From 81e2b9b9e70c67c37e8330b999be90bb220a7020 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 13 Jul 2024 15:21:18 -0400
Subject: [PATCH 1/4] tests: fix update_valid_ee_certs Rust script syntax

The syntax for this unstable cargo feature changed out from under us,
producing syntax errors with recent nightly tooling. This commit updates
the syntax to match the documented[0] example script.

[0]: https://github.com/rust-lang/cargo/blob/master/src/doc/src/reference/unstable.md#script
---
 .../update_valid_ee_certs.rs                     | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs b/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
index 58914a5e..4867e5a1 100755
--- a/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
+++ b/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
@@ -1,11 +1,11 @@
-#!/usr/bin/env -S cargo +nightly -Z script
-```cargo
-package.edition = "2021"
-dependencies.anyhow = "1"
-dependencies.reqwest.version = "0.11"
-dependencies.reqwest.default-features = false
-dependencies.reqwest.features = ["blocking", "rustls-tls-webpki-roots"]
-```
+#!/usr/bin/env -S cargo -Z script
+---cargo
+[package]
+edition = "2021"
+[dependencies]
+anyhow = "1"
+reqwest = { version = "0.11", default-features = false, features = ["blocking", "rustls-tls-webpki-roots"] }
+---
 
 use std::{fs, path::Path};
 

From 589641c4cb330bfc449afb486ac5c7287c79e57a Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 13 Jul 2024 15:23:14 -0400
Subject: [PATCH 2/4] tests: use reqwest 0.12 for update_valid_ee_certs

This is an in-place update and avoids a separate older version of
Rustls.
---
 .../src/tests/verification_real_world/update_valid_ee_certs.rs  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs b/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
index 4867e5a1..97be36e0 100755
--- a/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
+++ b/rustls-platform-verifier/src/tests/verification_real_world/update_valid_ee_certs.rs
@@ -4,7 +4,7 @@
 edition = "2021"
 [dependencies]
 anyhow = "1"
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "rustls-tls-webpki-roots"] }
+reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls-webpki-roots"] }
 ---
 
 use std::{fs, path::Path};

From 03fb3a9cab2ce5b2c99ce9517b726d9bc857deae Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 13 Jul 2024 15:25:47 -0400
Subject: [PATCH 3/4] tests: update vendored end-entity cert test data

* Runs `update_valid_ee_certs.rs`, committing the two updated `.crt`
  files that result.
* Updates the `verification_time()` to the current time to avoid not
  before errors.
---
 rustls-platform-verifier/src/tests/mod.rs     |   4 ++--
 .../1password_com_valid_1.crt                 | Bin 1499 -> 1501 bytes
 .../letsencrypt_org_valid_1.crt               | Bin 1141 -> 979 bytes
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rustls-platform-verifier/src/tests/mod.rs b/rustls-platform-verifier/src/tests/mod.rs
index ededcf7e..7a4d6077 100644
--- a/rustls-platform-verifier/src/tests/mod.rs
+++ b/rustls-platform-verifier/src/tests/mod.rs
@@ -58,8 +58,8 @@ pub fn assert_cert_error_eq<E: StdError + PartialEq + 'static>(
 /// we know the test certificates are valid. This must be updated if the mock certificates
 /// are regenerated.
 pub(crate) fn verification_time() -> pki_types::UnixTime {
-    // Saturday, April 27, 2024 18:28:07 UTC
-    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_714_242_489))
+    // Saturday, July 13, 2024 19:24:40 UTC
+    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_720_898_680))
 }
 
