<XHz-dr!!}16eW72DI`uNK_?vs+tNtV2eaROHn
z<5j*4ZnM*-${yQ9yyJYGSDa><%|-PL8JCcC4~QUK6-+TfaEk3!$q1CV4`Ksx9z`iK
zvd2>;_oyQDgxgj~Qvq0}soi7yb!Z?=+`f3ow65ja{o4$-dez$W-ug3_dsFoaAA-d)
zGgcfQ>)}}#P!}&d)Ac5d-+6VvC)FAV89|MZN*_~nt1lM^5m>+X8mb4xk3M@*6h8?p
z6Q()p2ehbo*@3IjYl6GF)k}V1C4)*@-s*9UiXWz9bESc5h3se7>i2DH3Cy;2p{KH`
zZ7U(MW}qaS7?)Y;+99pTFKraOh4W>0NDqjSLE_UHBCj_d@e<}Y-Or;px-*w;=DdFg
z2sy`++<*gsOh&-DXzLn0?PYgcQ=c?UP*C}5L;_bzw_eSrfEMfi!lih=l&qS%{%sT(
z>}yWs396g4KfDA3t*+I4Gw*H1w_x10+QBU$0BhB}jIw2wl7U5!yU>IsUJF7`Jk8|d
z5MizRae8OjDTT4B_m<ZHhke!5v-2q-OPTA`_qQ@7uAJT=f(?xxJ@NQ~?^VFonkv~`
zzLa6nDhEvFQW7=GT1yr_Elk~kxz<4n7=sq1Z@$h_+vlk1(Y!I^ERUsNgs#a7$pZs_
zgw*fc0i3fl?Av5qKabfO*M$F0aBq<{@Ei#UZ#W%3iPrx*MICBt%=B3*7#8>3C3UV9
zq}8m{TIOpjP~nrnwNdE%Gg3;U!78GVmR_kyvem?m)#KuTiMM2rP}qKdAkHy<BslUH
znH@;Q4ssi_>5w$havfVuV?QwyH)z6~mcc_KMobQBVX;z_n6o$Oj6ahu;rQybkZtT(
zro*MmnVnBU+*bZ1jEh95kc0f{`YM8Sc0T=SKt5-%IqrK|{-bdf_)<P)wEq4E+v=B|
zAB-}BP00Q+JwceyB;*K5tmsO8_Lg;=uFwjGlRS)jQe}F6($$#wICj0>Rvk&E+OLSS
zO6T<KwV9yCdWeApMEMO`2^l2DB+9Um<g{h!6_3K<DY0FetBWIQzkh$>Jninf8Z7%1
zJVi!LE1!|jb`3g!i|3W<@AC@oR;uvk#9dTfzu$aaX6n&{dG-Z^%~DZbccd2V?79aC
z#Ur`QpR#*XZv=|Ny>Ujjmnw?k$FhYR_y%*CXn3vI&3;`(=^`4exwzlcGY9LmjlD~?
zFQT8AwI=h@%f!r^j!USK2{tNzhLx(4-Du7T)Ou|ibWcMin;d_2<qJ~{9U_Hx7wqNk
zN^7X-*BrK;RIxNVK{P;HsKu7}{VZ}_nD;dT6242-XKB=?k<)ps8m%97h8AImGzWK&
zl_pB^5@?CxlV%t&BFMq0&SiL#)AeZ)JmjTObWg99r!#PRD5qAd`pZsM7Re;Hr`17H
zO(AKI%^XU^gFx2!F_!v(<frO4&%R(PPum*|+MF~O*ywG;ObO$^g|x`U%>aa|d^@uD
zXds>0O4{Q|>;YlZ78awth0j?-EXiZG7%SAhr!zM;6C&9{P4N$6z>_pA+BQKgL=3Q0
z`>XF7w|7rTK}p?dCI_I{*uv4Ulnf%`moIQ$zTkZSiGW7<B2FOtS1<uRqL!$j*wCKW
zE+#v4bW#4*#gMgaeV3Zy3iS%%-wPPLFpEMlu)ApE`f=3Jxs)-zjie;DHqyB%%XjvT
z89=M}{R#U<6qmZjtoiRT@v6EdtLyicwc(2;ly4~h!7cxfp~j#@QrEsMPD`F)REvOv
z@egbsk;-*vc<I(dvd7g-N@~=W-l(yA9-<CnR5<4UF!9dQCY>LrQ>#lxQ;b7S3wH>T
zXSXhn3y9w8@x)J6rLb4BjB~*(hHWOinsLfH{mxgtw_Xs8vCmKpeUac;<w(#I7I!1s
z)dGj3m2YDmdfa`rvzXX9>Hm`5(b;^XT-HP`t{!(N9A4uvoNT@u+;bK%)d#R?xcL~f
z6I9^)>uL_na#UzcpM@{pC^(MyntgGga;=az=0<o7ErGb^xkK+9d~q_e;WZmyzmYef
zpx_C|Ue{)+UlU=_K`m@ViyPB{=s`PE<5!Br;haP+Z@CuFLV9~x_VGaQD6SWqG{eg~
z*^nAgZ0U>%|78XaDnHp8|D?+WJbo9hlC!9mS(BM-;_(Z*^HowV&1V})QNGfcG26-D
z^z~>}gY=E6jk>@y%WcUF0ADUuO@;c2#rR|IZpOP)G#udGVLkzR8kFEODS>{0IG@>9
zGcSjUAt_vcXw{UthTh!fqMUs5cmL7|mFSxsNp!RMN@yM-p$(Lu(kQkqSASj`{5E@H
zn#;Xr`iIp-V8at)b4$u;qS{%t!>r*dlTyx+KVi|o+_3?}ibo3e&b9E>1TRiNRQ2J~
z<<CvZL_V!~3>?J_95u?|e5^&%8oE%k+m@!HUS%cb4y%%4MT&|=wc@6+x!L^D7aTrU
zb78SFBAc4p0S?ZpoCU4Cr#*W|N4&sA+02T1B{Cr1b75<%4uvQxaVjk)a@8_TnafM(
zGb@($Pc@7R)?QGAuztM8^@+2psqsaS3;x*$b+Sr?8%LbrZE%}~eHWmySI>PaV>wor
zUH8j`xqNtC5Vl2UEOXi#?EbJ8{~i68gLYw>1?A%D>B$+I@6FSY-5mvS(c3Q)=D8NS
zsT_8Y61w~N&!R&rWjgCQ&)w^sJi^}xh<O|3>$|R>!{Q+w9XAW9ryZxyIpqRYN;FbE
zy#}X)RKfBXubyi-&toTcd2V`mx~n@^B&5y_GCRvnI~ElyQkNpkG|ZG`ADfeLnCNBg
z%xB1CNm5-G+rM!~%tbzO8L>~?O-uqS&s9dtrmm6LHtY}<#IZ1C``SRkPv{0Rt{J6F
zD_7Ud*p{P0Mjb~roM^Vkk8K7ZT4e+)r&-se5A1(*rgHev98@#tIX4wr!n|l@VfHFZ
z_2`lB?X$^<0EvUMPOlsP7O#$%(cK9)sLXkRutR=@w;y}gK*^d4?DV`-`h2W5R~Kf0
z5!+ZA&HW#CF7v$^1YDjjZeiLkv!|$oNP8BQ2g0QU45d9KG9jDccK%+a;@M3_i;9lp
za?r($+F6&dma1v*6rB%$(dEBNBKUToVf6Fc3=j9lH{8|?bn5Y;5EhG%9T@)mmk^l)
zwPF+CcNAJni~<3FS@n_RjdL=3@TA9OJ7J7Wqkom;NKp<j+IQdV*7}MRH2;1RU!@zX
z`C`?Qn5(6BHAh}tMWdu>c(#at;e3E=@-tj)SjPuiEg~w#s#s7Up<fZyLwZ-MpqeM7
z=~SJm2-$fxD6TEb_cdxf0N3cl3Hd?Q@Q_|!;0RF%@GdHcsRQV6H1sT3RC4&I@vvZe
zMd$R0W|dj(b%plVP1FbGu>Bav?%)`(!Mh5%a&VgRnpoQ&d@eR0647Ey1Y{arf=R{u
z7#3}iWbjQ>#1<AasTCFMF09J452_~Qh728K5F}a)@H@c8Iy<J;y!l({*#%f-^oyZ4
zhoUub)y8DDs5!J^J)+K6)p)6Q`6bG_4ODUQfQv`RsqZ|)3~L+?io88XQl?TpSL}+i
z>{d3|ZnfaWz^%R>xn;s17*L<<t0f9i1F$1xqat57Zcf|t37pS@WoT}Ha|}znzg3gn
zvc9(>Wpnez118Ym_0#&}Efl!sGigmB_Ok;~)qH;JowDu`xkw(U@lO`ro8hJHs?Pj^
zu0W6JZIkrDQl<C-II|v4*7noLG*0TZDRsEVDa_iJjordTTBTei!&)h_0!y{26rJ10
z?LD7`w1Y~ysj>^KVd16dP&K22Y%+^PaWF9%dE71oLDI4iKc9z}PGV$%in?07d#zF{
zXj!>U@Z&)Dmka!_yIe5`Jgu9Z-^cAIdnG+;)iMO4)fvz&P<rL0oQ6vDF0F3)b9%bu
zq)2BK^*v6%D*jv$Q~x?qVz=%FEn4%}2Af`cN~Oo(mvCSYOGgigK}K~F>*m%gbZd)A
zVM3NB!^OSn_=ju06Yq$L1OH_*5vqIp!cI1`jErQbrEqplDHJ)~kv%^{&sR1=r5M<|
z?6lqmULKiP+F+GRs{sXKLr8Uvhq9$c>zzKz%ji36wnVqN8ecIIJ3_I?EdUIH<??#w
z7A4Xt(O};m-=hJ0pe@Hjp}xM7M`jn5Z-VJe4Pn(r_6eAo7z#WH(7t7SF4L9Z)qhMX
zv`f*sRO7Q-$5iIyoIvhqy?V9ya~qV@g#4wo?wz7{zVB{C<@XyBv@3{o<4v|rv-EB=
z2Mw<Z!&qQGzeREN#Ox+PkJjwa?+=byhaor%=Orh7q}u&unv=DL&im%8r#`QHY<_+G
zOPT*$dYzB_xlIW;IQfF)z|d7LV+yeKI>UZ*w`hPU(Pyvpc|inLdFoPoUm~NLuCQ<q
z_%wQxa8%LJr`p10;?ot9oHUkv+qto0J}M+qu)A1Q)MBcHY{|i1I@fqJJ*P*u*?Bn6
zzPP@Q#&CCzQP~KEnSo&R_VoE@{bnoBf|zJawA;$e#J#KBT;hwtq2#V=Lg7~XD38Jc
zn+h5l2i>{bug<KjHHn8|%ZXB8mLSgkEQ3DkB>~Csl*`VPgs}JNQ5^jQtV9HK;M|s#
z^=<PO6VI)W>!v{~S_cjLR;cRGJ}UEs(gMLMn&b*TmzXWyzoi`if?x@mR99EGQ#7-v
zxumk9s6q7f{N#DiYu*7#yhk;nnVTP_RE=|Hwx=e!>8J$W_W=_s59Bsg<DBK@1kt^2
zzEetQ3ROs}ei;0DI``ax)>~9m0<G_xgenbh(VmoyWuS(`-Y$WF$5de}=BKjH*Gq|2
z2O!<KyppAg$-`zQRVpG#h=qlAS5>pu&Bq*xpU}3a*6h*#TOZXEO7ANMr^_^}YS1@C
z|J&WahVa@2xs&#WZ$G~l8>JSb4VLvX<Zn5`zi|XVz4l#hGK1`gobjJ~;8%!bX!4l^
z@IR^4e?8T{i}s|A@Aeg@33?52zlDBjnl&8tUi^U`i9Gry^qgl$Q`*}m<NF9zX7J~9
zz6!A)29z(OQ;YP^(H<~QkB|~xt&D54@LD@POyE#c_5Fs?Q+*?L$R9A=2qILUi^#Pm
zq;m0vKfsC*D2%Woa;;a}L8K4SWJHQs<{2W_+HamS`H+2h@^<A0k?KwR-{$|n!1qg#
zfhB*Y919n5l(95%u`#qaH?-H(*7h{;^R-iG-$_(drj<X3jyov_J&Z6$ke{TwI@nJ|
zHtz{WWBWL+rap;KS!g314K1Y5GB&8Qwz^hT6&%tko5tbuyE(~!iJnO80pWYyifn`D
zBdD*!VDg@Y%c6eR)LmRvTs2(dNK<`zY+^#ID3t3Ns;w=s@AzE>jNRy~hM1d~okAw@
zpw+zh+dV5iS(UDRLUWU4lr>^ereHkv&d!fzEk=Zc28);TepwHY?$6XKYOCOIZP=w5
z2P6KdGsD`qy|6op>mhbtxEr7@!BxyH$n0|oe2SYPyJ9mA1h2_h3wt8;IpsYYJ^9G(
zTBIk8jL(O`bFIE>Gqf@7cGA?rW&f6ei|@3NF&=XvSAqRO&_n#L_iwd4vxI<|8W>iv
zFnaRehs{IE!tQG<p7y|&`f;DH8hsOJRg@9|5)xr5TOcO#cwaRYH8TDr>b1xvbgY61
z`9?E|<at!X?j4WtmS?}Fp7tA=A1COO2zm%OdT50Z;ymaqpYZ6kd#knCEINyf+aIBo
z8v(w_&9@fXn#qPm>b|oL(A9oMSGO8!s>H0#)4NaOjW$;ElFX~Ir8#?RT2+1arGn4i
z?J#7s{lf>O{-^d7@AtGs^XnecIu`O3npO3Rb7**-@a^w#^(Ri=MwtZdT->o+n;Dkz
z-@Wo0P3W2I7iJWO4TdgV-M4Fxcz1G6^lI&FGW-iDo-}!neuD?(-wB5o=am&^mgjb}
zw^!w4b+YqV$SUPVZX1a7S?d(yDz~v&Ph9@26;zW!1zwQyFd0n~h1Y4|Fu_b;V4)C%
zkvfpg2D?6xj{Zje!Y<|*;Ij+x83*tQzRl*OofbTUSr=#xGu;2~ppIO$Hy;vtY$(1D
ztvb*TS$y1em{(hJ&asyTSJ)?JtYt0VO!s!CcW!Js-Pk&yeGcIV(TdNpzPH&NkXiE@
z`iwo5wX~5OM(vFy5h`ei_VY=Ho`7c~3OBXg%ZzUh1$qy335gh0V&+%xY*kPmP}B6R
zKt3t+sPI#esJ+8m_@Yv?Jw(@53z5dtw%wm4Y}z_1Aby;!X`N;?o3C-fU<BmW&ln$_
z0Tjwjy^RkIF;z8A8=kM7uebFNZ?P3@yUrjZsS9ffS(Dq`{*y2)k|4H(*w%&&5GnrD
zz*^W2=^8=d)=j{{#Uro%iT8U!2%N*RBOnCPi;{RqPro9$K4~N6kHW*nD-&>&rs~S#
z*>xMJoxFEkCg}Ant}~nHJmR{D%{l^~dtwDS1HFMA*&C<gj!+zp6Ap&Z(8UZh-WJ19
z7`^FYTe3@Y-Py;B1QKWQl2yDW^q@H}FL(_^12u<LzvA7ycKNrV-R0SHKF~39FF5D3
zXOw?)i~r*;&b8Y&JAo8RE`0p9BSRdVKY3o!UK5Kcg9~NIJg=7J0iO{w=x~2$0M)nk
zAXluJH$UOVK4MVZbdXi*LS+P4cKZNt^)D=@$#K3R0^~M6hYpuA+d41pf@1M~u3z?>
z6U1uyU2wutkLoxdugo#G{hipEQ&pxp@2la9ZisH+6te-Et+w`cM2mi~h4^N6a4TpZ
zL&$rNH}7A*7=h;-#+9q<<@==yPAmuOz=$*pTiXnN%i>1e6N9`PM{zm1Vechu72Oo_
zMYqePHZoy){rc5PkZoxT4@dhbH=W7!=~YpnORM&JR$Kj%2DAlSa6Q0Fa@uOXw{#pu
z?r4&XF-guDDlO3)#^)fQ{Enup7p7-A85N1G=G1r9EGe($c_nU$g!JwAc#-)DUXrQh
z941(6z;bP}7rmdC<dWt4cuMU7GobLLj4NwWj8FdpA<|v(n619{%VjQvD|pS$r={{X
zyD=NjS9lp=imxG#$Yj@ivNjJ0^*1D3I}ixC9V*>6$nSeRc9KIolE~~0(hiPUi|%_{
z89a20ULtrs>>F0ob$4RoOf_|se+}f&v${Y0)NoRGPhWvi)tbe|OI~)bs#*Hs2Z{I_
zc6NR+M71ggk9S+ub?cg0uf*j^gHuIg3_)e+Fxil?nl>4hxQYss0_HP}`jg~1qusKg
z@{2}_`tq4++eeCVg$gQ+3<PpP0b-6W&JKOv`w-@&hiKDdm3B)J%Ol^-wWnG}j`AmN
zdGXWJAp?;3>Duh*XWlhN{_0VQf?p~@)MabA^|3LodS0q(#I@w%;Sn!J%|f1FpN*SQ
zbcl+3F;nr3^?cs)w)Uc%y!n}sn|#1Y#O5v9R{*epJ~x=ZFil_zo?^*%>I0P5%T7^F
z7xLwD0pes+n9|kbY1gLI*g)daXW`f&A{<_m?~(BA4MKMM{xh$#W}ey|uZmafb5xS|
zSYp`XpHu{VW%s|$TTZDi$GUx;4NP&-i>b&3XB9QkxV*rZ^E%#j@h$|zDn<8lNRiDS
znk{kyJIFC$CR}B~iS>H{#RP+zSx9+NP|`>`n>dx#)0Vt~ydYM=ib83E7QFk?1_iKP
zR@r%|zhr0UcVN>*51pR!RuR6`dnWwW)oeC=b^-zK){N@e<C)U%f)F3hWy4kVal`S{
zQ!BR6d=k5l`VB#6FnrUJVIV|lF7#87;)H|ISBGkKn=C_=?+^zZ9+$6|sscoV^MmuS
z8Ng25li5M<sv}*m$lw6I<>O#8r{Q9NHKRb6P_1*c&O=_vpK4_)1>0<0U!4W_gA$IX
zZiQRfjJ$!BQF9RX+)Gc+GhA`84~jY}6vZ#`=5Rgn;?jh*ay8uZx&o3xtXMg{gz5!{
z_cXmPf@+4gOH8|>m2k2S^IS>tK*go#6cSqYh{WCktTv~lr~J4+!Na<d35N6{<sDOE
z!cw5^qZFd@J}RP@!@&~Pi{A}Cc{4SRK79~#e1(r8q6?9S$pj~?2>WCByR-?*DWP}i
zESo_wYj{u38N|&2;F7@n98z9sG2<EwA(Xp=xmfI+g<2DKVPUtN=j4Ivp?<l+AsiA~
zao-JBi(}HG3mmeRpWf176yZi+>&B4a?W9a{FM3vxLw8#|H~xx1{wlrJK{CZ|dxqI7
zVQ~G@6EAJ-Q*okE%GBP$e(_u5ds-E%hPMnjo{6xwVp0n;Yir!l@1A{`EgRH#1s?sL
z&BdRk0=&`B3rdU?OlujLjWXF3aa{21Kbeddmac-yq4s?SMW_!15AENOSzh?y<v6RL
z)<#ySqkCKw6_2wiX6t<RG0c#jSNXIbuC1wS>CBFlGJq{jQ}I;f2x$#zC)iCP#mwUo
zL%#F_h$3+l*o7Yh5`WxD8t8Jsipe~UysS)WE$&eyeYNrN6G9jydtcW9ot>UX6an+{
z>JD(;Ok&kM7<jE9f}5vpAr&xM<oV?pOF*tiY<%6uB5_O3g-;rnakhq^`?;HmE#}1u
zypDDh_3@>+MA&|wSJUni@-&wV=WJTLR)Aje&RwM&kA|+d=mi)Z5@I$rEr%U2Wt!O|
z-|~>qdgIyU9Rpr}S*9qz4Q~kvK=FzR>mqPql;z?9>6^0v*iG!uOCk0ZiWJC~peS4d
z2qe6eht9dRu(~kU3l>(rw0AaMh&))Dw^^K7tyABq<XkE0uyP2DS~WBZM6HnjzA$Cb
zyjN#j?mX#F4kg6En)^!#{wkGAws&^`jm#*Jn+%pPZii2~B2>QOBh-cXOnVTYTd-DH
zXgOWehWfFVL+z)Lx5F9nB_1jX4vqT3gX&DNjRIWOi+eMdIYHYtbG7PBOmb<z7Ci3-
zaynE(@M?;Ksu2Aec<lqlz{ZRpy|@=NZsvOIvoEH052$Q;?Cl88_hjYF6>4#feDe@O
z{){UgtLm$iq@rZ6UK{Yo_UY(pT6_9f^4==ZT+wYW-||UH4F>1u^oGgk0Tb~VGhAny
zTsDvJWLTy+eJ*!hB*hKH1u4=Qvm4b*Gz_#QMb{)e=y(}VM;Xm|6;qULbco*IAM_1>
zh06FvrVTLw3!_trXI#gBAtC{Oe7X7Q2?hAfw5Y=a@x&91bU&E@eby<?nKxLIN+Cmd
zah$hea;c=isdC?Ig00Bk#h37L3baYfrAssFDimBJ+iBxalh7yozCxEJ_vD`x{R<_h
zXtEn?mvmUAD(rg>(D`JZwX*kUIioQ1rvv7Q-*U0^eCs4oWlrQ5MGdVx;^jeDoJ42U
zI+n}l<EgcZDf*&&UmUsn|Fc``|DsCoUL#9)*}WrjR3WBdF*$;O?<Ds=Dw#5KU}f%n
zb6zHj%*~IyYdooU*yrRDRN}R>Gx}pG<7=y{4+QP%g;jl>FE7zkTs|o!6qa7l+7xMp
ze2P#Oln0n!yVQstzz!hL^55%U-rQj3V~d267;t+X&mx$;%B_Q)k_t=mi%5Rl6B~k4
z`*LK^L(rYew{NgPZvhs^(gX==BT43)yozw`Q|1ddOsr=w#NqS8_k@wGaD&4`E^omj
zZ`cu8HNou(gs|1xIHT?6X#O<JzDIu{3TJM)$Af`2`&)l-4kNre?fct-Vc~nwDlSEN
z;%l-dt8pEfvh+E8F!H3SWcsZBQr_sanj0iejsU+P61rQ+*L>vmA*RBqFV`GP@46VE
zjhboOY?3zvgdyU9fWV)*vY#R_j;8s&z9v?PMpNP6)YcN3D0u6ou>ec@1!5>En!h3W
zfOT7^%4Pty=~*zv$e$b!#DMK%&+7FqYhd4D73%RR*lz@!Zgzs%*Cx*CafiNF!H2R9
zKG_-g)^9IVz_**gg3RhCTeZ4tGD6YIq9(WYCw}_^Z@DwQ2||6VMz)GZcP7`!zfi20
z5h~&t_I5-&;8cJTUZy0mAcDAwvC5ACQ<IWZ52IVQ%_40%>TPaYHC7K0K7<Iz8M-j8
z7J6}?`y_bDNjJcaPR+z+Bmq70Tw#@yP-aTKJ9>3(;u(|>V2<OK#_4@pO^?e=UAo21
z&$}UHa=ZFqvbylkz8Wp{<rk#*B``j3n(dV=T#7Z<?hqL*E$xd#VK2DsVQP}H5-k<u
zEHa9h_-~&8ed?pB-n&YJUQy5RYYaNf*Dosy?%;y@XEFXxOvq!)Zv=~MWtpBsPsW4f
z9J(3Q^W1S%Q+ZhI=Qf_Y0C!Z1$7sEj)R`Ht!7!t$$zsvAJZ>hoBq|VRAeFd*3hHck
zLJ(73b!~7#g=VQ5lNbJz0qPTGHop9VK(p`&!p)o$7Zft%KB|Y9dVoSZv;#;nhX3kS
zCM_<p)8Qg3zOc)1dK8y=Hu(&L&1c~_YUIjZaaot&%}(}o?<Ic(27mX~J1QFbCEtO!
zd?&b?!P<Pgu3StjyUTKKFy0-x=%X4Y(a&EPd?ucU*l>{zfa}_Kzn>{9D+`LsqF;{@
z6Gm`GO7StiLj6!*(E2zP6Wmul{pKsUKO6oT>K+9P4byCJP)v=S-TlTl6)5eQs9ANq
zCj#xP*4sW|J0OsJ&|osGkbigbpEGD9p078K45A8A4KYHQJPk>nWv4AD$kQl=_MHp?
zvC_iAo}>wW2?=TmdAAVK?O3|C-`T&F+|iu9mfYi_I1Ltl&t_;<NKUg5IIz!hde>u}
zJp@%}0VljN+&S>X3TfYSR%hCqzdd!i5Mdcpa%U-MZmy^iO-1ad3MEQ=wF~s%NJzDQ
zvMg=@&l%?LW<eGFVTNAjIda5q_ocw(Ay*F8zSU9(D`@EWoL?sGn&YzQS7Zj7<vbY-
zNg3|O%F3|0`gr>5JIXBy&vI*4j`Bxz3){)`YkJZQYOZ%JZZM}Px!g9vBq%g0hO+bH
zV__Hr-wG~i22q)={?K6YBOx_S#6Hh|sV4?568L$WnwowhpZUUmlDQzNUR?j=(F=z3
ztaDJ-`f@rSAk}rZivS(V)6=~`_7i@}QV4askt?`bYP}owyw<P&yxscfra&7ORO$n)
z(Rj|34I=Yt)GfJay@F%RTT;^gtI0p?!yDJGVi;ZQvLr9B##Vl;xJ7|AU1Af$CXM5;
zSaAVpf8=}etD?3RmRR@%$BiU<9&!!C<mSmcmtMR2LV>KUs9Cz~C9;3dXatM{)yNPG
zsR_qh+ck<YJ|q#H3hmu$Z6Pb>8S4e!&*%6+7hScB=#?W|!7RaeKvX@?L?Uk|)vhA(
zW@t8{ve;*wQX1Ht|LcT@l;rWpKXqZDetQnOT5G)c{{2R|mzJ8g2MryqQDHPN7Xarh
zUs}>LN-Do=EAb>jY>HL<_f#9qAd<KwwaUUwkIN$4A%W8S&Kk13{tu)HQ>6@kusa8|
zzFjdus(Ah_s4+x3xP?z69`aD%tX>#E0hph@KDZ!?2*vja5dXh5iT#WC{Ig{B;_ZzE
z%1h0M>i%=@8j)C^vz2&=*#BX>?T?W<fLw2*9?qMiz9`rCJO1D1{|WhDQ2#IZ|0{Zb
zNy9%&|G!r}R^roN|51B`nWr4iPP%4$CAJA-*@K;5X2LU&{$w#DaF2H&r)TF+&ZED#
zNCy2_XUM1d%P<nWc#-kANhdSK3FnU`L7cB((Bccxeq14#{AU?BAkgn}gXCZjXLX%d
zAYhR0uMAc-Vzui^=s!C34yVu347g`tA0PY_9pMK2P|&^$G`&QrM;rc@t@87KJReWZ
zBhNNI==m7$pN4*+bv3FR0sXB$J0i||ETDEpYMyku)Q2aZ{CD}SQw?!eqdd*yaRj1@
z#OEA!)v?^w$r+ok|6}vUk*SAujZCd2!P4G;`JNFv#3CM{=})0Q++UPpY;0_2zCRr(
zY9yb7Xr>vpixRVY9WxM|NXYy@-tnCdTB^qpxQh3x(^>B|H{$j?ROB_ourx{m?anWO
znbygF+(ST;pQL5z(a%#uF0+78M29e1+UqxdWF7pt?7P)<?z|`Ay?6Hk%?<=)9bl9;
zRkYV1`^n%+ETxcgb1}7d`kQ)UoT%XXkgPq;bpK<r-BBBzxI4HcdwAs&cAg>{T`5D>
zB}uyji68Ru_51;ir?h=6K%bwV-?x!+uYqzqZ8|WbA)|e9*M5{KjmHSJt_^#0p|M?5
zJrEYSuJ9Sl`p<0pGiJ7Jzh$0rv`fk3{DZUGGq?28X{^-I#!g2#At$2Wt?gq=`hb?v
zk}7uN#Sd!DSa(y{XZYgvzA_)2w~~1&kO$w-WWi0|UJ9z5R{t64KXVqHA4R(Kd@BV*
zXZFeyt+t7CFMDv8eb!ROt{S;?Jj5=Y>xVej|K(7>{U&%}2;3iNB#6Mn@|mm-^3xOX
zx(>GeNKq~dy%o81F5ECD_*dp;K}V$RpnVyuY8j9sUwwux?}Zz347dz%x+`nc$9~$@
zxSaZ)0x?R&{QT`=_Y4W=0J5_)qo}d>swE4zQ$qyto~?KXQ1p};(bT6I^H=|P;m`XE
z`XXdLg4&>+J5l2wBg}7GpFVBF0=>fVAz^Tz`}Z0)H^GZK&(Oq#6zu5Lh9JL7wXfG;
z@+3w?6CIxsl7^Uxzh74Fkd2@Kw}yKj!Ysxo$BR5FRS2LS9`YYweLY$c8urV!J1dzE
zQ6sf{)88xmPu(k9$f(T=Uf*@C-MmDx`oj?YeCa~;?|%LVmkR>Ky8WHw(38K^_iu2C
z7<@u~(uVbvKm5O%_mAfMuAd_ozVCTWe*EM1e@FO^3SkNYf22t~TzmU1g1j`|zhVFQ
z_c{7&%3i-jke3Hh`#%G{`*VWIH-hm0V^tpmae@j=ZdmXD+500EcD_ig7i1Ka{}M>V
zjO)I2KfO#a5if{5$5ci4oSXlw4r*;YI>wzPJ;cf+(pO)Ln9mkfrIn2#;bbPEu7O^&
zSEctKu*#fn&>xLF#fO4lWoS2ErGC;#XR}^Br8B!N?%x&C9ah>~o+fecJmoXh(Gj`5
z|3pCcY*F%`BKl|e0eS6k&QP_;2@S%=1XoC5P%lu|-P7eWByhQiohg}Zcl(P#chW6w
z8%h1j{z`Q=X#$s^(AWOLw`VaXy(g>O@=}+o;|+<>Bop<0zBdVPqDc>d%xig=9U%#u
zgtu3R_j?(nWU<9fURReR+?5TgEuIYE=8mw&t>$sde@}%7?Qx`bd}6m=$~?ct9RHL6
zB1)9k$14?b+&&)%hezV;yB2g6j`DK}@{}fCH0WAz2^-(?@Nu=efi(8ORs!=jec%Na
z*4!F_Np02P016uAX>Ibdrm#l<eO;5{9lC$$!+&Phface`>ugV>&EwCWliJsnYGh2@
z8^K|^ZC3jbH~m{f>46`@zDlPu4PG%*^ip%i?pzWKn+~uR?9YsX=ezB}?6zv*$1#oP
z?j2qnSx7=fY?KK<i1D9G_V(Uu!ap1CW-$N~lC?3iCbzJ7_boWdXag(!Zth17W!uLd
zkW>P^dP7;ig|k|M>7y2ate!vpNIbz}WtQ2ZDuHi$b`!teX#*GKT0#or#?8R>N*5-2
z0iLk}Tuf5WWT|SJ%T3oA)NM<s(afrib23;O&t#&iDZEg%p4p4Fm%tP1r{{Ofxcv0r
z3gicPHiR*KxXhq89EV3!p?<3=HFqjC9c90}+xSGm%r6L}_9^OvQo{yg?+-7*?*90^
zsELSEzJ_0J*jj?L9<!hHqlR-@sv7e)oisthpH+(9zm8sy?vR|SOJ|G4Z1go>2r~%p
z{aFd>-Lp39t`xc@)Yd*KYd&dC(6}gmCN)UF<)w2uAA15PQLph=X_1x8ZG0OY^+5)i
z^CxDU=|I>vtyn-LmKF0zX_YbVY`1cBD;XIbY2?=UlFx?DE-s%^C;aP|xZDNl_Ko?$
zQi&dezZ;hSBlF)3DOZSB5-6mmDg5yG2ec-?h{sMVH;sxIX-!__fKFPwPH-DZ$KI0&
z+EeK^adGWzs+!mJGKN~<{mwOwpAx>GZEdOwA0JAXW@`EpJM%kpy#`!so5*?5N&h<_
znHU+Evb+3+QM$(DDZdssqxo`{WDM2xx)y5BU4==%U{19uJ9}iVk5MfZ7v$Ji4un?8
z&(+*?YqFR<hemh?lYRQ?Dur?My2YU}P>4x~$GdZ=@3m?uw|uatm-wLeb;x6<`#{ph
zuDstki0w!I>#`37x_;|u4n&wu$<nP^*R~lRc{TVx6+U&nxcma?Gs)*Rts9&lN$^xn
zv7s-serH}Brdl$?iU)Uy-M}@^NmUZqm|6~G>)n=2rT108?i}w_;5p+#s?$mVp>s(Q
z`pJn5k{{VaLt-ad)1^yfTT675X{$pmYFLFA?;09&e}7Eix*yFWJaZXk3vMBDaJyP)
zekaw&HQS8Qdq^?1?i$^M5pDl}`y+(@+0Y*=eO|O(6NQRC$Bcw;e8c0cA%GEpkA|2%
z*Tfp)$W6hAB^W{RjYb_PnBB?RpSi1pua8_er&%?kT)cyH3LA{K8z7Vfb2%u;Thsy6
zglk1U!b3rB3tlLiN7U;rn?_2Gp4xiWj`rH7uBCLm!!Mt!$?huenSc^W;fbWu6ZKs)
z`XfYDeDr;GSy?xYqSAdJfvPVNy>izIbsyFAwWW+f`Hs%RdO~N>6cZ><hIxBtk}M4)
z(%fBki2rR&#$rV7)b;NvU~9C!dt_yK!-PaHQ^{MEjL1fRSr9=YU+KEtf4vi~+{3JK
z+hF#lme0MfFqsvc^G3-Xs_Lb+E}Pc(Hm}V}-<o^YMi99p54j_*zCCP^ffBzoBk0%i
zHQq|U-fc>nS0N~^&2F@b*1=r{PRl{wzi}%YsCQBgs9}UV4s)stx>jEgMl_sGbUZO;
zJ}&dWj^8&|fVA*_S!z>_(%cky>iTjAcK_~><5SQ3a%4<Z_nK2|`vdtawygN;&hsYp
zVNB=YaA!{Ixos-A2YP@+go=*?w8`cIn3><4nLqq)XzW+w*rWAjszu-9uop;Ryh0#L
znfZR{_1gW&+`XseN6}6c^p!wh*;V62hsTv^5DmwB0fn3+Ro89Ly{c6Y8E<pd@SAh(
zqp?J~l<Vctu%#|-+!rri;~P{=|L$4h6|X(~(ZqlBDlH!uL4$*khd0Hk8zXzYEhZWH
zxZ>rfyt8v&Adk=;gR$FgOh%@*O(pZ;$-p%X%qKeU^}M=;#_d*ZQ?PHO>vW5JFj@y%
zPW6hh<wydMw$k`b`KB5tG1FvFhW6CA`-cS5;Zniyuus~y-ApkKGm+DAeETwP?z+P4
zcI)I{G&)<?YBwTe8^{+{)ErqPNj&lLmgk!9*AxR5O{|N;1j_#Kd_2?P26!rTNtr%n
zb2)?B{KnXFq-0!}ckIKhRo~5a#?qyI`VG5=`d;(k^uD7NBNn8DU2W3kCOM;YnexJ_
zqY|WPSuh~kOzG!$_UvmLbh*yQ=my|+L;@x91}D##HJLPeVXGcdTMdl6+(-(0P$2}?
zVV5#vG3T0mdC{HM6nKPYdmH(_on@4<&ZoSmCw-neM(9hw9JdZXH?ta)Q5>l27=f|)
z)YWx~*F%mKLC23#=OXlr;bGuFmkjUA)h626n*yK^hX@Ypi`P2e7SY?%oD>Aq7-9WW
zeR*tIMdU;kNq+E6;uklAN6a#d6{Xw62jH^#JGZZ6NvC{YX8VpoUnKO{gdA#Yib_tJ
zHH%yBkV0nwn(=zr*GnGqs;(Tw{`hlVt$NZcngSk-$AL1Yy>28!JZ7V&N9oB`^-k{r
zg8%a^0Q?oo`v$;zmFR4=Jy1h*B*RPDdvr4jznf=O2s!^=-zmeME&9W&WBj_uItp`+
zP6oi^iW;C`?i35H(I)DV(dztRg1%c`p>mzEe9UNKUL-Kdx+j`SO8Sy>I3*8gBJhS{
zB^OyJ`JGhdHl=~*>KUsr{ASS5_j2;SG}WRRT5{isE9?+=Y#9xa{N%cAZKWvKUPc#g
zC{>F26NKhD?6YzF`GneC&K+`uJrwFl6<W4C?LR75yXw`%Vz;o9<~G^sIs&PYsWsjC
zT;Ft73zq$i;D6XiP}63iuul<a=UH^(h`=it?KH$EidI;h!F=jgYFwQvfcdGqkcGQm
zlhdkyV5?hmFHX?Rp0Oj%EfYPDajvbbUtPE`OESQM8>UejPH;W#aS`Wg<>q=lT+G=P
zkQ$Y9S7EjwC<Sl(=&r{l?0ogxw$@o+#<z?rY@#nfZm+78nM_F02Y&h~kmc*1yf6Kp
z8-njfaOX*&KZ~{T1iyzdKoaiR><yI5v{gO(!Q1*k=sS$eciT~%Rht?6W&Cs=i161N
zzwmC+_7GG5VoesO**PttS7d2F&)7`ZetFT-=dNj6ZP;nQ@_X$XiX`^bYavlrywv84
z5lybLRp+$+tb+fScdTq6e;`!;E@5#!(|jiuC#CN=c*oG%Rn)i93Fyfu_E9_^OvF8Q
z!)6q0ipIW|?YC0WA4PXpH5N22-?h-!J}PnmvPeby8mpbgCERW-Rw{$_Zc2Pcb$~1U
zJ+3xYM8v8g=bUV8(pbLSb==yeT{*f<LJ2R@RNvI`m^1Gj;-h?dVM9LV;^dpvFJjcw
z?7VkV7f*ZZRJnQ*Mx!2h@WJo0PRw2N>RajE)#nYZD2i`>dr#d$N3Ch}SEs>M>dVl}
zTKry2psK3sPlf|ADb0N17ozeRcb$tzzVjP1HkPtJ$nzBe;CP#Qzh>snw}@{pV8r?*
zz}c5XI6op5!4W%jV|r}{5^wThmTTCJd)DqFVQmDUKJ^?)=<&r`AuFf?42!1}2a$cn
zzdcGX!IQW0ZWuZz^=bHcwK!m#b4pFTd_CD1E|>V#^Kj?qhfB>yYRT4uVelZ_sECEN
zDvd(cqyO99^Yi<A;xgOzC#mY0EfQB3ADkvEjiAcHRQnbePVNOQunB+GzR2MdDEL-$
z>QIXg;fzI@Ubt>j9xa$d19Ahti}I7*cQ%R^V|kDYYtl0l)D`ltY^K4$zHKuM_ZZ`-
zJd4FzjPFY^<BS_5YmYp3TNVdupL&GQ`rKZIUHBx>0fp`SM%z_a&reafoh%Sr>rzmg
zmGwP$!K~H&!kL)H&E745J9n_-MJ@ea^Nq_5^v<1JcQ~FGeeGKVmvfpd0x5-W0W3Ho
zQ)ti|7I}zA=P8S)w<T#_!$HMv%j0h^b4>e?I+_<!b6wk%FP!7L^Yb78tWVh1d#8_X
zHh$Fq97vohprDNQ;N)PXlw$7TZTup=-GhrSLvAXeeVb{kiEFB((rz@M>-5ISljn(8
zK>z(SjKFc2bJ#Q&*E!~ELL!UHQ|I7JQGH2yUepDRx7qU*Xkkh2o67P_UmX@H>n7~$
z&aP1d(0&rOdZiwj2H_FPiMTDqZd&?OuCDtE2y~z4MDzw12)%#apWFxC&SWeX&MS>|
zc5r7D+<Ju&iZVZ2kzc2T@}E(!9*2cQa5Qi-@KKF<jQl=eE+zMC7kSE2-M7ar2-IaO
zomYD)Spa**&Cx|j5O$H^dsKEGWxlT(O`+s3C#>l_ui;9-l%14Mh+gkJ+2bU6F^rke
zYuOB!YWTpxHsQ5gtm-IwT}i{#R5qv3vTe*>@LD@snN{vcrqscFNmnGZ;Qp*Z<YG5_
z@;L`srT_k=+jYR>UEi{})Va336n5&G;kmZ)D|ES3F7N&lDF~VSFsACTb@b(=w^YNa
zt7pZkrMtbTZX)amwv?5nb`)m@=pW?sfPXbn^mhExv~hq(^fLaPxdXgDSn$TYZJzW{
zI0j6|w^L&VN_Mi{^g%U#Mesh7gx`ZnGAz4)9^v9$;3W;a6%cVlId{aNzT<E%f0x9i
z-?*l7?8Nysvy)il>}_vZ+nU8NJ~UUyMM_I0M!%=mlcOqg%28ovlxoeQgo>Z@LWhGv
zz(p|wl49`s4aBp<7e@rK0VnyXBQTcBO69=Z7@x+vs7&qfEBMFHD-Fx0yjCsEO$PTs
zwEo{>F=t4IA52uW0n)tcu6JEgoswsc7L3&N0&h9^+&g~I$KYm{+~$3vU+)u}+PuFG
z*}A9`_NrGdg6=t!;d|e2FEU};(DC}Lb*(DX786sS0OkDdH-eS(hZ0}mnjp@a`Ukr@
zyA+)y{KDBD4A~>@n6I9g{-w?6II^*gzq!4!$-ScnFmJ|Pdx;yJA0{7K0|#nlZ0<=r
zR#u&cI-V656EoJJuyJtkGEYOM7<s4=9)0Hd%!%gIL~#Sn{Z2(rk||@?wuZj#a^VmA
zNmDtQ@TogTqru+st<$QcS?aYIJ2`9R@JrqHw)x24@p6ujzZo(sq&MV{-+3$+;4S|u
zgv=M*t;E@KCkInS2s<y*U2zZ8rqPBB!#+Zx9Abe2e6i6&byUvQ%B6X_Z8X-cIzOkD
z64J_I)nd7ZUZQ|Jni$FrtlsbRALT8Qu?lO{HXIteud5rQ=q?}k3Ck4t7QIRmfL_H4
zc}GC|+^=-jY}W+E<yvzjGFppSpfQfprLOwUCnT#qk+B2rFAu2@BrDBi@~UUT<z}L3
z`Y7tU=5Ewit8~`&NHisV`gWQ=BR<!9IfQQ8QMmQCOuWA_MviRpeukm5Dpy6ATCi0{
z@4B#cYOw99^B_jf=jYJeEhLTgE4?)#<NYOL)ZN`pQsm;DcPAxgIGC!xI*?WPbmyR=
zfb_aM1sn8w-rIeAJn-(OOz8|Re18|vBhLa~&sv9g<XY{PE-LlSDEr<jTKK7WLOSm+
zdQtA#`rk@5MFtzTo=(pD^5_f8Rt+jmw{rVl3_U$ln$sx|H&ld;rvRIdAV~qfM{^O&
zwJt5GvoqRKdFT6`*vo?SB4LVg%E@(B!>u)2b(}n6qgz*;WIVkHd-w$D2=zq1(L(Us
zODmAtl8e`HvgGNeNy$Pfuw|<J>aZq~UOwtstItIWx25k$ElHa%lyYF?v3-Kj>4@N#
zu;@mJ+>-Vvnb(@Syp_r=k19)Km@a%O#`R~I3hRgx3!eZ^`3<;j)~S>7Ixa-gt3uT+
zH;I+4Z|SDPSGZ00N3fh;hV{$9FEsjBeg2j-48BI}Y>Kz2q$l0OfVMG$`;!bkeRhz1
zQL(}3V5IO>Qb%EG0&X&~@A1mwa)!w%c8U~ZboeP$b3Vi8+#RsrSj)k^bdu5pl;Sl1
zbclL{p!!2-``1hs0U$e<MP=Z!%fJR1*+Jk8SUBos{`Q^2z>)9G7GFcqX7Bjiev7Y<
z#rhYuyZ(1x7(S5cqvbd@xu@5CoF@pL^7tF^60f?GwpZ989ftrU23;*yMUO`bq_If;
z6YWwA9X&7bwZAau_Ol~3G*zf7RfIgC)$?Q3R0F$q$;W3?x68xVwMWb;E@fLzqS_iF
z?ahgq3SUT+j3$2g0_k*HI7i1&=9j`s-w0H~e>Ia77w@O1_G~3#*)BSQY6i<xYqI6x
z9_Id81D4<l<@pVi1GUnCcYsk*Y$m-}U3Wx`8UBWsbs^pOiGwx#BCw8Nk$hB9T3TA!
zYhlC@+8uq-d|5u_hm-Hl>mZ7>HG@eDDhi0rg$!35?BOrk;&^g?HEX;6N#J{Idx9i$
z@!mZ;cr~>@C6J-#ZQR{<0(QPec*}tC(yS|;`+==cU#$acS#h8qskru`Zj&B~CrCYW
zfYQ5lHKTQ_LcJkr?ubV4=5SopHUP2T9#eD9)_1G>{<iWXOJ;N3!QCLMa!IdVoWMbw
z&mKuzpirzj?jHArVwsi{U4}y3kG@xo_tx?(D|CYW5m#~ZTZnIGyrEHWG4h81;ktUt
zMjJH%IL%b3U@1aC2XlQwV&Os_(B7dZXBp(vk_yh3dE&0Zv$`+Ji_Lni0Y^9MmOrPT
z^WT)X&SB#x+F32=Tg`m}<?Amx0gU%mM^x+_)~zjVW}`uL8Dm07rP~P%qI*lr%Wlf@
z73zx0d-Jw8=Bx6;#q6ajs=;4Fz518hfNm>44`-a6>soJ5Z3%819QCIGiLh`=1R-br
z*6M}N`AlVBvj#?uh*i7<@6DnaU<@P4-fx%}FN}6<g=_FV<1By89eLg|w@Gp_kom_w
zM_AhSw+iWmO)b?D-8dwqscb?X&eBd2UWrosHI+P8qP5ZXx)mqua)nQ(9$yZhmChN4
zg?i-o2JSH+@**K?tw_JQ<s)}tQu@*;jX&blN|vuErQCV3EOqgi;+qA;%R&1xi@iBX
zNiwk4fy`+F@Ya()&!x+qdFAYDTu)G~YC5lNor7cfBaER>IG_MrPgVIJ#07{Ih?5Pz
z#WB+5_?Cj+&n;K|@U+djH^UG?^b$NpZ&<O;#d?9-=Im+Og3qn({kcziaiRP0L0wz<
zHR791TfIOs_UpVw4$%|tUHSBPg2q1Qd!|C~02F(rwD@FI)_59s-|n>vo-5VWY$mH)
z`7CrQY?fe6#aLzNH#jdLyecV@+{L$1cq+H=Nvg-}*5-xIylxn%heojEreUBbJ6fgo
zHe}g%N&67eY2y0vTrE==+-s_n%c5tu6UJ~iQ+~T`dGFRy&;O0DfMF5dgzi(l*<3cs
ztP}<L4$7^3#N@enFW@$lpK(liy6kl<el_|_jq%{>>nv<9eP-Sf|5kN02DosoB}`PA
zhk5$vh}_fj&8oup?LD0UpGK)xY8hTj$800{b9P>?O`+RvUwTVUD+Uo7#9~_es%>Zb
zC2Uz7bMcO7X5svI7Oo*M@usoS)e+V<7#qo~Rgt^}XH36#QO@)D9ivxCd8V`a13W_L
zn`C`7b!0lXK<*o1QOA_WY*~u8$4gx_vNR1%t2$kVjo8qKHSkL_0PbL`@lGJMNAOT?
z4RJGDcT4&BH*XKE;?;#YY6g+t|J)>0w7ydhyb+?~nRsi;<&tB)J$~aIa7YB;)T7;m
zBSVDI>+j57f0KFgBW(7h3a~{j7OFpn-Fg9A8_p}%s}pY8J&)!r3MFlHG0l-IbOl-Z
z&gO&!KDKVWpLkc)qIsGuG*XVKf7i>pU^0{6t}xtPG<k2o*Ad(IuBc*v=B`xOW3R*`
z!H<~KBgd>W@|@eaaIPjg^(9d~$MoJ#(bhZR810wmnzVVJeH{-brh>}jZ&2E<*9*4h
z>4Rj+zg!49S$q6H?7eqTliM0Tx<yd|0qG*m21u7K9YsKzNbkLu(0fM(r1xHeBE5v(
zLr^+MhfqT=LV(ahPjchl=lssuTkp)BxqsZbGv}X7l1bLLzV)s3zVCY8=Y5ua(S)|!
z{_3ex=+*&jXlG+`HJQJ-5OZ~an@Hao1*`I~@p)MWx@QkS@5L@cJQ@xh6A-%+Gp$UM
zQxX7}6bB=K-ZV_VR9>}|JlVKS=aU@UN+Cw_$ILT`C2R>xyt5~HesLh8x4J3cJ*Yz%
za^D5wv%_1}5RL}DHElAtv%XM9TX{?5f$EQoT0{xw82mL86a!oej9do5rJKxA_{sPC
zV*;+W!H94%tD8uQG(M|>TD7Lr#k@}{S2@dh@Rxlt%z=red*vGyb*B~D&uqRlsAv1`
zuQTVUaWDZ;uvlPb^}%LUFc|{|cAer8Dck@x%3wJA`A)vw@neV~8K*}yAlWnlDMD;6
zj#=<tZ+`98Wq3F(Hue2=1i6}qQKIh}jEa82<jQluHz$w7^TgRI=-nXABw;umJ$)Oq
zS#|v<==MCX?}E>PBXbl6O6!l<ZJi59E#j2KR+)x^B!S|Q{rW8!bd1gpGSIPYdm}_G
z51gNI_<dN=&t;A~u{TD4Xg{Y8Nq|i6<0b>@v^*1gvGaCDGXYq42_D>*u0!}&^Lx6N
zT(t4I>x|ug@IWrVp=>IkqBkwwZM~@d9)qJ1S8-E*dE+OWK!?7}CQVGUq4Pj9tU-I)
z;6T2ZTxdIIVo6SXK~+}P0f0;lb5qFg#5tKNK?@s*R+Ox|8OEbKdX%BNSK-ox1<Yj)
zrWvwAtaYXC`Dxyd5MI+{+r~lX?vqtvtmRJ#VQ12|)(NqNlD%xDUMn9Qw5H$Vx-dz7
z1?!#q+9wZhEpQCq;{*<7I14Dq-$zDz`PTso2TIVNKpt@FCj3%VJlEk~1~waK;JTpS
zFooxuiFPTc^`r&=fMSLsuk2Rfp}^JtN>b)Qg$erF!AKa=Exxsy-|{d)r)I6XxfM_t
zc$(6eogtx9w~=nA>OR$(C_}oT4?damzSKnRn5~Arj71ots#mnA^oSL|$R(Wgxb{wW
z1YW)H`7*CQcMyAr|Ng=TSL?+<%Lbg-uZQalLggpF=e0Qfp+0nLlB<lzo~=mkZpXaF
zu>$e}x*@O{u)%T83@wH$gTHJwX!Qdk^+*f!k5*Y^!3;TVN)2oBYh@g)4#^383*qDT
zYN}clZ$xyJ^%?+2rF*#8!j(#mT-3fJP<&o*0~&J-v`2S*UZ^HqLPEdo7K|!xU7li4
zZPJH8FrTw4RJ7H7kGYiI%K)tJ`G?3CkZzvJVlP*{W*qS_<SKCG7UYV$fo+R{OH7=%
ze<b@yZ9XKxe<;fchOVp@@aUwX@mO?O{QQxd*D7{&!<K^@HOvtb`U7CKlMv!Mj#M%5
zrzme?KA~Y9Z*x~{^G5)AlkSKItEDVn#ySlWBhcUX;c>FN)CXkZDtlQa)`-4-o=Lhe
zgFN8Hr2!cs^2V#e!6t5i9~|i^&ITHd6MaKFWUH7pU1%kHyg=oGHQa1?$H<x@hbRi)
z09zM=)G6OU^dK@kRJnTe8dbUXkIzkxD94By)$0_>O45njPk&@XuAXV2sf$q2#$z8g
z^cXPCnOADMtg}E^mbrdsE~`B0wHxX<nZ)Z3nsg`JI)*3q-s#EJ>lUYubsh`y(15J_
zv(V(2)KoDWiWhw&4X+$#5}U3&PB*lv*c#thYlpT^yeYq(hJQvEppDIHR6JqVt$v#<
z*HSy~W$h#JGH>gXc54$LQP?S67-?&^qfz|C1>L;(MlI&m$`qHqCMvX~?Q<m9M~U5M
zS+;w+w9g&&wKsL|S*IZ(6>7X9lE2A+X$ELu@e$nLwHe@8l2z;F$V)vnAc(bUAbDs~
zWI|GHBb}5ez9y1~g;VEgu}j7ix(a5wlOd2?;B##5Hte<+z4w75f>sTtgNW1JE&5_U
zx4Av<tPo%p1@5Q9VKzjL4R7|!O6`k(-Z#$ST+*ptU601*cM<|lelR3Wm(G_5tp}cU
zh@MNfVm8amOCXo&SI;RUZ8fOf`veksG5&Lp7*9&pXeB)B6H>lxH|J=E7xU;cU03%M
z^-8kZ%;4jYdkjK#%=&_wPrlOB8l4(?4@8Z28gh^by>G81|IuSLTBamYYe%&<#ZkJ4
zy{khZo0UO{8RH8Tou((GZRl;Jq>}6*VIWo^@B_%ldbyOEccEGL5^3AL<L2ypkL#}l
zvA&Wd3Y1-n%tkk7w0C+_Z<Q<(62eXyJbhnJ(OX=<<{Lo$UBvG2PAT(LhK#fY18{;(
zpp#xFzw9%Bs}~SgcKj+e5asBYGG*PjuC%zxp;vLGWZ1SM=$`^Pt|ApA(jA*Kz_`5F
zZ5eLNY=QbKv+US4fz71Qq3$}}T{<hSCCz?D<3v-gXICfg=1Ee<X#~~`E47TLZNv;&
zR@7TGUKycew<0vK3ORdvfWuqQ@~@8$ROp=_f92>uFlPSjS3A67JGkJgYSYAab^$NE
zU<vE~;Morr?A%Q~y?alk_DB&q$lDP$<@?%(X}%c))8KF+Vo2m~Y_36W3Zm>XTRlIV
zM73@!aGD+YHukBp=`r{l57sj_%=?^onPRRn7~}`rq{5!;9WMPO?4;ozuhv+PkD9G;
ziS@tB$-PW1)w=U^@P<*nPu8({j7!;@vx`#C9tX&JL*Rw|Xx3%Qppx9jgGtm5e!5#1
zAaR26^<QPDOFloXtmBY=Lyy{{cV+Gib6Qv3MIVd?DdE~|4}f;8ePj*$0}N-aOvABB
zpft#>;lX<xVD?8i7g}o3)?GYz**Sfb+FBc0(oMnTD3=P9zfO2=|8CJD*!NDl?L_LF
zZU2Bm|A2hN;n5)*&oHHE3Uh#~mP3=O)-14g6-g@wK~d9LkT^+Qb6&iVJsnD#RZP*_
z?w-+2cU?;^T$}|ps~&Z!4G(!6&OeqoySrVNY4DY;uvhR<@7R2&PT_jP&NIDr^Y{T1
zW<`2^sF1MAX=;6azpC@~U=#Qsv9s^z>SgWNJ*JZR7AAGh<pruFk>8sN(oHlm9F<Um
zXc>xIj^%9S#jI>x;=oj3W@@(k+W5Tgs)RXIelCF1=UijVm#g%MVZO=GFP!(WRHEkh
zY;m(8=`Av{cQ}`{OBz#3Sl>Ob(Ebo8E!AD1iwfd6S(i`uOiVJX)=1q+ZS+bxKA<{`
zKS4#qZgr);R>Z^8^H({X*HIhqVGO&Oc6Co{lld==h@hjN)EBgnOCEj6%j+==8s=|_
zuMPd^)Rt5I2HI^}CscS;?kC!6a?W0(be(om891H9KlarfrZuJS>T%jLXE+mx-n~CQ
zc%zwXrI#&cgp4?I89P(1Ge2`(IZG>2(S*l_EBM$h=lcTBw%+?jH*`TzAmzYX>*z^{
zk4||fH}jm!NiWT(2>gz2rjwE2{bvVco|WG~lOa~>kB^I}h<iw57fL{mZ&A(zdHc%B
z5{3QwZ%TlJ`Qnah&H2Jsh!%!`%G1n_0^go#_2~`8jL}q-)$T&3p(^pj+r|>6Qwd-=
zh`95hcl!7i;(YXTtpmo?#`V29mMzmj`eVRqw7zw)f7c>`FL3sQgG97lGuV58d87Zk
zUX3a{J?=v%<q1uU?c75-Ke@5BH16Rt6golfYR9D%A$;>ac0t@>xaPgSv`@|b*qtHx
zNLGX4Y(q(Y@8mkrqgRS#obS_K@%8h$oYNL~{(!(Hq3O<K-Lc|RAxYyjeC>*UzTn&1
z`|TjDk|D1NdY1cT(*;#ClmKltZ}$+lmJ^LW-sj;ZWgW>SDc`!gZBv7wsem%-ed3q6
znLz#4jX-*|IVPyv5cwXfxswMJ_vw*$L}s^^n7|V>q-E(ZkT6fM*Y_(NEVlD33YYd!
zhmYw?7^D&TL4<o1oe@TL)!MUO&KyaQf<6E(>P^8PKlQc!X!lnd<xVn|(-J11<8jG#
zSI}T*g-h1>G|;ucdv}8VaV5&pS<=>82qm*Juu`v?nA$kAeb~png%>}H#~qGmW-Ae3
zd9lHiNQ)A4A_Jp&-qK?S`eP1nvsq;I*+kwmNEyJ?I2JM_>~|L2Hy|ZK+{djHJF6-u
z@9g#XL~Gh-4TdU#UH{TKnpaDMb0elry!Ob^#j(p4#zy(%H6d7iQ5SZfW?Icp&7ck4
zsepyB!6BL`QoU>66=)=cSROLjxV?0-pKO8XT!weh`-|}GR!g*c&TwJzO=VhGi~k~&
z?0mbiW-L0726L=FdvrQT^KO?VNjwhg^O#9~Tw19hI-{nC+z$&6PTK};4Pk=<hUH?2
zF~)F0Lkt4RhE~P;w_>xF6LZX^dh|uOA^wCf5R95w<31f+u}XdU66YuHuALvtH*4+|
z9aXTy0VG@$jAm@x%8l)=TQNE=Of{9%1Qb_kdeFbMxcA+BJd7(mHnn?Q>uA&HaAP->
zDSgi|d7T62X$&ExIc&jrh#c?`Yc0EwrZ6zwvKI2&WLvDJ{icE0Qv(#hBfGXJbMo!V
zLxXKXjmrgN1mnO7nnMfh8?-TN*S#fwZmka9P4ioIq}N{X1$eAkPoL~CxlaqC6Xt+z
zzB*A`d!>Ms;nnIqJh;yL&k0r^K^9XO{RG{TfkW3fe#nKe;heVu%cChimow$3-&=HO
zLN~CByF<6#87O^3(5amM#4e2k*GLa`HpvchTx)EK>`Xn5^D26&WMUXFR1xb5bMIdp
zHa&&Z!uNC*UAq{mEZ_en&1I~Ohb>dk9N)EkPxvOiBHm+wCdS9F;mCYoyH7JPo*iXh
z<5eGC{S}xBqFerWO~&r|WpJyx<ecg^#<@VB{PkP?mTbgxTUI^uFG0YY<g)F9H)e<E
z)Kl7Q!wTf04r|0;Mb|OB0|?D2M(A<P&gmc?Ouo++6&7FAYCcgd6}dY>8!&Wj5DBGo
z2BXjN?0_IXG}!}pTq7X~d9Ee8dr(G-`>Y3|2NpTCqNBFSlR{xNwuGPTm42+%J}Jda
zr%{y)KEzU5P|>$|*$JR^!cX>KPUc6O(g1N?G*ol2Qy~dv;QviVDXmG}&ma>yGkZ(j
zQ;(1DV<^X^nK*t77T5seULbWQxP-^lSXCWvKb`g~S>BUNDW#qD0B05(0&+<K!u5dh
zEdiL6_1vsfH^*BKPb48-_M^4}jx&>!Lbkvb&sf!hPjaGr(8KX+m+XIOxxIO6tna${
zAv;e20|fg9M}D5Cc`kmhrHG)(x_9sfJ0q96afpvR+u-4t^q4B^E(eD+S#4x;MtFLv
zgDq>ytlaif9o^#mbY0tgj~MH4N?V+ptUlzT)%XNmBEFf~u<Q^6&gu$CG_mN>cUKhA
z^5JH>)!ic92ZuhHlNGV8mrWL3$x7gF<)y0q`O~HMR(5{u6qgB1at;OWzQ0Y{?4j->
z=<Tyva8yB5SX>&Yc5qWnOXX=;kk;*|-HPSB;{YJ9ZyxgPUDo#*3J{z*hrW!a%eU#R
zU$_ktnk*Wm3NER)r-KdF>zIaTo=7B(wNOGzz0_LO+oM0YrYGzSu9B%u^_hZ9Ylx%w
z>~!Kv_a?ya>mCEkjzO_{#N{lgjZ`2F>H?lucwfTsji<n&ypoz7BlkLUuj%MZ`%@zM
zsv%xqXrvzB#D#{7x#n!dREpnO#94gX)%iNUUdx5-B5y&W`(qbi#Jh2K(z9~pv<;U3
zbze2t10mfq&vnVddONR><8pBM*1!ym0p{A?=a{`2NYiq>C^Z&%|3N_6+4;~gdA$eH
zZjP(2!$|XU#OGBa1MT62zvRf;ALC|SN&Sd7vv_+OOLd2PU=+QfGhmpd-($3xK3e#4
zE+S4^c3nszY$2a~C5fu(qs?4)r6vd?-h(Dw$FzBS4!!n1)7B5nuXP#}{ju6Z{{B{s
z+Tl&H9-a92L8tg@8*4e7!rra>Yc^rAQX*4I)WSO<yPIn@7!gtNvBiYt#e$X-$ARFH
zr-=8%r!(lL5~oeJ@xVCz38vB30kOj~IK}0n0(xJt<tDMe0E<OSt#1F`m$@(xo*n{%
z!;{_flbX|RLOQRhqezeGdS*_4y3xAyB&x9^?sMxYuKO)Mi!57ZEY5DIR=Mhs=D|I`
z2j43`tXGa!T^EoD2IMXHPWffqVaN;{wxTyF)qByBPm7}AS{xkB=*h;|a&>+4;c0*b
z$)_j2cJ=OLq5YP-FV~k%ig~alLycuOY)=g*K&b2$nQPTkqeLB4dzIqn2QN<wx@HB5
z`|+olGG#<Z6;Fo0IxhO}M|KQz!Vqv`oj?z~!Ec|>W-Lm3Nq!Qpf;I^no8Jx{S$(_B
zr4YOyKU^DdU|{ElY%qe@@f@eFOZnCkACdJB@9JZAi;V08X9&S8D$6NFp&jG3tx_82
z;p7HlnJ~-gi77-R+*K;G`&$TESPf<Q8O)@#jCT=nmM=Fq(p#A#zbZa!xmM=sK*S=Z
zL5W!-^Sq&PfH}(t74iih-rd&>UJ*ke88o}r)*gyVRrPV*sVzGokL3fHRgl-GzD91o
zp{>H~71G1UzbbpGMlHNCyexGqsmIg!UgWE{7bm8$y*UYTo1qW^^j_bc<r7MUU<NE0
zD%dI+003ck&eahGi$aUY&_3<Xa%Yf&cjaV^#`)ME3u$S!EET6CzAYg)1;tVWosO!B
zdGX8GWV$%$3Z5)Hpr9lZz;vIP6VYFMTjHF;XLdix>vkh_nCWV8X<%&LcJ&yD3-+b=
z*$<|7CPBYzdv>|0JSMoC(!f~Y?@|wtSR(V+c*WKQ-1o>|4;!58<|nP!cHMZRbkS;t
z7`@&ieWRpv*N7N#;k_J6cc^r)V$UaU%vRry;LBafrRuvyyS}6QNh+Us$ISzMStVw7
zXQpn{fzFP&Ws2VVy-T@M-{meSKw7W+xKeq@5B{Er&aegKYR<bjR>ORX-fV|wx~xUJ
zfs3<maeRpz{P5&2dY#5?b&`zY&y<CC_sN4TVKROY5#$MwU8Fr?l~p3K@z|Al)h<V9
zaJ+t-cyFw<xY7`<T~5FSI#;=J;=z^j82e1|Zsdt;Uy^o5c9&8G8Ny18iR`%^pMzSw
zm+4k<HERdxTRzBY<mc8Y2FE`qYZMYaD11I`LX0;j5tllDJb0Pe7H@TL+>~)9mMm<X
z)1sE{pnnOO$IEUaTNR`HHAib<-mG}%E=65d(IP0>83FQQ(bXlf-zq~^QuXXA`V_YN
zNQ~rsk6sB|ZylU^VYcZ}H`A{fWhY36U*-$|u4E|-tbKHUM<DA#NEEY6#@_pA^xfN9
zmq`h&ifWtjy$683B)*6HsC7h7BQ<R_ome>*zB+VffI*zU1$c*+mG-}JjI!nuVZzpS
zrj|<r79($ZDld2&yHIU;-(h+UUMAK$tSshTJYx=Hax@Uo^0?@^erxZ!lVr+6<xmbf
zAMjP$ziPHqKLjCDqZLdW?;IwORnFn((szTl55BYcUh3=k50uyuv3q~L2dZU(_un>P
zdF-fO)oNOx4G;Zf#`CRA5O-j%m}i#_wT=nBM3j_#*%h;>XXFaa0mRZi43ZQhIP=Ij
z?_SZ`gFxFdQ~Xmzz3Ti6cFqvJfyYqIelyU9dv?9&h@Rc^0l}o(Z-&x%we8DGw2a5V
zhnMJ5R^3Zi@E(1Q^R5CnQI(e2z*pjYj;#6O3(r@?(SELepwgY2<IYQY9zus5F^>zB
zZl?lto=Rv*H&+)g59wNc8#=^p#`K@pyHX6w7qaGUaHW&>!CFXf<K1XAXrF0$JKk!C
zG2{zas|BA58PzPZ3tKJZ^$o>o>{@{*Pfe_>0Ed}YLo{<aKm!3L+CNFG`uA}rG1XYr
ztoJGcS(0YugBMvN4_H{A#`Fok5~%FfU7v(TuOmL!9&W!IEPj@$RvoG#c*noVtsCX~
z2q0t1k&CZ=wiZXQ^*AY~aUDCHPxInssc~ur?1sKykB@DulCOWCJhHOfz_i=SH70EA
zU81veXq8i>&wX@BvjdIP&|Z`?ngqMaEaI&M5O{#(A2*iBC9y-o`}bI}l<QsTT5wyn
zb3AtcbSqeLZu7ZNRw|Ef5zgu(vqbtUNS7<+p0-%NY^|m+qp}<A$%)o@n1{y2waHS<
z8Q@6O!Oj9Ts!m<RkFnRZdx;B=eO`B*#b$M0z&Tl-FrLamyCC*b97mzKT4(-y2mw8O
zZZ_fJv_!4E@TW8<rGh4btBUD`;$bCN<JGuLp6~RIkny6u)8drG`P%wdgRBoxW@eWh
zdaZu?M)@<fJLkJuYv|>{olHIk!N3Q*c_G9eDx!MD(LU&=DbKQVH;1fUWiQ}S=yU_G
ziPgDjv}VH~#vZ-n3v&E44NTjj5#R0$r<oesv#$xA(y=)tkz7)xsPrb_C|X0jOfFD|
zpMGBPdG~OY>kA<U-3AZUU97qkC-+8fTLBv@e_$TfB{L@p3#^}qxDRU!>|Kg4a}V`@
zbleCdYOY)fnSNl!*elzfhwJBe2QwmjSQ;m5ls{nVRN(k>TyV{T+eA6zi?T&N(vwyB
zewqn;SnOIj5Cq6Oo{K4rPCoGZ7__IjSJgUi*4+I9{jHev1<gHDs4!1azfrT8`C6!n
z{`2@t*}bY2)q^3UWRNBeIW<YaBwzeZ?X1i?!QuT{TEN@4uV2CM&afz?AF3J@YlExq
znQ8D>`ELSPRJ*1W^gt2e&ixwK0=Ao3-EC6Gf#NRvZ%?XR-z^nF&l>L7(!e++(N>kh
zIoW9afT2%Un3NxPNTdS+10w?QpMpcP)kKdN9TGEAjhr^jtDfuE$&ZUZ7v*D}=Vw4Q
zCAf4Pnk46H+R^6Z=8FV8+4MrsB)EVd2+-Ukzdu<W0-0PsjxUoEDm;Ft+xo~f_EWVQ
z|GP0Do2a{f*6S+lWBwSJTQ6Peq?`g8<>NY+znTEAaeZn~$~{3yXMapW(1;!zjUC;g
zZ}ptE3Xix1CQ$)}16HQ1$hx|f8VC_#U4lm@4`&tD2U`=j5_h?A2$5=9psCc96edU1
zYR4i5&VBFBnhUwtRdeaaNn?TYYPYSsSlcCp*1{l-cUg-n?&&-1#$TTv`^S{y!x4*=
zpMeAT4+-~O>E~?|H~J679j{h6Z6+L}1D&r1@jZ>n9SrVO|0q(o-&*Ta_L``1%8!rV
z_XrNXDAqGH<P0^cQKnpMz3_Atv<#r<*hhSTf7Y|@+Ao#QcazGJjYTCe&}I_rAEw6P
z{hi}ZWz?=rGj9Ne*B}Bi%o-=ZZfIOA0{W__OB)I0)#KcEAxbJlclT9;Wuot6r4cAp
zW(zuI`A^4Kc*+$dC9h7%Ab4Gl(g!q$r1vVO2uB^LUV}0j$o`>>TSOdeIT~Kl4_Hqj
zEE~XB^V(nBQa;(f@0_eT&n@Zcvbo`S%bqpqlop0+6Pf;|!TIun=kDExS#mSOwzf9j
z)sBX&r{_n3M1cj3ckZT{cHry#=j;Ca+9v^kIJ*~TbuXs3{$8!tIDxAxDqcSDdIo*{
zozq@;K2QXxF}*3}=p2y3d)uoph&+HoaDILiGmF=9h(Y#XT3t)N_dmv^Z`$bBIVkUR
zl=ucB^zzqsnGZU1`@0sZ{x_TelI!x!o-xiAH$Tx4vs2IIMBmb{`W)qn_i<V4z{AnG
zL5Ul^zPZVK^IQE%_}#~*EAL(*GM?5PuwOf%QM?i$gUoa~3LVfW|NAyHAp*VbrbxT@
zmE$abqwOyd;sns$L^YRPLN)A+W}Lh-$CM@;WNPK;d=PYWFTp1D->(JV$4jdZ<QGG{
zR%~cliAbL<2&6GG^-WGr=C@6jzx|XT4X13yGvka@t2H86OKm4P+9(;!DbKk)75Pn(
z`7gNUU-KfU0l(<I?;Ywk_m6K&MAZE1iy9l%@AfMUgme#Pgxv_S<rg)b)8i67a*=8$
zzfHDkx}p&EPD5Qi?Hj1m5GMJhXaHxWA)Wie_BJGfi~Cr4XVRk8hvoHIouT$WstFtC
zZ``-b2>Zxjk~-I#&V@5ckoLKvAUEwE(dEDysTt^lQE5ZohfAD4J1$jGkjg?158$0B
z;>GfU-DTvY{?_e3tL%b!uW{ou-Rx3iGwGTH6-={{Xj|#8O({xV(UY-dw2gNT7ibM;
zeAYC;q6Xz`a<jjYAt)h@Gc{SM?kwqdCc1W`^>uDM)nG{R-`C84E=>QE`1PLirqpj*
z`dQ%PNQx~eRMJXp`h5dIx3C>S=0<*f`)f7Op8!xM769@YpET$E&n5r+-O>vz{w?;y
z^cneIX^4Nevd@Gass%Uxbb`Ols6VU9e!h6cVU>P~oA2HEzY#=emBZFp3K}SF{IpfS
zxrP7T{{PFTf95lyopon@KVFpCs`pQA&mx6jySY~r7Ou5FGbIm}-u;1aH<0{%``_d5
zghx<$fh2A7y7T*EfNqHDERkxX`fb^j(Kk))|MS%N$(9Tp2Iq@@Hanph)Iw;xA;WRw
zZV?y@(%Lz`Ciu@U|Mo8E9d?S~l2`w8YW*zC#C{h%iv|A6!4ElpGduol2Om2_Dc<(}
z!y)|Z-`8%~Vzs2}PC{${&y@T}J5RCa_Gw5yB>3}UzrJ95zdSWdGlui;;rT~9xep}I
zG_HlP|9*K$=AK}C_rII}$C&@?<Nu!g|Bt8r5_T&<`I|){X+V&a{6pVXwfsP>MZJ;}
ze``R#UupO3+|Ha(cp#OcSX^gLMxXR(>P$l-L80OUudvm5>ii9^ylZ3u;3!T3wO=ad
zgKv^OT|Bin-F8TAajYOj%ro(z>la|Y9=DyEQd)3hIcZM!OA-ro&5RTnT>Qz@W_8;1
zcBkq|QoHVGa??3RVq^;&?W9m#hCgOG2pjN4@?298nych(z1XG6#q%8Yi#A=m1?!Tg
z{=TB~*M{_!p4e|$Mdu0yo<y3Hu^BZlga$nA$m;-|T^Bb?cUO93oSmwwt}}gkB6Fje
z|BWC)>YA11##VH4hHOtgfy1_?zgC1uW^;|7*6bI>j@y-|b{&o5Y`+fMQbLgOP}=e^
zg43m#J>+EP+;6|~g`;DCsRX|NUg)Uf5Vh6Sy-OW25A{H`-1SJ7_U)<2VkM)$8PY#J
zXwZw?sce+64Hh!*ABcs!F-rGTSGxc{`-tP_0d-DxdpfrLsNV5_`OEBdhioLC#0qJW
zkHaH~EfARcr83wviR{z)Pdj)vd5+ZspiHSccRX8l6uW%ehYAH)oR2%(2P5#sA<s|U
zkiX3Hzb)pzWN?2Gvl@MDnTs*=Nx4#b8YixaKe}OWZs!HwsJkD~*LrxFtLSJVqu_#9
zeCnpJQ(BRHmHG=$)5Qv9O3vP=l?$8T(@dSj&l_N<V6D6*v6y$CJ{2+YsLaHBAET9n
z+hzUFYhs;4GwEHR5!Y?BMja)otK&tcg;>tzE7n?5JHwZ5zFU=VNYMZXx{(d2uuVx0
zO|h;b8L6w4%WOF;6`WSPt!(oobKFvF-v5na@{p=Yth~PPR9D`#sM|9r1kdZoAJo5@
z-%dLCMRUk>T68KOvh)i%p2aoyoyvw(ES7`(qWog}aIq{58Lv7uymuYRtv+l2;2JjS
zzAFm*jh@5g?IN5`!fW`n^&jgdSlL)a^NzUb_=z31tol5!d@A<8G|ofM#y;G%E5ki*
zUX>Oe{}kw?;CY%NmI|z6c6GEoDJF$^2S(S2Xws07%~h#|Q4%&R)vi{`tqR0?6;8LV
zJPX|IpYJJrr7LJx_XZZn%JRK`zC{AQe~{R9lR;^`UM1VKWq!UQ8CsvUTvYaBjk*Kf
zSaNukI5sn%HNPsYh2QP(I{7&WBBjhI?JabR*b=b_46Ofh);cZyK?c64I``Q^eJ(BL
zQ}CP54g77Kj3K5*VZ6i)?37#)CNeATTlXmFNMHh=mEKY;J{*gBJ<){qq{7VkFMgRj
zlDQ5yj-@HyIfWFLV}$v<-MT(}vK#z5UIof0ZfXmcA~BOWZzFlEsx;TDX*i0R8!nIC
zzi^%T5ys9D<;UTlRzpcU%Q4fi9xX`ez%FnruzYhW;9<ck!pmp2(NF_XVO*}-Q@r6X
z>ltWuLA;^qU(FK;xx4iolyC(aw^W)7_||r`D}lF#&=QFBwX$`Y5;)BEaJS2$MS6sw
z{MWjC7ZmPUI^@m3ifLp9Ji<n(9CV-i9;W1-81%;Ic`ByyI=?QGs%>VP%6}55HY<|Y
zz~*sU_i4C)Kb#9P0<lXg3rwJrYDZ^om>$b9{JLWQz-~*(El@UuFt=!;>eA&xqS^sx
zkEbE?tnViekyx%4<=XksEcZIY1v|1L+y=i&OQFtS5$ri-##_HzvzKKo<jUQ4(F2>&
zfDS{y<IKcAES9MDc3OEJGF_UVH9YhEfTd$$!Dl|f<g5hGqxsH^I(9iH)LEaV1)G(`
zfFtT+_KdQhdF^ql`OjE2fD}ge4#HQnumq;v3vxwZeAbnX7^2&FD;ks#gv6MzME>qD
zCP^^<J%lExAPhBNX`!y2lBy}g=vMw7X5`QAdsltD;b>fTN|83BZFtYm72u`srA?qy
zaqp{soDEr9Qg+$q7git1tS+Uy9(&^IOz^jX=2Edq(gk(xsvhwD%ID>xKDN(~w)D)j
zFg`C>^Vn+ZSuFa=gx1GYmgkwRc2Z&#@icN@lP`}%j{FF-K}_*H@v*cxgp2I7sL5K_
zaqMh9xw;x<gI5pFC9hW+;!gYJ8hYE%{@ZZ<$Bw<dTdDKjHqbEe;x+Vwv4+wd#gR>&
zBs#Qpvq1GzWZd(n^JT_c>!@R;v^c(fCYu^9XTfQ%MK8dMHyvfZb$1l$NXR(NH!_L*
zBO<zt8!YC=B^F-mJi4v=KqLEVzB9l;_(oa^dV6?h@d~tTGsnJr+fgxV%(-jFx?|&y
z4BxR0*yr)m$&3X5Eva#j^!}^KgK#djiYfS=WjA+YHnojW{-ZKy*AC4)%25hCBqZzr
zi(H8+MCKGzfx^Lz*j#}4sk*PH-~vCAF#x)0AAizJL2QQbGClm5^J$E;mNCRvz%MJQ
zO^sCofQGg#?3!JRua=ug#jeSVgnWZv*QBIQd!g~we$wmc)xjN8^2+BmxzoA|`IP-g
zF$M*?MYf5I8K+_(RU0$n>U=Ab%+x+dm13l1JkOO^n3FcK_S0L#L(@V4)w%p7E3E;4
zU^cmLc~k~ayrsqubJP7O#y{u0?I?Pf2xt`(eX*vfi=Hb~ruJ|nyiFu1jm;cA#{Ehg
zuuBUQ;Cnvr;n6IW*)>_VLFelz_d5Hi@l*3oK2dm+XFx^?rYOHKx=GyXbS>phr1SJO
zP0jq0wear@`Qx+G+yp(yI3hwk%+hr5aDcnJE@Vqj@jTjvD2MXm!wmUKF8$BBK<{kx
zn^SDwl0R3|kJEAbzWjJf;Dq&K)fB|EN0Hu~3ZiCTjppsL0H#CZ4me^5D<i@3k3TA9
z@C%i^plZJ<ub`CwB0T&mHU-5(CxO{06{yl0z=NbT4EmuQ2IAu&mU$fuW!0Id*o^)y
zb`5!~0ofs>6(8xVBZ#HjvFl30=}eKCKWB~PzqA8<URGtp=8A6;r0m^C`RQs(vr2u=
z!S2_gWbA{#aVT|U&ty(2rg<?ZABtND=sNuB?B-Fk%mLZ}Lo!xqdDMMROx@7j$g#Yf
zTR{E7FrTBv!Y#>#MD)@dn=SYviSluz=ABV&!KdeaQ$hy8i-+)!dS@kZ6?A*sZf1}-
zbUrZQ2V+|q&_k)Q?zTe}=o7&7Mf-6-#^GceR>&@U2>Pnbo|Dbpb5^yVeIHbt-0*r<
z`kDZP6G?>WuSQQ2hF3H}@-qMMe&?afxY!nSh_$*q%FA#2TNhYQDEgi*!IYl7ku{8B
z8Pph{fsihZX$Dj}hWZgq_|T-j?C9~d657a_wgSsRjDVS?^H=I*Q#D}Yne~$+fH!zf
zoy4vlUg8bfRP&u#pP^5oumk}`eDeU7(XlU^y9r96x+U<%w2WH5!x+4dy@=?T+i@O2
z{PsB`-L>BD@}C%SC196D<P9akUppS8lgo3}Vc{A@?54`Z!Zu2=zH@HA{4VMpz5*U9
zDLzu9T*0B8Lqr)^8)|gf(@=Bg`^?mmq5nHxXpWmlv*8iSo*qy@r4<(O6*?ZM+XD$0
zExJzKf4Y@<GeygugZ=5wv!$W^S?LEi{;dU|;MSu|Njp5;H!viU;p!yoVVI*=YEufA
zhwXjsTQ*W;dxj8Tqm)RzgncMpq~1OcJ%tCD`K9U!OUr(^X<K3!euR94-2wlCjs0o&
zimHNu5T+*^(6w5<mI0v2<d3i@y4Wa$k4AK6xq-C7LVV2_S-!Brc-brz$KEt|k`gq4
zv*`x?!)gh+8&xXq?wyVyy8#!^61WCs6&arQuT-=)TDR2+x!A<7@hG1;n>@knu-6mG
zeA1^gx49_D-!h^XVS_tfcC+HQ%{~h7v*<k~419X<>C>sZol0r6<*x5iqwY2MseYX_
z%RhG7e|~i0#x+e;?XfB6u8ShP<g!F~`1j>`=rEhd0;}1k_QOIl1+wB~NM?9?v!L2J
zVvO0Y9LsrZ^?McDsuZvSAv2%YG-2;uBCD#Yk50)798J1U&w{aO8NZADuPQ?wD-^hF
z<BMAo`^C|h<^;Y50H6y$Rxi|UaJT3;s<9I_l1H3kdIY71N?^W=$ER5%9b_K+JLF?=
zEhCzMis6}@hi9)XntMWM#!LRtxoUJT3_Nx$u3j|LDltnOAyAs@E1Atw6CQC4M2_~Q
z3vf5c1H3SeM09hnWIlv7SW}RbPLC;<FJ_5)sm8eX{E=TUKR^)PB;vgX>-#Gpv)F^B
zpCdpnowx%YpwBF1vX>m_N?9jZci^ti@(8Q(QMvIT)1M&EKZbJY8V+-{Yu9DB()HqF
z$HvQZT%|%z64eJ@a8M8FXHa>@rkhGfS@nF2eZISKvWhbx;~w!OVD-_5EWh#MupCA2
z{rh&s!iw25bw6;i)fkB07Kx0sY0hbGT?507jRak-TU!kGNXWPXj_;owKY8JK^?C?R
z2vl6yZz*d=hiJ7eoGhUB910)U1%IKzu@_&uNh$rS4peX?``s}i)$P&3&V6#01|uI7
zcLV&X`qM=BHrH`9PspRgGKscn)khL-&u#pNX4e$qOxFXukTv2f>?8ND!)j4Z?yIAb
z#FAtZL&-l%*lb+U$Do<9gGG{9hYUe|mJ?P=7LmLf&e7zOi6@_^!fa{FUs@<xXTAX^
z6zpn?+tu1rMatkdRg_<8SjV$_{!~t5lliF^`1gH}<kDw6a)-;qqKTQwY)7~HqaYxV
zf8%MgAY+Wf+4Et}QkgIkv6XzE=$ODO|4(jT;-2=+H>x~r$*GY)0jFhgB36?-GxIy*
z(zIE?r!}AwA~}T7+3{|8Y$OAijKL^-_d=$jSt`9J-;n-ID{KZy>Lvt_fIs0(mGC!S
z!T#)?j4$F&VdA0V(T~>6$6w;l*RmXfrW+?v>&Zol1AgA|+<L$EIX4A|lhah}Vx|?h
z`hkI)n}QVztM1)6P*`Q(*CsUZ-E&@~6mHtq41>MLwTnAV)@l>othGdsX$gvm>Ew}3
zMkLdooA{Y-6X~o5hKc)V)w*|;3UAkcZA&>2yf9f#9eO{u4&j152w|S&sD;Xy57HzO
zWq#}Lp)PTL4k(7$E&FZ4^zfUG`786FJS@PnGFHwy&<1Pj{V#9nexiM5Z!>;#dR_^|
z?R`+eYaKasfnbjJb5w4fzJ<Q(;#>Hqv;_WYaR7AhQD$Q3byR$loZ32xTo|c?#SMup
zat@8VRPEw?zKN<g>Ydh$%+EVOUs&tpo>O77g$YfElU953>2@OH?IFb;bD1|KuGFLW
zLI)LqzMFPk9Jk$CD8DCUl(bfR>Q}1wi61OJ@@~`+Ej=Wzy&;8bGPDvcFWxK`*;8nr
z`mM#3qwdT|$ta^zVC<;nSWRZIH(8L~&TTj%a4&_(KTpbHQB+kR{NnC@d8~{L*{|`Z
zWP5Rt^4AY*T6z4?=h;efbxsxgOGEGQGZkOlJD&geY_1F{MyAW2={cLUrS{BnTCJ~-
z1+@awC>=mbhure;zZ^<X@_tDNcxJo9xRz7(o+>8gWoeg0>y+<iw;W4sPuDBHsiNcN
zl@5`qL3uqO^91spghka+;ZY=SBn87h#dFu?tRW(k@i<?Z{vL?Ss6r<6>aq7L$PnP$
z6+i0>Be$nVJ;WOo(<%-j^!&@{Kj87)jFF8Sfv39i(g=DLtz!30)T+<vM?709IwtdM
zzDet(Q)f_B&zQ{OqCji<J)=oDKCu=0cr<})eV0c5VvV+6oB~>6BbnQ+K3YCZx7Q-o
zJ8xRCk|^}#AU=##=E?E)5@_@+(v@{8yKnfywC|EyC{S*2VS3X;^BcA-D*M5e?&7!F
z*k3aT(*(4GGl3K0ppsQRQq`VQr;lkit3A>veim8XD{Vf{y`&}$ezi;2uYHlgIqnq>
zc=Qp45C|-kf3mAN_m0N2%^AVv&%*S!O0MIKIND1=_m<DbbgWtdx=367`@{mbiFOop
zudLZ3PSk4ZB)X-ZhDSHKGkkdp>QAa$rfVJ(PVh2so+A&~&?&P%X+J*B%%ntxvuK14
zh`NkaMXkyVHtn_~?W*z_L0pjUl1l+1aSSMb_*&uY0PpLmQb_|0$7jP^3ah_HAMK26
z5A^u9ptLx^K%2e!9*R|q?VNF|<J8@rlIgt(!HqX?b4UtQb!;X#Yn|YwQ)*Nf7qWiB
z^8{<7KiHfaZtj#to)6tx{u123ukyGs05YqyGpWtiIB;d5c2WApI6txA#zXYpfl*Y8
z+_Kw1PDGAYag>GLiGG5;zfAf|cQZ|(O7Yg?*_o{JB*Zhg{dWKP!7x__<)&`Zu;5-t
z)Y`Mm7@;B~Ea(9Rah3n(<Sv<O$-Z;GB{(g$Eme-dxfVBsao|x4?SzESN(SzMtEKY7
z=gJHLfqEnPvB$gbG&0#WSosg{0Uz9mINi)dB%K~5N<Yb7&z!}J$!y-}xCQmAb?dXV
zp)St9^<tke(7N}r+<OO3U0#*`J8^=X>zav9a%D{dt*)89(~Wv7E3>k-s)mQQi^|4@
z;iV~Jl~{qO2&70Pg@Dz^Xm~c?Rs5TB`|`5#B42PDpYhCLR5pZ`^=S%abID}ES?S%e
zqb5f^K#qtQAX|0ypbAA#bMV%x>LB4On5xjBR)DQ2-;u-$J#-kd0X9TEaac@=O<^DI
zRSCGQcVtNiq&;{I*#n@=#S&U?<A^6GS7YipUxw|uIiGzrVZ5vZJen_lrSq$)ZkJg)
z{P^t0o6SuIE>TBa`YpsF4<D<jB>v`%*TnkQrf=_7nUz!S`D&E%bLfVIL9MTkH`6AH
z0Fsl*bDo|dY&vfAhqxSk)!~rp=*X7X7|1TbeF1Ge^Wt!iY|o9;<N)LWn_K;FDZ~45
zlbLFj%wZ#2?uE)Zq6ThluN)g$ZR>;|JS%F_q**e;EE4V==yT@dK@2&yGQ9t}0dbna
z*QZ~e8aO%RalRp{+g@kzP}B$i4mQR4i_84!LHA!_6Nfoo8u!S41w(&ED_+6atPoe@
zN5yNuZ$MN9n>b`Pr0D+e>+=7ZUNFSwWhMzYAF2J*U;oQ}EB`z|HC!u%`xo^0FBp{y
zn-)U8i|i%;ZSN)9$*=)|&x(c#R-)%0!PTE1mvFJ*GI;3`5AOeN{~rO<|DOK;CjbA|
z{{J_okC<x2KRas#+4f?kXWNKNT>^UOzZxB~3Pe|zU5v>y+Ah9REnRyU6x4z>UoeV1
z(O-@8Qhku2W5tT;^GWr2S<eO4VHABdzwP+DIRjO!siwukQ^Ij^!M_^iiMpWK@|)${
zv-f3<aEoPGmZ5i_M*V@~{%A>$xqRgRun+#rm`Y~joi*&Z>owTne&YEd^RCdnKwj!L
z-v=x<6Z*DL`B%f5%No3ND~CaA(t8N29ma@-J&>eLZ?T8F{PU-rY}ddGmDhuHcdgRh
z)15E1CF;C|cACCD_CCi<rV_l9AOEbO{mLmfKbOr2X^~<;_~oY3WWRjG8**9^gD<?a
zwtO5o?_cWHC3P>!k0)W7IoQ;OR?|&vq540)P5bp5{io5?Y0Y}`eoOry${C1Bu%+Pd
zw;CiGG-+oBW5MS#v3a1_jFzhT9?RUe?1h|DzbQ>601pK*enTuZx3c~GaYobGIQ`dd
zbCr{RK}$#?QeuF5tMuYikKyb4Zr5LE%YC?kQ$eu*gJY`v>2FX9{U_JP?@!4GUhbh$
zqXWcPz?H$5LP5hkT3LR^z}#qIPa6pFuH-){$+_s}QP^=mO*2VM!q%o-zer{PpS17L
zc_=w!&lan=U3oD{!Px&BZ%6oGNo{4i7+uQ^n##U@0rQY@bsrs8*x>3tA4t>Ub3Nw*
z#<YE{ieZt(0{bufRn^>I+|FupdJ(J1x{9rJ(JDkxRy?DKjE0LX4bkXYf8f=T_^wme
zq26{D)}XZrVShLqGFdm&%*+rxpo%?)z`}bb{nrz=^qX;#myc3gM}?-zg(zkR!F8)y
z7=>BWj}z#oRmmCaO9Pxv1H&%=>+&b%&32}t-ebusN8?tW^?Q_hZdb}jbYt(k3!)M3
z$xYgudOn0gJf8am)D)r7L~XG6)Vr_+zX&cYS0>|+Oyb6kS1iAI(7ZQf-lRY5GE{mT
zK_}i;!@cf$vgAC#TleK_#O1vt^L#xskk)*&X^7|vYmRu+_&sBO_0iYJC_MMfFj-G-
zi(>wbAP@jA=B{KeD>i)A%<uSnj<uZz_e~%KeM#m)ysMH`I3$Q}yZpRk${oRo`_LDj
z>N|wiD8^?PVQ#C^mN~tovJ2p#_^_0@*PK`G9-f^z8!@91HQrDqpAVqCM@mjfI;v|I
zK-6mbxWYm>2FhL7oU((PmEtJ?!hgYh77|kDIJewfx$(wMuoq93uqW##^|Zx|%{qlA
z^ZZ0-z;?j9b<F$EuBK;`E)OV6@7Vi1V)Nf02<`EpChE8V8S=4zcYEM};y7+_dAeuX
z!3tKkiW*~#Vp!O`7%@J=Ts;&6&W)<E%3~`K=gF{pIIxyZc*Vs_Q@pxv<&*Kjd{%z0
zFI;Raf|DmlsSpYmY_eV%n{Q|24vZEQe>O^;UE|kKK@jp^fKk!o;3IFfF${RHuA6dx
zgtz$pRVtCyB<GI7!FXKF%5I+$PfJga?T6|-41J{~M7ueAui0MVtgiNKAK@K(nfDk3
zR?!2La>gE&Gw09;Y9-agHzgpR>-J=A&sI@6>9%EfTi|~aenC;`x0d@5HY)_^TqoO0
z7qNk=ba3~`X;i}vb9uDY+|Ryll*wZ^y$4IF<sC)j6W5@RS@O4Xyig(pHHtk(pnyyG
z<hxw_*3yB&hAvE=n&K;K<2p=_yiz>YY|vnRq5v)at@X<sB}G`d(@UY!zjiKXb3UGk
znHO6<=`I|eu777cfX_jOLx(V1NPTo8yJcm>mi3tsy(gduG6*4ZAe?sni|iou*y_oD
z!qn8%AbG}6R)aebfeN?tDH)}F<J*vn`zdV^T**zQQT;v*E(;mNW>Z=pnW+>V^!(MQ
z)}6&Kzxw89B&D{5+!Lu7W$qaj-cX;b%nqtKtoUAfrN7d`@T9=V)p+CMiLMo4QxYPl
zsfLM;pVl>Nk`YpYn?&Ee-b#El%V8HR)1#?;alFy=zM{^OTJ7PfqTCdO->vVBU4Zv!
z!<=9QLn!THQ8Aaq;$^`DxQ^=2B^NY+iD`yrX{ETZae5UrF3l+(tje0anYdyc->o+-
z7Gbb@|8tHE{~u09*z%^A{Z0@bOE?LC%fr5|zU03+86lZJIT;nPR{X+085vYzZ@B+!
z9dFCEpTZ~BDrV)G%e9iQ=yYzzLPG)G56;`t@9t8V$MoFyQ3*$MV3-4vErhn_ndSnr
z@?YB695l6J>>>V26~#-Po>~~AhA(e3b@ynW#z3=g+Nwhx3@N(0q?^J{0~$>idDMD$
zb{Obnl!o<rRP>efkF*E}0V4MI80NU0)J1{~PsLp{He{)BLw9il(ANFXJ<K+V{i5mI
zWe&{Q%4DO0p}`T2o-11|T;F7KDfq$!@U`!@BXZXBX2HtYEd7*W9{m#I;^)$RComx3
zf_BF22E53^(cW@6XZRNJrQgW3V9#kpQQ`TPt6)^X5sljF;NBb9vkWVKXd>T#C6x4E
z;%Ldp+?f2@T`bRgLa+;Qmk!M5?G~M)n!F#u7R~$mqy1dfaW_S@S|E45*Ky1ISm$fO
z)#mPul|ow?I~L6;qutGXLVPl2cV7mR`HTifeUs+(1O53{Agj@~<}HI3D~EBD>*v!^
z!S82pAN#Sp&*q-IG>LSS{my$+14))+@ROxN?l6ZWj)A8?2zWwp;Tlp%WPzAzTQR~8
zjx>D5?nt)g*0B#zGEDCM@a@K*cP{<ZwaU=*1pZ{<jp->Xmqf*QGCAEqfB#@2@Q~#m
zDk_n|>d<traNu|a7&pi@?($|JzQ<qVzo{=yzoEV)AvX$}ZRRHW8Ql!FU1tAcO#T_7
zU|Et$1S_lxa1jeFE7cM<QRf{<*ZO+2#<hng<#lfuLJbW|wD?o%jC>aS9=q9uG~N_=
z?e{FzZdtW(_1JFlvcuAsLD1gkK~fH8z!K*ItGsbs9$4JgT7}ZN9G$JT^j)eB0`Olx
zE<9>pZaaX$4IvKECi#{7@TtY@ZI7^3vBeA5rk)rIAmjn%sBOo~Z@R3ens$ah+u9D!
zD#gpT0ybrMBLW02E-ws_EF9wAD-$dSb5i=dWs^5U^(mOJhEQ;+5sk|VQcPp-Htf>c
z2M~lgdU^G|;NCidxF?FE!rTdP{7p87I!r%&m1s05v>x}&6n^kr^v%_e1<bO6&GiCD
z?wHyiOF$~&Tf(Ae170!8w;$wUAB9GImz<@=L?TP9tgw(xzj&1+puf|N<u)7o`K5sG
z+m~*1i<|Vbu4e?>qICtu=&0ekuk?N-rQ`|}Zp<gU7v{@2<6vT@cJSi&403)%T^m2d
zs;D2X24Ut(hpR&F)c!nz=&vYbX%HvBFdzW2%cbT5z{#eQ%9HTla%j1$H?yovqrAYO
zE9!+v1QM2b`TeN2;7J?hUAzwvz0%q)4F^zkgjSDfFlGt}AR2Aeo;srR;<pMr%dq&D
z_~@tu<^usxRK#MR`+#z1<5miIWZ@oNJvG2oFSFjBSf8r0eDg%*IPOKCUCI#uL}}U?
z(oupi5!PPFb$0mv_*VUFxwXyVSKe5ZQG>unPJdu2RMZ#Vqs-CoGLL)4u<LmBW9F+$
zH65}3G0Ol<zyhjO6G1rYbZ%$da5ke%{4oJ{W!*|{szEXzQWpk26%*O3AwiJOIljo1
zXoUK8{8;pK&=>4?(6E1fHR3$0RG<s3e~k^<?QlXdi(XCa55ysD8PyNDPYWRDm8~NY
z<*Ls#a|}vr12gq*-SPdh*naJLj?V+8=`EnE-J~o`z2e`jsE80^Lk<MMb+*iZQfOen
z_szvv6K9TD_v`;ewVaH>)g4BB)Gf1|C#-LbF$X(DW}9MhcBcdd=MEO1T3<ee#I2ft
z?pha!*JsYpvSL`Yzw;#mH={FDXEh|h%VI-VJjLW`t%{+oVH8_V4LO-C{A#@*=qOZQ
zc--SP@e#<^YDgCmL_TCyaL0G*;R$QK*K)Y$VxavwXrsQA7h|!t2LBnHA{heb<}BA_
zy9D0XRz5!!!j>F&bNTPy^QFi<-zhWz<Xja3-V2nwz6Igb$8OuAM>6F&zN4t?A3V2G
zEPcExlF35@NI!0~ks^lY%2#X3RZUS2ig}Twx%Ym#yZ_)C8d!W8`N?6*%H{0P23IRB
zqpf7mcfXo)vZ`aj@KF>)+qUviryss*D&}NMty*FidLFgw$WwAeWc^<!qy{TUNw%UE
zCsQ33EBiz^Li~*&4Z}eWT7sMsVArElsd`G?!)!mm{dk{6r0ES0#D&r3{l__U!nK)x
zfYp_w5_%G7T5)23sC|g@_Am+!7X-B-8Pv*u?D?D4Y4GLx^@A-M>PX)1K{DoPd|%<|
z5uS!yF+A60b>oexciQV!-oP(d&sP%nI?Sn{dl{nUZS)1?yOs9vXti#j#lt?^?Y(Bv
zSSveXoJKI+Y`DS0T5z}RtT(qizpJOd;=*I?+A5_d#U(^seS7HJ+Bh}uNrY!DO~Du2
zwyQq+DiSTc&DdStBiJe=OVC`?Tp2BZfwkyTkENpQ7QTEsDtUD#vJwt(oXXS~$RP+T
z_w~|gdwv5>c>@ig|Dj$bGH{pa!W(91Aoz+AxkWivQv5dHuzdr;>%y*3&bBICceo~P
ztWoVk8hjI5-k{5{U-E~uR1i)Whbf1_PhfL29bHA9ajT)Wg|J(-e;=v8EH}XOR>`_@
zM=9LUv-PzV>lVZO*j~XO-UJa_uID<wJg1hHK-SUh(<y5`>pBwdDmoE&>xV52FRDyY
z79O+$HuIK8yTqnk=XP2f;^K^BGubSRAv)>4r&e_00oBt>c{Z~GC2IDmnR9ijUJV+W
zZii9JgYQd37i%5CCZtV5O+Aqn<WY{S6aSCsa_Fk!19uh{@=M_??=#~nFO@sIq#%W!
zq8}fB)RO>guX1%d6utiomwcPw-qg6vrKw{4-AoxWC)lt4z;|#~`MY$ceY#**HH8hl
zx4!ECV(+cu;`)-d(S(FRAV7i!CkZZ%yC%33G<a}_ppAD(0t9!rAdNNd)<AG~Z7fLR
z?%t;}^UlowoynZ<yE%8~t}piP-&(axR#iRqtVf<n7sQ_y)k7%6alO#rrPEsMW3(GL
z27L|0vbQm)Txp7T>GDlww>HW+x@)TMI0NpIyN0MYq~liO<&XYQS7e?XXlWv{@0VfV
zy%U(dZjH`4&o#tr*J-(&vI8=w!OUWeC}&0;N)&H5*^5=;JkFEva^um?6)s)s`~kbk
zI|B1=3ym=jh~DQ(EUq?275g*5b-$-68_-XAR|%ZrU-hS&eA15CjZZ*=o=Jg*@TJOl
zCdln%Uj7Hxs_4Fur;Q_iCgCdP*W}Y9Kbo=%9yJ~pQ+hj|wn(w&vw5@L-HyhF>5J|z
z$c^v7ljiW~?6@@Yd$jAO90wab&0)?)xhUSq>4t>gZCVAm(p#S>cf)|Iv<?tCBZWS@
z(WZ{`q06q#mUv0R{o865oo0uQ?-N2M25^GAmb>|Di8j%MFyEfBww~#+Kz^H_HNr>v
zrc3d>iy!Jnjowfg?GdfaUJ9nC^OPivu)Ur6CzSBjjj7qa@2fFK1DY$tyusv}yKi>`
zH3;gQ7Q<QQ{j`E!{ka|>Y_izHX=085c}4Ei|Ai&2t>wvQov-?IzQ!V5%#U3#MUJ<w
zK!&^hKqF>HHM)giFRgcupz#Ja;%s)=kzlyF6bJf626#mLucQ1KYuQcgR<mh&UK5UD
zgdgs=jdWiat`~Pi>jCU-z4$${lQ~mJp<ZA{BWG1#m#$IMk+W@$ZDD6zx-wfS$=~_T
z%m3^pHn&asdtMaogC&(pHj`fVag1@$pnD&gS9R4(#9E>xB3)S38$(<2JYDUJOIYk6
zma;r2GXurQs;B&;_0p&pVW=jTlYphO_W35YFFZ1glna#(Fh9jk;|Jw-cLuKtq$3o2
zDA4r>Uot(aUSWJS{w@<qXK@nzD(<Rwp{0~3wHkC)pp#gM@`yQaPq%F9sqf~(GI4f%
zI?viB9m{>e#RSC{(CGyCi5H76XbNT+b~QC-%y>T~tr|`7-Q`kpCigiS^5B6SlhTj{
z*LX;3gLGDX^aqunRq<@+VdFn`zMM>k#NvwEuOHf!4JvQRX=BDy7RsI3onZUK3vl^l
zT$w+gQ_Ic%4XM;xZ|T-kYb;KP)p4U47Tq5zX~Pj@maH`=q}Br!!+Q=jK&B@nv68gU
zJ(^?B`BV5s%w~RAY=j*c`8Xxe)~V7*2Gdh#tubkbxJ3~2IM=>oNGZy`(V}}MQg5wa
zp|3Epx1(C+bz7D+7HfAMiS3P%J1ld5UOrKuyP+<3Mg6Zh`#c}hPe}(+mn&C$9uk&O
z`rU!){@B<%4l!Ku96)un{@gitS6-r2x3TmCR54zyR<_$Qolm1d5f;eh;1Kv8bj#&n
ztYtG&YJWrYEr5W{f1yu#pRJS)D`e7uo`t8Q46J1mciqs_;&0dyCq@84q&Wwg%~q(3
zrGIaBFoydaKV#Q7(D6RLFl<)l0Vvl9YTae#dK6J5PDzXMpA>_T!J^z^gH*8U>F5*m
z<Q=JIcl|RKchFPCrFzIs1Lt7vv^OJbNjOQJ$)K1=xT22h!UT7QQk+GB@vcr}hI-&q
zrTw7rF`0?LWzCBi2hvxmOaj`fIpd@i6Zd{P2(hq*W8J`DQ{=d+8Zs$Xvcgw>2|A@u
zFE`&e<Y8*B`@9sXK^!+yjqL`iUZ9(UCF~Sr+t6Ywidt$l*YgOeswHWCQn+r6{~N$m
zYulK-Fbl2YYPY9|>#WxKBD12qG|snqC&G3!s$#;PzPP=;WGt<Zxn@6}mGJVkxID^l
z>uG#kWy3qlMjf|6{wbKhb4F_UTvJdqIF^yE#4KjKLCvEEiXP^hc<y^prDLb!^*6Zb
zW1F1C5wIM2rj<?>lZYL8+^d_72m@{4UB&(Au|G7x+u&b@i$0-5^$|WFw5P8<?pU+=
zxggJc)GY)s_{h>zU$wH&Ze^_B(}SOM!@mjP?Qx*%)oDh%vTnDqc)i{>&=^LVGu2K-
zA|V#cn!zh_wS8N^x}HS7!)DzuMm-2Lq7bFQ8DJ#fT8~Q?Xu4><hqkPH1AnzJg@ozz
zvFPpv9mZ<eyR)AWsnt_rlkGaUo|5Jt%-HYkZ^7W<DX__DaDkg8{wG5!sxq_B@CerZ
z>D(tM=rhQ6SoL!Ld8;{Ap^w$w)*J1egaMt%vsxE(m1Dj<(nL9bz`K>T^}vLg4ucz7
z1sM|en5tPw9qDd@LsJb^p3xLk=fT7a_T_ix&08aN<6%{egOm<A%u&U28g!z(<%S8^
z>o*Li7UvH4(}!F;l(3~lKJaSr>}Y`3Yp#o&!A8kEEeJQw%~)XW9tZcmRySR<LcM{*
zt$eybSscU3X0pdrUA+-g09_Z&`FHgA*Xh@IH_aY)#tl_GZo@Sh!@`pyt?ILPNP=dT
zv9E7BVdX#}b`ObR6)PfGbek}#h?3kA1GmuMk+E+&v%%iDfBjfeKh$sATQHZWE7Ux?
zp65}0<M+ZW!sUv4=i_hK=_5nXJxjfk`*Y5aae8RRL9FLy*rB1(#HJbiRwEMY^<m>t
zz3xg`!@|e!`tjs9?bkNS8ea*{<K_UHD)f4ny#uIUL5^lYQSZz;nOn}q0RxTu?UFlE
z<dIAJ+Uy5;k5&Sy9@~2C%nG)B|H-%#g)H$dG9we-G{}w`o3DFto!&%d_@zCVuTpHj
zuj^Q~z~9MdxEl$2s8~dG;GceA2r{@#Z<^l7V^#WIKI=^PLnBXm!`wxWkJd^&vuUkU
zNtc4ld|S&C&)sG6)^#jvqA&kyt5UEZfstpwSU$|T1Z+N<T|OBof1i;m+Yh>#sN>?M
z;+sD`R{@ErJ|9?~9vZb1|JrV6ktbMn#cS2Qh(ug$2rVwwd={WyU%av^yk8%5e4J6~
z<s=`_IpMOJf|n#Jw`XJ0%}h2eF2F^7`_%+Z<Yscx>JFJu!g>4n-E}tc%+<a>`b%xb
zn(3D@+W_n9hQ_j`=Qo0GL$V3*F^X&@j0wiZU`HMs&^VhBg2UuQ10SMsvC<62qWZL%
zp*#3~V#Hjr<LE}x#rwkyA}CR{`rh7F&&0=nfn>VNdiCJ)8l$BQ0!cmacQ9|}pD9!H
zTb^WJNk(2SUWL=hNKG$8Iw3TCoWne>T`R(i9Zb&8@0N3~XTP|-1QI;F3x8AT1XkIt
z7tBZle(c5UgXAr22ecv8rj>>U`F)`MuE=6lD05$-p7y+al^#NCH?fzZLOZW+cic(3
zh3}UxMT!xTSDg8a6fPU5bCYqW0mKveD<akx^eo(Q7fFcG3Q;h)bhzcJP;qxsb)*z-
z$7wj+yaRVoAilEUq3|k%+LawQfs5)QidHke$o~UL3^=zgAfXVPsU16Ykztp|c&@9|
zc%ngQb3P4|Xa{R1chfy1<grM6Hyq|GqW}8aBo~aSTJ~>baDVU9`X!^Q^RTnB@Tc6R
zD5-of^5oh1>ZyCJ6Z0@Zcgj^$;2xIJvYNO@`?193(<tikRB4h8MdHC`V`xjJx=y;@
zd*TszE<mo_oE;so|LWJ=%%LgEM(J@oqN>AyNGK)MB?ftuBj%8erfaUcMgGi(aS0VP
ziJCA1(fxYm!~#*M&140@Mv25G{R*Hw-7J1rq+DWcnfe<IMxxq!2XZ2Ds!EVq>grh}
z@LFF=XLAK+nj{_=53h9KKn88zb*3|AcP)U5PhMDhf~f^Wbq_3(YdH=cQ60#FKIK)N
zo*jIryXId)Otg$g_P&q5!y~zibnRgA){vRT2D&zs8|Gm{?a6=L8im6HbHaS!*+s}Z
zAl+1+AGf4HJueu*JYO<C2nm{mADJu*avNAdCOAC);wN4{-i=olkQ}YrE#z20ci%5o
z3?vIN1KmMGE;>_o7$qdhb*tCa*@r3-i}pI#jPdcol8fG91;^7ZWYsms3UPNe<G52*
zf@*N1G|ZP?F;8r#FJ_lCC31CrrN7q=-pa5mc6>JPf~b@u9;J}p4p!F=dDr(I7AOWN
z8~Dl;7=?JumbVAcRINZ}6_sbY4f>ryQB#m)B+jmW_YlKmS`7_A<iHdQonToB3`I15
z<-h!a&k;{R`@3o6o{j8a@s<`|no`FV`mY3<$P;LrNC`Ew8`f-&l`GtBY+@GgxFUjg
zw9X8ww)5vYCezMD>ERUN2SZLmj>Z{hw0FKf_9adyYKnTwJB5?OwQ&BLb)mf97;H7e
z48E<if^mb*?7B1!ZKHD{R^{2vrl++--(12H;-*{JxeJzN{O8;#1+<K@`h!tXzRXEf
z1#x&+Su-#xBk7C(aW3*}cwwmrXOz{Z{P{I7FbNwGSMGA<_j;D$Z76|3?K<c<)p{H}
zCJruSv1a~do9cn+t=n68v(5usqHZi-Xxen0yryK1fN;bMWbnV5tb1Q%bJr&~S^l}e
ztlJ}wkn-MX^jR^SSkt(?wClV|f~B-cc+{IfN?EsTHMVYK@|sbwd7t<sdFu1IoNkfM
zAo%8TD1D&(>Q21JAj56=;mN83350n;N6;~SED^I*r_nQz#@?1e|I*9PEHjiQr1ZCI
zfWP_WPSgeG1YTI^5Z^CX@OPmJFif-j3rCK!W%%}gaO6A)%mTeqU*~^d$sr|`e@Buh
z+dnHPvDMGGsPw2xGVms)dZMe0up&oXOJ-x6(l6yXkjNX9SC@@pKiUtilK|eD{ye%(
zZQ5<h=0^jXZouoSlWQ7ECiW;&$?iL=P<AwNESy?W*v<sSg_jO}7aT$loaFO1zmJI7
z4-_CtiT|bG+(dl5n_%rU@W)hfL9k?7k5)%F4Y9BDv;F(lfvPH^Ff)oIo}Cc;wC;=D
z9|ZTcKxCD}S71kFQagYj#_Kti;;~SIjqiQnYint%ad4!#M<2m?@nMw5=5z$upWg^}
z&ou1dUhp@3hUvsq(H<~#b3L2>p3zZ%V~A*KEji=Wy6xwolN}kcMZdkKQ+PdsC2Fuo
z#c3;K_?-JXr4SWJ$;Y{;zpBAEZnv9b;n_*&W|v0**j*_1>B)VkmbAGKoZZJ>{wTt?
zZ)B9<_;43Vzh=%#Is1mEr{!|uz_94bV~U+p?aj)@FmKV;kA}0Z9x8^s;BSVTES&!O
zU4ChJXy=|8mxA_nI?n(^8+(XPoy}(OT=SF;sY6U9g5Xr-1o{CIRiu+JJvnTM95l4~
zJ!l9YF0(!r?+Tah0zwM`UQXF8`in1)(jxi0rni#KCpEFkg8Vdfn*f-p<Jyl>{ibU<
z0dFVaX2BrITEKYC(=yFjkM;epX76qowfY$+M70vDZ3eqaYY-L|<*sZP@NFvjab6Zh
z#PN)__IeA8Zb}jTrFF>VQQWI;-rLNMz<|Z+V*itij;Y|Be^?RHo<2#6IY4DWi1Mt$
z=`V}=dgd4{81Fj1d0gxfH+H!!UFV7J5sKn_sWlud=&>EIhqsZa6=PO{1nAcdX4Qxw
zuDH?8CaKMc<l9~HV?LvC-Sx8%UfElt8u0Gxq1&E?Ovbp<M-Rm-0YmZxH8f`hg0I1m
z6;=|<c<VH`JZ{xiE&f2>JzP=S09er~Fxx(AgFZ==uOx6A@5C88L=Cu}S6w9WB5)SD
zv6{9Jjo0saY0HZuZ`4@2%)q&7=sn7n7@RPTpf9RrqEeu|%CXa%X?}oYkNx~v3*$q!
zjsZV3AX(j3b(^o4J2$>ObNhnxOi;mN0<a_T=-`_QTpg3wj_(!0cUvouot%PYb99jg
z;~mO2up2~flV^~4+^b`v*9OQJ0+ssK=xL*=ara>uRrK(hE<>48gs;!zLsQmAvunXS
zG?8k@3|phpYE)#C>Yt#6I@TZOSdR6oCUIv0EU)r)yQ1GSHSjn2*b&y4NsT=@xlez%
zPP(nJ4i^clo^loSofatrZgMZM<aNBaOzDHwlEz`K?oKct?s**uSFBZcVEegMJG{I)
z9=d7U;}8rmh~Yo*KWI!^oY4(nB&>MWE1=U&R-UMf;^reCs4>`oQBx-7xV4!+vDSB5
z{+lHX?`^Gj-EI=A=VSRjZCu4g3XaXTtnOWk9Iz!t>9;reC?YSfB;djCIaydR#%P~}
zlVI~BS!VzPUVMsMy*fw=nAvE7WjF<f@=avJ>))UbcgW{6!?zA;Mvn#|9tr8i{u)=g
zi==l^UP_ypb!nTD6b5;bxkUBS(~aXBw!_bhKsI|67M>Y77?GV3y1;8`M10{mfV+?=
zxh6)VxF+291`?q(RCOhqrAoReS|Z-f6ZK+wnMDWH|8dQ!+72%rPI~O>EtYZh9UngW
zA7>xP92OXpIUK8&R&cx?Puty28*w2M$A7d4^srG1&z&^~Qq?MxtY1G7JsJCz$BLgJ
ztiin4oNJ$DN0>ADaw%8ISHIb%jn!BM9{d(NE#H2V)7XYG(6%!a7CJuiG3N5susU|V
zigzEEdR&cmzDNGB0>ry3SN?YwG?A%}`Qy0X?T?xh+{dn$cW=5i!kKxM_P)%xnJE6?
z$*+$wE9_e*OwBT0Kz&<0#)CCxost;9Z`2tZ=o}HmZe^!pqm~j*63!oB^tdxTl}u2T
z)z|A~3W0hUcUbkH4v*UgkdvR_H?X7?^Rew0MFTd<;iR^pUA?1b$8mSYJJNk$-?!rh
z^55{$7q559zirw;GzIi0*dWXo09`Bc4`%9mq~oHu+cl0a-YGS2O^7S!3b}_>tCQyr
z?dqI<VLrbGt}Re1D%cY3zAOf?Iy=i2L%yEkgnkbq67|IL@{In0WWKUM1Sr!wT<UA;
zBifh@9lQ>FfwgLp)nb1Q%>ua3vrFC<SH}xZZRd}ATIc!(Y`;J;cIPT`(|X(SLX-@i
zA|W-kqQ&|s+_*BFJnA<owR;N^PBAgfjlD(2z`dtt>>eCD#|kyLwK3T<G^-c_+QSSr
z6+=MY<=~v;*Jqz}GAeoa$FCEPTUM^MDIEzd!~E=FzI6>lXDg3JIwG8r+>UavRM9(|
z8kbvOM|R3OmR2w{Sh8<uvq;_ri7JrY?93#QhNx)c!E)6~bF2j8he=rGI<wxtEwNz&
z5$I6=i38-<%I|>$x|23LLyEZM=7y87AvcP{lgchK@NsU(C>G_$tl8uyTb6W_dg<s<
zL<?(dI6f{-5-BgE>9n(EZ!=NMINYZx+P%`{B`zKl_`>&GWAfG39cD(e@R8$DHgIJX
zQmMbRsR^V%shj9;52_VxH24Cr(05F`HH`T`%y<YRDMkMsaP;8e#p7-2$Tfq61Q#nJ
zqH>Bm+eH-ZNPs{CxKi8V|LY+SQk>rZiy@Ea|7hU-(@v4jyBkSV<a!YO_)<%)xriDx
zPC6`<>N}!S!T~5K-HV|!3oBAisc!7inMxg_OiJO>ponszU)Gd5Y?mEXMMXw)@k(9>
z$&Z*?;d1e!w{nH5Dc_vgk#&kBCPSa~lGyqhPAt7d>sqMQVY_mtjLA&XX+5x6bN-81
zt<6v7f`UFKuWo)3^og-PP{`V{Cc74#((-8lMq6qpX`Hu<7h#0*EWjVwsbhWAlHAN?
zWS6r6+{z10j$(57FtwRZfS6|?zm^K@Yxc;o{cGjmpPne4;nz-5`|-&8D|`hRUv3?f
zu<_YYHI`H+p}NW+ZM167p9u559^iqv4u2!;Ur*yPyT%VCK38{gl54rNncQ~rdB5zZ
zztmi5s+O)IO&Ut#^|an%_m_V*c*Ob$=iqFy-chx0)sg+hAU7kl<nnOHwQ_7~<Eblo
zxE7%xNT7wU^25<XLqATUp{?ELJXrM>Io`KSM9?a$LD6XG)17(R0YmSO!sbnt^$5xV
z{qpR23}NfGJ0yO^M2^sL5V2n!8@wo-Rie5xbklvd{{n9UAfV8L<Wv}?KUg&|i2#Q+
zx7fLJvNsn_6HpA@Ze`OL_RaCep7!#``Y;x0jDHpjE6CE#5S#}FM%H)gb<#P@th~XY
z36<HL{ArkdM6{t^A{dkL``R~7r~Bw+X!-D7(YH7*nSYA!Um-RfN#`>OwQ=FHK)eT9
z&qqfJGzW@zD3FQ*wo7IC$5y(t>YeijT=TRq`k&CT`r3DYuPx#o(pqaeU&p_gb8HOw
z%XA0k|Lb%IcyLt+Xtz{n)0im(iRNR!g*7O@3(*J}V0V0L8QW-fdJ;dAuP<KFzJ(W)
zi|Kd33KH$QlPtJ*%wC^A*Y9&<NG>(3_x#y6SuwR24O$YoDmZuZAp3XN{BIL*uMpEO
zbvs?FpK`ISkc_eCesOs#@4O*W@{(2UB2^^2#a2|a(=D%=9jHThQ(YAwJ@f?5Z20_3
zqbaj*K`pqsvJ@mutI&8MU}2#@02D!|!%`23AmKl|nH(}M?b7+Fzs{O6W=Mm|l*UDa
zegup_7|$zW<msNPpEk*vG0#<OM4Rq#_Td+jR$hn7DN>FOt=odV1GO#Gw1y%;zN1xq
z)Ay98VK;1V_y=-Lu>at49t-Jzo-Ca-c=e~@jwU9=W{?eG$8eIcM@XABY-YxnK{lca
zQ`4?Oy<nop#QV#0`o#=~X0^p(Wx^<zcn51bKKt!t9Lf(TqhmBFV6&WfipM{Zr`cB#
z)L0GmmV*)uoMMZ0vAT+FH0A5C!y&uZCad;AAvTnwavr@9A5p(F+7g}f*6UCjrl|vF
z&6(6!JSD)fLurBPit37*to^g=vCn4xoNo6{`9D7BY!+&!tdzDPDuHyL-fQ?!wz9&X
z(MLWCMo;`qy8qNVIB8AOdf)shO|pE%mwMBB)4Ct)ssKxXazVt$pk!T3>wR5&8fy%h
z<j<v_Em5AlVG|$n+7|%wBneUtv^t3RrZ%Q}#UIq`0TBGo_6z$N6a_$L>*a>KE{=m=
zi1WkpgBqHo4IHnN#-4VVEkpgM;KXCz>NKZ4cA!`5*{Uv&?Lxfq?JL_7ZrxCdoBKI^
zlDQDMj@OT=9y~-Bdw}x%^Mil={H%yRW5t#AD=kjr>YV(#@i>gcT~{00S0m6TeX(z5
zE^HKtL}W}J9iBN6wt1N8#?sd|6`c;C;T$Ka!kxNx&YFanlUvne&FTS!aEk?H#LbI^
z2i#y<oT0+iWw_ZjyW!Y2ZC|R8fxJO~XR$q0pkY+m40a|;$uJo^Fq-YBJUdbl8$p4*
z7UzW8Q1T*J4*+y?bk?9xO-o12QiY)vy!zjZo=F#*{LVIG(DI|}c|HaTdW)vNffVV#
zJ%rq(h7J<(%eZi7DfF08y|u}Mj;Sh`p6q|`{jXwR!JxXe4uJ*;i2s{_{`n9O6>@k4
z%LTU({XeDn_lIV(9<-I#%-G~}{!709eEn}y|M&>GVwf0RX7K;|2!DC#^Z&n)fBOLc
zzeN7SX8(^mGIQZ5_YW=rl>ZyW730<|;@W=pC(X816-)9xo{56ysfJtN>u->#6jw&f
z<papkT(^FFs_Ny5a|KhT3ArCP!-m{z`i$k4=c}|Ec|`2H@M3#4;e${|5WZ@xS7W+9
zX=AKxyjfZh0ezfn45N*&8%bD~^_<&{5=nt>_LD_TU2*kif3VOUqOxdo@#CMaiYA*M
z0)w=wi#glA8XmEg*Y?@^;!<*Xc5mUP=vLm>UuB~#kjW`nzWtJw!-5_4bgh+kK|H#<
zs)h;;6PsZG>ch#BLAE)buh{G7&ZJWDBTVDuxq^ra_YHY*z+X)8e}4YZLmdm3+UhVc
z!#=pKQ#gJR0c63}CadO-!fw^rN>Et0QM#dA+T(KE_X{<49+Ojgv)atMC`TLPT?9tU
z>9jjHYzn)bOU`BH$FWgitdEy@i}~^RVJh06EdLij=B-b|QkO!>vk1Z<&On~kK)aHh
zds&fco6T!eH^7&RHztktq`GkF)(Z7WYzZX{^|GZoS|d%|PR8bpqv^#&aZb*AGqt9>
zv->abNBzE!i?W@Gg8MS*4VzQaPp*ENvO?azM?}&D4Hoc$kHrd}nIUUV#GWtg{u&GZ
zXXCBOs1$h%YZjixAd9O{3!`bQSExRhx@jK*du&|rcJBooA#6G29nVv_c^8ixplhpp
zxsf|$rJqhx%XiNfk;Pwr8EM9X0UOyqzxx&T4uM`4z4D7qFUFcuf3$>qwy+#`eSe0y
z=1dK0G}#4hNre%G|A<P+m8is{T;Orc>;{}}7m|9x<;oq-hYT{99;t0<zdjJ9J;8bT
z%}~SRf|J8313z-(E&s%)Ge^k5N3QjJRW+xWr36;>0`k-I?cCwPy0mMy>7T_`YRYtJ
z=S-DqoE*-R*1^#X_yAWMFM&-dNmtw$0u2L3HQkDQ75AyLB9jq{yEmc55C+vB<zEb*
zl5=f+biwyg_!-9q203@N4b&tu$QEE~aI6l-!URrEF)|{j#!B0aakbsD1(Wqzmq9^t
z-uC`DoT|>w7?aj$+OBBQ7Ltm*{@J~pfhBPqJHD```dFA>VaZ{Uq1OAf!2%V@xG-G9
z^1h4kLmT*xS{3>qtbhsc*Q!qA*uJVdr%7B)_16BJ)ASoHvvS`N#U$iiDpS9lBhJD}
zVApXTcwbY3zLZ&^C0um~QTOurvOB0_dM%uy&gBge$G>fBED0JNPiAKyT&wd}G&!N~
z<7ao%{HiO8u((gMq<xTo(!>BC+=PpUD@<gBxw!wbk?%S?VG9i_90S4dIS*qE>>v);
z?w5gSB%7KATsC1y?tdxvQEMKe6PR&{>F6FM`D;K-YTzj;lryKiCQDV<B0OEd%GA=O
zs^%G^_ff?s^RvL7dN3(kacKu(wD<N+#MBZW3uBbNcd>Q~i(24S@DM$qxBU_UKv?Nn
zM_qnjAB5epMPlfm3KCE0>(Dqh$2lh5PAsGT$yreylA+=o0QB}{>1gf4=pK<`87>NU
z85&-679`di?OEGghzRl84hXc*Fv%XSQcfpFBmvnpQnZZ#lvI^oU5^ST{O76UgH>Vd
zsQeap<&ZmDz`0z_#7YLQMy#WN<$(F`7c1enrRi@pX|^QIGCGtg%3)OJa?wPgI(K`A
z#UQrMxL(lg#rSOBNqyV|p<FO^l4*Ru)*x%7Yfv$#ma=|i8}GXVVXZ+$M@a3$uEryp
z;D#FZtb+0xrrwk390*pIUGL-|l-?P%6C`+QTuLo#Ja%xeup6gjfI+h`#<)S!RvK4n
zILi13qbZVZh1P?Znt31>d-)VX4%c16M7S}|aj3WE*#}mfbX|5E7te6EKhZeZ%B^{M
zdDflGVO$SzefK-QQGo75lz=%J0M}s|$u&Cp5#2Lgy91AEbCrduLZfbrE=aWq{lUy6
z07l{Ls|v%aQA0*1>v=cxcMnvZ&J?rJXjm}ilaJ0{E1%D5Ph8y8lt6Qd<~cRGace}I
zZ^uo!NqvjgcW5a}tO{Ac2}rZ4JhOI}K6kilxi6+W63<EDb-<l#IcuP>YxE3B(fks$
zY%dPZs-m1DgJ&J2rSS5zo4EH?l*_(wD0LXZF##y?eUhI5Z|7`fq!J8;!GGS#WaLUb
z8_At!)hLX<KZ<iAkHJyzvzN^N!<n~?)(@sXG@ziyEca_iz3g;T@;JgEj$dJSjhBtB
zwIwR!9WN~2&3421{xjw4+(534fRSsibJpD>=Nn>+#JUe|9YZ;3Z$gzUTPba)ys8z|
zq)}^as2*F4hj%_LpIGfTcRgGCA|sNmyXFSV`fdt~c6lXxMR>CYDH@-<jI_M#z%rUI
zLQg;Ijj3p`Pn|xZC%42#cpCP^FJn}0i__tvqSTx8Jj<C5-`jeb(pPLla^2_{lEvFz
z6RW9ey_2&!iGhLrG%KI0JC@!PfNnii_M)Anh2C1}X~;SgIDK`f71)4t?>GR_Yfi^X
z;Q>Lnw!iZZjYiGB8;zW+%0|0%ZoQf>)b?YpwzxxZ;q1~2-6^OG7RY6ZGo8Ff>Q+5)
zl;=;nCGo?2XBib@Z@X0IwN_0hprJ}sBH$W!`-U_S4O(Lw%a&<<U9*XXFBx$}?QDZ&
zoIC&Ebx<1-+N=*Wq19e+-IP)N#OWrW<yMM{a0pGjdUf-FY5&(L)O#x<oP?#rU^b0A
z1#3p{q^qYp#~xKnHRN{7!@RP_uIHo8O?y^E2j^I{xIk!n*?lc|RpxqSjR~iqL<%KW
z3X)31W*#s~-qvN7anAW{oumdl5v{6Arx9VV@`@LP^7M1`=R$jG1Iw}~R0g@z_UcW`
zy&pfOJo&HO1yvL-HL8SnRG5KJ0EyR>fb+fsUmBOwzU=<1&w`B_g}517W+3Uy>WT|C
z7}|gOo6oN3e09}i?AdU14FhY~AY=nE<GhD3=5Ub$*z=$5#H-03?c`p?BxVWRU|igJ
zZfHM}PzJ5ctt^`S3Ju#yTrT%Gbt$=>?!LNHT@;4-Z*~~;R+Y_eT#bnfOmg<@fM4uv
zH0M#DWNA8oGEF}M`?ls?oND3YuaCWuScX%@@Sb_d>A!g+5CTNRk5xyMmO;2M`=uhT
zC4`g#DG5fpa;yy1uBvBp*(zh@#xyPWm0Wjc*eXQpB6S{nYt-hyiibqbzT(aE{~{jK
z;i6<u=z(e-B&*Mh!o+hJts;un<dNysF}BpnpNt6bu)b1x^?YqfEI3$`VD0{Hx>}9M
zynA8YLVFN9v7E-@?o(%skf$Y+$K>fasY0K9ZoYt>P=+e;TD^#e)>!Pl=aHI76#u~i
z8uax5e=E3ll@5Hyrs3&|cJx3ovqoL&<Onm2pwA~o<Rp`i&4xMCQWsM>p{BtI{w^*#
zTCiobP`~tH=~XaOE2UWu%ew{Uczh?eO5|=Y`*hC%8U=^Tdyt@~S_m2bsLP9Rz0u0f
z(_kW<z2&XUIZWGk8RyOFWWv@dUQf3M)mI`Qrw7QbUIU~a{bwfmJpZHLI~w6UI!S)M
zk)?Y==-MPfI?LBDy6G50*H%Z#e$(ow&D{gMr+dN9Gv6@oM)Ef=E3|i~@|z8$B&~Yq
z-?X?`$c@O;77?1=b_PcH+jS9@K<cGMiI<8iC$G9C$B|b)ew-nc)7OzLD2^%28@KFb
zijJ+QVKv|k6&{ph?77vf<WI^l=;K#WWwA3tvj5kN$mhTLLyB3$bhtJKF>xD@=q;Se
z{n*cj_f!4iA!mRx#$u1qRz4p*vjU>UO;pocj~fu8^W9WBK#ao~{jhtk(W5pCcT-^c
z7q9Ti!eV2mmpTf0dEBHZJA3O}jUp{8G=99VsswXh&9?)oE^ay;1z+Ck(ra7MfNPWr
z)0I-drHRGrhy5$1fum|-Bc+6kSQclNivyKz`n<gUDK<Lu$GN8prLY93MLPib&l;c)
zVxHrNO)TE6K4PsDZ!~0eRm}|F{Z}g!>%{0O<jtcOh}FK;3J&HFP93KkIkCbQPI_=s
zxV-xlAfzOt+Pvzp7IJ=3;uMs22TfYAHa}$Mmos^JSPwMlNg6z#MNGRq{kW6rK_@9o
zJmecmR=b_{b+$y#T6Hb-rwDdz0Ocgaaet;H+bBPLz)ZJikf1-$+YL1l+I7sn$_Aw-
zl-Y(;{kEmk;Fvn=lIZJm#O2IRazRWR%yEOrkVJIhaf{MZ`%YkVtoo0i#O`MwFeDv+
z>RnS6$h~_T=i`TnD%stWxcP%2eHQCP?=e`R<c{MNq+K*6pWwat{w9ZGS}Z9*R<G=n
zMfCD}tL_y-XWcXc1)1?YA91&KKO5lL7!i&B$F9k3J02*bGnF#J*kCrrx6vUIuro4r
zN?PxqH|c*mB7f|3N}(Q8VCUGDD*=A%xjnHm42ek6@=@rR()C<5#u|@5BixF<=8l93
z6nJ{ViG$L2z-6Y@^s79)nG%C;*{3F@+Y>fVptMf9&ZqIdQJ{=_zW4ZEG>u@!t&I;>
z(=U9BtMo$x-u_$4jy%49Bu80n|5EoVLoi}5v5tFD=7DNlv(GspKtRgF%}yeK#1o5j
zwRZ|Mow-@v;*7ImTq~pmn{{Xxck_^GS!|w<iK=^B+K8P#DSJol>uLH$BDiby#yOj@
z<^BMqY`Q7*gJJKqq}N)Iw*A^KY}S+&`l4-;$NN6{1jluZ$ZQ{xNDADVABgGKH1?5;
znMaX@uH^hpSsneY$%WH=z}hb;GR`g^68p3G(opJ6GaWHBcD|)`iJWeI;W`s0YCBiQ
z{hn*`^YMDLvTw7}7FI=kA$7?+GXr18{rP&$x#rzeWRxla+;+2Q>c0PD+R8+je~2!=
z;D!Y`xW1zoci9^L=HKXBd__GR&e${D47!=xs|*BTX#2X@0Z2!3M96tp76MqKs+1O4
zwU%6igtuF-LZlrmxIUF=Cf-et+AY;0MEo=I#+|2&MC=FHI;_J{=~kl0dZLsmSwiG@
zM_RX*c0-pU_Q`K2OC4d0<v0gRonb*8!VQk=DQmAQEW}hIMH^*PLJJoT!6}YU6((x<
zt`Cpsl!F(nZ&Om@PTP+iyvPU5@RVMP2qEtz)HueStogY5b9FZ2M2{?eU9`!I%f1oO
zKwVSgtA7pHUF*!{y+Vwmd0ptWNF7XRPMR9~c2~~5E+jPzUu&7=B~0yk?ZN9XvA)1#
zZ~8X&t2WZNNe8>Ttj_TEy8Jq8Eo~t%U99)sYRFz<qIky~yZgK)he^YkzPWw_$yyvS
zy&HDn459TpzI0nja?q4U%NQg&_RW-;?SQ)JqY6)d&hpb5Em<1oxN*z4=RR@^ND*K3
z|0?QVBvg6Ea3$e~iKkmcjjvNrw97@}M%Kv9bAqgH29M_Z)pBcMyMFnfRQE4>+bZ?A
z=yh8psi?_HIL)rsnPQ{QJgcdOjLqIX-BFD60h_SH=aVCi@x}%#v{weYl%wktmHnT>
zm)JtmWO?|{`*R%;krg~r5~0@iY}Is<1PhCEA}c7uHpQb_l|!hNH{0LPC=E#X9f4J&
z9i}FOgv2|6JBobP)WyfwW$dDCkNm1NxT6(-YC(3HIWmL`;jZ6*ylEBp44dK4BG!uS
zn3A1jYPic5?=W+$oRX0EM!Z8L5GE-{G%fAIynOnxZ@P+Mrc3nA{t-B8RpEjm#=Gqh
zQMA9>&m6ts64%M!3fGWbWV;fh*^=RU^oQ&cLa6eXIXubP)dg~)Amq7Sy*{{_;FF2x
zMYC7%qKw0>uXoX)_;gOw&UnNI$TNW3Z6F)1)#c-x*>Zn4Mo59Rs--A68^kg*>sR{u
zYg_u@<l9`qAUeZ%pKL!+(apybChkkDw#JjG2x%*1PGg!k2T92mT_jxt<g5}Evf@za
zd{o+vBcm$SOb}F{RgW9)Uh@jFi(<6Op$_`3H)Doab~BQ>Sh-BrFAs<s><JlM+1xx;
zI5relrL2s*SqWjx=~P+kkd$8HnWelCHsC|a>Y}ZBS8Mm>73|#?N%dJ<T-1zD%`{g~
zLw$=o(n50o;IhOpKXh(tz1PA=o{tcRM*A^B$McMVBtsbf@(ZwZ?5x9h`r@+uA(}w?
z-qkHL>~JLvUad5vymyTDnV)5ga@RN{6><FEP=1<JHa~ADq`F{dNF&zT*<4v&*BOg?
zXUBjhoe*uUt7>l6WSE~KE4!L)SUvgNiLKN%`mBmZID^K?b8Tb;mtWYrjsbu2N)<y@
zjkD)z?kC9bfN-nB`V!{Wc*Jh$P&$Mrj4wXFBSH0QvHIaz-!#u3%LV8kGCzOK3Xk~W
zl^-=b`Q|OVGO93E0e|VX%j3cM4s%obgyhT|Sn_+n3I$`Sh09m@6d2j>?Kz#EYkjCl
zzx=gPuHYGS%Q;Zr5TPu7G*wjx7b!ojf{J>xv*!3izh*zrr<t?2GdC}xlBbnYmRH9m
z(yNbWzY>FQD_1@FgMOilwK_d?&E(iIou{;YlF*5~Lq|w?PB@x)U+(<@>#RFG(=y<p
zhUe+PL0vCKVfE(tjAbOuO;^8*yL)q*<B6o(pQ>gLP<R+4$r{V7QhA2>a(#SA?PQYF
z=LGXD5@r_iWDT|(AL4D)9G<=$*Ly2Gkm|&ekX6T?W+SqfM<3J1=s=4+@hvt>_Wvm+
zKX^?2G(W_DEe+)+kPC>f30ZkJsD;DIM8<yB>Xv)-lsHL^gF_N~vStV!#}{=}>qStx
zq>yKSB1X+0^hzb@anatWZrt~p3T`mlYM+0{jel&VS2p3j2q3Q5gRmy=*Lw95YpQZn
z@;Q~7S;AG$jQH{t#H;(QK8#V$-5}K;u2IpB1QeK(2e1EoEg0#@ey}1N6V2#TuO9dv
z<F;nk_Q{jL|M1w~`zRU;zxyIn%a(vY93cNDWEBHsk0L&StIzL0o#fyBWnm(+&!JJ&
zKC1VJJn?Vh{L%FIxi1T=RqUhxOq%}wuj=d%kryd_2+Xek^Ot@8S<K@pvPNkzMvwMK
zeL^lJ-}ra`ryN__`46Y|zZEu-0zuN)Hs!p>{;#|3M6R^hm^^&_-Cu&i|N051`Fv>O
zA)8J1Uw0e)d!?NMWP|?yO=NxYNU<MBOY#5L-4fs-R~qcfmyG$}L>8NX6g!+I%<0b>
zOZC8ykrug9f}KxXME^}>^sIi?a19kRrj7mby9DP6r^*y?^yCiv4`}7=R@8G8FhP&9
zNW;#>>uwSS5#=@e(z9pB>;s&lSG!S|IPmaOinuOl_lOdoJXTy;C+@>E&Jn6d_4D=N
zd9|exwT&S^n~!0U&Z`@BHuxu;s!?<x->I-mNUiF9yddM6lQv6>)}veeEXo18*p<mz
zFD~=<3U;iV9FC<78Fg;nf+NcB&69McrG^(q1d@YvkUAWIQsa36Xy#C>%jVquVEaEB
zIrAAQh<Mj%4v}k+yfaN0xtrAl)Q5?#Ke+w<^GN0&a>97!J4B;KUfft9@5*$`N0o^l
zp6z2ka=sAx?8UTC@y8_YtZ|=z5?j8mwKj-pYYRMDmc$E6?>E=D_D6+fL<RF-9b_2r
zZtkqEtWSFHz{Pzrj&O3<J68b0B$XK<i7>!WCRe{FRFhNmvwAKUvF1d%q;~Jqi(vSv
zMGj+Mxk3LE`*(`zwV5i<36UR*39oFj5eQ}Clw1xU>KkHK{~wM17=YY|ITf+|Yv6=R
zeV1DzEVsbuUPW8Y<D=kXYIHU~G{@^%&a6i*l$pGBlLks%6vxY2sbFJP<^<K&U(dMG
z4IMov3Wv2iu<kuHKH04@q|a$OVll0(X@PeqLXecS*L|Dk!5}v7eOPdCty(y2&&)h0
zg+@1tqrZuavw^ghJ{9p%_QZJUjaOBINO|T=4Vg_~7E+IbU;JM10uyI>JGp*msu(>1
ziW$=n1yPUPo<%i=ZqDEmXMU}n-Bq4Kd8CsPpiexYjkojTNu0}$K~rATniI}m4~CuH
zCD$HlsAtv1AFnUgiDEGHLG_1A!kG4Lz6^_X1LRQ|N3E<G{LH!wVuu?rUiOaf2le%6
z+I|tcdOCAg3F;i>wYWH>Z+ZP5_wfLp`zu%A5{|m`GZ6~514~jxu)y5{4n7#6`(giG
zw_%7n|2xQTh5FibAhawTmGg1>3lslhVqX~)zdi;PtNlesX)S(bm8wF<r_{*9J{Rra
zkIqgDHO}GOePV)2hn>*FUs{E?hIYzh>m9dlu+Or<cA8+=l~Udi<bHfQTQwBO)NnKR
zqweuo7j0i|ulHp&+r{}{m3PHx-h0w->#oWVbaloN?Zffg22rkY9>9a^#YfyUc)lIZ
z5fm-gGV0)K7DLRU_E6(2-a`7Y3^a3!=T{%g-#x~bVj-Szq{$`9e|}qNkl(cf-47#v
zta1M}7L%8wlSrW=?UucMEsvMzS-t>o^7bv+Xtz77+Z@!a>Ch(2@i2M;8p4nisv2X+
zg#mrLqj9IlsDERmD<DdS^>B_LUmbW*mtDDl_kuf63^tmd%buizmek&8Feyy0q0Wei
zlPKgfb&RE535i_S5d1<FbET>-yR1dxv{7Fv2=YlR-)rwX4Ez=vGFtr_ge1|esvEpV
z3+aU=fA2CHWaml-mRAG68M5rK*CW0^y>AHQk);q4y_2+0=>qm9#Q3=2Z5Bn9E4*9N
ztjhjQy3(-+P>m}6G4@jz;OMKVBiHo?oSbD^z3nkstd;leNQKdC9U41;ro4$uMlQU4
z<zDy8LZd?;m1u8F8sxe?)<kuZlAdrzb@Q`bTF!}=Dn?L1Kv1Az%F)@4gU@HSQk_qW
z!OYyr+8o;_RxQnQ5o`XNbM^Psu3oFFQ|;XkkaUZu$_8!xw!T{0z&;*vS_O((8FlH&
zg>l`sW)W)aHj25!y~Kyk-V#BHl9O+o$ooBuvWAJZS%^v-u;dy}M+2iEhMwk{fX;NQ
zeR~>1HrIYQpygC*&#G9_crmE}gq4>seGxsrFPv)%V1Z5HMzj}BuVTGAmrGb#E2%7G
znF*yi**2GwQjLj~R!;Je?8}yZ=FHmYZANjm!03{#U4skDTI%l*^>4iH)t`s@2&Z9{
zBzR9AVn0NW%@Zp)SWN0m_8`C|i3hS?X-=73Cq!kp&DF}X@Wj8?i~8oGO7uyZPUG3u
ztB*7&pp5<6s0gTMl}svsRZ_|$-Rigr(cU~aEd7juA<08uQ`>1f6DDz?@@H!h^6#nm
z`6KB3Q3vaI)$@V9J6Z>Z(f!XX%jEBO^K_SRK1zF`KehYxbF>~)GV0*x)iK?Zg(t)w
z>F1(rX@Xj|W!m{1FOXrYNa@jXHY1O?1_d!`$&FFm_Hf$U411zJ8`0Yx4RNTy1}^gq
zDM`aOP-?<D*w=6Z*2v}`vT^?MR@U&$ulL42cq~RTVc2|#oNTk8F-lv_j9mXlvBMF1
z8VlL5i8Az_sG+#p>VyPiG`Yi5W<(9J?De5J=Ma1HxeBMfO!s57uRkHaA-r$$!p>GV
zvg%2N;ZXgH8TC@^h}7A`X?ADOi@?dAdVvE-oWr%%P*JMz-lcxpZQ&K*-qT*?(N|~O
zjWX<*z0#3UwIg|hmj2C!eb+A{A*1%yjgH$F-6DI|$GWjvS<}+H4L`g9qk>*dXQMfX
z>9p&?+^(@r!yj=`u(?dAt)?zAjchI<><lG!Cv+`}m}}N%`$+{tJXV)Px7<y4o24z=
ziC1S9h6ff7&+D5Eel0R=FS1rX0%cB%+%S5U8Dbp`PpA$5%$r8Tr2L2;_)?p#)?Nym
zWr0?0-E2l}T|a7qSCkmn(V&*y4RJeGDjIe(ar1Q?f@T_2qSa+fQ!Sa7&=?VZ+q2c<
z_1?mzKhF~<B2~C5X;G>Od9=}_QaN5|%#U8z_m@ChGZf|W+V47PXu0!zmM${m;qbwQ
zBc)7nsmGO4+uf&?JPn;R<arsfU$+(SRg%HZlD0@{=srHw;287zuvVZPJ8F6}%ng)Q
zr}1*^<wIWMqv(j*l(t_dw*I<lojb|Aq_r+<CIToo?LYfTpUgBRK&6+|%6+!*S~umt
zqNl$nnw!bLn;YiYwh^r6s^e2}T8eiF-Ue;u#h40(pT~LmeBCU)OL(M9VAH*?A`N8a
z{SJ*5cW&0<+6tkJsY)u7*FMT<;{3^WF6U-$aVzl3wqt)MI-MjpLwL$g|KsGwl6maN
zlgXrd%5PG{5y)2$Xvrvu1+JXp_cQPn(i3V1C~_#hXat?sy?L?@BBQR$wJP%X%(~Xf
zH!2gq`XfGJW8%kozTKa8fbR@!OnP%(7_JQu-U`0|D*cTZ8CI*LL02_~EmjHDC)vl{
zkbMdNWC1zXj~B<hH&WnWK=G~7%0&_Rsw=X0XAac+4wd8QJdr@vhgBQ*%$PNlYdL1Z
z;90N9pI5X4GAKa0$MSLuazlf+`0!D+b;GDoz1VNLGw@C2wh{*>D9eh0NR4BS(QaI<
z@2CD<R$n>1LO)bwHf4?a>|pV#Fd0O!65bPTIPDzoyBoJF*x(iP+zZZGdrJ;<iJx1R
zL06A#y?eZG0F)^$Y3|zoxU`!F6;YlQzMvc*_t|by_qb4taiBGTCcB@RZ!f%q;zWO&
zxE81UMt=G(bJ<{lrJlI9)ZpgMJm4*A>})|TuFR+w9-b;E2Znr;tOgvMOUt=cnrkjZ
zm95F*S+I5R{3U3Tgr_%RPOV+Sa%@+?G9{aF<aLZW32X9_wRr?vFQzkP;=}x@sc*vD
zPp9wOj6I(fMO`Oqqm4rqj=7>)mL%2}Oer^W+Jdbf;?d=AJu2&VdZ<0_w~&fWxdAY8
zLy(0Jle}0Pf&&p>hAe-wA6(vfwHIZD+a;0zBI5k;av;Bf(_;5Ev|QAa*oT{GezlPj
z<tpp!+_?G}v+0xDeXWCtNmb|FYDjLUP0RdSv2Cv_PgQ=RF-bqK#?wyGh5Pq?kzvxb
zr89-HOcCkY6JJS}0-fuQGrqtGuW>fz(`M<45KC7OkLAJC-r9$4B6FIz132h=s<ht#
zuxf|gyiaWW)?;~dPFJ!YtL7x-SyO!+tYgL@Ue0tWmN=D(P~hz)K^qqb{+UAvPB;rm
zD^_BhyEz7^Yx=b__FAs!>v7(s+ZQ9Hfr|~1af@zyg&hr6ILv#h9;dP2n8pI}FL=X(
z+=%6ZYd(w-jxN&%oAOZJ*gMR8md$cL(+(=fL3v)r^YE$GtMg_V4}RPIqhm|d{mnjc
zVl%NH3aFP?LO}2Wm_GaKl9^q@P0jpSkA`-U=%L0x;RB3ZRcA~mv`={P200SlJ|!s+
zh)3J55}im@k2LPF%!s%Sl|6Gx*-L&YTukiD6hl^9X2ncQx}N${5c0D)1Hp+<;BuaZ
z<#@>)Cr;@(_N9#WgUFKdDfh`KE@9D*ccDV(a&h<Lxru&xr`EbY<K69|yAxuiPr*8I
zM@x1l>v|KteY*nqe=B{Vk%Q)2mY$!1d9k;#unW)4T71>s34EA;L%oqTG433HJD?ax
zRR|YM6JWj@rZT)wuh=|~z<!a?d;jWA>VQl~h=WT&CzkJ@aD(|C%gSMlap=6)MEO_F
zMB8ZziI+*b=SN#ptJr#UPr0x-*<J<Y3+4bsP9k&*l3w}9qOd$^Vv);&x$3;c&JGpr
z@$URQTkKKbKnG0wMdUTnxVk~U*l=|Sbk41s*s7zk!6rJoS`0RDOEjcCAYV)_6ZAak
zEnX_Y+M|aRC0DJ_zR-EE!>oznr;WLR4apTQDA_msBzFJ|u1V_qmQiK#27GkA-nhB9
z6JPS-VxjjS_lb4PdthlE23@)(r*>=vrKrsXP(I<@y09^Ak=tras9m4+meL2*+WZOo
z1Xp84e}9Knq<~B5RAG9Sh!=yid;}voK7>drZN9++(We|3WbTu-yF!GZ*OM%`B^{NQ
zh*FbV6^!7w9&S5w=&PbbU|OXpEpUc@?c0O*WoJYXZX7y<yob#&NosqWi@a7G=`zqq
zX~LffDV2~eeWvwEoV4fOQ(rWb^<XrmIs-h)!h2!nxG=!dD$(Gy#lWCNtqs{MUc&9I
zhDuPfHP5ib*W8`=<XQ|af7I4}_Hk{sdvJ~tYToY7VVAIZ);3EjH6-vJg&7&BrkJSU
zj2%@gQ$va{L#4HZ4}(KXMf&3VUA3UarN)WD4s!j1r%?|dGpdR$!`lclT#Q$y+_P7)
zpkARZ&HEv0?9T15$*HNc<$5ENDdH{z*)Nm`Bm>q!)7Jvn0EY8b%h>Mb26vKs0j9s8
zF_=82i+?9Vf6u}h83e$Dh||2R(DAn>Jfz4MlUX)EXJqA!vaF0Z)V{~xC!dsSMK^t%
z*mekXxckabVtdczZF}j@M{BX=YAN|1vU*P3VIXVYnQ<_u=F_D#`hhw)dhAU^j4`=6
z1zRXIx(JxwIP>uoA;Ev5p9{#HKxLqfbecqrdF4#_am@C+dY=6fAw*wd2!3=ZnU{7G
z77kU7HO$izx(su#6%(Tiw)lC(ClUR5zE-!6{&8*^NX&yXAmeqU>CBro#d|z5yL0ip
zl9aK=`pTH>O0RxkiyrSn$d!l5c}rydDhjEb+LB)Ff#0VA$k#Vo0ccU(cC&)@mo1#G
zH;J@uB}ApR$~>2}eq}_Mamqh>%6l(69fDxsWFESBL^U%^fwgb#41cYd@T8;Gb3w#%
zXGn3t`e3m<aI>SbznA;kHO8@WI^f)Xb$S2Bb0(A_>j7S`^X5Qxdjqe9+h7LkHU7{2
zqc{Z~*3@<vBJ~BLD-OOS^qbRUH64`WhhhV%KQz<NmBOn@ToUmsb6CM);CsT#qznZy
z*Q3U4ST=nEoHV|<mrSEpqt*lRPO>o{6C_MnI@a&Tux!#LH9z9}Mq(L}!5QLd!`cZJ
z;@oP~y(;pz8SeIJG+zL2TzHRmNG@;Z+sW7wq562xCD`00CzTuYH6*?N5=0FjR~svl
zS-T*QDuVY!u)I=hZeS9!)J?DuLFuok*=+Z&`6zCgv0kmWUA1{vehCD~UeKqsBu$B;
z?>ztfISx~%5hH5031=7Ar=$4kOpTeU?s1bIUBWeaV7K>dX>4&Pxjw@~N5035nn-Mp
zXwXr4>Ew-@I!-#T&uThmP;Y%7if`rUMO6~sYR!pP0GewZE<X>=F;rOi+i(iz-@!Rs
zib!w{JO>HRSwXQ|V|be>LSaH$sa#pl?X&GS?hVK|^ZkF=d&{sYx2|ni8fip88bm-^
zKtMVa>28TdNT;N9NJw|5ba!`2ch{nO(cOHPy7%+m`__GYKi;43^Jg6#*IHb2%u#d9
zIma01YHwOeq)@w1ron5_c>vqBxSmkZ9P#(e;wGch)C@gsQI-YGwI1-bYqJGp)+FsS
zc}n@VJswYF>lWlFQxvqQebKOZgDo3CmkUGiF~d5d*8J|Xp}%=$ZpGq_>DNsYpd$~l
znVL-$SLhnIxy)$Vk4zj3S8uml(N9(#VNTA2X&3klVRvc|#cmK$=ac_T=i!oz%-}?v
z!QWn2hPPR=qe`kt!xhcG=eWYc)rkl5@pr=^;~*M7j8`ma5kA*wsq7PJW+k})i2mXP
zeZCuCfD)=Zn6KzARDG2-2l+}y;G)2-RLwAStDLd7Qu=cWMan~)GJjN<B7d#2a;Ewd
zbmOy6QyCOgp}x#xj1H)*e5pyAmEs}I@=H__s{9sh`OL^U#{uhwT@0vip7+xn3U=<Z
zZaVqY9OAl|LDq}is<v+pW^IqxF4CO!&cB>`y`9?(5XKE36HD~haGkBqJ|7VcCaRyx
zzRb1?^Qf?>ev+K`j@1Yv3dV39$l0QPy8d)f`|Su#rFWof=CORRKVVx^d+k-XFQI(W
zmbXfjZl)HNRIRqe2{|w)diVl(JLGKcMGRcAi}y{sZcnJV)Jg$-y0T>>X}wJ(m`5TV
z`-P1smou+o!!uIioZ+r6zOkfVS3LoBUJ>nbIenW1>u<!L)+w^HY(5EJU!;ynrU7I7
z#c@}A`GkU_D}@*raqDd{@01D`OIf}@)J=(hRRm(kEZ7&C-pAJFvb%4X>!QqjP|h$b
zl@_eJpMIC7eb>D4j%(mU2T_u$ga|BDK6Vaxy}$qU_cYihPdM=q%@+?_igE27Qm!yC
zFt-F()FP&mr(#@H)=bUUZ#zyyH|7UQrF9?Li215hKKb|&=nL;k%mO!9DZ?ul#tB)$
zNaj=gh<aH>0QO&QSIof9P7hp|^ZV-Vy$T`Bo(hU>!SG{xx2##!>}pA+@|f0ZKZ3Rz
zRZMQkkjlB^RL}`0aVE^bGUxz#hB=Y=Sa%YVk}v9}RQzq3yy3gIG!oK;ckWaXEQ#bM
z%VFX~JyWwpR2~|!nN>9U>Q0v0-bvTF#$z<nfyhbn-asruL|fB|3Ul?zpGi`>K$1eK
zjpa!~Mt#21B-YLl<M@v>tLLATexzC1{gq~A%~B|u50gUvP&C!YTJ4ampOw+g^?9$!
zExXQ{+5h^6=H??y-iH8Q-mfIa+H@+=DR73FoEfe$t_uXwN3BW|L%5^R2%o!1xP^H^
zIwyD4dW%)Nz7lCx$&)7|Xl*)GeRrG{nXa|{*|NFai~HAZvIi>c1_&uFhdeC4?>?WQ
zGfDW+M~N<-Nt4g|yhF+!2mvt^jtSkI8Gxf{EE0J?ovmb^;F@>k3u#k>-}#tGLnd<d
zYNF;=_UU-5Pi#l={MO_E{Uk~kt8G(n@QNM@5gffA5wjqkZ}cmP(Xc!-5s-BT`f~A*
z-T9@YxW2JfVc*-swT?`8dqBTEV|MJ^L5^7|@7#j5w8awVWnqPChnDQpv}Ivjk6){c
zD&xLC+?<!k(G0ts6?LjEp#K<KIA~#v3uFjAaigRud?JDhg{TtaKBG+Ll!Tt`1pj%v
zs(mEAH6U^y<)-d&|A+R!mF{WIjN|9lJc2p)ePRbm`!YG(<vjVRZaz84vOqCC9)(0s
zd=q{AyR9v?kIW=F7*2Ww1_yWNVI$QL^Zpn4^=L$*NameVo4xy$OAkSqEPSR6!S`7Q
z>*5bK<A!ACy&LM~GwuVd7O$3TJ!x}=?oYYPRp;0~mQ>zpj|i{e8TF76y_Z&bm>c~R
zvX}EK(ac<5spQSaqbvi8C{_t|R;BU7(eZEBwKLAUQH<e5=ee1yTNuWzW%AUE7h&QM
zOkR@X<oNSYIm3j#sm7tYj`Z56dW)B;rCWmL3y=I^lc@dolH`)G;Tvz|iphA#cj_~I
z%I!2SGsgJIE|Z=2QPl1pw<e`13ds_b8j3xNK#vV~FrUMQ(sijkfhXj!tQ1Ld=06RZ
zI$WAU=|eM|i&gJA)m*WRI{&on=qFK}+<Y{ADz%%N0WDS7glLj$mcXqyfOlX1Xiq6`
zt2OTNopA6Sr{h4}3sE4TK{#3eB&(VBJzJAEi@ZF|MxSwokS(Ft5lesZ4TCc=zwwoo
z7J-2S>yd+1z<sL7W@axY?|N1>F7|e(NnFLC)e)TBrsau}RhC3h7N1VlmfmOm=&K$J
z*~YCeC=mTmN|B8P&W?Gnm0wt^DdU(i)m)2SF7?hkJ|_ZFyfL9O>yTzlHsiD*`(QCf
zQWMz-OJM^{0yIzes9%|Nx>b~pN@8oFJdFgtj!3NxMV@L>VUHDKG|99%j^zwM%bil3
zL-?ueZSD&PKvEsbbyCA|#aL|_LB{>T2*W$7bFrq#1eat+o{Wg)!~U4}1u1GJ+DffH
z9P=zq<LH;C$@l)AZS%Y8Bh7-D4Y}xC*V&&hEU4v74450U;s<wOGjrdT2Yb9v3#^0>
zKKcl(Bhl2g!h{;$vZU#_j7~21S#LLsz(acX<CdnJ=AB-6ER>-Rl#*40Tfw7=*glOC
zvaECVM6EcH4nbT;TNA=m_V?|kMZ7fKG2oB~dYqOm<$!HEUYP}tKoZdBXr6oTKrDo+
z`%EID^v7G&*E?x4?{C-Dgvbf--fMZodbrMp$an?egC4Zc0z)hYls6`U(nk%<;O~NZ
z*g12MRcf^^t3^i^V#4kZe3Uz7TTa$%`CuZoD)hq>BTSi_8&%oaF~zhn0n@a#)lX<K
zrXT01%h2g+yIr{ltJ=$h18HbJzc5zN#XageI7O=s7$hk=hj*I^f9>D{LX@GdjZ^9F
z>XW*5@JCw1*}I=<1`eiiP!8GVg{nk&Sm@te1x1?-zR$H~p^{!T@*iIxl^=rmXN={P
z83suCr~p?tG$HP5`JtaV<09O+33sXP71J6%MLHi3xY$;_7O6?64I&Qqc2`8~PIAGo
zrh0&vQ>Xwg(GQx7lImV@?X&Uq8QZl4(sMw3X_MFV$|ef8v)N-KErgQTlBIJ|m@60#
z#NtOmjIO;@%$s+2q(`T@{g`&Q85P7?V#WKUP31Vo;(D)1nuk@s&BMJqA>)g2FMa1Y
zHyKR)GzWu{M9Us0JDIPYC!hd8>>W>ngDft$O=sq`hrT~M^Ve6#PPTpNzwet-QSU9i
z0|4n3_mqR;FhxU5D2vPe+|H$LBUB66O64OoJ&5Y7Owvf)4ea<JeBXjbhmgn{CB(v6
z6P~;X;1z;~g;N{Kggw{xER5TXV`_dnQ9#aB-cg?C<wEh}3Nd`xdivn$p%STWbb$6u
zCL=hCf%|E_X0gY7Hcj1nQ|R#~d0zGB7@BpY7?_CB^x(_*E@C<m)5QrtE;z6R9;){Y
zETpR(xM(OQ7-glO@bWzGkfc&K`5fvUM^oQWfd2IBC{aAKE)Mngp_8FO>iROs>))fw
zr=A9M71ep2o4=a@;bsT&o*P&~lsnYQia{eq#tk1nGqIpQm0jVpuTH9EP1E2qW2WKS
zNec18svlSaT8^<j*~`QQ?Ge;2?NzV~@!@x|x!&7#kpxN#Xbr~Y0`2vRYc{KlrNI3R
z^CHE5!Iil55qt#6($Ye38rYn{kp`{Ue#tU59Wi=l)J$qGfLmKr5dXDHn8fW}z+x3~
z_cKn-8eip1!l{J!%})gZErBCO^X7+p{FG*<SefI^S7I!&DIrab<r(IeHS4)c1t~bi
zc%Or6OI`Y%-!2xt@hvPAv<j3mrme?=B?%Y}uP(3M8jRGU*-Q&;zC0|=eKCIyc|uuZ
z?UF9+s}Fx=YdTeHGG_rPYI=L%aC>v)3v*L50#!6R-r6o{KtpX7$4q9U6eK6Uk9nit
z3YQ;muG#G7oOWs9wW7HBq=(PninqzsSow><@a!mROvaQzcY8_9jK(QUjZ_jv-(rVG
z;$l|}%A`2&6<58<Dp!(sd#P5byCs@xA`Dt21E~pTL&DhAYFZrQmB3eBgxAc;U}OV!
zLKk~G^kWf*^GxnK{o>1rlMh8U%DpakFu5+yDoWT_;HxiV-Q(7`v=7&?dkrba7HMw7
zE~%&~C<jrRE%{SEnm1j9z03<Tm6yu-eV#)VrON)-kW=g6M!?T6P**jxvQn_JKq&m@
z^?N=>eu#^6UeDet^tJw8sw_5g^;Ula0?*TM-`LN$ws+*m8YAqQ->8ynQ8ea|7*@|i
zpl)qE{PyUS`QcT>Jl3Knn$c9W+p~h5q16=(&DCgl5bp42?;z6+I*Y2Rx${?h-&I-l
zjCaEhzVv9svZllh6`Rj$vRJ|Qszaj0rK7I>KgKWy_Y)XBZWPs*Rg?JWGXSIkWIhRX
z#13aA!qKwVj0K-9uIlR3unpp`EWgtO@$ot-NvN(Y1sBn=hT*~{H@8HH7YENsqQB1h
zuLRg<Ldw~HCBT}CC>D7wr{S=57R5SCOE?!aCfL)`codc2r{i?wR`i`O&@ZGv+4@>o
zaPQ{_g_ft&D8|(t_bf7Rdf`NGPn&`+cN-ysAefyTi_r$Z#OluKToiOcf+H(&S^3(w
zyI*T{6&_m-3-6wyJVTgp{<cf#GDIFYDg`&iMSecMO`^yZe92ZkH?HVMkQMg~+#f^h
zTAhQY4iDehZ+5X&R=5$T{ZW6ROL>TgaI%XYGAzJ+J`+6pdiR4r*~H2R<s&^W5bXx6
zA=8rC&YKISa2c3^01LQD7DCd_J-!;_G>v@#QpHKW7r}t7A4KNw$#X_X*g^c#gtZ}N
z?CPz$7W>8Sv3=AR+`zs4Z>jrTDM8nq=ggpK`JpDsSFfU{ay$>{+p-!Q3_G>c>9d<F
z=^L!rOz#@kh4;2VZFvRhAXoES3^IppTuZc=g<%@&?#AQAR^2n>EG(zYmoad<Ga&(l
zPJw&1ANM~2=Y?LwJtrGdXs7wP618RK`?Kw7BQxNxz|-YXj&sC=GOv^=?=&mQz&N&p
zz7qb$_={D0>8opu6oR-nE%^px@w1BBeu<Y>y?oBs30>q~C-eI$U~$)-chUk{0|pz`
z`3a?(SPeO!kac__-%4jjpZmYt2#aMFKCz?4TR)$j6X2bN-=b5so812BfsM$YYK0`y
z%xH`?8soo6Ww`cYmzc0jO@)3AZhj=Hkjm;y%L#U<A{CbN=(qlrW;un(Em>K|@7J)7
zyg_MHSX!E_iM0YMAz0y&2hVQME*taJbqw4rC`EENEK<5Na;}S=HoX(i?D5o!x1Y33
za-2x{hcgGFQ+5?PZfaHKhsQtV&@Bmp$y|oP$KMRz<HSd1%14fR5veNac3WK9HZZ-h
zP}-QtDU5EwWqG!rv(f)-Ms8diH%`snSYKuDCKtV?_p_56a8@KEI<&mBq>_|oka$S-
z;CPmelTWNMj}2xD9^kln7he{4B`dXU`wHeHQ}f%xE=&y@k?8h`J~Y7;@o0T{F&+ZB
zs2{WsUl0YcC#)VR>4l4nN~PJHO_Qzo*|V9k4iWpJ4j3kJ^k+BS&Q{a>%j7f<!_v^`
zLdP&#xexVaPVZvF2%5I#;koMzm<?Z)l^A>YqzvrYsSqrWPAX~^>(TGT2;chT-^4VO
zf;1QNJHe;wt^^n6lgf@~!A!c?n<aQ6QH*}h3(B<KWJOX?-!L_WD?mdP;wdZ#EKLJx
zse5DQ+Av-Rurg9aoe~$Em0l!l;xn23aTJ8#NhB%p5R-;?@D|_4uqM5RoV6p@3Ok3l
zdr>16T=f@()`eM2MGH%-+6d8%K8}%5F1mGIN6K_4tqJHk%=b1MNmfw-(mrW&-Qg~T
zjw!#H)F)xM#H`egE(Pz`9zVB6jLdc4rQi+xk%oQW#q^@YXg9M7i1o;#YT<id&uwpl
zu<7RGDy(6#w4V~i*wL9YRqqsNd8Y905y&B6byvYm?FSo=s6<B7h}E?O=3`qpZItzU
zI6qEu(6hMSyH~atpO8$lH8i+J-I!5-&~6@qZ1Ln|>2u);s3w+B%i`%{NOM<Sp0F2<
zj5Xh5aIj~TYA4FGJF!eYtrRtvm;o~1b4SO?w)?MqEo^PaXfH>;CE@L!&@8xpZx^79
z87CL2*3B1IC+9%hX4f(Jnsc*O$qDObb$q^Q@q(AaX`l>aWgCb_8Y%HK^oU!qi6mv~
zrAWX^hwKqqA3l@FCIu1u1Z_M%Ov#Cj!Ou-5YjJDopcqkOeKYJL^EGAveT)G3JJv~n
z-7yKNADa<wJ$eWV4qstk?nD|Y)|~MLfvWKsyH!bw1Bm#Q)oV7zCs5h$BPVM9O>bLY
z2k=^86K&d$nWXmuH+FIjp=bPGNBz-XZm;2v?z|W;S|Y^p%Ig-abhl`lyUiLD>M0$n
zQ(V?O4f@&>L#cJbwrA=n!QAB`o8N{##3=@x^JTszz#EW%1Eawe7<_oA9QmHrL5l8<
z^@X27Rw!9Q)B??nVU3VN&R|+@<m}!PNLGYXu2Qnw55+h}+|`<<3#wP=CL>SaHxW_&
zagAc*I;6>3@T3YzH^QdXnj9(+QYL%odC=f`cc7GF4(Utci(QmHbx~{254XXb9}#75
z$Hd5a33Z??Fu!>IE4y9uAmGZTQek_}z+z@lak$)soH>5NWcr!3U3<~n5fiteH9KaD
zkO;f;xx-K}a|Xx)w4c|8T0UocSRl1Sbu>o4T~ZLKyn1w3+p;wEaChK`lGIExCUu~L
zAR?!5$IlRbJxV~PZq~k8%<&*Y<s!Rr9}+iB8@E>xmys(aIW?Uv`Swc^uvPg~EqyQC
zNf`i|(z)jfhK<}-K0B0p;l)rYOvurq0c1*VUW;|}LiFn{574yhkGuu<2oaw^w7B`c
z6!yc^Y!!w)An{(uY91Qm=8yztv9IcR00~Mssd#+vE{ZvEH^a@dcd909shoCrax!zF
zRE>9Xhn5aDP{z>nj2n0p@G7-(?hP={Z8abCA^un3czmVtiId9j$Wui(A`cktk<&US
z(9B7Q_2psN?R`$p=id9G-;=8EBiM`gre<YQg%=;2blC$y8th~dNeBzFYSEpUK7+Lf
z&u1yb-W#m6N%!{@e0BS1iDnXJW-oey^4iolzYVfy{$-L*-O2T$ziQtng?ZveOJmpP
z2n>UAA;WNhmhAd@QG&1CB&%Tofr*Kr^Vt=hxP1Bd1`b(-&9jmzB_SuPa0i5UQ<h!4
zDbkp3_~*cRAbHPeVz=C&L|jBb)s8esY3o+~l`Te;i2oF2mc75Lij8ZQgjtLdd)DXl
zhp2Irl`oh1z19cRJ<2bh&{*JIpR^4J?;>I}joR&YaA%=Xiy5mWgZnr`7E9T!FgHwm
z?17cY6SiYY+Y0o&2^({&+cO{Is&a)-r}e64U=GI>9}oXn$WUZ0!)UH4V1dbuAIl+(
z%^KW%SULAyyiQsFewJ3sgNw5iKAKEx0=hVmpggvCX~%^t4`E0Rv;3f~GM^o*So4j&
z-CXBHp>P3lbR)~&-@O2$dxeaELW5Y;>^ge~;WsqSstTLmnW%~><|VkB&CZ?+tsP9&
zqVQ}skHu<KT$p#?4Jak<;??btCSC4)n?5TPJ_uzyjp`Y+;D5NNd5%;kd8hNC|66`_
zxCLdhUpz;j0a(Ls$ZPpdR3Y5O&o}{Ww1SJpzF!+ELUVXi6+}zO%h5MESu8HCTmJG;
zRm5?V#J>{q!4qSUL6OKmf*>%q`uYA;LUnlYy{pzyzp5G9efwm0vG@VM{;QIgZh0NV
zr5B&04w|^3%f4<O<@+g16W?lo+(IHN>60YXZrGc*2soqwNrM`Vj&@>cYk_0uXG0Uy
zO4m^8X;W=vNks4RRp^4;lisIO4;&4hP0!hnirfd`e|<o5ErN?S*|-RC;du${xz~ng
z2zZUCl7nR&v~Dez>#O5q;8U)7r<3K@^?3RR6~pV<47?M3>jNxn{NQ*S#mpFsm)F)6
z`+8nMYpuwb`nZe5T`hTtiMj>6Et09Jo5K8F*ei*!X;~|)W+C9ffnG*ZVh!qE^XDYq
z?@v^sm|$mw2-umMhxsSAFmG~d>Jux<6}7pV@UqYrm=9HF(=|TFUZ>qQkLcUAg`pP&
z;cJu>(7!Kldk^SQIAW{|cAcB)UAS&sWw+OgRa9r;T*V>j2$6!4!h_|qQRo_h(K-`N
z+ipDHP;y?$qU2DyZ1>#xf0R13v9C+Mbp284@YRsNKjN}y2q~G91jO1%d$L5$)@%YH
zpG|bM!y7yz&@W{gUYll2=p4c948p`rN6A7aoeMBOFeCZo5pse*UZc9{IpbpMX@kxf
zlvu+xOG;M#O+O&;ti6)uYn)hC1Fva6dOyFGnIh^K4u#pLC7`mOGC~f4na>>t$fMN0
zpQT^ev%+ZxT5a*m$~k7dGz)1*F*_7aplYtLoc9{~vJ=MojS{Gcz@UtO`KuIym;SDa
z^0{a7w160q*sdP$gIkrf#;d@D`!-f4$M|hg|10uC^W;YxuB=13{c_*{q`Te3)xKnf
zLAWD{`1t5AK#E3IZv<Dp6GwnAO1xONSxkJB*KSF@@#AhF3GH!;j*`OICp6{A2J9%v
zuAJ{}#0N5i3(mEa@$`Nviva_D?}@#u^T<r)7fw{=D`$=x7OHBe%&j!Q$yP3Ge-qL=
zxYl*K6Q*g;FW8kg<y1>J;w58I5+iU)=$S0A&fMFv8-HT!N_>EQUcc?|8s0%LRRP-H
z{X5fuXUM+hQ)`#{(ns4S0|~{%JkyKv7fzb2&`O<-sQxoYN3AyCSB8~-0z{PP2b=j$
z%_qGzz=8GrFcX7@`UFspQQc2?JXD2kF+7xKWw+Gqyq>zm`@$-8q`VBjX_o-?R#zi^
z>#SZ_Grbvu(viagxa+aZrc9&nPy11q(Fkug%XFv^y<fD`_vI$|U{Q%mDL+B5p0c=8
z`ZX<9ULLrQamK0obBLH$T7^TxAXp6?fu=Lc7_f8bYS~@({(;@)D9$jcD7T5b;^1<j
zZX$Y={CwdHlG2swkL~hv7CQGrvJ*Fh1Ng9XUpupY^ukqy6V8_vt(+@vtgr2LOlOT;
zkD-K6v$8YBzjbJC(4LJFG&bf0#eJM8?j!ixcuc2v7(7y}=l+r`;1+@<_}rGaN(+tc
ze5870r1*)ypxi(5v{Mt|6sWnrP%?dcWY)^Sqvm+)Kpu9lPx3I@a5)*qqnmi8*Z}nW
zStr%PP6r9?(e=AnJ}kG-Q#p7W_kQy!7hIOBuF8J<7^I@O8U8jBZVg%UXXVF~fe$ls
zY=`kNE9qZlAJ`KDvuVG|KKvv(>n>|*qit$r)OuS-GBakQBjdbp#EZTx$Bqf=DebSO
z31VyP)tL`9DIi}ZjF7+9LR)k}^N+U`+c9UEqsv62_?UaIcb}-)Ki1-^QbF1wOaRBQ
z{AQOy^id?m<ETB?5#^8yJQL_Ff`mXt3+9()#;1m6yg%aG|HuueQQ+Ud89X1RJ@|f0
zohLLHMzHIAb;~B%cfbZ5f}1Q6K`Sb@2*`E`lby|dVD?VPZkx|0Q&g^*VCO2u1C#z$
zAOa;Gt|EtkAbe3*2jedpLr39;A9~A@6z2_GTQAQDao_K;P@an^nv5WnP8q0)&I2`T
zqOi1PK(hBIH0GF#YoCKz)-mCRFc6OPL-D6^mqg4I_=A6B!MiIy9(OZX9zqsw&V6+q
zi0Y71%{$v{B1L<jkfo$(t?;X!BrnZ9&mH9~Ge>w%dC$P0Iu>JAk!!?E@hSBUo9?kk
z89OVZuws~)IjC(4Dd#!%_Y5*V1PTh)Vug%<a-~-|_2p*kozr$mH?D0@Iw=u$<ve(2
zGC$NHE?U}J774aMqh*$oq{Ob6MxL*|2O&>ltk#FJ%X#Eft2AdK*<OcA>C#&3-B~V5
zK&*3Wnq%qOG;J;(Ns7>JWm?_i_5Z9QXc2^Ris4*XOYs(7ef3i*U*baDhbc`>aE8p&
z#FQ0gU_2oh_W`lLM-kqw?B{}Co?@mF^7#jI{zsy0q*@@p!;Y<4@2Bev4SuK!7aR(u
z=Jjl2%%jK?-)+G=r#p*7i(}gyPvs`cJJw(n?@;(}ey@v&(gdy(6n<7ZYgIyjK8>ER
zL#2WLw~~YDDj)!?0=wn#{HJ35hmMf~FF|bnU^bPi^JlVwJ90B*ptaWAo$u_ww$@Uj
z1u9tnpCUw|d~b(u2<QW2z3HGI((t>S6s1xHzQ8LM4H&)xmXk`jSJ#!s7knSk|4mZd
z>`;NOtfB$ZYZ9Yc2>&WApGWVT<2}4y{F|^I!Dax`q5-1_|7!&i#;dnL+jo}GP}qMf
zGI4je0g8Jv6P6MG;feoIRHKgwC<XkJ@P8jBlmSo*8x}&Sf15IY3kopI0Kedqe;;NP
z4#PFd+=u)>Rra3^<zmTzVemvmp#OCk{yM-2Mh7fm|Bb7Upjdz+B378kqW?aO2rhs%
zREHP*hki?c@#U{-5VFVrKFl^?Yhpk4pa1%nehi?~CCZBz|6036N~!@!Z(IKj^uJ3F
z4;beEUP)5p@r*({BKgn1*T}o&2kuAptus4$rxn%5_!h^M&l}<=%;ePJx~-|;8yN;@
zx+K)}nPx5IyaY<eC83p@@bT?@(q7Z+UJM+SX8C_(_&H@6McCtrkp1h%uW9OBO+;JS
zIW&dux&Ahu978}I#7AJRwrSZ+C0WS7*mt?`WQJ7ZJuZALI@_v<d`>O8-g$K)csU`)
z)x(yr7->zlECrQYUkwWQAXPO3KRzqraSI_3-Hl3n3T1H_>wp;kS2<s=0)LbvrOp)N
zi@x|PC|^3%=I95o_*INb)=u~Tv@Anfo{~$1J&&Xkio<dRm)^?<t=36<8pouS_;ZhI
z?hDG=TuyWfA1P&!^|H}e+8ca)LofrvU`eyJO*bkjwL+Y4uDD?y3oj+xqZJMqM*6AL
zB|K0Z_AC%Je+%oVpCcMN@dV)i<wy(EfTA+yZIY{oVkLN**KI(nL$Si%fkvn07^C{Z
za=6>eGy8T={cuZqO~4J4x_3A6%g*3NX0tyC$TG?>+Cf&7)63X#_P+dBWITH5WbW-5
z*FidZ`+OCszqA9mp#^FIz3V#r=B6awJeBPkk6m`i&2$}In?e}c8F=ppv4-Hkaz(<u
zIsS2TBgP-)YAVEVm(jIPelxvO{m2xFFzUCOILMEZ0f}otp)il)&ZfA7@v;LT^Tc$X
zjB!ya`&E?xO7kP3D!#gy@VF>i`wJ5}X{vV#K<Nk9g*I`LlKw%C<&W-=fl(Q9*gfm#
zrcg9``eHle`gBF*0cv1J+nPPj?<cfZ9C6!tf;v;2wx_Gz&VnQL$0LmhAy&zuPs9d6
zHqUVS)cBp1)(r0A62ll{xMZ0(9W{v=f(7;bt%&EFFJ6TtwjJYFHZ&OH@wCQ{ZzKmv
z=y1*<oaTyau5mLt8n07NNPG}09L&zyS(ANsy-C9ncaX`a6V3zq$a0YFN00mv)6Cx%
z;uI^W0dHHqtXk5yh)VG@GT?VWigiel*SBYsnCsne&E<}h!TH<XfB7oPJw&J4bf4Y{
zzK#7N>I0$0^w*lDH%g9_B=JXAohK5{@;21MeA^OAa}S8;-q7!aF3*>pshw&tn|Ot6
zaR}M3>Ni#|OIwXMM47m(>I&*IY(;M}n=H3A70%nR%PF`X2Qy9;)P&_$H@@AJ9izNB
ze~q(hTh%8$eKipq3#s#s?FO-9PWGzuJ1G?enLE1dIYAiwX;Y7OtIX~`r`$qh%W=%b
zuap~rf{Rw#4LC^Bqm7iH7x}kb2I(6`^C|f^4lqJj_O1^BJuuse6Td1J6n5$yv>~w*
zsz8TNz2?NCUd}o@qmHBcG=+~NdZXh*zHnDx+2c>fUPy(kALGa@&RZpVP35}XEn3jl
zSw`8j$`JqJQHz(m>IH|M<AorN9NUFB<p(d|g6LO-q!I-<>7iP#(IGlfw=nAV%$~k9
zD&&z;#AB;kl4hs2`Dx)@e7qOkd<aXuv*_(;pZqS9=5N4WckMp;7YBIqYSUpSUK)uk
z91_!%AG%fF&`LB}K@w0e=c&bP4^#}N9owfFICfTMB;O9I&k}NV4Ux(S9%Jg!(&6`j
zrhUDUurLPwOE7(GOZwgrbFcYVb9NmP)+CfT4J&-#o@n&;$O#|pyd~K6A^@rl<a}uj
z+@4wSS}!IaRR)aX`Pk}IantCa^*8fUy*Mrjd(9!+$IF%S1dlcRCel+%Zd5uV%(Ntz
z5Uz}ISNH9nyidc2;O}WKf314%s?Zw?n~~dK@tJwXxC!1De}}uNE5O=EpTMitq*a&@
zCFa0>KRn7<U8;ty!DkFfOK>lk0mm|5z&9%{j8uO@XpaA=7*!_!wQ<s7hSga_M)v~W
zfnz&H=b?I|lkfD?!@U(J$Hx*ss_B|*n<U=nIiGmG-v!(}XCu_rtp~kJakAFL08N6B
zg-WM*UHI_F(;et(sFsJ%zrJPPer?C@!^rKZFN;q0sEb6TIU%h14M%jL;F8`$wSgC`
zgA9j3T1-LBQDhMoiPIj-8}15WYq2;h{XKuyevxV1QMRQ1oug<jqT-m(Z2AXDM8Z;}
zoDarLV{N|hmy--~Ss-wwi_oo$<7#u4GV!yT)DY#%&;`6m4W0QR-w7L?m}rfzYsDeu
zUXTSpZ)UeYQj&e_fES8A5g%Jgl!2_$aVx4xRp!`<ujVWdSKYb~=H3<w&R$=KbOakz
zG|hW{hifio;s>}Lqw3^BArb*a2|XELhyNpp;1}j^a|xEmTWE~zxeJ$iTk>}d;m!&K
zQ6F#`bz|;jyJbGTulzVpZZ0M6c+!0TFvFFZ^u}Yq%z1PZ8Nv1xQzz*{Iz<bs!olRa
z&T^kW#IXs0zB9j_@QoN6{&MF(E#O&)7gni^V1fYecuG=TFAzk!F#}?}54&W?R!9Kw
zIEE=*)xY(vRGN71l&0%6a<_f3+b#RHx!D}5z(~1U6SmlXn9#PdW+6ju3Uo5sPsgQy
zHvBc$>!2P~B<~%p(aw$F2i&w+tlL{yNqgn55@DYiT3%M^a1zHSDM~OcD;pW;x?aO=
zScbQ+1c`sC2_f8)uU;KgJ@`H>|MAv}+*Tl^WlA{kd7pjK{Tm7W<<uOeZzQP3y&A#$
zB%q;5k5Sl;&cU^fnViju46|wm6DlvF-sjs>^tYc5lbHrTiaumMjAb;FK-TFFmrkE-
zd^F*MMhDXvI6nQ=Z;Jw1q;}{NeR+LMSq+G$)=cE@aL|1MarkY|A&oWEr`@QJ<}nej
zd|e;Ouy9SEQTjKIZeJRZoW0O}VhbWheOgCgGo`tULv}C6=2uin$Sl-~VoN7An9*Lf
z7FBsS_t7r*qQ(Kp<O1_^RHAH*%5%6aP%l*>S?I4bW^{TgB60&)sIA{MXRd4Pwlz~U
z<ZP1Kx-@4{_rJi`K$K@k%b89F-+od$bMp2<sBmCRmHe8rMYu62nkPcxtQl5$M__KX
ztSX!0zxjr;_R3ethh?)I+)TBy{i@);uUk68^+`cYK7ZRFk%R*Sx#Q|LwRM`1wx9ad
zLI;JsZ{2&k|9$j^q8#7%-Tyc{KOl^cmK3g`X^4Mg+#!#_?RfY~azH3jQv}RMciPKN
zpj5?*Xcjg+t@VX*ZIYyH<rbsSKlj+m>Y(!=VF(3#e2%JM5^@L6)ucErh?96};Pwf9
ztk=ylfG8#B2!H(h+r)5HJ7;#vEOu+P?cIzAN$v7u_HIl98l_Z&1F5za<HmRtr^eC+
zoF}DIbI<ooZSuxqN7eN=P`}3GR%Po=F*Pn2&h*Z;e-E=dzR}vJYwQmy$n!oa*VDzd
znmut_DG}8>UqDTkJ6f|Qp9n)X5`eLJ?)cs<KJclB<T};i6q-I7#7(Wi<V|GLt+7Y=
zUtu*RYzBBUw%aS*@j~wUhC-gT)$Z@ezd#NMh03;Yf~Jm9Y41+km0lREgOTgon*!4f
zK$YU?YL>gFJNu3vCBfi1h#4l0LZmI#@_QYf+su<Gi>^&1T^R4X_c+jZ^MR%lb052e
z{8Aik4RsDJ=_w1-%a8UVRj(k}z7zgHqO$REL1<r4V&!{?$@$C{?{(k(T<jHt2(P_G
zVyw%TB+<7ECui)MZg)Y!L<9s0O#BL2a#!s2`u4hOU&GRf+Me4_I7WWw`6M-c6qrIu
zhKkcGPkOU5w98E;?+KzEvXcEP9N-UkpSj?mw2E@RklVSTz`}0T|DU<a|CsAGF7{(1
z{Kp?TCJ){?&&{VLTW`-OfJDF-2Cf%MbzuX+u9}_3p|)E4n<uN=*`}h7SD{Qk6paeh
z$_y+<yT?F|n>^4)e<n7fc?71k6dF!K63f&sDkCXKivF#%EAFB0c(sZ7M}L1AA`a`=
zTObGtm~z2WDE2Xo8BE(*2zs4_N~tV|!W;hTXzU|1!tUom=w9Rm>2QaP-0Y+;D4myl
zn`vQxof@=AKp9<dyl1Ig+Ru!<5PzTV5%fQrTnH@NdSk5b1&f_Kr3yI_<eC!=lv2V1
zrKJ|4gg1i|NQP{K@`p^c8$o9|%5&+#3HkNnI1jhaWgYi)!t6%Y!W)7u=>4C=Sg}fV
zKJTOqNw<%Ucwk{^kxIZSSu?G$x43GJ$>)`!W|5b(P;dTx)L)q*&s-BdmpSx|&)#}h
zjt@LU28&xO?OQd@cuEC30Ua#?+0T%(POrRrYQ=Gq@h0kn{E+1i3NPkDp}<nB_tiFI
zxPQa-;9T;g49PguuP`~4QLD!#*p>JrijR;zV`eRgxd5i>@13pIz>gCW&_T|@?z(RA
zszDJl>Uh$?gwzA_R5-zsT=rw3Fv~;aZDqNWFR1BS_V(|CLvHvCGQl~;N;|wUqE@nR
zS~lP^Qi6o8#72#ssD#D#x0a_oZy{G`XWle7V!OvB8a=PSYV>+@!MReP`i>jU-*Pn>
zn`S{P%JSk}(v)weL}{ONM^!*Q=G)W%u<<1CWUX3k_QPxBpR}9G0@+rB<!VOvU~yG2
zBTqf=^xq9AfE>(Fs_7*~cxXqM(+&=O(3^fV7Yc%uFo`$sY#F1H2>AhIoC~0xPvp)}
z-|b7m<wv>5W%%kMeGGaxaOUxnvcwNV3rQ_Piu*wIQY^{_N{^Pmd-J0Qnm8Fh@VHpd
zi@w*i^Yk%lvjY^e;`Mr2E72dQ_2qKG<5uE@<D=^Gw3S6Feo@=lOfuh8Bsz6uu2NJ7
z<5&pFUzr}q;WBP=47n~CcrEv_4E0=no(Q?}_Ku@~i*_2J^%tF_fszIVU4xY8xh!)o
zSy%2-3R4wY&3yV}33Ts$<R_UeCCj~1^L5mkX+fs9M~wMWfe4FIdj^CnM?qbEciD(H
z3q411Ef14sgV<d4_#=$(A>~rrh`&JPNRU2X^LA|y6E`^>wcb!<%YXZYfd~bg_X7`a
zQ61aB{uQU2<@%Dtjij!+-}dsFlJcarOjLaE9YZ3o0Z}ne>Gnj=woiBDCE_a=*g2b}
zndXNBKg}RX`YHxzBa7$>w0Hx%Vs-18A(;>OxVU>ZU!;cMGwcSi4^Jm@(3q1T7X%9&
ziMrOa9C4~KW@T${+xL4meCzIp)g*hWsU(4~&aTG|EX3IgQ5jJ!Fb5&>%=xZELPm4d
z1O}{Dml{wL7LNUY&E|`H_JMW5M1$MK%9jiAN%`f!p2Ox<12{XEE7zBLA=2^Fa*i-m
z7oQm*Hdz#Q8S(6Ftx2!EYS>NG1YXg(pNSI;o2>Nd-c%T>H^02NoIJ~~`bYqi-U(%A
zK07LBYcIi)&0ZOkt({^x0*R|42oEwbMZV{;T6)Wq>`KQgm^lQlvl)pGq|Lh4@Igf_
zw-A-0$NDi<B#SAKO6mJUtlKhSbhidjNEcUS5XQrsZ+&kn?5-wZD6*O_4As~G?3>rV
z8jDg=*M+NQ_^r)-CE2<MPFWA0vYk@Q@6kzO50_R$Y)waGhDqj{KV4UWBv8NXJGE^v
z*va{FD<eRGzpZmgu!HLsCm66MwCnnze#kl1?uVF#<!BD-aTgmvEA14cXG?fLHNayB
zfD@@CoXVLli{p2->ufD^l#`6VQgRkiWu?=*FO>#ob2QX<hpxsjk?R#HeDrJd=MZkX
zw!B<Gp5r6XnHO!jWsu1;I-`r}c`Sf+)7jAKho!WJN9)?O4j!sjVXYm#?&%46d0_I<
z$XIdcGb!-18_qQaZ+<-7jKJrRILBLK6udCzkCLNEx{TMAYWL-n*O?R>7kDg%g*J<Y
zlti4!1e5r*xXx7%;!NLMv}6j{UKsU=$F&<I*zHZ%?zJb)1uAB^iCKKsnyKN+AWzOu
z;g_1dMQN9;Ha`Hf7F-Vm<B_@lK*Q3)IlOcU{+7hJ(0I9a7k=AiT153143C066dTFQ
zE^MSji>*9cOBsd54p{<amud3J+i#}U$c0zdV^B~Vh47I)m3Z}rpBPUzi|May+ao&r
zIZKRO-CF0@jK@gFh~x7xfaD}JC*;=_6}eGQd>9l*&@EJX_0-j|#2>O0j4r)44P3bD
z6Rf@!;oi;J^?k}jj<lVq*icRfGT6YhW2?%#<Lw}ZIA)sncunjnw~}G@%}f?Om$2et
zd3r;c?VLiFH+|fwter9TBJ%_gT*>AGeGZVA;SHLjLl;7Ofv2OLbu`V1Ix9348$HXN
zk-;H(VV*vGp#P8QySu-Iay#L&jGDY%Xdk=a&?)A1xJWzhxuNjg6ruc^5qwb1qjCt#
z&Bn|_5!uY&<6c|f$VzU=Z;uUY^pC7VY&^v>Wf54%^D-ZA4JP$YAm=T0E_;m92<CR5
z7&I~zr^*zw>}qDpA$a>73Q!KAng}5efr1>t-=Q_aq^O#d6pbIW%vRmY%xl+CWZjsu
zhYy=uF0WD0Mra;hEft_%DbmW=(D3j;JjIBJr`XDj4cfMT0pHY6EnVFtmR+B%fdecS
z7^7GTdNKI<adOTu;Z;3hp%E3TfH0yL$AJ4cJgA(H0D^WD%Ah48DJgQvmAiz%e?Yzd
za)N*T&tWFu@j%9-xPLL@zp-~n0UWF->OVp9{G_o7Kt9|Nm%Ii*5Pu_rA9(hI4raJN
z0#*UPZ;65S0=eXhf_}~SzsGiW2M~`Hvq(LDit_i5OF7`+myvb*PXJy&=m~{GZ0>#f
z;!nsmKc0b*FkH_vDP4Y9%1?9o$442!nYbT({*A65q%4U8Q)?Q}VEp5}f5-_qg_jTg
z!Gu2%;7ko1^Tx!VdjCGHpTl(noY6!2Bd8QWk2@nUwQISEra!&<$1~N`qQsxbeg93n
z3=?$SPz1c>P|aY{;DLmM6y9vFO!?Z@rDhKT?6UC|*3E*$ix%x*E*?1qU_F!q0Dcq=
zhPr>_fs6_4siVELqUzXqx3s;exmn7pdGq+&M;>_?z{VMSC-4Wn>^}#ul;B@Kzsgg%
z->Ca;MZj@Q(|y<dxb_L4963JFro1w!j7ajo>5+$tl2(5pHjH`WLgCohYpJcz%GLre
z&1|?@m8v^(y!g+sfZ^_n9<%)RpHQ$U&}1P}&wK$1jvE5PV!b|Qa`;UcHCb?{j_qi$
zG*Qb<YDFa14F!SyiO7O}q?h>wY(f5rxd#QZpJZFFcFP^$IN!om)_tpzjmQcD6MR>V
zStECMhXLM<Ce!_g;qx?8*S5A6dVIeRAef8H-?X}y>82alHS#d&DQBH!h!a#KpBztL
zZjt8idagn?29i?lvlX+J`6uj$JHlMdX`M*xl>ksfepTps$9y^>!1n)Jmpo{mzB0S|
zkVox=RF@=wb5<VE=x=t*KzMWEwM>h4t8E0b{CpZ3L-bwqJI%E%tpPXZg?lD5H7v%<
z>PPvYK1mUT{}Ry;)tZBbqH(K+#M545M@_7BdyYhm6~!CF`ht1vmKwi(xQn}+%eJ^_
zjf~^uqSop0JtA8PbDbKG^Yw;ET$!!Z@!Bn#p-u?8UMnNB5q7g|;JBW3b_z#Rz2^c~
zwv0!+Ve+>~0xUBZltumBG7ddj%2XL$7Ec|0i8T5zAY5j0z8KOg<+W<U`)tAn^*m9x
zz2t=wJY5|NSHte7)NixQ*a;z2gVS{f1LjbIt+k8&DPH?5l(x=oK^sODjV#(Nxsmr+
zQ|jkf)^>#55`k<Nx<xHm0QMFwV18;GvwyJtWaKqm{oR)~v%7<deZ=0N3&#79++td@
z_kE?x)(5k(M!8?ALR6@UCwp$+H0G$OkzJ%RwHW85vQ07b<;I^8Ot?z+k{!upp1-&^
z0iy~7YcP4sLNOcZpD@5!g-A_OD)w4V!;a7>i59Hik7Mh)wl1{0A;#+`dG^meb$;#C
zae9HC*f-Ks7;ocn-;x#5Q5?xTur2|(1{o<RrRHd?(2YMx5di>oP<xZNhkE^_F`X@s
zzi`#%F`*)kSDL4_r*{3LBPPAJX|oUYiuuNOttcl_#R$O<3?0=wuMa1$0>&gIc^5A`
zHwoZcK~8QrZZ@X&_7bM=awhd93v!=7Ja>1$0K8LUbvng=n>gSWbNO@FUh-SJxbOKs
z@a%P}@bSxt?%g7lqjN5f@fYaLZdUeukyqLRku;p9j!R*PA=&LNGPvSd?Yx(CG7_BP
z!dDd&C3EM$f}M6wb#|?I|KB<f1#2A1ACNpmq*A$6m;rUCD@ZWge{0nlxfaIgW;05e
z@D>*1@B`qsG{;6Te%G)ZIS-xI25$kQ%bR@McP8`6fs`+b#M3ULUTiUL+`6t@hTY}!
zsYkfXjJr<t)`n0t%qc<aEEL{7g4zV;oHQrn`I}!uR4{;&{Cty|?~4pUbe-ucV-yme
zs!rLxN(T`Q&||_%LV_O<v8+bXlAn@S#fL^SjbstQD|nDCe_Bz_CcZ<<<Ylw2F7@>U
zx!vR!3fB+MqD!DbBR&H>{ITF~CJ#(Mhu;!XL*NA#TG`#Cn;p3u5Qa7#BB!;L^Z%r*
ztSym_-MC{)d^U^gL!*2!*QEC@)pnh74?YBWmIH*caSXh1@$n&FuYL5X*B_=*#Gl~d
zA_)U1_mbb06XS=VBEGUURQX-SmqFW>kh8pQJF|gG`{vtybR}E3Z!cZG5IUJX>-Xm&
zAV$MHlyiR&*K8X>`2*V>JvzZSHn&65cbO{^W#@D|b(`(3=zLFc!8vc(T_8J22pt*-
zfxwlN&wKyJlI6m>3?x$QUSFEP%<1h_Ibq;^<I##HnedyjBF3qY>aQlTy+&(dv+g%u
zO9OVm3pkYZlXTWUsH2bj6|t)MxPnrcn&0EGPUv%vJ<3~yy8WIWBjq4e<Vo{;%RPNP
z62W1fbSl0l+Wm4=4W~Qz9*h?3QJ_JU29EZ;yk-6~<DC<2yIQ~*yW0aR)lw2c;qT5E
z3LRE~##*m_PqlBSV?0Me17u7;y@}|_sl78>IdrkBRjpH5ApkLwm#dNrtVYT6ORh2+
znfJ9Y+cKQCyWnneobWxObFuY$OANj6_%bRQUnyI8sH;alZlxoho#oCY%W*JF^*4XT
zZ;PA5gXy!9mUufao`qe8Z?@|5!4_|7Lr1_|)?-jbHFE^ssKQu0vMNyjDVe)F)erjp
zaBMMu(<~2TI*ioEk0)xln)%IE`3vi#a(y2GqyXWgy?MnS*0-N5P)7vtJE7h&{m%NI
zvD8u$5JVl!8~$6EQv*Z`JJ4Tsep{A*k=McnNOqxi1nGB;`uPJ(GQf?)VSNAH0sd5N
zKw5yGvQEeTH|hj|01}zh|958m8t(uWvDtC+J?+0y=M78_m;WjGKf=cUL(2kyZF)8s
zr1XED{NpcoWMFa(?l1q~;(oHW0SIk&{;X<03Bm;?r}0QO@OLZz8FziA0(is4{^2*3
z`Rn%#z~t&4r9Jx>)*ea$y!l_j|7IpX*wymCg8yHO|A#IAWmEsZ7VlBV&`bR%gMV4f
zzYwF=%ne#Gm>SR%pn~=Ct~CDCH=x~Wml+lQ?PfhflJA}#k<5O6vDUjv&PM@FF8pe7
zNXdfd?j&<1_4;hq9>SG60XKK0aD)<7P7&nZ1-J(u%5<pTecw`COJ+YcZPVOlg=9Rb
zDdsJVGS8Sniw1qtWL~W23d<r-)pqQ(y*PNFi<ay5dMbM?oBKLqy?tiU8;3IQ!GtA+
zCQ18y>X?bylahuelQC86qTiXpPl0rKBV0>ZxVF;5zIfuK-!tURkbhm_+3fI1v!J<I
z`o<Ql`e_3P$htHyAiZtAwuQU7n%=D0Pryf1zy$(Zr5M^)?%$T#R2;<dJ8q8Lw=%gl
zSux1S$Wke{_jeP*F)`0h7;X=uF<Hi<rHs>~^VI8yytCcdlhkc|lNUp3^OKKKFXxY>
zJY`4`WrHN}ruMI_^()^3-In)i1`~e|WEGG-2%eMU!{yS+KQ?}fGn01K2=@Avuu$V-
zTU5HFGv8(*25RV&+s2o~PG(Iienq*=#xahMF{^v9Lp-&GXZ@j47I?Q=!%ia0Zvs#V
z<M$&ivQqQ{tsBixTHi9(sj^#KkA<GBZaTR(=UbE4%7|?-Ci6K}9gc!llFD`_(1T5F
z<QvOydv=bcQ+SkBo}+D(Jk2n((pBLRek<O{_4!_n@r`*}^XJ(&Sf!FOGAa=zomRKw
zdAKfqsb#xHGM~@awil5htaVo#uYy$e4#br+dL0F12&8(Q)sL$e7LRJ=VEW1vSV~`$
zdh=%j=OTp)=J0QS54{r~zeC@Os4!CX|8{wtG30iyFG4FWsj(4%p@e$5;YraIyJHP8
z8|y?d)FbhlxGTF23h}wmD9`1~X$M;;JG>b$BsD$f8lrdJC`ifm1tWu4eZQQ|q%>8p
zj5M;b)ZRB5Al#i4>Gv)NTf{q@>;!mXT#oIC4oEql7jNH463|ubj&faX+TIO)*cW+i
ze4QxU8BH>nJPSGAaEw3?5N;%PHNI=X=|wXeGau@xBI`m_NONEJ*7W<r{PZ^|0Kr@%
ze*o0cMrGO+ZpWT<X4k>uDM_?3i4%4J-}RBNnvdk1;|FyPV~3|HU|hakmz(K)72S1@
z;&vap+Zi?*6C)F;Z5DZWHJxG-Dc4p)r^ZM&yY2+LQsvSSkaW}4eySqh2ipu5Z*v%H
z*ZIQ`<$mBB!M8`mppEDGJ1YX;w0U;*tj+x*OA7V4&kZTjoJg@e#4v&54C;QAKkPDU
z$Sj?lBXcK@QU*oHCi-!^Oh3?85<Okq7dbu*TyrI%@)B`y<2g-ZPIFxG-sD}Rijv&2
zI|!R0XVFKO8|QQCgMdVm#Ls|M&7chwHSVg8r`(OM7rVJI79;q5)^f?JChCc_#2OC^
z@*#J(*WD=(U>CdCD=8fkQ_adtUqL<T&eNH}@@6jM!9uP#%r>6`mJ*!0?y@%v-)7|5
zFWU9(Bv)tInM`rCxe^sC^z6*k$En!1LP1B7w`{;ft@gkC-9@+)K;KV^NA(LN^lLys
zQDq&9IdU%)zM76~9C!`gA06CvcI)4-o$(d3n=6IZnnVzif$y#}2DLX_pQjjWe4gq}
zUDNd$bmhG)-}hicdz)03uIuX(`#e^sxOI^(aav&3lg(fepPJHXOj=wx-kuw=etWUl
zez(E&!%dQ#A5n;-*-1;(7tf5xw8@aBi}?tceM8E<{n-OHfvti;74zvN{%13gqkH-y
z7DWc7icisWixP=vV!Y7U&s%n;khC-9e~$}WaG_^RqBrBOF)sw8bc?eR-M{X0B_pwB
zvYXBwm4AMqA-loKy+4uWrRdU>w8gJ*T)TtMipp~%;xHrFq(jZ4+6qQv?a-7&XX-Te
zYeW(pjL$TXgd-Vroz<_Nv6BvRof|({Uln#`uU6)zPq<y-qX!NpdKO1<VBKOOE1xOP
zgfM9o#Z8~RhX+a_0V@5^GVT9BC4t9v=X;7P;r@h2uu_g4tu8r&Pl)d>$`n?Qrvuz#
z5Cui=p>pqA>f>jFoZ3UHv(Lx;obo0Mv(ZYZ!8I0R!>F6l;<bz25H(2-idwlLZ8OjN
z>-u3Doex7GTkAE&WrR;~koBNNJsa2V25-;W@?kFcg%!)(!q>6FL+f#V!Z5OUP#|FE
zaOVBo<)4RyKedDxGxUJnw&(L|t~l;cT%8$)S^1Ize&Nxcwz7Bm%4Py1anE?A-|O8+
zTA#f*^W9u{3_OO*qo?zyTRSbvIOmHImwH(+2N#%ivOb|Cxb@c~B;J7Ss3EII)uK*l
z)31+qN(fnwjJfg2WEg(jf#8w^{b2_{f^=JUp)7A<51t&wD5I-Y*W$#nhqqjnO>~%d
zjwlj0AFs+yE8}$CYt(akI*0f)<u1jUi!tBP4nbJFL$O9F<R*Ucqpf<=m*f5nXYw(8
zC<|DXyPY6>v)|UVM;=HRZ;nzLH>ULrVODu+ZXw2!?N4VJsBPak@~3}QS&m)SSI=rh
zCRDPD&c$`K-@X|s@nJ-JwWohL<x)QNaQ5Cpex98)&6aODmaGcmHkQov>FhMdj8Z{b
zFOYeg5y9&&We?GHMND(95zQ1*<Dy;^SHpvZjd>XL<M3Z}6#aMSD8t~<Uzm_Fr#V4n
z>qh$)bOtj}Jy~bDYoKw!hIWqHeZ5d};(m!}iuDagVfKx{D=*McQt$BN^BZi!#fp-P
z$y=?Y(8$|^4v~E9$`K+**VhuJ^b#(aXZbx{C>qH(fPv378O?TAjxUCi^NPXDEsiYY
zWm1D)Ud=V+7buJ+9ze2pSg=4Tcy}5Rz?RigQd3Fl_g!FKuKPfmtV1-et0qyc;B|%D
zyDqe#K#KcTqFeEx+-Civ2h}1vDrS2##|dYQXD@ts?jUe+=qHOe`wi-nVr!;qDM^}_
z7fs>Ks2AI1t{wA+nuY|!#=|l8S8+(Vg^^XHGQ!-GEpH<Fx)yFk4Z!1;6&DjRMI>x{
z*V+-vNtSm0=Rpm<xx9cfUBAvV0|G9SIqc2<kG-!7i~8T*6$B|s5tJ5??ru<|yE_Ew
z?jBN*mhO`79vY;(yPKgqXNWWIeSYWc{g=CQd+vF@%(Ff#-*<)QU&@q81HV6Ciu%xW
zx|MG;iYEE^DSgJouu*(asuO~a!n$oU2lPDi9_HL&+19>wd+3xJ#$41zcL`;&Tv;&q
zBIhtUyW(ats<HXdlmlSBv3jRv5K_D{mGzy?Pnm`aw(4y3wJZxruhr(<-H`7p&;uda
zgvA`Jg#f7AZ@68GH}Pg#cBidSNz@rV$7q#M&Pcl5@!Z{Bz|p_(wSa)_o&WO8@}+PL
z*KT&QT6Yv`;OI$j?4wDoVcYq(3=gUytV*Q4DaiB`=aW?l%l=iYN*xrU(ORT<^aivY
z48p8x|I`eWIa%(AjR54Bw8<QVajt<6T0y$$V@E5#gunLVwg8p(i*u7|(oUl2`|m&2
zI^G|ynlFUXD;eXTymW4FhW9m~xN`}2yPFSie#u+&8tW1K`1=ut*I_8zrEzr}4JiWQ
zjHeDf)ODbg`Sl31;@+f;A2gIi`gai?N0W)Wg}z11tEIoBHa&j(__Zk}<Jhw0V=+lU
zTSdu9L;g$>@cRQeD1+zeG{$N3_cDqYFj~0rYBOF=@M3byKafx#{_DyNV>hFrA~=7V
z|ANSzhLFq4+V&tuZ{>QUMerR50Y)8(_<e8KNO*^ydgARxV)$Tq_{x%-_<fc6YUWis
zri<owJy!)9UsFK|-SwSxY+8&cl=gyxFwe7Q1c(Lu9Ckk~28tG$rFo0Bn#lSka%p?!
zx^=^y_Iv5o`Hu&!*DHZ(Q-p84Zwhl`csQ#x^>N4U$BC6PT%Uko;Pm(3Dx(4#U`h1i
zWtjV6s{?oqCsJUzw{vDQeEW~-RXleKM-XH%<AGeDs|<9o`fdzVUWbrmgAMJ!#>Lhz
zQXO5bVf3}icK_6lMl(0sD<EdM(=Tm_u=CDW68n^vp8aT5JJ_(1e+r6B87%J%lP+0*
z5_u-XsIK9KFvVg&K6+#wGj{R=r;;;8+f{v)7cX$&9`wHBc7c0zbfy>jM0afSy+lSG
zwvrI9rZi_+&pcn$X+d?gp5KUOh60L^)b5%8U0+N|`dU!kYtohzQ-%x4{L$oO&#Oe<
zzx~)Btxz_EerEc1gNgm`-}xuUE$IJax#!b{$A4MEzm!To9E!!NZiaSF{q4H{zyX;Q
zP?EH?UoEoXc_c`P9m)l2hBKlmJ(E&HKk1tc<vD99^!Rrop2u>g)uFWndn=dpGnC06
zfWjO~RnGpu3BbwXe2doXxLbs$PE@h*rLwikrN~DwJB8rFj2GdW<5|_7B5!9UG8{MD
z-vzN_FFeBFp$nyPmJCeVxkh|@#`X}Wu%JROV{q&r2fd;oc2<#MKu1HiS){Ad>4okC
zTf(9OfqCqV@9F{g_A)IINtFh_OJ`FiM$Y;1Rw>h5*?#3##R0FERZe=$>AoA~T(*_f
z-`oxFAm^^1l<Q*9vqS$gwP6nw(fnItQ?P&jGh-D3Eff5QHYN|T<lC#-3KH}2i6krG
zdmZ#O8B~)P`}mXbcLIA|*_iZk^o9vDbvg9g*14Cewav#pMYxOpze;Lqq$h>i$E`F2
zr|L?7KL>CMmEuC*^(!MxTiAFf1)XMPW+|{EFw>9{_U#+nT0CiQ_r-$QRwg5MR}#0y
z0#(&+f@g9aC_|43Ez~{Uk}u8ji|Uv!=H+aq%Bm^ba_~Pm=2Z<bdO)w#xp*>lftoO|
z4^XfMFT(%X1+ZmTqUJs@Pd)_u)+o2C%Qc(EG?;bv8PY>2GZ3nwS6i_0qWtX6rr(n2
zM~IjCoF|aE5f5%a@r1n)a#6@_%wCpGpp3Fn(bUz|9bj0v{)dqcR>{Cb)-!m%P$nt-
zk0rO9VnzlmxV>~)G%b!`FV}91?z7SII4QN0Vd=2zGs;Q!;bXUwdH!<@@&SzBMXw1$
zo--gC<xJV{*SfsCYPE+P-1i}#$D9MyShGbwA<GD5(^7+O&ph%rmj0DR!)+?tH99sY
zTpw_eRJBM)J2s~Lf|U?Hhz;%M`B4Vr&Q{2vRXDnn>5m1)PvyL7nXH87pYc2z>khk1
zF3HSR^9i3?#9bt^(ahgrV`DDnIStXH4r<R?yw{O_yM6C|Ki6Lq(}ok0hUnMWIwyBf
zu=`^d2Xh!N&Q4S{O?kvuidJqUx1NM^wPLZ%TSB#r?_u(N{^;8!l6NlaD#7V^gTM-V
zLVtB|rJ<OdvGJ32bKVtM2fkR>@(NF5EvvH`T_t+=G~<8-@8xo3&6^~66PrdG<u>3|
z_yu!VwgM-bqaC~x$bN_s|5Gm7G>xu8d~o!0DEw&>G>OYlpy8ds)y4@pkmmNLLJ8Yr
zE!KP2JWl|R&uZB1qg7s4Y%oN{&Ex4>WrjaLao~P<J7<qlz8W97PkVI=<=2H%uk>ea
z#>ba0cIa1hP0=1T2ROY+^A?>RXD{uLj84i(u#JwS(*)g~-b-mo?K=opv3X8Nz435F
ztp28ERzyb|IVw`OSBPn&4b)-Pb=^wq`mhsYc`9@cRG9IQ!A=8j)!sQwj4ZO`Ao)eL
z$n^G7M7(=vhR;21<ze1c+*6rTT+UmwHC>tF9R)GN)3EIf0qtNXgB-T6&sHg1eo7s^
zxr5+RjzDH&8Lt~|Ha|?$%3BK>+W)OizIY7!_~J$D`ARZ*dOsgi;DN%9WGQCw1vMPp
zBWT+g#%4bx8-7(OkNdN%Y6#}tzd49G$%x%2xu#*~tpTM$5QbM=rm7tLlu7w<35W!3
zQ)A|em3tXIb`EoLA_4Ic#kcc?acZDnXm*VS^N#5XGY|}H!sRi;H54?1a^yHNh#(Qu
z>DiH>uHx4F=*J25+;D$oKY-c<iP51-iEXxg`2&Vj^Hn1maRx`(@7g^vo+)AtZy`w(
zq|PQRk2rSmXFSAPa{XW|)v*_|>UBmUbva7>K+lon!HM&UiGnUPfw_lixdneAysk|U
zYYGLbuH96ghONA-wyV0ZNZIQ5n!1S*YL?jkdnbu%Iv75s;5Hgks)8)1AqBcS=WSZ8
zh{c{aab68E&SHyc0D|eWb8ScNi8!aJ!o&mx18OQsJ-eqIcDMM~N|Hu~)<e^BZf<=&
z#7|YF7JLk-IDmzp_x6Eq{I%L*1jQ2h2y|y^ZDHX-jD5L4q~-CC_UO6m4?N!&RM(y(
z8Gg_H$%2v!rty>)^T5qYds+!2ZnO_Y+7py!+BuLxrEO#A{j%fzx=S^qa`ca_OjS38
z=VjR&))g5eDQBvI7f$7VnWJ<3df?QiIhB+VIa#8WkIE~c8Y)m95M8v4iz<@EYkUQ=
zdZ?QIG2Y00aMLyB^jdogJ&&PTDPOH{N<>WUwJiTPJc#50r68e4v91XsZgGvw@EaN)
z@JRv(EoHvdvSIt20KM>j3Jc>-j*U!`fZmyT5~rEu!L&oRmCFZ=GT!U<KEwEQN&jD9
zmu6aqMg`kR#P+twOb8o-b4urhg_;*@k-y=^1;R}tM->KdBi4<2$ud<ujQBG?4e?eS
zO1V(}1k7&+g@-FIdf#h@Rp8_q;c9}<)sQ}d8T_MrDV0On1EG9*FAL|VL?#Cb1IwQ*
zloe(}Z>TLa8HxDqwIW#bk_0lYYdzmh8DDPLot<ZW$U-ukgfxskGS)(dmh<j;-nZ=_
zEq9dAxY@5MFMgtQn>Qic;u$>$Yr_h6$Z+yZ>V;s#Io#G-Ifjn?v`rb0C<Q<&NNGPX
zyMg74`M<stHUN)kF1p{{e#Hl{s$CAMSL}nP@=J@T!59IJcA+>FwN~b6Ysn#+H*V5%
zEfcY2F?V+E3UxrV&&7>3&;vCP%*X?$e3iOqgQ0R5)R~QHU!YW9yj4)`4eyrQNZ2i}
zdC%VvdBK&u8UHqhmSIY|Iw0(XfNhcDnkI6=cq_HP7eOXL@D~GaB31}02HPjqajgae
z+orC^jxu(?vo~O;)?r$#4uSyK?R^F;YqO@^PKiqN5s}JTKi$erAG6=l*@GOQ0Yijk
zffeW{achardzQjl-{hiPKI}N<2g%yi8#G=9B5(khh6GYekxy6{OdD#L8rG`4Knnuj
za4%;Gbw23L6yJ0;d6jdxrIY{dm0;kSG4xN=7{|2PnR_<Mc&m0-y3B$c4q+Y2G$GCR
z_iFg`gG^G{J^T|(cNqHtl`qp0@C3AN+`k<qHJzQFOhlb?Z}oq4n5AO^(5LH#3$E){
zf}*``Qw(CXkHYK-V?{akA`CNXE!z$fT5rUHAazAM&Br9y=7*BY5_T`kM%BFB#*JTm
z;%a+BaRd1-dbrd@t}oP*ynKfH`;G92H~4~m!nS>~I<}tRC6_QMhECkbFI6c$(JI>w
z+I65ia4PR|a;dLUO#e<(Wcbt=pIc?$nrJ$am9`--XtU6FY>0Eh>$zbN^)Z%O74fwh
z&N$t`>2yuyuU55wmYTN-Ld`b``7LUf4cKWs^m5d@>G_N1+hk(FnGrF(nm9<r(he0-
z9dR>Hmc$zcrOa|}FB#ed>vFc|rltt*FA=Dv*z2|4pScv`j6RpIw_@mDz{p`sb*}2Q
z{(c-0x5w=kY4i&tv%qburGQk$7G|6eMJLirsMN18G0tKEj>gM!*_cg6KOilCo}m)p
zVw_c~J!I#;kJ+1_?dQJBziDQ&id?U-cD<3UtF!Pnk#_u2ph~YsrPdJ#ta5lLr`^b?
zYaETMni9|%2Sw+zTDR#FK)08XL6GLQ0yuE$9O5{>$j@Wrp^06A#WXmXFCtZze5Bg!
zR{L)SLf%<?T~ORB(m_4K2l0g+=<8QKr#u56pirLu+B`ezSV2nHN=$5{`<Z_ThFV(r
z48d(@nRTwwE{mLoz!1^J6J9+5m;5%>qlsxAfQtR<`#Z7nq`~=&qsPNI4JE9g*GE6O
zoFBn9=OwCLjRe)_w92~;yDaGGF>-q=S~@{`{)@n<gM7lrT6KY+STy;#-P)bDFB$gi
zOs5kDaF_197SD5j0fbK&Xv1h#HvipB{ogwDn-VtSvzfqNy|c@N@wfB(%;Ku{WUJmS
z$8E~k_NmK@?IolSTjLrQg6Z5P-mw=<$J>Wav^zJu50}^3@hWw3-ZR!=>UPlhYGJHF
zb{NsX(zvf?+t1;wgGV%Z2(B9KbA8EhAvJO`fNQ34p4Zvvb>PihM;|U>>0vnkAph^C
z-~TQN)`X$ufIyeB^V_A?L78*Aw5K#+8-BF5W>Rn>#YWK5AjA|4BBVGl@v?YDhxOua
zuLY}-7p)sdI*HBPhQ0nmecnWi8T5<SV?Tt?It;&w8T+mJ=V`U4@+cMq>wRc_e5@x~
zz>C_VB8eg;z;7lCBGOhceY9D*Y!w?^xl^;2eXjKuDkf;>YsYS8%tf!<U_&mR8Zlu)
zF<2lg!i@OCP2){(wf%wysT?M<qiXNZ@^R5Fpwzqb@`P^r!@L_#hD4T!_LS0t1IpI(
zh6m7Y>49=2G@%G>bV{H&4?YqfjGr9A5@{ny2we~rbFUK=iirp&%+aj^dKolMm|WXL
zxe&cu0pS#;nmkhv`wskR;8YlpSr8r2fxO+b5|m{~h>IFK(CL*NG-Y`EmiCok{Y7H2
z>+X}lJpJ-Z$^G{Gl385bU_Bl&{sQ5YZt}2Hfc|u<LWmCT{<n;HLvM~Wm9wuR8KE2Q
z!~%eYs6;HGgmmM1T2+iKua~h-OX8uNYx`6x7gCFmO+CNN#hbnNN~(LP{5)(|2_bIJ
zais;Xp)dM2CzULyr3>b<{OHJ6wg(B3%1Mzlb^iKOUNwu{IoZZy|MWpBWNnb(uJ6+?
zDl3RH!n}d%%+Siq6T;iumX|>*kW<TiyRS0UlsK{#CBUn}J_oEpCqD6y+p4z>0nQam
zk_U~3Cx^9%UHfaVuik6ro2Xxh9AV?`Wk!2wlzO1Y)0WM-|Egy?qBjHi2KefvwIFU&
zJnQ;B|MVKN%60$hslrRwXp=|t2)_E2jn7-0_Sl9J5gHP~pq{>6-`A<FGKc_1i6=Rs
zE%)5_BwHvkQgY$m(_Q2d-|u4NZwV`$R#AgA@!o;8m4U{|i9w}9Pb~utZX=D<#q>wz
zO(&09I!i`_it`M)A&pwCAg%Q*^qH2Y;08%E*EZQK=js0EdKn7Tp|VWBdu6UY#mF$Q
zz<n|gpas-U(T3yS{dC%r8t<Q(;toQga~h_8D2$DoM4L16NWq-2`Bt-}s{LZo<ycm1
z{CBDoS@aAdz+UDcfTtv>`LmLsQP<(5Y<w+|#zRJ@{b1vGR!B@-burKSro&zKZvi^S
z<lce&J!s__z+C+FGjcmX02GshIUw#;r{Fb!+l&TW@;R{Y*;w95Ln!Ow$I&8W40!!q
z2YWpS{Jw5VzRD+)?SzNV6H}(OHHcHj*m1VZpjrQU=wJ<mPmphj=OB+E7&U=$h}8&e
z6iIaMs5miqe3V?Q{1NPznt^td*yd=GH_24sq<2in?q)0f)SbOGW)5vza^$an*sc`b
zG$8YvhMr1V@Auc*$*~^B9zgD0ov5z<30&mM)LZcJjl7W|NKdp46)l~)MFC^!093)0
zQmZ;Kb|UFhN6W|bdQ1w({k=%UsiCAB$+adubAvjY+1AQ?3}zdRJ-r-Q`HNfaCSWMD
zHf-d;)ikmfjt(WG*bH1fwJ-EbCH3T8&&PJSrCf}V?d7$oT8@3~khbA1>`e@`J}hIw
za1Mk+)2T@KJ+%LJ#Q!31f1^TQ*P4X7D7Bx<SXZu~kB-dE#NhnawaG_QzR6BOO&4f+
zqwzDE<zsG`uBSY9bj{Y?%TB#IO9~He!yXGIzJ2vKoCcqI`3-Ld$4wp@!);0zcbg-j
z7v=$taTgm!bkt7`1$g)dCFh%Ck4Hh*_z}rC-ANtgei+d;29i6!zjf2>_{B~&$TB*b
z4V}kz!fq3_$eJ2t>{AhN$o4GtPJ3(&R%ZFmzRCLV40I=?QA{|_j6@aB?f&Ig+Npu$
zfPB!Im`XxYwFlL;q0`(+jT`l(q2=s^Bzv07fJW=P*OqO@{h>O!*CXlWq7<^;x5g&9
zM-<Kc{39*1(#!QXv*h2o5Bl6%&*5UtK=cH$>YOzK(M1V2+ITK@u1?mM39m3R*eh*H
zlE?K{Sk)8^V(3ttY_9gH$7difsX(RDi#4@^$}2unbS*6|H%t)8t!Jt=MCE25kF1)I
z3^8`1_SNH7Nh8@Ay~S21&=x4)YW33E00E@HD07)3V*{OJp$PJ-HJkLhi&oLerXQA?
zzA8007vAdhdEv%gM8Y-5IgJ*a0^ED(?rf}y!>4`Y)CoaLuD4nDN&H!C@0?lXAZ%^h
zF;$x}OfW83<g49Ffw`1<^=ICu;Y=h&|CbCqWssy*9K!jdrby6&kdahA#Wo+VN=Jzi
zihFk*I=XqmJFQ&B9=&cvOUH>26$?GQ39_X#$&0lLj()~r-rMUR;s;PtEq8-XIb9ub
z1GQdsI!^CxQTuW-ErmGNGwPOk4tFmpwap~69lpOKPAT_ZfOfT6BOv9<!kAr0S9PW#
zRVr^g98YF*tiV=esr1*#o`LLj!_pGzW&urH<JZYk`O<~z_RGfRrKM&+DG_&JMgt!v
z`9&%&Dk}NxFfaERqqym^SO;nbn!Zs1kC6a|SH|5IgewJ~>+M~x-dzLD9M+4o<PJSR
zQ9d*=M*9C1-7+;1ry>xAYcq|ZozwbcYpx>cG9S@s6@^}ViE>(MMv-yt^D>cZ-`gv1
zIH!Lw#aFpwb@2eCE0@GNAdQ&{XV+$>4-Gao_Re@)wpON)T;jWPR;r!6Gkd19F;>rK
z7-7Ih934@a*7vD&G2Sp;-b~s+tBJQwrMREv{eS(gf7$6;G87?pm(kOeExSe{&^n)S
z-YZEFnB%N^Wexv9CgYhno!JAO>k$fX3rK~ckYmJ}&AYCX*LDiC8S~dGmk*$i7}K}D
zr8#WRX2>ceP`DX+>^&At26AjF@2!*hI!uZ{iU3ok{|rSWw14`qK;bL-77DRTZW}Yf
z(R>loF`u;Bb3)GvYaFJCdH&D;0N(v;uY-I};4QCRtQ<yTv;>H7b|7}Un9u0VZ&oM`
zdpZ=lfT%18b0u7e&x?b-d-c(8t$f`4rDaFuv`x=H(~kf7;|f0h!R`CM@358I`3liP
znsql55-0z{*nN|!pe+dOXGP4<$njtJKg^%+{1!0?d9I#-_7}f_;{P*Hm@4%zX769G
zm-z}xWtYO>22(!=ghMAdWS~=0ns3VS9G=T&p!h%Dp9guRO`iATzf;$Lz-{(Fy+kt2
z=0neA+|Zw3?gPdD@ob|KNuTke&`(Z%frf$qFM$8A0sk*1us_o!!TO8^W#*x584(KF
zUCsqx4!walVcdUh@}>Y487(p_)M}EnQKVp|Eig5+wZ5Q>ZTdxcW8hGd8L7M*)Z}PK
zlcWCjH87vX(&ic|J~}Oa^$30aNgM(=+L7yuUh5m_e-i|>(p+s-tsUU5_S9}eZOEez
z|2K1_R=mgj9<E3mYA11euoV9o&i}RNTG31rubqlQEy;WBblb;0{%o=1Jr1h7IDt}a
z)$6Ly3aXl#c`I{VT#Yh=7-Ctvvrfvo5wfgs=0Q-?TChvwmikZ6^DhTkVDI}Ydozff
z7=xf&_d(@zFg1ob`(P=pUjG~8{7W<IxP$DM4|`VGx{!`34S$5_x^R08kW+p{WS%f5
zqIL>Y0Oi961JAVdv%eYh68Jg*v(7VEBAKn5&cw#RL8@Mi#<YWjyPe8cL&m<XwA~7~
zTIP8cDof0dVPFQTjvc77WgnQAtuEV#vP4^VTtA2hjmR+yO8>aFgE&z0U#=??3;uGi
zINt=?zxK&0U7NF1EAt8tmhD4n6JKS)prKg2G*QDHXM^p4L-7e%-$%x%p~n2pe=|gg
zY$`|7`j`7uzn?<(T~!jHgH`_{Bhog66$4t=rH(t@&_SouG$rAkQr2yThL3rfOQ&M@
zT-L|-e!*1YiNu-5OtCeADvfWHQ}&oJ;fm6P(#$!@D4rQn(YAnXbjW8I1UY)t9e+Ld
zjrr1xv`Mx_+IILR|1mm}hCIt22=OssbJ?dVih<7UC_ra{nqU8|XTHd|6_(XBh^WF#
zKb(pT-}sk}FtU}WHWlD<s<y1`(S_PiOtuQf1J1RrzecG`=(LF_OQ&2vna;EIwMy81
zvTpsFp!yVDqTO)m*t6#V&xsi52_<SKVzC=bCglzJC|i!TeMhDuDRL^Ch5hOyty)JM
zW0;@DFiHzQuM}RALE5B7xhxWM<n`V_n@X3`N)5H(Xq==~jviYQ9q#jm1qrzTjZk)q
zZi)>pG_)ySCbi+HJ5}2-Bd|Y(GVd^p3N*XfE1Q>gUwe8(YFD)n#&eSYKNM9G$BK$7
zWw;MIJTxC0KA7{GD=cs1aidW>EOKKVB=+!}W_|b{F9i)#N0<e#FkdZGlD!&^x&~N{
z-ECWKT087{8y}=N0MpD0%DgMr6ceIi+`D*w<RXh`WaN(|wLUd>u1Ml{4QIqpWodYc
z6dq@HwcBVj99)c{61nab>ac20ORR7d#mybrNCjRmTcWiIKq;x8TEom6Z=?dzI6xMw
z(5zT_<}pcvdQnOmMx)y?tRK^G2UYe*&2U^qsH|5Ui&K02=Uyv_0ISE6aDv!Ps%4`d
z)S!mmu+~9K)+8S9^G8-i6X(&~^%&jcxorQz?LKGJexcv|&@SRe&=>l@ELSL#0CwOi
z4flFzF0q1q{419VbC=9=x>s?^#vDVTV6DaJTpeoYY%1S9Lryp`Z_cO#N^ft_fXdW|
z+|NMIEfUOa#(JgRsVe1<WtQwgdU2q4B%p*qT!NMJrJ8Lwzs=jiIl27~q_%zIQP-S?
z2g{K|K<TQVu-^snU<JT@G3&7%xUoea>DRd#)a?G-{*Y=rf#1P-BH~j&wb$$MZ$yZ<
z+L<M7PPd*+JWvJxpFiI`*N3MpMa9u(C1*Wmb-}JIv&#bYq0s8gxpFq8qjSSA7Din7
zhPXw*cr!A-)X<4rwlgyidKn1uc*@RZho+s;EA_**x!aEzOJeJ$XqVZlh9H?m1a%tZ
zyC57q!}1WiPl#y9k=5p9JT(w0yFClxV$F?DkBvDRz)Cf5l`r!0!df5J7vst;xvl3W
zeGp&;aP_Z>M<w>2A)YJVnx3yI=_IsP=tQ+#gt~N>ubs~LH!Usl0FA!fhWq9%E5CJ0
zrF`PFIaKUUmRFg$h-s{A>uwG%5_p;`Ll4S5j!79!VavVRZy3j87Jks*@8ETEkCW7K
zbnISJw)<MRZkKx%lM&IPQqF4mSTw;ged(;zJ2$c|*t7girdBdLZx|1s7~gosLM5Zx
z;q0=%$svaUIo@X2a#5@j-e|qOo%Kd4HxSe+CxbV$eJ#|f@dJH1sdJG+Rx8GAp+XfS
z7E`xUJ)=@<g<Fl!a`LXfzq2V|phJXP4CuvV-~CBguBZ1>#N))f8Xxjol86r?4P|gf
zss33s@}DnfOOt8NL48%&Nftl<1?i$Xl3v|zXsU>fs#$C)4N2$NlyF)RnT6;0WGGNX
zYio2fL6lyTxvuo?ShWXSv^KMx{!n#vG>WQ4#el-jch91$dvzfuhp)Q!Dlh;6@8U9n
z6uzARV1>U-%0|AFXa(*~;|bX>i_Ycbt2p!js)}Dy^cky%!JO*eVaxiWXx2vXA+KI8
zfZzrH`6Dkf?R1TsRHG;@XQj&O6mT|q8@krJ*<3*EfIC$VqB(+S&gy<v?|L`(b1a}{
z?_tU0DPh5D$65)H7N&O*V6DnpWBwZkRu>sMDVAW%_E-K51ILFY|6Q=&s6X~mVV2us
zTP^Wn{y4H%CV9$9KjWAzuWTOtAkw{|AW~csH|QOMPT9;cO><527LM)scE1E6hwOvJ
z<aPDAFL%~$eap%`2UL+Ok7ke6Au}m6m1>2eDeKv94|H<1&l<K8;uO_Y`Sv*|x_Pc?
zrl){j!gdjgWoH_dalRCN&gCzahS!{fAHFL(6!Wa^P$#Q9b;H1J{{cMF_>!MV-ieR`
zy2x`&<}25_agQyG>eLEV#5RiNVyBXHJOo<}KuE=~XNFg8M6n62y5X)>P1DKp#f`~{
zFfrL>iPig_aex7hu<4?>QFOoKyZp`<m0wBX2G;#1e`R~1^<7Yf<Hy@(dwz?N?|%Ib
z*KwL+($y46$K>CXPsDxzAM^xMGJH>Y_l4o`A|6+fICL=Z&&mSTh`&4be0<bkla1{n
zBV<;p_Og$pcADeZGQFh(F62uDoYtk5^A71$Upqb)Y#UxJH$4bH*0lZ#NmcH3Vz%Vc
zclT^&RFYKPzgR=Cxp8d1&)&0-d3D3T#q@<%Mc!rKt2!3Q$GJB)Vo$OQlEI(%8rtv*
zlGCQE3NY$M_WdwSnk@3ZHJL+oiZa+|6mAYOZ4&GFOxSiMC+T_I=qhIjmhh9;{+Z&o
zKbwK()nL4c&Y>{TL3Sd2PsNfe=b!{~YkND8ZRzFFC1*k4UA3Z2Sv{txVcXd0v!v%F
zvGrD+ga6$aGjyl{esxI{15jI-Z9Z>de@i)8O|Qkjm9cWsQNtf-?$p`j(%7N{;Whk4
z_PN$PC6Iu0O$%BCwO-|L{-;&`yVCuQ@B6}PGv2DZ+=Ga)P|*9b*hmT2hWadq7wo*f
z)QNP0C)iOwC=F4<pd&T~B3BHc5`3IMd(xz<p>e1!$u?H`Y2p+?6E`r8O;@QYA_J{p
z3&9CJLlSk1$!k^hy=AvoNm=&Gr>!p`Xvc19!U_IVjTFH?5ZL&q;^VrkfA*04XFwME
zj#QA`wZduEdA?^iP%qPNf-sUKrYz+WdT#p)(D=C+eZ^z0nWeb6nP2QcB9M>A;;5H3
z=ql1&KdqdrF}20I`<|#JV+EjGDXp#`i{)#NTmi04^<fkHJDg}E5+vV@RzgCh<0yu-
z(s%ETH9{h$kd*WUryNQ=6G|O43_O{XG45Z!Jz%p5X=oBNeBu*f1xd8Xx8?pSya<`j
z?CNB)dtk|1BER;{iA9JGL1tkE@JC%gwAY*n4A$$bwdoJ!D8NXqM53S7(UQLOwTI3{
z(m&sHtp?lJtYpwU+KjZfcaZ>B*HLazE<@~9(I0QcJ@Zhk*(HMbUL$X)RWAJK>ZxR~
z{5zRbXubRg-dRT)$V3&w(n53C<iOLm`1{-)(r^w^VA^dQ)0Q413N&M6iLlb*bz5W%
z2?Ph1d$yjWiJ5ooybjTbDY=Fn5ILL%R7pP*!3x}9_Y<!-ic~HPkH9A(xiy0(y&3JZ
znm8WEOWqSIl;920v|Fc2aZr&lJB?b|gbc4bF!6ZJ-3VKS2c^YzqsJkE1$%UV%$OO8
zET34N-9-7Pk;xp-eEzbQSjlcMIc(XVF-)vq1b>Bj45|#DogLE#f1ae1BQ6zE;`pRK
z!OKFUy#r#!X^Kj#oSf4K@aV_@LIhSX&eOq)uW)yH*~=hnzT;CIm55{&CtXv7LGBsu
zrtQq{?bgQg5D@kPLVcC-HIeJd?_N~UBb5L6l58wTmx}ShWiKJhWQFwe2&u1-8~mYO
z+V)Y@_5aM}|LCWr@7he-B29z|#W2sYXyVEJBl=3?A!XeG2ClJW@h_h1a@u9D;t{n_
z!Qt40ISNUD22h4bVw$P1%5nynXWvk0mE?FROIT>lox#qGeuJCifZb&UBj8l^jSJ+D
zo4|!91*JR8j}y|ZSBlydx*PZL35{Zce9ECh0!u~%{?6iIC}ET5a)R)+2JR<<(B3sY
z?4HCEG)>)k4HBi)tw!tM%|1oEn)oW-mT#C_Q(-ZGaUtkZ5AS<CrsaSpekEzMi-$`}
zILH5_um(0(gT|GExr4Buy@Ay6uQMR}V@oZ#Ry>m+&uF#{`pt>iKn@W<D8u1at@CM2
z?maW4hTuD}%<bEiH`*Y#Q?@YsISdk<C)w}PI?qjU#=pfU^d6Qzux-NoqJZ76CV86C
zV<0E0JfIGcWpYzL_hXHuw!TK0aW@p%8|r};<y5_^TA)j&4%y6R5HA+gHowLoWbC!g
zO)NIn=`A(v9p|hsFLIzv7CgXvwFlRfuS#in303yD|G*_es!7UtmT6#_g_fT(bpkxi
zg`mVoDSFWDqFQL<@sn%UX)6>v3?)kytT$=jdFd92pZtF79PU%t?~tc~NG*3~oC)U?
z^oNO8uRWV>Hcq<&wAjpRMX_ndw@q@rt1g$>->Yp=)VVYz#8p(iLel#)_Z&z5cZKl+
z)(A0xoZg$+p|AMdUb(VJ@4B*~u$Q2=GNi@X&D{BEj^x1ngM?JNAoIPG+qUuJe0jb!
zWT7!)o2uXfMcC2<LpeP6U2)|`*25zD`-DXf`jD8;a_FnQ-rS5$OVo4TpSW}O-}U$R
zJ4Znou2eG%f|FVL0Z(`nw#;btiDY-y%F|+5v}wk^XWD~8a9L7-)EBB+bDqD|qA&gb
zhTdYSGp!&!V3C+jYpUvKnJnjy&`=Y;i6x3z+jkRy@pEea`|Z<T{xo?d&gfxJ-<Al`
zLhxOZh#ckxo<zMx(hqn-t|~*Ek10aC+1o~lf6W!Cfd`xFd5YBCg(KgFW}NI76f6hS
z<@Yw=LW=Nj9+PvJ#L|8S330<Oc_76*U?e}+P5cA4=x0zK!(!`gx1Aj(1K+;r$MD1&
zugRuh!jhQ+&Dx0`>4gf<y&njRyh!rE;Dg3*XXo(QJaFpl(4!GZ)$#PZZ&wBQ#2Z|S
zBy+>s8jG@PEvfJ^GJn8paVV&;PjNln*5&~U979VLYqNR%gBN$o)Z3f~Dju1$&YNX|
zQ%FzJIgD0T&;!|~wg-xRO0yf<k(6cu91dTesN5E{Qv?FmUX@bv2_6iFGm2_aSZW0s
z!VQqEsc9D7Mk=JI(_|j?D+Ti2u-okHLlod&%Ow0|CAPze%Cm_642-n27gO`iONaNc
zn+&BiDz=*yfij(B$$^|xMf~Sbu97?BK}<KQKECD))!D2meo$Z#g095}k%w;5G*^HD
zl-W=jWZwQIOnozYKhWjmVPL;6FXn-`>*UtZ;0B)%av8V{q=}=EUld=eC6OmPQeDI3
zjKj3m`h7=CymajMEEJrMQUKivgww`nvzsa6LqSf;v!$uo;ml0g)aQ7>^aRfOpt;Fi
zOdu+S4glwpBpPa`ZIBY~{?MRN;4S*9)cbvlRNn3n?llsh{udkr4b07N`ZT#b4{_QZ
zQCN;32dm-EKuLC&13yRZ-?`@R=<-|e6I2mz)qT`*ZZb{K0Crpl(PvMOA5|usPHc$x
zy!1x2a0s8wd)rr40?`SyvHXq?)5kiLXEj<c(qDg6Ev>O?bZN*v1RMCL;Xi6wE_jHz
zP}h6ippA35XgZGh_GWYK`qRN-)X%^pS6!cgEqlvOoWJS)lvQz3at*ycI+67}J^q0q
zrX?V8<yvM9+s)m3W3zZR-%gBXj4SD&)GY#(b=}I6CA6{GJ=CdEzS8u%zRk}%hmL22
z+^*O6e8p6V!rXBpzGm<Hl-Y<(rMGC^mQmtNsr2)4K93mgPRFjdmxs;aG<$!joj#~q
zQhN3J(hmsT187r{$a;3mE8Q*KnXPNFk;>2WiH6Ka2p-XN@r%xKv|U;y$gdyex-9h_
z;|YiU`?B5L*smws61{3<=|60Wmg-e$*53OT{aL0^+j6|N;R3=<KG9KiU*5hZ7JKEs
zoOBTgx~5NS(lDXH72As)>tGA1_5|_2m$cM!f{Kg#K<*@?c^#!;^p%L+;u3Tr1W(A4
z;Gd;cgs@<;K~UJzY4&pe{^&Pi-s<(aM${AF9-sS2z3Vn774vTwx`V2LQ~Xk0dCqXN
zo%@}a&JPPFw?IzFqlH3*0O&%4QAQ3jc^rFXmLHjuOOTZE3y;}&Uw_Xg$a%VmBzvN)
zHD3_b3b4bITZo^|X0QBYAETP=Klvsra|Us)8My2zsFB5|+x&Pnk6<#_OiN_cR-Ac@
z(&4?OhXMC#@xJ|!?C5d%AJCKn^KtQvE>%UN&_UWgRM5Wp-?bkzBP8l2)T6C<3Rhb-
zvAr)-wklupd<jarCdRmF<aaY2yo|L9#7B^b#1-X59+%AJBa{EbxU`te7D&OH#mSld
zV5V5}GLhAKRnRpolXF^ZfNj*8>FnYdsiomUu)RY3laHu-Z(a$SH_T@Kj)H%}YiKGs
ze8XF1qR>$&1z9<yc(Q{G<;`c)d57*-Zf<@UShJjOnNI-!OF&W)^<(<_=gzn$#d12g
z6Fb?Ao@~cxxNm8T>!EV#6+|ud-r>2bPfe>j&Am&(64c_#<SX8%8E)STmY4T{D}m})
zYetDYk&W)taoYEDT)3<nKzHfm%`I=3gS-t}>W!*s@c$78JB96JXL)ml!yLf{ta|&&
z=Y?1^Gow_)Nd#T-Fz3^~0G4F=0HKeFiMTeZ9pbas7yt%Rq?HV>%2pxk!vw=-?hH@q
zKYcz0X0RebiaI^IG9YEji<Y|U#}649XD%EU3U^N%+lwn(5;J81k5fawliJ<7!{izs
zJLD%d+QUWP8#&4VX_NRKe3kbG+*IYLLG~}kYE)59!D_kywphFzOrcCL5}aUiG!J)A
z>6*&tjX~n@A_njCazOM@0S&zRgJvA~IBePAcWU@D1Ipv$XNll7V&(K{-Q(9{gwTp7
z^D{hPp;2tU4d`UB-<6K3Y3FV60BwW6(M_(+8>^{q&6-(I(Tfc6{-XP$*iyW406u~)
zoniS^J72=YtI~Y*6Z|(`+49jImIu8toLWbWmFz}6hDW$vszX7x#oF1QDdh21%0taM
zUAz>md)hA@+-5p&9~z8C@^wu3u*}njp=T)mUEkP-BL(oWSy<&O1qo=Jjcb_=SiRbs
zRQ|X$+j8O~X4v2xApQAQ@}CUi2!1?`H_ndXCYt2dq9&Z|S0|w;YRJ`RpIZrXyN|_J
zL5Z<S)HrYsS~B7Vb!{cOLp%Udke@s$;(jKM0{zRDBQb7fh~svcfgl4nl*D@p?`Yz{
zfZ}I%;`yoGeRN{}Wyer{7P2K?LXD*;puGRwZ-B?7O+e>TyynbfR-}91yNxuhewR^*
z5z#qgzd11`B?ID-F1u9St(U8cP&C~hj-TWlsAwOzoMN(?n+pgHMLw?{O{blB-+BNp
z#y9u(!w*s$<J2`9D)M09<LY%s2+m9E^=2ybzf>x>+dWN`U3Nw#x&v;bR_R?wbb5F7
z;0rJ?B59TB>&~1Fm7w@RpK1|Dk#YlFa=C$SQcmRzA&IBP>|4PH#gohRm|~l~<;iic
z2iBWw-Rxd8E9<1lOu=fK?Y>zcwSPrZd@Ju^6m?XHq(PNAVF{=M6L$Np?ZuTPUeCix
zr_mEO)kzLvZQVnwT5L>`9fzFBt?zh+nJaX$9sMepfc@t90hr=`Y_5FeA|l4L1>MI*
zk2S_-anm*BEcYXn0~t9K8To3%MgDBPe8$utFa8dv66d{L(Vsb`VjBiovx>*QnL3l4
zW5q{B@<+|2%cY^mv#1be$EN64Ep$hk_UxCzUMEyI&T#~UtF(7M${rof+Z*v8P2wXD
z>OKs{y0FvPtuDSC05}*IX*fDw&?>1BFnI|^^GJ&mWbCTVFqSEbxMa|pV7r(I^Fxge
z30Cz?v8^L?V}yR7?e!h!!8;`r5AbxLAB|jdcYGT#ef8{&UoXCmIazl6WR#KU*sPv5
z(^YNK%O<%sbYJdJvqAq1$aVl-ISb~jJx=DcbFHb5aqef_^pIhwt_vuK;=uH1S))9$
zJPz&2mdsU_5Yx$>%HTJzL}^CHfs)~T0#*BjQrapQ(0bx5{o}Q{0GY}pgA`@%svz``
z$!iw^9)5vG_wCVkZ@#OA=4+5{%IN~mMUlx-Q}GIW$<Jxfp?0(B`LW&>Fz<`)+;Tso
z;4-jq7@*tQ2%eDpHY$osv!9=JSBE?=<fN3J&k@KLkx}t^1nYj{=JDq979naFx5}Y@
z(pzdcPm;Bj0}Z^s<&(}bZ)EXRgq(D*Gs~+-Jx}44?5&H+6sy)YGs<Qz_DcUtT#4=i
zU9TWJxlylh^K%`A_Rr9k4)aPMXiB7hU(^ko>K^`Qxo7C$4&xMei;;Gbml`;BmNExK
zF}iEmz_>4B*ARbsI;n#dnfhHRG?YH$H+wCHOCo)C>r}BV;Hjf`=O_VvyK5xe<}en0
zAgv%(VSrzT2g-Kuf6Tnaq52V(o%J$<h}rV?fzT#OmAwedxKu`7wqdK_ypQ5YO&`oq
zv?_QN9Bh`$k$b+LWVjfFCIB?uYX-JQ{Hj*uSF%Y5B+QstM#w1!bmpu`kBUWj^6CG+
zIVn%K(CoC(QFn-ROhS0Vh8slFmUsi<S;7~aEPJ{{C?^<tkjgI8%b`^k!+(S;z<zY@
zyw@G9x`5jQrR{OBbDM1jjRJ$CQ!36!0sQV;vu}(UB*IXmZ#~_vPz9s-@mrz+JCc;N
z1;2=O$LzM}9^%y?@xmrS?>fp=4oOC#C$(BJZl4a*khF2SA-{t*ykLAi+c99?Fk!;K
zg^^);JBp>GGzAMridXmBNmBc=aua1rv>mku6R*DRMT=v)9q03lVogtoggaVo4c_ai
z8q{?1a6CBpa2SNn%L^G|9rZMEzFsylF>$mW1$I?cc!IwkxxhHJ4Ou8MShwZxAh?|^
z#7&k*CU}_t=H9>Z&@yr7S$cyHC|8eh_pK3nf%pQ3<OSS*n9t#S;YgLG-+MFghoF(8
z2k@m~QovFl<Ge{iqoRU%8L7tOHj_%L+S_RM;Gz_5bAt~#@UTLeAF!BQZWI&qt6UdH
z*kQ8Xc=mcWT5hK2SeUtWyRN)wpjSH<KYMW#A~#a5eA)tZu)Vg^Uv~J0m7S{6Ch+@1
z=>m46#&_ZF!>HTa4u1P6SXyEei0Tqm_R!fNgB=;3SN;B1MI_LT|I}c4N>cLYd9;Yc
ztLa~T?;VT*wWeo7H^B)}bc)jb1>_*=b-pMoEQy`Z?5%35rdC_Av7X?*irPqWbhqt@
z{Y~rLyGL6bc(i-H0U17AF@A?NJh-nU@`kX@3#=RS=oT#~Q*)kgk>>z%-Q2R+0CTQ;
zmj=4e<wSwF{6}nf!sS$CuRcHp<?{mL1uSaZ3+QFGZ^ND#tz0GLWHkLtEuLRJBM!$e
zi|I`sRKc@7O^!wfHeJ>mvOXlW#Pv?c>Nhj==d27vIs}~$s><A@$IMPKp~u%g<j}8$
zfA^8vJzN*tp`n}q@=j01^YEVeUMwIyEnhB)$^9q(xD|3^55X;wT-*bRvu>9}&-V5H
z@A{SxrA6d@O9ODhlYo|wDRQd&r$-}iSGIB>ad&Ds(wZ5cP04{`b=5TRkI>aK9gU9(
zE?=C9AE$wG{CzbWgBF4r9`BpFe;iHMgldReQ{d6Gn%#Tvt&xMQXBw2dmXRU4d$_Tx
zx@Z#zcffAJQo-Tzv4iEp3qKEa6!JYv7qKqguOs4lHWGJ+!HmvL?`p2cAKvLUWV<)u
zBd76ujbj48O3_z{Y262XD2H7kNObq*$6!K)5twD)x9lh;o&m@)i(}T%W@X@YB~kuL
z0K|Z!Wh&eU_ihpk`!Dyu-i}QI<hGXaca2!J-2bhjP|2HC!F^-spwQ}Sq?xNXTQmkY
zX=o;D0gqU`v>ZvIz24nI&sWp&wSCpGe7f&Qb6T4g2&xP6sI6nJWU>MA^Eoemc}V{m
z_qseqJGSaOBJ?$rU%-5Y^d*Y;l4_tA{*s<f8Xrf2L`LMf%f3OOU8)7LB%nrnn$cEu
zrj^FUePqrQC$W@z?btopz42s)@ECdCvQZISI;tOp%Ozwb>KX_jC=|gbE4@hPP5bO@
z?oPD4m~w-9ciF;Ved6ZiJvwOhL+yrw6H@#dBmJG&Q}}5MGFgI+jKn=)5J*UkAogS*
zW>-aasroxQT<QL_3%h=XuXjY?-AvT*?le9E>km&<O^Aw19U--T_1K4-S9YA_ce9KL
z@$cb$d_EzbT8wf@={{7npTN4ux-D7m6t)8g5om$Kn@dHy{g5-{Wt9Ed&eQDt@1mQB
zZ?6h4#bN)g%tDz!q~E)0FEIi0l(we_1UgoNspISbLmEQE*cctfZSxNogtp|U?_;-e
z>=01HQ_iFK#ahO`u7xqIisa7JOdL?)MyzANL4AQ4X2m`W|Ml-(T3kQ`FHS~MKG2d8
zfRbtnFxE?i&Iz193VdDVZc^H@offAV>=J?JHlsvm7<P;E@UtDGu{vLfm9+@Quyw*Q
zAw)wIusm8L+P#QxQoG@%#Yr)hSizRv98X}M@1g%ev=Z0qE6MVtkKkmGCJUT63}b87
z=Bh-}Qnu5;-`4h4KVBFf@~Iu=bOEV4*^PcgDc>XRU;U{DqlZ?H!#0lq@_Atc>$&J4
z16faAhIhq9Z{cC;iiAw*^IHy7OzUACNJOWQbG8x8C+|T#QW*Iuw2Vh{+v_+@Nm@vi
zu;*UF{M!+j3c;E02U`e<6sjqG@n6~D;i;szYHXfH&aJw5!AD;tYGtwf5YqKg`?ahM
zRS7En;qFm@BC&(fCDN=616ci)*&mgrg9|wFTuF;~BHuU+o2nUXBW{ZJYzfft4yFzm
z_s)0L#$%T{W{%^|ugA@&(5ZL3ij1X2FH`H!TU3o@xvk8c?7}Qn;u5B?LlfaP(|R)@
z4;%H~xmy+;a!F|OT`Qpds6gv`oW0?2*Z}$5r=pSZdpg1Vuu=@)z7f?G<wCVg##z)4
zF4w(QDBiK5KY2;=k@5(<YZW024xFVi9%b5D{V$PVQkN^r1J?EA2r%mP<`;Z?V32l~
z(($zf@2g5<IxIx8EEsJZ_wimvHg^r1Uqi>{+@<px5Am(b3qr3*UjCzHx=22dX{Ot>
zlC4?ScFp0^*V&pj^oj^#2=F(w?$NQ|O;o0|azg^3elaBM12W<Z-yX5ds*-wX?T^^V
zKXW8W*=&rAA_8_IbUfDEzG7C>gc7ex-+vYDSY7f<Ye>(Xe$dpgb#tDhxNeV2X-4Zf
zj%l5z(I)(0!;!-1+|8iP=hf@uCOCZ9F3JJ+5wXBE+^aQT(6PQ;-J80X*Mo1P(dqNX
zkxd>&GmUHIxgQ!eZ0Mf#SWzz_|5%H0*P^Re8|jcSpd(s_b`mI32x=&OKwUkai&Kgu
zu%)*>!0r&r+=06Vg1~!04V!1v@fzQMCe($VLuksD#)})W_%#O#w<bGJb14%PP|@})
z)k=J)e`5b{za~V8$y7jD7GY`qV_sWMqBwQT7osH@?Ql}aA@x>pE>_&W_T#v{t~H<Z
zNK4T6%6SGHa1Ru~V!;QlwYDEuROUj3^AXx4JEgKV?!#oZxJj*LhAFG6`$C~=<?&rK
z?M(6=*89-`Y&|KDKzIF<XfVCEhx#RZ7a=$8<=({P;B^1;!If9kc*%)e%d1)w$AjGO
z=~)WYSsRpfO67Ww4?}TnWw906{AR<Ej3okm(q$Fq)s_U5blR4Br1M>9(Q|qyw}1tW
zdFTEXeC@{xU}*!xE4tB#0Tu3ssd?6l(*3A7qm5|ivfFMGtC`lBr2~+)x})cnigZM`
z(JG#|mQp!^x)Ri&UJDCFUTdR2oVIl@F$k&J2dg`~ZJ3$GeJ|5%DnFefk&+Jd)Uo=(
z&zT!_+_ry}ng6qGLHNk4DxITv7*qDeKQ_q%_xr&-vB>iyB?_<B5%)j{k+FS5z%`J~
zydmRb75XbA4T+s_OIbXAzt8w4&Gk43*E0Q7i2FNz<NktQI=K6W1Nyj&Eh?aroyPn5
z66)2?FqkTxgm#H6POh51!;~!vgm4*-PZO4#jDinKR+R6>-wfKe{E8kLJR?wx?YoE}
z#)VWLFBpJOsgpE$_{%s-QcW1?M?9pxeHk2&*~8xTgvx82wM+?K+br89v!;EXdEyr%
z&|_7Y5^YYpNnwMd=NXM(+Ziv91b4qyqst^W8<i`0jdr;Y>hY56=g*~~yEh(BXvJ$I
zkNQT$VtM2+G?vagP`>TKKtzejA&>vhE`YN7;BxDGcNEs+L_V{(8>?CA+*Ei-y+T6x
zFmJ82;sd;)`;Y<Z>kK5UA|Jl3B;%jm-ZN?_@ugy~P`@QFWmqq>w6rK><GrR$a{Un~
zcvA=?2wUO8pZZ<L!r@-8ZFTW}&u;Kb!1Sc)i<V!%Ds5l?W9H)+YmWk^Y@(cBg!S&M
zK;;Ch)Vh?87DYp{g);c=!`2SCjPt!AqE9;F!zQ`p5(py|2=1>edC@*8avVYXDy$PK
z#l-DTx)iOf5tC{H<(Id9wZGtk|D)mLV?9l{v!@PCtv}=x-d!@bHeP8RD;0eAU)p4d
zBaq{unN+&c#t~H=-0AZyM|_CM5zeQ~M?E{p{a9!RgUMRZw*Dz}uR~qk>C(-`?(nls
zgpm<e_lL^Vm~ckZ^|w$@+_by~OP9e)EwBgps1;ikBq)m>Ea}xRs&DdHUQon_7et4N
z&EsJJ;;oj5KU@RCAI`S&J8g04flsn6x)I;kT)TmE2VFW#hDw_6{hE8Zx1NR$KxmAw
zk<#pRubW`}v99js@OfSK6J9EPtw4a~!TMQiwbcCf37MR4(P0?!^{&Zh;WMHZubqd}
zw^%$bD--9+5*tR3+r^Gkouy00qvdaHkoh;ah3l3?9sxgZ599T?f(qi;xlM)Jhyp43
zty`57rLwcGLI!3&zlP?Oe{y@@p3l&`Vt6HavWMV~0$0^JNSgeoh2w2}IR{b0mQ%c=
zfo3o;)<YuV&5%wr>91n9@$IzYwkQwj=~1S|uVj{+^CJ3TEP|+{mk^-U+17Pofm1M;
zT18TYvw_M81&UcCvf0Ca4$}4QsXR-qgkI{&x54I?dq33_9+!E$9^MJEvD5vAnTvX*
zv|hmqKG_}mK5^5C{Bw9wSkq3svcMJO+t%p0&<U3xyOp7HwrxiE!>+ak1nMeJ-~bJ|
zn#b}O4$oU*`fFhlw%&>kwOgbv=`7I5V2*GvBKia0B)kq!pq~zxA_>;LF}md0+71)*
zf2-F|r$VK?=mIKAB914c+T{Thhzv-8hrjmQ;0s_N(50~T$p)lrKheAE5QJXlKAc9l
z>RU#9wa73zE^s~x{K(k~Jp%753>Ur?SsE`x`Y>(3$~k*avo`o?g$jCNcLA}$e6flx
zLzaM)cPv+}+)l8>7I$rnff(Bnnb;iPS@9aVi|R&Mf0x=K%HIVNKT5PhX_6k*ByJ+@
z7F176ZAHl;!%CBcKQoINjKXlD4MqjYtV=;&2)ftmwzwy{AERDYX#}G~+r0jFlHvZx
zq4n|b16(`LI%7W{+c2&#APRD%aJ06_cVJ#)yf<P9OC{qivFrP2T6Gik@$h9)`<2qG
z85sulKp5mdDTXPWW#=qHkDOp1`(OdNgT-eG&OlVPo1|{Qs4n%5c(C;nm-FVU=vK|;
zlOTrDvBG@m<P<Tr8$lXN(Ab6o8b9R=2hn4H$=ZecRM)GC&!9S3h1ZY=$kW61^66@8
zHBNAd<d#DMkE5AQkLCm$ERIeGTHrRI{sQ>fuFS-kx(g$S5kXY$Odhiwd;2}h;LR46
z^VGr9G8X~fr&W!Hste;*o8ZVry!z|A?Fjjn71Zycv(}dslqMK6oCwy_Lhlf#e)=TI
zfK+$Gj$0Z54;6t;FUIQ%=9egC{ug`i6kchtt&MilF*;VqR>w9wwr$&X#~s_Y?aXw?
zw%M_5%;cZF)?VxEz5l(>^|?5g-}jVj)TmM8eMi+jAI^ZALXwK2<Yf9O*C@3fw;w7|
z57cM%1CO(e-THMHZeCI&^wau<!m#qkO+lngRfPbme~#-XaM_qoGW>b|$xdPG7Sqgj
ztK0&UM^uJGOt*M?7I8~HQo1D#9zSa;Q=qNXdUKMCjS5{5=4I)*zkW9QEA|B7!iV)k
zn9(-HKYpv_eDDaUKah9e`?(i4N!o@8$4|`$!cmfq0@S}<OZkDl^46;1zQ1SdGuZO@
z4q<KHJk!4Dp=2}~DXJgf!g#I>`p(<!EeZJNOX#;tD80JxehFJ+p+vXigA4O`*h=Op
zr6w{>n0>wIOP&7Ng46MLpeD*|JM-(8T6rG2`s7-)FY(Z=V7>$jBEm?}d0m|?+#iRr
ztwXY|&>uB94V}3|D9JMKanU}0;IExcaVweLj4E@FP38;jrb0OKwRqhz-f!X_8M1_Z
zf(ZP3!2R1nRq#K43!P?=m}(7#3VnnA&1^-L1@y*;17od|U#l386Q9d$*A6_pONeZ2
z1svqZAEi508m}oR_Uw6_R~r5(Rbn=j!_N<(A^k9>w*`_+3prXe9tM<OkBMm1hRtUc
zMo*{`6UFVvOu=w{XE&jTOYbEH)hwG4(7g0i2o2EXF2G&Gr$%2|-9&TG8Ny2J!%cU_
z)D@1QL%K#8;nwpR41bf@a30L5ChcGfY5@M(R&EV_OvLYz80%{cNyvn<g}FW}w)F+@
zT}{jeW}DzR3ZJiUJ-dm^2rf~u-v(3#+rEU9;%Ridl!cwFvbyE4*bWq*8)hw7?p@?C
zY$1<aSVyTPF8VGIH@EnEFWgkG@t=<mlZY(w?<DiE_r<x3JbTk?i?IjvIQrTDIieeD
zEy2_KV@vB!H_rpTC;_tVFd&+mZS7E{(WoyU#(M}CJ+S^{6k@a2-)m+eH?sJYrLL1x
zp%r$N@6vAh>tYVUs^+K4f$?BM(Ev;mxW_e-yKS<noC{}<X8Nv5!d{u~-8F2)d><n5
zoc<oR{^7ToE`!CEEMDE(T2zN6<Rv@!bT++N4?y^nTf1lJXQ&y`hDt0QADvx22$?w+
zc?$=Z8&N3}O!rNz)z0+$Hz%v*>V~#Il3>qZRln9dnt$BPRzi)`*f}wUm*+u%wvJG-
zKbn3*ibC7U^=XVU2AiX!gB`Bc)!C}1IMfX2X)s&>o(Rs`JV6o)H6fHp(Z!Z(RRkU-
zRlkMRI<iYWt($K>!8k88$dTjK)moVj2r9{*%8`8o{#oh@T4E}Jf)*e~NA(X~S$kUz
zb3+tBrPQ!@@edJNcs4;qy;sqRqbwfHXv7`6<xiZf#q5Zt<>ufoP3FEYhRyC^w)_4m
zAB?ZpJ#BMnaF8BBc=^f0Gb@s+9OV22{C<{`l}Y@^)?ld*km+@NQS|bNFxMA`clqMj
zW$|L9XBf?@Bw6-$5MT4d^4nEWlCWS{H9?|o+n@>$39|S8!y)z$KaXG@0JhAfXR%c=
zP5{{=1*C{qzg6PHAwqnG088`96H@sMy2s?7DgR5he|-qfk$$>ZDp4<0Ao-Wl`B(X0
z;lM)JpfJARMkX6T|HozxMg)39=NC}R+Cqrw-@iWnvx1470CMwHt8C03+lT&7|FK3t
z1yYFpYKusQj{Mgt>t8j4v_2!mIP`bI3sRvyqbQF(+99kp0~rXBf44SJi~LiezBL8|
z74(1abUPZ6Z!I?XlU}B`bimDLu)l2=yd?v5<v{aN!Ro(v<=;jAO=y+<sZHM+pUDK2
z=U=V-`~Saw{Qsr>_aXWJ_P7N&Rv%7Vuy{OO85TC<Bm8%X`G?d^Bf~b?ZvluiAlbqG
z&bU=H$Vpnw)|7|+Z~xsV@PCQ_zr`W&Ko(@6R#f|Ykd|U1X8jK-{+9L6<bu%Pj4!It
z5=8&<T>U@N{$KL_k^i(_`<5;Q_wStlW5R$hpv6}4nG6{W{Qqhe*ni4;MfvGM{e7GW
z^1rXi|C$TbI?#p*h8q6qKWF~GKc3J&J<|G{#ex674GS1i-e)jld=o*CBK}{B%cFqE
z(c^WzmQ0RMh_oUTqj-48)?Mdb(WcF|RYBS5>>+#C4UDsmCH|~ag<$D*ZpmJhoCgn6
zMgi*0f({Yp|5h**=@qZH;aRSv)q<}05f!QiK^iZ8nY(zi65^}qexZOkWr-m!Pb81&
z(WzfGm8SzoCjzbG$+WJC9M&>X1}-~qT@5u_zzB4P)4A}<zvubCbRrN+NRY^3(Mo)w
z@y|qOG{t3`a)D}-5FE^rke@Cjc=!33-1=@i4Z#QgFy>eiws4~iZg7C$25P`et?L-B
z(|^~}|1rB6Y+$>)(j~8vMF>Am5)yW*pgA7<H)6_3cBMWX;r0D|&5I~m9zgG|UwJ!^
z`N3e2?%5bu^i&67!T`e($I2PQ&49K+NrHJ|e|0daPu%}1w>~gk2YVKzsG~~ZHfPy7
z>#whc=@GacLl|+CIi9vsDfCBlXjTZsXr0@sJE6GaO6B9`rUnyGEGXz;VA(Lk84Yqf
zL=X`F^U#1MULcSrSiIe7y|#)XHooy9Qr$(0Y|yWuCsv>8jPF+{-v|WRRD+YVbWZB7
zar`hK+Sj^Wu^<Y)xt5CBLrFtJDdZL{TvW|gua!eJnIT(3Cn-6zR2TF+xS<_V%8Aef
zBPDIs<;28Z=%l<N4hG$+JdTK4OzEBM5rv(AVak-o>fFS>*2ZVR*$RQNqHGY)21as~
zA0y+KCBa-?f+E-f-kLJgt%L^pi*yA|Ft`@(U>Y!-x+>Z%%7wn}Gx!VYr^iab9ufZk
zwptLRez94s-}URx1W%p}@46?5@Qlq%JNa$k^PDJ^e+z|4KY#am8|q#g6E7I8DhjEL
zt)^#E3MX9aT*{ad<Dum=9B?;ge`6)iW?7<1x9PfEtE7yr+l4VFqrXIdL?9l!Ya4!e
zjP-4~V`eiH9uoSEW4J*>_-69e6_FC3#b_tr01L0o2ig3qD?BtmA(xTN0wGX-FEMh(
ze~?xzDh+4-r$dC=MmjPoT3?Qk#c0L7@^Bwe8Z(-SyC5$e6Wx61k{>y#>K8=x=|R1R
zmV$W<8vAR%SLw2F7LDP)&0`OeYvkC0Nyrbg*Fut@jim048zlz_h&z%`()Pz8h^YV2
zjsL^k|GI+E33@xKFaBQa@m1B#+s{|*$c%i8mS6jQ<lu6M@F_E%^r6^&M+OT|{h@nD
zIV_>JCHLvGyJ_v{I$2L0-`}G~7stN)>$I$Uo1P}q{#5h$2T%UtQqv`dbW6d~YQ><T
zQKb?1o}zj%J0*c42)l4z&?k6av3V!%&8fJNQPOzUmt27VCOPEHhD8A#YODOvZ8Vbm
z4%o+Rc@o7W_#$nOL7uE)F&=a;1yJ`Xc`GbFMKWh<XDl~Bf<O=ksa&YvFjD_R&;GGI
z4L*Ty0JEs+aE@cK9}WHP_I~WeY4{A<JoeAHFN&|He{4#5djV^F#lP5e54@=44%T)_
zt`XPqGkV@-CnsKrcDD|FX0ZHjw}7K)PB3Ta;=g&eD>?of@8g|AP0XYQ@8i}$n}UAH
z7DzpaK=Eb&i^lVz?aMG{|A<`zJlpLjS|Th1vTJmhMbMO|Qrq*6zFRL(o|c8|Cd6;}
zVXxS7v(yJ>Y7e!=Z?qsj5d0a&8K6<l>NWtyIUP83>DS^)Q<%~}#~FJ**FoL@jK#1o
zH}G{C#tC!VsdvmID9`XqT9_RD8HGU5fCwr`_aR84x%_Vv4bm?VW-?BzmWjFO0)>%Z
z-B#&+%^`rY-M*dAr>|d@o0kv2F(I8Lxrzrp#$av7aXy06MNQgf@Wh4pu4QJgzr2vy
z9f{JP-=AlTXNENm)UO<(YSvyn-^YJGJI2eV=t#ZWq}56gBkOkFk9pFS$Dmi(-Dnhm
zJ(<Z#&rFV6Xj*Y)*hH4dB(?V$Z71aj!hC^*d^JoQXDN($MpQ5{u*e&$OcM6mqY?Lh
zXcwtW>jNs@25nT8ky2t!MgAW0n(UEz@%dTsWrM3f`&S_P%U1ZG?%x|n^Y3WyE|Dy{
zPCq$irl^FvE#Z&nK<WUB2xMg<enL_CU$-$gn7yIP@nY6X{by=-er3EB>z(;?x)G+j
z1ssm>a@qZsDw}qyC853+&nDgD8Mhzs`^MwX<Rt-8R|Ax2np?COa}Bqz-c%E1Z(=D8
zA86;1T37WK0Ckg;H@01GQya1<EQQY=V@vv@MFq4+pdNltp3T#yAQtAjj@tLg(Oi6#
z%I0wNxf~bep~-T%8OM+KhJ(WFwlV&qH^M@Zy;Uf!m7O_~Z7IZ$j|T?U{TC|ho)HrM
zPxiro>Dl~OFsqh;iXe0^*2?bEvaSNrNm@%9WH%?T2)k{?f`zb;aXiLxoOEq(5>ek|
z0mp?G!gX%3FE<w#i-721)O7a@-k!v99Y>VH73MY$CTul7Z#tLP0;B;CZWUu?XS8Q!
zn3a1NH)SRwHN_~ti?iKIBMr++MZ<^0)_ueB)7BegcD<qMiX*6re&!orqiBYZ3Ad}V
z=gyY+KI2?f72<wPzH#@u*aTv5WoK#{@<FUq?gVvW0Zs_;uONIzm6TwDQd((OzQ`Cw
zd&}^17VCslfo3$=WaQ<0!V`xdt;w44@Fy&<u5Pe-E0uW1<0af;h9dB=nfJY~Ay9Ss
z6~f!eNi?5jLdIDcD<*|?@X^YKWxLb0Lm{d=y^r3yCGj(dNjobN*8Lmc#;$5p;7nEr
z-(@Lrr3uP~RMf%0tD`XhD_@MT;6lLB;>)6|e`GiQAV0)PsOiAi8)crPcni^=(|+wb
zJe7LySBg=TC~)!kSf82Sp~=s)?RoS@MGWeJB2Sj3+tKus(-RU(Z-av!*KTgMG+xs>
zZf)0zr~L_^!#n9I)dB`z*%EVZ%R0sq@l&amH;%|zoZ(T8yEWQ8R{2uEFXolX-JWv8
z$<WF8!Kb=-|2hvA%*u3sy2RERExX$ECh7e7V6tdF3?nh6b4e&xw7`fAp|DSMxc16t
z4OKXyG?u0DHg~s}8@YF4YGo!ReKw|ED771q1-rp!Z``4=oMiH}*Z^oQ6ggGx)w*5X
zv!<g%;)Bw}l5HJgl#wr<Hy|!3M>9}Q^^&WBxPQah&LL~jX}#K4k$4vXhWP0bv+2wm
z4lWVgme(GmywCx2{9pK#Ha)a1V?=y?q3(_(cyOY_HQ~c2CRGg;=rE!W)7eyajex^b
zKT=DbWWwB{<l4K30c^se&le`U5q93E6^W*^O4<9>oohX!?N6DP<{S+JIe7BdR~=57
z!^vo0GC05-dQS8|l07+sP$MiAxIyM$FjHdaQLX$(QgZA&-h`HtI8fqwqHT|8XCZFo
z-mm)#osq32|LxCNNTBFcnQ31x1|FQ+wUx9qGp8;tM1L#g_@+ESnXMDxoZl-Wh(V5Y
zVP>pO;RG@yiw;6{am9{HS$1au@~x!}w-d@zS2||`6CZ7jvp*Gq4FM{wfel&qZUn=N
zU_;P}OA~kpWk2$?P$U=k%Yv1kT*jDd6N_F|xx{RZUV=I44#L>T+pHU2{1m2YFvEMG
zY`ItuZcT9x7wNa$I)bq&eyvpXQcl6(91KPn20fS0{7e}-jFU%^!P`WFPvdYGMw+-#
zl(c#)!oaG#+B2=s-&kIm=G031VcLo%`mJ58U)$IJkGGER8+*>8+JXKSz@pme7z!zu
z?NM2Olfl{JV3IC_zpCvxz3z+GyC&$eJxeh?PXSv^n>f4VflfN&yQB4*_8CeHZZzvs
zFkDRWwv%^?4yde%o5i|lYEtW2rY`GtsDFrxk#67Wo+aHKwiHG{hDoepT8<PBW<Tp^
zaCZj9O{Mv@A6JQL2k(VfWd$+6&uQMI5|(ASp_A=Tn#^Bku3Ro!?-nu>=B^2aQx2D=
z2n_7C(zAsS6TUy$QcT(AeRZ$kW^+3cYlYDmLdR7o{eh;hsw;yZ;o`d75Rt8Q@~#~y
z3juOakb<vv>#`|rHKDQiimD6w#tv0sNnZ{77_pRec4VymlDRBsU)XD?1!Eigy`n{_
z@P69ReOH}f3za3)i1z4F6FKA$-O&E%9V7Y!c5}74EivH|LpwDkJ8+9`i^`HQlpRq-
zCa&8K^4akf3zr^PnOXIf+H5bIWlfTHs7!KH489y7w;Dt+Fr@#vvLXU9M`wfGWYP^}
zC()Z;x17TRv2s-L(9`|79A=G7FUjN_-mXpn@N!h6W7ne}juTuo!iU>QJI?X&l3TRG
zHuodP^B%wEv_`r`fRxoLnjMYe90)lw^aS}#BJGL1&Z*Kr?+nOm1Ndi!<RuM5M~h^N
zf?+K-Z|$UEHkP^XML^X~7E_(}2FKwn9hEXotdOXXPHK2gtfsM_W-NPdHtQ6w&g9?I
z+*E7Y-ZWu)A$)(^bDTS6LYPx74~C4F&HV)=q@U4K=}hU@Hb)bGL@HN;U)4?HquIaR
z#@hQ(av;MY6nH|!j4h8o+$*E9lrcF-K$3@W%|7hMN58fCb0+KFKiof9Pn#?lizE?+
zzE$3+S&6W>k6LM2zI^9Bh=o1JKaYxd+gCA+D6V?dq|=NU4hil9bLH9kOPpaC94rSS
zis!j~9QYVgk*Y9Al7ycl^FfBY26WBI5b9EcG06q`sVvg!h8(qY5RQTSeEvW>oOsnW
zsa~#BvpjCT>`XijHi~HF>+t6(X-$MNEy{X`@D?obJZPrV?8s|fy>k%u2k#xQ=6H!L
zvVl*?qmh&xDWokupeRz%^4Dr5owg6`-qcKM9V|4z#<t<<28gR=+u9zfWGnZ@(6yts
zyz$x=%yTh21-0IuPBGh`ZFT%`8ctb%vK!NU)ckRtW)$w9)yRZ9!{93bla4dp`lF8Q
zc74&l#RTw+xwhnd)2aOMn*aviTjSgO#!t*aG~+l=8+o~!SDM=eHSoJ6KacHr%+3W5
ztyhn8tZNv>!hn!%L*=&)PB_Kug=Kp+eaepC>P|@h&MhBH%wIF2w=+9sGX1Jdj??2}
zyvSme%YT=4zW^R{tfgVSnG(IojP~p*`z~cRZDBEVH_#oKbD19yrydWWdv>W3_&a<!
zNmB5zO_I<6*RzB_foZd4Yo}A`vl@-;C6g5tU#B`#?rZV!wQIqTG8QQGt@DR0F!@3Q
zy=X#8;KC+C1Ro;$Ejp?Ol|x-9f|Sfy1LtQ;!(uBat195ULe;bygk{EQ46N)zgHz<_
zbDr#vB$}jd?yQ8P<c+|}0Y}0uZH+&Zv4mT%9XCa~_L6SiKI24W4(3obU=|)rA3$@K
zkEYKTkM%$p*#%CH(&U&ZJ`n8<ABOqEOTUDfS+3$=YlPS{NqQ4(74_6M-?{8{<hU|n
zngj#{!X8~UF8|^R;wH*V2>3-xH7>G`6U@BBP9%CaY#a(TbyKHE3OVB{@n@?Dr89iR
z6K0E+Ad=!^xY{DDiTIJ_5v#^q0*9B4(dG7aFBZ4U<7l`Jt~FPta5&!C|HDmuwzF}P
z^aA}S($EQv1U_E2Ejpz~v#W!PtH3Tk&)yiRD0kuM5+Q%9eXQ>Di;Zwt{&j@Ny<|DR
zEJ%uSwfp!IALceolU$W*+kzqG_8^VSUoVVub8_bT)XY&EV}WglcSXPRQ;O2|HY4n@
zKaR6Z>%r!sk6Wrgu<+N+W}eDU8DO8Idt`3l3-=sbom@{(o}&D32@cKB-j)3T>bw<9
zHr6z9Vo!S4Ea3<Ikxg;0v9-+!^S9zSTc;J(-fyc)v3y?&G0&aWxs#pH3AUUaH~$b#
zpnX$dznbVSsWKryoOqLjVuD25d=sHSs4ouc`na`~h5@2=zcD9I<XuarL>IoEs~HRQ
z%uh^S{`~PYU%3=(D)FYn_OSNGHHKAfW-FtoJ}0oFJ@#fD=6;&|L$C3#HF1YMQTW%A
zAYW40&Kp5d;4o^ulgm=JA=cFy0s!WBYuk5^Qf7a6JoKD2Z5;2wOtO|F?G>x)KTxJ@
z3csd)gL7l51|5+xUEv91a8SIc(g5nH3B79FL1wx>SEe5>J4;yGuo!8~&ea&_@3$kX
z@3t^ZD=Gdr3UV~<y$j|qU9&0FB*O0WrRV@2!Rx^H;}MbedF!)S-ZS*<#;-Z#kc$BD
zW1-%boBgm0Jh*-I#BuglogEr(e`%CmKnbY<G{i~Pr>Vnq?$+9P6A7<WvVHjm=8KZ8
zu5`a!JG&Yu^GM?)(tY@{3V}r4vC+|A+}HYQc7g1OH!s7ax{HlU@lj~1#FJAUxnfDD
z?*il=ju`LS-wiKxwM4|!?C2TDpQ*KZ6zvc3UeDlFS%&EKrMQRD*5`Ta(VFuPlDOGV
zu+=2)wk7vSw!gViPxg49G86>OvNTAgmCs2k(?~fTv6t6h&`80R(E!qOLTM$mGd*86
z)Q7^cio&g)P2{9LXmaMhSC&yg`Hy7O_{2*)5w3ULFX?vqVNsK!DJw~cIXK`13GQc)
z-TmB8;ag+|sMDAye!0A`l$@x$)`$Iwh*QZ#s&|4QJE<Z4N#AE48Ll7f;jJbXO;r@*
zFt+4!u3EuKTRxu@q$qtsJ9g8^GOJ`?x-mBFqa{YEoUA2D>3&Zf!5OO(bZ;U+Km8=c
zN8;2ad*Jb^r&piWEaslMLgtE#yw&p-JnDFJgOhZb%=F7^ey81InrSmiYHpY|6UJP>
zL+}jQYnv<ip<8K4g45#*>Bo++6+iw@b*0fxr&}qCeQ#4zR|NF)%*Ob;FNqf%a;^Es
zUYm<>#~ct09rC6=wJvHo`5%QAM`>)ByV>5+8jj~X6TGi(U*h#n&WcXvFlwys4L5De
zzunJUDrMg_2Y5zZCeJdQ9m%`ni*cDYoJzVLym2|-&o@Ooy0ZOXywp0-=jqaBfcBQP
zPHb(SHfH@n(5JwMQJODY2aC$6>IAbhz~Z+7Q0lKr4H@&XStT08f7bdi@Q&<FD%Mtl
z+XuYVj`O^59eWS3bhx!pDyPjIqsHLL8Tzy%^uKj-^|y+TAE5FlVCp??xMMl(vzk+q
zkArX!nC4qoLmNY-n=N&utb37?x2aR@`Yl-s%;evhD@mJ^aNM-46ViW>vBg*<IdK~A
z8H_xTJCirLSdA!kZ<t8mve^JhrpiK}VCD$|LwRYcAEayzCd|sNl+I?}DNW>~O`!he
zb~-C?QiHb5ksq{+h*a`Z4UtOhkmZ+qYAmup7?dvvoBp?ttgGFuQ-JWp@$%s&{v^f;
zklAhNM1S7J+4H`ewj$79mPo!kgn+mYV5^{d+wDZ`nH=7Em>k}iyf1~k%s5%}FV~rY
zF~4^^yzn-M=C%fcgLE@-CP93OW~n%$`pnjCaZ%=5@dW$}C0b2u?4W;(J@z4if~&c(
z1j2wqJx#9uW9E}FsvM~+UCc+CXGr)wi_hg|sO!_KZx@ZX*ZBIR81saQr|O%rH6_R~
zb`ovT`%>FA_sD%dnv&S!?Ax|&Y<_)yWO@zf`sj8@;C&dozv)fWn1ETs-=gKXkH^~L
zUdxsneIV7KY0^K#F$`49ZI)W*WyQw|Y;;6ctXEd6&J_;5%G9{zIpsl7CekVy`rgvx
zf7V!>YAi7&F(mY!o5hp=%0|M39N3x4OikJ<^Pp~}TN`5casr%nB4b3WUl^gLg0M~u
zfMwdPn62uJMI{wj_e46Zv~vA&eSLK;?W{MDlg9^ZU8ZR7;lyV}rSlk&yhh<NZNOL$
zF&fEsy{CRvmDUXWWse!Fh@D$mmDp@`Jy<=tWGrG-TlaN1Ky~kCzps-9urK~x{;FoP
zo<P0Sr`--+g+rUw!%5KjrFr#RuJi_hDxXY2XoD1f*J>v90iB>sYX5s1W~uIwKzIZS
zj<T4GdJ@Ma`q7mUTMbWFou*%VEnTs~pXJt0c{4UXY_;&5O}U<$OwxP5@mabePv?|c
zUphM}6`HMFZZ8e#o&rnL{5zuW2!LYto&A6>h5Glyy8dcWw(~i)IR#x|Plvy0XHzb2
z=si5E8%PgG1}40p5^QtbC?>D$q>tWL1gMj@S;Ux(i&uEZ1(tDmV0uQ7Gg=d#-BtE~
z-u)Rr2(nrqG^xn=9_~(es>tJ`U5nroZLN$1GF#%V)d`hc_iyZ^?-z})F3aZ=16X8J
zel<G6t9dt0%_me;`Hv+m=gOIsyHDiujq5$I47O}7tFBSi3M*b(>ihDysn^+yqtNuE
zJ8>O-JOAl$&Jp|qwbg%7t$IZB>~W6(Uwd`Q_G=gM?22wgZVk<yC-k8#Los)+6CiNY
z*H4Iqnx2A`1zZ5R27d!4OH?6CA973xDNADrM?7h2gsN4{n~-$7h%M^;50_}AKDg4a
zUcm>~{;W=IsXr`#Z%k|O(sjG!sEWJp+!a|*YS?EKQeG4%ymHV!xZDuC+M002`jM~#
zx>ZwpsDp|e#3EN%f-u2y);(NTxjBuT1|&wjs-Ty?jFAfXKR<q8)PAKE{vrYme~?Q~
zfLDswfpP6>4|#pICoobUJlxz0eeUh+=R4R>SctI~-ghI<?(fe}>tSD);h1NGD(U93
ztahM^u}a8hA3)`d;;kl2gf)_5M@#r-gjxJYoG77q-?UA3Y<gdLTD!BLBe7U*^8As9
zV@<w>W|K#6@iz^8ekoHwl{Bf38SqR#sWe~6hx+*2R{0t(Rl39Lg@Cv9A*1;slX|*0
zM`*pX{*3^NU4s^tuS4QhH_80U4;{m7gww&g3UFl(no|5g6XE2K<<)YkeDV3{^lq6D
z6FsrlxbMIU8Y=HL@Sd&bO5jq-ex-#t`+Hr8PrDSd+VU52eZD(!$!ooI!gSQK@%MIR
z5~hrW1rDO+>WSaFaK~4TO{+mkD&2y2;MOV6{**p#33d+}-)V)c^_C<;4Po~5$qvv5
z2U_pQd$xZ6NXkV|QTa1efN5rHb0&I_LgHHKOp}aDf*?tB$b1~tM^nuW5aQaExF6_<
z5=lYUqkn1rM#>;?p!Hitaxnhg*$9K=+EDT0d0O(2x|H~^DnV|rB7}v6)5xaI!_y?#
zVK>lywb71~Y=jF3836yPfzh(l)R#D$#u?4dB7EOeE81={sbnlq2~Un2OrjsGG;Hw_
z#^P2ryTo5JogxK0zTtbOAPg2GKlV*<qim)?cuG<+2X96kmPH`Sb38%;KgomuR+6Y+
z)b{|=#TWRbh5^hxNy^dyEW&;NqH>Zj_FD7(?&^TC-QPl=-Sc8UQ%(vXESHi+w6*T&
zycCN;DNi%3EU)@yKjiW5Tq7md@%|)tCH8uOxX$kMWM_Y|zIt$tCzIo{B`G&4cxxMn
z`0RzUwC<P4@J~3YYu?7;br8oRx;Vs>R=c{^E#mCixg?rh0@oOf_2;Kct;Iq&j~2bq
zP9dvAd+i{CLYzBnsMGSa61Z0iQ9+VdDn`22G~h<5hHxP8nLPK4LYBpX;buty&)k=x
zxY^7py#aqGSnUpd82_IUj%oE3OK;Cfg7>MEe&UpAEaQI9dl7d&<#b&}Dg08g9l~7X
zi#cuKAK27RTkTV;hPL}gRxS$sv=_tQAQ5BuYKEi4<@h!fci5DQd}MF<@H}kemZR_0
z#%8(4*Y1S~cDbHGAvOWp#|??1!#8gwFq6DaXR*qj)X${0`X-~&eJIG&(E;^#MnuIa
zpB6+=N+B1aDUfbl8_KE1-^m}2z^%qDAN2d&TI9dn-gxw2alhgcyB+o-I@&*5=6`fP
z(fXZ{5uo%CM3i<9YX1c)W=s$W0(-o76!bZG`V~7bhr#q8-B1Wla&7zF)x$m*b3Myl
z{q}hqF8$g~Oj>2q{ga1BR7|{RFJe_i<Cfo-vfVyNuFn<HFEL{G?g=+u5$7sO)vvsZ
zq@R=O4nC4s1nL1x{C4=MF=zWG##)LA-qhRUdoB%2m2y0OJ>c>(g>v$KvjEt6a~L;%
z6uzV-<8A4PurAvv0$_^($$F~iV;fqWfTX{K1}&>t!bwukENyQ`{o<Bv$p$E-mZ^5%
z#Y}?Aa(lSY4TjVNx7|QR9)+d@{o@wG36-$_N$)TU?>Zv4v7GaD{-Q9k{4sK+Cz}C}
zdmKvtReo1}v*;_qj2GpLCpRD_=TJ|!i*XzC*q~xEocq?}7WpEY-5bRh-rn8lE1-Ey
z)<qCk6aykZlkz==0yh%`r<8puA)kWu^8nmxC#hTnBqu#W5q=HhT)A_vzd9N|{Th!!
z7<NZSL@$wFgTmw9IXi!Z=y<lKEA_f&XUD^jbX@h$oyY?I<q1vU`c|C8&jq-bfpMM0
zJQE<_UF~tIdfg}UBc@@k(FCBr4GoqE{?eXTk<f$&oto2ANSxiFyeRkiAmpXJ34^cQ
zi_GefYjo&ERpy50OjuCWJ$1~dwiijb1mcOaU}q?G7qFEe)wN~;k@<Zo?X!3I30eki
zCweX!ez8xj(k^|Ib4wIH-CD0!viW#_P)$?mv&ms0Dj1VU#Nzq&>hV)N#Opy<%fxx0
z`n1x_VAIKT-|Aw{Z5ddX7?<*o1A0BCzNKf^uDivFHhXhCPZ?8AXM_tD*X6rmUCm0l
zs-#5f0gHK3&#do!7#qCJhELRXtGiEvRsxKEx@|%3IoC@0{wuj8U296efmS<@v(m3%
zwOFNMwHhUi7TwveJk|$tPDz&>Dtnaz<|0i@^wkH*2fAa^#zaR<SIPN1qx%~vC*?y_
zbCg>L(>Q`Su;9YG>{de9kIk)jk4HzBr*j)2o;2#nEuPl$QGG`n0x?QHWE^YAth_!&
z9Ip<MbLpHh^jmxX^di2cDA}FvF8hu2JAT$Nd6Z84Quw~PNNo0M_#&x5Vdweh)={XN
zXOskn5FE%CTORP#BI$@Wtw*7Z0(v@=9}Z4$Yy0D%x}Yb(WM_gs7y;=ql>^XMmPt%L
zx6_cAHUce5r}tf~g0=N(75k8p`(bEGes4I7CD>}$(y!YritsmZXK@}1iwh}N*^=uv
zu(tT73puJBM5ca0Q|KbNTbdtNUi}BW<!yPkHle@e{;Otyf6wWJ`Y>i4=H|wyTffU!
ziKzZ!vk|Q|$K&DPuH$2~C_8HKqAx4_>xg`$xmb0J^cId#>`Rh5kLgCdfvbr4K&yH1
zxp`OX;z;Jf?3`<%nxD{bKR7m3*Td0#fik9A53LIrGsDWLeo|;l$;R7EOy)V`);@TO
z7=rO{l0|t^?~JtRe(4-;3cutH$Bj#Ye=$6_RlEg(bdQIMUwy<2wyN$2wxnKSUF0&#
zOy{5UrQY_mU83s*l0@g#72)*0B;>4iotUAz@%04x)&^@9<GA;SUl$$fbcyoGY9Se{
zyYk}Pl;M-On`M4wc5D>5XBx<qQ#_}os5LB^Wa0<h(E7h5mjlgd*VKb;@>UlTd!>Rm
zYIoM*n|=^vud%ulZTLjM-AJxaQ^#OOJb+L|oyXIK2_E(M=Zjc4M>7P4)j7x!_Ngd}
z102El!2Ce^yJ#*ExmAzHGx;E|CUZaXrg`Ak?TVS)fVeChg45AXBaU-8bxMqPKE4e)
zpX+DY_|Gu*Y&M}321&P;SDZCUA>U8*J^UWVWX^;tH_jD%?M6d_#aHc?ue)pMlJWJx
zY$SUOVMW6C&pd7HA-_fBOs7j3a5&v;KhV7mgWkdh@&NVs9=SbtW+J*vsbS0eT6s9U
zl(|}59nMzAe21#SNk4{2dtT7k>KRM@-D#H<9PGsIRB39KUV+KkjWob~+YT?1I}M>k
zf-sInF-2*EiQg=<3CGXRJD@jvR<uqP*IJSxWmbateu$;Rla|t2!0ETKg=^W$YzGgD
zWIHdF6)(!AU|77E^-(?gC@B2SX$z@osQ(3?T3<+dQyE+~I-1z=6=wITnH<f_;+59(
z6`Z1+YOSzoE->HUZn=J7DFxrYhFhPViD44T-na@!mgiS(3fDJ}g)fxZaza0rN+uVD
zWAinHWUGg!OG}kZz=vd00`hJL+f;F_m3Z^}UK7owDAkkEF;l`LW*AEj)JSlx58|cd
zn*Vx<sisB}ZW3mVlr%uzKpLx+jBA!rSW?B*>1SPGSi`DxpBA=Or-u3zERq;Jpt&?K
zx$qbpZOCz!vz_p{%Hn(duf_9jzWPgBti#kKwH*xcx@%h%e><wHt6UdJCM?$sTc9xi
z2T!nR&`-<!goxcg$FskyxZuDVAJuE(Y5IQ?BQxTGo#_TuA3%&J^qBe7Mm6Z6mD*t`
zVA(%=8TpMYg~m7*$cYhj^x{wC#QUU2=6;<Iy9?O=ivSxv)V`@~|MV87YsOP>9gG&1
zl6ugmVIC+{qeKR%TlH;fFFw+s?FKs)P+sJRQWZ>oei%s+9p4o3Gl(JYc{*bme3U9>
zIcB7%En^dp$jIXY?y;=OKZNj;pMYY>FNjJhcOihPkWObJp2hoeq=2NS(ah&39tExo
z88hEdO|0;8t(9uteIZ!it4o2~as_jwgSpTQ78P}#Dlib}sv-TVS3ax;1Rf!I>%K;t
z_|(o*ujRj+WhFWN20_$=d)yYw?6EDhe5-a2`PmH`9e0--{6%wJ?mb9B8zxh8PLZ6@
z7<a9M%OjJvm&_5mitzj?&w7qs7fazX5nwP5>nyuo-lgM&-p21`ZJTG0Gy9*-2bdPd
zN3epL1p_pSavE_k4tc2$@Rp>mt~Vi8H;x5tA$Prtog0og4-CTBEB)vwy0{r5ue+5J
zdg+aiLINsSZjJ(jpC!GI=uOvC^=AO;Vzq}wo`HkWPwM(J=fT^CYmMbQ65R*&x92+%
zoaxL?^qdr<g0BsyYb5k&No!x8r2JeNa&V5!Z5_9j+mmVbn7iH1!LFI5Qe}JAU1w}8
z(o6jtImGXTJob)1zbd2pb9WnSs^|}%+9kd8R8wc!gj|q*aQMv*5z4*XWfQPxd0+@N
z+eRdq@>RlkKHztoZl`KvPNpxl;un^A9PD9#aZr6e8CWr}jbds_zg$>s&};6)D*0`t
zEb!MI4#gL0b7G(EMFWt<-U|#6G%>#1yQ6rwE*yNMF(zX*4qj`nR|G-+#jx9MNoL8Q
zDDXN8FlFa8_6JTZ8>HLDe2SB!rf+CfYRv+xpV9;1i1HY~uxE=Ixa>M6`Ln1CR?w=&
zLRRD{hV1ovlEXr|TF<zM(BmuF_cuBenIk1{?skaZnyKFtCK3F}<j87__`}5>atdxD
zQMtB~%LSK5j>$<<*sA#7%nv?YR4BmU%SmO$#bNcO#f`^gnHudqs+OjRO_h-VBL-{Q
z^?PV<Bh-Ll_=9_9IO~Zl3aOHpoNe+wZGDpC`J>&Z!xG05AuOsG<dE+6x><5xB2_pk
z-8EdzaY-BfcMQ@EtC01jeD<$-x^r@L-S;;JS+MmwR8bE?HsX>!%aioI9}oL3ZTUOk
z<X>M8`(Th5Y*Zd5aFZ;@LOti$7nAZ|Rt<@XSY7MZIlgAGSY*6mk?c{QJ^t|!o~XX|
zX#BAk5mCAL@n@0ADbC%!^}$v&Ww>i@?>W0|wNBgrWz<_V>TW`0TQuIf1H?rr8A2ap
zJ@$$oR+^9cR1A%z_S=9AX3F*hmgS|hGc2~}l7Hq!MYxFD_EG<1Qi%x&IrIhQ<ohqJ
zz3Ca9QGEKlraZ>Z$cJ7)f-5WIUZ{;vnVzPFq>5^mxa=*7EA}}lZp=`L)gj>@Y)~r7
zhI%V-Ti`2gWu3tya^XgdDx~_bd}(}>bU<rE+xgMsRybuTy=tQ5kLXE(PDji6XP;Gm
zBZEtD??nw#JMzYQD8!_VcQ2HjGA#e3O-iqlFtr7FyAQY8Wr-Oq9deYGi=Bmto@Ue5
z(op(#F?pQeD*W}&-8wS;>Gg;9eB`pvyGNly>AAXkTxnmKZT_q`r?jX+^vg@htZ{|+
zKdZ%Oro6Tk;}@i~)bt&kxmofhW&|!hwc0a;yu8f(7<FwDG1e|{`6CBzt`Sngu>SQ(
z*4wGOYwKjm{m`3M&Jd*#tJJM1Dr3LWCxVInXokYGg^7Z4xsoieKIOg)KRMkZd`~kI
z3Sb6W3}5)5?EKg+%UPQY|3=6CrCLWvgQ(Yt3dY9Vb)V_?nj+4wkrj7tpLtedX%y_0
zg$~pGg0Oec?r%Piqyv%;Ss6^3@4-CG313(q4yVFd`%_La0a<V(A433jqcPgOw%M{W
z9nhIY98b>gjF!WZl3es-DqMT4O4Huc_jSl^J+XM;c-~N2J!HGJN#&;;3SF_}e1Fw?
zu+(;BFEq#8oZWl2Coyn~P<kE-F+pDA<q*>A6GKj%(EeVX5A}8O&_mN1f9F1vkzV+T
z|COLIFT~S`tkaIV$?;s@+A1}QX?KDXb@bi1+J@{1@e)ZR-eS7vawU$4Y;&LCex;on
z(Hlx+{c3$p6nGepzW2Dk(@*ZVe=;GMZK8Br|4D=x<^+uS>$Y$}O?3oBp|Lw;!mS0u
zwAnx505cv4pFJ5zxs15=NVCw{NPkf!5b+kJ-ghh2(|NyL8eKvH6C?7&!)D=r14n-`
zuj`%E86JwMe}~3iWbkv@cj%84?X@>eLaRU1nLQ9nnj3ZSWXXt>Y8cLIGOdlF33JJG
zhePky(e1^5m@HCVeeJNqnHDcX{`o<U25>pDC@nZEi>{@#vbk6)SQ7`tM0F2-ieK%)
z?V*?Po1LN=g&zsW_F>@1YG;Jp&Mb7eet=0|Q(t6)O<!0ps~Skf@@vf3`ra(1kMDON
z&Hz|^ueYOC_A%VMiSFy1rQ802^WA*O55+YdJN(&d)qUvQFB31t`p-I|oH9qqf$w3}
zWu@3Wxr^VQTIHPx4#b4@Hz$+Idp}Xy*?c-CO*NFhtiQY}>vOc0`paXS)CfPGeK+FS
zKYrhR*2uQl2bW>J$-%kjnYUIIM@6I|wpLlM*x>m>g@LRC1V5;aWW8y`kk0-YN0fIB
zI=h|CJi)6jk=H46804fof90vB$_$5W8$Ms_ube*|$HDq2Fmj7N7lEX4{*WvXUVYy(
z8w?+T*e5(#I^T2^y2x}&Hvoan<@cwK^Y7%1>98`Efup@PyeEmvXLRM=v;JVcA{|XO
z&(P|=w(Pd0mk&u-dz2lodiCBfCc>D-ucThWPy<;{N;|aj2aj4GhV$XsC%cyN4&xg=
z!-2YVTP~Oxu8-sba<zUQVP(V6j>mh&dq=;$Dy@4JoX;IJEi!nQBsv?{ikuamOORTr
zV}z?Wld|}2fOd^}`&dq}SpM(Dgkp+~^b)$=5bc_pAJhKr9QLSlyF1lK2iakonmFm)
z-pkMxo|gGzY{CZ;AC<&lY76~-7dB~#PY5N46B6yo`FAxxl7j-?A;>DkaWYzOaR_^k
zbfqq7HN`KIk8?u~k`j6mMrR&w5Sw$9^B({)ll>#3I?irSReO#VF~*k76;{~b&!8#4
zAsBjm5qjF8UBmFHeOd#f8|2^i8LauPvT#g!*y5Wk2}twd`lYH62V_iq8S~EaA`Lq$
zjAEX%GvDXyN>!JMtyU`zjYu>o%`cIiS*=*RUOL9zX@dmCh9|2S@_9^}d4a<PPwI@!
z7Nv3zak!s<J^dbpJtS+IrB1Xs0lu+{Dz5%3FD8qW`{-C83y!bDO<uWk&Lu`6Phkwo
z&bX<5!l6`~?zRdafQP7)=~JtD#H6C4p?u2J_Pt6`en1t%kO&mg#5iVNer3RV;uLr-
z7=Q%kcJ(z^l!#WIh#?hwxxmQS3ulG8)9;#&0eS~4xtJpn{&U#MUM{bqT+Phe!KXn;
zvz?=NVkw^RIT#R?;=q)qT<z*L4Q@m$Q6+PEZi<~5h|20V4J{DTtcBcUi-Dre@35bL
zgJ_HqilcUbk5OF+<y5erSPDgp$iU|4avnAd!%){zkWb@gCa-znlz*dKxd@4xNQRu*
zxtkgPV}pCGXLE26YAP^$qUuaETlMYZZBT8s+?=<*v~frCCXIm{aHCQZ)9sztw#(T?
zf4sf=&Oo2QucoihG2R%B>vz&um_3^4OzS(QY&;C1k8u9GU@;SP^;*6S%e=oC_k+3S
z3ev@<WKY@+=w6K1vbVpa5095W>P``+ZQ&DC6P{XMF;t!iyH33E<{T9q#L{+Ddf*c7
zh_~_8*a{TGtVNr9zYb`5ahEfPzGq<OAFleYu#NV#Q>6GCl8OH=uqM=Zp$UnaBcezR
z{Ro_1nM29$eV<l;m!GJl2_8+;jB2h}I$$C~hgoyWcVZpI+T{szYNQ>b)W5Zus3L|*
zGW~`WQ<T!td(gFwQ)ea@_m-zVDE0H<2fm)p*zeN?eg@^^4|IW2QSFr$gW0QP0q-nH
z=^iH<hgs_9q$UQ}^Bpcuz<#H+oZN9#-1D@p^_J3ehs6Bitj_3?)(c<IJeS~rgY>N-
z3zWZzY?Pq3*`M|Ov9&)jO3ZLG1_zzUu8YT;DH@1MVKL_u%cPnC#|%;ZQ;ywK`bJG;
zQ|u!>(Iel2kYxoQwGK3Sd|+>DWk2gTP8(a4HI&R455sBn<w%vl2n*&pqA^+?dK>PX
zE>{~$^NRLCL1a*a2yb8WcF@AxA-Nm<IMj9%zYSXMTTF=p*jf8gZ2f|f+;d0p9^}3@
zqXMx%_?a0BlN_HVuEj6-N3E`9gfWcH5SZCb7h8;yNY%IE1wv46o#<ayeHTz?Wm6uP
zvUWE!+m-tx?fuzLIcOp-^N;{{)?*Z@kVR&0^Fo$`_)JRJxYAkFvK!T&2Z0sP0*rtq
zy2euRyS#fQO@q?L)#|$g+1}fq9LDPMxHLs~x&IKe(ArLWEId-PFbVn2SG!xefKQ(U
zKS_!TspLIj<KQgb%64%$o}ot87}i?%=34e?qhUmvUm_lDh9bm$+!>cipAX-ZS(XLq
z(as^j(q-%LUT;muTO{utF9c)fidNiX>JDQfDfz`K%w@3^Ep30DiOX1`4lMMSwnUgo
z$lVyOxN}kWk~4>|al_`UeG_aefuLDHNF~4LZ;$Nu_TeZ;?hI+T&J3BYEH@R}9KA(K
zTIa7?8~@yKU}GnD__Pyy)=;;U>?9))KkmnvUpe^_KemO{`=S@(j9G<vWqRpCgJ9%i
zG?4mEeSab3$48WiTB`RuSx_anlO?Aq?1KX3R@T^ZZ8PDeOX#~)Jzz0|1$I9Pjt)KS
z`;y#+Q~KhI(EI)`$;_)?cO08Qt2K0t#B+X(Icv<9huL{X37+RBa-mnhf>i3K3f9r~
z$GY{-%mnC^WAdvwx8#N235Js=ixkhTOzfmES2d<iQf|!2cA&!v)5mI6wl#>^r8&XY
zOwi}RmmGxx3RNkjFxbrh`12*Y1Hyn8xr_@WOp95>IcxV$Qrn##b_&nue;E<|!)n3&
zH+9C{WoJ9Wu#)DxV;|&+*z!1`(7TM8|72(^lLuqHNn(jJ78<3`9nDrSye8&MfT9to
z5p>RPIxxu1W<7a%Z1-Ee-68LE2GdeMHqLyR=5L7H_zxxZ=_)lb8ST$$;|RzoihWz&
z&w##{ox^hR`BA%AmPqBjum^R_kH3Xz)*FT>BLPblRoY((k}GSn#z+nozZ*k6{({#l
z-~7kEdAM59<1d}`M94g<*G3zb7595~F5V{&lQY`Q3+G3vKcBl%F&Ed{%H&3(bqzm)
zYbE}IsK<~Re>lre5(+<j7Lq#!#!^T)?R&Tk*X!S@z&ZV$#<t^*nCCaSSpRq%W<+iV
zWtFDuQ~h#HFZZc;6TvYWG7_J;$jl^tfkNO{#c{#Q-6igOyTEXiBMaHtYWejoB?Xsj
z<eFP`hrP5f=PS}0LQr3<g#`=v9cPl~=BL%a^+v92dn(2v8{;O{974Dzz9Oopcx^X%
z*;-9$G`TUQ==HIveBJNQ@%Y0hCr2rFf3);tnZaUM_Sar`r0QOpzo#lq&*?y1%k|7X
zmE#<y7b4T4z44OA90#E*&3NY%r;_t3L6l_9Y@hyxuK4fd>Za56id|f(O;%SLu4{Us
z%3a_0@4^TB#b+wl7hI=hp-jLr41gMHzQn!Gc>}s=cx^NIYP@+;#tZfeZTDQ4=O3!#
z+>ZUR!(yL)4tG;TS5#x+=|N|AUcP7PMRX*}5Z*DnOYR8Y#(pzOleet-`dNQ~?MSgb
zu1m0o5VkixU70o#q^~6ORi)An$&H)pv*Ksk$=JsHHEe4!XV|N1(<3H_u>b;*{r%sq
zbPLk4ftRFEqw3_J!y&-`hOq^TNd{bf`=w?KzVO)`7&qbtBjMU=)RQR_i^P^WyQY}}
z+1`fisPQ5{y`n^7u+*nM>H7MYTtPyRPc7YAgg)wfAJrrCkwu_twX&i&LfZdaHfQfN
z>>>qUL4fTVp7lHLWVRx@NtI65nIlR`N}lppE+j<g4EtH^mMc+r8eiaNP-x4tr*ZqW
zli`D9Ws_i_%wUAAh-42z3I_&N=G9grUaxs{t05m7FXe4<zj_WcSo=dMe{t<QQ)Q4w
z`}Y=1oSgS$yi=|FZ=rZQEUtCE3Z?)A*INA5mW+#W%O_azFQrs|9@+jJhaoaO?Y5L0
zk8<=iaQ<@id_L!}SaiaR{2Scd?QJ|ORO(a}219Y9tX2q?Jz}gBht3U&xwzyx@h%>x
z`kw1WD<fMh)^quP-m|3BXd$*UP!tYRJe^GKhgZjvF0gb%8-E(rk5O*C-OJE(oHndk
z_ozJWWqE6fEI;&>>z2>?pXoY0vGeK0Mp8>h1E;Sl4OaY~%4suq742e7ab~t><o8p<
zXAQi%bG*9T%|Ta0EmUM{fxNy3nZG|%{m>uT>?RL6Ri%0{ea5tc(mS@ccc0%GEOwy+
zw${0xom?EPDjrWYrhZ;Ymdy6;(!tZ+IJd!oE}%IkA$iiI_4q8WCU~s*^xX1o^;Ck^
zFQEw(_`-7L!0<9Cm8;yio7(x6yqSQmA%Cr2(dwzUaZg%;eX3xWHf4LoGyL3?P+;Yg
z>PU2&J%`<TgX1|zR_B+?mc8Dl;sp3g<NZ}sFDFlB^jmP_I|K1ih&L#4RRFK`%Cv1%
zeRcYo=aSR89%N{ZtRKj^IfLhg5d8G0GEu}4U<3{ZilxY42pnV@EkT)=cNKe`9>5KP
zdUf~fF1X80gzaG%E+8D#d3}C$g8oh-`i<V@n4?8uZ0JtWL38B+x6^9v;5k_I|E3Pu
z@F!0<Zy{qigV#wp3Ql`o2gS_LUZOY__oGAT!=Sxx87+>{&<QltmWYlpsKr!K$`C}G
z!_}R0SS_^J79k!L7FYTopYvJAWx@d6Z`TL%OlGaeC#0!uZoI;fW>lR%osqUqvq4k5
zdai0Dp>G1ouVWY5o7^!dU!F}0GV|o!DPvwWv%G^GwRzSoyyOm~BWihdDLQj-Aydn_
zNUpHEm_Bc;j9Tq(NA09NlgBv<$`26BcVV05Zd7=mQ(Z4o_WqOdpgAz*z@ojqWgRet
zTLP|<kljLg;fBEUfMaiVXQ98qRd)$hf$Ros<agK75I!%h(n|$FjI<_i7f*4R757ww
zR^4LgXh+^QJDev4YlOhLh}xXes#w7Cn(<<uU0b%kEHBG8CLa#D(;3S+L5GwtinWA!
z5{vcAdW>+1vJu%Wfw}3}CK>F~B=&er5;}J$PXXzQ#?8Pp6By)A(xDEx8Q^ItJBZQy
z&LajL>zf&f_L*ZcoU#X21DEUAW^2Y!gikBK0hiKW$2UDgJvfYAS9A>lkr3bt#b$bP
zGb}mOy$OqVqUHwdT}*7vL1j^$#fqV?IFS}h@C-@6X?{9v!;g&<#qf_%VP!N5f>!kv
z4ii%R;+>LEsN=7N^KS7=+^~-~c;NA&cEhnFvhC9~CckkKIR^8xe+#)J4U_r+zmzRI
zZ#5esFN?=9)*k-lz;oW8Eq-hk!|>R`y0dFS*w@ygcX3lvUpgW|$3@5msH<_^=7iN)
zUl!hivE%A;&cX!Tt!^|2uZtwd3tR1Q!p-H*+a+|Ux3=NfGt&|k)7(ynxU7jn+p&DG
zy-ai8)r8yOX5EJ=;*F{`wNU-zSH0!w9L%yavtEFGjX=JW_wiGNzP1}{Q>0IQS|BIO
z_wR43X;D%vFvrRu%uX;iP(`QxrK#BKgekb|))vYa3?1cfsP1$ZY=HdlfP4La0_DCS
zpgfq?Zzk$$NBBW9@a{xuvCtb(69+>a=9vk8A;W_wlC$jdK=YoMXnE`>q*<K>;W*u}
zMv29TsUXM43n?`9dtH1=oG@2aN>DTn5no_6#=)C=a*g$7uu1eL5EYo@gZNP{qma+6
zHtkxH`{xh&NqrHO$Lmy7()eSf@jsXy-lm>DM5lA23;Ui;W%Uw2Yh(VJp-K2HK<K%x
z(p}?=03BZ7smuRi@2lUUYTI@d6;MDxMU+$!5RjJcmX_|2h5<&pO92V#X6Wvrdq7F)
z4u|drsTmj;*n`jeyzlqD`0PJmANv=M#mt&@U+a!5&ilNs+krhP%JQeU7bY7)5xwXe
zUBw@yhQ-xRZ@J9hCTA8KUh(#6i~}w`3N2K<U6-64KJklV#3`iack~WszqdiZrUFom
zoAyk;ns56A#(9KmxKh1Stxri5T(B5pSA*8#npW~)RtjQqN_+P7GWxOQCgNlFN6qsX
zUJML3{QQ_R!Vo)Fu=&W#uR6^g;k?3m_3$R&r}*pLi~i#UScH#D$yY<wv4rw>k4g1s
z(yCG|i#Zvu_*Pk`^}9FKz-q|nVQjIKV;roe-$#d3X|oZ;lM2g%)HI1PULo&U+$^2-
zkC{XI7q-qu58*U0?5Ji_(#|^lgZP9tHL+9^Y0r~ZuM5fG5l;V_JEs0yYbh}%>7s%6
zde9x-`H7=6@(vfwKm+lGx0}{7Vx`M(-&;0fP!dXI>K>8fk&K}9sxO*UZZv~pBMtj^
z2iNteC7adEN`v&WBIZ%#U{l&+aZ^U|6+C;GbGV+h)RfsU;#;|WK`k{WBRR<KxdPXV
z>1+m!%O*XqPgpq~QWk9=O+inIBNEYGM)~MfTO~jjweMI_RotF^`>PV=!;Zai!@lH?
zwJE{L{ws|$J@Pu4(Nf8_>Ie}M^f=99_i@j|%5>EvYs}~B&6dR%Kh(Eo07xWhegvT9
zGNoQ#ae@R?3v2hd3`t)0<uR*yX|8hyJ8<zSv@)VzeM>-#7)1);rpouKGBq>FWC$4h
zcL|Pw<n~Wf7HuKgtX+N0ImokEe45$(P9v#a`kzC9!+3Rxkq%>}C6@ZQMjCI5P%Qlp
z30m2V_o~8;FGF`z*m1n5MvpT6lz+w2ux+kL_6z#pCIsnsyZ9wvSYU2YdIQJFc;v8Y
zkV_Jt^$LZ`TJJ&!#B3xd!wPVazNG~|WbB>NiNPBf9;$iyismi@7(B5-%NvJs<TlDl
z`p*EUo$kwvDAz)DQzN#v?UvzPkOg{$@{jE69cv)WhzMPP((<6N;N38~`~#c!z3hgs
z(Zu3fA0924>KQXih2fi`GKyc%UzS()(8o|>2z%X?y<1X6RrZwI8;^PQmoE}U5`?9v
zvNg~01VCO{h)=+P-Yv`Lp`HvsjOb-*dhQ<cl4KB!f@!-J-qr}rlbuo*f|smlP`o{2
z4jUb)|JL@iYH1?Bnqx~vYU*H0*K(WAXVfU}Y%DyW9XR>*z|nZ8b$EhdmXc5`E$Cr}
zSn5-@WpKeV`bmp)aR|4PJ-#-9A0J~i-N32XX%&HB|M7TcbfKP~mS+A!F?Gqe*5F5R
z>tG2j#-zOJT?sEw(`7>60cmI1R~Ih~);1}zbf2HE+9^7JV{;Z~m(}yopxt^AR=vTp
z&ua!B)JI1IJ^^H>j7}3z>}hb6R(?|Y=|O4LI|OF9KdqoJQ(@|7sO~fUDA&^zSjS(K
zRwX2k;>ohF$i6NRCeE@le|U9Lv`RD)7B^88<&I++orhxlexy(DhCSnRr(=AK`LC)Z
zqm%}(V(Bi;ZMghBenp&iR*AZI1sFw{%Fwl+QRT!EJTkVl8Sj*6V~#IWmLXI+O54+~
ze={XDY(|$Rqbl{`!+nSdB=$$ARy9aLAk;Vf)hboaQ~=$pw~wo<@Hbap8_T_BqJ2ZX
zL-;_9!AgvRZB5KoO^wmZ2LET(V++ShR*SLyGZd}}7BC|n%s0^R`Un%T!>cku4Ez{C
z_esy9Eo{d;`e7-8%C%Hh?48Ix94svy8M7n-1KQumE!0TY*rR<CCng4nZr<as781I6
z+mbE&Mpz`n|3_}Dzb~{%?4l|`31GwUNRvpqr1MZcF0xcMqyD~Tpd<@h!F{tlh7g=6
zxugO`@hn~`ySTuEM<*g!^osOFh~3Mo#bp4)OQyKMjz=?G{Qw=F=6V3V9778D4Lu{B
zD`Vt>2uM3nOPe(ntkn~i6}S1|qrSmh>p+|rXE**3!_+&jZM6hyn(;czFW_oFzT;<(
z6Xx4RUCi&B9Xku8%*HnOu;m&!(mx8NyW-!113br^E$nK$gW5TRJNG)=yXYV872<}x
z7(~1nikJbPD0<1cwz6jiJxm77+$AFozF>xtF}7VNTLeFx@Qw>d?e!G#m|4sE6vaK)
zAmYR<Bl{o4DI8@`spbDF`yeE7i<&&5JpUvjn*{f(_{QdUImv>v#oPewTl0Vtqc7M*
z__ymMh!jnH3)~(vXPOacG@38(dJJISiMk-q8_e(kkEqX+qBW~S?u*_`;T004NI$ED
z2N+u{*HTe>x#m6Ikv^#7gH;ApSzmN~dUWgdXM7((yTNN=#XHnPHVaoIMr!!>+ba53
z4odmepU)#oVfhPl-?zEKQscS#?2-e{07M@bzrFoKuJHR;sI+K;ps}^`<Vtt-F_(2{
zAGQOh2O5FDM0Vsj0nYpcPX%6SBo7+S&oP?Y^!rmK(U9j@!FD4LQ~5*@dIhf+ll`?t
z-Cu(j+F$wb|Dn{vTRJqmfiMXZ*JZXEx$r%EdwaUV!s)3hG9Ej>JkQw@+2K<IcC3(o
zgaWZwW;XWyoo(0I5_D1G(nxe=0)uzEkML?pkF7HYvjFN~o#xo2#1oZIsljQrkGSC{
z<gmH)y*PBOcg0S<x1fI)3`6-Sx9<LBH-tFR%8uh~l7&!ZT>tawzshu=ZZWUAYp_`&
zq3vkEg=c<z*Wl1sLf`-Wt$+XiKX=|j`@6^r5j6@#;plU_UG!HQf4b-T(Z|<Snl_5?
z9^AV7f4Nbp?Yf*%fF_dx!5=#B*6qJV2~9=qsS$e;h}{0aJPg%p!gZ_6+xLpm(Eb+q
z4?jpBe#~rhOyz_2p9cQ--Rb4{KjbgjSLX?*EDOHbR<+bx7*)0?PJ{kOrZwbkl(*YK
zdk2lGMBxK~6&+rnmR5CnIdFMO{*?+<E4{o2Jifh!9<O4T#n>l=AX0@}0wj{sn<Iyx
z%=!8n)qFzp`X4H&`1q)ysX9Nkkq^q~xa3+}M6t60L@9Uaq{(Lb8QU`DNgG1?9HmFn
z{kGaK4?(uw!Z}j~mQE0TCIy_BR5PZpNH!@9p>4r4s|h?a(!1lqDgp?52SXx(S;ZOJ
z&kikgUHNjdX+!lo&?nzr+kV$c=zU!EPjwQ6uzW`ZnV6f^MeKeav{b(uI&*MZA{$ga
zINcYj(O4J5c~=&;!x<lC!ZE>hOz_fINHTtFXLi2iotF}27@Aw4vAVC%L>5UF`yJBW
z993M*XEE1B+h5DSN5A`rp}C$;40kVi6C?a1tlsJL)Q2R#oJ|H?-sT-pA41Ex`lT0Q
zq!{9V;@sd11$uaNJLu!DR#7deqz4B_nf>(E-AhXl{~kPZakVq+t)pTxcY4*^#mf4w
z-8_>uE<G15?w#fX?Ia6$a7kQ|wMdZ~R6+~Z2Eno~s3JE^J8tf<w%!M8LFsBT32L?k
z4xRmDZ9bL0FzI%oF^_p@yNr!ZJa502%+|-`g+1_$6@0YtU1yzV@<d?rgzs>08c<rf
z>KpTOxJQcE>x<;qCreFuo>`2Ol9K^a7*d2IVBy2`#G7YIR^j^YW97w7+k+!LpE~pN
zx5z?o*Idj}&I_^^Hwt!5eoS2VfKHx*zlH|c%`dP^w?BMlMVeHkuVU=|F%K4_IchYW
zz=sohdD1+ie||)Ms~j5o&Ezs~%7)}Q=HF+#{O8#9AtK*QYxfw_aQVyrX#S&hrb`K)
zl-kARpKW`vsD`4-paE#@Fn^}@ww2pt(F7JpPHeTF)*WIhNKZGvsqRVQq21BF5RU?x
z+Npd2H!vt|;%9M+qvd>3WtYMQSe3?8RZteV^B90>kKJx5psS`w`(;G@m=(t2$H_m|
zbI5w+TGXFA>A%@Vi5;n^M_g-qVFEjlF=Br974nsThGyd#s@O*fw|nk|d!@(xQ;7}e
z;BFuFD|KLRwCM8Ha><X@^VJk%|C3J_jMbfOU1l_X{aSgW?u{}=vL!2dt`>`@*x9!>
zCxx~i5#Kzv@gqL7^^8rqx?j%x82wwmGrfa;-VxW1j61Q;;bC^x4W1S|4blacC**_z
zTwG(TNo7rJ`>yA7P@4`wTG+md-PLjRz<KvTw;oT|+y`VP;Rwc*atwQJD1alIK&8GD
zAC4`h!^O!kM|&SIve)RkNe+DD#p_hvog;Ic4vga;s$JVSjOP$|$uw)t=k;80XSa{m
zrtx*m-ud?a{Av6;Rx#?s<6T$fb2@l+wc&+h-n@S0-kzt;GOqT~R27C2g8iWgy(Ycj
zRc{4+R)UMmZ7BDw#nL2LIb`g@j1W?_T*!~yni=>oby!)st_@JI8ZkpE2Q$02_B9>f
z9>|#KiMQ0Vsa>twMaxDV!6d2hhvQahd<!WXD`FqAa8f_d9ytkr<>Z$44ysahd16hK
zW!BCsS(yYFAC*55smswP#j#ei_+U!YD<$a<_-<8c_KqGacc4H1sEMpAmr@*L>RE4n
zz*YbyTqlL6@a<EDuPNo$Rm~q0N<fQKpN}g@KRj`l2X<dp8;M&EZxv_oj^C@d$q=BW
z-HHFedj)%&_<dsJl*!|uy|0DA8S7=57Mae0U}Nvdygd1mM>(wB{exy2&*bY>BZ8d!
z_A)7)b0=2I+HxI?j`a8O<BYBPKJa3ThYZT=?$PlZo_`p9FxP3jxwg8yH&!j@a}1cC
z+3>%4u;3}3!8FKSryB|3``{OqMPjS|=`|1aJ!q5BVE6L_PfwfzE2beT)8Y1)O6WBo
z&m&i1R%Rlt---bzYgi46EK2f2Z|7;@Jl12s@;b3u0?D!9`zcjN#mIoTgCqN3b^hHZ
z^a+*-ed>qE(G?K((oA#c{+#|rv<`Sx@5+A34@2@~d@|v(eC;!~303jt@@(vKr)2l@
zJgre`$-R>}KVK$!5;EeP+N55%^(AvwoqU+Gx7D<|nyal1*0NwD-*U>T$mORNybl1=
zFd6y4r?I*42~Xx0ozjc#37qcF=Y8@qkLwQ=?HweH_Sjcq?-xWXl@3pPojOd;ReAP!
z#5xIF#BpeR6x=EdCqL`LlEI}t`7DtOJ=)wWNfLBkDF6X;^>Ds5X*uc>=_aGrS;$cq
z=O0vzv~S^OO%qtWO^{7=Kp_+KK`8k_9ha&8q^qU7ZU2s6CqYcfS4*JNcz)HfqEagR
z#meD~Wr6AUvFFMd7a~Ch(AfBr4z08kSvL{&)i+K;QI0$Fz@CeZd=D>1dhn}3$FmZZ
z^Nr&~dZpO?R(N>-mRY|GyC^c#^G8jG_t?`uB67W%K_1Vak2$!XyX97>O^t$0?%8Q+
z^5lL!>(ABXq&NAnLmvMTFcVxn{a}T!TvaofK8g71Cz3e!hsZIl9=mowKJmFRBgFA|
z%b(Jz2gKdyY7J<ph)@e0xhR41%$Ln_4+6A#jw9E2Es7DO-j2*A$o%FHYPt5)+q@xJ
zu)7sn+{O-zl+e2=(`VHrKCWku9(Pf@B4;4r62<t9lNC|g+3V5k+1jqujVFdb805EQ
zG5DCJJ&nebo5CT*700W46GSFK`7sj?VmuJrU1w=*3w=e&J=KEyq4h^?iNn&aM`5@!
z$;!b>*2iU6d24#H)atVwbV{^1MBIwK5IO?>uABhcoX&YDsE#_+?&otMOFZIb&)K}%
zgS6SYLY<&`uY>)RnU#h`HgZo&C1``N);n#tI;G1Pr6J&|445=JT#)agEY4k(PHdwZ
z9+PwOUV(9`jS5cJQNZIp;(@=YHGZPhSEPC;BQhMNTs-e)asOdjJoO#j|2df>tvjjk
ze2?VCK`HUrXp{o(Ie&;5uk%#%Yt_KOd(N(|dCG(3&HyalqE&0-lrYJzxeb0)6gd;)
zD~}VK*$`Ba<u%lP52ya;NH}7T>FiTK%FNUOkq)7)!*$)Cb{p?(orX%Ghm3m+>>L}F
zY?2TH=5d9`fZXQuR}-)-q-ZeVOUO(gn^oVGwuIY6jf#EBV(?}sz1Q|Jo6`Dmik<R@
zR!S!F_eU)Z9hTE4-};KIjWXgD(B!Y)du&M>-PD=4eATeV;&vu0l9!qZE3fd!(-{=T
z{dKv({^d>0`^Ja5p4H0U9(wtu?_0$l+G+C?itn?GokqWokK0fs=NNy*z3UahC#3tV
zsM_jc?2AjWqjl4UQiWRT>o)>wE-NdkOZ!)*HhT~y##s`Yu!9gg+K$b9C%Sz1H!3Pn
z@uC4j`pKjuV0_)rNSyO=h9}9bZ`Hq^P9NSo*xNKI_}t;JfxIt+wHuODq#SqI7KJRz
zeKgVU5A3h@=__LA%<b=Z5a9*U5Jph`$3yu0is69=;xe+6qh`x-3%*Ib9W#Pxf_OI+
zfng76;YHTmwc|zIx}OJwgsqL#fVI1?sFXw@x*tn<&*fp;${{mOZ$H`$+11xvY$F+J
zqqIq?y8+Iq$am`@Zf77hVpGiJ^DhP@o%PxazxZQ-MqgP0d4KKmr_;{$?4)!BXR1om
z9Q)RW#bH~w`g`%yL>BJ8Ye64~`*Cya_~<UQ64Hn4XvfrSDC#%t(ie@^o@nn3Dc#Wx
zMC3A5*38u8ka;!OoJqm}C`*}B@Yx8#^bCXt+?k`N>%klEk7;?ss6HE6b2jbYiQTMD
z60M(;vt4Pnhl6NvtF_qRovze&Jjv(;WUFPce3l3{vg@pAY6$wl(e<!W?(Hw7S=lWf
zR<9{+TdNX?GFyMs-IE+Tp`$|+%qr_Fl#1kN9mcuoikRp4Y<?r-_I*tnDLUA~GCsXD
zK|Y@dA5n3|xMiz9N4R;Uywb^GJ!}5i3~hb-4y@CzaxI(@f9oNdYL~QSu8TJ4%sPXJ
zj)Jz+TZYq`W^T+53?6j%fHBv4V!!DRZ#c00jL>5p#$z#@!UUel(WcNbbl?or0}+;(
zqifn)N|a4~wOjfC4;=)QD`6u3;&3M!I4Qrj%J-_L<Z;ARAvfM%=dYvAKK;)X8uhQX
zu<9-8K}nkVB?dU%>{*X(w9)u&lArc<5{#X5WBLU@)f}WD*`8x@9t}G5?pF@RR*th#
zjy<i~y}hnfsiAU>hn3?{%+GOK$5v|qIqS3g49k2w!tj}*lHwl%ZKj`iI?2h{Xh#Gt
z5k`Pu$T2h?X*E^s|Dm#i!^1?Mka$iM1Uwl@(RZE8aG2I}wJr|-G99J8KBtNys1(;M
z9UEp!c(Rk6#oObX7*EOP|LuN+7fv!m<R6Z7RRlm&K5QF*33Opz-O3fC_!3s94pD>T
zE@-<e>K-?^o_B3+SH_?dHoKTcdR7kS8cMkeftIP%A$bF=bU2**8t3bxjFE-Xht$P|
zDy8zN5zxtASgzcB)){@+d)4`rF|`9ae(72;iTXvf(!_RCiJ9Z`tJvC{qUE%srELs4
z(xa$5V`?715*j)=DCYA0wl)*?5urt#Pk8kJ)U{x`?$F*VMaDCi4bVGT&_nAc#|}=*
zveOUpOq_u8N`RsH?L_s*@JwhLS}I@?`8-AA=DHAyz<Odcsn<Xt*w^d4NXnyY<MPUO
zlo!TecvWRH7~(9;)_zP*8@!T}bduA#$vwRmx>*!G5$c6-@Jd8D(MryDeoER*u3TYP
z?qSyz{{haGQy}7|a$gOWbq8_F!~@^Sy3n3<>NSvKIq%BR=Z`cH=_j)a(Vs7}Rh?JE
zg9mr83>2vPTpUF^^Rx5m`(nH1d#^mC>Z88K?H}%iUEG~z5H-rG(&iAnw5PSdI-QzY
z-0Z%C)2igMkX4mp78~|iVs5c)m-}#UCzd|;Y!1E@1y{21u$28IT-UGO_@PLkXg{%K
zMM6?Ub6ZKx%gfuyl-n3i*<!a6B|3e$Q&lJDfo`BDHxp#pf>LoO^fcf9Gm-y&W#*fd
zMGyZO6FiwWv*giH$+uK`SJ7C1Ld)AqJCU6qwwA1@{e^DUdUd&S9=1a<&ei;jG1dr3
z^ycu&0%+=5y&zNYaWx_7mFT{i+EtC=+I$T1fdDNXnXZZzaQT#=oY&0B!^o|iC2zw#
zgCMCsn_W@BaZ-?58Xm?2x8DRd73tdaL8RGT@1?DJDgl0SsY>Z^a9<|R$Mnr+dUSbr
z3=C$IGbAC|?0%(6+Bg*kxl)@gE!Lm)>|uZ&T+$-Bbgkd;jIvMgNIQnsboC5!HqLPw
zdrmYBhmlk~$p{%79I&0v#qvs0ALU$-et|kp`vqQMJL*7#|FNcjcZIPpG<aEh<o(-Y
z1v&G@4z-K}%2;-gQkS*(A>-|!=Yw86<+UU~HlLBqUWFv*!E;~Fe+mD1spqj#?Mx`Y
zFQ_zGH#abZqF_!ka$Y#^MY}7z>+e75(!);V-HM+t)?(%<EDsSVEE<spSHc~)GC9TG
zdeV;Vj(h}uCTs{~e~!zsA`rEUS!6@>B8`*#G9NUrbw1^u<;KHf;a_HA0oRyISc4fd
z;m20kj#JjtMryI`vW?WaAMB9cmlo;smj^5!|K!e&A5ENGa*WiCmrMB7Ul>2~SmmuG
z+k9#Y?8h<suCU9*y9^{NQx_hs&Lfl~fzz|s8^2;BFt^gqNnOxYjWqPwk+lEsenB11
zs<?1C$gI&98@omX+9+ldlOS#dO$AojcJ{|u!QMZ8>45k}kF7XMG9M4j9qiDJLie82
zF^a^Pr|L1l9L?11>FLS&@GKMYOzVdXfPY1y>(pPM3DCO?u1qL;(!eZgJk~MHjhl61
zA}GL{2fDmCvLnLoFunJ#g`>Ak{DwGn7xx&ij<;8@uoG^heW&}jcIP`{CGig)__YbY
ztAUDgP<4UAZ$>#UP~U&26GE_Sr12d|+?)@nN#T173#B`mnHT?{J5h4I&_KzEz8!5g
zcT@3Pw})qNdjxzNotp2a8~9tcB9vt`@I37MLzI4Pc+lRUg!}f*Px8;Q84$cc5)~_?
zy8gjyLCGWJb1mGngkS$4TQSN-{e05R2E5V1zl|Pd8A`ZYcOH}7SSP<1%O_P-zm^HO
zu7&=&V{bo231?u?`VX>|p|las1kGU6KXmLjlyG;jWnKP3HZ@eg{y#hDc#jrN|1{>G
zv=&^xpZm{WX^#a88_`gUyGnJ$?9F(biqO2=5^cl<#f%I-?$vTVg{07kyF}ygHP($K
zTvgk;m#d7jxn68c(d#g}@|MSudjRLJq}3mF$$y1&7ywhyG}Y}dAQzNs78h-M&-l{;
zFZRW(?p`o0tODn*IA2oSoV<A1XmOd2_bgPEoK#;;b`bUj!VO+)HX#<Ya%wUP`EvBD
zB(X+e@X;EXP05#r6b!V;V=|m1aDE9_a-6rUC0iMFsl!CX8nKMJ9B<C_xQzegWAAaY
z5pZ?hLwUQeX~%$&!Ep3lS)YCk=+8SJxNc0~p^Uq&5;NnXi9^1bO70KGP28$!E_2rO
za<=4imtz^#cWL5UGqI$1$vdeKN$#<{TVt!vliLo`$xpqu8(!l;?Z8h(YBwvu%fL~&
z4L>2DYp)tJuIxrTK0a@T=!K^h(wD}%d7PswKI?O<jstm}IycAks#2!(N?&~x>BQYz
z^@>F)P4oF{KnZ^I!QsYpJ|<%Mb?U(Dc>E9BRuAJ5DPiPTxQYJeGbD%A$ayZ^*pO;!
zYgemxSJ|&?Ly{?cgxm?uFOF>XDNQ_XJj>^s2`wHd>DTC?p)1ae@6wfA`0g}U5Eji`
zta{A^E{6neQLzT#ac1_f?02@7FMEQ={dUr0#6*o0N>tQQNTf}(LF51qx)GC6xT!OC
z8O^7yH)cHwQo7kGc*g-`<q}5Gx<oPUksUf-h_7c?#Uf_RV$~l*8n)PA2S2_yI)sF7
zW#LW+Y@Liw!pMY+9YyAULMALP_he0Sep35N8|^`h8iy-G-N^^=F~6cT$hW#j1UEIv
z`+E+ywEW`bO-0*j4?WMWI^mAlyZ|}>{i*3}g;eIXA0Pl+YO_`OOYhcsCl4z}T<aZG
zksk%q^|Z(_mmbO4P55MSqkEde_!;JJP;f@ea<WZqwb_w;rUqH8mf;c5#QLE%db5o*
z%T8z9nMXaQ#lqaCKC4p?Q#*~Fm;bxbOPf%O<s=-7dp67eMl9LxZv)&Xg{KDPuT1ph
zC0uD%d-jrdh7~hwtgen^E}Pqn)p&U1q@G`HwM8RPDg2~3uV3K3xP1nWzjN~yQ5EIU
zSnhuwTcFZc=bBwRZH|UjM&RE^2FzveZ8zj>coT!BdTQcne}V#60H|{`^iG$8p40Q$
zft3V%Khs~DK?5j5@vBBoL@pd9n^7o7gU;2?gmW9~QMMf3OxU@e&R(Q@Y?8*FyX|Hi
z>!j`zIuz=twVCK1s|DmyieUyU!dNZ1i$@m$?s=t_<pWh7Zbo~Ko)c_Jd)0-n)CIjk
zW_zkzQR=@mTM~h81H)|0?3kzOKF3Ag{6PUXRk{nNn0{KpL~Q(zB7@lFojJ7gqB<hP
zya8Uuq#l#WyBs5AGlgVfMUBq%DZ5?7DB4J6FWa1EY5O$>Cr_uz)A;IWpraE#XAi8+
zc~Sp^f7C_An#q&2Wjdg1k9!j;p71bK|HMBl$o|8}zI6V?QTeq##$>X*ukRapxZ(DB
z9Jy!qN3kYNN~=|hZMaNs8!MUa^Q6<t0Hf!Ef_d2zypNk}oE^p<uy@7xA&wq%m;?c)
z_BxodX&eZazJ!KgjXxbBVWW<H<CXtvd!Y7FV}9&OjwZQRk^jPDUzt}zh?7Uc_QW@A
z4W^-Qf^Cp=X<75HspsR1=Og2=yG!YcFgaaHjKSfbM|lMLsbj3MW>v9e(a{*Z92i`U
z-dS<3JIYO4XBeFi!`Wa#GEMCEn^6i~0kq%On`*}SuL^Yn$=tkVM=fYMJKY?(%K+OS
zcALX!P8#oTUiEk_)U<yeVJr<QfRlSLDne9rwgQ3IFrZ_ET1IJa!dnNStEt;k&VwE!
zNuEV<<^1un>X}uC)sUy!=f&KJ_TpOB@fkqvr{s0XE~vF-4?I8CP<>$3A}gS)0~Rh*
z=P0pe-!<y?I^{~mPCBHO1}*-b&+#_Zr!|fnY6h<l&6aj+4sAOuA3RcsIMnY6R<Tx|
zERy)DR71`0{4IM$*xDasOlKFUgs^lo<1AI;G}3K3h0Dtru5P!P2_Pi0`M+rEyVcny
zmQ1Mn5%6)2FK|^7t}seN)ivS@K`+f2M9@p#k!Pm-NXs~IZqDgsnzU=r<19tWTd=vd
z%AV7Wb)xE?I(u=kX>rdtEw?>#EeC^liL=<B9cQj>AS)*T^xio;N2A?}p*SQttkJzI
z7@^NwSP!;3g4CIa7dYG{aUWpbl}33f>Bd1JH)k~0T{r4iw5ubZw;G09kv(MKP*6i>
z4z>!^iube{^1eoL_Ox1C>1)mDIBfQ|V`v^rw?TQ*U}B0_F?-6gp?3wmWZv%mPYt#E
z7FVQ#6hCDU2ZfDh&toO@pK$NX(nocL{W32d{Zgb&l7FWng||42#_+rDon)Kbr|w}8
z?P-?`C>=zrZxSYtU%NBdaus<3s80H%TB%zxxHzj~_|nvr33AfG&if#EAfae=ZPE65
zVz{ZP0K(Yv(*#K2E@Pz6GQV5=hSv=GP0fQT;k(E3Q{+d`4}>z6X`~hN?(2$mmMmgU
zN1R=@V?A40sF>rCui^IBmxy5Rf?htOM+mxY!<;?B!s;g$t|-{gJ^I35NmFriN<__?
z{R}EF2gUlVh_GoUscv`Zp;IEU_To=3%9=6$&O#PHYmowiKeN1$ijk4IRfG$&jB*1k
z15M8TesyZB5`@hZsnq8zOt0{k+BDI*2_EPeu4Pi>tSv7wDTlOF#fz@xVw1%486KDU
zYCW7Tcr1?cdB1J_gWDN#&rl+Nx<%_@{ABQcxb#nr&C}Vk_ReI3)9UDK*&GLzSn2su
zL3i2N+=b!DP~w(}IB$r)&G4b^7<CD|BX?#Nh0Xve4Nn(>Pg1z~De=$X<D!zwrbm*{
z=jrTUz`H3%Ja$8{p2>;gx#fy3pDIp~B&zkf*n#KT^(LP3!Uv~0fYuScIpw|7D5r-C
z&wYh3>n;@UEusG@l*Eg;8xYnc@gybcK_ga6{gI`K`|U_*T|topl~sHGyGVLZ{W-f+
zv5xRB&FV8sU-Yt`WY42uwOE1*kx8?`8RBEd6Px?uo@VYfd8GnlQ&TdVdWtqz)XkJ}
zSq4SUPg1ZZ<dr=0?L*@$7{&UBlV;JEa!Pbo0q*O}j)px6^EOG2;}=!2u$AgnSchwz
ziE{E$Ga^6xYjO71hAr07pk=BKcU+Ik?7jn$@~!Fh)pye!4OW^9Bx$T@xA9PZ`z;j_
ziofyC|7Zp>w8%T)M!n=Hz1r%tp{`moRXz1_8tw@y?ooOc;T11x$Jxl1S@S5hR;Ndq
z3QfZWa-ZdKW`2Wj>wQ^HqM&LCX;8pMTXh`NzyEL!?I2ZmAf{k{;1SCfb(vPUnuk-+
zd;Jns$Kq^L>8Me)+gj^Dtko2ZY)T4RY8?kyIpnE0f+U8|cC?r{yA^8?XF$(Ewpqz`
zL$G$X&aepu^Z`P}3rD|vk#Y_qjd+Fp3VL0!?R9E(1jRq=AsO6d8E<c73Xi3<y|&pL
z<d}GGKKvp0Q1{(K?nl#$h;>XV#30Yz3Z4n7$dOp$h#HmlR>gA?c-GInS=AH2z?<Y)
zWQnHO1$9o4Yb)<)OctCF8tTI;KU6*q=<k94itVx+iwb{O=cPSAxBG?EbyfQ6{81Kv
zbY*A;B+lU)4eYIZ!?Ygj!ojlJGpGij#8wiSx>g6^?NY`noY1ryPVvsjFhNL(jqrPS
zib;V3e`SukhgnCeZKJ7BP&)N@kJNNKVlT>}>sZJ-HjDhGo4x=N+Miy@&Opd{TRh((
zmw+8%G8-f}h!?x9I#Xga)YKo=I5>uGB@^lkzTd0>3R!nxgcHz$=Yj({-AswLf!<sF
z(T<D<!4pWTENLl|fPUMb_rK?8j?$puKc%ip*Dk0a`G_92>Hd4wD9#VDNe3x>FUK#@
zSoEiPXMb9-O)EYhC07TJ&8NoFm?gE1pV`bcbWrwsz)m;4dGBQge#?3M0_nC{T>ton
z=y&Udl4ZQuj4u}SQeW7154hI^yu#hto5)@NK?`*oxrWNPoKG6lo|5zGd6+M6U5yBy
zl*f$6h6z*d|Ej_Di8*K3<uqFKUiG%SC>m)Movv7Cde(rHq`FLxEa*nh*_a0A9R#BA
zyZI=H4KVU;>K$VBHym$xvcF1VE{7<izqa+X-uHalaO!`A(s{8}_r7-zZGhP0EQ3rA
z8cNch5<GoMxHsE;dAWJD`i`ZS_{GN;AMf8wu6bDR=e(-+pC$A6l@Q(oF+E~u$f-pC
zy8vwI;6uY9`!du(c=Wr2<_1?Ta*g-ms$p~VPF~c=y1T(7P3w^$T}vJLHwvpZo;^7d
zfe9bdIGk*C$+stzcpah8bU0g)w>HZWuy;59FQl!wT1kM?X}vFOe<%N_8j_VI^V06e
zXZOeJ^J=evo-eG0e}O=HZWQh=rnw@DS359;cBgpQNO$jZHi%iyEU{gf&-`5t<QAti
z+RK|Op8-?sVN%x43|)JSV$d8R$ccQ%JbFe2^lyyHZHCcG6UraQnOgvEQ(`LW-M?hE
zUrSt<==<nRsXkS)3D>B|<3i60SE|(*-;VLb*0IS{ugu4HTj$cXIo+S3f#<^FIIA4F
zMb^R)tDHqozlPcAqHQR<r$E(#A8{z!^See!wek3(&Rxy>UdaqV=phiz?YIQ5Mne9h
zo%|wQiLU!-zJwcNL+LwVB&XVEUSA&1CuGY{!a@!p^!)!uI{)M1siupXJ+oTtk+u&N
zPbw5>DtcK6S`PrHUOg;kH|tlep5UpM0q0{5q7y1EKMR*9_Y$Y?Tn3y^;FJs)mhu42
zA_Fow#b84foh94y^mi|4gb?H2abhC>jnw!$(GF#df_IgYg<tykP@}M_q`PT<&x-$Y
zN__NDfDIxx+TfqQryeRD1*h<Iw_U(nyhkK@X>P2W7YiVtD2?|~*v%)|?5J-)4x{bz
zAc>%wUh#U?y0hX6(YJ0q92Lw<8wyLY-le@gDsjs<O(9)3Prt2oCH@4df%Fzk!*#xa
zjrsO!3rW3sEfvt~PW=@H5HX7SI;D8w;O<j+vM*d+g4aHExIKrm8vm!e|8;emcrQEV
zQ;bH$2$oXRq8ZtPTFG0!=}*ijH`P7O&1*~1H|tfB&%&^+-d~;@kNmf&Rk}jb)bD8T
z6|}_YMMPm+<BDCAH_}VcQizC%piuau6M8UL(TX0pj^d&xkUkrt<#iC^gsONe#`p(6
zsp<Z^eP|TSJr+h1F#(aDZ1md<9p;CyXFo)_RG4+&Od`Buu?Ij!11X%f=VG?s(w=hO
z*bVZXz<THY@ZGjvBN2u6ynh@@Vju5&jN!*cZ_NPK)}d7x#T|6WD*{)It4qokME^Zr
zq*6jX4bt-|v2)c_yYQaWJEWW4tb}(NC4GCTk#5{etfn`5@Gor6^freg&RX8!%pWWm
z>L)LJuHmyl8S{VqISM|zI8NmKZ-M^m@w@L)Uh^&6`~Lv#eZPh!6Ve3i{{ff0b&c)4
zV9fXj*%Gc{$)i!Tz5gEGYdjW(nF?KFrtMU3|3S9OYs}OO(MNjI@%@dNzD5b>Q|EVM
z&i=mL*WenK>{Cdq{|8+1*0peW@k9S0TOZoX?|iOnVgI#qQUB_=-L^klB%K!Yh7Vm`
z_UnM>bo0{UhG?vJ7_z?LjOnlVScbL4d$-ex4SsO`N;ahWa7}Z0o1yOtS_jeC8v6^M
z^VpShzxzoO)%(nXo_}a1UM+pC9U4C|qYsNd*R`Ig4QY<?^4qAf9^M(dZLMHCk;=nG
zdzJ9S+dxjI0L6mRT=s&;4FKpL=5ZSi5RIVt=2s2l9!qtbSJ}4hdc0$Jmq+1W@b6aM
z0^#2M<A|V)TA@IT_XOSg%(i0y{Tj7|0w)iX3qR*&ef-3e6ySN8!<J#=wj&RFpjjw*
zm`UIh*tw|=mU~efRlzAONG!`vNEkGSsZ)HbNS{e9;__y<3iYBn(yW<TX%<zV&rVH0
zl_MSH)aj2XEjiCHpNzBEZWgcvGPCj0SgamNp_j0yH9y#Bz&ywr>*g-s1z<xd7YJ{w
zwIKW>U;N?G_GscjaQ{SUi@^Rtty!4;ir(thfI3yKfP-<zX{05w476dedd)-6Pw0*e
zE|W-j=_TGmTDstqAm5wg`<C*(y~BY#$PVfJ*mQvG=`O??9(fhrz-!ZZJoiRX>%9sK
z+!XHQIBwR{+fVpL3ClCyrd-kUm=IE4P+if~=P_qlx#{=;@e5PbI7V1IdfPezrh+=-
zM)r)>@!2)*7C-xV#=Y9E&yizTbDBXI)BY@|Lb_6bj&We40>_445&%iJ)ZWfvFH>ZV
zpDw%Lq$@gWWQ&b81vyBjd>^V-cg||AobKnsu|zE&VdQDz%{>PlwA-V;v-|nAER53R
zLw%$evySJeswXfR2A&ko$v|^Sr|Qls+x~#6Pjt1-f3x_8`*!Ur^K#BF5$BwjRP((j
zrzRIewd-=b+YF`&`7^b9pQmfm9Cz^#d;IPz<l;Ij*w(o9<(x5ft*T++D<(Il&#QZT
zpLT>#Ku7cLbY;g|qBh^F8JoZST?=5`+?oompuat}C``1Hypv<UgMtw@{Eu(LZX<vy
z)h6d@`iF3;HThB^L+PGh>g1_o@vn+OGG(b1XF`A8eu#hf?Qjz|+EYRu-dF-W;tVCJ
zXX0!WzI1J1DbUhncAStNoGE%@F&dfar-@Y?-;HJJ$rG$**5TR<krw{VyE~})NjdXx
z;LTF~U%;DA!|B^KBC5~NZDBvwK&i_1V5OO&s@gBrPE{PeQsE!y2~4M3RzF=ysH#R4
zrM2|4p|}CBzzdaLZ1WDo@6o^Sr$0d{pP29zsT<1Y+u%!Puc;UFKtPfpr@l5HeQqd`
zm&>py4dLwh-c+jA>)z8dZYp-DCcOYa4isPsdN~ut{83@8Dq4n|uDjtV^saS>DYD#J
zzdp|)cJfpAqT?(FpVMG>PNfX%zK)gEd!RYbTd#3KX#X_F+Tm~ruBG$+L^5LJ&@I>X
z+vF0{zqx!sd6L7rnowaBlW!(SR4oi*>+rQIX)-(u@nLyM#IYhuqBA?HgLOeWXoS9H
zN7B<`;>&!YiNGgq6i)x?{EW^0hPA=05}Mt-v$}=GC5oajLO>Sksmm$4+m)$O3LAxD
zfus?}q~~xDt6;@C{h-Ne>`H$i(BxOeCnM=zS|hJYi-~?qCZnr5Kka2T<5{&A-beF=
zZwODmKI1>Ws3<_snVX`q-z>>eXCf&drBEfAsy_J$#gSTETIwXJFrE8s(T3ozVf|%N
zr5-9RLr%4-*`~l4@63jW!buZ&gxKNh`IcdO<pu5!cY0hAPO+lsB#|fz44ij!!kdn}
zdMT`kfW`}>5~a94pKY=^-+Z?wpME<Dh*Ygh7MOlf9;idVewb}^=$DAXJd_?2*{^?L
z8?Uvuo;&y;m7+8oJP+-yrVb@qn&9E+jD$HfW+n#^@a3)QRsROd0^~LC05lsE5U?xp
zP*=x^3yfqt@S&Usd5P+5zmPNq@5C>Jy9)HUS2k8l@si}N=|xX_5h0Bp#L6cr#<5wN
z8}ptA5`-&4k^A+g>N*u)=wef)5a@}2Ut|AeTs00KYwz%IpfuHJe?SK^(#%%_rDM<<
z=fE|;B>POwXr8b!(QeA_?c8L(zYG)4vY8}OSeAU{E=8y32!CVL+4G>_C!sjOQdnS3
zIJcXI+oyBh7N`KU(-zB?B`P)R!G7E;zY5CszMUK(HMS1(T4%<6q}y`}F&7;P)8wNR
zT8w&>1%Gjc@$LAAgYe=T+9JQiHql&UW&R0GOA#q40kjpll}!LTX?>a*ujZ+j9~Yf8
zg3q0QAg3c8ifHV5zpNlKH<OMiE1>SCblx19IBC~%%`7|BSd5Hz4{o^v)z6(|!YjKc
zVFzyC4R&7o@r^thrQP-yuqHe5%z6aU@|X@7ZoodFcm)Y9gg+jnGG(MwvN^Clh%e~S
zhxWd-S4Iz$A!Biy`j$(*#7ZasNeE?}@%W5$18?-RVBWXbfP8dCMj(NflB-^zUVqqX
zS9PUc^L+D?<26sZaYBZ4rEOu}YVN0Vg?^gW7-IH8jBwyaK4$d_EW<uKLBy|Q*Qj~c
z-K{n>%kg<uizES2nrU~C`*tWU8LgAowk8UODnF(aYv0Q`k|0K&kLggicdt?`oKDy2
zp!adz=+0Zdy)rL~)yJ5`>YI4C0L1WSm+7%JJ3Ee1C&yafGIQG1LM+AkDif!j4{itc
zwHK7<)dk{PSOw@^$NJ11FXyHp>MAj)xJb&~K4x-SC8l@3^3ZN7`RSluUjna`?Ti{m
zt!EYE^6^pr%G4j>rO4otW=}o&gTg$JM&%CcTX~)u)Yyk1JrYT8cy|{UXq0=>c;a0v
zwkiZRXIp#6x8<k}2A_Il@4TiHQz@>JDP|DytX3N@k4mDI+MCXl#&2PWaVCoh3(S7T
z6u%p<<NZ^<sbE!4KMj7m^I?m$O5$nB!m52`Rjp4ToCKN3dV(~d=zQI9>exrfq7{Gt
z)LBJD17Q5x(<Nbp1fTbX6yiCjqVXj1*Uz<T%0q%sdv{s(gJvs?MOFiOo?xFt_)kUC
zHolvoq%VvHkI37-hNJL2Ra<#vEdJ73GR<{4X5{1h!?I>2sYwP+8YU1y>!F=q5M<%7
zw~AgrgyaJ%?Zk2`yXL|#X)%-pmhQecuBNu4(Xz=P)GdiY$G`186{%i2HW&Y_1iqcX
zWLY(mKvb3U<&tzfXr@dPD<_SXSchDCy(l1$znW86uFiF>fPXiC^B2nR=e?jb{dB_{
z`c;W_JmAuIFjA;|zw*+fZe(*B(X-K~Z#<yWqDE>l1sVm`5V|X*n5b-V{HAqn$&|z-
z6-G7PFB-GjSh-)|$y=17efsfj5n?YJKvCy#-ecP#NIQGN1MY4^OsBbxmZ%Rmv>2;&
z^G-j&=b#anCOSuTG`rRZ>luRY;H(Ggwj99OrO0pr_lx5e0#Pr@7x&Gt?%YDZF%eMA
zg>QE$l*ypygW|OWQ!Bhv^0UnFaQG{1kB@y3Q~8+N{`+C%TroBK#mj5q@}N|!_k(U>
z$x#qH@m!?Uz{o1`qsMyEkn;Gwu2x<5(FcW9jGcse*h4)G9sy1*Fuj9B&)Yi%e$T-+
zKc2-tarCc0Jas=yV=8YUm)*Sj7bR<z6i+7{G2+Gclu?ElL^MCEb#fBcpVr5uTp5a@
zg44CZmJ_CVwAjIXX5E0?7(hdCguWao6?KdP3MQ)TFoS(jN@0bEgR>u!r?`ab(e&jS
z0awX%i+1Oxp}Q}1e7Uy`u19L>jtS3=ks1=X=a5C_ZUc;0x0x=mDQze?mD%jFFJ@9m
zyR<57I`DBi_A)&I(wkmd*CQ{YGna<NJD^mnY=+JQJ1$*xijx4n0f*o8ssRCa3XNnL
z?`7SR(27s0{Jr$2Z}y|LdL_V24=VX$8&7CUK#1pTJEM{@1dU4mSDiDt!<}<)HCC=h
z1(<t_?y(-m8d*kRUlPY|AjM$6`uYZUYV*CF&S?xAAsZ+H&ey~_*p{QEFbmf;sfsI=
zt?~w|$~R44h|_ZIXieOiF%0K~Cr+RGl}F@JYh}UxJ@v+!U-R_}dvd#;kaPct`Yf-r
z{=$1%S;<eQHpeRF(pBBYum@dWqd}0_&zlqz#(Yx|=Yche#ds23mv=1l1^bd+*Xr@v
zW;hdZv^kJuGO#Ds-%I(+n2aWfRq!BtgnL<!TH(XNLx6q8<T>wb4qMvXj1c~cD+vN3
zw(cnVeQ6+YqJb)ReouUmk9W&*u>SpHziTKV1_}E7aZmR7%>eT>@vh}SY^-_$lZv)=
ztCl*DS*)Y;n9Z+oot+=uj7?oF36OnK$>VuS5Rh*Zc9AdHJE4MNO|7q*r#J>MDx!-f
zOmr!sGInQM@y5IGO2_NHv;YH1MV2LwBII+`>MDNQ;<aqvq4m32j>HkjG5xGZnJBcW
zf~^Nv92mHh0Ypk011YmgKcfhpy9T&1n}0>j|BcrPx#Jrg`N9rgJ;V6J;zHRi2WC`^
zK)U10N_xYq`3*0aGhH(odZP_UZcNVKZ4G@#5hk3<FnSzrYQyVJONU@acv&+ke6sxq
z0Wna(FZ4Uv>rvtV#>@VS(qR-rh-wJm{mwrGV%Lu(l|@-$4EJ<djGJS0{RYqwl$rVe
z9q|A340w_Kx&O<bR=}>p!WYOiJhj~MkfRI_B5xMB1EueoqR$P_sH~+H7#}C`X1WSg
z4NUz_b}E_~uguNy$vK}B)H&Hl*WH&YXgirBPMZa_z`qW;wrpr>KaS$EHT0-kzn4ce
z-?cfGNP)Jif|`H4p3K--H|8Ht*tdJ5N81ngfE^xj0;j)}osX@>+o(Zfe?c=2u75)_
zqsC?@pK_RMUzA8oKmFp#V&@VynQYPTJh)C~)BlwO?#6E`>+xw)!}2kz(LlM|zA$<e
zdb|t&$;^6V)o#2%<I$y8E<BpJSdIO}M#v6GX_(q`OR0H_dbti_Kh7zT-`nzI)j;{0
zr$(nU={U>BXJigS3rbjJh!dp{d%+t|L{T3itV75YI9_+lC4Q$XR<p0(9FnYEji-Hs
zrDo;&!o;b{ZX{rS5uehZi%D!gpV~gpI&f<)r}t!k{kY<Rq*smJhDh+-B^Z@iRDdI$
zdb)WGDB;KmP1m!u2(+}>EF!rY`8wlColJ?Rfl@}kCsaH)b=AVFk0w^KG3V%DMGB{H
z2HQhA$V>|NUS;>5;>~ict&swIKyb!z%Ut~V_C!@v9S4tS%rJupcn@FX;<c*YB!7>=
z#-dYo$EXbZ;ZqEeJ9jT=Q7C;{Qu_^*{`TD@g0lOY+UIj~U;?5ma-jIrIi~$Ox?;l1
z-ACC2)I0#*`*k`I3dN2bkaJZ~wR|4ji7<SwRm&bGdj>ZJ$$>*QOm>Vgfrk>Qo}l9L
zaZcB6N5-|o$0o6+o+>)Y2M^risU;c1M~@+zQ^yp220Np@c)2sJS~N`qW0SDV(uU%u
z8ISK2{_MXKK%3TEw4b%`z5WZ~c~pSM^Em?m-je`Rs&o$SKV(8F$2LJj>YE`*yuZ-j
z36Oj`qp+OvZMvMKac`Z|g@yO)G9nstiSUatyUlTd+2Bb5Qs7|iMCw%bAR=$f3Kh4y
zZr;(EZcP4HW@XxId#RI$VPsVnmteFQ#y9=m+>Etafq_di_mItq^EM{0s)=U*oo_6g
zIh6r#xet4ovTaRc#(Ba8UV2R-8as|VzJ$45zue#Xo2ml`Ig?=}u2#@Hw8&(75P8d3
z#oxTDH|s+w;k2}E`kpRI^Al9<DZEO1x2_$eZ=%KzZrGrYXILsb6*NjYL4H)viEE{*
zld7wXXe^`(v=QSh08rI%VNJf8wkx#nkqWJ%%MzrlSb-Et>i<`Qq(5fgG!ziiWZeFf
z611=D@xCXSu1j@GyS3?SQ_a$6P%2_-SZVuZu*^fMSaUOZwv%c|-LH<vY*#fpAuGog
zt{*$Db{J*6c|G45nN%*LG8EW<OiR|S>*ehIrmx!wT*2-HbZW$W5=W_sGCqs7pc{eW
zuJE@l?!bnvWy#Bf))CR3SYb-#Xpg}W*Q?y7bx2H7QWhJLJ@_S9_FYPhUFaOFEw2%l
zyURPRLUT19AFiiUDvpK1ZXBm?nXKO~891<@cg<yi6IHxnV0WBicRSkjwwg;-)LAzl
z*Z5Tp;rg8pY1#VLs=v>+`~Gm|$njhQ?pl1W=2(l(Yy@B3;Eq`B`l927pp}kJ{+b>N
zIO-#beKM-6^ZM$I_aIW7a0P!N-qiDSHyFj?AYsT^xF!gY3?^#cU<e2`;{DG4I}$40
ze-p+-^XSW0MvoQKb#&j?@oPX&$xz}N-u1I##U80N6p1Oiv(TOJ?ox9pi|9n3JF~S$
zi|M1T+?44m#{&F&+*nbuwnXQA$q{^pv-G01z2GxD0S{|$r>jmHs~*E~fsP{6E_y&%
zs3&Xu9FN;cD?ab4rvZv##g5#yusKsdm(%Uiw|599lKu_uREu7tNRlf|A-zcXt;4)1
z<!t?wH1&v>JC#v<?|voR%tn9l(H4!dUY%BD{49DcBxK4CII4YSxpat&D_Fd$H*S+L
zIj0;qk+u4aaMth|u1V^LJg{~8!VjRG-O6#rEvi@FZ4MeWyR0o0=2aH(v}v)8ZNPL!
zF3qF9VOaW=7~YI;5w5TArZML>i8M#0e^bXl{M`9fKhfo6sl6y3=T}^ZBW|Co<YR*q
zfTVk7-%UpcTKNry$lGjCB-g&+Qnr}gpMs33B>eg@8A{K8hvo5fIL&w&{wC+iVUy@}
zj^CQi&wbbL;q1e0BaeyTwI^g#u#}qAu>^taMoCcWvJ$0#oMaprF?Z?Hpf{diT&B^_
zvHm4<(lIOqDfI*?0%bSo{T`jw1$TVzvwqsvNOeD>m^L*La@_Cdi`6;9^)^GFNz@NB
zy!Xdf`^^C<=IfNB+`N9B8<@m`+0($^iFqmf7#~<j-Mm{zM9z703;&guXWAUQ|8xFJ
zQsGgD^!5*78ySJ|7rINPk{mnW!@~!(<a;AlqvsM-HGGX&;{?(X=0;V7Ecouq`jJeK
zEoolpj9v^4-(khmjx*&RNROm=j=iB;=>f;(oC05b0&R<%jDP^+C2RGmj5~|5P0u&m
zZb}JU;;F-!UDDI>@2DUq{WJgj+|M^xtkyTnBc7(Rgb&JsNrD;>Qyvwi<?2LoI#ebf
z>=hUfmCDz;DONWPM}W+yCbp)*yQ7Aa&_l4NmM?J~OwxL9uy6ZRbb0g*H@wtAe_T6F
z`8}W4W>Q&IJUpf`&sJM3T^IuoHPRR^fwH%6xD<@UzNT?P5}ml9mtiH<3OR|Ugxupp
z3Br^eEZmivdb47$LDkegGWx3^r$R!Cs-VWA@r=&PEiQTnCFscGcEqgfI;KEv_;U|1
z7d4PD{ohG_EBVcp{6IBza?7U9GYPx;po8tKDAtN7)~&)`S(>o;C;R-r`lDDS$sh=r
zD|bgxDy(^F3W=WVOmZDQtZTA9zTq}(_@LGBI4a?!S|kH;W6m%8*8<ASsSH&MsyaEk
z?Xe~by-V(|4BRR4l+dLZvz_p!3}yRil<eP_&2Kf1yuFgpTmu{`ptJ~l#$x4X=B5sn
zo6w@n2@*YC)ao_;VpCH7Zt`UDL#Dmhj?b%2vl+2SU3i-rXfo`_)xg}z44JZA)A`|)
z>1VrxL&9H3h2z6CHn!gZ&Hw)6#dy1xDsG@HpXW5P;#jrN;cW<{pk>5Vdzf~;Q>ngY
zWpvd>wS*gIKeAXE_B3Cw;fQ{aEN2?l12FQ2iB8H9=dC&p+IqEIl^f>G6us5bpZ?M%
z8(hUZ_L~Tl1?AfH{5crVul0<B9?+&9mN)D&UZR4c@XWa^#^6vf#`Ea2^X(Qu?pr<>
z(2knS;ie%~K-r2e_uM|r8)FXz`!ol|#^j0;19cBVdG=7bZ~BVrgb<s#%W?!AUCyvS
zQ>vyzvE0!Pw_}{*W}Vma7ETAF{^DP$bLDa$kaGp_SvEHpa<l#eDg`7m|D*Q99l$v~
zP)40}t?3luD{YYhSXR_N_--UF?Z!zlHx*oLQ3o|Wnqa`7BVL}8F$+(-tkovS`%bw4
z8+_|RJs^8yP2cjBVS4X5ctOSK<kSMxJUc@|$?lBQ&N>So(o427y_JBXRlm~<)6%z0
zPOY?_OK9fN)*Q}LSdT9N4%y*O9J&rhI-7xY5-or(^C2>GGW7=qEcek5j225F7WY&c
z;4LZ)hMltAI@PSxECcO+KaI{)Xn8Jr21fr6dv6^O<@UCXZcsr)R6s&P1O=p3x{(lx
zp&6PXq#2NIQ0bQL?#`i0C8V37LAra$890x7@Avz@_Z@%d{D02*`*Gx1Yu(RU>%Q*m
zx^79|=uStec<B;%=z`r!G$4`Nd9bduc70e;@nbX!o6INYpiR<@e~__?g5&4`+ZDU>
zU7vRg$t*%u{)Mrk&5?ZW_CQ;|!Z}O6Q}Es}jLV2^t~{GGT=21gsN(Q{PIA*xIAfev
zbRUb6?o}3Gu?drYa>`W>Usmq*kZC^qG*D?}O!%PZ%%-Mc#cEj>cTJ4+>%kRS0Re7^
z=VA1tzcp)<!F#Rl_qXR!nS+MJt%pfLAuK(q_mhHxa;R900apUPo`~X8n8&_}t*7!E
zwa`|Bb(4{B;)Uxcyv~Eqxf{ngTt=<}cYY-#NS|Gr)Oyj>G;(|J8X8-?so$I9Y3;i+
z>Av{J>(hNI^nhv=S^uibf_K#Lv$U5^_S|?}W)nweZko<m;A*pd-YUjB>&h$Q_+<XE
z5u0~Fryw3s;N@?AtL3n+@w_8Qda7<KVmA7HZ8^<9(z7ky969~D85dqSxoFJvtKBfG
zPzt;gJ~&h>#!<7ZGeQOt!QC2j1@tqoc%Bk_A3|a_`^q|u)2(i#?E6kMEilBfe(MsC
zon}SBIX_16$;xUsW@}kx$c<6!Eb?5;kWRyPPiJ$tU$eITWTtr|!9-GL*M@|VuSF!!
z56h@*HB4C582ui6S9<`H*v=@YzLSn``+mf*-vJ$01j513f!HpFfUED(lhxYtmIqlx
zyCs~&^)aln*76;(Yb}|U%8h(X+i$I<<f&$6cAAb@PJZd&0jf3`bFJ4LaJn~}E>!}W
zDMH%6v6%alFnp75H0dbr_vL+YE@+pbzcAwpMB=Fn!@s#eFkAbw?DW208d~NejVkIF
zq#`D6Z1gV|6#(d2d8}-HL>GTeT?Wt|<e4fdngqPL^jD*c@znkSIE`ak3O)J{60cpI
zww77dfUDSIA??lTA3&uIc6=ke8lz3~;oux2%(oEOO!tpX+$lwX`W)XMZ_=McBp>Hr
zx~p`?qNe+>$g@mnNyUviq9lw<<eE|wc=?CZQ!l6I@qIBdF#yDd?3E@aTICWrE47nF
zpcmIqj%%8i1>gVl>*F;G9AN7rXsJ1S8n5}EsZl^^9<+X1bso-;fB2Xrv85<~Tg4_r
zX!;SSRbPPAb8C*tg>S1iVvrfP+v%7XH^7YokwzQwXT<3*40;UR=2f4!_-FzD&kqjL
z{@PT#(ICM256?dmJVR~$|3Cll2j%}KrtYo{qcR$74MfRZpSFi?wflmG+hek(VrN3$
z1b(NS_UYQ7{=>7QaCP4e-kq@FTMb<7XQxixhfS_wN#`<R!OM;33A*k+#Mn~aX;SI8
zP*OLtUuKEXgU<Br;+M?}2kf)jp$$9gqulJ-$m4^uEdJV|lgc`6x2?r&q~VAH_C$M(
z`KDUYMZ3-DjZ{np`~jy=E!>4esH~i=6Zxhf$Hq0KK;EwL{I1YkSZACP@S(HjaGjyy
z8vw;_X!EkhYTo4z6?tB(#&ARDZgY&B&Z$$g+&XC?!%a!{PUy%WmU3uT<s49SR10X~
z^giYqoj9?uv^&HnGgLH(U>18qA%ot-XppXmKk?nEnvKH`V%~;fBTmOTx6|q?PeO^P
zm|xF0(Ql|+rtNzn;Eh;3)7quJ2LTbH$t0Q9(aH~$;SvE<IZt?1bxMydC~DyeT)MfB
z$AGNg`|^<81?_5CSB<IG*(v@+;FS24IO3;n!lSgqEtIM)mLuxatF*zQZ8bIh{y+9#
z+}$%nHkC>&ebrK!thaqdx-R^mJ`N9-LffR<R$252xu^w3%1(K8I1z_$&)6=NSe?vh
z43+;&Dwjxlzf-sKDJaJj0O`wSa|Ud4k<nuky2ch8_!b;o;}R{_I*2E3?)5hR@O?nm
zZstJkJhyVhGHNZ0owVU}%SvVcCAKXEmqp4z{k-d2b2h38S2H}z=*n}o0!6P{+xr0J
zr`|^X*8gVwIQu?U=1WY<Mcya7Dm-hRe0Y`+#FqrClB4uHS(MG=D9Sf}nhaOu5CY}(
zmK-~6i5!{`m@b81n2_PsN}xmPU(`fMG6qmz{NMg7oP)${`<8QtgWR6wq}dtm25NhN
zBUFwj+i{|xX$ydW?pT#tR5#((ukMpydsE$Hqn(`OBll*Pg5CUHuqG!F?<e|{u*}>b
zBU_8KXn7>kBHtj#{pk_ok-ac_uFa}z2AwnkedBpS1VHR*oG3W_o7R)JP15|ewD<&y
zAeBCbg!PsX(`52Ey=^VKzCH-1DuK~EV24S0e1xCMx=q5XDvjyu!n6v@riEV^&L|cP
z4Yj&2iw&Q~lHBwf<!&C8;^*$l7{XPhefxvg@q{8t;w)^NWhO6+r#5jEOJj8ZRq)k&
zsNDmaDSrqLBPcmJBMa-1VQVX@Wo_nl`okCBbXUD7J5;He5^%dP=)4y`TQoLuv>0@g
zQ1dImByHPQJ)(8|`57Z;v6tg^qke*m@w!mV9c7b}6TrIw#6`&<9S{5HmQb0gvZwsN
z_&+*5Oy|W5ecUND@LtO7A7D1i*eL0#<=UxJ>-vGX*8ya-l>Y~tD5S_<urpLO4mQvo
zWjAEyU$B^->_%juAf4H2TXyO!#|}%=>W7`mzjnD+0$$I)!xp$M*G8K)N9U%tZp-%O
zaj)sZO$48>>UtcWg}m<{d<H1nOhndy(^CI?PWz}Bvw^M^p^La!F7wDLpN&i0sOCfL
z9ECW=7U}+<lD&5bl#bV2!>>UJIbL};8QSibB>zy0q~NUI?M;z|Y-3-)b9h-@^G|pG
zcWGWxRY+QzvQkzus@%pVLz7KnAYP^NJR`E0e?dB0H{VEjOQuQ)31;E<vJceYu=$xp
z=r2&}u_;WgueaAu&D1r|!}m@zYipF0!lqY}4Ln*fQaHa^G5ip(j^?oR*VbyJp#S)5
z{^^^#Gt_=`)H>b#Vt(^&-*2zIPd~`<C$KkubWM(aq88R&pJpLpo%UbCK-yu78n;7S
z;L7W3TGU$0ui#_`r2UH{Ja!~#JC2A5!FfgbN^dzU-n99MYf&{*QNJeGo(H;ahWE4X
znd&uWqiynBt77jr#BZ~#IqbIoO-NFn$95dB&>CGxH6Ci<@O<}Bu+_3qbANiZt+d2{
z)av~`l3X2^DNSrMj~u}+`n0YG?<>PlSD*x{DfasH$|LC`<M!ahBSCXfg}(tTPW%4_
zV8uiw{mV~+eGMBddY6+E9(h#!i$1RR3M&AJM_I}P+|^2J!;d~HxYQPFg7I9%X|d&D
zv!=7cFl|j6_2%XcStaSR&b0*+Mr$rYYVWQt-G=1JeY)({6d`fScUvfILpwz94wGH5
zOg~LWuX0r41cise#O11Jce5kYPZvIosr>Za>(KkrtQBoJS9y+s^qsrt*D`<>p^%o^
zoLjHBc}cP^@VE?`#@Id;TGZn!h*t|3ZOxtPQ3@Rob3bTFR2-KYi+fu7c!YaYC%pX2
zdi89P<J-N;{qg&}zUCSY`zw$xr};W?PePBGkeNRi5W|{1{hMGVf1;^FonrNyW2Ncd
zL@as9%&vM*Y?<Y^60p)aPa|LmW1c-oTCJ$T`qS6Q0nwLkRjH@Y`=LCxKgTtWsXk6E
zBYu1LbOb4n<lJ#d6N<5|jg2MBxkJTZ=*+PjyXKeAaRlH0`j&~JUd^p<=$wBcsG9!E
zcCY-zU4~nG?i{2iN_&WFjcs@#Ope!S-4Tj#3jH>f^9U%v%4GEYL3Z#NjKkqmw<D)_
zwfCuEdhBnUZM{!Ucp`DYrb2k?$AmTSMn$bTGT;N7MrYAps*%dOBMC*{azH@X8Ls|O
zZ8=h_O92oN@+%7#)JT`r0%WUfog@H;n;?PjynM-L7^_wlbWj)4C&><Yn7!eAYcbLw
z59wN@;B-}Qkl9mhA$A$vcp{w?l=(wRNL|o#GU+U<ne=oqzeUriO*je=Ejr)j^QddE
z@p;a<L)sOKx;PVF`q><W+2v}IBk>GLd6xT#6d>GUb;jhQZ7QEWaeo#bOpdnvXepFl
zozKR95OKLybUEVV;sOXm@&oH}$B#yoFJ8(!uNdX5Txy}NJtcB#(mp%79Kk%QGkf#C
zO^V&+H4og3Mu<{zdagXH&4FpAJrxTT#<_C3_$@6Y_*+4kdo<@l{a-j<@7H>UTV1r_
zq=J^|Cen(y<L!BdVI`De%dW#$?|7{vi#p&PfYnT`V_Gyzjpa+81cCWf%Mu<v$T5>R
z@^0;&Jk8oq?$@rLs`ZQ5Bwc)K_Eh&^fMD@MTnYu|;(qUj=?oSy-WrThR`l_T%-n96
z<8nM7(trN04mtY<QE_4NbUW`|F<*6Kr7i;;&>yxsobj4RRfe)k+N=2V)-Q{%tA~=%
zSR&SATsQgmOZY|q3ly}|{BNKj{THpfJ6EI>7}nM_9Xrk#@U$ag<%!nVJ;Ce~O~F-S
z$uk*+fY6iIsI3OrcMA*feu4dy+#8h6ce^DojIM>G8!^H^r9y40ZFJ_<Eb=;RC$jb1
ztqbb8O-9?YMkN7}QCxujaG$7aK0>-d$Zc&ty{yPd2D-&RW5@ru?U(j)V36%q>R(o{
zkpfWvZjYKhwYlTa4)J7_mSLz6Bg1nhhOE+tKKmtSsl)kO3(O2r#yJ$@wS&D3x(Ith
z3o{saAPq|9O_m<T5vQ=OXU^-o()lwySGsWtOhl|AM@i-2*yXrMX_O)^b~C&eXvo%#
zQa6H{`+(-M<Yb>5&w#2*6VqzmXjvK7d)TBJCDf2j&-V^qgF<~=g@31pgfH~}um=Sb
zZ167S4rGexwl|a<jCtdn!nHX!#=hd=k9^UvW>SGpkTKkOlKBv>X>K^lyvy=zNw6`Q
zA!;6GBy13pDI;F3RLTcdV(*x#J^J5dvkR>o;Ai0sCx3(@)o9XY3=0FTJz_`CUjO`I
z_N&fz_Jnlxj<$u60PnSM7=z1hcR{Uo0~De~nsL_a9Z3(UHNEY3eb=!}*!bwU3wch`
zW~{U`EHfV6_1eFcF<}j00E>UtWsyAB+bFeKVWc3(@%arww&oUGPbM04-5c#p+UfP=
zvYhx{uAxERa-`m(c{Gdx-!GYIM3p};)86y~TGHtP%(T2FtR8@vCS|By@?kp08sg26
zB1vkWc`9Cta>UKE{0N=BDEwt6zY9_z1f}vqSW-vxP9k5g9@yNMqfTVv(`|#f+zf>7
zQ^C0L64>Wc$E-@zt~eip&#<lqTT2@oD0n$Mr{|;Pq!0cUGA_z{-Gn8Xf&fz;=(Hab
z`WMwk`#6AddSTg0Z9djYg>fAKC;?rAdQL7-n(GRR4uOg{4YRLncwH%5rxx4cXjJd9
zJsD9uT77OQ7gSA9eKw|Hj_l{3xW4#$n#txC{11KY{@!o;S`Jj|$9SXVZwX?p+iwZt
z%oS`a4rcT4HdWV9;lW7Dy(8SZl^Rt@-fnRu?(mPutQGmR2hCT725GKW^OF%SBnB#-
zCtc%zA!<!ly94!ZF0O>$xK=BQTzUC%Ip&e0m#;s4O1oVhX8>j8Tbtxg2b7CbOllu`
zoOt2@W>|PAWooLx&@*OVY$53x7jXSydW4hn47W(YA6aMY*#PT|j(lZa?yw^{r<eN$
zT~oBHA=_NIFHjmJnyiYoW%?~!d{31z%xw}pxZ_<Ai*+o$bub(Ve~%+wwK=I(FA1L>
zYcH(?eV!fc%~<nZXLjk2wgsu-9~GI6Mv<*g9+5WrSY}FlV!&I%DM=uy?!hKO(>Aa`
zQH0=e-0a3BAG4&4MGCFWY>3JJ*UHJyy!MB<>kqYC&SiLAV=C`_>$t);&KHMj0#NoS
zm-ZisJxCe_dWr>or^ijV9hvWzyksfB*L(*%W9MyUNN6-FY5ozEk|rh0>hT<V-(_X(
zrnUJhJh-rjO4yV69TpBHNW2UD>KMB&F#f_DDKTXd10Ed%?G(jo$|QhmwDM)3u~Ju3
z!c10XjppV_lYXc+@T`2IFk>Gxk<Qy50^|$nXi??|uU;(h+wD`X(f8eF{}~SVIQY0H
zc$R#|yY7;QT5dKOfH73mzhai2srZ>I9&qq2ZJcZK`owP`IqfQZe2p*7c)i_deG>fe
z;w2*DJ?)(-)M0dnl+@8*g>fG|8Q(y+?^Oucl=9hLX^l9vm!Kp%<JQRigpCpif_L{{
zh7Y@NVA1QRkVvsDj!?yy?&!>z9hIb{sM#^YTy^Pj*%F-e9Ev|MUbKD>q8-?OsbRd%
zJwDRVa(|7F602{Dq}f@v#?1S!8SWQ1E02uN*XD!nT&aL=ha;6!5KXZu!bD_BKBSsZ
zpBqM1h3$9Ns#XB5dA;4JSu{kQ#Kq=pZLbauv?Z=))KAo(lU+q<)YR_F#M@B2tXN(x
z3}BZea`u0HGv0Kh3LUZ<N*hg`<Zij@H~)P3r2OLvbfFYNMxxpHiS3npB{gCmHZWhz
zNrUVRj}>hGaDpdo=kU4=Y%-3_mFhA^kmbxrnr}@foXH=2xUZ>`KI;q4+KVj;n>?*T
z#UIYCMz&;i=0Eu`!zfo~o)$Mc1M_YEpzFXFn_w;$!=jxMrcks}DQ4b!{{cR;M~LpL
zA3&V_FiUe=w8r_?tx9C7to(ex%w1LT?K=8a@)sromsBPwSf&S0Ndo#&Qpc3O3o<HW
zZ8Ab<B14oLl9VDebCO#Sbd(u6(i6m}995b@?cit-ST>9WS?BPC9y5wbZPFg=W%p?6
z__LaWD{6w&Oj1KKQXhoexL!}$@Tz5NT9-QOzY~WN*QGl4FV(anlR8$CMxSX-z)N|%
z*}>=uMVm5kk5DN)K0ql>FP4{nvvORKLe{)(P}m&o|GB4j{NcWXB#R)@&2CTi_DQ(4
ze!ZI6()Cf<OmyQ@-13W0T^~691kjl_V5(x76_h;^Zi%`4hI9OqDuu|TYD#pJlJB|2
z=ij)^=Z7&2XhHH9W(oM2^~{lH!Z>&o&eotj7dBBCt$dqI^3!-(=&~#u`kabn-6f6b
zTgJ(%P`tGGk}}E6J^NLl%7l>OxtKX8CKsd&%x*y!^xsp>-<c-|#^<!MyO7q$f(pX+
z3#b%EpACX>8I_ya+jLWtVjE=a&o&#s-!pVjH;sdU>X>q899nElN8f4pigtE-CbFcr
za&fj?hd13xe|6^%lNyJqM8>fWIA=aTY9+alSVGbsQhC2DI{|49#oeL>r(j~h0~|H+
zDPDf(3kqP(ZH2rG*tk0kRyJX`s`;&!D)}Scbdc4yDqV3Ef4-2l)H^E5w{9AN`I!uV
zPC10~WhWj1<rl4$#|bK8027i+JiG>du0FAUF2n6u6U?10%IKMb_Go5`w80Ge*gAIj
z+yCN9f(8!4XLut#5#TV#Km0hWO>Mosh`(cgIn3#$84IS^Wq|*3N4jo_QA=Ny9PrW(
zM;{5%Va1QiBGUti7_T5Gc6$sNx0XT)Ev_snO=|p$(uZc<b|0*)0A{Actw2WfKPfVY
z>3`H7$+G01wpH3OH$nS|;6<v`qZ^{p2IGE9D4>g+cK!GVuW;uVA6J8%p>dmKeiCI*
zzrhlFTAwg@3Tsr4S101IE0P26%0;35KLH3JDxTg|A?p}Tn%o?}RWYH#nH%@s<9)R?
zoX=#T#{_f<i}AvU7eYH!otYGjAK^j>C0h<_1a~!~+CX#d(-)aC{u3M~Yvurm-*bkJ
ze?2<TPS2DUI3bDf=sb?CHZ8%#*EcvO6eXF}Twjo0_W&`aa0Ak3wCQXj&cD_`T0O5<
zD?@3T{Xo*Z_A05<o|4X6(98qg5cWs+J6+sjcQtqSk?jc%%Vx|Q)<@me)$^ORJqb~s
z(3n4Izdpe+-6}gKP`b6b`W7UU{bzX&9(N|MU=D)T#^}B^cmyvSUgQ=(8j-1Wx78l)
zq}RVY@*Y#o+<jEB4MwwjmMQPFApTr>6wtX&SEoJ968oRS`b<ZAu!02ycHHxOb?@%)
z()%HZP;LQFGji2lnPE2Fm#8YD(L-uP>kyj+cNFZmX9ygcmF9D}@_xm@H|V7q_Cq$t
zdG_Z&*@PRPl#?=|t&p}V2E*Lx&!YK|^ic<cwOxawkHd$2)`_FJX7`X?&xClGxps-y
z*<9G$ObFWrE9N<}K~=!IO&32U@kYZgKNry|C_m552`IxA+=fi+>KP}$4<Xsb6tsB1
zyGEl|Oq_HU0Cx;5G#~Vvt#AH`%rY%HEGB{_CH+-4Z*C<Ya)=K3s^U-HSce1JJx?e~
zw8HdFJ-q0sovc9F3_H-JmB9LXpgO}xvg@I6pwmOwu`fOSiok`&&fPo&oeoZ>qldb2
zoiK9FcV3pV=>?_2G9B58zRqXS3hqJt+_;c%r{J_Q=Lw(beh`4nC(aNWHlclYL+6+y
zskfBXoQI(Ca!nQQeH>JhkacW!3wN@X-C_$R>hF$iKX;Qvj5;YXaqpR26r8;YQ@e}L
zbv{rxAB(}gN9xl-Z#mmOW6#RR)_=jn-l%>XS5bG4n$OBT+P?^-<AX3dl#lDU<wcw~
z==SJ1#=j%r<-;vySUt{xXY<-=J1HC53Uaixg$)XBC|`13ZuuA6mWgV!Iy?6My2UC+
zfxmPs17|9chlRQ(yjSzOUeV?BU?n6<X-8-kbyNzzgiX+I{G_byc#i}2&pJ6LZy?IG
zNeurK{!U(HFlof(%FzInc@7GC$zI3Lyjdi1Ij&P|tPu{(&8ndxy5@Q)A2R{sIyCnk
zhvtZc3&EL~$^{=_4KZS$u(XUiubm|@aYCul(FXT-^(PjcJ;>Kg`>UiXVR}uMpHj+$
zT5i8Ov#K*xo36w_E_Ls1np-%oSPV9zV0soXx|p6#C0#}jw|B(nr(e$Jcat}OeI;bL
z6q~f%Zp!e71E;y~R%E2iMP4{mn!jSol$8lZxAkjPa)QmF0aFD!-XJ8?I-Boy!Q?P-
z`P_n}vu-+7q{Kc(*o*VM<sgCo(Ja}!97T#N@csRDun{At7yv17{qXPnibkbKe|<-&
zcIA3@gVUzzZry}K^C|wXjD{iBtu&!br<>Qy`!m(FtLma8Fx9E_F=j*)%!_zxMb~Ym
z*!rkm?IIBHgu<2|$YP7fwkeo?@q3&vp5F3CyEJ^xWja_jbLygNw%HEb;A0~9t?q%9
zL@^E%lB6(tRX{rBbKSa}_E^F~?cA$WR5d*H^}CHmTQd1lT8dhNiy(_?DmW#xGBLkI
ze`yp1p4hUKl*;(b|Df7ci_v*?W@<iPsw{5$u;fQ)@d(T2M^1ucklDcej-^600$ys-
z!YTO`^W@SI<t>;poWNK|z1+dWB;C@gpsj7d5emuMo&-d5imII}mxdzpHg<J9ii-_?
z<0;P<)O9{ij{xUwO*MUwJ6f{e)`dB;cFXFi(;Q>z;dNf82Vt&YY=u6oplmCL->%A7
za>7x|VGk9mMYqdV!ty%h4pjTq@#jhM5?m(vJhP~(oX9(b^s=u#h3Kk&UY0(>V3UhK
zXb;J7FqY|O>A|gm&L(~}f@j5ZJ-e*;#fgw6IGvTjv54#&he*kJzUZOm)N<7mSsEZz
z@=etBoq4)r%pcuQcCYf9Odmi^H?E*tw+8IWth${A26~XU23t-B<D{o2@odd^hJ;a$
zmB$g2swl)Gr_r*7<XVd!BN>8&YcG7wNKCswBvQ$^+VwO8#Qd$R>aIzu-^UKEP_)g2
z@0g0j*<y7IOFS=rE?2>MR&;Z&{CF*{`Ruk2rxUlP`bCSoCx3l)i?LE;n>w^oP;wP?
zn<6#=rPWTnK4XM=T{%0BHLbrnUWH}Pb%m;82?)<cAH(?XRX#`pwt$n+P)9(|+{MCk
zPzWGoUcdNA>eZZ#1jtRytP&j$<+=bORK!WK825lj^Hag&Xo=z(h~FFUI(0hkrG;3)
z9R;>3sBG+mb~S7vJa17^QEenD1(Dm>`Dk(KsFCqB<hir6trsT;JkB(ASkfwrp?gcd
zE;pca@!o1ghv}r}s`0wTaJy*g^g@Jp)66`3v)bWXHPBZ~{2R&PcKA!`6!*u>y77mx
znnHFbLs`8~1*&%Dox1!AjQq|!3hGyLi#8hl8GY;B!V_i2_(s;{ujX%bTilJ8o)sPO
z$#IUXVM$y;Le<^C1!K^~90zutY%9U9haZxKt+Z@pH+4p2l9L;kzRj*Qa!J%G-zz$f
z6h@YY@xH8e^$C)Lk3&GEhhD;UT2ZdRt`8g?ZU!MFXg3QoWf9GUjkS#Z7nsdczsBgA
z=-xN0IEFCumG9bQAqkx~JCp~7UOAcydxU!qKaT>poJ^_b93kVJCf6aWFO~LedzEo2
zYQ=dtc<W63#cEVG>-FSagZKitqtfOhd0h1Nb@7`G>H0k~X^gU~ODEj5W#tArQ|zC@
zKwcf%O0fyhMwuTEyY|>P!v)g4+<lVB^~lbwT}rn3IDuvssEj`IC*}222&%ykvs5N7
zzjW_t??`zt>YogG;x}JPgeIq)^f4e1re57JvJAeb^lA99KCq}HE{Q#_e#=Cg;rqWY
z#oqqykI=Ta#X=nIQv2HNZL!&s&9}{&&}}c{7wdoh#s5}H{H+S^>K2euy`QsDH50bq
z%i89Phqr;(DIF@`iYiR7k2=%<EqhH@jH>)%t_COPqss=MGsVmrDR1=mLh{2V958?E
zUw$mDeC%*l`p~W@J88EI6!>+U8FVA7Q(?jQv-eV+)r&*lXYSRCt;tQSV6quM<1#mQ
z>3N)kIxHsd&3p)ZYnvZzpYqTm%UT`Z<458A9%$q8bjx)6%KpXz40*A~%?aFQLA!yk
zo}#58rqY;LwWDQkKetfSB4wPG&#+@+;x9>4GBQ^T0>>c|E;F8hN5bfq(}NjfmYfXn
z2jqJ%q?}RNF0L-gl9egVhuzMH`6GruM;hJu2VPq4WWUI%F8*%Hw+-}Xv8-QlKOH7m
zO?@Q1Cv(&7j?W=Er})iw5D{4Uo{P)TblMcrb=`GFx9@ab(YpR-FO0oTIRxmi$iO5i
z)M}#!KJ_Iyo-h7}B8Ykll6E}_JXAD~;S=_ro^YAj%DsZH7rjg7!o}bw@#GG!fAt=1
zXd-QJOz7Oae0ooEh^5}mJBPHX-nFP+BlDo@SHK}SU;tqvNoA{nQ1h+kJ{{P?O=$^!
zl$&3FXXLc9;;01+#>pb+xM5K{2`(8mO0S*~$*9gQ+cACXBCAq9Brfz?v&yBF!{f(9
zG5e3@{uy|xaQw?Wo9F%=w~IjAHyr(Zj_2)yxCStqnwJ(aO^4rmw<kIzn;(&wkI%o6
z`&ARtxV&?H&OR*F8_gZ)5qUg*o?Hf4TQG<0vRj>(*M0M-2Hz^!9z&J+TtTWDE|+zc
z9|J^NWp~C9bSh9{kVyHAg{I8Tg1~CWW4YZpb`Kh^>FDJmX5`u@H$^$p-Kf?%Q5{Ra
z^oruns$_M9elhq|bG$yuFq%wD*AfvIB6f5MZ}Ncre9J9MsZZ2=J$mERC78w<ZCf^i
ze>z#%I96g@WDPlKNDSnfJC^J0x50WxN2;{1!(<c-4ci(kPCkzz_a=zlXQ`HVoKdOP
z*0#N3`gINOBS?-irdiw(t}=dO?}x4^xO=YiY;u=5`{d{{tt`NTymDf98xFE~50b2X
zkPA1z^BVz5c9-EBJ(&cWL)R2ev+m|WEe3W~RI#_b^v#VOlG!+Jbmt4jd11`u4o!ga
z0W*3|S7xWdR#S^*hs#{cKRi!{ZJJRqR#iYysM=I5_oSziD>GLu*@HkCx`br^&|ORo
zbK(o1etl-zj%7Cw<6~px+#dU`eo-3t#wuKyoGdDyB1&B~7V_~@#cH6%d!Z%Tx;rO!
z?)roIz-69x@q<#z7M`M=ObgYOr4zo|R%2F7h1m~4(#bU?`J)Z(uusRi>*K&-q>|HQ
z-Ykh2Tq?4o84<$MwC0!b{n8gQ-Xqb5<bMvz<J_9S=A{0C_0TRhlN}r_BRu(V2&;&5
z{NoJB4Og6xtNv@*+U*}PAiZ(owLwSfo+6mE{93HMLydKtQ<p6N!}pT!W$TPQOs{OJ
zzIP;6DQ$K>9BjXVOSz1GVpx`pccOWv=5$QOaAOHGG(Vs8pPxD2$#z!`cfn={cbsZ)
z)KxJ=0>clj%GB<m#D#wRYD!Kp%>V9^oLezl1?6mdwWj~1a=xSa&T52%Nvs!ADp?Io
zkc6dumeJa>cQp%b!Nj`|{*bs|{NxXPgcegjt!WO=?T$@;Q$}Dpz;dfOxLFKjDn<m{
zS3bI=jV>N^Q<}^Aj?;6mse>UCj+MejQbSGaU)E@?QPb2P_qwphond(G;f*7>tG!p5
zjl6UwzPY0xL+d5=)l*X~#ua#3CZi$%n~IHMrIuI{EvRt0+sqYxpDN~BS5nl^Fhzlv
zI1N`1*<;k)a1K{`)E@LSk~=dg@AClHsRXICq=s?FOK2HYV!0_KI#Sk7)P%cW@M!0r
zwyrrRO<%Xxi1x(#yZ@WSuajis$(mJK0%Sr<SsFG)Nkj|ufvXkGYuT1+xEl0z%AaaJ
zH8g%{p|UP~)AP;X_^NK~G-h2`{VPkWE7J?5vKobbX$CE`)-iTf7<@$IG!{;f!-6R*
zIfPWtV^VIEPs=;0^MJ3ZwU*C+RE=KCl~*rYvCoqwT^Kb_C`4kiDld*$6F9~t$~EAD
zBY)-wV^MtLZatOtf;CffZQ|KsPG~(j#;ubb)(%ykvog2}bD}tcOXLlpio>#722*<W
zY7ygvG&Hi+5meGBhl1gq-{OKP!8cgw{v4r9kLHwjZfdo3q>~;}px(8g*y_|<PA>s`
zq7N)ZAs52P^-oYgd$EzI!^`Oq&}4oAg9ZFW0*!8n&bj{`L;nHNc}e>FT@O5y%NyVC
z<?rY7r|c3uqt!dMN=D5V`cy1G=U0pNtg^Vu3qFq7(O*zp_HR`GXf~b|-)f7P*vKd8
zTo_S39<30(BB<<hQB^LxT+cg=b*n{MxK@l`%QMII=7oHe#nIYxwI?9uJ)WFg`P|q~
zz8sqx0`U^CnE$KD#+6R_jOSJ(o)o@+-=Y!0dGNA-r^Jn@bYk4&<k@IPgDOQST`g$S
zq9x;v8gr#3$sk`*PP7!{Rah*O!WETWZ_0CaG?)V8Hrca}7E}+(%6cD{37SJ%rPXV&
zcr=_hvr$llX4Z}Al$Z^^qg3yneBOLi<3URQnx=&#Rpj*;*4p3$)R~YaqJc5VZNyh!
zaXL)G(f60Pa8Z%eSspiX4LR%elYH1SF@-QL#gP2jO4gVp4U5!=Uct={@a3)1m=t|}
zP|J9eRMDyxB|TV(_+{hPupJfZ_*(TSwi5fya*p&Wm{)PWXN-MdFFfx)NIEj2=<fo+
zZYNDF{eVO2evJxprnQ~O<sr6A#C8;Qs{1!>|6g*Wj{#ah?u9lf5qie`<ny(l&lOv4
zoFj5J3Mzb3gQ2q<%nZkPj-bq;jg^cO1Xmeli0zGQv)KR4?Z=%b->t(I9V+xO^K)R2
zi8Im=O_bmJF95&!!546UqVf9#&Bi0uEarjHtzz&djQnK1n*KC&-?IuTyGaSbm0UR8
zz09%60LNHtS5vXKG`f#Fjgit{Oid@&n81X{y854t73znVG+0EtzIN)s&SkmV6p5di
zYJ=q`&y_vjI57p-x%w=e4_D^Jg|xh-45%7hzF6{@d0bzmDLusrZP&YUXm?Oq2UigS
zF#WP4UCR_G4C4><VIh3yQ_$hO$=<sy`;>FZ$h*6XRvr(xp8N~l1KZ|r=)TdnQmOuA
z?IpC5;fCL6cIRX&Vnj;9MN!JkNFt^{3O@9xpgroxNY*=Y_mt76C7Dld5Xh=!+tT;6
ze`EAMqmN5e9U!TiotsLXh1|7W8b&V}nm=I0<(7>*Y-BoUA6pQ??KO3&39et<OKw8+
zm1f%VHl?X^FI=!lYx#&6UYiWjw8h^>Te)h{&p2WN?^|_|;p)}8Na*K$VYPLJoOdLJ
za9`I6X>y7Q&dDk|Fidc>;^bhzzg`W0NVrAOu582^#Xj&4^52uSHwv8Ev|0i`o27@d
z%ZMd|iGfHVMmZ-?p#8mb@x|CA@w08gfEOqvGO!iLdshY~V7gFT2!4{C0~1A_gSW8h
z`)+yJgSB_pus|k^*H2A=12UmC*rW2Z+vo!vf?CN&wHVEQRRHDhM|8ioLc8yo3Vh~*
zw%;=Bz_oT6GMr#ITqLWoExl_IRPg>Gof2fc3EF#Q1lAfKVQZ)wC{Zja<XS86>be*;
zim29bH$Mxjyj<h<h`w9s#P5Ci<zuTEAToxT2~)lEN6Y>|;(8;mhC6=jYRj(#FJuSk
zK)AN<he*?%_zX`1*ah?c%<uAop~H^8uqU|*xODTa8_>>ypzMZi;0J?3^99bqR>|5~
zAL(nfdD5o*d?Md*Jkzx4s=yY(qkDgM8>A&a6P-5ibg+Go`g`V*!AV%z+7X8~3L#@R
z@Ai6G+qa^@!Zgl?kiLDRtf;krJpWgmjdY_d5*o+zaU=-`<(TZe!fH)6lB)sm4WQug
z;BS8b7a!NzO7v;dUh6EbJ_7PVo7w<<4~Z2v@kS9g@1dPSTop2jdEP^p)N{Dv;W#gw
z|8poUa!(0A|FDv`KQSC|Em%7)CS^b$j>G5K8^W_@=4_H#?t`zVuT2-iJcP;fCnx)v
zLNfcF1xbs8Kw^#8GMS`Ptr>4k7bt$GVE%dSq-ZHv`sQ8Bb4Wx(*5-Zx2o7P4%}}l2
zJkC~qc7w9p&WKnwOAd7UFqrApx}1&HhoTfgLhF2yR`T|!C^9mi(|$=H!##EZhdf5h
za1+0XBykyZSlSrEb6*j64)xv62GL(5(@lG0%ldcfIX~28L&!5Fwa}w429xqjM}wqz
ze5tBjs+1cOP>0a<5Vzl6fx1m|$^Z#i|53$jbZ5)D9!!184hR*I4!`cI{*Z?q{@3|x
zx>a4b?WA7kCwYGluIxo1y11`IK0RMt02y??Cc2%(%YG^@qWQAfN{AfnEIMJk73m4(
z9gIvst6#LKK04p5RBw==;Bg^p$n7<z22OG08AVN@De+(rmG=wO)<abTv<MNgAjmJk
zPZB1ucq5L8nc#q~ZTYpK3_HF+f<IZz<x9uJ0vdIgk&v1(dZ{Ip<-j3B{W_NC5^8uR
z;{^h0J!=k|*5a~dxx9Su#!Uh0G<j%Z82V*72lsuio|8N4#NK0H60J*>gfxrKa?}R%
zUV(0sl^f$QMWzO^OBj)$WiEQ{E|gjURW*6xJ6WBiX3Od47_}v~Al28PGfT*X$q6#o
zzQ4u@*nKt!o!g_kg|cWaF5JoOD5rW#BpeIdaH+ZMhFQ~FQ9Yx(k6%0cV!GN4LGjll
zP?3WDTEs+)phpMIZJWnS2Wm7|AwO?)S4eQgV)h%K85rJsAFSo(6BO|3u=nHZ>hO&j
z9c??1;i){NALwRa!S1SlAHCy<rjLkO{kgnvownJ)kBRC42AH2zHNIx3Dap$(Fj0~|
zM)<_RPmec}BV|JRFaFRk`fvWM9$Q<3sT+PN+BfxYjU^2j3IgZ(TeKDU_qp5WzpgO<
z_-l9OgHe+Nsx|VN_{>;rartD@C)!TfojY?+>f=@~X<U(l5e*I7jdfa{Tg@TMM4~=;
zE$pREk|Z(iTFB*=J`a+W1U@X*GUA4>o)O;I?|k^?Ptvnj7G~bqWnb$5SYD<nEo#lk
z@-~!0DdvCv#0^ABvtkw=+BWlS@pIeisJu0=y9o57eB;kur!#O_vWKpafZdN@gj*?U
znO;N;&D-6_Sw}m+x}VVJIC}J4t#Zm;B5c1^f!Q5iub?u;!i(3}?>`)G$XAfJS-r@@
ziFN5GSCEHNQ&3XKY~hLCx!pvlcZ{(=Yl<G>ck5Wvhfk^tujDT2X~A(}d3UZJY67{l
z4qH^Tl1ymj!JctwX9Y=X^yI*p5lN1TA<4Cki9W3Np2Na{y>1wSQf6x}qVcXXQ`?rB
z^{OfQfpgcH`B{!Zp@hTyKpB(qiDL{HWurEICK~Vb^nk~6)a=o}aQ_;Hlo@!mo$ayb
z@qDaKFs@guqzk;4iWCg8%~@PXxa}W8uoU@7uvzExHsFELeCPLx@b+O;0opbp5=H!K
zUDvlxBfu!3%jD$gl6`s19c+S}X62cCimNA{b_|wO_)iO?jP)HhL=jR<l3@!+OKp8=
zvK{MHcD?i+&Q&E}R29nPZZ)D@y{5~W&845;767zZTL~nvKZK$6ooJxDEf+CQ9UHgJ
z`)sJA(gQcf<ABZVmRSo48-362oO@Y{MK~i^{u_KgTVDic^nt>tX$qc*O3W$=ajZ7i
z`>dhO6CH$3lV-a4<9GUi^B~1=6`gQwy$h^h_G5Lr09{YASIL{88rCj|qR|*%tA!j?
z^$F|a)EF%0<`1$(+XNZ#Ms7VriI~oMk&6!G_hZ_3W|(9trH1eU*Y$CV+;<q5VL<p%
zf?oas*+#y2R7tbdvy^O0&Dvsz^w06;pK&tm^YCbmMnoNXURDpU;xx+aGTn`+z1e?Q
za#g!3p&NUzR^oyCa`&d-oTjYn9*ka@5H|*eCnOCD#O3ra;5)nSWQjVRaUiR<`PPSR
zU|nrLwiuP<C#kKG0=asZ`K2!gUn?l5oc#J=Hu?H<%^{w(;Kj~~Xn}2Ba=-i(ZLzob
z;WZ0YNH=pOl;B_qFgfib)s!TtIXan{USZ1tE7SFX()1Bz)kn%nYRw+4n;26R?EVX<
zN=rUg1C`xeh&qwBx9O+Bdmn=_(at)cFtc#aCnU)=xccIgJ(3zlXa>ujQ*=cd9#<;7
zMuy?PcBP+c*}>~ZC9mq{@T9FhZG3$g+5p)y+A1y7LljTXZYOoiGu6X;C7-4>cTxlD
zgjanU$M6KL@TBR>wL0ft$^8R0M6@x|i(C#(A-(GQ12S5E&t6}9sQHNjErlS>AG#Xf
zN^LqQ<x@TxC!}V?eHfBj+YQtMB;1!5^Dd_f>Q6N^dewQ}w&ei&xj2qlv{DkrZFd$0
z{7H++kq2ueN<{7vMrqGD_GE-v&dwXpF*LJ0Tx%*9cRx4AP^<*x3%NxZr)pg2Ssm$Y
zXO4+O5mK8ux(=cB$T68?T@USPtqJ?v9@R_X?3sLtgTY|>7FrX}oTE@X`t?%x7u=hr
zM6MTe8cX~9H7$uyVQo9H@EZoyk%z-y7=mJRn#D|K`n8GU)&Ab@rhHJHSGys*pCo=)
z1o~%q@?l$7$jeQ7r>6=`C{JX37SmJSDucB~!yjXn-}7T`3JKLpe$r!t0ji~*?>F@O
z*Rw?khME7UoMEmbK6&;6U`juGgV=S_LLD`q957zcUtoAxKg4^<SgS$97|JBPoh{H%
z;52)DDuC$Mxzt5vzB|>55}@miPAGYGy<>~DO8+$NY|Wh7e>Xbja_pnaAO>~N150J)
zOhMZTVFCtv34~xaw^0Yw*=o{iRH*zIGXHuxG=VQ}c-NZ8n31U`xbm!tpP2<xpgGF)
zj`EX-;aOQDUQ@Ms!yCpK4650xWz+A^xFNf$<@7%yJ+4hxM|heeIfCP7T3?*v&Aq8|
z-!rLSZM9`jzhX}}?j;8B&|c4$zTdXz|9yEA<3;N422=9(2;_5*3RmbVXqMlwyC7CQ
zl)HEaZ424pi2|;l=89>)?@stl&z23FNn8Y8fq**XSKDG3V4iW+0QJalU+yP*$WX7w
z*)~)kUK$m*4IuiQ(4nn0MJ`iarKH<Qt?4c|%1MCEWp$s9CoMNgFuw4Pkzm%E?l?FX
z!(v6E@i*L`-{Ihu>Sld>W*fTDpJ375+(S!Avp@d=_x=98UbQo+eEz3S_zHK_QH9b6
zf51mM!bBS5X%#oIZA<aTT}E^<*j;-QMl;Vwa@5{S$tZiTh3{?JKl7kxElDtS>QYxc
zLKW<Igy+Oe&6T&fuZwh|W(KXn!IjM0TB`)Vq5a*vC$IU$Bm(<Ou{A*evacq73LCMV
zb9#^#80;j(#aYvs#<V`5v2wol+DWSjLF13-6#1>$b40*nY5G_x=lRsSFaIsp*8F=u
zeF4pHL#-|>h27?;_F3W_1M!BiW}2V$DftuLP6l|g4tt`13P)~?{`dk^du3VndGDL>
z!42s2yY$M%Pe;c$2U-Tn*^e!{loZ`B)d#u_y9RgqFMd(c!mPszOMW?n)suh{U`rHY
z?ts4}G9<27wm^DRkrZ)Yd(n3aVK_7A8zAA|d--g^=E&O1qf2W{&}?;vNOfc$m)g+k
zsleXejH_!o&?0xyb~rl8m8Usx)F}dsX|9KbM~m7ZC)!a^l6-XUUT&5aq_Lybwj!Dk
zereEV&LN}~0VFrzlkx;~#s~-g=eC~_;eln@C4U_~*y{yR5KMt7dIea+p{vpOrDymr
zU71#6Hm6jd4vI>9YjV1}Ec=~*9_%c*Dg_gJ8oI2i%tgqP#*lc8>-4*Guj~@Z%N!qV
z53_KzySRtat{U;$=qj?7F#mLu5o**{<J_ZO^!=m-dCRsmavLq=9|0sSk$vn=bMSs_
zWdg|puWqIN$HQrqt+BGO(DeAU+K*Nx-BhdT+imtI5BFjAmMYmTcJLtu9n-uoA*!g6
z=sB6ydt5i*zyc@a+O7+nO-?<@ph3URL!v={T!nX#oD`@v+Kfbdjr|uCZxvcpQ^M=5
zqDq;6;|rSPV`I$5x!^^)whVQ|;=Vg0zEiaP@IGFvMzR34PK|Q#xp<o-aDIB+mLmP1
zpDXb0gr7Ig-x{1z7j#fLK5Z!5<#jQfXvun4r~TSo0M(G_=CRt{_4LVXe+@Tc{kSIQ
zNOj>C;X*3+d%l}xc9e2#3I|c@&C(gawZ`-PV9l(EqQJzj`riJ$T5cA_3XVdm7L0gX
zmmi6{Bs{VjIBGjzt0LyUiN=+MEm%!!JsYXW!o4u3<I~>Hl$lw2KuJrfe2GBTn)LWC
zU*B?hQlQMv=Ez7A&LY!5|Gh$N##EbHk9P5B+d|b}8GR&wVL)*0$zi2pp$w*b^QlZN
zky*m*o}Y@W7;)v9gum{;at`y@8;?)Z*(=OYx$YgHTy6Xu!G2btm2tfqisu&G-|_8N
z)M|uE+HCyti-GHC+PBB4xQTI12#ZFC3Wt-;ZzTa*Zrv~^<20BBIN>UxTEe^c`Ps7f
z(PK+<WF1qp0&5*xLy}g#QYcu**4<|L7cSQ~SrUoHkwH{r_R^<{@738r(?5A2%XZC_
z&_RFyHWN&EcoJPRb<ft_4JxW%bx7qBy$fou%`=m+@yw&<ral;ePW@ch46Sm{QXTnd
zzf{~6{dK&SJ}>FGV7IGJ0US8sbsgi~!PPojCUEl&(`X#}K6_r{qr)e>a~0!e!DB)M
zt=^hmT(|%W0AW38xIC38n=$)f?ZQ%_;yD8zLQbZ#CQZ+7pbo^1%-LE`r{_h<KYzJ3
z6H}WR`1FU{l~kKChj#S~Af0B}Gy{50{Ew~wk*OT!uOE_Om1O%K%98mOuS%rHN81Lt
z=ZcckLK9JW)hK_t)nugQ&1p7$+Fq@M#ty@rmy=p&g*!cy==iG<tg?tfmc1<PSZS?C
z$q@rT-hn`hL9Csu$RFSF_B~_mj#LInX1I{yj>Gi1kX77ar?HgR-=t|5Ja7A*DNz(2
zpHwNaSLKw3?@DWN>+K0|X<jlu%;ekeoEk*Qcjo1_4Dg?J3`BRxU>je*SlHw@M;`Er
zK-Y)P_5vBpex1_a9E`>4bOHY=<``%QC-Z!Q(ZZH0g?G5$vJ`4rstNnFeIuEpTJ;KD
zW-QX?gsJ-dD9fWakiqreGh=1d=Iya0JYjZp7TIpvuhm1|z&fCQR>~*jl9Oi}lj`si
zH7fn1X49c~WapLMK+8slVI@e5>b=&ZS-Wjqn~b?Mxn_E&U;Ih^`V%`sFHi-C{b`h!
z`yS2#pukaFHFgKhDWyrP_gfp3w^j?D;4UlAm(NxRRb*7PP~Q(8ab&J!z^8FPFxk65
zIZ`;6-anYuFLf<Dz<J}eCbT(dJ8DnByVSaDUC!_e6N4Mz{A^(nsQ%C81X>yU-8KEv
zz}PQV&BazW5|ZFrWlL|X9x|uYuSe@$IIhhEf09_YQWZG2i=Bxx70;7Lx2x}PQTQm9
z1(T!aJAcW5=bibDJM7Fr7oOzPdIsZ-ub?E7CT_kyp_aRvF|Yc|t#apzS||z=aHp~I
z*~ftl&BZ~+th%ZIu|Ki>eoOhv!03$ypAlbc693tE_8-PGU!|$N{{^ahH#Zj5X~Y*n
zQDJ2$ucXWwjdwYzK9)MK^41a{@Q7is#Zlm=W|5>svg4<Nr>ok3fRXQVfH1_Q4s#-H
zy-kaTVYuU)U&a*4j*fG5?s7B?J#E0+CD3DLVCCu{5hb5hB$+P29}OEB%PtMgEpXV#
z#jTMqE@X$@6u)F+WGE@le}h+NVH$vf%9j=0r_EW@e~;(Q|IWwph~qB=e)(^}LgC{V
zG&J)cZr}ND6~23c6f@c<_0Q$14e&M{7yX8Vo_zm}F)aQ@xLU?u5dVkgdic*!<{68B
zI=OzM3<tmO=@4@QbYseYBI5t~<xh&(I0OHXn*W{JsskII=1ZPGq;7xz_wK(97UTYC
zu=w|LX5i#vd7O-vCI35>EkJ*SEg6u(AE@eo&n+=9HN^Mi&|~|bV;lkiQHUJ6ivRQ+
zFojjay+e;i!TfvPKYd~Ys?C>5QR@HcIbi5l<ogBP^XlJajr)Bn|G#$GF_}&NxNPT=
zi(MWGSFEHnJh#h;S7{W=!gnag<rlhtm8#uY&71G#(WMrjT;yMNbvj}6X(g{8$=_9j
z*Gn$se-?CLd1*I(KUJng*hJ{D>05{aRpFz1=r^*1jJDM;Cbbkoi*FY3sf8XTek}<c
zB`~<ED_)%s?WyvoH%X4(I%U|8TZdl4GFMItzTCWjOJhZrkLy@wcxEx4MU8!_9dJ@m
z@m$I4YTF7r_i)bMg3p8X+QF)Uw8Y|rrO;4ADt8q+8MNpb07ezpsu@m&aFWlwxMr!%
zo-cF&54{ZDwVE*9DprH{e+dD-W|+xtExEJmFn+w3%1^fTb5kR2!=%}BzEL+(lgVVT
zqjdlTN{5B{kC&DFvD<pxJxmP#I6*FLwX9QZ9VJ_ao0AHV89f(yzfsPDxL_0V=Vi`o
zA&6a}<K{$OZptHJDNdNx_-R9Air?2$*{`n53<FxVYu<6veQuo9-B+k9$PH?5UiWNR
zg$(OooJy=jfxNrEfV6tR1^}v322(W9cF;CeeAC}ZRMjPCGph>KaN|w<;Zk6T>aEch
z?(hOj1#@u!(qz#ap({BHWFmhh{Hq(>*HKD?oG9Tu?@9*rWRjb`RolzSx+pmZMVi#%
zpjQjom%oDbW?aIjjB001Z)3Dx(~sR<&cj9D7t^2MkOB<UaYmH+6W5b=iM$@jPMp4`
z9b?%3tQG}1iFtiN>i+_$;Qx?NyQHMfXjHUg;Y&e5=4JvJN0}-PkJjYRmL@rDY=0?<
z1#IUDPn=yFK@!Mdb`h<%Zuf~)MVXS+{>G~Q0<n)c1P*O)V-_<u>P>K|TEQ7;s{JPr
zkt;!w`)rR%;z((^L*?KV7ADOjS^dSKM5<)lwob`&WMVOj)g^NlKzD6>Pn$rlYKSn(
zVPr8UtJEy9B?1P8cJ}(R-PU&Z@W4+b{nJLWhkF8wKUMGa8_&fWmvLG%?hh-5{*jjo
z#nsWSC;S%gc2nG+RD#(jufe<Eez8_5Jn&U5y@9Zc@yl6W;-j2hBY#q>@Qfq-L@r(}
z^H#kjABN7st`Edho%ft=zWdM{--iv##gbUg)NxYx%4x}xKSIrZ_jy0_!qVvavkBxf
zuTu4kD)4cL-JHyH3y!O}t!~!Bx*^hMd9v|ILM08JCbeB(<0_gUnhB4ndCg?3k(X($
z9@mC0&x3`WLei?}*}Da@)gq&)0xKzNRdoL$!H!6Q%DzJ%I<mu8sM2r`wph}l2p;|6
z%a%)b`fh4OxzwR#mZX5Fb6+`}vY_~l_x?!c^h&8m)M*YP@{;gF{McCyqDj5D=4{x*
zf}cGlQd7rOuRU?U&y8C_XXp<gS@$&mMY6c8`I!b1g{(^q_f!i}r-wWFE`vsEy-d;|
zL&kp4DC_)YJdpn8m{2y@>}`W1ia>bTKh#;a98N#n&zx<ND!t3V*Mgcbi3ZF+1`&y@
z%bkpnyo=3Tit0JVuMU&ZZbX^ZmK^nJ{1jBWk)8-@x(xKg<}((~eTq3{tF$;fFzAS=
zM9$p;M!;#hJlkE*MAZ#yu<+G&@q#ZnS$c5JF!ruzd(}R##)WX%v~3e&3*=st3NjYT
zPq$-Obj=fxu$H9Q^M^&f=3yDBLyo&`u7@`xOJ>(v4u`=-%FR!_lRt1sjM`5(=uJP-
z5>Y&mKwduII=@HE*5@qK9M9{zF>LfORl{-rH_r7&47oHmYkRTP1!W3jSXEkS2j1st
zAE?Dbx%y=3&9P!i9P*b_Pd!3XaNud^H-g$%R=$yPL^OI}@mg#*2#Lp;!m8umd{$39
z3&LyqtfdKF?hH_7Wf<s%NB}(lKddlVgfP2CC6Y@5yGGC|I*$AFr^ZddQLmFncy`S5
zWiA13%UUz4$qTmq_`^=wl<ASZ(WtxdaJl%`ngL%H*^5A}CL}U>gQ@dZn!M@sHamWc
zfP1T9J>(9oNRhCAoM@!9xHAa3lZDebSO7hd={f@sN_ck;0kmD!Q6gHcHg7ja3J~dI
zLgss?*?IXX%?Zd8fGT>VD!v~dRB_Y9xoK!ecV=MgYSmE9DGm@_SBC=x3*_fYefGxL
z%vZ{RjJ}Ue=}KmAiqmO6-LKkxVs&SVl$kmv>QkuvfE1~FR$}>HImk=THKY2vl9~NV
zRMrwcy(LT$wO~nydD$iTmAcsX@Zw1k#6wP61byRcQ^S;)nIP$@nAbl1I#-${wl36A
z>g|GO=`cTRpeE=_m?3&0*!VRv!(7{X>Hli)%;TZl_c$I=**g-)Iz-97gb|K4$r{sT
z>`PPGcSd69<i?4tXC%fl$ToH}gON3b>{$vkl)VvI$Ijfrx#!&T;@&^+Up;?6%j@+#
zzvuV;eLuhV_w&tnw}F}U+!`KQP5va9*Z{l>>We7dMJjBdh>2*Z!>bw?3bR{D#ie1<
zlaB-YD_&8LuKjJO%!kY=a0tqtON2UM4_cu8IvxO11aC#}uiF4-%nD38Gqz|ISdjk-
zzLr!><UZ(5tpkLyd1<XooOPkp%V_L)-?{XPg=n6#pFC}$mlS9LKt#RErW2gw%CdeI
z%1tqw!BRbxI~GT&Xm*A8$swbgdm8s)IjT1u^RME}?~=eKW0iJqFZz-P7kOS(M0Cf5
z>%?Vmi^ia3YQzia%7)XB0+8Q$6bQO6mbZ0R*L)UrDtZ_u-(^QaDU7UZ62UT@Ljej(
z@G&uSV7o-&T_1URw719icoGs5VVQ3+F6J~F`Ua2WM2H`RTXYIc2|H_kj2}&2Go_C&
zg%mSawRFAsmfE9gdADG1vVJY2lS9LIU{6wfLvgwIlztTKo37mP&xNF-?h8tunylEG
z@)-`Ct~sP%Cq$J`r%F}YjyRc?kN*T;mU}2<7FLm3uN1K2m3DuX3RkT}{?gixC`GMi
zr5gZ?5U5>vJ(X{=&m9*1ypO_4Fb)BO796dknB;~rMtKcu<y53Vlr;|3ei_;kda&Vw
z+L`RRAuMrc%!Q=e4W9I^m;J<O{xjZ@u;kz!wv&%Il}|Odhw1z<DswAnMYI)`T?~A0
zsxKdZ`}s$=F{%4eOjhV_##o@IWbnRyR;p7B&lPuE<2abImJXS|tav=lpzHw_?D^~)
zy}gN$4M=?Yna8V?M3)V>^YxKadBQUQ_I8UHa_$_;jIY%08!T%QobcFk{UkpF_Dl>}
zHd%hPX-r|_1t4G9xh8sJaq1A=7}|3X(q&vi_h^x`{k<mw*w4BC0F_k8-h)C4@ybKI
z{aakDnJQ;q05GM%x2Kh##bTS{t}gPRpP_m^^pfeOeoN-;WRPCe<JEPTK-Gw}|34{~
zsUfUo!OgpD8D%F0Sr7W)y&C7lEaKOXO>4|0jZ6C*k-vNDI;QXiaWMCpnc|DR2P@@g
zp(xa8QiHU-uOb(p1~aixvGTMWy@)f>jdb69el*m!N-tz~=;?%>gHeORJ;qsvt|00m
zsAo-uIPgWcJXJfQQg8kxFJkb8lNN;acL-}?`wD|mMtj$Az!E-bMWSG+0-s^fWkH5V
zVKG<@m!4X#u)f-8%w4521^9FkKHr^JHQjdPCY-NBG@TD%i4nW=2x7%;(l6HSfTq?L
zGzz{<Nv6OFZ%;_JxP*-3lFKdW&P$VxR#ClN(IDdsvTjS#j)hmFFHVE{B-FW!K4Q2v
zn+4mbU>93G9!g3zhmVe!-AhjRpd6c)c45#sdZBNO`cmIdOPcj7B@#cCa4cxT!LEtv
zoe~*y^Wd$|yw?^~_<03n#&a>=+BkSC+sGIG4+=tA0ngWf9$B{vwwHU?yP9RE+Bi1Y
z;W{-L)0A+WJ3iox0RY9Ui>`|ej%<!6Z<3WnX0dtC0S;r&km)T159C2z9zTEA30s#e
zG}gt1;$4POL!crWdcbv+fnY8kRh(8dv1ohhCL*Is?BYhAI9<wyb#LudvEA!)gvN7y
z9i>y*zk0*3@&!|>nD8U?9hLM<oLUsN)zqd?<50(|uchdCX8q39EkzQH9sRz=D3Ltc
zAXyN+|9slbf212-n^Xh(7rIYZequ2+$4KevzP>&a%qz$cg^qxDv9?>pQ=B{SEc0XQ
z`*gmEkGGa*UR9#E;aijrsf8>ubSLD=1A<6@^BhYPpY1(=F~2$P)K}|d>xU63Xjiod
z;kGe~<Sj5WJK}R|&bo2nei-erPmHWk-}ISmrbuIx9sKT@cP0_@O^$CHZJDv$vf*=h
zj=GTC_AB=e0oIHuL=1APyic$9d;hG+2tL3)gv3C?I?izA;D{GKig6M|F0^d8iMb<?
zDme?vW8Q5G>}g6HXk3~V+5CEt;+d*9`a7a8Z5!{SthNo`d<XUGRyFBGe)ek`*P$Yj
zo0cFPCpJ!vqixTX2qChI_zD9|TXq5azKsgP)dIx#4`J>tSKI~$;8@oL1CrE%zW1bD
z%aL(0`$9P6teVk~jZg$pdCthO0iNVZUwY{(B!%49L0jJN^(u9Uysw!-m`)aBTNeu{
z#~hEoZMn|0<Ra-3Iv5D-4)HL3GqfC^CZ^XgjNR*hx1|@3S<GK<&H;kxT*YKUr{{`4
zm`FWu$SIu3g9NQ#zL$)Ck!yK~uBuWWp{TLBl=)vO2EfI!#~@N?3-a>0GxDtK=H+rR
z&pY-mvs3wa+`fz=9WkqIg<5iJe?>%afUP0w4BO5v<ht4e0Id+?@yYS=<6`y1GB+l#
zilshXJOT^m+SBRai;ODMkMa*yBBc|aF1jgvvO@2~t%313l)m+bE;ehq>CH>2#GLnb
z4UJ#Ux&D0owuPOp@R273PiqMO3N|tP={sG+jyL$#K-{!umlV*8F<jeOnSI!wU3C*}
z+4%jo=VsRyjvNOZ-;+}omQ-%7eAK2>5PL(EZtV{S6`(^(=)A3+>uw`Jfly6#JVNzr
zpv3v6pHu(oZ!1*ySU=RhrXs*S?|l^%Y8wr*JMa@I)qZvYA~8gVVfyL<1_g0SgFc&B
zDhB!uL*%X4m8NXFNSYCDBeh@ZJ~&{b;b^2OT|eWu2clBX6Bq`yvn|sGQOdEGZhfN^
z`}(<=m72I*6)7u83rsrAGO5ToWNloS=}m}i>JyT#CD*lU54RL8ich~Olp!QZPin5T
z4X-P!(fs8+v5+~6RLlFN+%tFsF-T3iW<UNFUvJYOCy8NK_%Fs27yGwy)qa$f{QokV
zu-?)@8X88|W|sl(USK_*lc+Z)QMV*aOi*-0HqfC`_}(M4h}%Y9<q6?g=|r{6y(H5)
zK-d~o+})>=&Az>Qn20v?OhNryIHZCyF?n<1{hC?rvYF~j_!f?AB(md0UHy4$oFuFa
z28MNDz+X7Eekng@B*BVHhY~zqp6X><%|2+~eWXnNDKz#zq~@~8x8)d#+owdV@1tOE
zt{}-jj3nmX^We`AHFMN}g0JnmewP{G#r_GLrW0I8%~b0;W=^Y43;lfjzLdup>LA<s
zB}f-1TB|^6iVl2(+2{#31uG{dE%!`82a+oTtjypfO%XZBFy(GFCWRh})M)r><gaX5
z2r}9ertml9Vb<d%)92N{py-b*B$iPzlcG=$^rny2N@qIQTfDf!6>+v#l=kIGouAb^
z*v`$%1TPZ0De#jv$vOF2k*Ar>S(aeb(%-?&QrZoecyDfQZcD2G-3g=n=$-P@AXt_p
z{=VD&S0=Z6Akj({(VVc9Jv`}F!wT<@Yme5)Ki<{fN5YS>@#8=G|IZssWGbvRbfTev
Rhxruc(A74&QKD)8<X=R>+Ft+w

