From 9c00e48f0f370a968d28cda1e77fcfc1e585710a Mon Sep 17 00:00:00 2001
From: Mirko Vogt <mirko-dev@nanl.de>
Date: Fri, 23 Jul 2021 06:56:09 +0000
Subject: [PATCH 001/203] routes/index.py: Make package 'onelogin.saml2.utils'
 optional

The onelogin package is not part of all saml packages for whatever
reason (e.g. Debian) and not easily installable from pypi (requires
CC toolchain).

As the onelogin functionality is already guarded by whether
SAML_ENABLED is set in other places (services/saml.py), also do so
in routes/index.py.
---
 powerdnsadmin/routes/index.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index f1ddb6b..636c270 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -6,7 +6,6 @@ import datetime
 import ipaddress
 from distutils.util import strtobool
 from yaml import Loader, load
-from onelogin.saml2.utils import OneLogin_Saml2_Utils
 from flask import Blueprint, render_template, make_response, url_for, current_app, g, session, request, redirect, abort
 from flask_login import login_user, logout_user, login_required, current_user
 
@@ -847,6 +846,7 @@ def dyndns_update():
 def saml_login():
     if not current_app.config.get('SAML_ENABLED'):
         abort(400)
+    from onelogin.saml2.utils import OneLogin_Saml2_Utils
     req = saml.prepare_flask_request(request)
     auth = saml.init_saml_auth(req)
     redirect_url = OneLogin_Saml2_Utils.get_self_url(req) + url_for(
@@ -859,7 +859,7 @@ def saml_metadata():
     if not current_app.config.get('SAML_ENABLED'):
         current_app.logger.error("SAML authentication is disabled.")
         abort(400)
-
+    from onelogin.saml2.utils import OneLogin_Saml2_Utils
     req = saml.prepare_flask_request(request)
     auth = saml.init_saml_auth(req)
     settings = auth.get_settings()

From 10dc2b0273a178bd2dfe2cf1bc12e3c5d0b02f33 Mon Sep 17 00:00:00 2001
From: RoeiGanor <ganor.roei98@gmail.com>
Date: Fri, 13 Aug 2021 20:03:06 +0300
Subject: [PATCH 002/203] bg_domain button for operators and higher

---
 powerdnsadmin/routes/dashboard.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/dashboard.py b/powerdnsadmin/routes/dashboard.py
index 457c415..c953ec7 100644
--- a/powerdnsadmin/routes/dashboard.py
+++ b/powerdnsadmin/routes/dashboard.py
@@ -3,6 +3,7 @@ from flask import Blueprint, render_template, url_for, current_app, request, jso
 from flask_login import login_required, current_user, login_manager
 from sqlalchemy import not_
 
+from ..decorators import operator_role_required
 from ..lib.utils import customBoxes
 from ..models.user import User, Anonymous
 from ..models.account import Account
@@ -150,6 +151,10 @@ def dashboard():
     else:
         current_app.logger.info('Updating domains in background...')
 
+    show_bg_domain_button = BG_DOMAIN_UPDATE
+    if BG_DOMAIN_UPDATE and current_user.role.name not in ['Administrator', 'Operator']:
+        show_bg_domain_button = False
+
     # Stats for dashboard
     domain_count = 0
     history_number = 0
@@ -198,12 +203,13 @@ def dashboard():
                            history_number=history_number,
                            uptime=uptime,
                            histories=history,
-                           show_bg_domain_button=BG_DOMAIN_UPDATE,
+                           show_bg_domain_button=show_bg_domain_button,
                            pdns_version=Setting().get('pdns_version'))
 
 
 @dashboard_bp.route('/domains-updater', methods=['GET', 'POST'])
 @login_required
+@operator_role_required
 def domains_updater():
     current_app.logger.debug('Update domains in background')
     d = Domain().update()

From 282c630eb8f1b837a9a13080842d6d2980b8ea08 Mon Sep 17 00:00:00 2001
From: Mirko Vogt <mirko-dev@nanl.de>
Date: Wed, 20 Oct 2021 13:18:30 +0000
Subject: [PATCH 003/203] dyndns: Respond with HTTP header 'WWW-Authenticate'
 to unauthed requests

The common procedure for HTTP Basic Auth is that a client does /not/
immediately send out credentials via an 'Authorization'-header, but to
wait until the server tells the client to do so - which the server
indicates via the 'WWW-Authenticate'-header.

PowerDNS-Admin (and flask in general), though, abort the whole
communication if no Authorization header was found in the initial
request - resulting in '200 "badauth"'.

While this might work for /some/ HTTP clients - which right away add an
Authorization header crafted from provided credentials (via args or
extracted from given URL), this is /not/ standard and /not/ common.

Hence add the 'WWW-Authenticate'-header for every unauthenticated call
checking for dyndns authorisation.

Note, though, this changes the status code from 200 to 401 in this case,
which - given the explanation why 200 was chosen in the first place -
might cause side effects.
---
 powerdnsadmin/decorators.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/decorators.py b/powerdnsadmin/decorators.py
index 5bf6c96..4ee9a5a 100644
--- a/powerdnsadmin/decorators.py
+++ b/powerdnsadmin/decorators.py
@@ -1,7 +1,7 @@
 import base64
 import binascii
 from functools import wraps
-from flask import g, request, abort, current_app, render_template
+from flask import g, request, abort, current_app, Response
 from flask_login import current_user
 
 from .models import User, ApiKey, Setting, Domain, Setting
@@ -301,7 +301,7 @@ def dyndns_login_required(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
         if current_user.is_authenticated is False:
-            return render_template('dyndns.html', response='badauth'), 200
+            return Response(headers={'WWW-Authenticate': 'Basic'}, status=401)
         return f(*args, **kwargs)
 
     return decorated_function

From 94a923a965f0740aeb4d44c4abde9bb8c530bfc7 Mon Sep 17 00:00:00 2001
From: Vasileios Markopoulos <83133031+vmarkop@users.noreply.github.com>
Date: Fri, 17 Dec 2021 12:41:51 +0200
Subject: [PATCH 004/203] Add 'otp_force' basic setting (#1051)

If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.

Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
---
 powerdnsadmin/assets.py                   |  1 +
 powerdnsadmin/models/setting.py           |  1 +
 powerdnsadmin/models/user.py              | 15 +++-
 powerdnsadmin/routes/admin.py             |  3 +-
 powerdnsadmin/routes/index.py             | 72 +++++++++++++-----
 powerdnsadmin/routes/user.py              | 11 +--
 powerdnsadmin/static/custom/js/custom.js  | 12 ++-
 powerdnsadmin/templates/register_otp.html | 90 +++++++++++++++++++++++
 powerdnsadmin/templates/user_profile.html | 12 ++-
 9 files changed, 179 insertions(+), 38 deletions(-)
 create mode 100755 powerdnsadmin/templates/register_otp.html

diff --git a/powerdnsadmin/assets.py b/powerdnsadmin/assets.py
index dfe79ff..e7c6354 100644
--- a/powerdnsadmin/assets.py
+++ b/powerdnsadmin/assets.py
@@ -23,6 +23,7 @@ css_login = Bundle('node_modules/bootstrap/dist/css/bootstrap.css',
 js_login = Bundle('node_modules/jquery/dist/jquery.js',
                   'node_modules/bootstrap/dist/js/bootstrap.js',
                   'node_modules/icheck/icheck.js',
+                  'custom/js/custom.js',
                   filters=(ConcatFilter, 'jsmin'),
                   output='generated/login.js')
 
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index a46cfb6..33b8db5 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -189,6 +189,7 @@ class Setting(db.Model):
         'ttl_options': '1 minute,5 minutes,30 minutes,60 minutes,24 hours',
         'otp_field_enabled': True,
         'custom_css': '',
+        'otp_force': False,
         'max_history_records': 1000
     }
 
diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index f5e3556..ca0561b 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -8,6 +8,9 @@ import ldap.filter
 from flask import current_app
 from flask_login import AnonymousUserMixin
 from sqlalchemy import orm
+import qrcode as qrc
+import qrcode.image.svg as qrc_svg
+from io import BytesIO
 
 from .base import db
 from .role import Role
@@ -633,6 +636,13 @@ class User(db.Model):
         for q in query:
             accounts.append(q[1])
         return accounts
+    
+    def get_qrcode_value(self):
+        img = qrc.make(self.get_totp_uri(),
+                    image_factory=qrc_svg.SvgPathImage)
+        stream = BytesIO()
+        img.save(stream)
+        return stream.getvalue()
 
 
     def read_entitlements(self, key):
@@ -794,7 +804,4 @@ def getUserInfo(DomainsOrAccounts):
     current=[]
     for DomainOrAccount in DomainsOrAccounts:
         current.append(DomainOrAccount.name)
-    return current
-
-        
-
+    return current
\ No newline at end of file
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 17d84a6..5573502 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1260,8 +1260,7 @@ def setting_basic():
             'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
             'session_timeout', 'warn_session_timeout', 'ttl_options',
             'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-            'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records'
-
+	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force'
         ]
 
         return render_template('admin_setting_basic.html', settings=settings)
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index ccdcd6b..316db2d 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -4,6 +4,7 @@ import json
 import traceback
 import datetime
 import ipaddress
+import base64
 from distutils.util import strtobool
 from yaml import Loader, load
 from onelogin.saml2.utils import OneLogin_Saml2_Utils
@@ -167,10 +168,8 @@ def login():
                 return redirect(url_for('index.login'))
 
         session['user_id'] = user.id
-        login_user(user, remember=False)
         session['authentication_type'] = 'OAuth'
-        signin_history(user.username, 'Google OAuth', True)
-        return redirect(url_for('index.index'))
+        return authenticate_user(user, 'Google OAuth')
 
     if 'github_token' in session:
         me = json.loads(github.get('user').text)
@@ -195,9 +194,7 @@ def login():
 
         session['user_id'] = user.id
         session['authentication_type'] = 'OAuth'
-        login_user(user, remember=False)
-        signin_history(user.username, 'Github OAuth', True)
-        return redirect(url_for('index.index'))
+        return authenticate_user(user, 'Github OAuth')
 
     if 'azure_token' in session:
         azure_info = azure.get('me?$select=displayName,givenName,id,mail,surname,userPrincipalName').text
@@ -366,10 +363,7 @@ def login():
                         history.add()
                     current_app.logger.warning('group info: {} '.format(account_id))
 
-
-        login_user(user, remember=False)
-        signin_history(user.username, 'Azure OAuth', True)
-        return redirect(url_for('index.index'))
+        return authenticate_user(user, 'Azure OAuth')
 
     if 'oidc_token' in session:
         me = json.loads(oidc.get('userinfo').text)
@@ -433,9 +427,7 @@ def login():
 
         session['user_id'] = user.id
         session['authentication_type'] = 'OAuth'
-        login_user(user, remember=False)
-        signin_history(user.username, 'OIDC OAuth', True)
-        return redirect(url_for('index.index'))
+        return authenticate_user(user, 'OIDC OAuth')
 
     if request.method == 'GET':
         return render_template('login.html', saml_enabled=SAML_ENABLED)
@@ -512,9 +504,7 @@ def login():
                         user.revoke_privilege(True)
                         current_app.logger.warning('Procceding to revoke every privilige from ' + user.username + '.' )
 
-        login_user(user, remember=remember_me)
-        signin_history(user.username, 'LOCAL', True)
-        return redirect(session.get('next', url_for('index.index')))
+        return authenticate_user(user, 'LOCAL', remember_me)
 
 def checkForPDAEntries(Entitlements, urn_value):
     """
@@ -584,6 +574,23 @@ def get_azure_groups(uri):
         mygroups = []
     return mygroups
 
+# Handle user login, write history and, if set, handle showing the register_otp QR code.
+# if Setting for OTP on first login is enabled, and OTP field is also enabled,
+# but user isn't using it yet, enable OTP, get QR code and display it, logging the user out.
+def authenticate_user(user, authenticator, remember=False):
+    login_user(user, remember=remember)
+    signin_history(user.username, authenticator, True)
+    if Setting().get('otp_force') and Setting().get('otp_field_enabled') and not user.otp_secret:
+        user.update_profile(enable_otp=True)
+        user_id = current_user.id
+        prepare_welcome_user(user_id)
+        return redirect(url_for('index.welcome'))
+    return redirect(url_for('index.login'))
+
+# Prepare user to enter /welcome screen, otherwise they won't have permission to do so
+def prepare_welcome_user(user_id):
+    logout_user()
+    session['welcome_user_id'] = user_id
 
 @index_bp.route('/logout')
 def logout():
@@ -674,7 +681,12 @@ def register():
                 if result and result['status']:
                     if Setting().get('verify_user_email'):
                         send_account_verification(email)
-                    return redirect(url_for('index.login'))
+                    if Setting().get('otp_force') and Setting().get('otp_field_enabled'):
+                        user.update_profile(enable_otp=True)
+                        prepare_welcome_user(user.id)
+                        return redirect(url_for('index.welcome'))
+                    else:
+                        return redirect(url_for('index.login'))
                 else:
                     return render_template('register.html',
                                            error=result['msg'])
@@ -684,6 +696,28 @@ def register():
         return render_template('errors/404.html'), 404
 
 
+# Show welcome page on first login if otp_force is enabled
+@index_bp.route('/welcome', methods=['GET', 'POST'])
+def welcome():
+    if 'welcome_user_id' not in session:
+        return redirect(url_for('index.index'))
+
+    user = User(id=session['welcome_user_id'])
+    encoded_img_data = base64.b64encode(user.get_qrcode_value())
+
+    if request.method == 'GET':
+        return render_template('register_otp.html', qrcode_image=encoded_img_data.decode(), user=user)
+    elif request.method == 'POST':
+        otp_token = request.form.get('otptoken', '')
+        if otp_token and otp_token.isdigit():
+            good_token = user.verify_totp(otp_token)
+            if not good_token:
+                return render_template('register_otp.html', qrcode_image=encoded_img_data.decode(), user=user, error="Invalid token")
+        else:
+            return render_template('register_otp.html', qrcode_image=encoded_img_data.decode(), user=user, error="Token required")
+        session.pop('welcome_user_id')
+        return redirect(url_for('index.index'))
+
 @index_bp.route('/confirm/<token>', methods=['GET'])
 def confirm_email(token):
     email = confirm_token(token)
@@ -1037,9 +1071,7 @@ def saml_authorized():
         user.plain_text_password = None
         user.update_profile()
         session['authentication_type'] = 'SAML'
-        login_user(user, remember=False)
-        signin_history(user.username, 'SAML', True)
-        return redirect(url_for('index.login'))
+        return authenticate_user(user, 'SAML')
     else:
         return render_template('errors/SAML.html', errors=errors)
 
diff --git a/powerdnsadmin/routes/user.py b/powerdnsadmin/routes/user.py
index 6ca927b..f411c29 100644
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@@ -1,7 +1,4 @@
 import datetime
-import qrcode as qrc
-import qrcode.image.svg as qrc_svg
-from io import BytesIO
 from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, current_app
 from flask_login import current_user, login_required, login_manager
 
@@ -94,13 +91,9 @@ def qrcode():
     if not current_user:
         return redirect(url_for('index'))
 
-    img = qrc.make(current_user.get_totp_uri(),
-                   image_factory=qrc_svg.SvgPathImage)
-    stream = BytesIO()
-    img.save(stream)
-    return stream.getvalue(), 200, {
+    return current_user.get_qrcode_value(), 200, {
         'Content-Type': 'image/svg+xml',
         'Cache-Control': 'no-cache, no-store, must-revalidate',
         'Pragma': 'no-cache',
         'Expires': '0'
-    }
+    }
\ No newline at end of file
diff --git a/powerdnsadmin/static/custom/js/custom.js b/powerdnsadmin/static/custom/js/custom.js
index 9bd9669..395e1ac 100644
--- a/powerdnsadmin/static/custom/js/custom.js
+++ b/powerdnsadmin/static/custom/js/custom.js
@@ -285,4 +285,14 @@ function timer(elToUpdate, maxTime) {
     }, 1000);
 
     return interval;
-}
\ No newline at end of file
+}
+
+// copy otp secret code to clipboard
+function copy_otp_secret_to_clipboard() {
+    var copyBox = document.getElementById("otp_secret");
+    copyBox.select();
+    copyBox.setSelectionRange(0, 99999); /* For mobile devices */
+    navigator.clipboard.writeText(copyBox.value);
+    $("#copy_tooltip").css("visibility", "visible");
+    setTimeout(function(){ $("#copy_tooltip").css("visibility", "collapse"); }, 2000);
+  }
\ No newline at end of file
diff --git a/powerdnsadmin/templates/register_otp.html b/powerdnsadmin/templates/register_otp.html
new file mode 100755
index 0000000..68e7ab8
--- /dev/null
+++ b/powerdnsadmin/templates/register_otp.html
@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<html>
+
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title>Welcome - {{ SITE_NAME }}</title>
+    <link rel="icon" href="{{ url_for('static', filename='img/favicon.png') }}">
+    <!-- Tell the browser to be responsive to screen width -->
+    <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+    {% assets "css_login" -%}
+    <link rel="stylesheet" href="{{ ASSET_URL }}">
+    {%- endassets %}
+    {% if SETTING.get('custom_css') %}
+    <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
+    {% endif %}
+  </head>
+
+  <body class="hold-transition register-page">
+    <div class="register-box">
+      <div class="register-logo">
+        <a><b>PowerDNS</b>-Admin</a>
+      </div>
+      <div class="register-box-body">
+        {% if error %}
+        <div class="alert alert-danger alert-dismissible">
+          <button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
+          {{ error }}
+        </div>
+        {% endif %}
+        Welcome, {{user.firstname}}! <br />
+        You will need a Token on login. <br />
+        Your QR code is:
+        <div id="token_information">
+          {% if qrcode_image == None %}
+          <p><img id="qrcode" src="{{ url_for('user.qrcode') }}"></p>
+          {% else %}
+          <p><img id="qrcode" src="data:image/svg+xml;utf8;base64, {{qrcode_image}}"></p>
+          {% endif %}
+          <p>
+            Your secret key is: <br />
+            <form>
+              <input type=text id="otp_secret" value={{user.otp_secret}} readonly>
+              <button type=button style="position:relative; right:28px" onclick="copy_otp_secret_to_clipboard()"> <i class="fa fa-clipboard"></i> </button>
+              <br /><font color="red" id="copy_tooltip" style="visibility:collapse">Copied.</font>
+            </form>
+          </p>
+          You can use Google Authenticator (<a target="_blank"
+              href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Android</a>
+          - <a target="_blank"
+              href="https://apps.apple.com/us/app/google-authenticator/id388497605">iOS</a>)
+          <br />
+          or FreeOTP (<a target="_blank"
+              href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en">Android</a>
+          - <a target="_blank"
+              href="https://itunes.apple.com/en/app/freeotp-authenticator/id872559395?mt=8">iOS</a>)
+          on your smartphone <br /> to scan the QR code or type the secret key.
+          <br /> <br />
+          <font color="red"><strong><i>Make sure only you can see this QR Code <br />
+            and secret key, and nobody can capture them.</i></strong></font>
+        </div>
+        </br>
+        Please input your OTP token to continue, to ensure the seed has been scanned correctly.
+        <form action="" method="post" data-toggle="validator">
+          <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+          <div class="form-group">
+            <input type="text" class="form-control" placeholder="OTP Token" name="otptoken"
+              data-error="Please input your OTP token" required>
+          </div>
+          <div class="row">
+            <div class="col-xs-4">
+              <button type="submit" class="btn btn-flat btn-primary btn-block">Continue</button>
+            </div>
+          </div>
+        </form>
+      </div>
+      <div class="login-box-footer">
+        <center>
+          <p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p>
+        </center>
+      </div>
+    </div>
+  </body>
+  {% assets "js_login" -%}
+  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
+  {%- endassets %}
+  {% assets "js_validation" -%}
+  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
+  {%- endassets %}
+</html>
\ No newline at end of file
diff --git a/powerdnsadmin/templates/user_profile.html b/powerdnsadmin/templates/user_profile.html
index a13d3d3..8570f7e 100644
--- a/powerdnsadmin/templates/user_profile.html
+++ b/powerdnsadmin/templates/user_profile.html
@@ -93,6 +93,14 @@
                                         {% if current_user.otp_secret %}
                                         <div id="token_information">
                                             <p><img id="qrcode" src="{{ url_for('user.qrcode') }}"></p>
+                                            <div style="position: relative; left: 15px">
+                                                Your secret key is: <br />
+                                                <form>
+                                                    <input type=text id="otp_secret" value={{current_user.otp_secret}} readonly>
+                                                    <button type=button style="position:relative; right:28px" onclick="copy_otp_secret_to_clipboard()"> <i class="fa fa-clipboard"></i> </button>
+                                                    <br /><font color="red" id="copy_tooltip" style="visibility:collapse">Copied.</font>
+                                                </form>
+                                            </div>
                                             You can use Google Authenticator (<a target="_blank"
                                                 href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Android</a>
                                             - <a target="_blank"
@@ -103,8 +111,8 @@
                                                 href="https://itunes.apple.com/en/app/freeotp-authenticator/id872559395?mt=8">iOS</a>)
                                             on your smartphone to scan the QR code.
                                             <br />
-                                            <font color="red"><strong><i>Make sure only you can see this QR Code and
-                                                        nobody can capture it.</i></strong></font>
+                                            <font color="red"><strong><i>Make sure only you can see this QR Code and secret key and
+                                                        nobody can capture them.</i></strong></font>
                                         </div>
                                         {% endif %}
                                     </div>

From 9ef0f2b8d6982d460eac49a8db576eb3a7adab76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Nov 2021 17:59:34 +0000
Subject: [PATCH 005/203] Bump python-ldap from 3.3.1 to 3.4.0

Bumps [python-ldap](https://github.com/python-ldap/python-ldap) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/python-ldap/python-ldap/releases)
- [Commits](https://github.com/python-ldap/python-ldap/compare/python-ldap-3.3.1...python-ldap-3.4.0)

---
updated-dependencies:
- dependency-name: python-ldap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 5e97a12..c33d0ce 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,7 +8,7 @@ mysqlclient==2.0.1
 configobj==5.0.6
 bcrypt>=3.1.7
 requests==2.24.0
-python-ldap==3.3.1
+python-ldap==3.4.0
 pyotp==2.4.0
 qrcode==6.1
 dnspython>=1.16.0

From 7808febad8fb0a56cdecce2d7cdb9a92ec30ff06 Mon Sep 17 00:00:00 2001
From: zoeller-freinet <86965592+zoeller-freinet@users.noreply.github.com>
Date: Fri, 17 Dec 2021 12:48:11 +0100
Subject: [PATCH 006/203] login.html: don't suggest previous OTP tokens

This change has been tested to work with:
- Chromium 96.0.4664.93
- Firefox 95.0
- Edge 96.0.1054.57
---
 powerdnsadmin/templates/login.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index dcf96cf..6b017af 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -50,7 +50,7 @@
         </div>
         {% if SETTING.get('otp_field_enabled') %}
         <div class="form-group">
-          <input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken">
+          <input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken" autocomplete="off">
         </div>
         {% endif %}
         {% if SETTING.get('ldap_enabled') and SETTING.get('local_db_enabled') %}

From 328780e2d41b7120afecf22c83b8d88864eaeaf7 Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Sat, 25 Dec 2021 16:17:54 +0200
Subject: [PATCH 007/203] Revert "Merge branch 'master' into master"

This reverts commit ca4c145a1809b3fee8510b49fb517a844c3524eb, reversing
changes made to 7808febad8fb0a56cdecce2d7cdb9a92ec30ff06.
---
 powerdnsadmin/routes/dashboard.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/powerdnsadmin/routes/dashboard.py b/powerdnsadmin/routes/dashboard.py
index a23ffa1..8cf1b12 100644
--- a/powerdnsadmin/routes/dashboard.py
+++ b/powerdnsadmin/routes/dashboard.py
@@ -208,7 +208,6 @@ def dashboard():
                            history_number=history_number,
                            uptime=uptime,
                            histories=detailedHistories,
-                           histories=history,
                            show_bg_domain_button=show_bg_domain_button,
                            pdns_version=Setting().get('pdns_version'))
 

From 302e793665a54ce6b083133f471edfc1cf120e96 Mon Sep 17 00:00:00 2001
From: Christian <milefork@users.noreply.github.com>
Date: Fri, 31 Dec 2021 00:55:59 +0100
Subject: [PATCH 008/203] Add button for admin page in single Domain view
 (#1076)

* Added button for admin page in domain overview
---
 powerdnsadmin/templates/domain.html | 5 +++++
 1 file changed, 5 insertions(+)
 mode change 100644 => 100755 powerdnsadmin/templates/domain.html

diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
old mode 100644
new mode 100755
index 3ac96d1..8366c74
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -33,6 +33,11 @@
                         Update from Master&nbsp;<i class="fa fa-download"></i>
                     </button>
                     {% endif %}
+                    {% if current_user.role.name in ['Administrator', 'Operator'] %}
+                    <button type="button" style="position: relative; margin-left: 20px" class="btn btn-flat btn-primary pull-left btn-danger" onclick="window.location.href='{{ url_for('domain.setting', domain_name=domain.name) }}'">
+                        Admin&nbsp;<i class="fa fa-cog"></i>
+                      </button>
+                    {% endif %}
                     {% if current_user.role.name in ['Administrator', 'Operator'] or SETTING.get('allow_user_view_history') %}
                     <button type="button" style="position: relative; margin-left: 20px" class="btn btn-flat btn-primary button_changelog" id="{{ domain.name }}">
                         Changelog&nbsp;<i class="fa fa-history" aria-hidden="true"></i>

From 0b2ad520b7a5edd95e708684eef77ac739119045 Mon Sep 17 00:00:00 2001
From: zoeller-freinet <86965592+zoeller-freinet@users.noreply.github.com>
Date: Sat, 1 Jan 2022 21:20:01 +0100
Subject: [PATCH 009/203] History table: relocate HTML for modal window (#1090)

- Store HTML for modal window inside an invisible <div> element instead
  of inside the <button> element's value attribute
- Mark history.detailed_msg as safe as it is already manually run
  through the template engine beforehand and would be broken if escaped
  a second time
---
 .../templates/admin_history_table.html        | 44 +++++++------------
 powerdnsadmin/templates/dashboard.html        | 29 ++++++------
 2 files changed, 30 insertions(+), 43 deletions(-)

diff --git a/powerdnsadmin/templates/admin_history_table.html b/powerdnsadmin/templates/admin_history_table.html
index cf31e0e..4f3d73d 100644
--- a/powerdnsadmin/templates/admin_history_table.html
+++ b/powerdnsadmin/templates/admin_history_table.html
@@ -24,19 +24,20 @@
                 <td>{{ history.history.created_on }}</td>
                 
                 <td width="6%">
+                    <div id="history-info-div-{{ loop.index0 }}" style="display: none;">
+                        {{ history.detailed_msg | safe }}
+                        {% if history.change_set %}
+                        <div class="content">
+                            <div id="change_index_definition"></div>
+                            {% call applied_change_macro.applied_change_template(history.change_set) %}
+                            {% endcall %}
+                        </div>
+                        {% endif %}
+                    </div>
                     <button type="button" class="btn btn-flat btn-primary history-info-button"
-                        {% if history.detailed_msg == "" and history.change_set == None %}
+                        {% if history.detailed_msg == "" and history.change_set is none %}
                         style="visibility: hidden;"
-                        {% endif%}
-                        value='{{ history.detailed_msg }}
-                            {% if history.change_set != None %}
-                            <div class="content">
-                                <div id="change_index_definition"></div>
-                                {% call applied_change_macro.applied_change_template(history.change_set) %} 
-                                {% endcall %}
-                            </div>
-                            {% endif %}
-                        '>Info&nbsp;<i class="fa fa-info"></i>
+			{% endif %} value="{{ loop.index0 }}">Info&nbsp;<i class="fa fa-info"></i>
                     </button>
                 </td>
             </tr>
@@ -45,17 +46,10 @@
     </table>
 </div>
 
-
-
 <script>
-
-
-
-
 var table;
 $(document).ready(function () {
 
-
         table = $('#tbl_history').DataTable({
             "order": [
                 [2, "desc"]
@@ -74,22 +68,14 @@ $(document).ready(function () {
             fixedHeader: true
         });
 
-
-
-
-
-
-
-
     $(document.body).on('click', '.history-info-button', function () {
         var modal = $("#modal_history_info");
-        var info = $(this).val();
+        var history_id = $(this).val();
+        var info = $("#history-info-div-" + history_id).html();
         $('#modal-info-content').html(info);
         modal.modal('show');
     });
 
-
-    
     $(document.body).on("click", ".button-filter", function (e) {
         e.stopPropagation();
         var nextRow = $("#filter-table")
@@ -101,4 +87,4 @@ $(document).ready(function () {
 
 });
 
-</script>
\ No newline at end of file
+</script>
diff --git a/powerdnsadmin/templates/dashboard.html b/powerdnsadmin/templates/dashboard.html
index e018be3..0e5b3b5 100755
--- a/powerdnsadmin/templates/dashboard.html
+++ b/powerdnsadmin/templates/dashboard.html
@@ -114,20 +114,20 @@
                           <td>{{ history.history.msg }}</td>
                           <td>{{ history.history.created_on }}</td>
                           <td width="6%">
+                            <div id="history-info-div-{{ loop.index0 }}" style="display: none;">
+                                {{ history.detailed_msg | safe }}
+                                {% if history.change_set %}
+                                <div class="content">
+                                    <div id="change_index_definition"></div>
+                                    {% call applied_change_macro.applied_change_template(history.change_set) %}
+                                    {% endcall %}
+                                </div>
+                                {% endif %}
+                            </div>
                             <button type="button" class="btn btn-flat btn-primary history-info-button"
-                            {% if history.detailed_msg == "" and history.change_set == None %}
-                            style="visibility: hidden;"
-                            {% endif%}
-                            value='{{ history.detailed_msg }}
-                              {% if history.change_set != None %}
-                              <div class="content">
-                                  <div id="change_index_definition"></div>
-                                  {% call applied_change_macro.applied_change_template(history.change_set) %} 
-                                  {% endcall %}
-                              </div>
-                              {% endif %}
-                              '>
-                                Info&nbsp;<i class="fa fa-info"></i>
+                                {% if history.detailed_msg == "" and history.change_set is none %}
+                                style="visibility: hidden;"
+                                {% endif %} value="{{ loop.index0 }}">Info&nbsp;<i class="fa fa-info"></i>
                             </button>
                           </td>
                       </tr>
@@ -243,7 +243,8 @@
 
     $(document.body).on('click', '.history-info-button', function () {
         var modal = $("#modal_history_info");
-        var info = $(this).val();
+        var history_id = $(this).val();
+        var info = $("#history-info-div-" + history_id).html();
         $('#modal-info-content').html(info);
         modal.modal('show');
     });

From 98bd9634a4f02c072691932bc7e4c3cd5cb70e94 Mon Sep 17 00:00:00 2001
From: Adrien Delle Cave <adrien.delle.cave@commandersact.com>
Date: Wed, 19 Jan 2022 13:50:12 +0100
Subject: [PATCH 010/203] [BUG] Fixed delete zone from API

---
 powerdnsadmin/routes/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 4fce368..c44dfbc 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -287,7 +287,7 @@ def api_login_delete_zone(domain_name):
             domain.update()
 
             history = History(msg='Delete domain {0}'.format(
-                pretty_domain_name(domain_name)),
+                utils.pretty_domain_name(domain_name)),
                               detail='',
                               created_by=current_user.username,
                               domain_id=domain_id)

From cd94b5c0ac5739dee0aa7ec7249f4ac3fd37e85d Mon Sep 17 00:00:00 2001
From: dapillc <95588573+dapillc@users.noreply.github.com>
Date: Wed, 19 Jan 2022 09:49:30 -0600
Subject: [PATCH 011/203] Update API.md (#1100)

armless > harmless
---
 docs/API.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/API.md b/docs/API.md
index 890f556..d7e3732 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -18,7 +18,7 @@ The PDA API consists of two distinct parts:
 
 The requests to the API needs two headers:
 
-- The classic 'Content-Type: application/json' is required to all POST and PUT requests, though it's armless to use it on each call
+- The classic 'Content-Type: application/json' is required to all POST and PUT requests, though it's harmless to use it on each call
 - The authentication header to provide either the login:password basic authentication or the Api Key authentication.
 
 When you access the `/powerdnsadmin` endpoint, you must use the Basic Auth:

From 6982e0107cbec2c134006fc303662541a8bb3689 Mon Sep 17 00:00:00 2001
From: Adrien Delle Cave <adrien.delle.cave@commandersact.com>
Date: Thu, 20 Jan 2022 12:49:37 +0100
Subject: [PATCH 012/203] Typo in routes/api.py

---
 powerdnsadmin/routes/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index c44dfbc..9668176 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -1175,7 +1175,7 @@ def api_server_config_forward(server_id):
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
 
-# The endpoint to snychronize Domains in background
+# The endpoint to synchronize Domains in background
 @api_bp.route('/sync_domains', methods=['GET'])
 @apikey_or_basic_auth
 def sync_domains():

From b9cf7245a539e44dca4a6def9cfe39bac1265f0f Mon Sep 17 00:00:00 2001
From: kkmanos <koukoularisman@gmail.com>
Date: Thu, 17 Feb 2022 17:02:11 +0200
Subject: [PATCH 013/203] fixed csrf expiration for login page

---
 powerdnsadmin/templates/login.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 6b017af..5ef3d39 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -21,6 +21,7 @@
   <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
   <![endif]-->
 </head>
+<META HTTP-EQUIV="REFRESH" CONTENT="600">
 
 <body class="hold-transition login-page">
   <div class="login-box">

From 36cee8cddc86f9eb1ee0b8a19ddb1087b5d36cdd Mon Sep 17 00:00:00 2001
From: vmarkop <billy.mark.b.m.10@gmail.com>
Date: Thu, 17 Feb 2022 17:34:54 +0200
Subject: [PATCH 014/203] Fixed 'LOCAL' Authenticator Type showing for LDAP
 auth

---
 powerdnsadmin/routes/index.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 316db2d..cb5377c 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -461,7 +461,7 @@ def login():
             auth = user.is_validate(method=auth_method,
                                     src_ip=request.remote_addr)
             if auth == False:
-                signin_history(user.username, 'LOCAL', False)
+                signin_history(user.username, auth_method, False)
                 return render_template('login.html',
                                        saml_enabled=SAML_ENABLED,
                                        error='Invalid credentials')
@@ -478,7 +478,7 @@ def login():
             if otp_token and otp_token.isdigit():
                 good_token = user.verify_totp(otp_token)
                 if not good_token:
-                    signin_history(user.username, 'LOCAL', False)
+                    signin_history(user.username, auth_method, False)
                     return render_template('login.html',
                                            saml_enabled=SAML_ENABLED,
                                            error='Invalid credentials')
@@ -504,7 +504,7 @@ def login():
                         user.revoke_privilege(True)
                         current_app.logger.warning('Procceding to revoke every privilige from ' + user.username + '.' )
 
-        return authenticate_user(user, 'LOCAL', remember_me)
+        return authenticate_user(user, auth_method, remember_me)
 
 def checkForPDAEntries(Entitlements, urn_value):
     """

From e21f53085d9f4134959564fbe2200902ed15aa67 Mon Sep 17 00:00:00 2001
From: kkmanos <koukoularisman@gmail.com>
Date: Thu, 17 Feb 2022 17:40:48 +0200
Subject: [PATCH 015/203] added DNSSEC enabling/disabling to history logs

---
 powerdnsadmin/routes/domain.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index e3b61cc..7248d36 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -780,6 +780,12 @@ def dnssec(domain_name):
 def dnssec_enable(domain_name):
     domain = Domain()
     dnssec = domain.enable_domain_dnssec(domain_name)
+    domain_object = Domain.query.filter(domain_name == Domain.name).first()
+    history = History(
+        msg='DNSSEC was enabled for domain ' + domain_name ,
+        created_by=current_user.username,
+        domain_id=domain_object.id)
+    history.add()
     return make_response(jsonify(dnssec), 200)
 
 
@@ -793,7 +799,12 @@ def dnssec_disable(domain_name):
 
     for key in dnssec['dnssec']:
         domain.delete_dnssec_key(domain_name, key['id'])
-
+    domain_object = Domain.query.filter(domain_name == Domain.name).first()
+    history = History(
+        msg='DNSSEC was disabled for domain ' + domain_name ,
+        created_by=current_user.username,
+        domain_id=domain_object.id)
+    history.add()
     return make_response(jsonify({'status': 'ok', 'msg': 'DNSSEC removed.'}))
 
 

From 10603fbb36c59cbc142f694c9120d18896e8dc3a Mon Sep 17 00:00:00 2001
From: kkmanos <koukoularisman@gmail.com>
Date: Thu, 17 Feb 2022 18:10:06 +0200
Subject: [PATCH 016/203] fixed csrf expiration for login page

---
 powerdnsadmin/templates/login.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 5ef3d39..631cafc 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -21,7 +21,7 @@
   <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
   <![endif]-->
 </head>
-<META HTTP-EQUIV="REFRESH" CONTENT="600">
+<META HTTP-EQUIV="REFRESH" CONTENT="{{ 60 * SETTING.get('session_timeout') }}">
 
 <body class="hold-transition login-page">
   <div class="login-box">

From 6ba1254759007b817c71978bb841abbb3e154f9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Mon, 21 Feb 2022 17:31:37 +0100
Subject: [PATCH 017/203] feat: Make domain update optional in assoc_account

---
 powerdnsadmin/models/domain.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index e30421d..382cdee 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -806,7 +806,7 @@ class Domain(db.Model):
         else:
             return {'status': 'error', 'msg': 'This domain does not exist'}
 
-    def assoc_account(self, account_id):
+    def assoc_account(self, account_id, update=True):
         """
         Associate domain with a domain, specified by account id
         """
@@ -842,7 +842,8 @@ class Domain(db.Model):
                 current_app.logger.error(jdata['error'])
                 return {'status': 'error', 'msg': jdata['error']}
             else:
-                self.update()
+                if update:
+                    self.update()
                 msg_str = 'Account changed for domain {0} successfully'
                 current_app.logger.info(msg_str.format(domain_name))
                 return {'status': 'ok', 'msg': 'account changed successfully'}

From 84a183d913f0ec0d6bad8a1e9c1e81e0d9c16686 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Mon, 21 Feb 2022 17:32:44 +0100
Subject: [PATCH 018/203] fix: Disassociate domains from account before
 deletion

---
 powerdnsadmin/routes/api.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 4fce368..187f693 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -940,6 +940,18 @@ def api_delete_account(account_id):
         account = account_list[0]
     else:
         abort(404)
+    current_app.logger.debug(
+            f'Deleting Account {account.name}'
+        )
+
+    # Remove account association from domains first
+    if len(account.domains) > 0:
+        for domain in account.domains:
+            current_app.logger.info(f"Disassociating domain {domain.name} with {account.name}")
+            Domain(name=domain.name).assoc_account(None, update=False)
+        current_app.logger.info("Syncing all domains")
+        Domain().update()
+
     current_app.logger.debug(
         "Deleting account {} ({})".format(account_id, account.name))
     result = account.delete_account()

From fcb8287f141237cb7a5cc0b75d35159614a8dd1f Mon Sep 17 00:00:00 2001
From: ManosKoukoularis <39616014+kkmanos@users.noreply.github.com>
Date: Fri, 25 Feb 2022 12:59:23 +0200
Subject: [PATCH 019/203] Update login.html

---
 powerdnsadmin/templates/login.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 631cafc..545f437 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -8,6 +8,7 @@
   <link rel="icon" href="{{ url_for('static', filename='img/favicon.png') }}">
   <!-- Tell the browser to be responsive to screen width -->
   <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+  <META HTTP-EQUIV="REFRESH" CONTENT="{{ 60 * SETTING.get('session_timeout') }}">
   {% assets "css_login" -%}
   <link rel="stylesheet" href="{{ ASSET_URL }}">
   {%- endassets %}
@@ -21,7 +22,6 @@
   <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
   <![endif]-->
 </head>
-<META HTTP-EQUIV="REFRESH" CONTENT="{{ 60 * SETTING.get('session_timeout') }}">
 
 <body class="hold-transition login-page">
   <div class="login-box">

From 5d8e277b3fca5e4d8336927a334303ed02f052f7 Mon Sep 17 00:00:00 2001
From: vmarkop <billy.mark.b.m.10@gmail.com>
Date: Mon, 28 Feb 2022 11:35:24 +0200
Subject: [PATCH 020/203] pinned compatible itsdangerous version

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index c33d0ce..ca14ade 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,3 +28,4 @@ PyYAML==5.4
 Flask-SSLify==0.1.5
 Flask-Mail==0.9.1
 flask-session==0.3.2
+itsdangerous==2.0.1
\ No newline at end of file

From 063d259af8b6b151eae00a64607e3129b01f935a Mon Sep 17 00:00:00 2001
From: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Date: Sun, 27 Mar 2022 15:19:35 +0300
Subject: [PATCH 021/203] jinja-dependency-fix

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index ca14ade..b167dcd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,4 +28,5 @@ PyYAML==5.4
 Flask-SSLify==0.1.5
 Flask-Mail==0.9.1
 flask-session==0.3.2
+Jinja2==3.0.3
 itsdangerous==2.0.1
\ No newline at end of file

From c9d97642b34f46ec43362a35d6e7c89eacb97db7 Mon Sep 17 00:00:00 2001
From: vmarkop <billy.mark.b.m.10@gmail.com>
Date: Tue, 29 Mar 2022 10:30:19 +0300
Subject: [PATCH 022/203] Fixed werkzeug dependency

---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b167dcd..d9e41e8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,4 +29,5 @@ Flask-SSLify==0.1.5
 Flask-Mail==0.9.1
 flask-session==0.3.2
 Jinja2==3.0.3
-itsdangerous==2.0.1
\ No newline at end of file
+itsdangerous==2.0.1
+werkzeug==2.0.3
\ No newline at end of file

From 17b4269e1bdfe736d4bc45509334b62f1af46618 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Wed, 30 Mar 2022 23:31:16 +0200
Subject: [PATCH 023/203] fix: Set Content-Type on backend API calls

---
 powerdnsadmin/models/domain.py | 12 ++++++------
 powerdnsadmin/models/record.py |  8 ++++----
 powerdnsadmin/routes/api.py    |  1 +
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index e30421d..d2bb197 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -208,7 +208,7 @@ class Domain(db.Model):
         Add a domain to power dns
         """
 
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         domain_name = domain_name + '.'
         domain_ns = [ns + '.' for ns in domain_ns]
@@ -311,7 +311,7 @@ class Domain(db.Model):
         if not domain:
             return {'status': 'error', 'msg': 'Domain does not exist.'}
 
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         if soa_edit_api not in ["DEFAULT", "INCREASE", "EPOCH", "OFF"]:
             soa_edit_api = 'DEFAULT'
@@ -361,7 +361,7 @@ class Domain(db.Model):
         if not domain:
             return {'status': 'error', 'msg': 'Domain does not exist.'}
 
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         post_data = {"kind": kind, "masters": masters}
 
@@ -681,7 +681,7 @@ class Domain(db.Model):
         """
         domain = Domain.query.filter(Domain.name == domain_name).first()
         if domain:
-            headers = {'X-API-Key': self.PDNS_API_KEY}
+            headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
             try:
                 # Enable API-RECTIFY for domain, BEFORE activating DNSSEC
                 post_data = {"api_rectify": True}
@@ -747,7 +747,7 @@ class Domain(db.Model):
         """
         domain = Domain.query.filter(Domain.name == domain_name).first()
         if domain:
-            headers = {'X-API-Key': self.PDNS_API_KEY}
+            headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
             try:
                 # Deactivate DNSSEC
                 jdata = utils.fetch_json(
@@ -821,7 +821,7 @@ class Domain(db.Model):
         if not domain:
             return {'status': False, 'msg': 'Domain does not exist'}
 
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         account_name = Account().get_name_by_id(account_id)
 
diff --git a/powerdnsadmin/models/record.py b/powerdnsadmin/models/record.py
index e2e2b5a..9929b67 100644
--- a/powerdnsadmin/models/record.py
+++ b/powerdnsadmin/models/record.py
@@ -99,7 +99,7 @@ class Record(object):
                 }
 
         # Continue if the record is ready to be added
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         try:
             jdata = utils.fetch_json(urljoin(
@@ -293,7 +293,7 @@ class Record(object):
         return new_rrsets, del_rrsets
 
     def apply_rrsets(self, domain_name, rrsets):
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
         jdata = utils.fetch_json(urljoin(
             self.PDNS_STATS_URL, self.API_EXTENDED_URL +
             '/servers/localhost/zones/{0}'.format(domain_name)),
@@ -500,7 +500,7 @@ class Record(object):
         """
         Delete a record from domain
         """
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
         data = {
             "rrsets": [{
                 "name": self.name.rstrip('.') + '.',
@@ -562,7 +562,7 @@ class Record(object):
         """
         Update single record
         """
-        headers = {'X-API-Key': self.PDNS_API_KEY}
+        headers = {'X-API-Key': self.PDNS_API_KEY, 'Content-Type': 'application/json'}
 
         data = {
             "rrsets": [{
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 4fce368..21b9d66 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -188,6 +188,7 @@ def api_login_create_zone():
     api_full_uri = api_uri_with_prefix + '/servers/localhost/zones'
     headers = {}
     headers['X-API-Key'] = pdns_api_key
+    headers['Content-Type'] = 'application/json'
 
     msg_str = "Sending request to powerdns API {0}"
     msg = msg_str.format(request.get_json(force=True))

From 930932d1312fce34de6d33b429ab4d24c9b51ede Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Mon, 4 Apr 2022 14:06:31 +0200
Subject: [PATCH 024/203] Render domain data table fields only as text

---
 powerdnsadmin/templates/domain.html | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
index 8366c74..5ad5816 100755
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -161,6 +161,10 @@
                 type: 'natural',
                 targets: [0, 4]
             },
+            {
+                targets: [0, 5],
+                render: $.fn.dataTable.render.text()
+            },
             {
                 // hidden column so that we can add new records on top
                 // regardless of whatever sorting is done. See orderFixed

From e596de37f4ed837b4024a46e681282f6b0e240ab Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Mon, 4 Apr 2022 14:16:40 +0200
Subject: [PATCH 025/203] Render Name, Type, Status, TTL, Data and Edit as text

---
 powerdnsadmin/templates/domain.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
index 5ad5816..e5863cd 100755
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -162,7 +162,7 @@
                 targets: [0, 4]
             },
             {
-                targets: [0, 5],
+                targets: [0, 1, 2, 3, 4, 5],
                 render: $.fn.dataTable.render.text()
             },
             {

From b534eadf1974e1e4bbf5e40c8973383d79cd6124 Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Mon, 4 Apr 2022 14:43:02 +0200
Subject: [PATCH 026/203] Decode domain record data and comment from HTML
 entity to text

---
 powerdnsadmin/static/custom/js/custom.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/static/custom/js/custom.js b/powerdnsadmin/static/custom/js/custom.js
index 395e1ac..051a2e0 100644
--- a/powerdnsadmin/static/custom/js/custom.js
+++ b/powerdnsadmin/static/custom/js/custom.js
@@ -76,13 +76,17 @@ function getTableData(table) {
         record["record_type"] = r[1].trim();
         record["record_status"] = r[2].trim();
         record["record_ttl"] = r[3].trim();
-        record["record_data"] = r[4].trim();
-        record["record_comment"] = r[5].trim();
+        record["record_data"] = convertHTMLEntityToText(r[4].trim());
+        record["record_comment"] = convertHTMLEntityToText(r[5].trim());
         records.push(record);
     });
     return records
 }
 
+function convertHTMLEntityToText(htmlEntity) {
+    return $('<textarea />').html(htmlEntity).text();
+}
+
 function saveRow(oTable, nRow) {
 
     var status = 'Disabled';

From 9c62208c2e1ea7d9be25953bbca9a7f11527f943 Mon Sep 17 00:00:00 2001
From: vmarkop <billy.mark.b.m.10@gmail.com>
Date: Mon, 11 Apr 2022 12:21:34 +0300
Subject: [PATCH 027/203] Updated repository URL

---
 README.md                                              | 10 +++++-----
 powerdnsadmin/templates/base.html                      |  2 +-
 .../templates/emails/account_verification.html         |  2 +-
 powerdnsadmin/templates/login.html                     |  2 +-
 powerdnsadmin/templates/register.html                  |  2 +-
 powerdnsadmin/templates/register_otp.html              |  2 +-
 powerdnsadmin/templates/resend_confirmation_email.html |  2 +-
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index bec39a5..8067855 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # PowerDNS-Admin
 A PowerDNS web interface with advanced features.
 
-[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/ngoduykhanh/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/ngoduykhanh/PowerDNS-Admin/context:python)
-[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/ngoduykhanh/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/ngoduykhanh/PowerDNS-Admin/context:javascript)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/PowerDNS-Admin/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/PowerDNS-Admin/PowerDNS-Admin/context:python)
+[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/PowerDNS-Admin/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/PowerDNS-Admin/PowerDNS-Admin/context:javascript)
 
 #### Features:
 - Multiple domain management
@@ -21,7 +21,7 @@ A PowerDNS web interface with advanced features.
 
 ## Running PowerDNS-Admin
 There are several ways to run PowerDNS-Admin. The easiest way is to use Docker.
-If you are looking to install and run PowerDNS-Admin directly onto your system check out the [Wiki](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki#installation-guides) for ways to do that.
+If you are looking to install and run PowerDNS-Admin directly onto your system check out the [Wiki](https://github.com/PowerDNS-Admin/PowerDNS-Admin/wiki#installation-guides) for ways to do that.
 
 ### Docker
 This are two options to run PowerDNS-Admin using Docker.
@@ -41,7 +41,7 @@ This creates a volume called `pda-data` to persist the SQLite database with the
 #### Option 2: Using docker-compose
 1. Update the configuration   
    Edit the `docker-compose.yml` file to update the database connection string in `SQLALCHEMY_DATABASE_URI`.
-   Other environment variables are mentioned in the [legal_envvars](https://github.com/ngoduykhanh/PowerDNS-Admin/blob/master/configs/docker_config.py#L5-L46).
+   Other environment variables are mentioned in the [legal_envvars](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/master/configs/docker_config.py#L5-L46).
    To use the Docker secrets feature it is possible to append `_FILE` to the environment variables and point to a file with the values stored in it.   
    Make sure to set the environment variable `SECRET_KEY` to a long random string (https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY)
 
@@ -56,5 +56,5 @@ You can then access PowerDNS-Admin by pointing your browser to http://localhost:
 ![dashboard](https://user-images.githubusercontent.com/6447444/44068603-0d2d81f6-9fa5-11e8-83af-14e2ad79e370.png)
 
 ## LICENSE
-MIT. See [LICENSE](https://github.com/ngoduykhanh/PowerDNS-Admin/blob/master/LICENSE)
+MIT. See [LICENSE](https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/master/LICENSE)
 
diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index 792b6fe..bb9be5b 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -194,7 +194,7 @@
   </div>
   <!-- /.content-wrapper -->
   <footer class="main-footer">
-    <strong><a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></strong> - A PowerDNS web interface with advanced features.
+    <strong><a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin">PowerDNS-Admin</a></strong> - A PowerDNS web interface with advanced features.
   </footer>
 </div>
 <!-- ./wrapper -->
diff --git a/powerdnsadmin/templates/emails/account_verification.html b/powerdnsadmin/templates/emails/account_verification.html
index 74e02fd..000e80c 100644
--- a/powerdnsadmin/templates/emails/account_verification.html
+++ b/powerdnsadmin/templates/emails/account_verification.html
@@ -202,7 +202,7 @@
                                 <td class="content-block powered-by"
                                     style="font-family: sans-serif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; color: #999999; font-size: 12px; text-align: center;"
                                     valign="top" align="center">
-                                    Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin"
+                                    Powered by <a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin"
                                         style="color: #999999; font-size: 12px; text-align: center; text-decoration: none;">PowerDNS-Admin</a>.
                                 </td>
                             </tr>
diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 545f437..45afd7f 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -139,7 +139,7 @@
     <!-- /.login-box-body -->
     <div class="login-box-footer">
       <center>
-        <p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p>
+        <p>Powered by <a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin">PowerDNS-Admin</a></p>
       </center>
     </div>
   </div>
diff --git a/powerdnsadmin/templates/register.html b/powerdnsadmin/templates/register.html
index aa98240..04cb1a8 100644
--- a/powerdnsadmin/templates/register.html
+++ b/powerdnsadmin/templates/register.html
@@ -85,7 +85,7 @@
     <!-- /.form-box -->
     <div class="login-box-footer">
       <center>
-        <p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p>
+        <p>Powered by <a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin">PowerDNS-Admin</a></p>
       </center>
     </div>
   </div>
diff --git a/powerdnsadmin/templates/register_otp.html b/powerdnsadmin/templates/register_otp.html
index 68e7ab8..87ec027 100755
--- a/powerdnsadmin/templates/register_otp.html
+++ b/powerdnsadmin/templates/register_otp.html
@@ -76,7 +76,7 @@
       </div>
       <div class="login-box-footer">
         <center>
-          <p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p>
+          <p>Powered by <a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin">PowerDNS-Admin</a></p>
         </center>
       </div>
     </div>
diff --git a/powerdnsadmin/templates/resend_confirmation_email.html b/powerdnsadmin/templates/resend_confirmation_email.html
index a2b7f4a..fd05197 100644
--- a/powerdnsadmin/templates/resend_confirmation_email.html
+++ b/powerdnsadmin/templates/resend_confirmation_email.html
@@ -62,7 +62,7 @@
     <!-- /.form-box -->
     <div class="login-box-footer">
       <center>
-        <p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p>
+        <p>Powered by <a href="https://github.com/PowerDNS-Admin/PowerDNS-Admin">PowerDNS-Admin</a></p>
       </center>
     </div>
   </div>

From ee0511ff4ce32131981c406348b78ed4d2660813 Mon Sep 17 00:00:00 2001
From: Ricardo Melo <rmelo@ludia.com>
Date: Thu, 7 Apr 2022 07:31:27 -0400
Subject: [PATCH 028/203] [Fix] AD recursive problem

- Fixing #1011[https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/1011]
---
 powerdnsadmin/models/user.py | 55 +++++++++++++-----------------------
 1 file changed, 19 insertions(+), 36 deletions(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index ca0561b..1802492 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -174,28 +174,6 @@ class User(db.Model):
             current_app.logger.error(e)
             return False
 
-    def ad_recursive_groups(self, groupDN):
-        """
-        Recursively list groups belonging to a group. It will allow checking deep in the Active Directory
-        whether a user is allowed to enter or not
-        """
-        LDAP_BASE_DN = Setting().get('ldap_base_dn')
-        groupSearchFilter = "(&(objectcategory=group)(member=%s))" % ldap.filter.escape_filter_chars(
-            groupDN)
-        result = [groupDN]
-        try:
-            groups = self.ldap_search(groupSearchFilter, LDAP_BASE_DN)
-            for group in groups:
-                result += [group[0][0]]
-                if 'memberOf' in group[0][1]:
-                    for member in group[0][1]['memberOf']:
-                        result += self.ad_recursive_groups(
-                            member.decode("utf-8"))
-            return result
-        except ldap.LDAPError as e:
-            current_app.logger.exception("Recursive AD Group search error")
-            return result
-
     def is_validate(self, method, src_ip='', trust_user=False):
         """
         Validate user credential
@@ -307,7 +285,17 @@ class User(db.Model):
                                                 LDAP_USER_GROUP))
                                     return False
                             elif LDAP_TYPE == 'ad':
-                                user_ldap_groups = []
+                                ldap_admin_group_filter, ldap_operator_group, ldap_user_group = "", "", ""
+                                if LDAP_ADMIN_GROUP:
+                                    ldap_admin_group_filter = "(memberOf:1.2.840.113556.1.4.1941:={0})".format(LDAP_ADMIN_GROUP)
+                                if LDAP_OPERATOR_GROUP:
+                                    ldap_operator_group = "(memberOf:1.2.840.113556.1.4.1941:={0})".format(LDAP_OPERATOR_GROUP)
+                                if LDAP_USER_GROUP:
+                                    ldap_user_group = "(memberOf:1.2.840.113556.1.4.1941:={0})".format(LDAP_USER_GROUP)
+                                searchFilter = "(&({0}={1})(|{2}{3}{4}))".format(LDAP_FILTER_USERNAME, self.username,
+                                                                                 LDAP_FILTER_GROUP, ldap_admin_group_filter,
+                                                                                 ldap_operator_group, ldap_user_group)
+                                ldap_result = self.ldap_search(searchFilter, LDAP_BASE_DN)
                                 user_ad_member_of = ldap_result[0][0][1].get(
                                     'memberOf')
 
@@ -317,26 +305,21 @@ class User(db.Model):
                                         .format(self.username))
                                     return False
 
-                                for group in [
-                                        g.decode("utf-8")
-                                        for g in user_ad_member_of
-                                ]:
-                                    user_ldap_groups += self.ad_recursive_groups(
-                                        group)
+                                user_ad_member_of = [g.decode("utf-8") for g in user_ad_member_of]
 
-                                if (LDAP_ADMIN_GROUP in user_ldap_groups):
+                                if (LDAP_ADMIN_GROUP in user_ad_member_of):
                                     role_name = 'Administrator'
                                     current_app.logger.info(
                                         'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'
                                         .format(self.username,
                                                 LDAP_ADMIN_GROUP))
-                                elif (LDAP_OPERATOR_GROUP in user_ldap_groups):
+                                elif (LDAP_OPERATOR_GROUP in user_ad_member_of):
                                     role_name = 'Operator'
                                     current_app.logger.info(
                                         'User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin'
                                         .format(self.username,
                                                 LDAP_OPERATOR_GROUP))
-                                elif (LDAP_USER_GROUP in user_ldap_groups):
+                                elif (LDAP_USER_GROUP in user_ad_member_of):
                                     current_app.logger.info(
                                         'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'
                                         .format(self.username,
@@ -636,7 +619,7 @@ class User(db.Model):
         for q in query:
             accounts.append(q[1])
         return accounts
-    
+
     def get_qrcode_value(self):
         img = qrc.make(self.get_totp_uri(),
                     image_factory=qrc_svg.SvgPathImage)
@@ -797,11 +780,11 @@ def get_role_names(roles):
     """
     roles_list=[]
     for role in roles:
-        roles_list.append(role.name) 
+        roles_list.append(role.name)
     return roles_list
-    
+
 def getUserInfo(DomainsOrAccounts):
     current=[]
     for DomainOrAccount in DomainsOrAccounts:
         current.append(DomainOrAccount.name)
-    return current
\ No newline at end of file
+    return current

From bd92c5946c4df0aec689ffa101d7eb26a4e64399 Mon Sep 17 00:00:00 2001
From: Veovis <veovis@kveer.fr>
Date: Tue, 12 Apr 2022 16:50:16 +0200
Subject: [PATCH 029/203] Fix broken SAML login from 9c00e48f

---
 powerdnsadmin/routes/index.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index f2c839d..8e6d0c1 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -965,6 +965,7 @@ def saml_authorized():
     if not current_app.config.get('SAML_ENABLED'):
         current_app.logger.error("SAML authentication is disabled.")
         abort(400)
+    from onelogin.saml2.utils import OneLogin_Saml2_Utils
     req = saml.prepare_flask_request(request)
     auth = saml.init_saml_auth(req)
     auth.process_response()

From f41696c31084f363a4c1c42c7b078e6a3fe8b3cd Mon Sep 17 00:00:00 2001
From: root <ganor.roei98@gmail.com>
Date: Mon, 18 Apr 2022 09:01:22 +0000
Subject: [PATCH 030/203] WIP - Added health check

---
 powerdnsadmin/lib/errors.py |  8 ++++++++
 powerdnsadmin/routes/api.py | 35 ++++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/lib/errors.py b/powerdnsadmin/lib/errors.py
index 687f554..b820017 100644
--- a/powerdnsadmin/lib/errors.py
+++ b/powerdnsadmin/lib/errors.py
@@ -171,3 +171,11 @@ class UserDeleteFail(StructuredException):
         StructuredException.__init__(self)
         self.message = message
         self.name = name
+
+class HealthCheckFail(StructuredException):
+    status_code = 500
+
+    def __init__(self,name=None, message="Health check failed"):
+        StructuredException.__init__(self)
+        self.message = message
+        self.name = name
\ No newline at end of file
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 4fce368..580e1a1 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -23,7 +23,7 @@ from ..lib.errors import (
     AccountCreateFail, AccountUpdateFail, AccountDeleteFail,
     AccountCreateDuplicate, AccountNotExists,
     UserCreateFail, UserCreateDuplicate, UserUpdateFail, UserDeleteFail,
-    UserUpdateFailEmail,
+    UserUpdateFailEmail, HealthCheckFail
 )
 from ..decorators import (
     api_basic_auth, api_can_create_domain, is_json, apikey_auth,
@@ -1182,3 +1182,36 @@ def sync_domains():
     domain = Domain()
     domain.update()
     return 'Finished synchronization in background', 200
+
+@api_bp.route('/health', methods=['GET'])
+def health():
+    domain = Domain()
+    domain_to_query = domain.query.first()
+    
+    if not domain_to_query:
+        current_app.logger.error("No domain found to query a health check")
+        raise (HealthCheckFail)
+
+    pdns_api_url = Setting().get('pdns_api_url')
+    pdns_api_key = Setting().get('pdns_api_key')
+    pdns_version = Setting().get('pdns_version')
+    api_uri_with_prefix = utils.pdns_api_extended_uri(pdns_version)
+    api_uri = '/servers/localhost/zones/{}'.format(domain_to_query.name)
+    headers = {}
+    headers['X-API-Key'] = pdns_api_key
+
+    try:
+        resp = utils.fetch_remote(urljoin(pdns_api_url, api_uri_with_prefix + api_uri),
+                                method='GET',
+                                headers=headers,
+                                accept='application/json; q=1',
+                                verify=Setting().get('verify_ssl_connections'))
+                                
+    except Exception as e:
+        current_app.logger.error("Health Check - Failed to query authoritative server for domain {}".format(domain_to_query.name))
+        return make_response("bad", 503)
+
+    if resp.status_code == 200:
+        return make_response("good", 200)
+    else:
+        return make_response("bad", 503)
\ No newline at end of file

From 4958423cc74a929f052f4da6dea9f684f33b5850 Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Mon, 18 Apr 2022 22:11:31 +0300
Subject: [PATCH 031/203] Update api.py

---
 powerdnsadmin/routes/api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 580e1a1..7ce363d 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -1214,4 +1214,5 @@ def health():
     if resp.status_code == 200:
         return make_response("good", 200)
     else:
-        return make_response("bad", 503)
\ No newline at end of file
+        return make_response("bad", 503)
+    

From 4d6c6224b4d752c54663f2f2d87930fbc83717be Mon Sep 17 00:00:00 2001
From: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Date: Wed, 20 Apr 2022 13:31:23 +0300
Subject: [PATCH 032/203] Login requirement removal for /ping endpoint

---
 powerdnsadmin/routes/index.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 8e6d0c1..540c8d9 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -84,7 +84,6 @@ def index():
 
 
 @index_bp.route('/ping', methods=['GET'])
-@login_required
 def ping():
     return make_response('ok')
 

From 40deb3c145619067ff20af15b4a0d0c589d33322 Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Wed, 6 Apr 2022 14:59:59 +0200
Subject: [PATCH 033/203] Create method to encode and decode idna
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously strings with characters like "ß" would throw and exception
This seems to happen because the lib behind encode().decode('idna')
cant handle characters like this
---
 powerdnsadmin/lib/utils.py | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 951f750..9e7cf20 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -4,6 +4,7 @@ import json
 import requests
 import hashlib
 import ipaddress
+import idna
 
 from collections.abc import Iterable
 from distutils.version import StrictVersion
@@ -248,10 +249,27 @@ def pretty_domain_name(value):
         if value.startswith('xn--') \
         or value.find('.xn--') != -1:
             try:
-                return value.encode().decode('idna')
+                return to_idna(value, 'decode')
             except:
-                raise Exception("Cannot decode IDN domain")
+                raise Exception('Cannot decode IDN domain')
         else:
             return value
     else:
-        raise Exception("Require the Punycode in string format")
+        raise Exception('Require the Punycode in string format')
+
+def to_idna(value, action):
+    splits = value.split()
+    result = []
+    if action == 'encode':
+        for split in splits:
+            try:
+                # Try encoding to idna
+                result.append(idna.encode(split).decode())
+            except idna.IDNAError:
+                result.append(split)
+    elif action == 'decode':
+        for split in splits:
+            result.append(idna.decode(split))   
+    else:
+        raise Exception('No valid action received')
+    return ' '.join(result)

From 191e919626d396494c1197fa4405e158a6fc1251 Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Wed, 6 Apr 2022 17:01:28 +0200
Subject: [PATCH 034/203] Allow IDNA in SOA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Previously having characters like "ü" in the SOA wouldnt allow to push
updates to the domain
* Also use the new method to_idna to support characters like "ß"
---
 powerdnsadmin/models/record.py | 6 +++---
 powerdnsadmin/routes/domain.py | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/powerdnsadmin/models/record.py b/powerdnsadmin/models/record.py
index 9929b67..c19576a 100644
--- a/powerdnsadmin/models/record.py
+++ b/powerdnsadmin/models/record.py
@@ -169,12 +169,12 @@ class Record(object):
             record['record_data'] = record['record_data'].replace('[ZONE]', domain_name)
             # Translate record name into punycode (IDN) as that's the only way
             # to convey non-ascii records to the dns server
-            record['record_name'] = record['record_name'].encode('idna').decode()
+            record['record_name'] = utils.to_idna(record["record_name"], "encode")
             #TODO: error handling
             # If the record is an alias (CNAME), we will also make sure that
             # the target domain is properly converted to punycode (IDN)
-            if record["record_type"] == 'CNAME':
-                record['record_data'] = record['record_data'].encode('idna').decode()
+            if record['record_type'] == 'CNAME' or record['record_type'] == 'SOA':
+                record['record_data'] = utils.to_idna(record['record_data'], 'encode')
                 #TODO: error handling
             # If it is ipv6 reverse zone and PRETTY_IPV6_PTR is enabled,
             # We convert ipv6 address back to reverse record format
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index e3b61cc..603a2a3 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -10,6 +10,7 @@ from flask_login import login_required, current_user, login_manager
 
 from ..lib.utils import pretty_domain_name
 from ..lib.utils import pretty_json
+from ..lib.utils import to_idna
 from ..decorators import can_create_domain, operator_role_required, can_access_domain, can_configure_dnssec, can_remove_domain
 from ..models.user import User, Anonymous
 from ..models.account import Account
@@ -379,7 +380,7 @@ def add():
 
             # Encode domain name into punycode (IDN)
             try:
-                domain_name = domain_name.encode('idna').decode()
+                domain_name = to_idna(domain_name, 'encode')
             except:
                 current_app.logger.error("Cannot encode the domain name {}".format(domain_name))
                 current_app.logger.debug(traceback.format_exc())

From 3df36adbf461e9c5e6b5380c4519ded8d60059c7 Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Mon, 4 Apr 2022 17:22:41 +0200
Subject: [PATCH 035/203] Add more detailed info to the history when a msg and
 status exists

---
 powerdnsadmin/routes/admin.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 5573502..f6de2b3 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -883,6 +883,16 @@ class DetailedHistory():
                 domain_type=DetailedHistory.get_key_val(detail_dict, "domain_type"),
                 domain_master_ips=DetailedHistory.get_key_val(detail_dict, "domain_master_ips"))
 
+        elif DetailedHistory.get_key_val(detail_dict, 'msg') and DetailedHistory.get_key_val(detail_dict, 'status'):
+            self.detailed_msg = render_template_string('''
+                <table class="table table-bordered table-striped">
+                    <tr><td>Status: </td><td>{{ history_status }}</td></tr>
+                    <tr><td>Message:</td><td>{{ history_msg }}</td></tr>
+                </table>
+                ''',
+                history_status=DetailedHistory.get_key_val(detail_dict, 'status'),
+                history_msg=DetailedHistory.get_key_val(detail_dict, 'msg'))
+
     # check for lower key as well for old databases
     @staticmethod
     def get_key_val(_dict, key):

From 44c9aff5dba929876dc6a8c6007f90fd1070617f Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Tue, 5 Apr 2022 10:50:15 +0200
Subject: [PATCH 036/203] Use json.dumps for every detail in history

This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
---
 powerdnsadmin/routes/admin.py  | 55 +++++++++++++++++-----------------
 powerdnsadmin/routes/domain.py | 12 ++++----
 powerdnsadmin/routes/index.py  | 39 +++++++++++++-----------
 3 files changed, 56 insertions(+), 50 deletions(-)

diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index f6de2b3..44d2d67 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -93,7 +93,7 @@ def extract_changelogs_from_a_history_entry(out_changes, history_entry, change_n
         return
 
     if "add_rrests" in history_entry.detail:
-        detail_dict = json.loads(history_entry.detail.replace("\'", ''))
+        detail_dict = json.loads(history_entry.detail)
     else: # not a record entry
         return
 
@@ -362,13 +362,14 @@ def edit_key(key_id=None):
                 current_app.logger.error('Error: {0}'.format(e))
 
         history = History(msg=history_message,
-                          detail=str({
-                            'key': apikey.id,
-                            'role': apikey.role.name,
-                            'description': apikey.description,
-                            'domains': [domain.name for domain in apikey.domains],
-                            'accounts': [a.name for a in apikey.accounts]
-                          }),
+                          detail=str(
+                            json.dumps({
+                                'key': apikey.id,
+                                'role': apikey.role.name,
+                                'description': apikey.description,
+                                'domains': [domain.name for domain in apikey.domains],
+                                'accounts': [a.name for a in apikey.accounts]
+                            })),
                           created_by=current_user.username)
         history.add()
 
@@ -411,12 +412,13 @@ def manage_keys():
 
             current_app.logger.info('Delete API key {0}'.format(apikey.id))
             history = History(msg='Delete API key {0}'.format(apikey.id),
-                              detail=str({
-                                  'key': history_apikey_id,
-                                  'role': history_apikey_role,
-                                  'description': history_apikey_description,
-                                  'domains': history_apikey_domains
-                              }),
+                              detail=str(
+                                json.dumps({
+                                    'key': history_apikey_id,
+                                    'role': history_apikey_role,
+                                    'description': history_apikey_description,
+                                    'domains': history_apikey_domains
+                                })),
                               created_by=current_user.username)
             history.add()
 
@@ -763,10 +765,7 @@ class DetailedHistory():
             self.detailed_msg = ""
             return
 
-        if 'add_rrest' in history.detail:
-            detail_dict = json.loads(history.detail.replace("\'", ''))
-        else:
-            detail_dict = json.loads(history.detail.replace("'", '"'))
+        detail_dict = json.loads(history.detail)
 
         if 'domain_type' in detail_dict and 'account_id' in detail_dict:  # this is a domain creation
             self.detailed_msg = render_template_string("""
@@ -1673,10 +1672,11 @@ def create_template():
             result = t.create()
             if result['status'] == 'ok':
                 history = History(msg='Add domain template {0}'.format(name),
-                                  detail=str({
-                                      'name': name,
-                                      'description': description
-                                  }),
+                                  detail=str(
+                                    json.dumps({
+                                        'name': name,
+                                        'description': description
+                                    })),
                                   created_by=current_user.username)
                 history.add()
                 return redirect(url_for('admin.templates'))
@@ -1720,10 +1720,11 @@ def create_template_from_zone():
         result = t.create()
         if result['status'] == 'ok':
             history = History(msg='Add domain template {0}'.format(name),
-                              detail=str({
-                                  'name': name,
-                                  'description': description
-                              }),
+                              detail=str(
+                                json.dumps({
+                                    'name': name,
+                                    'description': description
+                                })),
                               created_by=current_user.username)
             history.add()
 
@@ -1883,7 +1884,7 @@ def delete_template(template):
             if result['status'] == 'ok':
                 history = History(
                     msg='Deleted domain template {0}'.format(template),
-                    detail=str({'name': template}),
+                    detail=str(json.dumps({'name': template})),
                     created_by=current_user.username)
                 history.add()
                 return redirect(url_for('admin.templates'))
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index 7248d36..dfb12e9 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -409,11 +409,12 @@ def add():
                 domain_id = Domain().get_id_by_name(domain_name)
                 history = History(msg='Add domain {0}'.format(
                     pretty_domain_name(domain_name)),
-                                  detail=str({
+                                  detail=str(
+                                      json.dumps({
                                       'domain_type': domain_type,
                                       'domain_master_ips': domain_master_ips,
                                       'account_id': account_id
-                                  }),
+                                  })),
                                   created_by=current_user.username,
                                   domain_id=domain_id)
                 history.add()
@@ -464,7 +465,7 @@ def add():
                             msg=
                             'Failed to apply template {0} to {1}.'
                             .format(template.name, domain_name),
-                            detail=str(result),
+                            detail=str(json.dumps(result)),
                             created_by=current_user.username)
                         history.add()
                 return redirect(url_for('dashboard.dashboard'))
@@ -617,10 +618,11 @@ def change_soa_edit_api(domain_name):
         history = History(
             msg='Update soa_edit_api for domain {0}'.format(
                 pretty_domain_name(domain_name)),
-            detail=str({
+            detail=str(
+                json.dumps({
                 "domain": domain_name,
                 "soa_edit_api": new_setting
-            }),
+            })),
             created_by=current_user.username,
             domain_id=d.get_id_by_name(domain_name))
         history.add()
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 8e6d0c1..990854d 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -550,12 +550,13 @@ def signin_history(username, authenticator, success):
 
     # Write history
     History(msg='User {} authentication {}'.format(username, str_success),
-            detail=str({
-                "username": username,
-                "authenticator": authenticator,
-                "ip_address": request_ip,
-                "success": 1 if success else 0
-            }),
+            detail=str(
+                json.dumps({
+                    "username": username,
+                    "authenticator": authenticator,
+                    "ip_address": request_ip,
+                    "success": 1 if success else 0
+                })),
             created_by='System').add()
 
 # Get a list of Azure security groups the user is a member of
@@ -864,13 +865,14 @@ def dyndns_update():
                 if result['status'] == 'ok':
                     history = History(
                         msg='DynDNS update: updated {} successfully'.format(hostname),
-                        detail=str({
-                            "domain": domain.name,
-                            "record": hostname,
-                            "type": rtype,
-                            "old_value": oldip,
-                            "new_value": str(ip)
-                        }),
+                        detail=str(
+                            json.dumps({
+                                "domain": domain.name,
+                                "record": hostname,
+                                "type": rtype,
+                                "old_value": oldip,
+                                "new_value": str(ip)
+                            })),
                         created_by=current_user.username,
                         domain_id=domain.id)
                     history.add()
@@ -906,11 +908,12 @@ def dyndns_update():
                         msg=
                         'DynDNS update: created record {0} in zone {1} successfully'
                         .format(hostname, domain.name, str(ip)),
-                        detail=str({
-                            "domain": domain.name,
-                            "record": hostname,
-                            "value": str(ip)
-                        }),
+                        detail=str(
+                            json.dumps({
+                                "domain": domain.name,
+                                "record": hostname,
+                                "value": str(ip)
+                            })),
                         created_by=current_user.username,
                         domain_id=domain.id)
                     history.add()

From 26c60f175de74c1213d6765e4bf45e01ca62f49b Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <github@advantic.de>
Date: Tue, 26 Apr 2022 09:11:05 +0200
Subject: [PATCH 037/203] Remove unnecessary call to str()

* json.dumps() already returns a str
---
 powerdnsadmin/routes/admin.py  | 24 +++++++----------
 powerdnsadmin/routes/domain.py | 49 +++++++++++++++-------------------
 powerdnsadmin/routes/index.py  | 39 +++++++++++++--------------
 3 files changed, 50 insertions(+), 62 deletions(-)

diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 44d2d67..7919c8c 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -362,14 +362,13 @@ def edit_key(key_id=None):
                 current_app.logger.error('Error: {0}'.format(e))
 
         history = History(msg=history_message,
-                          detail=str(
-                            json.dumps({
+                          detail = json.dumps({
                                 'key': apikey.id,
                                 'role': apikey.role.name,
                                 'description': apikey.description,
                                 'domains': [domain.name for domain in apikey.domains],
                                 'accounts': [a.name for a in apikey.accounts]
-                            })),
+                            }),
                           created_by=current_user.username)
         history.add()
 
@@ -412,13 +411,12 @@ def manage_keys():
 
             current_app.logger.info('Delete API key {0}'.format(apikey.id))
             history = History(msg='Delete API key {0}'.format(apikey.id),
-                              detail=str(
-                                json.dumps({
+                              detail = json.dumps({
                                     'key': history_apikey_id,
                                     'role': history_apikey_role,
                                     'description': history_apikey_description,
                                     'domains': history_apikey_domains
-                                })),
+                                }),
                               created_by=current_user.username)
             history.add()
 
@@ -1672,11 +1670,10 @@ def create_template():
             result = t.create()
             if result['status'] == 'ok':
                 history = History(msg='Add domain template {0}'.format(name),
-                                  detail=str(
-                                    json.dumps({
+                                  detail = json.dumps({
                                         'name': name,
                                         'description': description
-                                    })),
+                                    }),
                                   created_by=current_user.username)
                 history.add()
                 return redirect(url_for('admin.templates'))
@@ -1720,11 +1717,10 @@ def create_template_from_zone():
         result = t.create()
         if result['status'] == 'ok':
             history = History(msg='Add domain template {0}'.format(name),
-                              detail=str(
-                                json.dumps({
+                              detail = json.dumps({
                                     'name': name,
                                     'description': description
-                                })),
+                                }),
                               created_by=current_user.username)
             history.add()
 
@@ -1854,7 +1850,7 @@ def apply_records(template):
             history = History(
                 msg='Apply domain template record changes to domain template {0}'
                 .format(template),
-                detail=str(json.dumps(jdata)),
+                detail = json.dumps(jdata),
                 created_by=current_user.username)
             history.add()
             return make_response(jsonify(result), 200)
@@ -1884,7 +1880,7 @@ def delete_template(template):
             if result['status'] == 'ok':
                 history = History(
                     msg='Deleted domain template {0}'.format(template),
-                    detail=str(json.dumps({'name': template})),
+                    detail = json.dumps({'name': template}),
                     created_by=current_user.username)
                 history.add()
                 return redirect(url_for('admin.templates'))
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index dfb12e9..1d922be 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -409,12 +409,11 @@ def add():
                 domain_id = Domain().get_id_by_name(domain_name)
                 history = History(msg='Add domain {0}'.format(
                     pretty_domain_name(domain_name)),
-                                  detail=str(
-                                      json.dumps({
+                                  detail = json.dumps({
                                       'domain_type': domain_type,
                                       'domain_master_ips': domain_master_ips,
                                       'account_id': account_id
-                                  })),
+                                  }),
                                   created_by=current_user.username,
                                   domain_id=domain_id)
                 history.add()
@@ -446,17 +445,16 @@ def add():
                         history = History(
                             msg='Applying template {0} to {1} successfully.'.
                             format(template.name, domain_name),
-                            detail=str(
-                                json.dumps({
-                                    "domain":
+                            detail = json.dumps({
+                                    'domain':
                                     domain_name,
-                                    "template":
+                                    'template':
                                     template.name,
-                                    "add_rrests":
+                                    'add_rrests':
                                     result['data'][0]['rrsets'],
-                                    "del_rrests":
+                                    'del_rrests':
                                     result['data'][1]['rrsets']
-                                })),
+                                }),
                             created_by=current_user.username,
                             domain_id=domain_id)
                         history.add()
@@ -465,7 +463,7 @@ def add():
                             msg=
                             'Failed to apply template {0} to {1}.'
                             .format(template.name, domain_name),
-                            detail=str(json.dumps(result)),
+                            detail = json.dumps(result),
                             created_by=current_user.username)
                         history.add()
                 return redirect(url_for('dashboard.dashboard'))
@@ -618,11 +616,10 @@ def change_soa_edit_api(domain_name):
         history = History(
             msg='Update soa_edit_api for domain {0}'.format(
                 pretty_domain_name(domain_name)),
-            detail=str(
-                json.dumps({
-                "domain": domain_name,
-                "soa_edit_api": new_setting
-            })),
+            detail = json.dumps({
+                'domain': domain_name,
+                'soa_edit_api': new_setting
+            }),
             created_by=current_user.username,
             domain_id=d.get_id_by_name(domain_name))
         history.add()
@@ -686,12 +683,11 @@ def record_apply(domain_name):
         if result['status'] == 'ok':
             history = History(
                 msg='Apply record changes to domain {0}'.format(pretty_domain_name(domain_name)),
-                detail=str(
-                    json.dumps({
-                        "domain": domain_name,
-                        "add_rrests": result['data'][0]['rrsets'],
-                        "del_rrests": result['data'][1]['rrsets']
-                    })),
+                detail = json.dumps({
+                        'domain': domain_name,
+                        'add_rrests': result['data'][0]['rrsets'],
+                        'del_rrests': result['data'][1]['rrsets']
+                    }),
                 created_by=current_user.username,
                 domain_id=domain.id)
             history.add()
@@ -700,11 +696,10 @@ def record_apply(domain_name):
             history = History(
                 msg='Failed to apply record changes to domain {0}'.format(
                     pretty_domain_name(domain_name)),
-                detail=str(
-                    json.dumps({
-                        "domain": domain_name,
-                        "msg": result['msg'],
-                    })),
+                detail = json.dumps({
+                        'domain': domain_name,
+                        'msg': result['msg'],
+                    }),
                 created_by=current_user.username)
             history.add()
             return make_response(jsonify(result), 400)
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 990854d..6214617 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -550,13 +550,12 @@ def signin_history(username, authenticator, success):
 
     # Write history
     History(msg='User {} authentication {}'.format(username, str_success),
-            detail=str(
-                json.dumps({
-                    "username": username,
-                    "authenticator": authenticator,
-                    "ip_address": request_ip,
-                    "success": 1 if success else 0
-                })),
+            detail = json.dumps({
+                    'username': username,
+                    'authenticator': authenticator,
+                    'ip_address': request_ip,
+                    'success': 1 if success else 0
+                }),
             created_by='System').add()
 
 # Get a list of Azure security groups the user is a member of
@@ -865,14 +864,13 @@ def dyndns_update():
                 if result['status'] == 'ok':
                     history = History(
                         msg='DynDNS update: updated {} successfully'.format(hostname),
-                        detail=str(
-                            json.dumps({
-                                "domain": domain.name,
-                                "record": hostname,
-                                "type": rtype,
-                                "old_value": oldip,
-                                "new_value": str(ip)
-                            })),
+                        detail = json.dumps({
+                                'domain': domain.name,
+                                'record': hostname,
+                                'type': rtype,
+                                'old_value': oldip,
+                                'new_value': str(ip)
+                            }),
                         created_by=current_user.username,
                         domain_id=domain.id)
                     history.add()
@@ -908,12 +906,11 @@ def dyndns_update():
                         msg=
                         'DynDNS update: created record {0} in zone {1} successfully'
                         .format(hostname, domain.name, str(ip)),
-                        detail=str(
-                            json.dumps({
-                                "domain": domain.name,
-                                "record": hostname,
-                                "value": str(ip)
-                            })),
+                        detail = json.dumps({
+                                'domain': domain.name,
+                                'record': hostname,
+                                'value': str(ip)
+                            }),
                         created_by=current_user.username,
                         domain_id=domain.id)
                     history.add()

From c8d14d91fe6df6c479024aa05d73b86313056db2 Mon Sep 17 00:00:00 2001
From: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Date: Wed, 27 Apr 2022 16:11:09 +0300
Subject: [PATCH 038/203] cryptography-dependency-addition

---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index d9e41e8..4914a8e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,4 +30,5 @@ Flask-Mail==0.9.1
 flask-session==0.3.2
 Jinja2==3.0.3
 itsdangerous==2.0.1
-werkzeug==2.0.3
\ No newline at end of file
+werkzeug==2.0.3
+cryptography==36.0.2
\ No newline at end of file

From 06ffee18a0594e19855981ebec2be9f64fbba2d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Thu, 5 May 2022 00:41:19 +0200
Subject: [PATCH 039/203] fix: Provide an Alembic update script to fixe quotes

---
 ...c7cf864b24_update_history_detail_quotes.py | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 migrations/versions/fbc7cf864b24_update_history_detail_quotes.py

diff --git a/migrations/versions/fbc7cf864b24_update_history_detail_quotes.py b/migrations/versions/fbc7cf864b24_update_history_detail_quotes.py
new file mode 100644
index 0000000..4aaf16c
--- /dev/null
+++ b/migrations/versions/fbc7cf864b24_update_history_detail_quotes.py
@@ -0,0 +1,47 @@
+"""update history detail quotes
+
+Revision ID: fbc7cf864b24
+Revises: 0967658d9c0d
+Create Date: 2022-05-04 19:49:54.054285
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = 'fbc7cf864b24'
+down_revision = '0967658d9c0d'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    history_table = sa.sql.table(
+        'history',
+        sa.Column('id', sa.Integer),
+        sa.Column('msg', sa.String),
+        sa.Column('detail', sa.Text),
+        sa.Column('created_by', sa.String),
+        sa.Column('created_on', sa.DateTime),
+        sa.Column('domain_id', sa.Integer)
+    )
+
+    op.execute(
+        history_table.update().where(
+            sa.and_(
+                history_table.c.detail.like("%'%"),
+                history_table.c.detail.notlike("%rrests%"),
+                history_table.c.detail.notlike("%rrsets%")
+            )
+        ).values({
+            'detail': sa.func.replace(
+                history_table.c.detail,
+                "'",
+                '"'
+            )
+        })
+    )
+
+
+def downgrade():
+    pass

From 64f7968af93d3ea27eae2493eb6c3ce669b532b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Fri, 6 May 2022 10:17:03 +0200
Subject: [PATCH 040/203] fix: Use json.dumps instead of str

---
 powerdnsadmin/models/domain.py | 3 ++-
 powerdnsadmin/routes/domain.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index d2bb197..3db1a99 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -1,3 +1,4 @@
+import json
 import re
 import traceback
 from flask import current_app
@@ -421,7 +422,7 @@ class Domain(db.Model):
             if result['status'] == 'ok':
                 history = History(msg='Add reverse lookup domain {0}'.format(
                     domain_reverse_name),
-                    detail=str({
+                    detail=json.dumps({
                         'domain_type': 'Master',
                         'domain_master_ips': ''
                     }),
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index 1d922be..fe9e98c 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -544,7 +544,7 @@ def setting(domain_name):
         history = History(
             msg='Change domain {0} access control'.format(
                 pretty_domain_name(domain_name)),
-            detail=str({'user_has_access': new_user_list}),
+            detail=json.dumps({'user_has_access': new_user_list}),
             created_by=current_user.username,
             domain_id=d.id)
         history.add()
@@ -582,7 +582,7 @@ def change_type(domain_name):
     if status['status'] == 'ok':
         history = History(msg='Update type for domain {0}'.format(
                 pretty_domain_name(domain_name)),
-                          detail=str({
+                          detail=json.dumps({
                               "domain": domain_name,
                               "type": domain_type,
                               "masters": domain_master_ips

From 68045cc60c7160b11cb4fbbe655be750de4d0851 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Sat, 7 May 2022 21:14:29 +0200
Subject: [PATCH 041/203] Fix revision in migration filename

This has no functional impact, flask-migrate aka alembic was and will
continue to work as expected. It is just a cosmetic change for
consistency.
---
 ...in_the_db.py => 31a4ed468b18_remove_all_settings_in_the_db.py} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename migrations/versions/{1274ed462010_remove_all_settings_in_the_db.py => 31a4ed468b18_remove_all_settings_in_the_db.py} (100%)

diff --git a/migrations/versions/1274ed462010_remove_all_settings_in_the_db.py b/migrations/versions/31a4ed468b18_remove_all_settings_in_the_db.py
similarity index 100%
rename from migrations/versions/1274ed462010_remove_all_settings_in_the_db.py
rename to migrations/versions/31a4ed468b18_remove_all_settings_in_the_db.py

From 0e2cd063c5a522c103df1aa401f077ea4523faba Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Sat, 7 May 2022 21:14:48 +0200
Subject: [PATCH 042/203] Remove python v2 remnant

As vermin [0] confirms, the codebase has long moved beyond supporting
python v2 (which is not a bad thing). This removes the last explicit py2
piece of code.

And in case anyone wonders, vermin currently reports the minium version
to be v3.6.

[0] https://pypi.org/project/vermin/
---
 powerdnsadmin/models/user.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 1802492..1b34d62 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -83,10 +83,7 @@ class User(db.Model):
         return False
 
     def get_id(self):
-        try:
-            return unicode(self.id)  # python 2
-        except NameError:
-            return str(self.id)  # python 3
+        return str(self.id)
 
     def __repr__(self):
         return '<User {0}>'.format(self.username)

From fec649b7476d0a7cdeb3a011620003acef1d250a Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Sat, 7 May 2022 21:14:57 +0200
Subject: [PATCH 043/203] Header for fixed order column

Semantically and syntactically it is better to have the same number of
`<th>` as `<td>`. Not that anyone will ever see that new header, since
that column is always invisible (except if the user disables javascript).

Plus remove a unmatched closing html element.
---
 powerdnsadmin/templates/domain.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
index e5863cd..d5e85fc 100755
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -60,6 +60,7 @@
                                 {% if current_user.role.name in ['Administrator', 'Operator'] or SETTING.get('allow_user_view_history') %}
                                 <th >Changelog</th>
                                 {% endif %}
+                                <th>Invisible Sorting Column</th>
                             </tr>
                         </thead>
                         <tbody>
@@ -104,7 +105,6 @@
                                         <button type="button" class="btn btn-flat btn-warning">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
                                     </td>
                                 {% endif %}
-                                    </td>
                                     {% if current_user.role.name in ['Administrator', 'Operator'] or SETTING.get('allow_user_view_history') %}
                                     <td width="6%">
                                         <button type="button" onclick="show_record_changelog('{{record.name}}','{{record.type}}',event)" class="btn btn-flat btn-primary">&nbsp;&nbsp;

From 564ec6086dd4f927fdebbdc360f3d34f9b84aaeb Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Sat, 7 May 2022 21:15:25 +0200
Subject: [PATCH 044/203] Replace pyOpenSSL with cryptography

This is literally the example from the docs [0]. The only thing I
adapted are the parameters for the keys and certificate, so they
stay the same.