 fn ensure_global_state() {
diff --git a/rustls-platform-verifier/src/tests/verification_real_world/1password_com_valid_1.crt b/rustls-platform-verifier/src/tests/verification_real_world/1password_com_valid_1.crt
index 1cb4614963f3f95343efd9437b722e9fa58d6fcf..48f37e49d15b84e70defaf01dc6386cff5fe4031 100644
GIT binary patch
delta 1056
zcmV+*1mFAH3*8GJFoFfyFoFcZpaTK{0s;^PVxV!a*a2*dbq8m}VCevnA5s!DFf}qX
zFfcGMFfdvd4Kg(_Hj#ryf7-adokAH{hT$Fd*?zIY`j?0(hzsN2ZgFb<dYzka4mX+S
zIB!G_FI6l5pD4GCm=W7O+Apdn<mCUSTKE;uW>{zDl)8~Y(bfBYTncO1Hr4}8xd+94
z!<0hURpo2RS(E8F&^l1<^luSoWhE@aeSH4sJ*9lUBjPV*{D{iIf5+vg`g=rp4@yZF
zP$8FHjryfHIs3Vd_!~KfRQ+JUwaYZ0;_v~ApF*Sm>Z7dzi)V-EJ5yCJ``UOzU`pRj
z?(L*FVZ_ao;mbsD)|bEkIuKSQ`AoM0NYEuayNkkh7v}jvI;k_GTT<1MCJD%@^w_TB
zEM@0$9XD|ZDo3~r4~wS)0|5X5qk;nWFoFW}lhy$&6kVgi(E(1S`g9q34gsjTfW`)y
zEt3`kEEE$4163U$1Pm|=FbD<)XMqd>0s)gj0&SDS0*8No1_~<%0R#coc>)9i1cCu>
z1cCu-0cZer08VwICtR8k!#G=P)Zaf+>mBgmjvI|>z_I#dv0|Dz-v9sskErEEUjP6E
z0{}-bMFJp2&`K73<B^QR%CGSdG^TuuC&aEbpW{vTds0l=dG<mAApnewJ}ZmBzx=bP
z<d4m(c(i}X#t{(k=d<4m!=m)i3N9`Hb^v`@9unbrDtjDZXMA4$_|S)36rfI(p1A`r
z*$#{@dAI-o0gtHVMWFxy1Oos^Fhv3&E7{_HezHV9F*v}UEIvyRAxipHoppa|Kk6(Y
z2pL(z0wDm8XyHwBDSqSRdfHG)IfRuGt5M0Aq&9zSNU`uFBI*Tz0CoW8(lKK|cZ|Uh
zK?c`xxz54TK=zh|hWomQG9CRMH;zyM00EDv<wei{00aX7M=(VKApq@f|4btN)d?Gv
z3Sy^UvQ8YdgB6epM9&{ajg~NRazz3lPlkNApqR1i@W|!55w5TsYhqVs)D7fs@hbpp
z&bWX2f-nsR2`Yw2hW8Bt0Sg5H1A+ko02k9n9ph0J?;s;0tuWhodH!eGI@-Wx-sjHa
zK;F6kqoz=<taDD^e=l&;Zzwo)EO)(lgLwb%pE*#|lmP%eH`DXKPVF;=RhRl7M@=Wy
z>t1c086WKtG2p_{v{GRPO(0DeveqYW)hB;mggJ3i220uYF|G9|vA?WtT%yzm`h_-r
z0EnA$;Py3OHMsZK!ELoKBb;11wYvy6sFx7nF3rTm%d2uzjBjzX)PH`qs4JJk=t4>i
zYg5Q$uMqC2$<Dc_Jl_#fcSg=g)++nIGaOgXq11&i2Cb5w>{uQ)%2j|g!0Z$QZeJK@
anw5m2xQVza(#bvop!dUK*EXza+l*9%ZrJAl