literal 0
HcmV?d00001

diff --git a/components/engine/docs/sources/docker-hub/hub-images/github_deploy_key.png b/components/engine/docs/sources/docker-hub/hub-images/github_deploy_key.png
new file mode 100644
index 0000000000000000000000000000000000000000..bd69054b141d44e4cd34c05c9da9e74d51955465
GIT binary patch
literal 80447
zcmeFZbyOT();CHLNRU7vxDzyZfZ!V3oyH-!LvV)>2rj`L65PFU3GUr^;{<mI(lpNP
zJnuU*nVCH6uDkB~{`**qqPn`O&X(WVa`xGTDJx2$qY|MaARwU2NQ<i?AUxAUKtK#a
zehj~&l(4r1|AX>DTH6@`0gvX_?;{yi>YoS*A_y|#@6<gW9W0^v;A~!fKbbSFZQ??F
zNsS`)l7f2R)gwglDZo!rhRbJ<Dy@O#mRQQljMgVJfRi6ZMRq`dL{pi^qeQWj4P_C;
z4UAQ3kvL4JW6lS6H#Z9lZis!fnTcO+_QAmj|M5-hN-FxC#fon~#c)l}Cxpky6d(U^
z7~@0i(vjlcrTLrhKYpYXQBB!Lc!Y>4@`r<^#AE8uy5oZdrGI|?$B)%TMaW2hepmz{
z06_U&dKKW5vrGFo<9|gaFx8fP{5Qjkd`(1tquQ95Vc8t^2j+e;{2ESR6UHBj|200f
zh-xElrfqZh-#q>WXN%}hjQ_f(6N@0T3UH~}W%wK7;gYlYgV6qZ-~X%R5M+!h{+4ZA
zlrK2;5_IVmlz&nx{2H9;r~jAff64FvYWj~8^#8*9KPJil**X1@jp9>RSJ&E_aYXOS
zF%=w1xOGTV`fkcjLrvY&-_LD`{Ytg=63Un~G$gB?Bt}i$^<TCppbw4Ud2mtD>)1tP
z9l!1$7EYb^4cl8=aTxZuyai7YF)cA3#S$qhD4@T1;SfCp_Q+i0{yCm2#mK+_@}Nfi
zZ*wt9he=AhRIFA=vB7<-fJ!dlp==sNMMcH$BK^|n^JlhW@v}@{YdEF;NM!&U4Gj$=
zqkvI!Y|qsS{g!KQ(+CDSp?GXUqmz~fyM_8S*ayseJ4+P-#EAbes3OC7n7N(ee(O`k
zYQ_>9pL-h{wvJ*9oAlXig3_>#W~<f2#SsZtw}cp{Vh|qtp@yzVo7Xm}6@nylRc_N>
zb_m`HR3YJFXR2~^$;imCv9Xy3>5er~ssE>Ixy8bCxaigOJLxkl3#AspJSFy{`P|Et
zMCrvQsU`2Qs>J;|5KbDRn#gURytFh9GafE3Qti@@y8Qd6cqTzI&z?QY0Q?6iFnOpR
zuSIou+_0tr)E<oz1scj2xiT2BVODC3eRG0S@U`=?u_}^d+4XQqXJXJ+z}gKJ<r`q&
zH^Nscul`fwBJs#Y4iD4nBJt{4x-@X&rUMCS^@u4Kuta`DqJ?@=gFK#(;(YYtR}Mzu
z#%7)VPYaL9_jqr?pA&biOa%$<1ZH@ONd9H!{{4&s8SV!HKgwhOaqd%m6e&Xff`gIB
z@s8y0Zoov8Mt$}umG(ac^1rYQP{yL5Ct<Mo#PfGIP#_Zojy+ZQbL{aZpr)o~vQSA=
zLxc0+L$oM`<>T1cSU8NLqN6c%BGBza^F9Rb@?icuSATibuY^bkZZ~1rbkfhbsn|5Q
zi$693V#tMARJ%#}T#(_=pJ+~RWRL4ocrNSuC*~9=m9?~9*Vszto|M&s!r?!mp>GJD
z*D#%72Vml0LP~m#RfPLqzkZGBxk~Ga`&NyH`g1x;k~P+UO~^-xL@X4lw#IA7u~>?7
za@fLyNK}|>kBvW84Vs3Bg$)i4(zCMSqZpsmt+IYJ7m6bu<>YuXP4%C!_=QOpWj#G6
zjF%=sy^x<0T*_r|TE_5^(a^B*%NzBSGWl>XHOO13;2Hs^CH+a@w>X$4%n~weM-$*v
z95D)U#GWrkSYcj|LZqdqyD8}PmV%i7B#T$CDEjonc|`qvUSm;yMF~1B!<sKm%d3*?
zMEyfxBVvgX^y98a{3xafvq+bs&Om}wLQJ)h7PtPtpbqCL=;KGOYt^1EzQ@cG6o>|V
z&>(ogMMmNFC;oqdq=WiVTvtb4t&HJ+GZ<i)AR<RdD4T)2gCzPOA+5@D4#vXz&-np=
zNxAyhqg36w2oX!vp!?xzj{;F9!L*z1iwOm~vVKN0EU~ijFF549MGjqasig9wSZbTa
zw~tGyKhwC#+9qA6Q<?9H|99A?)9}&noMs=n4kuvDe>y85uZq(h%rP7e0cdpd8hKhc
zgi&usgM@76ajmA^xUIWi48xXvm5YrIii!q(O^7w{pZ(&QS?R~@Go`lsTwai#+D86b
zd{a+?5Fue3yH{bxw-=!2o-1HaGc&7Cb4-ai1HN<$#7or$%7LxrF2{wH<+F(?DX(#H
z1_W7%gxUGo2e8ISepe9BF)Myr?z=G5fO$mGhtI?Zc^~F3NOOf*DkmlG-|vUvHsQ)S
z>}#8x=73CSirKfb@covJzcj<7{ap3%%c};LR02&QTs6OPg*v=|k_k>mfIS<*-p(=m
zb~`9pnCGT*I57K5Im1G&%b~2M$Enh~1NkJI>J`~ws{Uz1TZ79k2Io^LpF%e3&)|cr
zude?z%>e-Vu?;FQw9`{2dztFEj5x}t{)l6;o4c)|Y;}^_BPjHau~1TCOHXZ2Ms+a(
z1q~%T=#6b918<Tc18;}D13MjcxZeyxB3NZqrJ!WPw0J)<6&sr>aLickT(n6@)Z1}e
zHt=Qs>dujk3*l<$<xU}s(rzZ64VP>_om_*jpUV~*gts0q>GnwYCV6>E@Mj|l63B#!
zE98E*Xy?OVD#j53>9-XSA6%GYvWT}CyxRjMbaeK!Ejxky{7>h4^U#zP#{^NFNDM|(
z&s9>PO0D51h`$>po$!y}e%6jd1d3wZuDe{<CmwsC)i_*@a)Ws*W-z&Tg&Ftd43KmT
z$kYAWiucAL+WlTfr|A{x&Z5llZ^;=Q_B5nc&6o0zJ^JY%w4Lmp)O;Q#dM{TlkiwnD
z=(T$|S&>&s9Yvm1Z*G0@rHtA+L7P2oba1en7DMl$|6;pIDj1iP(Z?cYKQI}=1wHsR
z&?N}+vGFMPS^2}T^2r0IHrt~qNtIuY3W`FY$V?{es{!Tp)5%5@{1t)xW2Oaguqt<_
z%t=P#j$Q%o;_?a&AAB4NJ=Xjg3kDSDJM}ZMN2Yykzi!%;mKX08m-}TO1`mLm?Za1_
zfRTpw_lL23KQDq2KvRT~+PP?(i9e!nSQh+Di@kpyUCMD3W+cB>%<X=~-$NfqBbM??
z{x*AYJ@uyR$ZM+y28uiq7UFl)H!tY2U}P+Jk?xarPLQd=J)HMD{ppx4vB=3nzm;*X
zU#CsWlut90T@F{DoE&q0ejzn|mo2~?Gf4tnW9^i)M^fr0D`qX%(1FjlQLCv@p?Y<R
z9lQr&?ktTg&#U@QDUteeZJl~h)q~==Pz*12i7U0cC7+g#PGgvTA^gHYxM{ygfnC<j
zESP0!4SbmW^1GCxf!*0JU0ZrRy7}sjzw8{nah(E+>u~5Ff@JH*Gq$U&>U41nH+l3U
zbsUa9Kd{Fl``t(Uc#bl~WnmLo|Iq5wNh@>O3d8bcFsQrzp?}v*^qf+7Qz_HPC<`lz
zGF9VPB_OGiIk=#tu>RV&KBB^kPH%AT>Tq&{MvN}b3k+;OPBR#&KxC%3ox4@|JTQog
z%uDMx;Tc9rZd=<D-(#FBh6g?{GU_Wj;t0WsTCv2XK}X8hl|!G~T9a^g?_h|-ce>0B
z%oUo|O4=tx^wH6Ay=`X`WD({!7@-xgS_aQo<d{g9Y~jl|ou8)qiqCj#*Br*f7%W!j
z+1l<s>XWu!FSOc%vtjcIr1LdU7x9DfZ3n(W%~qSSQ>9^l)#$`-@(#YE+80XYC*sV}
z^g9zYtJB2IHoPlTEB4v<+WCB+KbOin!deqOW0uC8wXA{X)ibXd;SNaz6RC!EL{aW!
zq&X{T#$+HgmTGJH{QHCeb2w52x1z_n@pk`mg&j>uyCKl0_d2QtH4!~*kdTl{Qjf>u
zgIiAf7ix{o!@0)eM)s3Wy)R?u{YBDv9r~|<HZ!(^%-A8l1sDXpr{QN_9{v|w*54{Z
zO5!r24E>tSNBhceoY3I@_2o-rwHrg;wJtQ4MvBp!Esv0T+W}w^hoLr8K|<#pN9$vz
z!MQ4E)kX%Y=)sXtqrX(;l56kR1x;7Wevs(lFl*ctORi?Kb2KwBQWy{wT5EkA%nB&e
zYFBaTv1MUSROMiQ8q+AA@tho0|9jbQ9&1b$DWN)ul5rA8nE7gjmEn8{IU)^x^+C78
zM6%ggK2o?mRLke}z7WIMDR6p59XbW@2Ob(MmDM*`fkOQ)xLhbvzCwiXWsrr?0jiCs
zv;4-0l^m(w>ol2^ByQ<T`;pC-;sshse38<84&AX15=Mb{rGdS3zWJ)0Xtq`074-r@
zPHsZBb~_y;3EEE<&8}3V)vy9&5L!{LX~Ii)%WcYeXs>g)-`%63vC-a4KuRZTZeQsw
z-b3sGnV?^EFyV{E_$GIUpk-@AF1|%z_eSR^EZE=6CsU6N5gpXx9i<3d98{;ySDD+9
z|E20Nqyz{4OQu+S`Rj!*G#yJn+6glqN9jCYJXdmGIy~H%FFf)w-DF#0YierJ<*Lx9
ztY74{I0?ERoUiCM6ukVQ2SL=`miOA2dR8e^BkumAFKR!jeeq)LnW6Xj>BT%7wERH#
zX0|-0Y$o}o=W16MXQi$F*^u)@WnstZ?6gG-3~={zQ6IeJRS@I9wayBPIJ=FAZ`pHz
zfn1mP6-n4_#`mHF{F6;qp23#*ydzp9HXUcuODB7iWfFRoN}u*w4c^@EqNqU#7Rl%F
z8R)OOqMCHMD||KLuA{uYF6xZX2c7uEwx9jxmOE?%d~NP^O`bj6uP}2%+rJj*YlPI7
z`9H)*t%2?1O+f^wrHrhDNqg6U{9~t_z+zjpIx>~}1=bn=YMO=tTf7D_nH}K`&AX6u
zrSUf0lA+<bRKpEhaKd<pyWaF5v!PG5Uw`z3Y9KF{^Uor*kc*$K<)zF_cNcN3<Pa8v
zR<G{%$1<%A{PZ%1&kO~(_G0mOLWVaE?}Szor{YHj1-<fiCXEYW_H)Ns+%p;D9U=Rq
ziS1E*5V=zfdiO5p=t-PoM{L!}MXIE|am$&az304jZciEMnRxY3ba{O~n71w+3G!$<
zPzGa$Gz>;3w7V8CbtQCn&3i0^<eY5J7acRb-NP9c{m;qe(1cy17kpv487l%`?y_~)
zhQpN>PYj9)iWXRk4;eM<<0IMD;$BMe@2jL?Jz1WfiLMkVG7FNzP)v37Y#s!pbv*2x
zMW817)KLqc94)_tL0@W?-XKGHy7N|LsJt7vakm98Bm-*m>g<QXFny+{C7FH>nT%j|
zCy|MS;TC%CF@C2XQN8{6^xf-upI6A}=*uWiu^%Cds!*`|-VQXPGcG;64zZg}(@k6!
zyM5wqyF9&~tbW6zzu$Fhg<WExce3!Pg4HNRo|I-V5$Aq2QOa*@XcwSZ?tQw~_W78#
z6_nlj;b=a@-q*D4$Z};GoR$4n+w1OFv(%k9l*HvmdiRmiQ%`8p?HP-#6S=e3`i*Yy
zi0Gc0)V7t_<3Z#I!;>{|$88k&#x$sq^>X7SB#QpF!CE;(!<#JQja^_8mK#jgd$Hbj
z>-=q$=)%bF!8x;*NTkZNKVt{hzEpBYor3&(oh8b(_|2B%CJIJb!e@KM9j8B9bt?_a
z(k+y9s!f;69*MPFD~hc0!7a;m{rP^tjPrGfXM@sdxLO>bOj+`$-u(dai>RG~i=Cgz
z90iTXG2FKo3lVrsvuk88sl!>d`3eu4VC~myDLC%bLb3+zPMdw7VPLJQIel74Q(QVf
z>?Yqi-?7%9<EDlTbV_4me!IIVs(Ca%zPs!i(U-Ca)rI-{3@3E7*nG+IeHi|B*mk!>
z17zO|Cz8<smBexjRjfca)>!?gRpRy`mT5%-kT8D5Z074(QRlW`O;Kk=YaTnz!fV{b
zVL%8=zpj`KhPPJEg-Y=DW7njFTs$T4QTEKT>03GrvpX}%5P2Yr*mSyKcI19W!lEGU
zcvCM4dFCQ7FK<(Q4B_bmu$R-+W8;dDLqbwZ{kZHbb@x!;m2XIBQSAsfo8<n09Nc20
z1qrHm+^QR~u#a;0BYGv&Q9OjNeKZuGKF!c=To9?s-et_@e#GVJRik4xK91^M(OU}0
z`jyhWqWt2sjNnVH0n!eE`TlHFlGIZCnR&ZPu10=YJp_$SZx801>5gVfshv;cugFdL
z_VbLm)GSC%P0bf$?*5j!^h}R@n8qSTcG5T7ruT+lkb9JIsYL*CX0`KE_Zj3OCP?XS
zPwj+%r3SW+0&A^Y;dcYAm3p@b9bpWVJaV+xzxcwHpxZOX;@y)+uh#b>8q#0udoj%W
zC=2awwd}V<4Ac6tP!rejK^{wpuAIFhqr=j}VgFHN)d4~M`xCis{=z)vYvPO1aD53K
z8H)(1Y%<3{rGjbg(;Ej2PX&?Hznqi=nU>(h;3&6&rxdy)A9$@q%03Ht9ZF<ms&28(
zwb?(PY<O>Q)z<=XvOcR_mul1hk;Ol2lYPnF;oZWdS>b#BSYL9s@N3;cweFFJdugpt
zI%7f1m|F;`_U*crlAt%YNAUe@EjgJBV3g2EB?b`KoHM0Yb2URuKI!1Uvozh!PkcKG
zhs)x2Tm6}q`;i*?4WaG}Rn^9G@l=AgQl?loLN-um+umfFe_ve$RB+R}Gqzi;R|*e<
zZDQ8CVS&_19Yz<@^wh_0gt?l2K`)WmHYefKKZ@>~EhLQ78jUi5e~roPlS%1l$&A$z
z8`W^{X$Q0L{*#d-h^KUole+-h)#nsU?V}6<mAj#jojU5pXtOFpH@QzXWj}M}!(pGA
zu4a(_<#ZmJd7irg<*beVl_Y->aSGN{)j}Dpxl6S0KkwNhIPFQ#_Bpw~*%$Ubjy*9J
zukuD&sM(3|fnl%oJH7zl9rtJZweIAf6wf0H$)<wIX26WA-U-(}-3$KH$ClnFZO4Ai
z_vH=CIuE-oFP_7Oc0gWNjGCvA#qFfkEP)S~eM%Tj@p<_-Lc)0pqSSPHygl4aWe&p@
z`igA2vK=>f$8Bp(wlfRvR%#ZA*0>)s3Sam;X+@NbHhK<k3;A?ko~W7oU(Qe^TQ1~R
zq3fOsF2QUq(0@xMlISUF94LSGJuIFMmJ)q5`JVq|65M9{)y6bzwtYu<B|<nC2yjXk
zz7FFLEF;xe2<L$tq8x^D<~y&CQ1uGWJq)lniHgPEm>hUNC&qb+D!zkR`RLpBouJ2{
za*>>A(~CDatXe;tPC<%Mqix!rQ#s6w*RT*xsa<zyhs#v{lli>{+id^s2PeeBZ|hgs
z0%GCML)vFGcPa`!7Fx0huO#)k-wY8(dsiM4!qn|wibcf;`Sz;&Rvv3rS-UiFJq^qz
zGE%_Rup2K~5M&G4)A<tDRb5<dW$jj9BA}ElTt1g?YBQSK|6J3QF5IOo&Jwqw06SGL
zor-G?dL^Inu1PnOpRR0*5tYXpgi^{)p*oaT(BI3zYXHnB1+n<*QGEnX1*odWd0Et{
zoQ_kTFez3#<qDXT@o$#tHIK`5FHH`WEjitWci5+$>|L1ITpS1~&$2KJQZWir<@%zt
z@>q=C{#uF>75jdtJ3<;o<6r4#xwqsX?5UD=wq8DP(OuZe$EndoU({T7C(ca)X;Tp}
zxaf(qqN>4Or(9RPmiM$7^q4zq`ufUN%ugn>1HaTMiRr?pS2Vg~{ZOjXX$haDW*s-C
z)!Dnmf}L_b4F+qD>xd1kY@fjvoef66(MvqIT~o7bX<IqIv00HFub*ju*?zUUV&K_u
z&l(djY3RB061<`tpo>IgVJiOV#*ox8Vgu+<erarD5El2KK<WqS<|rr{&XeKrqPxuM
zpKs|U`)4K!udRiA^l+{oINMs|UVqAS5PiQcX_NV4<#HYayby2Vu>Y)oU^j-<pv7^$
zk9GNB+tn%yMloM)3~ECd-p7FIpqG(}tv0-HIKMp+HlEo}PXc*59n}CM3`t7RKXKu-
z-`G`XQi15^u(NeeK2H=jWRp~`w4Bb-&_Thz5T!~Ft<;n*AP>m@<c`(Q^K_NY@P1_o
z3D(@e5aaJDCttH#)t|-T`q5%!h(G(lC6RvV#6I>$E+aZ17pzbZ@i=DljRHY0W(0>V
z^vb~yrOSn94bN@q_{-|CS1t=<CpT0y&}z+WkyTY^G3{LR^PWnDZ8O{1NhaoJ2?S~q
z(%6))Q1Iup^c3xGEoQKTBXkW53ZPWa^s<rAcjJF}&xK9ZTnwFnP&LD<d#<-!t9hQ)
z_UrpQuOa9k*W&^1eZ|J@(A*#PP8_!V>MCawy(;J_{#u-SMWNhy%%A=G)ZMRg<+Qht
zwL@!Nr+v1{s`AK2jS{+dEg5=*&~zBIAb55aPD<J@?3HTKu{ySV`w~29ZIeV<nQ*=d
z^NK-Fn%8545`o_t>0WF$-_O6vzDs|VwX!jhGkufM8(pq_U}e7%)S1<hB><cP7A#JV
zw#|Y)e<FdG4in1Jt5Dy77)p=2eZ<Ct3&}J19H;W}qf;-YG9FS@Zw%SITD9yOjpWTK
z2JPKLJbqh;qYy{hBa7MHUY^iD_AONqrzkXZ^{W{*mm~A~>_@VHv$9nR)F8c<%yw%v
z>D*5)WDGQ+<j-=3?N{dQo0no!S@vFt3`6jozd}hC)(D|%q1mV39lS~l$1?ox&!s@q
ziram-{EV*0F+FZl$@JjS#vV`I`T?@!<(pGrR%HMYDr`%Wo+<*^J&g-VYIOkee(Jrj
zsuc9}lY)F73JO?HUKCd5XIP8x^)7i1&=r5!x1Zu75;pK2({^4?LZ4q?T<~1K?hD_@
zn8=xzg=Sl$ubGy6u6~=l7PvITTXuG=v2D;U!+7A7O@Cdo=eXBk*@iKP>kep7eUh*Q
zOU2%HUsC#fSF<oZ{uTN?45r_t+5JPEO=Hc<-H5kR{D}C_Z_8(jWx_4f<Tg9wTiuAO
zp14ONAQ0g2M5QNHX~@TMW;fH2ROecMZqL}a_jH0;n03yu=~PK@Dewz$M(f=#TO#p2
zXR&b7yV|3s$hd#YGsbr27~-2b^nQS`jNK)2>R~UQq}a+pO+Z>zH29Ly2-qIoJR{ep
za~!*N6{sLMl#x*(yvU1EbJk#MT5w<B*&ETp!&PorcuUGy_i?k1G0}>=HD_8=<JfC<
z2Ax+!GjIQ90ipE!n(gHA43;X8FbQ2k7r=u3!1(F~5o~9~3csO}+Y9x#(!p2`;(1g3
z({fEat@~)|CR)KN^rpi_E${r^)lgpdAy17MzkMQ>nk_@(qo$1#p4iN{9_Hvtb`V3i
zip#jBX=7jrA(i~ryU9upCEr5%Gqp98Iv=|^Fv5Oyl1-`xeVNBHXM;bXyQ-%W9bLU}
zs|0s@|JO+SnT{($*M)q?I5AUII}9=LJgXnB@p<m#Zm`!3vZLVUY<}{@TnQ!S{H#Z*
zHFqUvU@UgL*e|%=QCP87$xCVXkWt<WtfV#KyBbscRM_y-p@<G=^9^{Czu>gfe*Si{
zozo%AVX>51&wp4XcZoqVWX8*U+9_^hx4gNR?Pq-{d(VdrhSG^ngtuwb3>w9t?4$2u
z=WNncpYw}A>kG{+9WNkcFuix2)wcH|Z7Vnn3%&`e${3oeJ<D=digT~FlVjE+g=%v>
zlF$5-#wVelR+_-D@RvwvXZpNWm9|0d=$wM_c0(?>c3$ZF{5E@@`xY0z4+VLJPkWw!
zc%Ws=V9`$29md>AD={I4r?r@-0lq88lMN}B7#k)`V(1-;P+;+X>=xpk{*My;pYv-=
z_c5MF{-mv_)3<q$X>Ke2=c^I!I0UC|eg$^bFPeew>%o&mU4WIVQ$TswcYq7vQEw{W
zEvs|kZAo-J7qj=}L-43DKnlg}w{pVR1fumQ?o4XT8DEL%&3>t%A<kQS4=6O>fpK`k
zeXEJ1OO)ndprhSgG4p-tPg4hy?E;$lat%D1!`JNHi2x~C9VPNEkzw!Nf_;gv&>&&~
zhtv(krkxw+CQvUU71K3zDS90QsH?g$1=a%8=MpN1BHA_P=b`8F+*lXTc5DsnARW)@
zwfUFpGSqxeG2~TD6Zrc>+qi5Jmu6{u6K~aY?sh|q`t7+dNW8W40n=&d#w-yg`*oA6
zJP##8c83@999_$?Hqh6MMk}NDKi=o}mh|C;N=}OB*Xu4QRVs^}$~<}2`*az9vdU0G
zj+}?}vD~2C3eF<;+v+~qGH*8lmoCoUjR7N46VjUPdhw?>Gu>u_9LDF*jvhLpW=8Sj
zU-dn5KI&P3pC6rc>bfT<M8~y;5a@Cp;>63nW;<6pUCwoAoNtDHuUJS*Oq|Qx@4Fyd
zS+IQ*J`!^E>Fw?(mHgqX6`}qs!ioDeR2iow!b%+^+h5@YDDUH|he@d!FCnz}Lu{}7
zlpz{$6u$U}^@0)UWF~|3#aFs{J&2XytR?<d@>1Ee^T|`M<Fbp9mi$Ln)zh+5&7F%k
ztyrhGoJZd}iR<lAG-+|%(9sDV7T^nsLBJUmaP;JGL0MMSbsP?4#VF~iHWGn_>BVI~
z#4xtjZS!=~fpt!G=PFP>Lc{cXw!YvN(voTaJj?I(S<A4;PXpQ0-<kN4t<-nz+l9We
z=sdXMR3<=8b`bCx9{?py<Tkg(x<xSSMRb}wdUPaXRwL=O*S90;#Q0525;>3*UUXsB
zw@tm=a;4*O9A*+rDX^Ygx|VQyE-%M!#bIZOVLf8hOp8v(j0@1Mqoo=Kw6GA;(NU))
z)|vweL!xiW&v#XUCFREtF1FGeg-7nzGb@p!;Z>UI)2@C%f|5#GuiN%xkhk-D;%y)N
zX5yKtQX_N+TlF*pJBwPcx^MLo?)7P$Z|AU_73X_m+*qBWJN2Pg0a}A>o;%t?c1fhO
z&f7Ik5G30ETYIffjp^y_Bf>%>SEEa9b@Ju#k_R0|^TmtfZ4F(6>Qh2RJ2`mpntD1Y
zxaL%y&{~~u>EsV~!3%!koz3cIAmwzK@+wEM62ZDu*|s4;+o`u~_UY~+djCCZX^S*t
z$mcM$?)S(XbW($=sj3!Gd<|0E8Z>xNkDT*;kOnp~;cq>?8;!;v?&*ZhPGc296nxNV
zI&#Uj8_<JOzxn0zG_FWW*NHoPq|7@OTXn?P3+0Z^>qs9YrRJ1I04TeI*6&2zJtVu;
zxAzDg&$kA14ey%tx$D%vRbqbVkSe?fXJRFhh*ccWnCBD$^?k9gq0SZ~E%Z)<Q-w1&
z#N?^%)&u;SVM3w3i*HI1)&zWalw)h@yXWv1d2Da%21??@Zrp5jYuAAJ`{(O*+&<Nn
zdvPqw{>6MT>%XtZF)NFhu82=XU3z+T$HmYLaun5L1S+7l3-F%KyAA3C*^O3woz<Hg
zBj|!l1PzbJFG?7<5QZT$$s+sJJCX-=sh2~0gm<MSdSY}`RBg+cvkZ(q2>NzcC+|BQ
zROcfKt*H~G8vJvIwFrCEOKThe3e3giDA;Zut4EWX=gxjeYD>C_g{4wQ^Sfo1Y^qu#
z6j+nqx5}Pj^Ww9s{zAfFjzx>T#sIf;c9s?{Y|R#(9b?6=I=9ai?vj+_Zk9s_tQ}r1
zDYN8Xf`Rlor^4p?m#^w{x+!wa!$Gea(tS)?xdblTz|IvOM*G5=M@#klKUbeLEpXkv
zg-ws<;^S}gomH=u3HjJmnmU5Hvn@-8Dm<-j>YvatC(=l99TGfjS(#PfIPUiJ#DJZm
zDe7hRHXVkAp{oTMcTK%QxQ$t990j3u<<6cC)9v`0<P5l)-e!ZV%>4chMS4riEN%L3
zWj16en&W)rBTEZ;yxq)v0FQ+n->ZC$wF-}mHSCoKSW7BW1=AUlwgLIblr}j(yjl{l
z_42g~sGH(m?*j{sr#D2{cRi)4$za9gvOCmv+(*<p4KFC=jS=YP23Q#9;<OsIZRi1X
zZraHy&C=Vx-WSspjnwgVI^nVlq<J`#+P*ImOxz$VZm&i3c4M&FN-$_XMkV#$EQWe!
zb#@20g0p9)Y576eV(HNSeGBt3hX(WxJ~d(dDnG-+{b<l68R;bJO}KE>ly5kh+xeWo
zZz-)cvHhk+Mv`y#?M$0|#-;x;d5v_eqg5N2SP(i6gLLfUPG_mUP&*Vfe(~GNZ~43L
z%8lz#W`kp#y&d2;kIor^h|V8_MMPbiZB5sWZlN^(cZNbxpKjG9GE2{LuIxmS{V=)V
z3G3Gem*ejo83kafmrEtw%N|nN%N{1X&0<FZO%-d|iw&14Zh7j^&3)sbFZJSmd_Ejq
z^FnH}Ud>#seP7PD(tPJx96JPk1#1?Cy7J7SByJ|xu8<Z<4_X3LZhHYH+7`@bLl?vT
znS^#w_qPQT>gi!;02Xa1yc!*GS<!nr_vH9kV;KRdXgoos$;8Sirjv-iEW;`!V`jgj
z;noFWBeBBooHxU;&#$Z0rq-Ph8Jr4%k&bK2bLe-w8VTz2`c^lBpb@LZVS@4)+l2&M
zDP(aj(g$y64fW1ysgqf<2`i(RW}>m?ww!4T9#&SI?)OKo{Ti==E?0mM!gL(Gvr{Nx
zO>QtkootV6v5wXfPV$KeU^P!rHtOaD-qM?uMB1?-3sct}avJX!zB6ur6|51Je(coH
z<1?RGfducGoSoAh&sZEmNM^EvN~XlXn_6GkEi(s(pw~@Mmbu*W#5OJKVALDw&wB*Z
z?QLp;{@lBJ%R>G`JLv1jZ6}Y_#<!J(PYu2uElAq+t?anwaxJMGO-DBfT$kd;_^f(a
z^PG<bp{$d6ZtNKxhP(Nl4CGes+3>@biTRpesF5oa-}Mhi)9hsnJAK;78iYlcCi=L4
zjmUWKbpLA3aiX=Fv7o(@wEZB<Q?t@j%O$T9;MYe;Sh{GbM2scizZV#$G}`z^Y>}n1
z<c+&jJ4XFk(R0_IHF(s&3MlZ^qQ4GxdXL!1YU>?#ZfXVH*NqP=EoBrvd<G{B3kR}Z
z)zikm@?YXyx3Dt12bw>aHDvhff4a*Qg|y^p#3;QX##?lHhkwGg@vY^aK~<4Yo~Fs_
z;HB2pycdq8;9zR^%e;K+jo_azDpMD)qP(SG(qRKjrzZ);td@e-92MJ%Lz=6C5wCp4
zdx$rAm7))gDz5jYQ<W;+Mr-M0>za<XDq>X=6-KwcFdTbHyg}rw<vu^vAcAXLZ6Ef#
zXDkY%kLZ?PRiqzlC|!)CPm*G=6<6^{0n*#R4t}g{9GdFe;q}UFksW@v&Eo*rBG#Uz
z9&>bs)zF8@Ve{78#X@%*QlI-Qf4wRnr+$&QMC2N6kSsiBcwv;4o@t_stA%8|X*=RY
zhE~hY7}YcD``K^)I_aq<-gN1`qfhLngLjE&O(okq3MXt3)J-=s_G_=*+2{4<W)fD=
z`P;8;U>?8^5M|3ls&7Hk+jz0KT(m29?>%4;43N;?f}&($y|aVh0uz6RJL|bmCk4$!
zGNXzurox~RmZXgOoU`$R=Wv74RVSkebTNkH%UfslG_WnfD{pN~0{ET^^GCe*(VB%&
zXEc|L^Tk<Qn1|EXHGp}#9*Wu0fHChOjEcR-K@6s15L3v-?D=8xWu*d$4yJ%PIG6Tf
z9F^`xw!r-=SU*g^dRn>hV7#~;#ZDz+9loNYRysZ7xKY<Gx5Zc3@xdZUVi3(c0*tzE
zrHLk@%ZAekz^-|C!|58vRi*R%YrFs8rMm;pna<nUp-P_3g!>L9pwK?qnBD97pR=Uc
zbwAI~urndLrs3NE*cJc}04_fxPo?{oGWYK-8k}x25=+bjfFE3%Hg8>O2|#O{O``Kx
z+;z31j82KX*Qd=U4a>fVBaACe?uoRG2i5$G4r1qoM%9Lyqg-rXPk~Trc0@qT;?Zqk
zMMTpbDMWL*o13}Owd*mnx!q<KF^H4EM@_>h1b@YM(zrab-s#x2t#=WNQq(TOxi>M{
zoku=->1re}Td3^t&i1}7TO&Jrj_qewsn@^-yQUIp{Z3?rKUK$NEG%?WMiYwVEHzc|
z%?>iJ3Shc`@A4W5GE!Pf^|`tAaZO&GTJtQG66Rz;K;N9V)Khmga0QiiF&-)VtTnF%
z;-q!kCw4{lVRSp}ylFk{0oft(JC`LDy@{>nlt@*bT<2(}OU=XzL#aG$FV>;yi|B`T
zOu89wN9T0OZtltNWQ;K?q&|@_{i1(-Y*suR`e;7{cQd;#CDN#%-mWKv)L0XS5(wdE
zwPd^0+$iXMwT3Jv9x~qG)=2p<Fhg31W)~-6`Yl&}u8lvRHeyi0l$l=tPRp^;IgHpF
zHs&ZxQ8REc-@8d6bxzFj;ck<z-kxzb*?~K(eOCNS^;}y^T5iwzYYdCwia^g_f&3@>
zA2)O&%ytXU6m(Cg8l#)rPy!3VZH1P52VmEQR?W>iZ3kw89~m;T9b!JOilXQ4`h}`D
zD8W%y(0=;;W=noWUw=@0>GAy9ja1kXChs9UAcXMjH1;Ez&~VZpu#mA9NMO7_Le{4M
z6=mdpTZr`A`_{yLKdPVaa*&u>D#e87o?%m!=<irhC<wdi)m$l5s3}AGY8XZiJJ)Xx
zJB7ArNx{kdU(9`_K@GKyKyEP-W)9(MRoxl%)n~V|EE`qb%*<p9N@q=bYr1UMq2}20
zdLHb)=yX;|=H)b{`NB_6Cp(3sSKUkwBhSaqxB8h@%=8w)2iSu95gF%$x80jOhgR(S
zi%#6kyi-&fkXQ0*3~QSJO>3)Y<T}pg(i4`<kS1e1F?Kacmh2Yak*R#(3~jIpt1s8E
zDYNF5hcY-*I^Fel)HPGs3zp)RVB4{GOJ;<pL<lq;6$a*J;D6Gys(z7jIWp$iF<l^f
z58oicmC^BDi-L$!0Wwfz%^$Ppra$tknW&Zbvpxbw$S4DC+?V_!jJDtm-_aiD3i8SA
zG&WyJ!>rWIeA6JL41GPLX<BT+i^`XfaGnqEXOOztdmm&awPb*M90SIbhAN&d8z32!
zL5tK}y-L*0G*x_X8skefr|nKEFMUVP%JJOmNU~UZ_Abh&Gy{859?`DHXMQ+W=0Kad
z9Ge`qoGvzB7J{7-<cMfZ^6LX%9xz<`0p{3mXr_3%xL&=2uE95JTyEVM3UXJN0Ieu$
zq=fGW)4`GQ<wla3Abh18Fr9;b9Kbh=jI9Xrp4{d56R-Qt2r*Lw@vq{=qN_@ryM<u+
zkZMjlAFtz&45j4^zSekmPe^Tj;L+ta{Mik`^eTX=BAJu-CkVcppLf2uq-VMEAtSAG
zc)gmUN@0vLSBfgD=N_tlWN?>1^KyQYZAxOc;}DA2%I)Rovx?nPiA~_zj{i2cgD;Ol
zQ~zVM--0h><bbX_VgU@N>zy;Tay+&&uuZkL?Vwn{N4U&HUmKm>#ef{S!O7{J=1xNd
z^dL;B?RLY%E?0)ojR`My5Vfck5CE2a4;|o&T{&`@940pKUc<<4(9bcD+S6cdf7len
zr{lLZ2-NSXXu)G@e3;;=tlvDp!DD*Z-z+v}%C~8mJHs0>omj36>j6@2w%)Ys-L9FT
z=xmLssV%%xTh?pYJ9ViY<q!+0(Hy~Cuvk3Ia*CVs9GZ>R(Y+>}hA7z8*@dBiq{aIc
z1dsh?-QBwCTcLC9BAi6HiFj%e`X@F5XGcpd63<#((SAg^+)+Fg^UzA+`Y9)qGaSe9
zP4{kWf(Cr-rQP%qopl+$(=h{wY>TXig?)gtAO`&@Ftljq%2O4}C#d_}sF^1rudXaF
zk+`<8rQj_yr3Qn#Q!f*ID_q&*XBY?gPzy6NP8-I~O1(Su#eBKsAKdzFy>Xv1e4F~^
z5*JdmsntX!C65!tSCsOcg;U(t5199=qZMHlp4%nTyDrPi-B+OW>{RSHwMo@F;nyYH
zD*Z_%C2_ZlZC6)j`FIh7rd)J+c?GmIebZ`l?fLGDdt^*Z3zd53(|4r%mbtrbS0?!m
z%vC(4ie&Td9)^D3OxaU=6x<ZHrl!b>t@c)=u64A3w;V`l8yg#;JH0Kh>}Vgw)}dGm
zGEp)xh;ma*7%`R>l^BSb%9o92TEArGv(+%(n;6&`_)uNFv6CfuHB`PS??}IEMcTIV
zF|@M)E@un%K7?UL!lu1gg6EHBu+77x!#@;2N}@MOh8Qtp8ICbkCu%168J=jHwg7X6
z80Puf_p)r3a=#Ta-=7A%sL6Czx0)as3w$uuGuCN#cKHJ89~Q4qO!Qu)q|BwlAu6V@
z0B2=nyrc(Fhq)~jT9}tap?(i%FvCFgC08&CsqEP4BY{PZykNd}GL4&N@J<|0hRoPR
zQ;*;fZxTLX`Bbfus7-QjZCTC9!%+T|8D1TSZ<?VjIX`zf;TYTex!S$<Weeosae_o-
zoI4cZQ_&Xu&H_3`&%(R;{hGau@`bJ;R{5*g8gv1S!<{q$(F`!n+W4;}KGnyLVY_$O
zlTTh0E6BzyXR$Q|kXMpn5fUcPn24k`W)?ljX@KH*7ieHT8kt7~*cp*k$Zy`1imXT4
zX3yx}9t$JV{I&<qvKU@guAg`Mz-iCje9W2ewrpSS`Baxp1VXUdT%Pfo5D$-KSYvHr
z&$vd-M6YlpAd9V*a&!Glcinh6=xt)!0<P!S$00}x79QaQ!oH&x0|QBcbUd3tjft0e
zze{DUZ36(H-OD49&wS@DwHfZDP2GgeAN~M*B7WW2I*|jJIntw)<lAe|EoC^sidDf{
z4cko>o8$lzCE#uj!(?->Pxr1nU59~@Rf`wbMpi~M;ny5pd)3X-i}n~1(_|G}1=9$T
zSh1A2hlRmzz_+v|d%jZ+C&nm)bQUc1B*;?VE@wrr5I-UPkN4_8yeRi{J_){S0aWmA
zfRH1)@89GkUsCl}t_Nxq<@XRWy_o;C*#5ts?z^VQ#&J(U@LgHSYi#=by$B^cH#xJ^
zOQAg2+6Z{QOfr5zpkz>pZM8VXr>iC5bVNUWVEd_hd%Yi$P7J}UZ7C`mH(}IT#F_QI
z{Bt8bY%|L<{vs?d%4EAuGqXPAc>We<_9i@6G7Wb_Q#lDw&X?tdHEK*uqO+DOTlg5p
zK~=q+H$i|H>dn!ILsGdH_})6nc~~43@TDn@OLuddh#pmKlOR9qw_FTMo|RVudpE>s
z`^=Q|B<@Q=7l9FGg9NEY0Q1!M|HIK&#efq1%8ojAZqbLZoV!IS*0Q@9H`kdNAAVig
zj8Qs~(cdzdDOL*h$ZNKgPCb0=Q$RQ`MyrKr5mgqvMgwsE4&^z}m^Qcl8D2|NJDo%F
zLxc8>MM!>0P5q_dLaFS<X4XXTb@*%3o6UH?Ow)1(Y+~YZugw0L((zjrjWdiUbU2Aj
zH0KAgJ9*gLHl?fBsbAD+DBv>x%8BOTo57Sd#j)#frYu1{5XT-EZ{c~qyc+ur)?_Rf
zHn~1P^qUvy#KrU!8>bK^rhi{eG7d`5X9&$QDo|Tqxqp}}^_PvQO4Lq__v!=Lo=N3f
zg&fF6NTUv8w4_9cvz_}F{P==P_Xa-bk7VZevIDlsI&n!9_I|n)?n*z~UM!{V_$0qu
zw~%i$6B$6qz5rU%J6`vVI{yP0zaWC_8ITu|l^Jhf{_=Q?N!2N>@mZ!#R*3lv0rpj;
z+9OuX(FCo$o`gqYA#PC|+KfYKZA;C>$fHGj(M`oL29xsra%b4lQjUCs{n9?O%rDIS
zkVhfmsWN=KwCKM5-0yg5<@=gnOQ%B`-f#029t3c_{t_QgrE@%09B;w$>H8LUk#lgs
zR(cBswM}$*R0OhfrhEvnrmSYm`zTDn2-}7@cVyhyTo_Dg-uJq+$a)R%nA73DD4Iki
z*u1c?(A(<>How{(A~6RyM|GjGU4H2*f9mP@flvJ*xHcrfoLCIlI%<xNhOZ6ZRm6yq
zF6dE$adPJ$(m7WFZ`NEgFRu$Njs&~3w_oL=-X&AWtd0pwiHH6pHU2G0Rt=B@<ugtd
zy+fWYVJKB1z<N$Nr)sd}x}N%lhia5uW2ZxJ=}Etsuqx$mg~oqP&R=Jib?_!nNo>_e
zzoFtEC>A+GMl^ZLm>Y&=X&tcT$@$i-9Ns0O8sGd|>h#Zkku>EWBVgf$4VVG{I>+8b
z?iRjfSF#9)hJ<Qk>ic56U)uTikwv~%KXz-;SMT&NLe%;4aTMVDc)PD1Gws#`-qxZh
z`}rSK{LXh2ZfJP;OAU2+Lrpzpv=l|-V?e3K+aiPSop!t*XW*S9A0>Wm1OJbK5CVQ6
zr;M79D?2(?cduH$%N3Ux5no6{>X~(O91kD<s*ujr>6!nw3^%R|-Ff}>pI%^&gDJB*
zFd!X^CFHm!E+O%m@4AN5f_T?E6fIPnYG`=a|NhDX{xUgkTG|3aL$auf`Pm(!qW>i1
zFDV2R;O~rm3zV+b006T1TuXLs3MCQKq(tON9A~sGIF*(Z0E{xLw7Gedf1-pI2j2dp
zq^Jmp?^?6Ko{`r;ejD;p`Wd`CjjP838^Euq+Q`d-@TU$BOiQ9ivBucNs|CdoI+!Bg
z>Az=m=^_6~%<yX>j4vtZ7sC~~^d<ht#3Oj;lr#Fju=ww1<<cMXJ}~mlx#0dm@4wzh
zK|jLz&&8g9e-^op@=@-CFEcaqNynSt9qqrXRaE(7Y}YFfRb-UE8N!k!06`M9!3I*%
zl=Ia9F3PXtkLeUMEL}*||1k3HDG~ww?XYnF`JbllFOtU)9~02q0_W?x|EeZqA{Tsz
zPx`<)61(3jdH?g~@2pyI;yQlB%R&AdjQ>Nf;V<HD$cFwhhym|WOwG)YO6h-ho&O{D
z01nzJZ`ct<-Kg{`1;r%dAExQA34+N0Z-o=vl*jzN6!5!hF%jX7NAE-mQ2v0aUldWO
z!xb7bluCi|cQ^chXtq<}g?;(Q{{r}ftbc8Z|Nq~32XF0r%>L)jJNTI2;C=l(>L5hN
z{{YuNKfZ%wkOa{*?cY)LFLjAZz#&|efwJ~@H+-UikAOVzHsE&y^_$3p!r_)xnHRg~
z?`}YR2Ok0Ri`CzC|0CnVRrbw^HuTBgARPG<e1!kQpop|!_|o;{MtDWNruh3S!ptzM
z+|`We>h9nI*RUAN_tJ@lr)XtyI7wsl<9PrT--s2BWHMpD))9MlNjDjV^BW4(-`WBG
z4GZ5`KG4Q>_3}DDoSmJrNA*=y*zp)$_0QxSu$;VD{4)1Z{6J|KrYKZ2_0~<jXQSP&
zM;6L#E#`MC(6$q`_!&cG?B`<UVeM!Qd5H4Abu0Z#hnSX+9(QI5<=BEjC}{9CI>X%Z
zkO(?~J2CtGPIsv`@HAFGWlU*eS-Zr7#!C2=yy@^hnrs|{^O2|5WN3$dv)$b4HJaMr
z>8FSmb84}0^?Swmv8N<5?0CklFBDWf=onXC_tWyeMnky6bCK}tw>|gDL!GO_tO{+4
z5+wcg;5Y8<vp)=+g=OcHh+dRgnWQ8!y>QpmRjdBt;EcnwP&b=kGy+dg|4ml^_$c!A
zvCb*S*b`#q_ML1wxup<7bHyG0?cmzP$SSSKt)RL{;bktD!JpE=kE<?&#KImE{YSYv
zce$OI`9$JDfQshnYyyPe<nu3VTe3awB&N4ra-HRss}yzK4r-^WH8#_BdmWKd4Z*}K
zxXpgc<UAjI=$tY4Lt{bd_9UZ%Y~UZANU6&Z9O7l>vogP>mjd2T^lEX)SAg5+Cy&!5
zrtk>IX_!|Jh-~7!DaG;X&wJ|0BVJ_JXxpi_<jp$Y6wU}ViML_R%c7z&sV30BGRW&1
zzHs2J@Ay8>1ug4Lt%#l?P0X+Bxvm9%Peo^81|}qB#pNN_^3Ig*M@4o5>ilm8^`-3M
zR2UdJTz2vN?H>|8_StwNbz}e8jv)&Me5Lt3eBV%^nt7}l?ZEMhvCpVsA<?C(IrO0F
z(hwCbrfp3#)>)`n^<}IZ1bs*R-sP-D(0|#+8Q)FFUXT>a`}`^$w2ND*u?Fmzq05(g
z0KRcB`UX=W4yWd|ICW6%zpy)Y{n~jyo>Lz0EU`D+cB{ou&dcVh-caoerMK#!ytTSg
ziigR@k=);+hh?{W8-I3wioEVP$q<WE!Cf+xA#>&ja*cVx!UuS3-X6;9bu}Vnu4x$+
zwK~wSQ0NaRR#aLoadHT&V?VAY_QH^ha)f0|{h3+IxySF)g}R(thZ4tIy*|{~y6>=e
zk-e+tH2?k)>QC5w%_^3>lD503a=w!6c5NP%$zNucsD@{&lWYSeF?^UGL}Dd98$~Xa
zB0TVaxcm|FY{+*{E7qo%OC4~3(|=>QSd_1H7c*9DSEXdQ18?oAHw}D$LdPJL%1?EG
z{q4-k#N_pS-JyAQWYv6Rr;yERH0;9i%x`LnXW@?+6#2S|jA)bh!E8LaBA_dHwGG=2
z<JhQ!jCGD>SdvDG0dI5rB=OmHwwq9VUTmP6xn7oiP2$$E@bzs@mqX&+DfaOZsf!^i
z%u-u(aGtEJC7RiF>D%a=&7q3*XS6bL`5zv>`7`lfIVL)d5vTjLm*}Q}SCguW=qh*L
z=6Nqnh&?0sZu#kL;X+=)%kCy(T*CGd8A!ZR3@xOURFdYPHKWmT-<%?!1`<9r(X^Lc
z_K+SYhTFQd<keT|%_*|?g?hg3NwIiHv<`c<*CrucsuBe+k!+sY8~a60P(54L^6`mv
zW{80|W{{`v7FNF?Q~I~0<exU4q7LyBm#UW2lBgmzo0+CTy(G$<eS?nO&;u8nulRjO
zeIsowfu~=ed@L4TKf&mrwl-MaA-foau=@JuL(K8dWg;6q;uvx#1w^*f2{KS*)vUSf
z&hk3A0VwA}hFw^Y>)JnD?U*ev`_NT}L7V$J6`C_s(RrH9DozOuz>4m8yIwAA7DF~I
zwUKrg$xz{}>I6#>x2POF86V7ykDp#R=M)N7#7)=Os!E~HO@P~-k<1o_tgJFheA4pw
zMO8;R@BbL|1>iAZmgQC1{H#<P;z;};_`$42u}r15j#8U<jfri)N*Y(U95fd?Drj!n
z^yy&*5Aqt~RT7`KA#_+^-nZnZczX;|zyTJ|S+F%!Z|3FqxK=p;Jcd##%w_O6C>XV^
z*|tA7^~<}r=qe>}Gj+LT&MWaAGj01`Bn&3ph0D5yZXFsgn{69cg@q<ONQ5`a7=M5+
z|If~KP+qHoI*YsS)>Z<9Hm}vqm#z<`CDh|zw(+;Kub<HnZLUL~vRTDn6~K2q^Br)t
z@NsF$<b~T>CJWJ8#iYcGW?FPrK9#phg}C5a8Okj$2d>=dx!yLK8CFB3t9`qz4h!6t
zp#uf4irKhI3yt!Z4lJ!=*h@t-I>)MzD@i6)@=}+UVs9g5&$Wg7=2sOlx!*mHmFcEJ
zyWo*hsa$f>yUotT<SdhN={O>-X)fe<D5A4LUKSA$`(vCQfJck@NoF<2ZUrwi!$#aT
z{i3O2jx6|GrmE#-t-T?QM9EfYFW$;(+mUE{%-R><(uU<5g?zVoo|TtEU@9u?F7c;2
z4H|Aig?;8jX5P<L?G<;kv><jzkHg1|fwKqmE=0ycQ3$ycpQ!*bB$lCZ?#~?|D;bR^
z(~n)7O;xsMx`xV$8S>F3x-Qc04;{$nIQv>uvi>Vz{wstMLBmC!Imc2td@5Bee)=q3
zaVEfQ$=T)FLc;&5Z09~k@m6n3_C_)&#0KU4;q23mT9|*;3E(*LgQ)4{muNOvMlO28
zbcuV#>_Or*ZOfNoJ5c(B%pso??~oqK`bWz1UAgZnp8Z<$6f~6t;yQfvXT92OhGh2b
z)XQ|;EUZhXXAWD(PBd9<>05+<j<V}`0-l-zh-dnPIy3VcFkbhE&!H6D@m1IJTD#ko
zC=<V-m4F`Ze!+N+GMjmWnqQ{4=XPje)Xw;7KMO-^L2X#p48*Zu=Bn;!UC342UqIUs
z<&0at*kZacC?>S4Tn$!nESegdIY@lRJj$#o*GCv7=q1U;)%8?-bEzY;ub*O&E2NuX
zxd2ktUK=b^Yn%UBO6lOX+H|-6^f>d(nm{qRY#3;eMf9sD7@qBzA!|h_;i=EwMotrC
z&I$>MGJyF%G>V3YN*~R9W<|Y}!AI>a>uq|5YKx`n(_p`Mr<VTewT+`+z-97$O3LE>
z^V?EogA9M2I<m|Rl9lJaXn@2`PecDRS3k#=%gZ8X$qau$RT|W~{{eEDD!6X&E@T8-
zUUW+x6ZxOg6A486l!%kGX&`2t|71wLRaIk7Zr`u{c#UWokudtmZ>_47HTgnl7&9wZ
zXs)>>&n00aQ>xx}o?fz&!E^CmX4zX0_fm);ocXi$yk>NovyB5}!EBovC&`zF(=;d%
zb%W}&+1-c%ee9hu4;?!mwq8m%4GekfsnqP(B5G~-<>yh+onG%DcEdwMwiB)<-Z95^
zTm+*iR$FKjd1#V}EZ%-MB-=6zhD^&r*#Qj??G~}y@KmZw<f<!#{IWUcy3hcqjw5vW
zIoYoRc35aIU*;qB{`+Aq9n{_54={{ni$NNY8IkRp)wr|L@pJ8crGHBrQy=Mr--jb}
zv%NeHCp%m3n{Qi3@8e~rRaH7?+|8LUNABnqTo%X9z}8tD8ge%kqYJlwQ4Ti^)-0gQ
z44FH9!<&+pQ^Q*WdB2mw6pVky&gJhYv?irO-<rehVSO#Zixu-<&PMjAgxY5o1>^6X
z=Q$TDNt_p|f_Cif*r%zOXdG;@&KA7zx&zw4`2P=k-x<}^*0p;qh@yZ<m!=@S2}o}$
z9i;c(d+)u80#c<*FVcJOBuW(!A}y5ALk}SoA&@}0@x0}n`@Vi-++X+C_a`G`kL;bb
z)}CvvIiLBgXNr1K|02fmZ)AwewD8ADQE75$d|j7y)u|eDXo5J&ZFB1~zk8^T+EUI7
zMTUjkv|x13tpeM9@=|vomd1|cam<n{^MG50EW7>)M~6?xmnXoUwNJ|C4G{Rcgpb9z
zji*N{ER{0I{Dlsdxwx9a^yE><U^HJ+DXQdEUO1**HK&47vOhLj{1%O;AY~juC&VFd
z=r|G6Gk&7lKAmH$2oHltF*C7_UezI{k>5BgR&-7}d0uyA86nlnJB%C`3?dXb$7>Yc
z1O7c6cblKzSc;yqNmyKq?s0hC>v+wg;aOcJuwApH?S}L}>PaqQaN5ik%nev8Q0}r^
z%q8Y~WEHiP!&8DDW*t{xUN&q28T?oy1gh{s6bTR_Vvg1w2JOZHUHf`bW5T1amc&1%
z&}&+4N1I7)2D>6c0<>cED;KY!N5Zg?vrfLe4ms6rEZ%v_kVr#HY%+H?N6LEDDNPO+
z7qisPd<^8NSo+x7Xzb$jE?n9=*(o`zr*$(Q<)*1pSM0N-2`!Oj&+KYbNJ*RLi%B3|
zZj}#l(sF2=f0jmec{rbhrH_3_<LEmNI6d~h-$ah(t!q5lTC9p3z3}0zvwWc_yb=`h
zl17wz8D3;sq9nknV2!Uz`wWndKvx*c`@|JIv<tr(b!^;s21(5K7%Fg4I2yxT#MaCW
zKa;rYN}((56?nwR?e3JlW0TloPITwGJnPM481<#e5Bk66Ej#&L6Ae8wOVyMBfcI5m
z8xWpV_0_<}-)0OnqY`F5GM5K!ve?(@a{36${DcV&9lfaIqq<nzB3=*G_2-YL`jg{C
zA81sQoFyP#q5=={7*w~O1w_a|x4WWfyZCx7x(cf=BQGSyd~HD*OR^Osyp9)7>mF~G
z>$;3Qiio#nt!^N?^KhnMza7i2Dt>2C4`kWdnB3%pjwQ&l4_J$R)E2T&Eb6{Co50VC
z>jF{g)1c&rF;>e<a)(%;^y#x7f&DE#J$>_*=(Ud1vVMV+f(F4iBtTs~EYiVpvo$7V
z+-IX*0=PG&k1j9OhxoKi{utzCmN*>gx52O9)HeC7z>sU0ca!L^<Acp^;j37srOR#$
zmA7*T!OKBULN|;0RB6i1`xPCMFNR_0(o7lkuH?d0nns?B1KhqYppV;`x~+xYQ0_zp
ze9;gjFiPOPA3H2Q@#^gaKXW94On80Ku!+{s8L27f-GV)I;Pf-4?KHvQWQkMKPB8Vp
z5>bmbCH?xCDzbU0=_~(-`T#xYpnbzo5oSgspH@iu-88&g(Tb@m7fbcfDxi<D&(rs!
zfeS*6jJKl}|3%e#mHB$wmQwhM{Z{!4;2lde^{^%uch|mAb;jvd^@*#yma&&*@QwlD
zW&6?U(WQmEX?1`5_kE1<y5nVAUw|2GFal?U`;B{Br%PsVXETyjC*;_wgM?_xgp$gB
zsb{x}p$x8`+Z1JO-zHtv7TNil6y5I(_Sv7){1|HRAU-ZpRb?-0W(XPLI7S`;u-V-R
zhl>*AJ-i;L{0#9L-8YTzoljc7%6DD%dS-fIG)0k{oVLUb5nMo_0zIxvY2^B^{&??@
zQH$pX_Xh?z*KBU;sH?_l3{=nwI*W(2*XucC&y}1MyvoE7JgjMw17n59Hb-LZRsfNK
z{iOL~75lLt5`AUWR6$h;E^Z0d^}3G8PSkQixe9!_*?TA)YEgO>gID3XwR(c<U1MxQ
zUZu^(&7or&6nUKDuj3dvVVTbWd*KBx0Zuvu(fAvXFt^YH3l=-R`g9hw8+G$q1iicR
zix;iKM-Hr27(0|lXvp;Rl*6ipE$?2&)U4>hb0n{hd5?zlD}kqv-@Ji$=I62jfMBt@
z$1Po#e<AXAH8<~U$AkBFuYP5`Ke#M)&T5V)E=ATK9=dH`HmAv;ee%C^sx4FNS0{Hk
zTgmEVY_u{RX~kW(%!^;>TS|YTXmuQxZ1f)5eVuL9AY9C%>4Q+I7`8Bw(tp6B(=@O)
zc=+6QU}25lnJ1=GF>zyG%!+7NRa48)p{&>n=|of#l@N_mPHLb@hEN!(i*#xETWlY!
zPip8>C;#Y>s(Znc^p=;gp^wy3FM>hqYj1prEU9fquCq4Tzv(_jy)%&S{1SJ{Og2B%
zK=95sA<FbAmc+U7V+Tt!)QrQ8eN1!u5AQmM-@-kM{iCU|@wMppu+N&Iw*;MmK9^{a
zC(u2CgjVRH12SGgo1#-NBtt$A#9W3cU&HUQny+%IuK46(%HP%~U3acdO`(*NNoM?i
z(3N5e>qKv~LszD@Ll_Q><}pY@<F>Vq4oMN9G@Z}5^L-{llA#OD2;b9X&<GO9<NI|M
zx1|EQ6c`WZ#z3bXn^LB?v1X}ra;hmCj0A-u&HzoOi^75u;uo)t&p@a#VEz?SaCzlb
zQt{!tebED;6tO3=aB%3jg<HJUE*s6xJx=d_Rol*M(N{EPVR;GX7Mohh9Xai54O;8*
z4GuBL**qgx6+(9nnEK_9V2_m2b{4BrwH3nFj{p-!J>n?;<zn1WFO|!U-~x>*=OG{y
zXsNvVJz>aJ$x0VDrF8^o9l+ZoqSs(MEDoyCk#tC(stfks8dy+2Jr!RqCkVkT<h-W}
zl2p2f@L2ke4qY19)_ll`=Us9c-*r&wGb$G>x5uxwH&NUC*i_C$c_F0T_jsj8wS=DI
z;2A3yep|5?!f|n_=*7mkaNC*pl3gtk!6~u`(8T0$cQwX4>)e`M5jD@vozjGyUfU0a
z9f<UVNX5(+qlRoOP58$t&i}$Se<a_|VjxuOx%LKzSC{}A3{&H3`X0JGxF73~F;Qn6
z=^IQh1%GJyuH{{Q<E(kpNKrRy$H}Ty-Q?cbdUNAKj7~WUOG-(LGv6BDjSzJ#>CcBK
ze)jNd7p`d%$*iX!Wltatjb`uae?X*86L1P!75?I%B4QlVyhc>%jiO2O>to+qeg00a
zMagG?8&bVDO{x4ys(r`)>?6T^UM-uW#WG>iAIRlFK5V*+^Jd^|oo*=2o~Y6J5{x?p
z46ilq3gMwOLVq_UXQlMdFFF2JdV!?5yy8<O@L{}|F5Vdq73Tq!sQ?`h?Oz3=P9*8h
zAxsFdYR7!|Mkh{FTqp+3zcd|+$l|`EJ9dA&XKhN9NMV@JwWnPKwydPppczXC^c^Fb
z%`j+|h$anO179GQ_%Vg#+`C09M!`KnN6@LtS+z#z%_0Zut7dNkQ&MT>Sx!um0nLEY
z)>3vL8mss*qzx%?IV_X2HTJ5#7#dsGykQT?s?oT<f2!?_3aUaiFBKGeTfIAtvV)O|
zk}dNgJ^2}^^CUc4xfu54R&K>su4em(8lQg#H`@+`oaZt#Z7YW!bynMf1|1yph){XP
z>z3}`M?-3y`Y`_eikTK0Pu+u-A=}S%b?z-P3X8eAL12bGhvEpnEQ7$cA$?6Yx3gXl
zJJ=NR5>+Bt0hwO`54f3?#m&0POF`@|QjaO6rvMH)_(y*s*99&2%UzQrstX=8wNO1U
zANgj&c)DjKjhR`?CGbJ0M{Pz5$2z`GTQ|{P*~=W=Gn9_hq+F}g+N}7dohX01OCVOd
zp2MZ9*v3#sxa(Wr9>Jl4fhhZArS~lR<Zy`e4qop{dFs02<f6G+pZbEEZXwK|&*I~B
z%A*4-ojuZ-@@?ta$TEH~HY_5&*KZnhLMI!;{f+$c{MeMd+|tZ9q<IhpgQZdrCNUbw
z3UPV%)42dDZP7bW!;Ensd}@gc(9p^*A6f)ipq*%7H2Z4Xmg$)_(#{Rvz_^u$uAQ%U
zg8X_d&k>h3KRZ{f{wNpc`cj?pimk@9=OioZj<lfp1B2(|Y3KLrfEO|QwM1p_=Oky`
z!GXH94JJj=H2w&Lfdq2@o+fkR4$V{j6W`F&!NvFE$)rj)*S0@$viH8l)A}QDY9du`
zF)#C;bqi=LSH9=2nOEPVk^RGVC^JEWuPQm`<5iTT^3F<$^4EhpGA_OHyd(Vk8290-
zDa~LiwLJ9v=MaV{#cbW!<1=y7>u1JuQ<^h?Q^@piY+Od%{^q>Vc2?Fr3FTVXR!A+`
z1B5$#KalIp$R1;y87{4j1vB9egTPtqP}EX;$U1e}wyUX-@7L0so2rqnx-MN@qmH+G
zd<iXTLw{C`CWfBPcI31D@BqUTjaQZ(_SfU)RQvXH-)}!Yb9v)$Lw&gOIWdpx{J5hd
zKc?A2E71|r!6U`Xq*EvTfU^$9e_-gzKoe9&3=;1-L{#77yROp%I#VswiR50nEM>^>
zD;($@4Z^U}a;5$==dEA=%%J^=o`r)s)%xU1o`grg`)q6_)H1+41fzQY?S`XFT6ejx
z>|C2yE+|)<byzz;Aho)=QA_D<OySq@-VxAV;F2>xZ|@&P9;MkbIjGe7$1)6-5B1H$
zIgZyxiY~P#p}+WIl{gz*zT=@=3nzR~26~HRv}!1-ZBJglZ@1fMU;wo;dtHY5gu5&d
zICvWi&8em|*7=`RtW-|nQz!y16?<CJ4aP4#zbGey0M~?;LkTos&Q5dw9kvt#ghaK3
zIJ#8dK~_)9dByoK6}VU|3;RyDo2UlP7Pw;!hr0$GXHtdE7{1A+Ua>yRw>AD8f^rbb
zg^`RJckg{PINv`?T)}cGvEooUr!YwnKwN!E{bB}J(mr3QGW)0G2?kdC)bjGXej7ew
zQi2H(jJ&6rkDgNF=}HQ*|1p0Lak4Yz``{p%g^7(!T{%CvjGe9T04X6_Shv)3;F~CN
z9iY~HLPy#c4r*iZRIQ429-76SZYh5n(G7gGfz_n6^orAJfJz$3>RE|x@9_0vOfxZZ
z*63k=cKPW7NfEwY`sz;`fKWe&7)7lP%c@U}Z3&E}!Duf1Oa~PmmnjK$;SQyYv+?5)
zs({(ru1MpQKtDvrx(u;?Eo))?2L<EQJL2}9x@!R@PzmjrVTs4ERn5<}<oGCOH4rJR
z&6xqE-PN>G6ZqMVX*=InpBUiKO||wHhV#;qT*y;l4a}u_{p&Ce*^`d~Yv}+~s)N^x
zL~VE8$(eR5+_Y-y$va!+F6RQ>&_~?oP#K4W$<~V#>Z{svleRaHxAIcTUh(fZ62pw|
z7z<z0AFcE^^ga67<%Huev64D_CgA_TV2lRqRXpdPD05MKEY=>Mbq}k3cUd`iwCi%p
z&Z{2b;y%W-Ch;QR3;sd%0r*sO(J+|KIZ#5|b}Oyu&XSKpXNWIw<*GIo;~(J!%5#&7
z0X%{VPcgM0u(+A20zwiyY2_2gAM-SS4wwd?W@GYu&|!&1Z|H<1vhj+O@EKn|QoMQh
z)jgJhJ9v5zaX40K{MZ6)g>gvM4)zOn{P+A*iAPPpYN}O`-6pw#!*ToL?eHgzH<JG-
zeD?CubMNiz@$voreVdehuKD`#m5}p~zBbGLE4Bc{UM?XwXh*7~Ze{_FJ+IdCK^tLb
z_bo|I7nCaml{?jv*0oNoKMG{?Kitog({8i}uh&G@>15mkiAlT)!tnIQpSQs0nEI~r
zC>DsQ0expv+J*~pMJTBm$MrXy*Ku9la^n6v1Pkp1s%u{>=ld!zs9^Cm86ayYzfd4w
z*W8rzrC{;K1#-$o>eoTNe*&@LS+~a(E~2w;uK&qp3cJ4B-#UHvVc|8NJ-vr3c-HAd
zKB+L!zOJG2`=vcx70njXwkcCwFc_b>VNXuDE!w?biT)#S*8?G2kMsHJK@1{zduMt5
z3Af{HX?J&T&SG`Y(J&+<8!@dZS$#tBGYOiKE6^3WGpsoA1F|;UsyK?uU4LKOBcdSb
z`Xa||LM*KgF6+(zTEioUaY(0Tj@ZyJ!6asH1@g3ki#|GzbS3=F#E%HU$dY_7(!>+u
z7P@KRQI_h!>`)`L?9Hx&W21235?I4gIdbsoP77axktQUy$t=88+{lXxqdOE=AGPwv
z_cLB+xnZ$WFin25?Pj%{?wx@a1h_$0F;QhW7s}0xdG%5`sjG7<sZb*9NVGctXOa4e
zB$Vq;wI(i9^L(8O7VexYk+HY+b^ngt=MO^g1LV~6o67$l&>OcGu|l`|36FxYLmYlz
z>t$$5>gYDNq@^+;`z#v(eICk%j!p@%k%pU5PjwMhsx$|l?(5&zIJK+vaT9^YQdCOh
zP8F{|ckD_Z*`KZoo~b&>8D0XY!odJJqcqIdT#-+}aq)`0I(En)O{a_^m5d2ck2TTl
z!&GsexcZxXb_)rUT)HP8@E$=FA91^AHJ}5%Va-l}Ntvug`$h)>$vn)GHgO%l$<O`y
zrTEI>a^On-=}#v^flhi~)6VnL+)qL*$CEdFm%Y)}+KPM>5tXg*%tB`hsPCK)mYtiI
zsF^`9I4^G4vX?(|9=}AkiIH^ozA$p|@@{H82$8HJU;De*RPAjRx;4f3o_{7?Y4L7r
zBa@1CcxvzGiHxZ&{jsjf?MQ2myd1vv`F0nVKOxROKWG5|R;P%vI;?P(XIi9jVGa4(
zdCJS}qh_U1$HBT*n)@mGt+nnFzRbP2w$3Y~vV?q|<?SB?@KmD~vA0pG)5X_c67~uV
zXNzNHQEW9n(z8^kt^nGoKXM2j3xY9bT^^t^L@}wb@eJXTpHJIo2k>^LFNV)$`ZRZ)
z{^wDetjroW`!%A0T%s;=rO<We79oBWff~X#2x=DeKu|{+ZZaw;@a1#p`W~ud&(3-Y
z6Y?0x{x4wTiCXp_qVFAv*MI4QhP`yY+35eHIW*z$MTIT(44Q~7<jQQ!+`BxwRxkmG
zj67$7gp9>-O4bd#u^5}@G%7;S6qOIOmp+_{izsAI_0KHQ2u}_e1ZW|0^2=tr%AdB)
zJ<}lZ6ykK5&jqON!JA#%f`$%mDtKU^CW3iNpxc76HOa^;amOwP3hI4}_u|1t>ADYM
zj6Sm7;g~;~GOvJx4B*i=w@!JdMC9V*eP$Cvj|q)u$0$Ty<uZ5LH*54W5g74?5l$De
zE{{ZJb*y&~+I7yj+~_B^-4>^uJzI+wM*5~u^n1AtEaa?3Q16N8-upIlPZi%dUj2G|
zZ~0Z|9YLM3CD-chR;)?nfoiFQUWi?Uh%A2lJ0*_)uF!RvCBAXTyFXJEVd`H{v(0J5
zrI*!CP#i~5-_!3ywAs%>I7cRx@I`$^&_u<W>sQWTRkJo=B5)>;hzug=Thft2R2xB&
zLszu`T{VL#ZA)wTo!E%ilpry?W#SH^fCx=<i=J2#h<=w9=a!jdT{D|cY3#^@)<j*9
zx0ra-q(Io2CsK965b-v<{XD`dF~8g$^c9{)QfW1ExgP-vX#)6g*F&E~At^;<R@dw2
z$J*E-U(i>l-1Ks_L2vY@Ru&5c1`xE8T~zAYR>ACmu|#p+-4tg=@Q1hA1E!0JRvwTF
z_8fPdOs>d@Ukg?G>0G6Nm_W72J5gJs;-5<$V;zYIYB3Xj#%2RR!vO?5?@5`nl)t1u
zzdIL?D4U|8{tKUdqE;1l1*CO^E8_lRm7%`<nAz)Yqm8h#{)xoQqb!4{mC!4*uV*Wv
z+$2B;wph0_hD(z|c$N3KnC<n-b&12*+g;ym7U(wiE$b7tm8#s!Bpe=1Y5lyCqZ+6+
z>9bwwt!we^=cn?Lx!;EqWdrq7Uz<g-UL1W!BtEWl&N~V3%RcQ6s69oDO)XoM5d>Rp
z=8TODS{*3>s+$&`V-5z0jRoX`r_2Vx`E8Z4KJ)k)R6|~$ojGOLQ8>oDA;qnd?LTLQ
z>8@->?E*3TEwb7s&ALI^p>-^aW}HFhcX@>bG)7OUR04kd?EMij;cOh*)>HJur*||T
z;Q3L^l>g`ff2ieBTTRtAuSl0<U`?z#4A}%G+W8x+BP`_)1#{+y1b=3M7s>7Tk85LR
zmT`fBSMP;k3Hd~n3w&q+&VaoJ!5MO~Vdp!9v2{<G1HlaagLX6YZy+mvzVUYpF26U>
zI7$ZZC1p(3gjSfo(`^pa^qC3nI4cu_QS3|2fE^Z3#z%XnRScIykH=;V)7nQ!8x-oQ
zH9%1&9!i9UHy)7p$((gG1x5#iK$t-)rrj4>9TcmFS^C%Kl7?qspA2#ksTCXQXqbEj
z^2u9T=m5R@c_`1Y8URqejK@eCk=RkqA5NVx$8<ZX;r9KJyy*X9AU=*+%%P3?+%D8m
z<t&P_sacUec?e|Us73#^tQ4xmyCrsUkR^6X<-IkxbuqOC*R;+$J=oH7oEu|4TKq8<
zp60R+Glv^@Y{Ld5otM&};|CX6k;uY`?J6dWUO~ERHKf%RZN!zkl-I-L4r?(0=C>rg
z{HLA$=_BOab~q>WF3bC;K^8E6y8SN8KBnWcP*hO)lWPquz^$*lOz^ws^JFMpp3vgq
zYy}NhC9bXLYc&ugSxTb*j@seqWm#yZsW*Y<S5<EDJfG{(Qv2OGHt}(RNVZ##Rqd!U
zoh_EGkM%|pDja%Ivp7w(re^!>3h^3D5|gt>sV5WGp}9X#EH&E<HJ2%|tFtTnHK-%X
znTs%A>C*J3^|p)kK`HXOr004}zyqodt*W7fUl22%!f2CQv@38pB-Szr71a#$E^Dh4
zHB!`x5$8u81K=NRK#A?y(8LbuxQ(@@SW$=AN_S8onm@PUpm>K3U=NCQ&AL-MKofkr
zL(3mJD<fyP_hVt&g+x+JuzAH0JBgZfl8wq!cZC4Qp-nn>&O*GwSK4@TqH%?gJ^ZLq
z@AcK^MOR<?v^`-|uv)mjgf9R1!MKZHd95}C+0=;^!d5Q$Hxr5f<~~X7oyaNdg)bNE
z4;R}TP;OjR{V_^kzdA$}d>b4O)S;@<cHjIqXn<k&`_i5Xb!l(k%jdZ>cp4D2z=tZ;
z4W49rrIN|#D_8FFii-}po;$pzqDz&nNqYqnRefM*Er#f#5F=9Z^IO2OYUQYIX+pMY
zL;bu_eJ)n=#Dgl?lfdBesk>WBh;HAPhMUFPRhBf0#oC{_V7?!wG)9P)4)Tvt{H<(5
zwGYHYicBKV^KS_si|Gxob)waQnP<4o%d^KQTrStj1hvbP3`nz4>Cj4*!DmI<t2*EV
z`NpWqjlvmKwOQCTYQ)&sIcnzmflD=$)h1JGXjn7g;Bn`1U5Lo0Vs8yY3;c2<3GN+!
z5NhcxUc#i@9O?mDE<}|b+RZGY2JvnPUVres?x@Vt+TO?P&t$W}m?T<4BxhVMe`(|W
zljjwdeUnMQw&&q8w(3N`8;yvaHF}Xc%jMUG9E^wMhQ{oQ`1+`yHB0oBpL9%Pfzz;U
zHpy1;;Gv|~CFPFLZ=cT3a@VtknNuCV3U?8WZ(OAVVA0=j?+AW~ab4jAWTr#J(o)h)
zxl{)Ghrr#ElaH6?2h>JyiI{Ln=5^S^Lez8Cu!So$w44-?%QQ|rqCVAUJ6hwdKbPcW
zEI7*D-$ZS=9I3198ui7uh|OjuGK;sisyQ*m2mH*{<<=2F4C}Im-yZVXdB%c&Yi9cA
z>W75tp#IJ_-Gp|V1z70M!&nW?2VAu?$NQ0@i*c2gdMGCKsHdjGb?HiPSr|(UQ>XI1
zC}dB|cf$*9p?M>t*WxTJ<qBGSh7Plz(Z=3qB@tSqmHsF3-m_;;c~#v8w!XH$j5WEQ
zCuse?yGF17O?<F>a`Q9=7t33I2_Sfft(eq;EhAK`91Xjx#cZb9ApSF7_jGJ&=2QZG
zA_=0X(z$FuKM0iwD7o0jtxh4j<f|0%Z$5GPh{6n_ZarC14b{W3_&4=qPp%*&xpxM^
zR+(RBMfOk6x&7ts@f;CSYU_m-yV{mJ&Ch(hmgsnUF_ben$7!oPj-;z-eRd+6f5j~~
zZg*oz)%&DWg8w8ygxTJ-#UQ7P^Q#d<nh2%G{$*0bwjkN6s$~qNwy`)3^o7?AKt6sj
z&Ih`GML&n8H%wk^10AKT{$V=PiC;4L_Qb3gloo>c96QXt=7Yv=MHrmh(1K)7LFHnB
zk@xF-uYxSEzNR6{B&%=o{F_*~U4nJ{K%>^1h5u-un`y!Dp?l~-mg!R*LD*Jb27sSZ
zD8LFDEQh7HLq&~w4r5dfhPFrZFqCQB`R73tT_J!5%##7+6rD~u#lQL(exeyhK9-vg
z8_|5~b_4IQsN=rdgum6_LXAIvInEc3@}HpIWEgL%!%zHGvE<+F`rEhZU*)TqXlj4Y
z7y0Anb|#hpd*bxUpZY(a|Ig+WFkvaQ{JU;{lWzRiK>qn=g+N#ya=z{T5$Ny!{?|4B
zd$(u2CXNi;-IJjA68_c8|LY;Yp7i(=b}*^t-V$;Bz9&!I1a8vqlO!Z0NMvWWW0SfM
z4=cW4%hm*oNJRY275|reupRa5-6VQ%u>Mc~*mhfNj@8J-WDWe$>#qs$Z*%>}ZHKxy
zeDKh)k%#2}L#tMAVaG?}rM3M3Fn(W5apeE^0slJ&|3B;?{0Uv$uEn>;^~<-KWbRL&
zb$<|M``#fZqrRN<2sRuxC%`kV%UE&#tzjK+)5~vkYt1FfC}`tb(p1{hSA|FSxCXsG
zm7Lp+7viz9JQpb}K|@93+yrn3m`_yFlr-F&vP*6G;>eL~Fb@N~ijS`?EPAQ@dBU#J
z-!5f3w&jisF;<loeSRJ29ly6+q8;5c+F_TL^L>=O^~RO}&$dvq=h4sa{vmfiy<yT%
z_k}NbhlmlV{*?gx*SzJwAFcIrjAk5D384fxWjny5GV4g#2rccMF$V|IWnVpj%ibU#
z&dl@PPd2)((+dV|F}H|q>6R=@+BZ=@h5}?omQ2RX*DkNEL#v+^DPM;)>npZHKP4b9
zJNLgp(W#nk`1Y6I23!&lLjC&GSDj9Y-abUOby-lcScM!{ewyJdK*4J4l!%fJB4LZQ
zjX5Amn4e}5z3`TpU6H0t$e`6vHR<QTSIM&vS0^p*3A1~Momp-z!-mFq+K%>-eA#K!
zC*R+NA#XY_Gz<G37JR!OD0$oWZ&BSp`uXw}(L+k}B)miK`qNaBgJo9v1tV5krY8tw
zkb=izdtktnL|`MdD-NpL>ecQdqE&74P9~sDH=9MF(YID#ZvMnj$CDiHApeo&v-ucZ
z*Gx}>=x)>OQ9J(wUk5}_ld6>{CaG^w9Ov_vLaeN4*}fx%tPwBGqBm6T{S4n|elaZu
zrB+ea2NtV9>q<G9x}_8cU7bJq@el`FdrZW8Z~7qvv(0}kXosrd0hO$aol3;;3r<Gi
zGU}8hMmZfah&y;+*j%!{_1GsCh;hBT{o(*@;MjS@@G`XZ<<PyVWhyh6*`%Si=*51V
zgl&yGSpBZGBRP3FrMYnR(a$ajXum=`K`6<SzNg=24Q%y3e|(m&w-gt*KLm3=0L$wM
zS}KmUF{N7ur}s!EX&%~SoiujxU+VihObe;eeD;Q}Hqpl2`0XMuM0fjVe}yaEV6quN
zMTuxc(mJ14#V0^@!bOU9GBs2LVjwXGF57Q&a;9_e3Tn>;zI65!j?HHboayeS=JhpF
zOl)mfiu(C!UWZ0?In#Ip^Q|-jSMmqh(9eZAz~?$AR{}y^7gv(p>FxEzJO^LLa)CKt
zO6DcHR)Rn#0(i-@iu|6-gz;9%^zyz5O1%Ht@vv<Uzr$jNhMY<eEYS}ck#=1}7!=QZ
zrw)jd3te2d1cnxFl{PBR+ddN6VeL-I9xw)19~Ep+=vN#SgsN;iiKhDZ)8pKE_YT)r
z-i`>O0aQXTR4U)T9UEUiAlK$1ndaG8)crcfh0;eq@pcAx>iv6<&<d*C`(n)}W-|IR
zFa4%gV>_GUYEU*}JeL&_lFn@38vweT&p7I(%C?q7KjAk$&N@K8SS)^lWkKfX#L&Kb
z$B#!SINetxl+*!lk5<D=R>>C_@Qv=Qj<Q8~HeIQ|d?{bxRFTT4-emw$b9A6_8HI}A
zK=<m~3tk&{za!v8y-2f;bs_>vuP<BSJ<KoAAzXCZY2r@fVkXEVgM6*IX9<1TQe!5g
z{wgGMnx&tb^eLE;53XhdC{cg&*`;PcK71=(du3EtC#YEdJNaa}db{_`M$FVe$$BEg
z8}oQ7DrPcxBg4F8Nv?!NO(iuM>12tLlSMY$4F}{jS=j=-dUk;I^*`W(|1_Ax_b<g6
z-!m$?WfVW$jn=qJkN$#)yj(p(5Jsow$}dH}0kD}JCo&fGjWl0EoE6Ncl2R(barHZ1
z+GQ-UHN5*DoGFO`A~oQb^&QlFaspYrsN`Dp)<&E?9L-JLlPS6eXF;8DXYO<zx?n5$
zC<vF23Y2!f0a3v?&`Mc@49(A<TfRKV9aQWp6XagLLW&chGfRH<uGUAmF2Y}Qp~YwP
z;K2OlT=${mDTfhl0l7N=Ckj33UFMK?2qkG_8?;<E2oCGxjsxtB+}0I#50va7E$HzE
zX&s|<aZNjTbl8?91vQP|ht1j0v+jQkn057>xC<^POw+-hmX`_8M@L_}S(lXX7AQoO
z&c3IGa4Kx2E9X3_J*ZxFHN8ChMtih$H^|cKds{xOap8bAi-O#MbSQxHA~Bbmc0RSm
zcJ3{o;sXyTj;arFNd+I7tETM7V#x<ER0daoMb9DHKhWemkHnU}{mH#1;h@1_V*_Cf
z-<nE}#bu`+Iirfi-#pg8+{kl-FRixIvnTTD>BhZM)B1`aD+u0fR>DSI{Z`Ossrjwi
zXsxOr2jT_$Y}%4I^CPjlsjBjN8lTb!Mvc>ahIq^3>L*JI>aF&xO(%05$do2y_IaHh
zN-|JMD@N(U&Yz_`w2kz7AUq6C@a&Gd)tUU$JZ6dPw6z?fRv&grW8SkG<rQlP+Y_Y&
zq?T0Ubx1&&I0Lm+f)UD0?sVaUvLV8K<Zc!Dn>0{xx8<-)?wCYsl}>;BtQ{m=uw=Wt
zEnr)dFR{Y^aL0$on2J)fr1n4{hgdXjMs?upC94vWl$|vgI;24fUYiG=UhTLBm#s`q
zfOU6Q&+xEtOzFryIvAxn>yPwi;~bxUp-em1C9AQ!N*b@r?m|ZKT3r3~-(!k8h)-+}
zJigy`>?0u|Nen>>@)OnNdGL*k7?78ht^NKOX8zr2Lk&Hv_t_5C@0HVl*7-X5Ox#dk
ze%x7Ro`pw~9`#vO9PG=6)g=!-&+LRd&wYr@$*h?xSp$c}vs;Wi?{PBNUdwdP?@zv$
za<1d&)0Q~Gj8_g%G=|A?$G<VcYQ*Iy@*<m^?TkA`W*b5p9;e#xpVnlkcKTg>vYDOt
z16*8udOVa=hrH5t(rO90gLG+8#O6DW*Kruef?IetEAkK2ZGC}d0y*%gZ+8i=UPBnD
zryF-O5}yg;Ye89zj&n<S+HFTSRoO~BG7|0m%bc%aLsU5_#jQ_sLuHW%FNRz5Q7Ou;
zVt(@H5MSSqPD10zb`b&?NsVPl+tqo!efHq@g-)xP<y`%t*czqc>Ew@$Fz%!5Gxt!O
zQ{BS~U#9*Sd2@Ug$JPds*U~yi=8#X|e1B7G`=QTuF}lM)iEcX8EY|U^%m9KX>z6sP
z9n<P2bKPQG_*B|kRHAQSGY=PnIT=&uMc(?a4fI!R5yW6N8i2C#f|iqY41@{6`xEsY
zEL!$;A%O4UOP|>}l>^!|p-DgxOTCZyk!G!r5^%!?oO8Ha2bk0dC`y1Y;wGn9$mqZQ
zn7+h~*$KDv{@kFY)2xvCR3K=hK6+CX+1}|H`?27mr^U8CahA6RUutP1;Vd1Wmlhjo
zH-7~pTEe+chIFMp0hEvk7RX6Y-)7Yx??z5F<CjI$$p;)q`Y5vTu!yyKZtI@%aF%5p
zkm<`H0~fZ*TM|_fi%)rb_bPVMx9aG29&wG5?s3f~L$hawZ)L^NOunl5KutTlmUORS
z51J!XKE3G%Wzc9zd)j){>JTbix_b;XT~thmGd@|QkjHaCPQnRV0-ElRE-wbHPvD><
zdjR(Rp{;LBe?n?+y(b-!TM64A!;8_AHOhE_tYejm@`6d0x4>1&6+;>s-DIMUmxgq!
zMrj|pYiB<RmKfUphIY$N&!wFcJ^DZ;@=g$ssBQozu|Mf6Vt>sMlu~+t=PNocVn{wD
zFZ|nB?~CBg(+rYy4iAe)ot7ugrb)*_q)|X&du8Zwd}kZMBPvB=t{L7q$x9n$Jo5ax
z^3qqEU)YKJQmsselVlvc?{-W$ekL9em>wA!IX;e2Y+&F&D;mx{?au2Xn{4P?h*DBa
zGd#)?R^QVhK%5uX*rL>(4a-L$U8-FhvPDm7Wj4&yUiBG1(1?1GmdC=AyX>!}BpTDa
z|7A<D?KtMxgXk^q7I7<&ZYhl?uuP=xxQqHDx-UT#P*3{O&eG)k<@Q5IS-lm@D(}`D
z|EsEMzL9DAH%A+A)1I=K{iGV3#L6=n`!juMm=<`tf|7evbYm<cLb}krqp?>bC%4BN
zf~kRcEDm$Wl6a(Sq<ULInOgBHH43EISZXdkKoz(W3rAm~B74b9YRtT{Z7k6O<fG2P
zNyhtXhVQrQ1m-<ahJshM5?fzJ4I=f8w%^6Wj{EUBtMAtYvEH`GU~h>bPTFHJ>Gw~E
zt=G#_|FyvX?b|B*jiIX|K$Z-RuFFD&!uJu42Er+?MrkW&LtD}keZG_l_q7IkTXuzT
z=j^jIRoCYVSeJo_CTo*~PAz57e2qpbE#rF{9ovKnmo3}H+K@4)ieYmAo<*CR)t3fM
ziwB#LJ?~4BtpXb|sVA8W6=XVEadb9r3?x9$QwJwqtfgGunUKvswj63_IwLRr@UEJg
zg7aOqXSDlix9wYv(brb-Gfp*G6{+i8@8!E{w7r#Se`?vMt|+HnU(V~yzDyoWs7xku
zS@d{mhjDRy?l_qcZOXbOtLx*mDBd8m-R}d|-5N$&E<|}dklKpBU=K~y)_x;gZvCZ_
zL2<cfUH<E*3w^}$vVddo@;mCyV@cvi0T9JELh<H8%~}R;UMWMPmT4rl*tmq;f)LB=
zbi7JnI@Vdo=dt6NQ7TKK+@2G5jA^i8yoK$K3RTA=oQ7~*FCg2S5sm7`CcFV;aoXh3
zYO)h-eKcIE&W>yH^eh{nGZ^PH<b7;^!?!zz+%ZmmCDWy&wjee_E?$s@X%ntHc({||
zZSikQriZEG?D4U346Bdf;^chde&k-7T&-C;;!N*d6@>C8?{Z0tr2gUI*0hLkL0na_
z(Z*1kpl>kJCa2+7&*J}NvZ>_EYUMk>!-spDvJg2XA6Y%kzJ=i*YMx;-G^U~qhBt|O
zMTX0Kvy1ny1_n7BN-S3D7QYE(B|n*l&<Ex?#+IoHdX{MB;<N<Rf*~6rs=+~JgDG?e
z2Et4e5<MQm7SrN9R4ZdEMdBr?CThuf2J|I)4-0&M+WCN1&y;gyD?H9mlA(dqV(rxD
z3&G;3ew@Tl`KVPF8A(sjggw;=6-`S5S5*I;BB?HA-`cymN@JIMcOSgK`P4h++!xrE
z7C@NF6rCoL+2#)aIt)y&Q1YYS?oX6^quZL=qyLJ>pu<nysNC5ima%Xw_eR$YcXIg?
z_rNHoGT*H##K`@ac$ItF9^G7$sLp8D=(!c=eTIaaH{r};ADRfj0}?!(zuPl%dI&=Q
zr3G+1h(j%Lli}I0#RouT?%B(1AG-6Sk6CGa_&X#etyWm~^<cqeJm2SFrPBLjtztq0
z8A*B^IzR@v7vdc^NgQoK>}35RpebBKLbH&m_%rnJyblQ#m+lmYL=B^T#I0L2Q!OL-
zgO{CX@!V2g$Z@g->>#vl-o(Dl=g|zYflt<%(J|y!FRsk|qrQc!<DzCu!E4{LbZOtm
zT9O>|*T9Iq_)=zsI=0f$H!fc$)wqc~n_VO`nSt>}{UH2pl|+%m#}@Tu<ou=Sis2=!
zS|(6MJDQ$WkrKZF-!Q0u^J8g)E`FES%p65cP}8$AI&sGFz^1qK!U!SHk^!+7GASrF
z<%%aqFeW%5#X)yt+BcA>PaEAX%%i-xw<ATSLaIn>qdr~o?8$hODS2R6^M5+|e}a35
z9br5vyC=i_gAi$T%ded)XG8cy$_@?hJ{}f7FM09q)Y5)}U(9Cgo_dg3utA8;hdEvj
z-nUPCAOh)(j>~iD_tUbaIYW!8Oz^+3dO70!VJJIuj1ITZoN|kzHgiAAyag_#fBV)+
zN+f=5{rPT@8mp3mgv~zZN0B!7J@t=ea52);<RyeXbuoys#)JxdFf=bI>8~c-vr!d{
zEs&aLW=h}DYjF=RZa-ji0A$Q6uB&e3c4#+vRwQExa%$Mi#ES)tasi({of9gR>gv^T
zmU0R5hCC^ujgY~6fJcRzJrgyZ1AhO*T~pCBi5Q$WWPZ2rmD*-$wFV5c*vKBE%({jh
z@2kdPl7~-P2?gOV1dg^F^hb98@D74-xKx{+o)~ht>&gx~sRNkjyJBP5kJIsZcp4Y&
z>}HvYcpGUWHKj~5boK&KaT)9?`-?hiOqsogLrkqsMF@Uh=J6(Da!ZQl-=51oY<Sso
zKtiU_#Y967G2n~BDPx~$Y+@ysiKI;a;E}2y+-B%+U-AtS(_FXsqS`qu-T8siT}@ZP
zT+CH{Px8A+FRRn^HE!33K)|A7P;gF;p;_HbmCxAajKQUD^4mV+{fnCMMJre~pz52R
zSMLJQNi(u$PG;2Ym-~`@3(-@UE7a|wb>G>yroyTB@=cGFKX{zydchBJpNh<hTf+x>
z=Yt16P3_~!-~~<cMC?@mCRWnpqzoJ_G@rw;nRJz<t3G7aie2185NB1?J6yBZ*|~ra
zA`i@k?z$|fS2aJqZU)UuZEVVncXSs$6I~HV_V%gM`SH90oXVNxj;vrzRA!_LNh$*;
z$nR0puv=ALf4bR{<2Angx-44Nbu{E>_S<_a8`s`5L_A?=cktIvExPBrzct}<&+q^h
zJf-yd^a%VCn*Ngq&1sQp`C}ILr5T?d+DhlOsBYV#$)*p>^Bg2K=V407s?Zfv^i}_I
zMkohodFnu2%pXxbMXo_v)<KBO-PPKP^%AR*p`T{J+bx^ph<H(Hhuww7qU(|mih#33
zR!0z3S@k_RVK=?}Ei4}Jz?_vcW1vazHL+=@1_T~RU$&aEWbn3Y-%H=8B*!&*yM(s#
zdAj4rUP~(bOf@O+tVDeesnz7ZvaQZ#DYMLgBbZ}7H{i@A`R74$55dr&V}N0TynQJR
z2gYG`kYN)=+T(69TD!{@`>donPGdZ<<t-{KpwGgdw;(Y&g&=8TAh5YY&UAi!T??iU
z{JLPb$l6$jGD}}sf!G;+CC(42+x&^kEU1m@q_L%`j<x(q{oCBfs%AJ!1#dL{Fx4kg
zVN<r}k&OM_KDpFS@;u#p%EOQ4V5}zdlk0g@&HY<ocvQY#j=oxuK_$zG!l<9!R>KQ^
zb}CZg;#_A~wMhLYGU<9A1s(r9FrWw`q9d&oUN1<W2+k6D;}YGc%_nB>ROAyfEErf;
zBcjIP!=Axnxh!g`v?SXWt3ovMd=X)vGt}v;yT9tpQ$HouI!S@xTn?ODU=~w{SOu@E
zeZ6&p+#=10!2_g~CAeJdXD|;`UG&QlbXPX<7ur)#&ACjkg$u#Y#~4LTuh{qy--g#C
zqOjc7QE$GJ0f5t0O0Kulp08rf@?%MlIwGD0jD_ZAisz)M!6gK|BzIpWmqW<I$#x;H
z&Bhe~&E_+x<bPHqr}Tbdl(hPB6o=peB`0t9!np-DxL9`PK<Sq3(Trru($MZ#2VbSv
zHq@F8@4np+=Ce7t(&JR*h<c#<frw@)@z-wVU7hn=;iE6iH_zU-NKgXy3L0~!#kH_y
zIE3%U;3u|xGY~hgY0|JLDl=-78B-tm<#;DgE8-SKaL6HdUsw;dZr5o0P9aI+<}?eI
z%1#M$+)X{AwO9u^1gwNhCL6Z_LaPrG7I$*HL}QH`37D&>DR7BgpJOFZecCXN*S6qk
z=;WB(0C&{<t*mZwHU$!ukBq*7I+<$2at0hkpJnB~=V=yOi7A&{>jkZbwzZ|vC+F=M
z9j;=D2H%63Wv^%3C$uS<Dm-Ip<2Uf+lsDh5O*vXMskl<FIHz6M1cskmx3e%d$5WfA
z3-vjmjrTCM&W~5X6_LopVGqADN~y^xPONg>SRVb+s89hoU1~X?*znWiEN1o{3l=o%
z{G&M+FQa8L$L95)UzR!hq|+Cdzse|8uVSk|Tu)JD(&^ui5vnd|K}SD@C*Q0I@1!X!
z;Q|lHROkFp0ZpWG7a+4>q})Rdau;5As5JRe={vpZ_Vm!B1&;#fTdrP4e$`HkSFF6H
z=CjMb7oy@+^R1H$2!aHMOU%1v@!n~{Je=l6GVQwwc%e%MwqKT2Qy(SZWnXJ0CKNUr
zIK8B+)Gqf-7n2o#ihDaYGMfMS*-;rWbF2GW`ZPA$E9+{*Yfjh=Q5EO##)B1>OwzaQ
zo*`5gI6Asc_!QrO-`ON)X6$_3^JR<wDsDIqXmZwm6Q#25p*MsaY-yiyXJ~0j+^uC_
z_}(LWk$`@5ZPkU^TE7}>q#}^gC+siXD$OXZMk~dNTE^Y;vy_`URLbHE-J7(sR-ZmO
zs4F0`V2?E?@VLQM&}C{Lt4%=dZtn>pIs3zl!?WD`_R}YV*Q4(?hG{AvP*7ZMIMWQ7
zIJA-$xCxGn=#d9@|Brryg1@!CbG~tx&j&6VkvT=?X)tgLRvPx@2?Pz0&eA5C@IG+G
zyNiccZ%w&5;t`x*zcBIaK$k0ndTh>}9_?o>ul5UceJ8+aVabr%?<`ZoKjVn^XlhPY
zT?8SbZNw4V)3()4W(<kpy>F3GFArd|G{DvBG+0Tnxjlh95ruyjPlt(nbX0joT~F<4
z+J|$h_r=fJ6rxG*DOxrkoHdWts+tFX5Bp-4o$P0C_+DE9rtk3rTUvHm4D0`EJ*8#l
zVC)F?V`zvqfZ6l_vsRp12XN19H_}rTZp4^0eJk!KqYteNp?o92-=R?<U^Mn}VK?l{
zOPGbcHS-Ct&jv!g_LR_-ESZEnce=HsB_H}(!KKy=A67I*Yj;`1;@aw&0Jd>7(uZW_
zeOCf$A^CAX8D<f$7Y!67nEpWs70dRXppB-pW&D_y#(IEQ>^RYn@BO>p<3Gc}FBe>H
z1j)V0oZPHVG@foEt(=s$@HKizj>&d<(u(c)Q?ymm;Pi2K(f(Whr{z{6G8R)EO*>c-
z<5sF$Z*R_Ax~IJ;=L~0|pYa%5r{!s+Pz4D(evXcFNUJV36nFlh1SJ{y)Ou2653~}h
z7^}iOL>u4}ZnzC!ygZK;bD23DfNYUGx=I=d9;9wNd42{B`$Ly@!TT$Mw`G42Pw~v#
zJ?)T`m;w{_RmF<%4R74)$5o#WuD3smF#d1dZ~Ly3T*1tY<C-SV6vK+^b)6Rf!FK$6
zcAh*Z%(LYk>W_!JT^{0eFpt+s#x)%;YRf4(8i7nOT5bL=R*gpb3fo1Nz30(2P2M6&
zJ>EO4+WD$!>}-`}G_6djx8nTQDx0c6n>wmViaz@HW;gveixtG$lV`LA{A0^>X^pgG
z+*o(_iVy4RKQ*7%wCV3U-D(fA(uMA9OG_+R@Ki7?c#OqFpTz74vfvBq)JJ+xL_WH=
zodr~!sjhD1(vjs{eEiy*S!L6GJjA%!cK!E~XaG_na)q_d0Qw|IjRsf2LWB685uD}h
zK0OhPH^mWQ?%1(1<s;`TnP%(mdF&8Xc~UNYXAWAh7oc7lY>+{|n7=fZ=iR`?#jyG8
zx5;&H7PU=pLvJAgso(D4zcOj(So(swq~XKfzX_)Po6GVi+{XG+V=kjJF8=Rt;BRR2
z|32V<2l4-xAwAr{tPTvw9Qc+p|JL5IW*J6@SFbroNdErgZ~cC(MVsF9tJf3~5n0ex
zfBuUp;|9Jdmq;rP<DvM!?EW9O3ti*Pu?Au4cvOF*efsBeyYq`vvwWnR5@LAFq3=5N
zXN3H_4?7ktThWDuT_)#mv*&LBUf4^TyI88&E$PVL-Tmv@<6mlik&PPtzeSa>^K&{J
z`vZ}eR(F2~f?%%|6k`A3f1B{XqwxP|3%6&!QXCMdXJrRgF8~UY#uyl+q^f#MkmQQ@
zJw5L;!s0BBw~|hU+n`gaWVGxY+NvL3jvG@asJmnL><}im5fm#cYm)Um=rzNClj9Ce
zzF6_{J4~~TppHUFR1d0w#cuQCgy@w^#j%DKV8C}iPy&#Nr)bN?+k+pLLRA-d6fL6F
z-_N*9=v$X!-a}!v%^cwx!lT;5gW0uSS@BIGk8s0QC&(GPnU<D@OGtZpg<JtaZ8s+V
zb0KIq!|6ZcJ~F*pXE=*!v7cgk{`|)*$*<(aYpNO4b2J##ag7r8RW&@l<b*rIgIZ}`
z50DsWw0rirsQVCzy=cyTX0Nc8K29zyi=C9u_!&4b%!T$-rG<rsr-wlNg8$;uz3jOc
zy<}EWQo^j7N8)dubX#6t{_u1fqo;Y^H*{wVCA>1LI)08_6<$U>RJ&$=_3W)-tJ8e3
z0x@qdzQxSlNB_xtK;ra=?#EtlV9)z<Kc?sA(71810y72$EVAxnY4hZ^iw{{d^i|2W
zTrO5y2zeP(mN!o&0e)8)dj%8^KK9kGz9xMb>M1SOImhru<oxv&-r?eZEJ@_=!p;dp
zkMgfCE-vUvpFEZb-ttT(sqNlcQ<r)mypk;^{vu?)9Rp1##lq!yMk2`ViWF|bHt`^P
za3lhFbq2xLzaSzaDlFtgodIiAffDXXt*~UR^e$he19zCa-7G+yUMaCO1Pvc)Zti`p
zX(fF;<7?!rJS%Xv?9wb<88DwSZ(0NK)^d58nV{$qTP2tH*c)B&tdD)ygD+&9bJ}A*
z$$i)u8aMM%)!J!Jzg(GQrp1+9s@~-dx5E35%#rNFYVJIC&a^CMrUjGNy0MXh>iQjI
zHJ4|8NvH1gSgQZZHA>=&m?rOAP5my`TD{qyU@*}XYFhE-5Od1^rfOa)zq|s4@{_Jk
z&5f&T%xM)_2~%rOt4o>WqmLR3shrU7R}7oYk2fPyqqtGld(Lg+!*~L(IrMqus0p%L
z_u~zlXB(|+J8hfc-p+!`Sz3n+RVcOO=8cH!9y`EZ3F9?ds@px)0a5~6zBu`$8`@|L
zY7}T}EOj|w(b_$*AI+O(5^uR&PP!f;RPWMe>h6YhiJscBK{{5`C+g;8KQ6C)^jG%0
zDnFCe2WN=a1}@IIf)~D1tuIa-3ROl>Z7mC+{P_!OLG3Q{$+L{C0f(^B>p;i*R~%S-
zDEGag?qu?PSYRz6%J%htZXJ7u|LS?iRYj?rd|RMv6QUVkQMA~pN&IZ;l$9Zex3}{f
zc_O~Q)vm<p4^*cBeB^l61l^IjtmH^?dFTaHS`pt1>fCeRZFF~!jH~yIBBZ18*xru^
zH>peI(G{5zh#g|cAcJP^yp~IfR~j;Pp{554vU+T&-7OgHlq-3>u1+aCrFq*6u~<c`
ze6;rPU6^LR9?#JrIT#l8;y<VNKX%W8!u#i%8hXi(0)3`l-9iSZXc}~0y0$%b#5Y_(
z(oNRoF3Y_D&|VKA5-C;foTuCa-&<UHd>IbyIUaj@^}`zKx2FV67uE{c5#MOdMoUwP
zx`yl~D)C_<O=r}Sv#LZkFL1sPNQamnL<;V-ElQNO0V4DycN?Fwhf0ZUyDrI5=A%Az
zP{}=u@#^S$oF}c_xu1#qQ-0$UfY>xwA{aFl%xG;}gc9c8hI5XXnr#0M^yBS_uu#VL
zQrVPy50sL3&wVXt-^0EOVjPD7+D*3K^>YEoJ(xxrQCE>OjDd4g{j%nZfF(XpDOnpE
zn?YSZjFs5+{FJA|B1e$J@SN}&CT+GG=(EktXOfLM+M4#)+}~#0UDJo9_C+gQPi!}b
zV0vWi4Z3zRkj~bO&y-e(GTOlC=|wyB^rPWVCb7!l0c~BjHQ4eiJR@sI{09zx4`(K5
zs2=Zn_8cB{N4Wwowz3h~Z6`{BCPHR?k>4$P2!Aa%zj3SVe%!=hMcIlqWyd~e1EvW%
zm9H@%(ax$Uq7SnYCn!=>iFa(P2;8d1361p4?;1uKwEp0dVhRnayCU_xaY5Ok(sLRv
z4P8YB#GASQoKD`I?YC!)$Ug0XK`Mez0fkCi`)Y&t;Nn}auB^VT*PR&<61eD9W$bVw
ze05c$a)$zZw<G7gx-ItFZNcw%$z3jI8@FA5JQ~5(1pWZcmah3|S(i0B$>a>Ig5m)o
z>ky@o@$Z~zqAG?LaK+6guZhVtU+<Q(ty2oSzdLY$MMy8DNQC6Lv#KI1f3{08Mjz9o
z3(GH`+f5_Yhf?`GPPWh*n)sHf6bp(ctwXK?rRL~G<h!3=Z`UL)mPaZQSie83{Ngb{
za}_A^OiFa|QhuFJlIp%_G!Nt_-GVMkKDZ*6)onNO`)u-~2w$#X&E%qKN<`qdr3In@
zTK)SolgJ~{=GmPOd?oK`?b@ld<%eLX^lD}2qH#Nsyo-6q6p27(;h5d2>#gi-zm>7s
z)8`tMSLZbUxy$_H%{{IT3x)q5_TDlo%I*sseI*n@N<mao0RbtI?okjBB$Sc{k?zg`
zM+pT1krEgN5CNro$e|<z>F$#5&Vl<3#_RC<yI=15-*wkr@M)NNo_+S&z4tk19}<xQ
zUdf0wbKX3Iw*@k)(9r0wyPrR+bqDE7Ji$HSZ}N!VJcMac>dbeu^l4k(SlNH0nMjc}
zA9P($(`9#ZRW9Zp?Zh*U?4jrQCT@*k^Vf$Y@R`~L*|egW{4m&&4O_LP4Q3J>d6zv~
z-3mu=dT$#9XW#KDYZhC)wj@F7y1rwiDG?f5yye*<(pfG!PBM^spy@dA_mmfhi{(tY
zH14vR5QD~aE}eM4VwE&lkBmJ~Q7{^#1J~>mPJGZO9v1K=3)1V*3_i-Jz)*ppTLT?A
z4UUtH+;=JZtv0In%05$DG&M=@H+-xNA3m&mCiX#XdCG7ixm<WB7rdN<yvfTo7;x)D
z3$2Nn=(UNRo5K4K-))TPznn7c%^j|l`TODxD6aB6G<S`-c~|8@|88YSEm_)-Xi`b(
z5tx!|Zb=?4G?LmGo{W$0AeV1At3_|pIIQnP-#@ab;%MEdt`Xkd+Nj(?q%sQGb|M*e
zDT;S~QO#%jRMU>tj565P$#a+1!LI`I$YrbMHh3mkVxW;|p25tLYrb{CIXwNH7n9u=
z#Z<c^L50B&q9w*XDcAQ3sg<7%lD4>)x(sFy4t}GYon;nvUgS)^cy&3wsW>%NrL|~k
zw8-yYnf~*W2b*=XBd*|-y?i1&%zfS8#F0g2M1#$WvhTW@sGaTBja35PU_2GkI$jp=
z{vv<F^dfv3tp5;)*~$Gdg5T%G#l#UgH*spocjQ;wOSd{qnd#U#9_5g}x@~~S-{2J^
z^tE|bR3yw!8D+l=R^J>mOwyn4UL>2O{1RY0$=bsps6@~6W~%tAL(93(BT3Cyo{msa
z6purS1VaT#smuzAmDRdmh!0GUXN%HpmFabg9cf2Kh81iza!{t#aHQ!iX_R!lWp$$D
zH~Q-;8z}BB4m2UA>I}IhmF)=kYWIejiHU@1iiJ^{kK=5ok(*zhO^;dB1G_Gnq`3Q-
z%d(mrn?YI=_i}hx4uJa5rpAXQg#89S<(t8z(LUr^Y3gz}dD~}SQ&f+HOd^E|DY&QN
z>FT`lRwbCm+gHW>YWwz%b_U-{%7{99*e}<&Lk-vk-q`iY5Yk^=TCmx7Hfa{EInSzY
zmhGRUFVVvlG3Hnn8Tv^{jB0K01z9*!&9lO2*=2LDNglqcnXvUqT7FjXoQ3ONSR&I=
z;pC0VOIIU0IWz3#RI*(2k(*kkw>u=`{<~@XIQ~0iw+;l#h9p^5i^bp!@T~!nqv09<
zP_w3t7>=Z`pZJYBJ?_pQImjG&Dwi3pA<I%=7kWkaGv<v{g++G{qZ(<v2zK|~Cc<S~
ztu$BL%b2y>gUs<|My8juB#Z@#+a`SmCO_A%k&QQa2|hOO8A6&ocKYsj?noo`Q6`m&
z6&@dlTSNOJtKso%iS$R__JsxI2RYgr6V-J-?tBOr-!C|;BBBp)dtNT}4X)OJ_pq;>
z2wH#s+uDlNthW1VF7B2q5{&dK*^DUz!_*GpBIT+*YS41G?!9;$ZcV2``-wbdu|=y$
zW}Ct!>b$E3md#pw!Tvsj?)@q7)KU?)!!3^Uwaq9q9FiYXP`hqfu>Z!Tq};qs&{KHn
z>S`^23%9BNEw0%v`I~dOjQAZKW)i&~86SFNLaegMj0<$)y#Lgge{scEh!Y8^dc?g`
z-*hn(v1zr;uH`h^ac-Pan)Hk4&MKm&Bi2}D(okk!a9F2geV1JGJ98|I*J_SPINQ8T
zQO;d&xR}?<#ESan9c?Rrff`p0uKtba9J@(3UfxtLn9{&h>d~RWo{z>w+7#_Mj{fT<
zQ7b`@w$7()@xadK`}U_5vA%n2$=*z1xJ;U**Dal$+piy>jyljEyb-oMG#p<g5;6QP
zdStz-Za@V2Qdk6e@qan-_rQ6<g3DX!9DAsO{yb^NBKD<sMqM7N0b;H;*<8GwoZIi6
zF*Qs~OpG<3+CGJf8S>1BwDkz*-lg3B99BLQdqvZkg_n2x{iiyjYkfi-9L?bto4RxQ
zk%D*bY?D49zWz9vj$3}AzsuyYZ+1h0&WM3=(zD0%h#cGLS6_&H2^?G${C&W;;0d>c
z3V3PPb@k$%qhsk>qw47Wk~cA$M7UY8=2SsQUghcLn0Y7l*p?&_Rrk^o&u`z?pTGZa
zRN{UUbt6yhmV?Ixw2NeGP?qjRNiBV`lg{UQ)3cI1LG%5Ci|rRP&RW9W4~la1b&--y
z=ODB`8hNp{ZEtStNj&+sl;N}g=su79+`!<@nh;q_J=6aPe`YZ78JQN~o&1WKB^Gij
z5Dr8%jJl)B*`1&tIJn3ETvz(<FW$!OG?LYuD4l*(ve4O_=034r9|jllDD#)Ds}&Kk
z+BZ@X@if2rw}=baDX)&z9Q)DQWYz<zCL^<92<8gpm%Fpt@!)}nf`5-_g6+p~oWI8a
za~h)uOw?_LttGhwWUnJWzJ`CSq4(~gekSGrI#W)VZHk#CEDAn5l<E2SBlSlwBxlN=
z2C3ma)QEmgEN<X2m0UF>+~CpON7LtEh-&}xiMNQS{cFN!x*z#n%m8}w1of)lEYRLs
zVsnxZi58jWxz#bo+A*?Q+)F{l23#OUCd%jWiLB9vCun(XcwBg-Sv#Ba=1qx)mI%Qu
zat^*4!b7rVgOAXEyBQu6U<EXK@Bmk`mVR3_72e<yH`SY8vk4Ef6`CNF1db1i))Qf3
z05=%6%i3u_$!&W-vVYTNXH=Bl*X5I96sOf;PhaJnR=WPt?NVPsOlPMELE2c^SUU>k
z+1VlgZufNI=LZ9?e0}l>!dj+W=DrV?rpsJr?T;rgcx}r0=A(5?)}4P_5TopXbq02G
z>>Ba3`nz4g=|FsF6-vQdwM5C*Mqt>IeQiv&ZmzJ+)rn^OZjs@k$*mP_N1?h$-d9w_
zdB_P$-Jt?StY5Au7p}(1`4|zQ%Lc@b7W8;$u#l4(H4Fjv8V?&kO(YZpM|*X5>G5=k
z9GLF}Wq|S5LC-&~xMaN&!T??x4F-)7=Jpg8UZ-(zk%0KGbHi?>u9`ZKm6fCxx6RF!
zdP*p(%GdGzYr}qgn!%Wsm(@cC8y^S3oiw@vP@ZZP?B34<RYC34OE&4*?OEAkZ4g$O
zX>j)SWiP&~PnY;~S4N}vzDRoYHcDO*oVQqBYPWJSCs}$hQ0M@z-C8KamOjh-g(A8&
zL4G7OG_-&N7N)VncFU%RS10WW+$NdZiRw~xD3|qUSD9P#7ru94RKsO9%fyK*_tey^
z?*+justK2$zzsL&@)kO7%w&1NUY;B2g(vi_wwa3FV(l+q^`%zH9Da}BEs2Y(Fz4~5
z-zYR0?NZfp2<w=jmXc{=3rV|SU~oO%bz907C(GE=)HU!KEB19ZhOMQx{xRFd;3saO
zRK3A^TG;8H_K$lUiMJqw*(nixL+%vC=!-05;XpAK&#cTv9pKk!MH0OPR<0TwV{3{8
zmSt2~f-$J&Rf@}SJGJ3MXVW&G>VR4D9u{~0MEU)VYdP7&Lk91^w6X|hIks!He2j$R
zYMN`VZ{BE2oy`w1lrKt*jQ8A>UH%||n3|Mi@C4W2Hg|M%i~<oEQN<v1p9MWZK5h<@
z7Zsj(<?8(PWr)1T?$UQ}A97yH1IxAn*-WtORw(%(-jk~)%TZ)Y(WTO{_qfEh3*&S*
z1!q%7cH#C-UQXIqhHD)2H+nopx1z2uAI;@#g7M9wkWJ+`n_7n{87y5a4^z6+O`nJl
zd<qoZ_Sl8*Ys+)O+?EoQ7jJZ4vQ+Pqgx2Ex+2RGYNHBvD8q~^kEH7j)DpuJIt-51#
z*K(Mw%0%vphCVzeBGZ&hZJOTB%|0^qp17M0>tnKC|CgLGEju5#vXaKz&$HDI8j+qU
zQN#t?e7i$t`bkzf)T#q(Y$;-#zJzw)a0DN&jI7d%_J3HwP!YX;J>5cfw#VtF;4?1^
zGC7a!_LWDm6mZJ!15URlPPwak$%iB5tE05BM*VU=Tdu}g>FEcWVTPI=RRKP{xa#Az
z+pBc6X)3+-13Ny763$f`jpy=}IUAQWc5ll~Omv{Ce}81RpKbvMg;UNO0bfDZRpM9#
z9rW(T9XexL&h@A02Z`i>%~qV2tytRGHOOnOt}}Qp0{fQ4%(-~_c&-h!NWXJ(x+;0Q
zfD_?fGu!06%ETnMNhZe%Eh#G?n{*-T8fMqw`tZ8qS#HPo_M-r|l<vL&dAj~HMOLyp
zi585G#m|JeNYl#9)&wT5w#i9JSqtPY25_Vjm?;PAEBfSxEtnOLufKU*=Clf9&sp?*
zU|az%%O5Ip^}R-ZV_BoXsIUHYEV<hd54dvWyY=Q9Nfm^D#}z7zKc@%GDh0UTDK*Oa
zEHG_8E9^TWN3DnEIWDglU1{LtJiV|h7wW;HtRqi8#BccaS@l~5e{5JHEZ^?Sv5Eli
z?R}a5;!?KZl^sOq;uJA)Wh<fT+hoyRFulij-^T8iXpV_>hj~MJs*kZ`0sVe7&ZNqH
z1y0%nma#SMMst#lJ;2>&#a0mysq{vOS+GAg=~xZEH7gg(v-I@vdCKG2{mM&v!h1QE
zw>#{%b~apby6mZF*5!tsjR6O{>1HjUak@Ny7CUrieQ-e3^y|oqrT*F8^$G}i1a($o
zqyKhBesYh&x-1wP(pXyr?YB)`xsz?M@8Rp5;b}Rn?>c)yKHdFNvSRO_&1F#HtVBw~
zq}k=g37Er*-CNeiHB~S7a@EF<LMaj!7-WmSzE$TYbq|k9-wtkY%#_NXR-a6wC2Ky=
zPk#TZ^;LJ7uZZCGXOAsdZ8(bg*5>ExYF{-K8QQ&2<B^9RfCM$XHFMPl;(+U0qG&Te
z+-e*MF=c#quu~ebm!B_pt>3(&*Qt&^bUq|q&9e7xYHZlY`D8W<(cAYq%(^TV2EA#Y
z`FpgHyp2+Q_ONnZ)jXgbiAP2<KtRVoH|C;f**1(v*1uQ#HC8B8AzlYx9l1-zx=Y^g
zwnM$K{upFBr)}}}&F0A5G;_(wNcGLnv1#$dg}b|=LmP#{$t({d<eaA?@2>8#!Zdd2
z<b<hC#^PP5t_N~H>&KM2sQ}Hk^!|F7i8Na-ksdO>HauylkNvvI3K^&BPh=u8Q8Hxt
z-guCLnSO9bRo_o>du@pgxpga`o?Pch+PoQguwJwt(IU+@knOSQ=e?dJPsMA$!{;k-
zR@u^?Z%j+c<*LS;gtU>J>b<UhBk)|3@VSM2KJhv3k>0NU%O)GXd-+^YOW~&tn_FTX
z5MdXA0%YFsEy1z3?+|+LCWdvH)@p5>W@2hAC(HT@%Blj*1U$R6&ER6GWWCAcLOD*K
zkcMz|Y#;5g2q7f({=i}=p7s-d@b=s-IkER#Co)J)oL)S<;=&(+A7ovMX6T9Fy?1Pu
zq?+nVbPcUOQe)@eL2sF8sK_P{OAEX2$E7S&hctl&B?Mi+*e^V~o;U!%D5#xJ<>I6o
z23czlKiVH*Pc|F~>6a$!V~Kq8y5SaF*{KTosbN7)iKBNaGK81Bj*G5OHmMprF{wL#
z>nY+x0)2eC*z0o-?l5TG8b%sYBqTXzS1(X%@b}yy2(mCLEmO+LNaiE$H~BL9sxvbm
zzbg51nkW~-ExMF)OO*8O!0^XVu=T5MKBaVv)u>8jB5whwNG6#IA}F`}Ts#mm{Za7(
znk(=f_H1I~RM4UpJ;+{xW|!Di_?}%k+Fx0j_hF2k_c_puzh1;7G^`Obd++|z`)6DB
zW}oW?Tpc1NHu}u8ukas|P6KBEC$uD<3_c-y#9upOc{_g0a6)4gdd^0`@f+Mq)SR7u
ztTTH~uV>6@o<SCZ=lDIEz{ou__Va>+P7Xsp?FRX#50h?Jf>rXoFO2&F-t;`5Fy5Qt
zKk<BC;eEYAZVXR9#svth3rDeW9X$-v0yJ{#D&Z>B#i{;d+@{@2XFgwbNnGp~m|`-c
zlG5B<Vw=dSDHjq}Q>x1E84i%U>fAG$`tIF3eK~jAo-ZwLz(W=#l**Ag+uesn;Dt+z
zAMf}o7Wf-He$y8a08gy(4KQ%AZ~_i4+9Ux%Ny_Z>xV^LO2xQGub)X&jdDa9XeRoX4
zw1?PJdR3@$Sx9DVJUdk)qn$U*%}ANhMxd^V1D({BcyCD%qvaU?0JaAEx<awTlKUgY
ziY6mcav4QJA#1a+gJrl|;9zI>;Zu%DZhMnTAM^D2v9b~wYMD+99>YggZWd$u;JjO9
zNeh9lyz=Ch5~P+(bPohOD-9as^k{wZ*PkUl&%^xCn#EBDD{DIhZjnCxpj^nv{>TE~
z_ib;%Q;qDyo%J50;r;@Do5Qlegc>jM$6K}~dbIs%+V;TNO529Qu!1*P&t~luRUf_n
z(C-qUcx50$m}7mZ)q6r)J2@6AG!`uqJNO~Iex<$PoXy-=+lfTQnhCUv6TxyE$Tzb?
z#usyWuXT7&?T}2%zv#Puf9G&o5c{rFqowe({au}#ExnIFF88t`#}+@=_O#9defJYb
zmIiS+#4Tqz2g8Xk4>_7^P7N0A=`Vk{!;shIOM-nV$<vZ0&E{aDB%{!^aI+(Ggq0nf
zTsA3Neit~2thv(uB7N_5PHDcPp?MGCeNum{>06as{?g2)%BnAq;+?d$oq7>2z4p$F
zqWB44!x37P%y-F|Ij_{EU%6cxl6^UARejS!W^jk8x;S}or>8RK{xYfcO8z!4RDrOp
zAZ37Wv)A|!<vDgB45N1+_mY@;*10-V+fbn#D+9)5e_<I1IgFL{2kSg+ZBEgC3hZFp
zsnV;>u|;@>SIvfC>N_=uk3;qlclJB5KZ-bZXvJo>@MRe_etYdCWH8`ux*S)KW<{7A
zYroF6kKYByc<d?Fq{0?)Ini@<T#PeMxU_3Tw{Top>H2wa0Dr5_@Rjv18_Qc1BJMjC
z;XsQd7eT>#C0!(N8G!AJ#+crLLqW%xOPoE)iHRAJJhtC+YrS7l*hEzO_g|>&k4mq5
zIBR9*Pq7X$k_dz%1dtVDn6s(V1SK7Md5t#%cq|`WcJij%xDwA`T_dw=9_#Cy+#5x8
z5ZYwwir9R~X~j8Q;5`0tGWEm5=|ttBT9Y>cJZN(N{JG2-c!Q*umse<5825u~uCBhS
ziR4<%-yQ(LN!$|Fty{Og=#J~CIPiYo<$8=tW27EuZAs<qc2k{alRoEVe{HB_VKPAd
zsp5j4R{6whN8#!Ws&%K?d80*&BupzI<XdD`6ySfAIp2$AYz{qeDx1&I0rd};w#z9?
zYhT%SB~_k3cLW~rdmTGJVXl5~kW@1l9H2z;)nb|Y{r7ua{j1-TyydObKLy3{9`Zb<
zGg>6i-dwMhSa>ceAynRdcoU>pInFeZw~LPyH}PM6naXB1Upc|9{VA#0V%hPMaHbqV
zrh|5MuX;ylCigccPpXJ4Yl(ubo$=JQAa7ccGMUc&mHrgAiL`6{sL1lqh!cu6*v~{k
zN=k2;tH}>(s*-aD;*;m1IQ2R1Gp*N&AK2UHiGG=|;&@MxJi9AM98G^HFRWhlP~0bJ
zkn78p0}UN>l1-xTDoC<YkwNF-m;xuKA_{&wz1GlSWjxNpnSG0>?1Gp61jF|YmW1_c
z#j72MQZO4WVx#v}T5yb%`?7ENc7WlsTD>is_ZTS`@89^?Js}cn$ud616==%{2b+wE
zYFY{`IfqqeXt(i7hu+_cbM(4S<farXrsGk2r8eFPrfHCFHkRL|R%dd-_XOKPtQeN`
z-c5$9suE%i<h)k)E!%ou;b-rY58qL0+|fkE-tLSvDH5;B>#RpBAnomsS2I5+$wu#4
z=bRPX7=!A($tEmJb@E#6Z4F!${_^DR4eKrf2P<Rq<@1dro&~1bYmlC)<`^L<>I#!&
zVCu68SFgqQAP)N!c?H5G-bQH)dK|)Ig~Oh<s2{HFEev%Fob_>wi5|Wmc4wnzlDbTQ
zFTUM{?}1;5<AHDEG=VAe*06x*L+qpm?U3Q9!@@G_m-+q_L#WV|dOo>~t;I1KESASo
zbHz7ApDhM)kYIz^-|H%HVBSAJwjJKGIQ>NS$@2BOEtmSVg@hha&tj%WRz3YV=dBXA
zgEji#<Ngnkjl9>Ma*>vngP88IiVUm87(nMb|7_odsxpiwJ%6x}WtVJbU|`_rSRjQc
z?1)4i4F?J1y|RCH@7_J#QI{us?mZb=7@Q)*)Q4Od8!Ir%KI}>9c!FGhrg#f4;Q+Pj
z7j8}w{%2&?35}jjzdoYJJ%2t(R@!uOc!TZiV>y?r%8w2Y%lah!{A-S`g+I7H_3`6(
z6^`cnGCAcGo;~v>bEV-tAu67>GM|*3o#o|Vwh<(jfwIN}4XpeQIMvIEiT7Rl+}76Q
z$TWznn$j;`RIlxv%5rL}-tO~bZw%vYI$EVp$JgJ>m<<fG*|H-|<~ZAr?#ubf>c4&^
z=CEHH>`M+VR91W<PV<;`aR4srviAM;B?c+{eftMjD9&IBT_l>-eZ>7jxQZ&?Wq?0V
zxem4!kgyauKBUDaK^S1tMO(YRtM!HsH6`(fB~%=XnuKZ{ef27oAuS>st*x&LDBTJc
zpL9HI?vdVRhazO}n0Ru0YO1cDW1wZJTKP6NSToB~d%{hh!6}R;QDGAA_x{$1y^=mk
zd>kNNE3FvrqGpw98r<ES!vwsf^G8v_g}EB$DR<L0h4Bq0j1wK0Hd#j19v8x1>I?kL
z!B(W>?5Ck>I!5PY-aRNU19E0n)gx2EG7TipHEHN(YLz(}k)8)(54yHNgY<Qse*kD^
zIFsm@b!fxa+OmfrHh1(estA36S(<9F(4k8%4HdbsYmJue#le7$Z<;Nm4}FiTS1>%U
z_k#BsNb<R(>6vuoxCG06mo$aI?wQ2$Z^%13mJ7}cYH)?}#Y{|H`O`!Z85;vNV#nbJ
zovl<5XH?;9T}>B|zVX%ZiHVkJ-|u}VY#MMS^et2s*259SU8>Na6(;r*r1^KAhxEYK
z)bj3^#{U8G(@w_Xz9rc@1#n7(|MPM{^j&9+2p<)?JZFYLp%kjg{KuMuit_#q`kYxR
z<n)5R7M?*<l7HR0aUp7tXrY<pcc7Ge<~(5Hb}?MlsZL&I3BglFY0>7&4AB4b+_R*A
z0ib_60Pc^@Do^|07f^2k_eU2}y^Z`|*9)(Z0lnD{b1r`QA1j79oiBkRrz^-17tMJ5
z8>Up~U;%C7OM>2|rmbUnr0Pf&*AU1lfL`CT#}Rveo|zHxHZ5c)$Mf4^d|YnH+*QXw
z0Se(4c0Lm?nin#10tIPaQ0ejsAOO2p8>zOvAX<`<bw+E9hCeE;mirUd1sviRtxuie
z1hw{swpEl>eF+}mX<3!a%cdb5=2g0oV2_rou*0dZtnt>F_Ej!KG@$4IoWa1t`SU{@
zCdR!n0-AlC6W{-Ma>MVrLZPa_m=M}Kzo4|9ITLSv?kyPWB+%mrT<?Pz2bp86sn7@f
z`SQ$j05WF1$cz7AgnFRt1`Wwlm>eJBU$L?W0g%r;qrUqKkw51J(IzIs-Iiv6p8G3S
z0yF^Re{zEUMvLd5OdK3<x5P`$FaL@aB@q#>(?5NZf70(a3UR7fUR7o7=coUU6#)QQ
z@c9Dm-wDYKFhP6PYyIz7odY0Kg0_hNPDoOK38(D+NxA<YvKJDp%}@M8sv2o;Z;rx*
z6*&_mH>Nmic2>=Tbhy`7f|g6?dlF{3IXU&sngzg3y?WZho2^4`9$KNX90=E@)zrX+
z4ubV0*iArDa9D}`fAs?RQ$xZ5buDE{8x93TUl<r?GRR}2xvxJM*0REUxVI+?bb{^y
z+YE$s$@nyD+Elyg3<H;9cj_y0PA0UiDo+HgI88?!P9zs7yZOg+jtqIY&wKNn5OxR^
zN;Rcup=W`C!)0{cOBrtlZ8XhKxPVvcja_AFN!XmYbVT;c8bz)3*PB$3vkXUjY4*Cs
z0V2taROtlj*6#U@!ha$S4A3frk-;=5Gi1#MsK=ADkjUDL!?dpR{YoP4j)o}?_C*Ps
zpNhr59EfS0P#@69`6o<+PONrSs2AT=?DTmSW+RLoxibHeg9q0wAsp(!=hUqpiP}_8
z<zLF3oQRB!4CbCryXB`iykRv`ycIn6K8)eea(;AUtzhxdd7Ee-S#)#N%8RjBKD^!Z
zK=2Xj2R>WKX7mUGft)FUIkzw%I{Iyvu$MgsK3AvvcGcGRewll%9=4ld?qN1q?Y8w$
zBxgN)SB!cn-)=km5^ZWvM&t;5r~6yRfMwb4mc{mBGzB?1Ii*(qR46`>A8Lk-8}XtK
z4~m-r%t~O$J_z{UURl?5Y?96}sUz$L%&qk*a%R3~@b=MtyGgRTCXZ!5W=p8H_25D`
zxd<YkvAJ+2rH8e*e5JD5NfTT%vJ_=`lvJ|sxIDa@Zsk7vv8QZ1M^wOWtc{BJgvDxP
z8;z=Jlv}_=amEQ_lB|ilxp=k4hSRrH<%==0b#rmZ^{cN4{5CO6bO)B+1OA>W8tG~7
zf5P6*yaK!f?KcrG;Cm$7ZJun$r<1+CRd;G{)=B_(6bTqx&A*S#)Y_lK_V=$-i7j+B
zn4itFIqEjEbj<?$TAZMRZXdR$$kV>pVALpQ?~NLeX}MTDIv9}|u^W1p08{pKoz#g{
z_5cqxTd}H)52y1kM<1ouk;QB;mAmgZcG!fJAa++%k8E@%NOO6IHWFB^L@ly=1|)ym
z{vRJ${3{MJ=Ns3yj&%s@>;qlbf(sCGde%~b)k=pY#ALy)Ry8>r+oiEQqo+gjN6r%*
z>B&@m2wJVK-hh(?c>g@CiZWsAE+98Eo{%l6LcZ_HKB)r9NzpQX9TS)X?ByHnZMW`I
zQO3Z`-BRAqdXkZ%yCsOnML^jU;ZSB^(tFZztoNvx3>g@VQgdUqtz*XezhjEB`zh|H
z+-8tLpU0kh#U$-sF<1@;-~_(WTK|$vaG)PEB!fEp${R4c66r=_rIBdgd}0N_fXraz
zT0~G#2`pBTvxzt*6&cy*SrFUUGi+W$6B39V9^eXDm(~Fhxy^?mPrjJpF}qq*5UX6%
zyjZ$fS5pMs%sg5K2T#Tph{C9wzP(8supOIHJX<GDk3M?bG{Dyn(;DBg&I8hxfFZwB
z;-+J^x~$l;`el=R>S#RMal0#GXay-eyFY2TRJ>_Ny*th-=xE*urxZl&SC`3y(}mGN
zKCf6i|Lv#>;T}5{0{{i-g0KwzB6p>ej>hI1kK!4%cM)bf{N=e8^M$;n7D!KId$VhP
z>Q?<$dC^n1fsTNtCM%KU&w`8B{|re`)=s`cdTcUxvl$rf3Lhl<lC~z-y<rs#&Rix&
z%SJy9d6JsiZ5@Q(_~^s{jNN1TMPsv02cnwigt5z705sZwVe1S4W`+sUw)%R@lkScP
zqTU-KSy!t*EhNzIv2&gb3|ueA{>{b6v}UF^+n4XK1`zn6l3{0weGRTa3Jtf)bD2fY
z8Xu&S^`mhH7)*dxA+;yg5?|Fwt|}QNP!;i5j*I<aFm<@)P&~m*!{O&TDp-U6OUVuk
z_pYZ!Yn92|`9?h%!h~|oB)Pe{v~@A=d$VS$)b6k9&?!q(3No^Ne*dzScf`44;`kC@
z(Q#PV(IeoWnO)_cZ&vTn__}r1Xy!WloL}7-T_b)ZkS=#ZsecG9-I@3-y%V(l;dLM&
zfK;F+m0RfGeook{s`iA&{rmyrJdQUex5j65<bP@i5iU9AUw^=%qah*aG*7&ElAb7B
zK#b-W&~@`CN;GeuEAT1ghDoC<;1B$PiE;d|iP1t#m5=8Yim@s1N9690*J<j%439Xr
za}Pj_LQ+FYc)(zn$&5c%Ode?8C@l;w`#pg~P!t=F?U*e+<V|lOiq#-o9Pe{E>3%mr
z&q0@s4Jre|Dx0vY(vk0fVgzvD8y=V9=*tLVuI(0TlVhvBrwIh()A;s#09-yV5Uio6
zL9-D0CE0iPs6As1p)DNqa$;>(tn~HJ?}3T2OuJl1U4<>U82mQX)j2eq7&_>32D420
zs&o}-&tTjI;@!K~(jQ`AVVqauuxfTq<tx;@1HHLD`-t;uGhqWIKV61p)mV~O>`#yo
zMvU~gaBj|reOCEiG))(MqwZR3t0=J2F)nLl`c-{I$<Boj&lQ}BN>XkDQ1QO+y4u~9
zl=E1>Ac9Ow3@Ea_7`r^3q6RLy@KJq}_{qcBUw~&YCcUyWS)eNCrj;wj5~ZSKrfRAt
z*T(WhsSUnbZ)AV)06dB$Kxw`*rSkx#b3n|*Y(3b?IDAb*iY)Fl7T+~kv8yIwd7{XN
z@Hr7t4H5g_ZiDE4oK4p&3Lrt#E0#}v*)gTy`avZ&wadqB_QgdL@ZJ89t>h*y6BbW#
z;>QdC?6WGsI9ch+SI%IZ!EUE0Bi%?^yo1w>=QVKHsmKT=!{a3*NDc@kiBJJ9ADIpO
zCEqk}Kn<R$>W$xdr>oLMO<+$fl4*T9?lRG^*^QN&tX(nmVhsHU0wE#7C48nqdjB~{
z98%iOE8o7p7Lex>cfr$+ODF=a2y)kDtE;qg$+p%e8+_%%seH&yQ$G0HZPB~~G54lt
zkOi-e<lQTL2w86*&3owV%*cAVdEU1Xs}N>4<}L+uOzP90pA7!i2}nHT3=j+wO3{V^
z`4WUq0lS20sHx`_W5-xu(cXflHWQSm!M>1~s3lA_SV}TUbdp4e(H!enxKVYUD`(jD
z-uuU+_T<;3)vPC41{Gk;-5p3x@Uu?`fqrXy7iTM=IKCZ^Z=(n&4G>OYQR%`NjCky|
zjZ$b~M8r9{yVji8Y=(p%6$*EzT9TFvk6!Bt!KSt>e~T#=0n<uVf|;lFT5oDkTK)Wm
z_D5p(Eiy{kr=w@@RPz&u<5IV`Tml}S!30t;YOb$LfclSSVFc{D7Maqf4@lub>=>aL
z*Ek|BjY-DxSuZYzZ2P|?oS*sUmnnmMkZQy^Y$Qx7Sb`yTlrPn#)swybgx}TS)STG$
z#Uv#%;yiEpU@s}%8#3UPjn6<(Bu_q_2RNpzSD-+jRD-I??fS%d9My=RPZ!6?($dN&
zHi9FBoMw8bl~e;XzEds$s{BI^aM)H>tfrQbn}Z`r>#f5&f3ARo)>{3?Ytfn9njT=A
zJ(Xfx{(JfAe0*VRC~sN^SWgj4m?8sU7fL}B{lq4IuuK}L$4CFO$yVVq%--d@9kY27
zJJ|X)o&w9CrYXV@^mHTbc&YolPFeSV88jk|I87}Dp`#gfbusI?<qP1M0Zx-^yNhny
zRstpl#UHKJZ$qadP0FmbZ)$cbDlFh$%&zmFJ5MxY1yIy;yQL2Z9dzSCdl+xs``~v-
znsc}Ep6mqb2nBC_<gSuT_S}mIcm8Na7>vWNwEpUsz{g$uWD8tDT$G^NIc(#KyyVn8
z?7Do|gLpP+UG$KT9aJAdD#xoz(u|8@^^6WM($Q9PBrsCk^|yx8lbu4s-!%A%n@5PX
zVxt@5tv8!&lhdi>Y^;kDH4BT!Xn#?Z#`-M?*SmvNmQ0b&z5R>zqi;!HpY1h_2Lpo7
z*mQdx+k2gr^*$pz8<cmln*OyQih~gV2g~;+%>fFpY+%e%uO{B+Yx=%^XRPQ$IKnK$
z^{)C&77`Cv!Is~SBs9_*Aw$B>S3JfM!KM(7Xeb<vjFleYHA>9Nz6WTI2pJINxnRbK
z0CFCMVd9}JH@==SW-BNPmFcr~G0PxqjtI(nTxc?dvLMHHyaEGaD-t>N)^3rrmMbxh
zFzkpT{otIbOG+elqS)oqZcNm3Gqfm?=5G9q5@~CUF8JMP&*q4vSwR2iyK%iW$kUU}
z|Mh9cWX^MMIAmGY8(z9AAZ)$NB=YR~fMgRS3V4+LY_sM_fH(f<KZad1sg%&ZDMWo1
zZadcf4blH(VRP%3PUDD^N!itiw?+x5P^2>%xV}${ntfs5;_0GFIf@EJvG(L>JkOPp
zqvmnJ2SiI?c_@ak--PcvJKw&gg#BxJpgQdK&^xj$<Z#=RJ_K(3?hh}~Dh~*>$6UA_
zJs{9}*y^cX>(>bI_z31F|JBCo^GaqfQfCbW3b@CF2Iqz3QDR)i3>1uphWR*wVGqJF
zOeQ7xmF1n17RnRjBYvaKg{_|3AoP{1+&pLJ0l*c+Wq>OV`%s}@SpAaCW5o!+NkgI?
z6_J1nFn?*v?+>j#0HO%X*bqST(BAsNymr7h%B<UR0f1lNK(&TnkfZ{B@?Qr{L_-8v
zJBpMcKVYK&d7q{jh&c9e6h!}qS3CeZzCZm5I=CNDJ^(R$LeM`aLirz1P6s?C>8a5C
zN7?=lsl^-db3fFV<z|+}KtYY;f9en$WkBr!JaP~FZ{`IwT955jC22V+^*1%g0p3+8
zT-NyX+bE(L3W}oVX1LTvVYH|SfdM1mzA-s!DK$WZ-zpifdOsd*^~Xq8Gk_UH>1;jq
zhh74{3}?|zTzU7k6!k<IOKVhOkLjj8Y}fOTNDBr5aVMrFMa){LUurg53D-VOiL?MK
z>Qr<_1ZDkOK7jPSt;>k9laI)BGOl=B7Om9yZGOEjNhvn$F2q4id6Htr=tv#{Cb*LL
z{gLOwOT`drz&H{q#=Uvbp|wu|mbyh@cl%S+Ph?jX&gaQ9btvU#{}aDD(YJqPSsaBW
zB@hfd5e-NJ1LziE&u!kpYTkCa>nrYDR9W`Rbkg{MqMoR5ezOPX2-TS%cH~{@N__{s
zi^(|ZKXo?iv-AxRO%mv^Kgiu1E+pHMyLFJv^L_d7Y2aDqU-b}}FeE;nEAt`TmG&Cj
zbYuq0!NM6g27oX2cR}i{*!I*YS7LDKQ!;Qz*QKqELz4y(rB2^<Lj-c_YmsU7zm-r3
zEwQt43J2t2<=v<!NwWsUlb;O{)?WUS6zAjhf$6uF06t}SF@O^YUMh%jL;YW*>UZP>
zluGb1R88I)Bf%}7nGy0lYO6j6oZP2%H}d_LvKNh`Z+9=dY=BaPWp7IQ_-!n=tZn2#
zO{ef4C>^Cz`CvR|0a$$YK2S3{n;0?&I5g1ZPe4Jo!P_4IJMPVl@aQ>gS?(=A+@+Pw
z{FL}w<kr7}=Z~9rZ){`vTRYYr%G_0Y=8n)DO}n=Yk+UkpiA)B&c5P1CAt+9{Y6Cgu
zI;-sqz|rwtgxr~B?J@oC*{90hV{?I!)NXTcUWaFENJq%#Xkt^ee0CL&_f0x@xE>G2
zsj2mJTxz(N<F|*j!FtSi&^SU-xUZTUJ0gN?oGpF0Q%ZtMNLnps5@`+O9b|aZLQn2c
z7%6-L(xOUKT4boB45UR5A?}o~^PVTbZqD;xlQR=&56Zi<Gp;JD>9+r@!TV@^v4g`v
zN%of-WGO*Hagt5G*DE00zZ^Ur;~MzJ*_?=ooIpAKI5^;H%en}S!~h15$i+oPBp>j$
zw9W6{xM;u#%^7pgf2FT-!P9txV+7%J1Ya78{V+DNL|f|jQ*1#ruRwk;d1Fe)^UZ2)
zZwNud&nGJsmd06Y(?Snr)dRiO^Eh#Q?*K#Heg$y;?m|iw4$&*7*1{L!+NHq}I1FAJ
ztZlQ*3BGIY!i)X(?G32l7~&dy_$_f>x^q23B3ZP{T*SBTUkwe$YOsfMTz@Eo+iqd}
zDf}`v@8JbfmjF~iJv5Cc`CYWjzkez?_{(u-2SH_a51C0(@hKqs{@#rSRm%O*mz_GN
z=JG@FrfVoS$4JigbOb`LChyzJ#M?Mr!sVqup!*rHh!Y!6m6(v;MTBKrIgE|g=GRBP
zww8O*5$g_edFByMk4^7=98CX_4q0b`qM}qQEnx{{`C|v}MYNMuv$v`@OUG%kD@|To
z1F>TBL}RKf#epT&FXh9*BCZdqSyN%V+-zgLE;xB@ghkb-W*7IO2~5qqiiwzQ8hY0&
z6s3V@P%@ya7$*K4^aNsRs?B;??$TB$Ub1(EiIKEd2R&^&xWQB7wKeA@OXJDL2Zg_t
zNBm+vlNEyd-S9@jH*X*nd^f)FOkMfyQYx}bLZp}!KZ4!yxEO$B1VYTZ41Oa(Gbq&K
zH1pf)z5PoIX%owK2SBDK5Np`d^uEMDP(*Nsi@isAEjy;Khgr*S>we(_NZO_Gy#Ah(
zp^L;5k7UigU^1L(tU{;^4}<^g>H+-mg&RJA0MHPL1Cim!wgx&7jUR|Vv1Qj%eLK2f
zU83RT`n54ziC7g+y4Us&V`~~y4PxyRLc8*AgTDjId*{D<!AlcAKi!L@9Tftzz}KMJ
zgKA5u1dTzBY6hFF$Hr(Q6Yw6MZqwfY$;&DP>D%fwPuX48lqjDyio{I*?BQ|4Dx!}2
zGJdjCgPr^D)e6WfjDS(NI=iME*?Rj6+iPkzN_sZ>u&a-xngF%E!gVHoCC)(!RjB=h
z)gD?V?WNcs&AXN|c5Az-(QCc5d{yd-dHru{C}Fr5_G(@od`~|`!^e8dIF0e2<8%}g
zSW>2XD{%|8v@1_q&$+Xuv73eaYQSj#wJP?*cfG}q%B`#Ax?@n;g_t@#_)(QVdk?4{
z5LqapR=Hs+al({x159L&|E7UipDGSIA6+hGd>ey87Y9HWl=ld=So_4U;y~P!Dbp5Z
zB7aj7_;C9Q#;(T9(4SxZ#sSc6AV!x;2>b0(|NRLNMiv?p9)iEVNF)Vt_fwzr-{St~
z&lP&F{3Y1{tThdg=*1Z_hy5}wzi4qh>ODPuwEut40s<H?NL0EK`n-N(isKz{V!}Uv
zzyg*e&Y2cGM%lpszy&6D_H<&u+3^1rj$Jvgl!{^)k*cm?%aEJlwaK7NHMfJAN|K=A
zviaZ-`A$hs${ZI{x~pFjZULu?(IjF<A5})+ZTSpX-BBFuBqxt8KY0r)Dxocg*wQJ|
zi6+V2Y0TKNjgb+4HM0?iN?)tNoTR@j;DNA!1w7ET&ldpbLg^KcELy1Yt+7`UbPxyZ
zWH+m5Gml0cE{^eVME@4h;}5!VfS6)-$<+Yzru!O0QRisK0KQ~)WOY~CD^tKT-BU70
zT*~*iM>v*B$RV*YA;#WxS_~6vE<$)1oJaeYj+Q)^U}kQ~w}`3C2K0}El0Re>uu*1}
zXVVkrfMp+`xR7E6EkSZpAMBUFj0K&)<9j-GX>^Nl6T|u(2GV&)5Q_+Kh`zplLPBac
zG)He@D!@#ITibPeYgve|tB`7SXEoXCiD26nEXcBaQBpCWZlZjD4!_09t@$Q8b!l2r
zdp}fr!HmH7#lVewJlYEf?VdYT1tWPe;*mI+ZqhdnRwz|<R^cT{1LZH55JM$S9`ocn
z0<#XwWeY*gEPj&ZtC8%Mu@+QWYuvG=TQTYE+0nzRVdRM3y%#0pFY<XU`4Nkp7Qf3;
zKNWX~$a?pc<)?jA>A_x6cWNMZH&q@y4=GUO6TeaFG*3^xH&`X^e0YD`yljb92l?O;
z#d=ZzJ9MPv$Zf>a{IIQg`6K2v_@3R-ZYq71EWRkZMF5cjIf~Yo?KXgmGkz8Nf(1hz
zhn1P&5r*NlPVTCjZ#@~vHT!)V{Zx6)vK(+7QX{iywsQPCYjpo%*Vhe;kt2ik_rAd9
zF=x9HzFApv4dz!Gf)*!@P7F{wa~d9G044_nWRA;)Zo!xOOE#y#>qi03Z7$1*)u<q3
zO<hLWT1&Hzu;<2tEHCoY6J$fr!%mHT58M6b+AYNLQI><+>!)2wcG{f+wWxg!e~1N5
z>wU<s&Q6K*MUmr#qnOe92%d>7p<WQ3!Ezk29XNoE;ggjkC%dX&J7gYB1k~lhT%YX+
zetzmcQSPi}CU3Fr<e@22XjQk>H#NMs3|;q|BJ1GZ-aY9W>?PwCV-FmsvD}YWh3s`k
zkKFfC@O!{JZ`yV_BcotYPix)%$p~!$0nU)^H-U2U1;WbTV;B&o9bZO{(z4+N(**!h
zn{UFLz|$EYu4D{<&*QZ;bz3%#bwi&KC{7SV1=p!=C>cey5)5|FdGelu*t-@j$wzbL
zVewXGRvLbSkH5*u$*IDzUt2$lb|0OdCDlJ#=wfKj*DhM$A~|=oQLujv_=%!qmXzIC
z*zDwHtC<WSiYPf0i2;m>77^cs4tQfIdgS16yF3Y*Yqot9lzKP|+Y(+MNN)svTQ;@q
zqIwUN9!MaEL%Ro+g%Ec8Lrz0Q$-9Lf?curZb()IR^5}DDbvP3dG~<c~MHwpr7VCwi
zp6?DN`tu{Z8M$yz!vQOGYR{IV;x+1);;n=HT~Ykpu9_PS(>`(~D?a`$F(yk_DJ?X_
z2i;fa?07N{tAe(b3Aaa9``Eux+f7a7Moa#eJvzYR@6vX~RX_scaxpk_o94x#$P5|Y
zH(diF;H_xtBP9fd_@gvn89W_nCuk)*LK%@WI#;k=kg4g3G+JBSn-}%8D}F5QLe6j3
z$dq4e$WdZ7V*d!4uMcht&xH-})t=la7l+z2CftgZ4ER|{#(Ai9o53{u4lixK7InF)
znLx~?9;^2wIwkvajg~uyunk#TPN$*0q9FIxa7w{~$$>!15#-o#cTsGafmr@fVZZpU
z{!XZDax?oiOUnQ9D+=J3*@g(p_zPdR9wa|J2w=Aq4Z#%Mo#Tcd<nS%wTWO3u*^P#!
z3+EuMG72|@mt95}5bl!uq&~dmyQSS`3?811{oOC8YWt#FOf2_K%J+sBFaksWC>@|&
ztq&kmU9{I?UDl#Svs^Yc_s<`cXSy$hpYsn`E_bgM->;$XC;U24?o??oooO<%n-ee}
zWa_Ee*<&eSHu*xB>ZBDILKPWGFhybk>>Jr{3y5%dvc9sn8GR{gbCB+7)Aqt1{{FCk
zy5l~bwtHJxPuYBcQC?ZWZbNoHnfpqVOaZjheQ?L6Ia<35VN|nh<zlk0KY(TgfEbGq
zr*m#ISp&Np(`beSm;;eIYWwQvLx=fp2W36emJBU7Dkzl6(8x$KP;hsnqbEcAz}>Li
z>8qO+)KX--pHTBCP|-I!=y!_rYZ3&st&tSE!IL_^{Os~5KL+B19IvI@VHIsOA9>gT
ztC2qPBR7Z%c$H99kw5Gc7_|}d<xT$kfO2e<R>+Hjzjld2MOr;z?1MYL40)mjzjN82
zvD$_YQ2p7KpoXGq?R)CFu4~hHm&QIIrkbqyKWCcRuAxs`R{=2MFZ<OTfP5$}0fQ4y
zbn%TRc<ieDu1JZuuk&%C<&QV)C4mw`@x+oM;0kUlVCXX(GzLr`mVP2t<gEE3(=t@L
z+NqD+Hi#2QyMm_9SLn`^=Mg^U?LuXnmgk`>=Z>bTEWrgWC*$C7I$$G#%(yLTMet7}
z{bP1}8bFC*1ZlVRm)}s^!+^!(2bu)`rV4+=uOLsLIKE%v*?hc8@gLAKK+wzny0P-F
zfd5?RLSxVI)4C6U?490*|72M8BYH-%0vudE<UeVmf52e@*8fZC*v_FxH$UedR}Sz7
zIV5Uyyu@)5GYCDf2_oXlr0(Acg|h(%l(Bq&dI8;M|CFsPU`NKvyFv<dVf#4(<Pfzk
z;&cT4w{-O<Gs1yg6xtUfUj7wu>j(xd61?|=$bnCEmxs#;MGsaEk^4bAqy)ce2fr1A
zJ<E2oVIoj)saHQp_#nQ_#!I1)cW;yhU{4kl1K6oj;<$M69D8#1HX2VMg&4EEOK!_$
zysWjTEid&_)N~nOYd;&wkOly)6_)c#uUCM-b=Y<(DYFWNL+7KGc5*jzbV?Cvjecc_
zbsvAt;IWyilW5F`#6Wl;_lC)cako8!pr{=#uwc-hf5S#>;s#k51JwFnab_5NBXD+_
z(^ZEZ4Wly{*+2!-72}hNPC!6_@Ja>dEZK_vWbJTypqB#QR=qMn%QIN*o&k@;OafMB
zW{h!P`1-7=zLECAwAX%(##&(akTRPPFK>j$tX#RP=tirUiAA`AbKlVM#yA|IGSHqz
zgMG!$j<es(j&w~%=rZh38Fo^S2$<jA8?%=wH%Qjx0}p8mAojQqve*}v&H!;i&qy*L
zZ*gK6vsNtLRg^hf{}$d*m=H<C0V}596h1A<4?1&~akpiXp{R99fEZ>FYqRVXPFKN`
zv&ZuL0K9W&Y;JqW<2pdUe_vrHv9u6MfUiGACq5{Ssnx0649`0{eH|63W3smHEi2}8
zwC3OXy(i*_ir7ohAj4xsK5xo6`HE~_^?Z0p;QG5N@uy(o5a9sT1A=yAgOh>qF@0$O
z{SP=^HvLapdz$g0N#JRX;+KIsb`z(?mp|MnpsJ@;B{ZvZYCKMj$7$vEgik#!Nu$|_
z(^@;4jW}IIKnpPbzp{vMy6p1@TTX-EKZtR<0*OY9(;yf<Bf!Er4T8}e+^O+E)0fi>
z8eLybGibEv_|$m(-x?1kYP+C+{^75DAbwW~O|4GjMs&40O*+xk>NM#@Q>)XY^VE2p
zZle6dLYzh+e-Ps|g+U_*unK&-QTflB_Gt=(9&4Q%4>Wx_O<~YttyANH7Hgdvk5l7;
z1+<ntJ#h1fTAb!%e-H!o|Mm`oBTu(&40=_y(eno?<sk%gZzZSiN)g?=5d6=Y0?50X
z=qmLE7TSi$7>91H7_~vIt7^Tu^K;*tZJJ>Y+i#jN=4WOu@NtgssCye2xW_XRk}6!M
z!MZ2)_U8Ayuow^3E|0F5jFcrh1Lc(Bl%++T&%E$Ck8QUDgxf;Lk^61~C%QfO={q1-
zfvu&myCD{z(45JyXNhp#{(kh#ng!z=A(i_~yl>!Sv(IoxcWXDd+<*7!0y~eN;ChMg
zbZb}*6+6sVR8-JMXkJX<c)~=H@U>m}#QwzN_oMF7#NxEX2yTDlY%w=^t=M`k8NpLy
zKL6KVx||wue8h;=T5>XWZD^CBzW5E2z_w?ze{F4sf0<8+n2M5;6qnaoh3oJ8duNH>
zzr$fy%b|;rlb00hP)`o4>S#!{{TrSaZ@hgY&iBwqf$zHfM?EyT`nluxHW))v#;bZ7
zwHtRMUyza;E-RThcXC7SkNs{>v83s$;6siB;j9{G&z>D#3x|I(C{@9&Gf3Jvd8i5%
zBSX&Ogi3i?m2GyXYrvah1f2l#rl+Ul&kS;KGm(hg<l+5&*!B<9ZewEkT^ftFEM_`t
zvaN|7ah?be78Z_tc$1Cl-dN$cP>;Xu;#5$DjDP2)tGd1`o7@q9t|k^Z?!P)-laP?m
zXI_vIllp-p-kQ|e64(t3a>uG7Oy03qkw@RC3{u1q+UnJxC=m+{!676h<h`HVIOD}0
z#f<rY7$EHzwYbz&Gi&Rt^78VsGU0>7$(<36q{pB6f*y>V03?i6<y41{j~`>#%)iTB
z72oClSQ9v`e^5;6u}`2{ojJBSqvl|N<DI&0#|s3DQQEqdFR<CmHrfFam6Vj!*^MPF
z=MbRJ5@JYPc(B%3-H<Zw`Fwwhx7<aDNjuNDZ6|~HIxzvmnCf!tED<%YOi$1-Vf;#)
zg(h&84RiymN<IO&+|;`~V=%`+X2*uxtUIl_S&rHJ5(oS&dZ*(6;=+ZTMs;;{2?>dN
z6ciZa5D0`)(9uhikL419S?;xtWNCF$T-6VWsME0HOj)j*a{=VMKAJm|5jug>I2*ru
zGW=9Zt`d-xS2g=+({N+<;dyU;4p{-zVeAyF{{H^%3@!3*JgX4|*xffFCB=>tEn+63
zQJ^ClA6;3t*Uy%4F73HD_My)X)p1N5&x=})V{bQf<}=WE63r5{N<qRUcrs3Q4*jX>
zpHSzT5yR^L9{T-dIRGIAi2-}*@h5xuP9X8)kvX7!P(~)a`&j;eYRvDKTNQxwdt$r)
z!=&s1&6DQm)49<x{Y4%n;Jku@N5J2=_alIF1ADG!zuU8+nJj!#B3#~3oe4Ao{KDyU
zsz1nb%GIAWivLFfoYw{CPe++(P&L-l;L7Yi&q$Z(U{4m6ap6TsAEjM}`uaIl*r8k4
z;KvhZ<ae5YbB0HTwDf@D5II3G#rB6idq}s1*6+Wzev@?PVRr=8(TLu7)ke*yfnxLq
znoaDwiPq~a!BnUtit3PPj~&?C+XeY>cHttU?u9<e7|PE|x1yT_c+x9ID_UDeLCf8$
zRbRYk_ZLWylorKCftHScYU}OmK>HdmFVqp$w+avq9`}ukL(J>M+WA|ZMGW8YURz%=
zmhz&ER*TC`o!D`)s}A*kjo0C{-w`V{Ghy-s4OHttfWBk4a-$5HE3VMy8f|<LeIpsX
zpun4j?_*`44Y9F>1^y+nq-6&7!#G&Wn}R<P0nzjUYW=JwvkjmqjX;*@c9ZQ;T@!(x
zbzn7z3Wk=JmR@_+)3L!p7j&lxQOD_3EWGS@+?=HYFRviahra63O~1#%`fsoViu<Dv
z$J+0r&G}U%&_ReJ`t}gu?J79%zB>kHMOzDD2fDNmNuik%ECS#REw$zNCE#^B1)30i
ze=piPK3uvL8!kFDh{m4)3mSiL4QOfxLSjAEXZEI?U{oki7MDRI(CtgWu|-b3@PJ^z
zRF2J0-qDlM1K>HkpKy>CfXU6@R6_NFi&CwCRjra54<}2vpi|2S!-8WWm+kmiTn$Fw
zLmp{wS#R39o%2dU1C~Ff`_~(ZKp$ha#EEMFz;|>+BMv#Pu#eNNPk#M;jAYyxAd<Z9
zxb`R#Y!cN!%hksNroo^PG%ZGsK8+9n9PB}^MH<jC)%?u7#RT*1+*r*7w3cp=YrwG)
zvkNH#0HL^&K|GfVE(KCdFt$SFL$%Qu2yzEzyBZ@Xj3S-^#;O)W>U3CBUOU>5ptz6E
zg}r6g3IPT|KH|KYOwm&vGbiD%m7`&jkGJ_FIs$;$;Q*b_Dc0l201)pzAm(hu1V?sn
zVk<U8Db>*k1H{dM@Lz~B7o!L1-o$&B6PYE#v%oAwSr;C^VXcR4t6^s3D4-sh?a=&v
zy1N&ROS%F8FFWE>P|a7lVn9+#xqXabQGpYqctOj|87`}8{(^!zHL;;0Ev0*NnY=-P
z5wijYdMz))uZ2?&t(q=(x2<M7r9CNp_NXzB|Dmr%h8#PZNYN;00NP|B+$90b_$F!n
zvpb)a8to}0x7fhb<VU-uZ?&dgOn(yQKKN2#wV>Xq;-MidT<+F(Fp*$>Q#${`Gio=X
zIaaXM{mBTH!^Pa7SWXdUw>u+92jge16w=#8QK_<fQnQ!Qocb4_11rVA=MEbH5v7|%
zD)l}?w5Fa5qKAZ;8g7O*I^Fg{M-fQ*g0P|PL}pRzt%cXPXCsbmC(;x5)gJB2$n8$t
zn?#z4tPLh7e~q_~O)U|COq@8Jtbhkhij|}b)fF{~tlqFgU&h7E{ULrp>3nC8+*M?I
z2phHY_-Fo@$pY?c0pgGLo#|;K7kYipCoZLbI`~*sB+Mn<MRC8$#Q`@9enLWS0ic!L
zErH`@pf_0e`UMJ9tyqI-_cH{{D&vLVAP%#|E-}oJ`30e;{<C9al`*ulgG;p*7Ip(A
z(|IJ86oS#Vs)>`yf!T#y*+>_LIcizL<h6Y~xRW<`r|+|S{+Rm`KKpmlDfOHt3IZqk
zjVN{8xxaVs4n=Bc5H7-?<#6l#!sgFqQO2pz7Jtdn<Kx%=Dwq;G5GV~R-~%|nf`D#@
z$gpx2Q9778KV;WgOLCFCf`sOVYaOJ6g9?&!LNp$3TMZV?gW9(1%P7jCqJ%f1KHRb`
zvN+6;Zlu<;zpp$kS4WwHS<Nm|1ZNxwxC|TMWbPTLR)^MmP9q#E2l<O&ghJ)|+m&J_
zwn=V>4czIw90eB$OE<nivZ1^^A+H63T2uWD^%{suPaJ<!27<CwEPFvfF2=9F-M?6v
zCBThqV%QYODmJ^W!YVqxL&kEH?ma*~)S*1sJp+++T7J#8*JI_j?BX9Dl+H#q+ykH8
z*C{U&U7&ij5jCTiIO#ud3+lU!V0QIxd09QvjPEvLU+F2bU$`LE%XY&rP%zuB4)K4r
zcje(wu5J9JoQi`Mj1r^MLb9~kmr-$)vK@{+qg2G0A<K}MGnHhC%9e_8QrWT$QMQ?~
zG^EI36obh+))@?jS-<zKbIxa6=l}1zzN`87ectDNpXc6w&wbDPyTdUhsE$^1wA2m7
zA|m~HrX4LLDE>)wws+_!f~7Tg;xO8ndF+M$a9s|8HYe4ludDA)J3+07%ZELQI2NoM
zI8KCPj*>o?BfMTjPzCH+lUtYqEhwr5^s_6pq!ZwdblZP&0dN;td7^dCe%vYb!L-~^
z@jd^IGfANW-JpA%)N|@FA9b;MPW__fj?jhShsGQVL&e>>w=e7sajBjmX^l`Z4Dr=&
zcr^eD!!Ic5;-2UCT1QJqwbJ+>);mIqtrN5p`<d3n&*dJ|xQOAwQ%s{N?-tRTzBmmh
z{20J|Uc=zQIi|GAoEl`iytRsb)z$jziHLU>sFlVz!hBDhgY2(!AJS3$SAxcx*X>u9
z<YAgGM&nnl<e0~VRYG~LodUSLkMSaBMUi6;(+SxHvKf>!a$_?|2GD&ja}@l=<&<4f
zvK<iyMFL85%uGX}!q6#S<^BX#$)9uPP)9<)|Gf{AwI!3}ashJ`7|>FU<eX+aOGx4m
zVx;%fHL{|Z^yRb&{u$^LMUWxETOX%U7|NUC<72N+&p0b<Xt=#Ygn4k{%Ky}`pIr5l
z_P`gsMGtI5L7l&DqWy3q{(^eq^%hN67bh9{3+{Y+YB9Y@T5VLl_WTHcJ~XcVOH=S9
z)j3%S5~~oI8dtPm4Svq8aly+xgjmYFNudV0&qjwY^6PUddSRugz6F{k+wexsTC@6%
zFN4~M6EHQy@uD*iV}bSsZ?txKR<slL!vn9L?VEr729C_V8x|1QD&)a`H(3Ax$AknK
zI2>R@H+1@tCqj*Q>L|EY^??~IRyjQT!$VGB%SEYL7i(gPugat7x$bUE5O7+1edOxW
zU=am%W%vvl5kB_Xbe4-F*+kZ)>{4WsZzkQHx`gAt)@tmY$F5~@Us_UsQr9qA?y-vv
zv7exF>JuYor!he^HZd~t_-995fxh2ziaLczag~;Bo7D4~^+3k+#M|J>nh*(8f3SHd
z#JIQ_Z-WOJT35t5n{ohh_#6Y<A}C3U48=M7qIcBJJULFy)i!2B-1#kpGuJUx&as1U
zx8?8(fCdC!YI+5_v3<3)E>~^pRtw|hN#arm1gc5cGn_l%_jKe`;(j=Wwb3_CMwu7^
z<Cl5S<%le9=BME}v-S#2?hq-n4`$e@!{sr!6ewMFDz^O~Em<o)I&+-js?v*}kg#pK
z-NDeshxP?A>J2CstbA@kRK+8qSpNe6)&NxSN3JBWn1-WS4h0U!jq-St8e{v|Rps+#
z@TLBbbaf7^kA>EZmsP8RWT0F5?QYfSGk!kHpXel9t!B+OhP4j`f@>*M)~HE%$~E;H
z3bxXhRn5Gt&7GkNE=7JC>Q-+wkk_o_^QeNk1sHpdSSe_MF7>-Yq>BSuGXzA($lsb`
zvh@m5-3}ZonHv@ry|Z?`V(1mMzRb=fRR;;{@v7CKWjpq<j2+p2$Q_h{HxhgL#N})i
zM7T|oCpEzFQNQz%FI^p|DmwIWSL;BKeT}qEtb<$VU@81IV$!FjP+&B_-RPCxlLlJ?
z>|uyR;`0eLG54}=i<UIGPo@RYg6`Q=UljX&BCPD{CD#Mn#1V1tURa)QSWcRa^J9K`
zZviXktgp?66h2zoT;<O<<0y6$OMf`T<t`Tg(p|BoHs4z|wrT`yY_mc^I!yplj_peM
zU;`@rrd)D984)t$r<`GQp-J4@2|u&c*ka{mIKuo*nds?pK)=Y-YJl1K`U^iO)Sw^d
z?eFbf;vc|eTC~u74X(y}iiaqZahMLmmucvk&jz~5V(6#GPP=v$ggZEHxC7-i@*|c9
z6_{4Fi@{#9i=-1U4$sIhn)T#?^_-vHs$LOf@zZL7`Gmb%pe~zi6+eGCU1c4vTsJ{+
zsqhm^`sa^-UPr?HTlcL01-@MjZlc4mY3_Pjz?up*tj-NbPL93)l9}WFa{hKw>c(iZ
z#*|b|t)hE8gUM@c!I*Jkd=dR!p=>LW%^)t*i*cpMqrR#sii+bAUkF}-X_qHs3><3C
zwsTYcuL$-NLuoN-R`cPF>`$Ypgb+q8<Ee`-WVFEM<!Va<`OhUb{RUzd-3{@D(YJm4
zr*N3%lQP_Sr@6NyUi}X_suf({)~K||r80Q69~!wnrZXKvMEz+c?P(ORss^2CE?hJk
zJV-_8ZtIyDzzLcqXqa6@=JC#1HjLoiXRZUQ4IlQ{S&<n*ceT?IEJ*2>c^YvuUiJml
zUt7Ezr0O&6eLHeFCP$mr(-Yp7I&jL-5^<>A_6NPC_X!LDCE0QUUqmYMn1h>jg+TZk
z5wf^+WLzOZ<J)$3h@CI1R6quXFFT;)Z~ll8yf_>iUAd6bMy>YxveaAjrn3A+`&fU`
zR%*Cq+q<jjGR2kicyq;GYT4XUOk!1dKeLkcUNG7gS#f@$x>$GNMNA?|@Y6}e{QGC?
zRaN1a-J&MUe_31?ZM|q5+!9;9Y@JrfPMjq2=;jVAcVqN9^}r)uJVw73XO_4OYnzUk
zjDl93YiwSwYj1kIv6&WGQH&<nU5Gk0<h4tlSgOoL6n0gHn%X^_S;akJuM9+%);6%`
z!mUIT<g}0K%OsQ*sr`?FHYZ)Y?=j?*rqL3&&pJ9o^0F39+ptLitx0@Bi(oPjk!tx9
z11x?J1Lg`th49P5#5DwID59aD!vAt^G@Liy@2k2G(-|P+BkAQCZu-QX-L%yRT{!s;
zo{k|03+QZfK}W|a0pmeT3elEwFRqO@)<_#|*`eQE%3Ji;MlN-vMTUK-yHK_l(oJCW
zt42xTGMd#x|7nZxEfbY5Gh-G=7OMhjS@6JFtIndo1n*x?I^0!Tp5y&`?Rp*VZhO6_
zqf<KC3yIPx4>0|elZ>#rRLC!J#s)o?P9ZA;#=HQux_I{7le|G_ka}JKw#_fH<Q1k*
zygz`MmyKEI)Cq|eC75HTsc2SC1@eRZGd7IlHd`cDDKBNr96WA5*?bTaIj>j=FpI2o
z9SLSxOXv~LN-9W6sI&=!ExD!@RQ_)0fnH;}e`ht%)%-aV-=`^E_DGi#+&%Wj+K4-=
z%&zaMO>*D0OCCdhnKNU1am+?)zd9zl{q}jWS%&vB%_GUK&DET(Qd3gYh%`)aO~`ok
z<Lej>9Lint<e-OP>iT-G@>p%KssX0mJe{h2>3;jiY&Zjz@#|juUwO)AMghV}kahVo
zO%aE!%Y$EmJGkzdrN_|Q+keo>1&+`_aUzQxS6|D7;B*NisQSbfSptf8?LwJLkGZ)N
zk}Alqe#zU7_}T5TBj7#Gxav8Um1$J@j6b|mRYfUPP$;Y~UgUB4AJDuji2C7}$Y&hf
zG^Io5f$?%1ql#V1?VLw)k_3ct$kq$T<lKDRM&J>_6#B=8j8De*QB7c%jQ@t|-M?kA
zcVz9@7A}^S{p2U$(iQ+zyS~O-V&tz(^#yPg3?$=DCHB9xXmNzSwHF*mqr^5&J(1H@
zW2qN~<!Vkv-K`yv@PZg^tH$tqvu*Q(Et&_b6BcT6H|MN)3J7O?03SuZp$huc9qUTF
zOU@uq=qdOr-I?Zp@q<=f?jH_gz?QO6=IUo*!<YOsd+(uFO`yLfT+ES1LxO?XJd2&-
zNA^FF#k@h!V@CSdi{mnlae0MdtLiQJK*vBwEY0ETJxWO%tD&X|<y*XQh6}}XeitNU
zgg<LpIH6hOb=j_e6%OzbML=x}vp4`E15|9>m83u9qxhLSg-r>pcWjIzx_qEVASsUY
zsR%X0A3JE9(!5R!v#2S_0^rT*bduG#G}vrSX^%@UOyeW#skIS%kDT!8l%9!HB;Fct
z7zaBJsY04YL+)&7aR!nbcP8-=A&G6uy$#?h?F1jNK9D4So}`@@9G`8H1aqkpHevkM
zO=2YEyC9IfhP3z2cFNJZg9#!e?IHR<O)0+R8q5Jw7-)ARD6kXvP4+(ANR1nnGsoUA
zioFT&<F0tP1dwd{JO2{ArRk=<E@I!5+;ObF(a#Trf+#k9=SS_sH!mdvQ{EpJIm@_Z
zudz8{ho|y^4&0d`p#Xq&5qH|>=4-nEY=4%s=-Wl<uSuBaZOM^B0x?k&eJ-6a@?soh
z-dB}rx>#CiR+kVUof}k|A~fL|kv+gjjpm`Bfq`3gZz9Q*vJExvWRX7F{8#Nkg`5S%
z^R^8O5>jPJilig<PN_@*%hoqke6T79vj?bM+IIMr0Ldh8Y_H^&f$Gs6o+<~jp>EfO
z9u2Goz>ezq#(=sVd1|6<l)Ay-txeWGs7i*=mSg3Bah`@@RX`~d8@q0*O&*So-Rp98
zrC|a^6ql^R`3sKVi9l(aNcw4g@}Q>3kWPAfkbY!Fm#5HRZ{(UaM+4guK_$-e!KUKX
zbdx0E_|%OldT&pAsBKlmHRR(&K`6dLpx8&iX9j`b+2V%ybN3)CxwBVxZ`HPLIv=<>
z+tY2`pX2Q_xB~!f8S%)DTA{7`-NX_|Eoq(o+HvQB;}=g9;prY3KGj%DKe;vDbUbKp
zie=RApYiFUrQ`NjjwC6H#Z}i=K-G2JW@bkt>gI({VS{@;tOs6wxX%ae<T936HJ2&R
zh+w_BOL*@M;FR~b{CxJCBi<|I(HHe_S1FF$J6<^m9g~#)0P=#$LFXjEen@5_q~KOw
zFPTa}_ATr@tH%C($xi%6vzVRiUX9amJG4DbXemla;9ip7+j+2O6G?T(pa28ovYZ$p
z&=q<Qn(CcRYk;ELp}RMQi*A2eG4?XBAtNgLgze?;i#LEH#rIo5Mf<)@-?R_=f2R^X
z@AiGg4;zkHD5Y3jDC-7l%i8&Cdse0I)=li&^!WF2WUIx%xU2)n<)6RBsRH4w5GiL*
zHq%*MP1V}6VW-J05g+?*+k$3w6N3peh>-dI<IR+uK_B32eEa6gfc2LFf+68X-JUSF
zfB#cNDPX(J53I9=LfGHtZ*mgAEhiNrLLTSu$KFu`E|!jVc>n85+58G5^X`#Af<Ix$
z3(md!l!?lt=gUX7|LfIcfbu+TIAB$F@UK~#0Yba)O9kZoU8-Ld%jCNPf3vXvm8~ub
YZZ0;wD^Rhb{{Z|>npv3^9rL*MADo}3a{vGU