Fixes #1086

[0] https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
---
 powerdnsadmin/lib/certutil.py | 88 +++++++++++++++++++----------------
 requirements.txt              |  1 -
 2 files changed, 49 insertions(+), 40 deletions(-)

diff --git a/powerdnsadmin/lib/certutil.py b/powerdnsadmin/lib/certutil.py
index 9e09cf6..863e40b 100644
--- a/powerdnsadmin/lib/certutil.py
+++ b/powerdnsadmin/lib/certutil.py
@@ -1,48 +1,58 @@
-from OpenSSL import crypto
-from datetime import datetime
-import pytz
+import datetime
 import os
-CRYPT_PATH = os.path.abspath(os.path.dirname(os.path.realpath(__file__))  + "/../../")
+
+from cryptography import x509
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.x509.oid import NameOID
+
+
+CRYPT_PATH = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + "/../../")
 CERT_FILE = CRYPT_PATH + "/saml_cert.crt"
 KEY_FILE = CRYPT_PATH + "/saml_cert.key"
 
 
-def check_certificate():
-    if not os.path.isfile(CERT_FILE):
-        return False
-    st_cert = open(CERT_FILE, 'rt').read()
-    cert = crypto.load_certificate(crypto.FILETYPE_PEM, st_cert)
-    now = datetime.now(pytz.utc)
-    begin = datetime.strptime(cert.get_notBefore(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC)
-    begin_ok = begin < now
-    end = datetime.strptime(cert.get_notAfter(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC)
-    end_ok = end > now
-    if begin_ok and end_ok:
-        return True
-    return False
-
 def create_self_signed_cert():
+    """ Generate a new self-signed RSA-2048-SHA256 x509 certificate. """
+    # Generate our key
+    key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=2048,
+    )
 
-    # create a key pair
-    k = crypto.PKey()
-    k.generate_key(crypto.TYPE_RSA, 2048)
+    # Write our key to disk for safe keeping
+    with open(KEY_FILE, "wb") as key_file:
+        key_file.write(key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption(),
+        ))
 
-    # create a self-signed cert
-    cert = crypto.X509()
-    cert.get_subject().C = "DE"
-    cert.get_subject().ST = "NRW"
-    cert.get_subject().L = "Dortmund"
-    cert.get_subject().O = "Dummy Company Ltd"
-    cert.get_subject().OU = "Dummy Company Ltd"
-    cert.get_subject().CN = "PowerDNS-Admin"
-    cert.set_serial_number(1000)
-    cert.gmtime_adj_notBefore(0)
-    cert.gmtime_adj_notAfter(10*365*24*60*60)
-    cert.set_issuer(cert.get_subject())
-    cert.set_pubkey(k)
-    cert.sign(k, 'sha256')
+    # Various details about who we are. For a self-signed certificate the
+    # subject and issuer are always the same.
+    subject = issuer = x509.Name([
+        x509.NameAttribute(NameOID.COUNTRY_NAME, "DE"),
+        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "NRW"),
+        x509.NameAttribute(NameOID.LOCALITY_NAME, "Dortmund"),
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Dummy Company Ltd"),
+        x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Dummy Company Ltd"),
+        x509.NameAttribute(NameOID.COMMON_NAME, "PowerDNS-Admin"),
+    ])
 
-    open(CERT_FILE, "bw").write(
-        crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
-    open(KEY_FILE, "bw").write(
-        crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
\ No newline at end of file
+    cert = x509.CertificateBuilder().subject_name(
+        subject
+    ).issuer_name(
+        issuer
+    ).public_key(
+        key.public_key()
+    ).serial_number(
+        x509.random_serial_number()
+    ).not_valid_before(
+        datetime.datetime.utcnow()
+    ).not_valid_after(
+        datetime.datetime.utcnow() + datetime.timedelta(days=10*365)
+    ).sign(key, hashes.SHA256())
+
+    # Write our certificate out to disk.
+    with open(CERT_FILE, "wb") as cert_file:
+        cert_file.write(cert.public_bytes(serialization.Encoding.PEM))
diff --git a/requirements.txt b/requirements.txt
index 4914a8e..ce24450 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,6 @@ qrcode==6.1
 dnspython>=1.16.0
 gunicorn==20.0.4
 python3-saml
-pyOpenSSL==19.1.0
 pytz==2020.1
 cssmin==0.2.0
 jsmin==3.0.0

From b3271e84d6153b0157f887e5a5cab7e86eaba468 Mon Sep 17 00:00:00 2001
From: Cloud User
 <rganor@PowerDNS-Admin.jmrhd2hm4czujfv1nhhpcfh5wh.bx.internal.cloudapp.net>
Date: Sun, 15 May 2022 12:19:04 +0000
Subject: [PATCH 045/203] Using domain model and added authentication

---
 powerdnsadmin/lib/errors.py |  8 --------
 powerdnsadmin/routes/api.py | 28 ++++++----------------------
 2 files changed, 6 insertions(+), 30 deletions(-)

diff --git a/powerdnsadmin/lib/errors.py b/powerdnsadmin/lib/errors.py
index b820017..687f554 100644
--- a/powerdnsadmin/lib/errors.py
+++ b/powerdnsadmin/lib/errors.py
@@ -171,11 +171,3 @@ class UserDeleteFail(StructuredException):
         StructuredException.__init__(self)
         self.message = message
         self.name = name
-
-class HealthCheckFail(StructuredException):
-    status_code = 500
-
-    def __init__(self,name=None, message="Health check failed"):
-        StructuredException.__init__(self)
-        self.message = message
-        self.name = name
\ No newline at end of file
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 7ce363d..cf74986 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -23,7 +23,7 @@ from ..lib.errors import (
     AccountCreateFail, AccountUpdateFail, AccountDeleteFail,
     AccountCreateDuplicate, AccountNotExists,
     UserCreateFail, UserCreateDuplicate, UserUpdateFail, UserDeleteFail,
-    UserUpdateFailEmail, HealthCheckFail
+    UserUpdateFailEmail
 )
 from ..decorators import (
     api_basic_auth, api_can_create_domain, is_json, apikey_auth,
@@ -1184,35 +1184,19 @@ def sync_domains():
     return 'Finished synchronization in background', 200
 
 @api_bp.route('/health', methods=['GET'])
+@apikey_auth
 def health():
     domain = Domain()
     domain_to_query = domain.query.first()
     
     if not domain_to_query:
         current_app.logger.error("No domain found to query a health check")
-        raise (HealthCheckFail)
-
-    pdns_api_url = Setting().get('pdns_api_url')
-    pdns_api_key = Setting().get('pdns_api_key')
-    pdns_version = Setting().get('pdns_version')
-    api_uri_with_prefix = utils.pdns_api_extended_uri(pdns_version)
-    api_uri = '/servers/localhost/zones/{}'.format(domain_to_query.name)
-    headers = {}
-    headers['X-API-Key'] = pdns_api_key
+        return make_response("Down", 503)
 
     try:
-        resp = utils.fetch_remote(urljoin(pdns_api_url, api_uri_with_prefix + api_uri),
-                                method='GET',
-                                headers=headers,
-                                accept='application/json; q=1',
-                                verify=Setting().get('verify_ssl_connections'))
-                                
+        resp = domain.get_domain_info(domain_to_query.name)                                
     except Exception as e:
         current_app.logger.error("Health Check - Failed to query authoritative server for domain {}".format(domain_to_query.name))
-        return make_response("bad", 503)
+        return make_response("Down", 503)
 
-    if resp.status_code == 200:
-        return make_response("good", 200)
-    else:
-        return make_response("bad", 503)
-    
+    return make_response("Up", 200)

From 3d2ad1abc0f60297156a517c7731ed92942c6d60 Mon Sep 17 00:00:00 2001
From: RGanor <ganor.roei98@gmail.com>
Date: Sun, 15 May 2022 13:57:13 +0000
Subject: [PATCH 046/203] LGTM fix - unused variable

---
 powerdnsadmin/routes/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index cf74986..6a6d74e 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -1194,7 +1194,7 @@ def health():
         return make_response("Down", 503)
 
     try:
-        resp = domain.get_domain_info(domain_to_query.name)                                
+        domain.get_domain_info(domain_to_query.name)                                
     except Exception as e:
         current_app.logger.error("Health Check - Failed to query authoritative server for domain {}".format(domain_to_query.name))
         return make_response("Down", 503)

From 8b105d8affd1d29780680b596cd382c57a1d248f Mon Sep 17 00:00:00 2001
From: Metrax <metrax@metrax.eu>
Date: Tue, 17 May 2022 16:31:05 +0200
Subject: [PATCH 047/203] Adding venv and yarn-error.log to gitignore

venv: in the wiki, the installation is described with creating the venv into "venv", but only ".venv" is in gitignore
yarn-error.log: file is created if yarn fails, it should not be commited to the repo accidentally
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 4a62dbb..539325f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,5 +38,7 @@ node_modules
 powerdnsadmin/static/generated
 .webassets-cache
 .venv*
+venv*
 .pytest_cache
 .DS_Store
+yarn-error.log

From 70450315ba870a1d87ccdd00f3eab974e732b1f4 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Thu, 19 May 2022 00:53:20 +0200
Subject: [PATCH 048/203] Add general modal functions

The two generic modals are defined in the base template, and are used
in various templates. So provide functions and remove duplicate code.
---
 powerdnsadmin/static/custom/js/custom.js   | 20 ++++----------------
 powerdnsadmin/templates/admin_history.html |  4 +---
 powerdnsadmin/templates/base.html          | 12 ++++++++++++
 powerdnsadmin/templates/domain.html        |  8 ++------
 powerdnsadmin/templates/domain_remove.html |  4 +---
 powerdnsadmin/templates/template_edit.html |  8 ++------
 6 files changed, 22 insertions(+), 34 deletions(-)

diff --git a/powerdnsadmin/static/custom/js/custom.js b/powerdnsadmin/static/custom/js/custom.js
index 051a2e0..e4b72b1 100644
--- a/powerdnsadmin/static/custom/js/custom.js
+++ b/powerdnsadmin/static/custom/js/custom.js
@@ -12,13 +12,7 @@ function applyChanges(data, url, showResult, refreshPage) {
             console.log("Applied changes successfully.");
             console.log(data);
             if (showResult) {
-                var modal = $("#modal_success");
-                if (data['msg']) {
-                    modal.find('.modal-body p').text(data['msg']);
-                } else {
-                    modal.find('.modal-body p').text("Applied changes successfully");
-                }
-                modal.modal('show');
+                showSuccessModal(data['msg'] || "Applied changes successfully");
             }
             if (refreshPage) {
                 location.reload(true);
@@ -27,10 +21,8 @@ function applyChanges(data, url, showResult, refreshPage) {
 
         error : function(jqXHR, status) {
             console.log(jqXHR);
-            var modal = $("#modal_error");
             var responseJson = jQuery.parseJSON(jqXHR.responseText);
-            modal.find('.modal-body p').text(responseJson['msg']);
-            modal.modal('show');
+            showErrorModal(responseJson['msg']);
         }
     });
 }
@@ -50,18 +42,14 @@ function applyRecordChanges(data, domain) {
             });
 
             console.log("Applied changes successfully.")
-            var modal = $("#modal_success");
-            modal.find('.modal-body p').text("Applied changes successfully");
-            modal.modal('show');
+            showSuccessModal("Applied changes successfully");
             setTimeout(() => {window.location.reload()}, 2000);
         },
 
         error : function(jqXHR, status) {
             console.log(jqXHR);
-            var modal = $("#modal_error");
             var responseJson = jQuery.parseJSON(jqXHR.responseText);
-            modal.find('.modal-body p').text(responseJson['msg']);
-            modal.modal('show');
+            showErrorModal(responseJson['msg']);
         }
     });
 }
diff --git a/powerdnsadmin/templates/admin_history.html b/powerdnsadmin/templates/admin_history.html
index a3f0fd4..aa16c4a 100644
--- a/powerdnsadmin/templates/admin_history.html
+++ b/powerdnsadmin/templates/admin_history.html
@@ -446,9 +446,7 @@
             
             if(!canSearch)
             {
-                var modal = $("#modal_error");
-                modal.find('.modal-body p').text("Please fill out the " + main_field + " field.");
-                modal.modal('show');
+                showErrorModal("Please fill out the " + main_field + " field.");
             }
             else
             {
diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index bb9be5b..649663a 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -298,6 +298,18 @@
         }
       });
     });
+
+    function showErrorModal(message) {
+      var modal = $('#modal_error');
+      modal.find('.modal-body p').text(message);
+      modal.modal('show');
+    }
+
+    function showSuccessModal(message) {
+      var modal = $("#modal_success");
+      modal.find('.modal-body p').text(message);
+      modal.modal('show');
+    }
   </script>
   {% endif %}
 {%- endassets %}
diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
index e5863cd..67b2994 100755
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -251,9 +251,7 @@
     // handle apply changes button
     $(document.body).on("click",".button_apply_changes", function() {
         if (nNew || nEditing) {
-            var modal = $("#modal_error");
-            modal.find('.modal-body p').text("Previous record not saved. Please save it before applying the changes.");
-            modal.modal('show');
+            showErrorModal("Previous record not saved. Please save it before applying the changes.");
             return;
         }
 
@@ -277,9 +275,7 @@
     // handle add record button
     $(document.body).on("click", ".button_add_record", function (e) {
             if (nNew || nEditing) {
-                var modal = $("#modal_error");
-                modal.find('.modal-body p').text("Previous record not saved. Please save it before adding more record.");
-                modal.modal('show');
+                showErrorModal("Previous record not saved. Please save it before adding more record.");
                 return;
             }
             // clear search first
diff --git a/powerdnsadmin/templates/domain_remove.html b/powerdnsadmin/templates/domain_remove.html
index e0b0eb8..6ac5401 100644
--- a/powerdnsadmin/templates/domain_remove.html
+++ b/powerdnsadmin/templates/domain_remove.html
@@ -73,9 +73,7 @@
     $(document.body).on("click", ".button_delete", function(e) {
         e.stopPropagation();
         if ( $("#domainid").val() == 0 ){
-            var modal = $("#modal_error");
-            modal.find('.modal-body p').text("Please select domain to remove.");
-            modal.modal('show');
+            showErrorModal("Please select domain to remove.");
             return;
         }
 
diff --git a/powerdnsadmin/templates/template_edit.html b/powerdnsadmin/templates/template_edit.html
index f716293..89faebc 100644
--- a/powerdnsadmin/templates/template_edit.html
+++ b/powerdnsadmin/templates/template_edit.html
@@ -192,9 +192,7 @@
     // handle apply changes button
     $(document.body).on("click",".button_apply_changes", function() {
         if (nNew || nEditing) {
-            var modal = $("#modal_error");
-            modal.find('.modal-body p').text("Previous record not saved. Please save it before applying the changes.");
-            modal.modal('show');
+            showErrorModal("Previous record not saved. Please save it before applying the changes.");
             return;
         }
 
@@ -217,9 +215,7 @@
     // handle add record button
     $(document.body).on("click", ".button_add_record", function (e) {
             if (nNew || nEditing) {
-                var modal = $("#modal_error");
-                modal.find('.modal-body p').text("Previous record not saved. Please save it before adding more record.");
-                modal.modal('show');
+                showErrorModal("Previous record not saved. Please save it before adding more record.");
                 return;
             }
             // clear search first

From 0dfcdb6c3e64f69f0c9b798fdd9d4ecd8a5a25d2 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Thu, 19 May 2022 00:53:35 +0200
Subject: [PATCH 049/203] Fix rrest typo in history detail

There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
---
 ...6ea7dc05f496_fix_typo_in_history_detail.py | 46 +++++++++++++
 powerdnsadmin/routes/admin.py                 | 67 ++++++++++---------
 powerdnsadmin/routes/domain.py                | 18 ++---
 .../templates/applied_change_macro.html       | 22 +++---
 4 files changed, 100 insertions(+), 53 deletions(-)
 create mode 100644 migrations/versions/6ea7dc05f496_fix_typo_in_history_detail.py

diff --git a/migrations/versions/6ea7dc05f496_fix_typo_in_history_detail.py b/migrations/versions/6ea7dc05f496_fix_typo_in_history_detail.py
new file mode 100644
index 0000000..6a03994
--- /dev/null
+++ b/migrations/versions/6ea7dc05f496_fix_typo_in_history_detail.py
@@ -0,0 +1,46 @@
+"""Fix typo in history detail
+
+Revision ID: 6ea7dc05f496
+Revises: fbc7cf864b24
+Create Date: 2022-05-10 10:16:58.784497
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '6ea7dc05f496'
+down_revision = 'fbc7cf864b24'
+branch_labels = None
+depends_on = None
+
+history_table = sa.sql.table('history',
+                             sa.Column('detail', sa.Text),
+                             )
+
+
+def upgrade():
+    op.execute(
+        history_table.update()
+            .where(history_table.c.detail.like('%"add_rrests":%'))
+            .values({
+                'detail': sa.func.replace(
+                                sa.func.replace(history_table.c.detail, '"add_rrests":', '"add_rrsets":'),
+                                '"del_rrests":', '"del_rrsets":'
+                          )
+            })
+    )
+
+
+def downgrade():
+    op.execute(
+        history_table.update()
+            .where(history_table.c.detail.like('%"add_rrsets":%'))
+            .values({
+                'detail': sa.func.replace(
+                                sa.func.replace(history_table.c.detail, '"add_rrsets":', '"add_rrests":'),
+                                '"del_rrsets":', '"del_rrests":'
+                          )
+            })
+    )
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 7919c8c..ab5dce0 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -23,6 +23,7 @@ from ..models.domain_template_record import DomainTemplateRecord
 from ..models.api_key import ApiKey
 from ..models.base import db
 
+from ..lib.errors import ApiKeyCreateFail
 from ..lib.schema import ApiPlainKeySchema
 
 apikey_plain_schema = ApiPlainKeySchema(many=True)
@@ -43,10 +44,10 @@ change_type: "addition" or "deletion" or "status" for status change or "unchange
 Note: A change in "content", is considered a deletion and recreation of the same record,
 holding the new content value.
 """
-def get_record_changes(del_rrest, add_rrest):
+def get_record_changes(del_rrset, add_rrset):
     changeSet = []
-    delSet = del_rrest['records'] if 'records' in del_rrest else []
-    addSet = add_rrest['records'] if 'records' in add_rrest else []
+    delSet = del_rrset['records'] if 'records' in del_rrset else []
+    addSet = add_rrset['records'] if 'records' in add_rrset else []
     for d in delSet:  # get the deletions and status changes
         exists = False
         for a in addSet:
@@ -86,44 +87,44 @@ def get_record_changes(del_rrest, add_rrest):
     return changeSet
 
 # out_changes is a list of  HistoryRecordEntry objects in which we will append the new changes
-# a HistoryRecordEntry represents a pair of add_rrest and del_rrest
+# a HistoryRecordEntry represents a pair of add_rrset and del_rrset
 def extract_changelogs_from_a_history_entry(out_changes, history_entry, change_num, record_name=None, record_type=None):
 
     if history_entry.detail is None:
         return
 
-    if "add_rrests" in history_entry.detail:
+    if "add_rrsets" in history_entry.detail:
         detail_dict = json.loads(history_entry.detail)
     else: # not a record entry
         return
 
-    add_rrests = detail_dict['add_rrests']
-    del_rrests = detail_dict['del_rrests']
+    add_rrsets = detail_dict['add_rrsets']
+    del_rrsets = detail_dict['del_rrsets']
 
 
-    for add_rrest in add_rrests:
+    for add_rrset in add_rrsets:
         exists = False
-        for del_rrest in del_rrests:
-            if del_rrest['name'] == add_rrest['name'] and del_rrest['type'] == add_rrest['type']:
+        for del_rrset in del_rrsets:
+            if del_rrset['name'] == add_rrset['name'] and del_rrset['type'] == add_rrset['type']:
                 exists = True
                 if change_num not in out_changes:
                     out_changes[change_num] = []
-                out_changes[change_num].append(HistoryRecordEntry(history_entry, del_rrest, add_rrest, "*"))
+                out_changes[change_num].append(HistoryRecordEntry(history_entry, del_rrset, add_rrset, "*"))
                 break
         if not exists:  # this is a new record
             if change_num not in out_changes:
                 out_changes[change_num] = []
-            out_changes[change_num].append(HistoryRecordEntry(history_entry, [], add_rrest, "+"))  # (add_rrest, del_rrest, change_type)
-    for del_rrest in del_rrests:
+            out_changes[change_num].append(HistoryRecordEntry(history_entry, [], add_rrset, "+"))  # (add_rrset, del_rrset, change_type)
+    for del_rrset in del_rrsets:
         exists = False
-        for add_rrest in add_rrests:
-            if del_rrest['name'] == add_rrest['name'] and del_rrest['type'] == add_rrest['type']:
+        for add_rrset in add_rrsets:
+            if del_rrset['name'] == add_rrset['name'] and del_rrset['type'] == add_rrset['type']:
                 exists = True  # no need to add in the out_changes set
                 break
         if not exists:  # this is a deletion
             if change_num not in out_changes:
                 out_changes[change_num] = []
-            out_changes[change_num].append(HistoryRecordEntry(history_entry, del_rrest, [], "-"))
+            out_changes[change_num].append(HistoryRecordEntry(history_entry, del_rrset, [], "-"))
 
 
     # only used for changelog per record
@@ -133,9 +134,9 @@ def extract_changelogs_from_a_history_entry(out_changes, history_entry, change_n
         else:
             return
         for hre in changes_i: # for each history record entry in changes_i
-            if 'type' in hre.add_rrest and hre.add_rrest['name'] == record_name and hre.add_rrest['type'] == record_type:
+            if 'type' in hre.add_rrset and hre.add_rrset['name'] == record_name and hre.add_rrset['type'] == record_type:
                 continue
-            elif 'type' in hre.del_rrest and hre.del_rrest['name'] == record_name and hre.del_rrest['type'] == record_type:
+            elif 'type' in hre.del_rrset and hre.del_rrset['name'] == record_name and hre.del_rrset['type'] == record_type:
                 continue
             else:
                 out_changes[change_num].remove(hre)
@@ -144,42 +145,42 @@ def extract_changelogs_from_a_history_entry(out_changes, history_entry, change_n
 
 # records with same (name,type) are considered as a single HistoryRecordEntry
 # history_entry is of type History - used to extract created_by and created_on
-# add_rrest is a dictionary of replace
-# del_rrest is a dictionary of remove
+# add_rrset is a dictionary of replace
+# del_rrset is a dictionary of remove
 class HistoryRecordEntry:
-    def __init__(self, history_entry, del_rrest, add_rrest, change_type):
-        # search the add_rrest index into the add_rrest set for the key (name, type)
+    def __init__(self, history_entry, del_rrset, add_rrset, change_type):
+        # search the add_rrset index into the add_rrset set for the key (name, type)
 
         self.history_entry = history_entry
-        self.add_rrest = add_rrest
-        self.del_rrest = del_rrest
+        self.add_rrset = add_rrset
+        self.del_rrset = del_rrset
         self.change_type = change_type  # "*": edit or unchanged, "+" new tuple(name,type), "-" deleted (name,type) tuple
         self.changed_fields = []   # contains a subset of : [ttl, name, type]
-        self.changeSet = []   # all changes for the records of this add_rrest-del_rrest pair
+        self.changeSet = []   # all changes for the records of this add_rrset-del_rrset pair
 
 
         if change_type == "+": # addition
             self.changed_fields.append("name")
             self.changed_fields.append("type")
             self.changed_fields.append("ttl")
-            self.changeSet = get_record_changes(del_rrest, add_rrest)
+            self.changeSet = get_record_changes(del_rrset, add_rrset)
         elif change_type == "-": # removal
             self.changed_fields.append("name")
             self.changed_fields.append("type")
             self.changed_fields.append("ttl")
-            self.changeSet = get_record_changes(del_rrest, add_rrest)
+            self.changeSet = get_record_changes(del_rrset, add_rrset)
 
         elif change_type == "*":  # edit of unchanged
-            if add_rrest['ttl'] != del_rrest['ttl']:
+            if add_rrset['ttl'] != del_rrset['ttl']:
                 self.changed_fields.append("ttl")
-            self.changeSet = get_record_changes(del_rrest, add_rrest)
+            self.changeSet = get_record_changes(del_rrset, add_rrset)
 
 
 
     def toDict(self):
         return {
-            "add_rrest" : self.add_rrest,
-            "del_rrest" : self.del_rrest,
+            "add_rrset" : self.add_rrset,
+            "del_rrset" : self.del_rrset,
             "changed_fields" : self.changed_fields,
             "created_on" : self.history_entry.created_on,
             "created_by" : self.history_entry.created_by,
@@ -803,7 +804,7 @@ class DetailedHistory():
                 authenticator=detail_dict['authenticator'],
                 ip_address=detail_dict['ip_address'])
 
-        elif 'add_rrests' in detail_dict: # this is a domain record change
+        elif 'add_rrsets' in detail_dict: # this is a domain record change
             # changes_set = []
             self.detailed_msg = ""
             # extract_changelogs_from_a_history_entry(changes_set, history, 0)
@@ -902,7 +903,7 @@ def convert_histories(histories):
 	detailedHistories = []
 	j = 0
 	for i in range(len(histories)):
-		if histories[i].detail and ('add_rrests' in histories[i].detail or 'del_rrests' in histories[i].detail):
+		if histories[i].detail and ('add_rrsets' in histories[i].detail or 'del_rrsets' in histories[i].detail):
 			extract_changelogs_from_a_history_entry(changes_set, histories[i], j)
 			if j in changes_set:
 				detailedHistories.append(DetailedHistory(histories[i], changes_set[j]))
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index fe9e98c..6cc1bc1 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -63,7 +63,7 @@ def domain(domain_name):
 
     # Query domain's rrsets from PowerDNS API
     rrsets = Record().get_rrsets(domain.name)
-    current_app.logger.debug("Fetched rrests: \n{}".format(pretty_json(rrsets)))
+    current_app.logger.debug("Fetched rrsets: \n{}".format(pretty_json(rrsets)))
 
     # API server might be down, misconfigured
     if not rrsets and domain.type != 'Slave':
@@ -202,7 +202,7 @@ def changelog(domain_name):
 
     # Query domain's rrsets from PowerDNS API
     rrsets = Record().get_rrsets(domain.name)
-    current_app.logger.debug("Fetched rrests: \n{}".format(pretty_json(rrsets)))
+    current_app.logger.debug("Fetched rrsets: \n{}".format(pretty_json(rrsets)))
 
     # API server might be down, misconfigured
     if not rrsets and domain.type != 'Slave':
@@ -290,7 +290,7 @@ def record_changelog(domain_name, record_name, record_type):
         abort(404)
     # Query domain's rrsets from PowerDNS API
     rrsets = Record().get_rrsets(domain.name)
-    current_app.logger.debug("Fetched rrests: \n{}".format(pretty_json(rrsets)))
+    current_app.logger.debug("Fetched rrsets: \n{}".format(pretty_json(rrsets)))
 
     # API server might be down, misconfigured
     if not rrsets and domain.type != 'Slave':
@@ -328,9 +328,9 @@ def record_changelog(domain_name, record_name, record_type):
     for change_num in changes_set_of_record:
         changes_i = changes_set_of_record[change_num]
         for hre in changes_i: # for each history record entry in changes_i
-            if  'type' in hre.add_rrest and hre.add_rrest['name'] == record_name and hre.add_rrest['type'] == record_type:
+            if  'type' in hre.add_rrset and hre.add_rrset['name'] == record_name and hre.add_rrset['type'] == record_type:
                 continue
-            elif 'type' in hre.del_rrest and hre.del_rrest['name'] == record_name and hre.del_rrest['type'] == record_type:
+            elif 'type' in hre.del_rrset and hre.del_rrset['name'] == record_name and hre.del_rrset['type'] == record_type:
                 continue
             else:
                 changes_set_of_record[change_num].remove(hre)
@@ -450,9 +450,9 @@ def add():
                                     domain_name,
                                     'template':
                                     template.name,
-                                    'add_rrests':
+                                    'add_rrsets':
                                     result['data'][0]['rrsets'],
-                                    'del_rrests':
+                                    'del_rrsets':
                                     result['data'][1]['rrsets']
                                 }),
                             created_by=current_user.username,
@@ -685,8 +685,8 @@ def record_apply(domain_name):
                 msg='Apply record changes to domain {0}'.format(pretty_domain_name(domain_name)),
                 detail = json.dumps({
                         'domain': domain_name,
-                        'add_rrests': result['data'][0]['rrsets'],
-                        'del_rrests': result['data'][1]['rrsets']
+                        'add_rrsets': result['data'][0]['rrsets'],
+                        'del_rrsets': result['data'][1]['rrsets']
                     }),
                 created_by=current_user.username,
                 domain_id=domain.id)
diff --git a/powerdnsadmin/templates/applied_change_macro.html b/powerdnsadmin/templates/applied_change_macro.html
index 4bb1c4f..6a49b01 100644
--- a/powerdnsadmin/templates/applied_change_macro.html
+++ b/powerdnsadmin/templates/applied_change_macro.html
@@ -7,28 +7,28 @@
             <th colspan="3">
                 {% if hist_rec_entry.change_type == "+" %}
                 <span
-                    style="background-color:  lightgreen">{{hist_rec_entry.add_rrest['name']}}
-                    {{hist_rec_entry.add_rrest['type']}}</span>
+                    style="background-color:  lightgreen">{{hist_rec_entry.add_rrset['name']}}
+                    {{hist_rec_entry.add_rrset['type']}}</span>
                 {% elif hist_rec_entry.change_type == "-" %}
                 <s
                     style="text-decoration-color: rgba(194, 10,10, 0.6); text-decoration-thickness: 2px;">
-                    {{hist_rec_entry.del_rrest['name']}}
-                    {{hist_rec_entry.del_rrest['type']}}
+                    {{hist_rec_entry.del_rrset['name']}}
+                    {{hist_rec_entry.del_rrset['type']}}
                 </s>
                 {% else %}
-                {{hist_rec_entry.add_rrest['name']}}
-                {{hist_rec_entry.add_rrest['type']}}
+                {{hist_rec_entry.add_rrset['name']}}
+                {{hist_rec_entry.add_rrset['type']}}
                 {% endif %}
 
                 , TTL:
                 {% if "ttl" in hist_rec_entry.changed_fields %}
                 <s
                     style="text-decoration-color: rgba(194, 10,10, 0.6); text-decoration-thickness: 2px;">
-                    {{hist_rec_entry.del_rrest['ttl']}}</s>
+                    {{hist_rec_entry.del_rrset['ttl']}}</s>
                 <span
-                    style="background-color:  lightgreen">{{hist_rec_entry.add_rrest['ttl']}}</span>
+                    style="background-color:  lightgreen">{{hist_rec_entry.add_rrset['ttl']}}</span>
                 {% else %}
-                {{hist_rec_entry.add_rrest['ttl']}}
+                {{hist_rec_entry.add_rrset['ttl']}}
                 {% endif %}
 
             </th>
@@ -120,7 +120,7 @@
                 </table>
             </td>
             <td>
-                {% for comments in hist_rec_entry.add_rrest['comments'] %}
+                {% for comments in hist_rec_entry.add_rrset['comments'] %}
                 {{comments['content'] }}
                 <br/>
                 {% endfor %}
@@ -130,4 +130,4 @@
     </tbody>
 </table>
 {% endfor %}
-{%- endmacro %}
\ No newline at end of file
+{%- endmacro %}

From 5b36ad034d0d2062ffecdc2828ac17ef957e9afe Mon Sep 17 00:00:00 2001
From: pixelrebel <github@pixelrebel.com>
Date: Thu, 19 May 2022 14:02:04 -0700
Subject: [PATCH 050/203] Rename incorrect SAML cert/key config variables

---
 configs/development.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configs/development.py b/configs/development.py
index 2c2e63d..61df886 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -133,8 +133,8 @@ SAML_ENABLED = False
 # CAUTION: For production use, usage of self-signed certificates it's highly discouraged.
 # Use certificates from trusted CA instead
 # ###########################################################################################
-# SAML_CERT_FILE = '/etc/pki/powerdns-admin/cert.crt'
-# SAML_CERT_KEY = '/etc/pki/powerdns-admin/key.pem'
+# SAML_CERT = '/etc/pki/powerdns-admin/cert.crt'
+# SAML_KEY = '/etc/pki/powerdns-admin/key.pem'
 
 # Configures if SAML tokens should be encrypted.
 # SAML_SIGN_REQUEST = False

From 9221d58a1bf344bac26b0add9b3844b8fbfbc924 Mon Sep 17 00:00:00 2001
From: pixelrebel <github@pixelrebel.com>
Date: Thu, 19 May 2022 14:49:46 -0700
Subject: [PATCH 051/203] Allow SAML AttributeStatements to be optional

---
 configs/development.py         | 4 ++++
 powerdnsadmin/services/saml.py | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/configs/development.py b/configs/development.py
index 61df886..a867812 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -148,6 +148,10 @@ SAML_ENABLED = False
 
 # #SAML_ASSERTION_ENCRYPTED = True
 
+# Some IdPs, like Okta, do not return Attribute Statements by default
+# Set the following to False if you are using Okta and not manually configuring Attribute Statements
+# #SAML_WANT_ATTRIBUTE_STATEMENT = True
+
 # Remote authentication settings
 
 # Whether to enable remote user authentication or not
diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py
index 40c97bf..67255ca 100644
--- a/powerdnsadmin/services/saml.py
+++ b/powerdnsadmin/services/saml.py
@@ -163,7 +163,8 @@ class SAML(object):
             'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
         settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
             'SAML_ASSERTION_ENCRYPTED', True)
-        settings['security']['wantAttributeStatement'] = True
+        settings['security']['wantAttributeStatement'] = current_app.config.get(
+            'SAML_WANT_ATTRIBUTE_STATEMENT', True)
         settings['security']['wantNameId'] = True
         settings['security']['authnRequestsSigned'] = current_app.config[
             'SAML_SIGN_REQUEST']

From e4c8c3892f42fd8451ebe7b1c42e9d2091a73bc6 Mon Sep 17 00:00:00 2001
From: pixelrebel <github@pixelrebel.com>
Date: Thu, 19 May 2022 19:00:38 -0700
Subject: [PATCH 052/203] Use HTTP_X_FORWARDED_PROTO header from reverse proxy
 to rewrite https:// for SAML request URLs

---
 powerdnsadmin/services/saml.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py
index 67255ca..4a33ee6 100644
--- a/powerdnsadmin/services/saml.py
+++ b/powerdnsadmin/services/saml.py
@@ -72,8 +72,9 @@ class SAML(object):
     def prepare_flask_request(self, request):
         # If server is behind proxys or balancers use the HTTP_X_FORWARDED fields
         url_data = urlparse(request.url)
+        proto = request.headers.get('HTTP_X_FORWARDED_PROTO', request.scheme)
         return {
-            'https': 'on' if request.scheme == 'https' else 'off',
+            'https': 'on' if proto == 'https' else 'off',
             'http_host': request.host,
             'server_port': url_data.port,
             'script_name': request.path,

From 8c85e80c2b330062e8c51b38372544e219abdea4 Mon Sep 17 00:00:00 2001
From: pixelrebel <github@pixelrebel.com>
Date: Thu, 19 May 2022 20:36:28 -0700
Subject: [PATCH 053/203] Add SAML_ATTRIBUTE_GROUP and SAML_GROUP_ADMIN_NAME to
 the development config, with instructions for use

---
 configs/development.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/configs/development.py b/configs/development.py
index a867812..f1768d2 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -120,6 +120,16 @@ SAML_ENABLED = False
 # ###  be created and the user added to them.
 # SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
 
+# ## Attribute name that aggregates group names
+# ### Default: Don't collect IdP groups from SAML group attributes
+# ### In Okta, you can assign administrators by group using "Group Attribute Statements."
+# ### In this case, the SAML_ATTRIBUTE_GROUP will be the attribute name for a collection of
+# ###  groups passed in the SAML assertion.  From there, you can specify a SAML_GROUP_ADMIN_NAME.
+# ### If the user is a member of this group, and that group name is included in the collection,
+# ###   the user will be set as an administrator.
+# #SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-groups'
+# #SAML_GROUP_ADMIN_NAME = 'PowerDNSAdmin-Administrators'
+
 # SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
 # SAML_SP_CONTACT_NAME = '<contact name>'
 # SAML_SP_CONTACT_MAIL = '<contact mail>'

From 83ed5cfb2835be055330ec5ec8a3d53d08fce0bf Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Sat, 21 May 2022 11:26:40 +0300
Subject: [PATCH 054/203] Create codeql-analysis.yml (#1204)

---
 .github/workflows/codeql-analysis.yml | 72 +++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 .github/workflows/codeql-analysis.yml

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..ad59382
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '45 2 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

From 715c6b76cda3abba9e311049f0b925a17286c5b3 Mon Sep 17 00:00:00 2001
From: Josh Matthews <josh@sol1.com.au>
Date: Mon, 23 May 2022 14:38:16 +1000
Subject: [PATCH 055/203] added code to raise user to operator on SAML auth if
 in the right group

---
 powerdnsadmin/routes/index.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index f9a5649..a18cc20 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -1008,6 +1008,8 @@ def saml_authorized():
                                                       None)
         admin_group_name = current_app.config.get('SAML_GROUP_ADMIN_NAME',
                                                   None)
+        operator_group_name = current_app.config.get('SAML_GROUP_OPERATOR_NAME',
+                                                  None)
         group_to_account_mapping = create_group_to_account_mapping()
 
         if email_attribute_name in session['samlUserdata']:
@@ -1061,6 +1063,8 @@ def saml_authorized():
             uplift_to_admin(user)
         elif admin_group_name in user_groups:
             uplift_to_admin(user)
+        elif operator_group_name in user_groups:
+            uplift_to_operator(user)
         elif admin_attribute_name or group_attribute_name:
             if user.role.name != 'User':
                 user.role_id = Role.query.filter_by(name='User').first().id
@@ -1117,6 +1121,14 @@ def uplift_to_admin(user):
                           created_by='SAML Assertion')
         history.add()
 
+def uplift_to_operator(user):
+    if user.role.name != 'Operator':
+        user.role_id = Role.query.filter_by(name='Operator').first().id
+        history = History(msg='Promoting {0} to operator'.format(
+            user.username),
+                          created_by='SAML Assertion')
+        history.add()
+
 
 @index_bp.route('/saml/sls')
 def saml_logout():

From 2020055ab2c0ef4647e354c6025c7dcd2b735f0c Mon Sep 17 00:00:00 2001
From: Josh Matthews <josh@sol1.com.au>
Date: Mon, 23 May 2022 14:39:29 +1000
Subject: [PATCH 056/203] added code to pull the operator and admin groups from
 SAML auth requests

---
 configs/development.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/configs/development.py b/configs/development.py
index 2c2e63d..401c121 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -113,6 +113,14 @@ SAML_ENABLED = False
 # ###  the user is set as a non-administrator user.
 # #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
 
+## Attribute to get admin status for groups with the IdP
+# ### Default: Don't set administrator group with SAML attributes
+#SAML_GROUP_ADMIN_NAME = 'GroupName'
+
+## Attribute to get operator status for groups with the IdP
+# ### Default: Don't set operator group with SAML attributes
+#SAML_GROUP_OPERATOR_NAME = 'GroupName'
+
 # ## Attribute to get account names from
 # ### Default: Don't control accounts with SAML attribute
 # ### If set, the user will be added and removed from accounts to match

From 1bee83332659d1d2e5c96a4edf41c1435a625c7e Mon Sep 17 00:00:00 2001
From: RGanor <ganor.roei98@gmail.com>
Date: Mon, 23 May 2022 16:46:11 +0000
Subject: [PATCH 057/203] Updated the unknown state

---
 powerdnsadmin/routes/api.py     |  2 +-
 powerdnsadmin/swagger-spec.yaml | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 6a6d74e..d26deb8 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -1191,7 +1191,7 @@ def health():
     
     if not domain_to_query:
         current_app.logger.error("No domain found to query a health check")
-        return make_response("Down", 503)
+        return make_response("Unknown", 503)
 
     try:
         domain.get_domain_info(domain_to_query.name)                                
diff --git a/powerdnsadmin/swagger-spec.yaml b/powerdnsadmin/swagger-spec.yaml
index dbf484e..75b1d9f 100644
--- a/powerdnsadmin/swagger-spec.yaml
+++ b/powerdnsadmin/swagger-spec.yaml
@@ -782,6 +782,32 @@ paths:
         '422':
           description: 'Returned when something is wrong with the content of the request. Contains an error message'
 
+  '/servers/{server_id}/health':
+    get:
+      security:
+        - APIKeyHeader: []
+      summary: Perfoms health check
+      operationId: health_check
+      tags:
+        - Monitoring
+      parameters:
+        - name: server_id
+          in: path
+          required: true
+          description: The id of the server to retrieve
+          type: string
+      responses:
+        '200':
+          description: Healthcheck succeeded
+          schema:
+            type: string
+            example: "up"
+        '503':
+          description: Healthcheck failed
+          schema:
+            type: string
+            example: Down/Unknown
+            
   '/pdnsadmin/zones':
     get:
       security:

From 88df88f30b5327625c52d5b32c23d4e3a6277b04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Tue, 24 May 2022 13:58:45 +0200
Subject: [PATCH 058/203] fix: Active directory filter is broken

---
 powerdnsadmin/models/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 1b34d62..2f8b87c 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -290,7 +290,7 @@ class User(db.Model):
                                 if LDAP_USER_GROUP:
                                     ldap_user_group = "(memberOf:1.2.840.113556.1.4.1941:={0})".format(LDAP_USER_GROUP)
                                 searchFilter = "(&({0}={1})(|{2}{3}{4}))".format(LDAP_FILTER_USERNAME, self.username,
-                                                                                 LDAP_FILTER_GROUP, ldap_admin_group_filter,
+                                                                                 ldap_admin_group_filter,
                                                                                  ldap_operator_group, ldap_user_group)
                                 ldap_result = self.ldap_search(searchFilter, LDAP_BASE_DN)
                                 user_ad_member_of = ldap_result[0][0][1].get(

From f98326ea90e20ffe2cb720ddd7217cc81ccddf35 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Tue, 24 May 2022 23:45:14 +0200
Subject: [PATCH 059/203] Fix remaining typo occurrence

---
 powerdnsadmin/models/record.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/models/record.py b/powerdnsadmin/models/record.py
index 9929b67..e56a6de 100644
--- a/powerdnsadmin/models/record.py
+++ b/powerdnsadmin/models/record.py
@@ -359,10 +359,10 @@ class Record(object):
 
                     # rollback - re-add the removed record if the adding operation is failed.
                     if del_rrsets["rrsets"]:
-                        rollback_rrests = del_rrsets
+                        rollback_rrsets = del_rrsets
                         for r in del_rrsets["rrsets"]:
                             r['changetype'] = 'REPLACE'
-                        rollback = self.apply_rrsets(domain_name, rollback_rrests)
+                        rollback = self.apply_rrsets(domain_name, rollback_rrsets)
                         if 'error' in rollback.keys():
                             return dict(status='error',
                                         msg='Failed to apply changes. Cannot rollback previous failed operation: {}'

From bcc84417794eae596fb3424d951d177e23dca66f Mon Sep 17 00:00:00 2001
From: Artem Silenkov <artem.silenkov@gmail.com>
Date: Tue, 7 Jun 2022 16:13:31 +0300
Subject: [PATCH 060/203] Add yml to deploy on kubernetes (#286)

---
 deploy/kubernetes/README.md      |   1 +
 deploy/kubernetes/configmap.yml  |  22 +++++++
 deploy/kubernetes/deployment.yml | 102 +++++++++++++++++++++++++++++++
 deploy/kubernetes/service.yml    |  15 +++++
 4 files changed, 140 insertions(+)
 create mode 100644 deploy/kubernetes/README.md
 create mode 100644 deploy/kubernetes/configmap.yml
 create mode 100644 deploy/kubernetes/deployment.yml
 create mode 100644 deploy/kubernetes/service.yml

diff --git a/deploy/kubernetes/README.md b/deploy/kubernetes/README.md
new file mode 100644
index 0000000..7770d8a
--- /dev/null
+++ b/deploy/kubernetes/README.md
@@ -0,0 +1 @@
+#Files to deploy pdns-admin on kubernetes
diff --git a/deploy/kubernetes/configmap.yml b/deploy/kubernetes/configmap.yml
new file mode 100644
index 0000000..c27e0b4
--- /dev/null
+++ b/deploy/kubernetes/configmap.yml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: powerdnsadmin-env
+  namespace: powerdnsadmin
+data:
+  FLASK_APP: "/powerdns-admin/app/__init__.py"
+  BIND_ADDRESS: changeme_0.0.0.0
+  LDAP_FILTER: changeme_(objectClass=user)
+  LDAP_PASSWORD: changeme_Password
+  LDAP_SEARCH_BASE: changeme_cn=Users,dc=domain,dc=com
+  LDAP_TYPE: changeme_ldap
+  LDAP_URI: changeme_ldaps://ad.domain.com:636
+  LDAP_USERNAME: changeme_cn=svcUser,ou=ScriptUsers,dc=domain,dc=com
+  LDAP_USERNAMEFIELD: changeme_sAMAccountName
+  PDNS_API_KEY: changeme_secret
+  PDNS_HOST: changeme_pdns_host
+  SECRET_KEY: changeme_secret
+  SQLA_DB_HOST: changeme_db_host
+  SQLA_DB_NAME: changeme_db_name
+  SQLA_DB_PASSWORD: changeme_db_password_
+  SQLA_DB_USER: changeme_db_user
diff --git a/deploy/kubernetes/deployment.yml b/deploy/kubernetes/deployment.yml
new file mode 100644
index 0000000..337f638
--- /dev/null
+++ b/deploy/kubernetes/deployment.yml
@@ -0,0 +1,102 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: powerdnsadmin
+  namespace: powerdnsadmin
+  labels:
+    app: powerdnsadmin
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: powerdnsadmin
+    spec:
+      containers:
+      - name: powerdnsadmin
+        image: changeme_artsn00p/powerdns-admin-docker
+        ports:
+        - containerPort: 80
+        env:
+        - name: BIND_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              key: BIND_ADDRESS
+              name: powerdnsadmin-env
+        - name: LDAP_FILTER
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_FILTER
+              name: powerdnsadmin-env
+        - name: LDAP_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_PASSWORD
+              name: powerdnsadmin-env
+        - name: LDAP_SEARCH_BASE
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_SEARCH_BASE
+              name: powerdnsadmin-env
+        - name: LDAP_TYPE
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_TYPE
+              name: powerdnsadmin-env
+        - name: LDAP_URI
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_URI
+              name: powerdnsadmin-env
+        - name: LDAP_USERNAME
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_USERNAME
+              name: powerdnsadmin-env
+        - name: LDAP_USERNAMEFIELD
+          valueFrom:
+            configMapKeyRef:
+              key: LDAP_USERNAMEFIELD
+              name: powerdnsadmin-env
+        - name: PDNS_API_KEY
+          valueFrom:
+            configMapKeyRef:
+              key: PDNS_API_KEY
+              name: powerdnsadmin-env
+        - name: PDNS_HOST
+          valueFrom:
+            configMapKeyRef:
+              key: PDNS_HOST
+              name: powerdnsadmin-env
+        - name: SECRET_KEY
+          valueFrom:
+            configMapKeyRef:
+              key: SECRET_KEY
+              name: powerdnsadmin-env
+        - name: PDA_DB_HOST
+          valueFrom:
+            configMapKeyRef:
+              key: SQLA_DB_HOST
+              name: powerdnsadmin-env
+        - name: PDA_DB_NAME
+          valueFrom:
+            configMapKeyRef:
+              key: SQLA_DB_NAME
+              name: powerdnsadmin-env
+        - name: PDA_DB_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              key: SQLA_DB_PASSWORD
+              name: powerdnsadmin-env
+        - name: PDA_DB_USER
+          valueFrom:
+            configMapKeyRef:
+              key: SQLA_DB_USER
+              name: powerdnsadmin-env
+        - name: FLASK_APP
+          valueFrom:
+            configMapKeyRef:
+              key: FLASK_APP
+              name: powerdnsadmin-env
+      restartPolicy: Always
+
diff --git a/deploy/kubernetes/service.yml b/deploy/kubernetes/service.yml
new file mode 100644
index 0000000..813b37b
--- /dev/null
+++ b/deploy/kubernetes/service.yml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: powerdnsadmin
+  namespace: powerdnsadmin
+  labels:
+    app: powerdnsadmin
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+  selector:
+    app: powerdnsadmin
+

From 88c0aaea278efb4bbe646632b3f11866190eb3e5 Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Tue, 7 Jun 2022 16:22:38 +0300
Subject: [PATCH 061/203] Updated k8s (#1216)

---
 deploy/kubernetes/README.md      |   2 +-
 deploy/kubernetes/configmap.yml  |  20 +-----
 deploy/kubernetes/deployment.yml | 105 +++++--------------------------
 3 files changed, 20 insertions(+), 107 deletions(-)

diff --git a/deploy/kubernetes/README.md b/deploy/kubernetes/README.md
index 7770d8a..9a0a547 100644
--- a/deploy/kubernetes/README.md
+++ b/deploy/kubernetes/README.md
@@ -1 +1 @@
-#Files to deploy pdns-admin on kubernetes
+#Files to deploy PowerDNS-Admin on kubernetes
diff --git a/deploy/kubernetes/configmap.yml b/deploy/kubernetes/configmap.yml
index c27e0b4..4270db2 100644
--- a/deploy/kubernetes/configmap.yml
+++ b/deploy/kubernetes/configmap.yml
@@ -1,22 +1,8 @@
-apiVersion: v1
 kind: ConfigMap
+apiVersion: v1
 metadata:
   name: powerdnsadmin-env
-  namespace: powerdnsadmin
 data:
-  FLASK_APP: "/powerdns-admin/app/__init__.py"
-  BIND_ADDRESS: changeme_0.0.0.0
-  LDAP_FILTER: changeme_(objectClass=user)
-  LDAP_PASSWORD: changeme_Password
-  LDAP_SEARCH_BASE: changeme_cn=Users,dc=domain,dc=com
-  LDAP_TYPE: changeme_ldap
-  LDAP_URI: changeme_ldaps://ad.domain.com:636
-  LDAP_USERNAME: changeme_cn=svcUser,ou=ScriptUsers,dc=domain,dc=com
-  LDAP_USERNAMEFIELD: changeme_sAMAccountName
-  PDNS_API_KEY: changeme_secret
-  PDNS_HOST: changeme_pdns_host
+  FLASK_APP: powerdnsadmin/__init__.py
   SECRET_KEY: changeme_secret
-  SQLA_DB_HOST: changeme_db_host
-  SQLA_DB_NAME: changeme_db_name
-  SQLA_DB_PASSWORD: changeme_db_password_
-  SQLA_DB_USER: changeme_db_user
+  SQLALCHEMY_DATABASE_URI: 'mysql://user:password@host/database'
diff --git a/deploy/kubernetes/deployment.yml b/deploy/kubernetes/deployment.yml
index 337f638..1e5fea5 100644
--- a/deploy/kubernetes/deployment.yml
+++ b/deploy/kubernetes/deployment.yml
@@ -1,102 +1,29 @@
-apiVersion: extensions/v1beta1
 kind: Deployment
+apiVersion: apps/v1
 metadata:
   name: powerdnsadmin
-  namespace: powerdnsadmin
   labels:
     app: powerdnsadmin
 spec:
+  strategy:
+    type: RollingUpdate
   replicas: 1
+  selector:
+    matchLabels:
+      app: powerdnsadmin
   template:
     metadata:
       labels:
         app: powerdnsadmin
     spec:
       containers:
-      - name: powerdnsadmin
-        image: changeme_artsn00p/powerdns-admin-docker
-        ports:
-        - containerPort: 80
-        env:
-        - name: BIND_ADDRESS
-          valueFrom:
-            configMapKeyRef:
-              key: BIND_ADDRESS
-              name: powerdnsadmin-env
-        - name: LDAP_FILTER
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_FILTER
-              name: powerdnsadmin-env
-        - name: LDAP_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_PASSWORD
-              name: powerdnsadmin-env
-        - name: LDAP_SEARCH_BASE
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_SEARCH_BASE
-              name: powerdnsadmin-env
-        - name: LDAP_TYPE
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_TYPE
-              name: powerdnsadmin-env
-        - name: LDAP_URI
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_URI
-              name: powerdnsadmin-env
-        - name: LDAP_USERNAME
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_USERNAME
-              name: powerdnsadmin-env
-        - name: LDAP_USERNAMEFIELD
-          valueFrom:
-            configMapKeyRef:
-              key: LDAP_USERNAMEFIELD
-              name: powerdnsadmin-env
-        - name: PDNS_API_KEY
-          valueFrom:
-            configMapKeyRef:
-              key: PDNS_API_KEY
-              name: powerdnsadmin-env
-        - name: PDNS_HOST
-          valueFrom:
-            configMapKeyRef:
-              key: PDNS_HOST
-              name: powerdnsadmin-env
-        - name: SECRET_KEY
-          valueFrom:
-            configMapKeyRef:
-              key: SECRET_KEY
-              name: powerdnsadmin-env
-        - name: PDA_DB_HOST
-          valueFrom:
-            configMapKeyRef:
-              key: SQLA_DB_HOST
-              name: powerdnsadmin-env
-        - name: PDA_DB_NAME
-          valueFrom:
-            configMapKeyRef:
-              key: SQLA_DB_NAME
-              name: powerdnsadmin-env
-        - name: PDA_DB_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              key: SQLA_DB_PASSWORD
-              name: powerdnsadmin-env
-        - name: PDA_DB_USER
-          valueFrom:
-            configMapKeyRef:
-              key: SQLA_DB_USER
-              name: powerdnsadmin-env
-        - name: FLASK_APP
-          valueFrom:
-            configMapKeyRef:
-              key: FLASK_APP
-              name: powerdnsadmin-env
-      restartPolicy: Always
-
+        - name: powerdnsadmin
+          image: ngoduykhanh/powerdns-admin
+          ports:
+            - containerPort: 80
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: powerdnsadmin-env
+          imagePullPolicy: Always
+      restartPolicy: Always
\ No newline at end of file

From 3aba0693c4c9a015b6983a42844aba3bc75bff9e Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Tue, 7 Jun 2022 16:28:54 +0300
Subject: [PATCH 062/203] Update README.md for k8s deployment (#1217)

* Update deploy/kubernetes /README.md
---
 deploy/kubernetes/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deploy/kubernetes/README.md b/deploy/kubernetes/README.md
index 9a0a547..f0394b0 100644
--- a/deploy/kubernetes/README.md
+++ b/deploy/kubernetes/README.md
@@ -1 +1,2 @@
-#Files to deploy PowerDNS-Admin on kubernetes
+# Kubernetes
+Example and simplified deployment for kubernetes.

From 111210568372e53bc1d11ef7e982ba7738743074 Mon Sep 17 00:00:00 2001
From: jbe-dw <50663045+jbe-dw@users.noreply.github.com>
Date: Fri, 17 Jun 2022 16:48:23 +0200
Subject: [PATCH 063/203] feat: Add /api endpoint (#1206)

---
 powerdnsadmin/routes/__init__.py |  8 ++++++--
 powerdnsadmin/routes/api.py      | 17 +++++++++++++----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/powerdnsadmin/routes/__init__.py b/powerdnsadmin/routes/__init__.py
index 829f110..b22324b 100644
--- a/powerdnsadmin/routes/__init__.py
+++ b/powerdnsadmin/routes/__init__.py
@@ -1,11 +1,14 @@
-from .base import login_manager, handle_bad_request, handle_unauthorized_access, handle_access_forbidden, handle_page_not_found, handle_internal_server_error
+from .base import (
+    login_manager, handle_bad_request, handle_unauthorized_access,
+    handle_access_forbidden, handle_page_not_found, handle_internal_server_error
+)
 
 from .index import index_bp
 from .user import user_bp
 from .dashboard import dashboard_bp
 from .domain import domain_bp
 from .admin import admin_bp
-from .api import api_bp
+from .api import api_bp, apilist_bp
 
 
 def init_app(app):
@@ -17,6 +20,7 @@ def init_app(app):
     app.register_blueprint(domain_bp)
     app.register_blueprint(admin_bp)
     app.register_blueprint(api_bp)
+    app.register_blueprint(apilist_bp)
 
     app.register_error_handler(400, handle_bad_request)
     app.register_error_handler(401, handle_unauthorized_access)
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index e37b2ae..036912b 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -36,6 +36,7 @@ import secrets
 import string
 
 api_bp = Blueprint('api', __name__, url_prefix='/api/v1')
+apilist_bp = Blueprint('apilist', __name__, url_prefix='/')
 
 apikey_schema = ApiKeySchema(many=True)
 apikey_single_schema = ApiKeySchema()
@@ -47,6 +48,7 @@ user_detailed_schema = UserDetailedSchema()
 account_schema = AccountSchema(many=True)
 account_single_schema = AccountSchema()
 
+
 def get_user_domains():
     domains = db.session.query(Domain) \
         .outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
@@ -177,6 +179,11 @@ def before_request():
             }))
 
 
+@apilist_bp.route('/api', methods=['GET'])
+def index():
+    return '[{"url": "/api/v1", "version": 1}]', 200
+
+
 @api_bp.route('/pdnsadmin/zones', methods=['POST'])
 @api_basic_auth
 @api_can_create_domain
@@ -294,7 +301,6 @@ def api_login_delete_zone(domain_name):
                               domain_id=domain_id)
             history.add()
 
-
     except Exception as e:
         current_app.logger.error('Error: {0}'.format(e))
         abort(500)
@@ -1087,7 +1093,7 @@ def api_zone_forward(server_id, zone_id):
     if 200 <= status < 300:
         current_app.logger.debug("Request to powerdns API successful")
         if Setting().get('enable_api_rr_history'):
-            if request.method in ['POST', 'PATCH'] :
+            if request.method in ['POST', 'PATCH']:
                 data = request.get_json(force=True)
                 for rrset_data in data['rrsets']:
                     history = History(msg='{0} zone {1} record of {2}'.format(
@@ -1160,8 +1166,10 @@ def api_get_zones(server_id):
         return jsonify(domain_schema.dump(domain_obj_list)), 200
     else:
         resp = helper.forward_request()
-        if (g.apikey.role.name not in ['Administrator', 'Operator']
-            and resp.status_code == 200):
+        if (
+            g.apikey.role.name not in ['Administrator', 'Operator']
+            and resp.status_code == 200
+        ):
             domain_list = [d['name']
                            for d in domain_schema.dump(g.apikey.domains)]
 
@@ -1182,6 +1190,7 @@ def api_server_forward():
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
 
+
 @api_bp.route('/servers/<string:server_id>', methods=['GET'])
 @apikey_auth
 def api_server_config_forward(server_id):

From 1926b862b8fcf784546e1508308d9dbbeaf72dfb Mon Sep 17 00:00:00 2001
From: TomSebty <61846662+TomSebty@users.noreply.github.com>
Date: Fri, 17 Jun 2022 18:50:51 +0300
Subject: [PATCH 064/203] feat: Option to forbid the creation of domain if it
 exists as a record (#1127)

When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
---
 powerdnsadmin/decorators.py             | 19 +++++++++++-
 powerdnsadmin/lib/errors.py             |  7 +++++
 powerdnsadmin/models/domain.py          | 15 +++++++++
 powerdnsadmin/models/setting.py         |  3 +-
 powerdnsadmin/routes/admin.py           |  2 +-
 powerdnsadmin/routes/domain.py          | 38 +++++++++++++++++++++--
 powerdnsadmin/templates/domain_add.html | 41 +++++++++++++++++++++++++
 7 files changed, 120 insertions(+), 5 deletions(-)

diff --git a/powerdnsadmin/decorators.py b/powerdnsadmin/decorators.py
index df1e348..819ee36 100644
--- a/powerdnsadmin/decorators.py
+++ b/powerdnsadmin/decorators.py
@@ -6,7 +6,7 @@ from flask_login import current_user
 
 from .models import User, ApiKey, Setting, Domain, Setting
 from .lib.errors import RequestIsNotJSON, NotEnoughPrivileges
-from .lib.errors import DomainAccessForbidden
+from .lib.errors import DomainAccessForbidden, DomainOverrideForbidden
 
 def admin_role_required(f):
     """
@@ -259,6 +259,13 @@ def api_can_create_domain(f):
             msg = "User {0} does not have enough privileges to create domain"
             current_app.logger.error(msg.format(current_user.username))
             raise NotEnoughPrivileges()
+        
+        if Setting().get('deny_domain_override'):
+            req = request.get_json(force=True)
+            domain = Domain()
+            if req['name'] and domain.is_overriding(req['name']):
+                raise DomainOverrideForbidden()
+
         return f(*args, **kwargs)
 
     return decorated_function
@@ -269,6 +276,9 @@ def apikey_can_create_domain(f):
     Grant access if:
         - user is in Operator role or higher, or
         - allow_user_create_domain is on
+        and
+        - deny_domain_override is off or
+        - override_domain is true (from request)
     """
     @wraps(f)
     def decorated_function(*args, **kwargs):
@@ -278,6 +288,13 @@ def apikey_can_create_domain(f):
             msg = "ApiKey #{0} does not have enough privileges to create domain"
             current_app.logger.error(msg.format(g.apikey.id))
             raise NotEnoughPrivileges()
+
+        if Setting().get('deny_domain_override'):
+            req = request.get_json(force=True)
+            domain = Domain()
+            if req['name'] and domain.is_overriding(req['name']):
+                raise DomainOverrideForbidden()
+
         return f(*args, **kwargs)
 
     return decorated_function
diff --git a/powerdnsadmin/lib/errors.py b/powerdnsadmin/lib/errors.py
index 687f554..f570b4e 100644
--- a/powerdnsadmin/lib/errors.py
+++ b/powerdnsadmin/lib/errors.py
@@ -44,6 +44,13 @@ class DomainAccessForbidden(StructuredException):
         self.message = message
         self.name = name
 
+class DomainOverrideForbidden(StructuredException):
+    status_code = 409
+
+    def __init__(self, name=None, message="Domain override of record not allowed"):
+        StructuredException.__init__(self)
+        self.message = message
+        self.name = name
 
 class ApiKeyCreateFail(StructuredException):
     status_code = 500
diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index cfc949d..e4b2776 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -881,3 +881,18 @@ class Domain(db.Model):
                 DomainUser.user_id == user_id,
                 AccountUser.user_id == user_id
             )).filter(Domain.id == self.id).first()
+
+    # Return None if this domain does not exist as record, 
+    # Return the parent domain that hold the record if exist
+    def is_overriding(self, domain_name):
+        upper_domain_name = '.'.join(domain_name.split('.')[1:])
+        while upper_domain_name != '':
+            if self.get_id_by_name(upper_domain_name.rstrip('.')) != None:
+                    upper_domain = self.get_domain_info(upper_domain_name)
+                    if 'rrsets' in upper_domain:
+                        for r in upper_domain['rrsets']:
+                            if domain_name.rstrip('.') in r['name'].rstrip('.'):
+                                current_app.logger.error('Domain already exists as a record: {} under domain: {}'.format(r['name'].rstrip('.'), upper_domain_name))
+                                return upper_domain_name
+            upper_domain_name = '.'.join(upper_domain_name.split('.')[1:])
+        return None
\ No newline at end of file
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index 33b8db5..46e6724 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -190,7 +190,8 @@ class Setting(db.Model):
         'otp_field_enabled': True,
         'custom_css': '',
         'otp_force': False,
-        'max_history_records': 1000
+        'max_history_records': 1000,
+        'deny_domain_override': False
     }
 
     def __init__(self, id=None, name=None, value=None):
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index ab5dce0..4782ba0 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1268,7 +1268,7 @@ def setting_basic():
             'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
             'session_timeout', 'warn_session_timeout', 'ttl_options',
             'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force'
+	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force', 'deny_domain_override'
         ]
 
         return render_template('admin_setting_basic.html', settings=settings)
diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index f94b2a1..3261264 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -32,7 +32,6 @@ domain_bp = Blueprint('domain',
                       template_folder='templates',
                       url_prefix='/domain')
 
-
 @domain_bp.before_request
 def before_request():
     # Check if user is anonymous
@@ -401,6 +400,38 @@ def add():
             account_name = Account().get_name_by_id(account_id)
 
             d = Domain()
+
+            ### Test if a record same as the domain already exists in an upper level domain
+            if Setting().get('deny_domain_override'):
+
+                upper_domain = None
+                domain_override = False
+                domain_override_toggle = False
+
+                if current_user.role.name in ['Administrator', 'Operator']:
+                    domain_override = request.form.get('domain_override')
+                    domain_override_toggle = True
+
+
+                # If overriding box is not selected.
+                # False = Do not allow ovrriding, perform checks
+                # True = Allow overriding, do not perform checks
+                if not domain_override:
+                    upper_domain = d.is_overriding(domain_name)
+
+                if upper_domain:
+                    if current_user.role.name in ['Administrator', 'Operator']:
+                        accounts = Account.query.order_by(Account.name).all()
+                    else:
+                        accounts = current_user.get_accounts()
+                    
+                    msg = 'Domain already exists as a record under domain: {}'.format(upper_domain)
+                    
+                    return render_template('domain_add.html', 
+                                            domain_override_message=msg,
+                                            accounts=accounts,
+                                            domain_override_toggle=domain_override_toggle)
+           
             result = d.add(domain_name=domain_name,
                            domain_type=domain_type,
                            soa_edit_api=soa_edit_api,
@@ -478,14 +509,17 @@ def add():
 
     # Get
     else:
+        domain_override_toggle = False
         # Admins and Operators can set to any account
         if current_user.role.name in ['Administrator', 'Operator']:
             accounts = Account.query.order_by(Account.name).all()
+            domain_override_toggle = True
         else:
             accounts = current_user.get_accounts()
         return render_template('domain_add.html',
                                templates=templates,
-                               accounts=accounts)
+                               accounts=accounts,
+                               domain_override_toggle=domain_override_toggle)
 
 
 
diff --git a/powerdnsadmin/templates/domain_add.html b/powerdnsadmin/templates/domain_add.html
index f6e0054..607730f 100644
--- a/powerdnsadmin/templates/domain_add.html
+++ b/powerdnsadmin/templates/domain_add.html
@@ -34,6 +34,13 @@
                             <input type="text" class="form-control" name="domain_name" id="domain_name"
                                 placeholder="Enter a valid domain name (required)">
                         </div>
+                        {% if domain_override_toggle == True %}
+                        <div class="form-group">
+                            <label>Domain Override Record</label>
+                            <input type="checkbox" id="domain_override" name="domain_override"
+                                class="checkbox">
+                        </div>
+                        {% endif %}
                         <select name="accountid" class="form-control" style="width:15em;">
                             <option value="0">- No Account -</option>
                             {% for account in accounts %}
@@ -178,3 +185,37 @@
     });
 </script>
 {% endblock %}
+{% block modals %}
+<script>
+{% if domain_override_message %}
+    $(document.body).ready(function () {
+        var modal = $("#modal_warning");
+        var info = "{{ domain_override_message }}";
+        modal.find('.modal-body p').text(info);
+        modal.modal('show');
+    });
+{% endif %}
+</script>
+</div>
+<div class="modal fade" id="modal_warning">
+  <div class="modal-dialog">
+      <div class="modal-content modal-sm">
+          <div class="modal-header alert-danger">
+              <button type="button" class="close" data-dismiss="modal" aria-label="Close" id="button_close_warn_modal">
+                  <span aria-hidden="true">&times;</span>
+              </button>
+              <h4 class="modal-title">WARNING</h4>
+          </div>
+          <div class="modal-body">
+              <p></p>
+          </div>
+          <div class="modal-footer">
+              <button type="button" class="btn btn-flat btn-primary center-block" data-dismiss="modal" id="button_confirm_warn_modal">
+                  CLOSE</button>
+          </div>
+      </div>
+      <!-- /.modal-content -->
+  </div>
+  <!-- /.modal-dialog -->
+</div>
+{% endblock %}

From bf83e68a4bba0ef41ea836639537ec1c4ba8fce1 Mon Sep 17 00:00:00 2001
From: gadall <gedalya@gedalya.net>
Date: Sat, 18 Jun 2022 18:11:22 +0800
Subject: [PATCH 065/203] Fix DynDNS2 using X-Forwarded-For (#1214)

utils.validate_ipaddress() takes a string, not a list
---
 powerdnsadmin/routes/index.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index f9a5649..7b8b9e8 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -836,7 +836,7 @@ def dyndns_update():
 
     remote_addr = utils.validate_ipaddress(
         request.headers.get('X-Forwarded-For',
-                            request.remote_addr).split(', ')[:1])
+                            request.remote_addr).split(', ')[0])
 
     response = 'nochg'
     for ip in myip_addr or remote_addr:

From 81f158d9bcf821f929fb8c65d9a59f903acb0ec1 Mon Sep 17 00:00:00 2001
From: RGanor <44501230+RGanor@users.noreply.github.com>
Date: Sat, 18 Jun 2022 15:20:49 +0300
Subject: [PATCH 066/203] enh: Enforce Record Restrictions in API (#1089)

Co-authored-by: Tom <tom@tom.com>
---
 powerdnsadmin/decorators.py     | 57 ++++++++++++++++++++++++++++++++-
 powerdnsadmin/lib/errors.py     | 17 +++++++++-
 powerdnsadmin/models/setting.py |  3 +-
 powerdnsadmin/routes/admin.py   |  2 +-
 powerdnsadmin/routes/api.py     |  4 ++-
 5 files changed, 78 insertions(+), 5 deletions(-)

diff --git a/powerdnsadmin/decorators.py b/powerdnsadmin/decorators.py
index 819ee36..6382141 100644
--- a/powerdnsadmin/decorators.py
+++ b/powerdnsadmin/decorators.py
@@ -5,9 +5,10 @@ from flask import g, request, abort, current_app, Response
 from flask_login import current_user
 
 from .models import User, ApiKey, Setting, Domain, Setting
-from .lib.errors import RequestIsNotJSON, NotEnoughPrivileges
+from .lib.errors import RequestIsNotJSON, NotEnoughPrivileges, RecordTTLNotAllowed, RecordTypeNotAllowed
 from .lib.errors import DomainAccessForbidden, DomainOverrideForbidden
 
+
 def admin_role_required(f):
     """
     Grant access if user is in Administrator role
@@ -384,6 +385,60 @@ def apikey_can_configure_dnssec(http_methods=[]):
         return decorated_function
     return decorator
 
+def allowed_record_types(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if request.method == 'GET':
+            return f(*args, **kwargs)
+
+        if g.apikey.role.name in ['Administrator', 'Operator']:
+            return f(*args, **kwargs)
+
+        records_allowed_to_edit = Setting().get_records_allow_to_edit()
+        content = request.get_json()
+        try:
+            for record in content['rrsets']:
+                if 'type' not in record:
+                    raise RecordTypeNotAllowed()
+
+                if record['type'] not in records_allowed_to_edit:
+                    current_app.logger.error(f"Error: Record type not allowed: {record['type']}")
+                    raise RecordTypeNotAllowed(message=f"Record type not allowed: {record['type']}")
+        except (TypeError, KeyError) as e:
+            raise e
+        return f(*args, **kwargs)
+
+    return decorated_function
+
+def allowed_record_ttl(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not Setting().get('enforce_api_ttl'):
+            return f(*args, **kwargs)
+
+        if request.method == 'GET':
+            return f(*args, **kwargs)
+            
+        if g.apikey.role.name in ['Administrator', 'Operator']:
+            return f(*args, **kwargs)
+
+        allowed_ttls = Setting().get_ttl_options()
+        allowed_numeric_ttls = [ ttl[0] for ttl in allowed_ttls ]
+        content = request.get_json()
+        try:
+            for record in content['rrsets']:
+                if 'ttl' not in record:
+                    raise RecordTTLNotAllowed()
+
+                if record['ttl'] not in allowed_numeric_ttls:
+                    current_app.logger.error(f"Error: Record TTL not allowed: {record['ttl']}")
+                    raise RecordTTLNotAllowed(message=f"Record TTL not allowed: {record['ttl']}")
+        except (TypeError, KeyError) as e:
+            raise e
+        return f(*args, **kwargs)
+
+    return decorated_function
+
 
 def apikey_auth(f):
     @wraps(f)
diff --git a/powerdnsadmin/lib/errors.py b/powerdnsadmin/lib/errors.py
index f570b4e..d432bf4 100644
--- a/powerdnsadmin/lib/errors.py
+++ b/powerdnsadmin/lib/errors.py
@@ -170,7 +170,6 @@ class UserUpdateFailEmail(StructuredException):
         self.message = message
         self.name = name
 
-
 class UserDeleteFail(StructuredException):
     status_code = 500
 
@@ -178,3 +177,19 @@ class UserDeleteFail(StructuredException):
         StructuredException.__init__(self)
         self.message = message
         self.name = name
+
+class RecordTypeNotAllowed(StructuredException):
+    status_code = 400
+
+    def __init__(self, name=None, message="Record type not allowed or does not present"):
+        StructuredException.__init__(self)
+        self.message = message
+        self.name = name
+
+class RecordTTLNotAllowed(StructuredException):
+    status_code = 400
+
+    def __init__(self, name=None, message="Record TTL not allowed or does not present"):
+        StructuredException.__init__(self)
+        self.message = message
+        self.name = name
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index 46e6724..cdeb865 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -28,7 +28,7 @@ class Setting(db.Model):
         'allow_user_create_domain': False,
         'allow_user_remove_domain': False,
         'allow_user_view_history': False,
-	'delete_sso_accounts': False,
+	    'delete_sso_accounts': False,
         'bg_domain_updates': False,
         'enable_api_rr_history': True,
         'site_name': 'PowerDNS-Admin',
@@ -110,6 +110,7 @@ class Setting(db.Model):
         'oidc_oauth_email': 'email',
         'oidc_oauth_account_name_property': '',
         'oidc_oauth_account_description_property': '',
+        'enforce_api_ttl': False,
         'forward_records_allow_edit': {
             'A': True,
             'AAAA': True,
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 4782ba0..b0adc61 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1268,7 +1268,7 @@ def setting_basic():
             'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
             'session_timeout', 'warn_session_timeout', 'ttl_options',
             'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force', 'deny_domain_override'
+	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force', 'deny_domain_override', 'enforce_api_ttl'
         ]
 
         return render_template('admin_setting_basic.html', settings=settings)
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 036912b..1f00b31 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -30,7 +30,7 @@ from ..decorators import (
     apikey_can_create_domain, apikey_can_remove_domain,
     apikey_is_admin, apikey_can_access_domain, apikey_can_configure_dnssec,
     api_role_can, apikey_or_basic_auth,
-    callback_if_request_body_contains_key,
+    callback_if_request_body_contains_key, allowed_record_types, allowed_record_ttl
 )
 import secrets
 import string
@@ -1079,6 +1079,8 @@ def api_zone_subpath_forward(server_id, zone_id, subpath):
 @api_bp.route('/servers/<string:server_id>/zones/<string:zone_id>',
               methods=['GET', 'PUT', 'PATCH', 'DELETE'])
 @apikey_auth
+@allowed_record_types
+@allowed_record_ttl
 @apikey_can_access_domain
 @apikey_can_remove_domain(http_methods=['DELETE'])
 @callback_if_request_body_contains_key(apikey_can_configure_dnssec()(),

From beed738d02dc93e384b312fe77966f120cf1142d Mon Sep 17 00:00:00 2001
From: AdvanticGmbH <81569672+AdvanticGmbH@users.noreply.github.com>
Date: Sat, 18 Jun 2022 14:23:05 +0200
Subject: [PATCH 067/203] enh: Improve performance of domain update (#1218)

author: @AdvanticGmbH
---
 powerdnsadmin/models/domain.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index e4b2776..bbd71e1 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -143,9 +143,20 @@ class Domain(db.Model):
                 current_app.logger.debug(traceback.format_exc())
 
             # update/add new domain
+            account_cache = {}
             for data in jdata:
                 if 'account' in data:
-                    account_id = Account().get_id_by_name(data['account'])
+                    # if no account is set don't try to query db
+                    if data['account'] == '':
+                        find_account_id = None
+                    else:
+                        find_account_id = account_cache.get(data['account'])
+                        # if account was not queried in the past and hence not in cache
+                        if find_account_id is None:
+                            find_account_id = Account().get_id_by_name(data['account'])
+                            # add to cache
+                            account_cache[data['account']] = find_account_id
+                    account_id = find_account_id
                 else:
                     current_app.logger.debug(
                         "No 'account' data found in API result - Unsupported PowerDNS version?"

From a3c50828a631d7627f0db34548773c594430220e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Fri, 19 Nov 2021 00:34:16 +0100
Subject: [PATCH 068/203] feat: Allow underscores and hyphens in account name

---
 powerdnsadmin/models/account.py                 |  2 +-
 powerdnsadmin/routes/index.py                   | 10 +++++-----
 powerdnsadmin/templates/admin_edit_account.html |  6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/powerdnsadmin/models/account.py b/powerdnsadmin/models/account.py
index 4d08fc1..4e3ca97 100644
--- a/powerdnsadmin/models/account.py
+++ b/powerdnsadmin/models/account.py
@@ -35,7 +35,7 @@ class Account(db.Model):
 
         if self.name is not None:
             self.name = ''.join(c for c in self.name.lower()
-                                if c in "abcdefghijklmnopqrstuvwxyz0123456789")
+                                if c in "abcdefghijklmnopqrstuvwxyz0123456789_-")
 
     def __repr__(self):
         return '<Account {0}r>'.format(self.name)
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index d2a7e0a..342b06e 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -331,7 +331,7 @@ def login():
                         # check if user has permissions
                         account_users = account.get_user()
                         current_app.logger.info('Group: {} Users: {}'.format(
-                            group_name, 
+                            group_name,
                             account_users))
                         if user.id in account_users:
                             current_app.logger.info('User id {} is already in account {}'.format(
@@ -351,7 +351,7 @@ def login():
                         account.mail = ''
                         account.create_account()
                         history = History(msg='Create account {0}'.format(
-                            account.name), 
+                            account.name),
                             created_by='System')
                         history.add()
 
@@ -485,13 +485,13 @@ def login():
                                        saml_enabled=SAML_ENABLED,
                                        error='Token required')
 
-        if Setting().get('autoprovisioning') and auth_method!='LOCAL': 
+        if Setting().get('autoprovisioning') and auth_method!='LOCAL':
             urn_value=Setting().get('urn_value')
             Entitlements=user.read_entitlements(Setting().get('autoprovisioning_attribute'))
             if len(Entitlements)==0 and Setting().get('purge'):
                 user.set_role("User")
                 user.revoke_privilege(True)
-                
+
             elif len(Entitlements)!=0:
                 if checkForPDAEntries(Entitlements, urn_value):
                     user.updateUser(Entitlements)
@@ -1093,7 +1093,7 @@ def create_group_to_account_mapping():
 
 def handle_account(account_name, account_description=""):
     clean_name = ''.join(c for c in account_name.lower()
-                         if c in "abcdefghijklmnopqrstuvwxyz0123456789")
+                         if c in "abcdefghijklmnopqrstuvwxyz0123456789_-")
     if len(clean_name) > Account.name.type.length:
         current_app.logger.error(
             "Account name {0} too long. Truncated.".format(clean_name))
diff --git a/powerdnsadmin/templates/admin_edit_account.html b/powerdnsadmin/templates/admin_edit_account.html
index 41f2d43..0514ead 100644
--- a/powerdnsadmin/templates/admin_edit_account.html
+++ b/powerdnsadmin/templates/admin_edit_account.html
@@ -49,7 +49,7 @@
                             <span class="fa fa-cog form-control-feedback"></span>
                             {% if invalid_accountname %}
                             <span class="help-block">Cannot be blank and must only contain alphanumeric
-                                characters.</span>
+                                characters, hyphens or underscores.</span>
                             {% elif duplicate_accountname %}
                             <span class="help-block">Account name already in use.</span>
                             {% endif %}
@@ -112,8 +112,8 @@
                     </p>
                     <p>Fill in all the fields to the in the form to the left.</p>
                     <p>
-                        <strong>Name</strong> is an account identifier. It will be stored as all lowercase letters (no
-                        spaces, special characters etc).<br />
+                        <strong>Name</strong> is an account identifier. It will be lowercased and can contain alphanumeric
+                        characters, hyphens and underscores (no space or other special character is allowed).<br />
                         <strong>Description</strong> is a user friendly name for this account.<br />
                         <strong>Contact person</strong> is the name of a contact person at the account.<br />
                         <strong>Mail Address</strong> is an e-mail address for the contact person.

From eb13b37e096f65e448cc09373d9d9708d0a220e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Wed, 1 Dec 2021 14:35:05 +0100
Subject: [PATCH 069/203] feat: Add the extra chars as an option

---
 powerdnsadmin/models/account.py                 |  6 +++++-
 powerdnsadmin/models/setting.py                 | 11 ++++++-----
 powerdnsadmin/routes/admin.py                   |  3 ++-
 powerdnsadmin/routes/index.py                   | 10 +++++++---
 powerdnsadmin/templates/admin_edit_account.html |  5 +++--
 5 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/powerdnsadmin/models/account.py b/powerdnsadmin/models/account.py
index 4e3ca97..7425afc 100644
--- a/powerdnsadmin/models/account.py
+++ b/powerdnsadmin/models/account.py
@@ -34,8 +34,12 @@ class Account(db.Model):
         self.API_EXTENDED_URL = utils.pdns_api_extended_uri(self.PDNS_VERSION)
 
         if self.name is not None:
+            if Setting().get('account_name_extra_chars'):
+                char_list = "abcdefghijklmnopqrstuvwxyz0123456789_-."
+            else:
+                char_list = "abcdefghijklmnopqrstuvwxyz0123456789"
             self.name = ''.join(c for c in self.name.lower()
-                                if c in "abcdefghijklmnopqrstuvwxyz0123456789_-")
+                                if c in char_list)
 
     def __repr__(self):
         return '<Account {0}r>'.format(self.name)
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index cdeb865..51e78e5 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -192,7 +192,8 @@ class Setting(db.Model):
         'custom_css': '',
         'otp_force': False,
         'max_history_records': 1000,
-        'deny_domain_override': False
+        'deny_domain_override': False,
+        'account_name_extra_chars': False
     }
 
     def __init__(self, id=None, name=None, value=None):
@@ -273,15 +274,15 @@ class Setting(db.Model):
 
     def get(self, setting):
         if setting in self.defaults:
- 
+
             if setting.upper() in current_app.config:
                 result = current_app.config[setting.upper()]
             else:
                 result = self.query.filter(Setting.name == setting).first()
- 
+
             if result is not None:
                 if hasattr(result,'value'):
-                    result = result.value 
+                    result = result.value
                 return strtobool(result) if result in [
                     'True', 'False'
                 ] else result
@@ -289,7 +290,7 @@ class Setting(db.Model):
                 return self.defaults[setting]
         else:
             current_app.logger.error('Unknown setting queried: {0}'.format(setting))
-            
+
     def get_records_allow_to_edit(self):
         return list(
             set(self.get_forward_records_allow_to_edit() +
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index b0adc61..c5f28d1 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1268,7 +1268,8 @@ def setting_basic():
             'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
             'session_timeout', 'warn_session_timeout', 'ttl_options',
             'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force', 'deny_domain_override', 'enforce_api_ttl'
+            'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force',
+            'deny_domain_override', 'enforce_api_ttl', 'account_name_extra_chars'
         ]
 
         return render_template('admin_setting_basic.html', settings=settings)
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 342b06e..6f5f0e2 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -401,7 +401,7 @@ def login():
             if name_prop in me and desc_prop in me:
                 accounts_name_prop = [me[name_prop]] if type(me[name_prop]) is not list else me[name_prop]
                 accounts_desc_prop = [me[desc_prop]] if type(me[desc_prop]) is not list else me[desc_prop]
-		
+
                 #Run on all groups the user is in by the index num.
                 for i in range(len(accounts_name_prop)):
                     description = ''
@@ -411,7 +411,7 @@ def login():
 
                     account_to_add.append(account)
                 user_accounts = user.get_accounts()
-                
+
 		# Add accounts
                 for account in account_to_add:
                     if account not in user_accounts:
@@ -1092,8 +1092,12 @@ def create_group_to_account_mapping():
 
 
 def handle_account(account_name, account_description=""):
+    if Setting().get('account_name_extra_chars'):
+        char_list = "abcdefghijklmnopqrstuvwxyz0123456789_-."
+    else:
+        char_list = "abcdefghijklmnopqrstuvwxyz0123456789"
     clean_name = ''.join(c for c in account_name.lower()
-                         if c in "abcdefghijklmnopqrstuvwxyz0123456789_-")
+                         if c in char_list)
     if len(clean_name) > Account.name.type.length:
         current_app.logger.error(
             "Account name {0} too long. Truncated.".format(clean_name))
diff --git a/powerdnsadmin/templates/admin_edit_account.html b/powerdnsadmin/templates/admin_edit_account.html
index 0514ead..1946bc9 100644
--- a/powerdnsadmin/templates/admin_edit_account.html
+++ b/powerdnsadmin/templates/admin_edit_account.html
@@ -49,7 +49,7 @@
                             <span class="fa fa-cog form-control-feedback"></span>
                             {% if invalid_accountname %}
                             <span class="help-block">Cannot be blank and must only contain alphanumeric
-                                characters, hyphens or underscores.</span>
+                                characters{% if SETTING.get('account_name_extra_chars') %}, dots, hyphens or underscores{% endif %}.</span>
                             {% elif duplicate_accountname %}
                             <span class="help-block">Account name already in use.</span>
                             {% endif %}
@@ -113,7 +113,8 @@
                     <p>Fill in all the fields to the in the form to the left.</p>
                     <p>
                         <strong>Name</strong> is an account identifier. It will be lowercased and can contain alphanumeric
-                        characters, hyphens and underscores (no space or other special character is allowed).<br />
+                        characters{% if SETTING.get('account_name_extra_chars') %}, dots, hyphens and underscores (no space or other special character is allowed)
+                        {% else %} (no extra character is allowed){% endif %}.<br />
                         <strong>Description</strong> is a user friendly name for this account.<br />
                         <strong>Contact person</strong> is the name of a contact person at the account.<br />
                         <strong>Mail Address</strong> is an e-mail address for the contact person.

From a87b9315202fbe6af50293874df094ccde2a54e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Fri, 31 Dec 2021 09:51:12 +0100
Subject: [PATCH 070/203] feat: Move the account parse calls to a method

---
 powerdnsadmin/lib/errors.py     |  8 ++++++-
 powerdnsadmin/models/account.py | 40 +++++++++++++++++++++++----------
 powerdnsadmin/routes/api.py     | 22 ++++++++++--------
 powerdnsadmin/routes/index.py   | 26 +++++++++------------
 4 files changed, 58 insertions(+), 38 deletions(-)

diff --git a/powerdnsadmin/lib/errors.py b/powerdnsadmin/lib/errors.py
index d432bf4..e1e0785 100644
--- a/powerdnsadmin/lib/errors.py
+++ b/powerdnsadmin/lib/errors.py
@@ -136,6 +136,13 @@ class AccountNotExists(StructuredException):
         self.message = message
         self.name = name
 
+class InvalidAccountNameException(StructuredException):
+    status_code = 400
+
+    def __init__(self, name=None, message="The account name is invalid"):
+        StructuredException.__init__(self)
+        self.message = message
+        self.name = name
 
 class UserCreateFail(StructuredException):
     status_code = 500
@@ -145,7 +152,6 @@ class UserCreateFail(StructuredException):
         self.message = message
         self.name = name
 
-
 class UserCreateDuplicate(StructuredException):
     status_code = 409
 
diff --git a/powerdnsadmin/models/account.py b/powerdnsadmin/models/account.py
index 7425afc..ab2341e 100644
--- a/powerdnsadmin/models/account.py
+++ b/powerdnsadmin/models/account.py
@@ -3,6 +3,7 @@ from flask import current_app
 from urllib.parse import urljoin
 
 from ..lib import utils
+from ..lib.errors import InvalidAccountNameException
 from .base import db
 from .setting import Setting
 from .user import User
@@ -22,7 +23,7 @@ class Account(db.Model):
                               back_populates="accounts")
 
     def __init__(self, name=None, description=None, contact=None, mail=None):
-        self.name = name
+        self.name = Account.sanitize_name(name) if name is not None else name
         self.description = description
         self.contact = contact
         self.mail = mail
@@ -33,13 +34,30 @@ class Account(db.Model):
         self.PDNS_VERSION = Setting().get('pdns_version')
         self.API_EXTENDED_URL = utils.pdns_api_extended_uri(self.PDNS_VERSION)
 
-        if self.name is not None:
-            if Setting().get('account_name_extra_chars'):
-                char_list = "abcdefghijklmnopqrstuvwxyz0123456789_-."
-            else:
-                char_list = "abcdefghijklmnopqrstuvwxyz0123456789"
-            self.name = ''.join(c for c in self.name.lower()
-                                if c in char_list)
+
+    @staticmethod
+    def sanitize_name(name):
+        """
+        Formats the provided name to fit into the constraint
+        """
+        if not isinstance(name, str):
+            raise InvalidAccountNameException("Account name must be a string")
+
+        allowed_characters = "abcdefghijklmnopqrstuvwxyz0123456789"
+
+        if Setting().get('account_name_extra_chars'):
+            allowed_characters += "_-."
+
+        sanitized_name = ''.join(c for c in name.lower() if c in allowed_characters)
+
+        if len(sanitized_name) > Account.name.type.length:
+            current_app.logger.error("Account name {0} too long. Truncated to: {1}".format(
+                                     sanitized_name, sanitized_name[:Account.name.type.length]))
+
+        if not sanitized_name:
+            raise InvalidAccountNameException("Empty string is not a valid account name")
+
+        return sanitized_name[:Account.name.type.length]
 
     def __repr__(self):
         return '<Account {0}r>'.format(self.name)
@@ -72,11 +90,9 @@ class Account(db.Model):
         """
         Create a new account
         """
-        # Sanity check - account name
-        if self.name == "":
-            return {'status': False, 'msg': 'No account name specified'}
+        self.name = Account.sanitize_name(self.name)
 
-        # check that account name is not already used
+        # Check that account name is not already used
         account = Account.query.filter(Account.name == self.name).first()
         if account:
             return {'status': False, 'msg': 'Account already exists'}
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 1f00b31..672e84a 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -23,7 +23,7 @@ from ..lib.errors import (
     AccountCreateFail, AccountUpdateFail, AccountDeleteFail,
     AccountCreateDuplicate, AccountNotExists,
     UserCreateFail, UserCreateDuplicate, UserUpdateFail, UserDeleteFail,
-    UserUpdateFailEmail
+    UserUpdateFailEmail, InvalidAccountNameException
 )
 from ..decorators import (
     api_basic_auth, api_can_create_domain, is_json, apikey_auth,
@@ -870,12 +870,15 @@ def api_create_account():
     contact = data['contact'] if 'contact' in data else None
     mail = data['mail'] if 'mail' in data else None
     if not name:
-        current_app.logger.debug("Account name missing")
-        abort(400)
+        current_app.logger.debug("Account creation failed: name missing")
+        raise InvalidAccountNameException(message="Account name missing")
+
+    sanitized_name = Account.sanitize_name(name)
+    account_exists = Account.query.filter(Account.name == sanitized_name).all()
 
-    account_exists = [] or Account.query.filter(Account.name == name).all()
     if len(account_exists) > 0:
-        msg = "Account {} already exists".format(name)
+        msg = ("Requested Account {} would be translated to {}"
+               " which already exists").format(name, sanitized_name)
         current_app.logger.debug(msg)
         raise AccountCreateDuplicate(message=msg)
 
@@ -913,8 +916,9 @@ def api_update_account(account_id):
     if not account:
         abort(404)
 
-    if name and name != account.name:
-        abort(400)
+    if name and Account.sanitize_name(name) != account.name:
+        msg = "Account name is immutable"
+        raise AccountUpdateFail(message=msg)
 
     if current_user.role.name not in ['Administrator', 'Operator']:
         msg = "User role update accounts"
@@ -1212,13 +1216,13 @@ def sync_domains():
 def health():
     domain = Domain()
     domain_to_query = domain.query.first()
-    
+
     if not domain_to_query:
         current_app.logger.error("No domain found to query a health check")
         return make_response("Unknown", 503)
 
     try:
-        domain.get_domain_info(domain_to_query.name)                                
+        domain.get_domain_info(domain_to_query.name)
     except Exception as e:
         current_app.logger.error("Health Check - Failed to query authoritative server for domain {}".format(domain_to_query.name))
         return make_response("Down", 503)
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 6f5f0e2..93823ce 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -323,8 +323,8 @@ def login():
                             # Regexp didn't match, continue to next iteration
                             continue
 
-                    account = Account()
-                    account_id = account.get_id_by_name(account_name=group_name)
+                    sanitized_group_name = Account.sanitize_name(group_name)
+                    account_id = account.get_id_by_name(account_name=sanitized_group_name)
 
                     if account_id:
                         account = Account.query.get(account_id)
@@ -345,10 +345,12 @@ def login():
                             current_app.logger.info('User {} added to Account {}'.format(
                                 user.username, account.name))
                     else:
-                        account.name = group_name
-                        account.description = group_description
-                        account.contact = ''
-                        account.mail = ''
+                        account = Account(
+                            name=sanitized_group_name,
+                            description=group_description,
+                            contact='',
+                            mail=''
+                        )
                         account.create_account()
                         history = History(msg='Create account {0}'.format(
                             account.name),
@@ -1092,18 +1094,10 @@ def create_group_to_account_mapping():
 
 
 def handle_account(account_name, account_description=""):
-    if Setting().get('account_name_extra_chars'):
-        char_list = "abcdefghijklmnopqrstuvwxyz0123456789_-."
-    else:
-        char_list = "abcdefghijklmnopqrstuvwxyz0123456789"
-    clean_name = ''.join(c for c in account_name.lower()
-                         if c in char_list)
-    if len(clean_name) > Account.name.type.length:
-        current_app.logger.error(
-            "Account name {0} too long. Truncated.".format(clean_name))
+    clean_name = Account.sanitize_name(account_name)
     account = Account.query.filter_by(name=clean_name).first()
     if not account:
-        account = Account(name=clean_name.lower(),
+        account = Account(name=clean_name,
                           description=account_description,
                           contact='',
                           mail='')

From 3e462dab1749887a24bfdc39fabdecea5bf7d9cb Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 12:53:19 +0200
Subject: [PATCH 071/203] Fix csrf configuration

CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
---
 powerdnsadmin/__init__.py        | 28 +---------------------------
 powerdnsadmin/routes/__init__.py |  3 ++-
 powerdnsadmin/routes/api.py      | 20 ++++++++++++++++++++
 powerdnsadmin/routes/base.py     |  4 ++++
 powerdnsadmin/routes/index.py    |  5 ++++-
 5 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/powerdnsadmin/__init__.py b/powerdnsadmin/__init__.py
index c70b273..02479a5 100755
--- a/powerdnsadmin/__init__.py
+++ b/powerdnsadmin/__init__.py
@@ -1,7 +1,6 @@
 import os
 import logging
 from flask import Flask
-from flask_seasurf import SeaSurf
 from flask_mail import Mail
 from werkzeug.middleware.proxy_fix import ProxyFix
 from flask_session import Session
@@ -33,31 +32,6 @@ def create_app(config=None):
     # Proxy
     app.wsgi_app = ProxyFix(app.wsgi_app)
 
-    # CSRF protection
-    csrf = SeaSurf(app)
-    csrf.exempt(routes.index.dyndns_checkip)
-    csrf.exempt(routes.index.dyndns_update)
-    csrf.exempt(routes.index.saml_authorized)
-    csrf.exempt(routes.api.api_login_create_zone)
-    csrf.exempt(routes.api.api_login_delete_zone)
-    csrf.exempt(routes.api.api_generate_apikey)
-    csrf.exempt(routes.api.api_delete_apikey)
-    csrf.exempt(routes.api.api_update_apikey)
-    csrf.exempt(routes.api.api_zone_subpath_forward)
-    csrf.exempt(routes.api.api_zone_forward)
-    csrf.exempt(routes.api.api_create_zone)
-    csrf.exempt(routes.api.api_create_account)
-    csrf.exempt(routes.api.api_delete_account)
-    csrf.exempt(routes.api.api_update_account)
-    csrf.exempt(routes.api.api_create_user)
-    csrf.exempt(routes.api.api_delete_user)
-    csrf.exempt(routes.api.api_update_user)
-    csrf.exempt(routes.api.api_list_account_users)
-    csrf.exempt(routes.api.api_add_account_user)
-    csrf.exempt(routes.api.api_remove_account_user)
-    csrf.exempt(routes.api.api_zone_cryptokeys)
-    csrf.exempt(routes.api.api_zone_cryptokey)
-
     # Load config from env variables if using docker
     if os.path.exists(os.path.join(app.root_path, 'docker_config.py')):
         app.config.from_object('powerdnsadmin.docker_config')
@@ -69,7 +43,7 @@ def create_app(config=None):
     if 'FLASK_CONF' in os.environ:
         app.config.from_envvar('FLASK_CONF')
 
-    # Load app sepecified configuration
+    # Load app specified configuration
     if config is not None:
         if isinstance(config, dict):
             app.config.update(config)
diff --git a/powerdnsadmin/routes/__init__.py b/powerdnsadmin/routes/__init__.py
index b22324b..7d8aa9a 100644
--- a/powerdnsadmin/routes/__init__.py
+++ b/powerdnsadmin/routes/__init__.py
@@ -1,5 +1,5 @@
 from .base import (
-    login_manager, handle_bad_request, handle_unauthorized_access,
+    csrf, login_manager, handle_bad_request, handle_unauthorized_access,
     handle_access_forbidden, handle_page_not_found, handle_internal_server_error
 )
 
@@ -13,6 +13,7 @@ from .api import api_bp, apilist_bp
 
 def init_app(app):
     login_manager.init_app(app)
+    csrf.init_app(app)
 
     app.register_blueprint(index_bp)
     app.register_blueprint(user_bp)
diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py
index 672e84a..3df31e1 100644
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@@ -6,6 +6,7 @@ from flask import (
 )
 from flask_login import current_user
 
+from .base import csrf
 from ..models.base import db
 from ..models import (
     User, Domain, DomainUser, Account, AccountUser, History, Setting, ApiKey,
@@ -187,6 +188,7 @@ def index():
 @api_bp.route('/pdnsadmin/zones', methods=['POST'])
 @api_basic_auth
 @api_can_create_domain
+@csrf.exempt
 def api_login_create_zone():
     pdns_api_url = Setting().get('pdns_api_url')
     pdns_api_key = Setting().get('pdns_api_key')
@@ -255,6 +257,7 @@ def api_login_list_zones():
 @api_bp.route('/pdnsadmin/zones/<string:domain_name>', methods=['DELETE'])
 @api_basic_auth
 @api_can_create_domain
+@csrf.exempt
 def api_login_delete_zone(domain_name):
     pdns_api_url = Setting().get('pdns_api_url')
     pdns_api_key = Setting().get('pdns_api_key')
@@ -310,6 +313,7 @@ def api_login_delete_zone(domain_name):
 
 @api_bp.route('/pdnsadmin/apikeys', methods=['POST'])
 @api_basic_auth
+@csrf.exempt
 def api_generate_apikey():
     data = request.get_json()
     description = None
@@ -466,6 +470,7 @@ def api_get_apikey(apikey_id):
 
 @api_bp.route('/pdnsadmin/apikeys/<int:apikey_id>', methods=['DELETE'])
 @api_basic_auth
+@csrf.exempt
 def api_delete_apikey(apikey_id):
     apikey = ApiKey.query.get(apikey_id)
 
@@ -503,6 +508,7 @@ def api_delete_apikey(apikey_id):
 
 @api_bp.route('/pdnsadmin/apikeys/<int:apikey_id>', methods=['PUT'])
 @api_basic_auth
+@csrf.exempt
 def api_update_apikey(apikey_id):
     # if role different and user is allowed to change it, update
     # if apikey domains are different and user is allowed to handle
@@ -664,6 +670,7 @@ def api_list_users(username=None):
 @api_bp.route('/pdnsadmin/users', methods=['POST'])
 @api_basic_auth
 @api_role_can('create users', allow_self=True)
+@csrf.exempt
 def api_create_user():
     """
     Create new user
@@ -737,6 +744,7 @@ def api_create_user():
 @api_bp.route('/pdnsadmin/users/<int:user_id>', methods=['PUT'])
 @api_basic_auth
 @api_role_can('update users', allow_self=True)
+@csrf.exempt
 def api_update_user(user_id):
     """
     Update existing user
@@ -809,6 +817,7 @@ def api_update_user(user_id):
 @api_bp.route('/pdnsadmin/users/<int:user_id>', methods=['DELETE'])
 @api_basic_auth
 @api_role_can('delete users')
+@csrf.exempt
 def api_delete_user(user_id):
     user = User.query.get(user_id)
     if not user:
@@ -860,6 +869,7 @@ def api_list_accounts(account_name):
 
 @api_bp.route('/pdnsadmin/accounts', methods=['POST'])
 @api_basic_auth
+@csrf.exempt
 def api_create_account():
     if current_user.role.name not in ['Administrator', 'Operator']:
         msg = "{} role cannot create accounts".format(current_user.role.name)
@@ -904,6 +914,7 @@ def api_create_account():
 @api_bp.route('/pdnsadmin/accounts/<int:account_id>', methods=['PUT'])
 @api_basic_auth
 @api_role_can('update accounts')
+@csrf.exempt
 def api_update_account(account_id):
     data = request.get_json()
     name = data['name'] if 'name' in data else None
@@ -945,6 +956,7 @@ def api_update_account(account_id):
 @api_bp.route('/pdnsadmin/accounts/<int:account_id>', methods=['DELETE'])
 @api_basic_auth
 @api_role_can('delete accounts')
+@csrf.exempt
 def api_delete_account(account_id):
     account_list = [] or Account.query.filter(Account.id == account_id).all()
     if len(account_list) == 1:
@@ -996,6 +1008,7 @@ def api_list_account_users(account_id):
     methods=['PUT'])
 @api_basic_auth
 @api_role_can('add user to account')
+@csrf.exempt
 def api_add_account_user(account_id, user_id):
     account = Account.query.get(account_id)
     if not account:
@@ -1023,6 +1036,7 @@ def api_add_account_user(account_id, user_id):
     methods=['DELETE'])
 @api_basic_auth
 @api_role_can('remove user from account')
+@csrf.exempt
 def api_remove_account_user(account_id, user_id):
     account = Account.query.get(account_id)
     if not account:
@@ -1054,6 +1068,7 @@ def api_remove_account_user(account_id, user_id):
 @apikey_auth
 @apikey_can_access_domain
 @apikey_can_configure_dnssec(http_methods=['POST'])
+@csrf.exempt
 def api_zone_cryptokeys(server_id, zone_id):
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
@@ -1065,6 +1080,7 @@ def api_zone_cryptokeys(server_id, zone_id):
 @apikey_auth
 @apikey_can_access_domain
 @apikey_can_configure_dnssec()
+@csrf.exempt
 def api_zone_cryptokey(server_id, zone_id, cryptokey_id):
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
@@ -1075,6 +1091,7 @@ def api_zone_cryptokey(server_id, zone_id, cryptokey_id):
     methods=['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])
 @apikey_auth
 @apikey_can_access_domain
+@csrf.exempt
 def api_zone_subpath_forward(server_id, zone_id, subpath):
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
@@ -1090,6 +1107,7 @@ def api_zone_subpath_forward(server_id, zone_id, subpath):
 @callback_if_request_body_contains_key(apikey_can_configure_dnssec()(),
                                        http_methods=['PUT'],
                                        keys=['dnssec', 'nsec3param'])
+@csrf.exempt
 def api_zone_forward(server_id, zone_id):
     resp = helper.forward_request()
     if not Setting().get('bg_domain_updates'):
@@ -1127,6 +1145,7 @@ def api_zone_forward(server_id, zone_id):
 @api_bp.route('/servers/<path:subpath>', methods=['GET', 'PUT'])
 @apikey_auth
 @apikey_is_admin
+@csrf.exempt
 def api_server_sub_forward(subpath):
     resp = helper.forward_request()
     return resp.content, resp.status_code, resp.headers.items()
@@ -1135,6 +1154,7 @@ def api_server_sub_forward(subpath):
 @api_bp.route('/servers/<string:server_id>/zones', methods=['POST'])
 @apikey_auth
 @apikey_can_create_domain
+@csrf.exempt
 def api_create_zone(server_id):
     resp = helper.forward_request()
 
diff --git a/powerdnsadmin/routes/base.py b/powerdnsadmin/routes/base.py
index 48ef1c0..16ed00a 100644
--- a/powerdnsadmin/routes/base.py
+++ b/powerdnsadmin/routes/base.py
@@ -1,9 +1,13 @@
 import base64
+
 from flask import render_template, url_for, redirect, session, request, current_app
 from flask_login import LoginManager
+from flask_seasurf import SeaSurf
 
 from ..models.user import User
 
+
+csrf = SeaSurf()
 login_manager = LoginManager()
 
 
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 93823ce..3a6f55c 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -10,7 +10,7 @@ from yaml import Loader, load
 from flask import Blueprint, render_template, make_response, url_for, current_app, g, session, request, redirect, abort
 from flask_login import login_user, logout_user, login_required, current_user
 
-from .base import login_manager
+from .base import csrf, login_manager
 from ..lib import utils
 from ..decorators import dyndns_login_required
 from ..models.base import db
@@ -763,6 +763,7 @@ def resend_confirmation_email():
 
 
 @index_bp.route('/nic/checkip.html', methods=['GET', 'POST'])
+@csrf.exempt
 def dyndns_checkip():
     # This route covers the default ddclient 'web' setting for the checkip service
     return render_template('dyndns.html',
@@ -771,6 +772,7 @@ def dyndns_checkip():
 
 
 @index_bp.route('/nic/update', methods=['GET', 'POST'])
+@csrf.exempt
 @dyndns_login_required
 def dyndns_update():
     # dyndns protocol response codes in use are:
@@ -961,6 +963,7 @@ def saml_metadata():
 
 
 @index_bp.route('/saml/authorized', methods=['GET', 'POST'])
+@csrf.exempt
 def saml_authorized():
     errors = []
     if not current_app.config.get('SAML_ENABLED'):

From ae2ad6527a81adef5c4bf858fdd4f3865fb351be Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 12:53:28 +0200
Subject: [PATCH 072/203] Set csrf cookie to httponly

The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
---
 configs/docker_config.py        | 1 +
 powerdnsadmin/default_config.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/configs/docker_config.py b/configs/docker_config.py
index 6666fc2..ba0a233 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -2,6 +2,7 @@
 BIND_ADDRESS = '0.0.0.0'
 PORT = 80
 SQLALCHEMY_DATABASE_URI = 'sqlite:////data/powerdns-admin.db'
+CSRF_COOKIE_HTTPONLY = True
 
 legal_envvars = (
     'SECRET_KEY',
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index 16b8161..8737680 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -10,6 +10,7 @@ PORT = 9191
 HSTS_ENABLED = False
 OFFLINE_MODE = False
 FILESYSTEM_SESSIONS_ENABLED = False
+CSRF_COOKIE_HTTPONLY = True
 
 ### DATABASE CONFIG
 SQLA_DB_USER = 'pda'

From 1a7752444735a33e471981e5fb85a789a1cd8777 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 12:53:32 +0200
Subject: [PATCH 073/203] Allow secure cookies in docker

Setting these two options to True is recommended if (and only if) you
serve PDA via TLS. It will break things on plain-HTTP deployments.
For plain deployments these can be set in the flask config file, for
docker they have to be whitelisted to be set via env vars.
---
 configs/docker_config.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/configs/docker_config.py b/configs/docker_config.py
index ba0a233..2cc6310 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -57,7 +57,9 @@ legal_envvars = (
     'LDAP_ENABLED',
     'SAML_CERT',
     'SAML_KEY',
-    'FILESYSTEM_SESSIONS_ENABLED'
+    'FILESYSTEM_SESSIONS_ENABLED',
+    'SESSION_COOKIE_SECURE',
+    'CSRF_COOKIE_SECURE',
 )
 
 legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME')
@@ -79,7 +81,9 @@ legal_envvars_bool = (
     'SIGNUP_ENABLED',
     'LOCAL_DB_ENABLED',
     'LDAP_ENABLED',
-    'FILESYSTEM_SESSIONS_ENABLED'
+    'FILESYSTEM_SESSIONS_ENABLED',
+    'SESSION_COOKIE_SECURE',
+    'CSRF_COOKIE_SECURE',
 )
 
 # import everything from environment variables

From 52b704baeb00b43e393bb3157f8eb24a4a7955cb Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Tue, 31 May 2022 00:35:04 +0200
Subject: [PATCH 074/203] Set SameSite on cookies

Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
---
 configs/docker_config.py        | 1 +
 powerdnsadmin/default_config.py | 1 +
 requirements.txt                | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/configs/docker_config.py b/configs/docker_config.py
index 2cc6310..7285252 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -2,6 +2,7 @@
 BIND_ADDRESS = '0.0.0.0'
 PORT = 80
 SQLALCHEMY_DATABASE_URI = 'sqlite:////data/powerdns-admin.db'
+SESSION_COOKIE_SAMESITE = 'Lax'
 CSRF_COOKIE_HTTPONLY = True
 
 legal_envvars = (
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index 8737680..93b97b7 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -10,6 +10,7 @@ PORT = 9191
 HSTS_ENABLED = False
 OFFLINE_MODE = False
 FILESYSTEM_SESSIONS_ENABLED = False
+SESSION_COOKIE_SAMESITE = 'Lax'
 CSRF_COOKIE_HTTPONLY = True
 
 ### DATABASE CONFIG
diff --git a/requirements.txt b/requirements.txt
index ce24450..ec2ecbb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,7 +18,7 @@ pytz==2020.1
 cssmin==0.2.0
 jsmin==3.0.0
 Authlib==0.15
-Flask-SeaSurf==0.2.2
+Flask-SeaSurf==1.1.1
 bravado-core==5.17.0
 lima==0.5
 pytest==6.1.1

From af902f24a2b58ba9ad408217ef3f17bbdef9433b Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Thu, 19 May 2022 00:56:13 +0200
Subject: [PATCH 075/203] Update using only one api call

Starting with the very first commit, the update was always done with
two api calls: one for DELETE and one for REPLACE. It is however
perfectly valid and save to do both at once, which makes it atomic, so
no need for the rollback. Plus it only updates the serial once.
There is no point in sending the full RRset data when deleting it, the
key attributes to identify it are enough. This also make the behaviour
consistent with the api docs [0] where it says "MUST NOT be included
when changetype is set to DELETE."