delta 1037
zcmV+o1oHdc3)>4HFoFfwFoFcXpaTK{0s;^PHWv5K-FQ<fM;Hr!_DLU+A5s!CFg7wY
zFfcGMFfdvd4Kg$^H<5!zf8ebh@qFSPN;;lU!8!=JL06p=y<><olTao|lJ9#y6$zYb
zZE8oXHa_X6bsq?2YubPYf##D3aZZ`L>XS8U5yUR?hVw1&xBz4(OCuF?yOTnX#tMY1
z<p*W<@-M$uNtETQkGFVV5@q?$B;NDkItnpHs;6E6{jm<{6+|-yf7UBi4@KOVpHP*r
zyf$Mv4xN#pSj-9<shZ0^Q117d*I5-(l2nzvhdHDfOLXP=S(x00SoVcbHSoJ{#m<mm
z|ItIdI%e#7&bh?XHsY+XCL?<ICmzck6=Lv(<1l_oZ;`Yb#jVC8_UYJEtXILg_9H5i
zlTw|m-$}FDV=qI>4`}%U0|5X5qk;nUFoFW{lhy$&6gYe1sm1;+j~fGJTG0lB$UQ-O
z<C7KwER$CPY?DF)6_djPhktwq3M&Qy1Oe800t5mCf&pv<f&pj&W&m{n?#<9-)!Q1*
z#ay?Yw9ONuGKWTdyzJh?QAk-vaUZpt0004q>pjCT000C707fuG0w5jpdjvOYyUfrS
z6B-w=7iz4$+A7h>WECNFVXy`MYq$a+Kd}v$N*(<;aTh9iywS#8Q-3^0gkPw!d?y_7
z__K%SJOFh7NU-B;+NMV|59MkC`kgTA98v+xR^2Rt*}K21IoO1A0004q>pjDY000C7
z07fuG0w4=8ewt9B7Vp#FhNY%aUM}*Jq`D=vGauT>T4y6=0&W5zK(j!V%~ZYLi$rk0
zCNTWYk?CiZSd^<h)qfe!si~>C)c|$?+P1%IKee_ZpPRzFTx;lXk#TIhQG|swy`()b
zNZ0$T0004q>pjCy000C707o!I0w8Tf4Hb!-%UPi7+PGM<EIauNhbm+OgIyuder%FY
z|7-#w0G8BTry5)IFZUk=%-giSI!6);fdSjUoueg?<56GDJAW_@1_>&LNQU<f0RamI
z00V*n0RSHrI6&aKztv;~LZSMR5BV^!!&kpQ!OC0kgf9iH3?$ZJQ(jk?X$`HICPc>p
zxE85w`WI8yFAg2N*dDFNI%L;mevImSeWob5MQhurDwzu+`|Z3bzjEtISB!AmzHd``
z-j!NEPcZq@r+=NSJ{me0m*!Lpo5R)e#`?G@CM+OM=|H{UctC=Sif|h~9f^0oNU*f&
z;_y`CNS8CXCa{Dk>)!|Wi){))X>L}Z2aP+l;;O5qY}QH$_zVT5(aK2{MJ`YyrdK_C
zXrr#l2FZ|VX92<x-36qmGFT?sDFtwT9yhUW#w&kTP8O>2v1MPU!Rx*qw`J%SgYLa>
HX}J&J0d~r;

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_1.crt
index 5f295f1cdd443978d78ca130c00c107737c13c66..9a6fb0d064a50b4b24b0e80034b34e70d15d7646 100644
GIT binary patch
delta 588
zcmey$ahYA$po#fB5Qi>cW@2Pw5@PmH<ZD^~#47mC_ws3Llyd_P8*s64XtjBqvt?ms
zo@ijC=xSylC(dhRVqj)yU}$b=WMmcv=2{w9fVrj<n~gjiPu{UO`)-=(z4W*8X8qw`
zJ1$E2sg-m*VPX~d=+37vvY5HURIsBi-&H1wdDXTbZaM4MU&>y$AXX&d-uwe$FCH##
zVoEn?VoIL)*Tb~k$*(4B*5no)o6WWhc{V;Me-+ASAkW4eDyz&QVIbBZGFjbi2J_0m
zjJ_GyjyQSTR^A^m<<jITMpdR%v&jn?6+zSy#%cAeY+TxGj4X`TDw$ZASQ@{vG=66I
z$WX>$FYfJsUCBLSifpP(%RXMAw-e0k<y*5}AKb6e`sPPU9s>j81m?(}_ZS#hm>Jv+
zT$vOyGk;#ba!cs)t<#eYJ0*;w>yPfaG-uIG9{vxB+WZX4znK&nj&3kMzH-UATA9rr
ziQDwn=>FB@E8N-KE_ip!l;mA~lN={be!-+x4>b4JYOuK;25vxItC<q6tPB0VAS1gw
zs!4I*POj&F+7l=0=!Vu7#Lca{%K=of^+TS(glnI-M(qB<wPsPv!E*<~Iyk#}|J>U&
zbwO$fvjuW=F=sFsq%s+VC-gi$HvNUm4F=~8?CZ?d8+6wh`5a}R?Bvzs^Wq}opS^1y
zv^lLle<^20Qq1O<hkti688RGCkq!%EowBv0Y<<r6ugag5ljdB1#j~Y1@I-9&&dk<L
VQzZ5W{+(!N%N-Gx_~~-gRRE8H?TY{a

