mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

IGNORE_NAME: Should work at domain apex (#1118)

Browse Source 
* IGNORE_NAME: Add test at apex
* Fix IGNORE_NAME at apex
* Add comments and documentation
* Add a flag to disable IGNORE_NAME safety checks
This commit is contained in:
Tom Limoncelli
2021-04-13 08:59:47 -04:00
committed by GitHub
parent a65b310520
commit 4ab4d4c9ed
7 changed files with 300 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/_functions/domain/IGNORE_NAME.md
View File

@ -1,36 +1,38 @@
---
name: IGNORE_NAME
name: `IGNORE_NAME`
parameters:
- pattern
---
WARNING: The `IGNORE_*` family of functions is risky to use. The code
is brittle and has subtle bugs. Use at your own risk. Do not use these
commands with `D_EXTEND()` or use it at the domain apex.
commands with `D_EXTEND()`.
IGNORE_NAME can be used to ignore some records present in zone.
`IGNORE_NAME` can be used to ignore some records present in zone.
All records (independently of their type) of that name will be completely ignored.
IGNORE_NAME is like NO_PURGE except it acts only on some specific records instead of the whole zone.
`IGNORE_NAME` is like `NO_PURGE` except it acts only on some specific records instead of the whole zone.
IGNORE_NAME is generally used in very specific situations:
Technically `IGNORE_NAME` is a promise that DNSControl will not add, change, or delete records at a given label. This permits another entity to "own" that label.
`IGNORE_NAME` is generally used in very specific situations:
* Some records are managed by some other system and DNSControl is only used to manage some records and/or keep them updated. For example a DNS record that is managed by Kubernetes External DNS, but DNSControl is used to manage the rest of the zone. In this case we don't want DNSControl to try to delete the externally managed record.
* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. IGNORE_NAME will leave those records alone.
* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. `IGNORE_NAME` will leave those records alone.
In this example, DNSControl will insert/update the "baz.example.com" record but will leave unchanged the "foo.example.com" and "bar.example.com" ones.
{% include startExample.html %}
{% highlight js %}
D("example.com",
IGNORE_NAME("foo"),
IGNORE_NAME("bar"),
`IGNORE_NAME`("foo"),
`IGNORE_NAME`("bar"),
A("baz", "1.2.3.4")
);
{%endhighlight%}
{% include endExample.html %}
IGNORE_NAME also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of
`IGNORE_NAME` also supports glob patterns in the style of the [gobwas/glob](https://github.com/gobwas/glob) library. All of
the following patterns will work:
* `IGNORE_NAME("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double
@ -43,4 +45,37 @@ not match `.`
* `IGNORE_NAME("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`.
* `IGNORE_NAME("\\*.foo")` will ignore the literal record `*.foo`.
# Caveats
It is considered as an error to try to manage an ignored record.
Ignoring a label is a promise that DNSControl won't meddle with
anything at a particular label, therefore DNSControl prevents you from
adding records at a label that is `IGNORE_NAME`'ed.
Use `IGNORE_NAME("@")` to ignore at the domain's apex. Most providers
insert magic or unchangable records at the domain's apex; usually `NS`
and `SOA` records. DNSControl treats them specially.
# Errors
* `trying to update/add IGNORE_NAME'd record: foo CNAME`
This means you have both ignored `foo` and included a record (in this
case, a CNAME) to update it. This is an error because `IGNORE_NAME`
is a promise not to modify records at a certain label so that others
may have free reign there. Therefore, DNSControl prevents you from
modifying that label.
The `foo CNAME` at the end of the message indicates the label name
(`foo`) and the type of record (`CNAME`) that your dnsconfig.js file
is trying to insert.
You can override this error by adding the
`IGNORE_NAME_DISABLE_SAFETY_CHECK` flag to the record.
TXT('vpn', "this thing", IGNORE_NAME_DISABLE_SAFETY_CHECK)
Disabling this safety check creates two risks:
1. Two owners (DNSControl and some other entity) toggling a record between two settings.
2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run.

60
integrationTest/integration_test.go
View File

@ -708,21 +708,65 @@ func makeTests(t *testing.T) []*TestGroup {
),
testgroup("IGNORE_NAME function",
tc("Create some records", txt("foo", "simple"), a("foo", "1.2.3.4")),
tc("Add a new record - ignoring foo", a("bar", "1.2.3.4"), ignoreName("foo")),
tc("Create some records",
txt("foo", "simple"),
a("foo", "1.2.3.4"),
),
tc("Add a new record - ignoring foo",
a("bar", "1.2.3.4"),
ignoreName("foo"),
),
clear(),
tc("Create some records", txt("bar.foo", "simple"), a("bar.foo", "1.2.3.4")),
tc("Add a new record - ignoring *.foo", a("bar", "1.2.3.4"), ignoreName("*.foo")),
tc("Create some records",
txt("bar.foo", "simple"),
a("bar.foo", "1.2.3.4"),
),
tc("Add a new record - ignoring *.foo",
a("bar", "1.2.3.4"),
ignoreName("*.foo"),
),
),
testgroup("IGNORE_NAME apex",
tc("Create some records",
txt("@", "simple"),
a("@", "1.2.3.4"),
txt("bar", "stringbar"),
a("bar", "2.4.6.8"),
),
tc("Add a new record - ignoring apex",
txt("bar", "stringbar"),
a("bar", "2.4.6.8"),
a("added", "4.6.8.9"),
ignoreName("@"),
),
),
testgroup("IGNORE_TARGET function",
tc("Create some records", cname("foo", "test.foo.com."), cname("bar", "test.bar.com.")),
tc("Add a new record - ignoring test.foo.com.", cname("bar", "bar.foo.com."), ignoreTarget("test.foo.com.", "CNAME")),
tc("Create some records",
cname("foo", "test.foo.com."),
cname("bar", "test.bar.com."),
),
tc("Add a new record - ignoring test.foo.com.",
cname("bar", "bar.foo.com."),
ignoreTarget("test.foo.com.", "CNAME"),
),
clear(),
tc("Create some records", cname("bar.foo", "a.b.foo.com."), a("test.foo", "1.2.3.4")),
tc("Add a new record - ignoring **.foo.com. targets", a("bar", "1.2.3.4"), ignoreTarget("**.foo.com.", "CNAME")),
tc("Create some records",
cname("bar.foo", "a.b.foo.com."),
a("test.foo", "1.2.3.4"),
),
tc("Add a new record - ignoring **.foo.com. targets",
a("bar", "1.2.3.4"),
ignoreTarget("**.foo.com.", "CNAME"),
),
),
// NB(tlim): We don't have a test for IGNORE_TARGET at the apex
// because IGNORE_TARGET only works on CNAMEs and you can't have a
// CNAME at the apex. If we extend IGNORE_TARGET to support other
// types of records, we should add a test at the apex.
testgroup("simple TXT",
tc("Create a TXT", txt("foo", "simple")),
tc("Change a TXT", txt("foo", "changed")),