[0] https://doc.powerdns.com/authoritative/http-api/zone.html#rrset
---
 powerdnsadmin/models/record.py | 97 ++++++++++++++++------------------
 1 file changed, 45 insertions(+), 52 deletions(-)

diff --git a/powerdnsadmin/models/record.py b/powerdnsadmin/models/record.py
index 112b9e3..b5e3050 100644
--- a/powerdnsadmin/models/record.py
+++ b/powerdnsadmin/models/record.py
@@ -303,10 +303,47 @@ class Record(object):
                                   data=rrsets)
         return jdata
 
+    @staticmethod
+    def to_api_payload(new_rrsets, del_rrsets):
+        """Turn the given changes into a single api payload."""
+
+        def replace_for_api(rrset):
+            """Return a modified copy of the given RRset with changetype REPLACE."""
+            if not rrset or rrset.get('changetype', None) != 'REPLACE':
+                return rrset
+            replace_copy = dict(rrset)
+            # For compatibility with some backends: Remove comments from rrset if all are blank
+            if not any((bool(c.get('content', None)) for c in replace_copy.get('comments', []))):
+                replace_copy.pop('comments', None)
+            return replace_copy
+
+        def rrset_in(needle, haystack):
+            """Return whether the given RRset (identified by name and type) is in the list."""
+            for hay in haystack:
+                if needle['name'] == hay['name'] and needle['type'] == hay['type']:
+                    return True
+            return False
+
+        def delete_for_api(rrset):
+            """Return a minified copy of the given RRset with changetype DELETE."""
+            if not rrset or rrset.get('changetype', None) != 'DELETE':
+                return rrset
+            delete_copy = dict(rrset)
+            delete_copy.pop('ttl', None)
+            delete_copy.pop('records', None)
+            delete_copy.pop('comments', None)
+            return delete_copy
+
+        replaces = [replace_for_api(r) for r in new_rrsets]
+        deletes = [delete_for_api(r) for r in del_rrsets if not rrset_in(r, replaces)]
+        return {
+            'rrsets': replaces + deletes
+        }
+
     def apply(self, domain_name, submitted_records):
         """
         Apply record changes to a domain. This function
-        will make 2 calls to the PDNS API to DELETE and
+        will make 1 call to the PDNS API to DELETE and
         REPLACE records (rrsets)
         """
         current_app.logger.debug(
@@ -315,68 +352,24 @@ class Record(object):
         # Get the list of rrsets to be added and deleted
         new_rrsets, del_rrsets = self.compare(domain_name, submitted_records)
 
-        # Remove blank comments from rrsets for compatibility with some backends
-        def remove_blank_comments(rrset):
-            if not rrset['comments']:
-                del rrset['comments']
-            elif isinstance(rrset['comments'], list):
-                # Merge all non-blank comment values into a list
-                merged_comments = [
-                    v
-                    for c in rrset['comments']
-                    for v in c.values()
-                    if v
-                ]
-                # Delete comment if all values are blank (len(merged_comments) == 0)
-                if not merged_comments:
-                    del rrset['comments']
-
-        for r in new_rrsets['rrsets']:
-            remove_blank_comments(r)
-
-        for r in del_rrsets['rrsets']:
-            remove_blank_comments(r)
+        # The history logic still needs *all* the deletes with full data to display a useful diff.
+        # So create a "minified" copy for the api call, and return the original data back up
+        api_payload = self.to_api_payload(new_rrsets['rrsets'], del_rrsets['rrsets'])
+        current_app.logger.debug(f"api payload: \n{utils.pretty_json(api_payload)}")
 
         # Submit the changes to PDNS API
         try:
-            if del_rrsets["rrsets"]:
-                result = self.apply_rrsets(domain_name, del_rrsets)
+            if api_payload["rrsets"]:
+                result = self.apply_rrsets(domain_name, api_payload)
                 if 'error' in result.keys():
                     current_app.logger.error(
-                        'Cannot apply record changes with deleting rrsets step. PDNS error: {}'
+                        'Cannot apply record changes. PDNS error: {}'
                         .format(result['error']))
                     return {
                         'status': 'error',
                         'msg': result['error'].replace("'", "")
                     }
 
-            if new_rrsets["rrsets"]:
-                result = self.apply_rrsets(domain_name, new_rrsets)
-                if 'error' in result.keys():
-                    current_app.logger.error(
-                        'Cannot apply record changes with adding rrsets step. PDNS error: {}'
-                        .format(result['error']))
-
-                    # rollback - re-add the removed record if the adding operation is failed.
-                    if del_rrsets["rrsets"]:
-                        rollback_rrsets = del_rrsets
-                        for r in del_rrsets["rrsets"]:
-                            r['changetype'] = 'REPLACE'
-                        rollback = self.apply_rrsets(domain_name, rollback_rrsets)
-                        if 'error' in rollback.keys():
-                            return dict(status='error',
-                                        msg='Failed to apply changes. Cannot rollback previous failed operation: {}'
-                                        .format(rollback['error'].replace("'", "")))
-                        else:
-                            return dict(status='error',
-                                        msg='Failed to apply changes. Rolled back previous failed operation: {}'
-                                        .format(result['error'].replace("'", "")))
-                    else:
-                        return {
-                            'status': 'error',
-                            'msg': result['error'].replace("'", "")
-                        }
-
             self.auto_ptr(domain_name, new_rrsets, del_rrsets)
             self.update_db_serial(domain_name)
             current_app.logger.info('Record was applied successfully.')

From 674704609b1c5d8c94a4db5a799b47fffaa82920 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:13 +0200
Subject: [PATCH 076/203] Always use local fonts

---
 powerdnsadmin/templates/base.html | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index 649663a..cafe8eb 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -8,13 +8,8 @@
   {% block title %}<title>{{ SITE_NAME }}</title>{% endblock %}
   <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/style.css') }}">
   <!--  Get Google Fonts we like -->
-  {% if OFFLINE_MODE %}
   <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/source_sans_pro.css') }}">
   <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/roboto_mono.css') }}">
-  {% else %}
-  <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
-  <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto+Mono:400,300,700">
-  {% endif %}
   <!-- Tell the browser to be responsive to screen width -->
   <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
   <!-- Tell Safari to not recognise telephone numbers -->

From 54b2c5918f1bf87099f95c7b9e71caa9710c82c6 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:32 +0200
Subject: [PATCH 077/203] Serve the IE8 polyfills from local

---
 package.json                          | 4 +++-
 powerdnsadmin/assets.py               | 6 ++++++
 powerdnsadmin/templates/base.html     | 5 +++--
 powerdnsadmin/templates/login.html    | 5 +++--
 powerdnsadmin/templates/register.html | 5 +++--
 5 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index 76982c8..c60b05d 100644
--- a/package.json
+++ b/package.json
@@ -10,6 +10,8 @@
     "jquery-ui-dist": "^1.12.1",
     "jquery.quicksearch": "^2.4.0",
     "jtimeout": "^3.1.0",
-    "multiselect": "^0.9.12"
+    "multiselect": "^0.9.12",
+    "html5shiv": "^3.7.3",
+    "respond.js": "^1.4.2"
   }
 }
diff --git a/powerdnsadmin/assets.py b/powerdnsadmin/assets.py
index e7c6354..136a4f2 100644
--- a/powerdnsadmin/assets.py
+++ b/powerdnsadmin/assets.py
@@ -64,9 +64,15 @@ js_main = Bundle('node_modules/jquery/dist/jquery.js',
                  filters=(ConcatFilter, 'jsmin'),
                  output='generated/main.js')
 
+js_ie8 = Bundle('node_modules/html5shiv/dist/html5shiv.js',
+                'node_modules/respond.js/dest/respond.min.js',
+                filters=(ConcatFilter, 'jsmin'),
+                output='generated/ie8.js')
+
 assets = Environment()
 assets.register('js_login', js_login)
 assets.register('js_validation', js_validation)
 assets.register('css_login', css_login)
 assets.register('js_main', js_main)
 assets.register('css_main', css_main)
+assets.register('js_ie8', js_ie8)
diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index cafe8eb..bf17995 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -20,12 +20,13 @@
 {% if SETTING.get('custom_css') %}
   <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
+  {% assets "js_ie8" -%}
   <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
   <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
   <!--[if lt IE 9]>
-  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
-  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
   <![endif]-->
+  {%- endassets %}
   {% endblock %}
 </head>
 <body class="hold-transition skin-blue sidebar-mini {% if not SETTING.get('fullscreen_layout') %}layout-boxed{% endif %}">
diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 45afd7f..65d71f1 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -15,12 +15,13 @@
 {% if SETTING.get('custom_css') %}
   <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
+  {% assets "js_ie8" -%}
   <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
   <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
   <!--[if lt IE 9]>
-  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
-  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
   <![endif]-->
+  {%- endassets %}
 </head>
 
 <body class="hold-transition login-page">
diff --git a/powerdnsadmin/templates/register.html b/powerdnsadmin/templates/register.html
index 04cb1a8..ebbff7f 100644
--- a/powerdnsadmin/templates/register.html
+++ b/powerdnsadmin/templates/register.html
@@ -12,12 +12,13 @@
   <link rel="stylesheet" href="{{ ASSET_URL }}">
   {%- endassets %}
 
+  {% assets "js_ie8" -%}
   <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
   <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
   <!--[if lt IE 9]>
-  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
-  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
   <![endif]-->
+  {%- endassets %}
 </head>
 
 <body class="hold-transition register-page">

From fee26b84ba779c22e97e0a5999e7beb758e38c9b Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:36 +0200
Subject: [PATCH 078/203] Remove IE8 polyfills

These old browsers are EOL since 2016 [0], let them finally rest in
peace.

This effectively reverts/replaces commit b8dee5d17056788c2dc9940d14308648e32186d8.

[0] https://web.archive.org/web/20160115070611/https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
---
 package.json                          | 4 +---
 powerdnsadmin/assets.py               | 6 ------
 powerdnsadmin/templates/base.html     | 7 -------
 powerdnsadmin/templates/login.html    | 7 -------
 powerdnsadmin/templates/register.html | 8 --------
 5 files changed, 1 insertion(+), 31 deletions(-)

diff --git a/package.json b/package.json
index c60b05d..76982c8 100644
--- a/package.json
+++ b/package.json
@@ -10,8 +10,6 @@
     "jquery-ui-dist": "^1.12.1",
     "jquery.quicksearch": "^2.4.0",
     "jtimeout": "^3.1.0",
-    "multiselect": "^0.9.12",
-    "html5shiv": "^3.7.3",
-    "respond.js": "^1.4.2"
+    "multiselect": "^0.9.12"
   }
 }
diff --git a/powerdnsadmin/assets.py b/powerdnsadmin/assets.py
index 136a4f2..e7c6354 100644
--- a/powerdnsadmin/assets.py
+++ b/powerdnsadmin/assets.py
@@ -64,15 +64,9 @@ js_main = Bundle('node_modules/jquery/dist/jquery.js',
                  filters=(ConcatFilter, 'jsmin'),
                  output='generated/main.js')
 
-js_ie8 = Bundle('node_modules/html5shiv/dist/html5shiv.js',
-                'node_modules/respond.js/dest/respond.min.js',
-                filters=(ConcatFilter, 'jsmin'),
-                output='generated/ie8.js')
-
 assets = Environment()
 assets.register('js_login', js_login)
 assets.register('js_validation', js_validation)
 assets.register('css_login', css_login)
 assets.register('js_main', js_main)
 assets.register('css_main', css_main)
-assets.register('js_ie8', js_ie8)
diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index bf17995..92e3a1c 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -20,13 +20,6 @@
 {% if SETTING.get('custom_css') %}
   <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
-  {% assets "js_ie8" -%}
-  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
-  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-  <!--[if lt IE 9]>
-  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
-  <![endif]-->
-  {%- endassets %}
   {% endblock %}
 </head>
 <body class="hold-transition skin-blue sidebar-mini {% if not SETTING.get('fullscreen_layout') %}layout-boxed{% endif %}">
diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 65d71f1..00f9183 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -15,13 +15,6 @@
 {% if SETTING.get('custom_css') %}
   <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
-  {% assets "js_ie8" -%}
-  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
-  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-  <!--[if lt IE 9]>
-  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
-  <![endif]-->
-  {%- endassets %}
 </head>
 
 <body class="hold-transition login-page">
diff --git a/powerdnsadmin/templates/register.html b/powerdnsadmin/templates/register.html
index ebbff7f..9a25fbb 100644
--- a/powerdnsadmin/templates/register.html
+++ b/powerdnsadmin/templates/register.html
@@ -11,14 +11,6 @@
   {% assets "css_login" -%}
   <link rel="stylesheet" href="{{ ASSET_URL }}">
   {%- endassets %}
-
-  {% assets "js_ie8" -%}
-  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
-  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-  <!--[if lt IE 9]>
-  <script type="text/javascript" src="{{ ASSET_URL }}"></script>
-  <![endif]-->
-  {%- endassets %}
 </head>
 
 <body class="hold-transition register-page">

From b795f1eadf17f9e9fa279430442ff386de59da62 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:40 +0200
Subject: [PATCH 079/203] Use the doc search directly

---
 powerdnsadmin/templates/admin_pdns_stats.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/templates/admin_pdns_stats.html b/powerdnsadmin/templates/admin_pdns_stats.html
index 7f22c4f..cd5a000 100644
--- a/powerdnsadmin/templates/admin_pdns_stats.html
+++ b/powerdnsadmin/templates/admin_pdns_stats.html
@@ -35,7 +35,7 @@
                         <tbody>
                             {% for statistic in statistics %}
                             <tr class="odd gradeX">
-                                <td><a href="https://google.com/search?q=site:doc.powerdns.com+{{ statistic['name'] }}"
+                                <td><a href="https://doc.powerdns.com/authoritative/search.html?q={{ statistic['name'] }}"
                                         target="_blank" class="btn btn-flat btn-xs blue"><i
                                             class="fa fa-search"></i></a></td>
                                 <td>{{ statistic['name'] }}</td>
@@ -70,7 +70,7 @@
                         <tbody>
                             {% for config in configs %}
                             <tr class="odd gradeX">
-                                <td><a href="https://google.com/search?q=site:doc.powerdns.com+{{ config['name'] }}"
+                                <td><a href="https://doc.powerdns.com/authoritative/search.html?q={{ config['name'] }}"
                                         target="_blank" class="btn btn-flat btn-xs blue"><i
                                             class="fa fa-search"></i></a></td>
                                 <td>{{ config['name'] }}</td>

From 607caa1a2db574a46fcd97d7e4ceeabc99a77e1a Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:46 +0200
Subject: [PATCH 080/203] Rework user image handling

Moved all the logic out of the template into a separate endpoint. This
makes it easy to extend to also support images from different sources
like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow
time-based caching in the browser, the url needs to be unique for every
user by using a query parameter.

Replaced the default/fallback user image with a new one. It is based on
the old one, but does not need css to be visible. And removed said css.

Gravatar has now its own setting named `gravatar_enabled`, which is
disabled by default.
---
 powerdnsadmin/__init__.py                  |   2 -
 powerdnsadmin/lib/utils.py                 |  13 ------
 powerdnsadmin/models/setting.py            |   3 +-
 powerdnsadmin/routes/admin.py              |  47 +++++++++++++++------
 powerdnsadmin/routes/user.py               |  37 +++++++++++++++-
 powerdnsadmin/static/custom/css/custom.css |   9 ----
 powerdnsadmin/static/img/gravatar.png      | Bin 26693 -> 0 bytes
 powerdnsadmin/static/img/user_image.png    | Bin 0 -> 2718 bytes
 powerdnsadmin/templates/base.html          |  12 ++----
 9 files changed, 75 insertions(+), 48 deletions(-)
 delete mode 100644 powerdnsadmin/static/img/gravatar.png
 create mode 100644 powerdnsadmin/static/img/user_image.png

diff --git a/powerdnsadmin/__init__.py b/powerdnsadmin/__init__.py
index c70b273..3f68a58 100755
--- a/powerdnsadmin/__init__.py
+++ b/powerdnsadmin/__init__.py
@@ -100,8 +100,6 @@ def create_app(config=None):
     app.jinja_env.filters['display_record_name'] = utils.display_record_name
     app.jinja_env.filters['display_master_name'] = utils.display_master_name
     app.jinja_env.filters['display_second_to_time'] = utils.display_time
-    app.jinja_env.filters[
-        'email_to_gravatar_url'] = utils.email_to_gravatar_url
     app.jinja_env.filters[
         'display_setting_state'] = utils.display_setting_state
     app.jinja_env.filters['pretty_domain_name'] = utils.pretty_domain_name
diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 9e7cf20..4ef5759 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -2,14 +2,12 @@ import logging
 import re
 import json
 import requests
-import hashlib
 import ipaddress
 import idna
 
 from collections.abc import Iterable
 from distutils.version import StrictVersion
 from urllib.parse import urlparse
-from datetime import datetime, timedelta
 
 
 def auth_from_url(url):
@@ -186,17 +184,6 @@ def pdns_api_extended_uri(version):
         return ""
 
 
-def email_to_gravatar_url(email="", size=100):
-    """
-    AD doesn't necessarily have email
-    """
-    if email is None:
-        email = ""
-
-    hash_string = hashlib.md5(email.encode('utf-8')).hexdigest()
-    return "https://s.gravatar.com/avatar/{0}?s={1}".format(hash_string, size)
-
-
 def display_setting_state(value):
     if value == 1:
         return "ON"
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index 51e78e5..a4016bf 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -193,7 +193,8 @@ class Setting(db.Model):
         'otp_force': False,
         'max_history_records': 1000,
         'deny_domain_override': False,
-        'account_name_extra_chars': False
+        'account_name_extra_chars': False,
+        'gravatar_enabled': False,
     }
 
     def __init__(self, id=None, name=None, value=None):
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index c5f28d1..9474503 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1259,20 +1259,41 @@ def history_table():    # ajax call data
 @login_required
 @operator_role_required
 def setting_basic():
-    if request.method == 'GET':
-        settings = [
-            'maintenance', 'fullscreen_layout', 'record_helper',
-            'login_ldap_first', 'default_record_table_size',
-            'default_domain_table_size', 'auto_ptr', 'record_quick_edit',
-            'pretty_ipv6_ptr', 'dnssec_admins_only',
-            'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
-            'session_timeout', 'warn_session_timeout', 'ttl_options',
-            'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-            'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force',
-            'deny_domain_override', 'enforce_api_ttl', 'account_name_extra_chars'
-        ]
+    settings = [
+        'account_name_extra_chars',
+        'allow_user_create_domain',
+        'allow_user_remove_domain',
+        'allow_user_view_history',
+        'auto_ptr',
+        'bg_domain_updates',
+        'custom_css',
+        'default_domain_table_size',
+        'default_record_table_size',
+        'delete_sso_accounts',
+        'deny_domain_override',
+        'dnssec_admins_only',
+        'enable_api_rr_history',
+        'enforce_api_ttl',
+        'fullscreen_layout',
+        'gravatar_enabled',
+        'login_ldap_first',
+        'maintenance',
+        'max_history_records',
+        'otp_field_enabled',
+        'otp_force',
+        'pdns_api_timeout',
+        'pretty_ipv6_ptr',
+        'record_helper',
+        'record_quick_edit',
+        'session_timeout',
+        'site_name',
+        'ttl_options',
+        'verify_ssl_connections',
+        'verify_user_email',
+        'warn_session_timeout',
+    ]
 
-        return render_template('admin_setting_basic.html', settings=settings)
+    return render_template('admin_setting_basic.html', settings=settings)
 
 
 @admin_bp.route('/setting/basic/<path:setting>/edit', methods=['POST'])
diff --git a/powerdnsadmin/routes/user.py b/powerdnsadmin/routes/user.py
index f411c29..709156f 100644
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@@ -1,5 +1,8 @@
 import datetime
-from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, current_app
+import hashlib
+
+from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, \
+    current_app, after_this_request, abort
 from flask_login import current_user, login_required, login_manager
 
 from ..models.user import User, Anonymous
@@ -96,4 +99,34 @@ def qrcode():
         'Cache-Control': 'no-cache, no-store, must-revalidate',
         'Pragma': 'no-cache',
         'Expires': '0'
-    }
\ No newline at end of file
+    }
+
+
+@user_bp.route('/image', methods=['GET'])
+@login_required
+def image():
+    """Returns the user profile image or avatar."""
+
+    @after_this_request
+    def add_cache_headers(response_):
+        """When the response is ok, add cache headers."""
+        if 200 <= response_.status_code <= 399:
+            response_.cache_control.private = True
+            response_.cache_control.max_age = int(datetime.timedelta(days=1).total_seconds())
+        return response_
+
+    # To prevent "cache poisoning", the username query parameter is required
+    if request.args.get('username', None) != current_user.username:
+        abort(400)
+
+    setting = Setting()
+
+    email = current_user.email
+    if email and setting.get('gravatar_enabled'):
+        hash_ = hashlib.md5(email.encode('utf-8')).hexdigest()
+        url = f'https://s.gravatar.com/avatar/{hash_}?s=100'
+        current_app.logger.debug('Redirect user image request to gravatar')
+        return redirect(url, 307)
+
+    # Fallback to the local default image
+    return current_app.send_static_file('img/user_image.png')
diff --git a/powerdnsadmin/static/custom/css/custom.css b/powerdnsadmin/static/custom/css/custom.css
index f5dcb34..1cd3728 100644
--- a/powerdnsadmin/static/custom/css/custom.css
+++ b/powerdnsadmin/static/custom/css/custom.css
@@ -42,15 +42,6 @@ table td {
     background-position: center;
 }
 
-.navbar-nav>.user-menu>.dropdown-menu>li.user-header>img.img-circle.offline {
-    filter: brightness(0);
-    border-color: black;
-}
-
-.navbar-nav>.user-menu .user-image.offline {
-    filter: brightness(0);
-}
-
 .search-input {
     width: 100%;
 }
\ No newline at end of file
diff --git a/powerdnsadmin/static/img/gravatar.png b/powerdnsadmin/static/img/gravatar.png
deleted file mode 100644
index 83602867a01f97bef0586e5ed18f6243c3ac1974..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 26693
zcmdp7g;P}T*S|}5N_TflNJxW%q?9xw-QBQ&w1m>#wRD4|BGL`gozfv)@8vu5`zPL=
zVRo5$>YjU^6QA=r5vt1am}sPE003aVeIug|0C3<>H~<9+{QBoPbqjtWxJbR#Kmk9#
zD4)W?|4|*^d~g8(bo}Q(2#}UR3;@)?TNz0W&y0g5uM`8#M1d2J3K30BbxG79j6fi*
zAe7ruqd=BSR)Snj@~gX?+7yzyCS+=~RwkqX2JOpH%Lvnw(AE3o_){yxluvU>AukR=
z6-g2$buY{3Sa*f$2ccD9!DWZr(aB?0nEc~O`MG-2UWVJ%oP`54{QvW(q~`5BB-|32
z-RQk#cKJx<Cmy{(1M<cwA$O-<Tc<h1E>5HsSq<S|YS4T@a(NM5b+f0PI!F`>2fe4$
z#0MBW=sDGcXw<&qAutHx5hX18MoAqZJ9b8`aCJRYdP?M6kvRq^-#>DY9Y8QH7_A;G
z!!3KOA=EIYe2@Aaw{HEEBR0-ExDGC;pGoau0D;O|k@a{_oKQDaBXna9YMZ48_c!Kt
zwKdgP(s#;56mj8=Ch!soL8*f?q80j_RI73D5OE;X;`@L<nyA>JZNn#X5A;tQ2sS{A
ztg+w@z0Y9LBjQzYW^~E)^QMIaY%VQfBHP_t0D<@z6n@n`2X>U@Uhn;}TD<#$kf3vp
zT2T5S=`8e4%XIfdVSX+=jercu3peL9I<GI#e<Xq!uEr6eIC4KemS?(u{?H#tCi@S`
zqm!m8)yS~`%1kK$$h_a;yfN#s2){)qzlFoSBa+xDrYI{-t#ZD`Wc3a%d&sMA-Vq4*
zoUaKd#Rb=<81p|G_DS6~L^{oXx5<s@t|aoFjjy{McKr&vufaQGdzk)IT+fHgj|Q%-
z@~LM)f1&$u)Z+&aw>T0EeKJNyrOT1;R~2sebiCft9l;I`j@WB(WbC+;q0^Q1bWG?j
z548QoSmwlt%zI-`lt`-ZjlFl3&WGERSj~cmZ)7e$V*<F)%kgO+t+MG2z$dtb@|!zl
z<fut!(4b%)NsI5``cdoTh;)L005DbipCFvo{WH5)m}7{f5(BU+x`vcCi&<}n$u|``
zK1ftV5{X)K?5tcTNHKVnN3^L88^KM#oBzrzYp#j^V1jhL{i)%EBBSLgw4M%Ei3nWt
zp7Z>jzu)N_+yJ5+F65QL;sDOTyDRG3mWkhp;=kf_<^#j6BQOE}ivP~oev5^ytZsZ<
zf3CX0-Q-5=Y^Ak@p1~zC90?9d9u$r5tn*B0ZX+|VTE!7Z<SCOnHNx?2d|A8`CS(Y+
zlBbOf0mp^>w^YTgvPVWi<SVP4+-=h?Z>P?erney#7OoGk4n<{hX8~2|K@L4PXvqb-
zBOKIr-phKV+`7vT=GjGo9o`3zB}yHGtbYP+7GDiQu4l#8nqrjw8or~D_sx<w)$(`z
z@bn0ta|?pYHa!3pIUdT_9~telW!KR>OL7=&^;#~}ca(l@GjC23024BA?K`l0ikgEP
za=)6RO|c7|LpzwqqvH&%Eeq&2kQ;zsGPUZZNn-_t<+)hMt?OGuf~2ukQokXi#WS1f
z_<@Obe^sYA(v90F3|5uCc$+LfbGYXoJY%t7e)OG5WBVuf4AhT0W&g;9=CwAakDy7g
zBc@EKVieJRf)Ac*K6s&`O+me~@BXs!Vi~*VhgC1CMxZJGFMGE>;?<_e?cWMM!+I<A
zqp8SMqlE7BrVdTcT-4}2W;6)sCIX$OWbk+GlA(iS$9L{a0+uqdKaik%E3&41=X(F>
zwKJCE>TWQxN$v$<&HbxQKWm$k(7%%wkFXU|RB(ber%zJ>op&t6zIN;vw)*ussS~QX
ziyl+lIevn8Y+$fJac0<VL^UMmmfu_6XIUT{t}2TK)>=Se(F$IuL?hG_MUOkP+ENRG
z6_ypr;L4WFNCVxk(gydcPU0_M=Mymv?HJ7}7(4Xo3*y1KeoUYq{~LW?uFh8}SG6+Z
zlR1_8^wMO^IX$cWbps&o@`DTA?B06=xs~dThz4KUt6J-11o!YRY`4{rkN$7k#f7=+
z#7p~n71Qt0iT9Kyz~wA$ff9cV!)y-Mqg%pYj6dh9PmMD_965efDLJ=fuTFVk7iX3-
zWcn;9-@N<F;3z(z8B=+@LZX-MM3J`WdOY(=9=eA}1}LnUW%XC+T_9;bF+(kiD0ZG|
z-%3<@T)UO*HS~W&v=Q299cfm445~q7wuo`Q9)~^BN-RvoTm;Nn2V*1&x*Lu3N<ClE
z1lZ5MUuqI=2xH6jb@y}&t8vF&TW2yBj|hG~4oV`phfuq7`55T6)5lBek`V=w3Gp*M
z<6Sn6zc*_0Z%f>2AUPVF$uZ*ZU+hS35?EQ>w8}62JD;O+O7f4_=_ra*fyw`|;yW?W
zX{f6Iv}R|8ocpI630gFB#$SiFH4tVZgc+$n?*uHY#vH?WlQ`UR<h)J~L^#?>d?y~k
z_g$cfB2*Wd3`nC4t_&GjU%+sVfom<I=pFJ$NgPdfX*oVATFFD2Y1}fm_rq*Fq&odp
zzmYPxl=>y>)s5rKjF33A2%ZdpwKRT>kfxYcf!rRvbP+vM_(KF8B2t7$|5KD2vZuJ#
zHhq_?>lYT$ZjkF!klGWt@@Y|JNqFo${iTcQxhcE^|Kv^o`hohgJmT4(7p5A(6Bm*1
z>(og<gGtUhMJMo84v#J#GCO4;%(6}DTXY4EGHne2Bf_gc>UmXN!1<>wiuMJb<T9M^
zY?@b~KEEE;^(${%hKng29Y{$^YTVe#e7t2Z46xe7msU*MxJY(8c%#qXKhIQah^<_n
zgiR~vcxtjjhU^K($NPOR(|sFN)G#XT*j(+s@bw9$$KsVyI(hTY9yy{~kCk`sr@nx;
zh#ZvIhmB(?f<g7P4}O?KqimS2PbpFVRF#?)O<bqHBI%XK(G@@3hlb@WYwztp(gyUh
zAPE33*gIYCQ&pcb!aFQ=Rcy7KSIe>z(FdY@eivUXPE9!H<D>UHxI&Z>;<86v(${*^
zhTB@}Js%Gzy$r2i+X9w*NCxM8+L@f{57#fbTGNQ{>*iotbr)YM#Z@-EA|53d`YK$8
z_$(qe3akufe%h9mWhB}jbi`F*OlW|r#9~Ed&~8zv`*2p@A#TUqx~iVI_bUDY{WzoX
z98WBwaqZOa-3d)#8-;}X_Ys@znXOfah1!CvtiQrc{MZ6OefJsNMip-SsC3Qw%goyK
z6E4^WemuO`e(~Q78If}CHfy6WKb^&8VS_51?{g2Tem)Z`e$%cQv1y==&HHx?4)^&S
ziK=;B)n|;B@4<|4XX;uUvH8FK+@0lHJb98iae(f*W=xtS(~~hFbJtrAf>TMUz^R-q
zg*_HlzdIni_g2DN{8^=!48>d-DMjbFvdLtemr{-$aPsd4Q7Q0?rtt^-&>gap&ef#B
z_p4$%#xGts%fy+TlJr(N1~u%80bXoo>Rw-F@`u4$K0X&wom$CAdMF>`kr3b9R6_<n
z!ry1>)+;F7=<?&j1~Ak*cOiL1`(bSLCy7AFORZ&lhc3-N*!1QeLrfMb$(*Hre%@lF
zIl$=f`!BM%#<`1{^hbD!Ck^|5f8f=o*)+{MNwZ;a-93e0{4o6511e5i!qo*`K238n
zRQYQxt?*&uBR(0&%p@Uy@3r=&w3e_1cAxs9zhst#j!HJPC++ZD?aT5O(?6hVO`nO%
zTrhhqd&Z{d({`cT_`-&_A7joWM$PzNWAhUW0RKGLw6@X6ghO+M8h%@N<JkKZK4x(_
zy?t+O^?bQCnIO|<&?Ak7_!~>B4L^&IU^rzrDjgk!2|%t_GDkV_SF6*q`c5lsE1g+A
zcIj?gW6mR6waffzWDK<j&r|L$yb@NLy;gJXti33$F>C=8yTQoODwsj;n3%O27T+RE
z&=n*6(n{6zt8h{S|GDcj3jZ3|(T6e@;(Jb_0E5D+tEL8FWd2aA4>>`5+V-CgWVG+=
z%>@JakWWf$6|o&2WmMQdOq?${)2tj;D^lJpL@3kvn8B_;*nhgmY$#EQ4yFSt1`N*V
zdaxt<<{E@US}F!TFIO0o*{@|QMkJ@o=R<pqbO>%>a6U78<ly`Kd#wArMW`YIQ-V#m
zhBrB&d4rGEQ@%oZ&EDwk*$wuyCjbY^C>`IEWviELb0KXifvbvW(Wf8zi8CQLg0W-8
z_Tqy3fSIE9l&zI|w=|<auhA>oNTw#+b*0F?;#}b}!i!-iySYuzjPZsV!i&<^H4sZ0
zJG!P3r@m?E<)6Hc7NcxjAGW4FhDe8nr0%n6(vDJ>c!g~Oy}RwFQn`!Lk!pw~Zp+ux
zV3S8b%_T8!C+WE!@dVpF%B}eg8GhGPi?e;Er0`W!ptfd^?4DC+duxjU-9Ew~eGi)q
zN~o$M;E$lu0dFjKFu&c1RaC{6J^mnGV}m~~o=idEQ>k%*ra2U0v?TD8uZk7Z_2H$z
z9gN8rv$}sPjL8r+@i?DRFhE~VOEg_DAn&i{-~9)>+&I5R5`Xf}@9t8tna!|Xn@&{X
z!bmzmiCvKQ5h=tMlb@LN^W9vb-}f-bHjVrl#=Jw9R0}kZ7o$j<<+}}-W}|(mZ;fV}
z@@I;^cOm7xB?#?Z#`;kRm80CM!NhuKD(Jj}HM>Pv!p;UGdn4zQA%|b|=HBTq3%nXT
zpKf+5r3B?674mic4$yzmUOiXQx7twHu`DiEr6ePHrpUCd_`3>WjH01Bl`i-y>DF6Y
zrb4lFgB;2jPeo!Bq`P=;vcmp$>!$4nf4X?{OXYN-fDa{<Ess!(pxK{MTwR~MfwM4%
z4jBGvfR^7A3wQRFbn12M)QVW&mQ)03SB_0?-Sw&N5V~Wp@x+RoKo#O}Af`k-^OrB!
z)2rJ?kWGWa$4V~QN<|rdEn=1|gt}1)e*C&h5v2IQqu8GEw||Y{#}GgZsfbYf(q3}`
z=-XF#5aah84i7JqHu-S+ro;f($2q6<9}~PmK99}BKU4UzRcoHLQRv0G`#at-y)Pe<
z!;6gUT|d&m9v^n2kXkyMUXGoomhfBYf_h~f@-?Cf^4L=%yQFQtXw+i%_E=19A5YDC
zK3Vy|WL;a*$+14qoRijJi!CTR3R5C@zOgShfNsy{F{VuMO-yf>WP1KIecr9(`0UUk
zVT+VzOr-YI5QB>-5xVs|TYyy6-*Y{Y)}LX$^29^dDnBzkcbWd95-p5raOMTt)}}Zh
zCZMY%J;(Q$R#3IGX9*t4kphbJ9#p~4;YNYsf&pOxE%m3%_@3uX*3Mu&nJDnM<w@K@
zSy4pGbhN_xMVXwkf>8-Q26!2_*mwN{?dBD&{lP}H;<soqs#Spw8IDh&t<Jx;QuFd?
z%WE8Gzk{=9SQMHCUWPY*)!Wff^3R90%Cn2;@9hf*M|tBkP<ya^c_B}YXBQ$KypouB
zK=XX3ShSR26tCed5q6dv<E1NOyv{vV=|FX8;Kt>;@VJ7fv{R!BIWU{vyQ*=eJu8yY
zK(__<mLd~d^c!6fbJ}YZzTbT-=u98<!fOx)XIx<j<2cM2_XNJW807Z!ySM9O0fYXF
zA%in)4_~=Jy7k0g#=K*E<Ykn&{2icfFP6|jg7VM#+}nwde24UVXMw4jd&|>c(C+;D
z*8MhMW)62BS1q3T!Y$y%(M}JHiS>9SmJs>lbpG{h=5*;|-)schgKoL^(Y5Qu%EfD}
zJN)qt=j8joU&XSH&gI{>A48uFe$AemC^@7=`q=<$?-G5Sc4?}jPyfC=nl6qjMuV#&
z;Fh@_V`=ny>Va);yk_S&O#ZYQQo=_u_&du`vlUL_wR%6>H>ChCrj>K1yhC34B-`&-
zhtLO$1aBCk)6M0VwRHDr_1L^MI;eN;M>EdOnvGsKa>Bx_jlBs*ktDWz+;J>DF!WSp
zT~Yfn&NGmDcd?~(MG=wP&Bn8*CKLlqef=34v*sxnVDv%CSrjzvFBzWoVc}4S*#3)}
zvMd(Y(BfeRaRW0JI5r|B{t-hbn@{Ak-YuS5$z>tFkH)WnipW<ydo9<eZ;eK`c&ybx
z_vS_|=)E7Pn`k82Al8;<=h&OuFX6z`Mu>|WN0zBmV)%fV!=rV*V7oWU#&tvzs~QD&
zf-5mE*XtfS81TF0CLgZX#tVGhlmS13rl0>VxXa|21*Mf9@j*p-|5^716jLG%$pF35
z=>2X7&j1)cO-LN8e4L`C^{$`zc0?s{A@+4ZtS+ap%6QBRTLCxVnq^>={SxB&A>reZ
zg$kByz$*m~+Pr|gsTDt##nEW>cc(C4i&J<t>+u9fEC~f?#i&vBA62=1A=-5gpy68n
z72+RWvJLK-iN6AOa*HyJ$LFW))gPosJC#TA3yB&N43?PRTwXy(uq(~nZQinuK3`xu
z`h0We$7mI+rk`+p`$4<@+p}+1GvQp*?${y1vKmWYg;do~!^oXGyN=<jDPc`f+K)nW
zGd@J=inqu_(ZlTT_8b6L`4TPm{vp}j1s|Kwy7ln0Kmm29t#3$4n@HO?JE*Z*Y1LKi
zT0==LN9OL3#l0+CKn(=ByFihkRTlP`^TR=_@0i?Onr7U{_TKmk{;T!--~q186t2|0
z<Bx45#z#cS$ll9TbVPRI0>C7DXSruNbLAJc!9Z=shb3*$cww54HB`9VtA@2rVakUO
zxIo^mJnkQ{(KLVGbJr~F^k9%j(Z#Q_h>phWdT9+ttHqjSO%gROjyzX&itu7o5jat#
zZ%kYdNF4pjAP!o_+4biD^v56AV3Vkg(OYFBp|9?gX@((dr!Lga=9UzKt>WnHn{ein
zVVGU6B(B55Dc6ClhIqOI<TFWEf4vc7l8KKu)!WJR=hRZho$|U@7+J%>TrZ+|4Qco~
zvOnyBms5I)7O84<+x)=YF2N@K#%*hOsn_wm_U{iQ<Fw5%rdt_b`udob3O2T^=#J&i
z-+i)fwl`@XZVJu}iP*Jra^2PWX0s8!O}?@CAr({ItIm6sH2w$LsF$AI5f37Y+}9U$
zT6lfY|MzPaco%#>acZIP+W}I~Q4*JH8zVhn;rgUfV5t!cYBFbY23mYT*g6Y{2bhwP
z3#V<?4m$0%g-t3;H^hVf-v0Lm5lUv%$3}vakU|D@hp6~3l-NXYum(x(k^s)@ZS1Zd
z@n7iy_<CS8M3uG6CiDk#_Vst?4LtOSzN`0aYxDA_<LL_wLvcTR0xMn3TknAVlUO7o
zbvwafU&5pNAYD^iz`A^_Wse@$PtB6TrStXNlo%-;{&e=wlV6>L0`80ThdgQtnA&@h
z5*E^qPPr~k>FC|~PigLyu;@?6M=nc_(v}p6hWf-D9b$5f-o6Lb)|Lz9PtLfox*#+X
zO1uh6?zzsBkvHQd%B~sOi|y90;rh}iMtCz9PeWwvpe`TMRMzezT9~yRVw{!+KaIDW
zIbAJ%%^Np$M99%v>;dz*peGa{<+{J^Mlk!ncD+Wk+p}!x9wLEo+^5N-MVu<cddU7l
z`|rO>w{Kss5Q)@93w1Bh>16VHf8at%`!Qpws%TfxDmK6X5y^Yy`N<;2Mdr^RPr@ZY
z7*s)wyEkOZ*By8UOEN=fosvOu?W?|`X--%JA%UZ(FSt>UxblE?&Ut*#91iM{K4zmp
z|4xgZ7Jh$rfQ@$U?TLfu`I88NZ%$l-19OHrk05xOi11|Reio!fT-^Z^qK$j9bYm&o
z2NQTz_`<eWq|PS0ZIZ!`)GB5E*yra_Pg;?7GnxOe7t=?p@eqJUxA7yYUo}(cVKt05
zsOfW(+Vs--)}rH=H~(U10hvFIw$q&`^qzgoGF)l;wW~xtylS^+-5XDw)eh1PVu$Q*
z2c=MbJ>t~xYBj>?;Qo%IC-+spTsN7Ef`i>z7t>F9ou=?OlR0HJ44#N=e2X6hZdAX#
zNvM^a`FV0(63!mRy0a+S!oJFeHW-<`>a#jbQ~F}$<!rX}e#w3@_imeo>@V@^aPW}F
zz~*_bTQi$hJhA?Q*6!l18PHqo?BC4@G)X=PNPziNW{W6&^)Q?*VV^m!Akk=xRamLG
zCQWOXAD7T&;H|F&5wQD)t|L7_Aa%hH?W)bvx5gdw#Z}Wgtbe}za*QA0aYjMF!+C3f
zDk%Fwq(hT**Wa{2BOwVymqWr9sy_Fz740V=>9NIRN9|*BUPgU-KMGq_(tHLwAFh4B
z4!JBH%5n-x(fG(l-WMz$vh}|fJ2u82yGElk)rRx7eS^u@+PWC%<r#2Xq|>5HlDze$
zK(*4Bc#W)4G-X&*d8<_w^N4r!#Zk&NDZ-@VdDFCG%Mf*P;+@ZLnsv27Dz0e+=8p^F
zMnSEcp}p7|UuRMVBVe9#Q|Dr#;T;SC^5gN60mvTVHnzIMZ7T)0-{Kn7G~BL!5@u+^
zU5CGfiveWfjD#QG;gW>W5^43XeAqj_k;>3Wh?JbUA6nm$-L&HuRa}p$YPpu(>NrZz
zTlv?N+**&RLjE!G3he|5xY5lVSS3ol`~D=>@T3))$1VCu8SX1w68-^oPT#}o^nQV^
z$NEEtDsCY22zvWX`rSog#}U`>0T~v@<i(-&Vr%zv!Fz&}ShKpsb}-cSNV@Z}e|Hhe
zydJOkJs|O)M<;`6BR2UUWvT~Grqpsa70a2PQ81g`-lOe_Aq0k~^UBl4Z5>6T8cg%Y
z9oreJ-}U68$3G&L<$cZru`L1>{GJ<rW`n@HVui%LUZ+10>_0jFFZn_p=J_QbyIDQC
ztWUzn-zl?m{k@et`2Nz*xx2@Zpp|5-iz~-prnGaX*GavBQ2?L;-=@jKuVI{j2-7_5
zTpWL2bEvZ_NSe5=J8G1Pf3{|{H@oYQCSrP6vRVIAQL*T?A@<QZ0^s_hJ6m2r%QgQD
zNR_x*>28HZCHFNlI_+TyCJT6oMY%{9#l!+|n|~_2r9Y=X87Y$7=@h(42x@fcy>u`0
zXWJWIsYZ=!O1||roU;@R0GPq>Lq))y0&DdFXp~_q*DVP*dS!ZDG=|!gkmvha1Z6ff
zhc*)aye_gT>P0C-4I~BjW4{iHjW~mg;jB1?B;YOIYT;BE{+dJUEwVqn1~%)3hhJ$f
zQ#)ov;%zIJd(%!A4`o@o)YTi&JAVD`ukw19-))86mW{|s?|bB7*TezXMKPFNF9?J^
z{1i{vRAVA0$~o9*W%FKa+HP>?jK*k=4s$9AH<4@U)}A!#@J}XT{3BFMZxkhp88n^N
zm`>iFQDKkJj4d*%9p~ijrV5TMVYk#XvTZr6H(eu#mOi77Y}$XAt36aHYLXLgy{n=V
zB8xsOSf0urU0aoVV?C)(%=jrw2kZyX9;t&imkjSOg}wBg@hAt^-*y%Su{8IauQl4J
z|5|DIhwd-Wl=X;KH)XfLdxa<u6y?NeER*=2BUi2scLris9+U_NCHpP^e)nr7<KLBU
zt(C)LS0l$q<nQ7KCqnp!1g|uG34%@e^#Y*QY=8G}vLNDUrMawk1Ol#Y9O?y0Kaq^(
z!9}>6u#u;^%e;%`iCAz8bH?T#oe(c$)f8n`UeC>(HxM_FN=~fQk;h>FDlKZiQT`kI
zKB_1)T>2A_u_WJ((gPi6wFud?%8cQwgU|RZ+O#!2uuIoq|Aia4Z1_r5jb=SN-L!sD
zZfy>=Rd;M^*8Fi35?8WVv1iN@L*nYh6lH(E{n8NG>ZsIP;<vOz4mn87ZV6d<b4)D&
zh^*(;q@L`h25PeArN+wlOHYm(=sQY&sqkCk(IMUKpqDF`OZexOy%BTrwi<@m>}=L7
zXa2~Of@pWW$w~EVbwI<t(pJM3aF_6p%A$w0ex7o?CTa<F+Zc#_M~?o(B^bTMDA9J$
z`cO{wSG>~YG1fi1RD(8=91~WoYM6Rl#`rlh5$gQ5HbE<au*fnc+j}<fG26Auhg#PE
z<&cKf3cto>!BuJkRdk*5{)WWXu2kI*U7H)8dn*0Y@Un52-;ahiVGNIsxv3obcrg*z
z7hOX{E(XxUUL<3YErB5+PS@>Dbk0oj-49gHqLSLFbO;;>>f$A!cF}LI`YWE<$o{uo
zzGs=#@NIS`6-9uVCxwFavrVEvna5Gmyc}Hl;A>a@ZWvVQOGl!Ru#uO_ywhh)`J1_a
zn|zgiKu;2>mgEN>3_4@uN=g$zZFKwGsl`%6wZ$y4@lAglA7GW_*GIY*srH)%Y{Pz9
zp7yAcldE^HW-obf2YU1j$V`@1sJ{lGrjRM_+4+g03X9%>Dcf)FO2x0$pzEuki)Z*s
zJN}X_bGc!pduGN{dBF?cNif%1-4<vJCP9KjPpH)tV^Swq2-JM=%jMT_L<=SCSs*T+
z%kV#u-XpwC!px}^k|I@zP`JS7MyS}^u{W7HApC)}`gSv^LRdmG2Ca0hOS>s+{9;EZ
z)zW(_i7=Z17WR3HdsSZl=CnUi;KG;0ya_4E>w|xR5SIdVn)@?e>w1yn1_AuM{5{J>
zl=HTGz~#a<g0v6L%k^>S&<mw`g&6APkO*G~<Pcy)w9wiXDgkf-@?V4!u!uy&o5Pv4
z!+r5Gm`@Sr<+YEk3=NQ}MW#u&n;S*P9%?;HEp;<p2H&HTJm70A6zl$kW+&XW-spS#
zv?!W*-kX<jW>};0E$S^>4U*gAOg>3rnf{Lp(CkdtL&fU&D*>H&AeH@cuD1E^D7+>O
zO&-XSn1&t8bPZDhQ+_W&VM*!<+`;0~#eovC8UI;aT29(-8U~FTJrikUA|z{LRzmkf
zjZM~Ved1lzYKW(3ve$14Cd6s()`pj34;ybHm=QTI_u@8&PkPk@MlWj4>LdG=D3V1E
z0^>+4g<fk>rui54h|NHlL#G_CJWR&CvVF+!e~8B1XZGZ4@GzBxn~&J+9U7!Bt<DQb
z1T#V-Z<DV@xDmmEHX6NUJUtJ2)Q|mOxf5ntTCA&cDTR{VMX4QF^6$tg+gU&q%L#S<
z!vNGrp=BuG*MRgSm$=Pf6y%+s3ohTN2CGp_a!G@Z=Fi4AS_g{)rcFCCk<u*8c6-;}
z*SzDu4dAGd$)Evwey$f;+&;2zFr7My!DtfHLKbc>&DpiH_neO}-L@DE1k=`HY54U;
zEfK=h1?rCrggCL-Xsh;ws)*}DeCj^JpQvb5oVk~T+A^#4Z^5#o2*cIajwGeSXjgrn
zXk_%KJBiePG8hxSnhvo=%0^$LXVxoSx2rjOi7x=ex}{p^ZyK1$9{8lIh^#IP1u_%l
zn~IbT_|q^f-Xqtn*Ryv|(}YFc&|<`Fnf8F!?2!NUgZ~>$qK!{o0YTz%y?s?&lq4Pd
z+4`hx*oFD3i54N`4qbj*!(vUp1}0$&=}nKkmLGJcrS8}<Z`oP=a%VI`j`VgjR&~k2
zQsgR+jOgw{XX*pXbA_i|6x2vB_rBA;YX^*oo`K2QP(nMWhC~{MAu&rjE(N37zgadz
z?5>hj%1FK#;NjgzI8;Kc#x}(XZs1~)<90MPkP%R<0sZ@Joe#R1tw{U;)^T)Vh&r#U
zr>thj3ytoBM4b+Etqche%InI1QF}|u?EIe7c)M?ph*mByAtlW23Bz+YRNx;<$P%#*
z2>0>fV7E5H2<N{!kNq?p4h1Kr^pOR}Ap2_wx7!#L2qh4DsOgN+s($M~xe1_$3FA7q
zbq6!LsQWQrTs)3125U{bo(h6;zyMX{<MtW9%KP)`x3sL;u`j|VTz@EuNH*Z8nkfFQ
zN8HcfvU1Whv5|_=?laV>ao(fz(GdRyUsdD%0?hSd@QY4sAf7U>SUNcmmI4-3N47ff
zxo`^^vg;2Co!e4Zy0-%8bQjO5p&T>}^OW{0bn2uEY9GuEP-lNb@#cc|ZSoPV9c=;1
zwUeB+01w|}wkLk%;oC{+7$VQriNb%_jr{Ke&{$0Hgo}gsq*j*oAgH?J1Hfw}PXsam
zI8<c1#OX!vhV7a;O{mVpwk7F+yt8DT50+$2U6~L_2mCVqB93c?=4_OOzN6yUif5fM
zJdl%CvysF4zRH;Fo6=>sX9Tkn>~X3ZZDeh`Pv#;nXXA(FYMN|q%f|QWUI3P;aCvcx
z$Itnw20#(9o}@d1LA+6mTp{%>!=_^x(xHj+DQefSaazw<M?CjKRUDo@%J*%-s3ZqK
zc!ceU^7aspGg&@T+D!tQW3If)_t7j@i2Q87o=;U23;X*v+JVu3Nw$s`spg;{Fb$)i
z&<gB+8vebi*B#S4r1N1n;DKh>5?fCZx~F(z3TT#U3~+R6x`Jb&9qgNySWkjfxL(}5
zo=`gA>#KvuxD8F5ml1J$@4oZ`n&kLw%K6rZNX9(_<iBDtU_aKLicGg91<@hGre?Wz
zzvwML7D+ymvY}6hjr9Uh@{mDM<HO|NGZUB+&r}g)*J2hT?u9g4>nEpQZ#0l=Q}xGe
zeC>VFsXMB(t!Q{U(&j$lu{@!ezc=!ct#MiS9<d|$Wy(?aJH!!{432mF={G2nnln|u
zSz(K1G4AxUn3%lp=$xb*qEH=9(sb16ID^GTThX#85a>2v%^5DbJ&(hytau>KDI^0@
zko~S{{q4$`HRNNGVWmhFqREP%vUQwv4gA?Iu~?1$k(15smDlk+F~Qn(Majcr`c=^0
z&m3A!Gx)Ir1eEz9c^I#tGG5Rs2~C*Zs>R!jK|VrH%s&=jkriF{w)Ja+Exd6WdfJ0S
z*X^hNpd5pNl9<#AtXKK~n8f5uVnU^~dK9EC3Vppj#)pFB_F-wLz65Pf;4I)Y$3vpW
zi6e|4J>^r7Jt^Zd0h_`gANt*g$U2Cn7A+^K5Z?X>QchuWR0KJp7W|B?g7n234$C!S
zh(~smtPD0vS&l7`mg+gyF#8KD*r&^oJGzX43<{>rd@pACb7UB5eyZdl=6#Qsyxfl4
zKy=1IYJn(K4~oJ|s=SF%cRwrAaVmMFe|sShozsZb-lYsd*J{|LYfWmCh`2?Uit*^K
za@u|*`?!^RTjzG#CQjyPBoRS!14h$d2uozQW@1O>y9Of7{Y8|;uXDq{mMmwubp>PH
zGZuVKL0rNo)l?J!IB&UVdZWC@T8pOu8S-tx&;&=f*GMSz-%xc+WDzB^Y50*&t1p0|
z&zKTrIG^2oux`xC*)=*fP8O;+{M5?XD+ZQ=NdY29qAtSKBgvUhkXfKU$WBjU?>>&y
zi<yhHLgF7$Afh2L)0=%fY@0s>1Lp0Bn+5k}IdDOgUt$i)S(LjiTac((l7mB^AbRbk
z0g_`QpQeZv67Q=_2v1<eVq`nZ0vGL!x=XvWBY{zF4Dl^P$N5{i-y5FGenTg{;5IYT
zrdw7oIA(y)SQkQ_YV|RES1UlGUa_GBfA(7;G;Y}&>)EpJ_SYQBnSvL?A4_t>byiKG
z)%|PHC0nF`Aa*){0+x6<BwNKIHH^sF-jq50Py}s~)6vwNluUQ!@N&>Opj!sfso`aU
zjiRxvQT{PgH+4$xN)NAwq|mxy+W_q4UirU2_I-{4M9Dx(4R{;`j%i?%@+bwHT6_yG
zH0+y_n7(Ft2tA`XylSd9;;WpEw)LZNxQ6hbCosQUVXmBC+x;Ar|LleMlg=^_WmCjN
zFVN<bju*u&S0dyl)iDA6prjZ4*ACqD?+u+INykVG$cDTB_?2iqOoPr5EqSjDPVpW^
zy8Uee_Y^UBi4ZwaHcKdp*_7!lOOYgcf?w-vI=&qzq^H#e{o+wobYh{V5Pdm>+gDuu
zg*7!RY5nIW-Pz<{&s#wuxpV-8?`LTsB0m8078+^UDy{kXvUNm-(4uTEO3K=j(Z#J?
zbV^7D*F9Qm14Ux;tP6Xl))vrJomgo{GPi+K__R=)sx5;)wfRjnCdAr&kKo`6EQBB*
z;;KZK>i*E_J2lT0Q4vT=vI3qB;!91;)GwMW4wa5@#)A`VQZeqQrlt&5?nvUCo1Px+
zqFRL3>{|yz5jmL<0vBB?*)DM2z?QR)#g5MKTiJ@iDNq54W7bTeOfxmM2Y;;}zr~TR
zPgjpdl4?Kukb9Z}8L}X)Y+GiINkE9+_S)!6_Y+6?;*4K>>dNaaI9P}j=lSpOuW9PC
z|2|i*1uSYj=b)B>B@nBzhIw||T2DHwR3zXe2NwuK5Yx*;Vp@ltMR(CU#NrouMQjYy
z^orc?*VL+-I%8*`5Z{{B1lB9V8+)4TKsq2}d*r0vE?&y^&9h_-@9+nrzffWH{CM{D
zB>j)_zuruROOXMn?b<J6z-Q7o>x|owbs>jXI=y`g(sVQ;QI}pLNAx6LKdX$}z`VsD
zd1PuvHYlU$a42WKsN^Swf<PdFr?*6if>o6l=(=-%Gdw27byGZ=W5g)=z1lP9_npLW
z65%P3VGPb04Na3iOQ_fnT1Mbr!3XPSv~n;#j&Weqt$Pt%-JK~W*}6bzs!PG_j?_5*
zy_lg)_8$SoS0pDqXy1I$H7u0cgX~g#J<%<m@Ey<cY9)`;&Q4+9ve}O*c+{4xBanb1
z6KP@2{dI)gP!A9;`HozPs@n6hS+V>L=BR=3^;H}m7<gcC%;T})@e4ryAX0Em;Kf38
z^B_3bcighGz}O1Qy-Oe>7W)^%7Nrw9wEVJ|&jUd@v`5Kuk<!Cmb_Qdo>yj?NNo5sZ
z0w|eNYbHzd{K@@~N7?X%0xVNzP6a}kqpOObO*}VBO8)1Z&v|RKW;8DZH})>*^*c?F
zioi^Z^@$UsEYS39XJwv%MXh@vOR(lmV9q!W5$YX#$xU+=dO27gw$d>cwD{5aZt9bQ
z;jJ(fIXF_|;){?KsrK)Ka!^i}J7?t_D=~>-X`jvigb-LpYeV$%At;C2Fpws}gM>AY
zAwQ-M1a`J0%0rw7wJ3l-8)<8lO}vb@5^^?tepGZHgw>x&Ij=xg8+4uJ{p;m&;g$=o
zfS8o<w9jem$T-!K2`~*_>2WxI;>109I7M6Kfoa9O&$&hFX$^lX;~D@2VKR_Y@zES6
zue1Wxt7ut-JqNnP!fkkL*!;22%*46CDkK72@?<iS?Ax;@OjbeOQ`_)1&hp3rLJJC<
zOXAS9$^NJT^V{S&Jif;5bbr0oA_su=0|I#4J*mOVCMOKXhYedjJJqow4a+9e$)P3a
zq*i!gt&lr&^ozIk*MNFeS_edxdRN-j0$w7P>#tEY8Y~$Z+;Xzf^}hPe*FD4M$}(aM
zO6l4OmvYvek9_&NDPMAvnWK072ZN?`mbXY<CZOL1&1VkNr<givd5Hd|6v(NHPAs*r
z&`AxZ{+I3}%X{0;>{VhF5yB53t)WQd<71OUP!4EIZxTUbN{~F{1@gAVk+(v@8#lJj
z+zme*g!Y@&6RsrXV_hN^Jbo5zUj%AU&}%JWm>VcmkTG}1rrfv>y#V!*g$Ib^i)j^k
zPj<L|#10JUxQHv+z*mD)dyn4k9u`9>7zE1WSNC@zka+rU^IPC@UaLP#N%&s5HDb3D
z-Za(wPHNj;ao{A13E8`uUr>yN2%8Lok|F*F1r&?KY8W%+rJ_uQbm8rITt!e5!H<ZL
zwVI*@W@d49UqpmnL;@Zkp)ic>he>x-D#$7wG}OW|1{kYPIWY2Mq8^mqPuWj)e2ji?
z)CL=I^{*9Lz-_dq1)2vYlpfHJV!uYD8SOTtgX9MZ4PmL68JJ@(?!0}W{!zSnvtU6e
z>-Gy+i%Pe_$1R2T-!9NW<M0O4MKAfy&P@%k+WC9bR`*uDvG#o2mjUpr%%91P#=B??
ztT~EDd~_IWgVXK)MceHVs9;pZSAwi7LFui}W5RG4IS$7aAV_b6b6#!ZvHCpO4<6^1
zCNi}ALb;-(zI100@F&vkE%SGJu7j*aOniODg^6xlEh#+ijte@&L>|YnN}H3VVu+Z@
zprK5C$P`B{IYzYBlF}cMyc~9I0#!3ZA_LGts<*s?fFF{!dwAa#U=9MN36Ko9uQ?$}
zB^Tic{$A*99xtEY%#fHPf`ky9gh=_~%7ssgA+i3OlSL`FjU6)U*U;7%!V9mldjfwn
zAPj<U?&D{TsgF|f4$-kd8Z^|+DeYY?NH}9@xd+Sh1p05bK7(cKrzjjN-A#GM5rluy
zxo%)Y@oi)?Py8hV-ZcsUk|$2+!R`1)K>p(Pm&#~bp;vM&xENb<zgKYbwK%|U<rk6(
z9v7OM1{v4#?-Toxj9PC{a>n1Tx?~JbE02J?Dc*Wly7v-&oKn9|MguEPq~N?4Nd&PP
zlU#DFSEUmYGb(h`d4%;|HnViV7K+4slsg=kS22KUT!F5RZKy~$n-y7`x0}hF=a|;_
z236urA#&@L5L%+#MJffdCK=DfZ@TlJ@UFLpL0Up!wMoV+7mx{<0){|2A05z_c!`0W
zd8}*AoAFaqTKcHGYTJ91W+OyPz0b}BZUKB?W*eazr91z-+NQ}F0UA!rjQQ^o0nZBC
zXF5n@OXS9Eqbf$7OTyoE-A(o8HI%umsAZ#D582xvKc5g+tVYWc`1!p{<k<E$g8HSH
zLi*7|N%|A70*|cnRMikR(df?{m8X@O*3Gaei#HA4uV|H$c<ZPb)4!*=3(BO~XPR^-
zhZbc&O`~B-%!cW3)<JTFLb0k!ZcyzBt)$5`aeZsYUOgHSQ!Knv9zLx09WMX5do3vA
z$f=QEu3~H+FtBqtO#H37CqDeKh=WS#a}~%K$@G~;>H0GCyC?ulX42wpXjz0l{uQP9
zw5R69)~gw^g|OaiqN;82na1+#d;L;h(=S)|R1E!*ZT9C@$Ov|MGXE_3=DX#J*#8Zh
z!dpHfNzm^~*TWnUpn0qpZU)CN#gBh9j2-Zw%=`;Ht?niw#6JE(0y02k>b$#0k^B-}
zbB@c}uKVt0G5cegR#4TFk~pO8FBzb->Ku0iCND1xCT83^;A@ss13trm<N7a8x!k<3
zKS%vGM@nw9v^Dqt<oot@aRAN_A5+Ymr|4Il>>Pg|^@q}AfK}Su{3a!FxHu&di3+P#
z6lgjqt!o+44>f0-i@#%Dq5bl&>V%Jr-DG<3BW5w=<XmArtXtg?GHkr7kp>YtJ?i6s
zZv)CC%;EXxB3E0t{Jtw!$(qm#ZZfRSXoX-(Y@pxc7z|{<OEfs0<vHIhE*Kj1*|$T+
zmS?vRg~_^ns2{Tyzeo6(HG39zIXLxDV71rjkE{e%=<cP|+_0F<i1F@;Y4*9SdZwae
z)l|q0UsB&1^vC0S6tK|D<8rE_+#X{7XCXTwj`TD$+)dj?*lFsnVDiGdLlDbO=3m+M
z*dQFu>JEQmC_#;dLLOp^x{Cl)Wd_1*eHeB2{g5d(Zg>r~ZdWDKZG0K6O+LskOI1Ep
z7g0ehZ(jkFLU3^n%w_4gVwKN)*pcQ=`Vr?J7sD6<L!VA2qNxu2sSnww7WEkp=9l0=
zThIyN#@1Dz;(eUb`4CPyx+yX0ZFR=j1zq4Z=lTyJtgll&=fiGwkFuQP0?Ex_ju=E}
zfZKZj4$peyEH_HUyB<d3s5k#1&*jU`i!h~UCpWKF!vEQ@l_I>}So^{H76}NX%8LSB
zoE6`zvAWmALKxLG^>s2E9lT7pRrlK}ll=_k5F8;gsN4?TB@KA_iWZW3mOPSK54pI{
z_a{d1hE6i^2A;lyDbb|SyV8#EFh4Ia+QyGt#RWhLcMy2PRhNBN*oGd~>+|2GnikZz
z?7I=K+6JWguh9YX|1c#cJCSxHk?D<z+#w)$ynk#hk@w`Wac%ur-w~D8u0_u!REg13
z+bicT-AX?94@2l2jgiw5XuZ}#+?|d<i>J>2YV5(x!v~9e!^&a~OR(jx&hxyuz9rPp
z>-`AC(wFcWMdBI-x+ekh#Mu81?Q}gXHjALjy@%YJ7V2NdZGOoTFQ5p0L*DwC+<{{Z
zc=<pF&A5J;hROrxARk`&-(h<LLPjE4YO~a^I5OB#An*O__#Nz+^@^kI)giS^fN9Vi
z&5EPTE1#UX894h}Tqp+_yJZg#qI=Kkh0+SM+6MEL$3sVbi_KS*W$TmHi2;)?Z}?@6
z`B^s<her)<q~0?$bW+IdV%9ysR)+WVKTIIh8y~<{zVV!Xw=iUI^@S*$If$kPtT9(5
z6uM-QDGM6U6VCF?>I%J9U7qd8SzLLbBF0Ovbiuca{i)p24rHD^44Ys-SB6qj_tb2B
z>-fuqKkf}m!G;j4Uu%))S>9eQrvXI9C$~|~d>%gSUCVTNT#^2ie1c!IBiARlUWsWt
z6N$rYrqA^IraD(52j|1B_OxtX0(&-))Z26QZhhd1f&*L4cEOP3o)PNM7`-Umo5KX0
zq4AKz$=XM1;v@TGUSIKQJ(&L;f`9L`C{ZshvyDUux+xhj%7wp-AoyJJhw+YR8P%8s
zYDU~)B?q~YUOHv(B9id!fL9?hPLdFTbeWJ*c<MlX00YEcYutMktBoWhV@tJ3hj1yS
zJ|00!J)6^oe6vzhjtKz4-6g2S$r(qf4s5eXhEjnAV;PPgvfH7HPc+MTAeJMJiUal0
z5!^X)p_8Sd&6`grb9L36172eGBg6n;GZn4%3wskxsE9m}CI|LsfeBs6$eJ!7BZFz|
z$X;drKEQ2ZD4t^(&%v)j1|AAFUktN<;ySZ6DHgkoNeT-Ox29d8x%*rWF&=BB{2*TR
zw?Pgbkbq-?`=01yY6fmds`i1{x!H17&osKgj1)lmgFuLKTS!ZrXGM+DuGKVTu2nG!
zNZ6wa&(8rkxYHs|V5kOd80sJdb3ufFk~IScT-<40OL%J1e`Ymb>)*l0#oNw?Sqo4-
zCrCZu2D5U<mSO88Gz^UKXk<|Hy3&9j4@h_C3Fsx}&WRI2;a|hUne+6`-fNGM0ihyb
zq4@oZSmO_HApkh3&dtO~h=qiQ?`g<&Q%=J?2SuNdb;}_r4~|PhxN+enhAp4Pp2EVE
z2pwL6a6w8)G{_T?tf|GpRntd$1p<8_FR{jUHXT3<phRkK@Hdx{iC*O$Wj^qtVUXbk
z^F*yJ%&Usf4_12wuEmSWJ(Zpj;Auh^zfX%n-Id#elo)+R9a3eXP(mAk+tsrtkW5;^
zQWh(k02J)HYAKRII>ng}IoC7@NJ`r91AxrG(6|kQ46xNpEz=40&Y4kStUVXEK_4DO
zcBpE@#l^J<X=x+71FLa?<m}#o31;0&NFR}NCq`M$xkXI*JcBYREiD@VMv$KSd*i1#
z(zk_po(`6xATaY^E!en&wLlI|gkFmh9QD5P6P&!cU3sDwaG!2F51Cj!Aw%HZGV??9
zXNH#1%F#wTTo;kp^&P4cEXfXM?a?9vh{$IoIjb?EKsa?N90LRoU~mE%Ucn?ycT9qI
z59nYh^Y%*o^KJy{&#WhrpWC7Quq0bRhOZO2FDRuv?m{=+rkOWM_A08jx8;0UM@4-H
z*GQ#*3GZv<GN)wHDp9`#VJ24%6m>2EPC6e3>7E|3r2}bIh4c|ZMzD<MX0?Kst0H}X
zaztN_oTlyr_fK_A$(LzO9n<D2@BN(Wx<Bpd0bM2>b3kAGlTn(=e|)ga+q*3D>2D3A
zzf<oV!il4Hvs*zgzmRkg$myOFMMckv{L_v`V_`DpGMocz5$!x(cGDcU#j3W#8-01D
zmF3WQ3htR>CG?0_iyGHF`d`J8Pm9j79|<`6MwZpAN6@O&j$oLK;c7&}M~GW(C-uH1
z%_mUffxDy~2o26jdn+=71@^aX%7w42R*H|(w3wWCNnRCFM5U?Nd)|8z-2Bmq6}&b8
zDH`oG>pU*}K}o&{0Pf7!^-)Nh{{a7DEL;~7^e5(X--&Vu%89A5yK7<IIl^OKbDO}n
z#*!W8Agu&p#A-d-8OTVk2>sij>f4zx_=r(Fg07PoZ%GzNPT<`3)4{SQU3?6N*(EST
zlLK)~%wOZIxQ&uF5l)I0Yft-8wsz)hysrqj0w^Rswtz5I<PD(Ak-(PDqkfM|t!+`a
zb!`9o5b84t_6YYG_`2R(qV9g{xtI@+AXTt=4F`<9{_d@EzGpzgFZ%va8RXl61#tcr
z7ke*jnsl#<mW&+hFu|K8f8><ZwO-iSusUN4-hZsOh!UPnIVM7w&lu9{Ioqwj74y)>
z1C*{m9XA22>}<;zJyT7w>=rT4BA{FW`MCE*Bvp7#O+Pm+QJh&NOk?(EB4MnCXsd-G
z)@zeGT5W$2jg-ypZYY%vHIzjtrn#I%Sa*HO?*_EmZ{Rr=!H(r$Rgzs`G9*sgg@}u<
z28xGrrI+ToHrlheD;o>t_-26#yQd7nQ`260VM$p1zOC74K9aBgZ+}bwINqg)n^FNY
zW~mt!1OS`5PP;|v#M8YI)7ksWGsl~*{&<#_n6xN@VQGE1FJLY&-B9?{k;mf_ZV2Ci
zt{CN0xzR=j2Vktc%%{HTgj*o2PeUUR4X`n~s-i2hX0GrHByD@Gx9dCq06ls+jdyeg
z`;@cq!(*xzOhP``G&~{reF4a6x9YXB_m4seWwNk;Af&>sZ@lljwm~?{elNCcf=%yp
zb?|2(N~hs6XLD?gK%xpAM&qwv@N&vBN!fK9BqciYIkt*)45dH0#=$Rcm9=0}G=aR9
z;th~%V8xW@8oqX2y>T(G)o}w~u?z}}ewQRJrJWQs#2*WDk+{LuKL3JdA+G5KSzj5=
zt9K&mWokX-xEaamQwt!!z4)V}o!)$^C292XI94B<v_gumqWBZ?EI@5KUF{*EX|WZ*
z_x0<#su&shAW>-VO8j})6LVKdiL>5r0!ww71ZSU{{mnBY-T;Jolie9%?Y?f4<Eroc
z{`C%__k~733Iu{>o@ZV_uSq8w>(5?bc-Y{q+q7zQI1V-3R~PIeqlkF?Ds>sOUI#u|
z&oeX5(c$n$Nl6*Ueb{Z9OyGj6SzIeiZu$%p0J^r)X~NEVB+duG=1~dz`fGgLc74rD
zMG<T<9!*i{7uwsQO#Ue%4sA?_q8jkHp-+g9R5j}_YyTJ`uj0;q(KoD^MSSmXxBs;l
zK<#RRq{-|sMb#;K-KFH5W&Jj&8D$(kfx<+MyNn2CQRLy|*CP?O7tF`YHh;y1+1~X+
zl@Z+q&gWn$n3mmQM%q1!s;B8LVE!_YI6(bh3mcyr`H$`=?m_RZg~jl^X(M>wgvFC<
z6^+f4XG5wT|9I5&Yv?~F*6wvWf)3}{oK>&a$HwtMp5}5wW3knJNO{=Z?Zo!P60vSQ
z!+;f-)4wo(;U3oa8n}dfq9Pg!x$zCW3^n*-Gdg_aF^&z^@;iF?5lD?p=B@>EoPUBg
zsgCLy#akwv1@5arj#j_p!%zZxikSYqsHq^vp$G{Np;G=c2fx|kHT(}AD+@1n_#?I1
zD)L)BA$!g1*-rsi6s0R;i-mU0f4Qyy#|0>8Zi-<4Y?>>SWz%&o-8f%K@sy>-T5KzJ
z-jyRJ!7K|x5Ja%_BXk?#hs@_jrC;dN&Ht55`(OqGS}jbUR@_`NR4I3{(o`f^h+R2c
z3007MS#mPLr~gH@cuGffug`Z@HerSSr`W%4#Sml~eGr=|a4wNBTJ2IKm=!<N0f4%&
z+|)p@YdQJj8}>t?dQ*@N{xodRAq-XtoJ)1*qGLaU&Fd%3Eo<xitU}(fUa;S8i(yF~
zly}24h*!lb{O&B5n9p7?@A3zJxK$ruD?Il!W-!5i*6Lk_?R}kX^te+zZ90s7|M7%s
zQ)9XDnU89<okI~%MR`{WcK8h-E`p6W{}7a@Z5hE@EGVICEh1kK;4;7D;>Zf{$&k@d
ze9rqrZ+9kr{y31C+!|H-%hG1fGz?|o1+$5q@rlF`Ud_Ot4b*SrH2<%oPLmYuV2^)B
ze){{;;z*J1nw$fUXH3nkU47A4)fme{j$hOkB0$m=b9DWXq1f{1vZo*ks?Wpy3))GR
z)p6i34C=o!-Ff}A(0aw)0%NsXJ=UGpEEahykF2VSfQR!&lL<<f9izY5O-95;N1d~d
z_%$kK#CT!}HGEbeSYcubLaxdgiNOp<OHG@{yN*#pg(WOKkqpq%tfHXgxibBAf!S0X
z$L7$zkt)8b)VsR7V-odJKQ_cx(ahA`IZzZ3zWYP+%A&wy1(U>447$%#U0Gpl8isl=
zjU(Qc#KxI5*Y{WCrXv@9aDG|Ll(d?WArk*5o^6|c|I&-%w7-EKKo;F!vhP^5@=6yM
z=9lSbw=2U7t|I_{n$*(?<$5z^kZu)j=L&_9RsR~=vb(>(-JraoVgC&>f)J$Zh@WE7
zmVZ^gK#@pHb<)YonX^MAn<}$GIgkQQy;7-Fp;xZViqshXg#7JO9}N`Q4*MXc$!w|c
z_%|$Ko%tVjhct$^l$(9U@0Yz5dqRSToR8I3jHlD-t@LbRSUkx+Xr)We9Nko+JH2L^
z6irjM@6r-}M&@=BC6aZk-z!;Z_jdM_T6$YfU@F6yC=5=d;VIGjae5<a_Ht3Y_2VCN
z4FmmK8HobwriQsr^$RtQI4P1iIUb-yPZiYbRy#lS1`Q~}Qf{RL?|7l*dmF5V>;#=H
zW8%Jy-We;=m@+S@u)NwK*ai883#QY2|JU7D|3&#dZ!fHbG}3}Jf;7?+OCus(Qi6bV
z*V0S8X+c6jx<Qtb?h=q#y1N^RrJLvG^ZhTL{cZQPJFj!*%*>g&?wM;1kMY`1fi<Vo
z#Z(ni8Ef~Ul+XNjUCkv#<P-@#wl*jTH(`y`Y5THQ5yQ#0iMNjhU<P*J%R`|rM1{q@
z3Yf{cyt*N&>PeShbe*dAOh-v;IA}Z@Hd*mQ2k@PGtaPDPo&${qVE2Y$2A$Dz`;-!X
zS$M<q$$0ui8I2M5A+hrJ{hK1zj>zEwBv%UJDA7GZd9xeR8kO$-P_VFwbV_GA+WO6v
zGY5S}eDuESvBmBh6W<Tct05xn=)5B%4sr4<@hTu%LYeuN2RrtX`2KTmAJ?N<bgmZh
zEp2lVbOJ8El#^{OhKp#s(f06L#*UA5ch_jW3e8~B^*k#3-R}%Kf^P|#dyofqA{O&I
ztfQq<|7U9|5XKy?=kFUh4_J|1Q`;RPpj3u>#*Iy^X1?Sqzy4dT@d>7ThEPi;sD&2S
zLv$v#*<*Fnnf>QG8!p4j?eg)mu~Bv8H25OYIx06Jed2(*FCyE^fta6xDWT#L?eiVV
zf4)g77PcS(hQ%TVkGHhX6g@aS?KW>im%+t8b$Y1?p??ZaRGHBvMuJOPcUJs=v-&8F
zrkv#8%^_dbXJTf(n{R>-1@~WKfu-+AbQQ(Q{JEZobI%0rTE_A|3I^e}Z&5LjI6XRl
z3gi5EBez6VNb5zX@Hq0^`r<t1l&ZEXfDQXv%Bi{Otb9SfHQ+2Fe-ZEnt7MixaQ7ka
z$a<s2Il;RQ*3EGj;;nB~=m}_a6l-2@AjPRb&mOjOK~je*ULW`Q(5Lf}EvEaRN6cQG
zte5xEktp~bj_;?mZrW#xyze;O#k(sWh`hxTIS)L_n`rDqLf5}%?FAy@TUTLWnM%W(
zfmue6pi0uZa=AC=DJJ0GXp~7Lk3Ey+SbeI!`X|1f*rt;*u+kC1W}Fc&O@{f!G8Pp^
z??OdI$S*nZ?j$#;PkEZkC46oX)Daxqntcd2BLdO3nK;s*EfK`6MwdIixkv;WWKa&r
zXj14_)7kChvK{g?o^5N=-Mn#u2<(5pl1!_erzwt6nXJCjg1t|2Z=U`b9W*;$u`X*S
z`=$Gs*<^d{HT_G!?dtp&cZ*_+PJwfbjQ5>&AR%^IdLqrw!b>&3u<DpB%JN`4x&A&p
z?q#Wud=^AK_M&!2@+KA<2Q?SC2PX8>n8$NhyUrixv^LmJ!{S`zx3bqR88&{uqrMe+
z(+uXOp!W@Uj&{1Rt7c6HN{zNJ``b;^PF8vD$IbOH-s1u7k=AY9%(4(5h(NHC)!^Z@
zaCsf#Y;E>aV2T!L<FL^u@RlO++Rf?}-*TU2`nP)ZQ-oB89f>b364qA7sP0huBw?0?
z`?&r?2P?Bf6X5)jX)h)A+mA684ooEUbAwZ~sJvWjt6in52Pjx|E4&0H4smt+*4qtr
zEs$=au=U_4;bHX+Az~`(8%mCHc@gF%Q=8Hl5j)eSpYL!V!W6zjKHn9#A&16Dv`6m;
z*_Yf0;lcsFxiv7eHp^t*ACZ2n9u(#8X}BKZJJF5f`c1zZTG-o2zkPO+o#!xk_nv7`
zD0q{>yRkPa%#-}vYMUPG&7AXgj(5&ib!j#(w)?k*4|+dKqe<Z@KebxZad2AS>TTg@
zd=js2s&9iZcH*@4yXz5n*d7l6^EQ=U_!$Jf4FPXB@NPAKc$xp4^?kfoCu>5Bu*(T<
zTuvLRoOUqKzRR>so*@3)L@Ji{Iv70QWK;4{ZE=Y8rbYPPrZzG`ICo=XV8rMV-uj}a
zcLLuz^$XA#8jQ19PJZn1KBV3^rtL-TSbJk_C9%DFf}yGGyW>gMe@KR7WUy()+oHa-
z#-8!bik_vz_Jj(0Eo47V0_EtbakDTwuS7O%5H;WxS=^WQ+@fkD>Y_XfpyzCAXUU?4
zT%6`dc8W`9ax81g!$Q8XiV?BP^P~>0Ub#r-oXeH)PstN`z}|qjJx%LtpJGvG+eTWE
zs2Sk5o+b$@p+oy>E4HqO%{<ylyeP|A`o-HFQ+NN)+pt8eh6W5Sw+M5&*mr3j$o;X`
zm~Kw0t6bkPKOe1nGMNR8_g$q;4f5?~qE-9LT++2j0b@hq<w^|YMTRKddDk8hkbW`r
zp*|w*6=@DuN5ft4@2{ozK^Pz*E|ZPf=Bx437s%?W30#kvSFLSkev<R;$IG&a)aV7-
zXWPLUtJ#MZ$hEd}U~ozD-Bwa?8K&xrQgA?QogAyxoRz-#$qCk3D&_*g#_)npL3+2!
z>6%JvP0@29utb^*6Y+I;grVSVv(~(PUup=JFT)Y>Xpq#~f#YJ=!@q1MlYH?&$4A6c
zaPo&TK|Z+w^buZi2Zec8r_ya!y@n3~uS~jx9o6Qv_SU*HKgWa>=5}}E`7p_)!4H2b
zRr}bD&t9CdZ!aeaiTbqp)eNuv@C{P7OE0=ANXv0O8!bn1cTf%6qYj?!&y~&0{cZ1|
zyHg$r;q?)t<na4O21}{_Tw%Mt_6AfIMOfILignN_O7Kq@OZPf6Q0GD@q+bMT@CrEI
z(BUlb#%*Y{*87>%;p5Qey+cz&?2Ir?Z4Da=av!CkbLKF|{pA%1=l2`B9mAipEK%ku
z85sK52bA_iy$>C_A(chVWeZw&vj6p`Ed4vxwuA6wUxMeT<JO~dD-XxcEA~>XJTPb_
zJgd)?+I7%^Sw5$EZSp#?T00};=eo~XyF3mZS_=%ysQMxyO1ejPNL1$|zRvQ%Dq_!I
z7?=!aC|p%{oXw)4N{Z{j|NiYh>&aa($QC4Z7STb_Z2Nu@5@#elL71CouB{4D30RbJ
zSvY`NT6wZ5FYgzTyNwR;Pt~kEcY;ubEX#+@w{UZ^F>LVF+_mqu$liCY&<?wujD7|t
zGXuu*U)7;pxvPd*D}QViif6`RVhdTO4<w?OQTo-Vwi_n~dqo$CIa?WhOXtpKOq#+J
z6Cc;wA=ve+_|18J1R{x^YRk=V&hXCZTby|%g?C4IKWjQD(4HUr_{Qv_H<UqZ!hn-J
z%`}3AvOuWW#z(j36;EZ@1LMKxD~8ZCY6gS>r|j@zm5CXDYM$>#E~>BLr-&#9=0zvg
zlv!X3Du&bW47AYca8PtUs3&|^iOIyDU}gX*Zs%N8aCe&m+RH*xcZ4g4)M<=6hSRjZ
zPUp28l#uiD$Je?XdZHPxQgSq$<wr)^bh6P4fMW9sGO;1121c3{?^9#=!lxc$?~O0M
zcSuIZR+BIzlWDc0!V0hdAi0~kL<h*~fN=I&v{0cw((2*QNH`1~#whFQSyE~KP5@NF
z&KAAp?4|c#9+cz;W0{by5P80^w5Hv_;!3FsO19b*6P^7IKb#QDD68Ix1`~M1{ID*|
zAzRhMfA>(UOMDX=9Z3J@GKF3CQhdMD1=AQzFnKlJUEYB_9ibBRA>3XT6qHknVo$ER
z?^87-PFX+Z?N5(93|Au>#ZLaD-aNl5)*%_8!(=0G^3li6Hq+=_5NJ=!=D~YZXsGH{
zg3$vrRT||#|2)3olhcB-|ETf^jpNG+=&)P4+8!ZyX#*T(@G4(RQ-5|Sf78C6m#^nb
zW@p3W`5K@(xRiLEsE57-FLbBKr;Ch?(!W>09lAhbO5?=iQ(fb*bIxOJE#nzql{NF4
zy<5(O1VY{NqFFT3vKUBf`VhA$&laOeClBI2h~L>u1${u5!z1lg$QI`GdJa|l_8nJ(
z#B4L%9!!mkrIrxUOCq!#Kqkvt{AJ@dgbaQq-x+^)h8!m?!ycxa^V(fo(-ZVz6;*(I
z7J|C*h!%F>;Mkic^e1HVpx<Ve#IZ-Jy%3|M^tTrBEiddsR*aCNxhwFsaLXw~$#g@=
z8VSQX{Su=|+lY%_=M?pBkvyUuLNWeUzn2}3R#(k+OzJwL*IMM^`{4h5t$Oi+JeS=I
zc<`uIx$BRG56P2qGVtr}^=9}nK`@6N@`x8xhY?KPf9Unr;a+3$6$1%T8cx-RPcc-<
zM>L*pX*ql4HLwjZ0o5zIy}1&bRV6~_9Zz6vJ14Eb=gXC}WpvI-{#0u=CgtYDvJBd4
zn`;+FKakU6ZW5reLEY}iH2+*4IcAbVQQ{IV5BH+6>1D(w$KDc(7NrP0sm$(^`VB`{
zQ(%zhc1mx;V5_+h1-bAi5(k_<?iJ+3nM;K=eFWX$R}0~PeK9yBRC99>4~deLy`1d}
z(z=uBEKKopRjSBom`Qn$$q(6KKw?6^VLk%qO3gAFgh5LEQuk$UL8BuX6#Mf<VTcM)
zFYw7J$c(c4P11Co^JepG5gx`&s%87$^8UHJ!N7S4LYA$O@L1;znu1mB=*zT)Da<K5
za~-v->}lrSaaXrVT;MArwRW4=zB;keN3f+gt(yESf8Iwh8YD0nZzW!O&u|+)n@pG^
zV5zLKn)0{@hym}8$>Iy0#S`Y}<>gEd?iy7Y{#TOXJbpah^s&+D+cV`_dU%}11xJ(R
zvEe%xhsO9r^UONyTP)V)|E#Y}KlHq%zR;iq23#5SjqU<FU<4^ZYOg*cm|`U^vAQtX
zJ>uK`>LI?m>8kS+KcSX15E-{tz6NZ`1D<#prm21oIIlYAK0lVPr(@!JVs)|5L87=I
zKo(Fl#+Ilfyfm1B8Ku6W)YrJWvc1c%(dQN-7q-gV%=8{trR&v6au$wOfakGAfp*+Q
zQU*f~M)20p)e2HGnzij_cPW)Gxuu#rG=8a|<?z_eV}{DIXi8HvEyVxb7^9VV5?|mH
zfDi6-wq_XNOb{<H?b2Ms2tN9@M(fVe6N!``Eo~#i5@dDA$=~T2ltsOG?fz-5;dqKg
zmk-ELRZVqucFjY5dE^q?%Pr6JgEyTK&oS$-!2a#tp2)%ix;4Bs5+Hl|5&LMI7Xi;1
z5&ZNbsa)<kZ`yDq?4SbWSCFl1Gi7w_F{2&X3c3L|dGl5+tCxWx`!OwnQG$EY1BbGt
zOigSQNgLS>1vDvsbUo_&mG6VEi!4z4&#r!HWi?!O*Ym)$EB))^q6BTZwdXEv#*iST
zEB#?Rfq03Gq_;9UH4h%bR~&V@-p@=?E+>~6!VXvMW{baA4Kht2R{CzEKE#RPI(*Dc
zDcJ2jDgqM~jjYw~G~_dnc*-;v2n+W~sM4$P1y|7N6Evhg+lBOu`5aPK!0F)mn&w6n
zjUu!Lf#TAWF#{C3csqnnW7WmYd8RDNq;?zt@4$~JlHt(XL8q~evpm>UmyqtNc`5k<
z3Tf?`3bE0jBJVuFb>Kxq>4FjavXT^m3|nciWkq@|V)k9i8_Z{`^QmCazmV!G@~`5=
zO1PB%UV9{p`jwZdt2$~Y1DqeUaoU(ZXlFf-HT@%i#)D8eL?Bt|;bH+sSXD9dpEx$1
zuMJ1Buz)=O9nPB5)J|%-!fEjOwMTg?KrJ!9rgM)H$N;j%98w>YJZQXY@69>>gWAx>
z{O{ar|L>3(jHu{kP9yozp+~R(ywqE&7Z<t_w2<FkM@oo$zCZk(a)vJQE5HqdH=IKN
z^m9lwH1Sy;6RqW0iLgE_)^0MaHaRP)jn$dA{z5;nIBeH3nUvPl$&uXF!E`j97rtz!
z*A~_<K1lQa91!6n`1d&sv{FDb&`A0$Jz2sD=<+4lEQ_`Q(S*h3N2IgsTr0N#G)FTP
zlI74_Ljm*HEjfZo9nX>jIgm=QnWl4a*6_p+4jL=L!Q~RTh+Llwgjrv&k?sR28bFgG
zF*e$x!h7|7J#Tk;OR(1s052Gomo~yz7wO8OJCi$x<fh?_YWL?uG*I~wdrwsCn~zEg
z!$GCjX-4?nOFU~h^&E@&XGP??#K8EC+?e;VOb4Rp<y|bf6WsZ|`cP{?#=O4ChLYUA
zaF9r--<OSnHi}~E968#<>0q?pR({_SD01=I?BcHtv4_StAu#oatfN({j3}U&BS?3-
zWq6&_k9dHd12)bOH#=|ixi~6NlsPoCd1=5;q&532{?j=Df1vCAIs|W#sC@!2Qfrvh
zaKFK<`aEKUNc1r&DmRd!2hbYLe{xO$&x-_6IyTIn6?uW8L#6YR_e8dSdhNKd4!uQh
z!|N<U79RYI=ZsnuMS7;n0r`7)%IvJ3bSlaK$1+VG&-^gX+sIRQH%aY;1qeO3@P$by
zrRsE4l(3Z_d9eC6xKew2qd<Kd52KV;8%Z%$jvT%4e=T)N%LbFeVux`9)VgolLvv-}
z?qAbo{R$|FDgDtC-AHumubD<sWfOtoSZwqpgP~&_L$b!MA0?#1b?8QfAyH<6d#upn
zk^Fbjk!ShO_`FT<y4IO(Uwf~vYT8S-;RUXNcahtF`vHm*5Z_zE;VH-ik4u-xYmL0Z
z5r{#0eBH+&zkBc%q4I1URX%Bs+_(sA;p2lCi!{Lvh4<&+hinzpFd^yXHjSlxS61ka
zjV)lQhDRMlU*k=U>zTFlK$$8xp<bpCJV(iya-xn)h6JgJ7#YSLu|rObF8HQOfWq?e
zEb6swv+Awv-q)ck2UK88prdl_*Os#be^r?NdVgW=(DR)J??g~JUjH!`z=pTQz9YsN
zF`WgJSuFYWierM#oX;#|`oPBRjcI%Hqb<WXpOQ7j05M$!zDRvM3|l_EU%hcskG)AI
z?1Ue;hWt4E-y8`7-*(;2!I0XgwKmh$=?O#mjxIy2XJK~*=?FI1Z}`*Ro6nPZ-TBYz
z7ftIIh26T*w?%M3MX@JiXvHfH&}T}FUU-CQ>VOH9XQ!eyc#o7S1mE**oXaRlc9C3E
z#b6@P#I2jI4t*-^cWihpZaZyr>zhlTBA4E4tyh!)DUv%G>>s^+2Z3E>8s<_`b=z4=
z43pg93|AgH^!bfCqcv&vkz0Vuebv;dvCT=3?zF7_cAEnFjz~|E+X5j^yfr|ILe&3G
z#2%T}jPW~+a;rD?+IH>l8yZ^18D=wA>^m))3HAvWNodnR!IiGQ_*jO+@>RNr$Q=rI
zvC!R&tJN+BuqSh1PemnFR~$~l;^qZdcuIefM^)N*ZMHU_|5yF7{qCHQuSJIQgxB^5
z{ECe#SMeis#!%6M+CDBE*Xp09JmulC^nUUsE%zuObNgOj+WozH9=+F-fPKCeSXy*q
zT7bM1)OxHH4QM(6Geo|=jR-GcI<Dq692|eN{JWD5!7~<Oq({u>L0qm$f^I)nZyZLr
z!Iv|OG7LWJHM3g(pQI#rsKExOArG%sMZDK00O_sPecW1Z@)#kD1P9TTGh0hZ9(jf;
z@A2vY!T4h~l!b3kA<+I)ntMVk6>q%tcYv=X#*GYv>gwZyrX9w=#HY)G>?UdL#SH@B
zSQ}(13plz~;9FE!9+B_57g7Ca_j%Y{=uTsHY|N8~w@4hQp@{%Yh8^0qxNXFbu`&k0
zPA>WjY!Vgnz1*lJc%EWvL|C?7zNeWD)YEwm_4xEgUR%6WQJs(kw?uI=-uS&IiW9mu
zUFdGf%y)3cbBI_nuk-nqHfH_oU5slf<}}{;H~O-tJ%~SA9Nyh-y*`khmL$0MZpV$R
zDvKU=hCS{A&>~+vu!%JloM*H`?<l65un_VWK2ytFG*)Dj2L;r&>y$~HD??xSa`Q~v
ze97CpG>yvJ@c`$UGI}t~cKH3{M^z@+OU5w();EBX);0ey4)By&u^b%Mzkf#atw{w0
z%3^HjhmmUIJYHkJ=6Z3qPtz`aCo9RT40!a`#ryX%UzGQoA&-~sBct>;E)tgue-vvo
zbh|abum9J!8xAawe@VCT4-@p`z$>uesJog$<{7RpwOCypCM(e8EJ+=qMWLoas7ra_
zwMYVd%6Kn*zvj&0KdZKPW0Wi%%?eFuB@|A2`3zVU`#!rL!sS8vXZ~oXtTJMF=|Nk|
z^;tJiAX~~|`5qOUeEBk@Xb;Zg)mDO;*Aj-*StyFMz7k7)i4OdjbN^pGTEoH@H5Edi
z5Y{EjEkvLc)joZK^n@nkaf^d_CIDubOrDZ;s6_T=FDyZCOu^jXy!7sQr8^1UTcv-t
zYU#il9}P?N!crpsYq><5qb~jd;W19H>GfM*eDz2ulKK)*9YxMU!%jw`!9xu<-$cf(
zy+`E|Kfz>>Zdu3D?FFKF?Z_kV=m{A^pPgygc2G|O4?5Yj*jy8h%H6(TgyT-4Tl+0K
zDC;|ogfKC2_N7bCfCl&w5xM^Zu(pyWnutN%AMaY9WJ-5auD3WGk`*-lSPK8nMO6&t
z(A4KR=k(vp0syLkdxqeERg7nq%^CR{{U@3mZV@s{blX>AdC_P;8zS8kn?7tiaYZMG
zLqX=Ogu{*Rw8`%lwRB$#DR9^YN1eY+{guI|LtehTBXHQTFbdeH!RI>*P5}_FK|}F+
z$_Ko1L64C#GY$S)o}@`rgB&kJ!*o7UV1=%D=K*jE{d4lnmjH$2ADQhxnPkm()-G)=
zTR{#Jjf=jt@WP7bspf0`Dw<kz54WewuZH?bbpWAx$y45YGPCXwklR)Oh7PO~1M^{i
zndMI4l}xVTeIeVk`24@Rz7lR)!*5t7vQB)Zdw%tP4Qs2rGUDmUafZG*wsp<fia(<9
zN|1s-DlTwu1>&18=I<Aalk$@Q{p!spY@zQaHqb#$I#5PlXiGiq&2B{*nu;crJ?AEM
z@p74qL-E0u2SNy+yvGwTT2B$7-`D$H0AE+t07xQJp+jJ<4}2}C5l~GS_ib*|g}JFa
zofnz239S+YK(2@@Paxq}$-n*xw894M-veo%(;l^o4vgJe4zN&!mjQN_{DT590)^O`
zd+q*kEZL2tJ{b{jspps^wcIQ6YN?#HNgF0XiBZjV!0s2DNjLXG0L1s^I$+Yfc)JW$
z72fTEzJMOfv^li4r}s@>6Za`LN^BYg-z}%$Sk}(zZHO%lXTA=?1t~27aA<SX1;Ddw
z&6}0n^cn56s`Bfr%W3nEIgY^({McQrndrcA!-gK2Lr%xf?FzG@ey;?{bIkvs``7Aa
z!>;VOZ{fe}b>dM5Svj5aH}oEapPr-GynQ`NOq_^+5S^Cx=Jz_NwC}AAuV{g=i1>lQ
z40ouHnu{@5LgTGX_X^(E-c2A=!wpS$tU@ql-r6?S*Vl%uzpzuQJXtbqdFxbA-$ny(
zNWuMApN}>hIt4vC^%(q{XZ5sr!|yiPzE?Eecc-d$#k2JxmDrpbMLzD$Hlv;Vlu0|n
zPmsN5gLB9)>hE*ZWwj{LU#)bIQp#t!MZh6-#E}$3c?S)1+9|Ey{m%Zkr_->hotVV=
zNo%~qN)Ay@z926nB71B<aiysh^eExtg>@9D#sV}Shc*G}60?L4XoPIi%L8n$Q4!#(
z&~tem83xbkso}QR;0}etdpr1PmXE#rz96sS))IWaYXG#GEO1@6P$O-gHc$-1zUCip
z068_SY8{##A?^lFA@A*lczcq>S4l%_M}zUWOd+>><_oV9&h_!?E_DB=;>;%xn^V&`
z)a#o=`}$h_Z>CU1LH0NIwbcBoE;axn>#QL%yZT6*!&M}YYkongb_Z0l#|2*BRK_U*
zBHxVR@|#qt)_fIz{OMBkDy*z!w^%L<)9-%xEf^{jrKHwAWXtJXcNGVYYCh!0byL=F
zmW_B^$XXbS84-?i_OKE~Tt1*A%!1ocEZ@d_1A#C)pZ+6&+$XBhPtt#SstS+ywp6MO
zOOsPEiPI}9qej*A4Li-8Au;pMUgUYB%{epPW4N>m2b2V+HvG;K2$~W#qw90;EUxM!
zZk@G!bz2ZTm-BQF36%pa)afD)B~UR<4DkM(9*@_L<V=<vjL9adAP8#jn6m}aTKObb
z4=|t_w~m!Gv!Dz-Su$&v`Vs8kYCo4YjvdVREqpVHFbW$2-0Xt;XR=WtFJtPYc?y@9
zPz3OjT8TF|0pQ-Zr8qkoFrrD>Cp-JH=_m317nI{Ma<IL6B8KeVLZ~&IRJWi1UK1Z^
zvMq~y$QJx#28w9eH$+t3f93s+4Bc6TO1H4(l#X03S7FD&s>q|Q>LbNL?S9XP-3k`F
zX{MWAq%;6C1o!9lq+572OeASqb#7DoCW$YPY3Lh{yoc;LxHxf7DeQurlJ5HXvAYil
z1cfz8FmmXqdF~UwK+}@lNE}wY!}g*87WHTwvFV%RUMG^eVHQ`v7Q`%|3;LKN>APE9
z?FQV!qjSv`o0M2|^t!&(W(65Mw;4JBt!Po4qvE~8ipe->Mw?zCFPdngruPSg<wPD0
zG3Qo6%zpEdoJ4pfRed$bTVN`K*59g}sy|Sum={OSZkNuripF}UOI)~Afn|{?jiuw6
zjNqxFTixA-C>;QEN1T_1?r;GH@plqPF~1Cj#4m2f!)IETHa{j(_%WG4NV-*U8!{82
zdfWp>zWTd*!<*Af^V#aN!?G7H#t=03VyJHX*Y;ejwDc|g)^8e@@AnPyM^B#!(#y9G
zbro()@RP4!XwB9vZQAlz72?(_${rDR@AW@JM^Mg%H1w}f0LF1bWZIo(5*x|&ws#53
zn<MMsoYT&R;@JNWhPqW-+O48$E?{PZ>w3c^)YRhYIEr+Y4lRi1rsykv5;{$${8YuO
z;y+tF*5|Cei?7z2PJ<!UgF*fDn55yi^z~eUYY9<)Y>&Z0j$|@7mFc7ly-i{h?7)eh
zIwj@71||KW(vBW2h;YO})_2U`r1mzlW*iICQZ6=MDh1L-F5Y(vU;-|sGF5l<-v>`>
znXL|<Vc9K|pW7jx@LJO<qn*bTm^|warIB7^eAP|SEYRX!kO+YGbR@3f2q)EzeM6P=
z<mBBWO=KQeC1O=UNAyiJv*BGb1eq5h%CxmkbXbJ>R?TcJV@pp|zm1UMZxu25pupE!
zvJt)a=5^Vs$uWVEjP@+`@5k0y>OT}WJVpuCx^>j9Rqm>E)|Sm^Q_UwE>j&Ej-g6!g
zv$?E%*kA?EuE{c-bB0&~waQ2}x6S4;;`M-vW3K|%KlLLo%Nw4VpfxY6$ax(>cEc;n
zmVG*`ZeX4#3CLM}2UAf*C}N->%Oa@4#KddR0_IAbYxR}G4iIA{Wh$Q9_id*7SCf=9
z9h)Q5CweKd)z*1dP@D`>hE)t&pB^@AA9;nr1Aw3o6Dw1=?WIHkAk;c({wH~1wp1gj
zpf<)=9E(Fnw|t9$(IsyJS#GWQW*Zb~iX!&RM~1tKqMzWgHQdOsY{ULf<(g%SB0U_q
z$@yGxaqQ#ksjb>8u)I5Qk~@^mNx*)2tU868{kWot0CS+2mYJy@zUz`fG%Xz42OQvQ
z`3V#d@j@p>&>o^lxnPmo`~(#!v^Q)nLv2S)L`0j?&4HaL!p|b?_6&*a#6rd16x6-k
zNR-*cczQzg3#ud&1^ms!Xd+MtPSr4!J9V%6zrx#Do@!#8L%nQ5@lnyTpRLzGLK--@
zMz;XLb68c{IESjE3)zm4i7q_b4c;9KRNmVt)<c46eV6NS{RXq|mM1eH0;Pl|#_iHs
z*#SK6c<?hJP++uI5`W8Vmh_S9OuBHANKey;{dx?@=mgL(9${tdm>Rh6hYD#A06%-M
zmeAif)OM+K3cZt}f(mU6eLS$(F}S+*(vjse1ilV008kRF11|6U+{(I?e`qx=gRWd!
z|1^)rUWQXpYa_i^D*L;R2>VL=-Iq@N#5<Yc0E4p3IX8E`5}Rvm@)2(D62ZU2<7?~I
z^=iXF%Pn+Y8Df0YdL!e@upKzk)`Vnwjc9V|>@J7STKg&g`HK*V?DYvd!s_(_ouXtO
zt(~GZ+O;Syya2SxiH~|h+Xcf#VyKN`EZ%pN@VDU=9>z{J$<faNidExnxH`Q17Zq&x
z7Gam<GCPDbAJOZMH?Qn}Kn0j~ovtGzsuC^BPX?425DQBTC{dzf_v15ZEK6$%ELw03
zoHm%j<r9`9YYruqht!IS?TtpJ<0Uik!+#x_z1s(U=XSG4PW`Q$?;e)v=>NZd<xp%q
af>$X$nNgFM{D4MLkb<nTOqrB%;Qs?mWOS+k