delta 751
zcmcc2{*}YPpoyi>pouwh0W%XL6O#~&lR&Z;^K0`LpSIg~Z{D=@a)|*i8>d#AN85K^
zMn-N{hKagHib2K(a^k#3CI%*khK3dfMkXdvV6M5L0hnt%vBAhAoqhd`?H$s`_W1sv
zCz)~l|H3cKY-^N^rKF=4vF{1)>Y1&!Z}zLzlT+iu9<kM((TL(s|KoD(m~{XP2hTay
z|G9dLo0u{TnwU~1{_-$o_#Bb6=fm^z@A@Afo28tPZLE1Y$v~csIaF4eMZ!R=K}1Av
zv-tLiu+!@TI31qJub<m3a_HFPaz<6ABIC*P7!^U(LB?tIY;0WGY>X_7*D9G<m{=OW
zvowBT_{31o;IZLx_N`^^Cj3vcn10PQcr6pecslH^PUFqp`&V1uXenl3VC*~BRi4Yh
zz{1SnVc^E3$S^suDA?*dkCMpyy-Vsois)VN|De79!Is7rS)1)=FVA8JD%r~8_h9Kc
z-u5kDlQspdEw+>6k1VZc=`VaDD|5eBZqBdL$xoQn>VXDVs3IBskz<XFYK8I7+R`tK
zGaUa$oJc>?^NVSRiLXnhRzl)}BA~%v{7oHQrtW;R?%TFDC6R;5yPIsX-6kjRel}O0
zCxY|j1GFe(ZenC)keR(#C1-wIiQj`-A)oiZgGDUQU3ImqnouuvzVvEqkoQX`Cx>T$
zc5L-OAOD=S^P>}cvEiOa@{b~9JHllrEZ-M-^3aPA!Efpj+a5mLuuoF@sr;=M(Oo>;
z>Qk33P)@q#d_LCQWlqr5x5r<u(*MsNJnLchGLhLK`_+H_zx*S2^KrEe7xXL@U02Mp
zp4EESyKhr-T-vMI`zEVCHP1A0%$*$^oAj%<F#Yp`C8|mO>ltSmRd3oU-stV<wqv%B
zR(aa1`<})Jwok3RVDY)q<G4h*w8vH6rx&Em9CuBKx^Ld@*8Y1=Yz|lRzN7c0)C1+$
d_-3xKc%!J=A6YTgbw}S-_j9hVr)cea2>{E5I|={*


From de18accb280a962ef19c39bda2e4c5c6db385068 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 13 Jul 2024 15:33:09 -0400
Subject: [PATCH 4/4] tests: manually update LE intermediate & root

