mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

IGNORE_NAME: Should work at domain apex (#1118)

Browse Source 
* IGNORE_NAME: Add test at apex
* Fix IGNORE_NAME at apex
* Add comments and documentation
* Add a flag to disable IGNORE_NAME safety checks
This commit is contained in:
Tom Limoncelli
2021-04-13 08:59:47 -04:00
committed by GitHub
parent a65b310520
commit 4ab4d4c9ed
7 changed files with 300 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/_functions/domain/IGNORE_NAME.md
View File

@ -1,36 +1,38 @@
--- ---
name: IGNORE_NAME name: `IGNORE_NAME`
parameters: parameters:
- pattern - pattern
--- ---
WARNING: The `IGNORE_*` family of functions is risky to use. The code WARNING: The `IGNORE_*` family of functions is risky to use. The code
is brittle and has subtle bugs. Use at your own risk. Do not use these is brittle and has subtle bugs. Use at your own risk. Do not use these
commands with `D_EXTEND()` or use it at the domain apex. commands with `D_EXTEND()`.
IGNORE_NAME can be used to ignore some records present in zone. `IGNORE_NAME` can be used to ignore some records present in zone.
All records (independently of their type) of that name will be completely ignored. All records (independently of their type) of that name will be completely ignored.
IGNORE_NAME is like NO_PURGE except it acts only on some specific records instead of the whole zone. `IGNORE_NAME` is like `NO_PURGE` except it acts only on some specific records instead of the whole zone.
IGNORE_NAME is generally used in very specific situations: Technically `IGNORE_NAME` is a promise that DNSControl will not add, change, or delete records at a given label. This permits another entity to "own" that label.
`IGNORE_NAME` is generally used in very specific situations:
* Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS record that is managed by Kubernetes External DNS, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record. * Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS record that is managed by Kubernetes External DNS, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record.
* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. IGNORE_NAME will leave those records alone. * To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. `IGNORE_NAME` will leave those records alone.
In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged the "foo.example.com" and "bar.example.com" ones. In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged the "foo.example.com" and "bar.example.com" ones.
{% include startExample.html %} {% include startExample.html %}
{% highlight js %} {% highlight js %}
D("example.com", D("example.com",
IGNORE_NAME("foo"), `IGNORE_NAME`("foo"),
IGNORE_NAME("bar"), `IGNORE_NAME`("bar"),
A("baz", "1.2.3.4") A("baz", "1.2.3.4")
); );
{%endhighlight%} {%endhighlight%}
{% include endExample.html %} {% include endExample.html %}
IGNORE_NAME also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of `IGNORE_NAME` also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of
the following patterns will work: the following patterns will work:
* `IGNORE_NAME("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double * `IGNORE_NAME("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double
@ -43,4 +45,37 @@ not match `.`
* `IGNORE_NAME("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`. * `IGNORE_NAME("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`.
* `IGNORE_NAME("\\*.foo")` will ignore the literal record `*.foo`. * `IGNORE_NAME("\\*.foo")` will ignore the literal record `*.foo`.
# Caveats
It is considered as an error to try to manage an ignored record. It is considered as an error to try to manage an ignored record.
Ignoring a label is a promise that DNSControl won't meddle with
anything at a particular label, therefore DNSControl prevents you from
adding records at a label that is `IGNORE_NAME`'ed.
Use `IGNORE_NAME("@")` to ignore at the domain's apex. Most providers
insert magic or unchangable records at the domain's apex; usually `NS`
and `SOA` records. DNSControl treats them specially.
# Errors
* `trying to update/add IGNORE_NAME'd record: foo CNAME`
This means you have both ignored `foo` and included a record (in this
case, a CNAME) to update it. This is an error because `IGNORE_NAME`
is a promise not to modify records at a certain label so that others
may have free reign there. Therefore, DNSControl prevents you from
modifying that label.
The `foo CNAME` at the end of the message indicates the label name
(`foo`) and the type of record (`CNAME`) that your dnsconfig.js file
is trying to insert.
You can override this error by adding the
`IGNORE_NAME_DISABLE_SAFETY_CHECK` flag to the record.
TXT('vpn', "this thing", IGNORE_NAME_DISABLE_SAFETY_CHECK)
Disabling this safety check creates two risks:
1. Two owners (DNSControl and some other entity) toggling a record between two settings.
2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run.

60
integrationTest/integration_test.go
View File

@ -708,21 +708,65 @@ func makeTests(t *testing.T) []*TestGroup {
), ),
testgroup("IGNORE_NAME function", testgroup("IGNORE_NAME function",
tc("Create some records", txt("foo", "simple"), a("foo", "1.2.3.4")), tc("Create some records",
tc("Add a new record - ignoring foo", a("bar", "1.2.3.4"), ignoreName("foo")), txt("foo", "simple"),
a("foo", "1.2.3.4"),
),
tc("Add a new record - ignoring foo",
a("bar", "1.2.3.4"),
ignoreName("foo"),
),
clear(), clear(),
tc("Create some records", txt("bar.foo", "simple"), a("bar.foo", "1.2.3.4")), tc("Create some records",
tc("Add a new record - ignoring *.foo", a("bar", "1.2.3.4"), ignoreName("*.foo")), txt("bar.foo", "simple"),
a("bar.foo", "1.2.3.4"),
),
tc("Add a new record - ignoring *.foo",
a("bar", "1.2.3.4"),
ignoreName("*.foo"),
),
),
testgroup("IGNORE_NAME apex",
tc("Create some records",
txt("@", "simple"),
a("@", "1.2.3.4"),
txt("bar", "stringbar"),
a("bar", "2.4.6.8"),
),
tc("Add a new record - ignoring apex",
txt("bar", "stringbar"),
a("bar", "2.4.6.8"),
a("added", "4.6.8.9"),
ignoreName("@"),
),
), ),
testgroup("IGNORE_TARGET function", testgroup("IGNORE_TARGET function",
tc("Create some records", cname("foo", "test.foo.com."), cname("bar", "test.bar.com.")), tc("Create some records",
tc("Add a new record - ignoring test.foo.com.", cname("bar", "bar.foo.com."), ignoreTarget("test.foo.com.", "CNAME")), cname("foo", "test.foo.com."),
cname("bar", "test.bar.com."),
),
tc("Add a new record - ignoring test.foo.com.",
cname("bar", "bar.foo.com."),
ignoreTarget("test.foo.com.", "CNAME"),
),
clear(), clear(),
tc("Create some records", cname("bar.foo", "a.b.foo.com."), a("test.foo", "1.2.3.4")), tc("Create some records",
tc("Add a new record - ignoring **.foo.com. targets", a("bar", "1.2.3.4"), ignoreTarget("**.foo.com.", "CNAME")), cname("bar.foo", "a.b.foo.com."),
a("test.foo", "1.2.3.4"),
),
tc("Add a new record - ignoring **.foo.com. targets",
a("bar", "1.2.3.4"),
ignoreTarget("**.foo.com.", "CNAME"),
),
), ),
// NB(tlim): We don't have a test for IGNORE_TARGET at the apex
// because IGNORE_TARGET only works on CNAMEs and you can't have a
// CNAME at the apex. If we extend IGNORE_TARGET to support other
// types of records, we should add a test at the apex.
testgroup("simple TXT", testgroup("simple TXT",
tc("Create a TXT", txt("foo", "simple")), tc("Create a TXT", txt("foo", "simple")),
tc("Change a TXT", txt("foo", "changed")), tc("Change a TXT", txt("foo", "changed")),