literal 0
HcmV?d00001


From 3026860f670c7ae16313a2a1d00544cdbf040669 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 11:19:12 -0700
Subject: [PATCH 346/516] Update libcontainer to 68ea1234a0b046803aacb2562df

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 22f373aeda63cffb06efca4fae067395191e02e9
Component: engine
---
 components/engine/hack/vendor.sh                             | 2 +-
 .../cgroups/fs/{stats_test_util.go => stats_util_test.go}    | 0
 .../libcontainer/cgroups/fs/{test_util.go => util_test.go}   | 0
 .../src/github.com/docker/libcontainer/namespaces/exec.go    | 2 +-
 .../src/github.com/docker/libcontainer/namespaces/init.go    | 5 ++---
 .../vendor/src/github.com/docker/libcontainer/nsinit/init.go | 3 +++
 6 files changed, 7 insertions(+), 5 deletions(-)
 rename components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/{stats_test_util.go => stats_util_test.go} (100%)
 rename components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/{test_util.go => util_test.go} (100%)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index f916e1fcf0..3036b638b0 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer bc06326a5e7decdc4191d1367de8439b9d83c450
+clone git github.com/docker/libcontainer 68ea1234a0b046803aacb2562df0da12eec2b2f9
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_test_util.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_util_test.go
similarity index 100%
rename from components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_test_util.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/stats_util_test.go
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/test_util.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/util_test.go
similarity index 100%
rename from components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/test_util.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/util_test.go
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
index 6f3838fd22..c9b2037cc7 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
@@ -133,7 +133,7 @@ func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataP
 	   }
 	*/
 
-	command := exec.Command(init, append([]string{"init"}, args...)...)
+	command := exec.Command(init, append([]string{"init", "--"}, args...)...)
 	// make sure the process is executed inside the context of the rootfs
 	command.Dir = rootfs
 	command.Env = append(os.Environ(), env...)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index 0e678b67ab..f077fd6c8a 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -5,7 +5,6 @@ package namespaces
 import (
 	"fmt"
 	"os"
-	"runtime"
 	"strings"
 	"syscall"
 
@@ -28,6 +27,8 @@ import (
 // Move this to libcontainer package.
 // Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
 // and other options required for the new container.
+// The caller of Init function has to ensure that the go runtime is locked to an OS thread
+// (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended.
 func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *syncpipe.SyncPipe, args []string) (err error) {
 	defer func() {
 		if err != nil {
@@ -87,8 +88,6 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 		}
 	}
 
-	runtime.LockOSThread()
-
 	if err := apparmor.ApplyProfile(container.AppArmorProfile); err != nil {
 		return fmt.Errorf("set apparmor profile %s: %s", container.AppArmorProfile, err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
index 0dd964115c..e7a96632d7 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
@@ -3,6 +3,7 @@ package nsinit
 import (
 	"log"
 	"os"
+	"runtime"
 	"strconv"
 
 	"github.com/codegangsta/cli"
@@ -23,6 +24,8 @@ var (
 )
 
 func initAction(context *cli.Context) {
+	runtime.LockOSThread()
+
 	container, err := loadContainer()
 	if err != nil {
 		log.Fatal(err)

From 614ac47431e4e13a7fd8af2d7aa6f986e43194a3 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 11:41:59 -0700
Subject: [PATCH 347/516] Ensure thread is locked in sysinit for docker

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: cd6b9038255be10d827972ea66c8878cf1d228dc
Component: engine
---
 components/engine/sysinit/sysinit.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go
index 9da6a5fc5d..65d7bf4e7c 100644
--- a/components/engine/sysinit/sysinit.go
+++ b/components/engine/sysinit/sysinit.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"runtime"
 
 	"github.com/docker/docker/daemon/execdriver"
 	_ "github.com/docker/docker/daemon/execdriver/lxc"
@@ -23,6 +24,10 @@ func executeProgram(args *execdriver.InitArgs) error {
 // This code is run INSIDE the container and is responsible for setting
 // up the environment before running the actual process
 func SysInit() {
+	// The very first thing that we should do is lock the thread so that other
+	// system level options will work and not have issues, i.e. setns
+	runtime.LockOSThread()
+
 	if len(os.Args) <= 1 {
 		fmt.Println("You should not invoke dockerinit manually")
 		os.Exit(1)

From e31ec5d7f0ba253f34beaf7fc4f75347fc315e39 Mon Sep 17 00:00:00 2001
From: Stephen Crosby <stevecrozz@gmail.com>
Date: Tue, 29 Jul 2014 10:31:15 -0700
Subject: [PATCH 348/516] Correct grammer in MAINTAINERS.md

Signed-off-by: Stephen Crosby <stevecrozz@gmail.com>
Upstream-commit: 74212a15658a3f1c68a381a593488d7fda830272
Component: engine
---
 components/engine/hack/MAINTAINERS.md | 36 +++++++++++++--------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/components/engine/hack/MAINTAINERS.md b/components/engine/hack/MAINTAINERS.md
index 8af6013193..469c1e728b 100644
--- a/components/engine/hack/MAINTAINERS.md
+++ b/components/engine/hack/MAINTAINERS.md
@@ -4,12 +4,12 @@
 
 Dear maintainer. Thank you for investing the time and energy to help
 make Docker as useful as possible. Maintaining a project is difficult,
-sometimes unrewarding work.  Sure, you will get to contribute cool
+sometimes unrewarding work. Sure, you will get to contribute cool
 features to the project. But most of your time will be spent reviewing,
-cleaning up, documenting, answering questions, justifying design
+cleaning up, documenting, answering questions, and justifying design
 decisions - while everyone has all the fun! But remember - the quality
-of the maintainers work is what distinguishes the good projects from the
-great.  So please be proud of your work, even the unglamourous parts,
+of the maintainers' work is what distinguishes the good projects from
+the great. So please be proud of your work, even the unglamourous parts,
 and encourage a culture of appreciation and respect for *every* aspect
 of improving the project - not just the hot new features.
 
@@ -20,34 +20,34 @@ available to them.
 This is a living document - if you see something out of date or missing,
 speak up!
 
-## What are a maintainer's responsibility?
+## What is a maintainer's responsibility?
 
 It is every maintainer's responsibility to:
 
-1. Expose a clear roadmap for improving their component.
+1. Expose a clear road map for improving their component.
 2. Deliver prompt feedback and decisions on pull requests.
 3. Be available to anyone with questions, bug reports, criticism etc.
   on their component. This includes IRC, GitHub requests and the mailing
   list.
 4. Make sure their component respects the philosophy, design and
-  roadmap of the project.
+  road map of the project.
 
 ## How are decisions made?
 
-Short answer: with pull requests to the docker repository.
+Short answer: with pull requests to the Docker repository.
 
 Docker is an open-source project with an open design philosophy. This
 means that the repository is the source of truth for EVERY aspect of the
-project, including its philosophy, design, roadmap and APIs. *If it's
-part of the project, it's in the repo. It's in the repo, it's part of
+project, including its philosophy, design, road map, and APIs. *If it's
+part of the project, it's in the repo. If it's in the repo, it's part of
 the project.*
 
 As a result, all decisions can be expressed as changes to the
 repository. An implementation change is a change to the source code. An
 API change is a change to the API specification. A philosophy change is
-a change to the philosophy manifesto. And so on.
+a change to the philosophy manifesto, and so on.
 
-All decisions affecting docker, big and small, follow the same 3 steps:
+All decisions affecting Docker, big and small, follow the same 3 steps:
 
 * Step 1: Open a pull request. Anyone can do this.
 
@@ -60,16 +60,16 @@ this (see below "Who decides what?")
 ## Who decides what?
 
 All decisions are pull requests, and the relevant maintainers make
-decisions by accepting or refusing the pull request. Review and acceptance
-by anyone is denoted by adding a comment in the pull request: `LGTM`. 
-However, only currently listed `MAINTAINERS` are counted towards the required
-majority.
+decisions by accepting or refusing pull requests. Review and acceptance
+by anyone is denoted by adding a comment in the pull request: `LGTM`.
+However, only currently listed `MAINTAINERS` are counted towards the
+required majority.
 
 Docker follows the timeless, highly efficient and totally unfair system
 known as [Benevolent dictator for
 life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life), with
 yours truly, Solomon Hykes, in the role of BDFL. This means that all
-decisions are made by default by Solomon. Since making every decision
+decisions are made, by default, by Solomon. Since making every decision
 myself would be highly un-scalable, in practice decisions are spread
 across multiple maintainers.
 
@@ -90,7 +90,7 @@ maintainers for a specified directory.
 Please let your co-maintainers and other contributors know by raising a pull
 request that comments out your `MAINTAINERS` file entry using a `#`.
 
-### I'm a maintainer, should I make pull requests too?
+### I'm a maintainer. Should I make pull requests too?
 
 Yes. Nobody should ever push to master directly. All changes should be
 made through a pull request.

From 309f9edb73592a12ad2133d13082262f0885666f Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 1 Aug 2014 11:34:06 -0600
Subject: [PATCH 349/516] Add a "daemon" build tag and toggle it with the
 already-existing "DOCKER_CLIENTONLY" build variable

This works mostly by refactoring our "main" package to be careful about what it imports based on the daemon build tag. :)

Also, I've updated Travis to test "client-only" compilation after it tests the daemon version.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 1b95590d06b20b79041f6d23b9bc35612b82cb51
Component: engine
---
 components/engine/.travis.yml      |   4 +-
 components/engine/docker/client.go |  17 +++
 components/engine/docker/daemon.go | 112 ++++++++++++++
 components/engine/docker/docker.go | 238 +++++++----------------------
 components/engine/docker/flags.go  |  63 ++++++++
 components/engine/hack/make.sh     |   4 +
 6 files changed, 251 insertions(+), 187 deletions(-)
 create mode 100644 components/engine/docker/client.go
 create mode 100644 components/engine/docker/daemon.go
 create mode 100644 components/engine/docker/flags.go

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index 56f1910c93..e7d18f1c6d 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -16,6 +16,7 @@ sudo: false
 # Disable the normal go build.
 install:
   - export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper' # btrfs and devicemapper fail to compile thanks to a couple missing headers (which we can't install thanks to "sudo: false")
+  - export AUTO_GOPATH=1
 
 before_script:
   - env | sort
@@ -23,6 +24,7 @@ before_script:
 script:
   - hack/make.sh validate-dco
   - hack/make.sh validate-gofmt
-  - AUTO_GOPATH=1 ./hack/make.sh dynbinary
+  - ./hack/make.sh dynbinary
+  - DOCKER_CLIENTONLY=1 ./hack/make.sh dynbinary
 
 # vim:set sw=2 ts=2:
diff --git a/components/engine/docker/client.go b/components/engine/docker/client.go
new file mode 100644
index 0000000000..4565d6d6a1
--- /dev/null
+++ b/components/engine/docker/client.go
@@ -0,0 +1,17 @@
+// +build !daemon
+
+package main
+
+import (
+	"log"
+)
+
+const CanDaemon = false
+
+func mainSysinit() {
+	log.Fatal("This is a client-only binary - running it as 'dockerinit' is not supported.")
+}
+
+func mainDaemon() {
+	log.Fatal("This is a client-only binary - running the Docker daemon is not supported.")
+}
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
new file mode 100644
index 0000000000..4b994e9629
--- /dev/null
+++ b/components/engine/docker/daemon.go
@@ -0,0 +1,112 @@
+// +build daemon
+
+package main
+
+import (
+	"log"
+	"net"
+
+	"github.com/docker/docker/builtins"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/sysinit"
+)
+
+const CanDaemon = true
+
+func mainSysinit() {
+	// Running in init mode
+	sysinit.SysInit()
+}
+
+func mainDaemon() {
+	if flag.NArg() != 0 {
+		flag.Usage()
+		return
+	}
+
+	if *bridgeName != "" && *bridgeIp != "" {
+		log.Fatal("You specified -b & --bip, mutually exclusive options. Please specify only one.")
+	}
+
+	if !*flEnableIptables && !*flInterContainerComm {
+		log.Fatal("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
+	}
+
+	if net.ParseIP(*flDefaultIp) == nil {
+		log.Fatalf("Specified --ip=%s is not in correct format \"0.0.0.0\".", *flDefaultIp)
+	}
+
+	eng := engine.New()
+	// Load builtins
+	if err := builtins.Register(eng); err != nil {
+		log.Fatal(err)
+	}
+
+	// handle the pidfile early. https://github.com/docker/docker/issues/6973
+	if len(*pidfile) > 0 {
+		job := eng.Job("initserverpidfile", *pidfile)
+		if err := job.Run(); err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	// load the daemon in the background so we can immediately start
+	// the http api so that connections don't fail while the daemon
+	// is booting
+	go func() {
+		// Load plugin: httpapi
+		job := eng.Job("initserver")
+		// include the variable here too, for the server config
+		job.Setenv("Pidfile", *pidfile)
+		job.Setenv("Root", *flRoot)
+		job.SetenvBool("AutoRestart", *flAutoRestart)
+		job.SetenvList("Dns", flDns.GetAll())
+		job.SetenvList("DnsSearch", flDnsSearch.GetAll())
+		job.SetenvBool("EnableIptables", *flEnableIptables)
+		job.SetenvBool("EnableIpForward", *flEnableIpForward)
+		job.Setenv("BridgeIface", *bridgeName)
+		job.Setenv("BridgeIP", *bridgeIp)
+		job.Setenv("DefaultIp", *flDefaultIp)
+		job.SetenvBool("InterContainerCommunication", *flInterContainerComm)
+		job.Setenv("GraphDriver", *flGraphDriver)
+		job.SetenvList("GraphOptions", flGraphOpts.GetAll())
+		job.Setenv("ExecDriver", *flExecDriver)
+		job.SetenvInt("Mtu", *flMtu)
+		job.SetenvBool("EnableSelinuxSupport", *flSelinuxEnabled)
+		job.SetenvList("Sockets", flHosts.GetAll())
+		if err := job.Run(); err != nil {
+			log.Fatal(err)
+		}
+		// after the daemon is done setting up we can tell the api to start
+		// accepting connections
+		if err := eng.Job("acceptconnections").Run(); err != nil {
+			log.Fatal(err)
+		}
+	}()
+
+	// TODO actually have a resolved graphdriver to show?
+	log.Printf("docker daemon: %s %s; execdriver: %s; graphdriver: %s",
+		dockerversion.VERSION,
+		dockerversion.GITCOMMIT,
+		*flExecDriver,
+		*flGraphDriver)
+
+	// Serve api
+	job := eng.Job("serveapi", flHosts.GetAll()...)
+	job.SetenvBool("Logging", true)
+	job.SetenvBool("EnableCors", *flEnableCors)
+	job.Setenv("Version", dockerversion.VERSION)
+	job.Setenv("SocketGroup", *flSocketGroup)
+
+	job.SetenvBool("Tls", *flTls)
+	job.SetenvBool("TlsVerify", *flTlsVerify)
+	job.Setenv("TlsCa", *flCa)
+	job.Setenv("TlsCert", *flCert)
+	job.Setenv("TlsKey", *flKey)
+	job.SetenvBool("BufferRequests", true)
+	if err := job.Run(); err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 679c91b462..38a4da0d44 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -6,19 +6,13 @@ import (
 	"fmt"
 	"io/ioutil"
 	"log"
-	"net"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/client"
-	"github.com/docker/docker/builtins"
 	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
-	"github.com/docker/docker/sysinit"
 	"github.com/docker/docker/utils"
 )
 
@@ -28,63 +22,24 @@ const (
 	defaultCertFile = "cert.pem"
 )
 
-var (
-	dockerConfDir = os.Getenv("DOCKER_CONFIG")
-)
-
 func main() {
-	if len(dockerConfDir) == 0 {
-		dockerConfDir = filepath.Join(os.Getenv("HOME"), ".docker")
-	}
 	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
-		// Running in init mode
-		sysinit.SysInit()
+		mainSysinit()
 		return
 	}
 
-	var (
-		flVersion            = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
-		flDaemon             = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
-		flGraphOpts          opts.ListOpts
-		flDebug              = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
-		flAutoRestart        = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers")
-		bridgeName           = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking")
-		bridgeIp             = flag.String([]string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
-		pidfile              = flag.String([]string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
-		flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
-		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
-		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
-		flDns                = opts.NewListOpts(opts.ValidateIPAddress)
-		flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
-		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
-		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
-		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
-		flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
-		flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the Docker runtime to use a specific storage driver")
-		flExecDriver         = flag.String([]string{"e", "-exec-driver"}, "native", "Force the Docker runtime to use a specific exec driver")
-		flHosts              = opts.NewListOpts(api.ValidateHost)
-		flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available")
-		flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
-		flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
-		flCa                 = flag.String([]string{"-tlscacert"}, filepath.Join(dockerConfDir, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
-		flCert               = flag.String([]string{"-tlscert"}, filepath.Join(dockerConfDir, defaultCertFile), "Path to TLS certificate file")
-		flKey                = flag.String([]string{"-tlskey"}, filepath.Join(dockerConfDir, defaultKeyFile), "Path to TLS key file")
-		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
-	)
-	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
-	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
-	flag.Var(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
-	flag.Var(&flGraphOpts, []string{"-storage-opt"}, "Set storage driver options")
-
 	flag.Parse()
 
 	if *flVersion {
 		showVersion()
 		return
 	}
+	if *flDebug {
+		os.Setenv("DEBUG", "1")
+	}
+
 	if flHosts.Len() == 0 {
 		defaultHost := os.Getenv("DOCKER_HOST")
-
 		if defaultHost == "" || *flDaemon {
 			// If we do not have a host, default to unix socket
 			defaultHost = fmt.Sprintf("unix://%s", api.DEFAULTUNIXSOCKET)
@@ -95,152 +50,63 @@ func main() {
 		flHosts.Set(defaultHost)
 	}
 
-	if *bridgeName != "" && *bridgeIp != "" {
-		log.Fatal("You specified -b & --bip, mutually exclusive options. Please specify only one.")
-	}
-
-	if !*flEnableIptables && !*flInterContainerComm {
-		log.Fatal("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
-	}
-
-	if net.ParseIP(*flDefaultIp) == nil {
-		log.Fatalf("Specified --ip=%s is not in correct format \"0.0.0.0\".", *flDefaultIp)
-	}
-
-	if *flDebug {
-		os.Setenv("DEBUG", "1")
-	}
-
 	if *flDaemon {
-		if flag.NArg() != 0 {
-			flag.Usage()
-			return
-		}
-		eng := engine.New()
-		// Load builtins
-		if err := builtins.Register(eng); err != nil {
-			log.Fatal(err)
+		mainDaemon()
+		return
+	}
+
+	if flHosts.Len() > 1 {
+		log.Fatal("Please specify only one -H")
+	}
+	protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
+
+	var (
+		cli       *client.DockerCli
+		tlsConfig tls.Config
+	)
+	tlsConfig.InsecureSkipVerify = true
+
+	// If we should verify the server, we need to load a trusted ca
+	if *flTlsVerify {
+		*flTls = true
+		certPool := x509.NewCertPool()
+		file, err := ioutil.ReadFile(*flCa)
+		if err != nil {
+			log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
 		}
+		certPool.AppendCertsFromPEM(file)
+		tlsConfig.RootCAs = certPool
+		tlsConfig.InsecureSkipVerify = false
+	}
 
-		// handle the pidfile early. https://github.com/docker/docker/issues/6973
-		if len(*pidfile) > 0 {
-			job := eng.Job("initserverpidfile", *pidfile)
-			if err := job.Run(); err != nil {
-				log.Fatal(err)
-			}
-		}
-
-		// load the daemon in the background so we can immediately start
-		// the http api so that connections don't fail while the daemon
-		// is booting
-		go func() {
-			// Load plugin: httpapi
-			job := eng.Job("initserver")
-			// include the variable here too, for the server config
-			job.Setenv("Pidfile", *pidfile)
-			job.Setenv("Root", *flRoot)
-			job.SetenvBool("AutoRestart", *flAutoRestart)
-			job.SetenvList("Dns", flDns.GetAll())
-			job.SetenvList("DnsSearch", flDnsSearch.GetAll())
-			job.SetenvBool("EnableIptables", *flEnableIptables)
-			job.SetenvBool("EnableIpForward", *flEnableIpForward)
-			job.Setenv("BridgeIface", *bridgeName)
-			job.Setenv("BridgeIP", *bridgeIp)
-			job.Setenv("DefaultIp", *flDefaultIp)
-			job.SetenvBool("InterContainerCommunication", *flInterContainerComm)
-			job.Setenv("GraphDriver", *flGraphDriver)
-			job.SetenvList("GraphOptions", flGraphOpts.GetAll())
-			job.Setenv("ExecDriver", *flExecDriver)
-			job.SetenvInt("Mtu", *flMtu)
-			job.SetenvBool("EnableSelinuxSupport", *flSelinuxEnabled)
-			job.SetenvList("Sockets", flHosts.GetAll())
-			if err := job.Run(); err != nil {
-				log.Fatal(err)
-			}
-			// after the daemon is done setting up we can tell the api to start
-			// accepting connections
-			if err := eng.Job("acceptconnections").Run(); err != nil {
-				log.Fatal(err)
-			}
-		}()
-
-		// TODO actually have a resolved graphdriver to show?
-		log.Printf("docker daemon: %s %s; execdriver: %s; graphdriver: %s",
-			dockerversion.VERSION,
-			dockerversion.GITCOMMIT,
-			*flExecDriver,
-			*flGraphDriver)
-
-		// Serve api
-		job := eng.Job("serveapi", flHosts.GetAll()...)
-		job.SetenvBool("Logging", true)
-		job.SetenvBool("EnableCors", *flEnableCors)
-		job.Setenv("Version", dockerversion.VERSION)
-		job.Setenv("SocketGroup", *flSocketGroup)
-
-		job.SetenvBool("Tls", *flTls)
-		job.SetenvBool("TlsVerify", *flTlsVerify)
-		job.Setenv("TlsCa", *flCa)
-		job.Setenv("TlsCert", *flCert)
-		job.Setenv("TlsKey", *flKey)
-		job.SetenvBool("BufferRequests", true)
-		if err := job.Run(); err != nil {
-			log.Fatal(err)
-		}
-	} else {
-		if flHosts.Len() > 1 {
-			log.Fatal("Please specify only one -H")
-		}
-		protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
-
-		var (
-			cli       *client.DockerCli
-			tlsConfig tls.Config
-		)
-		tlsConfig.InsecureSkipVerify = true
-
-		// If we should verify the server, we need to load a trusted ca
-		if *flTlsVerify {
+	// If tls is enabled, try to load and send client certificates
+	if *flTls || *flTlsVerify {
+		_, errCert := os.Stat(*flCert)
+		_, errKey := os.Stat(*flKey)
+		if errCert == nil && errKey == nil {
 			*flTls = true
-			certPool := x509.NewCertPool()
-			file, err := ioutil.ReadFile(*flCa)
+			cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
 			if err != nil {
-				log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
+				log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
 			}
-			certPool.AppendCertsFromPEM(file)
-			tlsConfig.RootCAs = certPool
-			tlsConfig.InsecureSkipVerify = false
+			tlsConfig.Certificates = []tls.Certificate{cert}
 		}
+	}
 
-		// If tls is enabled, try to load and send client certificates
-		if *flTls || *flTlsVerify {
-			_, errCert := os.Stat(*flCert)
-			_, errKey := os.Stat(*flKey)
-			if errCert == nil && errKey == nil {
-				*flTls = true
-				cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
-				if err != nil {
-					log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
-				}
-				tlsConfig.Certificates = []tls.Certificate{cert}
+	if *flTls || *flTlsVerify {
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
+	} else {
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
+	}
+
+	if err := cli.ParseCommands(flag.Args()...); err != nil {
+		if sterr, ok := err.(*utils.StatusError); ok {
+			if sterr.Status != "" {
+				log.Println(sterr.Status)
 			}
+			os.Exit(sterr.StatusCode)
 		}
-
-		if *flTls || *flTlsVerify {
-			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
-		} else {
-			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
-		}
-
-		if err := cli.ParseCommands(flag.Args()...); err != nil {
-			if sterr, ok := err.(*utils.StatusError); ok {
-				if sterr.Status != "" {
-					log.Println(sterr.Status)
-				}
-				os.Exit(sterr.StatusCode)
-			}
-			log.Fatal(err)
-		}
+		log.Fatal(err)
 	}
 }
 
diff --git a/components/engine/docker/flags.go b/components/engine/docker/flags.go
new file mode 100644
index 0000000000..17b23d9391
--- /dev/null
+++ b/components/engine/docker/flags.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+var (
+	dockerConfDir = os.Getenv("DOCKER_CONFIG")
+)
+
+func init() {
+	if dockerConfDir == "" {
+		dockerConfDir = filepath.Join(os.Getenv("HOME"), ".docker")
+	}
+}
+
+var (
+	flVersion            = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
+	flDaemon             = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
+	flGraphOpts          opts.ListOpts
+	flDebug              = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
+	flAutoRestart        = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers")
+	bridgeName           = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking")
+	bridgeIp             = flag.String([]string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
+	pidfile              = flag.String([]string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
+	flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
+	flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
+	flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
+	flDns                = opts.NewListOpts(opts.ValidateIPAddress)
+	flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
+	flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
+	flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
+	flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
+	flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
+	flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the Docker runtime to use a specific storage driver")
+	flExecDriver         = flag.String([]string{"e", "-exec-driver"}, "native", "Force the Docker runtime to use a specific exec driver")
+	flHosts              = opts.NewListOpts(api.ValidateHost)
+	flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available")
+	flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
+	flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
+	flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
+
+	// these are initialized in init() below since their default values depend on dockerConfDir which isn't fully initialized until init() runs
+	flCa   *string
+	flCert *string
+	flKey  *string
+)
+
+func init() {
+	flCa = flag.String([]string{"-tlscacert"}, filepath.Join(dockerConfDir, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
+	flCert = flag.String([]string{"-tlscert"}, filepath.Join(dockerConfDir, defaultCertFile), "Path to TLS certificate file")
+	flKey = flag.String([]string{"-tlskey"}, filepath.Join(dockerConfDir, defaultKeyFile), "Path to TLS key file")
+
+	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
+	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
+	flag.Var(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
+	flag.Var(&flGraphOpts, []string{"-storage-opt"}, "Set storage driver options")
+}
diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index 2d883cd883..05e3310889 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -90,6 +90,10 @@ if [ ! "$GOPATH" ]; then
 	exit 1
 fi
 
+if [ -z "$DOCKER_CLIENTONLY" ]; then
+	DOCKER_BUILDTAGS+=" daemon"
+fi
+
 # Use these flags when compiling the tests and final binary
 LDFLAGS='
 	-w

From 587342c3a261c1ca09c3ccea3dffeba238256032 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 1 Aug 2014 16:57:28 -0600
Subject: [PATCH 350/516] Adjust build tags to be client-only in "make cross"
 too

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: ba663eac3a2deba4d89803453b07a09d8628f5f9
Component: engine
---
 components/engine/hack/make/cross | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/engine/hack/make/cross b/components/engine/hack/make/cross
index 32fbbc38f9..6ca06f8c3d 100644
--- a/components/engine/hack/make/cross
+++ b/components/engine/hack/make/cross
@@ -3,6 +3,12 @@ set -e
 
 DEST=$1
 
+# explicit list of os/arch combos that support being a daemon
+declare -A daemonSupporting
+daemonSupporting=(
+	[linux/amd64]=1
+)
+
 # if we have our linux/amd64 version compiled, let's symlink it in
 if [ -x "$DEST/../binary/docker-$VERSION" ]; then
 	mkdir -p "$DEST/linux/amd64"
@@ -18,7 +24,10 @@ for platform in $DOCKER_CROSSPLATFORMS; do
 		mkdir -p "$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION
 		export GOOS=${platform%/*}
 		export GOARCH=${platform##*/}
-		export LDFLAGS_STATIC_DOCKER="" # we just need a simple client for these platforms (TODO this might change someday)
+		if [ -z "${daemonSupporting[$platform]}" ]; then
+			export LDFLAGS_STATIC_DOCKER="" # we just need a simple client for these platforms
+			export BUILDFLAGS=( "${BUILDFLAGS[@]/ daemon/}" ) # remove the "daemon" build tag from platforms that aren't supported
+		fi
 		source "$(dirname "$BASH_SOURCE")/binary" "$DEST/$platform"
 	)
 done

From 3b38f1694c865f4ec15fdb4944a8410ec1e058a6 Mon Sep 17 00:00:00 2001
From: Ben Firshman <ben@firshman.co.uk>
Date: Mon, 4 Aug 2014 17:17:23 -0700
Subject: [PATCH 351/516] Rename DOCKER_CONFIG envvar to DOCKER_CERT_PATH

DOCKER_CONFIG was introduced in #6984.

We may use "config" for other purposes (e.g. #7232). Until we
have made a design decision around how configuration files will
work, DOCKER_CERT_PATH is a much safer name to rely on for future
compatibility.

Docker-DCO-1.1-Signed-off-by: Ben Firshman <ben@firshman.co.uk> (github: bfirsh)
Upstream-commit: a49de2c46713149053b0ee25313c6f7a39273c25
Component: engine
---
 components/engine/docker/flags.go                | 14 +++++++-------
 components/engine/docs/sources/articles/https.md |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/engine/docker/flags.go b/components/engine/docker/flags.go
index 17b23d9391..6740db5ceb 100644
--- a/components/engine/docker/flags.go
+++ b/components/engine/docker/flags.go
@@ -10,12 +10,12 @@ import (
 )
 
 var (
-	dockerConfDir = os.Getenv("DOCKER_CONFIG")
+	dockerCertPath = os.Getenv("DOCKER_CERT_PATH")
 )
 
 func init() {
-	if dockerConfDir == "" {
-		dockerConfDir = filepath.Join(os.Getenv("HOME"), ".docker")
+	if dockerCertPath == "" {
+		dockerCertPath = filepath.Join(os.Getenv("HOME"), ".docker")
 	}
 }
 
@@ -45,16 +45,16 @@ var (
 	flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
 	flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
 
-	// these are initialized in init() below since their default values depend on dockerConfDir which isn't fully initialized until init() runs
+	// these are initialized in init() below since their default values depend on dockerCertPath which isn't fully initialized until init() runs
 	flCa   *string
 	flCert *string
 	flKey  *string
 )
 
 func init() {
-	flCa = flag.String([]string{"-tlscacert"}, filepath.Join(dockerConfDir, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
-	flCert = flag.String([]string{"-tlscert"}, filepath.Join(dockerConfDir, defaultCertFile), "Path to TLS certificate file")
-	flKey = flag.String([]string{"-tlskey"}, filepath.Join(dockerConfDir, defaultKeyFile), "Path to TLS key file")
+	flCa = flag.String([]string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
+	flCert = flag.String([]string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file")
+	flKey = flag.String([]string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file")
 
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
 	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index 9817bfd3ee..a05363be14 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -125,7 +125,7 @@ Docker in various other modes by mixing the flags.
 If found, the client will send its client certificate, so you just need
 to drop your keys into `~/.docker/<ca, cert or key>.pem`. Alternatively,
 if you want to store your keys in another location, you can specify that
-location using the environment variable `DOCKER_CONFIG`.
+location using the environment variable `DOCKER_CERT_PATH`.
 
-    $ export DOCKER_CONFIG=${HOME}/.dockers/zone1/
+    $ export DOCKER_CERT_PATH=${HOME}/.dockers/zone1/
     $ docker --tlsverify ps

From dfceacb2e1c479947bb002d233f9193262901c90 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 5 Aug 2014 12:07:56 -0600
Subject: [PATCH 352/516] Add contrib/nuke-graph-directory.sh script to clean
 out old /var/lib/docker directories much more easily

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 047ce47d92c94a5c406d12238004e6f35d92fdd3
Component: engine
---
 .../engine/contrib/nuke-graph-directory.sh    | 64 +++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100755 components/engine/contrib/nuke-graph-directory.sh

diff --git a/components/engine/contrib/nuke-graph-directory.sh b/components/engine/contrib/nuke-graph-directory.sh
new file mode 100755
index 0000000000..f44c45a174
--- /dev/null
+++ b/components/engine/contrib/nuke-graph-directory.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -e
+
+dir="$1"
+
+if [ -z "$dir" ]; then
+	{
+		echo 'This script is for destroying old /var/lib/docker directories more safely than'
+		echo '  "rm -rf", which can cause data loss or other serious issues.'
+		echo
+		echo "usage: $0 directory"
+		echo "   ie: $0 /var/lib/docker"
+	} >&2
+	exit 1
+fi
+
+if [ "$(id -u)" != 0 ]; then
+	echo >&2 "error: $0 must be run as root"
+	exit 1
+fi
+
+if [ ! -d "$dir" ]; then
+	echo >&2 "error: $dir is not a directory"
+	exit 1
+fi
+
+dir="$(readlink -f "$dir")"
+
+echo
+echo "Nuking $dir ..."
+echo '  (if this is wrong, press Ctrl+C NOW!)'
+echo
+
+( set -x; sleep 10 )
+echo
+
+dir_in_dir() {
+	inner="$1"
+	outer="$2"
+	[ "${inner#$outer}" != "$inner" ]
+}
+
+# let's start by unmounting any submounts in $dir
+#   (like -v /home:... for example - DON'T DELETE MY HOME DIRECTORY BRU!)
+for mount in $(awk '{ print $5 }' /proc/self/mountinfo); do
+	mount="$(readlink -f "$mount" || true)"
+	if dir_in_dir "$mount" "$dir"; then
+		( set -x; umount -f "$mount" )
+	fi
+done
+
+# now, let's go destroy individual btrfs subvolumes, if any exist
+if command -v btrfs &> /dev/null; then
+	root="$(df "$dir" | awk 'NR>1 { print $NF }')"
+	for subvol in $(btrfs subvolume list -o "$root" 2>/dev/null | awk -F' path ' '{ print $2 }'); do
+		subvolDir="$root/$subvol"
+		if dir_in_dir "$subvolDir" "$dir"; then
+			( set -x; btrfs subvolume delete "$subvolDir" )
+		fi
+	done
+fi
+
+# finally, DESTROY ALL THINGS
+( set -x; rm -rf "$dir" )

From 05babb14b711271eedda08606739d4d843c75d70 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 5 Aug 2014 16:43:33 -0400
Subject: [PATCH 353/516] Docker should use /var/lib/container/tmp for large
 temporary files.

/tmp is often a tmpfs file system and large temporary files could cause
docker commands to fail.  Also using /tmp potentially allows users on the
system to get access to content, or even attack the content.  Moving the tmpdir to
/var/lib/container/tmp will protect the data.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)

Conflicts:
	docker/docker.go
Upstream-commit: b4813f2841638be28208b7b1602f12750a46ece9
Component: engine
---
 components/engine/daemon/daemon.go             |  5 ++++-
 .../docs/sources/reference/commandline/cli.md  |  7 +++----
 components/engine/utils/tmpdir.go              | 12 ++++++++++++
 components/engine/utils/tmpdir_unix.go         | 18 ++++++++++++++++++
 4 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 components/engine/utils/tmpdir.go
 create mode 100644 components/engine/utils/tmpdir_unix.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 3da5422c6e..0d275492dc 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -678,7 +678,10 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	}
 
 	// set up the TempDir to use a canonical path
-	tmp := os.TempDir()
+	tmp, err := utils.TempDir(config.Root)
+	if err != nil {
+		log.Fatalf("Unable to get the TempDir under %s: %s", config.Root, err)
+	}
 	realTmp, err := utils.ReadSymlinkedDirectory(tmp)
 	if err != nil {
 		log.Fatalf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 83590a60e1..83cd56a206 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -120,12 +120,11 @@ systemd in the [docker source tree](
 https://github.com/docker/docker/blob/master/contrib/init/systemd/socket-activation/).
 
 Docker supports softlinks for the Docker data directory
-(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set
-like this:
+(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this:
 
-    TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
+    DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
     # or
-    export TMPDIR=/mnt/disk2/tmp
+    export DOCKER_TMPDIR=/mnt/disk2/tmp
     /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
 
 ## attach
diff --git a/components/engine/utils/tmpdir.go b/components/engine/utils/tmpdir.go
new file mode 100644
index 0000000000..921a8f697c
--- /dev/null
+++ b/components/engine/utils/tmpdir.go
@@ -0,0 +1,12 @@
+// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd
+
+package utils
+
+import (
+	"os"
+)
+
+// TempDir returns the default directory to use for temporary files.
+func TempDir(rootdir string) (string error) {
+	return os.TempDir(), nil
+}
diff --git a/components/engine/utils/tmpdir_unix.go b/components/engine/utils/tmpdir_unix.go
new file mode 100644
index 0000000000..30d7c3a192
--- /dev/null
+++ b/components/engine/utils/tmpdir_unix.go
@@ -0,0 +1,18 @@
+// +build darwin dragonfly freebsd linux netbsd openbsd
+
+package utils
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// TempDir returns the default directory to use for temporary files.
+func TempDir(rootDir string) (string, error) {
+	var tmpDir string
+	if tmpDir = os.Getenv("DOCKER_TMPDIR"); tmpDir == "" {
+		tmpDir = filepath.Join(rootDir, "tmp")
+	}
+	err := os.MkdirAll(tmpDir, 0700)
+	return tmpDir, err
+}

From 88553ea65190a898ec54d99a0a28e628204ddab4 Mon Sep 17 00:00:00 2001
From: Marc Tamsky <mtamsky@gmail.com>
Date: Tue, 5 Aug 2014 18:11:32 -0700
Subject: [PATCH 354/516] style, grammar, spelling fixes.

Signed-off-by: Marc Tamsky <mtamsky@gmail.com> (github: tamsky)
Upstream-commit: 07099b62563f3201877995181825d4cd4822ed89
Component: engine
---
 .../engine/daemon/graphdriver/devmapper/README.md    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index bf6f2c792c..3a09132541 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -7,7 +7,7 @@ module (dm-thinp) to implement CoW snapshots. For each devicemapper
 graph location (typically `/var/lib/docker/devicemapper`, $graph below)
 a thin pool is created based on two block devices, one for data and
 one for metadata.  By default these block devices are created
-automatically by using loopback mounts of automatically creates sparse
+automatically by using loopback mounts of automatically created sparse
 files.
 
 The default loopback files used are `$graph/devicemapper/data` and
@@ -15,15 +15,15 @@ The default loopback files used are `$graph/devicemapper/data` and
 from docker entities to the corresponding devicemapper volumes is
 stored in the `$graph/devicemapper/json` file (encoded as Json).
 
-In order to support multiple devicemapper graphs on a system the thin
+In order to support multiple devicemapper graphs on a system, the thin
 pool will be named something like: `docker-0:33-19478248-pool`, where
 the `0:33` part is the minor/major device nr and `19478248` is the
 inode number of the $graph directory.
 
-On the thin pool docker automatically creates a base thin device,
+On the thin pool, docker automatically creates a base thin device,
 called something like `docker-0:33-19478248-base` of a fixed
-size. This is automatically formatted on creation and contains just an
-empty filesystem. This device is the base of all docker images and
+size. This is automatically formatted with an empty filesystem on
+creation. This device is the base of all docker images and
 containers. All base images are snapshots of this device and those
 images are then in turn used as snapshots for other images and
 eventually containers.
@@ -31,7 +31,7 @@ eventually containers.
 ### options
 
 The devicemapper backend supports some options that you can specify
-when starting the docker daemon using the --storage-opt flags.
+when starting the docker daemon using the `--storage-opt` flags.
 This uses the `dm` prefix and would be used something like `docker -d --storage-opt dm.foo=bar`.
 
 Here is the list of supported options:

From 17e78a7923b0986884c8bd659a50385e8de7fd60 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 5 Aug 2014 18:13:43 -0700
Subject: [PATCH 355/516] Update libcontainer to 5589d4d879f1d7e31967a927d3e

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 6215422286f59530e598b3317c9ea789f8c1d0c7
Component: engine
---
 components/engine/hack/vendor.sh              |   2 +-
 .../docker/libcontainer/.travis.yml           |   8 +-
 .../github.com/docker/libcontainer/Dockerfile |   8 +-
 .../docker/libcontainer/MAINTAINERS           |   1 +
 .../github.com/docker/libcontainer/Makefile   |  18 +-
 .../libcontainer/cgroups/cgutil/cgutil.go     |  24 +-
 .../docker/libcontainer/namespaces/execin.go  |  46 +-
 .../docker/libcontainer/namespaces/nsenter.c  | 235 +++++
 .../docker/libcontainer/namespaces/nsenter.go | 206 -----
 .../libcontainer/netlink/netlink_linux.go     |  61 +-
 .../netlink/netlink_linux_test.go             |  27 +-
 .../netlink/netlink_unsupported.go            |   4 +
 .../docker/libcontainer/nsinit/cli.go         |   5 +-
 .../docker/libcontainer/nsinit/exec.go        |  55 +-
 .../docker/libcontainer/nsinit/nsenter.go     |  14 +-
 .../docker/libcontainer/update-vendor.sh      |  48 +
 .../github.com/codegangsta/cli/.travis.yml    |   6 +
 .../src/github.com/codegangsta/cli/LICENSE    |  21 +
 .../src/github.com/codegangsta/cli/README.md  | 257 ++++++
 .../src/github.com/codegangsta/cli/app.go     | 248 ++++++
 .../github.com/codegangsta/cli/app_test.go    | 399 +++++++++
 .../cli/autocomplete/bash_autocomplete        |  13 +
 .../src/github.com/codegangsta/cli/cli.go     |  19 +
 .../github.com/codegangsta/cli/cli_test.go    |  88 ++
 .../src/github.com/codegangsta/cli/command.go | 141 +++
 .../codegangsta/cli/command_test.go           |  48 +
 .../src/github.com/codegangsta/cli/context.go | 280 ++++++
 .../codegangsta/cli/context_test.go           |  68 ++
 .../src/github.com/codegangsta/cli/flag.go    | 280 ++++++
 .../github.com/codegangsta/cli/flag_test.go   | 194 +++++
 .../src/github.com/codegangsta/cli/help.go    | 213 +++++
 .../codegangsta/cli/helpers_test.go           |  19 +
 .../github.com/coreos/go-systemd/.travis.yml  |   8 +
 .../src/github.com/coreos/go-systemd/LICENSE  | 191 ++++
 .../github.com/coreos/go-systemd/README.md    |  44 +
 .../coreos/go-systemd/activation/files.go     |  56 ++
 .../go-systemd/activation/files_test.go       |  84 ++
 .../coreos/go-systemd/activation/listeners.go |  38 +
 .../go-systemd/activation/listeners_test.go   |  88 ++
 .../github.com/coreos/go-systemd/dbus/dbus.go | 104 +++
 .../coreos/go-systemd/dbus/dbus_test.go       |  41 +
 .../coreos/go-systemd/dbus/methods.go         | 396 +++++++++
 .../coreos/go-systemd/dbus/methods_test.go    | 332 +++++++
 .../coreos/go-systemd/dbus/properties.go      | 220 +++++
 .../github.com/coreos/go-systemd/dbus/set.go  |  33 +
 .../coreos/go-systemd/dbus/set_test.go        |  39 +
 .../coreos/go-systemd/dbus/subscription.go    | 251 ++++++
 .../go-systemd/dbus/subscription_set.go       |  32 +
 .../go-systemd/dbus/subscription_set_test.go  |  66 ++
 .../go-systemd/dbus/subscription_test.go      |  91 ++
 .../examples/activation/activation.go         |  44 +
 .../examples/activation/httpserver/README.md  |  19 +
 .../activation/httpserver/hello.service       |  11 +
 .../activation/httpserver/hello.socket        |   5 +
 .../activation/httpserver/httpserver.go       |  26 +
 .../go-systemd/examples/activation/listen.go  |  50 ++
 .../fixtures/enable-disable.service           |   5 +
 .../go-systemd/fixtures/start-stop.service    |   5 +
 .../fixtures/subscribe-events-set.service     |   5 +
 .../fixtures/subscribe-events.service         |   5 +
 .../coreos/go-systemd/journal/send.go         | 168 ++++
 .../coreos/go-systemd/login1/dbus.go          |  81 ++
 .../coreos/go-systemd/login1/dbus_test.go     |  30 +
 .../src/github.com/coreos/go-systemd/test     |   3 +
 .../vendor/src/github.com/godbus/dbus/LICENSE |  25 +
 .../github.com/godbus/dbus/README.markdown    |  38 +
 .../godbus/dbus/_examples/eavesdrop.go        |  30 +
 .../godbus/dbus/_examples/introspect.go       |  21 +
 .../godbus/dbus/_examples/list-names.go       |  27 +
 .../godbus/dbus/_examples/notification.go     |  17 +
 .../github.com/godbus/dbus/_examples/prop.go  |  68 ++
 .../godbus/dbus/_examples/server.go           |  45 +
 .../godbus/dbus/_examples/signal.go           |  24 +
 .../vendor/src/github.com/godbus/dbus/auth.go | 253 ++++++
 .../github.com/godbus/dbus/auth_external.go   |  26 +
 .../src/github.com/godbus/dbus/auth_sha1.go   | 102 +++
 .../vendor/src/github.com/godbus/dbus/call.go | 147 ++++
 .../vendor/src/github.com/godbus/dbus/conn.go | 601 +++++++++++++
 .../src/github.com/godbus/dbus/conn_darwin.go |  21 +
 .../src/github.com/godbus/dbus/conn_other.go  |  27 +
 .../src/github.com/godbus/dbus/conn_test.go   | 199 +++++
 .../vendor/src/github.com/godbus/dbus/dbus.go | 258 ++++++
 .../src/github.com/godbus/dbus/decoder.go     | 228 +++++
 .../vendor/src/github.com/godbus/dbus/doc.go  |  63 ++
 .../src/github.com/godbus/dbus/encoder.go     | 179 ++++
 .../github.com/godbus/dbus/examples_test.go   |  50 ++
 .../src/github.com/godbus/dbus/export.go      | 302 +++++++
 .../src/github.com/godbus/dbus/homedir.go     |  28 +
 .../github.com/godbus/dbus/homedir_dynamic.go |  15 +
 .../github.com/godbus/dbus/homedir_static.go  |  45 +
 .../github.com/godbus/dbus/introspect/call.go |  27 +
 .../godbus/dbus/introspect/introspect.go      |  80 ++
 .../godbus/dbus/introspect/introspectable.go  |  74 ++
 .../src/github.com/godbus/dbus/message.go     | 346 ++++++++
 .../src/github.com/godbus/dbus/prop/prop.go   | 264 ++++++
 .../src/github.com/godbus/dbus/proto_test.go  | 369 ++++++++
 .../vendor/src/github.com/godbus/dbus/sig.go  | 257 ++++++
 .../src/github.com/godbus/dbus/sig_test.go    |  70 ++
 .../godbus/dbus/transport_darwin.go           |   6 +
 .../godbus/dbus/transport_generic.go          |  35 +
 .../github.com/godbus/dbus/transport_unix.go  | 190 ++++
 .../godbus/dbus/transport_unix_test.go        |  49 ++
 .../godbus/dbus/transport_unixcred.go         |  22 +
 .../src/github.com/godbus/dbus/variant.go     | 129 +++
 .../github.com/godbus/dbus/variant_lexer.go   | 284 ++++++
 .../github.com/godbus/dbus/variant_parser.go  | 817 ++++++++++++++++++
 .../github.com/godbus/dbus/variant_test.go    |  78 ++
 .../github.com/syndtr/gocapability/LICENSE    |  24 +
 .../gocapability/capability/capability.go     |  71 ++
 .../capability/capability_linux.go            | 566 ++++++++++++
 .../capability/capability_noop.go             |  19 +
 .../capability/capability_test.go             |  83 ++
 .../syndtr/gocapability/capability/enum.go    | 338 ++++++++
 .../gocapability/capability/syscall_linux.go  | 143 +++
 114 files changed, 12461 insertions(+), 346 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c
 create mode 100755 components/engine/vendor/src/github.com/docker/libcontainer/update-vendor.sh
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
 create mode 100755 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 3036b638b0..a710415659 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -63,4 +63,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
 clone git github.com/godbus/dbus v1
 clone git github.com/coreos/go-systemd v2
-clone git github.com/docker/libcontainer 68ea1234a0b046803aacb2562df0da12eec2b2f9
+clone git github.com/docker/libcontainer 5589d4d879f1d7e31967a927d3e8b98144fbe06b
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
index 331227af01..3ce0e27e45 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -13,13 +13,15 @@ env:
     - _GOOS=linux _GOARCH=arm CGO_ENABLED=0
 
 install:
+    - go get code.google.com/p/go.tools/cmd/cover
     - mkdir -pv "${GOPATH%%:*}/src/github.com/docker" && [ -d "${GOPATH%%:*}/src/github.com/docker/libcontainer" ] || ln -sv "$(readlink -f .)" "${GOPATH%%:*}/src/github.com/docker/libcontainer"
     - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then
           gvm cross "$_GOOS" "$_GOARCH";
           export GOOS="$_GOOS" GOARCH="$_GOARCH";
       fi
+    - export GOPATH="$GOPATH:$(pwd)/vendor"
     - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go env; fi
-    - go get -d -v ./...
+    - go get -d -v ./... # TODO remove this if /docker/docker gets purged from our includes
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then
           export DOCKER_PATH="${GOPATH%%:*}/src/github.com/docker/docker";
           mkdir -p "$DOCKER_PATH/hack/make";
@@ -30,5 +32,5 @@ install:
 script:
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-dco"; fi
     - if [ "$TRAVIS_GLOBAL_WTF" ]; then bash "$DOCKER_PATH/hack/make/validate-gofmt"; fi
-    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then go build -v ./...; fi
-    - if [ -z "$TRAVIS_GLOBAL_WTF" -a "$GOARCH" != 'arm' ]; then go test -test.short -v ./...; fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" ]; then make direct-build; fi
+    - if [ -z "$TRAVIS_GLOBAL_WTF" -a "$GOARCH" != 'arm' ]; then make direct-test-short; fi
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
index 1fbba3e531..65bf5731d2 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Dockerfile
@@ -1,6 +1,6 @@
 FROM crosbymichael/golang
 
-RUN apt-get update && apt-get install -y gcc
+RUN apt-get update && apt-get install -y gcc make
 RUN go get code.google.com/p/go.tools/cmd/cover
 
 # setup a playground for us to spawn containers in
@@ -14,8 +14,10 @@ COPY . /go/src/github.com/docker/libcontainer
 WORKDIR /go/src/github.com/docker/libcontainer
 RUN cp sample_configs/minimal.json /busybox/container.json
 
+ENV GOPATH $GOPATH:/go/src/github.com/docker/libcontainer/vendor
+
 RUN go get -d -v ./...
-RUN go install -v ./...
+RUN make direct-install
 
 ENTRYPOINT ["/dind"]
-CMD ["go", "test", "-cover", "./..."]
+CMD ["make", "direct-test"]
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS b/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
index 8c36d096c1..798d3ca6bf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
@@ -2,3 +2,4 @@ Michael Crosby <michael@docker.com> (@crosbymichael)
 Rohit Jnagal <jnagal@google.com> (@rjnagal)
 Victor Marmol <vmarmol@google.com> (@vmarmol)
 .travis.yml: Tianon Gravi <admwiggin@gmail.com> (@tianon)
+update-vendor.sh: Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Makefile b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
index 843b761eda..f7b3031bbd 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
@@ -4,7 +4,21 @@ all:
 
 test:
 	# we need NET_ADMIN for the netlink tests and SYS_ADMIN for mounting
-	docker run --rm --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer
+	docker run --rm -it --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer
 
 sh:
-	docker run --rm -ti -w /busybox --rm --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer nsinit exec sh
+	docker run --rm -it --cap-add NET_ADMIN --cap-add SYS_ADMIN -w /busybox docker/libcontainer nsinit exec sh
+
+GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
+
+direct-test:
+	go test -cover -v $(GO_PACKAGES)
+
+direct-test-short:
+	go test -cover -test.short -v $(GO_PACKAGES)
+
+direct-build:
+	go build -v $(GO_PACKAGES)
+
+direct-install:
+	go install -v $(GO_PACKAGES)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
index f4a541eab2..d1a66117f1 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgutil/cgutil.go
@@ -18,8 +18,8 @@ var createCommand = cli.Command{
 	Name:  "create",
 	Usage: "Create a cgroup container using the supplied configuration and initial process.",
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "cgroup.json", "path to container configuration (cgroups.Cgroup object)"},
-		cli.IntFlag{"pid, p", 0, "pid of the initial process in the container"},
+		cli.StringFlag{Name: "config, c", Value: "cgroup.json", Usage: "path to container configuration (cgroups.Cgroup object)"},
+		cli.IntFlag{Name: "pid, p", Value: 0, Usage: "pid of the initial process in the container"},
 	},
 	Action: createAction,
 }
@@ -28,8 +28,8 @@ var destroyCommand = cli.Command{
 	Name:  "destroy",
 	Usage: "Destroy an existing cgroup container.",
 	Flags: []cli.Flag{
-		cli.StringFlag{"name, n", "", "container name"},
-		cli.StringFlag{"parent, p", "", "container parent"},
+		cli.StringFlag{Name: "name, n", Value: "", Usage: "container name"},
+		cli.StringFlag{Name: "parent, p", Value: "", Usage: "container parent"},
 	},
 	Action: destroyAction,
 }
@@ -38,8 +38,8 @@ var statsCommand = cli.Command{
 	Name:  "stats",
 	Usage: "Get stats for cgroup",
 	Flags: []cli.Flag{
-		cli.StringFlag{"name, n", "", "container name"},
-		cli.StringFlag{"parent, p", "", "container parent"},
+		cli.StringFlag{Name: "name, n", Value: "", Usage: "container name"},
+		cli.StringFlag{Name: "parent, p", Value: "", Usage: "container parent"},
 	},
 	Action: statsAction,
 }
@@ -48,8 +48,8 @@ var pauseCommand = cli.Command{
 	Name:  "pause",
 	Usage: "Pause cgroup",
 	Flags: []cli.Flag{
-		cli.StringFlag{"name, n", "", "container name"},
-		cli.StringFlag{"parent, p", "", "container parent"},
+		cli.StringFlag{Name: "name, n", Value: "", Usage: "container name"},
+		cli.StringFlag{Name: "parent, p", Value: "", Usage: "container parent"},
 	},
 	Action: pauseAction,
 }
@@ -58,8 +58,8 @@ var resumeCommand = cli.Command{
 	Name:  "resume",
 	Usage: "Resume a paused cgroup",
 	Flags: []cli.Flag{
-		cli.StringFlag{"name, n", "", "container name"},
-		cli.StringFlag{"parent, p", "", "container parent"},
+		cli.StringFlag{Name: "name, n", Value: "", Usage: "container name"},
+		cli.StringFlag{Name: "parent, p", Value: "", Usage: "container parent"},
 	},
 	Action: resumeAction,
 }
@@ -68,8 +68,8 @@ var psCommand = cli.Command{
 	Name:  "ps",
 	Usage: "Get list of pids for a cgroup",
 	Flags: []cli.Flag{
-		cli.StringFlag{"name, n", "", "container name"},
-		cli.StringFlag{"parent, p", "", "container parent"},
+		cli.StringFlag{Name: "name, n", Value: "", Usage: "container name"},
+		cli.StringFlag{Name: "parent, p", Value: "", Usage: "container parent"},
 	},
 	Action: psAction,
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index 3a385cb77f..369431e84e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -4,52 +4,18 @@ package namespaces
 
 import (
 	"encoding/json"
+	"os"
+	"strconv"
+
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/system"
-	"io"
-	"os"
-	"os/exec"
-	"strconv"
-	"syscall"
 )
 
-// Runs the command under 'args' inside an existing container referred to by 'container'.
-// Returns the exitcode of the command upon success and appropriate error on failure.
-func RunIn(container *libcontainer.Config, state *libcontainer.State, args []string, nsinitPath string, stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
-	initArgs, err := getNsEnterCommand(strconv.Itoa(state.InitPid), container, console, args)
-	if err != nil {
-		return -1, err
-	}
-
-	cmd := exec.Command(nsinitPath, initArgs...)
-	// Note: these are only used in non-tty mode
-	// if there is a tty for the container it will be opened within the namespace and the
-	// fds will be duped to stdin, stdiout, and stderr
-	cmd.Stdin = stdin
-	cmd.Stdout = stdout
-	cmd.Stderr = stderr
-
-	if err := cmd.Start(); err != nil {
-		return -1, err
-	}
-	if startCallback != nil {
-		startCallback(cmd)
-	}
-
-	if err := cmd.Wait(); err != nil {
-		if _, ok := err.(*exec.ExitError); !ok {
-			return -1, err
-		}
-	}
-
-	return cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
-}
-
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
 func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []string) error {
 	// Enter the namespace and then finish setup
-	args, err := getNsEnterCommand(strconv.Itoa(state.InitPid), container, "", args)
+	args, err := GetNsEnterCommand(strconv.Itoa(state.InitPid), container, "", args)
 	if err != nil {
 		return err
 	}
@@ -73,14 +39,13 @@ func getContainerJson(container *libcontainer.Config) (string, error) {
 	return string(containerJson), nil
 }
 
-func getNsEnterCommand(initPid string, container *libcontainer.Config, console string, args []string) ([]string, error) {
+func GetNsEnterCommand(initPid string, container *libcontainer.Config, console string, args []string) ([]string, error) {
 	containerJson, err := getContainerJson(container)
 	if err != nil {
 		return nil, err
 	}
 
 	out := []string{
-		"nsenter",
 		"--nspid", initPid,
 		"--containerjson", containerJson,
 	}
@@ -88,6 +53,7 @@ func getNsEnterCommand(initPid string, container *libcontainer.Config, console s
 	if console != "" {
 		out = append(out, "--console", console)
 	}
+	out = append(out, "nsenter")
 	out = append(out, "--")
 	out = append(out, args...)
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c
new file mode 100644
index 0000000000..28be5ff889
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c
@@ -0,0 +1,235 @@
+// +build cgo
+//
+// formated with indent -linux nsenter.c
+
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/limits.h>
+#include <linux/sched.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <getopt.h>
+
+static const kBufSize = 256;
+static const char *kNsEnter = "nsenter";
+
+void get_args(int *argc, char ***argv)
+{
+	// Read argv
+	int fd = open("/proc/self/cmdline", O_RDONLY);
+
+	// Read the whole commandline.
+	ssize_t contents_size = 0;
+	ssize_t contents_offset = 0;
+	char *contents = NULL;
+	ssize_t bytes_read = 0;
+	do {
+		contents_size += kBufSize;
+		contents = (char *)realloc(contents, contents_size);
+		bytes_read =
+		    read(fd, contents + contents_offset,
+			 contents_size - contents_offset);
+		contents_offset += bytes_read;
+	}
+	while (bytes_read > 0);
+	close(fd);
+
+	// Parse the commandline into an argv. /proc/self/cmdline has \0 delimited args.
+	ssize_t i;
+	*argc = 0;
+	for (i = 0; i < contents_offset; i++) {
+		if (contents[i] == '\0') {
+			(*argc)++;
+		}
+	}
+	*argv = (char **)malloc(sizeof(char *) * ((*argc) + 1));
+	int idx;
+	for (idx = 0; idx < (*argc); idx++) {
+		(*argv)[idx] = contents;
+		contents += strlen(contents) + 1;
+	}
+	(*argv)[*argc] = NULL;
+}
+
+// Use raw setns syscall for versions of glibc that don't include it (namely glibc-2.12)
+#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 14
+#define _GNU_SOURCE
+#include <sched.h>
+#include "syscall.h"
+#ifdef SYS_setns
+int setns(int fd, int nstype)
+{
+	return syscall(SYS_setns, fd, nstype);
+}
+#endif
+#endif
+
+void print_usage()
+{
+	fprintf(stderr,
+		"<binary> nsenter --nspid <pid> --containerjson <container_json> -- cmd1 arg1 arg2...\n");
+}
+
+void nsenter()
+{
+	int argc, c;
+	char **argv;
+	get_args(&argc, &argv);
+
+	// Ignore if this is not for us.
+	if (argc < 6) {
+		return;
+	}
+	int found_nsenter = 0;
+	for (c = 0; c < argc; ++c) {
+		if (strcmp(argv[c], kNsEnter) == 0) {
+			found_nsenter = 1;
+			break;
+		}
+	}
+	if (!found_nsenter) {
+		return;
+	}
+	static const struct option longopts[] = {
+		{"nspid", required_argument, NULL, 'n'},
+		{"containerjson", required_argument, NULL, 'c'},
+		{"console", optional_argument, NULL, 't'},
+		{NULL, 0, NULL, 0}
+	};
+
+	pid_t init_pid = -1;
+	char *init_pid_str = NULL;
+	char *container_json = NULL;
+	char *console = NULL;
+	opterr = 0;
+	while ((c =
+		getopt_long_only(argc, argv, "-n:s:c:", longopts,
+				 NULL)) != -1) {
+		switch (c) {
+		case 'n':
+			init_pid_str = optarg;
+			break;
+		case 'c':
+			container_json = optarg;
+			break;
+		case 't':
+			console = optarg;
+			break;
+		}
+	}
+
+	if (strcmp(argv[optind - 2], kNsEnter) != 0) {
+		return;
+	}
+
+	if (container_json == NULL || init_pid_str == NULL) {
+		print_usage();
+		exit(1);
+	}
+
+	init_pid = strtol(init_pid_str, NULL, 10);
+	if ((init_pid == 0 && errno == EINVAL) || errno == ERANGE) {
+		fprintf(stderr,
+			"nsenter: Failed to parse PID from \"%s\" with output \"%d\" and error: \"%s\"\n",
+			init_pid_str, init_pid, strerror(errno));
+		print_usage();
+		exit(1);
+	}
+
+	argc -= 3;
+	argv += 3;
+
+	if (setsid() == -1) {
+		fprintf(stderr, "setsid failed. Error: %s\n", strerror(errno));
+		exit(1);
+	}
+	// before we setns we need to dup the console
+	int consolefd = -1;
+	if (console != NULL) {
+		consolefd = open(console, O_RDWR);
+		if (consolefd < 0) {
+			fprintf(stderr,
+				"nsenter: failed to open console %s %s\n",
+				console, strerror(errno));
+			exit(1);
+		}
+	}
+	// Setns on all supported namespaces.
+	char ns_dir[PATH_MAX];
+	memset(ns_dir, 0, PATH_MAX);
+	snprintf(ns_dir, PATH_MAX - 1, "/proc/%d/ns/", init_pid);
+
+	char *namespaces[] = { "ipc", "uts", "net", "pid", "mnt" };
+	const int num = sizeof(namespaces) / sizeof(char *);
+	int i;
+	for (i = 0; i < num; i++) {
+		char buf[PATH_MAX];
+		memset(buf, 0, PATH_MAX);
+		snprintf(buf, PATH_MAX - 1, "%s%s", ns_dir, namespaces[i]);
+		int fd = open(buf, O_RDONLY);
+		if (fd == -1) {
+			// Ignore nonexistent namespaces.
+			if (errno == ENOENT)
+				continue;
+
+			fprintf(stderr,
+				"nsenter: Failed to open ns file \"%s\" for ns \"%s\" with error: \"%s\"\n",
+				buf, namespaces[i], strerror(errno));
+			exit(1);
+		}
+		// Set the namespace.
+		if (setns(fd, 0) == -1) {
+			fprintf(stderr,
+				"nsenter: Failed to setns for \"%s\" with error: \"%s\"\n",
+				namespaces[i], strerror(errno));
+			exit(1);
+		}
+		close(fd);
+	}
+
+	// We must fork to actually enter the PID namespace.
+	int child = fork();
+	if (child == 0) {
+		if (consolefd != -1) {
+			if (dup2(consolefd, STDIN_FILENO) != 0) {
+				fprintf(stderr, "nsenter: failed to dup 0 %s\n",
+					strerror(errno));
+				exit(1);
+			}
+			if (dup2(consolefd, STDOUT_FILENO) != STDOUT_FILENO) {
+				fprintf(stderr, "nsenter: failed to dup 1 %s\n",
+					strerror(errno));
+				exit(1);
+			}
+			if (dup2(consolefd, STDERR_FILENO) != STDERR_FILENO) {
+				fprintf(stderr, "nsenter: failed to dup 2 %s\n",
+					strerror(errno));
+				exit(1);
+			}
+		}
+		// Finish executing, let the Go runtime take over.
+		return;
+	} else {
+		// Parent, wait for the child.
+		int status = 0;
+		if (waitpid(child, &status, 0) == -1) {
+			fprintf(stderr,
+				"nsenter: Failed to waitpid with error: \"%s\"\n",
+				strerror(errno));
+			exit(1);
+		}
+		// Forward the child's exit code or re-send its death signal.
+		if (WIFEXITED(status)) {
+			exit(WEXITSTATUS(status));
+		} else if (WIFSIGNALED(status)) {
+			kill(getpid(), WTERMSIG(status));
+		}
+		exit(1);
+	}
+
+	return;
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
index bf05628ce4..0211aec917 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
@@ -3,212 +3,6 @@
 package namespaces
 
 /*
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/limits.h>
-#include <linux/sched.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <getopt.h>
-
-static const kBufSize = 256;
-
-void get_args(int *argc, char ***argv) {
-	// Read argv
-	int fd = open("/proc/self/cmdline", O_RDONLY);
-
-	// Read the whole commandline.
-	ssize_t contents_size = 0;
-	ssize_t contents_offset = 0;
-	char *contents = NULL;
-	ssize_t bytes_read = 0;
-	do {
-		contents_size += kBufSize;
-		contents = (char *) realloc(contents, contents_size);
-		bytes_read = read(fd, contents + contents_offset, contents_size - contents_offset);
-		contents_offset += bytes_read;
-	} while (bytes_read > 0);
-	close(fd);
-
-	// Parse the commandline into an argv. /proc/self/cmdline has \0 delimited args.
-	ssize_t i;
-	*argc = 0;
-	for (i = 0; i < contents_offset; i++) {
-		if (contents[i] == '\0') {
-			(*argc)++;
-		}
-	}
-	*argv = (char **) malloc(sizeof(char *) * ((*argc) + 1));
-	int idx;
-	for (idx = 0; idx < (*argc); idx++) {
-		(*argv)[idx] = contents;
-		contents += strlen(contents) + 1;
-	}
-	(*argv)[*argc] = NULL;
-}
-
-// Use raw setns syscall for versions of glibc that don't include it (namely glibc-2.12)
-#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 14
-#define _GNU_SOURCE
-#include <sched.h>
-#include "syscall.h"
-#ifdef SYS_setns
-int setns(int fd, int nstype) {
-  return syscall(SYS_setns, fd, nstype);
-}
-#endif
-#endif
-
-void print_usage() {
-	fprintf(stderr, "<binary> nsenter --nspid <pid> --containerjson <container_json> -- cmd1 arg1 arg2...\n");
-}
-
-void nsenter() {
-	int argc;
-	char **argv;
-	get_args(&argc, &argv);
-
-	// Ignore if this is not for us.
-	if (argc < 2 || strcmp(argv[1], "nsenter") != 0) {
-		return;
-	}
-
-	// USAGE: <binary> nsenter <PID> <process label> <container JSON> <argv>...
-	if (argc < 6) {
-		fprintf(stderr, "nsenter: Incorrect usage, not enough arguments\n");
-		exit(1);
-	}
-
-	static const struct option longopts[] = {
-		{ "nspid",         required_argument, NULL, 'n' },
-		{ "containerjson", required_argument, NULL, 'c' },
-                { "console",       required_argument, NULL, 't' },
-		{ NULL,            0,                 NULL,  0  }
-	};
-
-	int c;
-	pid_t init_pid = -1;
-	char *init_pid_str = NULL;
-	char *container_json = NULL;
-        char *console = NULL;
-	while ((c = getopt_long_only(argc, argv, "n:s:c:", longopts, NULL)) != -1) {
-		switch (c) {
-		case 'n':
-			init_pid_str = optarg;
-			break;
-		case 'c':
-			container_json = optarg;
-			break;
-		case 't':
-			console = optarg;
-			break;
-		}
-	}
-
-	if (container_json == NULL || init_pid_str == NULL) {
-		print_usage();
-		exit(1);
-	}
-
-	init_pid = strtol(init_pid_str, NULL, 10);
-	if (errno != 0 || init_pid <= 0) {
-		fprintf(stderr, "nsenter: Failed to parse PID from \"%s\" with error: \"%s\"\n", init_pid_str, strerror(errno));
-		print_usage();
-		exit(1);
-	}
-
-	argc -= 3;
-	argv += 3;
-
-        if (setsid() == -1) {
-               fprintf(stderr, "setsid failed. Error: %s\n", strerror(errno));
-               exit(1);
-        }
-
-        // before we setns we need to dup the console
-        int consolefd = -1;
-        if (console != NULL) {
-               consolefd = open(console, O_RDWR);
-               if (consolefd < 0) {
-                    fprintf(stderr, "nsenter: failed to open console %s %s\n", console, strerror(errno));
-                    exit(1);
-              }
-        }
-
-	// Setns on all supported namespaces.
-	char ns_dir[PATH_MAX];
-	memset(ns_dir, 0, PATH_MAX);
-	snprintf(ns_dir, PATH_MAX - 1, "/proc/%d/ns/", init_pid);
-
-	char* namespaces[] = {"ipc", "uts", "net", "pid", "mnt"};
-	const int num = sizeof(namespaces) / sizeof(char*);
-	int i;
-	for (i = 0; i < num; i++) {
-		char buf[PATH_MAX];
-		memset(buf, 0, PATH_MAX);
-		snprintf(buf, PATH_MAX - 1, "%s%s", ns_dir, namespaces[i]);
-		int fd = open(buf, O_RDONLY);
-		if (fd == -1) {
-			// Ignore nonexistent namespaces.
-			if (errno == ENOENT)
-				continue;
-
-			fprintf(stderr, "nsenter: Failed to open ns file \"%s\" for ns \"%s\" with error: \"%s\"\n", buf, namespaces[i], strerror(errno));
-			exit(1);
-		}
-
-		// Set the namespace.
-		if (setns(fd, 0) == -1) {
-			fprintf(stderr, "nsenter: Failed to setns for \"%s\" with error: \"%s\"\n", namespaces[i], strerror(errno));
-			exit(1);
-		}
-		close(fd);
-	}
-
-	// We must fork to actually enter the PID namespace.
-	int child = fork();
-	if (child == 0) {
-       if (consolefd != -1) {
-        if (dup2(consolefd, STDIN_FILENO) != 0) {
-            fprintf(stderr, "nsenter: failed to dup 0 %s\n",  strerror(errno));
-            exit(1);
-        }
-        if (dup2(consolefd, STDOUT_FILENO) != STDOUT_FILENO) {
-            fprintf(stderr, "nsenter: failed to dup 1 %s\n",  strerror(errno));
-            exit(1);
-        }
-        if (dup2(consolefd, STDERR_FILENO) != STDERR_FILENO) {
-            fprintf(stderr, "nsenter: failed to dup 2 %s\n",  strerror(errno));
-            exit(1);
-        }
-}
-
-		// Finish executing, let the Go runtime take over.
-		return;
-	} else {
-		// Parent, wait for the child.
-		int status = 0;
-		if (waitpid(child, &status, 0) == -1) {
-			fprintf(stderr, "nsenter: Failed to waitpid with error: \"%s\"\n", strerror(errno));
-			exit(1);
-		}
-
-		// Forward the child's exit code or re-send its death signal.
-		if (WIFEXITED(status)) {
-			exit(WEXITSTATUS(status));
-		} else if (WIFSIGNALED(status)) {
-			kill(getpid(), WTERMSIG(status));
-		}
-		exit(1);
-	}
-
-	return;
-}
-
 __attribute__((constructor)) init() {
 	nsenter();
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
index 6b43fdf067..5fcc817aff 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
@@ -189,13 +189,15 @@ func newRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
 }
 
 func (a *RtAttr) Len() int {
+	if len(a.children) == 0 {
+		return (syscall.SizeofRtAttr + len(a.Data))
+	}
+
 	l := 0
 	for _, child := range a.children {
-		l += child.Len() + syscall.SizeofRtAttr
-	}
-	if l == 0 {
-		l++
+		l += child.Len()
 	}
+	l += syscall.SizeofRtAttr
 	return rtaAlignOf(l + len(a.Data))
 }
 
@@ -203,7 +205,7 @@ func (a *RtAttr) ToWireFormat() []byte {
 	native := nativeEndian()
 
 	length := a.Len()
-	buf := make([]byte, rtaAlignOf(length+syscall.SizeofRtAttr))
+	buf := make([]byte, rtaAlignOf(length))
 
 	if a.Data != nil {
 		copy(buf[4:], a.Data)
@@ -216,11 +218,10 @@ func (a *RtAttr) ToWireFormat() []byte {
 		}
 	}
 
-	if l := uint16(rtaAlignOf(length)); l != 0 {
-		native.PutUint16(buf[0:2], l+1)
+	if l := uint16(length); l != 0 {
+		native.PutUint16(buf[0:2], l)
 	}
 	native.PutUint16(buf[2:4], a.Type)
-
 	return buf
 }
 
@@ -700,6 +701,10 @@ func nonZeroTerminated(s string) []byte {
 // Add a new network link of a specified type. This is identical to
 // running: ip add link $name type $linkType
 func NetworkLinkAdd(name string, linkType string) error {
+	if name == "" || linkType == "" {
+		return fmt.Errorf("Neither link name nor link type can be empty!")
+	}
+
 	s, err := getNetlinkSocket()
 	if err != nil {
 		return err
@@ -711,15 +716,43 @@ func NetworkLinkAdd(name string, linkType string) error {
 	msg := newIfInfomsg(syscall.AF_UNSPEC)
 	wb.AddData(msg)
 
-	if name != "" {
-		nameData := newRtAttr(syscall.IFLA_IFNAME, zeroTerminated(name))
-		wb.AddData(nameData)
+	linkInfo := newRtAttr(syscall.IFLA_LINKINFO, nil)
+	newRtAttrChild(linkInfo, IFLA_INFO_KIND, nonZeroTerminated(linkType))
+	wb.AddData(linkInfo)
+
+	nameData := newRtAttr(syscall.IFLA_IFNAME, zeroTerminated(name))
+	wb.AddData(nameData)
+
+	if err := s.Send(wb); err != nil {
+		return err
 	}
 
-	kindData := newRtAttr(IFLA_INFO_KIND, nonZeroTerminated(linkType))
+	return s.HandleAck(wb.Seq)
+}
 
-	infoData := newRtAttr(syscall.IFLA_LINKINFO, kindData.ToWireFormat())
-	wb.AddData(infoData)
+// Delete a network link. This is identical to
+// running: ip link del $name
+func NetworkLinkDel(name string) error {
+	if name == "" {
+		return fmt.Errorf("Network link name can not be empty!")
+	}
+
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	iface, err := net.InterfaceByName(name)
+	if err != nil {
+		return err
+	}
+
+	wb := newNetlinkRequest(syscall.RTM_DELLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Index = int32(iface.Index)
+	wb.AddData(msg)
 
 	if err := s.Send(wb); err != nil {
 		return err
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
index ee61d5e266..a25f286138 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
@@ -27,10 +27,35 @@ func TestCreateBridgeWithMac(t *testing.T) {
 	}
 
 	if _, err := net.InterfaceByName(name); err == nil {
-		t.Fatal("expected error getting interface because bridge was deleted")
+		t.Fatalf("expected error getting interface because %s bridge was deleted", name)
 	}
 }
 
+func TestCreateBridgeLink(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	name := "mybrlink"
+
+	if err := NetworkLinkAdd(name, "bridge"); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := NetworkLinkDel(name); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := net.InterfaceByName(name); err == nil {
+		t.Fatalf("expected error getting interface because %s bridge was deleted", name)
+	}
+
+}
+
 func TestCreateVethPair(t *testing.T) {
 	if testing.Short() {
 		return
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
index f428933c13..783e68cae5 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
@@ -19,6 +19,10 @@ func NetworkLinkAdd(name string, linkType string) error {
 	return ErrNotImplemented
 }
 
+func NetworkLinkDel(name string) error {
+	return ErrNotImplemented
+}
+
 func NetworkLinkUp(iface *net.Interface) error {
 	return ErrNotImplemented
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
index d4235aef86..1c770edbd8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
@@ -24,7 +24,10 @@ func NsInit() {
 	app.Name = "nsinit"
 	app.Version = "0.1"
 	app.Author = "libcontainer maintainers"
-
+	app.Flags = []cli.Flag{
+		cli.StringFlag{Name: "nspid"},
+		cli.StringFlag{Name: "containerjson"},
+		cli.StringFlag{Name: "console"}}
 	app.Before = preload
 	app.Commands = []cli.Command{
 		execCommand,
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index 5d41046656..abb245bd04 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -36,7 +36,7 @@ func execAction(context *cli.Context) {
 	}
 
 	if state != nil {
-		exitCode, err = runIn(container, state, []string(context.Args()))
+		err = namespaces.ExecIn(container, state, []string(context.Args()))
 	} else {
 		exitCode, err = startContainer(container, dataPath, []string(context.Args()))
 	}
@@ -48,59 +48,6 @@ func execAction(context *cli.Context) {
 	os.Exit(exitCode)
 }
 
-func runIn(container *libcontainer.Config, state *libcontainer.State, args []string) (int, error) {
-	var (
-		master  *os.File
-		console string
-		err     error
-
-		stdin  = os.Stdin
-		stdout = os.Stdout
-		stderr = os.Stderr
-		sigc   = make(chan os.Signal, 10)
-	)
-
-	signal.Notify(sigc)
-
-	if container.Tty {
-		stdin = nil
-		stdout = nil
-		stderr = nil
-
-		master, console, err = consolepkg.CreateMasterAndConsole()
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		go io.Copy(master, os.Stdin)
-		go io.Copy(os.Stdout, master)
-
-		state, err := term.SetRawTerminal(os.Stdin.Fd())
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		defer term.RestoreTerminal(os.Stdin.Fd(), state)
-	}
-
-	startCallback := func(cmd *exec.Cmd) {
-		go func() {
-			resizeTty(master)
-
-			for sig := range sigc {
-				switch sig {
-				case syscall.SIGWINCH:
-					resizeTty(master)
-				default:
-					cmd.Process.Signal(sig)
-				}
-			}
-		}()
-	}
-
-	return namespaces.RunIn(container, state, args, os.Args[0], stdin, stdout, stderr, console, startCallback)
-}
-
 // startContainer starts the container. Returns the exit status or -1 and an
 // error.
 //
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
index 11d646ebea..323706c281 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -2,6 +2,7 @@ package nsinit
 
 import (
 	"log"
+	"strconv"
 
 	"github.com/codegangsta/cli"
 	"github.com/docker/libcontainer/namespaces"
@@ -11,11 +12,6 @@ var nsenterCommand = cli.Command{
 	Name:   "nsenter",
 	Usage:  "init process for entering an existing namespace",
 	Action: nsenterAction,
-	Flags: []cli.Flag{
-		cli.IntFlag{Name: "nspid"},
-		cli.StringFlag{Name: "containerjson"},
-		cli.StringFlag{Name: "console"},
-	},
 }
 
 func nsenterAction(context *cli.Context) {
@@ -25,14 +21,14 @@ func nsenterAction(context *cli.Context) {
 		args = []string{"/bin/bash"}
 	}
 
-	container, err := loadContainerFromJson(context.String("containerjson"))
+	container, err := loadContainerFromJson(context.GlobalString("containerjson"))
 	if err != nil {
 		log.Fatalf("unable to load container: %s", err)
 	}
 
-	nspid := context.Int("nspid")
-	if nspid <= 0 {
-		log.Fatalf("cannot enter into namespaces without valid pid: %q", nspid)
+	nspid, err := strconv.Atoi(context.GlobalString("nspid"))
+	if nspid <= 0 || err != nil {
+		log.Fatalf("cannot enter into namespaces without valid pid: %q - %s", nspid, err)
 	}
 