See https://letsencrypt.org/2024/04/12/changes-to-issuance-chains
---
 .../letsencrypt_org_valid_2.crt               | Bin 1306 -> 698 bytes
 .../letsencrypt_org_valid_3.crt               | Bin 1380 -> 1124 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_2.crt
index 2d66ea723ea4f983874b3ffacdf612bd90e150d7..b241308648adaacc531c6a32d1a7e8fcde92871f 100644
GIT binary patch
delta 454
zcmbQmwTo59powW45Zf$ZW@2Pw5@cvtS?uv%J!9qLZ@Zlj{5+;<z{SR))#h=|mW7#l
zqJDsak%62zuaSv?v7xa67(@ZN=0L8Ik+G?zspZ7^#`Ugd24w~UZ0ultOpI)-+Kns>
zO3X<NEH^*Sb8G*hSeURv?e*ecJ73+B-6^#EirURUk&THprPKB+aa+n?-FK18ZI!N#
z7iWv!K8LBHFC`t!(@NhO`IWPH{wSzEEb;u@_d<bxYf5e~TzQ)-Q!HjIFvn`stDK}S
zdv`2u{9(|@_;oT9lb`8ib+;MJD+4q7W?Vbs<Z)Yhf5ena2J&pop|Z*>5(Z)oA~jCa
z*4^{=u>Lja$Go2Nx!o&^%%@InWl~c%(#zD#NzF?x(#tPO*EbLb=}}<eG2k-bU}H;f
z<Y8oDoV=4sy52}H8Ce}tNHJ$H7^E^8BuJb-u-U??JRryIv4Lbm(?y2O_0#MB9N5XI
z)p6>K@;$*h3#YhPEI3v6$zM)FHf=wXA;YxQO^c_0N!t-;t0T3y;@=C&1exb^ETs3g
eE?8rkeRb189maD_dGoey@{w0(<<&US_8tJ?d#ZT=

delta 1066
zcmV+_1l9Yx1)2&kFoFdZFoFX9paTK{0s;{Lkt+yF&kPu+Q})&_C8u9nFbxI?Duzgg
z_YDC73k3j?EKndZFdi2TGB7YXFf=eQFfcGMS{Ds6H843bH8D0YFfcHYoHKt?GcbYy
zA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RX!K6)4R1pp?@O66}ptlEe6d@tLN2
zLWrkbCaSe7xy4Meua0Z^b;zUF4@Z;~RW(<Po~WWZ8TEoZLa9z}^*h5Z+l|1mT=Q8t
z=k3pF@LCHSzQB|uC5QSqakGCD=NzozoA2A?J4I4OmZ`y0&NRqU?zOJ%kKSN#;-yrp
zwrviVr9d=mE7QDY>t-~3`fH1iS1FnJFc)3Aa&P;A#jVnYSUnfV=Lx&<EBA)n!P;?M
z)JEgXttG*TykKW_X0!1a_o7_pQ~x@MwnwG^6Bz2433or8Q~A#U<@GYAa2FJ>W2FC?
zvy+|NQ>O<0NQE7tX|5%8yA#Y(1NH4up^MuU0s{d60i%Ke2rz;H1d~qzPBj!Rvlq8m
zR?DtX2|(r_ubqn&!p1Nk1_M<cBLo;Q7Jw9av{~kRw&mmjbASkl$QoGo>6>no(g7w8
zF)nE?Y-Mg^axQOjXD^c*0vmrZE@LiiWo~0~E^l&YFEAno163U$1RF3JFbD<)XMqd>
z0s$}$1`8_&0R#bp-xC1=0Wb{)2`Yw2hW8Bt0Sg5H1A+np0ENm<M?RzXg+ztC)n|CJ
zm}9MVO&*p#Gi7pAErFow!|nJWzhBI^Z~(V%JN90b-sB*krtgcg1LuFDwH7>)&a~}0
z0_S`sibv*UZa+r!+3?PkEACXz61<EjOSr+9FQTu_agj<0x5&67dju^A`3P4&gV_W#
z3P&M$34$lXD#)9;&Rp_j$iTjNz)y~CL=0Y%yDs;O5aH+@L@C=@AnjwhA@~v|l#^GW
z9c2W;3L>r$4MUfq7$1Lr;NXTgwOX;gFu#XxD=PmXP8$Wo^%$4%UaZ5VxN7h&ygM_w
z?n~ax{N%5M3x+?yRYNxRXyG;&YL1!F|D`~uG`GOeV>vZBb#C&ycF2<g>8VR>7tRa<
z*}Z}LpSNh#24%B?J$F<1j(G#E3NZ(DDnr;+mvY1@4)?@ePRM_*Muafe@`Ya*p?SOK
zUT}*C;f9mLxsTjoaV09R-|Zz(QfP~k+~wA_<Jx`Dhirr)F|LC3`?;&gi5ETLOyxKZ
z_Pr~;mVp%O)!RKFr+!(};`mtkTewKg{#;KMDgGW+Bd^F2u#M_`laLoL{j8!1M@B#J
z>9Du|C{1WG)@Mpy9%-YKxb>ZjFALIAL#A&sS7l8yf!{b&g<XDKW-02p-Q<<E&9zn%
kLe0cZ#w9pJP;Kna096?N=}BbNPRf^@v|GS)sH?a~!b6PO0RR91