diff --git a/powerdnsadmin/static/img/user_image.png b/powerdnsadmin/static/img/user_image.png
new file mode 100644
index 0000000000000000000000000000000000000000..325b0ef853a5d2c5a89142c94904378828085d7b
GIT binary patch
literal 2718
zcmeHIi&Io(6hHT}kE>kV1!dVmahEL3!URPP5O+mvA&eBv6g5^&qRbIQkxJmgE+T4=
zsZ7V$K#quMh7*p9IC6nuN}F(N1QkRfnm|+7K$Q3Ge3y%;jZ=R>I|FCW_x-+ee&@M4
z3nNV~BRxj~fJ=B-XcPdAUuj?zDDI_P?m?kg9bpPZiJ$IyCFv+eB!n$X0&pHp{wUaY
zKnpN(PI&0t#VNIS>+dFx_8TK#cwy#qAwkK(w(SeGp?w*j`9+@7)t<h$DbmUJ&zu|8
zyK5pxh$jF4_h<&RVfPt*e$=bSio(W4RaK6bQ@{k?nKX4=!1AEnB;}_Nxap<r_NwXh
z4|Sz0cld%Q=zoojosJbVw>UfLu~?;gqBxvsyZau<%PZ4u?kbh<@A&D$Bo_pCos1nT
z-6Qz0D%~4o;M?UYGXhk^GDPXi0!gXq2!_HV219MrTpwmZ+S`mjn6DUG=*_Pky*EW@
ze^!FMkRXH8sZ&j=yw!Vq_NC<~om!Hi0MF!?vNwh&AFuOSlKtiPadH{NuRk8MG5l7w
z<!VA%donCOyu=dIano_rdrk3j$`gF|`coXhwo)}LXl8&F=6p~``-2|hDWHHwrfT3F
z9yGVS6@XJfVeb_hh3(+LHdYUOLdVTB{WA{y>^~h9P1V#%s=V$oxp^5meWy6DxD)e#
zUI}*K8o!fcjAm<h+aU!5z^8sQEv4x2V&Ortt=Ji}2}UPK7Ge;ZB16|?6m~`Q>$nXY
ztf~N=6Q#fZO!Ih%#|sLn9`UpUT^7nTfj>Yl>M}rz;*A>2>LWH^bm4ow@AX^N(c8be
zb*`Gi*+QEfV$k=~gv*61o7%@@rsmfK+8%77uD93!Ri-(6;M>hlx*(p)+iRERUix(`
z+U0j0Yn)*;qH*Lw#D`5A*{$Vo(p%2+#lVo*@DOQgcXs%t@WEW9$E;>SGO9hagPoYb
z+OL)84=7!L(8SOeG&N@g^_;jY=)qWd?6*<k@xiurv+2E6b@1`j_}l4r5eSY?&a!bE
zS$oUsq4&o6gZZUnOVTkFKfc?<kj!wS9!wig`7}*4PuRJ)N9T_x3Mj&Sqael6@U7CJ
zoxa*{5f32-N<=4~V5iLwRD&gofja|poq$qSKj#&kbvwv?oqIeOo$;Oly-Yj6zyID0
zv?xAC$KJdn`?GNraVJ{F{8QTu*54Vp@A>{7UF_^E)1@ExJda%~vH=L;8iy>6Yz02)
z^E0Kv6*?Jc6K=l?QLlFIi#$ZnUO$1J{ZosHO2+hXYIBzpu1z%ibj7i~jpANW##wc$
zi+eWt_hAI=Wrem6lWoZYV&7bdb}Rtw7#W+^vNM9SFMsb+KyyUk%nl*(7nMKoOV@K{
zn1qI9>-nnh*gw_<_V>S&N@Eo>&(MlF4Dk9@yj_V!`R|`x>e>WuV0YBTlg_59no(-t
z3M_B=VyE~z<TPf_DOOLEds!4J^J29`>5`+uH<;9@u&LHZlr*b2r-L_XbBWU6AtSKC
z2_9Bt;y4>IT7;3s<4U7ap_5k9pz_a~$6)`W@D3%h#-^)jZC%*}{E-7}ERD!Ujj{0#
z6C)~CX!#<7BU6msMq>#ZRUtS4+5x>xZ3%)WF1!P9k{>h0TyO<k3)sL#INMl5wK41y
zoH(*ga^)zVxI8-8jo8J`QuEgv;wkJ{+(CuC$|(<5(a__<-ZQ->X+v=YJ7`nHl6B-F
zIzoXniesQh$zr^)sCa9pm#U~xTf%M^2MRCAdL!cvh1}Vk`T}89`PX-}<Y_J?27p<>
zq=8v6WAy%Lp(3;LnxDuAA1#UYJ2kn}aAIk$m(vi;z0+;~B4J+E{Mv^wP4tvgBRUO>
zR}>7xTu-}I9}`wtDu-cl(UTYL?$OO$Q8*0KY<8<gO4;-49$G^#4Qr}CFDUOe+_5E;
zC`rb!6#;45E(N$94-m2^`P^uwBti||?rz5mgvK0a+ZrHC2BFfvtw_qSR;~c6LX+r0
z{etJ11U(Aj<)GEB&4S$?(mH-9RB?-%y_*FB3LzCINECKO?D#UDD$l$|dA$dnH<&CV
z-r+Z-#dTfRuAR04jLMy7XNe^pe99q$tz7FmF_BUS##~(~3&pOGcuB?+izi>4cLVpN
z$CeFbrb!is4HNrJ`MPJeUVM?W|3$aGVU&WCUOy_-JK97t>ff+0C1Q^Y?(W)8xsT2n
z*bGh2fp0rW4-Gq%{Qg6jW6$gM30+>m*sk^l4<+|e#}8Bb-wvhtLp#SB+-tU#&f2vV
Pc|iF5$k3A^=FGnV3?!(&

literal 0
HcmV?d00001

diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index 92e3a1c..85b2f82 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -23,11 +23,7 @@
   {% endblock %}
 </head>
 <body class="hold-transition skin-blue sidebar-mini {% if not SETTING.get('fullscreen_layout') %}layout-boxed{% endif %}">
-  {% if OFFLINE_MODE %}
-  {% set gravatar_url = url_for('static', filename='img/gravatar.png') %}
-  {% elif current_user.email is defined %}
-  {% set gravatar_url = current_user.email|email_to_gravatar_url(size=80) %}
-  {% endif %}
+{% set user_image_url = url_for('user.image', username=current_user.username) %}
 <div class="wrapper">
   {% block pageheader %}
   <header class="main-header">
@@ -51,14 +47,14 @@
           <!-- User Account: style can be found in dropdown.less -->
           <li class="dropdown user user-menu">
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">
-              <img src="{{ gravatar_url }}" class="user-image {{ 'offline' if OFFLINE_MODE }}" alt="User Image"/>
+              <img src="{{ user_image_url }}" class="user-image" alt="User Image"/>
               <span class="hidden-xs">
                 {{ current_user.firstname }}
               </span>
             </a>
             <ul class="dropdown-menu">
                 <li class="user-header">
-                  <img src="{{ gravatar_url }}" class="img-circle {{ 'offline' if OFFLINE_MODE }}" alt="User Image"/>
+                  <img src="{{ user_image_url }}" class="img-circle" alt="User Image"/>
                   <p>
                     {{ current_user.firstname }} {{ current_user.lastname }}
                     <small>{{ current_user.role.name }}</small>
@@ -89,7 +85,7 @@
     {% if current_user.id is defined %}
       <div class="user-panel">
         <div class="pull-left image">
-          <img src="{{ gravatar_url }}" class="img-circle" alt="User Image"/>
+          <img src="{{ user_image_url }}" class="img-circle" alt="User Image"/>
         </div>
         <div class="pull-left info">
           <p>{{ current_user.firstname }} {{ current_user.lastname }}</p>

From b809308d31229649a26d1bfbc7e7b8a759b7d32b Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:01:51 +0200
Subject: [PATCH 081/203] Add LDAP user images

---
 powerdnsadmin/routes/user.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/powerdnsadmin/routes/user.py b/powerdnsadmin/routes/user.py
index 709156f..65d7e08 100644
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@@ -1,5 +1,7 @@
 import datetime
 import hashlib
+import imghdr
+import mimetypes
 
 from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, \
     current_app, after_this_request, abort
@@ -115,12 +117,33 @@ def image():
             response_.cache_control.max_age = int(datetime.timedelta(days=1).total_seconds())
         return response_
 
+    def return_image(content, content_type=None):
+        """Return the given binary image content. Guess the type if not given."""
+        if not content_type:
+            guess = mimetypes.guess_type('example.' + imghdr.what(None, h=content))
+            if guess and guess[0]:
+                content_type = guess[0]
+
+        return content, 200, {'Content-Type': content_type}
+
     # To prevent "cache poisoning", the username query parameter is required
     if request.args.get('username', None) != current_user.username:
         abort(400)
 
     setting = Setting()
 
+    if session['authentication_type'] == 'LDAP':
+        search_filter = '(&({0}={1}){2})'.format(setting.get('ldap_filter_username'),
+                                                 current_user.username,
+                                                 setting.get('ldap_filter_basic'))
+        result = User().ldap_search(search_filter, setting.get('ldap_base_dn'))
+        if result and result[0] and result[0][0] and result[0][0][1]:
+            user_obj = result[0][0][1]
+            for key in ['jpegPhoto', 'thumbnailPhoto']:
+                if key in user_obj and user_obj[key] and user_obj[key][0]:
+                    current_app.logger.debug(f'Return {key} from ldap as user image')
+                    return return_image(user_obj[key][0])
+
     email = current_user.email
     if email and setting.get('gravatar_enabled'):
         hash_ = hashlib.md5(email.encode('utf-8')).hexdigest()

From 3a8ad7c4440fb84a9a74a013573215a530caf50c Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 27 May 2022 13:02:00 +0200
Subject: [PATCH 082/203] Remove OFFLINE_MODE config option

---
 configs/development.py          | 1 -
 configs/docker_config.py        | 2 --
 docker-compose.yml              | 1 -
 powerdnsadmin/__init__.py       | 5 -----
 powerdnsadmin/default_config.py | 1 -
 5 files changed, 10 deletions(-)

diff --git a/configs/development.py b/configs/development.py
index cdced36..d4bd24f 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -7,7 +7,6 @@ SALT = '$2b$12$yLUMTIfl21FKJQpTkRQXCu'
 SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
 BIND_ADDRESS = '0.0.0.0'
 PORT = 9191
-OFFLINE_MODE = False
 
 ### DATABASE CONFIG
 SQLA_DB_USER = 'pda'
diff --git a/configs/docker_config.py b/configs/docker_config.py
index 6666fc2..7019a34 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -48,7 +48,6 @@ legal_envvars = (
     'SAML_LOGOUT',
     'SAML_LOGOUT_URL',
     'SAML_ASSERTION_ENCRYPTED',
-    'OFFLINE_MODE',
     'REMOTE_USER_LOGOUT_URL',
     'REMOTE_USER_COOKIES',
     'SIGNUP_ENABLED',
@@ -73,7 +72,6 @@ legal_envvars_bool = (
     'SAML_WANT_MESSAGE_SIGNED',
     'SAML_LOGOUT',
     'SAML_ASSERTION_ENCRYPTED',
-    'OFFLINE_MODE',
     'REMOTE_USER_ENABLED',
     'SIGNUP_ENABLED',
     'LOCAL_DB_ENABLED',
diff --git a/docker-compose.yml b/docker-compose.yml
index e18d683..1237827 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,4 +15,3 @@ services:
       - GUNICORN_TIMEOUT=60
       - GUNICORN_WORKERS=2
       - GUNICORN_LOGLEVEL=DEBUG
-      - OFFLINE_MODE=False # True for offline, False for external resources
diff --git a/powerdnsadmin/__init__.py b/powerdnsadmin/__init__.py
index 3f68a58..467b3cd 100755
--- a/powerdnsadmin/__init__.py
+++ b/powerdnsadmin/__init__.py
@@ -117,9 +117,4 @@ def create_app(config=None):
         setting = Setting()
         return dict(SETTING=setting)
 
-    @app.context_processor
-    def inject_mode():
-        setting = app.config.get('OFFLINE_MODE', False)
-        return dict(OFFLINE_MODE=setting)
-
     return app
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index 16b8161..d2aad5f 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -8,7 +8,6 @@ SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
 BIND_ADDRESS = '0.0.0.0'
 PORT = 9191
 HSTS_ENABLED = False
-OFFLINE_MODE = False
 FILESYSTEM_SESSIONS_ENABLED = False
 
 ### DATABASE CONFIG

From 9890ddfa6414af78985b26b61ffbe2726cf54e59 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Sun, 19 Jun 2022 12:16:40 +0200
Subject: [PATCH 083/203] Fix rrset changelog for names with hyphen

When clicking the changelog button for a record with the name
`foo-bar.example.org`, the url you get redirected to is
`/domain/example.org/changelog/foo-bar.example.org.-A`. Because of the
non-greedy behaviour of the path converter, the last part gets split at
the *first* hyphen, so the example above gets wrongly dissected into
`record_name=foo` and `record_type=bar.example.org.-A`. This results
for obvious reasons in an empty changelog.

As described in rfc5395 [0], types have to be alphanumerical, so its
converter is changed from path to string.

The hyphen is one of the few characters recommended by rfc1035 [1],
so it is a bad choice as separator. The separator is instead changed to
a slash.
Granted, this does not entirely solve the issue but at least makes it a
lot less likely to happen. Plus, a lot more and other things break in
pda with slashes in names.

[0] https://datatracker.ietf.org/doc/html/rfc5395#section-3.1
[1] https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1
---
 powerdnsadmin/routes/domain.py      | 2 +-
 powerdnsadmin/templates/domain.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index 3261264..556bc19 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -277,7 +277,7 @@ def changelog(domain_name):
 """
 Returns a changelog for a specific pair of (record_name, record_type)
 """
-@domain_bp.route('/<path:domain_name>/changelog/<path:record_name>-<path:record_type>', methods=['GET'])
+@domain_bp.route('/<path:domain_name>/changelog/<path:record_name>/<string:record_type>', methods=['GET'])
 @login_required
 @can_access_domain
 @history_access_required
diff --git a/powerdnsadmin/templates/domain.html b/powerdnsadmin/templates/domain.html
index d821e6a..f616967 100755
--- a/powerdnsadmin/templates/domain.html
+++ b/powerdnsadmin/templates/domain.html
@@ -190,7 +190,7 @@
 
     function show_record_changelog(record_name, record_type, e) {
         e.stopPropagation();
-        window.location.href = "/domain/{{domain.name}}/changelog/" + record_name + ".-" + record_type;
+        window.location.href = "/domain/{{domain.name}}/changelog/" + record_name + "./" + record_type;
     }
     // handle changelog button
     $(document.body).on("click", ".button_changelog", function(e) {

From 5036619a6765a4487c5bf674fc610c507543d79e Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Thu, 23 Jun 2022 22:31:00 +0200
Subject: [PATCH 084/203] Allow new domains to be absolute

Allow the new domain name to be input absolute (with a dot at the end).
To keep the rest of the logic working as-is, remove it fairly early in
the function.

Would have loved to use `str.removesuffix()` but that's python v3.9+.
---
 powerdnsadmin/routes/domain.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py
index 3261264..105a18d 100644
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@@ -363,6 +363,9 @@ def add():
                     'errors/400.html',
                     msg="Please enter a valid domain name"), 400
 
+            if domain_name.endswith('.'):
+                domain_name = domain_name[:-1]
+
             # If User creates the domain, check some additional stuff
             if current_user.role.name not in ['Administrator', 'Operator']:
                 # Get all the account_ids of the user

From a88f4a66c63378802ab5e4eb091d786418fb8715 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Aug 2021 22:13:25 +0000
Subject: [PATCH 085/203] Bump path-parse from 1.0.5 to 1.0.7

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.5 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index e3b95c5..f5e1d98 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -877,8 +877,9 @@ path-is-absolute@^1.0.0, path-is-absolute@^1.0.1:
   resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
 
 path-parse@^1.0.5:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.5.tgz#3c1adf871ea9cd6c9431b6ea2bd74a0ff055c4c1"
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
+  integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
 path-platform@~0.11.15:
   version "0.11.15"

From 289faa501984d9fb30e0e862ddf1a77e36e2c8ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 14:58:46 +0000
Subject: [PATCH 086/203] Bump jquery-ui from 1.12.1 to 1.13.0

Bumps [jquery-ui](https://github.com/jquery/jquery-ui) from 1.12.1 to 1.13.0.
- [Release notes](https://github.com/jquery/jquery-ui/releases)
- [Commits](https://github.com/jquery/jquery-ui/compare/1.12.1...1.13.0)

---
updated-dependencies:
- dependency-name: jquery-ui
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index f5e1d98..2f21653 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -690,8 +690,11 @@ jquery-ui-dist@^1.12.1:
   resolved "https://registry.yarnpkg.com/jquery-ui-dist/-/jquery-ui-dist-1.12.1.tgz#5c0815d3cc6f90ff5faaf5b268a6e23b4ca904fa"
 
 jquery-ui@^1.12.1:
-  version "1.12.1"
-  resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.12.1.tgz#bcb4045c8dd0539c134bc1488cdd3e768a7a9e51"
+  version "1.13.0"
+  resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.13.0.tgz#ab5ac65f37ca093c51b3478c4097f55bbc008f36"
+  integrity sha512-Osf7ECXNTYHtKBkn9xzbIf9kifNrBhfywFEKxOeB/OVctVmLlouV9mfc2qXCp6uyO4Pn72PXKOnj09qXetopCw==
+  dependencies:
+    jquery ">=1.8.0 <4.0.0"
 
 jquery.quicksearch@^2.4.0:
   version "2.4.0"
@@ -700,9 +703,10 @@ jquery.quicksearch@^2.4.0:
   dependencies:
     jquery ">=1.8"
 
-"jquery@>= 1.7", "jquery@>= 1.7.1", jquery@>=1.10, jquery@>=1.5, jquery@>=1.7, "jquery@>=1.7.1 <4.0.0", jquery@>=1.8, jquery@^3.2.1:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca"
+"jquery@>= 1.7", "jquery@>= 1.7.1", jquery@>=1.10, jquery@>=1.5, jquery@>=1.7, "jquery@>=1.7.1 <4.0.0", jquery@>=1.8, "jquery@>=1.8.0 <4.0.0", jquery@^3.2.1:
+  version "3.6.0"
+  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"
+  integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw==
 
 json-stable-stringify@~0.0.0:
   version "0.0.1"

From 34be2273812e33bbad9d2d253893837fd1f7b9d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Jan 2022 14:45:07 +0000
Subject: [PATCH 087/203] Bump cached-path-relative from 1.0.2 to 1.1.0

Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/ashaffer/cached-path-relative/releases)
- [Commits](https://github.com/ashaffer/cached-path-relative/commits)

---
updated-dependencies:
- dependency-name: cached-path-relative
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 2f21653..8b07250 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -299,9 +299,9 @@ builtin-status-codes@^3.0.0:
   resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8"
 
 cached-path-relative@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/cached-path-relative/-/cached-path-relative-1.0.2.tgz#a13df4196d26776220cc3356eb147a52dba2c6db"
-  integrity sha512-5r2GqsoEb4qMTTN9J+WzXfjov+hjxT+j3u5K+kIVNIwAd99DLCJE9pBIMP1qVeybV6JiijL385Oz0DcYxfbOIg==
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/cached-path-relative/-/cached-path-relative-1.1.0.tgz#865576dfef39c0d6a7defde794d078f5308e3ef3"
+  integrity sha512-WF0LihfemtesFcJgO7xfOoOcnWzY/QHR4qeDqV44jPU3HTI54+LnfXK3SA27AVVGCdZFgjjFFaqUA9Jx7dMJZA==
 
 charm@~0.1.0:
   version "0.1.2"

From 18150eea34043c0e732f5f536caff7c18348de21 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 9 Apr 2022 01:07:03 +0000
Subject: [PATCH 088/203] Bump moment from 2.22.2 to 2.29.2

Bumps [moment](https://github.com/moment/moment) from 2.22.2 to 2.29.2.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/moment/moment/compare/2.22.2...2.29.2)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 8b07250..3aa8404 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -817,14 +817,10 @@ module-deps@^6.0.0:
     through2 "^2.0.0"
     xtend "^4.0.0"
 
-moment@^2.24.0:
-  version "2.24.0"
-  resolved "https://registry.yarnpkg.com/moment/-/moment-2.24.0.tgz#0d055d53f5052aa653c9f6eb68bb5d12bf5c2b5b"
-  integrity sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==
-
-moment@^2.9.0:
-  version "2.22.2"
-  resolved "https://registry.yarnpkg.com/moment/-/moment-2.22.2.tgz#3c257f9839fc0e93ff53149632239eb90783ff66"
+moment@^2.24.0, moment@^2.9.0:
+  version "2.29.2"
+  resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.2.tgz#00910c60b20843bcba52d37d58c628b47b1f20e4"
+  integrity sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg==
 
 morris.js@^0.5.0:
   version "0.5.0"

From 41642fcea40c38342c03bcc6a6244157345917a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Sat, 28 May 2022 11:17:37 +0200
Subject: [PATCH 089/203] fix: Update JS minifier library

---
 powerdnsadmin/assets.py | 4 ++--
 requirements.txt        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/powerdnsadmin/assets.py b/powerdnsadmin/assets.py
index e7c6354..233e23a 100644
--- a/powerdnsadmin/assets.py
+++ b/powerdnsadmin/assets.py
@@ -24,7 +24,7 @@ js_login = Bundle('node_modules/jquery/dist/jquery.js',
                   'node_modules/bootstrap/dist/js/bootstrap.js',
                   'node_modules/icheck/icheck.js',
                   'custom/js/custom.js',
-                  filters=(ConcatFilter, 'jsmin'),
+                  filters=(ConcatFilter, 'rjsmin'),
                   output='generated/login.js')
 
 js_validation = Bundle('node_modules/bootstrap-validator/dist/validator.js',
@@ -61,7 +61,7 @@ js_main = Bundle('node_modules/jquery/dist/jquery.js',
                  'node_modules/jquery.quicksearch/src/jquery.quicksearch.js',
                  'custom/js/custom.js',
                  'node_modules/bootstrap-datepicker/dist/js/bootstrap-datepicker.js',
-                 filters=(ConcatFilter, 'jsmin'),
+                 filters=(ConcatFilter, 'rjsmin'),
                  output='generated/main.js')
 
 assets = Environment()
diff --git a/requirements.txt b/requirements.txt
index ec2ecbb..cef0a76 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ gunicorn==20.0.4
 python3-saml
 pytz==2020.1
 cssmin==0.2.0
-jsmin==3.0.0
+rjsmin==1.2.0
 Authlib==0.15
 Flask-SeaSurf==1.1.1
 bravado-core==5.17.0
@@ -30,4 +30,4 @@ flask-session==0.3.2
 Jinja2==3.0.3
 itsdangerous==2.0.1
 werkzeug==2.0.3
-cryptography==36.0.2
\ No newline at end of file
+cryptography==36.0.2

From e7fbc7af376abe0e2015daf5c48ee7370dbad1e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jun 2022 05:38:32 +0000
Subject: [PATCH 090/203] Bump shell-quote from 1.6.1 to 1.7.3

Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.6.1 to 1.7.3.
- [Release notes](https://github.com/substack/node-shell-quote/releases)
- [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md)
- [Commits](https://github.com/substack/node-shell-quote/compare/1.6.1...1.7.3)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 yarn.lock | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 3aa8404..a288bdb 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -62,18 +62,6 @@ almond@~0.3.1:
   version "0.3.3"
   resolved "https://registry.yarnpkg.com/almond/-/almond-0.3.3.tgz#a0e7c95ac7624d6417b4494b1e68bff693168a20"
 
-array-filter@~0.0.0:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/array-filter/-/array-filter-0.0.1.tgz#7da8cf2e26628ed732803581fd21f67cacd2eeec"
-
-array-map@~0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/array-map/-/array-map-0.0.0.tgz#88a2bab73d1cf7bcd5c1b118a003f66f665fa662"
-
-array-reduce@~0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/array-reduce/-/array-reduce-0.0.0.tgz#173899d3ffd1c7d9383e4479525dbe278cab5f2b"
-
 asn1.js@^4.0.0:
   version "4.10.1"
   resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0"
@@ -1009,13 +997,9 @@ shasum@^1.0.0:
     sha.js "~2.4.4"
 
 shell-quote@^1.6.1:
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.6.1.tgz#f4781949cce402697127430ea3b3c5476f481767"
-  dependencies:
-    array-filter "~0.0.0"
-    array-map "~0.0.0"
-    array-reduce "~0.0.0"
-    jsonify "~0.0.0"
+  version "1.7.3"
+  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.7.3.tgz#aa40edac170445b9a431e17bb62c0b881b9c4123"
+  integrity sha512-Vpfqwm4EnqGdlsBFNmHhxhElJYrdfcxPThu+ryKS5J8L/fhAwLazFZtq+S+TWZ9ANj2piSQLGj6NQg+lKPmxrw==
 
 slimscroll@^0.9.1:
   version "0.9.1"

From 5f304ee29a37c78cae0990e91fe2e004ff490bf8 Mon Sep 17 00:00:00 2001
From: Phil Jaenke <prj@rootwyrm.com>
Date: Mon, 22 Aug 2022 20:40:17 -0400
Subject: [PATCH 091/203] Update to python-ldap 3.4.2

Minor version bump. This is necessary to resolve build issues on Alpine 3.16+ without impacts for any other distributions.
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index cef0a76..1fc2864 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,7 +8,7 @@ mysqlclient==2.0.1
 configobj==5.0.6
 bcrypt>=3.1.7
 requests==2.24.0
-python-ldap==3.4.0
+python-ldap==3.4.2
 pyotp==2.4.0
 qrcode==6.1
 dnspython>=1.16.0

From 9bf74a6baf1cb6d375fd1cb08a68a472243e5892 Mon Sep 17 00:00:00 2001
From: Pascal de Bruijn <pascal.debruijn@dustin.nl>
Date: Tue, 6 Sep 2022 15:25:28 +0200
Subject: [PATCH 092/203] admin_edit_key: default to User role for new api keys

hopefully this will prevent accidental administator api keys from being created
---
 powerdnsadmin/templates/admin_edit_key.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/templates/admin_edit_key.html b/powerdnsadmin/templates/admin_edit_key.html
index 7c8ca17..6a94340 100644
--- a/powerdnsadmin/templates/admin_edit_key.html
+++ b/powerdnsadmin/templates/admin_edit_key.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% set active_page = "admin_keys" %}
-{% if create or (key is not none and key.role.name != "User") %}{% set hide_opts = True %}{%else %}{% set hide_opts = False %}{% endif %}
+{% if (key is not none and key.role.name != "User") %}{% set hide_opts = True %}{%else %}{% set hide_opts = False %}{% endif %}
 {% block title %}
 <title>Edit Key - {{ SITE_NAME }}</title>
 {% endblock %}
@@ -39,7 +39,9 @@
                             <select class="key_role form-control" id="key_role" name="key_role">
                                 {% for role in roles %}
                                 <option value="{{ role.name }}"
-                                {% if (key is not none) and (role.id==key.role.id) %}selected{% endif %}>{{ role.name }}</option>
+                                {% if (key is not none) and (role.id==key.role.id) %}selected{% endif %}
+                                {% if (key is none) and (role.name=="User") %}selected{% endif %}
+                                >{{ role.name }}</option>
                                 {% endfor %}
                             </select>
                         </div>

From 4fd1b1001847eaef73b3da9a222c011068a3b2b7 Mon Sep 17 00:00:00 2001
From: Pascal de Bruijn <pascal.debruijn@dustin.nl>
Date: Tue, 6 Sep 2022 15:31:43 +0200
Subject: [PATCH 093/203] models/user.py: properly guard plain_text_password
 property

Resolves the following issue, which occurs with force_otp enabled
and OAuth authentication sources:

File "/srv/powerdnsadmin/powerdnsadmin/models/user.py", line 481, in update_profile
  "utf-8") if self.plain_text_password else user.password
AttributeError: 'User' object has no attribute 'plain_text_password'
---
 powerdnsadmin/models/user.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 2f8b87c..1ac7b60 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -107,7 +107,7 @@ class User(db.Model):
 
     def check_password(self, hashed_password):
         # Check hashed password. Using bcrypt, the salt is saved into the hash itself
-        if (self.plain_text_password):
+        if hasattr(self, "plain_text_password"):
             return bcrypt.checkpw(self.plain_text_password.encode('utf-8'),
                                   hashed_password.encode('utf-8'))
         return False
@@ -423,7 +423,7 @@ class User(db.Model):
                 name='Administrator').first().id
 
         self.password = self.get_hashed_password(
-            self.plain_text_password) if self.plain_text_password else '*'
+            self.plain_text_password) if hasattr(self, "plain_text_password") else '*'
 
         if self.password and self.password != '*':
             self.password = self.password.decode("utf-8")
@@ -459,7 +459,7 @@ class User(db.Model):
         user.email = self.email
 
         # store new password hash (only if changed)
-        if self.plain_text_password:
+        if hasattr(self, "plain_text_password"):
             user.password = self.get_hashed_password(
                 self.plain_text_password).decode("utf-8")
 
@@ -478,7 +478,7 @@ class User(db.Model):
         user.lastname = self.lastname if self.lastname else user.lastname
         user.password = self.get_hashed_password(
             self.plain_text_password).decode(
-                "utf-8") if self.plain_text_password else user.password
+                "utf-8") if hasattr(self, "plain_text_password") else user.password
 
         if self.email:
             # Can not update to a new email that

From 846c03f154ff9953641628e33632f4ba951b8bf9 Mon Sep 17 00:00:00 2001
From: Pascal de Bruijn <pascal.debruijn@dustin.nl>
Date: Wed, 7 Sep 2022 14:23:34 +0200
Subject: [PATCH 094/203] models/user.py: add non-zero valid_window to
 totp.verify

PyOTP's totp.verify defaults to the valid_window of zero, which means
it will reject valid codes, if submitted just past the 30 sec window.
It also means, users will run into authentication issues very quickly
if their phones time-sync isn't perfect.

Therefore valid_window should at the very least be 1 or more, settting
it higher trades security for robustness, especially with regard to
time desync issues.
---
 powerdnsadmin/models/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 2f8b87c..228f8f3 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -94,7 +94,7 @@ class User(db.Model):
 
     def verify_totp(self, token):
         totp = pyotp.TOTP(self.otp_secret)
-        return totp.verify(token)
+        return totp.verify(token, valid_window = 5)
 
     def get_hashed_password(self, plain_text_password=None):
         # Hash a password for the first time

From cb835978dfef4f390738db81239a9d9d171c76c1 Mon Sep 17 00:00:00 2001
From: corubba <corubba@gmx.de>
Date: Fri, 23 Sep 2022 00:19:22 +0200
Subject: [PATCH 095/203] Fix order of operations in api payload

PDNS checks that when a `CNAME` rrset is created that no other rrset of
the same name but a different rtype exists. When changing a record type
to `CNAME`, PDA will send two operations in one api call to PDNS: A
deletion of the old rrset, and the addition of the new rrset. For the
check in PDNS to pass, the deletion needs to happen before the addition.
Before PR #1201 that was the case, the first api call did deletions and
the second handled additions and changes. Currently the api payload
contains additions first and deletions last. PDNS applies these in the
order they are passed in the payload to the api, so to restore the
original/correct/working behaviour the order of operations in the api
payload has to be reversed.

fixes #1251
---
 powerdnsadmin/models/record.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/record.py b/powerdnsadmin/models/record.py
index b5e3050..b6c3f54 100644
--- a/powerdnsadmin/models/record.py
+++ b/powerdnsadmin/models/record.py
@@ -337,7 +337,8 @@ class Record(object):
         replaces = [replace_for_api(r) for r in new_rrsets]
         deletes = [delete_for_api(r) for r in del_rrsets if not rrset_in(r, replaces)]
         return {
-            'rrsets': replaces + deletes
+            # order matters: first deletions, then additions+changes
+            'rrsets': deletes + replaces
         }
 
     def apply(self, domain_name, submitted_records):

From d25a22272eb1ee589ca9425b77ebc49f4b177478 Mon Sep 17 00:00:00 2001
From: WhatshallIbreaktoday
 <75358410+WhatshallIbreaktoday@users.noreply.github.com>
Date: Wed, 12 Oct 2022 08:10:35 +0200
Subject: [PATCH 096/203] allow null/None JSON data

This change permits to proxy pdns zone notify api requests (which are expected to be with empty body)
---
 powerdnsadmin/lib/helper.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/lib/helper.py b/powerdnsadmin/lib/helper.py
index a5925ef..1b5a082 100644
--- a/powerdnsadmin/lib/helper.py
+++ b/powerdnsadmin/lib/helper.py
@@ -14,9 +14,9 @@ def forward_request():
     msg_str = "Sending request to powerdns API {0}"
 
     if request.method != 'GET' and request.method != 'DELETE':
-        msg = msg_str.format(request.get_json(force=True))
+        msg = msg_str.format(request.get_json(force=True, silent=True))
         current_app.logger.debug(msg)
-        data = request.get_json(force=True)
+        data = request.get_json(force=True, silent=True)
 
     verify = False
 

From d88da0fde3d4691420c376b48b228246a51db69a Mon Sep 17 00:00:00 2001
From: jbe-dw <50663045+jbe-dw@users.noreply.github.com>
Date: Fri, 14 Oct 2022 15:33:33 +0200
Subject: [PATCH 097/203] Update API.md

---
 docs/API.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/API.md b/docs/API.md
index d7e3732..7514d5c 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -11,6 +11,8 @@
 
 #### Accessing the API
 
+PDA has its own API, that should not be confused with the PowerDNS API. Keep in mind that you have to enable PowerDNS API with a key that will be used by PDA to manage it. Therefore, you should use PDA created keys to browse PDA's API, on PDA's adress and port. They don't grant access to PowerDNS' API.
+
 The PDA API consists of two distinct parts:
 
 - The /powerdnsadmin endpoints manages PDA content (accounts, users, apikeys) and also allow domain creation/deletion

From 25ebbf132c16f0068b7b44759ab8a83e0aa38635 Mon Sep 17 00:00:00 2001
From: Will Rouesnel <wrouesnel@wrouesnel.com>
Date: Fri, 4 Nov 2022 11:59:59 +1100
Subject: [PATCH 098/203] Fix handling of passwords with % in the
 SQLALCHEMY_DATABASE_URI

Fix Flask-Migrate ValueError from occurring when a password has '%'
characters in it when specified via SQLALCHEMY_DATABASE_URI.
---
 migrations/env.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migrations/env.py b/migrations/env.py
index 6a10e6d..4742e14 100755
--- a/migrations/env.py
+++ b/migrations/env.py
@@ -19,7 +19,7 @@ logger = logging.getLogger('alembic.env')
 # target_metadata = mymodel.Base.metadata
 from flask import current_app
 config.set_main_option('sqlalchemy.url',
-                       current_app.config.get('SQLALCHEMY_DATABASE_URI'))
+                       current_app.config.get('SQLALCHEMY_DATABASE_URI').replace("%","%%"))
 target_metadata = current_app.extensions['migrate'].db.metadata
 
 # other values from the config, defined by the needs of env.py,

From 3cdf2b6b7c058b74861c2338e45f3cbf48d62744 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Thu, 8 Dec 2022 10:52:02 -0500
Subject: [PATCH 099/203] Added current wiki content to project files for
 ongoing maintenance. Existing wiki will be updated with a link reference to
 the wiki files.

---
 ...ory-Authentication-using-Group-Security.md |  34 ++++
 docs/wiki/DynDNS2.md                          |  15 ++
 docs/wiki/Home.md                             |  22 +++
 .../Install-PowerDNS-Admin-in-Fedora-23.md    |   1 +
 ...-or-MariaDB-Database-for-PowerDNS-Admin.md |  22 +++
 ...g-PowerDNS-Admin-as-a-service-(Systemd).md |  72 +++++++
 .../Running-PowerDNS-Admin-on-Centos-7.md     | 100 ++++++++++
 .../Running-PowerDNS-Admin-on-Fedora-30.md    |  83 ++++++++
 ...ning-PowerDNS-Admin-on-Ubuntu-or-Debian.md |  94 +++++++++
 ...dmin-with-Systemd,-Gunicorn--and--Nginx.md | 181 ++++++++++++++++++
 ...Admin-with-Systemd,-Gunicorn-and-Apache.md |  97 ++++++++++
 docs/wiki/Running-on-FreeBSD.md               | 102 ++++++++++
 docs/wiki/Supervisord-example.md              |  18 ++
 docs/wiki/Systemd-example.md                  |  50 +++++
 .../Using-PowerDNS-Admin-with-PostgreSQL.md   |  38 ++++
 docs/wiki/WSGI-Apache-example.md              | 100 ++++++++++
 .../fullscreen-dashboard.png                  | Bin 0 -> 70522 bytes
 .../fullscreen-domaincreate.png               | Bin 0 -> 115626 bytes
 .../fullscreen-domainmanage.png               | Bin 0 -> 61219 bytes
 .../readme_screenshots/fullscreen-login.png   | Bin 0 -> 15454 bytes
 docs/wiki/images/webui/create.jpg             | Bin 0 -> 32990 bytes
 docs/wiki/images/webui/index.jpg              | Bin 0 -> 27513 bytes
 docs/wiki/images/webui/login.jpg              | Bin 0 -> 27845 bytes
 docs/wiki/uWSGI-example.md                    |  49 +++++
 24 files changed, 1078 insertions(+)
 create mode 100644 docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md
 create mode 100644 docs/wiki/DynDNS2.md
 create mode 100644 docs/wiki/Home.md
 create mode 100644 docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
 create mode 100644 docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
 create mode 100644 docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
 create mode 100644 docs/wiki/Running-on-FreeBSD.md
 create mode 100644 docs/wiki/Supervisord-example.md
 create mode 100644 docs/wiki/Systemd-example.md
 create mode 100644 docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md
 create mode 100644 docs/wiki/WSGI-Apache-example.md
 create mode 100644 docs/wiki/images/readme_screenshots/fullscreen-dashboard.png
 create mode 100644 docs/wiki/images/readme_screenshots/fullscreen-domaincreate.png
 create mode 100644 docs/wiki/images/readme_screenshots/fullscreen-domainmanage.png
 create mode 100644 docs/wiki/images/readme_screenshots/fullscreen-login.png
 create mode 100644 docs/wiki/images/webui/create.jpg
 create mode 100644 docs/wiki/images/webui/index.jpg
 create mode 100644 docs/wiki/images/webui/login.jpg
 create mode 100644 docs/wiki/uWSGI-example.md