38
pkg/diff/diff.go
View File

@ -87,6 +87,23 @@ func (d *differ) content(r *models.RecordConfig) string {
return content
}
func apexException(rec *models.RecordConfig) bool {
// Providers often add NS and SOA records at the apex. These
// should not be included in certain checks.
return (rec.Type == "NS" || rec.Type == "SOA") && rec.GetLabel() == "@"
}
func ignoreNameException(rec *models.RecordConfig) bool {
// People wanted it to be possible to disable this safety check.
// Ok, here it is. You now have two risks:
// 1. Two owners (DNSControl and some other entity) toggling a record between two settings.
// 2. The other owner wiping all records at this label, which won't be noticed until the next time dnscontrol is run.
//fmt.Printf("********** DEBUG IGNORE %v %v %q\n", rec.GetLabel(), rec.Type, rec.Metadata["ignore_name_disable_safety_check"])
// See https://github.com/StackExchange/dnscontrol/issues/1106
_, ok := rec.Metadata["ignore_name_disable_safety_check"]
return ok
}
func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, create, toDelete, modify Changeset, err error) {
unchanged = Changeset{}
create = Changeset{}
@ -94,23 +111,41 @@ func (d *differ) IncrementalDiff(existing []*models.RecordConfig) (unchanged, cr
modify = Changeset{}
desired := d.dc.Records
//fmt.Printf("********** DEBUG: STARTING IncrementalDiff\n")
// sort existing and desired by name
existingByNameAndType := map[models.RecordKey][]*models.RecordConfig{}
desiredByNameAndType := map[models.RecordKey][]*models.RecordConfig{}
//fmt.Printf("********** DEBUG: existing list %+v\n", existing)
// Gather the existing records. Skip over any that should be ignored.
for _, e := range existing {
//fmt.Printf("********** DEBUG: existing %v %v %v\n", e.GetLabel(), e.Type, e.GetTargetCombined())
if d.matchIgnoredName(e.GetLabel()) {
//fmt.Printf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type)
printer.Debugf("Ignoring record %s %s due to IGNORE_NAME\n", e.GetLabel(), e.Type)
} else if d.matchIgnoredTarget(e.GetTargetField(), e.Type) {
//fmt.Printf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type)
printer.Debugf("Ignoring record %s %s due to IGNORE_TARGET\n", e.GetLabel(), e.Type)
} else {
k := e.Key()
existingByNameAndType[k] = append(existingByNameAndType[k], e)
}
}
// Review the desired records. If we're modifying one that should be ignored, that's an error.
//fmt.Printf("********** DEBUG: desired list %+v\n", desired)
for _, dr := range desired {
//fmt.Printf("********** DEBUG: desired %v %v %v -- %v %v\n", dr.GetLabel(), dr.Type, dr.GetTargetCombined(), apexException(dr), d.matchIgnoredName(dr.GetLabel()))
if d.matchIgnoredName(dr.GetLabel()) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type)
//if !apexException(dr) || !ignoreNameException(dr) {
if (!ignoreNameException(dr)) && (!apexException(dr)) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_NAMEd record: %s %s", dr.GetLabel(), dr.Type)
} else {
//fmt.Printf("********** DEBUG: desired EXCEPTION\n")
}
} else if d.matchIgnoredTarget(dr.GetTargetField(), dr.Type) {
return nil, nil, nil, nil, fmt.Errorf("trying to update/add IGNORE_TARGETd record: %s %s", dr.GetLabel(), dr.Type)
} else {
@ -379,6 +414,7 @@ func compileIgnoredTargets(ignoredTargets []*models.IgnoreTarget) []glob.Glob {
func (d *differ) matchIgnoredName(name string) bool {
for _, tst := range d.compiledIgnoredNames {
//fmt.Printf("********** DEBUG: matchIgnoredName %q %q %v\n", name, tst, tst.Match(name))
if tst.Match(name) {
return true
}

9
pkg/js/helpers.js
View File

@ -516,6 +516,15 @@ function IGNORE_NAME(name) {
};
}
var IGNORE_NAME_DISABLE_SAFETY_CHECK = {
ignore_name_disable_safety_check: "true"
// This disables a safety check intended to prevent:
// 1. Two owners toggling a record between two settings.
// 2. The other owner wiping all records at this label, which won't
// be noticed until the next time dnscontrol is run.
// See https://github.com/StackExchange/dnscontrol/issues/1106
};
// IGNORE_TARGET(target)
function IGNORE_TARGET(target, rType) {
return function(d) {

2
pkg/js/parse_tests/005-ignored-records.js
View File

@ -2,4 +2,6 @@ D("foo.com", "none"
, IGNORE_NAME("testignore")
, IGNORE_TARGET("testtarget", "CNAME")
, IGNORE("legacyignore")
, IGNORE_NAME("@")
, IGNORE_TARGET("@", "CNAME")
);

24
pkg/js/parse_tests/005-ignored-records.json
View File

@ -1,19 +1,27 @@
{
"registrars": [],
"dns_providers": [],
"domains": [
{
"name": "foo.com",
"registrar": "none",
"dnsProviders": {},
"records": [],
"ignored_names": [
"testignore",
"legacyignore"
"legacyignore",
"@"
],
"ignored_targets": [
{"pattern":"testtarget","type":"CNAME"}
]
{
"pattern": "testtarget",
"type": "CNAME"
},
{
"pattern": "@",
"type": "CNAME"
}
],
"name": "foo.com",
"records": [],
"registrar": "none"
}
]
],
"registrars": []
}

