diff --git a/docs/_functions/domain/IGNORE_NAME.md b/docs/_functions/domain/IGNORE_NAME.md index 57c3e67b4..c64aa2475 100644 --- a/docs/_functions/domain/IGNORE_NAME.md +++ b/docs/_functions/domain/IGNORE_NAME.md @@ -1,36 +1,38 @@ --- -name: IGNORE_NAME +name: `IGNORE_NAME` parameters: - pattern --- WARNING: The `IGNORE_*` family of functions is risky to use. The code is brittle and has subtle bugs. Use at your own risk. Do not use these -commands with `D_EXTEND()` or use it at the domain apex. +commands with `D_EXTEND()`. -IGNORE_NAME can be used to ignore some records present in zone. +`IGNORE_NAME` can be used to ignore some records present in zone. All records (independently of their type) of that name will be completely ignored. -IGNORE_NAME is like NO_PURGE except it acts only on some specific records instead of the whole zone. +`IGNORE_NAME` is like `NO_PURGE` except it acts only on some specific records instead of the whole zone. -IGNORE_NAME is generally used in very specific situations: +Technically `IGNORE_NAME` is a promise that DNSControl will not add, change, or delete records at a given label. This permits another entity to "own" that label. + +`IGNORE_NAME` is generally used in very specific situations: * Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS record that is managed by Kubernetes External DNS, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record. -* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. IGNORE_NAME will leave those records alone. +* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. `IGNORE_NAME` will leave those records alone. In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged the "foo.example.com" and "bar.example.com" ones. {% include startExample.html %} {% highlight js %} D("example.com", - IGNORE_NAME("foo"), - IGNORE_NAME("bar"), + `IGNORE_NAME`("foo"), + `IGNORE_NAME`("bar"), A("baz", "1.2.3.4") ); {%endhighlight%} {% include endExample.html %} -IGNORE_NAME also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of +`IGNORE_NAME` also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of the following patterns will work: * `IGNORE_NAME("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double @@ -43,4 +45,37 @@ not match `.` * `IGNORE_NAME("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`. * `IGNORE_NAME("\\*.foo")` will ignore the literal record `*.foo`. +# Caveats + It is considered as an error to try to manage an ignored record. +Ignoring a label is a promise that DNSControl won't meddle with +anything at a particular label, therefore DNSControl prevents you from +adding records at a label that is `IGNORE_NAME`'ed. + +Use `IGNORE_NAME("@")` to ignore at the domain's apex. Most providers +insert magic or unchangable records at the domain's apex; usually `NS` +and `SOA` records. DNSControl treats them specially. + +# Errors + +* `trying to update/add IGNORE_NAME'd record: foo CNAME` + +This means you have both ignored `foo` and included a record (in this +case, a CNAME) to update it. This is an error because `IGNORE_NAME` +is a promise not to modify records at a certain label so that others +may have free reign there. Therefore, DNSControl prevents you from +modifying that label. + +The `foo CNAME` at the end of the message indicates the label name +(`foo`) and the type of record (`CNAME`) that your dnsconfig.js file +is trying to insert. + +You can override this error by adding the +`IGNORE_NAME_DISABLE_SAFETY_CHECK` flag to the record. + + TXT('vpn', "this thing", IGNORE_NAME_DISABLE_SAFETY_CHECK) + +Disabling this safety check creates two risks: + +1. Two owners (DNSControl and some other entity) toggling a record between two settings. +2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run. diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go index 895a960f0..bb7217926 100644 --- a/integrationTest/integration_test.go +++ b/integrationTest/integration_test.go @@ -708,21 +708,65 @@ func makeTests(t *testing.T) []*TestGroup { ), testgroup("IGNORE_NAME function", - tc("Create some records", txt("foo", "simple"), a("foo", "1.2.3.4")), - tc("Add a new record - ignoring foo", a("bar", "1.2.3.4"), ignoreName("foo")), + tc("Create some records", + txt("foo", "simple"), + a("foo", "1.2.3.4"), + ), + tc("Add a new record - ignoring