diff --git a/docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md b/docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md
new file mode 100644
index 0000000..417bdc3
--- /dev/null
+++ b/docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md
@@ -0,0 +1,34 @@
+Active Directory Setup - Tested with Windows Server 2012
+
+1) Login as an admin to PowerDNS Admin
+
+2) Go to Settings --> Authentication 
+
+3) Under Authentication, select LDAP
+
+4) Click the Radio Button for Active Directory
+
+5) Fill in the required info -
+
+* LDAP URI - ldap://ip.of.your.domain.controller:389
+* LDAP Base DN - dc=youdomain,dc=com
+* Active Directory domain - yourdomain.com
+* Basic filter - (objectCategory=person)
+  * the brackets here are **very important**
+* Username field - sAMAccountName
+* GROUP SECURITY - Status - On
+* Admin group - CN=Your_AD_Admin_Group,OU=Your_AD_OU,DC=yourdomain,DC=com
+* Operator group - CN=Your_AD_Operator_Group,OU=Your_AD_OU,DC=yourdomain,DC=com
+* User group - CN=Your_AD_User_Group,OU=Your_AD_OU,DC=yourdomain,DC=com
+
+6) Click Save
+
+7) Logout and re-login as an LDAP user from each of the above groups.
+
+If you're having problems getting the correct information for your groups, the following tool can be useful -
+
+https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer
+
+In our testing, groups with spaces in the name did not work, we had to create groups with underscores to get everything operational. 
+
+YMMV
diff --git a/docs/wiki/DynDNS2.md b/docs/wiki/DynDNS2.md
new file mode 100644
index 0000000..2fbd9ae
--- /dev/null
+++ b/docs/wiki/DynDNS2.md
@@ -0,0 +1,15 @@
+Usage:  
+IPv4: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.domain.tld&myip=127.0.0.1  
+IPv6: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.domain.tld&myip=::1  
+Multiple IPs: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.domain.tld&myip=127.0.0.1,127.0.0.2,::1,::2
+
+- user needs to be a LOCAL user, not LDAP etc
+- user must have already logged-in
+- user needs to be added to Domain Access Control list of domain.tld - admin status (manage all) does not suffice
+- record has to exist already - unless on-demand creation is allowed
+- ipv4 address in myip field will change A record
+- ipv6 address in myip field will change AAAA record
+- use commas to separate multiple IP addresses in the myip field, mixing v4 & v6 is allowed
+
+DynDNS also works without authentication header (user:pass@) when already authenticated via session cookie from /login, even with external auth like LDAP.
+However Domain Access Control restriction still applies.
\ No newline at end of file
diff --git a/docs/wiki/Home.md b/docs/wiki/Home.md
new file mode 100644
index 0000000..7902a97
--- /dev/null
+++ b/docs/wiki/Home.md
@@ -0,0 +1,22 @@
+Welcome to the PowerDNS-Admin wiki!
+
+## Preparation guides
+- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin)
+- [Using PowerDNS-Admin with PostgreSQL](Using-PowerDNS-Admin-with-PostgreSQL)
+
+## Installation guides
+- [Running PowerDNS Admin on Ubuntu or Debian](Running-PowerDNS-Admin-on-Ubuntu-or-Debian)
+- [Running PowerDNS-Admin in Centos 7](Running-PowerDNS-Admin-on-Centos-7)
+- [Running PowerDNS-Admin in Fedora 30](Running-PowerDNS-Admin-on-Fedora-30)
+- [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](Running-on-FreeBSD)
+
+## Web Server configuration
+- [Supervisord](Supervisord-example)
+- [Systemd](Systemd-example)
+- [Systemd + Gunicorn + Nginx](Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx)
+- [Systemd + Gunicorn + Apache](Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache)
+- [uWSGI](uWSGI-example)
+- [WSGI-Apache](WSGI-Apache-example)
+
+## Feature usage
+- [DynDNS2](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/DynDNS2)
\ No newline at end of file
diff --git a/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md b/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
new file mode 100644
index 0000000..7f876ff
--- /dev/null
+++ b/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
@@ -0,0 +1 @@
+Please refer to CentOS guide: https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
\ No newline at end of file
diff --git a/docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md b/docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
new file mode 100644
index 0000000..774d3e3
--- /dev/null
+++ b/docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
@@ -0,0 +1,22 @@
+This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
+
+### Step-by-step instructions
+1. ivan@ubuntu:~$ `mysql -u root -p` (then enter your MySQL/MariaDB root users password)
+2. mysql> `CREATE DATABASE powerdnsadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;`
+3. mysql> `GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd';`
+4. mysql> `FLUSH PRIVILEGES;`
+5. mysql> `quit`
+
+**NOTE:**
+
+If you plan to manage large zones, you may encounter some issues while applying changes.
+This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.
+
+Using MySQL/MariaDB, this column is created by default as TEXT and thus limited to 65,535 characters.
+
+_Solution_:
+
+Convert the column to MEDIUMTEXT: 
+
+* `USE powerdnsadmin;`
+* `ALTER TABLE history MODIFY detail MEDIUMTEXT;`
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md b/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
new file mode 100644
index 0000000..df01179
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
@@ -0,0 +1,72 @@
+***
+**WARNING**  
+This just uses the development server for testing purposes. For production environments you should probably go with a more robust solution, like [gunicorn](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) or a WSGI server. 
+***
+
+### Following example shows a systemd unit file that can run PowerDNS-Admin
+
+You shouldn't run PowerDNS-Admin as _root_, so let's start of with the user/group creation that will later run PowerDNS-Admin:
+
+Create a new group for PowerDNS-Admin:
+
+> sudo groupadd powerdnsadmin
+
+Create a user for PowerDNS-Admin:
+
+> sudo useradd --system -g powerdnsadmin powerdnsadmin
+
+_`--system` creates a user without login-shell and password, suitable for running system services._
+
+Create new systemd service file:
+
+> sudo vim /etc/systemd/system/powerdns-admin.service
+
+General example:
+```
+[Unit]
+Description=PowerDNS-Admin
+After=network.target
+
+[Service]
+Type=simple
+User=powerdnsadmin
+Group=powerdnsadmin
+ExecStart=/opt/web/powerdns-admin/flask/bin/python ./run.py
+WorkingDirectory=/opt/web/powerdns-admin
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Debian example:
+```
+[Unit]
+Description=PowerDNS-Admin
+After=network.target
+
+[Service]
+Type=simple
+User=powerdnsadmin
+Group=powerdnsadmin
+Environment=PATH=/opt/web/powerdns-admin/flask/bin
+ExecStart=/opt/web/powerdns-admin/flask/bin/python /opt/web/powerdns-admin/run.py
+WorkingDirectory=/opt/web/powerdns-admin
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+Before starting the service, we need to make sure that the new user can work on the files in the PowerDNS-Admin folder:
+> chown -R powerdnsadmin:powerdnsadmin /opt/web/powerdns-admin
+
+After saving the file, we need to reload the systemd daemon:
+> sudo systemctl daemon-reload
+
+We can now try to start the service:
+> sudo systemctl start powerdns-admin
+
+If you would like to start PowerDNS-Admin automagically at startup enable the service:
+> systemctl enable powerdns-admin
+
+Should the service not be up by now, consult your syslog. Generally this will be a file permission issue, or python not finding it's modules. See the Debian unit example to see how you can use systemd in a python `virtualenv`
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md b/docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md
new file mode 100644
index 0000000..e61485a
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md
@@ -0,0 +1,100 @@
+```
+NOTE: If you are logged in as User and not root, add "sudo", or get root by sudo -i.
+```
+<br>
+
+**Remove old Python 3.4**<br>
+If you had it installed because of older instructions<br>
+```
+yum remove python34*
+yum autoremove
+```
+<br>
+
+## Install required packages
+**Install needed repositories:**
+<br>
+```
+yum install epel-release
+yum install https://repo.ius.io/ius-release-el7.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+```
+
+**Install Python 3.6 and tools**
+```
+yum install python3 python3-devel python3-pip
+pip3.6 install -U pip
+pip install -U virtualenv
+```
+
+**Install required packages for building python libraries from requirements.txt file**
+```
+--> NOTE: I am using MySQL Community server as the database backend.
+          So `mysql-community-devel` is required. For MariaDB,
+          and PostgreSQL the required package will be different.
+```
+
+If you use MariaDB ( from [MariaDB repositories](https://mariadb.com/resources/blog/installing-mariadb-10-on-centos-7-rhel-7/) )
+
+```
+yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
+```
+
+If you use default Centos mariadb (5.5)
+```
+yum install gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
+```
+
+
+**Install yarn to build asset files + Nodejs 14**
+```
+curl -sL https://rpm.nodesource.com/setup_14.x | bash -
+curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo
+yum install yarn
+```
+<br>
+
+## Checkout source code and create virtualenv
+NOTE: Please adjust `/opt/web/powerdns-admin` to your local web application directory
+
+```
+git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
+cd /opt/web/powerdns-admin
+virtualenv -p python3 flask
+```
+
+Activate your python3 environment and install libraries:
+```
+. ./flask/bin/activate
+pip install python-dotenv
+pip install -r requirements.txt
+```
+<br>
+
+## Running PowerDNS-Admin
+NOTE: The default config file is located at `./powerdnsadmin/default_config.py`. If you want to load another one, please set the `FLASK_CONF` environment variable. E.g.
+```bash
+export FLASK_CONF=../configs/development.py
+```
+
+**Then create the database schema by running:**
+```
+export FLASK_APP=powerdnsadmin/__init__.py
+flask db upgrade
+```
+
+**Also, we should generate asset files:**
+```
+yarn install --pure-lockfile
+flask assets build
+```
+
+**Now you can run PowerDNS-Admin by command:**
+```
+./run.py
+```
+
+Open your web browser and access to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register an user. The first user will be in Administrator role.
+
+At the first time you login into the PDA UI, you will be redirected to setting page to configure the PDNS API information.
+
+_**Note:**_ For production environment, i would recommend you to run PowerDNS-Admin with gunicorn or uwsgi instead of flask's built-in web server, take a look at WIKI page to see how to configure them.
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md
new file mode 100644
index 0000000..e3b23ea
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md
@@ -0,0 +1,83 @@
+```
+NOTE: If you are logged in as User and not root, add "sudo", or get root by sudo -i.
+      Normally under centos you are anyway mostly root.
+```
+<br>
+
+## Install required packages
+
+**Install Python and requirements**
+```bash
+dnf install python37 python3-devel python3-pip
+```
+**Install Backend and Environment prerequisites**
+```bash
+dnf install mariadb-devel mariadb-common openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
+```
+**Install Development tools**
+```bash
+dnf install gcc gc make
+```
+**Install PIP**
+```bash
+pip3.7 install -U pip
+```
+**Install Virtual Environment**
+```bash
+pip install -U virtualenv
+```
+
+**Install Yarn for building NodeJS asset files:**
+```bash
+dnf install npm
+npm install yarn -g
+```
+
+## Clone the PowerDNS-Admin repository to the installation path:
+```bash
+cd /opt/web/
+git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git powerdns-admin
+```
+
+**Prepare the Virtual Environment:**
+```bash
+cd /opt/web/powerdns-admin
+virtualenv -p python3 flask
+```
+**Activate the Python Environment and install libraries**
+```bash
+. ./flask/bin/activate
+pip install python-dotenv
+pip install -r requirements.txt
+```
+
+## Running PowerDNS-Admin
+
+NOTE: The default config file is located at `./powerdnsadmin/default_config.py`. If you want to load another one, please set the `FLASK_CONF` environment variable. E.g.
+```bash
+export FLASK_CONF=../configs/development.py
+```
+
+**Then create the database schema by running:**
+```
+(flask) [khanh@localhost powerdns-admin] export FLASK_APP=powerdnsadmin/__init__.py
+(flask) [khanh@localhost powerdns-admin] flask db upgrade
+```
+
+**Also, we should generate asset files:**
+```
+(flask) [khanh@localhost powerdns-admin] yarn install --pure-lockfile
+(flask) [khanh@localhost powerdns-admin] flask assets build
+```
+
+**Now you can run PowerDNS-Admin by command:**
+```
+(flask) [khanh@localhost powerdns-admin] ./run.py
+```
+
+Open your web browser and access to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register an user. The first user will be in Administrator role.
+
+At the first time you login into the PDA UI, you will be redirected to setting page to configure the PDNS API information.
+
+_**Note:**_ For production environment, i recommend to run PowerDNS-Admin with WSGI over Apache instead of flask's built-in web server...  
+ Take a look at [WSGI Apache Example](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example#fedora) WIKI page to see how to configure it.
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
new file mode 100644
index 0000000..1cdda78
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -0,0 +1,94 @@
+## Install required packages
+
+**Install Python 3 development package**
+
+```bash
+sudo apt install python3-dev
+```
+
+**Install required packages for building python libraries from requirements.txt file**
+
+```bash
+sudo apt install -y git libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential curl
+```
+
+_**Note:**_ I am using MySQL Community server as the database backend. So `libmysqlclient-dev` is required. For MariaDB, and PostgreSQL the required package will be difference.
+
+** Install Maria or MySQL (ONLY if not ALREADY installed)**
+```bash
+sudo apt install mariadb-server mariadb-client
+```
+Create database and user using mysql command and entering 
+```bash
+>create database pda;
+>grant all privileges on pda.* TO 'pda'@'localhost' identified by 'YOUR_PASSWORD_HERE';
+>flush privileges;
+```
+**Install NodeJs**
+
+```bash
+curl -sL https://deb.nodesource.com/setup_14.x | bash -
+apt install -y nodejs
+```
+
+**Install yarn to build asset files**
+
+```bash
+sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+sudo apt update -y
+sudo apt install -y yarn
+```
+
+## Checkout source code and create virtualenv
+_**Note:**_ Please adjust `/opt/web/powerdns-admin` to your local web application directory
+
+```bash
+git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
+cd /opt/web/powerdns-admin
+python3 -mvenv ./venv
+```
+
+Activate your python3 environment and install libraries:
+
+```bash
+source ./venv/bin/activate
+pip install --upgrade pip
+pip install -r requirements.txt
+```
+
+
+
+## Running PowerDNS-Admin
+
+Create PowerDNS-Admin config file and make the changes necessary for your use case. Make sure to change `SECRET_KEY` to a long random string that you generated yourself ([see Flask docs](https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY)), do not use the pre-defined one. E.g.:
+
+```bash
+cp /opt/web/powerdns-admin/configs/development.py /opt/web/powerdns-admin/configs/production.py
+vim /opt/web/powerdns-admin/configs/production.py
+export FLASK_CONF=../configs/production.py
+```
+
+Do the DB migration
+
+```bash
+export FLASK_APP=powerdnsadmin/__init__.py
+flask db upgrade
+```
+
+Then generate asset files
+
+```bash
+yarn install --pure-lockfile
+flask assets build
+```
+
+Now you can run PowerDNS-Admin by command
+
+```bash
+./run.py
+```
+
+Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
+
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md b/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
new file mode 100644
index 0000000..57725bc
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
@@ -0,0 +1,181 @@
+Following is an example showing how to run PowerDNS-Admin with systemd, gunicorn and nginx:
+
+## Configure PowerDNS-Admin
+
+Create PowerDNS-Admin config file and make the changes necessary for your use case. Make sure to change `SECRET_KEY` to a long random string that you generated yourself ([see Flask docs](https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY)), do not use the pre-defined one.
+```
+$ cp /opt/web/powerdns-admin/configs/development.py /opt/web/powerdns-admin/configs/production.py
+$ vim /opt/web/powerdns-admin/configs/production.py
+```
+
+## Configure systemd service
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.service`
+
+```
+[Unit]
+Description=PowerDNS-Admin
+Requires=powerdns-admin.socket
+After=network.target
+
+[Service]
+PIDFile=/run/powerdns-admin/pid
+User=pdns
+Group=pdns
+WorkingDirectory=/opt/web/powerdns-admin
+ExecStartPre=+mkdir -p /run/powerdns-admin/
+ExecStartPre=+chown pdns:pdns -R /run/powerdns-admin/
+ExecStart=/usr/local/bin/gunicorn --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket 'powerdnsadmin:create_app()'
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
+```
+
+`$ sudo systemctl edit powerdns-admin.service`
+
+```
+[Service]
+Environment="FLASK_CONF=../configs/production.py"
+```
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.socket`
+
+```
+[Unit]
+Description=PowerDNS-Admin socket
+
+[Socket]
+ListenStream=/run/powerdns-admin/socket
+
+[Install]
+WantedBy=sockets.target
+```
+
+`$ sudo vim /etc/tmpfiles.d/powerdns-admin.conf`
+
+```
+d /run/powerdns-admin 0755 pdns pdns -
+```
+
+Then `sudo systemctl daemon-reload; sudo systemctl start powerdns-admin.socket; sudo systemctl enable powerdns-admin.socket` to start the Powerdns-Admin service and make it run on boot.
+
+## Sample nginx configuration
+```
+server {
+  listen *:80;
+  server_name               powerdns-admin.local www.powerdns-admin.local;
+
+  index                     index.html index.htm index.php;
+  root                      /opt/web/powerdns-admin;
+  access_log                /var/log/nginx/powerdns-admin.local.access.log combined;
+  error_log                 /var/log/nginx/powerdns-admin.local.error.log;
+
+  client_max_body_size              10m;
+  client_body_buffer_size           128k;
+  proxy_redirect                    off;
+  proxy_connect_timeout             90;
+  proxy_send_timeout                90;
+  proxy_read_timeout                90;
+  proxy_buffers                     32 4k;
+  proxy_buffer_size                 8k;
+  proxy_set_header                  Host $host;
+  proxy_set_header                  X-Real-IP $remote_addr;
+  proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_headers_hash_bucket_size    64;
+
+  location ~ ^/static/  {
+    include  /etc/nginx/mime.types;
+    root /opt/web/powerdns-admin/powerdnsadmin;
+
+    location ~*  \.(jpg|jpeg|png|gif)$ {
+      expires 365d;
+    }
+
+    location ~* ^.+.(css|js)$ {
+      expires 7d;
+    }
+  }
+
+  location / {
+    proxy_pass            http://unix:/run/powerdns-admin/socket;
+    proxy_read_timeout    120;
+    proxy_connect_timeout 120;
+    proxy_redirect        off;
+  }
+
+}
+```
+
+<details>
+<summary>Sample Nginx-Configuration for SSL</summary>
+
+* Im binding this config to every dns-name with default_server...
+* but you can remove it and set your server_name.
+
+```
+server {
+        listen                  80 default_server;
+        server_name             "";
+        return 301 https://$http_host$request_uri;
+}
+
+server {
+        listen                  443 ssl http2 default_server;
+        server_name             _;
+        index                   index.html index.htm;
+        error_log               /var/log/nginx/error_powerdnsadmin.log error;
+        access_log              off;
+
+        ssl_certificate                 path_to_your_fullchain_or_cert;
+        ssl_certificate_key             path_to_your_key;
+        ssl_dhparam                     path_to_your_dhparam.pem;
+        ssl_prefer_server_ciphers       on;
+        ssl_ciphers                     'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+        ssl_session_cache               shared:SSL:10m;
+
+        client_max_body_size            10m;
+        client_body_buffer_size         128k;
+        proxy_redirect                  off;
+        proxy_connect_timeout           90;
+        proxy_send_timeout              90;
+        proxy_read_timeout              90;
+        proxy_buffers                   32 4k;
+        proxy_buffer_size               8k;
+        proxy_set_header                Host $http_host;
+        proxy_set_header                X-Scheme $scheme;
+        proxy_set_header                X-Real-IP $remote_addr;
+        proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header                X-Forwarded-Proto $scheme;
+        proxy_headers_hash_bucket_size  64;
+
+        location ~ ^/static/  {
+                include         mime.types;
+                root            /opt/web/powerdns-admin/powerdnsadmin;
+                location        ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
+                location        ~* ^.+.(css|js)$ { expires 7d; }
+        }
+
+        location ~ ^/upload/  {
+                include         mime.types;
+                root            /opt/web/powerdns-admin;
+                location        ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
+                location        ~* ^.+.(css|js)$ { expires 7d; }
+        }
+
+        location / {
+                proxy_pass              http://unix:/run/powerdns-admin/socket;
+                proxy_read_timeout      120;
+                proxy_connect_timeout   120;
+                proxy_redirect          http:// $scheme://;
+        }
+}
+```
+</details>
+
+## Note
+* `/opt/web/powerdns-admin` is the path to your powerdns-admin web directory
+* Make sure you have installed gunicorn in flask virtualenv already.
+* `powerdns-admin.local` just an example of your web domain name.
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md b/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
new file mode 100644
index 0000000..a2d4fa2
--- /dev/null
+++ b/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
@@ -0,0 +1,97 @@
+Following is an example showing how to run PowerDNS-Admin with systemd, gunicorn and Apache:
+
+The systemd and gunicorn setup are the same as for with nginx.  This set of configurations assumes you have installed your PowerDNS-Admin under /opt/powerdns-admin and are running with a package-installed gunicorn.
+
+## Configure systemd service
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.service`
+
+```
+[Unit]
+Description=PowerDNS web administration service
+Requires=powerdns-admin.socket
+Wants=network.target
+After=network.target mysqld.service postgresql.service slapd.service mariadb.service
+
+[Service]
+PIDFile=/run/powerdns-admin/pid
+User=pdnsa
+Group=pdnsa
+WorkingDirectory=/opt/powerdns-admin
+ExecStart=/usr/bin/gunicorn-3.6 --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket "powerdnsadmin:create_app(config='config.py')"
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+Restart=on-failure
+RestartSec=10
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
+```
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.socket`
+
+```
+[Unit]
+Description=PowerDNS-Admin socket
+
+[Socket]
+ListenStream=/run/powerdns-admin/socket
+
+[Install]
+WantedBy=sockets.target
+```
+
+`$ sudo vim /etc/tmpfiles.d/powerdns-admin.conf`
+
+```
+d /run/powerdns-admin 0755 pdnsa pdnsa -
+```
+
+Then `sudo systemctl daemon-reload; sudo systemctl start powerdns-admin.socket; sudo systemctl enable powerdns-admin.socket` to start the Powerdns-Admin service and make it run on boot.
+
+## Sample Apache configuration 
+
+This includes SSL redirect.
+
+```
+<VirtualHost *:80>
+  ServerName dnsadmin.company.com
+  DocumentRoot "/opt/powerdns-admin"
+  <Directory "/opt/powerdns-admin">
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride None
+    Require all granted
+  </Directory>
+  Redirect permanent / https://dnsadmin.company.com/
+</VirtualHost>
+<VirtualHost *:443>
+  ServerName dnsadmin.company.com
+  DocumentRoot "/opt/powerdns-admin/powerdnsadmin"
+  ## Alias declarations for resources outside the DocumentRoot
+  Alias /static/ "/opt/powerdns-admin/powerdnsadmin/static/"
+  Alias /favicon.ico "/opt/powerdns-admin/powerdnsadmin/static/favicon.ico"
+  <Directory "/opt/powerdns-admin">
+    AllowOverride None
+    Require all granted
+  </Directory>
+  ## Proxy rules
+  ProxyRequests Off
+  ProxyPreserveHost On
+  ProxyPass /static/ !
+  ProxyPass /favicon.ico !
+  ProxyPass / unix:/var/run/powerdns-admin/socket|http://%{HTTP_HOST}/
+  ProxyPassReverse / unix:/var/run/powerdns-admin/socket|http://%{HTTP_HOST}/
+  ## SSL directives
+  SSLEngine on
+  SSLCertificateFile      "/etc/pki/tls/certs/dnsadmin.company.com.crt"
+  SSLCertificateKeyFile   "/etc/pki/tls/private/dnsadmin.company.com.key"
+</VirtualHost>
+```
+
+## Notes
+* The above assumes your installation is under /opt/powerdns-admin
+* The hostname is assumed as dnsadmin.company.com
+* gunicorn is installed in /usr/bin via a package (as in the case with CentOS/Redhat 7) and you have Python 3.6 installed.  If you prefer to use flask then see the systemd configuration for nginx.
+* On Ubuntu / Debian systems, you may need to enable the "proxy_http" module with `a2enmod proxy_http`
diff --git a/docs/wiki/Running-on-FreeBSD.md b/docs/wiki/Running-on-FreeBSD.md
new file mode 100644
index 0000000..76a8f5b
--- /dev/null
+++ b/docs/wiki/Running-on-FreeBSD.md
@@ -0,0 +1,102 @@
+On [FreeBSD](https://www.freebsd.org/), most software is installed using `pkg`. You can always build from source with the Ports system. This method uses as many binary ports as possible, and builds some python packages from source. It installs all the required runtimes in the global system (e.g., python, node, yarn) and then builds a virtual python environment in `/opt/python`. Likewise, it installs powerdns-admin in `/opt/powerdns-admin`.
+
+### Build an area to host files
+
+```bash
+mkdir -p /opt/python
+```
+
+### Install prerequisite runtimes: python, node, yarn
+
+```bash
+sudo pkg install git python3 curl node12 yarn-node12
+sudo pkg install libxml2 libxslt pkgconf py37-xmlsec py37-cffi py37-ldap
+```
+
+## Check Out Source Code
+_**Note:**_ Please adjust `/opt/powerdns-admin` to your local web application directory
+
+```bash
+git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/powerdns-admin
+cd /opt/powerdns-admin
+```
+
+## Make Virtual Python Environment
+
+Make a virtual environment for python. Activate your python3 environment and install libraries. It's easier to install some python libraries as system packages, so we add the `--system-site-packages` option to pull those in.
+
+> Note: I couldn't get `python-ldap` to install correctly, and I don't need it. I commented out the `python-ldap` line in `requirements.txt` and it all built and installed correctly. If you don't intend to use LDAP authentication, you'll be fine. If you need LDAP authentication, it probably won't work.
+
+```bash
+python3 -m venv /web/python --system-site-packages
+source /web/python/bin/activate
+/web/python/bin/python3 -m pip install --upgrade pip wheel
+# this command comments out python-ldap
+perl -pi -e 's,^python-ldap,\# python-ldap,' requirements.txt 
+pip3 install -r requirements.txt
+```
+
+## Configuring PowerDNS-Admin
+
+NOTE: The default config file is located at `./powerdnsadmin/default_config.py`. If you want to load another one, please set the `FLASK_CONF` environment variable. E.g.
+```bash
+cp configs/development.py /opt/powerdns-admin/production.py
+export FLASK_CONF=/opt/powerdns-admin/production.py
+```
+
+### Update the Flask config
+
+Edit your flask python configuration. Insert values for the database server, user name, password, etc.
+
+```bash
+vim $FLASK_CONF
+```
+
+Edit the values below to something sensible
+```python
+### BASIC APP CONFIG
+SALT = '[something]'
+SECRET_KEY = '[something]'
+BIND_ADDRESS = '0.0.0.0'
+PORT = 9191
+OFFLINE_MODE = False
+
+### DATABASE CONFIG
+SQLA_DB_USER = 'pda'
+SQLA_DB_PASSWORD = 'changeme'
+SQLA_DB_HOST = '127.0.0.1'
+SQLA_DB_NAME = 'pda'
+SQLALCHEMY_TRACK_MODIFICATIONS = True
+```
+
+Be sure to uncomment one of the lines like `SQLALCHEMY_DATABASE_URI`.
+
+### Initialise the database
+
+```bash
+export FLASK_APP=powerdnsadmin/__init__.py
+flask db upgrade
+```
+
+### Build web assets
+
+```bash
+yarn install --pure-lockfile
+flask assets build
+```
+
+## Running PowerDNS-Admin
+
+Now you can run PowerDNS-Admin by command
+
+```bash
+./run.py
+```
+
+Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
+
+### Running at startup
+
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
+
+The right approach long-term is to create a startup script in `/usr/local/etc/rc.d` and enable it through `/etc/rc.conf`.
\ No newline at end of file
diff --git a/docs/wiki/Supervisord-example.md b/docs/wiki/Supervisord-example.md
new file mode 100644
index 0000000..11cebc8
--- /dev/null
+++ b/docs/wiki/Supervisord-example.md
@@ -0,0 +1,18 @@
+Following is an example showing how to run PowerDNS-Admin with supervisord
+
+Create supervisord program config file
+```
+$ sudo vim /etc/supervisor.d/powerdnsadmin.conf
+```
+
+```
+[program:powerdnsadmin]
+command=/opt/web/powerdns-admin/flask/bin/python ./run.py
+stdout_logfile=/var/log/supervisor/program_powerdnsadmin.log
+stderr_logfile=/var/log/supervisor/program_powerdnsadmin.error
+autostart=true
+autorestart=true
+directory=/opt/web/powerdns-admin
+```
+
+Then `sudo supervisorctl start powerdnsadmin` to start the Powerdns-Admin service.
\ No newline at end of file
diff --git a/docs/wiki/Systemd-example.md b/docs/wiki/Systemd-example.md
new file mode 100644
index 0000000..d7f738b
--- /dev/null
+++ b/docs/wiki/Systemd-example.md
@@ -0,0 +1,50 @@
+## Configure systemd service
+
+This example uses package-installed gunicorn (instead of flask-installed) and PowerDNS-Admin installed under /opt/powerdns-admin
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.service`
+
+```
+[Unit]
+Description=PowerDNS web administration service
+Requires=powerdns-admin.socket
+Wants=network.target
+After=network.target mysqld.service postgresql.service slapd.service mariadb.service
+
+[Service]
+PIDFile=/run/powerdns-admin/pid
+User=pdnsa
+Group=pdnsa
+WorkingDirectory=/opt/powerdns-admin
+ExecStart=/usr/bin/gunicorn-3.6 --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket "powerdnsadmin:create_app(config='config.py')"
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+Restart=on-failure
+RestartSec=10
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
+```
+
+`$ sudo vim /etc/systemd/system/powerdns-admin.socket`
+
+```
+[Unit]
+Description=PowerDNS-Admin socket
+
+[Socket]
+ListenStream=/run/powerdns-admin/socket
+
+[Install]
+WantedBy=sockets.target
+```
+
+`$ sudo vim /etc/tmpfiles.d/powerdns-admin.conf`
+
+```
+d /run/powerdns-admin 0755 pdns pdns -
+```
+
+Then `sudo systemctl daemon-reload; sudo systemctl start powerdns-admin.socket; sudo systemctl enable powerdns-admin.socket` to start the Powerdns-Admin service and make it run on boot.
diff --git a/docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md b/docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md
new file mode 100644
index 0000000..04155e9
--- /dev/null
+++ b/docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md
@@ -0,0 +1,38 @@
+If you would like to use PostgreSQL instead of MySQL or MariaDB, you have to install difference dependencies. Check the following instructions.
+
+### Install dependencies
+```
+$ sudo yum install postgresql-libs
+$ pip install psycopg2
+```
+
+### Create database
+```
+$ sudo su - postgres
+$ createuser powerdnsadmin
+$ createdb powerdnsadmindb
+$ psql
+postgres=# alter user powerdnsadmin with encrypted password 'powerdnsadmin';
+postgres=# grant all privileges on database powerdnsadmindb to powerdnsadmin;
+```
+
+In your `config.py` file, make sure you have
+```
+SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:powerdnsadmin@127.0.0.1/powerdnsadmindb'
+```
+
+Note:
+- Please change the information above (db, user, password) to fit your setup.
+- You might need to adjust your PostgreSQL's `pg_hba.conf` config file to allow password authentication for networks.
+
+### Use Docker
+```
+docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0 
+-e SECRET_KEY='a-very-secret-key' 
+-e PORT='9191' 
+-e SQLA_DB_USER='powerdns_admin_user' 
+-e SQLA_DB_PASSWORD='exceptionallysecure' 
+-e SQLA_DB_HOST='192.168.0.100' 
+-e SQLA_DB_NAME='powerdns_admin_test' 
+-v /data/node_modules:/var/www/powerdns-admin/node_modules -d -p 9191:9191 ixpict/powerdns-admin-pgsql:latest
+```
\ No newline at end of file
diff --git a/docs/wiki/WSGI-Apache-example.md b/docs/wiki/WSGI-Apache-example.md
new file mode 100644
index 0000000..d31e4f7
--- /dev/null
+++ b/docs/wiki/WSGI-Apache-example.md
@@ -0,0 +1,100 @@
+How to run PowerDNS-Admin via WSGI and Apache2.4 using mod_wsgi.
+
+**Note**: You must install mod_wsgi by using pip3 instead of system default mod_wsgi!!!
+
+### Ubuntu/Debian
+```shell
+# apt install apache2-dev
+# virtualenv -p python3 flask
+# source ./flask/bin/activate
+(flask) # pip3 install mod-wsgi
+(flask) # mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load
+(flask) # a2enmod wsgi
+(flask) # systemctl restart apache2
+```
+### CentOS
+```shell
+# yum install httpd-devel
+# virtualenv -p python3 flask
+# source ./flask/bin/activate
+(flask) # pip3 install mod-wsgi
+(flask) # mod_wsgi-express install-module > /etc/httpd/conf.modules.d/02-wsgi.conf
+(flask) # systemctl restart httpd
+```
+### Fedora
+```bash
+# Install Apache's Development interfaces and package requirements
+dnf install httpd-devel gcc gc make
+virtualenv -p python3 flask
+source ./flask/bin/activate
+# Install WSGI for HTTPD
+pip install mod_wsgi-httpd
+# Install WSGI
+pip install mod-wsgi
+# Enable the module in Apache:
+mod_wsgi-express install-module > /etc/httpd/conf.modules.d/02-wsgi.conf
+systemctl restart httpd
+```
+
+Apache vhost configuration;
+```apache
+<VirtualHost *:443>
+        ServerName superawesomedns.foo.bar
+        ServerAlias [fe80::1]
+        ServerAdmin webmaster@foo.bar
+
+        SSLEngine On
+        SSLCertificateFile /some/path/ssl/certs/cert.pem
+        SSLCertificateKeyFile /some/path/ssl/private/cert.key
+
+        ErrorLog /var/log/apache2/error-superawesomedns.foo.bar.log
+        CustomLog /var/log/apache2/access-superawesomedns.foo.bar.log combined
+
+        DocumentRoot /srv/vhosts/superawesomedns.foo.bar/
+
+        WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
+        WSGIScriptAlias / /srv/vhosts/superawesomedns.foo.bar/powerdnsadmin.wsgi
+
+        # pass BasicAuth on to the WSGI process
+        WSGIPassAuthorization On
+
+        <Directory "/srv/vhosts/superawesomedns.foo.bar/">
+                WSGIProcessGroup pdnsadmin
+                WSGIApplicationGroup %{GLOBAL}
+
+                AllowOverride None
+                Options +ExecCGI +FollowSymLinks
+                SSLRequireSSL
+                AllowOverride None
+                Require all granted
+        </Directory>
+</VirtualHost>
+```
+**In Fedora, you might want to change the following line:**
+```apache
+WSGIDaemonProcess pdnsadmin socket-user=apache user=pdnsadmin group=pdnsadmin threads=5
+```
+**And you should add the following line to `/etc/httpd/conf/httpd.conf`:**
+```apache
+WSGISocketPrefix /var/run/wsgi
+```
+
+Content of `/srv/vhosts/superawesomedns.foo.bar/powerdnsadmin.wsgi`;
+```python
+#!/usr/bin/env python3
+import sys
+sys.path.insert(0, '/srv/vhosts/superawesomedns.foo.bar')
+
+from app import app as application
+```
+Starting from 0.2 version, the `powerdnsadmin.wsgi` file is slighty different : 
+```python
+#!/usr/bin/env python3
+import sys
+sys.path.insert(0, '/srv/vhosts/superawesomedns.foo.bar')
+
+from powerdnsadmin import create_app
+application = create_app()
+```
+
+(this implies that the pdnsadmin user/group exists, and that you have mod_wsgi loaded)
\ No newline at end of file
diff --git a/docs/wiki/images/readme_screenshots/fullscreen-dashboard.png b/docs/wiki/images/readme_screenshots/fullscreen-dashboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..828fc48e2bd5732a085ef10a7307776304d87d6c
GIT binary patch
literal 70522
zcmd43S5(tmw?3>J1w{cB0j1girHV9ZK><PONRuwT6RDvkQE4h7sC1<F-U%&4K|p#Z
z^w1#$2qh3m;~#f9?|#qKck_*LE`X6m_+_m*=bGi2&*Z(Xwi*LHJN>Csrx>0+Re65u
z)LH1MQ-2`N{Xt!6Ik}fY{c+m+xth|cvVKl9^~D*-$6Ak1ovMt!K(andeSQAbQxoq~
zrx@FQf1U0G7T8f2ulYQA;iC_9@BvwS*`Io4?d;(r;$iP|Lqg=fh>V*!MElgKlQ+*)
z9vk>uZl<1psfldu%+K|!HQX}0L}YJ$dM92*B}PT)Jd5E67w!!f!**BYXRd{JO>6dY
zZ3Huwa<Aq})Yj#?xW0FB60F-1P`7IF-iC{NV;g#Al6vomC!Ju4a7dCINWpuxaZPb8
z&2=XgepyL+7`l*fN$K3pQ0li?jU1-IK0BBDzhC@bL9(G~e8iL3FaG)Ko1udTPY9=G
zHS=hd|N4WQKH$%QN77#lfBf?Z3#<Q&k6<-y5+&J85ao=azN^1hI8KNt#psh`M<h~>
zpI?ZB(m`t3Ev7-ucJ*SrZ-HNX@ac#Aed3CzvObhfV1LR!B|;F-Njcm>M_Q#l#7`Ql
z#gkD481rf`WN8JN|5H1SWIoy(*85yUaF}l0;eq6}zl9o^_!t|^O7t>EwSZ|=7&r-}
zNKrVU0~heVoL>lR@7Jnv0s$`~tWtLgg1}}eLT#5=dB>BezyLcu40hl3)#Lw`@Qc_@
zN#N3YWm_9D;&5~Fw$~$r7eD7MFAu@9)38&(0$}txo|D1vX=Iyp9x;#2ebMOa5}xLx
zM?;qfqS=QPAY9el#?_C8BP^iH%lCHItq%_b_l<t7g3cNq%HW6Ede{aAUI-=0Y=xs|
zixtBn^URFAmcH08Zi=p^w#1R=#ZI&>=ay#ZK!~m*)v62@JlHeE40jmkxoOrd(oDK9
zie1>X*z|!zKnZTbYkSZ90<C|IzWm!-gdQAfPO#(4Co+`@v~&mO_)aj_M=SM_j9jE?
z;u(Kw@$r(8I<KhsF-+aw0TVrXHeaWld*Dd~T!PY&gl(2w*=jiLt)Eoe5F3^Z*pWZ7
z&8!i_UYV*ISjF8G#g+r>O!EYDndpW+620lp=eU<kzkacA7GDwL<Gn%E>OVFOA|aMK
z;MZnhI=WBG(-fNMYCPsjAP31>MPqKJrP`f@K2u3I<FOu?LF%U!4my9|ZDg6otCuj3
zY(A3f)|-&@;1=7_kH@`J=IU%udG_|IM7gcm?)j8%d2dH)tU~CraBpZC;wk5<aMm+u
zBIyh-clw;IsqTohDCLP`OK_x6cJ=yR3ZVXrCPVmNduq*E$T(?MwBIZEe494n44u!R
z^K5}%RNzXFB)GA;l28p{V5jxnp3Culn$2i!&rZu)%=V(SNvHIa9#`YRmZJYe6HjS?
ztFsNMlY_6Em~4`dc~OB5S*H!%kyNWQ=hd?L6ohn0bo9F%cNj3i-&to)5ll!Ip}%kk
zO_N0NO|E$7#=9!xT}C0Tvdd0a=s=D(>I$WQ9_+WiHRV2D<xV;nk8fWa_<C}3mk9Qw
zJ*yxI{?)zQZTOWaH<^3mFK1Da!4T}|IMdT+6%2XwLiFU5Fo$HZQK4SLu)ARFmQl9X
zK%SN<Y-6efj14Rely;tlt18<jZEU5LteWNNl{X4ET_*==r%4?|g=vg$_dI;HYdXM7
zOq6VT7ZwkAW!c!P1KsIV+W*PY*-}q2?!Qfml1C?=Q%qgWk6hJh6p)zp7U5wYzn|h7
z&+Kuc+H_Nh;y`Y1%3}faH-IpaHKLl{AMjf+VdSyI^6turRWa6^9r-1H*^>M|{jL^|
zN>hF^fOIg%PnvoNv+P;rS3I&!3&=_is&XcIE?v3z^#F-hT8mC<WsIZ~iXg31c0ba5
z!M&L-?m@j@?FvftJtl=tI*Wg@cT}9um+x;O?4Q}E=LK1Qlh<Bt@N|AL71xtDB>1cI
z&OJlN?$MW8)I0sR%Wazjmb~M-Hc{$bO)Dt?E3h1T0k=Uq3gSu(8zMkU9Z_-$7RVPZ
zc?06Uat6g~X8Dg3Tzuu?ismx?g_lNZr~Ec%wo>s4?h1*O`$v;ZjNiCOL)H#`^b~(Z
z?2l63UKM^bCp68L+RJU?_s%mvbwn(rRv2xnv}|wfY`M$M{m3T;*2mwE4&b%&-trDK
zZj}~T5{mJwF9~{kwk)nJ8Q_K^k6vX>taIwV%DtBC2f%Eemd$tL#imq!X{LGs0^!%g
zX}acl<c&Lw*Kw;C0PipLRYxl>&ji6*WWX!M#dz<1ZpT@Nk%(_}KHV!l2(YJ=T;%lD
z=CoaZgo#f#kBNDqsRt$|pNWZkIBw=>sd&V=rJ)~BHzarN3Bdk;LJ{lf+Z}L{xn063
zD{QyDh99m7kfFRp5$5o5AFuKwYwH*~lU0s8bO5sj6C+XTMjn>Asu8BXQ3In}=8d1M
zSVR$J7J(v~r2EdDZ$OGC9vx*o{BGnllj^rm6v4VbM!OYuSWfQJ4VwajzSQ(axRZ}-
z(E0ugezYxctrR?QUBmm*qlT0Y$yF^dvy-iVs|n=W*{W9CHixe)mY0Va_8Bf@fqP`Z
zb`zU5o@UX5D3atbok;?NK4E9)2$Yx0J!`7tr`qyGr<X>Rei?9t*;^5OX6Eb1IUfX_
znY#6pmDEGDDiIraxxwj4{LrwbRA0eCwXb-c<a=)~@39Xl+$MdGUzM|2M$_PjzXiTh
z*4y!nzTY13uQ2mEM2(T_`ik_8oNVJ#N0OQ32L{a05X^CfRw2@GS2EVs?XLcSZXShs
zr8%u=Fh{Ajj)5I?;4()}>X>zv*c!?O!`M0zfPnV#W2-c6fUkQS6GF_@NcSlZqdWPw
zD1Pe62u_e~kNd=br{|4aS#Z!kaBAcBR*Pbp_UfF)9tI_YEaSPFcS2rzzm%7Y+xP?B
zrZBR9`^Z83vFE%h1^p!w%DP=N57}W#xVZR~eZcNBu-^Lek<%j*tfJL3PyTI+NexA9
z@>yQMoe_6+9>3gDgb2<f!`(MGE)?6?ftP&w3r_9~+}*mS9?rAWnt)MENg<P>_!ler
z8}8+0GtYFk%MRmy%ov7tbA2v|)#T#T)W13$L9}{*o5>?J@A@}E{Se9aRJOmv0REM~
zf5gINu845Z_IR!GY&^twIy|<FYe%JaJKT|mVI{>2tqkYymhvwO{`z5{t`N&LKgO5i
z&=WIW+JxU6-4A2q>qG6VAQLFRC>ZNQsCSa2pwkBN{tl5-ga6%akQdLa$zwk5<Nf96
zwIw64%&X1=*MI;v?Lklii6G4;`;EJPXPN~`>2FF`m~NH=vpNuBi0cb0k!y~L+knI$
zWQg`9g5<g6j=*0{wP`Jy;*tkwjRn<@LHJ|Fvo!~<f$Y4<D^l%e)a_DNA#2ju=`F!8
zM7G$sG+)`#A@!g(a`}T%qrLVND=QgD+k@t??{HV3x`VCe^evwCH_>iFKTh-1&z!Ux
z6gBU8^5iuA<ocX*rX-Jv)M@?2D!)umeE+w+sOjEciI5Ldb|CE9)$vASCp<eBL2>qb
zxlO8{jsZ@}z{9N6A!X0dR6%b%<q&*VA7S3UD(P}Gy1y}8VfZRR<Z;N`kO&-O%860y
zKmrtu8&EvSUZz^sVDMUdQ8C*d1<(+!O<JC^)l)n-ryR7syg~|0BWaC9q?okgz%Z{p
zFDX-p5&MNtviFAMlb2SoKS#nK6kG?r#|Ly~T(k~U_zZK7p-{~U@I>m3D}M@vgjDAV
zt*e=8ao(&x_G21}I{yXt*ylzAo>CP!zu@}mPHKNYtIatGtS>_7#^y${V6O$otzM@2
z`2?2k?h<+M{U_&}%^yGW8#X1p?2>zUyf{n>=HmTNN_cJp;aENRGJT4RAh~|&c~clP
zsi-f~*vZMi5j}C)cBwPUX*^?0pT+d5AgaV5*Do&J*$m+q;UNsB^*snG({VbfD3HD~
zhxm37w4JSXLfY5q4?$3^=Po<mdWk2v<<)Vgn$pDu#0HL^4Qn@dl7f(X%nPnK2AQ*|
z^WYA^_Zgl&`Y_*N0jXUR@5SrSC=B4kFL`9Yl)HD=DTwer+VfG2!hY*$vz6PNBQr@|
zv(1_w^!Z&ZpJ+Ea<WiG-J@mN4;yu1TNFj7u40i~A^pB21%WR`}T1sWvF@7K1#(8rr
zF=Z?+b@!}F?F${Jdz1G%`tA4m4$r$;z)i=hB-xFNP=%(YgM?bT8fV#w@{yeizyeK#
z4j9xvU|dcnAMGwdDKd~1zG{cF?b+ICzq+V~j{lWvZr#0`D$TPthp674M<b=Urvj?)
z<}n#{fGgxDe@G;UoRXf%u{(OUFMO&~v(F!0|IudbP|K6>fd-q-dW%U9L}Nm@AGGu^
z^FsJ}2ydh?Sgfl2cjB^5`=OmUCw~}Gh@~09Dhnz4(THcz<nMgfUbuGr`9{CvyR`+N
z@$PrrX^`dr1Ye^cdXgJ8WrHQ4rLvGT=S{29H$VlTZB)30CAX}PDbLBAWN}SUqvp~V
z-bQ%~sREZU$U*UwI;Z=;V0|&%vo^F0DR@e9uPapE{|KKB^8m{Fy{E>MMckXiz+dp4
zPSj*V|0~gf^x&8T@GkCqSj6HXIbcigvnG!Nk61hX#z6DD1pZ6Lxom!Q!i7XN)e4+`
zz2{0F3r8E0^mFyH(Fh%j*OSZd<-wP@E<{x9NdVY&!=TT@oolZgzxzQdV0=$(nNMT+
z;+u>SZ^a(djJ!w_7-)V(c=-pK=I^v@$6b2Wy_|4RRJX1_ou6)u;oc$<h(`zR6G9al
zOL?cq1V#n)O4KX)F>!b2ax@F;Ry61g%dc)*2v$XbLMxXB-<{rP<>Nlt-7H6(w17L;
zZW~omqrw+JaKj?IbHOU4NyA^}n8?{8^DSs?{D&e%<O{k@6{RC`Ugu}*&O>6>%EBju
z1tdhhf5n!hqSt2WkK^;Lyc2g{+30R>Mjdb!{UI@Z<VRsF!0n<m%JK32@^72bIZNS*
z5&7bbiENI`wy`tCiuXqX!crcDJ{BAaB|hYyQGgtF8z=OoO3L5=pS&JF_z++HI-{R5
zOHiE7GOpeho25PJ$tT{xhHp(9l+6^ly=UkBAStwKus_V3oFF{eXkN(3(i1jXJcV#h
zZP_xtxH)9IcvO#9q#(dn;97_Fz3*qyy~!3TY#Kc81V80|rmemg@(cV5U#zev)gYr^
zG4uYCN6X}!>xS05(il;7qa&>j>3E^G4%|)r5398SiXB9ouH1$&FBg>VEL*)tt)Tk*
z18;1c`LpUmeF3m2biF;G^SE)|fqW~B?sGDb_E`#u5Fc=-=NpG{-OCxee~N7P5UYTo
zotT>krXb)9xxvp`)Q6G#+Gr&l+DGqR94lrdvS!>;qciy&!lDi;(9P2>yy7m9aG}Ud
za-s=>_~dT+Zu2DF_@p+F5c+H%U^kAIWqnFGmAUkvN}u(*TC;4MbOEr(W8n>r)kg>=
zY+`3yfx~#~MX7l-JBwMIpb27BU$`e8Ct_T*r{C@xFEF%_l;4CbWS`3MFvuUj9YW6k
zdC_is_4)rQpnqN4IUN5rF?7?K971Hg&MfUYTu^YjgU`ana9uCoCQ>~&9bELH?@D`d
zeDDT3|AX;8y=M1ZuUQu(`rV?r@_^aztXfUIrUNB?xhnq!K3MBj1(7;-GUn%IL-OEa
z-g9R9t9{8=XN$cbjhI?+7zNeY?W*gr2<mTkRkf#;=;zrrb+3?$jn9=C*Mdf9DI-SW
z7*EOnRbBtw1OQz}ci1eUTVr@;zVc-0fG+6VwS$>?Bj4gUL2d5{0p7^5duCbAVbsDV
zVQbIrnA?5YH?{VYNyvo{xYLbE|EcP3q3c)7>O5XFy;LR5Ok(pqOnIbtS6C$lkLC3n
z?c1Mg3C6mZRQhyo3>+~feHU7(`d^YOnA(Sn(g{z<Z$$9|g-vC=`%@q-rPGGRqq$mY
zsMi(!*-PYAH``T^{eK_g-2Y7w=Kl+t#9&!ErM#}{fI1fa2ZO?2`M-%l`Mx3y&LDxk
z%Sa<$@Lu2N?4NR=ZOT64giLZBm+L_`%kKBBFAUJ(=yyGkZ%pWw$p1;!GclM%TxQge
zqRV;(j7^BLop0qu3EbJiBD_x^IAog|6E~m{j|{;=TlS!4e*G2|{;N>Sbg8WsWZoxs
z@xYhmgWSS$es<$DnTG#H=lXzz!5nbs`a&D4aI&<cB`M3Ehg05fvB{eadUT9jVuQ%}
z6ZSGk5Sx_4h*&NwkrTuLwgu+D{Y{!8?%mppR2xWqU_)5WEZ1TmhFLLT{Q$kPH%DXs
zjqedhBJ#H64x`rDByTL{Ca9jcwrXT|e&S-04j7k<oFn>g73qM=)Mu;R$ZHzNTw#L$
z$hX{LR3c)%54MKb*Cx#z-2=Al4);3WMkVge;Gj%NQqJ?Cl?$2RMlrz%U9Eqki(8sJ
z$u-!cy`zN?x<kxFrT44yxy(#3-4iAr1<2xslVs9xY*Km4!S?2p9!JsOlUf*?&bQ;k
zW$C#OLB50|<2=n&fct8%Gq696w8~+NN_-GZK-lJKv6Eb8UO%&KOXs*UQ!m`aa&G0{
z%5l{p47O+_p!GX1LOmX_*|I@TUPH))Ck*e{#Wvd4FJ}kgxULL}^7+rNw+z5J#TKpf
zL^aPva*qXl-?1b|;37YAv&!w|CRimul<^?AGUw@BmjUk$7BWYWh%0ZHJ5-t_s!sNm
zmCda0oOAlG^SW#EG@c<Su#JF76NwaZ+gs(pV<PcjgN2iYMH1IA@j5NjT2Cw_orn2g
zCek`29msQatWM2e5CISl4ywhWC#x)AY4FyFi(G&}TtTI+TJ$@vE7A_Xmg{daTe2VR
zC7xcge0Oa>_+()SEPKq6B&>8d{@==-9*(F>mDBRSN3dE755;dy%H<fNS~4LPA1M^d
zY!Hr~hno3lL~EbEsStR8oyxXK*d{km<4Z<*%L8dpjvEA{(vcPiIJLAS;?6NfUYC`)
zbxZ!v!@DKMFulqJ&n4PVJj{|FKFf)EG@V+Ua(=@IQ=j#pZb;u$=%$C|+-x@X3j!sZ
z{52urt5~`w)N?;~rg=sqMNQo?{L_C~A;)k8-&U|?RAiFaR=eH+)5RS;!}g^6_t!gV
z3PHFnwsE-{9j6yBMjT30B;D6$3k+u)`{3*~?z-g`ZBxRo2CmQ1*Rgws&FN)}hM8V)
z0)yF^Gq}x3@jC^MuZ*)Ro1mSa+lWzIT#|&`g>q5<pxMvaR%wWxz2Xs$ItQ3XB-UZ@
z>HLJ*CN8*<ye5BM!sih|cmCftR4fg48tz|fXS;<;JX{Q|zf5yWi7X2`cYYh-|Lgl&
zI<yRWGPo+793<(a3-7LGC?0cp4%go5mP{GjaWO1*?v&L^F#?j@RsvVLkplXakCRNd
z)R70JQ+G1#^D|z5Pn-Rtsn%`$!T0k0^@L7%<58PrP|HJ4V*h8sq)5dVmoJlpZxd<G
zIp#4X)b-?D_&^1vRg%~@1G%H{H+zZ6sr`flb6G2r^rnyT?(k}*-ARXg%XiI)zpLZv
zu@nFf!y)g!=v_{7{h3ivF`rSU&_u*vz>L9w*zGqE_hiX3^RnRFVf*6vd($P)R}Kw}
zrAuDaS{zKxa!6y)vr`DYX}-DC;$xLqjC@V#z<j<b(><1lEk55P$H2Gc&Z-^z?cqH}
z?-0V+Rw2#KUGZE*5qm!O+2&W1t<vL=xmq=9j_l*A&C@Dn)!ox0hp)V^uyQfL_i&_g
ze`H|hS0<e89B3f-;}R-&p*3AG$B`7@1NXdb3rTcJZN2D5$e6)rD!^tnQnWP40f##S
zb^s-habuE8!`X6f1;02{vc2>a2rOukC?mSI27hmD*Dcl9D4u>!JUBSMSvKLyt!A7=
z5_?IT6*4M&EBM0c&mnxxNj1cLO+W33cevAkqx&YlxlD6gvf6<GN3JK_<h`ET;Y>VN
z=M;0Gh&i}&qc4+$RKc#>SXHiTtiXz4ohG@;-psgU-gs-Wf6V2~Xerxx9hh2WaM5I?
zoQ*0$$`q-<McRvq@>B?y`Jj<wBOHKM$S|G1YkM-`ARIhJ^b1@VGtTP=OFJXWK=Go<
zJLyT@07YDX@@RZ2IZ0tCKNqWvj9L@gIvmS?s*z4nc(4))=RwF;fRXozWnW;T?pXDN
z#n!Ny64AL2hwO=7;k|_EmTNt-TH+INfJCDd|1Z6%LEB50tba5&<pa{LjQgs~&PH)W
zSn=*hXE((L-6LDwv_2t_u1rQ22U#7`AIJ7+J+F^~1b@+Fp&U|8tVG#_@G@(EKA=fN
zOni;n4*J`qeiaFV-*HX=39g>vmgx^Y7cXS1GDNMTij6_GJsrLrWBzqs=r4xqfUycq
zYGU4fT~J}Rc1rxmflIiA$3!tWpJF}4_10EU0%HYt)^$yvcVs_`FGK5>xM28;>jJ7&
z*_2Z)bpr6f5uoNH?3+H*8VuWI8A$iXv&BY;2i~hkG8gipRpd@Z4-u2ppPTOiPe7Kh
zwhm`_0DL3Hq(`P(tB_00qLAGbXKm;DM@uw^a||A|7tHH3#KHGV53Q_FH=4Y?YV981
zLZ;rtM1J0KeCmO^#Av5lTygb*@^&GMU6zdU0xRy(ZwUav{?4f~PDlGltY10j^+y~h
zfXn+Wlo9!SWoi!lcWbF+d?bREOI8~kuoHW}ZPAil%I)dI_nnv7I{SIPMdRhVd61+l
zwHk2+R*iNk`8__xregJ~D*y)9h*})u=9QU(kqpx<x>2X`YG+IaD;L2>;?QNR2vg1Q
zkvHAlxY?`PW^77PuW6e3fFM62UlY(duR7;WYC7~^$bEJaK-_v?4woW_=*-PEViQt8
zEhk$J5!~=3@=&J#3|-l*_Q@(Ay#;NSV=!c6W7d55WBx=eU;>H%(R>xe)IKmhf&0<y
z_QC#fS75z1rw^@%HlOmY&|ljBPFx#0IyXhZRxbv1;Yif1_@B#Cn$I*FcoZGQ0ERe~
z$9y*e^kMvwrQ;Q*yyYM4rwv5b^fPOKVO}jPJ!b*>Eud6Kf+V#B&>HDa4Kj2dLm13@
z3>W}sOAMns+=Iq|6PYHM*Rp*<5^giO+BB%=wX$r*!;4+rrD;wR`6^tt4eGvW;JTLb
z@{=B0wZ1@GFVY?pfP6^AR#D`=DBb-d#^IXZx;CR3+tD;A55(@+VjDEM@nUeWR6@-%
zlp^oB`PAd(yFWB}LIdV(hUp-|^s)$b6kR5BXSx+X#J4RQ*mUE8<ckOaG|ld4qxEuX
zKX5zF5Bf{K7C458p!3Z`KYH}Dz=Q+Z$QPIph>mflwH@@<Hv%6NuUm+K{jK+-L6o3{
z;+(F5vm*_E+*&f?v`OAIC)~e-9)*fW1EbR~J!`U|R(cZFE0(z_kJpPV=T~>nUxdDy
z%$l@9%smtpxfRo&TT^s_!|F=+!f>Yj()uUgw2IkgW40F4dqNs`KUDPEF#lJ?|8yI;
zG7oUpy8f^q<VKZHAE&VjmpCt8f%tnv8D5j0Bn8iomyE(q+tbDbX^{n^O@1qsDA!P!
z$M8_TaYH!xgQ1II*$0p$c00GYR?woWI5<^X2f03P*yNtgce<9HcC=)u%%GOB-Q`$O
zujiz&k+LE%UTE3Z<Ft7=E{AoSJUNJ-gbmoO1^e#J#NTE^9WQoz3Ic2o)gq|)oD&Rn
zqtvgZ=M)HbR{BV3!i>0{5zVO1^Yh2)6u^u^XEb(4e3DbKg$DL=4oGyk=*Cl*NJ$Nn
z3S(5ve7H?x!GwIj)WP5#zF7HNB^&6Fop`Yy!>1S4`bHvNRfb$!nut;~i<gB32+2iw
z4t~ha3w^7@^JN^~Q^rrS*q1i|fD`4x51Xp`MN8!zlZ1)=rRDa;w?YTvN`&`Q?kred
z5gR6|hvF6ldnh0X{w{vJw0upK{%h}<Gs6cmLg4zO%EMA*zE;rw$bJ><@1EEbD?zk!
zwI3ja;KM$Jy2fnnwryBz-nD42esw=EFW4!C08Spicu>STUZ9$2Tnn(246NPp7|L@*
z%g&|+H#+aCYo!P09WbwKDCo@<`>({?3rGhMlE!t6rHzVL%wTDif#mN3l3)$MNYxAX
zlP?S*0*0<rzlyb<4nTS+qAL*?*kL+lrCI@1GD{>wharjeD@T~7ftu>$)eFvq8y|~a
zq8|+UQpASC`IqP5v7Yxj_0S>6iyjv>JnoqgUWGvGo@@g<0jufmKZFy5Zbv#?S|)3t
z#We>i&Y3kw2dth|oW(H9zRin3`8~FCsbG{GjyQpk%RV<t`xQ3`{?K_gaF#IzzK!vQ
z9o<XnL=M#jI`*VqZN0?<9#DL+G}Vy(Y{W|aNHr1Vvv&68UTqXf9tN2qJ3LI?TNTk`
z{f-J)ShD3j+-|`_miQ=#<VLhP{mx7yk5;wC1mQ{_y)2W?(T1alNBzN)^fOP1Yxh6+
z5fMl~#Pv(K;i_3hi+SnYwSgvw5yPlir=$oCp1TVp(mV^WUr7zN^wsY#bV?&SX5+KO
z!M|RRJ;U9yexewgPZkygdsY4dUbwbuFYv>FrU1o-*`HeI>uet4*ub}IAo$k`%m<&v
z_l6@S7M0U^3W7CX06u$|9rK*s<2Mx1i)hw)j76Es?ywGvt3m1TqZ1=B3p15t3C__>
zXMaq`8{sK`NhU~<5lA_VRmWgQDi&yWS0ANYmzf#d#@`dbQa-U<sNN@N;BJ<y+R5%K
zi^T60udG-V`mN==_=$|wgK7zY(iG6f2z&rj-Zxe6j;~rS-G6?lsYA3Td>SbS?~bHc
zS!~K}8#<KFsOR>+z1y(=$J7n|5Z{70zz&0#C$q)2B|CGduv|Z)xfUc9AfrB|@K`7v
zpwa<7XmYxRV8Q_|?5hC4@0fYdjVeZW;4cpxlOGTsJdgEw#clO$=_5ce`W^p+v}yS-
zz57_7{g5ZeAzSjF=2&c!v?f$ukc@}5b|U2jz(*^QhMU*_j{gzK2kwjOgEv~gpSUR|
z1H5mL#eHylAtqHaybw9X_1Tcsga{NvpmUGOeot#`&CXd%XwXW(xU{|aT}&BT`DqOH
z-5U#4MjVGij+v%Pg6x<;EEOs8EG?>p%WA#5cx`9|q|0>D-$Bg_!sJb|6EdrYbnD(^
zx`CA&I>MjVGUQ^ebxYn6O}~pQ@Xw83DUv9D4tMV(Q2I>$T!*WO;s;IfrCY|0o=&NJ
z5O-71*3dow(Ts&^W<X-it*w=18gGQ`N&k;@HfTzc*I_g=q0Hv6yHtfR|MGXx3mT4a
zO@K@_i8+sl-V8a)yrj~myr*zhRuT3JdC#-urBT4>v*T-D_wFsCzk*%~D%N^j3dp>4
zdWX)wU!`}BuzPfv)1a@)$lV%kcGJ@6_~o(IMN53D|E-~TJ^sJFcdL>VX8Kr6v?cz&
zt$~y7APy%8qD%l3?%s_}xw2p8aB86&O#@8=;}dwEvo*Ikt%)vz41JNfn^ih%pY<#(
z-|cZ+A3HdH{O0EA()2>zj$(rNZ6$L4r;nSn{8ewTub&?%GYrsj6wzK6IA-sb&U~-j
z<r3~SSA$jV+6d22q4qKg3>s*2i$Mhj)yn!n+w3|xdmRHc4JC?Oo?bBxm2_EM8|g;q
zW437m8Lk~*1C|opq3$CKENaka05BK@1eH_pKPVr8NpLU0&wz(7@@O%-`~4R@_0#dx
z*d==IeaJOE%~zPFC~?|dcjD`XuZj<5rEeypaF4%S4i=B@mq_4AeVpaCi;7OftA8BB
zJ$7e4%w<wjwDjE}^)sO_F^yP41&{Bt4LU$7Uk|wD!`o8Ds#`3HjH%XBnDfO<q*!+o
zroT`nzvIrb$;`*zEqqX@OoU&+IePYo)`TNU-o4Cfd=ctwNiyKu>~8wRU`EE^jwd#K
znN2Zq$7V5aWr+|$8^)N5I3bnE++HU#YdJp|@A{e0ijE!X5jWWXgn|+%O*{|+@BRSi
zq}j(WtQ4K}76sR>>jXT|Q4=}+KA3xVddL?zj0D0F7!r^g?WLWAy#7eS5mH>CM;0#(
z7X>J{NC!WK9k=%|@(3U=Y#wu-19IcSaN<&mua8XQ{CN-hhEb^FY?_wc;#&)oNyN!_
z1bMY;<vgPfPiqkIr>f7psP$_c&L6qv6@wqW2Bvh>x{RSYIfsP&Rk~C&!#Cc9I|i{A
zoxSct%i(gCqgz@!w#fc2YE-u<InzL^ZKN+<$O7iy(9tefD{57#H|A(&=sr>U1e0-?
z8iaJ4%{Qoq7$(!gfKv@AI<G5zVejT>7A=#==~{Gax#`-9K??g6EBpzBL~ZlgaVm6d
zvf%7~-;gNWLVnJVWnn$0w;I#Om#@>LrBu0KGH<Uz21xq6d`J6hx6QutDRwHpw0TPM
z@cs%wpxZ#{7jKTZYw~!2$s*D(Ro3P!y``~))%**H*)N@RXTJh8Q)+|Pn4p8+Ge9*X
z-kh|>d@}-Irtbwc$qRxkXukyw@R%R3MnoL%v;VF5K<l1|$qz$S+b=GAz|YZtct%;!
z^!jMueRRNPr*R%4mu}YjM>>Gh;tESsC`Q85xu-buWNw!u>G-9R?&zk^-gX=rh-YGd
z2tDCho?T8*TI1oXCf9)pIm_ZRPnl7|JaIdvPR!4NbKTAUhY?uqZzM{mcM_EJquEt&
z3h~<9Sybkca*P$^*HKspoiSrsumU<_Q_k3r@73(Bs*{JuH1K5r0+Z?tESEc+hE_ur
zn{7-N6L7HSRYfpk@Yg3It>wY{yCpDv=q=2#^{f!2ZnFf(TaJK5bN2M<s|}cU@#*)M
z2L%oFYc|e)9HZhN044sp<E0+na?uI(^5t?;Mb|F6Eo06-;?PyD1lp8I28V}(xH%`Y
z^<Smaml6`(IZd-Gp<z>7X$8Ymx()EmK#+12w~i5B+5l~H7xjVml0AIg;##hYf?k<k
zrB{@CysK`R%e12_LF#a0aje9VY;@CdOWC!CX@7s~@{~-4)g#?RtMZ9onc|M{YRY$f
zXE~}dmAJF}n}Nr(vYpE5P@cixGy0OND4(g*c=$4t%58OSlgp}nAIU1X&<h8Nukllb
zTVK0OWd|liaIb$k5_X8xcKZlo(Q+@S;L_=**yf|CAX$g>fS`8xeIIHIo3CCiR6TEc
z7Qaw1?Bh*%6p=39`h@9i=Xlw&_Pf8r(G)t4OJB)0@23t_?;ZEsw@S<{<bV->%7ESo
ziUQJHM}T6+C7W*Kd!Zsewl6G64gGu*==1Evc;s2n$xEe6Y!a^mA_^lz?~4hNQ8R~U
zd}dla$s6rF+MJ5MpHn@a#{+`>6PscvOUr4?_$v-W+UL$&earW3%Q897gOv{qL-exF
z26);#{(&OCXckz&esy&m+P+Bo$ur)!m=%Q*k9H%xx{SPO!w$7huQWZnEl1q>;M~=j
zBY2q=nIDI<epK!dLa5>79Cvw&IwTYDPRv&g3&943gwq3o*D(_Nf)q{fwh@MlEXmi3
zd;_vR=%l(>9&8Zg4J%7CgEf@VfjY5eM3qTeop|>hg9cTWqM9<xzI-Ew^u~jzsARu#
zWR>w&U8Y47j`Qj$6?3&z4vb)2pLE2{Ped!4rugn3wy8xoOuUIvyK_J2tb)mJSI!GQ
z+IN!2zlg9-C)p(z$n#70=G^5w+5+uni@Z1g^b+Eh?~ZO00@&XVa+$sVpmskcC@kOh
zT()-AlHC1lZGl6php<oArJl=xkGxSrjXSS)-zENZwd&J954c)$6CA^E$`gX@)>;!5
z{i}Yi8LLj|7?{zaTnZEm{R9Ca!xUS-wK-lkuc|mvT#~Y|iGP5u$7P;ev0(6OA^=D@
z^fYM%qf-WU^%!2zPm+e7tVEs>0cVKYS#=%x9H(43zON()ewan&f%(nDVevp&LJx2<
ze(=W^Kny4~8GyqM-MUpU`FhYO6HLNzv}puIjP0K<9m!K`NG>fNb+M>Y*HE4e4BxX1
z@8(JuLirmYDqtP(mu^#yK4*b#Bkt*Ur{BFOacg^^BOTbNo}z9zHCi;@=x4E1J@<G{
zizZ}>gO1iG3O%;p0Dwn?9bCX(XO;8mB?!x%1jZ2YOPxQV^=V820Rb{H_(b^IG$Cp}
zcem#%g>=v~E2uUcVMI7m5h9tAu4;zmJ2NhHKEL#qMx^?jzjbcFuV)LNzX3$uS;v89
zg!z$xU#=X8HJ-0Y&Vl{*M<1|#)#$**)!eO`bft7@*gg|I3s1%vZh=|>tqpVY04|G<
zbFDFL;IVc6%;7Pwlu!{YuF(4fkL2t8WKj7R{;KVX&2>b@$C)%*Ad8FS^^4M}a{-Uf
zb3K$0kZ@Y{sLcl!eI#aht%bP|Uai5l%ELdI1*KWmoCKgZ?LDN<Ze7DKY##%^tkGv{
zJ8YRBjW_aa4|88KV|E<EEp!_<eIh9V6CPG?3kNoZsuOnl8+j-<iV4n`EM$Tw=+!T5
z^TW^bQ9&4d@9pBb_*^CsWD<8+Vn}y#MDDi;B!;(*L}YB268wOi<HcZR+ZVa<)_qYo
z=O|>j++l%kllx>cSGVD=z=0;SaswgUi&}Fvu6#)viS{r%`BAeA2Ad`bnk~KG6K05$
zRWPaC`fB*GU7$|bqCt7G$fC&D6;)}uALAf=3p~xlxG5`<n8%cz9w|x7<bi@NS1~xB
z^!0&{j&@5U8iGkN2?_YE%B5b*$2wHlU3Phd?stl~=bAU5h{}JYG+(i{9z&luKaaHV
z4wF~XJZe(Y;=1Lg&J)fQ^l6pL#!lyF^TC0+hbG;<1@AtyJCqhOs_Nh(w>I+`43*kZ
zc>j!MqLMyKL_X6@J(D2g9=!Gb_Fp^zpU?!D&iq^2G*4G&o;N(>dmzgl&8aMQx`G_0
z?rd$B9HuNiep`n-Jcdm}$_RcTof*xehqJh!TGk)CkSNp21=})gTc3W@oe(vFd?sM2
zd0Uj>abRnnEn**&5G@;EzjlRk(74Rx*fmV&WeA-o!|L%!53BvU?2!l$N-5#c$!2rI
zta|A+<INDvad_<>X0rDh&L?$zrC3@}KU*2C&hWv|$*y2DZ@HQa35U(YzM{A_EoJe?
zrzr=nhQbzQc7@5g0yRSV?J$x!m#cyEP@_xgcCE{yySZqV;nz2*Q%sCI98=YuJA*L^
zon%3uU-b^wx35UMA@DcwLra~|&nM*DGtf7B{F#3yp7DS)DvZhZfwR(8st+Akr7@wE
zcW7>@QRJMlybCR~p08p8f`dq*Ps@OB#GH11+BY3ro^P(pVM=9#fY<Q1&DPpI2M#tl
zC4$FQGpElkg_VEdLwpB{-6w_JD{lFMB@HyKw)|AE|GNF0WK_ky{rw<^>8B!eN*-kM
z5ccNvIm)|<cF7uE@QuZ!zX)lAm2-glqxQtaOqWllq|)^dT&$mrh9lyIo0XetU1onA
z`9$uRauMn-Ty$SW!2%Lu*tMc~i|PtjR?M;=cRm=909Pq}P3{YVHu#N!rlsAIi5nc3
z6)YJyFO8HH8W(=?)rfVoDl<o_v%F0&9nJR}gD|+LN|Z`x7%n~Ln!dP;k3zHFFEJiW
zyqp~#eGI}>T#g*~fbXLa>;7M<3?;=qXzU3%wmE)MaJ}o_Z4Osn@Q%yoY#wB*@nBls
zP;otp^+yzq?Nk_J`DC4OVKRVMK)M(yl%dCL8^>O%VdOkED!sSAvJXg;4KywA)D78y
z7aLzJvTQKvx)P-xyKYdX3Hz|}wiqy*@32Cla&08aSSFi)d_U}?_4QE9aZOmKvTo=Y
zuggKypY|THq=3kA#27v%>K3UUl8Kv=x<CH|;n-_~rw^?7pH95eI>GcA&xSP65N6Qj
z!s5bKKD+ha^synB7RJP72@i;Nbge7XD}IuiH!BA^?>;qyP@fg4O*u&0Z~dM?GE*Ic
z=4pft`=$vP!Tl>`+am)K{EIA-o^y4_ZIOH?GXz)&qb0+r;=oW)YQcCEt)Cl<{pPi?
zG3Zm&PUR9`6d7OQ+jOYtf3%Yhr34(|QEcU?hkmQApVRwmx37HvD?|Rzh(+x<KGTrM
z8s&;CwXC(HQd>tE%Em;pGR3kWBigl?I`@%=bRe>Vk+P8bF*CI()Tn5C1mU|xVJHeW
z2x`=t{Gy|Htdhi^=AZYXGFgWOFJMvS*)SZ{6aT>IE(ggix8<NHOu9@a;|ct<dx}a8
zkY%p0?R5+wI~=i7{%qvSa}WixwvCGBLBXL=6p~IFsBJ-_&^tggBB)8)-;|Wlvho95
zrloDUwgvlH+@^7^J!(&@wK)pDQOmS(SrS0Vl{Up)8yCJij4(sc9|Xzk7k;j^K})S@
zjER^uZ|Lj92e;}H-t!l+iW)5y+SF<Q#xi`K*<ki^X^P}$^R>s`sY=pG6jRNUyfe-~
z1UZS{cqk$Dz{O|t*Y$l?;pvJ4^}{G46E~;A;TEwcAwoq}oJgZ!{_oZ?6>GK>HU;eh
zrF>pad@s<`3Bnf*Kd5nNiZQx5fM=I<-N}(DZB&)=V0+%+m%qwVe8xavtU0(#T}Q#>
zu!~=S1zP1v<<a!Sx|!7(R1foV#0Gaa`Mh7X*Pv43_%b#|z#IlqxH7JxX3H1*wANdu
zYPj|5BXV}juYX+^cj&Wf-po#I(s8t$ZGxWg3ntWJhT~>=QtNh|uWV1RHfXzNfl~-Q
zb73A-n&saOflG}oveY=fB}aEHJK~UIM!crXn7B6w-|z*O^$gy7BldOr00Ou{3gdGR
zF_Uy-J#q^`e8`oPH*2wvd(hVt?_||dQ)%vu8s?RYzc<zpj4os8@hN}aqTgN>rJjHj
z(Ju;$q9=10U2rw1PB1Q=D^0;4U^rRkrAv%=ikbOZs+Zv>Lgw{$Xu4<Ty*nABtPfT4
zqXI$O61ByMU)tHSQt^GOJ}`^MAe@EYt={y1U#|^y9`;%fX+ry&l5(Jg$MD8=tcc;1
z+W7Wv@W}jHy7OGI3G&BHa@MV;nst3dR;4<+&alU)$f(RUE<eaXfX6)3O*gD+Rv?a{
z#2`;C*XvDOPwhRcyuhyfB6-7R^hj>dcp;}jzRQ5@z@f`jhE9_M8Endc!$|o3%J>P(
z>jOLcclQj*@hc*;z;q5eK4>gPFpAq>P9eXh?znT?a;jh3Cw3UOP?{~H2xNv|*!uGC
zuD1o6M$BcxyBd{>%yiWyexI9bQJ6l6bZ5SdYykT7Fm@mvnq~cT@jLNjf4IiE8fB_P
zcCWN@jBOcb+q{gcqKe+lfKWJYuYRp3;V__46F$r<$SP{t@}g3m_XDiVU>rO7;q;gw
zzQp);&a>2tRm;zSKHI<}vZFySQ8~!{+Jv<d5K3)!PWj|0ew9m<s9W#t|A_ms^&ftg
z64IDT?Wivu2)%c5h@FKgM^~^Pu-87I4U0-9%=COs=inly!yNm9dHrIn+AO04Vg8LO
z(~dp(gR=2lm!zrO4{<?z??1Gs6&PpvS3lrQjukX4H%ANbrWG9-?B++Zm75gh=&bBP
z28=fKnp|{49F;kcXk^yhYsS7-n#OA>u<O^|@cL46HP*^>k?uia;yuF=F%4Gc-F?~1
z-zJYtjUU+0<U4MAG2fNBzCW#q*!^bTI%^9|V(aQ7xInI%bnT~qBYcJKdz9G_DvqD`
zk5!wH9yr#)ozhNkeEzpC;Aomk&uPZnCkNO9whkN*`!sN8r@*tk9sYS|Z`s%;JX9^h
z@BQ|WK$bGtc5K+9IAP0h&H1Fr9^QSm{Ke*bf%Zs4QN3o>_coH<u>~e|IB{N$SW(Mn
z%}V~_xWI0h`tf%cmY~rhPV;h?^t@VvWI4xN5d?AAw_#j1mGOkb0n@lOXv8X;=#ETD
zO48!7BokD(b8*nH8mufY*=0LQG_NMzQ(|qK>AiJnYsYpU!5iypS-R>l(<jsLa7xf_
zj}0+&{nsr}G=x)`Z4z_<!zIS(3@oqO4PLi2-&OvkPKW{F-RLK~_k*hUz9ILs-cbia
z{^M2|sOPumN35wvu}du;&soUA+%fu1CIg-$a{<7G&GQ2XQ5-Ygx_GHs4kPrDX3}f+
zmDc8B-%^tw#hSkfj*3KsT^HUD#zJ}|bbdi@dT^CbB|k^3;8=sp@%IguCS(DpIW`Fp
z<$CC9nsRNb#<DF>IB{#rZePr8{biL#kH}`P=5Gz99j~6FV9V@i%Wj7hx++hYsd<N<
zM{q#|L;D>Twku)3NXrNkz2SCqg<BXp;I!|5ro5=J!5vLAgisrJJWE5AJYbZpbKT-O
zCXIr|gKM0&Ylhk)m{P7uyQo;%M!Kw|7~K=UQ(+ie`3&ROZ78hQY_n@KrY?Wrvul(4
zLBV9Bi@*D7P?ah=-_$^8x>EgE#4w$)z%tV@RUnhW1?O&%4Kwbm(@J?@Rx`Psnn-84
zLx@68#3X%nD#eB%`Pa&ZMVR8B001dZ@*`OnhyZ_vZwDK(_se6p6xU{tHcF{&NF)GI
zJcU1v4w?P0#D<C+xDCz0l*x_Yl+gg^<#&@<A@i>_!Ak@dV1MAj@(?b)Wm?YJ4q8s-
zI{}gJ=2mob%~!6ptFu9?TJ_t1@A`;2{J9Q5FS}P?OCZ)muh5N3K$Mf$pDPbMPOB9>
z^w@EGN_NposkN)KPmgMgvPfLNS@snq=O<Ov;7apY{++UA|3Lac?h-(AvXg1?QI`TN
zz>Wyrg5PYu!`$x?eLgA0?>&~`^ZtIFiCt<rMC2ol=K+iZdJFuj=HJeF>MP(9eA;)%
zdFa)v3>{Jl5(RPGZj{89X}nX{zLs7o4PM&dwN2;Qn9lN?o-%Zazo*yokb&!i;;u>;
zKf_A8fKij%dp;KRx`G#tPui<W1>@YUa!a7K`9b4FS6`F|Dib>cb%$Zfk!v5h`2Ell
zW!^n=0D3q#?s#|d+t=dkE*=ZDe)5K@c8A$L$L%yzv6yBS*8TAXMJ#v9O|vtyhW`%R
zRK}OTSsi8vviO!okhL@jy0Q2SyqHDk3);>d^G?Xi-AbgQKg}G{MdmGT4f$y$FS1^g
zdhx;q<2_6(eX2j$Cy$)OdzchzMhMu;D(cs{)_wpmz^QX&pR)MPm(9ttVkKie_Z-7K
zdG@v)z_p3A%oR8OGiIcOl(wQ?z_9Y&F|<A-cA5<JUL^;$&KRdb1Ln*kLGA=x%17{S
zB<cW<8Eu{#NiB+#1en!<S&|<Pu4gKtSy?n-r3QK4D-YZ;W3CfflGWPhB>(Nkr4eWv
zVCVOYn_}4!@P|urh2`yi@2sl%&?Cz~b)?I$U*SSe*I2GOQUkXUUxrJecAR=`xo(kr
z*l=mFk(&_$a+@w{@05c2zeUFN6_DsYRi><~JE38lul<RGn){bCamdKu{|<x1(f1V@
zxmcBYVWuRLspvswHBE2CzpX>|A^7#+<iAZn@-G_e_+hjeUc|gx*7tC)FkR&Fxh~|J
z;CqSX?`hhl8Gl#(gUU5at$(vKOBSN0@dGEpamQaCtuI*C<2a68?pv`&yaRInMqV@3
zoH1d%e+|aIXjAl9y>G>IZXtT@L6>pJan(bW;H5uXrV8q2qC$U@S=lWSp8QOwZY<$9
zn|c%4Z!U7sQHQ8c%{#{kK3YxIRsL(vxFX!?!s(26S|?A}*-#IEzu}Y)4Vp%%o7x3d
zt_eG(dj?JO=jy9-PkCPIQLAqDEa5Y+Z$0JtbM>_{b^0N)N|RyylKah5S05ApTs_74
z$1vTCSbLYho_=ol&rd!zf5}aQ$0aa;N>Kg(<>@hi?^#q-M^eS?+^HuqfWNj9@fvrU
z)t-u=-<(o9b@wgq^q<QQ&*U&w+@<E@3>TV&eH6f6PU{thiswarZBWloO`IC0qk9b$
z`176AgVg*!NZ_;*GFl`>{;tHkOY8u*JvlTR_B?P|p_xJ+ij)px8;|KLDfev^372Ac
zB}*Nz4MrqFkeU^!hPTVB?b#?R=-uX*^=YhZS8I-f7UEvpWl=jizdzu0*4ck#)i|Y;
zqi|W)$%w$x!r--ULy)`8pKq~dxx7NI5i%b?rPrR9Bs|e@?bM<EI$HVLvE1R#st#sJ
zDTG#-V#!PUiW`3j=bO4rOT{t(J7ikw!ygUN{-a9;_nT8v*P5Q>o^GxE>I36+OP+k2
z8hQGqqDU-2w_cSjrxs>>mUgyeWP~ml@mol`HB@c>sajnfvvp#7=HrE)SXrGBqmXkg
zr#-RVEeGDcFz27basobuM&C@PdK;Y^5VnKM_G%4<A0nT{XT96LC?;B1FMA5NV1uR+
zN6)p_$lP|G<+G{;9a>z@^Lhmg+s8(I`|8kQ9TKdzc+_><%IpMwEXA12+FXatJLb45
z>(vi{2vV`n$J|QmPkC~JN_V0RNDyWfwa1PuD9{tB`)h-646*)?YfUR|gykDvXBLUi
z%Sw1yCA=bY41P=Z6g|^FiuSDygP2Oat2y2AW&CaP60G^OmuF9jJyB$C*@0I$bSI+=
zotGD)<oaY(wxP=2PWMPot-<JLU;41odG{N+?K$r3dyu=6aBM?gjFARAvgWx3*D2Xo
zmAE%j1<GNfKj2t4rU%CUdt4k>2~&UtIaL(>0~DVx7{#jb<z-9I#$5Zsa@akc98}rh
z;Nx=l<M(Fmal)RNS@BK5YASbw(<k3Au8g&O-W%IdyP0!i#+^U&OL@>>MZF0&(K{|8
zVm0(b|ASzYo58;i^&0b!QD?T)T_X2+37vdhnE(yn2^qX6^+;v#6SJqYQrjbI2R%$E
zMP@BVeqQ&5=1gA0GbrIIOyP`yG2LrM^SfYwfAacbWjyUeI7{~)ACe#?S%)^GC&#XX
z?wHHFoN-Q%ptoY&p5|@L4Jqpzj(gO2`{GR22kNYm3+m}4K83rz!jLV@_>63XGxT`U
z@jX%Y{w|G{%%wjs-uJM79D}YS;rs3m0dE#MH)oqbzGF`6F=gbG7UkA5JDi%Z4i<Iw
z#yt7G)n#sX<zI^oZ-d2lpA#*!p*^j12V<u*LX>oPR0gL7dk30hqT7_9n6(xjoUlIK
z`O7mPl?M)IqOOIC#%xaWGG5FPeQ^~*8vaX=n=V&x#bV4lk{$J?1T22mTqm?_i2Uiw
zuKw|lC!6{LI5(I!m!oipvSKiNwLVQM324g+_b1OOKhuAdIeWu>cBUzj!UzHe7A%MR