277
pkg/js/static.go
View File

@ -212,145 +212,148 @@ var _escData = map[string]*_escFile{
"/helpers.js": {
name: "helpers.js",
local: "pkg/js/helpers.js",
size: 32062,
size: 32454,
modtime: 0,
compressed: `
H4sIAAAAAAAC/+x9/XPbOLLg7/4rOq57QylRZDvZzL6SV+9W649Z1/qrJGU2+3w+LSyCEhKK5AKgZc3E
87df4ZMACcqOb2em6uryw4wJNBqNRqPR3WhAUckwME7JnEeHOzt7e3CWwCYvAceEA18SBglJcU+WrUrG
gZYZ/HORwwJnmCKO/wk8B7y6w7EEFyhECyAZ8CUGlpd0jmGex7jv4kcUwxKje5JuIMZ35WJBsoXqUMD2
ZOPdtzG+34UkRQtYkzQV7SlGcUUYxITiOU83QDLGRVWeQMkULgx5yYuSQ56Ilh7VffhHXkZpCoyTNIUM
C/rzwOjucJJTLNoLsuf5aiUZg2G+RNkCs/7Ozj2iMM+zBIbw8w4AAMULwjhFlA3g5rYny+KMzQqa35MY
e8X5CpGsUTDL0Arr0sdD1UWME1SmfEQXDIZwc3u4s5OU2ZyTPAOSEU5QSn7Cna4mwqOojaotlAWpezxU
RDZIeZSTO8a8pBkDlAGiFG3EbGgcsF6S+RLWmGJNCaY4BpZDIsZWUjFntMw4WUluX60zsMNLcsHhVYE4
uSMp4RshBizPGOQUSAIsX2GI0QZYgecEpVDQfI6ZlIN1XqYx3Ile/1USiuN+xbYF5kd5lpBFSXF8rAi1
DKRyMJKPfXdW5GAtiku8HhvGdkR9D/imwD1YYY4MKpJAR5R2nekQ3zAcQnQxuvw4Oo8UZx/lf8V0U7wQ
0wcC5wAqzAMH/0D+18yKpLSa5X5RsmWH4kX30B2PwNQYwnHGrrUIPDmIPFG9DgXx+d1nPOcRfPcdRKSY
zfPsHlNG8oxFQgW47cU/8d334WAopneF+IzzTqC+W2dMzIqXMMYTc8WbmBVP8SbDayUXmi2WvTUpqYbo
kGXLWHmnJGgAUdRrrshB9WfP49UAfn504ec5jZvL97pavS64XqXT6fkA9nsegQzT+8ZqJ4sspzh2dU+9
iiO6wNxXCC679Lo7RnTBOqueXvyGV2JvyClgNF/CKo9JQjDtCbkiHAgD1O/3LZzGOIA5SlMBsCZ8qfEZ
IKljBqZTwZ6SMnKP042BUOIppIEusOwm47nkbIw4smI96xN2qnvsrLqexHb0GLQYAk4Zto1GgoJaCzHE
jhDUz3IFuFXin8+im8+3lkuHFu4x1NeVHEuts1kfP3CcxZrKvhhaD1Y+tY7SWdJ8DdHfR+PLs8sfBrpn
OxlKKZUZK4sipxzHA4jgjUe+0QC14giOjYDXajRhammpwanN4lgtqWpFDeCIYsQxIDi+nGiEffjIsNxw
C0TRCnNMGSBm1gKgLBbkM0erH7etVak91IiHW1a2ItNOI4Eh7B8CgT+5+14/xdmCLw+BvHnjTog3vQ78
DalP9GOzm3eqG0QX5QpnvLUTAb+CYQV4Q24PwySsgr0KmWpsbH2SxfjhKpEM6cKr4RDeHnQb0iNq4Q1E
YsnGeJ4isY+vcipmCWWQZ3PsbWZOP0bvugQ1yZAwkgZjVxzPTj5NTy7VxHYH8LGI63ICKBWm4QZQHONY
aYvjTrcnLASrfoUcUZwnjqx4mENyMltgrrrQC1BTZthoAIeQlWm6hV1rxCDLecWzDeZSfCVRwsqEOcoE
xB2GUo4wVtJ/3OlqO7TvcVYvrfzuc78a4lD2KAoYp539nvpUgvTWaeEUw1s4CEn9wa8ojoKGbpuY3GgY
Et/C0GlwKHR6innEIL/HdE0JV7pB6fm+FpfwlA1gKtwGsipSLKmULY0GRHy+JNlCNEfpIqeEL1dQMhzD
3aaSkm4fjlAWEyl+sg1m0pdBGeAHNOeqUGDJEwd/xLShouxVKRNixxPMKbAroaqZQOC17MN0iSHNhcuh
OxEIlPXh2bThwQc1YJmmh7Xic5xJddeqAr3VvEUehIt2KYY59GeW3N7sCop2HQlR3g0TxvmkTBLyAEPY
7e/CG4vFh03yMqsgXXF/66HR9Dkbq3JApftIWG3SxNxIl1Uh1rNrbBKz3OXUCdPXDvDrV5+g4dAfTN0A
cGiw84jU1FJdohRpSWFeUoozoRHMrLv0WKtck2KW839Vk1nvvFIbaqZrTQ9bgKXBTeIBkJ5Ya4P6nBpL
2zdgHFPGtZVVM6vbT05HH8+nE9DGuWAGw1y6jmr7rPSKcNFRUaQb+UeaQlLykppFxvoC34mwLqXRyPMK
+Vp4+fMUIwoo20BB8T3JSwb3KC0xEx26BoRuZV3Bpr/btjye1JWuCSE3Oldpdn0LaTo979x3BzDBKuQw
nZ7LTtW+pywgh2wF7nhrwmqccOFZd+49q/EehjLqky2m+XFJkbR77z11rOfKIO9Qtz3tc57CEO4PQ05A
ALOjfozWHMJ9X/7d2fvfnf8Vv+l2bthqGa+zze3/7P6PPWeHtS3atth7Y46IzROJOSUxxLp3TY63cZYZ
4TCEiEWNXm7e3bodaMiq0vNGYSisUobPMm7bH5hZFIMt5cJhAzjowWoA3+/3YDmA99/v75sVU95EcSR2
ubK/hNfw7g+2eK2LY3gNf7SlmVP6ft8Wb9zi7z9oCuD1EMobMYZbz8+9t4vPuoieoJmFZwSu2sjcVeK2
/ZWkLvaWTr/yaFuFb4W+4KPR6DRFi45c3DVHvRJouXw8qVYLao6QjDh+HSrt4HaztwdHo9HsaHw2PTsa
nQuPhXAyR6koloFKGapzYaT0VDQdwJ/+BH/sqmCrG3bZNcEJoY53e7DfFRAZO8rLTGrDfVhhlDGI8yzi
wjQRG5YJpUmt5nj2fbexWBYGu0YimqM0daezEQLSzQPxH4NYhoDKLMYJyXAcucy0IPD24Ftm2Ilm3Agy
hFhrXLWJGCkySdHTM3ehvVixZ3flPIxgqOv+UpJUjCwaRZr3o9HoORhGoxCS0ajCc342mihEKjqyBZkA
DWATxRbdf38cn8wcpDqq9STuql2gh6oy6ml+C3N8ADeW9zeR6C7qQbV+nQDQTSTIiHpKuSKORz+VFI9S
gth0U2AfUpIawqT/xynKWJLT1aC+HHuSrJ4NSASWpzLAJJwTVHAAVPcGRH0dejacE03RbZAYzQyJ4XTr
JlMTRDPj1vaxKRwyGkGXMBK5M6i4pUXimlHacOrtPHbdSH+Y/76qE2N85aphWenzUq1ClDIcWJ030Sjq
gRLzHkRHl6OLk+jWxgd0ZypAYGP/H977YqsFVolvm9jaVk2htVX/LpEdf3j/qwss+60kln54v11eLcDL
pdWi+DZZ1cLw31eXJ52f8gzPSNytBLhR1bY/u+Oq82Db8N2R6z7k4PXfTw29NmrdamD+CAzbN0BC0vZv
Xp6dSnb9IOzIOVxQBXIF+2VqNdcLm3AXn+ol00/TetH1dFwvmlyfNorGP9aLLkd+0xbtIuu7ju1ldtpF
T8K1a5aj0MYth1mdRkyvjq86PCWr7gDOOLClOStEGWBKVbBG9mO8i31hdB28+8/+yxQSWrRXyn5+PyU0
R4ijRaWEFk+oKdc2VgSa7i/L1R2mASq9VdC0uFnd5K70iZTZ5xlZEjQw81Lqjd1tNqkveCNEqQr59SAm