foo", + a("bar", "1.2.3.4"), + ignoreName("foo"), + ), clear(), - tc("Create some records", txt("bar.foo", "simple"), a("bar.foo", "1.2.3.4")), - tc("Add a new record - ignoring *.foo", a("bar", "1.2.3.4"), ignoreName("*.foo")), + tc("Create some records", + txt("bar.foo", "simple"), + a("bar.foo", "1.2.3.4"), + ), + tc("Add a new record - ignoring *.foo", + a("bar", "1.2.3.4"), + ignoreName("*.foo"), + ), + ), + + testgroup("IGNORE_NAME apex", + tc("Create some records", + txt("@", "simple"), + a("@", "1.2.3.4"), + txt("bar", "stringbar"), + a("bar", "2.4.6.8"), + ), + tc("Add a new record - ignoring apex", + txt("bar", "stringbar"), + a("bar", "2.4.6.8"), + a("added", "4.6.8.9"), + ignoreName("@"), + ), ), testgroup("IGNORE_TARGET function", - tc("Create some records", cname("foo", "test.foo.com."), cname("bar", "test.bar.com.")), - tc("Add a new record - ignoring test.foo.com.", cname("bar", "bar.foo.com."), ignoreTarget("test.foo.com.", "CNAME")), + tc("Create some records", + cname("foo", "test.foo.com."), + cname("bar", "test.bar.com."), + ), + tc("Add a new record - ignoring test.foo.com.", + cname("bar", "bar.foo.com."), + ignoreTarget("test.foo.com.", "CNAME"), + ), clear(), - tc("Create some records", cname("bar.foo", "a.b.foo.com."), a("test.foo", "1.2.3.4")), - tc("Add a new record - ignoring **.foo.com. targets", a("bar", "1.2.3.4"), ignoreTarget("**.foo.com.", "CNAME")), + tc("Create some records", + cname("bar.foo", "a.b.foo.com."), + a("test.foo", "1.2.3.4"), + ), + tc("Add a new record - ignoring **.foo.com. targets", + a("bar", "1.2.3.4"), + ignoreTarget("**.foo.com.", "CNAME"), + ), ), + // NB(tlim): We don't have a test for IGNORE_TARGET at the apex + // because IGNORE_TARGET only works on CNAMEs and you can't have a + // CNAME at the apex. If we extend IGNORE_TARGET to support other + // types of records, we should add a test at the apex. + testgroup("simple TXT", tc("Create a TXT", txt("foo", "simple")), tc("Change a TXT", txt("foo", "changed")), diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go index 48f2cf311..f9b4fc8dd 100644 --- a/pkg/diff/diff.go +++ b/pkg/diff/diff.go @@ -87,6 +87,23 @@ func (d *differ) content(r *models.RecordConfig) string { return content } +func apexException(rec *models.RecordConfig) bool { + // Providers often add NS and SOA records at the apex. These + // should not be included in certain checks. + return (rec.Type == "NS" || rec.Type == "SOA") && rec.GetLabel() == "@" +} + +func ignoreNameException(rec *models.RecordConfig) bool { + // People wanted it to be possible to disable this safety check. + // Ok, here it is. You now have two risks: + // 1. Two owners (DNSControl and some other entity) toggling a record between two settings. + // 2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run. + //fmt.Printf("********** DEBUG IGNORE %v %v %q\n", rec.GetLabel(), rec.Type, rec.Metadata["ignore_name_disable_safety_check"]) + // See https://github.com/StackExchange/dnscontrol/issues/1106 + _, ok := rec.Metadata["ignore_name_disable_safety_check"] + return ok +} + func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, create, toDelete, modify Changeset, err error) { unchanged = Changeset{} create = Changeset{} @@ -94,23 +111,41 @@ func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, cr modify = Changeset{} desired := d.dc.Records + //fmt.Printf("********** DEBUG: STARTING IncrementalDiff\n") + // sort existing and desired by name existingByNameAndType := map[models.RecordKey][]*models.RecordConfig{} desiredByNameAndType := map[models.RecordKey][]*models.RecordConfig{} + + //fmt.Printf("********** DEBUG: existing list %+v\n", existing) + + // Gather the existing records. Skip over any that should be ignored. for _, e := range existing { + //fmt.Printf("********** DEBUG: existing %v %v %v\n", e.GetLabel(), e.Type, e.GetTargetCombined()) if d.matchIgnoredName(e.GetLabel()) { + //fmt.Printf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type) printer.Debugf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type) } else if d.matchIgnoredTarget(e.GetTargetField(), e.Type) { + //fmt.Printf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type) printer.Debugf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type) } else { k := e.Key() existingByNameAndType[k] = append(existingByNameAndType[k], e) } } + + // Review