38
pkg/diff/diff.go
View File

@ -87,6 +87,23 @@ func (d *differ) content(r *models.RecordConfig) string {
return content return content
} }
func apexException(rec *models.RecordConfig) bool {
// Providers often add NS and SOA records at the apex. These
// should not be included in certain checks.
return (rec.Type == "NS" || rec.Type == "SOA") && rec.GetLabel() == "@"
}
func ignoreNameException(rec *models.RecordConfig) bool {
// People wanted it to be possible to disable this safety check.
// Ok, here it is. You now have two risks:
// 1. Two owners (DNSControl and some other entity) toggling a record between two settings.
// 2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run.
//fmt.Printf("********** DEBUG IGNORE %v %v %q\n", rec.GetLabel(), rec.Type, rec.Metadata["ignore_name_disable_safety_check"])
// See https://github.com/StackExchange/dnscontrol/issues/1106
_, ok := rec.Metadata["ignore_name_disable_safety_check"]
return ok
}
func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, create, toDelete, modify Changeset, err error) { func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, create, toDelete, modify Changeset, err error) {
unchanged = Changeset{} unchanged = Changeset{}
create = Changeset{} create = Changeset{}
@ -94,23 +111,41 @@ func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, cr
modify = Changeset{} modify = Changeset{}
desired := d.dc.Records desired := d.dc.Records
//fmt.Printf("********** DEBUG: STARTING IncrementalDiff\n")
// sort existing and desired by name // sort existing and desired by name
existingByNameAndType := map[models.RecordKey][]*models.RecordConfig{} existingByNameAndType := map[models.RecordKey][]*models.RecordConfig{}
desiredByNameAndType := map[models.RecordKey][]*models.RecordConfig{} desiredByNameAndType := map[models.RecordKey][]*models.RecordConfig{}
//fmt.Printf("********** DEBUG: existing list %+v\n", existing)
// Gather the existing records. Skip over any that should be ignored.
for _, e := range existing { for _, e := range existing {
//fmt.Printf("********** DEBUG: existing %v %v %v\n", e.GetLabel(), e.Type, e.GetTargetCombined())
if d.matchIgnoredName(e.GetLabel()) { if d.matchIgnoredName(e.GetLabel()) {
//fmt.Printf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type)
printer.Debugf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type) printer.Debugf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type)
} else if d.matchIgnoredTarget(e.GetTargetField(), e.Type) { } else if d.matchIgnoredTarget(e.GetTargetField(), e.Type) {
//fmt.Printf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type)
printer.Debugf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type) printer.Debugf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type)
} else { } else {
k := e.Key() k := e.Key()
existingByNameAndType[k] = append(existingByNameAndType[k], e) existingByNameAndType[k] = append(existingByNameAndType[k], e)
} }
} }
// Review the desired records. If we're modifying one that should be ignored, that's an error.
//fmt.Printf("********** DEBUG: desired list %+v\n", desired)
for _, dr := range desired { for _, dr := range desired {
//fmt.Printf("********** DEBUG: desired %v %v %v -- %v %v\n", dr.GetLabel(), dr.Type, dr.GetTargetCombined(), apexException(dr), d.matchIgnoredName(dr.GetLabel()))
if d.matchIgnoredName(dr.GetLabel()) { if d.matchIgnoredName(dr.GetLabel()) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type) //if !apexException(dr) || !ignoreNameException(dr) {
if (!ignoreNameException(dr)) && (!apexException(dr)) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type)
} else {
//fmt.Printf("********** DEBUG: desired EXCEPTION\n")
}
} else if d.matchIgnoredTarget(dr.GetTargetField(), dr.Type) { } else if d.matchIgnoredTarget(dr.GetTargetField(), dr.Type) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_TARGETd record: %s %s", dr.GetLabel(), dr.Type) return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_TARGETd record: %s %s", dr.GetLabel(), dr.Type)
} else { } else {
@ -379,6 +414,7 @@ func compileIgnoredTargets(ignoredTargets []*models.IgnoreTarget) []glob.Glob {
func (d *differ) matchIgnoredName(name string) bool { func (d *differ) matchIgnoredName(name string) bool {
for _, tst := range d.compiledIgnoredNames { for _, tst := range d.compiledIgnoredNames {
//fmt.Printf("********** DEBUG: matchIgnoredName %q %q %v\n", name, tst, tst.Match(name))
if tst.Match(name) { if tst.Match(name) {
return true return true
} }

9
pkg/js/helpers.js
View File

@ -516,6 +516,15 @@ function IGNORE_NAME(name) {
}; };
} }
var IGNORE_NAME_DISABLE_SAFETY_CHECK = {
ignore_name_disable_safety_check: "true"
// This disables a safety check intended to prevent:
// 1. Two owners toggling a record between two settings.
// 2. The other owner wiping all records at this label, which won't
// be noticed until the next time dnscontrol is run.
// See https://github.com/StackExchange/dnscontrol/issues/1106
};
// IGNORE_TARGET(target) // IGNORE_TARGET(target)
function IGNORE_TARGET(target, rType) { function IGNORE_TARGET(target, rType) {
return function(d) { return function(d) {

2
pkg/js/parse_tests/005-ignored-records.js
View File

@ -2,4 +2,6 @@ D("foo.com", "none"
, IGNORE_NAME("testignore") , IGNORE_NAME("testignore")
, IGNORE_TARGET("testtarget", "CNAME") , IGNORE_TARGET("testtarget", "CNAME")
, IGNORE("legacyignore") , IGNORE("legacyignore")
, IGNORE_NAME("@")
, IGNORE_TARGET("@", "CNAME")
); );

24
pkg/js/parse_tests/005-ignored-records.json
View File

@ -1,19 +1,27 @@
{ {
"registrars": [],
"dns_providers": [], "dns_providers": [],
"domains": [ "domains": [
{ {
"name": "foo.com",
"registrar": "none",
"dnsProviders": {}, "dnsProviders": {},
"records": [],
"ignored_names": [ "ignored_names": [
"testignore", "testignore",
"legacyignore" "legacyignore",
"@"
], ],
"ignored_targets": [ "ignored_targets": [
{"pattern":"testtarget","type":"CNAME"} {
] "pattern": "testtarget",
"type": "CNAME"
},
{
"pattern": "@",
"type": "CNAME"
}
],
"name": "foo.com",
"records": [],
"registrar": "none"
} }
] ],
"registrars": []
} }