C8zUpqX+VGiPmzvU7vFk96Vbk+pY1yuGefWWoHYQRZ3e47bC+GT8hjIVMzVOA6S+AmBVyFVD2oIAcDVw
A12VtIL7oN+wBTtSeD0dP08Gr6fjpgQKfacRSeWnUOU0xrRXUJxgirM57smV0BNuHJnL0zH8UDzZoUTY
7FIr2RfKqCStXbYqmtth5GDae9CjbAdQw9+mUH9fyy1DBaeSTwZMfoThKoYZ4Kok3EJpRQ0sP8Jwmo8G
Un+GYRVLDaj6etlymIx/VDJcUCIW66a3xmSx5L0ip/xJkZ2Mf2wKrDQUXiiuhop2aVTkbZHonG6p/b1l
jdF7M8RKftR3CFYN1kCqryDOnFoo8fcLZWHy19NrJQ3VXip30SfMNNkwIAii+MWi8IzdMyHZAtOCkmzL
lP/OJhljy6T4hq1RwjsDs5qjKvomo85MrrKVSoYWuAcMp3jOc9qzZ6bKWJpjyklC5ohjObHT80nAABel
L55WSUH7bBnK2iFcir9xoYPMPXXGInNGGSDYVfC79uznt4wcpAxJrhgo+REEM9ypNgn1HQR2GWUauGUv
UBJVrqrm6RVV2VMPtQiA4xk/dOHrV6gSrR6UJyjjpB+nV5Pr87OpSkMpKJ6rhIkzrny1NSDI8rd50Vfx
UQsvvPpHJdjTT9PnGXTTT9OALAt3+KWhKSNjNW78NvpFKGyuMnawPpJhkNB8JQtKhincY3qHOFn1GzEY
PTfORLeFoPgDN8iHcOM0uD0MgodkSNB6pXM9OM7gbiNp/CGXeeLPCmN5ZARDbE8Q0f+ck6yzu9t9NjV1
DXrxqWYpPSVwF5+a8nbx6Ve0jX5v62b1EDKPW8ybZ5kkl888lbkMxJ4vJ5WrdnEyORn/eOK5fk48swbg
BvnqyQDwagiBhLqoQgF5lm4Azee44AzyDNtNRZ7DylSX6BuO09wTQZlt4KZNw2O3dqRWETJryz1waNUp
mP0QL2a/xrHwz5CxGefpAO77PNfIuvUAbJVNbkV2xtFdip005Kk85bhJ87U8ml+SxXIA73qQ4fVfEMMD
eH/bA1X9B1P9QVafXQ/g+9tbg0jmE+8ewC/wDn6B9/DLIfwBfoEP8AvAL/D9rs0ESEmGn0oeqdG7Lb2K
CA+uBu9l3QkgSS4MgRR9+ad/piCL6prbT2xWIKEcIoN61l+hQsH1KikkoSZunn25ehfnvEO6zYSjx65S
t1EvqtUGdbxLjEGryN6ekeTwSMy45ZL4aPBJFD7JKQnUwivdheWW+P5d+aUJcjgmyX8ez4TSGsKNparo
p/m62wOnQCyZrl1PeuU44imXg76hkq/1COAXiLqhha+gNdAhRPZA4OyHy6uxCgw7KtktrdZ8ZST2ZPqD
gpoJneX25RT7SciNinqHTlXLmVZNO3sXLry0Z08ra+zT0fiHk2mnsQGFqntAp859o2fSoW936J2iQJxj
mg28k9yBQuzvHJLIi+ur8XQ2HY8uJ6dX4wulfFOpzZV6sonoctetwzf34DpE3fi5iRpdREJrRzpxVv7N
eerbPP9Oayb6c/SEaWJSHevGDuZIk1+pb3lIWW1eyrSpj7Db7FBm4ilonjZj1h/HP5x0HHFRBVYC4v7f
MC4+Zl+yfJ0JAtSZo7YHrmaN9rasFQWnpcUg3K7jy8nk5EgSg+lKGM6xybtEFA9Exe4uwHEuT9gk35VZ
zTDnJFtAx8lJk1lRu3m2CwAnmWCJ04dOVhMeobooJGGTRGAn7ClgO8QKZnZ1acYZ91HJ81mcMYbnMJQ0
iFEGW52etjdLkrZ2ps08z1gu9v98oY56d+2FHYf8J/1egOsUCz0vtJ03JshpjVyVX27y/ojMtF2hLxiy
XK+EuZRC1ldZ9CvMZNhB5tXGhKGiwMIsyQCZpFyKZe99YQNpJfr69Q68hj9XZO/A6z3vOqY1zztqFTKO
KPfSR/O41YySwDYPtzUFV14XMrm3XtqtoysFkEv0WK42dUHqTqkoORZ5Kwl+Vgbso6p3YEMwecFZX3Z9
e7N/CyNj4Qut4sIbvgz9Jge3cFWIcpSaZIOcbmtn9QyYO25VHrWXWm0yiuG1YdVUiEBrbhZiTr4zjLJN
pTSVYNxhB5fokOBY32TRd7g1QX3n+H1VcqSvdSzIPc5cslpZIwZjZCcwzIounkvMCqcvfv7+o6KaAruR
HfG3NOL0MmGdnx8VRM+RLrs7BTzyys8W+1DlBr5sM9J2jYJUDF+ie+wM1t6JUqyvtxS4zUQByvQtGrmm
nMt2OrszFCxp9+pdC1ntvFsDRqEN1FiTbrtnGrjPyquqWbjOfHjSFJiT1tkIOXUWuE0debeo8hiGVRPp
0TUAmzdW87jb5kGs8tikOgd8h/AN0y3o9vZA3c3mldTKRaUjbMFGMr0+jx1F9N13TlTXq2rtWQ/GQeJd
HPdwHAYxPAZL7Q1axzaTU9zOrzCBOphzMh5fjQdgzCHvam0UQNkuj8q70wJQN+HrAQF5DyHWN1R+fvQD
AZVG0A9HuDPTiFL9qdpuzA2q2pAFTtvsnMjsCtumMUTp9Fa+LserJ9xdAXKzfxvydZvItfMLde9XTYfc
j980WkVGa+pHIVjj2rJR+C4bgoiqHbQTwuGzKYCg24erLN3A1sbbCJBParBSqfioHtQWDHUzFne8lZym
QuHbbna2KbI6N4KKTEvGsdgziNxVHcnwAlQGWqXXtV0edYS0wlndczsISZLYE8usso3kCyFlYAu0yZge
9puD20BK5rNFqyFi0RYgv+P92634bChYj0wGOxFJG7O+Ta/IG7lWV9zUCRA+qHMI3C4zVqWEZSYgLM+5
HeemEbbfj6tRtTW6UT2nIidjGJhS5/GQRl3zEQ7biqcD70qSD/JY27ibZmrAnDhsNrGbmgWvZs9vWrfu
/oqyOMXO3WV1Kd5eNWbNi6Sxc4/8u+9azSoh+K+GEB2dzsYnx2fjk6Np9Ez46cnFddUotMCSf8VCadw4
tPT0ScatPojr73Z32jpzL8I7X4fBhe+ZsTKe074zfRv2ppG8FdwxxOT4Xw291t991+ClzCb8lYh9M4So
H8GbJ2iuaRj/1Y++OR3SrxAFLFC9blWds7K98OcTIQMUx8rb7sTmqol//UT48U4QmCS6RgZLpGPSA8RY
ucJACoGOYsb61sglvL8T8GUCbkzDb/FcFvddp7mnhULaJ/SGkEJno7E7z9BD5vzUe/7H12ia2eGXeWI8
JzGGO8RwDMKdFqQa+LfWzTZv9DClYCr3GpB6Y8FLjJFNr4Lv8ghY720eCWvSyc9O4eJThVlNmZxHM84d
x9lgwSd5fL/sSUtmpZyxsEmy5dGg6vEgiudhp3Xrqz4v9rbk4Fv9rGd4Was2/2qrd9X0rFyvqvYo0TeC
tfpcjShpw2KyUdOL1veNol7YwtOvHIVro87kCykKki1edaMGRPc5TyE09aP/EhnFcxNCJwVUz6FZK0fn
6yw5LwZ7e4yj+Zf8HtMkzdf9eb7aQ3v/ebD/4Y9/2N87eHfw/ff7AtM9QabBZ3SP2JySgvfRXV5y2SYl
dxTRzd5dSgotd/0lXzlHTdedOPfCsbF8n4X3WZES3on6xgvb24OCYs4Jpm/V8ZJ3gUn+exPf7N924TW8
+/B9F96AKDi47dZK3jVK3t92a4+0mVPMcuVmHGTlSt5QtheUA1esoqj+LJKTpyDwBdpk5arxJp3S+/Af