the desired records. If we're modifying one that should be ignored, that's an error. + //fmt.Printf("********** DEBUG: desired list %+v\n", desired) for _, dr := range desired { + //fmt.Printf("********** DEBUG: desired %v %v %v -- %v %v\n", dr.GetLabel(), dr.Type, dr.GetTargetCombined(), apexException(dr), d.matchIgnoredName(dr.GetLabel())) if d.matchIgnoredName(dr.GetLabel()) { - return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type) + //if !apexException(dr) || !ignoreNameException(dr) { + if (!ignoreNameException(dr)) && (!apexException(dr)) { + return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type) + } else { + //fmt.Printf("********** DEBUG: desired EXCEPTION\n") + } } else if d.matchIgnoredTarget(dr.GetTargetField(), dr.Type) { return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_TARGETd record: %s %s", dr.GetLabel(), dr.Type) } else { @@ -379,6 +414,7 @@ func compileIgnoredTargets(ignoredTargets []*models.IgnoreTarget) []glob.Glob { func (d *differ) matchIgnoredName(name string) bool { for _, tst := range d.compiledIgnoredNames { + //fmt.Printf("********** DEBUG: matchIgnoredName %q %q %v\n", name, tst, tst.Match(name)) if tst.Match(name) { return true } diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js index 6d8eb26b2..789e0cca6 100644 --- a/pkg/js/helpers.js +++ b/pkg/js/helpers.js @@ -516,6 +516,15 @@ function IGNORE_NAME(name) { }; } +var IGNORE_NAME_DISABLE_SAFETY_CHECK = { + ignore_name_disable_safety_check: "true" + // This disables a safety check intended to prevent: + // 1. Two owners toggling a record between two settings. + // 2. The other owner wiping all records at this label, which won't + // be noticed until the next time dnscontrol is run. + // See https://github.com/StackExchange/dnscontrol/issues/1106 +}; + // IGNORE_TARGET(target) function IGNORE_TARGET(target, rType) { return function(d) { diff --git a/pkg/js/parse_tests/005-ignored-records.js b/pkg/js/parse_tests/005-ignored-records.js index ad2a0acbe..b35c2f810 100644 --- a/pkg/js/parse_tests/005-ignored-records.js +++ b/pkg/js/parse_tests/005-ignored-records.js @@ -2,4 +2,6 @@ D("foo.com", "none" , IGNORE_NAME("testignore") , IGNORE_TARGET("testtarget", "CNAME") , IGNORE("legacyignore") + , IGNORE_NAME("@") + , IGNORE_TARGET("@", "CNAME") ); diff --git a/pkg/js/parse_tests/005-ignored-records.json b/pkg/js/parse_tests/005-ignored-records.json index 6c96211c4..528724b21 100644 --- a/pkg/js/parse_tests/005-ignored-records.json +++ b/pkg/js/parse_tests/005-ignored-records.json @@ -1,19 +1,27 @@ { - "registrars": [], "dns_providers": [], "domains": [ { - "name": "foo.com", - "registrar": "none", "dnsProviders": {}, - "records": [], "ignored_names": [ "testignore", - "legacyignore" + "legacyignore", + "@" ], "ignored_targets": [ - {"pattern":"testtarget","type":"CNAME"} - ] + { + "pattern": "testtarget", + "type": "CNAME" + }, + { + "pattern": "@", + "type": "CNAME" + } + ], + "name": "foo.com", + "records": [], + "registrar": "none" } - ] + ], + "registrars": [] } diff --git a/pkg/js/static.go b/pkg/js/static.go index 230ae6152..6fa59154a 100644 --- a/pkg/js/static.go +++ b/pkg/js/static.go @@ -212,145 +212,148 @@ var _escData = map[string]*_escFile{ "/helpers.js": { name: "helpers.js", local: "pkg/js/helpers.js", - size: 32062, + size: 32454, modtime: 0, compressed: ` -H4sIAAAAAAAC/+x9/XPbOLLg7/4rOq57QylRZDvZzL6SV+9W649Z1/qrJGU2+3w+LSyCEhKK5AKgZc3E -87df4ZMACcqOb2em6uryw4wJNBqNRqPR3WhAUckwME7JnEeHOzt7e3CWwCYvAceEA18SBglJcU+WrUrG -gZYZ/HORwwJnmCKO/wk8B7y6w7EEFyhECyAZ8CUGlpd0jmGex7jv4kcUwxKje5JuIMZ35WJBsoXqUMD2 -ZOPdtzG+34UkRQtYkzQV7SlGcUUYxITiOU83QDLGRVWeQMkULgx5yYuSQ56Ilh7VffhHXkZpCoyTNIUM -C/rzwOjucJJTLNoLsuf5aiUZg2G+RNkCs/7Ozj2iMM+zBIbw8w4AAMULwjhFlA3g5rYny+KMzQqa35MY -e8X5CpGsUTDL0Arr0sdD1UWME1SmfEQXDIZwc3u4s5OU2ZyTPAOSEU5QSn7Cna4mwqOojaotlAWpezxU -RDZIeZSTO8a8pBkDlAGiFG3EbGgcsF6S+RLWmGJNCaY4BpZDIsZWUjFntMw4WUluX60zsMNLcsHhVYE4 -uSMp4RshBizPGOQUSAIsX2GI0QZYgecEpVDQfI6ZlIN1XqYx3Ile/1USiuN+xbYF5kd5lpBFSXF8rAi1 -DKRyMJKPfXdW5GAtiku8HhvGdkR9D/imwD1YYY4MKpJAR5R2nekQ3zAcQnQxuvw4Oo8UZx/lf8V0U7wQ -0wcC5wAqzAMH/0D+18yKpLSa5X5RsmWH4kX30B2PwNQYwnHGrrUIPDmIPFG9DgXx+d1nPOcRfPcdRKSY -zfPsHlNG8oxFQgW47cU/8d334WAopneF+IzzTqC+W2dMzIqXMMYTc8WbmBVP8SbDayUXmi2WvTUpqYbo -kGXLWHmnJGgAUdRrrshB9WfP49UAfn504ec5jZvL97pavS64XqXT6fkA9nsegQzT+8ZqJ4sspzh2dU+9 -iiO6wNxXCC679Lo7RnTBOqueXvyGV2JvyClgNF/CKo9JQjDtCbkiHAgD1O/3LZzGOIA5SlMBsCZ8qfEZ -IKljBqZTwZ6SMnKP042BUOIppIEusOwm47nkbIw4smI96xN2qnvsrLqexHb0GLQYAk4Zto1GgoJaCzHE -jhDUz3IFuFXin8+im8+3lkuHFu4x1NeVHEuts1kfP3CcxZrKvhhaD1Y+tY7SWdJ8DdHfR+PLs8sfBrpn -OxlKKZUZK4sipxzHA4jgjUe+0QC14giOjYDXajRhammpwanN4lgtqWpFDeCIYsQxIDi+nGiEffjIsNxw -C0TRCnNMGSBm1gKgLBbkM0erH7etVak91IiHW1a2ItNOI4Eh7B8CgT+5+14/xdmCLw+BvHnjTog3vQ78 -DalP9GOzm3eqG0QX5QpnvLUTAb+CYQV4Q24PwySsgr0KmWpsbH2SxfjhKpEM6cKr4RDeHnQb0iNq4Q1E -YsnGeJ4isY+vcipmCWWQZ3PsbWZOP0bvugQ1yZAwkgZjVxzPTj5NTy7VxHYH8LGI63ICKBWm4QZQHONY -aYvjTrcnLASrfoUcUZwnjqx4mENyMltgrrrQC1BTZthoAIeQlWm6hV1rxCDLecWzDeZSfCVRwsqEOcoE -xB2GUo4wVtJ/3OlqO7TvcVYvrfzuc78a4lD2KAoYp539nvpUgvTWaeEUw1s4CEn9wa8ojoKGbpuY3GgY -Et/C0GlwKHR6innEIL/HdE0JV7pB6fm+FpfwlA1gKtwGsipSLKmULY0GRHy+JNlCNEfpIqeEL1dQMhzD -3aaSkm4fjlAWEyl+sg1m0pdBGeAHNOeqUGDJEwd/xLShouxVKRNixxPMKbAroaqZQOC17MN0iSHNhcuh -OxEIlPXh2bThwQc1YJmmh7Xic5xJddeqAr3VvEUehIt2KYY59GeW3N7sCop2HQlR3g0TxvmkTBLyAEPY -7e/CG4vFh03yMqsgXXF/66HR9Dkbq3JApftIWG3SxNxIl1Uh1rNrbBKz3OXUCdPXDvDrV5+g4dAfTN0A -cGiw84jU1FJdohRpSWFeUoozoRHMrLv0WKtck2KW839Vk1nvvFIbaqZrTQ9bgKXBTeIBkJ5Ya4P6nBpL -2zdgHFPGtZVVM6vbT05HH8+nE9DGuWAGw1y6jmr7rPSKcNFRUaQb+UeaQlLykppFxvoC34mwLqXRyPMK -+Vp4+fMUIwoo20BB8T3JSwb3KC0xEx26BoRuZV3Bpr/btjye1JWuCSE3Oldpdn0LaTo979x3BzDBKuQw -nZ7LTtW+pywgh2wF7nhrwmqccOFZd+49q/EehjLqky2m+XFJkbR77z11rOfKIO9Qtz3tc57CEO4PQ05A -ALOjfozWHMJ9X/7d2fvfnf8Vv+l2bthqGa+zze3/7P6PPWeHtS3atth7Y46IzROJOSUxxLp3TY63cZYZ -4TCEiEWNXm7e3bodaMiq0vNGYSisUobPMm7bH5hZFIMt5cJhAzjowWoA3+/3YDmA99/v75sVU95EcSR2 -ubK/hNfw7g+2eK2LY3gNf7SlmVP6ft8Wb9zi7z9oCuD1EMobMYZbz8+9t4vPuoieoJmFZwSu2sjcVeK2 -/ZWkLvaWTr/yaFuFb4W+4KPR6DRFi45c3DVHvRJouXw8qVYLao6QjDh+HSrt4HaztwdHo9HsaHw2PTsa -nQuPhXAyR6koloFKGapzYaT0VDQdwJ/+BH/sqmCrG3bZNcEJoY53e7DfFRAZO8rLTGrDfVhhlDGI8yzi -wjQRG5YJpUmt5nj2fbexWBYGu0YimqM0daezEQLSzQPxH4NYhoDKLMYJyXAcucy0IPD24Ftm2Ilm3Agy -hFhrXLWJGCkySdHTM3ehvVixZ3flPIxgqOv+UpJUjCwaRZr3o9HoORhGoxCS0ajCc342mihEKjqyBZkA -DWATxRbdf38cn8wcpDqq9STuql2gh6oy6ml+C3N8ADeW9zeR6C7qQbV+nQDQTSTIiHpKuSKORz+VFI9S -gth0U2AfUpIawqT/xynKWJLT1aC+HHuSrJ4NSASWpzLAJJwTVHAAVPcGRH0dejacE03RbZAYzQyJ4XTr -JlMTRDPj1vaxKRwyGkGXMBK5M6i4pUXimlHacOrtPHbdSH+Y/76qE2N85aphWenzUq1ClDIcWJ030Sjq -gRLzHkRHl6OLk+jWxgd0ZypAYGP/H977YqsFVolvm9jaVk2htVX/LpEdf3j/qwss+60kln54v11eLcDL -pdWi+DZZ1cLw31eXJ52f8gzPSNytBLhR1bY/u+Oq82Db8N2R6z7k4PXfTw29NmrdamD+CAzbN0BC0vZv -Xp6dSnb9IOzIOVxQBXIF+2VqNdcLm3AXn+ol00/TetH1dFwvmlyfNorGP9aLLkd+0xbtIuu7ju1ldtpF -T8K1a5aj0MYth1mdRkyvjq86PCWr7gDOOLClOStEGWBKVbBG9mO8i31hdB28+8/+yxQSWrRXyn5+PyU0 -R4ijRaWEFk+oKdc2VgSa7i/L1R2mASq9VdC0uFnd5K70iZTZ5xlZEjQw81Lqjd1tNqkveCNEqQr59SAm -C8zUpqX+VGiPmzvU7vFk96Vbk+pY1yuGefWWoHYQRZ3e47bC+GT8hjIVMzVOA6S+AmBVyFVD2oIAcDVw -A12VtIL7oN+wBTtSeD0dP08Gr6fjpgQKfacRSeWnUOU0xrRXUJxgirM57smV0BNuHJnL0zH8UDzZoUTY -7FIr2RfKqCStXbYqmtth5GDae9CjbAdQw9+mUH9fyy1DBaeSTwZMfoThKoYZ4Kok3EJpRQ0sP8Jwmo8G -Un+GYRVLDaj6etlymIx/VDJcUCIW66a3xmSx5L0ip/xJkZ2Mf2wKrDQUXiiuhop2aVTkbZHonG6p/b1l -jdF7M8RKftR3CFYN1kCqryDOnFoo8fcLZWHy19NrJQ3VXip30SfMNNkwIAii+MWi8IzdMyHZAtOCkmzL -lP/OJhljy6T4hq1RwjsDs5qjKvomo85MrrKVSoYWuAcMp3jOc9qzZ6bKWJpjyklC5ohjObHT80nAABel -L55WSUH7bBnK2iFcir9xoYPMPXXGInNGGSDYVfC79uznt4wcpAxJrhgo+REEM9ypNgn1HQR2GWUauGUv -UBJVrqrm6RVV2VMPtQiA4xk/dOHrV6gSrR6UJyjjpB+nV5Pr87OpSkMpKJ6rhIkzrny1NSDI8rd50Vfx -UQsvvPpHJdjTT9PnGXTTT9OALAt3+KWhKSNjNW78NvpFKGyuMnawPpJhkNB8JQtKhincY3qHOFn1GzEY -PTfORLeFoPgDN8iHcOM0uD0MgodkSNB6pXM9OM7gbiNp/CGXeeLPCmN5ZARDbE8Q0f+ck6yzu9t9NjV1 -DXrxqWYpPSVwF5+a8nbx6Ve0jX5v62b1EDKPW8ybZ5kkl888lbkMxJ4vJ5WrdnEyORn/eOK5fk48swbg -BvnqyQDwagiBhLqoQgF5lm4Azee44AzyDNtNRZ7DylSX6BuO09wTQZlt4KZNw2O3dqRWETJryz1waNUp -mP0QL2a/xrHwz5CxGefpAO77PNfIuvUAbJVNbkV2xtFdip005Kk85bhJ87U8ml+SxXIA73qQ4fVfEMMD -eH/bA1X9B1P9QVafXQ/g+9tbg0jmE+8ewC/wDn6B9/DLIfwBfoEP8AvAL/D9rs0ESEmGn0oeqdG7Lb2K -CA+uBu9l3QkgSS4MgRR9+ad/piCL6prbT2xWIKEcIoN61l+hQsH1KikkoSZunn25ehfnvEO6zYSjx65S -t1EvqtUGdbxLjEGryN6ekeTwSMy45ZL4aPBJFD7JKQnUwivdheWW+P5d+aUJcjgmyX8ez4TSGsKNparo -p/m62wOnQCyZrl1PeuU44imXg76hkq/1COAXiLqhha+gNdAhRPZA4OyHy6uxCgw7KtktrdZ8ZST2ZPqD -gpoJneX25RT7SciNinqHTlXLmVZNO3sXLry0Z08ra+zT0fiHk2mnsQGFqntAp859o2fSoW936J2iQJxj -mg28k9yBQuzvHJLIi+ur8XQ2HY8uJ6dX4wulfFOpzZV6sonoctetwzf34DpE3fi5iRpdREJrRzpxVv7N -eerbPP9Oayb6c/SEaWJSHevGDuZIk1+pb3lIWW1eyrSpj7Db7FBm4ilonjZj1h/HP5x0HHFRBVYC4v7f -MC4+Zl+yfJ0JAtSZo7YHrmaN9rasFQWnpcUg3K7jy8nk5EgSg+lKGM6xybtEFA9Exe4uwHEuT9gk35VZ -zTDnJFtAx8lJk1lRu3m2CwAnmWCJ04dOVhMeobooJGGTRGAn7ClgO8QKZnZ1acYZ91HJ81mcMYbnMJQ0 -iFEGW52etjdLkrZ2ps08z1gu9v98oY56d+2FHYf8J/1egOsUCz0vtJ03JshpjVyVX27y/ojMtF2hLxiy -XK+EuZRC1ldZ9CvMZNhB5tXGhKGiwMIsyQCZpFyKZe99YQNpJfr69Q68hj9XZO/A6z3vOqY1zztqFTKO -KPfSR/O41YySwDYPtzUFV14XMrm3XtqtoysFkEv0WK42dUHqTqkoORZ5Kwl+Vgbso6p3YEMwecFZX3Z9 -e7N/CyNj4Qut4sIbvgz9Jge3cFWIcpSaZIOcbmtn9QyYO25VHrWXWm0yiuG1YdVUiEBrbhZiTr4zjLJN -pTSVYNxhB5fokOBY32TRd7g1QX3n+H1VcqSvdSzIPc5cslpZIwZjZCcwzIounkvMCqcvfv7+o6KaAruR -HfG3NOL0MmGdnx8VRM+RLrs7BTzyys8W+1DlBr5sM9J2jYJUDF+ie+wM1t6JUqyvtxS4zUQByvQtGrmm -nMt2OrszFCxp9+pdC1ntvFsDRqEN1FiTbrtnGrjPyquqWbjOfHjSFJiT1tkIOXUWuE0debeo8hiGVRPp -0TUAmzdW87jb5kGs8tikOgd8h/AN0y3o9vZA3c3mldTKRaUjbMFGMr0+jx1F9N13TlTXq2rtWQ/GQeJd -HPdwHAYxPAZL7Q1axzaTU9zOrzCBOphzMh5fjQdgzCHvam0UQNkuj8q70wJQN+HrAQF5DyHWN1R+fvQD -AZVG0A9HuDPTiFL9qdpuzA2q2pAFTtvsnMjsCtumMUTp9Fa+LserJ9xdAXKzfxvydZvItfMLde9XTYfc -j980WkVGa+pHIVjj2rJR+C4bgoiqHbQTwuGzKYCg24erLN3A1sbbCJBParBSqfioHtQWDHUzFne8lZym -QuHbbna2KbI6N4KKTEvGsdgziNxVHcnwAlQGWqXXtV0edYS0wlndczsISZLYE8usso3kCyFlYAu0yZge -9puD20BK5rNFqyFi0RYgv+P92634bChYj0wGOxFJG7O+Ta/IG7lWV9zUCRA+qHMI3C4zVqWEZSYgLM+5 -HeemEbbfj6tRtTW6UT2nIidjGJhS5/GQRl3zEQ7biqcD70qSD/JY27ibZmrAnDhsNrGbmgWvZs9vWrfu -/oqyOMXO3WV1Kd5eNWbNi6Sxc4/8u+9azSoh+K+GEB2dzsYnx2fjk6Np9Ez46cnFddUotMCSf8VCadw4 -tPT0ScatPojr73Z32jpzL8I7X4fBhe+ZsTKe074zfRv2ppG8FdwxxOT4Xw291t991+ClzCb8lYh9M4So -H8GbJ2iuaRj/1Y++OR3SrxAFLFC9blWds7K98OcTIQMUx8rb7sTmqol//UT48U4QmCS6RgZLpGPSA8RY -ucJACoGOYsb61sglvL8T8GUCbkzDb/FcFvddp7mnhULaJ/SGkEJno7E7z9BD5vzUe/7H12ia2eGXeWI8 -JzGGO8RwDMKdFqQa+LfWzTZv9DClYCr3GpB6Y8FLjJFNr4Lv8ghY720eCWvSyc9O4eJThVlNmZxHM84d -x9lgwSd5fL/sSUtmpZyxsEmy5dGg6vEgiudhp3Xrqz4v9rbk4Fv9rGd4Was2/2qrd9X0rFyvqvYo0TeC -tfpcjShpw2KyUdOL1veNol7YwtOvHIVro87kCykKki1edaMGRPc5TyE09aP/EhnFcxNCJwVUz6FZK0fn -6yw5LwZ7e4yj+Zf8HtMkzdf9eb7aQ3v/ebD/4Y9/2N87eHfw/ff7AtM9QabBZ3SP2JySgvfRXV5y2SYl -dxTRzd5dSgotd/0lXzlHTdedOPfCsbF8n4X3WZES3on6xgvb24OCYs4Jpm/V8ZJ3gUn+exPf7N924TW8 -+/B9F96AKDi47dZK3jVK3t92a4+0mVPMcuVmHGTlSt5QtheUA1esoqj+LJKTpyDwBdpk5arxJp3S+/Af -gs5AZPq90Dn/JVXP27feNWlBI1wgvuwnaZ5TSfSeHG0lRgJ7x6IXbNDbcyBuHdu7UmlexkkqH6dJCWKY -DVQqEubInKwwSSXJYnJP4hKlVUqHvElzOrseX336x+zq9FRmzc0tyllB84fNAKI8SSJ4lHlR16JIngXc -pTiuo7hsxZD5CHAWan/68fy8DUNSpqmH480YkXRRZhUudfb01jz247JAnj9p2vXxR54kajvMOLGvi/in -UAOfPP1iSCunZrpdxbFAr1mz07ZuLp/sJTOdfMyI0B0onUzOwyOznXy8PPvxZDwZnU8m56GhlAYVY6k/ -Er+T7Nl9XD7VhRqGlOePk+nVRQ+ux1c/nh2fjGFyfXJ0dnp2BOOTo6vxMUz/cX0ycbTCzNzErFbCGKv3 -Yv/N9zFlA3t/MepFXal39N1oPXDj9ASupjluVHuCn3pJN+ptG5d/9wszTjIZJnhWq9/2ZFw/DPwGop5Q -Zeq0vKLYP8fWLPScxyAffffy/zOzjZkfx+dN/n0cn4vtW9e/3z8IgrzfPzBQp+PgVUtZbGAuJwezj+Pz -078fh7IsTZ3Jtpxcn87+8vHsXKxvjr5gVh1LST1dIMrZQJ5Vyz/NK2uT61PjGXR4DncYPudix1ceSQRR -V+4BKbrDqWp+fDlRn/aBm4KSFaIbB1cfOpVG/XMkUw8oWg/g70tMMXTUk8YSS1dZ5bl6Cq7MUKreNzZm -m0On2XgkRdJ7E/RwssKSFOHBCXcILzCVjxdKpeSSoh4RlBZNTz92Xb3FI4mU1pjGi1dFirjCjeKY6JNj -836m4tZcPrwZu+OdsSL5j1gNOkkR5zgbwAhSwrj7rLNqrwH0VisM0SVG8cEARqtcPsANu3dlkmAKNM9X -u+qwWSamSr9yiSEhlHEZ+bdPhxcJzJfyzSHBqAd+gR4m5CesxrVCD2RVroCRn3Dlu04/TS3DflQpJoIY -ePfhgzropJjJBIcMVmXKSZFW+e/O2N99+BB1na3EEcvA1qHUv5LHr1/B+axOVN4F0n5dYbfnEIhDihHj -8A6wfqewYaLqHrXguedAtthVG42GFK2FZ1h9vBoOIYqaqETdEKIZRWtWJBad2vvUWZLMpl1iKxeOXKnd -UcVPCnUqZaCFBeYcMYu1g7kRBWltiZm0B/+iO0mCiU5r9uqMwKhrEVcrz19qO9XLe1pWxbKRLyj+q8RM -JgWaR98BOb07MQ20riE1bFUkabwVZ3VBdVqx7z0UaxsMa/CBdM69PXVIhOLY0iLYoWk0TyhnEZdPF6wK -vtFy7R31bZtxyeSidnjoN+Q8DR7cKx92+mladdDTE9YDWvTUy3QWRffZx/hPIO4+6Wo70268YzHp8pn4 -hIhJVy6C0phiWuuzapr5UyfB7cQZGG99+CikOvRx2GIPjyxpQVTpQB9TVW5RVUWHNVb8sF3K/ZVZ50ZN -AhoTJHVPNUWtU9+Y8icxVXnBXpjEfZVtm+Gwdec/Go227Pgkj3Gims7zjKv3QklaxYo7uU7HqsBnc/0u -3AD+kucpRpk8hMRZLH/mAMtLt1r7EIrjPQPfF6IqNngbovJuVjpPlFCclAzHje4ZK/EAzrU6PhqZX15Q -gYA0X6tfupBwLmpWe+kPOsooUNdQtJiYjVaZUxLHmqTxAEYac9XfXIxZdiIg5ojGod5s9mV/e3/OZuxM -detm/PytsSbgimKrwtWn0JVZnuGo6xfDTXQY3R6GUIgx19DIojAqVWXQWXyWejMsS92rWuMufP1aQfvA -tai2rTL70nAI+1vA9Ei2VbuYVIZGwNpxV2jT2hFzjjNON6JIUZ7TSsBeanrUp0aszfq7Uk6VXbbNR6Wk -ejoajXz1FMlmUQ8cJD3v+Ud3j2p5cOr5qLvN3wgICnC35eSjB6ljb7hSoM5EUpyps5BnUigQVBSKrxty -2+0e7rQtiW8gzBGslxMnZadXR+sSWd9Iji9G46OXbyWyuXVFZ/EK0TkUFCfkQb7zHMc4PoTGHlPkKZlv -NFKJQpVApxh2e+qXl+6wXCV5ojVID6J/lYiijBP1RbH8LRbpAJpj2+s2xIn7Lj6DDvv2jmo7D0rJIhMO -y+T6dACR/lWpvYhFYilHFKfoAcfRXkSjClbSIazqDmJFMuw5rKGRj/b4b2cX34ZXtIAOir+QVQhzgekc -Z3ygTxjhDvM1xhnsy1f5D/b3ewYELZSPqXY2yUFiHn7XWc2dYs7dTg721QOutEQDGJkfQ0KLBcULsZFr -G0BfuamxkpaJ0yhBJFUJ9VuaaCCVGc4G+oS1CiAcmhJpwxDp/twp04TJCRBjFgzr6QbyYBUxhmPpbXSS -3OPhfuR2eyoPCgeg/i/ca8Uqn3TFMetxQYf6M44Smugoi4Q/yzim98KIMn9VmNswkmHXxlXOsqLkJqgi -LNtlHjsP3rorvc2SaNgQjoP0+H9pdchroaZOqYqobkyo+lfN5BRVYTM1HOiGZWMCFHLhN8nTCsEYJtub -qyd/JSB8/QqBOkdVtEBo9RGwEc4y9Xa3q6maPLOpXDfR/VCCHkT2fWtpxcstISqGFWf04A+tGzSxyTGq -qj7cmgYNjzsIFGZAEPS5nGA1YhuBnWAfgYiyYgxzOVNvVPcXR1alCu1Q69FTzm5/bE34fPkkmDzHRwxX -anwQyItvoBDCSgNJj3cUoy+HAex603g2cvYtyGkNr+4y0FsAhdF+Oy3p5L4gSPqqTc6TBj8C4k242gKr -Offno33GJ9enbRM+uT59xnzXoF4w3WJr+rVmW+P+f22yhSEVmGsxF/Wpvrb2TW2eteFTubCm4NVQmjZt -qkVYQY7WVY2aElYzg1itd1oiJ0BdopYQqtczLZHTs2hk46iN/k99s6TRe+L2njyv98TrPXl278LUUpbc -Vjp8+65++yPJhSDvR62vRgeRhJ40CAH2Q2pbOXGi23r6+ePzkAZ0Q4WTvQynXDItPNve4UFrh0GvXTYK -9RLMUJd5vbky4/ajlteSlCAluZSjJG9z9RsCpLP0niE82jpvKZbUKRO8VcpdIfdaN4R8rGOc2nCvU+fZ -96GXvt1cjDp4M1WzCRR8VCaErOVKgTtq4i7tUOtmpL4WJ1dBhumnacfEtVUHSkkcQtRtRMoDeSbb2ttn -Kqbmx63sLfDzPFs4sX7lMy3l7YAYMsTlL2ZClq/dXwP529lFB9H6z5wiagMl9pLtmqKiwFT6WYs0v+t0 -5Z/Or3FCmiMZ+E5IitW594hVR3220w7J4Ie8K6gn+vev8ozTPAWUbdZo05O/+STa6ecD5DG8Cmyri64M -ZYRv3s6XeP5FH0Zf5hwPDGGE6ReWMiWZGUqhzOJ8LvOTcQxLnMqx2HvJk1xenyfydHIjaMrXGVDCvvTd -m8MynjnTvdisE31x5d0tDGH3M9s91InWcww8V5SQbJ6WMYb+Z2bYY5W6+IShpF1dHelkZZr2Kszuj/Y5 -qc0KT0tus6a1I4FaLr/LOj3PE8xtippmu+jv6PxMEEnQnQCtgvPnZzP781nmnrTp3sb8vmAxcKjX135l -hi8Ju/mCN7fSWdq1aZy79fXvAFqc8ruhQd2s0dOT6dFf67/2nGA+X7Ywuz+XP1d1Pbo8O5LL7f8EAAD/ -/+UEljI+fQAA +H4sIAAAAAAAC/+x9/XMbN7Lg7/or2qp7GTKmKcle+72ilu+W0UdWtfoqks56n07HB3EwJOwhZhbAiGJi +5W+/wtcMMIOhZN0mqbo6/5BogEaj0Wg0uhsNMCo4Bi4YmYvocGdnbw/OEthkBeCYCBBLwiEhKe6pslXB +BbCCwn8vMlhgihkS+L9BZIBXdzhW4BKFbAGEglhi4FnB5hjmWYz7Ln7EMCwxuifpBmJ8VywWhC50hxK2 +pxrvvonx/S4kKVrAmqSpbM8wiivCICYMz0W6AUK5kFVZAgXXuDBkhcgLAVkiW3pU9+EfWRGlKXBB0hQo +lvRngdHd4SRjWLaXZM+z1UoxBsN8iegC8/7Ozj1iMM9oAkP4ZQcAgOEF4YIhxgdwc9tTZTHls5xl9yTG +XnG2QoQ2CmYUrbApfTzUXcQ4QUUqRmzBYQg3t4c7O0lB54JkFAglgqCU/Iw7XUOER1EbVVsoC1L3eKiJ +bJDyqCZ3jEXBKAdEATGGNnI2DA5YL8l8CWvMsKEEMxwDzyCRYyuYnDNWUEFWittXawrl8JJMcniVI0Hu +SErERooBzyiHjAFJgGcrDDHaAM/xnKAUcpbNMVdysM6KNIY72es/C8Jw3K/YtsDiKKMJWRQMx8ea0JKB +TA1G8bHvzooabIniEq/HlrEdWd8DsclxD1ZYIIuKJNCRpV1nOuQ3DIcQXYwuP47OI83ZR/VfOd0ML+T0 +gcQ5gArzwME/UP+1s6IorWa5nxd82WF40T10xyMxNYZwTPm1EYEnB5ElutehJD67+4znIoLvvoOI5LN5 +Ru8x4ySjPJIqwG0v/8nvvg8HQzm9KyRmQnQC9d06Y2Kev4Qxnphr3sQ8f4o3FK+1XBi2lOytSUk1RIes +sowXd1qCBhBFveaKHFR/9jxeDeCXRxd+nrG4uXyvq9XrgptVOp2eD2C/5xHIMbtvrHayoBnDsat76lUC +sQUWvkJw2WXW3TFiC95Z9czit7ySe0PGAKP5ElZZTBKCWU/KFRFAOKB+v1/CGYwDmKM0lQBrIpYGnwVS +OmZgO5XsKRgn9zjdWAgtnlIa2AKrbqjIFGdjJFAp1rM+4aemx86q60lsx4zBiCHglOOy0UhSUGshh9iR +gvpZrQC3Sv7zWXTz+bbk0mEJ9xjq60qNpdbZrI8fBKaxobIvh9aDlU+to3SWLFtD9PfR+PLs8seB6bmc +DK2UCsqLPM+YwPEAInjtkW81QK04gmMr4LUaQ5heWnpwerM41kuqWlEDOGIYCQwIji8nBmEfPnKsNtwc +MbTCAjMOiNu1AIjGknzuaPXjtrWqtIce8XDLytZkltNIYAj7h0Dgz+6+108xXYjlIZDXr90J8abXgb8h +9Yl+bHbzVneD2KJYYSpaO5HwKxhWgDfk9jBMwirYq5SpxsbWJzTGD1eJYkgXXg2H8Oag25AeWQuvIZJL +NsbzFMl9fJUxOUuIQkbn2NvMnH6s3nUJapKhYBQN1q44np18mp5c6ontDuBjHtflBFAqTcMNoDjGsdYW +x51uT1oIpfqVcsRwljiy4mEOyclsgYXuwixAQ5llowUcAi3SdAu71ogDzUTFsw0WSnwVUdLKhDmiEuIO +Q6FGGGvpP+50jR3a9zhrllZ297lfDXGoepQFXLDOfk9/akF647RwiuENHISk/uA3FEdJQ7dNTG4MDIlv +Yeg0OJQ6PcUi4pDdY7ZmRGjdoPV834hLeMoGMJVuA1nlKVZUqpZWAyIxXxK6kM1RusgYEcsVFBzHcLep +pKTbhyNEY6LET7XBXPkyiAJ+QHOhCyWWLHHwR9wYKtpeVTIhdzzJnBy7EqqbSQReyz5MlxjSTLocphOJ +QFsfnk0bHnxQAxZpelgrPsdUqbtWFeit5i3yIF20SznMoT+z5PZmV1K060iI9m64NM4nRZKQBxjCbn8X +XpdYfNgkK2gF6Yr7Gw+Noc/ZWLUDqtxHwmuTJudGuawasZlda5PY5a6mTpq+5QC/fvUJGg79wdQNAIeG +ch6RnlpmSrQiLRjMC8YwlRrBzrpLT2mVG1Lscv7PajLrnVdqQ890relhC7AyuEk8ANKTa21Qn1NrafsG +jGPKuLayblbq9pPT0cfz6QSMcS6ZwbFQrqPePiu9Il10lOfpRv2RppAUomB2kfG+xHcirUtlNIqsQr6W +Xv48xYgBohvIGb4nWcHhHqUF5rJD14AwrUpXsOnvti2PJ3Wla0Kojc5Vml3fQppOzzv33QFMsA45TKfn +qlO972kLyCFbgzvemrQaJ0J61p17z2q8h6GK+tDFNDsuGFJ2772njs1cWeQd5rZnfSFSGML9YcgJCGB2 +1I/VmkO476u/O3v/u/O/4tfdzg1fLeM13dz+z+7/2HN22LJF2xZ7b80RuXkiOackhtj0bsjxNs6CEgFD +iHjU6OXm7a3bgYGsKj1vFIbSKuX4jIqy/YGdRTnYQi0cPoCDHqwG8GG/B8sBvPuwv29XTHETxZHc5Yr+ +Er6Ht38qi9emOIbv4d/LUuqUvtsvizdu8Yf3hgL4fgjFjRzDrefn3peLr3QRPUGzC88KXLWRuavEbfsb +SV3sLZ1+5dG2Ct8KfcFHo9FpihYdtbhrjnol0Gr5eFKtF9QcIRVx/DrU2sHtZm8Pjkaj2dH4bHp2NDqX +HgsRZI5SWawClSpU58Io6aloOoA//xn+vauDrW7YZdcGJ6Q63u3BfldCUH6UFVRpw31YYUQ5xBmNhDRN +5IZlQ2lKqzmefd9tLJeFxW6QyOYoTd3pbISATPNA/MciViGggsY4IRTHkcvMEgTeHHzLDDvRjBtJhhRr +g6s2ESNNJsl7ZuYujBcr9+yumocRDE3dDwVJ5ciiUWR4PxqNnoNhNAohGY0qPOdno4lGpKMjW5BJ0AA2 +WVyi+6+P45OZg9REtZ7EXbUL9FBVRj3Db2mOD+Cm5P1NJLuLelCtXycAdBNJMqKeVq5I4NHPBcOjlCA+ +3eTYh1SkhjCZ/wmGKE8ythrUl2NPkdUrAxKB5akNMAXnBBUcAN29BdFfh54N50RTTBskRzNDcjjdusnU +BDHMuC372OQOGY2gSxiJ2hl03LJE4ppRxnDq7Tx23Uh/mP++qpNjfOWqYVXp81KvQpRyHFidN9Eo6oEW +8x5ER5eji5PotowPmM50gKCM/b9/54utEVgtvm1iW7ZqCm1Z9a8S2fH7d7+5wPLfS2LZ+3fb5bUEeLm0 +lii+TVaNMPzX1eVJ5+eM4hmJu5UAN6ra9md3XHUebBu+O3LThxq8+fupoddGbVoN7B+BYfsGSEja/sXL +s1PJrh+EHTmHC7pArWC/TK/memET7uJTvWT6aVovup6O60WT69NG0finetHlyG/aol1UfdexvexOu+gp +uHbNchTauNUwq9OI6dXxVUekZNUdwJkAvrRnhYgCZkwHa1Q/1rvYl0bXwdv/6L9MIaFFe6Xq549TQnOE +BFpUSmjxhJpybWNNoO3+sljdYRag0lsFTYub103uSp8omX2ekaVAAzOvpN7a3XaT+oI3UpSqkF8PYrLA +XG9a+k+N9ri5Q+0eT3ZfujXpjk29ZphXXxLUDqKpM3vcVhifjN9RpmKux2mB9FcArAq5GsiyIABcDdxC +VyWt4D7oN2zBjhReT8fPk8Hr6bgpgVLfGURK+WlUGYsx6+UMJ5hhOsc9tRJ60o0jc3U6hh/yJztUCJtd +GiX7QhlVpLXLVkVzO4waTHsPZpTtAHr42xTqH2u5UZQLpvhkwdRHGK5imAWuSsIttFY0wOojDGf4aCHN +ZxhWs9SC6q+XLYfJ+CctwzkjcrFuemtMFkvRyzMmnhTZyfinpsAqQ+GF4mqpaJdGTd4Wic7Ylto/WtY4 +u7dDrORHf4dg9WAtpP4K4sxYCSX/fqEsTP56eq2lodpL1S76hJmmGgYEQRa/WBSesXsmhC4wyxmhW6b8 +DzbJOF8m+TdsjQreGVipOaqibzLq7ORqW6ngaIF7wHGK5yJjvfLMVBtLc8wEScgcCawmdno+CRjgsvTF +06ooaJ8tS1k7hEvxNy50ULmnzlhUzigHBLsafrc8+/k9IwcpR4orFkp9BMEsd6pNQn8HgV1G2QZu2QuU +RJWranh6xXT21EMtAuB4xg9d+PoVqkSrB+0Jqjjpx+nV5Pr8bKrTUHKG5zph4kxoX20NCGj2Jsv7Oj5a +wkuv/lEL9vTT9HkG3fTTNCDL0h1+aWjKyliNG7+PfpEKW+iMHWyOZDgkLFupgoJjBveY3SFBVv1GDMbM +jTPRbSEo8SAs8iHcOA1uD4PgIRmStF6ZXA+BKdxtFI0/ZipP/FlhLI+MYIjtCSL6nzNCO7u73WdTU9eg +F59qltJTAnfxqSlvF59+Q9voj7ZuVg8h87jFvHmWSXL5zFOZy0Ds+XJSuWoXJ5OT8U8nnuvnxDNrAG6Q +r54MAK+GEEioiyoUkNF0A2g+x7ngkFFcbirqHFalukTfcJzmngiqbAM3bRoeu7UjtYqQWVvugUOrScHs +h3gx+y2OhX8BymdCpAO474vMIOvWA7BVNnkpsjOB7lLspCFP1SnHTZqt1dH8kiyWA3jbA4rXPyCOB/Du +tge6+k+2+r2qPrsewIfbW4tI5RPvHsCv8BZ+hXfw6yH8CX6F9/ArwK/wYbfMBEgJxU8lj9To3ZZeRaQH +V4P3su4kkCIXhkDyvvrTP1NQRXXN7Sc2a5BQDpFFPeuvUK7hepUUklATN8++WL2NM9Eh3WbC0WNXq9uo +F9VqgzreJcai1WRvz0hyeCRnvOSS/GjwSRY+ySkF1MIr00XJLfn9h/LLEORwTJH/PJ5JpTWEm5KqvJ9m +624PnAK5ZLrlejIrxxFPtRzMDZVsbUYAv0LUDS18DW2ADiEqDwTOfry8GuvAsKOS3dJqzVdGYk+lP2io +mdRZbl9OsZ+E3Kiod+hUtZxp1bSzd+HCS3uutLLkt4N+dnw2Gf1wfjKbjE5Ppv+YHf315Ohv5pqXRqew +zWLCpUqYcZRgsZnNl3j+ZQC7ghVY6iSpApfScNZgKudOQYKClGoN01jficsZvsdUDHSzgz5M1xlka4oZ +B5EtFimhC0BmN4A7LNYYUxDrDDgWQppdfd30rU5izcQSM40A1iRXrdO0Sug39w5TdIfTnr02ltFIaCx3 +GGgmyBzHUFBBUrU7UfwgQJAVhpjyeUYFy1KVH1tQ0/kEY1gKkfPB3t6CiGVx159nq72JQPMvJw/6Mt9e +1XiPcF5gvndwsP9hx3gLZhqmo/GPJ9NOwxAIVfeATZ17X8+UB3PLxuzYORICMzrwTtQHGrG/gysiL66v +xtPZdDy6nJxejS/0JpiqXVVvE+WFAC1bNfimLVSHqBuhN1Gji0junpFJYFZ/C5H6tue/0qqM/hI9YSLa +lNO60YkFMuRX26g6LK6MCG1i1kfYbXaoMiI1tEibZwcfxz+edBxx0QWlBMT9v2Gcf6RfaLamkgB99mvs +sqtZo31Z1opCLvYyWerj9Or4cjI5OVLEYLaSDkxs818RwwNZsbsLcJypk07Fd+3emHUMHSc3UGWn7WZ0 +FwBOqGSJ04dJGpQKRl/YUrBJIrFrjbMNuBxiBTO7urTjjPuoENksppzjOQwVDXKUwVanp+3NkqStnW0z +zyjPpB2WLfSR+255ccoh/8n4A8B1iuV+K3cdb0yQsRq5WkXa/EuiMp5X6IvUeWYlzJUU8r5W4CvMVfhH +5TdLbZ7nWJqHFJBNjmZY9d6Xet9sZt9/vwPfw18qsnfg+z3vWmzpJnX0KuQCMeGl8WZxqzmrgMt86NZU +aHVty+ZAe+nPjq6UQC7RY73NqMDUnVZRaizqdhj8oh2JR13vwIZgslzwvur69mb/FkbW05JaxYW3fBn6 +TQ5u4SqX5Si1SR8Z29au1DNg7xpW+exeirvN7IbvLaumUgRac+QQd/LOYUQ3ldLUgnGHHVyyQ4Jjc6PI +3KU3BPWdNIhVIZC5XrMg95i6ZLWyRg7Gyk5gmBVdIlOYNU5f/Pz9R0eXJXYrO/JvZUybZcI7vzxqiJ4j +XeXuFIiMVPEOuQ9V7vjLNiNjXxoDSDF8ie6xM9jybppmfb2lxG0nChA1t5nUmnIuPZos21DQqj264noq +eufdGrgLbaDWqnfbPdPReFZ+W83TcObDk6bAnLTORsi5LoHb1JF3my2LYVg1UZ51A7B5cziLu22e3CqL +bcp5wIcL3/Tdgm5vD/QdeVFJrVpUJtIZbKSuOWSxo4i++86JrntVrT2bwThIvAv8Ho7DIIbHYGl5k9mx +zdQUt/MrTKAJqp2Mx1fjAVhzyLviHAVQtsuj9rKNANRN+HpgRt0Hic1NoV8e/YBMpRHMAx7uzDSihX+u +tht7k602ZImzbHZOVJZL2aYxRBV8qGIOAq+eCDtIkJv921DMoYncBCGgHoXQ06H249eNVpHVmuZxDt64 +Pm4VvsuGIKJqB+2EcPhsCiDo9uGKphvY2ngbAeppE15oFR/VDxckQ93M0R1vJaepVPhlNzvbFFmdG0FF +ZiTjWO4ZRO2qjmR4gUILrdMc2y7xOkJa4azuGx6EJEnuiQWtbCP1UksR2ALLpFgP+83BbSA19tmi1RCx +aAuQ3/H+7VZ8ZUjejEwFnRFJG7O+Ta+om9GlrripEyB9UOcwvl1mSpUSlpmAsDznlqKbztl+T7FG1dbo +RvWsjZqMYWBKnUdcGnXNx1DKViIdeFfDfJDH2sbdNFMD5sRhs0m5qZXg1ez5TevW3V8RjVPs3CHXjxOU +V75580Jv7Nzn/+67VrNKCv6rIURHp7PxyfHZ+ORoGj0TfnpycV01Ci2w5J+xVBo3Di09c6J0aw5E+7vd +nbbO3AcJnK/D4ML3zFgVz2nfmb4Ne9NI3gruGGJq/K+GXuvvvmvwUmV1/kbEvh5C1I/g9RM01zSM//pK +357SmdegAhaoWbe6zlnZ3uHgEyEDFMfa2+7E9sqPfw1I+vFOMJ4kpkYFS5Rj0gPEebHCQHKJjmHO+6WR +S0R/J+DLBNyYht/iuSzu+1pzTwuFtE/oLSeNrozG7jxDD9lzbO8ZJl+jGWaHX0iK8ZzEGO4QxzFId1qS +auHflG62fSuJawVTudeA9FsXXoKSanoVfB9JwnpvJClYm9Z/dgoXnyrMesrUPNpx7jjOBg8+jeT7ZU9a +MivtjIVNki2PN1WPODE8DzutW19XerG3pQbf6mc9w8tatflXW72rpmflelW1x6G+EazV52pESRsWUxk1 +vWh9ZyrqhS0889pUuDbqTL6QPCd08aobNSC6z3mSoqkf/RfhGJ7bEDrJoXqWrrRyTN7UUoh8sLfHBZp/ +ye4xS9JsrQ6Y0N5/HOy///c/7e8dvD348GFfYronyDb4jO4RnzOSiz66ywqh2qTkjiG22btLSW7krr8U +K+eo6boTZ144Nlbv5Ig+z1MiOlHfemF7e5AzLATB7I0+XvIukql/r+Ob/dsufA9v33/owmuQBQe33VrJ +20bJu9tu7bE8e5pcrNzMD1qs1E3x8qJ44KpbFNWfp3LyRSS+QBtarBpvA2q9D/8m6QxEpt9JnfOfSvW8 +eeNdV5c0wgUSy36SZhlTRO+p0VZiJLF3SvSSDWZ7DsSt4/LOWpoVcZKqR4JSgjjmA50ShgUqT0gVlYTG +5J7EBUqr1Bp1o+l0dj2++vSP2dXpqcpenJcoZznLHjYDiLIkieBR5addyyJ7shvXUVy2YqA+AkxD7U8/ +np+3YUiKNPVwvB4jki4KWuHSZ09v7KNLLgvU+ZOh3Rx/ZEmit0MqSPnKi38KNfDJMy+3tHJqZtpVHAv0 +SpudtnVz+WQv1HbykRKpO1A6mZyHR1Z28vHy7KeT8WR0Ppmch4ZSWFScp/5I/E7os/u4fKoLPQwlzx8n +06uLHlyPr346Oz4Zw+T65Ojs9OwIxidHV+NjmP7j+mTiaIWZvRFbrYQx1u/2/ovvxaoG5T3SqBd1ld4x +d9TNwK3TE7gi6LhR7YmW+kXjqLdtXP4dPMwFoSpM8KxWv+/JuHmg+TVEPanK9Gl5RbF/jm1Y6DmPQT76 +7uX/Z2YbMz+Oz5v8+zg+l9u3qX+3fxAEebd/YKFOx8Err6rYwlxODmYfx+enfz8OZbvaOpv1Ork+nf3w +8excrm+BvmBeHUspPZ0jJvhAnVWrP+1rd5PrU+sZdEQGdxg+Z3LH1x5JBFFX7QEqt0c3P76c6M/yoaGc +kRViGwdXHzqVRv1LpFIPGFoP4O9LzDB0dI6QwtLVVnmmn+QrKEr1O9PWbHPorLKT9va09ybpUUlEkhTp +wak8qAVm6hFJpZRcUvRjjsqi6ZlHx6s3kRSRyhozePEqT5HQuFEcE3NybNOeNLfm6gHU2B3vjOfJv8V6 +0EmKhMB0ACNICRfu89q6vQEwW600RJcYxQcDGK0y9RA67N4VSYIZsCxb7erDZpUgrPzKJYaEMC5U5L98 +wj1PYL5Ubz9JRj2IC/QwIT9jPa4VeiCrYgWc/Iwr33X6aVoy7CedYiKJgbfv3+uDToa5SnCgsCpSQfK0 +uofgjP3t+/dR19lKHLEMbB1a/Wt5/PoVnM/qROVtIP3aFfbyHAIJSDHiAt4CNu9FNkxU06MRPPccqCx2 +1UajIUNr6RlWH6+GQ4iiJipZN4RoxtCa50mJTu99+ixJp/ThUi4cudK7o46f5PpUykJLC8w5YhaZfnpP +T7yytuRMlgf/sjtFgo1OG/aazMyoWyKuVp6/1HaqFxCNrMplo16y/GeBuUrOtI/vA3J6d2IaaF1Datmq +STJ4K86aguq0Yt97sLdsMKzBB9Jq9/b0IRGK45IWyQ5Do33KmkZCPSGxysXGyLV31LdtxhWT89rhod9Q +iDR4cK992OmnadVBz0xYD1je0y8Elii6zz7GfwJx90lX25l26x3LSVfP9SdETrp2EbTGlNNan1XbzJ86 +BV5OnIXx1oePQqlDH0dZ7OFRJS2IKh3oY6rKS1RV0WGNFT9ul3J/Zda5UZOAxgSZ5Fk7Ra1T35jyJzFV ++dlemMR9HW+b4bB15z8ajbbs+CSLcaKbzjMq9LutJK1ixZ3MpGNV4LO5eZ9vAD9kWYoRVYeQmMbq5yaw +uvxstA9hON6z8H0pqnKDL0NU3g1X56kYhpOC47jRPecFHsC5UcdHI/sLGDoQkGZrnV2t4FzUvPbiInS0 +UaCvAxkxsRutNqcUjjVJ4wGMDOaqv7kcs+pEQswRi0O9ldmX/e39OZuxM9Wtm/Hzt8aagGuKSxWuP6Wu +pBnFUdcvhpvoMLo9DKGQY66hUUVhVLrKoivxldTbYZXUvao17sLXrxW0D1yLapdVdl8aDmF/C5gZybZq +F5PO0AhYO+4KbVo7cs4xFWwjizTlGasE7KWmR31q5Nqsv+/lVJXLtvm4l1JPR6ORr54i1SzqgYOk5z3D +6e5RLQ9/PR91t/lbDUEB7racfPQgdewNVwr0mUiKqT4LeSaFEkFFofy6Ibfd7uFO25L4BsIcwXo5cUp2 +enW0LpH1jeT4YjQ+evlWopqXrugsXiE2h5zhhDyo97bjGMeH0Nhj8iwl841BqlDoEujkw25P/wLWHVar +JEuMBulB9M8CMUQF0V8Mq9/EUQ6gPba9bkOcuL9PwKHDv72j2s6DUrKg0mGZXJ8OIDK/7rUX8Ugu5Yjh +FD3gONqLWFTBKjqkVd1BPE+GPYc1LPLRHv/t7OLb8MoW0EHxF7IKYc4xm2MqBuaEsbxCtK9+HeFgf79n +QdBC+5h6Z1McJPYBfpPV3Mnnwu3kYF8/pMsKNICR/VEqtFgwvJAbubEBzJWbGitZkTiNEkRSnVC/pYkB +0pnhfGBOWKsAwqEtUTYMUe7PnTZNuJoAOWbJsJ5poA5WEec4Vt5GJ8k8Hu5Hbren6qBwAPr/0r3WrPJJ +1xwrPS7oMH/GUcISE2VR8GdUYHYvjSj7V4W5DSMZdsu4yhnNC2GDKtKyXWax8/Cwu9LbLImGDeE4SI// +l1aHup5r67SqiOrGhK5/1UxO0RVlpoYD3bBsbIBCLfwmeUYhWMNke3P99LIChK9fIVDnqIoWCKM+AjbC +GdVvqLuaqsmzMpXrJrofKtCDqHxnXFnxakuI8mHFGTP4w9INmpTJMbqqPtyaBg2POwgUZkAQ9Lmc4DVi +G4GdYB+BiLJmDHc5U29U9xdHpUqV2qHWo6ec3f74moj58kkwdY6POK7U+CCQF99AIYWVBZIe7xhGXw4D +2M2m8Wzk/FuQsxpe02WgtwAKq/12WtLJfUFQ9FWbnCcNfgTEm3C9BVZz7s9H+4xPrk/bJnxyffqM+a5B +vWC65db0W822wf3/2mRLQyow13Iu6lN9Xdo3tXk2hk/lwtqCV0Nl2rSpFmkFOVpXN2pKWM0M4rXeWYGc +AHWBWkKoXs+sQE7PslEZR230f+qbJY3eE7f35Hm9J17vybN7l6aWtuS20uHbd/XbH0kmBXk/an29O4gk +9LRECLAfUtvaiZPd1tPPH5+HNKAbKpz8ZTjVkmnh2fYOD1o7DHrtqlGol2CGusrrzbQZtx+1vFqlBSnJ +lBwlWZur3xAgk6X3DOEx1nlLsaJOm+CtUu4Kude6IeRjE+M0hnudOs++D7247uZi1MGbqZpNoODjPiFk +LVcK3FETd2mHWjcj9bU4uQ4yTD9NOzaurTvQSuIQom4jUh7IM9nWvnwuZGp/ZKy8BX6e0YUT69c+01Ld +DoiBIqF+uRRotnZ/leVvZxcdxOo/N4tYGSgpL9muGcpzzJSftUizu05X/en8KiqkGVKB74SkWJ97j3h1 +1Fd22iEUfsy6knpifofMPKmB6GaNNj31YIdsZ54PUMfwOrCtL7pyRInYvFGPiZjD6MtM4IEljHDz0hXV +kklRCgWNs7nKT8YxLHGqxlLeS55k6vo8UaeTG0lTtqbACP/Sd28Oq3jmzPRSZp2Yiytvb2EIu5/57qFJ +tJ5jEJmmhNB5WsQY+p+5ZU+p1OUnDBXt+upIhxZp2qswuz+e6KQ2azwtuc2G1o4Carn8rurMPE+wKFPU +DNtlf0fnZ5JIop5xcYLz52ez8mfM7D1p230Z8/uC5cChXl/7tR+xJPzmC97cKmdpt0zj3K2vfwewxKm+ +GxrUzRo9PZke/bX+q9sJFvNlC7P7c/WzYdejy7Mjtdz+TwAAAP//v30dtMZ+AAA= `, }, }