 	if err := namespaces.NsEnter(container, args); err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/update-vendor.sh b/components/engine/vendor/src/github.com/docker/libcontainer/update-vendor.sh
new file mode 100755
index 0000000000..df66a0a8d5
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/update-vendor.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+set -e
+
+cd "$(dirname "$BASH_SOURCE")"
+
+# Downloads dependencies into vendor/ directory
+mkdir -p vendor
+cd vendor
+
+clone() {
+	vcs=$1
+	pkg=$2
+	rev=$3
+	
+	pkg_url=https://$pkg
+	target_dir=src/$pkg
+	
+	echo -n "$pkg @ $rev: "
+	
+	if [ -d $target_dir ]; then
+		echo -n 'rm old, '
+		rm -fr $target_dir
+	fi
+	
+	echo -n 'clone, '
+	case $vcs in
+		git)
+			git clone --quiet --no-checkout $pkg_url $target_dir
+			( cd $target_dir && git reset --quiet --hard $rev )
+			;;
+		hg)
+			hg clone --quiet --updaterev $rev $pkg_url $target_dir
+			;;
+	esac
+	
+	echo -n 'rm VCS, '
+	( cd $target_dir && rm -rf .{git,hg} )
+	
+	echo done
+}
+
+# the following lines are in sorted order, FYI
+clone git github.com/codegangsta/cli 1.1.0
+clone git github.com/coreos/go-systemd v2
+clone git github.com/godbus/dbus v1
+clone git github.com/syndtr/gocapability 3c85049eae
+
+# intentionally not vendoring Docker itself...  that'd be a circle :)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
new file mode 100644
index 0000000000..baf46abc6f
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
@@ -0,0 +1,6 @@
+language: go
+go: 1.1
+
+script:
+- go vet ./...
+- go test -v ./...
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
new file mode 100644
index 0000000000..5515ccfb71
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
@@ -0,0 +1,21 @@
+Copyright (C) 2013 Jeremy Saenz
+All Rights Reserved.
+
+MIT LICENSE
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
new file mode 100644
index 0000000000..59806f4b90
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
@@ -0,0 +1,257 @@
+[![Build Status](https://travis-ci.org/codegangsta/cli.png?branch=master)](https://travis-ci.org/codegangsta/cli)
+
+# cli.go
+cli.go is simple, fast, and fun package for building command line apps in Go. The goal is to enable developers to write fast and distributable command line applications in an expressive way.
+
+You can view the API docs here:
+http://godoc.org/github.com/codegangsta/cli
+
+## Overview
+Command line apps are usually so tiny that there is absolutely no reason why your code should *not* be self-documenting. Things like generating help text and parsing command flags/options should not hinder productivity when writing a command line app.
+
+This is where cli.go comes into play. cli.go makes command line programming fun, organized, and expressive!
+
+## Installation
+Make sure you have a working Go environment (go 1.1 is *required*). [See the install instructions](http://golang.org/doc/install.html).
+
+To install cli.go, simply run:
+```
+$ go get github.com/codegangsta/cli
+```
+
+Make sure your PATH includes to the `$GOPATH/bin` directory so your commands can be easily used:
+```
+export PATH=$PATH:$GOPATH/bin
+```
+
+## Getting Started
+One of the philosophies behind cli.go is that an API should be playful and full of discovery. So a cli.go app can be as little as one line of code in `main()`. 
+
+``` go
+package main
+
+import (
+  "os"
+  "github.com/codegangsta/cli"
+)
+
+func main() {
+  cli.NewApp().Run(os.Args)
+}
+```
+
+This app will run and show help text, but is not very useful. Let's give an action to execute and some help documentation:
+
+``` go
+package main
+
+import (
+  "os"
+  "github.com/codegangsta/cli"
+)
+
+func main() {
+  app := cli.NewApp()
+  app.Name = "boom"
+  app.Usage = "make an explosive entrance"
+  app.Action = func(c *cli.Context) {
+    println("boom! I say!")
+  }
+  
+  app.Run(os.Args)
+}
+```
+
+Running this already gives you a ton of functionality, plus support for things like subcommands and flags, which are covered below.
+
+## Example
+
+Being a programmer can be a lonely job. Thankfully by the power of automation that is not the case! Let's create a greeter app to fend off our demons of loneliness!
+
+``` go
+/* greet.go */
+package main
+
+import (
+  "os"
+  "github.com/codegangsta/cli"
+)
+
+func main() {
+  app := cli.NewApp()
+  app.Name = "greet"
+  app.Usage = "fight the loneliness!"
+  app.Action = func(c *cli.Context) {
+    println("Hello friend!")
+  }
+  
+  app.Run(os.Args)
+}
+```
+
+Install our command to the `$GOPATH/bin` directory:
+
+```
+$ go install
+```
+
+Finally run our new command:
+
+```
+$ greet
+Hello friend!
+```
+
+cli.go also generates some bitchass help text:
+```
+$ greet help
+NAME:
+    greet - fight the loneliness!
+
+USAGE:
+    greet [global options] command [command options] [arguments...]
+
+VERSION:
+    0.0.0
+
+COMMANDS:
+    help, h  Shows a list of commands or help for one command
+
+GLOBAL OPTIONS
+    --version	Shows version information
+```
+
+### Arguments
+You can lookup arguments by calling the `Args` function on cli.Context.
+
+``` go
+...
+app.Action = func(c *cli.Context) {
+  println("Hello", c.Args()[0])
+}
+...
+```
+
+### Flags
+Setting and querying flags is simple.
+``` go
+...
+app.Flags = []cli.Flag {
+  cli.StringFlag{Name: "lang", Value: "english", Usage: "language for the greeting"},
+}
+app.Action = func(c *cli.Context) {
+  name := "someone"
+  if len(c.Args()) > 0 {
+    name = c.Args()[0]
+  }
+  if c.String("lang") == "spanish" {
+    println("Hola", name)
+  } else {
+    println("Hello", name)
+  }
+}
+...
+```
+
+#### Alternate Names
+
+You can set alternate (or short) names for flags by providing a comma-delimited list for the Name. e.g.
+
+``` go
+app.Flags = []cli.Flag {
+  cli.StringFlag{Name: "lang, l", Value: "english", Usage: "language for the greeting"},
+}
+```
+
+That flag can then be set with `--lang spanish` or `-l spanish`. Note that giving two different forms of the same flag in the same command invocation is an error.
+
+### Subcommands
+
+Subcommands can be defined for a more git-like command line app.
+```go
+...
+app.Commands = []cli.Command{
+  {
+    Name:      "add",
+    ShortName: "a",
+    Usage:     "add a task to the list",
+    Action: func(c *cli.Context) {
+      println("added task: ", c.Args().First())
+    },
+  },
+  {
+    Name:      "complete",
+    ShortName: "c",
+    Usage:     "complete a task on the list",
+    Action: func(c *cli.Context) {
+      println("completed task: ", c.Args().First())
+    },
+  },
+  {
+    Name:      "template",
+    ShortName: "r",
+    Usage:     "options for task templates",
+    Subcommands: []cli.Command{
+      {
+        Name:  "add",
+        Usage: "add a new template",
+        Action: func(c *cli.Context) {
+            println("new task template: ", c.Args().First())
+        },
+      },
+      {
+        Name:  "remove",
+        Usage: "remove an existing template",
+        Action: func(c *cli.Context) {
+          println("removed task template: ", c.Args().First())
+        },
+      },
+    },
+  },     
+}
+...
+```
+
+### Bash Completion
+
+You can enable completion commands by setting the EnableBashCompletion
+flag on the App object.  By default, this setting will only auto-complete to
+show an app's subcommands, but you can write your own completion methods for
+the App or its subcommands.
+```go
+...
+var tasks = []string{"cook", "clean", "laundry", "eat", "sleep", "code"}
+app := cli.NewApp()
+app.EnableBashCompletion = true
+app.Commands = []cli.Command{
+  {
+    Name: "complete",
+    ShortName: "c",
+    Usage: "complete a task on the list",
+    Action: func(c *cli.Context) {
+       println("completed task: ", c.Args().First())
+    },
+    BashComplete: func(c *cli.Context) {
+      // This will complete if no args are passed
+      if len(c.Args()) > 0 {
+        return
+      }
+      for _, t := range tasks {
+        println(t)
+      }
+    },
+  }
+}
+...
+```
+
+#### To Enable
+
+Source the autocomplete/bash_autocomplete file in your .bashrc file while
+setting the PROG variable to the name of your program:
+
+`PROG=myprogram source /.../cli/autocomplete/bash_autocomplete`
+
+
+## About
+cli.go is written by none other than the [Code Gangsta](http://codegangsta.io)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
new file mode 100644
index 0000000000..e193b8282e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
@@ -0,0 +1,248 @@
+package cli
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"time"
+)
+
+// App is the main structure of a cli application. It is recomended that
+// and app be created with the cli.NewApp() function
+type App struct {
+	// The name of the program. Defaults to os.Args[0]
+	Name string
+	// Description of the program.
+	Usage string
+	// Version of the program
+	Version string
+	// List of commands to execute
+	Commands []Command
+	// List of flags to parse
+	Flags []Flag
+	// Boolean to enable bash completion commands
+	EnableBashCompletion bool
+	// Boolean to hide built-in help command
+	HideHelp bool
+	// An action to execute when the bash-completion flag is set
+	BashComplete func(context *Context)
+	// An action to execute before any subcommands are run, but after the context is ready
+	// If a non-nil error is returned, no subcommands are run
+	Before func(context *Context) error
+	// The action to execute when no subcommands are specified
+	Action func(context *Context)
+	// Execute this function if the proper command cannot be found
+	CommandNotFound func(context *Context, command string)
+	// Compilation date
+	Compiled time.Time
+	// Author
+	Author string
+	// Author e-mail
+	Email string
+}
+
+// Tries to find out when this binary was compiled.
+// Returns the current time if it fails to find it.
+func compileTime() time.Time {
+	info, err := os.Stat(os.Args[0])
+	if err != nil {
+		return time.Now()
+	}
+	return info.ModTime()
+}
+
+// Creates a new cli Application with some reasonable defaults for Name, Usage, Version and Action.
+func NewApp() *App {
+	return &App{
+		Name:         os.Args[0],
+		Usage:        "A new cli application",
+		Version:      "0.0.0",
+		BashComplete: DefaultAppComplete,
+		Action:       helpCommand.Action,
+		Compiled:     compileTime(),
+		Author:       "Author",
+		Email:        "unknown@email",
+	}
+}
+
+// Entry point to the cli app. Parses the arguments slice and routes to the proper flag/args combination
+func (a *App) Run(arguments []string) error {
+	// append help to commands
+	if a.Command(helpCommand.Name) == nil && !a.HideHelp {
+		a.Commands = append(a.Commands, helpCommand)
+		a.appendFlag(HelpFlag)
+	}
+
+	//append version/help flags
+	if a.EnableBashCompletion {
+		a.appendFlag(BashCompletionFlag)
+	}
+	a.appendFlag(VersionFlag)
+
+	// parse flags
+	set := flagSet(a.Name, a.Flags)
+	set.SetOutput(ioutil.Discard)
+	err := set.Parse(arguments[1:])
+	nerr := normalizeFlags(a.Flags, set)
+	if nerr != nil {
+		fmt.Println(nerr)
+		context := NewContext(a, set, set)
+		ShowAppHelp(context)
+		fmt.Println("")
+		return nerr
+	}
+	context := NewContext(a, set, set)
+
+	if err != nil {
+		fmt.Printf("Incorrect Usage.\n\n")
+		ShowAppHelp(context)
+		fmt.Println("")
+		return err
+	}
+
+	if checkCompletions(context) {
+		return nil
+	}
+
+	if checkHelp(context) {
+		return nil
+	}
+
+	if checkVersion(context) {
+		return nil
+	}
+
+	if a.Before != nil {
+		err := a.Before(context)
+		if err != nil {
+			return err
+		}
+	}
+
+	args := context.Args()
+	if args.Present() {
+		name := args.First()
+		c := a.Command(name)
+		if c != nil {
+			return c.Run(context)
+		}
+	}
+
+	// Run default Action
+	a.Action(context)
+	return nil
+}
+
+// Another entry point to the cli app, takes care of passing arguments and error handling
+func (a *App) RunAndExitOnError() {
+	if err := a.Run(os.Args); err != nil {
+		os.Stderr.WriteString(fmt.Sprintln(err))
+		os.Exit(1)
+	}
+}
+
+// Invokes the subcommand given the context, parses ctx.Args() to generate command-specific flags
+func (a *App) RunAsSubcommand(ctx *Context) error {
+	// append help to commands
+	if len(a.Commands) > 0 {
+		if a.Command(helpCommand.Name) == nil && !a.HideHelp {
+			a.Commands = append(a.Commands, helpCommand)
+			a.appendFlag(HelpFlag)
+		}
+	}
+
+	// append flags
+	if a.EnableBashCompletion {
+		a.appendFlag(BashCompletionFlag)
+	}
+
+	// parse flags
+	set := flagSet(a.Name, a.Flags)
+	set.SetOutput(ioutil.Discard)
+	err := set.Parse(ctx.Args().Tail())
+	nerr := normalizeFlags(a.Flags, set)
+	context := NewContext(a, set, ctx.globalSet)
+
+	if nerr != nil {
+		fmt.Println(nerr)
+		if len(a.Commands) > 0 {
+			ShowSubcommandHelp(context)
+		} else {
+			ShowCommandHelp(ctx, context.Args().First())
+		}
+		fmt.Println("")
+		return nerr
+	}
+
+	if err != nil {
+		fmt.Printf("Incorrect Usage.\n\n")
+		ShowSubcommandHelp(context)
+		return err
+	}
+
+	if checkCompletions(context) {
+		return nil
+	}
+
+	if len(a.Commands) > 0 {
+		if checkSubcommandHelp(context) {
+			return nil
+		}
+	} else {
+		if checkCommandHelp(ctx, context.Args().First()) {
+			return nil
+		}
+	}
+
+	if a.Before != nil {
+		err := a.Before(context)
+		if err != nil {
+			return err
+		}
+	}
+
+	args := context.Args()
+	if args.Present() {
+		name := args.First()
+		c := a.Command(name)
+		if c != nil {
+			return c.Run(context)
+		}
+	}
+
+	// Run default Action
+	if len(a.Commands) > 0 {
+		a.Action(context)
+	} else {
+		a.Action(ctx)
+	}
+
+	return nil
+}
+
+// Returns the named command on App. Returns nil if the command does not exist
+func (a *App) Command(name string) *Command {
+	for _, c := range a.Commands {
+		if c.HasName(name) {
+			return &c
+		}
+	}
+
+	return nil
+}
+
+func (a *App) hasFlag(flag Flag) bool {
+	for _, f := range a.Flags {
+		if flag == f {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (a *App) appendFlag(flag Flag) {
+	if !a.hasFlag(flag) {
+		a.Flags = append(a.Flags, flag)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
new file mode 100644
index 0000000000..a915624103
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
@@ -0,0 +1,399 @@
+package cli_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/codegangsta/cli"
+)
+
+func ExampleApp() {
+	// set args for examples sake
+	os.Args = []string{"greet", "--name", "Jeremy"}
+
+	app := cli.NewApp()
+	app.Name = "greet"
+	app.Flags = []cli.Flag{
+		cli.StringFlag{Name: "name", Value: "bob", Usage: "a name to say"},
+	}
+	app.Action = func(c *cli.Context) {
+		fmt.Printf("Hello %v\n", c.String("name"))
+	}
+	app.Run(os.Args)
+	// Output:
+	// Hello Jeremy
+}
+
+func ExampleAppSubcommand() {
+	// set args for examples sake
+	os.Args = []string{"say", "hi", "english", "--name", "Jeremy"}
+	app := cli.NewApp()
+	app.Name = "say"
+	app.Commands = []cli.Command{
+		{
+			Name:        "hello",
+			ShortName:   "hi",
+			Usage:       "use it to see a description",
+			Description: "This is how we describe hello the function",
+			Subcommands: []cli.Command{
+				{
+					Name:        "english",
+					ShortName:   "en",
+					Usage:       "sends a greeting in english",
+					Description: "greets someone in english",
+					Flags: []cli.Flag{
+						cli.StringFlag{Name: "name", Value: "Bob", Usage: "Name of the person to greet"},
+					},
+					Action: func(c *cli.Context) {
+						fmt.Println("Hello,", c.String("name"))
+					},
+				},
+			},
+		},
+	}
+
+	app.Run(os.Args)
+	// Output:
+	// Hello, Jeremy
+}
+
+func ExampleAppHelp() {
+	// set args for examples sake
+	os.Args = []string{"greet", "h", "describeit"}
+
+	app := cli.NewApp()
+	app.Name = "greet"
+	app.Flags = []cli.Flag{
+		cli.StringFlag{Name: "name", Value: "bob", Usage: "a name to say"},
+	}
+	app.Commands = []cli.Command{
+		{
+			Name:        "describeit",
+			ShortName:   "d",
+			Usage:       "use it to see a description",
+			Description: "This is how we describe describeit the function",
+			Action: func(c *cli.Context) {
+				fmt.Printf("i like to describe things")
+			},
+		},
+	}
+	app.Run(os.Args)
+	// Output:
+	// NAME:
+	//    describeit - use it to see a description
+	//
+	// USAGE:
+	//    command describeit [arguments...]
+	//
+	// DESCRIPTION:
+	//    This is how we describe describeit the function
+}
+
+func ExampleAppBashComplete() {
+	// set args for examples sake
+	os.Args = []string{"greet", "--generate-bash-completion"}
+
+	app := cli.NewApp()
+	app.Name = "greet"
+	app.EnableBashCompletion = true
+	app.Commands = []cli.Command{
+		{
+			Name:        "describeit",
+			ShortName:   "d",
+			Usage:       "use it to see a description",
+			Description: "This is how we describe describeit the function",
+			Action: func(c *cli.Context) {
+				fmt.Printf("i like to describe things")
+			},
+		}, {
+			Name:        "next",
+			Usage:       "next example",
+			Description: "more stuff to see when generating bash completion",
+			Action: func(c *cli.Context) {
+				fmt.Printf("the next example")
+			},
+		},
+	}
+
+	app.Run(os.Args)
+	// Output:
+	// describeit
+	// d
+	// next
+	// help
+	// h
+}
+
+func TestApp_Run(t *testing.T) {
+	s := ""
+
+	app := cli.NewApp()
+	app.Action = func(c *cli.Context) {
+		s = s + c.Args().First()
+	}
+
+	err := app.Run([]string{"command", "foo"})
+	expect(t, err, nil)
+	err = app.Run([]string{"command", "bar"})
+	expect(t, err, nil)
+	expect(t, s, "foobar")
+}
+
+var commandAppTests = []struct {
+	name     string
+	expected bool
+}{
+	{"foobar", true},
+	{"batbaz", true},
+	{"b", true},
+	{"f", true},
+	{"bat", false},
+	{"nothing", false},
+}
+
+func TestApp_Command(t *testing.T) {
+	app := cli.NewApp()
+	fooCommand := cli.Command{Name: "foobar", ShortName: "f"}
+	batCommand := cli.Command{Name: "batbaz", ShortName: "b"}
+	app.Commands = []cli.Command{
+		fooCommand,
+		batCommand,
+	}
+
+	for _, test := range commandAppTests {
+		expect(t, app.Command(test.name) != nil, test.expected)
+	}
+}
+
+func TestApp_CommandWithArgBeforeFlags(t *testing.T) {
+	var parsedOption, firstArg string
+
+	app := cli.NewApp()
+	command := cli.Command{
+		Name: "cmd",
+		Flags: []cli.Flag{
+			cli.StringFlag{Name: "option", Value: "", Usage: "some option"},
+		},
+		Action: func(c *cli.Context) {
+			parsedOption = c.String("option")
+			firstArg = c.Args().First()
+		},
+	}
+	app.Commands = []cli.Command{command}
+
+	app.Run([]string{"", "cmd", "my-arg", "--option", "my-option"})
+
+	expect(t, parsedOption, "my-option")
+	expect(t, firstArg, "my-arg")
+}
+
+func TestApp_Float64Flag(t *testing.T) {
+	var meters float64
+
+	app := cli.NewApp()
+	app.Flags = []cli.Flag{
+		cli.Float64Flag{Name: "height", Value: 1.5, Usage: "Set the height, in meters"},
+	}
+	app.Action = func(c *cli.Context) {
+		meters = c.Float64("height")
+	}
+
+	app.Run([]string{"", "--height", "1.93"})
+	expect(t, meters, 1.93)
+}
+
+func TestApp_ParseSliceFlags(t *testing.T) {
+	var parsedOption, firstArg string
+	var parsedIntSlice []int
+	var parsedStringSlice []string
+
+	app := cli.NewApp()
+	command := cli.Command{
+		Name: "cmd",
+		Flags: []cli.Flag{
+			cli.IntSliceFlag{Name: "p", Value: &cli.IntSlice{}, Usage: "set one or more ip addr"},
+			cli.StringSliceFlag{Name: "ip", Value: &cli.StringSlice{}, Usage: "set one or more ports to open"},
+		},
+		Action: func(c *cli.Context) {
+			parsedIntSlice = c.IntSlice("p")
+			parsedStringSlice = c.StringSlice("ip")
+			parsedOption = c.String("option")
+			firstArg = c.Args().First()
+		},
+	}
+	app.Commands = []cli.Command{command}
+
+	app.Run([]string{"", "cmd", "my-arg", "-p", "22", "-p", "80", "-ip", "8.8.8.8", "-ip", "8.8.4.4"})
+
+	IntsEquals := func(a, b []int) bool {
+		if len(a) != len(b) {
+			return false
+		}
+		for i, v := range a {
+			if v != b[i] {
+				return false
+			}
+		}
+		return true
+	}
+
+	StrsEquals := func(a, b []string) bool {
+		if len(a) != len(b) {
+			return false
+		}
+		for i, v := range a {
+			if v != b[i] {
+				return false
+			}
+		}
+		return true
+	}
+	var expectedIntSlice = []int{22, 80}
+	var expectedStringSlice = []string{"8.8.8.8", "8.8.4.4"}
+
+	if !IntsEquals(parsedIntSlice, expectedIntSlice) {
+		t.Errorf("%v does not match %v", parsedIntSlice, expectedIntSlice)
+	}
+
+	if !StrsEquals(parsedStringSlice, expectedStringSlice) {
+		t.Errorf("%v does not match %v", parsedStringSlice, expectedStringSlice)
+	}
+}
+
+func TestApp_BeforeFunc(t *testing.T) {
+	beforeRun, subcommandRun := false, false
+	beforeError := fmt.Errorf("fail")
+	var err error
+
+	app := cli.NewApp()
+
+	app.Before = func(c *cli.Context) error {
+		beforeRun = true
+		s := c.String("opt")
+		if s == "fail" {
+			return beforeError
+		}
+
+		return nil
+	}
+
+	app.Commands = []cli.Command{
+		cli.Command{
+			Name: "sub",
+			Action: func(c *cli.Context) {
+				subcommandRun = true
+			},
+		},
+	}
+
+	app.Flags = []cli.Flag{
+		cli.StringFlag{Name: "opt"},
+	}
+
+	// run with the Before() func succeeding
+	err = app.Run([]string{"command", "--opt", "succeed", "sub"})
+
+	if err != nil {
+		t.Fatalf("Run error: %s", err)
+	}
+
+	if beforeRun == false {
+		t.Errorf("Before() not executed when expected")
+	}
+
+	if subcommandRun == false {
+		t.Errorf("Subcommand not executed when expected")
+	}
+
+	// reset
+	beforeRun, subcommandRun = false, false
+
+	// run with the Before() func failing
+	err = app.Run([]string{"command", "--opt", "fail", "sub"})
+
+	// should be the same error produced by the Before func
+	if err != beforeError {
+		t.Errorf("Run error expected, but not received")
+	}
+
+	if beforeRun == false {
+		t.Errorf("Before() not executed when expected")
+	}
+
+	if subcommandRun == true {
+		t.Errorf("Subcommand executed when NOT expected")
+	}
+
+}
+
+func TestAppHelpPrinter(t *testing.T) {
+	oldPrinter := cli.HelpPrinter
+	defer func() {
+		cli.HelpPrinter = oldPrinter
+	}()
+
+	var wasCalled = false
+	cli.HelpPrinter = func(template string, data interface{}) {
+		wasCalled = true
+	}
+
+	app := cli.NewApp()
+	app.Run([]string{"-h"})
+
+	if wasCalled == false {
+		t.Errorf("Help printer expected to be called, but was not")
+	}
+}
+
+func TestAppCommandNotFound(t *testing.T) {
+	beforeRun, subcommandRun := false, false
+	app := cli.NewApp()
+
+	app.CommandNotFound = func(c *cli.Context, command string) {
+		beforeRun = true
+	}
+
+	app.Commands = []cli.Command{
+		cli.Command{
+			Name: "bar",
+			Action: func(c *cli.Context) {
+				subcommandRun = true
+			},
+		},
+	}
+
+	app.Run([]string{"command", "foo"})
+
+	expect(t, beforeRun, true)
+	expect(t, subcommandRun, false)
+}
+
+func TestGlobalFlagsInSubcommands(t *testing.T) {
+	subcommandRun := false
+	app := cli.NewApp()
+
+	app.Flags = []cli.Flag{
+		cli.BoolFlag{Name: "debug, d", Usage: "Enable debugging"},
+	}
+
+	app.Commands = []cli.Command{
+		cli.Command{
+			Name: "foo",
+			Subcommands: []cli.Command{
+				{
+					Name: "bar",
+					Action: func(c *cli.Context) {
+						if c.GlobalBool("debug") {
+							subcommandRun = true
+						}
+					},
+				},
+			},
+		},
+	}
+
+	app.Run([]string{"command", "-d", "foo", "bar"})
+
+	expect(t, subcommandRun, true)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
new file mode 100644
index 0000000000..a860e038d8
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
@@ -0,0 +1,13 @@
+#! /bin/bash
+
+_cli_bash_autocomplete() {
+     local cur prev opts base
+     COMPREPLY=()
+     cur="${COMP_WORDS[COMP_CWORD]}"
+     prev="${COMP_WORDS[COMP_CWORD-1]}"
+     opts=$( ${COMP_WORDS[@]:0:COMP_CWORD} --generate-bash-completion )
+     COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+     return 0
+ }
+  
+ complete -F _cli_bash_autocomplete $PROG
\ No newline at end of file
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
new file mode 100644
index 0000000000..b742545812
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
@@ -0,0 +1,19 @@
+// Package cli provides a minimal framework for creating and organizing command line
+// Go applications. cli is designed to be easy to understand and write, the most simple
+// cli application can be written as follows:
+//   func main() {
+//     cli.NewApp().Run(os.Args)
+//   }
+//
+// Of course this application does not do much, so let's make this an actual application:
+//   func main() {
+//     app := cli.NewApp()
+//     app.Name = "greet"
+//     app.Usage = "say a greeting"
+//     app.Action = func(c *cli.Context) {
+//       println("Greetings")
+//     }
+//
+//     app.Run(os.Args)
+//   }
+package cli
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
new file mode 100644
index 0000000000..4d7bd8479a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
@@ -0,0 +1,88 @@
+package cli_test
+
+import (
+	"os"
+
+	"github.com/codegangsta/cli"
+)
+
+func Example() {
+	app := cli.NewApp()
+	app.Name = "todo"
+	app.Usage = "task list on the command line"
+	app.Commands = []cli.Command{
+		{
+			Name:      "add",
+			ShortName: "a",
+			Usage:     "add a task to the list",
+			Action: func(c *cli.Context) {
+				println("added task: ", c.Args().First())
+			},
+		},
+		{
+			Name:      "complete",
+			ShortName: "c",
+			Usage:     "complete a task on the list",
+			Action: func(c *cli.Context) {
+				println("completed task: ", c.Args().First())
+			},
+		},
+	}
+
+	app.Run(os.Args)
+}
+
+func ExampleSubcommand() {
+	app := cli.NewApp()
+	app.Name = "say"
+	app.Commands = []cli.Command{
+		{
+			Name:        "hello",
+			ShortName:   "hi",
+			Usage:       "use it to see a description",
+			Description: "This is how we describe hello the function",
+			Subcommands: []cli.Command{
+				{
+					Name:        "english",
+					ShortName:   "en",
+					Usage:       "sends a greeting in english",
+					Description: "greets someone in english",
+					Flags: []cli.Flag{
+						cli.StringFlag{Name: "name", Value: "Bob", Usage: "Name of the person to greet"},
+					},
+					Action: func(c *cli.Context) {
+						println("Hello, ", c.String("name"))
+					},
+				}, {
+					Name:      "spanish",
+					ShortName: "sp",
+					Usage:     "sends a greeting in spanish",
+					Flags: []cli.Flag{
+						cli.StringFlag{Name: "surname", Value: "Jones", Usage: "Surname of the person to greet"},
+					},
+					Action: func(c *cli.Context) {
+						println("Hola, ", c.String("surname"))
+					},
+				}, {
+					Name:      "french",
+					ShortName: "fr",
+					Usage:     "sends a greeting in french",
+					Flags: []cli.Flag{
+						cli.StringFlag{Name: "nickname", Value: "Stevie", Usage: "Nickname of the person to greet"},
+					},
+					Action: func(c *cli.Context) {
+						println("Bonjour, ", c.String("nickname"))
+					},
+				},
+			},
+		}, {
+			Name:  "bye",
+			Usage: "says goodbye",
+			Action: func(c *cli.Context) {
+				println("bye")
+			},
+		},
+	}
+
+	app.Run(os.Args)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
new file mode 100644
index 0000000000..dcc8de5c9a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
@@ -0,0 +1,141 @@
+package cli
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strings"
+)
+
+// Command is a subcommand for a cli.App.
+type Command struct {
+	// The name of the command
+	Name string
+	// short name of the command. Typically one character
+	ShortName string
+	// A short description of the usage of this command
+	Usage string
+	// A longer explanation of how the command works
+	Description string
+	// The function to call when checking for bash command completions
+	BashComplete func(context *Context)
+	// An action to execute before any sub-subcommands are run, but after the context is ready
+	// If a non-nil error is returned, no sub-subcommands are run
+	Before func(context *Context) error
+	// The function to call when this command is invoked
+	Action func(context *Context)
+	// List of child commands
+	Subcommands []Command
+	// List of flags to parse
+	Flags []Flag
+	// Treat all flags as normal arguments if true
+	SkipFlagParsing bool
+	// Boolean to hide built-in help command
+	HideHelp bool
+}
+
+// Invokes the command given the context, parses ctx.Args() to generate command-specific flags
+func (c Command) Run(ctx *Context) error {
+
+	if len(c.Subcommands) > 0 || c.Before != nil {
+		return c.startApp(ctx)
+	}
+
+	if !c.HideHelp {
+		// append help to flags
+		c.Flags = append(
+			c.Flags,
+			HelpFlag,
+		)
+	}
+
+	if ctx.App.EnableBashCompletion {
+		c.Flags = append(c.Flags, BashCompletionFlag)
+	}
+
+	set := flagSet(c.Name, c.Flags)
+	set.SetOutput(ioutil.Discard)
+
+	firstFlagIndex := -1
+	for index, arg := range ctx.Args() {
+		if strings.HasPrefix(arg, "-") {
+			firstFlagIndex = index
+			break
+		}
+	}
+
+	var err error
+	if firstFlagIndex > -1 && !c.SkipFlagParsing {
+		args := ctx.Args()
+		regularArgs := args[1:firstFlagIndex]
+		flagArgs := args[firstFlagIndex:]
+		err = set.Parse(append(flagArgs, regularArgs...))
+	} else {
+		err = set.Parse(ctx.Args().Tail())
+	}
+
+	if err != nil {
+		fmt.Printf("Incorrect Usage.\n\n")
+		ShowCommandHelp(ctx, c.Name)
+		fmt.Println("")
+		return err
+	}
+
+	nerr := normalizeFlags(c.Flags, set)
+	if nerr != nil {
+		fmt.Println(nerr)
+		fmt.Println("")
+		ShowCommandHelp(ctx, c.Name)
+		fmt.Println("")
+		return nerr
+	}
+	context := NewContext(ctx.App, set, ctx.globalSet)
+
+	if checkCommandCompletions(context, c.Name) {
+		return nil
+	}
+
+	if checkCommandHelp(context, c.Name) {
+		return nil
+	}
+	context.Command = c
+	c.Action(context)
+	return nil
+}
+
+// Returns true if Command.Name or Command.ShortName matches given name
+func (c Command) HasName(name string) bool {
+	return c.Name == name || c.ShortName == name
+}
+
+func (c Command) startApp(ctx *Context) error {
+	app := NewApp()
+
+	// set the name and usage
+	app.Name = fmt.Sprintf("%s %s", ctx.App.Name, c.Name)
+	if c.Description != "" {
+		app.Usage = c.Description
+	} else {
+		app.Usage = c.Usage
+	}
+
+	// set the flags and commands
+	app.Commands = c.Subcommands
+	app.Flags = c.Flags
+	app.HideHelp = c.HideHelp
+
+	// bash completion
+	app.EnableBashCompletion = ctx.App.EnableBashCompletion
+	if c.BashComplete != nil {
+		app.BashComplete = c.BashComplete
+	}
+
+	// set the actions
+	app.Before = c.Before
+	if c.Action != nil {
+		app.Action = c.Action
+	} else {
+		app.Action = helpSubcommand.Action
+	}
+
+	return app.RunAsSubcommand(ctx)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
new file mode 100644
index 0000000000..3afd83e7a6
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
@@ -0,0 +1,48 @@
+package cli_test
+
+import (
+	"flag"
+	"github.com/codegangsta/cli"
+	"testing"
+)
+
+func TestCommandDoNotIgnoreFlags(t *testing.T) {
+	app := cli.NewApp()
+	set := flag.NewFlagSet("test", 0)
+	test := []string{"blah", "blah", "-break"}
+	set.Parse(test)
+
+	c := cli.NewContext(app, set, set)
+
+	command := cli.Command {
+		Name: "test-cmd",
+		ShortName: "tc",
+		Usage: "this is for testing",
+		Description: "testing",
+		Action: func(_ *cli.Context) { },
+	}
+	err := command.Run(c)
+
+	expect(t, err.Error(), "flag provided but not defined: -break")
+}
+
+func TestCommandIgnoreFlags(t *testing.T) {
+	app := cli.NewApp()
+	set := flag.NewFlagSet("test", 0)
+	test := []string{"blah", "blah"}
+	set.Parse(test)
+
+	c := cli.NewContext(app, set, set)
+
+	command := cli.Command {
+		Name: "test-cmd",
+		ShortName: "tc",
+		Usage: "this is for testing",
+		Description: "testing",
+		Action: func(_ *cli.Context) { },
+		SkipFlagParsing: true,
+	}
+	err := command.Run(c)
+
+	expect(t, err, nil)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
new file mode 100644
index 0000000000..1e023ceff9
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
@@ -0,0 +1,280 @@
+package cli
+
+import (
+	"errors"
+	"flag"
+	"strconv"
+	"strings"
+)
+
+// Context is a type that is passed through to
+// each Handler action in a cli application. Context
+// can be used to retrieve context-specific Args and
+// parsed command-line options.
+type Context struct {
+	App       *App
+	Command   Command
+	flagSet   *flag.FlagSet
+	globalSet *flag.FlagSet
+	setFlags  map[string]bool
+}
+
+// Creates a new context. For use in when invoking an App or Command action.
+func NewContext(app *App, set *flag.FlagSet, globalSet *flag.FlagSet) *Context {
+	return &Context{App: app, flagSet: set, globalSet: globalSet}
+}
+
+// Looks up the value of a local int flag, returns 0 if no int flag exists
+func (c *Context) Int(name string) int {
+	return lookupInt(name, c.flagSet)
+}
+
+// Looks up the value of a local float64 flag, returns 0 if no float64 flag exists
+func (c *Context) Float64(name string) float64 {
+	return lookupFloat64(name, c.flagSet)
+}
+
+// Looks up the value of a local bool flag, returns false if no bool flag exists
+func (c *Context) Bool(name string) bool {
+	return lookupBool(name, c.flagSet)
+}
+
+// Looks up the value of a local boolT flag, returns false if no bool flag exists
+func (c *Context) BoolT(name string) bool {
+	return lookupBoolT(name, c.flagSet)
+}
+
+// Looks up the value of a local string flag, returns "" if no string flag exists
+func (c *Context) String(name string) string {
+	return lookupString(name, c.flagSet)
+}
+
+// Looks up the value of a local string slice flag, returns nil if no string slice flag exists
+func (c *Context) StringSlice(name string) []string {
+	return lookupStringSlice(name, c.flagSet)
+}
+
+// Looks up the value of a local int slice flag, returns nil if no int slice flag exists
+func (c *Context) IntSlice(name string) []int {
+	return lookupIntSlice(name, c.flagSet)
+}
+
+// Looks up the value of a local generic flag, returns nil if no generic flag exists
+func (c *Context) Generic(name string) interface{} {
+	return lookupGeneric(name, c.flagSet)
+}
+
+// Looks up the value of a global int flag, returns 0 if no int flag exists
+func (c *Context) GlobalInt(name string) int {
+	return lookupInt(name, c.globalSet)
+}
+
+// Looks up the value of a global bool flag, returns false if no bool flag exists
+func (c *Context) GlobalBool(name string) bool {
+	return lookupBool(name, c.globalSet)
+}
+
+// Looks up the value of a global string flag, returns "" if no string flag exists
+func (c *Context) GlobalString(name string) string {
+	return lookupString(name, c.globalSet)
+}
+
+// Looks up the value of a global string slice flag, returns nil if no string slice flag exists
+func (c *Context) GlobalStringSlice(name string) []string {
+	return lookupStringSlice(name, c.globalSet)
+}
+
+// Looks up the value of a global int slice flag, returns nil if no int slice flag exists
+func (c *Context) GlobalIntSlice(name string) []int {
+	return lookupIntSlice(name, c.globalSet)
+}
+
+// Looks up the value of a global generic flag, returns nil if no generic flag exists
+func (c *Context) GlobalGeneric(name string) interface{} {
+	return lookupGeneric(name, c.globalSet)
+}
+
+// Determines if the flag was actually set exists
+func (c *Context) IsSet(name string) bool {
+	if c.setFlags == nil {
+		c.setFlags = make(map[string]bool)
+		c.flagSet.Visit(func(f *flag.Flag) {
+			c.setFlags[f.Name] = true
+		})
+	}
+	return c.setFlags[name] == true
+}
+
+type Args []string
+
+// Returns the command line arguments associated with the context.
+func (c *Context) Args() Args {
+	args := Args(c.flagSet.Args())
+	return args
+}
+
+// Returns the nth argument, or else a blank string
+func (a Args) Get(n int) string {
+	if len(a) > n {
+		return a[n]
+	}
+	return ""
+}
+
+// Returns the first argument, or else a blank string
+func (a Args) First() string {
+	return a.Get(0)
+}
+
+// Return the rest of the arguments (not the first one)
+// or else an empty string slice
+func (a Args) Tail() []string {
+	if len(a) >= 2 {
+		return []string(a)[1:]
+	}
+	return []string{}
+}
+
+// Checks if there are any arguments present
+func (a Args) Present() bool {
+	return len(a) != 0
+}
+
+// Swaps arguments at the given indexes
+func (a Args) Swap(from, to int) error {
+	if from >= len(a) || to >= len(a) {
+		return errors.New("index out of range")
+	}
+	a[from], a[to] = a[to], a[from]
+	return nil
+}
+
+func lookupInt(name string, set *flag.FlagSet) int {
+	f := set.Lookup(name)
+	if f != nil {
+		val, err := strconv.Atoi(f.Value.String())
+		if err != nil {
+			return 0
+		}
+		return val
+	}
+
+	return 0
+}
+
+func lookupFloat64(name string, set *flag.FlagSet) float64 {
+	f := set.Lookup(name)
+	if f != nil {
+		val, err := strconv.ParseFloat(f.Value.String(), 64)
+		if err != nil {
+			return 0
+		}
+		return val
+	}
+
+	return 0
+}
+
+func lookupString(name string, set *flag.FlagSet) string {
+	f := set.Lookup(name)
+	if f != nil {
+		return f.Value.String()
+	}
+
+	return ""
+}
+
+func lookupStringSlice(name string, set *flag.FlagSet) []string {
+	f := set.Lookup(name)
+	if f != nil {
+		return (f.Value.(*StringSlice)).Value()
+
+	}
+
+	return nil
+}
+
+func lookupIntSlice(name string, set *flag.FlagSet) []int {
+	f := set.Lookup(name)
+	if f != nil {
+		return (f.Value.(*IntSlice)).Value()
+
+	}
+
+	return nil
+}
+
+func lookupGeneric(name string, set *flag.FlagSet) interface{} {
+	f := set.Lookup(name)
+	if f != nil {
+		return f.Value
+	}
+	return nil
+}
+
+func lookupBool(name string, set *flag.FlagSet) bool {
+	f := set.Lookup(name)
+	if f != nil {
+		val, err := strconv.ParseBool(f.Value.String())
+		if err != nil {
+			return false
+		}
+		return val
+	}
+
+	return false
+}
+
+func lookupBoolT(name string, set *flag.FlagSet) bool {
+	f := set.Lookup(name)
+	if f != nil {
+		val, err := strconv.ParseBool(f.Value.String())
+		if err != nil {
+			return true
+		}
+		return val
+	}
+
+	return false
+}
+
+func copyFlag(name string, ff *flag.Flag, set *flag.FlagSet) {
+	switch ff.Value.(type) {
+	case *StringSlice:
+	default:
+		set.Set(name, ff.Value.String())
+	}
+}
+
+func normalizeFlags(flags []Flag, set *flag.FlagSet) error {
+	visited := make(map[string]bool)
+	set.Visit(func(f *flag.Flag) {
+		visited[f.Name] = true
+	})
+	for _, f := range flags {
+		parts := strings.Split(f.getName(), ",")
+		if len(parts) == 1 {
+			continue
+		}
+		var ff *flag.Flag
+		for _, name := range parts {
+			name = strings.Trim(name, " ")
+			if visited[name] {
+				if ff != nil {
+					return errors.New("Cannot use two forms of the same flag: " + name + " " + ff.Name)
+				}
+				ff = set.Lookup(name)
+			}
+		}
+		if ff == nil {
+			continue
+		}
+		for _, name := range parts {
+			name = strings.Trim(name, " ")
+			if !visited[name] {
+				copyFlag(name, ff, set)
+			}
+		}
+	}
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
new file mode 100644
index 0000000000..89041b99d4
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
@@ -0,0 +1,68 @@
+package cli_test
+
+import (
+	"flag"
+	"github.com/codegangsta/cli"
+	"testing"
+)
+
+func TestNewContext(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Int("myflag", 12, "doc")
+	globalSet := flag.NewFlagSet("test", 0)
+	globalSet.Int("myflag", 42, "doc")
+	command := cli.Command{Name: "mycommand"}
+	c := cli.NewContext(nil, set, globalSet)
+	c.Command = command
+	expect(t, c.Int("myflag"), 12)
+	expect(t, c.GlobalInt("myflag"), 42)
+	expect(t, c.Command.Name, "mycommand")
+}
+
+func TestContext_Int(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Int("myflag", 12, "doc")
+	c := cli.NewContext(nil, set, set)
+	expect(t, c.Int("myflag"), 12)
+}
+
+func TestContext_String(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.String("myflag", "hello world", "doc")
+	c := cli.NewContext(nil, set, set)
+	expect(t, c.String("myflag"), "hello world")
+}
+
+func TestContext_Bool(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Bool("myflag", false, "doc")
+	c := cli.NewContext(nil, set, set)
+	expect(t, c.Bool("myflag"), false)
+}
+
+func TestContext_BoolT(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Bool("myflag", true, "doc")
+	c := cli.NewContext(nil, set, set)
+	expect(t, c.BoolT("myflag"), true)
+}
+
+func TestContext_Args(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Bool("myflag", false, "doc")
+	c := cli.NewContext(nil, set, set)
+	set.Parse([]string{"--myflag", "bat", "baz"})
+	expect(t, len(c.Args()), 2)
+	expect(t, c.Bool("myflag"), true)
+}
+
+func TestContext_IsSet(t *testing.T) {
+	set := flag.NewFlagSet("test", 0)
+	set.Bool("myflag", false, "doc")
+	set.String("otherflag", "hello world", "doc")
+	c := cli.NewContext(nil, set, set)
+	set.Parse([]string{"--myflag", "bat", "baz"})
+	expect(t, c.IsSet("myflag"), true)
+	expect(t, c.IsSet("otherflag"), false)
+	expect(t, c.IsSet("bogusflag"), false)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
new file mode 100644
index 0000000000..e6f8838a9d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
@@ -0,0 +1,280 @@
+package cli
+
+import (
+	"flag"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// This flag enables bash-completion for all commands and subcommands
+var BashCompletionFlag = BoolFlag{"generate-bash-completion", ""}
+
+// This flag prints the version for the application
+var VersionFlag = BoolFlag{"version, v", "print the version"}
+
+// This flag prints the help for all commands and subcommands
+var HelpFlag = BoolFlag{"help, h", "show help"}
+
+// Flag is a common interface related to parsing flags in cli.
+// For more advanced flag parsing techniques, it is recomended that
+// this interface be implemented.
+type Flag interface {
+	fmt.Stringer
+	// Apply Flag settings to the given flag set
+	Apply(*flag.FlagSet)
+	getName() string
+}
+
+func flagSet(name string, flags []Flag) *flag.FlagSet {
+	set := flag.NewFlagSet(name, flag.ContinueOnError)
+
+	for _, f := range flags {
+		f.Apply(set)
+	}
+	return set
+}
+
+func eachName(longName string, fn func(string)) {
+	parts := strings.Split(longName, ",")
+	for _, name := range parts {
+		name = strings.Trim(name, " ")
+		fn(name)
+	}
+}
+
+// Generic is a generic parseable type identified by a specific flag
+type Generic interface {
+	Set(value string) error
+	String() string
+}
+
+// GenericFlag is the flag type for types implementing Generic
+type GenericFlag struct {
+	Name  string
+	Value Generic
+	Usage string
+}
+
+func (f GenericFlag) String() string {
+	return fmt.Sprintf("%s%s %v\t`%v` %s", prefixFor(f.Name), f.Name, f.Value, "-"+f.Name+" option -"+f.Name+" option", f.Usage)
+}
+
+func (f GenericFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Var(f.Value, name, f.Usage)
+	})
+}
+
+func (f GenericFlag) getName() string {
+	return f.Name
+}
+
+type StringSlice []string
+
+func (f *StringSlice) Set(value string) error {
+	*f = append(*f, value)
+	return nil
+}
+
+func (f *StringSlice) String() string {
+	return fmt.Sprintf("%s", *f)
+}
+
+func (f *StringSlice) Value() []string {
+	return *f
+}
+
+type StringSliceFlag struct {
+	Name  string
+	Value *StringSlice
+	Usage string
+}
+
+func (f StringSliceFlag) String() string {
+	firstName := strings.Trim(strings.Split(f.Name, ",")[0], " ")
+	pref := prefixFor(firstName)
+	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), pref+firstName+" option "+pref+firstName+" option", f.Usage)
+}
+
+func (f StringSliceFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Var(f.Value, name, f.Usage)
+	})
+}
+
+func (f StringSliceFlag) getName() string {
+	return f.Name
+}
+
+type IntSlice []int
+
+func (f *IntSlice) Set(value string) error {
+
+	tmp, err := strconv.Atoi(value)
+	if err != nil {
+		return err
+	} else {
+		*f = append(*f, tmp)
+	}
+	return nil
+}
+
+func (f *IntSlice) String() string {
+	return fmt.Sprintf("%d", *f)
+}
+
+func (f *IntSlice) Value() []int {
+	return *f
+}
+
+type IntSliceFlag struct {
+	Name  string
+	Value *IntSlice
+	Usage string
+}
+
+func (f IntSliceFlag) String() string {
+	firstName := strings.Trim(strings.Split(f.Name, ",")[0], " ")
+	pref := prefixFor(firstName)
+	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), pref+firstName+" option "+pref+firstName+" option", f.Usage)
+}
+
+func (f IntSliceFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Var(f.Value, name, f.Usage)
+	})
+}
+
+func (f IntSliceFlag) getName() string {
+	return f.Name
+}
+
+type BoolFlag struct {
+	Name  string
+	Usage string
+}
+
+func (f BoolFlag) String() string {
+	return fmt.Sprintf("%s\t%v", prefixedNames(f.Name), f.Usage)
+}
+
+func (f BoolFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Bool(name, false, f.Usage)
+	})
+}
+
+func (f BoolFlag) getName() string {
+	return f.Name
+}
+
+type BoolTFlag struct {
+	Name  string
+	Usage string
+}
+
+func (f BoolTFlag) String() string {
+	return fmt.Sprintf("%s\t%v", prefixedNames(f.Name), f.Usage)
+}
+
+func (f BoolTFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Bool(name, true, f.Usage)
+	})
+}
+
+func (f BoolTFlag) getName() string {
+	return f.Name
+}
+
+type StringFlag struct {
+	Name  string
+	Value string
+	Usage string
+}
+
+func (f StringFlag) String() string {
+	var fmtString string
+	fmtString = "%s %v\t%v"
+
+	if len(f.Value) > 0 {
+		fmtString = "%s '%v'\t%v"
+	} else {
+		fmtString = "%s %v\t%v"
+	}
+
+	return fmt.Sprintf(fmtString, prefixedNames(f.Name), f.Value, f.Usage)
+}
+
+func (f StringFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.String(name, f.Value, f.Usage)
+	})
+}
+
+func (f StringFlag) getName() string {
+	return f.Name
+}
+
+type IntFlag struct {
+	Name  string
+	Value int
+	Usage string
+}
+
+func (f IntFlag) String() string {
+	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), f.Value, f.Usage)
+}
+
+func (f IntFlag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Int(name, f.Value, f.Usage)
+	})
+}
+
+func (f IntFlag) getName() string {
+	return f.Name
+}
+
+type Float64Flag struct {
+	Name  string
+	Value float64
+	Usage string
+}
+
+func (f Float64Flag) String() string {
+	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), f.Value, f.Usage)
+}
+
+func (f Float64Flag) Apply(set *flag.FlagSet) {
+	eachName(f.Name, func(name string) {
+		set.Float64(name, f.Value, f.Usage)
+	})
+}
+
+func (f Float64Flag) getName() string {
+	return f.Name
+}
+
+func prefixFor(name string) (prefix string) {
+	if len(name) == 1 {
+		prefix = "-"
+	} else {
+		prefix = "--"
+	}
+
+	return
+}
+
+func prefixedNames(fullName string) (prefixed string) {
+	parts := strings.Split(fullName, ",")
+	for i, name := range parts {
+		name = strings.Trim(name, " ")
+		prefixed += prefixFor(name) + name
+		if i < len(parts)-1 {
+			prefixed += ", "
+		}
+	}
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
new file mode 100644
index 0000000000..1c05f0144d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
@@ -0,0 +1,194 @@
+package cli_test
+
+import (
+	"github.com/codegangsta/cli"
+
+	"fmt"
+	"reflect"
+	"strings"
+	"testing"
+)
+
+var boolFlagTests = []struct {
+	name     string
+	expected string
+}{
+	{"help", "--help\t"},
+	{"h", "-h\t"},
+}
+
+func TestBoolFlagHelpOutput(t *testing.T) {
+
+	for _, test := range boolFlagTests {
+		flag := cli.BoolFlag{Name: test.name}
+		output := flag.String()
+
+		if output != test.expected {
+			t.Errorf("%s does not match %s", output, test.expected)
+		}
+	}
+}
+
+var stringFlagTests = []struct {
+	name     string
+	value    string
+	expected string
+}{
+	{"help", "", "--help \t"},
+	{"h", "", "-h \t"},
+	{"h", "", "-h \t"},
+	{"test", "Something", "--test 'Something'\t"},
+}
+
+func TestStringFlagHelpOutput(t *testing.T) {
+
+	for _, test := range stringFlagTests {
+		flag := cli.StringFlag{Name: test.name, Value: test.value}
+		output := flag.String()
+
+		if output != test.expected {
+			t.Errorf("%s does not match %s", output, test.expected)
+		}
+	}
+}
+
+var intFlagTests = []struct {
+	name     string
+	expected string
+}{
+	{"help", "--help '0'\t"},
+	{"h", "-h '0'\t"},
+}
+
+func TestIntFlagHelpOutput(t *testing.T) {
+
+	for _, test := range intFlagTests {
+		flag := cli.IntFlag{Name: test.name}
+		output := flag.String()
+
+		if output != test.expected {
+			t.Errorf("%s does not match %s", output, test.expected)
+		}
+	}
+}
+
+var float64FlagTests = []struct {
+	name     string
+	expected string
+}{
+	{"help", "--help '0'\t"},
+	{"h", "-h '0'\t"},
+}
+
+func TestFloat64FlagHelpOutput(t *testing.T) {
+
+	for _, test := range float64FlagTests {
+		flag := cli.Float64Flag{Name: test.name}
+		output := flag.String()
+
+		if output != test.expected {
+			t.Errorf("%s does not match %s", output, test.expected)
+		}
+	}
+}
+
+func TestParseMultiString(t *testing.T) {
+	(&cli.App{
+		Flags: []cli.Flag{
+			cli.StringFlag{Name: "serve, s"},
+		},
+		Action: func(ctx *cli.Context) {
+			if ctx.String("serve") != "10" {
+				t.Errorf("main name not set")
+			}
+			if ctx.String("s") != "10" {
+				t.Errorf("short name not set")
+			}
+		},
+	}).Run([]string{"run", "-s", "10"})
+}
+
+func TestParseMultiStringSlice(t *testing.T) {
+	(&cli.App{
+		Flags: []cli.Flag{
+			cli.StringSliceFlag{Name: "serve, s", Value: &cli.StringSlice{}},
+		},
+		Action: func(ctx *cli.Context) {
+			if !reflect.DeepEqual(ctx.StringSlice("serve"), []string{"10", "20"}) {
+				t.Errorf("main name not set")
+			}
+			if !reflect.DeepEqual(ctx.StringSlice("s"), []string{"10", "20"}) {
+				t.Errorf("short name not set")
+			}
+		},
+	}).Run([]string{"run", "-s", "10", "-s", "20"})
+}
+
+func TestParseMultiInt(t *testing.T) {
+	a := cli.App{
+		Flags: []cli.Flag{
+			cli.IntFlag{Name: "serve, s"},
+		},
+		Action: func(ctx *cli.Context) {
+			if ctx.Int("serve") != 10 {
+				t.Errorf("main name not set")
+			}
+			if ctx.Int("s") != 10 {
+				t.Errorf("short name not set")
+			}
+		},
+	}
+	a.Run([]string{"run", "-s", "10"})
+}
+
+func TestParseMultiBool(t *testing.T) {
+	a := cli.App{
+		Flags: []cli.Flag{
+			cli.BoolFlag{Name: "serve, s"},
+		},
+		Action: func(ctx *cli.Context) {
+			if ctx.Bool("serve") != true {
+				t.Errorf("main name not set")
+			}
+			if ctx.Bool("s") != true {
+				t.Errorf("short name not set")
+			}
+		},
+	}
+	a.Run([]string{"run", "--serve"})
+}
+
+type Parser [2]string
+
+func (p *Parser) Set(value string) error {
+	parts := strings.Split(value, ",")
+	if len(parts) != 2 {
+		return fmt.Errorf("invalid format")
+	}
+
+	(*p)[0] = parts[0]
+	(*p)[1] = parts[1]
+
+	return nil
+}
+
+func (p *Parser) String() string {
+	return fmt.Sprintf("%s,%s", p[0], p[1])
+}
+
+func TestParseGeneric(t *testing.T) {
+	a := cli.App{
+		Flags: []cli.Flag{
+			cli.GenericFlag{Name: "serve, s", Value: &Parser{}},
+		},
+		Action: func(ctx *cli.Context) {
+			if !reflect.DeepEqual(ctx.Generic("serve"), &Parser{"10", "20"}) {
+				t.Errorf("main name not set")
+			}
+			if !reflect.DeepEqual(ctx.Generic("s"), &Parser{"10", "20"}) {
+				t.Errorf("short name not set")
+			}
+		},
+	}
+	a.Run([]string{"run", "-s", "10,20"})
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
new file mode 100644
index 0000000000..ccca036276
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
@@ -0,0 +1,213 @@
+package cli
+
+import (
+	"fmt"
+	"os"
+	"text/tabwriter"
+	"text/template"
+)
+
+// The text template for the Default help topic.
+// cli.go uses text/template to render templates. You can
+// render custom help text by setting this variable.
+var AppHelpTemplate = `NAME:
+   {{.Name}} - {{.Usage}}
+
+USAGE:
+   {{.Name}} {{ if .Flags }}[global options] {{ end }}command{{ if .Flags }} [command options]{{ end }} [arguments...]
+
+VERSION:
+   {{.Version}}
+
+COMMANDS:
+   {{range .Commands}}{{.Name}}{{with .ShortName}}, {{.}}{{end}}{{ "\t" }}{{.Usage}}
+   {{end}}{{ if .Flags }}
+GLOBAL OPTIONS:
+   {{range .Flags}}{{.}}
+   {{end}}{{ end }}
+`
+
+// The text template for the command help topic.
+// cli.go uses text/template to render templates. You can
+// render custom help text by setting this variable.
+var CommandHelpTemplate = `NAME:
+   {{.Name}} - {{.Usage}}
+
+USAGE:
+   command {{.Name}}{{ if .Flags }} [command options]{{ end }} [arguments...]
+
+DESCRIPTION:
+   {{.Description}}{{ if .Flags }}
+
+OPTIONS:
+   {{range .Flags}}{{.}}
+   {{end}}{{ end }}
+`
+
+// The text template for the subcommand help topic.
+// cli.go uses text/template to render templates. You can
+// render custom help text by setting this variable.
+var SubcommandHelpTemplate = `NAME:
+   {{.Name}} - {{.Usage}}
+
+USAGE:
+   {{.Name}} command{{ if .Flags }} [command options]{{ end }} [arguments...]
+
+COMMANDS:
+   {{range .Commands}}{{.Name}}{{with .ShortName}}, {{.}}{{end}}{{ "\t" }}{{.Usage}}
+   {{end}}{{ if .Flags }}
+OPTIONS:
+   {{range .Flags}}{{.}}
+   {{end}}{{ end }}
+`
+
+var helpCommand = Command{
+	Name:      "help",
+	ShortName: "h",
+	Usage:     "Shows a list of commands or help for one command",
+	Action: func(c *Context) {
+		args := c.Args()
+		if args.Present() {
+			ShowCommandHelp(c, args.First())
+		} else {
+			ShowAppHelp(c)
+		}
+	},
+}
+
+var helpSubcommand = Command{
+	Name:      "help",
+	ShortName: "h",
+	Usage:     "Shows a list of commands or help for one command",
+	Action: func(c *Context) {
+		args := c.Args()
+		if args.Present() {
+			ShowCommandHelp(c, args.First())
+		} else {
+			ShowSubcommandHelp(c)
+		}
+	},
+}
+
+// Prints help for the App
+var HelpPrinter = printHelp
+
+func ShowAppHelp(c *Context) {
+	HelpPrinter(AppHelpTemplate, c.App)
+}
+
+// Prints the list of subcommands as the default app completion method
+func DefaultAppComplete(c *Context) {
+	for _, command := range c.App.Commands {
+		fmt.Println(command.Name)
+		if command.ShortName != "" {
+			fmt.Println(command.ShortName)
+		}
+	}
+}
+
+// Prints help for the given command
+func ShowCommandHelp(c *Context, command string) {
+	for _, c := range c.App.Commands {
+		if c.HasName(command) {
+			HelpPrinter(CommandHelpTemplate, c)
+			return
+		}
+	}
+
+	if c.App.CommandNotFound != nil {
+		c.App.CommandNotFound(c, command)
+	} else {
+		fmt.Printf("No help topic for '%v'\n", command)
+	}
+}
+
+// Prints help for the given subcommand
+func ShowSubcommandHelp(c *Context) {
+	HelpPrinter(SubcommandHelpTemplate, c.App)
+}
+
+// Prints the version number of the App
+func ShowVersion(c *Context) {
+	fmt.Printf("%v version %v\n", c.App.Name, c.App.Version)
+}
+
+// Prints the lists of commands within a given context
+func ShowCompletions(c *Context) {
+	a := c.App
+	if a != nil && a.BashComplete != nil {
+		a.BashComplete(c)
+	}
+}
+
+// Prints the custom completions for a given command
+func ShowCommandCompletions(ctx *Context, command string) {
+	c := ctx.App.Command(command)
+	if c != nil && c.BashComplete != nil {
+		c.BashComplete(ctx)
+	}
+}
+
+func printHelp(templ string, data interface{}) {
+	w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
+	t := template.Must(template.New("help").Parse(templ))
+	err := t.Execute(w, data)
+	if err != nil {
+		panic(err)
+	}
+	w.Flush()
+}
+
+func checkVersion(c *Context) bool {
+	if c.GlobalBool("version") {
+		ShowVersion(c)
+		return true
+	}
+
+	return false
+}
+
+func checkHelp(c *Context) bool {
+	if c.GlobalBool("h") || c.GlobalBool("help") {
+		ShowAppHelp(c)
+		return true
+	}
+
+	return false
+}
+
+func checkCommandHelp(c *Context, name string) bool {
+	if c.Bool("h") || c.Bool("help") {
+		ShowCommandHelp(c, name)
+		return true
+	}
+
+	return false
+}
+
+func checkSubcommandHelp(c *Context) bool {
+	if c.GlobalBool("h") || c.GlobalBool("help") {
+		ShowSubcommandHelp(c)
+		return true
+	}
+
+	return false
+}
+
+func checkCompletions(c *Context) bool {
+	if c.GlobalBool(BashCompletionFlag.Name) && c.App.EnableBashCompletion {
+		ShowCompletions(c)
+		return true
+	}
+
+	return false
+}
+
+func checkCommandCompletions(c *Context, name string) bool {
+	if c.Bool(BashCompletionFlag.Name) && c.App.EnableBashCompletion {
+		ShowCommandCompletions(c, name)
+		return true
+	}
+
+	return false
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
new file mode 100644
index 0000000000..cdc4feb2fc
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
@@ -0,0 +1,19 @@
+package cli_test
+
+import (
+	"reflect"
+	"testing"
+)
+
+/* Test Helpers */
+func expect(t *testing.T, a interface{}, b interface{}) {
+	if a != b {
+		t.Errorf("Expected %v (type %v) - Got %v (type %v)", b, reflect.TypeOf(b), a, reflect.TypeOf(a))
+	}
+}
+
+func refute(t *testing.T, a interface{}, b interface{}) {
+	if a == b {
+		t.Errorf("Did not expect %v (type %v) - Got %v (type %v)", b, reflect.TypeOf(b), a, reflect.TypeOf(a))
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
new file mode 100644
index 0000000000..8c9f56e44a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
@@ -0,0 +1,8 @@
+language: go
+go: 1.2
+
+install:
+ - echo "Skip install"
+
+script:
+ - ./test
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
new file mode 100644
index 0000000000..37ec93a14f
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
@@ -0,0 +1,191 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+"submitted" means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+3. Grant of Patent License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution.
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+You must retain, in the Source form of any Derivative Works that You distribute,
+all copyright, patent, trademark, and attribution notices from the Source form
+of the Work, excluding those notices that do not pertain to any part of the
+Derivative Works; and
+If the Work includes a "NOTICE" text file as part of its distribution, then any
+Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the
+Derivative Works; within the Source form or documentation, if provided along
+with the Derivative Works; or, within a display generated by the Derivative
+Works, if and wherever such third-party notices normally appear. The contents of
+the NOTICE file are for informational purposes only and do not modify the
+License. You may add Your own attribution notices within Derivative Works that
+You distribute, alongside or as an addendum to the NOTICE text from the Work,
+provided that such additional attribution notices cannot be construed as
+modifying the License.
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty.
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+8. Limitation of Liability.
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work
+
+To apply the Apache License to your work, attach the following boilerplate
+notice, with the fields enclosed by brackets "[]" replaced with your own
+identifying information. (Don't include the brackets!) The text should be
+enclosed in the appropriate comment syntax for the file format. We also
+recommend that a file or class name and description of purpose be included on
+the same "printed page" as the copyright notice for easier identification within
+third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
new file mode 100644
index 0000000000..0ee09fec0a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
@@ -0,0 +1,44 @@
+# go-systemd
+
+Go bindings to systemd. The project has three packages:
+
+- activation - for writing and using socket activation from Go
+- journal - for writing to systemd's logging service, journal
+- dbus - for starting/stopping/inspecting running services and units
+
+Go docs for the entire project are here:
+
+http://godoc.org/github.com/coreos/go-systemd
+
+## Socket Activation
+
+An example HTTP server using socket activation can be quickly setup by
+following this README on a Linux machine running systemd:
+
+https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver
+
+## Journal
+
+Using this package you can submit journal entries directly to systemd's journal taking advantage of features like indexed key/value pairs for each log entry.
+
+## D-Bus
+
+The D-Bus API lets you start, stop and introspect systemd units. The API docs are here:
+
+http://godoc.org/github.com/coreos/go-systemd/dbus
+
+### Debugging
+
+Create `/etc/dbus-1/system-local.conf` that looks like this:
+
+```
+<!DOCTYPE busconfig PUBLIC
+"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy user="root">
+        <allow eavesdrop="true"/>
+        <allow eavesdrop="true" send_destination="*"/>
+    </policy>
+</busconfig>
+```
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
new file mode 100644
index 0000000000..74b4fc10f3
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
@@ -0,0 +1,56 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package activation implements primitives for systemd socket activation.
+package activation
+
+import (
+	"os"
+	"strconv"
+	"syscall"
+)
+
+// based on: https://gist.github.com/alberts/4640792
+const (
+	listenFdsStart = 3
+)
+
+func Files(unsetEnv bool) []*os.File {
+	if unsetEnv {
+		// there is no way to unset env in golang os package for now
+		// https://code.google.com/p/go/issues/detail?id=6423
+		defer os.Setenv("LISTEN_PID", "")
+		defer os.Setenv("LISTEN_FDS", "")
+	}
+
+	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
+	if err != nil || pid != os.Getpid() {
+		return nil
+	}
+
+	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
+	if err != nil || nfds == 0 {
+		return nil
+	}
+
+	var files []*os.File
+	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
+		syscall.CloseOnExec(fd)
+		files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd)))
+	}
+
+	return files
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
new file mode 100644
index 0000000000..a1c6948fb2
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
@@ -0,0 +1,84 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"bytes"
+	"io"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// correctStringWritten fails the text if the correct string wasn't written
+// to the other side of the pipe.
+func correctStringWritten(t *testing.T, r *os.File, expected string) bool {
+	bytes := make([]byte, len(expected))
+	io.ReadAtLeast(r, bytes, len(expected))
+
+	if string(bytes) != expected {
+		t.Fatalf("Unexpected string %s", string(bytes))
+	}
+
+	return true
+}
+
+// TestActivation forks out a copy of activation.go example and reads back two
+// strings from the pipes that are passed in.
+func TestActivation(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+
+	r1, w1, _ := os.Pipe()
+	r2, w2, _ := os.Pipe()
+	cmd.ExtraFiles = []*os.File{
+		w1,
+		w2,
+	}
+
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
+
+	err := cmd.Run()
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	correctStringWritten(t, r1, "Hello world")
+	correctStringWritten(t, r2, "Goodbye world")
+}
+
+func TestActivationNoFix(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2")
+
+	out, _ := cmd.CombinedOutput()
+	if bytes.Contains(out, []byte("No files")) == false {
+		t.Fatalf("Child didn't error out as expected")
+	}
+}
+
+func TestActivationNoFiles(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=0", "FIX_LISTEN_PID=1")
+
+	out, _ := cmd.CombinedOutput()
+	if bytes.Contains(out, []byte("No files")) == false {
+		t.Fatalf("Child didn't error out as expected")
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
new file mode 100644
index 0000000000..cdb2cf4bb4
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"fmt"
+	"net"
+)
+
+// Listeners returns net.Listeners for all socket activated fds passed to this process.
+func Listeners(unsetEnv bool) ([]net.Listener, error) {
+	files := Files(unsetEnv)
+	listeners := make([]net.Listener, len(files))
+
+	for i, f := range files {
+		var err error
+		listeners[i], err = net.FileListener(f)
+		if err != nil {
+			return nil, fmt.Errorf("Error setting up FileListener for fd %d: %s", f.Fd(), err.Error())
+		}
+	}
+
+	return listeners, nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
new file mode 100644
index 0000000000..c3627d6d4d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"io"
+	"net"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// correctStringWritten fails the text if the correct string wasn't written
+// to the other side of the pipe.
+func correctStringWrittenNet(t *testing.T, r net.Conn, expected string) bool {
+	bytes := make([]byte, len(expected))
+	io.ReadAtLeast(r, bytes, len(expected))
+
+	if string(bytes) != expected {
+		t.Fatalf("Unexpected string %s", string(bytes))
+	}
+
+	return true
+}
+
+// TestActivation forks out a copy of activation.go example and reads back two
+// strings from the pipes that are passed in.
+func TestListeners(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/listen.go")
+
+	l1, err := net.Listen("tcp", ":9999")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	l2, err := net.Listen("tcp", ":1234")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	t1 := l1.(*net.TCPListener)
+	t2 := l2.(*net.TCPListener)
+
+	f1, _ := t1.File()
+	f2, _  := t2.File()
+
+	cmd.ExtraFiles = []*os.File{
+		f1,
+		f2,
+	}
+
+	r1, err := net.Dial("tcp", "127.0.0.1:9999")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	r1.Write([]byte("Hi"))
+
+	r2, err := net.Dial("tcp", "127.0.0.1:1234")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	r2.Write([]byte("Hi"))
+
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
+
+	out, err := cmd.Output()
+	if err != nil {
+		println(string(out))
+		t.Fatalf(err.Error())
+	}
+
+	correctStringWrittenNet(t, r1, "Hello world")
+	correctStringWrittenNet(t, r2, "Goodbye world")
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
new file mode 100644
index 0000000000..91d7112145
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
@@ -0,0 +1,104 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
+package dbus
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/godbus/dbus"
+)
+
+const signalBuffer = 100
+
+// ObjectPath creates a dbus.ObjectPath using the rules that systemd uses for
+// serializing special characters.
+func ObjectPath(path string) dbus.ObjectPath {
+	path = strings.Replace(path, ".", "_2e", -1)
+	path = strings.Replace(path, "-", "_2d", -1)
+	path = strings.Replace(path, "@", "_40", -1)
+
+	return dbus.ObjectPath(path)
+}
+
+// Conn is a connection to systemds dbus endpoint.
+type Conn struct {
+	sysconn     *dbus.Conn
+	sysobj      *dbus.Object
+	jobListener struct {
+		jobs map[dbus.ObjectPath]chan string
+		sync.Mutex
+	}
+	subscriber struct {
+		updateCh chan<- *SubStateUpdate
+		errCh    chan<- error
+		sync.Mutex
+		ignore      map[dbus.ObjectPath]int64
+		cleanIgnore int64
+	}
+	dispatch map[string]func(dbus.Signal)
+}
+
+// New() establishes a connection to the system bus and authenticates.
+func New() (*Conn, error) {
+	c := new(Conn)
+
+	if err := c.initConnection(); err != nil {
+		return nil, err
+	}
+
+	c.initJobs()
+	return c, nil
+}
+
+func (c *Conn) initConnection() error {
+	var err error
+	c.sysconn, err = dbus.SystemBusPrivate()
+	if err != nil {
+		return err
+	}
+
+	// Only use EXTERNAL method, and hardcode the uid (not username)
+	// to avoid a username lookup (which requires a dynamically linked
+	// libc)
+	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
+
+	err = c.sysconn.Auth(methods)
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	err = c.sysconn.Hello()
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	c.sysobj = c.sysconn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
+
+	// Setup the listeners on jobs so that we can get completions
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
+	c.initSubscription()
+	c.initDispatch()
+
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
new file mode 100644
index 0000000000..2e80f73ef7
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
@@ -0,0 +1,41 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"testing"
+)
+
+// TestObjectPath ensures path encoding of the systemd rules works.
+func TestObjectPath(t *testing.T) {
+	input := "/silly-path/to@a/unit..service"
+	output := ObjectPath(input)
+	expected := "/silly_2dpath/to_40a/unit_2e_2eservice"
+
+	if string(output) != expected {
+		t.Fatalf("Output '%s' did not match expected '%s'", output, expected)
+	}
+}
+
+// TestNew ensures that New() works without errors.
+func TestNew(t *testing.T) {
+	_, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
new file mode 100644
index 0000000000..a60de059e6
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
@@ -0,0 +1,396 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"errors"
+	"github.com/godbus/dbus"
+)
+
+func (c *Conn) initJobs() {
+	c.jobListener.jobs = make(map[dbus.ObjectPath]chan string)
+}
+
+func (c *Conn) jobComplete(signal *dbus.Signal) {
+	var id uint32
+	var job dbus.ObjectPath
+	var unit string
+	var result string
+	dbus.Store(signal.Body, &id, &job, &unit, &result)
+	c.jobListener.Lock()
+	out, ok := c.jobListener.jobs[job]
+	if ok {
+		out <- result
+		delete(c.jobListener.jobs, job)
+	}
+	c.jobListener.Unlock()
+}
+
+func (c *Conn) startJob(job string, args ...interface{}) (<-chan string, error) {
+	c.jobListener.Lock()
+	defer c.jobListener.Unlock()
+
+	ch := make(chan string, 1)
+	var path dbus.ObjectPath
+	err := c.sysobj.Call(job, 0, args...).Store(&path)
+	if err != nil {
+		return nil, err
+	}
+	c.jobListener.jobs[path] = ch
+	return ch, nil
+}
+
+func (c *Conn) runJob(job string, args ...interface{}) (string, error) {
+	respCh, err := c.startJob(job, args...)
+	if err != nil {
+		return "", err
+	}
+	return <-respCh, nil
+}
+
+// StartUnit enqeues a start job and depending jobs, if any (unless otherwise
+// specified by the mode string).
+//
+// Takes the unit to activate, plus a mode string. The mode needs to be one of
+// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
+// "replace" the call will start the unit and its dependencies, possibly
+// replacing already queued jobs that conflict with this. If "fail" the call
+// will start the unit and its dependencies, but will fail if this would change
+// an already queued job. If "isolate" the call will start the unit in question
+// and terminate all units that aren't dependencies of it. If
+// "ignore-dependencies" it will start a unit but ignore all its dependencies.
+// If "ignore-requirements" it will start a unit but only ignore the
+// requirement dependencies. It is not recommended to make use of the latter
+// two options.
+//
+// Result string: one of done, canceled, timeout, failed, dependency, skipped.
+// done indicates successful execution of a job. canceled indicates that a job
+// has been canceled  before it finished execution. timeout indicates that the
+// job timeout was reached. failed indicates that the job failed. dependency
+// indicates that a job this job has been depending on failed and the job hence
+// has been removed too. skipped indicates that a job was skipped because it
+// didn't apply to the units current state.
+func (c *Conn) StartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StartUnit", name, mode)
+}
+
+// StopUnit is similar to StartUnit but stops the specified unit rather
+// than starting it.
+func (c *Conn) StopUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StopUnit", name, mode)
+}
+
+// ReloadUnit reloads a unit.  Reloading is done only if the unit is already running and fails otherwise.
+func (c *Conn) ReloadUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
+}
+
+// RestartUnit restarts a service.  If a service is restarted that isn't
+// running it will be started.
+func (c *Conn) RestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
+}
+
+// TryRestartUnit is like RestartUnit, except that a service that isn't running
+// is not affected by the restart.
+func (c *Conn) TryRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
+}
+
+// ReloadOrRestart attempts a reload if the unit supports it and use a restart
+// otherwise.
+func (c *Conn) ReloadOrRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
+}
+
+// ReloadOrTryRestart attempts a reload if the unit supports it and use a "Try"
+// flavored restart otherwise.
+func (c *Conn) ReloadOrTryRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
+}
+
+// StartTransientUnit() may be used to create and start a transient unit, which
+// will be released as soon as it is not running or referenced anymore or the
+// system is rebooted. name is the unit name including suffix, and must be
+// unique. mode is the same as in StartUnit(), properties contains properties
+// of the unit.
+func (c *Conn) StartTransientUnit(name string, mode string, properties ...Property) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
+}
+
+// KillUnit takes the unit name and a UNIX signal number to send.  All of the unit's
+// processes are killed.
+func (c *Conn) KillUnit(name string, signal int32) {
+	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
+}
+
+// getProperties takes the unit name and returns all of its dbus object properties, for the given dbus interface
+func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]interface{}, error) {
+	var err error
+	var props map[string]dbus.Variant
+
+	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make(map[string]interface{}, len(props))
+	for k, v := range props {
+		out[k] = v.Value()
+	}
+
+	return out, nil
+}
+
+// GetUnitProperties takes the unit name and returns all of its dbus object properties.
+func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1.Unit")
+}
+
+func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
+	var err error
+	var prop dbus.Variant
+
+	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Property{Name: propertyName, Value: prop}, nil
+}
+
+func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
+}
+
+// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
+// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
+// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
+func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1."+unitType)
+}
+
+// SetUnitProperties() may be used to modify certain unit properties at runtime.
+// Not all properties may be changed at runtime, but many resource management
+// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
+// instantly, and stored on disk for future boots, unless runtime is true, in which
+// case the settings only apply until the next reboot. name is the name of the unit
+// to modify. properties are the settings to set, encoded as an array of property
+// name and value pairs.
+func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
+	return c.sysobj.Call("org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store()
+}
+
+func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1." + unitType, propertyName)
+}
+
+// ListUnits returns an array with all currently loaded units. Note that
+// units may be known by multiple names at the same time, and hence there might
+// be more unit names loaded than actual units behind them.
+func (c *Conn) ListUnits() ([]UnitStatus, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnits", 0).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	status := make([]UnitStatus, len(result))
+	statusInterface := make([]interface{}, len(status))
+	for i := range status {
+		statusInterface[i] = &status[i]
+	}
+
+	err = dbus.Store(resultInterface, statusInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return status, nil
+}
+
+type UnitStatus struct {
+	Name        string          // The primary unit name as string
+	Description string          // The human readable description string
+	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
+	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
+	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
+	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
+	Path        dbus.ObjectPath // The unit object path
+	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
+	JobType     string          // The job type as string
+	JobPath     dbus.ObjectPath // The job object path
+}
+
+type LinkUnitFileChange EnableUnitFileChange
+
+// LinkUnitFiles() links unit files (that are located outside of the
+// usual unit search paths) into the unit search path.
+//
+// It takes a list of absolute paths to unit files to link and two
+// booleans. The first boolean controls whether the unit shall be
+// enabled for runtime only (true, /run), or persistently (false,
+// /etc).
+// The second controls whether symlinks pointing to other units shall
+// be replaced if necessary.
+//
+// This call returns a list of the changes made. The list consists of
+// structures with three strings: the type of the change (one of symlink
+// or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]LinkUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+// EnableUnitFiles() may be used to enable one or more units in the system (by
+// creating symlinks to them in /etc or /run).
+//
+// It takes a list of unit files to enable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and two booleans: the first controls whether the unit shall
+// be enabled for runtime only (true, /run), or persistently (false, /etc).
+// The second one controls whether symlinks pointing to other units shall
+// be replaced if necessary.
+//
+// This call returns one boolean and an array with the changes made. The
+// boolean signals whether the unit files contained any enablement
+// information (i.e. an [Install]) section. The changes list consists of
+// structures with three strings: the type of the change (one of symlink
+// or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
+	var carries_install_info bool
+
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
+	if err != nil {
+		return false, nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]EnableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return false, nil, err
+	}
+
+	return carries_install_info, changes, nil
+}
+
+type EnableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// DisableUnitFiles() may be used to disable one or more units in the system (by
+// removing symlinks to them from /etc or /run).
+//
+// It takes a list of unit files to disable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and one boolean: whether the unit was enabled for runtime
+// only (true, /run), or persistently (false, /etc).
+//
+// This call returns an array with the changes made. The changes list
+// consists of structures with three strings: the type of the change (one of
+// symlink or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]DisableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type DisableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Reload instructs systemd to scan for and reload unit files. This is
+// equivalent to a 'systemctl daemon-reload'.
+func (c *Conn) Reload() error {
+	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
new file mode 100644
index 0000000000..8c7ab93eb3
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
@@ -0,0 +1,332 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"fmt"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+
+	"github.com/godbus/dbus"
+)
+
+func setupConn(t *testing.T) *Conn {
+	conn, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return conn
+}
+
+func findFixture(target string, t *testing.T) string {
+	abs, err := filepath.Abs("../fixtures/" + target)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return abs
+}
+
+func setupUnit(target string, conn *Conn, t *testing.T) {
+	// Blindly stop the unit in case it is running
+	conn.StopUnit(target, "replace")
+
+	// Blindly remove the symlink in case it exists
+	targetRun := filepath.Join("/run/systemd/system/", target)
+	os.Remove(targetRun)
+}
+
+func linkUnit(target string, conn *Conn, t *testing.T) {
+	abs := findFixture(target, t)
+	fixture := []string{abs}
+
+	changes, err := conn.LinkUnitFiles(fixture, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes) < 1 {
+		t.Fatalf("Expected one change, got %v", changes)
+	}
+
+	runPath := filepath.Join("/run/systemd/system/", target)
+	if changes[0].Filename != runPath {
+		t.Fatal("Unexpected target filename")
+	}
+}
+
+// Ensure that basic unit starting and stopping works.
+func TestStartStopUnit(t *testing.T) {
+	target := "start-stop.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+	linkUnit(target, conn, t)
+
+	// 2. Start the unit
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Job is not done:", job)
+	}
+
+	units, err := conn.ListUnits()
+
+	var unit *UnitStatus
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit == nil {
+		t.Fatalf("Test unit not found in list")
+	}
+
+	if unit.ActiveState != "active" {
+		t.Fatalf("Test unit not active")
+	}
+
+	// 3. Stop the unit
+	job, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	units, err = conn.ListUnits()
+
+	unit = nil
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit != nil {
+		t.Fatalf("Test unit found in list, should be stopped")
+	}
+}
+
+// Enables a unit and then immediately tears it down
+func TestEnableDisableUnit(t *testing.T) {
+	target := "enable-disable.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+	abs := findFixture(target, t)
+	runPath := filepath.Join("/run/systemd/system/", target)
+
+	// 1. Enable the unit
+	install, changes, err := conn.EnableUnitFiles([]string{abs}, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if install != false {
+		t.Fatal("Install was true")
+	}
+
+	if len(changes) < 1 {
+		t.Fatalf("Expected one change, got %v", changes)
+	}
+
+	if changes[0].Filename != runPath {
+		t.Fatal("Unexpected target filename")
+	}
+
+	// 2. Disable the unit
+	dChanges, err := conn.DisableUnitFiles([]string{abs}, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(dChanges) != 1 {
+		t.Fatalf("Changes should include the path, %v", dChanges)
+	}
+	if dChanges[0].Filename != runPath {
+		t.Fatalf("Change should include correct filename, %+v", dChanges[0])
+	}
+	if dChanges[0].Destination != "" {
+		t.Fatalf("Change destination should be empty, %+v", dChanges[0])
+	}
+}
+
+// TestGetUnitProperties reads the `-.mount` which should exist on all systemd
+// systems and ensures that one of its properties is valid.
+func TestGetUnitProperties(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "-.mount"
+
+	info, err := conn.GetUnitProperties(unit)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	names := info["Wants"].([]string)
+
+	if len(names) < 1 {
+		t.Fatal("/ is unwanted")
+	}
+
+	if names[0] != "system.slice" {
+		t.Fatal("unexpected wants for /")
+	}
+
+	prop, err := conn.GetUnitProperty(unit, "Wants")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if prop.Name != "Wants" {
+		t.Fatal("unexpected property name")
+	}
+
+	val := prop.Value.Value().([]string)
+	if !reflect.DeepEqual(val, names) {
+		t.Fatal("unexpected property value")
+	}
+}
+
+// TestGetUnitPropertiesRejectsInvalidName attempts to get the properties for a
+// unit with an invalid name. This test should be run with --test.timeout set,
+// as a fail will manifest as GetUnitProperties hanging indefinitely.
+func TestGetUnitPropertiesRejectsInvalidName(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "//invalid#$^/"
+
+	_, err := conn.GetUnitProperties(unit)
+	if err == nil {
+		t.Fatal("Expected an error, got nil")
+	}
+
+	_, err = conn.GetUnitProperty(unit, "Wants")
+	if err == nil {
+		t.Fatal("Expected an error, got nil")
+	}
+}
+
+// TestSetUnitProperties changes a cgroup setting on the `tmp.mount`
+// which should exist on all systemd systems and ensures that the
+// property was set.
+func TestSetUnitProperties(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "tmp.mount"
+
+	if err := conn.SetUnitProperties(unit, true, Property{"CPUShares", dbus.MakeVariant(uint64(1023))}); err != nil {
+		t.Fatal(err)
+	}
+
+	info, err := conn.GetUnitTypeProperties(unit, "Mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	value := info["CPUShares"].(uint64)
+	if value != 1023 {
+		t.Fatal("CPUShares of unit is not 1023:", value)
+	}
+}
+
+// Ensure that basic transient unit starting and stopping works.
+func TestStartStopTransientUnit(t *testing.T) {
+	conn := setupConn(t)
+
+	props := []Property{
+		PropExecStart([]string{"/bin/sleep", "400"}, false),
+	}
+	target := fmt.Sprintf("testing-transient-%d.service", rand.Int())
+
+	// Start the unit
+	job, err := conn.StartTransientUnit(target, "replace", props...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Job is not done:", job)
+	}
+
+	units, err := conn.ListUnits()
+
+	var unit *UnitStatus
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit == nil {
+		t.Fatalf("Test unit not found in list")
+	}
+
+	if unit.ActiveState != "active" {
+		t.Fatalf("Test unit not active")
+	}
+
+	// 3. Stop the unit
+	job, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	units, err = conn.ListUnits()
+
+	unit = nil
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit != nil {
+		t.Fatalf("Test unit found in list, should be stopped")
+	}
+}
+
+func TestConnJobListener(t *testing.T) {
+	target := "start-stop.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+	linkUnit(target, conn, t)
+
+	jobSize := len(conn.jobListener.jobs)
+
+	_, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	currentJobSize := len(conn.jobListener.jobs)
+	if jobSize != currentJobSize {
+		t.Fatal("JobListener jobs leaked")
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
new file mode 100644
index 0000000000..a06ccda761
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
@@ -0,0 +1,220 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"github.com/godbus/dbus"
+)
+
+// From the systemd docs:
+//
+// The properties array of StartTransientUnit() may take many of the settings
+// that may also be configured in unit files. Not all parameters are currently
+// accepted though, but we plan to cover more properties with future release.
+// Currently you may set the Description, Slice and all dependency types of
+// units, as well as RemainAfterExit, ExecStart for service units,
+// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
+// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
+// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
+// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
+// directly to their counterparts in unit files and as normal D-Bus object
+// properties. The exception here is the PIDs field of scope units which is
+// used for construction of the scope only and specifies the initial PIDs to
+// add to the scope object.
+
+type Property struct {
+	Name  string
+	Value dbus.Variant
+}
+
+type PropertyCollection struct {
+	Name       string
+	Properties []Property
+}
+
+type execStart struct {
+	Path             string   // the binary path to execute
+	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
+	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
+}
+
+// PropExecStart sets the ExecStart service property.  The first argument is a
+// slice with the binary path to execute followed by the arguments to pass to
+// the executed command. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
+func PropExecStart(command []string, uncleanIsFailure bool) Property {
+	execStarts := []execStart{
+		execStart{
+			Path:             command[0],
+			Args:             command,
+			UncleanIsFailure: uncleanIsFailure,
+		},
+	}
+
+	return Property{
+		Name:  "ExecStart",
+		Value: dbus.MakeVariant(execStarts),
+	}
+}
+
+// PropRemainAfterExit sets the RemainAfterExit service property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
+func PropRemainAfterExit(b bool) Property {
+	return Property{
+		Name:  "RemainAfterExit",
+		Value: dbus.MakeVariant(b),
+	}
+}
+
+// PropDescription sets the Description unit property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
+func PropDescription(desc string) Property {
+	return Property{
+		Name:  "Description",
+		Value: dbus.MakeVariant(desc),
+	}
+}
+
+func propDependency(name string, units []string) Property {
+	return Property{
+		Name:  name,
+		Value: dbus.MakeVariant(units),
+	}
+}
+
+// PropRequires sets the Requires unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
+func PropRequires(units ...string) Property {
+	return propDependency("Requires", units)
+}
+
+// PropRequiresOverridable sets the RequiresOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
+func PropRequiresOverridable(units ...string) Property {
+	return propDependency("RequiresOverridable", units)
+}
+
+// PropRequisite sets the Requisite unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
+func PropRequisite(units ...string) Property {
+	return propDependency("Requisite", units)
+}
+
+// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
+func PropRequisiteOverridable(units ...string) Property {
+	return propDependency("RequisiteOverridable", units)
+}
+
+// PropWants sets the Wants unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
+func PropWants(units ...string) Property {
+	return propDependency("Wants", units)
+}
+
+// PropBindsTo sets the BindsTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
+func PropBindsTo(units ...string) Property {
+	return propDependency("BindsTo", units)
+}
+
+// PropRequiredBy sets the RequiredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
+func PropRequiredBy(units ...string) Property {
+	return propDependency("RequiredBy", units)
+}
+
+// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
+func PropRequiredByOverridable(units ...string) Property {
+	return propDependency("RequiredByOverridable", units)
+}
+
+// PropWantedBy sets the WantedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
+func PropWantedBy(units ...string) Property {
+	return propDependency("WantedBy", units)
+}
+
+// PropBoundBy sets the BoundBy unit property.  See
+// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
+func PropBoundBy(units ...string) Property {
+	return propDependency("BoundBy", units)
+}
+
+// PropConflicts sets the Conflicts unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
+func PropConflicts(units ...string) Property {
+	return propDependency("Conflicts", units)
+}
+
+// PropConflictedBy sets the ConflictedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
+func PropConflictedBy(units ...string) Property {
+	return propDependency("ConflictedBy", units)
+}
+
+// PropBefore sets the Before unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
+func PropBefore(units ...string) Property {
+	return propDependency("Before", units)
+}
+
+// PropAfter sets the After unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
+func PropAfter(units ...string) Property {
+	return propDependency("After", units)
+}
+
+// PropOnFailure sets the OnFailure unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
+func PropOnFailure(units ...string) Property {
+	return propDependency("OnFailure", units)
+}
+
+// PropTriggers sets the Triggers unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
+func PropTriggers(units ...string) Property {
+	return propDependency("Triggers", units)
+}
+
+// PropTriggeredBy sets the TriggeredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
+func PropTriggeredBy(units ...string) Property {
+	return propDependency("TriggeredBy", units)
+}
+
+// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
+func PropPropagatesReloadTo(units ...string) Property {
+	return propDependency("PropagatesReloadTo", units)
+}
+
+// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
+func PropRequiresMountsFor(units ...string) Property {
+	return propDependency("RequiresMountsFor", units)
+}
+
+// PropSlice sets the Slice unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
+func PropSlice(slice string) Property {
+	return Property{
+		Name:  "Slice",
+		Value: dbus.MakeVariant(slice),
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
new file mode 100644
index 0000000000..45ad1fb399
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
@@ -0,0 +1,33 @@
+package dbus
+
+type set struct {
+	data map[string]bool
+}
+
+func (s *set) Add(value string) {
+	s.data[value] = true
+}
+
+func (s *set) Remove(value string) {
+	delete(s.data, value)
+}
+
+func (s *set) Contains(value string) (exists bool) {
+	_, exists = s.data[value]
+	return
+}
+
+func (s *set) Length() (int) {
+	return len(s.data)
+}
+
+func (s *set) Values() (values []string) {
+	 for val, _ := range s.data {
+		values = append(values, val)
+	 }
+	 return
+}
+
+func newSet() (*set) {
+	return &set{make(map[string] bool)}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
new file mode 100644
index 0000000000..c4435f8800
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
@@ -0,0 +1,39 @@
+package dbus
+
+import (
+	"testing"
+)
+
+// TestBasicSetActions asserts that Add & Remove behavior is correct
+func TestBasicSetActions(t *testing.T) {
+	s := newSet()
+
+	if s.Contains("foo") {
+		t.Fatal("set should not contain 'foo'")
+	}
+
+	s.Add("foo")
+
+	if !s.Contains("foo") {
+		t.Fatal("set should contain 'foo'")
+	}
+
+	v := s.Values()
+	if len(v) != 1 {
+		t.Fatal("set.Values did not report correct number of values")
+	}
+	if v[0] != "foo" {
+		t.Fatal("set.Values did not report value")
+	}
+
+	s.Remove("foo")
+
+	if s.Contains("foo") {
+		t.Fatal("set should not contain 'foo'")
+	}
+
+	v = s.Values()
+	if len(v) != 0 {
+		t.Fatal("set.Values did not report correct number of values")
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
new file mode 100644
index 0000000000..fcd29b6e8f
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
@@ -0,0 +1,251 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"errors"
+	"time"
+
+	"github.com/godbus/dbus"
+)
+
+const (
+	cleanIgnoreInterval = int64(10 * time.Second)
+	ignoreInterval      = int64(30 * time.Millisecond)
+)
+
+// Subscribe sets up this connection to subscribe to all systemd dbus events.
+// This is required before calling SubscribeUnits. When the connection closes
+// systemd will automatically stop sending signals so there is no need to
+// explicitly call Unsubscribe().
+func (c *Conn) Subscribe() error {
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',interface='org.freedesktop.systemd1.Manager',member='UnitNew'")
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'")
+
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Unsubscribe this connection from systemd dbus events.
+func (c *Conn) Unsubscribe() error {
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *Conn) initSubscription() {
+	c.subscriber.ignore = make(map[dbus.ObjectPath]int64)
+}
+
+func (c *Conn) initDispatch() {
+	ch := make(chan *dbus.Signal, signalBuffer)
+
+	c.sysconn.Signal(ch)
+
+	go func() {
+		for {
+			signal, ok := <-ch
+			if !ok {
+				return
+			}
+
+			switch signal.Name {
+			case "org.freedesktop.systemd1.Manager.JobRemoved":
+				c.jobComplete(signal)
+
+				unitName := signal.Body[2].(string)
+				var unitPath dbus.ObjectPath
+				c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath)
+				if unitPath != dbus.ObjectPath("") {
+					c.sendSubStateUpdate(unitPath)
+				}
+			case "org.freedesktop.systemd1.Manager.UnitNew":
+				c.sendSubStateUpdate(signal.Body[1].(dbus.ObjectPath))
+			case "org.freedesktop.DBus.Properties.PropertiesChanged":
+				if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" {
+					// we only care about SubState updates, which are a Unit property
+					c.sendSubStateUpdate(signal.Path)
+				}
+			}
+		}
+	}()
+}
+
+// Returns two unbuffered channels which will receive all changed units every
+// interval.  Deleted units are sent as nil.
+func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) {
+	return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil)
+}
+
+// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer
+// size of the channels, the comparison function for detecting changes and a filter
+// function for cutting down on the noise that your channel receives.
+func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func (string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
+	old := make(map[string]*UnitStatus)
+	statusChan := make(chan map[string]*UnitStatus, buffer)
+	errChan := make(chan error, buffer)
+
+	go func() {
+		for {
+			timerChan := time.After(interval)
+
+			units, err := c.ListUnits()
+			if err == nil {
+				cur := make(map[string]*UnitStatus)
+				for i := range units {
+					if filterUnit != nil && filterUnit(units[i].Name) {
+						continue
+					}
+					cur[units[i].Name] = &units[i]
+				}
+
+				// add all new or changed units
+				changed := make(map[string]*UnitStatus)
+				for n, u := range cur {
+					if oldU, ok := old[n]; !ok || isChanged(oldU, u) {
+						changed[n] = u
+					}
+					delete(old, n)
+				}
+
+				// add all deleted units
+				for oldN := range old {
+					changed[oldN] = nil
+				}
+
+				old = cur
+
+				if len(changed) != 0 {
+					statusChan <- changed
+				}
+			} else {
+				errChan <- err
+			}
+
+			<-timerChan
+		}
+	}()
+
+	return statusChan, errChan
+}
+
+type SubStateUpdate struct {
+	UnitName string
+	SubState string
+}
+
+// SetSubStateSubscriber writes to updateCh when any unit's substate changes.
+// Although this writes to updateCh on every state change, the reported state
+// may be more recent than the change that generated it (due to an unavoidable
+// race in the systemd dbus interface).  That is, this method provides a good
+// way to keep a current view of all units' states, but is not guaranteed to
+// show every state transition they go through.  Furthermore, state changes
+// will only be written to the channel with non-blocking writes.  If updateCh
+// is full, it attempts to write an error to errCh; if errCh is full, the error
+// passes silently.
+func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) {
+	c.subscriber.Lock()
+	defer c.subscriber.Unlock()
+	c.subscriber.updateCh = updateCh
+	c.subscriber.errCh = errCh
+}
+
+func (c *Conn) sendSubStateUpdate(path dbus.ObjectPath) {
+	c.subscriber.Lock()
+	defer c.subscriber.Unlock()
+	if c.subscriber.updateCh == nil {
+		return
+	}
+
+	if c.shouldIgnore(path) {
+		return
+	}
+
+	info, err := c.GetUnitProperties(string(path))
+	if err != nil {
+		select {
+		case c.subscriber.errCh <- err:
+		default:
+		}
+	}
+
+	name := info["Id"].(string)
+	substate := info["SubState"].(string)
+
+	update := &SubStateUpdate{name, substate}
+	select {
+	case c.subscriber.updateCh <- update:
+	default:
+		select {
+		case c.subscriber.errCh <- errors.New("update channel full!"):
+		default:
+		}
+	}
+
+	c.updateIgnore(path, info)
+}
+
+// The ignore functions work around a wart in the systemd dbus interface.
+// Requesting the properties of an unloaded unit will cause systemd to send a
+// pair of UnitNew/UnitRemoved signals.  Because we need to get a unit's
+// properties on UnitNew (as that's the only indication of a new unit coming up
+// for the first time), we would enter an infinite loop if we did not attempt
+// to detect and ignore these spurious signals.  The signal themselves are
+// indistinguishable from relevant ones, so we (somewhat hackishly) ignore an
+// unloaded unit's signals for a short time after requesting its properties.
+// This means that we will miss e.g. a transient unit being restarted
+// *immediately* upon failure and also a transient unit being started
+// immediately after requesting its status (with systemctl status, for example,
+// because this causes a UnitNew signal to be sent which then causes us to fetch
+// the properties).
+
+func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool {
+	t, ok := c.subscriber.ignore[path]
+	return ok && t >= time.Now().UnixNano()
+}
+
+func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) {
+	c.cleanIgnore()
+
+	// unit is unloaded - it will trigger bad systemd dbus behavior
+	if info["LoadState"].(string) == "not-found" {
+		c.subscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval
+	}
+}
+
+// without this, ignore would grow unboundedly over time
+func (c *Conn) cleanIgnore() {
+	now := time.Now().UnixNano()
+	if c.subscriber.cleanIgnore < now {
+		c.subscriber.cleanIgnore = now + cleanIgnoreInterval
+
+		for p, t := range c.subscriber.ignore {
+			if t < now {
+				delete(c.subscriber.ignore, p)
+			}
+		}
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
new file mode 100644
index 0000000000..2625786052
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
@@ -0,0 +1,32 @@
+package dbus
+
+import (
+	"time"
+)
+
+// SubscriptionSet returns a subscription set which is like conn.Subscribe but
+// can filter to only return events for a set of units.
+type SubscriptionSet struct {
+	*set
+	conn *Conn
+}
+
+
+func (s *SubscriptionSet) filter(unit string) bool {
+	return !s.Contains(unit)
+}
+
+// Subscribe starts listening for dbus events for all of the units in the set.
+// Returns channels identical to conn.SubscribeUnits.
+func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) {
+	// TODO: Make fully evented by using systemd 209 with properties changed values
+	return s.conn.SubscribeUnitsCustom(time.Second, 0,
+		func(u1, u2 *UnitStatus) bool { return *u1 != *u2 },
+		func(unit string) bool { return s.filter(unit) },
+	)
+}
+
+// NewSubscriptionSet returns a new subscription set.
+func (conn *Conn) NewSubscriptionSet() (*SubscriptionSet) {
+	return &SubscriptionSet{newSet(), conn}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
new file mode 100644
index 0000000000..4ecd15376d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
@@ -0,0 +1,66 @@
+package dbus
+
+import (
+	"testing"
+	"time"
+)
+
+// TestSubscribeUnit exercises the basics of subscription of a particular unit.
+func TestSubscriptionSetUnit(t *testing.T) {
+	target := "subscribe-events-set.service"
+
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	subSet := conn.NewSubscriptionSet()
+	evChan, errChan := subSet.Subscribe()
+
+	subSet.Add(target)
+	setupUnit(target, conn, t)
+	linkUnit(target, conn, t)
+
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Couldn't start", target)
+	}
+
+	timeout := make(chan bool, 1)
+	go func() {
+		time.Sleep(3 * time.Second)
+		close(timeout)
+	}()
+
+	for {
+		select {
+		case changes := <-evChan:
+			tCh, ok := changes[target]
+
+			if !ok {
+				t.Fatal("Unexpected event:", changes)
+			}
+
+			if tCh.ActiveState == "active" && tCh.Name == target {
+				goto success
+			}
+		case err = <-errChan:
+			t.Fatal(err)
+		case <-timeout:
+			t.Fatal("Reached timeout")
+		}
+	}
+
+success:
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
new file mode 100644
index 0000000000..f2b5dfc28c
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
@@ -0,0 +1,91 @@
+package dbus
+
+import (
+	"testing"
+	"time"
+)
+
+// TestSubscribe exercises the basics of subscription
+func TestSubscribe(t *testing.T) {
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Unsubscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// TestSubscribeUnit exercises the basics of subscription of a particular unit.
+func TestSubscribeUnit(t *testing.T) {
+	target := "subscribe-events.service"
+
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Unsubscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	evChan, errChan := conn.SubscribeUnits(time.Second)
+
+	setupUnit(target, conn, t)
+	linkUnit(target, conn, t)
+
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Couldn't start", target)
+	}
+
+	timeout := make(chan bool, 1)
+	go func() {
+		time.Sleep(3 * time.Second)
+		close(timeout)
+	}()
+
+	for {
+		select {
+		case changes := <-evChan:
+			tCh, ok := changes[target]
+
+			// Just continue until we see our event.
+			if !ok {
+				continue
+			}
+
+			if tCh.ActiveState == "active" && tCh.Name == target {
+				goto success
+			}
+		case err = <-errChan:
+			t.Fatal(err)
+		case <-timeout:
+			t.Fatal("Reached timeout")
+		}
+	}
+
+success:
+	return
+}
+
+
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
new file mode 100644
index 0000000000..b3cf70ed84
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
@@ -0,0 +1,44 @@
+// Activation example used by the activation unit tests.
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func fixListenPid() {
+	if os.Getenv("FIX_LISTEN_PID") != "" {
+		// HACK: real systemd would set LISTEN_PID before exec'ing but
+		// this is too difficult in golang for the purpose of a test.
+		// Do not do this in real code.
+		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
+	}
+}
+
+func main() {
+	fixListenPid()
+
+	files := activation.Files(false)
+
+	if len(files) == 0 {
+		panic("No files")
+	}
+
+	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
+		panic("Should not unset envs")
+	}
+
+	files = activation.Files(true)
+
+	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
+		panic("Can not unset envs")
+	}
+
+	// Write out the expected strings to the two pipes
+	files[0].Write([]byte("Hello world"))
+	files[1].Write([]byte("Goodbye world"))
+
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
new file mode 100644
index 0000000000..a350cca5e5
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
@@ -0,0 +1,19 @@
+## socket activated http server
+
+This is a simple example of using socket activation with systemd to serve a
+simple HTTP server on http://127.0.0.1:8076
+
+To try it out `go get` the httpserver and run it under the systemd-activate helper
+
+```
+export GOPATH=`pwd`
+go get github.com/coreos/go-systemd/examples/activation/httpserver
+sudo /usr/lib/systemd/systemd-activate -l 127.0.0.1:8076 ./bin/httpserver
+```
+
+Then curl the URL and you will notice that it starts up:
+
+```
+curl 127.0.0.1:8076
+hello socket activated world!
+```
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
new file mode 100644
index 0000000000..c8dea0f6b3
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Hello World HTTP
+Requires=network.target
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/httpserver
+
+[Install]
+WantedBy=multi-user.target
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
new file mode 100644
index 0000000000..723ed7ed92
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
@@ -0,0 +1,5 @@
+[Socket]
+ListenStream=127.0.0.1:8076
+
+[Install]
+WantedBy=sockets.target
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
new file mode 100644
index 0000000000..380c325d61
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func HelloServer(w http.ResponseWriter, req *http.Request) {
+	io.WriteString(w, "hello socket activated world!\n")
+}
+
+func main() {
+	listeners, err := activation.Listeners(true)
+	if err != nil {
+		panic(err)
+	}
+
+	if len(listeners) != 1 {
+		panic("Unexpected number of socket activation fds")
+	}
+
+	http.HandleFunc("/", HelloServer)
+	http.Serve(listeners[0], nil)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
new file mode 100644
index 0000000000..5850a8b796
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
@@ -0,0 +1,50 @@
+// Activation example used by the activation unit tests.
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func fixListenPid() {
+	if os.Getenv("FIX_LISTEN_PID") != "" {
+		// HACK: real systemd would set LISTEN_PID before exec'ing but
+		// this is too difficult in golang for the purpose of a test.
+		// Do not do this in real code.
+		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
+	}
+}
+
+func main() {
+	fixListenPid()
+
+	listeners, _ := activation.Listeners(false)
+
+	if len(listeners) == 0 {
+		panic("No listeners")
+	}
+
+	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
+		panic("Should not unset envs")
+	}
+
+	listeners, err := activation.Listeners(true)
+	if err != nil {
+		panic(err)
+	}
+
+	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
+		panic("Can not unset envs")
+	}
+
+	c0, _ := listeners[0].Accept()
+	c1, _ := listeners[1].Accept()
+
+	// Write out the expected strings to the two pipes
+	c0.Write([]byte("Hello world"))
+	c1.Write([]byte("Goodbye world"))
+
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
new file mode 100644
index 0000000000..74c9459088
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=enable disable test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
new file mode 100644
index 0000000000..b52e120988
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
@@ -0,0 +1,168 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package journal provides write bindings to the systemd journal
+package journal
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+// Priority of a journal message
+type Priority int
+
+const (
+	PriEmerg Priority = iota
+	PriAlert
+	PriCrit
+	PriErr
+	PriWarning
+	PriNotice
+	PriInfo
+	PriDebug
+)
+
+var conn net.Conn
+
+func init() {
+	var err error
+	conn, err = net.Dial("unixgram", "/run/systemd/journal/socket")
+	if err != nil {
+		conn = nil
+	}
+}
+
+// Enabled returns true iff the systemd journal is available for logging
+func Enabled() bool {
+	return conn != nil
+}
+
+// Send a message to the systemd journal. vars is a map of journald fields to
+// values.  Fields must be composed of uppercase letters, numbers, and
+// underscores, but must not start with an underscore. Within these
+// restrictions, any arbitrary field name may be used.  Some names have special
+// significance: see the journalctl documentation
+// (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html)
+// for more details.  vars may be nil.
+func Send(message string, priority Priority, vars map[string]string) error {
+	if conn == nil {
+		return journalError("could not connect to journald socket")
+	}
+
+	data := new(bytes.Buffer)
+	appendVariable(data, "PRIORITY", strconv.Itoa(int(priority)))
+	appendVariable(data, "MESSAGE", message)
+	for k, v := range vars {
+		appendVariable(data, k, v)
+	}
+
+	_, err := io.Copy(conn, data)
+	if err != nil && isSocketSpaceError(err) {
+		file, err := tempFd()
+		if err != nil {
+			return journalError(err.Error())
+		}
+		_, err = io.Copy(file, data)
+		if err != nil {
+			return journalError(err.Error())
+		}
+
+		rights := syscall.UnixRights(int(file.Fd()))
+
+		/* this connection should always be a UnixConn, but better safe than sorry */
+		unixConn, ok := conn.(*net.UnixConn)
+		if !ok {
+			return journalError("can't send file through non-Unix connection")
+		}
+		unixConn.WriteMsgUnix([]byte{}, rights, nil)
+	} else if err != nil {
+		return journalError(err.Error())
+	}
+	return nil
+}
+
+func appendVariable(w io.Writer, name, value string) {
+	if !validVarName(name) {
+		journalError("variable name contains invalid character, ignoring")
+	}
+	if strings.ContainsRune(value, '\n') {
+		/* When the value contains a newline, we write:
+		 * - the variable name, followed by a newline
+		 * - the size (in 64bit little endian format)
+		 * - the data, followed by a newline
+		 */
+		fmt.Fprintln(w, name)
+		binary.Write(w, binary.LittleEndian, uint64(len(value)))
+		fmt.Fprintln(w, value)
+	} else {
+		/* just write the variable and value all on one line */
+		fmt.Fprintf(w, "%s=%s\n", name, value)
+	}
+}
+
+func validVarName(name string) bool {
+	/* The variable name must be in uppercase and consist only of characters,
+	 * numbers and underscores, and may not begin with an underscore. (from the docs)
+	 */
+
+	valid := name[0] != '_'
+	for _, c := range name {
+		valid = valid && ('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') || c == '_'
+	}
+	return valid
+}
+
+func isSocketSpaceError(err error) bool {
+	opErr, ok := err.(*net.OpError)
+	if !ok {
+		return false
+	}
+
+	sysErr, ok := opErr.Err.(syscall.Errno)
+	if !ok {
+		return false
+	}
+
+	return sysErr == syscall.EMSGSIZE || sysErr == syscall.ENOBUFS
+}
+
+func tempFd() (*os.File, error) {
+	file, err := ioutil.TempFile("/dev/shm/", "journal.XXXXX")
+	if err != nil {
+		return nil, err
+	}
+	syscall.Unlink(file.Name())
+	if err != nil {
+		return nil, err
+	}
+	return file, nil
+}
+
+func journalError(s string) error {
+	s = "journal error: " + s
+	fmt.Fprintln(os.Stderr, s)
+	return errors.New(s)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
new file mode 100644
index 0000000000..d00dd110b5
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
@@ -0,0 +1,81 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Integration with the systemd logind API.  See http://www.freedesktop.org/wiki/Software/systemd/logind/
+package login1
+
+import (
+	"os"
+	"strconv"
+
+	"github.com/godbus/dbus"
+)
+
+const (
+	dbusInterface = "org.freedesktop.login1.Manager"
+	dbusPath      = "/org/freedesktop/login1"
+)
+
+// Conn is a connection to systemds dbus endpoint.
+type Conn struct {
+	conn   *dbus.Conn
+	object *dbus.Object
+}
+
+// New() establishes a connection to the system bus and authenticates.
+func New() (*Conn, error) {
+	c := new(Conn)
+
+	if err := c.initConnection(); err != nil {
+		return nil, err
+	}
+
+	return c, nil
+}
+
+func (c *Conn) initConnection() error {
+	var err error
+	c.conn, err = dbus.SystemBusPrivate()
+	if err != nil {
+		return err
+	}
+
+	// Only use EXTERNAL method, and hardcode the uid (not username)
+	// to avoid a username lookup (which requires a dynamically linked
+	// libc)
+	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
+
+	err = c.conn.Auth(methods)
+	if err != nil {
+		c.conn.Close()
+		return err
+	}
+
+	err = c.conn.Hello()
+	if err != nil {
+		c.conn.Close()
+		return err
+	}
+
+	c.object = c.conn.Object("org.freedesktop.login1", dbus.ObjectPath(dbusPath))
+
+	return nil
+}
+
+// Reboot asks logind for a reboot optionally asking for auth.
+func (c *Conn) Reboot(askForAuth bool) {
+	c.object.Call(dbusInterface+".Reboot", 0, askForAuth)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
new file mode 100644
index 0000000000..4439d37380
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
@@ -0,0 +1,30 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package login1
+
+import (
+	"testing"
+)
+
+// TestNew ensures that New() works without errors.
+func TestNew(t *testing.T) {
+	_, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
new file mode 100755
index 0000000000..6e043658ae
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
@@ -0,0 +1,3 @@
+#!/bin/sh -e
+
+go test -v ./...
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
new file mode 100644
index 0000000000..06b252bcbc
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
@@ -0,0 +1,25 @@
+Copyright (c) 2013, Georg Reinke (<guelfey at gmail dot com>)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
new file mode 100644
index 0000000000..3ab2116651
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
@@ -0,0 +1,38 @@
+dbus
+----
+
+dbus is a simple library that implements native Go client bindings for the
+D-Bus message bus system.
+
+### Features
+
+* Complete native implementation of the D-Bus message protocol
+* Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections)
+* Subpackages that help with the introspection / property interfaces
+
+### Installation
+
+This packages requires Go 1.1. If you installed it and set up your GOPATH, just run:
+
+```
+go get github.com/godbus/dbus
+```
+
+If you want to use the subpackages, you can install them the same way.
+
+### Usage
+
+The complete package documentation and some simple examples are available at
+[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the
+[_examples](https://github.com/godbus/dbus/tree/master/_examples) directory
+gives a short overview over the basic usage. 
+
+Please note that the API is considered unstable for now and may change without
+further notice.
+
+### License
+
+go.dbus is available under the Simplified BSD License; see LICENSE for the full
+text.
+
+Nearly all of the credit for this library goes to github.com/guelfey/go.dbus.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
new file mode 100644
index 0000000000..11deef3cf8
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	for _, v := range []string{"method_call", "method_return", "error", "signal"} {
+		call := conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+			"eavesdrop='true',type='"+v+"'")
+		if call.Err != nil {
+			fmt.Fprintln(os.Stderr, "Failed to add match:", call.Err)
+			os.Exit(1)
+		}
+	}
+	c := make(chan *dbus.Message, 10)
+	conn.Eavesdrop(c)
+	fmt.Println("Listening for everything")
+	for v := range c {
+		fmt.Println(v)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
new file mode 100644
index 0000000000..a2af4e5f24
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"encoding/json"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	node, err := introspect.Call(conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus"))
+	if err != nil {
+		panic(err)
+	}
+	data, _ := json.MarshalIndent(node, "", "    ")
+	os.Stdout.Write(data)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
new file mode 100644
index 0000000000..ce1f7ec52e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	var s []string
+	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&s)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to get list of owned names:", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Currently owned names on the session bus:")
+	for _, v := range s {
+		fmt.Println(v)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
new file mode 100644
index 0000000000..5fe11d04c4
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
@@ -0,0 +1,17 @@
+package main
+
+import "github.com/godbus/dbus"
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	obj := conn.Object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
+	call := obj.Call("org.freedesktop.Notifications.Notify", 0, "", uint32(0),
+		"", "Test", "This is a test of the DBus bindings for go.", []string{},
+		map[string]dbus.Variant{}, int32(5000))
+	if call.Err != nil {
+		panic(call.Err)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
new file mode 100644
index 0000000000..e3408c53e9
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"github.com/godbus/dbus/prop"
+	"os"
+)
+
+type foo string
+
+func (f foo) Foo() (string, *dbus.Error) {
+	fmt.Println(f)
+	return string(f), nil
+}
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	reply, err := conn.RequestName("com.github.guelfey.Demo",
+		dbus.NameFlagDoNotQueue)
+	if err != nil {
+		panic(err)
+	}
+	if reply != dbus.RequestNameReplyPrimaryOwner {
+		fmt.Fprintln(os.Stderr, "name already taken")
+		os.Exit(1)
+	}
+	propsSpec := map[string]map[string]*prop.Prop{
+		"com.github.guelfey.Demo": {
+			"SomeInt": {
+				int32(0),
+				true,
+				prop.EmitTrue,
+				func(c *prop.Change) *dbus.Error {
+					fmt.Println(c.Name, "changed to", c.Value)
+					return nil
+				},
+			},
+		},
+	}
+	f := foo("Bar")
+	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
+	props := prop.New(conn, "/com/github/guelfey/Demo", propsSpec)
+	n := &introspect.Node{
+		Name: "/com/github/guelfey/Demo",
+		Interfaces: []introspect.Interface{
+			introspect.IntrospectData,
+			prop.IntrospectData,
+			{
+				Name:       "com.github.guelfey.Demo",
+				Methods:    introspect.Methods(f),
+				Properties: props.Introspection("com.github.guelfey.Demo"),
+			},
+		},
+	}
+	conn.Export(introspect.NewIntrospectable(n), "/com/github/guelfey/Demo",
+		"org.freedesktop.DBus.Introspectable")
+	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
+
+	c := make(chan *dbus.Signal)
+	conn.Signal(c)
+	for _ = range c {
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
new file mode 100644
index 0000000000..32b7b291c7
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
@@ -0,0 +1,45 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"os"
+)
+
+const intro = `
+<node>
+	<interface name="com.github.guelfey.Demo">
+		<method name="Foo">
+			<arg direction="out" type="s"/>
+		</method>
+	</interface>` + introspect.IntrospectDataString + `</node> `
+
+type foo string
+
+func (f foo) Foo() (string, *dbus.Error) {
+	fmt.Println(f)
+	return string(f), nil
+}
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	reply, err := conn.RequestName("com.github.guelfey.Demo",
+		dbus.NameFlagDoNotQueue)
+	if err != nil {
+		panic(err)
+	}
+	if reply != dbus.RequestNameReplyPrimaryOwner {
+		fmt.Fprintln(os.Stderr, "name already taken")
+		os.Exit(1)
+	}
+	f := foo("Bar!")
+	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
+	conn.Export(introspect.Introspectable(intro), "/com/github/guelfey/Demo",
+		"org.freedesktop.DBus.Introspectable")
+	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
+	select {}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
new file mode 100644
index 0000000000..8f3f809759
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',sender='org.freedesktop.DBus'")
+
+	c := make(chan *dbus.Signal, 10)
+	conn.Signal(c)
+	for v := range c {
+		fmt.Println(v)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
new file mode 100644
index 0000000000..98017b693e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
@@ -0,0 +1,253 @@
+package dbus
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"io"
+	"os"
+	"strconv"
+)
+
+// AuthStatus represents the Status of an authentication mechanism.
+type AuthStatus byte
+
+const (
+	// AuthOk signals that authentication is finished; the next command
+	// from the server should be an OK.
+	AuthOk AuthStatus = iota
+
+	// AuthContinue signals that additional data is needed; the next command
+	// from the server should be a DATA.
+	AuthContinue
+
+	// AuthError signals an error; the server sent invalid data or some
+	// other unexpected thing happened and the current authentication
+	// process should be aborted.
+	AuthError
+)
+
+type authState byte
+
+const (
+	waitingForData authState = iota
+	waitingForOk
+	waitingForReject
+)
+
+// Auth defines the behaviour of an authentication mechanism.
+type Auth interface {
+	// Return the name of the mechnism, the argument to the first AUTH command
+	// and the next status.
+	FirstData() (name, resp []byte, status AuthStatus)
+
+	// Process the given DATA command, and return the argument to the DATA
+	// command and the next status. If len(resp) == 0, no DATA command is sent.
+	HandleData(data []byte) (resp []byte, status AuthStatus)
+}
+
+// Auth authenticates the connection, trying the given list of authentication
+// mechanisms (in that order). If nil is passed, the EXTERNAL and
+// DBUS_COOKIE_SHA1 mechanisms are tried for the current user. For private
+// connections, this method must be called before sending any messages to the
+// bus. Auth must not be called on shared connections.
+func (conn *Conn) Auth(methods []Auth) error {
+	if methods == nil {
+		uid := strconv.Itoa(os.Getuid())
+		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
+	}
+	in := bufio.NewReader(conn.transport)
+	err := conn.transport.SendNullByte()
+	if err != nil {
+		return err
+	}
+	err = authWriteLine(conn.transport, []byte("AUTH"))
+	if err != nil {
+		return err
+	}
+	s, err := authReadLine(in)
+	if err != nil {
+		return err
+	}
+	if len(s) < 2 || !bytes.Equal(s[0], []byte("REJECTED")) {
+		return errors.New("dbus: authentication protocol error")
+	}
+	s = s[1:]
+	for _, v := range s {
+		for _, m := range methods {
+			if name, data, status := m.FirstData(); bytes.Equal(v, name) {
+				var ok bool
+				err = authWriteLine(conn.transport, []byte("AUTH"), []byte(v), data)
+				if err != nil {
+					return err
+				}
+				switch status {
+				case AuthOk:
+					err, ok = conn.tryAuth(m, waitingForOk, in)
+				case AuthContinue:
+					err, ok = conn.tryAuth(m, waitingForData, in)
+				default:
+					panic("dbus: invalid authentication status")
+				}
+				if err != nil {
+					return err
+				}
+				if ok {
+					if conn.transport.SupportsUnixFDs() {
+						err = authWriteLine(conn, []byte("NEGOTIATE_UNIX_FD"))
+						if err != nil {
+							return err
+						}
+						line, err := authReadLine(in)
+						if err != nil {
+							return err
+						}
+						switch {
+						case bytes.Equal(line[0], []byte("AGREE_UNIX_FD")):
+							conn.EnableUnixFDs()
+							conn.unixFD = true
+						case bytes.Equal(line[0], []byte("ERROR")):
+						default:
+							return errors.New("dbus: authentication protocol error")
+						}
+					}
+					err = authWriteLine(conn.transport, []byte("BEGIN"))
+					if err != nil {
+						return err
+					}
+					go conn.inWorker()
+					go conn.outWorker()
+					return nil
+				}
+			}
+		}
+	}
+	return errors.New("dbus: authentication failed")
+}
+
+// tryAuth tries to authenticate with m as the mechanism, using state as the
+// initial authState and in for reading input. It returns (nil, true) on
+// success, (nil, false) on a REJECTED and (someErr, false) if some other
+// error occured.
+func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) {
+	for {
+		s, err := authReadLine(in)
+		if err != nil {
+			return err, false
+		}
+		switch {
+		case state == waitingForData && string(s[0]) == "DATA":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+				continue
+			}
+			data, status := m.HandleData(s[1])
+			switch status {
+			case AuthOk, AuthContinue:
+				if len(data) != 0 {
+					err = authWriteLine(conn.transport, []byte("DATA"), data)
+					if err != nil {
+						return err, false
+					}
+				}
+				if status == AuthOk {
+					state = waitingForOk
+				}
+			case AuthError:
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+			}
+		case state == waitingForData && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForData && string(s[0]) == "ERROR":
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForData && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForData:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForOk && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForOk && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForOk && (string(s[0]) == "DATA" ||
+			string(s[0]) == "ERROR"):
+
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForOk:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForReject && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForReject:
+			return errors.New("dbus: authentication protocol error"), false
+		default:
+			panic("dbus: invalid auth state")
+		}
+	}
+}
+
+// authReadLine reads a line and separates it into its fields.
+func authReadLine(in *bufio.Reader) ([][]byte, error) {
+	data, err := in.ReadBytes('\n')
+	if err != nil {
+		return nil, err
+	}
+	data = bytes.TrimSuffix(data, []byte("\r\n"))
+	return bytes.Split(data, []byte{' '}), nil
+}
+
+// authWriteLine writes the given line in the authentication protocol format
+// (elements of data separated by a " " and terminated by "\r\n").
+func authWriteLine(out io.Writer, data ...[]byte) error {
+	buf := make([]byte, 0)
+	for i, v := range data {
+		buf = append(buf, v...)
+		if i != len(data)-1 {
+			buf = append(buf, ' ')
+		}
+	}
+	buf = append(buf, '\r')
+	buf = append(buf, '\n')
+	n, err := out.Write(buf)
+	if err != nil {
+		return err
+	}
+	if n != len(buf) {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
new file mode 100644
index 0000000000..7e376d3ef6
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
@@ -0,0 +1,26 @@
+package dbus
+
+import (
+	"encoding/hex"
+)
+
+// AuthExternal returns an Auth that authenticates as the given user with the
+// EXTERNAL mechanism.
+func AuthExternal(user string) Auth {
+	return authExternal{user}
+}
+
+// AuthExternal implements the EXTERNAL authentication mechanism.
+type authExternal struct {
+	user string
+}
+
+func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) {
+	b := make([]byte, 2*len(a.user))
+	hex.Encode(b, []byte(a.user))
+	return []byte("EXTERNAL"), b, AuthOk
+}
+
+func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) {
+	return nil, AuthError
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
new file mode 100644
index 0000000000..df15b46119
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
@@ -0,0 +1,102 @@
+package dbus
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/hex"
+	"os"
+)
+
+// AuthCookieSha1 returns an Auth that authenticates as the given user with the
+// DBUS_COOKIE_SHA1 mechanism. The home parameter should specify the home
+// directory of the user.
+func AuthCookieSha1(user, home string) Auth {
+	return authCookieSha1{user, home}
+}
+
+type authCookieSha1 struct {
+	user, home string
+}
+
+func (a authCookieSha1) FirstData() ([]byte, []byte, AuthStatus) {
+	b := make([]byte, 2*len(a.user))
+	hex.Encode(b, []byte(a.user))
+	return []byte("DBUS_COOKIE_SHA1"), b, AuthContinue
+}
+
+func (a authCookieSha1) HandleData(data []byte) ([]byte, AuthStatus) {
+	challenge := make([]byte, len(data)/2)
+	_, err := hex.Decode(challenge, data)
+	if err != nil {
+		return nil, AuthError
+	}
+	b := bytes.Split(challenge, []byte{' '})
+	if len(b) != 3 {
+		return nil, AuthError
+	}
+	context := b[0]
+	id := b[1]
+	svchallenge := b[2]
+	cookie := a.getCookie(context, id)
+	if cookie == nil {
+		return nil, AuthError
+	}
+	clchallenge := a.generateChallenge()
+	if clchallenge == nil {
+		return nil, AuthError
+	}
+	hash := sha1.New()
+	hash.Write(bytes.Join([][]byte{svchallenge, clchallenge, cookie}, []byte{':'}))
+	hexhash := make([]byte, 2*hash.Size())
+	hex.Encode(hexhash, hash.Sum(nil))
+	data = append(clchallenge, ' ')
+	data = append(data, hexhash...)
+	resp := make([]byte, 2*len(data))
+	hex.Encode(resp, data)
+	return resp, AuthOk
+}
+
+// getCookie searches for the cookie identified by id in context and returns
+// the cookie content or nil. (Since HandleData can't return a specific error,
+// but only whether an error occured, this function also doesn't bother to
+// return an error.)
+func (a authCookieSha1) getCookie(context, id []byte) []byte {
+	file, err := os.Open(a.home + "/.dbus-keyrings/" + string(context))
+	if err != nil {
+		return nil
+	}
+	defer file.Close()
+	rd := bufio.NewReader(file)
+	for {
+		line, err := rd.ReadBytes('\n')
+		if err != nil {
+			return nil
+		}
+		line = line[:len(line)-1]
+		b := bytes.Split(line, []byte{' '})
+		if len(b) != 3 {
+			return nil
+		}
+		if bytes.Equal(b[0], id) {
+			return b[2]
+		}
+	}
+}
+
+// generateChallenge returns a random, hex-encoded challenge, or nil on error
+// (see above).
+func (a authCookieSha1) generateChallenge() []byte {
+	b := make([]byte, 16)
+	n, err := rand.Read(b)
+	if err != nil {
+		return nil
+	}
+	if n != 16 {
+		return nil
+	}
+	enc := make([]byte, 32)
+	hex.Encode(enc, b)
+	return enc
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
new file mode 100644
index 0000000000..1d2fbc7efd
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
@@ -0,0 +1,147 @@
+package dbus
+
+import (
+	"errors"
+	"strings"
+)
+
+// Call represents a pending or completed method call.
+type Call struct {
+	Destination string
+	Path        ObjectPath
+	Method      string
+	Args        []interface{}
+
+	// Strobes when the call is complete.
+	Done chan *Call
+
+	// After completion, the error status. If this is non-nil, it may be an
+	// error message from the peer (with Error as its type) or some other error.
+	Err error
+
+	// Holds the response once the call is done.
+	Body []interface{}
+}
+
+var errSignature = errors.New("dbus: mismatched signature")
+
+// Store stores the body of the reply into the provided pointers. It returns
+// an error if the signatures of the body and retvalues don't match, or if
+// the error status is not nil.
+func (c *Call) Store(retvalues ...interface{}) error {
+	if c.Err != nil {
+		return c.Err
+	}
+
+	return Store(c.Body, retvalues...)
+}
+
+// Object represents a remote object on which methods can be invoked.
+type Object struct {
+	conn *Conn
+	dest string
+	path ObjectPath
+}
+
+// Call calls a method with (*Object).Go and waits for its reply.
+func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call {
+	return <-o.Go(method, flags, make(chan *Call, 1), args...).Done
+}
+
+// GetProperty calls org.freedesktop.DBus.Properties.GetProperty on the given
+// object. The property name must be given in interface.member notation.
+func (o *Object) GetProperty(p string) (Variant, error) {
+	idx := strings.LastIndex(p, ".")
+	if idx == -1 || idx+1 == len(p) {
+		return Variant{}, errors.New("dbus: invalid property " + p)
+	}
+
+	iface := p[:idx]
+	prop := p[idx+1:]
+
+	result := Variant{}
+	err := o.Call("org.freedesktop.DBus.Properties.Get", 0, iface, prop).Store(&result)
+
+	if err != nil {
+		return Variant{}, err
+	}
+
+	return result, nil
+}
+
+// Go calls a method with the given arguments asynchronously. It returns a
+// Call structure representing this method call. The passed channel will
+// return the same value once the call is done. If ch is nil, a new channel
+// will be allocated. Otherwise, ch has to be buffered or Go will panic.
+//
+// If the flags include FlagNoReplyExpected, ch is ignored and a Call structure
+// is returned of which only the Err member is valid.
+//
+// If the method parameter contains a dot ('.'), the part before the last dot
+// specifies the interface on which the method is called.
+func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
+	iface := ""
+	i := strings.LastIndex(method, ".")
+	if i != -1 {
+		iface = method[:i]
+	}
+	method = method[i+1:]
+	msg := new(Message)
+	msg.Type = TypeMethodCall
+	msg.serial = o.conn.getSerial()
+	msg.Flags = flags & (FlagNoAutoStart | FlagNoReplyExpected)
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldPath] = MakeVariant(o.path)
+	msg.Headers[FieldDestination] = MakeVariant(o.dest)
+	msg.Headers[FieldMember] = MakeVariant(method)
+	if iface != "" {
+		msg.Headers[FieldInterface] = MakeVariant(iface)
+	}
+	msg.Body = args
+	if len(args) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(args...))
+	}
+	if msg.Flags&FlagNoReplyExpected == 0 {
+		if ch == nil {
+			ch = make(chan *Call, 10)
+		} else if cap(ch) == 0 {
+			panic("dbus: unbuffered channel passed to (*Object).Go")
+		}
+		call := &Call{
+			Destination: o.dest,
+			Path:        o.path,
+			Method:      method,
+			Args:        args,
+			Done:        ch,
+		}
+		o.conn.callsLck.Lock()
+		o.conn.calls[msg.serial] = call
+		o.conn.callsLck.Unlock()
+		o.conn.outLck.RLock()
+		if o.conn.closed {
+			call.Err = ErrClosed
+			call.Done <- call
+		} else {
+			o.conn.out <- msg
+		}
+		o.conn.outLck.RUnlock()
+		return call
+	}
+	o.conn.outLck.RLock()
+	defer o.conn.outLck.RUnlock()
+	if o.conn.closed {
+		return &Call{Err: ErrClosed}
+	}
+	o.conn.out <- msg
+	return &Call{Err: nil}
+}
+
+// Destination returns the destination that calls on o are sent to.
+func (o *Object) Destination() string {
+	return o.dest
+}
+
+// Path returns the path that calls on o are sent to.
+func (o *Object) Path() ObjectPath {
+	return o.path
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
new file mode 100644
index 0000000000..75dd22652a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
@@ -0,0 +1,601 @@
+package dbus
+
+import (
+	"errors"
+	"io"
+	"os"
+	"reflect"
+	"strings"
+	"sync"
+)
+
+const defaultSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
+
+var (
+	systemBus     *Conn
+	systemBusLck  sync.Mutex
+	sessionBus    *Conn
+	sessionBusLck sync.Mutex
+)
+
+// ErrClosed is the error returned by calls on a closed connection.
+var ErrClosed = errors.New("dbus: connection closed by user")
+
+// Conn represents a connection to a message bus (usually, the system or
+// session bus).
+//
+// Connections are either shared or private. Shared connections
+// are shared between calls to the functions that return them. As a result,
+// the methods Close, Auth and Hello must not be called on them.
+//
+// Multiple goroutines may invoke methods on a connection simultaneously.
+type Conn struct {
+	transport
+
+	busObj *Object
+	unixFD bool
+	uuid   string
+
+	names    []string
+	namesLck sync.RWMutex
+
+	serialLck  sync.Mutex
+	nextSerial uint32
+	serialUsed map[uint32]bool
+
+	calls    map[uint32]*Call
+	callsLck sync.RWMutex
+
+	handlers    map[ObjectPath]map[string]interface{}
+	handlersLck sync.RWMutex
+
+	out    chan *Message
+	closed bool
+	outLck sync.RWMutex
+
+	signals    []chan<- *Signal
+	signalsLck sync.Mutex
+
+	eavesdropped    chan<- *Message
+	eavesdroppedLck sync.Mutex
+}
+
+// SessionBus returns a shared connection to the session bus, connecting to it
+// if not already done.
+func SessionBus() (conn *Conn, err error) {
+	sessionBusLck.Lock()
+	defer sessionBusLck.Unlock()
+	if sessionBus != nil {
+		return sessionBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			sessionBus = conn
+		}
+	}()
+	conn, err = SessionBusPrivate()
+	if err != nil {
+		return
+	}
+	if err = conn.Auth(nil); err != nil {
+		conn.Close()
+		conn = nil
+		return
+	}
+	if err = conn.Hello(); err != nil {
+		conn.Close()
+		conn = nil
+	}
+	return
+}
+
+// SessionBusPrivate returns a new private connection to the session bus.
+func SessionBusPrivate() (*Conn, error) {
+	address := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
+	if address != "" && address != "autolaunch:" {
+		return Dial(address)
+	}
+
+	return sessionBusPlatform()
+}
+
+// SystemBus returns a shared connection to the system bus, connecting to it if
+// not already done.
+func SystemBus() (conn *Conn, err error) {
+	systemBusLck.Lock()
+	defer systemBusLck.Unlock()
+	if systemBus != nil {
+		return systemBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			systemBus = conn
+		}
+	}()
+	conn, err = SystemBusPrivate()
+	if err != nil {
+		return
+	}
+	if err = conn.Auth(nil); err != nil {
+		conn.Close()
+		conn = nil
+		return
+	}
+	if err = conn.Hello(); err != nil {
+		conn.Close()
+		conn = nil
+	}
+	return
+}
+
+// SystemBusPrivate returns a new private connection to the system bus.
+func SystemBusPrivate() (*Conn, error) {
+	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
+	if address != "" {
+		return Dial(address)
+	}
+	return Dial(defaultSystemBusAddress)
+}
+
+// Dial establishes a new private connection to the message bus specified by address.
+func Dial(address string) (*Conn, error) {
+	tr, err := getTransport(address)
+	if err != nil {
+		return nil, err
+	}
+	return newConn(tr)
+}
+
+// NewConn creates a new private *Conn from an already established connection.
+func NewConn(conn io.ReadWriteCloser) (*Conn, error) {
+	return newConn(genericTransport{conn})
+}
+
+// newConn creates a new *Conn from a transport.
+func newConn(tr transport) (*Conn, error) {
+	conn := new(Conn)
+	conn.transport = tr
+	conn.calls = make(map[uint32]*Call)
+	conn.out = make(chan *Message, 10)
+	conn.handlers = make(map[ObjectPath]map[string]interface{})
+	conn.nextSerial = 1
+	conn.serialUsed = map[uint32]bool{0: true}
+	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
+	return conn, nil
+}
+
+// BusObject returns the object owned by the bus daemon which handles
+// administrative requests.
+func (conn *Conn) BusObject() *Object {
+	return conn.busObj
+}
+
+// Close closes the connection. Any blocked operations will return with errors
+// and the channels passed to Eavesdrop and Signal are closed. This method must
+// not be called on shared connections.
+func (conn *Conn) Close() error {
+	conn.outLck.Lock()
+	close(conn.out)
+	conn.closed = true
+	conn.outLck.Unlock()
+	conn.signalsLck.Lock()
+	for _, ch := range conn.signals {
+		close(ch)
+	}
+	conn.signalsLck.Unlock()
+	conn.eavesdroppedLck.Lock()
+	if conn.eavesdropped != nil {
+		close(conn.eavesdropped)
+	}
+	conn.eavesdroppedLck.Unlock()
+	return conn.transport.Close()
+}
+
+// Eavesdrop causes conn to send all incoming messages to the given channel
+// without further processing. Method replies, errors and signals will not be
+// sent to the appropiate channels and method calls will not be handled. If nil
+// is passed, the normal behaviour is restored.
+//
+// The caller has to make sure that ch is sufficiently buffered;
+// if a message arrives when a write to ch is not possible, the message is
+// discarded.
+func (conn *Conn) Eavesdrop(ch chan<- *Message) {
+	conn.eavesdroppedLck.Lock()
+	conn.eavesdropped = ch
+	conn.eavesdroppedLck.Unlock()
+}
+
+// getSerial returns an unused serial.
+func (conn *Conn) getSerial() uint32 {
+	conn.serialLck.Lock()
+	defer conn.serialLck.Unlock()
+	n := conn.nextSerial
+	for conn.serialUsed[n] {
+		n++
+	}
+	conn.serialUsed[n] = true
+	conn.nextSerial = n + 1
+	return n
+}
+
+// Hello sends the initial org.freedesktop.DBus.Hello call. This method must be
+// called after authentication, but before sending any other messages to the
+// bus. Hello must not be called for shared connections.
+func (conn *Conn) Hello() error {
+	var s string
+	err := conn.busObj.Call("org.freedesktop.DBus.Hello", 0).Store(&s)
+	if err != nil {
+		return err
+	}
+	conn.namesLck.Lock()
+	conn.names = make([]string, 1)
+	conn.names[0] = s
+	conn.namesLck.Unlock()
+	return nil
+}
+
+// inWorker runs in an own goroutine, reading incoming messages from the
+// transport and dispatching them appropiately.
+func (conn *Conn) inWorker() {
+	for {
+		msg, err := conn.ReadMessage()
+		if err == nil {
+			conn.eavesdroppedLck.Lock()
+			if conn.eavesdropped != nil {
+				select {
+				case conn.eavesdropped <- msg:
+				default:
+				}
+				conn.eavesdroppedLck.Unlock()
+				continue
+			}
+			conn.eavesdroppedLck.Unlock()
+			dest, _ := msg.Headers[FieldDestination].value.(string)
+			found := false
+			if dest == "" {
+				found = true
+			} else {
+				conn.namesLck.RLock()
+				if len(conn.names) == 0 {
+					found = true
+				}
+				for _, v := range conn.names {
+					if dest == v {
+						found = true
+						break
+					}
+				}
+				conn.namesLck.RUnlock()
+			}
+			if !found {
+				// Eavesdropped a message, but no channel for it is registered.
+				// Ignore it.
+				continue
+			}
+			switch msg.Type {
+			case TypeMethodReply, TypeError:
+				serial := msg.Headers[FieldReplySerial].value.(uint32)
+				conn.callsLck.Lock()
+				if c, ok := conn.calls[serial]; ok {
+					if msg.Type == TypeError {
+						name, _ := msg.Headers[FieldErrorName].value.(string)
+						c.Err = Error{name, msg.Body}
+					} else {
+						c.Body = msg.Body
+					}
+					c.Done <- c
+					conn.serialLck.Lock()
+					delete(conn.serialUsed, serial)
+					conn.serialLck.Unlock()
+					delete(conn.calls, serial)
+				}
+				conn.callsLck.Unlock()
+			case TypeSignal:
+				iface := msg.Headers[FieldInterface].value.(string)
+				member := msg.Headers[FieldMember].value.(string)
+				// as per http://dbus.freedesktop.org/doc/dbus-specification.html ,
+				// sender is optional for signals.
+				sender, _ := msg.Headers[FieldSender].value.(string)
+				if iface == "org.freedesktop.DBus" && member == "NameLost" &&
+					sender == "org.freedesktop.DBus" {
+
+					name, _ := msg.Body[0].(string)
+					conn.namesLck.Lock()
+					for i, v := range conn.names {
+						if v == name {
+							copy(conn.names[i:], conn.names[i+1:])
+							conn.names = conn.names[:len(conn.names)-1]
+						}
+					}
+					conn.namesLck.Unlock()
+				}
+				signal := &Signal{
+					Sender: sender,
+					Path:   msg.Headers[FieldPath].value.(ObjectPath),
+					Name:   iface + "." + member,
+					Body:   msg.Body,
+				}
+				conn.signalsLck.Lock()
+				for _, ch := range conn.signals {
+					// don't block trying to send a signal
+					select {
+					case ch <- signal:
+					default:
+					}
+				}
+				conn.signalsLck.Unlock()
+			case TypeMethodCall:
+				go conn.handleCall(msg)
+			}
+		} else if _, ok := err.(InvalidMessageError); !ok {
+			// Some read error occured (usually EOF); we can't really do
+			// anything but to shut down all stuff and returns errors to all
+			// pending replies.
+			conn.Close()
+			conn.callsLck.RLock()
+			for _, v := range conn.calls {
+				v.Err = err
+				v.Done <- v
+			}
+			conn.callsLck.RUnlock()
+			return
+		}
+		// invalid messages are ignored
+	}
+}
+
+// Names returns the list of all names that are currently owned by this
+// connection. The slice is always at least one element long, the first element
+// being the unique name of the connection.
+func (conn *Conn) Names() []string {
+	conn.namesLck.RLock()
+	// copy the slice so it can't be modified
+	s := make([]string, len(conn.names))
+	copy(s, conn.names)
+	conn.namesLck.RUnlock()
+	return s
+}
+
+// Object returns the object identified by the given destination name and path.
+func (conn *Conn) Object(dest string, path ObjectPath) *Object {
+	return &Object{conn, dest, path}
+}
+
+// outWorker runs in an own goroutine, encoding and sending messages that are
+// sent to conn.out.
+func (conn *Conn) outWorker() {
+	for msg := range conn.out {
+		err := conn.SendMessage(msg)
+		conn.callsLck.RLock()
+		if err != nil {
+			if c := conn.calls[msg.serial]; c != nil {
+				c.Err = err
+				c.Done <- c
+			}
+			conn.serialLck.Lock()
+			delete(conn.serialUsed, msg.serial)
+			conn.serialLck.Unlock()
+		} else if msg.Type != TypeMethodCall {
+			conn.serialLck.Lock()
+			delete(conn.serialUsed, msg.serial)
+			conn.serialLck.Unlock()
+		}
+		conn.callsLck.RUnlock()
+	}
+}
+
+// Send sends the given message to the message bus. You usually don't need to
+// use this; use the higher-level equivalents (Call / Go, Emit and Export)
+// instead. If msg is a method call and NoReplyExpected is not set, a non-nil
+// call is returned and the same value is sent to ch (which must be buffered)
+// once the call is complete. Otherwise, ch is ignored and a Call structure is
+// returned of which only the Err member is valid.
+func (conn *Conn) Send(msg *Message, ch chan *Call) *Call {
+	var call *Call
+
+	msg.serial = conn.getSerial()
+	if msg.Type == TypeMethodCall && msg.Flags&FlagNoReplyExpected == 0 {
+		if ch == nil {
+			ch = make(chan *Call, 5)
+		} else if cap(ch) == 0 {
+			panic("dbus: unbuffered channel passed to (*Conn).Send")
+		}
+		call = new(Call)
+		call.Destination, _ = msg.Headers[FieldDestination].value.(string)
+		call.Path, _ = msg.Headers[FieldPath].value.(ObjectPath)
+		iface, _ := msg.Headers[FieldInterface].value.(string)
+		member, _ := msg.Headers[FieldMember].value.(string)
+		call.Method = iface + "." + member
+		call.Args = msg.Body
+		call.Done = ch
+		conn.callsLck.Lock()
+		conn.calls[msg.serial] = call
+		conn.callsLck.Unlock()
+		conn.outLck.RLock()
+		if conn.closed {
+			call.Err = ErrClosed
+			call.Done <- call
+		} else {
+			conn.out <- msg
+		}
+		conn.outLck.RUnlock()
+	} else {
+		conn.outLck.RLock()
+		if conn.closed {
+			call = &Call{Err: ErrClosed}
+		} else {
+			conn.out <- msg
+			call = &Call{Err: nil}
+		}
+		conn.outLck.RUnlock()
+	}
+	return call
+}
+
+// sendError creates an error message corresponding to the parameters and sends
+// it to conn.out.
+func (conn *Conn) sendError(e Error, dest string, serial uint32) {
+	msg := new(Message)
+	msg.Type = TypeError
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldErrorName] = MakeVariant(e.Name)
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = e.Body
+	if len(e.Body) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...))
+	}
+	conn.outLck.RLock()
+	if !conn.closed {
+		conn.out <- msg
+	}
+	conn.outLck.RUnlock()
+}
+
+// sendReply creates a method reply message corresponding to the parameters and
+// sends it to conn.out.
+func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) {
+	msg := new(Message)
+	msg.Type = TypeMethodReply
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+	conn.outLck.RLock()
+	if !conn.closed {
+		conn.out <- msg
+	}
+	conn.outLck.RUnlock()
+}
+
+// Signal registers the given channel to be passed all received signal messages.
+// The caller has to make sure that ch is sufficiently buffered; if a message
+// arrives when a write to c is not possible, it is discarded.
+//
+// Multiple of these channels can be registered at the same time. Passing a
+// channel that already is registered will remove it from the list of the
+// registered channels.
+//
+// These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
+// channel for eavesdropped messages, this channel receives all signals, and
+// none of the channels passed to Signal will receive any signals.
+func (conn *Conn) Signal(ch chan<- *Signal) {
+	conn.signalsLck.Lock()
+	conn.signals = append(conn.signals, ch)
+	conn.signalsLck.Unlock()
+}
+
+// SupportsUnixFDs returns whether the underlying transport supports passing of
+// unix file descriptors. If this is false, method calls containing unix file
+// descriptors will return an error and emitted signals containing them will
+// not be sent.
+func (conn *Conn) SupportsUnixFDs() bool {
+	return conn.unixFD
+}
+
+// Error represents a D-Bus message of type Error.
+type Error struct {
+	Name string
+	Body []interface{}
+}
+
+func (e Error) Error() string {
+	if len(e.Body) >= 1 {
+		s, ok := e.Body[0].(string)
+		if ok {
+			return s
+		}
+	}
+	return e.Name
+}
+
+// Signal represents a D-Bus message of type Signal. The name member is given in
+// "interface.member" notation, e.g. org.freedesktop.D-Bus.NameLost.
+type Signal struct {
+	Sender string
+	Path   ObjectPath
+	Name   string
+	Body   []interface{}
+}
+
+// transport is a D-Bus transport.
+type transport interface {
+	// Read and Write raw data (for example, for the authentication protocol).
+	io.ReadWriteCloser
+
+	// Send the initial null byte used for the EXTERNAL mechanism.
+	SendNullByte() error
+
+	// Returns whether this transport supports passing Unix FDs.
+	SupportsUnixFDs() bool
+
+	// Signal the transport that Unix FD passing is enabled for this connection.
+	EnableUnixFDs()
+
+	// Read / send a message, handling things like Unix FDs.
+	ReadMessage() (*Message, error)
+	SendMessage(*Message) error
+}
+
+func getTransport(address string) (transport, error) {
+	var err error
+	var t transport
+
+	m := map[string]func(string) (transport, error){
+		"unix": newUnixTransport,
+	}
+	addresses := strings.Split(address, ";")
+	for _, v := range addresses {
+		i := strings.IndexRune(v, ':')
+		if i == -1 {
+			err = errors.New("dbus: invalid bus address (no transport)")
+			continue
+		}
+		f := m[v[:i]]
+		if f == nil {
+			err = errors.New("dbus: invalid bus address (invalid or unsupported transport)")
+		}
+		t, err = f(v[i+1:])
+		if err == nil {
+			return t, nil
+		}
+	}
+	return nil, err
+}
+
+// dereferenceAll returns a slice that, assuming that vs is a slice of pointers
+// of arbitrary types, containes the values that are obtained from dereferencing
+// all elements in vs.
+func dereferenceAll(vs []interface{}) []interface{} {
+	for i := range vs {
+		v := reflect.ValueOf(vs[i])
+		v = v.Elem()
+		vs[i] = v.Interface()
+	}
+	return vs
+}
+
+// getKey gets a key from a the list of keys. Returns "" on error / not found...
+func getKey(s, key string) string {
+	i := strings.Index(s, key)
+	if i == -1 {
+		return ""
+	}
+	if i+len(key)+1 >= len(s) || s[i+len(key)] != '=' {
+		return ""
+	}
+	j := strings.Index(s, ",")
+	if j == -1 {
+		j = len(s)
+	}
+	return s[i+len(key)+1 : j]
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
new file mode 100644
index 0000000000..b67bb1b81d
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
@@ -0,0 +1,21 @@
+package dbus
+
+import (
+	"errors"
+	"os/exec"
+)
+
+func sessionBusPlatform() (*Conn, error) {
+	cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(b) == 0 {
+		return nil, errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	return Dial("unix:path=" + string(b[:len(b)-1]))
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
new file mode 100644
index 0000000000..f74b8758d4
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
@@ -0,0 +1,27 @@
+// +build !darwin
+
+package dbus
+
+import (
+	"bytes"
+	"errors"
+	"os/exec"
+)
+
+func sessionBusPlatform() (*Conn, error) {
+	cmd := exec.Command("dbus-launch")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return nil, err
+	}
+
+	i := bytes.IndexByte(b, '=')
+	j := bytes.IndexByte(b, '\n')
+
+	if i == -1 || j == -1 {
+		return nil, errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	return Dial(string(b[i+1 : j]))
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
new file mode 100644
index 0000000000..a2b14e8cc4
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
@@ -0,0 +1,199 @@
+package dbus
+
+import "testing"
+
+func TestSessionBus(t *testing.T) {
+	_, err := SessionBus()
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSystemBus(t *testing.T) {
+	_, err := SystemBus()
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSend(t *testing.T) {
+	bus, err := SessionBus()
+	if err != nil {
+		t.Error(err)
+	}
+	ch := make(chan *Call, 1)
+	msg := &Message{
+		Type:  TypeMethodCall,
+		Flags: 0,
+		Headers: map[HeaderField]Variant{
+			FieldDestination: MakeVariant(bus.Names()[0]),
+			FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
+			FieldInterface:   MakeVariant("org.freedesktop.DBus.Peer"),
+			FieldMember:      MakeVariant("Ping"),
+		},
+	}
+	call := bus.Send(msg, ch)
+	<-ch
+	if call.Err != nil {
+		t.Error(call.Err)
+	}
+}
+
+type server struct{}
+
+func (server) Double(i int64) (int64, *Error) {
+	return 2 * i, nil
+}
+
+func BenchmarkCall(b *testing.B) {
+	b.StopTimer()
+	var s string
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	name := bus.Names()[0]
+	obj := bus.BusObject()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		err := obj.Call("org.freedesktop.DBus.GetNameOwner", 0, name).Store(&s)
+		if err != nil {
+			b.Fatal(err)
+		}
+		if s != name {
+			b.Errorf("got %s, wanted %s", s, name)
+		}
+	}
+}
+
+func BenchmarkCallAsync(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	name := bus.Names()[0]
+	obj := bus.BusObject()
+	c := make(chan *Call, 50)
+	done := make(chan struct{})
+	go func() {
+		for i := 0; i < b.N; i++ {
+			v := <-c
+			if v.Err != nil {
+				b.Error(v.Err)
+			}
+			s := v.Body[0].(string)
+			if s != name {
+				b.Errorf("got %s, wanted %s", s, name)
+			}
+		}
+		close(done)
+	}()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		obj.Go("org.freedesktop.DBus.GetNameOwner", 0, c, name)
+	}
+	<-done
+}
+
+func BenchmarkServe(b *testing.B) {
+	b.StopTimer()
+	srv, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	cli, err := SessionBusPrivate()
+	if err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Auth(nil); err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Hello(); err != nil {
+		b.Fatal(err)
+	}
+	benchmarkServe(b, srv, cli)
+}
+
+func BenchmarkServeAsync(b *testing.B) {
+	b.StopTimer()
+	srv, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	cli, err := SessionBusPrivate()
+	if err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Auth(nil); err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Hello(); err != nil {
+		b.Fatal(err)
+	}
+	benchmarkServeAsync(b, srv, cli)
+}
+
+func BenchmarkServeSameConn(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	benchmarkServe(b, bus, bus)
+}
+
+func BenchmarkServeSameConnAsync(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	benchmarkServeAsync(b, bus, bus)
+}
+
+func benchmarkServe(b *testing.B, srv, cli *Conn) {
+	var r int64
+	var err error
+	dest := srv.Names()[0]
+	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
+	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		err = obj.Call("org.guelfey.DBus.Test.Double", 0, int64(i)).Store(&r)
+		if err != nil {
+			b.Fatal(err)
+		}
+		if r != 2*int64(i) {
+			b.Errorf("got %d, wanted %d", r, 2*int64(i))
+		}
+	}
+}
+
+func benchmarkServeAsync(b *testing.B, srv, cli *Conn) {
+	dest := srv.Names()[0]
+	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
+	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
+	c := make(chan *Call, 50)
+	done := make(chan struct{})
+	go func() {
+		for i := 0; i < b.N; i++ {
+			v := <-c
+			if v.Err != nil {
+				b.Fatal(v.Err)
+			}
+			i, r := v.Args[0].(int64), v.Body[0].(int64)
+			if 2*i != r {
+				b.Errorf("got %d, wanted %d", r, 2*i)
+			}
+		}
+		close(done)
+	}()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		obj.Go("org.guelfey.DBus.Test.Double", 0, c, int64(i))
+	}
+	<-done
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
new file mode 100644
index 0000000000..2ce68735cd
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
@@ -0,0 +1,258 @@
+package dbus
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+)
+
+var (
+	byteType        = reflect.TypeOf(byte(0))
+	boolType        = reflect.TypeOf(false)
+	uint8Type       = reflect.TypeOf(uint8(0))
+	int16Type       = reflect.TypeOf(int16(0))
+	uint16Type      = reflect.TypeOf(uint16(0))
+	int32Type       = reflect.TypeOf(int32(0))
+	uint32Type      = reflect.TypeOf(uint32(0))
+	int64Type       = reflect.TypeOf(int64(0))
+	uint64Type      = reflect.TypeOf(uint64(0))
+	float64Type     = reflect.TypeOf(float64(0))
+	stringType      = reflect.TypeOf("")
+	signatureType   = reflect.TypeOf(Signature{""})
+	objectPathType  = reflect.TypeOf(ObjectPath(""))
+	variantType     = reflect.TypeOf(Variant{Signature{""}, nil})
+	interfacesType  = reflect.TypeOf([]interface{}{})
+	unixFDType      = reflect.TypeOf(UnixFD(0))
+	unixFDIndexType = reflect.TypeOf(UnixFDIndex(0))
+)
+
+// An InvalidTypeError signals that a value which cannot be represented in the
+// D-Bus wire format was passed to a function.
+type InvalidTypeError struct {
+	Type reflect.Type
+}
+
+func (e InvalidTypeError) Error() string {
+	return "dbus: invalid type " + e.Type.String()
+}
+
+// Store copies the values contained in src to dest, which must be a slice of
+// pointers. It converts slices of interfaces from src to corresponding structs
+// in dest. An error is returned if the lengths of src and dest or the types of
+// their elements don't match.
+func Store(src []interface{}, dest ...interface{}) error {
+	if len(src) != len(dest) {
+		return errors.New("dbus.Store: length mismatch")
+	}
+
+	for i := range src {
+		if err := store(src[i], dest[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func store(src, dest interface{}) error {
+	if reflect.TypeOf(dest).Elem() == reflect.TypeOf(src) {
+		reflect.ValueOf(dest).Elem().Set(reflect.ValueOf(src))
+		return nil
+	} else if hasStruct(dest) {
+		rv := reflect.ValueOf(dest).Elem()
+		switch rv.Kind() {
+		case reflect.Struct:
+			vs, ok := src.([]interface{})
+			if !ok {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			t := rv.Type()
+			ndest := make([]interface{}, 0, rv.NumField())
+			for i := 0; i < rv.NumField(); i++ {
+				field := t.Field(i)
+				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+					ndest = append(ndest, rv.Field(i).Addr().Interface())
+				}
+			}
+			if len(vs) != len(ndest) {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			err := Store(vs, ndest...)
+			if err != nil {
+				return errors.New("dbus.Store: type mismatch")
+			}
+		case reflect.Slice:
+			sv := reflect.ValueOf(src)
+			if sv.Kind() != reflect.Slice {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			rv.Set(reflect.MakeSlice(rv.Type(), sv.Len(), sv.Len()))
+			for i := 0; i < sv.Len(); i++ {
+				if err := store(sv.Index(i).Interface(), rv.Index(i).Addr().Interface()); err != nil {
+					return err
+				}
+			}
+		case reflect.Map:
+			sv := reflect.ValueOf(src)
+			if sv.Kind() != reflect.Map {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			keys := sv.MapKeys()
+			rv.Set(reflect.MakeMap(sv.Type()))
+			for _, key := range keys {
+				v := reflect.New(sv.Type().Elem())
+				if err := store(v, sv.MapIndex(key).Interface()); err != nil {
+					return err
+				}
+				rv.SetMapIndex(key, v.Elem())
+			}
+		default:
+			return errors.New("dbus.Store: type mismatch")
+		}
+		return nil
+	} else {
+		return errors.New("dbus.Store: type mismatch")
+	}
+}
+
+func hasStruct(v interface{}) bool {
+	t := reflect.TypeOf(v)
+	for {
+		switch t.Kind() {
+		case reflect.Struct:
+			return true
+		case reflect.Slice, reflect.Ptr, reflect.Map:
+			t = t.Elem()
+		default:
+			return false
+		}
+	}
+}
+
+// An ObjectPath is an object path as defined by the D-Bus spec.
+type ObjectPath string
+
+// IsValid returns whether the object path is valid.
+func (o ObjectPath) IsValid() bool {
+	s := string(o)
+	if len(s) == 0 {
+		return false
+	}
+	if s[0] != '/' {
+		return false
+	}
+	if s[len(s)-1] == '/' && len(s) != 1 {
+		return false
+	}
+	// probably not used, but technically possible
+	if s == "/" {
+		return true
+	}
+	split := strings.Split(s[1:], "/")
+	for _, v := range split {
+		if len(v) == 0 {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// A UnixFD is a Unix file descriptor sent over the wire. See the package-level
+// documentation for more information about Unix file descriptor passsing.
+type UnixFD int32
+
+// A UnixFDIndex is the representation of a Unix file descriptor in a message.
+type UnixFDIndex uint32
+
+// alignment returns the alignment of values of type t.
+func alignment(t reflect.Type) int {
+	switch t {
+	case variantType:
+		return 1
+	case objectPathType:
+		return 4
+	case signatureType:
+		return 1
+	case interfacesType: // sometimes used for structs
+		return 8
+	}
+	switch t.Kind() {
+	case reflect.Uint8:
+		return 1
+	case reflect.Uint16, reflect.Int16:
+		return 2
+	case reflect.Uint32, reflect.Int32, reflect.String, reflect.Array, reflect.Slice, reflect.Map:
+		return 4
+	case reflect.Uint64, reflect.Int64, reflect.Float64, reflect.Struct:
+		return 8
+	case reflect.Ptr:
+		return alignment(t.Elem())
+	}
+	return 1
+}
+
+// isKeyType returns whether t is a valid type for a D-Bus dict.
+func isKeyType(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+		reflect.Int16, reflect.Int32, reflect.Int64, reflect.Float64,
+		reflect.String:
+
+		return true
+	}
+	return false
+}
+
+// isValidInterface returns whether s is a valid name for an interface.
+func isValidInterface(s string) bool {
+	if len(s) == 0 || len(s) > 255 || s[0] == '.' {
+		return false
+	}
+	elem := strings.Split(s, ".")
+	if len(elem) < 2 {
+		return false
+	}
+	for _, v := range elem {
+		if len(v) == 0 {
+			return false
+		}
+		if v[0] >= '0' && v[0] <= '9' {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// isValidMember returns whether s is a valid name for a member.
+func isValidMember(s string) bool {
+	if len(s) == 0 || len(s) > 255 {
+		return false
+	}
+	i := strings.Index(s, ".")
+	if i != -1 {
+		return false
+	}
+	if s[0] >= '0' && s[0] <= '9' {
+		return false
+	}
+	for _, c := range s {
+		if !isMemberChar(c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isMemberChar(c rune) bool {
+	return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
+		(c >= 'a' && c <= 'z') || c == '_'
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
new file mode 100644
index 0000000000..ef50dcab98
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
@@ -0,0 +1,228 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+type decoder struct {
+	in    io.Reader
+	order binary.ByteOrder
+	pos   int
+}
+
+// newDecoder returns a new decoder that reads values from in. The input is
+// expected to be in the given byte order.
+func newDecoder(in io.Reader, order binary.ByteOrder) *decoder {
+	dec := new(decoder)
+	dec.in = in
+	dec.order = order
+	return dec
+}
+
+// align aligns the input to the given boundary and panics on error.
+func (dec *decoder) align(n int) {
+	if dec.pos%n != 0 {
+		newpos := (dec.pos + n - 1) & ^(n - 1)
+		empty := make([]byte, newpos-dec.pos)
+		if _, err := io.ReadFull(dec.in, empty); err != nil {
+			panic(err)
+		}
+		dec.pos = newpos
+	}
+}
+
+// Calls binary.Read(dec.in, dec.order, v) and panics on read errors.
+func (dec *decoder) binread(v interface{}) {
+	if err := binary.Read(dec.in, dec.order, v); err != nil {
+		panic(err)
+	}
+}
+
+func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) {
+	defer func() {
+		var ok bool
+		v := recover()
+		if err, ok = v.(error); ok {
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				err = FormatError("unexpected EOF")
+			}
+		}
+	}()
+	vs = make([]interface{}, 0)
+	s := sig.str
+	for s != "" {
+		err, rem := validSingle(s, 0)
+		if err != nil {
+			return nil, err
+		}
+		v := dec.decode(s[:len(s)-len(rem)], 0)
+		vs = append(vs, v)
+		s = rem
+	}
+	return vs, nil
+}
+
+func (dec *decoder) decode(s string, depth int) interface{} {
+	dec.align(alignment(typeFor(s)))
+	switch s[0] {
+	case 'y':
+		var b [1]byte
+		if _, err := dec.in.Read(b[:]); err != nil {
+			panic(err)
+		}
+		dec.pos++
+		return b[0]
+	case 'b':
+		i := dec.decode("u", depth).(uint32)
+		switch {
+		case i == 0:
+			return false
+		case i == 1:
+			return true
+		default:
+			panic(FormatError("invalid value for boolean"))
+		}
+	case 'n':
+		var i int16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'i':
+		var i int32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 'x':
+		var i int64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'q':
+		var i uint16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'u':
+		var i uint32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 't':
+		var i uint64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'd':
+		var f float64
+		dec.binread(&f)
+		dec.pos += 8
+		return f
+	case 's':
+		length := dec.decode("u", depth).(uint32)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		return string(b[:len(b)-1])
+	case 'o':
+		return ObjectPath(dec.decode("s", depth).(string))
+	case 'g':
+		length := dec.decode("y", depth).(byte)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		sig, err := ParseSignature(string(b[:len(b)-1]))
+		if err != nil {
+			panic(err)
+		}
+		return sig
+	case 'v':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		var variant Variant
+		sig := dec.decode("g", depth).(Signature)
+		if len(sig.str) == 0 {
+			panic(FormatError("variant signature is empty"))
+		}
+		err, rem := validSingle(sig.str, 0)
+		if err != nil {
+			panic(err)
+		}
+		if rem != "" {
+			panic(FormatError("variant signature has multiple types"))
+		}
+		variant.sig = sig
+		variant.value = dec.decode(sig.str, depth+1)
+		return variant
+	case 'h':
+		return UnixFDIndex(dec.decode("u", depth).(uint32))
+	case 'a':
+		if len(s) > 1 && s[1] == '{' {
+			ksig := s[2:3]
+			vsig := s[3 : len(s)-1]
+			v := reflect.MakeMap(reflect.MapOf(typeFor(ksig), typeFor(vsig)))
+			if depth >= 63 {
+				panic(FormatError("input exceeds container depth limit"))
+			}
+			length := dec.decode("u", depth).(uint32)
+			// Even for empty maps, the correct padding must be included
+			dec.align(8)
+			spos := dec.pos
+			for dec.pos < spos+int(length) {
+				dec.align(8)
+				if !isKeyType(v.Type().Key()) {
+					panic(InvalidTypeError{v.Type()})
+				}
+				kv := dec.decode(ksig, depth+2)
+				vv := dec.decode(vsig, depth+2)
+				v.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
+			}
+			return v.Interface()
+		}
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		length := dec.decode("u", depth).(uint32)
+		v := reflect.MakeSlice(reflect.SliceOf(typeFor(s[1:])), 0, int(length))
+		// Even for empty arrays, the correct padding must be included
+		dec.align(alignment(typeFor(s[1:])))
+		spos := dec.pos
+		for dec.pos < spos+int(length) {
+			ev := dec.decode(s[1:], depth+1)
+			v = reflect.Append(v, reflect.ValueOf(ev))
+		}
+		return v.Interface()
+	case '(':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		dec.align(8)
+		v := make([]interface{}, 0)
+		s = s[1 : len(s)-1]
+		for s != "" {
+			err, rem := validSingle(s, 0)
+			if err != nil {
+				panic(err)
+			}
+			ev := dec.decode(s[:len(s)-len(rem)], depth+1)
+			v = append(v, ev)
+			s = rem
+		}
+		return v
+	default:
+		panic(SignatureError{Sig: s})
+	}
+}
+
+// A FormatError is an error in the wire format.
+type FormatError string
+
+func (e FormatError) Error() string {
+	return "dbus: wire format error: " + string(e)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
new file mode 100644
index 0000000000..deff554a38
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
@@ -0,0 +1,63 @@
+/*
+Package dbus implements bindings to the D-Bus message bus system.
+
+To use the message bus API, you first need to connect to a bus (usually the
+session or system bus). The acquired connection then can be used to call methods
+on remote objects and emit or receive signals. Using the Export method, you can
+arrange D-Bus methods calls to be directly translated to method calls on a Go
+value.
+
+Conversion Rules
+
+For outgoing messages, Go types are automatically converted to the
+corresponding D-Bus types. The following types are directly encoded as their
+respective D-Bus equivalents:
+
+     Go type     | D-Bus type
+     ------------+-----------
+     byte        | BYTE
+     bool        | BOOLEAN
+     int16       | INT16
+     uint16      | UINT16
+     int32       | INT32
+     uint32      | UINT32
+     int64       | INT64
+     uint64      | UINT64
+     float64     | DOUBLE
+     string      | STRING
+     ObjectPath  | OBJECT_PATH
+     Signature   | SIGNATURE
+     Variant     | VARIANT
+     UnixFDIndex | UNIX_FD
+
+Slices and arrays encode as ARRAYs of their element type.
+
+Maps encode as DICTs, provided that their key type can be used as a key for
+a DICT.
+
+Structs other than Variant and Signature encode as a STRUCT containing their
+exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
+be skipped.
+
+Pointers encode as the value they're pointed to.
+
+Trying to encode any other type or a slice, map or struct containing an
+unsupported type will result in an InvalidTypeError.
+
+For incoming messages, the inverse of these rules are used, with the exception
+of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces
+containing the struct fields in the correct order. The Store function can be
+used to convert such values to Go structs.
+
+Unix FD passing
+
+Handling Unix file descriptors deserves special mention. To use them, you should
+first check that they are supported on a connection by calling SupportsUnixFDs.
+If it returns true, all method of Connection will translate messages containing
+UnixFD's to messages that are accompanied by the given file descriptors with the
+UnixFD values being substituted by the correct indices. Similarily, the indices
+of incoming messages are automatically resolved. It shouldn't be necessary to use
+UnixFDIndex.
+
+*/
+package dbus
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
new file mode 100644
index 0000000000..f9d2f05716
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
@@ -0,0 +1,179 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+// An encoder encodes values to the D-Bus wire format.
+type encoder struct {
+	out   io.Writer
+	order binary.ByteOrder
+	pos   int
+}
+
+// NewEncoder returns a new encoder that writes to out in the given byte order.
+func newEncoder(out io.Writer, order binary.ByteOrder) *encoder {
+	enc := new(encoder)
+	enc.out = out
+	enc.order = order
+	return enc
+}
+
+// Aligns the next output to be on a multiple of n. Panics on write errors.
+func (enc *encoder) align(n int) {
+	if enc.pos%n != 0 {
+		newpos := (enc.pos + n - 1) & ^(n - 1)
+		empty := make([]byte, newpos-enc.pos)
+		if _, err := enc.out.Write(empty); err != nil {
+			panic(err)
+		}
+		enc.pos = newpos
+	}
+}
+
+// Calls binary.Write(enc.out, enc.order, v) and panics on write errors.
+func (enc *encoder) binwrite(v interface{}) {
+	if err := binary.Write(enc.out, enc.order, v); err != nil {
+		panic(err)
+	}
+}
+
+// Encode encodes the given values to the underyling reader. All written values
+// are aligned properly as required by the D-Bus spec.
+func (enc *encoder) Encode(vs ...interface{}) (err error) {
+	defer func() {
+		err, _ = recover().(error)
+	}()
+	for _, v := range vs {
+		enc.encode(reflect.ValueOf(v), 0)
+	}
+	return nil
+}
+
+// encode encodes the given value to the writer and panics on error. depth holds
+// the depth of the container nesting.
+func (enc *encoder) encode(v reflect.Value, depth int) {
+	enc.align(alignment(v.Type()))
+	switch v.Kind() {
+	case reflect.Uint8:
+		var b [1]byte
+		b[0] = byte(v.Uint())
+		if _, err := enc.out.Write(b[:]); err != nil {
+			panic(err)
+		}
+		enc.pos++
+	case reflect.Bool:
+		if v.Bool() {
+			enc.encode(reflect.ValueOf(uint32(1)), depth)
+		} else {
+			enc.encode(reflect.ValueOf(uint32(0)), depth)
+		}
+	case reflect.Int16:
+		enc.binwrite(int16(v.Int()))
+		enc.pos += 2
+	case reflect.Uint16:
+		enc.binwrite(uint16(v.Uint()))
+		enc.pos += 2
+	case reflect.Int32:
+		enc.binwrite(int32(v.Int()))
+		enc.pos += 4
+	case reflect.Uint32:
+		enc.binwrite(uint32(v.Uint()))
+		enc.pos += 4
+	case reflect.Int64:
+		enc.binwrite(v.Int())
+		enc.pos += 8
+	case reflect.Uint64:
+		enc.binwrite(v.Uint())
+		enc.pos += 8
+	case reflect.Float64:
+		enc.binwrite(v.Float())
+		enc.pos += 8
+	case reflect.String:
+		enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth)
+		b := make([]byte, v.Len()+1)
+		copy(b, v.String())
+		b[len(b)-1] = 0
+		n, err := enc.out.Write(b)
+		if err != nil {
+			panic(err)
+		}
+		enc.pos += n
+	case reflect.Ptr:
+		enc.encode(v.Elem(), depth)
+	case reflect.Slice, reflect.Array:
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		var buf bytes.Buffer
+		bufenc := newEncoder(&buf, enc.order)
+
+		for i := 0; i < v.Len(); i++ {
+			bufenc.encode(v.Index(i), depth+1)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(alignment(v.Type().Elem()))
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	case reflect.Struct:
+		if depth >= 64 && v.Type() != signatureType {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		switch t := v.Type(); t {
+		case signatureType:
+			str := v.Field(0)
+			enc.encode(reflect.ValueOf(byte(str.Len())), depth+1)
+			b := make([]byte, str.Len()+1)
+			copy(b, str.String())
+			b[len(b)-1] = 0
+			n, err := enc.out.Write(b)
+			if err != nil {
+				panic(err)
+			}
+			enc.pos += n
+		case variantType:
+			variant := v.Interface().(Variant)
+			enc.encode(reflect.ValueOf(variant.sig), depth+1)
+			enc.encode(reflect.ValueOf(variant.value), depth+1)
+		default:
+			for i := 0; i < v.Type().NumField(); i++ {
+				field := t.Field(i)
+				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+					enc.encode(v.Field(i), depth+1)
+				}
+			}
+		}
+	case reflect.Map:
+		// Maps are arrays of structures, so they actually increase the depth by
+		// 2.
+		if depth >= 63 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		if !isKeyType(v.Type().Key()) {
+			panic(InvalidTypeError{v.Type()})
+		}
+		keys := v.MapKeys()
+		var buf bytes.Buffer
+		bufenc := newEncoder(&buf, enc.order)
+		for _, k := range keys {
+			bufenc.align(8)
+			bufenc.encode(k, depth+2)
+			bufenc.encode(v.MapIndex(k), depth+2)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(8)
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	default:
+		panic(InvalidTypeError{v.Type()})
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
new file mode 100644
index 0000000000..0218ac5598
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
@@ -0,0 +1,50 @@
+package dbus
+
+import "fmt"
+
+func ExampleConn_Emit() {
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	conn.Emit("/foo/bar", "foo.bar.Baz", uint32(0xDAEDBEEF))
+}
+
+func ExampleObject_Call() {
+	var list []string
+
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&list)
+	if err != nil {
+		panic(err)
+	}
+	for _, v := range list {
+		fmt.Println(v)
+	}
+}
+
+func ExampleObject_Go() {
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	ch := make(chan *Call, 10)
+	conn.BusObject().Go("org.freedesktop.DBus.ListActivatableNames", 0, ch)
+	select {
+	case call := <-ch:
+		if call.Err != nil {
+			panic(err)
+		}
+		list := call.Body[0].([]string)
+		for _, v := range list {
+			fmt.Println(v)
+		}
+		// put some other cases here
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
new file mode 100644
index 0000000000..1dd1591528
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
@@ -0,0 +1,302 @@
+package dbus
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+	"unicode"
+)
+
+var (
+	errmsgInvalidArg = Error{
+		"org.freedesktop.DBus.Error.InvalidArgs",
+		[]interface{}{"Invalid type / number of args"},
+	}
+	errmsgNoObject = Error{
+		"org.freedesktop.DBus.Error.NoSuchObject",
+		[]interface{}{"No such object"},
+	}
+	errmsgUnknownMethod = Error{
+		"org.freedesktop.DBus.Error.UnknownMethod",
+		[]interface{}{"Unknown / invalid method"},
+	}
+)
+
+// Sender is a type which can be used in exported methods to receive the message
+// sender.
+type Sender string
+
+func exportedMethod(v interface{}, name string) reflect.Value {
+	if v == nil {
+		return reflect.Value{}
+	}
+	m := reflect.ValueOf(v).MethodByName(name)
+	if !m.IsValid() {
+		return reflect.Value{}
+	}
+	t := m.Type()
+	if t.NumOut() == 0 ||
+		t.Out(t.NumOut()-1) != reflect.TypeOf(&errmsgInvalidArg) {
+
+		return reflect.Value{}
+	}
+	return m
+}
+
+// handleCall handles the given method call (i.e. looks if it's one of the
+// pre-implemented ones and searches for a corresponding handler if not).
+func (conn *Conn) handleCall(msg *Message) {
+	name := msg.Headers[FieldMember].value.(string)
+	path := msg.Headers[FieldPath].value.(ObjectPath)
+	ifaceName, hasIface := msg.Headers[FieldInterface].value.(string)
+	sender, hasSender := msg.Headers[FieldSender].value.(string)
+	serial := msg.serial
+	if ifaceName == "org.freedesktop.DBus.Peer" {
+		switch name {
+		case "Ping":
+			conn.sendReply(sender, serial)
+		case "GetMachineId":
+			conn.sendReply(sender, serial, conn.uuid)
+		default:
+			conn.sendError(errmsgUnknownMethod, sender, serial)
+		}
+		return
+	}
+	if len(name) == 0 || unicode.IsLower([]rune(name)[0]) {
+		conn.sendError(errmsgUnknownMethod, sender, serial)
+	}
+	var m reflect.Value
+	if hasIface {
+		conn.handlersLck.RLock()
+		obj, ok := conn.handlers[path]
+		if !ok {
+			conn.sendError(errmsgNoObject, sender, serial)
+			conn.handlersLck.RUnlock()
+			return
+		}
+		iface := obj[ifaceName]
+		conn.handlersLck.RUnlock()
+		m = exportedMethod(iface, name)
+	} else {
+		conn.handlersLck.RLock()
+		if _, ok := conn.handlers[path]; !ok {
+			conn.sendError(errmsgNoObject, sender, serial)
+			conn.handlersLck.RUnlock()
+			return
+		}
+		for _, v := range conn.handlers[path] {
+			m = exportedMethod(v, name)
+			if m.IsValid() {
+				break
+			}
+		}
+		conn.handlersLck.RUnlock()
+	}
+	if !m.IsValid() {
+		conn.sendError(errmsgUnknownMethod, sender, serial)
+		return
+	}
+	t := m.Type()
+	vs := msg.Body
+	pointers := make([]interface{}, t.NumIn())
+	decode := make([]interface{}, 0, len(vs))
+	for i := 0; i < t.NumIn(); i++ {
+		tp := t.In(i)
+		val := reflect.New(tp)
+		pointers[i] = val.Interface()
+		if tp == reflect.TypeOf((*Sender)(nil)).Elem() {
+			val.Elem().SetString(sender)
+		} else {
+			decode = append(decode, pointers[i])
+		}
+	}
+	if len(decode) != len(vs) {
+		conn.sendError(errmsgInvalidArg, sender, serial)
+		return
+	}
+	if err := Store(vs, decode...); err != nil {
+		conn.sendError(errmsgInvalidArg, sender, serial)
+		return
+	}
+	params := make([]reflect.Value, len(pointers))
+	for i := 0; i < len(pointers); i++ {
+		params[i] = reflect.ValueOf(pointers[i]).Elem()
+	}
+	ret := m.Call(params)
+	if em := ret[t.NumOut()-1].Interface().(*Error); em != nil {
+		conn.sendError(*em, sender, serial)
+		return
+	}
+	if msg.Flags&FlagNoReplyExpected == 0 {
+		reply := new(Message)
+		reply.Type = TypeMethodReply
+		reply.serial = conn.getSerial()
+		reply.Headers = make(map[HeaderField]Variant)
+		if hasSender {
+			reply.Headers[FieldDestination] = msg.Headers[FieldSender]
+		}
+		reply.Headers[FieldReplySerial] = MakeVariant(msg.serial)
+		reply.Body = make([]interface{}, len(ret)-1)
+		for i := 0; i < len(ret)-1; i++ {
+			reply.Body[i] = ret[i].Interface()
+		}
+		if len(ret) != 1 {
+			reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
+		}
+		conn.outLck.RLock()
+		if !conn.closed {
+			conn.out <- reply
+		}
+		conn.outLck.RUnlock()
+	}
+}
+
+// Emit emits the given signal on the message bus. The name parameter must be
+// formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
+func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
+	if !path.IsValid() {
+		return errors.New("dbus: invalid object path")
+	}
+	i := strings.LastIndex(name, ".")
+	if i == -1 {
+		return errors.New("dbus: invalid method name")
+	}
+	iface := name[:i]
+	member := name[i+1:]
+	if !isValidMember(member) {
+		return errors.New("dbus: invalid method name")
+	}
+	if !isValidInterface(iface) {
+		return errors.New("dbus: invalid interface name")
+	}
+	msg := new(Message)
+	msg.Type = TypeSignal
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldInterface] = MakeVariant(iface)
+	msg.Headers[FieldMember] = MakeVariant(member)
+	msg.Headers[FieldPath] = MakeVariant(path)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+	conn.outLck.RLock()
+	defer conn.outLck.RUnlock()
+	if conn.closed {
+		return ErrClosed
+	}
+	conn.out <- msg
+	return nil
+}
+
+// Export registers the given value to be exported as an object on the
+// message bus.
+//
+// If a method call on the given path and interface is received, an exported
+// method with the same name is called with v as the receiver if the
+// parameters match and the last return value is of type *Error. If this
+// *Error is not nil, it is sent back to the caller as an error.
+// Otherwise, a method reply is sent with the other return values as its body.
+//
+// Any parameters with the special type Sender are set to the sender of the
+// dbus message when the method is called. Parameters of this type do not
+// contribute to the dbus signature of the method (i.e. the method is exposed
+// as if the parameters of type Sender were not there).
+//
+// Every method call is executed in a new goroutine, so the method may be called
+// in multiple goroutines at once.
+//
+// Method calls on the interface org.freedesktop.DBus.Peer will be automatically
+// handled for every object.
+//
+// Passing nil as the first parameter will cause conn to cease handling calls on
+// the given combination of path and interface.
+//
+// Export returns an error if path is not a valid path name.
+func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error {
+	if !path.IsValid() {
+		return errors.New("dbus: invalid path name")
+	}
+	conn.handlersLck.Lock()
+	if v == nil {
+		if _, ok := conn.handlers[path]; ok {
+			delete(conn.handlers[path], iface)
+			if len(conn.handlers[path]) == 0 {
+				delete(conn.handlers, path)
+			}
+		}
+		return nil
+	}
+	if _, ok := conn.handlers[path]; !ok {
+		conn.handlers[path] = make(map[string]interface{})
+	}
+	conn.handlers[path][iface] = v
+	conn.handlersLck.Unlock()
+	return nil
+}
+
+// ReleaseName calls org.freedesktop.DBus.ReleaseName. You should use only this
+// method to release a name (see below).
+func (conn *Conn) ReleaseName(name string) (ReleaseNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.ReleaseName", 0, name).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	if r == uint32(ReleaseNameReplyReleased) {
+		conn.namesLck.Lock()
+		for i, v := range conn.names {
+			if v == name {
+				copy(conn.names[i:], conn.names[i+1:])
+				conn.names = conn.names[:len(conn.names)-1]
+			}
+		}
+		conn.namesLck.Unlock()
+	}
+	return ReleaseNameReply(r), nil
+}
+
+// RequestName calls org.freedesktop.DBus.RequestName. You should use only this
+// method to request a name because package dbus needs to keep track of all
+// names that the connection has.
+func (conn *Conn) RequestName(name string, flags RequestNameFlags) (RequestNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.RequestName", 0, name, flags).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	if r == uint32(RequestNameReplyPrimaryOwner) {
+		conn.namesLck.Lock()
+		conn.names = append(conn.names, name)
+		conn.namesLck.Unlock()
+	}
+	return RequestNameReply(r), nil
+}
+
+// ReleaseNameReply is the reply to a ReleaseName call.
+type ReleaseNameReply uint32
+
+const (
+	ReleaseNameReplyReleased ReleaseNameReply = 1 + iota
+	ReleaseNameReplyNonExistent
+	ReleaseNameReplyNotOwner
+)
+
+// RequestNameFlags represents the possible flags for a RequestName call.
+type RequestNameFlags uint32
+
+const (
+	NameFlagAllowReplacement RequestNameFlags = 1 << iota
+	NameFlagReplaceExisting
+	NameFlagDoNotQueue
+)
+
+// RequestNameReply is the reply to a RequestName call.
+type RequestNameReply uint32
+
+const (
+	RequestNameReplyPrimaryOwner RequestNameReply = 1 + iota
+	RequestNameReplyInQueue
+	RequestNameReplyExists
+	RequestNameReplyAlreadyOwner
+)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
new file mode 100644
index 0000000000..0b745f9313
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
@@ -0,0 +1,28 @@
+package dbus
+
+import (
+	"os"
+	"sync"
+)
+
+var (
+	homeDir     string
+	homeDirLock sync.Mutex
+)
+
+func getHomeDir() string {
+	homeDirLock.Lock()
+	defer homeDirLock.Unlock()
+
+	if homeDir != "" {
+		return homeDir
+	}
+
+	homeDir = os.Getenv("HOME")
+	if homeDir != "" {
+		return homeDir
+	}
+
+	homeDir = lookupHomeDir()
+	return homeDir
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
new file mode 100644
index 0000000000..2732081e73
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
@@ -0,0 +1,15 @@
+// +build !static_build
+
+package dbus
+
+import (
+	"os/user"
+)
+
+func lookupHomeDir() string {
+	u, err := user.Current()
+	if err != nil {
+		return "/"
+	}
+	return u.HomeDir
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
new file mode 100644
index 0000000000..b9d9cb5525
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
@@ -0,0 +1,45 @@
+// +build static_build
+
+package dbus
+
+import (
+	"bufio"
+	"os"
+	"strconv"
+	"strings"
+)
+
+func lookupHomeDir() string {
+	myUid := os.Getuid()
+
+	f, err := os.Open("/etc/passwd")
+	if err != nil {
+		return "/"
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			break
+		}
+
+		line := strings.TrimSpace(s.Text())
+		if line == "" {
+			continue
+		}
+
+		parts := strings.Split(line, ":")
+
+		if len(parts) >= 6 {
+			uid, err := strconv.Atoi(parts[2])
+			if err == nil && uid == myUid {
+				return parts[5]
+			}
+		}
+	}
+
+	// Default to / if we can't get a better value
+	return "/"
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
new file mode 100644
index 0000000000..4aca2ea63e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
@@ -0,0 +1,27 @@
+package introspect
+
+import (
+	"encoding/xml"
+	"github.com/godbus/dbus"
+	"strings"
+)
+
+// Call calls org.freedesktop.Introspectable.Introspect on a remote object
+// and returns the introspection data.
+func Call(o *dbus.Object) (*Node, error) {
+	var xmldata string
+	var node Node
+
+	err := o.Call("org.freedesktop.DBus.Introspectable.Introspect", 0).Store(&xmldata)
+	if err != nil {
+		return nil, err
+	}
+	err = xml.NewDecoder(strings.NewReader(xmldata)).Decode(&node)
+	if err != nil {
+		return nil, err
+	}
+	if node.Name == "" {
+		node.Name = string(o.Path())
+	}
+	return &node, nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
new file mode 100644
index 0000000000..dafcdb8b7a
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
@@ -0,0 +1,80 @@
+// Package introspect provides some utilities for dealing with the DBus
+// introspection format.
+package introspect
+
+import "encoding/xml"
+
+// The introspection data for the org.freedesktop.DBus.Introspectable interface.
+var IntrospectData = Interface{
+	Name: "org.freedesktop.DBus.Introspectable",
+	Methods: []Method{
+		{
+			Name: "Introspect",
+			Args: []Arg{
+				{"out", "s", "out"},
+			},
+		},
+	},
+}
+
+// The introspection data for the org.freedesktop.DBus.Introspectable interface,
+// as a string.
+const IntrospectDataString = `
+	<interface name="org.freedesktop.DBus.Introspectable">
+		<method name="Introspect">
+			<arg name="out" direction="out" type="s"/>
+		</method>
+	</interface>
+`
+
+// Node is the root element of an introspection.
+type Node struct {
+	XMLName    xml.Name    `xml:"node"`
+	Name       string      `xml:"name,attr,omitempty"`
+	Interfaces []Interface `xml:"interface"`
+	Children   []Node      `xml:"node,omitempty"`
+}
+
+// Interface describes a DBus interface that is available on the message bus.
+type Interface struct {
+	Name        string       `xml:"name,attr"`
+	Methods     []Method     `xml:"method"`
+	Signals     []Signal     `xml:"signal"`
+	Properties  []Property   `xml:"property"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Method describes a Method on an Interface as retured by an introspection.
+type Method struct {
+	Name        string       `xml:"name,attr"`
+	Args        []Arg        `xml:"arg"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Signal describes a Signal emitted on an Interface.
+type Signal struct {
+	Name        string       `xml:"name,attr"`
+	Args        []Arg        `xml:"arg"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Property describes a property of an Interface.
+type Property struct {
+	Name        string       `xml:"name,attr"`
+	Type        string       `xml:"type,attr"`
+	Access      string       `xml:"access,attr"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Arg represents an argument of a method or a signal.
+type Arg struct {
+	Name      string `xml:"name,attr,omitempty"`
+	Type      string `xml:"type,attr"`
+	Direction string `xml:"direction,attr,omitempty"`
+}
+
+// Annotation is an annotation in the introspection format.
+type Annotation struct {
+	Name  string `xml:"name,attr"`
+	Value string `xml:"value,attr"`
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
new file mode 100644
index 0000000000..a2a965a343
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
@@ -0,0 +1,74 @@
+package introspect
+
+import (
+	"encoding/xml"
+	"github.com/godbus/dbus"
+	"reflect"
+)
+
+// Introspectable implements org.freedesktop.Introspectable.
+//
+// You can create it by converting the XML-formatted introspection data from a
+// string to an Introspectable or call NewIntrospectable with a Node. Then,
+// export it as org.freedesktop.Introspectable on you object.
+type Introspectable string
+
+// NewIntrospectable returns an Introspectable that returns the introspection
+// data that corresponds to the given Node. If n.Interfaces doesn't contain the
+// data for org.freedesktop.DBus.Introspectable, it is added automatically.
+func NewIntrospectable(n *Node) Introspectable {
+	found := false
+	for _, v := range n.Interfaces {
+		if v.Name == "org.freedesktop.DBus.Introspectable" {
+			found = true
+			break
+		}
+	}
+	if !found {
+		n.Interfaces = append(n.Interfaces, IntrospectData)
+	}
+	b, err := xml.Marshal(n)
+	if err != nil {
+		panic(err)
+	}
+	return Introspectable(b)
+}
+
+// Introspect implements org.freedesktop.Introspectable.Introspect.
+func (i Introspectable) Introspect() (string, *dbus.Error) {
+	return string(i), nil
+}
+
+// Methods returns the description of the methods of v. This can be used to
+// create a Node which can be passed to NewIntrospectable.
+func Methods(v interface{}) []Method {
+	t := reflect.TypeOf(v)
+	ms := make([]Method, 0, t.NumMethod())
+	for i := 0; i < t.NumMethod(); i++ {
+		if t.Method(i).PkgPath != "" {
+			continue
+		}
+		mt := t.Method(i).Type
+		if mt.NumOut() == 0 ||
+			mt.Out(mt.NumOut()-1) != reflect.TypeOf(&dbus.Error{"", nil}) {
+
+			continue
+		}
+		var m Method
+		m.Name = t.Method(i).Name
+		m.Args = make([]Arg, 0, mt.NumIn()+mt.NumOut()-2)
+		for j := 1; j < mt.NumIn(); j++ {
+			if mt.In(j) != reflect.TypeOf((*dbus.Sender)(nil)).Elem() {
+				arg := Arg{"", dbus.SignatureOfType(mt.In(j)).String(), "in"}
+				m.Args = append(m.Args, arg)
+			}
+		}
+		for j := 0; j < mt.NumOut()-1; j++ {
+			arg := Arg{"", dbus.SignatureOfType(mt.Out(j)).String(), "out"}
+			m.Args = append(m.Args, arg)
+		}
+		m.Annotations = make([]Annotation, 0)
+		ms = append(ms, m)
+	}
+	return ms
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
new file mode 100644
index 0000000000..075d6e38ba
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
@@ -0,0 +1,346 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"reflect"
+	"strconv"
+)
+
+const protoVersion byte = 1
+
+// Flags represents the possible flags of a D-Bus message.
+type Flags byte
+
+const (
+	// FlagNoReplyExpected signals that the message is not expected to generate
+	// a reply. If this flag is set on outgoing messages, any possible reply
+	// will be discarded.
+	FlagNoReplyExpected Flags = 1 << iota
+	// FlagNoAutoStart signals that the message bus should not automatically
+	// start an application when handling this message.
+	FlagNoAutoStart
+)
+
+// Type represents the possible types of a D-Bus message.
+type Type byte
+
+const (
+	TypeMethodCall Type = 1 + iota
+	TypeMethodReply
+	TypeError
+	TypeSignal
+	typeMax
+)
+
+func (t Type) String() string {
+	switch t {
+	case TypeMethodCall:
+		return "method call"
+	case TypeMethodReply:
+		return "reply"
+	case TypeError:
+		return "error"
+	case TypeSignal:
+		return "signal"
+	}
+	return "invalid"
+}
+
+// HeaderField represents the possible byte codes for the headers
+// of a D-Bus message.
+type HeaderField byte
+
+const (
+	FieldPath HeaderField = 1 + iota
+	FieldInterface
+	FieldMember
+	FieldErrorName
+	FieldReplySerial
+	FieldDestination
+	FieldSender
+	FieldSignature
+	FieldUnixFDs
+	fieldMax
+)
+
+// An InvalidMessageError describes the reason why a D-Bus message is regarded as
+// invalid.
+type InvalidMessageError string
+
+func (e InvalidMessageError) Error() string {
+	return "dbus: invalid message: " + string(e)
+}
+
+// fieldType are the types of the various header fields.
+var fieldTypes = [fieldMax]reflect.Type{
+	FieldPath:        objectPathType,
+	FieldInterface:   stringType,
+	FieldMember:      stringType,
+	FieldErrorName:   stringType,
+	FieldReplySerial: uint32Type,
+	FieldDestination: stringType,
+	FieldSender:      stringType,
+	FieldSignature:   signatureType,
+	FieldUnixFDs:     uint32Type,
+}
+
+// requiredFields lists the header fields that are required by the different
+// message types.
+var requiredFields = [typeMax][]HeaderField{
+	TypeMethodCall:  {FieldPath, FieldMember},
+	TypeMethodReply: {FieldReplySerial},
+	TypeError:       {FieldErrorName, FieldReplySerial},
+	TypeSignal:      {FieldPath, FieldInterface, FieldMember},
+}
+
+// Message represents a single D-Bus message.
+type Message struct {
+	Type
+	Flags
+	Headers map[HeaderField]Variant
+	Body    []interface{}
+
+	serial uint32
+}
+
+type header struct {
+	Field byte
+	Variant
+}
+
+// DecodeMessage tries to decode a single message in the D-Bus wire format
+// from the given reader. The byte order is figured out from the first byte.
+// The possibly returned error can be an error of the underlying reader, an
+// InvalidMessageError or a FormatError.
+func DecodeMessage(rd io.Reader) (msg *Message, err error) {
+	var order binary.ByteOrder
+	var hlength, length uint32
+	var typ, flags, proto byte
+	var headers []header
+
+	b := make([]byte, 1)
+	_, err = rd.Read(b)
+	if err != nil {
+		return
+	}
+	switch b[0] {
+	case 'l':
+		order = binary.LittleEndian
+	case 'B':
+		order = binary.BigEndian
+	default:
+		return nil, InvalidMessageError("invalid byte order")
+	}
+
+	dec := newDecoder(rd, order)
+	dec.pos = 1
+
+	msg = new(Message)
+	vs, err := dec.Decode(Signature{"yyyuu"})
+	if err != nil {
+		return nil, err
+	}
+	if err = Store(vs, &typ, &flags, &proto, &length, &msg.serial); err != nil {
+		return nil, err
+	}
+	msg.Type = Type(typ)
+	msg.Flags = Flags(flags)
+
+	// get the header length separately because we need it later
+	b = make([]byte, 4)
+	_, err = io.ReadFull(rd, b)
+	if err != nil {
+		return nil, err
+	}
+	binary.Read(bytes.NewBuffer(b), order, &hlength)
+	if hlength+length+16 > 1<<27 {
+		return nil, InvalidMessageError("message is too long")
+	}
+	dec = newDecoder(io.MultiReader(bytes.NewBuffer(b), rd), order)
+	dec.pos = 12
+	vs, err = dec.Decode(Signature{"a(yv)"})
+	if err != nil {
+		return nil, err
+	}
+	if err = Store(vs, &headers); err != nil {
+		return nil, err
+	}
+
+	msg.Headers = make(map[HeaderField]Variant)
+	for _, v := range headers {
+		msg.Headers[HeaderField(v.Field)] = v.Variant
+	}
+
+	dec.align(8)
+	body := make([]byte, int(length))
+	if length != 0 {
+		_, err := io.ReadFull(rd, body)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if err = msg.IsValid(); err != nil {
+		return nil, err
+	}
+	sig, _ := msg.Headers[FieldSignature].value.(Signature)
+	if sig.str != "" {
+		buf := bytes.NewBuffer(body)
+		dec = newDecoder(buf, order)
+		vs, err := dec.Decode(sig)
+		if err != nil {
+			return nil, err
+		}
+		msg.Body = vs
+	}
+
+	return
+}
+
+// EncodeTo encodes and sends a message to the given writer. The byte order must
+// be either binary.LittleEndian or binary.BigEndian. If the message is not
+// valid or an error occurs when writing, an error is returned.
+func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error {
+	if err := msg.IsValid(); err != nil {
+		return err
+	}
+	var vs [7]interface{}
+	switch order {
+	case binary.LittleEndian:
+		vs[0] = byte('l')
+	case binary.BigEndian:
+		vs[0] = byte('B')
+	default:
+		return errors.New("dbus: invalid byte order")
+	}
+	body := new(bytes.Buffer)
+	enc := newEncoder(body, order)
+	if len(msg.Body) != 0 {
+		enc.Encode(msg.Body...)
+	}
+	vs[1] = msg.Type
+	vs[2] = msg.Flags
+	vs[3] = protoVersion
+	vs[4] = uint32(len(body.Bytes()))
+	vs[5] = msg.serial
+	headers := make([]header, 0, len(msg.Headers))
+	for k, v := range msg.Headers {
+		headers = append(headers, header{byte(k), v})
+	}
+	vs[6] = headers
+	var buf bytes.Buffer
+	enc = newEncoder(&buf, order)
+	enc.Encode(vs[:]...)
+	enc.align(8)
+	body.WriteTo(&buf)
+	if buf.Len() > 1<<27 {
+		return InvalidMessageError("message is too long")
+	}
+	if _, err := buf.WriteTo(out); err != nil {
+		return err
+	}
+	return nil
+}
+
+// IsValid checks whether msg is a valid message and returns an
+// InvalidMessageError if it is not.
+func (msg *Message) IsValid() error {
+	if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected) != 0 {
+		return InvalidMessageError("invalid flags")
+	}
+	if msg.Type == 0 || msg.Type >= typeMax {
+		return InvalidMessageError("invalid message type")
+	}
+	for k, v := range msg.Headers {
+		if k == 0 || k >= fieldMax {
+			return InvalidMessageError("invalid header")
+		}
+		if reflect.TypeOf(v.value) != fieldTypes[k] {
+			return InvalidMessageError("invalid type of header field")
+		}
+	}
+	for _, v := range requiredFields[msg.Type] {
+		if _, ok := msg.Headers[v]; !ok {
+			return InvalidMessageError("missing required header")
+		}
+	}
+	if path, ok := msg.Headers[FieldPath]; ok {
+		if !path.value.(ObjectPath).IsValid() {
+			return InvalidMessageError("invalid path name")
+		}
+	}
+	if iface, ok := msg.Headers[FieldInterface]; ok {
+		if !isValidInterface(iface.value.(string)) {
+			return InvalidMessageError("invalid interface name")
+		}
+	}
+	if member, ok := msg.Headers[FieldMember]; ok {
+		if !isValidMember(member.value.(string)) {
+			return InvalidMessageError("invalid member name")
+		}
+	}
+	if errname, ok := msg.Headers[FieldErrorName]; ok {
+		if !isValidInterface(errname.value.(string)) {
+			return InvalidMessageError("invalid error name")
+		}
+	}
+	if len(msg.Body) != 0 {
+		if _, ok := msg.Headers[FieldSignature]; !ok {
+			return InvalidMessageError("missing signature")
+		}
+	}
+	return nil
+}
+
+// Serial returns the message's serial number. The returned value is only valid
+// for messages received by eavesdropping.
+func (msg *Message) Serial() uint32 {
+	return msg.serial
+}
+
+// String returns a string representation of a message similar to the format of
+// dbus-monitor.
+func (msg *Message) String() string {
+	if err := msg.IsValid(); err != nil {
+		return "<invalid>"
+	}
+	s := msg.Type.String()
+	if v, ok := msg.Headers[FieldSender]; ok {
+		s += " from " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldDestination]; ok {
+		s += " to " + v.value.(string)
+	}
+	s += " serial " + strconv.FormatUint(uint64(msg.serial), 10)
+	if v, ok := msg.Headers[FieldReplySerial]; ok {
+		s += " reply_serial " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
+	}
+	if v, ok := msg.Headers[FieldUnixFDs]; ok {
+		s += " unixfds " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
+	}
+	if v, ok := msg.Headers[FieldPath]; ok {
+		s += " path " + string(v.value.(ObjectPath))
+	}
+	if v, ok := msg.Headers[FieldInterface]; ok {
+		s += " interface " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldErrorName]; ok {
+		s += " error " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldMember]; ok {
+		s += " member " + v.value.(string)
+	}
+	if len(msg.Body) != 0 {
+		s += "\n"
+	}
+	for i, v := range msg.Body {
+		s += "  " + MakeVariant(v).String()
+		if i != len(msg.Body)-1 {
+			s += "\n"
+		}
+	}
+	return s
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
new file mode 100644
index 0000000000..ed5bdf2243
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
@@ -0,0 +1,264 @@
+// Package prop provides the Properties struct which can be used to implement
+// org.freedesktop.DBus.Properties.
+package prop
+
+import (
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"sync"
+)
+
+// EmitType controls how org.freedesktop.DBus.Properties.PropertiesChanged is
+// emitted for a property. If it is EmitTrue, the signal is emitted. If it is
+// EmitInvalidates, the signal is also emitted, but the new value of the property
+// is not disclosed.
+type EmitType byte
+
+const (
+	EmitFalse EmitType = iota
+	EmitTrue
+	EmitInvalidates
+)
+
+// ErrIfaceNotFound is the error returned to peers who try to access properties
+// on interfaces that aren't found.
+var ErrIfaceNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InterfaceNotFound", nil}
+
+// ErrPropNotFound is the error returned to peers trying to access properties
+// that aren't found.
+var ErrPropNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.PropertyNotFound", nil}
+
+// ErrReadOnly is the error returned to peers trying to set a read-only
+// property.
+var ErrReadOnly = &dbus.Error{"org.freedesktop.DBus.Properties.Error.ReadOnly", nil}
+
+// ErrInvalidArg is returned to peers if the type of the property that is being
+// changed and the argument don't match.
+var ErrInvalidArg = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InvalidArg", nil}
+
+// The introspection data for the org.freedesktop.DBus.Properties interface.
+var IntrospectData = introspect.Interface{
+	Name: "org.freedesktop.DBus.Properties",
+	Methods: []introspect.Method{
+		{
+			Name: "Get",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"property", "s", "in"},
+				{"value", "v", "out"},
+			},
+		},
+		{
+			Name: "GetAll",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"props", "a{sv}", "out"},
+			},
+		},
+		{
+			Name: "Set",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"property", "s", "in"},
+				{"value", "v", "in"},
+			},
+		},
+	},
+	Signals: []introspect.Signal{
+		{
+			Name: "PropertiesChanged",
+			Args: []introspect.Arg{
+				{"interface", "s", "out"},
+				{"changed_properties", "a{sv}", "out"},
+				{"invalidates_properties", "as", "out"},
+			},
+		},
+	},
+}
+
+// The introspection data for the org.freedesktop.DBus.Properties interface, as
+// a string.
+const IntrospectDataString = `
+	<interface name="org.freedesktop.DBus.Introspectable">
+		<method name="Get">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="property" direction="in" type="s"/>
+			<arg name="value" direction="out" type="v"/>
+		</method>
+		<method name="GetAll">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="props" direction="out" type="a{sv}"/>
+		</method>
+		<method name="Set">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="property" direction="in" type="s"/>
+			<arg name="value" direction="in" type="v"/>
+		</method>
+		<signal name="PropertiesChanged">
+			<arg name="interface" type="s"/>
+			<arg name="changed_properties" type="a{sv}"/>
+			<arg name="invalidates_properties" type="as"/>
+		</signal>
+	</interface>
+`
+
+// Prop represents a single property. It is used for creating a Properties
+// value.
+type Prop struct {
+	// Initial value. Must be a DBus-representable type.
+	Value interface{}
+
+	// If true, the value can be modified by calls to Set.
+	Writable bool
+
+	// Controls how org.freedesktop.DBus.Properties.PropertiesChanged is
+	// emitted if this property changes.
+	Emit EmitType
+
+	// If not nil, anytime this property is changed by Set, this function is
+	// called with an appropiate Change as its argument. If the returned error
+	// is not nil, it is sent back to the caller of Set and the property is not
+	// changed.
+	Callback func(*Change) *dbus.Error
+}
+
+// Change represents a change of a property by a call to Set.
+type Change struct {
+	Props *Properties
+	Iface string
+	Name  string
+	Value interface{}
+}
+
+// Properties is a set of values that can be made available to the message bus
+// using the org.freedesktop.DBus.Properties interface. It is safe for
+// concurrent use by multiple goroutines.
+type Properties struct {
+	m    map[string]map[string]*Prop
+	mut  sync.RWMutex
+	conn *dbus.Conn
+	path dbus.ObjectPath
+}
+
+// New returns a new Properties structure that manages the given properties.
+// The key for the first-level map of props is the name of the interface; the
+// second-level key is the name of the property. The returned structure will be
+// exported as org.freedesktop.DBus.Properties on path.
+func New(conn *dbus.Conn, path dbus.ObjectPath, props map[string]map[string]*Prop) *Properties {
+	p := &Properties{m: props, conn: conn, path: path}
+	conn.Export(p, path, "org.freedesktop.DBus.Properties")
+	return p
+}
+
+// Get implements org.freedesktop.DBus.Properties.Get.
+func (p *Properties) Get(iface, property string) (dbus.Variant, *dbus.Error) {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return dbus.Variant{}, ErrIfaceNotFound
+	}
+	prop, ok := m[property]
+	if !ok {
+		return dbus.Variant{}, ErrPropNotFound
+	}
+	return dbus.MakeVariant(prop.Value), nil
+}
+
+// GetAll implements org.freedesktop.DBus.Properties.GetAll.
+func (p *Properties) GetAll(iface string) (map[string]dbus.Variant, *dbus.Error) {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return nil, ErrIfaceNotFound
+	}
+	rm := make(map[string]dbus.Variant, len(m))
+	for k, v := range m {
+		rm[k] = dbus.MakeVariant(v.Value)
+	}
+	return rm, nil
+}
+
+// GetMust returns the value of the given property and panics if either the
+// interface or the property name are invalid.
+func (p *Properties) GetMust(iface, property string) interface{} {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	return p.m[iface][property].Value
+}
+
+// Introspection returns the introspection data that represents the properties
+// of iface.
+func (p *Properties) Introspection(iface string) []introspect.Property {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m := p.m[iface]
+	s := make([]introspect.Property, 0, len(m))
+	for k, v := range m {
+		p := introspect.Property{Name: k, Type: dbus.SignatureOf(v.Value).String()}
+		if v.Writable {
+			p.Access = "readwrite"
+		} else {
+			p.Access = "read"
+		}
+		s = append(s, p)
+	}
+	return s
+}
+
+// set sets the given property and emits PropertyChanged if appropiate. p.mut
+// must already be locked.
+func (p *Properties) set(iface, property string, v interface{}) {
+	prop := p.m[iface][property]
+	prop.Value = v
+	switch prop.Emit {
+	case EmitFalse:
+		// do nothing
+	case EmitInvalidates:
+		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
+			iface, map[string]dbus.Variant{}, []string{property})
+	case EmitTrue:
+		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
+			iface, map[string]dbus.Variant{property: dbus.MakeVariant(v)},
+			[]string{})
+	default:
+		panic("invalid value for EmitType")
+	}
+}
+
+// Set implements org.freedesktop.Properties.Set.
+func (p *Properties) Set(iface, property string, newv dbus.Variant) *dbus.Error {
+	p.mut.Lock()
+	defer p.mut.Unlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return ErrIfaceNotFound
+	}
+	prop, ok := m[property]
+	if !ok {
+		return ErrPropNotFound
+	}
+	if !prop.Writable {
+		return ErrReadOnly
+	}
+	if newv.Signature() != dbus.SignatureOf(prop.Value) {
+		return ErrInvalidArg
+	}
+	if prop.Callback != nil {
+		err := prop.Callback(&Change{p, iface, property, newv.Value()})
+		if err != nil {
+			return err
+		}
+	}
+	p.set(iface, property, newv.Value())
+	return nil
+}
+
+// SetMust sets the value of the given property and panics if the interface or
+// the property name are invalid.
+func (p *Properties) SetMust(iface, property string, v interface{}) {
+	p.mut.Lock()
+	p.set(iface, property, v)
+	p.mut.Unlock()
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
new file mode 100644
index 0000000000..608a770d41
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
@@ -0,0 +1,369 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io/ioutil"
+	"math"
+	"reflect"
+	"testing"
+)
+
+var protoTests = []struct {
+	vs           []interface{}
+	bigEndian    []byte
+	littleEndian []byte
+}{
+	{
+		[]interface{}{int32(0)},
+		[]byte{0, 0, 0, 0},
+		[]byte{0, 0, 0, 0},
+	},
+	{
+		[]interface{}{true, false},
+		[]byte{0, 0, 0, 1, 0, 0, 0, 0},
+		[]byte{1, 0, 0, 0, 0, 0, 0, 0},
+	},
+	{
+		[]interface{}{byte(0), uint16(12), int16(32), uint32(43)},
+		[]byte{0, 0, 0, 12, 0, 32, 0, 0, 0, 0, 0, 43},
+		[]byte{0, 0, 12, 0, 32, 0, 0, 0, 43, 0, 0, 0},
+	},
+	{
+		[]interface{}{int64(-1), uint64(1<<64 - 1)},
+		bytes.Repeat([]byte{255}, 16),
+		bytes.Repeat([]byte{255}, 16),
+	},
+	{
+		[]interface{}{math.Inf(+1)},
+		[]byte{0x7f, 0xf0, 0, 0, 0, 0, 0, 0},
+		[]byte{0, 0, 0, 0, 0, 0, 0xf0, 0x7f},
+	},
+	{
+		[]interface{}{"foo"},
+		[]byte{0, 0, 0, 3, 'f', 'o', 'o', 0},
+		[]byte{3, 0, 0, 0, 'f', 'o', 'o', 0},
+	},
+	{
+		[]interface{}{Signature{"ai"}},
+		[]byte{2, 'a', 'i', 0},
+		[]byte{2, 'a', 'i', 0},
+	},
+	{
+		[]interface{}{[]int16{42, 256}},
+		[]byte{0, 0, 0, 4, 0, 42, 1, 0},
+		[]byte{4, 0, 0, 0, 42, 0, 0, 1},
+	},
+	{
+		[]interface{}{MakeVariant("foo")},
+		[]byte{1, 's', 0, 0, 0, 0, 0, 3, 'f', 'o', 'o', 0},
+		[]byte{1, 's', 0, 0, 3, 0, 0, 0, 'f', 'o', 'o', 0},
+	},
+	{
+		[]interface{}{MakeVariant(MakeVariant(Signature{"v"}))},
+		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
+		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
+	},
+	{
+		[]interface{}{map[int32]bool{42: true}},
+		[]byte{0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1},
+		[]byte{8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1, 0, 0, 0},
+	},
+	{
+		[]interface{}{map[string]Variant{}, byte(42)},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+	},
+	{
+		[]interface{}{[]uint64{}, byte(42)},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+	},
+}
+
+func TestProto(t *testing.T) {
+	for i, v := range protoTests {
+		buf := new(bytes.Buffer)
+		bigEnc := newEncoder(buf, binary.BigEndian)
+		bigEnc.Encode(v.vs...)
+		marshalled := buf.Bytes()
+		if bytes.Compare(marshalled, v.bigEndian) != 0 {
+			t.Errorf("test %d (marshal be): got '%v', but expected '%v'\n", i+1, marshalled,
+				v.bigEndian)
+		}
+		buf.Reset()
+		litEnc := newEncoder(buf, binary.LittleEndian)
+		litEnc.Encode(v.vs...)
+		marshalled = buf.Bytes()
+		if bytes.Compare(marshalled, v.littleEndian) != 0 {
+			t.Errorf("test %d (marshal le): got '%v', but expected '%v'\n", i+1, marshalled,
+				v.littleEndian)
+		}
+		unmarshalled := reflect.MakeSlice(reflect.TypeOf(v.vs),
+			0, 0)
+		for i := range v.vs {
+			unmarshalled = reflect.Append(unmarshalled,
+				reflect.New(reflect.TypeOf(v.vs[i])))
+		}
+		bigDec := newDecoder(bytes.NewReader(v.bigEndian), binary.BigEndian)
+		vs, err := bigDec.Decode(SignatureOf(v.vs...))
+		if err != nil {
+			t.Errorf("test %d (unmarshal be): %s\n", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(vs, v.vs) {
+			t.Errorf("test %d (unmarshal be): got %#v, but expected %#v\n", i+1, vs, v.vs)
+		}
+		litDec := newDecoder(bytes.NewReader(v.littleEndian), binary.LittleEndian)
+		vs, err = litDec.Decode(SignatureOf(v.vs...))
+		if err != nil {
+			t.Errorf("test %d (unmarshal le): %s\n", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(vs, v.vs) {
+			t.Errorf("test %d (unmarshal le): got %#v, but expected %#v\n", i+1, vs, v.vs)
+		}
+
+	}
+}
+
+func TestProtoMap(t *testing.T) {
+	m := map[string]uint8{
+		"foo": 23,
+		"bar": 2,
+	}
+	var n map[string]uint8
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(m)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"a{sy}"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &n); err != nil {
+		t.Fatal(err)
+	}
+	if len(n) != 2 || n["foo"] != 23 || n["bar"] != 2 {
+		t.Error("got", n)
+	}
+}
+
+func TestProtoVariantStruct(t *testing.T) {
+	var variant Variant
+	v := MakeVariant(struct {
+		A int32
+		B int16
+	}{1, 2})
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(v)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"v"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &variant); err != nil {
+		t.Fatal(err)
+	}
+	sl := variant.Value().([]interface{})
+	v1, v2 := sl[0].(int32), sl[1].(int16)
+	if v1 != int32(1) {
+		t.Error("got", v1, "as first int")
+	}
+	if v2 != int16(2) {
+		t.Error("got", v2, "as second int")
+	}
+}
+
+func TestProtoStructTag(t *testing.T) {
+	type Bar struct {
+		A int32
+		B chan interface{} `dbus:"-"`
+		C int32
+	}
+	var bar1, bar2 Bar
+	bar1.A = 234
+	bar2.C = 345
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(bar1)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"(ii)"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &bar2); err != nil {
+		t.Fatal(err)
+	}
+	if bar1 != bar2 {
+		t.Error("struct tag test: got", bar2)
+	}
+}
+
+func TestProtoStoreStruct(t *testing.T) {
+	var foo struct {
+		A int32
+		B string
+		c chan interface{}
+		D interface{} `dbus:"-"`
+	}
+	src := []interface{}{[]interface{}{int32(42), "foo"}}
+	err := Store(src, &foo)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestProtoStoreNestedStruct(t *testing.T) {
+	var foo struct {
+		A int32
+		B struct {
+			C string
+			D float64
+		}
+	}
+	src := []interface{}{
+		[]interface{}{
+			int32(42),
+			[]interface{}{
+				"foo",
+				3.14,
+			},
+		},
+	}
+	err := Store(src, &foo)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMessage(t *testing.T) {
+	buf := new(bytes.Buffer)
+	message := new(Message)
+	message.Type = TypeMethodCall
+	message.serial = 32
+	message.Headers = map[HeaderField]Variant{
+		FieldPath:   MakeVariant(ObjectPath("/org/foo/bar")),
+		FieldMember: MakeVariant("baz"),
+	}
+	message.Body = make([]interface{}, 0)
+	err := message.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		t.Error(err)
+	}
+	_, err = DecodeMessage(buf)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestProtoStructInterfaces(t *testing.T) {
+	b := []byte{42}
+	vs, err := newDecoder(bytes.NewReader(b), binary.LittleEndian).Decode(Signature{"(y)"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if vs[0].([]interface{})[0].(byte) != 42 {
+		t.Errorf("wrongs results (got %v)", vs)
+	}
+}
+
+// ordinary org.freedesktop.DBus.Hello call
+var smallMessage = &Message{
+	Type:   TypeMethodCall,
+	serial: 1,
+	Headers: map[HeaderField]Variant{
+		FieldDestination: MakeVariant("org.freedesktop.DBus"),
+		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
+		FieldInterface:   MakeVariant("org.freedesktop.DBus"),
+		FieldMember:      MakeVariant("Hello"),
+	},
+}
+
+// org.freedesktop.Notifications.Notify
+var bigMessage = &Message{
+	Type:   TypeMethodCall,
+	serial: 2,
+	Headers: map[HeaderField]Variant{
+		FieldDestination: MakeVariant("org.freedesktop.Notifications"),
+		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/Notifications")),
+		FieldInterface:   MakeVariant("org.freedesktop.Notifications"),
+		FieldMember:      MakeVariant("Notify"),
+		FieldSignature:   MakeVariant(Signature{"susssasa{sv}i"}),
+	},
+	Body: []interface{}{
+		"app_name",
+		uint32(0),
+		"dialog-information",
+		"Notification",
+		"This is the body of a notification",
+		[]string{"ok", "Ok"},
+		map[string]Variant{
+			"sound-name": MakeVariant("dialog-information"),
+		},
+		int32(-1),
+	},
+}
+
+func BenchmarkDecodeMessageSmall(b *testing.B) {
+	var err error
+	var rd *bytes.Reader
+
+	b.StopTimer()
+	buf := new(bytes.Buffer)
+	err = smallMessage.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		b.Fatal(err)
+	}
+	decoded := buf.Bytes()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		rd = bytes.NewReader(decoded)
+		_, err = DecodeMessage(rd)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkDecodeMessageBig(b *testing.B) {
+	var err error
+	var rd *bytes.Reader
+
+	b.StopTimer()
+	buf := new(bytes.Buffer)
+	err = bigMessage.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		b.Fatal(err)
+	}
+	decoded := buf.Bytes()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		rd = bytes.NewReader(decoded)
+		_, err = DecodeMessage(rd)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkEncodeMessageSmall(b *testing.B) {
+	var err error
+	for i := 0; i < b.N; i++ {
+		err = smallMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkEncodeMessageBig(b *testing.B) {
+	var err error
+	for i := 0; i < b.N; i++ {
+		err = bigMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
new file mode 100644
index 0000000000..f45b53ce1b
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
@@ -0,0 +1,257 @@
+package dbus
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+var sigToType = map[byte]reflect.Type{
+	'y': byteType,
+	'b': boolType,
+	'n': int16Type,
+	'q': uint16Type,
+	'i': int32Type,
+	'u': uint32Type,
+	'x': int64Type,
+	't': uint64Type,
+	'd': float64Type,
+	's': stringType,
+	'g': signatureType,
+	'o': objectPathType,
+	'v': variantType,
+	'h': unixFDIndexType,
+}
+
+// Signature represents a correct type signature as specified by the D-Bus
+// specification. The zero value represents the empty signature, "".
+type Signature struct {
+	str string
+}
+
+// SignatureOf returns the concatenation of all the signatures of the given
+// values. It panics if one of them is not representable in D-Bus.
+func SignatureOf(vs ...interface{}) Signature {
+	var s string
+	for _, v := range vs {
+		s += getSignature(reflect.TypeOf(v))
+	}
+	return Signature{s}
+}
+
+// SignatureOfType returns the signature of the given type. It panics if the
+// type is not representable in D-Bus.
+func SignatureOfType(t reflect.Type) Signature {
+	return Signature{getSignature(t)}
+}
+
+// getSignature returns the signature of the given type and panics on unknown types.
+func getSignature(t reflect.Type) string {
+	// handle simple types first
+	switch t.Kind() {
+	case reflect.Uint8:
+		return "y"
+	case reflect.Bool:
+		return "b"
+	case reflect.Int16:
+		return "n"
+	case reflect.Uint16:
+		return "q"
+	case reflect.Int32:
+		if t == unixFDType {
+			return "h"
+		}
+		return "i"
+	case reflect.Uint32:
+		if t == unixFDIndexType {
+			return "h"
+		}
+		return "u"
+	case reflect.Int64:
+		return "x"
+	case reflect.Uint64:
+		return "t"
+	case reflect.Float64:
+		return "d"
+	case reflect.Ptr:
+		return getSignature(t.Elem())
+	case reflect.String:
+		if t == objectPathType {
+			return "o"
+		}
+		return "s"
+	case reflect.Struct:
+		if t == variantType {
+			return "v"
+		} else if t == signatureType {
+			return "g"
+		}
+		var s string
+		for i := 0; i < t.NumField(); i++ {
+			field := t.Field(i)
+			if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+				s += getSignature(t.Field(i).Type)
+			}
+		}
+		return "(" + s + ")"
+	case reflect.Array, reflect.Slice:
+		return "a" + getSignature(t.Elem())
+	case reflect.Map:
+		if !isKeyType(t.Key()) {
+			panic(InvalidTypeError{t})
+		}
+		return "a{" + getSignature(t.Key()) + getSignature(t.Elem()) + "}"
+	}
+	panic(InvalidTypeError{t})
+}
+
+// ParseSignature returns the signature represented by this string, or a
+// SignatureError if the string is not a valid signature.
+func ParseSignature(s string) (sig Signature, err error) {
+	if len(s) == 0 {
+		return
+	}
+	if len(s) > 255 {
+		return Signature{""}, SignatureError{s, "too long"}
+	}
+	sig.str = s
+	for err == nil && len(s) != 0 {
+		err, s = validSingle(s, 0)
+	}
+	if err != nil {
+		sig = Signature{""}
+	}
+
+	return
+}
+
+// ParseSignatureMust behaves like ParseSignature, except that it panics if s
+// is not valid.
+func ParseSignatureMust(s string) Signature {
+	sig, err := ParseSignature(s)
+	if err != nil {
+		panic(err)
+	}
+	return sig
+}
+
+// Empty retruns whether the signature is the empty signature.
+func (s Signature) Empty() bool {
+	return s.str == ""
+}
+
+// Single returns whether the signature represents a single, complete type.
+func (s Signature) Single() bool {
+	err, r := validSingle(s.str, 0)
+	return err != nil && r == ""
+}
+
+// String returns the signature's string representation.
+func (s Signature) String() string {
+	return s.str
+}
+
+// A SignatureError indicates that a signature passed to a function or received
+// on a connection is not a valid signature.
+type SignatureError struct {
+	Sig    string
+	Reason string
+}
+
+func (e SignatureError) Error() string {
+	return fmt.Sprintf("dbus: invalid signature: %q (%s)", e.Sig, e.Reason)
+}
+
+// Try to read a single type from this string. If it was successfull, err is nil
+// and rem is the remaining unparsed part. Otherwise, err is a non-nil
+// SignatureError and rem is "". depth is the current recursion depth which may
+// not be greater than 64 and should be given as 0 on the first call.
+func validSingle(s string, depth int) (err error, rem string) {
+	if s == "" {
+		return SignatureError{Sig: s, Reason: "empty signature"}, ""
+	}
+	if depth > 64 {
+		return SignatureError{Sig: s, Reason: "container nesting too deep"}, ""
+	}
+	switch s[0] {
+	case 'y', 'b', 'n', 'q', 'i', 'u', 'x', 't', 'd', 's', 'g', 'o', 'v', 'h':
+		return nil, s[1:]
+	case 'a':
+		if len(s) > 1 && s[1] == '{' {
+			i := findMatching(s[1:], '{', '}')
+			if i == -1 {
+				return SignatureError{Sig: s, Reason: "unmatched '{'"}, ""
+			}
+			i++
+			rem = s[i+1:]
+			s = s[2:i]
+			if err, _ = validSingle(s[:1], depth+1); err != nil {
+				return err, ""
+			}
+			err, nr := validSingle(s[1:], depth+1)
+			if err != nil {
+				return err, ""
+			}
+			if nr != "" {
+				return SignatureError{Sig: s, Reason: "too many types in dict"}, ""
+			}
+			return nil, rem
+		}
+		return validSingle(s[1:], depth+1)
+	case '(':
+		i := findMatching(s, '(', ')')
+		if i == -1 {
+			return SignatureError{Sig: s, Reason: "unmatched ')'"}, ""
+		}
+		rem = s[i+1:]
+		s = s[1:i]
+		for err == nil && s != "" {
+			err, s = validSingle(s, depth+1)
+		}
+		if err != nil {
+			rem = ""
+		}
+		return
+	}
+	return SignatureError{Sig: s, Reason: "invalid type character"}, ""
+}
+
+func findMatching(s string, left, right rune) int {
+	n := 0
+	for i, v := range s {
+		if v == left {
+			n++
+		} else if v == right {
+			n--
+		}
+		if n == 0 {
+			return i
+		}
+	}
+	return -1
+}
+
+// typeFor returns the type of the given signature. It ignores any left over
+// characters and panics if s doesn't start with a valid type signature.
+func typeFor(s string) (t reflect.Type) {
+	err, _ := validSingle(s, 0)
+	if err != nil {
+		panic(err)
+	}
+
+	if t, ok := sigToType[s[0]]; ok {
+		return t
+	}
+	switch s[0] {
+	case 'a':
+		if s[1] == '{' {
+			i := strings.LastIndex(s, "}")
+			t = reflect.MapOf(sigToType[s[2]], typeFor(s[3:i]))
+		} else {
+			t = reflect.SliceOf(typeFor(s[1:]))
+		}
+	case '(':
+		t = interfacesType
+	}
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
new file mode 100644
index 0000000000..da37bc968e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
@@ -0,0 +1,70 @@
+package dbus
+
+import (
+	"testing"
+)
+
+var sigTests = []struct {
+	vs  []interface{}
+	sig Signature
+}{
+	{
+		[]interface{}{new(int32)},
+		Signature{"i"},
+	},
+	{
+		[]interface{}{new(string)},
+		Signature{"s"},
+	},
+	{
+		[]interface{}{new(Signature)},
+		Signature{"g"},
+	},
+	{
+		[]interface{}{new([]int16)},
+		Signature{"an"},
+	},
+	{
+		[]interface{}{new(int16), new(uint32)},
+		Signature{"nu"},
+	},
+	{
+		[]interface{}{new(map[byte]Variant)},
+		Signature{"a{yv}"},
+	},
+	{
+		[]interface{}{new(Variant), new([]map[int32]string)},
+		Signature{"vaa{is}"},
+	},
+}
+
+func TestSig(t *testing.T) {
+	for i, v := range sigTests {
+		sig := SignatureOf(v.vs...)
+		if sig != v.sig {
+			t.Errorf("test %d: got %q, expected %q", i+1, sig.str, v.sig.str)
+		}
+	}
+}
+
+var getSigTest = []interface{}{
+	[]struct {
+		b byte
+		i int32
+		t uint64
+		s string
+	}{},
+	map[string]Variant{},
+}
+
+func BenchmarkGetSignatureSimple(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		SignatureOf("", int32(0))
+	}
+}
+
+func BenchmarkGetSignatureLong(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		SignatureOf(getSigTest...)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
new file mode 100644
index 0000000000..1bba0d6bf7
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
@@ -0,0 +1,6 @@
+package dbus
+
+func (t *unixTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
new file mode 100644
index 0000000000..46f8f49d69
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
@@ -0,0 +1,35 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+type genericTransport struct {
+	io.ReadWriteCloser
+}
+
+func (t genericTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
+
+func (t genericTransport) SupportsUnixFDs() bool {
+	return false
+}
+
+func (t genericTransport) EnableUnixFDs() {}
+
+func (t genericTransport) ReadMessage() (*Message, error) {
+	return DecodeMessage(t)
+}
+
+func (t genericTransport) SendMessage(msg *Message) error {
+	for _, v := range msg.Body {
+		if _, ok := v.(UnixFD); ok {
+			return errors.New("dbus: unix fd passing not enabled")
+		}
+	}
+	return msg.EncodeTo(t, binary.LittleEndian)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
new file mode 100644
index 0000000000..d16229be40
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
@@ -0,0 +1,190 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"net"
+	"syscall"
+)
+
+type oobReader struct {
+	conn *net.UnixConn
+	oob  []byte
+	buf  [4096]byte
+}
+
+func (o *oobReader) Read(b []byte) (n int, err error) {
+	n, oobn, flags, _, err := o.conn.ReadMsgUnix(b, o.buf[:])
+	if err != nil {
+		return n, err
+	}
+	if flags&syscall.MSG_CTRUNC != 0 {
+		return n, errors.New("dbus: control data truncated (too many fds received)")
+	}
+	o.oob = append(o.oob, o.buf[:oobn]...)
+	return n, nil
+}
+
+type unixTransport struct {
+	*net.UnixConn
+	hasUnixFDs bool
+}
+
+func newUnixTransport(keys string) (transport, error) {
+	var err error
+
+	t := new(unixTransport)
+	abstract := getKey(keys, "abstract")
+	path := getKey(keys, "path")
+	switch {
+	case abstract == "" && path == "":
+		return nil, errors.New("dbus: invalid address (neither path nor abstract set)")
+	case abstract != "" && path == "":
+		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: "@" + abstract, Net: "unix"})
+		if err != nil {
+			return nil, err
+		}
+		return t, nil
+	case abstract == "" && path != "":
+		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: path, Net: "unix"})
+		if err != nil {
+			return nil, err
+		}
+		return t, nil
+	default:
+		return nil, errors.New("dbus: invalid address (both path and abstract set)")
+	}
+}
+
+func (t *unixTransport) EnableUnixFDs() {
+	t.hasUnixFDs = true
+}
+
+func (t *unixTransport) ReadMessage() (*Message, error) {
+	var (
+		blen, hlen uint32
+		csheader   [16]byte
+		headers    []header
+		order      binary.ByteOrder
+		unixfds    uint32
+	)
+	// To be sure that all bytes of out-of-band data are read, we use a special
+	// reader that uses ReadUnix on the underlying connection instead of Read
+	// and gathers the out-of-band data in a buffer.
+	rd := &oobReader{conn: t.UnixConn}
+	// read the first 16 bytes (the part of the header that has a constant size),
+	// from which we can figure out the length of the rest of the message
+	if _, err := io.ReadFull(rd, csheader[:]); err != nil {
+		return nil, err
+	}
+	switch csheader[0] {
+	case 'l':
+		order = binary.LittleEndian
+	case 'B':
+		order = binary.BigEndian
+	default:
+		return nil, InvalidMessageError("invalid byte order")
+	}
+	// csheader[4:8] -> length of message body, csheader[12:16] -> length of
+	// header fields (without alignment)
+	binary.Read(bytes.NewBuffer(csheader[4:8]), order, &blen)
+	binary.Read(bytes.NewBuffer(csheader[12:]), order, &hlen)
+	if hlen%8 != 0 {
+		hlen += 8 - (hlen % 8)
+	}
+
+	// decode headers and look for unix fds
+	headerdata := make([]byte, hlen+4)
+	copy(headerdata, csheader[12:])
+	if _, err := io.ReadFull(t, headerdata[4:]); err != nil {
+		return nil, err
+	}
+	dec := newDecoder(bytes.NewBuffer(headerdata), order)
+	dec.pos = 12
+	vs, err := dec.Decode(Signature{"a(yv)"})
+	if err != nil {
+		return nil, err
+	}
+	Store(vs, &headers)
+	for _, v := range headers {
+		if v.Field == byte(FieldUnixFDs) {
+			unixfds, _ = v.Variant.value.(uint32)
+		}
+	}
+	all := make([]byte, 16+hlen+blen)
+	copy(all, csheader[:])
+	copy(all[16:], headerdata[4:])
+	if _, err := io.ReadFull(rd, all[16+hlen:]); err != nil {
+		return nil, err
+	}
+	if unixfds != 0 {
+		if !t.hasUnixFDs {
+			return nil, errors.New("dbus: got unix fds on unsupported transport")
+		}
+		// read the fds from the OOB data
+		scms, err := syscall.ParseSocketControlMessage(rd.oob)
+		if err != nil {
+			return nil, err
+		}
+		if len(scms) != 1 {
+			return nil, errors.New("dbus: received more than one socket control message")
+		}
+		fds, err := syscall.ParseUnixRights(&scms[0])
+		if err != nil {
+			return nil, err
+		}
+		msg, err := DecodeMessage(bytes.NewBuffer(all))
+		if err != nil {
+			return nil, err
+		}
+		// substitute the values in the message body (which are indices for the
+		// array receiver via OOB) with the actual values
+		for i, v := range msg.Body {
+			if j, ok := v.(UnixFDIndex); ok {
+				if uint32(j) >= unixfds {
+					return nil, InvalidMessageError("invalid index for unix fd")
+				}
+				msg.Body[i] = UnixFD(fds[j])
+			}
+		}
+		return msg, nil
+	}
+	return DecodeMessage(bytes.NewBuffer(all))
+}
+
+func (t *unixTransport) SendMessage(msg *Message) error {
+	fds := make([]int, 0)
+	for i, v := range msg.Body {
+		if fd, ok := v.(UnixFD); ok {
+			msg.Body[i] = UnixFDIndex(len(fds))
+			fds = append(fds, int(fd))
+		}
+	}
+	if len(fds) != 0 {
+		if !t.hasUnixFDs {
+			return errors.New("dbus: unix fd passing not enabled")
+		}
+		msg.Headers[FieldUnixFDs] = MakeVariant(uint32(len(fds)))
+		oob := syscall.UnixRights(fds...)
+		buf := new(bytes.Buffer)
+		msg.EncodeTo(buf, binary.LittleEndian)
+		n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil)
+		if err != nil {
+			return err
+		}
+		if n != buf.Len() || oobn != len(oob) {
+			return io.ErrShortWrite
+		}
+	} else {
+		if err := msg.EncodeTo(t, binary.LittleEndian); err != nil {
+			return nil
+		}
+	}
+	return nil
+}
+
+func (t *unixTransport) SupportsUnixFDs() bool {
+	return true
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
new file mode 100644
index 0000000000..302233fc65
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
@@ -0,0 +1,49 @@
+package dbus
+
+import (
+	"os"
+	"testing"
+)
+
+const testString = `This is a test!
+This text should be read from the file that is created by this test.`
+
+type unixFDTest struct{}
+
+func (t unixFDTest) Test(fd UnixFD) (string, *Error) {
+	var b [4096]byte
+	file := os.NewFile(uintptr(fd), "testfile")
+	defer file.Close()
+	n, err := file.Read(b[:])
+	if err != nil {
+		return "", &Error{"com.github.guelfey.test.Error", nil}
+	}
+	return string(b[:n]), nil
+}
+
+func TestUnixFDs(t *testing.T) {
+	conn, err := SessionBus()
+	if err != nil {
+		t.Fatal(err)
+	}
+	r, w, err := os.Pipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer w.Close()
+	if _, err := w.Write([]byte(testString)); err != nil {
+		t.Fatal(err)
+	}
+	name := conn.Names()[0]
+	test := unixFDTest{}
+	conn.Export(test, "/com/github/guelfey/test", "com.github.guelfey.test")
+	var s string
+	obj := conn.Object(name, "/com/github/guelfey/test")
+	err = obj.Call("com.github.guelfey.test.Test", 0, UnixFD(r.Fd())).Store(&s)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s != testString {
+		t.Fatal("got", s, "wanted", testString)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
new file mode 100644
index 0000000000..42a0e769ef
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
@@ -0,0 +1,22 @@
+// +build !darwin
+
+package dbus
+
+import (
+	"io"
+	"os"
+	"syscall"
+)
+
+func (t *unixTransport) SendNullByte() error {
+	ucred := &syscall.Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())}
+	b := syscall.UnixCredentials(ucred)
+	_, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil)
+	if err != nil {
+		return err
+	}
+	if oobn != len(b) {
+		return io.ErrShortWrite
+	}
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
new file mode 100644
index 0000000000..b1b53ceb47
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
@@ -0,0 +1,129 @@
+package dbus
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+// Variant represents the D-Bus variant type.
+type Variant struct {
+	sig   Signature
+	value interface{}
+}
+
+// MakeVariant converts the given value to a Variant. It panics if v cannot be
+// represented as a D-Bus type.
+func MakeVariant(v interface{}) Variant {
+	return Variant{SignatureOf(v), v}
+}
+
+// ParseVariant parses the given string as a variant as described at
+// https://developer.gnome.org/glib/unstable/gvariant-text.html. If sig is not
+// empty, it is taken to be the expected signature for the variant.
+func ParseVariant(s string, sig Signature) (Variant, error) {
+	tokens := varLex(s)
+	p := &varParser{tokens: tokens}
+	n, err := varMakeNode(p)
+	if err != nil {
+		return Variant{}, err
+	}
+	if sig.str == "" {
+		sig, err = varInfer(n)
+		if err != nil {
+			return Variant{}, err
+		}
+	}
+	v, err := n.Value(sig)
+	if err != nil {
+		return Variant{}, err
+	}
+	return MakeVariant(v), nil
+}
+
+// format returns a formatted version of v and whether this string can be parsed
+// unambigously.
+func (v Variant) format() (string, bool) {
+	switch v.sig.str[0] {
+	case 'b', 'i':
+		return fmt.Sprint(v.value), true
+	case 'n', 'q', 'u', 'x', 't', 'd', 'h':
+		return fmt.Sprint(v.value), false
+	case 's':
+		return strconv.Quote(v.value.(string)), true
+	case 'o':
+		return strconv.Quote(string(v.value.(ObjectPath))), false
+	case 'g':
+		return strconv.Quote(v.value.(Signature).str), false
+	case 'v':
+		s, unamb := v.value.(Variant).format()
+		if !unamb {
+			return "<@" + v.value.(Variant).sig.str + " " + s + ">", true
+		}
+		return "<" + s + ">", true
+	case 'y':
+		return fmt.Sprintf("%#x", v.value.(byte)), false
+	}
+	rv := reflect.ValueOf(v.value)
+	switch rv.Kind() {
+	case reflect.Slice:
+		if rv.Len() == 0 {
+			return "[]", false
+		}
+		unamb := true
+		buf := bytes.NewBuffer([]byte("["))
+		for i := 0; i < rv.Len(); i++ {
+			// TODO: slooow
+			s, b := MakeVariant(rv.Index(i).Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			if i != rv.Len()-1 {
+				buf.WriteString(", ")
+			}
+		}
+		buf.WriteByte(']')
+		return buf.String(), unamb
+	case reflect.Map:
+		if rv.Len() == 0 {
+			return "{}", false
+		}
+		unamb := true
+		buf := bytes.NewBuffer([]byte("{"))
+		for i, k := range rv.MapKeys() {
+			s, b := MakeVariant(k.Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			buf.WriteString(": ")
+			s, b = MakeVariant(rv.MapIndex(k).Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			if i != rv.Len()-1 {
+				buf.WriteString(", ")
+			}
+		}
+		buf.WriteByte('}')
+		return buf.String(), unamb
+	}
+	return `"INVALID"`, true
+}
+
+// Signature returns the D-Bus signature of the underlying value of v.
+func (v Variant) Signature() Signature {
+	return v.sig
+}
+
+// String returns the string representation of the underlying value of v as
+// described at https://developer.gnome.org/glib/unstable/gvariant-text.html.
+func (v Variant) String() string {
+	s, unamb := v.format()
+	if !unamb {
+		return "@" + v.sig.str + " " + s
+	}
+	return s
+}
+
+// Value returns the underlying value of v.
+func (v Variant) Value() interface{} {
+	return v.value
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
new file mode 100644
index 0000000000..332007d6f1
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
@@ -0,0 +1,284 @@
+package dbus
+
+import (
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Heavily inspired by the lexer from text/template.
+
+type varToken struct {
+	typ varTokenType
+	val string
+}
+
+type varTokenType byte
+
+const (
+	tokEOF varTokenType = iota
+	tokError
+	tokNumber
+	tokString
+	tokBool
+	tokArrayStart
+	tokArrayEnd
+	tokDictStart
+	tokDictEnd
+	tokVariantStart
+	tokVariantEnd
+	tokComma
+	tokColon
+	tokType
+	tokByteString
+)
+
+type varLexer struct {
+	input  string
+	start  int
+	pos    int
+	width  int
+	tokens []varToken
+}
+
+type lexState func(*varLexer) lexState
+
+func varLex(s string) []varToken {
+	l := &varLexer{input: s}
+	l.run()
+	return l.tokens
+}
+
+func (l *varLexer) accept(valid string) bool {
+	if strings.IndexRune(valid, l.next()) >= 0 {
+		return true
+	}
+	l.backup()
+	return false
+}
+
+func (l *varLexer) backup() {
+	l.pos -= l.width
+}
+
+func (l *varLexer) emit(t varTokenType) {
+	l.tokens = append(l.tokens, varToken{t, l.input[l.start:l.pos]})
+	l.start = l.pos
+}
+
+func (l *varLexer) errorf(format string, v ...interface{}) lexState {
+	l.tokens = append(l.tokens, varToken{
+		tokError,
+		fmt.Sprintf(format, v...),
+	})
+	return nil
+}
+
+func (l *varLexer) ignore() {
+	l.start = l.pos
+}
+
+func (l *varLexer) next() rune {
+	var r rune
+
+	if l.pos >= len(l.input) {
+		l.width = 0
+		return -1
+	}
+	r, l.width = utf8.DecodeRuneInString(l.input[l.pos:])
+	l.pos += l.width
+	return r
+}
+
+func (l *varLexer) run() {
+	for state := varLexNormal; state != nil; {
+		state = state(l)
+	}
+}
+
+func (l *varLexer) peek() rune {
+	r := l.next()
+	l.backup()
+	return r
+}
+
+func varLexNormal(l *varLexer) lexState {
+	for {
+		r := l.next()
+		switch {
+		case r == -1:
+			l.emit(tokEOF)
+			return nil
+		case r == '[':
+			l.emit(tokArrayStart)
+		case r == ']':
+			l.emit(tokArrayEnd)
+		case r == '{':
+			l.emit(tokDictStart)
+		case r == '}':
+			l.emit(tokDictEnd)
+		case r == '<':
+			l.emit(tokVariantStart)
+		case r == '>':
+			l.emit(tokVariantEnd)
+		case r == ':':
+			l.emit(tokColon)
+		case r == ',':
+			l.emit(tokComma)
+		case r == '\'' || r == '"':
+			l.backup()
+			return varLexString
+		case r == '@':
+			l.backup()
+			return varLexType
+		case unicode.IsSpace(r):
+			l.ignore()
+		case unicode.IsNumber(r) || r == '+' || r == '-':
+			l.backup()
+			return varLexNumber
+		case r == 'b':
+			pos := l.start
+			if n := l.peek(); n == '"' || n == '\'' {
+				return varLexByteString
+			}
+			// not a byte string; try to parse it as a type or bool below
+			l.pos = pos + 1
+			l.width = 1
+			fallthrough
+		default:
+			// either a bool or a type. Try bools first.
+			l.backup()
+			if l.pos+4 <= len(l.input) {
+				if l.input[l.pos:l.pos+4] == "true" {
+					l.pos += 4
+					l.emit(tokBool)
+					continue
+				}
+			}
+			if l.pos+5 <= len(l.input) {
+				if l.input[l.pos:l.pos+5] == "false" {
+					l.pos += 5
+					l.emit(tokBool)
+					continue
+				}
+			}
+			// must be a type.
+			return varLexType
+		}
+	}
+}
+
+var varTypeMap = map[string]string{
+	"boolean":    "b",
+	"byte":       "y",
+	"int16":      "n",
+	"uint16":     "q",
+	"int32":      "i",
+	"uint32":     "u",
+	"int64":      "x",
+	"uint64":     "t",
+	"double":     "f",
+	"string":     "s",
+	"objectpath": "o",
+	"signature":  "g",
+}
+
+func varLexByteString(l *varLexer) lexState {
+	q := l.next()
+Loop:
+	for {
+		switch l.next() {
+		case '\\':
+			if r := l.next(); r != -1 {
+				break
+			}
+			fallthrough
+		case -1:
+			return l.errorf("unterminated bytestring")
+		case q:
+			break Loop
+		}
+	}
+	l.emit(tokByteString)
+	return varLexNormal
+}
+
+func varLexNumber(l *varLexer) lexState {
+	l.accept("+-")
+	digits := "0123456789"
+	if l.accept("0") {
+		if l.accept("x") {
+			digits = "0123456789abcdefABCDEF"
+		} else {
+			digits = "01234567"
+		}
+	}
+	for strings.IndexRune(digits, l.next()) >= 0 {
+	}
+	l.backup()
+	if l.accept(".") {
+		for strings.IndexRune(digits, l.next()) >= 0 {
+		}
+		l.backup()
+	}
+	if l.accept("eE") {
+		l.accept("+-")
+		for strings.IndexRune("0123456789", l.next()) >= 0 {
+		}
+		l.backup()
+	}
+	if r := l.peek(); unicode.IsLetter(r) {
+		l.next()
+		return l.errorf("bad number syntax: %q", l.input[l.start:l.pos])
+	}
+	l.emit(tokNumber)
+	return varLexNormal
+}
+
+func varLexString(l *varLexer) lexState {
+	q := l.next()
+Loop:
+	for {
+		switch l.next() {
+		case '\\':
+			if r := l.next(); r != -1 {
+				break
+			}
+			fallthrough
+		case -1:
+			return l.errorf("unterminated string")
+		case q:
+			break Loop
+		}
+	}
+	l.emit(tokString)
+	return varLexNormal
+}
+
+func varLexType(l *varLexer) lexState {
+	at := l.accept("@")
+	for {
+		r := l.next()
+		if r == -1 {
+			break
+		}
+		if unicode.IsSpace(r) {
+			l.backup()
+			break
+		}
+	}
+	if at {
+		if _, err := ParseSignature(l.input[l.start+1 : l.pos]); err != nil {
+			return l.errorf("%s", err)
+		}
+	} else {
+		if _, ok := varTypeMap[l.input[l.start:l.pos]]; ok {
+			l.emit(tokType)
+			return varLexNormal
+		}
+		return l.errorf("unrecognized type %q", l.input[l.start:l.pos])
+	}
+	l.emit(tokType)
+	return varLexNormal
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
new file mode 100644
index 0000000000..d20f5da6dd
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
@@ -0,0 +1,817 @@
+package dbus
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode/utf8"
+)
+
+type varParser struct {
+	tokens []varToken
+	i      int
+}
+
+func (p *varParser) backup() {
+	p.i--
+}
+
+func (p *varParser) next() varToken {
+	if p.i < len(p.tokens) {
+		t := p.tokens[p.i]
+		p.i++
+		return t
+	}
+	return varToken{typ: tokEOF}
+}
+
+type varNode interface {
+	Infer() (Signature, error)
+	String() string
+	Sigs() sigSet
+	Value(Signature) (interface{}, error)
+}
+
+func varMakeNode(p *varParser) (varNode, error) {
+	var sig Signature
+
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokNumber:
+			return varMakeNumNode(t, sig)
+		case tokString:
+			return varMakeStringNode(t, sig)
+		case tokBool:
+			if sig.str != "" && sig.str != "b" {
+				return nil, varTypeError{t.val, sig}
+			}
+			b, err := strconv.ParseBool(t.val)
+			if err != nil {
+				return nil, err
+			}
+			return boolNode(b), nil
+		case tokArrayStart:
+			return varMakeArrayNode(p, sig)
+		case tokVariantStart:
+			return varMakeVariantNode(p, sig)
+		case tokDictStart:
+			return varMakeDictNode(p, sig)
+		case tokType:
+			if sig.str != "" {
+				return nil, errors.New("unexpected type annotation")
+			}
+			if t.val[0] == '@' {
+				sig.str = t.val[1:]
+			} else {
+				sig.str = varTypeMap[t.val]
+			}
+		case tokByteString:
+			if sig.str != "" && sig.str != "ay" {
+				return nil, varTypeError{t.val, sig}
+			}
+			b, err := varParseByteString(t.val)
+			if err != nil {
+				return nil, err
+			}
+			return byteStringNode(b), nil
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+}
+
+type varTypeError struct {
+	val string
+	sig Signature
+}
+
+func (e varTypeError) Error() string {
+	return fmt.Sprintf("dbus: can't parse %q as type %q", e.val, e.sig.str)
+}
+
+type sigSet map[Signature]bool
+
+func (s sigSet) Empty() bool {
+	return len(s) == 0
+}
+
+func (s sigSet) Intersect(s2 sigSet) sigSet {
+	r := make(sigSet)
+	for k := range s {
+		if s2[k] {
+			r[k] = true
+		}
+	}
+	return r
+}
+
+func (s sigSet) Single() (Signature, bool) {
+	if len(s) == 1 {
+		for k := range s {
+			return k, true
+		}
+	}
+	return Signature{}, false
+}
+
+func (s sigSet) ToArray() sigSet {
+	r := make(sigSet, len(s))
+	for k := range s {
+		r[Signature{"a" + k.str}] = true
+	}
+	return r
+}
+
+type numNode struct {
+	sig Signature
+	str string
+	val interface{}
+}
+
+var numSigSet = sigSet{
+	Signature{"y"}: true,
+	Signature{"n"}: true,
+	Signature{"q"}: true,
+	Signature{"i"}: true,
+	Signature{"u"}: true,
+	Signature{"x"}: true,
+	Signature{"t"}: true,
+	Signature{"d"}: true,
+}
+
+func (n numNode) Infer() (Signature, error) {
+	if strings.ContainsAny(n.str, ".e") {
+		return Signature{"d"}, nil
+	}
+	return Signature{"i"}, nil
+}
+
+func (n numNode) String() string {
+	return n.str
+}
+
+func (n numNode) Sigs() sigSet {
+	if n.sig.str != "" {
+		return sigSet{n.sig: true}
+	}
+	if strings.ContainsAny(n.str, ".e") {
+		return sigSet{Signature{"d"}: true}
+	}
+	return numSigSet
+}
+
+func (n numNode) Value(sig Signature) (interface{}, error) {
+	if n.sig.str != "" && n.sig != sig {
+		return nil, varTypeError{n.str, sig}
+	}
+	if n.val != nil {
+		return n.val, nil
+	}
+	return varNumAs(n.str, sig)
+}
+
+func varMakeNumNode(tok varToken, sig Signature) (varNode, error) {
+	if sig.str == "" {
+		return numNode{str: tok.val}, nil
+	}
+	num, err := varNumAs(tok.val, sig)
+	if err != nil {
+		return nil, err
+	}
+	return numNode{sig: sig, val: num}, nil
+}
+
+func varNumAs(s string, sig Signature) (interface{}, error) {
+	isUnsigned := false
+	size := 32
+	switch sig.str {
+	case "n":
+		size = 16
+	case "i":
+	case "x":
+		size = 64
+	case "y":
+		size = 8
+		isUnsigned = true
+	case "q":
+		size = 16
+		isUnsigned = true
+	case "u":
+		isUnsigned = true
+	case "t":
+		size = 64
+		isUnsigned = true
+	case "d":
+		d, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, err
+		}
+		return d, nil
+	default:
+		return nil, varTypeError{s, sig}
+	}
+	base := 10
+	if strings.HasPrefix(s, "0x") {
+		base = 16
+		s = s[2:]
+	}
+	if strings.HasPrefix(s, "0") && len(s) != 1 {
+		base = 8
+		s = s[1:]
+	}
+	if isUnsigned {
+		i, err := strconv.ParseUint(s, base, size)
+		if err != nil {
+			return nil, err
+		}
+		var v interface{} = i
+		switch sig.str {
+		case "y":
+			v = byte(i)
+		case "q":
+			v = uint16(i)
+		case "u":
+			v = uint32(i)
+		}
+		return v, nil
+	}
+	i, err := strconv.ParseInt(s, base, size)
+	if err != nil {
+		return nil, err
+	}
+	var v interface{} = i
+	switch sig.str {
+	case "n":
+		v = int16(i)
+	case "i":
+		v = int32(i)
+	}
+	return v, nil
+}
+
+type stringNode struct {
+	sig Signature
+	str string      // parsed
+	val interface{} // has correct type
+}
+
+var stringSigSet = sigSet{
+	Signature{"s"}: true,
+	Signature{"g"}: true,
+	Signature{"o"}: true,
+}
+
+func (n stringNode) Infer() (Signature, error) {
+	return Signature{"s"}, nil
+}
+
+func (n stringNode) String() string {
+	return n.str
+}
+
+func (n stringNode) Sigs() sigSet {
+	if n.sig.str != "" {
+		return sigSet{n.sig: true}
+	}
+	return stringSigSet
+}
+
+func (n stringNode) Value(sig Signature) (interface{}, error) {
+	if n.sig.str != "" && n.sig != sig {
+		return nil, varTypeError{n.str, sig}
+	}
+	if n.val != nil {
+		return n.val, nil
+	}
+	switch {
+	case sig.str == "g":
+		return Signature{n.str}, nil
+	case sig.str == "o":
+		return ObjectPath(n.str), nil
+	case sig.str == "s":
+		return n.str, nil
+	default:
+		return nil, varTypeError{n.str, sig}
+	}
+}
+
+func varMakeStringNode(tok varToken, sig Signature) (varNode, error) {
+	if sig.str != "" && sig.str != "s" && sig.str != "g" && sig.str != "o" {
+		return nil, fmt.Errorf("invalid type %q for string", sig.str)
+	}
+	s, err := varParseString(tok.val)
+	if err != nil {
+		return nil, err
+	}
+	n := stringNode{str: s}
+	if sig.str == "" {
+		return stringNode{str: s}, nil
+	}
+	n.sig = sig
+	switch sig.str {
+	case "o":
+		n.val = ObjectPath(s)
+	case "g":
+		n.val = Signature{s}
+	case "s":
+		n.val = s
+	}
+	return n, nil
+}
+
+func varParseString(s string) (string, error) {
+	// quotes are guaranteed to be there
+	s = s[1 : len(s)-1]
+	buf := new(bytes.Buffer)
+	for len(s) != 0 {
+		r, size := utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && size == 1 {
+			return "", errors.New("invalid UTF-8")
+		}
+		s = s[size:]
+		if r != '\\' {
+			buf.WriteRune(r)
+			continue
+		}
+		r, size = utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && size == 1 {
+			return "", errors.New("invalid UTF-8")
+		}
+		s = s[size:]
+		switch r {
+		case 'a':
+			buf.WriteRune(0x7)
+		case 'b':
+			buf.WriteRune(0x8)
+		case 'f':
+			buf.WriteRune(0xc)
+		case 'n':
+			buf.WriteRune('\n')
+		case 'r':
+			buf.WriteRune('\r')
+		case 't':
+			buf.WriteRune('\t')
+		case '\n':
+		case 'u':
+			if len(s) < 4 {
+				return "", errors.New("short unicode escape")
+			}
+			r, err := strconv.ParseUint(s[:4], 16, 32)
+			if err != nil {
+				return "", err
+			}
+			buf.WriteRune(rune(r))
+			s = s[4:]
+		case 'U':
+			if len(s) < 8 {
+				return "", errors.New("short unicode escape")
+			}
+			r, err := strconv.ParseUint(s[:8], 16, 32)
+			if err != nil {
+				return "", err
+			}
+			buf.WriteRune(rune(r))
+			s = s[8:]
+		default:
+			buf.WriteRune(r)
+		}
+	}
+	return buf.String(), nil
+}
+
+var boolSigSet = sigSet{Signature{"b"}: true}
+
+type boolNode bool
+
+func (boolNode) Infer() (Signature, error) {
+	return Signature{"b"}, nil
+}
+
+func (b boolNode) String() string {
+	if b {
+		return "true"
+	}
+	return "false"
+}
+
+func (boolNode) Sigs() sigSet {
+	return boolSigSet
+}
+
+func (b boolNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "b" {
+		return nil, varTypeError{b.String(), sig}
+	}
+	return bool(b), nil
+}
+
+type arrayNode struct {
+	set      sigSet
+	children []varNode
+	val      interface{}
+}
+
+func (n arrayNode) Infer() (Signature, error) {
+	for _, v := range n.children {
+		csig, err := varInfer(v)
+		if err != nil {
+			continue
+		}
+		return Signature{"a" + csig.str}, nil
+	}
+	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
+}
+
+func (n arrayNode) String() string {
+	s := "["
+	for i, v := range n.children {
+		s += v.String()
+		if i != len(n.children)-1 {
+			s += ", "
+		}
+	}
+	return s + "]"
+}
+
+func (n arrayNode) Sigs() sigSet {
+	return n.set
+}
+
+func (n arrayNode) Value(sig Signature) (interface{}, error) {
+	if n.set.Empty() {
+		// no type information whatsoever, so this must be an empty slice
+		return reflect.MakeSlice(typeFor(sig.str), 0, 0).Interface(), nil
+	}
+	if !n.set[sig] {
+		return nil, varTypeError{n.String(), sig}
+	}
+	s := reflect.MakeSlice(typeFor(sig.str), len(n.children), len(n.children))
+	for i, v := range n.children {
+		rv, err := v.Value(Signature{sig.str[1:]})
+		if err != nil {
+			return nil, err
+		}
+		s.Index(i).Set(reflect.ValueOf(rv))
+	}
+	return s.Interface(), nil
+}
+
+func varMakeArrayNode(p *varParser, sig Signature) (varNode, error) {
+	var n arrayNode
+	if sig.str != "" {
+		n.set = sigSet{sig: true}
+	}
+	if t := p.next(); t.typ == tokArrayEnd {
+		return n, nil
+	} else {
+		p.backup()
+	}
+Loop:
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		cn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if cset := cn.Sigs(); !cset.Empty() {
+			if n.set.Empty() {
+				n.set = cset.ToArray()
+			} else {
+				nset := cset.ToArray().Intersect(n.set)
+				if nset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", cn.String())
+				}
+				n.set = nset
+			}
+		}
+		n.children = append(n.children, cn)
+		switch t := p.next(); t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokArrayEnd:
+			break Loop
+		case tokComma:
+			continue
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+	return n, nil
+}
+
+type variantNode struct {
+	n varNode
+}
+
+var variantSet = sigSet{
+	Signature{"v"}: true,
+}
+
+func (variantNode) Infer() (Signature, error) {
+	return Signature{"v"}, nil
+}
+
+func (n variantNode) String() string {
+	return "<" + n.n.String() + ">"
+}
+
+func (variantNode) Sigs() sigSet {
+	return variantSet
+}
+
+func (n variantNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "v" {
+		return nil, varTypeError{n.String(), sig}
+	}
+	sig, err := varInfer(n.n)
+	if err != nil {
+		return nil, err
+	}
+	v, err := n.n.Value(sig)
+	if err != nil {
+		return nil, err
+	}
+	return MakeVariant(v), nil
+}
+
+func varMakeVariantNode(p *varParser, sig Signature) (varNode, error) {
+	n, err := varMakeNode(p)
+	if err != nil {
+		return nil, err
+	}
+	if t := p.next(); t.typ != tokVariantEnd {
+		return nil, fmt.Errorf("unexpected %q", t.val)
+	}
+	vn := variantNode{n}
+	if sig.str != "" && sig.str != "v" {
+		return nil, varTypeError{vn.String(), sig}
+	}
+	return variantNode{n}, nil
+}
+
+type dictEntry struct {
+	key, val varNode
+}
+
+type dictNode struct {
+	kset, vset sigSet
+	children   []dictEntry
+	val        interface{}
+}
+
+func (n dictNode) Infer() (Signature, error) {
+	for _, v := range n.children {
+		ksig, err := varInfer(v.key)
+		if err != nil {
+			continue
+		}
+		vsig, err := varInfer(v.val)
+		if err != nil {
+			continue
+		}
+		return Signature{"a{" + ksig.str + vsig.str + "}"}, nil
+	}
+	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
+}
+
+func (n dictNode) String() string {
+	s := "{"
+	for i, v := range n.children {
+		s += v.key.String() + ": " + v.val.String()
+		if i != len(n.children)-1 {
+			s += ", "
+		}
+	}
+	return s + "}"
+}
+
+func (n dictNode) Sigs() sigSet {
+	r := sigSet{}
+	for k := range n.kset {
+		for v := range n.vset {
+			sig := "a{" + k.str + v.str + "}"
+			r[Signature{sig}] = true
+		}
+	}
+	return r
+}
+
+func (n dictNode) Value(sig Signature) (interface{}, error) {
+	set := n.Sigs()
+	if set.Empty() {
+		// no type information -> empty dict
+		return reflect.MakeMap(typeFor(sig.str)).Interface(), nil
+	}
+	if !set[sig] {
+		return nil, varTypeError{n.String(), sig}
+	}
+	m := reflect.MakeMap(typeFor(sig.str))
+	ksig := Signature{sig.str[2:3]}
+	vsig := Signature{sig.str[3 : len(sig.str)-1]}
+	for _, v := range n.children {
+		kv, err := v.key.Value(ksig)
+		if err != nil {
+			return nil, err
+		}
+		vv, err := v.val.Value(vsig)
+		if err != nil {
+			return nil, err
+		}
+		m.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
+	}
+	return m.Interface(), nil
+}
+
+func varMakeDictNode(p *varParser, sig Signature) (varNode, error) {
+	var n dictNode
+
+	if sig.str != "" {
+		if len(sig.str) < 5 {
+			return nil, fmt.Errorf("invalid signature %q for dict type", sig)
+		}
+		ksig := Signature{string(sig.str[2])}
+		vsig := Signature{sig.str[3 : len(sig.str)-1]}
+		n.kset = sigSet{ksig: true}
+		n.vset = sigSet{vsig: true}
+	}
+	if t := p.next(); t.typ == tokDictEnd {
+		return n, nil
+	} else {
+		p.backup()
+	}
+Loop:
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		kn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if kset := kn.Sigs(); !kset.Empty() {
+			if n.kset.Empty() {
+				n.kset = kset
+			} else {
+				n.kset = kset.Intersect(n.kset)
+				if n.kset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", kn.String())
+				}
+			}
+		}
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokColon:
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		vn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if vset := vn.Sigs(); !vset.Empty() {
+			if n.vset.Empty() {
+				n.vset = vset
+			} else {
+				n.vset = n.vset.Intersect(vset)
+				if n.vset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", vn.String())
+				}
+			}
+		}
+		n.children = append(n.children, dictEntry{kn, vn})
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokDictEnd:
+			break Loop
+		case tokComma:
+			continue
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+	return n, nil
+}
+
+type byteStringNode []byte
+
+var byteStringSet = sigSet{
+	Signature{"ay"}: true,
+}
+
+func (byteStringNode) Infer() (Signature, error) {
+	return Signature{"ay"}, nil
+}
+
+func (b byteStringNode) String() string {
+	return string(b)
+}
+
+func (b byteStringNode) Sigs() sigSet {
+	return byteStringSet
+}
+
+func (b byteStringNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "ay" {
+		return nil, varTypeError{b.String(), sig}
+	}
+	return []byte(b), nil
+}
+
+func varParseByteString(s string) ([]byte, error) {
+	// quotes and b at start are guaranteed to be there
+	b := make([]byte, 0, 1)
+	s = s[2 : len(s)-1]
+	for len(s) != 0 {
+		c := s[0]
+		s = s[1:]
+		if c != '\\' {
+			b = append(b, c)
+			continue
+		}
+		c = s[0]
+		s = s[1:]
+		switch c {
+		case 'a':
+			b = append(b, 0x7)
+		case 'b':
+			b = append(b, 0x8)
+		case 'f':
+			b = append(b, 0xc)
+		case 'n':
+			b = append(b, '\n')
+		case 'r':
+			b = append(b, '\r')
+		case 't':
+			b = append(b, '\t')
+		case 'x':
+			if len(s) < 2 {
+				return nil, errors.New("short escape")
+			}
+			n, err := strconv.ParseUint(s[:2], 16, 8)
+			if err != nil {
+				return nil, err
+			}
+			b = append(b, byte(n))
+			s = s[2:]
+		case '0':
+			if len(s) < 3 {
+				return nil, errors.New("short escape")
+			}
+			n, err := strconv.ParseUint(s[:3], 8, 8)
+			if err != nil {
+				return nil, err
+			}
+			b = append(b, byte(n))
+			s = s[3:]
+		default:
+			b = append(b, c)
+		}
+	}
+	return append(b, 0), nil
+}
+
+func varInfer(n varNode) (Signature, error) {
+	if sig, ok := n.Sigs().Single(); ok {
+		return sig, nil
+	}
+	return n.Infer()
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
new file mode 100644
index 0000000000..da917c8e29
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
@@ -0,0 +1,78 @@
+package dbus
+
+import "reflect"
+import "testing"
+
+var variantFormatTests = []struct {
+	v interface{}
+	s string
+}{
+	{int32(1), `1`},
+	{"foo", `"foo"`},
+	{ObjectPath("/org/foo"), `@o "/org/foo"`},
+	{Signature{"i"}, `@g "i"`},
+	{[]byte{}, `@ay []`},
+	{[]int32{1, 2}, `[1, 2]`},
+	{[]int64{1, 2}, `@ax [1, 2]`},
+	{[][]int32{{3, 4}, {5, 6}}, `[[3, 4], [5, 6]]`},
+	{[]Variant{MakeVariant(int32(1)), MakeVariant(1.0)}, `[<1>, <@d 1>]`},
+	{map[string]int32{"one": 1, "two": 2}, `{"one": 1, "two": 2}`},
+	{map[int32]ObjectPath{1: "/org/foo"}, `@a{io} {1: "/org/foo"}`},
+	{map[string]Variant{}, `@a{sv} {}`},
+}
+
+func TestFormatVariant(t *testing.T) {
+	for i, v := range variantFormatTests {
+		if s := MakeVariant(v.v).String(); s != v.s {
+			t.Errorf("test %d: got %q, wanted %q", i+1, s, v.s)
+		}
+	}
+}
+
+var variantParseTests = []struct {
+	s string
+	v interface{}
+}{
+	{"1", int32(1)},
+	{"true", true},
+	{"false", false},
+	{"1.0", float64(1.0)},
+	{"0x10", int32(16)},
+	{"1e1", float64(10)},
+	{`"foo"`, "foo"},
+	{`"\a\b\f\n\r\t"`, "\x07\x08\x0c\n\r\t"},
+	{`"\u00e4\U0001f603"`, "\u00e4\U0001f603"},
+	{"[1]", []int32{1}},
+	{"[1, 2, 3]", []int32{1, 2, 3}},
+	{"@ai []", []int32{}},
+	{"[1, 5.0]", []float64{1, 5.0}},
+	{"[[1, 2], [3, 4.0]]", [][]float64{{1, 2}, {3, 4}}},
+	{`[@o "/org/foo", "/org/bar"]`, []ObjectPath{"/org/foo", "/org/bar"}},
+	{"<1>", MakeVariant(int32(1))},
+	{"[<1>, <2.0>]", []Variant{MakeVariant(int32(1)), MakeVariant(2.0)}},
+	{`[[], [""]]`, [][]string{{}, {""}}},
+	{`@a{ss} {}`, map[string]string{}},
+	{`{"foo": 1}`, map[string]int32{"foo": 1}},
+	{`[{}, {"foo": "bar"}]`, []map[string]string{{}, {"foo": "bar"}}},
+	{`{"a": <1>, "b": <"foo">}`,
+		map[string]Variant{"a": MakeVariant(int32(1)), "b": MakeVariant("foo")}},
+	{`b''`, []byte{0}},
+	{`b"abc"`, []byte{'a', 'b', 'c', 0}},
+	{`b"\x01\0002\a\b\f\n\r\t"`, []byte{1, 2, 0x7, 0x8, 0xc, '\n', '\r', '\t', 0}},
+	{`[[0], b""]`, [][]byte{{0}, {0}}},
+	{"int16 0", int16(0)},
+	{"byte 0", byte(0)},
+}
+
+func TestParseVariant(t *testing.T) {
+	for i, v := range variantParseTests {
+		nv, err := ParseVariant(v.s, Signature{})
+		if err != nil {
+			t.Errorf("test %d: parsing failed: %s", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(nv.value, v.v) {
+			t.Errorf("test %d: got %q, wanted %q", i+1, nv, v.v)
+		}
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
new file mode 100644
index 0000000000..80dd96de77
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
@@ -0,0 +1,24 @@
+Copyright 2013 Suryandaru Triandana <syndtr@gmail.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
new file mode 100644
index 0000000000..9df3b4151b
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
@@ -0,0 +1,71 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Package capability provides utilities for manipulating POSIX capabilities.
+package capability
+
+type Capabilities interface {
+	// Get check whether a capability present in the given
+	// capabilities set. The 'which' value should be one of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	Get(which CapType, what Cap) bool
+
+	// Empty check whether all capability bits of the given capabilities
+	// set are zero. The 'which' value should be one of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	Empty(which CapType) bool
+
+	// Full check whether all capability bits of the given capabilities
+	// set are one. The 'which' value should be one of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	Full(which CapType) bool
+
+	// Set sets capabilities of the given capabilities sets. The
+	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	Set(which CapType, caps ...Cap)
+
+	// Unset unsets capabilities of the given capabilities sets. The
+	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	Unset(which CapType, caps ...Cap)
+
+	// Fill sets all bits of the given capabilities kind to one. The
+	// 'kind' value should be one or combination (OR'ed) of CAPS or
+	// BOUNDS.
+	Fill(kind CapType)
+
+	// Clear sets all bits of the given capabilities kind to zero. The
+	// 'kind' value should be one or combination (OR'ed) of CAPS or
+	// BOUNDS.
+	Clear(kind CapType)
+
+	// String return current capabilities state of the given capabilities
+	// set as string. The 'which' value should be one of EFFECTIVE,
+	// PERMITTED, INHERITABLE or BOUNDING.
+	StringCap(which CapType) string
+
+	// String return current capabilities state as string.
+	String() string
+
+	// Load load actual capabilities value. This will overwrite all
+	// outstanding changes.
+	Load() error
+
+	// Apply apply the capabilities settings, so all changes will take
+	// effect.
+	Apply(kind CapType) error
+}
+
+// NewPid create new initialized Capabilities object for given pid.
+func NewPid(pid int) (Capabilities, error) {
+	return newPid(pid)
+}
+
+// NewFile create new initialized Capabilities object for given named file.
+func NewFile(name string) (Capabilities, error) {
+	return newFile(name)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
new file mode 100644
index 0000000000..c5f335f7fb
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
@@ -0,0 +1,566 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package capability
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"syscall"
+)
+
+var errUnknownVers = errors.New("unknown capability version")
+
+const (
+	linuxCapVer1 = 0x19980330
+	linuxCapVer2 = 0x20071026
+	linuxCapVer3 = 0x20080522
+)
+
+var capVers uint32
+
+func init() {
+	var hdr capHeader
+	capget(&hdr, nil)
+	capVers = hdr.version
+}
+
+func mkStringCap(c Capabilities, which CapType) (ret string) {
+	for i, first := Cap(0), true; i <= CAP_LAST_CAP; i++ {
+		if !c.Get(which, i) {
+			continue
+		}
+		if first {
+			first = false
+		} else {
+			ret += ", "
+		}
+		ret += i.String()
+	}
+	return
+}
+
+func mkString(c Capabilities, max CapType) (ret string) {
+	ret = "{"
+	for i := CapType(1); i <= max; i <<= 1 {
+		ret += " " + i.String() + "=\""
+		if c.Empty(i) {
+			ret += "empty"
+		} else if c.Full(i) {
+			ret += "full"
+		} else {
+			ret += c.StringCap(i)
+		}
+		ret += "\""
+	}
+	ret += " }"
+	return
+}
+
+func newPid(pid int) (c Capabilities, err error) {
+	switch capVers {
+	case linuxCapVer1:
+		p := new(capsV1)
+		p.hdr.version = capVers
+		p.hdr.pid = pid
+		c = p
+	case linuxCapVer2, linuxCapVer3:
+		p := new(capsV3)
+		p.hdr.version = capVers
+		p.hdr.pid = pid
+		c = p
+	default:
+		err = errUnknownVers
+		return
+	}
+	err = c.Load()
+	if err != nil {
+		c = nil
+	}
+	return
+}
+
+type capsV1 struct {
+	hdr  capHeader
+	data capData
+}
+
+func (c *capsV1) Get(which CapType, what Cap) bool {
+	if what > 32 {
+		return false
+	}
+
+	switch which {
+	case EFFECTIVE:
+		return (1<<uint(what))&c.data.effective != 0
+	case PERMITTED:
+		return (1<<uint(what))&c.data.permitted != 0
+	case INHERITABLE:
+		return (1<<uint(what))&c.data.inheritable != 0
+	}
+
+	return false
+}
+
+func (c *capsV1) getData(which CapType) (ret uint32) {
+	switch which {
+	case EFFECTIVE:
+		ret = c.data.effective
+	case PERMITTED:
+		ret = c.data.permitted
+	case INHERITABLE:
+		ret = c.data.inheritable
+	}
+	return
+}
+
+func (c *capsV1) Empty(which CapType) bool {
+	return c.getData(which) == 0
+}
+
+func (c *capsV1) Full(which CapType) bool {
+	return (c.getData(which) & 0x7fffffff) == 0x7fffffff
+}
+
+func (c *capsV1) Set(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		if what > 32 {
+			continue
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data.effective |= 1 << uint(what)
+		}
+		if which&PERMITTED != 0 {
+			c.data.permitted |= 1 << uint(what)
+		}
+		if which&INHERITABLE != 0 {
+			c.data.inheritable |= 1 << uint(what)
+		}
+	}
+}
+
+func (c *capsV1) Unset(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		if what > 32 {
+			continue
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data.effective &= ^(1 << uint(what))
+		}
+		if which&PERMITTED != 0 {
+			c.data.permitted &= ^(1 << uint(what))
+		}
+		if which&INHERITABLE != 0 {
+			c.data.inheritable &= ^(1 << uint(what))
+		}
+	}
+}
+
+func (c *capsV1) Fill(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data.effective = 0x7fffffff
+		c.data.permitted = 0x7fffffff
+		c.data.inheritable = 0
+	}
+}
+
+func (c *capsV1) Clear(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data.effective = 0
+		c.data.permitted = 0
+		c.data.inheritable = 0
+	}
+}
+
+func (c *capsV1) StringCap(which CapType) (ret string) {
+	return mkStringCap(c, which)
+}
+
+func (c *capsV1) String() (ret string) {
+	return mkString(c, BOUNDING)
+}
+
+func (c *capsV1) Load() (err error) {
+	return capget(&c.hdr, &c.data)
+}
+
+func (c *capsV1) Apply(kind CapType) error {
+	if kind&CAPS == CAPS {
+		return capset(&c.hdr, &c.data)
+	}
+	return nil
+}
+
+type capsV3 struct {
+	hdr    capHeader
+	data   [2]capData
+	bounds [2]uint32
+}
+
+func (c *capsV3) Get(which CapType, what Cap) bool {
+	var i uint
+	if what > 31 {
+		i = uint(what) >> 5
+		what %= 32
+	}
+
+	switch which {
+	case EFFECTIVE:
+		return (1<<uint(what))&c.data[i].effective != 0
+	case PERMITTED:
+		return (1<<uint(what))&c.data[i].permitted != 0
+	case INHERITABLE:
+		return (1<<uint(what))&c.data[i].inheritable != 0
+	case BOUNDING:
+		return (1<<uint(what))&c.bounds[i] != 0
+	}
+
+	return false
+}
+
+func (c *capsV3) getData(which CapType, dest []uint32) {
+	switch which {
+	case EFFECTIVE:
+		dest[0] = c.data[0].effective
+		dest[1] = c.data[1].effective
+	case PERMITTED:
+		dest[0] = c.data[0].permitted
+		dest[1] = c.data[1].permitted
+	case INHERITABLE:
+		dest[0] = c.data[0].inheritable
+		dest[1] = c.data[1].inheritable
+	case BOUNDING:
+		dest[0] = c.bounds[0]
+		dest[1] = c.bounds[1]
+	}
+}
+
+func (c *capsV3) Empty(which CapType) bool {
+	var data [2]uint32
+	c.getData(which, data[:])
+	return data[0] == 0 && data[1] == 0
+}
+
+func (c *capsV3) Full(which CapType) bool {
+	var data [2]uint32
+	c.getData(which, data[:])
+	if (data[0] & 0xffffffff) != 0xffffffff {
+		return false
+	}
+	return (data[1] & capUpperMask) == capUpperMask
+}
+
+func (c *capsV3) Set(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		var i uint
+		if what > 31 {
+			i = uint(what) >> 5
+			what %= 32
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data[i].effective |= 1 << uint(what)
+		}
+		if which&PERMITTED != 0 {
+			c.data[i].permitted |= 1 << uint(what)
+		}
+		if which&INHERITABLE != 0 {
+			c.data[i].inheritable |= 1 << uint(what)
+		}
+		if which&BOUNDING != 0 {
+			c.bounds[i] |= 1 << uint(what)
+		}
+	}
+}
+
+func (c *capsV3) Unset(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		var i uint
+		if what > 31 {
+			i = uint(what) >> 5
+			what %= 32
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data[i].effective &= ^(1 << uint(what))
+		}
+		if which&PERMITTED != 0 {
+			c.data[i].permitted &= ^(1 << uint(what))
+		}
+		if which&INHERITABLE != 0 {
+			c.data[i].inheritable &= ^(1 << uint(what))
+		}
+		if which&BOUNDING != 0 {
+			c.bounds[i] &= ^(1 << uint(what))
+		}
+	}
+}
+
+func (c *capsV3) Fill(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data[0].effective = 0xffffffff
+		c.data[0].permitted = 0xffffffff
+		c.data[0].inheritable = 0
+		c.data[1].effective = 0xffffffff
+		c.data[1].permitted = 0xffffffff
+		c.data[1].inheritable = 0
+	}
+
+	if kind&BOUNDS == BOUNDS {
+		c.bounds[0] = 0xffffffff
+		c.bounds[1] = 0xffffffff
+	}
+}
+
+func (c *capsV3) Clear(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data[0].effective = 0
+		c.data[0].permitted = 0
+		c.data[0].inheritable = 0
+		c.data[1].effective = 0
+		c.data[1].permitted = 0
+		c.data[1].inheritable = 0
+	}
+
+	if kind&BOUNDS == BOUNDS {
+		c.bounds[0] = 0
+		c.bounds[1] = 0
+	}
+}
+
+func (c *capsV3) StringCap(which CapType) (ret string) {
+	return mkStringCap(c, which)
+}
+
+func (c *capsV3) String() (ret string) {
+	return mkString(c, BOUNDING)
+}
+
+func (c *capsV3) Load() (err error) {
+	err = capget(&c.hdr, &c.data[0])
+	if err != nil {
+		return
+	}
+
+	f, err := os.Open(fmt.Sprintf("/proc/%d/status", c.hdr.pid))
+	if err != nil {
+		return
+	}
+	b := bufio.NewReader(f)
+	for {
+		line, e := b.ReadString('\n')
+		if e != nil {
+			if e != io.EOF {
+				err = e
+			}
+			break
+		}
+		if strings.HasPrefix(line, "CapB") {
+			fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])
+			break
+		}
+	}
+	f.Close()
+
+	return
+}
+
+func (c *capsV3) Apply(kind CapType) (err error) {
+	if kind&BOUNDS == BOUNDS {
+		var data [2]capData
+		err = capget(&c.hdr, &data[0])
+		if err != nil {
+			return
+		}
+		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
+			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
+				if c.Get(BOUNDING, i) {
+					continue
+				}
+				err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0)
+				if err != nil {
+					// Ignore EINVAL since the capability may not be supported in this system.
+					if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINVAL {
+						err = nil
+						continue
+					}
+					return
+				}
+			}
+		}
+	}
+
+	if kind&CAPS == CAPS {
+		return capset(&c.hdr, &c.data[0])
+	}
+
+	return
+}
+
+func newFile(path string) (c Capabilities, err error) {
+	c = &capsFile{path: path}
+	err = c.Load()
+	if err != nil {
+		c = nil
+	}
+	return
+}
+
+type capsFile struct {
+	path string
+	data vfscapData
+}
+
+func (c *capsFile) Get(which CapType, what Cap) bool {
+	var i uint
+	if what > 31 {
+		if c.data.version == 1 {
+			return false
+		}
+		i = uint(what) >> 5
+		what %= 32
+	}
+
+	switch which {
+	case EFFECTIVE:
+		return (1<<uint(what))&c.data.effective[i] != 0
+	case PERMITTED:
+		return (1<<uint(what))&c.data.data[i].permitted != 0
+	case INHERITABLE:
+		return (1<<uint(what))&c.data.data[i].inheritable != 0
+	}
+
+	return false
+}
+
+func (c *capsFile) getData(which CapType, dest []uint32) {
+	switch which {
+	case EFFECTIVE:
+		dest[0] = c.data.effective[0]
+		dest[1] = c.data.effective[1]
+	case PERMITTED:
+		dest[0] = c.data.data[0].permitted
+		dest[1] = c.data.data[1].permitted
+	case INHERITABLE:
+		dest[0] = c.data.data[0].inheritable
+		dest[1] = c.data.data[1].inheritable
+	}
+}
+
+func (c *capsFile) Empty(which CapType) bool {
+	var data [2]uint32
+	c.getData(which, data[:])
+	return data[0] == 0 && data[1] == 0
+}
+
+func (c *capsFile) Full(which CapType) bool {
+	var data [2]uint32
+	c.getData(which, data[:])
+	if c.data.version == 0 {
+		return (data[0] & 0x7fffffff) == 0x7fffffff
+	}
+	if (data[0] & 0xffffffff) != 0xffffffff {
+		return false
+	}
+	return (data[1] & capUpperMask) == capUpperMask
+}
+
+func (c *capsFile) Set(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		var i uint
+		if what > 31 {
+			if c.data.version == 1 {
+				continue
+			}
+			i = uint(what) >> 5
+			what %= 32
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data.effective[i] |= 1 << uint(what)
+		}
+		if which&PERMITTED != 0 {
+			c.data.data[i].permitted |= 1 << uint(what)
+		}
+		if which&INHERITABLE != 0 {
+			c.data.data[i].inheritable |= 1 << uint(what)
+		}
+	}
+}
+
+func (c *capsFile) Unset(which CapType, caps ...Cap) {
+	for _, what := range caps {
+		var i uint
+		if what > 31 {
+			if c.data.version == 1 {
+				continue
+			}
+			i = uint(what) >> 5
+			what %= 32
+		}
+
+		if which&EFFECTIVE != 0 {
+			c.data.effective[i] &= ^(1 << uint(what))
+		}
+		if which&PERMITTED != 0 {
+			c.data.data[i].permitted &= ^(1 << uint(what))
+		}
+		if which&INHERITABLE != 0 {
+			c.data.data[i].inheritable &= ^(1 << uint(what))
+		}
+	}
+}
+
+func (c *capsFile) Fill(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data.effective[0] = 0xffffffff
+		c.data.data[0].permitted = 0xffffffff
+		c.data.data[0].inheritable = 0
+		if c.data.version == 2 {
+			c.data.effective[1] = 0xffffffff
+			c.data.data[1].permitted = 0xffffffff
+			c.data.data[1].inheritable = 0
+		}
+	}
+}
+
+func (c *capsFile) Clear(kind CapType) {
+	if kind&CAPS == CAPS {
+		c.data.effective[0] = 0
+		c.data.data[0].permitted = 0
+		c.data.data[0].inheritable = 0
+		if c.data.version == 2 {
+			c.data.effective[1] = 0
+			c.data.data[1].permitted = 0
+			c.data.data[1].inheritable = 0
+		}
+	}
+}
+
+func (c *capsFile) StringCap(which CapType) (ret string) {
+	return mkStringCap(c, which)
+}
+
+func (c *capsFile) String() (ret string) {
+	return mkString(c, INHERITABLE)
+}
+
+func (c *capsFile) Load() (err error) {
+	return getVfsCap(c.path, &c.data)
+}
+
+func (c *capsFile) Apply(kind CapType) (err error) {
+	if kind&CAPS == CAPS {
+		return setVfsCap(c.path, &c.data)
+	}
+	return
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
new file mode 100644
index 0000000000..9bb3070c5e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
@@ -0,0 +1,19 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// +build !linux
+
+package capability
+
+import "errors"
+
+func newPid(pid int) (Capabilities, error) {
+	return nil, errors.New("not supported")
+}
+
+func newFile(path string) (Capabilities, error) {
+	return nil, errors.New("not supported")
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
new file mode 100644
index 0000000000..8108655c05
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
@@ -0,0 +1,83 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package capability
+
+import "testing"
+
+func TestState(t *testing.T) {
+	testEmpty := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && !c.Empty(i) {
+				t.Errorf(name+": capabilities set %q wasn't empty", i)
+			}
+		}
+	}
+	testFull := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && !c.Full(i) {
+				t.Errorf(name+": capabilities set %q wasn't full", i)
+			}
+		}
+	}
+	testPartial := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && (c.Empty(i) || c.Full(i)) {
+				t.Errorf(name+": capabilities set %q wasn't partial", i)
+			}
+		}
+	}
+	testGet := func(name string, c Capabilities, whats CapType, max Cap) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i & whats) == 0 {
+				continue
+			}
+			for j := Cap(0); j <= max; j++ {
+				if !c.Get(i, j) {
+					t.Errorf(name+": capability %q wasn't found on %q", j, i)
+				}
+			}
+		}
+	}
+
+	capf := new(capsFile)
+	capf.data.version = 2
+	for _, tc := range []struct {
+		name string
+		c    Capabilities
+		sets CapType
+		max  Cap
+	}{
+		{"v1", new(capsV1), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
+		{"v3", new(capsV3), EFFECTIVE | PERMITTED | BOUNDING, CAP_LAST_CAP},
+		{"file_v1", new(capsFile), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
+		{"file_v2", capf, EFFECTIVE | PERMITTED, CAP_LAST_CAP},
+	} {
+		testEmpty(tc.name, tc.c, tc.sets)
+		tc.c.Fill(CAPS | BOUNDS)
+		testFull(tc.name, tc.c, tc.sets)
+		testGet(tc.name, tc.c, tc.sets, tc.max)
+		tc.c.Clear(CAPS | BOUNDS)
+		testEmpty(tc.name, tc.c, tc.sets)
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
+				tc.c.Set(i, j)
+			}
+		}
+		testFull(tc.name, tc.c, tc.sets)
+		testGet(tc.name, tc.c, tc.sets, tc.max)
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
+				tc.c.Unset(i, j)
+			}
+		}
+		testEmpty(tc.name, tc.c, tc.sets)
+		tc.c.Set(PERMITTED, CAP_CHOWN)
+		testPartial(tc.name, tc.c, PERMITTED)
+		tc.c.Clear(CAPS | BOUNDS)
+		testEmpty(tc.name, tc.c, tc.sets)
+	}
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
new file mode 100644
index 0000000000..e2900a4e93
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
@@ -0,0 +1,338 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package capability
+
+type CapType uint
+
+func (c CapType) String() string {
+	switch c {
+	case EFFECTIVE:
+		return "effective"
+	case PERMITTED:
+		return "permitted"
+	case INHERITABLE:
+		return "inheritable"
+	case BOUNDING:
+		return "bounding"
+	case CAPS:
+		return "caps"
+	}
+	return "unknown"
+}
+
+const (
+	EFFECTIVE CapType = 1 << iota
+	PERMITTED
+	INHERITABLE
+	BOUNDING
+
+	CAPS   = EFFECTIVE | PERMITTED | INHERITABLE
+	BOUNDS = BOUNDING
+)
+
+type Cap int
+
+func (c Cap) String() string {
+	switch c {
+	case CAP_CHOWN:
+		return "chown"
+	case CAP_DAC_OVERRIDE:
+		return "dac_override"
+	case CAP_DAC_READ_SEARCH:
+		return "dac_read_search"
+	case CAP_FOWNER:
+		return "fowner"
+	case CAP_FSETID:
+		return "fsetid"
+	case CAP_KILL:
+		return "kill"
+	case CAP_SETGID:
+		return "setgid"
+	case CAP_SETUID:
+		return "setuid"
+	case CAP_SETPCAP:
+		return "setpcap"
+	case CAP_LINUX_IMMUTABLE:
+		return "linux_immutable"
+	case CAP_NET_BIND_SERVICE:
+		return "net_bind_service"
+	case CAP_NET_BROADCAST:
+		return "net_broadcast"
+	case CAP_NET_ADMIN:
+		return "net_admin"
+	case CAP_NET_RAW:
+		return "net_raw"
+	case CAP_IPC_LOCK:
+		return "ipc_lock"
+	case CAP_IPC_OWNER:
+		return "ipc_owner"
+	case CAP_SYS_MODULE:
+		return "sys_module"
+	case CAP_SYS_RAWIO:
+		return "sys_rawio"
+	case CAP_SYS_CHROOT:
+		return "sys_chroot"
+	case CAP_SYS_PTRACE:
+		return "sys_ptrace"
+	case CAP_SYS_PACCT:
+		return "sys_psacct"
+	case CAP_SYS_ADMIN:
+		return "sys_admin"
+	case CAP_SYS_BOOT:
+		return "sys_boot"
+	case CAP_SYS_NICE:
+		return "sys_nice"
+	case CAP_SYS_RESOURCE:
+		return "sys_resource"
+	case CAP_SYS_TIME:
+		return "sys_time"
+	case CAP_SYS_TTY_CONFIG:
+		return "sys_tty_config"
+	case CAP_MKNOD:
+		return "mknod"
+	case CAP_LEASE:
+		return "lease"
+	case CAP_AUDIT_WRITE:
+		return "audit_write"
+	case CAP_AUDIT_CONTROL:
+		return "audit_control"
+	case CAP_SETFCAP:
+		return "setfcap"
+	case CAP_MAC_OVERRIDE:
+		return "mac_override"
+	case CAP_MAC_ADMIN:
+		return "mac_admin"
+	case CAP_SYSLOG:
+		return "syslog"
+	case CAP_WAKE_ALARM:
+		return "wake_alarm"
+	case CAP_BLOCK_SUSPEND:
+		return "block_suspend"
+	}
+	return "unknown"
+}
+
+const (
+	// POSIX-draft defined capabilities.
+
+	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
+	// overrides the restriction of changing file ownership and group
+	// ownership.
+	CAP_CHOWN Cap = 0
+
+	// Override all DAC access, including ACL execute access if
+	// [_POSIX_ACL] is defined. Excluding DAC access covered by
+	// CAP_LINUX_IMMUTABLE.
+	CAP_DAC_OVERRIDE Cap = 1
+
+	// Overrides all DAC restrictions regarding read and search on files
+	// and directories, including ACL restrictions if [_POSIX_ACL] is
+	// defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
+	CAP_DAC_READ_SEARCH Cap = 2
+
+	// Overrides all restrictions about allowed operations on files, where
+	// file owner ID must be equal to the user ID, except where CAP_FSETID
+	// is applicable. It doesn't override MAC and DAC restrictions.
+	CAP_FOWNER Cap = 3
+
+	// Overrides the following restrictions that the effective user ID
+	// shall match the file owner ID when setting the S_ISUID and S_ISGID
+	// bits on that file; that the effective group ID (or one of the
+	// supplementary group IDs) shall match the file owner ID when setting
+	// the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
+	// cleared on successful return from chown(2) (not implemented).
+	CAP_FSETID Cap = 4
+
+	// Overrides the restriction that the real or effective user ID of a
+	// process sending a signal must match the real or effective user ID
+	// of the process receiving the signal.
+	CAP_KILL Cap = 5
+
+	// Allows setgid(2) manipulation
+	// Allows setgroups(2)
+	// Allows forged gids on socket credentials passing.
+	CAP_SETGID Cap = 6
+
+	// Allows set*uid(2) manipulation (including fsuid).
+	// Allows forged pids on socket credentials passing.
+	CAP_SETUID Cap = 7
+
+	// Linux-specific capabilities
+
+	// Without VFS support for capabilities:
+	//   Transfer any capability in your permitted set to any pid,
+	//   remove any capability in your permitted set from any pid
+	// With VFS support for capabilities (neither of above, but)
+	//   Add any capability from current's capability bounding set
+	//     to the current process' inheritable set
+	//   Allow taking bits out of capability bounding set
+	//   Allow modification of the securebits for a process
+	CAP_SETPCAP Cap = 8
+
+	// Allow modification of S_IMMUTABLE and S_APPEND file attributes
+	CAP_LINUX_IMMUTABLE Cap = 9
+
+	// Allows binding to TCP/UDP sockets below 1024
+	// Allows binding to ATM VCIs below 32
+	CAP_NET_BIND_SERVICE Cap = 10
+
+	// Allow broadcasting, listen to multicast
+	CAP_NET_BROADCAST Cap = 11
+
+	// Allow interface configuration
+	// Allow administration of IP firewall, masquerading and accounting
+	// Allow setting debug option on sockets
+	// Allow modification of routing tables
+	// Allow setting arbitrary process / process group ownership on
+	// sockets
+	// Allow binding to any address for transparent proxying (also via NET_RAW)
+	// Allow setting TOS (type of service)
+	// Allow setting promiscuous mode
+	// Allow clearing driver statistics
+	// Allow multicasting
+	// Allow read/write of device-specific registers
+	// Allow activation of ATM control sockets
+	CAP_NET_ADMIN Cap = 12
+
+	// Allow use of RAW sockets
+	// Allow use of PACKET sockets
+	// Allow binding to any address for transparent proxying (also via NET_ADMIN)
+	CAP_NET_RAW Cap = 13
+
+	// Allow locking of shared memory segments
+	// Allow mlock and mlockall (which doesn't really have anything to do
+	// with IPC)
+	CAP_IPC_LOCK Cap = 14
+
+	// Override IPC ownership checks
+	CAP_IPC_OWNER Cap = 15
+
+	// Insert and remove kernel modules - modify kernel without limit
+	CAP_SYS_MODULE Cap = 16
+
+	// Allow ioperm/iopl access
+	// Allow sending USB messages to any device via /proc/bus/usb
+	CAP_SYS_RAWIO Cap = 17
+
+	// Allow use of chroot()
+	CAP_SYS_CHROOT Cap = 18
+
+	// Allow ptrace() of any process
+	CAP_SYS_PTRACE Cap = 19
+
+	// Allow configuration of process accounting
+	CAP_SYS_PACCT Cap = 20
+
+	// Allow configuration of the secure attention key
+	// Allow administration of the random device
+	// Allow examination and configuration of disk quotas
+	// Allow setting the domainname
+	// Allow setting the hostname
+	// Allow calling bdflush()
+	// Allow mount() and umount(), setting up new smb connection
+	// Allow some autofs root ioctls
+	// Allow nfsservctl
+	// Allow VM86_REQUEST_IRQ
+	// Allow to read/write pci config on alpha
+	// Allow irix_prctl on mips (setstacksize)
+	// Allow flushing all cache on m68k (sys_cacheflush)
+	// Allow removing semaphores
+	// Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
+	// and shared memory
+	// Allow locking/unlocking of shared memory segment
+	// Allow turning swap on/off
+	// Allow forged pids on socket credentials passing
+	// Allow setting readahead and flushing buffers on block devices
+	// Allow setting geometry in floppy driver
+	// Allow turning DMA on/off in xd driver
+	// Allow administration of md devices (mostly the above, but some
+	// extra ioctls)
+	// Allow tuning the ide driver
+	// Allow access to the nvram device
+	// Allow administration of apm_bios, serial and bttv (TV) device
+	// Allow manufacturer commands in isdn CAPI support driver
+	// Allow reading non-standardized portions of pci configuration space
+	// Allow DDI debug ioctl on sbpcd driver
+	// Allow setting up serial ports
+	// Allow sending raw qic-117 commands
+	// Allow enabling/disabling tagged queuing on SCSI controllers and sending
+	// arbitrary SCSI commands
+	// Allow setting encryption key on loopback filesystem
+	// Allow setting zone reclaim policy
+	CAP_SYS_ADMIN Cap = 21
+
+	// Allow use of reboot()
+	CAP_SYS_BOOT Cap = 22
+
+	// Allow raising priority and setting priority on other (different
+	// UID) processes
+	// Allow use of FIFO and round-robin (realtime) scheduling on own
+	// processes and setting the scheduling algorithm used by another
+	// process.
+	// Allow setting cpu affinity on other processes
+	CAP_SYS_NICE Cap = 23
+
+	// Override resource limits. Set resource limits.
+	// Override quota limits.
+	// Override reserved space on ext2 filesystem
+	// Modify data journaling mode on ext3 filesystem (uses journaling
+	// resources)
+	// NOTE: ext2 honors fsuid when checking for resource overrides, so
+	// you can override using fsuid too
+	// Override size restrictions on IPC message queues
+	// Allow more than 64hz interrupts from the real-time clock
+	// Override max number of consoles on console allocation
+	// Override max number of keymaps
+	CAP_SYS_RESOURCE Cap = 24
+
+	// Allow manipulation of system clock
+	// Allow irix_stime on mips
+	// Allow setting the real-time clock
+	CAP_SYS_TIME Cap = 25
+
+	// Allow configuration of tty devices
+	// Allow vhangup() of tty
+	CAP_SYS_TTY_CONFIG Cap = 26
+
+	// Allow the privileged aspects of mknod()
+	CAP_MKNOD Cap = 27
+
+	// Allow taking of leases on files
+	CAP_LEASE Cap = 28
+
+	CAP_AUDIT_WRITE   Cap = 29
+	CAP_AUDIT_CONTROL Cap = 30
+	CAP_SETFCAP       Cap = 31
+
+	// Override MAC access.
+	// The base kernel enforces no MAC policy.
+	// An LSM may enforce a MAC policy, and if it does and it chooses
+	// to implement capability based overrides of that policy, this is
+	// the capability it should use to do so.
+	CAP_MAC_OVERRIDE Cap = 32
+
+	// Allow MAC configuration or state changes.
+	// The base kernel requires no MAC configuration.
+	// An LSM may enforce a MAC policy, and if it does and it chooses
+	// to implement capability based checks on modifications to that
+	// policy or the data required to maintain it, this is the
+	// capability it should use to do so.
+	CAP_MAC_ADMIN Cap = 33
+
+	// Allow configuring the kernel's syslog (printk behaviour)
+	CAP_SYSLOG Cap = 34
+
+	// Allow triggering something that will wake the system
+	CAP_WAKE_ALARM Cap = 35
+
+	// Allow preventing system suspends
+	CAP_BLOCK_SUSPEND Cap = 36
+
+	CAP_LAST_CAP = CAP_BLOCK_SUSPEND
+)
+
+const capUpperMask = (uint32(1) << (uint(CAP_LAST_CAP) - 31)) - 1
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go
new file mode 100644
index 0000000000..c18e6f6918
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go
@@ -0,0 +1,143 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package capability
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+type capHeader struct {
+	version uint32
+	pid     int
+}
+
+type capData struct {
+	effective   uint32
+	permitted   uint32
+	inheritable uint32
+}
+
+func capget(hdr *capHeader, data *capData) (err error) {
+	_, _, e1 := syscall.Syscall(syscall.SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func capset(hdr *capHeader, data *capData) (err error) {
+	_, _, e1 := syscall.Syscall(syscall.SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+func prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
+	_, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+const (
+	vfsXattrName = "security.capability"
+
+	vfsCapVerMask = 0xff000000
+	vfsCapVer1    = 0x01000000
+	vfsCapVer2    = 0x02000000
+
+	vfsCapFlagMask      = ^vfsCapVerMask
+	vfsCapFlageffective = 0x000001
+
+	vfscapDataSizeV1 = 4 * (1 + 2*1)
+	vfscapDataSizeV2 = 4 * (1 + 2*2)
+)
+
+type vfscapData struct {
+	magic uint32
+	data  [2]struct {
+		permitted   uint32
+		inheritable uint32
+	}
+	effective [2]uint32
+	version   int8
+}
+
+var (
+	_vfsXattrName *byte
+)
+
+func init() {
+	_vfsXattrName, _ = syscall.BytePtrFromString(vfsXattrName)
+}
+
+func getVfsCap(path string, dest *vfscapData) (err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(dest)), vfscapDataSizeV2, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	switch dest.magic & vfsCapVerMask {
+	case vfsCapVer1:
+		dest.version = 1
+		if r0 != vfscapDataSizeV1 {
+			return syscall.EINVAL
+		}
+		dest.data[1].permitted = 0
+		dest.data[1].inheritable = 0
+	case vfsCapVer2:
+		dest.version = 2
+		if r0 != vfscapDataSizeV2 {
+			return syscall.EINVAL
+		}
+	default:
+		return syscall.EINVAL
+	}
+	if dest.magic&vfsCapFlageffective != 0 {
+		dest.effective[0] = dest.data[0].permitted | dest.data[0].inheritable
+		dest.effective[1] = dest.data[1].permitted | dest.data[1].inheritable
+	} else {
+		dest.effective[0] = 0
+		dest.effective[1] = 0
+	}
+	return
+}
+
+func setVfsCap(path string, data *vfscapData) (err error) {
+	var _p0 *byte
+	_p0, err = syscall.BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var size uintptr
+	if data.version == 1 {
+		data.magic = vfsCapVer1
+		size = vfscapDataSizeV1
+	} else if data.version == 2 {
+		data.magic = vfsCapVer2
+		if data.effective[0] != 0 || data.effective[1] != 0 {
+			data.magic |= vfsCapFlageffective
+			data.data[0].permitted |= data.effective[0]
+			data.data[1].permitted |= data.effective[1]
+		}
+		size = vfscapDataSizeV2
+	} else {
+		return syscall.EINVAL
+	}
+	_, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(data)), size, 0, 0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}

From 44d7ee420c8e81cf91734fe2201b9c9576231661 Mon Sep 17 00:00:00 2001
From: Hollie Teal <hollietealok@users.noreply.github.com>
Date: Tue, 5 Aug 2014 19:06:52 -0700
Subject: [PATCH 356/516] Made requested changes (capitalization)
 Upstream-commit: 4d0527856ca4bd0037313f02a3487845af97330e Component: engine

---
 components/engine/docs/sources/docker-hub/builds.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 937912ec71..3d8159b451 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -60,7 +60,7 @@ from any of your public or private GitHub repositories with a `Dockerfile`.
 
 ### Github Submodules
 
-If your repository contains links to private submodules, you'll need to add a deploy key so that the Docker Hub will be able to clone the repository from Github. 
+If your repository contains links to private submodules, you'll need to add a deploy key so that the Docker Hub will be able to clone the repository from GitHub. 
 
 Your Docker Hub deploy key is located under the "Build Details" menu on the automated build's main page in the Hub. Add this key to your GitHub submodule by viewing the Settings page for the repository on GitHub and selecting "Deploy keys".
 
@@ -81,7 +81,7 @@ Your Docker Hub deploy key is located under the "Build Details" menu on the auto
     <tr>
       <td>2.</td>
       <td><img src="/docker-hub/hub-images/github_deploy_key.png"></td>
-      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub automated build.</td>
+      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub Automated Build.</td>
     </tr>
   </tbody>
 </table>

From a062aab14b81f514b7533acc2daf6b7212597791 Mon Sep 17 00:00:00 2001
From: Marc Tamsky <mtamsky@gmail.com>
Date: Tue, 5 Aug 2014 19:28:07 -0700
Subject: [PATCH 357/516] add warning re: changing value of `dm.basesize`.

Signed-off-by: Marc Tamsky <mtamsky@gmail.com> (github: tamsky)
Upstream-commit: bd30746e07e18942cea4f2d15a45fd357c957e4f
Component: engine
---
 components/engine/daemon/graphdriver/devmapper/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/graphdriver/devmapper/README.md b/components/engine/daemon/graphdriver/devmapper/README.md
index bf6f2c792c..f8eb2faca7 100644
--- a/components/engine/daemon/graphdriver/devmapper/README.md
+++ b/components/engine/daemon/graphdriver/devmapper/README.md
@@ -43,7 +43,11 @@ Here is the list of supported options:
     10G. Note, thin devices are inherently "sparse", so a 10G device
     which is mostly empty doesn't use 10 GB of space on the
     pool. However, the filesystem will use more space for the empty
-    case the larger the device is.
+    case the larger the device is. **Warning**: This value affects the
+    system-wide "base" empty filesystem that may already be
+    initialized and inherited by pulled images.  Typically, a change
+    to this value will require additional steps to take effect: 1)
+    stop `docker -d`, 2) `rm -rf /var/lib/docker`, 3) start `docker -d`.
 
     Example use:
 

From 854e47bfb8be32814ec0b07ecdc6528cf5d9c496 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 04:08:25 +0000
Subject: [PATCH 358/516] Move "image_export" to graph/export.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 6e28d11d1fde757cf5b9418a2e752717d854f3f3
Component: engine
---
 components/engine/graph/export.go  | 147 +++++++++++++++++++++++++++++
 components/engine/graph/service.go |   1 +
 components/engine/server/image.go  | 132 --------------------------
 components/engine/server/init.go   |   1 -
 4 files changed, 148 insertions(+), 133 deletions(-)
 create mode 100644 components/engine/graph/export.go

diff --git a/components/engine/graph/export.go b/components/engine/graph/export.go
new file mode 100644
index 0000000000..81b78ca50d
--- /dev/null
+++ b/components/engine/graph/export.go
@@ -0,0 +1,147 @@
+package graph
+
+import (
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/utils"
+)
+
+// CmdImageExport exports all images with the given tag. All versions
+// containing the same tag are exported. The resulting output is an
+// uncompressed tar ball.
+// name is the set of tags to export.
+// out is the writer where the images are written to.
+func (s *TagStore) CmdImageExport(job *engine.Job) engine.Status {
+	if len(job.Args) != 1 {
+		return job.Errorf("Usage: %s IMAGE\n", job.Name)
+	}
+	name := job.Args[0]
+	// get image json
+	tempdir, err := ioutil.TempDir("", "docker-export-")
+	if err != nil {
+		return job.Error(err)
+	}
+	defer os.RemoveAll(tempdir)
+
+	utils.Debugf("Serializing %s", name)
+
+	rootRepoMap := map[string]Repository{}
+	rootRepo, err := s.Get(name)
+	if err != nil {
+		return job.Error(err)
+	}
+	if rootRepo != nil {
+		// this is a base repo name, like 'busybox'
+
+		for _, id := range rootRepo {
+			if err := s.exportImage(job.Eng, id, tempdir); err != nil {
+				return job.Error(err)
+			}
+		}
+		rootRepoMap[name] = rootRepo
+	} else {
+		img, err := s.LookupImage(name)
+		if err != nil {
+			return job.Error(err)
+		}
+		if img != nil {
+			// This is a named image like 'busybox:latest'
+			repoName, repoTag := parsers.ParseRepositoryTag(name)
+			if err := s.exportImage(job.Eng, img.ID, tempdir); err != nil {
+				return job.Error(err)
+			}
+			// check this length, because a lookup of a truncated has will not have a tag
+			// and will not need to be added to this map
+			if len(repoTag) > 0 {
+				rootRepoMap[repoName] = Repository{repoTag: img.ID}
+			}
+		} else {
+			// this must be an ID that didn't get looked up just right?
+			if err := s.exportImage(job.Eng, name, tempdir); err != nil {
+				return job.Error(err)
+			}
+		}
+	}
+	// write repositories, if there is something to write
+	if len(rootRepoMap) > 0 {
+		rootRepoJson, _ := json.Marshal(rootRepoMap)
+
+		if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil {
+			return job.Error(err)
+		}
+	} else {
+		utils.Debugf("There were no repositories to write")
+	}
+
+	fs, err := archive.Tar(tempdir, archive.Uncompressed)
+	if err != nil {
+		return job.Error(err)
+	}
+	defer fs.Close()
+
+	if _, err := io.Copy(job.Stdout, fs); err != nil {
+		return job.Error(err)
+	}
+	utils.Debugf("End Serializing %s", name)
+	return engine.StatusOK
+}
+
+// FIXME: this should be a top-level function, not a class method
+func (s *TagStore) exportImage(eng *engine.Engine, name, tempdir string) error {
+	for n := name; n != ""; {
+		// temporary directory
+		tmpImageDir := path.Join(tempdir, n)
+		if err := os.Mkdir(tmpImageDir, os.FileMode(0755)); err != nil {
+			if os.IsExist(err) {
+				return nil
+			}
+			return err
+		}
+
+		var version = "1.0"
+		var versionBuf = []byte(version)
+
+		if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.FileMode(0644)); err != nil {
+			return err
+		}
+
+		// serialize json
+		json, err := os.Create(path.Join(tmpImageDir, "json"))
+		if err != nil {
+			return err
+		}
+		job := eng.Job("image_inspect", n)
+		job.SetenvBool("raw", true)
+		job.Stdout.Add(json)
+		if err := job.Run(); err != nil {
+			return err
+		}
+
+		// serialize filesystem
+		fsTar, err := os.Create(path.Join(tmpImageDir, "layer.tar"))
+		if err != nil {
+			return err
+		}
+		job = eng.Job("image_tarlayer", n)
+		job.Stdout.Add(fsTar)
+		if err := job.Run(); err != nil {
+			return err
+		}
+
+		// find parent
+		job = eng.Job("image_get", n)
+		info, _ := job.Stdout.AddEnv()
+		if err := job.Run(); err != nil {
+			return err
+		}
+		n = info.Get("Parent")
+	}
+	return nil
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 75c2b5c846..a2642cce8c 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -15,6 +15,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("image_get", s.CmdGet)
 	eng.Register("image_inspect", s.CmdLookup)
 	eng.Register("image_tarlayer", s.CmdTarLayer)
+	eng.Register("image_export", s.CmdImageExport)
 	return nil
 }
 
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index acc8794985..37060dd009 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -30,138 +30,6 @@ import (
 	"github.com/docker/docker/utils"
 )
 
-// ImageExport exports all images with the given tag. All versions
-// containing the same tag are exported. The resulting output is an
-// uncompressed tar ball.
-// name is the set of tags to export.
-// out is the writer where the images are written to.
-func (srv *Server) ImageExport(job *engine.Job) engine.Status {
-	if len(job.Args) != 1 {
-		return job.Errorf("Usage: %s IMAGE\n", job.Name)
-	}
-	name := job.Args[0]
-	// get image json
-	tempdir, err := ioutil.TempDir("", "docker-export-")
-	if err != nil {
-		return job.Error(err)
-	}
-	defer os.RemoveAll(tempdir)
-
-	utils.Debugf("Serializing %s", name)
-
-	rootRepoMap := map[string]graph.Repository{}
-	rootRepo, err := srv.daemon.Repositories().Get(name)
-	if err != nil {
-		return job.Error(err)
-	}
-	if rootRepo != nil {
-		// this is a base repo name, like 'busybox'
-
-		for _, id := range rootRepo {
-			if err := srv.exportImage(job.Eng, id, tempdir); err != nil {
-				return job.Error(err)
-			}
-		}
-		rootRepoMap[name] = rootRepo
-	} else {
-		img, err := srv.daemon.Repositories().LookupImage(name)
-		if err != nil {
-			return job.Error(err)
-		}
-		if img != nil {
-			// This is a named image like 'busybox:latest'
-			repoName, repoTag := parsers.ParseRepositoryTag(name)
-			if err := srv.exportImage(job.Eng, img.ID, tempdir); err != nil {
-				return job.Error(err)
-			}
-			// check this length, because a lookup of a truncated has will not have a tag
-			// and will not need to be added to this map
-			if len(repoTag) > 0 {
-				rootRepoMap[repoName] = graph.Repository{repoTag: img.ID}
-			}
-		} else {
-			// this must be an ID that didn't get looked up just right?
-			if err := srv.exportImage(job.Eng, name, tempdir); err != nil {
-				return job.Error(err)
-			}
-		}
-	}
-	// write repositories, if there is something to write
-	if len(rootRepoMap) > 0 {
-		rootRepoJson, _ := json.Marshal(rootRepoMap)
-
-		if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil {
-			return job.Error(err)
-		}
-	} else {
-		utils.Debugf("There were no repositories to write")
-	}
-
-	fs, err := archive.Tar(tempdir, archive.Uncompressed)
-	if err != nil {
-		return job.Error(err)
-	}
-	defer fs.Close()
-
-	if _, err := io.Copy(job.Stdout, fs); err != nil {
-		return job.Error(err)
-	}
-	utils.Debugf("End Serializing %s", name)
-	return engine.StatusOK
-}
-
-func (srv *Server) exportImage(eng *engine.Engine, name, tempdir string) error {
-	for n := name; n != ""; {
-		// temporary directory
-		tmpImageDir := path.Join(tempdir, n)
-		if err := os.Mkdir(tmpImageDir, os.FileMode(0755)); err != nil {
-			if os.IsExist(err) {
-				return nil
-			}
-			return err
-		}
-
-		var version = "1.0"
-		var versionBuf = []byte(version)
-
-		if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.FileMode(0644)); err != nil {
-			return err
-		}
-
-		// serialize json
-		json, err := os.Create(path.Join(tmpImageDir, "json"))
-		if err != nil {
-			return err
-		}
-		job := eng.Job("image_inspect", n)
-		job.SetenvBool("raw", true)
-		job.Stdout.Add(json)
-		if err := job.Run(); err != nil {
-			return err
-		}
-
-		// serialize filesystem
-		fsTar, err := os.Create(path.Join(tmpImageDir, "layer.tar"))
-		if err != nil {
-			return err
-		}
-		job = eng.Job("image_tarlayer", n)
-		job.Stdout.Add(fsTar)
-		if err := job.Run(); err != nil {
-			return err
-		}
-
-		// find parent
-		job = eng.Job("image_get", n)
-		info, _ := job.Stdout.AddEnv()
-		if err := job.Run(); err != nil {
-			return err
-		}
-		n = info.Get("Parent")
-	}
-	return nil
-}
-
 func (srv *Server) Build(job *engine.Job) engine.Status {
 	if len(job.Args) != 0 {
 		return job.Errorf("Usage: %s\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index cbe5340f21..760e9dbefd 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -88,7 +88,6 @@ func InitServer(job *engine.Job) engine.Status {
 	for name, handler := range map[string]engine.Handler{
 		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
 		"info":         srv.DockerInfo,
-		"image_export": srv.ImageExport,
 		"images":       srv.Images,
 		"history":      srv.ImageHistory,
 		"viz":          srv.ImagesViz,

From bd46934d5ad676fce102103ccff528505a07d27d Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 04:50:25 +0000
Subject: [PATCH 359/516] Move "image_history" to graph/history.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 55235e121eb2924488508f70b8f30e0e9905d85e
Component: engine
---
 components/engine/graph/history.go | 46 ++++++++++++++++++++++++++++++
 components/engine/graph/service.go |  1 +
 components/engine/server/image.go  | 37 ------------------------
 components/engine/server/init.go   |  1 -
 4 files changed, 47 insertions(+), 38 deletions(-)
 create mode 100644 components/engine/graph/history.go

diff --git a/components/engine/graph/history.go b/components/engine/graph/history.go
new file mode 100644
index 0000000000..2030c4c789
--- /dev/null
+++ b/components/engine/graph/history.go
@@ -0,0 +1,46 @@
+package graph
+
+import (
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+)
+
+func (s *TagStore) CmdHistory(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	name := job.Args[0]
+	foundImage, err := s.LookupImage(name)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	lookupMap := make(map[string][]string)
+	for name, repository := range s.Repositories {
+		for tag, id := range repository {
+			// If the ID already has a reverse lookup, do not update it unless for "latest"
+			if _, exists := lookupMap[id]; !exists {
+				lookupMap[id] = []string{}
+			}
+			lookupMap[id] = append(lookupMap[id], name+":"+tag)
+		}
+	}
+
+	outs := engine.NewTable("Created", 0)
+	err = foundImage.WalkHistory(func(img *image.Image) error {
+		out := &engine.Env{}
+		out.Set("Id", img.ID)
+		out.SetInt64("Created", img.Created.Unix())
+		out.Set("CreatedBy", strings.Join(img.ContainerConfig.Cmd, " "))
+		out.SetList("Tags", lookupMap[img.ID])
+		out.SetInt64("Size", img.Size)
+		outs.Add(out)
+		return nil
+	})
+	if _, err := outs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index a2642cce8c..bab02c3981 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -16,6 +16,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("image_inspect", s.CmdLookup)
 	eng.Register("image_tarlayer", s.CmdTarLayer)
 	eng.Register("image_export", s.CmdImageExport)
+	eng.Register("history", s.CmdHistory)
 	return nil
 }
 
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 37060dd009..99b8e62e69 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -335,43 +335,6 @@ func (srv *Server) Images(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	name := job.Args[0]
-	foundImage, err := srv.daemon.Repositories().LookupImage(name)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	lookupMap := make(map[string][]string)
-	for name, repository := range srv.daemon.Repositories().Repositories {
-		for tag, id := range repository {
-			// If the ID already has a reverse lookup, do not update it unless for "latest"
-			if _, exists := lookupMap[id]; !exists {
-				lookupMap[id] = []string{}
-			}
-			lookupMap[id] = append(lookupMap[id], name+":"+tag)
-		}
-	}
-
-	outs := engine.NewTable("Created", 0)
-	err = foundImage.WalkHistory(func(img *image.Image) error {
-		out := &engine.Env{}
-		out.Set("Id", img.ID)
-		out.SetInt64("Created", img.Created.Unix())
-		out.Set("CreatedBy", strings.Join(img.ContainerConfig.Cmd, " "))
-		out.SetList("Tags", lookupMap[img.ID])
-		out.SetInt64("Size", img.Size)
-		outs.Add(out)
-		return nil
-	})
-	if _, err := outs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
 func (srv *Server) ImageTag(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 && len(job.Args) != 3 {
 		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 760e9dbefd..6ae1329387 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -89,7 +89,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
 		"info":         srv.DockerInfo,
 		"images":       srv.Images,
-		"history":      srv.ImageHistory,
 		"viz":          srv.ImagesViz,
 		"log":          srv.Log,
 		"load":         srv.ImageLoad,

From b81d1a35611cf9c48a6592385d9b579bc2bc1031 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 05:02:51 +0000
Subject: [PATCH 360/516] Move "images" to graph/list.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 51dd68d65949b4b542d65e4de2f1b18550c9cff1
Component: engine
---
 components/engine/graph/list.go    | 103 +++++++++++++++++++++++++++++
 components/engine/graph/service.go |   1 +
 components/engine/server/image.go  |  93 --------------------------
 components/engine/server/init.go   |   1 -
 4 files changed, 104 insertions(+), 94 deletions(-)
 create mode 100644 components/engine/graph/list.go

diff --git a/components/engine/graph/list.go b/components/engine/graph/list.go
new file mode 100644
index 0000000000..0e0e97e447
--- /dev/null
+++ b/components/engine/graph/list.go
@@ -0,0 +1,103 @@
+package graph
+
+import (
+	"fmt"
+	"log"
+	"path"
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/parsers/filters"
+)
+
+func (s *TagStore) CmdImages(job *engine.Job) engine.Status {
+	var (
+		allImages   map[string]*image.Image
+		err         error
+		filt_tagged = true
+	)
+
+	imageFilters, err := filters.FromParam(job.Getenv("filters"))
+	if err != nil {
+		return job.Error(err)
+	}
+	if i, ok := imageFilters["dangling"]; ok {
+		for _, value := range i {
+			if strings.ToLower(value) == "true" {
+				filt_tagged = false
+			}
+		}
+	}
+
+	if job.GetenvBool("all") && filt_tagged {
+		allImages, err = s.graph.Map()
+	} else {
+		allImages, err = s.graph.Heads()
+	}
+	if err != nil {
+		return job.Error(err)
+	}
+	lookup := make(map[string]*engine.Env)
+	s.Lock()
+	for name, repository := range s.Repositories {
+		if job.Getenv("filter") != "" {
+			if match, _ := path.Match(job.Getenv("filter"), name); !match {
+				continue
+			}
+		}
+		for tag, id := range repository {
+			image, err := s.graph.Get(id)
+			if err != nil {
+				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
+				continue
+			}
+
+			if out, exists := lookup[id]; exists {
+				if filt_tagged {
+					out.SetList("RepoTags", append(out.GetList("RepoTags"), fmt.Sprintf("%s:%s", name, tag)))
+				}
+			} else {
+				// get the boolean list for if only the untagged images are requested
+				delete(allImages, id)
+				if filt_tagged {
+					out := &engine.Env{}
+					out.Set("ParentId", image.Parent)
+					out.SetList("RepoTags", []string{fmt.Sprintf("%s:%s", name, tag)})
+					out.Set("Id", image.ID)
+					out.SetInt64("Created", image.Created.Unix())
+					out.SetInt64("Size", image.Size)
+					out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
+					lookup[id] = out
+				}
+			}
+
+		}
+	}
+	s.Unlock()
+
+	outs := engine.NewTable("Created", len(lookup))
+	for _, value := range lookup {
+		outs.Add(value)
+	}
+
+	// Display images which aren't part of a repository/tag
+	if job.Getenv("filter") == "" {
+		for _, image := range allImages {
+			out := &engine.Env{}
+			out.Set("ParentId", image.Parent)
+			out.SetList("RepoTags", []string{"<none>:<none>"})
+			out.Set("Id", image.ID)
+			out.SetInt64("Created", image.Created.Unix())
+			out.SetInt64("Size", image.Size)
+			out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
+			outs.Add(out)
+		}
+	}
+
+	outs.ReverseSort()
+	if _, err := outs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index bab02c3981..0577e5d6bb 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -17,6 +17,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("image_tarlayer", s.CmdTarLayer)
 	eng.Register("image_export", s.CmdImageExport)
 	eng.Register("history", s.CmdHistory)
+	eng.Register("images", s.CmdImages)
 	return nil
 }
 
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 99b8e62e69..010851d12e 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -9,7 +9,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"net"
 	"net/http"
 	"net/url"
@@ -25,7 +24,6 @@ import (
 	"github.com/docker/docker/graph"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/pkg/parsers/filters"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
 )
@@ -244,97 +242,6 @@ func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) Images(job *engine.Job) engine.Status {
-	var (
-		allImages   map[string]*image.Image
-		err         error
-		filt_tagged = true
-	)
-
-	imageFilters, err := filters.FromParam(job.Getenv("filters"))
-	if err != nil {
-		return job.Error(err)
-	}
-	if i, ok := imageFilters["dangling"]; ok {
-		for _, value := range i {
-			if strings.ToLower(value) == "true" {
-				filt_tagged = false
-			}
-		}
-	}
-
-	if job.GetenvBool("all") && filt_tagged {
-		allImages, err = srv.daemon.Graph().Map()
-	} else {
-		allImages, err = srv.daemon.Graph().Heads()
-	}
-	if err != nil {
-		return job.Error(err)
-	}
-	lookup := make(map[string]*engine.Env)
-	srv.daemon.Repositories().Lock()
-	for name, repository := range srv.daemon.Repositories().Repositories {
-		if job.Getenv("filter") != "" {
-			if match, _ := path.Match(job.Getenv("filter"), name); !match {
-				continue
-			}
-		}
-		for tag, id := range repository {
-			image, err := srv.daemon.Graph().Get(id)
-			if err != nil {
-				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
-				continue
-			}
-
-			if out, exists := lookup[id]; exists {
-				if filt_tagged {
-					out.SetList("RepoTags", append(out.GetList("RepoTags"), fmt.Sprintf("%s:%s", name, tag)))
-				}
-			} else {
-				// get the boolean list for if only the untagged images are requested
-				delete(allImages, id)
-				if filt_tagged {
-					out := &engine.Env{}
-					out.Set("ParentId", image.Parent)
-					out.SetList("RepoTags", []string{fmt.Sprintf("%s:%s", name, tag)})
-					out.Set("Id", image.ID)
-					out.SetInt64("Created", image.Created.Unix())
-					out.SetInt64("Size", image.Size)
-					out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
-					lookup[id] = out
-				}
-			}
-
-		}
-	}
-	srv.daemon.Repositories().Unlock()
-
-	outs := engine.NewTable("Created", len(lookup))
-	for _, value := range lookup {
-		outs.Add(value)
-	}
-
-	// Display images which aren't part of a repository/tag
-	if job.Getenv("filter") == "" {
-		for _, image := range allImages {
-			out := &engine.Env{}
-			out.Set("ParentId", image.Parent)
-			out.SetList("RepoTags", []string{"<none>:<none>"})
-			out.Set("Id", image.ID)
-			out.SetInt64("Created", image.Created.Unix())
-			out.SetInt64("Size", image.Size)
-			out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
-			outs.Add(out)
-		}
-	}
-
-	outs.ReverseSort()
-	if _, err := outs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) ImageTag(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 && len(job.Args) != 3 {
 		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 6ae1329387..8c79afc64d 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -88,7 +88,6 @@ func InitServer(job *engine.Job) engine.Status {
 	for name, handler := range map[string]engine.Handler{
 		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
 		"info":         srv.DockerInfo,
-		"images":       srv.Images,
 		"viz":          srv.ImagesViz,
 		"log":          srv.Log,
 		"load":         srv.ImageLoad,

From 879d15c342747d57a801e4b27b15e8a5160216db Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 05:11:02 +0000
Subject: [PATCH 361/516] Move "viz" to graph/viz.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 77781440f13b07caa19c835523cbc6591dc1ffa8
Component: engine
---
 components/engine/graph/service.go |  1 +
 components/engine/graph/viz.go     | 38 ++++++++++++++++++++++++++++++
 components/engine/server/image.go  | 30 -----------------------
 components/engine/server/init.go   |  1 -
 4 files changed, 39 insertions(+), 31 deletions(-)
 create mode 100644 components/engine/graph/viz.go

diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 0577e5d6bb..8e6c4108c4 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -18,6 +18,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("image_export", s.CmdImageExport)
 	eng.Register("history", s.CmdHistory)
 	eng.Register("images", s.CmdImages)
+	eng.Register("viz", s.CmdViz)
 	return nil
 }
 
diff --git a/components/engine/graph/viz.go b/components/engine/graph/viz.go
new file mode 100644
index 0000000000..924c22b6a2
--- /dev/null
+++ b/components/engine/graph/viz.go
@@ -0,0 +1,38 @@
+package graph
+
+import (
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+)
+
+func (s *TagStore) CmdViz(job *engine.Job) engine.Status {
+	images, _ := s.graph.Map()
+	if images == nil {
+		return engine.StatusOK
+	}
+	job.Stdout.Write([]byte("digraph docker {\n"))
+
+	var (
+		parentImage *image.Image
+		err         error
+	)
+	for _, image := range images {
+		parentImage, err = image.GetParent()
+		if err != nil {
+			return job.Errorf("Error while getting parent image: %v", err)
+		}
+		if parentImage != nil {
+			job.Stdout.Write([]byte(" \"" + parentImage.ID + "\" -> \"" + image.ID + "\"\n"))
+		} else {
+			job.Stdout.Write([]byte(" base -> \"" + image.ID + "\" [style=invis]\n"))
+		}
+	}
+
+	for id, repos := range s.GetRepoRefs() {
+		job.Stdout.Write([]byte(" \"" + id + "\" [label=\"" + id + "\\n" + strings.Join(repos, "\\n") + "\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n"))
+	}
+	job.Stdout.Write([]byte(" base [style=invisible]\n}\n"))
+	return engine.StatusOK
+}
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 010851d12e..957b33e76b 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -212,36 +212,6 @@ func (srv *Server) recursiveLoad(eng *engine.Engine, address, tmpImageDir string
 	return nil
 }
 
-func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
-	images, _ := srv.daemon.Graph().Map()
-	if images == nil {
-		return engine.StatusOK
-	}
-	job.Stdout.Write([]byte("digraph docker {\n"))
-
-	var (
-		parentImage *image.Image
-		err         error
-	)
-	for _, image := range images {
-		parentImage, err = image.GetParent()
-		if err != nil {
-			return job.Errorf("Error while getting parent image: %v", err)
-		}
-		if parentImage != nil {
-			job.Stdout.Write([]byte(" \"" + parentImage.ID + "\" -> \"" + image.ID + "\"\n"))
-		} else {
-			job.Stdout.Write([]byte(" base -> \"" + image.ID + "\" [style=invis]\n"))
-		}
-	}
-
-	for id, repos := range srv.daemon.Repositories().GetRepoRefs() {
-		job.Stdout.Write([]byte(" \"" + id + "\" [label=\"" + id + "\\n" + strings.Join(repos, "\\n") + "\",shape=box,fillcolor=\"paleturquoise\",style=\"filled,rounded\"];\n"))
-	}
-	job.Stdout.Write([]byte(" base [style=invisible]\n}\n"))
-	return engine.StatusOK
-}
-
 func (srv *Server) ImageTag(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 && len(job.Args) != 3 {
 		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 8c79afc64d..34696f7272 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -88,7 +88,6 @@ func InitServer(job *engine.Job) engine.Status {
 	for name, handler := range map[string]engine.Handler{
 		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
 		"info":         srv.DockerInfo,
-		"viz":          srv.ImagesViz,
 		"log":          srv.Log,
 		"load":         srv.ImageLoad,
 		"build":        srv.Build,

From ffef9dad57b835fe199a88c7f7ce815536b19d0c Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 05:19:23 +0000
Subject: [PATCH 362/516] Move "load" to graph/load.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: f2029f7be19c75ccc291608d1bd07bc0de220276
Component: engine
---
 components/engine/graph/load.go    | 118 +++++++++++++++++++++++++++++
 components/engine/graph/service.go |   1 +
 components/engine/server/image.go  | 105 -------------------------
 components/engine/server/init.go   |   1 -
 4 files changed, 119 insertions(+), 106 deletions(-)
 create mode 100644 components/engine/graph/load.go

diff --git a/components/engine/graph/load.go b/components/engine/graph/load.go
new file mode 100644
index 0000000000..5d84b82c28
--- /dev/null
+++ b/components/engine/graph/load.go
@@ -0,0 +1,118 @@
+package graph
+
+import (
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/utils"
+)
+
+// Loads a set of images into the repository. This is the complementary of ImageExport.
+// The input stream is an uncompressed tar ball containing images and metadata.
+func (s *TagStore) CmdLoad(job *engine.Job) engine.Status {
+	tmpImageDir, err := ioutil.TempDir("", "docker-import-")
+	if err != nil {
+		return job.Error(err)
+	}
+	defer os.RemoveAll(tmpImageDir)
+
+	var (
+		repoTarFile = path.Join(tmpImageDir, "repo.tar")
+		repoDir     = path.Join(tmpImageDir, "repo")
+	)
+
+	tarFile, err := os.Create(repoTarFile)
+	if err != nil {
+		return job.Error(err)
+	}
+	if _, err := io.Copy(tarFile, job.Stdin); err != nil {
+		return job.Error(err)
+	}
+	tarFile.Close()
+
+	repoFile, err := os.Open(repoTarFile)
+	if err != nil {
+		return job.Error(err)
+	}
+	if err := os.Mkdir(repoDir, os.ModeDir); err != nil {
+		return job.Error(err)
+	}
+	if err := archive.Untar(repoFile, repoDir, nil); err != nil {
+		return job.Error(err)
+	}
+
+	dirs, err := ioutil.ReadDir(repoDir)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	for _, d := range dirs {
+		if d.IsDir() {
+			if err := s.recursiveLoad(job.Eng, d.Name(), tmpImageDir); err != nil {
+				return job.Error(err)
+			}
+		}
+	}
+
+	repositoriesJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", "repositories"))
+	if err == nil {
+		repositories := map[string]Repository{}
+		if err := json.Unmarshal(repositoriesJson, &repositories); err != nil {
+			return job.Error(err)
+		}
+
+		for imageName, tagMap := range repositories {
+			for tag, address := range tagMap {
+				if err := s.Set(imageName, tag, address, true); err != nil {
+					return job.Error(err)
+				}
+			}
+		}
+	} else if !os.IsNotExist(err) {
+		return job.Error(err)
+	}
+
+	return engine.StatusOK
+}
+
+func (s *TagStore) recursiveLoad(eng *engine.Engine, address, tmpImageDir string) error {
+	if err := eng.Job("image_get", address).Run(); err != nil {
+		utils.Debugf("Loading %s", address)
+
+		imageJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", address, "json"))
+		if err != nil {
+			utils.Debugf("Error reading json", err)
+			return err
+		}
+
+		layer, err := os.Open(path.Join(tmpImageDir, "repo", address, "layer.tar"))
+		if err != nil {
+			utils.Debugf("Error reading embedded tar", err)
+			return err
+		}
+		img, err := image.NewImgJSON(imageJson)
+		if err != nil {
+			utils.Debugf("Error unmarshalling json", err)
+			return err
+		}
+		if img.Parent != "" {
+			if !s.graph.Exists(img.Parent) {
+				if err := s.recursiveLoad(eng, img.Parent, tmpImageDir); err != nil {
+					return err
+				}
+			}
+		}
+		if err := s.graph.Register(imageJson, layer, img); err != nil {
+			return err
+		}
+	}
+	utils.Debugf("Completed processing %s", address)
+
+	return nil
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 8e6c4108c4..8c61296b1e 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -19,6 +19,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("history", s.CmdHistory)
 	eng.Register("images", s.CmdImages)
 	eng.Register("viz", s.CmdViz)
+	eng.Register("load", s.CmdLoad)
 	return nil
 }
 
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 957b33e76b..8fdc71dc11 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -5,7 +5,6 @@
 package server
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -108,110 +107,6 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-// Loads a set of images into the repository. This is the complementary of ImageExport.
-// The input stream is an uncompressed tar ball containing images and metadata.
-func (srv *Server) ImageLoad(job *engine.Job) engine.Status {
-	tmpImageDir, err := ioutil.TempDir("", "docker-import-")
-	if err != nil {
-		return job.Error(err)
-	}
-	defer os.RemoveAll(tmpImageDir)
-
-	var (
-		repoTarFile = path.Join(tmpImageDir, "repo.tar")
-		repoDir     = path.Join(tmpImageDir, "repo")
-	)
-
-	tarFile, err := os.Create(repoTarFile)
-	if err != nil {
-		return job.Error(err)
-	}
-	if _, err := io.Copy(tarFile, job.Stdin); err != nil {
-		return job.Error(err)
-	}
-	tarFile.Close()
-
-	repoFile, err := os.Open(repoTarFile)
-	if err != nil {
-		return job.Error(err)
-	}
-	if err := os.Mkdir(repoDir, os.ModeDir); err != nil {
-		return job.Error(err)
-	}
-	if err := archive.Untar(repoFile, repoDir, nil); err != nil {
-		return job.Error(err)
-	}
-
-	dirs, err := ioutil.ReadDir(repoDir)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	for _, d := range dirs {
-		if d.IsDir() {
-			if err := srv.recursiveLoad(job.Eng, d.Name(), tmpImageDir); err != nil {
-				return job.Error(err)
-			}
-		}
-	}
-
-	repositoriesJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", "repositories"))
-	if err == nil {
-		repositories := map[string]graph.Repository{}
-		if err := json.Unmarshal(repositoriesJson, &repositories); err != nil {
-			return job.Error(err)
-		}
-
-		for imageName, tagMap := range repositories {
-			for tag, address := range tagMap {
-				if err := srv.daemon.Repositories().Set(imageName, tag, address, true); err != nil {
-					return job.Error(err)
-				}
-			}
-		}
-	} else if !os.IsNotExist(err) {
-		return job.Error(err)
-	}
-
-	return engine.StatusOK
-}
-
-func (srv *Server) recursiveLoad(eng *engine.Engine, address, tmpImageDir string) error {
-	if err := eng.Job("image_get", address).Run(); err != nil {
-		utils.Debugf("Loading %s", address)
-
-		imageJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", address, "json"))
-		if err != nil {
-			utils.Debugf("Error reading json", err)
-			return err
-		}
-
-		layer, err := os.Open(path.Join(tmpImageDir, "repo", address, "layer.tar"))
-		if err != nil {
-			utils.Debugf("Error reading embedded tar", err)
-			return err
-		}
-		img, err := image.NewImgJSON(imageJson)
-		if err != nil {
-			utils.Debugf("Error unmarshalling json", err)
-			return err
-		}
-		if img.Parent != "" {
-			if !srv.daemon.Graph().Exists(img.Parent) {
-				if err := srv.recursiveLoad(eng, img.Parent, tmpImageDir); err != nil {
-					return err
-				}
-			}
-		}
-		if err := srv.daemon.Graph().Register(imageJson, layer, img); err != nil {
-			return err
-		}
-	}
-	utils.Debugf("Completed processing %s", address)
-
-	return nil
-}
-
 func (srv *Server) ImageTag(job *engine.Job) engine.Status {
 	if len(job.Args) != 2 && len(job.Args) != 3 {
 		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 34696f7272..20d7088839 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -89,7 +89,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
 		"info":         srv.DockerInfo,
 		"log":          srv.Log,
-		"load":         srv.ImageLoad,
 		"build":        srv.Build,
 		"pull":         srv.ImagePull,
 		"import":       srv.ImageImport,

From 93595da0a634de0c003bf0d0884ba1151f859637 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 05:29:14 +0000
Subject: [PATCH 363/516] Move "import" to graph/import.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: fa27580cff5f22bcf2a4860b5582c67d275a0e11
Component: engine
---
 components/engine/graph/import.go  | 61 ++++++++++++++++++++++++++++++
 components/engine/graph/service.go |  1 +
 components/engine/server/image.go  | 51 -------------------------
 components/engine/server/init.go   |  1 -
 4 files changed, 62 insertions(+), 52 deletions(-)
 create mode 100644 components/engine/graph/import.go

diff --git a/components/engine/graph/import.go b/components/engine/graph/import.go
new file mode 100644
index 0000000000..049742af45
--- /dev/null
+++ b/components/engine/graph/import.go
@@ -0,0 +1,61 @@
+package graph
+
+import (
+	"net/http"
+	"net/url"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+func (s *TagStore) CmdImport(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 2 && n != 3 {
+		return job.Errorf("Usage: %s SRC REPO [TAG]", job.Name)
+	}
+	var (
+		src     = job.Args[0]
+		repo    = job.Args[1]
+		tag     string
+		sf      = utils.NewStreamFormatter(job.GetenvBool("json"))
+		archive archive.ArchiveReader
+		resp    *http.Response
+	)
+	if len(job.Args) > 2 {
+		tag = job.Args[2]
+	}
+
+	if src == "-" {
+		archive = job.Stdin
+	} else {
+		u, err := url.Parse(src)
+		if err != nil {
+			return job.Error(err)
+		}
+		if u.Scheme == "" {
+			u.Scheme = "http"
+			u.Host = src
+			u.Path = ""
+		}
+		job.Stdout.Write(sf.FormatStatus("", "Downloading from %s", u))
+		resp, err = utils.Download(u.String())
+		if err != nil {
+			return job.Error(err)
+		}
+		progressReader := utils.ProgressReader(resp.Body, int(resp.ContentLength), job.Stdout, sf, true, "", "Importing")
+		defer progressReader.Close()
+		archive = progressReader
+	}
+	img, err := s.graph.Create(archive, "", "", "Imported from "+src, "", nil, nil)
+	if err != nil {
+		return job.Error(err)
+	}
+	// Optionally register the image at REPO/TAG
+	if repo != "" {
+		if err := s.Set(repo, tag, img.ID, true); err != nil {
+			return job.Error(err)
+		}
+	}
+	job.Stdout.Write(sf.FormatStatus("", img.ID))
+	return engine.StatusOK
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 8c61296b1e..80ab6de3fd 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -20,6 +20,7 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("images", s.CmdImages)
 	eng.Register("viz", s.CmdViz)
 	eng.Register("load", s.CmdLoad)
+	eng.Register("import", s.CmdImport)
 	return nil
 }
 
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 8fdc71dc11..ae7e321d8e 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -9,7 +9,6 @@ import (
 	"io"
 	"io/ioutil"
 	"net"
-	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
@@ -641,56 +640,6 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ImageImport(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 2 && n != 3 {
-		return job.Errorf("Usage: %s SRC REPO [TAG]", job.Name)
-	}
-	var (
-		src     = job.Args[0]
-		repo    = job.Args[1]
-		tag     string
-		sf      = utils.NewStreamFormatter(job.GetenvBool("json"))
-		archive archive.ArchiveReader
-		resp    *http.Response
-	)
-	if len(job.Args) > 2 {
-		tag = job.Args[2]
-	}
-
-	if src == "-" {
-		archive = job.Stdin
-	} else {
-		u, err := url.Parse(src)
-		if err != nil {
-			return job.Error(err)
-		}
-		if u.Scheme == "" {
-			u.Scheme = "http"
-			u.Host = src
-			u.Path = ""
-		}
-		job.Stdout.Write(sf.FormatStatus("", "Downloading from %s", u))
-		resp, err = utils.Download(u.String())
-		if err != nil {
-			return job.Error(err)
-		}
-		progressReader := utils.ProgressReader(resp.Body, int(resp.ContentLength), job.Stdout, sf, true, "", "Importing")
-		defer progressReader.Close()
-		archive = progressReader
-	}
-	img, err := srv.daemon.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil)
-	if err != nil {
-		return job.Error(err)
-	}
-	// Optionally register the image at REPO/TAG
-	if repo != "" {
-		if err := srv.daemon.Repositories().Set(repo, tag, img.ID, true); err != nil {
-			return job.Error(err)
-		}
-	}
-	job.Stdout.Write(sf.FormatStatus("", img.ID))
-	return engine.StatusOK
-}
 func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, noprune bool) error {
 	var (
 		repoName, tag string
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 20d7088839..c9c3a37563 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -91,7 +91,6 @@ func InitServer(job *engine.Job) engine.Status {
 		"log":          srv.Log,
 		"build":        srv.Build,
 		"pull":         srv.ImagePull,
-		"import":       srv.ImageImport,
 		"image_delete": srv.ImageDelete,
 		"events":       srv.Events,
 		"push":         srv.ImagePush,

From f301b073e0247a079839381229c4c3ef899128da Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 06:41:30 +0000
Subject: [PATCH 364/516] Move "image_delete" to daemon/image_delete.go

Note: this cannot yet be moved to graph/ because of a lingering
dependency on daemon. This has been noted in a FIXME.

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 7a5e3df1625df24d52e2c863706076c59803cff8
Component: engine
---
 components/engine/daemon/daemon.go       |   2 +
 components/engine/daemon/image_delete.go | 156 +++++++++++++++++++++++
 components/engine/server/image.go        | 143 ---------------------
 components/engine/server/init.go         |  15 +--
 4 files changed, 165 insertions(+), 151 deletions(-)
 create mode 100644 components/engine/daemon/image_delete.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0d275492dc..41ccf721a6 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -107,6 +107,7 @@ type Daemon struct {
 func (daemon *Daemon) Install(eng *engine.Engine) error {
 	// FIXME: rename "delete" to "rm" for consistency with the CLI command
 	// FIXME: rename ContainerDestroy to ContainerRm for consistency with the CLI command
+	// FIXME: remove ImageDelete's dependency on Daemon, then move to graph/
 	for name, method := range map[string]engine.Handler{
 		"attach":            daemon.ContainerAttach,
 		"commit":            daemon.ContainerCommit,
@@ -127,6 +128,7 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 		"top":               daemon.ContainerTop,
 		"unpause":           daemon.ContainerUnpause,
 		"wait":              daemon.ContainerWait,
+		"image_delete":      daemon.ImageDelete, // FIXME: see above
 	} {
 		if err := eng.Register(name, method); err != nil {
 			return err
diff --git a/components/engine/daemon/image_delete.go b/components/engine/daemon/image_delete.go
new file mode 100644
index 0000000000..77e8f85907
--- /dev/null
+++ b/components/engine/daemon/image_delete.go
@@ -0,0 +1,156 @@
+package daemon
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/graph"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/parsers"
+	"github.com/docker/docker/utils"
+)
+
+func (daemon *Daemon) ImageDelete(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	imgs := engine.NewTable("", 0)
+	if err := daemon.DeleteImage(job.Eng, job.Args[0], imgs, true, job.GetenvBool("force"), job.GetenvBool("noprune")); err != nil {
+		return job.Error(err)
+	}
+	if len(imgs.Data) == 0 {
+		return job.Errorf("Conflict, %s wasn't deleted", job.Args[0])
+	}
+	if _, err := imgs.WriteListTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+// FIXME: make this private and use the job instead
+func (daemon *Daemon) DeleteImage(eng *engine.Engine, name string, imgs *engine.Table, first, force, noprune bool) error {
+	var (
+		repoName, tag string
+		tags          = []string{}
+		tagDeleted    bool
+	)
+
+	// FIXME: please respect DRY and centralize repo+tag parsing in a single central place! -- shykes
+	repoName, tag = parsers.ParseRepositoryTag(name)
+	if tag == "" {
+		tag = graph.DEFAULTTAG
+	}
+
+	img, err := daemon.Repositories().LookupImage(name)
+	if err != nil {
+		if r, _ := daemon.Repositories().Get(repoName); r != nil {
+			return fmt.Errorf("No such image: %s:%s", repoName, tag)
+		}
+		return fmt.Errorf("No such image: %s", name)
+	}
+
+	if strings.Contains(img.ID, name) {
+		repoName = ""
+		tag = ""
+	}
+
+	byParents, err := daemon.Graph().ByParent()
+	if err != nil {
+		return err
+	}
+
+	//If delete by id, see if the id belong only to one repository
+	if repoName == "" {
+		for _, repoAndTag := range daemon.Repositories().ByID()[img.ID] {
+			parsedRepo, parsedTag := parsers.ParseRepositoryTag(repoAndTag)
+			if repoName == "" || repoName == parsedRepo {
+				repoName = parsedRepo
+				if parsedTag != "" {
+					tags = append(tags, parsedTag)
+				}
+			} else if repoName != parsedRepo && !force {
+				// the id belongs to multiple repos, like base:latest and user:test,
+				// in that case return conflict
+				return fmt.Errorf("Conflict, cannot delete image %s because it is tagged in multiple repositories, use -f to force", name)
+			}
+		}
+	} else {
+		tags = append(tags, tag)
+	}
+
+	if !first && len(tags) > 0 {
+		return nil
+	}
+
+	//Untag the current image
+	for _, tag := range tags {
+		tagDeleted, err = daemon.Repositories().Delete(repoName, tag)
+		if err != nil {
+			return err
+		}
+		if tagDeleted {
+			out := &engine.Env{}
+			out.Set("Untagged", repoName+":"+tag)
+			imgs.Add(out)
+			eng.Job("log", "untag", img.ID, "").Run()
+		}
+	}
+	tags = daemon.Repositories().ByID()[img.ID]
+	if (len(tags) <= 1 && repoName == "") || len(tags) == 0 {
+		if len(byParents[img.ID]) == 0 {
+			if err := daemon.canDeleteImage(img.ID, force, tagDeleted); err != nil {
+				return err
+			}
+			if err := daemon.Repositories().DeleteAll(img.ID); err != nil {
+				return err
+			}
+			if err := daemon.Graph().Delete(img.ID); err != nil {
+				return err
+			}
+			out := &engine.Env{}
+			out.Set("Deleted", img.ID)
+			imgs.Add(out)
+			eng.Job("log", "delete", img.ID, "").Run()
+			if img.Parent != "" && !noprune {
+				err := daemon.DeleteImage(eng, img.Parent, imgs, false, force, noprune)
+				if first {
+					return err
+				}
+
+			}
+
+		}
+	}
+	return nil
+}
+
+func (daemon *Daemon) canDeleteImage(imgID string, force, untagged bool) error {
+	var message string
+	if untagged {
+		message = " (docker untagged the image)"
+	}
+	for _, container := range daemon.List() {
+		parent, err := daemon.Repositories().LookupImage(container.Image)
+		if err != nil {
+			return err
+		}
+
+		if err := parent.WalkHistory(func(p *image.Image) error {
+			if imgID == p.ID {
+				if container.State.IsRunning() {
+					if force {
+						return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+					}
+					return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+				} else if !force {
+					return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
+				}
+			}
+			return nil
+		}); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index ae7e321d8e..3260611f3f 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -19,7 +19,6 @@ import (
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/graph"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/registry"
@@ -640,148 +639,6 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, noprune bool) error {
-	var (
-		repoName, tag string
-		tags          = []string{}
-		tagDeleted    bool
-	)
-
-	repoName, tag = parsers.ParseRepositoryTag(name)
-	if tag == "" {
-		tag = graph.DEFAULTTAG
-	}
-
-	img, err := srv.daemon.Repositories().LookupImage(name)
-	if err != nil {
-		if r, _ := srv.daemon.Repositories().Get(repoName); r != nil {
-			return fmt.Errorf("No such image: %s:%s", repoName, tag)
-		}
-		return fmt.Errorf("No such image: %s", name)
-	}
-
-	if strings.Contains(img.ID, name) {
-		repoName = ""
-		tag = ""
-	}
-
-	byParents, err := srv.daemon.Graph().ByParent()
-	if err != nil {
-		return err
-	}
-
-	//If delete by id, see if the id belong only to one repository
-	if repoName == "" {
-		for _, repoAndTag := range srv.daemon.Repositories().ByID()[img.ID] {
-			parsedRepo, parsedTag := parsers.ParseRepositoryTag(repoAndTag)
-			if repoName == "" || repoName == parsedRepo {
-				repoName = parsedRepo
-				if parsedTag != "" {
-					tags = append(tags, parsedTag)
-				}
-			} else if repoName != parsedRepo && !force {
-				// the id belongs to multiple repos, like base:latest and user:test,
-				// in that case return conflict
-				return fmt.Errorf("Conflict, cannot delete image %s because it is tagged in multiple repositories, use -f to force", name)
-			}
-		}
-	} else {
-		tags = append(tags, tag)
-	}
-
-	if !first && len(tags) > 0 {
-		return nil
-	}
-
-	//Untag the current image
-	for _, tag := range tags {
-		tagDeleted, err = srv.daemon.Repositories().Delete(repoName, tag)
-		if err != nil {
-			return err
-		}
-		if tagDeleted {
-			out := &engine.Env{}
-			out.Set("Untagged", repoName+":"+tag)
-			imgs.Add(out)
-			srv.LogEvent("untag", img.ID, "")
-		}
-	}
-	tags = srv.daemon.Repositories().ByID()[img.ID]
-	if (len(tags) <= 1 && repoName == "") || len(tags) == 0 {
-		if len(byParents[img.ID]) == 0 {
-			if err := srv.canDeleteImage(img.ID, force, tagDeleted); err != nil {
-				return err
-			}
-			if err := srv.daemon.Repositories().DeleteAll(img.ID); err != nil {
-				return err
-			}
-			if err := srv.daemon.Graph().Delete(img.ID); err != nil {
-				return err
-			}
-			out := &engine.Env{}
-			out.Set("Deleted", img.ID)
-			imgs.Add(out)
-			srv.LogEvent("delete", img.ID, "")
-			if img.Parent != "" && !noprune {
-				err := srv.DeleteImage(img.Parent, imgs, false, force, noprune)
-				if first {
-					return err
-				}
-
-			}
-
-		}
-	}
-	return nil
-}
-
-func (srv *Server) ImageDelete(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	imgs := engine.NewTable("", 0)
-	if err := srv.DeleteImage(job.Args[0], imgs, true, job.GetenvBool("force"), job.GetenvBool("noprune")); err != nil {
-		return job.Error(err)
-	}
-	if len(imgs.Data) == 0 {
-		return job.Errorf("Conflict, %s wasn't deleted", job.Args[0])
-	}
-	if _, err := imgs.WriteListTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error {
-	var message string
-	if untagged {
-		message = " (docker untagged the image)"
-	}
-	for _, container := range srv.daemon.List() {
-		parent, err := srv.daemon.Repositories().LookupImage(container.Image)
-		if err != nil {
-			return err
-		}
-
-		if err := parent.WalkHistory(func(p *image.Image) error {
-			if imgID == p.ID {
-				if container.State.IsRunning() {
-					if force {
-						return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-					}
-					return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-				} else if !force {
-					return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message)
-				}
-			}
-			return nil
-		}); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (srv *Server) poolAdd(kind, key string) (chan struct{}, error) {
 	srv.Lock()
 	defer srv.Unlock()
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index c9c3a37563..102e3ddf22 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,14 +86,13 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"tag":          srv.ImageTag, // FIXME merge with "image_tag"
-		"info":         srv.DockerInfo,
-		"log":          srv.Log,
-		"build":        srv.Build,
-		"pull":         srv.ImagePull,
-		"image_delete": srv.ImageDelete,
-		"events":       srv.Events,
-		"push":         srv.ImagePush,
+		"tag":    srv.ImageTag, // FIXME merge with "image_tag"
+		"info":   srv.DockerInfo,
+		"log":    srv.Log,
+		"build":  srv.Build,
+		"pull":   srv.ImagePull,
+		"events": srv.Events,
+		"push":   srv.ImagePush,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)

From 7b8c4dce896d1ec4c8684785796f11720ba5708d Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 06:49:10 +0000
Subject: [PATCH 365/516] Move "image_tag" and "tag" to graph/tag.go

Note: these 2 jobs should be merged into one. This was noted in a FIXME.

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: d7879379571e778b30973874df22fed3266cbb8f
Component: engine
---
 components/engine/graph/service.go | 25 +----------------
 components/engine/graph/tag.go     | 44 ++++++++++++++++++++++++++++++
 components/engine/server/image.go  | 14 ----------
 components/engine/server/init.go   |  1 -
 4 files changed, 45 insertions(+), 39 deletions(-)
 create mode 100644 components/engine/graph/tag.go

diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 80ab6de3fd..2776d65968 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -5,13 +5,13 @@ import (
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/utils"
 )
 
 func (s *TagStore) Install(eng *engine.Engine) error {
 	eng.Register("image_set", s.CmdSet)
 	eng.Register("image_tag", s.CmdTag)
+	eng.Register("tag", s.CmdTagLegacy) // FIXME merge with "image_tag"
 	eng.Register("image_get", s.CmdGet)
 	eng.Register("image_inspect", s.CmdLookup)
 	eng.Register("image_tarlayer", s.CmdTarLayer)
@@ -71,29 +71,6 @@ func (s *TagStore) CmdSet(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-// CmdTag assigns a new name and tag to an existing image. If the tag already exists,
-// it is changed and the image previously referenced by the tag loses that reference.
-// This may cause the old image to be garbage-collected if its reference count reaches zero.
-//
-// Syntax: image_tag NEWNAME OLDNAME
-// Example: image_tag shykes/myapp:latest shykes/myapp:1.42.0
-func (s *TagStore) CmdTag(job *engine.Job) engine.Status {
-	if len(job.Args) != 2 {
-		return job.Errorf("usage: %s NEWNAME OLDNAME", job.Name)
-	}
-	var (
-		newName = job.Args[0]
-		oldName = job.Args[1]
-	)
-	newRepo, newTag := parsers.ParseRepositoryTag(newName)
-	// FIXME: Set should either parse both old and new name, or neither.
-	// 	the current prototype is inconsistent.
-	if err := s.Set(newRepo, newTag, oldName, true); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 // CmdGet returns information about an image.
 // If the image doesn't exist, an empty object is returned, to allow
 // checking for an image's existence.
diff --git a/components/engine/graph/tag.go b/components/engine/graph/tag.go
new file mode 100644
index 0000000000..3d89422f9d
--- /dev/null
+++ b/components/engine/graph/tag.go
@@ -0,0 +1,44 @@
+package graph
+
+import (
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers"
+)
+
+// CmdTag assigns a new name and tag to an existing image. If the tag already exists,
+// it is changed and the image previously referenced by the tag loses that reference.
+// This may cause the old image to be garbage-collected if its reference count reaches zero.
+//
+// Syntax: image_tag NEWNAME OLDNAME
+// Example: image_tag shykes/myapp:latest shykes/myapp:1.42.0
+func (s *TagStore) CmdTag(job *engine.Job) engine.Status {
+	if len(job.Args) != 2 {
+		return job.Errorf("usage: %s NEWNAME OLDNAME", job.Name)
+	}
+	var (
+		newName = job.Args[0]
+		oldName = job.Args[1]
+	)
+	newRepo, newTag := parsers.ParseRepositoryTag(newName)
+	// FIXME: Set should either parse both old and new name, or neither.
+	// 	the current prototype is inconsistent.
+	if err := s.Set(newRepo, newTag, oldName, true); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
+// FIXME: merge into CmdTag above, and merge "image_tag" and "tag" into a single job.
+func (s *TagStore) CmdTagLegacy(job *engine.Job) engine.Status {
+	if len(job.Args) != 2 && len(job.Args) != 3 {
+		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
+	}
+	var tag string
+	if len(job.Args) == 3 {
+		tag = job.Args[2]
+	}
+	if err := s.Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 3260611f3f..5cde8dd63e 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -105,20 +105,6 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ImageTag(job *engine.Job) engine.Status {
-	if len(job.Args) != 2 && len(job.Args) != 3 {
-		return job.Errorf("Usage: %s IMAGE REPOSITORY [TAG]\n", job.Name)
-	}
-	var tag string
-	if len(job.Args) == 3 {
-		tag = job.Args[2]
-	}
-	if err := srv.daemon.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
 	history, err := r.GetRemoteHistory(imgID, endpoint, token)
 	if err != nil {
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 102e3ddf22..a3866e7bef 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"tag":    srv.ImageTag, // FIXME merge with "image_tag"
 		"info":   srv.DockerInfo,
 		"log":    srv.Log,
 		"build":  srv.Build,

From 9075da38d2b179adc5e5363b9c424da89e549daf Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Tue, 5 Aug 2014 19:11:09 -0400
Subject: [PATCH 366/516] Move some integration tests to integration-cli

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 69f9d488dc915d8b02827658ccc5a7c48136dc03
Component: engine
---
 .../integration-cli/docker_cli_rm_test.go     | 64 +++++++++++++++++
 .../engine/integration/commands_test.go       | 68 -------------------
 components/engine/integration/server_test.go  | 53 ---------------
 3 files changed, 64 insertions(+), 121 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_rm_test.go b/components/engine/integration-cli/docker_cli_rm_test.go
index b61f1c9a93..08bc2a7224 100644
--- a/components/engine/integration-cli/docker_cli_rm_test.go
+++ b/components/engine/integration-cli/docker_cli_rm_test.go
@@ -3,6 +3,7 @@ package main
 import (
 	"os"
 	"os/exec"
+	"strings"
 	"testing"
 )
 
@@ -92,6 +93,69 @@ func TestRemoveContainerWithStopAndKill(t *testing.T) {
 	logDone("rm - with --stop=true and --kill=true")
 }
 
+func TestContainerOrphaning(t *testing.T) {
+	dockerfile1 := `FROM busybox:latest
+	ENTRYPOINT ["/bin/true"]`
+	img := "test-container-orphaning"
+	dockerfile2 := `FROM busybox:latest
+	ENTRYPOINT ["/bin/true"]
+	MAINTAINER Integration Tests`
+
+	// build first dockerfile
+	img1, err := buildImage(img, dockerfile1, true)
+	if err != nil {
+		t.Fatalf("Could not build image %s: %v", img, err)
+	}
+	// run container on first image
+	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", img)); err != nil {
+		t.Fatalf("Could not run image %s: %v: %s", img, err, out)
+	}
+	// rebuild dockerfile with a small addition at the end
+	if _, err := buildImage(img, dockerfile2, true); err != nil {
+		t.Fatalf("Could not rebuild image %s: %v", img, err)
+	}
+	// try to remove the image, should error out.
+	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "rmi", img)); err == nil {
+		t.Fatalf("Expected to error out removing the image, but succeeded: %s", out)
+	}
+	// check if we deleted the first image
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "images", "-q", "--no-trunc"))
+	if err != nil {
+		t.Fatalf("%v: %s", err, out)
+	}
+	if !strings.Contains(out, img1) {
+		t.Fatal("Orphaned container (could not find '%s' in docker images): %s", img1, out)
+	}
+
+	deleteAllContainers()
+
+	logDone("rm - container orphaning")
+}
+
+func TestDeleteTagWithExistingContainers(t *testing.T) {
+	container := "test-delete-tag"
+	newtag := "busybox:newtag"
+	bb := "busybox:latest"
+	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "tag", bb, newtag)); err != nil {
+		t.Fatalf("Could not tag busybox: %v: %s", err, out)
+	}
+	if out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "run", "--name", container, bb, "/bin/true")); err != nil {
+		t.Fatalf("Could not run busybox: %v: %s", err, out)
+	}
+	out, _, err := runCommandWithOutput(exec.Command(dockerBinary, "rmi", newtag))
+	if err != nil {
+		t.Fatalf("Could not remove tag %s: %v: %s", newtag, err, out)
+	}
+	if d := strings.Count(out, "Untagged: "); d != 1 {
+		t.Fatalf("Expected 1 untagged entry got %d: %q", d, out)
+	}
+
+	deleteAllContainers()
+
+	logDone("rm - delete tag with existing containers")
+
+}
+
 func createRunningContainer(t *testing.T, name string) {
 	cmd := exec.Command(dockerBinary, "run", "-dt", "--name", name, "busybox", "top")
 	if _, err := runCommand(cmd); err != nil {
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 1e9f18eaf8..44e77e1c7e 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/docker/docker/api/client"
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/utils"
 )
@@ -682,70 +681,3 @@ func TestRunCidFileCleanupIfEmpty(t *testing.T) {
 		<-c
 	})
 }
-
-func TestContainerOrphaning(t *testing.T) {
-
-	// setup a temporary directory
-	tmpDir, err := ioutil.TempDir("", "project")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(tmpDir)
-
-	// setup a CLI and server
-	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-	defer cleanup(globalEngine, t)
-	srv := mkServerFromEngine(globalEngine, t)
-
-	// closure to build something
-	buildSomething := func(template string, image string) string {
-		dockerfile := path.Join(tmpDir, "Dockerfile")
-		replacer := strings.NewReplacer("{IMAGE}", unitTestImageID)
-		contents := replacer.Replace(template)
-		ioutil.WriteFile(dockerfile, []byte(contents), 0x777)
-		if err := cli.CmdBuild("-t", image, tmpDir); err != nil {
-			t.Fatal(err)
-		}
-		job := globalEngine.Job("image_get", image)
-		info, _ := job.Stdout.AddEnv()
-		if err := job.Run(); err != nil {
-			t.Fatal(err)
-		}
-		return info.Get("Id")
-	}
-
-	// build an image
-	imageName := "orphan-test"
-	template1 := `
-	from {IMAGE}
-	cmd ["/bin/echo", "holla"]
-	`
-	img1 := buildSomething(template1, imageName)
-
-	// create a container using the fist image
-	if err := cli.CmdRun(imageName); err != nil {
-		t.Fatal(err)
-	}
-
-	// build a new image that splits lineage
-	template2 := `
-	from {IMAGE}
-	cmd ["/bin/echo", "holla"]
-	expose 22
-	`
-	buildSomething(template2, imageName)
-
-	// remove the second image by name
-	resp := engine.NewTable("", 0)
-	if err := srv.DeleteImage(imageName, resp, true, false, false); err == nil {
-		t.Fatal("Expected error, got none")
-	}
-
-	// see if we deleted the first image (and orphaned the container)
-	for _, i := range resp.Data {
-		if img1 == i.Get("Deleted") {
-			t.Fatal("Orphaned image with container")
-		}
-	}
-
-}
diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index 7b9f5ade01..241ca76bfe 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -297,56 +297,3 @@ func TestImagesFilter(t *testing.T) {
 		t.Fatal("incorrect number of matches returned")
 	}
 }
-
-// Regression test for being able to untag an image with an existing
-// container
-func TestDeleteTagWithExistingContainers(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer nuke(mkDaemonFromEngine(eng, t))
-
-	srv := mkServerFromEngine(eng, t)
-
-	// Tag the image
-	if err := eng.Job("tag", unitTestImageID, "utest", "tag1").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	// Create a container from the image
-	config, _, _, err := runconfig.Parse([]string{unitTestImageID, "echo test"}, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	id := createNamedTestContainer(eng, config, t, "testingtags")
-	if id == "" {
-		t.Fatal("No id returned")
-	}
-
-	job := srv.Eng.Job("containers")
-	job.SetenvBool("all", true)
-	outs, err := job.Stdout.AddListTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if len(outs.Data) != 1 {
-		t.Fatalf("Expected 1 container got %d", len(outs.Data))
-	}
-
-	// Try to remove the tag
-	imgs := engine.NewTable("", 0)
-	if err := srv.DeleteImage("utest:tag1", imgs, true, false, false); err != nil {
-		t.Fatal(err)
-	}
-
-	if len(imgs.Data) != 1 {
-		t.Fatalf("Should only have deleted one untag %d", len(imgs.Data))
-	}
-
-	if untag := imgs.Data[0].Get("Untagged"); untag != "utest:tag1" {
-		t.Fatalf("Expected %s got %s", unitTestImageID, untag)
-	}
-}

From 3c48cb561ab54e3fee80ff4cc10237d6185c2397 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 6 Aug 2014 16:09:29 -0400
Subject: [PATCH 367/516] Check error returned by eng.Register() in
 TagStore.Install()

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: af0781974df54f2c4959ea1d90c3f43b9ae37799
Component: engine
---
 components/engine/graph/service.go | 31 ++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 2776d65968..74d6226d0a 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -1,6 +1,7 @@
 package graph
 
 import (
+	"fmt"
 	"io"
 
 	"github.com/docker/docker/engine"
@@ -9,18 +10,24 @@ import (
 )
 
 func (s *TagStore) Install(eng *engine.Engine) error {
-	eng.Register("image_set", s.CmdSet)
-	eng.Register("image_tag", s.CmdTag)
-	eng.Register("tag", s.CmdTagLegacy) // FIXME merge with "image_tag"
-	eng.Register("image_get", s.CmdGet)
-	eng.Register("image_inspect", s.CmdLookup)
-	eng.Register("image_tarlayer", s.CmdTarLayer)
-	eng.Register("image_export", s.CmdImageExport)
-	eng.Register("history", s.CmdHistory)
-	eng.Register("images", s.CmdImages)
-	eng.Register("viz", s.CmdViz)
-	eng.Register("load", s.CmdLoad)
-	eng.Register("import", s.CmdImport)
+	for name, handler := range map[string]engine.Handler{
+		"image_set":      s.CmdSet,
+		"image_tag":      s.CmdTag,
+		"tag":            s.CmdTagLegacy, // FIXME merge with "image_tag"
+		"image_get":      s.CmdGet,
+		"image_inspect":  s.CmdLookup,
+		"image_tarlayer": s.CmdTarLayer,
+		"image_export":   s.CmdImageExport,
+		"history":        s.CmdHistory,
+		"images":         s.CmdImages,
+		"viz":            s.CmdViz,
+		"load":           s.CmdLoad,
+		"import":         s.CmdImport,
+	} {
+		if err := eng.Register(name, handler); err != nil {
+			return fmt.Errorf("Could not register %q: %v", name, err)
+		}
+	}
 	return nil
 }
 

From a195939eec3f8bc29a47e56f4382316979499983 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 31 Jul 2014 15:50:59 +0400
Subject: [PATCH 368/516] Separate events subsystem

* Events subsystem merged from `server/events.go` and
  `utils/jsonmessagepublisher.go` and moved to `events/events.go`
* Only public interface for this subsystem is engine jobs
* There is two new engine jobs - `log_event` and `subscribers_count`
* There is auxiliary function `container.LogEvent` for logging events for
  containers

Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
[solomon@docker.com: resolve merge conflicts]
Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 8d056423f8c433927089bd7eb6bc97abbc1ed502
Component: engine
---
 components/engine/builtins/builtins.go        |   4 +
 components/engine/daemon/container.go         |   9 +-
 components/engine/daemon/create.go            |   2 +-
 components/engine/daemon/delete.go            |   2 +-
 components/engine/daemon/export.go            |   2 +-
 components/engine/daemon/image_delete.go      |   4 +-
 components/engine/daemon/kill.go              |   2 +-
 components/engine/daemon/pause.go             |   4 +-
 components/engine/daemon/restart.go           |   2 +-
 components/engine/daemon/server.go            |   5 -
 components/engine/daemon/start.go             |   3 +-
 components/engine/daemon/stop.go              |   2 +-
 components/engine/events/events.go            | 176 ++++++++++++++++++
 components/engine/events/events_test.go       | 154 +++++++++++++++
 components/engine/server/events.go            | 108 -----------
 components/engine/server/init.go              |  20 +-
 components/engine/server/server.go            |  21 ++-
 components/engine/server/server_unit_test.go  |  59 +-----
 .../engine/utils/jsonmessagepublisher.go      |  61 ------
 .../engine/utils/jsonmessagepublisher_test.go |  73 --------
 20 files changed, 374 insertions(+), 339 deletions(-)
 create mode 100644 components/engine/events/events.go
 create mode 100644 components/engine/events/events_test.go
 delete mode 100644 components/engine/server/events.go
 delete mode 100644 components/engine/utils/jsonmessagepublisher.go
 delete mode 100644 components/engine/utils/jsonmessagepublisher_test.go

diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index 9379c67c88..75f9d4ce34 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -8,6 +8,7 @@ import (
 	"github.com/docker/docker/daemon/networkdriver/bridge"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/events"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/server"
@@ -20,6 +21,9 @@ func Register(eng *engine.Engine) error {
 	if err := remote(eng); err != nil {
 		return err
 	}
+	if err := events.New().Install(eng); err != nil {
+		return err
+	}
 	if err := eng.Register("version", dockerVersion); err != nil {
 		return err
 	}
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index d62eb6d2fa..bd97f00f88 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -168,6 +168,13 @@ func (container *Container) WriteHostConfig() error {
 	return ioutil.WriteFile(pth, data, 0666)
 }
 
+func (container *Container) LogEvent(action string) {
+	d := container.daemon
+	if err := d.eng.Job("log_event", action, container.ID, d.Repositories().ImageName(container.Image)).Run(); err != nil {
+		utils.Errorf("Error running container: %s", err)
+	}
+}
+
 func (container *Container) getResourcePath(path string) (string, error) {
 	cleanPath := filepath.Join("/", path)
 	return symlink.FollowSymlinkInScope(filepath.Join(container.basefs, cleanPath), container.basefs)
@@ -508,7 +515,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		container.stdin, container.stdinPipe = io.Pipe()
 	}
 	if container.daemon != nil && container.daemon.srv != nil {
-		container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
+		container.LogEvent("die")
 	}
 	if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
 		// FIXME: here is race condition between two RUN instructions in Dockerfile
diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go
index 8d008f8ade..c3aa9ee58e 100644
--- a/components/engine/daemon/create.go
+++ b/components/engine/daemon/create.go
@@ -40,7 +40,7 @@ func (daemon *Daemon) ContainerCreate(job *engine.Job) engine.Status {
 	if !container.Config.NetworkDisabled && daemon.SystemConfig().IPv4ForwardingDisabled {
 		job.Errorf("IPv4 forwarding is disabled.\n")
 	}
-	job.Eng.Job("log", "create", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	container.LogEvent("create")
 	// FIXME: this is necessary because daemon.Create might return a nil container
 	// with a non-nil error. This should not happen! Once it's fixed we
 	// can remove this workaround.
diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
index 9c92be3fb1..ad4df69860 100644
--- a/components/engine/daemon/delete.go
+++ b/components/engine/daemon/delete.go
@@ -70,7 +70,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 		if err := daemon.Destroy(container); err != nil {
 			return job.Errorf("Cannot destroy container %s: %s", name, err)
 		}
-		job.Eng.Job("log", "destroy", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		container.LogEvent("destroy")
 
 		if removeVolume {
 			var (
diff --git a/components/engine/daemon/export.go b/components/engine/daemon/export.go
index 204e862d5c..bc0f14a3bb 100644
--- a/components/engine/daemon/export.go
+++ b/components/engine/daemon/export.go
@@ -23,7 +23,7 @@ func (daemon *Daemon) ContainerExport(job *engine.Job) engine.Status {
 			return job.Errorf("%s: %s", name, err)
 		}
 		// FIXME: factor job-specific LogEvent to engine.Job.Run()
-		job.Eng.Job("log", "export", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		container.LogEvent("export")
 		return engine.StatusOK
 	}
 	return job.Errorf("No such container: %s", name)
diff --git a/components/engine/daemon/image_delete.go b/components/engine/daemon/image_delete.go
index 77e8f85907..dd3e584e23 100644
--- a/components/engine/daemon/image_delete.go
+++ b/components/engine/daemon/image_delete.go
@@ -93,7 +93,7 @@ func (daemon *Daemon) DeleteImage(eng *engine.Engine, name string, imgs *engine.
 			out := &engine.Env{}
 			out.Set("Untagged", repoName+":"+tag)
 			imgs.Add(out)
-			eng.Job("log", "untag", img.ID, "").Run()
+			eng.Job("log_event", "untag", img.ID, "").Run()
 		}
 	}
 	tags = daemon.Repositories().ByID()[img.ID]
@@ -111,7 +111,7 @@ func (daemon *Daemon) DeleteImage(eng *engine.Engine, name string, imgs *engine.
 			out := &engine.Env{}
 			out.Set("Deleted", img.ID)
 			imgs.Add(out)
-			eng.Job("log", "delete", img.ID, "").Run()
+			eng.Job("log_event", "delete", img.ID, "").Run()
 			if img.Parent != "" && !noprune {
 				err := daemon.DeleteImage(eng, img.Parent, imgs, false, force, noprune)
 				if first {
diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go
index f883495cef..f5f5897c88 100644
--- a/components/engine/daemon/kill.go
+++ b/components/engine/daemon/kill.go
@@ -44,7 +44,7 @@ func (daemon *Daemon) ContainerKill(job *engine.Job) engine.Status {
 			if err := container.Kill(); err != nil {
 				return job.Errorf("Cannot kill container %s: %s", name, err)
 			}
-			job.Eng.Job("log", "kill", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+			container.LogEvent("kill")
 		} else {
 			// Otherwise, just send the requested signal
 			if err := container.KillSig(int(sig)); err != nil {
diff --git a/components/engine/daemon/pause.go b/components/engine/daemon/pause.go
index 72e5cee020..0e4323d9a8 100644
--- a/components/engine/daemon/pause.go
+++ b/components/engine/daemon/pause.go
@@ -16,7 +16,7 @@ func (daemon *Daemon) ContainerPause(job *engine.Job) engine.Status {
 	if err := container.Pause(); err != nil {
 		return job.Errorf("Cannot pause container %s: %s", name, err)
 	}
-	job.Eng.Job("log", "pause", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	container.LogEvent("pause")
 	return engine.StatusOK
 }
 
@@ -32,6 +32,6 @@ func (daemon *Daemon) ContainerUnpause(job *engine.Job) engine.Status {
 	if err := container.Unpause(); err != nil {
 		return job.Errorf("Cannot unpause container %s: %s", name, err)
 	}
-	job.Eng.Job("log", "unpause", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+	container.LogEvent("unpause")
 	return engine.StatusOK
 }
diff --git a/components/engine/daemon/restart.go b/components/engine/daemon/restart.go
index c0ae949a88..bcc057156d 100644
--- a/components/engine/daemon/restart.go
+++ b/components/engine/daemon/restart.go
@@ -19,7 +19,7 @@ func (daemon *Daemon) ContainerRestart(job *engine.Job) engine.Status {
 		if err := container.Restart(int(t)); err != nil {
 			return job.Errorf("Cannot restart container %s: %s\n", name, err)
 		}
-		job.Eng.Job("log", "restart", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		container.LogEvent("restart")
 	} else {
 		return job.Errorf("No such container: %s\n", name)
 	}
diff --git a/components/engine/daemon/server.go b/components/engine/daemon/server.go
index 1e06eda896..12fb0f57c8 100644
--- a/components/engine/daemon/server.go
+++ b/components/engine/daemon/server.go
@@ -1,10 +1,5 @@
 package daemon
 
-import (
-	"github.com/docker/docker/utils"
-)
-
 type Server interface {
-	LogEvent(action, id, from string) *utils.JSONMessage
 	IsRunning() bool // returns true if the server is currently in operation
 }
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
index 0e64a4e916..cb6e9cb21f 100644
--- a/components/engine/daemon/start.go
+++ b/components/engine/daemon/start.go
@@ -36,8 +36,7 @@ func (daemon *Daemon) ContainerStart(job *engine.Job) engine.Status {
 	if err := container.Start(); err != nil {
 		return job.Errorf("Cannot start container %s: %s", name, err)
 	}
-	job.Eng.Job("log", "start", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
-
+	container.LogEvent("start")
 	return engine.StatusOK
 }
 
diff --git a/components/engine/daemon/stop.go b/components/engine/daemon/stop.go
index 5ce2e1726e..f1851291fb 100644
--- a/components/engine/daemon/stop.go
+++ b/components/engine/daemon/stop.go
@@ -22,7 +22,7 @@ func (daemon *Daemon) ContainerStop(job *engine.Job) engine.Status {
 		if err := container.Stop(int(t)); err != nil {
 			return job.Errorf("Cannot stop container %s: %s\n", name, err)
 		}
-		job.Eng.Job("log", "stop", container.ID, daemon.Repositories().ImageName(container.Image)).Run()
+		container.LogEvent("stop")
 	} else {
 		return job.Errorf("No such container: %s\n", name)
 	}
diff --git a/components/engine/events/events.go b/components/engine/events/events.go
new file mode 100644
index 0000000000..01965b3e3b
--- /dev/null
+++ b/components/engine/events/events.go
@@ -0,0 +1,176 @@
+package events
+
+import (
+	"encoding/json"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+const eventsLimit = 64
+
+type listener chan<- *utils.JSONMessage
+
+type Events struct {
+	mu          sync.RWMutex
+	events      []*utils.JSONMessage
+	subscribers []listener
+}
+
+func New() *Events {
+	return &Events{
+		events: make([]*utils.JSONMessage, 0, eventsLimit),
+	}
+}
+
+// Install installs events public api in docker engine
+func (e *Events) Install(eng *engine.Engine) error {
+	// Here you should describe public interface
+	jobs := map[string]engine.Handler{
+		"events":            e.Get,
+		"log_event":         e.Log,
+		"subscribers_count": e.SubscribersCount,
+	}
+	for name, job := range jobs {
+		if err := eng.Register(name, job); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (e *Events) Get(job *engine.Job) engine.Status {
+	var (
+		since   = job.GetenvInt64("since")
+		until   = job.GetenvInt64("until")
+		timeout = time.NewTimer(time.Unix(until, 0).Sub(time.Now()))
+	)
+
+	// If no until, disable timeout
+	if until == 0 {
+		timeout.Stop()
+	}
+
+	listener := make(chan *utils.JSONMessage)
+	e.subscribe(listener)
+	defer e.unsubscribe(listener)
+
+	job.Stdout.Write(nil)
+
+	// Resend every event in the [since, until] time interval.
+	if since != 0 {
+		if err := e.writeCurrent(job, since, until); err != nil {
+			return job.Error(err)
+		}
+	}
+
+	for {
+		select {
+		case event, ok := <-listener:
+			if !ok {
+				return engine.StatusOK
+			}
+			if err := writeEvent(job, event); err != nil {
+				return job.Error(err)
+			}
+		case <-timeout.C:
+			return engine.StatusOK
+		}
+	}
+}
+
+func (e *Events) Log(job *engine.Job) engine.Status {
+	if len(job.Args) != 3 {
+		return job.Errorf("usage: %s ACTION ID FROM", job.Name)
+	}
+	// not waiting for receivers
+	go e.log(job.Args[0], job.Args[1], job.Args[2])
+	return engine.StatusOK
+}
+
+func (e *Events) SubscribersCount(job *engine.Job) engine.Status {
+	ret := &engine.Env{}
+	ret.SetInt("count", e.subscribersCount())
+	ret.WriteTo(job.Stdout)
+	return engine.StatusOK
+}
+
+func writeEvent(job *engine.Job, event *utils.JSONMessage) error {
+	// When sending an event JSON serialization errors are ignored, but all
+	// other errors lead to the eviction of the listener.
+	if b, err := json.Marshal(event); err == nil {
+		if _, err = job.Stdout.Write(b); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (e *Events) writeCurrent(job *engine.Job, since, until int64) error {
+	e.mu.RLock()
+	for _, event := range e.events {
+		if event.Time >= since && (event.Time <= until || until == 0) {
+			if err := writeEvent(job, event); err != nil {
+				e.mu.RUnlock()
+				return err
+			}
+		}
+	}
+	e.mu.RUnlock()
+	return nil
+}
+
+func (e *Events) subscribersCount() int {
+	e.mu.RLock()
+	c := len(e.subscribers)
+	e.mu.RUnlock()
+	return c
+}
+
+func (e *Events) log(action, id, from string) {
+	e.mu.Lock()
+	now := time.Now().UTC().Unix()
+	jm := &utils.JSONMessage{Status: action, ID: id, From: from, Time: now}
+	if len(e.events) == cap(e.events) {
+		// discard oldest event
+		copy(e.events, e.events[1:])
+		e.events[len(e.events)-1] = jm
+	} else {
+		e.events = append(e.events, jm)
+	}
+	for _, s := range e.subscribers {
+		// We give each subscriber a 100ms time window to receive the event,
+		// after which we move to the next.
+		select {
+		case s <- jm:
+		case <-time.After(100 * time.Millisecond):
+		}
+	}
+	e.mu.Unlock()
+}
+
+func (e *Events) subscribe(l listener) {
+	e.mu.Lock()
+	e.subscribers = append(e.subscribers, l)
+	e.mu.Unlock()
+}
+
+// unsubscribe closes and removes the specified listener from the list of
+// previously registed ones.
+// It returns a boolean value indicating if the listener was successfully
+// found, closed and unregistered.
+func (e *Events) unsubscribe(l listener) bool {
+	e.mu.Lock()
+	for i, subscriber := range e.subscribers {
+		if subscriber == l {
+			close(l)
+			e.subscribers = append(e.subscribers[:i], e.subscribers[i+1:]...)
+			e.mu.Unlock()
+			return true
+		}
+	}
+	e.mu.Unlock()
+	return false
+}
diff --git a/components/engine/events/events_test.go b/components/engine/events/events_test.go
new file mode 100644
index 0000000000..d07d5d1eff
--- /dev/null
+++ b/components/engine/events/events_test.go
@@ -0,0 +1,154 @@
+package events
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/utils"
+)
+
+func TestEventsPublish(t *testing.T) {
+	e := New()
+	l1 := make(chan *utils.JSONMessage)
+	l2 := make(chan *utils.JSONMessage)
+	e.subscribe(l1)
+	e.subscribe(l2)
+	count := e.subscribersCount()
+	if count != 2 {
+		t.Fatalf("Must be 2 subscribers, got %d", count)
+	}
+	go e.log("test", "cont", "image")
+	select {
+	case msg := <-l1:
+		if len(e.events) != 1 {
+			t.Fatalf("Must be only one event, got %d", len(e.events))
+		}
+		if msg.Status != "test" {
+			t.Fatalf("Status should be test, got %s", msg.Status)
+		}
+		if msg.ID != "cont" {
+			t.Fatalf("ID should be cont, got %s", msg.ID)
+		}
+		if msg.From != "image" {
+			t.Fatalf("From should be image, got %s", msg.From)
+		}
+	case <-time.After(1 * time.Second):
+		t.Fatal("Timeout waiting for broadcasted message")
+	}
+	select {
+	case msg := <-l2:
+		if len(e.events) != 1 {
+			t.Fatalf("Must be only one event, got %d", len(e.events))
+		}
+		if msg.Status != "test" {
+			t.Fatalf("Status should be test, got %s", msg.Status)
+		}
+		if msg.ID != "cont" {
+			t.Fatalf("ID should be cont, got %s", msg.ID)
+		}
+		if msg.From != "image" {
+			t.Fatalf("From should be image, got %s", msg.From)
+		}
+	case <-time.After(1 * time.Second):
+		t.Fatal("Timeout waiting for broadcasted message")
+	}
+}
+
+func TestEventsPublishTimeout(t *testing.T) {
+	e := New()
+	l := make(chan *utils.JSONMessage)
+	e.subscribe(l)
+
+	c := make(chan struct{})
+	go func() {
+		e.log("test", "cont", "image")
+		close(c)
+	}()
+
+	select {
+	case <-c:
+	case <-time.After(time.Second):
+		t.Fatal("Timeout publishing message")
+	}
+}
+
+func TestLogEvents(t *testing.T) {
+	e := New()
+	eng := engine.New()
+	if err := e.Install(eng); err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < eventsLimit+16; i++ {
+		action := fmt.Sprintf("action_%d", i)
+		id := fmt.Sprintf("cont_%d", i)
+		from := fmt.Sprintf("image_%d", i)
+		job := eng.Job("log_event", action, id, from)
+		if err := job.Run(); err != nil {
+			t.Fatal(err)
+		}
+	}
+	time.Sleep(50 * time.Millisecond)
+	if len(e.events) != eventsLimit {
+		t.Fatalf("Must be %d events, got %d", eventsLimit, len(e.events))
+	}
+
+	job := eng.Job("events")
+	job.SetenvInt64("since", 1)
+	job.SetenvInt64("until", time.Now().Unix())
+	buf := bytes.NewBuffer(nil)
+	job.Stdout.Add(buf)
+	if err := job.Run(); err != nil {
+		t.Fatal(err)
+	}
+	buf = bytes.NewBuffer(buf.Bytes())
+	dec := json.NewDecoder(buf)
+	var msgs []utils.JSONMessage
+	for {
+		var jm utils.JSONMessage
+		if err := dec.Decode(&jm); err != nil {
+			if err == io.EOF {
+				break
+			}
+			t.Fatal(err)
+		}
+		msgs = append(msgs, jm)
+	}
+	if len(msgs) != eventsLimit {
+		t.Fatalf("Must be %d events, got %d", eventsLimit, len(msgs))
+	}
+	first := msgs[0]
+	if first.Status != "action_16" {
+		t.Fatalf("First action is %s, must be action_15", first.Status)
+	}
+	last := msgs[len(msgs)-1]
+	if last.Status != "action_79" {
+		t.Fatalf("First action is %s, must be action_79", first.Status)
+	}
+}
+
+func TestEventsCountJob(t *testing.T) {
+	e := New()
+	eng := engine.New()
+	if err := e.Install(eng); err != nil {
+		t.Fatal(err)
+	}
+	l1 := make(chan *utils.JSONMessage)
+	l2 := make(chan *utils.JSONMessage)
+	e.subscribe(l1)
+	e.subscribe(l2)
+	job := eng.Job("subscribers_count")
+	env, _ := job.Stdout.AddEnv()
+	if err := job.Run(); err != nil {
+		t.Fatal(err)
+	}
+	count := env.GetInt("count")
+	if count != 2 {
+		t.Fatalf("There must be 2 subscribers, got %d", count)
+	}
+}
diff --git a/components/engine/server/events.go b/components/engine/server/events.go
deleted file mode 100644
index 214dd69e04..0000000000
--- a/components/engine/server/events.go
+++ /dev/null
@@ -1,108 +0,0 @@
-// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
-//
-// For additional commments see server/server.go
-//
-package server
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/utils"
-)
-
-func (srv *Server) Events(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s", job.Name)
-	}
-
-	var (
-		since   = job.GetenvInt64("since")
-		until   = job.GetenvInt64("until")
-		timeout = time.NewTimer(time.Unix(until, 0).Sub(time.Now()))
-	)
-
-	// If no until, disable timeout
-	if until == 0 {
-		timeout.Stop()
-	}
-
-	listener := make(chan utils.JSONMessage)
-	srv.eventPublisher.Subscribe(listener)
-	defer srv.eventPublisher.Unsubscribe(listener)
-
-	// When sending an event JSON serialization errors are ignored, but all
-	// other errors lead to the eviction of the listener.
-	sendEvent := func(event *utils.JSONMessage) error {
-		if b, err := json.Marshal(event); err == nil {
-			if _, err = job.Stdout.Write(b); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-
-	job.Stdout.Write(nil)
-
-	// Resend every event in the [since, until] time interval.
-	if since != 0 {
-		for _, event := range srv.GetEvents() {
-			if event.Time >= since && (event.Time <= until || until == 0) {
-				if err := sendEvent(&event); err != nil {
-					return job.Error(err)
-				}
-			}
-		}
-	}
-
-	for {
-		select {
-		case event, ok := <-listener:
-			if !ok {
-				return engine.StatusOK
-			}
-			if err := sendEvent(&event); err != nil {
-				return job.Error(err)
-			}
-		case <-timeout.C:
-			return engine.StatusOK
-		}
-	}
-}
-
-// FIXME: this is a shim to allow breaking up other parts of Server without
-// dragging the sphagetti dependency along.
-func (srv *Server) Log(job *engine.Job) engine.Status {
-	if len(job.Args) != 3 {
-		return job.Errorf("usage: %s ACTION ID FROM", job.Name)
-	}
-	srv.LogEvent(job.Args[0], job.Args[1], job.Args[2])
-	return engine.StatusOK
-}
-
-func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage {
-	now := time.Now().UTC().Unix()
-	jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now}
-	srv.AddEvent(jm)
-	srv.eventPublisher.Publish(jm)
-	return &jm
-}
-
-func (srv *Server) AddEvent(jm utils.JSONMessage) {
-	srv.Lock()
-	if len(srv.events) == cap(srv.events) {
-		// discard oldest event
-		copy(srv.events, srv.events[1:])
-		srv.events[len(srv.events)-1] = jm
-	} else {
-		srv.events = append(srv.events, jm)
-	}
-	srv.Unlock()
-}
-
-func (srv *Server) GetEvents() []utils.JSONMessage {
-	srv.RLock()
-	defer srv.RUnlock()
-	return srv.events
-}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index a3866e7bef..1814e6f534 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,12 +86,10 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"info":   srv.DockerInfo,
-		"log":    srv.Log,
-		"build":  srv.Build,
-		"pull":   srv.ImagePull,
-		"events": srv.Events,
-		"push":   srv.ImagePush,
+		"info":  srv.DockerInfo,
+		"build": srv.Build,
+		"pull":  srv.ImagePull,
+		"push":  srv.ImagePush,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)
@@ -117,12 +115,10 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error)
 		return nil, err
 	}
 	srv := &Server{
-		Eng:            eng,
-		daemon:         daemon,
-		pullingPool:    make(map[string]chan struct{}),
-		pushingPool:    make(map[string]chan struct{}),
-		events:         make([]utils.JSONMessage, 0, 64), //only keeps the 64 last events
-		eventPublisher: utils.NewJSONMessagePublisher(),
+		Eng:         eng,
+		daemon:      daemon,
+		pullingPool: make(map[string]chan struct{}),
+		pushingPool: make(map[string]chan struct{}),
 	}
 	daemon.SetServer(srv)
 	return srv, nil
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index afa4f65f3c..3c8f0708a9 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -67,6 +67,11 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 		initPath = srv.daemon.SystemInitPath()
 	}
 
+	cjob := job.Eng.Job("subscribers_count")
+	env, _ := cjob.Stdout.AddEnv()
+	if err := cjob.Run(); err != nil {
+		return job.Error(err)
+	}
 	v := &engine.Env{}
 	v.SetInt("Containers", len(srv.daemon.List()))
 	v.SetInt("Images", imgcount)
@@ -79,7 +84,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	v.SetInt("NFd", utils.GetTotalUsedFds())
 	v.SetInt("NGoroutines", runtime.NumGoroutine())
 	v.Set("ExecutionDriver", srv.daemon.ExecutionDriver().Name())
-	v.SetInt("NEventsListener", srv.eventPublisher.SubscribersCount())
+	v.SetInt("NEventsListener", env.GetInt("count"))
 	v.Set("KernelVersion", kernelVersion)
 	v.Set("OperatingSystem", operatingSystem)
 	v.Set("IndexServerAddress", registry.IndexServerAddress())
@@ -128,12 +133,10 @@ func (srv *Server) Close() error {
 
 type Server struct {
 	sync.RWMutex
-	daemon         *daemon.Daemon
-	pullingPool    map[string]chan struct{}
-	pushingPool    map[string]chan struct{}
-	events         []utils.JSONMessage
-	eventPublisher *utils.JSONMessagePublisher
-	Eng            *engine.Engine
-	running        bool
-	tasks          sync.WaitGroup
+	daemon      *daemon.Daemon
+	pullingPool map[string]chan struct{}
+	pushingPool map[string]chan struct{}
+	Eng         *engine.Engine
+	running     bool
+	tasks       sync.WaitGroup
 }
diff --git a/components/engine/server/server_unit_test.go b/components/engine/server/server_unit_test.go
index 91ca709f4f..16f06c145e 100644
--- a/components/engine/server/server_unit_test.go
+++ b/components/engine/server/server_unit_test.go
@@ -1,11 +1,6 @@
 package server
 
-import (
-	"testing"
-	"time"
-
-	"github.com/docker/docker/utils"
-)
+import "testing"
 
 func TestPools(t *testing.T) {
 	srv := &Server{
@@ -44,55 +39,3 @@ func TestPools(t *testing.T) {
 		t.Fatalf("Expected `Unknown pool type`")
 	}
 }
-
-func TestLogEvent(t *testing.T) {
-	srv := &Server{
-		events:         make([]utils.JSONMessage, 0, 64),
-		eventPublisher: utils.NewJSONMessagePublisher(),
-	}
-
-	srv.LogEvent("fakeaction", "fakeid", "fakeimage")
-
-	listener := make(chan utils.JSONMessage)
-	srv.eventPublisher.Subscribe(listener)
-
-	srv.LogEvent("fakeaction2", "fakeid", "fakeimage")
-
-	numEvents := len(srv.GetEvents())
-	if numEvents != 2 {
-		t.Fatalf("Expected 2 events, found %d", numEvents)
-	}
-	go func() {
-		time.Sleep(200 * time.Millisecond)
-		srv.LogEvent("fakeaction3", "fakeid", "fakeimage")
-		time.Sleep(200 * time.Millisecond)
-		srv.LogEvent("fakeaction4", "fakeid", "fakeimage")
-	}()
-
-	setTimeout(t, "Listening for events timed out", 2*time.Second, func() {
-		for i := 2; i < 4; i++ {
-			event := <-listener
-			if event != srv.GetEvents()[i] {
-				t.Fatalf("Event received it different than expected")
-			}
-		}
-	})
-}
-
-// FIXME: this is duplicated from integration/commands_test.go
-func setTimeout(t *testing.T, msg string, d time.Duration, f func()) {
-	c := make(chan bool)
-
-	// Make sure we are not too long
-	go func() {
-		time.Sleep(d)
-		c <- true
-	}()
-	go func() {
-		f()
-		c <- false
-	}()
-	if <-c && msg != "" {
-		t.Fatal(msg)
-	}
-}
diff --git a/components/engine/utils/jsonmessagepublisher.go b/components/engine/utils/jsonmessagepublisher.go
deleted file mode 100644
index 659e6c8304..0000000000
--- a/components/engine/utils/jsonmessagepublisher.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package utils
-
-import (
-	"sync"
-	"time"
-)
-
-func NewJSONMessagePublisher() *JSONMessagePublisher {
-	return &JSONMessagePublisher{}
-}
-
-type JSONMessageListener chan<- JSONMessage
-
-type JSONMessagePublisher struct {
-	m           sync.RWMutex
-	subscribers []JSONMessageListener
-}
-
-func (p *JSONMessagePublisher) Subscribe(l JSONMessageListener) {
-	p.m.Lock()
-	p.subscribers = append(p.subscribers, l)
-	p.m.Unlock()
-}
-
-func (p *JSONMessagePublisher) SubscribersCount() int {
-	p.m.RLock()
-	count := len(p.subscribers)
-	p.m.RUnlock()
-	return count
-}
-
-// Unsubscribe closes and removes the specified listener from the list of
-// previously registed ones.
-// It returns a boolean value indicating if the listener was successfully
-// found, closed and unregistered.
-func (p *JSONMessagePublisher) Unsubscribe(l JSONMessageListener) bool {
-	p.m.Lock()
-	defer p.m.Unlock()
-
-	for i, subscriber := range p.subscribers {
-		if subscriber == l {
-			close(l)
-			p.subscribers = append(p.subscribers[:i], p.subscribers[i+1:]...)
-			return true
-		}
-	}
-	return false
-}
-
-func (p *JSONMessagePublisher) Publish(m JSONMessage) {
-	p.m.RLock()
-	for _, subscriber := range p.subscribers {
-		// We give each subscriber a 100ms time window to receive the event,
-		// after which we move to the next.
-		select {
-		case subscriber <- m:
-		case <-time.After(100 * time.Millisecond):
-		}
-	}
-	p.m.RUnlock()
-}
diff --git a/components/engine/utils/jsonmessagepublisher_test.go b/components/engine/utils/jsonmessagepublisher_test.go
deleted file mode 100644
index 2e1a820ca3..0000000000
--- a/components/engine/utils/jsonmessagepublisher_test.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package utils
-
-import (
-	"testing"
-	"time"
-)
-
-func assertSubscribersCount(t *testing.T, q *JSONMessagePublisher, expected int) {
-	if q.SubscribersCount() != expected {
-		t.Fatalf("Expected %d registered subscribers, got %d", expected, q.SubscribersCount())
-	}
-}
-
-func TestJSONMessagePublisherSubscription(t *testing.T) {
-	q := NewJSONMessagePublisher()
-	l1 := make(chan JSONMessage)
-	l2 := make(chan JSONMessage)
-
-	assertSubscribersCount(t, q, 0)
-	q.Subscribe(l1)
-	assertSubscribersCount(t, q, 1)
-	q.Subscribe(l2)
-	assertSubscribersCount(t, q, 2)
-
-	q.Unsubscribe(l1)
-	q.Unsubscribe(l2)
-	assertSubscribersCount(t, q, 0)
-}
-
-func TestJSONMessagePublisherPublish(t *testing.T) {
-	q := NewJSONMessagePublisher()
-	l1 := make(chan JSONMessage)
-	l2 := make(chan JSONMessage)
-
-	go func() {
-		for {
-			select {
-			case <-l1:
-				close(l1)
-				l1 = nil
-			case <-l2:
-				close(l2)
-				l2 = nil
-			case <-time.After(1 * time.Second):
-				q.Unsubscribe(l1)
-				q.Unsubscribe(l2)
-				t.Fatal("Timeout waiting for broadcasted message")
-			}
-		}
-	}()
-
-	q.Subscribe(l1)
-	q.Subscribe(l2)
-	q.Publish(JSONMessage{})
-}
-
-func TestJSONMessagePublishTimeout(t *testing.T) {
-	q := NewJSONMessagePublisher()
-	l := make(chan JSONMessage)
-	q.Subscribe(l)
-
-	c := make(chan struct{})
-	go func() {
-		q.Publish(JSONMessage{})
-		close(c)
-	}()
-
-	select {
-	case <-c:
-	case <-time.After(time.Second):
-		t.Fatal("Timeout publishing message")
-	}
-}

From a40eb6a2320ab2243c7ca0177b4e850b6764eb8e Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 09:28:30 +0000
Subject: [PATCH 369/516] Rename "log_event" to "log"

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 1c11d7f93e2070c94ad22dfec3336eb1cd548280
Component: engine
---
 components/engine/daemon/container.go    | 2 +-
 components/engine/daemon/image_delete.go | 4 ++--
 components/engine/events/events.go       | 2 +-
 components/engine/events/events_test.go  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index bd97f00f88..9517e28469 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -170,7 +170,7 @@ func (container *Container) WriteHostConfig() error {
 
 func (container *Container) LogEvent(action string) {
 	d := container.daemon
-	if err := d.eng.Job("log_event", action, container.ID, d.Repositories().ImageName(container.Image)).Run(); err != nil {
+	if err := d.eng.Job("log", action, container.ID, d.Repositories().ImageName(container.Image)).Run(); err != nil {
 		utils.Errorf("Error running container: %s", err)
 	}
 }
diff --git a/components/engine/daemon/image_delete.go b/components/engine/daemon/image_delete.go
index dd3e584e23..77e8f85907 100644
--- a/components/engine/daemon/image_delete.go
+++ b/components/engine/daemon/image_delete.go
@@ -93,7 +93,7 @@ func (daemon *Daemon) DeleteImage(eng *engine.Engine, name string, imgs *engine.
 			out := &engine.Env{}
 			out.Set("Untagged", repoName+":"+tag)
 			imgs.Add(out)
-			eng.Job("log_event", "untag", img.ID, "").Run()
+			eng.Job("log", "untag", img.ID, "").Run()
 		}
 	}
 	tags = daemon.Repositories().ByID()[img.ID]
@@ -111,7 +111,7 @@ func (daemon *Daemon) DeleteImage(eng *engine.Engine, name string, imgs *engine.
 			out := &engine.Env{}
 			out.Set("Deleted", img.ID)
 			imgs.Add(out)
-			eng.Job("log_event", "delete", img.ID, "").Run()
+			eng.Job("log", "delete", img.ID, "").Run()
 			if img.Parent != "" && !noprune {
 				err := daemon.DeleteImage(eng, img.Parent, imgs, false, force, noprune)
 				if first {
diff --git a/components/engine/events/events.go b/components/engine/events/events.go
index 01965b3e3b..57a82cada0 100644
--- a/components/engine/events/events.go
+++ b/components/engine/events/events.go
@@ -30,7 +30,7 @@ func (e *Events) Install(eng *engine.Engine) error {
 	// Here you should describe public interface
 	jobs := map[string]engine.Handler{
 		"events":            e.Get,
-		"log_event":         e.Log,
+		"log":               e.Log,
 		"subscribers_count": e.SubscribersCount,
 	}
 	for name, job := range jobs {
diff --git a/components/engine/events/events_test.go b/components/engine/events/events_test.go
index d07d5d1eff..d4fc664baa 100644
--- a/components/engine/events/events_test.go
+++ b/components/engine/events/events_test.go
@@ -88,7 +88,7 @@ func TestLogEvents(t *testing.T) {
 		action := fmt.Sprintf("action_%d", i)
 		id := fmt.Sprintf("cont_%d", i)
 		from := fmt.Sprintf("image_%d", i)
-		job := eng.Job("log_event", action, id, from)
+		job := eng.Job("log", action, id, from)
 		if err := job.Run(); err != nil {
 			t.Fatal(err)
 		}

From c3b263a99f66600c1197cce012f86a8950815acb Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 10:25:14 +0000
Subject: [PATCH 370/516] Add maintainers to daemon/ and graph/

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 5240e5f71380b68792abcd3cf54283385ec7a4f0
Component: engine
---
 components/engine/daemon/MAINTAINERS | 5 +++++
 components/engine/graph/MAINTAINERS  | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 components/engine/graph/MAINTAINERS

diff --git a/components/engine/daemon/MAINTAINERS b/components/engine/daemon/MAINTAINERS
index 7ab013cd82..434aad9d57 100644
--- a/components/engine/daemon/MAINTAINERS
+++ b/components/engine/daemon/MAINTAINERS
@@ -1 +1,6 @@
+Solomon Hykes <solomon@docker.com> (@shykes)
+Victor Vieux <vieux@docker.com> (@vieux)
+Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)
+Tibor Vass <teabee89@gmail.com> (@tiborvass)
 volumes.go: Brian Goff <cpuguy83@gmail.com> (@cpuguy83)
diff --git a/components/engine/graph/MAINTAINERS b/components/engine/graph/MAINTAINERS
new file mode 100644
index 0000000000..e409454b5e
--- /dev/null
+++ b/components/engine/graph/MAINTAINERS
@@ -0,0 +1,5 @@
+Solomon Hykes <solomon@docker.com> (@shykes)
+Victor Vieux <vieux@docker.com> (@vieux)
+Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)
+Tibor Vass <teabee89@gmail.com> (@tiborvass)

From c1114b18059095b877c2ec43c1e7d088dbb98d8b Mon Sep 17 00:00:00 2001
From: Eric Windisch <eric@windisch.us>
Date: Wed, 6 Aug 2014 11:54:13 -0400
Subject: [PATCH 371/516] Container name lookups to prefer IDs over names

Lookups of container names should prefer the ID over
names assigned to containers by users.

Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 231e07ded4debc69422696cacc069a47a77e3175
Component: engine
---
 components/engine/daemon/daemon.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 3da5422c6e..18b54e9f1b 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -138,16 +138,13 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 // Get looks for a container by the specified ID or name, and returns it.
 // If the container is not found, or if an error occurs, nil is returned.
 func (daemon *Daemon) Get(name string) *Container {
+	if id, err := daemon.idIndex.Get(name); err == nil {
+		return daemon.containers.Get(id)
+	}
 	if c, _ := daemon.GetByName(name); c != nil {
 		return c
 	}
-
-	id, err := daemon.idIndex.Get(name)
-	if err != nil {
-		return nil
-	}
-
-	return daemon.containers.Get(id)
+	return nil
 }
 
 // Exists returns a true if a container of the specified ID or name exists,

From d8f986587046d529bba1437ad46d46bf4cf43811 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 10:00:05 +0000
Subject: [PATCH 372/516] Subsystems can register cleanup handlers with
 Engine.OnShutdown

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: d745067487fe2a750cfa2625ed7f652a56abc17c
Component: engine
---
 components/engine/engine/engine.go | 84 +++++++++++++++++++++++++++---
 components/engine/engine/job.go    |  7 +++
 2 files changed, 83 insertions(+), 8 deletions(-)

diff --git a/components/engine/engine/engine.go b/components/engine/engine/engine.go
index 0008d605d0..299b0c05fb 100644
--- a/components/engine/engine/engine.go
+++ b/components/engine/engine/engine.go
@@ -7,6 +7,8 @@ import (
 	"os"
 	"sort"
 	"strings"
+	"sync"
+	"time"
 
 	"github.com/docker/docker/utils"
 )
@@ -43,14 +45,18 @@ func unregister(name string) {
 // It acts as a store for *containers*, and allows manipulation of these
 // containers by executing *jobs*.
 type Engine struct {
-	handlers map[string]Handler
-	catchall Handler
-	hack     Hack // data for temporary hackery (see hack.go)
-	id       string
-	Stdout   io.Writer
-	Stderr   io.Writer
-	Stdin    io.Reader
-	Logging  bool
+	handlers   map[string]Handler
+	catchall   Handler
+	hack       Hack // data for temporary hackery (see hack.go)
+	id         string
+	Stdout     io.Writer
+	Stderr     io.Writer
+	Stdin      io.Reader
+	Logging    bool
+	tasks      sync.WaitGroup
+	l          sync.RWMutex // lock for shutdown
+	shutdown   bool
+	onShutdown []func() // shutdown handlers
 }
 
 func (eng *Engine) Register(name string, handler Handler) error {
@@ -130,6 +136,68 @@ func (eng *Engine) Job(name string, args ...string) *Job {
 	return job
 }
 
+// OnShutdown registers a new callback to be called by Shutdown.
+// This is typically used by services to perform cleanup.
+func (eng *Engine) OnShutdown(h func()) {
+	eng.l.Lock()
+	eng.onShutdown = append(eng.onShutdown, h)
+	eng.l.Unlock()
+}
+
+// Shutdown permanently shuts down eng as follows:
+// - It refuses all new jobs, permanently.
+// - It waits for all active jobs to complete (with no timeout)
+// - It calls all shutdown handlers concurrently (if any)
+// - It returns when all handlers complete, or after 15 seconds,
+//	whichever happens first.
+func (eng *Engine) Shutdown() {
+	eng.l.Lock()
+	if eng.shutdown {
+		eng.l.Unlock()
+		return
+	}
+	eng.shutdown = true
+	eng.l.Unlock()
+	// We don't need to protect the rest with a lock, to allow
+	// for other calls to immediately fail with "shutdown" instead
+	// of hanging for 15 seconds.
+	// This requires all concurrent calls to check for shutdown, otherwise
+	// it might cause a race.
+
+	// Wait for all jobs to complete
+	eng.tasks.Wait()
+
+	// Call shutdown handlers, if any.
+	// Timeout after 15 seconds.
+	var wg sync.WaitGroup
+	for _, h := range eng.onShutdown {
+		wg.Add(1)
+		go func(h func()) {
+			defer wg.Done()
+			h()
+		}(h)
+	}
+	done := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(done)
+	}()
+	select {
+	case <-time.After(time.Second * 15):
+	case <-done:
+	}
+	return
+}
+
+// IsShutdown returns true if the engine is in the process
+// of shutting down, or already shut down.
+// Otherwise it returns false.
+func (eng *Engine) IsShutdown() bool {
+	eng.l.RLock()
+	defer eng.l.RUnlock()
+	return eng.shutdown
+}
+
 // ParseJob creates a new job from a text description using a shell-like syntax.
 //
 // The following syntax is used to parse `input`:
diff --git a/components/engine/engine/job.go b/components/engine/engine/job.go
index ab8120dd44..efcb3058d7 100644
--- a/components/engine/engine/job.go
+++ b/components/engine/engine/job.go
@@ -47,6 +47,13 @@ const (
 // If the job returns a failure status, an error is returned
 // which includes the status.
 func (job *Job) Run() error {
+	if job.Eng.IsShutdown() {
+		return fmt.Errorf("engine is shutdown")
+	}
+	job.Eng.l.Lock()
+	job.Eng.tasks.Add(1)
+	job.Eng.l.Unlock()
+	defer job.Eng.tasks.Done()
 	// FIXME: make this thread-safe
 	// FIXME: implement wait
 	if !job.end.IsZero() {

From 73ece469789baf70d83716f7826363b03e6b8d0b Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 16:32:24 +0000
Subject: [PATCH 373/516] Move signal handling code to pkg/signal.Trap

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: d55e3fea72efb2ae24e4fe1781bbe9002846f4d3
Component: engine
---
 components/engine/pkg/signal/trap.go | 53 ++++++++++++++++++++++++++++
 components/engine/server/init.go     | 42 +++-------------------
 2 files changed, 58 insertions(+), 37 deletions(-)
 create mode 100644 components/engine/pkg/signal/trap.go

diff --git a/components/engine/pkg/signal/trap.go b/components/engine/pkg/signal/trap.go
new file mode 100644
index 0000000000..0f44481c2f
--- /dev/null
+++ b/components/engine/pkg/signal/trap.go
@@ -0,0 +1,53 @@
+package signal
+
+import (
+	"log"
+	"os"
+	gosignal "os/signal"
+	"sync/atomic"
+	"syscall"
+)
+
+// Trap sets up a simplified signal "trap", appropriate for common
+// behavior expected from a vanilla unix command-line tool in general
+// (and the Docker engine in particular).
+//
+// * If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated.
+// * If SIGINT or SIGTERM are repeated 3 times before cleanup is complete, then cleanup is
+// skipped and the process terminated directly.
+// * If "DEBUG" is set in the environment, SIGQUIT causes an exit without cleanup.
+//
+func Trap(cleanup func()) {
+	c := make(chan os.Signal, 1)
+	signals := []os.Signal{os.Interrupt, syscall.SIGTERM}
+	if os.Getenv("DEBUG") == "" {
+		signals = append(signals, syscall.SIGQUIT)
+	}
+	gosignal.Notify(c, signals...)
+	go func() {
+		interruptCount := uint32(0)
+		for sig := range c {
+			go func(sig os.Signal) {
+				log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
+				switch sig {
+				case os.Interrupt, syscall.SIGTERM:
+					// If the user really wants to interrupt, let him do so.
+					if atomic.LoadUint32(&interruptCount) < 3 {
+						atomic.AddUint32(&interruptCount, 1)
+						// Initiate the cleanup only once
+						if atomic.LoadUint32(&interruptCount) == 1 {
+							// Call cleanup handler
+							cleanup()
+						} else {
+							return
+						}
+					} else {
+						log.Printf("Force shutdown of docker, interrupting cleanup\n")
+					}
+				case syscall.SIGQUIT:
+				}
+				os.Exit(128 + int(sig.(syscall.Signal)))
+			}(sig)
+		}
+	}()
+}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 082fb0d1cd..c18fd90b4a 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -6,15 +6,11 @@ package server
 
 import (
 	"fmt"
-	"log"
-	"os"
-	gosignal "os/signal"
-	"sync/atomic"
-	"syscall"
 
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/utils"
 )
 
@@ -50,38 +46,10 @@ func InitServer(job *engine.Job) engine.Status {
 		return job.Error(err)
 	}
 	job.Logf("Setting up signal traps")
-	c := make(chan os.Signal, 1)
-	signals := []os.Signal{os.Interrupt, syscall.SIGTERM}
-	if os.Getenv("DEBUG") == "" {
-		signals = append(signals, syscall.SIGQUIT)
-	}
-	gosignal.Notify(c, signals...)
-	go func() {
-		interruptCount := uint32(0)
-		for sig := range c {
-			go func(sig os.Signal) {
-				log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
-				switch sig {
-				case os.Interrupt, syscall.SIGTERM:
-					// If the user really wants to interrupt, let him do so.
-					if atomic.LoadUint32(&interruptCount) < 3 {
-						atomic.AddUint32(&interruptCount, 1)
-						// Initiate the cleanup only once
-						if atomic.LoadUint32(&interruptCount) == 1 {
-							utils.RemovePidFile(srv.daemon.Config().Pidfile)
-							srv.Close()
-						} else {
-							return
-						}
-					} else {
-						log.Printf("Force shutdown of docker, interrupting cleanup\n")
-					}
-				case syscall.SIGQUIT:
-				}
-				os.Exit(128 + int(sig.(syscall.Signal)))
-			}(sig)
-		}
-	}()
+	signal.Trap(func() {
+		utils.RemovePidFile(srv.daemon.Config().Pidfile)
+		srv.Close()
+	})
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 

From 727879ad534d629d04745bf52b5babd7b002222e Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 08:12:22 +0000
Subject: [PATCH 374/516] Cleanup: refactor shutdown and signal handling
 facility

This disentangles the following functions, which were previously all mixed together:

* 1) Waiting for jobs to terminate when shutting down
* 2) Handling signals in the Docker daemon
* 3) Per-subsystem cleanup handlers
* 4) pidfile management

Responsibilities are dispatched as follows:

* Signal traps are set in `main`, and trigger `engine.Shutdown`
* `engine.Shutdown` coordinates cleanup by waiting for jobs to complete, and calling shutdown handlers
* To perform cleanup at shutdown, each subsystem registers handlers with `engine.OnShutdown`
* `daemon` is one subsystem, so it registers cleanup via `engine.OnShutdown`.
* `daemon` owns the pidfile, which is used to lock access to `/var/lib/docker`. Part of its cleanup is to remove the pidfile.

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: c9f3fd3fc7a4beb97de40ef8da7330b23397d9d3
Component: engine
---
 components/engine/daemon/daemon.go | 62 +++++++++++++++++-------------
 components/engine/docker/daemon.go |  2 +
 components/engine/server/init.go   |  9 +----
 components/engine/server/server.go | 22 -----------
 4 files changed, 40 insertions(+), 55 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 4753219652..3e990f449d 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -667,6 +667,20 @@ func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error)
 }
 
 func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
+	// Claim the pidfile first, to avoid any and all unexpected race conditions.
+	// Some of the init doesn't need a pidfile lock - but let's not try to be smart.
+	if config.Pidfile != "" {
+		if err := utils.CreatePidFile(config.Pidfile); err != nil {
+			return nil, err
+		}
+		eng.OnShutdown(func() {
+			// Always release the pidfile last, just in case
+			utils.RemovePidFile(config.Pidfile)
+		})
+	}
+
+	// Check that the system is supported and we have sufficient privileges
+	// FIXME: return errors instead of calling Fatal
 	if runtime.GOOS != "linux" {
 		log.Fatalf("The Docker daemon is only supported on linux")
 	}
@@ -819,13 +833,32 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 		eng:            eng,
 		Sockets:        config.Sockets,
 	}
-
 	if err := daemon.checkLocaldns(); err != nil {
 		return nil, err
 	}
 	if err := daemon.restore(); err != nil {
 		return nil, err
 	}
+	// Setup shutdown handlers
+	// FIXME: can these shutdown handlers be registered closer to their source?
+	eng.OnShutdown(func() {
+		// FIXME: if these cleanup steps can be called concurrently, register
+		// them as separate handlers to speed up total shutdown time
+		// FIXME: use engine logging instead of utils.Errorf
+		if err := daemon.shutdown(); err != nil {
+			utils.Errorf("daemon.shutdown(): %s", err)
+		}
+		if err := portallocator.ReleaseAll(); err != nil {
+			utils.Errorf("portallocator.ReleaseAll(): %s", err)
+		}
+		if err := daemon.driver.Cleanup(); err != nil {
+			utils.Errorf("daemon.driver.Cleanup(): %s", err.Error())
+		}
+		if err := daemon.containerGraph.Close(); err != nil {
+			utils.Errorf("daemon.containerGraph.Close(): %s", err.Error())
+		}
+	})
+
 	return daemon, nil
 }
 
@@ -853,30 +886,6 @@ func (daemon *Daemon) shutdown() error {
 	return nil
 }
 
-func (daemon *Daemon) Close() error {
-	errorsStrings := []string{}
-	if err := daemon.shutdown(); err != nil {
-		utils.Errorf("daemon.shutdown(): %s", err)
-		errorsStrings = append(errorsStrings, err.Error())
-	}
-	if err := portallocator.ReleaseAll(); err != nil {
-		utils.Errorf("portallocator.ReleaseAll(): %s", err)
-		errorsStrings = append(errorsStrings, err.Error())
-	}
-	if err := daemon.driver.Cleanup(); err != nil {
-		utils.Errorf("daemon.driver.Cleanup(): %s", err.Error())
-		errorsStrings = append(errorsStrings, err.Error())
-	}
-	if err := daemon.containerGraph.Close(); err != nil {
-		utils.Errorf("daemon.containerGraph.Close(): %s", err.Error())
-		errorsStrings = append(errorsStrings, err.Error())
-	}
-	if len(errorsStrings) > 0 {
-		return fmt.Errorf("%s", strings.Join(errorsStrings, ", "))
-	}
-	return nil
-}
-
 func (daemon *Daemon) Mount(container *Container) error {
 	dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
 	if err != nil {
@@ -967,6 +976,8 @@ func (daemon *Daemon) Kill(c *Container, sig int) error {
 // from the content root, including images, volumes and
 // container filesystems.
 // Again: this will remove your entire docker daemon!
+// FIXME: this is deprecated, and only used in legacy
+// tests. Please remove.
 func (daemon *Daemon) Nuke() error {
 	var wg sync.WaitGroup
 	for _, container := range daemon.List() {
@@ -977,7 +988,6 @@ func (daemon *Daemon) Nuke() error {
 		}(container)
 	}
 	wg.Wait()
-	daemon.Close()
 
 	return os.RemoveAll(daemon.config.Root)
 }
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 4b994e9629..caaf94e06d 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -10,6 +10,7 @@ import (
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
 	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/sysinit"
 )
 
@@ -39,6 +40,7 @@ func mainDaemon() {
 	}
 
 	eng := engine.New()
+	signal.Trap(eng.Shutdown)
 	// Load builtins
 	if err := builtins.Register(eng); err != nil {
 		log.Fatal(err)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index c18fd90b4a..f815b8e61b 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -10,7 +10,6 @@ import (
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/utils"
 )
 
@@ -41,15 +40,11 @@ func InitPidfile(job *engine.Job) engine.Status {
 // The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
 func InitServer(job *engine.Job) engine.Status {
 	job.Logf("Creating server")
-	srv, err := NewServer(job.Eng, daemonconfig.ConfigFromJob(job))
+	cfg := daemonconfig.ConfigFromJob(job)
+	srv, err := NewServer(job.Eng, cfg)
 	if err != nil {
 		return job.Error(err)
 	}
-	job.Logf("Setting up signal traps")
-	signal.Trap(func() {
-		utils.RemovePidFile(srv.daemon.Config().Pidfile)
-		srv.Close()
-	})
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index e5233a604c..c185a6951e 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -23,7 +23,6 @@ package server
 
 import (
 	"sync"
-	"time"
 
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
@@ -42,27 +41,6 @@ func (srv *Server) IsRunning() bool {
 	return srv.running
 }
 
-func (srv *Server) Close() error {
-	if srv == nil {
-		return nil
-	}
-	srv.SetRunning(false)
-	done := make(chan struct{})
-	go func() {
-		srv.tasks.Wait()
-		close(done)
-	}()
-	select {
-	// Waiting server jobs for 15 seconds, shutdown immediately after that time
-	case <-time.After(time.Second * 15):
-	case <-done:
-	}
-	if srv.daemon == nil {
-		return nil
-	}
-	return srv.daemon.Close()
-}
-
 type Server struct {
 	sync.RWMutex
 	daemon      *daemon.Daemon

From c8882ce9111c9850053d4da91a6b6d4cdb39f0e7 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 07:21:05 +0000
Subject: [PATCH 375/516] Remove unnecessary job "initserverpidfile"

That job was a hacky solution to a real race condition. This removes the
hack without re-introducing the race.

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: b4efcd53e0a62a8ce1080e94e28358ac1a2d6ae2
Component: engine
---
 components/engine/builtins/builtins.go |  3 ---
 components/engine/docker/daemon.go     |  8 --------
 components/engine/server/init.go       | 14 --------------
 3 files changed, 25 deletions(-)

diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index 75f9d4ce34..ea1e7c6b84 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -54,9 +54,6 @@ func remote(eng *engine.Engine) error {
 // These components should be broken off into plugins of their own.
 //
 func daemon(eng *engine.Engine) error {
-	if err := eng.Register("initserverpidfile", server.InitPidfile); err != nil {
-		return err
-	}
 	if err := eng.Register("initserver", server.InitServer); err != nil {
 		return err
 	}
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index caaf94e06d..15d9c4856f 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -46,14 +46,6 @@ func mainDaemon() {
 		log.Fatal(err)
 	}
 
-	// handle the pidfile early. https://github.com/docker/docker/issues/6973
-	if len(*pidfile) > 0 {
-		job := eng.Job("initserverpidfile", *pidfile)
-		if err := job.Run(); err != nil {
-			log.Fatal(err)
-		}
-	}
-
 	// load the daemon in the background so we can immediately start
 	// the http api so that connections don't fail while the daemon
 	// is booting
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index f815b8e61b..f389fd4f38 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -5,12 +5,9 @@
 package server
 
 import (
-	"fmt"
-
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/utils"
 )
 
 func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
@@ -24,17 +21,6 @@ func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
 	}
 }
 
-func InitPidfile(job *engine.Job) engine.Status {
-	if len(job.Args) == 0 {
-		return job.Error(fmt.Errorf("no pidfile provided to initialize"))
-	}
-	job.Logf("Creating pidfile")
-	if err := utils.CreatePidFile(job.Args[0]); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 // jobInitApi runs the remote api server `srv` as a daemon,
 // Only one api server can run at the same time - this is enforced by a pidfile.
 // The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.

From 812a1a7ed4fa9c0892edbff0b4b63f801c1e045a Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 5 Aug 2014 07:56:29 +0000
Subject: [PATCH 376/516] Replace Server.IsRunning with Engine.IsShutdown

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 78f0a914ee982126793534286682e6c6e4270e97
Component: engine
---
 components/engine/daemon/container.go |  7 +++----
 components/engine/daemon/server.go    |  2 +-
 components/engine/server/init.go      |  4 ----
 components/engine/server/server.go    | 14 --------------
 4 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 1eaac8f3b5..871b1d67cf 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -517,10 +517,9 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 	if container.daemon != nil && container.daemon.srv != nil {
 		container.LogEvent("die")
 	}
-	if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
-		// FIXME: here is race condition between two RUN instructions in Dockerfile
-		// because they share same runconfig and change image. Must be fixed
-		// in builder/builder.go
+	// If the engine is shutting down, don't save the container state as stopped.
+	// This will cause it to be restarted when the engine is restarted.
+	if container.daemon != nil && container.daemon.eng != nil && !container.daemon.eng.IsShutdown() {
 		if err := container.toDisk(); err != nil {
 			utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
 		}
diff --git a/components/engine/daemon/server.go b/components/engine/daemon/server.go
index 12fb0f57c8..af923d935a 100644
--- a/components/engine/daemon/server.go
+++ b/components/engine/daemon/server.go
@@ -1,5 +1,5 @@
 package daemon
 
+// FIXME: this shim interface is no longer needed, it can be removed
 type Server interface {
-	IsRunning() bool // returns true if the server is currently in operation
 }
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index f389fd4f38..3cd472149e 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -12,9 +12,6 @@ import (
 
 func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
 	return func(job *engine.Job) engine.Status {
-		if !srv.IsRunning() {
-			return job.Errorf("Server is not running")
-		}
 		srv.tasks.Add(1)
 		defer srv.tasks.Done()
 		return h(job)
@@ -53,7 +50,6 @@ func InitServer(job *engine.Job) engine.Status {
 	if err := srv.daemon.Install(job.Eng); err != nil {
 		return job.Error(err)
 	}
-	srv.SetRunning(true)
 	return engine.StatusOK
 }
 
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index c185a6951e..21b271d87c 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -28,25 +28,11 @@ import (
 	"github.com/docker/docker/engine"
 )
 
-func (srv *Server) SetRunning(status bool) {
-	srv.Lock()
-	defer srv.Unlock()
-
-	srv.running = status
-}
-
-func (srv *Server) IsRunning() bool {
-	srv.RLock()
-	defer srv.RUnlock()
-	return srv.running
-}
-
 type Server struct {
 	sync.RWMutex
 	daemon      *daemon.Daemon
 	pullingPool map[string]chan struct{}
 	pushingPool map[string]chan struct{}
 	Eng         *engine.Engine
-	running     bool
 	tasks       sync.WaitGroup
 }

From f56c09a5b438059fcdd2289a47733a72f2259a95 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 12:08:05 +0000
Subject: [PATCH 377/516] Extra testing for engine.Shutdown

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 61eab759397a0915a0dd69de399d49d2a0ed0ba6
Component: engine
---
 components/engine/engine/shutdown_test.go | 80 +++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 components/engine/engine/shutdown_test.go

diff --git a/components/engine/engine/shutdown_test.go b/components/engine/engine/shutdown_test.go
new file mode 100644
index 0000000000..13d8049267
--- /dev/null
+++ b/components/engine/engine/shutdown_test.go
@@ -0,0 +1,80 @@
+package engine
+
+import (
+	"testing"
+	"time"
+)
+
+func TestShutdownEmpty(t *testing.T) {
+	eng := New()
+	if eng.IsShutdown() {
+		t.Fatalf("IsShutdown should be false")
+	}
+	eng.Shutdown()
+	if !eng.IsShutdown() {
+		t.Fatalf("IsShutdown should be true")
+	}
+}
+
+func TestShutdownAfterRun(t *testing.T) {
+	eng := New()
+	var called bool
+	eng.Register("foo", func(job *Job) Status {
+		called = true
+		return StatusOK
+	})
+	if err := eng.Job("foo").Run(); err != nil {
+		t.Fatal(err)
+	}
+	eng.Shutdown()
+	if err := eng.Job("foo").Run(); err == nil {
+		t.Fatalf("%#v", *eng)
+	}
+}
+
+// An approximate and racy, but better-than-nothing test that
+//
+func TestShutdownDuringRun(t *testing.T) {
+	var (
+		jobDelay     time.Duration = 500 * time.Millisecond
+		jobDelayLow  time.Duration = 100 * time.Millisecond
+		jobDelayHigh time.Duration = 700 * time.Millisecond
+	)
+	eng := New()
+	var completed bool
+	eng.Register("foo", func(job *Job) Status {
+		time.Sleep(jobDelay)
+		completed = true
+		return StatusOK
+	})
+	go eng.Job("foo").Run()
+	time.Sleep(50 * time.Millisecond)
+	done := make(chan struct{})
+	var startShutdown time.Time
+	go func() {
+		startShutdown = time.Now()
+		eng.Shutdown()
+		close(done)
+	}()
+	time.Sleep(50 * time.Millisecond)
+	if err := eng.Job("foo").Run(); err == nil {
+		t.Fatalf("run on shutdown should fail: %#v", *eng)
+	}
+	<-done
+	// Verify that Shutdown() blocks for roughly 500ms, instead
+	// of returning almost instantly.
+	//
+	// We use >100ms to leave ample margin for race conditions between
+	// goroutines. It's possible (but unlikely in reasonable testing
+	// conditions), that this test will cause a false positive or false
+	// negative. But it's probably better than not having any test
+	// for the 99.999% of time where testing conditions are reasonable.
+	if d := time.Since(startShutdown); d.Nanoseconds() < jobDelayLow.Nanoseconds() {
+		t.Fatalf("shutdown did not block long enough: %v", d)
+	} else if d.Nanoseconds() > jobDelayHigh.Nanoseconds() {
+		t.Fatalf("shutdown blocked too long: %v", d)
+	}
+	if !completed {
+		t.Fatalf("job did not complete")
+	}
+}

From 90ba5c627377741e2c358172dcf12f9884016e27 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 12:31:09 +0000
Subject: [PATCH 378/516] Remove last trace of Daemon->Server dependency

This removes a shim `daemon.Server` interface which was used to start
separating Daemon from Server *gradually*, without getting cyclic
dependency errors.

Now that the last Daemon->Server dependency has been removed, we can
finally remove the shim. Yay!

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 20b0841c1bd07c6add812597e0d656d7584e48ac
Component: engine
---
 components/engine/daemon/container.go | 4 +---
 components/engine/daemon/daemon.go    | 5 -----
 components/engine/daemon/server.go    | 5 -----
 components/engine/server/init.go      | 1 -
 4 files changed, 1 insertion(+), 14 deletions(-)
 delete mode 100644 components/engine/daemon/server.go

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 871b1d67cf..612ef6a733 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -514,9 +514,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 	if container.Config.OpenStdin {
 		container.stdin, container.stdinPipe = io.Pipe()
 	}
-	if container.daemon != nil && container.daemon.srv != nil {
-		container.LogEvent("die")
-	}
+	container.LogEvent("die")
 	// If the engine is shutting down, don't save the container state as stopped.
 	// This will cause it to be restarted when the engine is restarted.
 	if container.daemon != nil && container.daemon.eng != nil && !container.daemon.eng.IsShutdown() {
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 3e990f449d..2409b1dc13 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -94,7 +94,6 @@ type Daemon struct {
 	idIndex        *truncindex.TruncIndex
 	sysInfo        *sysinfo.SysInfo
 	volumes        *graph.Graph
-	srv            Server
 	eng            *engine.Engine
 	config         *daemonconfig.Config
 	containerGraph *graphdb.Database
@@ -1032,10 +1031,6 @@ func (daemon *Daemon) ContainerGraph() *graphdb.Database {
 	return daemon.containerGraph
 }
 
-func (daemon *Daemon) SetServer(server Server) {
-	daemon.srv = server
-}
-
 func (daemon *Daemon) checkLocaldns() error {
 	resolvConf, err := resolvconf.Get()
 	if err != nil {
diff --git a/components/engine/daemon/server.go b/components/engine/daemon/server.go
deleted file mode 100644
index af923d935a..0000000000
--- a/components/engine/daemon/server.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package daemon
-
-// FIXME: this shim interface is no longer needed, it can be removed
-type Server interface {
-}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 3cd472149e..3738d0c541 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -64,6 +64,5 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error)
 		pullingPool: make(map[string]chan struct{}),
 		pushingPool: make(map[string]chan struct{}),
 	}
-	daemon.SetServer(srv)
 	return srv, nil
 }

From 145b9864d4d46ea38b54cd55344ce8e4cd078655 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Thu, 7 Aug 2014 20:10:49 +0000
Subject: [PATCH 379/516] Remove unused field from engine.Job

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 92105ea0fa774607ea4c7f487aedfd22eb5598bc
Component: engine
---
 components/engine/engine/job.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/components/engine/engine/job.go b/components/engine/engine/job.go
index efcb3058d7..c05db5616e 100644
--- a/components/engine/engine/job.go
+++ b/components/engine/engine/job.go
@@ -32,7 +32,6 @@ type Job struct {
 	handler Handler
 	status  Status
 	end     time.Time
-	onExit  []func()
 }
 
 type Status int

From a74b20717e0b0bc3f5edda758375cd9955397ee1 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 6 Aug 2014 15:52:11 +0000
Subject: [PATCH 380/516] Engine.Shutdown only waits 5 seconds for active jobs
 to complete

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: eb79dc14fe45f3805d83e5e5e64b335da6389d6a
Component: engine
---
 components/engine/engine/engine.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/components/engine/engine/engine.go b/components/engine/engine/engine.go
index 299b0c05fb..4550df9d1d 100644
--- a/components/engine/engine/engine.go
+++ b/components/engine/engine/engine.go
@@ -164,11 +164,20 @@ func (eng *Engine) Shutdown() {
 	// This requires all concurrent calls to check for shutdown, otherwise
 	// it might cause a race.
 
-	// Wait for all jobs to complete
-	eng.tasks.Wait()
+	// Wait for all jobs to complete.
+	// Timeout after 5 seconds.
+	tasksDone := make(chan struct{})
+	go func() {
+		eng.tasks.Wait()
+		close(tasksDone)
+	}()
+	select {
+	case <-time.After(time.Second * 5):
+	case <-tasksDone:
+	}
 
 	// Call shutdown handlers, if any.
-	// Timeout after 15 seconds.
+	// Timeout after 10 seconds.
 	var wg sync.WaitGroup
 	for _, h := range eng.onShutdown {
 		wg.Add(1)
@@ -183,7 +192,7 @@ func (eng *Engine) Shutdown() {
 		close(done)
 	}()
 	select {
-	case <-time.After(time.Second * 15):
+	case <-time.After(time.Second * 10):
 	case <-done:
 	}
 	return

From ddc4e78a1835f8ee96e0f384a38bdd1c6918fc8b Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 6 Aug 2014 14:24:00 -0400
Subject: [PATCH 381/516] Fix TestBuildForbiddenContextPath after TMPDIR change

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 5e20b0027c19efdd83228cbbb9995847cb5cb8ed
Component: engine
---
 .../integration-cli/docker_cli_build_test.go       | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index 05ad5476f2..5ffc40b614 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1317,7 +1317,7 @@ func TestBuildEntrypointRunCleanup(t *testing.T) {
 	logDone("build - cleanup cmd after RUN")
 }
 
-func TestBuldForbiddenContextPath(t *testing.T) {
+func TestBuildForbiddenContextPath(t *testing.T) {
 	name := "testbuildforbidpath"
 	defer deleteImages(name)
 	ctx, err := fakeContext(`FROM scratch
@@ -1327,18 +1327,16 @@ func TestBuldForbiddenContextPath(t *testing.T) {
 			"test.txt":  "test1",
 			"other.txt": "other",
 		})
-
 	defer ctx.Close()
 	if err != nil {
 		t.Fatal(err)
 	}
-	if _, err := buildImageFromContext(name, ctx, true); err != nil {
-		if !strings.Contains(err.Error(), "Forbidden path outside the build context: ../../ (/)") {
-			t.Fatal("Wrong error, must be about forbidden ../../ path")
-		}
-	} else {
-		t.Fatal("Error must not be nil")
+
+	expected := "Forbidden path outside the build context: ../../ "
+	if _, err := buildImageFromContext(name, ctx, true); err == nil || !strings.Contains(err.Error(), expected) {
+		t.Fatalf("Wrong error: (should contain \"%s\") got:\n%v", expected, err)
 	}
+
 	logDone("build - forbidden context path")
 }
 

From a73db3dc5c8478ab3c600b1f1c892c3c4b664eb9 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 6 Aug 2014 13:07:07 -0600
Subject: [PATCH 382/516] Update hack/vendor.sh to use libcontainer's
 update-vendor.sh script as the source of truth for libcontainer deps and not
 include them in Docker's repo twice

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 5101173e1fa5616768cb7a1b07f6c911f0f63658
Component: engine
---
 components/engine/hack/vendor.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index a710415659..003dfec59b 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -45,8 +45,6 @@ clone git github.com/gorilla/context 14f550f51a
 
 clone git github.com/gorilla/mux 136d54f81f
 
-clone git github.com/syndtr/gocapability 3c85049eae
-
 clone git github.com/tchap/go-patricia v1.0.1
 
 clone hg code.google.com/p/go.net 84a4013f96e0
@@ -61,6 +59,8 @@ rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
 mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
-clone git github.com/godbus/dbus v1
-clone git github.com/coreos/go-systemd v2
 clone git github.com/docker/libcontainer 5589d4d879f1d7e31967a927d3e8b98144fbe06b
+# see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
+rm -rf src/github.com/docker/libcontainer/vendor
+eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
+# we exclude "github.com/codegangsta/cli" here because it's only needed for "nsinit", which Docker doesn't include

From 7867156c6ca83ff56438fcf036d91905147e04b7 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 6 Aug 2014 13:07:57 -0600
Subject: [PATCH 383/516] Update vendor with the updated canonical deps from
 libcontainer

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: fba37a038d6053c272671ebc958b88f023bd221a
Component: engine
---
 .../github.com/codegangsta/cli/.travis.yml    |   6 -
 .../src/github.com/codegangsta/cli/LICENSE    |  21 -
 .../src/github.com/codegangsta/cli/README.md  | 257 ------
 .../src/github.com/codegangsta/cli/app.go     | 248 ------
 .../github.com/codegangsta/cli/app_test.go    | 399 ---------
 .../cli/autocomplete/bash_autocomplete        |  13 -
 .../src/github.com/codegangsta/cli/cli.go     |  19 -
 .../github.com/codegangsta/cli/cli_test.go    |  88 --
 .../src/github.com/codegangsta/cli/command.go | 141 ---
 .../codegangsta/cli/command_test.go           |  48 -
 .../src/github.com/codegangsta/cli/context.go | 280 ------
 .../codegangsta/cli/context_test.go           |  68 --
 .../src/github.com/codegangsta/cli/flag.go    | 280 ------
 .../github.com/codegangsta/cli/flag_test.go   | 194 -----
 .../src/github.com/codegangsta/cli/help.go    | 213 -----
 .../codegangsta/cli/helpers_test.go           |  19 -
 .../github.com/coreos/go-systemd/.travis.yml  |   8 -
 .../src/github.com/coreos/go-systemd/LICENSE  | 191 ----
 .../github.com/coreos/go-systemd/README.md    |  44 -
 .../coreos/go-systemd/activation/files.go     |  56 --
 .../go-systemd/activation/files_test.go       |  84 --
 .../coreos/go-systemd/activation/listeners.go |  38 -
 .../go-systemd/activation/listeners_test.go   |  88 --
 .../github.com/coreos/go-systemd/dbus/dbus.go | 104 ---
 .../coreos/go-systemd/dbus/dbus_test.go       |  41 -
 .../coreos/go-systemd/dbus/methods.go         | 396 ---------
 .../coreos/go-systemd/dbus/methods_test.go    | 332 -------
 .../coreos/go-systemd/dbus/properties.go      | 220 -----
 .../github.com/coreos/go-systemd/dbus/set.go  |  33 -
 .../coreos/go-systemd/dbus/set_test.go        |  39 -
 .../coreos/go-systemd/dbus/subscription.go    | 251 ------
 .../go-systemd/dbus/subscription_set.go       |  32 -
 .../go-systemd/dbus/subscription_set_test.go  |  66 --
 .../go-systemd/dbus/subscription_test.go      |  91 --
 .../examples/activation/activation.go         |  44 -
 .../examples/activation/httpserver/README.md  |  19 -
 .../activation/httpserver/hello.service       |  11 -
 .../activation/httpserver/hello.socket        |   5 -
 .../activation/httpserver/httpserver.go       |  26 -
 .../go-systemd/examples/activation/listen.go  |  50 --
 .../fixtures/enable-disable.service           |   5 -
 .../go-systemd/fixtures/start-stop.service    |   5 -
 .../fixtures/subscribe-events-set.service     |   5 -
 .../fixtures/subscribe-events.service         |   5 -
 .../coreos/go-systemd/journal/send.go         | 168 ----
 .../coreos/go-systemd/login1/dbus.go          |  81 --
 .../coreos/go-systemd/login1/dbus_test.go     |  30 -
 .../src/github.com/coreos/go-systemd/test     |   3 -
 .../vendor/src/github.com/godbus/dbus/LICENSE |  25 -
 .../github.com/godbus/dbus/README.markdown    |  38 -
 .../godbus/dbus/_examples/eavesdrop.go        |  30 -
 .../godbus/dbus/_examples/introspect.go       |  21 -
 .../godbus/dbus/_examples/list-names.go       |  27 -
 .../godbus/dbus/_examples/notification.go     |  17 -
 .../github.com/godbus/dbus/_examples/prop.go  |  68 --
 .../godbus/dbus/_examples/server.go           |  45 -
 .../godbus/dbus/_examples/signal.go           |  24 -
 .../vendor/src/github.com/godbus/dbus/auth.go | 253 ------
 .../github.com/godbus/dbus/auth_external.go   |  26 -
 .../src/github.com/godbus/dbus/auth_sha1.go   | 102 ---
 .../vendor/src/github.com/godbus/dbus/call.go | 147 ----
 .../vendor/src/github.com/godbus/dbus/conn.go | 601 -------------
 .../src/github.com/godbus/dbus/conn_darwin.go |  21 -
 .../src/github.com/godbus/dbus/conn_other.go  |  27 -
 .../src/github.com/godbus/dbus/conn_test.go   | 199 -----
 .../vendor/src/github.com/godbus/dbus/dbus.go | 258 ------
 .../src/github.com/godbus/dbus/decoder.go     | 228 -----
 .../vendor/src/github.com/godbus/dbus/doc.go  |  63 --
 .../src/github.com/godbus/dbus/encoder.go     | 179 ----
 .../github.com/godbus/dbus/examples_test.go   |  50 --
 .../src/github.com/godbus/dbus/export.go      | 302 -------
 .../src/github.com/godbus/dbus/homedir.go     |  28 -
 .../github.com/godbus/dbus/homedir_dynamic.go |  15 -
 .../github.com/godbus/dbus/homedir_static.go  |  45 -
 .../github.com/godbus/dbus/introspect/call.go |  27 -
 .../godbus/dbus/introspect/introspect.go      |  80 --
 .../godbus/dbus/introspect/introspectable.go  |  74 --
 .../src/github.com/godbus/dbus/message.go     | 346 --------
 .../src/github.com/godbus/dbus/prop/prop.go   | 264 ------
 .../src/github.com/godbus/dbus/proto_test.go  | 369 --------
 .../vendor/src/github.com/godbus/dbus/sig.go  | 257 ------
 .../src/github.com/godbus/dbus/sig_test.go    |  70 --
 .../godbus/dbus/transport_darwin.go           |   6 -
 .../godbus/dbus/transport_generic.go          |  35 -
 .../github.com/godbus/dbus/transport_unix.go  | 190 ----
 .../godbus/dbus/transport_unix_test.go        |  49 --
 .../godbus/dbus/transport_unixcred.go         |  22 -
 .../src/github.com/godbus/dbus/variant.go     | 129 ---
 .../github.com/godbus/dbus/variant_lexer.go   | 284 ------
 .../github.com/godbus/dbus/variant_parser.go  | 817 ------------------
 .../github.com/godbus/dbus/variant_test.go    |  78 --
 .../github.com/syndtr/gocapability/LICENSE    |  24 -
 .../gocapability/capability/capability.go     |  71 --
 .../capability/capability_linux.go            | 566 ------------
 .../capability/capability_noop.go             |  19 -
 .../capability/capability_test.go             |  83 --
 .../syndtr/gocapability/capability/enum.go    | 338 --------
 .../gocapability/capability/syscall_linux.go  | 143 ---
 98 files changed, 12045 deletions(-)
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
 delete mode 100755 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go

diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
deleted file mode 100644
index baf46abc6f..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/.travis.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-language: go
-go: 1.1
-
-script:
-- go vet ./...
-- go test -v ./...
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
deleted file mode 100644
index 5515ccfb71..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-Copyright (C) 2013 Jeremy Saenz
-All Rights Reserved.
-
-MIT LICENSE
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
deleted file mode 100644
index 59806f4b90..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/README.md
+++ /dev/null
@@ -1,257 +0,0 @@
-[![Build Status](https://travis-ci.org/codegangsta/cli.png?branch=master)](https://travis-ci.org/codegangsta/cli)
-
-# cli.go
-cli.go is simple, fast, and fun package for building command line apps in Go. The goal is to enable developers to write fast and distributable command line applications in an expressive way.
-
-You can view the API docs here:
-http://godoc.org/github.com/codegangsta/cli
-
-## Overview
-Command line apps are usually so tiny that there is absolutely no reason why your code should *not* be self-documenting. Things like generating help text and parsing command flags/options should not hinder productivity when writing a command line app.
-
-This is where cli.go comes into play. cli.go makes command line programming fun, organized, and expressive!
-
-## Installation
-Make sure you have a working Go environment (go 1.1 is *required*). [See the install instructions](http://golang.org/doc/install.html).
-
-To install cli.go, simply run:
-```
-$ go get github.com/codegangsta/cli
-```
-
-Make sure your PATH includes to the `$GOPATH/bin` directory so your commands can be easily used:
-```
-export PATH=$PATH:$GOPATH/bin
-```
-
-## Getting Started
-One of the philosophies behind cli.go is that an API should be playful and full of discovery. So a cli.go app can be as little as one line of code in `main()`. 
-
-``` go
-package main
-
-import (
-  "os"
-  "github.com/codegangsta/cli"
-)
-
-func main() {
-  cli.NewApp().Run(os.Args)
-}
-```
-
-This app will run and show help text, but is not very useful. Let's give an action to execute and some help documentation:
-
-``` go
-package main
-
-import (
-  "os"
-  "github.com/codegangsta/cli"
-)
-
-func main() {
-  app := cli.NewApp()
-  app.Name = "boom"
-  app.Usage = "make an explosive entrance"
-  app.Action = func(c *cli.Context) {
-    println("boom! I say!")
-  }
-  
-  app.Run(os.Args)
-}
-```
-
-Running this already gives you a ton of functionality, plus support for things like subcommands and flags, which are covered below.
-
-## Example
-
-Being a programmer can be a lonely job. Thankfully by the power of automation that is not the case! Let's create a greeter app to fend off our demons of loneliness!
-
-``` go
-/* greet.go */
-package main
-
-import (
-  "os"
-  "github.com/codegangsta/cli"
-)
-
-func main() {
-  app := cli.NewApp()
-  app.Name = "greet"
-  app.Usage = "fight the loneliness!"
-  app.Action = func(c *cli.Context) {
-    println("Hello friend!")
-  }
-  
-  app.Run(os.Args)
-}
-```
-
-Install our command to the `$GOPATH/bin` directory:
-
-```
-$ go install
-```
-
-Finally run our new command:
-
-```
-$ greet
-Hello friend!
-```
-
-cli.go also generates some bitchass help text:
-```
-$ greet help
-NAME:
-    greet - fight the loneliness!
-
-USAGE:
-    greet [global options] command [command options] [arguments...]
-
-VERSION:
-    0.0.0
-
-COMMANDS:
-    help, h  Shows a list of commands or help for one command
-
-GLOBAL OPTIONS
-    --version	Shows version information
-```
-
-### Arguments
-You can lookup arguments by calling the `Args` function on cli.Context.
-
-``` go
-...
-app.Action = func(c *cli.Context) {
-  println("Hello", c.Args()[0])
-}
-...
-```
-
-### Flags
-Setting and querying flags is simple.
-``` go
-...
-app.Flags = []cli.Flag {
-  cli.StringFlag{Name: "lang", Value: "english", Usage: "language for the greeting"},
-}
-app.Action = func(c *cli.Context) {
-  name := "someone"
-  if len(c.Args()) > 0 {
-    name = c.Args()[0]
-  }
-  if c.String("lang") == "spanish" {
-    println("Hola", name)
-  } else {
-    println("Hello", name)
-  }
-}
-...
-```
-
-#### Alternate Names
-
-You can set alternate (or short) names for flags by providing a comma-delimited list for the Name. e.g.
-
-``` go
-app.Flags = []cli.Flag {
-  cli.StringFlag{Name: "lang, l", Value: "english", Usage: "language for the greeting"},
-}
-```
-
-That flag can then be set with `--lang spanish` or `-l spanish`. Note that giving two different forms of the same flag in the same command invocation is an error.
-
-### Subcommands
-
-Subcommands can be defined for a more git-like command line app.
-```go
-...
-app.Commands = []cli.Command{
-  {
-    Name:      "add",
-    ShortName: "a",
-    Usage:     "add a task to the list",
-    Action: func(c *cli.Context) {
-      println("added task: ", c.Args().First())
-    },
-  },
-  {
-    Name:      "complete",
-    ShortName: "c",
-    Usage:     "complete a task on the list",
-    Action: func(c *cli.Context) {
-      println("completed task: ", c.Args().First())
-    },
-  },
-  {
-    Name:      "template",
-    ShortName: "r",
-    Usage:     "options for task templates",
-    Subcommands: []cli.Command{
-      {
-        Name:  "add",
-        Usage: "add a new template",
-        Action: func(c *cli.Context) {
-            println("new task template: ", c.Args().First())
-        },
-      },
-      {
-        Name:  "remove",
-        Usage: "remove an existing template",
-        Action: func(c *cli.Context) {
-          println("removed task template: ", c.Args().First())
-        },
-      },
-    },
-  },     
-}
-...
-```
-
-### Bash Completion
-
-You can enable completion commands by setting the EnableBashCompletion
-flag on the App object.  By default, this setting will only auto-complete to
-show an app's subcommands, but you can write your own completion methods for
-the App or its subcommands.
-```go
-...
-var tasks = []string{"cook", "clean", "laundry", "eat", "sleep", "code"}
-app := cli.NewApp()
-app.EnableBashCompletion = true
-app.Commands = []cli.Command{
-  {
-    Name: "complete",
-    ShortName: "c",
-    Usage: "complete a task on the list",
-    Action: func(c *cli.Context) {
-       println("completed task: ", c.Args().First())
-    },
-    BashComplete: func(c *cli.Context) {
-      // This will complete if no args are passed
-      if len(c.Args()) > 0 {
-        return
-      }
-      for _, t := range tasks {
-        println(t)
-      }
-    },
-  }
-}
-...
-```
-
-#### To Enable
-
-Source the autocomplete/bash_autocomplete file in your .bashrc file while
-setting the PROG variable to the name of your program:
-
-`PROG=myprogram source /.../cli/autocomplete/bash_autocomplete`
-
-
-## About
-cli.go is written by none other than the [Code Gangsta](http://codegangsta.io)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
deleted file mode 100644
index e193b8282e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app.go
+++ /dev/null
@@ -1,248 +0,0 @@
-package cli
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"time"
-)
-
-// App is the main structure of a cli application. It is recomended that
-// and app be created with the cli.NewApp() function
-type App struct {
-	// The name of the program. Defaults to os.Args[0]
-	Name string
-	// Description of the program.
-	Usage string
-	// Version of the program
-	Version string
-	// List of commands to execute
-	Commands []Command
-	// List of flags to parse
-	Flags []Flag
-	// Boolean to enable bash completion commands
-	EnableBashCompletion bool
-	// Boolean to hide built-in help command
-	HideHelp bool
-	// An action to execute when the bash-completion flag is set
-	BashComplete func(context *Context)
-	// An action to execute before any subcommands are run, but after the context is ready
-	// If a non-nil error is returned, no subcommands are run
-	Before func(context *Context) error
-	// The action to execute when no subcommands are specified
-	Action func(context *Context)
-	// Execute this function if the proper command cannot be found
-	CommandNotFound func(context *Context, command string)
-	// Compilation date
-	Compiled time.Time
-	// Author
-	Author string
-	// Author e-mail
-	Email string
-}
-
-// Tries to find out when this binary was compiled.
-// Returns the current time if it fails to find it.
-func compileTime() time.Time {
-	info, err := os.Stat(os.Args[0])
-	if err != nil {
-		return time.Now()
-	}
-	return info.ModTime()
-}
-
-// Creates a new cli Application with some reasonable defaults for Name, Usage, Version and Action.
-func NewApp() *App {
-	return &App{
-		Name:         os.Args[0],
-		Usage:        "A new cli application",
-		Version:      "0.0.0",
-		BashComplete: DefaultAppComplete,
-		Action:       helpCommand.Action,
-		Compiled:     compileTime(),
-		Author:       "Author",
-		Email:        "unknown@email",
-	}
-}
-
-// Entry point to the cli app. Parses the arguments slice and routes to the proper flag/args combination
-func (a *App) Run(arguments []string) error {
-	// append help to commands
-	if a.Command(helpCommand.Name) == nil && !a.HideHelp {
-		a.Commands = append(a.Commands, helpCommand)
-		a.appendFlag(HelpFlag)
-	}
-
-	//append version/help flags
-	if a.EnableBashCompletion {
-		a.appendFlag(BashCompletionFlag)
-	}
-	a.appendFlag(VersionFlag)
-
-	// parse flags
-	set := flagSet(a.Name, a.Flags)
-	set.SetOutput(ioutil.Discard)
-	err := set.Parse(arguments[1:])
-	nerr := normalizeFlags(a.Flags, set)
-	if nerr != nil {
-		fmt.Println(nerr)
-		context := NewContext(a, set, set)
-		ShowAppHelp(context)
-		fmt.Println("")
-		return nerr
-	}
-	context := NewContext(a, set, set)
-
-	if err != nil {
-		fmt.Printf("Incorrect Usage.\n\n")
-		ShowAppHelp(context)
-		fmt.Println("")
-		return err
-	}
-
-	if checkCompletions(context) {
-		return nil
-	}
-
-	if checkHelp(context) {
-		return nil
-	}
-
-	if checkVersion(context) {
-		return nil
-	}
-
-	if a.Before != nil {
-		err := a.Before(context)
-		if err != nil {
-			return err
-		}
-	}
-
-	args := context.Args()
-	if args.Present() {
-		name := args.First()
-		c := a.Command(name)
-		if c != nil {
-			return c.Run(context)
-		}
-	}
-
-	// Run default Action
-	a.Action(context)
-	return nil
-}
-
-// Another entry point to the cli app, takes care of passing arguments and error handling
-func (a *App) RunAndExitOnError() {
-	if err := a.Run(os.Args); err != nil {
-		os.Stderr.WriteString(fmt.Sprintln(err))
-		os.Exit(1)
-	}
-}
-
-// Invokes the subcommand given the context, parses ctx.Args() to generate command-specific flags
-func (a *App) RunAsSubcommand(ctx *Context) error {
-	// append help to commands
-	if len(a.Commands) > 0 {
-		if a.Command(helpCommand.Name) == nil && !a.HideHelp {
-			a.Commands = append(a.Commands, helpCommand)
-			a.appendFlag(HelpFlag)
-		}
-	}
-
-	// append flags
-	if a.EnableBashCompletion {
-		a.appendFlag(BashCompletionFlag)
-	}
-
-	// parse flags
-	set := flagSet(a.Name, a.Flags)
-	set.SetOutput(ioutil.Discard)
-	err := set.Parse(ctx.Args().Tail())
-	nerr := normalizeFlags(a.Flags, set)
-	context := NewContext(a, set, ctx.globalSet)
-
-	if nerr != nil {
-		fmt.Println(nerr)
-		if len(a.Commands) > 0 {
-			ShowSubcommandHelp(context)
-		} else {
-			ShowCommandHelp(ctx, context.Args().First())
-		}
-		fmt.Println("")
-		return nerr
-	}
-
-	if err != nil {
-		fmt.Printf("Incorrect Usage.\n\n")
-		ShowSubcommandHelp(context)
-		return err
-	}
-
-	if checkCompletions(context) {
-		return nil
-	}
-
-	if len(a.Commands) > 0 {
-		if checkSubcommandHelp(context) {
-			return nil
-		}
-	} else {
-		if checkCommandHelp(ctx, context.Args().First()) {
-			return nil
-		}
-	}
-
-	if a.Before != nil {
-		err := a.Before(context)
-		if err != nil {
-			return err
-		}
-	}
-
-	args := context.Args()
-	if args.Present() {
-		name := args.First()
-		c := a.Command(name)
-		if c != nil {
-			return c.Run(context)
-		}
-	}
-
-	// Run default Action
-	if len(a.Commands) > 0 {
-		a.Action(context)
-	} else {
-		a.Action(ctx)
-	}
-
-	return nil
-}
-
-// Returns the named command on App. Returns nil if the command does not exist
-func (a *App) Command(name string) *Command {
-	for _, c := range a.Commands {
-		if c.HasName(name) {
-			return &c
-		}
-	}
-
-	return nil
-}
-
-func (a *App) hasFlag(flag Flag) bool {
-	for _, f := range a.Flags {
-		if flag == f {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (a *App) appendFlag(flag Flag) {
-	if !a.hasFlag(flag) {
-		a.Flags = append(a.Flags, flag)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
deleted file mode 100644
index a915624103..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/app_test.go
+++ /dev/null
@@ -1,399 +0,0 @@
-package cli_test
-
-import (
-	"fmt"
-	"os"
-	"testing"
-
-	"github.com/codegangsta/cli"
-)
-
-func ExampleApp() {
-	// set args for examples sake
-	os.Args = []string{"greet", "--name", "Jeremy"}
-
-	app := cli.NewApp()
-	app.Name = "greet"
-	app.Flags = []cli.Flag{
-		cli.StringFlag{Name: "name", Value: "bob", Usage: "a name to say"},
-	}
-	app.Action = func(c *cli.Context) {
-		fmt.Printf("Hello %v\n", c.String("name"))
-	}
-	app.Run(os.Args)
-	// Output:
-	// Hello Jeremy
-}
-
-func ExampleAppSubcommand() {
-	// set args for examples sake
-	os.Args = []string{"say", "hi", "english", "--name", "Jeremy"}
-	app := cli.NewApp()
-	app.Name = "say"
-	app.Commands = []cli.Command{
-		{
-			Name:        "hello",
-			ShortName:   "hi",
-			Usage:       "use it to see a description",
-			Description: "This is how we describe hello the function",
-			Subcommands: []cli.Command{
-				{
-					Name:        "english",
-					ShortName:   "en",
-					Usage:       "sends a greeting in english",
-					Description: "greets someone in english",
-					Flags: []cli.Flag{
-						cli.StringFlag{Name: "name", Value: "Bob", Usage: "Name of the person to greet"},
-					},
-					Action: func(c *cli.Context) {
-						fmt.Println("Hello,", c.String("name"))
-					},
-				},
-			},
-		},
-	}
-
-	app.Run(os.Args)
-	// Output:
-	// Hello, Jeremy
-}
-
-func ExampleAppHelp() {
-	// set args for examples sake
-	os.Args = []string{"greet", "h", "describeit"}
-
-	app := cli.NewApp()
-	app.Name = "greet"
-	app.Flags = []cli.Flag{
-		cli.StringFlag{Name: "name", Value: "bob", Usage: "a name to say"},
-	}
-	app.Commands = []cli.Command{
-		{
-			Name:        "describeit",
-			ShortName:   "d",
-			Usage:       "use it to see a description",
-			Description: "This is how we describe describeit the function",
-			Action: func(c *cli.Context) {
-				fmt.Printf("i like to describe things")
-			},
-		},
-	}
-	app.Run(os.Args)
-	// Output:
-	// NAME:
-	//    describeit - use it to see a description
-	//
-	// USAGE:
-	//    command describeit [arguments...]
-	//
-	// DESCRIPTION:
-	//    This is how we describe describeit the function
-}
-
-func ExampleAppBashComplete() {
-	// set args for examples sake
-	os.Args = []string{"greet", "--generate-bash-completion"}
-
-	app := cli.NewApp()
-	app.Name = "greet"
-	app.EnableBashCompletion = true
-	app.Commands = []cli.Command{
-		{
-			Name:        "describeit",
-			ShortName:   "d",
-			Usage:       "use it to see a description",
-			Description: "This is how we describe describeit the function",
-			Action: func(c *cli.Context) {
-				fmt.Printf("i like to describe things")
-			},
-		}, {
-			Name:        "next",
-			Usage:       "next example",
-			Description: "more stuff to see when generating bash completion",
-			Action: func(c *cli.Context) {
-				fmt.Printf("the next example")
-			},
-		},
-	}
-
-	app.Run(os.Args)
-	// Output:
-	// describeit
-	// d
-	// next
-	// help
-	// h
-}
-
-func TestApp_Run(t *testing.T) {
-	s := ""
-
-	app := cli.NewApp()
-	app.Action = func(c *cli.Context) {
-		s = s + c.Args().First()
-	}
-
-	err := app.Run([]string{"command", "foo"})
-	expect(t, err, nil)
-	err = app.Run([]string{"command", "bar"})
-	expect(t, err, nil)
-	expect(t, s, "foobar")
-}
-
-var commandAppTests = []struct {
-	name     string
-	expected bool
-}{
-	{"foobar", true},
-	{"batbaz", true},
-	{"b", true},
-	{"f", true},
-	{"bat", false},
-	{"nothing", false},
-}
-
-func TestApp_Command(t *testing.T) {
-	app := cli.NewApp()
-	fooCommand := cli.Command{Name: "foobar", ShortName: "f"}
-	batCommand := cli.Command{Name: "batbaz", ShortName: "b"}
-	app.Commands = []cli.Command{
-		fooCommand,
-		batCommand,
-	}
-
-	for _, test := range commandAppTests {
-		expect(t, app.Command(test.name) != nil, test.expected)
-	}
-}
-
-func TestApp_CommandWithArgBeforeFlags(t *testing.T) {
-	var parsedOption, firstArg string
-
-	app := cli.NewApp()
-	command := cli.Command{
-		Name: "cmd",
-		Flags: []cli.Flag{
-			cli.StringFlag{Name: "option", Value: "", Usage: "some option"},
-		},
-		Action: func(c *cli.Context) {
-			parsedOption = c.String("option")
-			firstArg = c.Args().First()
-		},
-	}
-	app.Commands = []cli.Command{command}
-
-	app.Run([]string{"", "cmd", "my-arg", "--option", "my-option"})
-
-	expect(t, parsedOption, "my-option")
-	expect(t, firstArg, "my-arg")
-}
-
-func TestApp_Float64Flag(t *testing.T) {
-	var meters float64
-
-	app := cli.NewApp()
-	app.Flags = []cli.Flag{
-		cli.Float64Flag{Name: "height", Value: 1.5, Usage: "Set the height, in meters"},
-	}
-	app.Action = func(c *cli.Context) {
-		meters = c.Float64("height")
-	}
-
-	app.Run([]string{"", "--height", "1.93"})
-	expect(t, meters, 1.93)
-}
-
-func TestApp_ParseSliceFlags(t *testing.T) {
-	var parsedOption, firstArg string
-	var parsedIntSlice []int
-	var parsedStringSlice []string
-
-	app := cli.NewApp()
-	command := cli.Command{
-		Name: "cmd",
-		Flags: []cli.Flag{
-			cli.IntSliceFlag{Name: "p", Value: &cli.IntSlice{}, Usage: "set one or more ip addr"},
-			cli.StringSliceFlag{Name: "ip", Value: &cli.StringSlice{}, Usage: "set one or more ports to open"},
-		},
-		Action: func(c *cli.Context) {
-			parsedIntSlice = c.IntSlice("p")
-			parsedStringSlice = c.StringSlice("ip")
-			parsedOption = c.String("option")
-			firstArg = c.Args().First()
-		},
-	}
-	app.Commands = []cli.Command{command}
-
-	app.Run([]string{"", "cmd", "my-arg", "-p", "22", "-p", "80", "-ip", "8.8.8.8", "-ip", "8.8.4.4"})
-
-	IntsEquals := func(a, b []int) bool {
-		if len(a) != len(b) {
-			return false
-		}
-		for i, v := range a {
-			if v != b[i] {
-				return false
-			}
-		}
-		return true
-	}
-
-	StrsEquals := func(a, b []string) bool {
-		if len(a) != len(b) {
-			return false
-		}
-		for i, v := range a {
-			if v != b[i] {
-				return false
-			}
-		}
-		return true
-	}
-	var expectedIntSlice = []int{22, 80}
-	var expectedStringSlice = []string{"8.8.8.8", "8.8.4.4"}
-
-	if !IntsEquals(parsedIntSlice, expectedIntSlice) {
-		t.Errorf("%v does not match %v", parsedIntSlice, expectedIntSlice)
-	}
-
-	if !StrsEquals(parsedStringSlice, expectedStringSlice) {
-		t.Errorf("%v does not match %v", parsedStringSlice, expectedStringSlice)
-	}
-}
-
-func TestApp_BeforeFunc(t *testing.T) {
-	beforeRun, subcommandRun := false, false
-	beforeError := fmt.Errorf("fail")
-	var err error
-
-	app := cli.NewApp()
-
-	app.Before = func(c *cli.Context) error {
-		beforeRun = true
-		s := c.String("opt")
-		if s == "fail" {
-			return beforeError
-		}
-
-		return nil
-	}
-
-	app.Commands = []cli.Command{
-		cli.Command{
-			Name: "sub",
-			Action: func(c *cli.Context) {
-				subcommandRun = true
-			},
-		},
-	}
-
-	app.Flags = []cli.Flag{
-		cli.StringFlag{Name: "opt"},
-	}
-
-	// run with the Before() func succeeding
-	err = app.Run([]string{"command", "--opt", "succeed", "sub"})
-
-	if err != nil {
-		t.Fatalf("Run error: %s", err)
-	}
-
-	if beforeRun == false {
-		t.Errorf("Before() not executed when expected")
-	}
-
-	if subcommandRun == false {
-		t.Errorf("Subcommand not executed when expected")
-	}
-
-	// reset
-	beforeRun, subcommandRun = false, false
-
-	// run with the Before() func failing
-	err = app.Run([]string{"command", "--opt", "fail", "sub"})
-
-	// should be the same error produced by the Before func
-	if err != beforeError {
-		t.Errorf("Run error expected, but not received")
-	}
-
-	if beforeRun == false {
-		t.Errorf("Before() not executed when expected")
-	}
-
-	if subcommandRun == true {
-		t.Errorf("Subcommand executed when NOT expected")
-	}
-
-}
-
-func TestAppHelpPrinter(t *testing.T) {
-	oldPrinter := cli.HelpPrinter
-	defer func() {
-		cli.HelpPrinter = oldPrinter
-	}()
-
-	var wasCalled = false
-	cli.HelpPrinter = func(template string, data interface{}) {
-		wasCalled = true
-	}
-
-	app := cli.NewApp()
-	app.Run([]string{"-h"})
-
-	if wasCalled == false {
-		t.Errorf("Help printer expected to be called, but was not")
-	}
-}
-
-func TestAppCommandNotFound(t *testing.T) {
-	beforeRun, subcommandRun := false, false
-	app := cli.NewApp()
-
-	app.CommandNotFound = func(c *cli.Context, command string) {
-		beforeRun = true
-	}
-
-	app.Commands = []cli.Command{
-		cli.Command{
-			Name: "bar",
-			Action: func(c *cli.Context) {
-				subcommandRun = true
-			},
-		},
-	}
-
-	app.Run([]string{"command", "foo"})
-
-	expect(t, beforeRun, true)
-	expect(t, subcommandRun, false)
-}
-
-func TestGlobalFlagsInSubcommands(t *testing.T) {
-	subcommandRun := false
-	app := cli.NewApp()
-
-	app.Flags = []cli.Flag{
-		cli.BoolFlag{Name: "debug, d", Usage: "Enable debugging"},
-	}
-
-	app.Commands = []cli.Command{
-		cli.Command{
-			Name: "foo",
-			Subcommands: []cli.Command{
-				{
-					Name: "bar",
-					Action: func(c *cli.Context) {
-						if c.GlobalBool("debug") {
-							subcommandRun = true
-						}
-					},
-				},
-			},
-		},
-	}
-
-	app.Run([]string{"command", "-d", "foo", "bar"})
-
-	expect(t, subcommandRun, true)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
deleted file mode 100644
index a860e038d8..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/autocomplete/bash_autocomplete
+++ /dev/null
@@ -1,13 +0,0 @@
-#! /bin/bash
-
-_cli_bash_autocomplete() {
-     local cur prev opts base
-     COMPREPLY=()
-     cur="${COMP_WORDS[COMP_CWORD]}"
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-     opts=$( ${COMP_WORDS[@]:0:COMP_CWORD} --generate-bash-completion )
-     COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-     return 0
- }
-  
- complete -F _cli_bash_autocomplete $PROG
\ No newline at end of file
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
deleted file mode 100644
index b742545812..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Package cli provides a minimal framework for creating and organizing command line
-// Go applications. cli is designed to be easy to understand and write, the most simple
-// cli application can be written as follows:
-//   func main() {
-//     cli.NewApp().Run(os.Args)
-//   }
-//
-// Of course this application does not do much, so let's make this an actual application:
-//   func main() {
-//     app := cli.NewApp()
-//     app.Name = "greet"
-//     app.Usage = "say a greeting"
-//     app.Action = func(c *cli.Context) {
-//       println("Greetings")
-//     }
-//
-//     app.Run(os.Args)
-//   }
-package cli
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
deleted file mode 100644
index 4d7bd8479a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/cli_test.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package cli_test
-
-import (
-	"os"
-
-	"github.com/codegangsta/cli"
-)
-
-func Example() {
-	app := cli.NewApp()
-	app.Name = "todo"
-	app.Usage = "task list on the command line"
-	app.Commands = []cli.Command{
-		{
-			Name:      "add",
-			ShortName: "a",
-			Usage:     "add a task to the list",
-			Action: func(c *cli.Context) {
-				println("added task: ", c.Args().First())
-			},
-		},
-		{
-			Name:      "complete",
-			ShortName: "c",
-			Usage:     "complete a task on the list",
-			Action: func(c *cli.Context) {
-				println("completed task: ", c.Args().First())
-			},
-		},
-	}
-
-	app.Run(os.Args)
-}
-
-func ExampleSubcommand() {
-	app := cli.NewApp()
-	app.Name = "say"
-	app.Commands = []cli.Command{
-		{
-			Name:        "hello",
-			ShortName:   "hi",
-			Usage:       "use it to see a description",
-			Description: "This is how we describe hello the function",
-			Subcommands: []cli.Command{
-				{
-					Name:        "english",
-					ShortName:   "en",
-					Usage:       "sends a greeting in english",
-					Description: "greets someone in english",
-					Flags: []cli.Flag{
-						cli.StringFlag{Name: "name", Value: "Bob", Usage: "Name of the person to greet"},
-					},
-					Action: func(c *cli.Context) {
-						println("Hello, ", c.String("name"))
-					},
-				}, {
-					Name:      "spanish",
-					ShortName: "sp",
-					Usage:     "sends a greeting in spanish",
-					Flags: []cli.Flag{
-						cli.StringFlag{Name: "surname", Value: "Jones", Usage: "Surname of the person to greet"},
-					},
-					Action: func(c *cli.Context) {
-						println("Hola, ", c.String("surname"))
-					},
-				}, {
-					Name:      "french",
-					ShortName: "fr",
-					Usage:     "sends a greeting in french",
-					Flags: []cli.Flag{
-						cli.StringFlag{Name: "nickname", Value: "Stevie", Usage: "Nickname of the person to greet"},
-					},
-					Action: func(c *cli.Context) {
-						println("Bonjour, ", c.String("nickname"))
-					},
-				},
-			},
-		}, {
-			Name:  "bye",
-			Usage: "says goodbye",
-			Action: func(c *cli.Context) {
-				println("bye")
-			},
-		},
-	}
-
-	app.Run(os.Args)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
deleted file mode 100644
index dcc8de5c9a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package cli
-
-import (
-	"fmt"
-	"io/ioutil"
-	"strings"
-)
-
-// Command is a subcommand for a cli.App.
-type Command struct {
-	// The name of the command
-	Name string
-	// short name of the command. Typically one character
-	ShortName string
-	// A short description of the usage of this command
-	Usage string
-	// A longer explanation of how the command works
-	Description string
-	// The function to call when checking for bash command completions
-	BashComplete func(context *Context)
-	// An action to execute before any sub-subcommands are run, but after the context is ready
-	// If a non-nil error is returned, no sub-subcommands are run
-	Before func(context *Context) error
-	// The function to call when this command is invoked
-	Action func(context *Context)
-	// List of child commands
-	Subcommands []Command
-	// List of flags to parse
-	Flags []Flag
-	// Treat all flags as normal arguments if true
-	SkipFlagParsing bool
-	// Boolean to hide built-in help command
-	HideHelp bool
-}
-
-// Invokes the command given the context, parses ctx.Args() to generate command-specific flags
-func (c Command) Run(ctx *Context) error {
-
-	if len(c.Subcommands) > 0 || c.Before != nil {
-		return c.startApp(ctx)
-	}
-
-	if !c.HideHelp {
-		// append help to flags
-		c.Flags = append(
-			c.Flags,
-			HelpFlag,
-		)
-	}
-
-	if ctx.App.EnableBashCompletion {
-		c.Flags = append(c.Flags, BashCompletionFlag)
-	}
-
-	set := flagSet(c.Name, c.Flags)
-	set.SetOutput(ioutil.Discard)
-
-	firstFlagIndex := -1
-	for index, arg := range ctx.Args() {
-		if strings.HasPrefix(arg, "-") {
-			firstFlagIndex = index
-			break
-		}
-	}
-
-	var err error
-	if firstFlagIndex > -1 && !c.SkipFlagParsing {
-		args := ctx.Args()
-		regularArgs := args[1:firstFlagIndex]
-		flagArgs := args[firstFlagIndex:]
-		err = set.Parse(append(flagArgs, regularArgs...))
-	} else {
-		err = set.Parse(ctx.Args().Tail())
-	}
-
-	if err != nil {
-		fmt.Printf("Incorrect Usage.\n\n")
-		ShowCommandHelp(ctx, c.Name)
-		fmt.Println("")
-		return err
-	}
-
-	nerr := normalizeFlags(c.Flags, set)
-	if nerr != nil {
-		fmt.Println(nerr)
-		fmt.Println("")
-		ShowCommandHelp(ctx, c.Name)
-		fmt.Println("")
-		return nerr
-	}
-	context := NewContext(ctx.App, set, ctx.globalSet)
-
-	if checkCommandCompletions(context, c.Name) {
-		return nil
-	}
-
-	if checkCommandHelp(context, c.Name) {
-		return nil
-	}
-	context.Command = c
-	c.Action(context)
-	return nil
-}
-
-// Returns true if Command.Name or Command.ShortName matches given name
-func (c Command) HasName(name string) bool {
-	return c.Name == name || c.ShortName == name
-}
-
-func (c Command) startApp(ctx *Context) error {
-	app := NewApp()
-
-	// set the name and usage
-	app.Name = fmt.Sprintf("%s %s", ctx.App.Name, c.Name)
-	if c.Description != "" {
-		app.Usage = c.Description
-	} else {
-		app.Usage = c.Usage
-	}
-
-	// set the flags and commands
-	app.Commands = c.Subcommands
-	app.Flags = c.Flags
-	app.HideHelp = c.HideHelp
-
-	// bash completion
-	app.EnableBashCompletion = ctx.App.EnableBashCompletion
-	if c.BashComplete != nil {
-		app.BashComplete = c.BashComplete
-	}
-
-	// set the actions
-	app.Before = c.Before
-	if c.Action != nil {
-		app.Action = c.Action
-	} else {
-		app.Action = helpSubcommand.Action
-	}
-
-	return app.RunAsSubcommand(ctx)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
deleted file mode 100644
index 3afd83e7a6..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/command_test.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package cli_test
-
-import (
-	"flag"
-	"github.com/codegangsta/cli"
-	"testing"
-)
-
-func TestCommandDoNotIgnoreFlags(t *testing.T) {
-	app := cli.NewApp()
-	set := flag.NewFlagSet("test", 0)
-	test := []string{"blah", "blah", "-break"}
-	set.Parse(test)
-
-	c := cli.NewContext(app, set, set)
-
-	command := cli.Command {
-		Name: "test-cmd",
-		ShortName: "tc",
-		Usage: "this is for testing",
-		Description: "testing",
-		Action: func(_ *cli.Context) { },
-	}
-	err := command.Run(c)
-
-	expect(t, err.Error(), "flag provided but not defined: -break")
-}
-
-func TestCommandIgnoreFlags(t *testing.T) {
-	app := cli.NewApp()
-	set := flag.NewFlagSet("test", 0)
-	test := []string{"blah", "blah"}
-	set.Parse(test)
-
-	c := cli.NewContext(app, set, set)
-
-	command := cli.Command {
-		Name: "test-cmd",
-		ShortName: "tc",
-		Usage: "this is for testing",
-		Description: "testing",
-		Action: func(_ *cli.Context) { },
-		SkipFlagParsing: true,
-	}
-	err := command.Run(c)
-
-	expect(t, err, nil)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
deleted file mode 100644
index 1e023ceff9..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package cli
-
-import (
-	"errors"
-	"flag"
-	"strconv"
-	"strings"
-)
-
-// Context is a type that is passed through to
-// each Handler action in a cli application. Context
-// can be used to retrieve context-specific Args and
-// parsed command-line options.
-type Context struct {
-	App       *App
-	Command   Command
-	flagSet   *flag.FlagSet
-	globalSet *flag.FlagSet
-	setFlags  map[string]bool
-}
-
-// Creates a new context. For use in when invoking an App or Command action.
-func NewContext(app *App, set *flag.FlagSet, globalSet *flag.FlagSet) *Context {
-	return &Context{App: app, flagSet: set, globalSet: globalSet}
-}
-
-// Looks up the value of a local int flag, returns 0 if no int flag exists
-func (c *Context) Int(name string) int {
-	return lookupInt(name, c.flagSet)
-}
-
-// Looks up the value of a local float64 flag, returns 0 if no float64 flag exists
-func (c *Context) Float64(name string) float64 {
-	return lookupFloat64(name, c.flagSet)
-}
-
-// Looks up the value of a local bool flag, returns false if no bool flag exists
-func (c *Context) Bool(name string) bool {
-	return lookupBool(name, c.flagSet)
-}
-
-// Looks up the value of a local boolT flag, returns false if no bool flag exists
-func (c *Context) BoolT(name string) bool {
-	return lookupBoolT(name, c.flagSet)
-}
-
-// Looks up the value of a local string flag, returns "" if no string flag exists
-func (c *Context) String(name string) string {
-	return lookupString(name, c.flagSet)
-}
-
-// Looks up the value of a local string slice flag, returns nil if no string slice flag exists
-func (c *Context) StringSlice(name string) []string {
-	return lookupStringSlice(name, c.flagSet)
-}
-
-// Looks up the value of a local int slice flag, returns nil if no int slice flag exists
-func (c *Context) IntSlice(name string) []int {
-	return lookupIntSlice(name, c.flagSet)
-}
-
-// Looks up the value of a local generic flag, returns nil if no generic flag exists
-func (c *Context) Generic(name string) interface{} {
-	return lookupGeneric(name, c.flagSet)
-}
-
-// Looks up the value of a global int flag, returns 0 if no int flag exists
-func (c *Context) GlobalInt(name string) int {
-	return lookupInt(name, c.globalSet)
-}
-
-// Looks up the value of a global bool flag, returns false if no bool flag exists
-func (c *Context) GlobalBool(name string) bool {
-	return lookupBool(name, c.globalSet)
-}
-
-// Looks up the value of a global string flag, returns "" if no string flag exists
-func (c *Context) GlobalString(name string) string {
-	return lookupString(name, c.globalSet)
-}
-
-// Looks up the value of a global string slice flag, returns nil if no string slice flag exists
-func (c *Context) GlobalStringSlice(name string) []string {
-	return lookupStringSlice(name, c.globalSet)
-}
-
-// Looks up the value of a global int slice flag, returns nil if no int slice flag exists
-func (c *Context) GlobalIntSlice(name string) []int {
-	return lookupIntSlice(name, c.globalSet)
-}
-
-// Looks up the value of a global generic flag, returns nil if no generic flag exists
-func (c *Context) GlobalGeneric(name string) interface{} {
-	return lookupGeneric(name, c.globalSet)
-}
-
-// Determines if the flag was actually set exists
-func (c *Context) IsSet(name string) bool {
-	if c.setFlags == nil {
-		c.setFlags = make(map[string]bool)
-		c.flagSet.Visit(func(f *flag.Flag) {
-			c.setFlags[f.Name] = true
-		})
-	}
-	return c.setFlags[name] == true
-}
-
-type Args []string
-
-// Returns the command line arguments associated with the context.
-func (c *Context) Args() Args {
-	args := Args(c.flagSet.Args())
-	return args
-}
-
-// Returns the nth argument, or else a blank string
-func (a Args) Get(n int) string {
-	if len(a) > n {
-		return a[n]
-	}
-	return ""
-}
-
-// Returns the first argument, or else a blank string
-func (a Args) First() string {
-	return a.Get(0)
-}
-
-// Return the rest of the arguments (not the first one)
-// or else an empty string slice
-func (a Args) Tail() []string {
-	if len(a) >= 2 {
-		return []string(a)[1:]
-	}
-	return []string{}
-}
-
-// Checks if there are any arguments present
-func (a Args) Present() bool {
-	return len(a) != 0
-}
-
-// Swaps arguments at the given indexes
-func (a Args) Swap(from, to int) error {
-	if from >= len(a) || to >= len(a) {
-		return errors.New("index out of range")
-	}
-	a[from], a[to] = a[to], a[from]
-	return nil
-}
-
-func lookupInt(name string, set *flag.FlagSet) int {
-	f := set.Lookup(name)
-	if f != nil {
-		val, err := strconv.Atoi(f.Value.String())
-		if err != nil {
-			return 0
-		}
-		return val
-	}
-
-	return 0
-}
-
-func lookupFloat64(name string, set *flag.FlagSet) float64 {
-	f := set.Lookup(name)
-	if f != nil {
-		val, err := strconv.ParseFloat(f.Value.String(), 64)
-		if err != nil {
-			return 0
-		}
-		return val
-	}
-
-	return 0
-}
-
-func lookupString(name string, set *flag.FlagSet) string {
-	f := set.Lookup(name)
-	if f != nil {
-		return f.Value.String()
-	}
-
-	return ""
-}
-
-func lookupStringSlice(name string, set *flag.FlagSet) []string {
-	f := set.Lookup(name)
-	if f != nil {
-		return (f.Value.(*StringSlice)).Value()
-
-	}
-
-	return nil
-}
-
-func lookupIntSlice(name string, set *flag.FlagSet) []int {
-	f := set.Lookup(name)
-	if f != nil {
-		return (f.Value.(*IntSlice)).Value()
-
-	}
-
-	return nil
-}
-
-func lookupGeneric(name string, set *flag.FlagSet) interface{} {
-	f := set.Lookup(name)
-	if f != nil {
-		return f.Value
-	}
-	return nil
-}
-
-func lookupBool(name string, set *flag.FlagSet) bool {
-	f := set.Lookup(name)
-	if f != nil {
-		val, err := strconv.ParseBool(f.Value.String())
-		if err != nil {
-			return false
-		}
-		return val
-	}
-
-	return false
-}
-
-func lookupBoolT(name string, set *flag.FlagSet) bool {
-	f := set.Lookup(name)
-	if f != nil {
-		val, err := strconv.ParseBool(f.Value.String())
-		if err != nil {
-			return true
-		}
-		return val
-	}
-
-	return false
-}
-
-func copyFlag(name string, ff *flag.Flag, set *flag.FlagSet) {
-	switch ff.Value.(type) {
-	case *StringSlice:
-	default:
-		set.Set(name, ff.Value.String())
-	}
-}
-
-func normalizeFlags(flags []Flag, set *flag.FlagSet) error {
-	visited := make(map[string]bool)
-	set.Visit(func(f *flag.Flag) {
-		visited[f.Name] = true
-	})
-	for _, f := range flags {
-		parts := strings.Split(f.getName(), ",")
-		if len(parts) == 1 {
-			continue
-		}
-		var ff *flag.Flag
-		for _, name := range parts {
-			name = strings.Trim(name, " ")
-			if visited[name] {
-				if ff != nil {
-					return errors.New("Cannot use two forms of the same flag: " + name + " " + ff.Name)
-				}
-				ff = set.Lookup(name)
-			}
-		}
-		if ff == nil {
-			continue
-		}
-		for _, name := range parts {
-			name = strings.Trim(name, " ")
-			if !visited[name] {
-				copyFlag(name, ff, set)
-			}
-		}
-	}
-	return nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
deleted file mode 100644
index 89041b99d4..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/context_test.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package cli_test
-
-import (
-	"flag"
-	"github.com/codegangsta/cli"
-	"testing"
-)
-
-func TestNewContext(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Int("myflag", 12, "doc")
-	globalSet := flag.NewFlagSet("test", 0)
-	globalSet.Int("myflag", 42, "doc")
-	command := cli.Command{Name: "mycommand"}
-	c := cli.NewContext(nil, set, globalSet)
-	c.Command = command
-	expect(t, c.Int("myflag"), 12)
-	expect(t, c.GlobalInt("myflag"), 42)
-	expect(t, c.Command.Name, "mycommand")
-}
-
-func TestContext_Int(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Int("myflag", 12, "doc")
-	c := cli.NewContext(nil, set, set)
-	expect(t, c.Int("myflag"), 12)
-}
-
-func TestContext_String(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.String("myflag", "hello world", "doc")
-	c := cli.NewContext(nil, set, set)
-	expect(t, c.String("myflag"), "hello world")
-}
-
-func TestContext_Bool(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Bool("myflag", false, "doc")
-	c := cli.NewContext(nil, set, set)
-	expect(t, c.Bool("myflag"), false)
-}
-
-func TestContext_BoolT(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Bool("myflag", true, "doc")
-	c := cli.NewContext(nil, set, set)
-	expect(t, c.BoolT("myflag"), true)
-}
-
-func TestContext_Args(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Bool("myflag", false, "doc")
-	c := cli.NewContext(nil, set, set)
-	set.Parse([]string{"--myflag", "bat", "baz"})
-	expect(t, len(c.Args()), 2)
-	expect(t, c.Bool("myflag"), true)
-}
-
-func TestContext_IsSet(t *testing.T) {
-	set := flag.NewFlagSet("test", 0)
-	set.Bool("myflag", false, "doc")
-	set.String("otherflag", "hello world", "doc")
-	c := cli.NewContext(nil, set, set)
-	set.Parse([]string{"--myflag", "bat", "baz"})
-	expect(t, c.IsSet("myflag"), true)
-	expect(t, c.IsSet("otherflag"), false)
-	expect(t, c.IsSet("bogusflag"), false)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
deleted file mode 100644
index e6f8838a9d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package cli
-
-import (
-	"flag"
-	"fmt"
-	"strconv"
-	"strings"
-)
-
-// This flag enables bash-completion for all commands and subcommands
-var BashCompletionFlag = BoolFlag{"generate-bash-completion", ""}
-
-// This flag prints the version for the application
-var VersionFlag = BoolFlag{"version, v", "print the version"}
-
-// This flag prints the help for all commands and subcommands
-var HelpFlag = BoolFlag{"help, h", "show help"}
-
-// Flag is a common interface related to parsing flags in cli.
-// For more advanced flag parsing techniques, it is recomended that
-// this interface be implemented.
-type Flag interface {
-	fmt.Stringer
-	// Apply Flag settings to the given flag set
-	Apply(*flag.FlagSet)
-	getName() string
-}
-
-func flagSet(name string, flags []Flag) *flag.FlagSet {
-	set := flag.NewFlagSet(name, flag.ContinueOnError)
-
-	for _, f := range flags {
-		f.Apply(set)
-	}
-	return set
-}
-
-func eachName(longName string, fn func(string)) {
-	parts := strings.Split(longName, ",")
-	for _, name := range parts {
-		name = strings.Trim(name, " ")
-		fn(name)
-	}
-}
-
-// Generic is a generic parseable type identified by a specific flag
-type Generic interface {
-	Set(value string) error
-	String() string
-}
-
-// GenericFlag is the flag type for types implementing Generic
-type GenericFlag struct {
-	Name  string
-	Value Generic
-	Usage string
-}
-
-func (f GenericFlag) String() string {
-	return fmt.Sprintf("%s%s %v\t`%v` %s", prefixFor(f.Name), f.Name, f.Value, "-"+f.Name+" option -"+f.Name+" option", f.Usage)
-}
-
-func (f GenericFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Var(f.Value, name, f.Usage)
-	})
-}
-
-func (f GenericFlag) getName() string {
-	return f.Name
-}
-
-type StringSlice []string
-
-func (f *StringSlice) Set(value string) error {
-	*f = append(*f, value)
-	return nil
-}
-
-func (f *StringSlice) String() string {
-	return fmt.Sprintf("%s", *f)
-}
-
-func (f *StringSlice) Value() []string {
-	return *f
-}
-
-type StringSliceFlag struct {
-	Name  string
-	Value *StringSlice
-	Usage string
-}
-
-func (f StringSliceFlag) String() string {
-	firstName := strings.Trim(strings.Split(f.Name, ",")[0], " ")
-	pref := prefixFor(firstName)
-	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), pref+firstName+" option "+pref+firstName+" option", f.Usage)
-}
-
-func (f StringSliceFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Var(f.Value, name, f.Usage)
-	})
-}
-
-func (f StringSliceFlag) getName() string {
-	return f.Name
-}
-
-type IntSlice []int
-
-func (f *IntSlice) Set(value string) error {
-
-	tmp, err := strconv.Atoi(value)
-	if err != nil {
-		return err
-	} else {
-		*f = append(*f, tmp)
-	}
-	return nil
-}
-
-func (f *IntSlice) String() string {
-	return fmt.Sprintf("%d", *f)
-}
-
-func (f *IntSlice) Value() []int {
-	return *f
-}
-
-type IntSliceFlag struct {
-	Name  string
-	Value *IntSlice
-	Usage string
-}
-
-func (f IntSliceFlag) String() string {
-	firstName := strings.Trim(strings.Split(f.Name, ",")[0], " ")
-	pref := prefixFor(firstName)
-	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), pref+firstName+" option "+pref+firstName+" option", f.Usage)
-}
-
-func (f IntSliceFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Var(f.Value, name, f.Usage)
-	})
-}
-
-func (f IntSliceFlag) getName() string {
-	return f.Name
-}
-
-type BoolFlag struct {
-	Name  string
-	Usage string
-}
-
-func (f BoolFlag) String() string {
-	return fmt.Sprintf("%s\t%v", prefixedNames(f.Name), f.Usage)
-}
-
-func (f BoolFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Bool(name, false, f.Usage)
-	})
-}
-
-func (f BoolFlag) getName() string {
-	return f.Name
-}
-
-type BoolTFlag struct {
-	Name  string
-	Usage string
-}
-
-func (f BoolTFlag) String() string {
-	return fmt.Sprintf("%s\t%v", prefixedNames(f.Name), f.Usage)
-}
-
-func (f BoolTFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Bool(name, true, f.Usage)
-	})
-}
-
-func (f BoolTFlag) getName() string {
-	return f.Name
-}
-
-type StringFlag struct {
-	Name  string
-	Value string
-	Usage string
-}
-
-func (f StringFlag) String() string {
-	var fmtString string
-	fmtString = "%s %v\t%v"
-
-	if len(f.Value) > 0 {
-		fmtString = "%s '%v'\t%v"
-	} else {
-		fmtString = "%s %v\t%v"
-	}
-
-	return fmt.Sprintf(fmtString, prefixedNames(f.Name), f.Value, f.Usage)
-}
-
-func (f StringFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.String(name, f.Value, f.Usage)
-	})
-}
-
-func (f StringFlag) getName() string {
-	return f.Name
-}
-
-type IntFlag struct {
-	Name  string
-	Value int
-	Usage string
-}
-
-func (f IntFlag) String() string {
-	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), f.Value, f.Usage)
-}
-
-func (f IntFlag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Int(name, f.Value, f.Usage)
-	})
-}
-
-func (f IntFlag) getName() string {
-	return f.Name
-}
-
-type Float64Flag struct {
-	Name  string
-	Value float64
-	Usage string
-}
-
-func (f Float64Flag) String() string {
-	return fmt.Sprintf("%s '%v'\t%v", prefixedNames(f.Name), f.Value, f.Usage)
-}
-
-func (f Float64Flag) Apply(set *flag.FlagSet) {
-	eachName(f.Name, func(name string) {
-		set.Float64(name, f.Value, f.Usage)
-	})
-}
-
-func (f Float64Flag) getName() string {
-	return f.Name
-}
-
-func prefixFor(name string) (prefix string) {
-	if len(name) == 1 {
-		prefix = "-"
-	} else {
-		prefix = "--"
-	}
-
-	return
-}
-
-func prefixedNames(fullName string) (prefixed string) {
-	parts := strings.Split(fullName, ",")
-	for i, name := range parts {
-		name = strings.Trim(name, " ")
-		prefixed += prefixFor(name) + name
-		if i < len(parts)-1 {
-			prefixed += ", "
-		}
-	}
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
deleted file mode 100644
index 1c05f0144d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/flag_test.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package cli_test
-
-import (
-	"github.com/codegangsta/cli"
-
-	"fmt"
-	"reflect"
-	"strings"
-	"testing"
-)
-
-var boolFlagTests = []struct {
-	name     string
-	expected string
-}{
-	{"help", "--help\t"},
-	{"h", "-h\t"},
-}
-
-func TestBoolFlagHelpOutput(t *testing.T) {
-
-	for _, test := range boolFlagTests {
-		flag := cli.BoolFlag{Name: test.name}
-		output := flag.String()
-
-		if output != test.expected {
-			t.Errorf("%s does not match %s", output, test.expected)
-		}
-	}
-}
-
-var stringFlagTests = []struct {
-	name     string
-	value    string
-	expected string
-}{
-	{"help", "", "--help \t"},
-	{"h", "", "-h \t"},
-	{"h", "", "-h \t"},
-	{"test", "Something", "--test 'Something'\t"},
-}
-
-func TestStringFlagHelpOutput(t *testing.T) {
-
-	for _, test := range stringFlagTests {
-		flag := cli.StringFlag{Name: test.name, Value: test.value}
-		output := flag.String()
-
-		if output != test.expected {
-			t.Errorf("%s does not match %s", output, test.expected)
-		}
-	}
-}
-
-var intFlagTests = []struct {
-	name     string
-	expected string
-}{
-	{"help", "--help '0'\t"},
-	{"h", "-h '0'\t"},
-}
-
-func TestIntFlagHelpOutput(t *testing.T) {
-
-	for _, test := range intFlagTests {
-		flag := cli.IntFlag{Name: test.name}
-		output := flag.String()
-
-		if output != test.expected {
-			t.Errorf("%s does not match %s", output, test.expected)
-		}
-	}
-}
-
-var float64FlagTests = []struct {
-	name     string
-	expected string
-}{
-	{"help", "--help '0'\t"},
-	{"h", "-h '0'\t"},
-}
-
-func TestFloat64FlagHelpOutput(t *testing.T) {
-
-	for _, test := range float64FlagTests {
-		flag := cli.Float64Flag{Name: test.name}
-		output := flag.String()
-
-		if output != test.expected {
-			t.Errorf("%s does not match %s", output, test.expected)
-		}
-	}
-}
-
-func TestParseMultiString(t *testing.T) {
-	(&cli.App{
-		Flags: []cli.Flag{
-			cli.StringFlag{Name: "serve, s"},
-		},
-		Action: func(ctx *cli.Context) {
-			if ctx.String("serve") != "10" {
-				t.Errorf("main name not set")
-			}
-			if ctx.String("s") != "10" {
-				t.Errorf("short name not set")
-			}
-		},
-	}).Run([]string{"run", "-s", "10"})
-}
-
-func TestParseMultiStringSlice(t *testing.T) {
-	(&cli.App{
-		Flags: []cli.Flag{
-			cli.StringSliceFlag{Name: "serve, s", Value: &cli.StringSlice{}},
-		},
-		Action: func(ctx *cli.Context) {
-			if !reflect.DeepEqual(ctx.StringSlice("serve"), []string{"10", "20"}) {
-				t.Errorf("main name not set")
-			}
-			if !reflect.DeepEqual(ctx.StringSlice("s"), []string{"10", "20"}) {
-				t.Errorf("short name not set")
-			}
-		},
-	}).Run([]string{"run", "-s", "10", "-s", "20"})
-}
-
-func TestParseMultiInt(t *testing.T) {
-	a := cli.App{
-		Flags: []cli.Flag{
-			cli.IntFlag{Name: "serve, s"},
-		},
-		Action: func(ctx *cli.Context) {
-			if ctx.Int("serve") != 10 {
-				t.Errorf("main name not set")
-			}
-			if ctx.Int("s") != 10 {
-				t.Errorf("short name not set")
-			}
-		},
-	}
-	a.Run([]string{"run", "-s", "10"})
-}
-
-func TestParseMultiBool(t *testing.T) {
-	a := cli.App{
-		Flags: []cli.Flag{
-			cli.BoolFlag{Name: "serve, s"},
-		},
-		Action: func(ctx *cli.Context) {
-			if ctx.Bool("serve") != true {
-				t.Errorf("main name not set")
-			}
-			if ctx.Bool("s") != true {
-				t.Errorf("short name not set")
-			}
-		},
-	}
-	a.Run([]string{"run", "--serve"})
-}
-
-type Parser [2]string
-
-func (p *Parser) Set(value string) error {
-	parts := strings.Split(value, ",")
-	if len(parts) != 2 {
-		return fmt.Errorf("invalid format")
-	}
-
-	(*p)[0] = parts[0]
-	(*p)[1] = parts[1]
-
-	return nil
-}
-
-func (p *Parser) String() string {
-	return fmt.Sprintf("%s,%s", p[0], p[1])
-}
-
-func TestParseGeneric(t *testing.T) {
-	a := cli.App{
-		Flags: []cli.Flag{
-			cli.GenericFlag{Name: "serve, s", Value: &Parser{}},
-		},
-		Action: func(ctx *cli.Context) {
-			if !reflect.DeepEqual(ctx.Generic("serve"), &Parser{"10", "20"}) {
-				t.Errorf("main name not set")
-			}
-			if !reflect.DeepEqual(ctx.Generic("s"), &Parser{"10", "20"}) {
-				t.Errorf("short name not set")
-			}
-		},
-	}
-	a.Run([]string{"run", "-s", "10,20"})
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
deleted file mode 100644
index ccca036276..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/help.go
+++ /dev/null
@@ -1,213 +0,0 @@
-package cli
-
-import (
-	"fmt"
-	"os"
-	"text/tabwriter"
-	"text/template"
-)
-
-// The text template for the Default help topic.
-// cli.go uses text/template to render templates. You can
-// render custom help text by setting this variable.
-var AppHelpTemplate = `NAME:
-   {{.Name}} - {{.Usage}}
-
-USAGE:
-   {{.Name}} {{ if .Flags }}[global options] {{ end }}command{{ if .Flags }} [command options]{{ end }} [arguments...]
-
-VERSION:
-   {{.Version}}
-
-COMMANDS:
-   {{range .Commands}}{{.Name}}{{with .ShortName}}, {{.}}{{end}}{{ "\t" }}{{.Usage}}
-   {{end}}{{ if .Flags }}
-GLOBAL OPTIONS:
-   {{range .Flags}}{{.}}
-   {{end}}{{ end }}
-`
-
-// The text template for the command help topic.
-// cli.go uses text/template to render templates. You can
-// render custom help text by setting this variable.
-var CommandHelpTemplate = `NAME:
-   {{.Name}} - {{.Usage}}
-
-USAGE:
-   command {{.Name}}{{ if .Flags }} [command options]{{ end }} [arguments...]
-
-DESCRIPTION:
-   {{.Description}}{{ if .Flags }}
-
-OPTIONS:
-   {{range .Flags}}{{.}}
-   {{end}}{{ end }}
-`
-
-// The text template for the subcommand help topic.
-// cli.go uses text/template to render templates. You can
-// render custom help text by setting this variable.
-var SubcommandHelpTemplate = `NAME:
-   {{.Name}} - {{.Usage}}
-
-USAGE:
-   {{.Name}} command{{ if .Flags }} [command options]{{ end }} [arguments...]
-
-COMMANDS:
-   {{range .Commands}}{{.Name}}{{with .ShortName}}, {{.}}{{end}}{{ "\t" }}{{.Usage}}
-   {{end}}{{ if .Flags }}
-OPTIONS:
-   {{range .Flags}}{{.}}
-   {{end}}{{ end }}
-`
-
-var helpCommand = Command{
-	Name:      "help",
-	ShortName: "h",
-	Usage:     "Shows a list of commands or help for one command",
-	Action: func(c *Context) {
-		args := c.Args()
-		if args.Present() {
-			ShowCommandHelp(c, args.First())
-		} else {
-			ShowAppHelp(c)
-		}
-	},
-}
-
-var helpSubcommand = Command{
-	Name:      "help",
-	ShortName: "h",
-	Usage:     "Shows a list of commands or help for one command",
-	Action: func(c *Context) {
-		args := c.Args()
-		if args.Present() {
-			ShowCommandHelp(c, args.First())
-		} else {
-			ShowSubcommandHelp(c)
-		}
-	},
-}
-
-// Prints help for the App
-var HelpPrinter = printHelp
-
-func ShowAppHelp(c *Context) {
-	HelpPrinter(AppHelpTemplate, c.App)
-}
-
-// Prints the list of subcommands as the default app completion method
-func DefaultAppComplete(c *Context) {
-	for _, command := range c.App.Commands {
-		fmt.Println(command.Name)
-		if command.ShortName != "" {
-			fmt.Println(command.ShortName)
-		}
-	}
-}
-
-// Prints help for the given command
-func ShowCommandHelp(c *Context, command string) {
-	for _, c := range c.App.Commands {
-		if c.HasName(command) {
-			HelpPrinter(CommandHelpTemplate, c)
-			return
-		}
-	}
-
-	if c.App.CommandNotFound != nil {
-		c.App.CommandNotFound(c, command)
-	} else {
-		fmt.Printf("No help topic for '%v'\n", command)
-	}
-}
-
-// Prints help for the given subcommand
-func ShowSubcommandHelp(c *Context) {
-	HelpPrinter(SubcommandHelpTemplate, c.App)
-}
-
-// Prints the version number of the App
-func ShowVersion(c *Context) {
-	fmt.Printf("%v version %v\n", c.App.Name, c.App.Version)
-}
-
-// Prints the lists of commands within a given context
-func ShowCompletions(c *Context) {
-	a := c.App
-	if a != nil && a.BashComplete != nil {
-		a.BashComplete(c)
-	}
-}
-
-// Prints the custom completions for a given command
-func ShowCommandCompletions(ctx *Context, command string) {
-	c := ctx.App.Command(command)
-	if c != nil && c.BashComplete != nil {
-		c.BashComplete(ctx)
-	}
-}
-
-func printHelp(templ string, data interface{}) {
-	w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
-	t := template.Must(template.New("help").Parse(templ))
-	err := t.Execute(w, data)
-	if err != nil {
-		panic(err)
-	}
-	w.Flush()
-}
-
-func checkVersion(c *Context) bool {
-	if c.GlobalBool("version") {
-		ShowVersion(c)
-		return true
-	}
-
-	return false
-}
-
-func checkHelp(c *Context) bool {
-	if c.GlobalBool("h") || c.GlobalBool("help") {
-		ShowAppHelp(c)
-		return true
-	}
-
-	return false
-}
-
-func checkCommandHelp(c *Context, name string) bool {
-	if c.Bool("h") || c.Bool("help") {
-		ShowCommandHelp(c, name)
-		return true
-	}
-
-	return false
-}
-
-func checkSubcommandHelp(c *Context) bool {
-	if c.GlobalBool("h") || c.GlobalBool("help") {
-		ShowSubcommandHelp(c)
-		return true
-	}
-
-	return false
-}
-
-func checkCompletions(c *Context) bool {
-	if c.GlobalBool(BashCompletionFlag.Name) && c.App.EnableBashCompletion {
-		ShowCompletions(c)
-		return true
-	}
-
-	return false
-}
-
-func checkCommandCompletions(c *Context, name string) bool {
-	if c.Bool(BashCompletionFlag.Name) && c.App.EnableBashCompletion {
-		ShowCommandCompletions(c, name)
-		return true
-	}
-
-	return false
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
deleted file mode 100644
index cdc4feb2fc..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/codegangsta/cli/helpers_test.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package cli_test
-
-import (
-	"reflect"
-	"testing"
-)
-
-/* Test Helpers */
-func expect(t *testing.T, a interface{}, b interface{}) {
-	if a != b {
-		t.Errorf("Expected %v (type %v) - Got %v (type %v)", b, reflect.TypeOf(b), a, reflect.TypeOf(a))
-	}
-}
-
-func refute(t *testing.T, a interface{}, b interface{}) {
-	if a == b {
-		t.Errorf("Did not expect %v (type %v) - Got %v (type %v)", b, reflect.TypeOf(b), a, reflect.TypeOf(a))
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
deleted file mode 100644
index 8c9f56e44a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/.travis.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-language: go
-go: 1.2
-
-install:
- - echo "Skip install"
-
-script:
- - ./test
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
deleted file mode 100644
index 37ec93a14f..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/LICENSE
+++ /dev/null
@@ -1,191 +0,0 @@
-Apache License
-Version 2.0, January 2004
-http://www.apache.org/licenses/
-
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-1. Definitions.
-
-"License" shall mean the terms and conditions for use, reproduction, and
-distribution as defined by Sections 1 through 9 of this document.
-
-"Licensor" shall mean the copyright owner or entity authorized by the copyright
-owner that is granting the License.
-
-"Legal Entity" shall mean the union of the acting entity and all other entities
-that control, are controlled by, or are under common control with that entity.
-For the purposes of this definition, "control" means (i) the power, direct or
-indirect, to cause the direction or management of such entity, whether by
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
-outstanding shares, or (iii) beneficial ownership of such entity.
-
-"You" (or "Your") shall mean an individual or Legal Entity exercising
-permissions granted by this License.
-
-"Source" form shall mean the preferred form for making modifications, including
-but not limited to software source code, documentation source, and configuration
-files.
-
-"Object" form shall mean any form resulting from mechanical transformation or
-translation of a Source form, including but not limited to compiled object code,
-generated documentation, and conversions to other media types.
-
-"Work" shall mean the work of authorship, whether in Source or Object form, made
-available under the License, as indicated by a copyright notice that is included
-in or attached to the work (an example is provided in the Appendix below).
-
-"Derivative Works" shall mean any work, whether in Source or Object form, that
-is based on (or derived from) the Work and for which the editorial revisions,
-annotations, elaborations, or other modifications represent, as a whole, an
-original work of authorship. For the purposes of this License, Derivative Works
-shall not include works that remain separable from, or merely link (or bind by
-name) to the interfaces of, the Work and Derivative Works thereof.
-
-"Contribution" shall mean any work of authorship, including the original version
-of the Work and any modifications or additions to that Work or Derivative Works
-thereof, that is intentionally submitted to Licensor for inclusion in the Work
-by the copyright owner or by an individual or Legal Entity authorized to submit
-on behalf of the copyright owner. For the purposes of this definition,
-"submitted" means any form of electronic, verbal, or written communication sent
-to the Licensor or its representatives, including but not limited to
-communication on electronic mailing lists, source code control systems, and
-issue tracking systems that are managed by, or on behalf of, the Licensor for
-the purpose of discussing and improving the Work, but excluding communication
-that is conspicuously marked or otherwise designated in writing by the copyright
-owner as "Not a Contribution."
-
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
-of whom a Contribution has been received by Licensor and subsequently
-incorporated within the Work.
-
-2. Grant of Copyright License.
-
-Subject to the terms and conditions of this License, each Contributor hereby
-grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
-irrevocable copyright license to reproduce, prepare Derivative Works of,
-publicly display, publicly perform, sublicense, and distribute the Work and such
-Derivative Works in Source or Object form.
-
-3. Grant of Patent License.
-
-Subject to the terms and conditions of this License, each Contributor hereby
-grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
-irrevocable (except as stated in this section) patent license to make, have
-made, use, offer to sell, sell, import, and otherwise transfer the Work, where
-such license applies only to those patent claims licensable by such Contributor
-that are necessarily infringed by their Contribution(s) alone or by combination
-of their Contribution(s) with the Work to which such Contribution(s) was
-submitted. If You institute patent litigation against any entity (including a
-cross-claim or counterclaim in a lawsuit) alleging that the Work or a
-Contribution incorporated within the Work constitutes direct or contributory
-patent infringement, then any patent licenses granted to You under this License
-for that Work shall terminate as of the date such litigation is filed.
-
-4. Redistribution.
-
-You may reproduce and distribute copies of the Work or Derivative Works thereof
-in any medium, with or without modifications, and in Source or Object form,
-provided that You meet the following conditions:
-
-You must give any other recipients of the Work or Derivative Works a copy of
-this License; and
-You must cause any modified files to carry prominent notices stating that You
-changed the files; and
-You must retain, in the Source form of any Derivative Works that You distribute,
-all copyright, patent, trademark, and attribution notices from the Source form
-of the Work, excluding those notices that do not pertain to any part of the
-Derivative Works; and
-If the Work includes a "NOTICE" text file as part of its distribution, then any
-Derivative Works that You distribute must include a readable copy of the
-attribution notices contained within such NOTICE file, excluding those notices
-that do not pertain to any part of the Derivative Works, in at least one of the
-following places: within a NOTICE text file distributed as part of the
-Derivative Works; within the Source form or documentation, if provided along
-with the Derivative Works; or, within a display generated by the Derivative
-Works, if and wherever such third-party notices normally appear. The contents of
-the NOTICE file are for informational purposes only and do not modify the
-License. You may add Your own attribution notices within Derivative Works that
-You distribute, alongside or as an addendum to the NOTICE text from the Work,
-provided that such additional attribution notices cannot be construed as
-modifying the License.
-You may add Your own copyright statement to Your modifications and may provide
-additional or different license terms and conditions for use, reproduction, or
-distribution of Your modifications, or for any such Derivative Works as a whole,
-provided Your use, reproduction, and distribution of the Work otherwise complies
-with the conditions stated in this License.
-
-5. Submission of Contributions.
-
-Unless You explicitly state otherwise, any Contribution intentionally submitted
-for inclusion in the Work by You to the Licensor shall be under the terms and
-conditions of this License, without any additional terms or conditions.
-Notwithstanding the above, nothing herein shall supersede or modify the terms of
-any separate license agreement you may have executed with Licensor regarding
-such Contributions.
-
-6. Trademarks.
-
-This License does not grant permission to use the trade names, trademarks,
-service marks, or product names of the Licensor, except as required for
-reasonable and customary use in describing the origin of the Work and
-reproducing the content of the NOTICE file.
-
-7. Disclaimer of Warranty.
-
-Unless required by applicable law or agreed to in writing, Licensor provides the
-Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
-including, without limitation, any warranties or conditions of TITLE,
-NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
-solely responsible for determining the appropriateness of using or
-redistributing the Work and assume any risks associated with Your exercise of
-permissions under this License.
-
-8. Limitation of Liability.
-
-In no event and under no legal theory, whether in tort (including negligence),
-contract, or otherwise, unless required by applicable law (such as deliberate
-and grossly negligent acts) or agreed to in writing, shall any Contributor be
-liable to You for damages, including any direct, indirect, special, incidental,
-or consequential damages of any character arising as a result of this License or
-out of the use or inability to use the Work (including but not limited to
-damages for loss of goodwill, work stoppage, computer failure or malfunction, or
-any and all other commercial damages or losses), even if such Contributor has
-been advised of the possibility of such damages.
-
-9. Accepting Warranty or Additional Liability.
-
-While redistributing the Work or Derivative Works thereof, You may choose to
-offer, and charge a fee for, acceptance of support, warranty, indemnity, or
-other liability obligations and/or rights consistent with this License. However,
-in accepting such obligations, You may act only on Your own behalf and on Your
-sole responsibility, not on behalf of any other Contributor, and only if You
-agree to indemnify, defend, and hold each Contributor harmless for any liability
-incurred by, or claims asserted against, such Contributor by reason of your
-accepting any such warranty or additional liability.
-
-END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work
-
-To apply the Apache License to your work, attach the following boilerplate
-notice, with the fields enclosed by brackets "[]" replaced with your own
-identifying information. (Don't include the brackets!) The text should be
-enclosed in the appropriate comment syntax for the file format. We also
-recommend that a file or class name and description of purpose be included on
-the same "printed page" as the copyright notice for easier identification within
-third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
deleted file mode 100644
index 0ee09fec0a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# go-systemd
-
-Go bindings to systemd. The project has three packages:
-
-- activation - for writing and using socket activation from Go
-- journal - for writing to systemd's logging service, journal
-- dbus - for starting/stopping/inspecting running services and units
-
-Go docs for the entire project are here:
-
-http://godoc.org/github.com/coreos/go-systemd
-
-## Socket Activation
-
-An example HTTP server using socket activation can be quickly setup by
-following this README on a Linux machine running systemd:
-
-https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver
-
-## Journal
-
-Using this package you can submit journal entries directly to systemd's journal taking advantage of features like indexed key/value pairs for each log entry.
-
-## D-Bus
-
-The D-Bus API lets you start, stop and introspect systemd units. The API docs are here:
-
-http://godoc.org/github.com/coreos/go-systemd/dbus
-
-### Debugging
-
-Create `/etc/dbus-1/system-local.conf` that looks like this:
-
-```
-<!DOCTYPE busconfig PUBLIC
-"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
-"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-    <policy user="root">
-        <allow eavesdrop="true"/>
-        <allow eavesdrop="true" send_destination="*"/>
-    </policy>
-</busconfig>
-```
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
deleted file mode 100644
index 74b4fc10f3..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files.go
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package activation implements primitives for systemd socket activation.
-package activation
-
-import (
-	"os"
-	"strconv"
-	"syscall"
-)
-
-// based on: https://gist.github.com/alberts/4640792
-const (
-	listenFdsStart = 3
-)
-
-func Files(unsetEnv bool) []*os.File {
-	if unsetEnv {
-		// there is no way to unset env in golang os package for now
-		// https://code.google.com/p/go/issues/detail?id=6423
-		defer os.Setenv("LISTEN_PID", "")
-		defer os.Setenv("LISTEN_FDS", "")
-	}
-
-	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
-	if err != nil || pid != os.Getpid() {
-		return nil
-	}
-
-	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
-	if err != nil || nfds == 0 {
-		return nil
-	}
-
-	var files []*os.File
-	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
-		syscall.CloseOnExec(fd)
-		files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd)))
-	}
-
-	return files
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
deleted file mode 100644
index a1c6948fb2..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package activation
-
-import (
-	"bytes"
-	"io"
-	"os"
-	"os/exec"
-	"testing"
-)
-
-// correctStringWritten fails the text if the correct string wasn't written
-// to the other side of the pipe.
-func correctStringWritten(t *testing.T, r *os.File, expected string) bool {
-	bytes := make([]byte, len(expected))
-	io.ReadAtLeast(r, bytes, len(expected))
-
-	if string(bytes) != expected {
-		t.Fatalf("Unexpected string %s", string(bytes))
-	}
-
-	return true
-}
-
-// TestActivation forks out a copy of activation.go example and reads back two
-// strings from the pipes that are passed in.
-func TestActivation(t *testing.T) {
-	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
-
-	r1, w1, _ := os.Pipe()
-	r2, w2, _ := os.Pipe()
-	cmd.ExtraFiles = []*os.File{
-		w1,
-		w2,
-	}
-
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
-
-	err := cmd.Run()
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
-
-	correctStringWritten(t, r1, "Hello world")
-	correctStringWritten(t, r2, "Goodbye world")
-}
-
-func TestActivationNoFix(t *testing.T) {
-	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "LISTEN_FDS=2")
-
-	out, _ := cmd.CombinedOutput()
-	if bytes.Contains(out, []byte("No files")) == false {
-		t.Fatalf("Child didn't error out as expected")
-	}
-}
-
-func TestActivationNoFiles(t *testing.T) {
-	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "LISTEN_FDS=0", "FIX_LISTEN_PID=1")
-
-	out, _ := cmd.CombinedOutput()
-	if bytes.Contains(out, []byte("No files")) == false {
-		t.Fatalf("Child didn't error out as expected")
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
deleted file mode 100644
index cdb2cf4bb4..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-Copyright 2014 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package activation
-
-import (
-	"fmt"
-	"net"
-)
-
-// Listeners returns net.Listeners for all socket activated fds passed to this process.
-func Listeners(unsetEnv bool) ([]net.Listener, error) {
-	files := Files(unsetEnv)
-	listeners := make([]net.Listener, len(files))
-
-	for i, f := range files {
-		var err error
-		listeners[i], err = net.FileListener(f)
-		if err != nil {
-			return nil, fmt.Errorf("Error setting up FileListener for fd %d: %s", f.Fd(), err.Error())
-		}
-	}
-
-	return listeners, nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
deleted file mode 100644
index c3627d6d4d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
-Copyright 2014 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package activation
-
-import (
-	"io"
-	"net"
-	"os"
-	"os/exec"
-	"testing"
-)
-
-// correctStringWritten fails the text if the correct string wasn't written
-// to the other side of the pipe.
-func correctStringWrittenNet(t *testing.T, r net.Conn, expected string) bool {
-	bytes := make([]byte, len(expected))
-	io.ReadAtLeast(r, bytes, len(expected))
-
-	if string(bytes) != expected {
-		t.Fatalf("Unexpected string %s", string(bytes))
-	}
-
-	return true
-}
-
-// TestActivation forks out a copy of activation.go example and reads back two
-// strings from the pipes that are passed in.
-func TestListeners(t *testing.T) {
-	cmd := exec.Command("go", "run", "../examples/activation/listen.go")
-
-	l1, err := net.Listen("tcp", ":9999")
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
-	l2, err := net.Listen("tcp", ":1234")
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
-
-	t1 := l1.(*net.TCPListener)
-	t2 := l2.(*net.TCPListener)
-
-	f1, _ := t1.File()
-	f2, _  := t2.File()
-
-	cmd.ExtraFiles = []*os.File{
-		f1,
-		f2,
-	}
-
-	r1, err := net.Dial("tcp", "127.0.0.1:9999")
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
-	r1.Write([]byte("Hi"))
-
-	r2, err := net.Dial("tcp", "127.0.0.1:1234")
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
-	r2.Write([]byte("Hi"))
-
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
-
-	out, err := cmd.Output()
-	if err != nil {
-		println(string(out))
-		t.Fatalf(err.Error())
-	}
-
-	correctStringWrittenNet(t, r1, "Hello world")
-	correctStringWrittenNet(t, r2, "Goodbye world")
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
deleted file mode 100644
index 91d7112145..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
-package dbus
-
-import (
-	"os"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/godbus/dbus"
-)
-
-const signalBuffer = 100
-
-// ObjectPath creates a dbus.ObjectPath using the rules that systemd uses for
-// serializing special characters.
-func ObjectPath(path string) dbus.ObjectPath {
-	path = strings.Replace(path, ".", "_2e", -1)
-	path = strings.Replace(path, "-", "_2d", -1)
-	path = strings.Replace(path, "@", "_40", -1)
-
-	return dbus.ObjectPath(path)
-}
-
-// Conn is a connection to systemds dbus endpoint.
-type Conn struct {
-	sysconn     *dbus.Conn
-	sysobj      *dbus.Object
-	jobListener struct {
-		jobs map[dbus.ObjectPath]chan string
-		sync.Mutex
-	}
-	subscriber struct {
-		updateCh chan<- *SubStateUpdate
-		errCh    chan<- error
-		sync.Mutex
-		ignore      map[dbus.ObjectPath]int64
-		cleanIgnore int64
-	}
-	dispatch map[string]func(dbus.Signal)
-}
-
-// New() establishes a connection to the system bus and authenticates.
-func New() (*Conn, error) {
-	c := new(Conn)
-
-	if err := c.initConnection(); err != nil {
-		return nil, err
-	}
-
-	c.initJobs()
-	return c, nil
-}
-
-func (c *Conn) initConnection() error {
-	var err error
-	c.sysconn, err = dbus.SystemBusPrivate()
-	if err != nil {
-		return err
-	}
-
-	// Only use EXTERNAL method, and hardcode the uid (not username)
-	// to avoid a username lookup (which requires a dynamically linked
-	// libc)
-	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
-
-	err = c.sysconn.Auth(methods)
-	if err != nil {
-		c.sysconn.Close()
-		return err
-	}
-
-	err = c.sysconn.Hello()
-	if err != nil {
-		c.sysconn.Close()
-		return err
-	}
-
-	c.sysobj = c.sysconn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
-
-	// Setup the listeners on jobs so that we can get completions
-	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
-	c.initSubscription()
-	c.initDispatch()
-
-	return nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
deleted file mode 100644
index 2e80f73ef7..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"testing"
-)
-
-// TestObjectPath ensures path encoding of the systemd rules works.
-func TestObjectPath(t *testing.T) {
-	input := "/silly-path/to@a/unit..service"
-	output := ObjectPath(input)
-	expected := "/silly_2dpath/to_40a/unit_2e_2eservice"
-
-	if string(output) != expected {
-		t.Fatalf("Output '%s' did not match expected '%s'", output, expected)
-	}
-}
-
-// TestNew ensures that New() works without errors.
-func TestNew(t *testing.T) {
-	_, err := New()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
deleted file mode 100644
index a60de059e6..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"errors"
-	"github.com/godbus/dbus"
-)
-
-func (c *Conn) initJobs() {
-	c.jobListener.jobs = make(map[dbus.ObjectPath]chan string)
-}
-
-func (c *Conn) jobComplete(signal *dbus.Signal) {
-	var id uint32
-	var job dbus.ObjectPath
-	var unit string
-	var result string
-	dbus.Store(signal.Body, &id, &job, &unit, &result)
-	c.jobListener.Lock()
-	out, ok := c.jobListener.jobs[job]
-	if ok {
-		out <- result
-		delete(c.jobListener.jobs, job)
-	}
-	c.jobListener.Unlock()
-}
-
-func (c *Conn) startJob(job string, args ...interface{}) (<-chan string, error) {
-	c.jobListener.Lock()
-	defer c.jobListener.Unlock()
-
-	ch := make(chan string, 1)
-	var path dbus.ObjectPath
-	err := c.sysobj.Call(job, 0, args...).Store(&path)
-	if err != nil {
-		return nil, err
-	}
-	c.jobListener.jobs[path] = ch
-	return ch, nil
-}
-
-func (c *Conn) runJob(job string, args ...interface{}) (string, error) {
-	respCh, err := c.startJob(job, args...)
-	if err != nil {
-		return "", err
-	}
-	return <-respCh, nil
-}
-
-// StartUnit enqeues a start job and depending jobs, if any (unless otherwise
-// specified by the mode string).
-//
-// Takes the unit to activate, plus a mode string. The mode needs to be one of
-// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
-// "replace" the call will start the unit and its dependencies, possibly
-// replacing already queued jobs that conflict with this. If "fail" the call
-// will start the unit and its dependencies, but will fail if this would change
-// an already queued job. If "isolate" the call will start the unit in question
-// and terminate all units that aren't dependencies of it. If
-// "ignore-dependencies" it will start a unit but ignore all its dependencies.
-// If "ignore-requirements" it will start a unit but only ignore the
-// requirement dependencies. It is not recommended to make use of the latter
-// two options.
-//
-// Result string: one of done, canceled, timeout, failed, dependency, skipped.
-// done indicates successful execution of a job. canceled indicates that a job
-// has been canceled  before it finished execution. timeout indicates that the
-// job timeout was reached. failed indicates that the job failed. dependency
-// indicates that a job this job has been depending on failed and the job hence
-// has been removed too. skipped indicates that a job was skipped because it
-// didn't apply to the units current state.
-func (c *Conn) StartUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.StartUnit", name, mode)
-}
-
-// StopUnit is similar to StartUnit but stops the specified unit rather
-// than starting it.
-func (c *Conn) StopUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.StopUnit", name, mode)
-}
-
-// ReloadUnit reloads a unit.  Reloading is done only if the unit is already running and fails otherwise.
-func (c *Conn) ReloadUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
-}
-
-// RestartUnit restarts a service.  If a service is restarted that isn't
-// running it will be started.
-func (c *Conn) RestartUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
-}
-
-// TryRestartUnit is like RestartUnit, except that a service that isn't running
-// is not affected by the restart.
-func (c *Conn) TryRestartUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
-}
-
-// ReloadOrRestart attempts a reload if the unit supports it and use a restart
-// otherwise.
-func (c *Conn) ReloadOrRestartUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
-}
-
-// ReloadOrTryRestart attempts a reload if the unit supports it and use a "Try"
-// flavored restart otherwise.
-func (c *Conn) ReloadOrTryRestartUnit(name string, mode string) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
-}
-
-// StartTransientUnit() may be used to create and start a transient unit, which
-// will be released as soon as it is not running or referenced anymore or the
-// system is rebooted. name is the unit name including suffix, and must be
-// unique. mode is the same as in StartUnit(), properties contains properties
-// of the unit.
-func (c *Conn) StartTransientUnit(name string, mode string, properties ...Property) (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
-}
-
-// KillUnit takes the unit name and a UNIX signal number to send.  All of the unit's
-// processes are killed.
-func (c *Conn) KillUnit(name string, signal int32) {
-	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
-}
-
-// getProperties takes the unit name and returns all of its dbus object properties, for the given dbus interface
-func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]interface{}, error) {
-	var err error
-	var props map[string]dbus.Variant
-
-	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
-	if !path.IsValid() {
-		return nil, errors.New("invalid unit name: " + unit)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
-	if err != nil {
-		return nil, err
-	}
-
-	out := make(map[string]interface{}, len(props))
-	for k, v := range props {
-		out[k] = v.Value()
-	}
-
-	return out, nil
-}
-
-// GetUnitProperties takes the unit name and returns all of its dbus object properties.
-func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
-	return c.getProperties(unit, "org.freedesktop.systemd1.Unit")
-}
-
-func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
-	var err error
-	var prop dbus.Variant
-
-	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
-	if !path.IsValid() {
-		return nil, errors.New("invalid unit name: " + unit)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Property{Name: propertyName, Value: prop}, nil
-}
-
-func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
-}
-
-// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
-// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
-// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
-func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
-	return c.getProperties(unit, "org.freedesktop.systemd1."+unitType)
-}
-
-// SetUnitProperties() may be used to modify certain unit properties at runtime.
-// Not all properties may be changed at runtime, but many resource management
-// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
-// instantly, and stored on disk for future boots, unless runtime is true, in which
-// case the settings only apply until the next reboot. name is the name of the unit
-// to modify. properties are the settings to set, encoded as an array of property
-// name and value pairs.
-func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store()
-}
-
-func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1." + unitType, propertyName)
-}
-
-// ListUnits returns an array with all currently loaded units. Note that
-// units may be known by multiple names at the same time, and hence there might
-// be more unit names loaded than actual units behind them.
-func (c *Conn) ListUnits() ([]UnitStatus, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnits", 0).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	status := make([]UnitStatus, len(result))
-	statusInterface := make([]interface{}, len(status))
-	for i := range status {
-		statusInterface[i] = &status[i]
-	}
-
-	err = dbus.Store(resultInterface, statusInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return status, nil
-}
-
-type UnitStatus struct {
-	Name        string          // The primary unit name as string
-	Description string          // The human readable description string
-	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
-	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
-	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
-	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
-	Path        dbus.ObjectPath // The unit object path
-	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
-	JobType     string          // The job type as string
-	JobPath     dbus.ObjectPath // The job object path
-}
-
-type LinkUnitFileChange EnableUnitFileChange
-
-// LinkUnitFiles() links unit files (that are located outside of the
-// usual unit search paths) into the unit search path.
-//
-// It takes a list of absolute paths to unit files to link and two
-// booleans. The first boolean controls whether the unit shall be
-// enabled for runtime only (true, /run), or persistently (false,
-// /etc).
-// The second controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns a list of the changes made. The list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]LinkUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-// EnableUnitFiles() may be used to enable one or more units in the system (by
-// creating symlinks to them in /etc or /run).
-//
-// It takes a list of unit files to enable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and two booleans: the first controls whether the unit shall
-// be enabled for runtime only (true, /run), or persistently (false, /etc).
-// The second one controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns one boolean and an array with the changes made. The
-// boolean signals whether the unit files contained any enablement
-// information (i.e. an [Install]) section. The changes list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
-	var carries_install_info bool
-
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
-	if err != nil {
-		return false, nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]EnableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return false, nil, err
-	}
-
-	return carries_install_info, changes, nil
-}
-
-type EnableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// DisableUnitFiles() may be used to disable one or more units in the system (by
-// removing symlinks to them from /etc or /run).
-//
-// It takes a list of unit files to disable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and one boolean: whether the unit was enabled for runtime
-// only (true, /run), or persistently (false, /etc).
-//
-// This call returns an array with the changes made. The changes list
-// consists of structures with three strings: the type of the change (one of
-// symlink or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]DisableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type DisableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// Reload instructs systemd to scan for and reload unit files. This is
-// equivalent to a 'systemctl daemon-reload'.
-func (c *Conn) Reload() error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
deleted file mode 100644
index 8c7ab93eb3..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
+++ /dev/null
@@ -1,332 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"fmt"
-	"math/rand"
-	"os"
-	"path/filepath"
-	"reflect"
-	"testing"
-
-	"github.com/godbus/dbus"
-)
-
-func setupConn(t *testing.T) *Conn {
-	conn, err := New()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return conn
-}
-
-func findFixture(target string, t *testing.T) string {
-	abs, err := filepath.Abs("../fixtures/" + target)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return abs
-}
-
-func setupUnit(target string, conn *Conn, t *testing.T) {
-	// Blindly stop the unit in case it is running
-	conn.StopUnit(target, "replace")
-
-	// Blindly remove the symlink in case it exists
-	targetRun := filepath.Join("/run/systemd/system/", target)
-	os.Remove(targetRun)
-}
-
-func linkUnit(target string, conn *Conn, t *testing.T) {
-	abs := findFixture(target, t)
-	fixture := []string{abs}
-
-	changes, err := conn.LinkUnitFiles(fixture, true, true)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(changes) < 1 {
-		t.Fatalf("Expected one change, got %v", changes)
-	}
-
-	runPath := filepath.Join("/run/systemd/system/", target)
-	if changes[0].Filename != runPath {
-		t.Fatal("Unexpected target filename")
-	}
-}
-
-// Ensure that basic unit starting and stopping works.
-func TestStartStopUnit(t *testing.T) {
-	target := "start-stop.service"
-	conn := setupConn(t)
-
-	setupUnit(target, conn, t)
-	linkUnit(target, conn, t)
-
-	// 2. Start the unit
-	job, err := conn.StartUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if job != "done" {
-		t.Fatal("Job is not done:", job)
-	}
-
-	units, err := conn.ListUnits()
-
-	var unit *UnitStatus
-	for _, u := range units {
-		if u.Name == target {
-			unit = &u
-		}
-	}
-
-	if unit == nil {
-		t.Fatalf("Test unit not found in list")
-	}
-
-	if unit.ActiveState != "active" {
-		t.Fatalf("Test unit not active")
-	}
-
-	// 3. Stop the unit
-	job, err = conn.StopUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	units, err = conn.ListUnits()
-
-	unit = nil
-	for _, u := range units {
-		if u.Name == target {
-			unit = &u
-		}
-	}
-
-	if unit != nil {
-		t.Fatalf("Test unit found in list, should be stopped")
-	}
-}
-
-// Enables a unit and then immediately tears it down
-func TestEnableDisableUnit(t *testing.T) {
-	target := "enable-disable.service"
-	conn := setupConn(t)
-
-	setupUnit(target, conn, t)
-	abs := findFixture(target, t)
-	runPath := filepath.Join("/run/systemd/system/", target)
-
-	// 1. Enable the unit
-	install, changes, err := conn.EnableUnitFiles([]string{abs}, true, true)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if install != false {
-		t.Fatal("Install was true")
-	}
-
-	if len(changes) < 1 {
-		t.Fatalf("Expected one change, got %v", changes)
-	}
-
-	if changes[0].Filename != runPath {
-		t.Fatal("Unexpected target filename")
-	}
-
-	// 2. Disable the unit
-	dChanges, err := conn.DisableUnitFiles([]string{abs}, true)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(dChanges) != 1 {
-		t.Fatalf("Changes should include the path, %v", dChanges)
-	}
-	if dChanges[0].Filename != runPath {
-		t.Fatalf("Change should include correct filename, %+v", dChanges[0])
-	}
-	if dChanges[0].Destination != "" {
-		t.Fatalf("Change destination should be empty, %+v", dChanges[0])
-	}
-}
-
-// TestGetUnitProperties reads the `-.mount` which should exist on all systemd
-// systems and ensures that one of its properties is valid.
-func TestGetUnitProperties(t *testing.T) {
-	conn := setupConn(t)
-
-	unit := "-.mount"
-
-	info, err := conn.GetUnitProperties(unit)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	names := info["Wants"].([]string)
-
-	if len(names) < 1 {
-		t.Fatal("/ is unwanted")
-	}
-
-	if names[0] != "system.slice" {
-		t.Fatal("unexpected wants for /")
-	}
-
-	prop, err := conn.GetUnitProperty(unit, "Wants")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if prop.Name != "Wants" {
-		t.Fatal("unexpected property name")
-	}
-
-	val := prop.Value.Value().([]string)
-	if !reflect.DeepEqual(val, names) {
-		t.Fatal("unexpected property value")
-	}
-}
-
-// TestGetUnitPropertiesRejectsInvalidName attempts to get the properties for a
-// unit with an invalid name. This test should be run with --test.timeout set,
-// as a fail will manifest as GetUnitProperties hanging indefinitely.
-func TestGetUnitPropertiesRejectsInvalidName(t *testing.T) {
-	conn := setupConn(t)
-
-	unit := "//invalid#$^/"
-
-	_, err := conn.GetUnitProperties(unit)
-	if err == nil {
-		t.Fatal("Expected an error, got nil")
-	}
-
-	_, err = conn.GetUnitProperty(unit, "Wants")
-	if err == nil {
-		t.Fatal("Expected an error, got nil")
-	}
-}
-
-// TestSetUnitProperties changes a cgroup setting on the `tmp.mount`
-// which should exist on all systemd systems and ensures that the
-// property was set.
-func TestSetUnitProperties(t *testing.T) {
-	conn := setupConn(t)
-
-	unit := "tmp.mount"
-
-	if err := conn.SetUnitProperties(unit, true, Property{"CPUShares", dbus.MakeVariant(uint64(1023))}); err != nil {
-		t.Fatal(err)
-	}
-
-	info, err := conn.GetUnitTypeProperties(unit, "Mount")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	value := info["CPUShares"].(uint64)
-	if value != 1023 {
-		t.Fatal("CPUShares of unit is not 1023:", value)
-	}
-}
-
-// Ensure that basic transient unit starting and stopping works.
-func TestStartStopTransientUnit(t *testing.T) {
-	conn := setupConn(t)
-
-	props := []Property{
-		PropExecStart([]string{"/bin/sleep", "400"}, false),
-	}
-	target := fmt.Sprintf("testing-transient-%d.service", rand.Int())
-
-	// Start the unit
-	job, err := conn.StartTransientUnit(target, "replace", props...)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if job != "done" {
-		t.Fatal("Job is not done:", job)
-	}
-
-	units, err := conn.ListUnits()
-
-	var unit *UnitStatus
-	for _, u := range units {
-		if u.Name == target {
-			unit = &u
-		}
-	}
-
-	if unit == nil {
-		t.Fatalf("Test unit not found in list")
-	}
-
-	if unit.ActiveState != "active" {
-		t.Fatalf("Test unit not active")
-	}
-
-	// 3. Stop the unit
-	job, err = conn.StopUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	units, err = conn.ListUnits()
-
-	unit = nil
-	for _, u := range units {
-		if u.Name == target {
-			unit = &u
-		}
-	}
-
-	if unit != nil {
-		t.Fatalf("Test unit found in list, should be stopped")
-	}
-}
-
-func TestConnJobListener(t *testing.T) {
-	target := "start-stop.service"
-	conn := setupConn(t)
-
-	setupUnit(target, conn, t)
-	linkUnit(target, conn, t)
-
-	jobSize := len(conn.jobListener.jobs)
-
-	_, err := conn.StartUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = conn.StopUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	currentJobSize := len(conn.jobListener.jobs)
-	if jobSize != currentJobSize {
-		t.Fatal("JobListener jobs leaked")
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
deleted file mode 100644
index a06ccda761..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"github.com/godbus/dbus"
-)
-
-// From the systemd docs:
-//
-// The properties array of StartTransientUnit() may take many of the settings
-// that may also be configured in unit files. Not all parameters are currently
-// accepted though, but we plan to cover more properties with future release.
-// Currently you may set the Description, Slice and all dependency types of
-// units, as well as RemainAfterExit, ExecStart for service units,
-// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
-// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
-// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
-// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
-// directly to their counterparts in unit files and as normal D-Bus object
-// properties. The exception here is the PIDs field of scope units which is
-// used for construction of the scope only and specifies the initial PIDs to
-// add to the scope object.
-
-type Property struct {
-	Name  string
-	Value dbus.Variant
-}
-
-type PropertyCollection struct {
-	Name       string
-	Properties []Property
-}
-
-type execStart struct {
-	Path             string   // the binary path to execute
-	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
-	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
-}
-
-// PropExecStart sets the ExecStart service property.  The first argument is a
-// slice with the binary path to execute followed by the arguments to pass to
-// the executed command. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
-func PropExecStart(command []string, uncleanIsFailure bool) Property {
-	execStarts := []execStart{
-		execStart{
-			Path:             command[0],
-			Args:             command,
-			UncleanIsFailure: uncleanIsFailure,
-		},
-	}
-
-	return Property{
-		Name:  "ExecStart",
-		Value: dbus.MakeVariant(execStarts),
-	}
-}
-
-// PropRemainAfterExit sets the RemainAfterExit service property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
-func PropRemainAfterExit(b bool) Property {
-	return Property{
-		Name:  "RemainAfterExit",
-		Value: dbus.MakeVariant(b),
-	}
-}
-
-// PropDescription sets the Description unit property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
-func PropDescription(desc string) Property {
-	return Property{
-		Name:  "Description",
-		Value: dbus.MakeVariant(desc),
-	}
-}
-
-func propDependency(name string, units []string) Property {
-	return Property{
-		Name:  name,
-		Value: dbus.MakeVariant(units),
-	}
-}
-
-// PropRequires sets the Requires unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
-func PropRequires(units ...string) Property {
-	return propDependency("Requires", units)
-}
-
-// PropRequiresOverridable sets the RequiresOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
-func PropRequiresOverridable(units ...string) Property {
-	return propDependency("RequiresOverridable", units)
-}
-
-// PropRequisite sets the Requisite unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
-func PropRequisite(units ...string) Property {
-	return propDependency("Requisite", units)
-}
-
-// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
-func PropRequisiteOverridable(units ...string) Property {
-	return propDependency("RequisiteOverridable", units)
-}
-
-// PropWants sets the Wants unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
-func PropWants(units ...string) Property {
-	return propDependency("Wants", units)
-}
-
-// PropBindsTo sets the BindsTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
-func PropBindsTo(units ...string) Property {
-	return propDependency("BindsTo", units)
-}
-
-// PropRequiredBy sets the RequiredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
-func PropRequiredBy(units ...string) Property {
-	return propDependency("RequiredBy", units)
-}
-
-// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
-func PropRequiredByOverridable(units ...string) Property {
-	return propDependency("RequiredByOverridable", units)
-}
-
-// PropWantedBy sets the WantedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
-func PropWantedBy(units ...string) Property {
-	return propDependency("WantedBy", units)
-}
-
-// PropBoundBy sets the BoundBy unit property.  See
-// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
-func PropBoundBy(units ...string) Property {
-	return propDependency("BoundBy", units)
-}
-
-// PropConflicts sets the Conflicts unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
-func PropConflicts(units ...string) Property {
-	return propDependency("Conflicts", units)
-}
-
-// PropConflictedBy sets the ConflictedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
-func PropConflictedBy(units ...string) Property {
-	return propDependency("ConflictedBy", units)
-}
-
-// PropBefore sets the Before unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
-func PropBefore(units ...string) Property {
-	return propDependency("Before", units)
-}
-
-// PropAfter sets the After unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
-func PropAfter(units ...string) Property {
-	return propDependency("After", units)
-}
-
-// PropOnFailure sets the OnFailure unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
-func PropOnFailure(units ...string) Property {
-	return propDependency("OnFailure", units)
-}
-
-// PropTriggers sets the Triggers unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
-func PropTriggers(units ...string) Property {
-	return propDependency("Triggers", units)
-}
-
-// PropTriggeredBy sets the TriggeredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
-func PropTriggeredBy(units ...string) Property {
-	return propDependency("TriggeredBy", units)
-}
-
-// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
-func PropPropagatesReloadTo(units ...string) Property {
-	return propDependency("PropagatesReloadTo", units)
-}
-
-// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
-func PropRequiresMountsFor(units ...string) Property {
-	return propDependency("RequiresMountsFor", units)
-}
-
-// PropSlice sets the Slice unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
-func PropSlice(slice string) Property {
-	return Property{
-		Name:  "Slice",
-		Value: dbus.MakeVariant(slice),
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
deleted file mode 100644
index 45ad1fb399..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package dbus
-
-type set struct {
-	data map[string]bool
-}
-
-func (s *set) Add(value string) {
-	s.data[value] = true
-}
-
-func (s *set) Remove(value string) {
-	delete(s.data, value)
-}
-
-func (s *set) Contains(value string) (exists bool) {
-	_, exists = s.data[value]
-	return
-}
-
-func (s *set) Length() (int) {
-	return len(s.data)
-}
-
-func (s *set) Values() (values []string) {
-	 for val, _ := range s.data {
-		values = append(values, val)
-	 }
-	 return
-}
-
-func newSet() (*set) {
-	return &set{make(map[string] bool)}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
deleted file mode 100644
index c4435f8800..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package dbus
-
-import (
-	"testing"
-)
-
-// TestBasicSetActions asserts that Add & Remove behavior is correct
-func TestBasicSetActions(t *testing.T) {
-	s := newSet()
-
-	if s.Contains("foo") {
-		t.Fatal("set should not contain 'foo'")
-	}
-
-	s.Add("foo")
-
-	if !s.Contains("foo") {
-		t.Fatal("set should contain 'foo'")
-	}
-
-	v := s.Values()
-	if len(v) != 1 {
-		t.Fatal("set.Values did not report correct number of values")
-	}
-	if v[0] != "foo" {
-		t.Fatal("set.Values did not report value")
-	}
-
-	s.Remove("foo")
-
-	if s.Contains("foo") {
-		t.Fatal("set should not contain 'foo'")
-	}
-
-	v = s.Values()
-	if len(v) != 0 {
-		t.Fatal("set.Values did not report correct number of values")
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
deleted file mode 100644
index fcd29b6e8f..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"errors"
-	"time"
-
-	"github.com/godbus/dbus"
-)
-
-const (
-	cleanIgnoreInterval = int64(10 * time.Second)
-	ignoreInterval      = int64(30 * time.Millisecond)
-)
-
-// Subscribe sets up this connection to subscribe to all systemd dbus events.
-// This is required before calling SubscribeUnits. When the connection closes
-// systemd will automatically stop sending signals so there is no need to
-// explicitly call Unsubscribe().
-func (c *Conn) Subscribe() error {
-	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal',interface='org.freedesktop.systemd1.Manager',member='UnitNew'")
-	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'")
-
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Unsubscribe this connection from systemd dbus events.
-func (c *Conn) Unsubscribe() error {
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (c *Conn) initSubscription() {
-	c.subscriber.ignore = make(map[dbus.ObjectPath]int64)
-}
-
-func (c *Conn) initDispatch() {
-	ch := make(chan *dbus.Signal, signalBuffer)
-
-	c.sysconn.Signal(ch)
-
-	go func() {
-		for {
-			signal, ok := <-ch
-			if !ok {
-				return
-			}
-
-			switch signal.Name {
-			case "org.freedesktop.systemd1.Manager.JobRemoved":
-				c.jobComplete(signal)
-
-				unitName := signal.Body[2].(string)
-				var unitPath dbus.ObjectPath
-				c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath)
-				if unitPath != dbus.ObjectPath("") {
-					c.sendSubStateUpdate(unitPath)
-				}
-			case "org.freedesktop.systemd1.Manager.UnitNew":
-				c.sendSubStateUpdate(signal.Body[1].(dbus.ObjectPath))
-			case "org.freedesktop.DBus.Properties.PropertiesChanged":
-				if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" {
-					// we only care about SubState updates, which are a Unit property
-					c.sendSubStateUpdate(signal.Path)
-				}
-			}
-		}
-	}()
-}
-
-// Returns two unbuffered channels which will receive all changed units every
-// interval.  Deleted units are sent as nil.
-func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) {
-	return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil)
-}
-
-// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer
-// size of the channels, the comparison function for detecting changes and a filter
-// function for cutting down on the noise that your channel receives.
-func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func (string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
-	old := make(map[string]*UnitStatus)
-	statusChan := make(chan map[string]*UnitStatus, buffer)
-	errChan := make(chan error, buffer)
-
-	go func() {
-		for {
-			timerChan := time.After(interval)
-
-			units, err := c.ListUnits()
-			if err == nil {
-				cur := make(map[string]*UnitStatus)
-				for i := range units {
-					if filterUnit != nil && filterUnit(units[i].Name) {
-						continue
-					}
-					cur[units[i].Name] = &units[i]
-				}
-
-				// add all new or changed units
-				changed := make(map[string]*UnitStatus)
-				for n, u := range cur {
-					if oldU, ok := old[n]; !ok || isChanged(oldU, u) {
-						changed[n] = u
-					}
-					delete(old, n)
-				}
-
-				// add all deleted units
-				for oldN := range old {
-					changed[oldN] = nil
-				}
-
-				old = cur
-
-				if len(changed) != 0 {
-					statusChan <- changed
-				}
-			} else {
-				errChan <- err
-			}
-
-			<-timerChan
-		}
-	}()
-
-	return statusChan, errChan
-}
-
-type SubStateUpdate struct {
-	UnitName string
-	SubState string
-}
-
-// SetSubStateSubscriber writes to updateCh when any unit's substate changes.
-// Although this writes to updateCh on every state change, the reported state
-// may be more recent than the change that generated it (due to an unavoidable
-// race in the systemd dbus interface).  That is, this method provides a good
-// way to keep a current view of all units' states, but is not guaranteed to
-// show every state transition they go through.  Furthermore, state changes
-// will only be written to the channel with non-blocking writes.  If updateCh
-// is full, it attempts to write an error to errCh; if errCh is full, the error
-// passes silently.
-func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) {
-	c.subscriber.Lock()
-	defer c.subscriber.Unlock()
-	c.subscriber.updateCh = updateCh
-	c.subscriber.errCh = errCh
-}
-
-func (c *Conn) sendSubStateUpdate(path dbus.ObjectPath) {
-	c.subscriber.Lock()
-	defer c.subscriber.Unlock()
-	if c.subscriber.updateCh == nil {
-		return
-	}
-
-	if c.shouldIgnore(path) {
-		return
-	}
-
-	info, err := c.GetUnitProperties(string(path))
-	if err != nil {
-		select {
-		case c.subscriber.errCh <- err:
-		default:
-		}
-	}
-
-	name := info["Id"].(string)
-	substate := info["SubState"].(string)
-
-	update := &SubStateUpdate{name, substate}
-	select {
-	case c.subscriber.updateCh <- update:
-	default:
-		select {
-		case c.subscriber.errCh <- errors.New("update channel full!"):
-		default:
-		}
-	}
-
-	c.updateIgnore(path, info)
-}
-
-// The ignore functions work around a wart in the systemd dbus interface.
-// Requesting the properties of an unloaded unit will cause systemd to send a
-// pair of UnitNew/UnitRemoved signals.  Because we need to get a unit's
-// properties on UnitNew (as that's the only indication of a new unit coming up
-// for the first time), we would enter an infinite loop if we did not attempt
-// to detect and ignore these spurious signals.  The signal themselves are
-// indistinguishable from relevant ones, so we (somewhat hackishly) ignore an
-// unloaded unit's signals for a short time after requesting its properties.
-// This means that we will miss e.g. a transient unit being restarted
-// *immediately* upon failure and also a transient unit being started
-// immediately after requesting its status (with systemctl status, for example,
-// because this causes a UnitNew signal to be sent which then causes us to fetch
-// the properties).
-
-func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool {
-	t, ok := c.subscriber.ignore[path]
-	return ok && t >= time.Now().UnixNano()
-}
-
-func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) {
-	c.cleanIgnore()
-
-	// unit is unloaded - it will trigger bad systemd dbus behavior
-	if info["LoadState"].(string) == "not-found" {
-		c.subscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval
-	}
-}
-
-// without this, ignore would grow unboundedly over time
-func (c *Conn) cleanIgnore() {
-	now := time.Now().UnixNano()
-	if c.subscriber.cleanIgnore < now {
-		c.subscriber.cleanIgnore = now + cleanIgnoreInterval
-
-		for p, t := range c.subscriber.ignore {
-			if t < now {
-				delete(c.subscriber.ignore, p)
-			}
-		}
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
deleted file mode 100644
index 2625786052..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package dbus
-
-import (
-	"time"
-)
-
-// SubscriptionSet returns a subscription set which is like conn.Subscribe but
-// can filter to only return events for a set of units.
-type SubscriptionSet struct {
-	*set
-	conn *Conn
-}
-
-
-func (s *SubscriptionSet) filter(unit string) bool {
-	return !s.Contains(unit)
-}
-
-// Subscribe starts listening for dbus events for all of the units in the set.
-// Returns channels identical to conn.SubscribeUnits.
-func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) {
-	// TODO: Make fully evented by using systemd 209 with properties changed values
-	return s.conn.SubscribeUnitsCustom(time.Second, 0,
-		func(u1, u2 *UnitStatus) bool { return *u1 != *u2 },
-		func(unit string) bool { return s.filter(unit) },
-	)
-}
-
-// NewSubscriptionSet returns a new subscription set.
-func (conn *Conn) NewSubscriptionSet() (*SubscriptionSet) {
-	return &SubscriptionSet{newSet(), conn}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
deleted file mode 100644
index 4ecd15376d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package dbus
-
-import (
-	"testing"
-	"time"
-)
-
-// TestSubscribeUnit exercises the basics of subscription of a particular unit.
-func TestSubscriptionSetUnit(t *testing.T) {
-	target := "subscribe-events-set.service"
-
-	conn, err := New()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = conn.Subscribe()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	subSet := conn.NewSubscriptionSet()
-	evChan, errChan := subSet.Subscribe()
-
-	subSet.Add(target)
-	setupUnit(target, conn, t)
-	linkUnit(target, conn, t)
-
-	job, err := conn.StartUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if job != "done" {
-		t.Fatal("Couldn't start", target)
-	}
-
-	timeout := make(chan bool, 1)
-	go func() {
-		time.Sleep(3 * time.Second)
-		close(timeout)
-	}()
-
-	for {
-		select {
-		case changes := <-evChan:
-			tCh, ok := changes[target]
-
-			if !ok {
-				t.Fatal("Unexpected event:", changes)
-			}
-
-			if tCh.ActiveState == "active" && tCh.Name == target {
-				goto success
-			}
-		case err = <-errChan:
-			t.Fatal(err)
-		case <-timeout:
-			t.Fatal("Reached timeout")
-		}
-	}
-
-success:
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
deleted file mode 100644
index f2b5dfc28c..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package dbus
-
-import (
-	"testing"
-	"time"
-)
-
-// TestSubscribe exercises the basics of subscription
-func TestSubscribe(t *testing.T) {
-	conn, err := New()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = conn.Subscribe()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = conn.Unsubscribe()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-// TestSubscribeUnit exercises the basics of subscription of a particular unit.
-func TestSubscribeUnit(t *testing.T) {
-	target := "subscribe-events.service"
-
-	conn, err := New()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = conn.Subscribe()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = conn.Unsubscribe()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	evChan, errChan := conn.SubscribeUnits(time.Second)
-
-	setupUnit(target, conn, t)
-	linkUnit(target, conn, t)
-
-	job, err := conn.StartUnit(target, "replace")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if job != "done" {
-		t.Fatal("Couldn't start", target)
-	}
-
-	timeout := make(chan bool, 1)
-	go func() {
-		time.Sleep(3 * time.Second)
-		close(timeout)
-	}()
-
-	for {
-		select {
-		case changes := <-evChan:
-			tCh, ok := changes[target]
-
-			// Just continue until we see our event.
-			if !ok {
-				continue
-			}
-
-			if tCh.ActiveState == "active" && tCh.Name == target {
-				goto success
-			}
-		case err = <-errChan:
-			t.Fatal(err)
-		case <-timeout:
-			t.Fatal("Reached timeout")
-		}
-	}
-
-success:
-	return
-}
-
-
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
deleted file mode 100644
index b3cf70ed84..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Activation example used by the activation unit tests.
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/coreos/go-systemd/activation"
-)
-
-func fixListenPid() {
-	if os.Getenv("FIX_LISTEN_PID") != "" {
-		// HACK: real systemd would set LISTEN_PID before exec'ing but
-		// this is too difficult in golang for the purpose of a test.
-		// Do not do this in real code.
-		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
-	}
-}
-
-func main() {
-	fixListenPid()
-
-	files := activation.Files(false)
-
-	if len(files) == 0 {
-		panic("No files")
-	}
-
-	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
-		panic("Should not unset envs")
-	}
-
-	files = activation.Files(true)
-
-	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
-		panic("Can not unset envs")
-	}
-
-	// Write out the expected strings to the two pipes
-	files[0].Write([]byte("Hello world"))
-	files[1].Write([]byte("Goodbye world"))
-
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
deleted file mode 100644
index a350cca5e5..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-## socket activated http server
-
-This is a simple example of using socket activation with systemd to serve a
-simple HTTP server on http://127.0.0.1:8076
-
-To try it out `go get` the httpserver and run it under the systemd-activate helper
-
-```
-export GOPATH=`pwd`
-go get github.com/coreos/go-systemd/examples/activation/httpserver
-sudo /usr/lib/systemd/systemd-activate -l 127.0.0.1:8076 ./bin/httpserver
-```
-
-Then curl the URL and you will notice that it starts up:
-
-```
-curl 127.0.0.1:8076
-hello socket activated world!
-```
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
deleted file mode 100644
index c8dea0f6b3..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Hello World HTTP
-Requires=network.target
-After=multi-user.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/httpserver
-
-[Install]
-WantedBy=multi-user.target
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
deleted file mode 100644
index 723ed7ed92..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
+++ /dev/null
@@ -1,5 +0,0 @@
-[Socket]
-ListenStream=127.0.0.1:8076
-
-[Install]
-WantedBy=sockets.target
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
deleted file mode 100644
index 380c325d61..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package main
-
-import (
-	"io"
-	"net/http"
-
-	"github.com/coreos/go-systemd/activation"
-)
-
-func HelloServer(w http.ResponseWriter, req *http.Request) {
-	io.WriteString(w, "hello socket activated world!\n")
-}
-
-func main() {
-	listeners, err := activation.Listeners(true)
-	if err != nil {
-		panic(err)
-	}
-
-	if len(listeners) != 1 {
-		panic("Unexpected number of socket activation fds")
-	}
-
-	http.HandleFunc("/", HelloServer)
-	http.Serve(listeners[0], nil)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
deleted file mode 100644
index 5850a8b796..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Activation example used by the activation unit tests.
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/coreos/go-systemd/activation"
-)
-
-func fixListenPid() {
-	if os.Getenv("FIX_LISTEN_PID") != "" {
-		// HACK: real systemd would set LISTEN_PID before exec'ing but
-		// this is too difficult in golang for the purpose of a test.
-		// Do not do this in real code.
-		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
-	}
-}
-
-func main() {
-	fixListenPid()
-
-	listeners, _ := activation.Listeners(false)
-
-	if len(listeners) == 0 {
-		panic("No listeners")
-	}
-
-	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
-		panic("Should not unset envs")
-	}
-
-	listeners, err := activation.Listeners(true)
-	if err != nil {
-		panic(err)
-	}
-
-	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
-		panic("Can not unset envs")
-	}
-
-	c0, _ := listeners[0].Accept()
-	c1, _ := listeners[1].Accept()
-
-	// Write out the expected strings to the two pipes
-	c0.Write([]byte("Hello world"))
-	c1.Write([]byte("Goodbye world"))
-
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
deleted file mode 100644
index 74c9459088..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service
+++ /dev/null
@@ -1,5 +0,0 @@
-[Unit]
-Description=enable disable test
-
-[Service]
-ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
deleted file mode 100644
index a1f8c36773..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
+++ /dev/null
@@ -1,5 +0,0 @@
-[Unit]
-Description=start stop test
-
-[Service]
-ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
deleted file mode 100644
index a1f8c36773..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
+++ /dev/null
@@ -1,5 +0,0 @@
-[Unit]
-Description=start stop test
-
-[Service]
-ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
deleted file mode 100644
index a1f8c36773..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
+++ /dev/null
@@ -1,5 +0,0 @@
-[Unit]
-Description=start stop test
-
-[Service]
-ExecStart=/bin/sleep 400
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
deleted file mode 100644
index b52e120988..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/journal/send.go
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package journal provides write bindings to the systemd journal
-package journal
-
-import (
-	"bytes"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"os"
-	"strconv"
-	"strings"
-	"syscall"
-)
-
-// Priority of a journal message
-type Priority int
-
-const (
-	PriEmerg Priority = iota
-	PriAlert
-	PriCrit
-	PriErr
-	PriWarning
-	PriNotice
-	PriInfo
-	PriDebug
-)
-
-var conn net.Conn
-
-func init() {
-	var err error
-	conn, err = net.Dial("unixgram", "/run/systemd/journal/socket")
-	if err != nil {
-		conn = nil
-	}
-}
-
-// Enabled returns true iff the systemd journal is available for logging
-func Enabled() bool {
-	return conn != nil
-}
-
-// Send a message to the systemd journal. vars is a map of journald fields to
-// values.  Fields must be composed of uppercase letters, numbers, and
-// underscores, but must not start with an underscore. Within these
-// restrictions, any arbitrary field name may be used.  Some names have special
-// significance: see the journalctl documentation
-// (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html)
-// for more details.  vars may be nil.
-func Send(message string, priority Priority, vars map[string]string) error {
-	if conn == nil {
-		return journalError("could not connect to journald socket")
-	}
-
-	data := new(bytes.Buffer)
-	appendVariable(data, "PRIORITY", strconv.Itoa(int(priority)))
-	appendVariable(data, "MESSAGE", message)
-	for k, v := range vars {
-		appendVariable(data, k, v)
-	}
-
-	_, err := io.Copy(conn, data)
-	if err != nil && isSocketSpaceError(err) {
-		file, err := tempFd()
-		if err != nil {
-			return journalError(err.Error())
-		}
-		_, err = io.Copy(file, data)
-		if err != nil {
-			return journalError(err.Error())
-		}
-
-		rights := syscall.UnixRights(int(file.Fd()))
-
-		/* this connection should always be a UnixConn, but better safe than sorry */
-		unixConn, ok := conn.(*net.UnixConn)
-		if !ok {
-			return journalError("can't send file through non-Unix connection")
-		}
-		unixConn.WriteMsgUnix([]byte{}, rights, nil)
-	} else if err != nil {
-		return journalError(err.Error())
-	}
-	return nil
-}
-
-func appendVariable(w io.Writer, name, value string) {
-	if !validVarName(name) {
-		journalError("variable name contains invalid character, ignoring")
-	}
-	if strings.ContainsRune(value, '\n') {
-		/* When the value contains a newline, we write:
-		 * - the variable name, followed by a newline
-		 * - the size (in 64bit little endian format)
-		 * - the data, followed by a newline
-		 */
-		fmt.Fprintln(w, name)
-		binary.Write(w, binary.LittleEndian, uint64(len(value)))
-		fmt.Fprintln(w, value)
-	} else {
-		/* just write the variable and value all on one line */
-		fmt.Fprintf(w, "%s=%s\n", name, value)
-	}
-}
-
-func validVarName(name string) bool {
-	/* The variable name must be in uppercase and consist only of characters,
-	 * numbers and underscores, and may not begin with an underscore. (from the docs)
-	 */
-
-	valid := name[0] != '_'
-	for _, c := range name {
-		valid = valid && ('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') || c == '_'
-	}
-	return valid
-}
-
-func isSocketSpaceError(err error) bool {
-	opErr, ok := err.(*net.OpError)
-	if !ok {
-		return false
-	}
-
-	sysErr, ok := opErr.Err.(syscall.Errno)
-	if !ok {
-		return false
-	}
-
-	return sysErr == syscall.EMSGSIZE || sysErr == syscall.ENOBUFS
-}
-
-func tempFd() (*os.File, error) {
-	file, err := ioutil.TempFile("/dev/shm/", "journal.XXXXX")
-	if err != nil {
-		return nil, err
-	}
-	syscall.Unlink(file.Name())
-	if err != nil {
-		return nil, err
-	}
-	return file, nil
-}
-
-func journalError(s string) error {
-	s = "journal error: " + s
-	fmt.Fprintln(os.Stderr, s)
-	return errors.New(s)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
deleted file mode 100644
index d00dd110b5..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus.go
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
-Copyright 2014 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Integration with the systemd logind API.  See http://www.freedesktop.org/wiki/Software/systemd/logind/
-package login1
-
-import (
-	"os"
-	"strconv"
-
-	"github.com/godbus/dbus"
-)
-
-const (
-	dbusInterface = "org.freedesktop.login1.Manager"
-	dbusPath      = "/org/freedesktop/login1"
-)
-
-// Conn is a connection to systemds dbus endpoint.
-type Conn struct {
-	conn   *dbus.Conn
-	object *dbus.Object
-}
-
-// New() establishes a connection to the system bus and authenticates.
-func New() (*Conn, error) {
-	c := new(Conn)
-
-	if err := c.initConnection(); err != nil {
-		return nil, err
-	}
-
-	return c, nil
-}
-
-func (c *Conn) initConnection() error {
-	var err error
-	c.conn, err = dbus.SystemBusPrivate()
-	if err != nil {
-		return err
-	}
-
-	// Only use EXTERNAL method, and hardcode the uid (not username)
-	// to avoid a username lookup (which requires a dynamically linked
-	// libc)
-	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
-
-	err = c.conn.Auth(methods)
-	if err != nil {
-		c.conn.Close()
-		return err
-	}
-
-	err = c.conn.Hello()
-	if err != nil {
-		c.conn.Close()
-		return err
-	}
-
-	c.object = c.conn.Object("org.freedesktop.login1", dbus.ObjectPath(dbusPath))
-
-	return nil
-}
-
-// Reboot asks logind for a reboot optionally asking for auth.
-func (c *Conn) Reboot(askForAuth bool) {
-	c.object.Call(dbusInterface+".Reboot", 0, askForAuth)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
deleted file mode 100644
index 4439d37380..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/login1/dbus_test.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-Copyright 2014 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package login1
-
-import (
-	"testing"
-)
-
-// TestNew ensures that New() works without errors.
-func TestNew(t *testing.T) {
-	_, err := New()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
deleted file mode 100755
index 6e043658ae..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/coreos/go-systemd/test
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh -e
-
-go test -v ./...
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
deleted file mode 100644
index 06b252bcbc..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/LICENSE
+++ /dev/null
@@ -1,25 +0,0 @@
-Copyright (c) 2013, Georg Reinke (<guelfey at gmail dot com>)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
deleted file mode 100644
index 3ab2116651..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/README.markdown
+++ /dev/null
@@ -1,38 +0,0 @@
-dbus
-----
-
-dbus is a simple library that implements native Go client bindings for the
-D-Bus message bus system.
-
-### Features
-
-* Complete native implementation of the D-Bus message protocol
-* Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections)
-* Subpackages that help with the introspection / property interfaces
-
-### Installation
-
-This packages requires Go 1.1. If you installed it and set up your GOPATH, just run:
-
-```
-go get github.com/godbus/dbus
-```
-
-If you want to use the subpackages, you can install them the same way.
-
-### Usage
-
-The complete package documentation and some simple examples are available at
-[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the
-[_examples](https://github.com/godbus/dbus/tree/master/_examples) directory
-gives a short overview over the basic usage. 
-
-Please note that the API is considered unstable for now and may change without
-further notice.
-
-### License
-
-go.dbus is available under the Simplified BSD License; see LICENSE for the full
-text.
-
-Nearly all of the credit for this library goes to github.com/guelfey/go.dbus.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
deleted file mode 100644
index 11deef3cf8..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/godbus/dbus"
-	"os"
-)
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
-		os.Exit(1)
-	}
-
-	for _, v := range []string{"method_call", "method_return", "error", "signal"} {
-		call := conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-			"eavesdrop='true',type='"+v+"'")
-		if call.Err != nil {
-			fmt.Fprintln(os.Stderr, "Failed to add match:", call.Err)
-			os.Exit(1)
-		}
-	}
-	c := make(chan *dbus.Message, 10)
-	conn.Eavesdrop(c)
-	fmt.Println("Listening for everything")
-	for v := range c {
-		fmt.Println(v)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
deleted file mode 100644
index a2af4e5f24..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/introspect.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"github.com/godbus/dbus"
-	"github.com/godbus/dbus/introspect"
-	"os"
-)
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		panic(err)
-	}
-	node, err := introspect.Call(conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus"))
-	if err != nil {
-		panic(err)
-	}
-	data, _ := json.MarshalIndent(node, "", "    ")
-	os.Stdout.Write(data)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
deleted file mode 100644
index ce1f7ec52e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/list-names.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/godbus/dbus"
-	"os"
-)
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
-		os.Exit(1)
-	}
-
-	var s []string
-	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&s)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Failed to get list of owned names:", err)
-		os.Exit(1)
-	}
-
-	fmt.Println("Currently owned names on the session bus:")
-	for _, v := range s {
-		fmt.Println(v)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
deleted file mode 100644
index 5fe11d04c4..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/notification.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package main
-
-import "github.com/godbus/dbus"
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		panic(err)
-	}
-	obj := conn.Object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
-	call := obj.Call("org.freedesktop.Notifications.Notify", 0, "", uint32(0),
-		"", "Test", "This is a test of the DBus bindings for go.", []string{},
-		map[string]dbus.Variant{}, int32(5000))
-	if call.Err != nil {
-		panic(call.Err)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
deleted file mode 100644
index e3408c53e9..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/prop.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/godbus/dbus"
-	"github.com/godbus/dbus/introspect"
-	"github.com/godbus/dbus/prop"
-	"os"
-)
-
-type foo string
-
-func (f foo) Foo() (string, *dbus.Error) {
-	fmt.Println(f)
-	return string(f), nil
-}
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		panic(err)
-	}
-	reply, err := conn.RequestName("com.github.guelfey.Demo",
-		dbus.NameFlagDoNotQueue)
-	if err != nil {
-		panic(err)
-	}
-	if reply != dbus.RequestNameReplyPrimaryOwner {
-		fmt.Fprintln(os.Stderr, "name already taken")
-		os.Exit(1)
-	}
-	propsSpec := map[string]map[string]*prop.Prop{
-		"com.github.guelfey.Demo": {
-			"SomeInt": {
-				int32(0),
-				true,
-				prop.EmitTrue,
-				func(c *prop.Change) *dbus.Error {
-					fmt.Println(c.Name, "changed to", c.Value)
-					return nil
-				},
-			},
-		},
-	}
-	f := foo("Bar")
-	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
-	props := prop.New(conn, "/com/github/guelfey/Demo", propsSpec)
-	n := &introspect.Node{
-		Name: "/com/github/guelfey/Demo",
-		Interfaces: []introspect.Interface{
-			introspect.IntrospectData,
-			prop.IntrospectData,
-			{
-				Name:       "com.github.guelfey.Demo",
-				Methods:    introspect.Methods(f),
-				Properties: props.Introspection("com.github.guelfey.Demo"),
-			},
-		},
-	}
-	conn.Export(introspect.NewIntrospectable(n), "/com/github/guelfey/Demo",
-		"org.freedesktop.DBus.Introspectable")
-	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
-
-	c := make(chan *dbus.Signal)
-	conn.Signal(c)
-	for _ = range c {
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
deleted file mode 100644
index 32b7b291c7..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/server.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/godbus/dbus"
-	"github.com/godbus/dbus/introspect"
-	"os"
-)
-
-const intro = `
-<node>
-	<interface name="com.github.guelfey.Demo">
-		<method name="Foo">
-			<arg direction="out" type="s"/>
-		</method>
-	</interface>` + introspect.IntrospectDataString + `</node> `
-
-type foo string
-
-func (f foo) Foo() (string, *dbus.Error) {
-	fmt.Println(f)
-	return string(f), nil
-}
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		panic(err)
-	}
-	reply, err := conn.RequestName("com.github.guelfey.Demo",
-		dbus.NameFlagDoNotQueue)
-	if err != nil {
-		panic(err)
-	}
-	if reply != dbus.RequestNameReplyPrimaryOwner {
-		fmt.Fprintln(os.Stderr, "name already taken")
-		os.Exit(1)
-	}
-	f := foo("Bar!")
-	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
-	conn.Export(introspect.Introspectable(intro), "/com/github/guelfey/Demo",
-		"org.freedesktop.DBus.Introspectable")
-	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
-	select {}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
deleted file mode 100644
index 8f3f809759..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/_examples/signal.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/godbus/dbus"
-	"os"
-)
-
-func main() {
-	conn, err := dbus.SessionBus()
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
-		os.Exit(1)
-	}
-
-	conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',sender='org.freedesktop.DBus'")
-
-	c := make(chan *dbus.Signal, 10)
-	conn.Signal(c)
-	for v := range c {
-		fmt.Println(v)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
deleted file mode 100644
index 98017b693e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth.go
+++ /dev/null
@@ -1,253 +0,0 @@
-package dbus
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"io"
-	"os"
-	"strconv"
-)
-
-// AuthStatus represents the Status of an authentication mechanism.
-type AuthStatus byte
-
-const (
-	// AuthOk signals that authentication is finished; the next command
-	// from the server should be an OK.
-	AuthOk AuthStatus = iota
-
-	// AuthContinue signals that additional data is needed; the next command
-	// from the server should be a DATA.
-	AuthContinue
-
-	// AuthError signals an error; the server sent invalid data or some
-	// other unexpected thing happened and the current authentication
-	// process should be aborted.
-	AuthError
-)
-
-type authState byte
-
-const (
-	waitingForData authState = iota
-	waitingForOk
-	waitingForReject
-)
-
-// Auth defines the behaviour of an authentication mechanism.
-type Auth interface {
-	// Return the name of the mechnism, the argument to the first AUTH command
-	// and the next status.
-	FirstData() (name, resp []byte, status AuthStatus)
-
-	// Process the given DATA command, and return the argument to the DATA
-	// command and the next status. If len(resp) == 0, no DATA command is sent.
-	HandleData(data []byte) (resp []byte, status AuthStatus)
-}
-
-// Auth authenticates the connection, trying the given list of authentication
-// mechanisms (in that order). If nil is passed, the EXTERNAL and
-// DBUS_COOKIE_SHA1 mechanisms are tried for the current user. For private
-// connections, this method must be called before sending any messages to the
-// bus. Auth must not be called on shared connections.
-func (conn *Conn) Auth(methods []Auth) error {
-	if methods == nil {
-		uid := strconv.Itoa(os.Getuid())
-		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
-	}
-	in := bufio.NewReader(conn.transport)
-	err := conn.transport.SendNullByte()
-	if err != nil {
-		return err
-	}
-	err = authWriteLine(conn.transport, []byte("AUTH"))
-	if err != nil {
-		return err
-	}
-	s, err := authReadLine(in)
-	if err != nil {
-		return err
-	}
-	if len(s) < 2 || !bytes.Equal(s[0], []byte("REJECTED")) {
-		return errors.New("dbus: authentication protocol error")
-	}
-	s = s[1:]
-	for _, v := range s {
-		for _, m := range methods {
-			if name, data, status := m.FirstData(); bytes.Equal(v, name) {
-				var ok bool
-				err = authWriteLine(conn.transport, []byte("AUTH"), []byte(v), data)
-				if err != nil {
-					return err
-				}
-				switch status {
-				case AuthOk:
-					err, ok = conn.tryAuth(m, waitingForOk, in)
-				case AuthContinue:
-					err, ok = conn.tryAuth(m, waitingForData, in)
-				default:
-					panic("dbus: invalid authentication status")
-				}
-				if err != nil {
-					return err
-				}
-				if ok {
-					if conn.transport.SupportsUnixFDs() {
-						err = authWriteLine(conn, []byte("NEGOTIATE_UNIX_FD"))
-						if err != nil {
-							return err
-						}
-						line, err := authReadLine(in)
-						if err != nil {
-							return err
-						}
-						switch {
-						case bytes.Equal(line[0], []byte("AGREE_UNIX_FD")):
-							conn.EnableUnixFDs()
-							conn.unixFD = true
-						case bytes.Equal(line[0], []byte("ERROR")):
-						default:
-							return errors.New("dbus: authentication protocol error")
-						}
-					}
-					err = authWriteLine(conn.transport, []byte("BEGIN"))
-					if err != nil {
-						return err
-					}
-					go conn.inWorker()
-					go conn.outWorker()
-					return nil
-				}
-			}
-		}
-	}
-	return errors.New("dbus: authentication failed")
-}
-
-// tryAuth tries to authenticate with m as the mechanism, using state as the
-// initial authState and in for reading input. It returns (nil, true) on
-// success, (nil, false) on a REJECTED and (someErr, false) if some other
-// error occured.
-func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) {
-	for {
-		s, err := authReadLine(in)
-		if err != nil {
-			return err, false
-		}
-		switch {
-		case state == waitingForData && string(s[0]) == "DATA":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("ERROR"))
-				if err != nil {
-					return err, false
-				}
-				continue
-			}
-			data, status := m.HandleData(s[1])
-			switch status {
-			case AuthOk, AuthContinue:
-				if len(data) != 0 {
-					err = authWriteLine(conn.transport, []byte("DATA"), data)
-					if err != nil {
-						return err, false
-					}
-				}
-				if status == AuthOk {
-					state = waitingForOk
-				}
-			case AuthError:
-				err = authWriteLine(conn.transport, []byte("ERROR"))
-				if err != nil {
-					return err, false
-				}
-			}
-		case state == waitingForData && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForData && string(s[0]) == "ERROR":
-			err = authWriteLine(conn.transport, []byte("CANCEL"))
-			if err != nil {
-				return err, false
-			}
-			state = waitingForReject
-		case state == waitingForData && string(s[0]) == "OK":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("CANCEL"))
-				if err != nil {
-					return err, false
-				}
-				state = waitingForReject
-			}
-			conn.uuid = string(s[1])
-			return nil, true
-		case state == waitingForData:
-			err = authWriteLine(conn.transport, []byte("ERROR"))
-			if err != nil {
-				return err, false
-			}
-		case state == waitingForOk && string(s[0]) == "OK":
-			if len(s) != 2 {
-				err = authWriteLine(conn.transport, []byte("CANCEL"))
-				if err != nil {
-					return err, false
-				}
-				state = waitingForReject
-			}
-			conn.uuid = string(s[1])
-			return nil, true
-		case state == waitingForOk && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForOk && (string(s[0]) == "DATA" ||
-			string(s[0]) == "ERROR"):
-
-			err = authWriteLine(conn.transport, []byte("CANCEL"))
-			if err != nil {
-				return err, false
-			}
-			state = waitingForReject
-		case state == waitingForOk:
-			err = authWriteLine(conn.transport, []byte("ERROR"))
-			if err != nil {
-				return err, false
-			}
-		case state == waitingForReject && string(s[0]) == "REJECTED":
-			return nil, false
-		case state == waitingForReject:
-			return errors.New("dbus: authentication protocol error"), false
-		default:
-			panic("dbus: invalid auth state")
-		}
-	}
-}
-
-// authReadLine reads a line and separates it into its fields.
-func authReadLine(in *bufio.Reader) ([][]byte, error) {
-	data, err := in.ReadBytes('\n')
-	if err != nil {
-		return nil, err
-	}
-	data = bytes.TrimSuffix(data, []byte("\r\n"))
-	return bytes.Split(data, []byte{' '}), nil
-}
-
-// authWriteLine writes the given line in the authentication protocol format
-// (elements of data separated by a " " and terminated by "\r\n").
-func authWriteLine(out io.Writer, data ...[]byte) error {
-	buf := make([]byte, 0)
-	for i, v := range data {
-		buf = append(buf, v...)
-		if i != len(data)-1 {
-			buf = append(buf, ' ')
-		}
-	}
-	buf = append(buf, '\r')
-	buf = append(buf, '\n')
-	n, err := out.Write(buf)
-	if err != nil {
-		return err
-	}
-	if n != len(buf) {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
deleted file mode 100644
index 7e376d3ef6..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_external.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package dbus
-
-import (
-	"encoding/hex"
-)
-
-// AuthExternal returns an Auth that authenticates as the given user with the
-// EXTERNAL mechanism.
-func AuthExternal(user string) Auth {
-	return authExternal{user}
-}
-
-// AuthExternal implements the EXTERNAL authentication mechanism.
-type authExternal struct {
-	user string
-}
-
-func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) {
-	b := make([]byte, 2*len(a.user))
-	hex.Encode(b, []byte(a.user))
-	return []byte("EXTERNAL"), b, AuthOk
-}
-
-func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) {
-	return nil, AuthError
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
deleted file mode 100644
index df15b46119..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/auth_sha1.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package dbus
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/hex"
-	"os"
-)
-
-// AuthCookieSha1 returns an Auth that authenticates as the given user with the
-// DBUS_COOKIE_SHA1 mechanism. The home parameter should specify the home
-// directory of the user.
-func AuthCookieSha1(user, home string) Auth {
-	return authCookieSha1{user, home}
-}
-
-type authCookieSha1 struct {
-	user, home string
-}
-
-func (a authCookieSha1) FirstData() ([]byte, []byte, AuthStatus) {
-	b := make([]byte, 2*len(a.user))
-	hex.Encode(b, []byte(a.user))
-	return []byte("DBUS_COOKIE_SHA1"), b, AuthContinue
-}
-
-func (a authCookieSha1) HandleData(data []byte) ([]byte, AuthStatus) {
-	challenge := make([]byte, len(data)/2)
-	_, err := hex.Decode(challenge, data)
-	if err != nil {
-		return nil, AuthError
-	}
-	b := bytes.Split(challenge, []byte{' '})
-	if len(b) != 3 {
-		return nil, AuthError
-	}
-	context := b[0]
-	id := b[1]
-	svchallenge := b[2]
-	cookie := a.getCookie(context, id)
-	if cookie == nil {
-		return nil, AuthError
-	}
-	clchallenge := a.generateChallenge()
-	if clchallenge == nil {
-		return nil, AuthError
-	}
-	hash := sha1.New()
-	hash.Write(bytes.Join([][]byte{svchallenge, clchallenge, cookie}, []byte{':'}))
-	hexhash := make([]byte, 2*hash.Size())
-	hex.Encode(hexhash, hash.Sum(nil))
-	data = append(clchallenge, ' ')
-	data = append(data, hexhash...)
-	resp := make([]byte, 2*len(data))
-	hex.Encode(resp, data)
-	return resp, AuthOk
-}
-
-// getCookie searches for the cookie identified by id in context and returns
-// the cookie content or nil. (Since HandleData can't return a specific error,
-// but only whether an error occured, this function also doesn't bother to
-// return an error.)
-func (a authCookieSha1) getCookie(context, id []byte) []byte {
-	file, err := os.Open(a.home + "/.dbus-keyrings/" + string(context))
-	if err != nil {
-		return nil
-	}
-	defer file.Close()
-	rd := bufio.NewReader(file)
-	for {
-		line, err := rd.ReadBytes('\n')
-		if err != nil {
-			return nil
-		}
-		line = line[:len(line)-1]
-		b := bytes.Split(line, []byte{' '})
-		if len(b) != 3 {
-			return nil
-		}
-		if bytes.Equal(b[0], id) {
-			return b[2]
-		}
-	}
-}
-
-// generateChallenge returns a random, hex-encoded challenge, or nil on error
-// (see above).
-func (a authCookieSha1) generateChallenge() []byte {
-	b := make([]byte, 16)
-	n, err := rand.Read(b)
-	if err != nil {
-		return nil
-	}
-	if n != 16 {
-		return nil
-	}
-	enc := make([]byte, 32)
-	hex.Encode(enc, b)
-	return enc
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
deleted file mode 100644
index 1d2fbc7efd..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/call.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"strings"
-)
-
-// Call represents a pending or completed method call.
-type Call struct {
-	Destination string
-	Path        ObjectPath
-	Method      string
-	Args        []interface{}
-
-	// Strobes when the call is complete.
-	Done chan *Call
-
-	// After completion, the error status. If this is non-nil, it may be an
-	// error message from the peer (with Error as its type) or some other error.
-	Err error
-
-	// Holds the response once the call is done.
-	Body []interface{}
-}
-
-var errSignature = errors.New("dbus: mismatched signature")
-
-// Store stores the body of the reply into the provided pointers. It returns
-// an error if the signatures of the body and retvalues don't match, or if
-// the error status is not nil.
-func (c *Call) Store(retvalues ...interface{}) error {
-	if c.Err != nil {
-		return c.Err
-	}
-
-	return Store(c.Body, retvalues...)
-}
-
-// Object represents a remote object on which methods can be invoked.
-type Object struct {
-	conn *Conn
-	dest string
-	path ObjectPath
-}
-
-// Call calls a method with (*Object).Go and waits for its reply.
-func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call {
-	return <-o.Go(method, flags, make(chan *Call, 1), args...).Done
-}
-
-// GetProperty calls org.freedesktop.DBus.Properties.GetProperty on the given
-// object. The property name must be given in interface.member notation.
-func (o *Object) GetProperty(p string) (Variant, error) {
-	idx := strings.LastIndex(p, ".")
-	if idx == -1 || idx+1 == len(p) {
-		return Variant{}, errors.New("dbus: invalid property " + p)
-	}
-
-	iface := p[:idx]
-	prop := p[idx+1:]
-
-	result := Variant{}
-	err := o.Call("org.freedesktop.DBus.Properties.Get", 0, iface, prop).Store(&result)
-
-	if err != nil {
-		return Variant{}, err
-	}
-
-	return result, nil
-}
-
-// Go calls a method with the given arguments asynchronously. It returns a
-// Call structure representing this method call. The passed channel will
-// return the same value once the call is done. If ch is nil, a new channel
-// will be allocated. Otherwise, ch has to be buffered or Go will panic.
-//
-// If the flags include FlagNoReplyExpected, ch is ignored and a Call structure
-// is returned of which only the Err member is valid.
-//
-// If the method parameter contains a dot ('.'), the part before the last dot
-// specifies the interface on which the method is called.
-func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
-	iface := ""
-	i := strings.LastIndex(method, ".")
-	if i != -1 {
-		iface = method[:i]
-	}
-	method = method[i+1:]
-	msg := new(Message)
-	msg.Type = TypeMethodCall
-	msg.serial = o.conn.getSerial()
-	msg.Flags = flags & (FlagNoAutoStart | FlagNoReplyExpected)
-	msg.Headers = make(map[HeaderField]Variant)
-	msg.Headers[FieldPath] = MakeVariant(o.path)
-	msg.Headers[FieldDestination] = MakeVariant(o.dest)
-	msg.Headers[FieldMember] = MakeVariant(method)
-	if iface != "" {
-		msg.Headers[FieldInterface] = MakeVariant(iface)
-	}
-	msg.Body = args
-	if len(args) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(args...))
-	}
-	if msg.Flags&FlagNoReplyExpected == 0 {
-		if ch == nil {
-			ch = make(chan *Call, 10)
-		} else if cap(ch) == 0 {
-			panic("dbus: unbuffered channel passed to (*Object).Go")
-		}
-		call := &Call{
-			Destination: o.dest,
-			Path:        o.path,
-			Method:      method,
-			Args:        args,
-			Done:        ch,
-		}
-		o.conn.callsLck.Lock()
-		o.conn.calls[msg.serial] = call
-		o.conn.callsLck.Unlock()
-		o.conn.outLck.RLock()
-		if o.conn.closed {
-			call.Err = ErrClosed
-			call.Done <- call
-		} else {
-			o.conn.out <- msg
-		}
-		o.conn.outLck.RUnlock()
-		return call
-	}
-	o.conn.outLck.RLock()
-	defer o.conn.outLck.RUnlock()
-	if o.conn.closed {
-		return &Call{Err: ErrClosed}
-	}
-	o.conn.out <- msg
-	return &Call{Err: nil}
-}
-
-// Destination returns the destination that calls on o are sent to.
-func (o *Object) Destination() string {
-	return o.dest
-}
-
-// Path returns the path that calls on o are sent to.
-func (o *Object) Path() ObjectPath {
-	return o.path
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
deleted file mode 100644
index 75dd22652a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn.go
+++ /dev/null
@@ -1,601 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"io"
-	"os"
-	"reflect"
-	"strings"
-	"sync"
-)
-
-const defaultSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
-
-var (
-	systemBus     *Conn
-	systemBusLck  sync.Mutex
-	sessionBus    *Conn
-	sessionBusLck sync.Mutex
-)
-
-// ErrClosed is the error returned by calls on a closed connection.
-var ErrClosed = errors.New("dbus: connection closed by user")
-
-// Conn represents a connection to a message bus (usually, the system or
-// session bus).
-//
-// Connections are either shared or private. Shared connections
-// are shared between calls to the functions that return them. As a result,
-// the methods Close, Auth and Hello must not be called on them.
-//
-// Multiple goroutines may invoke methods on a connection simultaneously.
-type Conn struct {
-	transport
-
-	busObj *Object
-	unixFD bool
-	uuid   string
-
-	names    []string
-	namesLck sync.RWMutex
-
-	serialLck  sync.Mutex
-	nextSerial uint32
-	serialUsed map[uint32]bool
-
-	calls    map[uint32]*Call
-	callsLck sync.RWMutex
-
-	handlers    map[ObjectPath]map[string]interface{}
-	handlersLck sync.RWMutex
-
-	out    chan *Message
-	closed bool
-	outLck sync.RWMutex
-
-	signals    []chan<- *Signal
-	signalsLck sync.Mutex
-
-	eavesdropped    chan<- *Message
-	eavesdroppedLck sync.Mutex
-}
-
-// SessionBus returns a shared connection to the session bus, connecting to it
-// if not already done.
-func SessionBus() (conn *Conn, err error) {
-	sessionBusLck.Lock()
-	defer sessionBusLck.Unlock()
-	if sessionBus != nil {
-		return sessionBus, nil
-	}
-	defer func() {
-		if conn != nil {
-			sessionBus = conn
-		}
-	}()
-	conn, err = SessionBusPrivate()
-	if err != nil {
-		return
-	}
-	if err = conn.Auth(nil); err != nil {
-		conn.Close()
-		conn = nil
-		return
-	}
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		conn = nil
-	}
-	return
-}
-
-// SessionBusPrivate returns a new private connection to the session bus.
-func SessionBusPrivate() (*Conn, error) {
-	address := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
-	if address != "" && address != "autolaunch:" {
-		return Dial(address)
-	}
-
-	return sessionBusPlatform()
-}
-
-// SystemBus returns a shared connection to the system bus, connecting to it if
-// not already done.
-func SystemBus() (conn *Conn, err error) {
-	systemBusLck.Lock()
-	defer systemBusLck.Unlock()
-	if systemBus != nil {
-		return systemBus, nil
-	}
-	defer func() {
-		if conn != nil {
-			systemBus = conn
-		}
-	}()
-	conn, err = SystemBusPrivate()
-	if err != nil {
-		return
-	}
-	if err = conn.Auth(nil); err != nil {
-		conn.Close()
-		conn = nil
-		return
-	}
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		conn = nil
-	}
-	return
-}
-
-// SystemBusPrivate returns a new private connection to the system bus.
-func SystemBusPrivate() (*Conn, error) {
-	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
-	if address != "" {
-		return Dial(address)
-	}
-	return Dial(defaultSystemBusAddress)
-}
-
-// Dial establishes a new private connection to the message bus specified by address.
-func Dial(address string) (*Conn, error) {
-	tr, err := getTransport(address)
-	if err != nil {
-		return nil, err
-	}
-	return newConn(tr)
-}
-
-// NewConn creates a new private *Conn from an already established connection.
-func NewConn(conn io.ReadWriteCloser) (*Conn, error) {
-	return newConn(genericTransport{conn})
-}
-
-// newConn creates a new *Conn from a transport.
-func newConn(tr transport) (*Conn, error) {
-	conn := new(Conn)
-	conn.transport = tr
-	conn.calls = make(map[uint32]*Call)
-	conn.out = make(chan *Message, 10)
-	conn.handlers = make(map[ObjectPath]map[string]interface{})
-	conn.nextSerial = 1
-	conn.serialUsed = map[uint32]bool{0: true}
-	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
-	return conn, nil
-}
-
-// BusObject returns the object owned by the bus daemon which handles
-// administrative requests.
-func (conn *Conn) BusObject() *Object {
-	return conn.busObj
-}
-
-// Close closes the connection. Any blocked operations will return with errors
-// and the channels passed to Eavesdrop and Signal are closed. This method must
-// not be called on shared connections.
-func (conn *Conn) Close() error {
-	conn.outLck.Lock()
-	close(conn.out)
-	conn.closed = true
-	conn.outLck.Unlock()
-	conn.signalsLck.Lock()
-	for _, ch := range conn.signals {
-		close(ch)
-	}
-	conn.signalsLck.Unlock()
-	conn.eavesdroppedLck.Lock()
-	if conn.eavesdropped != nil {
-		close(conn.eavesdropped)
-	}
-	conn.eavesdroppedLck.Unlock()
-	return conn.transport.Close()
-}
-
-// Eavesdrop causes conn to send all incoming messages to the given channel
-// without further processing. Method replies, errors and signals will not be
-// sent to the appropiate channels and method calls will not be handled. If nil
-// is passed, the normal behaviour is restored.
-//
-// The caller has to make sure that ch is sufficiently buffered;
-// if a message arrives when a write to ch is not possible, the message is
-// discarded.
-func (conn *Conn) Eavesdrop(ch chan<- *Message) {
-	conn.eavesdroppedLck.Lock()
-	conn.eavesdropped = ch
-	conn.eavesdroppedLck.Unlock()
-}
-
-// getSerial returns an unused serial.
-func (conn *Conn) getSerial() uint32 {
-	conn.serialLck.Lock()
-	defer conn.serialLck.Unlock()
-	n := conn.nextSerial
-	for conn.serialUsed[n] {
-		n++
-	}
-	conn.serialUsed[n] = true
-	conn.nextSerial = n + 1
-	return n
-}
-
-// Hello sends the initial org.freedesktop.DBus.Hello call. This method must be
-// called after authentication, but before sending any other messages to the
-// bus. Hello must not be called for shared connections.
-func (conn *Conn) Hello() error {
-	var s string
-	err := conn.busObj.Call("org.freedesktop.DBus.Hello", 0).Store(&s)
-	if err != nil {
-		return err
-	}
-	conn.namesLck.Lock()
-	conn.names = make([]string, 1)
-	conn.names[0] = s
-	conn.namesLck.Unlock()
-	return nil
-}
-
-// inWorker runs in an own goroutine, reading incoming messages from the
-// transport and dispatching them appropiately.
-func (conn *Conn) inWorker() {
-	for {
-		msg, err := conn.ReadMessage()
-		if err == nil {
-			conn.eavesdroppedLck.Lock()
-			if conn.eavesdropped != nil {
-				select {
-				case conn.eavesdropped <- msg:
-				default:
-				}
-				conn.eavesdroppedLck.Unlock()
-				continue
-			}
-			conn.eavesdroppedLck.Unlock()
-			dest, _ := msg.Headers[FieldDestination].value.(string)
-			found := false
-			if dest == "" {
-				found = true
-			} else {
-				conn.namesLck.RLock()
-				if len(conn.names) == 0 {
-					found = true
-				}
-				for _, v := range conn.names {
-					if dest == v {
-						found = true
-						break
-					}
-				}
-				conn.namesLck.RUnlock()
-			}
-			if !found {
-				// Eavesdropped a message, but no channel for it is registered.
-				// Ignore it.
-				continue
-			}
-			switch msg.Type {
-			case TypeMethodReply, TypeError:
-				serial := msg.Headers[FieldReplySerial].value.(uint32)
-				conn.callsLck.Lock()
-				if c, ok := conn.calls[serial]; ok {
-					if msg.Type == TypeError {
-						name, _ := msg.Headers[FieldErrorName].value.(string)
-						c.Err = Error{name, msg.Body}
-					} else {
-						c.Body = msg.Body
-					}
-					c.Done <- c
-					conn.serialLck.Lock()
-					delete(conn.serialUsed, serial)
-					conn.serialLck.Unlock()
-					delete(conn.calls, serial)
-				}
-				conn.callsLck.Unlock()
-			case TypeSignal:
-				iface := msg.Headers[FieldInterface].value.(string)
-				member := msg.Headers[FieldMember].value.(string)
-				// as per http://dbus.freedesktop.org/doc/dbus-specification.html ,
-				// sender is optional for signals.
-				sender, _ := msg.Headers[FieldSender].value.(string)
-				if iface == "org.freedesktop.DBus" && member == "NameLost" &&
-					sender == "org.freedesktop.DBus" {
-
-					name, _ := msg.Body[0].(string)
-					conn.namesLck.Lock()
-					for i, v := range conn.names {
-						if v == name {
-							copy(conn.names[i:], conn.names[i+1:])
-							conn.names = conn.names[:len(conn.names)-1]
-						}
-					}
-					conn.namesLck.Unlock()
-				}
-				signal := &Signal{
-					Sender: sender,
-					Path:   msg.Headers[FieldPath].value.(ObjectPath),
-					Name:   iface + "." + member,
-					Body:   msg.Body,
-				}
-				conn.signalsLck.Lock()
-				for _, ch := range conn.signals {
-					// don't block trying to send a signal
-					select {
-					case ch <- signal:
-					default:
-					}
-				}
-				conn.signalsLck.Unlock()
-			case TypeMethodCall:
-				go conn.handleCall(msg)
-			}
-		} else if _, ok := err.(InvalidMessageError); !ok {
-			// Some read error occured (usually EOF); we can't really do
-			// anything but to shut down all stuff and returns errors to all
-			// pending replies.
-			conn.Close()
-			conn.callsLck.RLock()
-			for _, v := range conn.calls {
-				v.Err = err
-				v.Done <- v
-			}
-			conn.callsLck.RUnlock()
-			return
-		}
-		// invalid messages are ignored
-	}
-}
-
-// Names returns the list of all names that are currently owned by this
-// connection. The slice is always at least one element long, the first element
-// being the unique name of the connection.
-func (conn *Conn) Names() []string {
-	conn.namesLck.RLock()
-	// copy the slice so it can't be modified
-	s := make([]string, len(conn.names))
-	copy(s, conn.names)
-	conn.namesLck.RUnlock()
-	return s
-}
-
-// Object returns the object identified by the given destination name and path.
-func (conn *Conn) Object(dest string, path ObjectPath) *Object {
-	return &Object{conn, dest, path}
-}
-
-// outWorker runs in an own goroutine, encoding and sending messages that are
-// sent to conn.out.
-func (conn *Conn) outWorker() {
-	for msg := range conn.out {
-		err := conn.SendMessage(msg)
-		conn.callsLck.RLock()
-		if err != nil {
-			if c := conn.calls[msg.serial]; c != nil {
-				c.Err = err
-				c.Done <- c
-			}
-			conn.serialLck.Lock()
-			delete(conn.serialUsed, msg.serial)
-			conn.serialLck.Unlock()
-		} else if msg.Type != TypeMethodCall {
-			conn.serialLck.Lock()
-			delete(conn.serialUsed, msg.serial)
-			conn.serialLck.Unlock()
-		}
-		conn.callsLck.RUnlock()
-	}
-}
-
-// Send sends the given message to the message bus. You usually don't need to
-// use this; use the higher-level equivalents (Call / Go, Emit and Export)
-// instead. If msg is a method call and NoReplyExpected is not set, a non-nil
-// call is returned and the same value is sent to ch (which must be buffered)
-// once the call is complete. Otherwise, ch is ignored and a Call structure is
-// returned of which only the Err member is valid.
-func (conn *Conn) Send(msg *Message, ch chan *Call) *Call {
-	var call *Call
-
-	msg.serial = conn.getSerial()
-	if msg.Type == TypeMethodCall && msg.Flags&FlagNoReplyExpected == 0 {
-		if ch == nil {
-			ch = make(chan *Call, 5)
-		} else if cap(ch) == 0 {
-			panic("dbus: unbuffered channel passed to (*Conn).Send")
-		}
-		call = new(Call)
-		call.Destination, _ = msg.Headers[FieldDestination].value.(string)
-		call.Path, _ = msg.Headers[FieldPath].value.(ObjectPath)
-		iface, _ := msg.Headers[FieldInterface].value.(string)
-		member, _ := msg.Headers[FieldMember].value.(string)
-		call.Method = iface + "." + member
-		call.Args = msg.Body
-		call.Done = ch
-		conn.callsLck.Lock()
-		conn.calls[msg.serial] = call
-		conn.callsLck.Unlock()
-		conn.outLck.RLock()
-		if conn.closed {
-			call.Err = ErrClosed
-			call.Done <- call
-		} else {
-			conn.out <- msg
-		}
-		conn.outLck.RUnlock()
-	} else {
-		conn.outLck.RLock()
-		if conn.closed {
-			call = &Call{Err: ErrClosed}
-		} else {
-			conn.out <- msg
-			call = &Call{Err: nil}
-		}
-		conn.outLck.RUnlock()
-	}
-	return call
-}
-
-// sendError creates an error message corresponding to the parameters and sends
-// it to conn.out.
-func (conn *Conn) sendError(e Error, dest string, serial uint32) {
-	msg := new(Message)
-	msg.Type = TypeError
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	if dest != "" {
-		msg.Headers[FieldDestination] = MakeVariant(dest)
-	}
-	msg.Headers[FieldErrorName] = MakeVariant(e.Name)
-	msg.Headers[FieldReplySerial] = MakeVariant(serial)
-	msg.Body = e.Body
-	if len(e.Body) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...))
-	}
-	conn.outLck.RLock()
-	if !conn.closed {
-		conn.out <- msg
-	}
-	conn.outLck.RUnlock()
-}
-
-// sendReply creates a method reply message corresponding to the parameters and
-// sends it to conn.out.
-func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) {
-	msg := new(Message)
-	msg.Type = TypeMethodReply
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	if dest != "" {
-		msg.Headers[FieldDestination] = MakeVariant(dest)
-	}
-	msg.Headers[FieldReplySerial] = MakeVariant(serial)
-	msg.Body = values
-	if len(values) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
-	}
-	conn.outLck.RLock()
-	if !conn.closed {
-		conn.out <- msg
-	}
-	conn.outLck.RUnlock()
-}
-
-// Signal registers the given channel to be passed all received signal messages.
-// The caller has to make sure that ch is sufficiently buffered; if a message
-// arrives when a write to c is not possible, it is discarded.
-//
-// Multiple of these channels can be registered at the same time. Passing a
-// channel that already is registered will remove it from the list of the
-// registered channels.
-//
-// These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
-// channel for eavesdropped messages, this channel receives all signals, and
-// none of the channels passed to Signal will receive any signals.
-func (conn *Conn) Signal(ch chan<- *Signal) {
-	conn.signalsLck.Lock()
-	conn.signals = append(conn.signals, ch)
-	conn.signalsLck.Unlock()
-}
-
-// SupportsUnixFDs returns whether the underlying transport supports passing of
-// unix file descriptors. If this is false, method calls containing unix file
-// descriptors will return an error and emitted signals containing them will
-// not be sent.
-func (conn *Conn) SupportsUnixFDs() bool {
-	return conn.unixFD
-}
-
-// Error represents a D-Bus message of type Error.
-type Error struct {
-	Name string
-	Body []interface{}
-}
-
-func (e Error) Error() string {
-	if len(e.Body) >= 1 {
-		s, ok := e.Body[0].(string)
-		if ok {
-			return s
-		}
-	}
-	return e.Name
-}
-
-// Signal represents a D-Bus message of type Signal. The name member is given in
-// "interface.member" notation, e.g. org.freedesktop.D-Bus.NameLost.
-type Signal struct {
-	Sender string
-	Path   ObjectPath
-	Name   string
-	Body   []interface{}
-}
-
-// transport is a D-Bus transport.
-type transport interface {
-	// Read and Write raw data (for example, for the authentication protocol).
-	io.ReadWriteCloser
-
-	// Send the initial null byte used for the EXTERNAL mechanism.
-	SendNullByte() error
-
-	// Returns whether this transport supports passing Unix FDs.
-	SupportsUnixFDs() bool
-
-	// Signal the transport that Unix FD passing is enabled for this connection.
-	EnableUnixFDs()
-
-	// Read / send a message, handling things like Unix FDs.
-	ReadMessage() (*Message, error)
-	SendMessage(*Message) error
-}
-
-func getTransport(address string) (transport, error) {
-	var err error
-	var t transport
-
-	m := map[string]func(string) (transport, error){
-		"unix": newUnixTransport,
-	}
-	addresses := strings.Split(address, ";")
-	for _, v := range addresses {
-		i := strings.IndexRune(v, ':')
-		if i == -1 {
-			err = errors.New("dbus: invalid bus address (no transport)")
-			continue
-		}
-		f := m[v[:i]]
-		if f == nil {
-			err = errors.New("dbus: invalid bus address (invalid or unsupported transport)")
-		}
-		t, err = f(v[i+1:])
-		if err == nil {
-			return t, nil
-		}
-	}
-	return nil, err
-}
-
-// dereferenceAll returns a slice that, assuming that vs is a slice of pointers
-// of arbitrary types, containes the values that are obtained from dereferencing
-// all elements in vs.
-func dereferenceAll(vs []interface{}) []interface{} {
-	for i := range vs {
-		v := reflect.ValueOf(vs[i])
-		v = v.Elem()
-		vs[i] = v.Interface()
-	}
-	return vs
-}
-
-// getKey gets a key from a the list of keys. Returns "" on error / not found...
-func getKey(s, key string) string {
-	i := strings.Index(s, key)
-	if i == -1 {
-		return ""
-	}
-	if i+len(key)+1 >= len(s) || s[i+len(key)] != '=' {
-		return ""
-	}
-	j := strings.Index(s, ",")
-	if j == -1 {
-		j = len(s)
-	}
-	return s[i+len(key)+1 : j]
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
deleted file mode 100644
index b67bb1b81d..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_darwin.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"os/exec"
-)
-
-func sessionBusPlatform() (*Conn, error) {
-	cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET")
-	b, err := cmd.CombinedOutput()
-
-	if err != nil {
-		return nil, err
-	}
-
-	if len(b) == 0 {
-		return nil, errors.New("dbus: couldn't determine address of session bus")
-	}
-
-	return Dial("unix:path=" + string(b[:len(b)-1]))
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
deleted file mode 100644
index f74b8758d4..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_other.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build !darwin
-
-package dbus
-
-import (
-	"bytes"
-	"errors"
-	"os/exec"
-)
-
-func sessionBusPlatform() (*Conn, error) {
-	cmd := exec.Command("dbus-launch")
-	b, err := cmd.CombinedOutput()
-
-	if err != nil {
-		return nil, err
-	}
-
-	i := bytes.IndexByte(b, '=')
-	j := bytes.IndexByte(b, '\n')
-
-	if i == -1 || j == -1 {
-		return nil, errors.New("dbus: couldn't determine address of session bus")
-	}
-
-	return Dial(string(b[i+1 : j]))
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
deleted file mode 100644
index a2b14e8cc4..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/conn_test.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package dbus
-
-import "testing"
-
-func TestSessionBus(t *testing.T) {
-	_, err := SessionBus()
-	if err != nil {
-		t.Error(err)
-	}
-}
-
-func TestSystemBus(t *testing.T) {
-	_, err := SystemBus()
-	if err != nil {
-		t.Error(err)
-	}
-}
-
-func TestSend(t *testing.T) {
-	bus, err := SessionBus()
-	if err != nil {
-		t.Error(err)
-	}
-	ch := make(chan *Call, 1)
-	msg := &Message{
-		Type:  TypeMethodCall,
-		Flags: 0,
-		Headers: map[HeaderField]Variant{
-			FieldDestination: MakeVariant(bus.Names()[0]),
-			FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
-			FieldInterface:   MakeVariant("org.freedesktop.DBus.Peer"),
-			FieldMember:      MakeVariant("Ping"),
-		},
-	}
-	call := bus.Send(msg, ch)
-	<-ch
-	if call.Err != nil {
-		t.Error(call.Err)
-	}
-}
-
-type server struct{}
-
-func (server) Double(i int64) (int64, *Error) {
-	return 2 * i, nil
-}
-
-func BenchmarkCall(b *testing.B) {
-	b.StopTimer()
-	var s string
-	bus, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-	name := bus.Names()[0]
-	obj := bus.BusObject()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		err := obj.Call("org.freedesktop.DBus.GetNameOwner", 0, name).Store(&s)
-		if err != nil {
-			b.Fatal(err)
-		}
-		if s != name {
-			b.Errorf("got %s, wanted %s", s, name)
-		}
-	}
-}
-
-func BenchmarkCallAsync(b *testing.B) {
-	b.StopTimer()
-	bus, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-	name := bus.Names()[0]
-	obj := bus.BusObject()
-	c := make(chan *Call, 50)
-	done := make(chan struct{})
-	go func() {
-		for i := 0; i < b.N; i++ {
-			v := <-c
-			if v.Err != nil {
-				b.Error(v.Err)
-			}
-			s := v.Body[0].(string)
-			if s != name {
-				b.Errorf("got %s, wanted %s", s, name)
-			}
-		}
-		close(done)
-	}()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		obj.Go("org.freedesktop.DBus.GetNameOwner", 0, c, name)
-	}
-	<-done
-}
-
-func BenchmarkServe(b *testing.B) {
-	b.StopTimer()
-	srv, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-	cli, err := SessionBusPrivate()
-	if err != nil {
-		b.Fatal(err)
-	}
-	if err = cli.Auth(nil); err != nil {
-		b.Fatal(err)
-	}
-	if err = cli.Hello(); err != nil {
-		b.Fatal(err)
-	}
-	benchmarkServe(b, srv, cli)
-}
-
-func BenchmarkServeAsync(b *testing.B) {
-	b.StopTimer()
-	srv, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-	cli, err := SessionBusPrivate()
-	if err != nil {
-		b.Fatal(err)
-	}
-	if err = cli.Auth(nil); err != nil {
-		b.Fatal(err)
-	}
-	if err = cli.Hello(); err != nil {
-		b.Fatal(err)
-	}
-	benchmarkServeAsync(b, srv, cli)
-}
-
-func BenchmarkServeSameConn(b *testing.B) {
-	b.StopTimer()
-	bus, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-
-	benchmarkServe(b, bus, bus)
-}
-
-func BenchmarkServeSameConnAsync(b *testing.B) {
-	b.StopTimer()
-	bus, err := SessionBus()
-	if err != nil {
-		b.Fatal(err)
-	}
-
-	benchmarkServeAsync(b, bus, bus)
-}
-
-func benchmarkServe(b *testing.B, srv, cli *Conn) {
-	var r int64
-	var err error
-	dest := srv.Names()[0]
-	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
-	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		err = obj.Call("org.guelfey.DBus.Test.Double", 0, int64(i)).Store(&r)
-		if err != nil {
-			b.Fatal(err)
-		}
-		if r != 2*int64(i) {
-			b.Errorf("got %d, wanted %d", r, 2*int64(i))
-		}
-	}
-}
-
-func benchmarkServeAsync(b *testing.B, srv, cli *Conn) {
-	dest := srv.Names()[0]
-	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
-	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
-	c := make(chan *Call, 50)
-	done := make(chan struct{})
-	go func() {
-		for i := 0; i < b.N; i++ {
-			v := <-c
-			if v.Err != nil {
-				b.Fatal(v.Err)
-			}
-			i, r := v.Args[0].(int64), v.Body[0].(int64)
-			if 2*i != r {
-				b.Errorf("got %d, wanted %d", r, 2*i)
-			}
-		}
-		close(done)
-	}()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		obj.Go("org.guelfey.DBus.Test.Double", 0, c, int64(i))
-	}
-	<-done
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
deleted file mode 100644
index 2ce68735cd..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/dbus.go
+++ /dev/null
@@ -1,258 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"reflect"
-	"strings"
-)
-
-var (
-	byteType        = reflect.TypeOf(byte(0))
-	boolType        = reflect.TypeOf(false)
-	uint8Type       = reflect.TypeOf(uint8(0))
-	int16Type       = reflect.TypeOf(int16(0))
-	uint16Type      = reflect.TypeOf(uint16(0))
-	int32Type       = reflect.TypeOf(int32(0))
-	uint32Type      = reflect.TypeOf(uint32(0))
-	int64Type       = reflect.TypeOf(int64(0))
-	uint64Type      = reflect.TypeOf(uint64(0))
-	float64Type     = reflect.TypeOf(float64(0))
-	stringType      = reflect.TypeOf("")
-	signatureType   = reflect.TypeOf(Signature{""})
-	objectPathType  = reflect.TypeOf(ObjectPath(""))
-	variantType     = reflect.TypeOf(Variant{Signature{""}, nil})
-	interfacesType  = reflect.TypeOf([]interface{}{})
-	unixFDType      = reflect.TypeOf(UnixFD(0))
-	unixFDIndexType = reflect.TypeOf(UnixFDIndex(0))
-)
-
-// An InvalidTypeError signals that a value which cannot be represented in the
-// D-Bus wire format was passed to a function.
-type InvalidTypeError struct {
-	Type reflect.Type
-}
-
-func (e InvalidTypeError) Error() string {
-	return "dbus: invalid type " + e.Type.String()
-}
-
-// Store copies the values contained in src to dest, which must be a slice of
-// pointers. It converts slices of interfaces from src to corresponding structs
-// in dest. An error is returned if the lengths of src and dest or the types of
-// their elements don't match.
-func Store(src []interface{}, dest ...interface{}) error {
-	if len(src) != len(dest) {
-		return errors.New("dbus.Store: length mismatch")
-	}
-
-	for i := range src {
-		if err := store(src[i], dest[i]); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func store(src, dest interface{}) error {
-	if reflect.TypeOf(dest).Elem() == reflect.TypeOf(src) {
-		reflect.ValueOf(dest).Elem().Set(reflect.ValueOf(src))
-		return nil
-	} else if hasStruct(dest) {
-		rv := reflect.ValueOf(dest).Elem()
-		switch rv.Kind() {
-		case reflect.Struct:
-			vs, ok := src.([]interface{})
-			if !ok {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			t := rv.Type()
-			ndest := make([]interface{}, 0, rv.NumField())
-			for i := 0; i < rv.NumField(); i++ {
-				field := t.Field(i)
-				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
-					ndest = append(ndest, rv.Field(i).Addr().Interface())
-				}
-			}
-			if len(vs) != len(ndest) {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			err := Store(vs, ndest...)
-			if err != nil {
-				return errors.New("dbus.Store: type mismatch")
-			}
-		case reflect.Slice:
-			sv := reflect.ValueOf(src)
-			if sv.Kind() != reflect.Slice {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			rv.Set(reflect.MakeSlice(rv.Type(), sv.Len(), sv.Len()))
-			for i := 0; i < sv.Len(); i++ {
-				if err := store(sv.Index(i).Interface(), rv.Index(i).Addr().Interface()); err != nil {
-					return err
-				}
-			}
-		case reflect.Map:
-			sv := reflect.ValueOf(src)
-			if sv.Kind() != reflect.Map {
-				return errors.New("dbus.Store: type mismatch")
-			}
-			keys := sv.MapKeys()
-			rv.Set(reflect.MakeMap(sv.Type()))
-			for _, key := range keys {
-				v := reflect.New(sv.Type().Elem())
-				if err := store(v, sv.MapIndex(key).Interface()); err != nil {
-					return err
-				}
-				rv.SetMapIndex(key, v.Elem())
-			}
-		default:
-			return errors.New("dbus.Store: type mismatch")
-		}
-		return nil
-	} else {
-		return errors.New("dbus.Store: type mismatch")
-	}
-}
-
-func hasStruct(v interface{}) bool {
-	t := reflect.TypeOf(v)
-	for {
-		switch t.Kind() {
-		case reflect.Struct:
-			return true
-		case reflect.Slice, reflect.Ptr, reflect.Map:
-			t = t.Elem()
-		default:
-			return false
-		}
-	}
-}
-
-// An ObjectPath is an object path as defined by the D-Bus spec.
-type ObjectPath string
-
-// IsValid returns whether the object path is valid.
-func (o ObjectPath) IsValid() bool {
-	s := string(o)
-	if len(s) == 0 {
-		return false
-	}
-	if s[0] != '/' {
-		return false
-	}
-	if s[len(s)-1] == '/' && len(s) != 1 {
-		return false
-	}
-	// probably not used, but technically possible
-	if s == "/" {
-		return true
-	}
-	split := strings.Split(s[1:], "/")
-	for _, v := range split {
-		if len(v) == 0 {
-			return false
-		}
-		for _, c := range v {
-			if !isMemberChar(c) {
-				return false
-			}
-		}
-	}
-	return true
-}
-
-// A UnixFD is a Unix file descriptor sent over the wire. See the package-level
-// documentation for more information about Unix file descriptor passsing.
-type UnixFD int32
-
-// A UnixFDIndex is the representation of a Unix file descriptor in a message.
-type UnixFDIndex uint32
-
-// alignment returns the alignment of values of type t.
-func alignment(t reflect.Type) int {
-	switch t {
-	case variantType:
-		return 1
-	case objectPathType:
-		return 4
-	case signatureType:
-		return 1
-	case interfacesType: // sometimes used for structs
-		return 8
-	}
-	switch t.Kind() {
-	case reflect.Uint8:
-		return 1
-	case reflect.Uint16, reflect.Int16:
-		return 2
-	case reflect.Uint32, reflect.Int32, reflect.String, reflect.Array, reflect.Slice, reflect.Map:
-		return 4
-	case reflect.Uint64, reflect.Int64, reflect.Float64, reflect.Struct:
-		return 8
-	case reflect.Ptr:
-		return alignment(t.Elem())
-	}
-	return 1
-}
-
-// isKeyType returns whether t is a valid type for a D-Bus dict.
-func isKeyType(t reflect.Type) bool {
-	switch t.Kind() {
-	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
-		reflect.Int16, reflect.Int32, reflect.Int64, reflect.Float64,
-		reflect.String:
-
-		return true
-	}
-	return false
-}
-
-// isValidInterface returns whether s is a valid name for an interface.
-func isValidInterface(s string) bool {
-	if len(s) == 0 || len(s) > 255 || s[0] == '.' {
-		return false
-	}
-	elem := strings.Split(s, ".")
-	if len(elem) < 2 {
-		return false
-	}
-	for _, v := range elem {
-		if len(v) == 0 {
-			return false
-		}
-		if v[0] >= '0' && v[0] <= '9' {
-			return false
-		}
-		for _, c := range v {
-			if !isMemberChar(c) {
-				return false
-			}
-		}
-	}
-	return true
-}
-
-// isValidMember returns whether s is a valid name for a member.
-func isValidMember(s string) bool {
-	if len(s) == 0 || len(s) > 255 {
-		return false
-	}
-	i := strings.Index(s, ".")
-	if i != -1 {
-		return false
-	}
-	if s[0] >= '0' && s[0] <= '9' {
-		return false
-	}
-	for _, c := range s {
-		if !isMemberChar(c) {
-			return false
-		}
-	}
-	return true
-}
-
-func isMemberChar(c rune) bool {
-	return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
-		(c >= 'a' && c <= 'z') || c == '_'
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
deleted file mode 100644
index ef50dcab98..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/decoder.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package dbus
-
-import (
-	"encoding/binary"
-	"io"
-	"reflect"
-)
-
-type decoder struct {
-	in    io.Reader
-	order binary.ByteOrder
-	pos   int
-}
-
-// newDecoder returns a new decoder that reads values from in. The input is
-// expected to be in the given byte order.
-func newDecoder(in io.Reader, order binary.ByteOrder) *decoder {
-	dec := new(decoder)
-	dec.in = in
-	dec.order = order
-	return dec
-}
-
-// align aligns the input to the given boundary and panics on error.
-func (dec *decoder) align(n int) {
-	if dec.pos%n != 0 {
-		newpos := (dec.pos + n - 1) & ^(n - 1)
-		empty := make([]byte, newpos-dec.pos)
-		if _, err := io.ReadFull(dec.in, empty); err != nil {
-			panic(err)
-		}
-		dec.pos = newpos
-	}
-}
-
-// Calls binary.Read(dec.in, dec.order, v) and panics on read errors.
-func (dec *decoder) binread(v interface{}) {
-	if err := binary.Read(dec.in, dec.order, v); err != nil {
-		panic(err)
-	}
-}
-
-func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) {
-	defer func() {
-		var ok bool
-		v := recover()
-		if err, ok = v.(error); ok {
-			if err == io.EOF || err == io.ErrUnexpectedEOF {
-				err = FormatError("unexpected EOF")
-			}
-		}
-	}()
-	vs = make([]interface{}, 0)
-	s := sig.str
-	for s != "" {
-		err, rem := validSingle(s, 0)
-		if err != nil {
-			return nil, err
-		}
-		v := dec.decode(s[:len(s)-len(rem)], 0)
-		vs = append(vs, v)
-		s = rem
-	}
-	return vs, nil
-}
-
-func (dec *decoder) decode(s string, depth int) interface{} {
-	dec.align(alignment(typeFor(s)))
-	switch s[0] {
-	case 'y':
-		var b [1]byte
-		if _, err := dec.in.Read(b[:]); err != nil {
-			panic(err)
-		}
-		dec.pos++
-		return b[0]
-	case 'b':
-		i := dec.decode("u", depth).(uint32)
-		switch {
-		case i == 0:
-			return false
-		case i == 1:
-			return true
-		default:
-			panic(FormatError("invalid value for boolean"))
-		}
-	case 'n':
-		var i int16
-		dec.binread(&i)
-		dec.pos += 2
-		return i
-	case 'i':
-		var i int32
-		dec.binread(&i)
-		dec.pos += 4
-		return i
-	case 'x':
-		var i int64
-		dec.binread(&i)
-		dec.pos += 8
-		return i
-	case 'q':
-		var i uint16
-		dec.binread(&i)
-		dec.pos += 2
-		return i
-	case 'u':
-		var i uint32
-		dec.binread(&i)
-		dec.pos += 4
-		return i
-	case 't':
-		var i uint64
-		dec.binread(&i)
-		dec.pos += 8
-		return i
-	case 'd':
-		var f float64
-		dec.binread(&f)
-		dec.pos += 8
-		return f
-	case 's':
-		length := dec.decode("u", depth).(uint32)
-		b := make([]byte, int(length)+1)
-		if _, err := io.ReadFull(dec.in, b); err != nil {
-			panic(err)
-		}
-		dec.pos += int(length) + 1
-		return string(b[:len(b)-1])
-	case 'o':
-		return ObjectPath(dec.decode("s", depth).(string))
-	case 'g':
-		length := dec.decode("y", depth).(byte)
-		b := make([]byte, int(length)+1)
-		if _, err := io.ReadFull(dec.in, b); err != nil {
-			panic(err)
-		}
-		dec.pos += int(length) + 1
-		sig, err := ParseSignature(string(b[:len(b)-1]))
-		if err != nil {
-			panic(err)
-		}
-		return sig
-	case 'v':
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		var variant Variant
-		sig := dec.decode("g", depth).(Signature)
-		if len(sig.str) == 0 {
-			panic(FormatError("variant signature is empty"))
-		}
-		err, rem := validSingle(sig.str, 0)
-		if err != nil {
-			panic(err)
-		}
-		if rem != "" {
-			panic(FormatError("variant signature has multiple types"))
-		}
-		variant.sig = sig
-		variant.value = dec.decode(sig.str, depth+1)
-		return variant
-	case 'h':
-		return UnixFDIndex(dec.decode("u", depth).(uint32))
-	case 'a':
-		if len(s) > 1 && s[1] == '{' {
-			ksig := s[2:3]
-			vsig := s[3 : len(s)-1]
-			v := reflect.MakeMap(reflect.MapOf(typeFor(ksig), typeFor(vsig)))
-			if depth >= 63 {
-				panic(FormatError("input exceeds container depth limit"))
-			}
-			length := dec.decode("u", depth).(uint32)
-			// Even for empty maps, the correct padding must be included
-			dec.align(8)
-			spos := dec.pos
-			for dec.pos < spos+int(length) {
-				dec.align(8)
-				if !isKeyType(v.Type().Key()) {
-					panic(InvalidTypeError{v.Type()})
-				}
-				kv := dec.decode(ksig, depth+2)
-				vv := dec.decode(vsig, depth+2)
-				v.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
-			}
-			return v.Interface()
-		}
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		length := dec.decode("u", depth).(uint32)
-		v := reflect.MakeSlice(reflect.SliceOf(typeFor(s[1:])), 0, int(length))
-		// Even for empty arrays, the correct padding must be included
-		dec.align(alignment(typeFor(s[1:])))
-		spos := dec.pos
-		for dec.pos < spos+int(length) {
-			ev := dec.decode(s[1:], depth+1)
-			v = reflect.Append(v, reflect.ValueOf(ev))
-		}
-		return v.Interface()
-	case '(':
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		dec.align(8)
-		v := make([]interface{}, 0)
-		s = s[1 : len(s)-1]
-		for s != "" {
-			err, rem := validSingle(s, 0)
-			if err != nil {
-				panic(err)
-			}
-			ev := dec.decode(s[:len(s)-len(rem)], depth+1)
-			v = append(v, ev)
-			s = rem
-		}
-		return v
-	default:
-		panic(SignatureError{Sig: s})
-	}
-}
-
-// A FormatError is an error in the wire format.
-type FormatError string
-
-func (e FormatError) Error() string {
-	return "dbus: wire format error: " + string(e)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
deleted file mode 100644
index deff554a38..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/doc.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-Package dbus implements bindings to the D-Bus message bus system.
-
-To use the message bus API, you first need to connect to a bus (usually the
-session or system bus). The acquired connection then can be used to call methods
-on remote objects and emit or receive signals. Using the Export method, you can
-arrange D-Bus methods calls to be directly translated to method calls on a Go
-value.
-
-Conversion Rules
-
-For outgoing messages, Go types are automatically converted to the
-corresponding D-Bus types. The following types are directly encoded as their
-respective D-Bus equivalents:
-
-     Go type     | D-Bus type
-     ------------+-----------
-     byte        | BYTE
-     bool        | BOOLEAN
-     int16       | INT16
-     uint16      | UINT16
-     int32       | INT32
-     uint32      | UINT32
-     int64       | INT64
-     uint64      | UINT64
-     float64     | DOUBLE
-     string      | STRING
-     ObjectPath  | OBJECT_PATH
-     Signature   | SIGNATURE
-     Variant     | VARIANT
-     UnixFDIndex | UNIX_FD
-
-Slices and arrays encode as ARRAYs of their element type.
-
-Maps encode as DICTs, provided that their key type can be used as a key for
-a DICT.
-
-Structs other than Variant and Signature encode as a STRUCT containing their
-exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
-be skipped.
-
-Pointers encode as the value they're pointed to.
-
-Trying to encode any other type or a slice, map or struct containing an
-unsupported type will result in an InvalidTypeError.
-
-For incoming messages, the inverse of these rules are used, with the exception
-of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces
-containing the struct fields in the correct order. The Store function can be
-used to convert such values to Go structs.
-
-Unix FD passing
-
-Handling Unix file descriptors deserves special mention. To use them, you should
-first check that they are supported on a connection by calling SupportsUnixFDs.
-If it returns true, all method of Connection will translate messages containing
-UnixFD's to messages that are accompanied by the given file descriptors with the
-UnixFD values being substituted by the correct indices. Similarily, the indices
-of incoming messages are automatically resolved. It shouldn't be necessary to use
-UnixFDIndex.
-
-*/
-package dbus
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
deleted file mode 100644
index f9d2f05716..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/encoder.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"encoding/binary"
-	"io"
-	"reflect"
-)
-
-// An encoder encodes values to the D-Bus wire format.
-type encoder struct {
-	out   io.Writer
-	order binary.ByteOrder
-	pos   int
-}
-
-// NewEncoder returns a new encoder that writes to out in the given byte order.
-func newEncoder(out io.Writer, order binary.ByteOrder) *encoder {
-	enc := new(encoder)
-	enc.out = out
-	enc.order = order
-	return enc
-}
-
-// Aligns the next output to be on a multiple of n. Panics on write errors.
-func (enc *encoder) align(n int) {
-	if enc.pos%n != 0 {
-		newpos := (enc.pos + n - 1) & ^(n - 1)
-		empty := make([]byte, newpos-enc.pos)
-		if _, err := enc.out.Write(empty); err != nil {
-			panic(err)
-		}
-		enc.pos = newpos
-	}
-}
-
-// Calls binary.Write(enc.out, enc.order, v) and panics on write errors.
-func (enc *encoder) binwrite(v interface{}) {
-	if err := binary.Write(enc.out, enc.order, v); err != nil {
-		panic(err)
-	}
-}
-
-// Encode encodes the given values to the underyling reader. All written values
-// are aligned properly as required by the D-Bus spec.
-func (enc *encoder) Encode(vs ...interface{}) (err error) {
-	defer func() {
-		err, _ = recover().(error)
-	}()
-	for _, v := range vs {
-		enc.encode(reflect.ValueOf(v), 0)
-	}
-	return nil
-}
-
-// encode encodes the given value to the writer and panics on error. depth holds
-// the depth of the container nesting.
-func (enc *encoder) encode(v reflect.Value, depth int) {
-	enc.align(alignment(v.Type()))
-	switch v.Kind() {
-	case reflect.Uint8:
-		var b [1]byte
-		b[0] = byte(v.Uint())
-		if _, err := enc.out.Write(b[:]); err != nil {
-			panic(err)
-		}
-		enc.pos++
-	case reflect.Bool:
-		if v.Bool() {
-			enc.encode(reflect.ValueOf(uint32(1)), depth)
-		} else {
-			enc.encode(reflect.ValueOf(uint32(0)), depth)
-		}
-	case reflect.Int16:
-		enc.binwrite(int16(v.Int()))
-		enc.pos += 2
-	case reflect.Uint16:
-		enc.binwrite(uint16(v.Uint()))
-		enc.pos += 2
-	case reflect.Int32:
-		enc.binwrite(int32(v.Int()))
-		enc.pos += 4
-	case reflect.Uint32:
-		enc.binwrite(uint32(v.Uint()))
-		enc.pos += 4
-	case reflect.Int64:
-		enc.binwrite(v.Int())
-		enc.pos += 8
-	case reflect.Uint64:
-		enc.binwrite(v.Uint())
-		enc.pos += 8
-	case reflect.Float64:
-		enc.binwrite(v.Float())
-		enc.pos += 8
-	case reflect.String:
-		enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth)
-		b := make([]byte, v.Len()+1)
-		copy(b, v.String())
-		b[len(b)-1] = 0
-		n, err := enc.out.Write(b)
-		if err != nil {
-			panic(err)
-		}
-		enc.pos += n
-	case reflect.Ptr:
-		enc.encode(v.Elem(), depth)
-	case reflect.Slice, reflect.Array:
-		if depth >= 64 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		var buf bytes.Buffer
-		bufenc := newEncoder(&buf, enc.order)
-
-		for i := 0; i < v.Len(); i++ {
-			bufenc.encode(v.Index(i), depth+1)
-		}
-		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
-		length := buf.Len()
-		enc.align(alignment(v.Type().Elem()))
-		if _, err := buf.WriteTo(enc.out); err != nil {
-			panic(err)
-		}
-		enc.pos += length
-	case reflect.Struct:
-		if depth >= 64 && v.Type() != signatureType {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		switch t := v.Type(); t {
-		case signatureType:
-			str := v.Field(0)
-			enc.encode(reflect.ValueOf(byte(str.Len())), depth+1)
-			b := make([]byte, str.Len()+1)
-			copy(b, str.String())
-			b[len(b)-1] = 0
-			n, err := enc.out.Write(b)
-			if err != nil {
-				panic(err)
-			}
-			enc.pos += n
-		case variantType:
-			variant := v.Interface().(Variant)
-			enc.encode(reflect.ValueOf(variant.sig), depth+1)
-			enc.encode(reflect.ValueOf(variant.value), depth+1)
-		default:
-			for i := 0; i < v.Type().NumField(); i++ {
-				field := t.Field(i)
-				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
-					enc.encode(v.Field(i), depth+1)
-				}
-			}
-		}
-	case reflect.Map:
-		// Maps are arrays of structures, so they actually increase the depth by
-		// 2.
-		if depth >= 63 {
-			panic(FormatError("input exceeds container depth limit"))
-		}
-		if !isKeyType(v.Type().Key()) {
-			panic(InvalidTypeError{v.Type()})
-		}
-		keys := v.MapKeys()
-		var buf bytes.Buffer
-		bufenc := newEncoder(&buf, enc.order)
-		for _, k := range keys {
-			bufenc.align(8)
-			bufenc.encode(k, depth+2)
-			bufenc.encode(v.MapIndex(k), depth+2)
-		}
-		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
-		length := buf.Len()
-		enc.align(8)
-		if _, err := buf.WriteTo(enc.out); err != nil {
-			panic(err)
-		}
-		enc.pos += length
-	default:
-		panic(InvalidTypeError{v.Type()})
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
deleted file mode 100644
index 0218ac5598..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/examples_test.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package dbus
-
-import "fmt"
-
-func ExampleConn_Emit() {
-	conn, err := SessionBus()
-	if err != nil {
-		panic(err)
-	}
-
-	conn.Emit("/foo/bar", "foo.bar.Baz", uint32(0xDAEDBEEF))
-}
-
-func ExampleObject_Call() {
-	var list []string
-
-	conn, err := SessionBus()
-	if err != nil {
-		panic(err)
-	}
-
-	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&list)
-	if err != nil {
-		panic(err)
-	}
-	for _, v := range list {
-		fmt.Println(v)
-	}
-}
-
-func ExampleObject_Go() {
-	conn, err := SessionBus()
-	if err != nil {
-		panic(err)
-	}
-
-	ch := make(chan *Call, 10)
-	conn.BusObject().Go("org.freedesktop.DBus.ListActivatableNames", 0, ch)
-	select {
-	case call := <-ch:
-		if call.Err != nil {
-			panic(err)
-		}
-		list := call.Body[0].([]string)
-		for _, v := range list {
-			fmt.Println(v)
-		}
-		// put some other cases here
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
deleted file mode 100644
index 1dd1591528..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/export.go
+++ /dev/null
@@ -1,302 +0,0 @@
-package dbus
-
-import (
-	"errors"
-	"reflect"
-	"strings"
-	"unicode"
-)
-
-var (
-	errmsgInvalidArg = Error{
-		"org.freedesktop.DBus.Error.InvalidArgs",
-		[]interface{}{"Invalid type / number of args"},
-	}
-	errmsgNoObject = Error{
-		"org.freedesktop.DBus.Error.NoSuchObject",
-		[]interface{}{"No such object"},
-	}
-	errmsgUnknownMethod = Error{
-		"org.freedesktop.DBus.Error.UnknownMethod",
-		[]interface{}{"Unknown / invalid method"},
-	}
-)
-
-// Sender is a type which can be used in exported methods to receive the message
-// sender.
-type Sender string
-
-func exportedMethod(v interface{}, name string) reflect.Value {
-	if v == nil {
-		return reflect.Value{}
-	}
-	m := reflect.ValueOf(v).MethodByName(name)
-	if !m.IsValid() {
-		return reflect.Value{}
-	}
-	t := m.Type()
-	if t.NumOut() == 0 ||
-		t.Out(t.NumOut()-1) != reflect.TypeOf(&errmsgInvalidArg) {
-
-		return reflect.Value{}
-	}
-	return m
-}
-
-// handleCall handles the given method call (i.e. looks if it's one of the
-// pre-implemented ones and searches for a corresponding handler if not).
-func (conn *Conn) handleCall(msg *Message) {
-	name := msg.Headers[FieldMember].value.(string)
-	path := msg.Headers[FieldPath].value.(ObjectPath)
-	ifaceName, hasIface := msg.Headers[FieldInterface].value.(string)
-	sender, hasSender := msg.Headers[FieldSender].value.(string)
-	serial := msg.serial
-	if ifaceName == "org.freedesktop.DBus.Peer" {
-		switch name {
-		case "Ping":
-			conn.sendReply(sender, serial)
-		case "GetMachineId":
-			conn.sendReply(sender, serial, conn.uuid)
-		default:
-			conn.sendError(errmsgUnknownMethod, sender, serial)
-		}
-		return
-	}
-	if len(name) == 0 || unicode.IsLower([]rune(name)[0]) {
-		conn.sendError(errmsgUnknownMethod, sender, serial)
-	}
-	var m reflect.Value
-	if hasIface {
-		conn.handlersLck.RLock()
-		obj, ok := conn.handlers[path]
-		if !ok {
-			conn.sendError(errmsgNoObject, sender, serial)
-			conn.handlersLck.RUnlock()
-			return
-		}
-		iface := obj[ifaceName]
-		conn.handlersLck.RUnlock()
-		m = exportedMethod(iface, name)
-	} else {
-		conn.handlersLck.RLock()
-		if _, ok := conn.handlers[path]; !ok {
-			conn.sendError(errmsgNoObject, sender, serial)
-			conn.handlersLck.RUnlock()
-			return
-		}
-		for _, v := range conn.handlers[path] {
-			m = exportedMethod(v, name)
-			if m.IsValid() {
-				break
-			}
-		}
-		conn.handlersLck.RUnlock()
-	}
-	if !m.IsValid() {
-		conn.sendError(errmsgUnknownMethod, sender, serial)
-		return
-	}
-	t := m.Type()
-	vs := msg.Body
-	pointers := make([]interface{}, t.NumIn())
-	decode := make([]interface{}, 0, len(vs))
-	for i := 0; i < t.NumIn(); i++ {
-		tp := t.In(i)
-		val := reflect.New(tp)
-		pointers[i] = val.Interface()
-		if tp == reflect.TypeOf((*Sender)(nil)).Elem() {
-			val.Elem().SetString(sender)
-		} else {
-			decode = append(decode, pointers[i])
-		}
-	}
-	if len(decode) != len(vs) {
-		conn.sendError(errmsgInvalidArg, sender, serial)
-		return
-	}
-	if err := Store(vs, decode...); err != nil {
-		conn.sendError(errmsgInvalidArg, sender, serial)
-		return
-	}
-	params := make([]reflect.Value, len(pointers))
-	for i := 0; i < len(pointers); i++ {
-		params[i] = reflect.ValueOf(pointers[i]).Elem()
-	}
-	ret := m.Call(params)
-	if em := ret[t.NumOut()-1].Interface().(*Error); em != nil {
-		conn.sendError(*em, sender, serial)
-		return
-	}
-	if msg.Flags&FlagNoReplyExpected == 0 {
-		reply := new(Message)
-		reply.Type = TypeMethodReply
-		reply.serial = conn.getSerial()
-		reply.Headers = make(map[HeaderField]Variant)
-		if hasSender {
-			reply.Headers[FieldDestination] = msg.Headers[FieldSender]
-		}
-		reply.Headers[FieldReplySerial] = MakeVariant(msg.serial)
-		reply.Body = make([]interface{}, len(ret)-1)
-		for i := 0; i < len(ret)-1; i++ {
-			reply.Body[i] = ret[i].Interface()
-		}
-		if len(ret) != 1 {
-			reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
-		}
-		conn.outLck.RLock()
-		if !conn.closed {
-			conn.out <- reply
-		}
-		conn.outLck.RUnlock()
-	}
-}
-
-// Emit emits the given signal on the message bus. The name parameter must be
-// formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
-func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
-	if !path.IsValid() {
-		return errors.New("dbus: invalid object path")
-	}
-	i := strings.LastIndex(name, ".")
-	if i == -1 {
-		return errors.New("dbus: invalid method name")
-	}
-	iface := name[:i]
-	member := name[i+1:]
-	if !isValidMember(member) {
-		return errors.New("dbus: invalid method name")
-	}
-	if !isValidInterface(iface) {
-		return errors.New("dbus: invalid interface name")
-	}
-	msg := new(Message)
-	msg.Type = TypeSignal
-	msg.serial = conn.getSerial()
-	msg.Headers = make(map[HeaderField]Variant)
-	msg.Headers[FieldInterface] = MakeVariant(iface)
-	msg.Headers[FieldMember] = MakeVariant(member)
-	msg.Headers[FieldPath] = MakeVariant(path)
-	msg.Body = values
-	if len(values) > 0 {
-		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
-	}
-	conn.outLck.RLock()
-	defer conn.outLck.RUnlock()
-	if conn.closed {
-		return ErrClosed
-	}
-	conn.out <- msg
-	return nil
-}
-
-// Export registers the given value to be exported as an object on the
-// message bus.
-//
-// If a method call on the given path and interface is received, an exported
-// method with the same name is called with v as the receiver if the
-// parameters match and the last return value is of type *Error. If this
-// *Error is not nil, it is sent back to the caller as an error.
-// Otherwise, a method reply is sent with the other return values as its body.
-//
-// Any parameters with the special type Sender are set to the sender of the
-// dbus message when the method is called. Parameters of this type do not
-// contribute to the dbus signature of the method (i.e. the method is exposed
-// as if the parameters of type Sender were not there).
-//
-// Every method call is executed in a new goroutine, so the method may be called
-// in multiple goroutines at once.
-//
-// Method calls on the interface org.freedesktop.DBus.Peer will be automatically
-// handled for every object.
-//
-// Passing nil as the first parameter will cause conn to cease handling calls on
-// the given combination of path and interface.
-//
-// Export returns an error if path is not a valid path name.
-func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error {
-	if !path.IsValid() {
-		return errors.New("dbus: invalid path name")
-	}
-	conn.handlersLck.Lock()
-	if v == nil {
-		if _, ok := conn.handlers[path]; ok {
-			delete(conn.handlers[path], iface)
-			if len(conn.handlers[path]) == 0 {
-				delete(conn.handlers, path)
-			}
-		}
-		return nil
-	}
-	if _, ok := conn.handlers[path]; !ok {
-		conn.handlers[path] = make(map[string]interface{})
-	}
-	conn.handlers[path][iface] = v
-	conn.handlersLck.Unlock()
-	return nil
-}
-
-// ReleaseName calls org.freedesktop.DBus.ReleaseName. You should use only this
-// method to release a name (see below).
-func (conn *Conn) ReleaseName(name string) (ReleaseNameReply, error) {
-	var r uint32
-	err := conn.busObj.Call("org.freedesktop.DBus.ReleaseName", 0, name).Store(&r)
-	if err != nil {
-		return 0, err
-	}
-	if r == uint32(ReleaseNameReplyReleased) {
-		conn.namesLck.Lock()
-		for i, v := range conn.names {
-			if v == name {
-				copy(conn.names[i:], conn.names[i+1:])
-				conn.names = conn.names[:len(conn.names)-1]
-			}
-		}
-		conn.namesLck.Unlock()
-	}
-	return ReleaseNameReply(r), nil
-}
-
-// RequestName calls org.freedesktop.DBus.RequestName. You should use only this
-// method to request a name because package dbus needs to keep track of all
-// names that the connection has.
-func (conn *Conn) RequestName(name string, flags RequestNameFlags) (RequestNameReply, error) {
-	var r uint32
-	err := conn.busObj.Call("org.freedesktop.DBus.RequestName", 0, name, flags).Store(&r)
-	if err != nil {
-		return 0, err
-	}
-	if r == uint32(RequestNameReplyPrimaryOwner) {
-		conn.namesLck.Lock()
-		conn.names = append(conn.names, name)
-		conn.namesLck.Unlock()
-	}
-	return RequestNameReply(r), nil
-}
-
-// ReleaseNameReply is the reply to a ReleaseName call.
-type ReleaseNameReply uint32
-
-const (
-	ReleaseNameReplyReleased ReleaseNameReply = 1 + iota
-	ReleaseNameReplyNonExistent
-	ReleaseNameReplyNotOwner
-)
-
-// RequestNameFlags represents the possible flags for a RequestName call.
-type RequestNameFlags uint32
-
-const (
-	NameFlagAllowReplacement RequestNameFlags = 1 << iota
-	NameFlagReplaceExisting
-	NameFlagDoNotQueue
-)
-
-// RequestNameReply is the reply to a RequestName call.
-type RequestNameReply uint32
-
-const (
-	RequestNameReplyPrimaryOwner RequestNameReply = 1 + iota
-	RequestNameReplyInQueue
-	RequestNameReplyExists
-	RequestNameReplyAlreadyOwner
-)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
deleted file mode 100644
index 0b745f9313..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package dbus
-
-import (
-	"os"
-	"sync"
-)
-
-var (
-	homeDir     string
-	homeDirLock sync.Mutex
-)
-
-func getHomeDir() string {
-	homeDirLock.Lock()
-	defer homeDirLock.Unlock()
-
-	if homeDir != "" {
-		return homeDir
-	}
-
-	homeDir = os.Getenv("HOME")
-	if homeDir != "" {
-		return homeDir
-	}
-
-	homeDir = lookupHomeDir()
-	return homeDir
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
deleted file mode 100644
index 2732081e73..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build !static_build
-
-package dbus
-
-import (
-	"os/user"
-)
-
-func lookupHomeDir() string {
-	u, err := user.Current()
-	if err != nil {
-		return "/"
-	}
-	return u.HomeDir
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
deleted file mode 100644
index b9d9cb5525..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/homedir_static.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// +build static_build
-
-package dbus
-
-import (
-	"bufio"
-	"os"
-	"strconv"
-	"strings"
-)
-
-func lookupHomeDir() string {
-	myUid := os.Getuid()
-
-	f, err := os.Open("/etc/passwd")
-	if err != nil {
-		return "/"
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			break
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
-			continue
-		}
-
-		parts := strings.Split(line, ":")
-
-		if len(parts) >= 6 {
-			uid, err := strconv.Atoi(parts[2])
-			if err == nil && uid == myUid {
-				return parts[5]
-			}
-		}
-	}
-
-	// Default to / if we can't get a better value
-	return "/"
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
deleted file mode 100644
index 4aca2ea63e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/call.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package introspect
-
-import (
-	"encoding/xml"
-	"github.com/godbus/dbus"
-	"strings"
-)
-
-// Call calls org.freedesktop.Introspectable.Introspect on a remote object
-// and returns the introspection data.
-func Call(o *dbus.Object) (*Node, error) {
-	var xmldata string
-	var node Node
-
-	err := o.Call("org.freedesktop.DBus.Introspectable.Introspect", 0).Store(&xmldata)
-	if err != nil {
-		return nil, err
-	}
-	err = xml.NewDecoder(strings.NewReader(xmldata)).Decode(&node)
-	if err != nil {
-		return nil, err
-	}
-	if node.Name == "" {
-		node.Name = string(o.Path())
-	}
-	return &node, nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
deleted file mode 100644
index dafcdb8b7a..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspect.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// Package introspect provides some utilities for dealing with the DBus
-// introspection format.
-package introspect
-
-import "encoding/xml"
-
-// The introspection data for the org.freedesktop.DBus.Introspectable interface.
-var IntrospectData = Interface{
-	Name: "org.freedesktop.DBus.Introspectable",
-	Methods: []Method{
-		{
-			Name: "Introspect",
-			Args: []Arg{
-				{"out", "s", "out"},
-			},
-		},
-	},
-}
-
-// The introspection data for the org.freedesktop.DBus.Introspectable interface,
-// as a string.
-const IntrospectDataString = `
-	<interface name="org.freedesktop.DBus.Introspectable">
-		<method name="Introspect">
-			<arg name="out" direction="out" type="s"/>
-		</method>
-	</interface>
-`
-
-// Node is the root element of an introspection.
-type Node struct {
-	XMLName    xml.Name    `xml:"node"`
-	Name       string      `xml:"name,attr,omitempty"`
-	Interfaces []Interface `xml:"interface"`
-	Children   []Node      `xml:"node,omitempty"`
-}
-
-// Interface describes a DBus interface that is available on the message bus.
-type Interface struct {
-	Name        string       `xml:"name,attr"`
-	Methods     []Method     `xml:"method"`
-	Signals     []Signal     `xml:"signal"`
-	Properties  []Property   `xml:"property"`
-	Annotations []Annotation `xml:"annotation"`
-}
-
-// Method describes a Method on an Interface as retured by an introspection.
-type Method struct {
-	Name        string       `xml:"name,attr"`
-	Args        []Arg        `xml:"arg"`
-	Annotations []Annotation `xml:"annotation"`
-}
-
-// Signal describes a Signal emitted on an Interface.
-type Signal struct {
-	Name        string       `xml:"name,attr"`
-	Args        []Arg        `xml:"arg"`
-	Annotations []Annotation `xml:"annotation"`
-}
-
-// Property describes a property of an Interface.
-type Property struct {
-	Name        string       `xml:"name,attr"`
-	Type        string       `xml:"type,attr"`
-	Access      string       `xml:"access,attr"`
-	Annotations []Annotation `xml:"annotation"`
-}
-
-// Arg represents an argument of a method or a signal.
-type Arg struct {
-	Name      string `xml:"name,attr,omitempty"`
-	Type      string `xml:"type,attr"`
-	Direction string `xml:"direction,attr,omitempty"`
-}
-
-// Annotation is an annotation in the introspection format.
-type Annotation struct {
-	Name  string `xml:"name,attr"`
-	Value string `xml:"value,attr"`
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
deleted file mode 100644
index a2a965a343..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package introspect
-
-import (
-	"encoding/xml"
-	"github.com/godbus/dbus"
-	"reflect"
-)
-
-// Introspectable implements org.freedesktop.Introspectable.
-//
-// You can create it by converting the XML-formatted introspection data from a
-// string to an Introspectable or call NewIntrospectable with a Node. Then,
-// export it as org.freedesktop.Introspectable on you object.
-type Introspectable string
-
-// NewIntrospectable returns an Introspectable that returns the introspection
-// data that corresponds to the given Node. If n.Interfaces doesn't contain the
-// data for org.freedesktop.DBus.Introspectable, it is added automatically.
-func NewIntrospectable(n *Node) Introspectable {
-	found := false
-	for _, v := range n.Interfaces {
-		if v.Name == "org.freedesktop.DBus.Introspectable" {
-			found = true
-			break
-		}
-	}
-	if !found {
-		n.Interfaces = append(n.Interfaces, IntrospectData)
-	}
-	b, err := xml.Marshal(n)
-	if err != nil {
-		panic(err)
-	}
-	return Introspectable(b)
-}
-
-// Introspect implements org.freedesktop.Introspectable.Introspect.
-func (i Introspectable) Introspect() (string, *dbus.Error) {
-	return string(i), nil
-}
-
-// Methods returns the description of the methods of v. This can be used to
-// create a Node which can be passed to NewIntrospectable.
-func Methods(v interface{}) []Method {
-	t := reflect.TypeOf(v)
-	ms := make([]Method, 0, t.NumMethod())
-	for i := 0; i < t.NumMethod(); i++ {
-		if t.Method(i).PkgPath != "" {
-			continue
-		}
-		mt := t.Method(i).Type
-		if mt.NumOut() == 0 ||
-			mt.Out(mt.NumOut()-1) != reflect.TypeOf(&dbus.Error{"", nil}) {
-
-			continue
-		}
-		var m Method
-		m.Name = t.Method(i).Name
-		m.Args = make([]Arg, 0, mt.NumIn()+mt.NumOut()-2)
-		for j := 1; j < mt.NumIn(); j++ {
-			if mt.In(j) != reflect.TypeOf((*dbus.Sender)(nil)).Elem() {
-				arg := Arg{"", dbus.SignatureOfType(mt.In(j)).String(), "in"}
-				m.Args = append(m.Args, arg)
-			}
-		}
-		for j := 0; j < mt.NumOut()-1; j++ {
-			arg := Arg{"", dbus.SignatureOfType(mt.Out(j)).String(), "out"}
-			m.Args = append(m.Args, arg)
-		}
-		m.Annotations = make([]Annotation, 0)
-		ms = append(ms, m)
-	}
-	return ms
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
deleted file mode 100644
index 075d6e38ba..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/message.go
+++ /dev/null
@@ -1,346 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"encoding/binary"
-	"errors"
-	"io"
-	"reflect"
-	"strconv"
-)
-
-const protoVersion byte = 1
-
-// Flags represents the possible flags of a D-Bus message.
-type Flags byte
-
-const (
-	// FlagNoReplyExpected signals that the message is not expected to generate
-	// a reply. If this flag is set on outgoing messages, any possible reply
-	// will be discarded.
-	FlagNoReplyExpected Flags = 1 << iota
-	// FlagNoAutoStart signals that the message bus should not automatically
-	// start an application when handling this message.
-	FlagNoAutoStart
-)
-
-// Type represents the possible types of a D-Bus message.
-type Type byte
-
-const (
-	TypeMethodCall Type = 1 + iota
-	TypeMethodReply
-	TypeError
-	TypeSignal
-	typeMax
-)
-
-func (t Type) String() string {
-	switch t {
-	case TypeMethodCall:
-		return "method call"
-	case TypeMethodReply:
-		return "reply"
-	case TypeError:
-		return "error"
-	case TypeSignal:
-		return "signal"
-	}
-	return "invalid"
-}
-
-// HeaderField represents the possible byte codes for the headers
-// of a D-Bus message.
-type HeaderField byte
-
-const (
-	FieldPath HeaderField = 1 + iota
-	FieldInterface
-	FieldMember
-	FieldErrorName
-	FieldReplySerial
-	FieldDestination
-	FieldSender
-	FieldSignature
-	FieldUnixFDs
-	fieldMax
-)
-
-// An InvalidMessageError describes the reason why a D-Bus message is regarded as
-// invalid.
-type InvalidMessageError string
-
-func (e InvalidMessageError) Error() string {
-	return "dbus: invalid message: " + string(e)
-}
-
-// fieldType are the types of the various header fields.
-var fieldTypes = [fieldMax]reflect.Type{
-	FieldPath:        objectPathType,
-	FieldInterface:   stringType,
-	FieldMember:      stringType,
-	FieldErrorName:   stringType,
-	FieldReplySerial: uint32Type,
-	FieldDestination: stringType,
-	FieldSender:      stringType,
-	FieldSignature:   signatureType,
-	FieldUnixFDs:     uint32Type,
-}
-
-// requiredFields lists the header fields that are required by the different
-// message types.
-var requiredFields = [typeMax][]HeaderField{
-	TypeMethodCall:  {FieldPath, FieldMember},
-	TypeMethodReply: {FieldReplySerial},
-	TypeError:       {FieldErrorName, FieldReplySerial},
-	TypeSignal:      {FieldPath, FieldInterface, FieldMember},
-}
-
-// Message represents a single D-Bus message.
-type Message struct {
-	Type
-	Flags
-	Headers map[HeaderField]Variant
-	Body    []interface{}
-
-	serial uint32
-}
-
-type header struct {
-	Field byte
-	Variant
-}
-
-// DecodeMessage tries to decode a single message in the D-Bus wire format
-// from the given reader. The byte order is figured out from the first byte.
-// The possibly returned error can be an error of the underlying reader, an
-// InvalidMessageError or a FormatError.
-func DecodeMessage(rd io.Reader) (msg *Message, err error) {
-	var order binary.ByteOrder
-	var hlength, length uint32
-	var typ, flags, proto byte
-	var headers []header
-
-	b := make([]byte, 1)
-	_, err = rd.Read(b)
-	if err != nil {
-		return
-	}
-	switch b[0] {
-	case 'l':
-		order = binary.LittleEndian
-	case 'B':
-		order = binary.BigEndian
-	default:
-		return nil, InvalidMessageError("invalid byte order")
-	}
-
-	dec := newDecoder(rd, order)
-	dec.pos = 1
-
-	msg = new(Message)
-	vs, err := dec.Decode(Signature{"yyyuu"})
-	if err != nil {
-		return nil, err
-	}
-	if err = Store(vs, &typ, &flags, &proto, &length, &msg.serial); err != nil {
-		return nil, err
-	}
-	msg.Type = Type(typ)
-	msg.Flags = Flags(flags)
-
-	// get the header length separately because we need it later
-	b = make([]byte, 4)
-	_, err = io.ReadFull(rd, b)
-	if err != nil {
-		return nil, err
-	}
-	binary.Read(bytes.NewBuffer(b), order, &hlength)
-	if hlength+length+16 > 1<<27 {
-		return nil, InvalidMessageError("message is too long")
-	}
-	dec = newDecoder(io.MultiReader(bytes.NewBuffer(b), rd), order)
-	dec.pos = 12
-	vs, err = dec.Decode(Signature{"a(yv)"})
-	if err != nil {
-		return nil, err
-	}
-	if err = Store(vs, &headers); err != nil {
-		return nil, err
-	}
-
-	msg.Headers = make(map[HeaderField]Variant)
-	for _, v := range headers {
-		msg.Headers[HeaderField(v.Field)] = v.Variant
-	}
-
-	dec.align(8)
-	body := make([]byte, int(length))
-	if length != 0 {
-		_, err := io.ReadFull(rd, body)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if err = msg.IsValid(); err != nil {
-		return nil, err
-	}
-	sig, _ := msg.Headers[FieldSignature].value.(Signature)
-	if sig.str != "" {
-		buf := bytes.NewBuffer(body)
-		dec = newDecoder(buf, order)
-		vs, err := dec.Decode(sig)
-		if err != nil {
-			return nil, err
-		}
-		msg.Body = vs
-	}
-
-	return
-}
-
-// EncodeTo encodes and sends a message to the given writer. The byte order must
-// be either binary.LittleEndian or binary.BigEndian. If the message is not
-// valid or an error occurs when writing, an error is returned.
-func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error {
-	if err := msg.IsValid(); err != nil {
-		return err
-	}
-	var vs [7]interface{}
-	switch order {
-	case binary.LittleEndian:
-		vs[0] = byte('l')
-	case binary.BigEndian:
-		vs[0] = byte('B')
-	default:
-		return errors.New("dbus: invalid byte order")
-	}
-	body := new(bytes.Buffer)
-	enc := newEncoder(body, order)
-	if len(msg.Body) != 0 {
-		enc.Encode(msg.Body...)
-	}
-	vs[1] = msg.Type
-	vs[2] = msg.Flags
-	vs[3] = protoVersion
-	vs[4] = uint32(len(body.Bytes()))
-	vs[5] = msg.serial
-	headers := make([]header, 0, len(msg.Headers))
-	for k, v := range msg.Headers {
-		headers = append(headers, header{byte(k), v})
-	}
-	vs[6] = headers
-	var buf bytes.Buffer
-	enc = newEncoder(&buf, order)
-	enc.Encode(vs[:]...)
-	enc.align(8)
-	body.WriteTo(&buf)
-	if buf.Len() > 1<<27 {
-		return InvalidMessageError("message is too long")
-	}
-	if _, err := buf.WriteTo(out); err != nil {
-		return err
-	}
-	return nil
-}
-
-// IsValid checks whether msg is a valid message and returns an
-// InvalidMessageError if it is not.
-func (msg *Message) IsValid() error {
-	if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected) != 0 {
-		return InvalidMessageError("invalid flags")
-	}
-	if msg.Type == 0 || msg.Type >= typeMax {
-		return InvalidMessageError("invalid message type")
-	}
-	for k, v := range msg.Headers {
-		if k == 0 || k >= fieldMax {
-			return InvalidMessageError("invalid header")
-		}
-		if reflect.TypeOf(v.value) != fieldTypes[k] {
-			return InvalidMessageError("invalid type of header field")
-		}
-	}
-	for _, v := range requiredFields[msg.Type] {
-		if _, ok := msg.Headers[v]; !ok {
-			return InvalidMessageError("missing required header")
-		}
-	}
-	if path, ok := msg.Headers[FieldPath]; ok {
-		if !path.value.(ObjectPath).IsValid() {
-			return InvalidMessageError("invalid path name")
-		}
-	}
-	if iface, ok := msg.Headers[FieldInterface]; ok {
-		if !isValidInterface(iface.value.(string)) {
-			return InvalidMessageError("invalid interface name")
-		}
-	}
-	if member, ok := msg.Headers[FieldMember]; ok {
-		if !isValidMember(member.value.(string)) {
-			return InvalidMessageError("invalid member name")
-		}
-	}
-	if errname, ok := msg.Headers[FieldErrorName]; ok {
-		if !isValidInterface(errname.value.(string)) {
-			return InvalidMessageError("invalid error name")
-		}
-	}
-	if len(msg.Body) != 0 {
-		if _, ok := msg.Headers[FieldSignature]; !ok {
-			return InvalidMessageError("missing signature")
-		}
-	}
-	return nil
-}
-
-// Serial returns the message's serial number. The returned value is only valid
-// for messages received by eavesdropping.
-func (msg *Message) Serial() uint32 {
-	return msg.serial
-}
-
-// String returns a string representation of a message similar to the format of
-// dbus-monitor.
-func (msg *Message) String() string {
-	if err := msg.IsValid(); err != nil {
-		return "<invalid>"
-	}
-	s := msg.Type.String()
-	if v, ok := msg.Headers[FieldSender]; ok {
-		s += " from " + v.value.(string)
-	}
-	if v, ok := msg.Headers[FieldDestination]; ok {
-		s += " to " + v.value.(string)
-	}
-	s += " serial " + strconv.FormatUint(uint64(msg.serial), 10)
-	if v, ok := msg.Headers[FieldReplySerial]; ok {
-		s += " reply_serial " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
-	}
-	if v, ok := msg.Headers[FieldUnixFDs]; ok {
-		s += " unixfds " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
-	}
-	if v, ok := msg.Headers[FieldPath]; ok {
-		s += " path " + string(v.value.(ObjectPath))
-	}
-	if v, ok := msg.Headers[FieldInterface]; ok {
-		s += " interface " + v.value.(string)
-	}
-	if v, ok := msg.Headers[FieldErrorName]; ok {
-		s += " error " + v.value.(string)
-	}
-	if v, ok := msg.Headers[FieldMember]; ok {
-		s += " member " + v.value.(string)
-	}
-	if len(msg.Body) != 0 {
-		s += "\n"
-	}
-	for i, v := range msg.Body {
-		s += "  " + MakeVariant(v).String()
-		if i != len(msg.Body)-1 {
-			s += "\n"
-		}
-	}
-	return s
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
deleted file mode 100644
index ed5bdf2243..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/prop/prop.go
+++ /dev/null
@@ -1,264 +0,0 @@
-// Package prop provides the Properties struct which can be used to implement
-// org.freedesktop.DBus.Properties.
-package prop
-
-import (
-	"github.com/godbus/dbus"
-	"github.com/godbus/dbus/introspect"
-	"sync"
-)
-
-// EmitType controls how org.freedesktop.DBus.Properties.PropertiesChanged is
-// emitted for a property. If it is EmitTrue, the signal is emitted. If it is
-// EmitInvalidates, the signal is also emitted, but the new value of the property
-// is not disclosed.
-type EmitType byte
-
-const (
-	EmitFalse EmitType = iota
-	EmitTrue
-	EmitInvalidates
-)
-
-// ErrIfaceNotFound is the error returned to peers who try to access properties
-// on interfaces that aren't found.
-var ErrIfaceNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InterfaceNotFound", nil}
-
-// ErrPropNotFound is the error returned to peers trying to access properties
-// that aren't found.
-var ErrPropNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.PropertyNotFound", nil}
-
-// ErrReadOnly is the error returned to peers trying to set a read-only
-// property.
-var ErrReadOnly = &dbus.Error{"org.freedesktop.DBus.Properties.Error.ReadOnly", nil}
-
-// ErrInvalidArg is returned to peers if the type of the property that is being
-// changed and the argument don't match.
-var ErrInvalidArg = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InvalidArg", nil}
-
-// The introspection data for the org.freedesktop.DBus.Properties interface.
-var IntrospectData = introspect.Interface{
-	Name: "org.freedesktop.DBus.Properties",
-	Methods: []introspect.Method{
-		{
-			Name: "Get",
-			Args: []introspect.Arg{
-				{"interface", "s", "in"},
-				{"property", "s", "in"},
-				{"value", "v", "out"},
-			},
-		},
-		{
-			Name: "GetAll",
-			Args: []introspect.Arg{
-				{"interface", "s", "in"},
-				{"props", "a{sv}", "out"},
-			},
-		},
-		{
-			Name: "Set",
-			Args: []introspect.Arg{
-				{"interface", "s", "in"},
-				{"property", "s", "in"},
-				{"value", "v", "in"},
-			},
-		},
-	},
-	Signals: []introspect.Signal{
-		{
-			Name: "PropertiesChanged",
-			Args: []introspect.Arg{
-				{"interface", "s", "out"},
-				{"changed_properties", "a{sv}", "out"},
-				{"invalidates_properties", "as", "out"},
-			},
-		},
-	},
-}
-
-// The introspection data for the org.freedesktop.DBus.Properties interface, as
-// a string.
-const IntrospectDataString = `
-	<interface name="org.freedesktop.DBus.Introspectable">
-		<method name="Get">
-			<arg name="interface" direction="in" type="s"/>
-			<arg name="property" direction="in" type="s"/>
-			<arg name="value" direction="out" type="v"/>
-		</method>
-		<method name="GetAll">
-			<arg name="interface" direction="in" type="s"/>
-			<arg name="props" direction="out" type="a{sv}"/>
-		</method>
-		<method name="Set">
-			<arg name="interface" direction="in" type="s"/>
-			<arg name="property" direction="in" type="s"/>
-			<arg name="value" direction="in" type="v"/>
-		</method>
-		<signal name="PropertiesChanged">
-			<arg name="interface" type="s"/>
-			<arg name="changed_properties" type="a{sv}"/>
-			<arg name="invalidates_properties" type="as"/>
-		</signal>
-	</interface>
-`
-
-// Prop represents a single property. It is used for creating a Properties
-// value.
-type Prop struct {
-	// Initial value. Must be a DBus-representable type.
-	Value interface{}
-
-	// If true, the value can be modified by calls to Set.
-	Writable bool
-
-	// Controls how org.freedesktop.DBus.Properties.PropertiesChanged is
-	// emitted if this property changes.
-	Emit EmitType
-
-	// If not nil, anytime this property is changed by Set, this function is
-	// called with an appropiate Change as its argument. If the returned error
-	// is not nil, it is sent back to the caller of Set and the property is not
-	// changed.
-	Callback func(*Change) *dbus.Error
-}
-
-// Change represents a change of a property by a call to Set.
-type Change struct {
-	Props *Properties
-	Iface string
-	Name  string
-	Value interface{}
-}
-
-// Properties is a set of values that can be made available to the message bus
-// using the org.freedesktop.DBus.Properties interface. It is safe for
-// concurrent use by multiple goroutines.
-type Properties struct {
-	m    map[string]map[string]*Prop
-	mut  sync.RWMutex
-	conn *dbus.Conn
-	path dbus.ObjectPath
-}
-
-// New returns a new Properties structure that manages the given properties.
-// The key for the first-level map of props is the name of the interface; the
-// second-level key is the name of the property. The returned structure will be
-// exported as org.freedesktop.DBus.Properties on path.
-func New(conn *dbus.Conn, path dbus.ObjectPath, props map[string]map[string]*Prop) *Properties {
-	p := &Properties{m: props, conn: conn, path: path}
-	conn.Export(p, path, "org.freedesktop.DBus.Properties")
-	return p
-}
-
-// Get implements org.freedesktop.DBus.Properties.Get.
-func (p *Properties) Get(iface, property string) (dbus.Variant, *dbus.Error) {
-	p.mut.RLock()
-	defer p.mut.RUnlock()
-	m, ok := p.m[iface]
-	if !ok {
-		return dbus.Variant{}, ErrIfaceNotFound
-	}
-	prop, ok := m[property]
-	if !ok {
-		return dbus.Variant{}, ErrPropNotFound
-	}
-	return dbus.MakeVariant(prop.Value), nil
-}
-
-// GetAll implements org.freedesktop.DBus.Properties.GetAll.
-func (p *Properties) GetAll(iface string) (map[string]dbus.Variant, *dbus.Error) {
-	p.mut.RLock()
-	defer p.mut.RUnlock()
-	m, ok := p.m[iface]
-	if !ok {
-		return nil, ErrIfaceNotFound
-	}
-	rm := make(map[string]dbus.Variant, len(m))
-	for k, v := range m {
-		rm[k] = dbus.MakeVariant(v.Value)
-	}
-	return rm, nil
-}
-
-// GetMust returns the value of the given property and panics if either the
-// interface or the property name are invalid.
-func (p *Properties) GetMust(iface, property string) interface{} {
-	p.mut.RLock()
-	defer p.mut.RUnlock()
-	return p.m[iface][property].Value
-}
-
-// Introspection returns the introspection data that represents the properties
-// of iface.
-func (p *Properties) Introspection(iface string) []introspect.Property {
-	p.mut.RLock()
-	defer p.mut.RUnlock()
-	m := p.m[iface]
-	s := make([]introspect.Property, 0, len(m))
-	for k, v := range m {
-		p := introspect.Property{Name: k, Type: dbus.SignatureOf(v.Value).String()}
-		if v.Writable {
-			p.Access = "readwrite"
-		} else {
-			p.Access = "read"
-		}
-		s = append(s, p)
-	}
-	return s
-}
-
-// set sets the given property and emits PropertyChanged if appropiate. p.mut
-// must already be locked.
-func (p *Properties) set(iface, property string, v interface{}) {
-	prop := p.m[iface][property]
-	prop.Value = v
-	switch prop.Emit {
-	case EmitFalse:
-		// do nothing
-	case EmitInvalidates:
-		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
-			iface, map[string]dbus.Variant{}, []string{property})
-	case EmitTrue:
-		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
-			iface, map[string]dbus.Variant{property: dbus.MakeVariant(v)},
-			[]string{})
-	default:
-		panic("invalid value for EmitType")
-	}
-}
-
-// Set implements org.freedesktop.Properties.Set.
-func (p *Properties) Set(iface, property string, newv dbus.Variant) *dbus.Error {
-	p.mut.Lock()
-	defer p.mut.Unlock()
-	m, ok := p.m[iface]
-	if !ok {
-		return ErrIfaceNotFound
-	}
-	prop, ok := m[property]
-	if !ok {
-		return ErrPropNotFound
-	}
-	if !prop.Writable {
-		return ErrReadOnly
-	}
-	if newv.Signature() != dbus.SignatureOf(prop.Value) {
-		return ErrInvalidArg
-	}
-	if prop.Callback != nil {
-		err := prop.Callback(&Change{p, iface, property, newv.Value()})
-		if err != nil {
-			return err
-		}
-	}
-	p.set(iface, property, newv.Value())
-	return nil
-}
-
-// SetMust sets the value of the given property and panics if the interface or
-// the property name are invalid.
-func (p *Properties) SetMust(iface, property string, v interface{}) {
-	p.mut.Lock()
-	p.set(iface, property, v)
-	p.mut.Unlock()
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
deleted file mode 100644
index 608a770d41..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/proto_test.go
+++ /dev/null
@@ -1,369 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"encoding/binary"
-	"io/ioutil"
-	"math"
-	"reflect"
-	"testing"
-)
-
-var protoTests = []struct {
-	vs           []interface{}
-	bigEndian    []byte
-	littleEndian []byte
-}{
-	{
-		[]interface{}{int32(0)},
-		[]byte{0, 0, 0, 0},
-		[]byte{0, 0, 0, 0},
-	},
-	{
-		[]interface{}{true, false},
-		[]byte{0, 0, 0, 1, 0, 0, 0, 0},
-		[]byte{1, 0, 0, 0, 0, 0, 0, 0},
-	},
-	{
-		[]interface{}{byte(0), uint16(12), int16(32), uint32(43)},
-		[]byte{0, 0, 0, 12, 0, 32, 0, 0, 0, 0, 0, 43},
-		[]byte{0, 0, 12, 0, 32, 0, 0, 0, 43, 0, 0, 0},
-	},
-	{
-		[]interface{}{int64(-1), uint64(1<<64 - 1)},
-		bytes.Repeat([]byte{255}, 16),
-		bytes.Repeat([]byte{255}, 16),
-	},
-	{
-		[]interface{}{math.Inf(+1)},
-		[]byte{0x7f, 0xf0, 0, 0, 0, 0, 0, 0},
-		[]byte{0, 0, 0, 0, 0, 0, 0xf0, 0x7f},
-	},
-	{
-		[]interface{}{"foo"},
-		[]byte{0, 0, 0, 3, 'f', 'o', 'o', 0},
-		[]byte{3, 0, 0, 0, 'f', 'o', 'o', 0},
-	},
-	{
-		[]interface{}{Signature{"ai"}},
-		[]byte{2, 'a', 'i', 0},
-		[]byte{2, 'a', 'i', 0},
-	},
-	{
-		[]interface{}{[]int16{42, 256}},
-		[]byte{0, 0, 0, 4, 0, 42, 1, 0},
-		[]byte{4, 0, 0, 0, 42, 0, 0, 1},
-	},
-	{
-		[]interface{}{MakeVariant("foo")},
-		[]byte{1, 's', 0, 0, 0, 0, 0, 3, 'f', 'o', 'o', 0},
-		[]byte{1, 's', 0, 0, 3, 0, 0, 0, 'f', 'o', 'o', 0},
-	},
-	{
-		[]interface{}{MakeVariant(MakeVariant(Signature{"v"}))},
-		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
-		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
-	},
-	{
-		[]interface{}{map[int32]bool{42: true}},
-		[]byte{0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1},
-		[]byte{8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1, 0, 0, 0},
-	},
-	{
-		[]interface{}{map[string]Variant{}, byte(42)},
-		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
-		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
-	},
-	{
-		[]interface{}{[]uint64{}, byte(42)},
-		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
-		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
-	},
-}
-
-func TestProto(t *testing.T) {
-	for i, v := range protoTests {
-		buf := new(bytes.Buffer)
-		bigEnc := newEncoder(buf, binary.BigEndian)
-		bigEnc.Encode(v.vs...)
-		marshalled := buf.Bytes()
-		if bytes.Compare(marshalled, v.bigEndian) != 0 {
-			t.Errorf("test %d (marshal be): got '%v', but expected '%v'\n", i+1, marshalled,
-				v.bigEndian)
-		}
-		buf.Reset()
-		litEnc := newEncoder(buf, binary.LittleEndian)
-		litEnc.Encode(v.vs...)
-		marshalled = buf.Bytes()
-		if bytes.Compare(marshalled, v.littleEndian) != 0 {
-			t.Errorf("test %d (marshal le): got '%v', but expected '%v'\n", i+1, marshalled,
-				v.littleEndian)
-		}
-		unmarshalled := reflect.MakeSlice(reflect.TypeOf(v.vs),
-			0, 0)
-		for i := range v.vs {
-			unmarshalled = reflect.Append(unmarshalled,
-				reflect.New(reflect.TypeOf(v.vs[i])))
-		}
-		bigDec := newDecoder(bytes.NewReader(v.bigEndian), binary.BigEndian)
-		vs, err := bigDec.Decode(SignatureOf(v.vs...))
-		if err != nil {
-			t.Errorf("test %d (unmarshal be): %s\n", i+1, err)
-			continue
-		}
-		if !reflect.DeepEqual(vs, v.vs) {
-			t.Errorf("test %d (unmarshal be): got %#v, but expected %#v\n", i+1, vs, v.vs)
-		}
-		litDec := newDecoder(bytes.NewReader(v.littleEndian), binary.LittleEndian)
-		vs, err = litDec.Decode(SignatureOf(v.vs...))
-		if err != nil {
-			t.Errorf("test %d (unmarshal le): %s\n", i+1, err)
-			continue
-		}
-		if !reflect.DeepEqual(vs, v.vs) {
-			t.Errorf("test %d (unmarshal le): got %#v, but expected %#v\n", i+1, vs, v.vs)
-		}
-
-	}
-}
-
-func TestProtoMap(t *testing.T) {
-	m := map[string]uint8{
-		"foo": 23,
-		"bar": 2,
-	}
-	var n map[string]uint8
-	buf := new(bytes.Buffer)
-	enc := newEncoder(buf, binary.LittleEndian)
-	enc.Encode(m)
-	dec := newDecoder(buf, binary.LittleEndian)
-	vs, err := dec.Decode(Signature{"a{sy}"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err = Store(vs, &n); err != nil {
-		t.Fatal(err)
-	}
-	if len(n) != 2 || n["foo"] != 23 || n["bar"] != 2 {
-		t.Error("got", n)
-	}
-}
-
-func TestProtoVariantStruct(t *testing.T) {
-	var variant Variant
-	v := MakeVariant(struct {
-		A int32
-		B int16
-	}{1, 2})
-	buf := new(bytes.Buffer)
-	enc := newEncoder(buf, binary.LittleEndian)
-	enc.Encode(v)
-	dec := newDecoder(buf, binary.LittleEndian)
-	vs, err := dec.Decode(Signature{"v"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err = Store(vs, &variant); err != nil {
-		t.Fatal(err)
-	}
-	sl := variant.Value().([]interface{})
-	v1, v2 := sl[0].(int32), sl[1].(int16)
-	if v1 != int32(1) {
-		t.Error("got", v1, "as first int")
-	}
-	if v2 != int16(2) {
-		t.Error("got", v2, "as second int")
-	}
-}
-
-func TestProtoStructTag(t *testing.T) {
-	type Bar struct {
-		A int32
-		B chan interface{} `dbus:"-"`
-		C int32
-	}
-	var bar1, bar2 Bar
-	bar1.A = 234
-	bar2.C = 345
-	buf := new(bytes.Buffer)
-	enc := newEncoder(buf, binary.LittleEndian)
-	enc.Encode(bar1)
-	dec := newDecoder(buf, binary.LittleEndian)
-	vs, err := dec.Decode(Signature{"(ii)"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err = Store(vs, &bar2); err != nil {
-		t.Fatal(err)
-	}
-	if bar1 != bar2 {
-		t.Error("struct tag test: got", bar2)
-	}
-}
-
-func TestProtoStoreStruct(t *testing.T) {
-	var foo struct {
-		A int32
-		B string
-		c chan interface{}
-		D interface{} `dbus:"-"`
-	}
-	src := []interface{}{[]interface{}{int32(42), "foo"}}
-	err := Store(src, &foo)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestProtoStoreNestedStruct(t *testing.T) {
-	var foo struct {
-		A int32
-		B struct {
-			C string
-			D float64
-		}
-	}
-	src := []interface{}{
-		[]interface{}{
-			int32(42),
-			[]interface{}{
-				"foo",
-				3.14,
-			},
-		},
-	}
-	err := Store(src, &foo)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestMessage(t *testing.T) {
-	buf := new(bytes.Buffer)
-	message := new(Message)
-	message.Type = TypeMethodCall
-	message.serial = 32
-	message.Headers = map[HeaderField]Variant{
-		FieldPath:   MakeVariant(ObjectPath("/org/foo/bar")),
-		FieldMember: MakeVariant("baz"),
-	}
-	message.Body = make([]interface{}, 0)
-	err := message.EncodeTo(buf, binary.LittleEndian)
-	if err != nil {
-		t.Error(err)
-	}
-	_, err = DecodeMessage(buf)
-	if err != nil {
-		t.Error(err)
-	}
-}
-
-func TestProtoStructInterfaces(t *testing.T) {
-	b := []byte{42}
-	vs, err := newDecoder(bytes.NewReader(b), binary.LittleEndian).Decode(Signature{"(y)"})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if vs[0].([]interface{})[0].(byte) != 42 {
-		t.Errorf("wrongs results (got %v)", vs)
-	}
-}
-
-// ordinary org.freedesktop.DBus.Hello call
-var smallMessage = &Message{
-	Type:   TypeMethodCall,
-	serial: 1,
-	Headers: map[HeaderField]Variant{
-		FieldDestination: MakeVariant("org.freedesktop.DBus"),
-		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
-		FieldInterface:   MakeVariant("org.freedesktop.DBus"),
-		FieldMember:      MakeVariant("Hello"),
-	},
-}
-
-// org.freedesktop.Notifications.Notify
-var bigMessage = &Message{
-	Type:   TypeMethodCall,
-	serial: 2,
-	Headers: map[HeaderField]Variant{
-		FieldDestination: MakeVariant("org.freedesktop.Notifications"),
-		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/Notifications")),
-		FieldInterface:   MakeVariant("org.freedesktop.Notifications"),
-		FieldMember:      MakeVariant("Notify"),
-		FieldSignature:   MakeVariant(Signature{"susssasa{sv}i"}),
-	},
-	Body: []interface{}{
-		"app_name",
-		uint32(0),
-		"dialog-information",
-		"Notification",
-		"This is the body of a notification",
-		[]string{"ok", "Ok"},
-		map[string]Variant{
-			"sound-name": MakeVariant("dialog-information"),
-		},
-		int32(-1),
-	},
-}
-
-func BenchmarkDecodeMessageSmall(b *testing.B) {
-	var err error
-	var rd *bytes.Reader
-
-	b.StopTimer()
-	buf := new(bytes.Buffer)
-	err = smallMessage.EncodeTo(buf, binary.LittleEndian)
-	if err != nil {
-		b.Fatal(err)
-	}
-	decoded := buf.Bytes()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		rd = bytes.NewReader(decoded)
-		_, err = DecodeMessage(rd)
-		if err != nil {
-			b.Fatal(err)
-		}
-	}
-}
-
-func BenchmarkDecodeMessageBig(b *testing.B) {
-	var err error
-	var rd *bytes.Reader
-
-	b.StopTimer()
-	buf := new(bytes.Buffer)
-	err = bigMessage.EncodeTo(buf, binary.LittleEndian)
-	if err != nil {
-		b.Fatal(err)
-	}
-	decoded := buf.Bytes()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		rd = bytes.NewReader(decoded)
-		_, err = DecodeMessage(rd)
-		if err != nil {
-			b.Fatal(err)
-		}
-	}
-}
-
-func BenchmarkEncodeMessageSmall(b *testing.B) {
-	var err error
-	for i := 0; i < b.N; i++ {
-		err = smallMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
-		if err != nil {
-			b.Fatal(err)
-		}
-	}
-}
-
-func BenchmarkEncodeMessageBig(b *testing.B) {
-	var err error
-	for i := 0; i < b.N; i++ {
-		err = bigMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
-		if err != nil {
-			b.Fatal(err)
-		}
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
deleted file mode 100644
index f45b53ce1b..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig.go
+++ /dev/null
@@ -1,257 +0,0 @@
-package dbus
-
-import (
-	"fmt"
-	"reflect"
-	"strings"
-)
-
-var sigToType = map[byte]reflect.Type{
-	'y': byteType,
-	'b': boolType,
-	'n': int16Type,
-	'q': uint16Type,
-	'i': int32Type,
-	'u': uint32Type,
-	'x': int64Type,
-	't': uint64Type,
-	'd': float64Type,
-	's': stringType,
-	'g': signatureType,
-	'o': objectPathType,
-	'v': variantType,
-	'h': unixFDIndexType,
-}
-
-// Signature represents a correct type signature as specified by the D-Bus
-// specification. The zero value represents the empty signature, "".
-type Signature struct {
-	str string
-}
-
-// SignatureOf returns the concatenation of all the signatures of the given
-// values. It panics if one of them is not representable in D-Bus.
-func SignatureOf(vs ...interface{}) Signature {
-	var s string
-	for _, v := range vs {
-		s += getSignature(reflect.TypeOf(v))
-	}
-	return Signature{s}
-}
-
-// SignatureOfType returns the signature of the given type. It panics if the
-// type is not representable in D-Bus.
-func SignatureOfType(t reflect.Type) Signature {
-	return Signature{getSignature(t)}
-}
-
-// getSignature returns the signature of the given type and panics on unknown types.
-func getSignature(t reflect.Type) string {
-	// handle simple types first
-	switch t.Kind() {
-	case reflect.Uint8:
-		return "y"
-	case reflect.Bool:
-		return "b"
-	case reflect.Int16:
-		return "n"
-	case reflect.Uint16:
-		return "q"
-	case reflect.Int32:
-		if t == unixFDType {
-			return "h"
-		}
-		return "i"
-	case reflect.Uint32:
-		if t == unixFDIndexType {
-			return "h"
-		}
-		return "u"
-	case reflect.Int64:
-		return "x"
-	case reflect.Uint64:
-		return "t"
-	case reflect.Float64:
-		return "d"
-	case reflect.Ptr:
-		return getSignature(t.Elem())
-	case reflect.String:
-		if t == objectPathType {
-			return "o"
-		}
-		return "s"
-	case reflect.Struct:
-		if t == variantType {
-			return "v"
-		} else if t == signatureType {
-			return "g"
-		}
-		var s string
-		for i := 0; i < t.NumField(); i++ {
-			field := t.Field(i)
-			if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
-				s += getSignature(t.Field(i).Type)
-			}
-		}
-		return "(" + s + ")"
-	case reflect.Array, reflect.Slice:
-		return "a" + getSignature(t.Elem())
-	case reflect.Map:
-		if !isKeyType(t.Key()) {
-			panic(InvalidTypeError{t})
-		}
-		return "a{" + getSignature(t.Key()) + getSignature(t.Elem()) + "}"
-	}
-	panic(InvalidTypeError{t})
-}
-
-// ParseSignature returns the signature represented by this string, or a
-// SignatureError if the string is not a valid signature.
-func ParseSignature(s string) (sig Signature, err error) {
-	if len(s) == 0 {
-		return
-	}
-	if len(s) > 255 {
-		return Signature{""}, SignatureError{s, "too long"}
-	}
-	sig.str = s
-	for err == nil && len(s) != 0 {
-		err, s = validSingle(s, 0)
-	}
-	if err != nil {
-		sig = Signature{""}
-	}
-
-	return
-}
-
-// ParseSignatureMust behaves like ParseSignature, except that it panics if s
-// is not valid.
-func ParseSignatureMust(s string) Signature {
-	sig, err := ParseSignature(s)
-	if err != nil {
-		panic(err)
-	}
-	return sig
-}
-
-// Empty retruns whether the signature is the empty signature.
-func (s Signature) Empty() bool {
-	return s.str == ""
-}
-
-// Single returns whether the signature represents a single, complete type.
-func (s Signature) Single() bool {
-	err, r := validSingle(s.str, 0)
-	return err != nil && r == ""
-}
-
-// String returns the signature's string representation.
-func (s Signature) String() string {
-	return s.str
-}
-
-// A SignatureError indicates that a signature passed to a function or received
-// on a connection is not a valid signature.
-type SignatureError struct {
-	Sig    string
-	Reason string
-}
-
-func (e SignatureError) Error() string {
-	return fmt.Sprintf("dbus: invalid signature: %q (%s)", e.Sig, e.Reason)
-}
-
-// Try to read a single type from this string. If it was successfull, err is nil
-// and rem is the remaining unparsed part. Otherwise, err is a non-nil
-// SignatureError and rem is "". depth is the current recursion depth which may
-// not be greater than 64 and should be given as 0 on the first call.
-func validSingle(s string, depth int) (err error, rem string) {
-	if s == "" {
-		return SignatureError{Sig: s, Reason: "empty signature"}, ""
-	}
-	if depth > 64 {
-		return SignatureError{Sig: s, Reason: "container nesting too deep"}, ""
-	}
-	switch s[0] {
-	case 'y', 'b', 'n', 'q', 'i', 'u', 'x', 't', 'd', 's', 'g', 'o', 'v', 'h':
-		return nil, s[1:]
-	case 'a':
-		if len(s) > 1 && s[1] == '{' {
-			i := findMatching(s[1:], '{', '}')
-			if i == -1 {
-				return SignatureError{Sig: s, Reason: "unmatched '{'"}, ""
-			}
-			i++
-			rem = s[i+1:]
-			s = s[2:i]
-			if err, _ = validSingle(s[:1], depth+1); err != nil {
-				return err, ""
-			}
-			err, nr := validSingle(s[1:], depth+1)
-			if err != nil {
-				return err, ""
-			}
-			if nr != "" {
-				return SignatureError{Sig: s, Reason: "too many types in dict"}, ""
-			}
-			return nil, rem
-		}
-		return validSingle(s[1:], depth+1)
-	case '(':
-		i := findMatching(s, '(', ')')
-		if i == -1 {
-			return SignatureError{Sig: s, Reason: "unmatched ')'"}, ""
-		}
-		rem = s[i+1:]
-		s = s[1:i]
-		for err == nil && s != "" {
-			err, s = validSingle(s, depth+1)
-		}
-		if err != nil {
-			rem = ""
-		}
-		return
-	}
-	return SignatureError{Sig: s, Reason: "invalid type character"}, ""
-}
-
-func findMatching(s string, left, right rune) int {
-	n := 0
-	for i, v := range s {
-		if v == left {
-			n++
-		} else if v == right {
-			n--
-		}
-		if n == 0 {
-			return i
-		}
-	}
-	return -1
-}
-
-// typeFor returns the type of the given signature. It ignores any left over
-// characters and panics if s doesn't start with a valid type signature.
-func typeFor(s string) (t reflect.Type) {
-	err, _ := validSingle(s, 0)
-	if err != nil {
-		panic(err)
-	}
-
-	if t, ok := sigToType[s[0]]; ok {
-		return t
-	}
-	switch s[0] {
-	case 'a':
-		if s[1] == '{' {
-			i := strings.LastIndex(s, "}")
-			t = reflect.MapOf(sigToType[s[2]], typeFor(s[3:i]))
-		} else {
-			t = reflect.SliceOf(typeFor(s[1:]))
-		}
-	case '(':
-		t = interfacesType
-	}
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
deleted file mode 100644
index da37bc968e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/sig_test.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package dbus
-
-import (
-	"testing"
-)
-
-var sigTests = []struct {
-	vs  []interface{}
-	sig Signature
-}{
-	{
-		[]interface{}{new(int32)},
-		Signature{"i"},
-	},
-	{
-		[]interface{}{new(string)},
-		Signature{"s"},
-	},
-	{
-		[]interface{}{new(Signature)},
-		Signature{"g"},
-	},
-	{
-		[]interface{}{new([]int16)},
-		Signature{"an"},
-	},
-	{
-		[]interface{}{new(int16), new(uint32)},
-		Signature{"nu"},
-	},
-	{
-		[]interface{}{new(map[byte]Variant)},
-		Signature{"a{yv}"},
-	},
-	{
-		[]interface{}{new(Variant), new([]map[int32]string)},
-		Signature{"vaa{is}"},
-	},
-}
-
-func TestSig(t *testing.T) {
-	for i, v := range sigTests {
-		sig := SignatureOf(v.vs...)
-		if sig != v.sig {
-			t.Errorf("test %d: got %q, expected %q", i+1, sig.str, v.sig.str)
-		}
-	}
-}
-
-var getSigTest = []interface{}{
-	[]struct {
-		b byte
-		i int32
-		t uint64
-		s string
-	}{},
-	map[string]Variant{},
-}
-
-func BenchmarkGetSignatureSimple(b *testing.B) {
-	for i := 0; i < b.N; i++ {
-		SignatureOf("", int32(0))
-	}
-}
-
-func BenchmarkGetSignatureLong(b *testing.B) {
-	for i := 0; i < b.N; i++ {
-		SignatureOf(getSigTest...)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
deleted file mode 100644
index 1bba0d6bf7..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_darwin.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package dbus
-
-func (t *unixTransport) SendNullByte() error {
-	_, err := t.Write([]byte{0})
-	return err
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
deleted file mode 100644
index 46f8f49d69..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_generic.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dbus
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-)
-
-type genericTransport struct {
-	io.ReadWriteCloser
-}
-
-func (t genericTransport) SendNullByte() error {
-	_, err := t.Write([]byte{0})
-	return err
-}
-
-func (t genericTransport) SupportsUnixFDs() bool {
-	return false
-}
-
-func (t genericTransport) EnableUnixFDs() {}
-
-func (t genericTransport) ReadMessage() (*Message, error) {
-	return DecodeMessage(t)
-}
-
-func (t genericTransport) SendMessage(msg *Message) error {
-	for _, v := range msg.Body {
-		if _, ok := v.(UnixFD); ok {
-			return errors.New("dbus: unix fd passing not enabled")
-		}
-	}
-	return msg.EncodeTo(t, binary.LittleEndian)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
deleted file mode 100644
index d16229be40..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"encoding/binary"
-	"errors"
-	"io"
-	"net"
-	"syscall"
-)
-
-type oobReader struct {
-	conn *net.UnixConn
-	oob  []byte
-	buf  [4096]byte
-}
-
-func (o *oobReader) Read(b []byte) (n int, err error) {
-	n, oobn, flags, _, err := o.conn.ReadMsgUnix(b, o.buf[:])
-	if err != nil {
-		return n, err
-	}
-	if flags&syscall.MSG_CTRUNC != 0 {
-		return n, errors.New("dbus: control data truncated (too many fds received)")
-	}
-	o.oob = append(o.oob, o.buf[:oobn]...)
-	return n, nil
-}
-
-type unixTransport struct {
-	*net.UnixConn
-	hasUnixFDs bool
-}
-
-func newUnixTransport(keys string) (transport, error) {
-	var err error
-
-	t := new(unixTransport)
-	abstract := getKey(keys, "abstract")
-	path := getKey(keys, "path")
-	switch {
-	case abstract == "" && path == "":
-		return nil, errors.New("dbus: invalid address (neither path nor abstract set)")
-	case abstract != "" && path == "":
-		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: "@" + abstract, Net: "unix"})
-		if err != nil {
-			return nil, err
-		}
-		return t, nil
-	case abstract == "" && path != "":
-		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: path, Net: "unix"})
-		if err != nil {
-			return nil, err
-		}
-		return t, nil
-	default:
-		return nil, errors.New("dbus: invalid address (both path and abstract set)")
-	}
-}
-
-func (t *unixTransport) EnableUnixFDs() {
-	t.hasUnixFDs = true
-}
-
-func (t *unixTransport) ReadMessage() (*Message, error) {
-	var (
-		blen, hlen uint32
-		csheader   [16]byte
-		headers    []header
-		order      binary.ByteOrder
-		unixfds    uint32
-	)
-	// To be sure that all bytes of out-of-band data are read, we use a special
-	// reader that uses ReadUnix on the underlying connection instead of Read
-	// and gathers the out-of-band data in a buffer.
-	rd := &oobReader{conn: t.UnixConn}
-	// read the first 16 bytes (the part of the header that has a constant size),
-	// from which we can figure out the length of the rest of the message
-	if _, err := io.ReadFull(rd, csheader[:]); err != nil {
-		return nil, err
-	}
-	switch csheader[0] {
-	case 'l':
-		order = binary.LittleEndian
-	case 'B':
-		order = binary.BigEndian
-	default:
-		return nil, InvalidMessageError("invalid byte order")
-	}
-	// csheader[4:8] -> length of message body, csheader[12:16] -> length of
-	// header fields (without alignment)
-	binary.Read(bytes.NewBuffer(csheader[4:8]), order, &blen)
-	binary.Read(bytes.NewBuffer(csheader[12:]), order, &hlen)
-	if hlen%8 != 0 {
-		hlen += 8 - (hlen % 8)
-	}
-
-	// decode headers and look for unix fds
-	headerdata := make([]byte, hlen+4)
-	copy(headerdata, csheader[12:])
-	if _, err := io.ReadFull(t, headerdata[4:]); err != nil {
-		return nil, err
-	}
-	dec := newDecoder(bytes.NewBuffer(headerdata), order)
-	dec.pos = 12
-	vs, err := dec.Decode(Signature{"a(yv)"})
-	if err != nil {
-		return nil, err
-	}
-	Store(vs, &headers)
-	for _, v := range headers {
-		if v.Field == byte(FieldUnixFDs) {
-			unixfds, _ = v.Variant.value.(uint32)
-		}
-	}
-	all := make([]byte, 16+hlen+blen)
-	copy(all, csheader[:])
-	copy(all[16:], headerdata[4:])
-	if _, err := io.ReadFull(rd, all[16+hlen:]); err != nil {
-		return nil, err
-	}
-	if unixfds != 0 {
-		if !t.hasUnixFDs {
-			return nil, errors.New("dbus: got unix fds on unsupported transport")
-		}
-		// read the fds from the OOB data
-		scms, err := syscall.ParseSocketControlMessage(rd.oob)
-		if err != nil {
-			return nil, err
-		}
-		if len(scms) != 1 {
-			return nil, errors.New("dbus: received more than one socket control message")
-		}
-		fds, err := syscall.ParseUnixRights(&scms[0])
-		if err != nil {
-			return nil, err
-		}
-		msg, err := DecodeMessage(bytes.NewBuffer(all))
-		if err != nil {
-			return nil, err
-		}
-		// substitute the values in the message body (which are indices for the
-		// array receiver via OOB) with the actual values
-		for i, v := range msg.Body {
-			if j, ok := v.(UnixFDIndex); ok {
-				if uint32(j) >= unixfds {
-					return nil, InvalidMessageError("invalid index for unix fd")
-				}
-				msg.Body[i] = UnixFD(fds[j])
-			}
-		}
-		return msg, nil
-	}
-	return DecodeMessage(bytes.NewBuffer(all))
-}
-
-func (t *unixTransport) SendMessage(msg *Message) error {
-	fds := make([]int, 0)
-	for i, v := range msg.Body {
-		if fd, ok := v.(UnixFD); ok {
-			msg.Body[i] = UnixFDIndex(len(fds))
-			fds = append(fds, int(fd))
-		}
-	}
-	if len(fds) != 0 {
-		if !t.hasUnixFDs {
-			return errors.New("dbus: unix fd passing not enabled")
-		}
-		msg.Headers[FieldUnixFDs] = MakeVariant(uint32(len(fds)))
-		oob := syscall.UnixRights(fds...)
-		buf := new(bytes.Buffer)
-		msg.EncodeTo(buf, binary.LittleEndian)
-		n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil)
-		if err != nil {
-			return err
-		}
-		if n != buf.Len() || oobn != len(oob) {
-			return io.ErrShortWrite
-		}
-	} else {
-		if err := msg.EncodeTo(t, binary.LittleEndian); err != nil {
-			return nil
-		}
-	}
-	return nil
-}
-
-func (t *unixTransport) SupportsUnixFDs() bool {
-	return true
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
deleted file mode 100644
index 302233fc65..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unix_test.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package dbus
-
-import (
-	"os"
-	"testing"
-)
-
-const testString = `This is a test!
-This text should be read from the file that is created by this test.`
-
-type unixFDTest struct{}
-
-func (t unixFDTest) Test(fd UnixFD) (string, *Error) {
-	var b [4096]byte
-	file := os.NewFile(uintptr(fd), "testfile")
-	defer file.Close()
-	n, err := file.Read(b[:])
-	if err != nil {
-		return "", &Error{"com.github.guelfey.test.Error", nil}
-	}
-	return string(b[:n]), nil
-}
-
-func TestUnixFDs(t *testing.T) {
-	conn, err := SessionBus()
-	if err != nil {
-		t.Fatal(err)
-	}
-	r, w, err := os.Pipe()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer w.Close()
-	if _, err := w.Write([]byte(testString)); err != nil {
-		t.Fatal(err)
-	}
-	name := conn.Names()[0]
-	test := unixFDTest{}
-	conn.Export(test, "/com/github/guelfey/test", "com.github.guelfey.test")
-	var s string
-	obj := conn.Object(name, "/com/github/guelfey/test")
-	err = obj.Call("com.github.guelfey.test.Test", 0, UnixFD(r.Fd())).Store(&s)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if s != testString {
-		t.Fatal("got", s, "wanted", testString)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
deleted file mode 100644
index 42a0e769ef..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/transport_unixcred.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// +build !darwin
-
-package dbus
-
-import (
-	"io"
-	"os"
-	"syscall"
-)
-
-func (t *unixTransport) SendNullByte() error {
-	ucred := &syscall.Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())}
-	b := syscall.UnixCredentials(ucred)
-	_, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil)
-	if err != nil {
-		return err
-	}
-	if oobn != len(b) {
-		return io.ErrShortWrite
-	}
-	return nil
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
deleted file mode 100644
index b1b53ceb47..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"fmt"
-	"reflect"
-	"strconv"
-)
-
-// Variant represents the D-Bus variant type.
-type Variant struct {
-	sig   Signature
-	value interface{}
-}
-
-// MakeVariant converts the given value to a Variant. It panics if v cannot be
-// represented as a D-Bus type.
-func MakeVariant(v interface{}) Variant {
-	return Variant{SignatureOf(v), v}
-}
-
-// ParseVariant parses the given string as a variant as described at
-// https://developer.gnome.org/glib/unstable/gvariant-text.html. If sig is not
-// empty, it is taken to be the expected signature for the variant.
-func ParseVariant(s string, sig Signature) (Variant, error) {
-	tokens := varLex(s)
-	p := &varParser{tokens: tokens}
-	n, err := varMakeNode(p)
-	if err != nil {
-		return Variant{}, err
-	}
-	if sig.str == "" {
-		sig, err = varInfer(n)
-		if err != nil {
-			return Variant{}, err
-		}
-	}
-	v, err := n.Value(sig)
-	if err != nil {
-		return Variant{}, err
-	}
-	return MakeVariant(v), nil
-}
-
-// format returns a formatted version of v and whether this string can be parsed
-// unambigously.
-func (v Variant) format() (string, bool) {
-	switch v.sig.str[0] {
-	case 'b', 'i':
-		return fmt.Sprint(v.value), true
-	case 'n', 'q', 'u', 'x', 't', 'd', 'h':
-		return fmt.Sprint(v.value), false
-	case 's':
-		return strconv.Quote(v.value.(string)), true
-	case 'o':
-		return strconv.Quote(string(v.value.(ObjectPath))), false
-	case 'g':
-		return strconv.Quote(v.value.(Signature).str), false
-	case 'v':
-		s, unamb := v.value.(Variant).format()
-		if !unamb {
-			return "<@" + v.value.(Variant).sig.str + " " + s + ">", true
-		}
-		return "<" + s + ">", true
-	case 'y':
-		return fmt.Sprintf("%#x", v.value.(byte)), false
-	}
-	rv := reflect.ValueOf(v.value)
-	switch rv.Kind() {
-	case reflect.Slice:
-		if rv.Len() == 0 {
-			return "[]", false
-		}
-		unamb := true
-		buf := bytes.NewBuffer([]byte("["))
-		for i := 0; i < rv.Len(); i++ {
-			// TODO: slooow
-			s, b := MakeVariant(rv.Index(i).Interface()).format()
-			unamb = unamb && b
-			buf.WriteString(s)
-			if i != rv.Len()-1 {
-				buf.WriteString(", ")
-			}
-		}
-		buf.WriteByte(']')
-		return buf.String(), unamb
-	case reflect.Map:
-		if rv.Len() == 0 {
-			return "{}", false
-		}
-		unamb := true
-		buf := bytes.NewBuffer([]byte("{"))
-		for i, k := range rv.MapKeys() {
-			s, b := MakeVariant(k.Interface()).format()
-			unamb = unamb && b
-			buf.WriteString(s)
-			buf.WriteString(": ")
-			s, b = MakeVariant(rv.MapIndex(k).Interface()).format()
-			unamb = unamb && b
-			buf.WriteString(s)
-			if i != rv.Len()-1 {
-				buf.WriteString(", ")
-			}
-		}
-		buf.WriteByte('}')
-		return buf.String(), unamb
-	}
-	return `"INVALID"`, true
-}
-
-// Signature returns the D-Bus signature of the underlying value of v.
-func (v Variant) Signature() Signature {
-	return v.sig
-}
-
-// String returns the string representation of the underlying value of v as
-// described at https://developer.gnome.org/glib/unstable/gvariant-text.html.
-func (v Variant) String() string {
-	s, unamb := v.format()
-	if !unamb {
-		return "@" + v.sig.str + " " + s
-	}
-	return s
-}
-
-// Value returns the underlying value of v.
-func (v Variant) Value() interface{} {
-	return v.value
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
deleted file mode 100644
index 332007d6f1..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_lexer.go
+++ /dev/null
@@ -1,284 +0,0 @@
-package dbus
-
-import (
-	"fmt"
-	"strings"
-	"unicode"
-	"unicode/utf8"
-)
-
-// Heavily inspired by the lexer from text/template.
-
-type varToken struct {
-	typ varTokenType
-	val string
-}
-
-type varTokenType byte
-
-const (
-	tokEOF varTokenType = iota
-	tokError
-	tokNumber
-	tokString
-	tokBool
-	tokArrayStart
-	tokArrayEnd
-	tokDictStart
-	tokDictEnd
-	tokVariantStart
-	tokVariantEnd
-	tokComma
-	tokColon
-	tokType
-	tokByteString
-)
-
-type varLexer struct {
-	input  string
-	start  int
-	pos    int
-	width  int
-	tokens []varToken
-}
-
-type lexState func(*varLexer) lexState
-
-func varLex(s string) []varToken {
-	l := &varLexer{input: s}
-	l.run()
-	return l.tokens
-}
-
-func (l *varLexer) accept(valid string) bool {
-	if strings.IndexRune(valid, l.next()) >= 0 {
-		return true
-	}
-	l.backup()
-	return false
-}
-
-func (l *varLexer) backup() {
-	l.pos -= l.width
-}
-
-func (l *varLexer) emit(t varTokenType) {
-	l.tokens = append(l.tokens, varToken{t, l.input[l.start:l.pos]})
-	l.start = l.pos
-}
-
-func (l *varLexer) errorf(format string, v ...interface{}) lexState {
-	l.tokens = append(l.tokens, varToken{
-		tokError,
-		fmt.Sprintf(format, v...),
-	})
-	return nil
-}
-
-func (l *varLexer) ignore() {
-	l.start = l.pos
-}
-
-func (l *varLexer) next() rune {
-	var r rune
-
-	if l.pos >= len(l.input) {
-		l.width = 0
-		return -1
-	}
-	r, l.width = utf8.DecodeRuneInString(l.input[l.pos:])
-	l.pos += l.width
-	return r
-}
-
-func (l *varLexer) run() {
-	for state := varLexNormal; state != nil; {
-		state = state(l)
-	}
-}
-
-func (l *varLexer) peek() rune {
-	r := l.next()
-	l.backup()
-	return r
-}
-
-func varLexNormal(l *varLexer) lexState {
-	for {
-		r := l.next()
-		switch {
-		case r == -1:
-			l.emit(tokEOF)
-			return nil
-		case r == '[':
-			l.emit(tokArrayStart)
-		case r == ']':
-			l.emit(tokArrayEnd)
-		case r == '{':
-			l.emit(tokDictStart)
-		case r == '}':
-			l.emit(tokDictEnd)
-		case r == '<':
-			l.emit(tokVariantStart)
-		case r == '>':
-			l.emit(tokVariantEnd)
-		case r == ':':
-			l.emit(tokColon)
-		case r == ',':
-			l.emit(tokComma)
-		case r == '\'' || r == '"':
-			l.backup()
-			return varLexString
-		case r == '@':
-			l.backup()
-			return varLexType
-		case unicode.IsSpace(r):
-			l.ignore()
-		case unicode.IsNumber(r) || r == '+' || r == '-':
-			l.backup()
-			return varLexNumber
-		case r == 'b':
-			pos := l.start
-			if n := l.peek(); n == '"' || n == '\'' {
-				return varLexByteString
-			}
-			// not a byte string; try to parse it as a type or bool below
-			l.pos = pos + 1
-			l.width = 1
-			fallthrough
-		default:
-			// either a bool or a type. Try bools first.
-			l.backup()
-			if l.pos+4 <= len(l.input) {
-				if l.input[l.pos:l.pos+4] == "true" {
-					l.pos += 4
-					l.emit(tokBool)
-					continue
-				}
-			}
-			if l.pos+5 <= len(l.input) {
-				if l.input[l.pos:l.pos+5] == "false" {
-					l.pos += 5
-					l.emit(tokBool)
-					continue
-				}
-			}
-			// must be a type.
-			return varLexType
-		}
-	}
-}
-
-var varTypeMap = map[string]string{
-	"boolean":    "b",
-	"byte":       "y",
-	"int16":      "n",
-	"uint16":     "q",
-	"int32":      "i",
-	"uint32":     "u",
-	"int64":      "x",
-	"uint64":     "t",
-	"double":     "f",
-	"string":     "s",
-	"objectpath": "o",
-	"signature":  "g",
-}
-
-func varLexByteString(l *varLexer) lexState {
-	q := l.next()
-Loop:
-	for {
-		switch l.next() {
-		case '\\':
-			if r := l.next(); r != -1 {
-				break
-			}
-			fallthrough
-		case -1:
-			return l.errorf("unterminated bytestring")
-		case q:
-			break Loop
-		}
-	}
-	l.emit(tokByteString)
-	return varLexNormal
-}
-
-func varLexNumber(l *varLexer) lexState {
-	l.accept("+-")
-	digits := "0123456789"
-	if l.accept("0") {
-		if l.accept("x") {
-			digits = "0123456789abcdefABCDEF"
-		} else {
-			digits = "01234567"
-		}
-	}
-	for strings.IndexRune(digits, l.next()) >= 0 {
-	}
-	l.backup()
-	if l.accept(".") {
-		for strings.IndexRune(digits, l.next()) >= 0 {
-		}
-		l.backup()
-	}
-	if l.accept("eE") {
-		l.accept("+-")
-		for strings.IndexRune("0123456789", l.next()) >= 0 {
-		}
-		l.backup()
-	}
-	if r := l.peek(); unicode.IsLetter(r) {
-		l.next()
-		return l.errorf("bad number syntax: %q", l.input[l.start:l.pos])
-	}
-	l.emit(tokNumber)
-	return varLexNormal
-}
-
-func varLexString(l *varLexer) lexState {
-	q := l.next()
-Loop:
-	for {
-		switch l.next() {
-		case '\\':
-			if r := l.next(); r != -1 {
-				break
-			}
-			fallthrough
-		case -1:
-			return l.errorf("unterminated string")
-		case q:
-			break Loop
-		}
-	}
-	l.emit(tokString)
-	return varLexNormal
-}
-
-func varLexType(l *varLexer) lexState {
-	at := l.accept("@")
-	for {
-		r := l.next()
-		if r == -1 {
-			break
-		}
-		if unicode.IsSpace(r) {
-			l.backup()
-			break
-		}
-	}
-	if at {
-		if _, err := ParseSignature(l.input[l.start+1 : l.pos]); err != nil {
-			return l.errorf("%s", err)
-		}
-	} else {
-		if _, ok := varTypeMap[l.input[l.start:l.pos]]; ok {
-			l.emit(tokType)
-			return varLexNormal
-		}
-		return l.errorf("unrecognized type %q", l.input[l.start:l.pos])
-	}
-	l.emit(tokType)
-	return varLexNormal
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
deleted file mode 100644
index d20f5da6dd..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_parser.go
+++ /dev/null
@@ -1,817 +0,0 @@
-package dbus
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"reflect"
-	"strconv"
-	"strings"
-	"unicode/utf8"
-)
-
-type varParser struct {
-	tokens []varToken
-	i      int
-}
-
-func (p *varParser) backup() {
-	p.i--
-}
-
-func (p *varParser) next() varToken {
-	if p.i < len(p.tokens) {
-		t := p.tokens[p.i]
-		p.i++
-		return t
-	}
-	return varToken{typ: tokEOF}
-}
-
-type varNode interface {
-	Infer() (Signature, error)
-	String() string
-	Sigs() sigSet
-	Value(Signature) (interface{}, error)
-}
-
-func varMakeNode(p *varParser) (varNode, error) {
-	var sig Signature
-
-	for {
-		t := p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		case tokNumber:
-			return varMakeNumNode(t, sig)
-		case tokString:
-			return varMakeStringNode(t, sig)
-		case tokBool:
-			if sig.str != "" && sig.str != "b" {
-				return nil, varTypeError{t.val, sig}
-			}
-			b, err := strconv.ParseBool(t.val)
-			if err != nil {
-				return nil, err
-			}
-			return boolNode(b), nil
-		case tokArrayStart:
-			return varMakeArrayNode(p, sig)
-		case tokVariantStart:
-			return varMakeVariantNode(p, sig)
-		case tokDictStart:
-			return varMakeDictNode(p, sig)
-		case tokType:
-			if sig.str != "" {
-				return nil, errors.New("unexpected type annotation")
-			}
-			if t.val[0] == '@' {
-				sig.str = t.val[1:]
-			} else {
-				sig.str = varTypeMap[t.val]
-			}
-		case tokByteString:
-			if sig.str != "" && sig.str != "ay" {
-				return nil, varTypeError{t.val, sig}
-			}
-			b, err := varParseByteString(t.val)
-			if err != nil {
-				return nil, err
-			}
-			return byteStringNode(b), nil
-		default:
-			return nil, fmt.Errorf("unexpected %q", t.val)
-		}
-	}
-}
-
-type varTypeError struct {
-	val string
-	sig Signature
-}
-
-func (e varTypeError) Error() string {
-	return fmt.Sprintf("dbus: can't parse %q as type %q", e.val, e.sig.str)
-}
-
-type sigSet map[Signature]bool
-
-func (s sigSet) Empty() bool {
-	return len(s) == 0
-}
-
-func (s sigSet) Intersect(s2 sigSet) sigSet {
-	r := make(sigSet)
-	for k := range s {
-		if s2[k] {
-			r[k] = true
-		}
-	}
-	return r
-}
-
-func (s sigSet) Single() (Signature, bool) {
-	if len(s) == 1 {
-		for k := range s {
-			return k, true
-		}
-	}
-	return Signature{}, false
-}
-
-func (s sigSet) ToArray() sigSet {
-	r := make(sigSet, len(s))
-	for k := range s {
-		r[Signature{"a" + k.str}] = true
-	}
-	return r
-}
-
-type numNode struct {
-	sig Signature
-	str string
-	val interface{}
-}
-
-var numSigSet = sigSet{
-	Signature{"y"}: true,
-	Signature{"n"}: true,
-	Signature{"q"}: true,
-	Signature{"i"}: true,
-	Signature{"u"}: true,
-	Signature{"x"}: true,
-	Signature{"t"}: true,
-	Signature{"d"}: true,
-}
-
-func (n numNode) Infer() (Signature, error) {
-	if strings.ContainsAny(n.str, ".e") {
-		return Signature{"d"}, nil
-	}
-	return Signature{"i"}, nil
-}
-
-func (n numNode) String() string {
-	return n.str
-}
-
-func (n numNode) Sigs() sigSet {
-	if n.sig.str != "" {
-		return sigSet{n.sig: true}
-	}
-	if strings.ContainsAny(n.str, ".e") {
-		return sigSet{Signature{"d"}: true}
-	}
-	return numSigSet
-}
-
-func (n numNode) Value(sig Signature) (interface{}, error) {
-	if n.sig.str != "" && n.sig != sig {
-		return nil, varTypeError{n.str, sig}
-	}
-	if n.val != nil {
-		return n.val, nil
-	}
-	return varNumAs(n.str, sig)
-}
-
-func varMakeNumNode(tok varToken, sig Signature) (varNode, error) {
-	if sig.str == "" {
-		return numNode{str: tok.val}, nil
-	}
-	num, err := varNumAs(tok.val, sig)
-	if err != nil {
-		return nil, err
-	}
-	return numNode{sig: sig, val: num}, nil
-}
-
-func varNumAs(s string, sig Signature) (interface{}, error) {
-	isUnsigned := false
-	size := 32
-	switch sig.str {
-	case "n":
-		size = 16
-	case "i":
-	case "x":
-		size = 64
-	case "y":
-		size = 8
-		isUnsigned = true
-	case "q":
-		size = 16
-		isUnsigned = true
-	case "u":
-		isUnsigned = true
-	case "t":
-		size = 64
-		isUnsigned = true
-	case "d":
-		d, err := strconv.ParseFloat(s, 64)
-		if err != nil {
-			return nil, err
-		}
-		return d, nil
-	default:
-		return nil, varTypeError{s, sig}
-	}
-	base := 10
-	if strings.HasPrefix(s, "0x") {
-		base = 16
-		s = s[2:]
-	}
-	if strings.HasPrefix(s, "0") && len(s) != 1 {
-		base = 8
-		s = s[1:]
-	}
-	if isUnsigned {
-		i, err := strconv.ParseUint(s, base, size)
-		if err != nil {
-			return nil, err
-		}
-		var v interface{} = i
-		switch sig.str {
-		case "y":
-			v = byte(i)
-		case "q":
-			v = uint16(i)
-		case "u":
-			v = uint32(i)
-		}
-		return v, nil
-	}
-	i, err := strconv.ParseInt(s, base, size)
-	if err != nil {
-		return nil, err
-	}
-	var v interface{} = i
-	switch sig.str {
-	case "n":
-		v = int16(i)
-	case "i":
-		v = int32(i)
-	}
-	return v, nil
-}
-
-type stringNode struct {
-	sig Signature
-	str string      // parsed
-	val interface{} // has correct type
-}
-
-var stringSigSet = sigSet{
-	Signature{"s"}: true,
-	Signature{"g"}: true,
-	Signature{"o"}: true,
-}
-
-func (n stringNode) Infer() (Signature, error) {
-	return Signature{"s"}, nil
-}
-
-func (n stringNode) String() string {
-	return n.str
-}
-
-func (n stringNode) Sigs() sigSet {
-	if n.sig.str != "" {
-		return sigSet{n.sig: true}
-	}
-	return stringSigSet
-}
-
-func (n stringNode) Value(sig Signature) (interface{}, error) {
-	if n.sig.str != "" && n.sig != sig {
-		return nil, varTypeError{n.str, sig}
-	}
-	if n.val != nil {
-		return n.val, nil
-	}
-	switch {
-	case sig.str == "g":
-		return Signature{n.str}, nil
-	case sig.str == "o":
-		return ObjectPath(n.str), nil
-	case sig.str == "s":
-		return n.str, nil
-	default:
-		return nil, varTypeError{n.str, sig}
-	}
-}
-
-func varMakeStringNode(tok varToken, sig Signature) (varNode, error) {
-	if sig.str != "" && sig.str != "s" && sig.str != "g" && sig.str != "o" {
-		return nil, fmt.Errorf("invalid type %q for string", sig.str)
-	}
-	s, err := varParseString(tok.val)
-	if err != nil {
-		return nil, err
-	}
-	n := stringNode{str: s}
-	if sig.str == "" {
-		return stringNode{str: s}, nil
-	}
-	n.sig = sig
-	switch sig.str {
-	case "o":
-		n.val = ObjectPath(s)
-	case "g":
-		n.val = Signature{s}
-	case "s":
-		n.val = s
-	}
-	return n, nil
-}
-
-func varParseString(s string) (string, error) {
-	// quotes are guaranteed to be there
-	s = s[1 : len(s)-1]
-	buf := new(bytes.Buffer)
-	for len(s) != 0 {
-		r, size := utf8.DecodeRuneInString(s)
-		if r == utf8.RuneError && size == 1 {
-			return "", errors.New("invalid UTF-8")
-		}
-		s = s[size:]
-		if r != '\\' {
-			buf.WriteRune(r)
-			continue
-		}
-		r, size = utf8.DecodeRuneInString(s)
-		if r == utf8.RuneError && size == 1 {
-			return "", errors.New("invalid UTF-8")
-		}
-		s = s[size:]
-		switch r {
-		case 'a':
-			buf.WriteRune(0x7)
-		case 'b':
-			buf.WriteRune(0x8)
-		case 'f':
-			buf.WriteRune(0xc)
-		case 'n':
-			buf.WriteRune('\n')
-		case 'r':
-			buf.WriteRune('\r')
-		case 't':
-			buf.WriteRune('\t')
-		case '\n':
-		case 'u':
-			if len(s) < 4 {
-				return "", errors.New("short unicode escape")
-			}
-			r, err := strconv.ParseUint(s[:4], 16, 32)
-			if err != nil {
-				return "", err
-			}
-			buf.WriteRune(rune(r))
-			s = s[4:]
-		case 'U':
-			if len(s) < 8 {
-				return "", errors.New("short unicode escape")
-			}
-			r, err := strconv.ParseUint(s[:8], 16, 32)
-			if err != nil {
-				return "", err
-			}
-			buf.WriteRune(rune(r))
-			s = s[8:]
-		default:
-			buf.WriteRune(r)
-		}
-	}
-	return buf.String(), nil
-}
-
-var boolSigSet = sigSet{Signature{"b"}: true}
-
-type boolNode bool
-
-func (boolNode) Infer() (Signature, error) {
-	return Signature{"b"}, nil
-}
-
-func (b boolNode) String() string {
-	if b {
-		return "true"
-	}
-	return "false"
-}
-
-func (boolNode) Sigs() sigSet {
-	return boolSigSet
-}
-
-func (b boolNode) Value(sig Signature) (interface{}, error) {
-	if sig.str != "b" {
-		return nil, varTypeError{b.String(), sig}
-	}
-	return bool(b), nil
-}
-
-type arrayNode struct {
-	set      sigSet
-	children []varNode
-	val      interface{}
-}
-
-func (n arrayNode) Infer() (Signature, error) {
-	for _, v := range n.children {
-		csig, err := varInfer(v)
-		if err != nil {
-			continue
-		}
-		return Signature{"a" + csig.str}, nil
-	}
-	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
-}
-
-func (n arrayNode) String() string {
-	s := "["
-	for i, v := range n.children {
-		s += v.String()
-		if i != len(n.children)-1 {
-			s += ", "
-		}
-	}
-	return s + "]"
-}
-
-func (n arrayNode) Sigs() sigSet {
-	return n.set
-}
-
-func (n arrayNode) Value(sig Signature) (interface{}, error) {
-	if n.set.Empty() {
-		// no type information whatsoever, so this must be an empty slice
-		return reflect.MakeSlice(typeFor(sig.str), 0, 0).Interface(), nil
-	}
-	if !n.set[sig] {
-		return nil, varTypeError{n.String(), sig}
-	}
-	s := reflect.MakeSlice(typeFor(sig.str), len(n.children), len(n.children))
-	for i, v := range n.children {
-		rv, err := v.Value(Signature{sig.str[1:]})
-		if err != nil {
-			return nil, err
-		}
-		s.Index(i).Set(reflect.ValueOf(rv))
-	}
-	return s.Interface(), nil
-}
-
-func varMakeArrayNode(p *varParser, sig Signature) (varNode, error) {
-	var n arrayNode
-	if sig.str != "" {
-		n.set = sigSet{sig: true}
-	}
-	if t := p.next(); t.typ == tokArrayEnd {
-		return n, nil
-	} else {
-		p.backup()
-	}
-Loop:
-	for {
-		t := p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		}
-		p.backup()
-		cn, err := varMakeNode(p)
-		if err != nil {
-			return nil, err
-		}
-		if cset := cn.Sigs(); !cset.Empty() {
-			if n.set.Empty() {
-				n.set = cset.ToArray()
-			} else {
-				nset := cset.ToArray().Intersect(n.set)
-				if nset.Empty() {
-					return nil, fmt.Errorf("can't parse %q with given type information", cn.String())
-				}
-				n.set = nset
-			}
-		}
-		n.children = append(n.children, cn)
-		switch t := p.next(); t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		case tokArrayEnd:
-			break Loop
-		case tokComma:
-			continue
-		default:
-			return nil, fmt.Errorf("unexpected %q", t.val)
-		}
-	}
-	return n, nil
-}
-
-type variantNode struct {
-	n varNode
-}
-
-var variantSet = sigSet{
-	Signature{"v"}: true,
-}
-
-func (variantNode) Infer() (Signature, error) {
-	return Signature{"v"}, nil
-}
-
-func (n variantNode) String() string {
-	return "<" + n.n.String() + ">"
-}
-
-func (variantNode) Sigs() sigSet {
-	return variantSet
-}
-
-func (n variantNode) Value(sig Signature) (interface{}, error) {
-	if sig.str != "v" {
-		return nil, varTypeError{n.String(), sig}
-	}
-	sig, err := varInfer(n.n)
-	if err != nil {
-		return nil, err
-	}
-	v, err := n.n.Value(sig)
-	if err != nil {
-		return nil, err
-	}
-	return MakeVariant(v), nil
-}
-
-func varMakeVariantNode(p *varParser, sig Signature) (varNode, error) {
-	n, err := varMakeNode(p)
-	if err != nil {
-		return nil, err
-	}
-	if t := p.next(); t.typ != tokVariantEnd {
-		return nil, fmt.Errorf("unexpected %q", t.val)
-	}
-	vn := variantNode{n}
-	if sig.str != "" && sig.str != "v" {
-		return nil, varTypeError{vn.String(), sig}
-	}
-	return variantNode{n}, nil
-}
-
-type dictEntry struct {
-	key, val varNode
-}
-
-type dictNode struct {
-	kset, vset sigSet
-	children   []dictEntry
-	val        interface{}
-}
-
-func (n dictNode) Infer() (Signature, error) {
-	for _, v := range n.children {
-		ksig, err := varInfer(v.key)
-		if err != nil {
-			continue
-		}
-		vsig, err := varInfer(v.val)
-		if err != nil {
-			continue
-		}
-		return Signature{"a{" + ksig.str + vsig.str + "}"}, nil
-	}
-	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
-}
-
-func (n dictNode) String() string {
-	s := "{"
-	for i, v := range n.children {
-		s += v.key.String() + ": " + v.val.String()
-		if i != len(n.children)-1 {
-			s += ", "
-		}
-	}
-	return s + "}"
-}
-
-func (n dictNode) Sigs() sigSet {
-	r := sigSet{}
-	for k := range n.kset {
-		for v := range n.vset {
-			sig := "a{" + k.str + v.str + "}"
-			r[Signature{sig}] = true
-		}
-	}
-	return r
-}
-
-func (n dictNode) Value(sig Signature) (interface{}, error) {
-	set := n.Sigs()
-	if set.Empty() {
-		// no type information -> empty dict
-		return reflect.MakeMap(typeFor(sig.str)).Interface(), nil
-	}
-	if !set[sig] {
-		return nil, varTypeError{n.String(), sig}
-	}
-	m := reflect.MakeMap(typeFor(sig.str))
-	ksig := Signature{sig.str[2:3]}
-	vsig := Signature{sig.str[3 : len(sig.str)-1]}
-	for _, v := range n.children {
-		kv, err := v.key.Value(ksig)
-		if err != nil {
-			return nil, err
-		}
-		vv, err := v.val.Value(vsig)
-		if err != nil {
-			return nil, err
-		}
-		m.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
-	}
-	return m.Interface(), nil
-}
-
-func varMakeDictNode(p *varParser, sig Signature) (varNode, error) {
-	var n dictNode
-
-	if sig.str != "" {
-		if len(sig.str) < 5 {
-			return nil, fmt.Errorf("invalid signature %q for dict type", sig)
-		}
-		ksig := Signature{string(sig.str[2])}
-		vsig := Signature{sig.str[3 : len(sig.str)-1]}
-		n.kset = sigSet{ksig: true}
-		n.vset = sigSet{vsig: true}
-	}
-	if t := p.next(); t.typ == tokDictEnd {
-		return n, nil
-	} else {
-		p.backup()
-	}
-Loop:
-	for {
-		t := p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		}
-		p.backup()
-		kn, err := varMakeNode(p)
-		if err != nil {
-			return nil, err
-		}
-		if kset := kn.Sigs(); !kset.Empty() {
-			if n.kset.Empty() {
-				n.kset = kset
-			} else {
-				n.kset = kset.Intersect(n.kset)
-				if n.kset.Empty() {
-					return nil, fmt.Errorf("can't parse %q with given type information", kn.String())
-				}
-			}
-		}
-		t = p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		case tokColon:
-		default:
-			return nil, fmt.Errorf("unexpected %q", t.val)
-		}
-		t = p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		}
-		p.backup()
-		vn, err := varMakeNode(p)
-		if err != nil {
-			return nil, err
-		}
-		if vset := vn.Sigs(); !vset.Empty() {
-			if n.vset.Empty() {
-				n.vset = vset
-			} else {
-				n.vset = n.vset.Intersect(vset)
-				if n.vset.Empty() {
-					return nil, fmt.Errorf("can't parse %q with given type information", vn.String())
-				}
-			}
-		}
-		n.children = append(n.children, dictEntry{kn, vn})
-		t = p.next()
-		switch t.typ {
-		case tokEOF:
-			return nil, io.ErrUnexpectedEOF
-		case tokError:
-			return nil, errors.New(t.val)
-		case tokDictEnd:
-			break Loop
-		case tokComma:
-			continue
-		default:
-			return nil, fmt.Errorf("unexpected %q", t.val)
-		}
-	}
-	return n, nil
-}
-
-type byteStringNode []byte
-
-var byteStringSet = sigSet{
-	Signature{"ay"}: true,
-}
-
-func (byteStringNode) Infer() (Signature, error) {
-	return Signature{"ay"}, nil
-}
-
-func (b byteStringNode) String() string {
-	return string(b)
-}
-
-func (b byteStringNode) Sigs() sigSet {
-	return byteStringSet
-}
-
-func (b byteStringNode) Value(sig Signature) (interface{}, error) {
-	if sig.str != "ay" {
-		return nil, varTypeError{b.String(), sig}
-	}
-	return []byte(b), nil
-}
-
-func varParseByteString(s string) ([]byte, error) {
-	// quotes and b at start are guaranteed to be there
-	b := make([]byte, 0, 1)
-	s = s[2 : len(s)-1]
-	for len(s) != 0 {
-		c := s[0]
-		s = s[1:]
-		if c != '\\' {
-			b = append(b, c)
-			continue
-		}
-		c = s[0]
-		s = s[1:]
-		switch c {
-		case 'a':
-			b = append(b, 0x7)
-		case 'b':
-			b = append(b, 0x8)
-		case 'f':
-			b = append(b, 0xc)
-		case 'n':
-			b = append(b, '\n')
-		case 'r':
-			b = append(b, '\r')
-		case 't':
-			b = append(b, '\t')
-		case 'x':
-			if len(s) < 2 {
-				return nil, errors.New("short escape")
-			}
-			n, err := strconv.ParseUint(s[:2], 16, 8)
-			if err != nil {
-				return nil, err
-			}
-			b = append(b, byte(n))
-			s = s[2:]
-		case '0':
-			if len(s) < 3 {
-				return nil, errors.New("short escape")
-			}
-			n, err := strconv.ParseUint(s[:3], 8, 8)
-			if err != nil {
-				return nil, err
-			}
-			b = append(b, byte(n))
-			s = s[3:]
-		default:
-			b = append(b, c)
-		}
-	}
-	return append(b, 0), nil
-}
-
-func varInfer(n varNode) (Signature, error) {
-	if sig, ok := n.Sigs().Single(); ok {
-		return sig, nil
-	}
-	return n.Infer()
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
deleted file mode 100644
index da917c8e29..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/godbus/dbus/variant_test.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package dbus
-
-import "reflect"
-import "testing"
-
-var variantFormatTests = []struct {
-	v interface{}
-	s string
-}{
-	{int32(1), `1`},
-	{"foo", `"foo"`},
-	{ObjectPath("/org/foo"), `@o "/org/foo"`},
-	{Signature{"i"}, `@g "i"`},
-	{[]byte{}, `@ay []`},
-	{[]int32{1, 2}, `[1, 2]`},
-	{[]int64{1, 2}, `@ax [1, 2]`},
-	{[][]int32{{3, 4}, {5, 6}}, `[[3, 4], [5, 6]]`},
-	{[]Variant{MakeVariant(int32(1)), MakeVariant(1.0)}, `[<1>, <@d 1>]`},
-	{map[string]int32{"one": 1, "two": 2}, `{"one": 1, "two": 2}`},
-	{map[int32]ObjectPath{1: "/org/foo"}, `@a{io} {1: "/org/foo"}`},
-	{map[string]Variant{}, `@a{sv} {}`},
-}
-
-func TestFormatVariant(t *testing.T) {
-	for i, v := range variantFormatTests {
-		if s := MakeVariant(v.v).String(); s != v.s {
-			t.Errorf("test %d: got %q, wanted %q", i+1, s, v.s)
-		}
-	}
-}
-
-var variantParseTests = []struct {
-	s string
-	v interface{}
-}{
-	{"1", int32(1)},
-	{"true", true},
-	{"false", false},
-	{"1.0", float64(1.0)},
-	{"0x10", int32(16)},
-	{"1e1", float64(10)},
-	{`"foo"`, "foo"},
-	{`"\a\b\f\n\r\t"`, "\x07\x08\x0c\n\r\t"},
-	{`"\u00e4\U0001f603"`, "\u00e4\U0001f603"},
-	{"[1]", []int32{1}},
-	{"[1, 2, 3]", []int32{1, 2, 3}},
-	{"@ai []", []int32{}},
-	{"[1, 5.0]", []float64{1, 5.0}},
-	{"[[1, 2], [3, 4.0]]", [][]float64{{1, 2}, {3, 4}}},
-	{`[@o "/org/foo", "/org/bar"]`, []ObjectPath{"/org/foo", "/org/bar"}},
-	{"<1>", MakeVariant(int32(1))},
-	{"[<1>, <2.0>]", []Variant{MakeVariant(int32(1)), MakeVariant(2.0)}},
-	{`[[], [""]]`, [][]string{{}, {""}}},
-	{`@a{ss} {}`, map[string]string{}},
-	{`{"foo": 1}`, map[string]int32{"foo": 1}},
-	{`[{}, {"foo": "bar"}]`, []map[string]string{{}, {"foo": "bar"}}},
-	{`{"a": <1>, "b": <"foo">}`,
-		map[string]Variant{"a": MakeVariant(int32(1)), "b": MakeVariant("foo")}},
-	{`b''`, []byte{0}},
-	{`b"abc"`, []byte{'a', 'b', 'c', 0}},
-	{`b"\x01\0002\a\b\f\n\r\t"`, []byte{1, 2, 0x7, 0x8, 0xc, '\n', '\r', '\t', 0}},
-	{`[[0], b""]`, [][]byte{{0}, {0}}},
-	{"int16 0", int16(0)},
-	{"byte 0", byte(0)},
-}
-
-func TestParseVariant(t *testing.T) {
-	for i, v := range variantParseTests {
-		nv, err := ParseVariant(v.s, Signature{})
-		if err != nil {
-			t.Errorf("test %d: parsing failed: %s", i+1, err)
-			continue
-		}
-		if !reflect.DeepEqual(nv.value, v.v) {
-			t.Errorf("test %d: got %q, wanted %q", i+1, nv, v.v)
-		}
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
deleted file mode 100644
index 80dd96de77..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright 2013 Suryandaru Triandana <syndtr@gmail.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
deleted file mode 100644
index 9df3b4151b..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability.go
+++ /dev/null
@@ -1,71 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Package capability provides utilities for manipulating POSIX capabilities.
-package capability
-
-type Capabilities interface {
-	// Get check whether a capability present in the given
-	// capabilities set. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Get(which CapType, what Cap) bool
-
-	// Empty check whether all capability bits of the given capabilities
-	// set are zero. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Empty(which CapType) bool
-
-	// Full check whether all capability bits of the given capabilities
-	// set are one. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Full(which CapType) bool
-
-	// Set sets capabilities of the given capabilities sets. The
-	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Set(which CapType, caps ...Cap)
-
-	// Unset unsets capabilities of the given capabilities sets. The
-	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	Unset(which CapType, caps ...Cap)
-
-	// Fill sets all bits of the given capabilities kind to one. The
-	// 'kind' value should be one or combination (OR'ed) of CAPS or
-	// BOUNDS.
-	Fill(kind CapType)
-
-	// Clear sets all bits of the given capabilities kind to zero. The
-	// 'kind' value should be one or combination (OR'ed) of CAPS or
-	// BOUNDS.
-	Clear(kind CapType)
-
-	// String return current capabilities state of the given capabilities
-	// set as string. The 'which' value should be one of EFFECTIVE,
-	// PERMITTED, INHERITABLE or BOUNDING.
-	StringCap(which CapType) string
-
-	// String return current capabilities state as string.
-	String() string
-
-	// Load load actual capabilities value. This will overwrite all
-	// outstanding changes.
-	Load() error
-
-	// Apply apply the capabilities settings, so all changes will take
-	// effect.
-	Apply(kind CapType) error
-}
-
-// NewPid create new initialized Capabilities object for given pid.
-func NewPid(pid int) (Capabilities, error) {
-	return newPid(pid)
-}
-
-// NewFile create new initialized Capabilities object for given named file.
-func NewFile(name string) (Capabilities, error) {
-	return newFile(name)
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
deleted file mode 100644
index c5f335f7fb..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
+++ /dev/null
@@ -1,566 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-	"syscall"
-)
-
-var errUnknownVers = errors.New("unknown capability version")
-
-const (
-	linuxCapVer1 = 0x19980330
-	linuxCapVer2 = 0x20071026
-	linuxCapVer3 = 0x20080522
-)
-
-var capVers uint32
-
-func init() {
-	var hdr capHeader
-	capget(&hdr, nil)
-	capVers = hdr.version
-}
-
-func mkStringCap(c Capabilities, which CapType) (ret string) {
-	for i, first := Cap(0), true; i <= CAP_LAST_CAP; i++ {
-		if !c.Get(which, i) {
-			continue
-		}
-		if first {
-			first = false
-		} else {
-			ret += ", "
-		}
-		ret += i.String()
-	}
-	return
-}
-
-func mkString(c Capabilities, max CapType) (ret string) {
-	ret = "{"
-	for i := CapType(1); i <= max; i <<= 1 {
-		ret += " " + i.String() + "=\""
-		if c.Empty(i) {
-			ret += "empty"
-		} else if c.Full(i) {
-			ret += "full"
-		} else {
-			ret += c.StringCap(i)
-		}
-		ret += "\""
-	}
-	ret += " }"
-	return
-}
-
-func newPid(pid int) (c Capabilities, err error) {
-	switch capVers {
-	case linuxCapVer1:
-		p := new(capsV1)
-		p.hdr.version = capVers
-		p.hdr.pid = pid
-		c = p
-	case linuxCapVer2, linuxCapVer3:
-		p := new(capsV3)
-		p.hdr.version = capVers
-		p.hdr.pid = pid
-		c = p
-	default:
-		err = errUnknownVers
-		return
-	}
-	err = c.Load()
-	if err != nil {
-		c = nil
-	}
-	return
-}
-
-type capsV1 struct {
-	hdr  capHeader
-	data capData
-}
-
-func (c *capsV1) Get(which CapType, what Cap) bool {
-	if what > 32 {
-		return false
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data.effective != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data.permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data.inheritable != 0
-	}
-
-	return false
-}
-
-func (c *capsV1) getData(which CapType) (ret uint32) {
-	switch which {
-	case EFFECTIVE:
-		ret = c.data.effective
-	case PERMITTED:
-		ret = c.data.permitted
-	case INHERITABLE:
-		ret = c.data.inheritable
-	}
-	return
-}
-
-func (c *capsV1) Empty(which CapType) bool {
-	return c.getData(which) == 0
-}
-
-func (c *capsV1) Full(which CapType) bool {
-	return (c.getData(which) & 0x7fffffff) == 0x7fffffff
-}
-
-func (c *capsV1) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		if what > 32 {
-			continue
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data.permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data.inheritable |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsV1) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		if what > 32 {
-			continue
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data.permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data.inheritable &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsV1) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective = 0x7fffffff
-		c.data.permitted = 0x7fffffff
-		c.data.inheritable = 0
-	}
-}
-
-func (c *capsV1) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective = 0
-		c.data.permitted = 0
-		c.data.inheritable = 0
-	}
-}
-
-func (c *capsV1) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsV1) String() (ret string) {
-	return mkString(c, BOUNDING)
-}
-
-func (c *capsV1) Load() (err error) {
-	return capget(&c.hdr, &c.data)
-}
-
-func (c *capsV1) Apply(kind CapType) error {
-	if kind&CAPS == CAPS {
-		return capset(&c.hdr, &c.data)
-	}
-	return nil
-}
-
-type capsV3 struct {
-	hdr    capHeader
-	data   [2]capData
-	bounds [2]uint32
-}
-
-func (c *capsV3) Get(which CapType, what Cap) bool {
-	var i uint
-	if what > 31 {
-		i = uint(what) >> 5
-		what %= 32
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data[i].effective != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data[i].permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data[i].inheritable != 0
-	case BOUNDING:
-		return (1<<uint(what))&c.bounds[i] != 0
-	}
-
-	return false
-}
-
-func (c *capsV3) getData(which CapType, dest []uint32) {
-	switch which {
-	case EFFECTIVE:
-		dest[0] = c.data[0].effective
-		dest[1] = c.data[1].effective
-	case PERMITTED:
-		dest[0] = c.data[0].permitted
-		dest[1] = c.data[1].permitted
-	case INHERITABLE:
-		dest[0] = c.data[0].inheritable
-		dest[1] = c.data[1].inheritable
-	case BOUNDING:
-		dest[0] = c.bounds[0]
-		dest[1] = c.bounds[1]
-	}
-}
-
-func (c *capsV3) Empty(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	return data[0] == 0 && data[1] == 0
-}
-
-func (c *capsV3) Full(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	if (data[0] & 0xffffffff) != 0xffffffff {
-		return false
-	}
-	return (data[1] & capUpperMask) == capUpperMask
-}
-
-func (c *capsV3) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data[i].effective |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data[i].permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data[i].inheritable |= 1 << uint(what)
-		}
-		if which&BOUNDING != 0 {
-			c.bounds[i] |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsV3) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data[i].effective &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data[i].permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data[i].inheritable &= ^(1 << uint(what))
-		}
-		if which&BOUNDING != 0 {
-			c.bounds[i] &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsV3) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data[0].effective = 0xffffffff
-		c.data[0].permitted = 0xffffffff
-		c.data[0].inheritable = 0
-		c.data[1].effective = 0xffffffff
-		c.data[1].permitted = 0xffffffff
-		c.data[1].inheritable = 0
-	}
-
-	if kind&BOUNDS == BOUNDS {
-		c.bounds[0] = 0xffffffff
-		c.bounds[1] = 0xffffffff
-	}
-}
-
-func (c *capsV3) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data[0].effective = 0
-		c.data[0].permitted = 0
-		c.data[0].inheritable = 0
-		c.data[1].effective = 0
-		c.data[1].permitted = 0
-		c.data[1].inheritable = 0
-	}
-
-	if kind&BOUNDS == BOUNDS {
-		c.bounds[0] = 0
-		c.bounds[1] = 0
-	}
-}
-
-func (c *capsV3) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsV3) String() (ret string) {
-	return mkString(c, BOUNDING)
-}
-
-func (c *capsV3) Load() (err error) {
-	err = capget(&c.hdr, &c.data[0])
-	if err != nil {
-		return
-	}
-
-	f, err := os.Open(fmt.Sprintf("/proc/%d/status", c.hdr.pid))
-	if err != nil {
-		return
-	}
-	b := bufio.NewReader(f)
-	for {
-		line, e := b.ReadString('\n')
-		if e != nil {
-			if e != io.EOF {
-				err = e
-			}
-			break
-		}
-		if strings.HasPrefix(line, "CapB") {
-			fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])
-			break
-		}
-	}
-	f.Close()
-
-	return
-}
-
-func (c *capsV3) Apply(kind CapType) (err error) {
-	if kind&BOUNDS == BOUNDS {
-		var data [2]capData
-		err = capget(&c.hdr, &data[0])
-		if err != nil {
-			return
-		}
-		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
-			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
-				if c.Get(BOUNDING, i) {
-					continue
-				}
-				err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0)
-				if err != nil {
-					// Ignore EINVAL since the capability may not be supported in this system.
-					if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINVAL {
-						err = nil
-						continue
-					}
-					return
-				}
-			}
-		}
-	}
-
-	if kind&CAPS == CAPS {
-		return capset(&c.hdr, &c.data[0])
-	}
-
-	return
-}
-
-func newFile(path string) (c Capabilities, err error) {
-	c = &capsFile{path: path}
-	err = c.Load()
-	if err != nil {
-		c = nil
-	}
-	return
-}
-
-type capsFile struct {
-	path string
-	data vfscapData
-}
-
-func (c *capsFile) Get(which CapType, what Cap) bool {
-	var i uint
-	if what > 31 {
-		if c.data.version == 1 {
-			return false
-		}
-		i = uint(what) >> 5
-		what %= 32
-	}
-
-	switch which {
-	case EFFECTIVE:
-		return (1<<uint(what))&c.data.effective[i] != 0
-	case PERMITTED:
-		return (1<<uint(what))&c.data.data[i].permitted != 0
-	case INHERITABLE:
-		return (1<<uint(what))&c.data.data[i].inheritable != 0
-	}
-
-	return false
-}
-
-func (c *capsFile) getData(which CapType, dest []uint32) {
-	switch which {
-	case EFFECTIVE:
-		dest[0] = c.data.effective[0]
-		dest[1] = c.data.effective[1]
-	case PERMITTED:
-		dest[0] = c.data.data[0].permitted
-		dest[1] = c.data.data[1].permitted
-	case INHERITABLE:
-		dest[0] = c.data.data[0].inheritable
-		dest[1] = c.data.data[1].inheritable
-	}
-}
-
-func (c *capsFile) Empty(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	return data[0] == 0 && data[1] == 0
-}
-
-func (c *capsFile) Full(which CapType) bool {
-	var data [2]uint32
-	c.getData(which, data[:])
-	if c.data.version == 0 {
-		return (data[0] & 0x7fffffff) == 0x7fffffff
-	}
-	if (data[0] & 0xffffffff) != 0xffffffff {
-		return false
-	}
-	return (data[1] & capUpperMask) == capUpperMask
-}
-
-func (c *capsFile) Set(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			if c.data.version == 1 {
-				continue
-			}
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective[i] |= 1 << uint(what)
-		}
-		if which&PERMITTED != 0 {
-			c.data.data[i].permitted |= 1 << uint(what)
-		}
-		if which&INHERITABLE != 0 {
-			c.data.data[i].inheritable |= 1 << uint(what)
-		}
-	}
-}
-
-func (c *capsFile) Unset(which CapType, caps ...Cap) {
-	for _, what := range caps {
-		var i uint
-		if what > 31 {
-			if c.data.version == 1 {
-				continue
-			}
-			i = uint(what) >> 5
-			what %= 32
-		}
-
-		if which&EFFECTIVE != 0 {
-			c.data.effective[i] &= ^(1 << uint(what))
-		}
-		if which&PERMITTED != 0 {
-			c.data.data[i].permitted &= ^(1 << uint(what))
-		}
-		if which&INHERITABLE != 0 {
-			c.data.data[i].inheritable &= ^(1 << uint(what))
-		}
-	}
-}
-
-func (c *capsFile) Fill(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective[0] = 0xffffffff
-		c.data.data[0].permitted = 0xffffffff
-		c.data.data[0].inheritable = 0
-		if c.data.version == 2 {
-			c.data.effective[1] = 0xffffffff
-			c.data.data[1].permitted = 0xffffffff
-			c.data.data[1].inheritable = 0
-		}
-	}
-}
-
-func (c *capsFile) Clear(kind CapType) {
-	if kind&CAPS == CAPS {
-		c.data.effective[0] = 0
-		c.data.data[0].permitted = 0
-		c.data.data[0].inheritable = 0
-		if c.data.version == 2 {
-			c.data.effective[1] = 0
-			c.data.data[1].permitted = 0
-			c.data.data[1].inheritable = 0
-		}
-	}
-}
-
-func (c *capsFile) StringCap(which CapType) (ret string) {
-	return mkStringCap(c, which)
-}
-
-func (c *capsFile) String() (ret string) {
-	return mkString(c, INHERITABLE)
-}
-
-func (c *capsFile) Load() (err error) {
-	return getVfsCap(c.path, &c.data)
-}
-
-func (c *capsFile) Apply(kind CapType) (err error) {
-	if kind&CAPS == CAPS {
-		return setVfsCap(c.path, &c.data)
-	}
-	return
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
deleted file mode 100644
index 9bb3070c5e..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_noop.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// +build !linux
-
-package capability
-
-import "errors"
-
-func newPid(pid int) (Capabilities, error) {
-	return nil, errors.New("not supported")
-}
-
-func newFile(path string) (Capabilities, error) {
-	return nil, errors.New("not supported")
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
deleted file mode 100644
index 8108655c05..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/capability_test.go
+++ /dev/null
@@ -1,83 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import "testing"
-
-func TestState(t *testing.T) {
-	testEmpty := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && !c.Empty(i) {
-				t.Errorf(name+": capabilities set %q wasn't empty", i)
-			}
-		}
-	}
-	testFull := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && !c.Full(i) {
-				t.Errorf(name+": capabilities set %q wasn't full", i)
-			}
-		}
-	}
-	testPartial := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && (c.Empty(i) || c.Full(i)) {
-				t.Errorf(name+": capabilities set %q wasn't partial", i)
-			}
-		}
-	}
-	testGet := func(name string, c Capabilities, whats CapType, max Cap) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i & whats) == 0 {
-				continue
-			}
-			for j := Cap(0); j <= max; j++ {
-				if !c.Get(i, j) {
-					t.Errorf(name+": capability %q wasn't found on %q", j, i)
-				}
-			}
-		}
-	}
-
-	capf := new(capsFile)
-	capf.data.version = 2
-	for _, tc := range []struct {
-		name string
-		c    Capabilities
-		sets CapType
-		max  Cap
-	}{
-		{"v1", new(capsV1), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
-		{"v3", new(capsV3), EFFECTIVE | PERMITTED | BOUNDING, CAP_LAST_CAP},
-		{"file_v1", new(capsFile), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
-		{"file_v2", capf, EFFECTIVE | PERMITTED, CAP_LAST_CAP},
-	} {
-		testEmpty(tc.name, tc.c, tc.sets)
-		tc.c.Fill(CAPS | BOUNDS)
-		testFull(tc.name, tc.c, tc.sets)
-		testGet(tc.name, tc.c, tc.sets, tc.max)
-		tc.c.Clear(CAPS | BOUNDS)
-		testEmpty(tc.name, tc.c, tc.sets)
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
-				tc.c.Set(i, j)
-			}
-		}
-		testFull(tc.name, tc.c, tc.sets)
-		testGet(tc.name, tc.c, tc.sets, tc.max)
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
-				tc.c.Unset(i, j)
-			}
-		}
-		testEmpty(tc.name, tc.c, tc.sets)
-		tc.c.Set(PERMITTED, CAP_CHOWN)
-		testPartial(tc.name, tc.c, PERMITTED)
-		tc.c.Clear(CAPS | BOUNDS)
-		testEmpty(tc.name, tc.c, tc.sets)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
deleted file mode 100644
index e2900a4e93..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/enum.go
+++ /dev/null
@@ -1,338 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-type CapType uint
-
-func (c CapType) String() string {
-	switch c {
-	case EFFECTIVE:
-		return "effective"
-	case PERMITTED:
-		return "permitted"
-	case INHERITABLE:
-		return "inheritable"
-	case BOUNDING:
-		return "bounding"
-	case CAPS:
-		return "caps"
-	}
-	return "unknown"
-}
-
-const (
-	EFFECTIVE CapType = 1 << iota
-	PERMITTED
-	INHERITABLE
-	BOUNDING
-
-	CAPS   = EFFECTIVE | PERMITTED | INHERITABLE
-	BOUNDS = BOUNDING
-)
-
-type Cap int
-
-func (c Cap) String() string {
-	switch c {
-	case CAP_CHOWN:
-		return "chown"
-	case CAP_DAC_OVERRIDE:
-		return "dac_override"
-	case CAP_DAC_READ_SEARCH:
-		return "dac_read_search"
-	case CAP_FOWNER:
-		return "fowner"
-	case CAP_FSETID:
-		return "fsetid"
-	case CAP_KILL:
-		return "kill"
-	case CAP_SETGID:
-		return "setgid"
-	case CAP_SETUID:
-		return "setuid"
-	case CAP_SETPCAP:
-		return "setpcap"
-	case CAP_LINUX_IMMUTABLE:
-		return "linux_immutable"
-	case CAP_NET_BIND_SERVICE:
-		return "net_bind_service"
-	case CAP_NET_BROADCAST:
-		return "net_broadcast"
-	case CAP_NET_ADMIN:
-		return "net_admin"
-	case CAP_NET_RAW:
-		return "net_raw"
-	case CAP_IPC_LOCK:
-		return "ipc_lock"
-	case CAP_IPC_OWNER:
-		return "ipc_owner"
-	case CAP_SYS_MODULE:
-		return "sys_module"
-	case CAP_SYS_RAWIO:
-		return "sys_rawio"
-	case CAP_SYS_CHROOT:
-		return "sys_chroot"
-	case CAP_SYS_PTRACE:
-		return "sys_ptrace"
-	case CAP_SYS_PACCT:
-		return "sys_psacct"
-	case CAP_SYS_ADMIN:
-		return "sys_admin"
-	case CAP_SYS_BOOT:
-		return "sys_boot"
-	case CAP_SYS_NICE:
-		return "sys_nice"
-	case CAP_SYS_RESOURCE:
-		return "sys_resource"
-	case CAP_SYS_TIME:
-		return "sys_time"
-	case CAP_SYS_TTY_CONFIG:
-		return "sys_tty_config"
-	case CAP_MKNOD:
-		return "mknod"
-	case CAP_LEASE:
-		return "lease"
-	case CAP_AUDIT_WRITE:
-		return "audit_write"
-	case CAP_AUDIT_CONTROL:
-		return "audit_control"
-	case CAP_SETFCAP:
-		return "setfcap"
-	case CAP_MAC_OVERRIDE:
-		return "mac_override"
-	case CAP_MAC_ADMIN:
-		return "mac_admin"
-	case CAP_SYSLOG:
-		return "syslog"
-	case CAP_WAKE_ALARM:
-		return "wake_alarm"
-	case CAP_BLOCK_SUSPEND:
-		return "block_suspend"
-	}
-	return "unknown"
-}
-
-const (
-	// POSIX-draft defined capabilities.
-
-	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
-	// overrides the restriction of changing file ownership and group
-	// ownership.
-	CAP_CHOWN Cap = 0
-
-	// Override all DAC access, including ACL execute access if
-	// [_POSIX_ACL] is defined. Excluding DAC access covered by
-	// CAP_LINUX_IMMUTABLE.
-	CAP_DAC_OVERRIDE Cap = 1
-
-	// Overrides all DAC restrictions regarding read and search on files
-	// and directories, including ACL restrictions if [_POSIX_ACL] is
-	// defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
-	CAP_DAC_READ_SEARCH Cap = 2
-
-	// Overrides all restrictions about allowed operations on files, where
-	// file owner ID must be equal to the user ID, except where CAP_FSETID
-	// is applicable. It doesn't override MAC and DAC restrictions.
-	CAP_FOWNER Cap = 3
-
-	// Overrides the following restrictions that the effective user ID
-	// shall match the file owner ID when setting the S_ISUID and S_ISGID
-	// bits on that file; that the effective group ID (or one of the
-	// supplementary group IDs) shall match the file owner ID when setting
-	// the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
-	// cleared on successful return from chown(2) (not implemented).
-	CAP_FSETID Cap = 4
-
-	// Overrides the restriction that the real or effective user ID of a
-	// process sending a signal must match the real or effective user ID
-	// of the process receiving the signal.
-	CAP_KILL Cap = 5
-
-	// Allows setgid(2) manipulation
-	// Allows setgroups(2)
-	// Allows forged gids on socket credentials passing.
-	CAP_SETGID Cap = 6
-
-	// Allows set*uid(2) manipulation (including fsuid).
-	// Allows forged pids on socket credentials passing.
-	CAP_SETUID Cap = 7
-
-	// Linux-specific capabilities
-
-	// Without VFS support for capabilities:
-	//   Transfer any capability in your permitted set to any pid,
-	//   remove any capability in your permitted set from any pid
-	// With VFS support for capabilities (neither of above, but)
-	//   Add any capability from current's capability bounding set
-	//     to the current process' inheritable set
-	//   Allow taking bits out of capability bounding set
-	//   Allow modification of the securebits for a process
-	CAP_SETPCAP Cap = 8
-
-	// Allow modification of S_IMMUTABLE and S_APPEND file attributes
-	CAP_LINUX_IMMUTABLE Cap = 9
-
-	// Allows binding to TCP/UDP sockets below 1024
-	// Allows binding to ATM VCIs below 32
-	CAP_NET_BIND_SERVICE Cap = 10
-
-	// Allow broadcasting, listen to multicast
-	CAP_NET_BROADCAST Cap = 11
-
-	// Allow interface configuration
-	// Allow administration of IP firewall, masquerading and accounting
-	// Allow setting debug option on sockets
-	// Allow modification of routing tables
-	// Allow setting arbitrary process / process group ownership on
-	// sockets
-	// Allow binding to any address for transparent proxying (also via NET_RAW)
-	// Allow setting TOS (type of service)
-	// Allow setting promiscuous mode
-	// Allow clearing driver statistics
-	// Allow multicasting
-	// Allow read/write of device-specific registers
-	// Allow activation of ATM control sockets
-	CAP_NET_ADMIN Cap = 12
-
-	// Allow use of RAW sockets
-	// Allow use of PACKET sockets
-	// Allow binding to any address for transparent proxying (also via NET_ADMIN)
-	CAP_NET_RAW Cap = 13
-
-	// Allow locking of shared memory segments
-	// Allow mlock and mlockall (which doesn't really have anything to do
-	// with IPC)
-	CAP_IPC_LOCK Cap = 14
-
-	// Override IPC ownership checks
-	CAP_IPC_OWNER Cap = 15
-
-	// Insert and remove kernel modules - modify kernel without limit
-	CAP_SYS_MODULE Cap = 16
-
-	// Allow ioperm/iopl access
-	// Allow sending USB messages to any device via /proc/bus/usb
-	CAP_SYS_RAWIO Cap = 17
-
-	// Allow use of chroot()
-	CAP_SYS_CHROOT Cap = 18
-
-	// Allow ptrace() of any process
-	CAP_SYS_PTRACE Cap = 19
-
-	// Allow configuration of process accounting
-	CAP_SYS_PACCT Cap = 20
-
-	// Allow configuration of the secure attention key
-	// Allow administration of the random device
-	// Allow examination and configuration of disk quotas
-	// Allow setting the domainname
-	// Allow setting the hostname
-	// Allow calling bdflush()
-	// Allow mount() and umount(), setting up new smb connection
-	// Allow some autofs root ioctls
-	// Allow nfsservctl
-	// Allow VM86_REQUEST_IRQ
-	// Allow to read/write pci config on alpha
-	// Allow irix_prctl on mips (setstacksize)
-	// Allow flushing all cache on m68k (sys_cacheflush)
-	// Allow removing semaphores
-	// Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
-	// and shared memory
-	// Allow locking/unlocking of shared memory segment
-	// Allow turning swap on/off
-	// Allow forged pids on socket credentials passing
-	// Allow setting readahead and flushing buffers on block devices
-	// Allow setting geometry in floppy driver
-	// Allow turning DMA on/off in xd driver
-	// Allow administration of md devices (mostly the above, but some
-	// extra ioctls)
-	// Allow tuning the ide driver
-	// Allow access to the nvram device
-	// Allow administration of apm_bios, serial and bttv (TV) device
-	// Allow manufacturer commands in isdn CAPI support driver
-	// Allow reading non-standardized portions of pci configuration space
-	// Allow DDI debug ioctl on sbpcd driver
-	// Allow setting up serial ports
-	// Allow sending raw qic-117 commands
-	// Allow enabling/disabling tagged queuing on SCSI controllers and sending
-	// arbitrary SCSI commands
-	// Allow setting encryption key on loopback filesystem
-	// Allow setting zone reclaim policy
-	CAP_SYS_ADMIN Cap = 21
-
-	// Allow use of reboot()
-	CAP_SYS_BOOT Cap = 22
-
-	// Allow raising priority and setting priority on other (different
-	// UID) processes
-	// Allow use of FIFO and round-robin (realtime) scheduling on own
-	// processes and setting the scheduling algorithm used by another
-	// process.
-	// Allow setting cpu affinity on other processes
-	CAP_SYS_NICE Cap = 23
-
-	// Override resource limits. Set resource limits.
-	// Override quota limits.
-	// Override reserved space on ext2 filesystem
-	// Modify data journaling mode on ext3 filesystem (uses journaling
-	// resources)
-	// NOTE: ext2 honors fsuid when checking for resource overrides, so
-	// you can override using fsuid too
-	// Override size restrictions on IPC message queues
-	// Allow more than 64hz interrupts from the real-time clock
-	// Override max number of consoles on console allocation
-	// Override max number of keymaps
-	CAP_SYS_RESOURCE Cap = 24
-
-	// Allow manipulation of system clock
-	// Allow irix_stime on mips
-	// Allow setting the real-time clock
-	CAP_SYS_TIME Cap = 25
-
-	// Allow configuration of tty devices
-	// Allow vhangup() of tty
-	CAP_SYS_TTY_CONFIG Cap = 26
-
-	// Allow the privileged aspects of mknod()
-	CAP_MKNOD Cap = 27
-
-	// Allow taking of leases on files
-	CAP_LEASE Cap = 28
-
-	CAP_AUDIT_WRITE   Cap = 29
-	CAP_AUDIT_CONTROL Cap = 30
-	CAP_SETFCAP       Cap = 31
-
-	// Override MAC access.
-	// The base kernel enforces no MAC policy.
-	// An LSM may enforce a MAC policy, and if it does and it chooses
-	// to implement capability based overrides of that policy, this is
-	// the capability it should use to do so.
-	CAP_MAC_OVERRIDE Cap = 32
-
-	// Allow MAC configuration or state changes.
-	// The base kernel requires no MAC configuration.
-	// An LSM may enforce a MAC policy, and if it does and it chooses
-	// to implement capability based checks on modifications to that
-	// policy or the data required to maintain it, this is the
-	// capability it should use to do so.
-	CAP_MAC_ADMIN Cap = 33
-
-	// Allow configuring the kernel's syslog (printk behaviour)
-	CAP_SYSLOG Cap = 34
-
-	// Allow triggering something that will wake the system
-	CAP_WAKE_ALARM Cap = 35
-
-	// Allow preventing system suspends
-	CAP_BLOCK_SUSPEND Cap = 36
-
-	CAP_LAST_CAP = CAP_BLOCK_SUSPEND
-)
-
-const capUpperMask = (uint32(1) << (uint(CAP_LAST_CAP) - 31)) - 1
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go
deleted file mode 100644
index c18e6f6918..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/vendor/src/github.com/syndtr/gocapability/capability/syscall_linux.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-type capHeader struct {
-	version uint32
-	pid     int
-}
-
-type capData struct {
-	effective   uint32
-	permitted   uint32
-	inheritable uint32
-}
-
-func capget(hdr *capHeader, data *capData) (err error) {
-	_, _, e1 := syscall.Syscall(syscall.SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func capset(hdr *capHeader, data *capData) (err error) {
-	_, _, e1 := syscall.Syscall(syscall.SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-func prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
-	_, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-const (
-	vfsXattrName = "security.capability"
-
-	vfsCapVerMask = 0xff000000
-	vfsCapVer1    = 0x01000000
-	vfsCapVer2    = 0x02000000
-
-	vfsCapFlagMask      = ^vfsCapVerMask
-	vfsCapFlageffective = 0x000001
-
-	vfscapDataSizeV1 = 4 * (1 + 2*1)
-	vfscapDataSizeV2 = 4 * (1 + 2*2)
-)
-
-type vfscapData struct {
-	magic uint32
-	data  [2]struct {
-		permitted   uint32
-		inheritable uint32
-	}
-	effective [2]uint32
-	version   int8
-}
-
-var (
-	_vfsXattrName *byte
-)
-
-func init() {
-	_vfsXattrName, _ = syscall.BytePtrFromString(vfsXattrName)
-}
-
-func getVfsCap(path string, dest *vfscapData) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(dest)), vfscapDataSizeV2, 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	switch dest.magic & vfsCapVerMask {
-	case vfsCapVer1:
-		dest.version = 1
-		if r0 != vfscapDataSizeV1 {
-			return syscall.EINVAL
-		}
-		dest.data[1].permitted = 0
-		dest.data[1].inheritable = 0
-	case vfsCapVer2:
-		dest.version = 2
-		if r0 != vfscapDataSizeV2 {
-			return syscall.EINVAL
-		}
-	default:
-		return syscall.EINVAL
-	}
-	if dest.magic&vfsCapFlageffective != 0 {
-		dest.effective[0] = dest.data[0].permitted | dest.data[0].inheritable
-		dest.effective[1] = dest.data[1].permitted | dest.data[1].inheritable
-	} else {
-		dest.effective[0] = 0
-		dest.effective[1] = 0
-	}
-	return
-}
-
-func setVfsCap(path string, data *vfscapData) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var size uintptr
-	if data.version == 1 {
-		data.magic = vfsCapVer1
-		size = vfscapDataSizeV1
-	} else if data.version == 2 {
-		data.magic = vfsCapVer2
-		if data.effective[0] != 0 || data.effective[1] != 0 {
-			data.magic |= vfsCapFlageffective
-			data.data[0].permitted |= data.effective[0]
-			data.data[1].permitted |= data.effective[1]
-		}
-		size = vfscapDataSizeV2
-	} else {
-		return syscall.EINVAL
-	}
-	_, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(data)), size, 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}