gs5AZPq90Dn/JVXP27feNWlBI1wgvuwnaZ5TSfSeHG0lRgJ7x6IXbNDbcyBuHdu7UmlexkkqH6dJCWKY
DVQqEubInKwwSSXJYnJP4hKlVUqHvElzOrseX336x+zq9FRmzc0tyllB84fNAKI8SSJ4lHlR16JIngXc
pTiuo7hsxZD5CHAWan/68fy8DUNSpqmH480YkXRRZhUudfb01jz247JAnj9p2vXxR54kajvMOLGvi/in
UAOfPP1iSCunZrpdxbFAr1mz07ZuLp/sJTOdfMyI0B0onUzOwyOznXy8PPvxZDwZnU8m56GhlAYVY6k/
Er+T7Nl9XD7VhRqGlOePk+nVRQ+ux1c/nh2fjGFyfXJ0dnp2BOOTo6vxMUz/cX0ycbTCzNzErFbCGKv3
Yv/N9zFlA3t/MepFXal39N1oPXDj9ASupjluVHuCn3pJN+ptG5d/9wszTjIZJnhWq9/2ZFw/DPwGop5Q
Zeq0vKLYP8fWLPScxyAffffy/zOzjZkfx+dN/n0cn4vtW9e/3z8IgrzfPzBQp+PgVUtZbGAuJwezj+Pz
078fh7IsTZ3Jtpxcn87+8vHsXKxvjr5gVh1LST1dIMrZQJ5Vyz/NK2uT61PjGXR4DncYPudix1ceSQRR
V+4BKbrDqWp+fDlRn/aBm4KSFaIbB1cfOpVG/XMkUw8oWg/g70tMMXTUk8YSS1dZ5bl6Cq7MUKreNzZm
m0On2XgkRdJ7E/RwssKSFOHBCXcILzCVjxdKpeSSoh4RlBZNTz92Xb3FI4mU1pjGi1dFirjCjeKY6JNj
836m4tZcPrwZu+OdsSL5j1gNOkkR5zgbwAhSwrj7rLNqrwH0VisM0SVG8cEARqtcPsANu3dlkmAKNM9X
u+qwWSamSr9yiSEhlHEZ+bdPhxcJzJfyzSHBqAd+gR4m5CesxrVCD2RVroCRn3Dlu04/TS3DflQpJoIY
ePfhgzropJjJBIcMVmXKSZFW+e/O2N99+BB1na3EEcvA1qHUv5LHr1/B+axOVN4F0n5dYbfnEIhDihHj
8A6wfqewYaLqHrXguedAtthVG42GFK2FZ1h9vBoOIYqaqETdEKIZRWtWJBad2vvUWZLMpl1iKxeOXKnd
UcVPCnUqZaCFBeYcMYu1g7kRBWltiZm0B/+iO0mCiU5r9uqMwKhrEVcrz19qO9XLe1pWxbKRLyj+q8RM
JgWaR98BOb07MQ20riE1bFUkabwVZ3VBdVqx7z0UaxsMa/CBdM69PXVIhOLY0iLYoWk0TyhnEZdPF6wK
vtFy7R31bZtxyeSidnjoN+Q8DR7cKx92+mladdDTE9YDWvTUy3QWRffZx/hPIO4+6Wo70268YzHp8pn4
hIhJVy6C0phiWuuzapr5UyfB7cQZGG99+CikOvRx2GIPjyxpQVTpQB9TVW5RVUWHNVb8sF3K/ZVZ50ZN
AhoTJHVPNUWtU9+Y8icxVXnBXpjEfZVtm+Gwdec/Go227Pgkj3Gims7zjKv3QklaxYo7uU7HqsBnc/0u
3AD+kucpRpk8hMRZLH/mAMtLt1r7EIrjPQPfF6IqNngbovJuVjpPlFCclAzHje4ZK/EAzrU6PhqZX15Q
gYA0X6tfupBwLmpWe+kPOsooUNdQtJiYjVaZUxLHmqTxAEYac9XfXIxZdiIg5ojGod5s9mV/e3/OZuxM
detm/PytsSbgimKrwtWn0JVZnuGo6xfDTXQY3R6GUIgx19DIojAqVWXQWXyWejMsS92rWuMufP1aQfvA
tai2rTL70nAI+1vA9Ei2VbuYVIZGwNpxV2jT2hFzjjNON6JIUZ7TSsBeanrUp0aszfq7Uk6VXbbNR6Wk
ejoajXz1FMlmUQ8cJD3v+Ud3j2p5cOr5qLvN3wgICnC35eSjB6ljb7hSoM5EUpyps5BnUigQVBSKrxty
2+0e7rQtiW8gzBGslxMnZadXR+sSWd9Iji9G46OXbyWyuXVFZ/EK0TkUFCfkQb7zHMc4PoTGHlPkKZlv
NFKJQpVApxh2e+qXl+6wXCV5ojVID6J/lYiijBP1RbH8LRbpAJpj2+s2xIn7Lj6DDvv2jmo7D0rJIhMO
y+T6dACR/lWpvYhFYilHFKfoAcfRXkSjClbSIazqDmJFMuw5rKGRj/b4b2cX34ZXtIAOir+QVQhzgekc
Z3ygTxjhDvM1xhnsy1f5D/b3ewYELZSPqXY2yUFiHn7XWc2dYs7dTg721QOutEQDGJkfQ0KLBcULsZFr
G0BfuamxkpaJ0yhBJFUJ9VuaaCCVGc4G+oS1CiAcmhJpwxDp/twp04TJCRBjFgzr6QbyYBUxhmPpbXSS
3OPhfuR2eyoPCgeg/i/ca8Uqn3TFMetxQYf6M44Smugoi4Q/yzim98KIMn9VmNswkmHXxlXOsqLkJqgi
LNtlHjsP3rorvc2SaNgQjoP0+H9pdchroaZOqYqobkyo+lfN5BRVYTM1HOiGZWMCFHLhN8nTCsEYJtub
qyd/JSB8/QqBOkdVtEBo9RGwEc4y9Xa3q6maPLOpXDfR/VCCHkT2fWtpxcstISqGFWf04A+tGzSxyTGq
qj7cmgYNjzsIFGZAEPS5nGA1YhuBnWAfgYiyYgxzOVNvVPcXR1alCu1Q69FTzm5/bE34fPkkmDzHRwxX
anwQyItvoBDCSgNJj3cUoy+HAex603g2cvYtyGkNr+4y0FsAhdF+Oy3p5L4gSPqqTc6TBj8C4k242gKr
Offno33GJ9enbRM+uT59xnzXoF4w3WJr+rVmW+P+f22yhSEVmGsxF/Wpvrb2TW2eteFTubCm4NVQmjZt
qkVYQY7WVY2aElYzg1itd1oiJ0BdopYQqtczLZHTs2hk46iN/k99s6TRe+L2njyv98TrPXl278LUUpbc
Vjp8+65++yPJhSDvR62vRgeRhJ40CAH2Q2pbOXGi23r6+ePzkAZ0Q4WTvQynXDItPNve4UFrh0GvXTYK
9RLMUJd5vbky4/ajlteSlCAluZSjJG9z9RsCpLP0niE82jpvKZbUKRO8VcpdIfdaN4R8rGOc2nCvU+fZ
96GXvt1cjDp4M1WzCRR8VCaErOVKgTtq4i7tUOtmpL4WJ1dBhumnacfEtVUHSkkcQtRtRMoDeSbb2ttn
Kqbmx63sLfDzPFs4sX7lMy3l7YAYMsTlL2ZClq/dXwP529lFB9H6z5wiagMl9pLtmqKiwFT6WYs0v+t0
5Z/Or3FCmiMZ+E5IitW594hVR3220w7J4Ie8K6gn+vev8ozTPAWUbdZo05O/+STa6ecD5DG8Cmyri64M
ZYRv3s6XeP5FH0Zf5hwPDGGE6ReWMiWZGUqhzOJ8LvOTcQxLnMqx2HvJk1xenyfydHIjaMrXGVDCvvTd
m8MynjnTvdisE31x5d0tDGH3M9s91InWcww8V5SQbJ6WMYb+Z2bYY5W6+IShpF1dHelkZZr2Kszuj/Y5
qc0KT0tus6a1I4FaLr/LOj3PE8xtippmu+jv6PxMEEnQnQCtgvPnZzP781nmnrTp3sb8vmAxcKjX135l
hi8Ju/mCN7fSWdq1aZy79fXvAFqc8ruhQd2s0dOT6dFf67/2nGA+X7Ywuz+XP1d1Pbo8O5LL7f8EAAD/
/+UEljI+fQAA
H4sIAAAAAAAC/+x9/XMbN7Lg7/or2qp7GTKmKcle+72ilu+W0UdWtfoqks56n07HB3EwJOwhZhbAiGJi