diff --git a/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_3.crt b/rustls-platform-verifier/src/tests/verification_real_world/letsencrypt_org_valid_3.crt
index 79a33ba5908c84a1d790715853f435daee569995..df5aa6b74db524116d16bd6bf6b014a893da60f0 100644
GIT binary patch
delta 980
zcmaFD^@Kyupot~Hpoz(20W%XL6O#b@JWq`_^ZY9u9*69Y89qri;AP{~YV&CO&dbQi
z&B`#bKS)kaoY%;}z|z3P01TplTvG!}LsLUD5PxD{V7-w+nSlTsJ5b*_TP8*}R_#U>
z1|{Ys29~q4ug-61=6b{F^;yizF6MmsntSQ2yt3@u?uh-4>K3{Es4(HkF4w7ooqey^
z?tj-3lUcI!=ux8w%n#(6BrLkGyWZf+%6rC8{+lVVR_O*;-mK{I`yYNezOlShdMbmR
zNB-5~#-|32kLnHh*qB3Q`577iv#<cY#b&?{;tPZLtOm?L%0Lz*z{euSB2wctZQVU@
z59?o(e$4ARpWD5%$b71SJV;uZMZ!R=L8Nj^<g@B+PoFRrH*j>Ekc#;Ba(1495gUg#
z8zU<#J0l~Dnt_Ue5{z%a)FxJ+QBqQ1rLSLMsF$gilbV-Yq?ccmu5X|YGF6^M!9dPH
zW`WcKi8e8W!enHHN+5*_EYb#&1{`c`>5V*$OpL&Y;09XB!q{{l=n)VXIbN8Xm>3zP
z>s7TURB@EmGn7j_JgnDc=HpnmU)=k#!S!gKx;fKk<X3OVIH2Nk=Fz7=7hm1JG@tRO
zxG&G#(7#L9=3dgb_bxi1x32iOs#y3TJJGcd3@>uEwB#gJI2kIrNxiLd*gsvY(WU%U
zPIate4Era+iHiFl>K}Ta_m@@S$(HYxpLKVeYkfGjam|{*uk!VqqvX=gMX*a))EBO_
zY2I~xPt&|vW&HCtX#PF@xs%;P`rqowdLoLv@$37xhpdj}yAthFcwy2j+r?(HYvdnT
zhwi))9DJrZZMWB*Mm7eC?k}6Kdu$YT+<9c%yz@HceNGD84R!O6uJ*XSC!eJ^$4!%o
zx1dY*qfqfSHx;LOTH+Fq>(?Bgaj57_u5MZGT^((;X-m&5a!5bDrGNVU{Nl;$ewf9(
z_fOY2xBAfxwHe)i-)R^rX}<ND%6UZL7yH9D9hYy7?gySE8NHRgVdK#;?Qq=0ZR@Ke
zm%Mx2Hs^Rp#3>D}w9whD4LfCTIB1`g5w=<R`rgb#Vh-QFE?K9gniI6^IE&AgYNOqM
zEMgY$BvyyNDfbIFzn*Oozj@C?zDt+&rS{G#v^(?g$Hf(k_p*GGJn*w^{Z~GzRa3Ly
zpK>qsPL}bVb~{v=Yc79d>4IktUsK$e^UnRss%3k##DuNnR`89TJB}&WuKb~;yQFEE
bp041jXJ-u~DqEiw$t<6L+2=yqh2^^e_o9YP