From db456f648197674f680c20f206fe142217b76132 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Wed, 6 Aug 2014 15:55:50 -0400
Subject: [PATCH 384/516] Fix integration tests by adding DOCKER_TMPDIR env in
 the test init function

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 872db07119e702424dc27cd6e3396b3f2109c468
Component: engine
---
 components/engine/integration/runtime_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 713c95fb32..45a2a29cf5 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -31,6 +31,7 @@ const (
 	unitTestImageIDShort     = "83599e29c455"
 	unitTestNetworkBridge    = "testdockbr0"
 	unitTestStoreBase        = "/var/lib/docker/unit-tests"
+	unitTestDockerTmpdir     = "/var/lib/docker/tmp"
 	testDaemonAddr           = "127.0.0.1:4270"
 	testDaemonProto          = "tcp"
 	testDaemonHttpsProto     = "tcp"
@@ -90,6 +91,7 @@ func init() {
 	// To test other drivers, we need a dedicated driver validation suite.
 	os.Setenv("DOCKER_DRIVER", "vfs")
 	os.Setenv("TEST", "1")
+	os.Setenv("DOCKER_TMPDIR", unitTestDockerTmpdir)
 
 	// Hack to run sys init during unit testing
 	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {

From 2e8acb92771a248398bcca387f02520c4dc7df81 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Wed, 6 Aug 2014 15:27:58 -0400
Subject: [PATCH 385/516] Cleanup: extract bindmount spec parsing

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: f34679d0a999eaf370f3544cd1c21b90b8876795
Component: engine
---
 components/engine/daemon/volumes.go | 56 ++++++++++++++++-------------
 1 file changed, 31 insertions(+), 25 deletions(-)

diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index 2eee7789b9..a3bee6b07d 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -122,6 +122,31 @@ func applyVolumesFrom(container *Container) error {
 	return nil
 }
 
+func parseBindVolumeSpec(spec string) (BindMap, error) {
+	var (
+		arr       = strings.Split(spec, ":")
+		err error = nil
+		vol BindMap
+	)
+
+	switch len(arr) {
+	case 1:
+		vol.DstPath = spec
+		vol.Mode = "rw"
+	case 2:
+		vol.SrcPath = arr[0]
+		vol.DstPath = arr[1]
+		vol.Mode = "rw"
+	case 3:
+		vol.SrcPath = arr[0]
+		vol.DstPath = arr[1]
+		vol.Mode = arr[2]
+	default:
+		err = fmt.Errorf("Invalid volume specification: %s", spec)
+	}
+	return vol, err
+}
+
 func getBindMap(container *Container) (map[string]BindMap, error) {
 	var (
 		// Create the requested bind mounts
@@ -131,37 +156,18 @@ func getBindMap(container *Container) (map[string]BindMap, error) {
 	)
 
 	for _, bind := range container.hostConfig.Binds {
-		// FIXME: factorize bind parsing in parseBind
-		var (
-			src, dst, mode string
-			arr            = strings.Split(bind, ":")
-		)
-
-		if len(arr) == 2 {
-			src = arr[0]
-			dst = arr[1]
-			mode = "rw"
-		} else if len(arr) == 3 {
-			src = arr[0]
-			dst = arr[1]
-			mode = arr[2]
-		} else {
-			return nil, fmt.Errorf("Invalid bind specification: %s", bind)
+		vol, err := parseBindVolumeSpec(bind)
+		if err != nil {
+			return binds, err
 		}
-
 		// Bail if trying to mount to an illegal destination
 		for _, illegal := range illegalDsts {
-			if dst == illegal {
-				return nil, fmt.Errorf("Illegal bind destination: %s", dst)
+			if vol.DstPath == illegal {
+				return nil, fmt.Errorf("Illegal bind destination: %s", vol.DstPath)
 			}
 		}
 
-		bindMap := BindMap{
-			SrcPath: src,
-			DstPath: dst,
-			Mode:    mode,
-		}
-		binds[filepath.Clean(dst)] = bindMap
+		binds[filepath.Clean(vol.DstPath)] = vol
 	}
 	return binds, nil
 }

From 416ed08d2b0f90037383afadfcd90e82ea297fab Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 2 Aug 2014 01:46:15 -0600
Subject: [PATCH 386/516] Replace "amd64" build tags with "cgo" as appropriate,
 and remove where unnecessary

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 89ec17d11319ae39bff19985ac59fc878fe1fe1e
Component: engine
---
 components/engine/daemon/execdriver/lxc/lxc_init_linux.go       | 2 --
 components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go | 2 +-
 components/engine/daemon/graphdriver/aufs/mount_linux.go        | 2 --
 components/engine/daemon/graphdriver/aufs/mount_unsupported.go  | 2 +-
 components/engine/daemon/graphdriver/btrfs/btrfs.go             | 2 +-
 components/engine/daemon/graphdriver/btrfs/dummy_unsupported.go | 2 +-
 .../engine/daemon/graphdriver/devmapper/attach_loopback.go      | 2 +-
 components/engine/daemon/graphdriver/devmapper/deviceset.go     | 2 +-
 components/engine/daemon/graphdriver/devmapper/devmapper.go     | 2 +-
 components/engine/daemon/graphdriver/devmapper/devmapper_log.go | 2 +-
 .../engine/daemon/graphdriver/devmapper/devmapper_test.go       | 2 +-
 .../engine/daemon/graphdriver/devmapper/devmapper_wrapper.go    | 2 +-
 components/engine/daemon/graphdriver/devmapper/driver.go        | 2 +-
 components/engine/daemon/graphdriver/devmapper/ioctl.go         | 2 +-
 components/engine/daemon/graphdriver/devmapper/mount.go         | 2 +-
 components/engine/pkg/mount/flags_linux.go                      | 2 --
 components/engine/pkg/mount/flags_unsupported.go                | 2 +-
 components/engine/pkg/mount/mounter_linux.go                    | 2 --
 components/engine/pkg/mount/mounter_unsupported.go              | 2 +-
 components/engine/pkg/parsers/kernel/uname_linux.go             | 2 --
 components/engine/pkg/parsers/kernel/uname_unsupported.go       | 2 +-
 21 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 92c96cc30e..9f294f6458 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -1,5 +1,3 @@
-// +build amd64
-
 package lxc
 
 import (
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go b/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
index 8311ba6e24..b3f2ae68eb 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !amd64
+// +build !linux
 
 package lxc
 
diff --git a/components/engine/daemon/graphdriver/aufs/mount_linux.go b/components/engine/daemon/graphdriver/aufs/mount_linux.go
index 6082d9f240..c86f1bbd63 100644
--- a/components/engine/daemon/graphdriver/aufs/mount_linux.go
+++ b/components/engine/daemon/graphdriver/aufs/mount_linux.go
@@ -1,5 +1,3 @@
-// +build amd64
-
 package aufs
 
 import "syscall"
diff --git a/components/engine/daemon/graphdriver/aufs/mount_unsupported.go b/components/engine/daemon/graphdriver/aufs/mount_unsupported.go
index 2735624112..e291bef3aa 100644
--- a/components/engine/daemon/graphdriver/aufs/mount_unsupported.go
+++ b/components/engine/daemon/graphdriver/aufs/mount_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !amd64
+// +build !linux
 
 package aufs
 
diff --git a/components/engine/daemon/graphdriver/btrfs/btrfs.go b/components/engine/daemon/graphdriver/btrfs/btrfs.go
index afca72029f..c491fd7908 100644
--- a/components/engine/daemon/graphdriver/btrfs/btrfs.go
+++ b/components/engine/daemon/graphdriver/btrfs/btrfs.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package btrfs
 
diff --git a/components/engine/daemon/graphdriver/btrfs/dummy_unsupported.go b/components/engine/daemon/graphdriver/btrfs/dummy_unsupported.go
index 6c44615763..f07088887a 100644
--- a/components/engine/daemon/graphdriver/btrfs/dummy_unsupported.go
+++ b/components/engine/daemon/graphdriver/btrfs/dummy_unsupported.go
@@ -1,3 +1,3 @@
-// +build !linux !amd64
+// +build !linux !cgo
 
 package btrfs
diff --git a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
index 8dc57f8b4b..c3e8f2820c 100644
--- a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
+++ b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 1aef141ca8..cd12179e56 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index ab327f61b9..2c5abc9d27 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper_log.go b/components/engine/daemon/graphdriver/devmapper/devmapper_log.go
index cdeaed2525..ec7809cc51 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper_log.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper_log.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
index 4ed44cf729..167261999e 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper_wrapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper_wrapper.go
index 9f1b5a6054..bd1c6fd5b6 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper_wrapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper_wrapper.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/driver.go b/components/engine/daemon/graphdriver/devmapper/driver.go
index bbe3c92695..c6b2e2b712 100644
--- a/components/engine/daemon/graphdriver/devmapper/driver.go
+++ b/components/engine/daemon/graphdriver/devmapper/driver.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/ioctl.go b/components/engine/daemon/graphdriver/devmapper/ioctl.go
index 8f403da2b0..29caab0664 100644
--- a/components/engine/daemon/graphdriver/devmapper/ioctl.go
+++ b/components/engine/daemon/graphdriver/devmapper/ioctl.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/daemon/graphdriver/devmapper/mount.go b/components/engine/daemon/graphdriver/devmapper/mount.go
index c9ff216d5d..f64e995744 100644
--- a/components/engine/daemon/graphdriver/devmapper/mount.go
+++ b/components/engine/daemon/graphdriver/devmapper/mount.go
@@ -1,4 +1,4 @@
-// +build linux,amd64
+// +build linux
 
 package devmapper
 
diff --git a/components/engine/pkg/mount/flags_linux.go b/components/engine/pkg/mount/flags_linux.go
index 19c882fcd8..0bb47d8c90 100644
--- a/components/engine/pkg/mount/flags_linux.go
+++ b/components/engine/pkg/mount/flags_linux.go
@@ -1,5 +1,3 @@
-// +build amd64
-
 package mount
 
 import (
diff --git a/components/engine/pkg/mount/flags_unsupported.go b/components/engine/pkg/mount/flags_unsupported.go
index e598354151..5a14108880 100644
--- a/components/engine/pkg/mount/flags_unsupported.go
+++ b/components/engine/pkg/mount/flags_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux,!freebsd linux,!amd64 freebsd,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
 package mount
 
diff --git a/components/engine/pkg/mount/mounter_linux.go b/components/engine/pkg/mount/mounter_linux.go
index 70b7798de5..dd4280c777 100644
--- a/components/engine/pkg/mount/mounter_linux.go
+++ b/components/engine/pkg/mount/mounter_linux.go
@@ -1,5 +1,3 @@
-// +build amd64
-
 package mount
 
 import (
diff --git a/components/engine/pkg/mount/mounter_unsupported.go b/components/engine/pkg/mount/mounter_unsupported.go
index 06f2ac00b2..eb93365eb7 100644
--- a/components/engine/pkg/mount/mounter_unsupported.go
+++ b/components/engine/pkg/mount/mounter_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux,!freebsd linux,!amd64 freebsd,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
 package mount
 
diff --git a/components/engine/pkg/parsers/kernel/uname_linux.go b/components/engine/pkg/parsers/kernel/uname_linux.go
index b29fcc3785..8ca814c1fb 100644
--- a/components/engine/pkg/parsers/kernel/uname_linux.go
+++ b/components/engine/pkg/parsers/kernel/uname_linux.go
@@ -1,5 +1,3 @@
-// +build amd64
-
 package kernel
 
 import (
diff --git a/components/engine/pkg/parsers/kernel/uname_unsupported.go b/components/engine/pkg/parsers/kernel/uname_unsupported.go
index 9cd8a1eb5e..00c5422589 100644
--- a/components/engine/pkg/parsers/kernel/uname_unsupported.go
+++ b/components/engine/pkg/parsers/kernel/uname_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !amd64
+// +build !linux
 
 package kernel
 

From 00eca7c915ba499b856d7ef25b3b3fe0ba3c7ccd Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 08:16:10 -0700
Subject: [PATCH 387/516] utils/broadcastwriter -> pkg/broadcastwriter

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 5ab09f2f7129225220fc9c0b76b2e2aec6823ee1
Component: engine
---
 components/engine/daemon/container.go                           | 2 +-
 components/engine/daemon/daemon.go                              | 2 +-
 .../engine/{utils => pkg}/broadcastwriter/broadcastwriter.go    | 0
 .../{utils => pkg}/broadcastwriter/broadcastwriter_test.go      | 0
 4 files changed, 2 insertions(+), 2 deletions(-)
 rename components/engine/{utils => pkg}/broadcastwriter/broadcastwriter.go (100%)
 rename components/engine/{utils => pkg}/broadcastwriter/broadcastwriter_test.go (100%)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index d62eb6d2fa..0782331d07 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -22,12 +22,12 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/links"
 	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/broadcastwriter"
 	"github.com/docker/docker/pkg/networkfs/etchosts"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/docker/utils/broadcastwriter"
 	"github.com/docker/libcontainer/devices"
 	"github.com/docker/libcontainer/label"
 )
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0d275492dc..da953846b8 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -26,6 +26,7 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/graph"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/broadcastwriter"
 	"github.com/docker/docker/pkg/graphdb"
 	"github.com/docker/docker/pkg/namesgenerator"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
@@ -35,7 +36,6 @@ import (
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/docker/utils/broadcastwriter"
 	"github.com/docker/libcontainer/label"
 )
 
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter.go b/components/engine/pkg/broadcastwriter/broadcastwriter.go
similarity index 100%
rename from components/engine/utils/broadcastwriter/broadcastwriter.go
rename to components/engine/pkg/broadcastwriter/broadcastwriter.go
diff --git a/components/engine/utils/broadcastwriter/broadcastwriter_test.go b/components/engine/pkg/broadcastwriter/broadcastwriter_test.go
similarity index 100%
rename from components/engine/utils/broadcastwriter/broadcastwriter_test.go
rename to components/engine/pkg/broadcastwriter/broadcastwriter_test.go

From 325695b856ac2b565f6d059b90c7e32fe0f7caa4 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 30 Jul 2014 08:39:03 -0700
Subject: [PATCH 388/516] utils.Debugf -> log.Printf, move jsonlog to own
 package.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 5cdb9c8acab75df74d20cd937e4091dacb355160
Component: engine
---
 .../pkg/broadcastwriter/broadcastwriter.go    |  9 ++--
 components/engine/pkg/jsonlog/jsonlog.go      | 45 +++++++++++++++++++
 components/engine/utils/utils.go              | 38 ----------------
 3 files changed, 50 insertions(+), 42 deletions(-)
 create mode 100644 components/engine/pkg/jsonlog/jsonlog.go

diff --git a/components/engine/pkg/broadcastwriter/broadcastwriter.go b/components/engine/pkg/broadcastwriter/broadcastwriter.go
index f094744e37..a16d8de5f7 100644
--- a/components/engine/pkg/broadcastwriter/broadcastwriter.go
+++ b/components/engine/pkg/broadcastwriter/broadcastwriter.go
@@ -4,10 +4,11 @@ import (
 	"bytes"
 	"encoding/json"
 	"io"
+	"log"
 	"sync"
 	"time"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/jsonlog"
 )
 
 // BroadcastWriter accumulate multiple io.WriteCloser by stream.
@@ -19,7 +20,7 @@ type BroadcastWriter struct {
 
 // AddWriter adds new io.WriteCloser for stream.
 // If stream is "", then all writes proceed as is. Otherwise every line from
-// input will be packed to serialized utils.JSONLog.
+// input will be packed to serialized jsonlog.JSONLog.
 func (w *BroadcastWriter) AddWriter(writer io.WriteCloser, stream string) {
 	w.Lock()
 	if _, ok := w.streams[stream]; !ok {
@@ -53,9 +54,9 @@ func (w *BroadcastWriter) Write(p []byte) (n int, err error) {
 			if stream == "" {
 				continue
 			}
-			b, err := json.Marshal(utils.JSONLog{Log: line, Stream: stream, Created: created})
+			b, err := json.Marshal(jsonlog.JSONLog{Log: line, Stream: stream, Created: created})
 			if err != nil {
-				utils.Errorf("Error making JSON log line: %s", err)
+				log.Printf("Error making JSON log line: %s", err)
 				continue
 			}
 			b = append(b, '\n')
diff --git a/components/engine/pkg/jsonlog/jsonlog.go b/components/engine/pkg/jsonlog/jsonlog.go
new file mode 100644
index 0000000000..ecf4457cf9
--- /dev/null
+++ b/components/engine/pkg/jsonlog/jsonlog.go
@@ -0,0 +1,45 @@
+package jsonlog
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"time"
+)
+
+type JSONLog struct {
+	Log     string    `json:"log,omitempty"`
+	Stream  string    `json:"stream,omitempty"`
+	Created time.Time `json:"time"`
+}
+
+func (jl *JSONLog) Format(format string) (string, error) {
+	if format == "" {
+		return jl.Log, nil
+	}
+	if format == "json" {
+		m, err := json.Marshal(jl)
+		return string(m), err
+	}
+	return fmt.Sprintf("[%s] %s", jl.Created.Format(format), jl.Log), nil
+}
+
+func WriteLog(src io.Reader, dst io.WriteCloser, format string) error {
+	dec := json.NewDecoder(src)
+	for {
+		l := &JSONLog{}
+
+		if err := dec.Decode(l); err == io.EOF {
+			return nil
+		} else if err != nil {
+			log.Printf("Error streaming logs: %s", err)
+			return err
+		}
+		line, err := l.Format(format)
+		if err != nil {
+			return err
+		}
+		fmt.Fprintf(dst, "%s", line)
+	}
+}
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 38cb906fc8..8dea2af6f2 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -6,7 +6,6 @@ import (
 	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -19,7 +18,6 @@ import (
 	"strings"
 	"sync"
 	"syscall"
-	"time"
 
 	"github.com/docker/docker/dockerversion"
 )
@@ -264,42 +262,6 @@ func (r *bufReader) Close() error {
 	return closer.Close()
 }
 
-type JSONLog struct {
-	Log     string    `json:"log,omitempty"`
-	Stream  string    `json:"stream,omitempty"`
-	Created time.Time `json:"time"`
-}
-
-func (jl *JSONLog) Format(format string) (string, error) {
-	if format == "" {
-		return jl.Log, nil
-	}
-	if format == "json" {
-		m, err := json.Marshal(jl)
-		return string(m), err
-	}
-	return fmt.Sprintf("[%s] %s", jl.Created.Format(format), jl.Log), nil
-}
-
-func WriteLog(src io.Reader, dst io.WriteCloser, format string) error {
-	dec := json.NewDecoder(src)
-	for {
-		l := &JSONLog{}
-
-		if err := dec.Decode(l); err == io.EOF {
-			return nil
-		} else if err != nil {
-			Errorf("Error streaming logs: %s", err)
-			return err
-		}
-		line, err := l.Format(format)
-		if err != nil {
-			return err
-		}
-		fmt.Fprintf(dst, "%s", line)
-	}
-}
-
 func GetTotalUsedFds() int {
 	if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
 		Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)

From 5247a2be663f061472e3e7bee931fc6517ae649a Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 6 Aug 2014 16:45:04 -0700
Subject: [PATCH 389/516] port usage of jsonlog to the new daemon files which
 were refactored recently.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: bd373712d069f5f1f8d65bc25808a068a9afdd13
Component: engine
---
 components/engine/daemon/attach.go | 3 ++-
 components/engine/daemon/logs.go   | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/components/engine/daemon/attach.go b/components/engine/daemon/attach.go
index ad8649f4e1..2c65956a58 100644
--- a/components/engine/daemon/attach.go
+++ b/components/engine/daemon/attach.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/jsonlog"
 	"github.com/docker/docker/utils"
 )
 
@@ -57,7 +58,7 @@ func (daemon *Daemon) ContainerAttach(job *engine.Job) engine.Status {
 		} else {
 			dec := json.NewDecoder(cLog)
 			for {
-				l := &utils.JSONLog{}
+				l := &jsonlog.JSONLog{}
 
 				if err := dec.Decode(l); err == io.EOF {
 					break
diff --git a/components/engine/daemon/logs.go b/components/engine/daemon/logs.go
index edfffac4ff..f78a62d046 100644
--- a/components/engine/daemon/logs.go
+++ b/components/engine/daemon/logs.go
@@ -12,6 +12,7 @@ import (
 	"github.com/docker/docker/pkg/tailfile"
 
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/jsonlog"
 	"github.com/docker/docker/utils"
 )
 
@@ -89,7 +90,7 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 			}
 			dec := json.NewDecoder(cLog)
 			for {
-				l := &utils.JSONLog{}
+				l := &jsonlog.JSONLog{}
 
 				if err := dec.Decode(l); err == io.EOF {
 					break
@@ -115,13 +116,13 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 		if stdout {
 			stdoutPipe := container.StdoutLogPipe()
 			go func() {
-				errors <- utils.WriteLog(stdoutPipe, job.Stdout, format)
+				errors <- jsonlog.WriteLog(stdoutPipe, job.Stdout, format)
 			}()
 		}
 		if stderr {
 			stderrPipe := container.StderrLogPipe()
 			go func() {
-				errors <- utils.WriteLog(stderrPipe, job.Stderr, format)
+				errors <- jsonlog.WriteLog(stderrPipe, job.Stderr, format)
 			}()
 		}
 		err := <-errors

From 549f1952992dcd4499dfa501350ad2723d7c9175 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Thu, 7 Aug 2014 02:23:00 -0400
Subject: [PATCH 390/516] Update CONTRIBUTING.md

Added link to community guidelines
Upstream-commit: 8891bb52def06aa4fe21af544c6a3a50ecfa9a5b
Component: engine
---
 components/engine/CONTRIBUTING.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 140d51914c..05f4085211 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -11,6 +11,7 @@ feels wrong or incomplete.
 * [Reporting Issues](#reporting-issues)
 * [Build Environment](#build-environment)
 * [Contribution Guidelines](#contribution-guidelines)
+* [Community Guidelines](#docker-community-guidelines)
 
 ## Security Reports
 

From bde3f4cb228372248d86905753c4b82802c0ffd6 Mon Sep 17 00:00:00 2001
From: satoru <satorulogic@gmail.com>
Date: Thu, 7 Aug 2014 14:39:14 +0800
Subject: [PATCH 391/516] Make it clear that JSON array format should be used
 if CMD is used as default arguments

Signed-off-by: Xuecong Liao <satorulogic@gmail.com>
Upstream-commit: 6e0f072e36d7b367bde7b5c34fda9c47f36af2da
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 57ddb52984..0e9c7544a3 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -196,6 +196,11 @@ container.** These defaults can include an executable, or they can omit
 the executable, in which case you must specify an `ENTRYPOINT`
 instruction as well.
 
+> **Note**:
+> If `CMD` is used to provide default arguments for the `ENTRYPOINT` 
+> instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified 
+> with the JSON array format.
+
 When used in the shell or exec formats, the `CMD` instruction sets the command
 to be executed when running the image.
 

From 3c371660e786d4a02d5c24267b82fc66a42cc042 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Mon, 4 Aug 2014 20:59:37 -0400
Subject: [PATCH 392/516] Use pure go markdown processor to generate man files

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 3f136dc0e0feb826eb67c2c2d600ee681a16bb02
Component: engine
---
 components/engine/Dockerfile             |  8 +++++++-
 components/engine/docs/man/Dockerfile    | 12 +++++++-----
 components/engine/docs/man/README.md     | 23 +++++++++++------------
 components/engine/docs/man/md2man-all.sh |  2 +-
 4 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index f4fc9d7a50..94fb47df58 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -42,7 +42,6 @@ RUN	apt-get update && apt-get install -y \
 	libsqlite3-dev \
 	lxc=1.0* \
 	mercurial \
-	pandoc \
 	parallel \
 	reprepro \
 	ruby1.9.1 \
@@ -63,6 +62,7 @@ RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper
 RUN	curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
 ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
+ENV PATH /go/bin:$PATH
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
 
 # Compile Go for cross compilation
@@ -80,6 +80,12 @@ RUN	go get code.google.com/p/go.tools/cmd/cover
 # TODO replace FPM with some very minimal debhelper stuff
 RUN	gem install --no-rdoc --no-ri fpm --version 1.0.2
 
+# Install man page generator
+RUN mkdir -p /go/src/github.com/cpuguy83 \
+    && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \
+    && cd /go/src/github.com/cpuguy83/go-md2man \
+    && go get -v ./...
+
 # Get the "busybox" image source so we can build locally instead of pulling
 RUN	git clone -b buildroot-2014.02 https://github.com/jpetazzo/docker-busybox.git /docker-busybox
 
diff --git a/components/engine/docs/man/Dockerfile b/components/engine/docs/man/Dockerfile
index 438227df89..9910bd48f9 100644
--- a/components/engine/docs/man/Dockerfile
+++ b/components/engine/docs/man/Dockerfile
@@ -1,5 +1,7 @@
-FROM fedora:20
-MAINTAINER ipbabble <emailwhenry@redhat.com>
-# Update and install pandoc
-RUN yum -y update; yum clean all;
-RUN yum -y install pandoc;
+FROM golang:1.3
+RUN mkdir -p /go/src/github.com/cpuguy83
+RUN mkdir -p /go/src/github.com/cpuguy83 \
+    && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \
+    && cd /go/src/github.com/cpuguy83/go-md2man \
+    && go get -v ./...
+CMD ["/go/bin/go-md2man", "--help"]
diff --git a/components/engine/docs/man/README.md b/components/engine/docs/man/README.md
index 45f1a91c00..a52e0cbe62 100644
--- a/components/engine/docs/man/README.md
+++ b/components/engine/docs/man/README.md
@@ -44,27 +44,26 @@ Markdown (*.md) files.
 
 # Generating man pages from the Markdown files
 
-The recommended approach for generating the man pages is via a  Docker 
-container. Using the supplied Dockerfile, Docker will create a Fedora based 
-container and isolate the Pandoc installation. This is a seamless process, 
-saving you from dealing with Pandoc and dependencies on your own computer.
+The recommended approach for generating the man pages is via a Docker
+container using the supplied `Dockerfile` to create an image with the correct
+environment. This uses `go-md2man`, a pure Go Markdown to man page generator.
 
-## Building the Fedora / Pandoc image
+## Building the md2man image
 
-There is a Dockerfile provided in the `docker/docs/man` directory.
+There is a `Dockerfile` provided in the `docker/docs/man` directory.
 
-Using this Dockerfile, create a Docker image tagged `fedora/pandoc`:
+Using this `Dockerfile`, create a Docker image tagged `docker/md2man`:
 
-    docker build  -t fedora/pandoc .
+    docker build -t docker/md2man .
 
-## Utilizing the Fedora / Pandoc image
+## Utilizing the image
 
 Once the image is built, run a container using the image with *volumes*:
 
-    docker run -v /<path-to-git-dir>/docker/docs/man:/pandoc:rw \
-    -w /pandoc -i fedora/pandoc /pandoc/md2man-all.sh
+    docker run -v /<path-to-git-dir>/docker/docs/man:/docs:rw \
+    -w /docs -i docker/md2man /docs/md2man-all.sh
 
-The Pandoc Docker container will process the Markdown files and generate
+The `md2man` Docker container will process the Markdown files and generate
 the man pages inside the `docker/docs/man/man1` directory using
 Docker volumes. For more information on Docker volumes see the man page for
 `docker run` and also look at the article [Sharing Directories via Volumes]
diff --git a/components/engine/docs/man/md2man-all.sh b/components/engine/docs/man/md2man-all.sh
index 12d84de232..97c65c93bc 100755
--- a/components/engine/docs/man/md2man-all.sh
+++ b/components/engine/docs/man/md2man-all.sh
@@ -18,5 +18,5 @@ for FILE in *.md; do
 		continue
 	fi
 	mkdir -p "./man${num}"
-	pandoc -s -t man "$FILE" -o "./man${num}/${name}"
+	go-md2man -in "$FILE" -out "./man${num}/${name}"
 done

From b75c55fd7264ea39dce55518495ec2d38a81fe33 Mon Sep 17 00:00:00 2001
From: Peter Bourgon <peter@bourgon.org>
Date: Wed, 30 Jul 2014 15:35:42 +0200
Subject: [PATCH 393/516] Only import "testing" from *_test.go

This prevents the testing package flags from leaking into the flagsets
of binaries that import docker. I left integration-cli alone.

Docker-DCO-1.1-Signed-off-by: Peter Bourgon <peter@bourgon.org> (github: peterbourgon)
Upstream-commit: b87daf6d697655ca092bf54717a64b07504a13c1
Component: engine
---
 .../graphdriver/graphtest/{graphtest.go => graph_test.go}       | 0
 .../mount/{mountinfo_test_linux.go => mountinfo_linux_test.go}  | 2 ++
 components/engine/pkg/testutils/{testutils.go => utils_test.go} | 0
 3 files changed, 2 insertions(+)
 rename components/engine/daemon/graphdriver/graphtest/{graphtest.go => graph_test.go} (100%)
 rename components/engine/pkg/mount/{mountinfo_test_linux.go => mountinfo_linux_test.go} (99%)
 rename components/engine/pkg/testutils/{testutils.go => utils_test.go} (100%)

diff --git a/components/engine/daemon/graphdriver/graphtest/graphtest.go b/components/engine/daemon/graphdriver/graphtest/graph_test.go
similarity index 100%
rename from components/engine/daemon/graphdriver/graphtest/graphtest.go
rename to components/engine/daemon/graphdriver/graphtest/graph_test.go
diff --git a/components/engine/pkg/mount/mountinfo_test_linux.go b/components/engine/pkg/mount/mountinfo_linux_test.go
similarity index 99%
rename from components/engine/pkg/mount/mountinfo_test_linux.go
rename to components/engine/pkg/mount/mountinfo_linux_test.go
index f2e3daa8b3..07ef7e0225 100644
--- a/components/engine/pkg/mount/mountinfo_test_linux.go
+++ b/components/engine/pkg/mount/mountinfo_linux_test.go
@@ -1,3 +1,5 @@
+// +build linux
+
 package mount
 
 import (
diff --git a/components/engine/pkg/testutils/testutils.go b/components/engine/pkg/testutils/utils_test.go
similarity index 100%
rename from components/engine/pkg/testutils/testutils.go
rename to components/engine/pkg/testutils/utils_test.go

From 1b6a85626ef46ab1525fac9fd6ab65cdd65c3350 Mon Sep 17 00:00:00 2001
From: Peter Waller <peter@scraperwiki.com>
Date: Wed, 30 Jul 2014 14:13:13 +0100
Subject: [PATCH 394/516] Run hack/generate-authors.sh

Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Upstream-commit: 7d78dc33b15c9c5fd4cc2c0c5526cdfd5505ee4f
Component: engine
---
 components/engine/AUTHORS | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 38f2f38c2a..c17120cec5 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -38,6 +38,7 @@ Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Munsell <andrew@wizardapps.net>
 Andrews Medina <andrewsmedina@gmail.com>
 Andrew Weiss <andrew.weiss@microsoft.com>
+Andrew Weiss <andrew.weiss@outlook.com>
 Andrew Williams <williams.andrew@gmail.com>
 Andy Chambers <anchambers@paypal.com>
 andy diller <dillera@gmail.com>
@@ -142,6 +143,7 @@ David Röthlisberger <david@rothlis.net>
 David Sissitka <me@dsissitka.com>
 Deni Bertovic <deni@kset.org>
 Derek <crq@kernel.org>
+Deric Crago <deric.crago@gmail.com>
 Dinesh Subhraveti <dineshs@altiscale.com>
 Djibril Koné <kone.djibril@gmail.com>
 dkumor <daniel@dkumor.com>
@@ -178,6 +180,7 @@ Fabio Rehm <fgrehm@gmail.com>
 Fabrizio Regini <freegenie@gmail.com>
 Faiz Khan <faizkhan00@gmail.com>
 Fareed Dudhia <fareeddudhia@googlemail.com>
+fcarriedo <fcarriedo@gmail.com>
 Felix Rabe <felix@rabe.io>
 Fernando <fermayo@gmail.com>
 Flavio Castelli <fcastelli@suse.com>
@@ -289,6 +292,7 @@ Josh <jokajak@gmail.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
 JP <jpellerin@leapfrogonline.com>
 Julien Barbier <write0@gmail.com>
+Julien Bordellier <git@julienbordellier.com>
 Julien Bordellier <julienbordellier@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>
@@ -312,6 +316,7 @@ kim0 <email.ahmedkamal@googlemail.com>
 Kim BKC Carlbacker <kim.carlbacker@gmail.com>
 Kimbro Staken <kstaken@kstaken.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
+knappe <tyler.knappe@gmail.com>
 Kohei Tsuruta <coheyxyz@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kyle Conroy <kyle.j.conroy@gmail.com>
@@ -370,6 +375,7 @@ Michael Neale <michael.neale@gmail.com>
 Michaël Pailloncy <mpapo.dev@gmail.com>
 Michael Prokop <github@michael-prokop.at>
 Michael Stapelberg <michael+gh@stapelberg.de>
+Michiel@unhosted <michiel@unhosted.org>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mike Chelen <michael.chelen@gmail.com>
 Mike Gaffney <mike@uberu.com>
@@ -418,11 +424,13 @@ Peter Braden <peterbraden@peterbraden.co.uk>
 Peter Waller <peter@scraperwiki.com>
 Phillip Alexander <git@phillipalexander.io>
 Phil Spitler <pspitler@gmail.com>
+Phil <underscorephil@gmail.com>
 Piergiuliano Bossi <pgbossi@gmail.com>
 Pierre-Alain RIVIERE <pariviere@ippon.fr>
 Piotr Bogdan <ppbogdan@gmail.com>
 pysqz <randomq@126.com>
 Quentin Brossard <qbrossard@gmail.com>
+r0n22 <cameron.regan@gmail.com>
 Rafal Jeczalik <rjeczalik@gmail.com>
 Rajat Pandit <rp@rajatpandit.com>
 Ralph Bean <rbean@redhat.com>
@@ -465,6 +473,8 @@ Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Cronin <seancron@gmail.com>
 Sean P. Kane <skane@newrelic.com>
+Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
+Sébastien Luttringer <seblu@seblu.net>
 Sébastien <sebastien@yoozio.com>
 Sébastien Stormacq <sebsto@users.noreply.github.com>
 Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
@@ -489,7 +499,7 @@ Steeve Morin <steeve.morin@gmail.com>
 Stefan Praszalowicz <stefan@greplin.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 sudosurootdev <sudosurootdev@gmail.com>
-Sven Dowideit <SvenDowideit@home.org.au>
+Sven Dowideit <svendowideit@home.org.au>
 Sylvain Bellemare <sylvain.bellemare@ezeep.com>
 tang0th <tang0th@gmx.com>
 Tatsuki Sugiura <sugi@nemui.org>

From ab4c9735dea36d1c9aa3399723e4055b862452fe Mon Sep 17 00:00:00 2001
From: Peter Waller <peter@scraperwiki.com>
Date: Wed, 30 Jul 2014 14:13:43 +0100
Subject: [PATCH 395/516] Change Peter Waller's canonical e-mail address

Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Upstream-commit: d687c5b3393a22e0db6473f0572a332f211c7102
Component: engine
---
 components/engine/.mailmap | 1 +
 components/engine/AUTHORS  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/.mailmap b/components/engine/.mailmap
index bd6360a2af..7919eed502 100644
--- a/components/engine/.mailmap
+++ b/components/engine/.mailmap
@@ -93,3 +93,4 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 <marc@marc-abramowitz.com> <msabramo@gmail.com>
 Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
 <bernat@luffy.cx> <vincent@bernat.im>
+<p@pwaller.net> <peter@scraperwiki.com>
diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index c17120cec5..6f88355e18 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -421,7 +421,7 @@ Paul Nasrat <pnasrat@gmail.com>
 Paul <paul9869@gmail.com>
 Paul Weaver <pauweave@cisco.com>
 Peter Braden <peterbraden@peterbraden.co.uk>
-Peter Waller <peter@scraperwiki.com>
+Peter Waller <p@pwaller.net>
 Phillip Alexander <git@phillipalexander.io>
 Phil Spitler <pspitler@gmail.com>
 Phil <underscorephil@gmail.com>

From 56a4d87cf40d63120e0046c1ccbda7fcf014e851 Mon Sep 17 00:00:00 2001
From: Peter Waller <peter@scraperwiki.com>
Date: Wed, 30 Jul 2014 14:22:15 +0100
Subject: [PATCH 396/516] Add a few canonicalized author names

Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Upstream-commit: f8f36ff320d5b14a5fb61ab3fec0b1e7ef1e8aa6
Component: engine
---
 components/engine/.mailmap | 3 +++
 components/engine/AUTHORS  | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/.mailmap b/components/engine/.mailmap
index 7919eed502..c9c6d3f94f 100644
--- a/components/engine/.mailmap
+++ b/components/engine/.mailmap
@@ -94,3 +94,6 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 Matthew Heon <mheon@redhat.com> <mheon@mheonlaptop.redhat.com>
 <bernat@luffy.cx> <vincent@bernat.im>
 <p@pwaller.net> <peter@scraperwiki.com>
+<andrew.weiss@outlook.com> <andrew.weiss@microsoft.com>
+Francisco Carriedo <fcarriedo@gmail.com>
+<julienbordellier@gmail.com> <git@julienbordellier.com>
diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 6f88355e18..6c16a3459a 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -37,7 +37,6 @@ Andrew France <andrew@avito.co.uk>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Munsell <andrew@wizardapps.net>
 Andrews Medina <andrewsmedina@gmail.com>
-Andrew Weiss <andrew.weiss@microsoft.com>
 Andrew Weiss <andrew.weiss@outlook.com>
 Andrew Williams <williams.andrew@gmail.com>
 Andy Chambers <anchambers@paypal.com>
@@ -180,7 +179,6 @@ Fabio Rehm <fgrehm@gmail.com>
 Fabrizio Regini <freegenie@gmail.com>
 Faiz Khan <faizkhan00@gmail.com>
 Fareed Dudhia <fareeddudhia@googlemail.com>
-fcarriedo <fcarriedo@gmail.com>
 Felix Rabe <felix@rabe.io>
 Fernando <fermayo@gmail.com>
 Flavio Castelli <fcastelli@suse.com>
@@ -292,7 +290,6 @@ Josh <jokajak@gmail.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
 JP <jpellerin@leapfrogonline.com>
 Julien Barbier <write0@gmail.com>
-Julien Bordellier <git@julienbordellier.com>
 Julien Bordellier <julienbordellier@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>

From 024c2cf99d8f07fd26ad18934f4fe200b0aee759 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 7 Aug 2014 15:30:10 -0600
Subject: [PATCH 397/516] Regenerate AUTHORS one more time

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 7a34f1343372b0712155087a9a5f447b59b60084
Component: engine
---
 components/engine/AUTHORS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 6c16a3459a..993f19b713 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -496,7 +496,7 @@ Steeve Morin <steeve.morin@gmail.com>
 Stefan Praszalowicz <stefan@greplin.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 sudosurootdev <sudosurootdev@gmail.com>
-Sven Dowideit <svendowideit@home.org.au>
+Sven Dowideit <SvenDowideit@home.org.au>
 Sylvain Bellemare <sylvain.bellemare@ezeep.com>
 tang0th <tang0th@gmx.com>
 Tatsuki Sugiura <sugi@nemui.org>

From 22832ff041936d64ac4e0d02dbc8b5753fc27d14 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Thu, 7 Aug 2014 14:24:37 -0700
Subject: [PATCH 398/516] Graphtest is ok to compile normally

The graphtest package is only imported in the test files of other
packages therefore we do not leak testing flags.

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: b386bce1f1bc92584282cc3f6656878c05d75272
Component: engine
---
 .../daemon/graphdriver/graphtest/{graph_test.go => graphtest.go}  | 0
 components/engine/pkg/testutils/{utils_test.go => utils.go}       | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename components/engine/daemon/graphdriver/graphtest/{graph_test.go => graphtest.go} (100%)
 rename components/engine/pkg/testutils/{utils_test.go => utils.go} (100%)

diff --git a/components/engine/daemon/graphdriver/graphtest/graph_test.go b/components/engine/daemon/graphdriver/graphtest/graphtest.go
similarity index 100%
rename from components/engine/daemon/graphdriver/graphtest/graph_test.go
rename to components/engine/daemon/graphdriver/graphtest/graphtest.go
diff --git a/components/engine/pkg/testutils/utils_test.go b/components/engine/pkg/testutils/utils.go
similarity index 100%
rename from components/engine/pkg/testutils/utils_test.go
rename to components/engine/pkg/testutils/utils.go

From a79d7ec92b1bd4a66863fb0452391b7b18c354d6 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Thu, 7 Aug 2014 14:50:59 -0400
Subject: [PATCH 399/516] Revert `rm -f` deprecation use SIGKILL instead

`rm -f` was originally deprecated in favor of `rm --stop/--kill` since `rm
-f` was sending SIGTERM and potentially very slow.
Instead this will bring back `rm -f` but use SIGKILL isntead

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 95f86da641dfec9b3db88e0f0a8457685361a871
Component: engine
---
 components/engine/api/client/commands.go      | 15 ++++------
 components/engine/api/server/server.go        | 10 +------
 .../engine/api/server/server_unit_test.go     | 24 ----------------
 components/engine/daemon/delete.go            | 10 ++-----
 components/engine/docs/man/docker-rm.1.md     | 11 ++------
 .../reference/api/docker_remote_api.md        |  6 +---
 .../reference/api/docker_remote_api_v1.14.md  |  4 +--
 .../docs/sources/reference/commandline/cli.md | 14 ++--------
 .../integration-cli/docker_cli_rm_test.go     | 28 ++-----------------
 9 files changed, 18 insertions(+), 104 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index f374246a2a..ee52d98946 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1016,8 +1016,7 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 	cmd := cli.Subcmd("rm", "[OPTIONS] CONTAINER [CONTAINER...]", "Remove one or more containers")
 	v := cmd.Bool([]string{"v", "-volumes"}, false, "Remove the volumes associated with the container")
 	link := cmd.Bool([]string{"l", "#link", "-link"}, false, "Remove the specified link and not the underlying container")
-	stop := cmd.Bool([]string{"#f", "s", "#-force", "-stop"}, false, "Stop and remove a running container")
-	kill := cmd.Bool([]string{"k", "-kill"}, false, "Kill and remove a running container")
+	force := cmd.Bool([]string{"f", "-force"}, false, "Force the removal of a running container (uses SIGKILL)")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -1026,9 +1025,7 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 		cmd.Usage()
 		return nil
 	}
-	if *stop && *kill {
-		return fmt.Errorf("Conflicting options: -s/--stop and -k/--kill")
-	}
+
 	val := url.Values{}
 	if *v {
 		val.Set("v", "1")
@@ -1036,11 +1033,9 @@ func (cli *DockerCli) CmdRm(args ...string) error {
 	if *link {
 		val.Set("link", "1")
 	}
-	if *stop {
-		val.Set("stop", "1")
-	}
-	if *kill {
-		val.Set("kill", "1")
+
+	if *force {
+		val.Set("force", "1")
 	}
 
 	var encounteredError error
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 858dd4e4d6..3afb8ad87e 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -680,16 +680,8 @@ func deleteContainers(eng *engine.Engine, version version.Version, w http.Respon
 	}
 	job := eng.Job("delete", vars["name"])
 
-	if version.GreaterThanOrEqualTo("1.14") {
-		job.Setenv("stop", r.Form.Get("stop"))
-		job.Setenv("kill", r.Form.Get("kill"))
+	job.Setenv("forceRemove", r.Form.Get("force"))
 
-		if job.GetenvBool("stop") && job.GetenvBool("kill") {
-			return fmt.Errorf("Bad parameters: can't use stop and kill simultaneously")
-		}
-	} else {
-		job.Setenv("stop", r.Form.Get("force"))
-	}
 	job.Setenv("removeVolume", r.Form.Get("v"))
 	job.Setenv("removeLink", r.Form.Get("link"))
 	if err := job.Run(); err != nil {
diff --git a/components/engine/api/server/server_unit_test.go b/components/engine/api/server/server_unit_test.go
index 5aed3cf346..950fea51d4 100644
--- a/components/engine/api/server/server_unit_test.go
+++ b/components/engine/api/server/server_unit_test.go
@@ -474,30 +474,6 @@ func TestDeleteContainers(t *testing.T) {
 	}
 }
 
-func TestDeleteContainersWithStopAndKill(t *testing.T) {
-	if api.APIVERSION.LessThan("1.14") {
-		return
-	}
-	eng := engine.New()
-	var called bool
-	eng.Register("delete", func(job *engine.Job) engine.Status {
-		called = true
-		return engine.StatusOK
-	})
-	r := serveRequest("DELETE", "/containers/foo?stop=1&kill=1", nil, eng, t)
-	if r.Code != http.StatusBadRequest {
-		t.Fatalf("Got status %d, expected %d", r.Code, http.StatusBadRequest)
-	}
-	if called {
-		t.Fatalf("container_delete jobs was called, but it shouldn't")
-	}
-	res := strings.TrimSpace(r.Body.String())
-	expected := "Bad parameters: can't use stop and kill simultaneously"
-	if !strings.Contains(res, expected) {
-		t.Fatalf("Output %s, expected %s in it", res, expected)
-	}
-}
-
 func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder {
 	return serveRequestUsingVersion(method, target, api.APIVERSION, body, eng, t)
 }
diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
index ad4df69860..fdd62924d9 100644
--- a/components/engine/daemon/delete.go
+++ b/components/engine/daemon/delete.go
@@ -20,9 +20,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 	name := job.Args[0]
 	removeVolume := job.GetenvBool("removeVolume")
 	removeLink := job.GetenvBool("removeLink")
-	stop := job.GetenvBool("stop")
-	kill := job.GetenvBool("kill")
-
+	forceRemove := job.GetenvBool("forceRemove")
 	container := daemon.Get(name)
 
 	if removeLink {
@@ -55,11 +53,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 
 	if container != nil {
 		if container.State.IsRunning() {
-			if stop {
-				if err := container.Stop(5); err != nil {
-					return job.Errorf("Could not stop running container, cannot remove - %v", err)
-				}
-			} else if kill {
+			if forceRemove {
 				if err := container.Kill(); err != nil {
 					return job.Errorf("Could not kill running container, cannot remove - %v", err)
 				}
diff --git a/components/engine/docs/man/docker-rm.1.md b/components/engine/docs/man/docker-rm.1.md
index 87a07a8849..e73231e907 100644
--- a/components/engine/docs/man/docker-rm.1.md
+++ b/components/engine/docs/man/docker-rm.1.md
@@ -6,9 +6,8 @@ docker-rm - Remove one or more containers
 
 # SYNOPSIS
 **docker rm**
-[**-k**|**--kill**[=*false*]]
 [**-l**|**--link**[=*false*]]
-[**-s**|**--stop**[=*false*]]
+[**-f**|**--force**[=*false*]]
 [**-v**|**--volumes**[=*false*]]
  CONTAINER [CONTAINER...]
 
@@ -20,15 +19,11 @@ remove a running container unless you use the \fB-f\fR option. To see all
 containers on a host use the **docker ps -a** command.
 
 # OPTIONS
-**-k**, **--kill**=*true*|*false*
-   Kill and remove a running container. The default is *false*.
-
 **-l**, **--link**=*true*|*false*
    Remove the specified link and not the underlying container. The default is *false*.
 
-**-s**, **--stop**=*true*|*false*
-   Stop and remove a running container. The default is *false*.
-
+**-f**, **--force**=*true*|*false*
+  Allows removing of a running container by first killing it with SIGKILL.
 **-v**, **--volumes**=*true*|*false*
    Remove the volumes associated with the container. The default is *false*.
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api.md b/components/engine/docs/sources/reference/api/docker_remote_api.md
index e968b2a3cc..e712f864f2 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api.md
@@ -37,11 +37,7 @@ You can still call an old version of the API using
 `DELETE /containers/(id)`
 
 **New!**
-You can now use the `stop` parameter to stop running containers before removal
-(replace `force`).
-
-**New!**
-You can now use the `kill` parameter to kill running containers before removal.
+When using `force`, the container will be immediately killed with SIGKILL.
 
 `POST /containers/(id)/start`
 
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index 35f26c56df..e411c8c6ef 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -679,9 +679,7 @@ Remove the container `id` from the filesystem
 
     -   **v** – 1/True/true or 0/False/false, Remove the volumes
         associated to the container. Default false
-    -   **stop** – 1/True/true or 0/False/false, Stop then remove the container.
-        Default false
-    -   **kill** - 1/True/true or 0/False/false, Kill then remove the container.
+    -   **force** - 1/True/true or 0/False/false, Kill then remove the container.
         Default false
 
     Status Codes:
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 83cd56a206..3ee0c81761 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -864,8 +864,7 @@ registry or to a self-hosted one.
 
     Remove one or more containers
 
-      -s, --stop=false       Stop and remove a running container
-      -k, --kill=false       Kill and remove a running container
+      -f, --force=false      Force removal of a running container. Uses SIGKILL to stop the container.
       -l, --link=false       Remove the specified link and not the underlying container
       -v, --volumes=false    Remove the volumes associated with the container
 
@@ -890,21 +889,12 @@ This will remove the underlying link between `/webapp`
 and the `/redis` containers removing all
 network communication.
 
-    $ sudo docker rm --stop redis
-    redis
- 
-The main process inside the container referenced under the link `/redis` will receive
-SIGTERM, and after a grace period, SIGKILL, then the container will be removed.
-
-    $ sudo docker rm --kill redis
+    $ sudo docker rm --force redis
     redis
 
 The main process inside the container referenced under the link `/redis` will receive
 SIGKILL, then the container will be removed.
 
-NOTE: If you try to use `stop` and `kill` simultaneously, Docker will return an error.
-
-    $ sudo docker rm $(docker ps -a -q)
 
 This command will delete all stopped containers. The command
 `docker ps -a -q` will return all existing container
diff --git a/components/engine/integration-cli/docker_cli_rm_test.go b/components/engine/integration-cli/docker_cli_rm_test.go
index 08bc2a7224..6b395c5218 100644
--- a/components/engine/integration-cli/docker_cli_rm_test.go
+++ b/components/engine/integration-cli/docker_cli_rm_test.go
@@ -57,40 +57,18 @@ func TestRemoveRunningContainer(t *testing.T) {
 	logDone("rm - running container")
 }
 
-func TestStopAndRemoveRunningContainer(t *testing.T) {
+func TestForceRemoveRunningContainer(t *testing.T) {
 	createRunningContainer(t, "foo")
 
 	// Stop then remove with -s
-	cmd := exec.Command(dockerBinary, "rm", "-s", "foo")
+	cmd := exec.Command(dockerBinary, "rm", "-f", "foo")
 	if _, err := runCommand(cmd); err != nil {
 		t.Fatal(err)
 	}
 
 	deleteAllContainers()
 
-	logDone("rm - running container with --stop=true")
-}
-
-func TestKillAndRemoveRunningContainer(t *testing.T) {
-	createRunningContainer(t, "foo")
-
-	// Kill then remove with -k
-	cmd := exec.Command(dockerBinary, "rm", "-k", "foo")
-	if _, err := runCommand(cmd); err != nil {
-		t.Fatal(err)
-	}
-
-	deleteAllContainers()
-
-	logDone("rm - running container with --kill=true")
-}
-
-func TestRemoveContainerWithStopAndKill(t *testing.T) {
-	cmd := exec.Command(dockerBinary, "rm", "-sk", "foo")
-	if _, err := runCommand(cmd); err == nil {
-		t.Fatalf("Expected error: can't use stop and kill simulteanously")
-	}
-	logDone("rm - with --stop=true and --kill=true")
+	logDone("rm - running container with --force=true")
 }
 
 func TestContainerOrphaning(t *testing.T) {

From b1b3c2f243e4522218eced6b0de56860d97e9016 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 7 Aug 2014 16:45:22 -0600
Subject: [PATCH 400/516] Fix several minor issues with Debian sysvinit script

- add `set -e` to make failing commands bail the script
- remove trailing `exit 0` which is just extraneous anyhow
- adjust `status_of_proc` options to pass in `$DOCKER_DESC` so we get consistently styled messages like `Docker is running` or `Docker is not running` or `could not access PID file for Docker`

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 478fdaf93353c70a26c0043dadb650fd2f101c40
Component: engine
---
 components/engine/contrib/init/sysvinit-debian/docker | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/engine/contrib/init/sysvinit-debian/docker b/components/engine/contrib/init/sysvinit-debian/docker
index d79d9c6c07..cf33c83779 100755
--- a/components/engine/contrib/init/sysvinit-debian/docker
+++ b/components/engine/contrib/init/sysvinit-debian/docker
@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 
 ### BEGIN INIT INFO
 # Provides:           docker
@@ -130,7 +131,7 @@ case "$1" in
 		;;
 
 	status)
-		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKER" docker
+		status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKER" "$DOCKER_DESC"
 		;;
 
 	*)
@@ -138,5 +139,3 @@ case "$1" in
 		exit 1
 		;;
 esac
-
-exit 0

From 9a5247f7eefe96ae14db24812f66a7bb2cd9f2a8 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 8 Aug 2014 03:01:55 +0000
Subject: [PATCH 401/516] Move "info" to daemon/info.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 94715e8e643f0bc9aa57841b346f5196f75f0dc0
Component: engine
---
 components/engine/daemon/daemon.go |  1 +
 components/engine/daemon/info.go   | 74 ++++++++++++++++++++++++++++++
 components/engine/server/init.go   |  1 -
 components/engine/server/server.go | 68 ---------------------------
 4 files changed, 75 insertions(+), 69 deletions(-)
 create mode 100644 components/engine/daemon/info.go

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 2dab2523b2..4753219652 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -118,6 +118,7 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 		"create":            daemon.ContainerCreate,
 		"delete":            daemon.ContainerDestroy,
 		"export":            daemon.ContainerExport,
+		"info":              daemon.CmdInfo,
 		"kill":              daemon.ContainerKill,
 		"logs":              daemon.ContainerLogs,
 		"pause":             daemon.ContainerPause,
diff --git a/components/engine/daemon/info.go b/components/engine/daemon/info.go
new file mode 100644
index 0000000000..215d82acdc
--- /dev/null
+++ b/components/engine/daemon/info.go
@@ -0,0 +1,74 @@
+package daemon
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/pkg/parsers/operatingsystem"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+func (daemon *Daemon) CmdInfo(job *engine.Job) engine.Status {
+	images, _ := daemon.Graph().Map()
+	var imgcount int
+	if images == nil {
+		imgcount = 0
+	} else {
+		imgcount = len(images)
+	}
+	kernelVersion := "<unknown>"
+	if kv, err := kernel.GetKernelVersion(); err == nil {
+		kernelVersion = kv.String()
+	}
+
+	operatingSystem := "<unknown>"
+	if s, err := operatingsystem.GetOperatingSystem(); err == nil {
+		operatingSystem = s
+	}
+	if inContainer, err := operatingsystem.IsContainerized(); err != nil {
+		utils.Errorf("Could not determine if daemon is containerized: %v", err)
+		operatingSystem += " (error determining if containerized)"
+	} else if inContainer {
+		operatingSystem += " (containerized)"
+	}
+
+	// if we still have the original dockerinit binary from before we copied it locally, let's return the path to that, since that's more intuitive (the copied path is trivial to derive by hand given VERSION)
+	initPath := utils.DockerInitPath("")
+	if initPath == "" {
+		// if that fails, we'll just return the path from the daemon
+		initPath = daemon.SystemInitPath()
+	}
+
+	cjob := job.Eng.Job("subscribers_count")
+	env, _ := cjob.Stdout.AddEnv()
+	if err := cjob.Run(); err != nil {
+		return job.Error(err)
+	}
+	v := &engine.Env{}
+	v.SetInt("Containers", len(daemon.List()))
+	v.SetInt("Images", imgcount)
+	v.Set("Driver", daemon.GraphDriver().String())
+	v.SetJson("DriverStatus", daemon.GraphDriver().Status())
+	v.SetBool("MemoryLimit", daemon.SystemConfig().MemoryLimit)
+	v.SetBool("SwapLimit", daemon.SystemConfig().SwapLimit)
+	v.SetBool("IPv4Forwarding", !daemon.SystemConfig().IPv4ForwardingDisabled)
+	v.SetBool("Debug", os.Getenv("DEBUG") != "")
+	v.SetInt("NFd", utils.GetTotalUsedFds())
+	v.SetInt("NGoroutines", runtime.NumGoroutine())
+	v.Set("ExecutionDriver", daemon.ExecutionDriver().Name())
+	v.SetInt("NEventsListener", env.GetInt("count"))
+	v.Set("KernelVersion", kernelVersion)
+	v.Set("OperatingSystem", operatingSystem)
+	v.Set("IndexServerAddress", registry.IndexServerAddress())
+	v.Set("InitSha1", dockerversion.INITSHA1)
+	v.Set("InitPath", initPath)
+	v.SetList("Sockets", daemon.Sockets)
+	if _, err := v.WriteTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 1814e6f534..082fb0d1cd 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -86,7 +86,6 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
 	for name, handler := range map[string]engine.Handler{
-		"info":  srv.DockerInfo,
 		"build": srv.Build,
 		"pull":  srv.ImagePull,
 		"push":  srv.ImagePush,
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 3c8f0708a9..e5233a604c 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -22,81 +22,13 @@
 package server
 
 import (
-	"os"
-	"runtime"
 	"sync"
 	"time"
 
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/pkg/parsers/operatingsystem"
-	"github.com/docker/docker/registry"
-	"github.com/docker/docker/utils"
 )
 
-func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
-	images, _ := srv.daemon.Graph().Map()
-	var imgcount int
-	if images == nil {
-		imgcount = 0
-	} else {
-		imgcount = len(images)
-	}
-	kernelVersion := "<unknown>"
-	if kv, err := kernel.GetKernelVersion(); err == nil {
-		kernelVersion = kv.String()
-	}
-
-	operatingSystem := "<unknown>"
-	if s, err := operatingsystem.GetOperatingSystem(); err == nil {
-		operatingSystem = s
-	}
-	if inContainer, err := operatingsystem.IsContainerized(); err != nil {
-		utils.Errorf("Could not determine if daemon is containerized: %v", err)
-		operatingSystem += " (error determining if containerized)"
-	} else if inContainer {
-		operatingSystem += " (containerized)"
-	}
-
-	// if we still have the original dockerinit binary from before we copied it locally, let's return the path to that, since that's more intuitive (the copied path is trivial to derive by hand given VERSION)
-	initPath := utils.DockerInitPath("")
-	if initPath == "" {
-		// if that fails, we'll just return the path from the daemon
-		initPath = srv.daemon.SystemInitPath()
-	}
-
-	cjob := job.Eng.Job("subscribers_count")
-	env, _ := cjob.Stdout.AddEnv()
-	if err := cjob.Run(); err != nil {
-		return job.Error(err)
-	}
-	v := &engine.Env{}
-	v.SetInt("Containers", len(srv.daemon.List()))
-	v.SetInt("Images", imgcount)
-	v.Set("Driver", srv.daemon.GraphDriver().String())
-	v.SetJson("DriverStatus", srv.daemon.GraphDriver().Status())
-	v.SetBool("MemoryLimit", srv.daemon.SystemConfig().MemoryLimit)
-	v.SetBool("SwapLimit", srv.daemon.SystemConfig().SwapLimit)
-	v.SetBool("IPv4Forwarding", !srv.daemon.SystemConfig().IPv4ForwardingDisabled)
-	v.SetBool("Debug", os.Getenv("DEBUG") != "")
-	v.SetInt("NFd", utils.GetTotalUsedFds())
-	v.SetInt("NGoroutines", runtime.NumGoroutine())
-	v.Set("ExecutionDriver", srv.daemon.ExecutionDriver().Name())
-	v.SetInt("NEventsListener", env.GetInt("count"))
-	v.Set("KernelVersion", kernelVersion)
-	v.Set("OperatingSystem", operatingSystem)
-	v.Set("IndexServerAddress", registry.IndexServerAddress())
-	v.Set("InitSha1", dockerversion.INITSHA1)
-	v.Set("InitPath", initPath)
-	v.SetList("Sockets", srv.daemon.Sockets)
-	if _, err := v.WriteTo(job.Stdout); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
 func (srv *Server) SetRunning(status bool) {
 	srv.Lock()
 	defer srv.Unlock()

From 1e2878c9bbda2341bfc0a3700a19abec33a9a3a5 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 8 Aug 2014 06:58:58 +0000
Subject: [PATCH 402/516] Move "pull" and "push" to graph/pull.go and
 graph/push.go

This is part of the ongoing effort to remove the deprecated server/
package, and generally cleanup and simplify the codebase.

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 6856a6b110caa463a06cae456fc53e93c6adf9d1
Component: engine
---
 components/engine/graph/pools_test.go        |  41 ++
 components/engine/graph/pull.go              | 300 ++++++++++
 components/engine/graph/push.go              | 249 ++++++++
 components/engine/graph/service.go           |   2 +
 components/engine/graph/tags.go              |  49 ++
 components/engine/server/image.go            | 569 -------------------
 components/engine/server/init.go             |   8 +-
 components/engine/server/server.go           |   8 +-
 components/engine/server/server_unit_test.go |  41 --
 9 files changed, 646 insertions(+), 621 deletions(-)
 create mode 100644 components/engine/graph/pools_test.go
 create mode 100644 components/engine/graph/pull.go
 create mode 100644 components/engine/graph/push.go
 delete mode 100644 components/engine/server/server_unit_test.go

diff --git a/components/engine/graph/pools_test.go b/components/engine/graph/pools_test.go
new file mode 100644
index 0000000000..785a4bd122
--- /dev/null
+++ b/components/engine/graph/pools_test.go
@@ -0,0 +1,41 @@
+package graph
+
+import "testing"
+
+func TestPools(t *testing.T) {
+	s := &TagStore{
+		pullingPool: make(map[string]chan struct{}),
+		pushingPool: make(map[string]chan struct{}),
+	}
+
+	if _, err := s.poolAdd("pull", "test1"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.poolAdd("pull", "test2"); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := s.poolAdd("push", "test1"); err == nil || err.Error() != "pull test1 is already in progress" {
+		t.Fatalf("Expected `pull test1 is already in progress`")
+	}
+	if _, err := s.poolAdd("pull", "test1"); err == nil || err.Error() != "pull test1 is already in progress" {
+		t.Fatalf("Expected `pull test1 is already in progress`")
+	}
+	if _, err := s.poolAdd("wait", "test3"); err == nil || err.Error() != "Unknown pool type" {
+		t.Fatalf("Expected `Unknown pool type`")
+	}
+	if err := s.poolRemove("pull", "test2"); err != nil {
+		t.Fatal(err)
+	}
+	if err := s.poolRemove("pull", "test2"); err != nil {
+		t.Fatal(err)
+	}
+	if err := s.poolRemove("pull", "test1"); err != nil {
+		t.Fatal(err)
+	}
+	if err := s.poolRemove("push", "test1"); err != nil {
+		t.Fatal(err)
+	}
+	if err := s.poolRemove("wait", "test3"); err == nil || err.Error() != "Unknown pool type" {
+		t.Fatalf("Expected `Unknown pool type`")
+	}
+}
diff --git a/components/engine/graph/pull.go b/components/engine/graph/pull.go
new file mode 100644
index 0000000000..b2c6f31504
--- /dev/null
+++ b/components/engine/graph/pull.go
@@ -0,0 +1,300 @@
+package graph
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/image"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+func (s *TagStore) CmdPull(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 && n != 2 {
+		return job.Errorf("Usage: %s IMAGE [TAG]", job.Name)
+	}
+	var (
+		localName   = job.Args[0]
+		tag         string
+		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
+		authConfig  = &registry.AuthConfig{}
+		metaHeaders map[string][]string
+	)
+	if len(job.Args) > 1 {
+		tag = job.Args[1]
+	}
+
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("metaHeaders", &metaHeaders)
+
+	c, err := s.poolAdd("pull", localName+":"+tag)
+	if err != nil {
+		if c != nil {
+			// Another pull of the same repository is already taking place; just wait for it to finish
+			job.Stdout.Write(sf.FormatStatus("", "Repository %s already being pulled by another client. Waiting.", localName))
+			<-c
+			return engine.StatusOK
+		}
+		return job.Error(err)
+	}
+	defer s.poolRemove("pull", localName+":"+tag)
+
+	// Resolve the Repository name from fqn to endpoint + name
+	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	r, err := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	if endpoint == registry.IndexServerAddress() {
+		// If pull "index.docker.io/foo/bar", it's stored locally under "foo/bar"
+		localName = remoteName
+	}
+
+	if err = s.pullRepository(r, job.Stdout, localName, remoteName, tag, sf, job.GetenvBool("parallel")); err != nil {
+		return job.Error(err)
+	}
+
+	return engine.StatusOK
+}
+
+func (s *TagStore) pullRepository(r *registry.Registry, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
+	out.Write(sf.FormatStatus("", "Pulling repository %s", localName))
+
+	repoData, err := r.GetRepositoryData(remoteName)
+	if err != nil {
+		if strings.Contains(err.Error(), "HTTP code: 404") {
+			return fmt.Errorf("Error: image %s not found", remoteName)
+		} else {
+			// Unexpected HTTP error
+			return err
+		}
+	}
+
+	utils.Debugf("Retrieving the tag list")
+	tagsList, err := r.GetRemoteTags(repoData.Endpoints, remoteName, repoData.Tokens)
+	if err != nil {
+		utils.Errorf("%v", err)
+		return err
+	}
+
+	for tag, id := range tagsList {
+		repoData.ImgList[id] = &registry.ImgData{
+			ID:       id,
+			Tag:      tag,
+			Checksum: "",
+		}
+	}
+
+	utils.Debugf("Registering tags")
+	// If no tag has been specified, pull them all
+	if askedTag == "" {
+		for tag, id := range tagsList {
+			repoData.ImgList[id].Tag = tag
+		}
+	} else {
+		// Otherwise, check that the tag exists and use only that one
+		id, exists := tagsList[askedTag]
+		if !exists {
+			return fmt.Errorf("Tag %s not found in repository %s", askedTag, localName)
+		}
+		repoData.ImgList[id].Tag = askedTag
+	}
+
+	errors := make(chan error)
+	for _, image := range repoData.ImgList {
+		downloadImage := func(img *registry.ImgData) {
+			if askedTag != "" && img.Tag != askedTag {
+				utils.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+
+			if img.Tag == "" {
+				utils.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+
+			// ensure no two downloads of the same image happen at the same time
+			if c, err := s.poolAdd("pull", "img:"+img.ID); err != nil {
+				if c != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Layer already being pulled by another client. Waiting.", nil))
+					<-c
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
+				} else {
+					utils.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
+				}
+				if parallel {
+					errors <- nil
+				}
+				return
+			}
+			defer s.poolRemove("pull", "img:"+img.ID)
+
+			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s", img.Tag, localName), nil))
+			success := false
+			var lastErr error
+			for _, ep := range repoData.Endpoints {
+				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, endpoint: %s", img.Tag, localName, ep), nil))
+				if err := s.pullImage(r, out, img.ID, ep, repoData.Tokens, sf); err != nil {
+					// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
+					// As the error is also given to the output stream the user will see the error.
+					lastErr = err
+					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, localName, ep, err), nil))
+					continue
+				}
+				success = true
+				break
+			}
+			if !success {
+				err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, localName, lastErr)
+				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), err.Error(), nil))
+				if parallel {
+					errors <- err
+					return
+				}
+			}
+			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
+
+			if parallel {
+				errors <- nil
+			}
+		}
+
+		if parallel {
+			go downloadImage(image)
+		} else {
+			downloadImage(image)
+		}
+	}
+	if parallel {
+		var lastError error
+		for i := 0; i < len(repoData.ImgList); i++ {
+			if err := <-errors; err != nil {
+				lastError = err
+			}
+		}
+		if lastError != nil {
+			return lastError
+		}
+
+	}
+	for tag, id := range tagsList {
+		if askedTag != "" && tag != askedTag {
+			continue
+		}
+		if err := s.Set(localName, tag, id, true); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *TagStore) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
+	history, err := r.GetRemoteHistory(imgID, endpoint, token)
+	if err != nil {
+		return err
+	}
+	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pulling dependent layers", nil))
+	// FIXME: Try to stream the images?
+	// FIXME: Launch the getRemoteImage() in goroutines
+
+	for i := len(history) - 1; i >= 0; i-- {
+		id := history[i]
+
+		// ensure no two downloads of the same layer happen at the same time
+		if c, err := s.poolAdd("pull", "layer:"+id); err != nil {
+			utils.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
+			<-c
+		}
+		defer s.poolRemove("pull", "layer:"+id)
+
+		if !s.graph.Exists(id) {
+			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
+			var (
+				imgJSON []byte
+				imgSize int
+				err     error
+				img     *image.Image
+			)
+			retries := 5
+			for j := 1; j <= retries; j++ {
+				imgJSON, imgSize, err = r.GetRemoteImageJSON(id, endpoint, token)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return err
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				}
+				img, err = image.NewImgJSON(imgJSON)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return fmt.Errorf("Failed to parse json: %s", err)
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else {
+					break
+				}
+			}
+
+			for j := 1; j <= retries; j++ {
+				// Get the layer
+				status := "Pulling fs layer"
+				if j > 1 {
+					status = fmt.Sprintf("Pulling fs layer [retries: %d]", j)
+				}
+				out.Write(sf.FormatProgress(utils.TruncateID(id), status, nil))
+				layer, err := r.GetRemoteImageLayer(img.ID, endpoint, token, int64(imgSize))
+				if uerr, ok := err.(*url.Error); ok {
+					err = uerr.Err
+				}
+				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else if err != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return err
+				}
+				defer layer.Close()
+
+				err = s.graph.Register(imgJSON,
+					utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"),
+					img)
+				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else if err != nil {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil))
+					return err
+				} else {
+					break
+				}
+			}
+		}
+		out.Write(sf.FormatProgress(utils.TruncateID(id), "Download complete", nil))
+
+	}
+	return nil
+}
diff --git a/components/engine/graph/push.go b/components/engine/graph/push.go
new file mode 100644
index 0000000000..8cfa6c2b40
--- /dev/null
+++ b/components/engine/graph/push.go
@@ -0,0 +1,249 @@
+package graph
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/engine"
+	"github.com/docker/docker/registry"
+	"github.com/docker/docker/utils"
+)
+
+// Retrieve the all the images to be uploaded in the correct order
+func (s *TagStore) getImageList(localRepo map[string]string, requestedTag string) ([]string, map[string][]string, error) {
+	var (
+		imageList   []string
+		imagesSeen  map[string]bool     = make(map[string]bool)
+		tagsByImage map[string][]string = make(map[string][]string)
+	)
+
+	for tag, id := range localRepo {
+		if requestedTag != "" && requestedTag != tag {
+			continue
+		}
+		var imageListForThisTag []string
+
+		tagsByImage[id] = append(tagsByImage[id], tag)
+
+		for img, err := s.graph.Get(id); img != nil; img, err = img.GetParent() {
+			if err != nil {
+				return nil, nil, err
+			}
+
+			if imagesSeen[img.ID] {
+				// This image is already on the list, we can ignore it and all its parents
+				break
+			}
+
+			imagesSeen[img.ID] = true
+			imageListForThisTag = append(imageListForThisTag, img.ID)
+		}
+
+		// reverse the image list for this tag (so the "most"-parent image is first)
+		for i, j := 0, len(imageListForThisTag)-1; i < j; i, j = i+1, j-1 {
+			imageListForThisTag[i], imageListForThisTag[j] = imageListForThisTag[j], imageListForThisTag[i]
+		}
+
+		// append to main image list
+		imageList = append(imageList, imageListForThisTag...)
+	}
+	if len(imageList) == 0 {
+		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
+	}
+	utils.Debugf("Image list: %v", imageList)
+	utils.Debugf("Tags by image: %v", tagsByImage)
+
+	return imageList, tagsByImage, nil
+}
+
+func (s *TagStore) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
+	out = utils.NewWriteFlusher(out)
+	utils.Debugf("Local repo: %s", localRepo)
+	imgList, tagsByImage, err := s.getImageList(localRepo, tag)
+	if err != nil {
+		return err
+	}
+
+	out.Write(sf.FormatStatus("", "Sending image list"))
+
+	var (
+		repoData   *registry.RepositoryData
+		imageIndex []*registry.ImgData
+	)
+
+	for _, imgId := range imgList {
+		if tags, exists := tagsByImage[imgId]; exists {
+			// If an image has tags you must add an entry in the image index
+			// for each tag
+			for _, tag := range tags {
+				imageIndex = append(imageIndex, &registry.ImgData{
+					ID:  imgId,
+					Tag: tag,
+				})
+			}
+		} else {
+			// If the image does not have a tag it still needs to be sent to the
+			// registry with an empty tag so that it is accociated with the repository
+			imageIndex = append(imageIndex, &registry.ImgData{
+				ID:  imgId,
+				Tag: "",
+			})
+
+		}
+	}
+
+	utils.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
+	for _, data := range imageIndex {
+		utils.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
+	}
+
+	// Register all the images in a repository with the registry
+	// If an image is not in this list it will not be associated with the repository
+	repoData, err = r.PushImageJSONIndex(remoteName, imageIndex, false, nil)
+	if err != nil {
+		return err
+	}
+
+	nTag := 1
+	if tag == "" {
+		nTag = len(localRepo)
+	}
+	for _, ep := range repoData.Endpoints {
+		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, nTag))
+
+		for _, imgId := range imgList {
+			if r.LookupRemoteImage(imgId, ep, repoData.Tokens) {
+				out.Write(sf.FormatStatus("", "Image %s already pushed, skipping", utils.TruncateID(imgId)))
+			} else {
+				if _, err := s.pushImage(r, out, remoteName, imgId, ep, repoData.Tokens, sf); err != nil {
+					// FIXME: Continue on error?
+					return err
+				}
+			}
+
+			for _, tag := range tagsByImage[imgId] {
+				out.Write(sf.FormatStatus("", "Pushing tag for rev [%s] on {%s}", utils.TruncateID(imgId), ep+"repositories/"+remoteName+"/tags/"+tag))
+
+				if err := r.PushRegistryTag(remoteName, imgId, tag, ep, repoData.Tokens); err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	if _, err := r.PushImageJSONIndex(remoteName, imageIndex, true, repoData.Endpoints); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *TagStore) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
+	out = utils.NewWriteFlusher(out)
+	jsonRaw, err := ioutil.ReadFile(path.Join(s.graph.Root, imgID, "json"))
+	if err != nil {
+		return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err)
+	}
+	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pushing", nil))
+
+	imgData := &registry.ImgData{
+		ID: imgID,
+	}
+
+	// Send the json
+	if err := r.PushImageJSONRegistry(imgData, jsonRaw, ep, token); err != nil {
+		if err == registry.ErrAlreadyExists {
+			out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image already pushed, skipping", nil))
+			return "", nil
+		}
+		return "", err
+	}
+
+	layerData, err := s.graph.TempLayerArchive(imgID, archive.Uncompressed, sf, out)
+	if err != nil {
+		return "", fmt.Errorf("Failed to generate layer archive: %s", err)
+	}
+	defer os.RemoveAll(layerData.Name())
+
+	// Send the layer
+	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
+
+	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
+	if err != nil {
+		return "", err
+	}
+	imgData.Checksum = checksum
+	imgData.ChecksumPayload = checksumPayload
+	// Send the checksum
+	if err := r.PushImageChecksumRegistry(imgData, ep, token); err != nil {
+		return "", err
+	}
+
+	out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image successfully pushed", nil))
+	return imgData.Checksum, nil
+}
+
+// FIXME: Allow to interrupt current push when new push of same image is done.
+func (s *TagStore) CmdPush(job *engine.Job) engine.Status {
+	if n := len(job.Args); n != 1 {
+		return job.Errorf("Usage: %s IMAGE", job.Name)
+	}
+	var (
+		localName   = job.Args[0]
+		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
+		authConfig  = &registry.AuthConfig{}
+		metaHeaders map[string][]string
+	)
+
+	tag := job.Getenv("tag")
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("metaHeaders", &metaHeaders)
+	if _, err := s.poolAdd("push", localName); err != nil {
+		return job.Error(err)
+	}
+	defer s.poolRemove("push", localName)
+
+	// Resolve the Repository name from fqn to endpoint + name
+	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
+
+	img, err := s.graph.Get(localName)
+	r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
+	if err2 != nil {
+		return job.Error(err2)
+	}
+
+	if err != nil {
+		reposLen := 1
+		if tag == "" {
+			reposLen = len(s.Repositories[localName])
+		}
+		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
+		// If it fails, try to get the repository
+		if localRepo, exists := s.Repositories[localName]; exists {
+			if err := s.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil {
+				return job.Error(err)
+			}
+			return engine.StatusOK
+		}
+		return job.Error(err)
+	}
+
+	var token []string
+	job.Stdout.Write(sf.FormatStatus("", "The push refers to an image: [%s]", localName))
+	if _, err := s.pushImage(r, job.Stdout, remoteName, img.ID, endpoint, token, sf); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index 74d6226d0a..ef48c0b064 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -23,6 +23,8 @@ func (s *TagStore) Install(eng *engine.Engine) error {
 		"viz":            s.CmdViz,
 		"load":           s.CmdLoad,
 		"import":         s.CmdImport,
+		"pull":           s.CmdPull,
+		"push":           s.CmdPush,
 	} {
 		if err := eng.Register(name, handler); err != nil {
 			return fmt.Errorf("Could not register %q: %v", name, err)
diff --git a/components/engine/graph/tags.go b/components/engine/graph/tags.go
index f2a0646acb..30176ae071 100644
--- a/components/engine/graph/tags.go
+++ b/components/engine/graph/tags.go
@@ -22,6 +22,10 @@ type TagStore struct {
 	graph        *Graph
 	Repositories map[string]Repository
 	sync.Mutex
+	// FIXME: move push/pull-related fields
+	// to a helper type
+	pullingPool map[string]chan struct{}
+	pushingPool map[string]chan struct{}
 }
 
 type Repository map[string]string
@@ -35,6 +39,8 @@ func NewTagStore(path string, graph *Graph) (*TagStore, error) {
 		path:         abspath,
 		graph:        graph,
 		Repositories: make(map[string]Repository),
+		pullingPool:  make(map[string]chan struct{}),
+		pushingPool:  make(map[string]chan struct{}),
 	}
 	// Load the json file if it exists, otherwise create it.
 	if err := store.reload(); os.IsNotExist(err) {
@@ -263,3 +269,46 @@ func validateTagName(name string) error {
 	}
 	return nil
 }
+
+func (s *TagStore) poolAdd(kind, key string) (chan struct{}, error) {
+	s.Lock()
+	defer s.Unlock()
+
+	if c, exists := s.pullingPool[key]; exists {
+		return c, fmt.Errorf("pull %s is already in progress", key)
+	}
+	if c, exists := s.pushingPool[key]; exists {
+		return c, fmt.Errorf("push %s is already in progress", key)
+	}
+
+	c := make(chan struct{})
+	switch kind {
+	case "pull":
+		s.pullingPool[key] = c
+	case "push":
+		s.pushingPool[key] = c
+	default:
+		return nil, fmt.Errorf("Unknown pool type")
+	}
+	return c, nil
+}
+
+func (s *TagStore) poolRemove(kind, key string) error {
+	s.Lock()
+	defer s.Unlock()
+	switch kind {
+	case "pull":
+		if c, exists := s.pullingPool[key]; exists {
+			close(c)
+			delete(s.pullingPool, key)
+		}
+	case "push":
+		if c, exists := s.pushingPool[key]; exists {
+			close(c)
+			delete(s.pushingPool, key)
+		}
+	default:
+		return fmt.Errorf("Unknown pool type")
+	}
+	return nil
+}
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
index 5cde8dd63e..d508cb62f6 100644
--- a/components/engine/server/image.go
+++ b/components/engine/server/image.go
@@ -5,21 +5,15 @@
 package server
 
 import (
-	"fmt"
 	"io"
 	"io/ioutil"
-	"net"
-	"net/url"
 	"os"
 	"os/exec"
-	"path"
 	"strings"
-	"time"
 
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
@@ -104,566 +98,3 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 	}
 	return engine.StatusOK
 }
-
-func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
-	history, err := r.GetRemoteHistory(imgID, endpoint, token)
-	if err != nil {
-		return err
-	}
-	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pulling dependent layers", nil))
-	// FIXME: Try to stream the images?
-	// FIXME: Launch the getRemoteImage() in goroutines
-
-	for i := len(history) - 1; i >= 0; i-- {
-		id := history[i]
-
-		// ensure no two downloads of the same layer happen at the same time
-		if c, err := srv.poolAdd("pull", "layer:"+id); err != nil {
-			utils.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
-			<-c
-		}
-		defer srv.poolRemove("pull", "layer:"+id)
-
-		if !srv.daemon.Graph().Exists(id) {
-			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
-			var (
-				imgJSON []byte
-				imgSize int
-				err     error
-				img     *image.Image
-			)
-			retries := 5
-			for j := 1; j <= retries; j++ {
-				imgJSON, imgSize, err = r.GetRemoteImageJSON(id, endpoint, token)
-				if err != nil && j == retries {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return err
-				} else if err != nil {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				}
-				img, err = image.NewImgJSON(imgJSON)
-				if err != nil && j == retries {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return fmt.Errorf("Failed to parse json: %s", err)
-				} else if err != nil {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else {
-					break
-				}
-			}
-
-			for j := 1; j <= retries; j++ {
-				// Get the layer
-				status := "Pulling fs layer"
-				if j > 1 {
-					status = fmt.Sprintf("Pulling fs layer [retries: %d]", j)
-				}
-				out.Write(sf.FormatProgress(utils.TruncateID(id), status, nil))
-				layer, err := r.GetRemoteImageLayer(img.ID, endpoint, token, int64(imgSize))
-				if uerr, ok := err.(*url.Error); ok {
-					err = uerr.Err
-				}
-				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else if err != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-					return err
-				}
-				defer layer.Close()
-
-				err = srv.daemon.Graph().Register(imgJSON,
-					utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"),
-					img)
-				if terr, ok := err.(net.Error); ok && terr.Timeout() && j < retries {
-					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
-					continue
-				} else if err != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil))
-					return err
-				} else {
-					break
-				}
-			}
-		}
-		out.Write(sf.FormatProgress(utils.TruncateID(id), "Download complete", nil))
-
-	}
-	return nil
-}
-
-func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
-	out.Write(sf.FormatStatus("", "Pulling repository %s", localName))
-
-	repoData, err := r.GetRepositoryData(remoteName)
-	if err != nil {
-		if strings.Contains(err.Error(), "HTTP code: 404") {
-			return fmt.Errorf("Error: image %s not found", remoteName)
-		} else {
-			// Unexpected HTTP error
-			return err
-		}
-	}
-
-	utils.Debugf("Retrieving the tag list")
-	tagsList, err := r.GetRemoteTags(repoData.Endpoints, remoteName, repoData.Tokens)
-	if err != nil {
-		utils.Errorf("%v", err)
-		return err
-	}
-
-	for tag, id := range tagsList {
-		repoData.ImgList[id] = &registry.ImgData{
-			ID:       id,
-			Tag:      tag,
-			Checksum: "",
-		}
-	}
-
-	utils.Debugf("Registering tags")
-	// If no tag has been specified, pull them all
-	if askedTag == "" {
-		for tag, id := range tagsList {
-			repoData.ImgList[id].Tag = tag
-		}
-	} else {
-		// Otherwise, check that the tag exists and use only that one
-		id, exists := tagsList[askedTag]
-		if !exists {
-			return fmt.Errorf("Tag %s not found in repository %s", askedTag, localName)
-		}
-		repoData.ImgList[id].Tag = askedTag
-	}
-
-	errors := make(chan error)
-	for _, image := range repoData.ImgList {
-		downloadImage := func(img *registry.ImgData) {
-			if askedTag != "" && img.Tag != askedTag {
-				utils.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-
-			if img.Tag == "" {
-				utils.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-
-			// ensure no two downloads of the same image happen at the same time
-			if c, err := srv.poolAdd("pull", "img:"+img.ID); err != nil {
-				if c != nil {
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Layer already being pulled by another client. Waiting.", nil))
-					<-c
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
-				} else {
-					utils.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
-				}
-				if parallel {
-					errors <- nil
-				}
-				return
-			}
-			defer srv.poolRemove("pull", "img:"+img.ID)
-
-			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s", img.Tag, localName), nil))
-			success := false
-			var lastErr error
-			for _, ep := range repoData.Endpoints {
-				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, endpoint: %s", img.Tag, localName, ep), nil))
-				if err := srv.pullImage(r, out, img.ID, ep, repoData.Tokens, sf); err != nil {
-					// It's not ideal that only the last error is returned, it would be better to concatenate the errors.
-					// As the error is also given to the output stream the user will see the error.
-					lastErr = err
-					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, localName, ep, err), nil))
-					continue
-				}
-				success = true
-				break
-			}
-			if !success {
-				err := fmt.Errorf("Error pulling image (%s) from %s, %v", img.Tag, localName, lastErr)
-				out.Write(sf.FormatProgress(utils.TruncateID(img.ID), err.Error(), nil))
-				if parallel {
-					errors <- err
-					return
-				}
-			}
-			out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
-
-			if parallel {
-				errors <- nil
-			}
-		}
-
-		if parallel {
-			go downloadImage(image)
-		} else {
-			downloadImage(image)
-		}
-	}
-	if parallel {
-		var lastError error
-		for i := 0; i < len(repoData.ImgList); i++ {
-			if err := <-errors; err != nil {
-				lastError = err
-			}
-		}
-		if lastError != nil {
-			return lastError
-		}
-
-	}
-	for tag, id := range tagsList {
-		if askedTag != "" && tag != askedTag {
-			continue
-		}
-		if err := srv.daemon.Repositories().Set(localName, tag, id, true); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (srv *Server) ImagePull(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 && n != 2 {
-		return job.Errorf("Usage: %s IMAGE [TAG]", job.Name)
-	}
-	var (
-		localName   = job.Args[0]
-		tag         string
-		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &registry.AuthConfig{}
-		metaHeaders map[string][]string
-	)
-	if len(job.Args) > 1 {
-		tag = job.Args[1]
-	}
-
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("metaHeaders", &metaHeaders)
-
-	c, err := srv.poolAdd("pull", localName+":"+tag)
-	if err != nil {
-		if c != nil {
-			// Another pull of the same repository is already taking place; just wait for it to finish
-			job.Stdout.Write(sf.FormatStatus("", "Repository %s already being pulled by another client. Waiting.", localName))
-			<-c
-			return engine.StatusOK
-		}
-		return job.Error(err)
-	}
-	defer srv.poolRemove("pull", localName+":"+tag)
-
-	// Resolve the Repository name from fqn to endpoint + name
-	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	r, err := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	if endpoint == registry.IndexServerAddress() {
-		// If pull "index.docker.io/foo/bar", it's stored locally under "foo/bar"
-		localName = remoteName
-	}
-
-	if err = srv.pullRepository(r, job.Stdout, localName, remoteName, tag, sf, job.GetenvBool("parallel")); err != nil {
-		return job.Error(err)
-	}
-
-	return engine.StatusOK
-}
-
-// Retrieve the all the images to be uploaded in the correct order
-func (srv *Server) getImageList(localRepo map[string]string, requestedTag string) ([]string, map[string][]string, error) {
-	var (
-		imageList   []string
-		imagesSeen  map[string]bool     = make(map[string]bool)
-		tagsByImage map[string][]string = make(map[string][]string)
-	)
-
-	for tag, id := range localRepo {
-		if requestedTag != "" && requestedTag != tag {
-			continue
-		}
-		var imageListForThisTag []string
-
-		tagsByImage[id] = append(tagsByImage[id], tag)
-
-		for img, err := srv.daemon.Graph().Get(id); img != nil; img, err = img.GetParent() {
-			if err != nil {
-				return nil, nil, err
-			}
-
-			if imagesSeen[img.ID] {
-				// This image is already on the list, we can ignore it and all its parents
-				break
-			}
-
-			imagesSeen[img.ID] = true
-			imageListForThisTag = append(imageListForThisTag, img.ID)
-		}
-
-		// reverse the image list for this tag (so the "most"-parent image is first)
-		for i, j := 0, len(imageListForThisTag)-1; i < j; i, j = i+1, j-1 {
-			imageListForThisTag[i], imageListForThisTag[j] = imageListForThisTag[j], imageListForThisTag[i]
-		}
-
-		// append to main image list
-		imageList = append(imageList, imageListForThisTag...)
-	}
-	if len(imageList) == 0 {
-		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
-	}
-	utils.Debugf("Image list: %v", imageList)
-	utils.Debugf("Tags by image: %v", tagsByImage)
-
-	return imageList, tagsByImage, nil
-}
-
-func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
-	out = utils.NewWriteFlusher(out)
-	utils.Debugf("Local repo: %s", localRepo)
-	imgList, tagsByImage, err := srv.getImageList(localRepo, tag)
-	if err != nil {
-		return err
-	}
-
-	out.Write(sf.FormatStatus("", "Sending image list"))
-
-	var (
-		repoData   *registry.RepositoryData
-		imageIndex []*registry.ImgData
-	)
-
-	for _, imgId := range imgList {
-		if tags, exists := tagsByImage[imgId]; exists {
-			// If an image has tags you must add an entry in the image index
-			// for each tag
-			for _, tag := range tags {
-				imageIndex = append(imageIndex, &registry.ImgData{
-					ID:  imgId,
-					Tag: tag,
-				})
-			}
-		} else {
-			// If the image does not have a tag it still needs to be sent to the
-			// registry with an empty tag so that it is accociated with the repository
-			imageIndex = append(imageIndex, &registry.ImgData{
-				ID:  imgId,
-				Tag: "",
-			})
-
-		}
-	}
-
-	utils.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
-	for _, data := range imageIndex {
-		utils.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
-	}
-
-	// Register all the images in a repository with the registry
-	// If an image is not in this list it will not be associated with the repository
-	repoData, err = r.PushImageJSONIndex(remoteName, imageIndex, false, nil)
-	if err != nil {
-		return err
-	}
-
-	nTag := 1
-	if tag == "" {
-		nTag = len(localRepo)
-	}
-	for _, ep := range repoData.Endpoints {
-		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, nTag))
-
-		for _, imgId := range imgList {
-			if r.LookupRemoteImage(imgId, ep, repoData.Tokens) {
-				out.Write(sf.FormatStatus("", "Image %s already pushed, skipping", utils.TruncateID(imgId)))
-			} else {
-				if _, err := srv.pushImage(r, out, remoteName, imgId, ep, repoData.Tokens, sf); err != nil {
-					// FIXME: Continue on error?
-					return err
-				}
-			}
-
-			for _, tag := range tagsByImage[imgId] {
-				out.Write(sf.FormatStatus("", "Pushing tag for rev [%s] on {%s}", utils.TruncateID(imgId), ep+"repositories/"+remoteName+"/tags/"+tag))
-
-				if err := r.PushRegistryTag(remoteName, imgId, tag, ep, repoData.Tokens); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	if _, err := r.PushImageJSONIndex(remoteName, imageIndex, true, repoData.Endpoints); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
-	out = utils.NewWriteFlusher(out)
-	jsonRaw, err := ioutil.ReadFile(path.Join(srv.daemon.Graph().Root, imgID, "json"))
-	if err != nil {
-		return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err)
-	}
-	out.Write(sf.FormatProgress(utils.TruncateID(imgID), "Pushing", nil))
-
-	imgData := &registry.ImgData{
-		ID: imgID,
-	}
-
-	// Send the json
-	if err := r.PushImageJSONRegistry(imgData, jsonRaw, ep, token); err != nil {
-		if err == registry.ErrAlreadyExists {
-			out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image already pushed, skipping", nil))
-			return "", nil
-		}
-		return "", err
-	}
-
-	layerData, err := srv.daemon.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out)
-	if err != nil {
-		return "", fmt.Errorf("Failed to generate layer archive: %s", err)
-	}
-	defer os.RemoveAll(layerData.Name())
-
-	// Send the layer
-	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
-
-	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
-	if err != nil {
-		return "", err
-	}
-	imgData.Checksum = checksum
-	imgData.ChecksumPayload = checksumPayload
-	// Send the checksum
-	if err := r.PushImageChecksumRegistry(imgData, ep, token); err != nil {
-		return "", err
-	}
-
-	out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image successfully pushed", nil))
-	return imgData.Checksum, nil
-}
-
-// FIXME: Allow to interrupt current push when new push of same image is done.
-func (srv *Server) ImagePush(job *engine.Job) engine.Status {
-	if n := len(job.Args); n != 1 {
-		return job.Errorf("Usage: %s IMAGE", job.Name)
-	}
-	var (
-		localName   = job.Args[0]
-		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &registry.AuthConfig{}
-		metaHeaders map[string][]string
-	)
-
-	tag := job.Getenv("tag")
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("metaHeaders", &metaHeaders)
-	if _, err := srv.poolAdd("push", localName); err != nil {
-		return job.Error(err)
-	}
-	defer srv.poolRemove("push", localName)
-
-	// Resolve the Repository name from fqn to endpoint + name
-	hostname, remoteName, err := registry.ResolveRepositoryName(localName)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname)
-	if err != nil {
-		return job.Error(err)
-	}
-
-	img, err := srv.daemon.Graph().Get(localName)
-	r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
-	if err2 != nil {
-		return job.Error(err2)
-	}
-
-	if err != nil {
-		reposLen := 1
-		if tag == "" {
-			reposLen = len(srv.daemon.Repositories().Repositories[localName])
-		}
-		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
-		// If it fails, try to get the repository
-		if localRepo, exists := srv.daemon.Repositories().Repositories[localName]; exists {
-			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil {
-				return job.Error(err)
-			}
-			return engine.StatusOK
-		}
-		return job.Error(err)
-	}
-
-	var token []string
-	job.Stdout.Write(sf.FormatStatus("", "The push refers to an image: [%s]", localName))
-	if _, err := srv.pushImage(r, job.Stdout, remoteName, img.ID, endpoint, token, sf); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func (srv *Server) poolAdd(kind, key string) (chan struct{}, error) {
-	srv.Lock()
-	defer srv.Unlock()
-
-	if c, exists := srv.pullingPool[key]; exists {
-		return c, fmt.Errorf("pull %s is already in progress", key)
-	}
-	if c, exists := srv.pushingPool[key]; exists {
-		return c, fmt.Errorf("push %s is already in progress", key)
-	}
-
-	c := make(chan struct{})
-	switch kind {
-	case "pull":
-		srv.pullingPool[key] = c
-	case "push":
-		srv.pushingPool[key] = c
-	default:
-		return nil, fmt.Errorf("Unknown pool type")
-	}
-	return c, nil
-}
-
-func (srv *Server) poolRemove(kind, key string) error {
-	srv.Lock()
-	defer srv.Unlock()
-	switch kind {
-	case "pull":
-		if c, exists := srv.pullingPool[key]; exists {
-			close(c)
-			delete(srv.pullingPool, key)
-		}
-	case "push":
-		if c, exists := srv.pushingPool[key]; exists {
-			close(c)
-			delete(srv.pushingPool, key)
-		}
-	default:
-		return fmt.Errorf("Unknown pool type")
-	}
-	return nil
-}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 3738d0c541..15eeb1cf15 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -33,8 +33,6 @@ func InitServer(job *engine.Job) engine.Status {
 
 	for name, handler := range map[string]engine.Handler{
 		"build": srv.Build,
-		"pull":  srv.ImagePull,
-		"push":  srv.ImagePush,
 	} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)
@@ -59,10 +57,8 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error)
 		return nil, err
 	}
 	srv := &Server{
-		Eng:         eng,
-		daemon:      daemon,
-		pullingPool: make(map[string]chan struct{}),
-		pushingPool: make(map[string]chan struct{}),
+		Eng:    eng,
+		daemon: daemon,
 	}
 	return srv, nil
 }
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
index 21b271d87c..1b77e5efe1 100644
--- a/components/engine/server/server.go
+++ b/components/engine/server/server.go
@@ -30,9 +30,7 @@ import (
 
 type Server struct {
 	sync.RWMutex
-	daemon      *daemon.Daemon
-	pullingPool map[string]chan struct{}
-	pushingPool map[string]chan struct{}
-	Eng         *engine.Engine
-	tasks       sync.WaitGroup
+	daemon *daemon.Daemon
+	Eng    *engine.Engine
+	tasks  sync.WaitGroup
 }
diff --git a/components/engine/server/server_unit_test.go b/components/engine/server/server_unit_test.go
deleted file mode 100644
index 16f06c145e..0000000000
--- a/components/engine/server/server_unit_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package server
-
-import "testing"
-
-func TestPools(t *testing.T) {
-	srv := &Server{
-		pullingPool: make(map[string]chan struct{}),
-		pushingPool: make(map[string]chan struct{}),
-	}
-
-	if _, err := srv.poolAdd("pull", "test1"); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := srv.poolAdd("pull", "test2"); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := srv.poolAdd("push", "test1"); err == nil || err.Error() != "pull test1 is already in progress" {
-		t.Fatalf("Expected `pull test1 is already in progress`")
-	}
-	if _, err := srv.poolAdd("pull", "test1"); err == nil || err.Error() != "pull test1 is already in progress" {
-		t.Fatalf("Expected `pull test1 is already in progress`")
-	}
-	if _, err := srv.poolAdd("wait", "test3"); err == nil || err.Error() != "Unknown pool type" {
-		t.Fatalf("Expected `Unknown pool type`")
-	}
-	if err := srv.poolRemove("pull", "test2"); err != nil {
-		t.Fatal(err)
-	}
-	if err := srv.poolRemove("pull", "test2"); err != nil {
-		t.Fatal(err)
-	}
-	if err := srv.poolRemove("pull", "test1"); err != nil {
-		t.Fatal(err)
-	}
-	if err := srv.poolRemove("push", "test1"); err != nil {
-		t.Fatal(err)
-	}
-	if err := srv.poolRemove("wait", "test3"); err == nil || err.Error() != "Unknown pool type" {
-		t.Fatalf("Expected `Unknown pool type`")
-	}
-}

From f9e96cf7d4965f39353cac679db6d9d56c85b5bd Mon Sep 17 00:00:00 2001
From: Flavio Castelli <fcastelli@suse.com>
Date: Thu, 7 Aug 2014 15:41:23 +0200
Subject: [PATCH 403/516] Updated openSUSE's installation instructions

Cover network configuration and reference the official openSUSE image
inside of the examples.

Docker-DCO-1.1-Signed-off-by: Flavio Castelli <fcastelli@suse.com> (github: flavio)
Upstream-commit: 90e97960fa2282189f16b44a8699b3c6ec12e520
Component: engine
---
 .../docs/sources/installation/openSUSE.md      | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/installation/openSUSE.md b/components/engine/docs/sources/installation/openSUSE.md
index c03c74a811..5dd8dd00d2 100644
--- a/components/engine/docs/sources/installation/openSUSE.md
+++ b/components/engine/docs/sources/installation/openSUSE.md
@@ -51,9 +51,23 @@ Docker daemon. You can add users with:
 
 To verify that everything has worked as expected:
 
-    $ sudo docker run --rm -i -t ubuntu /bin/bash
+    $ sudo docker run --rm -i -t opensuse /bin/bash
+
+This should download and import the `opensuse` image, and then start `bash` in
+a container. To exit the container type `exit`.
+
+If you want your containers to be able to access the external network you must
+enable the `net.ipv4.ip_forward` rule.
+This can be done using YaST by browsing to the
+`Network Devices -> Network Settings -> Routing` menu and ensuring that the
+`Enable IPv4 Forwarding` box is checked.
+
+This option cannot be changed when networking is handled by the Network Manager.
+In such cases the `/etc/sysconfig/SuSEfirewall2` file needs to be edited by
+hand to ensure the `FW_ROUTE` flag is set to `yes` like so:
+
+    FW_ROUTE="yes"
 
-This should download and import the `ubuntu` image, and then start `bash` in a container. To exit the container type `exit`.
 
 **Done!**
 

From d6d8f8ffe072e9527ac80826bdde5e22f8744852 Mon Sep 17 00:00:00 2001
From: Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
Date: Thu, 31 Jul 2014 16:33:59 +0900
Subject: [PATCH 404/516] Use only unavailable image when load from Tarball

Docker-DCO-1.1-Signed-off-by: Satoshi Amemiya <satoshi_amemiya@voyagegroup.com> (github: rail44)
Upstream-commit: a34dd216119bd343eb4a1f68ad209816d7a3f4c9
Component: engine
---
 components/engine/archive/archive.go      | 17 ++++++++++++++++-
 components/engine/archive/archive_test.go |  6 +++++-
 components/engine/graph/load.go           | 12 +++++++++++-
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index eea8db364d..01ed298733 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -390,10 +390,18 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 //  identity (uncompressed), gzip, bzip2, xz.
 // FIXME: specify behavior when target path exists vs. doesn't exist.
 func Untar(archive io.Reader, dest string, options *TarOptions) error {
+	if options == nil {
+		options = &TarOptions{}
+	}
+
 	if archive == nil {
 		return fmt.Errorf("Empty archive")
 	}
 
+	if options.Excludes == nil {
+		options.Excludes = []string{}
+	}
+
 	decompressedArchive, err := DecompressStream(archive)
 	if err != nil {
 		return err
@@ -406,6 +414,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 	var dirs []*tar.Header
 
 	// Iterate through the files in the archive.
+loop:
 	for {
 		hdr, err := tr.Next()
 		if err == io.EOF {
@@ -419,6 +428,12 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 		// Normalize name, for safety and for a simple is-root check
 		hdr.Name = filepath.Clean(hdr.Name)
 
+		for _, exclude := range options.Excludes {
+			if strings.HasPrefix(hdr.Name, exclude) {
+				continue loop
+			}
+		}
+
 		if !strings.HasSuffix(hdr.Name, "/") {
 			// Not the root directory, ensure that the parent directory exists
 			parent := filepath.Dir(hdr.Name)
@@ -448,7 +463,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			}
 		}
 		trBuf.Reset(tr)
-		if err := createTarFile(path, dest, hdr, trBuf, options == nil || !options.NoLchown); err != nil {
+		if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown); err != nil {
 			return err
 		}
 
diff --git a/components/engine/archive/archive_test.go b/components/engine/archive/archive_test.go
index 6afe298317..b46f953228 100644
--- a/components/engine/archive/archive_test.go
+++ b/components/engine/archive/archive_test.go
@@ -109,6 +109,9 @@ func TestTarUntar(t *testing.T) {
 	if err := ioutil.WriteFile(path.Join(origin, "2"), []byte("welcome!"), 0700); err != nil {
 		t.Fatal(err)
 	}
+	if err := ioutil.WriteFile(path.Join(origin, "3"), []byte("will be ignored"), 0700); err != nil {
+		t.Fatal(err)
+	}
 
 	for _, c := range []Compression{
 		Uncompressed,
@@ -116,13 +119,14 @@ func TestTarUntar(t *testing.T) {
 	} {
 		changes, err := tarUntar(t, origin, &TarOptions{
 			Compression: c,
+			Excludes:    []string{"3"},
 		})
 
 		if err != nil {
 			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
 		}
 
-		if len(changes) != 0 {
+		if len(changes) != 1 || changes[0].Path != "/3" {
 			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
 		}
 	}
diff --git a/components/engine/graph/load.go b/components/engine/graph/load.go
index 5d84b82c28..b34c83a65a 100644
--- a/components/engine/graph/load.go
+++ b/components/engine/graph/load.go
@@ -43,7 +43,17 @@ func (s *TagStore) CmdLoad(job *engine.Job) engine.Status {
 	if err := os.Mkdir(repoDir, os.ModeDir); err != nil {
 		return job.Error(err)
 	}
-	if err := archive.Untar(repoFile, repoDir, nil); err != nil {
+	images, err := s.graph.Map()
+	if err != nil {
+		return job.Error(err)
+	}
+	excludes := make([]string, len(images))
+	i := 0
+	for k := range images {
+		excludes[i] = k
+		i++
+	}
+	if err := archive.Untar(repoFile, repoDir, &archive.TarOptions{Excludes: excludes}); err != nil {
 		return job.Error(err)
 	}
 

From 819d34fe2e364a44e14418d15a453c92cd1014b1 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Thu, 7 Aug 2014 14:23:28 -0700
Subject: [PATCH 405/516] fix parsing of hostnames when we actually want IP
 addresses.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 3c49cb17fb6014519925a069ad81c30ff41b3d7f
Component: engine
---
 components/engine/nat/nat.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/nat/nat.go b/components/engine/nat/nat.go
index ef89eaa0fe..643a2979c0 100644
--- a/components/engine/nat/nat.go
+++ b/components/engine/nat/nat.go
@@ -5,6 +5,7 @@ package nat
 
 import (
 	"fmt"
+	"net"
 	"strconv"
 	"strings"
 
@@ -114,6 +115,9 @@ func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding,
 			hostPort      = parts["hostPort"]
 		)
 
+		if rawIp != "" && net.ParseIP(rawIp) == nil {
+			return nil, nil, fmt.Errorf("Invalid ip address: %s", rawIp)
+		}
 		if containerPort == "" {
 			return nil, nil, fmt.Errorf("No port specified: %s<empty>", rawPort)
 		}
@@ -123,6 +127,7 @@ func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding,
 		if _, err := strconv.ParseUint(hostPort, 10, 16); hostPort != "" && err != nil {
 			return nil, nil, fmt.Errorf("Invalid hostPort: %s", hostPort)
 		}
+
 		if !validateProto(proto) {
 			return nil, nil, fmt.Errorf("Invalid proto: %s", proto)
 		}

From 0fdb50d0775aebd2539dc9180fb047a9f3e3f459 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Fri, 8 Aug 2014 14:18:35 -0700
Subject: [PATCH 406/516] First stab at nat tests.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 99a864431d7eb29840edb7aed78cb361eea7d6ac
Component: engine
---
 components/engine/nat/nat.go      |   4 +
 components/engine/nat/nat_test.go | 189 ++++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+)
 create mode 100644 components/engine/nat/nat_test.go

diff --git a/components/engine/nat/nat.go b/components/engine/nat/nat.go
index 643a2979c0..a2ad9083d0 100644
--- a/components/engine/nat/nat.go
+++ b/components/engine/nat/nat.go
@@ -69,6 +69,10 @@ func SplitProtoPort(rawPort string) (string, string) {
 		return "", ""
 	}
 	if l == 1 {
+		if rawPort == "" {
+			return "", "" // ""/tcp is not valid, ever
+		}
+
 		return "tcp", rawPort
 	}
 	return parts[1], parts[0]
diff --git a/components/engine/nat/nat_test.go b/components/engine/nat/nat_test.go
new file mode 100644
index 0000000000..80a6169c55
--- /dev/null
+++ b/components/engine/nat/nat_test.go
@@ -0,0 +1,189 @@
+package nat
+
+import (
+	"testing"
+)
+
+func TestParsePort(t *testing.T) {
+	var (
+		p   int
+		err error
+	)
+
+	p, err = ParsePort("1234")
+
+	if err != nil || p != 1234 {
+		t.Fatal("Parsing '1234' did not succeed")
+	}
+
+	// FIXME currently this is a valid port. I don't think it should be.
+	// I'm leaving this test commented out until we make a decision.
+	// - erikh
+
+	/*
+		p, err = ParsePort("0123")
+
+		if err != nil {
+		    t.Fatal("Successfully parsed port '0123' to '123'")
+		}
+	*/
+
+	p, err = ParsePort("asdf")
+
+	if err == nil || p != 0 {
+		t.Fatal("Parsing port 'asdf' succeeded")
+	}
+
+	p, err = ParsePort("1asdf")
+
+	if err == nil || p != 0 {
+		t.Fatal("Parsing port '1asdf' succeeded")
+	}
+}
+
+func TestPort(t *testing.T) {
+	p := NewPort("tcp", "1234")
+
+	if string(p) != "1234/tcp" {
+		t.Fatal("tcp, 1234 did not result in the string 1234/tcp")
+	}
+
+	if p.Proto() != "tcp" {
+		t.Fatal("protocol was not tcp")
+	}
+
+	if p.Port() != "1234" {
+		t.Fatal("port string value was not 1234")
+	}
+
+	if p.Int() != 1234 {
+		t.Fatal("port int value was not 1234")
+	}
+}
+
+func TestSplitProtoPort(t *testing.T) {
+	var (
+		proto string
+		port  string
+	)
+
+	proto, port = SplitProtoPort("1234/tcp")
+
+	if proto != "tcp" || port != "1234" {
+		t.Fatal("Could not split 1234/tcp properly")
+	}
+
+	proto, port = SplitProtoPort("")
+
+	if proto != "" || port != "" {
+		t.Fatal("parsing an empty string yielded surprising results")
+	}
+
+	proto, port = SplitProtoPort("1234")
+
+	if proto != "tcp" || port != "1234" {
+		t.Fatal("tcp is not the default protocol for portspec '1234'")
+	}
+}
+
+func TestParsePortSpecs(t *testing.T) {
+	var (
+		portMap    map[Port]struct{}
+		bindingMap map[Port][]PortBinding
+		err        error
+	)
+
+	portMap, bindingMap, err = ParsePortSpecs([]string{"1234/tcp", "2345/udp"})
+
+	if err != nil {
+		t.Fatalf("Error while processing ParsePortSpecs: %s", err.Error())
+	}
+
+	if _, ok := portMap[Port("1234/tcp")]; !ok {
+		t.Fatal("1234/tcp was not parsed properly")
+	}
+
+	if _, ok := portMap[Port("2345/udp")]; !ok {
+		t.Fatal("2345/udp was not parsed properly")
+	}
+
+	for portspec, bindings := range bindingMap {
+		if len(bindings) != 1 {
+			t.Fatalf("%s should have exactly one binding", portspec)
+		}
+
+		if bindings[0].HostIp != "" {
+			t.Fatalf("HostIp should not be set for %s", portspec)
+		}
+
+		if bindings[0].HostPort != "" {
+			t.Fatalf("HostPort should not be set for %s", portspec)
+		}
+	}
+
+	portMap, bindingMap, err = ParsePortSpecs([]string{"1234:1234/tcp", "2345:2345/udp"})
+
+	if err != nil {
+		t.Fatalf("Error while processing ParsePortSpecs: %s", err.Error())
+	}
+
+	if _, ok := portMap[Port("1234/tcp")]; !ok {
+		t.Fatal("1234/tcp was not parsed properly")
+	}
+
+	if _, ok := portMap[Port("2345/udp")]; !ok {
+		t.Fatal("2345/udp was not parsed properly")
+	}
+
+	for portspec, bindings := range bindingMap {
+		_, port := SplitProtoPort(string(portspec))
+
+		if len(bindings) != 1 {
+			t.Fatalf("%s should have exactly one binding", portspec)
+		}
+
+		if bindings[0].HostIp != "" {
+			t.Fatalf("HostIp should not be set for %s", portspec)
+		}
+
+		if bindings[0].HostPort != port {
+			t.Fatalf("HostPort should be %s for %s", port, portspec)
+		}
+	}
+
+	portMap, bindingMap, err = ParsePortSpecs([]string{"0.0.0.0:1234:1234/tcp", "0.0.0.0:2345:2345/udp"})
+
+	if err != nil {
+		t.Fatalf("Error while processing ParsePortSpecs: %s", err.Error())
+	}
+
+	if _, ok := portMap[Port("1234/tcp")]; !ok {
+		t.Fatal("1234/tcp was not parsed properly")
+	}
+
+	if _, ok := portMap[Port("2345/udp")]; !ok {
+		t.Fatal("2345/udp was not parsed properly")
+	}
+
+	for portspec, bindings := range bindingMap {
+		_, port := SplitProtoPort(string(portspec))
+
+		if len(bindings) != 1 {
+			t.Fatalf("%s should have exactly one binding", portspec)
+		}
+
+		if bindings[0].HostIp != "0.0.0.0" {
+			t.Fatalf("HostIp is not 0.0.0.0 for %s", portspec)
+		}
+
+		if bindings[0].HostPort != port {
+			t.Fatalf("HostPort should be %s for %s", port, portspec)
+		}
+	}
+
+	_, _, err = ParsePortSpecs([]string{"localhost:1234:1234/tcp"})
+
+	if err == nil {
+		t.Fatal("Received no error while trying to parse a hostname instead of ip")
+	}
+}

From d4871596285239d391f941169e738fc226be0556 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 8 Aug 2014 16:12:35 -0700
Subject: [PATCH 407/516] Update libcontainer to f2e78425c377acc7a67a35c3148

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: c74e8b544defeca8fb215a2295066e10f91bedda
Component: engine
---
 components/engine/hack/vendor.sh              |   2 +-
 .../docker/libcontainer/namespaces/execin.go  | 111 ++++++++++--------
 .../docker/libcontainer/namespaces/init.go    |   4 +-
 .../libcontainer/namespaces/nsenter/README.md |   6 +
 .../namespaces/{ => nsenter}/nsenter.c        |  43 ++-----
 .../namespaces/{ => nsenter}/nsenter.go       |   2 +-
 .../namespaces/nsenter/nsenter_unsupported.go |   3 +
 .../docker/libcontainer/nsinit/cli.go         |  27 ++++-
 .../docker/libcontainer/nsinit/exec.go        |  59 +++++++++-
 .../docker/libcontainer/nsinit/nsenter.go     |  43 ++++---
 .../docker/libcontainer/syncpipe/sync_pipe.go |  19 ++-
 .../libcontainer/syncpipe/sync_pipe_test.go   |  16 +--
 12 files changed, 214 insertions(+), 121 deletions(-)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/README.md
 rename components/engine/vendor/src/github.com/docker/libcontainer/namespaces/{ => nsenter}/nsenter.c (86%)
 rename components/engine/vendor/src/github.com/docker/libcontainer/namespaces/{ => nsenter}/nsenter.go (82%)
 create mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter_unsupported.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 003dfec59b..4dd124994e 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -59,7 +59,7 @@ rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
 mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
-clone git github.com/docker/libcontainer 5589d4d879f1d7e31967a927d3e8b98144fbe06b
+clone git github.com/docker/libcontainer f2e78425c377acc7a67a35c3148069b6285a3c4b
 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
 rm -rf src/github.com/docker/libcontainer/vendor
 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index 369431e84e..2ac9dba72e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -3,70 +3,88 @@
 package namespaces
 
 import (
-	"encoding/json"
+	"io"
 	"os"
+	"os/exec"
+	"path/filepath"
 	"strconv"
+	"syscall"
 
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/label"
+	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/system"
 )
 
-// ExecIn uses an existing pid and joins the pid's namespaces with the new command.
-func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []string) error {
-	// Enter the namespace and then finish setup
-	args, err := GetNsEnterCommand(strconv.Itoa(state.InitPid), container, "", args)
-	if err != nil {
-		return err
-	}
+// ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
+// setns code in a single threaded environment joining the existing containers' namespaces.
+func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath string,
+	stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
 
-	finalArgs := append([]string{os.Args[0]}, args...)
-
-	if err := system.Execv(finalArgs[0], finalArgs[0:], os.Environ()); err != nil {
-		return err
-	}
-
-	panic("unreachable")
-}
-
-func getContainerJson(container *libcontainer.Config) (string, error) {
-	// TODO(vmarmol): If this gets too long, send it over a pipe to the child.
-	// Marshall the container into JSON since it won't be available in the namespace.
-	containerJson, err := json.Marshal(container)
-	if err != nil {
-		return "", err
-	}
-	return string(containerJson), nil
-}
-
-func GetNsEnterCommand(initPid string, container *libcontainer.Config, console string, args []string) ([]string, error) {
-	containerJson, err := getContainerJson(container)
-	if err != nil {
-		return nil, err
-	}
-
-	out := []string{
-		"--nspid", initPid,
-		"--containerjson", containerJson,
-	}
+	args := []string{"nsenter", "--nspid", strconv.Itoa(state.InitPid)}
 
 	if console != "" {
-		out = append(out, "--console", console)
+		args = append(args, "--console", console)
 	}
-	out = append(out, "nsenter")
-	out = append(out, "--")
-	out = append(out, args...)
 
-	return out, nil
+	cmd := &exec.Cmd{
+		Path: initPath,
+		Args: append(args, append([]string{"--"}, userArgs...)...),
+	}
+
+	if filepath.Base(initPath) == initPath {
+		if lp, err := exec.LookPath(initPath); err == nil {
+			cmd.Path = lp
+		}
+	}
+
+	pipe, err := syncpipe.NewSyncPipe()
+	if err != nil {
+		return -1, err
+	}
+	defer pipe.Close()
+
+	// Note: these are only used in non-tty mode
+	// if there is a tty for the container it will be opened within the namespace and the
+	// fds will be duped to stdin, stdiout, and stderr
+	cmd.Stdin = stdin
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+
+	cmd.ExtraFiles = []*os.File{pipe.Child()}
+
+	if err := cmd.Start(); err != nil {
+		return -1, err
+	}
+	pipe.CloseChild()
+
+	if err := pipe.SendToChild(container); err != nil {
+		cmd.Process.Kill()
+		cmd.Wait()
+		return -1, err
+	}
+
+	if startCallback != nil {
+		startCallback(cmd)
+	}
+
+	if err := cmd.Wait(); err != nil {
+		if _, ok := err.(*exec.ExitError); !ok {
+			return -1, err
+		}
+	}
+
+	return cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
 }
 
-// Run a command in a container after entering the namespace.
-func NsEnter(container *libcontainer.Config, args []string) error {
-	// clear the current processes env and replace it with the environment
-	// defined on the container
+// Finalize expects that the setns calls have been setup and that is has joined an
+// existing namespace
+func FinalizeSetns(container *libcontainer.Config, args []string) error {
+	// clear the current processes env and replace it with the environment defined on the container
 	if err := LoadContainerEnvironment(container); err != nil {
 		return err
 	}
+
 	if err := FinalizeNamespace(container); err != nil {
 		return err
 	}
@@ -80,5 +98,6 @@ func NsEnter(container *libcontainer.Config, args []string) error {
 	if err := system.Execv(args[0], args[0:], container.Env); err != nil {
 		return err
 	}
+
 	panic("unreachable")
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
index f077fd6c8a..4c2b3327e5 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/init.go
@@ -48,8 +48,8 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 	}
 
 	// We always read this as it is a way to sync with the parent as well
-	networkState, err := syncPipe.ReadFromParent()
-	if err != nil {
+	var networkState *network.NetworkState
+	if err := syncPipe.ReadFromParent(&networkState); err != nil {
 		return err
 	}
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/README.md
new file mode 100644
index 0000000000..ac94cba059
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/README.md
@@ -0,0 +1,6 @@
+## nsenter
+
+The `nsenter` package registers a special init constructor that is called before the Go runtime has 
+a chance to boot.  This provides us the ability to `setns` on existing namespaces and avoid the issues
+that the Go runtime has with multiple threads.  This constructor is only called if this package is 
+registered, imported, in your go application and the argv 0 is `nsenter`.
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
similarity index 86%
rename from components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c
rename to components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
index 28be5ff889..3bc29e2bcf 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.c
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
@@ -71,7 +71,7 @@ int setns(int fd, int nstype)
 void print_usage()
 {
 	fprintf(stderr,
-		"<binary> nsenter --nspid <pid> --containerjson <container_json> -- cmd1 arg1 arg2...\n");
+		"nsenter --nspid <pid> --console <console> -- cmd1 arg1 arg2...\n");
 }
 
 void nsenter()
@@ -80,53 +80,35 @@ void nsenter()
 	char **argv;
 	get_args(&argc, &argv);
 
-	// Ignore if this is not for us.
-	if (argc < 6) {
-		return;
-	}
-	int found_nsenter = 0;
-	for (c = 0; c < argc; ++c) {
-		if (strcmp(argv[c], kNsEnter) == 0) {
-			found_nsenter = 1;
-			break;
-		}
-	}
-	if (!found_nsenter) {
-		return;
-	}
+    // check argv 0 to ensure that we are supposed to setns
+    // we use strncmp to test for a value of "nsenter" but also allows alternate implmentations
+    // after the setns code path to continue to use the argv 0 to determine actions to be run
+    // resulting in the ability to specify "nsenter-mknod", "nsenter-exec", etc...
+    if (strncmp(argv[0], kNsEnter, strlen(kNsEnter)) != 0) {
+        return;
+    }
+
 	static const struct option longopts[] = {
 		{"nspid", required_argument, NULL, 'n'},
-		{"containerjson", required_argument, NULL, 'c'},
-		{"console", optional_argument, NULL, 't'},
+		{"console", required_argument, NULL, 't'},
 		{NULL, 0, NULL, 0}
 	};
 
 	pid_t init_pid = -1;
 	char *init_pid_str = NULL;
-	char *container_json = NULL;
 	char *console = NULL;
-	opterr = 0;
-	while ((c =
-		getopt_long_only(argc, argv, "-n:s:c:", longopts,
-				 NULL)) != -1) {
+	while ((c = getopt_long_only(argc, argv, "n:c:", longopts, NULL)) != -1) {
 		switch (c) {
 		case 'n':
 			init_pid_str = optarg;
 			break;
-		case 'c':
-			container_json = optarg;
-			break;
 		case 't':
 			console = optarg;
 			break;
 		}
 	}
 
-	if (strcmp(argv[optind - 2], kNsEnter) != 0) {
-		return;
-	}
-
-	if (container_json == NULL || init_pid_str == NULL) {
+	if (init_pid_str == NULL) {
 		print_usage();
 		exit(1);
 	}
@@ -228,6 +210,7 @@ void nsenter()
 		} else if (WIFSIGNALED(status)) {
 			kill(getpid(), WTERMSIG(status));
 		}
+
 		exit(1);
 	}
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.go
similarity index 82%
rename from components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.go
index 0211aec917..7d21e8e59f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.go
@@ -1,6 +1,6 @@
 // +build linux
 
-package namespaces
+package nsenter
 
 /*
 __attribute__((constructor)) init() {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter_unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter_unsupported.go
new file mode 100644
index 0000000000..2459c6367e
--- /dev/null
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter_unsupported.go
@@ -0,0 +1,3 @@
+// +build !linux !cgo
+
+package nsenter
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
index 1c770edbd8..c8d153312f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
@@ -7,7 +7,14 @@ import (
 	"github.com/codegangsta/cli"
 )
 
-var logPath = os.Getenv("log")
+var (
+	logPath = os.Getenv("log")
+	argvs   = make(map[string]func())
+)
+
+func init() {
+	argvs["nsenter"] = nsenter
+}
 
 func preload(context *cli.Context) error {
 	if logPath != "" {
@@ -20,21 +27,33 @@ func preload(context *cli.Context) error {
 }
 
 func NsInit() {
+	// we need to check our argv 0 for any registred functions to run instead of the
+	// normal cli code path
+
+	action, exists := argvs[os.Args[0]]
+	if exists {
+		action()
+
+		return
+	}
+
 	app := cli.NewApp()
+
 	app.Name = "nsinit"
 	app.Version = "0.1"
 	app.Author = "libcontainer maintainers"
 	app.Flags = []cli.Flag{
 		cli.StringFlag{Name: "nspid"},
-		cli.StringFlag{Name: "containerjson"},
-		cli.StringFlag{Name: "console"}}
+		cli.StringFlag{Name: "console"},
+	}
+
 	app.Before = preload
+
 	app.Commands = []cli.Command{
 		execCommand,
 		initCommand,
 		statsCommand,
 		configCommand,
-		nsenterCommand,
 		pauseCommand,
 		unpauseCommand,
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index abb245bd04..4a38a61b4f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -36,7 +36,7 @@ func execAction(context *cli.Context) {
 	}
 
 	if state != nil {
-		err = namespaces.ExecIn(container, state, []string(context.Args()))
+		exitCode, err = startInExistingContainer(container, state, context)
 	} else {
 		exitCode, err = startContainer(container, dataPath, []string(context.Args()))
 	}
@@ -48,6 +48,63 @@ func execAction(context *cli.Context) {
 	os.Exit(exitCode)
 }
 
+// the process for execing a new process inside an existing container is that we have to exec ourself
+// with the nsenter argument so that the C code can setns an the namespaces that we require.  Then that
+// code path will drop us into the path that we can do the final setup of the namespace and exec the users
+// application.
+func startInExistingContainer(config *libcontainer.Config, state *libcontainer.State, context *cli.Context) (int, error) {
+	var (
+		master  *os.File
+		console string
+		err     error
+
+		sigc = make(chan os.Signal, 10)
+
+		stdin  = os.Stdin
+		stdout = os.Stdout
+		stderr = os.Stderr
+	)
+	signal.Notify(sigc)
+
+	if config.Tty {
+		stdin = nil
+		stdout = nil
+		stderr = nil
+
+		master, console, err = consolepkg.CreateMasterAndConsole()
+		if err != nil {
+			return -1, err
+		}
+
+		go io.Copy(master, os.Stdin)
+		go io.Copy(os.Stdout, master)
+
+		state, err := term.SetRawTerminal(os.Stdin.Fd())
+		if err != nil {
+			return -1, err
+		}
+
+		defer term.RestoreTerminal(os.Stdin.Fd(), state)
+	}
+
+	startCallback := func(cmd *exec.Cmd) {
+		go func() {
+			resizeTty(master)
+
+			for sig := range sigc {
+				switch sig {
+				case syscall.SIGWINCH:
+					resizeTty(master)
+				default:
+					cmd.Process.Signal(sig)
+				}
+			}
+		}()
+	}
+
+	return namespaces.ExecIn(config, state, context.Args(), os.Args[0], stdin, stdout, stderr, console, startCallback)
+}
+
 // startContainer starts the container. Returns the exit status or -1 and an
 // error.
 //
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
index 323706c281..fabd65e9b4 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -2,36 +2,41 @@ package nsinit
 
 import (
 	"log"
-	"strconv"
+	"os"
 
-	"github.com/codegangsta/cli"
+	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/namespaces"
+	_ "github.com/docker/libcontainer/namespaces/nsenter"
+	"github.com/docker/libcontainer/syncpipe"
 )
 
-var nsenterCommand = cli.Command{
-	Name:   "nsenter",
-	Usage:  "init process for entering an existing namespace",
-	Action: nsenterAction,
+func findUserArgs() []string {
+	i := 0
+	for _, a := range os.Args {
+		i++
+
+		if a == "--" {
+			break
+		}
+	}
+
+	return os.Args[i:]
 }
 
-func nsenterAction(context *cli.Context) {
-	args := context.Args()
-
-	if len(args) == 0 {
-		args = []string{"/bin/bash"}
-	}
-
-	container, err := loadContainerFromJson(context.GlobalString("containerjson"))
+// this expects that we already have our namespaces setup by the C initializer
+// we are expected to finalize the namespace and exec the user's application
+func nsenter() {
+	syncPipe, err := syncpipe.NewSyncPipeFromFd(0, 3)
 	if err != nil {
-		log.Fatalf("unable to load container: %s", err)
+		log.Fatalf("unable to create sync pipe: %s", err)
 	}
 
-	nspid, err := strconv.Atoi(context.GlobalString("nspid"))
-	if nspid <= 0 || err != nil {
-		log.Fatalf("cannot enter into namespaces without valid pid: %q - %s", nspid, err)
+	var config *libcontainer.Config
+	if err := syncPipe.ReadFromParent(&config); err != nil {
+		log.Fatalf("reading container config from parent: %s", err)
 	}
 
-	if err := namespaces.NsEnter(container, args); err != nil {
+	if err := namespaces.FinalizeSetns(config, findUserArgs()); err != nil {
 		log.Fatalf("failed to nsenter: %s", err)
 	}
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
index 10a21a9efd..d2870f5260 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe.go
@@ -6,8 +6,6 @@ import (
 	"io/ioutil"
 	"os"
 	"syscall"
-
-	"github.com/docker/libcontainer/network"
 )
 
 // SyncPipe allows communication to and from the child processes
@@ -39,8 +37,8 @@ func (s *SyncPipe) Parent() *os.File {
 	return s.parent
 }
 
-func (s *SyncPipe) SendToChild(networkState *network.NetworkState) error {
-	data, err := json.Marshal(networkState)
+func (s *SyncPipe) SendToChild(v interface{}) error {
+	data, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
@@ -63,18 +61,19 @@ func (s *SyncPipe) ReadFromChild() error {
 	return nil
 }
 
-func (s *SyncPipe) ReadFromParent() (*network.NetworkState, error) {
+func (s *SyncPipe) ReadFromParent(v interface{}) error {
 	data, err := ioutil.ReadAll(s.child)
 	if err != nil {
-		return nil, fmt.Errorf("error reading from sync pipe %s", err)
+		return fmt.Errorf("error reading from sync pipe %s", err)
 	}
-	var networkState *network.NetworkState
+
 	if len(data) > 0 {
-		if err := json.Unmarshal(data, &networkState); err != nil {
-			return nil, err
+		if err := json.Unmarshal(data, v); err != nil {
+			return err
 		}
 	}
-	return networkState, nil
+
+	return nil
 }
 
 func (s *SyncPipe) ReportChildError(err error) {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
index 3f99a7d1fa..6833277a66 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/syncpipe/sync_pipe_test.go
@@ -3,10 +3,12 @@ package syncpipe
 import (
 	"fmt"
 	"testing"
-
-	"github.com/docker/libcontainer/network"
 )
 
+type testStruct struct {
+	Name string
+}
+
 func TestSendErrorFromChild(t *testing.T) {
 	pipe, err := NewSyncPipe()
 	if err != nil {
@@ -46,16 +48,16 @@ func TestSendPayloadToChild(t *testing.T) {
 
 	expected := "libcontainer"
 
-	if err := pipe.SendToChild(&network.NetworkState{VethHost: expected}); err != nil {
+	if err := pipe.SendToChild(testStruct{Name: expected}); err != nil {
 		t.Fatal(err)
 	}
 
-	payload, err := pipe.ReadFromParent()
-	if err != nil {
+	var s *testStruct
+	if err := pipe.ReadFromParent(&s); err != nil {
 		t.Fatal(err)
 	}
 
-	if payload.VethHost != expected {
-		t.Fatalf("expected veth host %q but received %q", expected, payload.VethHost)
+	if s.Name != expected {
+		t.Fatalf("expected name %q but received %q", expected, s.Name)
 	}
 }

From ba5a6eed89d50c363449d35dd53ad1f80c1c7889 Mon Sep 17 00:00:00 2001
From: Daniel Menet <membership@sontags.ch>
Date: Sat, 9 Aug 2014 09:16:54 +0200
Subject: [PATCH 408/516] Enable `docker search` on private docker registry.
 The cli interface works similar to other registry related commands:

  docker search foo

... searches for foo on the official hub

  docker search localhost:5000/foo

... does the same for the private reg at localhost:5000

Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: cc3e94b9babc21e3505511fa6d02725dfc199be4
Component: engine
---
 components/engine/registry/service.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index d2775e3cd1..8c2c0cc7b1 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -82,7 +82,11 @@ func (s *Service) Search(job *engine.Job) engine.Status {
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("metaHeaders", metaHeaders)
 
-	r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress(), true)
+	hostname, term, err := ResolveRepositoryName(term)
+	if err != nil {
+		return job.Error(err)
+	}
+	r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), hostname, true)
 	if err != nil {
 		return job.Error(err)
 	}

From 31a920688e983bcbf139efba04477f8fd24c56e5 Mon Sep 17 00:00:00 2001
From: "O.S. Tezer" <ostezer@gmail.com>
Date: Sat, 9 Aug 2014 14:55:47 +0300
Subject: [PATCH 409/516] Docs: Fix builds.md line-length + minor typo issues

This PR proposes to fix some already existing (i.e., older)
line-length & line-alignment issues and the ones recently
included/merged with the PR #7406
(https://github.com/docker/docker/pull/7406).

It also proposes to fix a couple minor typography mistakes
(i.e., spelling of GitHub and Service Hooks (headers))

This PR does *not* propose any content changes.

Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Upstream-commit: 8b3f2381d0a842bc39c34c39647722fc783d968c
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  | 137 ++++++++++--------
 1 file changed, 74 insertions(+), 63 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 3d8159b451..3e323af3c8 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -1,41 +1,43 @@
 page_title: Automated Builds on Docker Hub
 page_description: Docker Hub Automated Builds
 page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker Hub, docs, documentation, trusted, builds, trusted builds, automated builds
+
 # Automated Builds on Docker Hub
 
 ## About Automated Builds
 
-*Automated Builds* are a special feature of Docker Hub which allow you to use
-[Docker Hub's](https://hub.docker.com) build clusters to automatically create images from
-a specified `Dockerfile` and a GitHub or Bitbucket repo (or "context"). The system will
-clone your repository and build the image described by the `Dockerfile` using the
-repository as the context. The resulting automated image will then be uploaded to the
-Docker Hub registry and marked as an *Automated Build*.
+*Automated Builds* are a special feature of Docker Hub which allow you to
+use [Docker Hub's](https://hub.docker.com) build clusters to automatically
+create images from a specified `Dockerfile` and a GitHub or Bitbucket repo
+(or "context"). The system will clone your repository and build the image
+described by the `Dockerfile` using the repository as the context. The
+resulting automated image will then be uploaded to the Docker Hub registry
+and marked as an *Automated Build*.
 
 Automated Builds have several advantages:
 
-* Users of *your* Automated Build can trust that the resulting image was built exactly as
-specified.
+* Users of *your* Automated Build can trust that the resulting
+image was built exactly as specified.
 
-* The `Dockerfile` will be available to anyone with access to your repository
-on the Docker Hub registry. 
+* The `Dockerfile` will be available to anyone with access to
+your repository on the Docker Hub registry. 
 
-* Because the process is automated, Automated Builds help to make sure that your
-repository is always up to date.
+* Because the process is automated, Automated Builds help to
+make sure that your repository is always up to date.
 
-Automated Builds are supported for both public and private repositories on both
-[GitHub](http://github.com) and [Bitbucket](https://bitbucket.org/).
+Automated Builds are supported for both public and private repositories
+on both [GitHub](http://github.com) and [Bitbucket](https://bitbucket.org/).
 
-To use Automated Builds, you must have an 
-[account on Docker Hub](http://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
-and on GitHub and/or Bitbucket. In either case, the account needs to be properly
-validated and activated before you can link to it.
+To use Automated Builds, you must have an [account on Docker Hub](
+http://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
+and on GitHub and/or Bitbucket. In either case, the account needs
+to be properly validated and activated before you can link to it.
 
 ## Setting up Automated Builds with GitHub
 
 In order to set up an Automated Build, you need to first link your
-[Docker Hub](https://hub.docker.com) account with a GitHub account. This
-will allow the registry to see your repositories.
+[Docker Hub](https://hub.docker.com) account with a GitHub account.
+This will allow the registry to see your repositories.
 
 > *Note:* 
 > Automated Builds currently require *read* and *write* access since
@@ -43,26 +45,32 @@ will allow the registry to see your repositories.
 > hook. We have no choice here, this is how GitHub manages permissions, sorry! 
 > We do guarantee nothing else will be touched in your account.
 
-To get started, log into your Docker Hub account and click the "+ Add Repository" button
-at the upper right of the screen. Then select
+To get started, log into your Docker Hub account and click the
+"+ Add Repository" button at the upper right of the screen. Then select
 [Automated Build](https://registry.hub.docker.com/builds/add/).
 
 Select the [GitHub service](https://registry.hub.docker.com/associate/github/).
 
-Then follow the onscreen instructions to authorize and link your GitHub account to Docker
-Hub. Once it is linked, you'll be able to choose a repo from which to create the
-Automatic Build.
+Then follow the onscreen instructions to authorize and link your
+GitHub account to Docker Hub. Once it is linked, you'll be able to
+choose a repo from which to create the Automatic Build.
 
 ### Creating an Automated Build
 
-You can [create an Automated Build](https://registry.hub.docker.com/builds/github/select/)
-from any of your public or private GitHub repositories with a `Dockerfile`.
+You can [create an Automated Build](
+https://registry.hub.docker.com/builds/github/select/) from any of your
+public or private GitHub repositories with a `Dockerfile`.
 
-### Github Submodules
+### GitHub Submodules
 
-If your repository contains links to private submodules, you'll need to add a deploy key so that the Docker Hub will be able to clone the repository from GitHub. 
+If your repository contains links to private submodules, you'll
+need to add a deploy key so that the Docker Hub will be able to
+clone the repository from GitHub. 
 
-Your Docker Hub deploy key is located under the "Build Details" menu on the automated build's main page in the Hub. Add this key to your GitHub submodule by viewing the Settings page for the repository on GitHub and selecting "Deploy keys".
+Your Docker Hub deploy key is located under the "Build Details"
+menu on the automated build's main page in the Hub. Add this key
+to your GitHub submodule by viewing the Settings page for the
+repository on GitHub and selecting "Deploy keys".
 
 <table class="table table-bordered">
   <thead>
@@ -86,16 +94,16 @@ Your Docker Hub deploy key is located under the "Build Details" menu on the auto
   </tbody>
 </table>
      
-### GitHub organizations
+### GitHub Organizations
 
 GitHub organizations will appear once your membership to that organization is
 made public on GitHub. To verify, you can look at the members tab for your
 organization on GitHub.
 
-### GitHub service hooks
+### GitHub Service Hooks
 
-Follow the steps below to configure the GitHub service hooks for your
-Automated Build:
+Follow the steps below to configure the GitHub service
+hooks for your Automated Build:
 
 <table class="table table-bordered">
   <thead>
@@ -127,18 +135,19 @@ Automated Build:
 ## Setting up Automated Builds with Bitbucket
 
 In order to setup an Automated Build, you need to first link your
-[Docker Hub](https://hub.docker.com) account with a Bitbucket account. This
-will allow the registry to see your repositories.
+[Docker Hub](https://hub.docker.com) account with a Bitbucket account.
+This will allow the registry to see your repositories.
 
-To get started, log into your Docker Hub account and click the "+ Add Repository" button at
-the upper right of the screen. Then select [Automated Build](https://registry.hub.docker.com/builds/add/).
+To get started, log into your Docker Hub account and click the
+"+ Add Repository" button at the upper right of the screen. Then
+select [Automated Build](https://registry.hub.docker.com/builds/add/).
 
-Select the [Bitbucket
-source](https://registry.hub.docker.com/associate/bitbucket/).
+Select the [Bitbucket source](
+https://registry.hub.docker.com/associate/bitbucket/).
 
-Then follow the onscreen instructions to authorize and link your Bitbucket account
-to Docker Hub. Once it is linked, you'll be able to choose a repo from which to create
-the Automatic Build.
+Then follow the onscreen instructions to authorize and link your
+Bitbucket account to Docker Hub. Once it is linked, you'll be able
+to choose a repo from which to create the Automatic Build.
 
 ### Creating an Automated Build
 
@@ -148,9 +157,9 @@ public or private Bitbucket repositories with a `Dockerfile`.
 
 ### Adding a Hook
 
-When you link your Docker Hub account, a `POST` hook should get automatically added to
-your Bitbucket repo. Follow the steps below to confirm or modify the Bitbucket hooks for
-your Automated Build:
+When you link your Docker Hub account, a `POST` hook should get automatically
+added to your Bitbucket repo. Follow the steps below to confirm or modify the
+Bitbucket hooks for your Automated Build:
 
 <table class="table table-bordered">
   <thead>
@@ -183,10 +192,10 @@ your Automated Build:
 
 ## The Dockerfile and Automated Builds
 
-During the build process, Docker will copy the contents of your `Dockerfile`. It will
-also add it to the [Docker Hub](https://hub.docker.com) for the Docker community (for
-public repos) or approved team members/orgs (for private repos) to see on the repository
-page.
+During the build process, Docker will copy the contents of your `Dockerfile`.
+It will also add it to the [Docker Hub](https://hub.docker.com) for the Docker
+community (for public repos) or approved team members/orgs (for private repos)
+to see on the repository page.
 
 ## README.md
 
@@ -201,20 +210,20 @@ repository's full description.The build process will look for a
 
 ### Build triggers
 
-If you need a way to trigger Automated Builds outside of GitHub
-or Bitbucket, you can set up a build trigger. When you turn on the build
-trigger for an Automated Build, it will give you a URL to which you can
-send POST requests. This will trigger the Automated Build, much as with a GitHub webhook.
+If you need a way to trigger Automated Builds outside of GitHub or Bitbucket,
+you can set up a build trigger. When you turn on the build trigger for an
+Automated Build, it will give you a URL to which you can send POST requests.
+This will trigger the Automated Build, much as with a GitHub webhook.
 
-Build triggers are available under the Settings menu of each Automated Build repo on the
-Docker Hub.
+Build triggers are available under the Settings menu of each Automated Build
+repo on the Docker Hub.
 
 > **Note:** 
 > You can only trigger one build at a time and no more than one
 > every five minutes. If you already have a build pending, or if you
 > recently submitted a build request, those requests *will be ignored*.
-> To verify everything is working correctly, check the logs of last ten triggers on the
-settings page .
+> To verify everything is working correctly, check the logs of last
+> ten triggers on the settings page .
 
 ### Webhooks
 
@@ -264,12 +273,14 @@ Build's repo.
 
 ### Repository links
 
-Repository links are a way to associate one Automated Build with another. If one
-gets updated,the linking system triggers a rebuild for the other Automated Build.
-This makes it easy to keep all your Automated Builds up to date.
+Repository links are a way to associate one Automated Build with
+another. If one gets updated,the linking system triggers a rebuild
+for the other Automated Build. This makes it easy to keep all your
+Automated Builds up to date.
 
-To add a link, go to the repo for the Automated Build you want to link to and click on
-*Repository Links* under the Settings menu at right. Then, enter the name of the repository that you want have linked.
+To add a link, go to the repo for the Automated Build you want to
+link to and click on *Repository Links* under the Settings menu at
+right. Then, enter the name of the repository that you want have linked.
 
 > **Warning:**
 > You can add more than one repository link, however, you should

From 811bdfdcea708eb0661899d64b24bc052576c8b7 Mon Sep 17 00:00:00 2001
From: Doug Davis <dug@us.ibm.com>
Date: Fri, 8 Aug 2014 15:26:22 -0400
Subject: [PATCH 410/516] fix for issue 7281 add missing comma per O.S. Tezer's
 commment

Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 55dc4f2b94f68e9e1b4e73b1f21cf5151f86e8f8
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 5788e8167f..d2c848b11e 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -164,6 +164,11 @@ any point in an image's history, much like source control.
 The *exec* form makes it possible to avoid shell string munging, and to `RUN`
 commands using a base image that does not contain `/bin/sh`.
 
+> **Note**:
+> To use a different shell, other than '/bin/sh', use the *exec* form
+> passing in the desired shell. For example,
+> `RUN ["/bin/bash", "-c", "echo hello"]`
+
 The cache for `RUN` instructions isn't invalidated automatically during
 the next build. The cache for an instruction like `RUN apt-get
 dist-upgrade -y` will be reused during the next build.  The cache for

From 6fa220da5df525419a4895021309f12bee1dd621 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Sat, 9 Aug 2014 18:44:53 +0400
Subject: [PATCH 411/516] Fix error message on logging events

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 7afc49b40bd3a2c86a807a5ab4c722b12932d856
Component: engine
---
 components/engine/daemon/container.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 612ef6a733..68ab5ae281 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -171,7 +171,7 @@ func (container *Container) WriteHostConfig() error {
 func (container *Container) LogEvent(action string) {
 	d := container.daemon
 	if err := d.eng.Job("log", action, container.ID, d.Repositories().ImageName(container.Image)).Run(); err != nil {
-		utils.Errorf("Error running container: %s", err)
+		utils.Errorf("Error logging event %s for %s: %s", action, container.ID, err)
 	}
 }
 

From eacd91aa24a9ffb95613c3c410797996aad5e4c8 Mon Sep 17 00:00:00 2001
From: wyc <wayne@neverfear.org>
Date: Sat, 9 Aug 2014 14:00:29 -0400
Subject: [PATCH 412/516] Update gentoolinux.md Upstream-commit:
 6ba1949e6aed4b8a6d81b9ad4a43a4743f39ac32 Component: engine

---
 components/engine/docs/sources/installation/gentoolinux.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/docs/sources/installation/gentoolinux.md b/components/engine/docs/sources/installation/gentoolinux.md
index 62fdc9f00e..ac92ad39c8 100644
--- a/components/engine/docs/sources/installation/gentoolinux.md
+++ b/components/engine/docs/sources/installation/gentoolinux.md
@@ -39,6 +39,9 @@ and especially missing kernel configuration flags and/or dependencies,
 https://github.com/tianon/docker-overlay/issues) or ping
 tianon directly in the #docker IRC channel on the freenode network.
 
+Other use flags are described in detail on [tianon's
+blog](https://tianon.github.io/post/2014/05/17/docker-on-gentoo.html).
+
 ## Starting Docker
 
 Ensure that you are running a kernel that includes all the necessary

From 10183d52c2caf0df6b1a39b6e175c6382715a2f8 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Sat, 9 Aug 2014 22:10:44 +0400
Subject: [PATCH 413/516] Catch error on console creation

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 93f6cf035156d3b17cbf61f1a61926c068bd8e92
Component: engine
---
 components/engine/daemon/execdriver/native/driver.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 22c6606c0d..61edd54d0f 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -106,6 +106,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	} else {
 		term, err = execdriver.NewStdConsole(c, pipes)
 	}
+	if err != nil {
+		return -1, err
+	}
 	c.Terminal = term
 
 	d.Lock()

From b7e1bdfc34fca1f6683f6acea32cb85bfc773825 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 04:31:59 +0000
Subject: [PATCH 414/516] Move declaration of DockerCli to top of file for
 readability

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 5e9b3727b8f5d101b7b1f859d4f95fdf8e91ed19
Component: engine
---
 components/engine/api/client/cli.go | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/components/engine/api/client/cli.go b/components/engine/api/client/cli.go
index 0b7ffeaa23..f10cc2ecd7 100644
--- a/components/engine/api/client/cli.go
+++ b/components/engine/api/client/cli.go
@@ -15,6 +15,19 @@ import (
 	"github.com/docker/docker/registry"
 )
 
+type DockerCli struct {
+	proto      string
+	addr       string
+	configFile *registry.ConfigFile
+	in         io.ReadCloser
+	out        io.Writer
+	err        io.Writer
+	isTerminal bool
+	terminalFd uintptr
+	tlsConfig  *tls.Config
+	scheme     string
+}
+
 var funcMap = template.FuncMap{
 	"json": func(v interface{}) string {
 		a, _ := json.Marshal(v)
@@ -97,16 +110,3 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsC
 		scheme:     scheme,
 	}
 }
-
-type DockerCli struct {
-	proto      string
-	addr       string
-	configFile *registry.ConfigFile
-	in         io.ReadCloser
-	out        io.Writer
-	err        io.Writer
-	isTerminal bool
-	terminalFd uintptr
-	tlsConfig  *tls.Config
-	scheme     string
-}

From 301a2b811ccc6479ca5ce02d9fdcae5e90765420 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 04:33:19 +0000
Subject: [PATCH 415/516] Rename a method for clarity

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: a110ce2f284d09df3e047b1999a1535770433d5f
Component: engine
---
 components/engine/api/client/cli.go | 3 ++-
 components/engine/docker/docker.go  | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/engine/api/client/cli.go b/components/engine/api/client/cli.go
index f10cc2ecd7..d80f9cc32c 100644
--- a/components/engine/api/client/cli.go
+++ b/components/engine/api/client/cli.go
@@ -47,7 +47,8 @@ func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
 	return method.Interface().(func(...string) error), true
 }
 
-func (cli *DockerCli) ParseCommands(args ...string) error {
+// Cmd executes the specified command
+func (cli *DockerCli) Cmd(args ...string) error {
 	if len(args) > 0 {
 		method, exists := cli.getMethod(args[0])
 		if !exists {
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 38a4da0d44..cb0c348af8 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -99,7 +99,7 @@ func main() {
 		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
 	}
 
-	if err := cli.ParseCommands(flag.Args()...); err != nil {
+	if err := cli.Cmd(flag.Args()...); err != nil {
 		if sterr, ok := err.(*utils.StatusError); ok {
 			if sterr.Status != "" {
 				log.Println(sterr.Status)

From bb524e6e8bc0312e2cedc594ed4b349ae9710e67 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Sun, 10 Aug 2014 13:29:04 +0400
Subject: [PATCH 416/516] Fix log message on http handler error

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: e9aa6489a640c6fb2d51bd07e481b9d6ab704290
Component: engine
---
 components/engine/api/server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 3afb8ad87e..df72786b10 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -1058,7 +1058,7 @@ func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, local
 		}
 
 		if err := handlerFunc(eng, version, w, r, mux.Vars(r)); err != nil {
-			utils.Errorf("Error making handler: %s", err)
+			utils.Errorf("Handler for %s %s returned error: %s", localMethod, localRoute, err)
 			httpError(w, err)
 		}
 	}

From 40bc2f743b261d559a0e3623f4f53c050ad17fe8 Mon Sep 17 00:00:00 2001
From: Daniel Menet <membership@sontags.ch>
Date: Sun, 10 Aug 2014 11:48:34 +0200
Subject: [PATCH 417/516] Expand hostname before passing it to NewRegistry()

Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: ea59aa8cb5c4cde39259112123c47b69ccd9b53d
Component: engine
---
 components/engine/registry/service.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index 8c2c0cc7b1..96fc3f48df 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -86,6 +86,10 @@ func (s *Service) Search(job *engine.Job) engine.Status {
 	if err != nil {
 		return job.Error(err)
 	}
+	hostname, err = ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
 	r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), hostname, true)
 	if err != nil {
 		return job.Error(err)

From 6959cc9071fdf04b7276773369919fbe00e07dcb Mon Sep 17 00:00:00 2001
From: Patrick Hemmer <patrick.hemmer@gmail.com>
Date: Sun, 10 Aug 2014 12:47:46 -0400
Subject: [PATCH 418/516] fix command output examples in cli documentation

f87a97f accidentally added a few too many `$` line prefixes

Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
Upstream-commit: d613f1121751dd76939b9089d60729e6ed6140a6
Component: engine
---
 components/engine/docs/sources/reference/commandline/cli.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index f1142d2a4f..c76de8db9e 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -500,7 +500,7 @@ by default.
     <none>                        <none>              77af4d6b9913        19 hours ago        1.089 GB
     committest                    latest              b6fa739cedf5        19 hours ago        1.089 GB
     <none>                        <none>              78a85c484f71        19 hours ago        1.089 GB
-    $ docker                        latest              30557a29d5ab        20 hours ago        1.089 GB
+    docker                        latest              30557a29d5ab        20 hours ago        1.089 GB
     <none>                        <none>              0124422dd9f9        20 hours ago        1.089 GB
     <none>                        <none>              18ad6fad3402        22 hours ago        1.082 GB
     <none>                        <none>              f9f1e26352f0        23 hours ago        1.089 GB
@@ -514,7 +514,7 @@ by default.
     <none>                        <none>              77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182   19 hours ago        1.089 GB
     committest                    latest              b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f   19 hours ago        1.089 GB
     <none>                        <none>              78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921   19 hours ago        1.089 GB
-    $ docker                        latest              30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
+    docker                        latest              30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
     <none>                        <none>              0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5   20 hours ago        1.089 GB
     <none>                        <none>              18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b   22 hours ago        1.082 GB
     <none>                        <none>              f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a   23 hours ago        1.089 GB

From 6b96f468a4d25d6a1ef5da3b91270421b4fc5540 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Mon, 11 Aug 2014 09:54:59 +0400
Subject: [PATCH 419/516] Test on container events

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 17ab516fdeb53fe59fbca1b832429d846d8f571b
Component: engine
---
 .../integration-cli/docker_cli_events_test.go | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index 34d7db0d5a..3bb265a33d 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -70,3 +70,35 @@ func TestCLILimitEvents(t *testing.T) {
 	}
 	logDone("events - limited to 64 entries")
 }
+
+func TestCLIGetEventsContainerEvents(t *testing.T) {
+	cmd(t, "run", "--rm", "busybox", "true")
+	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
+	out, exitCode, err := runCommandWithOutput(eventsCmd)
+	if exitCode != 0 || err != nil {
+		t.Fatal("Failed to get events with exit code %d: %s", exitCode, err)
+	}
+	events := strings.Split(out, "\n")
+	events = events[:len(events)-1]
+	if len(events) < 4 {
+		t.Fatalf("Missing expected event")
+	}
+	createEvent := strings.Fields(events[len(events)-4])
+	startEvent := strings.Fields(events[len(events)-3])
+	dieEvent := strings.Fields(events[len(events)-2])
+	destroyEvent := strings.Fields(events[len(events)-1])
+	if createEvent[len(createEvent)-1] != "create" {
+		t.Fatalf("event should be create, not %#v", createEvent)
+	}
+	if startEvent[len(startEvent)-1] != "start" {
+		t.Fatalf("event should be pause, not %#v", startEvent)
+	}
+	if dieEvent[len(dieEvent)-1] != "die" {
+		t.Fatalf("event should be pause, not %#v", dieEvent)
+	}
+	if destroyEvent[len(destroyEvent)-1] != "destroy" {
+		t.Fatalf("event should be pause, not %#v", destroyEvent)
+	}
+
+	logDone("events - container create, start, die, destroy is logged")
+}

From 08affc52f290dbad87b1764e6dabbd3b5a970a00 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Mon, 11 Aug 2014 11:39:47 +0400
Subject: [PATCH 420/516] Test on untag and delete events

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 44842ea3d86268dbe5279b2d5bd47b6c6a4a1b44
Component: engine
---
 .../integration-cli/docker_cli_events_test.go | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index 3bb265a33d..e27b3ab4ee 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -102,3 +102,38 @@ func TestCLIGetEventsContainerEvents(t *testing.T) {
 
 	logDone("events - container create, start, die, destroy is logged")
 }
+
+func TestCLIGetEventsImageUntagDelete(t *testing.T) {
+	name := "testimageevents"
+	defer deleteImages(name)
+	_, err := buildImage(name,
+		`FROM scratch
+		MAINTAINER "docker"`,
+		true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := deleteImages(name); err != nil {
+		t.Fatal(err)
+	}
+	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
+	out, exitCode, err := runCommandWithOutput(eventsCmd)
+	if exitCode != 0 || err != nil {
+		t.Fatal("Failed to get events with exit code %d: %s", exitCode, err)
+	}
+	events := strings.Split(out, "\n")
+	t.Log(events)
+	events = events[:len(events)-1]
+	if len(events) < 2 {
+		t.Fatalf("Missing expected event")
+	}
+	untagEvent := strings.Fields(events[len(events)-2])
+	deleteEvent := strings.Fields(events[len(events)-1])
+	if untagEvent[len(untagEvent)-1] != "untag" {
+		t.Fatalf("untag should be untag, not %#v", untagEvent)
+	}
+	if deleteEvent[len(deleteEvent)-1] != "delete" {
+		t.Fatalf("delete should be delete, not %#v", deleteEvent)
+	}
+	logDone("events - image untag, delete is logged")
+}

From 2fbe59b1d9ccdc85251cb45be1b052af32711469 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 8 Aug 2014 13:18:18 -0700
Subject: [PATCH 421/516] Use argv0 as reexec implementation for dockerinit

This changes the way the exec drivers work by not specifing a -driver
flag on reexec.  For each of the exec  drivers they register their own
functions that will be matched aginst the argv 0 on exec and called if
they match.

This also allows any functionality to be added to docker so that the
binary can be reexec'd and any type of function can be called.  I moved
the flag parsing on docker exec to the specific initializers so that the
implementations do not bleed into one another.  This also allows for
more flexability within reexec initializers to specify their own flags
and options.

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 73210671764fc3de133a627205582e069e1ff43d
Component: engine
---
 components/engine/daemon/execdriver/driver.go |  44 +------
 .../engine/daemon/execdriver/lxc/driver.go    |  33 +-----
 .../engine/daemon/execdriver/lxc/init.go      | 109 +++++++++++++++++-
 .../daemon/execdriver/lxc/lxc_init_linux.go   |   2 +-
 .../engine/daemon/execdriver/native/driver.go |  39 +------
 .../engine/daemon/execdriver/native/init.go   |  65 +++++++++++
 components/engine/docker/client.go            |   4 -
 components/engine/docker/daemon.go            |   8 +-
 components/engine/docker/docker.go            |   4 +-
 components/engine/dockerinit/dockerinit.go    |   7 +-
 components/engine/reexec/README.md            |   5 +
 components/engine/reexec/reexec.go            |  23 ++++
 components/engine/sysinit/sysinit.go          |  50 --------
 13 files changed, 208 insertions(+), 185 deletions(-)
 create mode 100644 components/engine/daemon/execdriver/native/init.go
 create mode 100644 components/engine/reexec/README.md
 create mode 100644 components/engine/reexec/reexec.go

diff --git a/components/engine/daemon/execdriver/driver.go b/components/engine/daemon/execdriver/driver.go
index d52a2ac96c..121c6a5a03 100644
--- a/components/engine/daemon/execdriver/driver.go
+++ b/components/engine/daemon/execdriver/driver.go
@@ -20,49 +20,7 @@ var (
 	ErrDriverNotFound          = errors.New("The requested docker init has not been found")
 )
 
-var dockerInitFcts map[string]InitFunc
-
-type (
-	StartCallback func(*Command)
-	InitFunc      func(i *InitArgs) error
-)
-
-func RegisterInitFunc(name string, fct InitFunc) error {
-	if dockerInitFcts == nil {
-		dockerInitFcts = make(map[string]InitFunc)
-	}
-	if _, ok := dockerInitFcts[name]; ok {
-		return ErrDriverAlreadyRegistered
-	}
-	dockerInitFcts[name] = fct
-	return nil
-}
-
-func GetInitFunc(name string) (InitFunc, error) {
-	fct, ok := dockerInitFcts[name]
-	if !ok {
-		return nil, ErrDriverNotFound
-	}
-	return fct, nil
-}
-
-// Args provided to the init function for a driver
-type InitArgs struct {
-	User       string
-	Gateway    string
-	Ip         string
-	WorkDir    string
-	Privileged bool
-	Env        []string
-	Args       []string
-	Mtu        int
-	Driver     string
-	Console    string
-	Pipe       int
-	Root       string
-	CapAdd     string
-	CapDrop    string
-}
+type StartCallback func(*Command)
 
 // Driver specific information based on
 // processes registered with the driver
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index df4b50e3ad..93dd1509ce 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -5,12 +5,10 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
-	"runtime"
 	"strconv"
 	"strings"
 	"syscall"
@@ -27,34 +25,6 @@ import (
 
 const DriverName = "lxc"
 
-func init() {
-	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
-		runtime.LockOSThread()
-		if err := setupEnv(args); err != nil {
-			return err
-		}
-		if err := setupHostname(args); err != nil {
-			return err
-		}
-		if err := setupNetworking(args); err != nil {
-			return err
-		}
-		if err := finalizeNamespace(args); err != nil {
-			return err
-		}
-
-		path, err := exec.LookPath(args.Args[0])
-		if err != nil {
-			log.Printf("Unable to locate %v", args.Args[0])
-			os.Exit(127)
-		}
-		if err := syscall.Exec(path, args.Args, os.Environ()); err != nil {
-			return fmt.Errorf("dockerinit unable to execute %s - %s", path, err)
-		}
-		panic("Unreachable")
-	})
-}
-
 type driver struct {
 	root       string // root path for the driver to use
 	initPath   string
@@ -67,6 +37,7 @@ func NewDriver(root, initPath string, apparmor bool) (*driver, error) {
 	if err := linkLxcStart(root); err != nil {
 		return nil, err
 	}
+
 	return &driver{
 		apparmor:   apparmor,
 		root:       root,
@@ -108,8 +79,6 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		"-f", configPath,
 		"--",
 		c.InitPath,
-		"-driver",
-		DriverName,
 	}
 
 	if c.Network.Interface != nil {
diff --git a/components/engine/daemon/execdriver/lxc/init.go b/components/engine/daemon/execdriver/lxc/init.go
index 246c56f0c1..2a91bbb5f5 100644
--- a/components/engine/daemon/execdriver/lxc/init.go
+++ b/components/engine/daemon/execdriver/lxc/init.go
@@ -2,19 +2,116 @@ package lxc
 
 import (
 	"encoding/json"
+	"flag"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"net"
 	"os"
+	"os/exec"
+	"runtime"
 	"strings"
 	"syscall"
 
-	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/reexec"
 	"github.com/docker/libcontainer/netlink"
 )
 
+// Args provided to the init function for a driver
+type InitArgs struct {
+	User       string
+	Gateway    string
+	Ip         string
+	WorkDir    string
+	Privileged bool
+	Env        []string
+	Args       []string
+	Mtu        int
+	Console    string
+	Pipe       int
+	Root       string
+	CapAdd     string
+	CapDrop    string
+}
+
+func init() {
+	// like always lxc requires a hack to get this to work
+	reexec.Register("/.dockerinit", dockerInititalizer)
+}
+
+func dockerInititalizer() {
+	initializer()
+}
+
+// initializer is the lxc driver's init function that is run inside the namespace to setup
+// additional configurations
+func initializer() {
+	runtime.LockOSThread()
+
+	args := getArgs()
+
+	if err := setupNamespace(args); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func setupNamespace(args *InitArgs) error {
+	if err := setupEnv(args); err != nil {
+		return err
+	}
+	if err := setupHostname(args); err != nil {
+		return err
+	}
+	if err := setupNetworking(args); err != nil {
+		return err
+	}
+	if err := finalizeNamespace(args); err != nil {
+		return err
+	}
+
+	path, err := exec.LookPath(args.Args[0])
+	if err != nil {
+		log.Printf("Unable to locate %v", args.Args[0])
+		os.Exit(127)
+	}
+
+	if err := syscall.Exec(path, args.Args, os.Environ()); err != nil {
+		return fmt.Errorf("dockerinit unable to execute %s - %s", path, err)
+	}
+
+	return nil
+}
+
+func getArgs() *InitArgs {
+	var (
+		// Get cmdline arguments
+		user       = flag.String("u", "", "username or uid")
+		gateway    = flag.String("g", "", "gateway address")
+		ip         = flag.String("i", "", "ip address")
+		workDir    = flag.String("w", "", "workdir")
+		privileged = flag.Bool("privileged", false, "privileged mode")
+		mtu        = flag.Int("mtu", 1500, "interface mtu")
+		capAdd     = flag.String("cap-add", "", "capabilities to add")
+		capDrop    = flag.String("cap-drop", "", "capabilities to drop")
+	)
+
+	flag.Parse()
+
+	return &InitArgs{
+		User:       *user,
+		Gateway:    *gateway,
+		Ip:         *ip,
+		WorkDir:    *workDir,
+		Privileged: *privileged,
+		Args:       flag.Args(),
+		Mtu:        *mtu,
+		CapAdd:     *capAdd,
+		CapDrop:    *capDrop,
+	}
+}
+
 // Clear environment pollution introduced by lxc-start
-func setupEnv(args *execdriver.InitArgs) error {
+func setupEnv(args *InitArgs) error {
 	// Get env
 	var env []string
 	content, err := ioutil.ReadFile(".dockerenv")
@@ -41,7 +138,7 @@ func setupEnv(args *execdriver.InitArgs) error {
 	return nil
 }
 
-func setupHostname(args *execdriver.InitArgs) error {
+func setupHostname(args *InitArgs) error {
 	hostname := getEnv(args, "HOSTNAME")
 	if hostname == "" {
 		return nil
@@ -50,7 +147,7 @@ func setupHostname(args *execdriver.InitArgs) error {
 }
 
 // Setup networking
-func setupNetworking(args *execdriver.InitArgs) error {
+func setupNetworking(args *InitArgs) error {
 	if args.Ip != "" {
 		// eth0
 		iface, err := net.InterfaceByName("eth0")
@@ -95,7 +192,7 @@ func setupNetworking(args *execdriver.InitArgs) error {
 }
 
 // Setup working directory
-func setupWorkingDirectory(args *execdriver.InitArgs) error {
+func setupWorkingDirectory(args *InitArgs) error {
 	if args.WorkDir == "" {
 		return nil
 	}
@@ -105,7 +202,7 @@ func setupWorkingDirectory(args *execdriver.InitArgs) error {
 	return nil
 }
 
-func getEnv(args *execdriver.InitArgs, key string) string {
+func getEnv(args *InitArgs, key string) string {
 	for _, kv := range args.Env {
 		parts := strings.SplitN(kv, "=", 2)
 		if parts[0] == key && len(parts) == 2 {
diff --git a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
index 9f294f6458..625caa1608 100644
--- a/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
+++ b/components/engine/daemon/execdriver/lxc/lxc_init_linux.go
@@ -17,7 +17,7 @@ func setHostname(hostname string) error {
 	return syscall.Sethostname([]byte(hostname))
 }
 
-func finalizeNamespace(args *execdriver.InitArgs) error {
+func finalizeNamespace(args *InitArgs) error {
 	if err := utils.CloseExecFrom(3); err != nil {
 		return err
 	}
diff --git a/components/engine/daemon/execdriver/native/driver.go b/components/engine/daemon/execdriver/native/driver.go
index 61edd54d0f..c45188b6bc 100644
--- a/components/engine/daemon/execdriver/native/driver.go
+++ b/components/engine/daemon/execdriver/native/driver.go
@@ -22,7 +22,6 @@ import (
 	"github.com/docker/libcontainer/cgroups/systemd"
 	consolepkg "github.com/docker/libcontainer/console"
 	"github.com/docker/libcontainer/namespaces"
-	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/system"
 )
 
@@ -31,38 +30,6 @@ const (
 	Version    = "0.2"
 )
 
-func init() {
-	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
-		var container *libcontainer.Config
-		f, err := os.Open(filepath.Join(args.Root, "container.json"))
-		if err != nil {
-			return err
-		}
-
-		if err := json.NewDecoder(f).Decode(&container); err != nil {
-			f.Close()
-			return err
-		}
-		f.Close()
-
-		rootfs, err := os.Getwd()
-		if err != nil {
-			return err
-		}
-
-		syncPipe, err := syncpipe.NewSyncPipeFromFd(0, uintptr(args.Pipe))
-		if err != nil {
-			return err
-		}
-
-		if err := namespaces.Init(container, rootfs, args.Console, syncPipe, args.Args); err != nil {
-			return err
-		}
-
-		return nil
-	})
-}
-
 type activeContainer struct {
 	container *libcontainer.Config
 	cmd       *exec.Cmd
@@ -133,13 +100,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	}
 
 	return namespaces.Exec(container, c.Stdin, c.Stdout, c.Stderr, c.Console, c.Rootfs, dataPath, args, func(container *libcontainer.Config, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd {
-		// we need to join the rootfs because namespaces will setup the rootfs and chroot
-		initPath := filepath.Join(c.Rootfs, c.InitPath)
-
 		c.Path = d.initPath
 		c.Args = append([]string{
-			initPath,
-			"-driver", DriverName,
+			DriverName,
 			"-console", console,
 			"-pipe", "3",
 			"-root", filepath.Join(d.root, c.ID),
diff --git a/components/engine/daemon/execdriver/native/init.go b/components/engine/daemon/execdriver/native/init.go
new file mode 100644
index 0000000000..5661454162
--- /dev/null
+++ b/components/engine/daemon/execdriver/native/init.go
@@ -0,0 +1,65 @@
+// +build linux
+
+package native
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"github.com/docker/docker/reexec"
+	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/namespaces"
+	"github.com/docker/libcontainer/syncpipe"
+)
+
+func init() {
+	reexec.Register(DriverName, initializer)
+}
+
+func initializer() {
+	runtime.LockOSThread()
+
+	var (
+		pipe    = flag.Int("pipe", 0, "sync pipe fd")
+		console = flag.String("console", "", "console (pty slave) path")
+		root    = flag.String("root", ".", "root path for configuration files")
+	)
+
+	flag.Parse()
+
+	var container *libcontainer.Config
+	f, err := os.Open(filepath.Join(*root, "container.json"))
+	if err != nil {
+		writeError(err)
+	}
+
+	if err := json.NewDecoder(f).Decode(&container); err != nil {
+		f.Close()
+		writeError(err)
+	}
+	f.Close()
+
+	rootfs, err := os.Getwd()
+	if err != nil {
+		writeError(err)
+	}
+
+	syncPipe, err := syncpipe.NewSyncPipeFromFd(0, uintptr(*pipe))
+	if err != nil {
+		writeError(err)
+	}
+
+	if err := namespaces.Init(container, rootfs, *console, syncPipe, flag.Args()); err != nil {
+		writeError(err)
+	}
+
+	panic("Unreachable")
+}
+
+func writeError(err error) {
+	fmt.Sprint(os.Stderr, err)
+}
diff --git a/components/engine/docker/client.go b/components/engine/docker/client.go
index 4565d6d6a1..27001cc557 100644
--- a/components/engine/docker/client.go
+++ b/components/engine/docker/client.go
@@ -8,10 +8,6 @@ import (
 
 const CanDaemon = false
 
-func mainSysinit() {
-	log.Fatal("This is a client-only binary - running it as 'dockerinit' is not supported.")
-}
-
 func mainDaemon() {
 	log.Fatal("This is a client-only binary - running the Docker daemon is not supported.")
 }
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 15d9c4856f..e886f99a1b 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -7,20 +7,16 @@ import (
 	"net"
 
 	"github.com/docker/docker/builtins"
+	_ "github.com/docker/docker/daemon/execdriver/lxc"
+	_ "github.com/docker/docker/daemon/execdriver/native"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
 	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/pkg/signal"
-	"github.com/docker/docker/sysinit"
 )
 
 const CanDaemon = true
 
-func mainSysinit() {
-	// Running in init mode
-	sysinit.SysInit()
-}
-
 func mainDaemon() {
 	if flag.NArg() != 0 {
 		flag.Usage()
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 38a4da0d44..b20db7c16b 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/api/client"
 	"github.com/docker/docker/dockerversion"
 	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reexec"
 	"github.com/docker/docker/utils"
 )
 
@@ -23,8 +24,7 @@ const (
 )
 
 func main() {
-	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
-		mainSysinit()
+	if reexec.Init() {
 		return
 	}
 
diff --git a/components/engine/dockerinit/dockerinit.go b/components/engine/dockerinit/dockerinit.go
index 3507d3e5fe..c5bba782b0 100644
--- a/components/engine/dockerinit/dockerinit.go
+++ b/components/engine/dockerinit/dockerinit.go
@@ -1,11 +1,12 @@
 package main
 
 import (
-	"github.com/docker/docker/sysinit"
+	_ "github.com/docker/docker/daemon/execdriver/lxc"
+	_ "github.com/docker/docker/daemon/execdriver/native"
+	"github.com/docker/docker/reexec"
 )
 
 func main() {
 	// Running in init mode
-	sysinit.SysInit()
-	return
+	reexec.Init()
 }
diff --git a/components/engine/reexec/README.md b/components/engine/reexec/README.md
new file mode 100644
index 0000000000..45592ce85a
--- /dev/null
+++ b/components/engine/reexec/README.md
@@ -0,0 +1,5 @@
+## reexec
+
+The `reexec` package facilitates the busybox style reexec of the docker binary that we require because 
+of the forking limitations of using Go.  Handlers can be registered with a name and the argv 0 of 
+the exec of the binary will be used to find and execute custom init paths.
diff --git a/components/engine/reexec/reexec.go b/components/engine/reexec/reexec.go
new file mode 100644
index 0000000000..b46b879882
--- /dev/null
+++ b/components/engine/reexec/reexec.go
@@ -0,0 +1,23 @@
+package reexec
+
+import "os"
+
+var registeredInitializers = make(map[string]func())
+
+// Register adds an initialization func under the specified name
+func Register(name string, initializer func()) {
+	registeredInitializers[name] = initializer
+}
+
+// Init is called as the first part of the exec process and returns true if an
+// initialization function was called.
+func Init() bool {
+	initializer, exists := registeredInitializers[os.Args[0]]
+	if exists {
+		initializer()
+
+		return true
+	}
+
+	return false
+}
diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go
index 65d7bf4e7c..ed8d11827f 100644
--- a/components/engine/sysinit/sysinit.go
+++ b/components/engine/sysinit/sysinit.go
@@ -1,25 +1,11 @@
 package sysinit
 
 import (
-	"flag"
 	"fmt"
-	"log"
 	"os"
 	"runtime"
-
-	"github.com/docker/docker/daemon/execdriver"
-	_ "github.com/docker/docker/daemon/execdriver/lxc"
-	_ "github.com/docker/docker/daemon/execdriver/native"
 )
 
-func executeProgram(args *execdriver.InitArgs) error {
-	dockerInitFct, err := execdriver.GetInitFunc(args.Driver)
-	if err != nil {
-		panic(err)
-	}
-	return dockerInitFct(args)
-}
-
 // Sys Init code
 // This code is run INSIDE the container and is responsible for setting
 // up the environment before running the actual process
@@ -33,40 +19,4 @@ func SysInit() {
 		os.Exit(1)
 	}
 
-	var (
-		// Get cmdline arguments
-		user       = flag.String("u", "", "username or uid")
-		gateway    = flag.String("g", "", "gateway address")
-		ip         = flag.String("i", "", "ip address")
-		workDir    = flag.String("w", "", "workdir")
-		privileged = flag.Bool("privileged", false, "privileged mode")
-		mtu        = flag.Int("mtu", 1500, "interface mtu")
-		driver     = flag.String("driver", "", "exec driver")
-		pipe       = flag.Int("pipe", 0, "sync pipe fd")
-		console    = flag.String("console", "", "console (pty slave) path")
-		root       = flag.String("root", ".", "root path for configuration files")
-		capAdd     = flag.String("cap-add", "", "capabilities to add")
-		capDrop    = flag.String("cap-drop", "", "capabilities to drop")
-	)
-	flag.Parse()
-
-	args := &execdriver.InitArgs{
-		User:       *user,
-		Gateway:    *gateway,
-		Ip:         *ip,
-		WorkDir:    *workDir,
-		Privileged: *privileged,
-		Args:       flag.Args(),
-		Mtu:        *mtu,
-		Driver:     *driver,
-		Console:    *console,
-		Pipe:       *pipe,
-		Root:       *root,
-		CapAdd:     *capAdd,
-		CapDrop:    *capDrop,
-	}
-
-	if err := executeProgram(args); err != nil {
-		log.Fatal(err)
-	}
 }

From 6697829a6887498b50d99f615a88a531d1a3947a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 8 Aug 2014 16:21:53 -0700
Subject: [PATCH 422/516] Remove unsued sysinit package

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 29af9c14e442f5cf3760f439d8c0fffaf84e2268
Component: engine
---
 components/engine/sysinit/README.md  |  4 ----
 components/engine/sysinit/sysinit.go | 22 ----------------------
 2 files changed, 26 deletions(-)
 delete mode 100644 components/engine/sysinit/README.md
 delete mode 100644 components/engine/sysinit/sysinit.go

diff --git a/components/engine/sysinit/README.md b/components/engine/sysinit/README.md
deleted file mode 100644
index c28d0298b8..0000000000
--- a/components/engine/sysinit/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Sys Init code
-
-This code is run INSIDE the container and is responsible for setting
-up the environment before running the actual process
diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go
deleted file mode 100644
index ed8d11827f..0000000000
--- a/components/engine/sysinit/sysinit.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package sysinit
-
-import (
-	"fmt"
-	"os"
-	"runtime"
-)
-
-// Sys Init code
-// This code is run INSIDE the container and is responsible for setting
-// up the environment before running the actual process
-func SysInit() {
-	// The very first thing that we should do is lock the thread so that other
-	// system level options will work and not have issues, i.e. setns
-	runtime.LockOSThread()
-
-	if len(os.Args) <= 1 {
-		fmt.Println("You should not invoke dockerinit manually")
-		os.Exit(1)
-	}
-
-}

From 42c37ddd04ec3a3af697e8e77050fd18c001c523 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 8 Aug 2014 16:27:13 -0700
Subject: [PATCH 423/516] Fix hack in old integration test for new init

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 9694209241074c10d4cc625b24dfedcb2387de93
Component: engine
---
 components/engine/integration/runtime_test.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 45a2a29cf5..5148af01ba 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -20,8 +20,8 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/nat"
+	"github.com/docker/docker/reexec"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/sysinit"
 	"github.com/docker/docker/utils"
 )
 
@@ -94,8 +94,7 @@ func init() {
 	os.Setenv("DOCKER_TMPDIR", unitTestDockerTmpdir)
 
 	// Hack to run sys init during unit testing
-	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
-		sysinit.SysInit()
+	if reexec.Init() {
 		return
 	}
 

From 1b06736c1b9c7c9465b3934b6afc59132a4f16e7 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Sun, 10 Aug 2014 20:09:46 +0200
Subject: [PATCH 424/516] Add "DEBIAN_FRONTEND" to FAQ
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added some explanation on using ‘DEBIAN_FRONTEND’ to the FAQs. As
discussed here;
https://github.com/docker/docker/pull/7035#issuecomment-50967867

Docker-DCO-1.1-Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (github: thaJeztah)
Upstream-commit: 2e5d35c1f1bf0b565b288fa9146059d9f3af61b7
Component: engine
---
 components/engine/docs/sources/faq.md | 32 +++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/components/engine/docs/sources/faq.md b/components/engine/docs/sources/faq.md
index d903aabf86..531afc3ea7 100644
--- a/components/engine/docs/sources/faq.md
+++ b/components/engine/docs/sources/faq.md
@@ -225,6 +225,38 @@ Downloading and installing an "all-in-one" .deb or .rpm sounds great at first,
 except if you have no way to figure out that it contains a copy of the
 OpenSSL library vulnerable to the [Heartbleed](http://heartbleed.com/) bug.
 
+### Why is `DEBIAN_FRONTEND=noninteractive` discouraged in Dockerfiles?
+
+When building Docker images on Debian and Ubuntu you may have seen errors like:
+
+    unable to initialize frontend: Dialog
+
+These errors don't stop the image from being built but inform you that the
+installation process tried to open a dialog box, but was unable to. 
+Generally, these errors are safe to ignore.
+
+Some people circumvent these errors by changing the `DEBIAN_FRONTEND` 
+environment variable inside the Dockerfile using:
+
+    ENV DEBIAN_FRONTEND=noninteractive
+
+This prevents the installer from opening dialog boxes during installation 
+which stops the errors.
+
+While this may sound like a good idea, it *may* have side effects. 
+The `DEBIAN_FRONTEND` environment variable will be inherited by all 
+images and containers built from your image, effectively changing
+their behavior. People using those images will run into problems when
+installing software interactively, because installers will not show
+any dialog boxes.
+
+Because of this, and because setting `DEBIAN_FRONTEND` to `noninteractive` is
+mainly a 'cosmetic' change, we *discourage* changing it.
+
+If you *really* need to change its setting, make sure to change it
+back to its [default value](https://www.debian.org/releases/stable/i386/ch05s03.html.en) 
+afterwards.
+
 ### Can I help by adding some questions and answers?
 
 Definitely! You can fork [the repo](https://github.com/docker/docker) and

From 29770af1da256ca48f82cec1ca56aa3f7098db8d Mon Sep 17 00:00:00 2001
From: lalyos <lalyos@yahoo.com>
Date: Mon, 11 Aug 2014 23:36:09 +0200
Subject: [PATCH 425/516] Add test case for identical short and long version
 numbers

Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com>
Upstream-commit: 8a4d2d6f7fc2f9ab5ea488d4b4ba76313862fbc0
Component: engine
---
 components/engine/pkg/version/version_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/engine/pkg/version/version_test.go b/components/engine/pkg/version/version_test.go
index 27c0536c2f..c02ec40fcb 100644
--- a/components/engine/pkg/version/version_test.go
+++ b/components/engine/pkg/version/version_test.go
@@ -12,6 +12,8 @@ func assertVersion(t *testing.T, a, b string, result int) {
 
 func TestCompareVersion(t *testing.T) {
 	assertVersion(t, "1.12", "1.12", 0)
+	assertVersion(t, "1.0.0", "1", 0)
+	assertVersion(t, "1", "1.0.0", 0)
 	assertVersion(t, "1.05.00.0156", "1.0.221.9289", 1)
 	assertVersion(t, "1", "1.0.1", -1)
 	assertVersion(t, "1.0.1", "1", 1)

From 424449854e0b38ac6599474677c5bd359eba9f18 Mon Sep 17 00:00:00 2001
From: lalyos <lalyos@yahoo.com>
Date: Mon, 11 Aug 2014 23:40:35 +0200
Subject: [PATCH 426/516] Fix equal short-long version number comparison

Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com>
Upstream-commit: 58ef92f89e5c6637506d2d03784daba50e82d7ff
Component: engine
---
 components/engine/pkg/version/version.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/components/engine/pkg/version/version.go b/components/engine/pkg/version/version.go
index 5ff9d2ed2a..6a7d63544b 100644
--- a/components/engine/pkg/version/version.go
+++ b/components/engine/pkg/version/version.go
@@ -12,9 +12,17 @@ func (me Version) compareTo(other Version) int {
 		meTab    = strings.Split(string(me), ".")
 		otherTab = strings.Split(string(other), ".")
 	)
-	for i, s := range meTab {
+
+	max := len(meTab)
+	if len(otherTab) > max {
+		max = len(otherTab)
+	}
+	for i := 0; i < max; i++ {
 		var meInt, otherInt int
-		meInt, _ = strconv.Atoi(s)
+
+		if len(meTab) > i {
+			meInt, _ = strconv.Atoi(meTab[i])
+		}
 		if len(otherTab) > i {
 			otherInt, _ = strconv.Atoi(otherTab[i])
 		}
@@ -25,9 +33,6 @@ func (me Version) compareTo(other Version) int {
 			return -1
 		}
 	}
-	if len(otherTab) > len(meTab) {
-		return -1
-	}
 	return 0
 }
 

From 937986426372d3b77f22ea05a77533f60e5f3fc3 Mon Sep 17 00:00:00 2001
From: ChristoperBiscardi <biscarch@sketcht.com>
Date: Mon, 11 Aug 2014 16:37:58 -0700
Subject: [PATCH 427/516] Private Repos Copy Change

Docker-DCO-1.1-Signed-off-by: Christopher Biscardi <biscarch@sketcht.com> (github: ChristopherBiscardi)
Upstream-commit: df9650eebb12d980aaf114ac7b2223764dc964b7
Component: engine
---
 components/engine/docs/sources/docker-hub/repos.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/docker-hub/repos.md b/components/engine/docs/sources/docker-hub/repos.md
index 3fa901cfbb..8d76d5a5df 100644
--- a/components/engine/docs/sources/docker-hub/repos.md
+++ b/components/engine/docs/sources/docker-hub/repos.md
@@ -67,7 +67,7 @@ optimized and up-to-date image to power your applications.
 > organization, product or team you can see more information
 > [here](https://github.com/docker/stackbrew).
 