5W+/wtcMMIOhZN0mqbo6/5BogEaj0Wg0uhsNMCo4Bi4YmYvocGdnbw/OEthkBeCYCBBLwiEhKe6pslXB
BbCCwn8vMlhgihkS+L9BZIBXdzhW4BKFbAGEglhi4FnB5hjmWYz7Ln7EMCwxuifpBmJ8VywWhC50hxK2
pxrvvonx/S4kKVrAmqSpbM8wiivCICYMz0W6AUK5kFVZAgXXuDBkhcgLAVkiW3pU9+EfWRGlKXBB0hQo
lvRngdHd4SRjWLaXZM+z1UoxBsN8iegC8/7Ozj1iMM9oAkP4ZQcAgOEF4YIhxgdwc9tTZTHls5xl9yTG
XnG2QoQ2CmYUrbApfTzUXcQ4QUUqRmzBYQg3t4c7O0lB54JkFAglgqCU/Iw7XUOER1EbVVsoC1L3eKiJ
bJDyqCZ3jEXBKAdEATGGNnI2DA5YL8l8CWvMsKEEMxwDzyCRYyuYnDNWUEFWittXawrl8JJMcniVI0Hu
SErERooBzyiHjAFJgGcrDDHaAM/xnKAUcpbNMVdysM6KNIY72es/C8Jw3K/YtsDiKKMJWRQMx8ea0JKB
TA1G8bHvzooabIniEq/HlrEdWd8DsclxD1ZYIIuKJNCRpV1nOuQ3DIcQXYwuP47OI83ZR/VfOd0ML+T0
gcQ5gArzwME/UP+1s6IorWa5nxd82WF40T10xyMxNYZwTPm1EYEnB5ElutehJD67+4znIoLvvoOI5LN5
Ru8x4ySjPJIqwG0v/8nvvg8HQzm9KyRmQnQC9d06Y2Kev4Qxnphr3sQ8f4o3FK+1XBi2lOytSUk1RIes
sowXd1qCBhBFveaKHFR/9jxeDeCXRxd+nrG4uXyvq9XrgptVOp2eD2C/5xHIMbtvrHayoBnDsat76lUC
sQUWvkJw2WXW3TFiC95Z9czit7ySe0PGAKP5ElZZTBKCWU/KFRFAOKB+v1/CGYwDmKM0lQBrIpYGnwVS
OmZgO5XsKRgn9zjdWAgtnlIa2AKrbqjIFGdjJFAp1rM+4aemx86q60lsx4zBiCHglOOy0UhSUGshh9iR
gvpZrQC3Sv7zWXTz+bbk0mEJ9xjq60qNpdbZrI8fBKaxobIvh9aDlU+to3SWLFtD9PfR+PLs8seB6bmc
DK2UCsqLPM+YwPEAInjtkW81QK04gmMr4LUaQ5heWnpwerM41kuqWlEDOGIYCQwIji8nBmEfPnKsNtwc
MbTCAjMOiNu1AIjGknzuaPXjtrWqtIce8XDLytZkltNIYAj7h0Dgz+6+108xXYjlIZDXr90J8abXgb8h
9Yl+bHbzVneD2KJYYSpaO5HwKxhWgDfk9jBMwirYq5SpxsbWJzTGD1eJYkgXXg2H8Oag25AeWQuvIZJL
NsbzFMl9fJUxOUuIQkbn2NvMnH6s3nUJapKhYBQN1q44np18mp5c6ontDuBjHtflBFAqTcMNoDjGsdYW
x51uT1oIpfqVcsRwljiy4mEOyclsgYXuwixAQ5llowUcAi3SdAu71ogDzUTFsw0WSnwVUdLKhDmiEuIO
Q6FGGGvpP+50jR3a9zhrllZ297lfDXGoepQFXLDOfk9/akF647RwiuENHISk/uA3FEdJQ7dNTG4MDIlv
Yeg0OJQ6PcUi4pDdY7ZmRGjdoPV834hLeMoGMJVuA1nlKVZUqpZWAyIxXxK6kM1RusgYEcsVFBzHcLep
pKTbhyNEY6LET7XBXPkyiAJ+QHOhCyWWLHHwR9wYKtpeVTIhdzzJnBy7EqqbSQReyz5MlxjSTLocphOJ
QFsfnk0bHnxQAxZpelgrPsdUqbtWFeit5i3yIF20SznMoT+z5PZmV1K060iI9m64NM4nRZKQBxjCbn8X
XpdYfNgkK2gF6Yr7Gw+Noc/ZWLUDqtxHwmuTJudGuawasZlda5PY5a6mTpq+5QC/fvUJGg79wdQNAIeG
ch6RnlpmSrQiLRjMC8YwlRrBzrpLT2mVG1Lscv7PajLrnVdqQ890relhC7AyuEk8ANKTa21Qn1NrafsG
jGPKuLayblbq9pPT0cfz6QSMcS6ZwbFQrqPePiu9Il10lOfpRv2RppAUomB2kfG+xHcirUtlNIqsQr6W
Xv48xYgBohvIGb4nWcHhHqUF5rJD14AwrUpXsOnvti2PJ3Wla0Kojc5Vml3fQppOzzv33QFMsA45TKfn
qlO972kLyCFbgzvemrQaJ0J61p17z2q8h6GK+tDFNDsuGFJ2772njs1cWeQd5rZnfSFSGML9YcgJCGB2
1I/VmkO476u/O3v/u/O/4tfdzg1fLeM13dz+z+7/2HN22LJF2xZ7b80RuXkiOackhtj0bsjxNs6CEgFD
iHjU6OXm7a3bgYGsKj1vFIbSKuX4jIqy/YGdRTnYQi0cPoCDHqwG8GG/B8sBvPuwv29XTHETxZHc5Yr+
Er6Ht38qi9emOIbv4d/LUuqUvtsvizdu8Yf3hgL4fgjFjRzDrefn3peLr3QRPUGzC88KXLWRuavEbfsb
SV3sLZ1+5dG2Ct8KfcFHo9FpihYdtbhrjnol0Gr5eFKtF9QcIRVx/DrU2sHtZm8Pjkaj2dH4bHp2NDqX
HgsRZI5SWawClSpU58Io6aloOoA//xn+vauDrW7YZdcGJ6Q63u3BfldCUH6UFVRpw31YYUQ5xBmNhDRN
5IZlQ2lKqzmefd9tLJeFxW6QyOYoTd3pbISATPNA/MciViGggsY4IRTHkcvMEgTeHHzLDDvRjBtJhhRr
g6s2ESNNJsl7ZuYujBcr9+yumocRDE3dDwVJ5ciiUWR4PxqNnoNhNAohGY0qPOdno4lGpKMjW5BJ0AA2
WVyi+6+P45OZg9REtZ7EXbUL9FBVRj3Db2mOD+Cm5P1NJLuLelCtXycAdBNJMqKeVq5I4NHPBcOjlCA+
3eTYh1SkhjCZ/wmGKE8ythrUl2NPkdUrAxKB5akNMAXnBBUcAN29BdFfh54N50RTTBskRzNDcjjdusnU
BDHMuC372OQOGY2gSxiJ2hl03LJE4ppRxnDq7Tx23Uh/mP++qpNjfOWqYVXp81KvQpRyHFidN9Eo6oEW
8x5ER5eji5PotowPmM50gKCM/b9/54utEVgtvm1iW7ZqCm1Z9a8S2fH7d7+5wPLfS2LZ+3fb5bUEeLm0
lii+TVaNMPzX1eVJ5+eM4hmJu5UAN6ra9md3XHUebBu+O3LThxq8+fupoddGbVoN7B+BYfsGSEja/sXL
s1PJrh+EHTmHC7pArWC/TK/memET7uJTvWT6aVovup6O60WT69NG0finetHlyG/aol1UfdexvexOu+gp
uHbNchTauNUwq9OI6dXxVUekZNUdwJkAvrRnhYgCZkwHa1Q/1rvYl0bXwdv/6L9MIaFFe6Xq549TQnOE
BFpUSmjxhJpybWNNoO3+sljdYRag0lsFTYub103uSp8omX2ekaVAAzOvpN7a3XaT+oI3UpSqkF8PYrLA
XG9a+k+N9ri5Q+0eT3ZfujXpjk29ZphXXxLUDqKpM3vcVhifjN9RpmKux2mB9FcArAq5GsiyIABcDdxC
VyWt4D7oN2zBjhReT8fPk8Hr6bgpgVLfGURK+WlUGYsx6+UMJ5hhOsc9tRJ60o0jc3U6hh/yJztUCJtd
GiX7QhlVpLXLVkVzO4waTHsPZpTtAHr42xTqH2u5UZQLpvhkwdRHGK5imAWuSsIttFY0wOojDGf4aCHN