277
pkg/js/static.go
View File

@ -212,145 +212,148 @@ var _escData = map[string]*_escFile{
"/helpers.js": { "/helpers.js": {
name: "helpers.js", name: "helpers.js",
local: "pkg/js/helpers.js", local: "pkg/js/helpers.js",
size: 32062, size: 32454,
modtime: 0, modtime: 0,
compressed: ` compressed: `
H4sIAAAAAAAC/+x9/XPbOLLg7/4rOq57QylRZDvZzL6SV+9W649Z1/qrJGU2+3w+LSyCEhKK5AKgZc3E H4sIAAAAAAAC/+x9/XMbN7Lg7/or2qp7GTKmKcle+72ilu+W0UdWtfoqks56n07HB3EwJOwhZhbAiGJi
87df4ZMACcqOb2em6uryw4wJNBqNRqPR3WhAUckwME7JnEeHOzt7e3CWwCYvAceEA18SBglJcU+WrUrG 5W+/wtcMMIOhZN0mqbo6/5BogEaj0Wg0uhsNMCo4Bi4YmYvocGdnbw/OEthkBeCYCBBLwiEhKe6pslXB
gZYZ/HORwwJnmCKO/wk8B7y6w7EEFyhECyAZ8CUGlpd0jmGex7jv4kcUwxKje5JuIMZ35WJBsoXqUMD2 BbCCwn8vMlhgihkS+L9BZIBXdzhW4BKFbAGEglhi4FnB5hjmWYz7Ln7EMCwxuifpBmJ8VywWhC50hxK2
ZOPdtzG+34UkRQtYkzQV7SlGcUUYxITiOU83QDLGRVWeQMkULgx5yYuSQ56Ilh7VffhHXkZpCoyTNIUM pxrvvonx/S4kKVrAmqSpbM8wiivCICYMz0W6AUK5kFVZAgXXuDBkhcgLAVkiW3pU9+EfWRGlKXBB0hQo
C/rzwOjucJJTLNoLsuf5aiUZg2G+RNkCs/7Ozj2iMM+zBIbw8w4AAMULwjhFlA3g5rYny+KMzQqa35MY lvRngdHd4SRjWLaXZM+z1UoxBsN8iegC8/7Ozj1iMM9oAkP4ZQcAgOEF4YIhxgdwc9tTZTHls5xl9yTG
e8X5CpGsUTDL0Arr0sdD1UWME1SmfEQXDIZwc3u4s5OU2ZyTPAOSEU5QSn7Cna4mwqOojaotlAWpezxU XnG2QoQ2CmYUrbApfTzUXcQ4QUUqRmzBYQg3t4c7O0lB54JkFAglgqCU/Iw7XUOER1EbVVsoC1L3eKiJ
RDZIeZSTO8a8pBkDlAGiFG3EbGgcsF6S+RLWmGJNCaY4BpZDIsZWUjFntMw4WUluX60zsMNLcsHhVYE4 bJDyqCZ3jEXBKAdEATGGNnI2DA5YL8l8CWvMsKEEMxwDzyCRYyuYnDNWUEFWittXawrl8JJMcniVI0Hu
uSMp4RshBizPGOQUSAIsX2GI0QZYgecEpVDQfI6ZlIN1XqYx3Ile/1USiuN+xbYF5kd5lpBFSXF8rAi1 SErERooBzyiHjAFJgGcrDDHaAM/xnKAUcpbNMVdysM6KNIY72es/C8Jw3K/YtsDiKKMJWRQMx8ea0JKB
DKRyMJKPfXdW5GAtiku8HhvGdkR9D/imwD1YYY4MKpJAR5R2nekQ3zAcQnQxuvw4Oo8UZx/lf8V0U7wQ TA1G8bHvzooabIniEq/HlrEdWd8DsclxD1ZYIIuKJNCRpV1nOuQ3DIcQXYwuP47OI83ZR/VfOd0ML+T0
0wcC5wAqzAMH/0D+18yKpLSa5X5RsmWH4kX30B2PwNQYwnHGrrUIPDmIPFG9DgXx+d1nPOcRfPcdRKSY gcQ5gArzwME/UP+1s6IorWa5nxd82WF40T10xyMxNYZwTPm1EYEnB5ElutehJD67+4znIoLvvoOI5LN5
zfPsHlNG8oxFQgW47cU/8d334WAopneF+IzzTqC+W2dMzIqXMMYTc8WbmBVP8SbDayUXmi2WvTUpqYbo Ru8x4ySjPJIqwG0v/8nvvg8HQzm9KyRmQnQC9d06Y2Kev4Qxnphr3sQ8f4o3FK+1XBi2lOytSUk1RIes
kGXLWHmnJGgAUdRrrshB9WfP49UAfn504ec5jZvL97pavS64XqXT6fkA9nsegQzT+8ZqJ4sspzh2dU+9 sowXd1qCBhBFveaKHFR/9jxeDeCXRxd+nrG4uXyvq9XrgptVOp2eD2C/5xHIMbtvrHayoBnDsat76lUC
iiO6wNxXCC679Lo7RnTBOqueXvyGV2JvyClgNF/CKo9JQjDtCbkiHAgD1O/3LZzGOIA5SlMBsCZ8qfEZ sQUWvkJw2WXW3TFiC95Z9czit7ySe0PGAKP5ElZZTBKCWU/KFRFAOKB+v1/CGYwDmKM0lQBrIpYGnwVS
IKljBqZTwZ6SMnKP042BUOIppIEusOwm47nkbIw4smI96xN2qnvsrLqexHb0GLQYAk4Zto1GgoJaCzHE OmZgO5XsKRgn9zjdWAgtnlIa2AKrbqjIFGdjJFAp1rM+4aemx86q60lsx4zBiCHglOOy0UhSUGshh9iR
jhDUz3IFuFXin8+im8+3lkuHFu4x1NeVHEuts1kfP3CcxZrKvhhaD1Y+tY7SWdJ8DdHfR+PLs8sfBrpn gvpZrQC3Sv7zWXTz+bbk0mEJ9xjq60qNpdbZrI8fBKaxobIvh9aDlU+to3SWLFtD9PfR+PLs8seB6bmc
OxlKKZUZK4sipxzHA4jgjUe+0QC14giOjYDXajRhammpwanN4lgtqWpFDeCIYsQxIDi+nGiEffjIsNxw DK2UCsqLPM+YwPEAInjtkW81QK04gmMr4LUaQ5heWnpwerM41kuqWlEDOGIYCQwIji8nBmEfPnKsNtwc
C0TRCnNMGSBm1gKgLBbkM0erH7etVak91IiHW1a2ItNOI4Eh7B8CgT+5+14/xdmCLw+BvHnjTog3vQ78 MbTCAjMOiNu1AIjGknzuaPXjtrWqtIce8XDLytZkltNIYAj7h0Dgz+6+108xXYjlIZDXr90J8abXgb8h
DalP9GOzm3eqG0QX5QpnvLUTAb+CYQV4Q24PwySsgr0KmWpsbH2SxfjhKpEM6cKr4RDeHnQb0iNq4Q1E 9Yl+bHbzVneD2KJYYSpaO5HwKxhWgDfk9jBMwirYq5SpxsbWJzTGD1eJYkgXXg2H8Oag25AeWQuvIZJL
YsnGeJ4isY+vcipmCWWQZ3PsbWZOP0bvugQ1yZAwkgZjVxzPTj5NTy7VxHYH8LGI63ICKBWm4QZQHONY NsbzFMl9fJUxOUuIQkbn2NvMnH6s3nUJapKhYBQN1q44np18mp5c6ontDuBjHtflBFAqTcMNoDjGsdYW
aYvjTrcnLASrfoUcUZwnjqx4mENyMltgrrrQC1BTZthoAIeQlWm6hV1rxCDLecWzDeZSfCVRwsqEOcoE x51uT1oIpfqVcsRwljiy4mEOyclsgYXuwixAQ5llowUcAi3SdAu71ogDzUTFsw0WSnwVUdLKhDmiEuIO
xB2GUo4wVtJ/3OlqO7TvcVYvrfzuc78a4lD2KAoYp539nvpUgvTWaeEUw1s4CEn9wa8ojoKGbpuY3GgY Q6FGGGvpP+50jR3a9zhrllZ297lfDXGoepQFXLDOfk9/akF647RwiuENHISk/uA3FEdJQ7dNTG4MDIlv