-## Private Docker Repositories
+## Private Repositories
 
 Private repositories allow you to have repositories that contain images
 that you want to keep private, either to your own account or within an

From 9eaa1997299d2e3777b3b78fbae99689b514efc1 Mon Sep 17 00:00:00 2001
From: ChristoperBiscardi <biscarch@sketcht.com>
Date: Mon, 11 Aug 2014 17:12:34 -0700
Subject: [PATCH 428/516] Remove Old shiftWindow()

closes #7493

Docker-DCO-1.1-Signed-off-by: Christopher Biscardi <biscarch@sketcht.com> (github: ChristopherBiscardi)
Upstream-commit: 1e2ce72ffe28867021121745538c636e22f6f9e8
Component: engine
---
 components/engine/docs/theme/mkdocs/base.html | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/components/engine/docs/theme/mkdocs/base.html b/components/engine/docs/theme/mkdocs/base.html
index f4dfeef038..2f518b5d59 100644
--- a/components/engine/docs/theme/mkdocs/base.html
+++ b/components/engine/docs/theme/mkdocs/base.html
@@ -132,17 +132,6 @@ piCId = '1482';
 })();
 </script>
 <script type="text/javascript">
-  // Function to make the sticky header possible
-  var shiftWindow = function() {
-    scrollBy(0, -80);
-  };
-
-  window.addEventListener("hashchange", shiftWindow);
-  $(window).load(function() {
-    if (window.location.hash) {
-      shiftWindow();
-    }
-  });
   $(document).ready(function() {
     $('#content').css("min-height", $(window).height() - 553 );
     // load the complete versions list

From b38de9ff8f5254563f8f361d52350349745ec1bc Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@docker.com>
Date: Mon, 4 Aug 2014 16:13:22 +1000
Subject: [PATCH 429/516] tell the user what to expect, including that it is a
 verbode process.

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: b94f2c4c6d6fa7b3efc0dbf8874735b12d00b57c
Component: engine
---
 .../engine/docs/sources/articles/https.md     | 69 ++++++++++++++++---
 1 file changed, 58 insertions(+), 11 deletions(-)

diff --git a/components/engine/docs/sources/articles/https.md b/components/engine/docs/sources/articles/https.md
index a05363be14..739b724c84 100644
--- a/components/engine/docs/sources/articles/https.md
+++ b/components/engine/docs/sources/articles/https.md
@@ -31,25 +31,64 @@ keys:
 
     $ echo 01 > ca.srl
     $ openssl genrsa -des3 -out ca-key.pem 2048
+    Generating RSA private key, 2048 bit long modulus
+    ......+++
+    ...............+++
+    e is 65537 (0x10001)
+    Enter pass phrase for ca-key.pem:
+    Verifying - Enter pass phrase for ca-key.pem:
     $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
+    Enter pass phrase for ca-key.pem:
+     You are about to be asked to enter information that will be incorporated
+     into your certificate request.
+     What you are about to enter is what is called a Distinguished Name or a DN.
+     There are quite a few fields but you can leave some blank
+     For some fields there will be a default value,
+     If you enter '.', the field will be left blank.
+     -----
+     Country Name (2 letter code) [AU]:
+     State or Province Name (full name) [Some-State]:Queensland
+     Locality Name (eg, city) []:Brisbane
+     Organization Name (eg, company) [Internet Widgits Pty Ltd]:Docker Inc
+     Organizational Unit Name (eg, section) []:Boot2Docker
+     Common Name (e.g. server FQDN or YOUR name) []:your.host.com
+     Email Address []:Sven@home.org.au
 
 Now that we have a CA, you can create a server key and certificate
 signing request (CSR). Make sure that "Common Name" (i.e. server FQDN or YOUR
 name) matches the hostname you will use to connect to Docker:
 
     $ openssl genrsa -des3 -out server-key.pem 2048
+    Generating RSA private key, 2048 bit long modulus
+    ......................................................+++
+    ............................................+++
+    e is 65537 (0x10001)
+    Enter pass phrase for server-key.pem:
+    Verifying - Enter pass phrase for server-key.pem:
     $ openssl req -subj '/CN=<Your Hostname Here>' -new -key server-key.pem -out server.csr
+    Enter pass phrase for server-key.pem:
 
-Next we're going to sign the key with our CA:
+Next, we're going to sign the key with our CA:
 
     $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \
       -out server-cert.pem
+    Signature ok
+    subject=/CN=your.host.com
+    Getting CA Private Key
+    Enter pass phrase for ca-key.pem:
 
 For client authentication, create a client key and certificate signing
 request:
 
-    $ openssl genrsa -des3 -out client-key.pem 2048
-    $ openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
+    $ openssl genrsa -des3 -out key.pem 2048
+    Generating RSA private key, 2048 bit long modulus
+    ...............................................+++
+    ...............................................................+++
+    e is 65537 (0x10001)
+    Enter pass phrase for key.pem:
+    Verifying - Enter pass phrase for key.pem:
+    $ openssl req -subj '/CN=client' -new -key key.pem -out client.csr
+    Enter pass phrase for key.pem:
 
 To make the key suitable for client authentication, create an extensions
 config file:
@@ -59,12 +98,20 @@ config file:
 Now sign the key:
 
     $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-      -out client-cert.pem -extfile extfile.cnf
+      -out cert.pem -extfile extfile.cnf
+    Signature ok
+    subject=/CN=client
+    Getting CA Private Key
+    Enter pass phrase for ca-key.pem:
 
 Finally, you need to remove the passphrase from the client and server key:
 
     $ openssl rsa -in server-key.pem -out server-key.pem
-    $ openssl rsa -in client-key.pem -out client-key.pem
+    Enter pass phrase for server-key.pem:
+    writing RSA key
+    $ openssl rsa -in key.pem -out key.pem
+    Enter pass phrase for key.pem:
+    writing RSA key
 
 Now you can make the Docker daemon only accept connections from clients
 providing a certificate trusted by our CA:
@@ -75,8 +122,8 @@ providing a certificate trusted by our CA:
 To be able to connect to Docker and validate its certificate, you now
 need to provide your client keys, certificates and trusted CA:
 
-    $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \
-      -H=dns-name-of-docker-host:2376
+    $ docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
+      -H=dns-name-of-docker-host:2376 version
 
 > **Note**:
 > Docker over TLS should run on TCP port 2376.
@@ -95,11 +142,11 @@ the files to the `.docker` directory in your home directory - and set the
 `DOCKER_HOST` variable as well.
 
     $ cp ca.pem ~/.docker/ca.pem
-    $ cp client-cert.pem ~/.docker/cert.pem
-    $ cp client-key.pem ~/.docker/key.pem
+    $ cp cert.pem ~/.docker/cert.pem
+    $ cp key.pem ~/.docker/key.pem
     $ export DOCKER_HOST=tcp://:2376
 
-Then you can just run Docker with the `--tlsverify` option.
+Then you can run Docker with the `--tlsverify` option.
 
     $ docker --tlsverify ps
 
@@ -127,5 +174,5 @@ to drop your keys into `~/.docker/<ca, cert or key>.pem`. Alternatively,
 if you want to store your keys in another location, you can specify that
 location using the environment variable `DOCKER_CERT_PATH`.
 
-    $ export DOCKER_CERT_PATH=${HOME}/.dockers/zone1/
+    $ export DOCKER_CERT_PATH=${HOME}/.docker/zone1/
     $ docker --tlsverify ps

From 47e45ae0eb103eb12001f904eefb0b012639769b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 11 Aug 2014 18:13:27 -0700
Subject: [PATCH 430/516] Panic if trying to register an func with the same
 name

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 1a249a5feb9880465594299c1d4965b160e4a14e
Component: engine
---
 components/engine/reexec/reexec.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/components/engine/reexec/reexec.go b/components/engine/reexec/reexec.go
index b46b879882..6a199e1ff1 100644
--- a/components/engine/reexec/reexec.go
+++ b/components/engine/reexec/reexec.go
@@ -1,11 +1,18 @@
 package reexec
 
-import "os"
+import (
+	"fmt"
+	"os"
+)
 
 var registeredInitializers = make(map[string]func())
 
 // Register adds an initialization func under the specified name
 func Register(name string, initializer func()) {
+	if _, exists := registeredInitializers[name]; exists {
+		panic(fmt.Sprintf("reexec func already registred under name %q", name))
+	}
+
 	registeredInitializers[name] = initializer
 }
 

From f5781e0e4972ff3d410eb25e72a98b66e2ff6d8b Mon Sep 17 00:00:00 2001
From: "Ciro S. Costa" <ciro.costa@usp.br>
Date: Tue, 12 Aug 2014 02:56:57 -0300
Subject: [PATCH 431/516] Updates docs regarding linux mint troubleshot

Signed-off-by: Ciro S. Costa <ciro.costa@usp.br>
Upstream-commit: fcddecc828a95083db8975391e623289b2fe1254
Component: engine
---
 components/engine/docs/sources/installation/ubuntulinux.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/docs/sources/installation/ubuntulinux.md b/components/engine/docs/sources/installation/ubuntulinux.md
index 5ddc791f4f..673ea18b0c 100644
--- a/components/engine/docs/sources/installation/ubuntulinux.md
+++ b/components/engine/docs/sources/installation/ubuntulinux.md
@@ -266,11 +266,11 @@ These parameters will help you get rid of the following warnings:
 
 ## Troubleshooting
 
-On Linux Mint, the `cgroup-lite` package is not
+On Linux Mint, the `cgroup-lite` and `apparmor` packages are not
 installed by default. Before Docker will work correctly, you will need
 to install this via:
 
-    $ sudo apt-get update && sudo apt-get install cgroup-lite
+    $ sudo apt-get update && sudo apt-get install cgroup-lite apparmor
 
 ## Docker and UFW
 

From 3f9bc8ad8ac2c216c91e44acf852d4a02e2d3102 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Tue, 12 Aug 2014 11:48:36 +0400
Subject: [PATCH 432/516] Move TestRunWorkdirExistsAndIsFile to integration-cli

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: a44f065f171cb91867630e752c09fde4b01d4c98
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 11 +++++++++++
 .../engine/integration/commands_test.go       | 19 -------------------
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 4f004fac13..8bd67f4745 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1481,3 +1481,14 @@ func TestRunCleanupCmdOnEntrypoint(t *testing.T) {
 	}
 	logDone("run - cleanup cmd on --entrypoint")
 }
+
+// TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
+func TestRunWorkdirExistsAndIsFile(t *testing.T) {
+	defer deleteAllContainers()
+	runCmd := exec.Command(dockerBinary, "run", "-w", "/bin/cat", "busybox")
+	out, exit, err := runCommandWithOutput(runCmd)
+	if !(err != nil && exit == 1 && strings.Contains(out, "Cannot mkdir: /bin/cat is not a directory")) {
+		t.Fatalf("Docker must complains about making dir, but we got out: %s, exit: %d, err: %s", out, exit, err)
+	}
+	logDone("run - error on existing file for workdir")
+}
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 44e77e1c7e..0212fdd6d4 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -113,25 +113,6 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 	return nil
 }
 
-// TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
-func TestRunWorkdirExistsAndIsFile(t *testing.T) {
-
-	cli := client.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-	defer cleanup(globalEngine, t)
-
-	c := make(chan struct{})
-	go func() {
-		defer close(c)
-		if err := cli.CmdRun("-w", "/bin/cat", unitTestImageID, "pwd"); err == nil {
-			t.Fatal("should have failed to run when using /bin/cat as working dir.")
-		}
-	}()
-
-	setTimeout(t, "CmdRun timed out", 5*time.Second, func() {
-		<-c
-	})
-}
-
 func TestRunExit(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()

From 855652ad6cac8c544cbb3ad7540fd6d53c600807 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Tue, 12 Aug 2014 13:36:49 +0400
Subject: [PATCH 433/516] Move TestRunExit to integration-cli

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: c19e0fe7e2c626218c854aa97fd3f23d29f11615
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 57 +++++++++++++++++++
 .../engine/integration/commands_test.go       | 51 -----------------
 2 files changed, 57 insertions(+), 51 deletions(-)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 8bd67f4745..2c065caacc 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -12,6 +13,7 @@ import (
 	"strings"
 	"sync"
 	"testing"
+	"time"
 
 	"github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
@@ -1492,3 +1494,58 @@ func TestRunWorkdirExistsAndIsFile(t *testing.T) {
 	}
 	logDone("run - error on existing file for workdir")
 }
+
+func TestRunExitOnStdinClose(t *testing.T) {
+	name := "testrunexitonstdinclose"
+	defer deleteAllContainers()
+	runCmd := exec.Command(dockerBinary, "run", "--name", name, "-i", "busybox", "/bin/cat")
+
+	stdin, err := runCmd.StdinPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	stdout, err := runCmd.StdoutPipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := runCmd.Start(); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := stdin.Write([]byte("hello\n")); err != nil {
+		t.Fatal(err)
+	}
+
+	r := bufio.NewReader(stdout)
+	line, err := r.ReadString('\n')
+	if err != nil {
+		t.Fatal(err)
+	}
+	line = strings.TrimSpace(line)
+	if line != "hello" {
+		t.Fatalf("Output should be 'hello', got '%q'", line)
+	}
+	if err := stdin.Close(); err != nil {
+		t.Fatal(err)
+	}
+	finish := make(chan struct{})
+	go func() {
+		if err := runCmd.Wait(); err != nil {
+			t.Fatal(err)
+		}
+		close(finish)
+	}()
+	select {
+	case <-finish:
+	case <-time.After(1 * time.Second):
+		t.Fatal("docker run failed to exit on stdin close")
+	}
+	state, err := inspectField(name, "State.Running")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if state != "false" {
+		t.Fatal("Container must be stopped after stdin closing")
+	}
+	logDone("run - exit on stdin closing")
+}
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 0212fdd6d4..1dce2d5204 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -113,57 +113,6 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 	return nil
 }
 
-func TestRunExit(t *testing.T) {
-	stdin, stdinPipe := io.Pipe()
-	stdout, stdoutPipe := io.Pipe()
-
-	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-	defer cleanup(globalEngine, t)
-
-	c1 := make(chan struct{})
-	go func() {
-		cli.CmdRun("-i", unitTestImageID, "/bin/cat")
-		close(c1)
-	}()
-
-	setTimeout(t, "Read/Write assertion timed out", 2*time.Second, func() {
-		if err := assertPipe("hello\n", "hello", stdout, stdinPipe, 150); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	container := globalDaemon.List()[0]
-
-	// Closing /bin/cat stdin, expect it to exit
-	if err := stdin.Close(); err != nil {
-		t.Fatal(err)
-	}
-
-	// as the process exited, CmdRun must finish and unblock. Wait for it
-	setTimeout(t, "Waiting for CmdRun timed out", 10*time.Second, func() {
-		<-c1
-
-		go func() {
-			cli.CmdWait(container.ID)
-		}()
-
-		if _, err := bufio.NewReader(stdout).ReadString('\n'); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	// Make sure that the client has been disconnected
-	setTimeout(t, "The client should have been disconnected once the remote process exited.", 2*time.Second, func() {
-		// Expecting pipe i/o error, just check that read does not block
-		stdin.Read([]byte{})
-	})
-
-	// Cleanup pipes
-	if err := closeWrap(stdin, stdinPipe, stdout, stdoutPipe); err != nil {
-		t.Fatal(err)
-	}
-}
-
 // Expected behaviour: the process dies when the client disconnects
 func TestRunDisconnect(t *testing.T) {
 

From b9d0f7cfec5b5f29fe8792a698efa5c9430257f8 Mon Sep 17 00:00:00 2001
From: "O.S. Tezer" <ostezer@gmail.com>
Date: Sun, 20 Jul 2014 13:57:36 +0300
Subject: [PATCH 434/516] Docs: articles/certificates.md rewrite.

This commit contains a re-structured re-write of the original
certificated.md file, containing the amendments proposed with
PR #7120 (commit ID bd28595e310ccfa98) by @timthelion.

Related to: https://github.com/dotcloud/docker/pull/7120

2014-07-30: Update/rebase/squash based on the comments from @jamtur01 and @fredlf.
2014-08-12: Update/rebase/squash based on the comments from @fredlf (of 2014-08-12).

Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Upstream-commit: 7df54930716d3674f97d4a7e071a52f3769791ba
Component: engine
---
 .../docs/sources/articles/certificates.md     | 107 +++++++++++-------
 1 file changed, 69 insertions(+), 38 deletions(-)

diff --git a/components/engine/docs/sources/articles/certificates.md b/components/engine/docs/sources/articles/certificates.md
index e8185a518a..90d3f1b356 100644
--- a/components/engine/docs/sources/articles/certificates.md
+++ b/components/engine/docs/sources/articles/certificates.md
@@ -1,44 +1,80 @@
 page_title: Using certificates for repository client verification
-page_description: How to set up per-repository client certificates
-page_keywords: Usage, repository, certificate, root, docker, documentation, examples
+page_description: How to set up and use certificates with a registry to verify access
+page_keywords: Usage, registry, repository, client, root, certificate, docker, apache, ssl, tls, documentation, examples, articles, tutorials
 
 # Using certificates for repository client verification
 
-This lets you specify custom client TLS certificates and CA root for a
-specific registry hostname. Docker will then verify the registry
-against the CA and present the client cert when talking to that
-registry. This allows the registry to verify that the client has a
-proper key, indicating that the client is allowed to access the
-images.
+In [Running Docker with HTTPS](/articles/https), you learned that, by default,
+Docker runs via a non-networked Unix socket and TLS must be enabled in order
+to have the Docker client and the daemon communicate securely over HTTPS.
 
-A custom cert is configured by creating a directory in
-`/etc/docker/certs.d` with the same name as the registry hostname. Inside
-this directory all .crt files are added as CA Roots (if none exists,
-the system default is used) and pair of files `$filename.key` and
-`$filename.cert` indicate a custom certificate to present to the
-registry.
+Now, you will see how to allow the Docker registry (i.e., *a server*) to
+verify that the Docker daemon (i.e., *a client*) has the right to access the
+images being hosted with *certificate-based client-server authentication*.
 
-If there are multiple certificates each one will be tried in
-alphabetical order, proceeding to the next if we get a 403 of 5xx
-response.
+We will show you how to install a Certificate Authority (CA) root certificate
+for the registry and how to set the client TLS certificate for verification.
 
-So, an example setup would be::
+## Understanding the configuration
 
-    /etc/docker/certs.d/
-    └── localhost
-       ├── client.cert
-       ├── client.key
-       └── localhost.crt
+A custom certificate is configured by creating a directory under
+`/etc/docker/certs.d` using the same name as the registry's hostname (e.g.,
+`localhost`). All `*.crt` files are added to this directory as CA roots.
 
-A simple way to test this setup is to use an Apache server to host a
-registry. Just copy a registry tree into the Apache root,
-[here](http://people.gnome.org/~alexl/v1.tar.gz) is an example of one
-containing the busybox image.
+> **Note:**
+> In the absence of any root certificate authorities, Docker
+> will use the system default (i.e., host's root CA set).
 
-Then add this conf file as `/etc/httpd/conf.d/registry.conf`:
+The presence of one or more `<filename>.key/cert` pairs indicates to Docker
+that there are custom certificates required for access to the desired
+repository.
+
+> **Note:**
+> If there are multiple certificates, each will be tried in alphabetical
+> order. If there is an authentication error (e.g., 403, 5xx, etc.), Docker
+> will continue to try with the next certificate.
+
+Our example is set up like this:
+
+    /etc/docker/certs.d/        <-- Certificate directory
+    └── localhost               <-- Hostname
+       ├── client.cert          <-- Client certificate
+       ├── client.key           <-- Client key
+       └── localhost.crt        <-- Registry certificate
+
+## Creating the client certificates
+
+You will use OpenSSL's `genrsa` and `req` commands to first generate an RSA
+key and then use the key to create the certificate request.   
+
+    $ openssl genrsa -out client.key 1024
+    $ openssl req -new -x509 -text -key client.key -out client.cert
+
+> **Warning:**: 
+> Using TLS and managing a CA is an advanced topic.
+> You should be familiar with OpenSSL, x509, and TLS before
+> attempting to use them in production. 
+
+> **Warning:**
+> These TLS commands will only generate a working set of certificates on Linux.
+> The version of OpenSSL in Mac OS X is incompatible with the type of
+> certificate Docker requires.
+
+## Testing the verification setup
+
+You can test this setup by using Apache to host a Docker registry.
+For this purpose, you can copy a registry tree (containing images) inside
+the Apache root.
+
+> **Note:**
+> You can find such an example [here](
+> http://people.gnome.org/~alexl/v1.tar.gz) - which contains the busybox image.
+
+Once you set up the registry, you can use the following Apache configuration
+to implement certificate-based protection.
 
     # This must be in the root context, otherwise it causes a re-negotiation
-    # which is not supported by the tls implementation in go
+    # which is not supported by the TLS implementation in go
     SSLVerifyClient optional_no_ca
 
     <Location /v1>
@@ -50,7 +86,8 @@ Then add this conf file as `/etc/httpd/conf.d/registry.conf`:
     Header set X-Docker-Endpoints "%{custom_host}e"
     </Location>
 
-And this as `/var/www/cgi-bin/cert.cgi`:
+Save the above content as `/etc/httpd/conf.d/registry.conf`, and
+continue with creating a `cert.cgi` file under `/var/www/cgi-bin/`.
 
     #!/bin/bash
     if [ "$HTTPS" != "on" ]; then
@@ -73,11 +110,5 @@ And this as `/var/www/cgi-bin/cert.cgi`:
 
     cat $PATH_TRANSLATED
 
-This will return 403 for all accessed to `/v1` unless any client cert is
-presented. Obviously a real implementation would verify more details
-about the certificate.
-
-Example client certs can be generated with::
-
-    openssl genrsa -out client.key 1024
-    openssl req -new -x509 -text -key client.key -out client.cert
+This CGI script will ensure that all requests to `/v1` *without* a valid
+certificate will be returned with a `403` (i.e., HTTP forbidden) error.

From 137daba41a63db09c1a705047881fe0d85ab6218 Mon Sep 17 00:00:00 2001
From: Tibor Vass <teabee89@gmail.com>
Date: Thu, 7 Aug 2014 14:13:42 -0400
Subject: [PATCH 435/516] Add irc-meetings section in CONTRIBUTING

Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: c58c70b8bdfc4d13faefaab31d2d1539d5478223
Component: engine
---
 components/engine/CONTRIBUTING.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/components/engine/CONTRIBUTING.md b/components/engine/CONTRIBUTING.md
index 140d51914c..165b177450 100644
--- a/components/engine/CONTRIBUTING.md
+++ b/components/engine/CONTRIBUTING.md
@@ -242,6 +242,16 @@ Don't forget: being a maintainer is a time investment. Make sure you
 will have time to make yourself available.  You don't have to be a
 maintainer to make a difference on the project!
 
+### IRC Meetings
+
+There are two monthly meetings taking place on #docker-dev IRC to accomodate all timezones.
+Anybody can ask for a topic to be discussed prior to the meeting.
+
+If you feel the conversation is going off-topic, feel free to point it out.
+
+For the exact dates and times, have a look at [the irc-minutes repo](https://github.com/docker/irc-minutes).
+They also contain all the notes from previous meetings.
+
 ## Docker Community Guidelines
 
 We want to keep the Docker community awesome, growing and collaborative. We

From 48c24b480f5781dc3a5453ca54093cdb338586fc Mon Sep 17 00:00:00 2001
From: Andy Rothfusz <github@developersupport.net>
Date: Tue, 12 Aug 2014 13:24:42 -0700
Subject: [PATCH 436/516] Fix my email entry so that my current email is first
 and the old commit email second.

Docker-DCO-1.1-Signed-off-by: Andy Rothfusz <github@developersupport.net> (github: metalivedev)
Upstream-commit: 88306539773fcd07a5bccf1c402139283a5a8db4
Component: engine
---
 components/engine/.mailmap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/.mailmap b/components/engine/.mailmap
index c9c6d3f94f..47860de4c3 100644
--- a/components/engine/.mailmap
+++ b/components/engine/.mailmap
@@ -54,7 +54,7 @@ Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 <proppy@google.com> <proppy@aminche.com>
 <michael@docker.com> <michael@crosbymichael.com>
 <michael@docker.com> <crosby.michael@gmail.com>
-<github@metaliveblog.com> <github@developersupport.net>
+<github@developersupport.net> <github@metaliveblog.com> 
 <brandon@ifup.org> <brandon@ifup.co>
 <dano@spotify.com> <daniel.norberg@gmail.com>
 <danny@codeaholics.org> <Danny.Yates@mailonline.co.uk>

From db1cb3039c2d60f3b8036bffddca3780b189343d Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Thu, 31 Jul 2014 23:47:19 +0000
Subject: [PATCH 437/516] Add process for PR acceptance, review, rejection

This is an extremely tentative PR.  However, I feel that the suggestions are generally good.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: e4a09cd79d0ee3fbb6a33552a21c53491d9f3953
Component: engine
---
 components/engine/hack/MAINTAINERS.md | 28 ++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/components/engine/hack/MAINTAINERS.md b/components/engine/hack/MAINTAINERS.md
index 8af6013193..1022068e50 100644
--- a/components/engine/hack/MAINTAINERS.md
+++ b/components/engine/hack/MAINTAINERS.md
@@ -55,7 +55,33 @@ All decisions affecting docker, big and small, follow the same 3 steps:
 
 * Step 3: Accept (`LGTM`) or refuse a pull request. The relevant maintainers do 
 this (see below "Who decides what?")
-
+ + Accepting pull requests
+  - If the pull request appears to be ready to merge, give it a `LGTM`, which
+    stands for "Looks Good To Me".
+  - If the pull request has some small problems that need to be changed, make
+    a comment adressing the issues.
+  - If the changes needed to a PR are small, you can add a "LGTM once the
+    following comments are adressed..." this will reduce needless back and
+    forth.
+  - If the PR only needs a few changes before being merged, any MAINTAINER can
+    make a replacement PR that incorporates the existing commits and fixes the
+    problems before a fast track merge.
+ + Closing pull requests
+  - If a PR appears to be abandoned, after having attempted to contact the
+    original contributor, then a replacement PR may be made.  Once the
+    replacement PR is made, any contributor may close the original one.
+  - If you are not sure if the pull request implements a good feature or you
+    do not understand the purpose of the PR, ask the contributor to provide
+    more documentation.  If the contributor is not able to adequately explain
+    the purpose of the PR, the PR may be closed by any MAINTAINER.
+  - If a MAINTAINER feels that the pull request is sufficiently architecturally
+    flawed, or if the pull request needs significantly more design discussion
+    before being considered, the MAINTAINER should close the pull request with
+    a short explanation of what discussion still needs to be had.  It is
+    important not to leave such pull requests open, as this will waste both the
+    MAINTAINER's time and the contributor's time.  It is not good to string a
+    contributor on for weeks or months, having them make many changes to a PR
+    that will eventually be rejected.
 
 ## Who decides what?
 

From dc6c9f58e7db781f81574220681723b0ed34cb25 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 12 Aug 2014 15:37:42 -0600
Subject: [PATCH 438/516] Fix contrib/mkimage/debootstrap for Lucid

Later versions of `apt` are smart enough to just create this directory if it's missing, but Lucid balks (just like `gnupg` and `gpgv` aren't in the Required set so don't come in a minbase -- good ol' Lucid).

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 631fadc0b9c46c1af82f9161deab83a7fb797c2a
Component: engine
---
 components/engine/contrib/mkimage/debootstrap | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/engine/contrib/mkimage/debootstrap b/components/engine/contrib/mkimage/debootstrap
index 3702797ee1..fcda497839 100755
--- a/components/engine/contrib/mkimage/debootstrap
+++ b/components/engine/contrib/mkimage/debootstrap
@@ -188,4 +188,6 @@ fi
 	# delete all the apt list files since they're big and get stale quickly
 	rm -rf "$rootfsDir/var/lib/apt/lists"/*
 	# this forces "apt-get update" in dependent images, which is also good
+	
+	mkdir "$rootfsDir/var/lib/apt/lists/partial" # Lucid... "E: Lists directory /var/lib/apt/lists/partial is missing."
 )

From d0c03fc90184685a191a8858d8af8ec99f7fc77d Mon Sep 17 00:00:00 2001
From: Hollie Teal <hollie@docker.com>
Date: Tue, 12 Aug 2014 15:21:55 -0700
Subject: [PATCH 439/516] Added fredlf's suggested changes.

Signed-off-by: Hollie Teal <hollie@docker.com>
Upstream-commit: af5ced62ca604846b5e9ab852c7d47c9c176c702
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  | 34 +++++++++++++++----
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index 3e323af3c8..a3b0d4da6a 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -63,14 +63,24 @@ public or private GitHub repositories with a `Dockerfile`.
 
 ### GitHub Submodules
 
-If your repository contains links to private submodules, you'll
-need to add a deploy key so that the Docker Hub will be able to
-clone the repository from GitHub. 
+<<<<<<< HEAD
+If your GitHub repository contains links to private submodules, you'll
+need to add a deploy key from your Docker Hub repository. 
 
 Your Docker Hub deploy key is located under the "Build Details"
-menu on the automated build's main page in the Hub. Add this key
-to your GitHub submodule by viewing the Settings page for the
+menu on the Automated Build's main page in the Hub. Add this key
+to your GitHub submodule by visiting the Settings page for the
 repository on GitHub and selecting "Deploy keys".
+=======
+### GitHub Submodules
+
+If your repository contains links to private submodules, you'll need
+to add a deploy key from Docker Hub. 
+
+Your Docker Hub deploy key is located under the "Build Details" menu on 
+the automated build's main page in the Hub. Add this key to your GitHub 
+submodule by visiting the Settings page for the repository on GitHub and 
+selecting "Deploy keys".
 
 <table class="table table-bordered">
   <thead>
@@ -84,17 +94,27 @@ repository on GitHub and selecting "Deploy keys".
     <tr>
       <td>1.</td>
       <td><img src="/docker-hub/hub-images/deploy_key.png"></td>
-      <td>Your automated build's deploy key is in the "Build Details" menu under "Deploy keys".</td>
+      <td>Your automated build's deploy key is in the "Build Details" menu 
+under "Deploy keys".</td>
     </tr>
     <tr>
       <td>2.</td>
       <td><img src="/docker-hub/hub-images/github_deploy_key.png"></td>
-      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub Automated Build.</td>
+      <td>In your GitHub submodule's repository Settings page, add the 
+deploy key from your Docker Hub Automated Build.</td>
     </tr>
   </tbody>
 </table>
      
 ### GitHub Organizations
+=======
+      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub automated build.</td>
+    </tr>
+  </tbody>
+</table>
+
+### GitHub organizations
+>>>>>>> dc8b070aaa6c0aa0a6f920ba1a033027b5700ee0
 
 GitHub organizations will appear once your membership to that organization is
 made public on GitHub. To verify, you can look at the members tab for your

From 21e5eefd8fa89fcbd1fb2eea7df5cdb29cee7c51 Mon Sep 17 00:00:00 2001
From: Hollie Teal <hollie@docker.com>
Date: Tue, 12 Aug 2014 15:30:21 -0700
Subject: [PATCH 440/516] Removed merge conflict artifacts.

Signed-off-by: Hollie Teal <hollie@docker.com>
Upstream-commit: e608312677d26f1f5b4f76852917d4f149ef88c1
Component: engine
---
 .../engine/docs/sources/docker-hub/builds.md  | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/components/engine/docs/sources/docker-hub/builds.md b/components/engine/docs/sources/docker-hub/builds.md
index a3b0d4da6a..e3e2139f0a 100644
--- a/components/engine/docs/sources/docker-hub/builds.md
+++ b/components/engine/docs/sources/docker-hub/builds.md
@@ -63,7 +63,6 @@ public or private GitHub repositories with a `Dockerfile`.
 
 ### GitHub Submodules
 
-<<<<<<< HEAD
 If your GitHub repository contains links to private submodules, you'll
 need to add a deploy key from your Docker Hub repository. 
 
@@ -71,16 +70,6 @@ Your Docker Hub deploy key is located under the "Build Details"
 menu on the Automated Build's main page in the Hub. Add this key
 to your GitHub submodule by visiting the Settings page for the
 repository on GitHub and selecting "Deploy keys".
-=======
-### GitHub Submodules
-
-If your repository contains links to private submodules, you'll need
-to add a deploy key from Docker Hub. 
-
-Your Docker Hub deploy key is located under the "Build Details" menu on 
-the automated build's main page in the Hub. Add this key to your GitHub 
-submodule by visiting the Settings page for the repository on GitHub and 
-selecting "Deploy keys".
 
 <table class="table table-bordered">
   <thead>
@@ -107,14 +96,6 @@ deploy key from your Docker Hub Automated Build.</td>
 </table>
      
 ### GitHub Organizations
-=======
-      <td>In your GitHub submodule's repository Settings page, add the deploy key from your Docker Hub automated build.</td>
-    </tr>
-  </tbody>
-</table>
-
-### GitHub organizations
->>>>>>> dc8b070aaa6c0aa0a6f920ba1a033027b5700ee0
 
 GitHub organizations will appear once your membership to that organization is
 made public on GitHub. To verify, you can look at the members tab for your

From 561c57e7b0964de680dd0ba95f4fd1aabf3897be Mon Sep 17 00:00:00 2001
From: Andy Rothfusz <github@developersupport.net>
Date: Tue, 12 Aug 2014 16:19:10 -0700
Subject: [PATCH 441/516] Updated AUTHORS file

Docker-DCO-1.1-Signed-off-by: Andy Rothfusz <github@developersupport.net> (github: metalivedev)
Upstream-commit: 10ec205b77b117cc63e9dc8fe8aedf400c933dcd
Component: engine
---
 components/engine/AUTHORS | 114 ++++++++++++++++++++++----------------
 1 file changed, 67 insertions(+), 47 deletions(-)

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 993f19b713..43904e9e34 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -11,39 +11,38 @@ Aditya <aditya@netroy.in>
 Adrian Mouat <adrian.mouat@gmail.com>
 Adrien Folie <folie.adrien@gmail.com>
 AJ Bowen <aj@gandi.net>
+Al Tobey <al@ooyala.com>
 alambike <alambike@gmail.com>
 Albert Zhang <zhgwenming@gmail.com>
 Aleksa Sarai <cyphar@cyphar.com>
+Alex Gaynor <alex.gaynor@gmail.com>
+Alex Warhawk <ax.warhawk@gmail.com>
 Alexander Larsson <alexl@redhat.com>
 Alexander Shopov <ash@kambanaria.org>
 Alexandr Morozov <lk4d4math@gmail.com>
 Alexey Kotlyarov <alexey@infoxchange.net.au>
 Alexey Shamrin <shamrin@gmail.com>
-Alex Gaynor <alex.gaynor@gmail.com>
 Alexis THOMAS <fr.alexisthomas@gmail.com>
-Alex Warhawk <ax.warhawk@gmail.com>
 almoehi <almoehi@users.noreply.github.com>
-Al Tobey <al@ooyala.com>
-Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 amangoel <amangoel@gmail.com>
 AnandkumarPatel <anandkumarpatel@gmail.com>
+Andre Dublin <81dublin@gmail.com>
 Andrea Luzzardi <aluzzardi@gmail.com>
+Andrea Turli <andrea.turli@gmail.com>
 Andreas Savvides <andreas@editd.com>
 Andreas Tiefenthaler <at@an-ti.eu>
-Andrea Turli <andrea.turli@gmail.com>
-Andre Dublin <81dublin@gmail.com>
 Andrew Duckworth <grillopress@gmail.com>
 Andrew France <andrew@avito.co.uk>
 Andrew Macgregor <andrew.macgregor@agworld.com.au>
 Andrew Munsell <andrew@wizardapps.net>
-Andrews Medina <andrewsmedina@gmail.com>
 Andrew Weiss <andrew.weiss@outlook.com>
 Andrew Williams <williams.andrew@gmail.com>
+Andrews Medina <andrewsmedina@gmail.com>
 Andy Chambers <anchambers@paypal.com>
 andy diller <dillera@gmail.com>
 Andy Goldstein <agoldste@redhat.com>
 Andy Kipp <andy@rstudio.com>
-Andy Rothfusz <github@metaliveblog.com>
+Andy Rothfusz <github@developersupport.net>
 Andy Smith <github@anarkystic.com>
 Anthony Bishopric <git@anthonybishopric.com>
 Anton Löfgren <anton.lofgren@gmail.com>
@@ -57,11 +56,11 @@ Barry Allard <barry.allard@gmail.com>
 Bartłomiej Piotrowski <b@bpiotrowski.pl>
 bdevloed <boris.de.vloed@gmail.com>
 Ben Firshman <ben@firshman.co.uk>
-Benjamin Atkin <ben@benatkin.com>
-Benoit Chesneau <bchesneau@gmail.com>
 Ben Sargent <ben@brokendigits.com>
 Ben Toews <mastahyeti@gmail.com>
 Ben Wiklund <ben@daisyowl.com>
+Benjamin Atkin <ben@benatkin.com>
+Benoit Chesneau <bchesneau@gmail.com>
 Bernerd Schaefer <bj.schaefer@gmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
 bin liu <liubin0329@users.noreply.github.com>
@@ -81,6 +80,7 @@ Brian Shumate <brian@couchbase.com>
 Brice Jaglin <bjaglin@teads.tv>
 Briehan Lombaard <briehan.lombaard@gmail.com>
 Bruno Bigras <bigras.bruno@gmail.com>
+Bruno Renié <brutasse@gmail.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Matsuo <bryan.matsuo@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
@@ -95,13 +95,15 @@ Charlie Lewis <charliel@lab41.org>
 Chewey <prosto-chewey@users.noreply.github.com>
 Chia-liang Kao <clkao@clkao.org>
 Chris Alfonso <calfonso@redhat.com>
-chrismckinnel <chris.mckinnel@tangentlabs.co.uk>
 Chris Snow <chsnow123@gmail.com>
 Chris St. Pierre <chris.a.st.pierre@gmail.com>
+chrismckinnel <chris.mckinnel@tangentlabs.co.uk>
 Christian Berendt <berendt@b1-systems.de>
+ChristoperBiscardi <biscarch@sketcht.com>
+Christophe Troestler <christophe.Troestler@umons.ac.be>
 Christopher Currie <codemonkey+github@gmail.com>
 Christopher Rigor <crigor@gmail.com>
-Christophe Troestler <christophe.Troestler@umons.ac.be>
+Ciro S. Costa <ciro.costa@usp.br>
 Clayton Coleman <ccoleman@redhat.com>
 Colin Dunklau <colin.dunklau@gmail.com>
 Colin Rice <colin@daedrum.net>
@@ -114,7 +116,11 @@ Daan van Berkel <daan.v.berkel.1980@gmail.com>
 Dafydd Crosby <dtcrsby@gmail.com>
 Dan Buch <d.buch@modcloth.com>
 Dan Hirsch <thequux@upstandinghackers.com>
-Daniel, Dao Quang Minh <dqminh89@gmail.com>
+Dan Keder <dan.keder@gmail.com>
+Dan McPherson <dmcphers@redhat.com>
+Dan Stine <sw@stinemail.com>
+Dan Walsh <dwalsh@redhat.com>
+Dan Williams <me@deedubs.com>
 Daniel Exner <dex@dragonslave.de>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
@@ -124,13 +130,9 @@ Daniel Nordberg <dnordberg@gmail.com>
 Daniel Robinson <gottagetmac@gmail.com>
 Daniel Von Fange <daniel@leancoder.com>
 Daniel YC Lin <dlin.tw@gmail.com>
-Dan Keder <dan.keder@gmail.com>
-Dan McPherson <dmcphers@redhat.com>
+Daniel, Dao Quang Minh <dqminh89@gmail.com>
 Danny Berger <dpb587@gmail.com>
 Danny Yates <danny@codeaholics.org>
-Dan Stine <sw@stinemail.com>
-Dan Walsh <dwalsh@redhat.com>
-Dan Williams <me@deedubs.com>
 Darren Coxall <darren@darrencoxall.com>
 Darren Shepherd <darren.s.shepherd@gmail.com>
 David Anderson <dave@natulte.net>
@@ -150,9 +152,10 @@ Dmitry Demeshchuk <demeshchuk@gmail.com>
 Dolph Mathews <dolph.mathews@gmail.com>
 Dominik Honnef <dominik@honnef.co>
 Don Spaulding <donspauldingii@gmail.com>
+Doug Davis <dug@us.ibm.com>
 doug tangren <d.tangren@gmail.com>
-Dražen Lučanin <kermit666@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
+Dražen Lučanin <kermit666@gmail.com>
 Dustin Sallings <dustin@spy.net>
 Edmund Wagner <edmund-wagner@web.de>
 Eiichi Tsukata <devel@etsukata.com>
@@ -163,15 +166,17 @@ Emily Rose <emily@contactvibe.com>
 Eric Hanchrow <ehanchrow@ine.com>
 Eric Lee <thenorthsecedes@gmail.com>
 Eric Myhre <hash@exultant.us>
+Eric Windisch <eric@windisch.us>
 Eric Windisch <ewindisch@docker.com>
 Erik Hollensbe <github@hollensbe.org>
+Erik Inge Bolsø <knan@redpill-linpro.com>
 Erno Hopearuoho <erno.hopearuoho@gmail.com>
 eugenkrizo <eugen.krizo@gmail.com>
-evanderkoogh <info@erronis.nl>
 Evan Hazlett <ejhazlett@gmail.com>
 Evan Krall <krall@yelp.com>
 Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
+evanderkoogh <info@erronis.nl>
 Eystein Måløy Stenberg <eystein.maloy.stenberg@cfengine.com>
 ezbercih <cem.ezberci@gmail.com>
 Fabio Falci <fabiofalci@gmail.com>
@@ -186,9 +191,9 @@ FLGMwt <ryan.stelly@live.com>
 Francisco Carriedo <fcarriedo@gmail.com>
 Francisco Souza <f@souza.cc>
 Frank Macreery <frank@macreery.com>
+Fred Lifton <fred.lifton@docker.com>
 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
 Frederik Loeffert <frederik@zitrusmedia.de>
-Fred Lifton <fred.lifton@docker.com>
 Freek Kalter <freek@kalteronline.org>
 Gabe Rosenhouse <gabe@missionst.com>
 Gabor Nagy <mail@aigeruth.hu>
@@ -215,6 +220,9 @@ Harley Laue <losinggeneration@gmail.com>
 Hector Castro <hectcastro@gmail.com>
 Henning Sprang <henning.sprang@gmail.com>
 Hobofan <goisser94@gmail.com>
+Hollie Teal <hollie.teal@docker.com>
+Hollie Teal <hollietealok@users.noreply.github.com>
+hollietealok <hollie@docker.com>
 Hunter Blanks <hunter@twilio.com>
 hyeongkyu.lee <hyeongkyu.lee@navercorp.com>
 Ian Babrou <ibobrik@gmail.com>
@@ -228,8 +236,8 @@ Isabel Jimenez <contact.isabeljimenez@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
 Ivan Fraixedes <ifcdev@gmail.com>
 Jack Danger Canty <jackdanger@squareup.com>
-jakedt <jake@devtable.com>
 Jake Moshenko <jake@devtable.com>
+jakedt <jake@devtable.com>
 James Allen <jamesallen0108@gmail.com>
 James Carr <james.r.carr@gmail.com>
 James DeFelice <james.defelice@ishisystems.com>
@@ -238,6 +246,7 @@ James Kyle <james@jameskyle.org>
 James Mills <prologic@shortcircuit.net.au>
 James Turnbull <james@lovedthanlost.net>
 Jan Pazdziora <jpazdziora@redhat.com>
+Jan Toebes <jan@toebes.info>
 Jaroslaw Zabiello <hipertracker@gmail.com>
 jaseg <jaseg@jaseg.net>
 Jason Giedymin <jasong@apache.org>
@@ -248,30 +257,30 @@ Jason Plum <jplum@devonit.com>
 Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>
 Jean-Baptiste Dalido <jeanbaptiste@appgratis.com>
 Jeff Lindsay <progrium@gmail.com>
-Jeffrey Bolle <jeffreybolle@gmail.com>
 Jeff Welch <whatthejeff@gmail.com>
+Jeffrey Bolle <jeffreybolle@gmail.com>
 Jeremy Grosser <jeremy@synack.me>
-Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
 Jesse Dubay <jesse@thefortytwo.net>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
-Jimmy Cuadra <jimmy@jimmycuadra.com>
 Jim Perrin <jperrin@centos.org>
+Jimmy Cuadra <jimmy@jimmycuadra.com>
 Jiří Župka <jzupka@redhat.com>
 Joe Beda <joe.github@bedafamily.com>
-Joel Handwell <joelhandwell@gmail.com>
 Joe Shaw <joe@joeshaw.org>
 Joe Van Dyk <joe@tanga.com>
+Joel Handwell <joelhandwell@gmail.com>
 Joffrey F <joffrey@docker.com>
 Johan Euphrosine <proppy@google.com>
-Johannes 'fish' Ziemke <github@freigeist.org>
 Johan Rydberg <johan.rydberg@gmail.com>
+Johannes 'fish' Ziemke <github@freigeist.org>
 John Costa <john.costa@gmail.com>
 John Feminella <jxf@jxf.me>
 John Gardiner Myers <jgmyers@proofpoint.com>
 John OBrien III <jobrieniii@yahoo.com>
 John Warwick <jwarwick@gmail.com>
+Jon Wedaman <jweede@gmail.com>
 Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan Boulle <jonathanboulle@gmail.com>
 Jonathan Camp <jonathan@irondojo.com>
@@ -279,14 +288,13 @@ Jonathan McCrohan <jmccrohan@gmail.com>
 Jonathan Mueller <j.mueller@apoveda.ch>
 Jonathan Pares <jonathanpa@users.noreply.github.com>
 Jonathan Rudenberg <jonathan@titanous.com>
-Jon Wedaman <jweede@gmail.com>
 Joost Cassee <joost@cassee.net>
 Jordan Arentsen <blissdev@gmail.com>
 Jordan Sissel <jls@semicomplete.com>
 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>
 Joseph Hager <ajhager@gmail.com>
-Josh Hawn <josh.hawn@docker.com>
 Josh <jokajak@gmail.com>
+Josh Hawn <josh.hawn@docker.com>
 Josh Poimboeuf <jpoimboe@redhat.com>
 JP <jpellerin@leapfrogonline.com>
 Julien Barbier <write0@gmail.com>
@@ -295,6 +303,7 @@ Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>
 Justin Plock <jplock@users.noreply.github.com>
 Justin Simonelis <justin.p.simonelis@gmail.com>
+Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>
 Karan Lyons <karan@karanlyons.com>
 Karl Grzeszczak <karlgrz@gmail.com>
 Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
@@ -302,15 +311,15 @@ Kawsar Saiyeed <kawsar.saiyeed@projiris.com>
 Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
 Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
+Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
 Kevin Clark <kevin.clark@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
 Kevin Menard <kevin@nirvdrum.com>
-Kevin "qwazerty" Houdebert <kevin.houdebert@gmail.com>
 Kevin Wallace <kevin@pentabarf.net>
 Keyvan Fatehi <keyvanfatehi@gmail.com>
 kies <lleelm@gmail.com>
-kim0 <email.ahmedkamal@googlemail.com>
 Kim BKC Carlbacker <kim.carlbacker@gmail.com>
+kim0 <email.ahmedkamal@googlemail.com>
 Kimbro Staken <kstaken@kstaken.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
 knappe <tyler.knappe@gmail.com>
@@ -318,6 +327,7 @@ Kohei Tsuruta <coheyxyz@gmail.com>
 Konstantin Pelykh <kpelykh@zettaset.com>
 Kyle Conroy <kyle.j.conroy@gmail.com>
 kyu <leehk1227@gmail.com>
+Lachlan Coote <lcoote@vmware.com>
 lalyos <lalyos@yahoo.com>
 Lance Chen <cyen0312@gmail.com>
 Lars R. Damerow <lars@pixar.com>
@@ -337,10 +347,11 @@ Manuel Meurer <manuel@krautcomputing.com>
 Manuel Woelker <github@manuel.woelker.org>
 Marc Abramowitz <marc@marc-abramowitz.com>
 Marc Kuo <kuomarc2@gmail.com>
+Marc Tamsky <mtamsky@gmail.com>
 Marco Hennings <marco.hennings@freiheit.com>
 Marcus Farkas <toothlessgear@finitebox.com>
-marcuslinke <marcus.linke@gmx.de>
 Marcus Ramberg <marcus@nordaaker.com>
+marcuslinke <marcus.linke@gmx.de>
 Marek Goldmann <marek.goldmann@gmail.com>
 Marius Voila <marius.voila@gmail.com>
 Mark Allen <mrallen1@yahoo.com>
@@ -361,17 +372,17 @@ Matthias Klumpp <matthias@tenstral.net>
 Matthias Kühnle <git.nivoc@neverbox.com>
 mattymo <raytrac3r@gmail.com>
 mattyw <mattyw@me.com>
-Maxime Petazzoni <max@signalfuse.com>
-Maxim Treskin <zerthurd@gmail.com>
 Max Shytikov <mshytikov@gmail.com>
+Maxim Treskin <zerthurd@gmail.com>
+Maxime Petazzoni <max@signalfuse.com>
 meejah <meejah@meejah.ca>
 Michael Brown <michael@netdirect.ca>
 Michael Crosby <michael@docker.com>
 Michael Gorsuch <gorsuch@github.com>
 Michael Neale <michael.neale@gmail.com>
-Michaël Pailloncy <mpapo.dev@gmail.com>
 Michael Prokop <github@michael-prokop.at>
 Michael Stapelberg <michael+gh@stapelberg.de>
+Michaël Pailloncy <mpapo.dev@gmail.com>
 Michiel@unhosted <michiel@unhosted.org>
 Miguel Angel Fernández <elmendalerenda@gmail.com>
 Mike Chelen <michael.chelen@gmail.com>
@@ -399,15 +410,17 @@ Nicolas Kaiser <nikai@nikai.net>
 NikolaMandic <mn080202@gmail.com>
 noducks <onemannoducks@gmail.com>
 Nolan Darilek <nolan@thewordnerd.info>
+O.S. Tezer <ostezer@gmail.com>
 OddBloke <daniel@daniel-watkins.co.uk>
 odk- <github@odkurzacz.org>
 Oguz Bilgic <fisyonet@gmail.com>
 Ole Reifschneider <mail@ole-reifschneider.de>
 Olivier Gambier <dmp42@users.noreply.github.com>
-O.S. Tezer <ostezer@gmail.com>
 pandrew <letters@paulnotcom.se>
 Pascal Borreli <pascal@borreli.com>
+Patrick Hemmer <patrick.hemmer@gmail.com>
 pattichen <craftsbear@gmail.com>
+Paul <paul9869@gmail.com>
 Paul Annesley <paul@annesley.cc>
 Paul Bowsher <pbowsher@globalpersonals.co.uk>
 Paul Hammond <paul@paulhammond.org>
@@ -415,13 +428,13 @@ Paul Jimenez <pj@place.org>
 Paul Lietar <paul@lietar.net>
 Paul Morie <pmorie@gmail.com>
 Paul Nasrat <pnasrat@gmail.com>
-Paul <paul9869@gmail.com>
 Paul Weaver <pauweave@cisco.com>
+Peter Bourgon <peter@bourgon.org>
 Peter Braden <peterbraden@peterbraden.co.uk>
 Peter Waller <p@pwaller.net>
-Phillip Alexander <git@phillipalexander.io>
-Phil Spitler <pspitler@gmail.com>
 Phil <underscorephil@gmail.com>
+Phil Spitler <pspitler@gmail.com>
+Phillip Alexander <git@phillipalexander.io>
 Piergiuliano Bossi <pgbossi@gmail.com>
 Pierre-Alain RIVIERE <pariviere@ippon.fr>
 Piotr Bogdan <ppbogdan@gmail.com>
@@ -430,6 +443,7 @@ Quentin Brossard <qbrossard@gmail.com>
 r0n22 <cameron.regan@gmail.com>
 Rafal Jeczalik <rjeczalik@gmail.com>
 Rajat Pandit <rp@rajatpandit.com>
+Rajdeep Dua <dua_rajdeep@yahoo.com>
 Ralph Bean <rbean@redhat.com>
 Ramkumar Ramachandra <artagnon@gmail.com>
 Ramon van Alteren <ramon@vanalteren.nl>
@@ -460,20 +474,21 @@ Ryan Fowler <rwfowler@gmail.com>
 Ryan O'Donnell <odonnellryanc@gmail.com>
 Ryan Seto <ryanseto@yak.net>
 Ryan Thomas <rthomas@atlassian.com>
+s-ko <aleks@s-ko.net>
 Sam Alba <sam.alba@gmail.com>
 Sam Bailey <cyprix@cyprix.com.au>
 Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>
 Sam Reis <sreis@atlassian.com>
 Sam Rijs <srijs@airpost.net>
 Samuel Andaya <samuel@andaya.net>
+satoru <satorulogic@gmail.com>
+Satoshi Amemiya <satoshi_amemiya@voyagegroup.com>
 Scott Bessler <scottbessler@gmail.com>
 Scott Collier <emailscottcollier@gmail.com>
 Sean Cronin <seancron@gmail.com>
 Sean P. Kane <skane@newrelic.com>
+Sebastiaan van Stijn <github@gone.nl>
 Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
-Sébastien Luttringer <seblu@seblu.net>
-Sébastien <sebastien@yoozio.com>
-Sébastien Stormacq <sebsto@users.noreply.github.com>
 Senthil Kumar Selvaraj <senthil.thecoder@gmail.com>
 SeongJae Park <sj38.park@gmail.com>
 Shane Canon <scanon@lbl.gov>
@@ -485,7 +500,6 @@ Silas Sewell <silas@sewell.org>
 Simon Taranto <simon.taranto@gmail.com>
 Sindhu S <sindhus@live.in>
 Sjoerd Langkemper <sjoerd-github@linuxonly.nl>
-s-ko <aleks@s-ko.net>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
 Soulou <leo@unbekandt.eu>
@@ -494,10 +508,14 @@ Sridatta Thatipamala <sthatipamala@gmail.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Praszalowicz <stefan@greplin.com>
+Stephen Crosby <stevecrozz@gmail.com>
 Steven Burgess <steven.a.burgess@hotmail.com>
 sudosurootdev <sudosurootdev@gmail.com>
-Sven Dowideit <SvenDowideit@home.org.au>
+Sven Dowideit <svendowideit@home.org.au>
 Sylvain Bellemare <sylvain.bellemare@ezeep.com>
+Sébastien <sebastien@yoozio.com>
+Sébastien Luttringer <seblu@seblu.net>
+Sébastien Stormacq <sebsto@users.noreply.github.com>
 tang0th <tang0th@gmx.com>
 Tatsuki Sugiura <sugi@nemui.org>
 Tehmasp Chaudhri <tehmasp@gmail.com>
@@ -512,10 +530,10 @@ Thomas Schroeter <thomas@cliqz.com>
 Tianon Gravi <admwiggin@gmail.com>
 Tibor Vass <teabee89@gmail.com>
 Tim Bosse <taim@bosboot.org>
-Timothy Hobbs <timothyhobbs@seznam.cz>
 Tim Ruffles <oi@truffles.me.uk>
 Tim Ruffles <timruffles@googlemail.com>
 Tim Terhorst <mynamewastaken+git@gmail.com>
+Timothy Hobbs <timothyhobbs@seznam.cz>
 tjmehta <tj@init.me>
 Tobias Bieniek <Tobias.Bieniek@gmx.de>
 Tobias Gesellchen <tobias@gesellix.de>
@@ -557,12 +575,13 @@ Walter Stanish <walter@pratyeka.org>
 WarheadsSE <max@warheads.net>
 Wes Morgan <cap10morgan@gmail.com>
 Will Dietz <w@wdtz.org>
+Will Rouesnel <w.rouesnel@gmail.com>
+Will Weaver <monkey@buildingbananas.com>
 William Delanoue <william.delanoue@gmail.com>
 William Henry <whenry@redhat.com>
 William Riancho <wr.wllm@gmail.com>
 William Thurston <thurstw@amazon.com>
-Will Rouesnel <w.rouesnel@gmail.com>
-Will Weaver <monkey@buildingbananas.com>
+wyc <wayne@neverfear.org>
 Xiuming Chen <cc@cxm.cc>
 Yang Bai <hamo.by@gmail.com>
 Yasunori Mahata <nori@mahata.net>
@@ -575,3 +594,4 @@ Zilin Du <zilin.du@gmail.com>
 zimbatm <zimbatm@zimbatm.com>
 Zoltan Tombol <zoltan.tombol@gmail.com>
 zqh <zqhxuyuan@gmail.com>
+Álvaro Lázaro <alvaro.lazaro.g@gmail.com>

From a11716ca83a093968b903432652a6b9814ae0cc0 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Tue, 12 Aug 2014 23:37:33 +0000
Subject: [PATCH 442/516] fix #7374 leftover

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: bcfd6a653b5038679246b023d83476be073d4c91
Component: engine
---
 components/engine/daemon/delete.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
index fdd62924d9..eae0c7bded 100644
--- a/components/engine/daemon/delete.go
+++ b/components/engine/daemon/delete.go
@@ -58,7 +58,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 					return job.Errorf("Could not kill running container, cannot remove - %v", err)
 				}
 			} else {
-				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -s or -k")
+				return job.Errorf("You cannot remove a running container. Stop the container before attempting removal or use -f")
 			}
 		}
 		if err := daemon.Destroy(container); err != nil {

From 01c8dcaf200da7a0b3174c3e9ab058510a1e6915 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Tue, 29 Jul 2014 07:14:10 +0000
Subject: [PATCH 443/516] fix goroutines leak and exit code

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: b06311a72e7979653f09ba8175e10733e7116985
Component: engine
---
 components/engine/daemon/container.go         | 11 ++-----
 .../engine/daemon/execdriver/native/init.go   |  1 +
 components/engine/daemon/state.go             | 30 ++++++++-----------
 3 files changed, 17 insertions(+), 25 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 68ab5ae281..8f0b0480aa 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -1111,6 +1111,7 @@ func (container *Container) startLoggingToDisk() error {
 }
 
 func (container *Container) waitForStart() error {
+	waitStart := make(chan struct{})
 	callback := func(command *execdriver.Command) {
 		if command.Tty {
 			// The callback is called after the process Start()
@@ -1121,22 +1122,16 @@ func (container *Container) waitForStart() error {
 			}
 		}
 		container.State.SetRunning(command.Pid())
-		if err := container.ToDisk(); err != nil {
+		if err := container.toDisk(); err != nil {
 			utils.Debugf("%s", err)
 		}
+		close(waitStart)
 	}
 
 	// We use a callback here instead of a goroutine and an chan for
 	// syncronization purposes
 	cErr := utils.Go(func() error { return container.monitor(callback) })
 
-	waitStart := make(chan struct{})
-
-	go func() {
-		container.State.WaitRunning(-1 * time.Second)
-		close(waitStart)
-	}()
-
 	// Start should not return until the process is actually running
 	select {
 	case <-waitStart:
diff --git a/components/engine/daemon/execdriver/native/init.go b/components/engine/daemon/execdriver/native/init.go
index 5661454162..75b8aebfd9 100644
--- a/components/engine/daemon/execdriver/native/init.go
+++ b/components/engine/daemon/execdriver/native/init.go
@@ -62,4 +62,5 @@ func initializer() {
 
 func writeError(err error) {
 	fmt.Sprint(os.Stderr, err)
+	os.Exit(1)
 }
diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index e500d735e3..9baa396843 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -114,28 +114,24 @@ func (s *State) GetExitCode() int {
 
 func (s *State) SetRunning(pid int) {
 	s.Lock()
-	if !s.Running {
-		s.Running = true
-		s.Paused = false
-		s.ExitCode = 0
-		s.Pid = pid
-		s.StartedAt = time.Now().UTC()
-		close(s.waitChan) // fire waiters for start
-		s.waitChan = make(chan struct{})
-	}
+	s.Running = true
+	s.Paused = false
+	s.ExitCode = 0
+	s.Pid = pid
+	s.StartedAt = time.Now().UTC()
+	close(s.waitChan) // fire waiters for start
+	s.waitChan = make(chan struct{})
 	s.Unlock()
 }
 
 func (s *State) SetStopped(exitCode int) {
 	s.Lock()
-	if s.Running {
-		s.Running = false
-		s.Pid = 0
-		s.FinishedAt = time.Now().UTC()
-		s.ExitCode = exitCode
-		close(s.waitChan) // fire waiters for stop
-		s.waitChan = make(chan struct{})
-	}
+	s.Running = false
+	s.Pid = 0
+	s.FinishedAt = time.Now().UTC()
+	s.ExitCode = exitCode
+	close(s.waitChan) // fire waiters for stop
+	s.waitChan = make(chan struct{})
 	s.Unlock()
 }
 

From 3ab02734f3b2fa894847775da14c893de1f6cbbb Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 8 Aug 2014 08:00:16 +0000
Subject: [PATCH 444/516] Move "build" to daemon/build.go

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 491deae9b8866b5b0774bbc92ee82f7cd7b565eb
Component: engine
---
 .../{builder/builder.go => daemon/build.go}   |  96 +++++++++++++++--
 components/engine/daemon/daemon.go            |   1 +
 components/engine/server/image.go             | 100 ------------------
 components/engine/server/init.go              |   4 +-
 4 files changed, 90 insertions(+), 111 deletions(-)
 rename components/engine/{builder/builder.go => daemon/build.go} (89%)
 delete mode 100644 components/engine/server/image.go

diff --git a/components/engine/builder/builder.go b/components/engine/daemon/build.go
similarity index 89%
rename from components/engine/builder/builder.go
rename to components/engine/daemon/build.go
index 45f964daf6..61fe248ae5 100644
--- a/components/engine/builder/builder.go
+++ b/components/engine/daemon/build.go
@@ -1,4 +1,4 @@
-package builder
+package daemon
 
 import (
 	"crypto/sha256"
@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"reflect"
@@ -20,7 +21,6 @@ import (
 	"time"
 
 	"github.com/docker/docker/archive"
-	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/pkg/parsers"
@@ -32,6 +32,86 @@ import (
 	"github.com/docker/docker/utils"
 )
 
+func (daemon *Daemon) CmdBuild(job *engine.Job) engine.Status {
+	if len(job.Args) != 0 {
+		return job.Errorf("Usage: %s\n", job.Name)
+	}
+	var (
+		remoteURL      = job.Getenv("remote")
+		repoName       = job.Getenv("t")
+		suppressOutput = job.GetenvBool("q")
+		noCache        = job.GetenvBool("nocache")
+		rm             = job.GetenvBool("rm")
+		forceRm        = job.GetenvBool("forcerm")
+		authConfig     = &registry.AuthConfig{}
+		configFile     = &registry.ConfigFile{}
+		tag            string
+		context        io.ReadCloser
+	)
+	job.GetenvJson("authConfig", authConfig)
+	job.GetenvJson("configFile", configFile)
+	repoName, tag = parsers.ParseRepositoryTag(repoName)
+
+	if remoteURL == "" {
+		context = ioutil.NopCloser(job.Stdin)
+	} else if utils.IsGIT(remoteURL) {
+		if !strings.HasPrefix(remoteURL, "git://") {
+			remoteURL = "https://" + remoteURL
+		}
+		root, err := ioutil.TempDir("", "docker-build-git")
+		if err != nil {
+			return job.Error(err)
+		}
+		defer os.RemoveAll(root)
+
+		if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
+			return job.Errorf("Error trying to use git: %s (%s)", err, output)
+		}
+
+		c, err := archive.Tar(root, archive.Uncompressed)
+		if err != nil {
+			return job.Error(err)
+		}
+		context = c
+	} else if utils.IsURL(remoteURL) {
+		f, err := utils.Download(remoteURL)
+		if err != nil {
+			return job.Error(err)
+		}
+		defer f.Body.Close()
+		dockerFile, err := ioutil.ReadAll(f.Body)
+		if err != nil {
+			return job.Error(err)
+		}
+		c, err := archive.Generate("Dockerfile", string(dockerFile))
+		if err != nil {
+			return job.Error(err)
+		}
+		context = c
+	}
+	defer context.Close()
+
+	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
+	b := NewBuildFile(daemon, daemon.eng,
+		&utils.StdoutFormater{
+			Writer:          job.Stdout,
+			StreamFormatter: sf,
+		},
+		&utils.StderrFormater{
+			Writer:          job.Stdout,
+			StreamFormatter: sf,
+		},
+		!suppressOutput, !noCache, rm, forceRm, job.Stdout, sf, authConfig, configFile)
+	id, err := b.Build(context)
+	if err != nil {
+		return job.Error(err)
+	}
+	if repoName != "" {
+		daemon.Repositories().Set(repoName, tag, id, false)
+	}
+	return engine.StatusOK
+}
+
 var (
 	ErrDockerfileEmpty = errors.New("Dockerfile cannot be empty")
 )
@@ -43,7 +123,7 @@ type BuildFile interface {
 }
 
 type buildFile struct {
-	daemon *daemon.Daemon
+	daemon *Daemon
 	eng    *engine.Engine
 
 	image      string
@@ -124,7 +204,7 @@ func (b *buildFile) CmdFrom(name string) error {
 		b.config = image.Config
 	}
 	if b.config.Env == nil || len(b.config.Env) == 0 {
-		b.config.Env = append(b.config.Env, "PATH="+daemon.DefaultPathEnv)
+		b.config.Env = append(b.config.Env, "PATH="+DefaultPathEnv)
 	}
 	// Process ONBUILD triggers if they exist
 	if nTriggers := len(b.config.OnBuild); nTriggers != 0 {
@@ -416,7 +496,7 @@ func (b *buildFile) checkPathForAddition(orig string) error {
 	return nil
 }
 
-func (b *buildFile) addContext(container *daemon.Container, orig, dest string, decompress bool) error {
+func (b *buildFile) addContext(container *Container, orig, dest string, decompress bool) error {
 	var (
 		err        error
 		destExists = true
@@ -668,7 +748,7 @@ func (b *buildFile) CmdAdd(args string) error {
 	return b.runContextCommand(args, true, true, "ADD")
 }
 
-func (b *buildFile) create() (*daemon.Container, error) {
+func (b *buildFile) create() (*Container, error) {
 	if b.image == "" {
 		return nil, fmt.Errorf("Please provide a source image with `from` prior to run")
 	}
@@ -689,7 +769,7 @@ func (b *buildFile) create() (*daemon.Container, error) {
 	return c, nil
 }
 
-func (b *buildFile) run(c *daemon.Container) error {
+func (b *buildFile) run(c *Container) error {
 	var errCh chan error
 	if b.verbose {
 		errCh = utils.Go(func() error {
@@ -906,7 +986,7 @@ func fixPermissions(destination string, uid, gid int) error {
 	})
 }
 
-func NewBuildFile(d *daemon.Daemon, eng *engine.Engine, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, forceRm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
+func NewBuildFile(d *Daemon, eng *engine.Engine, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, forceRm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
 	return &buildFile{
 		daemon:        d,
 		eng:           eng,
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 2409b1dc13..5e2870f392 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -109,6 +109,7 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 	// FIXME: remove ImageDelete's dependency on Daemon, then move to graph/
 	for name, method := range map[string]engine.Handler{
 		"attach":            daemon.ContainerAttach,
+		"build":             daemon.CmdBuild,
 		"commit":            daemon.ContainerCommit,
 		"container_changes": daemon.ContainerChanges,
 		"container_copy":    daemon.ContainerCopy,
diff --git a/components/engine/server/image.go b/components/engine/server/image.go
deleted file mode 100644
index d508cb62f6..0000000000
--- a/components/engine/server/image.go
+++ /dev/null
@@ -1,100 +0,0 @@
-// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
-//
-// For additional commments see server/server.go
-//
-package server
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"strings"
-
-	"github.com/docker/docker/archive"
-	"github.com/docker/docker/builder"
-	"github.com/docker/docker/engine"
-	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/registry"
-	"github.com/docker/docker/utils"
-)
-
-func (srv *Server) Build(job *engine.Job) engine.Status {
-	if len(job.Args) != 0 {
-		return job.Errorf("Usage: %s\n", job.Name)
-	}
-	var (
-		remoteURL      = job.Getenv("remote")
-		repoName       = job.Getenv("t")
-		suppressOutput = job.GetenvBool("q")
-		noCache        = job.GetenvBool("nocache")
-		rm             = job.GetenvBool("rm")
-		forceRm        = job.GetenvBool("forcerm")
-		authConfig     = &registry.AuthConfig{}
-		configFile     = &registry.ConfigFile{}
-		tag            string
-		context        io.ReadCloser
-	)
-	job.GetenvJson("authConfig", authConfig)
-	job.GetenvJson("configFile", configFile)
-	repoName, tag = parsers.ParseRepositoryTag(repoName)
-
-	if remoteURL == "" {
-		context = ioutil.NopCloser(job.Stdin)
-	} else if utils.IsGIT(remoteURL) {
-		if !strings.HasPrefix(remoteURL, "git://") {
-			remoteURL = "https://" + remoteURL
-		}
-		root, err := ioutil.TempDir("", "docker-build-git")
-		if err != nil {
-			return job.Error(err)
-		}
-		defer os.RemoveAll(root)
-
-		if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
-			return job.Errorf("Error trying to use git: %s (%s)", err, output)
-		}
-
-		c, err := archive.Tar(root, archive.Uncompressed)
-		if err != nil {
-			return job.Error(err)
-		}
-		context = c
-	} else if utils.IsURL(remoteURL) {
-		f, err := utils.Download(remoteURL)
-		if err != nil {
-			return job.Error(err)
-		}
-		defer f.Body.Close()
-		dockerFile, err := ioutil.ReadAll(f.Body)
-		if err != nil {
-			return job.Error(err)
-		}
-		c, err := archive.Generate("Dockerfile", string(dockerFile))
-		if err != nil {
-			return job.Error(err)
-		}
-		context = c
-	}
-	defer context.Close()
-
-	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
-	b := builder.NewBuildFile(srv.daemon, srv.Eng,
-		&utils.StdoutFormater{
-			Writer:          job.Stdout,
-			StreamFormatter: sf,
-		},
-		&utils.StderrFormater{
-			Writer:          job.Stdout,
-			StreamFormatter: sf,
-		},
-		!suppressOutput, !noCache, rm, forceRm, job.Stdout, sf, authConfig, configFile)
-	id, err := b.Build(context)
-	if err != nil {
-		return job.Error(err)
-	}
-	if repoName != "" {
-		srv.daemon.Repositories().Set(repoName, tag, id, false)
-	}
-	return engine.StatusOK
-}
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
index 15eeb1cf15..14320678b5 100644
--- a/components/engine/server/init.go
+++ b/components/engine/server/init.go
@@ -31,9 +31,7 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
 	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
 
-	for name, handler := range map[string]engine.Handler{
-		"build": srv.Build,
-	} {
+	for name, handler := range map[string]engine.Handler{} {
 		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
 			return job.Error(err)
 		}

From ca40497b63241ef31d342d303855ec1e6e017486 Mon Sep 17 00:00:00 2001
From: Michael Thies <michaelthies78@gmail.com>
Date: Tue, 12 Aug 2014 23:30:04 -0500
Subject: [PATCH 445/516] Update postgresql_service.md

fix typo
Upstream-commit: 99423e7e1ef7d833e333389b15a372179734c03f
Component: engine
---
 components/engine/docs/sources/examples/postgresql_service.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/examples/postgresql_service.md b/components/engine/docs/sources/examples/postgresql_service.md
index edcd63bbbc..ffd122ed58 100644
--- a/components/engine/docs/sources/examples/postgresql_service.md
+++ b/components/engine/docs/sources/examples/postgresql_service.md
@@ -84,7 +84,7 @@ Containers*](/userguide/dockerlinks), or we can access it from our host
 
 > **Note**: 
 > The `--rm` removes the container and its image when
-> the container exists successfully.
+> the container exits successfully.
 
 ### Using container linking
 

From b0523c12b84eff998a3816d65e51e979975ab300 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Wed, 13 Aug 2014 10:41:24 +0400
Subject: [PATCH 446/516] bump Go to 1.3.1

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: c6595b3ee83d5cf8348739949e74720e62f7dd50
Component: engine
---
 components/engine/.travis.yml | 2 +-
 components/engine/Dockerfile  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/.travis.yml b/components/engine/.travis.yml
index e7d18f1c6d..55fa9044c9 100644
--- a/components/engine/.travis.yml
+++ b/components/engine/.travis.yml
@@ -5,7 +5,7 @@ language: go
 
 go:
 # This should match the version in the Dockerfile.
-  - 1.3
+  - 1.3.1
 # Test against older versions too, just for a little extra retrocompat.
   - 1.2
 
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
index 94fb47df58..8f47b0de75 100644
--- a/components/engine/Dockerfile
+++ b/components/engine/Dockerfile
@@ -59,7 +59,7 @@ RUN	cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # Install Go
-RUN	curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
+RUN	curl -sSL https://golang.org/dl/go1.3.1.src.tar.gz | tar -v -C /usr/local -xz
 ENV	PATH	/usr/local/go/bin:$PATH
 ENV	GOPATH	/go:/go/src/github.com/docker/docker/vendor
 ENV PATH /go/bin:$PATH

From d27f6d0c6d6f31377a4bc1af60e1bb8a756695f4 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 8 Aug 2014 09:12:39 +0000
Subject: [PATCH 447/516] Remove deprecated server/ package

Victory!

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 63503cafe4addb7d275244fbcce0e10d67225cc9
Component: engine
---
 components/engine/api/server/server.go        |  2 +-
 components/engine/builtins/builtins.go        |  4 --
 components/engine/daemon/daemon.go            |  6 ++
 components/engine/daemonconfig/config.go      | 41 ------------
 components/engine/docker/daemon.go            | 56 ++++++++++-------
 components/engine/integration/runtime_test.go |  2 +-
 components/engine/integration/server_test.go  | 11 ++--
 components/engine/integration/utils_test.go   | 37 +++++------
 components/engine/server/MAINTAINERS          |  3 -
 components/engine/server/init.go              | 62 -------------------
 components/engine/server/server.go            | 36 -----------
 11 files changed, 63 insertions(+), 197 deletions(-)
 delete mode 100644 components/engine/server/MAINTAINERS
 delete mode 100644 components/engine/server/init.go
 delete mode 100644 components/engine/server/server.go

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index df72786b10..ae73660b6b 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -1194,7 +1194,7 @@ func ServeFd(addr string, handle http.Handler) error {
 	chErrors := make(chan error, len(ls))
 
 	// We don't want to start serving on these sockets until the
-	// "initserver" job has completed. Otherwise required handlers
+	// daemon is initialized and installed. Otherwise required handlers
 	// won't be ready.
 	<-activationLock
 
diff --git a/components/engine/builtins/builtins.go b/components/engine/builtins/builtins.go
index ea1e7c6b84..0aa2f43c16 100644
--- a/components/engine/builtins/builtins.go
+++ b/components/engine/builtins/builtins.go
@@ -11,7 +11,6 @@ import (
 	"github.com/docker/docker/events"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/server"
 )
 
 func Register(eng *engine.Engine) error {
@@ -54,9 +53,6 @@ func remote(eng *engine.Engine) error {
 // These components should be broken off into plugins of their own.
 //
 func daemon(eng *engine.Engine) error {
-	if err := eng.Register("initserver", server.InitServer); err != nil {
-		return err
-	}
 	return eng.Register("init_networkdriver", bridge.InitDriver)
 }
 
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 5e2870f392..d65bad8b82 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -135,6 +135,12 @@ func (daemon *Daemon) Install(eng *engine.Engine) error {
 			return err
 		}
 	}
+	if err := daemon.Repositories().Install(eng); err != nil {
+		return err
+	}
+	// FIXME: this hack is necessary for legacy integration tests to access
+	// the daemon object.
+	eng.Hack_SetGlobalVar("httpapi.daemon", daemon)
 	return nil
 }
 
diff --git a/components/engine/daemonconfig/config.go b/components/engine/daemonconfig/config.go
index c46f1853ba..13c2a5db5c 100644
--- a/components/engine/daemonconfig/config.go
+++ b/components/engine/daemonconfig/config.go
@@ -2,7 +2,6 @@ package daemonconfig
 
 import (
 	"github.com/docker/docker/daemon/networkdriver"
-	"github.com/docker/docker/engine"
 	"net"
 )
 
@@ -34,46 +33,6 @@ type Config struct {
 	Sockets                     []string
 }
 
-// ConfigFromJob creates and returns a new DaemonConfig object
-// by parsing the contents of a job's environment.
-func ConfigFromJob(job *engine.Job) *Config {
-	config := &Config{
-		Pidfile:                     job.Getenv("Pidfile"),
-		Root:                        job.Getenv("Root"),
-		AutoRestart:                 job.GetenvBool("AutoRestart"),
-		EnableIptables:              job.GetenvBool("EnableIptables"),
-		EnableIpForward:             job.GetenvBool("EnableIpForward"),
-		BridgeIP:                    job.Getenv("BridgeIP"),
-		BridgeIface:                 job.Getenv("BridgeIface"),
-		DefaultIp:                   net.ParseIP(job.Getenv("DefaultIp")),
-		InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
-		GraphDriver:                 job.Getenv("GraphDriver"),
-		ExecDriver:                  job.Getenv("ExecDriver"),
-		EnableSelinuxSupport:        job.GetenvBool("EnableSelinuxSupport"),
-	}
-	if graphOpts := job.GetenvList("GraphOptions"); graphOpts != nil {
-		config.GraphOptions = graphOpts
-	}
-
-	if dns := job.GetenvList("Dns"); dns != nil {
-		config.Dns = dns
-	}
-	if dnsSearch := job.GetenvList("DnsSearch"); dnsSearch != nil {
-		config.DnsSearch = dnsSearch
-	}
-	if mtu := job.GetenvInt("Mtu"); mtu != 0 {
-		config.Mtu = mtu
-	} else {
-		config.Mtu = GetDefaultNetworkMtu()
-	}
-	config.DisableNetwork = config.BridgeIface == DisableNetworkBridge
-	if sockets := job.GetenvList("Sockets"); sockets != nil {
-		config.Sockets = sockets
-	}
-
-	return config
-}
-
 func GetDefaultNetworkMtu() int {
 	if iface, err := networkdriver.GetDefaultRouteIface(); err == nil {
 		return iface.MTU
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index e886f99a1b..6a4d767733 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -7,8 +7,10 @@ import (
 	"net"
 
 	"github.com/docker/docker/builtins"
+	"github.com/docker/docker/daemon"
 	_ "github.com/docker/docker/daemon/execdriver/lxc"
 	_ "github.com/docker/docker/daemon/execdriver/native"
+	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
 	flag "github.com/docker/docker/pkg/mflag"
@@ -46,27 +48,38 @@ func mainDaemon() {
 	// the http api so that connections don't fail while the daemon
 	// is booting
 	go func() {
-		// Load plugin: httpapi
-		job := eng.Job("initserver")
-		// include the variable here too, for the server config
-		job.Setenv("Pidfile", *pidfile)
-		job.Setenv("Root", *flRoot)
-		job.SetenvBool("AutoRestart", *flAutoRestart)
-		job.SetenvList("Dns", flDns.GetAll())
-		job.SetenvList("DnsSearch", flDnsSearch.GetAll())
-		job.SetenvBool("EnableIptables", *flEnableIptables)
-		job.SetenvBool("EnableIpForward", *flEnableIpForward)
-		job.Setenv("BridgeIface", *bridgeName)
-		job.Setenv("BridgeIP", *bridgeIp)
-		job.Setenv("DefaultIp", *flDefaultIp)
-		job.SetenvBool("InterContainerCommunication", *flInterContainerComm)
-		job.Setenv("GraphDriver", *flGraphDriver)
-		job.SetenvList("GraphOptions", flGraphOpts.GetAll())
-		job.Setenv("ExecDriver", *flExecDriver)
-		job.SetenvInt("Mtu", *flMtu)
-		job.SetenvBool("EnableSelinuxSupport", *flSelinuxEnabled)
-		job.SetenvList("Sockets", flHosts.GetAll())
-		if err := job.Run(); err != nil {
+		// FIXME: daemonconfig and CLI flag parsing should be directly integrated
+		cfg := &daemonconfig.Config{
+			Pidfile:                     *pidfile,
+			Root:                        *flRoot,
+			AutoRestart:                 *flAutoRestart,
+			EnableIptables:              *flEnableIptables,
+			EnableIpForward:             *flEnableIpForward,
+			BridgeIP:                    *bridgeIp,
+			BridgeIface:                 *bridgeName,
+			DefaultIp:                   net.ParseIP(*flDefaultIp),
+			InterContainerCommunication: *flInterContainerComm,
+			GraphDriver:                 *flGraphDriver,
+			ExecDriver:                  *flExecDriver,
+			EnableSelinuxSupport:        *flSelinuxEnabled,
+			GraphOptions:                flGraphOpts.GetAll(),
+			Dns:                         flDns.GetAll(),
+			DnsSearch:                   flDnsSearch.GetAll(),
+			Mtu:                         *flMtu,
+			Sockets:                     flHosts.GetAll(),
+		}
+		// FIXME this should be initialized in NewDaemon or somewhere in daemonconfig.
+		// Currently it is copy-pasted in `integration` to create test daemons that work.
+		if cfg.Mtu == 0 {
+			cfg.Mtu = daemonconfig.GetDefaultNetworkMtu()
+		}
+		cfg.DisableNetwork = cfg.BridgeIface == daemonconfig.DisableNetworkBridge
+
+		d, err := daemon.NewDaemon(cfg, eng)
+		if err != nil {
+			log.Fatal(err)
+		}
+		if err := d.Install(eng); err != nil {
 			log.Fatal(err)
 		}
 		// after the daemon is done setting up we can tell the api to start
@@ -75,7 +88,6 @@ func mainDaemon() {
 			log.Fatal(err)
 		}
 	}()
-
 	// TODO actually have a resolved graphdriver to show?
 	log.Printf("docker daemon: %s %s; execdriver: %s; graphdriver: %s",
 		dockerversion.VERSION,
diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 5148af01ba..52839253d1 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -202,7 +202,7 @@ func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
 	if err != nil {
 		t.Fatal(err)
 	}
-	// FIXME: here we don't use NewTestEngine because it calls initserver with Autorestart=false,
+	// FIXME: here we don't use NewTestEngine because it configures the daemon with Autorestart=false,
 	// and we want to set it to true.
 
 	eng := newTestEngine(t, true, root)
diff --git a/components/engine/integration/server_test.go b/components/engine/integration/server_test.go
index 241ca76bfe..363236fd68 100644
--- a/components/engine/integration/server_test.go
+++ b/components/engine/integration/server_test.go
@@ -100,7 +100,6 @@ func TestMergeConfigOnCommit(t *testing.T) {
 
 func TestRestartKillWait(t *testing.T) {
 	eng := NewTestEngine(t)
-	srv := mkServerFromEngine(eng, t)
 	runtime := mkDaemonFromEngine(eng, t)
 	defer runtime.Nuke()
 
@@ -138,9 +137,8 @@ func TestRestartKillWait(t *testing.T) {
 	}
 
 	eng = newTestEngine(t, false, runtime.Config().Root)
-	srv = mkServerFromEngine(eng, t)
 
-	job = srv.Eng.Job("containers")
+	job = eng.Job("containers")
 	job.SetenvBool("all", true)
 	outs, err = job.Stdout.AddListTable()
 	if err != nil {
@@ -155,7 +153,7 @@ func TestRestartKillWait(t *testing.T) {
 	}
 
 	setTimeout(t, "Waiting on stopped container timedout", 5*time.Second, func() {
-		job = srv.Eng.Job("wait", outs.Data[0].Get("Id"))
+		job = eng.Job("wait", outs.Data[0].Get("Id"))
 		if err := job.Run(); err != nil {
 			t.Fatal(err)
 		}
@@ -164,7 +162,6 @@ func TestRestartKillWait(t *testing.T) {
 
 func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 	eng := NewTestEngine(t)
-	srv := mkServerFromEngine(eng, t)
 	defer mkDaemonFromEngine(eng, t).Nuke()
 
 	config, hostConfig, _, err := runconfig.Parse([]string{"-i", unitTestImageID, "/bin/cat"}, nil)
@@ -174,7 +171,7 @@ func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 
 	id := createTestContainer(eng, config, t)
 
-	job := srv.Eng.Job("containers")
+	job := eng.Job("containers")
 	job.SetenvBool("all", true)
 	outs, err := job.Stdout.AddListTable()
 	if err != nil {
@@ -227,7 +224,7 @@ func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	job = srv.Eng.Job("containers")
+	job = eng.Job("containers")
 	job.SetenvBool("all", true)
 	outs, err = job.Stdout.AddListTable()
 	if err != nil {
diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go
index e44bda85a5..29741465a8 100644
--- a/components/engine/integration/utils_test.go
+++ b/components/engine/integration/utils_test.go
@@ -17,9 +17,9 @@ import (
 
 	"github.com/docker/docker/builtins"
 	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/server"
 	"github.com/docker/docker/utils"
 )
 
@@ -153,18 +153,6 @@ func getContainer(eng *engine.Engine, id string, t utils.Fataler) *daemon.Contai
 	return c
 }
 
-func mkServerFromEngine(eng *engine.Engine, t utils.Fataler) *server.Server {
-	iSrv := eng.Hack_GetGlobalVar("httpapi.server")
-	if iSrv == nil {
-		panic("Legacy server field not set in engine")
-	}
-	srv, ok := iSrv.(*server.Server)
-	if !ok {
-		panic("Legacy server field in engine does not cast to *server.Server")
-	}
-	return srv
-}
-
 func mkDaemonFromEngine(eng *engine.Engine, t utils.Fataler) *daemon.Daemon {
 	iDaemon := eng.Hack_GetGlobalVar("httpapi.daemon")
 	if iDaemon == nil {
@@ -191,13 +179,22 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin
 	// Load default plugins
 	builtins.Register(eng)
 	// (This is manually copied and modified from main() until we have a more generic plugin system)
-	job := eng.Job("initserver")
-	job.Setenv("Root", root)
-	job.SetenvBool("AutoRestart", autorestart)
-	job.Setenv("ExecDriver", "native")
-	// TestGetEnabledCors and TestOptionsRoute require EnableCors=true
-	job.SetenvBool("EnableCors", true)
-	if err := job.Run(); err != nil {
+	cfg := &daemonconfig.Config{
+		Root:        root,
+		AutoRestart: autorestart,
+		ExecDriver:  "native",
+	}
+	// FIXME: this should be initialized in NewDaemon or somewhere in daemonconfig.
+	// Currently it is copy-pasted from daemonMain()
+	if cfg.Mtu == 0 {
+		cfg.Mtu = daemonconfig.GetDefaultNetworkMtu()
+	}
+	cfg.DisableNetwork = cfg.BridgeIface == daemonconfig.DisableNetworkBridge
+	d, err := daemon.NewDaemon(cfg, eng)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := d.Install(eng); err != nil {
 		t.Fatal(err)
 	}
 	return eng
diff --git a/components/engine/server/MAINTAINERS b/components/engine/server/MAINTAINERS
deleted file mode 100644
index c00f916523..0000000000
--- a/components/engine/server/MAINTAINERS
+++ /dev/null
@@ -1,3 +0,0 @@
-Solomon Hykes <solomon@docker.com> (@shykes)
-Victor Vieux <vieux@docker.com> (@vieux)
-buildfile.go: Tibor Vass <teabee89@gmail.com> (@tiborvass)
diff --git a/components/engine/server/init.go b/components/engine/server/init.go
deleted file mode 100644
index 14320678b5..0000000000
--- a/components/engine/server/init.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
-//
-// For additional commments see server/server.go
-//
-package server
-
-import (
-	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/daemonconfig"
-	"github.com/docker/docker/engine"
-)
-
-func (srv *Server) handlerWrap(h engine.Handler) engine.Handler {
-	return func(job *engine.Job) engine.Status {
-		srv.tasks.Add(1)
-		defer srv.tasks.Done()
-		return h(job)
-	}
-}
-
-// jobInitApi runs the remote api server `srv` as a daemon,
-// Only one api server can run at the same time - this is enforced by a pidfile.
-// The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
-func InitServer(job *engine.Job) engine.Status {
-	job.Logf("Creating server")
-	cfg := daemonconfig.ConfigFromJob(job)
-	srv, err := NewServer(job.Eng, cfg)
-	if err != nil {
-		return job.Error(err)
-	}
-	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
-	job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon)
-
-	for name, handler := range map[string]engine.Handler{} {
-		if err := job.Eng.Register(name, srv.handlerWrap(handler)); err != nil {
-			return job.Error(err)
-		}
-	}
-	// Install image-related commands from the image subsystem.
-	// See `graph/service.go`
-	if err := srv.daemon.Repositories().Install(job.Eng); err != nil {
-		return job.Error(err)
-	}
-	// Install daemon-related commands from the daemon subsystem.
-	// See `daemon/`
-	if err := srv.daemon.Install(job.Eng); err != nil {
-		return job.Error(err)
-	}
-	return engine.StatusOK
-}
-
-func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) {
-	daemon, err := daemon.NewDaemon(config, eng)
-	if err != nil {
-		return nil, err
-	}
-	srv := &Server{
-		Eng:    eng,
-		daemon: daemon,
-	}
-	return srv, nil
-}
diff --git a/components/engine/server/server.go b/components/engine/server/server.go
deleted file mode 100644
index 1b77e5efe1..0000000000
--- a/components/engine/server/server.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE.
-//
-// server/server.go is deprecated. We are working on breaking it up into smaller, cleaner
-// pieces which will be easier to find and test. This will help make the code less
-// redundant and more readable.
-//
-// Contributors, please don't add anything to server/server.go, unless it has the explicit
-// goal of helping the deprecation effort.
-//
-// Maintainers, please refuse patches which add code to server/server.go.
-//
-// Instead try the following files:
-// * For code related to local image management, try graph/
-// * For code related to image downloading, uploading, remote search etc, try registry/
-// * For code related to the docker daemon, try daemon/
-// * For small utilities which could potentially be useful outside of Docker, try pkg/
-// * For miscalleneous "util" functions which are docker-specific, try encapsulating them
-//     inside one of the subsystems above. If you really think they should be more widely
-//     available, are you sure you can't remove the docker dependencies and move them to
-//     pkg? In last resort, you can add them to utils/ (but please try not to).
-
-package server
-
-import (
-	"sync"
-
-	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/engine"
-)
-
-type Server struct {
-	sync.RWMutex
-	daemon *daemon.Daemon
-	Eng    *engine.Engine
-	tasks  sync.WaitGroup
-}

From 00b87e1af9964ed788831682467950f4e7fab2c0 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Wed, 13 Aug 2014 11:37:30 +0400
Subject: [PATCH 448/516] Fix go vet warnings

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 391c35c82252633eb415fdade08103a8a0818fde
Component: engine
---
 components/engine/daemon/execdriver/lxc/driver.go  | 14 ++++++++++++--
 components/engine/daemon/execdriver/native/init.go |  2 +-
 components/engine/daemon/logs.go                   |  2 +-
 .../daemon/networkdriver/portmapper/mapper_test.go |  7 ++++---
 components/engine/daemon/state_test.go             |  4 ++--
 .../integration-cli/docker_cli_build_test.go       |  2 +-
 .../integration-cli/docker_cli_events_test.go      |  4 ++--
 .../engine/integration-cli/docker_cli_rm_test.go   |  2 +-
 8 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 93dd1509ce..7f22db7c6e 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -64,7 +64,12 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	}
 	c.Terminal = term
 
-	c.Mounts = append(c.Mounts, execdriver.Mount{d.initPath, c.InitPath, false, true})
+	c.Mounts = append(c.Mounts, execdriver.Mount{
+		Source:      d.initPath,
+		Destination: c.InitPath,
+		Writable:    false,
+		Private:     true,
+	})
 
 	if err := d.generateEnvConfig(c); err != nil {
 		return -1, err
@@ -440,7 +445,12 @@ func (d *driver) generateEnvConfig(c *execdriver.Command) error {
 		return err
 	}
 	p := path.Join(d.root, "containers", c.ID, "config.env")
-	c.Mounts = append(c.Mounts, execdriver.Mount{p, "/.dockerenv", false, true})
+	c.Mounts = append(c.Mounts, execdriver.Mount{
+		Source:      p,
+		Destination: "/.dockerenv",
+		Writable:    false,
+		Private:     true,
+	})
 
 	return ioutil.WriteFile(p, data, 0600)
 }
diff --git a/components/engine/daemon/execdriver/native/init.go b/components/engine/daemon/execdriver/native/init.go
index 75b8aebfd9..7021eeb67e 100644
--- a/components/engine/daemon/execdriver/native/init.go
+++ b/components/engine/daemon/execdriver/native/init.go
@@ -61,6 +61,6 @@ func initializer() {
 }
 
 func writeError(err error) {
-	fmt.Sprint(os.Stderr, err)
+	fmt.Fprint(os.Stderr, err)
 	os.Exit(1)
 }
diff --git a/components/engine/daemon/logs.go b/components/engine/daemon/logs.go
index f78a62d046..5962196c63 100644
--- a/components/engine/daemon/logs.go
+++ b/components/engine/daemon/logs.go
@@ -71,7 +71,7 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 			var err error
 			lines, err = strconv.Atoi(tail)
 			if err != nil {
-				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", err)
+				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", tail, err)
 				lines = -1
 			}
 		}
diff --git a/components/engine/daemon/networkdriver/portmapper/mapper_test.go b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
index 5e64e1571b..3965380d71 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper_test.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
@@ -1,11 +1,12 @@
 package portmapper
 
 import (
+	"net"
+	"testing"
+
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
 	"github.com/docker/docker/pkg/iptables"
 	"github.com/docker/docker/pkg/proxy"
-	"net"
-	"testing"
 )
 
 func init() {
@@ -138,7 +139,7 @@ func TestMapAllPortsSingleInterface(t *testing.T) {
 		}
 
 		if _, err := Map(srcAddr1, dstIp1, portallocator.BeginPortRange); err == nil {
-			t.Fatal("Port %d should be bound but is not", portallocator.BeginPortRange)
+			t.Fatalf("Port %d should be bound but is not", portallocator.BeginPortRange)
 		}
 
 		for _, val := range hosts {
diff --git a/components/engine/daemon/state_test.go b/components/engine/daemon/state_test.go
index 7b02f3aeac..35524356a3 100644
--- a/components/engine/daemon/state_test.go
+++ b/components/engine/daemon/state_test.go
@@ -37,7 +37,7 @@ func TestStateRunStop(t *testing.T) {
 			t.Fatalf("Pid %v, expected %v", runPid, i+100)
 		}
 		if pid, err := s.WaitRunning(-1 * time.Second); err != nil || pid != i+100 {
-			t.Fatal("WaitRunning returned pid: %v, err: %v, expected pid: %v, err: %v", pid, err, i+100, nil)
+			t.Fatalf("WaitRunning returned pid: %v, err: %v, expected pid: %v, err: %v", pid, err, i+100, nil)
 		}
 
 		stopped := make(chan struct{})
@@ -68,7 +68,7 @@ func TestStateRunStop(t *testing.T) {
 			t.Fatalf("ExitCode %v, expected %v", exitCode, i)
 		}
 		if exitCode, err := s.WaitStop(-1 * time.Second); err != nil || exitCode != i {
-			t.Fatal("WaitStop returned exitCode: %v, err: %v, expected exitCode: %v, err: %v", exitCode, err, i, nil)
+			t.Fatalf("WaitStop returned exitCode: %v, err: %v, expected exitCode: %v, err: %v", exitCode, err, i, nil)
 		}
 	}
 }
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index a2efc616be..c9e0a48e65 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -1836,7 +1836,7 @@ func TestBuildFromGIT(t *testing.T) {
 		t.Fatal(err)
 	}
 	if res != "docker" {
-		t.Fatal("Maintainer should be docker, got %s", res)
+		t.Fatalf("Maintainer should be docker, got %s", res)
 	}
 	logDone("build - build from GIT")
 }
diff --git a/components/engine/integration-cli/docker_cli_events_test.go b/components/engine/integration-cli/docker_cli_events_test.go
index e27b3ab4ee..7fc2fa1528 100644
--- a/components/engine/integration-cli/docker_cli_events_test.go
+++ b/components/engine/integration-cli/docker_cli_events_test.go
@@ -76,7 +76,7 @@ func TestCLIGetEventsContainerEvents(t *testing.T) {
 	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
 	out, exitCode, err := runCommandWithOutput(eventsCmd)
 	if exitCode != 0 || err != nil {
-		t.Fatal("Failed to get events with exit code %d: %s", exitCode, err)
+		t.Fatalf("Failed to get events with exit code %d: %s", exitCode, err)
 	}
 	events := strings.Split(out, "\n")
 	events = events[:len(events)-1]
@@ -119,7 +119,7 @@ func TestCLIGetEventsImageUntagDelete(t *testing.T) {
 	eventsCmd := exec.Command(dockerBinary, "events", "--since=0", fmt.Sprintf("--until=%d", time.Now().Unix()))
 	out, exitCode, err := runCommandWithOutput(eventsCmd)
 	if exitCode != 0 || err != nil {
-		t.Fatal("Failed to get events with exit code %d: %s", exitCode, err)
+		t.Fatalf("Failed to get events with exit code %d: %s", exitCode, err)
 	}
 	events := strings.Split(out, "\n")
 	t.Log(events)
diff --git a/components/engine/integration-cli/docker_cli_rm_test.go b/components/engine/integration-cli/docker_cli_rm_test.go
index 6b395c5218..0961e634e0 100644
--- a/components/engine/integration-cli/docker_cli_rm_test.go
+++ b/components/engine/integration-cli/docker_cli_rm_test.go
@@ -102,7 +102,7 @@ func TestContainerOrphaning(t *testing.T) {
 		t.Fatalf("%v: %s", err, out)
 	}
 	if !strings.Contains(out, img1) {
-		t.Fatal("Orphaned container (could not find '%s' in docker images): %s", img1, out)
+		t.Fatalf("Orphaned container (could not find '%s' in docker images): %s", img1, out)
 	}
 
 	deleteAllContainers()

From fc45b3edd52fd2192686db8861e1d463844ede55 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 13 Aug 2014 07:50:40 +0000
Subject: [PATCH 449/516] Add Cristian to integration/MAINTAINERS

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: da63a93e89f2ea8f35f22a082f4a406456fc6a09
Component: engine
---
 components/engine/integration/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/integration/MAINTAINERS b/components/engine/integration/MAINTAINERS
index 4d803a11aa..ad2d2d2b31 100644
--- a/components/engine/integration/MAINTAINERS
+++ b/components/engine/integration/MAINTAINERS
@@ -1 +1,2 @@
 Tibor Vass <teabee89@gmail.com> (@tiborvass)
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)

From defddfab5d30c300fe2153a99bef696945f95944 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 13 Aug 2014 08:13:51 +0000
Subject: [PATCH 450/516] Add Cristian to hack/MAINTAINERS

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 7d1b2ebde8a0d1484f486b5ea01b1a77014b958b
Component: engine
---
 components/engine/hack/MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/hack/MAINTAINERS b/components/engine/hack/MAINTAINERS
index 5bc02cd42d..15e4433e8b 100644
--- a/components/engine/hack/MAINTAINERS
+++ b/components/engine/hack/MAINTAINERS
@@ -1,3 +1,4 @@
 Tianon Gravi <admwiggin@gmail.com> (@tianon)
+Cristian Staretu <cristian.staretu@gmail.com> (@unclejack)
 Tibor Vass <teabee89@gmail.com> (@tiborvass)
 dind: Jerome Petazzoni <jerome@docker.com> (@jpetazzo)

From acbbac3aa0184ad08653678a6bfc72ed3057a115 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 2 Jun 2014 15:08:39 -0400
Subject: [PATCH 451/516] docker ps: introducing filters

* starting with filtering for exit codes. `docker ps -a --filter 'exited=1'`
* API doc for filter parameter
* formatting filters for help usage
* tweaks for review

This requires https://github.com/dotcloud/docker/pull/4430

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 84146719d8b8322e302e7a0250fe8a3ee1a4edcd
Component: engine
---
 components/engine/api/client/commands.go      | 21 +++++++++++++
 components/engine/api/server/server.go        |  1 +
 components/engine/daemon/list.go              | 30 +++++++++++++++++++
 .../reference/api/docker_remote_api_v1.12.md  |  4 ++-
 .../docs/sources/reference/commandline/cli.md | 20 +++++++++++++
 5 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index ee52d98946..1d6ff1668e 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1487,6 +1487,9 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 	before := cmd.String([]string{"#beforeId", "#-before-id", "-before"}, "", "Show only container created before Id or Name, include non-running ones.")
 	last := cmd.Int([]string{"n"}, -1, "Show n last created containers, include non-running ones.")
 
+	var flFilter opts.ListOpts
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Provide filter values. Valid filters:\nexited=<int> - containers with exit code of <int>")
+
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -1510,6 +1513,24 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 		v.Set("size", "1")
 	}
 
+	// Consolidate all filter flags, and sanity check them.
+	// They'll get processed in the daemon/server.
+	psFilterArgs := filters.Args{}
+	for _, f := range flFilter.GetAll() {
+		var err error
+		psFilterArgs, err = filters.ParseFlag(f, psFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+	if len(psFilterArgs) > 0 {
+		filterJson, err := filters.ToParam(psFilterArgs)
+		if err != nil {
+			return err
+		}
+		v.Set("filters", filterJson)
+	}
+
 	body, _, err := readBody(cli.call("GET", "/containers/json?"+v.Encode(), nil, false))
 	if err != nil {
 		return err
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index df72786b10..ca195fcb0f 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -339,6 +339,7 @@ func getContainersJSON(eng *engine.Engine, version version.Version, w http.Respo
 	job.Setenv("since", r.Form.Get("since"))
 	job.Setenv("before", r.Form.Get("before"))
 	job.Setenv("limit", r.Form.Get("limit"))
+	job.Setenv("filters", r.Form.Get("filters"))
 
 	if version.GreaterThanOrEqualTo("1.5") {
 		streamJSON(job, w, false)
diff --git a/components/engine/daemon/list.go b/components/engine/daemon/list.go
index e3749346f4..2da5254866 100644
--- a/components/engine/daemon/list.go
+++ b/components/engine/daemon/list.go
@@ -3,11 +3,13 @@ package daemon
 import (
 	"errors"
 	"fmt"
+	"strconv"
 	"strings"
 
 	"github.com/docker/docker/pkg/graphdb"
 
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/parsers/filters"
 )
 
 // List returns an array of all containers registered in the daemon.
@@ -24,9 +26,25 @@ func (daemon *Daemon) Containers(job *engine.Job) engine.Status {
 		before      = job.Getenv("before")
 		n           = job.GetenvInt("limit")
 		size        = job.GetenvBool("size")
+		psFilters   filters.Args
+		filt_exited []int
 	)
 	outs := engine.NewTable("Created", 0)
 
+	psFilters, err := filters.FromParam(job.Getenv("filters"))
+	if err != nil {
+		return job.Error(err)
+	}
+	if i, ok := psFilters["exited"]; ok {
+		for _, value := range i {
+			code, err := strconv.Atoi(value)
+			if err != nil {
+				return job.Error(err)
+			}
+			filt_exited = append(filt_exited, code)
+		}
+	}
+
 	names := map[string][]string{}
 	daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
 		names[e.ID()] = append(names[e.ID()], p)
@@ -69,6 +87,18 @@ func (daemon *Daemon) Containers(job *engine.Job) engine.Status {
 				return errLast
 			}
 		}
+		if len(filt_exited) > 0 && !container.State.IsRunning() {
+			should_skip := true
+			for _, code := range filt_exited {
+				if code == container.State.GetExitCode() {
+					should_skip = false
+					break
+				}
+			}
+			if should_skip {
+				return nil
+			}
+		}
 		displayed++
 		out := &engine.Env{}
 		out.Set("Id", container.ID)
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
index 54e57d2916..9ea83e2853 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.12.md
@@ -90,6 +90,8 @@ List containers
         non-running ones.
     -   **size** – 1/True/true or 0/False/false, Show the containers
         sizes
+    -   **filters** – a JSON encoded value of the filters (a map[string][]string)
+        to process on the images list.
 
     Status Codes:
 
@@ -759,7 +761,7 @@ Copy files or folders of container `id`
      
 
     -   **all** – 1/True/true or 0/False/false, default false
-    -   **filters** – a json encoded value of the filters (a map[string][]string) to process on the images list.
+    -   **filters** – a JSON encoded value of the filters (a map[string][]string) to process on the images list.
 
 
 
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 9d5a950220..311fc849e9 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -794,6 +794,7 @@ further details.
 
       -a, --all=false       Show all containers. Only running containers are shown by default.
       --before=""           Show only container created before Id or Name, include non-running ones.
+      -f, --filter=[]       Provide filter values (i.e. 'exited=0')
       -l, --latest=false    Show only the latest created container, include non-running ones.
       -n=-1                 Show n last created containers, include non-running ones.
       --no-trunc=false      Don't truncate output
@@ -811,6 +812,25 @@ Running `docker ps` showing 2 linked containers.
 `docker ps` will show only running containers by default. To see all containers:
 `docker ps -a`
 
+### Filtering
+
+The filtering flag (-f or --filter) format is a "key=value" pair. If there is more
+than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`)
+
+Current filters:
+ * exited (int - the code of exited containers. Only useful with '--all')
+
+
+#### Successfully exited containers
+
+    $ sudo docker ps -a --filter 'exited=0'
+    CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
+    ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000->5000/tcp   desperate_leakey       
+    106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani   
+    48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
+
+This shows all the containers that have exited with status of '0'
+
 ## pull
 
     Usage: docker pull NAME[:TAG]

From 08557c40b7ba282fb5b56a7aefbbf0fb2397fcb7 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Wed, 13 Aug 2014 17:18:37 +0400
Subject: [PATCH 452/516] Fix deadlock on failed dial in UDP userland proxy

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 6cbb8e070d6c3a66bf48fbe5cbf689557eee23db
Component: engine
---
 components/engine/pkg/proxy/udp_proxy.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/pkg/proxy/udp_proxy.go b/components/engine/pkg/proxy/udp_proxy.go
index 14f2306a5a..ae6a7bbc42 100644
--- a/components/engine/pkg/proxy/udp_proxy.go
+++ b/components/engine/pkg/proxy/udp_proxy.go
@@ -116,6 +116,7 @@ func (proxy *UDPProxy) Run() {
 			proxyConn, err = net.DialUDP("udp", nil, proxy.backendAddr)
 			if err != nil {
 				log.Printf("Can't proxy a datagram to udp/%s: %s\n", proxy.backendAddr, err)
+				proxy.connTrackLock.Unlock()
 				continue
 			}
 			proxy.connTrackTable[*fromKey] = proxyConn

From 955bae5653fc07ee615606384c15148afc9bad25 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 7 Aug 2014 10:43:06 -0400
Subject: [PATCH 453/516] registry.Registry -> registry.Session

renaming this struct to more clearly be session, as that is what it
handles.

Splitting out files for easier readability.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 752dd707ac09cdcd88307b28aa9e39ac7c763b44
Component: engine
---
 components/engine/graph/pull.go             |   6 +-
 components/engine/graph/push.go             |   6 +-
 components/engine/registry/httpfactory.go   |  46 ++
 components/engine/registry/registry.go      | 672 --------------------
 components/engine/registry/registry_test.go |  26 +-
 components/engine/registry/service.go       |   2 +-
 components/engine/registry/session.go       | 611 ++++++++++++++++++
 components/engine/registry/types.go         |  33 +
 8 files changed, 710 insertions(+), 692 deletions(-)
 create mode 100644 components/engine/registry/httpfactory.go
 create mode 100644 components/engine/registry/session.go
 create mode 100644 components/engine/registry/types.go

diff --git a/components/engine/graph/pull.go b/components/engine/graph/pull.go
index b2c6f31504..597946337f 100644
--- a/components/engine/graph/pull.go
+++ b/components/engine/graph/pull.go
@@ -55,7 +55,7 @@ func (s *TagStore) CmdPull(job *engine.Job) engine.Status {
 		return job.Error(err)
 	}
 
-	r, err := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
+	r, err := registry.NewSession(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, true)
 	if err != nil {
 		return job.Error(err)
 	}
@@ -72,7 +72,7 @@ func (s *TagStore) CmdPull(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (s *TagStore) pullRepository(r *registry.Registry, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
+func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName, remoteName, askedTag string, sf *utils.StreamFormatter, parallel bool) error {
 	out.Write(sf.FormatStatus("", "Pulling repository %s", localName))
 
 	repoData, err := r.GetRepositoryData(remoteName)
@@ -210,7 +210,7 @@ func (s *TagStore) pullRepository(r *registry.Registry, out io.Writer, localName
 	return nil
 }
 
-func (s *TagStore) pullImage(r *registry.Registry, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
+func (s *TagStore) pullImage(r *registry.Session, out io.Writer, imgID, endpoint string, token []string, sf *utils.StreamFormatter) error {
 	history, err := r.GetRemoteHistory(imgID, endpoint, token)
 	if err != nil {
 		return err
diff --git a/components/engine/graph/push.go b/components/engine/graph/push.go
index 8cfa6c2b40..bec76ca7f9 100644
--- a/components/engine/graph/push.go
+++ b/components/engine/graph/push.go
@@ -60,7 +60,7 @@ func (s *TagStore) getImageList(localRepo map[string]string, requestedTag string
 	return imageList, tagsByImage, nil
 }
 
-func (s *TagStore) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
+func (s *TagStore) pushRepository(r *registry.Session, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
 	out = utils.NewWriteFlusher(out)
 	utils.Debugf("Local repo: %s", localRepo)
 	imgList, tagsByImage, err := s.getImageList(localRepo, tag)
@@ -142,7 +142,7 @@ func (s *TagStore) pushRepository(r *registry.Registry, out io.Writer, localName
 	return nil
 }
 
-func (s *TagStore) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
+func (s *TagStore) pushImage(r *registry.Session, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
 	out = utils.NewWriteFlusher(out)
 	jsonRaw, err := ioutil.ReadFile(path.Join(s.graph.Root, imgID, "json"))
 	if err != nil {
@@ -219,7 +219,7 @@ func (s *TagStore) CmdPush(job *engine.Job) engine.Status {
 	}
 
 	img, err := s.graph.Get(localName)
-	r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
+	r, err2 := registry.NewSession(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint, false)
 	if err2 != nil {
 		return job.Error(err2)
 	}
diff --git a/components/engine/registry/httpfactory.go b/components/engine/registry/httpfactory.go
new file mode 100644
index 0000000000..4c78436094
--- /dev/null
+++ b/components/engine/registry/httpfactory.go
@@ -0,0 +1,46 @@
+package registry
+
+import (
+	"runtime"
+
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/parsers/kernel"
+	"github.com/docker/docker/utils"
+)
+
+func HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory {
+	// FIXME: this replicates the 'info' job.
+	httpVersion := make([]utils.VersionInfo, 0, 4)
+	httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"go", runtime.Version()})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT})
+	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
+		httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()})
+	}
+	httpVersion = append(httpVersion, &simpleVersionInfo{"os", runtime.GOOS})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"arch", runtime.GOARCH})
+	ud := utils.NewHTTPUserAgentDecorator(httpVersion...)
+	md := &utils.HTTPMetaHeadersDecorator{
+		Headers: metaHeaders,
+	}
+	factory := utils.NewHTTPRequestFactory(ud, md)
+	return factory
+}
+
+// simpleVersionInfo is a simple implementation of
+// the interface VersionInfo, which is used
+// to provide version information for some product,
+// component, etc. It stores the product name and the version
+// in string and returns them on calls to Name() and Version().
+type simpleVersionInfo struct {
+	name    string
+	version string
+}
+
+func (v *simpleVersionInfo) Name() string {
+	return v.name
+}
+
+func (v *simpleVersionInfo) Version() string {
+	return v.version
+}
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index a590bb5f0b..14b8f6d5bd 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -1,33 +1,20 @@
 package registry
 
 import (
-	"bytes"
-	"crypto/sha256"
-	_ "crypto/sha512"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
-	"net/http/cookiejar"
-	"net/url"
 	"os"
 	"path"
 	"regexp"
-	"runtime"
-	"strconv"
 	"strings"
 	"time"
 
-	"github.com/docker/docker/dockerversion"
-	"github.com/docker/docker/pkg/httputils"
-	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/pkg/tarsum"
 	"github.com/docker/docker/utils"
 )
 
@@ -297,595 +284,6 @@ func ExpandAndVerifyRegistryUrl(hostname string) (string, error) {
 	return endpoint, nil
 }
 
-func setTokenAuth(req *http.Request, token []string) {
-	if req.Header.Get("Authorization") == "" { // Don't override
-		req.Header.Set("Authorization", "Token "+strings.Join(token, ","))
-	}
-}
-
-func (r *Registry) doRequest(req *http.Request) (*http.Response, *http.Client, error) {
-	return doRequest(req, r.jar, r.timeout)
-}
-
-// Retrieve the history of a given image from the Registry.
-// Return a list of the parent's json (requested image included)
-func (r *Registry) GetRemoteHistory(imgID, registry string, token []string) ([]string, error) {
-	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/ancestry", nil)
-	if err != nil {
-		return nil, err
-	}
-	setTokenAuth(req, token)
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		if res.StatusCode == 401 {
-			return nil, errLoginRequired
-		}
-		return nil, utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
-	}
-
-	jsonString, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, fmt.Errorf("Error while reading the http response: %s", err)
-	}
-
-	utils.Debugf("Ancestry: %s", jsonString)
-	history := new([]string)
-	if err := json.Unmarshal(jsonString, history); err != nil {
-		return nil, err
-	}
-	return *history, nil
-}
-
-// Check if an image exists in the Registry
-// TODO: This method should return the errors instead of masking them and returning false
-func (r *Registry) LookupRemoteImage(imgID, registry string, token []string) bool {
-
-	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/json", nil)
-	if err != nil {
-		utils.Errorf("Error in LookupRemoteImage %s", err)
-		return false
-	}
-	setTokenAuth(req, token)
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		utils.Errorf("Error in LookupRemoteImage %s", err)
-		return false
-	}
-	res.Body.Close()
-	return res.StatusCode == 200
-}
-
-// Retrieve an image from the Registry.
-func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([]byte, int, error) {
-	// Get the JSON
-	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/json", nil)
-	if err != nil {
-		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
-	}
-	setTokenAuth(req, token)
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		return nil, -1, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
-	}
-
-	// if the size header is not present, then set it to '-1'
-	imageSize := -1
-	if hdr := res.Header.Get("X-Docker-Size"); hdr != "" {
-		imageSize, err = strconv.Atoi(hdr)
-		if err != nil {
-			return nil, -1, err
-		}
-	}
-
-	jsonString, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, -1, fmt.Errorf("Failed to parse downloaded json: %s (%s)", err, jsonString)
-	}
-	return jsonString, imageSize, nil
-}
-
-func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string, imgSize int64) (io.ReadCloser, error) {
-	var (
-		retries  = 5
-		client   *http.Client
-		res      *http.Response
-		imageURL = fmt.Sprintf("%simages/%s/layer", registry, imgID)
-	)
-
-	req, err := r.reqFactory.NewRequest("GET", imageURL, nil)
-	if err != nil {
-		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
-	}
-	setTokenAuth(req, token)
-	for i := 1; i <= retries; i++ {
-		res, client, err = r.doRequest(req)
-		if err != nil {
-			res.Body.Close()
-			if i == retries {
-				return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
-					res.StatusCode, imgID)
-			}
-			time.Sleep(time.Duration(i) * 5 * time.Second)
-			continue
-		}
-		break
-	}
-
-	if res.StatusCode != 200 {
-		res.Body.Close()
-		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
-			res.StatusCode, imgID)
-	}
-
-	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
-		utils.Debugf("server supports resume")
-		return httputils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
-	}
-	utils.Debugf("server doesn't support resume")
-	return res.Body, nil
-}
-
-func (r *Registry) GetRemoteTags(registries []string, repository string, token []string) (map[string]string, error) {
-	if strings.Count(repository, "/") == 0 {
-		// This will be removed once the Registry supports auto-resolution on
-		// the "library" namespace
-		repository = "library/" + repository
-	}
-	for _, host := range registries {
-		endpoint := fmt.Sprintf("%srepositories/%s/tags", host, repository)
-		req, err := r.reqFactory.NewRequest("GET", endpoint, nil)
-
-		if err != nil {
-			return nil, err
-		}
-		setTokenAuth(req, token)
-		res, _, err := r.doRequest(req)
-		if err != nil {
-			return nil, err
-		}
-
-		utils.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
-		defer res.Body.Close()
-
-		if res.StatusCode != 200 && res.StatusCode != 404 {
-			continue
-		} else if res.StatusCode == 404 {
-			return nil, fmt.Errorf("Repository not found")
-		}
-
-		result := make(map[string]string)
-		rawJSON, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return nil, err
-		}
-		if err := json.Unmarshal(rawJSON, &result); err != nil {
-			return nil, err
-		}
-		return result, nil
-	}
-	return nil, fmt.Errorf("Could not reach any registry endpoint")
-}
-
-func buildEndpointsList(headers []string, indexEp string) ([]string, error) {
-	var endpoints []string
-	parsedUrl, err := url.Parse(indexEp)
-	if err != nil {
-		return nil, err
-	}
-	var urlScheme = parsedUrl.Scheme
-	// The Registry's URL scheme has to match the Index'
-	for _, ep := range headers {
-		epList := strings.Split(ep, ",")
-		for _, epListElement := range epList {
-			endpoints = append(
-				endpoints,
-				fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement)))
-		}
-	}
-	return endpoints, nil
-}
-
-func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) {
-	indexEp := r.indexEndpoint
-	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", indexEp, remote)
-
-	utils.Debugf("[registry] Calling GET %s", repositoryTarget)
-
-	req, err := r.reqFactory.NewRequest("GET", repositoryTarget, nil)
-	if err != nil {
-		return nil, err
-	}
-	if r.authConfig != nil && len(r.authConfig.Username) > 0 {
-		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
-	}
-	req.Header.Set("X-Docker-Token", "true")
-
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-	if res.StatusCode == 401 {
-		return nil, errLoginRequired
-	}
-	// TODO: Right now we're ignoring checksums in the response body.
-	// In the future, we need to use them to check image validity.
-	if res.StatusCode != 200 {
-		return nil, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
-	}
-
-	var tokens []string
-	if res.Header.Get("X-Docker-Token") != "" {
-		tokens = res.Header["X-Docker-Token"]
-	}
-
-	var endpoints []string
-	if res.Header.Get("X-Docker-Endpoints") != "" {
-		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		// Assume the endpoint is on the same host
-		u, err := url.Parse(indexEp)
-		if err != nil {
-			return nil, err
-		}
-		endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", u.Scheme, req.URL.Host))
-	}
-
-	checksumsJSON, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
-	remoteChecksums := []*ImgData{}
-	if err := json.Unmarshal(checksumsJSON, &remoteChecksums); err != nil {
-		return nil, err
-	}
-
-	// Forge a better object from the retrieved data
-	imgsData := make(map[string]*ImgData)
-	for _, elem := range remoteChecksums {
-		imgsData[elem.ID] = elem
-	}
-
-	return &RepositoryData{
-		ImgList:   imgsData,
-		Endpoints: endpoints,
-		Tokens:    tokens,
-	}, nil
-}
-
-func (r *Registry) PushImageChecksumRegistry(imgData *ImgData, registry string, token []string) error {
-
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/checksum")
-
-	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/checksum", nil)
-	if err != nil {
-		return err
-	}
-	setTokenAuth(req, token)
-	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
-	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
-
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return fmt.Errorf("Failed to upload metadata: %s", err)
-	}
-	defer res.Body.Close()
-	if len(res.Cookies()) > 0 {
-		r.jar.SetCookies(req.URL, res.Cookies())
-	}
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return fmt.Errorf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err)
-		}
-		var jsonBody map[string]string
-		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
-			errBody = []byte(err.Error())
-		} else if jsonBody["error"] == "Image already exists" {
-			return ErrAlreadyExists
-		}
-		return fmt.Errorf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody)
-	}
-	return nil
-}
-
-// Push a local image to the registry
-func (r *Registry) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, registry string, token []string) error {
-
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/json")
-
-	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/json", bytes.NewReader(jsonRaw))
-	if err != nil {
-		return err
-	}
-	req.Header.Add("Content-type", "application/json")
-	setTokenAuth(req, token)
-
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return fmt.Errorf("Failed to upload metadata: %s", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
-		return utils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
-	}
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
-		}
-		var jsonBody map[string]string
-		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
-			errBody = []byte(err.Error())
-		} else if jsonBody["error"] == "Image already exists" {
-			return ErrAlreadyExists
-		}
-		return utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody), res)
-	}
-	return nil
-}
-
-func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registry string, token []string, jsonRaw []byte) (checksum string, checksumPayload string, err error) {
-
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
-
-	tarsumLayer := &tarsum.TarSum{Reader: layer}
-	h := sha256.New()
-	h.Write(jsonRaw)
-	h.Write([]byte{'\n'})
-	checksumLayer := io.TeeReader(tarsumLayer, h)
-
-	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", checksumLayer)
-	if err != nil {
-		return "", "", err
-	}
-	req.Header.Add("Content-Type", "application/octet-stream")
-	req.ContentLength = -1
-	req.TransferEncoding = []string{"chunked"}
-	setTokenAuth(req, token)
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return "", "", fmt.Errorf("Failed to upload layer: %s", err)
-	}
-	if rc, ok := layer.(io.Closer); ok {
-		if err := rc.Close(); err != nil {
-			return "", "", err
-		}
-	}
-	defer res.Body.Close()
-
-	if res.StatusCode != 200 {
-		errBody, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return "", "", utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
-		}
-		return "", "", utils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %s", res.StatusCode, errBody), res)
-	}
-
-	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
-	return tarsumLayer.Sum(jsonRaw), checksumPayload, nil
-}
-
-// push a tag on the registry.
-// Remote has the format '<user>/<repo>
-func (r *Registry) PushRegistryTag(remote, revision, tag, registry string, token []string) error {
-	// "jsonify" the string
-	revision = "\"" + revision + "\""
-	path := fmt.Sprintf("repositories/%s/tags/%s", remote, tag)
-
-	req, err := r.reqFactory.NewRequest("PUT", registry+path, strings.NewReader(revision))
-	if err != nil {
-		return err
-	}
-	req.Header.Add("Content-type", "application/json")
-	setTokenAuth(req, token)
-	req.ContentLength = int64(len(revision))
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return err
-	}
-	res.Body.Close()
-	if res.StatusCode != 200 && res.StatusCode != 201 {
-		return utils.NewHTTPRequestError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, remote), res)
-	}
-	return nil
-}
-
-func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validate bool, regs []string) (*RepositoryData, error) {
-	cleanImgList := []*ImgData{}
-	indexEp := r.indexEndpoint
-
-	if validate {
-		for _, elem := range imgList {
-			if elem.Checksum != "" {
-				cleanImgList = append(cleanImgList, elem)
-			}
-		}
-	} else {
-		cleanImgList = imgList
-	}
-
-	imgListJSON, err := json.Marshal(cleanImgList)
-	if err != nil {
-		return nil, err
-	}
-	var suffix string
-	if validate {
-		suffix = "images"
-	}
-	u := fmt.Sprintf("%srepositories/%s/%s", indexEp, remote, suffix)
-	utils.Debugf("[registry] PUT %s", u)
-	utils.Debugf("Image list pushed to index:\n%s", imgListJSON)
-	req, err := r.reqFactory.NewRequest("PUT", u, bytes.NewReader(imgListJSON))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("Content-type", "application/json")
-	req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
-	req.ContentLength = int64(len(imgListJSON))
-	req.Header.Set("X-Docker-Token", "true")
-	if validate {
-		req.Header["X-Docker-Endpoints"] = regs
-	}
-
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-
-	// Redirect if necessary
-	for res.StatusCode >= 300 && res.StatusCode < 400 {
-		utils.Debugf("Redirected to %s", res.Header.Get("Location"))
-		req, err = r.reqFactory.NewRequest("PUT", res.Header.Get("Location"), bytes.NewReader(imgListJSON))
-		if err != nil {
-			return nil, err
-		}
-		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
-		req.ContentLength = int64(len(imgListJSON))
-		req.Header.Set("X-Docker-Token", "true")
-		if validate {
-			req.Header["X-Docker-Endpoints"] = regs
-		}
-		res, _, err := r.doRequest(req)
-		if err != nil {
-			return nil, err
-		}
-		defer res.Body.Close()
-	}
-
-	var tokens, endpoints []string
-	if !validate {
-		if res.StatusCode != 200 && res.StatusCode != 201 {
-			errBody, err := ioutil.ReadAll(res.Body)
-			if err != nil {
-				return nil, err
-			}
-			return nil, utils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push repository %s: %s", res.StatusCode, remote, errBody), res)
-		}
-		if res.Header.Get("X-Docker-Token") != "" {
-			tokens = res.Header["X-Docker-Token"]
-			utils.Debugf("Auth token: %v", tokens)
-		} else {
-			return nil, fmt.Errorf("Index response didn't contain an access token")
-		}
-
-		if res.Header.Get("X-Docker-Endpoints") != "" {
-			endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			return nil, fmt.Errorf("Index response didn't contain any endpoints")
-		}
-	}
-	if validate {
-		if res.StatusCode != 204 {
-			errBody, err := ioutil.ReadAll(res.Body)
-			if err != nil {
-				return nil, err
-			}
-			return nil, utils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %s", res.StatusCode, remote, errBody), res)
-		}
-	}
-
-	return &RepositoryData{
-		Tokens:    tokens,
-		Endpoints: endpoints,
-	}, nil
-}
-
-func (r *Registry) SearchRepositories(term string) (*SearchResults, error) {
-	utils.Debugf("Index server: %s", r.indexEndpoint)
-	u := r.indexEndpoint + "search?q=" + url.QueryEscape(term)
-	req, err := r.reqFactory.NewRequest("GET", u, nil)
-	if err != nil {
-		return nil, err
-	}
-	if r.authConfig != nil && len(r.authConfig.Username) > 0 {
-		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
-	}
-	req.Header.Set("X-Docker-Token", "true")
-	res, _, err := r.doRequest(req)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		return nil, utils.NewHTTPRequestError(fmt.Sprintf("Unexepected status code %d", res.StatusCode), res)
-	}
-	rawData, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
-	result := new(SearchResults)
-	err = json.Unmarshal(rawData, result)
-	return result, err
-}
-
-func (r *Registry) GetAuthConfig(withPasswd bool) *AuthConfig {
-	password := ""
-	if withPasswd {
-		password = r.authConfig.Password
-	}
-	return &AuthConfig{
-		Username: r.authConfig.Username,
-		Password: password,
-		Email:    r.authConfig.Email,
-	}
-}
-
-type SearchResult struct {
-	StarCount   int    `json:"star_count"`
-	IsOfficial  bool   `json:"is_official"`
-	Name        string `json:"name"`
-	IsTrusted   bool   `json:"is_trusted"`
-	Description string `json:"description"`
-}
-
-type SearchResults struct {
-	Query      string         `json:"query"`
-	NumResults int            `json:"num_results"`
-	Results    []SearchResult `json:"results"`
-}
-
-type RepositoryData struct {
-	ImgList   map[string]*ImgData
-	Endpoints []string
-	Tokens    []string
-}
-
-type ImgData struct {
-	ID              string `json:"id"`
-	Checksum        string `json:"checksum,omitempty"`
-	ChecksumPayload string `json:"-"`
-	Tag             string `json:",omitempty"`
-}
-
-type RegistryInfo struct {
-	Version    string `json:"version"`
-	Standalone bool   `json:"standalone"`
-}
-
-type Registry struct {
-	authConfig    *AuthConfig
-	reqFactory    *utils.HTTPRequestFactory
-	indexEndpoint string
-	jar           *cookiejar.Jar
-	timeout       TimeoutType
-}
-
 func trustedLocation(req *http.Request) bool {
 	var (
 		trusteds = []string{"docker.com", "docker.io"}
@@ -919,73 +317,3 @@ func AddRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Reque
 	}
 	return nil
 }
-
-func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, indexEndpoint string, timeout bool) (r *Registry, err error) {
-	r = &Registry{
-		authConfig:    authConfig,
-		indexEndpoint: indexEndpoint,
-	}
-
-	if timeout {
-		r.timeout = ReceiveTimeout
-	}
-
-	r.jar, err = cookiejar.New(nil)
-	if err != nil {
-		return nil, err
-	}
-
-	// If we're working with a standalone private registry over HTTPS, send Basic Auth headers
-	// alongside our requests.
-	if indexEndpoint != IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") {
-		info, err := pingRegistryEndpoint(indexEndpoint)
-		if err != nil {
-			return nil, err
-		}
-		if info.Standalone {
-			utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint)
-			dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password)
-			factory.AddDecorator(dec)
-		}
-	}
-
-	r.reqFactory = factory
-	return r, nil
-}
-
-func HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory {
-	// FIXME: this replicates the 'info' job.
-	httpVersion := make([]utils.VersionInfo, 0, 4)
-	httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"go", runtime.Version()})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT})
-	if kernelVersion, err := kernel.GetKernelVersion(); err == nil {
-		httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()})
-	}
-	httpVersion = append(httpVersion, &simpleVersionInfo{"os", runtime.GOOS})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"arch", runtime.GOARCH})
-	ud := utils.NewHTTPUserAgentDecorator(httpVersion...)
-	md := &utils.HTTPMetaHeadersDecorator{
-		Headers: metaHeaders,
-	}
-	factory := utils.NewHTTPRequestFactory(ud, md)
-	return factory
-}
-
-// simpleVersionInfo is a simple implementation of
-// the interface VersionInfo, which is used
-// to provide version information for some product,
-// component, etc. It stores the product name and the version
-// in string and returns them on calls to Name() and Version().
-type simpleVersionInfo struct {
-	name    string
-	version string
-}
-
-func (v *simpleVersionInfo) Name() string {
-	return v.name
-}
-
-func (v *simpleVersionInfo) Version() string {
-	return v.version
-}
diff --git a/components/engine/registry/registry_test.go b/components/engine/registry/registry_test.go
index 12dc7a28a4..303879e8de 100644
--- a/components/engine/registry/registry_test.go
+++ b/components/engine/registry/registry_test.go
@@ -16,9 +16,9 @@ var (
 	REPO     = "foo42/bar"
 )
 
-func spawnTestRegistry(t *testing.T) *Registry {
+func spawnTestRegistrySession(t *testing.T) *Session {
 	authConfig := &AuthConfig{}
-	r, err := NewRegistry(authConfig, utils.NewHTTPRequestFactory(), makeURL("/v1/"), true)
+	r, err := NewSession(authConfig, utils.NewHTTPRequestFactory(), makeURL("/v1/"), true)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -34,7 +34,7 @@ func TestPingRegistryEndpoint(t *testing.T) {
 }
 
 func TestGetRemoteHistory(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	hist, err := r.GetRemoteHistory(IMAGE_ID, makeURL("/v1/"), TOKEN)
 	if err != nil {
 		t.Fatal(err)
@@ -46,7 +46,7 @@ func TestGetRemoteHistory(t *testing.T) {
 }
 
 func TestLookupRemoteImage(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	found := r.LookupRemoteImage(IMAGE_ID, makeURL("/v1/"), TOKEN)
 	assertEqual(t, found, true, "Expected remote lookup to succeed")
 	found = r.LookupRemoteImage("abcdef", makeURL("/v1/"), TOKEN)
@@ -54,7 +54,7 @@ func TestLookupRemoteImage(t *testing.T) {
 }
 
 func TestGetRemoteImageJSON(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	json, size, err := r.GetRemoteImageJSON(IMAGE_ID, makeURL("/v1/"), TOKEN)
 	if err != nil {
 		t.Fatal(err)
@@ -71,7 +71,7 @@ func TestGetRemoteImageJSON(t *testing.T) {
 }
 
 func TestGetRemoteImageLayer(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	data, err := r.GetRemoteImageLayer(IMAGE_ID, makeURL("/v1/"), TOKEN, 0)
 	if err != nil {
 		t.Fatal(err)
@@ -87,7 +87,7 @@ func TestGetRemoteImageLayer(t *testing.T) {
 }
 
 func TestGetRemoteTags(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	tags, err := r.GetRemoteTags([]string{makeURL("/v1/")}, REPO, TOKEN)
 	if err != nil {
 		t.Fatal(err)
@@ -102,7 +102,7 @@ func TestGetRemoteTags(t *testing.T) {
 }
 
 func TestGetRepositoryData(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	parsedUrl, err := url.Parse(makeURL("/v1/"))
 	if err != nil {
 		t.Fatal(err)
@@ -123,7 +123,7 @@ func TestGetRepositoryData(t *testing.T) {
 }
 
 func TestPushImageJSONRegistry(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	imgData := &ImgData{
 		ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
 		Checksum: "sha256:1ac330d56e05eef6d438586545ceff7550d3bdcb6b19961f12c5ba714ee1bb37",
@@ -136,7 +136,7 @@ func TestPushImageJSONRegistry(t *testing.T) {
 }
 
 func TestPushImageLayerRegistry(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	layer := strings.NewReader("")
 	_, _, err := r.PushImageLayerRegistry(IMAGE_ID, layer, makeURL("/v1/"), TOKEN, []byte{})
 	if err != nil {
@@ -171,7 +171,7 @@ func TestResolveRepositoryName(t *testing.T) {
 }
 
 func TestPushRegistryTag(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	err := r.PushRegistryTag("foo42/bar", IMAGE_ID, "stable", makeURL("/v1/"), TOKEN)
 	if err != nil {
 		t.Fatal(err)
@@ -179,7 +179,7 @@ func TestPushRegistryTag(t *testing.T) {
 }
 
 func TestPushImageJSONIndex(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	imgData := []*ImgData{
 		{
 			ID:       "77dbf71da1d00e3fbddc480176eac8994025630c6590d11cfc8fe1209c2a1d20",
@@ -207,7 +207,7 @@ func TestPushImageJSONIndex(t *testing.T) {
 }
 
 func TestSearchRepositories(t *testing.T) {
-	r := spawnTestRegistry(t)
+	r := spawnTestRegistrySession(t)
 	results, err := r.SearchRepositories("fakequery")
 	if err != nil {
 		t.Fatal(err)
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index d2775e3cd1..29afd16394 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -82,7 +82,7 @@ func (s *Service) Search(job *engine.Job) engine.Status {
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("metaHeaders", metaHeaders)
 
-	r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress(), true)
+	r, err := NewSession(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress(), true)
 	if err != nil {
 		return job.Error(err)
 	}
diff --git a/components/engine/registry/session.go b/components/engine/registry/session.go
new file mode 100644
index 0000000000..e60fbeb749
--- /dev/null
+++ b/components/engine/registry/session.go
@@ -0,0 +1,611 @@
+package registry
+
+import (
+	"bytes"
+	"crypto/sha256"
+	_ "crypto/sha512"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/tarsum"
+	"github.com/docker/docker/utils"
+)
+
+type Session struct {
+	authConfig    *AuthConfig
+	reqFactory    *utils.HTTPRequestFactory
+	indexEndpoint string
+	jar           *cookiejar.Jar
+	timeout       TimeoutType
+}
+
+func NewSession(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, indexEndpoint string, timeout bool) (r *Session, err error) {
+	r = &Session{
+		authConfig:    authConfig,
+		indexEndpoint: indexEndpoint,
+	}
+
+	if timeout {
+		r.timeout = ReceiveTimeout
+	}
+
+	r.jar, err = cookiejar.New(nil)
+	if err != nil {
+		return nil, err
+	}
+
+	// If we're working with a standalone private registry over HTTPS, send Basic Auth headers
+	// alongside our requests.
+	if indexEndpoint != IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") {
+		info, err := pingRegistryEndpoint(indexEndpoint)
+		if err != nil {
+			return nil, err
+		}
+		if info.Standalone {
+			utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint)
+			dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password)
+			factory.AddDecorator(dec)
+		}
+	}
+
+	r.reqFactory = factory
+	return r, nil
+}
+
+func (r *Session) doRequest(req *http.Request) (*http.Response, *http.Client, error) {
+	return doRequest(req, r.jar, r.timeout)
+}
+
+// Retrieve the history of a given image from the Registry.
+// Return a list of the parent's json (requested image included)
+func (r *Session) GetRemoteHistory(imgID, registry string, token []string) ([]string, error) {
+	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/ancestry", nil)
+	if err != nil {
+		return nil, err
+	}
+	setTokenAuth(req, token)
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		if res.StatusCode == 401 {
+			return nil, errLoginRequired
+		}
+		return nil, utils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
+	}
+
+	jsonString, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, fmt.Errorf("Error while reading the http response: %s", err)
+	}
+
+	utils.Debugf("Ancestry: %s", jsonString)
+	history := new([]string)
+	if err := json.Unmarshal(jsonString, history); err != nil {
+		return nil, err
+	}
+	return *history, nil
+}
+
+// Check if an image exists in the Registry
+// TODO: This method should return the errors instead of masking them and returning false
+func (r *Session) LookupRemoteImage(imgID, registry string, token []string) bool {
+
+	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/json", nil)
+	if err != nil {
+		utils.Errorf("Error in LookupRemoteImage %s", err)
+		return false
+	}
+	setTokenAuth(req, token)
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		utils.Errorf("Error in LookupRemoteImage %s", err)
+		return false
+	}
+	res.Body.Close()
+	return res.StatusCode == 200
+}
+
+// Retrieve an image from the Registry.
+func (r *Session) GetRemoteImageJSON(imgID, registry string, token []string) ([]byte, int, error) {
+	// Get the JSON
+	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/json", nil)
+	if err != nil {
+		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
+	}
+	setTokenAuth(req, token)
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		return nil, -1, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res)
+	}
+	// if the size header is not present, then set it to '-1'
+	imageSize := -1
+	if hdr := res.Header.Get("X-Docker-Size"); hdr != "" {
+		imageSize, err = strconv.Atoi(hdr)
+		if err != nil {
+			return nil, -1, err
+		}
+	}
+
+	jsonString, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, -1, fmt.Errorf("Failed to parse downloaded json: %s (%s)", err, jsonString)
+	}
+	return jsonString, imageSize, nil
+}
+
+func (r *Session) GetRemoteImageLayer(imgID, registry string, token []string, imgSize int64) (io.ReadCloser, error) {
+	var (
+		retries  = 5
+		client   *http.Client
+		res      *http.Response
+		imageURL = fmt.Sprintf("%simages/%s/layer", registry, imgID)
+	)
+
+	req, err := r.reqFactory.NewRequest("GET", imageURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
+	}
+	setTokenAuth(req, token)
+	for i := 1; i <= retries; i++ {
+		res, client, err = r.doRequest(req)
+		if err != nil {
+			res.Body.Close()
+			if i == retries {
+				return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
+					res.StatusCode, imgID)
+			}
+			time.Sleep(time.Duration(i) * 5 * time.Second)
+			continue
+		}
+		break
+	}
+
+	if res.StatusCode != 200 {
+		res.Body.Close()
+		return nil, fmt.Errorf("Server error: Status %d while fetching image layer (%s)",
+			res.StatusCode, imgID)
+	}
+
+	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
+		utils.Debugf("server supports resume")
+		return httputils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
+	}
+	utils.Debugf("server doesn't support resume")
+	return res.Body, nil
+}
+
+func (r *Session) GetRemoteTags(registries []string, repository string, token []string) (map[string]string, error) {
+	if strings.Count(repository, "/") == 0 {
+		// This will be removed once the Registry supports auto-resolution on
+		// the "library" namespace
+		repository = "library/" + repository
+	}
+	for _, host := range registries {
+		endpoint := fmt.Sprintf("%srepositories/%s/tags", host, repository)
+		req, err := r.reqFactory.NewRequest("GET", endpoint, nil)
+
+		if err != nil {
+			return nil, err
+		}
+		setTokenAuth(req, token)
+		res, _, err := r.doRequest(req)
+		if err != nil {
+			return nil, err
+		}
+
+		utils.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
+		defer res.Body.Close()
+
+		if res.StatusCode != 200 && res.StatusCode != 404 {
+			continue
+		} else if res.StatusCode == 404 {
+			return nil, fmt.Errorf("Repository not found")
+		}
+
+		result := make(map[string]string)
+		rawJSON, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return nil, err
+		}
+		if err := json.Unmarshal(rawJSON, &result); err != nil {
+			return nil, err
+		}
+		return result, nil
+	}
+	return nil, fmt.Errorf("Could not reach any registry endpoint")
+}
+
+func buildEndpointsList(headers []string, indexEp string) ([]string, error) {
+	var endpoints []string
+	parsedUrl, err := url.Parse(indexEp)
+	if err != nil {
+		return nil, err
+	}
+	var urlScheme = parsedUrl.Scheme
+	// The Registry's URL scheme has to match the Index'
+	for _, ep := range headers {
+		epList := strings.Split(ep, ",")
+		for _, epListElement := range epList {
+			endpoints = append(
+				endpoints,
+				fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement)))
+		}
+	}
+	return endpoints, nil
+}
+
+func (r *Session) GetRepositoryData(remote string) (*RepositoryData, error) {
+	indexEp := r.indexEndpoint
+	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", indexEp, remote)
+
+	utils.Debugf("[registry] Calling GET %s", repositoryTarget)
+
+	req, err := r.reqFactory.NewRequest("GET", repositoryTarget, nil)
+	if err != nil {
+		return nil, err
+	}
+	if r.authConfig != nil && len(r.authConfig.Username) > 0 {
+		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
+	}
+	req.Header.Set("X-Docker-Token", "true")
+
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode == 401 {
+		return nil, errLoginRequired
+	}
+	// TODO: Right now we're ignoring checksums in the response body.
+	// In the future, we need to use them to check image validity.
+	if res.StatusCode != 200 {
+		return nil, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res)
+	}
+
+	var tokens []string
+	if res.Header.Get("X-Docker-Token") != "" {
+		tokens = res.Header["X-Docker-Token"]
+	}
+
+	var endpoints []string
+	if res.Header.Get("X-Docker-Endpoints") != "" {
+		endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		// Assume the endpoint is on the same host
+		u, err := url.Parse(indexEp)
+		if err != nil {
+			return nil, err
+		}
+		endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", u.Scheme, req.URL.Host))
+	}
+
+	checksumsJSON, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	remoteChecksums := []*ImgData{}
+	if err := json.Unmarshal(checksumsJSON, &remoteChecksums); err != nil {
+		return nil, err
+	}
+
+	// Forge a better object from the retrieved data
+	imgsData := make(map[string]*ImgData)
+	for _, elem := range remoteChecksums {
+		imgsData[elem.ID] = elem
+	}
+
+	return &RepositoryData{
+		ImgList:   imgsData,
+		Endpoints: endpoints,
+		Tokens:    tokens,
+	}, nil
+}
+
+func (r *Session) PushImageChecksumRegistry(imgData *ImgData, registry string, token []string) error {
+
+	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/checksum")
+
+	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/checksum", nil)
+	if err != nil {
+		return err
+	}
+	setTokenAuth(req, token)
+	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
+	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
+
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return fmt.Errorf("Failed to upload metadata: %s", err)
+	}
+	defer res.Body.Close()
+	if len(res.Cookies()) > 0 {
+		r.jar.SetCookies(req.URL, res.Cookies())
+	}
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return fmt.Errorf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err)
+		}
+		var jsonBody map[string]string
+		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
+			errBody = []byte(err.Error())
+		} else if jsonBody["error"] == "Image already exists" {
+			return ErrAlreadyExists
+		}
+		return fmt.Errorf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody)
+	}
+	return nil
+}
+
+// Push a local image to the registry
+func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, registry string, token []string) error {
+
+	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/json")
+
+	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/json", bytes.NewReader(jsonRaw))
+	if err != nil {
+		return err
+	}
+	req.Header.Add("Content-type", "application/json")
+	setTokenAuth(req, token)
+
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return fmt.Errorf("Failed to upload metadata: %s", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
+		return utils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
+	}
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+		}
+		var jsonBody map[string]string
+		if err := json.Unmarshal(errBody, &jsonBody); err != nil {
+			errBody = []byte(err.Error())
+		} else if jsonBody["error"] == "Image already exists" {
+			return ErrAlreadyExists
+		}
+		return utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata: %s", res.StatusCode, errBody), res)
+	}
+	return nil
+}
+
+func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry string, token []string, jsonRaw []byte) (checksum string, checksumPayload string, err error) {
+
+	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
+
+	tarsumLayer := &tarsum.TarSum{Reader: layer}
+	h := sha256.New()
+	h.Write(jsonRaw)
+	h.Write([]byte{'\n'})
+	checksumLayer := io.TeeReader(tarsumLayer, h)
+
+	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", checksumLayer)
+	if err != nil {
+		return "", "", err
+	}
+	req.Header.Add("Content-Type", "application/octet-stream")
+	req.ContentLength = -1
+	req.TransferEncoding = []string{"chunked"}
+	setTokenAuth(req, token)
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return "", "", fmt.Errorf("Failed to upload layer: %s", err)
+	}
+	if rc, ok := layer.(io.Closer); ok {
+		if err := rc.Close(); err != nil {
+			return "", "", err
+		}
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != 200 {
+		errBody, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return "", "", utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res)
+		}
+		return "", "", utils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %s", res.StatusCode, errBody), res)
+	}
+
+	checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil))
+	return tarsumLayer.Sum(jsonRaw), checksumPayload, nil
+}
+
+// push a tag on the registry.
+// Remote has the format '<user>/<repo>
+func (r *Session) PushRegistryTag(remote, revision, tag, registry string, token []string) error {
+	// "jsonify" the string
+	revision = "\"" + revision + "\""
+	path := fmt.Sprintf("repositories/%s/tags/%s", remote, tag)
+
+	req, err := r.reqFactory.NewRequest("PUT", registry+path, strings.NewReader(revision))
+	if err != nil {
+		return err
+	}
+	req.Header.Add("Content-type", "application/json")
+	setTokenAuth(req, token)
+	req.ContentLength = int64(len(revision))
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return err
+	}
+	res.Body.Close()
+	if res.StatusCode != 200 && res.StatusCode != 201 {
+		return utils.NewHTTPRequestError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, remote), res)
+	}
+	return nil
+}
+
+func (r *Session) PushImageJSONIndex(remote string, imgList []*ImgData, validate bool, regs []string) (*RepositoryData, error) {
+	cleanImgList := []*ImgData{}
+	indexEp := r.indexEndpoint
+
+	if validate {
+		for _, elem := range imgList {
+			if elem.Checksum != "" {
+				cleanImgList = append(cleanImgList, elem)
+			}
+		}
+	} else {
+		cleanImgList = imgList
+	}
+
+	imgListJSON, err := json.Marshal(cleanImgList)
+	if err != nil {
+		return nil, err
+	}
+	var suffix string
+	if validate {
+		suffix = "images"
+	}
+	u := fmt.Sprintf("%srepositories/%s/%s", indexEp, remote, suffix)
+	utils.Debugf("[registry] PUT %s", u)
+	utils.Debugf("Image list pushed to index:\n%s", imgListJSON)
+	req, err := r.reqFactory.NewRequest("PUT", u, bytes.NewReader(imgListJSON))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-type", "application/json")
+	req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
+	req.ContentLength = int64(len(imgListJSON))
+	req.Header.Set("X-Docker-Token", "true")
+	if validate {
+		req.Header["X-Docker-Endpoints"] = regs
+	}
+
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+
+	// Redirect if necessary
+	for res.StatusCode >= 300 && res.StatusCode < 400 {
+		utils.Debugf("Redirected to %s", res.Header.Get("Location"))
+		req, err = r.reqFactory.NewRequest("PUT", res.Header.Get("Location"), bytes.NewReader(imgListJSON))
+		if err != nil {
+			return nil, err
+		}
+		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
+		req.ContentLength = int64(len(imgListJSON))
+		req.Header.Set("X-Docker-Token", "true")
+		if validate {
+			req.Header["X-Docker-Endpoints"] = regs
+		}
+		res, _, err := r.doRequest(req)
+		if err != nil {
+			return nil, err
+		}
+		defer res.Body.Close()
+	}
+
+	var tokens, endpoints []string
+	if !validate {
+		if res.StatusCode != 200 && res.StatusCode != 201 {
+			errBody, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				return nil, err
+			}
+			return nil, utils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push repository %s: %s", res.StatusCode, remote, errBody), res)
+		}
+		if res.Header.Get("X-Docker-Token") != "" {
+			tokens = res.Header["X-Docker-Token"]
+			utils.Debugf("Auth token: %v", tokens)
+		} else {
+			return nil, fmt.Errorf("Index response didn't contain an access token")
+		}
+
+		if res.Header.Get("X-Docker-Endpoints") != "" {
+			endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			return nil, fmt.Errorf("Index response didn't contain any endpoints")
+		}
+	}
+	if validate {
+		if res.StatusCode != 204 {
+			errBody, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				return nil, err
+			}
+			return nil, utils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %s", res.StatusCode, remote, errBody), res)
+		}
+	}
+
+	return &RepositoryData{
+		Tokens:    tokens,
+		Endpoints: endpoints,
+	}, nil
+}
+
+func (r *Session) SearchRepositories(term string) (*SearchResults, error) {
+	utils.Debugf("Index server: %s", r.indexEndpoint)
+	u := r.indexEndpoint + "search?q=" + url.QueryEscape(term)
+	req, err := r.reqFactory.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, err
+	}
+	if r.authConfig != nil && len(r.authConfig.Username) > 0 {
+		req.SetBasicAuth(r.authConfig.Username, r.authConfig.Password)
+	}
+	req.Header.Set("X-Docker-Token", "true")
+	res, _, err := r.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		return nil, utils.NewHTTPRequestError(fmt.Sprintf("Unexepected status code %d", res.StatusCode), res)
+	}
+	rawData, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	result := new(SearchResults)
+	err = json.Unmarshal(rawData, result)
+	return result, err
+}
+
+func (r *Session) GetAuthConfig(withPasswd bool) *AuthConfig {
+	password := ""
+	if withPasswd {
+		password = r.authConfig.Password
+	}
+	return &AuthConfig{
+		Username: r.authConfig.Username,
+		Password: password,
+		Email:    r.authConfig.Email,
+	}
+}
+
+func setTokenAuth(req *http.Request, token []string) {
+	if req.Header.Get("Authorization") == "" { // Don't override
+		req.Header.Set("Authorization", "Token "+strings.Join(token, ","))
+	}
+}
diff --git a/components/engine/registry/types.go b/components/engine/registry/types.go
new file mode 100644
index 0000000000..70d55e42fd
--- /dev/null
+++ b/components/engine/registry/types.go
@@ -0,0 +1,33 @@
+package registry
+
+type SearchResult struct {
+	StarCount   int    `json:"star_count"`
+	IsOfficial  bool   `json:"is_official"`
+	Name        string `json:"name"`
+	IsTrusted   bool   `json:"is_trusted"`
+	Description string `json:"description"`
+}
+
+type SearchResults struct {
+	Query      string         `json:"query"`
+	NumResults int            `json:"num_results"`
+	Results    []SearchResult `json:"results"`
+}
+
+type RepositoryData struct {
+	ImgList   map[string]*ImgData
+	Endpoints []string
+	Tokens    []string
+}
+
+type ImgData struct {
+	ID              string `json:"id"`
+	Checksum        string `json:"checksum,omitempty"`
+	ChecksumPayload string `json:"-"`
+	Tag             string `json:",omitempty"`
+}
+
+type RegistryInfo struct {
+	Version    string `json:"version"`
+	Standalone bool   `json:"standalone"`
+}

From 1f8b0d99829d80c2c704419671850dbab1e2a19c Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 12 Aug 2014 14:57:09 -0700
Subject: [PATCH 454/516] Add Self func to reexec pkg to return the current
 binary path

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 283ee108862da1db55a7cf944f20a245c096c388
Component: engine
---
 components/engine/reexec/reexec.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/components/engine/reexec/reexec.go b/components/engine/reexec/reexec.go
index 6a199e1ff1..136b905bd2 100644
--- a/components/engine/reexec/reexec.go
+++ b/components/engine/reexec/reexec.go
@@ -3,6 +3,8 @@ package reexec
 import (
 	"fmt"
 	"os"
+	"os/exec"
+	"path/filepath"
 )
 
 var registeredInitializers = make(map[string]func())
@@ -28,3 +30,16 @@ func Init() bool {
 
 	return false
 }
+
+// Self returns the path to the current processes binary
+func Self() string {
+	name := os.Args[0]
+
+	if filepath.Base(name) == name {
+		if lp, err := exec.LookPath(name); err == nil {
+			name = lp
+		}
+	}
+
+	return name
+}

From b3e9a7cd3baf81fb9d6916f1ab06b0563e8e5a0f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 12 Aug 2014 15:04:00 -0700
Subject: [PATCH 455/516] Move userland proxies out of daemon's process

This PR moves the userland proxies for TCP and UDP traffic out of the
main docker daemon's process ( from goroutines per proxy ) to be a
separate reexec of the docker binary.  This reduces the cpu and memory
needed by the daemon and if the proxy processes crash for some reason
the daemon is unaffected.  This also displays in the standard process
tree so that a user can clearly see if there is a userland proxy that is
bound to a certain ip and port.

```bash
CONTAINER ID        IMAGE                       COMMAND             CREATED             STATUS              PORTS                                          NAMES
5d349506feb6        busybox:buildroot-2014.02   "sh"                13 minutes ago      Up 1 seconds        0.0.0.0:49153->81/tcp, 0.0.0.0:49154->90/tcp   hungry_pike
root@1cbfdcedc5a7:/go/src/github.com/docker/docker# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1  18168  3100 ?        Ss   21:09   0:00 bash
root      8328  0.7  0.6 329072 13420 ?        Sl   22:03   0:00 docker -d -s vfs
root      8373  1.0  0.5 196500 10548 ?        Sl   22:03   0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 -container-ip 10.0.0.2 -container-port 81
root      8382  1.0  0.5 270232 10576 ?        Sl   22:03   0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49154 -container-ip 10.0.0.2 -container-port 90
root      8385  1.2  0.0   3168   184 pts/0    Ss+  22:03   0:00 sh
root      8408  0.0  0.1  15568  2112 ?        R+   22:03   0:00 ps aux
```

This also helps us to cleanly cleanup the proxy processes by stopping
these commands instead of trying to terminate a goroutine.

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: b4e2f5ed962f8ef81dbc2cbb1ff2a06bb64f8211
Component: engine
---
 .../networkdriver/bridge/driver_test.go       |  50 +-------
 .../daemon/networkdriver/portmapper/mapper.go |  32 +++--
 .../networkdriver/portmapper/mapper_test.go   |   3 +-
 .../networkdriver/portmapper/mock_proxy.go    |  18 +++
 .../daemon/networkdriver/portmapper/proxy.go  | 119 ++++++++++++++++++
 5 files changed, 163 insertions(+), 59 deletions(-)
 create mode 100644 components/engine/daemon/networkdriver/portmapper/mock_proxy.go
 create mode 100644 components/engine/daemon/networkdriver/portmapper/proxy.go

diff --git a/components/engine/daemon/networkdriver/bridge/driver_test.go b/components/engine/daemon/networkdriver/bridge/driver_test.go
index bf44181266..9bc6c32eb4 100644
--- a/components/engine/daemon/networkdriver/bridge/driver_test.go
+++ b/components/engine/daemon/networkdriver/bridge/driver_test.go
@@ -1,14 +1,19 @@
 package bridge
 
 import (
-	"fmt"
 	"net"
 	"strconv"
 	"testing"
 
+	"github.com/docker/docker/daemon/networkdriver/portmapper"
 	"github.com/docker/docker/engine"
 )
 
+func init() {
+	// reset the new proxy command for mocking out the userland proxy in tests
+	portmapper.NewProxy = portmapper.NewMockProxyCommand
+}
+
 func findFreePort(t *testing.T) int {
 	l, err := net.Listen("tcp", ":0")
 	if err != nil {
@@ -61,46 +66,3 @@ func TestAllocatePortDetection(t *testing.T) {
 		t.Fatal("Duplicate port allocation granted by AllocatePort")
 	}
 }
-
-func TestAllocatePortReclaim(t *testing.T) {
-	eng := engine.New()
-	eng.Logging = false
-
-	freePort := findFreePort(t)
-
-	// Init driver
-	job := eng.Job("initdriver")
-	if res := InitDriver(job); res != engine.StatusOK {
-		t.Fatal("Failed to initialize network driver")
-	}
-
-	// Allocate interface
-	job = eng.Job("allocate_interface", "container_id")
-	if res := Allocate(job); res != engine.StatusOK {
-		t.Fatal("Failed to allocate network interface")
-	}
-
-	// Occupy port
-	listenAddr := fmt.Sprintf(":%d", freePort)
-	tcpListenAddr, err := net.ResolveTCPAddr("tcp", listenAddr)
-	if err != nil {
-		t.Fatalf("Failed to resolve TCP address '%s'", listenAddr)
-	}
-
-	l, err := net.ListenTCP("tcp", tcpListenAddr)
-	if err != nil {
-		t.Fatalf("Fail to listen on port %d", freePort)
-	}
-
-	// Allocate port, expect failure
-	job = newPortAllocationJob(eng, freePort)
-	if res := AllocatePort(job); res == engine.StatusOK {
-		t.Fatal("Successfully allocated currently used port")
-	}
-
-	// Reclaim port, retry allocation
-	l.Close()
-	if res := AllocatePort(job); res != engine.StatusOK {
-		t.Fatal("Failed to allocate previously reclaimed port")
-	}
-}
diff --git a/components/engine/daemon/networkdriver/portmapper/mapper.go b/components/engine/daemon/networkdriver/portmapper/mapper.go
index 41b19e2d41..a81596d458 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper.go
@@ -8,12 +8,11 @@ import (
 
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
 	"github.com/docker/docker/pkg/iptables"
-	"github.com/docker/docker/pkg/proxy"
 )
 
 type mapping struct {
 	proto         string
-	userlandProxy proxy.Proxy
+	userlandProxy UserlandProxy
 	host          net.Addr
 	container     net.Addr
 }
@@ -24,7 +23,8 @@ var (
 
 	// udp:ip:port
 	currentMappings = make(map[string]*mapping)
-	newProxy        = proxy.NewProxy
+
+	NewProxy = NewProxyCommand
 )
 
 var (
@@ -45,6 +45,7 @@ func Map(container net.Addr, hostIP net.IP, hostPort int) (host net.Addr, err er
 		m                 *mapping
 		proto             string
 		allocatedHostPort int
+		proxy             UserlandProxy
 	)
 
 	switch container.(type) {
@@ -53,21 +54,27 @@ func Map(container net.Addr, hostIP net.IP, hostPort int) (host net.Addr, err er
 		if allocatedHostPort, err = portallocator.RequestPort(hostIP, proto, hostPort); err != nil {
 			return nil, err
 		}
+
 		m = &mapping{
 			proto:     proto,
 			host:      &net.TCPAddr{IP: hostIP, Port: allocatedHostPort},
 			container: container,
 		}
+
+		proxy = NewProxy(proto, hostIP, allocatedHostPort, container.(*net.TCPAddr).IP, container.(*net.TCPAddr).Port)
 	case *net.UDPAddr:
 		proto = "udp"
 		if allocatedHostPort, err = portallocator.RequestPort(hostIP, proto, hostPort); err != nil {
 			return nil, err
 		}
+
 		m = &mapping{
 			proto:     proto,
 			host:      &net.UDPAddr{IP: hostIP, Port: allocatedHostPort},
 			container: container,
 		}
+
+		proxy = NewProxy(proto, hostIP, allocatedHostPort, container.(*net.UDPAddr).IP, container.(*net.UDPAddr).Port)
 	default:
 		return nil, ErrUnknownBackendAddressType
 	}
@@ -89,17 +96,15 @@ func Map(container net.Addr, hostIP net.IP, hostPort int) (host net.Addr, err er
 		return nil, err
 	}
 
-	p, err := newProxy(m.host, m.container)
-	if err != nil {
-		// need to undo the iptables rules before we return
-		forward(iptables.Delete, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
-		return nil, err
-	}
-
-	m.userlandProxy = p
+	m.userlandProxy = proxy
 	currentMappings[key] = m
 
-	go p.Run()
+	if err := proxy.Start(); err != nil {
+		// need to undo the iptables rules before we return
+		forward(iptables.Delete, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
+
+		return nil, err
+	}
 
 	return m.host, nil
 }
@@ -114,7 +119,8 @@ func Unmap(host net.Addr) error {
 		return ErrPortNotMapped
 	}
 
-	data.userlandProxy.Close()
+	data.userlandProxy.Stop()
+
 	delete(currentMappings, key)
 
 	containerIP, containerPort := getIPAndPort(data.container)
diff --git a/components/engine/daemon/networkdriver/portmapper/mapper_test.go b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
index 3965380d71..42e44a11df 100644
--- a/components/engine/daemon/networkdriver/portmapper/mapper_test.go
+++ b/components/engine/daemon/networkdriver/portmapper/mapper_test.go
@@ -6,12 +6,11 @@ import (
 
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
 	"github.com/docker/docker/pkg/iptables"
-	"github.com/docker/docker/pkg/proxy"
 )
 
 func init() {
 	// override this func to mock out the proxy server
-	newProxy = proxy.NewStubProxy
+	NewProxy = NewMockProxyCommand
 }
 
 func reset() {
diff --git a/components/engine/daemon/networkdriver/portmapper/mock_proxy.go b/components/engine/daemon/networkdriver/portmapper/mock_proxy.go
new file mode 100644
index 0000000000..253ce83112
--- /dev/null
+++ b/components/engine/daemon/networkdriver/portmapper/mock_proxy.go
@@ -0,0 +1,18 @@
+package portmapper
+
+import "net"
+
+func NewMockProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int) UserlandProxy {
+	return &mockProxyCommand{}
+}
+
+type mockProxyCommand struct {
+}
+
+func (p *mockProxyCommand) Start() error {
+	return nil
+}
+
+func (p *mockProxyCommand) Stop() error {
+	return nil
+}
diff --git a/components/engine/daemon/networkdriver/portmapper/proxy.go b/components/engine/daemon/networkdriver/portmapper/proxy.go
new file mode 100644
index 0000000000..b24723727b
--- /dev/null
+++ b/components/engine/daemon/networkdriver/portmapper/proxy.go
@@ -0,0 +1,119 @@
+package portmapper
+
+import (
+	"flag"
+	"log"
+	"net"
+	"os"
+	"os/exec"
+	"os/signal"
+	"strconv"
+	"syscall"
+
+	"github.com/docker/docker/pkg/proxy"
+	"github.com/docker/docker/reexec"
+)
+
+const userlandProxyCommandName = "docker-proxy"
+
+func init() {
+	reexec.Register(userlandProxyCommandName, execProxy)
+}
+
+type UserlandProxy interface {
+	Start() error
+	Stop() error
+}
+
+// proxyCommand wraps an exec.Cmd to run the userland TCP and UDP
+// proxies as separate processes.
+type proxyCommand struct {
+	cmd *exec.Cmd
+}
+
+// execProxy is the reexec function that is registered to start the userland proxies
+func execProxy() {
+	host, container := parseHostContainerAddrs()
+
+	p, err := proxy.NewProxy(host, container)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	go handleStopSignals(p)
+
+	// Run will block until the proxy stops
+	p.Run()
+}
+
+// parseHostContainerAddrs parses the flags passed on reexec to create the TCP or UDP
+// net.Addrs to map the host and container ports
+func parseHostContainerAddrs() (host net.Addr, container net.Addr) {
+	var (
+		proto         = flag.String("proto", "tcp", "proxy protocol")
+		hostIP        = flag.String("host-ip", "", "host ip")
+		hostPort      = flag.Int("host-port", -1, "host port")
+		containerIP   = flag.String("container-ip", "", "container ip")
+		containerPort = flag.Int("container-port", -1, "container port")
+	)
+
+	flag.Parse()
+
+	switch *proto {
+	case "tcp":
+		host = &net.TCPAddr{IP: net.ParseIP(*hostIP), Port: *hostPort}
+		container = &net.TCPAddr{IP: net.ParseIP(*containerIP), Port: *containerPort}
+	case "udp":
+		host = &net.UDPAddr{IP: net.ParseIP(*hostIP), Port: *hostPort}
+		container = &net.UDPAddr{IP: net.ParseIP(*containerIP), Port: *containerPort}
+	default:
+		log.Fatalf("unsupported protocol %s", *proto)
+	}
+
+	return host, container
+}
+
+func handleStopSignals(p proxy.Proxy) {
+	s := make(chan os.Signal, 10)
+	signal.Notify(s, os.Interrupt, syscall.SIGTERM, syscall.SIGSTOP)
+
+	for _ = range s {
+		p.Close()
+
+		os.Exit(0)
+	}
+}
+
+func NewProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int) UserlandProxy {
+	args := []string{
+		userlandProxyCommandName,
+		"-proto", proto,
+		"-host-ip", hostIP.String(),
+		"-host-port", strconv.Itoa(hostPort),
+		"-container-ip", containerIP.String(),
+		"-container-port", strconv.Itoa(containerPort),
+	}
+
+	return &proxyCommand{
+		cmd: &exec.Cmd{
+			Path:   reexec.Self(),
+			Args:   args,
+			Stdout: os.Stdout,
+			Stderr: os.Stderr,
+			SysProcAttr: &syscall.SysProcAttr{
+				Pdeathsig: syscall.SIGTERM, // send a sigterm to the proxy if the daemon process dies
+			},
+		},
+	}
+}
+
+func (p *proxyCommand) Start() error {
+	return p.cmd.Start()
+}
+
+func (p *proxyCommand) Stop() error {
+	err := p.cmd.Process.Signal(os.Interrupt)
+	p.cmd.Wait()
+
+	return err
+}

From ec374f92275868353f6e9bda057d670469bdf584 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sat, 9 Aug 2014 22:30:27 +0000
Subject: [PATCH 456/516] Move daemonconfig into daemon

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: a4befff533cf786df7a4da29798984ebb2268d8c
Component: engine
---
 components/engine/{daemonconfig => daemon}/config.go |  5 ++++-
 components/engine/daemon/daemon.go                   |  9 ++++-----
 components/engine/daemonconfig/README.md             |  3 ---
 components/engine/docker/daemon.go                   | 11 +++++------
 components/engine/integration/utils_test.go          | 12 +++++++-----
 5 files changed, 20 insertions(+), 20 deletions(-)
 rename components/engine/{daemonconfig => daemon}/config.go (84%)
 delete mode 100644 components/engine/daemonconfig/README.md

diff --git a/components/engine/daemonconfig/config.go b/components/engine/daemon/config.go
similarity index 84%
rename from components/engine/daemonconfig/config.go
rename to components/engine/daemon/config.go
index 13c2a5db5c..0f269da869 100644
--- a/components/engine/daemonconfig/config.go
+++ b/components/engine/daemon/config.go
@@ -1,4 +1,4 @@
-package daemonconfig
+package daemon
 
 import (
 	"github.com/docker/docker/daemon/networkdriver"
@@ -10,6 +10,9 @@ const (
 	DisableNetworkBridge = "none"
 )
 
+// Config define the configuration of a docker daemon
+//  These are the configuration settings that you pass
+// to the docker daemon when you launch it with say: `docker -d -e lxc`
 // FIXME: separate runtime configuration from http api configuration
 type Config struct {
 	Pidfile                     string
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index d65bad8b82..0a2ad4c315 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -21,7 +21,6 @@ import (
 	_ "github.com/docker/docker/daemon/graphdriver/vfs"
 	_ "github.com/docker/docker/daemon/networkdriver/bridge"
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
-	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/graph"
@@ -95,7 +94,7 @@ type Daemon struct {
 	sysInfo        *sysinfo.SysInfo
 	volumes        *graph.Graph
 	eng            *engine.Engine
-	config         *daemonconfig.Config
+	config         *Config
 	containerGraph *graphdb.Database
 	driver         graphdriver.Driver
 	execDriver     execdriver.Driver
@@ -664,7 +663,7 @@ func (daemon *Daemon) RegisterLinks(container *Container, hostConfig *runconfig.
 }
 
 // FIXME: harmonize with NewGraph()
-func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
+func NewDaemon(config *Config, eng *engine.Engine) (*Daemon, error) {
 	daemon, err := NewDaemonFromDirectory(config, eng)
 	if err != nil {
 		return nil, err
@@ -672,7 +671,7 @@ func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error)
 	return daemon, nil
 }
 
-func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
+func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error) {
 	// Claim the pidfile first, to avoid any and all unexpected race conditions.
 	// Some of the init doesn't need a pidfile lock - but let's not try to be smart.
 	if config.Pidfile != "" {
@@ -1010,7 +1009,7 @@ func (daemon *Daemon) Repositories() *graph.TagStore {
 	return daemon.repositories
 }
 
-func (daemon *Daemon) Config() *daemonconfig.Config {
+func (daemon *Daemon) Config() *Config {
 	return daemon.config
 }
 
diff --git a/components/engine/daemonconfig/README.md b/components/engine/daemonconfig/README.md
deleted file mode 100644
index b61df1449e..0000000000
--- a/components/engine/daemonconfig/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-This directory contains code pertaining to the configuration of the docker daemon
-
-These are the configuration settings that you pass to the docker daemon when you launch it with say: `docker -d -e lxc`
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 6a4d767733..2866f6990c 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -10,7 +10,6 @@ import (
 	"github.com/docker/docker/daemon"
 	_ "github.com/docker/docker/daemon/execdriver/lxc"
 	_ "github.com/docker/docker/daemon/execdriver/native"
-	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
 	flag "github.com/docker/docker/pkg/mflag"
@@ -48,8 +47,8 @@ func mainDaemon() {
 	// the http api so that connections don't fail while the daemon
 	// is booting
 	go func() {
-		// FIXME: daemonconfig and CLI flag parsing should be directly integrated
-		cfg := &daemonconfig.Config{
+		// FIXME: daemon config and CLI flag parsing should be directly integrated
+		cfg := &daemon.Config{
 			Pidfile:                     *pidfile,
 			Root:                        *flRoot,
 			AutoRestart:                 *flAutoRestart,
@@ -68,12 +67,12 @@ func mainDaemon() {
 			Mtu:                         *flMtu,
 			Sockets:                     flHosts.GetAll(),
 		}
-		// FIXME this should be initialized in NewDaemon or somewhere in daemonconfig.
+		// FIXME this should be initialized in NewDaemon or somewhere in daemon.
 		// Currently it is copy-pasted in `integration` to create test daemons that work.
 		if cfg.Mtu == 0 {
-			cfg.Mtu = daemonconfig.GetDefaultNetworkMtu()
+			cfg.Mtu = daemon.GetDefaultNetworkMtu()
 		}
-		cfg.DisableNetwork = cfg.BridgeIface == daemonconfig.DisableNetworkBridge
+		cfg.DisableNetwork = cfg.BridgeIface == daemon.DisableNetworkBridge
 
 		d, err := daemon.NewDaemon(cfg, eng)
 		if err != nil {
diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go
index 29741465a8..a7f3f999e2 100644
--- a/components/engine/integration/utils_test.go
+++ b/components/engine/integration/utils_test.go
@@ -17,7 +17,6 @@ import (
 
 	"github.com/docker/docker/builtins"
 	"github.com/docker/docker/daemon"
-	"github.com/docker/docker/daemonconfig"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
@@ -179,17 +178,20 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin
 	// Load default plugins
 	builtins.Register(eng)
 	// (This is manually copied and modified from main() until we have a more generic plugin system)
-	cfg := &daemonconfig.Config{
+	cfg := &daemon.Config{
 		Root:        root,
 		AutoRestart: autorestart,
 		ExecDriver:  "native",
+		// Either InterContainerCommunication or EnableIptables must be set,
+		// otherwise NewDaemon will fail because of conflicting settings.
+		InterContainerCommunication: true,
 	}
-	// FIXME: this should be initialized in NewDaemon or somewhere in daemonconfig.
+	// FIXME: this should be initialized in NewDaemon
 	// Currently it is copy-pasted from daemonMain()
 	if cfg.Mtu == 0 {
-		cfg.Mtu = daemonconfig.GetDefaultNetworkMtu()
+		cfg.Mtu = daemon.GetDefaultNetworkMtu()
 	}
-	cfg.DisableNetwork = cfg.BridgeIface == daemonconfig.DisableNetworkBridge
+	cfg.DisableNetwork = cfg.BridgeIface == daemon.DisableNetworkBridge
 	d, err := daemon.NewDaemon(cfg, eng)
 	if err != nil {
 		t.Fatal(err)

From a2a8fb8a100b4229884e74c6a3b8053fcf86b3cd Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 01:12:52 +0000
Subject: [PATCH 457/516] opts.IpOpt: a helper to parse IP addressed from the
 command line

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 6d59a566759da5729d7eb89a8e1888fc612f03cf
Component: engine
---
 components/engine/opts/ip.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 components/engine/opts/ip.go

diff --git a/components/engine/opts/ip.go b/components/engine/opts/ip.go
new file mode 100644
index 0000000000..3610b14538
--- /dev/null
+++ b/components/engine/opts/ip.go
@@ -0,0 +1,28 @@
+package opts
+
+import (
+	"net"
+)
+
+type IpOpt struct {
+	*net.IP
+}
+
+func NewIpOpt(ref *net.IP, defaultVal string) *IpOpt {
+	o := &IpOpt{
+		IP: ref,
+	}
+	o.Set(defaultVal)
+	return o
+}
+
+func (o *IpOpt) Set(val string) error {
+	// FIXME: return a parse error if the value is not a valid IP?
+	// We are not changing this now to preserve behavior while refactoring.
+	(*o.IP) = net.ParseIP(val)
+	return nil
+}
+
+func (o *IpOpt) String() string {
+	return (*o.IP).String()
+}

From 14291aae786ab5d43581501bdd9fe26f26529b43 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 13 Aug 2014 12:18:23 -0700
Subject: [PATCH 458/516] Exit after receiving SIGTERM

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: cdf8a55670793a135a53549c5e1877c33a66be0c
Component: engine
---
 components/engine/pkg/signal/trap.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/pkg/signal/trap.go b/components/engine/pkg/signal/trap.go
index 0f44481c2f..cbdfd1ff17 100644
--- a/components/engine/pkg/signal/trap.go
+++ b/components/engine/pkg/signal/trap.go
@@ -38,6 +38,7 @@ func Trap(cleanup func()) {
 						if atomic.LoadUint32(&interruptCount) == 1 {
 							// Call cleanup handler
 							cleanup()
+							os.Exit(0)
 						} else {
 							return
 						}

From 8bd8c43b798cdf9a70b0636f1bb0d25d28bc2186 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 01:13:44 +0000
Subject: [PATCH 459/516] Helpers to parse lists, IPs, hosts, dns searches from
 the command line

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 6200002669874f3314856527fecd0c004060913c
Component: engine
---
 components/engine/api/client/commands.go |  4 +-
 components/engine/docker/flags.go        |  2 +-
 components/engine/opts/opts.go           | 48 +++++++++++++++++++-----
 components/engine/opts/opts_test.go      |  6 +++
 components/engine/runconfig/parse.go     | 14 +++----
 5 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 1d6ff1668e..e4c1808f1c 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -1254,7 +1254,7 @@ func (cli *DockerCli) CmdImages(args ...string) error {
 	flViz := cmd.Bool([]string{"#v", "#viz", "#-viz"}, false, "Output graph in graphviz format")
 	flTree := cmd.Bool([]string{"#t", "#tree", "#-tree"}, false, "Output graph in tree format")
 
-	var flFilter opts.ListOpts
+	flFilter := opts.NewListOpts(nil)
 	cmd.Var(&flFilter, []string{"f", "-filter"}, "Provide filter values (i.e. 'dangling=true')")
 
 	if err := cmd.Parse(args); err != nil {
@@ -1487,7 +1487,7 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 	before := cmd.String([]string{"#beforeId", "#-before-id", "-before"}, "", "Show only container created before Id or Name, include non-running ones.")
 	last := cmd.Int([]string{"n"}, -1, "Show n last created containers, include non-running ones.")
 
-	var flFilter opts.ListOpts
+	flFilter := opts.NewListOpts(nil)
 	cmd.Var(&flFilter, []string{"f", "-filter"}, "Provide filter values. Valid filters:\nexited=<int> - containers with exit code of <int>")
 
 	if err := cmd.Parse(args); err != nil {
diff --git a/components/engine/docker/flags.go b/components/engine/docker/flags.go
index 6740db5ceb..533f48aa9e 100644
--- a/components/engine/docker/flags.go
+++ b/components/engine/docker/flags.go
@@ -22,7 +22,7 @@ func init() {
 var (
 	flVersion            = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
 	flDaemon             = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
-	flGraphOpts          opts.ListOpts
+	flGraphOpts          = opts.NewListOpts(nil)
 	flDebug              = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
 	flAutoRestart        = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers")
 	bridgeName           = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking")
diff --git a/components/engine/opts/opts.go b/components/engine/opts/opts.go
index bfee2ad217..65806f3698 100644
--- a/components/engine/opts/opts.go
+++ b/components/engine/opts/opts.go
@@ -8,23 +8,51 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/docker/docker/api"
+	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/pkg/parsers"
 )
 
+func ListVar(values *[]string, names []string, usage string) {
+	flag.Var(newListOptsRef(values, nil), names, usage)
+}
+
+func HostListVar(values *[]string, names []string, usage string) {
+	flag.Var(newListOptsRef(values, api.ValidateHost), names, usage)
+}
+
+func IPListVar(values *[]string, names []string, usage string) {
+	flag.Var(newListOptsRef(values, ValidateIPAddress), names, usage)
+}
+
+func DnsSearchListVar(values *[]string, names []string, usage string) {
+	flag.Var(newListOptsRef(values, ValidateDnsSearch), names, usage)
+}
+
+func IPVar(value *net.IP, names []string, defaultValue, usage string) {
+	flag.Var(NewIpOpt(value, defaultValue), names, usage)
+}
+
 // ListOpts type
 type ListOpts struct {
-	values    []string
+	values    *[]string
 	validator ValidatorFctType
 }
 
 func NewListOpts(validator ValidatorFctType) ListOpts {
-	return ListOpts{
+	var values []string
+	return *newListOptsRef(&values, validator)
+}
+
+func newListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {
+	return &ListOpts{
+		values:    values,
 		validator: validator,
 	}
 }
 
 func (opts *ListOpts) String() string {
-	return fmt.Sprintf("%v", []string(opts.values))
+	return fmt.Sprintf("%v", []string((*opts.values)))
 }
 
 // Set validates if needed the input value and add it to the
@@ -37,15 +65,15 @@ func (opts *ListOpts) Set(value string) error {
 		}
 		value = v
 	}
-	opts.values = append(opts.values, value)
+	(*opts.values) = append((*opts.values), value)
 	return nil
 }
 
 // Delete remove the given element from the slice.
 func (opts *ListOpts) Delete(key string) {
-	for i, k := range opts.values {
+	for i, k := range *opts.values {
 		if k == key {
-			opts.values = append(opts.values[:i], opts.values[i+1:]...)
+			(*opts.values) = append((*opts.values)[:i], (*opts.values)[i+1:]...)
 			return
 		}
 	}
@@ -56,7 +84,7 @@ func (opts *ListOpts) Delete(key string) {
 // FIXME: can we remove this?
 func (opts *ListOpts) GetMap() map[string]struct{} {
 	ret := make(map[string]struct{})
-	for _, k := range opts.values {
+	for _, k := range *opts.values {
 		ret[k] = struct{}{}
 	}
 	return ret
@@ -65,12 +93,12 @@ func (opts *ListOpts) GetMap() map[string]struct{} {
 // GetAll returns the values' slice.
 // FIXME: Can we remove this?
 func (opts *ListOpts) GetAll() []string {
-	return opts.values
+	return (*opts.values)
 }
 
 // Get checks the existence of the given key.
 func (opts *ListOpts) Get(key string) bool {
-	for _, k := range opts.values {
+	for _, k := range *opts.values {
 		if k == key {
 			return true
 		}
@@ -80,7 +108,7 @@ func (opts *ListOpts) Get(key string) bool {
 
 // Len returns the amount of element in the slice.
 func (opts *ListOpts) Len() int {
-	return len(opts.values)
+	return len((*opts.values))
 }
 
 // Validators
diff --git a/components/engine/opts/opts_test.go b/components/engine/opts/opts_test.go
index 9494e27a75..09b5aa780b 100644
--- a/components/engine/opts/opts_test.go
+++ b/components/engine/opts/opts_test.go
@@ -27,6 +27,12 @@ func TestValidateIPAddress(t *testing.T) {
 
 }
 
+func TestListOpts(t *testing.T) {
+	o := NewListOpts(nil)
+	o.Set("foo")
+	o.String()
+}
+
 func TestValidateDnsSearch(t *testing.T) {
 	valid := []string{
 		`.`,
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 741c7469ca..96c36dd394 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -45,15 +45,15 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flEnv     = opts.NewListOpts(opts.ValidateEnv)
 		flDevices = opts.NewListOpts(opts.ValidatePath)
 
-		flPublish     opts.ListOpts
-		flExpose      opts.ListOpts
+		flPublish     = opts.NewListOpts(nil)
+		flExpose      = opts.NewListOpts(nil)
 		flDns         = opts.NewListOpts(opts.ValidateIPAddress)
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDnsSearch)
-		flVolumesFrom opts.ListOpts
-		flLxcOpts     opts.ListOpts
-		flEnvFile     opts.ListOpts
-		flCapAdd      opts.ListOpts
-		flCapDrop     opts.ListOpts
+		flVolumesFrom = opts.NewListOpts(nil)
+		flLxcOpts     = opts.NewListOpts(nil)
+		flEnvFile     = opts.NewListOpts(nil)
+		flCapAdd      = opts.NewListOpts(nil)
+		flCapDrop     = opts.NewListOpts(nil)
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: run container in the background and print new container ID")

From 9a4f8cadf4386dc5819682643075c85aeab3b888 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 01:18:32 +0000
Subject: [PATCH 460/516] Parse daemon configuration in
 daemon.Config.InstallFlags instead of main

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 353b7c8ec77b30fa83dac5ec0778193f6de8b437
Component: engine
---
 components/engine/daemon/config.go          | 32 +++++++++++-
 components/engine/daemon/daemon.go          |  8 +++
 components/engine/docker/daemon.go          | 56 ++++++++-------------
 components/engine/docker/docker.go          | 10 ++--
 components/engine/docker/flags.go           | 38 +++-----------
 components/engine/integration/utils_test.go |  6 ---
 6 files changed, 70 insertions(+), 80 deletions(-)

diff --git a/components/engine/daemon/config.go b/components/engine/daemon/config.go
index 0f269da869..9de5f3e185 100644
--- a/components/engine/daemon/config.go
+++ b/components/engine/daemon/config.go
@@ -1,8 +1,11 @@
 package daemon
 
 import (
-	"github.com/docker/docker/daemon/networkdriver"
 	"net"
+
+	"github.com/docker/docker/daemon/networkdriver"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
 )
 
 const (
@@ -11,7 +14,7 @@ const (
 )
 
 // Config define the configuration of a docker daemon
-//  These are the configuration settings that you pass
+// These are the configuration settings that you pass
 // to the docker daemon when you launch it with say: `docker -d -e lxc`
 // FIXME: separate runtime configuration from http api configuration
 type Config struct {
@@ -36,6 +39,31 @@ type Config struct {
 	Sockets                     []string
 }
 
+// InstallFlags adds command-line options to the top-level flag parser for
+// the current process.
+// Subsequent calls to `flag.Parse` will populate config with values parsed
+// from the command-line.
+func (config *Config) InstallFlags() {
+	flag.StringVar(&config.Pidfile, []string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
+	flag.StringVar(&config.Root, []string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
+	flag.BoolVar(&config.AutoRestart, []string{"r", "-restart"}, true, "Restart previously running containers")
+	flag.BoolVar(&config.EnableIptables, []string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
+	flag.BoolVar(&config.EnableIpForward, []string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
+	flag.StringVar(&config.BridgeIP, []string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
+	flag.StringVar(&config.BridgeIface, []string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking")
+	flag.BoolVar(&config.InterContainerCommunication, []string{"#icc", "-icc"}, true, "Enable inter-container communication")
+	flag.StringVar(&config.GraphDriver, []string{"s", "-storage-driver"}, "", "Force the Docker runtime to use a specific storage driver")
+	flag.StringVar(&config.ExecDriver, []string{"e", "-exec-driver"}, "native", "Force the Docker runtime to use a specific exec driver")
+	flag.BoolVar(&config.EnableSelinuxSupport, []string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
+	flag.IntVar(&config.Mtu, []string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available")
+	opts.IPVar(&config.DefaultIp, []string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
+	opts.ListVar(&config.GraphOptions, []string{"-storage-opt"}, "Set storage driver options")
+	// FIXME: why the inconsistency between "hosts" and "sockets"?
+	opts.HostListVar(&config.Sockets, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
+	opts.IPListVar(&config.Dns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
+	opts.DnsSearchListVar(&config.DnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
+}
+
 func GetDefaultNetworkMtu() int {
 	if iface, err := networkdriver.GetDefaultRouteIface(); err == nil {
 		return iface.MTU
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0a2ad4c315..7328e8fb26 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -672,6 +672,14 @@ func NewDaemon(config *Config, eng *engine.Engine) (*Daemon, error) {
 }
 
 func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error) {
+	// Apply configuration defaults
+	if config.Mtu == 0 {
+		// FIXME: GetDefaultNetwork Mtu doesn't need to be public anymore
+		config.Mtu = GetDefaultNetworkMtu()
+	}
+	// FIXME: DisableNetworkBidge doesn't need to be public anymore
+	config.DisableNetwork = config.BridgeIface == DisableNetworkBridge
+
 	// Claim the pidfile first, to avoid any and all unexpected race conditions.
 	// Some of the init doesn't need a pidfile lock - but let's not try to be smart.
 	if config.Pidfile != "" {
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 2866f6990c..6bff0109d2 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -4,7 +4,6 @@ package main
 
 import (
 	"log"
-	"net"
 
 	"github.com/docker/docker/builtins"
 	"github.com/docker/docker/daemon"
@@ -18,22 +17,32 @@ import (
 
 const CanDaemon = true
 
+var (
+	daemonCfg = &daemon.Config{}
+)
+
+func init() {
+	daemonCfg.InstallFlags()
+}
+
 func mainDaemon() {
 	if flag.NArg() != 0 {
 		flag.Usage()
 		return
 	}
 
-	if *bridgeName != "" && *bridgeIp != "" {
+	// FIXME: validate daemon.Config values in a method of daemon.Config
+	if daemonCfg.BridgeIface != "" && daemonCfg.BridgeIP != "" {
 		log.Fatal("You specified -b & --bip, mutually exclusive options. Please specify only one.")
 	}
 
-	if !*flEnableIptables && !*flInterContainerComm {
+	if !daemonCfg.EnableIptables && !daemonCfg.InterContainerCommunication {
 		log.Fatal("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
 	}
 
-	if net.ParseIP(*flDefaultIp) == nil {
-		log.Fatalf("Specified --ip=%s is not in correct format \"0.0.0.0\".", *flDefaultIp)
+	// FIXME: move this validation to opts.IpOpt
+	if daemonCfg.DefaultIp == nil {
+		log.Fatalf("Specified --ip is not in correct format \"0.0.0.0\".")
 	}
 
 	eng := engine.New()
@@ -47,34 +56,7 @@ func mainDaemon() {
 	// the http api so that connections don't fail while the daemon
 	// is booting
 	go func() {
-		// FIXME: daemon config and CLI flag parsing should be directly integrated
-		cfg := &daemon.Config{
-			Pidfile:                     *pidfile,
-			Root:                        *flRoot,
-			AutoRestart:                 *flAutoRestart,
-			EnableIptables:              *flEnableIptables,
-			EnableIpForward:             *flEnableIpForward,
-			BridgeIP:                    *bridgeIp,
-			BridgeIface:                 *bridgeName,
-			DefaultIp:                   net.ParseIP(*flDefaultIp),
-			InterContainerCommunication: *flInterContainerComm,
-			GraphDriver:                 *flGraphDriver,
-			ExecDriver:                  *flExecDriver,
-			EnableSelinuxSupport:        *flSelinuxEnabled,
-			GraphOptions:                flGraphOpts.GetAll(),
-			Dns:                         flDns.GetAll(),
-			DnsSearch:                   flDnsSearch.GetAll(),
-			Mtu:                         *flMtu,
-			Sockets:                     flHosts.GetAll(),
-		}
-		// FIXME this should be initialized in NewDaemon or somewhere in daemon.
-		// Currently it is copy-pasted in `integration` to create test daemons that work.
-		if cfg.Mtu == 0 {
-			cfg.Mtu = daemon.GetDefaultNetworkMtu()
-		}
-		cfg.DisableNetwork = cfg.BridgeIface == daemon.DisableNetworkBridge
-
-		d, err := daemon.NewDaemon(cfg, eng)
+		d, err := daemon.NewDaemon(daemonCfg, eng)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -91,11 +73,13 @@ func mainDaemon() {
 	log.Printf("docker daemon: %s %s; execdriver: %s; graphdriver: %s",
 		dockerversion.VERSION,
 		dockerversion.GITCOMMIT,
-		*flExecDriver,
-		*flGraphDriver)
+		daemonCfg.ExecDriver,
+		daemonCfg.GraphDriver,
+	)
 
 	// Serve api
-	job := eng.Job("serveapi", flHosts.GetAll()...)
+	// FIXME: 'Sockets' should not be part of daemon.Config
+	job := eng.Job("serveapi", daemonCfg.Sockets...)
 	job.SetenvBool("Logging", true)
 	job.SetenvBool("EnableCors", *flEnableCors)
 	job.Setenv("Version", dockerversion.VERSION)
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 49053bf87b..2cd8165733 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -27,8 +27,8 @@ func main() {
 	if reexec.Init() {
 		return
 	}
-
 	flag.Parse()
+	// FIXME: validate daemon flags here
 
 	if *flVersion {
 		showVersion()
@@ -38,7 +38,7 @@ func main() {
 		os.Setenv("DEBUG", "1")
 	}
 
-	if flHosts.Len() == 0 {
+	if len(daemonCfg.Sockets) == 0 {
 		defaultHost := os.Getenv("DOCKER_HOST")
 		if defaultHost == "" || *flDaemon {
 			// If we do not have a host, default to unix socket
@@ -47,7 +47,7 @@ func main() {
 		if _, err := api.ValidateHost(defaultHost); err != nil {
 			log.Fatal(err)
 		}
-		flHosts.Set(defaultHost)
+		daemonCfg.Sockets = append(daemonCfg.Sockets, defaultHost)
 	}
 
 	if *flDaemon {
@@ -55,10 +55,10 @@ func main() {
 		return
 	}
 
-	if flHosts.Len() > 1 {
+	if len(daemonCfg.Sockets) > 1 {
 		log.Fatal("Please specify only one -H")
 	}
-	protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
+	protoAddrParts := strings.SplitN(daemonCfg.Sockets[0], "://", 2)
 
 	var (
 		cli       *client.DockerCli
diff --git a/components/engine/docker/flags.go b/components/engine/docker/flags.go
index 533f48aa9e..cb22751042 100644
--- a/components/engine/docker/flags.go
+++ b/components/engine/docker/flags.go
@@ -4,8 +4,6 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
 )
 
@@ -20,30 +18,13 @@ func init() {
 }
 
 var (
-	flVersion            = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
-	flDaemon             = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
-	flGraphOpts          = opts.NewListOpts(nil)
-	flDebug              = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
-	flAutoRestart        = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers")
-	bridgeName           = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking")
-	bridgeIp             = flag.String([]string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
-	pidfile              = flag.String([]string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
-	flRoot               = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
-	flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
-	flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
-	flDns                = opts.NewListOpts(opts.ValidateIPAddress)
-	flDnsSearch          = opts.NewListOpts(opts.ValidateDnsSearch)
-	flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
-	flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
-	flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
-	flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
-	flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the Docker runtime to use a specific storage driver")
-	flExecDriver         = flag.String([]string{"e", "-exec-driver"}, "native", "Force the Docker runtime to use a specific exec driver")
-	flHosts              = opts.NewListOpts(api.ValidateHost)
-	flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available")
-	flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
-	flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
-	flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
+	flVersion     = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
+	flDaemon      = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode")
+	flDebug       = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
+	flSocketGroup = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group")
+	flEnableCors  = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
+	flTls         = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
+	flTlsVerify   = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
 
 	// these are initialized in init() below since their default values depend on dockerCertPath which isn't fully initialized until init() runs
 	flCa   *string
@@ -55,9 +36,4 @@ func init() {
 	flCa = flag.String([]string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
 	flCert = flag.String([]string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file")
 	flKey = flag.String([]string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file")
-
-	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
-	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
-	flag.Var(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
-	flag.Var(&flGraphOpts, []string{"-storage-opt"}, "Set storage driver options")
 }
diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go
index a7f3f999e2..b070288533 100644
--- a/components/engine/integration/utils_test.go
+++ b/components/engine/integration/utils_test.go
@@ -186,12 +186,6 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin
 		// otherwise NewDaemon will fail because of conflicting settings.
 		InterContainerCommunication: true,
 	}
-	// FIXME: this should be initialized in NewDaemon
-	// Currently it is copy-pasted from daemonMain()
-	if cfg.Mtu == 0 {
-		cfg.Mtu = daemon.GetDefaultNetworkMtu()
-	}
-	cfg.DisableNetwork = cfg.BridgeIface == daemon.DisableNetworkBridge
 	d, err := daemon.NewDaemon(cfg, eng)
 	if err != nil {
 		t.Fatal(err)

From 13ed6ae5e41723d72d440f2b4bbc207f4bb9e2e3 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 03:50:46 +0000
Subject: [PATCH 461/516] opts.IPVal returns an error on incorrect input

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: ca11b77471bd3a99b4dbc44b716675ba8174306c
Component: engine
---
 components/engine/docker/daemon.go | 6 ------
 components/engine/opts/ip.go       | 7 +++++--
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 6bff0109d2..089eae5464 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -39,12 +39,6 @@ func mainDaemon() {
 	if !daemonCfg.EnableIptables && !daemonCfg.InterContainerCommunication {
 		log.Fatal("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
 	}
-
-	// FIXME: move this validation to opts.IpOpt
-	if daemonCfg.DefaultIp == nil {
-		log.Fatalf("Specified --ip is not in correct format \"0.0.0.0\".")
-	}
-
 	eng := engine.New()
 	signal.Trap(eng.Shutdown)
 	// Load builtins
diff --git a/components/engine/opts/ip.go b/components/engine/opts/ip.go
index 3610b14538..f0c29750bc 100644
--- a/components/engine/opts/ip.go
+++ b/components/engine/opts/ip.go
@@ -1,6 +1,7 @@
 package opts
 
 import (
+	"fmt"
 	"net"
 )
 
@@ -17,8 +18,10 @@ func NewIpOpt(ref *net.IP, defaultVal string) *IpOpt {
 }
 
 func (o *IpOpt) Set(val string) error {
-	// FIXME: return a parse error if the value is not a valid IP?
-	// We are not changing this now to preserve behavior while refactoring.
+	ip := net.ParseIP(val)
+	if ip == nil {
+		return fmt.Errorf("incorrect IP format")
+	}
 	(*o.IP) = net.ParseIP(val)
 	return nil
 }

From 506b7bed3d80eeb4d66d270d284f98c3d29fd1a4 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Sun, 10 Aug 2014 03:58:19 +0000
Subject: [PATCH 462/516] Check for conflicting daemon config options in
 NewDaemon

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 1eba59eb249b14a0499a52495be2c27b5afc4749
Component: engine
---
 components/engine/daemon/daemon.go | 7 +++++++
 components/engine/docker/daemon.go | 9 ---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 7328e8fb26..f68197b2f6 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -677,6 +677,13 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 		// FIXME: GetDefaultNetwork Mtu doesn't need to be public anymore
 		config.Mtu = GetDefaultNetworkMtu()
 	}
+	// Check for mutually incompatible config options
+	if config.BridgeIface != "" && config.BridgeIP != "" {
+		return nil, fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one.")
+	}
+	if !config.EnableIptables && !config.InterContainerCommunication {
+		return nil, fmt.Errorf("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
+	}
 	// FIXME: DisableNetworkBidge doesn't need to be public anymore
 	config.DisableNetwork = config.BridgeIface == DisableNetworkBridge
 
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 089eae5464..948412ea86 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -30,15 +30,6 @@ func mainDaemon() {
 		flag.Usage()
 		return
 	}
-
-	// FIXME: validate daemon.Config values in a method of daemon.Config
-	if daemonCfg.BridgeIface != "" && daemonCfg.BridgeIP != "" {
-		log.Fatal("You specified -b & --bip, mutually exclusive options. Please specify only one.")
-	}
-
-	if !daemonCfg.EnableIptables && !daemonCfg.InterContainerCommunication {
-		log.Fatal("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
-	}
 	eng := engine.New()
 	signal.Trap(eng.Shutdown)
 	// Load builtins

From fc0d245526fbac4d3ab38b4943ea98076b7b40f5 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Mon, 11 Aug 2014 22:30:01 +0000
Subject: [PATCH 463/516] Move remote API config out of daemon/

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 1d10c55aec891df609d36c90ee6c30adb24c16c4
Component: engine
---
 components/engine/api/client/commands.go                 | 3 ---
 components/engine/daemon/config.go                       | 2 --
 components/engine/daemon/daemon.go                       | 2 --
 components/engine/daemon/info.go                         | 1 -
 components/engine/docker/daemon.go                       | 3 +--
 components/engine/docker/docker.go                       | 8 ++++----
 components/engine/docker/flags.go                        | 9 ++++++---
 .../sources/reference/api/docker_remote_api_v1.13.md     | 1 -
 .../sources/reference/api/docker_remote_api_v1.14.md     | 1 -
 .../engine/docs/sources/reference/commandline/cli.md     | 1 -
 10 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index e4c1808f1c..99856ee5eb 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -505,9 +505,6 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 		if initPath := remoteInfo.Get("InitPath"); initPath != "" {
 			fmt.Fprintf(cli.out, "Init Path: %s\n", initPath)
 		}
-		if len(remoteInfo.GetList("Sockets")) != 0 {
-			fmt.Fprintf(cli.out, "Sockets: %v\n", remoteInfo.GetList("Sockets"))
-		}
 	}
 
 	if len(remoteInfo.GetList("IndexServerAddress")) != 0 {
diff --git a/components/engine/daemon/config.go b/components/engine/daemon/config.go
index 9de5f3e185..5d0ea6ac12 100644
--- a/components/engine/daemon/config.go
+++ b/components/engine/daemon/config.go
@@ -36,7 +36,6 @@ type Config struct {
 	DisableNetwork              bool
 	EnableSelinuxSupport        bool
 	Context                     map[string][]string
-	Sockets                     []string
 }
 
 // InstallFlags adds command-line options to the top-level flag parser for
@@ -59,7 +58,6 @@ func (config *Config) InstallFlags() {
 	opts.IPVar(&config.DefaultIp, []string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
 	opts.ListVar(&config.GraphOptions, []string{"-storage-opt"}, "Set storage driver options")
 	// FIXME: why the inconsistency between "hosts" and "sockets"?
-	opts.HostListVar(&config.Sockets, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
 	opts.IPListVar(&config.Dns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
 	opts.DnsSearchListVar(&config.DnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
 }
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index f68197b2f6..540ee7d985 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -98,7 +98,6 @@ type Daemon struct {
 	containerGraph *graphdb.Database
 	driver         graphdriver.Driver
 	execDriver     execdriver.Driver
-	Sockets        []string
 }
 
 // Install installs daemon capabilities to eng.
@@ -851,7 +850,6 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 		sysInitPath:    sysInitPath,
 		execDriver:     ed,
 		eng:            eng,
-		Sockets:        config.Sockets,
 	}
 	if err := daemon.checkLocaldns(); err != nil {
 		return nil, err
diff --git a/components/engine/daemon/info.go b/components/engine/daemon/info.go
index 215d82acdc..d028a8341f 100644
--- a/components/engine/daemon/info.go
+++ b/components/engine/daemon/info.go
@@ -66,7 +66,6 @@ func (daemon *Daemon) CmdInfo(job *engine.Job) engine.Status {
 	v.Set("IndexServerAddress", registry.IndexServerAddress())
 	v.Set("InitSha1", dockerversion.INITSHA1)
 	v.Set("InitPath", initPath)
-	v.SetList("Sockets", daemon.Sockets)
 	if _, err := v.WriteTo(job.Stdout); err != nil {
 		return job.Error(err)
 	}
diff --git a/components/engine/docker/daemon.go b/components/engine/docker/daemon.go
index 948412ea86..dc9d56d1d9 100644
--- a/components/engine/docker/daemon.go
+++ b/components/engine/docker/daemon.go
@@ -63,8 +63,7 @@ func mainDaemon() {
 	)
 
 	// Serve api
-	// FIXME: 'Sockets' should not be part of daemon.Config
-	job := eng.Job("serveapi", daemonCfg.Sockets...)
+	job := eng.Job("serveapi", flHosts...)
 	job.SetenvBool("Logging", true)
 	job.SetenvBool("EnableCors", *flEnableCors)
 	job.Setenv("Version", dockerversion.VERSION)
diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go
index 2cd8165733..f2b4ca90b1 100644
--- a/components/engine/docker/docker.go
+++ b/components/engine/docker/docker.go
@@ -38,7 +38,7 @@ func main() {
 		os.Setenv("DEBUG", "1")
 	}
 
-	if len(daemonCfg.Sockets) == 0 {
+	if len(flHosts) == 0 {
 		defaultHost := os.Getenv("DOCKER_HOST")
 		if defaultHost == "" || *flDaemon {
 			// If we do not have a host, default to unix socket
@@ -47,7 +47,7 @@ func main() {
 		if _, err := api.ValidateHost(defaultHost); err != nil {
 			log.Fatal(err)
 		}
-		daemonCfg.Sockets = append(daemonCfg.Sockets, defaultHost)
+		flHosts = append(flHosts, defaultHost)
 	}
 
 	if *flDaemon {
@@ -55,10 +55,10 @@ func main() {
 		return
 	}
 
-	if len(daemonCfg.Sockets) > 1 {
+	if len(flHosts) > 1 {
 		log.Fatal("Please specify only one -H")
 	}
-	protoAddrParts := strings.SplitN(daemonCfg.Sockets[0], "://", 2)
+	protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
 
 	var (
 		cli       *client.DockerCli
diff --git a/components/engine/docker/flags.go b/components/engine/docker/flags.go
index cb22751042..baae40eafc 100644
--- a/components/engine/docker/flags.go
+++ b/components/engine/docker/flags.go
@@ -4,6 +4,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/docker/docker/opts"
 	flag "github.com/docker/docker/pkg/mflag"
 )
 
@@ -27,13 +28,15 @@ var (
 	flTlsVerify   = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
 
 	// these are initialized in init() below since their default values depend on dockerCertPath which isn't fully initialized until init() runs
-	flCa   *string
-	flCert *string
-	flKey  *string
+	flCa    *string
+	flCert  *string
+	flKey   *string
+	flHosts []string
 )
 
 func init() {
 	flCa = flag.String([]string{"-tlscacert"}, filepath.Join(dockerCertPath, defaultCaFile), "Trust only remotes providing a certificate signed by the CA given here")
 	flCert = flag.String([]string{"-tlscert"}, filepath.Join(dockerCertPath, defaultCertFile), "Path to TLS certificate file")
 	flKey = flag.String([]string{"-tlskey"}, filepath.Join(dockerCertPath, defaultKeyFile), "Path to TLS key file")
+	opts.HostListVar(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.")
 }
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
index cf21aefb00..d782391476 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.13.md
@@ -1170,7 +1170,6 @@ Display system-wide information
              "NGoroutines":21,
              "NEventsListener":0,
              "InitPath":"/usr/bin/docker",
-             "Sockets":["unix:///var/run/docker.sock"],
              "IndexServerAddress":["https://index.docker.io/v1/"],
              "MemoryLimit":true,
              "SwapLimit":false,
diff --git a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
index e411c8c6ef..9a9c36e54b 100644
--- a/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
+++ b/components/engine/docs/sources/reference/api/docker_remote_api_v1.14.md
@@ -1174,7 +1174,6 @@ Display system-wide information
              "NGoroutines":21,
              "NEventsListener":0,
              "InitPath":"/usr/bin/docker",
-             "Sockets":["unix:///var/run/docker.sock"],
              "IndexServerAddress":["https://index.docker.io/v1/"],
              "MemoryLimit":true,
              "SwapLimit":false,
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 311fc849e9..5e6107cfaa 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -616,7 +616,6 @@ For example:
     Goroutines: 9
     EventsListeners: 0
     Init Path: /usr/bin/docker
-    Sockets: [unix:///var/run/docker.sock]
     Username: svendowideit
     Registry: [https://index.docker.io/v1/]
 

From 1c51cd61252d3c3b9d85cf16727ef7c825aba998 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 13 Aug 2014 06:45:40 +0000
Subject: [PATCH 464/516] Fix inconsistency in IP address parsing errors

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: a30fd7a962f8486df0d0dbd3334c7621d22c1aec
Component: engine
---
 components/engine/opts/ip.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/opts/ip.go b/components/engine/opts/ip.go
index f0c29750bc..f8a493e68a 100644
--- a/components/engine/opts/ip.go
+++ b/components/engine/opts/ip.go
@@ -20,7 +20,7 @@ func NewIpOpt(ref *net.IP, defaultVal string) *IpOpt {
 func (o *IpOpt) Set(val string) error {
 	ip := net.ParseIP(val)
 	if ip == nil {
-		return fmt.Errorf("incorrect IP format")
+		return fmt.Errorf("%s is not an ip address", val)
 	}
 	(*o.IP) = net.ParseIP(val)
 	return nil

From de738eef04266dd2d312e6d0993b7c67486927e5 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 13 Aug 2014 12:49:12 -0700
Subject: [PATCH 465/516] Remove FIXME file

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 7bfc78b03813fd35b0098b1e778180138976c40d
Component: engine
---
 components/engine/FIXME | 24 ------------------------
 1 file changed, 24 deletions(-)
 delete mode 100644 components/engine/FIXME

diff --git a/components/engine/FIXME b/components/engine/FIXME
deleted file mode 100644
index 4f27d36856..0000000000
--- a/components/engine/FIXME
+++ /dev/null
@@ -1,24 +0,0 @@
-
-## FIXME
-
-This file is a loose collection of things to improve in the codebase, for the internal
-use of the maintainers.
-
-They are not big enough to be in the roadmap, not user-facing enough to be github issues,
-and not important enough to be discussed in the mailing list.
-
-They are just like FIXME comments in the source code, except we're not sure where in the source
-to put them - so we put them here :)
-
-
-* Run linter on codebase
-* Unify build commands and regular commands
-* Move source code into src/ subdir for clarity
-* docker build: on non-existent local path for ADD, don't show full absolute path on the host
-* use size header for progress bar in pull
-* Clean up context upload in build!!!
-* Parallel pull
-* Upgrade dockerd without stopping containers
-* Simple command to remove all untagged images (`docker rmi $(docker images | awk '/^<none>/ { print $3 }')`)
-* Simple command to clean up containers for disk space
-* Clean up the ProgressReader api, it's a PITA to use

From 5f2e120f776ecf5e0497c23ffc16173457784a2b Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Fri, 8 Aug 2014 11:00:18 -0400
Subject: [PATCH 466/516] Cleanup: initializeVolume

- Use a common struct for Volumes
- Split out some functionality in intializeVolume into separate functions
- Removes some duplicate code
- In general much easier to grok the code now

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: e350df5b2c95be74c5808c28cac5dee763b11d8b
Component: engine
---
 components/engine/daemon/volumes.go | 254 ++++++++++++++--------------
 1 file changed, 128 insertions(+), 126 deletions(-)

diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index a3bee6b07d..ea18a62b8c 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -13,10 +13,24 @@ import (
 	"github.com/docker/docker/pkg/symlink"
 )
 
-type BindMap struct {
-	SrcPath string
-	DstPath string
-	Mode    string
+type Volume struct {
+	HostPath    string
+	VolPath     string
+	Mode        string
+	isBindMount bool
+}
+
+func (v *Volume) isRw() bool {
+	return v.Mode == "" || strings.ToLower(v.Mode) == "rw"
+}
+
+func (v *Volume) isDir() (bool, error) {
+	stat, err := os.Stat(v.HostPath)
+	if err != nil {
+		return false, err
+	}
+
+	return stat.IsDir(), nil
 }
 
 func prepareVolumesForContainer(container *Container) error {
@@ -122,35 +136,40 @@ func applyVolumesFrom(container *Container) error {
 	return nil
 }
 
-func parseBindVolumeSpec(spec string) (BindMap, error) {
+func parseBindVolumeSpec(spec string) (Volume, error) {
 	var (
-		arr       = strings.Split(spec, ":")
-		err error = nil
-		vol BindMap
+		arr = strings.Split(spec, ":")
+		vol Volume
 	)
 
+	vol.isBindMount = true
 	switch len(arr) {
 	case 1:
-		vol.DstPath = spec
+		vol.VolPath = spec
 		vol.Mode = "rw"
 	case 2:
-		vol.SrcPath = arr[0]
-		vol.DstPath = arr[1]
+		vol.HostPath = arr[0]
+		vol.VolPath = arr[1]
 		vol.Mode = "rw"
 	case 3:
-		vol.SrcPath = arr[0]
-		vol.DstPath = arr[1]
+		vol.HostPath = arr[0]
+		vol.VolPath = arr[1]
 		vol.Mode = arr[2]
 	default:
-		err = fmt.Errorf("Invalid volume specification: %s", spec)
+		return vol, fmt.Errorf("Invalid volume specification: %s", spec)
 	}
-	return vol, err
+
+	if !filepath.IsAbs(vol.HostPath) {
+		return vol, fmt.Errorf("cannot bind mount volume: %s volume paths must be absolute.", vol.HostPath)
+	}
+
+	return vol, nil
 }
 
-func getBindMap(container *Container) (map[string]BindMap, error) {
+func getBindMap(container *Container) (map[string]Volume, error) {
 	var (
 		// Create the requested bind mounts
-		binds = make(map[string]BindMap)
+		volumes = map[string]Volume{}
 		// Define illegal container destinations
 		illegalDsts = []string{"/", "."}
 	)
@@ -158,151 +177,134 @@ func getBindMap(container *Container) (map[string]BindMap, error) {
 	for _, bind := range container.hostConfig.Binds {
 		vol, err := parseBindVolumeSpec(bind)
 		if err != nil {
-			return binds, err
+			return volumes, err
 		}
 		// Bail if trying to mount to an illegal destination
 		for _, illegal := range illegalDsts {
-			if vol.DstPath == illegal {
-				return nil, fmt.Errorf("Illegal bind destination: %s", vol.DstPath)
+			if vol.VolPath == illegal {
+				return nil, fmt.Errorf("Illegal bind destination: %s", vol.VolPath)
 			}
 		}
 
-		binds[filepath.Clean(vol.DstPath)] = vol
+		volumes[filepath.Clean(vol.VolPath)] = vol
 	}
-	return binds, nil
+	return volumes, nil
 }
 
 func createVolumes(container *Container) error {
-	binds, err := getBindMap(container)
+	// Get all the bindmounts
+	volumes, err := getBindMap(container)
 	if err != nil {
 		return err
 	}
 
-	// Create the requested volumes if they don't exist
+	// Get all the rest of the volumes
 	for volPath := range container.Config.Volumes {
-		if err := initializeVolume(container, volPath, binds); err != nil {
+		// Make sure the the volume isn't already specified as a bindmount
+		if _, exists := volumes[volPath]; !exists {
+			volumes[volPath] = Volume{
+				VolPath:     volPath,
+				Mode:        "rw",
+				isBindMount: false,
+			}
+		}
+	}
+
+	for _, vol := range volumes {
+		if err = vol.initialize(container); err != nil {
+			return err
+		}
+	}
+	return nil
+
+}
+
+func createVolumeHostPath(container *Container) (string, error) {
+	volumesDriver := container.daemon.volumes.Driver()
+
+	// Do not pass a container as the parameter for the volume creation.
+	// The graph driver using the container's information ( Image ) to
+	// create the parent.
+	c, err := container.daemon.volumes.Create(nil, "", "", "", "", nil, nil)
+	if err != nil {
+		return "", err
+	}
+	hostPath, err := volumesDriver.Get(c.ID, "")
+	if err != nil {
+		return hostPath, fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err)
+	}
+
+	return hostPath, nil
+}
+
+func (v *Volume) initialize(container *Container) error {
+	var err error
+	v.VolPath = filepath.Clean(v.VolPath)
+
+	// Do not initialize an existing volume
+	if _, exists := container.Volumes[v.VolPath]; exists {
+		return nil
+	}
+
+	// If it's not a bindmount we need to create the dir on the host
+	if !v.isBindMount {
+		v.HostPath, err = createVolumeHostPath(container)
+		if err != nil {
 			return err
 		}
 	}
 
-	for volPath := range binds {
-		if err := initializeVolume(container, volPath, binds); err != nil {
-			return err
-		}
+	hostPath, err := filepath.EvalSymlinks(v.HostPath)
+	if err != nil {
+		return err
+	}
+
+	// Create the mountpoint
+	// This is the path to the volume within the container FS
+	// This differs from `hostPath` in that `hostPath` refers to the place where
+	// the volume data is actually stored on the host
+	fullVolPath, err := symlink.FollowSymlinkInScope(filepath.Join(container.basefs, v.VolPath), container.basefs)
+	if err != nil {
+		return err
+	}
+
+	container.Volumes[v.VolPath] = hostPath
+	container.VolumesRW[v.VolPath] = v.isRw()
+
+	volIsDir, err := v.isDir()
+	if err != nil {
+		return err
+	}
+	if err := createIfNotExists(fullVolPath, volIsDir); err != nil {
+		return err
+	}
+
+	// Do not copy or change permissions if we are mounting from the host
+	if v.isRw() && !v.isBindMount {
+		return copyExistingContents(fullVolPath, hostPath)
 	}
 	return nil
 }
 
 func createIfNotExists(destination string, isDir bool) error {
-	if _, err := os.Stat(destination); err != nil && os.IsNotExist(err) {
-		if isDir {
-			if err := os.MkdirAll(destination, 0755); err != nil {
-				return err
-			}
-		} else {
-			if err := os.MkdirAll(filepath.Dir(destination), 0755); err != nil {
-				return err
-			}
-
-			f, err := os.OpenFile(destination, os.O_CREATE, 0755)
-			if err != nil {
-				return err
-			}
-			f.Close()
-		}
-	}
-
-	return nil
-}
-
-func initializeVolume(container *Container, volPath string, binds map[string]BindMap) error {
-	volumesDriver := container.daemon.volumes.Driver()
-	volPath = filepath.Clean(volPath)
-
-	// Skip existing volumes
-	if _, exists := container.Volumes[volPath]; exists {
+	if _, err := os.Stat(destination); err == nil || !os.IsNotExist(err) {
 		return nil
 	}
 
-	var (
-		destination string
-		isBindMount bool
-		volIsDir    = true
-
-		srcRW = false
-	)
-
-	// If an external bind is defined for this volume, use that as a source
-	if bindMap, exists := binds[volPath]; exists {
-		isBindMount = true
-		destination = bindMap.SrcPath
-
-		if !filepath.IsAbs(destination) {
-			return fmt.Errorf("cannot bind mount volume: %s volume paths must be absolute.", destination)
-		}
-
-		if strings.ToLower(bindMap.Mode) == "rw" {
-			srcRW = true
-		}
-
-		if stat, err := os.Stat(bindMap.SrcPath); err != nil {
-			return err
-		} else {
-			volIsDir = stat.IsDir()
-		}
-	} else {
-		// Do not pass a container as the parameter for the volume creation.
-		// The graph driver using the container's information ( Image ) to
-		// create the parent.
-		c, err := container.daemon.volumes.Create(nil, "", "", "", "", nil, nil)
-		if err != nil {
-			return err
-		}
-
-		destination, err = volumesDriver.Get(c.ID, "")
-		if err != nil {
-			return fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err)
-		}
-
-		srcRW = true
+	if isDir {
+		return os.MkdirAll(destination, 0755)
 	}
 
-	if p, err := filepath.EvalSymlinks(destination); err != nil {
+	if err := os.MkdirAll(filepath.Dir(destination), 0755); err != nil {
 		return err
-	} else {
-		destination = p
 	}
 
-	// Create the mountpoint
-	source, err := symlink.FollowSymlinkInScope(filepath.Join(container.basefs, volPath), container.basefs)
+	f, err := os.OpenFile(destination, os.O_CREATE, 0755)
 	if err != nil {
 		return err
 	}
+	f.Close()
 
-	newVolPath, err := filepath.Rel(container.basefs, source)
-	if err != nil {
-		return err
-	}
-	newVolPath = "/" + newVolPath
-
-	if volPath != newVolPath {
-		delete(container.Volumes, volPath)
-		delete(container.VolumesRW, volPath)
-	}
-
-	container.Volumes[volPath] = destination
-	container.VolumesRW[volPath] = srcRW
-
-	if err := createIfNotExists(source, volIsDir); err != nil {
-		return err
-	}
-
-	// Do not copy or change permissions if we are mounting from the host
-	if srcRW && !isBindMount {
-		if err := copyExistingContents(source, destination); err != nil {
-			return err
-		}
-	}
 	return nil
 }
 

From 230d6c3581090b5d2b9902bb6d5f9799af460a7e Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Wed, 13 Aug 2014 21:32:20 +0000
Subject: [PATCH 467/516] Workaround to avoid 5 second delay on graceful daemon
 restart

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 6aecdb4f8e73031f0deeac88a88ffc3fad9d5377
Component: engine
---
 components/engine/engine/job.go | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/components/engine/engine/job.go b/components/engine/engine/job.go
index c05db5616e..1c2521206c 100644
--- a/components/engine/engine/job.go
+++ b/components/engine/engine/job.go
@@ -49,10 +49,17 @@ func (job *Job) Run() error {
 	if job.Eng.IsShutdown() {
 		return fmt.Errorf("engine is shutdown")
 	}
-	job.Eng.l.Lock()
-	job.Eng.tasks.Add(1)
-	job.Eng.l.Unlock()
-	defer job.Eng.tasks.Done()
+	// FIXME: this is a temporary workaround to avoid Engine.Shutdown
+	// waiting 5 seconds for server/api.ServeApi to complete (which it never will)
+	// everytime the daemon is cleanly restarted.
+	// The permanent fix is to implement Job.Stop and Job.OnStop so that
+	// ServeApi can cooperate and terminate cleanly.
+	if job.Name != "serveapi" {
+		job.Eng.l.Lock()
+		job.Eng.tasks.Add(1)
+		job.Eng.l.Unlock()
+		defer job.Eng.tasks.Done()
+	}
 	// FIXME: make this thread-safe
 	// FIXME: implement wait
 	if !job.end.IsZero() {

From 4737f7cea517a8fba3e6e7c58b707a33025b95a7 Mon Sep 17 00:00:00 2001
From: Josiah Kiehl <jkiehl@riotgames.com>
Date: Thu, 24 Jul 2014 13:37:44 -0700
Subject: [PATCH 468/516] Extract log utils into pkg/log

Docker-DCO-1.1-Signed-off-by: Josiah Kiehl <josiah@capoferro.net> (github: capoferro)
Upstream-commit: a02f67be5b17da63d475e6f35956c1e72c3b2e7b
Component: engine
---
 components/engine/api/client/commands.go      | 25 +++---
 components/engine/api/client/hijack.go        | 13 +--
 components/engine/api/client/utils.go         |  7 +-
 components/engine/api/common.go               |  4 +-
 components/engine/api/server/server.go        | 32 +++----
 components/engine/archive/archive.go          | 30 +++----
 components/engine/archive/changes.go          | 11 +--
 components/engine/daemon/attach.go            | 47 ++++++-----
 components/engine/daemon/build.go             | 11 +--
 components/engine/daemon/container.go         | 45 +++++-----
 components/engine/daemon/daemon.go            | 75 +++++++++--------
 components/engine/daemon/daemon_aufs.go       |  4 +-
 components/engine/daemon/delete.go            |  7 +-
 .../engine/daemon/execdriver/lxc/driver.go    |  6 +-
 .../engine/daemon/graphdriver/aufs/aufs.go    |  5 +-
 .../engine/daemon/graphdriver/aufs/mount.go   |  5 +-
 .../graphdriver/devmapper/attach_loopback.go  | 20 ++---
 .../daemon/graphdriver/devmapper/deviceset.go | 84 +++++++++----------
 .../daemon/graphdriver/devmapper/devmapper.go | 28 +++----
 .../daemon/graphdriver/devmapper/driver.go    |  4 +-
 components/engine/daemon/info.go              |  3 +-
 components/engine/daemon/logs.go              | 20 ++---
 .../daemon/networkdriver/bridge/driver.go     | 17 ++--
 components/engine/graph/export.go             |  8 +-
 components/engine/graph/graph.go              |  3 +-
 components/engine/graph/load.go               | 12 +--
 components/engine/graph/pull.go               | 15 ++--
 components/engine/graph/push.go               | 13 +--
 components/engine/graph/service.go            |  4 +-
 components/engine/image/image.go              | 16 ++--
 .../engine/integration/commands_test.go       |  5 +-
 components/engine/integration/runtime_test.go | 17 ++--
 .../pkg/broadcastwriter/broadcastwriter.go    |  4 +-
 .../pkg/httputils/resumablerequestreader.go   |  5 +-
 components/engine/pkg/log/log.go              | 77 +++++++++++++++++
 components/engine/pkg/log/log_test.go         | 37 ++++++++
 components/engine/pkg/tarsum/tarsum.go        |  7 +-
 components/engine/registry/registry.go        | 13 +--
 .../engine/registry/registry_mock_test.go     |  8 +-
 components/engine/runconfig/merge.go          |  4 +-
 components/engine/runconfig/parse.go          |  2 +-
 components/engine/utils/http.go               |  4 +-
 components/engine/utils/stdcopy.go            | 20 +++--
 components/engine/utils/utils.go              | 34 ++------
 44 files changed, 465 insertions(+), 346 deletions(-)
 create mode 100644 components/engine/pkg/log/log.go
 create mode 100644 components/engine/pkg/log/log_test.go

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 99856ee5eb..51d8884bd2 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -28,6 +28,7 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/parsers/filters"
 	"github.com/docker/docker/pkg/signal"
@@ -433,11 +434,11 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	out := engine.NewOutput()
 	remoteVersion, err := out.AddEnv()
 	if err != nil {
-		utils.Errorf("Error reading remote version: %s\n", err)
+		log.Errorf("Error reading remote version: %s\n", err)
 		return err
 	}
 	if _, err := out.Write(body); err != nil {
-		utils.Errorf("Error reading remote version: %s\n", err)
+		log.Errorf("Error reading remote version: %s\n", err)
 		return err
 	}
 	out.Close()
@@ -473,7 +474,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	}
 
 	if _, err := out.Write(body); err != nil {
-		utils.Errorf("Error reading remote info: %s\n", err)
+		log.Errorf("Error reading remote info: %s\n", err)
 		return err
 	}
 	out.Close()
@@ -597,10 +598,10 @@ func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
 				}
 			}
 			if sig == "" {
-				utils.Errorf("Unsupported signal: %d. Discarding.", s)
+				log.Errorf("Unsupported signal: %d. Discarding.", s)
 			}
 			if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/kill?signal=%s", cid, sig), nil, false)); err != nil {
-				utils.Debugf("Error sending signal: %s", err)
+				log.Debugf("Error sending signal: %s", err)
 			}
 		}
 	}()
@@ -690,7 +691,7 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 	if *openStdin || *attach {
 		if tty && cli.isTerminal {
 			if err := cli.monitorTtySize(cmd.Arg(0)); err != nil {
-				utils.Errorf("Error monitoring TTY size: %s\n", err)
+				log.Errorf("Error monitoring TTY size: %s\n", err)
 			}
 		}
 		return <-cErr
@@ -1827,7 +1828,7 @@ func (cli *DockerCli) CmdAttach(args ...string) error {
 
 	if tty && cli.isTerminal {
 		if err := cli.monitorTtySize(cmd.Arg(0)); err != nil {
-			utils.Debugf("Error monitoring TTY size: %s", err)
+			log.Debugf("Error monitoring TTY size: %s", err)
 		}
 	}
 
@@ -2098,9 +2099,9 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 
 	// Block the return until the chan gets closed
 	defer func() {
-		utils.Debugf("End of CmdRun(), Waiting for hijack to finish.")
+		log.Debugf("End of CmdRun(), Waiting for hijack to finish.")
 		if _, ok := <-hijacked; ok {
-			utils.Errorf("Hijack did not finish (chan still open)")
+			log.Errorf("Hijack did not finish (chan still open)")
 		}
 	}()
 
@@ -2146,7 +2147,7 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 		}
 	case err := <-errCh:
 		if err != nil {
-			utils.Debugf("Error hijack: %s", err)
+			log.Debugf("Error hijack: %s", err)
 			return err
 		}
 	}
@@ -2158,13 +2159,13 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 
 	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && cli.isTerminal {
 		if err := cli.monitorTtySize(runResult.Get("Id")); err != nil {
-			utils.Errorf("Error monitoring TTY size: %s\n", err)
+			log.Errorf("Error monitoring TTY size: %s\n", err)
 		}
 	}
 
 	if errCh != nil {
 		if err := <-errCh; err != nil {
-			utils.Debugf("Error hijack: %s", err)
+			log.Debugf("Error hijack: %s", err)
 			return err
 		}
 	}
diff --git a/components/engine/api/client/hijack.go b/components/engine/api/client/hijack.go
index 1dc0748f8f..fa7b8ed50c 100644
--- a/components/engine/api/client/hijack.go
+++ b/components/engine/api/client/hijack.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/utils"
 )
@@ -93,7 +94,7 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 			} else {
 				_, err = utils.StdCopy(stdout, stderr, br)
 			}
-			utils.Debugf("[hijack] End of stdout")
+			log.Debugf("[hijack] End of stdout")
 			return err
 		})
 	}
@@ -101,15 +102,15 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 	sendStdin := utils.Go(func() error {
 		if in != nil {
 			io.Copy(rwc, in)
-			utils.Debugf("[hijack] End of stdin")
+			log.Debugf("[hijack] End of stdin")
 		}
 		if tcpc, ok := rwc.(*net.TCPConn); ok {
 			if err := tcpc.CloseWrite(); err != nil {
-				utils.Debugf("Couldn't send EOF: %s\n", err)
+				log.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		} else if unixc, ok := rwc.(*net.UnixConn); ok {
 			if err := unixc.CloseWrite(); err != nil {
-				utils.Debugf("Couldn't send EOF: %s\n", err)
+				log.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		}
 		// Discard errors due to pipe interruption
@@ -118,14 +119,14 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 
 	if stdout != nil || stderr != nil {
 		if err := <-receiveStdout; err != nil {
-			utils.Debugf("Error receiveStdout: %s", err)
+			log.Debugf("Error receiveStdout: %s", err)
 			return err
 		}
 	}
 
 	if !cli.isTerminal {
 		if err := <-sendStdin; err != nil {
-			utils.Debugf("Error sendStdin: %s", err)
+			log.Debugf("Error sendStdin: %s", err)
 			return err
 		}
 	}
diff --git a/components/engine/api/client/utils.go b/components/engine/api/client/utils.go
index d677242fa7..e4ef8d3875 100644
--- a/components/engine/api/client/utils.go
+++ b/components/engine/api/client/utils.go
@@ -20,6 +20,7 @@ import (
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
@@ -165,7 +166,7 @@ func (cli *DockerCli) streamHelper(method, path string, setRawTerminal bool, in
 		} else {
 			_, err = utils.StdCopy(stdout, stderr, resp.Body)
 		}
-		utils.Debugf("[stream] End of stdout")
+		log.Debugf("[stream] End of stdout")
 		return err
 	}
 	return nil
@@ -180,7 +181,7 @@ func (cli *DockerCli) resizeTty(id string) {
 	v.Set("h", strconv.Itoa(height))
 	v.Set("w", strconv.Itoa(width))
 	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
-		utils.Debugf("Error resize: %s", err)
+		log.Debugf("Error resize: %s", err)
 	}
 }
 
@@ -237,7 +238,7 @@ func (cli *DockerCli) getTtySize() (int, int) {
 	}
 	ws, err := term.GetWinsize(cli.terminalFd)
 	if err != nil {
-		utils.Debugf("Error getting size: %s", err)
+		log.Debugf("Error getting size: %s", err)
 		if ws == nil {
 			return 0, 0
 		}
diff --git a/components/engine/api/common.go b/components/engine/api/common.go
index ce92b10d4c..5cc33a9e1a 100644
--- a/components/engine/api/common.go
+++ b/components/engine/api/common.go
@@ -6,9 +6,9 @@ import (
 	"strings"
 
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/version"
-	"github.com/docker/docker/utils"
 )
 
 const (
@@ -43,7 +43,7 @@ func DisplayablePorts(ports *engine.Table) string {
 func MatchesContentType(contentType, expectedType string) bool {
 	mimetype, _, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		utils.Errorf("Error parsing media type: %s error: %s", contentType, err.Error())
+		log.Errorf("Error parsing media type: %s error: %s", contentType, err.Error())
 	}
 	return err == nil && mimetype == expectedType
 }
diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 10e5090ce0..198d2d93f3 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -11,7 +11,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"net"
 	"net/http"
 	"net/http/pprof"
@@ -21,17 +20,18 @@ import (
 	"syscall"
 
 	"code.google.com/p/go.net/websocket"
+	"github.com/docker/libcontainer/user"
+	"github.com/gorilla/mux"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/listenbuffer"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/systemd"
 	"github.com/docker/docker/pkg/version"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
-	"github.com/docker/libcontainer/user"
-	"github.com/gorilla/mux"
 )
 
 var (
@@ -88,7 +88,7 @@ func httpError(w http.ResponseWriter, err error) {
 	}
 
 	if err != nil {
-		utils.Errorf("HTTP Error: statusCode=%d %s", statusCode, err.Error())
+		log.Errorf("HTTP Error: statusCode=%d %s", statusCode, err.Error())
 		http.Error(w, err.Error(), statusCode)
 	}
 }
@@ -439,7 +439,7 @@ func postCommit(eng *engine.Engine, version version.Version, w http.ResponseWrit
 		stdoutBuffer = bytes.NewBuffer(nil)
 	)
 	if err := config.Decode(r.Body); err != nil {
-		utils.Errorf("%s", err)
+		log.Errorf("%s", err)
 	}
 
 	if r.FormValue("pause") == "" && version.GreaterThanOrEqualTo("1.13") {
@@ -878,7 +878,7 @@ func wsContainersAttach(eng *engine.Engine, version version.Version, w http.Resp
 		job.Stdout.Add(ws)
 		job.Stderr.Set(ws)
 		if err := job.Run(); err != nil {
-			utils.Errorf("Error attaching websocket: %s", err)
+			log.Errorf("Error attaching websocket: %s", err)
 		}
 	})
 	h.ServeHTTP(w, r)
@@ -1005,7 +1005,7 @@ func postContainersCopy(eng *engine.Engine, version version.Version, w http.Resp
 	job := eng.Job("container_copy", vars["name"], copyData.Get("Resource"))
 	job.Stdout.Add(w)
 	if err := job.Run(); err != nil {
-		utils.Errorf("%s", err.Error())
+		log.Errorf("%s", err.Error())
 		if strings.Contains(err.Error(), "No such container") {
 			w.WriteHeader(http.StatusNotFound)
 		} else if strings.Contains(err.Error(), "no such file or directory") {
@@ -1033,16 +1033,16 @@ func ping(eng *engine.Engine, version version.Version, w http.ResponseWriter, r
 func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, localRoute string, handlerFunc HttpApiFunc, enableCors bool, dockerVersion version.Version) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// log the request
-		utils.Debugf("Calling %s %s", localMethod, localRoute)
+		log.Debugf("Calling %s %s", localMethod, localRoute)
 
 		if logging {
-			log.Println(r.Method, r.RequestURI)
+			log.Infof("%s %s\n", r.Method, r.RequestURI)
 		}
 
 		if strings.Contains(r.Header.Get("User-Agent"), "Docker-Client/") {
 			userAgent := strings.Split(r.Header.Get("User-Agent"), "/")
 			if len(userAgent) == 2 && !dockerVersion.Equal(version.Version(userAgent[1])) {
-				utils.Debugf("Warning: client and server don't have the same version (client: %s, server: %s)", userAgent[1], dockerVersion)
+				log.Debugf("Warning: client and server don't have the same version (client: %s, server: %s)", userAgent[1], dockerVersion)
 			}
 		}
 		version := version.Version(mux.Vars(r)["version"])
@@ -1059,7 +1059,7 @@ func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, local
 		}
 
 		if err := handlerFunc(eng, version, w, r, mux.Vars(r)); err != nil {
-			utils.Errorf("Handler for %s %s returned error: %s", localMethod, localRoute, err)
+			log.Errorf("Handler for %s %s returned error: %s", localMethod, localRoute, err)
 			httpError(w, err)
 		}
 	}
@@ -1148,7 +1148,7 @@ func createRouter(eng *engine.Engine, logging, enableCors bool, dockerVersion st
 
 	for method, routes := range m {
 		for route, fct := range routes {
-			utils.Debugf("Registering %s, %s", method, route)
+			log.Debugf("Registering %s, %s", method, route)
 			// NOTE: scope issue, make sure the variables are local and won't be changed
 			localRoute := route
 			localFct := fct
@@ -1238,7 +1238,7 @@ func changeGroup(addr string, nameOrGid string) error {
 		return err
 	}
 
-	utils.Debugf("%s group found. gid: %d", nameOrGid, gid)
+	log.Debugf("%s group found. gid: %d", nameOrGid, gid)
 	return os.Chown(addr, 0, gid)
 }
 
@@ -1309,7 +1309,7 @@ func ListenAndServe(proto, addr string, job *engine.Job) error {
 	switch proto {
 	case "tcp":
 		if !strings.HasPrefix(addr, "127.0.0.1") && !job.GetenvBool("TlsVerify") {
-			log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
+			log.Infof("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
 		}
 	case "unix":
 		socketGroup := job.Getenv("SocketGroup")
@@ -1317,7 +1317,7 @@ func ListenAndServe(proto, addr string, job *engine.Job) error {
 			if err := changeGroup(addr, socketGroup); err != nil {
 				if socketGroup == "docker" {
 					// if the user hasn't explicitly specified the group ownership, don't fail on errors.
-					utils.Debugf("Warning: could not chgrp %s to docker: %s", addr, err.Error())
+					log.Debugf("Warning: could not chgrp %s to docker: %s", addr, err.Error())
 				} else {
 					return err
 				}
@@ -1352,7 +1352,7 @@ func ServeApi(job *engine.Job) engine.Status {
 			return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name)
 		}
 		go func() {
-			log.Printf("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1])
+			log.Infof("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1])
 			chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job)
 		}()
 	}
diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 01ed298733..932e2309cd 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -16,9 +16,11 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/utils"
-	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 type (
@@ -61,7 +63,7 @@ func DetectCompression(source []byte) Compression {
 		Xz:    {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00},
 	} {
 		if len(source) < len(m) {
-			utils.Debugf("Len too short")
+			log.Debugf("Len too short")
 			continue
 		}
 		if bytes.Compare(m, source[:len(m)]) == 0 {
@@ -83,7 +85,7 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
 	if err != nil {
 		return nil, err
 	}
-	utils.Debugf("[tar autodetect] n: %v", bs)
+	log.Debugf("[tar autodetect] n: %v", bs)
 
 	compression := DetectCompression(bs)
 
@@ -252,7 +254,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 		}
 
 	case tar.TypeXGlobalHeader:
-		utils.Debugf("PAX Global Extended Headers found and ignored")
+		log.Debugf("PAX Global Extended Headers found and ignored")
 		return nil
 
 	default:
@@ -340,7 +342,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 		for _, include := range options.Includes {
 			filepath.Walk(filepath.Join(srcPath, include), func(filePath string, f os.FileInfo, err error) error {
 				if err != nil {
-					utils.Debugf("Tar: Can't stat file %s to tar: %s\n", srcPath, err)
+					log.Debugf("Tar: Can't stat file %s to tar: %s\n", srcPath, err)
 					return nil
 				}
 
@@ -351,7 +353,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 
 				skip, err := utils.Matches(relFilePath, options.Excludes)
 				if err != nil {
-					utils.Debugf("Error matching %s\n", relFilePath, err)
+					log.Debugf("Error matching %s\n", relFilePath, err)
 					return err
 				}
 
@@ -363,7 +365,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				}
 
 				if err := addTarFile(filePath, relFilePath, tw, twBuf); err != nil {
-					utils.Debugf("Can't add file %s to tar: %s\n", srcPath, err)
+					log.Debugf("Can't add file %s to tar: %s\n", srcPath, err)
 				}
 				return nil
 			})
@@ -371,13 +373,13 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 
 		// Make sure to check the error on Close.
 		if err := tw.Close(); err != nil {
-			utils.Debugf("Can't close tar writer: %s\n", err)
+			log.Debugf("Can't close tar writer: %s\n", err)
 		}
 		if err := compressWriter.Close(); err != nil {
-			utils.Debugf("Can't close compress writer: %s\n", err)
+			log.Debugf("Can't close compress writer: %s\n", err)
 		}
 		if err := pipeWriter.Close(); err != nil {
-			utils.Debugf("Can't close pipe writer: %s\n", err)
+			log.Debugf("Can't close pipe writer: %s\n", err)
 		}
 	}()
 
@@ -489,7 +491,7 @@ loop:
 // the output of one piped into the other. If either Tar or Untar fails,
 // TarUntar aborts and returns the error.
 func TarUntar(src string, dst string) error {
-	utils.Debugf("TarUntar(%s %s)", src, dst)
+	log.Debugf("TarUntar(%s %s)", src, dst)
 	archive, err := TarWithOptions(src, &TarOptions{Compression: Uncompressed})
 	if err != nil {
 		return err
@@ -526,11 +528,11 @@ func CopyWithTar(src, dst string) error {
 		return CopyFileWithTar(src, dst)
 	}
 	// Create dst, copy src's content into it
-	utils.Debugf("Creating dest directory: %s", dst)
+	log.Debugf("Creating dest directory: %s", dst)
 	if err := os.MkdirAll(dst, 0755); err != nil && !os.IsExist(err) {
 		return err
 	}
-	utils.Debugf("Calling TarUntar(%s, %s)", src, dst)
+	log.Debugf("Calling TarUntar(%s, %s)", src, dst)
 	return TarUntar(src, dst)
 }
 
@@ -541,7 +543,7 @@ func CopyWithTar(src, dst string) error {
 // If `dst` ends with a trailing slash '/', the final destination path
 // will be `dst/base(src)`.
 func CopyFileWithTar(src, dst string) (err error) {
-	utils.Debugf("CopyFileWithTar(%s, %s)", src, dst)
+	log.Debugf("CopyFileWithTar(%s, %s)", src, dst)
 	srcSt, err := os.Stat(src)
 	if err != nil {
 		return err
diff --git a/components/engine/archive/changes.go b/components/engine/archive/changes.go
index 859c8aa07e..032dfe0d55 100644
--- a/components/engine/archive/changes.go
+++ b/components/engine/archive/changes.go
@@ -11,9 +11,10 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/docker/docker/pkg/system"
-	"github.com/docker/docker/utils"
 	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+
+	"github.com/docker/docker/pkg/log"
+	"github.com/docker/docker/pkg/system"
 )
 
 type ChangeType int
@@ -363,19 +364,19 @@ func ExportChanges(dir string, changes []Change) (Archive, error) {
 					ChangeTime: timestamp,
 				}
 				if err := tw.WriteHeader(hdr); err != nil {
-					utils.Debugf("Can't write whiteout header: %s\n", err)
+					log.Debugf("Can't write whiteout header: %s\n", err)
 				}
 			} else {
 				path := filepath.Join(dir, change.Path)
 				if err := addTarFile(path, change.Path[1:], tw, twBuf); err != nil {
-					utils.Debugf("Can't add file %s to tar: %s\n", path, err)
+					log.Debugf("Can't add file %s to tar: %s\n", path, err)
 				}
 			}
 		}
 
 		// Make sure to check the error on Close.
 		if err := tw.Close(); err != nil {
-			utils.Debugf("Can't close layer: %s\n", err)
+			log.Debugf("Can't close layer: %s\n", err)
 		}
 		writer.Close()
 	}()
diff --git a/components/engine/daemon/attach.go b/components/engine/daemon/attach.go
index 2c65956a58..b1b06e2765 100644
--- a/components/engine/daemon/attach.go
+++ b/components/engine/daemon/attach.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/utils"
 )
 
@@ -36,25 +37,25 @@ func (daemon *Daemon) ContainerAttach(job *engine.Job) engine.Status {
 		cLog, err := container.ReadLog("json")
 		if err != nil && os.IsNotExist(err) {
 			// Legacy logs
-			utils.Debugf("Old logs format")
+			log.Debugf("Old logs format")
 			if stdout {
 				cLog, err := container.ReadLog("stdout")
 				if err != nil {
-					utils.Errorf("Error reading logs (stdout): %s", err)
+					log.Errorf("Error reading logs (stdout): %s", err)
 				} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stdout): %s", err)
+					log.Errorf("Error streaming logs (stdout): %s", err)
 				}
 			}
 			if stderr {
 				cLog, err := container.ReadLog("stderr")
 				if err != nil {
-					utils.Errorf("Error reading logs (stderr): %s", err)
+					log.Errorf("Error reading logs (stderr): %s", err)
 				} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-					utils.Errorf("Error streaming logs (stderr): %s", err)
+					log.Errorf("Error streaming logs (stderr): %s", err)
 				}
 			}
 		} else if err != nil {
-			utils.Errorf("Error reading logs (json): %s", err)
+			log.Errorf("Error reading logs (json): %s", err)
 		} else {
 			dec := json.NewDecoder(cLog)
 			for {
@@ -63,7 +64,7 @@ func (daemon *Daemon) ContainerAttach(job *engine.Job) engine.Status {
 				if err := dec.Decode(l); err == io.EOF {
 					break
 				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
+					log.Errorf("Error streaming logs: %s", err)
 					break
 				}
 				if l.Stream == "stdout" && stdout {
@@ -88,7 +89,7 @@ func (daemon *Daemon) ContainerAttach(job *engine.Job) engine.Status {
 			r, w := io.Pipe()
 			go func() {
 				defer w.Close()
-				defer utils.Debugf("Closing buffered stdin pipe")
+				defer log.Debugf("Closing buffered stdin pipe")
 				io.Copy(w, job.Stdin)
 			}()
 			cStdin = r
@@ -131,8 +132,8 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 			errors <- err
 		} else {
 			go func() {
-				utils.Debugf("attach: stdin: begin")
-				defer utils.Debugf("attach: stdin: end")
+				log.Debugf("attach: stdin: begin")
+				defer log.Debugf("attach: stdin: end")
 				// No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr
 				if container.Config.StdinOnce && !container.Config.Tty {
 					defer cStdin.Close()
@@ -155,7 +156,7 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 					err = nil
 				}
 				if err != nil {
-					utils.Errorf("attach: stdin: %s", err)
+					log.Errorf("attach: stdin: %s", err)
 				}
 				errors <- err
 			}()
@@ -168,8 +169,8 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 		} else {
 			cStdout = p
 			go func() {
-				utils.Debugf("attach: stdout: begin")
-				defer utils.Debugf("attach: stdout: end")
+				log.Debugf("attach: stdout: begin")
+				defer log.Debugf("attach: stdout: end")
 				// If we are in StdinOnce mode, then close stdin
 				if container.Config.StdinOnce && stdin != nil {
 					defer stdin.Close()
@@ -182,7 +183,7 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 					err = nil
 				}
 				if err != nil {
-					utils.Errorf("attach: stdout: %s", err)
+					log.Errorf("attach: stdout: %s", err)
 				}
 				errors <- err
 			}()
@@ -193,7 +194,7 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 				defer stdinCloser.Close()
 			}
 			if cStdout, err := container.StdoutPipe(); err != nil {
-				utils.Errorf("attach: stdout pipe: %s", err)
+				log.Errorf("attach: stdout pipe: %s", err)
 			} else {
 				io.Copy(&utils.NopWriter{}, cStdout)
 			}
@@ -206,8 +207,8 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 		} else {
 			cStderr = p
 			go func() {
-				utils.Debugf("attach: stderr: begin")
-				defer utils.Debugf("attach: stderr: end")
+				log.Debugf("attach: stderr: begin")
+				defer log.Debugf("attach: stderr: end")
 				// If we are in StdinOnce mode, then close stdin
 				if container.Config.StdinOnce && stdin != nil {
 					defer stdin.Close()
@@ -220,7 +221,7 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 					err = nil
 				}
 				if err != nil {
-					utils.Errorf("attach: stderr: %s", err)
+					log.Errorf("attach: stderr: %s", err)
 				}
 				errors <- err
 			}()
@@ -232,7 +233,7 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 			}
 
 			if cStderr, err := container.StderrPipe(); err != nil {
-				utils.Errorf("attach: stdout pipe: %s", err)
+				log.Errorf("attach: stdout pipe: %s", err)
 			} else {
 				io.Copy(&utils.NopWriter{}, cStderr)
 			}
@@ -252,14 +253,14 @@ func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinClo
 		// FIXME: how to clean up the stdin goroutine without the unwanted side effect
 		// of closing the passed stdin? Add an intermediary io.Pipe?
 		for i := 0; i < nJobs; i += 1 {
-			utils.Debugf("attach: waiting for job %d/%d", i+1, nJobs)
+			log.Debugf("attach: waiting for job %d/%d", i+1, nJobs)
 			if err := <-errors; err != nil {
-				utils.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err)
+				log.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err)
 				return err
 			}
-			utils.Debugf("attach: job %d completed successfully", i+1)
+			log.Debugf("attach: job %d completed successfully", i+1)
 		}
-		utils.Debugf("attach: all jobs completed successfully")
+		log.Debugf("attach: all jobs completed successfully")
 		return nil
 	})
 }
diff --git a/components/engine/daemon/build.go b/components/engine/daemon/build.go
index 61fe248ae5..a572dc2ec2 100644
--- a/components/engine/daemon/build.go
+++ b/components/engine/daemon/build.go
@@ -23,6 +23,7 @@ import (
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/pkg/system"
@@ -262,11 +263,11 @@ func (b *buildFile) probeCache() (bool, error) {
 			return false, err
 		} else if cache != nil {
 			fmt.Fprintf(b.outStream, " ---> Using cache\n")
-			utils.Debugf("[BUILDER] Use cached version")
+			log.Debugf("[BUILDER] Use cached version")
 			b.image = cache.ID
 			return true, nil
 		} else {
-			utils.Debugf("[BUILDER] Cache miss")
+			log.Debugf("[BUILDER] Cache miss")
 		}
 	}
 	return false, nil
@@ -288,7 +289,7 @@ func (b *buildFile) CmdRun(args string) error {
 
 	defer func(cmd []string) { b.config.Cmd = cmd }(cmd)
 
-	utils.Debugf("Command to be executed: %v", b.config.Cmd)
+	log.Debugf("Command to be executed: %v", b.config.Cmd)
 
 	hit, err := b.probeCache()
 	if err != nil {
@@ -378,7 +379,7 @@ func (b *buildFile) CmdEnv(args string) error {
 func (b *buildFile) buildCmdFromJson(args string) []string {
 	var cmd []string
 	if err := json.Unmarshal([]byte(args), &cmd); err != nil {
-		utils.Debugf("Error unmarshalling: %s, setting to /bin/sh -c", err)
+		log.Debugf("Error unmarshalling: %s, setting to /bin/sh -c", err)
 		cmd = []string{"/bin/sh", "-c", args}
 	}
 	return cmd
@@ -551,7 +552,7 @@ func (b *buildFile) addContext(container *Container, orig, dest string, decompre
 		if err := archive.UntarPath(origPath, tarDest); err == nil {
 			return nil
 		} else if err != io.EOF {
-			utils.Debugf("Couldn't untar %s to %s: %s", origPath, tarDest, err)
+			log.Debugf("Couldn't untar %s to %s: %s", origPath, tarDest, err)
 		}
 	}
 
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 8f0b0480aa..50de4fc536 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"os"
 	"path"
 	"path/filepath"
@@ -15,6 +14,9 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/docker/libcontainer/devices"
+	"github.com/docker/libcontainer/label"
+
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/graphdriver"
@@ -23,13 +25,12 @@ import (
 	"github.com/docker/docker/links"
 	"github.com/docker/docker/nat"
 	"github.com/docker/docker/pkg/broadcastwriter"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/networkfs/etchosts"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/pkg/symlink"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/libcontainer/devices"
-	"github.com/docker/libcontainer/label"
 )
 
 const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -171,7 +172,7 @@ func (container *Container) WriteHostConfig() error {
 func (container *Container) LogEvent(action string) {
 	d := container.daemon
 	if err := d.eng.Job("log", action, container.ID, d.Repositories().ImageName(container.Image)).Run(); err != nil {
-		utils.Errorf("Error logging event %s for %s: %s", action, container.ID, err)
+		log.Errorf("Error logging event %s for %s: %s", action, container.ID, err)
 	}
 }
 
@@ -503,7 +504,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 	pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin)
 	exitCode, err = container.daemon.Run(container, pipes, callback)
 	if err != nil {
-		utils.Errorf("Error running container: %s", err)
+		log.Errorf("Error running container: %s", err)
 	}
 	container.State.SetStopped(exitCode)
 
@@ -519,7 +520,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 	// This will cause it to be restarted when the engine is restarted.
 	if container.daemon != nil && container.daemon.eng != nil && !container.daemon.eng.IsShutdown() {
 		if err := container.toDisk(); err != nil {
-			utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
+			log.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
 		}
 	}
 	return err
@@ -536,28 +537,28 @@ func (container *Container) cleanup() {
 	}
 	if container.Config.OpenStdin {
 		if err := container.stdin.Close(); err != nil {
-			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
+			log.Errorf("%s: Error close stdin: %s", container.ID, err)
 		}
 	}
 	if err := container.stdout.Clean(); err != nil {
-		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
+		log.Errorf("%s: Error close stdout: %s", container.ID, err)
 	}
 	if err := container.stderr.Clean(); err != nil {
-		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
+		log.Errorf("%s: Error close stderr: %s", container.ID, err)
 	}
 	if container.command != nil && container.command.Terminal != nil {
 		if err := container.command.Terminal.Close(); err != nil {
-			utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
+			log.Errorf("%s: Error closing terminal: %s", container.ID, err)
 		}
 	}
 
 	if err := container.Unmount(); err != nil {
-		log.Printf("%v: Failed to umount filesystem: %v", container.ID, err)
+		log.Errorf("%v: Failed to umount filesystem: %v", container.ID, err)
 	}
 }
 
 func (container *Container) KillSig(sig int) error {
-	utils.Debugf("Sending %d to %s", sig, container.ID)
+	log.Debugf("Sending %d to %s", sig, container.ID)
 	container.Lock()
 	defer container.Unlock()
 
@@ -606,7 +607,7 @@ func (container *Container) Kill() error {
 	if _, err := container.State.WaitStop(10 * time.Second); err != nil {
 		// Ensure that we don't kill ourselves
 		if pid := container.State.GetPid(); pid != 0 {
-			log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID))
+			log.Infof("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID))
 			if err := syscall.Kill(pid, 9); err != nil {
 				return err
 			}
@@ -624,7 +625,7 @@ func (container *Container) Stop(seconds int) error {
 
 	// 1. Send a SIGTERM
 	if err := container.KillSig(15); err != nil {
-		log.Print("Failed to send SIGTERM to the process, force killing")
+		log.Infof("Failed to send SIGTERM to the process, force killing")
 		if err := container.KillSig(9); err != nil {
 			return err
 		}
@@ -632,7 +633,7 @@ func (container *Container) Stop(seconds int) error {
 
 	// 2. Wait for the process to exit on its own
 	if _, err := container.State.WaitStop(time.Duration(seconds) * time.Second); err != nil {
-		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.ID, seconds)
+		log.Infof("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.ID, seconds)
 		// 3. If it doesn't, then send SIGKILL
 		if err := container.Kill(); err != nil {
 			container.State.WaitStop(-1 * time.Second)
@@ -761,7 +762,7 @@ func (container *Container) GetSize() (int64, int64) {
 	)
 
 	if err := container.Mount(); err != nil {
-		utils.Errorf("Warning: failed to compute size of container rootfs %s: %s", container.ID, err)
+		log.Errorf("Warning: failed to compute size of container rootfs %s: %s", container.ID, err)
 		return sizeRw, sizeRootfs
 	}
 	defer container.Unmount()
@@ -769,7 +770,7 @@ func (container *Container) GetSize() (int64, int64) {
 	if differ, ok := container.daemon.driver.(graphdriver.Differ); ok {
 		sizeRw, err = differ.DiffSize(container.ID)
 		if err != nil {
-			utils.Errorf("Warning: driver %s couldn't return diff size of container %s: %s", driver, container.ID, err)
+			log.Errorf("Warning: driver %s couldn't return diff size of container %s: %s", driver, container.ID, err)
 			// FIXME: GetSize should return an error. Not changing it now in case
 			// there is a side-effect.
 			sizeRw = -1
@@ -866,7 +867,7 @@ func (container *Container) DisableLink(name string) {
 		if link, exists := container.activeLinks[name]; exists {
 			link.Disable()
 		} else {
-			utils.Debugf("Could not find active link for %s", name)
+			log.Debugf("Could not find active link for %s", name)
 		}
 	}
 }
@@ -978,15 +979,15 @@ func (container *Container) initializeNetworking() error {
 // Make sure the config is compatible with the current kernel
 func (container *Container) verifyDaemonSettings() {
 	if container.Config.Memory > 0 && !container.daemon.sysInfo.MemoryLimit {
-		log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		log.Infof("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
 		container.Config.Memory = 0
 	}
 	if container.Config.Memory > 0 && !container.daemon.sysInfo.SwapLimit {
-		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		log.Infof("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
 		container.Config.MemorySwap = -1
 	}
 	if container.daemon.sysInfo.IPv4ForwardingDisabled {
-		log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work")
+		log.Infof("WARNING: IPv4 forwarding is disabled. Networking will not work")
 	}
 }
 
@@ -1123,7 +1124,7 @@ func (container *Container) waitForStart() error {
 		}
 		container.State.SetRunning(command.Pid())
 		if err := container.toDisk(); err != nil {
-			utils.Debugf("%s", err)
+			log.Debugf("%s", err)
 		}
 		close(waitStart)
 	}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 540ee7d985..e777c4a1be 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"os"
 	"path"
 	"regexp"
@@ -13,6 +12,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/docker/libcontainer/label"
+
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/execdriver"
 	"github.com/docker/docker/daemon/execdriver/execdrivers"
@@ -27,6 +28,7 @@ import (
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/pkg/broadcastwriter"
 	"github.com/docker/docker/pkg/graphdb"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/namesgenerator"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/pkg/parsers"
@@ -35,7 +37,6 @@ import (
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
-	"github.com/docker/libcontainer/label"
 )
 
 // Set the max depth to the aufs default that most
@@ -217,7 +218,7 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 	//        if so, then we need to restart monitor and init a new lock
 	// If the container is supposed to be running, make sure of it
 	if container.State.IsRunning() {
-		utils.Debugf("killing old running container %s", container.ID)
+		log.Debugf("killing old running container %s", container.ID)
 
 		existingPid := container.State.Pid
 		container.State.SetStopped(0)
@@ -234,23 +235,23 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 			var err error
 			cmd.Process, err = os.FindProcess(existingPid)
 			if err != nil {
-				utils.Debugf("cannot find existing process for %d", existingPid)
+				log.Debugf("cannot find existing process for %d", existingPid)
 			}
 			daemon.execDriver.Terminate(cmd)
 		}
 
 		if err := container.Unmount(); err != nil {
-			utils.Debugf("unmount error %s", err)
+			log.Debugf("unmount error %s", err)
 		}
 		if err := container.ToDisk(); err != nil {
-			utils.Debugf("saving stopped state to disk %s", err)
+			log.Debugf("saving stopped state to disk %s", err)
 		}
 
 		info := daemon.execDriver.Info(container.ID)
 		if !info.IsRunning() {
-			utils.Debugf("Container %s was supposed to be running but is not.", container.ID)
+			log.Debugf("Container %s was supposed to be running but is not.", container.ID)
 
-			utils.Debugf("Marking as stopped")
+			log.Debugf("Marking as stopped")
 
 			container.State.SetStopped(-127)
 			if err := container.ToDisk(); err != nil {
@@ -258,7 +259,7 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 			}
 
 			if daemon.config.AutoRestart {
-				utils.Debugf("Marking as restarting")
+				log.Debugf("Marking as restarting")
 
 				if containersToStart != nil {
 					*containersToStart = append(*containersToStart, container)
@@ -278,7 +279,7 @@ func (daemon *Daemon) ensureName(container *Container) error {
 		container.Name = name
 
 		if err := container.ToDisk(); err != nil {
-			utils.Debugf("Error saving container name %s", err)
+			log.Debugf("Error saving container name %s", err)
 		}
 	}
 	return nil
@@ -302,7 +303,7 @@ func (daemon *Daemon) restore() error {
 	)
 
 	if !debug {
-		fmt.Printf("Loading containers: ")
+		log.Infof("Loading containers: ")
 	}
 	dir, err := ioutil.ReadDir(daemon.repository)
 	if err != nil {
@@ -316,16 +317,16 @@ func (daemon *Daemon) restore() error {
 			fmt.Print(".")
 		}
 		if err != nil {
-			utils.Errorf("Failed to load container %v: %v", id, err)
+			log.Errorf("Failed to load container %v: %v", id, err)
 			continue
 		}
 
 		// Ignore the container if it does not support the current driver being used by the graph
 		if container.Driver == "" && currentDriver == "aufs" || container.Driver == currentDriver {
-			utils.Debugf("Loaded container %v", container.ID)
+			log.Debugf("Loaded container %v", container.ID)
 			containers[container.ID] = container
 		} else {
-			utils.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID)
+			log.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID)
 		}
 	}
 
@@ -337,7 +338,7 @@ func (daemon *Daemon) restore() error {
 			e := entities[p]
 			if container, ok := containers[e.ID()]; ok {
 				if err := daemon.register(container, false, &containersToStart); err != nil {
-					utils.Debugf("Failed to register container %s: %s", container.ID, err)
+					log.Debugf("Failed to register container %s: %s", container.ID, err)
 				}
 				delete(containers, e.ID())
 			}
@@ -349,22 +350,22 @@ func (daemon *Daemon) restore() error {
 		// Try to set the default name for a container if it exists prior to links
 		container.Name, err = daemon.generateNewName(container.ID)
 		if err != nil {
-			utils.Debugf("Setting default id - %s", err)
+			log.Debugf("Setting default id - %s", err)
 		}
 		if err := daemon.register(container, false, &containersToStart); err != nil {
-			utils.Debugf("Failed to register container %s: %s", container.ID, err)
+			log.Debugf("Failed to register container %s: %s", container.ID, err)
 		}
 	}
 
 	for _, container := range containersToStart {
-		utils.Debugf("Starting container %d", container.ID)
+		log.Debugf("Starting container %d", container.ID)
 		if err := container.Start(); err != nil {
-			utils.Debugf("Failed to start container %s: %s", container.ID, err)
+			log.Debugf("Failed to start container %s: %s", container.ID, err)
 		}
 	}
 
 	if !debug {
-		fmt.Printf(": done.\n")
+		log.Infof(": done.\n")
 	}
 
 	return nil
@@ -707,7 +708,7 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 		log.Fatalf("The Docker daemon needs to be run as root")
 	}
 	if err := checkKernelAndArch(); err != nil {
-		log.Fatal(err)
+		log.Fatalf(err.Error())
 	}
 
 	// set up the TempDir to use a canonical path
@@ -748,7 +749,7 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 	if err != nil {
 		return nil, err
 	}
-	utils.Debugf("Using graph driver %s", driver)
+	log.Debugf("Using graph driver %s", driver)
 
 	// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
 	if config.EnableSelinuxSupport && driver.String() == "btrfs" {
@@ -766,7 +767,7 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 		return nil, err
 	}
 
-	utils.Debugf("Creating images graph")
+	log.Debugf("Creating images graph")
 	g, err := graph.NewGraph(path.Join(config.Root, "graph"), driver)
 	if err != nil {
 		return nil, err
@@ -778,12 +779,12 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 	if err != nil {
 		return nil, err
 	}
-	utils.Debugf("Creating volumes graph")
+	log.Debugf("Creating volumes graph")
 	volumes, err := graph.NewGraph(path.Join(config.Root, "volumes"), volumesDriver)
 	if err != nil {
 		return nil, err
 	}
-	utils.Debugf("Creating repository list")
+	log.Debugf("Creating repository list")
 	repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g)
 	if err != nil {
 		return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
@@ -862,18 +863,18 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 	eng.OnShutdown(func() {
 		// FIXME: if these cleanup steps can be called concurrently, register
 		// them as separate handlers to speed up total shutdown time
-		// FIXME: use engine logging instead of utils.Errorf
+		// FIXME: use engine logging instead of log.Errorf
 		if err := daemon.shutdown(); err != nil {
-			utils.Errorf("daemon.shutdown(): %s", err)
+			log.Errorf("daemon.shutdown(): %s", err)
 		}
 		if err := portallocator.ReleaseAll(); err != nil {
-			utils.Errorf("portallocator.ReleaseAll(): %s", err)
+			log.Errorf("portallocator.ReleaseAll(): %s", err)
 		}
 		if err := daemon.driver.Cleanup(); err != nil {
-			utils.Errorf("daemon.driver.Cleanup(): %s", err.Error())
+			log.Errorf("daemon.driver.Cleanup(): %s", err.Error())
 		}
 		if err := daemon.containerGraph.Close(); err != nil {
-			utils.Errorf("daemon.containerGraph.Close(): %s", err.Error())
+			log.Errorf("daemon.containerGraph.Close(): %s", err.Error())
 		}
 	})
 
@@ -882,20 +883,20 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
 
 func (daemon *Daemon) shutdown() error {
 	group := sync.WaitGroup{}
-	utils.Debugf("starting clean shutdown of all containers...")
+	log.Debugf("starting clean shutdown of all containers...")
 	for _, container := range daemon.List() {
 		c := container
 		if c.State.IsRunning() {
-			utils.Debugf("stopping %s", c.ID)
+			log.Debugf("stopping %s", c.ID)
 			group.Add(1)
 
 			go func() {
 				defer group.Done()
 				if err := c.KillSig(15); err != nil {
-					utils.Debugf("kill 15 error for %s - %s", c.ID, err)
+					log.Debugf("kill 15 error for %s - %s", c.ID, err)
 				}
 				c.State.WaitStop(-1 * time.Second)
-				utils.Debugf("container stopped %s", c.ID)
+				log.Debugf("container stopped %s", c.ID)
 			}()
 		}
 	}
@@ -1056,7 +1057,7 @@ func (daemon *Daemon) checkLocaldns() error {
 		return err
 	}
 	if len(daemon.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		log.Printf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", DefaultDns)
+		log.Infof("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", DefaultDns)
 		daemon.config.Dns = DefaultDns
 	}
 	return nil
@@ -1107,11 +1108,11 @@ func checkKernelAndArch() error {
 	// the circumstances of pre-3.8 crashes are clearer.
 	// For details see http://github.com/docker/docker/issues/407
 	if k, err := kernel.GetKernelVersion(); err != nil {
-		log.Printf("WARNING: %s\n", err)
+		log.Infof("WARNING: %s\n", err)
 	} else {
 		if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
 			if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
-				log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
+				log.Infof("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String())
 			}
 		}
 	}
diff --git a/components/engine/daemon/daemon_aufs.go b/components/engine/daemon/daemon_aufs.go
index 12108888bb..a370a4ce3c 100644
--- a/components/engine/daemon/daemon_aufs.go
+++ b/components/engine/daemon/daemon_aufs.go
@@ -6,14 +6,14 @@ import (
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/daemon/graphdriver/aufs"
 	"github.com/docker/docker/graph"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 // Given the graphdriver ad, if it is aufs, then migrate it.
 // If aufs driver is not built, this func is a noop.
 func migrateIfAufs(driver graphdriver.Driver, root string) error {
 	if ad, ok := driver.(*aufs.Driver); ok {
-		utils.Debugf("Migrating existing containers")
+		log.Debugf("Migrating existing containers")
 		if err := ad.Migrate(root, graph.SetupInitLayer); err != nil {
 			return err
 		}
diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
index eae0c7bded..131501590f 100644
--- a/components/engine/daemon/delete.go
+++ b/components/engine/daemon/delete.go
@@ -2,14 +2,13 @@ package daemon
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 
 	"github.com/docker/docker/engine"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 // FIXME: rename to ContainerRemove for consistency with the CLI command.
@@ -118,7 +117,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 			for volumeId := range volumes {
 				// If the requested volu
 				if c, exists := usedVolumes[volumeId]; exists {
-					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
+					log.Infof("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
 					continue
 				}
 				if err := daemon.Volumes().Delete(volumeId); err != nil {
@@ -153,7 +152,7 @@ func (daemon *Daemon) Destroy(container *Container) error {
 	daemon.containers.Delete(container.ID)
 
 	if _, err := daemon.containerGraph.Purge(container.ID); err != nil {
-		utils.Debugf("Unable to remove container from link graph: %s", err)
+		log.Debugf("Unable to remove container from link graph: %s", err)
 	}
 
 	if err := daemon.driver.Remove(container.ID); err != nil {
diff --git a/components/engine/daemon/execdriver/lxc/driver.go b/components/engine/daemon/execdriver/lxc/driver.go
index 7f22db7c6e..3b870172bf 100644
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@@ -14,13 +14,15 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/kr/pty"
+
 	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
-	"github.com/kr/pty"
 )
 
 const DriverName = "lxc"
@@ -318,7 +320,7 @@ func (i *info) IsRunning() bool {
 
 	output, err := i.driver.getInfo(i.ID)
 	if err != nil {
-		utils.Errorf("Error getting info for lxc container %s: %s (%s)", i.ID, err, output)
+		log.Errorf("Error getting info for lxc container %s: %s (%s)", i.ID, err, output)
 		return false
 	}
 	if strings.Contains(string(output), "RUNNING") {
diff --git a/components/engine/daemon/graphdriver/aufs/aufs.go b/components/engine/daemon/graphdriver/aufs/aufs.go
index 91eeb95e8d..4fedd2de5b 100644
--- a/components/engine/daemon/graphdriver/aufs/aufs.go
+++ b/components/engine/daemon/graphdriver/aufs/aufs.go
@@ -32,6 +32,7 @@ import (
 
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/log"
 	mountpk "github.com/docker/docker/pkg/mount"
 	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/label"
@@ -209,7 +210,7 @@ func (a *Driver) Remove(id string) error {
 	defer a.Unlock()
 
 	if a.active[id] != 0 {
-		utils.Errorf("Warning: removing active id %s\n", id)
+		log.Errorf("Warning: removing active id %s\n", id)
 	}
 
 	// Make sure the dir is umounted first
@@ -378,7 +379,7 @@ func (a *Driver) Cleanup() error {
 
 	for _, id := range ids {
 		if err := a.unmount(id); err != nil {
-			utils.Errorf("Unmounting %s: %s", utils.TruncateID(id), err)
+			log.Errorf("Unmounting %s: %s", utils.TruncateID(id), err)
 		}
 	}
 
diff --git a/components/engine/daemon/graphdriver/aufs/mount.go b/components/engine/daemon/graphdriver/aufs/mount.go
index 5f8a026c57..fa74e05b07 100644
--- a/components/engine/daemon/graphdriver/aufs/mount.go
+++ b/components/engine/daemon/graphdriver/aufs/mount.go
@@ -1,14 +1,15 @@
 package aufs
 
 import (
-	"github.com/docker/docker/utils"
 	"os/exec"
 	"syscall"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 func Unmount(target string) error {
 	if err := exec.Command("auplink", target, "flush").Run(); err != nil {
-		utils.Errorf("[warning]: couldn't run auplink before unmount: %s", err)
+		log.Errorf("[warning]: couldn't run auplink before unmount: %s", err)
 	}
 	if err := syscall.Unmount(target, 0); err != nil {
 		return err
diff --git a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
index c3e8f2820c..86714d1959 100644
--- a/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
+++ b/components/engine/daemon/graphdriver/devmapper/attach_loopback.go
@@ -7,7 +7,7 @@ import (
 	"os"
 	"syscall"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 func stringToLoopName(src string) [LoNameSize]uint8 {
@@ -39,20 +39,20 @@ func openNextAvailableLoopback(index int, sparseFile *os.File) (loopFile *os.Fil
 		fi, err := os.Stat(target)
 		if err != nil {
 			if os.IsNotExist(err) {
-				utils.Errorf("There are no more loopback devices available.")
+				log.Errorf("There are no more loopback devices available.")
 			}
 			return nil, ErrAttachLoopbackDevice
 		}
 
 		if fi.Mode()&os.ModeDevice != os.ModeDevice {
-			utils.Errorf("Loopback device %s is not a block device.", target)
+			log.Errorf("Loopback device %s is not a block device.", target)
 			continue
 		}
 
 		// OpenFile adds O_CLOEXEC
 		loopFile, err = os.OpenFile(target, os.O_RDWR, 0644)
 		if err != nil {
-			utils.Errorf("Error openning loopback device: %s", err)
+			log.Errorf("Error openning loopback device: %s", err)
 			return nil, ErrAttachLoopbackDevice
 		}
 
@@ -62,7 +62,7 @@ func openNextAvailableLoopback(index int, sparseFile *os.File) (loopFile *os.Fil
 
 			// If the error is EBUSY, then try the next loopback
 			if err != syscall.EBUSY {
-				utils.Errorf("Cannot set up loopback device %s: %s", target, err)
+				log.Errorf("Cannot set up loopback device %s: %s", target, err)
 				return nil, ErrAttachLoopbackDevice
 			}
 
@@ -75,7 +75,7 @@ func openNextAvailableLoopback(index int, sparseFile *os.File) (loopFile *os.Fil
 
 	// This can't happen, but let's be sure
 	if loopFile == nil {
-		utils.Errorf("Unreachable code reached! Error attaching %s to a loopback device.", sparseFile.Name())
+		log.Errorf("Unreachable code reached! Error attaching %s to a loopback device.", sparseFile.Name())
 		return nil, ErrAttachLoopbackDevice
 	}
 