ZxhWs9SC6q+XLYfJ+CctwzkjcrFuemtMFkvRyzMmnhTZyfinpsAqQ+GF4mqpaJdGTd4Wic7Ylto/WtY4
u7dDrORHf4dg9WAtpP4K4sxYCSX/fqEsTP56eq2lodpL1S76hJmmGgYEQRa/WBSesXsmhC4wyxmhW6b8
DzbJOF8m+TdsjQreGVipOaqibzLq7ORqW6ngaIF7wHGK5yJjvfLMVBtLc8wEScgcCawmdno+CRjgsvTF
06ooaJ8tS1k7hEvxNy50ULmnzlhUzigHBLsafrc8+/k9IwcpR4orFkp9BMEsd6pNQn8HgV1G2QZu2QuU
RJWranh6xXT21EMtAuB4xg9d+PoVqkSrB+0Jqjjpx+nV5Pr8bKrTUHKG5zph4kxoX20NCGj2Jsv7Oj5a
wkuv/lEL9vTT9HkG3fTTNCDL0h1+aWjKyliNG7+PfpEKW+iMHWyOZDgkLFupgoJjBveY3SFBVv1GDMbM
jTPRbSEo8SAs8iHcOA1uD4PgIRmStF6ZXA+BKdxtFI0/ZipP/FlhLI+MYIjtCSL6nzNCO7u73WdTU9eg
F59qltJTAnfxqSlvF59+Q9voj7ZuVg8h87jFvHmWSXL5zFOZy0Ds+XJSuWoXJ5OT8U8nnuvnxDNrAG6Q
r54MAK+GEEioiyoUkNF0A2g+x7ngkFFcbirqHFalukTfcJzmngiqbAM3bRoeu7UjtYqQWVvugUOrScHs
h3gx+y2OhX8BymdCpAO474vMIOvWA7BVNnkpsjOB7lLspCFP1SnHTZqt1dH8kiyWA3jbA4rXPyCOB/Du
tge6+k+2+r2qPrsewIfbW4tI5RPvHsCv8BZ+hXfw6yH8CX6F9/ArwK/wYbfMBEgJxU8lj9To3ZZeRaQH
V4P3su4kkCIXhkDyvvrTP1NQRXXN7Sc2a5BQDpFFPeuvUK7hepUUklATN8++WL2NM9Eh3WbC0WNXq9uo
F9VqgzreJcai1WRvz0hyeCRnvOSS/GjwSRY+ySkF1MIr00XJLfn9h/LLEORwTJH/PJ5JpTWEm5KqvJ9m
624PnAK5ZLrlejIrxxFPtRzMDZVsbUYAv0LUDS18DW2ADiEqDwTOfry8GuvAsKOS3dJqzVdGYk+lP2io
mdRZbl9OsZ+E3Kiod+hUtZxp1bSzd+HCS3uutLLkt4N+dnw2Gf1wfjKbjE5Ppv+YHf315Ohv5pqXRqew
zWLCpUqYcZRgsZnNl3j+ZQC7ghVY6iSpApfScNZgKudOQYKClGoN01jficsZvsdUDHSzgz5M1xlka4oZ
B5EtFimhC0BmN4A7LNYYUxDrDDgWQppdfd30rU5izcQSM40A1iRXrdO0Sug39w5TdIfTnr02ltFIaCx3
GGgmyBzHUFBBUrU7UfwgQJAVhpjyeUYFy1KVH1tQ0/kEY1gKkfPB3t6CiGVx159nq72JQPMvJw/6Mt9e
1XiPcF5gvndwsP9hx3gLZhqmo/GPJ9NOwxAIVfeATZ17X8+UB3PLxuzYORICMzrwTtQHGrG/gysiL66v
xtPZdDy6nJxejS/0JpiqXVVvE+WFAC1bNfimLVSHqBuhN1Gji0junpFJYFZ/C5H6tue/0qqM/hI9YSLa
lNO60YkFMuRX26g6LK6MCG1i1kfYbXaoMiI1tEibZwcfxz+edBxx0QWlBMT9v2Gcf6RfaLamkgB99mvs
sqtZo31Z1opCLvYyWerj9Or4cjI5OVLEYLaSDkxs818RwwNZsbsLcJypk07Fd+3emHUMHSc3UGWn7WZ0
FwBOqGSJ04dJGpQKRl/YUrBJIrFrjbMNuBxiBTO7urTjjPuoENksppzjOQwVDXKUwVanp+3NkqStnW0z
zyjPpB2WLfSR+255ccoh/8n4A8B1iuV+K3cdb0yQsRq5WkXa/EuiMp5X6IvUeWYlzJUU8r5W4CvMVfhH
5TdLbZ7nWJqHFJBNjmZY9d6Xet9sZt9/vwPfw18qsnfg+z3vWmzpJnX0KuQCMeGl8WZxqzmrgMt86NZU
aHVty+ZAe+nPjq6UQC7RY73NqMDUnVZRaizqdhj8oh2JR13vwIZgslzwvur69mb/FkbW05JaxYW3fBn6
TQ5u4SqX5Si1SR8Z29au1DNg7xpW+exeirvN7IbvLaumUgRac+QQd/LOYUQ3ldLUgnGHHVyyQ4Jjc6PI
3KU3BPWdNIhVIZC5XrMg95i6ZLWyRg7Gyk5gmBVdIlOYNU5f/Pz9R0eXJXYrO/JvZUybZcI7vzxqiJ4j
XeXuFIiMVPEOuQ9V7vjLNiNjXxoDSDF8ie6xM9jybppmfb2lxG0nChA1t5nUmnIuPZos21DQqj264noq
eufdGrgLbaDWqnfbPdPReFZ+W83TcObDk6bAnLTORsi5LoHb1JF3my2LYVg1UZ51A7B5cziLu22e3CqL
bcp5wIcL3/Tdgm5vD/QdeVFJrVpUJtIZbKSuOWSxo4i++86JrntVrT2bwThIvAv8Ho7DIIbHYGl5k9mx
zdQUt/MrTKAJqp2Mx1fjAVhzyLviHAVQtsuj9rKNANRN+HpgRt0Hic1NoV8e/YBMpRHMAx7uzDSihX+u
tht7k602ZImzbHZOVJZL2aYxRBV8qGIOAq+eCDtIkJv921DMoYncBCGgHoXQ06H249eNVpHVmuZxDt64
Pm4VvsuGIKJqB+2EcPhsCiDo9uGKphvY2ngbAeppE15oFR/VDxckQ93M0R1vJaepVPhlNzvbFFmdG0FF
ZiTjWO4ZRO2qjmR4gUILrdMc2y7xOkJa4azuGx6EJEnuiQWtbCP1UksR2ALLpFgP+83BbSA19tmi1RCx
aAuQ3/H+7VZ8ZUjejEwFnRFJG7O+Ta+om9GlrripEyB9UOcwvl1mSpUSlpmAsDznlqKbztl+T7FG1dbo
RvWsjZqMYWBKnUdcGnXNx1DKViIdeFfDfJDH2sbdNFMD5sRhs0m5qZXg1ez5TevW3V8RjVPs3CHXjxOU
V75580Jv7Nzn/+67VrNKCv6rIURHp7PxyfHZ+ORoGj0TfnpycV01Ci2w5J+xVBo3Di09c6J0aw5E+7vd
nbbO3AcJnK/D4ML3zFgVz2nfmb4Ne9NI3gruGGJq/K+GXuvvvmvwUmV1/kbEvh5C1I/g9RM01zSM//pK
357SmdegAhaoWbe6zlnZ3uHgEyEDFMfa2+7E9sqPfw1I+vFOMJ4kpkYFS5Rj0gPEebHCQHKJjmHO+6WR
S0R/J+DLBNyYht/iuSzu+1pzTwuFtE/oLSeNrozG7jxDD9lzbO8ZJl+jGWaHX0iK8ZzEGO4QxzFId1qS
auHflG62fSuJawVTudeA9FsXXoKSanoVfB9JwnpvJClYm9Z/dgoXnyrMesrUPNpx7jjOBg8+jeT7ZU9a
MivtjIVNki2PN1WPODE8DzutW19XerG3pQbf6mc9w8tatflXW72rpmflelW1x6G+EazV52pESRsWUxk1
vWh9ZyrqhS0889pUuDbqTL6QPCd08aobNSC6z3mSoqkf/RfhGJ7bEDrJoXqWrrRyTN7UUoh8sLfHBZp/
ye4xS9JsrQ6Y0N5/HOy///c/7e8dvD348GFfYronyDb4jO4RnzOSiz66ywqh2qTkjiG22btLSW7krr8U
K+eo6boTZ144Nlbv5Ig+z1MiOlHfemF7e5AzLATB7I0+XvIukql/r+Ob/dsufA9v33/owmuQBQe33VrJ