zPTFMUULAK<4e&j+o-sH=m-!YogJ<6Y*g0#B;Fn*a)X=c5i+HZjH+`65z;Esd>Y3b*
zUIgjLem1e(<>)F?wN9B4Qo_=<mzplp5$ZO$|Jn_$wiXXbF6z^v6ap8;cmcmg@j%LZ
znXj+Ex4zx!iyp81bbsyV{puOFxrNnxo(i{v#-+<U?XoL&GnE4)^O0MeEcb7H61sAQ
z89iHLQG9Km-5=c_Gv>F)vRXcJ^Gmv-&(XU&F4H~cu8WzUXB*(ROc~$w&bZ&P(0Qt9
z@O72cG&uI#z4_%Zg=S+DQ|R3EUsHP7Wjlw3O@~=^ouu#9d3aD_rCfD&3kpHC!D2(t
zXRwXKVrwrFsk)&te#Ya34F4>#B|c^ufT9zphtuBOYhk)&hZ5<kV?m_zU2PfIR9RWc
zMLqSC^uvMYfv^mYtj?mww%>MqDop8S4%0zX)W-GkFexlYtuuFPC;hODjIh|_?D)Rc
zP7r2Xo8+NYF2ZG-C9C?$W$bz4^G@kT<h#ti6zN<jXnnRw*&8A|`OV*?$7NdWfPL4z
zXWWNkT1xceAlppWkuG{ZZnN5)NJ~dG+fq_hKRI=kH-oW8Ev?;|k-xqFK~31U1)^VK
zn#$&pIBID6`GkR^uJ&;X{VH;^_e|}0RQ>y#R+`PRQ}s+&V$Fn36)ei4mFL>9Y+n!S
z17@gwcG`;qyCH5fbeF5j!|kSVd5mM7TLO^c9OkhW)Z(Na3K)2mI++&(O*kInhE&Zw
z|NS3OPR$EkRU!=DSZ+_t<kH&Tami!)*}n>5=95!7xQH?DgofTTaY70>1a~rKUDqti
zWm;xJh{RvY^!WZuS3f;c`?Nw6JzPLjZv1XV&o8PZ=*5*m)Ebc86nMdti<%#a9_ius
zxxGM^7avI5tI$j;-ub${mBPY)wG)qCrR!ma0TPqW$B%a%)O6XhT`&uHsx~JrExjE1
zY+3@B#F^=dITj;!QH0G7$O@%nr(beWrzS&zna5%*GvcD*@akwDz`_F6FXG8}M%^JD
zGOcFP(5b4ARu`PBBEq#<(_A07Tv8ihJnxzyxym~YdD`hRj~Hl`HVU<2ypej>G>IVn
z{E%En=)DkzdlUIW^%Iw1GV^b#e3!f%ip$IcB`}J4X11yMtk0Ci?}#MndqK}6IX$D|
zBd#(|Hpb9}{&RDx)=TIn;h_J=-dl%7*>-QEAR+?7pdbxHDX5fmr$~c<(kU$|9S$MV
z-Q6WBB}jL74bt61$52DeccahqzR&Z#@9*3D*vCG;{m=GKj&bI`*1fKEt#zK~T9<Qh
zWXEl`HzWQ|g>M<J9)D)Ka9USw9|SBbVI3UzbL`ZU+0010a)05aygBIZ2H{QCp<|Wl
zP6Umw=ZXW1MhQXY*-$7~=h~Ty4+dAk)xOu-u16be*8{uzk;R34ZdXJ6OC|*TWjT(A
zkSYG?^THvelas(Zg{DM?WTtQ@JCEU^eS_%uom#OIMMFmv_4eEmjPLwfQpx-SGuVs2
z4!r8(+oz#&_;1mHO8=|w@;nv=htojZo_w&ja82JOgi5bpyk#hS3WlaJo9TR(Y0^6X
zeEyPJUkj0O5E_$8*p;(4o*e%6@OySvk^DPApyGq6VtHdN6lM{F98k&+%{xxS9Lx?b
zG0wD;DJgSV@4+>`=wq>U)49vQF4_1<F^#(}ej6hn#7TDUOiH*TfBj6?DmyOpR#t6z
z2=?8QZ+JB~>DwzkAZZHEeg(zQ2RS(0{RF!C30uLGBq0Y&{trgaj!;5Vv&AnQ@7K#(
z5pbo!-s+E$<Ch1L*pT`*8~K06lhq3h)UH|>;%BKM*+hhIP(GM=`jYS+2M#Xr{htAe
zcXgEW?pOp=;GqOjL2S7<0NwT-uV1Mc!)@R<hHNv{T&TF4auk!P-|O&k7s7t#8L!wE
zPT5x~MFfg{&xjOq8Mh>xvsZUP8`d)Vfr^?(_MGp9uPuad(}9GPkFh7YmMKf&Vt;^|
z;(VI#wPY&Y*Vqs~-Y+=g4_nxL)M~lJb+>s_cGU}Um2@u9$MWl$lE!u(P_TW@hh-8E
z<^Cm8J^dI)XFw8mlRcp{`Py0|UO{UOpDivXEu)E5uWREaV>pqs=?>y^%RfP(@XgdJ
z;T7E&dEa(-7$qW=KMZd-^Yb*X%=Ig|pKxy>Qt`_+`AqO9mpcgUd(?#HlO@wbX)a57
zwcSAI8790Xaz6*O+folHtBRzf%ND=+Nt7yF1qCn_<Lm!9WBubl{`zziH5J550^pDT
zwC%6IqTr(bnfCp^p2Gh>O0xeCJ@Q8@n2*}m6TF(p|GNdr|5vNgw8GB4J}>Dnt@SIm
z7S}3_fA1fY_9{$)>Uccc%BjIbott3lUA+~OCYL@Y8|y!ctyi^7H)8-I9&<oH`ys3#
zaNH;2nH&^YS7sGg!RD{UuPWxA%U@*wXE`=yl_?oc`MlrU>}$?F-w_7}cy{EE&zbV?
zJURaBkDShXvRnQ2!<_m5{lj=LpE3!=0?>l_+XK;o8tQiiC<RU_bk7HM5BtTU;mFe7
z3r3I-o^aNU&zCTc><?45P7ymP<Zq_T0{P;ve^@AgX6%5-P0LvxEELGa7@i{!ksvx{
z|3+#i_1@#oV&DJp@k%*xlpk^2r!sj+buTTBMfRjI#ph_}R!*q@#jkH~D#T-69{sbj
zxp`{GMmV*3iGj3dg>Ug1TRuA8z&wtc0{9bAMw93{8j1i`3fxQO0HBrEi6j3kFcAxu
zvy2cbt25*Kmeab^u}a%Ahc@2ZcSbO%Fjhe*`wX@tXbSD(PZQD%8HeD_{5-p{IjK)D
z6!T19L2-BWV#`0<lz`cj%R=Vk8n}5sB~HBCPN}C?Yh%Z!FzNat4oiNJ5LnU#D1!ZV
zlZ3V#tk2+*t@NE6p4><yb)?|cv~*N#ep<ek(TQlfb)3*Q(yoflLWHhoD-y?GJX#Uk
zh#RPWc^N!Wyd=G&DQ%xpDmTN)4ZU+g9vvF#d3HeJ*pbO=cv;s;XTwo1m-2AAe}E;v
z<Ms#3$h7x##?X;~>%MzqfHV^rkD@LPn6#m4ZKg_eI0oO3B5^xyV<>gR|HrW3snz!T
zri)DRT491wYbpqe-K%R9l<-^hf(x$&az4U%J8sE<`Pyu<1u3`=D8MgZKCA~_L1*55
zG;Bb67rarxt{k3|Pk(y+a8O@92b4w+RPGLqaD#dI*0?fDj#sRCDXclBr5A?s&NAS!
zdnVIId^)6}V1?#y{nps;{`(4ZKv(gPjZ<c-o`zk@Yb}33`ubc%p9InGroGE$@!@#9
zpPE#1Y9#aa-qp0t_OmCo=V1>E%)$GSpH34%st1rqC%Y-^fx%p6h!T&@FR3#rl2H#j
z?Y?Gxm6wrOGgXj9a*UOe&9xFe%CooVnn>qCqBl7EIgf@+7F<B9tgPe`q29?-<8|id
zmRN!uHU3xYj4MPlwe}KIK%Dnw_`N=A!Qea;Ip$aTd1>6+jqSTpdAl(}-zu&=Fy<az
z;dF=9o@Zq^0SHWl&mjhi3jq%dHGhfvq1@ne!WRg<$hJqgaSfo+(VPO*z}j|vm1tc9
z!k8W>W#Sm4cN3?I36VUUO~v)`^Uw06vIa-XqsgLm&4+u6cM?7+8CGRJTB;l#GT==$
zOKD`^S;#NV`<a*f2o!pFbQnrf36pZ$%&IVQvuz3TkyK?OmmS}?JM0Ld4OH2XsiS8~
z#Rrd%Rn|L?X1&4aeqn7|#aWynoYJ?w!|&vT=pK#XeaSZ%@(CU-1;$bWj-w3|7@GOH
zO>NiXTj;P36+afF(W#6I@FrDXmhQM-J?3SGFnqq*#48z>s3?@^3T{mWE>h@F`w;X9
zp*j)G<qu0#QCw@CR#6IaNGT_+PwHHdS9JxM#jL|DT&q%=n<D{3)^X15&bnvJnz5zs
zFA2`IYBb%1yDHunPC<?6uCh@)vUp%68{EvtD;;mNF|ZDj=nEAeS+LGN_{h(KrS|(7
zTX*NN4cahD$s&Y4f1cP@49o-#T-u`4)4zQ$Y%uWX3U<V(it~CWAE>v9KKf$xfKe8d
z7IH9Bg8W~z3U;caz{FdyoD!sI%+m*@2oRzP^SS*VlS?K)FNDfB2_K}_u{wG_Z4~p!
zvgsRI<?kkhj#P${S#MtGlbiyxuOe4Kuy>MCvlGJZJjtX(@t5Blp5MnFFP7n_oB2Sk
z2&U5#MZD^|*@J-HPUhJx>zg`I(YN!3Nl)hVo#k$<N$%3yI%P&mlYo!GiQkF?24zwE
zx@gR}dSf@Yp#3uvg}@E=+}x7ISt+WTui@Tgrv^VSg;w?=RxhBZ*2#P@U#}tS?_(a7
z5v#SnJR*vSrekg5+^N&d!O!xNBO_zsr1*yS@*v#6P@pI2Bkp`dr_BH~3xuc`p&T8P
zGOv%$TfSKWyFS@|?w4kGIJXj9IkX9>UDY4IOl|YkU-bT`KZ_um=3J@EC(h%l&1$as
zSu|e^CPbUKuC-Um)2pbMlrQ8ZcW4j`aT-G`9k^LM0x&FK;=p@vX!e+EF7A^SPK;yo
z!DTHF*hNd_ee%2`8JE7);iqUW+<OaJ`u^uLE68*uvGh7%!hm04Od9N@$Fkzi>>`Ye
zoqcXmqk@P)O6nAaW}a%W?rk2_Uzg*5%61Y@mjZi{#|Wb|Wj9HKcpicZ^xeWrfx`^?
zIohPU0W_z?PKX5o-#!lEGfz5yrQDN+C%nkC_Z&?3{!}|B*T&uWTw!YJbO-8u&1LYZ
zx1QfLK{EBV0vPvE(NxE2??jck5=f;Iz1>vTA>sImu<5&ZhaoZISTM9o;Wc`*5Sf*e
zPB<asjV3;GItRqhHc6GSFuU(#FbLib(}1RqU@XZ@@42}YHxAhwScMq)>I|dpWqFiC
zUtBwjSN^w0ry9Yy4ouc&*A@S&IP+=9<mQ{%NBrI9uYO$534=a4zOtUb4o>VeftF1$
ziU7_v6^Z>>M)k)cK`rJ|T$vw)dor;QrU`2`J-}yYFBT?L6?1hl$#U`gF$@>Fn`cnG
zBU98VDs!EMp=*y~aB4k4^WP4^2smns7{D2m@-aiYFnN*s{r!^h;44LS^-pLc{)3*z
zWhkZm#U)4Ul7M`$$@*gzZFH)Ne^G=``6P0<POo9G%2|&b6O$Dnn$1gavbh+8bEHu<
zHnT;ywN9$(w265~8fHt{Y2t)ZG#A7Jrai=6bV>+z$0!13flYw28<0w0pK?`(1_^m?
zp|FaDkMgQ*04q*$Ah(Sea*IA68XR@2T4dNh<WFFT?<qw6NYCKD1bKvzWn-HOstI?B
zolz&o(!jIr#{p01Hzx4cTu){>KAZ%nt?LnZAogYBN<wH3;ob=xpMda=t+#8Zk}Rw-
zf615obv5my!It&JXR>@ybv%?vjuKA_Dad(3`do1Jb(kz5w|#+XEg4?>fzQDCe7Z06
zs?6~1TV(}I7OR!lSQ;)T9`P)SC|<#at2y+%;mK6%ZqyJdUiv-^FE-Vu2{}O|?(K5A
z5gr3Q!Ub;E$170($qU#Qtd&El3u4zlvs;I7xHrdfWs31KN?F1Bb``bQ&#TIN1?!XY
zc*25)6UkPIp_Y+ylMYkw_7~%TX1r*#sV}Be=O(`sE?4C>f2Hkv=kJw-5fj+_POUFz
zf%%1kKlD+~x%sRwj1ke$(B)~6eY&mp<<Xa*rLlH=`!JRbSzWnxW^`@h+TM8+g-4{)
z-i#$Ikg7;ZdKLipE+N^X7wie$fu|Vmkzl*9sy<8DP^Mm=S>rimS@uFt(s^fjHI5Gq
z;Xw!5Za9JGH#l{iI`#@g>*M2soL#D|T0u_AjJS?wNeb3~q&LHg09MG3g963Q{I>jU
zDGOx%HJs8v{0=4rzwd~rWEpKQ2sKJhbkKUDC^-+bJ~pI!x#Cdqa1eRK=YF)vX}A%7
z=xwMx@E++l&y&Umk&|OV*!)mj2&ld|-)!m^d~A$7sivi~kM_J&v`QP0XK&VfkdPPk
zX20KBX3WF-y<ss7d#xkE<OkI`QF^1(BNjWLYf$(tm)_diB7H9?zoex05>vyUsBQQo
z*U5K+2c947q2a}g^FfL7!l;X4x*`nJy-V*cJ}J=jfbsQ;9uJYCpsb*Mr5D82Kv1PM
zA?uqQ(y+-(7xq`}r%gL;JqI~Yhn26LZxg)#rpnr#E2cZPc7Nr~Jf~PbX~js_^>JT)
zo#*Zfv5ILM5A;WfOYR5`4<>~k4Ukt$-GE-Rw2-rHB5Ax=40)!~PTe1z{eEB=R7oO4
zG!JE4VD`+>a;doRt<U$tZBePx6$d6kF~n1#x0pn78}4Vm?s=dO%g%jHlleW!qjw?M
zd)f;3jZv%DalwOGNb>aMys!y5qBqI>rbq|7dMWyK$~4*QC2j}new4+|0PQK?W}Z`?
zN+G^jJ&7@sT{o}uPMu4Z>rgoCrJ)?nm7qAeaKuhzqYnLtlE%yPD6&Ygupr8>KrZ+!
z7Zp2fJ%T1x{+i=3ey{I`KxNgd1USV`c!5519tsMj*N<pQkbOs#0$%#MwJp8Nb@?OS
z^(RRFTR{S<&xnuqNRY*hNafOz632s%g4T8GA&cNEZO7$jaW1*&hoHPLmis`#l5+zD
zgvo&EbU!#~se6kwj9^Ulioh@l&|!JdC~C@Ihp@h@ngHdez82tse!S<&@J)1KF)?0<
zln(x6;ZdRU70GS$BhQFENgW16=`KW_%uu~QmwwGSKFP0WbW{+E@zYb{k<C5}<9MLJ
z<?G!wj33n!o_5G4=segi97^6Ys<FtE>N8;b4mEL;{gl-i^@&D0rbkwy2($_G;ZkIJ
zyxM;~s!^Na1K?9EHhGg?5i<M!#&UGIbk%Z8di&V2#p!2y?w?xvri5N5$bRP>HqEXf
zLqX9e8&hx-unbmY6Ftm3lWR}yt74DsX{62AF#PfHIWkS-I`ee_$M+hukDfkzT-3Ve
z-j_ZF%d(#U^343^$RNuB6%8F2OiOg{Jk-0EKDv8UyPF~;aJ@D9`7}1oN}BZO8O9eU
zkuy3?m*DbCD+ouPLO<y6vXQ#SSv{gM%5P}fu#|!C`9<b2hHZ^GqG@*T^M3K?m2|a(
zRXyE-YWRzzexeq}clJlfi6ddn$i^!0{ZF2-_6XNp<n^=bW#+^L`xM;xCS=~=sSA~j
zZR7hY<uiTfb6IRJPYKECI0Ag+$8_m}%Qjnk>9L;11)>ORTojb;_9^LbNw*G~0D7r8
zg7gB$bpZpy=W&kSSs_2MIxgK!U>6z6=5#+p?Uv8hs`HXr<ZJ@eG^vpKn`aNG0bE7%
zCP@TZVW$}Gp)*e69O&*K`VR@AOk#P#`Jhv4%3$NEosb->MvjlTS5i|)y)=wIEc<BU
z9uMUCNdwlMW55Z19%m6-S_itGZiZc0N7m}o3_I8Qt8+M~a^N$UCQ~ltv+BFu!o_jD
zjWa3^<&uUoYxdlB)q1#R8n4&#j_7gspObcT^*OH{Hm)Rlc(Aq>_q)ww9K9GeIeVj^
zS7s6t><e;=_Y}Gi+7HI|H5WZLRA&4YT`lMZDP4mVIexutW8U?GOJE}i0Z|q{&)z^!
zbt>*FlN&iEasAV)+P}=MdYaIeyX_fMgeR-xhd|)epkca+x-huG_#5#aX<7cpk{IFP
zqq20SJ?r{~&1?mkm>du=0~&dKxnuDR=945nQ;3t}ySGnG@7j;1SX6%MO**zaYdZ+{
zzEnvT;*Ge-kGt@PcO1kJ?6Uk?uJHBZUBeCGm8E8q*K2F0>uZFqvu=}W#Qco(!E^fN
z@BGQuDF-5pral_c^7>a3zo`1DX4ZzU{p=<z{OE+}7q?+v?(ydl`{)TU`?`;)TdNZ4
zMZ5z?54qF%S>vFf9C{x|Q%X!N(f;w~+tvlzJtakkJKv$>Ux{}L9f?(sNCC$sKiz<!
z!rVHzuzg(cpfRn*5f8cLRW@|+NDSaU0TIa9kRudhC*SfgFD+gGojpCzv~+9TIIW=c
z)Nc_AX4+$$r7^0pL+k^?`sSH;o_&Y;{77b*;e=4Fq)ZDrhnNSLT66en|MYveTTNg<
za0p8tAEHjI(imM^^B3SS+<sW;<(@&uz0KjgcLzd#YT{9TIMaJsMr_6s*v}!4H)i@#
zuNXyV0M3B%@rj3R>3;L|A^m6JBe6x9nZxe0+an4OW|pGQWAES+mx(-6&bm8DM!lCO
zi$#HgVktT<t?2eN`;YbK{9eD(&H8no4h5A`rOGa%$FK;sA>ER|4G$}+j8Q2}KYewN
z@)WdJEX*w9`LPxHmzY?TEW}F7-=lMydg6u6RlD`H7ITgwF>10c99e$Sgq`&am_G{^
z>Z>d1oP%dJ0iq^ui2D5}-$W(26~HN-)iK1`=U_9Bx<k}~bMMqWW!Sq#af5ha6chr+
ze;2sG^sZk>=EexDwIVp~uE=g&Srjwo`D-hCj^#5Qw)GR)IOjy``!Y8MUugC@65cIm
zhn$(==@_7f@Kv|WnZBz7X9{TNO6P#=s;&b&s^JC1t}Q%~3T}*~;}YMC3!HPeURB*B
zgy{GFU2p!G^VL`*^p6LE%X_zJ&Ldqzd?ytLrL1@LPl8~CnK{7vczJnG@<EpnoF@t%
zOKUep7po17W4NaYD0ySLWVmNl7VvrW4?phYrwkRQ*P621w#_)?&wVln`|1F|$g7Nh
z*NwpVlV6gA%&k0-`*p@CXTtQkon!gsaSbwV(_XMrFRHKl!g-49qo?eAAy|S7qE7e(
z&IqjZLiJkbEf#K+KXDw~bpB_7>!YUt;Py}8<>j9MnhrN)!nOSYDnS-ZBdUHX(%dx|
zSj^4Ks<fG}5QeCaq`yQnN*y3}84*}n+4SDlLg>uQ?|aTregPh_>wkj39ENXD8or#5
z)v0>w9tc`Ui?3_($$XaLBx~cvBuiZ7sN*VpajicYuvc3wn(xmkLDrls0QVc)uheN9
zq9p9A<?0qr5SPdSiQxXDr2dy_g7ZMN#ah<33@<8masqu^iyJPXC5thuI(b^3f+Tn$
z8LfOtd*Qa)rx-_NPsi@%N#8yyk_U{z_3<Bd=D*x32!=-CyJ#v)+lV*o_~yIelBAtA
z9}{2@Yb6D6z*qTMFgYgzjpCbk@V&7P;<)wVWwiS+w37S(C<cMQ{Z_}Q$$_1a*6PUm
zT)+(0JQDo;38z7>bo9XaFiVprl+gO|Qh*e?o#oNuBM`U}{=w-3)&KVS65xvnLjzPD
z0o_(cW+$5pgCoVbmmbtfZn{w{+x670bnEMlnsX!NB~X7fQ{P7fRO>xQ%1)3c7EQg7
zVquC6Z;tKrY39B)b}u|h(Aq=b6av>*3yh@Ey*202(XJCK_%G$*zZMfO3vL6&GH55#
zyXBc`%)PCVFx%{bwPs6(dt4o>QM)XZL<!OPkqJ@K-RsF<aP4il&oIBGINtY7etXKS
zwTGegtrlAVNFFrs3i!(Zz^?xF4(wp9z%B+>RkO?Qh8Ez`DRj|(XuZjcc#V5dy9sP;
zk*@CUYL|no2tl)aP|ov4)zJicoQoA|zntb#BXc63@H@ln@7aPasu;x%&E&qD97gG}
zLtVY)JcU2%Xb<P+X^D*jGk5<3RQhw1(?DK1^=e2rlyFb)!$^8-<tp#W>j*%oE|16c
z)QYr+Wx#~T?B56-<){h~pgU4E)Da{JmSU!A=&q(gNHVe3y9WZYEjVBAXsRk)s~cEx
z^sGisooes@?=~TzF5~F|$}KGxb<%U+jT6}@3VdPI*K<r_&=v(STzU#=aR;heUpM%X
z$Bl{!3Ce!$uP=2kzy4w07G2cOs3%}tR>sg0y8A}>y)<SSO>lWC_UOQO-sl=VA1wSd
zQA#;dcGG?^gG_XI|A5|iKiZPy<NgW17sU#FIL|jS>TF?Ky-l$yT4%U4%#dJxe+($9
zM8hqzaeBWw^5OA`s_!{BJ>5H`ivRW@7lxW1hWCf=t4p}WIEC*|`_-r-O18e_M(PFp
zYv0f2pa~|-8`nsvmj&d2o>T}70@#_Gg<qP`-4E&5Uo-tCCBCn}T><oFzW{hD<lXr9
zn}4!a8)C55Yb`i+{MwCA>}0KIB)ea;TAqoz$j&jfBuUUg)OjOtZo#W^gm<t?{m2BA
z1#HC+@!ZJT52d!y#Jd2;hfL(Vb{=NloIs+~e*>99$g}@y2|(x+(5cFx?R@okvUJe%
zM_s!^@Q{I$6!_ZauGJCy6A|hf#*rxFn<xE8Sh5TGn+;?TB}l@Z_xjc=L|J4C!;AE7
z{EsQ`Mgx&VyiyUY{MHPKo_D2J#k^^Hrp{NFtMeb;5ot*97ZPF!Ah21As%1L;3yJ8?
zTjt23yjg)`j?du&-u#nKXrC|Z0_~re3Ni1?MK%SBe+7CP$b@sWkW|Y|3yZe1k<5wJ
zxJ_IoS85!v!u;uc&`Idof+Z2ZJ{;r!YHcqN5l)jMz_)N;igYFr>`j{rYs~>KcLQ1v
z{RR3L3f?U%(I#o%Ee!o1*7aloZqU)<Ll0$F$OB(GFkBFR3X2DzA3^{oSxxr~&1Yn~
zY;o+>n7ZFuXX9Rmlb%*uS9=t+$~0T!jM(=SH)BD|o7|&WyI8~iAD$LHMTqWO*TRT@
zh}H5$C6z-Rkf@dHLorPBeOqFycix^lA_C;EnOrOHLV&L<nR;YXyPz|YE>s;oX`lrR
zkotRgpzUPP?kHG(32U9;byv*G?c3*)$JB6SfT(;lyK|BAb=4`*<xf@wmkp5}6GDrf
z-<2nRa}fa!HsF8GDkF^<c(b-a{X`Xd-|Kn-qZa~T&y(kVAnk2)qL6d<LqOyA7iLJJ
z_T%}$+y*n2`?p)aU*xF_7&muUki#^GwcQ)m8svg-{u@JrG7EIwS*V}Ee70s>n+4>f
zNw9DHO$$h`ZqBOe%?wc8IT-?=eg6`BvviuJzRm&n(-alg=791_DMv^7@7$ILKTx%j
zmA#<yN~Tc&*ZH%^$gPi6IIo91_vouFeIhvmjjP~fiUq*c^Z|2e@aF~<{F5{}>5xTT
zT=JTCrcW!Q3ktf$eTDANSoa~#9*!H*aPIg7Z17@N%jf5M(zOwK80tw+GBGBcct7ct
zQjes5L2m@+dd!rR<QA}N+mY$3g0N*5>HMX=1dMl8D=T1Oe|74hIO@c>db=K5{IbY;
zmIopg#zp5>hT{=$*N!qJ>N9CI`*(LMe?~ll!MP&~?z^HG9i0Sy<hoc7As3?E>H2bx
z)=ePWfR|FTv=I65$iLET)imY1$MW3qeWRrqMJR3&_yti4Km-kS)K7N|6J*>FCC`@3
z1*kO(86ajqJzkC6_xM5GdzznL3?^M&U**1x1psj0QJ;Z9#nUj&^38>AxDS7R*!J2g
zx8vemv@~`#d8TJeNLvA_$4>pF?tNpDC^)sCp=V1B@t*1|O%!h8*gXmsprm5FgfAZH
zG2It2NVNO7d#B8hpN)zAgPUKNNOxa`BJeT+@{;h_knECq^?ShOJ%PZ#Wnsfb`cmLg
z#>)m!&hf6GIb^e0(GbD}6QB02?bjjeD|0=M8oR!pY@K!wm77bbfCEqcAb%g<SrLb;
zI67S~3K&nvPkXQs*`|?~LgQloppmQl(qma!(OR1`F5PtIF#yzEXx8XUK`{*8x)(q1
zChJ~ISo05y{k?aoD77-Z<arHlxJc7RhI{nY$T;fbI^%&s4-?a04sUTsHVMJJF><$+
zet6q@YYdni)rV6mR7%F?tJWmC!GugfI}kGXs)$`oP!-2FN5A-KU#u_icKSiV_$Q*8
zS30rcUENZwr1)%hpW=7#GEw0VJYzr!dJGH)9A{Hi47x`*U)(fdPNpEMK)6zP(EJh%
zHng?8q&ydvnk2$aiBQbl3VtjLyR2E$mI@7D<pT3Q(WrBEqa@6}7)^?HU21|^F8Y2-
z!N)Xk8>DrjsHORWo&urKaPi@F_{u;owU&0KUem}`{LIr#jWq}Kj_|q)q`fr@uuXT(
z*ORCBwbgDZrBHJmnsfW-_(E<yaL%XeDA%cSU;e^VEWM=y6~;19`#N#j{D9DQL~z|C
zx{pPH{Dr48cA%neLXB{2xK26LKeC%_=Lybd*&AE|fYjI0H)vTCNU+*jkU2iDlAIX@
zgHuH-ty6?Pa7c}eI*Z1Cf=-Jk%#IZ%=YyJ_00zXzTp?9>=3$!*&%7%dM2L>=6{;=>
zOVy<?CvRMY|42zm=|ekM*`rv)PgpJ7#^%rSm0%V!csClA=X_XhW|w5t7|lzsDoI9b
zYRwawSXhjjQg52{ob6iV@#N(X{I7=X$(2_#3DK@JoCX|L1JBa^x=|xf9STRo4An$`
zc)`N&MPibyap&zQ$;rh;P)H2~wgcU{WmY<BLce{}ArhWhuZGN(CaKMTyt^{Jj~ckt
z03z&$m&fofb5SI*`|Y6~G!Ly_s6^+<m`3N_^jUvhI~^WB6$LW-O3Uq8F2@mU)Xdoz
zq5v%*223oyIW?#nnyJA$_sF-4zQ)y0Iq(T51_0sptBx?FYh0W=5}>;IdXezWl8uAq
z)+}yqyvJR@FwuR0k#2JOmI_y3<O=#Y);BsVv^G`>FT^Ixf-He-<!$Xouqe|b+}=tG
zT%_jUY#tPF!KZ2~4C@ASDDvXic6Ri6_oDDiO^7&1=pWoN%zp&tiIBq;Tjcm)Aa1EH
z_R%u^Vd?V3n^#Qw!!np~occ)b7Vi`(R!yuh!t78a?qs+Vx;P>uuQvyz{XN3%6>)|)
z7~tDlswx_Q5aHLU5Qv}FBTae&<5$~R-LptYvbA+qCUr)lBa1Q~$(!95G*n1hO(Y^+
z76S6%mGIFR5~iw$k8`s3#0~y9cJM&E3E_(m$zeeLbWXGe_jV=p3$1yNC}9h-+NsTu
zPKy^BdK~8kly&vEw8f!$&p;{|N?^nNv!5huzEytvF#PTrckdvGq#(}Ls^VgAl6L>|
zahq~O3o5;yf?!E4=1V(;<X#?5*Sw;yLO<R}^HZneF-w?>Joi}ZGozhs+r;V4M(h3v
zm1DXctC-GgC}tOGsrTd6HhF3y-yCtGK0^8xqNff;jgjcAfD}V)UPfv)Si-e3W(4CI
zBs;cirrBBXaeJ(-NO{1{Baj!F{%TIV{f<LNpqvVRLh*qZ&iXZ1dcPerT{zJrH1h9z
zbmp(fmaS@rWov>gFqT>wne2A8jXNvlYnC4u?GS^dR0|y_BMm!CldB@gVYHiW8A?qL
z2!ND8M?eOng`5qN7(rcU%Qp4!9spOJD}v<=MK&n5M8DBN_76jo%f@F)hy;&lmWRH)
zVGn7cQNiz8QzkkvxD7d!=uoiUmM-OxUm(oseVogPb->=3d(wvuz+Ql8AgZcWPImsJ
z$1c<74&bmiDons(n?g!Tu9Q8J5Ml2J!BNx9D`?7704=t@=?(Mox;&I7=ay=@t5m5l
z_5LTD_U&q(=XW}y2niwdwA2sKq&H;28|WNQ%n?VC8{Y?KN@Jbc9_?5j`GTtnIGoAz
zaxJgiG#uZ2Kugmj+7aBs@AmA_wwkb|zL-jL$=>gjThvrPhH_KazO2aCjJU!gsG!;5
z>!T2e=aDMIP_lVfH2r;uW|#*L5f|Q4sue+jS$!FnBWo0m##`@gIXA+siF24q+M2gh
zrLRfXSKe6>FMwk0T@;;$c_>%{e}M-K2G|i1bFkH?I>L#8(08BCnK~SX;XvP-E95`B
zU;d3|y~R)3h-@YJaf&Exs^x7bw1kz_E{Z|(ho4zze?%<0-8$2x>x=u-;j?|dD`tiZ
za<RJiqHYmJ$}6;EIm<G9lRX#7NqyO6665a4gSLa^2N&(X%m?8Se*PoHd+SC>fif~P
zr6_26wv+_G5Ka}hY>`ZEgT6rZ<k{PqQx2dC0}o+70l?9-rWdPFTroo!5uIvP-5jT-
zU`A?3M8B3UYzZ6JFdA05F27q1p5ORUe6Ggh_P*00eU;_XY)@nOr;*>W-qvfi_D6DA
zVBCHd81wtG1SG4T%NGyCW25n|3bo*r5ErF<U2CLd@`Wn&vYEKijkDfcWAu#v!q`=m
z%Uqjr((~Ng_QIN(H!p-|f;JOU*PjkTimG4y2)BL#H!#jq2vS%ZGn4E_TOi!vg<;x~
zq^w$WdeXC(DSivX3DJRk<cOH88T26Acp%g<(N2;$IXOdx`~9AhUrA6O1v@RR>26m}
zp*_^q%hF|}9LIqU&6)u%UA?{(+_=1iZ=mo}EWuVhpuwhOr?Utn&x?1%jbV7KRpsNR
zcZ6qAhyf<aOn0bthh(+CFaFT4wBnDu0W3CvhNOcsJw_n&IxI^+nj}Jl`PfS!sQl#c
zHKlUi(_J?sG+!Q;56?7BlIN}F5Yfw6z<C^EJWs-;^VX`Wh@LYEDXGLatn|jkd_SwS
zJsi<|^0i3j<bGn-y(7jo;TP$JJ^40bn%H+M)Uf$L!Dg}W@8g~RJ1!9rH_2PvyY(oQ
zULD@7{9<}+1$W));G8}`Xd@r`p_IK(y@?VT%Q>B*wGT)hiE|ABwK@d_F^Q+wg>~1K
z5Wg?8f%M~Qg79Dp%)arTmyX#`+U}PfHVf8+QILo70k@?2!igtOBXux$tW2!oTNihx
zJ+@UNiC97M5$BOK59eaCT&c>#?>IMbz8us}rD{kYtOgPRS47E*+Q}5-`uI_wK#z5`
z-QmD|wL@TMwWqf6{Ll4)<eA4uhislPa+1J>5D#ydlCL?S3u~F(##fcg+@^!+!nKz4
z{IgH2`Q*VK&D&poMQAsw=}~7+LAO!qb_>=K)-}!6l_UiYx$(eHtc#tGTVObGxbY*w
z_&>k$DYm$sLvcZG<(zAWmh7A1qE}GvX5FkQC8iC51NRM<2*MZAXggOTq<Bkdpc$G-
zc9rUMrm`~WTJK5EN$(QCjGBtzx6z9BWURDP=#PwishcdxVQ36|>cTLkD!tW5^9Btg
zWWKMx#5Nnwv?cW$ar%e?8#vN8t6o;156i$P)bfn!f~8nJ(ch>U`^|<@9G;C%RVEa*
zR2Wu%R7RD3wYk@xu`KdQ!F1*JV;S$1U?+5yor{t^RfV~E`qS>buWlbe)pc&Rrdw&y
zGUpUv%8>Nry&AyRGE)IjMk}zjEv}#S$+_%rq=$S%jz#xp_d>WI847+;w}rL(srb!~
zPo|d7w#b1!x_jIK*@0P4+x*`8tf0P!c{``i<XFSkYL1ruz)qp}(bXRwWaum`gNy=N
zG59hnHV(x<)aJuCrCdWP{eB+it9fNTw(58b-6t*IcxV%!afP(1I})>c;{->lA>r~}
zMUhs;gfqsaQ;zKQpTlNtX=thC9L(j5qa-XI`L@_7Ux_484BM}x*Z*vpDq<fB4G{Xa
zjZa2+<eWFHdx%nnp{nS%vXyuERp6X5purc;-*g-8yN!<nCPI+y81l+ztv)M73BGa1
zjqtuzc#6b?%16?XXiQ$A#Sa6bWkY9Zs?jpj;W}umw}c|e1vO*LHh4r*F~k(oS8}vP
z7R3SSo*Hu(4H|#S2bznP{)<FUBbynT#4uno@Ut6nOD90bK%|gDPBv5EaGUkj*@mll
zmpjv!mujtk;E5Xvi5(ZRp3>!aUB!rLdQ)Kpq58!TJ5@Sr(Lpg97D)*oH{8o2vN1St
zuX=u4(I$Z)fS-k<MDseTGw%M2;>6Cz<leYB7pf4ouF#9m*)cy=+c{U|4Z$XKZ9$zv
zD<;p81_;Za!VvuL7Dn!0&>>X<<FVe`?@c<ECKhgI<_?&G%DpzOx?bA1)5Y%!Ek~c9
zpI<kPT*Xt|<!+~UI>v-{#T_Qs8B2=Erfr=yQ$RNRq}IlTYR0|UK>_@)hI$W6%xAo9
zWfS&@N~>2;Z9(7C;2a*YjV07$4tZI6G8%WDAi0LpUI7W}3{gnfZ3{t`jCpA&W(@ON
zUW(FuRf=cJne(bY%aZ19LLxJjyMnJKs=eU&r{NE8WMmH#iEhd8M?}jHS`53rTyP|w
zde|2Sr+yYK$NT=c1#R~oY*=r8m)|I9KwralA#E%1^3v5)uh!wfwRg($My8;8BZLZ*
z1M`SmUq;8D4kGp#*(Vq&5C_~-*Lp}nGAtgg@9m>UxUfV0u}~<+NC{FOWqQH+i7;i`
zZW&XJ1wy2lAxEk>Yok~?3vB)*55VsXnn5{_UxX7SSplJ-ADd0FS@T@hbB|_dexW~C
z^|Rv4iiwgL+E)m|LG_LY>ctm{6LW*c4XKkn3^QG+JkTVo?``dCeK+!47*ExtGo50P
zLdFvyv<^MV##hD004MA31{HeH!3CkqFJn8})TF?7v*@j5;!19;ivi@#1Pyvwq|6?9
zJGhg@Fq!!~P*}v($Aav$pUbR`*`CG(Zc<-NIj`pRr^8cyAPT;!sHT)suY|qtm#3vu
z&!e)n6O+qdQ<n%Vl%W6z3|AhA!-2<Te`STq^mOJ!%IU@c7Od8C-k(V$G5pZ3NGG*+
zb!BF6Z)IiGSdWi3QS{4s1@^7oI<FzFo0!@P#SrgkEpv4>Ek0tg&zsGtr)CJhp7cDX
z6dr7wM)tbzp9Z-jmzTS?Dv_ji$HS|hRYc*GOoUOvDW&7!R0v$y`f1|2C{^S2R`}5&
zW%2z&(}Nw)vtxm?y;eLAO0|(UQ2+C1)|m7?7^ee_bA$c+=ZHdQ-@wW}5B8I?Og|*q
z+q0+3m*M<K`-Lr)bs(x&XL3TXSzg3Tkd95wA9!y70u<ZF44&~4WzB%P1^-4f43tC_
zd7$xu!z+q261&D(YS;L{dnS5459tZ)b6HjaOnk`WW^v0<|KjT@B*Wgx4l=4ya^{kL
zFWs{uZSeVrSoS5vGKMR%x5_SFF26u@4#_-!_KbCTH$u2-ba64e-E@~UY}Mm5yyV;B
zS9gnDAzjY{-TGqd%JbD>tMA(^Gl)bu^`7UrjnLh`h4t=>-KUKp<{W@oSt+a&9tS7s
zpD}tYvA93>csZBac&t0;Q#&7W_Tls5QFzyUrKe(^{k84&QhTs}gU+O>>wHqLe;I&W
zRC5RjFUuePMq`+<f!^K})EhPpI4rfG7_tma0~rxQLmZ1HamH9WE7uA~vX7o`(tUEe
zDO*w#g@%NS=2x<BFX<emaB#Z7&9Ydp7ANbFJB?jPCOtA1o!FuDkJ4bqt^57UGBsuh
zTjnFtxvM=7Y22J@wDkk_%A@aN33_SO`+(@8bR}Hx`|g||x2KYD#g$$FGfsXg+u2p0
z|1YAWvG=Cg*VOAq0R21dmjY)b-*jG3qzf4d)G^MuQa7Ocyu-x?Mjjpy2u!%09vn-y
z;E+mz+cxCElzIvDNi;P_Z(AbRI~y*x40Pwj7awC!k%?iYYY)LRo=IDHYTQn~MNkJ2
zTSDae>J~_Q=C*%gR0%3j46VI7fcWtmQuxD@tw*~%pRsk#1K$7e)Dm`KySBIGimdfG
zU93AgMPna2^_EaWh}5#r%*7g{J+P@xZ`oeoIu-77w>1=;K5b@<7y7n{RG@sTPGamL
z+)`4dUn|B4vr(rsR~PJ3szzh^C)CKx35f{fbA2`q%)-T7`T+<VhJtRG?MPt8cUwO)
zwVpYIxqx%m2N+qmX^7YkVRyzMIelygI(&hkdZ~sev2HJFJfxiA=Q`-c^m8l@tw*e*
zsSw|fN_0GV>O9@P{%pe*#62c!nuh0c*%Y)qBhv;G9|p3>zax<=u+}KONsF=+y+M1M
z$uyyfvo=8WjW=}zi#f<4^p~2mJ8O&PicMYBt`dn<q5dIA>nj#yQ!sM&dT*Wt6e%P%
z6fbm-a~t^qDG0?pSWLed>|f6x=STEAdtyRu<}W;^)@S<CJ<G3mA&ZPxtQO;mE`0Z4
zKH@-I!qUG*#(<mtYydGo9>KU<2+Z8TIZ782vBKtscmY=&|CLGojW7P$OAm~MsE`6{
ztNtC3{#D`w-*j_bwK_l>3=qP6dVz8Me_>94<05}1*8%Y6N#LtAZZL~~%kzJGr(crp
z+#j7Q|L&#u3$^=y{DJ=5E;nr$IiQ<sx&IDfQ$t<>N8io$=HIACFieBt&BlMH-T+gN
zd~qi76;$>9I}-!6gfNX@#6SF-j{qw7e-JkR|HuBjL4L+U{}`yie8Z*j2tq!SvC=pg
zl~=-yudK6MUMl8<k%RFF)zuPq=gr}5Mb}K{uJ7D9tq6IaGtQ)6&wh8VOqe@97k=3|
zQNbjPrlVMCz0>A7)Oh88LN2XJInMswS=`2E&(>O;Q1ZvSCuve9Thilw(;QV>8&wJo
zGxH6@S-GDb@Ye)0*_~mmMjselEmo?EsC72?@!y=_5oQ6=<)8gP=aN++DxH%s@!mLb
zKc{={N@hQUr&s2L`e{2)H^*}cQ-LR)=(1L779$@1>>h8xa;F>Wzqss%yV*UM9U&A!
z;wRzC{b-M?aQ;!9tE}~#7xQM+T?=sBbcSuYU#-H}y(2M3M)4(|)3SK0<=Uc>14jG@
zC?rEpvG+6G=eqLyBLW4*`LNg-cBmO|Zdv)$WdW&zs0%9AKPBJ8-7s<Jf|sb^R(bfQ
z@w=b0Q!AmjYC|Z8Q`XSSQ|F&=SI5C^_B3_;oHmIlo&q%%f-7J2rOJUD<1<SNpij}L
z_2o=bJJ7oeboN$iR*;LG<k)xK&#Dq-g6xOlhHf&$ovES>S4>qV#npf5)BkJq_}zAt
znk+PmL)`tN>54zmx*?*Xd-_KZ$$Y8cxlhGWvO~b8%>27a0k$uZyhIT>p!zL$=RG!o
zFOk5-i9hR<Ha-tUF4y?o86z^q`vL(^{UA50nawu0MX7waXAA8odJQa}@L9P9d&nF#
zv%<dw??wUnKW#jq3x$spVm4{l#bZr=n=cG){!4r==<?nN{zk)T(M6o3lkEp%lMhH(
zVLs+KYsV#_moImcK84*S<t;MAm_qe_Dhrm&=52Fi#}QEC);Gd)K7CQh3{Xi#uWLsz
zCMjFQVgUS1Qy#oYZjuar)yUN7_!jYso-@o`0qAIxO9syKzeLtQYy)HzS`Yf<uL3`O
z)g5`94>Ubny}WpGcjxjB^`IkGc%JJgH(-FV4zW<VM!cB^pgF$8RigHB!{U}?IE9#v
zzua&VwVbpIFcxlQ4D<o?2dbYv)_q(4c$RmSzLbJ)<y=Qj!6905*`%ALCz)DL)OI7-
z2xOp{L*Z*PYD^W4Jse*$DJ^VVc~>t{cf#+$d`$nTLE(FTvqjnHz6I}(jJ~M+gf7ot
z8T25OubX=THi5H<(*@Rq`8cNz4A1)2cjbT_(fkmOTiWp^B=Tgp!?7^8<cNrhgP?Zn
z5?auTu7=QzQyE+KAv&>y8*kd2a7r*5?Y3^7xnHpT+qW~Fv^H)=B?2m`RDNgcxw=Fg
zOYfM8o#{$xSmduqU&t;cO9kVMU<}^=N0*3$E<z;fU~K>$ZhRzK{zh;9uuYy%#AhQg
z8F<U)Og6h=nEh~XJ+k?V$~KbFDGp4sNm*ddskOo}+}r7gOR1JEKl7vK5)XCf94{pk
ztQ%g*g6rO-R~3~1;ajTHVmZDi8^hU+-a8R?_R8=kpYRTAIKX&-1@QkNwHbB=N-N)+
z4556A@KzJMC}JV;-zWL+cA-C&3Bc)n(@vX)`ENmy6Z%nV{jd(fi8{LAFZJ`UfiJ+>
zn*mIu`OCrqIyO?Z9@)ZjbMGUb<_(DZU%w5&^Z#<#-wcy!X8*TF>Ypb)DvE@*5Tt8L
zpvAOpjdAgzEuLGi@aevGdV|FPX7Tn)#|aM@A6o$vKNtmGwJnsUf*qu403gK#@273<
zvXIN~9-zNm{<vJ-BI}&<*~1fyl!CsVtaJRPeV~Wewhi9DP8aJ}_i(&-W7%+<^X;w&
zz=QF|gVLjJcra>!2b-{Cu}SCuIDP5W{bZ>hdQ?I@J0CyuO~rq3^)3tDN}A@7nhoUp
z*2KeM27O8`r(ns7+iF3VyB$nC+Fs+he@~fjj26)Q2MeWw-6f&ju#DlIHMVfl1aE%g
zzB39CQc9x@!swwtqvxtQ(L&xQ56*V=_xJM&#9yXb7sbX^+A-%V?(tI{#1yQ`CCxp7
z8g`jSU0K>G76v}YO{hPAts2&_{R~izFW*Q~yVh({G}*=KT&EQ|t2Oc~Sct`^&wJ*X
z>_j*^hRT%r!*tL?ZxNOlRNkI=B$t~YE^`314rH4-r-uGBC;R=HhBdC&$KauX!CPcy
z=igbW^{60t-tgvoBNz}WNEaB;M&~~W&C1}kxF81GZ>b~3R{Ng|*@Nt@H0^LV9#-mK
z6u_&uO~u`J+N~-V<4?(8?}ehF@>c|AHW<CG@hJgTy<Un;cgca4j{QXfJ3OrU!ro*_
zxK4>k#bD6H`|YP@1gzmqwe7T8Vwyp&okVBE_{T+zjX;6~5RE`>VEq{IaUe<bq5*`K
zL$X$=-K+TS6fbqj`qe1KFqEcN?fTyziD_@G%@h#q){C?^WT*KZALj2HL*98SU1AQ6
z$VsnbN5_;^`>>7^&Nt|7@P2#UBe(U09`YTYN1Ez9Y5SGeax+_wnN$8EZ%UYF{dG`o
z?cNh5VWWcwu%$;E&23h~#$Ob@E&6Ix+riX@2GjVR8`W~Eb9|lz>jckoca9S*TR9xv
zdn^yQU)Hl%7I?B%4jEfCf<_)hzMTv(B3n9qLqBe}GD4xMO?3LcFO9;G?x=V&h3#=f
zOrHaEy+~Pei6ZWUjJAYeTC6pK{84UJ&|6*;t8jK)b$x`@8-OVC%K6Z3O3V)7az-gr
z;lh?|V`|xnW10u!{^Tph6}0oXZ{FxIEj!m=VmAU@Q@49oz_@7tAWWM_dDlkip?o0z
z4M{ZUS3VMIZ&kA>SrbI&zkb5WdE{H%K#|Kl`yM~XmlEKJUZ<}Buj4Uu{=NO@3iCF6
z)WD1JU$cI`wWOp@vwnE69M5DQSs5WT@vr*em*)dI&0B}P^zUb=Flk@R@|kzOkrj{A
z^}ZcOr8WgmUB<qnPlX9tRb<JK1}@}Td=U?UD=RXX7MXs9MMZch3yF0aOcjoqqFfkK
zxN9W3e<)h1Ea|6hYt$@g*%4VVx{e-re*Ernd<I$!|BP;4W=E1r-fqL%=8O1Oe0W%b
z#M#gN^wM2u1LG6`$iHBDQ^#rx&Ty;q8!vNlOvSiiO=TAIbe6ssM*y0yqjW8wy|Lod
z*OmRM-O-N8KHqw_ZAqy`(pk;)TJn*1tf$ZOG2YG@#5%q=_3n?ix86>-Ah=FoD))XZ
z+xy8fzIw1?+@UxBb9U@!&9IqB+dv-<cf8}Q^<K4!JCn%`*tqjuyzy);aQ}U+?>qD0
zP`+ZUb2hRI1;s{7&75NMa4QzqO7U^&!P`$jy^{gY&>Mp0c<QL~)byz?IQ50e4$m(_
zq^0KtAh-K193F|sy;;$n6G*i5A*kB_kzujLPZQ?%(i`n@Fb$VQfYZ!94Gk(aPvc|h
zUv$xG46$LxRG@@%)9q)qxh2e77*XyYyh9-`4}Jf0&oBAG(5!Nkrm@$@)UC0pLSOXa
zRLt0k;d|He@D5x_XHW=D&c71C6<k#ej<6saw$R%J;lgq$cLI9j^Wf3Sq(#aeky6og
z!;%Gionkel8Zx5U*u6q_wU0im<P!$ahRrMoJ}*0k*5^n*diO=f{q2xXq+SIZhJ;1b
zl0@;{ABF6`)I~8|<A!b}BLf{R>msywlw>1!uZc5Rcyx-5N!BpL9aq5A7uB$H;y2Ff
zRyqzg)%{6G*1dpt=7|wIY^mL^@7@0HcuvnGkxkycIb!ZnYSMofEPEnS@<R3YcTfvU
z$qLK0y1b`tE#tY5_~5Bz{lHf-Zkng(-*%!6m8&?Xln$-^)1uQ*;@j1O(vg<m?Gy@0
zL~FmSMDVr7plUsJzyvP`v@L7!@&c^V7(1`QLk(CN#=V5pGzqQsJcJ0BKw^h+PLcia
z(B1k2P~&o*j6^1m-J%~JBt7RhqhvMDL?LT?U?+O5QmoSqw9f)sm7B|(fy^HbC8){}
zA(D@&*0VyRajCT)y8Hy%X`4F3E7vQ{q7XB-@qUBBbBdgZc~+{nV}!$i`M68AA+{~%
z8KhhL{E0T5CW1dAd_<G>mB@i+w1Uxs^ULF96E)iI2Ql$kDiZyI2;~Y|<=2%1mb!fD
zp~newL`YJ3T`bul4RyI^U4pU1hWE&yLqvO=AkAnPT4q?1X59~7D@_~xbR6cc0?drJ
z6Cm@;%w-SHsk<{|O9BYHCxvG>mRp?!0QYY2a-Z`?Y4kb=?3-}vH_3z;={fapFu^Mn
zx&On*n5(F4W%eEg(45tv67wj13DjUCC$|6`TGeb(@u&a|MIBUSmSk9i>UBQR*RGHc
zq9O~N?wie{y^xX%`1s_8g<5YZ`s6gn#*H|JL{)%m-x#4=URZ1BeeC6KbImvc5{W~&
zL3gny_FiJw`LO_d_;;<Ml)58sXR~m7WK~bY*TGcoYWcNQ<7<Y0QviUxl3@vG-m@aM
zFEp@|H$A5g*B*gC^suB!nYJXcmUVld<@RP>TAjsnic=)y+?r@jIlQh<5~06oC*r9S
zcbupu3K(0CJkl=gVx!+y&GZYHyOtD~?_>!~o2qd`usRE0wU2&Wc_*-bSOD+0Uv?uw
zqnGuof91=>;Y-Un0T-<=m+Nv$oD8~*FdBNq(Gz*%L4_kJE$h$BrhnqJyS|x1KB7xd
zVIZUm1+Uc`I0ZM9rwK8PyE=~I#!Xhy=YwPlRo(VqQa{XyV8c_>zoqq5&U++&jU8jB
zh*qpz*=;@4oTQuPK_A$6^GjbzZ6tH}@Ha@3!@~-S+J`H@45%eWN%ipd)I+%+d#w#x
zysn<<GxW(tn+Jj`hnvl*h3*Q2bMFzeI`qcuHzen8MDka72YTAH)i$dA!-M~zj(jQ}
z$@fYZhsBI<7^pLOBG8gQo7)Qv&#;SXCY9H6&r3zceN9VSCfD9Ad2C#y1Xp^OT}4_0
z?n(awpYyNly}&=u1Q*V^W@_)e*os<t`1G??DlgXX31G@TFOs-5;Ztgc>&tlicV*_1
z3_xD;!;Ov{i+v>BF&43Hkx|q7ZY!&^$7<}-zkqQR2+QAUSknvNI!0ybhTWb@AT2!~
zJwS&@$UmLpdtl{5o>_wPoztTR20EIPa+dvfC~(!pIlGT($>Mt2x+xt_P%HB_HpYJg
znqk}wFjLBr%%Z)}sRe)dC%T^GuEf^Sp8Oxu<$}t|6JIj@%9SIR@dwt)bAlp&YRZ4J
z6n4Ui!Jaso9nsFhs}ZyX(w5HuPDttA{p$dhUx5JV^{Pa>IC-dd2N;vc7e-0pu{*QY
z?LFrH&7D=XSI=Rm*T7X?Rz<)%Rp|`RtXif+EoL_5n_a9-ku~JQw+eM8hGIV_&vlR6
z>q5w#GK_=^LHlJP=7qT~zBHbX;LjmVdUx%`F{9A)PK|*^>o0V1&vC0uZ#!x`ezns1
zp**D&4lBi`y~CERFyg;xFWekWk(a#pLxjPE6lF+aBO{3$=m7>U&cdlm)v`?hhFNic
z`U=_A)FUq5KfCo^bBl@gCxxm8k)Y~sSHEXMkJycmf5ASQe5yu&=h$xLJBH>k46>28
zcT2BeS^4Z7#1im4Tv4W?!)6-p?`pFF=JN0~d;WCXl@cJb%0S5$oYe7Tj#2!0)|f|E
zG+gm@7Y4^U`NQuX=@~+a(mi;-Gs@^b<*quA3b#j>m%RPsx-cU>6s9FgRQg)^<RZ(^
zSU^rEKI=5P{AvQ-Xs}?2K_9#4tICHpUoWG;7T8HsrcSe^H26DPcMQH7i@-wM2l#m9
z1#V&<yE-9x)w<hbVb8hwab}$lbKkk9Z%Ei1!WsZVPzc`7!o78sq#|`ChV`No2*1K$
z_73X%t<ywpZJ6<UBfTVlBcR@%D`)5Ox`)C7lcD`OcIMS#8YLa@Hj$ARtNBNJtWrhH
zgN3l%(@KG$!=F!@FE=Edv|WbTS#k&C2!xAYEe0mb#M0?0&JbAXWZ%4@H(>q5czXqx
zFdD&^2hHm#OLtb(7?|ZhE$4rgea=aXwGx;-6Pb)GiSgAmAJ!oGgx-dpuaug@5VyQa
zfQZ0Rk!o56<#j40h4~~43L4w>-C{<k(ps*xLbTR#!$H%H!e1QIvLb}=UMSAQFdEo*
z*WUC(Vy!arDgU%b_g5}R*yPa~+WhPp*|)c$N8(Ev^|?rP7%4sFu}!{h|Fj%?;?v>g
z4XdT`u|fY86DmeFU}ZV5*@o@@LU*^;z;5+9&)#tA!x87n29VZwHt_1Ib}gTCZ+G?l
zJau~v1Qud+r(kWG`L3_$Iy$u6XQ=%*#sV~<1I=X%a)(OS@5Ymoh-yfInv9Bsk6;C~
zYp<Vnfuap|Zxj|`Ip=`^L)dn(Oe_$#JB;)5-s#k*(-cw8iCy|9x!Ui=o~t30ng17c
zZy6Tl+O`erLd1eG5R@9EkrtGa0i>k_q+6uBa~P5ClI}*4?iT6p?q=v1YKVC+(6w$|
zYd!b-Y}@z#`R3;^oY&dcdG7nM?*{;9Z(Iaf|9Np0fwWBr18G^qN_i4|<gm+wA<%|D
zHtBt0+u?;$@g_F`z&126l<3OP50)zY&4)PNC(uOw@13;m*cB~jaZ3@eD|#|R#rm;c
z;a(Jc=~(1Y)Y&zBXU*f4a(3y4dMd)r!s?GBy>+>6Ay?oo+$wa;2_ytMTtB%MAi_>r
zf&0gZz|bsu+hO<>TfiQ=u(eqPbY<=LOV5DG?X$gZ?$o%ZqKQOj<*i7;wl`Gbo*x4#
z5|qyLf*^JPsrILh4M56%hP!6ls@(-(dA$tata0Ikw9-qO-g(_P>{HU4Xe@NF`1#=Z
zzy6=qK&$d-i64i^-CV#U{0CzT*df)T&SUiRc$LYusXnFi)d_{din;Orjw6I-fJB|O
zb2}}Zxw@;h9g!OI4}iEs9=+P%k<Q=H`bdLm4BWrCVUtjZ(|u!rvJt++O1n-|mYFbn
zcB5X%^$s=DddCZR)pN`Li5K`2hQCm4+Xc;5pNCt0*g3nwXTehGB@tJu1IW+*J1@a1
z42BSiags8YUzzVS8*_J2?D^8ATqyj1!Ss`|fZ&W2eT-`q_ue4tscaODfrkMaqW}Id
zc}d`59XeMH#>PbI><z<x{*4v*<<e^fB-GXZM0SIip_7z1#~*NdDyk~ZOn9R2rOlhg
zVcIDT@II$x(E-K0uN@WLH1*vUx*`sd{ZmvlB!CPDFXTG@5Qj#Kq%rUw{|BS;SI^Nx
zHKea>*cMw)MW>NK6Z0kdH0m+Ximo5MwbC!sT>N$lI{ge>`2Im}^aJsF>Ve1O(pd3g
z-E2|LW<W%@#^{~996Ue(uNQ*XUNIGfWp2#k4>H0eT%h+)v~6RXyPEm#-ztM8dSQkn
z+CG!)>Br~2*IW|RsgZk=<{4J!<5n>%*7?%3EpaSOidU5vkpzIEFhT$sB&ol7S6jho
zBbekx)FX+lF*B9xF27-*KQJe&w@5~tE;We5$gvN2FZ{W>T0*q>GwowDn~FprJRBiJ
z{a6S`B3N9$MA@snP_W6_lY-(I!0Jf+rxi9a_qC4nf;2^HPB=5mX}@p74qycTXop|X
z>ZE{Xplr_``O{B`Cz|dTif}f~*QG(!GHA5SnRvlgROE~O{$KnpDfgk<Yn28tWL=z0
zGh)YNutosk=Ozx`-`8F;j}-<JT-rT_AzZeSO^aK<#NAsEQXUrDLhsq<tkO*bB?x1z
zTZQ-{d&feyB<}u;a4r8$ABN?$XXt1BH6d}uPr_=e2Bx(kdA5gsRJ-ct4Ku^6=73b8
z#6PAaEfUDIAnSRdK!|hjGFh3~e9Qm>hZQ7LPHLgnnVcs+hG%|Euz$*Jd8ti^l<RuD
z&nw-O<R)?|eZTrr9ucSwn>)p=D))YBi2sOY{mN*!09V=eD|2%ZWDjhWK$GhPw+pW&
z8{;BJ>~kw`#1s1)gz7>1non0b;1|{ta^v5K0F$T3>kafEiwJ?GWsyw&-<iZ8c0x07
zSJMf<BI82b=w|2)R{@EdP(N~UAF!ypX2wPQA_uQs(g?qnZewP1l)*NIkP2s0>;d|%
z)W&#5@}_atrLY0g_Ybmg0*rgVjQ6DS!SzMQ`?Sdc-!025llP183Av+vnR2$oT)SJQ
z7bZ`q24`b6u~kg-!gJWsZ>VyO`;Y^!oa)|y9TYwhK6kMzaxNL6xxS7F#h0({8!CnR
z27}3h8(q^luVi1)=z#P^0be{OSgc-JTwWCHMT7Ag=M$V7Ucbs4(yWW)CtAN}iF^IG
zW%bh%Z3N*W2olnp2&y>`<L_s@<!DRUL4s*L+VKp7oKQrmWuNp>RF(M_@&-qK_W(;D
z1UKZyi#H>mzDXX&*Y@|teCsQbj~_J@+ih}9XxfEY_SuG2=v*V)l#oQV#L5Is&dVoP
zm8^iI^~iQ!DfiRi8~7?81YO5j!-&#(R0?14v70r`l=&g2sc&{2rAYIjkAwtW&s$>H
zCJKgpCD4;Z<fYaE`?Ieo>H6cekgsI=jFsF-;K1~|aOlFUDiRWzg3(n}l(u_Nl`iwZ
zjTdYWBCiso=!;?FH?|1l;dNpFh;_~PyMpZ>uwy4k0CU`sH2x><V`EBwDn*PNcSrYR
zv-GAhiW})1h0pT{7=X~#?2FJiz+S@W^<5Q4DDkuQ*K|m@t9WlcpsZMRL8##ubIJ`h
z_3WN9wt2*`tz#1Zo7)?28psH-?b4a@LgM%nE%_#OP&C3vJ}dIE{+y5o8zs~WNi3j0
zfuRZozc<_qhz=Eg@PK;_3T}Dgi-hoSUWPNh1}{z8QPFC-pPU4W0{f8$ZcYfqDRs-k
zxA9Cbc#J~~jang2O92SG@V;JH_Wbu<@2BTnD(E<nNU1nboSmei{(IlE4C5o$aW(JF
zrA2&Z7JXO+b05YrGee(kH&G7zrmK<hluXD2+@{`f`cpNLnLdo_c?enOjcroxk&N7$
z=8ru2zzerW3SJ*w`JH5l2RZXdg#;>$XJpr{1acQRy935bOmSpvUp+*5^kf)4%L)@+
z$~UL^x9#IfpC=^c1))gy$nooyWZ45jkXnu9eGrjIBw2h&9*JwhJLm9*B-wV{D6r>j
z55i@H?%k|}W}=VZ84XTN-^Z97AO!q)?9#HzLD+6dppAfIHFb=cA(>m4WRDi+a&8P{
z_l8Of3bUGA&s6@g(E^-kHlWHiP0{fA$OKDyr6lIf1Q;4Z-+F;kM$n)CPM-fXLkoxW
z92Ca&qPZPh#Lp0Zf;5;`Q_{ZkKTQMClzGzT_}>%6=sAv+;9An{B#MNj0`h81F?Plf
zl1|A8jPlf2fb*gUwozWOsI&`J_NC?Om9pCxdPcx#t>|zUs=1oZhc9!F>)Xc*bAJvh
zsPGiS<AYhvrpG$htqDh9NqLBG2+d9nntCp$M`;{6@14a0(j}WUO2}>W-OhW-e;Vz7
zI3)#CbTY&jj1AevHYkB4UYkh-ZWonQ9f%9Bs;DK6An=_$I)@{>yv3YbSv$NIMPc#O
zS=S4EGgknuG2a{E-^iUGx;)oEweqfjPgL!L@R?)FGu@6mK(t1lFAx_B!D|TrF!Jz)
zAc#L5OD~-Ax#Awqon5(toK4U_hJE3Ydpn!;U#3WJkY+Pq^R7t_;n`fb4u*^fB&C7I
z2*K+PyJ?+pG^rDj1R85=*gq`l{#GrSKF{V-29!0*Wt(KHZvG^~lpw}d@1qg5L@LNe
zN)KM&yh;igVOvQN;OxWL&}5h%-bVm|FaK3x%0U5Tb66_LbGr`8MV;H<C?p2rSX8kk
zkUV3j;LOtFjk4vB!vTQV6hXE%s<GL1<XHRn;1$4s@oySaCV0I$7aVP|ZW7Jtil$+E
zDA<Z;x%x~ZdNdqLFAaAUbcLD2sz1A^oB$SMZ7w0`jjLX-{;{vLFx~o9ybCDSR}P2W
z$-nMyS6cQdGXl7|z-%hW=^nL#Z8JvlBv35gE1|@^UH1P)^(vC~v7j}msrsraPoNVc
zOHj`_b_$Q~>DJVqDky}x*VceZ)PMjRRlqwt5jyS;C53E{#X<D8`tWEf0iT-RsbRqY
zDInkg<4>)=P#P%q!I%?0zLEusHNrhCDi{*@04QtaL@!b|_>BoFo;E(C)Am%A`S1{2
zD)u%UvO)67Vn!!I@DZd}>bn8(pu59&!f9#3zlKLCKK<>b_D?nEpR!!SXb2VORuiA5
z^&fp6z!j~sXTO)qzgbfR3{lUYJLDD*r05NXkb#oiNg-y1;Dz~;+wYwFJSCIi;y81S
zojG0uQ#8L%6&rNYYzLIPdPR*en7D`pSZA~!5Oo*sV;on3v*@>Q1TVW{<Wc1jKXsIl
z-P%-s{&H93W?VUJGh$GDI9m*IJZ~SsH=ToEjrg|evZTGi#0>`=SnGF%TjzA(mKS2G
zah|_iPybG7)&U}x#nNjQ78XYnbsZ%P9x<<p!LE?Idq9F5?oae4Lt{e!rda$l`e`K*
zq4_<CZ%_LHy0)#F#smgN;#!KPMMCpow+^)H<<0;$3l*T^-Xz378FkCA?Y}$U700;@
zLpt<U%sww&f7#Rw5|WR8-O*I_fhhrAZ?NeaTA5mV5KwN93@U#zL}|m9zI}`BM)hKX
zCGixc(Z2p{Se%L|;g%N3tQ%wg4W7XE&3X3VH$}Hd!9mH75*)<sX7wzd-S=y9^COr|
z<CK0|3-Ff#p;N_vgP|m7BJ3DV660n{()umR^RE67NYl*75!Ws(sDOch?McGxVO;U>
zzT^DGe~1lFLVgz;u7#>L=Xg0>RUf(A36A+N$kh%Brv2(eO^byuI`!oD>#&tD^6ru7
zkZYCaFbw77#U?is7RcePtH$<+V;=^V&VWcKqK;*!!yUukp4D_}qB3x6J<kR=0TQbq
zs=i9AhPf97*#^fZA0O!f-18L)Uen_QVdCM~;{fnAA0^juw0?|?^<tTRPZEBqlXGkq
zAZR^9UI?$*lnqKpNlCfK^YYlyvs_MTs;wqZOG#m2?m_wzy}kpbq%TE=$U$K%dp^h5
zBX-Mr?+&99{jXvN@%l|IM`%&+_l70D20S#KI*<{USn?il>n$?RIh`cINX_z>%mY+%
z08pje{RcwVyT$F!-k0=^{P(l~_~rUH<;e$xCd#F7so4N>&O9HnKdWvbS##ucUZhUn
zl2B%U5MkFkCk$SHH7rzU@_nRZYZ#mc;xV>FMBYW?s$rC53CuybRJzUsz9W@23!ukv
z*E8TsZEh8gf)8o}8B9F|Ov{MHT5tuj_uUY6Od}(k+X_BohZ%|aHhrA=BUHDPm}P`c
zB9)u_N>{oOI~ZjibnF<{0wsmH@=4>*jP&;GoW5XI9{^&rEoObs&zRzloC;l)3;agP
z*PTe7Fxn{Xx}dc#5M$RU<GyI{ASY`%P`vkpr%vzn4P@iZ`>4ly!%8;X-I(592mtDS
zp-dR3;q|B4hi*~(+cTS2)0esXFiv^^--Z`S@hgkbm8Z#yhWrn1Qvvt?JWX?MQEz=;
z1aIZOC_^ziS%l=e^&@*@7FA><hZpjZYjbWFBSS;6i9~|%($wv@>zu3l0OWs5eTeeD
z-<;%!aGhPO8b%TJn3F0C<DCJnSKXRv(mG0#qns2XreAvPBQQ&&(b6Gp3m+$oOuwAD
z(m}1XGK|@tRD6HPkk40jjVp5JGo{!*wOO%!Df2OD>T_D_9X&4j$u{NXz`3G#X+_mU
zp~jKv=@i}AFs%Vj%YN3Q6w=$OcdJuw(A}dB_ZKdCLa%OZK`TT*so7|44sPy<>J@y3
zy3`Viw2Co9H=m}FPieMhG{_G4br7a^OHCOn-)yw#5F<486JtEXriE&&@krM!F#E;7
z2<7|`)r#*%I)^iB(;mJB@-&E(_atJkZ8>s7OBMi-Z`S%Y5r*Y4xZi`Q@5^Ka<z}f9
z)5%YxU#fk&W7Yz}?|b>8Y22zl(CXnZR)eSF*zkn>bbxfkW|_AkXA?$<EX^P#yA465
z_wCkTNV3FDJoJv*zOlzTs?ua|*A4P5s^23rmsp`kwB|dQChz&UUcO|Oat3TYLe%jj
zz_N*&B!_m5!0}X6+qBiXuR|1h+p&Eu8D8(^T|4b;w$<U|H{3Gq(ku=Ir`pzFzd?R;
zY8wO2H&aOR7KVfdb5}CIyVh%|gz|KliWb)I@A#2lu+DyN!gt7$7@&y}=BcUhT(jhM
zh(k8@r@i8S{3d+y2*8SW_Z|mUe@z}Fcs<a1UDiNCunORvG4qqB&j)60h|TV!M08`2
zLm`H6;fj4D%~IMkSB9Q9TKhL;z^azk$)Z$*H{6N*dLMP>N>&9o{!Ts%<#q+hzaC#>
znpBpGFqUHE!E12&UXiLAS6)E5A!}i$Vrwuj7Ixc_`WN!~l<8OU856f4cf*_Y7OVq%
zjOR<5_N$Wi30?e`ox9YldRdv_q(BauIpR(t{_2(E-G?Q-2Nblk--_4!Tl3So-N5F?
zsB^smd)bzV(MK<go6-A8G}F0Csuw1)R4KV0q`supCC$M;dg|~~t9Z#hBW2E476|dv
z8~dsR<)6J*6zFot3~hNK>~dTEc120v$PNq3Ex%YYpAjHalsWTzZ5NfZut7=zfc#*_
z4N38LF`&c|xoU|DI%x<<XQHE{x5xXEpJQZkD?hesgX$kE8c4&T8<R2}t1TG*$^2x9
z$X)7**Nb9NRheNi@Uxm)`VN|<^Yi%$DAQWVAr17sE-b12X*$Sub3#fI{B;o>$O-e(
zYCy!jowD!s^HSWF=f20%ku3M=O6@J$Z;D^rT%`hxt%*0%;7KdgFeNvYN-wo;MThd&
zxzF`M3N<Wg37`7R!gjOXMw59%UPHM7Nn?xjEj(3)gWz$xSyJv`;s7>_XE;LL6MTmu
zL}8hqpKf^bf;=XnqrAP*?>8<Y48%0OXwo|OBZ<Cd@;vLP4ej&d9gt3~<W^b<78^EH
zq&Rsc*o2<W|1cQlw!WOcto3$Mv)H<~dhvzfd3_b>j{&u!kYT#pGPIabgzaxZmNm}1
z=R24MH(p6@swFQV34$`xFCDm?HiEO@Ad?7knAytldFHUa?1~^ic|sHiHAj?k3L*KH
z&80q4(J$@jxSN9cq+wNIOxB&ncJ!Hss5||vmY-^Da8z6;=9~ss=mWXnaxI<r3mt?}
zMb;)?K=12A^;85`IdCx>SN&l}gsiepUtdZil|R-<_8n*qqse@G|2;rI^gdQlU)xfO
zhE$`Rr%BX(I-kk)e~f9*6ToCN#;?0%s-@z5dlpSozs=RNwENsygM|COTk^_@2Cf4n
z+QAbt?r>OhJYRMuPr-ftT1F?FPeLL9h%6NSHuiuuE*fID@_=<QLUMv-_H~pBnJ;Xu
zDm?h5G0SjkTzye2AXwA)C-Mx~&FC~w;uRZv9-e;FGFwD#H=8V71ujalAXWCd7>FGO
zrxgn(e)w*1<bCI~E7N&m-GEH-<F2&Tmz6J(HJ>)Tum`i5V<NhAwYVty8*2qaBfj6a
z!olgkWg$Tu@Zx%tgs8B@Anr@EJoj`nw{TkChsA_)s<=?s@vq0A-hj+c;WtO=nU#aV
zA$KaS`RWC)bM^Z{AV$ru>;0Vf%cKs`kI*}s4KDbV4wK#pxf*Ujr>TeTlSxQ>q0`*b
zSz&{lZ^tD!pkeg5f_ww8{QS7Tg#}mL8KJhiDb*m*PXKWaff_Bn%lN6$bUuoJl2P#2
zVaEyity^l!zv48FQl3XbL;#)e)7?LG5_$1tj>D2hNpV{g<T9joy96sg0`bA*wFSdE
z?6vW_OHwxNVWGC?U1_2(yUymHp5#DmrxspBMMNB@yyy5c)SoaCGD6)?Up%(kPzEAE
z-|1xxsmBHvj|`%XMm^pSJjuI|5(a?U*DnvmHsn=XLOr%o#{xKYK$0)N@*&3Zg1plp
zA$tAqZV4}MWUwlDjEATZQs?yc=c%0+8Gd-QH%Z@7Okp1th^QM_{BT}DyT+XRajua*
z>QRhS^aZQ#&pQ|xqv{VxM1i=SXR2IKuW3FQQ!%me6Lq$HExywu4Xqin);!!Vm*avS
z1Idi|WhC4L+54tIsk2m@$KUAgvonXClyh*#6ydrXM+OdF@Qsm^$qYc+<~D0J!izwK
z%~m+tVOG^b;R0xiD)kR+>Faa1#DGOZ{RY|Rv@{dlfx}OeW;+!b9!yJ8cPf>c({`s4
zpL2mJx>z#wPlab;knHO(DGwXC+(-E2=meVq?(6LdWW6#h^zg71S^)n-G|fk!OEfWB
zv5Z(J%$T0EmVV(%|0h2KARd4mdyL}G8_pfZRK4Q8xE0FYqS`x!+*LFr#fM*jgkk{u
zeuVaTZrcSbldj@=vav|NMPC-_;&X>ba_tFf-QLkJ9{Y9z8+)4maoB6690!L0OSAI&
z)djnhm6QQN^XFFFpSWe=)gTbVx?%_DOmDyI_M!o$QUqD<8(!nJ4k@n^T}LjR>m7M4
zsB#eR4hQ#1!}b1vHxjv6g+HiwFz)|`diVJu3mr&J?tIz%qUGMLae!ych&gB6^0z8Q
zIKc+is-9YrCWmAUeyC-bIta1l22_f|`B|q=CENHA`aK02N=1KC?+n}jTk3t_R-{v)
zK-Bd!BEv%{+oe3z#mlz=C>|SN#LVIKVYdrfzF|=&wA7gGIWK`n@k@o%Nq?$*evUwn
zKNGEQ5J8!uGAAut51^clV-kf>=;(YFcm|yrchS_GYbSQt5p3>lpKX$f!Pcv8uE5YL
zJ{1_QAqXEXVriToirVZ+TYUOhUCPF?piTB^IRvqjKlZLTu?lbOEbio9?8&K&u3)s|
zw8cDx!p!u&4sF1qkP7KG?sxo^Hy_`-=xeTLhQ1DSvqw}1WSJBL$v9tgt}=1iXg2Tw
zx0-_5Q_1c3p715t2X61uuU=7g!}?;sVYO>#emCW6spU<K72Q~<xL%1_t@f??hdN|I
zgG#24KX2x>RjlM&2$`JMzr|Svju3LHk==6T988%Jq!C;_J`$#xr4!i_H2X*IozKy3
z_Ac#+v<@8^UyK*#S$)$Mh)!^kqnq!L!))oQISsw%KbZOEFc*t9{+gzA2FRJ&d&N&x
zZ}kErfh$Z-BHSx+sP-YEkO@k&LK6PE%~{>*tDooRHED$NMMTesb@qpN=(KoT;rMA`
znBb9R-5!YK_fw<eF|}Q+SCt<}Lm=<9L#Qcp)MmD*oPQ_j)6Fn;|Ba;g6$TfHdnZ8&
z8ZhV&v<&&U+4we8m9(@Y0K3t|2o~v7c_{=dW_qK61CoFc=ak3b6~b<ISJlBf)t+~W
zT7d=z-x9ipRHjuoC}PpgdBJ6F8C@<)PdD6qGfQ0Z4w?8{XATsW>%zNz#HvPh?V{9M
z2Aj@6wfD{LfH8(NM|8!Jz56Z62_VAa*kLYRZw)W3FTmj|@=CksXomYTRRLeCZo-U*
z`(MQUi~ma8yTAV%aSs*RO<lS6|CG2#Jj`3C?R)}T5?FG%R{X`(v6b^0z@h_@X?&ip
z7?KiG7B=0T&GvztUxRAe51=C<VaHU!ZDFunS)%LgTtY%k?I4Xg<Z)`WX(jPY*X<j|
zp_lx69w6fS0zh0!RIKVjl0Hsq9r4?%M+AT;`jsv+@M5k__GkN~tgB}aMYn=L-#8|g
zzr8%XS_V0AhJ8@mHSa_F#sRF_A;j#MVofa?H{WI{C)w7s;JS6u@;SG6IfyisKUH!3
zNDTn?lYOpq;(MZuS|`|Sb6GcuRMq6d1k%?mETo(g0+)SNd+ll?7h{!iCc1D)HofN*
z=-GoscsMcC?8Pr}0~$BcM;>GMVMJ3*bQFjs`A$shJAWn<jB~pbB?1^NFuA^dfo8Y{
zT(2b^^m^q52EAL3xWICL<@6;Wod*TzB_a02yvI}bXXt-@2w>C!pqf3MKiErJ5@^qS
zbe)I5)9x;^{@X?f&rgr)Jy+RpK!?)zB>@A1-?f222Cxx_Wpuzf^3R|w1%70r5OTp+
zxOLW7_4VuSG0K&@t)6K(AMeUzy<e99hq@3bL0BlRD$KY&GxXZdSP;O?3tWQk7m!ul
zE_&LMk8s8`Ecm5c6G4Yf=jv%0fOL`nCt*zyP2@|c!Y+-YaroYv{U+UbKL&n68PEZ*
zPJRSyT(s!3%^^mzOahD-Lg>HZQubQD83QQ&ch>mx0o06Xk{Y_gxYqCg81TTuqKke0
z2Bmy=>4I?rrVj8QX9j-f-%d0?$^3C+x3>yhXCk_O;hDt&F$6H<UxDEt7DAKodcOw1
zPEWtV?AaNRwZ&ojBV+A_;1KZa4EN|?O7rlZ*qTa(i;hKgC|ks_?1h|vpW1cMK=Pcv
zLDsdZ5`ETP5yB^1{5rYj;$&lJ^yuIp-3MS1@JNK_MCyX9V|nc%kOfB{utQ&Yd7)Ts
zPXldc>ZXGd`1>P0sBbkjn61SrA|mf=0dmtkg~C$w-~n<SUh&`ApC9UhfU>=JnijVb
zp5NGvFMP8chx>!?){nYhu=)m>er-?m#^TS0^c?bn-4h^pL$Bjch2prYNXLV*TI4Cc
z0OhrU4&4%Qh`rIot-p6Rpg`=eLHx{5V%w!ywi4!UDM&ZX;6s#&FHhdkMQKV-nGP12
z{L~Y!Iziiqp;vgpA1(G_WO0XSO<-U}2!p*+dvFxjLU>dr0&$`@?>)XIQb#{bFx9s%
zz597|qV<oz&sCtS^wp8X6&oa4%dxV%0M{FKoHo>n3)qAM-0cA01Rhql((_`p!<@ry
z0dM#O2hf{LO@UoFwRF(_z7cGWWgk0BTfb0!_;?fMvd#yAA1wUEyf{%|e<OdTu9D?@
zo&&M?t%0Ug6@0$-y?Uw=S8tE^U1azkj*LKV>0f~E9{_C;15{X{j`DVFmR##*l|l_&
z=dQ&#n~izlmrHNB{==NWZNn`>0#*aLSXO&hHqFL5Qko@@X>VIMoA#ODE^t1rrQ_m@
zT-o4!K06aEyQfv9Y<)X2gt4eryEu>Pg6j>204q|X^ac7|od`t4M0WwpcVr8e#fCqT
z*Y7mTrDc!!2@q_Tn@W__`n_)QrnjgrCB45tu0O})gzeXJedf2hU(X?hQq$>gY2dPE
z0T&|4W0sAXuFqQEl_RH;?fJ)~`^5>gme&_?e&omEk7RQa9BcI#VRpEdGR$|Ggc^WH
zybw>gbB1hhduXZRNeH=X9Ps}w0m{$10LcIy0!5a#tc1JSJ{3{hub!q^zSxj>n7*D+
zKTVL7)>H=M#i9mhCmt%UOU9x;vZBKCbkyvTJyY!$NusPUq-8>T50f%42)N6B2$CGW
zQ!;DgeOgJ|x8y>W`a8Mt0~G=w@gx6nvH-OACa)81#q^H913bFO?UP6~WMewPXxUQ<
z7QPc4QtsEYA3Z+sn@?keiXp$P;WIyVPk%I2f;D-WF7aZw@H{;cDVj1T*_%&xMyP>`
zgGsIaF$Yp*xBlZL8TW@MIGsYFDgN#543c-9<SUB|TiHg~iiz5(9#(qJ-K*XS6k?C3
zl4TvYG6k}*EFP4bgXQS_4A;hi_S&sun=sxmN6v7PYWDZlAWD2q?uiJ4eZKw(bOH|Z
zSWM&|;i-EZytKY8-IF+fixB}>-ya+iwgQs)v7@wz{|-ebmY?{u$*<;SsPBqQD(`28
zZ90-0tW5O0{rIx(mnZU`cHBl1`#lzXCKU@g!VFX`4po;`LT2Qb?In9%ng+xG4z``z
zyV{k}EfTnfmdI`M-N5B;R34Dqy6_1l`^MpkeIPS#d%7|ZibF@vDHuG!$TYFNlXz-t
z|F`u5Xa;`}LmA)tFm^0i!v-9ND1N+i03G<(@|XzQ!w-6|ch5cTFZ>T+mhgIQ-Bb`|
zFa$_H{i_9yC^zjI;AM;+(~qGR&3lKXDq_p|E|A;~46@PK{Pz0*{rXVP1H!q|sHVtI
zj#Ny}#LV1o#}~169IVhh3jI6k9F;14T|iVc8|53oF<^#VbTsmf0?^+O>^;}3FPiU)
z*6Z6PEf*Gw{{ET(f=7Nh)S^c~coeoTqX)#nEd>BrUT+U~B|IZF+6Gd(__|=v6x<j~
z;XMuNIz-}61u}m1V)=?E-0xG2wFxK2{cWfFry3hbONkZR+0J=#n-z+R-y+&IgxVb+
zcJq~u-T<hGm$38G{Q8@zXNs1S(f-`0!fNr{sQLT{_#U*&<7tMraVYv@-_A;Bl740!
z=%=956h`jCmZ^H0GawN*WL#92!l~47dLr6se#pK;8_5HSKABcMJEuh@y{th^x*xyi
zIAiHFv+NUa3+oA7-<92E-)*0mg1t1~*@8i4)F+N!z8PsV?9b7eT%uUw>QI7N{lVJ%
z@E?r&-?&??K8(je&Ymutt(YeXnAwNgyV18>_r==JZS=!>Jk)C}#wC{np_K*QyEV^4
z!zoc_=clcmD$#j1!^eBeu%ma#idm1vdP92bG*EklDVZ;U+Eg%YfyrVCxO)p}k*qnZ
z!ckx98%@7HZZ#imUwKaVby@_7mZ)9!z2(;H-tSpeRZIW1#jZ1Nvp8QK)zN-pc^1*}
zGCd+0aP8PhP!4P!KA|-~<Ep?PHg%GK^uJhs240w)hJES+zmnT$Gpx2R?jtm#{{7AS
z*9!d0VmT7QD>UudSV{zRj0zuKPB=TfU{q1WLpwP2vHD(nZg;};Avmd)PrW`ouDJ^q
zQ5AJ6-tVcZ9-Z#nhf&cI$f@NHhjJ3Nu)*GCYtG`gJF~%77j#2e1DNRM#N@G9zyZlQ
zv5*^+(wPachzMKu&;yws2{7&9fUum28h+gJI>XXAR)Y3R9O;|5*#DPFh8_-i1QCt3
zeZGg(8f!%vEeS2vfULRz|L?Tfe9zhkLN}9pc!B$lFJliPDOYoG!rrqMBB*vA8N5DF
z1ERUE0KLoiBm)%4(D6VVKvHQFl+ODwke;7_2$sFQvRI&=Kaxz^^8UgO*M9_b$tA~|
z9UE1ikEeTUfxN_G>iDWB3sLP6AVnm^=yW~EABdB|+A7=v++Ub+$eH>HpFpoK5OZ~Z
zpzT1+vQe*&S3c{InJb+-K^;t?*nK#rQIp&YQw42b))*X1hsI)eqj$?ji{D_;<Om%o
zh)#s4uvNNP6y~IFKK+F8`F<vvBibfqP7IgtTeblmUQB{JPxtOI;f6<oqOUv*xIZ6p
z?fHl6{1jB)uNG^jC$~1?_O^$P6zUGUoAJ#lL;~6l6^`lCXVK}?-S)PU9Xa-&x6LG)
zAqsRqJiI%ItnqL`a5Npo?2njoPoX14YrC0M>ffe`j-0o~>s=6<2B#bDFvp{lT*zr$
zgc_H*_*7L-IctOHq<W<!y8IlTLaow*Mt#;h<f=!KE9$%=@<{qn`_Se(Xt?#{Ugr4Y
zjtGEwJk8$tHY_9GJbk{g2CB5xEK|Bc`aVmo`ZV2Xb+AM=f^w0{J7PhGrd!<{b$*_e
zjF}MwdD+A0ATo(RXSzxRHgG;EVu!u~CC>GnUwI>I*5k_mIphx-U3?KRW4pmaqdaMN
zeLankVAtpAs<LM<E7nfBI#>~L1T_?ts%LYFPId^5t>I0v&<Oh4@;>;Tm_Cg1maNJ7
zRW#WCTCmM%@e~5FvO=y~+$G6gbbX6O%6|Dd)NY1z()}PR`n1aN&3T@CiqW8D#9*L|
zN*sYc=PIVcHY{#otrR~!0n!qw)nJJFOp_s`zUzFuo<jsod}jl6MHU@{OZd}M>O6~*
zV8qqJuX1(QbrT?oqxKTucZ1L33_byQ&;GqNK|t0~5%AZr|8GAq76${V)kqT0t|oq&
zNyPA$CP$a+dJzKA2p@bpLJa5Y3xO!m0N1Ld|93xlN1vxW#Fc<E$Qh6n3j*$Jm(vQ!
z4nPMaKM8^GJQ@RE`Em=(A&6?}j|bIA*u-wdSqOwU{7sgIYbr=Y6seI7+;BY(Fg|?w
z=t@N9Q~pgDJVyro_UW^19&ev#DmgSy4nS=APSAK{>v%!;8&xz?LFPb{+6Mk=l3`oF
zXK$BBv`3fJ{*5Isi*Z=8u2$#V0q?$^hoANHLA#<mnck0iOoshRbrZ>z{h4m_%dlAc
zf5x!v<X0CpHWr<BbBGiyKpuZ)(I!ANA;)4O2E1)@3>Es>72dMUeNL}5Ff=gOG8h>l
zJO@#8PcYw&e>yDB5dPG%RQ!&uv5}dYvxue8_Tr*BoA78tgm<q?d|j2pn}!CS_Bo3+
zeZg@e5hpZ|?NH@-I@NL4E*hbMtdbVHSmEOGHA|OZNP`IS1GUV5`h!{$Onk4+80CUv
z-o?Il#2Z|UW&1E4<XyGK-|u-RxVT#~joQ8k-$-40e1M(p1rrm~SfSKu++J3}_FHGR
zQk|WUp{u!-G!;{XhO3R5($lOD&^GpqMTe}h{Fe4}%vp{%pBIb1IPmj{0ORYK-l#c6
zfSx}{K~tskFR&y!8@-SJRt~Jr=xQ8T*YmBP>sCuHd3X`xI7_KtwM8L)a@W%Be;6Yf
zofA+ALyoC|lFBsuSBegwulw=B;3W_J1I{nuU!l%V#Xq}F@faEt>k)1keBE(uZj@}z
zg|i;85h|PCDa-ntW=LErHO*S!I5F_tU&>LdJUx0TcGxpKh45ChsyT7I+Vz(`(!+V_
zDH$1jM*I!BhGm7C=Axo2Ttd%&RQ8#}=bIEa$Zu3(x~Rx%&gz$*s%X+P_Ia`aTZT5U
zW&B)Z&$HpKF9+qY;~?;5%{lXI+tqo@yV;+svp!dMtGB=>?_gQ6bq@*z5N5x4U0T~<
zyyg-<HbWGYJsNC@FH=;=y)+2-wYAO)u9wONTDV)jH0Nv3R@K&|C?3cvs2H2)xJ75<
zWTxq7QXk#r^6jySnYW7B&2lDjRWvoO!QvBB$AQULikhm~{)@5JLbVl@4_$)=*v~j{
za%aUiRuynh8yY}M;gV&_lsI@;FCTat1;4w+AdSGQJMh;{&Rc9WWwTK2+EggbsgdiL
zo*L~{pj6WFFP+v>qB-*LJqVG>gr=~Ya(f6F3*8$HNKq9p7FDXs{pbrmzKva+JL0)-
zIK+;hmy;r699-zNSCYPWZ0?nPY_||z>B~}#xP}wu+@9fgAEVkkzplnbsyJaFJd4iy
z9P5*wkPPu-vl|=uy<9nyY}vP+edL*j3eC;^r)zB>NM^nLIo3_4aKkSTvI4$jFfxzW
z1kMJKKX>81>2ci#95v-vlJm}|&lCP%#)QNPiS38)^WE!Po&>vDaZm6=U7=!Y%sDY-
zNdItw8@|Y=;qzS<iK3!Y9D1`c%I@c~oPn4&F9sbl+$<yqGhON}XpK7WpS5$G(OM^)
zYW3P`#$mc_ozIz1@u(J7X6#LkD4Ek&^Vc}2RcC)cn$di0Pz18mvO2Q}5#=}b;x`d9
zHm<I$nei>cx&FkrM(45amU%9HX>v|}HG|5h{#>nN6EwaOw7L%~cZWY)KLlCZjHw~y
z8<*JYKN}7=#*W~oY`yaChrif3WK2Gp4`hnKpR1jXv}PA_>6$%NIBZhdZ{`@p@G+(f
z>`}Hk*ibdR<(ThR^V*1$LwSx2t8tW11G{>>X7zbPrQ$>%b2xZiZ~Od>`kVx6Pb>3S
zp~17<W+!?gue9ae7NKPAqKuFt1{bK8$UP;v|CWh&z<$xdw5)sv><$7-TH9v2-eR4j
zA7n4C*!o8E;e-0P&bjCOu33TZD&un=6p!%+>GZMqjnZyZnS=8SI5M31_OV+LrIWg4
zDK#bZo8P1dzIDMCo@4qyOAqUOD8Yxh*5=D6JUheX8lFJYfi8%=O9@9y7X!`@KR0?E
zdT3Df+uB;<F2z$B&0Y~&l_fZBM#YV;QK^Kzj6}OnI$_chC+!qgNP%6a9LBcdBNdr|
z57x?sc9H^<InSKJpN6J>%c0$(p(&4k^ZH4O?{`P5sqnEyG`c!3t>oNdXVp@t2#c&g
zR0rpRA6aN2O2K1PiXv%UQ}b%7hJG4S5|sgqP1o^KyHW9P1@E}TCp(?^8}JvXm}*9y
znyF9c4J8M=*(TLYw~hMeo3fdx?oM(rtf6LWgGYvTZ&YiuhYsKQV`p`iOVuxluyNJm
zS*@OFL_`t>2g<$WHSrXman>GDgZgHP1B}hId<Eob0pZ?x4)%2l=4lVKc|L5*W*E!c
zo)KVy<#3DAmzt%v(o}E{Z3ELH(`RLK)i|-#M<qGEB&pbxCBfEY?hQw%OxB~$Y~_OY
zswQs_x~d)SGEC6UKa*OMU>SI0aynmQo|{Sb07~aOsC{#BqZMxI$gYP;OR+G-Qi|{z
zYO9noOU#=O&ZYefYA|8eJ1+nJZ?D9IJ`8s8IBMU}g&Es8EhwQOUL5Zx)|5q~u8@@B
zSB^G4*eIbq;k({kYAf*~OYxna4RZaBr(lC8k`0OmnpLhNVQCyLK3;=m51vo3KB%nR
zAH>$a*(=)m*`@H^F(X3I#~W(BvFN)TqeJKmuQN?)<STZI6=+tjYv3`28mrbvhX>^B
ze#F42?j<S73nFj0f9Rn#OrBt-HiRPG7JR4FPKpRGmcMB#eWTn>LL=DeFnTN+4?4r^
z%s4zZVXZz(KVzD8=!r5ZDkTSpADy-|<GDQKzh9a^<{L4(OP%898t=+U_0(?uO8JiO
z+S*#U(YpB<)x>oqb~!)sT!?-EKDWC~%=Eei^8OBqcw84QDoJ(j-i`Eym%Oh|1k}9=
zsumBM+Q&otrw>Bh@D=#3>nrUDkroP322p?Q>e&_1qR%r!ZgWG1x;uBlwHcicHsYC^
zYfqclCsbmN)*qaW?m8_d?}f<7kfKys;t*H!-IUPr$)LhYeHezF8c1T!CJ9r8SViob
zmIoOuzJu~aAM3ilZ<P3S2apUa7=JQ>v9l0+!HRuta;S;ANTAyu1TCf!d|FFdUN1)<
zKEUU=9;doB9~;-WX##y-k_rNLA0{pcbYz6CmWl4o1RoJmi?xYSMOH~p`AP|H{)#_N
zzI&KBcux7(ZcQRwT*2ryzZ2kOhND=J(|%mRk$`(9u#a~ROyr|2K}Y3XO*rC7#nQa@
zxWYzb7CY3eCX8V$VzX)Z%Ud3jF=B;pe^kpBT@M4Dk$U!P)8AG2T(#SzoURv4a;kc-
z@+tVtc;P#f(&uVwd8TS(2Hv-5YhJQAVOlpolDZ?r1B{!>n^iROwZKzHB;5O*JFKtz
zwKh1ZByw|{kJT|GvmK8IP>wTpdL9L2P@dSNU-}R5s=DJoHPVlJ2fTn;jJC{EzyPO{
zce25*ZhD&X{-k}coM$*acMu%)W+K|%^s~=+acuBBmc(Wc5a9YEkEWA9N3bSvrCP~p
zqkh25Hp_9XIYeHKKSEVQRlr{0j(Kj5vB1oJx_a{%CiAUHm@XxM{PHpeM>Q+SV<UAH
z3sC|RololYg8rkdcTYU#hsa9@?G;g=T)K<ieM>)9<4>FMZf;zPm{SHb4h>kQXsS;~
zJ8xHcjJ(>%n;V>fPl3-XshyP<ot)<kAvnh*F5wZ{GitcpXW^1ya*#vvs8&rF?#8_l
z`~tcnBI8V1pNOCh#Z`Ped!Abh;&Uyt`@7oD(bXj1hN|J2W8;R6K&)Td-X*7yQ+}2o
zeO`j^WvH>kj`bdI*V2gSgt13z`cVtdNAYK8ms|4-TX=m`(wp~;XfY=YcT}sM?T)%H
zA7YDBLV0MDfa{0|I3yfVr^FluDLebt=<AxnySpGhB_uiJY?4=4o`dk(f13XO1fvT|
zcq>rb@cNeWvT72|c=5`)Pm*t_R+n_+v8K3qE0Lkg%3#avR#(JK*ZG!GX#*I#HgTBW
zX#cJ#x45o)KKdKiJsT5pDjbDEh1#|EZ-e!?q3TVFwi8*+IE!~y6-+8Cv=VKGMRuGg
zb7vay!x>=mz6Lsvue1m(h(B+>&KdoY*YE0bXECA$8Vi=0#96Ksv#$MKgOfkj$CWa|
zN>E5&p4}CG0<$x|H?2gJWYK$IY{jnMP?{3T)$%F=cK|m>E<#{(V76<zUwUgg;cZp)
z$=JoH1jEGk_DExxDwb3iDsz;FAFMZuv)RU3y=YMUUaR(gj4lE4ng|j5!b>8mp?TzF
zrakUKTk`j85}^iKeYho_($u{oM8>O4{4JR$xYXF6&+VzTwCR<yab-5+W6w)yUe(HI
z>dkzc)QYPtTAg)0KY47?5gM&-It`q92sG*Q;HjV#(s!>>lzj4W<h5r=She{;OpcVo
zwmMckzWH(ja%o*?3pMRtEH2rH(QyB7C)PCT^ds8W&KXJj3f1Zfp{3|saD&gL(ivO8
zmfrNBz#!@E2`&sq7Bt;hkxij&sakpH8)JC-q`W{CUwN!r{SLP3Tic2gKf&JCRgDwX
zMdt`gZ?4gOn1fU;gVPKvgYQ;4(P{N}FZBt(ry+`Gb2>AFm;&ss906xn+drQsA_)b~
z<aUp*E|+ZI>(u5qu2oU>9QMy_VKCuP-b6|1`IZfZ6dGirf5g<K%6LaIZeGTB-r|9K
zpY7Q7(DKui4O`(dNA#L<EH=+CgMr$6pu86XNGI<eHFhSG1D6Z^lmT9b<Tx~CJjbtQ
zUIq_yoAx~dD9>FNxMj}U$SgwtC{`0YcC<i_ZziH71ne;hI9_wQ!S>!2Wsv6}GNyMe
zKbC(>kAk%H%(ev2cRB(YjqHq9#~H?b5(b+g>yHVKZJxpoLj4^BOkW<S>80NWSIe;Q
z<)3Tg{*hC~6C3}ZO-S4jc}3)z??E8vFiZRjUeNTrFvoTbD*r-o(KPhRNfdk;qfHwJ
zgX=?I<ZYu0c>QSqrX7Z@hc{~9qPI}#econ@x5lgd{3Fegj#Ll`QgNt|b9gjWtqgm_
ziEbY7`*l1@;G|m{IfJ!`>0jUuX9`#DCx&I4yix-d1RRKw1Gi*mUsoa?{SNdOlZd3d
zw^o<|x!^PLGB%}165R4#9~5Jo(S)^yrSevd?CNwGwU^}u@F1EF<Yb+q$nN%7Jb`VZ
zR4w3Wl{zoNC!VK*23u*zV4Hmy_MOh+s#?v7kT#t3c0EZ^L@{{~jxabx=V!b85Kp?I
z0A<neV!*P4yUEbZIbn3jc+DI2yXGap<m{QiMIMZsqBxFF(9$(juY-v~0BSs5-L}eB
zp(x3qligjF8NYq>;(<5+1V^wfUC5&$Vux+FHOKlfxXtZ0yqmbU-oQLFJ`r5ax2R8=
zH(t9fgJZ%O?WkF}cjz%RHP5L8MkGA7IPO{oZIF#+N)+FEp|^QkwbuD;budfa`FOF>
z7nk9i)m=IpcprJMLo%kUVHfp!^kbQ&oF~vs2|d`A%%^NCyvdQbX?qb#M>(PDDv@2P
zl<0NEY4lJ=&KN|U9x0q}|BGy1T?q6^FW(8!rdk&`=@?zoN*&Myt+szO0RU@JJNeGC
zM(6W~u^9j!B({gkS{Mu|YyIAa$xueka|D7Bxq2Xywg<%hVN*6O-pp9l1+&4ha`UsA
zSKnqkocdjrl?TI!C$nSZCKhtUI}W}xw{ryez>Q&JQ@tl`DYjqa%kA3@%d3@5ZFK94
z05IgDavxUR5J?<=p*H~bGLjDp7eU^Y06XuFoX>Y}*&!;YD>s&!I#FYGF-|sTHL=_W
zvt6CWLIK9(1=3yHYjNF&M22T^tdd*#CE_3-IO`;de1TTGWbE_y+EQZ+R1@M7c)|D}
zEDZkg;1}?Q6zXN!1h3Cuwwxp^->epzJ7=q?twJO*2Gz+*f=!f%%#Bb}y65)2fwyi0
z$xpx~HR0{Xhp?HwbHe5UypJ~<51q~S(&a5qP_(+0mTM*7*lvi$U9Pt)UVm%V#g$#g
zY_ZY5bbxz1Lq2|stA@MObkG$!g0UfYZ#U`WtvS+co(^9r&?;9M=^E2uMPDgg_&=A`
z9|WO-6>UrAx`(<yYlf6bTA%7Se!(qUCz-t5W3Lk5@AF)B`yGRdMbR+4P6L+iP`=@4
zA9(Vpdfb4ux?ma;+xc+roHX|<5(rbRSbWhB1^e`S;=`&9O*e}Pg$}YS$QkeTr(eEn
zuaNw01_CQeVyzi6u^ZYLb6`ziZgSInC5&>SQo`AEQR^hImHGtb<T=aAP=uIu1m!#^
ztj<&H`~ZJ@i49!|4uZU;EaJZM_8|d+SnBc`wtSindRTJqebziaRC$b^E_-<;yTbnp
z`6li!ppgmp5u7iUSrjbS#(Qm3^6jGzV+JAz#@Z>lO8x0`QU?0@0^d(r7jWCZkGc+=
zZ`CPzzh!44c)02|D`VsT+-YA!0N69--`g&RSnW@CXlDAf_k;xcjrLz3C@Zb8XhixK
zi1@dL{D%JmK<Dqn_Bsq(fqh&U`9V?c-}>uI>bJI0!9I+Rf`6MRe?v;qc*uU;wSI?m
zMZkX>*S8`rVTJywph#_CZxTjcxqB1NXZ`9=#4_#mt*^1h0Hpa>lL2kO1@G{oC{bd5
z?#VBI5C&g-pGYvEuk!Mj;#!^3F0*9@F$w>`zJqG+UR3bn$BdLgKjB?qdjQt##djJK
z#6Jr~zPgw-7vFu0<@wn&2=^=BRcf7qOUuRgOV@sO33h@TjXE?Nf^%gi2#i`ib#EW@
z)RrK-tZC+ppAX(H^gRv~;s)354i>Ks4|<{{RvbU$KHnMbZWQ7>$?Nd`QK><Ii@n5w
z15_(44)#Pz6Jk*s3;juf5W%k&)8KP{CxQml-MN$`sKOFIU^oNxg#n=Kya3E~1Q^x|
zeeHLGdH9o#*vPQCZZskXQLiql`i9VpnP(%m2N0EBU=R0t?*k(Ne7*q2r5B@0noJ&Y
z+19r}dism85abvAz5ae);lS`*6lMIQ*B;%Y1Auzqi^Q=XUB*bFL~==!@W`5<A+7%^
z*azj9<FsFlti5sZ?*$UhD)Cnhmfe8!^aZjAlzTMVc-owj5U75<I<~*I3M0GtT?>`^
zQZqN?q?`?Hpz9_8mRz9Lz%$L)`@#wn)bWlNPBBOmu%HMg65yjVc<9M}PZzq}RD-Si
zVT?TqSdd~-7wzKmK{-PzBXLonC&2ICl|0mi_WKaISq4K`Hl1n??Q#xRJeqoByezZj
z>bx#LdbNcBMO{(8(bGFbDL>JRRFX&sHQN^Dl+Cx|CU6&-4odPdlXe9IrC&UnB>Ak1
z4XQV0CQO0VyNTKZ?H{L9f8L2IiLD&S55O&%GWUhJZhbcvN|-L`gO#ni1Fz}9Y1`A!
zoVE*%7*!dJ;}@N9`8nX+%Lk$IoTtw<=H6^8j3Z&aIspgaluCgF<0XrATh3b;tdpaN
zmD{;r4XeZxnk~(xkY?jws@)M+vt9$Edim*f)(wYD*z8Hhgd00{ih~cfpgOb0++{l@
zVSyW5OX(m^r5NX<{)CBChKIX#8{LOB2MP_^c&OcPCGrOxG_V@2dTusS!YaLayK!Wg
zizcoRD=n(df9-G)YeR(!7h95WvI-vc!q$VYGJF#LbvyiFmf8xI4*9e4vNX7Nwa{dk
z(fC26UD({=hwv}5jF(+RGPc#x=h<oO9)D^WSkC1%8`r%~B{p69g%K7Df|Q`_Hd_p1
zhFK>G%9h^ECRA9K#~n`FkNcNqJH12Y8^<`4P~<qw+G(u2-XXrF1qQIt`SOVz3}=dP
zsMTK5JYn|!JCBQ(CTG!Fg6T<}IQRIN&BDr(dV8A5)SP%#AzVGd=xJP7BH=GRT??-V
znN+2nCzMu|@nOksV-UYAIc~}C476kZIvoL=ppH^b5p@YQcH_Nggpyv|=g;%LDo8db
z5Mje65S6%xVEe`VCdb;foNF@4|Cu?=HM_~@3Ci=iRY(0=x7*8ilV^;JYtQ#e0CVn5
zyCSwRvsis(p4qsR?P$#K*0}nk6Emast%=7bS!a_r%kdExhZ@F%Cv?A5G}kunbjp|&
zouO>Rh9zR$x%qG*o9ea}_@!<rWa6kldpv-^c50*7I2$Q|Gp$-vU0)63-?1u^`DH%D
zLI&EEUtqgqT?K8ZeC-BnZiEjXfX5E?QV7V+`{M#lTFSM+6F@M!QVBxHB1mBV0f;t?
znPH8s1hzE<d*dQ-_TVItyEYq6aj5wj!F&2-=&L&xw-MBQZ!0!o{AhH@SV$Nw4ZOSl
zTtLj=6SH|q)*>Q~v69d5fT7`u9!;S&AI^BEonyWeIe}9@flogUC>#N0QH{NXoG%8x
zB;9qNt{O=gKU~@6Tx?i`P0e<cr^rqf&n``GIH+~as0d0~tk-v+6O=u1S6I%`ww<!E
zoF5vBb^I*c@Zm<0+%F9dh8)pP!>?TxVrB7&FZiBtx^`PgIiX6NtIBxMLuKX*rdZ4`
zs~7NNsH7QM4A{`Kh7Ifqaes29s2Dbn6EGMAHk`}PMkyX}ESnfOS~lJl;+kxyS5rI`
zj$&=($N%LgfR?!<<Uhs!xnun(AOdk!1~}OK*+IZ2`|M(qz5JYz|KRLKyK5eSk$P4$
zi0yBc;EU~wgk&z33aOY}nzmot@sqfl8A+qrf^K^sJmJ0k?}kxML~llNciR5<JAeK}
z7k6*08SO{imm5$-1oxoy*|<8ud;g*m*Sr0p?C2Mp?3F96#7Gq-hK`@_1z?-~@iiHs
z_x{O7{{Q8R^yg5v(pvqxj~S9*goe!NhpY5@8A__Ni2k@}0Z;L(pYL$(G!SKiT3(_)
zihW=B9=o}NiW4e3beUq%6@D)U!X{})TLD{K)wSFT%vyd5bi-x)*?yiBW}MPN^QK?p
zcknuZtc48=QK63URj|5b#q`UU)|D&FfPVgxyk2I82J!M1z+LMbS>+g%@|=br@87*F
zE79W5!U%xEwzj78PNxLA&_SKuHP%w%IM?FKZI3<9c3<D1B%^wx&|6*_Z)~BfTH`R>
zI`jMi?zBV6vGZXR=E?MkoDGuk`Tl0%A-w{2Bo0bqu`g@7Y^B;;;P8d9qkNSov+3y+
zlveFnY*spWhuL&}Y^H{i-Ox;2AX`QutM;lXHXePl^<|ZaY5uH|N*ZXMGNA@mclJdF
zx-+RN?t9u!ND*kFP?V@2$b6u&JE1&&D)yvGsaIUx3Khzp;mUnpqtJTR{Y9DbXe~lg
zJl=8su=eiczC}OAa+utvxq9oi#AF&Sozi(~%vHbI{S!xAT4dwyVrS)4Sl#!=l(`)X
zTT!yDE&JV3)~VW+hI`9XBW7D4mtrHh-TFKQd^gprn-$v!qPT#X3^tTtUDo&g)t@IX
zT281}!<Kq`FM93BLCp!zoK+bsK^URs@iId)y;D!Wr*HWZ`XK~bz*sWVk)xhz-LgNu
zMt(1(C5ZR_aYH#5O|^Hr?U(TLGv%)7kWfiroMu{CPkD$5BC&(^UTnzk@KHf;<XG>n
zc%a{wt27Mj7WjJ&Vq@|_NoG7w4Yvr-nH}ZmmCRs!C9G2nDpAC}ax|u|9<QfVR$J+M
zFjqQDS;5^_dm`c>EsK-hOSX7QN-zQwZ{MxjV$|p$4Qy5oHp`7G0sgo}ePpDvcG*xK
zoS(<hx^fXPiH@1W#Ch0_<*Bg}hw_yK+(|-S<u*kUH%s?dc4tXg)j|soOwXn&cas}9
z2P1~SxD3uFu)Sn-U%7K<l=4;re!{0cWcS0)M-Gz6aG~PAb>-KF5sZXZOH(eo+7)?R
zh+Y<EAawg?F84svp_c<m-Vs3nG-%7V*W<hFV+%EyrB4YRBAx{Qts&uMMO*&(dFW<i
zg}e5D4y=uN74+@huEUKjwV;q5DA*}hnfbcOA=ME0o(UU}NWkK?hUVU7EiqV?Odqo6
zqRLi8pma$B(02)!1%9ylbHQ4Ef;@5-dG)ezxAknRqV|sY4jq$nLpPTgG7cr+8x5Ss
z#Khz64N+42e{4Y<Q6B}wHzg%o_E{O8F0(RFbjMEYr7GmHZ!d|SFA0>x>yPjyufwum
z1t?Ro2urO!>hnArx;)K)p#AfdZy5%;(ImO41SFug-)j^&WX0H2XLMfjH(vEd_YKd*
zI!|3_OsS1H<orMFeRouoS+~ArGzv&SQB=U7q7;>)A|(*Sfb=FrkdEM>pwbBtLWYhg
zMMXd$G{w*a=`}=}^xmX}E<K?H0s)fy>ZmjG`{ujr`{(}FU3U$CW|24N-DmG}_IdX6
z>|^j@hByL2=(ge49_FDyb&6DBGyG!e>XFzN%T%hJ_LZixv-M&uIkUcX$y@qa#Pv_F
ztC&k`@Ll$r=Bf}Y!=;BWjYC#7N2HMys{eGO21Nb+@5{|>;P+LeN%dQr4xCGFeveRK
zrT*PBeyk$@eDJ@*9_9^{F{W=L*;Vs~rYZJ)y3D0!eQC@e_XsF|I2PP><FjD+)oz1(
ziP%a<)kuM#d+hbnMBYk60ZnEL-1Sav%U9m6`<n#sB>!=ao%Qkg#WqRuk{@=D3Ood{
zf8fMLoYfOxyZ@b?wD&DD)8S12@q9K{CcZ=Bw@=)+{t)-#oa)a5eYo&H1NaXupz;{U
z;@aKU+bur*se3}y(nLetCvx}N@!W%u?Z$9D=yX|MPfvGm5m-I-;I1oge$K+^LT8}&
zF?Sn8**hr2ZK(Sw=JI|~wMGHuz=5*4SR+T@^vh~Jb2avTp90EkrY^duo$PaFDRv53
zE07RLb2=80F@NePKYu!$J+Zwg`gm)>2J_X83~!-I?Ktnwiyw1x_e4nYJlmX!@{NUM
zuCfZU1Be!AYCF3-Zgrk-1pn#v)#1|P^QQV{W+OWI9=-9ri?9}1E^Orc{?C@Ihxbb>
zsAbLHt}}ZDb7m<8@BUS_;V_VOeuY&kOOzotHphyJUpqL2v6_<v-|%9Yn!&Euo(R_-
zM#OwFblE!aSmZ8HCb%LYgwtfnznGP#W6if&nUw{bUJxsUpZ;QYOILTWTl}J#d1iJ-
z-JL^v;B##<GoiOnO=v!$&$OLbAk8IacJVQq1rlssaq30F`wj1@-mdM@o7)BLD9S1P
zb@}cx!}ZCA#YKL(=(vn3W8D?*-+ts#yy(>TM;T|YIXC7NUJrYGw-{yVgr|zz>(-ek
zf<Je6bQR>t%OFsFF<F&k73(*r?J)1s(mLWJ&u_X!M1LmMVc4`2pRLM}<L>6?$;%iH
zk!nBzh6ocsmx0;fvRqoI#hL+oU()f1QPVQsBE^Yw0`6au^uq?hX=G>HX7sJda9vag
zPYLU^s6pR{oI&zYr-yOp-(e50c0~CN_G3#@tlRr9jEf$Y8G5$nlKCJriuo6+{!rzf
zT*X<&D^lsa@S0qhF2_oeK4(YD1Z$&%X5w7r)vP9-k@<)hH+CSL4x-wOoHZ9Hv)#g#
zwMt#3CwnuGz`7qUEJSD=4T3OD#45mDSl6WzjKC#F^4lIH-Ql`cYIZ)=_0hu2ZD>kX
zj(sW9=wHose_@6raNE#5Q=hS1!e9<PL}3YiGT~H#!bTg;(<Nq_PZJ==7}c!#jii{Z
zMT)%=exu9e>InX3X4~s~dURYOy=^~Rgs?JU4}y0TcC`m6c^xi^1MUPNpI~JTbJ09t
zJKyKRT5l_Cd{>%-WGmj7?r)Pa`C2K}!)MtSdTOvCd+3H~d5%&y&WSDa&iGq%ZZ2Gy
z15N=$c{A8QjMVfIygz#ZHl)t7PLWc2B0tTzjBKmnzQ}7CK{rc#&=ONinl=s?U*nQ!
ztkQO2za!m>5kM9+N`2Z-8(Ma*?cqR++MBjq=*--~=#B4!wx79XbTzljbuOZ7>zPCe
zq+W+QlsNOoXegJ&*gCZ028~=bGPpDbI}o3>=NCbD)}NbvI4r13bb6`c?Qly3yv~YR
zPx9KwBQsOh)wA%J`%)O4B+)BWd}`5VQUJUgh+=}N&(UAAdOC(mJ*b{7DqP)tTASXi
zQWxuLw{qdw)Qwb^`yz*WlpC&uC3hKvB)r0TK-3rakW1=1;!+@a+;mlr!~TfRf;y0$
z8Q0rek1Z48gr00Rm%YS7oBdoRtX_07E{MCXIrlc@@!l~ygq7mYWbIK*bRLpKHI%mQ
zCX@$f2!1gi%}VZ=wY6qlweCL%u~A$t4!pG)C2{JE<l!61Xy?6`pch?VLIzWhHn61L
zKS-6oPu(3M1NxCcN~u8N-r%=YOYkP##mq{S3Qfj1GqP|TUW}>%^Rx~Vd^T)<5qQJ9
z<8d$q9rPX%xNRTi#2)@}=VXJ$UFSsIHLW;1-LF%At|Y<+p}W$2HrZo{9h__*XM@lu
zaU6BDI1w6hC6S_e5Dm<<R6aQvEU{T>oFV69su3z>aQ&0O{8g1t`<}+e%uNLj#eQjJ
zM@Z`)AsvP75#hLy^)A|1-a+SA7E5RuW4J6W!N~~3?-fKpVDp|MI&I?w_4)Rl*yLH#
z-bdJ7_qLJn?>ifi8`jqpCw;;XhoL-O!P8&4nVQ9C1Bd&40_~BJ?PEhN@dc?TKc+nM
zp|o-ji3I9}o2T}i8Iph1TEw&ayvO7eTwG)PA|LJHr>)>~b4-q@$5i9p6%b)tI|DK6
z>o?^*1%$1rK>`r_hjF`8kip4I9bu2B+bftC&QXsQ6lh?5Esu~SVb+e#m3uDVbjPWX
zB>DNPS+|iKy3)Zp6}|g6Ax{_dIQ4a#D-&nhpNp$6E(CxTIX=mYuJ0CtH!vQ52Z!xj
zJ3(uh)Q_^TGP8Y6z@4oy>Ot$m(bGe+<ALC5k_%FUr#1VW=CgF>wOxGoINs{s>L9qY
z-^p-XT8nX|HX0QfM&$>moZmm#mpSi<$#c>p)}`ML059_d=NLO-j}%MIbI;Gu*fV_6
zlYmIIT1y>O9rXvN8*&y=rtk^3956zWmJ<{)Qp8M{moqeQ-DK2$!mEGo84?+Kl$fKq
zqw0;x*>CmYvewH<{$V_i{3zi~bm!~iGmeba6N?Wy5-`?+ML;K?p$?Gmb)8?qa46^|
zOnC^LQBFkOO)Rh<3EUn{JaVD<Z0oj>DoAeNao(pPs(gX1Id%76VloOA^rmnNdTVY&
zW{&7ovYz!WGW6K;2o7qr#6~)`d=@<YM)pz*=^PiZdm7Eucx#>5H>-`(M?0ytwy^Ro
z7f6qpo_V{!gxK@pU3Cen7<%%yiKJeULS{35vp`zsV4|u)IAmcU^_b2D$F?I$(!f&B
zPO4Nb->3vb^a`#O<x9(f^a!nG%cZ|rPFxjRh=>lWfEQ!oTf!TJ*Aki)Sr!`BW!wTO
zp-gW|#2qhBATDe4<5Z4pmg^o+>`GR(&df%KY+X6Df)p)pBVfdDVxf{E<K}D^8=Kij
zS|4w)eSU~!@kN!1bwnpwzLS<e+T;hi`icI<pSq`V7{r!1DYff+M%XHh-j#ZlgU_Hz
z{b?7^sL=sP?y!HVD7P5zgVdbH>rmgRh>JSkkHCEB-<;*;eF~aCNMgkpPw}>XKzYLn
zq{O0p(kAnAd#kzBIW>Sh{|%G?xb`O6;pUgF2xwZ@*qc;;igS|61<h6uRkH7W5pXht
zCI5<n=FiLkz|fUBfk80WJ~+L=@!vd-1Lyxi_rDpMcHFTlP4Bl!pM>@<vPA0UDty-=
z0C-gAzI_LKZ#WnpfbRRhIDm`%--<v$kw#K)L=b4<`=f;R?W7QWD4oo)_xqejzJ#go
zG1&Vr<_Hzg=|Khq-KzgGgMT%7&|w4`cl<|%>u;_4f8a6xNxX7?ZhBnuFYNPwo^)6i
zx3QO=W@r>lo!0E5L+&6RCDs0mIe>2><hYWxAN`_I)zSIm6egOVw-C-)^cL!jhIzUn
zAFTsqx_pywW#H?jq8xAMtl=E#A-pP*hCkgi!1X+O=`=c8N#RL)g)YmV4ro={;pqv7
zbW*SR@QvO78862NUQ;RqDHf;L&!zwAP?+8oc%;mXQFp0P$tfW%E&Kt?zBF1to4?Ij
z<--#lxfmyn7C5RcUFoGY6~^HydF7_7NXDH)l!B~}fa*4<Yaz8niIkC%mX>C;zCqG;
z7w?gmS!>4@h>I5>g^e(xL-m`_>D4&lR1l0)bJ2vMmQyv3<|<218dj^d<@`L99k1<Y
zW;Hpr*2F?qE%!~T-l?43Ou`cngCD`vbND_QdoGETZ`TjEVQ+zrtsG=l98+u3IpI)1
zi5m_BwtWS}AHJ;aLbLzUQpDI8AB?3t22qkc{$x2-*BdrWJ5O`FKqYZRe*YC<gVAjp
z*57I;=~}ODZUcP1adOm->@Byss`jR^5%fscj_K9sklB&4&8W*c?a0yoC`ej{$vR~$
zDUZ`f>gIO(Brzn*XNI$Znw9+?eV^R!?@3=s8wU3fITx}`k4u-YE~gaKp7`YN8`eiG
zqAvvz6h><;LZf}b715c2V8_;&m^$!bIk$g1FQ6!=l4_uS?fZwv+$ueCOLyMoyfQ?{
z?*Wb?XTmkJ60)#!F9agTA$N}8Z;JW6SV*<Y0_LK%IuIFL^3*l)*?tmnh-+@BE?f22
zy&c0%z=$EHW_ixkaF46~WhKS>sA+gCb)8TSGZ3*h^AgxtD=|o3e-Qj2>-7!@V@16z
z>lt3K+ztmH4c^DHs7@P&(?rAm;@0-Pv(-~nCp>}XTfROPUr5YKYHF>?uyzc@luxbE
z@FamYCld_&6>gHW69Pt?8Gb(qz7!Fq#!c%n)2d+jUunYeLxxvqZ_2h3Jie?!<eW0+
zUlE?3I0=ZGhnP9z2L>6bt3m|YJSM>*a_NaCq!sg_8uhBqY<n~=#%6S`R+pdtUZbKW
zjA8FKAN$5;WpZ+(y+PwqV9l59iAa)0Nm#AXVM!4WH(PxzU(W=7Xi<|jGR`r<?-#K@
zA`9@3-Yhe-vgSqEV=g!1DwkJKq?pos^HkO}V!+n0H5+Dkk<tX)LPMMfiIfa`=4Q+_
z^CTvluU;Sk`$7(tUWBP34@#9Oq=0MDHQVj2fj+}tDyf`;Z@g2R%+)hqw7pJFX@AP0
z69IGMz#%vTJWzp5vjJ`|C>EsG%b*cUz|il@^+a84$Z&5h`vS}R)}0_oXP~=6MCu&0
z_Qz2nPYt5i_~FBQ>v>YVSp$7@YzRlveLQYI6NVEe<msE9SkBOo<6nV1e0BN;m9QA8
zuO4&{Q@%qG37*xYErqph4=*xAw$<7u+JG{m*L`(==GHTK#(92PQoxxr=#6pT_l~Xb
zFggOSia%l%ExF^0U!_anKhJ;Sjt!Mk^OWWtF&OQEv@{4*qdRDe7-S)B&5SWUGBr*r
zy#C@i)2+3<(@Z@#!}-oZPsgI}o%&$vC3|Yd&&_vY)yAp<>Z{~nmm96E^-l8ffdKYR
zdJ7dXb-;5%^Wfz(C%Yi$+3xq}1xkqE^RhHYm~|eR<pH;+w_F}eD<eP05;gb$BQ{;!
zN-1CVd*-)2)WA<Uvu_2SY-#8`<^MFvbOj&#v`a9W>(`A+D!bNP$*bnv$%pW=sN5!*
zf8({Tv(+FY#i*^<bn37Ye8-XZx7f=EVA5mj%~QMltchNA*l0OqGG^&>_@Ihh-?_X1
zOa7XK$FvVyz6~$yYR(vGX~sM3=X6G=(>8^eH^zrG9I>ruPK{A2u`AuNr0dU`Fbu66
z<+c$G+<-oo%iz?2L*ogogV(47wMAXCw4>pjWox>g^BJ>Y^uc8qc3&-rwGrJh_nG`L
z(F@<!;93gu(H)nzMR9TQqLDlsHGM*iA^Pj0E;xK}HcBGO$>V6HrZWA;=(XK<E0VKu
zxL2@x5uKf-8<YpzB6?Fhf_ve`Q%j5%{G5Ctu-ff8TZ?utx~C*ekt@o4-0!r*=>bQb
z?p}9P>KQ6>C8y<a3bWwL*I{;<_y>ryB69TlFV$x`g^lgcBpIS3&~6~+NreV%7=c^N
z=Ukzw6@4;{5m;jN4&te(u)!Od?jl!Sspar*{Z<t+RDZo|HXmy2QbuY$5L8v~`_Z2z
zs{=sj@gi@*cY~{~Ns8Pht0cIJB>DjTSOCr#Aw#l3g{1|;5~hZ1Z+7QSU>F%5$5kP5
z;^8p9u&;|E^yBPaTXI@j$xdaDmh4*h9LO#^t;BlKyKAoGIISq#zIDOY<}u!K*3Pin
zy>>RMpomynm{DWXT+ewYM^=bQu-sFlWniz(xU=MkYaT6MH`vBmzk1EY?LCHGT_ofU
z;W!WX)w60-2zKF0;sgZ{W2n@E711Ygw#MqI`mq|%po(M8%@8Km^p}@V)Xo$a>U+6`
z{9A4!egnkUwOY<`t?!&pD9s`St@z%i>}7`<gcC+<k5V78hL}IOgMXRjHyu!7{t4m<
zT9!YwXep*~$UUem5qDB7-$?*1>1h~82ql<I!(_yqU2Nt$H?g&=26KnbCP1x6638AZ
znDkMW&cL2P!t0nAw<#F9bo%pkueph+f+u2h$L;Oz?#(_}53a3wYjWV1X*1{>IRud8
zcDMrMCP~mN+^7v=7D13rx;P{@wvsdam^K>1!zNkH<h333l02R5fu^5$3tkCkNdWqR
zx4$XdOP;Ge!oTOKA1_+@P=Jr#&cYr|eXpL@-D~#d)9EqMnwZ^k$0cRkQHd@+i$z(V
zi5c-R(D5!%*j`%|NT<>rEE|%$>TH|rH1dWOr!LxBm<=0}OtgGxjbQ7MIy!91@5Qzg
z^>J~3tzqP%%vAYrS}qiY5NPe`bW35Q!u6zKdJ0?ePQG0t{89FzK>xTVE{BpXQ*&j2
z_-vqZ-<k2?_CfmtxC^3D%}c)IPD05wN?y!(b;jizQ5z>yg;*B3u`u<JLMYEhUETTG
zy-fhqk4BV2E_Qk&3-i&ZM;5!gC!Zu;V!%9R=laOo*SO*8a%f2>dxfmE>fr(B5rFdT
zG>*31%bA7gKt0$Y9xSLOo0t+-Gepi;@VH5H!^2^`16e>h+xiu35;Wz)hMAH5LX>h`
znXA2$u<6VFNsA{VO1^sJUgl`qgda1(^)XgdYIAvH63fx33hBPbL3+iBS<0FK-T`cF
zI_vt*P3NP20#=G_d@D&ZYO9SDu((6!XuVc&L4-I=QAfg~WDpm&8ksu-nJfg9d)kC~
z%a$s$+!(D##fxC~NL{v-ACoRohiI`Tre0$D;V`S0m!YRg<nz6~=`jE8J3iORHy{%t
z&@&!(oo92Mg!(Gz_I5fOqt1F6dCZnWg3COsRZ(q+``ZT)>`8@DMF%flb+=gXwLt7>
zWsI${u1H8UTS8h-8J9WlSYSef_9b_M0%ZAGnqeEPj<@bZg0*ZHX}*t7x{p=W6P2pU
zN`wH1R;P)&(5eFot3}vh&FS7b$`~eHg1ezd#I$ER!Hc#u6{y=+x2pRRC+r{Z_#RO0
zq{Rj(ToKFBN=W$OwHcJkvU#f|;TKvwWs@@Ex$yJME9WC7>O7dJXgvvEfuWk5X3FW6
zte4irh>4Rm^TAK#w$$t_CjCq2C+Dd_Pe_ZRJF&V4G<lq|x0XKXN~TKOre(b(EnZQ9
zd|`&mr+c~XmPHGIWRFXB7QX!y0-3x5@GI?U_3J%q<YI)3(^hBCVAw{~J;|;q6aHXa
z6GFDw_32iG+pqff-4yj`quC4VsM`gnn2c!-H0^n&&G8j+!&u<iA&$_~xu_iV1?8TD
z&o`^!P%UiBw8%4VVtIaHF;xIsfV6{MjBhcM%m~pBQisH`whSXjOoogiiwZMM)}6D<
zi>CT@QGG;elhCHnP_Zrxk5kT58_2->^+wtjsdt*G2xzhY;Di;+lVg!;9MZ3rGo;tz
z465AElZWi|$X0VAXCN7<K<SL&;xOMxnCL>%9w16Y!ut?25?l7`j`qp)VjEzF^l0`|
zl&K54$s<H+Yf9SlBT>w=)m4?qfb0_M;+NHr_bDCOwd;tfih{h}w3*3qgSV)q(Suaf
zhHV052KCu!@T-hpMCxU&%JS^<MTyi|uqUHNr69eb<MFa%6j<rv<rBt;I51<~)3|O;
z73sG800%DPpS;H@qNO=Spodjat}r^bLdx(HXU#ARDPWM&yYnKRSA_X7t7C%J0Z*Rz
zf*Wx3H)aKKi2~{Nz2$afzdRsp`?Kk1*AIiIR&WGYYt}17xkBSVJf@5yztr<uB21R#
z+=tl)ZTd#E?(k(-m|dlfjwdbN4S*YInMQgmBC}Bvjb=M8iCy^cG4&IckYq21uGvk_
z3%#S4*L9{bt|JrbnIrV|94*4Fu6>(fu9Ad#_Zx@$?FDJIEj&B^&pDO}#VRyW@V5+z
zxml6MtDpOJG021WAZRbH?DhyvD+9U48V8fLx0<%2&-VU`%&+;FH8SMUHYbb6;b${?
z7SF`-!ezTg3fALeP=(x%@k<8@%H;K<McMbE-6F?khx2IhM*0hScDa~oCNd%pxZ9$c
zYYKTIPV^($&rPm)cAHe$1clrwEm_(rG@ne|a*7+D#iox4>EBk@QQC+=0*%wl&4wZf
z^-IQfAAlCd>QF`3d1t0Afeq%Au`TFa<!`=489s6V6l{jDz(r7FIXP)aIT8Y1vnPpi
z+E{Q5c_{DeZa=Lv<0}-{!hutDyr^KFaQjk#Yp6P;R4E|KlxslT<H6ih-?D8=5_Pg9
ztzk^d^^zxg2Tv|{dTe9kW`!>bV&S3B*Szx|9z>eN$CX~A6z3Ik?N`duG@0eG$v~mI
z8o{+AFY)|w`tByejt>^h;ned;gct3@Qgug$Bf{vIYf(Xn$?MW<1N727<@^lJinY!x
z5xu&#&d(Wgm|1VG(29ZiFMD+LHCY}p+^KWPitl1!<@R&5Ze_1cxPGe^da&rWhVjnI
z+s}<%C^@68`V!7KgGw#PyVg)U^g<Jue@IUFsaz}MluMLjGlp9eVl`u*vhzI8Rw4`|
zBPQ-XcVnzSTqDerUS%tk9^Gg*T(sUiOvR2MRTa4=$R_lOfjkYxr$4s?EQ~L7qz%OO
z%`uKD87eBtyg(WHTKL@5qiM(O_4D0bqCUEQSgEu$v>2=jX5k1B2%0Kyg5`5ceOSM}
z<HNS2X!Vi(fV?L8j>&2w3eF@Y`DSSx;_5I}yDdgmQaex$fLX5}giN)?&n-d@@+-52
zBw^ol1y)3PWNVn>&u0_vQ@aB7C3d!f`z%pT!Lz1Tyl?!**zF>`xy2l2Kk95!4`thJ
zZjP-H-9YX<bt$WZwIePGo-lFo&M(6e@~o!X83R42M>ZQrB)Zvxi`WgE3^ol<^##y}
z6X>Dkci!Dy!H&?n{JYd4lZd05p7s@FpM<l|D%@Rd=I~8K0pF@uoFJvi8Q+hP6+vXM
zwH0lt#lo)Km-~#vScV2Yuhh~1RG$`^f-{qrO?np`dE9LvLHJ*=j|)}|*?{qd#OT-0
z&>Kq>Z(QV%$5!V^=A&WKKCtlKK-Vmjf|?S(YWYhze9&q;SL0|hAqbGMqD@hl@zb-_
zo<B_m;C{Y<fjR>lh{#iJG-ijB7s#@Alp*x>r8baOe7xQS6Q4I_j1ovZX?4avrK}BI
z>@iheU-Iz`Dcx#ll#zK;2Z-&IF*7Q=#rSMBExTeVK&D=v&ALv%Y1WHxto7O!#bPCq
zs{IbE80B{V1uO!f!GD)ne+P2Dy$q00;0GakRP<61aBbTDQ0~wDg&ws$MZ^jl90~#|
z$wI{xLFORg3wLCjC>CqNNX1j64?wFtRN|4lKLF6<15!fhaGk0{@UuXFmQ1HllBsmU
z!kkt-6k|Wt(VGByw3EHuISU^Sd^2vmL8%uOW3*wJ&onAS&Z7b+X=pNf*nU2+hdJ!A
z-4$c^<*}?gChj?DR3oIush6NBUVnGsBA$mHliLt{tb&4x`*XW#AmIRgr7Lpf%b|B2
zxcfEpxZSKlV_S~pOrltfULVwb1lo3IeYD9>b>BR~<&AJT8hOEseY%i+AOu3;d>&=E
z-8Hb++epKMQg~^qky&l@&+wF#FnS5MF<afZs=sIAz$qdE5U3YR!)Hw0PwOKj4kM@h
z%e&7=ejW>m`m&n!a)s$>16A105JlA44{9Yp4m}k=aY5wWbJ&5Bc`L!6ts-`JegoW$
z#0G&`y-xP-MHG#cR^jnCytQegzwDxB63>#Q-AftT^T9DGk6JHZ4m9Wxvg43yFSA~J
zVe}MebwG4kX+I_w%dLF6uXnAx6WW_@WU!y~s2^kAbc-Y{h4~8rXbfaB*h+S(81vLe
z7SzZ(xlLo!0c|1lM#=UvlZ!-Sp_uz~Kf@li?D*ni=)Q*iB|+T6IUi76jY-H>lU0%N
zAl)pX$fiJs$RqlLw_xg&oN#IBSaT)&T3KupQtKCzv|yc*-evS>D$xZwpByc-q4vnD
z6QnTsO^F6jFTQ3mg?EnuV#t!U&=dlo1$UlgZrj+{{P@wka3s~Nx7@nt80Iut;&N^J
zZM%{FQk#YW*;d|tCFuoFYUUxv_`79A)-<yr=iB-lceH?A@Yr7v$M~DHr6LWj1mumt
zv^2E|GWW)KXHSzIk;{}X9OgNlvREcuhHq?8iy9$S$hbdPIEO6cqK$hwIJt~*N@O41
zQMQh|i<mwy;sP!#K#!R^h`Har-$V#AEv2nN32OoR92bG>=PLB+y<aLmMgS+9<z(;A
zfRa%SVwIUF_97|+>qWDtqAk&!S?CVNR4@LB&C`*xa<6H9Gj&hs66FN?SHKwae>TQ7
zg`|N4FZ|x5{3r{U-=Ef|X`kL3rB|QObKosFPn-Dbjit>j`<YQFzD#o<i(BQiB*ReB
zdFkAL0Kvv50D0^w8T8^Ua=WX$du`y^sCVbJSR%^_)!eV&Q<At<AZ(BHzX@5wh5v-C
zhDQD<LjcRs^n-=!YB|VB>1k7OUh;}IZ6#RhC8bhT;Yn!^+aK)Le-8x5<0uw%KJ<sf
zI>~=R@qxBI|D(_`!1nsx;r_<Pe+yo{1^;^+s6ae{CNu2+dtTr*Oz*W#6FkV&<2J(R
zzSv)Y<{x#gzZR3us_Ly_@BYy2{C&ad|NdkCzRYy-^>;S+$7g>irM?xOew+NmV*i65
z_!WEY0QYu&Ba#PeRlUltxShcA?e}&?Lsuqp|6k5JB+LuuHI-r8mz~k}RoMjmHOGjo
zPCycNj437grqSP3JzU&n&QlB1Q8!^yjLLc(9D@EXpvj}|jA<#z%@2K!`U@dGb3@eA
zRZIkS^mqQfq<*khZ+<cexQ61J8tNNSzQgN>AnDsbt*iasS?YI+e!kgvJ<&H(elpO8
z>vuWQe@yQGp@R|m=O_O$>_6^vpYV4In16!grxNg=Ao>3iB*P*E8e_M2Kn6USU!ec%
PhNGgWsgQNU+~>al2D}qs