Et/C0GlwKHR6innEIL/HdE0JV7pB6fm+FpfwlA1gKtwGsipSLKmULY0GRHy+JNlCNEfpIqeEL1dQMhzD Yeg0OJQ6PcUi4pDdY7ZmRGjdoPV834hLeMoGMJVuA1nlKVZUqpZWAyIxXxK6kM1RusgYEcsVFBzHcLep
3aaSkm4fjlAWEyl+sg1m0pdBGeAHNOeqUGDJEwd/xLShouxVKRNixxPMKbAroaqZQOC17MN0iSHNhcuh pKTbhyNEY6LET7XBXPkyiAJ+QHOhCyWWLHHwR9wYKtpeVTIhdzzJnBy7EqqbSQReyz5MlxjSTLocphOJ
OxEIlPXh2bThwQc1YJmmh7Xic5xJddeqAr3VvEUehIt2KYY59GeW3N7sCop2HQlR3g0TxvmkTBLyAEPY QFsfnk0bHnxQAxZpelgrPsdUqbtWFeit5i3yIF20SznMoT+z5PZmV1K060iI9m64NM4nRZKQBxjCbn8X
7e/CG4vFh03yMqsgXXF/66HR9Dkbq3JApftIWG3SxNxIl1Uh1rNrbBKz3OXUCdPXDvDrV5+g4dAfTN0A XpdYfNgkK2gF6Yr7Gw+Noc/ZWLUDqtxHwmuTJudGuawasZlda5PY5a6mTpq+5QC/fvUJGg79wdQNAIeG
cGiw84jU1FJdohRpSWFeUoozoRHMrLv0WKtck2KW839Vk1nvvFIbaqZrTQ9bgKXBTeIBkJ5Ya4P6nBpL ch6RnlpmSrQiLRjMC8YwlRrBzrpLT2mVG1Lscv7PajLrnVdqQ890relhC7AyuEk8ANKTa21Qn1NrafsG
2zdgHFPGtZVVM6vbT05HH8+nE9DGuWAGw1y6jmr7rPSKcNFRUaQb+UeaQlLykppFxvoC34mwLqXRyPMK jGPKuLayblbq9pPT0cfz6QSMcS6ZwbFQrqPePiu9Il10lOfpRv2RppAUomB2kfG+xHcirUtlNIqsQr6W
+Vp4+fMUIwoo20BB8T3JSwb3KC0xEx26BoRuZV3Bpr/btjye1JWuCSE3Oldpdn0LaTo979x3BzDBKuQw Xv48xYgBohvIGb4nWcHhHqUF5rJD14AwrUpXsOnvti2PJ3Wla0Kojc5Vml3fQppOzzv33QFMsA45TKfn
nZ7LTtW+pywgh2wF7nhrwmqccOFZd+49q/EehjLqky2m+XFJkbR77z11rOfKIO9Qtz3tc57CEO4PQ05A qlO972kLyCFbgzvemrQaJ0J61p17z2q8h6GK+tDFNDsuGFJ2772njs1cWeQd5rZnfSFSGML9YcgJCGB2
ALOjfozWHMJ9X/7d2fvfnf8Vv+l2bthqGa+zze3/7P6PPWeHtS3atth7Y46IzROJOSUxxLp3TY63cZYZ 1I/VmkO476u/O3v/u/O/4tfdzg1fLeM13dz+z+7/2HN22LJF2xZ7b80RuXkiOackhtj0bsjxNs6CEgFD
4TCEiEWNXm7e3bodaMiq0vNGYSisUobPMm7bH5hZFIMt5cJhAzjowWoA3+/3YDmA99/v75sVU95EcSR2 iHjU6OXm7a3bgYGsKj1vFIbSKuX4jIqy/YGdRTnYQi0cPoCDHqwG8GG/B8sBvPuwv29XTHETxZHc5Yr+
ubK/hNfw7g+2eK2LY3gNf7SlmVP6ft8Wb9zi7z9oCuD1EMobMYZbz8+9t4vPuoieoJmFZwSu2sjcVeK2 Er6Ht38qi9emOIbv4d/LUuqUvtsvizdu8Yf3hgL4fgjFjRzDrefn3peLr3QRPUGzC88KXLWRuavEbfsb
/ZWkLvaWTr/yaFuFb4W+4KPR6DRFi45c3DVHvRJouXw8qVYLao6QjDh+HSrt4HaztwdHo9HsaHw2PTsa SV3sLZ1+5dG2Ct8KfcFHo9FpihYdtbhrjnol0Gr5eFKtF9QcIRVx/DrU2sHtZm8Pjkaj2dH4bHp2NDqX
nQuPhXAyR6koloFKGapzYaT0VDQdwJ/+BH/sqmCrG3bZNcEJoY53e7DfFRAZO8rLTGrDfVhhlDGI8yzi HgsRZI5SWawClSpU58Io6aloOoA//xn+vauDrW7YZdcGJ6Q63u3BfldCUH6UFVRpw31YYUQ5xBmNhDRN
wjQRG5YJpUmt5nj2fbexWBYGu0YimqM0daezEQLSzQPxH4NYhoDKLMYJyXAcucy0IPD24Ftm2Ilm3Agy 5IZlQ2lKqzmefd9tLJeFxW6QyOYoTd3pbISATPNA/MciViGggsY4IRTHkcvMEgTeHHzLDDvRjBtJhhRr
hFhrXLWJGCkySdHTM3ehvVixZ3flPIxgqOv+UpJUjCwaRZr3o9HoORhGoxCS0ajCc342mihEKjqyBZkA g6s2ESNNJsl7ZuYujBcr9+yumocRDE3dDwVJ5ciiUWR4PxqNnoNhNAohGY0qPOdno4lGpKMjW5BJ0AA2
DWATxRbdf38cn8wcpDqq9STuql2gh6oy6ml+C3N8ADeW9zeR6C7qQbV+nQDQTSTIiHpKuSKORz+VFI9S WVyi+6+P45OZg9REtZ7EXbUL9FBVRj3Db2mOD+Cm5P1NJLuLelCtXycAdBNJMqKeVq5I4NHPBcOjlCA+
gth0U2AfUpIawqT/xynKWJLT1aC+HHuSrJ4NSASWpzLAJJwTVHAAVPcGRH0dejacE03RbZAYzQyJ4XTr 3eTYh1SkhjCZ/wmGKE8ythrUl2NPkdUrAxKB5akNMAXnBBUcAN29BdFfh54N50RTTBskRzNDcjjdusnU
JlMTRDPj1vaxKRwyGkGXMBK5M6i4pUXimlHacOrtPHbdSH+Y/76qE2N85aphWenzUq1ClDIcWJ030Sjq BDHMuC372OQOGY2gSxiJ2hl03LJE4ppRxnDq7Tx23Uh/mP++qpNjfOWqYVXp81KvQpRyHFidN9Eo6oEW
gRLzHkRHl6OLk+jWxgd0ZypAYGP/H977YqsFVolvm9jaVk2htVX/LpEdf3j/qwss+60kln54v11eLcDL 8x5ER5eji5PotowPmM50gKCM/b9/54utEVgtvm1iW7ZqCm1Z9a8S2fH7d7+5wPLfS2LZ+3fb5bUEeLm0
pdWi+DZZ1cLw31eXJ52f8gzPSNytBLhR1bY/u+Oq82Db8N2R6z7k4PXfTw29NmrdamD+CAzbN0BC0vZv lii+TVaNMPzX1eVJ5+eM4hmJu5UAN6ra9md3XHUebBu+O3LThxq8+fupoddGbVoN7B+BYfsGSEja/sXL
Xp6dSnb9IOzIOVxQBXIF+2VqNdcLm3AXn+ol00/TetH1dFwvmlyfNorGP9aLLkd+0xbtIuu7ju1ldtpF s1PJrh+EHTmHC7pArWC/TK/memET7uJTvWT6aVovup6O60WT69NG0finetHlyG/aol1UfdexvexOu+gp
T8K1a5aj0MYth1mdRkyvjq86PCWr7gDOOLClOStEGWBKVbBG9mO8i31hdB28+8/+yxQSWrRXyn5+PyU0 uHbNchTauNUwq9OI6dXxVUekZNUdwJkAvrRnhYgCZkwHa1Q/1rvYl0bXwdv/6L9MIaFFe6Xq549TQnOE
R4ijRaWEFk+oKdc2VgSa7i/L1R2mASq9VdC0uFnd5K70iZTZ5xlZEjQw81Lqjd1tNqkveCNEqQr59SAm BFpUSmjxhJpybWNNoO3+sljdYRag0lsFTYub103uSp8omX2ekaVAAzOvpN7a3XaT+oI3UpSqkF8PYrLA