20bJu9tu7bE8e5pcrNzMD1qs1E3x8qJ44KpbFNWfp3LyRSS+QBtarBpvA2q9D/8m6QxEpt9JnfOfSvW8
eeNdV5c0wgUSy36SZhlTRO+p0VZiJLF3SvSSDWZ7DsSt4/LOWpoVcZKqR4JSgjjmA50ShgUqT0gVlYTG
5J7EBUqr1Bp1o+l0dj2++vSP2dXpqcpenJcoZznLHjYDiLIkieBR5addyyJ7shvXUVy2YqA+AkxD7U8/
np+3YUiKNPVwvB4jki4KWuHSZ09v7KNLLgvU+ZOh3Rx/ZEmit0MqSPnKi38KNfDJMy+3tHJqZtpVHAv0
SpudtnVz+WQv1HbykRKpO1A6mZyHR1Z28vHy7KeT8WR0Ppmch4ZSWFScp/5I/E7os/u4fKoLPQwlzx8n
06uLHlyPr346Oz4Zw+T65Ojs9OwIxidHV+NjmP7j+mTiaIWZvRFbrYQx1u/2/ovvxaoG5T3SqBd1ld4x
d9TNwK3TE7gi6LhR7YmW+kXjqLdtXP4dPMwFoSpM8KxWv+/JuHmg+TVEPanK9Gl5RbF/jm1Y6DmPQT76
7uX/Z2YbMz+Oz5v8+zg+l9u3qX+3fxAEebd/YKFOx8Err6rYwlxODmYfx+enfz8OZbvaOpv1Ork+nf3w
8excrm+BvmBeHUspPZ0jJvhAnVWrP+1rd5PrU+sZdEQGdxg+Z3LH1x5JBFFX7QEqt0c3P76c6M/yoaGc
kRViGwdXHzqVRv1LpFIPGFoP4O9LzDB0dI6QwtLVVnmmn+QrKEr1O9PWbHPorLKT9va09ybpUUlEkhTp
wak8qAVm6hFJpZRcUvRjjsqi6ZlHx6s3kRSRyhozePEqT5HQuFEcE3NybNOeNLfm6gHU2B3vjOfJv8V6
0EmKhMB0ACNICRfu89q6vQEwW600RJcYxQcDGK0y9RA67N4VSYIZsCxb7erDZpUgrPzKJYaEMC5U5L98
wj1PYL5Ubz9JRj2IC/QwIT9jPa4VeiCrYgWc/Iwr33X6aVoy7CedYiKJgbfv3+uDToa5SnCgsCpSQfK0
uofgjP3t+/dR19lKHLEMbB1a/Wt5/PoVnM/qROVtIP3aFfbyHAIJSDHiAt4CNu9FNkxU06MRPPccqCx2
1UajIUNr6RlWH6+GQ4iiJipZN4RoxtCa50mJTu99+ixJp/ThUi4cudK7o46f5PpUykJLC8w5YhaZfnpP
T7yytuRMlgf/sjtFgo1OG/aazMyoWyKuVp6/1HaqFxCNrMplo16y/GeBuUrOtI/vA3J6d2IaaF1Datmq
STJ4K86aguq0Yt97sLdsMKzBB9Jq9/b0IRGK45IWyQ5Do33KmkZCPSGxysXGyLV31LdtxhWT89rhod9Q
iDR4cK992OmnadVBz0xYD1je0y8Elii6zz7GfwJx90lX25l26x3LSVfP9SdETrp2EbTGlNNan1XbzJ86
BV5OnIXx1oePQqlDH0dZ7OFRJS2IKh3oY6rKS1RV0WGNFT9ul3J/Zda5UZOAxgSZ5Fk7Ra1T35jyJzFV
+dlemMR9HW+b4bB15z8ajbbs+CSLcaKbzjMq9LutJK1ixZ3MpGNV4LO5eZ9vAD9kWYoRVYeQmMbq5yaw
uvxstA9hON6z8H0pqnKDL0NU3g1X56kYhpOC47jRPecFHsC5UcdHI/sLGDoQkGZrnV2t4FzUvPbiInS0
UaCvAxkxsRutNqcUjjVJ4wGMDOaqv7kcs+pEQswRi0O9ldmX/e39OZuxM9Wtm/Hzt8aagGuKSxWuP6Wu
pBnFUdcvhpvoMLo9DKGQY66hUUVhVLrKoivxldTbYZXUvao17sLXrxW0D1yLapdVdl8aDmF/C5gZybZq
F5PO0AhYO+4KbVo7cs4xFWwjizTlGasE7KWmR31q5Nqsv+/lVJXLtvm4l1JPR6ORr54i1SzqgYOk5z3D
6e5RLQ9/PR91t/lbDUEB7racfPQgdewNVwr0mUiKqT4LeSaFEkFFofy6Ibfd7uFO25L4BsIcwXo5cUp2
enW0LpH1jeT4YjQ+evlWopqXrugsXiE2h5zhhDyo97bjGMeH0Nhj8iwl841BqlDoEujkw25P/wLWHVar
JEuMBulB9M8CMUQF0V8Mq9/EUQ6gPba9bkOcuL9PwKHDv72j2s6DUrKg0mGZXJ8OIDK/7rUX8Ugu5Yjh
FD3gONqLWFTBKjqkVd1BPE+GPYc1LPLRHv/t7OLb8MoW0EHxF7IKYc4xm2MqBuaEsbxCtK9+HeFgf79n
QdBC+5h6Z1McJPYBfpPV3Mnnwu3kYF8/pMsKNICR/VEqtFgwvJAbubEBzJWbGitZkTiNEkRSnVC/pYkB
0pnhfGBOWKsAwqEtUTYMUe7PnTZNuJoAOWbJsJ5poA5WEec4Vt5GJ8k8Hu5Hbren6qBwAPr/0r3WrPJJ
1xwrPS7oMH/GUcISE2VR8GdUYHYvjSj7V4W5DSMZdsu4yhnNC2GDKtKyXWax8/Cwu9LbLImGDeE4SI//
l1aHup5r67SqiOrGhK5/1UxO0RVlpoYD3bBsbIBCLfwmeUYhWMNke3P99LIChK9fIVDnqIoWCKM+AjbC
GdVvqLuaqsmzMpXrJrofKtCDqHxnXFnxakuI8mHFGTP4w9INmpTJMbqqPtyaBg2POwgUZkAQ9Lmc4DVi
G4GdYB+BiLJmDHc5U29U9xdHpUqV2qHWo6ec3f74moj58kkwdY6POK7U+CCQF99AIYWVBZIe7xhGXw4D
2M2m8Wzk/FuQsxpe02WgtwAKq/12WtLJfUFQ9FWbnCcNfgTEm3C9BVZz7s9H+4xPrk/bJnxyffqM+a5B
vWC65db0W822wf3/2mRLQyow13Iu6lN9Xdo3tXk2hk/lwtqCV0Nl2rSpFmkFOVpXN2pKWM0M4rXeWYGc
AHWBWkKoXs+sQE7PslEZR230f+qbJY3eE7f35Hm9J17vybN7l6aWtuS20uHbd/XbH0kmBXk/an29O4gk
9LRECLAfUtvaiZPd1tPPH5+HNKAbKpz8ZTjVkmnh2fYOD1o7DHrtqlGol2CGusrrzbQZtx+1vFqlBSnJ
lBwlWZur3xAgk6X3DOEx1nlLsaJOm+CtUu4Kude6IeRjE+M0hnudOs++D7247uZi1MGbqZpNoODjPiFk
LVcK3FETd2mHWjcj9bU4uQ4yTD9NOzaurTvQSuIQom4jUh7IM9nWvnwuZGp/ZKy8BX6e0YUT69c+01Ld
DoiBIqF+uRRotnZ/leVvZxcdxOo/N4tYGSgpL9muGcpzzJSftUizu05X/en8KiqkGVKB74SkWJ97j3h1
1Fd22iEUfsy6knpifofMPKmB6GaNNj31YIdsZ54PUMfwOrCtL7pyRInYvFGPiZjD6MtM4IEljHDz0hXV
kklRCgWNs7nKT8YxLHGqxlLeS55k6vo8UaeTG0lTtqbACP/Sd28Oq3jmzPRSZp2Yiytvb2EIu5/57qFJ
tJ5jEJmmhNB5WsQY+p+5ZU+p1OUnDBXt+upIhxZp2qswuz+e6KQ2azwtuc2G1o4Carn8rurMPE+wKFPU
DNtlf0fnZ5JIop5xcYLz52ez8mfM7D1p230Z8/uC5cChXl/7tR+xJPzmC97cKmdpt0zj3K2vfwewxKm+
GxrUzRo9PZke/bX+q9sJFvNlC7P7c/WzYdejy7Mjtdz+TwAAAP//v30dtMZ+AAA=
`,
},
}