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/readme_screenshots/fullscreen-domaincreate.png b/docs/wiki/images/readme_screenshots/fullscreen-domaincreate.png
new file mode 100644
index 0000000000000000000000000000000000000000..ceb2d009db09d9894f2c09931bbcffa626ca03b8
GIT binary patch
literal 115626
zcmdq}XIzun_67{AsOTWX3Q{8~AR-_jAT1FQ=|n{VsiG9=oe&_23W`dTq99eJcj+~W
ziZtmp)P&wb5+Fc;v?nuX=A4=Ne|kT>AD)L_2xR9jd#}CrD%ZO9{pOCb4)<>YzwO(%
zk6Tao*1diE4k7pL<1jsPfZZb5^wfd<XTR?~otyhgx`me69}YTc8fos^R~ExXw>!lC
zeAG+#q3^zZJWap<?r-(Xvu8J+_0u-@Gx2ovgWCBx?DMj7_VAPOaPT{KP3EeMikkw$
zc;7zObG=)d_XBNK(~dqmJ<nj?eJ5CVOQ!C?Es~T~N32)a4c*!UNA`=J7r0X+vL1OU
zU;qBqr$!H4%3cBewXc3*-C1#YX@2p1(wCA4*vESLC1ziTM~16hb}_9&WE!b+wS3Mh
z9g^{@Q;ob1$HSl-Xgtg*r*EV&?fBrcYt9s@;|DeW^SaY?vJr5HBfdXW^vH{If4n~J
z$p!*H9Tv~#)cWsXTefSU8{CHafLH%HhW);RnSwtPNJ<bn_UEOJ9~?q{r|na`Dyeby
z&r6*<Qowpa-S6_~UeMLQ?s)t@>kye^@LSgAqrdKWE|1BD<IH=mxBUITcf7;k`~PRh
zE}1I&Qw%zQqqLueWZ{xLI-Z5tThGm~2_fosx9FHncq8{TAQv^hn!T~j_;-IlB@LF-
zG8zeJ?ih6@0i1xkyG<%HW6rUVr6Pz;R=`Aqw-!zqJAt75N=-H3!___1d*JzhE^^jn
zBZpP9Api~9TaA1f@xeM^{(<sjY_RP#Q4k5!!nG87G&1T1JuRR#Zs<fnv%AVi<vP9+
zwByiVaE6IbUiiNyd*_PeJUY#+=%Jja$I9mN0I&TO!xW_6FM4(buZ<F{yS!{*LBdeq
zC>i85@9@wSYZYL$Jwq6lY216en^<fkzm=Z*K4c}urJ1%i!}lP!XlI%hpOIGUX`oBr
zJ13YD3J$ULUTyLR=*3d+ujqgg$n@hLj`v^_$2x<T(NLE6Mgwp+)+85k3_<N8gxe&Z
zeAUNHL_6wXKxL*H_QhRi@ENLG@ZAWPz^ovG;5~~6&36?WW&WlIpOX4Eqk0;U)jp$f
zoBZtqj_+6yh=_v6#!_GWZLy0j06%|%+!rmZsC5vJu$m-np=h+iB*(h`8nK{I7UerI
zsf<s_NWxgQ7u)0;qX4O7^vD&+0^y}`t78+*Yh@5=gTx)H*#ObKA=%T=cjtU*y28h`
zGY(eX^6}ngOY<+S&0`W)1Sefft&%}%Fvnk;%O<D7xdlcV3~D0Opn|=1tw}hJ@NMBy
zNe?%Q$dj>6NTeXxX)cUk&m^Y^z3l{Htbg-FvKod6Br~5vvjR?BxJj<Dh+2_&zVFKl
z6?52xIrLm0Ffa4FRm|}jxH*l434C@2jHYpFe9k1PZUY7CW`Gxs!i=CfxbVG;e_Mym
zuXtJX*c4yW(qHxV3z0w9k2dXD4_29_40CjQ&aU`O{{+F~TOp{xkxoSBfW@|v%Y;<E
zGkulxgf}`p4n&Qc2hektNVdE<%AA4<1d}uO5P81=$2q+}45l5PK}#}x!;eSQcfYoR
z*gH@*@aSEuX5<TXD=%JM9Op^qn25BVuK4ZFf*5dp;p^L$%yFm<!@`z(eKg$Sri3tp
zVR>>3*rTyI9X^K#8iT&v{@Odb0zX2Jsw%v|8Y|5COTI@6+{N6-2x!OV_lXW!*@glN
zS@>_=L|T=H+!yykNozGjpx64>&+(km$wRJ7MG@gf#4+qpc}JVCT8#UsZ1&<i$r8N*
zUk}uLbQb_z#p(sdz*QO34E^q{TmB31N2)g8n=rJ;6(?%vyAnY($Pj@3O>#Hw2pQAS
z^m1n$G@L_vaK_U`Wv<LwWtsq4k`D{F!F#U?YBT{0(TrAuV4MCYZ>!-O6HXI?8&8@W
zN=L^V!@K4rzsKMgpO;fLul5Yn)-ueH9llS3m;>?ZI}NfVg#*OR@c2Q-U07;mdvwp!
zF97^tns5&Dsp)Pw@;z`ba}NH<^g*N8Pn9kBr<o>K%63sOWv-nZ*cKxJW-eJ=&{}Sf
z$eh1uJik64Y<z#ov-Di9p36{jLVu_*+jRV8J-M|iNF(Jwcl#68IcR>wtF;DdW{Cmu
zvTkaq;Be=428{}YA|Pfd9!L2$g(mB;BO-8dKaxrbEV0k1zM-28dOWcsnIZz)++}O<
z2jp5I7~$3K`70q+dUFw(wnqX2q@F7lsZv0_{s&veI7#B?_K54hO_I;~+(Swn$nYGX
z3afWe>=f*xW7}Qb5XKq$fs+dwT=pU&<?7$Vy87Kw0JT<7p&HlbN&k!=F`AP*-#C$3
za$54RTh#Zdd!!UITeZgRP20flzP;)^;Y&??6Q@Lfj`kD^(YJx6nBbYA7}go}ttV5i
zL$o_v!rb|JJ9F6p<HJd#5*Tqg450U&?17>OU9GA&Q2;y~qL5FY8G=F@nf$hZlgkE|
zy6^nWMZMkMWgFa;%_V*@I*Qy|Fq%{=!=Fj(5$<=|_$JD?B?7f+wOg!QMv`_J0vY(y
zhvAyS4bddrfWKzXx^$4?>RDy)jj-huE+Brp0SsEB)eNI{7F{!tmhGcA%gFGrni=!V
z^#@EzPI*h_)TNIfWs%HG=$7UB*zB<ov{5dVwp=oO<WopRxY5E^)lonB5F#gCgX?0G
za^hm_G00OK_w4gS->bhhgeNW%AJXV{K|T2IwBzOWT2xSoE%QVAN;q=$TuYeahUM(b
zSb^_krpaCJ$K#X}GD1^@VCH)2LiJPwD=5G1^(WcroxQL!AG>tNS99=B#0nkg_oqyO
z>5nIvj}2zuB;6r%j4L*ZtUfqBF`4;tF!gUf`!q+r{ZRP>E(ym@p;K7K3q37bv0;jm
z<LV|4JV%*yz4|VJ8D+8UGFVPkDW2_i4fY=IzOc8MA*B3t<q#t`K=`Wrk32~;8+dT{
zhea}Sev*iWWWW|ri8*mO<HAFGklvSfmgO|)KW&W}JBu8pSN0~~D5Lje)3#z^cs}6b
z*GvG5fq9UD2)Mz;B4@Dfm*l>^zx9o_R?K7^0lABtqibW4)*GK=DswN7aI;|j214y~
zA1}hvP`u9@4*ztQZmOyWztHC0U`@{{X+)n!Sm46>sH;1MmXkLYS4=;42Cti-hi{1P
zZ1Ji6Y?UjzMmAaq*<HQxWUL3Megd!2esgood8}tbwVe9h{PN9amy4Bg=x>^UvNaH$
z@St!0`^Mmf!J-6_)l2HI{r`=bdf&n_%{qY<Znz!Ecpa*ceA(jbkJ2*w>baD`+kE1R
zE(*_Jz@W5&f*zQ=j0bdj4Y&TryU8g)P~LasYyLp15r)1&AR`yvW22GY8(@3}9eRhY
zRC{CL+MZ?~BhK-#6n2`xHSfMP*@`eI;iTf<<>r);uDX>7?)yVxoy%*aFI}E)yPKF?
zroVhoo3#8;HdS<|iF&3LWR(kse~q35OFShATw5jwUEhik_JhWNhH@LmLeJuv5we#)
zRoF6I6Wqj$8jcnnY3v|T1gqijn?Z>0zq~(ne5ai&@z}u@hOf%QmP@e431-QqHN89A
z0}WYE-)^h(?S0`SmCFfpPE2o<CT^O}{{|<Ax}7YH9Xw!%0?_@IW?;8BhdUMC|J!tN
zIdR*hDqRutcft1g_K+3ItYcyqD<eDy?QSi4G>!WS1sN9x)^C4yAP*A{`xBFUr95up
zKP!kE>e{G3X^DI2OvR(tGv8uZYXcBgX6ikk>UZmN&BHM)pB0P_b>JHwv6uOk=LKO3
z$b=QFkb!aTEAXAmpI(w#Iz#ydX^xez@7H*yCD=E1mCZ=YSy?VZfJKi)_jII?AymaK
zIZemrF*=I?DRH3KGZrxMRLvBF@zI4x73;O(%ttTg;KwhYq;G@mq(G%hYt>Ll`ryRz
z3AfB&0?GN>5(&9V2O|MqYn2w3{J(91mP!uF4Bv^1oo)o=U_#$0C(iB`%ls`czI6B+
zbnn|B|53iE^Z}>M&WOVhmr>_C@zrp_H1H#%;pE_9NA6XH&Bp3b!5aRNMn)SCU*r<J
zZ%I<?BrhaAaCvpG&Y6omvZJd#MVSJC>6-(P2Y7}VTZ?`K0|OA>8C++OOif=c!?8V*
zXAFbl$=Z`es(x>wd5uxM39(es@+!cd)KT42_YqAMjJ0>`>dnf)jiKXXPfo9#Kg5-W
zras5aK0ChA#RU&yy|b&}>A8gz&e=Zw=G-XdF%jN7A%kZWe%TPz!<Rd0RJO{Ux2Em;
zpPRbF=&OV+Yqiz}MO$9=`q63ABwj;QYBX9D?UEHjGZ)mhK|y%`iuhOl%M<wzuuNib
z3}Hf}imJ`u#Azk(J@K}3l)_tFJO5l72&XS2k@WS}48&#d`un(wmp^NanfWV&7~=&X
z)9DVEB%U@D^Bu|XB|nFHj>EjjW@St8BNQAbrGsa0T<F?Jhj=y?A`r8$F&{EJPnCaL
zUeP5V(g6g*%zR--I=F8(0$^%b7lW&Qf#QIVu5!i*dY`rS>i)Ok+xV>ozP&L{hsp3u
zOw!@`mpq1JoN8678_Jp?fx3}RKr<CC6d-Wpz+Z{etIwYmcms%XMZ|9p84|MSPpqtN
zc+2)%s6SC{I@zJaBTd8Ev?lsOkLM`n;lR<w8hz4WfHAq7>oE19dcaPcvxz*PEQTEW
z1q0t}hT>V&4rB<5&^4>y&3h6B@Eg)vleMK&=hmqsq;MUKn*YW~Lxd90kIdQ_06y-g
zy@Q%VrACmH7wzU^ntizROT~OwagmQoO!Cydu^-YXZ*gXf6YLeLbnp<LULI95k4vi~
z1OVk8`GHCJ>?HN3;cO(tUw4dkl4hzqWnJwUX30!r%0N;)ZNAYyar|#`{Yzs<sV!Ti
zA?LN#h?5IHxl@#UW+uYkEW<g)jh4XY%6!L3MuJec5RcLvBN>m;kXtFd?bc&G5oGkE
zKzax^$$_Fk8n-fME&`a$-9<4B4L)2tlq!7@2DBO7ko=f;7$10dybIRw77`xHqPISm
zWeUdQ!qc80gRN-ibAHB1#C!xov-(NfCIy#qbI*VLw4rT^4{61j{di`dr~S2}>qyPd
z9b?Y;_f)$@^;s3J7qKd3Iu^B}8;pi<=F^L2KPNA-L%F*@>MFzKD-%sged)71q?8SS
zaifLZmEr5`N&Rmc%B@vGXC)@7Bl;8S_;`%@uPgfg5(66~)n7-G^QMJWH(iG+T?bm=
zDe202+5?)!$=t4!A$|?R3c>!#YM*rW+P+8R7&VYws23niJk!ipdThh|-gC3|y7ats
z81Qv<V_mpml0Wd)T7#zzLu)B@Vofp$a=ueRB;XFNV6B&+7OlsRMlAUcBzh;~!l$6D
z-L+6^6xq+~VGyuofrxE--)UP<o{WD^4%0pk4nb~IK&myQLfUT*sjX_C)Mvh^1jGse
zLRag^lgP84<wXVR>q0o%zQ0oT`xwR9SHZFm%d@aw^BK7|s`A8*bp>9r7=Fck%kdM!
zmi4NY=_5JXHwza|jaQ$YtagZ5Fbao0O`E6~h}^;Xwj9HRe4og`Z&pb7l%kmE*7xd!
z7<K}=Pjg7(?|DmPxrc?ak_x;n0j3vGVihzxFSTfthQkabbr<LQyDL}vSKzvO1p5mf
zh7cBnyIuQ>VFP`9so*M|+`))o86jo2p-4StCz*TfeCq$Cy`7iVaf^IKjgKA2Cis^P
z$|tebm>|1Xgqfq0<Hm$O4=)-oUpltdazH#SIStB$8L29{%YT6rBqzsuA_?+NcY3nE
zbBGt=KhK$#9{d+H@yWb@FgT#wAYIPYWuq860mHMC%o^riw&d(7PQQ$a8p_MA<VtX<
zcSp-&wM&Rc%!jVq0Z%pZ4aWIVs$BxTPW{D@OS^;0{{}`bwOrdmFY=Yt(znMwg6yAk
z57T@^n7hL4Jl6hcPj_+39gJ41V^naZi|Qx$h!esVMzvqNDo<RHC`DSde-`=e-*Aas
zepQSHm979eQ`8^<CO@BS2&gS>aP+F#KFU{lw!dWeS#?)<rK?;{$D#NSR)tvwHUCG9
zMJ{`?HV>`tH10)*lM!oJs7I~q%!u6uwVI5pA)O;XE7#2?6ug_b^yzz7{=W|pv5_m6
z)5?CQ4=SEZqc39qhmO4x`+w8mhgRWduLV2~=ytcPVQg<T>AYs{_IM)p@GQ_?@S}kz
z+RBqKZ2y@=v7F9Gpo)dwA<bBWf1q$?TY<n=4dT*P)pXp8a9j|p^Z{#^L}M|Pckn<a
zg~86kSWPwTCSr^+9q$`V;S#B*EY{$I2#Ph6<*Kx|+LHMLuOj&~=QuR&vj2hk5e!iP
zz8HZDzvc~2V54UfoT|RFRLax1n_EL~#qBPU=aIW}-x|(v;u(Yv&&Ju^NvRkHKAID;
zeuw!=4S`s!g5nU(^(hrTz8@w77;&2_12a0}mtZ&Fh5jwWVWX1TWcb;uE{1z_6)uGZ
zTmPXm;D+r2so|oB#O{Zf<?puYyMx0{RF6qUxDJ%gOoWhOYwgy8h~1yURB#{`MfDu>
zgD^Fe@&2t3pt$;#=oHy5ly`eER<=H%t8sADB%xEZ&G>JLCmS36vI(+Mcj;6#E3LKf
zOO<=l(xdzFeR487aQUrN37WK#F>mEhNmHI=+`xs#%)2Azs)K>`r0!r}Qtde0gfyf)
z5n@0phT>oZYnTdjvTPwb#cU3j1S4!EPRw=JBDxw45<8c`H>D4~xcN`1N(qpg@{XSJ
z@ocy8c5XR{4bzK1x!C!!;_4H-;T5SwM{7B0xZX@^Cx1kVE@m@%_aWFaaJS0Yz^vz&
zd8|CNJ@t@5VyTt?kfND&;%qmHI5v@DHotJCVZL5W*`{J?Y<1VHI5~K<eDHJNse`Bg
zHEiQ?+Er2Kne30tW~J?^YRc{{oe6sJ;yGEJ=Cxka<pyTr#t<XRBv`w{D3>fso*370
zTTE6+&K=kLrh+rZh(GQsysb@gz+^%CVfD;gDbv!2zS_gT#7L`RDkL$iP1REJYGhSn
zPY>FS^ftSq)yPLu?B=^mfAch&Tei82@UwD=i7GQ`#^{(Br9ZbP`D0vqx~lgJ*ZwR$
zlicji4s-Q@AC=y36xjc#sk?WF<@?U)7?I_?9w&mH$S$c=o5b9m42oJB0Nag4R(3jc
zEc9e3``-4k_?0juwOEIhsaFl29+Tp=FSV)Mu2*y|VU14p%_jH|N=Zmcib*b7Wn<qc
znx;FHZ}K3VBr$Eq3k0P9CL(Jirt_*m>z|5Z%tj{H+rm;NJ`y}oK3fhECnciN<ly?Z
zTN;-Ka<hB%Qr@eoDN4J4`)0?%85v1du5{|r^oHNwTvjY6Yird9plcb2*4<TGGVpRG
z?%_5l8jrDIDhR&UIk&7J-e6@S5%sX@ad)y5uZ{Q6+i@-ud~Yq*3`FlxRG!}!&iQ~)
z4VpUcf3y)+BY=2yd3Pz{pug%j+8x3_5&JXw)ajYnqh>bfsc6g6#^JR0a$x_NojwI8
zLzI2{mkyZ*KhngYW+-R#*7891>`S;B6jN&u6QSxSIHKtBl)C>((6O_<*{qksK~)|D
zD2E1+bVH0=pRZeP#HsK|17pKvkeKtYch9v>N<?F3lB<+8HUs;BHhTkDmU_sHCxGG7
zLC;Ryioor^%Z>zR#YCr**`E4-=)E8>x0Q|yg0kLGm^o}IoZshvHHH0`?~$8QH~DL9
zpv&Cg4vWUC?zcDQmQ5tO^bGVM8H$R|Gi%QoYLy-XXzfB{X-jT5yxsj=8Th!r!07y!
zd<Lg+3{WW_|2kr}6>6M>52Ban98FABcGII|6<S`j8Fg5F;jO?MEvzhw#y1<tV$@mf
z)&MZIfzisUChpF3#dx4+^YM^$CCf6=$NaeP%9+_*<FpNM{>xz8g<zn1!vcaF{QiO8
z)`4k3jFU82KaI;4J*%;)_f9xZ-4B`kE|*tx3uImjKim9E!=@;AZzHrkMpymj)wRn#
zAH?W8Z7D!XzoEiyBlLKoHt4}tANt3&lN$%RNGQC^iFEq2)m;sRs>uo?eL(aLBr?eT
z#jTka%~)I&ah}S`X(>_;Vt_oBHA=&U{tL^xJbT+lI}Y~g+`<;s5?iE7>cm}}-!@Yg
zx>MDhhKoL$<cQbp`Juj=6!Kc9D95-Cl|u_no5rfrMs|O!r!|OgufA7$Jh-Y?(Q;8n
zIH|D!yYtd0*y!nm*z|-*e9y9C)!m*!-&qA!iQ<4RYZWiAA9-c7GMMF8mK(s4?U{%a
zk>Itl41C=*l~ef)QA8dQ_gK$f9t$$WEh{e)Av<k`86Kq@jg{o~6yB)h5DGJ<eR@_b
z-ud!^)se$C^})^)=X-)Lu1L@ny41Ih+=T%*-MC`nMl@OR3RPjb=yeU4@7P=lYB2Iw
zd5SK*YA|cco804=!&s%ZzBvOVH;8*IRCIdI*u4b762e@@oiY<dgr2k0L)BT?I&$-@
z{@k8u5&YSo1+Yuir(>yh-@mBT)zo1p5tIH{Yjn_7`L3_Yy`1`2o8-|_!b@R`YlM;2
zMznNFjK}!c5R=}XCY#h(INr&Go7|2{NvZbRjC}9T*-ex`2Q&W>$+Z{h-Y5OpJJ)V8
zKmg%^JsK61mC6T(?xe2%d>C<<M?}Sm`J&L%#_a3X8$nVdWraJ%7iqb%D2oo-dE@?8
zELJaY<3-naC|O<aM@^%aBe6yGNQso~-mMr(HNHIB4R}DP_Eo#?mq$>5plWb%aa@w`
z=21z}6PDe_1D%KR{QGAGEwqQZjVSMqXySQKKHa%v{-c5os7BwIpm_}qyvm&Jz+kpE
zO3lRN0YB-qt4-m56$1;LUs6HGL^KvYxXRS+j?I$_Kgim~RX@cYGyCyrzlQ3T$9Ork
zBZp7XbF4wTVtTPAwLgC{vP9UCin`>k8`2-f&uEb*fi7nfzAbaS5(9{61V>6aEcLeY
zZF?&=c-hDEa0o(0{JXVHx|bDcFEsN*TRNBcz#;u}&WX1Ej2<$IT0id5!5H!+!x1c7
z%--U7Mu=k2*p=q=BNy37M%VbV64&5|V^^%H!T47E!S-wEK5U?HX&7`ie?;Ll5cMet
z7+EQz@Hqis`BU@4*QB?A`PI1o&<l57Q=bz$E>Jsjnc<_BxDP-67YDAG29lc+oa2X!
z3{h?me|2VkJ{lVIle#)l<4dazD1OCGl6tF~N2-fkt6kIlG*cdG$RrJvcBD>ow8TJ`
zulspW(oJNR<lUxvof$e=n<TZMsjojpLUXo=;Lkc4WnB$1o)g|{b;7UG2cQ81A|=Db
zV5>koa@i9J>k7xMJvAQ^Y}Kp>y}oVvTo!-~d`xbT_+SOieGECs#tK4kHoGfY4z?=>
zhtuijbR9Q<4769*<?Y9>EjB?<y-B8x06OFJHFVb)r~8T4#L_cp3z#W5Kr?G|>WKX;
z{M?2HDpiOdi3K_AHm!$RdRl43NJs0YVpJEEIa%jLvQNClUc6W|x(kilMdK$Lts-EP
znWb^ZPfk;s)W{a;t8pA+jIJ6aAxbK))m6I)zst<M7j}W#dx45_3`-JA{ul$XIT3gK
zFUyk$y4*;$TW^$1?EH8Yxv=yZuIBGHS!vyo16QpS7$}C{tJyYDt4YCSv$clkWIbr-
z!78D=vQ`%t&GyHSMvVj9C*{z-^g-S<o$9ARY))$}r6D@H;pr_*#Hj|V(dw|jJ*7KS
z5Srm<Ox0W5N*%1Xj*&^5wJMQ>dX8;cExRH?yIa8$g*F;1NYYxFkt_p7{J_c`IraP^
zIaJBB^kPK-+Wwh_`*$1ky8tR;ufNr01N1tYV~DmEm4U%eU$`fP#Bdk{uEaA4yixkW
zuRS=yYrR;AIa~P_ns~kMn+kvuDolT0OWQb3;yc&OHJ?_9Exs{H<<P|h&TC1skGz?s
z<hrn+{Rer~_f}$cWVw%C;p=BoGG`{lM8#@{SLwR1pAg|+FZWd~z_`eV|0)RGLESq`
zZu%B`G{PyyQVIKB1+RFi#Dw5zWTE6P1l3F#oJKhTmOcnzRf=t~m9^a!v-LU0qJiom
zK@lP*-5SUn@!K5Ts7E6z#ldL<;w5_FqS9)|)LAd=7NOq$Bv7@JtXU#XPq-n<J>dJh
z7Cs}FVdXmb;(o@=tDaQQVjqjrNErp|vm<mCt%(332GbUUado7+jd5Fq=bSS*L^K#!
zS#vqb;IKHJCH}GL)C;^2*srmmz7gO}7*V_Ou;4gZON>>my%w*WF^8{ybTst+{*};k
ztuevaW&Bs&;HMZi1SujywcI=0RY5P~I-kv{bB>eTgs}~NX1vgKl)fIPI4Cz|!Tk0e
ztN?AwWnQo>H9D_3i~W!!buLNvnLKiGU_N8u9R!D~Hl=b!+WPc#0Q<y_+M-$4xP&s0
zw+wW*nAHaH9~Lzj$t<Ayoaa1b;ASfq`mi9GL(F?Cv$VXEwYxiwx6zJ5%`MkNK8@a+
zL%}VTOEHXLOHUMhU>nQv>+YXnhwAS9x)vt5#A}v=3f{14kDWDlw1jL<N2DmB18?%E
zmqBN9P{=b{D-Ayafh|Tt@Z|$ohX`?Nw7ve!$j-1)O6B!ZZ%j9l&qyFy1-AAh3>~2Z
zNK!6B_D@ZFhdQQW;Vzlgp*_xm_&g)bZRucTm!X=wDd@%OXxDzy3}p=9GVXk<wd6_t
z_F24|$75=(9#K{RX;ZV_MeA9aP_rBP<Xw^5jb>DDso4hZ_7QvVi@RE+bf^!KN^+M)
zA+d$6{a9R<`Oqi(`HFLK>5b2f+3{-h4P#t5X0`FH&=bhD-pMA*{x(u0XLK8Ov<8^%
z`C3;Y@v4{Yw^dq}j?yorM#@3)E47RMUBx%%gM;LbT3Qx?8bn=f(W#g;>hpx1Hz&fE
z+B60kUf75ejn^p@useo;BbLH<h8FFqb9_1(jI9B3Najx!qqGs)OvcRv|1r6r4j0Js
zsQWm$$lLX$Vbm<*YF>Nf*gQ1f*48!5!Kl}47c7E$q2LjJ|BV*q&P@M&Wm0aA31P8>
zz8hWRwi<I&N5t5A)4cAadDNagUe*HzC&a#6Yik5t>@H3n$MUKB@02=rDh#DSCeh4~
z)P!%BPPfpmD!|-^zZ@;(HEMj^p3u2_D#(xR$(-YvlWN6={7~YHpGC`0_#i3QaEh}p
z5DGoS<o>+S!n=i_D2pwR!Fpuo0-vHwU*=r`+Mb#^%t)>T_SesTi?+V)N6>JddMC*T
z_!y)~ZZDQe9{GZFiHVTl0V=`9YWWNKO54VF3JEo<b&fP3#g^eU@H|E&Xx1|wzz+8l
zEzcARBuv5c93?fbAJ8Vj1Cirm!*Z}|6h^`X->03^S2!>e7|^wM%LB7y@_3y)qsoA{
zC)ZW#2sH`tY$Omk7?N5bPAF|q0`HD3>QC{nG+Foj_!AU7Ex0%Ht;M0x7g$StJ2*Gz
zFZLXnu`{VEAM7OBL8|e)G3ZKe;^16r!2*Rx(Mnq@!pIXb!?tNVO`(?QL8`2y5pn@x
zI8Kp8N)KyqWtM>T3=YRZiy*(v!p*M+(+ggnlCiz+J@lhJQQA29<Mq`S)zY)|R`1@c
zE`NBy<=AD@>*RKug3FJRN$txs@yXnNB3M<I6eN`F?=h&FUIKqQoZYv}r|dCM3L}7|
z>mxnz?wij7%`hh<;X0i{Dn2WRyx$aa=57gIm$O^S@@~p;%(5>+ucHfr(sk};qaQ9H
zCz&KC8hCeM7Kt<qTH<alILrog3LgHh<<StEUTw~!Dwrn_NLcqSHwppNc&vWoL>=|{
zVtxx7oS08;)yz7K0wASfbEANv8zmPY9vW-YCE=c!t>IRi&!jisTp{j{Ax;yh`DOsP
z?+biBcpVEZ>$QDqh61}gARhc`Nd#qyemLr1c5fSmP>%V^Xftd1j6pLuZ}SFWXJvQu
z_9Msk0zV=?)4i}LfI#A44?w++0U1;JkHNnmrMkY+V-in>zjRB)btH0MY4n&Js|(Uy
z>9IYQrzg}10Mbc|QYP{7CX2=Jxuv7LK96SKzibe(R8v+|@gHSm1JSjj5h5641H{Y`
zwS?4qix|((5V|L3KA3DiRZ)7ACtto1aG$LHUXl7a(@)K-a;*SXne-kkJIy?D?`5NK
z&%AR>0;X#Aw#VlM_uVfciKelFP+{y0<#NPPGf>F40I`ilGTSz)ky%@wwx%zIejDP$
zb-gSN*}!dYK}7mFz!N=(r)xZe=B69`$xUy}Mn3IrN5wE^JY2~fL+wqL9%6N6Ug<~m
z);rZg5)eyof-?}_e1c(k>&-n|Tlfoy+K(|SEXFRL$8(WmvmpcYlVmHP5+5bqLmvO}
z1-~`u9IVVXt_xlI<|@d|U%O9CWxR?zlPb?&@LpYGPBu`_f}b$I@jvX^%T`*68(jLa
z9HlCuyrPtOm&zYCcFbk4F*s9+LqL%{kq4`}y$DdP(e4p1rYSpv3yc~NX);1%`Q(J}
zO>sI=8AI+Ps|y^9enMBD3_e>oIeF5$DW@~z{WMyXyx71qu?WY~zB?glSR```4@B-Q
z=W6NT?iao2{$t&$820Tx=A4ZUw^#=~E&ZUY+qk(<%q~i=vgn?+F2?T!HbL*&F>8)S
zdOGQiTO<ivh7|I**%aj(_c5QTFs5J2laOlGG}Ag5fAs4&45(&T4sj;a<G_HdYg+GV
zNe9N0VEpcj+dFe>!%+?JD|EJ<#qR`;hD)?>D@));8Eq!yci*(et6ljfFz8A`b7D0C
zdq?5VT(H1c81H>%>w1=qMfJPRT*(duh3x>^uW1c$EZ1C;=Wx1fR7;(1YvO7TOAV5W
z2189&qA;|ugCZkIjaPdN7Kjr1<g}E=CFVVO6d27Y7^HPD;pIPq$NklCcBghWbV{;B
zA4|SK)8*F^sc=um^3ph2L`}pi@U{5{DD_J4xm|Jc8zkc1%}7}K@XW2zCMiA*L(UIb
zzvY{;UV)M|BlV0?F0E=4KMK=nuX8jIpCVDa=ciB#?;S1$0V~678<TWao>nP^5ekuX
z;s_`CP9|%WHO^;yNk<!AUixfuNNqEWxz?-(DYa$Ix!SM7<=1}A5_ajVB@+S`?7eev
z>jd4qBPf{6Va;ELps8JnXDea6!wh_9+jccKM<i%wcq=B6u{DPQ!x-&bH6{2x)uZa`
z6D^hzBWIcMRHonNss2X%PI_I<l=fcr^*)*xVPR57&m$v|9~aejriJ!3aQL-@@9irY
zYCfYAVGfiQ+ww<j!(TDZlQv#}bip#?$84@`q((Oh_@5oh>lnOkotrl9a4$3Zlt2}~
zzVPwlnI)66T@4un^|rHY$5KTas2_OE)euDlDvNqdZQ`_?TB7ucs+ZkoMx66!;}<T9
z=NcJ4ta~(?Mo=d1%#P1zFlGr;R4{XMmR(8@q4ZpCzP#l2ft~WaW1LRI<bMyDoE?wp
zhess!fng_R;8Ud^%qf=ZTzpm2@DZPH3kRfC#X-BX!%jcNPKMWjvqAW+-RHK1m@h|h
z;a`vHN&et)3s0ZonUuAGJ?4XId7-uk2XuA?IDI}}Ok^?|Y<K5=;&Pd7R#RjR#%Ynw
z|76t#`wulL=g2g8H`Na%6GT-$8dghPTfDh)hCr%wet0?UTStCm{`L5>?de`E$}s7R
z2xq|sK##*wfScj)#BVn*iv-R<l`DL%U6~LnV0zDJ;WK{W-*dKn`MtzT17-VPJAk=V
z=ZtfdSLK#_C35Bfr13%dZjRJP)=LevozTgdcW-qbQ7~ZI&WIZFGF8~5iTiiA1}z)<
zW#0&w5_F`cqf#KuH=Dbx@CFjXi;NFEIW8f)nF%Ea#RN%38s<sN*r`^6Hh&h6P0>qb
z-3NK)xt>dKlxolj2dZ5@TAmLAZk`|Pzi{^~S?l(%Z_O3qR&h#xdV6^)zPa2Gn-Rp|
zj|J2z*+}25v)9Yo4}}V(;dAefM+o|-dl|QeiKNX2Z5duKoqT=U{na&>K0+$5MvwE*
z;)E%@+jX+kz17ZIRl<*)+*?soh<}!kdX;5$?Yuvm!4wgnYa16=Zg1++vN>vIRld=V
zS3k3}!X}{XtRn?-Umtn<pm+4j?{RgC<X)l<=`%Ub(409=jk-ZBj(?S?8Q*0ok+}{s
z7p#ztIXFBS&-cpqnH79V@%9ahY{)v3AbUomaaksSyL=5aB0lIqgrCD+k*??A0za%y
zv!FFg_4G$%l1FoGHFnAIWFpRE@y7H200-T->}ArZ0;A^?y!2PzQ!yd*Tg#{kzV8cj
zrIY!P>g@YBr#=P(D<v-ckgTr)uwByohnu35uc<k|+n$eR>UTDV*CESe@1CLnu_f@G
z9}N!$k1H(YnfnPX4KS(Ir7@kf8ySr|iu~FcXzFx?nFyK|>%`h*F5=(Gg%k$?7mNkf
z!LUcSS9%9W<AWL&s$N3~@869**{K|!eC59iDtg!|%8uk*2E|M6hRZEhFJpp?$0l86
zq1<POzqp5FQgl)W3V?TKP2ra5crrb@X&fqqLs7m)1l7w#LZX5164ZZHUGnx}Q%DV*
zdMwhFoN$|!?>ow&>NQj_{t$~c8*>X>_8!271q%xHOv`>#P03~_;HTxaSsP?e6q|tb
z#t)Hk6-jZOd18^f)!g;85wNEWLQ=NzBQotsOVY{hOSj!I{u{n~jiIZ2J99CX(y6Cy
z8#k76zJMENY2$nu?=Cuqz=)w~(9n(mV(9jfS66ru<!*eKN>qg_?SxNu@SdMpz@OFN
z6U!ZNsCceSr`69%Zod-arsa6PghB01T^wkOkn-bLYFh|7v@4!302dyA1}A7zieuui
z7v}~rLQXO2=90;5+8RT1nWM0(#&}E}_WA6EgNRDPN~aDkdwrR9?h6HUi;fG2Y@aDY
z?isl!2Ayx4+NEHTa6(HQwf#sch#4Z4vW=vS&DMB?FiSJyzth9T4%Ju$13|1g6e?!L
zGp!P~aZ@nWG7yN9tbecJ!nWFDr>MgPR8iPU?`A$@;NETPRee|RMfZ2Ej`Xa$^(Q%1
zsHe9IJu)q!k*<jE%~2LqkHMgCb&CMlPWQwG+0~t)VzXR{W3H101eM>{6qqy-aG{&H
z<TBxLD}pD}(m%O3o02DoI@~36J@EU;-NcJVHcFvEz>-?OY}XdC%!QJm&5s%^p2HZ{
zdMh#nI7j-O>5E!-tb2UMPl;VfJMkLQCw&&VT)O<^z7HK@i}6ekuzJMyh4JTu$W84V
zw&8ObmGu5Ya~a8-AUZAn0z}_-B4oWxXXmBX23H7W!Q`cOX$4lfmrpK1_zPbG*d6YN
zKgx7@Mg3Lnc@1=66Sv*f5VGl_oAFzP{-w4t+8ViswYe!<E$m2!e==(~i&=9W#X#tG
zHBc7Gn!LV4CI(e^b_{E-W&VfaaHnb|ezD|9^kJT0#`kt=!0S@~+HDwIB~;Yzu(5p*
zu&uh;Qi6yA*stbd{N)v(t)F|bmg&{FtC(8Y5UPjYcA_$bVE<aq@zGRNSCN1eMWg||
zQU!=z{s|PZl2xw@d5jcg&+68K!fF)>3a+MpY^`)=Et1!u)%dL?0|>Yv2sl!Ibg#b6
zR{aUWdtjwFo(IPn2N8`xJJU=sHnu6aaLM>rIgo}CMVMQS9Dk;hO~0$#Snrzw&ic3>
zvRsi-;&bVSXpcTLWVV_iPzA)T{*Z&PzD&hudJ2s&JLnzq;#(wKzBa+Jt3lCIEz6;`
z%w6W}K-KJ&U0RSK5hsm8mhNiF+FbJ(6nk?j(I}((y#IotEAm6VJ@H#*(GMqmG(%>m
zDF)08r?Vu8yIhU_Cr|#dOlRP_R$q6<Xz7SFq{D!IE5HNgy`^4#{k%7GB^57}ut;}W
zfbT3~SlfF8Dv9NuHWy{g{b#G;tyMJ^!+F%_OYu~jF&|k}T(3bpVQ)`rRQ3^~er9+a
zxn8ur{M+mce{55OO>kcznWJt`UH642ey5+Nbkt}x5cqo2(`F)w*3>YnEStpK>z5@>
z!tclUF6D3S)hPYPwtiZ{<~jgMyRAMr=Sm5I2>Uc+FGo`C+NO2}CAGq%0@A>NHq^f5
z3-R|jjrD=o>>RQCOLEd)L1P5Rt9p_?@EyBeLu{Tr+!ZvRU+no_y+VqWqqYEP5O?-l
zXxs1Im9phF=60Vj96w%@=50qC<?~M-$Q`HeN6Ek1wpDlBiPL+ckb6-EqSxJRfjUoX
zv2%V10BzC1ECz57-JXHi1MULnk(g0t!k;VUzl@tZ3^TTSv|{Z{qhwb`gLh!4c-gb+
znaFz!ZG&efZ)aU2f9S1j`ews%ie|mKGU9Ju5v|1;X}v~kB?WJMkn%9{mnIE3m?j3a
zTdN*(8?Lk+$eFcZ1I{H|k;aQXq+vS`ayNwrwY{3x^W`oFUktFyej_Y<Ag9Qx(!Og*
zxu>%+$Y4E!brb>70Du{r?7*GQE_a*4sgqHJ;X+eQr?P(*mtU@fHbt&gI#C?c#%%`Y
zzDO?mK}ZQ+?RkS|tPdMCd>#K<GRa9jd)1#FHn=}j+<#SN`pfeQB`fq&fu0ucHu}-c
zabAsX*NJSsSrH?FR%H!O`;LW7%NhYBqHr$S-3dy#u3XYV-x1*o-?F^sxO5Yn^fF#T
zS}&u<k+|jRVa3{v$Y$5z84z}78Aw*}YQ-;QJgsAz%4ib5c$wYbihuRjl6KW^aEi&d
zwc4NmknFv<nc4@RqoYf9QJj$td5f>7XBQ*WQk8=G8@)>g*H7IWhw3G%6|p8jX^sIP
zWMHA=Vn(oWhi`Y?C+}I0Ma4I+eMLwDFT+w1TIH@d`(t|<rP@QlOF!`{jXc5E161_G
z)%Ni#IF;IX@Ai~n{KrYC3>GDY#oU=yX6<2_Sf0~-WW-Xe^jnSIhcf>x<xZmjsJ+&x
zlwMiyz0_!}{&A~RUb6nO;$_&_kHSP7|JEtzj@*l~N!J{V$8iHPPw_oNCCzI}U9v92
zSp%>|CAHkU5x(8agIV5Kih%9lY9mNG`2@G?!1=P--HKqpWPGV*%QqW-t>7NPVJK;7
znqT3bnT&a0^REX4Qt(=zQ##nYe8UzGht72=i@;XPK5~7yynVx|?q3q6f_`#~DB1OY
zbBO5Ym9~N-LiAfj^Cxe23#n4d6NU(~b%>_kcCNjc)Y0iL-l1duhHm(fJ1LID9<`dG
zy2VOQ9}m`okxr$X(w7I6=hDer&H*+d5jmk2ih{TthsU{;0h*u1abzD|6V-osOHWY6
zjaj+;vBI(Bm-$zZ$vqk{Xj3`Z7D4p{lBJ{>#8RNJie0%2BupUPYrV0oNmf`nWO-zN
z{LSc_+-wN??_0ReuYryUD}wr}{6<p^a&osL1&72z+1NP)i7O2%k_t|9MI9#>tr6?5
z`L$>~hV@^&eg;V2wjFWQZT-ORo$yf3%R>K%GU?<f=h2Xm6yEsps?@QvE_V52uj(l;
zzI=DE#C>s_m^xf)sc%Jn*mO7>B80i>J+qO(uWTJWnG=p&r*x$Nne(O9?wz(3S4_$-
z-rP!2L`+D>OB@xb2{L58d#YH%7mf6t+pl<BRpD<0S~fq2U99Z&9BGp(X}spYP|4&2
zpw1y~w%+BENe&o&#-C_?^^(KXoPlHa!`eqbrbbcYb*j~8`|{^&yNe~D>PQQklEPTE
zzQ?$WKFw5*Xld+<SIyTVOuJhIu*Kg>Nj`QR)4VAn9LLrZ-0Y8p{cy(^q3g<aOJCm1
z4qtg_6-X^+Ga=TjD*QaVvqN>FOs~Arjc<v5Zw;`Tm8tqgWGZ7+Y`z>eO|&OBP3jbY
zf;6xHrY-hQ{XW5_0P@OUu92V9ZbOVk-d~eKtZv5on(}0jMKaKSZBMc81P_afz?DYP
zwD|fOk&)`<DW2lRErLp}YeQCa@!=|$;nHSUlZBFhm2<2YqQgcyxr)tlFq&;4rYP|b
zqlbQSjf({=UqzW=Kk`v^1y9$Uv%9lU`37v8w%b;o;KUn+4j8`J{OX9}qoIq<<WC)n
zfsF#}TJ_<-v-jAXir66FUW{(-_JW{9mp)KKy4bZ8p=I6fT<BT1nVf1+YQ9Se#^Pa3
zznV|cayH3Vcj!46WZdFK@UWY?AJ}ETiM<KmF-1_W*?>5Qr4p*vpJG#N>E{+?(?Cg1
z#b@c&EOebzt^62h*Wk?OuTS!|b76`29;W^}tKnrca}fJ!y3p|!<9%0O(}Ud5{1cM;
zbH~X|o%F<LPRQK?+&FC9{$%;~C>3qDKcPU28dL9<i$Aur(A5xi@%y(zYHqBd46T@K
zfLKfUluiA-6FAfgJQ$cvwW;lYy-%B6Q26^kNA^fx@5P)&tvD&mG^z)a%HR9SJS_7f
zx|7tDY~p>j7UEzACK6ZDl>C@WxDsP&aj5hA{#m+SnniP!TYt&Aig3y`Qh%i$HYci~
z+HI`(K?GN_qWeIW9-AN-;DNx6M7zhS)}#!hnj&q|905xpHvJIBHbDG}U!mc~@WTKz
z{TTC1ov`b|$D&fRZ<(S1$|zHQbrNH=^KQK7HbST<WO?B(A^JX?Vr)0oTd7DpU`uL{
z_IS$t>{$>Es=Vgm*lm!}d*oufvQBzumfkj!{zln%p@Mv<kf-m6nFlQQ7n=jVk^)fA
zO6b@=WIQzSE8;AhssF#i=3eQ*8t6DTzw&zjP+_8zwUX<Pof8*M$_QMC6N^(2Wh&$`
zgMrCJLt8dvK8O}>wd$2Gb0t*nbjLSTMY)c$>9FE#x@DH{fH*N(Nrk0ez`K|}{$;%m
zZlMgs=NsKi3@~X3Na`cJ7-ckc@q3-PyYkEi&UwuAmxeU=FVi%hdhuf)Kiy_mD4Sa$
z`~aObV*AAdmTjM8-E|viy6<_{^hPHYoUg@u;u=$aO0een*|~<@hc88q&(6R5*Dxrc
z<3`C!@b$qg6^<Db>kHvV7G9&$DQ^*!N6ccgBJ(o3Ds`pE4?ETEe%Q~g?xHi>xi&Y+
zJe|yUjt?*rfO-Vsc8vs-JwrSwzCF&PI};_+-GUP(LrKx@;(n^&GK2AD4b`0O<z!qb
zp{Um5!r^0g^wr&sgmXjIUbsHqPD1M&e(`bz&L9Y^BpKM%c=cV)XRo;QcE-YMwF#c}
zD$*W~?K-)aZBcCMLg#oo{aXN$qY-fTp9DOtb1?Ar;TQq6dT7sPM6gxWWhu{rg)i<g
z#EG)`k}YLnjTtzr7>+GX7Q`;o^Dof)a)nf@NxhZc5#o#08h<cTl~i)?vWKudw$T{D
zrtwaohuV1DZ`<}dK2B5`kabZm?0KmW3>CTR_4=Nv-wL=#QPW$awzWCte&$_%1HmIR
z213RU;G49NJzRJSm6CY<&I{(ugG@wq>Ai8W{lEnK?oPaKYU!)Iy``617kg3=r6|ss
zS;%Ef81-}g|6!+b+@-hm9Sx<~#3gw3?2VHr6IgzI91u^dTKMcx_%;j*T3<`<_z)#L
zf&8g0+)(8<mUGl!^_t3Js^g-Pi?7XWgoPri*1h68(c+i~*2SD=nyFfyJh)3=o*b9h
zTIpBbgKC&NuP%L0tZ%VWwwoAR*K!myFA92X2tnNO-+Ys8|74?pZYEX8Gf9Mz1@RxW
z=k8c6Ogh*iC=2!PF5ZdK|0e-50moS)dO-(#&-|-HM<@jB)1ig!36M?o#b=vo#Iiax
zf)R;Ga?dP{O6bjbK%jKHV=KL>!(B7uRcCukn!g1|bM~>S&-SC|m!hRxZF^mO76XpL
zXA@EhF=4V+_u+I4_BwV|2R<dkuWuPm4Ta}DIZ$BqPgkdUfy~i2RaTPX<0&)F+F-fY
zl3QFUp0%sVG!kN|*}4afc*@cMXk2xksntyD0b=Xk6MnGeaxaF%U!&4puGTu@1ko~@
z-0O3zl)cyhCL3YrIRAAE6EX)jDQiybquCXV&m?!v#DWbJa<{MAsfG_^$qtT}UzBkK
zMPa_q4|YqRQd0zC(YtxoT{`Tm7nw9XM+H+0b86IYIKBU8aP%OC`n~sAY-W7?K#7H~
zL3D7J5p)6_GW0g<XBkSZT6iR%k=HH!%6icMk(HGYui6c#bN@8RYzFJIPswa#@^2RE
zuMO&Ig)<SJq#dMZF1_5Zf5D8M`kX&e_w=1XxQ|@^?dkeIY9@D%U3x2e>d(#O!uNN#
zFdidYIU5()Ak=S#{<4kQGUtAYWm|+1PX2MYT;_nV{GW8~5l!2W2ibJ>->=(Oq+=t-
zcYHqXp7am@qrWp3*xQwtc|QKR3x4%e&t(>j{UCuaFRX4P80c3W!HTgT1+eeu$y`PI
zKe^UlL$Chg+;@w+5%Bvr`|O@m_rG<J)ELn`JI}H2%V8Yn@2$_iexvPcE@y8!I~TdJ
zf8Sm9#*5#ZZ<w=h^q5_y3OIgyci*!-_PM_|pS!}|m|w;Q@6?WDhU~jB$UgV?pW`0}
zC?LOxi11H`+53n8^&Kypz--PIsBqX_(7tmnQ}91dIl{#j(G|As;rVe1xbL{)8t9Ma
zutPY`OCQ*anA0u+u<x}%An=do9|y=Br#tQi{r^6sp0FCAzHtC~*KoY>5E@DAo6pZD
zP?6b0jypBitjJAH!4vK608}yYfr1?}uL`mJI-z3iq)Dd6_vD^NmHhmU8gwa<{dk7!
zT+jXzUu?_<Mq^<zp(4b_MPAh3yIY)G=2>-NsKu-`x{)zT9W&P2hvW46V3LdD?7-V*
zfq#u{f<joM<2uoL;IX|~_??paHPGPU--rBdl=Ck+yzQl}jf$w6kIfC;?zKf>oEXVl
zv_jY_oyZ(tStQ=DTp@BB?sMS`1fHK}=qyTV52YCBG&QW4s`>vRQ?Kp)e+lWlz<kC?
z*<}^~rtdDcgikj(pL4qk9V2sG?|4oXJ(*{;HAw4SE2$si`9n2a_Ww0Qr`s>Fh~f9*
z6Uo;<6JOqF^$_Gi&_<cuh4<p)vFfdy<r%`T!7h;jU2FgG=o;?U<{F7@^2oc2Brry<
zhp}|R{kg2*zT~7PyOfZFZPyXFOfoXqt>@K)Yv<ej3AD%R0b%o3dr;08Q|=&zdwHj%
zY|e%vw<iQL#ZNw#ixFA((0_lM^wZp?W)N1Ww0Z()bRu%@{pby|=n&d=^!O5}Yt`K@
zpW@_6hHWaD9*ej<cM*`#^g#HTKn{BZZZe{#;Ox?9HwUopp4&%n_miKv4z)FR2O2-O
z5iofPBg7iDx2Ht+N-IEJVxIA)yuwwpq$ZVeGfKQ4Oq;GJ_t9M!3W6;X&oX`!KkjqW
zEh6#r{047d$!EHN^Wz6~ZIIWUW;Z2+w>{6e8eT0B><1WL$Q}rI%o0aKeAMhf%`<nr
z^AlectFo8WS@!h*M~Sts{>nY&FTZbS`{rk@+<DSg${f3BJhNq^#6#O2;VI9|1#eI6
z=}>{Rx7@vLZ7>_3XzbZoJr4O-aL|Ek{2z&)V?81^%<VR<h~=By?nicr;{a)6>r5k}
z-t!2P_DeAy19k<$F{VoVP2FsY<gtBK0=;s@58mf%<dcNS7526$mK6{G<+ob8LGP-5
zP%HE1ngRT$_IYH{L_yH&>q7h_8JnuNJo0Zo;|Jga3nqAxkf#h^Ps-iZn%1`7k;<1!
z)z=iima6Vkgutnw5!;(r5c>J9ZGeQ9EKJ*=eMBL*k$tyEdv@&OTbYUa#PjFpW%!yu
z%}a|X8g<E!XUJ6HYoEnFTo)n6-K;43SXknA#g(tYppzEUA0d=tQo%bQTk@N6b4ss|
zi3uNmTL{xwuJCn5Wm414Oy$GnxKrnEur6JcUBKD|<>M+-ty-hhBQyOL3#oc{^Y1~=
z-!8G}Nnwm%NLdiem9ee59L_S@SvfbV>>f~1JGk2YfNkH73;t!@J{`HeE81joNYzi@
zM)ue`dSl^YPw<kvdzk+9vL|(0S>`_b!%m;J16})AYyAADd=9~HQ_^vl@tu3@YqZC*
za@W%KD~(_e1&=SnqZcP{41C&d<8b=^IN*-kOEMmzd-l!c+X(G(x830<V=|siy(jsv
zmDoiI_2sYZ8$94of`7fm>Qb}5c@wGM{~)^Sh*qi6rbLcx^7-)&=qk)F9St!vT!!h^
zS<)MwVLuLiTgVj*YVWgqIQ;X0ncVR5$qP>Q3PS)*J%?|<&J0U_m8$%Zp*5eU8Jl|i
zluPd5;Jv8jyX!x{X5Q8+xZVHjb*^ZZ;-Rd!1}D-Ac-SV}^uLB{XdZt2)v%jfQRUcs
zo}4ftv}%BTPi9T=!)~*zWX^;aKNd1Sk4cPZ>BP<SevEmrE0>H?%9rTVJ?wYGRh&z>
zrb6_yx|>pjW6R}P?fMlnWkbb#qh{mp61GQaIAKAb53aWSeKGAPgbR3XxZhdCah9<Z
z!fv!0yrw|jgdYJoE%!!n{6EyaWmH|wwgrd>cPF^JyF+kyclY2ygS)%CySoH;cMl1!
z!GoqZ_ulV&a$on4?$<p=pMRV)4*Tq?RaI-wHP_s|uyLDXkUw=&3R@f~;+$H4>xthk
znBD74EsFl+RZm9URpZp{43l_d9^g5hC<)QKq9CR>#5~t*hgJv!eMK|;;*4WF#>P1W
z_sIwQ$!JN^Rj`QtoQ6TnrR;s-rGfsZh1ZH5E2W7zDl)4MIvZ<2R$8;xbU0c+)AO1m
z&i+AbJZ^%S5Y)AZVpS9=xF9;tijRZC%zbjS*Fi98{4Kef1^If3IkJUoG^PZ%6~>G-
z*@yeF)j_a{kKOgrPN(}a_xHUQriLJegsO9M1DGFfk-it<>LoG6PvyN^6_Sx)sZ!|f
zU^zx&7ckjB#gBC|u-t~z*2SCjzNsj$F7)8sC&Vp;{l`FeNLKcl=|pFf1^Q|t*8DXD
zTImnDJtr9RxidxRr`&*1`7r;XbWCYP{&6H5I7L;`B_Hl~(V^lnYX)_7;ApfwS}c1o
zns1{`8OG~0NiCVm9Bh$5)UM;Wi#VNEug+#NlSQIGaJ352Z2IjX9_IBFaNHg3?Q$p6
z$>Tak$J}-JJ2+g+KEc%dAmBGBX{b3a_h%&&$(EnP)>mFp`rm$*){NpZdqN|Tp(ta?
znyI6ts}aSQRuw!>PU?QSBJxGAxO_j9NwD`5h4ofj<s(E(XYtgaZWT|UoP+(?2vkCK
z5g#SXNZI=cPPpP%1j1%B4KMf&e40n5M#|P-*-m-QGx)Esp&BhC1C?rh^3-clm*3{w
zo|xO~{~1NK-AFO1$cMS8e;&2<_>Rm1^qEFCQ+AA3Fy-cQ=`(LxivBgE)ipG@*508N
z^P(vK7}WEZlkZPMk!#m<&#h8CSPlitl2q$geBxh3;6=KRjmPpO3iY4AYdV(e0T%*R
ziFq0LrRXJfWofBg-omr*z=x?ldq{4I#AAvhPSfvQm8G&c)CA|4oJO(-{mgLcNcaW8
zx7eL*<Th)0!r({uM_Qs1NI!OqxR|Tc&&z_TwNepr#DBUIrU>ju&`LyoN7)>st@+3r
zF~SL-$!4#%jGXgWrX@OJoi2K(3nW>Jp9;O7oa$BYA~Sb<E6+pWvqcEz+3Rq}GoBam
zh!7vnZ{q95Ra--2$j>DlZ%funUY{TFS;6ob?76<oUdQ0<4mzI=6bA4IeD&wgKY!W&
zFo$er(6r`6RdG4-0oVqF=oSAS$xatK%-lbmc`z${tp+;GVnj;7aW5(IxR*-2FMl{P
ze#YI9%g|Y|+WR0JWuT{_M{YsMTW+vE&joY%Lr%n+jLhXtMMx!tpBQS<+5;xLX*@XR
zf$7o*IZE|mXq-n~m#6FiH31z+A>kDPD;fdT+N>NN@z{a=BOfAMhpNn3cF*10rYn95
zv*VoLcv03`0#@y?you>&Ar1<8rfg__G>zgD8-`(W`P{1NidlryR5qif24V1~QAN>s
zAd5s_qsm2$RaQv_j>g`B&nJ}+4^;*^*6ji5eFcY>4!;EMUc*Vf5F6qbTc1}-DLOqG
zE(Lk7XERhC<Ay?lUydGzHD_1|VJd}ljF6rWAepnew_g??47xA3{`4@16ekAk+duG`
zL`gejv~Sr|U8E`Xtbf(1_+4|0FrjknHP}>;UN67Xg&eJVPo5cTr<cX&uz-@1)N=d7
z^d=2`t{vF$`R+EJ^ImD_8HvwEjN2eAX`J$Z5fq|``u4E6^k2By(3U{o@`&6QW2js!
z#PcvT=Qg=nMc$T9@bx}fxP|G(+V6{N4YpRESn0d&1G_`f<$zxEUD|&0{9yZ+#5i0j
zu?@8tlrb2Txb@r02lu_Wi8d{#RR{er@rvhysTd3m+CxQGU~8xs#{WXtF{FT<eJrmR
z&+hp$da<sAs^TdS00H#&`jUpy_1IsNosU7+_*!W!6pEV5jU{bC5I0;2M19P#s>#g5
zO%O;n8zQ|;_aLX8n{0U~l1bEPFP+Ssa{$o;1!aeRhY~2BgwQ(#H}>-adh)#i^25jL
zvwWsUgG@boIaxdoOLjU)*T;gd(}2r@3+k7>#=y)X;bn~voL9ByGaE&<O?6`u->kf4
znFY6}&$bH@45@9!YPrOVIeR|ta4>i~`wrxo<i_6`&r#mn$bGUU4-M8;1$N>!b93g2
zkmj4`nQG>kF_eF%fIVJ>&~B-5GhHu{?Ps1sD%EQp2A!&LggH~r5b(a~Og>33JjQ?U
zA)gX`FF4LSu0D3w5<Dubbp0xs*2%d!dP8&D{vhJ2>#Fb*b-=sR<)lXVX6MRxbZDXd
zOLiP?FuL8JQlbDf5+i-1HE>e4cFpTnhs(C;KVyo#0oFwwj2mZ)j?~7h6##k)13l?~
z{<i2NIe#={qoP3<b%}+VNUi^_-)}0)nV*9(X-GjRf*Fa@?8}A*@aEC7!+hJm%+Il}
zL$=Qd$Ej^DCp7NH1?j}9x$i&-P+S7D8O(Dhph}u{na#1&`#SqWZT<x8sY7>!6a5{o
zS<the_+Yad4^`w3!{LrF%4M?(b4f2To?DxR`x6hyG4b74ztY2Zh%;tc)g-sYaAQ^6
zjlp5&9~M=WvnGa^hj6h&O-fE`uPVR<ofN-g!FSvRV8H<`I6IcB5Ptvd!B$@@V4nm5
zU`^rnhZ9}N^wdFprgSFnaIgN~pj$sekhDG@&nlfU!=jdXU;@Ixt1a=#%pPxj!d>Js
z4rZmV$R@Y_>9$iMu`m<Lsf<w;v0}H_><%xJ%rEtb8?EvQw#BXTH3ZWsB55c;#1Rdg
z_HQv3>n;kh<Z}`iGizF~XPx`!(<4hy35Wbnn*ZxhbY`Djq5O4--y<k&U`NzN`VXi|
z!G7v<gehoVcJDY<iKepV&JYGg9<Al%N@lRR*bQ<^53gd5O%Mc3Mne#mPz+&WF~8`X
z^GpA1tns=h;ZZ5`AfvtYDbXPGZ6|hyj;Z7h^+d_f$V>#F!O0C7z)kO%c$ZGx6Kl3>
zzkk9H7#a{Fm4WRK&=o503*#N!6;J@Q;`;|6?9hLqy#II6?*DB7|Gx{;M;UhwfaDv4
z{m^Ij-Ruy^Q-1%Ih!b7Q%<?$_ft0bB^&m|9k5BV<0ovhz!uQ<#m!g}qN`Q?Z;M?}U
zMG5?WJxIa$`_J2gh{Cg4wC5s*0Ok6Rd;SkPCLRzS(Sv-`g8J7d762^&Cp7{PIUt4r
zLGX_+{6Br$0@7EZgqE0kM5p{b(DRd7IB)*9(sK}<0-I7HD}v)^7%9k}JWORm=qLU)
zDHxcVvjjg(<<{S@sGH>Z8Xr0-9=x0)Xq(PMB<WxFPX5&L9MQU9t;AlqQ!I9dg#5*g
zyoddn-$VX%ULi$xQPi2Pg2&V&RNDh_ZIkqd!|%A`gs`Q>u^_f)=OCWq;gFf0f}*0$
zc~6bY1tu9DN2TV(UMl|XI`spJA_;L@JvA$P5&UPc{hdK855kHrZtiU;AL{b@+^n%<
zbfx1dsnK7*o4eOZ6|=Gp><^PjeHO{H%$?@-+V8HAB<Zsz7Qp|40|3DWQU|^r$`crq
z0qyb~9X@H_f{d(f^KMVx68xKahpAj1*|Y7f0GoFa8kQPwwz?oU>A1qcvm%mw`%5Ml
z{-tOh7j18q06iJEk9Gbl-e7G8_VIV6Usz^ESXKh@5kIQneL8)WE^%@Hrz^5uf)i`z
zT#|S_X)-CQf0ri)tx2kSNq`ktJcNPm+7~-hR8|+(3hoW6rJWf+<V+02D1PKl$B|;Q
z(1_Uhc_=lu7x3*6%a(UTMLQu^tdQL7G@k7&MkB?`sgc!ctc&l0DtwSiB)OI=)xu)=
zFsd$xA$~SMSs9&vJ2`zM;?VW**D#{`uMQZ5PZhfi)E1GqTTlE}o~<)o?AUY@EBCj1
z%6di2b?qj}jHE{omIx^ZX}Q#7OSlQE>P3tp`RVAXUhPvw>i#r@GH23bcPAGWG`*=0
z*t<cn99ryAAdLA{egX(YchH{mT6$XTd{KwR=?Xv8A=|8^w8Rb;5Ip%ObBvM8wNAoK
zj-z5IaI91?<?{ProA{g;Ls;&Kf+86b!t&hm?dZ{q++-qIrXr*q&v6G17DLWa)n9c*
z?X+<XSB+QL*(K)=qLwP43x{zrdsSeo14<|RMJ6zvj|B-kY{^u<o&^Tkv}oRfuIKcJ
zH`ib}jLzl|QmNU+)$ve5gpz!mNnU$#yN9m3k3Y4ZGwpiY^)1C1N=M8gn_reXV|qMI
zDq?R^QyR2v%#`Hi$>-2%A>v%SXTi9jv2b0kVkl#m0R((MEZQ7aTUMOEmpvda<$xFK
zwDPA3m=vH^m$=NpZToCk(D;k4*si*}Oz=w^Hd`Gm2X5=(B@2};zi(duB?O<og~wDh
z>vbHk6BAE}hO8#*H<VY0&!U>5Cu!6-cR;w2X{JbUHb>F;n7v7}{HmZa%lGb=6?cUY
z__n{nHv_9sf>LAR#dpL=i!{6WLdO=#&-yW5>8$`BH#o{8a3AuxL&*Z7e%@GJ)NW>!
zv2a(di0pMb8@+x0RNm>P-pb6%7pgT_bs#yZaFR8^>=EW^b@Q`8-QJKd4=SaYDRv{F
z<D}h%=D`GuV>~y=#Gt{Mn^k>aPe1&WH;b-&XH#c1TW8Tnb&Bfb2{ChcHu+%6iMrZ?
zs=*QY7)6IZip-F?d}clEYOo>u0T|3%k8TWG6=-sgb{05IeYT{<*i3P4$xO@!&shTD
z%0tH+AUfK$#={H6t*gy5e(I*A1x}@#EK!@{V0XqeH`?0NtAoYgV&ZoW*YP$Rbp)9S
za>i$<uQncMQ0zkv@9i`|KUKjA68fXMC%h_Ts}qyf4%*_Kr&=x<-~Je_6!Q(W2Ww59
z%w9`zC5%(3lIzwig*|?}O`X{ZM~46H?G$UQ=??l#(w{|}|44t1k{4|0ilF}6V}sYl
z_Ap156hI80Mw2s}D43;t(X}weqB%Okn+EFZ);b`=$6{8%4=Z(#v>My<mg$-geA14z
z|D4$$xcnmEX(RSB_P)Q*ezM<vn*74<TUM6o*Gb<Mis<F`>hz{dF2dFK{P`ZRphf&^
zlXr!}XGe+h$Hn)k*JCN6z*~PlItq)J{Bb<ROYM)6iA*&{vC*#^&{udvj2k;;61Jht
zfx8=n_Js=1L);MEU^yS@%Y@ZO_JM^^tYRb8>>%8YCNk%b_7I87>?7N^(2YYM`y&)5
zJTPw$2s82L+LO71%zo;*si=>C+pM2XUCrZ-gckqEGlH7aR8qexr$ddVOnZ8Qi_IM5
z!hujonk+P}J6e~Ut3V(&IRTHsl3!imC8k+tYr1DXHbNf_uaXiMxRstb4lHHVgS9$7
z0wsqzm=$b@N)=jMVpHR-8M!^{$g!%95*V2I1uaZr^9*rRRL*iqd3%z>YR+c4$oSEh
z*6*~VGz<^dOIT!a$qox2ig4GLWEw;+Rc)8$%&Tn+@DK~{NNM`7bzyWk?y*OMnMjUT
zTlmvIDmEk%uM|a9Rl!#?uIJ*jN?3&&88rs2QOr}5_F)Qw;*-WJ=6Eijy)R>W4?^*s
z8!)}&x=2QEAdl1jzDxf=r<@Qp>VgKZ?>W)2723Uherz%Xy$f+Uum%Vdc%gwxi61_|
z*yFe?ewqz6b152hA487Hi|zkS;3Jlu<oDsm&R0l5QA^*J&s*3~X^^h?Y{-`FELP*O
zJ9u~iOFIcVYQ7*$5>gzJTAEeq6D+&?prL&sNMrE2r5QSoedBIrtx#uVWs;0D+|>JI
zXiN`=6@Dt|q{~3BSsYresi2}|n4LjH!kCvLA0JXFLfykR2p>6;=Tnts7-nxd4hhoD
zh@*(oa*DG}Z9yxcBmO|{)iB`<hrsDJggRsw*^*MdP*2P1ZR$AkxH#?@ZKs_Qq@1Ig
zkt7S<QkMvEj8YX@cH7bXyy<ct_?l_I-*rroJvP4INTNx`;#`yi^;HQo{WT#wz=`LP
zz1tZTQ?0%-)ik(m0PB(R`1Ee7;~E<CkgR}YQ1YOq-OMI7L>F2VhNP1(9-HBy2s8hn
zRH)<;rl=W*LoAqCTdLUTjx@non;h;zC2l6e7<Q|fsi>nI<8olrz@FE|<xrh-t)$Vh
z$9GrgxW&i#`$TJy)&x-}%<y)D<BpPo5ye(c+X2+fgtyVq1%K}khVb8K26p>4<oD-W
zpZT5b6fXy2bXqRVn2{W4bq5*>*6cT0vL&{E`nVO_i@!vCfa|6U6)g^aFqqb`7-ZB<
zZS8bHqO~ct7_h{Ybl$$3NG8x`x8B`E$n@y<@oGKehQAcW2MV-^JUZP-ZwVv(A3oNy
z8X2n+{NmFm>C86CsonX~v)BFAhW8HQC!e?ey{uIClclyS$fanu@QBE;p}G#yH+90q
zdUhDW=w_rB5Il`5IXCdIsMlyJJ`O^U@b^W`F%sAl;PRv@R^Q7a`JqVJKSunD2HIV!
z5?ndSydVtS`Xa3Ft-u9NrL0+*_9!kf{%18?7LuF$pD$4B*m|Q=JO<oor1GC^2nRc`
zH*A9)_3IfG)iBsZgI$biJVJ?+4KHS0m$ib;Fp|kMSb>nCU~94BpY)m|hPLWYBmWR?
zhQn(#j_Op$>nvUWqsHvKYD2q4ex$y&ES_96D!Z;!UEb1G=fN4RoQ*nNZH0|k*pnxd
zq-=pWSQbgtfRmW`u-e_N6SMGxlgul*{XOXohAH}^PcVb;f!&jzs%WRDl)9$cO6Do*
zdbo*?JPC~m+xR9&YyTQ4R)3uhOFb1cCG`p*ThQbXcgZZ!jLF9m#D~kY^ZisXc8y3L
zkQ)%<_Rp1T2Xt9Em=Jt$J_ldAuxlm5?4g6Y*mes{P)zBNG`iyOF&1?H+0m~9czQ%+
zehIutNb{M<DdcV4V)}A4h_Z&KVbQ1|vv~vN%EKoPuJ>@c<@|ju*|Wv#-qxVyv+?HY
zWOFB?m%AWWK+w!;+y1xR>dckdk2PyOH?zC_nN}26D}S5@_%BdQB!(EhKc9l4jz$@A
zJG6g=4F4$TCYSSYWIqFi72RlG_(0W#<O-O?@Rs2MLgo&JAAIeUiNj2de=>${=|65f
z|Nc4T;4>v6b~66_>ke;*?`@EFi3hcoBF3ZDE7odbX#!_)jSoq9=VoIGE6tx3;-6V-
zQ+o%{napD8wATCJAKP@4#^h4)H6m(s%v=BmW}edIAMsTEuXs9+I0*`}ebS`&iO`Hi
z4OcS#EoGfr(;e7ABV-`sSQ1yjh9*{|=p2gp6|U{UPwmrJmvpwS+}>qBZQAAlVIb9|
zWMmxRq9Vh}@un!o=(ru(>h>t=FsIerlfezjQhl4{;JxER#M2KID4{bWQJ-5aVg9XW
zzMVX&NS`e?a3o2d#!F^Q@dr8Y_s7mOU0F+eo4fBad6h4|j}`duM|~sPd^;VpN+xS5
zI$n#L3u#mJ8oK85E9`0#wVK#S2Xj?qA`3EF#zx9(mK$GA=3<iwOJ<E#LC=FQeSj&(
z2`tkDd!E`TjUgOd(X{=|Gsz>x{^8+`9?Rv_<ix~stkwf)y_W4MIeSsPirUFsg&1R@
z2*bxyXH+GW<-_sKhL+G*snNWz$eL;QPT_`mT~QtGBuA^pEfM?~Cg13U{Y^<VO;wWi
zhh~Tt&2f$A0^TEWh$mhvd$!TsS-4uu8aTSS)1#eZ1BrOj4LW5IZ{H~P>Y<e?9{R5H
zLtN-T|B#;9<?sB;E$ABIq3V5Yd={vK)ZJxIyq3~fJQLVe=XOMOf^+po5&t0~2T=uW
z<wBstnN~-L_`v%$W{d2@YdkWahf?c1vtF_CjNC4|djr048vf81({U}ZsBv<<r_TrM
zMkEfZ4Dj#p@I7-lCNncV^c>`L+W2}Sf@d|yoX^#@MESI?)2l~)0j2=za|0IHZ*qhE
zqa`UiWXti!=c0W`>^3=pPWqF0{B9nA9lCF_G*i-5s+Nx6zl)_~LmiPz^Cq8FqQOYD
zPlAd-6}&7Rz3?B|wg^=vYxfn6XPR`)CmNAqZCA-dTbj*&V|iuv+VGyb*}F=HMcUu+
zzUhx5QlHzTpbYIL&rQ-lnd>R0Dr&UBMkt3clBh&u9nP!`ju;yXa-z`YPZRT&&O>Y0
zBCGlQ<1EUBMrL~PdXjo5q&C}32d~c*mJ$JvZX&6oz+?e?SH3z+akJ&<FaS&FNlrES
zfc&@;{;Z<}ihBJQv?hk*_$Bd;0)ppj!Q;jkLMPbObTr;hAi4P7;B6v?olTp`iykRJ
z)J)mepsy^7%WE2=n>3KaL9(V56=B;U1R<uGOY1zbPB6x4c=eiBhp#iKzFEW6<AIX?
z(06gBss92YV%uUbJZI_=YLq>CIp$K&j*wzOPtog9?-==%Aw|L>XrNJ69mo_jZ}nBu
zN%Y=^FhoAxV+LrOka53(_xQd#X%>4<PJVIKQ|A`kbKmEE3EpUpu@={;CpJknrIYW8
zaKxa%%i;WXfUooLagm@0`c6Qy7;s1$d5;F`&1WGInQb2RCs`CdBqh}s%xIy0_@?xq
zE0^bYe8LZ{f`5h&>4GS|heZ1UAJEN8nr*6GCBla;Cs|L#?`aP(Mgh8g558sIm&rfQ
z>3o&yQ(7&n_QZd`L?3D`Qu2Ap<iJ!<_lEOlBzxsDvLw7dUw-()g6jMIvO~%fQWMPB
zT1{xe`&qvibEJWx#ES1j`#D6|e$M>EHch_VC)QcUyOj3p(G18UVlcG~D+NB463&Pr
zEhd!G`;+#1S<0q;|L%_3v8t>l6MH3Iq^<{X=JLkUGn;(7T;%DNDG%tU9L9=J#Doxd
zfbrlG3Ed|yv;vt{2OH8toas>Y+-g5Ce#on3aybT($gl|H@y`NZNQ9^e1+)}r8^VOn
zX~G7Z$lVYA-48~muZ?5(lOxjI&-!iqPZMY=r9qSTrIX%gW>fgc;Sc`Rx|(*K_eS?8
zdZ7<zYxO+53+#b4TXnw#04(KG0&YWi5(+SkdF#If`1EgIbdm+*jMlx#75MU}42wtm
zOuQl^q_-;z9BK5gJ|lt2w538yLwK9L%^dG=F!M&6Y*R+*f)|U?6@Go*`SSCUEtL?g
zIA<i+BhWym__&6{r`SBM{fpmlwRhyCb@GX7iU+~Y1;03JSp|`Y)tF^nX;KZ%i+`Hx
zr-<*dj&-m}vl)#EKvw_`X8B3=A>qp5Xo@SdoC$YOOEzM&E~8derdbVLgE=V7GV9y!
zWv%Vk7mxcMh>1qSUyuIhe7IsfoGHg=>+}B@bw^$#%S&=|y9qZ<hE1@{8zG|bJ8_UD
zu=nv6TESWw_tXQyg;v}CxNGGJX^=m0K8KlC2YHPXyj*J&0FXK`=oU7$ji5^s^gvfX
zC1Vo~Z*Dr=ZoHre^Oxfe1g}X4{i-cjmsX1{L(H093!@?W9DLeT`Fw+?uCJFlpSMGS
zJuzLt#P}r&kK;@1#Z^@yV_K8%C3tjKH4|%2kNl5R9VAT;!qtqJY#j$|X1B%fYHR=(
z_RquAvm1$G7+od9zDJ`#A%5t4-lc~fm@F}?q}wNHON24`aN`a_m%~8lbm3E0HII%7
zuyPy`H{$)ok5e8s=~ewQ=D&x3z^A};TQFJ>CE1oFF`XKhB+4>v$V-feCFOZiLYvnp
zo7V5%id4-6fQFmn(&L(^Pq)w)(`Z4;xFt|vVY0?a-iA$i7<OrpB*9L91Q_zVK7*v3
z@8gpye<lH5{O7~oYR?>tB;vI~QJZqZ-r*P-V47eO&?Ca>6OB}+51bl#y{_}fI?u?x
zpSR5I&I3y%w|UAX1lp!<zE6g)=f7vNCNsKcS3RExOuUY5zn-1lJ{!z#e{OfU<oQ{h
zxC}U)2kRJoKV@;d@cf+7W7~I~iB-5FIAL<J-R+Zom>2xuzh>esY~o7XC?N>3^e*bk
zI{`esWMBK`IUgaE1MusoV-zvIR5lfT@j}t@tQ9Yx-9$2ts33gGpa1$j`7n3)>Mp$^
zy_4A|`LI5Je*#q8mYiU1$q5B1%p-C`-IaMkN{e<MnJjQ%pGFMxX1>)50;Zh}bxM+<
zxK)-inPM1AMH{NpZG4tg8B<znFHMn-%j92rFD_^6f#+|%ZDS=@h_KH?a?m_>?=<;c
zAK<$`%-X-@jDLEz%JS!j@}EPsKZx4m<-Y{3Ch-h1r$4mFe!bNBT3hw>fYdL$Bx?<!
z%z9f&0Zp7f5&1F76s6h+`EYc&MNY4(Wf4Cl&1zM*c+^<`spU?KiD)irPuX+ArNvIF
zrG*gM=P{(6d`)Vd<5moj<Ivx~8ENT#r+I%_$X9<MBr1z}Cu)|GAN=KsWwsZ#Nk%Cq
zXL^UW)qaVpi9u#&Yg<TAW)3;beLxP#)#=LcN2a3p96r5+b}*pwEDq@L74nquOYh|N
z0UBi3^bLi6(xhvAvGN#}fxhhmTyPCdiKgSD?J_&kj*BSb+^~&HjGU86B0X?6QY`v}
z08ewPNHd;tdL(o_bMGnK$R5OklQj3vAy1?+`9eD>Z{_TW-o}(>ZX}2V>`R|A^}omU
zFQJ~|ohKpL?<~cPGFaYZhq)PCK6#39TX8FIc7I=vfa$&cAc|Y(51w7E`t?t?7I{gN
z)>C+wxs8{Ubqb7K8uwiSDz8t~#w>Tmk?4cRHNWVCIk#!mw!MXz1b_Y-uWy|k0%_Ul
zVq!stV{WYm)=r}hFM?G80fPp0Lt1JZz9*(^l7qfvi)Jy}`t>*3A#v|59#5Va9L7{8
z)}%ACG&>pP-$!s<FdT=(VGjDLod44MWpV!{D16VBiAso7p5s=&h)b6p7KtO{ljUgx
z;+6La`ab!$dhwTlpCtFemVJ-IZc`b68`Ik){1E=_-vOW<nc1NCs_UvIW}$$i3n|%b
zCTX>o4eita1)rY9+!FxdK6cz@puh`SCU4yQ_?naTW8IUZzF{z1@%w_?30||IZg-6!
z<vaOp(r!urcirNBI#vMzUYN%yUw+78#@)#CcUo!bar$T$3uCqH$x`d?P22~8MJX9|
z4`-*Y=6flsFNE@iVbTurA|VoAHr(h@sHUeGH8i4f=GaNh%Ug2k{(BXG=l~|kG?#rl
zl(nEMrVFWA-#(i2t6r1oKd9;Z963P#Ot7-!r<tx35t}3-)ck6?`<I6EJ<NH5pNNoX
zC?@5rt}GHjJ9K_^!;OVw)fqW40ox$;Swxuwi2_XyT%e<hj?t;KO){#=`<1@swnrm<
zM-;UKHW<Zn_R@%13P)_;rGaKjI~czqT~8A=p;{zQwY9B`Xk=2db%ZJyvZ3RPN5Ev)
zyijuN+K+d-xc!}|K6WG!hGRYa)TCV8^J7ysgEPFZ5wScGO0H}`Zb2t)xvYr9MO)@<
zdhGk%uAH1512y9mDP%`C*@s9KbZckJc6G|pyzxtV!w=DDbc)r7ksP_JlynM-YP4F5
zVZ<Scq)oxL>#I+bTAXE|W7}C4+CyyP^T>8+v!3O;geLmt7qiuTv4O&DAsZ^@C<6t{
zJz!W4C{7VF&S)%mA0#E))GL1p>b%}2Vh2B_PYVXlTGME{vz3xGk&?No`ThBv*bs56
zp%zc&dD+q-JqB>dC)RVuC>UNRs$z~MCyA)?WpY2$f-;O<m+Gx$Hw@~5BF2O_LC|XH
zxz_8qNplr<DkI+L<Z5-b68Zv@o5nEU@c5@B7I2jW`G)v~P)M}sotm{tES!IV@99X3
zA=bMv7Q}alir9jAGL`+<4CNDyg9EvLD}<3QWeIM8I*_b2DgrtBjY}`~#Kde3A;jvb
zN<_dEF{w?j|42I&Gpoh}k!IqWwW(<`=Y^$3OIX<){c3-$i9w3Hia`w^h#9cbMQ0^3
za;hNgI8fdx+DX&=hU-ZZ;fW0M_-QA^>csH4l(SjP13M{Yiz8<teCt*jUT`&E!CK6E
zL28LyU(K9?&m1-gs7?X!G~?3Vpz38x<bl@w26QoVl(q_quC!9@$}mr`EDful#%ch&
zlq}c4j3g}VM#hOW)A`b7#BxXFBTsMnIyyoBURomTUyrv7G%j!^q4s8b$!W`>rdDVJ
z4a+X~qtER1-{ihqL}V$qm~GJ(seEd1jkn^ARX%e&=Fs6N5o5=w;>i$2shI>*hd5u}
zllb<v&FqokH7kxvJK3^QQ?D4_l3H6Y5X09KlU|3ez!;_nY~O+;M{#198HRo61j}|V
zEvDDlNg3gJl!Mpu2AnlhZYw|Nm`%N9U0usE3Bcd~(sKTb!2d7{f-+KT%QrS0JrBa7
zm{5&G7pz2!PnFpUCI#k8WU4zs6sW^<RJ&M6dliJw?b9x1ZyRI}bpmtrTkDH@?xKv2
zH}R6#<m|kvvKD;{A7GT5KzFN^qfCibFUzCBUP?0QdCov8T8=2uu=a!wqq%PD9#92s
zb#TIG;PkO`!E{AhS!Oh?=fg8c%H+a~ZW<Iu#yAT_x+E^O<Yp0x%}tn+3+Cv-7Ot|{
zBz}9$!5UkAjFE~BYI<vVEm39L=ERC)oRB(Nrao~C8b77Ek;q(1w3U*a*X<jM5{j{?
zrZ@_imTf*Wwi7jar!T5-J%rPzX$J3~M?o1RMoBpHX&i?#l!{r!YGJm_hk;v2vJDFB
zMsZo^ywO2x0vu{7c;~Wz%MJfk3j}2o8iiI4iN-4iEvh4p;<PG*5JcvwS^6&H9t}C9
z%x5GauW)~qmiAI8e5MH1>Ip`kc5xk51a5r)!>zb>Fflh#itsBF0WI@FIP(yGu{?!w
zy0UQ#?Rxq8l#*S_TnyL7WDEHxS}HXRvmwa#wRD$gx6!^6USPC}J6uxn6K{;T>nx?c
z(fS??bF~HXE@uZ&oj{8u`J-JYrE7IM@#Izn_M{eMVcsT%6YAgeDx%s+SK=?E-lzjy
z;me&ws>h-d<#Audv`meq-C)O$$x;*;th8Zr0@ISSsui1DgjSU*q|U!v9*gj5e-aBz
zZiylhk8|e&#*aMc?3xV)U53a@+PB}4`ZO*<6bu`)*RYw{3I<i014y$Ee2K1pH$bnM
zwoD{&Z5(b|QDL^Mo0e;ShWfi&{w~CD1OCD#dMmh{-O#xPQC>wE&b%ea^iY}pW~@uA
zyiYrB%n2&hb%yGLQXeNN?XaDNu4sR840CqzIOdAd$k}r2bXL{h5HVhnhrH3TK8`q4
zmKd&Ca_-|1W6TLe*)@7_^V$W3Ro&g1$54+D#u!nNG}O}Po;@zN(y^N4q7<fhZzM!J
zy7baZ%?A%~<)WNn3JO=AqPX^^I~iP&vfG0W&6p~deb2IeEi|v1a98*Z?L_eQ;x|-I
z+Q=r=_#KU-A3l908e!*T7PRPgYiShX?BsNRk5+R;(?GmT{%W%(#1JZp!86ghqKI7m
zBjo8(^zjQVMVxe8mQ?Iw&RE^EKT0Cq*KbgRpE~7DOe*D)MQPFK|4JXIP~V>zVNu-#
z=MN+UexA_yn$`*;xv)?#FT46yAk=5G!Y=;ziXHdf%m(CDy>;K5bY<o-u&hwPhwM2r
z$%m{JxEf(<;=_to2=_4wCozeC+PtDzzfE!}*xYnA>SE3DnPl3UUOW5_pUHzeE|Nax
z&39$VR{?1iSjN&`t&lb)$<E0+HKT>Ecrn{&OXl-y<q=!vklEMHB|^{!>$M?-PrIC+
zEnmJN=gd8~YOp6S7w3t%^fz1?PO+G75QbcQ5GZ4o639mr`KlBmqYb455Lc+Ek@FsX
zrUIqC%>9|E`8%Q|ha$X6#));l7e*no*jkWh=55#mHOqtjMK3SjJwQiox`)TwQ$4hA
zOB2o01kj-T`2|N)O=Ym7P)s@KHz{(<6qPZAvxFVTo7+3@HK|ZCy-bfOTp#rL(uawb
z@tjFSj@VJew+}P=_&03{#KaBj^|e#fwXLsV(Lsu!AzG-siCLvxGX2*ErN4U({^~Kw
z(-#>od*MHQ!8o=RCyMDP-sO5m6b-nK_j=trIYT)2Ui`>&QKI_T{Lr209vOIs@Z2Sv
z+qA6r^|iPDL=a-v=W+Ym*qOU&e+0d#BkUl315}?jWiqpN2$8d~4hUHNPIwM;PVLna
zX@8bCC6EF8G4p^S>V_sQ>Xj3SV@u|>c;(n@;-wRQ1LYeOAT`jVrDiXf4Nrou>~yuB
zV3nw|R79J9dTN^BDcKP{n7{=}@ZL`*&{qO+QWSp@V46o?ia`IoD&kGtV#&u{-(H4<
z$rZ>JI>U+>uP$Y5EpghrF0AE!-r2DInlgHAVdJYZ{F9b_JJM(^EoBM4{@8Li68S4c
ze+!OSl;H(5@Kgrxp%)bd@n_8zAgmkAASxEd=ILA|NC(j)4eDG?cwQoK08YQ1Yl1Ls
z3Tbt)d_hy+?ySQ0Dlr;J2mX7%jGw1M9@m6Xvsdv-whe<F(i1HG#cvJPc{=Pxn7xl_
z0_C2;y=4bphS|U~asIoEM)6Pi^+8Zq<iIzLBPXvWo!K+1fGCmN>dFGocbx_R={J0I
zn(gx$iOWmv<5~ZQ{+m4F@9)qy?H$^>|LIh2aN_SDAZ3RHkh$!v#;8GtVy$7U1euw{
z^}zxZ%wJjS|8Im&%wqqN!UUlneBN?;8h(72yd<w9ay>&Q9hh~Xq9(w43)4e@C<gw$
zEC1ChRTdi;{>5eCWc@}UF8wR}GxJI8L;iebV%+YPjh6*8$7|iwjL%-!;V?iH=#L^?
zVUUyWr}U#i3Pt~0LsOmrD%Duc<#y;b_PqcILZ+|g>!AS8=Qq$Yy}uCN->q1SyrWs;
zehSwC803#yQl^~Lw7o?nrtu!LmyV^gkVjgNKpHzdsHm_n?dbKw7thvLOUF2$m<*M~
zgpb<}q|x8~rPlaJGolf5-?Wm<kg3$7QmdKVj?{BT1PBr6c~J|2bUw>Ry9K3N%HU){
zI~3ah<5z<uAm<p?ejRsGV30W)pIq4J%UVV)+#K3BgIuGtseS{CPeNYzyMNRk!k{Vb
zi)s|;CDX76t(3>$oJvkOT~erD@;Gd!nl6rIo^`1@$$yO#nMsK8z9>%Ngyw#3qN^2K
zX}l1nQ;ev{#p^>h#@}LnR`pPl56M6ijxoImTD9D0Bi}#MLTYVQ{xdh{t2w<6=ePRd
zujK5nZZRRBPq{|SG~E|u?)AM9w(7}Prfp6#$0eZLXCx|mZmaJ~1{InV>CE%g1B<=X
zMtYNBj9UzIKzDJYO5m=}oV})&d_d9mh)Eq5n$4r8r2YeLc9D#UzdMZ4GnLXw-OLJN
z;<}kH5HvS--;x!kNC(G*++3{Kn``mR#g0NxD<#*63#Mu#tf`Q;F)vCS2E7waSBjfX
zUQMfqwy`Z>n26i68-tD|+NflKl|sC|DJvKn3MI*K&Cl&on}frr-!HdPD4bV{H`(n_
zqt&m-y`AMI-3rLkgI-v02d=vow8>0=l^M4?39>OM;A}abWn)_8wrHvo=hh{jw6UR8
zor*rSnA_F$&)|ax$n}?4p;hP0Oq7pbTBO^IhMe-M^DmY-jvepkm(oPAHmfM_KU@)k
z7!&^6j&q0NxGYhc^JJ@-N#hX=L!1uP9)*+4T};w9e3rUDB2tWll^dfh$wWJ?Az5Ol
zy-g++qls9kn~{7vq@7y)lX08~O^2g!8F>MgSD8ugmhn*3sCk7RJp(`jgKp@oNs;r+
zCIAhRMi!t5|MOOw36Dv)2ZFU`B}!(V93%dm=`htehi*ak^oC(6pkzT0TDi?%Q#x(i
z%JF`m&y|$^l=Q(4fw;TQYPHA(1*Y6%G8-9>)N-?8UiZYM9GwPA=<IJ?{`c`DKr%f$
zXa}~&ekcU-SjQ|{Fh{lrgT57K=rOx7e6Su0AIkw+`Ce%sotiF!o4V^CEKhUQqIj_i
zATtT?V2fsTFEVVAplG-yM5Nb@F<#cQhcHKuqzH+$D)y%FA<ucqlI>76;M|g>97&2S
z{iGTo2EKk^v$m?=+5+ZR<1<=V1F9_slcGPa#wNE@f<pEMp1GopG#D?en2LF{#tKA&
z|Jez);jn-)rU-`Il0o|5BeCKtn{7gdkT4I$1r>)jE?NTXS5t{E+Tea^r77J=ryPV_
zC;TppUf<WuPKco^eE)N6ry?Orsh-gV!$fE_4k`?${muz?=rJqi0srSfLl0qbY1s6T
zOr*WW;-~kFPfbm+P9`ftD-}bem@}2J+R$p^PLY(9S;luq=Q+n8hMjk0;&K8F-uY}@
z(pG}mD_^mem%6g9svu!;8os%v)R>sm8)g~7GP_m|u;CGvhV}Ux_=Xt(%pyrfiNi*g
z`(Jmu+UyNIyq0>+hN`(NF|9kW&No0&94T2RnU6ms)XE$%%wBelVHV6V3qr(EZgx2^
zOdp!|usaK9vm}bF`ubi0`H$%oDb<5~(m`4kJ!(-{PHY=Cxj2)9UWb>Gbfv-mb)$io
zhDOCPvy_^78at9WpmkCeNnzx^A;r)iiFrgeqt}m*zHDZtn(Wy`dK(SK*IYYW+&l6u
z(?VNTdR`V*9e~j|#ApiYRc|C9ZwYWyA2T^nEjoVe0rf0qmd6LYp;Ys<<3ZJHL`rWM
z7uqJ!>YL^m88{e6oFMLAh&eWsjq5HMr6K%sLfqACugLefmAXG}@895Wf@ry$+qOc5
zPfBGTi8Rcqvs&gmqLoybxoaT&l-ygT+n8vyc133kzti^igQOY-ylA7&@JV!!63I`q
z7}SGs`CVQXYoXUgz~X!=d|4AM5_I&b(ToBG|NiW0|D|0z$a;Q$=L;hKwzsn+muljF
z88dz5G5zY?xTFaI!S63>pu4ol1P0}g%aEiPU+D#94jxQ9Zpk5sALuP>)^8&xX%P}w
zoQ|UJ^L7RVCxwiYJ);<ztov%<Iow-mB1O%kU%(;yJz<TRYYD35)9snlx6H6om@+>K
zkP&%*AJEaS>TdN5(P@t7s>Gy>?Qb!MrJVyRei_F_)TK=W;du}fP)%biCH1caENaW2
zi{spi`Y`Pn_GvOG(s4YuhX$N<%Lz|bv%Ko}+3BVQ#spY<<BH?ZH1G3i44D6rgrjIM
zDXb=06Hxu!L4Y|ISI3`e2o15>q!Hw<Nj9RB0La2Y9)yYK&z~Q90`b(Xh?kB4A4#Mw
zg09;X*G?p_?u~_!2$Vdi_fBT2GpgJd57?m>UN{i0$oEF)Y@o^{qv@cim0&X6BDAG+
z?0T3ngBsUZL{Ds$7B-ClA{1DF33%gm5}ctQ^AZ6KSU;Ds?#~|8NZ?Sqk*;V7=x!S}
z@6Yv8`IWdk=ABnN4^v5RRlWF5zi=fU`{dzzO$_@;@CT>cy3aLKd%3fcx?gVh$m*c=
zO}72v)LDxN-}3Th|9TuURdvL_y<=$~8E#|$tE-B9^M-aSwcc@pc*<48cD4PyPsfe0
z2#S!W?eSoZ4(y)`gam(IrIsC3lp4ejNX0;o;<W5Near7JzCIC&Buufs<f-T9l3e`~
zg9Y5?ad3hKd=qd1S00dA!*a;W!20bzd6b&Kyak};SG{V(`OE2Rq-5B!K^kyT{{fu~
z1LiMBpH`-L-7Yqmb0M~0&T_zcF&BbbZ8zONANF7^D>HsO)4Bh+<%Hy_0KEpg9hzT=
z>A*YLnEj|(zS3#3)*tSOrm<OfTBmX2Is2QB&vzFnjDNf%SoNBypms!aSnIkxYMGjh
zW%|!Tj_(t3T}a!a#dr?WQG`5ZZ!LkI(~5WRo#PSn&x-p~#9mKc!M}x{3P@U%Nj846
zr?{O={K{Gen%QxwfIBl3$=x-KyatT3Az#)!6b~U@3EnJ0aK4)Ed*a@M0PGG3E?qNF
zsF`j?GQB7G3KZZ!<mhoP-wH&nzBJS~^@U+_rcB<;+^9!I=rsEr<``_(oqpb(;`_C)
zV~*`{{X5}7c*ad{*MA`R)KzdO%E10-yVMnB&6bbL;W9hl^t#?bOTLRUOvstfESSWQ
znZu4$Md3(jg~of=7vS|U_WF&`)yzTaV8*KGFg3n68Z;&7t4mbR2~FS7cH>|`<Eq3M
z2nYh+Uybm}z@zJxhIzuMcAmePU!rMvA|`tDFo#;mz(BZ%aEz5sd~C7H$=3YcP|D;y
zc#!ID?>eH_Yts6_$+~1qzao$}4Mt(j9Z4~S#gEv3pOpS!yVKR_!s*`0<wdA&w}T^R
zBZTrUN{m>3&TA(u!}9mNmU0%b-2O1dOb7@Nc^5?inwmssU8Yov$@>9h5agZY0bW7H
z#GZuWLsPH&EuxG&%5AALyJ&Dj%}6DZzX@hS0A-E+=m9N}Z}VCG{MLqjeBs#khx_f&
z>W7&a+w;KY2Y-Qv`paOQnqEF;*NE?y05Cy(FU5!fPySTrYm=dQ6+7;@5xy5lv-(m8
zv{L-%>l%3yrdb$0fSyAlymTY!aCS;W;bU+*4vlASt!r?P4Q_Y3p9;L`4$$Kvb#>Vx
zdA$V?E}43wK{4vJ8pS?N!G%5u0QWvRY(LY{M>i0yU*%IK^L~=f0Z$TOM`{-nTMK!=
zvMRcTHLo}AUf>3ZU&!B<3cw*1_=XrJxpPM(eJwB;?dq^<A$u0=p#PDl&GnQgHDxa)
zx~Odn$;krZ^?E43`)n(*pp4U>yvVB6gCL80j?466Dw1hC^dF_arOlr{yCEY@khp->
zF#NrE$NEbk3pVAjam6Nm`on8C66C&GX+TdvR1ky)!?QQ5*Cl|j*N+W}{DOfY0sDI@
zfaCyKweo%IpB{WRY$Jp}3_S1|rKXycmzMl&c95KQ`GS~)Vd;=9KR(KkS6d7L!uI)J
z<)r_xW#DO4>iOL-6>_@=2|_gdzAXZ;|L}h}iV}Z(=aFHKAq8$+5rJ!e<^VVWORl(H
zg}bX*G(9aUM%t*9GFnX^idCoKXahJ7bv$#k>Z+Q3U(L*+C8s6pup^tfI3DUUxWDj?