C8zUpqX+VGiPmzvU7vFk96Vbk+pY1yuGefWWoHYQRZ3e47bC+GT8hjIVMzVOA6S+AmBVyFVD2oIAcDVw XG9a+k+N9ri5Q+0eT3ZfujXpjk29ZphXXxLUDqKpM3vcVhifjN9RpmKux2mB9FcArAq5GsiyIABcDdxC
A12VtIL7oN+wBTtSeD0dP08Gr6fjpgQKfacRSeWnUOU0xrRXUJxgirM57smV0BNuHJnL0zH8UDzZoUTY VyWt4D7oN2zBjhReT8fPk8Hr6bgpgVLfGURK+WlUGYsx6+UMJ5hhOsc9tRJ60o0jc3U6hh/yJztUCJtd
7FIr2RfKqCStXbYqmtth5GDae9CjbAdQw9+mUH9fyy1DBaeSTwZMfoThKoYZ4Kok3EJpRQ0sP8Jwmo8G GiX7QhlVpLXLVkVzO4waTHsPZpTtAHr42xTqH2u5UZQLpvhkwdRHGK5imAWuSsIttFY0wOojDGf4aCHN
Un+GYRVLDaj6etlymIx/VDJcUCIW66a3xmSx5L0ip/xJkZ2Mf2wKrDQUXiiuhop2aVTkbZHonG6p/b1l ZxhWs9SC6q+XLYfJ+CctwzkjcrFuemtMFkvRyzMmnhTZyfinpsAqQ+GF4mqpaJdGTd4Wic7Ylto/WtY4
jdF7M8RKftR3CFYN1kCqryDOnFoo8fcLZWHy19NrJQ3VXip30SfMNNkwIAii+MWi8IzdMyHZAtOCkmzL u7dDrORHf4dg9WAtpP4K4sxYCSX/fqEsTP56eq2lodpL1S76hJmmGgYEQRa/WBSesXsmhC4wyxmhW6b8
lP/OJhljy6T4hq1RwjsDs5qjKvomo85MrrKVSoYWuAcMp3jOc9qzZ6bKWJpjyklC5ohjObHT80nAABel DzbJOF8m+TdsjQreGVipOaqibzLq7ORqW6ngaIF7wHGK5yJjvfLMVBtLc8wEScgcCawmdno+CRjgsvTF
L55WSUH7bBnK2iFcir9xoYPMPXXGInNGGSDYVfC79uznt4wcpAxJrhgo+REEM9ypNgn1HQR2GWUauGUv 06ooaJ8tS1k7hEvxNy50ULmnzlhUzigHBLsafrc8+/k9IwcpR4orFkp9BMEsd6pNQn8HgV1G2QZu2QuU
UBJVrqrm6RVV2VMPtQiA4xk/dOHrV6gSrR6UJyjjpB+nV5Pr87OpSkMpKJ6rhIkzrny1NSDI8rd50Vfx RJWranh6xXT21EMtAuB4xg9d+PoVqkSrB+0Jqjjpx+nV5Pr8bKrTUHKG5zph4kxoX20NCGj2Jsv7Oj5a
UQsvvPpHJdjTT9PnGXTTT9OALAt3+KWhKSNjNW78NvpFKGyuMnawPpJhkNB8JQtKhincY3qHOFn1GzEY wkuv/lEL9vTT9HkG3fTTNCDL0h1+aWjKyliNG7+PfpEKW+iMHWyOZDgkLFupgoJjBveY3SFBVv1GDMbM
PTfORLeFoPgDN8iHcOM0uD0MgodkSNB6pXM9OM7gbiNp/CGXeeLPCmN5ZARDbE8Q0f+ck6yzu9t9NjV1 jTPRbSEo8SAs8iHcOA1uD4PgIRmStF6ZXA+BKdxtFI0/ZipP/FlhLI+MYIjtCSL6nzNCO7u73WdTU9eg
DXrxqWYpPSVwF5+a8nbx6Ve0jX5v62b1EDKPW8ybZ5kkl888lbkMxJ4vJ5WrdnEyORn/eOK5fk48swbg F59qltJTAnfxqSlvF59+Q9voj7ZuVg8h87jFvHmWSXL5zFOZy0Ds+XJSuWoXJ5OT8U8nnuvnxDNrAG6Q
BvnqyQDwagiBhLqoQgF5lm4Azee44AzyDNtNRZ7DylSX6BuO09wTQZlt4KZNw2O3dqRWETJryz1waNUp r54MAK+GEEioiyoUkNF0A2g+x7ngkFFcbirqHFalukTfcJzmngiqbAM3bRoeu7UjtYqQWVvugUOrScHs
mP0QL2a/xrHwz5CxGefpAO77PNfIuvUAbJVNbkV2xtFdip005Kk85bhJ87U8ml+SxXIA73qQ4fVfEMMD h3gx+y2OhX8BymdCpAO474vMIOvWA7BVNnkpsjOB7lLspCFP1SnHTZqt1dH8kiyWA3jbA4rXPyCOB/Du
eH/bA1X9B1P9QVafXQ/g+9tbg0jmE+8ewC/wDn6B9/DLIfwBfoEP8AvAL/D9rs0ESEmGn0oeqdG7Lb2K tge6+k+2+r2qPrsewIfbW4tI5RPvHsCv8BZ+hXfw6yH8CX6F9/ArwK/wYbfMBEgJxU8lj9To3ZZeRaQH
CA+uBu9l3QkgSS4MgRR9+ad/piCL6prbT2xWIKEcIoN61l+hQsH1KikkoSZunn25ehfnvEO6zYSjx65S V4P3su4kkCIXhkDyvvrTP1NQRXXN7Sc2a5BQDpFFPeuvUK7hepUUklATN8++WL2NM9Eh3WbC0WNXq9uo
t1EvqtUGdbxLjEGryN6ekeTwSMy45ZL4aPBJFD7JKQnUwivdheWW+P5d+aUJcjgmyX8ez4TSGsKNparo F9VqgzreJcai1WRvz0hyeCRnvOSS/GjwSRY+ySkF1MIr00XJLfn9h/LLEORwTJH/PJ5JpTWEm5KqvJ9m
p/m62wOnQCyZrl1PeuU44imXg76hkq/1COAXiLqhha+gNdAhRPZA4OyHy6uxCgw7KtktrdZ8ZST2ZPqD 624PnAK5ZLrlejIrxxFPtRzMDZVsbUYAv0LUDS18DW2ADiEqDwTOfry8GuvAsKOS3dJqzVdGYk+lP2io
gpoJneX25RT7SciNinqHTlXLmVZNO3sXLry0Z08ra+zT0fiHk2mnsQGFqntAp859o2fSoW936J2iQJxj mdRZbl9OsZ+E3Kiod+hUtZxp1bSzd+HCS3uutLLkt4N+dnw2Gf1wfjKbjE5Ppv+YHf315Ohv5pqXRqew
mg28k9yBQuzvHJLIi+ur8XQ2HY8uJ6dX4wulfFOpzZV6sonoctetwzf34DpE3fi5iRpdREJrRzpxVv7N zWLCpUqYcZRgsZnNl3j+ZQC7ghVY6iSpApfScNZgKudOQYKClGoN01jficsZvsdUDHSzgz5M1xlka4oZ
eerbPP9Oayb6c/SEaWJSHevGDuZIk1+pb3lIWW1eyrSpj7Db7FBm4ilonjZj1h/HP5x0HHFRBVYC4v7f B5EtFimhC0BmN4A7LNYYUxDrDDgWQppdfd30rU5izcQSM40A1iRXrdO0Sug39w5TdIfTnr02ltFIaCx3
MC4+Zl+yfJ0JAtSZo7YHrmaN9rasFQWnpcUg3K7jy8nk5EgSg+lKGM6xybtEFA9Exe4uwHEuT9gk35VZ GGgmyBzHUFBBUrU7UfwgQJAVhpjyeUYFy1KVH1tQ0/kEY1gKkfPB3t6CiGVx159nq72JQPMvJw/6Mt9e
zTDnJFtAx8lJk1lRu3m2CwAnmWCJ04dOVhMeobooJGGTRGAn7ClgO8QKZnZ1acYZ91HJ81mcMYbnMJQ0 1XiPcF5gvndwsP9hx3gLZhqmo/GPJ9NOwxAIVfeATZ17X8+UB3PLxuzYORICMzrwTtQHGrG/gysiL66v
iFEGW52etjdLkrZ2ps08z1gu9v98oY56d+2FHYf8J/1egOsUCz0vtJ03JshpjVyVX27y/ojMtF2hLxiy xtPZdDy6nJxejS/0JpiqXVVvE+WFAC1bNfimLVSHqBuhN1Gji0junpFJYFZ/C5H6tue/0qqM/hI9YSLa
XK+EuZRC1ldZ9CvMZNhB5tXGhKGiwMIsyQCZpFyKZe99YQNpJfr69Q68hj9XZO/A6z3vOqY1zztqFTKO lNO60YkFMuRX26g6LK6MCG1i1kfYbXaoMiI1tEibZwcfxz+edBxx0QWlBMT9v2Gcf6RfaLamkgB99mvs