@@ -91,13 +91,13 @@ func attachLoopDevice(sparseName string) (loop *os.File, err error) {
 	// loopback from index 0.
 	startIndex, err := getNextFreeLoopbackIndex()
 	if err != nil {
-		utils.Debugf("Error retrieving the next available loopback: %s", err)
+		log.Debugf("Error retrieving the next available loopback: %s", err)
 	}
 
 	// OpenFile adds O_CLOEXEC
 	sparseFile, err := os.OpenFile(sparseName, os.O_RDWR, 0644)
 	if err != nil {
-		utils.Errorf("Error openning sparse file %s: %s", sparseName, err)
+		log.Errorf("Error openning sparse file %s: %s", sparseName, err)
 		return nil, ErrAttachLoopbackDevice
 	}
 	defer sparseFile.Close()
@@ -115,11 +115,11 @@ func attachLoopDevice(sparseName string) (loop *os.File, err error) {
 	}
 
 	if err := ioctlLoopSetStatus64(loopFile.Fd(), loopInfo); err != nil {
-		utils.Errorf("Cannot set up loopback device info: %s", err)
+		log.Errorf("Cannot set up loopback device info: %s", err)
 
 		// If the call failed, then free the loopback device
 		if err := ioctlLoopClrFd(loopFile.Fd()); err != nil {
-			utils.Errorf("Error while cleaning up the loopback device")
+			log.Errorf("Error while cleaning up the loopback device")
 		}
 		loopFile.Close()
 		return nil, ErrAttachLoopbackDevice
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index cd12179e56..3e0b70b079 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -19,9 +19,9 @@ import (
 	"time"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
 	"github.com/docker/docker/pkg/units"
-	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/label"
 )
 
@@ -174,7 +174,7 @@ func (devices *DeviceSet) ensureImage(name string, size int64) (string, error) {
 		if !os.IsNotExist(err) {
 			return "", err
 		}
-		utils.Debugf("Creating loopback file %s for device-manage use", filename)
+		log.Debugf("Creating loopback file %s for device-manage use", filename)
 		file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
 		if err != nil {
 			return "", err
@@ -252,7 +252,7 @@ func (devices *DeviceSet) lookupDevice(hash string) (*DevInfo, error) {
 }
 
 func (devices *DeviceSet) registerDevice(id int, hash string, size uint64) (*DevInfo, error) {
-	utils.Debugf("registerDevice(%v, %v)", id, hash)
+	log.Debugf("registerDevice(%v, %v)", id, hash)
 	info := &DevInfo{
 		Hash:          hash,
 		DeviceId:      id,
@@ -278,7 +278,7 @@ func (devices *DeviceSet) registerDevice(id int, hash string, size uint64) (*Dev
 }
 
 func (devices *DeviceSet) activateDeviceIfNeeded(info *DevInfo) error {
-	utils.Debugf("activateDeviceIfNeeded(%v)", info.Hash)
+	log.Debugf("activateDeviceIfNeeded(%v)", info.Hash)
 
 	if devinfo, _ := getInfo(info.Name()); devinfo != nil && devinfo.Exists != 0 {
 		return nil
@@ -385,13 +385,13 @@ func (devices *DeviceSet) setupBaseImage() error {
 	}
 
 	if oldInfo != nil && !oldInfo.Initialized {
-		utils.Debugf("Removing uninitialized base image")
+		log.Debugf("Removing uninitialized base image")
 		if err := devices.deleteDevice(oldInfo); err != nil {
 			return err
 		}
 	}
 
-	utils.Debugf("Initializing base device-manager snapshot")
+	log.Debugf("Initializing base device-manager snapshot")
 
 	id := devices.nextDeviceId
 
@@ -403,14 +403,14 @@ func (devices *DeviceSet) setupBaseImage() error {
 	// Ids are 24bit, so wrap around
 	devices.nextDeviceId = (id + 1) & 0xffffff
 
-	utils.Debugf("Registering base device (id %v) with FS size %v", id, devices.baseFsSize)
+	log.Debugf("Registering base device (id %v) with FS size %v", id, devices.baseFsSize)
 	info, err := devices.registerDevice(id, "", devices.baseFsSize)
 	if err != nil {
 		_ = deleteDevice(devices.getPoolDevName(), id)
 		return err
 	}
 
-	utils.Debugf("Creating filesystem on base device-manager snapshot")
+	log.Debugf("Creating filesystem on base device-manager snapshot")
 
 	if err = devices.activateDeviceIfNeeded(info); err != nil {
 		return err
@@ -448,7 +448,7 @@ func (devices *DeviceSet) log(level int, file string, line int, dmError int, mes
 		return // Ignore _LOG_DEBUG
 	}
 
-	utils.Debugf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
+	log.Debugf("libdevmapper(%d): %s:%d (%d) %s", level, file, line, dmError, message)
 }
 
 func major(device uint64) uint64 {
@@ -552,13 +552,13 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	//	- The target of this device is at major <maj> and minor <min>
 	//	- If <inode> is defined, use that file inside the device as a loopback image. Otherwise use the device itself.
 	devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(sysSt.Dev), minor(sysSt.Dev), sysSt.Ino)
-	utils.Debugf("Generated prefix: %s", devices.devicePrefix)
+	log.Debugf("Generated prefix: %s", devices.devicePrefix)
 
 	// Check for the existence of the device <prefix>-pool
-	utils.Debugf("Checking for existence of the pool '%s'", devices.getPoolName())
+	log.Debugf("Checking for existence of the pool '%s'", devices.getPoolName())
 	info, err := getInfo(devices.getPoolName())
 	if info == nil {
-		utils.Debugf("Error device getInfo: %s", err)
+		log.Debugf("Error device getInfo: %s", err)
 		return err
 	}
 
@@ -574,7 +574,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 	// If the pool doesn't exist, create it
 	if info.Exists == 0 {
-		utils.Debugf("Pool doesn't exist. Creating it.")
+		log.Debugf("Pool doesn't exist. Creating it.")
 
 		var (
 			dataFile     *os.File
@@ -596,7 +596,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			data, err := devices.ensureImage("data", devices.dataLoopbackSize)
 			if err != nil {
-				utils.Debugf("Error device ensureImage (data): %s\n", err)
+				log.Debugf("Error device ensureImage (data): %s\n", err)
 				return err
 			}
 
@@ -627,7 +627,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			metadata, err := devices.ensureImage("metadata", devices.metaDataLoopbackSize)
 			if err != nil {
-				utils.Debugf("Error device ensureImage (metadata): %s\n", err)
+				log.Debugf("Error device ensureImage (metadata): %s\n", err)
 				return err
 			}
 
@@ -659,7 +659,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	// Setup the base image
 	if doInit {
 		if err := devices.setupBaseImage(); err != nil {
-			utils.Debugf("Error device setupBaseImage: %s\n", err)
+			log.Debugf("Error device setupBaseImage: %s\n", err)
 			return err
 		}
 	}
@@ -686,7 +686,7 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 	deviceId := devices.nextDeviceId
 
 	if err := createSnapDevice(devices.getPoolDevName(), &deviceId, baseInfo.Name(), baseInfo.DeviceId); err != nil {
-		utils.Debugf("Error creating snap device: %s\n", err)
+		log.Debugf("Error creating snap device: %s\n", err)
 		return err
 	}
 
@@ -695,7 +695,7 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 
 	if _, err := devices.registerDevice(deviceId, hash, baseInfo.Size); err != nil {
 		deleteDevice(devices.getPoolDevName(), deviceId)
-		utils.Debugf("Error registering device: %s\n", err)
+		log.Debugf("Error registering device: %s\n", err)
 		return err
 	}
 	return nil
@@ -708,7 +708,7 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 		// manually
 		if err := devices.activateDeviceIfNeeded(info); err == nil {
 			if err := BlockDeviceDiscard(info.DevName()); err != nil {
-				utils.Debugf("Error discarding block on device: %s (ignoring)\n", err)
+				log.Debugf("Error discarding block on device: %s (ignoring)\n", err)
 			}
 		}
 	}
@@ -716,13 +716,13 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 	devinfo, _ := getInfo(info.Name())
 	if devinfo != nil && devinfo.Exists != 0 {
 		if err := devices.removeDeviceAndWait(info.Name()); err != nil {
-			utils.Debugf("Error removing device: %s\n", err)
+			log.Debugf("Error removing device: %s\n", err)
 			return err
 		}
 	}
 
 	if err := deleteDevice(devices.getPoolDevName(), info.DeviceId); err != nil {
-		utils.Debugf("Error deleting device: %s\n", err)
+		log.Debugf("Error deleting device: %s\n", err)
 		return err
 	}
 
@@ -735,7 +735,7 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 		devices.devicesLock.Lock()
 		devices.Devices[info.Hash] = info
 		devices.devicesLock.Unlock()
-		utils.Debugf("Error removing meta data: %s\n", err)
+		log.Debugf("Error removing meta data: %s\n", err)
 		return err
 	}
 
@@ -758,8 +758,8 @@ func (devices *DeviceSet) DeleteDevice(hash string) error {
 }
 
 func (devices *DeviceSet) deactivatePool() error {
-	utils.Debugf("[devmapper] deactivatePool()")
-	defer utils.Debugf("[devmapper] deactivatePool END")
+	log.Debugf("[devmapper] deactivatePool()")
+	defer log.Debugf("[devmapper] deactivatePool END")
 	devname := devices.getPoolDevName()
 	devinfo, err := getInfo(devname)
 	if err != nil {
@@ -773,13 +773,13 @@ func (devices *DeviceSet) deactivatePool() error {
 }
 
 func (devices *DeviceSet) deactivateDevice(info *DevInfo) error {
-	utils.Debugf("[devmapper] deactivateDevice(%s)", info.Hash)
-	defer utils.Debugf("[devmapper] deactivateDevice END")
+	log.Debugf("[devmapper] deactivateDevice(%s)", info.Hash)
+	defer log.Debugf("[devmapper] deactivateDevice END")
 
 	// Wait for the unmount to be effective,
 	// by watching the value of Info.OpenCount for the device
 	if err := devices.waitClose(info); err != nil {
-		utils.Errorf("Warning: error waiting for device %s to close: %s\n", info.Hash, err)
+		log.Errorf("Warning: error waiting for device %s to close: %s\n", info.Hash, err)
 	}
 
 	devinfo, err := getInfo(info.Name())
@@ -829,8 +829,8 @@ func (devices *DeviceSet) removeDeviceAndWait(devname string) error {
 // a) the device registered at <device_set_prefix>-<hash> is removed,
 // or b) the 10 second timeout expires.
 func (devices *DeviceSet) waitRemove(devname string) error {
-	utils.Debugf("[deviceset %s] waitRemove(%s)", devices.devicePrefix, devname)
-	defer utils.Debugf("[deviceset %s] waitRemove(%s) END", devices.devicePrefix, devname)
+	log.Debugf("[deviceset %s] waitRemove(%s)", devices.devicePrefix, devname)
+	defer log.Debugf("[deviceset %s] waitRemove(%s) END", devices.devicePrefix, devname)
 	i := 0
 	for ; i < 1000; i += 1 {
 		devinfo, err := getInfo(devname)
@@ -840,7 +840,7 @@ func (devices *DeviceSet) waitRemove(devname string) error {
 			return nil
 		}
 		if i%100 == 0 {
-			utils.Debugf("Waiting for removal of %s: exists=%d", devname, devinfo.Exists)
+			log.Debugf("Waiting for removal of %s: exists=%d", devname, devinfo.Exists)
 		}
 		if devinfo.Exists == 0 {
 			break
@@ -867,7 +867,7 @@ func (devices *DeviceSet) waitClose(info *DevInfo) error {
 			return err
 		}
 		if i%100 == 0 {
-			utils.Debugf("Waiting for unmount of %s: opencount=%d", info.Hash, devinfo.OpenCount)
+			log.Debugf("Waiting for unmount of %s: opencount=%d", info.Hash, devinfo.OpenCount)
 		}
 		if devinfo.OpenCount == 0 {
 			break
@@ -884,9 +884,9 @@ func (devices *DeviceSet) waitClose(info *DevInfo) error {
 
 func (devices *DeviceSet) Shutdown() error {
 
-	utils.Debugf("[deviceset %s] shutdown()", devices.devicePrefix)
-	utils.Debugf("[devmapper] Shutting down DeviceSet: %s", devices.root)
-	defer utils.Debugf("[deviceset %s] shutdown END", devices.devicePrefix)
+	log.Debugf("[deviceset %s] shutdown()", devices.devicePrefix)
+	log.Debugf("[devmapper] Shutting down DeviceSet: %s", devices.root)
+	defer log.Debugf("[deviceset %s] shutdown END", devices.devicePrefix)
 
 	var devs []*DevInfo
 
@@ -903,12 +903,12 @@ func (devices *DeviceSet) Shutdown() error {
 			// container. This means it'll go away from the global scope directly,
 			// and the device will be released when that container dies.
 			if err := syscall.Unmount(info.mountPath, syscall.MNT_DETACH); err != nil {
-				utils.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
+				log.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
 			}
 
 			devices.Lock()
 			if err := devices.deactivateDevice(info); err != nil {
-				utils.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
+				log.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
 			}
 			devices.Unlock()
 		}
@@ -920,7 +920,7 @@ func (devices *DeviceSet) Shutdown() error {
 		info.lock.Lock()
 		devices.Lock()
 		if err := devices.deactivateDevice(info); err != nil {
-			utils.Debugf("Shutdown deactivate base , error: %s\n", err)
+			log.Debugf("Shutdown deactivate base , error: %s\n", err)
 		}
 		devices.Unlock()
 		info.lock.Unlock()
@@ -928,7 +928,7 @@ func (devices *DeviceSet) Shutdown() error {
 
 	devices.Lock()
 	if err := devices.deactivatePool(); err != nil {
-		utils.Debugf("Shutdown deactivate pool , error: %s\n", err)
+		log.Debugf("Shutdown deactivate pool , error: %s\n", err)
 	}
 	devices.Unlock()
 
@@ -992,8 +992,8 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
 }
 
 func (devices *DeviceSet) UnmountDevice(hash string) error {
-	utils.Debugf("[devmapper] UnmountDevice(hash=%s)", hash)
-	defer utils.Debugf("[devmapper] UnmountDevice END")
+	log.Debugf("[devmapper] UnmountDevice(hash=%s)", hash)
+	defer log.Debugf("[devmapper] UnmountDevice END")
 
 	info, err := devices.lookupDevice(hash)
 	if err != nil {
@@ -1015,11 +1015,11 @@ func (devices *DeviceSet) UnmountDevice(hash string) error {
 		return nil
 	}
 
-	utils.Debugf("[devmapper] Unmount(%s)", info.mountPath)
+	log.Debugf("[devmapper] Unmount(%s)", info.mountPath)
 	if err := syscall.Unmount(info.mountPath, 0); err != nil {
 		return err
 	}
-	utils.Debugf("[devmapper] Unmount done")
+	log.Debugf("[devmapper] Unmount done")
 
 	if err := devices.deactivateDevice(info); err != nil {
 		return err
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index 2c5abc9d27..c66c39546a 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -9,7 +9,7 @@ import (
 	"runtime"
 	"syscall"
 
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 type DevmapperLogger interface {
@@ -198,7 +198,7 @@ func (t *Task) GetNextTarget(next uintptr) (nextPtr uintptr, start uint64,
 func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
 	loopInfo, err := ioctlLoopGetStatus64(file.Fd())
 	if err != nil {
-		utils.Errorf("Error get loopback backing file: %s\n", err)
+		log.Errorf("Error get loopback backing file: %s\n", err)
 		return 0, 0, ErrGetLoopbackBackingFile
 	}
 	return loopInfo.loDevice, loopInfo.loInode, nil
@@ -206,7 +206,7 @@ func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
 
 func LoopbackSetCapacity(file *os.File) error {
 	if err := ioctlLoopSetCapacity(file.Fd(), 0); err != nil {
-		utils.Errorf("Error loopbackSetCapacity: %s", err)
+		log.Errorf("Error loopbackSetCapacity: %s", err)
 		return ErrLoopbackSetCapacity
 	}
 	return nil
@@ -246,7 +246,7 @@ func FindLoopDeviceFor(file *os.File) *os.File {
 
 func UdevWait(cookie uint) error {
 	if res := DmUdevWait(cookie); res != 1 {
-		utils.Debugf("Failed to wait on udev cookie %d", cookie)
+		log.Debugf("Failed to wait on udev cookie %d", cookie)
 		return ErrUdevWait
 	}
 	return nil
@@ -265,7 +265,7 @@ func logInit(logger DevmapperLogger) {
 
 func SetDevDir(dir string) error {
 	if res := DmSetDevDir(dir); res != 1 {
-		utils.Debugf("Error dm_set_dev_dir")
+		log.Debugf("Error dm_set_dev_dir")
 		return ErrSetDevDir
 	}
 	return nil
@@ -286,7 +286,7 @@ func RemoveDevice(name string) error {
 		return ErrCreateRemoveTask
 	}
 	if err := task.SetName(name); err != nil {
-		utils.Debugf("Can't set task name %s", name)
+		log.Debugf("Can't set task name %s", name)
 		return err
 	}
 	if err := task.Run(); err != nil {
@@ -298,7 +298,7 @@ func RemoveDevice(name string) error {
 func GetBlockDeviceSize(file *os.File) (uint64, error) {
 	size, err := ioctlBlkGetSize64(file.Fd())
 	if err != nil {
-		utils.Errorf("Error getblockdevicesize: %s", err)
+		log.Errorf("Error getblockdevicesize: %s", err)
 		return 0, ErrGetBlockSize
 	}
 	return uint64(size), nil
@@ -417,21 +417,21 @@ func getDriverVersion() (string, error) {
 func getStatus(name string) (uint64, uint64, string, string, error) {
 	task, err := createTask(DeviceStatus, name)
 	if task == nil {
-		utils.Debugf("getStatus: Error createTask: %s", err)
+		log.Debugf("getStatus: Error createTask: %s", err)
 		return 0, 0, "", "", err
 	}
 	if err := task.Run(); err != nil {
-		utils.Debugf("getStatus: Error Run: %s", err)
+		log.Debugf("getStatus: Error Run: %s", err)
 		return 0, 0, "", "", err
 	}
 
 	devinfo, err := task.GetInfo()
 	if err != nil {
-		utils.Debugf("getStatus: Error GetInfo: %s", err)
+		log.Debugf("getStatus: Error GetInfo: %s", err)
 		return 0, 0, "", "", err
 	}
 	if devinfo.Exists == 0 {
-		utils.Debugf("getStatus: Non existing device %s", name)
+		log.Debugf("getStatus: Non existing device %s", name)
 		return 0, 0, "", "", fmt.Errorf("Non existing device %s", name)
 	}
 
@@ -491,7 +491,7 @@ func resumeDevice(name string) error {
 }
 
 func createDevice(poolName string, deviceId *int) error {
-	utils.Debugf("[devmapper] createDevice(poolName=%v, deviceId=%v)", poolName, *deviceId)
+	log.Debugf("[devmapper] createDevice(poolName=%v, deviceId=%v)", poolName, *deviceId)
 
 	for {
 		task, err := createTask(DeviceTargetMsg, poolName)
@@ -542,8 +542,8 @@ func deleteDevice(poolName string, deviceId int) error {
 }
 
 func removeDevice(name string) error {
-	utils.Debugf("[devmapper] removeDevice START")
-	defer utils.Debugf("[devmapper] removeDevice END")
+	log.Debugf("[devmapper] removeDevice START")
+	defer log.Debugf("[devmapper] removeDevice END")
 	task, err := createTask(DeviceRemove, name)
 	if task == nil {
 		return err
diff --git a/components/engine/daemon/graphdriver/devmapper/driver.go b/components/engine/daemon/graphdriver/devmapper/driver.go
index c6b2e2b712..90ee2eb492 100644
--- a/components/engine/daemon/graphdriver/devmapper/driver.go
+++ b/components/engine/daemon/graphdriver/devmapper/driver.go
@@ -9,8 +9,8 @@ import (
 	"path"
 
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/mount"
-	"github.com/docker/docker/utils"
 )
 
 func init() {
@@ -138,7 +138,7 @@ func (d *Driver) Get(id, mountLabel string) (string, error) {
 
 func (d *Driver) Put(id string) {
 	if err := d.DeviceSet.UnmountDevice(id); err != nil {
-		utils.Errorf("Warning: error unmounting device %s: %s\n", id, err)
+		log.Errorf("Warning: error unmounting device %s: %s\n", id, err)
 	}
 }
 
diff --git a/components/engine/daemon/info.go b/components/engine/daemon/info.go
index d028a8341f..3d3c9ba6ca 100644
--- a/components/engine/daemon/info.go
+++ b/components/engine/daemon/info.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/parsers/operatingsystem"
 	"github.com/docker/docker/registry"
@@ -30,7 +31,7 @@ func (daemon *Daemon) CmdInfo(job *engine.Job) engine.Status {
 		operatingSystem = s
 	}
 	if inContainer, err := operatingsystem.IsContainerized(); err != nil {
-		utils.Errorf("Could not determine if daemon is containerized: %v", err)
+		log.Errorf("Could not determine if daemon is containerized: %v", err)
 		operatingSystem += " (error determining if containerized)"
 	} else if inContainer {
 		operatingSystem += " (containerized)"
diff --git a/components/engine/daemon/logs.go b/components/engine/daemon/logs.go
index 5962196c63..386d9c69c3 100644
--- a/components/engine/daemon/logs.go
+++ b/components/engine/daemon/logs.go
@@ -9,11 +9,11 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/tailfile"
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/jsonlog"
-	"github.com/docker/docker/utils"
 )
 
 func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
@@ -47,31 +47,31 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 	cLog, err := container.ReadLog("json")
 	if err != nil && os.IsNotExist(err) {
 		// Legacy logs
-		utils.Debugf("Old logs format")
+		log.Debugf("Old logs format")
 		if stdout {
 			cLog, err := container.ReadLog("stdout")
 			if err != nil {
-				utils.Errorf("Error reading logs (stdout): %s", err)
+				log.Errorf("Error reading logs (stdout): %s", err)
 			} else if _, err := io.Copy(job.Stdout, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stdout): %s", err)
+				log.Errorf("Error streaming logs (stdout): %s", err)
 			}
 		}
 		if stderr {
 			cLog, err := container.ReadLog("stderr")
 			if err != nil {
-				utils.Errorf("Error reading logs (stderr): %s", err)
+				log.Errorf("Error reading logs (stderr): %s", err)
 			} else if _, err := io.Copy(job.Stderr, cLog); err != nil {
-				utils.Errorf("Error streaming logs (stderr): %s", err)
+				log.Errorf("Error streaming logs (stderr): %s", err)
 			}
 		}
 	} else if err != nil {
-		utils.Errorf("Error reading logs (json): %s", err)
+		log.Errorf("Error reading logs (json): %s", err)
 	} else {
 		if tail != "all" {
 			var err error
 			lines, err = strconv.Atoi(tail)
 			if err != nil {
-				utils.Errorf("Failed to parse tail %s, error: %v, show all logs", tail, err)
+				log.Errorf("Failed to parse tail %s, error: %v, show all logs", tail, err)
 				lines = -1
 			}
 		}
@@ -95,7 +95,7 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 				if err := dec.Decode(l); err == io.EOF {
 					break
 				} else if err != nil {
-					utils.Errorf("Error streaming logs: %s", err)
+					log.Errorf("Error streaming logs: %s", err)
 					break
 				}
 				logLine := l.Log
@@ -127,7 +127,7 @@ func (daemon *Daemon) ContainerLogs(job *engine.Job) engine.Status {
 		}
 		err := <-errors
 		if err != nil {
-			utils.Errorf("%s", err)
+			log.Errorf("%s", err)
 		}
 	}
 	return engine.StatusOK
diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index aeaed67c2e..ad5e50a4a5 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -3,7 +3,6 @@ package bridge
 import (
 	"fmt"
 	"io/ioutil"
-	"log"
 	"net"
 	"strings"
 	"sync"
@@ -14,9 +13,9 @@ import (
 	"github.com/docker/docker/daemon/networkdriver/portmapper"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/pkg/iptables"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/networkfs/resolvconf"
 	"github.com/docker/docker/pkg/parsers/kernel"
-	"github.com/docker/docker/utils"
 	"github.com/docker/libcontainer/netlink"
 )
 
@@ -197,7 +196,7 @@ func setupIPTables(addr net.Addr, icc bool) error {
 		iptables.Raw(append([]string{"-D"}, acceptArgs...)...)
 
 		if !iptables.Exists(dropArgs...) {
-			utils.Debugf("Disable inter-container communication")
+			log.Debugf("Disable inter-container communication")
 			if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil {
 				return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
 			} else if len(output) != 0 {
@@ -208,7 +207,7 @@ func setupIPTables(addr net.Addr, icc bool) error {
 		iptables.Raw(append([]string{"-D"}, dropArgs...)...)
 
 		if !iptables.Exists(acceptArgs...) {
-			utils.Debugf("Enable inter-container communication")
+			log.Debugf("Enable inter-container communication")
 			if output, err := iptables.Raw(append([]string{"-I"}, acceptArgs...)...); err != nil {
 				return fmt.Errorf("Unable to allow intercontainer communication: %s", err)
 			} else if len(output) != 0 {
@@ -272,7 +271,7 @@ func createBridge(bridgeIP string) error {
 					ifaceAddr = addr
 					break
 				} else {
-					utils.Debugf("%s %s", addr, err)
+					log.Debugf("%s %s", addr, err)
 				}
 			}
 		}
@@ -281,7 +280,7 @@ func createBridge(bridgeIP string) error {
 	if ifaceAddr == "" {
 		return fmt.Errorf("Could not find a free IP address range for interface '%s'. Please configure its address manually and run 'docker -b %s'", bridgeIface, bridgeIface)
 	}
-	utils.Debugf("Creating bridge %s with network %s", bridgeIface, ifaceAddr)
+	log.Debugf("Creating bridge %s with network %s", bridgeIface, ifaceAddr)
 
 	if err := createBridgeIface(bridgeIface); err != nil {
 		return err
@@ -311,7 +310,7 @@ func createBridgeIface(name string) error {
 	// only set the bridge's mac address if the kernel version is > 3.3
 	// before that it was not supported
 	setBridgeMacAddr := err == nil && (kv.Kernel >= 3 && kv.Major >= 3)
-	utils.Debugf("setting bridge mac address = %v", setBridgeMacAddr)
+	log.Debugf("setting bridge mac address = %v", setBridgeMacAddr)
 	return netlink.CreateBridge(name, setBridgeMacAddr)
 }
 
@@ -364,12 +363,12 @@ func Release(job *engine.Job) engine.Status {
 
 	for _, nat := range containerInterface.PortMappings {
 		if err := portmapper.Unmap(nat); err != nil {
-			log.Printf("Unable to unmap port %s: %s", nat, err)
+			log.Infof("Unable to unmap port %s: %s", nat, err)
 		}
 	}
 
 	if err := ipallocator.ReleaseIP(bridgeNetwork, &containerInterface.IP); err != nil {
-		log.Printf("Unable to release ip %s\n", err)
+		log.Infof("Unable to release ip %s\n", err)
 	}
 	return engine.StatusOK
 }
diff --git a/components/engine/graph/export.go b/components/engine/graph/export.go
index 81b78ca50d..d24d97146b 100644
--- a/components/engine/graph/export.go
+++ b/components/engine/graph/export.go
@@ -9,8 +9,8 @@ import (
 
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/parsers"
-	"github.com/docker/docker/utils"
 )
 
 // CmdImageExport exports all images with the given tag. All versions
@@ -30,7 +30,7 @@ func (s *TagStore) CmdImageExport(job *engine.Job) engine.Status {
 	}
 	defer os.RemoveAll(tempdir)
 
-	utils.Debugf("Serializing %s", name)
+	log.Debugf("Serializing %s", name)
 
 	rootRepoMap := map[string]Repository{}
 	rootRepo, err := s.Get(name)
@@ -77,7 +77,7 @@ func (s *TagStore) CmdImageExport(job *engine.Job) engine.Status {
 			return job.Error(err)
 		}
 	} else {
-		utils.Debugf("There were no repositories to write")
+		log.Debugf("There were no repositories to write")
 	}
 
 	fs, err := archive.Tar(tempdir, archive.Uncompressed)
@@ -89,7 +89,7 @@ func (s *TagStore) CmdImageExport(job *engine.Job) engine.Status {
 	if _, err := io.Copy(job.Stdout, fs); err != nil {
 		return job.Error(err)
 	}
-	utils.Debugf("End Serializing %s", name)
+	log.Debugf("End Serializing %s", name)
 	return engine.StatusOK
 }
 
diff --git a/components/engine/graph/graph.go b/components/engine/graph/graph.go
index e8b52331e2..8f01739a75 100644
--- a/components/engine/graph/graph.go
+++ b/components/engine/graph/graph.go
@@ -16,6 +16,7 @@ import (
 	"github.com/docker/docker/daemon/graphdriver"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/truncindex"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
@@ -64,7 +65,7 @@ func (graph *Graph) restore() error {
 		}
 	}
 	graph.idIndex = truncindex.NewTruncIndex(ids)
-	utils.Debugf("Restored %d elements", len(dir))
+	log.Debugf("Restored %d elements", len(dir))
 	return nil
 }
 
diff --git a/components/engine/graph/load.go b/components/engine/graph/load.go
index b34c83a65a..ec87ef59e8 100644
--- a/components/engine/graph/load.go
+++ b/components/engine/graph/load.go
@@ -10,7 +10,7 @@ import (
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 // Loads a set of images into the repository. This is the complementary of ImageExport.
@@ -93,22 +93,22 @@ func (s *TagStore) CmdLoad(job *engine.Job) engine.Status {
 
 func (s *TagStore) recursiveLoad(eng *engine.Engine, address, tmpImageDir string) error {
 	if err := eng.Job("image_get", address).Run(); err != nil {
-		utils.Debugf("Loading %s", address)
+		log.Debugf("Loading %s", address)
 
 		imageJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", address, "json"))
 		if err != nil {
-			utils.Debugf("Error reading json", err)
+			log.Debugf("Error reading json", err)
 			return err
 		}
 
 		layer, err := os.Open(path.Join(tmpImageDir, "repo", address, "layer.tar"))
 		if err != nil {
-			utils.Debugf("Error reading embedded tar", err)
+			log.Debugf("Error reading embedded tar", err)
 			return err
 		}
 		img, err := image.NewImgJSON(imageJson)
 		if err != nil {
-			utils.Debugf("Error unmarshalling json", err)
+			log.Debugf("Error unmarshalling json", err)
 			return err
 		}
 		if img.Parent != "" {
@@ -122,7 +122,7 @@ func (s *TagStore) recursiveLoad(eng *engine.Engine, address, tmpImageDir string
 			return err
 		}
 	}
-	utils.Debugf("Completed processing %s", address)
+	log.Debugf("Completed processing %s", address)
 
 	return nil
 }
diff --git a/components/engine/graph/pull.go b/components/engine/graph/pull.go
index 597946337f..180612fb75 100644
--- a/components/engine/graph/pull.go
+++ b/components/engine/graph/pull.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
 )
@@ -85,10 +86,10 @@ func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName,
 		}
 	}
 
-	utils.Debugf("Retrieving the tag list")
+	log.Debugf("Retrieving the tag list")
 	tagsList, err := r.GetRemoteTags(repoData.Endpoints, remoteName, repoData.Tokens)
 	if err != nil {
-		utils.Errorf("%v", err)
+		log.Errorf("%v", err)
 		return err
 	}
 
@@ -100,7 +101,7 @@ func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName,
 		}
 	}
 
-	utils.Debugf("Registering tags")
+	log.Debugf("Registering tags")
 	// If no tag has been specified, pull them all
 	if askedTag == "" {
 		for tag, id := range tagsList {
@@ -119,7 +120,7 @@ func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName,
 	for _, image := range repoData.ImgList {
 		downloadImage := func(img *registry.ImgData) {
 			if askedTag != "" && img.Tag != askedTag {
-				utils.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
+				log.Debugf("(%s) does not match %s (id: %s), skipping", img.Tag, askedTag, img.ID)
 				if parallel {
 					errors <- nil
 				}
@@ -127,7 +128,7 @@ func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName,
 			}
 
 			if img.Tag == "" {
-				utils.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
+				log.Debugf("Image (id: %s) present in this repository but untagged, skipping", img.ID)
 				if parallel {
 					errors <- nil
 				}
@@ -141,7 +142,7 @@ func (s *TagStore) pullRepository(r *registry.Session, out io.Writer, localName,
 					<-c
 					out.Write(sf.FormatProgress(utils.TruncateID(img.ID), "Download complete", nil))
 				} else {
-					utils.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
+					log.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
 				}
 				if parallel {
 					errors <- nil
@@ -224,7 +225,7 @@ func (s *TagStore) pullImage(r *registry.Session, out io.Writer, imgID, endpoint
 
 		// ensure no two downloads of the same layer happen at the same time
 		if c, err := s.poolAdd("pull", "layer:"+id); err != nil {
-			utils.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
+			log.Debugf("Image (id: %s) pull is already running, skipping: %v", id, err)
 			<-c
 		}
 		defer s.poolRemove("pull", "layer:"+id)
diff --git a/components/engine/graph/push.go b/components/engine/graph/push.go
index bec76ca7f9..33d30cc501 100644
--- a/components/engine/graph/push.go
+++ b/components/engine/graph/push.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/docker/docker/archive"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/registry"
 	"github.com/docker/docker/utils"
 )
@@ -54,15 +55,15 @@ func (s *TagStore) getImageList(localRepo map[string]string, requestedTag string
 	if len(imageList) == 0 {
 		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
 	}
-	utils.Debugf("Image list: %v", imageList)
-	utils.Debugf("Tags by image: %v", tagsByImage)
+	log.Debugf("Image list: %v", imageList)
+	log.Debugf("Tags by image: %v", tagsByImage)
 
 	return imageList, tagsByImage, nil
 }
 
 func (s *TagStore) pushRepository(r *registry.Session, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
 	out = utils.NewWriteFlusher(out)
-	utils.Debugf("Local repo: %s", localRepo)
+	log.Debugf("Local repo: %s", localRepo)
 	imgList, tagsByImage, err := s.getImageList(localRepo, tag)
 	if err != nil {
 		return err
@@ -96,9 +97,9 @@ func (s *TagStore) pushRepository(r *registry.Session, out io.Writer, localName,
 		}
 	}
 
-	utils.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
+	log.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
 	for _, data := range imageIndex {
-		utils.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
+		log.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
 	}
 
 	// Register all the images in a repository with the registry
@@ -170,7 +171,7 @@ func (s *TagStore) pushImage(r *registry.Session, out io.Writer, remote, imgID,
 	defer os.RemoveAll(layerData.Name())
 
 	// Send the layer
-	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
+	log.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
 
 	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
 	if err != nil {
diff --git a/components/engine/graph/service.go b/components/engine/graph/service.go
index ef48c0b064..b7db35dcdd 100644
--- a/components/engine/graph/service.go
+++ b/components/engine/graph/service.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 func (s *TagStore) Install(eng *engine.Engine) error {
@@ -173,7 +173,7 @@ func (s *TagStore) CmdTarLayer(job *engine.Job) engine.Status {
 		if written, err := io.Copy(job.Stdout, fs); err != nil {
 			return job.Error(err)
 		} else {
-			utils.Debugf("rendered layer for %s of [%d] size", image.ID, written)
+			log.Debugf("rendered layer for %s of [%d] size", image.ID, written)
 		}
 
 		return engine.StatusOK
diff --git a/components/engine/image/image.go b/components/engine/image/image.go
index e57311aa86..94c6462011 100644
--- a/components/engine/image/image.go
+++ b/components/engine/image/image.go
@@ -3,15 +3,17 @@ package image
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/docker/docker/archive"
-	"github.com/docker/docker/daemon/graphdriver"
-	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/utils"
 	"io/ioutil"
 	"os"
 	"path"
 	"strconv"
 	"time"
+
+	"github.com/docker/docker/archive"
+	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/pkg/log"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
 )
 
 type Image struct {
@@ -87,11 +89,11 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro
 			}
 		} else {
 			start := time.Now().UTC()
-			utils.Debugf("Start untar layer")
+			log.Debugf("Start untar layer")
 			if err := archive.ApplyLayer(layer, layerData); err != nil {
 				return err
 			}
-			utils.Debugf("Untar time: %vs", time.Now().UTC().Sub(start).Seconds())
+			log.Debugf("Untar time: %vs", time.Now().UTC().Sub(start).Seconds())
 
 			if img.Parent == "" {
 				if size, err = utils.TreeSize(layer); err != nil {
@@ -299,7 +301,7 @@ func (img *Image) Depth() (int, error) {
 func NewImgJSON(src []byte) (*Image, error) {
 	ret := &Image{}
 
-	utils.Debugf("Json string: {%s}", src)
+	log.Debugf("Json string: {%s}", src)
 	// FIXME: Is there a cleaner way to "purify" the input json?
 	if err := json.Unmarshal(src, ret); err != nil {
 		return nil, err
diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go
index 1dce2d5204..10735750dc 100644
--- a/components/engine/integration/commands_test.go
+++ b/components/engine/integration/commands_test.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/docker/docker/api/client"
 	"github.com/docker/docker/daemon"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/term"
 	"github.com/docker/docker/utils"
 )
@@ -174,7 +175,7 @@ func TestRunDisconnectTty(t *testing.T) {
 		// We're simulating a disconnect so the return value doesn't matter. What matters is the
 		// fact that CmdRun returns.
 		if err := cli.CmdRun("-i", "-t", unitTestImageID, "/bin/cat"); err != nil {
-			utils.Debugf("Error CmdRun: %s", err)
+			log.Debugf("Error CmdRun: %s", err)
 		}
 	}()
 
@@ -414,7 +415,7 @@ func TestAttachDisconnect(t *testing.T) {
 	go func() {
 		// Start a process in daemon mode
 		if err := cli.CmdRun("-d", "-i", unitTestImageID, "/bin/cat"); err != nil {
-			utils.Debugf("Error CmdRun: %s", err)
+			log.Debugf("Error CmdRun: %s", err)
 		}
 	}()
 
diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 52839253d1..7d4cf8f53f 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"log"
+	std_log "log"
 	"net"
 	"net/url"
 	"os"
@@ -20,6 +20,7 @@ import (
 	"github.com/docker/docker/engine"
 	"github.com/docker/docker/image"
 	"github.com/docker/docker/nat"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/reexec"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
@@ -99,7 +100,7 @@ func init() {
 	}
 
 	if uid := syscall.Geteuid(); uid != 0 {
-		log.Fatal("docker tests need to be run as root")
+		log.Fatalf("docker tests need to be run as root")
 	}
 
 	// Copy dockerinit into our current testing directory, if provided (so we can test a separate dockerinit binary)
@@ -133,7 +134,7 @@ func init() {
 }
 
 func setupBaseImage() {
-	eng := newTestEngine(log.New(os.Stderr, "", 0), false, unitTestStoreBase)
+	eng := newTestEngine(std_log.New(os.Stderr, "", 0), false, unitTestStoreBase)
 	job := eng.Job("image_inspect", unitTestImageName)
 	img, _ := job.Stdout.AddEnv()
 	// If the unit test is not found, try to download it.
@@ -149,17 +150,17 @@ func setupBaseImage() {
 
 func spawnGlobalDaemon() {
 	if globalDaemon != nil {
-		utils.Debugf("Global daemon already exists. Skipping.")
+		log.Debugf("Global daemon already exists. Skipping.")
 		return
 	}
-	t := log.New(os.Stderr, "", 0)
+	t := std_log.New(os.Stderr, "", 0)
 	eng := NewTestEngine(t)
 	globalEngine = eng
 	globalDaemon = mkDaemonFromEngine(eng, t)
 
 	// Spawn a Daemon
 	go func() {
-		utils.Debugf("Spawning global daemon for integration tests")
+		log.Debugf("Spawning global daemon for integration tests")
 		listenURL := &url.URL{
 			Scheme: testDaemonProto,
 			Host:   testDaemonAddr,
@@ -197,7 +198,7 @@ func spawnRogueHttpsDaemon() {
 }
 
 func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
-	t := log.New(os.Stderr, "", 0)
+	t := std_log.New(os.Stderr, "", 0)
 	root, err := newTestDirectory(unitTestStoreBase)
 	if err != nil {
 		t.Fatal(err)
@@ -209,7 +210,7 @@ func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
 
 	// Spawn a Daemon
 	go func() {
-		utils.Debugf("Spawning https daemon for integration tests")
+		log.Debugf("Spawning https daemon for integration tests")
 		listenURL := &url.URL{
 			Scheme: testDaemonHttpsProto,
 			Host:   addr,
diff --git a/components/engine/pkg/broadcastwriter/broadcastwriter.go b/components/engine/pkg/broadcastwriter/broadcastwriter.go
index a16d8de5f7..3bf1272df9 100644
--- a/components/engine/pkg/broadcastwriter/broadcastwriter.go
+++ b/components/engine/pkg/broadcastwriter/broadcastwriter.go
@@ -4,11 +4,11 @@ import (
 	"bytes"
 	"encoding/json"
 	"io"
-	"log"
 	"sync"
 	"time"
 
 	"github.com/docker/docker/pkg/jsonlog"
+	"github.com/docker/docker/pkg/log"
 )
 
 // BroadcastWriter accumulate multiple io.WriteCloser by stream.
@@ -56,7 +56,7 @@ func (w *BroadcastWriter) Write(p []byte) (n int, err error) {
 			}
 			b, err := json.Marshal(jsonlog.JSONLog{Log: line, Stream: stream, Created: created})
 			if err != nil {
-				log.Printf("Error making JSON log line: %s", err)
+				log.Errorf("Error making JSON log line: %s", err)
 				continue
 			}
 			b = append(b, '\n')
diff --git a/components/engine/pkg/httputils/resumablerequestreader.go b/components/engine/pkg/httputils/resumablerequestreader.go
index dbc9d9b292..71533d37c9 100644
--- a/components/engine/pkg/httputils/resumablerequestreader.go
+++ b/components/engine/pkg/httputils/resumablerequestreader.go
@@ -3,9 +3,10 @@ package httputils
 import (
 	"fmt"
 	"io"
-	"log"
 	"net/http"
 	"time"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 type resumableRequestReader struct {
@@ -71,7 +72,7 @@ func (r *resumableRequestReader) Read(p []byte) (n int, err error) {
 		r.cleanUpResponse()
 	}
 	if err != nil && err != io.EOF {
-		log.Printf("encountered error during pull and clearing it before resume: %s", err)
+		log.Infof("encountered error during pull and clearing it before resume: %s", err)
 		err = nil
 	}
 	return n, err
diff --git a/components/engine/pkg/log/log.go b/components/engine/pkg/log/log.go
new file mode 100644
index 0000000000..53513a9e25
--- /dev/null
+++ b/components/engine/pkg/log/log.go
@@ -0,0 +1,77 @@
+package log
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"runtime"
+	"strings"
+)
+
+type priority int
+
+const (
+	errorFormat = "[%s] %s:%d %s\n"
+	logFormat   = "[%s] %s\n"
+
+	fatal priority = iota
+	error
+	info
+	debug
+)
+
+func (p priority) String() string {
+	switch p {
+	case fatal:
+		return "fatal"
+	case error:
+		return "error"
+	case info:
+		return "info"
+	case debug:
+		return "debug"
+	}
+
+	return ""
+}
+
+// Debug function, if the debug flag is set, then display. Do nothing otherwise
+// If Docker is in damon mode, also send the debug info on the socket
+func Debugf(format string, a ...interface{}) {
+	if os.Getenv("DEBUG") != "" {
+		logf(os.Stderr, debug, format, a...)
+	}
+}
+
+func Infof(format string, a ...interface{}) {
+	logf(os.Stdout, info, format, a...)
+}
+
+func Errorf(format string, a ...interface{}) {
+	logf(os.Stderr, error, format, a...)
+}
+
+func Fatalf(format string, a ...interface{}) {
+	logf(os.Stderr, fatal, format, a...)
+	os.Exit(1)
+}
+
+func logf(stream io.Writer, level priority, format string, a ...interface{}) {
+	var prefix string
+
+	if level <= error || level == debug {
+		// Retrieve the stack infos
+		_, file, line, ok := runtime.Caller(2)
+		if !ok {
+			file = "<unknown>"
+			line = -1
+		} else {
+			file = file[strings.LastIndex(file, "/")+1:]
+		}
+		prefix = fmt.Sprintf(errorFormat, level.String(), file, line, format)
+	} else {
+		prefix = fmt.Sprintf(logFormat, level.String(), format)
+	}
+
+	fmt.Fprintf(stream, prefix, a...)
+}
diff --git a/components/engine/pkg/log/log_test.go b/components/engine/pkg/log/log_test.go
new file mode 100644
index 0000000000..83ba5fd27c
--- /dev/null
+++ b/components/engine/pkg/log/log_test.go
@@ -0,0 +1,37 @@
+package log
+
+import (
+	"bytes"
+	"regexp"
+
+	"testing"
+)
+
+func TestLogFatalf(t *testing.T) {
+	var output *bytes.Buffer
+
+	tests := []struct {
+		Level           priority
+		Format          string
+		Values          []interface{}
+		ExpectedPattern string
+	}{
+		{fatal, "%d + %d = %d", []interface{}{1, 1, 2}, "\\[fatal\\] testing.go:\\d+ 1 \\+ 1 = 2"},
+		{error, "%d + %d = %d", []interface{}{1, 1, 2}, "\\[error\\] testing.go:\\d+ 1 \\+ 1 = 2"},
+		{info, "%d + %d = %d", []interface{}{1, 1, 2}, "\\[info\\] 1 \\+ 1 = 2"},
+		{debug, "%d + %d = %d", []interface{}{1, 1, 2}, "\\[debug\\] testing.go:\\d+ 1 \\+ 1 = 2"},
+	}
+
+	for i, test := range tests {
+		output = &bytes.Buffer{}
+		logf(output, test.Level, test.Format, test.Values...)
+
+		expected := regexp.MustCompile(test.ExpectedPattern)
+		if !expected.MatchString(output.String()) {
+			t.Errorf("[%d] Log output does not match expected pattern:\n\tExpected: %s\n\tOutput: %s",
+				i,
+				expected.String(),
+				output.String())
+		}
+	}
+}
diff --git a/components/engine/pkg/tarsum/tarsum.go b/components/engine/pkg/tarsum/tarsum.go
index bc017d0c55..32b5e42589 100644
--- a/components/engine/pkg/tarsum/tarsum.go
+++ b/components/engine/pkg/tarsum/tarsum.go
@@ -7,12 +7,13 @@ import (
 	"encoding/hex"
 	"hash"
 	"io"
-	"log"
 	"sort"
 	"strconv"
 	"strings"
 
 	"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 type TarSum struct {
@@ -170,11 +171,11 @@ func (ts *TarSum) Sum(extra []byte) string {
 		h.Write(extra)
 	}
 	for _, sum := range sums {
-		log.Printf("-->%s<--", sum)
+		log.Infof("-->%s<--", sum)
 		h.Write([]byte(sum))
 	}
 	checksum := "tarsum+sha256:" + hex.EncodeToString(h.Sum(nil))
-	log.Printf("checksum processed: %s", checksum)
+	log.Infof("checksum processed: %s", checksum)
 	return checksum
 }
 
diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go
index 14b8f6d5bd..9c76aca9f7 100644
--- a/components/engine/registry/registry.go
+++ b/components/engine/registry/registry.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/utils"
 )
 
@@ -186,17 +187,17 @@ func pingRegistryEndpoint(endpoint string) (RegistryInfo, error) {
 		Standalone: true,
 	}
 	if err := json.Unmarshal(jsonString, &info); err != nil {
-		utils.Debugf("Error unmarshalling the _ping RegistryInfo: %s", err)
+		log.Debugf("Error unmarshalling the _ping RegistryInfo: %s", err)
 		// don't stop here. Just assume sane defaults
 	}
 	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
-		utils.Debugf("Registry version header: '%s'", hdr)
+		log.Debugf("Registry version header: '%s'", hdr)
 		info.Version = hdr
 	}
-	utils.Debugf("RegistryInfo.Version: %q", info.Version)
+	log.Debugf("RegistryInfo.Version: %q", info.Version)
 
 	standalone := resp.Header.Get("X-Docker-Registry-Standalone")
-	utils.Debugf("Registry standalone header: '%s'", standalone)
+	log.Debugf("Registry standalone header: '%s'", standalone)
 	// Accepted values are "true" (case-insensitive) and "1".
 	if strings.EqualFold(standalone, "true") || standalone == "1" {
 		info.Standalone = true
@@ -204,7 +205,7 @@ func pingRegistryEndpoint(endpoint string) (RegistryInfo, error) {
 		// there is a header set, and it is not "true" or "1", so assume fails
 		info.Standalone = false
 	}
-	utils.Debugf("RegistryInfo.Standalone: %q", info.Standalone)
+	log.Debugf("RegistryInfo.Standalone: %q", info.Standalone)
 	return info, nil
 }
 
@@ -274,7 +275,7 @@ func ExpandAndVerifyRegistryUrl(hostname string) (string, error) {
 	}
 	endpoint := fmt.Sprintf("https://%s/v1/", hostname)
 	if _, err := pingRegistryEndpoint(endpoint); err != nil {
-		utils.Debugf("Registry %s does not work (%s), falling back to http", endpoint, err)
+		log.Debugf("Registry %s does not work (%s), falling back to http", endpoint, err)
 		endpoint = fmt.Sprintf("http://%s/v1/", hostname)
 		if _, err = pingRegistryEndpoint(endpoint); err != nil {
 			//TODO: triggering highland build can be done there without "failing"
diff --git a/components/engine/registry/registry_mock_test.go b/components/engine/registry/registry_mock_test.go
index 1a622228e3..2b4cd9deaf 100644
--- a/components/engine/registry/registry_mock_test.go
+++ b/components/engine/registry/registry_mock_test.go
@@ -3,8 +3,6 @@ package registry
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/docker/docker/utils"
-	"github.com/gorilla/mux"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -14,6 +12,10 @@ import (
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/gorilla/mux"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 var (
@@ -96,7 +98,7 @@ func init() {
 
 func handlerAccessLog(handler http.Handler) http.Handler {
 	logHandler := func(w http.ResponseWriter, r *http.Request) {
-		utils.Debugf("%s \"%s %s\"", r.RemoteAddr, r.Method, r.URL)
+		log.Debugf("%s \"%s %s\"", r.RemoteAddr, r.Method, r.URL)
 		handler.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(logHandler)
diff --git a/components/engine/runconfig/merge.go b/components/engine/runconfig/merge.go
index 8b1428ed3b..0c60d1df0b 100644
--- a/components/engine/runconfig/merge.go
+++ b/components/engine/runconfig/merge.go
@@ -4,7 +4,7 @@ import (
 	"strings"
 
 	"github.com/docker/docker/nat"
-	"github.com/docker/docker/utils"
+	"github.com/docker/docker/pkg/log"
 )
 
 func Merge(userConf, imageConf *Config) error {
@@ -50,7 +50,7 @@ func Merge(userConf, imageConf *Config) error {
 	}
 	if len(imageConf.PortSpecs) > 0 {
 		// FIXME: I think we can safely remove this. Leaving it for now for the sake of reverse-compat paranoia.
-		utils.Debugf("Migrating image port specs to containter: %s", strings.Join(imageConf.PortSpecs, ", "))
+		log.Debugf("Migrating image port specs to containter: %s", strings.Join(imageConf.PortSpecs, ", "))
 		if userConf.ExposedPorts == nil {
 			userConf.ExposedPorts = make(nat.PortSet)
 		}
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 96c36dd394..5805b6665b 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -226,7 +226,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	// parse the '-e' and '--env' after, to allow override
 	envVariables = append(envVariables, flEnv.GetAll()...)
 	// boo, there's no debug output for docker run
-	//utils.Debugf("Environment variables for the container: %#v", envVariables)
+	//log.Debugf("Environment variables for the container: %#v", envVariables)
 
 	netMode, err := parseNetMode(*flNetMode)
 	if err != nil {
diff --git a/components/engine/utils/http.go b/components/engine/utils/http.go
index e193633792..c877eefdd2 100644
--- a/components/engine/utils/http.go
+++ b/components/engine/utils/http.go
@@ -4,6 +4,8 @@ import (
 	"io"
 	"net/http"
 	"strings"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 // VersionInfo is used to model entities which has a version.
@@ -157,6 +159,6 @@ func (h *HTTPRequestFactory) NewRequest(method, urlStr string, body io.Reader, d
 			return nil, err
 		}
 	}
-	Debugf("%v -- HEADERS: %v", req.URL, req.Header)
+	log.Debugf("%v -- HEADERS: %v", req.URL, req.Header)
 	return req, err
 }
diff --git a/components/engine/utils/stdcopy.go b/components/engine/utils/stdcopy.go
index bb9d632661..08263de0ff 100644
--- a/components/engine/utils/stdcopy.go
+++ b/components/engine/utils/stdcopy.go
@@ -4,6 +4,8 @@ import (
 	"encoding/binary"
 	"errors"
 	"io"
+
+	"github.com/docker/docker/pkg/log"
 )
 
 const (
@@ -85,13 +87,13 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 			nr += nr2
 			if er == io.EOF {
 				if nr < StdWriterPrefixLen {
-					Debugf("Corrupted prefix: %v", buf[:nr])
+					log.Debugf("Corrupted prefix: %v", buf[:nr])
 					return written, nil
 				}
 				break
 			}
 			if er != nil {
-				Debugf("Error reading header: %s", er)
+				log.Debugf("Error reading header: %s", er)
 				return 0, er
 			}
 		}
@@ -107,18 +109,18 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 			// Write on stderr
 			out = dsterr
 		default:
-			Debugf("Error selecting output fd: (%d)", buf[StdWriterFdIndex])
+			log.Debugf("Error selecting output fd: (%d)", buf[StdWriterFdIndex])
 			return 0, ErrInvalidStdHeader
 		}
 
 		// Retrieve the size of the frame
 		frameSize = int(binary.BigEndian.Uint32(buf[StdWriterSizeIndex : StdWriterSizeIndex+4]))
-		Debugf("framesize: %d", frameSize)
+		log.Debugf("framesize: %d", frameSize)
 
 		// Check if the buffer is big enough to read the frame.
 		// Extend it if necessary.
 		if frameSize+StdWriterPrefixLen > bufLen {
-			Debugf("Extending buffer cap by %d (was %d)", frameSize+StdWriterPrefixLen-bufLen+1, len(buf))
+			log.Debugf("Extending buffer cap by %d (was %d)", frameSize+StdWriterPrefixLen-bufLen+1, len(buf))
 			buf = append(buf, make([]byte, frameSize+StdWriterPrefixLen-bufLen+1)...)
 			bufLen = len(buf)
 		}
@@ -130,13 +132,13 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 			nr += nr2
 			if er == io.EOF {
 				if nr < frameSize+StdWriterPrefixLen {
-					Debugf("Corrupted frame: %v", buf[StdWriterPrefixLen:nr])
+					log.Debugf("Corrupted frame: %v", buf[StdWriterPrefixLen:nr])
 					return written, nil
 				}
 				break
 			}
 			if er != nil {
-				Debugf("Error reading frame: %s", er)
+				log.Debugf("Error reading frame: %s", er)
 				return 0, er
 			}
 		}
@@ -144,12 +146,12 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 		// Write the retrieved frame (without header)
 		nw, ew = out.Write(buf[StdWriterPrefixLen : frameSize+StdWriterPrefixLen])
 		if ew != nil {
-			Debugf("Error writing frame: %s", ew)
+			log.Debugf("Error writing frame: %s", ew)
 			return 0, ew
 		}
 		// If the frame has not been fully written: error
 		if nw != frameSize {
-			Debugf("Error Short Write: (%d on %d)", nw, frameSize)
+			log.Debugf("Error Short Write: (%d on %d)", nw, frameSize)
 			return 0, io.ErrShortWrite
 		}
 		written += int64(nw)
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 8dea2af6f2..71c886c06a 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -20,6 +20,7 @@ import (
 	"syscall"
 
 	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/log"
 )
 
 type KeyValuePair struct {
@@ -54,31 +55,6 @@ func Download(url string) (resp *http.Response, err error) {
 	return resp, nil
 }
 
-func logf(level string, format string, a ...interface{}) {
-	// Retrieve the stack infos
-	_, file, line, ok := runtime.Caller(2)
-	if !ok {
-		file = "<unknown>"
-		line = -1
-	} else {
-		file = file[strings.LastIndex(file, "/")+1:]
-	}
-
-	fmt.Fprintf(os.Stderr, fmt.Sprintf("[%s] %s:%d %s\n", level, file, line, format), a...)
-}
-
-// Debug function, if the debug flag is set, then display. Do nothing otherwise
-// If Docker is in damon mode, also send the debug info on the socket
-func Debugf(format string, a ...interface{}) {
-	if os.Getenv("DEBUG") != "" {
-		logf("debug", format, a...)
-	}
-}
-
-func Errorf(format string, a ...interface{}) {
-	logf("error", format, a...)
-}
-
 func Trunc(s string, maxlen int) string {
 	if len(s) <= maxlen {
 		return s
@@ -264,7 +240,7 @@ func (r *bufReader) Close() error {
 
 func GetTotalUsedFds() int {
 	if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil {
-		Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)
+		log.Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err)
 	} else {
 		return len(fds)
 	}
@@ -705,15 +681,15 @@ func Matches(relFilePath string, patterns []string) (bool, error) {
 	for _, exclude := range patterns {
 		matched, err := filepath.Match(exclude, relFilePath)
 		if err != nil {
-			Errorf("Error matching: %s (pattern: %s)", relFilePath, exclude)
+			log.Errorf("Error matching: %s (pattern: %s)", relFilePath, exclude)
 			return false, err
 		}
 		if matched {
 			if filepath.Clean(relFilePath) == "." {
-				Errorf("Can't exclude whole path, excluding pattern: %s", exclude)
+				log.Errorf("Can't exclude whole path, excluding pattern: %s", exclude)
 				continue
 			}
-			Debugf("Skipping excluded path: %s", relFilePath)
+			log.Debugf("Skipping excluded path: %s", relFilePath)
 			return true, nil
 		}
 	}

From b8d5783511bc8cd980529f8873b43d8fb08d9076 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <github@hollensbe.org>
Date: Wed, 13 Aug 2014 15:13:21 -0700
Subject: [PATCH 469/516] move utils.Fataler to pkg/log.Fataler

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: ac63d925d2618e700d117c5d9e402ccc0c5cecc8
Component: engine
---
 components/engine/integration/utils_test.go | 39 +++++++++++----------
 components/engine/pkg/log/log.go            |  6 ++++
 components/engine/registry/session.go       | 33 ++++++++---------
 components/engine/utils/utils.go            |  6 ----
 4 files changed, 43 insertions(+), 41 deletions(-)

diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go
index b070288533..7962886d2e 100644
--- a/components/engine/integration/utils_test.go
+++ b/components/engine/integration/utils_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/docker/docker/builtins"
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/engine"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/docker/utils"
 )
@@ -28,7 +29,7 @@ import (
 
 // Create a temporary daemon suitable for unit testing.
 // Call t.Fatal() at the first error.
-func mkDaemon(f utils.Fataler) *daemon.Daemon {
+func mkDaemon(f log.Fataler) *daemon.Daemon {
 	eng := newTestEngine(f, false, "")
 	return mkDaemonFromEngine(eng, f)
 	// FIXME:
@@ -37,7 +38,7 @@ func mkDaemon(f utils.Fataler) *daemon.Daemon {
 	// [...]
 }
 
-func createNamedTestContainer(eng *engine.Engine, config *runconfig.Config, f utils.Fataler, name string) (shortId string) {
+func createNamedTestContainer(eng *engine.Engine, config *runconfig.Config, f log.Fataler, name string) (shortId string) {
 	job := eng.Job("create", name)
 	if err := job.ImportEnv(config); err != nil {
 		f.Fatal(err)
@@ -50,23 +51,23 @@ func createNamedTestContainer(eng *engine.Engine, config *runconfig.Config, f ut
 	return engine.Tail(outputBuffer, 1)
 }
 
-func createTestContainer(eng *engine.Engine, config *runconfig.Config, f utils.Fataler) (shortId string) {
+func createTestContainer(eng *engine.Engine, config *runconfig.Config, f log.Fataler) (shortId string) {
 	return createNamedTestContainer(eng, config, f, "")
 }
 
-func startContainer(eng *engine.Engine, id string, t utils.Fataler) {
+func startContainer(eng *engine.Engine, id string, t log.Fataler) {
 	job := eng.Job("start", id)
 	if err := job.Run(); err != nil {
 		t.Fatal(err)
 	}
 }
 
-func containerRun(eng *engine.Engine, id string, t utils.Fataler) {
+func containerRun(eng *engine.Engine, id string, t log.Fataler) {
 	startContainer(eng, id, t)
 	containerWait(eng, id, t)
 }
 
-func containerFileExists(eng *engine.Engine, id, dir string, t utils.Fataler) bool {
+func containerFileExists(eng *engine.Engine, id, dir string, t log.Fataler) bool {
 	c := getContainer(eng, id, t)
 	if err := c.Mount(); err != nil {
 		t.Fatal(err)
@@ -81,7 +82,7 @@ func containerFileExists(eng *engine.Engine, id, dir string, t utils.Fataler) bo
 	return true
 }
 
-func containerAttach(eng *engine.Engine, id string, t utils.Fataler) (io.WriteCloser, io.ReadCloser) {
+func containerAttach(eng *engine.Engine, id string, t log.Fataler) (io.WriteCloser, io.ReadCloser) {
 	c := getContainer(eng, id, t)
 	i, err := c.StdinPipe()
 	if err != nil {
@@ -94,31 +95,31 @@ func containerAttach(eng *engine.Engine, id string, t utils.Fataler) (io.WriteCl
 	return i, o
 }
 
-func containerWait(eng *engine.Engine, id string, t utils.Fataler) int {
+func containerWait(eng *engine.Engine, id string, t log.Fataler) int {
 	ex, _ := getContainer(eng, id, t).State.WaitStop(-1 * time.Second)
 	return ex
 }
 
-func containerWaitTimeout(eng *engine.Engine, id string, t utils.Fataler) error {
+func containerWaitTimeout(eng *engine.Engine, id string, t log.Fataler) error {
 	_, err := getContainer(eng, id, t).State.WaitStop(500 * time.Millisecond)
 	return err
 }
 
-func containerKill(eng *engine.Engine, id string, t utils.Fataler) {
+func containerKill(eng *engine.Engine, id string, t log.Fataler) {
 	if err := eng.Job("kill", id).Run(); err != nil {
 		t.Fatal(err)
 	}
 }
 
-func containerRunning(eng *engine.Engine, id string, t utils.Fataler) bool {
+func containerRunning(eng *engine.Engine, id string, t log.Fataler) bool {
 	return getContainer(eng, id, t).State.IsRunning()
 }
 
-func containerAssertExists(eng *engine.Engine, id string, t utils.Fataler) {
+func containerAssertExists(eng *engine.Engine, id string, t log.Fataler) {
 	getContainer(eng, id, t)
 }
 
-func containerAssertNotExists(eng *engine.Engine, id string, t utils.Fataler) {
+func containerAssertNotExists(eng *engine.Engine, id string, t log.Fataler) {
 	daemon := mkDaemonFromEngine(eng, t)
 	if c := daemon.Get(id); c != nil {
 		t.Fatal(fmt.Errorf("Container %s should not exist", id))
@@ -127,7 +128,7 @@ func containerAssertNotExists(eng *engine.Engine, id string, t utils.Fataler) {
 
 // assertHttpNotError expect the given response to not have an error.
 // Otherwise the it causes the test to fail.
-func assertHttpNotError(r *httptest.ResponseRecorder, t utils.Fataler) {
+func assertHttpNotError(r *httptest.ResponseRecorder, t log.Fataler) {
 	// Non-error http status are [200, 400)
 	if r.Code < http.StatusOK || r.Code >= http.StatusBadRequest {
 		t.Fatal(fmt.Errorf("Unexpected http error: %v", r.Code))
@@ -136,14 +137,14 @@ func assertHttpNotError(r *httptest.ResponseRecorder, t utils.Fataler) {
 
 // assertHttpError expect the given response to have an error.
 // Otherwise the it causes the test to fail.
-func assertHttpError(r *httptest.ResponseRecorder, t utils.Fataler) {
+func assertHttpError(r *httptest.ResponseRecorder, t log.Fataler) {
 	// Non-error http status are [200, 400)
 	if !(r.Code < http.StatusOK || r.Code >= http.StatusBadRequest) {
 		t.Fatal(fmt.Errorf("Unexpected http success code: %v", r.Code))
 	}
 }
 
-func getContainer(eng *engine.Engine, id string, t utils.Fataler) *daemon.Container {
+func getContainer(eng *engine.Engine, id string, t log.Fataler) *daemon.Container {
 	daemon := mkDaemonFromEngine(eng, t)
 	c := daemon.Get(id)
 	if c == nil {
@@ -152,7 +153,7 @@ func getContainer(eng *engine.Engine, id string, t utils.Fataler) *daemon.Contai
 	return c
 }
 
-func mkDaemonFromEngine(eng *engine.Engine, t utils.Fataler) *daemon.Daemon {
+func mkDaemonFromEngine(eng *engine.Engine, t log.Fataler) *daemon.Daemon {
 	iDaemon := eng.Hack_GetGlobalVar("httpapi.daemon")
 	if iDaemon == nil {
 		panic("Legacy daemon field not set in engine")
@@ -164,7 +165,7 @@ func mkDaemonFromEngine(eng *engine.Engine, t utils.Fataler) *daemon.Daemon {
 	return daemon
 }
 
-func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engine {
+func newTestEngine(t log.Fataler, autorestart bool, root string) *engine.Engine {
 	if root == "" {
 		if dir, err := newTestDirectory(unitTestStoreBase); err != nil {
 			t.Fatal(err)
@@ -196,7 +197,7 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin
 	return eng
 }
 
-func NewTestEngine(t utils.Fataler) *engine.Engine {
+func NewTestEngine(t log.Fataler) *engine.Engine {
 	return newTestEngine(t, false, "")
 }
 
diff --git a/components/engine/pkg/log/log.go b/components/engine/pkg/log/log.go
index 53513a9e25..53be6cf182 100644
--- a/components/engine/pkg/log/log.go
+++ b/components/engine/pkg/log/log.go
@@ -20,6 +20,12 @@ const (
 	debug
 )
 
+// A common interface to access the Fatal method of
+// both testing.B and testing.T.
+type Fataler interface {
+	Fatal(args ...interface{})
+}
+
 func (p priority) String() string {
 	switch p {
 	case fatal:
diff --git a/components/engine/registry/session.go b/components/engine/registry/session.go
index e60fbeb749..82b931f269 100644
--- a/components/engine/registry/session.go
+++ b/components/engine/registry/session.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/docker/docker/pkg/httputils"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/pkg/tarsum"
 	"github.com/docker/docker/utils"
 )
@@ -52,7 +53,7 @@ func NewSession(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, index
 			return nil, err
 		}
 		if info.Standalone {
-			utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint)
+			log.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint)
 			dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password)
 			factory.AddDecorator(dec)
 		}
@@ -91,7 +92,7 @@ func (r *Session) GetRemoteHistory(imgID, registry string, token []string) ([]st
 		return nil, fmt.Errorf("Error while reading the http response: %s", err)
 	}
 
-	utils.Debugf("Ancestry: %s", jsonString)
+	log.Debugf("Ancestry: %s", jsonString)
 	history := new([]string)
 	if err := json.Unmarshal(jsonString, history); err != nil {
 		return nil, err
@@ -105,13 +106,13 @@ func (r *Session) LookupRemoteImage(imgID, registry string, token []string) bool
 
 	req, err := r.reqFactory.NewRequest("GET", registry+"images/"+imgID+"/json", nil)
 	if err != nil {
-		utils.Errorf("Error in LookupRemoteImage %s", err)
+		log.Errorf("Error in LookupRemoteImage %s", err)
 		return false
 	}
 	setTokenAuth(req, token)
 	res, _, err := r.doRequest(req)
 	if err != nil {
-		utils.Errorf("Error in LookupRemoteImage %s", err)
+		log.Errorf("Error in LookupRemoteImage %s", err)
 		return false
 	}
 	res.Body.Close()
@@ -184,10 +185,10 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, token []string, im
 	}
 
 	if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 {
-		utils.Debugf("server supports resume")
+		log.Debugf("server supports resume")
 		return httputils.ResumableRequestReaderWithInitialResponse(client, req, 5, imgSize, res), nil
 	}
-	utils.Debugf("server doesn't support resume")
+	log.Debugf("server doesn't support resume")
 	return res.Body, nil
 }
 
@@ -210,7 +211,7 @@ func (r *Session) GetRemoteTags(registries []string, repository string, token []
 			return nil, err
 		}
 
-		utils.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
+		log.Debugf("Got status code %d from %s", res.StatusCode, endpoint)
 		defer res.Body.Close()
 
 		if res.StatusCode != 200 && res.StatusCode != 404 {
@@ -255,7 +256,7 @@ func (r *Session) GetRepositoryData(remote string) (*RepositoryData, error) {
 	indexEp := r.indexEndpoint
 	repositoryTarget := fmt.Sprintf("%srepositories/%s/images", indexEp, remote)
 
-	utils.Debugf("[registry] Calling GET %s", repositoryTarget)
+	log.Debugf("[registry] Calling GET %s", repositoryTarget)
 
 	req, err := r.reqFactory.NewRequest("GET", repositoryTarget, nil)
 	if err != nil {
@@ -324,7 +325,7 @@ func (r *Session) GetRepositoryData(remote string) (*RepositoryData, error) {
 
 func (r *Session) PushImageChecksumRegistry(imgData *ImgData, registry string, token []string) error {
 
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/checksum")
+	log.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/checksum")
 
 	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/checksum", nil)
 	if err != nil {
@@ -361,7 +362,7 @@ func (r *Session) PushImageChecksumRegistry(imgData *ImgData, registry string, t
 // Push a local image to the registry
 func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, registry string, token []string) error {
 
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/json")
+	log.Debugf("[registry] Calling PUT %s", registry+"images/"+imgData.ID+"/json")
 
 	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgData.ID+"/json", bytes.NewReader(jsonRaw))
 	if err != nil {
@@ -396,7 +397,7 @@ func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regist
 
 func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry string, token []string, jsonRaw []byte) (checksum string, checksumPayload string, err error) {
 
-	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
+	log.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
 
 	tarsumLayer := &tarsum.TarSum{Reader: layer}
 	h := sha256.New()
@@ -483,8 +484,8 @@ func (r *Session) PushImageJSONIndex(remote string, imgList []*ImgData, validate
 		suffix = "images"
 	}
 	u := fmt.Sprintf("%srepositories/%s/%s", indexEp, remote, suffix)
-	utils.Debugf("[registry] PUT %s", u)
-	utils.Debugf("Image list pushed to index:\n%s", imgListJSON)
+	log.Debugf("[registry] PUT %s", u)
+	log.Debugf("Image list pushed to index:\n%s", imgListJSON)
 	req, err := r.reqFactory.NewRequest("PUT", u, bytes.NewReader(imgListJSON))
 	if err != nil {
 		return nil, err
@@ -505,7 +506,7 @@ func (r *Session) PushImageJSONIndex(remote string, imgList []*ImgData, validate
 
 	// Redirect if necessary
 	for res.StatusCode >= 300 && res.StatusCode < 400 {
-		utils.Debugf("Redirected to %s", res.Header.Get("Location"))
+		log.Debugf("Redirected to %s", res.Header.Get("Location"))
 		req, err = r.reqFactory.NewRequest("PUT", res.Header.Get("Location"), bytes.NewReader(imgListJSON))
 		if err != nil {
 			return nil, err
@@ -534,7 +535,7 @@ func (r *Session) PushImageJSONIndex(remote string, imgList []*ImgData, validate
 		}
 		if res.Header.Get("X-Docker-Token") != "" {
 			tokens = res.Header["X-Docker-Token"]
-			utils.Debugf("Auth token: %v", tokens)
+			log.Debugf("Auth token: %v", tokens)
 		} else {
 			return nil, fmt.Errorf("Index response didn't contain an access token")
 		}
@@ -565,7 +566,7 @@ func (r *Session) PushImageJSONIndex(remote string, imgList []*ImgData, validate
 }
 
 func (r *Session) SearchRepositories(term string) (*SearchResults, error) {
-	utils.Debugf("Index server: %s", r.indexEndpoint)
+	log.Debugf("Index server: %s", r.indexEndpoint)
 	u := r.indexEndpoint + "search?q=" + url.QueryEscape(term)
 	req, err := r.reqFactory.NewRequest("GET", u, nil)
 	if err != nil {
diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go
index 71c886c06a..da6854b63c 100644
--- a/components/engine/utils/utils.go
+++ b/components/engine/utils/utils.go
@@ -28,12 +28,6 @@ type KeyValuePair struct {
 	Value string
 }
 
-// A common interface to access the Fatal method of
-// both testing.B and testing.T.
-type Fataler interface {
-	Fatal(args ...interface{})
-}
-
 // Go is a basic promise implementation: it wraps calls a function in a goroutine,
 // and returns a channel which will later return the function's return value.
 func Go(f func() error) chan error {

From 49eb58207e7db303af9af12a64fc66148d6bab11 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 15:53:10 -0700
Subject: [PATCH 470/516] Restart containers based on restart policy

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: bd8c9dc2395032a893e959e48f9a8536858d67e0
Component: engine
---
 components/engine/daemon/container.go     | 140 +++++++++++++++-------
 components/engine/runconfig/hostconfig.go |   2 +
 components/engine/runconfig/parse.go      |   2 +
 3 files changed, 103 insertions(+), 41 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 50de4fc536..6786c2b2f1 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -75,6 +76,7 @@ type Container struct {
 
 	daemon                   *Daemon
 	MountLabel, ProcessLabel string
+	RestartCount             int
 
 	Volumes map[string]string
 	// Store rw/ro in a separate structure to preserve reverse-compatibility on-disk.
@@ -82,7 +84,8 @@ type Container struct {
 	VolumesRW  map[string]bool
 	hostConfig *runconfig.HostConfig
 
-	activeLinks map[string]*links.Link
+	activeLinks   map[string]*links.Link
+	requestedStop bool
 }
 
 func (container *Container) FromDisk() error {
@@ -277,6 +280,7 @@ func (container *Container) Start() (err error) {
 	if container.State.IsRunning() {
 		return nil
 	}
+
 	// if we encounter and error during start we need to ensure that any other
 	// setup has been cleaned up properly
 	defer func() {
@@ -312,9 +316,6 @@ func (container *Container) Start() (err error) {
 	if err := setupMountsForContainer(container); err != nil {
 		return err
 	}
-	if err := container.startLoggingToDisk(); err != nil {
-		return err
-	}
 
 	return container.waitForStart()
 }
@@ -497,35 +498,105 @@ func (container *Container) releaseNetwork() {
 
 func (container *Container) monitor(callback execdriver.StartCallback) error {
 	var (
-		err      error
-		exitCode int
+		err       error
+		exitCode  int
+		failCount int
 	)
 
-	pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin)
-	exitCode, err = container.daemon.Run(container, pipes, callback)
-	if err != nil {
-		log.Errorf("Error running container: %s", err)
-	}
-	container.State.SetStopped(exitCode)
+	// reset the restart count
+	container.RestartCount = -1
+	container.requestedStop = false
 
-	// Cleanup
-	container.cleanup()
+	for {
+		container.RestartCount++
 
-	// Re-create a brand new stdin pipe once the container exited
-	if container.Config.OpenStdin {
-		container.stdin, container.stdinPipe = io.Pipe()
-	}
-	container.LogEvent("die")
-	// If the engine is shutting down, don't save the container state as stopped.
-	// This will cause it to be restarted when the engine is restarted.
-	if container.daemon != nil && container.daemon.eng != nil && !container.daemon.eng.IsShutdown() {
-		if err := container.toDisk(); err != nil {
-			log.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
+		pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin)
+		if err := container.startLoggingToDisk(); err != nil {
+			return err
+		}
+
+		if exitCode, err = container.daemon.Run(container, pipes, callback); err != nil {
+			failCount++
+
+			if failCount == 100 {
+				return err
+			}
+
+			utils.Errorf("Error running container: %s", err)
+		}
+
+		// We still wait to set the state as stopped and ensure that the locks were released
+		container.State.SetStopped(exitCode)
+
+		if container.Config.OpenStdin {
+			if err := container.stdin.Close(); err != nil {
+				utils.Errorf("%s: Error close stdin: %s", container.ID, err)
+			}
+		}
+
+		if err := container.stdout.Clean(); err != nil {
+			utils.Errorf("%s: Error close stdout: %s", container.ID, err)
+		}
+
+		if err := container.stderr.Clean(); err != nil {
+			utils.Errorf("%s: Error close stderr: %s", container.ID, err)
+		}
+
+		if container.command != nil && container.command.Terminal != nil {
+			if err := container.command.Terminal.Close(); err != nil {
+				utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
+			}
+		}
+
+		// Re-create a brand new stdin pipe once the container exited
+		if container.Config.OpenStdin {
+			container.stdin, container.stdinPipe = io.Pipe()
+		}
+
+		if container.daemon != nil && container.daemon.srv != nil {
+			container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
+		}
+
+		policy := container.hostConfig.RestartPolicy
+
+		if (policy == "always" || (policy == "on-failure" && exitCode != 0)) && !container.requestedStop {
+			container.command.Cmd = copyCmd(&container.command.Cmd)
+			time.Sleep(1 * time.Second)
+		} else {
+			// do not restart the container, let it die
+			// Cleanup networking and mounts
+			container.cleanup()
+
+			if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
+				// FIXME: here is race condition between two RUN instructions in Dockerfile
+				// because they share same runconfig and change image. Must be fixed
+				// in builder/builder.go
+				if err := container.toDisk(); err != nil {
+					utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
+				}
+			}
+
+			return err
 		}
 	}
-	return err
 }
 
+func copyCmd(c *exec.Cmd) exec.Cmd {
+	return exec.Cmd{
+		Stdin:       c.Stdin,
+		Stdout:      c.Stdout,
+		Stderr:      c.Stderr,
+		Path:        c.Path,
+		Env:         c.Env,
+		ExtraFiles:  c.ExtraFiles,
+		Args:        c.Args,
+		Dir:         c.Dir,
+		SysProcAttr: c.SysProcAttr,
+	}
+}
+
+// cleanup releases any network resources allocated to the container along with any rules
+// around how containers are linked together.  It also unmounts the container's root filesystem.
 func (container *Container) cleanup() {
 	container.releaseNetwork()
 
@@ -535,22 +606,6 @@ func (container *Container) cleanup() {
 			link.Disable()
 		}
 	}
-	if container.Config.OpenStdin {
-		if err := container.stdin.Close(); err != nil {
-			log.Errorf("%s: Error close stdin: %s", container.ID, err)
-		}
-	}
-	if err := container.stdout.Clean(); err != nil {
-		log.Errorf("%s: Error close stdout: %s", container.ID, err)
-	}
-	if err := container.stderr.Clean(); err != nil {
-		log.Errorf("%s: Error close stderr: %s", container.ID, err)
-	}
-	if container.command != nil && container.command.Terminal != nil {
-		if err := container.command.Terminal.Close(); err != nil {
-			log.Errorf("%s: Error closing terminal: %s", container.ID, err)
-		}
-	}
 
 	if err := container.Unmount(); err != nil {
 		log.Errorf("%v: Failed to umount filesystem: %v", container.ID, err)
@@ -570,6 +625,8 @@ func (container *Container) KillSig(sig int) error {
 	if !container.State.IsRunning() {
 		return nil
 	}
+	container.requestedStop = true
+
 	return container.daemon.Kill(container, sig)
 }
 
@@ -1122,6 +1179,7 @@ func (container *Container) waitForStart() error {
 				c.Close()
 			}
 		}
+
 		container.State.SetRunning(command.Pid())
 		if err := container.toDisk(); err != nil {
 			log.Debugf("%s", err)
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index 77e5fd8adb..f2a369842a 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -40,6 +40,7 @@ type HostConfig struct {
 	NetworkMode     NetworkMode
 	CapAdd          []string
 	CapDrop         []string
+	RestartPolicy   string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -48,6 +49,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 		Privileged:      job.GetenvBool("Privileged"),
 		PublishAllPorts: job.GetenvBool("PublishAllPorts"),
 		NetworkMode:     NetworkMode(job.Getenv("NetworkMode")),
+		RestartPolicy:   job.Getenv("RestartPolicy"),
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 5805b6665b..3cab86234f 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -71,6 +71,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
 		flCpuset          = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)")
 		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.")
+		flRestartPolicy   = cmd.String([]string{"-restart"}, "", "Restart policy when the dies")
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.")
 		_ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")
@@ -271,6 +272,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		Devices:         deviceMappings,
 		CapAdd:          flCapAdd.GetAll(),
 		CapDrop:         flCapDrop.GetAll(),
+		RestartPolicy:   *flRestartPolicy,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {

From b662f7de79a4b5b760b4efa7e4da5d65c505596d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 16:02:29 -0700
Subject: [PATCH 471/516] Cleanup restart logic in monitor

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: e0a076d486ea49529dc3aeef2179eb0c406d0773
Component: engine
---
 components/engine/daemon/container.go | 44 +++++++++++++++------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 6786c2b2f1..6bf6aca2a3 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -501,8 +501,15 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		err       error
 		exitCode  int
 		failCount int
+
+		policy = container.hostConfig.RestartPolicy
 	)
 
+	if err := container.startLoggingToDisk(); err != nil {
+		// TODO: crosbymichael cleanup IO, network, and mounts
+		return err
+	}
+
 	// reset the restart count
 	container.RestartCount = -1
 	container.requestedStop = false
@@ -511,15 +518,12 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		container.RestartCount++
 
 		pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin)
-		if err := container.startLoggingToDisk(); err != nil {
-			return err
-		}
 
 		if exitCode, err = container.daemon.Run(container, pipes, callback); err != nil {
 			failCount++
 
 			if failCount == 100 {
-				return err
+				container.requestedStop = true
 			}
 
 			utils.Errorf("Error running container: %s", err)
@@ -557,27 +561,27 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 			container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
 		}
 
-		policy := container.hostConfig.RestartPolicy
-
 		if (policy == "always" || (policy == "on-failure" && exitCode != 0)) && !container.requestedStop {
 			container.command.Cmd = copyCmd(&container.command.Cmd)
+
 			time.Sleep(1 * time.Second)
-		} else {
-			// do not restart the container, let it die
-			// Cleanup networking and mounts
-			container.cleanup()
 
-			if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
-				// FIXME: here is race condition between two RUN instructions in Dockerfile
-				// because they share same runconfig and change image. Must be fixed
-				// in builder/builder.go
-				if err := container.toDisk(); err != nil {
-					utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
-				}
-			}
-
-			return err
+			continue
 		}
+
+		// Cleanup networking and mounts
+		container.cleanup()
+
+		if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
+			// FIXME: here is race condition between two RUN instructions in Dockerfile
+			// because they share same runconfig and change image. Must be fixed
+			// in builder/builder.go
+			if err := container.toDisk(); err != nil {
+				utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
+			}
+		}
+
+		return err
 	}
 }
 

From a9837fc603e99cf3a7bc0fa65ed9e8330aff237e Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 16:14:43 -0700
Subject: [PATCH 472/516] Add typed RestartPolicy

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: d9753ba20d5e602b0980687353d76c874b563042
Component: engine
---
 components/engine/daemon/container.go     |  7 ++--
 components/engine/runconfig/hostconfig.go | 11 +++++--
 components/engine/runconfig/parse.go      | 40 ++++++++++++++++++++++-
 3 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 6bf6aca2a3..3383276e6d 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -501,6 +501,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		err       error
 		exitCode  int
 		failCount int
+		exit      bool
 
 		policy = container.hostConfig.RestartPolicy
 	)
@@ -522,8 +523,8 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		if exitCode, err = container.daemon.Run(container, pipes, callback); err != nil {
 			failCount++
 
-			if failCount == 100 {
-				container.requestedStop = true
+			if failCount == policy.MaximumRetryCount {
+				exit = true
 			}
 
 			utils.Errorf("Error running container: %s", err)
@@ -561,7 +562,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 			container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
 		}
 
-		if (policy == "always" || (policy == "on-failure" && exitCode != 0)) && !container.requestedStop {
+		if (policy.Name == "always" || (policy.Name == "on-failure" && exitCode != 0)) && !container.requestedStop || !exit {
 			container.command.Cmd = copyCmd(&container.command.Cmd)
 
 			time.Sleep(1 * time.Second)
diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go
index f2a369842a..4dd4766e5e 100644
--- a/components/engine/runconfig/hostconfig.go
+++ b/components/engine/runconfig/hostconfig.go
@@ -25,6 +25,11 @@ type DeviceMapping struct {
 	CgroupPermissions string
 }
 
+type RestartPolicy struct {
+	Name              string
+	MaximumRetryCount int
+}
+
 type HostConfig struct {
 	Binds           []string
 	ContainerIDFile string
@@ -40,7 +45,7 @@ type HostConfig struct {
 	NetworkMode     NetworkMode
 	CapAdd          []string
 	CapDrop         []string
-	RestartPolicy   string
+	RestartPolicy   RestartPolicy
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -49,11 +54,12 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 		Privileged:      job.GetenvBool("Privileged"),
 		PublishAllPorts: job.GetenvBool("PublishAllPorts"),
 		NetworkMode:     NetworkMode(job.Getenv("NetworkMode")),
-		RestartPolicy:   job.Getenv("RestartPolicy"),
 	}
+
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
 	job.GetenvJson("Devices", &hostConfig.Devices)
+	job.GetenvJson("RestartPolicy", &hostConfig.RestartPolicy)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
@@ -75,5 +81,6 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
 		hostConfig.CapDrop = CapDrop
 	}
+
 	return hostConfig
 }
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index 3cab86234f..ea6e9ebca2 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"path"
+	"strconv"
 	"strings"
 
 	"github.com/docker/docker/nat"
@@ -234,6 +235,11 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		return nil, nil, cmd, fmt.Errorf("--net: invalid net mode: %v", err)
 	}
 
+	restartPolicy, err := parseRestartPolicy(*flRestartPolicy)
+	if err != nil {
+		return nil, nil, cmd, err
+	}
+
 	config := &Config{
 		Hostname:        hostname,
 		Domainname:      domainname,
@@ -272,7 +278,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		Devices:         deviceMappings,
 		CapAdd:          flCapAdd.GetAll(),
 		CapDrop:         flCapDrop.GetAll(),
-		RestartPolicy:   *flRestartPolicy,
+		RestartPolicy:   restartPolicy,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
@@ -287,6 +293,38 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	return config, hostConfig, cmd, nil
 }
 
+// parseRestartPolicy returns the parsed policy or an error indicating what is incorrect
+func parseRestartPolicy(policy string) (RestartPolicy, error) {
+	p := RestartPolicy{}
+
+	if policy == "" {
+		return p, nil
+	}
+
+	var (
+		parts = strings.Split(policy, ":")
+		name  = parts[0]
+	)
+
+	switch name {
+	case "no", "on-failure", "always":
+		p.Name = name
+
+		if len(parts) == 2 {
+			count, err := strconv.Atoi(parts[1])
+			if err != nil {
+				return p, err
+			}
+
+			p.MaximumRetryCount = count
+		}
+	default:
+		return p, fmt.Errorf("invalid restart policy %s", name)
+	}
+
+	return p, nil
+}
+
 // options will come in the format of name.key=value or name.option
 func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
 	out := make(map[string][]string, len(opts.GetAll()))

From b614c77a5480b283ab270ba25c34c83265623dde Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 17:05:56 -0700
Subject: [PATCH 473/516] Refactor container monitor into type

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 2b0776c883c41cda0b86808fe86e4df6e1aa1cd5
Component: engine
---
 components/engine/daemon/container.go | 142 ++-----------------
 components/engine/daemon/monitor.go   | 189 ++++++++++++++++++++++++++
 2 files changed, 204 insertions(+), 127 deletions(-)
 create mode 100644 components/engine/daemon/monitor.go

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 3383276e6d..681852a17d 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -84,8 +83,8 @@ type Container struct {
 	VolumesRW  map[string]bool
 	hostConfig *runconfig.HostConfig
 
-	activeLinks   map[string]*links.Link
-	requestedStop bool
+	activeLinks map[string]*links.Link
+	monitor     *containerMonitor
 }
 
 func (container *Container) FromDisk() error {
@@ -496,110 +495,6 @@ func (container *Container) releaseNetwork() {
 	container.NetworkSettings = &NetworkSettings{}
 }
 
-func (container *Container) monitor(callback execdriver.StartCallback) error {
-	var (
-		err       error
-		exitCode  int
-		failCount int
-		exit      bool
-
-		policy = container.hostConfig.RestartPolicy
-	)
-
-	if err := container.startLoggingToDisk(); err != nil {
-		// TODO: crosbymichael cleanup IO, network, and mounts
-		return err
-	}
-
-	// reset the restart count
-	container.RestartCount = -1
-	container.requestedStop = false
-
-	for {
-		container.RestartCount++
-
-		pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin)
-
-		if exitCode, err = container.daemon.Run(container, pipes, callback); err != nil {
-			failCount++
-
-			if failCount == policy.MaximumRetryCount {
-				exit = true
-			}
-
-			utils.Errorf("Error running container: %s", err)
-		}
-
-		// We still wait to set the state as stopped and ensure that the locks were released
-		container.State.SetStopped(exitCode)
-
-		if container.Config.OpenStdin {
-			if err := container.stdin.Close(); err != nil {
-				utils.Errorf("%s: Error close stdin: %s", container.ID, err)
-			}
-		}
-
-		if err := container.stdout.Clean(); err != nil {
-			utils.Errorf("%s: Error close stdout: %s", container.ID, err)
-		}
-
-		if err := container.stderr.Clean(); err != nil {
-			utils.Errorf("%s: Error close stderr: %s", container.ID, err)
-		}
-
-		if container.command != nil && container.command.Terminal != nil {
-			if err := container.command.Terminal.Close(); err != nil {
-				utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
-			}
-		}
-
-		// Re-create a brand new stdin pipe once the container exited
-		if container.Config.OpenStdin {
-			container.stdin, container.stdinPipe = io.Pipe()
-		}
-
-		if container.daemon != nil && container.daemon.srv != nil {
-			container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
-		}
-
-		if (policy.Name == "always" || (policy.Name == "on-failure" && exitCode != 0)) && !container.requestedStop || !exit {
-			container.command.Cmd = copyCmd(&container.command.Cmd)
-
-			time.Sleep(1 * time.Second)
-
-			continue
-		}
-
-		// Cleanup networking and mounts
-		container.cleanup()
-
-		if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() {
-			// FIXME: here is race condition between two RUN instructions in Dockerfile
-			// because they share same runconfig and change image. Must be fixed
-			// in builder/builder.go
-			if err := container.toDisk(); err != nil {
-				utils.Errorf("Error dumping container %s state to disk: %s\n", container.ID, err)
-			}
-		}
-
-		return err
-	}
-}
-
-func copyCmd(c *exec.Cmd) exec.Cmd {
-	return exec.Cmd{
-		Stdin:       c.Stdin,
-		Stdout:      c.Stdout,
-		Stderr:      c.Stderr,
-		Path:        c.Path,
-		Env:         c.Env,
-		ExtraFiles:  c.ExtraFiles,
-		Args:        c.Args,
-		Dir:         c.Dir,
-		SysProcAttr: c.SysProcAttr,
-	}
-}
-
 // cleanup releases any network resources allocated to the container along with any rules
 // around how containers are linked together.  It also unmounts the container's root filesystem.
 func (container *Container) cleanup() {
@@ -630,7 +525,10 @@ func (container *Container) KillSig(sig int) error {
 	if !container.State.IsRunning() {
 		return nil
 	}
-	container.requestedStop = true
+
+	// signal to the monitor that it should not restart the container
+	// after we send the kill signal
+	container.monitor.ExitOnNext()
 
 	return container.daemon.Kill(container, sig)
 }
@@ -1174,27 +1072,17 @@ func (container *Container) startLoggingToDisk() error {
 }
 
 func (container *Container) waitForStart() error {
-	waitStart := make(chan struct{})
-	callback := func(command *execdriver.Command) {
-		if command.Tty {
-			// The callback is called after the process Start()
-			// so we are in the parent process. In TTY mode, stdin/out/err is the PtySlace
-			// which we close here.
-			if c, ok := command.Stdout.(io.Closer); ok {
-				c.Close()
-			}
-		}
+	container.monitor = newContainerMonitor(container, container.hostConfig.RestartPolicy)
 
-		container.State.SetRunning(command.Pid())
-		if err := container.toDisk(); err != nil {
-			log.Debugf("%s", err)
-		}
+	var (
+		cErr      = utils.Go(container.monitor.Start)
+		waitStart = make(chan struct{})
+	)
+
+	go func() {
+		container.State.WaitRunning(-1 * time.Second)
 		close(waitStart)
-	}
-
-	// We use a callback here instead of a goroutine and an chan for
-	// syncronization purposes
-	cErr := utils.Go(func() error { return container.monitor(callback) })
+	}()
 
 	// Start should not return until the process is actually running
 	select {
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
new file mode 100644
index 0000000000..94d7f2b004
--- /dev/null
+++ b/components/engine/daemon/monitor.go
@@ -0,0 +1,189 @@
+package daemon
+
+import (
+	"io"
+	"os/exec"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/runconfig"
+	"github.com/docker/docker/utils"
+)
+
+// containerMonitor monitors the execution of a container's main process.
+// If a restart policy is specified for the cotnainer the monitor will ensure that the
+// process is restarted based on the rules of the policy.  When the container is finally stopped
+// the monitor will reset and cleanup any of the container resources such as networking allocations
+// and the rootfs
+type containerMonitor struct {
+	mux sync.Mutex
+
+	container     *Container
+	restartPolicy runconfig.RestartPolicy
+	failureCount  int
+	shouldStop    bool
+}
+
+func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *containerMonitor {
+	return &containerMonitor{
+		container:     container,
+		restartPolicy: policy,
+	}
+}
+
+// Stop signals to the container monitor that it should stop monitoring the container
+// for exits the next time the process dies
+func (m *containerMonitor) ExitOnNext() {
+	m.mux.Lock()
+	m.shouldStop = true
+	m.mux.Unlock()
+}
+
+// Close closes the container's resources such as networking allocations and
+// unmounts the contatiner's root filesystem
+func (m *containerMonitor) Close() error {
+	// Cleanup networking and mounts
+	m.container.cleanup()
+
+	if m.container.daemon != nil && m.container.daemon.srv != nil && m.container.daemon.srv.IsRunning() {
+		// FIXME: here is race condition between two RUN instructions in Dockerfile
+		// because they share same runconfig and change image. Must be fixed
+		// in builder/builder.go
+		if err := m.container.toDisk(); err != nil {
+			utils.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
+
+			return err
+		}
+	}
+
+	return nil
+}
+
+// reset resets the container's IO and ensures that the command is able to be executed again
+// by copying the data into a new struct
+func (m *containerMonitor) reset() {
+	container := m.container
+
+	if container.Config.OpenStdin {
+		if err := container.stdin.Close(); err != nil {
+			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
+		}
+	}
+
+	if err := container.stdout.Clean(); err != nil {
+		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
+	}
+
+	if err := container.stderr.Clean(); err != nil {
+		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
+	}
+
+	if container.command != nil && container.command.Terminal != nil {
+		if err := container.command.Terminal.Close(); err != nil {
+			utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
+		}
+	}
+
+	// Re-create a brand new stdin pipe once the container exited
+	if container.Config.OpenStdin {
+		container.stdin, container.stdinPipe = io.Pipe()
+	}
+
+	if container.daemon != nil && container.daemon.srv != nil {
+		container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
+	}
+
+	c := container.command.Cmd
+
+	container.command.Cmd = exec.Cmd{
+		Stdin:       c.Stdin,
+		Stdout:      c.Stdout,
+		Stderr:      c.Stderr,
+		Path:        c.Path,
+		Env:         c.Env,
+		ExtraFiles:  c.ExtraFiles,
+		Args:        c.Args,
+		Dir:         c.Dir,
+		SysProcAttr: c.SysProcAttr,
+	}
+}
+
+// Start starts the containers process and monitors it according to the restart policy
+func (m *containerMonitor) Start() error {
+	var (
+		err      error
+		exitCode int
+	)
+	defer m.Close()
+
+	// reset the restart count
+	m.container.RestartCount = -1
+
+	for !m.shouldStop {
+		m.container.RestartCount++
+		if err := m.container.startLoggingToDisk(); err != nil {
+			m.reset()
+
+			return err
+		}
+
+		pipes := execdriver.NewPipes(m.container.stdin, m.container.stdout, m.container.stderr, m.container.Config.OpenStdin)
+
+		if exitCode, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
+			m.failureCount++
+
+			if m.failureCount == m.restartPolicy.MaximumRetryCount {
+				m.ExitOnNext()
+			}
+
+			utils.Errorf("Error running container: %s", err)
+		}
+
+		// We still wait to set the state as stopped and ensure that the locks were released
+		m.container.State.SetStopped(exitCode)
+
+		m.reset()
+
+		if m.shouldRestart(exitCode) {
+			time.Sleep(1 * time.Second)
+
+			continue
+		}
+
+		break
+	}
+
+	return err
+}
+
+func (m *containerMonitor) shouldRestart(exitCode int) bool {
+	m.mux.Lock()
+
+	shouldRestart := (m.restartPolicy.Name == "always" ||
+		(m.restartPolicy.Name == "on-failure" && exitCode != 0)) &&
+		!m.shouldStop
+
+	m.mux.Unlock()
+
+	return shouldRestart
+}
+
+// callback ensures that the container's state is properly updated after we
+// received ack from the execution drivers
+func (m *containerMonitor) callback(command *execdriver.Command) {
+	if command.Tty {
+		// The callback is called after the process Start()
+		// so we are in the parent process. In TTY mode, stdin/out/err is the PtySlace
+		// which we close here.
+		if c, ok := command.Stdout.(io.Closer); ok {
+			c.Close()
+		}
+	}
+
+	m.container.State.SetRunning(command.Pid())
+
+	if err := m.container.ToDisk(); err != nil {
+		utils.Debugf("%s", err)
+	}
+}

From ed9f19284d73d357728a2b86e56367e1d4e46347 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 4 Aug 2014 18:20:53 -0700
Subject: [PATCH 474/516] Add documentation and update restart rules.

Implement time backed backoff for restarting and fix failure count when
the maximum is 0

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 860c13b788944410a98a6ad5b5cfb74de0a8405b
Component: engine
---
 components/engine/daemon/monitor.go           | 89 ++++++++++++++-----
 .../docs/sources/reference/commandline/cli.md | 26 ++++++
 components/engine/runconfig/parse.go          | 29 ++++--
 3 files changed, 111 insertions(+), 33 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 94d7f2b004..3eb68791d6 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -11,6 +11,8 @@ import (
 	"github.com/docker/docker/utils"
 )
 
+const defaultTimeIncrement = 100
+
 // containerMonitor monitors the execution of a container's main process.
 // If a restart policy is specified for the cotnainer the monitor will ensure that the
 // process is restarted based on the rules of the policy.  When the container is finally stopped
@@ -19,16 +21,30 @@ import (
 type containerMonitor struct {
 	mux sync.Mutex
 
-	container     *Container
+	// container is the container being monitored
+	container *Container
+
+	// restartPolicy is the being applied to the container monitor
 	restartPolicy runconfig.RestartPolicy
-	failureCount  int
-	shouldStop    bool
+
+	// failureCount is the number of times the container has failed to
+	// start in a row
+	failureCount int
+
+	// shouldStop signals the monitor that the next time the container exits it is
+	// either because docker or the user asked for the container to be stopped
+	shouldStop bool
+
+	// timeIncrement is the amount of time to wait between restarts
+	// this is in milliseconds
+	timeIncrement int
 }
 
 func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *containerMonitor {
 	return &containerMonitor{
 		container:     container,
 		restartPolicy: policy,
+		timeIncrement: defaultTimeIncrement,
 	}
 }
 
@@ -62,7 +78,7 @@ func (m *containerMonitor) Close() error {
 
 // reset resets the container's IO and ensures that the command is able to be executed again
 // by copying the data into a new struct
-func (m *containerMonitor) reset() {
+func (m *containerMonitor) reset(successful bool) {
 	container := m.container
 
 	if container.Config.OpenStdin {
@@ -107,14 +123,29 @@ func (m *containerMonitor) reset() {
 		Dir:         c.Dir,
 		SysProcAttr: c.SysProcAttr,
 	}
+
+	// the container exited successfully so we need to reset the failure counter
+	// and the timeIncrement back to the default values
+	if successful {
+		m.failureCount = 0
+		m.timeIncrement = defaultTimeIncrement
+	} else {
+		// otherwise we need to increment the amount of time we wait before restarting
+		// the process.  We will build up by multiplying the increment by 2
+
+		m.failureCount++
+		m.timeIncrement *= 2
+	}
 }
 
 // Start starts the containers process and monitors it according to the restart policy
 func (m *containerMonitor) Start() error {
 	var (
-		err      error
-		exitCode int
+		err        error
+		exitStatus int
 	)
+
+	// ensure that when the monitor finally exits we release the networking and unmount the rootfs
 	defer m.Close()
 
 	// reset the restart count
@@ -122,31 +153,26 @@ func (m *containerMonitor) Start() error {
 
 	for !m.shouldStop {
 		m.container.RestartCount++
+
 		if err := m.container.startLoggingToDisk(); err != nil {
-			m.reset()
+			m.reset(false)
 
 			return err
 		}
 
 		pipes := execdriver.NewPipes(m.container.stdin, m.container.stdout, m.container.stderr, m.container.Config.OpenStdin)
 
-		if exitCode, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
-			m.failureCount++
-
-			if m.failureCount == m.restartPolicy.MaximumRetryCount {
-				m.ExitOnNext()
-			}
-
+		if exitStatus, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
 			utils.Errorf("Error running container: %s", err)
 		}
 
 		// We still wait to set the state as stopped and ensure that the locks were released
-		m.container.State.SetStopped(exitCode)
+		m.container.State.SetStopped(exitStatus)
 
-		m.reset()
+		m.reset(err == nil && exitStatus == 0)
 
-		if m.shouldRestart(exitCode) {
-			time.Sleep(1 * time.Second)
+		if m.shouldRestart(exitStatus) {
+			time.Sleep(time.Duration(m.timeIncrement) * time.Millisecond)
 
 			continue
 		}
@@ -157,16 +183,31 @@ func (m *containerMonitor) Start() error {
 	return err
 }
 
-func (m *containerMonitor) shouldRestart(exitCode int) bool {
+// shouldRestart checks the restart policy and applies the rules to determine if
+// the container's process should be restarted
+func (m *containerMonitor) shouldRestart(exitStatus int) bool {
 	m.mux.Lock()
+	defer m.mux.Unlock()
 
-	shouldRestart := (m.restartPolicy.Name == "always" ||
-		(m.restartPolicy.Name == "on-failure" && exitCode != 0)) &&
-		!m.shouldStop
+	// do not restart if the user or docker has requested that this container be stopped
+	if m.shouldStop {
+		return false
+	}
 
-	m.mux.Unlock()
+	switch m.restartPolicy.Name {
+	case "always":
+		return true
+	case "on-failure":
+		// the default value of 0 for MaximumRetryCount means that we will not enforce a maximum count
+		if max := m.restartPolicy.MaximumRetryCount; max != 0 && m.failureCount >= max {
+			utils.Debugf("stopping restart of container %s because maximum failure could of %d has been reached", max)
+			return false
+		}
 
-	return shouldRestart
+		return exitStatus != 0
+	}
+
+	return false
 }
 
 // callback ensures that the container's state is properly updated after we
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 5e6107cfaa..8f4ed19a27 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -993,6 +993,7 @@ removed before the image is removed.
                                    format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort
                                    (use 'docker port' to see the actual mapping)
       --privileged=false         Give extended privileges to this container
+      --restart=""               Restart policy to apply when a container exits (no, on-failure, always)
       --rm=false                 Automatically remove the container when it exits (incompatible with -d)
       --sig-proxy=true           Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.
       -t, --tty=false            Allocate a pseudo-TTY
@@ -1220,6 +1221,31 @@ application change:
    `--rm` option means that when the container exits, the container's layer is
    removed.
 
+#### Restart Policies
+
+Using the `--restart` flag on docker run you can specify a restart policy for 
+how a container should or should not be restarted on exit.
+
+** no ** - Do not restart the container when it exits.
+
+** on-failure ** - Restart the container only if it exits with a non zero exit status.
+
+** always ** - Always restart the container reguardless of the exit status.
+
+You can also specify the maximum amount of times docker will try to restart the 
+container when using the ** on-failure ** policy.  The default is that docker will try forever to restart the container.
+
+    $ sudo docker run --restart=always redis
+
+This will run the redis container with a restart policy of ** always ** so that if 
+the container exits, docker will restart it.
+
+    $ sudo docker run --restart=on-failure:10 redis
+
+This will run the redis container with a restart policy of ** on-failure ** and a 
+maximum restart count of 10.  If the redis container exits with a non-zero exit 
+status more than 10 times in a row docker will abort trying to restart the container.
+
 ## save
 
     Usage: docker save IMAGE
diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go
index ea6e9ebca2..2b4dc632a0 100644
--- a/components/engine/runconfig/parse.go
+++ b/components/engine/runconfig/parse.go
@@ -17,11 +17,12 @@ import (
 )
 
 var (
-	ErrInvalidWorkingDirectory     = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
-	ErrConflictAttachDetach        = fmt.Errorf("Conflicting options: -a and -d")
-	ErrConflictDetachAutoRemove    = fmt.Errorf("Conflicting options: --rm and -d")
-	ErrConflictNetworkHostname     = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
-	ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior.")
+	ErrInvalidWorkingDirectory            = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
+	ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
+	ErrConflictDetachAutoRemove           = fmt.Errorf("Conflicting options: --rm and -d")
+	ErrConflictNetworkHostname            = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
+	ErrConflictHostNetworkAndLinks        = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior.")
+	ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
 )
 
 //FIXME Only used in tests
@@ -72,7 +73,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
 		flCpuset          = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)")
 		flNetMode         = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:<name|id>': reuses another container network stack\n'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.")
-		flRestartPolicy   = cmd.String([]string{"-restart"}, "", "Restart policy when the dies")
+		flRestartPolicy   = cmd.String([]string{"-restart"}, "", "Restart policy to apply when a container exits (no, on-failure, always)")
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.")
 		_ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")
@@ -227,8 +228,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	}
 	// parse the '-e' and '--env' after, to allow override
 	envVariables = append(envVariables, flEnv.GetAll()...)
-	// boo, there's no debug output for docker run
-	//log.Debugf("Environment variables for the container: %#v", envVariables)
 
 	netMode, err := parseNetMode(*flNetMode)
 	if err != nil {
@@ -240,6 +239,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		return nil, nil, cmd, err
 	}
 
+	if *flAutoRemove && (restartPolicy.Name == "always" || restartPolicy.Name == "on-failure") {
+		return nil, nil, cmd, ErrConflictRestartPolicyAndAutoRemove
+	}
+
 	config := &Config{
 		Hostname:        hostname,
 		Domainname:      domainname,
@@ -307,7 +310,15 @@ func parseRestartPolicy(policy string) (RestartPolicy, error) {
 	)
 
 	switch name {
-	case "no", "on-failure", "always":
+	case "always":
+		p.Name = name
+
+		if len(parts) == 2 {
+			return p, fmt.Errorf("maximum restart count not valid with restart policy of \"always\"")
+		}
+	case "no":
+		// do nothing
+	case "on-failure":
 		p.Name = name
 
 		if len(parts) == 2 {

From 623a65a209e0f46f3c59a119fddb241433b2d513 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 5 Aug 2014 14:40:50 -0700
Subject: [PATCH 475/516] Update docs based on feedback from review for
 --restart

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 617edd89f48a7082bf4ec1d28ec12eefd1057a2f
Component: engine
---
 components/engine/docs/man/docker-run.1.md       |  1 +
 .../docs/sources/reference/commandline/cli.md    | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/components/engine/docs/man/docker-run.1.md b/components/engine/docs/man/docker-run.1.md
index 4dee97f195..225fb78cb8 100644
--- a/components/engine/docs/man/docker-run.1.md
+++ b/components/engine/docs/man/docker-run.1.md
@@ -30,6 +30,7 @@ docker-run - Run a command in a new container
 [**-P**|**--publish-all**[=*false*]]
 [**-p**|**--publish**[=*[]*]]
 [**--privileged**[=*false*]]
+[**--restart**[=*POLICY*]]
 [**--rm**[=*false*]]
 [**--sig-proxy**[=*true*]]
 [**-t**|**--tty**[=*false*]]
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 8f4ed19a27..4a756cc16e 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -1223,7 +1223,7 @@ application change:
 
 #### Restart Policies
 
-Using the `--restart` flag on docker run you can specify a restart policy for 
+Using the `--restart` flag on Docker run you can specify a restart policy for 
 how a container should or should not be restarted on exit.
 
 ** no ** - Do not restart the container when it exits.
@@ -1232,19 +1232,19 @@ how a container should or should not be restarted on exit.
 
 ** always ** - Always restart the container reguardless of the exit status.
 
-You can also specify the maximum amount of times docker will try to restart the 
-container when using the ** on-failure ** policy.  The default is that docker will try forever to restart the container.
+You can also specify the maximum amount of times Docker will try to restart the 
+container when using the ** on-failure ** policy.  The default is that Docker will try forever to restart the container.
 
     $ sudo docker run --restart=always redis
 
-This will run the redis container with a restart policy of ** always ** so that if 
-the container exits, docker will restart it.
+This will run the `redis` container with a restart policy of ** always ** so that if 
+the container exits, Docker will restart it.
 
     $ sudo docker run --restart=on-failure:10 redis
 
-This will run the redis container with a restart policy of ** on-failure ** and a 
-maximum restart count of 10.  If the redis container exits with a non-zero exit 
-status more than 10 times in a row docker will abort trying to restart the container.
+This will run the `redis` container with a restart policy of ** on-failure ** and a 
+maximum restart count of 10.  If the `redis` container exits with a non-zero exit 
+status more than 10 times in a row Docker will abort trying to restart the container.
 
 ## save
 

From 91b1d9394ba1ce5f2011120a1f3d28d97fb5562a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 6 Aug 2014 10:40:43 -0700
Subject: [PATCH 476/516] Only restart containers on daemon load with policy of
 always

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 41870a42bee9c394c61aba4bd81f782dbd38da12
Component: engine
---
 components/engine/daemon/daemon.go  | 58 ++++++++++++++++++-----------
 components/engine/daemon/monitor.go | 14 +++----
 2 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index e777c4a1be..0569126e17 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -172,20 +172,24 @@ func (daemon *Daemon) load(id string) (*Container, error) {
 	if err := container.FromDisk(); err != nil {
 		return nil, err
 	}
+
 	if container.ID != id {
 		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
 	}
+
+	container.readHostConfig()
+
 	return container, nil
 }
 
 // Register makes a container object usable by the daemon as <container.ID>
 // This is a wrapper for register
 func (daemon *Daemon) Register(container *Container) error {
-	return daemon.register(container, true, nil)
+	return daemon.register(container, true)
 }
 
 // register makes a container object usable by the daemon as <container.ID>
-func (daemon *Daemon) register(container *Container, updateSuffixarray bool, containersToStart *[]*Container) error {
+func (daemon *Daemon) register(container *Container, updateSuffixarray bool) error {
 	if container.daemon != nil || daemon.Exists(container.ID) {
 		return fmt.Errorf("Container is already loaded")
 	}
@@ -257,14 +261,6 @@ func (daemon *Daemon) register(container *Container, updateSuffixarray bool, con
 			if err := container.ToDisk(); err != nil {
 				return err
 			}
-
-			if daemon.config.AutoRestart {
-				log.Debugf("Marking as restarting")
-
-				if containersToStart != nil {
-					*containersToStart = append(*containersToStart, container)
-				}
-			}
 		}
 	}
 	return nil
@@ -296,10 +292,9 @@ func (daemon *Daemon) LogToDisk(src *broadcastwriter.BroadcastWriter, dst, strea
 
 func (daemon *Daemon) restore() error {
 	var (
-		debug             = (os.Getenv("DEBUG") != "" || os.Getenv("TEST") != "")
-		containers        = make(map[string]*Container)
-		currentDriver     = daemon.driver.String()
-		containersToStart = []*Container{}
+		debug         = (os.Getenv("DEBUG") != "" || os.Getenv("TEST") != "")
+		containers    = make(map[string]*Container)
+		currentDriver = daemon.driver.String()
 	)
 
 	if !debug {
@@ -322,24 +317,33 @@ func (daemon *Daemon) restore() error {
 		}
 
 		// Ignore the container if it does not support the current driver being used by the graph
-		if container.Driver == "" && currentDriver == "aufs" || container.Driver == currentDriver {
+		if (container.Driver == "" && currentDriver == "aufs") || container.Driver == currentDriver {
 			log.Debugf("Loaded container %v", container.ID)
+
 			containers[container.ID] = container
 		} else {
 			log.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID)
 		}
 	}
 
+	registeredContainers := []*Container{}
+
 	if entities := daemon.containerGraph.List("/", -1); entities != nil {
 		for _, p := range entities.Paths() {
 			if !debug {
 				fmt.Print(".")
 			}
+
 			e := entities[p]
+
 			if container, ok := containers[e.ID()]; ok {
-				if err := daemon.register(container, false, &containersToStart); err != nil {
+				if err := daemon.register(container, false); err != nil {
 					log.Debugf("Failed to register container %s: %s", container.ID, err)
 				}
+
+				registeredContainers = append(registeredContainers, container)
+
+				// delete from the map so that a new name is not automatically generated
 				delete(containers, e.ID())
 			}
 		}
@@ -352,15 +356,27 @@ func (daemon *Daemon) restore() error {
 		if err != nil {
 			log.Debugf("Setting default id - %s", err)
 		}
-		if err := daemon.register(container, false, &containersToStart); err != nil {
+
+		if err := daemon.register(container, false); err != nil {
 			log.Debugf("Failed to register container %s: %s", container.ID, err)
 		}
+
+		registeredContainers = append(registeredContainers, container)
 	}
 
-	for _, container := range containersToStart {
-		log.Debugf("Starting container %d", container.ID)
-		if err := container.Start(); err != nil {
-			log.Debugf("Failed to start container %s: %s", container.ID, err)
+	// check the restart policy on the containers and restart any container with
+	// the restart policy of "always"
+	if daemon.config.AutoRestart {
+		log.Debugf("Restarting containers...")
+
+		for _, container := range registeredContainers {
+			if container.hostConfig.RestartPolicy.Name == "always" {
+				utils.Debugf("Starting container %s", container.ID)
+
+				if err := container.Start(); err != nil {
+					utils.Debugf("Failed to start container %s: %s", container.ID, err)
+				}
+			}
 		}
 	}
 
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 3eb68791d6..66f2a14e3e 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -62,15 +62,13 @@ func (m *containerMonitor) Close() error {
 	// Cleanup networking and mounts
 	m.container.cleanup()
 
-	if m.container.daemon != nil && m.container.daemon.srv != nil && m.container.daemon.srv.IsRunning() {
-		// FIXME: here is race condition between two RUN instructions in Dockerfile
-		// because they share same runconfig and change image. Must be fixed
-		// in builder/builder.go
-		if err := m.container.toDisk(); err != nil {
-			utils.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
+	// FIXME: here is race condition between two RUN instructions in Dockerfile
+	// because they share same runconfig and change image. Must be fixed
+	// in builder/builder.go
+	if err := m.container.toDisk(); err != nil {
+		utils.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
 
-			return err
-		}
+		return err
 	}
 
 	return nil

From 1c96d24788c7cc79b73e002c32700dc42d37cd53 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 6 Aug 2014 21:13:06 -0700
Subject: [PATCH 477/516] Restart conatiner with on-failure policy if exit code
 != 0

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: feda8fbb21489f64aa3b7340c94473a08502bd6b
Component: engine
---
 components/engine/daemon/daemon.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 0569126e17..c88ac32e63 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -370,7 +370,8 @@ func (daemon *Daemon) restore() error {
 		log.Debugf("Restarting containers...")
 
 		for _, container := range registeredContainers {
-			if container.hostConfig.RestartPolicy.Name == "always" {
+			if container.hostConfig.RestartPolicy.Name == "always" ||
+				(container.hostConfig.RestartPolicy.Name == "on-failure" && container.State.ExitCode != 0) {
 				utils.Debugf("Starting container %s", container.ID)
 
 				if err := container.Start(); err != nil {

From 4dadb32ece9a356fbda16d561ea88da3756fc9c2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 6 Aug 2014 21:15:34 -0700
Subject: [PATCH 478/516] Fix rebase around log event

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: b7550cd456e29874279499a546b07bb062a12096
Component: engine
---
 components/engine/daemon/monitor.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 66f2a14e3e..3517589a37 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -105,7 +105,7 @@ func (m *containerMonitor) reset(successful bool) {
 	}
 
 	if container.daemon != nil && container.daemon.srv != nil {
-		container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image))
+		container.LogEvent("die")
 	}
 
 	c := container.command.Cmd

From 1f88a5f013f3d14809fdaa01ec46dee938dd152f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Thu, 7 Aug 2014 10:50:25 -0700
Subject: [PATCH 479/516] Move container start event into monitor

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 6ae05936e1f343a2ecc51b8f642bdc8b93325d81
Component: engine
---
 components/engine/daemon/monitor.go | 6 +++---
 components/engine/daemon/start.go   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 3517589a37..6f172dc155 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -104,9 +104,7 @@ func (m *containerMonitor) reset(successful bool) {
 		container.stdin, container.stdinPipe = io.Pipe()
 	}
 
-	if container.daemon != nil && container.daemon.srv != nil {
-		container.LogEvent("die")
-	}
+	container.LogEvent("die")
 
 	c := container.command.Cmd
 
@@ -160,6 +158,8 @@ func (m *containerMonitor) Start() error {
 
 		pipes := execdriver.NewPipes(m.container.stdin, m.container.stdout, m.container.stderr, m.container.Config.OpenStdin)
 
+		m.container.LogEvent("start")
+
 		if exitStatus, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
 			utils.Errorf("Error running container: %s", err)
 		}
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
index cb6e9cb21f..30e015496f 100644
--- a/components/engine/daemon/start.go
+++ b/components/engine/daemon/start.go
@@ -36,7 +36,7 @@ func (daemon *Daemon) ContainerStart(job *engine.Job) engine.Status {
 	if err := container.Start(); err != nil {
 		return job.Errorf("Cannot start container %s: %s", name, err)
 	}
-	container.LogEvent("start")
+
 	return engine.StatusOK
 }
 

From 6ce3708a4026d78c903a6e34bce47509caaddc2a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 11 Aug 2014 10:50:02 -0700
Subject: [PATCH 480/516] Add additional comments for vague lines

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: be22d7ac2db6396becd63ec2dd28b9731011c9b9
Component: engine
---
 components/engine/daemon/monitor.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 6f172dc155..97fbe6ab47 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -164,12 +164,15 @@ func (m *containerMonitor) Start() error {
 			utils.Errorf("Error running container: %s", err)
 		}
 
-		// We still wait to set the state as stopped and ensure that the locks were released
+		// we still wait to set the state as stopped and ensure that the locks were released
 		m.container.State.SetStopped(exitStatus)
 
+		// pass if we exited successfully
 		m.reset(err == nil && exitStatus == 0)
 
 		if m.shouldRestart(exitStatus) {
+			// sleep with a small time increment between each restart to help avoid issues cased by quickly
+			// restarting the container because of some types of errors ( networking cut out, etc... )
 			time.Sleep(time.Duration(m.timeIncrement) * time.Millisecond)
 
 			continue

From 73d4ecfe93c4b58aff1eb9e90bfabd20425f2bfb Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 11 Aug 2014 11:07:37 -0700
Subject: [PATCH 481/516] Add Restarting state when docker is handling the
 restart of containers

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: a2afb2b1e37e72cab0d68cfe8dd0ec830b7a54e5
Component: engine
---
 components/engine/daemon/monitor.go | 141 +++++++++++++++-------------
 components/engine/daemon/state.go   |  30 ++++++
 2 files changed, 105 insertions(+), 66 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 97fbe6ab47..b733531dff 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -74,66 +74,6 @@ func (m *containerMonitor) Close() error {
 	return nil
 }
 
-// reset resets the container's IO and ensures that the command is able to be executed again
-// by copying the data into a new struct
-func (m *containerMonitor) reset(successful bool) {
-	container := m.container
-
-	if container.Config.OpenStdin {
-		if err := container.stdin.Close(); err != nil {
-			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
-		}
-	}
-
-	if err := container.stdout.Clean(); err != nil {
-		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
-	}
-
-	if err := container.stderr.Clean(); err != nil {
-		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
-	}
-
-	if container.command != nil && container.command.Terminal != nil {
-		if err := container.command.Terminal.Close(); err != nil {
-			utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
-		}
-	}
-
-	// Re-create a brand new stdin pipe once the container exited
-	if container.Config.OpenStdin {
-		container.stdin, container.stdinPipe = io.Pipe()
-	}
-
-	container.LogEvent("die")
-
-	c := container.command.Cmd
-
-	container.command.Cmd = exec.Cmd{
-		Stdin:       c.Stdin,
-		Stdout:      c.Stdout,
-		Stderr:      c.Stderr,
-		Path:        c.Path,
-		Env:         c.Env,
-		ExtraFiles:  c.ExtraFiles,
-		Args:        c.Args,
-		Dir:         c.Dir,
-		SysProcAttr: c.SysProcAttr,
-	}
-
-	// the container exited successfully so we need to reset the failure counter
-	// and the timeIncrement back to the default values
-	if successful {
-		m.failureCount = 0
-		m.timeIncrement = defaultTimeIncrement
-	} else {
-		// otherwise we need to increment the amount of time we wait before restarting
-		// the process.  We will build up by multiplying the increment by 2
-
-		m.failureCount++
-		m.timeIncrement *= 2
-	}
-}
-
 // Start starts the containers process and monitors it according to the restart policy
 func (m *containerMonitor) Start() error {
 	var (
@@ -151,7 +91,7 @@ func (m *containerMonitor) Start() error {
 		m.container.RestartCount++
 
 		if err := m.container.startLoggingToDisk(); err != nil {
-			m.reset(false)
+			m.resetContainer()
 
 			return err
 		}
@@ -164,18 +104,23 @@ func (m *containerMonitor) Start() error {
 			utils.Errorf("Error running container: %s", err)
 		}
 
-		// we still wait to set the state as stopped and ensure that the locks were released
-		m.container.State.SetStopped(exitStatus)
-
-		// pass if we exited successfully
-		m.reset(err == nil && exitStatus == 0)
+		m.resetMonitor(err == nil && exitStatus == 0)
 
 		if m.shouldRestart(exitStatus) {
+			m.container.State.SetRestarting(exitStatus)
+
+			m.resetContainer()
+
 			// sleep with a small time increment between each restart to help avoid issues cased by quickly
 			// restarting the container because of some types of errors ( networking cut out, etc... )
 			time.Sleep(time.Duration(m.timeIncrement) * time.Millisecond)
 
 			continue
+		} else {
+			// we still wait to set the state as stopped and ensure that the locks were released
+			m.container.State.SetStopped(exitStatus)
+
+			m.resetContainer()
 		}
 
 		break
@@ -184,6 +129,23 @@ func (m *containerMonitor) Start() error {
 	return err
 }
 
+// resetMonitor resets the stateful fields on the containerMonitor based on the
+// previous runs success or failure
+func (m *containerMonitor) resetMonitor(successful bool) {
+	// the container exited successfully so we need to reset the failure counter
+	// and the timeIncrement back to the default values
+	if successful {
+		m.failureCount = 0
+		m.timeIncrement = defaultTimeIncrement
+	} else {
+		// otherwise we need to increment the amount of time we wait before restarting
+		// the process.  We will build up by multiplying the increment by 2
+
+		m.failureCount++
+		m.timeIncrement *= 2
+	}
+}
+
 // shouldRestart checks the restart policy and applies the rules to determine if
 // the container's process should be restarted
 func (m *containerMonitor) shouldRestart(exitStatus int) bool {
@@ -229,3 +191,50 @@ func (m *containerMonitor) callback(command *execdriver.Command) {
 		utils.Debugf("%s", err)
 	}
 }
+
+// resetContainer resets the container's IO and ensures that the command is able to be executed again
+// by copying the data into a new struct
+func (m *containerMonitor) resetContainer() {
+	container := m.container
+
+	if container.Config.OpenStdin {
+		if err := container.stdin.Close(); err != nil {
+			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
+		}
+	}
+
+	if err := container.stdout.Clean(); err != nil {
+		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
+	}
+
+	if err := container.stderr.Clean(); err != nil {
+		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
+	}
+
+	if container.command != nil && container.command.Terminal != nil {
+		if err := container.command.Terminal.Close(); err != nil {
+			utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
+		}
+	}
+
+	// Re-create a brand new stdin pipe once the container exited
+	if container.Config.OpenStdin {
+		container.stdin, container.stdinPipe = io.Pipe()
+	}
+
+	container.LogEvent("die")
+
+	c := container.command.Cmd
+
+	container.command.Cmd = exec.Cmd{
+		Stdin:       c.Stdin,
+		Stdout:      c.Stdout,
+		Stderr:      c.Stderr,
+		Path:        c.Path,
+		Env:         c.Env,
+		ExtraFiles:  c.ExtraFiles,
+		Args:        c.Args,
+		Dir:         c.Dir,
+		SysProcAttr: c.SysProcAttr,
+	}
+}
diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index 9baa396843..00597d699a 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -12,6 +12,7 @@ type State struct {
 	sync.RWMutex
 	Running    bool
 	Paused     bool
+	Restarting bool
 	Pid        int
 	ExitCode   int
 	StartedAt  time.Time
@@ -30,15 +31,22 @@ func (s *State) String() string {
 	s.RLock()
 	defer s.RUnlock()
 
+	if s.Restarting {
+		return fmt.Sprintf("Restarting (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
+	}
+
 	if s.Running {
 		if s.Paused {
 			return fmt.Sprintf("Up %s (Paused)", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 		}
+
 		return fmt.Sprintf("Up %s", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 	}
+
 	if s.FinishedAt.IsZero() {
 		return ""
 	}
+
 	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
 }
 
@@ -135,6 +143,28 @@ func (s *State) SetStopped(exitCode int) {
 	s.Unlock()
 }
 
+// SetRestarting is when docker hanldes the auto restart of containers when they are
+// in the middle of a stop and being restarted again
+func (s *State) SetRestarting(exitCode int) {
+	s.Lock()
+	if s.Running {
+		s.Running = false
+		s.Pid = 0
+		s.FinishedAt = time.Now().UTC()
+		s.ExitCode = exitCode
+		close(s.waitChan) // fire waiters for stop
+		s.waitChan = make(chan struct{})
+	}
+	s.Unlock()
+}
+
+func (s *State) IsRestarting() bool {
+	s.RLock()
+	res := s.Restarting
+	s.RUnlock()
+	return res
+}
+
 func (s *State) SetPaused() {
 	s.Lock()
 	s.Paused = true

From 5ac7ecfbf77e5fd69e11f35f29234346bad3f586 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 11 Aug 2014 11:35:18 -0700
Subject: [PATCH 482/516] Honor the restarting state in Stop

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: c4a00d549d0b895bb990491cbdf58aabe2891842
Component: engine
---
 components/engine/daemon/container.go |  7 +++++++
 components/engine/daemon/monitor.go   |  9 ++++-----
 components/engine/daemon/state.go     | 12 +++++++-----
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 681852a17d..e0da3c144a 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -530,6 +530,13 @@ func (container *Container) KillSig(sig int) error {
 	// after we send the kill signal
 	container.monitor.ExitOnNext()
 
+	// if the container is currently restarting we do not need to send the signal
+	// to the process.  Telling the monitor that it should exit on it's next event
+	// loop is enough
+	if container.State.IsRestarting() {
+		return nil
+	}
+
 	return container.daemon.Kill(container, sig)
 }
 
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index b733531dff..6c6c7b76db 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -116,16 +116,15 @@ func (m *containerMonitor) Start() error {
 			time.Sleep(time.Duration(m.timeIncrement) * time.Millisecond)
 
 			continue
-		} else {
-			// we still wait to set the state as stopped and ensure that the locks were released
-			m.container.State.SetStopped(exitStatus)
-
-			m.resetContainer()
 		}
 
 		break
 	}
 
+	m.container.State.SetStopped(exitStatus)
+
+	m.resetContainer()
+
 	return err
 }
 
diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index 00597d699a..61b65f7d4e 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -31,14 +31,13 @@ func (s *State) String() string {
 	s.RLock()
 	defer s.RUnlock()
 
-	if s.Restarting {
-		return fmt.Sprintf("Restarting (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
-	}
-
 	if s.Running {
 		if s.Paused {
 			return fmt.Sprintf("Up %s (Paused)", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 		}
+		if s.Restarting {
+			return fmt.Sprintf("Restarting (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
+		}
 
 		return fmt.Sprintf("Up %s", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 	}
@@ -148,7 +147,10 @@ func (s *State) SetStopped(exitCode int) {
 func (s *State) SetRestarting(exitCode int) {
 	s.Lock()
 	if s.Running {
-		s.Running = false
+		// we should consider the container running when it is restarting because of
+		// all the checks in docker around rm/stop/etc
+		s.Running = true
+		s.Restarting = true
 		s.Pid = 0
 		s.FinishedAt = time.Now().UTC()
 		s.ExitCode = exitCode

From 9726fa5fb8f6678b0fb054fb8434140e0b59e45a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Mon, 11 Aug 2014 15:00:55 -0700
Subject: [PATCH 483/516] Improve wait during restart

We need to do this so that when a user asks docker to stop the container
and it is currently in the restart loop we don't want to have to wait
for the duration of the restart time increment before ack. the stop.

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 972c89493148f930388097816663d453bf3e8c2c
Component: engine
---
 components/engine/daemon/monitor.go | 50 +++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 9 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 6c6c7b76db..d9e67b0681 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -35,6 +35,11 @@ type containerMonitor struct {
 	// either because docker or the user asked for the container to be stopped
 	shouldStop bool
 
+	// stopChan is used to signal to the monitor whenever there is a wait for the
+	// next restart so that the timeIncrement is not honored and the user is not
+	// left waiting for nothing to happen during this time
+	stopChan chan struct{}
+
 	// timeIncrement is the amount of time to wait between restarts
 	// this is in milliseconds
 	timeIncrement int
@@ -45,6 +50,7 @@ func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *
 		container:     container,
 		restartPolicy: policy,
 		timeIncrement: defaultTimeIncrement,
+		stopChan:      make(chan struct{}, 1),
 	}
 }
 
@@ -52,7 +58,14 @@ func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *
 // for exits the next time the process dies
 func (m *containerMonitor) ExitOnNext() {
 	m.mux.Lock()
-	m.shouldStop = true
+
+	// we need to protect having a double close of the channel when stop is called
+	// twice or else we will get a panic
+	if !m.shouldStop {
+		m.shouldStop = true
+		close(m.stopChan)
+	}
+
 	m.mux.Unlock()
 }
 
@@ -87,7 +100,7 @@ func (m *containerMonitor) Start() error {
 	// reset the restart count
 	m.container.RestartCount = -1
 
-	for !m.shouldStop {
+	for {
 		m.container.RestartCount++
 
 		if err := m.container.startLoggingToDisk(); err != nil {
@@ -109,22 +122,34 @@ func (m *containerMonitor) Start() error {
 		if m.shouldRestart(exitStatus) {
 			m.container.State.SetRestarting(exitStatus)
 
+			m.container.LogEvent("die")
+
 			m.resetContainer()
 
 			// sleep with a small time increment between each restart to help avoid issues cased by quickly
 			// restarting the container because of some types of errors ( networking cut out, etc... )
-			time.Sleep(time.Duration(m.timeIncrement) * time.Millisecond)
+			m.waitForNextRestart()
+
+			// we need to check this before reentering the loop because the waitForNextRestart could have
+			// been terminated by a request from a user
+			if m.shouldStop {
+				m.container.State.SetStopped(exitStatus)
+
+				return err
+			}
 
 			continue
 		}
 
+		m.container.State.SetStopped(exitStatus)
+
+		m.container.LogEvent("die")
+
+		m.resetContainer()
+
 		break
 	}
 
-	m.container.State.SetStopped(exitStatus)
-
-	m.resetContainer()
-
 	return err
 }
 
@@ -145,6 +170,15 @@ func (m *containerMonitor) resetMonitor(successful bool) {
 	}
 }
 
+// waitForNextRestart waits with the default time increment to restart the container unless
+// a user or docker asks to container to be stopped
+func (m *containerMonitor) waitForNextRestart() {
+	select {
+	case <-time.After(time.Duration(m.timeIncrement) * time.Millisecond):
+	case <-m.stopChan:
+	}
+}
+
 // shouldRestart checks the restart policy and applies the rules to determine if
 // the container's process should be restarted
 func (m *containerMonitor) shouldRestart(exitStatus int) bool {
@@ -221,8 +255,6 @@ func (m *containerMonitor) resetContainer() {
 		container.stdin, container.stdinPipe = io.Pipe()
 	}
 
-	container.LogEvent("die")
-
 	c := container.command.Cmd
 
 	container.command.Cmd = exec.Cmd{

From 10b2364f1389a396da84a0552583129429249fea Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 12 Aug 2014 13:08:26 -0700
Subject: [PATCH 484/516] Reguardless of success reset time increment

Reset the time increment if the container's execution time is greater
than 10s or else as a container runs and is restarted the time will grow
overtime.

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: ebf5d4657d14c7b57a5ca1c7b8689077b18b33dc
Component: engine
---
 components/engine/daemon/monitor.go | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index d9e67b0681..231b883a3a 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -43,6 +43,9 @@ type containerMonitor struct {
 	// timeIncrement is the amount of time to wait between restarts
 	// this is in milliseconds
 	timeIncrement int
+
+	// lastStartTime is the time which the monitor last exec'd the container's process
+	lastStartTime time.Time
 }
 
 func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *containerMonitor {
@@ -113,6 +116,8 @@ func (m *containerMonitor) Start() error {
 
 		m.container.LogEvent("start")
 
+		m.lastStartTime = time.Now()
+
 		if exitStatus, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
 			utils.Errorf("Error running container: %s", err)
 		}
@@ -154,20 +159,25 @@ func (m *containerMonitor) Start() error {
 }
 
 // resetMonitor resets the stateful fields on the containerMonitor based on the
-// previous runs success or failure
+// previous runs success or failure.  Reguardless of success, if the container had
+// an execution time of more than 10s then reset the timer back to the default
 func (m *containerMonitor) resetMonitor(successful bool) {
-	// the container exited successfully so we need to reset the failure counter
-	// and the timeIncrement back to the default values
-	if successful {
-		m.failureCount = 0
+	executionTime := time.Now().Sub(m.lastStartTime).Seconds()
+
+	if executionTime > 10 {
 		m.timeIncrement = defaultTimeIncrement
 	} else {
 		// otherwise we need to increment the amount of time we wait before restarting
 		// the process.  We will build up by multiplying the increment by 2
-
-		m.failureCount++
 		m.timeIncrement *= 2
 	}
+
+	// the container exited successfully so we need to reset the failure counter
+	if successful {
+		m.failureCount = 0
+	} else {
+		m.failureCount++
+	}
 }
 
 // waitForNextRestart waits with the default time increment to restart the container unless

From 02f3d4abedadc1a5d2721619123f06fc489a9f7f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 12 Aug 2014 18:03:11 -0700
Subject: [PATCH 485/516] Rebased changes to return on first start's error

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 2ec1b697c1a7c0ecc534b9ebffd7ba40ea285ff7
Component: engine
---
 components/engine/daemon/container.go | 18 +++++-------------
 components/engine/daemon/monitor.go   | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index e0da3c144a..3cb7af99e3 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -1081,22 +1081,14 @@ func (container *Container) startLoggingToDisk() error {
 func (container *Container) waitForStart() error {
 	container.monitor = newContainerMonitor(container, container.hostConfig.RestartPolicy)
 
-	var (
-		cErr      = utils.Go(container.monitor.Start)
-		waitStart = make(chan struct{})
-	)
-
-	go func() {
-		container.State.WaitRunning(-1 * time.Second)
-		close(waitStart)
-	}()
-
-	// Start should not return until the process is actually running
+	// block until we either receive an error from the initial start of the container's
+	// process or until the process is running in the container
 	select {
-	case <-waitStart:
-	case err := <-cErr:
+	case <-container.monitor.startSignal:
+	case err := <-utils.Go(container.monitor.Start):
 		return err
 	}
+
 	return nil
 }
 
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 231b883a3a..801fe0e043 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -35,6 +35,10 @@ type containerMonitor struct {
 	// either because docker or the user asked for the container to be stopped
 	shouldStop bool
 
+	// startSignal signals with the initial process has launched after calling Start
+	// on the monitor
+	startSignal chan struct{}
+
 	// stopChan is used to signal to the monitor whenever there is a wait for the
 	// next restart so that the timeIncrement is not honored and the user is not
 	// left waiting for nothing to happen during this time
@@ -48,12 +52,15 @@ type containerMonitor struct {
 	lastStartTime time.Time
 }
 
+// newContainerMonitor returns an initialized containerMonitor for the provided container
+// honoring the provided restart policy
 func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *containerMonitor {
 	return &containerMonitor{
 		container:     container,
 		restartPolicy: policy,
 		timeIncrement: defaultTimeIncrement,
 		stopChan:      make(chan struct{}, 1),
+		startSignal:   make(chan struct{}, 1),
 	}
 }
 
@@ -119,6 +126,14 @@ func (m *containerMonitor) Start() error {
 		m.lastStartTime = time.Now()
 
 		if exitStatus, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
+			// if we receive an internal error from the initial start of a container then lets
+			// return it instead of entering the restart loop
+			if m.container.RestartCount == 1 {
+				m.resetContainer()
+
+				return err
+			}
+
 			utils.Errorf("Error running container: %s", err)
 		}
 
@@ -230,6 +245,9 @@ func (m *containerMonitor) callback(command *execdriver.Command) {
 
 	m.container.State.SetRunning(command.Pid())
 
+	// signal that the process has started
+	close(m.startSignal)
+
 	if err := m.container.ToDisk(); err != nil {
 		utils.Debugf("%s", err)
 	}

From db45de23adcba9caf9b5a2441e13cbffcb5e458d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 13 Aug 2014 14:56:35 -0700
Subject: [PATCH 486/516] Update based on comments from the code review

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 73ced636800c150640e2f0d307842b0f9259b611
Component: engine
---
 components/engine/daemon/monitor.go | 14 ++++++++------
 components/engine/daemon/state.go   | 22 +++++++++++-----------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 801fe0e043..cb388e9139 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -24,7 +24,7 @@ type containerMonitor struct {
 	// container is the container being monitored
 	container *Container
 
-	// restartPolicy is the being applied to the container monitor
+	// restartPolicy is the current policy being applied to the container monitor
 	restartPolicy runconfig.RestartPolicy
 
 	// failureCount is the number of times the container has failed to
@@ -35,8 +35,7 @@ type containerMonitor struct {
 	// either because docker or the user asked for the container to be stopped
 	shouldStop bool
 
-	// startSignal signals with the initial process has launched after calling Start
-	// on the monitor
+	// startSignal is a channel that is closes after the container initially starts
 	startSignal chan struct{}
 
 	// stopChan is used to signal to the monitor whenever there is a wait for the
@@ -196,7 +195,7 @@ func (m *containerMonitor) resetMonitor(successful bool) {
 }
 
 // waitForNextRestart waits with the default time increment to restart the container unless
-// a user or docker asks to container to be stopped
+// a user or docker asks for the container to be stopped
 func (m *containerMonitor) waitForNextRestart() {
 	select {
 	case <-time.After(time.Duration(m.timeIncrement) * time.Millisecond):
@@ -245,8 +244,11 @@ func (m *containerMonitor) callback(command *execdriver.Command) {
 
 	m.container.State.SetRunning(command.Pid())
 
-	// signal that the process has started
-	close(m.startSignal)
+	if m.startSignal != nil {
+		// signal that the process has started
+		close(m.startSignal)
+		m.startSignal = nil
+	}
 
 	if err := m.container.ToDisk(); err != nil {
 		utils.Debugf("%s", err)
diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index 61b65f7d4e..ed137b0206 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -123,6 +123,7 @@ func (s *State) SetRunning(pid int) {
 	s.Lock()
 	s.Running = true
 	s.Paused = false
+	s.Restarting = false
 	s.ExitCode = 0
 	s.Pid = pid
 	s.StartedAt = time.Now().UTC()
@@ -134,6 +135,7 @@ func (s *State) SetRunning(pid int) {
 func (s *State) SetStopped(exitCode int) {
 	s.Lock()
 	s.Running = false
+	s.Restarting = false
 	s.Pid = 0
 	s.FinishedAt = time.Now().UTC()
 	s.ExitCode = exitCode
@@ -146,17 +148,15 @@ func (s *State) SetStopped(exitCode int) {
 // in the middle of a stop and being restarted again
 func (s *State) SetRestarting(exitCode int) {
 	s.Lock()
-	if s.Running {
-		// we should consider the container running when it is restarting because of
-		// all the checks in docker around rm/stop/etc
-		s.Running = true
-		s.Restarting = true
-		s.Pid = 0
-		s.FinishedAt = time.Now().UTC()
-		s.ExitCode = exitCode
-		close(s.waitChan) // fire waiters for stop
-		s.waitChan = make(chan struct{})
-	}
+	// we should consider the container running when it is restarting because of
+	// all the checks in docker around rm/stop/etc
+	s.Running = true
+	s.Restarting = true
+	s.Pid = 0
+	s.FinishedAt = time.Now().UTC()
+	s.ExitCode = exitCode
+	close(s.waitChan) // fire waiters for stop
+	s.waitChan = make(chan struct{})
 	s.Unlock()
 }
 

From 9b55fc0736908a324243234c4e230c3318462850 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 13 Aug 2014 14:58:57 -0700
Subject: [PATCH 487/516] Deprecate --restart on the daemon

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 25c519e829640ebb23061b82c6ace88c5983b63d
Component: engine
---
 components/engine/daemon/config.go            |  2 +-
 components/engine/daemon/daemon.go            |  4 ++--
 components/engine/daemon/monitor.go           | 20 +++++++++----------
 components/engine/docs/man/docker.1.md        |  3 ---
 .../docs/sources/reference/commandline/cli.md |  1 -
 5 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/components/engine/daemon/config.go b/components/engine/daemon/config.go
index 5d0ea6ac12..a396bd0232 100644
--- a/components/engine/daemon/config.go
+++ b/components/engine/daemon/config.go
@@ -45,7 +45,7 @@ type Config struct {
 func (config *Config) InstallFlags() {
 	flag.StringVar(&config.Pidfile, []string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file")
 	flag.StringVar(&config.Root, []string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the Docker runtime")
-	flag.BoolVar(&config.AutoRestart, []string{"r", "-restart"}, true, "Restart previously running containers")
+	flag.BoolVar(&config.AutoRestart, []string{"#r", "#-restart"}, true, "--restart on the daemon has been deprecated infavor of --restart policies on docker run")
 	flag.BoolVar(&config.EnableIptables, []string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
 	flag.BoolVar(&config.EnableIpForward, []string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
 	flag.StringVar(&config.BridgeIP, []string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b")
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index c88ac32e63..90cb6a89e1 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -372,10 +372,10 @@ func (daemon *Daemon) restore() error {
 		for _, container := range registeredContainers {
 			if container.hostConfig.RestartPolicy.Name == "always" ||
 				(container.hostConfig.RestartPolicy.Name == "on-failure" && container.State.ExitCode != 0) {
-				utils.Debugf("Starting container %s", container.ID)
+				log.Debugf("Starting container %s", container.ID)
 
 				if err := container.Start(); err != nil {
-					utils.Debugf("Failed to start container %s: %s", container.ID, err)
+					log.Debugf("Failed to start container %s: %s", container.ID, err)
 				}
 			}
 		}
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index cb388e9139..28dd424f3c 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -7,8 +7,8 @@ import (
 	"time"
 
 	"github.com/docker/docker/daemon/execdriver"
+	"github.com/docker/docker/pkg/log"
 	"github.com/docker/docker/runconfig"
-	"github.com/docker/docker/utils"
 )
 
 const defaultTimeIncrement = 100
@@ -88,7 +88,7 @@ func (m *containerMonitor) Close() error {
 	// because they share same runconfig and change image. Must be fixed
 	// in builder/builder.go
 	if err := m.container.toDisk(); err != nil {
-		utils.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
+		log.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
 
 		return err
 	}
@@ -127,13 +127,13 @@ func (m *containerMonitor) Start() error {
 		if exitStatus, err = m.container.daemon.Run(m.container, pipes, m.callback); err != nil {
 			// if we receive an internal error from the initial start of a container then lets
 			// return it instead of entering the restart loop
-			if m.container.RestartCount == 1 {
+			if m.container.RestartCount == 0 {
 				m.resetContainer()
 
 				return err
 			}
 
-			utils.Errorf("Error running container: %s", err)
+			log.Errorf("Error running container: %s", err)
 		}
 
 		m.resetMonitor(err == nil && exitStatus == 0)
@@ -220,7 +220,7 @@ func (m *containerMonitor) shouldRestart(exitStatus int) bool {
 	case "on-failure":
 		// the default value of 0 for MaximumRetryCount means that we will not enforce a maximum count
 		if max := m.restartPolicy.MaximumRetryCount; max != 0 && m.failureCount >= max {
-			utils.Debugf("stopping restart of container %s because maximum failure could of %d has been reached", max)
+			log.Debugf("stopping restart of container %s because maximum failure could of %d has been reached", max)
 			return false
 		}
 
@@ -251,7 +251,7 @@ func (m *containerMonitor) callback(command *execdriver.Command) {
 	}
 
 	if err := m.container.ToDisk(); err != nil {
-		utils.Debugf("%s", err)
+		log.Debugf("%s", err)
 	}
 }
 
@@ -262,21 +262,21 @@ func (m *containerMonitor) resetContainer() {
 
 	if container.Config.OpenStdin {
 		if err := container.stdin.Close(); err != nil {
-			utils.Errorf("%s: Error close stdin: %s", container.ID, err)
+			log.Errorf("%s: Error close stdin: %s", container.ID, err)
 		}
 	}
 
 	if err := container.stdout.Clean(); err != nil {
-		utils.Errorf("%s: Error close stdout: %s", container.ID, err)
+		log.Errorf("%s: Error close stdout: %s", container.ID, err)
 	}
 
 	if err := container.stderr.Clean(); err != nil {
-		utils.Errorf("%s: Error close stderr: %s", container.ID, err)
+		log.Errorf("%s: Error close stderr: %s", container.ID, err)
 	}
 
 	if container.command != nil && container.command.Terminal != nil {
 		if err := container.command.Terminal.Close(); err != nil {
-			utils.Errorf("%s: Error closing terminal: %s", container.ID, err)
+			log.Errorf("%s: Error closing terminal: %s", container.ID, err)
 		}
 	}
 
diff --git a/components/engine/docs/man/docker.1.md b/components/engine/docs/man/docker.1.md
index 18e8978af6..3932097255 100644
--- a/components/engine/docs/man/docker.1.md
+++ b/components/engine/docs/man/docker.1.md
@@ -64,9 +64,6 @@ unix://[/path/to/socket] to use.
 **-p**=""
   Path to use for daemon PID file. Default is `/var/run/docker.pid`
 
-**-r**=*true*|*false*
-  Restart previously running containers. Default is true.
-
 **-s**=""
   Force the Docker runtime to use a specific storage driver.
 
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 4a756cc16e..9afa691b6b 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -71,7 +71,6 @@ expect an integer, and they can only be specified once.
       --mtu=0                                    Set the containers network MTU
                                                    if no value is provided: default to the default route MTU or 1500 if no default route is available
       -p, --pidfile="/var/run/docker.pid"        Path to use for daemon PID file
-      -r, --restart=true                         Restart previously running containers
       -s, --storage-driver=""                    Force the Docker runtime to use a specific storage driver
       --selinux-enabled=false                    Enable selinux support. SELinux does not presently support the BTRFS storage driver
       --storage-opt=[]                           Set storage driver options

From 7b00009aba0949ed03aa9c4ee8d500d7ec568899 Mon Sep 17 00:00:00 2001
From: Jim Perrin <jperrin@centos.org>
Date: Wed, 13 Aug 2014 09:53:48 -0500
Subject: [PATCH 488/516] Updated CentOS documentation to reflect CentOS 7
 install. Added reference to CentOS Dockerfiles on github.

Signed-off-by: Jim Perrin <jperrin@centos.org> (github: jperrin)
Upstream-commit: d939fe758affe15f5054216f6e594eae386adca3
Component: engine
---
 .../docs/sources/installation/centos.md       | 36 +++++++++++++------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/components/engine/docs/sources/installation/centos.md b/components/engine/docs/sources/installation/centos.md
index 3966d0f092..b919ca5806 100644
--- a/components/engine/docs/sources/installation/centos.md
+++ b/components/engine/docs/sources/installation/centos.md
@@ -4,23 +4,31 @@ page_keywords: Docker, Docker documentation, requirements, linux, centos, epel,
 
 # CentOS
 
-The Docker package is available via the EPEL repository. These
-instructions work for CentOS 6 and later. They will likely work for
+While the Docker package is provided by default as part of CentOS-7, 
+it is provided by a community repository for CentOS-6. Please note that 
+this changes the installation instructions slightly between versions. 
+ 
+These instructions work for CentOS 6 and later. They will likely work for
 other binary compatible EL6 distributions such as Scientific Linux, but
 they haven't been tested.
 
-Please note that this package is part of [Extra Packages for Enterprise
-Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort
-to create and maintain additional packages for the RHEL distribution.
-
-Also note that due to the current Docker limitations, Docker is able to
+Please note that due to the current Docker limitations, Docker is able to
 run only on the **64 bit** architecture.
 
 To run Docker, you will need [CentOS6](http://www.centos.org) or higher,
 with a kernel version 2.6.32-431 or higher as this has specific kernel
 fixes to allow Docker to run.
 
-## Installation
+## Installing Docker - CentOS-7
+Docker is included by default in the CentOS-Extras repository. To install
+simply run the following command.
+
+    $ sudo yum install docker
+
+## Installing Docker - CentOS-6
+Please note that this for CentOS-6, this package is part of [Extra Packages
+for Enterprise Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort
+to create and maintain additional packages for the RHEL distribution.
 
 Firstly, you need to ensure you have the EPEL repository enabled. Please
 follow the [EPEL installation instructions](
@@ -39,7 +47,9 @@ will install Docker on our host.
 
     $ sudo yum install docker-io
 
-Now that it's installed, let's start the Docker daemon.
+## Using Docker
+
+Once Docker is installed, you will need to start the docker daemon.
 
     $ sudo service docker start
 
@@ -50,7 +60,7 @@ If we want Docker to start at boot, we should also:
 Now let's verify that Docker is working. First we'll need to get the latest
 `centos` image.
 
-    $ sudo docker pull centos:latest
+    $ sudo docker pull centos
 
 Next we'll make sure that we can see the image by running:
 
@@ -69,6 +79,12 @@ Run a simple bash shell to test the image:
 If everything is working properly, you'll get a simple bash prompt. Type
 exit to continue.
 
+## Dockerfiles
+The CentOS Project provides a number of sample Dockerfiles which you may use
+either as templates or to familiarize yourself with docker. These templates
+are available on github at [https://github.com/CentOS/CentOS-Dockerfiles](
+https://github.com/CentOS/CentOS-Dockerfiles)
+
 **Done!** You can either continue with the [Docker User
 Guide](/userguide/) or explore and build on the images yourself.
 

From 0bb709c134657b9e1d1ac15fbd7b5adbc0761234 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 14 Aug 2014 01:08:27 +0000
Subject: [PATCH 489/516] remove double newline

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: fcf37be2b1efa11da1958658da0e04755a225c89
Component: engine
---
 components/engine/api/server/server.go                  | 4 ++--
 components/engine/daemon/container.go                   | 4 ++--
 components/engine/daemon/daemon.go                      | 6 +++---
 components/engine/daemon/delete.go                      | 2 +-
 components/engine/daemon/networkdriver/bridge/driver.go | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/components/engine/api/server/server.go b/components/engine/api/server/server.go
index 198d2d93f3..96f5bca6a6 100644
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@@ -1036,7 +1036,7 @@ func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, local
 		log.Debugf("Calling %s %s", localMethod, localRoute)
 
 		if logging {
-			log.Infof("%s %s\n", r.Method, r.RequestURI)
+			log.Infof("%s %s", r.Method, r.RequestURI)
 		}
 
 		if strings.Contains(r.Header.Get("User-Agent"), "Docker-Client/") {
@@ -1352,7 +1352,7 @@ func ServeApi(job *engine.Job) engine.Status {
 			return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name)
 		}
 		go func() {
-			log.Infof("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1])
+			log.Infof("Listening for HTTP on %s (%s)", protoAddrParts[0], protoAddrParts[1])
 			chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job)
 		}()
 	}
diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index 3cb7af99e3..f359adfe0a 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -946,11 +946,11 @@ func (container *Container) initializeNetworking() error {
 // Make sure the config is compatible with the current kernel
 func (container *Container) verifyDaemonSettings() {
 	if container.Config.Memory > 0 && !container.daemon.sysInfo.MemoryLimit {
-		log.Infof("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")
+		log.Infof("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.")
 		container.Config.Memory = 0
 	}
 	if container.Config.Memory > 0 && !container.daemon.sysInfo.SwapLimit {
-		log.Infof("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")
+		log.Infof("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.")
 		container.Config.MemorySwap = -1
 	}
 	if container.daemon.sysInfo.IPv4ForwardingDisabled {
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 90cb6a89e1..04d3327546 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -382,7 +382,7 @@ func (daemon *Daemon) restore() error {
 	}
 
 	if !debug {
-		log.Infof(": done.\n")
+		log.Infof(": done.")
 	}
 
 	return nil
@@ -1074,7 +1074,7 @@ func (daemon *Daemon) checkLocaldns() error {
 		return err
 	}
 	if len(daemon.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		log.Infof("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", DefaultDns)
+		log.Infof("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v", DefaultDns)
 		daemon.config.Dns = DefaultDns
 	}
 	return nil
@@ -1125,7 +1125,7 @@ func checkKernelAndArch() error {
 	// the circumstances of pre-3.8 crashes are clearer.
 	// For details see http://github.com/docker/docker/issues/407
 	if k, err := kernel.GetKernelVersion(); err != nil {
-		log.Infof("WARNING: %s\n", err)
+		log.Infof("WARNING: %s", err)
 	} else {
 		if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 {
 			if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" {
diff --git a/components/engine/daemon/delete.go b/components/engine/daemon/delete.go
index 131501590f..501aed3e38 100644
--- a/components/engine/daemon/delete.go
+++ b/components/engine/daemon/delete.go
@@ -117,7 +117,7 @@ func (daemon *Daemon) ContainerDestroy(job *engine.Job) engine.Status {
 			for volumeId := range volumes {
 				// If the requested volu
 				if c, exists := usedVolumes[volumeId]; exists {
-					log.Infof("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
+					log.Infof("The volume %s is used by the container %s. Impossible to remove it. Skipping.", volumeId, c.ID)
 					continue
 				}
 				if err := daemon.Volumes().Delete(volumeId); err != nil {
diff --git a/components/engine/daemon/networkdriver/bridge/driver.go b/components/engine/daemon/networkdriver/bridge/driver.go
index ad5e50a4a5..06cf37e79f 100644
--- a/components/engine/daemon/networkdriver/bridge/driver.go
+++ b/components/engine/daemon/networkdriver/bridge/driver.go
@@ -368,7 +368,7 @@ func Release(job *engine.Job) engine.Status {
 	}
 
 	if err := ipallocator.ReleaseIP(bridgeNetwork, &containerInterface.IP); err != nil {
-		log.Infof("Unable to release ip %s\n", err)
+		log.Infof("Unable to release ip %s", err)
 	}
 	return engine.StatusOK
 }

From 9df494bb71f04afd96099bc8a10228a14a2d998d Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 14 Aug 2014 01:36:26 +0000
Subject: [PATCH 490/516] another commit to do like @crosbymichael

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: a0392324f194f4f92e3205f0c0ed8b71dc2fc93f
Component: engine
---
 components/engine/api/client/commands.go      | 10 +++----
 components/engine/api/client/hijack.go        |  4 +--
 components/engine/archive/archive.go          | 12 ++++----
 components/engine/archive/changes.go          |  6 ++--
 .../engine/daemon/graphdriver/aufs/aufs.go    |  2 +-
 .../daemon/graphdriver/devmapper/deviceset.go | 28 +++++++++----------
 .../daemon/graphdriver/devmapper/devmapper.go |  2 +-
 .../daemon/graphdriver/devmapper/driver.go    |  2 +-
 components/engine/daemon/monitor.go           |  2 +-
 components/engine/graph/push.go               |  4 +--
 components/engine/integration/runtime_test.go |  6 ++--
 11 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/components/engine/api/client/commands.go b/components/engine/api/client/commands.go
index 51d8884bd2..81b0668cda 100644
--- a/components/engine/api/client/commands.go
+++ b/components/engine/api/client/commands.go
@@ -434,11 +434,11 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	out := engine.NewOutput()
 	remoteVersion, err := out.AddEnv()
 	if err != nil {
-		log.Errorf("Error reading remote version: %s\n", err)
+		log.Errorf("Error reading remote version: %s", err)
 		return err
 	}
 	if _, err := out.Write(body); err != nil {
-		log.Errorf("Error reading remote version: %s\n", err)
+		log.Errorf("Error reading remote version: %s", err)
 		return err
 	}
 	out.Close()
@@ -474,7 +474,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	}
 
 	if _, err := out.Write(body); err != nil {
-		log.Errorf("Error reading remote info: %s\n", err)
+		log.Errorf("Error reading remote info: %s", err)
 		return err
 	}
 	out.Close()
@@ -691,7 +691,7 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 	if *openStdin || *attach {
 		if tty && cli.isTerminal {
 			if err := cli.monitorTtySize(cmd.Arg(0)); err != nil {
-				log.Errorf("Error monitoring TTY size: %s\n", err)
+				log.Errorf("Error monitoring TTY size: %s", err)
 			}
 		}
 		return <-cErr
@@ -2159,7 +2159,7 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 
 	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && cli.isTerminal {
 		if err := cli.monitorTtySize(runResult.Get("Id")); err != nil {
-			log.Errorf("Error monitoring TTY size: %s\n", err)
+			log.Errorf("Error monitoring TTY size: %s", err)
 		}
 	}
 
diff --git a/components/engine/api/client/hijack.go b/components/engine/api/client/hijack.go
index fa7b8ed50c..ba6ebfb0d8 100644
--- a/components/engine/api/client/hijack.go
+++ b/components/engine/api/client/hijack.go
@@ -106,11 +106,11 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 		}
 		if tcpc, ok := rwc.(*net.TCPConn); ok {
 			if err := tcpc.CloseWrite(); err != nil {
-				log.Debugf("Couldn't send EOF: %s\n", err)
+				log.Debugf("Couldn't send EOF: %s", err)
 			}
 		} else if unixc, ok := rwc.(*net.UnixConn); ok {
 			if err := unixc.CloseWrite(); err != nil {
-				log.Debugf("Couldn't send EOF: %s\n", err)
+				log.Debugf("Couldn't send EOF: %s", err)
 			}
 		}
 		// Discard errors due to pipe interruption
diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go
index 932e2309cd..7d9f7fb974 100644
--- a/components/engine/archive/archive.go
+++ b/components/engine/archive/archive.go
@@ -342,7 +342,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 		for _, include := range options.Includes {
 			filepath.Walk(filepath.Join(srcPath, include), func(filePath string, f os.FileInfo, err error) error {
 				if err != nil {
-					log.Debugf("Tar: Can't stat file %s to tar: %s\n", srcPath, err)
+					log.Debugf("Tar: Can't stat file %s to tar: %s", srcPath, err)
 					return nil
 				}
 
@@ -353,7 +353,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 
 				skip, err := utils.Matches(relFilePath, options.Excludes)
 				if err != nil {
-					log.Debugf("Error matching %s\n", relFilePath, err)
+					log.Debugf("Error matching %s", relFilePath, err)
 					return err
 				}
 
@@ -365,7 +365,7 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 				}
 
 				if err := addTarFile(filePath, relFilePath, tw, twBuf); err != nil {
-					log.Debugf("Can't add file %s to tar: %s\n", srcPath, err)
+					log.Debugf("Can't add file %s to tar: %s", srcPath, err)
 				}
 				return nil
 			})
@@ -373,13 +373,13 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 
 		// Make sure to check the error on Close.
 		if err := tw.Close(); err != nil {
-			log.Debugf("Can't close tar writer: %s\n", err)
+			log.Debugf("Can't close tar writer: %s", err)
 		}
 		if err := compressWriter.Close(); err != nil {
-			log.Debugf("Can't close compress writer: %s\n", err)
+			log.Debugf("Can't close compress writer: %s", err)
 		}
 		if err := pipeWriter.Close(); err != nil {
-			log.Debugf("Can't close pipe writer: %s\n", err)
+			log.Debugf("Can't close pipe writer: %s", err)
 		}
 	}()
 
diff --git a/components/engine/archive/changes.go b/components/engine/archive/changes.go
index 032dfe0d55..a591e8ae11 100644
--- a/components/engine/archive/changes.go
+++ b/components/engine/archive/changes.go
@@ -364,19 +364,19 @@ func ExportChanges(dir string, changes []Change) (Archive, error) {
 					ChangeTime: timestamp,
 				}
 				if err := tw.WriteHeader(hdr); err != nil {
-					log.Debugf("Can't write whiteout header: %s\n", err)
+					log.Debugf("Can't write whiteout header: %s", err)
 				}
 			} else {
 				path := filepath.Join(dir, change.Path)
 				if err := addTarFile(path, change.Path[1:], tw, twBuf); err != nil {
-					log.Debugf("Can't add file %s to tar: %s\n", path, err)
+					log.Debugf("Can't add file %s to tar: %s", path, err)
 				}
 			}
 		}
 
 		// Make sure to check the error on Close.
 		if err := tw.Close(); err != nil {
-			log.Debugf("Can't close layer: %s\n", err)
+			log.Debugf("Can't close layer: %s", err)
 		}
 		writer.Close()
 	}()
diff --git a/components/engine/daemon/graphdriver/aufs/aufs.go b/components/engine/daemon/graphdriver/aufs/aufs.go
index 4fedd2de5b..ebd4929389 100644
--- a/components/engine/daemon/graphdriver/aufs/aufs.go
+++ b/components/engine/daemon/graphdriver/aufs/aufs.go
@@ -210,7 +210,7 @@ func (a *Driver) Remove(id string) error {
 	defer a.Unlock()
 
 	if a.active[id] != 0 {
-		log.Errorf("Warning: removing active id %s\n", id)
+		log.Errorf("Warning: removing active id %s", id)
 	}
 
 	// Make sure the dir is umounted first
diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
index 3e0b70b079..42315c6e82 100644
--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
+++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
@@ -596,7 +596,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			data, err := devices.ensureImage("data", devices.dataLoopbackSize)
 			if err != nil {
-				log.Debugf("Error device ensureImage (data): %s\n", err)
+				log.Debugf("Error device ensureImage (data): %s", err)
 				return err
 			}
 
@@ -627,7 +627,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 
 			metadata, err := devices.ensureImage("metadata", devices.metaDataLoopbackSize)
 			if err != nil {
-				log.Debugf("Error device ensureImage (metadata): %s\n", err)
+				log.Debugf("Error device ensureImage (metadata): %s", err)
 				return err
 			}
 
@@ -659,7 +659,7 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 	// Setup the base image
 	if doInit {
 		if err := devices.setupBaseImage(); err != nil {
-			log.Debugf("Error device setupBaseImage: %s\n", err)
+			log.Debugf("Error device setupBaseImage: %s", err)
 			return err
 		}
 	}
@@ -686,7 +686,7 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 	deviceId := devices.nextDeviceId
 
 	if err := createSnapDevice(devices.getPoolDevName(), &deviceId, baseInfo.Name(), baseInfo.DeviceId); err != nil {
-		log.Debugf("Error creating snap device: %s\n", err)
+		log.Debugf("Error creating snap device: %s", err)
 		return err
 	}
 
@@ -695,7 +695,7 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 
 	if _, err := devices.registerDevice(deviceId, hash, baseInfo.Size); err != nil {
 		deleteDevice(devices.getPoolDevName(), deviceId)
-		log.Debugf("Error registering device: %s\n", err)
+		log.Debugf("Error registering device: %s", err)
 		return err
 	}
 	return nil
@@ -708,7 +708,7 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 		// manually
 		if err := devices.activateDeviceIfNeeded(info); err == nil {
 			if err := BlockDeviceDiscard(info.DevName()); err != nil {
-				log.Debugf("Error discarding block on device: %s (ignoring)\n", err)
+				log.Debugf("Error discarding block on device: %s (ignoring)", err)
 			}
 		}
 	}
@@ -716,13 +716,13 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 	devinfo, _ := getInfo(info.Name())
 	if devinfo != nil && devinfo.Exists != 0 {
 		if err := devices.removeDeviceAndWait(info.Name()); err != nil {
-			log.Debugf("Error removing device: %s\n", err)
+			log.Debugf("Error removing device: %s", err)
 			return err
 		}
 	}
 
 	if err := deleteDevice(devices.getPoolDevName(), info.DeviceId); err != nil {
-		log.Debugf("Error deleting device: %s\n", err)
+		log.Debugf("Error deleting device: %s", err)
 		return err
 	}
 
@@ -735,7 +735,7 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 		devices.devicesLock.Lock()
 		devices.Devices[info.Hash] = info
 		devices.devicesLock.Unlock()
-		log.Debugf("Error removing meta data: %s\n", err)
+		log.Debugf("Error removing meta data: %s", err)
 		return err
 	}
 
@@ -779,7 +779,7 @@ func (devices *DeviceSet) deactivateDevice(info *DevInfo) error {
 	// Wait for the unmount to be effective,
 	// by watching the value of Info.OpenCount for the device
 	if err := devices.waitClose(info); err != nil {
-		log.Errorf("Warning: error waiting for device %s to close: %s\n", info.Hash, err)
+		log.Errorf("Warning: error waiting for device %s to close: %s", info.Hash, err)
 	}
 
 	devinfo, err := getInfo(info.Name())
@@ -903,12 +903,12 @@ func (devices *DeviceSet) Shutdown() error {
 			// container. This means it'll go away from the global scope directly,
 			// and the device will be released when that container dies.
 			if err := syscall.Unmount(info.mountPath, syscall.MNT_DETACH); err != nil {
-				log.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
+				log.Debugf("Shutdown unmounting %s, error: %s", info.mountPath, err)
 			}
 
 			devices.Lock()
 			if err := devices.deactivateDevice(info); err != nil {
-				log.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
+				log.Debugf("Shutdown deactivate %s , error: %s", info.Hash, err)
 			}
 			devices.Unlock()
 		}
@@ -920,7 +920,7 @@ func (devices *DeviceSet) Shutdown() error {
 		info.lock.Lock()
 		devices.Lock()
 		if err := devices.deactivateDevice(info); err != nil {
-			log.Debugf("Shutdown deactivate base , error: %s\n", err)
+			log.Debugf("Shutdown deactivate base , error: %s", err)
 		}
 		devices.Unlock()
 		info.lock.Unlock()
@@ -928,7 +928,7 @@ func (devices *DeviceSet) Shutdown() error {
 
 	devices.Lock()
 	if err := devices.deactivatePool(); err != nil {
-		log.Debugf("Shutdown deactivate pool , error: %s\n", err)
+		log.Debugf("Shutdown deactivate pool , error: %s", err)
 	}
 	devices.Unlock()
 
diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper.go b/components/engine/daemon/graphdriver/devmapper/devmapper.go
index c66c39546a..d09e740749 100644
--- a/components/engine/daemon/graphdriver/devmapper/devmapper.go
+++ b/components/engine/daemon/graphdriver/devmapper/devmapper.go
@@ -198,7 +198,7 @@ func (t *Task) GetNextTarget(next uintptr) (nextPtr uintptr, start uint64,
 func getLoopbackBackingFile(file *os.File) (uint64, uint64, error) {
 	loopInfo, err := ioctlLoopGetStatus64(file.Fd())
 	if err != nil {
-		log.Errorf("Error get loopback backing file: %s\n", err)
+		log.Errorf("Error get loopback backing file: %s", err)
 		return 0, 0, ErrGetLoopbackBackingFile
 	}
 	return loopInfo.loDevice, loopInfo.loInode, nil
diff --git a/components/engine/daemon/graphdriver/devmapper/driver.go b/components/engine/daemon/graphdriver/devmapper/driver.go
index 90ee2eb492..4c13eb0421 100644
--- a/components/engine/daemon/graphdriver/devmapper/driver.go
+++ b/components/engine/daemon/graphdriver/devmapper/driver.go
@@ -138,7 +138,7 @@ func (d *Driver) Get(id, mountLabel string) (string, error) {
 
 func (d *Driver) Put(id string) {
 	if err := d.DeviceSet.UnmountDevice(id); err != nil {
-		log.Errorf("Warning: error unmounting device %s: %s\n", id, err)
+		log.Errorf("Warning: error unmounting device %s: %s", id, err)
 	}
 }
 
diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index 28dd424f3c..f0fb3d384e 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -88,7 +88,7 @@ func (m *containerMonitor) Close() error {
 	// because they share same runconfig and change image. Must be fixed
 	// in builder/builder.go
 	if err := m.container.toDisk(); err != nil {
-		log.Errorf("Error dumping container %s state to disk: %s\n", m.container.ID, err)
+		log.Errorf("Error dumping container %s state to disk: %s", m.container.ID, err)
 
 		return err
 	}
diff --git a/components/engine/graph/push.go b/components/engine/graph/push.go
index 33d30cc501..db5b73abc2 100644
--- a/components/engine/graph/push.go
+++ b/components/engine/graph/push.go
@@ -97,9 +97,9 @@ func (s *TagStore) pushRepository(r *registry.Session, out io.Writer, localName,
 		}
 	}
 
-	log.Debugf("Preparing to push %s with the following images and tags\n", localRepo)
+	log.Debugf("Preparing to push %s with the following images and tags", localRepo)
 	for _, data := range imageIndex {
-		log.Debugf("Pushing ID: %s with Tag: %s\n", data.ID, data.Tag)
+		log.Debugf("Pushing ID: %s with Tag: %s", data.ID, data.Tag)
 	}
 
 	// Register all the images in a repository with the registry
diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go
index 7d4cf8f53f..d81a13d8a9 100644
--- a/components/engine/integration/runtime_test.go
+++ b/components/engine/integration/runtime_test.go
@@ -107,16 +107,16 @@ func init() {
 	if dockerinit := os.Getenv("TEST_DOCKERINIT_PATH"); dockerinit != "" {
 		src, err := os.Open(dockerinit)
 		if err != nil {
-			log.Fatalf("Unable to open TEST_DOCKERINIT_PATH: %s\n", err)
+			log.Fatalf("Unable to open TEST_DOCKERINIT_PATH: %s", err)
 		}
 		defer src.Close()
 		dst, err := os.OpenFile(filepath.Join(filepath.Dir(utils.SelfPath()), "dockerinit"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0555)
 		if err != nil {
-			log.Fatalf("Unable to create dockerinit in test directory: %s\n", err)
+			log.Fatalf("Unable to create dockerinit in test directory: %s", err)
 		}
 		defer dst.Close()
 		if _, err := io.Copy(dst, src); err != nil {
-			log.Fatalf("Unable to copy dockerinit to TEST_DOCKERINIT_PATH: %s\n", err)
+			log.Fatalf("Unable to copy dockerinit to TEST_DOCKERINIT_PATH: %s", err)
 		}
 		dst.Close()
 		src.Close()

From 974ae2755d55e4495820e38b168543efc32fc519 Mon Sep 17 00:00:00 2001
From: Samuel PHAN <samuel-phan@users.noreply.github.com>
Date: Thu, 14 Aug 2014 14:20:38 +0200
Subject: [PATCH 491/516] Update docker-attach.1.md Upstream-commit:
 5073554ca67f7f1f3f21d87cab766708556486c2 Component: engine

---
 components/engine/docs/man/docker-attach.1.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/man/docker-attach.1.md b/components/engine/docs/man/docker-attach.1.md
index e26db07f3f..7deda6c75e 100644
--- a/components/engine/docs/man/docker-attach.1.md
+++ b/components/engine/docs/man/docker-attach.1.md
@@ -14,7 +14,7 @@ docker-attach - Attach to a running container
 If you **docker run** a container in detached mode (**-d**), you can reattach to
 the detached container with **docker attach** using the container's ID or name.
 
-You can detach from the container again (and leave it running) with `CTRL-q 
+You can detach from the container again (and leave it running) with `CTRL-p 
 CTRL-q` (for a quiet exit), or `CTRL-c`  which will send a SIGKILL to the
 container, or `CTRL-\` to get a stacktrace of the Docker client when it quits.
 When you detach from a container the exit code will be returned to

From f4db7d15dc4bbae3ac9f0c7c2b249e2a7970a88d Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 14 Aug 2014 11:01:39 +0400
Subject: [PATCH 492/516] Fix race condition in sending started signal from
 monitor

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 1480168e9f6178e4015aa4dcc035a6963c59f431
Component: engine
---
 components/engine/daemon/monitor.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index f0fb3d384e..e0fdece14e 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -244,10 +244,12 @@ func (m *containerMonitor) callback(command *execdriver.Command) {
 
 	m.container.State.SetRunning(command.Pid())
 
-	if m.startSignal != nil {
-		// signal that the process has started
+	// signal that the process has started
+	// close channel only if not closed
+	select {
+	case <-m.startSignal:
+	default:
 		close(m.startSignal)
-		m.startSignal = nil
 	}
 
 	if err := m.container.ToDisk(); err != nil {

From 1b8bad68b3a11bc69ea1abb4b4069c9d953d059d Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 14 Aug 2014 15:51:31 +0400
Subject: [PATCH 493/516] Fix race between container cleanup and inspect/ps

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 93d6adf8a19855edf118d27d0239222f572d8292
Component: engine
---
 components/engine/daemon/monitor.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index e0fdece14e..e8940db24c 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -103,8 +103,17 @@ func (m *containerMonitor) Start() error {
 		exitStatus int
 	)
 
+	// this variable indicates that we under container.Lock
+	underLock := true
+
 	// ensure that when the monitor finally exits we release the networking and unmount the rootfs
-	defer m.Close()
+	defer func() {
+		if !underLock {
+			m.container.Lock()
+			defer m.container.Unlock()
+		}
+		m.Close()
+	}()
 
 	// reset the restart count
 	m.container.RestartCount = -1
@@ -136,6 +145,9 @@ func (m *containerMonitor) Start() error {
 			log.Errorf("Error running container: %s", err)
 		}
 
+		// here container.Lock is already lost
+		underLock = false
+
 		m.resetMonitor(err == nil && exitStatus == 0)
 
 		if m.shouldRestart(exitStatus) {

From c26305d80881014fa8ea04e54eb1face44a8f75a Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 14 Aug 2014 19:38:06 +0400
Subject: [PATCH 494/516] Fix race on state serialization

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: f1975cbc7c5b551e5a206c15f32aef3d51904408
Component: engine
---
 components/engine/daemon/state.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/components/engine/daemon/state.go b/components/engine/daemon/state.go
index ed137b0206..44742b78c9 100644
--- a/components/engine/daemon/state.go
+++ b/components/engine/daemon/state.go
@@ -1,6 +1,7 @@
 package daemon
 
 import (
+	"encoding/json"
 	"fmt"
 	"sync"
 	"time"
@@ -49,6 +50,16 @@ func (s *State) String() string {
 	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
 }
 
+type jState State
+
+// MarshalJSON for state is needed to avoid race conditions on inspect
+func (s *State) MarshalJSON() ([]byte, error) {
+	s.RLock()
+	b, err := json.Marshal(jState(*s))
+	s.RUnlock()
+	return b, err
+}
+
 func wait(waitChan <-chan struct{}, timeout time.Duration) error {
 	if timeout < 0 {
 		<-waitChan

From 0b9e4ed61ec9628c7d9c6dca37ec0904f50cbb65 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Thu, 14 Aug 2014 21:50:22 +0400
Subject: [PATCH 495/516] Cleanup: Make channels unbuffered

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 0d4d7e4a2851c60f768f71a79a78c068fd9dffe8
Component: engine
---
 components/engine/daemon/monitor.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
index e8940db24c..1a929656fa 100644
--- a/components/engine/daemon/monitor.go
+++ b/components/engine/daemon/monitor.go
@@ -58,8 +58,8 @@ func newContainerMonitor(container *Container, policy runconfig.RestartPolicy) *
 		container:     container,
 		restartPolicy: policy,
 		timeIncrement: defaultTimeIncrement,
-		stopChan:      make(chan struct{}, 1),
-		startSignal:   make(chan struct{}, 1),
+		stopChan:      make(chan struct{}),
+		startSignal:   make(chan struct{}),
 	}
 }
 

From ef058f588fc79d147983ee246d72a0baabbb09c1 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Fri, 15 Aug 2014 00:43:12 +0000
Subject: [PATCH 496/516] Cleanup: move image depth checks in image/

Signed-off-by: Solomon Hykes <solomon@docker.com>
Upstream-commit: 2a39635d30a5ecbf3f8020dcb272cd8ae939fe06
Component: engine
---
 components/engine/daemon/create.go |  2 +-
 components/engine/daemon/daemon.go | 18 ------------------
 components/engine/image/image.go   | 21 +++++++++++++++++++++
 3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go
index c3aa9ee58e..3c6827eeec 100644
--- a/components/engine/daemon/create.go
+++ b/components/engine/daemon/create.go
@@ -64,7 +64,7 @@ func (daemon *Daemon) Create(config *runconfig.Config, name string) (*Container,
 	if err != nil {
 		return nil, nil, err
 	}
-	if err := daemon.checkImageDepth(img); err != nil {
+	if err := img.CheckDepth(); err != nil {
 		return nil, nil, err
 	}
 	if warnings, err = daemon.mergeAndVerifyConfig(config, img); err != nil {
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 04d3327546..811cb3391e 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -39,11 +39,6 @@ import (
 	"github.com/docker/docker/utils"
 )
 
-// Set the max depth to the aufs default that most
-// kernels are compiled with
-// For more information see: http://sourceforge.net/p/aufs/aufs3-standalone/ci/aufs3.12/tree/config.mk
-const MaxImageDepth = 127
-
 var (
 	DefaultDns                = []string{"8.8.8.8", "8.8.4.4"}
 	validContainerNameChars   = `[a-zA-Z0-9_.-]`
@@ -388,19 +383,6 @@ func (daemon *Daemon) restore() error {
 	return nil
 }
 
-func (daemon *Daemon) checkImageDepth(img *image.Image) error {
-	// We add 2 layers to the depth because the container's rw and
-	// init layer add to the restriction
-	depth, err := img.Depth()
-	if err != nil {
-		return err
-	}
-	if depth+2 >= MaxImageDepth {
-		return fmt.Errorf("Cannot create container with more than %d parents", MaxImageDepth)
-	}
-	return nil
-}
-
 func (daemon *Daemon) checkDeprecatedExpose(config *runconfig.Config) bool {
 	if config != nil {
 		if config.PortSpecs != nil {
diff --git a/components/engine/image/image.go b/components/engine/image/image.go
index 94c6462011..702782c892 100644
--- a/components/engine/image/image.go
+++ b/components/engine/image/image.go
@@ -16,6 +16,11 @@ import (
 	"github.com/docker/docker/utils"
 )
 
+// Set the max depth to the aufs default that most
+// kernels are compiled with
+// For more information see: http://sourceforge.net/p/aufs/aufs3-standalone/ci/aufs3.12/tree/config.mk
+const MaxImageDepth = 127
+
 type Image struct {
 	ID              string            `json:"id"`
 	Parent          string            `json:"parent,omitempty"`
@@ -297,6 +302,22 @@ func (img *Image) Depth() (int, error) {
 	return count, nil
 }
 
+// CheckDepth returns an error if the depth of an image, as returned
+// by ImageDepth, is too large to support creating a container from it
+// on this daemon.
+func (img *Image) CheckDepth() error {
+	// We add 2 layers to the depth because the container's rw and
+	// init layer add to the restriction
+	depth, err := img.Depth()
+	if err != nil {
+		return err
+	}
+	if depth+2 >= MaxImageDepth {
+		return fmt.Errorf("Cannot create container with more than %d parents", MaxImageDepth)
+	}
+	return nil
+}
+
 // Build an Image object from raw json data
 func NewImgJSON(src []byte) (*Image, error) {
 	ret := &Image{}

From ae82a3441b6789b24f349128ca0bb3d7847e0d9d Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 15 Aug 2014 11:28:58 -0600
Subject: [PATCH 497/516] Remove crashTest.go since the use case is covered by
 docker-stress

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 3a70ca3c671053f599d4f3b226c2a787b369e752
Component: engine
---
 components/engine/contrib/crashTest.go | 125 -------------------------
 1 file changed, 125 deletions(-)
 delete mode 100644 components/engine/contrib/crashTest.go

diff --git a/components/engine/contrib/crashTest.go b/components/engine/contrib/crashTest.go
deleted file mode 100644
index 6da89bf887..0000000000
--- a/components/engine/contrib/crashTest.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"io"
-	"log"
-	"net"
-	"os"
-	"os/exec"
-	"path"
-	"time"
-)
-
-var DOCKERPATH = path.Join(os.Getenv("DOCKERPATH"), "docker")
-
-// WARNING: this crashTest will 1) crash your host, 2) remove all containers
-func runDaemon() (*exec.Cmd, error) {
-	os.Remove("/var/run/docker.pid")
-	exec.Command("rm", "-rf", "/var/lib/docker/containers").Run()
-	cmd := exec.Command(DOCKERPATH, "-d")
-	outPipe, err := cmd.StdoutPipe()
-	if err != nil {
-		return nil, err
-	}
-	errPipe, err := cmd.StderrPipe()
-	if err != nil {
-		return nil, err
-	}
-	if err := cmd.Start(); err != nil {
-		return nil, err
-	}
-	go func() {
-		io.Copy(os.Stdout, outPipe)
-	}()
-	go func() {
-		io.Copy(os.Stderr, errPipe)
-	}()
-	return cmd, nil
-}
-
-func crashTest() error {
-	if err := exec.Command("/bin/bash", "-c", "while true; do true; done").Start(); err != nil {
-		return err
-	}
-
-	var endpoint string
-	if ep := os.Getenv("TEST_ENDPOINT"); ep == "" {
-		endpoint = "192.168.56.1:7979"
-	} else {
-		endpoint = ep
-	}
-
-	c := make(chan bool)
-	var conn io.Writer
-
-	go func() {
-		conn, _ = net.Dial("tcp", endpoint)
-		c <- false
-	}()
-	go func() {
-		time.Sleep(2 * time.Second)
-		c <- true
-	}()
-	<-c
-
-	restartCount := 0
-	totalTestCount := 1
-	for {
-		daemon, err := runDaemon()
-		if err != nil {
-			return err
-		}
-		restartCount++
-		//		time.Sleep(5000 * time.Millisecond)
-		var stop bool
-		go func() error {
-			stop = false
-			for i := 0; i < 100 && !stop; {
-				func() error {
-					cmd := exec.Command(DOCKERPATH, "run", "ubuntu", "echo", fmt.Sprintf("%d", totalTestCount))
-					i++
-					totalTestCount++
-					outPipe, err := cmd.StdoutPipe()
-					if err != nil {
-						return err
-					}
-					inPipe, err := cmd.StdinPipe()
-					if err != nil {
-						return err
-					}
-					if err := cmd.Start(); err != nil {
-						return err
-					}
-					if conn != nil {
-						go io.Copy(conn, outPipe)
-					}
-
-					// Expecting error, do not check
-					inPipe.Write([]byte("hello world!!!!!\n"))
-					go inPipe.Write([]byte("hello world!!!!!\n"))
-					go inPipe.Write([]byte("hello world!!!!!\n"))
-					inPipe.Close()
-
-					if err := cmd.Wait(); err != nil {
-						return err
-					}
-					outPipe.Close()
-					return nil
-				}()
-			}
-			return nil
-		}()
-		time.Sleep(20 * time.Second)
-		stop = true
-		if err := daemon.Process.Kill(); err != nil {
-			return err
-		}
-	}
-}
-
-func main() {
-	if err := crashTest(); err != nil {
-		log.Println(err)
-	}
-}

From 746910e315836e1a31f0f48330202eccf34bce9c Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Fri, 15 Aug 2014 17:52:44 +0000
Subject: [PATCH 498/516] remove empty builder folder

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: 57564d91a4128f7ee2952e7bdbda54463deac03b
Component: engine
---
 components/engine/builder/MAINTAINERS | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 components/engine/builder/MAINTAINERS

diff --git a/components/engine/builder/MAINTAINERS b/components/engine/builder/MAINTAINERS
deleted file mode 100644
index 4d158aa20e..0000000000
--- a/components/engine/builder/MAINTAINERS
+++ /dev/null
@@ -1,2 +0,0 @@
-Tibor Vass <teabee89@gmail.com> (@tiborvass)
-Erik Hollensbe <github@hollensbe.org> (@erikh)

From 693c6c8fed46566c3313fdb159e223d3a9e945c6 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Fri, 15 Aug 2014 15:41:05 -0700
Subject: [PATCH 499/516] Update libcontainer to 29363e2d2d7b8f62a5f353be333

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: a67d06fd4343024ed25c3faf40e58c9a1935c28a
Component: engine
---
 components/engine/hack/vendor.sh              |   2 +-
 .../docker/libcontainer/MAINTAINERS           |   1 +
 .../github.com/docker/libcontainer/Makefile   |   2 +-
 .../github.com/docker/libcontainer/README.md  |   2 +-
 .../docker/libcontainer/cgroups/cgroups.go    |   1 +
 .../libcontainer/cgroups/fs/apply_raw.go      |  22 +-
 .../docker/libcontainer/cgroups/fs/cpuacct.go |   4 +-
 .../docker/libcontainer/cgroups/fs/cpuset.go  |  31 +-
 .../docker/libcontainer/cgroups/fs/memory.go  |   2 +-
 .../cgroups/systemd/apply_systemd.go          | 301 +++++++-----------
 .../docker/libcontainer/cgroups/utils.go      |  21 ++
 .../docker/libcontainer/console/console.go    |   2 +-
 .../docker/libcontainer/mount/init.go         |   2 +-
 .../docker/libcontainer/namespaces/exec.go    |  12 +-
 .../docker/libcontainer/namespaces/execin.go  |  15 +-
 .../libcontainer/namespaces/nsenter/nsenter.c |  20 +-
 .../docker/libcontainer/netlink/netlink.go    |   7 +
 .../libcontainer/netlink/netlink_linux.go     |  36 ++-
 .../netlink/netlink_linux_test.go             |  46 +++
 .../netlink/netlink_unsupported.go            |   4 +
 .../docker/libcontainer/network/network.go    |   8 +
 .../docker/libcontainer/nsinit/config.go      |   4 +-
 .../docker/libcontainer/nsinit/exec.go        |  28 +-
 .../docker/libcontainer/nsinit/init.go        |   4 +-
 .../libcontainer/nsinit/{cli.go => main.go}   |  33 +-
 .../docker/libcontainer/nsinit/nsenter.go     | 100 ++++--
 .../libcontainer/nsinit/nsinit/nsinit.go      |   7 -
 .../docker/libcontainer/nsinit/pause.go       |   4 +-
 .../docker/libcontainer/nsinit/stats.go       |   4 +-
 .../docker/libcontainer/nsinit/utils.go       |  60 +++-
 .../github.com/docker/libcontainer/state.go   |   3 +
 31 files changed, 481 insertions(+), 307 deletions(-)
 rename components/engine/vendor/src/github.com/docker/libcontainer/nsinit/{cli.go => main.go} (58%)
 delete mode 100644 components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 4dd124994e..652126769a 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -59,7 +59,7 @@ rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
 mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
-clone git github.com/docker/libcontainer f2e78425c377acc7a67a35c3148069b6285a3c4b
+clone git github.com/docker/libcontainer 29363e2d2d7b8f62a5f353be333758f83df540a9
 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
 rm -rf src/github.com/docker/libcontainer/vendor
 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS b/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
index 798d3ca6bf..24011b0540 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/MAINTAINERS
@@ -1,5 +1,6 @@
 Michael Crosby <michael@docker.com> (@crosbymichael)
 Rohit Jnagal <jnagal@google.com> (@rjnagal)
 Victor Marmol <vmarmol@google.com> (@vmarmol)
+Mrunal Patel <mpatel@redhat.com> (@mrunalp)
 .travis.yml: Tianon Gravi <admwiggin@gmail.com> (@tianon)
 update-vendor.sh: Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/Makefile b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
index f7b3031bbd..d6852b24ab 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/Makefile
@@ -2,7 +2,7 @@
 all:
 	docker build -t docker/libcontainer .
 
-test:
+test: 
 	# we need NET_ADMIN for the netlink tests and SYS_ADMIN for mounting
 	docker run --rm -it --cap-add NET_ADMIN --cap-add SYS_ADMIN docker/libcontainer
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/README.md b/components/engine/vendor/src/github.com/docker/libcontainer/README.md
index ee14a57ce1..b80d2841f8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/README.md
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/README.md
@@ -1,4 +1,4 @@
-## libcontainer - reference implementation for containers
+## libcontainer - reference implementation for containers [![Build Status](https://travis-ci.org/docker/libcontainer.png?branch=master)](https://travis-ci.org/docker/libcontainer)
 
 ### Note on API changes:
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
index 64ece568c3..598454862b 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
@@ -37,4 +37,5 @@ type Cgroup struct {
 
 type ActiveCgroup interface {
 	Cleanup() error
+	Paths() (map[string]string, error)
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
index 2d1a15239f..e20cdbb926 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -21,12 +21,16 @@ var (
 		"perf_event": &PerfEventGroup{},
 		"freezer":    &FreezerGroup{},
 	}
+	CgroupProcesses = "cgroup.procs"
 )
 
 type subsystem interface {
-	Set(*data) error
+	// Returns the stats, as 'stats', corresponding to the cgroup under 'path'.
+	GetStats(path string, stats *cgroups.Stats) error
+	// Removes the cgroup represented by 'data'.
 	Remove(*data) error
-	GetStats(string, *cgroups.Stats) error
+	// Creates and joins the cgroup represented by data.
+	Set(*data) error
 }
 
 type data struct {
@@ -149,6 +153,18 @@ func (raw *data) parent(subsystem string) (string, error) {
 	return filepath.Join(raw.root, subsystem, initPath), nil
 }
 
+func (raw *data) Paths() (map[string]string, error) {
+	paths := make(map[string]string)
+	for sysname := range subsystems {
+		path, err := raw.path(sysname)
+		if err != nil {
+			return nil, err
+		}
+		paths[sysname] = path
+	}
+	return paths, nil
+}
+
 func (raw *data) path(subsystem string) (string, error) {
 	// If the cgroup name/path is absolute do not look relative to the cgroup of the init process.
 	if filepath.IsAbs(raw.cgroup) {
@@ -169,7 +185,7 @@ func (raw *data) join(subsystem string) (string, error) {
 	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
 		return "", err
 	}
-	if err := writeFile(path, "cgroup.procs", strconv.Itoa(raw.pid)); err != nil {
+	if err := writeFile(path, CgroupProcesses, strconv.Itoa(raw.pid)); err != nil {
 		return "", err
 	}
 	return path, nil
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
index 7979009c08..7761d4c283 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
@@ -54,7 +54,7 @@ func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
 		return err
 	}
 	// sample for 100ms
-	time.Sleep(100 * time.Millisecond)
+	time.Sleep(1000 * time.Millisecond)
 	if kernelModeUsage, userModeUsage, err = getCpuUsage(path); err != nil {
 		return err
 	}
@@ -73,7 +73,7 @@ func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
 		deltaUsage  = lastUsage - startUsage
 	)
 	if deltaSystem > 0.0 {
-		percentage = ((deltaProc / deltaSystem) * clockTicks) * cpuCount
+		percentage = uint64((float64(deltaProc) / float64(deltaSystem)) * float64(clockTicks*cpuCount))
 	}
 	// NOTE: a percentage over 100% is valid for POSIX because that means the
 	// processes is using multiple cores
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
index 9570125fd4..8847739464 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuset.go
@@ -20,19 +20,10 @@ func (s *CpusetGroup) Set(d *data) error {
 		if err != nil {
 			return err
 		}
-		if err := s.ensureParent(dir); err != nil {
-			return err
-		}
 
-		// because we are not using d.join we need to place the pid into the procs file
-		// unlike the other subsystems
-		if err := writeFile(dir, "cgroup.procs", strconv.Itoa(d.pid)); err != nil {
-			return err
-		}
-		if err := writeFile(dir, "cpuset.cpus", d.c.CpusetCpus); err != nil {
-			return err
-		}
+		return s.SetDir(dir, d.c.CpusetCpus, d.pid)
 	}
+
 	return nil
 }
 
@@ -44,6 +35,24 @@ func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error {
 	return nil
 }
 
+func (s *CpusetGroup) SetDir(dir, value string, pid int) error {
+	if err := s.ensureParent(dir); err != nil {
+		return err
+	}
+
+	// because we are not using d.join we need to place the pid into the procs file
+	// unlike the other subsystems
+	if err := writeFile(dir, "cgroup.procs", strconv.Itoa(pid)); err != nil {
+		return err
+	}
+
+	if err := writeFile(dir, "cpuset.cpus", value); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (s *CpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []byte, err error) {
 	if cpus, err = ioutil.ReadFile(filepath.Join(parent, "cpuset.cpus")); err != nil {
 		return
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
index c27150d2bf..ea92934a0f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
@@ -14,7 +14,7 @@ type MemoryGroup struct {
 
 func (s *MemoryGroup) Set(d *data) error {
 	dir, err := d.join("memory")
-	// only return an error for memory if it was not specified
+	// only return an error for memory if it was specified
 	if err != nil && (d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0) {
 		return err
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
index 01e5bf49b1..7fcd99bceb 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
@@ -21,7 +21,7 @@ import (
 )
 
 type systemdCgroup struct {
-	cleanupDirs []string
+	cgroup *cgroups.Cgroup
 }
 
 type subsystem interface {
@@ -84,39 +84,15 @@ func getIfaceForUnit(unitName string) string {
 	return "Unit"
 }
 
-type cgroupArg struct {
-	File  string
-	Value string
-}
-
 func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
 	var (
 		unitName   = getUnitName(c)
 		slice      = "system.slice"
 		properties []systemd1.Property
-		cpuArgs    []cgroupArg
-		cpusetArgs []cgroupArg
-		memoryArgs []cgroupArg
-		res        systemdCgroup
+		res        = &systemdCgroup{}
 	)
 
-	// First set up things not supported by systemd
-
-	// -1 disables memorySwap
-	if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) {
-		memorySwap := c.MemorySwap
-
-		if memorySwap == 0 {
-			// By default, MemorySwap is set to twice the size of RAM.
-			memorySwap = c.Memory * 2
-		}
-
-		memoryArgs = append(memoryArgs, cgroupArg{"memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10)})
-	}
-
-	if c.CpusetCpus != "" {
-		cpusetArgs = append(cpusetArgs, cgroupArg{"cpuset.cpus", c.CpusetCpus})
-	}
+	res.cgroup = c
 
 	if c.Slice != "" {
 		slice = c.Slice
@@ -150,201 +126,84 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
 		return nil, err
 	}
 
-	// To work around the lack of /dev/pts/* support above we need to manually add these
-	// so, ask systemd for the cgroup used
-	props, err := theConn.GetUnitTypeProperties(unitName, getIfaceForUnit(unitName))
-	if err != nil {
-		return nil, err
-	}
-
-	cgroup := props["ControlGroup"].(string)
-
 	if !c.AllowAllDevices {
-		// Atm we can't use the systemd device support because of two missing things:
-		// * Support for wildcards to allow mknod on any device
-		// * Support for wildcards to allow /dev/pts support
-		//
-		// The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is
-		// in wide use. When both these are availalable we will be able to switch, but need to keep the old
-		// implementation for backwards compat.
-		//
-		// Note: we can't use systemd to set up the initial limits, and then change the cgroup
-		// because systemd will re-write the device settings if it needs to re-apply the cgroup context.
-		// This happens at least for v208 when any sibling unit is started.
-
-		mountpoint, err := cgroups.FindCgroupMountpoint("devices")
-		if err != nil {
+		if err := joinDevices(c, pid); err != nil {
 			return nil, err
 		}
-
-		initPath, err := cgroups.GetInitCgroupDir("devices")
-		if err != nil {
-			return nil, err
-		}
-
-		dir := filepath.Join(mountpoint, initPath, c.Parent, c.Name)
-
-		res.cleanupDirs = append(res.cleanupDirs, dir)
-
-		if err := os.MkdirAll(dir, 0755); err != nil && !os.IsExist(err) {
-			return nil, err
-		}
-
-		if err := ioutil.WriteFile(filepath.Join(dir, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil {
-			return nil, err
-		}
-
-		if err := writeFile(dir, "devices.deny", "a"); err != nil {
-			return nil, err
-		}
-
-		for _, dev := range c.AllowedDevices {
-			if err := writeFile(dir, "devices.allow", dev.GetCgroupAllowString()); err != nil {
-				return nil, err
-			}
-		}
 	}
 
-	if len(cpuArgs) != 0 {
-		mountpoint, err := cgroups.FindCgroupMountpoint("cpu")
-		if err != nil {
+	// -1 disables memorySwap
+	if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) {
+		if err := joinMemory(c, pid); err != nil {
 			return nil, err
 		}
 
-		path := filepath.Join(mountpoint, cgroup)
-
-		for _, arg := range cpuArgs {
-			if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	if len(memoryArgs) != 0 {
-		mountpoint, err := cgroups.FindCgroupMountpoint("memory")
-		if err != nil {
-			return nil, err
-		}
-
-		path := filepath.Join(mountpoint, cgroup)
-
-		for _, arg := range memoryArgs {
-			if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
-				return nil, err
-			}
-		}
 	}
 
 	// we need to manually join the freezer cgroup in systemd because it does not currently support it
 	// via the dbus api
-	freezerPath, err := joinFreezer(c, pid)
-	if err != nil {
+	if err := joinFreezer(c, pid); err != nil {
 		return nil, err
 	}
-	res.cleanupDirs = append(res.cleanupDirs, freezerPath)
 
-	if len(cpusetArgs) != 0 {
-		// systemd does not atm set up the cpuset controller, so we must manually
-		// join it. Additionally that is a very finicky controller where each
-		// level must have a full setup as the default for a new directory is "no cpus",
-		// so we avoid using any hierarchies here, creating a toplevel directory.
-		mountpoint, err := cgroups.FindCgroupMountpoint("cpuset")
-		if err != nil {
-			return nil, err
-		}
-
-		initPath, err := cgroups.GetInitCgroupDir("cpuset")
-		if err != nil {
-			return nil, err
-		}
-
-		var (
-			foundCpus bool
-			foundMems bool
-
-			rootPath = filepath.Join(mountpoint, initPath)
-			path     = filepath.Join(mountpoint, initPath, c.Parent+"-"+c.Name)
-		)
-
-		res.cleanupDirs = append(res.cleanupDirs, path)
-
-		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
-			return nil, err
-		}
-
-		for _, arg := range cpusetArgs {
-			if arg.File == "cpuset.cpus" {
-				foundCpus = true
-			}
-			if arg.File == "cpuset.mems" {
-				foundMems = true
-			}
-			if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
-				return nil, err
-			}
-		}
-
-		// These are required, if not specified inherit from parent
-		if !foundCpus {
-			s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.cpus"))
-			if err != nil {
-				return nil, err
-			}
-
-			if err := ioutil.WriteFile(filepath.Join(path, "cpuset.cpus"), s, 0700); err != nil {
-				return nil, err
-			}
-		}
-
-		// These are required, if not specified inherit from parent
-		if !foundMems {
-			s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.mems"))
-			if err != nil {
-				return nil, err
-			}
-
-			if err := ioutil.WriteFile(filepath.Join(path, "cpuset.mems"), s, 0700); err != nil {
-				return nil, err
-			}
-		}
-
-		if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil {
+	if c.CpusetCpus != "" {
+		if err := joinCpuset(c, pid); err != nil {
 			return nil, err
 		}
 	}
 
-	return &res, nil
+	return res, nil
 }
 
 func writeFile(dir, file, data string) error {
 	return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)
 }
 
+func (c *systemdCgroup) Paths() (map[string]string, error) {
+	paths := make(map[string]string)
+
+	for sysname := range subsystems {
+		subsystemPath, err := getSubsystemPath(c.cgroup, sysname)
+		if err != nil {
+			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
+			if err == cgroups.ErrNotFound {
+				continue
+			}
+
+			return nil, err
+		}
+
+		paths[sysname] = subsystemPath
+	}
+
+	return paths, nil
+}
+
 func (c *systemdCgroup) Cleanup() error {
 	// systemd cleans up, we don't need to do much
+	paths, err := c.Paths()
+	if err != nil {
+		return err
+	}
 
-	for _, path := range c.cleanupDirs {
+	for _, path := range paths {
 		os.RemoveAll(path)
 	}
 
 	return nil
 }
 
-func joinFreezer(c *cgroups.Cgroup, pid int) (string, error) {
+func joinFreezer(c *cgroups.Cgroup, pid int) error {
 	path, err := getSubsystemPath(c, "freezer")
 	if err != nil {
-		return "", err
+		return err
 	}
 
 	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
-		return "", err
+		return err
 	}
 
-	if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil {
-		return "", err
-	}
-
-	return path, nil
+	return ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700)
 }
 
 func getSubsystemPath(c *cgroups.Cgroup, subsystem string) (string, error) {
@@ -389,20 +248,12 @@ func Freeze(c *cgroups.Cgroup, state cgroups.FreezerState) error {
 }
 
 func GetPids(c *cgroups.Cgroup) ([]int, error) {
-	unitName := getUnitName(c)
-
-	mountpoint, err := cgroups.FindCgroupMountpoint("cpu")
+	path, err := getSubsystemPath(c, "cpu")
 	if err != nil {
 		return nil, err
 	}
 
-	props, err := theConn.GetUnitTypeProperties(unitName, getIfaceForUnit(unitName))
-	if err != nil {
-		return nil, err
-	}
-	cgroup := props["ControlGroup"].(string)
-
-	return cgroups.ReadProcsFile(filepath.Join(mountpoint, cgroup))
+	return cgroups.ReadProcsFile(path)
 }
 
 func getUnitName(c *cgroups.Cgroup) string {
@@ -437,3 +288,71 @@ func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
 
 	return stats, nil
 }
+
+// Atm we can't use the systemd device support because of two missing things:
+// * Support for wildcards to allow mknod on any device
+// * Support for wildcards to allow /dev/pts support
+//
+// The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is
+// in wide use. When both these are availalable we will be able to switch, but need to keep the old
+// implementation for backwards compat.
+//
+// Note: we can't use systemd to set up the initial limits, and then change the cgroup
+// because systemd will re-write the device settings if it needs to re-apply the cgroup context.
+// This happens at least for v208 when any sibling unit is started.
+func joinDevices(c *cgroups.Cgroup, pid int) error {
+	path, err := getSubsystemPath(c, "devices")
+	if err != nil {
+		return err
+	}
+
+	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil {
+		return err
+	}
+
+	if err := writeFile(path, "devices.deny", "a"); err != nil {
+		return err
+	}
+
+	for _, dev := range c.AllowedDevices {
+		if err := writeFile(path, "devices.allow", dev.GetCgroupAllowString()); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func joinMemory(c *cgroups.Cgroup, pid int) error {
+	memorySwap := c.MemorySwap
+
+	if memorySwap == 0 {
+		// By default, MemorySwap is set to twice the size of RAM.
+		memorySwap = c.Memory * 2
+	}
+
+	path, err := getSubsystemPath(c, "memory")
+	if err != nil {
+		return err
+	}
+
+	return ioutil.WriteFile(filepath.Join(path, "memory.memsw.limit_in_bytes"), []byte(strconv.FormatInt(memorySwap, 10)), 0700)
+}
+
+// systemd does not atm set up the cpuset controller, so we must manually
+// join it. Additionally that is a very finicky controller where each
+// level must have a full setup as the default for a new directory is "no cpus"
+func joinCpuset(c *cgroups.Cgroup, pid int) error {
+	path, err := getSubsystemPath(c, "cpuset")
+	if err != nil {
+		return err
+	}
+
+	s := &fs.CpusetGroup{}
+
+	return s.SetDir(path, c.CpusetCpus, pid)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
index ce5c4f3364..6688ff71e4 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -166,3 +167,23 @@ func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
 	}
 	return "", ErrNotFound
 }
+
+func pathExists(path string) bool {
+	if _, err := os.Stat(path); err != nil {
+		return false
+	}
+	return true
+}
+
+func EnterPid(cgroupPaths map[string]string, pid int) error {
+	for _, path := range cgroupPaths {
+		if pathExists(path) {
+			if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"),
+				[]byte(strconv.Itoa(pid)), 0700); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go b/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
index c0d1fb0433..346f537d53 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/console/console.go
@@ -114,7 +114,7 @@ func OpenPtmx() (*os.File, error) {
 func OpenTerminal(name string, flag int) (*os.File, error) {
 	r, e := syscall.Open(name, flag, 0)
 	if e != nil {
-		return nil, &os.PathError{"open", name, e}
+		return nil, &os.PathError{Op: "open", Path: name, Err: e}
 	}
 	return os.NewFile(uintptr(r), name), nil
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
index 7edea49994..05ab334c36 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/mount/init.go
@@ -236,7 +236,7 @@ func reOpenDevNull(rootfs string) error {
 		if stat.Rdev == devNullStat.Rdev {
 			// Close and re-open the fd.
 			if err = syscall.Dup2(int(file.Fd()), fd); err != nil {
-				return fmt.Errorf("Failed to dup fd %d to fd %d - %s", file.Fd(), fd)
+				return fmt.Errorf("Failed to dup fd %d to fd %d - %s", file.Fd(), fd, err)
 			}
 		}
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
index c9b2037cc7..382abfbccc 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/exec.go
@@ -56,14 +56,19 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
 
 	// Do this before syncing with child so that no children
 	// can escape the cgroup
-	cleaner, err := SetupCgroups(container, command.Process.Pid)
+	cgroupRef, err := SetupCgroups(container, command.Process.Pid)
 	if err != nil {
 		command.Process.Kill()
 		command.Wait()
 		return -1, err
 	}
-	if cleaner != nil {
-		defer cleaner.Cleanup()
+	defer cgroupRef.Cleanup()
+
+	cgroupPaths, err := cgroupRef.Paths()
+	if err != nil {
+		command.Process.Kill()
+		command.Wait()
+		return -1, err
 	}
 
 	var networkState network.NetworkState
@@ -77,6 +82,7 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
 		InitPid:       command.Process.Pid,
 		InitStartTime: started,
 		NetworkState:  networkState,
+		CgroupPaths:   cgroupPaths,
 	}
 
 	if err := libcontainer.SaveState(dataPath, state); err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
index 2ac9dba72e..8b81edecb9 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -3,6 +3,7 @@
 package namespaces
 
 import (
+	"fmt"
 	"io"
 	"os"
 	"os/exec"
@@ -11,6 +12,7 @@ import (
 	"syscall"
 
 	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/syncpipe"
 	"github.com/docker/libcontainer/system"
@@ -18,10 +20,10 @@ import (
 
 // ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
 // setns code in a single threaded environment joining the existing containers' namespaces.
-func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath string,
+func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath, action string,
 	stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
 
-	args := []string{"nsenter", "--nspid", strconv.Itoa(state.InitPid)}
+	args := []string{fmt.Sprintf("nsenter-%s", action), "--nspid", strconv.Itoa(state.InitPid)}
 
 	if console != "" {
 		args = append(args, "--console", console)
@@ -58,6 +60,11 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs
 	}
 	pipe.CloseChild()
 
+	// Enter cgroups.
+	if err := EnterCgroups(state, cmd.Process.Pid); err != nil {
+		return -1, err
+	}
+
 	if err := pipe.SendToChild(container); err != nil {
 		cmd.Process.Kill()
 		cmd.Wait()
@@ -101,3 +108,7 @@ func FinalizeSetns(container *libcontainer.Config, args []string) error {
 
 	panic("unreachable")
 }
+
+func EnterCgroups(state *libcontainer.State, pid int) error {
+	return cgroups.EnterPid(state.CgroupPaths, pid)
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
index 3bc29e2bcf..2869dd14d6 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/namespaces/nsenter/nsenter.c
@@ -31,8 +31,8 @@ void get_args(int *argc, char ***argv)
 		contents_size += kBufSize;
 		contents = (char *)realloc(contents, contents_size);
 		bytes_read =
-		    read(fd, contents + contents_offset,
-			 contents_size - contents_offset);
+			read(fd, contents + contents_offset,
+			     contents_size - contents_offset);
 		contents_offset += bytes_read;
 	}
 	while (bytes_read > 0);
@@ -80,20 +80,20 @@ void nsenter()
 	char **argv;
 	get_args(&argc, &argv);
 
-    // check argv 0 to ensure that we are supposed to setns
-    // we use strncmp to test for a value of "nsenter" but also allows alternate implmentations
-    // after the setns code path to continue to use the argv 0 to determine actions to be run
-    // resulting in the ability to specify "nsenter-mknod", "nsenter-exec", etc...
-    if (strncmp(argv[0], kNsEnter, strlen(kNsEnter)) != 0) {
-        return;
-    }
+	// check argv 0 to ensure that we are supposed to setns
+	// we use strncmp to test for a value of "nsenter" but also allows alternate implmentations
+	// after the setns code path to continue to use the argv 0 to determine actions to be run
+	// resulting in the ability to specify "nsenter-mknod", "nsenter-exec", etc...
+	if (strncmp(argv[0], kNsEnter, strlen(kNsEnter)) != 0) {
+		return;
+	}
 
 	static const struct option longopts[] = {
 		{"nspid", required_argument, NULL, 'n'},
 		{"console", required_argument, NULL, 't'},
 		{NULL, 0, NULL, 0}
 	};
-
+    
 	pid_t init_pid = -1;
 	char *init_pid_str = NULL;
 	char *console = NULL;
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink.go
index 5cc756256d..dd9b1c1643 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink.go
@@ -21,3 +21,10 @@ type Route struct {
 	Iface   *net.Interface
 	Default bool
 }
+
+// An IfAddr defines IP network settings for a given network interface
+type IfAddr struct {
+	Iface *net.Interface
+	IP    net.IP
+	IPNet *net.IPNet
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
index 5fcc817aff..215fb178a0 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux.go
@@ -651,30 +651,28 @@ func NetworkSetNsFd(iface *net.Interface, fd int) error {
 	return s.HandleAck(wb.Seq)
 }
 
-// Add an Ip address to an interface. This is identical to:
-// ip addr add $ip/$ipNet dev $iface
-func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+func networkLinkIpAction(action, flags int, ifa IfAddr) error {
 	s, err := getNetlinkSocket()
 	if err != nil {
 		return err
 	}
 	defer s.Close()
 
-	family := getIpFamily(ip)
+	family := getIpFamily(ifa.IP)
 
-	wb := newNetlinkRequest(syscall.RTM_NEWADDR, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+	wb := newNetlinkRequest(action, flags)
 
 	msg := newIfAddrmsg(family)
-	msg.Index = uint32(iface.Index)
-	prefixLen, _ := ipNet.Mask.Size()
+	msg.Index = uint32(ifa.Iface.Index)
+	prefixLen, _ := ifa.IPNet.Mask.Size()
 	msg.Prefixlen = uint8(prefixLen)
 	wb.AddData(msg)
 
 	var ipData []byte
 	if family == syscall.AF_INET {
-		ipData = ip.To4()
+		ipData = ifa.IP.To4()
 	} else {
-		ipData = ip.To16()
+		ipData = ifa.IP.To16()
 	}
 
 	localData := newRtAttr(syscall.IFA_LOCAL, ipData)
@@ -690,6 +688,26 @@ func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
 	return s.HandleAck(wb.Seq)
 }
 
+// Delete an IP address from an interface. This is identical to:
+// ip addr del $ip/$ipNet dev $iface
+func NetworkLinkDelIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+	return networkLinkIpAction(
+		syscall.RTM_DELADDR,
+		syscall.NLM_F_ACK,
+		IfAddr{iface, ip, ipNet},
+	)
+}
+
+// Add an Ip address to an interface. This is identical to:
+// ip addr add $ip/$ipNet dev $iface
+func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+	return networkLinkIpAction(
+		syscall.RTM_NEWADDR,
+		syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK,
+		IfAddr{iface, ip, ipNet},
+	)
+}
+
 func zeroTerminated(s string) []byte {
 	return []byte(s + "\000")
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
index a25f286138..086aee7f0b 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_linux_test.go
@@ -2,9 +2,55 @@ package netlink
 
 import (
 	"net"
+	"strings"
 	"testing"
 )
 
+func ipAssigned(iface *net.Interface, ip net.IP) bool {
+	addrs, _ := iface.Addrs()
+
+	for _, addr := range addrs {
+		args := strings.SplitN(addr.String(), "/", 2)
+		if args[0] == ip.String() {
+			return true
+		}
+	}
+
+	return false
+}
+
+func TestAddDelNetworkIp(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
+	ifaceName := "lo"
+	ip := net.ParseIP("127.0.1.1")
+	mask := net.IPv4Mask(255, 255, 255, 255)
+	ipNet := &net.IPNet{IP: ip, Mask: mask}
+
+	iface, err := net.InterfaceByName(ifaceName)
+	if err != nil {
+		t.Skip("No 'lo' interface; skipping tests")
+	}
+
+	if err := NetworkLinkAddIp(iface, ip, ipNet); err != nil {
+		t.Fatal(err)
+	}
+
+	if !ipAssigned(iface, ip) {
+		t.Fatalf("Could not locate address '%s' in lo address list.", ip.String())
+	}
+
+	if err := NetworkLinkDelIp(iface, ip, ipNet); err != nil {
+		t.Fatal(err)
+	}
+
+	if ipAssigned(iface, ip) {
+		t.Fatalf("Located address '%s' in lo address list after removal.", ip.String())
+	}
+}
+
 func TestCreateBridgeWithMac(t *testing.T) {
 	if testing.Short() {
 		return
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
index 783e68cae5..f6e84adf7e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/netlink/netlink_unsupported.go
@@ -31,6 +31,10 @@ func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
 	return ErrNotImplemented
 }
 
+func NetworkLinkDelIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+	return ErrNotImplemented
+}
+
 func AddRoute(destination, source, gateway, device string) error {
 	return ErrNotImplemented
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/network/network.go b/components/engine/vendor/src/github.com/docker/libcontainer/network/network.go
index 48eeec6047..c7560c04a9 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/network/network.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/network/network.go
@@ -44,6 +44,14 @@ func SetInterfaceInNamespacePid(name string, nsPid int) error {
 	return netlink.NetworkSetNsPid(iface, nsPid)
 }
 
+func SetInterfaceInNamespaceFd(name string, fd uintptr) error {
+	iface, err := net.InterfaceByName(name)
+	if err != nil {
+		return err
+	}
+	return netlink.NetworkSetNsFd(iface, int(fd))
+}
+
 func SetInterfaceMaster(name, master string) error {
 	iface, err := net.InterfaceByName(name)
 	if err != nil {
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
index 5beb04acb3..74c7b3c09f 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/config.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"encoding/json"
@@ -15,7 +15,7 @@ var configCommand = cli.Command{
 }
 
 func configAction(context *cli.Context) {
-	container, err := loadContainer()
+	container, err := loadConfig()
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
index 4a38a61b4f..c46b191782 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/exec.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"fmt"
@@ -8,6 +8,7 @@ import (
 	"os/exec"
 	"os/signal"
 	"syscall"
+	"text/tabwriter"
 
 	"github.com/codegangsta/cli"
 	"github.com/docker/docker/pkg/term"
@@ -20,12 +21,29 @@ var execCommand = cli.Command{
 	Name:   "exec",
 	Usage:  "execute a new command inside a container",
 	Action: execAction,
+	Flags: []cli.Flag{
+		cli.BoolFlag{Name: "list", Usage: "list all registered exec functions"},
+		cli.StringFlag{Name: "func", Value: "exec", Usage: "function name to exec inside a container"},
+	},
 }
 
 func execAction(context *cli.Context) {
+	if context.Bool("list") {
+		w := tabwriter.NewWriter(os.Stdout, 10, 1, 3, ' ', 0)
+		fmt.Fprint(w, "NAME\tUSAGE\n")
+
+		for k, f := range argvs {
+			fmt.Fprintf(w, "%s\t%s\n", k, f.Usage)
+		}
+
+		w.Flush()
+
+		return
+	}
+
 	var exitCode int
 
-	container, err := loadContainer()
+	container, err := loadConfig()
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -36,7 +54,7 @@ func execAction(context *cli.Context) {
 	}
 
 	if state != nil {
-		exitCode, err = startInExistingContainer(container, state, context)
+		exitCode, err = startInExistingContainer(container, state, context.String("func"), context)
 	} else {
 		exitCode, err = startContainer(container, dataPath, []string(context.Args()))
 	}
@@ -52,7 +70,7 @@ func execAction(context *cli.Context) {
 // with the nsenter argument so that the C code can setns an the namespaces that we require.  Then that
 // code path will drop us into the path that we can do the final setup of the namespace and exec the users
 // application.
-func startInExistingContainer(config *libcontainer.Config, state *libcontainer.State, context *cli.Context) (int, error) {
+func startInExistingContainer(config *libcontainer.Config, state *libcontainer.State, action string, context *cli.Context) (int, error) {
 	var (
 		master  *os.File
 		console string
@@ -102,7 +120,7 @@ func startInExistingContainer(config *libcontainer.Config, state *libcontainer.S
 		}()
 	}
 
-	return namespaces.ExecIn(config, state, context.Args(), os.Args[0], stdin, stdout, stderr, console, startCallback)
+	return namespaces.ExecIn(config, state, context.Args(), os.Args[0], action, stdin, stdout, stderr, console, startCallback)
 }
 
 // startContainer starts the container. Returns the exit status or -1 and an
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
index e7a96632d7..c091ee1099 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/init.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"log"
@@ -26,7 +26,7 @@ var (
 func initAction(context *cli.Context) {
 	runtime.LockOSThread()
 
-	container, err := loadContainer()
+	container, err := loadConfig()
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go
similarity index 58%
rename from components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
rename to components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go
index c8d153312f..d65c0140e8 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/cli.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/main.go
@@ -1,38 +1,41 @@
-package nsinit
+package main
 
 import (
 	"log"
 	"os"
+	"strings"
 
 	"github.com/codegangsta/cli"
 )
 
 var (
 	logPath = os.Getenv("log")
-	argvs   = make(map[string]func())
+	argvs   = make(map[string]*rFunc)
 )
 
 func init() {
-	argvs["nsenter"] = nsenter
-}
-
-func preload(context *cli.Context) error {
-	if logPath != "" {
-		if err := openLog(logPath); err != nil {
-			return err
-		}
+	argvs["exec"] = &rFunc{
+		Usage:  "execute a process inside an existing container",
+		Action: nsenterExec,
 	}
 
-	return nil
+	argvs["mknod"] = &rFunc{
+		Usage:  "mknod a device inside an existing container",
+		Action: nsenterMknod,
+	}
+
+	argvs["ip"] = &rFunc{
+		Usage:  "display the container's network interfaces",
+		Action: nsenterIp,
+	}
 }
 
-func NsInit() {
+func main() {
 	// we need to check our argv 0 for any registred functions to run instead of the
 	// normal cli code path
-
-	action, exists := argvs[os.Args[0]]
+	f, exists := argvs[strings.TrimPrefix(os.Args[0], "nsenter-")]
 	if exists {
-		action()
+		runFunc(f)
 
 		return
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
index fabd65e9b4..8dc149f4fb 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -1,42 +1,84 @@
-package nsinit
+package main
 
 import (
+	"fmt"
 	"log"
+	"net"
 	"os"
+	"strconv"
+	"strings"
+	"text/tabwriter"
 
 	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/devices"
+	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/docker/libcontainer/namespaces"
 	_ "github.com/docker/libcontainer/namespaces/nsenter"
-	"github.com/docker/libcontainer/syncpipe"
 )
 
-func findUserArgs() []string {
-	i := 0
-	for _, a := range os.Args {
-		i++
-
-		if a == "--" {
-			break
-		}
-	}
-
-	return os.Args[i:]
-}
-
-// this expects that we already have our namespaces setup by the C initializer
-// we are expected to finalize the namespace and exec the user's application
-func nsenter() {
-	syncPipe, err := syncpipe.NewSyncPipeFromFd(0, 3)
-	if err != nil {
-		log.Fatalf("unable to create sync pipe: %s", err)
-	}
-
-	var config *libcontainer.Config
-	if err := syncPipe.ReadFromParent(&config); err != nil {
-		log.Fatalf("reading container config from parent: %s", err)
-	}
-
-	if err := namespaces.FinalizeSetns(config, findUserArgs()); err != nil {
+// nsenterExec exec's a process inside an existing container
+func nsenterExec(config *libcontainer.Config, args []string) {
+	if err := namespaces.FinalizeSetns(config, args); err != nil {
 		log.Fatalf("failed to nsenter: %s", err)
 	}
 }
+
+// nsenterMknod runs mknod inside an existing container
+//
+// mknod <path> <type> <major> <minor>
+func nsenterMknod(config *libcontainer.Config, args []string) {
+	if len(args) != 4 {
+		log.Fatalf("expected mknod to have 4 arguments not %d", len(args))
+	}
+
+	t := rune(args[1][0])
+
+	major, err := strconv.Atoi(args[2])
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	minor, err := strconv.Atoi(args[3])
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	n := &devices.Device{
+		Path:        args[0],
+		Type:        t,
+		MajorNumber: int64(major),
+		MinorNumber: int64(minor),
+	}
+
+	if err := nodes.CreateDeviceNode("/", n); err != nil {
+		log.Fatal(err)
+	}
+}
+
+// nsenterIp displays the network interfaces inside a container's net namespace
+func nsenterIp(config *libcontainer.Config, args []string) {
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	w := tabwriter.NewWriter(os.Stdout, 10, 1, 3, ' ', 0)
+	fmt.Fprint(w, "NAME\tMTU\tMAC\tFLAG\tADDRS\n")
+
+	for _, iface := range interfaces {
+		addrs, err := iface.Addrs()
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		o := []string{}
+
+		for _, a := range addrs {
+			o = append(o, a.String())
+		}
+
+		fmt.Fprintf(w, "%s\t%d\t%s\t%s\t%s\n", iface.Name, iface.MTU, iface.HardwareAddr, iface.Flags, strings.Join(o, ","))
+	}
+
+	w.Flush()
+}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go
deleted file mode 100644
index 816c4da5f9..0000000000
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/nsinit/nsinit.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package main
-
-import "github.com/docker/libcontainer/nsinit"
-
-func main() {
-	nsinit.NsInit()
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
index 492a0e858a..ada24250c1 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/pause.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"log"
@@ -34,7 +34,7 @@ func unpauseAction(context *cli.Context) {
 }
 
 func toggle(state cgroups.FreezerState) error {
-	container, err := loadContainer()
+	container, err := loadConfig()
 	if err != nil {
 		return err
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
index 3e59305b03..612b4a4bae 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/stats.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"encoding/json"
@@ -16,7 +16,7 @@ var statsCommand = cli.Command{
 }
 
 func statsAction(context *cli.Context) {
-	container, err := loadContainer()
+	container, err := loadConfig()
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
index 8525ba9a6d..7f5155942c 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/nsinit/utils.go
@@ -1,4 +1,4 @@
-package nsinit
+package main
 
 import (
 	"encoding/json"
@@ -6,10 +6,18 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/codegangsta/cli"
 	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/syncpipe"
 )
 
-func loadContainer() (*libcontainer.Config, error) {
+// rFunc is a function registration for calling after an execin
+type rFunc struct {
+	Usage  string
+	Action func(*libcontainer.Config, []string)
+}
+
+func loadConfig() (*libcontainer.Config, error) {
 	f, err := os.Open(filepath.Join(dataPath, "container.json"))
 	if err != nil {
 		return nil, err
@@ -35,12 +43,52 @@ func openLog(name string) error {
 	return nil
 }
 
-func loadContainerFromJson(rawData string) (*libcontainer.Config, error) {
-	var container *libcontainer.Config
+func findUserArgs() []string {
+	i := 0
+	for _, a := range os.Args {
+		i++
 
-	if err := json.Unmarshal([]byte(rawData), &container); err != nil {
+		if a == "--" {
+			break
+		}
+	}
+
+	return os.Args[i:]
+}
+
+// loadConfigFromFd loads a container's config from the sync pipe that is provided by
+// fd 3 when running a process
+func loadConfigFromFd() (*libcontainer.Config, error) {
+	syncPipe, err := syncpipe.NewSyncPipeFromFd(0, 3)
+	if err != nil {
 		return nil, err
 	}
 
-	return container, nil
+	var config *libcontainer.Config
+	if err := syncPipe.ReadFromParent(&config); err != nil {
+		return nil, err
+	}
+
+	return config, nil
+}
+
+func preload(context *cli.Context) error {
+	if logPath != "" {
+		if err := openLog(logPath); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func runFunc(f *rFunc) {
+	userArgs := findUserArgs()
+
+	config, err := loadConfigFromFd()
+	if err != nil {
+		log.Fatalf("unable to receive config from sync pipe: %s", err)
+	}
+
+	f.Action(config, userArgs)
 }
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/state.go b/components/engine/vendor/src/github.com/docker/libcontainer/state.go
index ee5d14d2ec..208b4c6276 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/state.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/state.go
@@ -18,6 +18,9 @@ type State struct {
 
 	// Network runtime state.
 	NetworkState network.NetworkState `json:"network_state,omitempty"`
+
+	// Path to all the cgroups setup for a container. Key is cgroup subsystem name.
+	CgroupPaths map[string]string `json:"cgroup_paths,omitempty"`
 }
 
 // The running state of the container.

From bc706dc232693031f2bf533fddb56a31bface484 Mon Sep 17 00:00:00 2001
From: Daniel Menet <membership@sontags.ch>
Date: Sat, 9 Aug 2014 09:16:54 +0200
Subject: [PATCH 500/516] Enable `docker search` on private docker registry.
 The cli interface works similar to other registry related commands:

  docker search foo

... searches for foo on the official hub

  docker search localhost:5000/foo

... does the same for the private reg at localhost:5000

Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: 3231033a80451adff73b53554e27fbabfebb4a4f
Component: engine
---
 components/engine/registry/service.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index 29afd16394..2d493f7e23 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -82,6 +82,14 @@ func (s *Service) Search(job *engine.Job) engine.Status {
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("metaHeaders", metaHeaders)
 
+	hostname, term, err := ResolveRepositoryName(term)
+	if err != nil {
+		return job.Error(err)
+	}
+	hostname, err = ExpandAndVerifyRegistryUrl(hostname)
+	if err != nil {
+		return job.Error(err)
+	}
 	r, err := NewSession(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress(), true)
 	if err != nil {
 		return job.Error(err)

From 06081e86de703784176b81669ce181586ace6174 Mon Sep 17 00:00:00 2001
From: Daniel Menet <membership@sontags.ch>
Date: Sun, 10 Aug 2014 11:48:34 +0200
Subject: [PATCH 501/516] Expand hostname before passing it to NewRegistry()

Signed-off-by: Daniel Menet <membership@sontags.ch>
Upstream-commit: 676308b853a43bb7be4838e937ab4effff670b1a
Component: engine
---
 components/engine/registry/service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index 2d493f7e23..0e6f1bda93 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -90,7 +90,7 @@ func (s *Service) Search(job *engine.Job) engine.Status {
 	if err != nil {
 		return job.Error(err)
 	}
-	r, err := NewSession(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress(), true)
+	r, err := NewSession(authConfig, HTTPRequestFactory(metaHeaders), hostname, true)
 	if err != nil {
 		return job.Error(err)
 	}

From e56ddc1f466bd9473ce66a077ca2bd11d6aadb19 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Sun, 17 Aug 2014 14:29:46 +0300
Subject: [PATCH 502/516] pkg/tarsum: avoid buf2 allocation in Read

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 55533693be0f268d7d7a2d339369ce8617398542
Component: engine
---
 components/engine/pkg/tarsum/tarsum.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/components/engine/pkg/tarsum/tarsum.go b/components/engine/pkg/tarsum/tarsum.go
index 32b5e42589..05b9ef4e2c 100644
--- a/components/engine/pkg/tarsum/tarsum.go
+++ b/components/engine/pkg/tarsum/tarsum.go
@@ -23,6 +23,7 @@ type TarSum struct {
 	gz                 writeCloseFlusher
 	bufTar             *bytes.Buffer
 	bufGz              *bytes.Buffer
+	bufData            [8192]byte
 	h                  hash.Hash
 	sums               map[string]string
 	currentFile        string
@@ -92,7 +93,12 @@ func (ts *TarSum) Read(buf []byte) (int, error) {
 	if ts.finished {
 		return ts.bufGz.Read(buf)
 	}
-	buf2 := make([]byte, len(buf), cap(buf))
+	var buf2 []byte
+	if len(buf) > 8192 {
+		buf2 = make([]byte, len(buf), cap(buf))
+	} else {
+		buf2 = ts.bufData[:len(buf)-1]
+	}
 
 	n, err := ts.tarR.Read(buf2)
 	if err != nil {

From 43acaaf00e1a0cee0ec9e5bc4bc2fb67d9b3b6f7 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@home.org.au>
Date: Mon, 18 Aug 2014 09:31:58 +1000
Subject: [PATCH 503/516] update the cli / man page docs based on what is in
 master right now

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 018e75a6e4ef955cd802267818b6a6c81a600c9a
Component: engine
---
 components/engine/docs/man/docker-ps.1.md                 | 6 ++++++
 components/engine/docs/man/docker-rm.1.md                 | 8 +++++---
 .../engine/docs/sources/reference/commandline/cli.md      | 7 ++++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/components/engine/docs/man/docker-ps.1.md b/components/engine/docs/man/docker-ps.1.md
index 9264d53a66..bf22d87da5 100644
--- a/components/engine/docs/man/docker-ps.1.md
+++ b/components/engine/docs/man/docker-ps.1.md
@@ -8,6 +8,7 @@ docker-ps - List containers
 **docker ps**
 [**-a**|**--all**[=*false*]]
 [**--before**[=*BEFORE*]]
+[**-f**|**--filter**[=*[]*]]
 [**-l**|**--latest**[=*false*]]
 [**-n**[=*-1*]]
 [**--no-trunc**[=*false*]]
@@ -28,6 +29,10 @@ the running containers.
 **--before**=""
    Show only container created before Id or Name, include non-running ones.
 
+**-f**, **--filter**=[]
+   Provide filter values. Valid filters:
+                          exited=<int> - containers with exit code of <int>
+
 **-l**, **--latest**=*true*|*false*
    Show only the latest created container, include non-running ones. The default is *false*.
 
@@ -68,3 +73,4 @@ the running containers.
 April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/man/docker-rm.1.md b/components/engine/docs/man/docker-rm.1.md
index e73231e907..bae6a7ea8c 100644
--- a/components/engine/docs/man/docker-rm.1.md
+++ b/components/engine/docs/man/docker-rm.1.md
@@ -6,8 +6,8 @@ docker-rm - Remove one or more containers
 
 # SYNOPSIS
 **docker rm**
-[**-l**|**--link**[=*false*]]
 [**-f**|**--force**[=*false*]]
+[**-l**|**--link**[=*false*]]
 [**-v**|**--volumes**[=*false*]]
  CONTAINER [CONTAINER...]
 
@@ -19,11 +19,12 @@ remove a running container unless you use the \fB-f\fR option. To see all
 containers on a host use the **docker ps -a** command.
 
 # OPTIONS
+**-f**, **--force**=*true*|*false*
+   Force the removal of a running container (uses SIGKILL). The default is *false*.
+
 **-l**, **--link**=*true*|*false*
    Remove the specified link and not the underlying container. The default is *false*.
 
-**-f**, **--force**=*true*|*false*
-  Allows removing of a running container by first killing it with SIGKILL.
 **-v**, **--volumes**=*true*|*false*
    Remove the volumes associated with the container. The default is *false*.
 
@@ -49,3 +50,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.
 June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
 July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
+August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 9afa691b6b..8a8ef0696b 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -65,7 +65,7 @@ expect an integer, and they can only be specified once.
       -H, --host=[]                              The socket(s) to bind to in daemon mode
                                                    specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
       --icc=true                                 Enable inter-container communication
-      --ip="0.0.0.0"                             Default IP address to use when binding container ports
+      --ip=0.0.0.0                               Default IP address to use when binding container ports
       --ip-forward=true                          Enable net.ipv4.ip_forward
       --iptables=true                            Enable Docker's addition of iptables rules
       --mtu=0                                    Set the containers network MTU
@@ -792,7 +792,8 @@ further details.
 
       -a, --all=false       Show all containers. Only running containers are shown by default.
       --before=""           Show only container created before Id or Name, include non-running ones.
-      -f, --filter=[]       Provide filter values (i.e. 'exited=0')
+      -f, --filter=[]       Provide filter values. Valid filters:
+                              exited=<int> - containers with exit code of <int>
       -l, --latest=false    Show only the latest created container, include non-running ones.
       -n=-1                 Show n last created containers, include non-running ones.
       --no-trunc=false      Don't truncate output
@@ -882,7 +883,7 @@ registry or to a self-hosted one.
 
     Remove one or more containers
 
-      -f, --force=false      Force removal of a running container. Uses SIGKILL to stop the container.
+      -f, --force=false      Force the removal of a running container (uses SIGKILL)
       -l, --link=false       Remove the specified link and not the underlying container
       -v, --volumes=false    Remove the volumes associated with the container
 

From b18ccc68462948f823acac711a1a1d95c1008f70 Mon Sep 17 00:00:00 2001
From: Alexandr Morozov <lk4d4math@gmail.com>
Date: Mon, 18 Aug 2014 14:13:43 +0400
Subject: [PATCH 504/516] Remove internet dependency from TestBuildCacheADD

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: 075e1bc1c35b5f130f6ae7961782ff9af79817bc
Component: engine
---
 .../TestBuildCacheADD/1/Dockerfile            |  2 -
 .../TestBuildCacheADD/2/Dockerfile            |  2 -
 .../integration-cli/docker_cli_build_test.go  | 48 +++++++++----------
 .../engine/integration-cli/docker_utils.go    | 15 ++++--
 4 files changed, 34 insertions(+), 33 deletions(-)
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildCacheADD/1/Dockerfile
 delete mode 100644 components/engine/integration-cli/build_tests/TestBuildCacheADD/2/Dockerfile

diff --git a/components/engine/integration-cli/build_tests/TestBuildCacheADD/1/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildCacheADD/1/Dockerfile
deleted file mode 100644
index 7287771992..0000000000
--- a/components/engine/integration-cli/build_tests/TestBuildCacheADD/1/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD https://index.docker.io/robots.txt /
diff --git a/components/engine/integration-cli/build_tests/TestBuildCacheADD/2/Dockerfile b/components/engine/integration-cli/build_tests/TestBuildCacheADD/2/Dockerfile
deleted file mode 100644
index afe79b84b6..0000000000
--- a/components/engine/integration-cli/build_tests/TestBuildCacheADD/2/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-FROM busybox
-ADD http://example.com/index.html /
diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go
index c9e0a48e65..bcff199c85 100644
--- a/components/engine/integration-cli/docker_cli_build_test.go
+++ b/components/engine/integration-cli/docker_cli_build_test.go
@@ -15,38 +15,34 @@ import (
 )
 
 func TestBuildCacheADD(t *testing.T) {
-	var (
-		exitCode int
-		out      string
-		err      error
-	)
-	{
-		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "1")
-		out, exitCode, err = dockerCmdInDir(t, buildDirectory, "build", "-t", "testcacheadd1", ".")
-		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
-
-		if err != nil || exitCode != 0 {
-			t.Fatal("failed to build the image")
-		}
+	name := "testbuildtwoimageswithadd"
+	defer deleteImages(name)
+	server, err := fakeStorage(map[string]string{
+		"robots.txt": "hello",
+		"index.html": "world",
+	})
+	if err != nil {
+		t.Fatal(err)
 	}
-	{
-		buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildCacheADD", "2")
-		out, exitCode, err = dockerCmdInDir(t, buildDirectory, "build", "-t", "testcacheadd2", ".")
-		errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
-
-		if err != nil || exitCode != 0 {
-			t.Fatal("failed to build the image")
-		}
+	defer server.Close()
+	if _, err := buildImage(name,
+		fmt.Sprintf(`FROM scratch
+		ADD %s/robots.txt /`, server.URL),
+		true); err != nil {
+		t.Fatal(err)
+	}
+	out, _, err := buildImageWithOut(name,
+		fmt.Sprintf(`FROM scratch
+		ADD %s/index.html /`, server.URL),
+		true)
+	if err != nil {
+		t.Fatal(err)
 	}
-
 	if strings.Contains(out, "Using cache") {
 		t.Fatal("2nd build used cache on ADD, it shouldn't")
 	}
 
-	deleteImages("testcacheadd1")
-	deleteImages("testcacheadd2")
-
-	logDone("build - build two images with ADD")
+	logDone("build - build two images with remote ADD")
 }
 
 func TestBuildSixtySteps(t *testing.T) {
diff --git a/components/engine/integration-cli/docker_utils.go b/components/engine/integration-cli/docker_utils.go
index f4f19403bb..5561fc24dc 100644
--- a/components/engine/integration-cli/docker_utils.go
+++ b/components/engine/integration-cli/docker_utils.go
@@ -240,7 +240,7 @@ func getIDByName(name string) (string, error) {
 	return inspectField(name, "Id")
 }
 
-func buildImage(name, dockerfile string, useCache bool) (string, error) {
+func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, error) {
 	args := []string{"build", "-t", name}
 	if !useCache {
 		args = append(args, "--no-cache")
@@ -250,9 +250,18 @@ func buildImage(name, dockerfile string, useCache bool) (string, error) {
 	buildCmd.Stdin = strings.NewReader(dockerfile)
 	out, exitCode, err := runCommandWithOutput(buildCmd)
 	if err != nil || exitCode != 0 {
-		return "", fmt.Errorf("failed to build the image: %s", out)
+		return "", out, fmt.Errorf("failed to build the image: %s", out)
 	}
-	return getIDByName(name)
+	id, err := getIDByName(name)
+	if err != nil {
+		return "", out, err
+	}
+	return id, out, nil
+}
+
+func buildImage(name, dockerfile string, useCache bool) (string, error) {
+	id, _, err := buildImageWithOut(name, dockerfile, useCache)
+	return id, err
 }
 
 func buildImageFromContext(name string, ctx *FakeContext, useCache bool) (string, error) {

From b71571fd041f8ec0355b25d86160678cba5f9fed Mon Sep 17 00:00:00 2001
From: Remi Rampin <remirampin@gmail.com>
Date: Mon, 18 Aug 2014 15:31:37 -0400
Subject: [PATCH 505/516] Fixes "note" blockquote too long [doc, minor]

A "note" block includes too much text, so if you skip over it the next paragraph makes zero sense.
Upstream-commit: 99082de9ada13a5898e769c176a88488d310b1a4
Component: engine
---
 .../engine/docs/sources/introduction/understanding-docker.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/introduction/understanding-docker.md b/components/engine/docs/sources/introduction/understanding-docker.md
index 8cdab02c4c..9448f68d8b 100644
--- a/components/engine/docs/sources/introduction/understanding-docker.md
+++ b/components/engine/docs/sources/introduction/understanding-docker.md
@@ -157,7 +157,7 @@ this as the base of all your web application images.
 
 > **Note:** Docker usually gets these base images from
 > [Docker Hub](https://hub.docker.com).
-> 
+
 Docker images are then built from these base images using a simple, descriptive
 set of steps we call *instructions*. Each instruction creates a new layer in our
 image. Instructions include actions like:

From f481aa1f06d2ca0fa3a54efc301304f31ae99700 Mon Sep 17 00:00:00 2001
From: "Vojtech Vitek (V-Teq)" <vvitek@redhat.com>
Date: Tue, 19 Aug 2014 01:08:47 +0200
Subject: [PATCH 506/516] Add GoDoc and Travis build link/images to README

Signed-off-by: Vojtech Vitek (V-Teq) <vvitek@redhat.com>
Upstream-commit: 7cb68713552d2b153ed18bc6dcdcee5b69ef0a5f
Component: engine
---
 components/engine/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/engine/README.md b/components/engine/README.md
index 46acc5ab10..857cd3c70a 100644
--- a/components/engine/README.md
+++ b/components/engine/README.md
@@ -177,6 +177,9 @@ Under the hood, Docker is built on the following components:
 Contributing to Docker
 ======================
 
+[![GoDoc](https://godoc.org/github.com/docker/docker?status.png)](https://godoc.org/github.com/docker/docker)
+[![Travis](https://travis-ci.org/docker/docker.svg?branch=master)](https://travis-ci.org/docker/docker)
+
 Want to hack on Docker? Awesome! There are instructions to get you
 started [here](CONTRIBUTING.md).
 

From d9d0f62578af57e8aaf3797455328a0221cccf1c Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Tue, 19 Aug 2014 09:52:46 -0700
Subject: [PATCH 507/516] Fix search test for busybox image

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: dad2fcb1993d9cd7c513db10965aa37d7f9a542d
Component: engine
---
 components/engine/integration-cli/docker_cli_search_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/integration-cli/docker_cli_search_test.go b/components/engine/integration-cli/docker_cli_search_test.go
index 16523ff468..e8b9efdc19 100644
--- a/components/engine/integration-cli/docker_cli_search_test.go
+++ b/components/engine/integration-cli/docker_cli_search_test.go
@@ -9,7 +9,7 @@ import (
 
 // search for repos named  "registry" on the central registry
 func TestSearchOnCentralRegistry(t *testing.T) {
-	searchCmd := exec.Command(dockerBinary, "search", "stackbrew/busybox")
+	searchCmd := exec.Command(dockerBinary, "search", "busybox")
 	out, exitCode, err := runCommandWithOutput(searchCmd)
 	errorOut(err, t, fmt.Sprintf("encountered error while searching: %v", err))
 

From 796b032af22d24701c7915b735cd35d058ad562b Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 9 Apr 2014 23:17:39 +0000
Subject: [PATCH 508/516] allow /etc/hosts /etc/resolv.conf and /etc/hostname
 to be changed

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: f3b2c93b9f01ac909de4f93753a21eacb02bcd9f
Component: engine
---
 components/engine/daemon/container.go | 23 ++++++-----------------
 components/engine/daemon/volumes.go   |  6 +++---
 2 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index f359adfe0a..df6bd66190 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -849,18 +849,16 @@ func (container *Container) setupContainerDns() error {
 		daemon = container.daemon
 	)
 
-	if config.NetworkMode == "host" {
-		container.ResolvConfPath = "/etc/resolv.conf"
-		return nil
-	}
-
 	resolvConf, err := resolvconf.Get()
 	if err != nil {
 		return err
 	}
+	container.ResolvConfPath, err = container.getRootResourcePath("resolv.conf")
+	if err != nil {
+		return err
+	}
 
-	// If custom dns exists, then create a resolv.conf for the container
-	if len(config.Dns) > 0 || len(daemon.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(daemon.config.DnsSearch) > 0 {
+	if config.NetworkMode != "host" && (len(config.Dns) > 0 || len(daemon.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(daemon.config.DnsSearch) > 0) {
 		var (
 			dns       = resolvconf.GetNameservers(resolvConf)
 			dnsSearch = resolvconf.GetSearchDomains(resolvConf)
@@ -875,18 +873,9 @@ func (container *Container) setupContainerDns() error {
 		} else if len(daemon.config.DnsSearch) > 0 {
 			dnsSearch = daemon.config.DnsSearch
 		}
-
-		resolvConfPath, err := container.getRootResourcePath("resolv.conf")
-		if err != nil {
-			return err
-		}
-		container.ResolvConfPath = resolvConfPath
-
 		return resolvconf.Build(container.ResolvConfPath, dns, dnsSearch)
-	} else {
-		container.ResolvConfPath = "/etc/resolv.conf"
 	}
-	return nil
+	return ioutil.WriteFile(container.ResolvConfPath, resolvConf, 0644)
 }
 
 func (container *Container) initializeNetworking() error {
diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go
index ea18a62b8c..b60118c953 100644
--- a/components/engine/daemon/volumes.go
+++ b/components/engine/daemon/volumes.go
@@ -50,15 +50,15 @@ func prepareVolumesForContainer(container *Container) error {
 
 func setupMountsForContainer(container *Container) error {
 	mounts := []execdriver.Mount{
-		{container.ResolvConfPath, "/etc/resolv.conf", false, true},
+		{container.ResolvConfPath, "/etc/resolv.conf", true, true},
 	}
 
 	if container.HostnamePath != "" {
-		mounts = append(mounts, execdriver.Mount{container.HostnamePath, "/etc/hostname", false, true})
+		mounts = append(mounts, execdriver.Mount{container.HostnamePath, "/etc/hostname", true, true})
 	}
 
 	if container.HostsPath != "" {
-		mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", false, true})
+		mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", true, true})
 	}
 
 	// Mount user specified volumes

From fb74f9294f73f2a507d6d6920abffbced55cda60 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Tue, 22 Jul 2014 18:16:15 +0000
Subject: [PATCH 509/516] add tests

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: fc39f9c78d89332d2364c4781010f5fb4b500fe4
Component: engine
---
 .../integration-cli/docker_cli_run_test.go    | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go
index 2c065caacc..b95fd86d2b 100644
--- a/components/engine/integration-cli/docker_cli_run_test.go
+++ b/components/engine/integration-cli/docker_cli_run_test.go
@@ -1549,3 +1549,84 @@ func TestRunExitOnStdinClose(t *testing.T) {
 	}
 	logDone("run - exit on stdin closing")
 }
+
+// Test for #2267
+func TestWriteHostsFileAndNotCommit(t *testing.T) {
+	name := "writehosts"
+	cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hosts && cat /etc/hosts")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if !strings.Contains(out, "test2267") {
+		t.Fatal("/etc/hosts should contain 'test2267'")
+	}
+
+	cmd = exec.Command(dockerBinary, "diff", name)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if len(strings.Trim(out, "\r\n")) != 0 {
+		t.Fatal("diff should be empty")
+	}
+
+	logDone("run - write to /etc/hosts and not commited")
+}
+
+// Test for #2267
+func TestWriteHostnameFileAndNotCommit(t *testing.T) {
+	name := "writehostname"
+	cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hostname && cat /etc/hostname")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if !strings.Contains(out, "test2267") {
+		t.Fatal("/etc/hostname should contain 'test2267'")
+	}
+
+	cmd = exec.Command(dockerBinary, "diff", name)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if len(strings.Trim(out, "\r\n")) != 0 {
+		t.Fatal("diff should be empty")
+	}
+
+	logDone("run - write to /etc/hostname and not commited")
+}
+
+// Test for #2267
+func TestWriteResolvFileAndNotCommit(t *testing.T) {
+	name := "writeresolv"
+	cmd := exec.Command(dockerBinary, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/resolv.conf && cat /etc/resolv.conf")
+	out, _, err := runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if !strings.Contains(out, "test2267") {
+		t.Fatal("/etc/resolv.conf should contain 'test2267'")
+	}
+
+	cmd = exec.Command(dockerBinary, "diff", name)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+	if len(strings.Trim(out, "\r\n")) != 0 {
+		t.Fatal("diff should be empty")
+	}
+
+	logDone("run - write to /etc/resolv.conf and not commited")
+}

From 09240bd7680b903f691bfa4e71e9ef49bd1638c0 Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Thu, 14 Aug 2014 00:26:44 +0000
Subject: [PATCH 510/516] add small doc

Signed-off-by: Victor Vieux <vieux@docker.com>
Upstream-commit: 26feb09fac7cfcafef36cc71df1176301c70eb53
Component: engine
---
 components/engine/docs/sources/articles/networking.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/components/engine/docs/sources/articles/networking.md b/components/engine/docs/sources/articles/networking.md
index e465429cdb..f9aa2d26d3 100644
--- a/components/engine/docs/sources/articles/networking.md
+++ b/components/engine/docs/sources/articles/networking.md
@@ -731,3 +731,14 @@ usual containers.  But unless you have very specific networking needs
 that drive you to such a solution, it is probably far preferable to use
 `--icc=false` to lock down inter-container communication, as we explored
 earlier.
+
+## Editing networking config files
+
+Starting with Docker v.1.2.0, you can now edit `/etc/hosts`, `/etc/hostname`
+and `/etc/resolve.conf` in a running container. This is useful if you need
+to install bind or other services that might override one of those files.
+
+Note, however, that changes to these files will not be saved by
+`docker commit`, nor will they be saved during `docker run`.
+That means they won't be saved in the image, nor will they persist when a
+container is restarted; they will only "stick" in a running container.

From f066236203f21482a14cb832ad3f7aea6b3cb66c Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Tue, 19 Aug 2014 13:39:50 -0700
Subject: [PATCH 511/516] Added warning re: using root for dockerfile root.
 Fixes #7612

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: b63c10558e6fe187d9cee25a4d8bad4bffd7f79b
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index d2c848b11e..3720a7387c 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -27,6 +27,19 @@ the build. The build is run by the Docker daemon, not by the CLI, so the
 whole context must be transferred to the daemon. The Docker CLI reports
 "Sending build context to Docker daemon" when the context is sent to the daemon.
 
+> **Warning**
+> Avoid using your root directory, `/`, as the root of the source repository. The 
+> `docker build` command will use whatever directory contains the Dockerfile as the build
+> context(including all of its subdirectories). The build context will be sent to the
+> Docker daemon before building the image, which means if you use `/` as the source
+> repository, the entire contents of your hard drive will get sent to the daemon. You
+> probably don't want that.
+
+In most cases, it's best to put each Dockerfile in an empty directory, and then add only
+the files needed for building that Dockerfile to that directory. To further speed up the
+build, you can exclude files and directories by adding a `.dockerignore` file to the same
+directory.
+
 You can specify a repository and tag at which to save the new image if
 the build succeeds:
 

From 4d8152bd50231625ba6dfefa597ddfacaf0c17fa Mon Sep 17 00:00:00 2001
From: krrg <krrgithub@gmail.com>
Date: Tue, 19 Aug 2014 16:03:51 -0600
Subject: [PATCH 512/516] Update openSUSE installation instructions

Out of box, the 'sudo' command on openSUSE does not work similarly to other distros.  In this case, the path to usermod should be explicitly given, since /usr/sbin, where usermod is located, is not on the sudoing user's PATH.  The other sudo commands here should be fine.
Upstream-commit: 05a09675c31c7de7f8f21bdd13ad7adb548804de
Component: engine
---
 components/engine/docs/sources/installation/openSUSE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/sources/installation/openSUSE.md b/components/engine/docs/sources/installation/openSUSE.md
index 5dd8dd00d2..951b8770cc 100644
--- a/components/engine/docs/sources/installation/openSUSE.md
+++ b/components/engine/docs/sources/installation/openSUSE.md
@@ -47,7 +47,7 @@ The docker package creates a new group named docker. Users, other than
 root user, need to be part of this group in order to interact with the
 Docker daemon. You can add users with:
 
-    $ sudo usermod -a -G docker <username>
+    $ sudo /usr/sbin/usermod -a -G docker <username>
 
 To verify that everything has worked as expected:
 

From 3cb90fd37eae6b42bce1a10f53087d055b718e81 Mon Sep 17 00:00:00 2001
From: Ben Firshman <ben@firshman.co.uk>
Date: Tue, 19 Aug 2014 15:39:37 -0700
Subject: [PATCH 513/516] Use HTTPS for newsletter signup form

This is causing an insecure HTTPS error in Chrome 37.

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Upstream-commit: 8c7915fcded75128dab9724782baebb17fbcd9f4
Component: engine
---
 components/engine/docs/theme/mkdocs/footer.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/docs/theme/mkdocs/footer.html b/components/engine/docs/theme/mkdocs/footer.html
index fbe0c88ef3..05316b4f38 100644
--- a/components/engine/docs/theme/mkdocs/footer.html
+++ b/components/engine/docs/theme/mkdocs/footer.html
@@ -56,7 +56,7 @@
         <span class="footer-title">Connect</span>
         <div class="search">
           <span>Subscribe to our newsletter</span>
-          <form action="http://www.docker.com/subscribe_newsletter/" method="post">
+          <form action="https://www.docker.com/subscribe_newsletter/" method="post">
             <input type='hidden' name='csrfmiddlewaretoken' value='aWL78QXQkY8DSKNYh6cl08p5eTLl7sOa' />
             <tr><th><label for="id_email">Email:</label></th><td><input class="form-control" id="id_email" name="email" placeholder="Enter your email" type="text" /></td></tr>
             

From 4300ef9d0c32529d2fba203ef6e25965465a0ead Mon Sep 17 00:00:00 2001
From: Fred Lifton <fred.lifton@docker.com>
Date: Tue, 19 Aug 2014 17:22:11 -0700
Subject: [PATCH 514/516] Fixed a typo and added a bit based on Sven's feedback

Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Upstream-commit: 98dd982586ed9fd99853001d4a27503180e432c4
Component: engine
---
 components/engine/docs/sources/reference/builder.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/engine/docs/sources/reference/builder.md b/components/engine/docs/sources/reference/builder.md
index 3720a7387c..796d07d98e 100644
--- a/components/engine/docs/sources/reference/builder.md
+++ b/components/engine/docs/sources/reference/builder.md
@@ -30,10 +30,10 @@ whole context must be transferred to the daemon. The Docker CLI reports
 > **Warning**
 > Avoid using your root directory, `/`, as the root of the source repository. The 
 > `docker build` command will use whatever directory contains the Dockerfile as the build
-> context(including all of its subdirectories). The build context will be sent to the
+> context (including all of its subdirectories). The build context will be sent to the
 > Docker daemon before building the image, which means if you use `/` as the source
-> repository, the entire contents of your hard drive will get sent to the daemon. You
-> probably don't want that.
+> repository, the entire contents of your hard drive will get sent to the daemon (and
+> thus to the machine running the daemon). You probably don't want that.
 
 In most cases, it's best to put each Dockerfile in an empty directory, and then add only
 the files needed for building that Dockerfile to that directory. To further speed up the

From 46c8de1eaadd5cc5eae298336fc99879847ba013 Mon Sep 17 00:00:00 2001
From: Deshi Xiao <dxiao@redhat.com>
Date: Wed, 20 Aug 2014 15:56:50 +0800
Subject: [PATCH 515/516] Cleanup: correct cli --volumes-from description

issue #7580 volumes-from comma separated list mentioned this case.

Options like --volumes-from=[] indicate they can be specified multiple times:
docker run -it --rm --volumes-from TEST_DATA --volumes-from TEST_DATA2 ubuntu bash

Signed-off-by: Deshi Xiao <dxiao@redhat.com>
Upstream-commit: 4d0b88c52f896fe159fe2b1dfd7bdb8116c31da3
Component: engine
---
 .../docs/sources/reference/commandline/cli.md | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/components/engine/docs/sources/reference/commandline/cli.md b/components/engine/docs/sources/reference/commandline/cli.md
index 8a8ef0696b..7b9e2ab610 100644
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@@ -322,7 +322,7 @@ schema.
 
 > **Note:** `docker build` will return a `no such file or directory` error
 > if the file or directory does not exist in the uploaded context. This may
-> happen if there is no context, or if you specify a file that is elsewhere 
+> happen if there is no context, or if you specify a file that is elsewhere
 > on the Host system. The context is limited to the current directory (and its
 > children) for security reasons, and to ensure repeatable builds on remote
 > Docker hosts. This is also the reason why `ADD ../file` will not work.
@@ -824,8 +824,8 @@ Current filters:
 
     $ sudo docker ps -a --filter 'exited=0'
     CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
-    ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000->5000/tcp   desperate_leakey       
-    106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani   
+    ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000->5000/tcp   desperate_leakey
+    106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani
     48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
 
 This shows all the containers that have exited with status of '0'
@@ -1145,14 +1145,14 @@ network and environment of the `redis` container via environment variables.
 The `--name` flag will assign the name `console` to the newly created
 container.
 
-    $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd
+    $ sudo docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
 
 The `--volumes-from` flag mounts all the defined volumes from the referenced
-containers. Containers can be specified by a comma separated list or by
-repetitions of the `--volumes-from` argument. The container ID may be
-optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only
-or read-write mode, respectively. By default, the volumes are mounted in
-the same mode (read write or read only) as the reference container.
+containers. Containers can be specified by repetitions of the `--volumes-from`
+argument. The container ID may be optionally suffixed with `:ro` or `:rw` to
+mount the volumes in read-only or read-write mode, respectively. By default,
+the volumes are mounted in the same mode (read write or read only) as
+the reference container.
 
 The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or
 `STDERR`. This makes it possible to manipulate the output and input as needed.
@@ -1223,7 +1223,7 @@ application change:
 
 #### Restart Policies
 
-Using the `--restart` flag on Docker run you can specify a restart policy for 
+Using the `--restart` flag on Docker run you can specify a restart policy for
 how a container should or should not be restarted on exit.
 
 ** no ** - Do not restart the container when it exits.
@@ -1232,18 +1232,18 @@ how a container should or should not be restarted on exit.
 
 ** always ** - Always restart the container reguardless of the exit status.
 
-You can also specify the maximum amount of times Docker will try to restart the 
+You can also specify the maximum amount of times Docker will try to restart the
 container when using the ** on-failure ** policy.  The default is that Docker will try forever to restart the container.
 
     $ sudo docker run --restart=always redis
 
-This will run the `redis` container with a restart policy of ** always ** so that if 
+This will run the `redis` container with a restart policy of ** always ** so that if
 the container exits, Docker will restart it.
 
     $ sudo docker run --restart=on-failure:10 redis
 
-This will run the `redis` container with a restart policy of ** on-failure ** and a 
-maximum restart count of 10.  If the `redis` container exits with a non-zero exit 
+This will run the `redis` container with a restart policy of ** on-failure ** and a
+maximum restart count of 10.  If the `redis` container exits with a non-zero exit
 status more than 10 times in a row Docker will abort trying to restart the container.
 
 ## save
@@ -1294,7 +1294,7 @@ more details on finding shared images from the command line.
       -a, --attach=false         Attach container's STDOUT and STDERR and forward all signals to the process
       -i, --interactive=false    Attach container's STDIN
 
-When run on a container that has already been started, 
+When run on a container that has already been started,
 takes no action and succeeds unconditionally.
 
 ## stop

From 065feffb73bf1f8d72f6b31a17d5438bd7e8276b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@docker.com>
Date: Wed, 20 Aug 2014 11:19:55 -0700
Subject: [PATCH 516/516] Update libcontainer to db65c35051d05f3fb218a0e84a1

Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: 624b944896d47031f9df166b4275037664a3cb23
Component: engine
---
 components/engine/hack/vendor.sh              |  2 +-
 .../docker/libcontainer/cgroups/cgroups.go    | 29 ++++++++++++++---
 .../libcontainer/cgroups/fs/apply_raw.go      | 24 ++++++++++++--
 .../docker/libcontainer/cgroups/fs/blkio.go   |  3 +-
 .../docker/libcontainer/cgroups/fs/cpuacct.go |  3 +-
 .../docker/libcontainer/cgroups/fs/freezer.go |  2 +-
 .../libcontainer/cgroups/fs/perf_event.go     |  2 +-
 .../libcontainer/cgroups/fs/utils_test.go     | 19 -----------
 .../cgroups/systemd/apply_systemd.go          | 32 +++++++++----------
 .../docker/libcontainer/cgroups/utils.go      |  9 ++++--
 10 files changed, 76 insertions(+), 49 deletions(-)

diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh
index 652126769a..7af22ea64e 100755
--- a/components/engine/hack/vendor.sh
+++ b/components/engine/hack/vendor.sh
@@ -59,7 +59,7 @@ rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
 mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
-clone git github.com/docker/libcontainer 29363e2d2d7b8f62a5f353be333758f83df540a9
+clone git github.com/docker/libcontainer db65c35051d05f3fb218a0e84a11267e0894fe0a
 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
 rm -rf src/github.com/docker/libcontainer/vendor
 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
index 598454862b..567e9a6c16 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/cgroups.go
@@ -1,15 +1,11 @@
 package cgroups
 
 import (
-	"errors"
+	"fmt"
 
 	"github.com/docker/libcontainer/devices"
 )
 
-var (
-	ErrNotFound = errors.New("mountpoint not found")
-)
-
 type FreezerState string
 
 const (
@@ -18,6 +14,29 @@ const (
 	Thawed    FreezerState = "THAWED"
 )
 
+type NotFoundError struct {
+	Subsystem string
+}
+
+func (e *NotFoundError) Error() string {
+	return fmt.Sprintf("mountpoint for %s not found", e.Subsystem)
+}
+
+func NewNotFoundError(sub string) error {
+	return &NotFoundError{
+		Subsystem: sub,
+	}
+}
+
+func IsNotFound(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	_, ok := err.(*NotFoundError)
+	return ok
+}
+
 type Cgroup struct {
 	Name   string `json:"name,omitempty"`
 	Parent string `json:"parent,omitempty"` // name of parent cgroup or slice
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
index e20cdbb926..443dbb698b 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -76,7 +76,7 @@ func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
 		path, err := d.path(sysname)
 		if err != nil {
 			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
-			if err == cgroups.ErrNotFound {
+			if cgroups.IsNotFound(err) {
 				continue
 			}
 
@@ -155,25 +155,45 @@ func (raw *data) parent(subsystem string) (string, error) {
 
 func (raw *data) Paths() (map[string]string, error) {
 	paths := make(map[string]string)
+
 	for sysname := range subsystems {
 		path, err := raw.path(sysname)
 		if err != nil {
+			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
+			if cgroups.IsNotFound(err) {
+				continue
+			}
+
 			return nil, err
 		}
+
 		paths[sysname] = path
 	}
+
 	return paths, nil
 }
 
 func (raw *data) path(subsystem string) (string, error) {
 	// If the cgroup name/path is absolute do not look relative to the cgroup of the init process.
 	if filepath.IsAbs(raw.cgroup) {
-		return filepath.Join(raw.root, subsystem, raw.cgroup), nil
+		path := filepath.Join(raw.root, subsystem, raw.cgroup)
+
+		if _, err := os.Stat(path); err != nil {
+			if os.IsNotExist(err) {
+				return "", cgroups.NewNotFoundError(subsystem)
+			}
+
+			return "", err
+		}
+
+		return path, nil
 	}
+
 	parent, err := raw.parent(subsystem)
 	if err != nil {
 		return "", err
 	}
+
 	return filepath.Join(parent, raw.cgroup), nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
index 38b8757727..f784d01151 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/blkio.go
@@ -16,9 +16,10 @@ type BlkioGroup struct {
 
 func (s *BlkioGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
-	if _, err := d.join("blkio"); err != nil && err != cgroups.ErrNotFound {
+	if _, err := d.join("blkio"); err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
+
 	return nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
index 7761d4c283..853ab6bffd 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
@@ -27,9 +27,10 @@ type CpuacctGroup struct {
 
 func (s *CpuacctGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
-	if _, err := d.join("cpuacct"); err != nil && err != cgroups.ErrNotFound {
+	if _, err := d.join("cpuacct"); err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
+
 	return nil
 }
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
index db2a41ca34..c6b677fa95 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/freezer.go
@@ -33,7 +33,7 @@ func (s *FreezerGroup) Set(d *data) error {
 			time.Sleep(1 * time.Millisecond)
 		}
 	default:
-		if _, err := d.join("freezer"); err != nil && err != cgroups.ErrNotFound {
+		if _, err := d.join("freezer"); err != nil && !cgroups.IsNotFound(err) {
 			return err
 		}
 	}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
index 5f45678ff3..813274d8cb 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/perf_event.go
@@ -9,7 +9,7 @@ type PerfEventGroup struct {
 
 func (s *PerfEventGroup) Set(d *data) error {
 	// we just want to join this group even though we don't set anything
-	if _, err := d.join("perf_event"); err != nil && err != cgroups.ErrNotFound {
+	if _, err := d.join("perf_event"); err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 	return nil
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
index 6ea59bc506..63d743f06e 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/fs/utils_test.go
@@ -5,8 +5,6 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
-
-	"github.com/docker/libcontainer/cgroups"
 )
 
 const (
@@ -68,20 +66,3 @@ func TestGetCgroupParamsInt(t *testing.T) {
 		t.Fatal("Expecting error, got none")
 	}
 }
-
-func TestAbsolutePathHandling(t *testing.T) {
-	testCgroup := cgroups.Cgroup{
-		Name:   "bar",
-		Parent: "/foo",
-	}
-	cgroupData := data{
-		root:   "/sys/fs/cgroup",
-		cgroup: "/foo/bar",
-		c:      &testCgroup,
-		pid:    1,
-	}
-	expectedPath := filepath.Join(cgroupData.root, "cpu", testCgroup.Parent, testCgroup.Name)
-	if path, err := cgroupData.path("cpu"); path != expectedPath || err != nil {
-		t.Fatalf("expected path %s but got %s %s", expectedPath, path, err)
-	}
-}
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
index 7fcd99bceb..7af4818e23 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
@@ -13,8 +13,7 @@ import (
 	"sync"
 	"time"
 
-	systemd1 "github.com/coreos/go-systemd/dbus"
-	"github.com/docker/docker/pkg/systemd"
+	systemd "github.com/coreos/go-systemd/dbus"
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/cgroups/fs"
 	"github.com/godbus/dbus"
@@ -30,7 +29,7 @@ type subsystem interface {
 
 var (
 	connLock              sync.Mutex
-	theConn               *systemd1.Conn
+	theConn               *systemd.Conn
 	hasStartTransientUnit bool
 	subsystems            = map[string]subsystem{
 		"devices":    &fs.DevicesGroup{},
@@ -45,7 +44,8 @@ var (
 )
 
 func UseSystemd() bool {
-	if !systemd.SdBooted() {
+	s, err := os.Stat("/run/systemd/system")
+	if err != nil || !s.IsDir() {
 		return false
 	}
 
@@ -54,7 +54,7 @@ func UseSystemd() bool {
 
 	if theConn == nil {
 		var err error
-		theConn, err = systemd1.New()
+		theConn, err = systemd.New()
 		if err != nil {
 			return false
 		}
@@ -88,7 +88,7 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
 	var (
 		unitName   = getUnitName(c)
 		slice      = "system.slice"
-		properties []systemd1.Property
+		properties []systemd.Property
 		res        = &systemdCgroup{}
 	)
 
@@ -99,27 +99,27 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
 	}
 
 	properties = append(properties,
-		systemd1.Property{"Slice", dbus.MakeVariant(slice)},
-		systemd1.Property{"Description", dbus.MakeVariant("docker container " + c.Name)},
-		systemd1.Property{"PIDs", dbus.MakeVariant([]uint32{uint32(pid)})},
+		systemd.Property{"Slice", dbus.MakeVariant(slice)},
+		systemd.Property{"Description", dbus.MakeVariant("docker container " + c.Name)},
+		systemd.Property{"PIDs", dbus.MakeVariant([]uint32{uint32(pid)})},
 	)
 
 	// Always enable accounting, this gets us the same behaviour as the fs implementation,
 	// plus the kernel has some problems with joining the memory cgroup at a later time.
 	properties = append(properties,
-		systemd1.Property{"MemoryAccounting", dbus.MakeVariant(true)},
-		systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)},
-		systemd1.Property{"BlockIOAccounting", dbus.MakeVariant(true)})
+		systemd.Property{"MemoryAccounting", dbus.MakeVariant(true)},
+		systemd.Property{"CPUAccounting", dbus.MakeVariant(true)},
+		systemd.Property{"BlockIOAccounting", dbus.MakeVariant(true)})
 
 	if c.Memory != 0 {
 		properties = append(properties,
-			systemd1.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))})
+			systemd.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))})
 	}
 	// TODO: MemoryReservation and MemorySwap not available in systemd
 
 	if c.CpuShares != 0 {
 		properties = append(properties,
-			systemd1.Property{"CPUShares", dbus.MakeVariant(uint64(c.CpuShares))})
+			systemd.Property{"CPUShares", dbus.MakeVariant(uint64(c.CpuShares))})
 	}
 
 	if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil {
@@ -166,7 +166,7 @@ func (c *systemdCgroup) Paths() (map[string]string, error) {
 		subsystemPath, err := getSubsystemPath(c.cgroup, sysname)
 		if err != nil {
 			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
-			if err == cgroups.ErrNotFound {
+			if cgroups.IsNotFound(err) {
 				continue
 			}
 
@@ -274,7 +274,7 @@ func GetStats(c *cgroups.Cgroup) (*cgroups.Stats, error) {
 		subsystemPath, err := getSubsystemPath(c, sysname)
 		if err != nil {
 			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
-			if err == cgroups.ErrNotFound {
+			if cgroups.IsNotFound(err) {
 				continue
 			}
 
diff --git a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
index 6688ff71e4..5516c5a222 100644
--- a/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
+++ b/components/engine/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
@@ -29,7 +29,8 @@ func FindCgroupMountpoint(subsystem string) (string, error) {
 			}
 		}
 	}
-	return "", ErrNotFound
+
+	return "", NewNotFoundError(subsystem)
 }
 
 type Mount struct {
@@ -153,19 +154,23 @@ func ReadProcsFile(dir string) ([]int, error) {
 
 func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
 	s := bufio.NewScanner(r)
+
 	for s.Scan() {
 		if err := s.Err(); err != nil {
 			return "", err
 		}
+
 		text := s.Text()
 		parts := strings.Split(text, ":")
+
 		for _, subs := range strings.Split(parts[1], ",") {
 			if subs == subsystem {
 				return parts[2], nil
 			}
 		}
 	}
-	return "", ErrNotFound
+
+	return "", NewNotFoundError(subsystem)
 }
 
 func pathExists(path string) bool {