delta 1318
zcmaFD@r0}1poulXpozs}0W%XL6O(`gW4WUFm6uLC-j%JgN#WXVz{|#|)#lOmotKf3
zo0Y-9-cZFriH$jwg-cl4B{My<Br!)JI5Ryjv81#pRUxFPw75jUIbY9E+&~nhidmS?
zB{)POC_f)4?5Gf7Y#=AjYh-9(Xk=h$X=q|#%pV2hn;2Lc8yH%E_!H*^)*Bi$F)1Ni
z%*e{X+{DDs02Jq9YGPt!So=by_=|}7=h^eL!!=~u_ubik-(o^fp3SrH1r^^*4=wul
zH7oBMgTKb@dl_vxE|a%yO#Uk(l)Yd6(ksK+igg!_ZFYHly<2&I^N#;Q9~EbLAM9!?
z%=Ai2%jvJPDcE1XR#S=X^OFP58rD7X?%zJMZVL1K%kI-_W_l<Gzpz;6&z0Y-chNJv
zr=euqE&U4?z17SGiqfT@3~YY&ue*CIdG%{C|3iI(-gW1>U;N)%uJ>hAwbuh5AyuA&
zUS`b&4}(?S2;Y1sxnE$jSC4(?;>5svYueeTd`T{RqxUF3dPd{J&iWXW%AB(I))SH{
zpWR+EOJD8i1%Zcr_ihUGiT&RGeZ}|VPnp<f^qX-^eg4RN8n0RDyx)998)awjVgBjK
zdZY0!>lUqRjxX0RmQCg2zj6QSULko?eGT!POEV6x;7lpcb2s00ZcSud#@za%Yn?~g
z95wAC?e405RXHiRJZiCzgS^|q`k7moTLtE|S<kC2S}w#|5&70GutJoZxxe><KI<mC
zYA+e@VpgF)$6h@M5Uz2aT(bF8$@4yWMve;xSE38ewy^IyXkZZIvAxN9#<JRku0@MA
zo6hXo+sq=psF~Su;WgHe(ucNvSW(kv?Y6>0tK&}Dtg`*`Sxapt`(ImpPPunNo41}z
z<Nx>Dk3^lWC|yvGeOUQV;(0;GTEAyEyRDAhRS(SjzbECZv9muDGb01z;wDBngC<5N
z1Abs?lNDxU{LjK_zzn1e_&@^uAORL&%4Re0X5-LiV`ODzXJlltH?TFZhVc!U+VnF@
zN(!v>^%DyUiuE$<Q&RIvKnYndIX_pw2$*z>^;3#VK#b(X3S+$j^JD{gkm<@S5(Z)o
zB1e{QTvDx5`0MsV?+K;<kBBC;b_y7TfD|aO_!@W{aImqZH}WttF&fyjaRc4J!q{{l
z=u$=l0|PynBbXS)l%S4Ct_L~-WSMS-p<YgENpWgka#3YLiC%tDx`7SISa}vx17Lnx
zpua%3O&g}GC`T_7#o@qw7v%3B;_Mh<>>T8ymt2%%APdsX$0EieQn@AaS@pK3PZ*0E
zI66*9MSOcXI}euQ>Y;g^xrvdHfvcDyXIkEWzMu>1?)E&7Vq2@f;&K1}lU&TA0f(OE
zIPK1#{bh^)A(sx0(lf8wXNx4|Ror`{zRNP^>!O8uVN(hOf;aAdvi`!N!`h5jrhPf8
zU~2sHMxxn+!rm=AwytV&oqFKYN@b1b*A|{m=eV`NS!b2>Wcicz_r9*qj1~SG-4>yA
z$~W{$L3-|?@S|>)j_11~nj>;&{tJI$#`l3wdDY*J=@%Zy@J;dDx>eltlHPv5*7p(*
zS|`0`v(C{}=1jQb%H$&?Vg2$q-@Q97KO$zVd$rfqbzw(r+Npm6FY}vD2s-ipe);Bc
m8^gW10*@_zEvemj<ArBa3me~T?HAepj64?QdOz<zw*&wgY7Peg