KPfSR/O41YySwDYPtzUFV14XMrm3XtqtoysFkEv0WK42dUHqTqkoORZ5Kwl+Vgbso6p3YEMwecFZX3Z9 sqtZo31Z1opCLvYyWerj9Or4cjI5OVLEYLaSDkxs818RwwNZsbsLcJypk07Fd+3emHUMHSc3UGWn7WZ0
e7N/CyNj4Qut4sIbvgz9Jge3cFWIcpSaZIOcbmtn9QyYO25VHrWXWm0yiuG1YdVUiEBrbhZiTr4zjLJN FwBOqGSJ04dJGpQKRl/YUrBJIrFrjbMNuBxiBTO7urTjjPuoENksppzjOQwVDXKUwVanp+3NkqStnW0z
pTSVYNxhB5fokOBY32TRd7g1QX3n+H1VcqSvdSzIPc5cslpZIwZjZCcwzIounkvMCqcvfv7+o6KaAruR zyjPpB2WLfSR+255ccoh/8n4A8B1iuV+K3cdb0yQsRq5WkXa/EuiMp5X6IvUeWYlzJUU8r5W4CvMVfhH
HfG3NOL0MmGdnx8VRM+RLrs7BTzyys8W+1DlBr5sM9J2jYJUDF+ie+wM1t6JUqyvtxS4zUQByvQtGrmm 5TdLbZ7nWJqHFJBNjmZY9d6Xet9sZt9/vwPfw18qsnfg+z3vWmzpJnX0KuQCMeGl8WZxqzmrgMt86NZU
nMt2OrszFCxp9+pdC1ntvFsDRqEN1FiTbrtnGrjPyquqWbjOfHjSFJiT1tkIOXUWuE0debeo8hiGVRPp aHVty+ZAe+nPjq6UQC7RY73NqMDUnVZRaizqdhj8oh2JR13vwIZgslzwvur69mb/FkbW05JaxYW3fBn6
0TUAmzdW87jb5kGs8tikOgd8h/AN0y3o9vZA3c3mldTKRaUjbMFGMr0+jx1F9N13TlTXq2rtWQ/GQeJd TQ5u4SqX5Si1SR8Z29au1DNg7xpW+exeirvN7IbvLaumUgRac+QQd/LOYUQ3ldLUgnGHHVyyQ4Jjc6PI
HPdwHAYxPAZL7Q1axzaTU9zOrzCBOphzMh5fjQdgzCHvam0UQNkuj8q70wJQN+HrAQF5DyHWN1R+fvQD 3KU3BPWdNIhVIZC5XrMg95i6ZLWyRg7Gyk5gmBVdIlOYNU5f/Pz9R0eXJXYrO/JvZUybZcI7vzxqiJ4j
AZVG0A9HuDPTiFL9qdpuzA2q2pAFTtvsnMjsCtumMUTp9Fa+LserJ9xdAXKzfxvydZvItfMLde9XTYfc XeXuFIiMVPEOuQ9V7vjLNiNjXxoDSDF8ie6xM9jybppmfb2lxG0nChA1t5nUmnIuPZos21DQqj264noq
j980WkVGa+pHIVjj2rJR+C4bgoiqHbQTwuGzKYCg24erLN3A1sbbCJBParBSqfioHtQWDHUzFne8lZym eufdGrgLbaDWqnfbPdPReFZ+W83TcObDk6bAnLTORsi5LoHb1JF3my2LYVg1UZ51A7B5cziLu22e3CqL
QuHbbna2KbI6N4KKTEvGsdgziNxVHcnwAlQGWqXXtV0edYS0wlndczsISZLYE8usso3kCyFlYAu0yZge bcp5wIcL3/Tdgm5vD/QdeVFJrVpUJtIZbKSuOWSxo4i++86JrntVrT2bwThIvAv8Ho7DIIbHYGl5k9mx
9puD20BK5rNFqyFi0RYgv+P92634bChYj0wGOxFJG7O+Ta/IG7lWV9zUCRA+qHMI3C4zVqWEZSYgLM+5 zdQUt/MrTKAJqp2Mx1fjAVhzyLviHAVQtsuj9rKNANRN+HpgRt0Hic1NoV8e/YBMpRHMAx7uzDSihX+u
HeemEbbfj6tRtTW6UT2nIidjGJhS5/GQRl3zEQ7biqcD70qSD/JY27ibZmrAnDhsNrGbmgWvZs9vWrfu tht7k602ZImzbHZOVJZL2aYxRBV8qGIOAq+eCDtIkJv921DMoYncBCGgHoXQ06H249eNVpHVmuZxDt64
/oqyOMXO3WV1Kd5eNWbNi6Sxc4/8u+9azSoh+K+GEB2dzsYnx2fjk6Np9Ez46cnFddUotMCSf8VCadw4 Pm4VvsuGIKJqB+2EcPhsCiDo9uGKphvY2ngbAeppE15oFR/VDxckQ93M0R1vJaepVPhlNzvbFFmdG0FF
tPT0ScatPojr73Z32jpzL8I7X4fBhe+ZsTKe074zfRv2ppG8FdwxxOT4Xw291t991+ClzCb8lYh9M4So ZiTjWO4ZRO2qjmR4gUILrdMc2y7xOkJa4azuGx6EJEnuiQWtbCP1UksR2ALLpFgP+83BbSA19tmi1RCx
H8GbJ2iuaRj/1Y++OR3SrxAFLFC9blWds7K98OcTIQMUx8rb7sTmqol//UT48U4QmCS6RgZLpGPSA8RY aAuQ3/H+7VZ8ZUjejEwFnRFJG7O+Ta+om9GlrripEyB9UOcwvl1mSpUSlpmAsDznlqKbztl+T7FG1dbo
ucJACoGOYsb61sglvL8T8GUCbkzDb/FcFvddp7mnhULaJ/SGkEJno7E7z9BD5vzUe/7H12ia2eGXeWI8 RvWsjZqMYWBKnUdcGnXNx1DKViIdeFfDfJDH2sbdNFMD5sRhs0m5qZXg1ez5TevW3V8RjVPs3CHXjxOU
JzGGO8RwDMKdFqQa+LfWzTZv9DClYCr3GpB6Y8FLjJFNr4Lv8ghY720eCWvSyc9O4eJThVlNmZxHM84d V75580Jv7Nzn/+67VrNKCv6rIURHp7PxyfHZ+ORoGj0TfnpycV01Ci2w5J+xVBo3Di09c6J0aw5E+7vd
x9lgwSd5fL/sSUtmpZyxsEmy5dGg6vEgiudhp3Xrqz4v9rbk4Fv9rGd4Was2/2qrd9X0rFyvqvYo0TeC nbbO3AcJnK/D4ML3zFgVz2nfmb4Ne9NI3gruGGJq/K+GXuvvvmvwUmV1/kbEvh5C1I/g9RM01zSM//pK
tfpcjShpw2KyUdOL1veNol7YwtOvHIVro87kCykKki1edaMGRPc5TyE09aP/EhnFcxNCJwVUz6FZK0fn 357SmdegAhaoWbe6zlnZ3uHgEyEDFMfa2+7E9sqPfw1I+vFOMJ4kpkYFS5Rj0gPEebHCQHKJjmHO+6WR
6yw5LwZ7e4yj+Zf8HtMkzdf9eb7aQ3v/ebD/4Y9/2N87eHfw/ff7AtM9QabBZ3SP2JySgvfRXV5y2SYl S0R/J+DLBNyYht/iuSzu+1pzTwuFtE/oLSeNrozG7jxDD9lzbO8ZJl+jGWaHX0iK8ZzEGO4QxzFId1qS
dxTRzd5dSgotd/0lXzlHTdedOPfCsbF8n4X3WZES3on6xgvb24OCYs4Jpm/V8ZJ3gUn+exPf7N924TW8 auHflG62fSuJawVTudeA9FsXXoKSanoVfB9JwnpvJClYm9Z/dgoXnyrMesrUPNpx7jjOBg8+jeT7ZU9a
+/B9F96AKDi47dZK3jVK3t92a4+0mVPMcuVmHGTlSt5QtheUA1esoqj+LJKTpyDwBdpk5arxJp3S+/Af MivtjIVNki2PN1WPODE8DzutW19XerG3pQbf6mc9w8tatflXW72rpmflelW1x6G+EazV52pESRsWUxk1
gs5AZPq90Dn/JVXP27feNWlBI1wgvuwnaZ5TSfSeHG0lRgJ7x6IXbNDbcyBuHdu7UmlexkkqH6dJCWKY vWh9ZyrqhS0889pUuDbqTL6QPCd08aobNSC6z3mSoqkf/RfhGJ7bEDrJoXqWrrRyTN7UUoh8sLfHBZp/
DVQqEubInKwwSSXJYnJP4hKlVUqHvElzOrseX336x+zq9FRmzc0tyllB84fNAKI8SSJ4lHlR16JIngXc ye4xS9JsrQ6Y0N5/HOy///c/7e8dvD348GFfYronyDb4jO4RnzOSiz66ywqh2qTkjiG22btLSW7krr8U
pTiuo7hsxZD5CHAWan/68fy8DUNSpqmH480YkXRRZhUudfb01jz247JAnj9p2vXxR54kajvMOLGvi/in K+eo6boTZ144Nlbv5Ig+z1MiOlHfemF7e5AzLATB7I0+XvIukql/r+Ob/dsufA9v33/owmuQBQe33VrJ
UAOfPP1iSCunZrpdxbFAr1mz07ZuLp/sJTOdfMyI0B0onUzOwyOznXy8PPvxZDwZnU8m56GhlAYVY6k/ 20bJu9tu7bE8e5pcrNzMD1qs1E3x8qJ44KpbFNWfp3LyRSS+QBtarBpvA2q9D/8m6QxEpt9JnfOfSvW8
Er+T7Nl9XD7VhRqGlOePk+nVRQ+ux1c/nh2fjGFyfXJ0dnp2BOOTo6vxMUz/cX0ycbTCzNzErFbCGKv3 eeNdV5c0wgUSy36SZhlTRO+p0VZiJLF3SvSSDWZ7DsSt4/LOWpoVcZKqR4JSgjjmA50ShgUqT0gVlYTG
Yv/N9zFlA3t/MepFXal39N1oPXDj9ASupjluVHuCn3pJN+ptG5d/9wszTjIZJnhWq9/2ZFw/DPwGop5Q 5J7EBUqr1Bp1o+l0dj2++vSP2dXpqcpenJcoZznLHjYDiLIkieBR5addyyJ7shvXUVy2YqA+AkxD7U8/
Zeq0vKLYP8fWLPScxyAffffy/zOzjZkfx+dN/n0cn4vtW9e/3z8IgrzfPzBQp+PgVUtZbGAuJwezj+Pz np+3YUiKNPVwvB4jki4KWuHSZ09v7KNLLgvU+ZOh3Rx/ZEmit0MqSPnKi38KNfDJMy+3tHJqZtpVHAv0
078fh7IsTZ3Jtpxcn87+8vHsXKxvjr5gVh1LST1dIMrZQJ5Vyz/NK2uT61PjGXR4DncYPudix1ceSQRR SpudtnVz+WQv1HbykRKpO1A6mZyHR1Z28vHy7KeT8WR0Ppmch4ZSWFScp/5I/E7os/u4fKoLPQwlzx8n
V+4BKbrDqWp+fDlRn/aBm4KSFaIbB1cfOpVG/XMkUw8oWg/g70tMMXTUk8YSS1dZ5bl6Cq7MUKreNzZm 06uLHlyPr346Oz4Zw+T65Ojs9OwIxidHV+NjmP7j+mTiaIWZvRFbrYQx1u/2/ovvxaoG5T3SqBd1ld4x
m0On2XgkRdJ7E/RwssKSFOHBCXcILzCVjxdKpeSSoh4RlBZNTz92Xb3FI4mU1pjGi1dFirjCjeKY6JNj d9TNwK3TE7gi6LhR7YmW+kXjqLdtXP4dPMwFoSpM8KxWv+/JuHmg+TVEPanK9Gl5RbF/jm1Y6DmPQT76
836m4tZcPrwZu+OdsSL5j1gNOkkR5zgbwAhSwrj7rLNqrwH0VisM0SVG8cEARqtcPsANu3dlkmAKNM9X 7uX/Z2YbMz+Oz5v8+zg+l9u3qX+3fxAEebd/YKFOx8Err6rYwlxODmYfx+enfz8OZbvaOpv1Ork+nf3w
u+qwWSamSr9yiSEhlHEZ+bdPhxcJzJfyzSHBqAd+gR4m5CesxrVCD2RVroCRn3Dlu04/TS3DflQpJoIY 8excrm+BvmBeHUspPZ0jJvhAnVWrP+1rd5PrU+sZdEQGdxg+Z3LH1x5JBFFX7QEqt0c3P76c6M/yoaGc
ePfhgzropJjJBIcMVmXKSZFW+e/O2N99+BB1na3EEcvA1qHUv5LHr1/B+axOVN4F0n5dYbfnEIhDihHj kRViGwdXHzqVRv1LpFIPGFoP4O9LzDB0dI6QwtLVVnmmn+QrKEr1O9PWbHPorLKT9va09ybpUUlEkhTp
8A6wfqewYaLqHrXguedAtthVG42GFK2FZ1h9vBoOIYqaqETdEKIZRWtWJBad2vvUWZLMpl1iKxeOXKnd wak8qAVm6hFJpZRcUvRjjsqi6ZlHx6s3kRSRyhozePEqT5HQuFEcE3NybNOeNLfm6gHU2B3vjOfJv8V6
UcVPCnUqZaCFBeYcMYu1g7kRBWltiZm0B/+iO0mCiU5r9uqMwKhrEVcrz19qO9XLe1pWxbKRLyj+q8RM 0EmKhMB0ACNICRfu89q6vQEwW600RJcYxQcDGK0y9RA67N4VSYIZsCxb7erDZpUgrPzKJYaEMC5U5L98
JgWaR98BOb07MQ20riE1bFUkabwVZ3VBdVqx7z0UaxsMa/CBdM69PXVIhOLY0iLYoWk0TyhnEZdPF6wK wj1PYL5Ubz9JRj2IC/QwIT9jPa4VeiCrYgWc/Iwr33X6aVoy7CedYiKJgbfv3+uDToa5SnCgsCpSQfK0
vtFy7R31bZtxyeSidnjoN+Q8DR7cKx92+mladdDTE9YDWvTUy3QWRffZx/hPIO4+6Wo70268YzHp8pn4 uofgjP3t+/dR19lKHLEMbB1a/Wt5/PoVnM/qROVtIP3aFfbyHAIJSDHiAt4CNu9FNkxU06MRPPccqCx2
hIhJVy6C0phiWuuzapr5UyfB7cQZGG99+CikOvRx2GIPjyxpQVTpQB9TVW5RVUWHNVb8sF3K/ZVZ50ZN 1UajIUNr6RlWH6+GQ4iiJipZN4RoxtCa50mJTu99+ixJp/ThUi4cudK7o46f5PpUykJLC8w5YhaZfnpP
AhoTJHVPNUWtU9+Y8icxVXnBXpjEfZVtm+Gwdec/Go227Pgkj3Gims7zjKv3QklaxYo7uU7HqsBnc/0u T7yytuRMlgf/sjtFgo1OG/aazMyoWyKuVp6/1HaqFxCNrMplo16y/GeBuUrOtI/vA3J6d2IaaF1Datmq
3AD+kucpRpk8hMRZLH/mAMtLt1r7EIrjPQPfF6IqNngbovJuVjpPlFCclAzHje4ZK/EAzrU6PhqZX15Q STJ4K86aguq0Yt97sLdsMKzBB9Jq9/b0IRGK45IWyQ5Do33KmkZCPSGxysXGyLV31LdtxhWT89rhod9Q
gYA0X6tfupBwLmpWe+kPOsooUNdQtJiYjVaZUxLHmqTxAEYac9XfXIxZdiIg5ojGod5s9mV/e3/OZuxM iDR4cK992OmnadVBz0xYD1je0y8Elii6zz7GfwJx90lX25l26x3LSVfP9SdETrp2EbTGlNNan1XbzJ86
detm/PytsSbgimKrwtWn0JVZnuGo6xfDTXQY3R6GUIgx19DIojAqVWXQWXyWejMsS92rWuMufP1aQfvA BV5OnIXx1oePQqlDH0dZ7OFRJS2IKh3oY6rKS1RV0WGNFT9ul3J/Zda5UZOAxgSZ5Fk7Ra1T35jyJzFV
tai2rTL70nAI+1vA9Ei2VbuYVIZGwNpxV2jT2hFzjjNON6JIUZ7TSsBeanrUp0aszfq7Uk6VXbbNR6Wk +dlemMR9HW+b4bB15z8ajbbs+CSLcaKbzjMq9LutJK1ixZ3MpGNV4LO5eZ9vAD9kWYoRVYeQmMbq5yaw
ejoajXz1FMlmUQ8cJD3v+Ud3j2p5cOr5qLvN3wgICnC35eSjB6ljb7hSoM5EUpyps5BnUigQVBSKrxty uvxstA9hON6z8H0pqnKDL0NU3g1X56kYhpOC47jRPecFHsC5UcdHI/sLGDoQkGZrnV2t4FzUvPbiInS0
2+0e7rQtiW8gzBGslxMnZadXR+sSWd9Iji9G46OXbyWyuXVFZ/EK0TkUFCfkQb7zHMc4PoTGHlPkKZlv UaCvAxkxsRutNqcUjjVJ4wGMDOaqv7kcs+pEQswRi0O9ldmX/e39OZuxM9Wtm/Hzt8aagGuKSxWuP6Wu
NFKJQpVApxh2e+qXl+6wXCV5ojVID6J/lYiijBP1RbH8LRbpAJpj2+s2xIn7Lj6DDvv2jmo7D0rJIhMO pBnFUdcvhpvoMLo9DKGQY66hUUVhVLrKoivxldTbYZXUvao17sLXrxW0D1yLapdVdl8aDmF/C5gZybZq
y+T6dACR/lWpvYhFYilHFKfoAcfRXkSjClbSIazqDmJFMuw5rKGRj/b4b2cX34ZXtIAOir+QVQhzgekc F5PO0AhYO+4KbVo7cs4xFWwjizTlGasE7KWmR31q5Nqsv+/lVJXLtvm4l1JPR6ORr54i1SzqgYOk5z3D
Z3ygTxjhDvM1xhnsy1f5D/b3ewYELZSPqXY2yUFiHn7XWc2dYs7dTg721QOutEQDGJkfQ0KLBcULsZFr 6e5RLQ9/PR91t/lbDUEB7racfPQgdewNVwr0mUiKqT4LeSaFEkFFofy6Ibfd7uFO25L4BsIcwXo5cUp2
G0BfuamxkpaJ0yhBJFUJ9VuaaCCVGc4G+oS1CiAcmhJpwxDp/twp04TJCRBjFgzr6QbyYBUxhmPpbXSS enW0LpH1jeT4YjQ+evlWopqXrugsXiE2h5zhhDyo97bjGMeH0Nhj8iwl841BqlDoEujkw25P/wLWHVar
3OPhfuR2eyoPCgeg/i/ca8Uqn3TFMetxQYf6M44Smugoi4Q/yzim98KIMn9VmNswkmHXxlXOsqLkJqgi JEuMBulB9M8CMUQF0V8Mq9/EUQ6gPba9bkOcuL9PwKHDv72j2s6DUrKg0mGZXJ8OIDK/7rUX8Ugu5Yjh
LNtlHjsP3rorvc2SaNgQjoP0+H9pdchroaZOqYqobkyo+lfN5BRVYTM1HOiGZWMCFHLhN8nTCsEYJtub FD3gONqLWFTBKjqkVd1BPE+GPYc1LPLRHv/t7OLb8MoW0EHxF7IKYc4xm2MqBuaEsbxCtK9+HeFgf79n
qyd/JSB8/QqBOkdVtEBo9RGwEc4y9Xa3q6maPLOpXDfR/VCCHkT2fWtpxcstISqGFWf04A+tGzSxyTGq QdBC+5h6Z1McJPYBfpPV3Mnnwu3kYF8/pMsKNICR/VEqtFgwvJAbubEBzJWbGitZkTiNEkRSnVC/pYkB
qj7cmgYNjzsIFGZAEPS5nGA1YhuBnWAfgYiyYgxzOVNvVPcXR1alCu1Q69FTzm5/bE34fPkkmDzHRwxX 0pnhfGBOWKsAwqEtUTYMUe7PnTZNuJoAOWbJsJ5poA5WEec4Vt5GJ8k8Hu5Hbren6qBwAPr/0r3WrPJJ
anwQyItvoBDCSgNJj3cUoy+HAex603g2cvYtyGkNr+4y0FsAhdF+Oy3p5L4gSPqqTc6TBj8C4k242gKr 1xwrPS7oMH/GUcISE2VR8GdUYHYvjSj7V4W5DSMZdsu4yhnNC2GDKtKyXWax8/Cwu9LbLImGDeE4SI//
Offno33GJ9enbRM+uT59xnzXoF4w3WJr+rVmW+P+f22yhSEVmGsxF/Wpvrb2TW2eteFTubCm4NVQmjZt l1aHup5r67SqiOrGhK5/1UxO0RVlpoYD3bBsbIBCLfwmeUYhWMNke3P99LIChK9fIVDnqIoWCKM+AjbC
qkVYQY7WVY2aElYzg1itd1oiJ0BdopYQqtczLZHTs2hk46iN/k99s6TRe+L2njyv98TrPXl278LUUpbc GdVvqLuaqsmzMpXrJrofKtCDqHxnXFnxakuI8mHFGTP4w9INmpTJMbqqPtyaBg2POwgUZkAQ9Lmc4DVi
Vjp8+65++yPJhSDvR62vRgeRhJ40CAH2Q2pbOXGi23r6+ePzkAZ0Q4WTvQynXDItPNve4UFrh0GvXTYK G4GdYB+BiLJmDHc5U29U9xdHpUqV2qHWo6ec3f74moj58kkwdY6POK7U+CCQF99AIYWVBZIe7xhGXw4D
9RLMUJd5vbky4/ajlteSlCAluZSjJG9z9RsCpLP0niE82jpvKZbUKRO8VcpdIfdaN4R8rGOc2nCvU+fZ 2M2m8Wzk/FuQsxpe02WgtwAKq/12WtLJfUFQ9FWbnCcNfgTEm3C9BVZz7s9H+4xPrk/bJnxyffqM+a5B
96GXvt1cjDp4M1WzCRR8VCaErOVKgTtq4i7tUOtmpL4WJ1dBhumnacfEtVUHSkkcQtRtRMoDeSbb2ttn vWC65db0W822wf3/2mRLQyow13Iu6lN9Xdo3tXk2hk/lwtqCV0Nl2rSpFmkFOVpXN2pKWM0M4rXeWYGc
Kqbmx63sLfDzPFs4sX7lMy3l7YAYMsTlL2ZClq/dXwP529lFB9H6z5wiagMl9pLtmqKiwFT6WYs0v+t0 AHWBWkKoXs+sQE7PslEZR230f+qbJY3eE7f35Hm9J17vybN7l6aWtuS20uHbd/XbH0kmBXk/an29O4gk
5Z/Or3FCmiMZ+E5IitW594hVR3220w7J4Ie8K6gn+vev8ozTPAWUbdZo05O/+STa6ecD5DG8Cmyri64M 9LRECLAfUtvaiZPd1tPPH5+HNKAbKpz8ZTjVkmnh2fYOD1o7DHrtqlGol2CGusrrzbQZtx+1vFqlBSnJ
ZYRv3s6XeP5FH0Zf5hwPDGGE6ReWMiWZGUqhzOJ8LvOTcQxLnMqx2HvJk1xenyfydHIjaMrXGVDCvvTd lBwlWZur3xAgk6X3DOEx1nlLsaJOm+CtUu4Kude6IeRjE+M0hnudOs++D7247uZi1MGbqZpNoODjPiFk
m8MynjnTvdisE31x5d0tDGH3M9s91InWcww8V5SQbJ6WMYb+Z2bYY5W6+IShpF1dHelkZZr2Kszuj/Y5 LVcK3FETd2mHWjcj9bU4uQ4yTD9NOzaurTvQSuIQom4jUh7IM9nWvnwuZGp/ZKy8BX6e0YUT69c+01Ld
qc0KT0tus6a1I4FaLr/LOj3PE8xtippmu+jv6PxMEEnQnQCtgvPnZzP781nmnrTp3sb8vmAxcKjX135l DoiBIqF+uRRotnZ/leVvZxcdxOo/N4tYGSgpL9muGcpzzJSftUizu05X/en8KiqkGVKB74SkWJ97j3h1
hi8Ju/mCN7fSWdq1aZy79fXvAFqc8ruhQd2s0dOT6dFf67/2nGA+X7Ywuz+XP1d1Pbo8O5LL7f8EAAD/ 1Fd22iEUfsy6knpifofMPKmB6GaNNj31YIdsZ54PUMfwOrCtL7pyRInYvFGPiZjD6MtM4IEljHDz0hXV
/+UEljI+fQAA kklRCgWNs7nKT8YxLHGqxlLeS55k6vo8UaeTG0lTtqbACP/Sd28Oq3jmzPRSZp2Yiytvb2EIu5/57qFJ
tJ5jEJmmhNB5WsQY+p+5ZU+p1OUnDBXt+upIhxZp2qswuz+e6KQ2azwtuc2G1o4Carn8rurMPE+wKFPU
DNtlf0fnZ5JIop5xcYLz52ez8mfM7D1p230Z8/uC5cChXl/7tR+xJPzmC97cKmdpt0zj3K2vfwewxKm+
GxrUzRo9PZke/bX+q9sJFvNlC7P7c/WzYdejy7Mjtdz+TwAAAP//v30dtMZ+AAA=
`, `,
}, },
} }