z;$orqeQ{(_mA8WsoMBufP_+TcV*mF1S$%-<H>|7gYimOU4#rYZz$B%0o4C@Xrni`s
zRC_V8x){GrMZ8qvrjyb}iHZptZ{{$cU6A+WxVDzhu$-f3+K`x%$|G4waZ07SXjn7R
z#=#@ph98Q%GH(1&>9I*_8aQmuD@p(L=XtIIX5p`n_Lx3?Ysm@8jC`x`xbS~5On*CG
zM8&&A%OcG9#ia|WsuT)IxgpGylH}9}kypSfSIj_ww(l3T$d!uQRuTXG3$m0POV?g)
z+O64xG$Wnno{>|+c*~LNEBZ5Ycb!r#-LJhN)3vm44l;}vu%GVT+?gM^RUc(w`T9Fd
zW`+JHRR8kr_$DzARO81pMekW6X;%pZ(|%U}z<V6p_V#?3PX2NK`>xM9S)sEyRW;lF
zR>U04<>Mta?e4zCLHYv|?L_1zHG{f$`H;1My#EXUOVw;Y)>2KIdXdTduh0Y<2CFA&
zs%7Wx6qZs=&aj;~u?0gkxO3ofhpWLQofM;E?4>nQM9$x_SS>nPMT}mv(!|?kRA!Qr
z5j*MyYp=N=6unW~q2}oCS!6=A?|<<#`^npqpvQU~ZrL_xbQDf?XLTioUjf!tNp6O5
zywF6`+v<mpMN7>_F;l?BnW(OHMx68+BlTuZJ_y-TD8?KsMKkwsRtRxyL{C{iLxRrP
zOKKW(N<6ytB#dJ?$faU-n3x)&$wi%F{Z<HnLi`XT&Z*!&_3^!dr7NBODMt*e<#Lg&
zm+7_77S~E*r{KKU1magnUb+rj%VNL0o=$`$BZU^sdccPaXQ^;r(LeMs<`^9;{4W*O
z;cf(F{7<p{KV0Ts?#z7$GJlRUuE-T`BlK7paWiY4`C*#*Oa4zY17X5M-$6JUmSVf0
zfo4;`Nx-6sFz*gU-gdqEWy2sTKJJ_SeZ8R(m$x|;xHrdz{OG8O0^EEmrj_$Pkamy;
z`jTf%C-T|%^?qae@Mm&2k5>);5Ip+(IL#hfE=YQwH4dPJk+K(Hs->HniK7)m>=^wR
zmZ}B7S~u+s5pX?id7wr!qg#v1pO!O0=vPHIF*9q|Op~oS*%Knycs0ffm62<&n73Lj
z7nH{Rcm}R!%Jaj`3XO#2W?4JGVD;S1!m1^8zq4pLMSHsD3SVceCS9|@`2N*CK`o?5
zK07B&_Klxj`-6ruVx)=~{KAa3m{xdfwIh}+@-qx;!ir{8K1#_CCxNGMMP6cmT-<e&
ztY_k}P*us?BQ1_h*OujBO;;MA^n!*~CEIlBPoe%e&sw>UUiIrnTj`k<PAg4aRdNUJ
zydN<;WB+iIuxLG<SESDSZIVBueW`XkilD@X_BCK}U^3k{F0!BnSA=O85Mhy<VI`~m
z;z-D6^mo6>LI3r*+MB{3p>5B`+OCS%tGyndo}7|`7C427t&JIm{BK~_n@o=B!@}mP
zkVL0TT7?gmRE*lRedR$a<YQ>&-7yFp2P+ThB4`g+j0JhU7HzX)Z{*Z`ni95hfskVg
zhYyL)fu+8rNQ0S|DM$WFxX_O<KndS3yH&R^kIpfhD#wyY^#MVJPNtS-syOjpx*G(v
zyc~>tttw&Bk<5E80(Z*c^%++8?2T6{*+5-?lrn^DwkeyKGpebSv&V#XjXkkf(gm)L
zB5zreJdOw3Ln@hdRw2n{b6yhdFhb|RM6FFV!d^1XmulZ+%Qj^Vl`g9OOchK$y!yFR
z52;CfMnj+x*H}BV2WveTpQkx3SMF=vB)fZ%Vfj`tKXvh%zB$BUP4!;oo-C*207d-;
zWvc2iZ9bfoh=wN<qrG^~FEE%)0`fzP4nj$n3-7uXT@FopxKFVEM)C<TC1*pqTz|u)
zUBEb5XA_ALgKFjr!K5QGb)gvjX%@hCvFt7~jumo{6xYX-`Iw-ZaU&cqbic|M{z6Nt
zO+v|h*2G3$go)0t$Zff2qv2`RPRU72?b6(o6f1Y&l6qJpXEQ2Au|V38sE3-Tf_VYX
z6mLU)e$4CU=ClV7@4RQ2A|csk+1aKCP&T@8nb}erg{SqwKb4oIxgp-ii4?Pj)I#>&
zGBzKDe6OL{TM`w=ZIDH$rx@47EZOyESh{w4*&f+O9!f^78Cx?Iu}()NJ`jd(+3O5~
zMmh}xn<xQhqLcj8<Xb<Z>BZuho%2T@Gu|*#;s}X=XGB3K%FLJDVzlcKR}TJWWsu6S
z2*4!nYgD=>EoOQEcNO5$s==j8g(Uema@CJ{5@V#qB_|~=PDeGVnwM}-^Mwol;+lTf
zT&FodCUxJjwMP`6`~bgSF{zJ-nX`M8kSQC<2|^o>1BYGXSchn*n-dthU?^C3e{N6I
z{XC-xljG6~Z!xXwYK!u6TNchkiCgIU9gT0xA&E!r#TfeTlKxH;QeICnjoBPiWFPS8
z8Ip<AM_0{h=WZf={40PGkxrP6Rgs^`5d94b!dyJd@_A|X`7BbgcU9&Ti%vi=^LTmj
zDqBoid2+b4d;$Xeg!jHmSw5!O)&p0*9v9oENd;ShM?NJa)R8F0qNJJJc1m*wwicYe
zb{pEq1X%Oq9*BfSU%w!8j8qJr-iO3N85$O6<o6nqBq|VTTJl75qwPd$vpO^DPD6(H
z)pT}9|AQwKVH&P4B*L2zq*(4J%lg%y{kKxbK@dOr!Ej(;jvrqzzN&#%iY+Rku;`}@
zZw<%X2XPySRSAMSh)_yH_VbG?*GF}AeWWhD-AssUMTTai<iddey)V%$m3&uvvDSE<
zk)2Wk;RAVm+^&z=K5n2c4<20+Ump1O!uORmz&us$_|5orz!wx%#Tuu)JPLp6<FaHw
z(0)!9!7I2k^)R-`#K_3#!a?1d<@(R#4<>vN6H5k}*3@<Z;jJRxP{>;%1ZQPk614O^
zG$C-~3TqUfv!C;`V$B-kZL4_-ikb7XBM2HTKOU25r(3RoyH?#4=da`O2l!vJyyB;t
zYoGqTpjW;7IjkhkUm+(w@<*_g=c&7{xM7LQ<xD0#cwOv>jgx!H6rK)(ji~M3CZnQU
z>}7)~X<1{j$}woFeadL=EQ{k!=)zrN6Ef0Kix8Izz;;*c%-UB2FwN?L2Rlg1egiVU
z|LPj{?L!HK^Q7$D7Sb@jECDTPtzQoZKQXnAX8lBuN8hs9LhO#sP7<$4(G`mru6rc!
zQ|9g(-e&V|w=lWaj90*8_E#2Sw2@1)!pRqrbGxS>Cl0SeSL>(0_odT!V1E6U4t@+N
zrUq&}b09yh9P+LEHHf?RhYmKtL}Vx%KfWb{YL~qr`j(du;#XcGDvl0jX8m&N5ycx^
zMTz_S#ESZ494TX=S`}C?w@#y@0F=@ksNo#Xqu3nF+Ts+{tn?GyIJ0`F6?+^MSf_7(
z!H)6|=MzR?6lk*HjV(8jW(-TFmt~K4I4)i|7!~LtE!K^3-tux<d+FSE&oZ3NmJhuQ
zW<+jeI95UDUezG%-r_K`@R>T<Q#9MyUb*nP+GU`P0O{i?imwit#qOs@tgDkH!<n?Y
zWlC<$q+<aTd8Ry{!5~~y??BR9m+~pu38GZ%F)vG__C<G*iGT-Uk-rk+zX|_U;Z#z%
z=?^|#^ifrKRHoC^h&!SZHz13kM`6v-xOks{TFielQ^Pw-*bH)c!k3H2z7l|t-h9!!
z<w*<m^91EFrVki~`uF<XH?S5Gernns+8PA=-`gLa;J=6{w+w(efSka)3~EC}BNTxB
zce4E*5rF)kS+l*jZnw65fwmU<&m7c0zVaWf&wpjK?{EL_IMMwNjqHoy-jFaC3DO;E
zT0i8ee${{T6wPB}Tu6?KQ~eHSO<W(ec5eZ`wA6c|kQ?^vC0nnwJ>=gKI}q8?-<!!g
z+QsK$O!|~4li^XdRMgb1O+29wWL|+qQCR^Eer|c@Op!9<qtlG{IBNN5{|9ex8CKV_
zYz-3#?hxF92iHJwcXtTx?(P;KxLfdG!QI_u;qERWxI1|#`<$J7&)w&FzJK5Pz1EsN
zyQ{mps>T=v00BDc3#B&z@yeA_vbaIOB6Jn)IhB}l`bG+PFBgf2ay$w(fU5pgx5pkz
zk?2T$bOF3nnf712<`kY?X~xkl;dLe>bh?_*K|3Zzo?qw|LW?N+tQ&9tvD$iDG=n3<
z!;H2j!2}h_;cFqk#Ax}jKa9%BVQGQQMr&v>ZqPWiL?pdOuP-g7t)cn?tEFOI4$>a+
zMpAi+1D8v14H&J?%`*D+R<b%nZutOh`?8*;M5nHyKFUJ%ia?0@eB==;m+(3iMke%J
zM~mz4LRj{o*gd6e`Ue^s&sYJrmzUcPOK99rRi7DTt>%$t0BoP1`tB(E`pC$Lw79sq
zoZRgrX<BXkxx0Ww=yKyIL)1JCh-ZoJWu#TH8Ondmz)79f`?J#SsQqs8VZ0qD&%S3@
zSe)0lz*n%E7^|4t9{lb@d8U$JT-8#i+J=LtyRxEzpou-?a>3@3Mbz*Gi7T8ob!OuD
zkttM*)bJv>Ly{^zy?WB=R4W0ifxU!4a67$lO6NVCb}C_6DT+9EvXAcq5CX;M_Ls<X
zYm6E2iY^KQ4Mdp$jG9*SOh$c&O`fq(B};cqb&k86(2}2?z0OxeQ4sfIt$n7352o?O
z2<R#EDDSPRzD-3)a^ms18e}W2jH0T-S67NW!%4=a4WKwi#+Ug<hU}Kc!()VJ(P$1;
zaJ)eqJw~sjo)TxrNc<Shf?C3&6YZP327AIBYfd5aJ7St(J*{k3GSl#14$9~nY@#$~
z)-*|&SC{BwzqFO<(+b7DyPIK;ig3EARw+0D2(<b_JPKpVS(&mAeasj<1H`M{(x)o|
z>a239bMrw-$Q&h;+MP$g4(@vD#)=95R7OZ}c7I<@%lSS`XGP(2T+Da8T(k6x5qV$r
z<Jsc#cqHIYk$mJgsMATesK{U~1@n6aH>xDjYY&@1Cjje7H-p2edJ}6d9NZ$DrFk$N
zkUf4_rssIdU&SSmH6f*@Vi+B@cCBZKB!A#c*>ta5RL#mK^bKo)I6-dU&_)d^<7Z8J
z*z-(4@kIc_iFP(UG;b3nc{40GLF(J8ve!r`H#<F_IG%==i3F-8&LJ-}M*-j8DDQY$
zLr#L6D!{0V`u)uEzc2si{R;0{m`9Nn6{M|(w?fU*D(Q%cYOI(X2^?67NjoA4DOKi@
z{nUY`W<?=Tu+GL97w!svGg?{rpEI!XjlUpR59g(tVpiXLbb(K4t8IyCRga@qwC`ca
z(_gOA`pjg)$V1!=G4NB3vwA3Lf4LlX<X5V-9E+X#F;GCOaZ4%)ixgtK!IzEdE2<S7
zQ)i5FmNxNV+_<drr7N*~zuUXSRx&6?3V+SG6_X|14A|$LwcVEp<wJGB?VVp^&?eXw
zbidzN&L%2`7#SxIH*2OG5OBdnCdI_==gW}RxAtl9Jj165@f`a!x@gSW{_Py($#S0n
zcm{JQ4-R<NutluZ`(&i;Xeja>>LS7NsP2z-OGJSf96cW7J8q*M=Xfl{LYa)>iDf2Z
zc`k+E#*ibhGDH}2Z4>>vHed)q_NNN&mJ8b~XDo&f;fh28YGsE3>;6&i8JYorxM@r6
zmJ~OcMy*9wwS4->1P2HGER??~IW&A-8P4Iop@p}M{_{)V>LEq`r887}K<So4MVgA=
z+iFE~U_W;YYSbBB3YAzM9l}zF)hyHsN~i-dhOd2IS|;v896}sPM`>$}oTT`BcG1BB
zTFtsJ5)D<I&V6w<#GGEX7@=!tvblYcsxD~@wF1SwMoSm0!{*clCt9@9L>$`jc_<?z
z8i~wW35nA21{rjiE>Vh76O$Q~FOoy4zdU0z@Sl}GlbF)ZP3Q_2HowVzV4M9I;}C~C
zY^6ymt71;?oTeNWSwd=*_gM_)ovC?hEZv@0Hm`two&;xFJ*K#1nTc^4b^1XRfiQi4
z^=@R1M>AIC;IE?OgA^5>KgDN2;Dd<I=c&^l;!Xcrn<tUiS(oQ&+wE-!ppi>OM@NoY
z`$IMT#;|hd*Dij}H<UvRNu%pw%%|=4fTPmV={Bf2b>s0;mmLO24*{G<AryoJEDT27
zh9_5eFhCOIy{d$i)HKBjEUZ*A{j6XH6IAyRTL;63=Ppu5D>)xo3hnT6&thPGD#fO1
zCb<Y&F5kx`Mx;iO?|kr;r~SP_?aykMl+0Fei)9?k0lP@`!L+YN!%rgs3MBBHo4sQt
ziz6WnsDNN87E$adPq~VGxYew4CpJfBK7G%%NdCqmjSU^+f(cYVtW_<&t}sI0@|knj
zFBo6)Mtyoh8I2ac4~nHI?xW1;R!}fri-ArOB38L!D3_7qxQTl^xU&sToN$09siwq@
z+bLsUq;%ejG_5q^Xu|POj+0tA1A)B3&>fuil)z*GkP7O|h|9Zgu`0HFk3p(3x`MiW
zW{R2zE&552jAnW$FN5Q)c)8bokTT}_ZfM?&g=&3K9>iW$%36EiLbAENs@y5KiEWi}
zYLv#T<DWgUpzuQUau(9C<`FKfs_V8HWc8+63Ot&SN0P)$q3pdHY|DV&{cP5%-aHW>
zdIi;$!*|`-A4IdQC{rNZb*@0MjtCD8G@uUxJlrMXtxzTRy0*NY7B5|~=+=jE@Zv=B
zSw!!XnEI?UMzg$hg<}AB@P&Ju&CmaCKj&NKB?KZN0PQWk*h{m$2w|9-nv&gbLtYZ8
z4p?iWrI{lbaVoP@)z=U)R*`Q^8V<CvkJb_%;_d}No*Mpk9SnkB_!=qdT@#1=R}_6i
zTe8!S?%)QqteJhc8@_~cbdTy2EPB;_vS_XUk|8{U95a#kRIQlym`E0qM{)pW3#0qS
zGbv~%Ui0(j?jaLQz#EgrVwHD8%-#d_#5*28#dAch4llni=uy<sC{Zb{U|hnLX}%?p
zS}OW5Hgc}|d4w)seQtlb0QQR>Df%~mJC-zk>taP`Z-(l4(n6JNA)G2SGO1s!Xhm0h
zipW7S&WL#iR!eL%3Dmj@NiUbPC?p!+WPeFm5KLqsTd>5%o0h{e9)5q_OK8*9Twn1=
z7pgc)dZ8526|=t5>&adt&`mRyc>K}5f#Vuxpr?O1>p>n$xX$!EnZ!qqfF^YFdmG1u
z6Phhj7obHqm_KmAv=CN}Mx=R9!P7#iZ5bhz+7uD4oq0c#q;vJ%=L+;AnH+VtWJPyp
zPmSL|F)A5h>FTgtWp;3vbw`80s(NmmAP#%0Cp*@`q^^W|RLa44595;aCycLJ@h%4+
z3OsPf@q>Nt$<~HCz~*2fCDm@}jVDcgQu0)JF=&tq7lmG3S{DsqW!JlmA^8P90lu)C
zz*p@J6rVNQDFj5G&<#m;gkOYH<!0i4O5ESydnG4ir6wnr5lv@;_I%N=_V368VNLA2
z_yIZjt5NuABt`Qn#?Rewa;hdeuoV~$qR(6c(|h|ZksZ12?(Y3=0*sx1osA#AR2j~r
zIPHOS<%tF3^7kE-`WBLa^HJc#T7mQszq{H9O|1=CfyhAI)=((Go#SwK-<dIc<aD3~
zU0Tn-EvPf05Fo;N+VNP-`c3Vt!7<diq?}(D*?J@!rIFGo1eIFOO&9#;z&sE6;vAhu
zQA!<%o@B9yQlACO0B4qJHeFvp)hF^<)W{2HQ~~WlNkhuOF!0IXmiO%x=TZqxO0>|>
zFq;bYG>!{_aFoeW3}Q)*$2TlSuJAID(@3$;pX<l>8{QagG;yS$to(RO)Fvbj9w<w0
z-XFq@6;XRTb16%4`d>F*X5hlG_wU`mTyIG!A7p(}<Tz-y(Nm5T{+=v#puwM0o%cE5
zGy~AIRc}yJAFFifT?%8aZx&GJG}G?*k#z~d^aiLPqztMxy-!`j#ySIg{064`xHmeV
z3%NL4|5go(paV3o{s7|=z%*X)Q);Ld(rIfQ4e#j151Rv4%?<pS#b`w_KNEHHg_=oD
zGkpN9Dz@W6%>P|sY(lKk#%>Kn*f~}t`ul^3FIMCPpk(EeZ0Xcn)IlONw6yYp_c89-
zO{BQ|8GB2|_78+o##PxfDBV#qLdqBM<Q*<yWS|iSqsc@Qcpe5xka(YF5>;P}YhUXO
zCZ)OyEmdaR*QYXBd5XS-m{OtF3uB5kgYowczA$!p#L6ec!7{p;m4_X1I^!dC4<d2Q
z7lU@`_#1I#PX#hWL^Iv(Y>q>C8M<Oil5fCz1yiZ`7}TrUIu8}<wJIaOS?bA$NLmkI
zEXQY^p#0s6om6Bcjpf5-HQyY#P}{ny!E+3slHbQ>96VG^sI<Knk{PN|RFc$x*wR*5
zD%-NfS*)T)SwMb0(@h!Kvei5kAAI&{bqfkX%T9Z#Rl>=0u#_sb#^W*)(7R*`5X-)o
zPGweH$zG06lF=1mc9qj*EV1?Sdg4}%DVh}u`RY%$<n)bY-VZ0f!Y&#QR6jtEp{OuP
zf*@tK1Dl(yl_7~#_L<9l?+YRKM8Dt<q*p;az}<FSO-YGG6Ot>bwoo#Nzoje2*s;jb
zT@xe>BxhOK3RpRkcIlcI%D0TPE6S6#YL+Oh=l<H8z(ns6t2YCR6F<cG;DU8e)7Iov
zO{X(YS0YMZK3wA`Xl!l)>%(smHOSGkgrltDcFBT9OUTcCx&OouC^|rZZIr$r?&!Zp
zdX{s3*DHxWWBMfW;8E1Pg}?~|BPQcX6pWxzZ6&>wxKyf>9zQ^d@Y&9JI30G?{4UQP
zq$Z>BNyt(3DveYBK5-~#Ed;}|kRfwyTiuOF{L3!<Hgrrbgoj)TyBQ29%<M>UG`8y<
z-zn#4ijNS~Sj%TAsW!3_iafe>`d%Ym)M;B1pq+R0P_u`D0eD@jZuc4ayi68{Xt<s+
zv2w_3xZNFfu?}28)O6f~#y`KhJ>c}*01nd4a_DXlLx=QV&d;~>swCwJn^x0Q1nX8!
z1+tINd`g$yTu_%Tx(oN~H5~bt2c)?7icP&awx!xf#7zzU&G$t*3j?&I`v{hlf+dNh
z>oeIUYh!o7X^9S;mSCS~zFt(=^91tt>6Hib$r$9q{$lY*W7nnBGEG;2ezW;Q|Fp*s
zCp5h97Q2p7Bx_d6@xn&}9Z;AReui|)<fAyAB6i|xe*|=C_Go1guX&9MkiSPoyfNT4
z3GUgG(QVJR<x8shzy<UsaNC}UA(r||zCB<BdjiFE+Ov>f1Yc-zNbpshz?~HjK8G{m
zRVvgafd~QW_uT;B$#R2SS`%E%JspSezu&#K=!1Y4Lekjhd(I}kY+AmayLeHPQnvB=
zSo7mlJ}66h?d#&HH3eF1OYM&(rf>R&Eu!0kcujCdi5^*sv{f{8BwZ9Z*vZ7RI+f;m
zQF4nn|Lrq?Sund(vSr?4Tzf}=f!G22i|Gn8;qLnd=SBn<U?-y<L>?671}tY1+gBkB
zI~@0eIjL&VI3jF6xqoj>!c$HQ2|>}RFN~kTi?4-fv~3s4s#jHJ<=+z9$al=l7M0A&
z%F6trdw6d(59oAOtNX4Pc18%RN<MKvZ^Bbso(g@{)ZaPVy-G#m`g;}tQFkI>5=tuC
zA1*))L_8id<L~i|lBErXi0R@G`)M<Xd7(;p>iRRQXs%OqGi$xu%RdtaVidJ|Fi9KI
zm6+VqW<NO<T^lATyj1Z8E=|h0oQ05tk~j4|)Wq%e)XrX~6Pca8u0QZWNy5G6MZl>x
zqVq%s_l}0hnhkLya(l}=PQ+qx-pUJ6ASaGz+l=t;G%zzTHkxzjl>K6BrgTTeav-7r
z9_0tnI`v^0e?{pEOYTZqD{&+<^Cz!<YW-dSH8t>NLGpiTv4j~V{O<Vue46$9X`kz~
zb^F@Gm1z)ak=%bL2D9i5TFLcRugft%51<A8IwHTynLGer5T_@7U9nx`VJ<71)vC@G
zQ?4|zckgYY!)ddo_$#{dmUm*FzEqvfu3IrP`kKra(5ehCv_uwDukgm^(9(1fU^N;<
zn;v7G-qr&ej^Zrwx$Eoyd#{lY?Lr3%Fx&GCy~i6vreJ;l8Z$4H6Z`;fp|1k~gONh~
zYt6r<vI#8D7XB=#(d)d+fe&hsy@2KRcI|29HR>69L|Hd{nxX<#D7PZ>0DS?|ncFF^
zjS+sb7+#Omp0hTkV8q|=^ue^z8fapAs|JW<XTs10WB^t%@^yDgld^C`?_+fpO0m%Y
z1_8c49C-coTYu^8$UaCX*9im8l2dCR`}p>3fx9h=tbOF4gyWehc2~S-D|ahvPNr9Q
zKK4t+?>58JXbS);J$+rH!*E3Gh}8EM>a8tL>ES7&_R34%-esV5;_$yu<G+!&uMY$3
zR&;z-!1Vm*DE`hE{eO0unBb4?IM7B+$r_A$F$6&U$NdA?rVG5YORX+#U8h4-<rDRX
zetztQ+4#036)JyU^#5c^!O)pOjN-!p+5z4S+5(DGXsc0?*)ePwyk9y1duy1kZ0cs`
zKyE@eJuR^p&3HFiIlZqY8c2~UdpM#obNgW8QuXrI?EOoY@K+rhZf<en13<UE*xPYi
zv`xTF(jjBR<Vf0B2|V)Y2a;1yrSGsf_$&BzF8zW~yDpxNw!XEAzQOrNjj>Z0e*+pK
z|Nh`2;d?WxiMR^J+7m)@i*TCc9UOB_H8Y&o!%PorX)){kF8!Wk9JQ~6|G-zr8-+3!
z>9EC-xy#XCJ0lScSZ&BmLpYf$7RPu=ZN&2FiMsv1UU`+JrAJ<l1mN(4PCo@)_zVF8
z2~A05dOkeVFnmqi7t4SkQ~)!A+a~-5^1qA=XCt19aNYQp^uT+VY@02=qI37=;)fAM
zY)nx_C&lK{_aGpz#@-epF_rKQ{c8Yo2PGF(mx{QF=rBUj_fIqeQc|Qz35}7dLFOqH
z6Nv{^y2k`pp6WT}?_5!{dQ#@%8Kc)z=$oX5r7oGZVQo(FL=H6e2$Vaju-d^XJhZB`
zicshx*50|KPS@&bwAY(X_BuR%h!oKm&{-X}YIEqtj&{-HV3BJ`$5qnOQRSCT-ip&O
zDq7<df#eWnf#>P^{){jKRb|f7BhI4!Lrz>@aVBPIB7u`OV}{kmw7dD@?R~_AIny$F
z1kj;w>>ypH=vz0EHBmUP2u<QXthKwPq2M<evv~ec&8!~HbjjuVsv|54vWzOuP#Y}F
zZzm!A_AUbcsse`;)h{^HG@)8CUNSID0ehxe9{hCwBwM6>h45lluy0}hiI6iTWx@dH
z=|TRWW*FR9gXC1$Xy6@s3s4yksKf3F#{bT6oqMh<d1daL4$~UtyweZveIHuq%}IJW
ziI=lfD#1ANcXj(`)7KdMscS`VuepKJeU{E)fG5g}N<t1~#;)9RIzFuaU>ows!Bc=_
zRbP2x{sv+D@q{%Nev)`J|0DkL9t#VIB57I7nid?<!5HJ-Y=yr{Gphj7TZh4xfH<aa
zHY{cf(<E=-Lu2=qGkRshhPP7vjF1OaWy|vH!j=lt;<O&6K~%(;oFoK5%i-$EA{Vju
zGM`f`i(8>Ghz?V6OobVTr@$kpKcxvqO(9ulP4M<vjSbQ;Ic}P0u#1`199Vac!|H12
zxl@-d_m}IYBw(dX`^1H`^q!7Re*XS_L3@W?J6To6=$VB=Cbo>hc_OA9mRPj%`z{N(
z#k+qR?H7bIXDup?CPFr2GDpYFHwc``daf5km09a0*BC|^$)5N4K=z3v^wahP1tlwu
zF}Of?5Jz6497%PNl7<f&NKF>VKvCHhHuknG<ErF0IjyM`C6AaebdM^~>DC!dKkI!W
zA}Iz7;WVg)-k>6bw<hpY<cZXCZ)YPS*OaiLH(BpBfx>K(5b%#Xn%FlI&&KTGq^B7!
zjnUvS1T{Y+^g@OH7>$r9(u+|~*@Uj_EMVKy5jG{M&5^!^C<<WXQXQFNq?-tRvKr?2
z#+3wFq=G=F4pU>nmI+{iCkWhJ3a6^AtsaBkNSHvK6HG;vo&)qlGGvxW5p*U&pZ=M5
z;SQ{qR!c>#oz(AUQ2v2W@(bMs(}g8#=}!-lHM!FYJbIT<GnB@(8o$BuK_is~K8i^*
z5B2^Hb5@?K4IN_1Yu)<6Xwt7jnq9S3$&p;W-D0Tu(O<n26j}<7PtMW|A}I>Oj+t6u
z9aYO7?MtvK8fDE%@E5VE9~f#K1L&El0$9_Q{&V(;(lT5TbQa-XP%_?smSu@&bU>jN
zyAk9DH_#VU&akViDnnW|zL(gPB!fFJwtA3#tnd*p*7yNQ5t}K)v9hA@{czBvy7+9s
zRWPz@*q_|4MJX<h8LrNiT3(1u-2hY{3*SKP*UK1Ko1y3KQ{FJ8yHoJO#Uvw+9ty)}
z7`Nv%&pV;lr6}L?Pgg^c1mV@9*>uHkQ`FI`Eidb`aJcRTD3o2Mt$ks$4aEC!Pve*#
zwne+y|95HHRCAQutTm6Mq)9BX;zPI$S!irGqAo$ck++W#U>l`il;62d(8wgC8m7|2
z7g?D=er)u8B<xg!3ps~}HE<wm>XHCKgu}+L1C#3ry2Be56g;vxHkOv?SCgowC5~HK
zP#t)X9yI45Bc@V!;!P3N(0q@wxtPcC&C#+(CGUnQHhikYz&t{vrYi7?uKZ{S-e=-L
zS#tL$SN(IhUoUIm)$1(OFK2+d^I0v>sbU(BOr^s|<D?O8*PsCmqw#<7jE8S{J+-*6
zm|SpqsQCDFHI=oK{+*H_?A%|UD7|>R&yyO`O}PWGXBT<4Ixs8@z6vIy!8c~YK+#yq
z6I-W7^xODd`1Pp^Kuq_dpi=jJ#oF(W<Wpe<jzl|zhpqG{(0qq8GqX2ue5ilZgc8Va
zuPUpf6Kp?I5DG}b9e>1pW2+-NXzf}AW*D-NGQ@|Wu}c}5-B%eUweR_W2jON_=3yd2
zw>-{ofwIgdHIA{Sn>{PTDE=Yhtp!6h4Ad~_Ng!=$!n}A=<4Y+C2l`YL(n0%yh{zW7
zJA~X)I+V~etGJD~^|XGE{a2i6b;;Q#7LioSeM>15Cg{s~t?x7B4tjpSiy&z6(MP*j
zgLYY|D07f6$!Co{9#?<a6VdPqrqN{RYt9g#{Cqi;=f1QHJ@f9r?5|Pbud=>^x|?zV
zpbPYf<t8V=4`pd{e7v1#=b^!Id>My!BMs7a;=+caz58;af;UExp!vit`VTCiTz~+n
z_8Xqzn!RjaE@fKYe7KMJGWYGdk1ZJnW7Yjsz~`?5iR_eJt>dzlHd|ni22jW}@EQj6
z7<wmWp(#{rUUU-_^i=APk}y=S82fRO63NTBtB>@U$EMkAU!Bv8_pqw*^O`4bkuLIK
z4JcIF4PGRmdCHBgf6QKyB9<d?Vk948o=A&xL0#>>h24S!pZ;J8FHFLn);!5dn#H8w
zaG=yXa@38cid97oAnaJv)TJ(_XLvnOPYT~3so%n*qp7%loH~x#maLnhsD8%5qlkkr
z*q%fXaod|YC~BevfYgZpv^@F82~SYB7Hv{hs`dby>Et3SKs(gnHZ>eDXG7I4h*eP^
zOP>7HNq9F^FYsU7s^3y@`A0rW6B#C;XI;ryf!|AHILz0AP-;-P!$QeN?O$mh5Py17
z+}&yl(Aj&eg*4{mzW?#&6~_EOBt#2zUj>f<8kUNy(p1*I+S|=it~4|sxu~lsaVd-P
zQ1G>Ma8QGK0PY{j=>NRe{)4Xf*LC;*=R!8{%>TjXhM6T0m3|l+m$WBGiDRyI<Y}iq
z=1*ML1oR<$k$2uDN@e9CCGAc_z{1`evk|?!!8n6~I?A0(B)73vqZu1f<x<{=H%y%%
zWmZ)c-)&Z8Mg#>ty#d<<;2wTZu=gy3FB<_5A?`LmQ}T$B#K)S~oGCEM%cfW5xs*N#
zbWo;Ab87+B0lK`dKer&D3CtyxyAG8z$6E;FKAq!zLV#Eolhu*-{8aMPXOrCC1CzAh
zf;KfhE%BM_7NThnZAPko1N?p8Zkn-ph*Rk$V`Z(Nq|(8tGdWov*4>~&I53_Y;4lZW
zu*-4Vv#Xcyd{OTY9l!Z1iqp^Dh<*KC7q9R8IQS;KBkiyIx?&n%A(TOZ1P%wJ@kcJ`
zKehP1$&Lja5g+U5Q#?AXE3AE!Nl(&$32>)*zQ2afIT&>$o&Dh>6v0MUccNVvY$R1?
zw}eq1IIX>$QPe*s2$YGMM&`6{Inn>NZ23C{-Znkd3uR=%>`&ouO)=HX9=#G0V?eF%
zmTLKkI~r38>h1YrEYStpj4UB7)aWv!lghll>Su&R)nQ0}b7(%KCQJRigA7&))R4fW
z{{sIm_U#$1sKsO?Iyd_&4rb+9{3d<Je92hIT^OCh_K#9N^TH@Nc#*QIYLW(GPMlG|
zmIIb!mQZ3xUS}@3IZ6r!5{LCQR?&Q>#Az{<#TM3%^z~D^#f{Uvi)nFH&4iy12Jzos
z^0hG*ARNs}E+;-rPhG-j^Gn%dHnjOBA`o+n=Kb``$QImQyxnfH=JPJ)yjFn6Pyrx?
zMYOj&<C-Y+?vUH5v@B-Yu4VD(5Q#6CAJ6})_~-fJPfb6+44TZh2V4bod-Xh{(2l!e
zy-Ok89d?Lz;o@bfP<B;_S>%G3GI0G_$0vwzZ2QjhDz=<O7GSL&*<y$8yvo3UoX8tV
zTOq|S6JM$)siF&|L8&P{HK^Z*T&ms^I5zjbuR&-p(WK5J_6>AKKUjCz_JM?*w^30}
z!fHAQ%pi+gqagboz+B(>Z51;noYc2U`&&a`z0fNdz-L;ha!u{$@D=v0s34$vUn)OU
z@DP}sGg?~9f+K1Kl+YX*YQe*v@#9jf#Kg!Rj#1ET5cr(72?}#DDJit@03n|*3fR{p
zXFTDYcoWc;8U;p2g+#SxY)~JSLNsJ8QI=X@kjUet0g9{+sZ93pfTUyo&Mz7p%NHyo
z6)^VFQa}0|EZm+CDfOZPQ43<QWD3?<CyKiE^hGgK8%tEA_VAZ1i7OJ+=%ZRZjtBV5
zZ2m!12%pgjR5`u{PHYuUj#)sYh+e9~&)*+&TCe`kKE&OHZoLZYnq<IOsuO8VIJX4v
zAgna+2*=-b^lZimbJ`_66So-S##}~JGJ|1L6*mXpu@w%e_n7{(g2o3^`B&p_NLg5v
z;GKh?tf@ZSVm004r#-C>oj(leVjRm!PV8ShAo~C~V!EHXzG*8~n0SDgw$+*RZ=_V;
zFR%Pt_AD3Wq&?G04bsp}$>GU;5>#SS$!uRJmWzej^5Ry0-8Mbpno7`@ypJz?aj6;0
zi2{@lBU1)^Wf((Dfu2}DK>l*A;!!r>a%u|cL-ju)(gFD!TEtW`vrG554w{;nAd8l*
zEH@L}Wy-lYM8&s50Uu-JB|0dl$=8`t-}e<B=0CVCe`c*&8Z$yOUl4H6>;J6EU!@yJ
zHlNOb(U(VD-I$-p=4C{JZL6wYib{FaD?AlE^PIgeB(<|TSUd)WVNBi*hRD<c1TU$B
zNpVwj9?6cOtRZ>$bN*(y$uuk-5p04%lu}tO^LGq`#b8MpQiqFzO?ivcA3Ma!y+zfJ
za=(1$TZP4GZA*Z1HO8n?t2-aa-Cc1WWc(ERkqMM;+T*+6!CNnbVi6Xlg;Pyg>$Y=j
zW$)3K-s9?1D60wmXL|w&8$j7aWQ065hTnH%EADL+wxD*~(l*-8FEO_J>m;4`9Npy(
zLnc_5JWv87svN?x7xEVkRf1nd^~S$cgEEX?z`#8Js_#EO>U|I56nd$T;UjwaPRnUV
z>Dw}>OQfGi3uuea2|kNBHI5g!<0`^2yRgl{|GWn=k&u$X4h=soYwBc=f{mEvxTM1P
z3Jwv;ACFG#oR;zK6IV(=w3SFZ?69kNLuvqK&i*@4Ys;kWdsS^Hx&If3c(P?dmr-vX
z0TFx5G>X(Y7Jw*wb<)<yBj;f8BR6mAM}{#=$^9g?MKJalGzjhol;zJue(~C;>I*^M
z8d865h#W?iHj6g`JWR25IR}7PO4DUm^O)+-a7`d;=dV|$Uj3;(MlQ*LeP|9Nsq*RL
z3p_J?3`xA++^7aLds%g5)roAw!bb4)5VLFWrl($y^=8{g)~5RR-Q}>f(vz{_H8k8>
zT$<@R#0GE6HfPKa!Tt_4oxbHh!69pZ9WEEUx@7<|VGOK#zO#3=x`K@WT9f9jK)c=n
z&LI}@%N~?<YWC~N4&5^cx6F!p4*_-rxX@l|b8~ZG2N?nz>GKbk9b5S4OVoeY9Ij3=
zpGyp$B#1BdU(5Hu<r4^plN%{<9F3?Te_N9CM~gEdjQq$M5R8vm*jwi}6pJWWGA7BN
zRRAygNK0vbGoa0ERG6JE<F{BEj7iz$2s0|VVtmP4ua!wQj}$`%w^(hHEcs9lV~wES
zo$M1*zBi}0_+_WCg-HCPTh|<hJi^>$f#eE}h|5pBM|0UydINnE4-oDUW&hF_6g=@F
zt0$r5%zZO$)A-`B>c2`U%@(VJQZ{UF78Q$}3<sKosi2u4>{~>A1>S{&=M6qY#RZz>
zimqnZ7>d;oGrM-(qM!wyTwG1P@eX;RAx;p9VTr#T^!aiu4by~@I`A{;i%Q!umo>rv
zoLAVudF9?DvO97quI5BeX7sN5mVFXK&WN|d_p)1v9()NY>&9`N#$T7{OA86-4xGLg
zopdb-wyi#WlAYnGtWw4>mJh7+|CHKEd`}^M19Lv+(z0q5|Dv+#tN0V{>@OJ{>ORV@
zoGe`f-^4t_ozs+!?fFV^f~Xj>DX`TA`)ZJ|WQh<h#>?<@Q8L>&$zQ70Cjk!C+cbk8
zE*|0P@H($_O56{p_=j}Y@~2I${XbTz^6?7};TO;BLGca|7Y+X6e+?OB`{~jazkd{O
z#kWn|^r|fKGk!!7x0(`e2WR_EoVuT+>UK|p5+I+Fy0+zoZAM8^%{BvHSXO8Z%sgWK
zcb<v`tREzRwK9|~zBQ7{f7c&n80vsz0M+jj`8%K#u<}E$+QlGaaAFzZA2rj~M={Ot
z9TFugBI`op`Qm&HpC7YN7gD~HVo~m+xO1hYV3Ay^la=KdPMRP30V2ZE=`O$FGa<y<
zLZUp76Kq=DMaAF36hpnHZS}?OyM`~ep72keF)=k90x;GB@K0K#hX*I0<8}hXz`v~X
zHhqZ&+a&oRP>uq3HO$XI%PE1gXyCs@eE!gN3DY+5Nkc!a|KGj@pkKb!o8=nVM%`eI
z<5R^4rV?UOa0h6s{Mtn3WZCC^ED;u)X&%VPE0im<R0w#(=c&Fl!eSs8hhjO>;ol#H
zI@(Q-PF3cwM<tO9Y{M-Y@!|3D{T8E}w13yqS@sW$0byw!OLAXFcI*!fBXRBS`u(J%
zNvW|pD%IWbiK&HribJKbbG&!q;kC>VJJJ(ms-sr3V@CL~n#wzD1!hSYl{Q4+A3p)m
zZBM8nY6gaJY;4$|)B_<p7#=3nI%0oTZx033>ld>(NzQZGka+7F^STx&OI8#P6^W8q
z#oO}VwbYm(0Ck|5BZk3hFplafAvj_l1<xF?NGnzKklwQRY3q}_aOS~?jMa0~(*k*i
zWN+lRbdKNHcG{40Wb~}Vq8u=L@nv%}%IJj!d(ZwliTs*@Hf-(tK|CQThno{!-H-DK
zNTDcYY&INDc0JVOl{p8QSgnus<I3PUKVF%Vf1(ve;#?hPH=2k9h@;5Ur`5wXFG9(^
zX_1wnETh(Hp24*_K(KTJ!s$8kc}Z${i2pNgftaW`+TlSM>gX^%1XY=zeo^aSs<bCM
z+RtW3xQuvgu6NIg*R-fvrXTL(wIczfD>y^65b<2t`JmQtx=z*X9Ift@6{N8PV)0Y2
z{4vknL&>#J+G2IaVnct>V~;9Er6tiZ1&rofLA?g?D}t)Z;;B|L>s=Uc_X3ySsfO+b
z-3`P+JOk9LP}M(bqUK;VqVhAXl9E+waKzhGskK+^KPXsOGetIOZ+E;e0pA(yj(TB&
zR4i|3RsR)+>+ICrM{wDKPngxrI;bYj!n9$2HR7&${<U64&p6EA2{Z4nX~pFqqmj1!
z<g&C>DBFr`$#%3|9@54xt&9{j{gKOsi1U}bRS<6Zfm188l<zi&liTGe@#fq&=4tg(
z`yaKRc_@ehw%x;j%<{i#9h7S!k(#wZ$PA^kf(0Y3_esJm0cCr(TtCmbTc%wcbc8I4
zC<<)pUir;ZH%E6lxv!*C`+3``0c!hVxiennEP&+se+nYM0LEsi_orsh@u*pLK6P;y
z(r>owmG<kPL(I6}Vf4YF2SJ{$H7kGuY*(%)k%<jYqvLX*dkgYZ08(q~$v2D=p8O;G
z=&9DDP}-b>;*D6_%~)iD6|YMx9>;>9jwP3$8~umw)DnM@)GwM7FxPzDx#4SvtS2Q$
z!3_2Tr&BJwnVWXJQ#?UXbXilQhgel!+0!xq=-w?==1J7wJb&y?Y+G{<bgT!+;h}mK
z-lI_fbv<!VmH%j^IT$*s5inqAov{`ZIBota_fx{I9Db9dzj)kf?mZ_xd0zpIeFQ>I
z<Hh>GHJ%Q9foaJ#Xu69DDl$g~nxK8TzLhrz1~Bsxk(x+nR+LeVCXZu6A@H^Zgm8x|
z<?B_CoojfQvJq*G2D>~B5%qHPZbWlC?$IYJ9z9>Ha-k|7X4&Grf~~;b$-cI1`_DG!
zb%);B<sm&Ys~fBKLOCzELEa3uT5=S>h+~Cn-Ih14(-t`cRF+*|dG1hS?Z(KdS(ceF
zvpJQPq{z`7z7<X1I@6am#iBrK?U$W3H1}-iJQj7Vq*Z6e6}RlcSpg{nELCIH2Nm2i
z<o5S4&#{OtI|V^A`c;Nig!;$jxtb@F^*J#A>~gLcz6RZM-C1io&LFgZ8P#l@dov|g
z9*9>#?0-d!q%Ui;Esv6A40GtMUguqSF9=7GL<Y3%NRYHsT-arEn+;66#V1R$U6q{Y
zT_9(tBf~TCF52+^r2Wro+)UD~fHTk2uiEt`x62x`#70HE+j_jMV3YD?QXlYKlU8JS
z-`y&YQz4+MgrGyXZevc2hcrd7?jwIOZK=24_y1-PZbV}%*NjdxlH>ZDu<(v1vioPy
zI*s}V35`{$p!!4)%kD>%hf(-bkUI_j`Xfr5=F{jhJbMd3%tyCf7;Ht3ZNJrDZte}u
zLo_WEyU{=qe=XtvXU}*kKzG`tV$FHM)9e(n2-zlb?iz*NMF=3@<5ge@0f%F+P=u`n
z{>sBbVE;a2@$4f%tMSWT+fq0+QlibGSC1a14ZydaSow?meJgOBhLwqURTl5E-m3mk
zVof$?m^^KLnTB;Gg~L)<2_xV8Pv%0=$5V(5KCuH2zihMrvVQPuAqw_}3?0VvT^TK#
z9)1>@|6zJK9h8NQg3B+zkDeb(Xcpb~qkl8J<oLqAF@zMF6nZD<B{)R_i;G-~P)`9%
znkM~>0&j&9e8jKW6$uI+)WiGsJ{m{=!O5FD(t|Te&NX@^1oI@^<8fQ^o9%Uk_d8e7
z_-N8XK4^WDD+z<F)0&gy&ni=M?dffYt-9RlN|v+D+=tathwc_Cvx$`;QTyg3e<^Y)
z+;b;Vh-lWsdkIPl)^8H^@k~G^1eZNd8jAia=mR>Kd{-hMjT{p~wuVrSQVOUlhyf5T
zFt%ll4!-4KFpVPfhRI427f{|T;XZW&d70ZVKJ*Am?WQO(&f_<e7CxOMoR`B|b}h_N
zy<uOS?YOJzCqSQ1{KCHEW1MzcWZG!gQ?)0+ivzO&YekOX3}+9dd0XNI);al_`03+3
zM#Abx=I`oqv%)(=b_v%f>nW)%;YJk@nqa$WaK{x}t)@dt@MdJ^MIO3%S_`?Zg+3LE
zEjfh&<Pv_o0W!D0X#Zo_P~-5O>ByIK&xa|+2|p5P0e$7lA|4Fj@9OMj;;y|GtgD|<
zRyUo<;ned9mJf*)X@rSeW@}?cO=|E58orB?He-OaF_k-l=SSXsqZMXS*cV<uQxj2|
zlc1L@c-TIO<I6%Bm)>^0?=9(7mi8FUcMYPJ#Jta&w-U~!C2F8;2#3YEY)TCNH6_32
zv#ijx;1fW_JU;ctb40Li;n(Lm8WSxiRJhYx0y`B%mz)DSi%qiyrao~t(2!sBhiPeN
zc|8YlI8&?HFk^zXV+?0-Fe@M>HKWmrqeZN~3jr1d1xzFYD9^C%Qs5KO-S3l(3$GQM
z+eeo?!(3{s)1D-R$*;-vnh1DXJjgB1NmQ4NQlB6EkwPtR$F@w;_eNN%wJEF>67-WJ
zmyS0BR773u@QZkG>fyL&%(6z*GnB=p<_5!)ZjQVbFvtDmcNJ<*m%o?PPD>_fg>rB2
zyY*39ph>|eQ-^Vq5=zDFmLz7QxqZ{)Eu1pY#!cdgqqe=&!oafe73$Zdb7>ZFy>#J?
zf#~s2*El)(@Y8RZZ<9W~Pr)@k6f@6$M=nO2Ev?KAt8BWF7>bpf1KXb^$s(s3>G<Y?
z^9>mNKUWr)d7oBu^++t+%{T&1HC|R|$qn2D2G@vq<Vr=oAu;vTpiw>C&w%IHy}!s>
zi&<*wLe|c6aw)bG(e&{6U7kCcj-_7OqK;YWS4?>W(5|3_TZYRnRB^~XKig;5g3!g<
z9H86mTy<a_2L8yt^5-8?J!!TWzGjaq;j3oa=4^`5GiPtTC%d9#DK><mTVkkklo}7<
zCw_uzx`w)_GGUX=lbzKYlILN;>;P_&qUpJbU65WPAiIwXSn9+F#|R<Jv@3i&+FOXl
z=Hp4H@465CZxIEox8vOBt2@doM@=QXO3e94Hk9cqK~AM+gighm#ijzWE2H~gl>HKS
zJK^Ejz7p5p(U`(X?V%LUEp*KklJKUFSIm@2Db0+A>v#E)Q0R#rwp!`>Ej~_U!ng(~
z)xv(7?4oyi?3AcjFq$5!T-TS2NjXQ5Mhf-qSD}-i^Iz3bp#<v$SYP59eQ8}70V=#;
z8)iTzfnTUUl?{8yp@xn9N7_Jdl(dqIsMncb0TOO<|H}$putLKb!T6|E_G!KD^BOcp
z_V?of8L}=YochH^(8*Cv*yyNJq$Zs}VvNrc9Q_bhx$<oO`DZEoIUn@OT$y|;BimJy
z%T*8ZfKP3;5Zq<C7M1X;#58P?JY|yvbgF5`^mcQp`1B7E`7#n3A<iuYt+HTXK-T{M
z46;*i?UCOl%`n6qBHmglS#;NBPVH0|CMCK&vPHIq`PhXQ_0)F5mP8&F{M1{o;QL)B
zW!E~b-OVj8Bl@RFqDzG3E!9b6mqV>q-uDaH(C(Z`TvzkvBRt^M2B=hPUHqRg><7V3
zbde|N1O9E{dw1rDCSF3lY`V1b`Nzl&3!!s~0I*$1*jy~u>vyk*%arOP+{z2A3-Rc?
z>fJujdrYAWB>_$+3N5L_GL+4sE|_#C&bJ@~{HbIAxYS>iCkTKx^dneNgBweuVC670
z82+p52=-tmx=EW0n^`s4_mqzs^>d?!FXE6aC)$R}TPf`;1}5gNmiJ9ikC<E<p?#iH
zTraa<MQ8Sc^B;-@7n5NF*1g;+H?xe*SfP&`k)s4v`LXCOs;dJLNjwwLh9$2G39gb!
zQVhByoT<@Dr)_#xtK<P|$1Rnr(E&C{;4y=F6@fLi@d=?!&1!O8xiMC?jqZ==?1yLc
zpMpv8165E)j)_X7pj{jjA$zt@9G`Mn?(@(?We9VsKS4WrW*Y&<4g-`@^2WACH{iOc
ziNNew0p$=qf&R~ZV^>mvRvNY}5RDcti$5%_`4*)g+grfE&b|Wv=KubnCgVDTt52<)
z^Efn`H6Ucb1hXO7@mw0**DvRw^)t{C`Jcz4)`bM$+0}3IYLMub68y$yH(|oYI9cTY
zJ=*zaSTL}O*Qu^~ooXcA-QPQud>XWv>p<iMpeQNjz`zIrq|sj`p9T28-PBHu$_s<f
zd3eLR&m+KbdpeKyeL_wrdj2U^(ed(da6pw27fRjOsVUGn1kvdXY@^rT`?dYgb2N4t
zl0oe2UYDkjUmyf2sQbJTTyk}y@K=8!QOt$c6*4VX{MfX$gcI3%qXt%v{BL=eBfwey
z%hs!16MawD+FD#s%Q+a@@3xXVo_0I#!aME`J6<eNS+d5d{H1YweIV~#c)u=DUc`T1
z=00X$mY^8B&&t|L5ZT&Y1JgqO$7>m#Qvc3R)_Lec_OS#0eLu^$-BdszjGKoi|1GmQ
z%(7Zcv?krI^~Moq&ku551!thQ>yy4CSf>!!Ki=@B{9>Bb`*zj!bhYJnMoCU$0AfE}
z_lZPg&s`SQXbJ_Cm%Db~=?yDoPrFDL9O*Vp*zqawc2gipJQ)&fV-qlx*D34N`Lmdw
zYWL$jw_0_#n>WYH%;tWhte9(%BvLzv__QC!+=vjE<rpuz0<UYa&LqIV%3oV_ynb%}
zSlnXE@b44X4o?pckBX-uc**ziP?c@SUX(o|N8Xk2kYL=xz;x&lErDJb-F_qnN|shN
z<@7i)S?K2WX9;1%*BKprhPL_1-NyT85rJ1+ci+!Q*7dn3+`r$?`n`qKaR<CA>^y}1
z{usgQ6YTII?;9~V)=TtGy?=%wn`QPr`n4g0X#v$Fuug;I!oc#U;%U2PG(K0gDuY5!
zxHHL~MAK~(N5=KScx|(qRXNP$$0kc9?V44*f>ed*G2xr#f@4w0mM2_8=eAjd7Lj?p
zsTtZ%deLLcnY)@|H2l%S9dEnf!zZm@@&qm_&5Qqgu&ynuuQ<?QnhF@#z|mJIaN!5Q
zO1eExArceGtsm2{?45eq85VYtPrbo5J_AWQFx(rB!cQ1bXKYy%=;x0viTx^@YM0!J
z%kHj+_m$2~d~F5ItDJb6hY+082QD%bk{VOH><}fs<1Er@Ahfj*Mv6n{3*JvX&OSC{
z+-(Ja27{!r+wuG5as6@a_GG2W(Zl1L<4?Z;U~JUDzLCr>sl4<a8Flz>tAsEmoy8G&
z`)0irY@-<%&<`5hwrkbG=^UaG)e?~o59azft9Q;6ORMEosz=LSNxcmuE}k9iLyM;i
zE^`exZ<!50e{m@}h<R2OZ7_&EV+>de84^sI<%o5~EHgUf;F~wYbVYJ2fWl!W`QcP^
zVI=Wx+z4+!Fu47Y|J(t#QX|S8L^ZB;l9PQAFT#895pVKqf_+I%duSiJY@xj-2cPtC
z9KG7n1#Crvhka{;2$pA(2Wck#K4r!afyluDI-vQRzThKXXHK`1A2a)mL(rDHV`+H<
z?ooXPI&R8$q$s!n>4L2UGQnq2##Ib0?E)8j7gUUon4o$*+qtjG_?BA=zVCw+)$t=8
znzhJgRAe=s<yeB^+PRR#A`38z?E6Ez{TK5*gCp;DgfaD9qwqdpZpz>kgmjy$xJ^*G
zHwIEagq&$&;$ssYe83Z@cs%}!N=blV(W(5Kv2B)&-r8{2shR)J4ht#0@Vy7=u66kS
z4&i&+v|?)+&4GYZBm>rDSiNvH{2F7TujkwpI1mAmDj<`%6E7FmM>~1oWMuUbIO;!o
zZubq}hgM4m&l-FyTSVS+Ngd31YgJYzjbUPcnRsJ@$!@6cXtUQ-uMvJKM8AP(rM<?R
zYR@G*ZytA^%wT`$(J;nr3?*Tu8KSyxKVuTiJ5RUkiCxrNe@4%k9C%k$h-N6bqnS_O
zQwtJ3cB$TRAMB00;Z7uS7UfojvIYg0P;@&5*NzSxyA?ARCv4Iu%U{!}SW?j5$&V}A
z3Xit4oevGqc*w(QEe7Jg&pw*Eua+z#Z8rF{FmXX@`K8pv%{sZv6`JBlU`aP>JQX9k
z&~t$uCH5>~igw~hsNs6t4v+~8Q^Fyu&DSF58#YKu)Nf)ATc0OO)ifd2zCfq-RUSw7
zFy$WH#CGBoZip+!e?LiCkKfh|G)7h3U-0Kg^`}Bt4uV1SkbpiuAgVCl^w*b(A3jm#
z;KGrmNaT5mYs~DIamO)uX3=6)>B|Rc-GRq%WOp;X1wt@qOj{_m!OfDVRU6meFV9)_
zKeHeF;o+O3u1qhQo!*pAuaWCu1FdWT+_St|-nIa-;cfL$!BP2l?~c(bB32Jde+|pS
zL^chxIhODQK0W>~RO)!LyUK;?HfcsiQ`00Fnk0}PDgusG)6bw{ISNKF0yMd;rXdnP
zoN$;(uxpR?%7BOM9P1U0Si^*2P`eXs-^RmEqfRG<nO``pCiv4QTkS*aeOOGHgY=v`
zW!?6f7z+XBSmBZX!=hakK5R<}iO3sOW7Qi2i6DR2!wqBZc_U_}>IqxihKls1>!adQ
zCV7{t^N8zOO6JTGndWzDj$xQJDc8j+?h1*dqSMEu{@QkSWJMB7JN4mqtW*AasQw+h
zG1T-P6RWkwfj2kNco_KD4dxMNcjk~$`1aeL8*B2Q3q9Pgbd))4gvxi20D<{m_lTx2
z6(8P%w2s5eDv)S*9Xwd$tKR;vVRSieV!Bh&?IFsngsPBgeFl1zLlaZ?c5S*Tqlv>a
z?Q!NL)nTu)QPm}bMJW!gquELh9CcExQp6Sq^vd{9?S;|r$0vI#Zn4sMI&oTE``h$%
zKdEA9-2<<_tqUZ`(+(p!w1{z!3YdPWpHVrwM%Iz^U)_bOg4VSW!TQBn=>VTmu!1~;
zpfIkF7{k~%1Vf@dgk8vQ+q_2}TCbj{u_#3D4uL+`HSX3wB>bhoC}*A3Mwg@Ru(KWa
zxjI9UZPAJO$aTrevUSAmhAl|ao^}3B15Y`1Ixu-O@rGC<V_cOiHlqbFlseD>BJT>M
z)iFfPCNgTNH!wCVhR!jZ^xeZ#1ArF2QP}p&xAO97kWFy1tw=`<Pu>3rS@^Zx56c>Q
zd$8oV&wKq(z3p<ytsQCS>kZCFT_Lja7Cl;4Q`Ot&Y$6?NrcCB4oEc7N-AZgq94O_*
zMHOlUj1(QxTf^eoke_<>GUW_k^p9!Hqc5$<PEnK~%DC!qE4<hTn}v8cI>$a(tC=^X
z(NF0pFa=D7(%&wcY}22v=#67~2F6{RY94!is(b^-l&R63g`U$5eK{*_1x{Q#TzW)K
z&NS2c#rcB~_p%XnS{&NyUuK5SDX)>+pI|Mi&$ZE#+h-xPr2a9ZOolxF)3-ygLzP1c
z_bT`(Y?(re(0`fQ+<GEa05fw)2!Apft)Sscl2CC1VspGI<jrj~`rp>30rypwuZMi{
zoafz4LB~$#8Z^Oz+8yMdOUIvUZnnBiGr_e2<+<cr+fxY5<IJ<RgO<9>w;#)@HMf~q
z7DQ5(<t`44B-5aQ`a-XUHVgi8=j0d4<uS@?+?%(J5<{>lxL*Jn%)A9_IU@<jPxxW)
z>wY*oOeyW}C@mN$-LZ|=DRt4WzjZy_{c#BNU$ju>J*iz*oUNu$-Z@a8Ymzn8ANb-?
zKViP2g%dGQ#ioa3;TH@S5z?cMK#Ae(;P8Evp@f;nGbgXJ^R4rTV!MK&-dZZzA^r}k
z6b;Jtc7acIY5XdY{?#&~oWG<S*KSIX#}*3W6w?*h-dMx{$BX!}Go_qo{iKscTuP0w
z9oeNlm*Od*-n4EJPx$UKeq)PhBH9O%tA-<_<Sz$UjYu38hn;IL_Mb5cu~k#N@*$ti
z87{Qlne#grMOQ9)P^x`XbY47(!mLZ_p9F!L>i-Fv8PDi;y;vNbXk;-RCOa~+So@&-
z34A}cx=}uR8LW1!(}gJXH1Yjd17>8whM}~?PIVq(fNkPUMnr_aeb%WQWyTfgmb_eB
zf1<ew?{Y}b?B`?c$WfKeQgu73ZT5a@FXuW<RzRFdOV)@mE>cDnZXM~eq$z@HlTljy
z_am~5Y1?Xs8>^h@ug*)>3$Aj==6?QGGopdE;KUd9ptncEBfXW#kemKgzfj~irQ@kS
zkq16g#NvEst2xbBI_7r==CQ25;yzhSxO{OUVtDa|KOp~8t`&5toXkj4kyn1mXsTFz
z8=Q)_yTDeok{;XQdQwW%%ptW?NKL=dg*6d=$JdPn`(P<l{HrOXrD;ANPyj^DsNy*)
znkspR(c3r<xOC&*8q`CmNQ>wrqS$mw+P^%#_#aRICtm~vOC<KCM)E}EgO6vHzBem1
z>wFpBzv~#D7sZhIApO&o{v*Bg`gQ-?oC2-L+fB#ZmO_?2gHIW&-Y4iGnE^nZ<v-GG
zU|@E!K<`Q=!hqXNCEtfpQ=QF$iq^Y(zGr42iUOen4h=^29?UNnSl-v0x*mhtws$3A
z#oZJ;W%vC1-Ld@+r;T_lIp5>Q3hx(WnGsvQ%cY~6X-*jbcmI)+c>VDL2*ZuY=Qi55
z<GlN*Z`}6)l=U*T|NE}Q5p><TvuK+6(u?(ThFz?Nz1{oq0Qq6D4mk8V{tEg2MAxtX
z<Jkm$8hE|XcdPsK#3FLq!=5$SRUE=F+=fgP#dmu=?*?1Jb2(z_8=2*Ow5>}x>Xr(;
zQq$Tt?V{57xQ*{FI(pKDrQE?Wb|J$^=I@yScX09J-v6CH`7_wemv3jZcJ6zr-SJqu
z-Y<~oUN1^ME_C^8A;>-lV@HX$&t2O@9!I3-M87qjurr<qr*&H%`{&!w&UNo+2Xe=~
z4mCKXV&!=F9@`_lj(W1ZA5QSby>c!WDqi|4eD@BbpEId26)FEC*Yx`E8wbd>kZ9kB
zWn0Ga?o}?i=ynI@hhfUh>NU>$ndvM-?_DL`hZ5VfXVmqVn`GbB@$&qc$Fl{~OwY}e
z@T}wKmx>=sBSh!jYBNIkSx-+i+}psL>)h|zf(D~~PlBdRJI<TdpI}^g{*{>wskrdH
zh|i+M3_rE|xzTpJ7EcKV7ES$kJi801$te;ZdMj}sFh0Imt~Wl9j{9uVWOaD&FEg9G
zxS!hzCn~qzZl3>S@xA_dliufb6~yNuogPOHPvt?xd*wgCcYgq@w6VPYLUF@8qw;F4
zuh-b~aNXADn`PVf`#m5s-}c>j`YFce@q9fmCntB1ApI81?F#T~uk!(z-JZAGlTw4V
zE5CpZ-)QFlqwOujs`}PFP(Tqu1SO?JMY^OLq@=sML6D9`gOo^1cT0D7mvnb`F1i+Z
z=hCfz_u2cL`{iCgu1BYHj(o?jMoe}X4|{B)+p1Voo@a==?r~??V7sCx>TM6<-MBXg
zuA8g=fvfb2BcZoT^+^}{M#q#A$Jz&f0K0~Q0@gJyC;cq$itkxp>8GKUet#~-a`Vl#
zshVp5Lf3YkbY#f3Ulkt&#gap!Ndkg|B@ImCz;30=*mBkm)?yD@b2B(%ewe(7pu+8|
zqF*y&P*zPY<Ne-ZSv!Ndf>ZipV&txm>}-jb+kCrBQs^1qB7MOP1#46-3_jHDtd0mp
z^3#&*-=g#2ZfbK7l89Z~uaBq<UUk!dzo1Dz-BP08k=Qo6c`bd;fB)Fp1AXt+*vP}r
zLSHFQxLwYTPxiaN&D~Bkos?a+x**vn-=BszwXkpiL#+aHWm0I6>ozvzzNg4-tHk|!
z-Dv+<_-?`1s1d{cu#NDld6n?K-RQFS6#zB+@?4yPi^`|;u$zt$7J)$DN+{$59Kf4^
zu<Q9c`$^)yO&j2N{H54!cDpKb796MLbX{e{6_kE%S+ddOG|Ndacq#k#=0v{;8w4CQ
z$4djjt-7uLQv(Px*ZOfM2H4{x7L{kHW>L1a8t7C}L?!a<MqZ%Zj$(qRkT9w_=~Q`I
zrruJjZM!;l1L-b`0#*a+2TOavl>h8OQx$D%*WXnzk$s70g$$|wbgR#;oTbs#+wWE%
zNSdTNh8FzbTu!&mO>vKPHd#}<3V)_aAL&XWGq>n;^9RA38+?j<#HfF97e4)o&AFS)
zO9MzSGyy;xvK}NMi*#I*RJfd?FG{0+noD%w9%P?0IJ`t~23Cv9JmSXt83v;LkHt-n
zE!^HmHDBMD9kfAPj)B%cO*4k;0ui|USq?gB_cVSQop~->Q1>G(ot#9Wpvi;<M_ql^
z==XvNrj05i4j#YSZT~KIZ}+77v(^zrEG%>q&)Zsd^V@md7vzKR#A2DF$_Kb)5zzK=
z_p&8k{xSklq^A#HR&DMO(UpB<M+ICcHbD<F0E92VyqEwE5gHn_d$kfgL<1qC0R7Ub
z*LAL%p#hN-X$sZ%jk<|=21)=+p?)JiPvR8mrd>2xL3!?mf~mBCj;gcQTT{=Y4r5x_
zcdhMi&+t}ZamM?7Fb4G4vY_A=mwC{5U1-aU@#7=`?Z@}m`C5!u1*vUdmmy|**>($5
zVx)sQ<a^HPrm#B9S^al(pK@BIvV)g=s0F`!M=4S;5vRu;TXA5;Vf2J5QzVx0y3Br2
z51Br~63;Q<4(?D5Ee8);QvzLWUGVl#S9{YG;DY+sCs&9U2VV{{qXI-qN^f$<ZbIMq
z;Dfr(!7|(C^ZGIeM}tg4grsuvO7!BqYHzK+ZTpbq5c7_3b>(Yw15G!)->lK6dy2i%
z?;UQ4O2(586i7V8-q=QN>i$SW2TENw-SH@THOfj<mtHTPHz72s1h1;)tM#P^)JJYx
zli&{4TE$B!r)^EVH>I^Di&{c`KIu^Ut-<(eaV_J~j}~j^7$G_k+hns0!#i%tU4S0@
z1oDiLE|F!?%BBf&ni!SO9ka}Yr7V88I>joQt+pqlKtWzVs@Qyx{GK#s;Z4wowqWuP
zXg7G|$$e?mrR@uE7YjSaK7zV-xJQ|jiPK=IJOWRzLj8w@g9ez;U?QvyfKBFhMs6_A
zUL0$^VpxvwY=r;SCibtsy0aPNQUbeHyIxm{<9gCenaH%c$8UYZVstr6cdwZ8XgH=T
zW_WbQZ*VJrX<=bWfwA>Cs{g)#A!qw*;#idv(z<Z@#HRVT+cJYLHC3dHHSTG!%lo)(
z(RO36+;3>!6|xZ($e+ugJmRCx9nr~!>}jP(qcrjTiZ0kK>_K=Y{IGRjt9+kC8Ptid
z$$8IF4}gc~*?YZ@^djqHJNlI|>S9r6ueP~>jOiwT(RqqJ@|ei`#N+<phH7X~f?>aF
zqU~!(GFoeJ+08aDJXwKBMdyGNbs#$tgxg<(*`(L)dDRPt8cx@;<kBos6?;J$q3<dZ
zwNL9*1Vj)QP+uL~qwm+eyQMw$SJE@>?!#z=&7H-S?4SUb%lC*UJP8Ko#fIgOs5D}|
zr*?*9<9iJxfZU2SKS|i_9b3}qh?`K98a>3iW{_;(Ma&fP$@IV%R`fm&okDMU2*CeR
zBP#fIU9lf|afLEp@NQXrH=#cn5OGjbew3>z9@OzpHmMN6PL4>m3pyWN4V&Du3Bi4)
zC>*$k@lbDo!qWia*mOOAkd%}pYQzuAE(l!{_G#ld*Eo=wH<SX<2<k3U-!Fd$CJuP|
z`u(BCgK0^l^aqGM7CE*_k7TIJ<%gV9GiHP{w(RW^EDRr<KQPZ4W1ormM2xrrw?qcT
zB$w1R#AtSH1(VOm5J}tUL$R<m>droSy(M|A!aYF(=f5e)772e$DenXuNgM>~p)H_l
zF}LDV+!2V&L{{|TCDZGgzB^5U>-~P%tM|#w9=^<}KuP9XoHdX4yy$hRSQa6U0kH#l
z;<p|5%6IP?k#oaIt#&4)x%xU6V=}*Vb;%7?6Oz?fazCWBJI36VRTjg6cOH><#L|ar
z)FYY#wg49D{tt$Ue2DFo><Pi|U`g4h5KW)iBC)u_p0LPr#a1{?5GsfaJ2gJM8m8G+
zCxU%X{F^TP){u8&zu>sJ9<3EM@CD9(e=Ze@Y43U#(5~F<Ea1~@nBcTeAa*rfv}9P0
z2n-dKTuW2rJkNp0CYED5n$HYiym^t5F#^FAs1UfqrkRs27>kSW({uZng$xp?Q4G_j
zfeD5J{m27AoM661>9+pV!69(57P{mk%2&*REJ3^$1H++W%h4WWYf94Q;ema;Dv!FX
zdA@Z|N@Z<ipbBg$iFOTJBmoO7#ZRiQT=ihG!}BHq-NL9igzZ<eAr-fyuun`T6TQS9
z8ibc7r{N4QO0nh{diM3wGQ*9#h(_=|3oX%TZuVEqViXBuQ*40odzEZuN5KF~8mF+?
zJiw~pYn%C_c~N*>e*%7{W4dd0{Eft;1{C+J*6-(6!?fMJ304)fc!)3*e@<P%PILgO
zQ_^xhi&WAKy?Yb@0N$~ZGH|hs-gYgSVzo7(QPqr5^IgKn_vp{Pc!#?RkK7)rBas$-
z)%ehqJi$VnE!j{M5f&SFOh;}6`Y`iz0k2z^ws`cEWsIyM@oe1;nZux%D7Sp&p$)7h
z;JJd)wk#|hFh~Ro90X(K^-oN<Z0M6|#<MUOjK$mNS6$IcziMrIP15AqGu)m1wzn?D
zycPZQIwNV8!NLS(T)Ttq&Nir^S@6KMm;s}<F#jQK2D&V46w6SAHtHuR5qYrZ+m)5_
zikRrO{3P}Jh%Wb+Lb2tFDBksh#cOT&eEz(QI)jl$yMQK9-X<82WW`xw3Dqoj&%~u%
z`Mtrgrssl|^t+Eaytp?8r4s<WLrf5>ZsauGb^qVT8^0pt06@7f8ZR0+?DrFrk~Z+!
zQ<eY(UNj3R4d=8NuV*B7@m6O6zQ?<X-VeMej<sSGeEVhU>rD$Gtl;u@JRMCF+dK|o
z$cZnUs3AE&PfdX(@r2Y|=u>(TW#RfY`Z;MS@?Z_PM9|Wab2-xKvtROzM}}H{lecIC
z>q&)m1V{K@C+&4MY>FOWmp4h1o2YpKCyIQ#9(M?Jb~G;|swkhVD=8nizA{L(>Ct_=
zD|X<RQcXcvLtq3M^+J+X?VWsGe8Qp8(%*RqT#0}JdPK^Q_5Gp!*EtvVS0}l32scbf
zE$4Dp+sc`0qs7N3El1=O)uJ4GdPFnE&+^B*v9rZm7SLyK`!3Bc%^H<u4aJ^TTD1Vu
zqLhw-RAX`ic#xH0x^Ux}HW!C+9{iVCo)*a;U03TE@g35e^52j;nnH8CO{+QzH3`eS
z&=<__1hHb-he8JOSxw$5&k88OMEs!#+4Ljtd$sP4?{2RF=o;0iY}yQkK>FL8zl!~U
zr|z5XUilY6M!^LgICmiLY3amb30#7yg7wWO`5Xh1d}nO1kV1I#ew9d{<4>n7v=L=3
z--u;MU87AodspU;g(#G9%xxZ;<3Bkne+>`nu+XfABx0fMls!1Vew%Q$hwNr3nf=he
z;>(YIBZSkcms1N)=C@yF1_R}AkyQL3nS53*a7cx}m{n-wK$+FAAsjIiCQQm!JCM(%
zSOD@ZHq8wK5UkkaJvDs+8rjZo-R>W<d#tZn<-^9_OMkqC?isUYC3!4e9Cx8esXH!j
z2(zA^r87{HIc$UiXBvFCKOE(u!ku|lo%{XWAgitPZ8Jct$v}BJbBwz6cbBqhy`9%1
zq}8x{rO)q|qVyTS*LQF*%_{!^_rX-_{IFovBClI7Hd-)7G=CJYGKV|RLG%c9YV?`J
z(f(tYW~)EM&Y#2d9Ao84s)Ol$kMiKvhQ^bnjpn3?C8<|GDOXKInC6oI{3p=UnDd`i
z=Z`=F`tv_5-XA~>`tv_@=pTIo^yhzQ+COR{=+DL2zk&4sfjj)(A^uS~0e|~1=J7AI
z<Zll5&$mJ!{{Q;oY%Y=a;mJ4pCCV<o{0KloU=k-RjD!3i@Z<MOd;^w^rppf61-EN3
zlppTmxjW*qbURHaY`DAH&C1HM6(xa#;dBDp5BleykNWXC?`GW^0_4rz<$tz(|3iRS
zUxX;h{Bju(bj_?L5HcvUcI$uk?6qo|H)X^fE^w%4R52B>rjQ#oy$J89jR|WDSHpd#
zNIl;opxBn8Kdjvt`I-k0<`ob)`}2SL=L>-iVG$sn_vh<&(Kb%lh`)*OS1<UQSA7z9
zn!PSg>XdP=Rz6VHj?Y@1jw5hHLGlB?m@3$8Q|vu9#;AX!*#47}9!<D@ksak$mZ)DZ
z8kIi^j?*r|hj|bC-)LL+?Tl!*LodQP%H`A32<Y)a{eV9~GQ4s|M_c{LEJS2XLWy%i
zr|H5&nY{(+fS=pEBGB1miuz0FvAT4rK6}vFMj#&>%;(>ir2I2%02VztbGz=Kkuvcq
z{4r-1v>@pHYP8_HZOB1b9!_in`(hG~ct-+ah!AqS;5+XRj*EFQDA@8Tg~&li>^V8W
zT>pJGfrY{NgDU*#PoV7BOmZ%qxwgDMHv{%egZ3u}ZC(g@<-PVVK2E}MJXX8f3*?2o
z&KCE%KmYQ1^1V>8X(MIZ_e>&?b=3=I$p7)~_wxsC7pJH4?085+<Uh~Tfe!1g+9B`D
zw}qVvmDBVtxG~5Q#-7&~a{&qEjci1-3W{(rOTf@EN2$(T6gUr_adI2+!wt$jQD4V=
zrkSix2TM%j9;X!$rG=z4T$;DXl~>qYUcF*fzqNysyoI`p_8eG2{wNUc2Y?8ko8#V*
zY3ZebM2?8}Bu{lTUT*cIqfDcCE$f=&+yt#IUN6bA8oxQVqQpJ+<$k-@fI2T<%|#ZQ
zYa9ux+kOL%RQmZwmY7>oXN+lTiEi}RMVkgi1Bt}P0%h|`$w*=OBPblhTfk`!8RTg9
zJo<et7KMWy!%>o^>ldvT1p;51i5b58s96CNd5;pT+Iq6@H*?W#BBaIj?G#F$2*!lM
zQ`#TqOavf{;kYPwCu2j&cN2haacfY15OV2C>+TY`k*_o&zMJcY6rlG3!<~q5FRCqD
zrzv>4yZanDGj<GIE%`cIfP*M99do+xD(JjD_m*={?pwo<@!M;QIa8F4F2;=)V=0{S
zaH9BJX$n(q&ZfPS0dE!E-<^-=p33P9Sdk<LxH6njbe@jv7ULR^W5!@94XXw;jLUeI
z_04&a*4p`{5PqjLwSxJ*KmkW)VCi-~8&}eDT*utDD0YCXM{i?5XPR;}!e(n}A}Tw$
zvJnlkSpNdqkjmgvSHZEHJfZvzNM)q5$&uI2M2U=;foWY&won0BZ9hLaXv^S_F2GVb
z(50*C&l=5mhi5;XEwO8Nl!oiZCI^ec;;u#=RndOiOj9JVj3hS6=c#okQ1a9+v3x+d
zr$_o>g(baN86EL+AFN&;Y@bEc-L56=spzm3`D(1}i*Uc2?jK#?Y!0-jk>I{u$<ZB`
ziTxG_^~MO4`*Ibe{fX(RD-U)(xgYwULb^modsZTf`$<cVgYZYm6VAqthG@abLjn59
zo<b~3^%2M`<7m<=vh3|R3+bwo?sNtEEt_-Z4fv!hZH70f`FnEuEwL^+>K!qf>-8l&
zNa6u`W8PD0iS{DXT`lPIqQbsPQ!Bv5RKLWZ(8cussKN4^oNAA!l>C`AzV7wH6f8zu
zb4X&X*!yYZn+n|Zh)Dt^Sc!_{sTq~cg|B6iNF6ctWiKTx3~*mkwe8l3fNj3gu64DB
z#q230#`NaP)%RyS^CF`%@;h$dq9<Eb#pSbU+|yoKoeXoekx}xaO|<q3h)F8$n4**2
zs~0=r_h;WYl*XV;OT8asqhsl2>7{ETpWQ>*?DT2w{veZjP}9A(U6YoXJFq$63yHd;
z{v^iB1S>bRrX7E>rm?6kCwlD{Z_0N23CBzmF@IF>o%D#)K;2h6-<jPO7N=tKI!q~R
ze>8q#VS2VSe9aj02+59Z>(EmN53Z!xu3j1?hlbY*DLb7ai)34QE%C&uX!#$)9(8ky
zA(*zEC6z3!qrYsUD6^=SGY+lS>$$J}@+6g`<3wk<qF>%B(>RsA=j?g0nRpt{9yi4{
zM*&?V4=(7YQ7@4&VI%h<-=jb5>+L$-RKkS&cZ?z<28(P@R6*n3C#!l>eJh=Qd%RCT
zYBSTQ7X4004-HF6-bp;*8f141mC8niXvf9k?Aa{P7v&xfslc<rhN=dmM%HNzR>$@4
zPgxTuiNg_KZgDZgXNuj;ea0o#UChR@%RgsDdNPpa*Sh^0UE6<0WD^53DX(LI^p=rc
zVXIc%+CUnk*MR-eHxu7`*#g9L#5=zvf<IFY*fxQ>G5X?Q@qQWAoi)DS9I8dZ5XsVi
z1Jj(2P>&joQpfT`QLKDlg5j(WUaNPP7{j-r<3rb1%t_0V)C%MD)FfJ)&^-FQ#~#Y?
zI|hk|CWk5ZUw|H$PV<Qt;Y?^z?C&@pgwN|54vbvnUcOMT>ite^hF|ITJ@Jr$*i`EC
zqRPM26Qa|)$Q0e~O3y!i$(Mj?c!`6^vq@5P!N{h<f~;c^BW`FUc=wAh%s_~B{q)8{
zq^-475$&JW6N}Z1a4g>TR~k}L)%ODeUDS8AI2up;*{}#Z$eSt}B=xpamlyCf5uOUn
z9#}KKDe$OfX;eX;t<C?2Tlq2y4P*A>=vaCim!8CfNm-fLQe8I2vkaXo(N)%c|Fl@g
zz7U7eADOoCiuB2?S05DvaxPaZrM_GT+j-?Gno82&4lFBRX4Y(R$-LOL)yXRLc&3SI
zf>j}N{`Sm|snVOHo|qanBt(~k$G8@o&NEu=ioI}2JnCVlaq(sjOWMF!A^QAjv>ltO
zM9*J6uBp{3S61j3=en?|7RO{wU&20Sj>?UemhRagWSsL5tRA|D$CMsC{!&P%MTJp@
zl}jIPUC?LK#Ilux;>(A!y&ml;B^m+~u-LsU80hRM7Z89+9v(@#Uk6QJNHyJpY44qk
zksn&OKtXAsENhwt?=LppGoTR2^H>5k8L)>hBTX6ZeFzj-u-6IT;-mfkSe5CyOC<3?
zDZkDP_QXeI74J^fWR=%>RQJfwrQ4)4eZu_;<nf-m_6~@G%$2!<4doljU1A@n`>D|F
z6fzIW<-3PVOl#1B>LljyjEJwh#m&Z4RbF*;6Bi(enGT7vBcZXIB1K=4Q)lz;7=Dam
zjNI0q+^Ww?Q<mj6-`#x0HulQZInrn;xB6$VlDct${S2I${cSZxXIZN35PNU*w@O=0
zrkntwK#6l_oH(0dq=mRM)6PqV41Ag>B6GwtVVMur#>6M&*;3Eg$>qLKrkFolKn)K6
z@T}0^jQ$-7`hngwqg4QlSnako)=4{t@fl-VL8g4k(514e(vwC=xiPqbOp~kpZaFre
zOnlUGkfTB7v8Ziw9T<aE#nzp@M6o%Tg(Gk;Y@S^{&ho(L^fg(n$ygwYqT9bZ$x%F|
zJbS06=N<ZjA{}F#%S0UWLsflrs!0<`hsHh1NF7mb4k!_G^=Z-lPVRWI^u^;f&%bHD
zY6{RU)%pRLL@se+d2b(Er(iul2AnS?G&7K{*H9Q%EN@CphDsnn(NN3Ywt!G|Lr*PF
z;&=9_Ru{7AIlfvR+{5CN_c`yWjOzWD27lhU(e%CyXTm8DpT-B2%f?8#i1_dw$I5%f
zg(m*SFd;gzRBK#6N^zgqS+|p{W*%3*SSPN3#geYp$hO(O3sblI@tnJSUPz5o!A?bo
z$&@QUAs9r_JitLl3_*|WBvBN;_P#6sQJ)TjXM?L*v&%JC9>(r@rTk4NiNs6O*8;3)
z0#9klz+wDwIk%pjoa|Ucje*d9n>G@zJB(>|-gaL}E;lA1E84Iw?&<6bs+SSX^tCj7
z_|pYO0|T~0S%2_E%ln^gPrUV>bt0%rjG@b%fU2DYW8G$1gzxHIu2BD$_PRX=R)Qe9
zPk7fu(SXt&+YxV)`osicPzr-NaVi#=IvPa*F%?(9UpFUEy4z?IVB(TFV-p7&rQWza
zU8#P?aGke!&cOF-6Z0>oc3E_qTJn;@Z^BM@du=W~P4Kx^su+(qzjn!6Y^@0s$@h7*
zln>nPy!7~H1tTMQBR<K*<tX3PXrHl0vhIpvYCFYoXgjBf_tRl^)7RADDjF-r2tlfe
z&4aCfyn76GBg-bS#8}(#?o*$~z#Hjn=%5a&48x@qP2((sT};zXdS7hCP`e&)BUz8Q
z7bS8%QIL7kT;XX~cvkaFLs9vu8fqTB5C>-V%TMQU^1G7M{HKOdhb;cG+g=cp%qn>A
zctu$uX+ro#xPc^*DRcXYZcF%ml1HRLuhb&}H_BzJUn{98cTf%bE3uieh0wWq9m_m&
z1u8~vUS*QTRUi5qb9k=ZUPEhGCW$t#gR=^hFV~zyiROsx?-4p-jfqR-W;0^-s!(eA
zEVFp4FZix3DSmcC6=pcl4e*2MH-ed;N76iPD)d`tft4z}!>15A?sk17b>!|_le~n;
zuTGd*wcNC6D01h2iLH0O|M_xlQ;Q7%>q$1Mk{!)J*T!x)kYQjMqr0l+UjISpb~3Hh
zh&b7qPW~79-j-3;+x6f~)ZzS<6@Q~;AhoaZ=c3QkdU+JhSPCYCuwHe<dxG)a1@MSv
z`Vm7T{!4jzHZCV=d;ufkz)s~;_lhJzFdgO4E(5Y6TS$d8U@`*EUf8_Yjzla6Bx<|y
z*lm^gh^iJGPg%odbTH-$qSN=EFV?4++arH$Xr;-alO6#S_7(_BsH`V86O<2x%hc=P
zyi~CKDiKr!H}VKGrL!~%QoNRgD&g~=UpbmGKTuG4&9wJOIg+h^#A8T#b6fetP;&I9
zt2S|Gn+{bb-LyO@DXEjB@2?$5SlRFh7lk`=tUC;8YEyAc4?<NTLPVC+v%|$5S`iY+
zHU17z$KXK5I+NCU(5u_j(v%%s9?o`j7c4lCI~i2Pb@r4fo|Bi3#8M%Ok7^G(yB2sY
zbK9$uAYPC%DK^x4I~LfYaa3r;jZ4_R9bY4O{c;QOLQ|NKcRU-1Apb^^;i1v6KzPs_
zNK(Yvp1>ftqCCs;B!69YSWS;C0!h7%2x5@obR@5gY~i@=h^8A4g*tz6^4GAi!2ty)
z!rXPv1z*wamg~bUC}sQ`ps<`aJ(>PEw3__j_~lfV-H-`M6NWxlQ?ufB(3c8JqbfE(
z&ufo@EcJGOe?=|-Ek$1nj9zKiPEGr6djH*33TjaXOrS8&f0>15q+yIO7C#7iuw7dN
z*GQS19N4!R^CJJkfCd-KF>TBA2ijRB+moh)43f-Uh%lZ+ZoICxR9$t|iLxXXknSTx
z=I4qc(?{`1%hL&w+kNszww_3*O{-(^Bg&-`4CsdGC@8ys;vCwA=+930`GU?g-&iz|
zxmSv>KbWTCPWdtplSiMW0!n!|F`Lk%PbY79q;XDpjvrL3CYt^U&Ok!XW5tDH+?R+W
zBr92J%m_h@^4-C0vcAnh&5eJq?Lmo2e(&S!QTdA_Nb{u>=JSEWC<-iGLU?CMK8=Do
z+F&1UK}GIx;ud4vEytoFiFb3Gd&Ff6dZfg+IZoacjB>P3E#+o4^n$muS>mj@1X+$w
z1X3>c(A0B3^pCWZ`!<}(f$c+q>DZ=vH(w@FE?pKvJ|hJOEgz~+8pK4m4!+VKllfZ}
zB8OSloX6xFJt$oL$^p8#&A=69<YoXAD$kO9q}=W*58*ISZR3z~4!L9GLe3iR`Y7iT
zk9q=<??*%2mU1?Oyu3)=pbC+0Qr?Yp+M8j$G)7U-HDz*4{f8s1>m4nL#`~2lo;RN$
zOVRs%jkoKl{`%kIN&cF{K;m>D0L?jTYLvvDi-}XgG)tt+Nx<QoY`9*|4>np}?Xhs*
zQZ`)y%(B$I)qxf0JZIC$>7Y$0>27A8B?&S@s^WQn*>BWz-?_y=(SNacIfKnDc@*Lr
zgLxc8drLzbOTcpiZ-rdr_-}R$n1LTZ{S+muu@<T3wHNxZFf2$8geYq!^{5t{9Pv_y
zCl-s;91dWgwt7@UBCltQ*N2y+Bo_6D;G&zBgPSki9~}wZTy2e*uPJXm2Hh`$So9Gq
zeOHutPFrZ}S)G@6siuV*Zvrb&;jCBxT^W;rQ%M+q;BcM{;9GN?fOqv<-VwL@d^k4Y
zrRAocmg~{<L2~0e=Q}yViwkatB7bdOtDZA%;J)!>!uiBxPDpAO*~<`(IsN~XyvTAK
zcttE;f{PZ&ov={mu3t$?G+qfM*9LXbm{<Or!v>0UIoIGGwE1v3mJ9+_<Dg{YnIEb9
z>Vu{$hf^PHt!F4cgPa$w^VmFR&VW3pEkvo|q6PXEJZ`(QWgLsu*Ed<*rh<ItasU0f
z3SigE!-LAk!<#i4cj9(RS~tmhyJICD$TaqXHXW_YEemC%<1)~MXRD+UfZB;3cFpkb
zh2kd^R~(JE=31@0?E>g+inxexu)oDq{M*n0{#LVQVe|E&NTuI<m$WoKL-%!aE{E!4
z;2Sozs;}or52rew{v><>O>y$g8fies3I{&B1At4e0qATxPz?P1pP+iEwxICAp#7wQ
z{RJ6R^Y`Y(KYcPP>rl6Y!!@`Hz$p8n5!3h0kl_%w)2rR0<fNn#^4P~Phg*Q^7W$aK
zuv9>t6WzNW4+wM0;96l{qep%t4sxhn_T6)C23rk;;4EBtu>2cDi7{NTZ%NUFWZuO9
ztR^byJhR7oKjkmW;s&aa9JZ)hz{dG}&^s<INuT_|-k2qCoMN`|>+7za90b&f(P|v2
zN&1J)c7SollHanh_-yq!KFbX+WMd8<c&{M9Gx-P2`t7F?iy7Sf31w0HecT=fgZkmR
zHT}O;5LEaEFxk_Xp4f7(MpY&1S7{>84qJAIMda(2ejf#&%j%UIi4@H$khjGGOjZQ-
z&cvuDV;G<osG1(*4pf-gwi@KkiAzP3*rO4f0l!5L#)2sX?s)!;*Sa3RDac&rmd-^t
z02W&t+88bxS)N~dO9SEJNU*_{?!*K!z`)?6{>JtHHt7_3kB-XyME;@#OkamfhM#NG
zfJkF9et_K2>_#y|><$$vYm37a#G}f?hNbHWLA^Q&Z`lo4<p9ERL{Nj--#gr69q0RY
z3Q=5fBI<XwH2HpMKMJhbm(5QBF4K~qtRZaDi$A_9=^W+Y5vf)8!Sr$h;LC!khFWxg
zS*HFNeKN{Y-zWXka=gC!@m1&+4;~PQf$Du5RHp$5IBHHyy3{|_It);4_+V>Sy*M|j
z5y2UdFO2+dD<kCC{s2q<dCuU3@r_8JDTavBhnhGKG{-#(v6-O43g-u(KLIAVCDl?j
z3Ez1&ne<@*E4lIPDJ%|$?_kCY%C@18j$Sh37SoL?9^R9%u2~Jdjp!@09ZGeeEFg>I
zA|zYJw#LMn_qT&ZvME_yN7oEG(@*ujeU#A~t7zKL?=S-BGxlKhjibV0i(*K>g`&P3
z3Q5a%OgQZy>@j59u-mSr6eb9|G?o<!Fu_DSSuBgCn6XuKv_l>@XJ^9&^`WNii?XM_
z%!#<AVUT`0Td@^oXrIsgASx)@w0^5kaAZ|bO%z~Q_<`8BKV$BG&Sp@-nb3T(kvja#
zyF9o?Ds5i?8BTmW!)%1$G`|Ljp!dc@2`n0dJg7BF5g^sQ{)+<$UJykk*(g8VHdXR`
zEQkCouEzP-Vh#f?bGieMF~uVCjE4;5O!MZ=JG+Z#(So1B6hfofJ^>565LmxEp}9_h
z##9Y7Z<cK7>{chPO1<3eR;(({aQ7pbpnDVrdvC^6Xp||5W*}d_Qc!~X5vyMOxC3T9
zq?q~*)77S4BuIb4EQwrCt=Ww<?v^ntJinA|=WCo&c;TUi98u}CX@|xP;E@nMIH$p@
zP#fVb0f2^55-jT3M&jN@d&5sbkCWu(E7eM}2n{%xK)QuSV+2O|`sp9+>`Y(jN0}vc
zhTbt5Hgv}K&CDsHIOo#tyj6d#$p5|8fG%*X$Yk0<gsUd3R6nl>(4yi3j-X$v{(sC}
z6abRH^$RJ@!&b%m(dIIjNmMEROzgR6xzWJ`=eU-9Px1OEk!`xh{d5B?Ww2@ps=$;b
zs}!L0n}zE#dIe$|DwU;r9*yX{qT9`^eYl2cqG~21ZR*to_9)u8QFsM2iRM7qeCAcy
zEwkLSt8TwduTd^WE}Qu{i#S|GYiN6A0e_TEA!AS1^SI`0$8(D`Fm@KN>%iq{3t&uZ
z3l<UJm49XFMjD8cgyjzy9%N6j3FAj8O5C>Te0$FQi;)awFY+fD%QWSR=)+iXS)Iag
z=T3_X2M8X^!Pu<EEV3@3l~@hsO0h&(=1zEbQf9w}fl-HEqy9^93E1Qg>Q4p$cNZ1V
z5`epk|EF-wq*XO$$RwRjy>DDJh}!eK;X)@8MAYyDu}DzafD@E>zQVfUtJq_i2`H!r
zu6lh=&4V_}lxg(Hr$n%KV3E_*```O1Qjw#%p+16{M23Dpk%OPzn}TLgg>X1;QJeiq
z?~kzZcoiy(ld=X>(!E+KQjIyvMvZR{POWZ3@0V^Qr*IPbe!3JcjZy_n4mJge4Tn)`
zAA2ZdE5SX9B0Uewdv9ka>6Qn>k_6v@$gxm3z+L!~mLmfXFi!dc6aQB}0I>MESIstD
z?c^2JAN!xOC`0)NTmPS$vhjxn5Bog5RCd6XnmCtGXuKNUg7zh-H+A8KYH4;#kH8*i
zBD#t*KVn&2LDg#S?Ass(xZNuM!Yn_lZ&$~>G9nL$Y}jx8TK4RM6Sf-IKVb?9_Y3U&
zY<v`88%Ouv_D{@$2SlHXi@nQgqo#N6r+k?Wy>$UL>(u}=p8b3f&cK0pA}?XtqSyY%
zl9_K|>`XQ@Y8=?|x>#n+L>MI$hoY>bfGIlrXJ<CQb|&20IXzl9LZSdXsFQGiBa#=3
z?)T1sJuZ>MUQ$ZR2B5MJ0WKgzj$Q_F!o*V%&hT~Hq}70H+S!}!6FiRcVlk}NBztUB
zs<(}gT7pgc(Au?3l!?6=WK1I!7p{7ZVi|EKDEuenBh<L<Wim3ovIp|IrgveRnV{R^
zQ=Mo{NUg`bQ_WH^+$K^U9M$W^wpZNSrW)x1#t@n1G}DHb&pkgnW^owVEs}yW>|GN(
zjn24-c!gY~N8B9YaPD^2vEHb@jiR-YF1(p@&I|>9>ENR$AH;My@JgH-mqW<S>+J#y
zH(+|56;U+rFda0Y)}Ddvu3`w}gO!v;78KA;Ngu*+s{a|p|A!L|P!GR^u4diLVjV(n
zPQy_u4L-ruxxC>HdEdQ(e&*V3sY;(os{dXrO>O@5{fjSmPF@ZSrRC%B><7$Q0(&~J
zWoCTKFZw|J8xCAN%gKw{n0;T^E6%w5rs<j7Y|ow}El@1KpfeRv>4#NnT#3g<=CGP7
zHtJFsj~%oYr@t=gEVa;#`7p(_wd%TxsfY&f>CJY3I5F!>=;)jW40J~L?AdNha4?5t
zz#8SC55V3Yj?zH3g6fR?BVhkL|Fd%aCbT~beKE!8KzFoAwz#nfp=VtN)XDh36>$F}
z7ULxW2qI9Qko_EL6!sv+1fKO7?N7V?f5KG%ek0(~|36afG?4Gfg=<HSP;s&~DYQ&9
zr~ggc{6ob5D{7?qCx0gx^dWtEpR_FUoX9kjP7pUN|E+Zu{`pA7kMa;IV*#(4+<4#B
z?GKMUrI9pGWD+QWs_7?B{;N*;L)R<kkM3K(P6V{S1a?AV=Jy8^0pCXhvqnOj@t?wv
za=j4w;O3mryJ`Zh>MFy<A*|=lgi)JTum0x)|97vr-FiXQ!j3IF@V?_F>ku6jz^trT
zhgx~!VRTb8V$Pq$<#nM`^#X+A9Oh;AAx2UUoDa1kV}A(89o<98azTBRC$YR!(@RP>
zTl{?9zpK?gtxRt0ZPwg+EHEk}{)`={=mqdpuK-238&q|E11O0fYzpyQ4eu5;xdEEt
zKO9C%Atz)le5BEwkv%auu)r|(qZI7)9aqITZ>cE9NQ330g9ibX$ysDVoJgS|v(^DV
zN8F}{Rt%Chia$WH<>Mzf%Sa-<iluADC*rIW%AoDC7}Qz*I}(31v;X-*P3knz6G1ZO
zGnB`%*$;R3pQz<esR=i9^g^ZY(+xPgU!I7ieKpT<W;W;K$KsD<>LaQObeS75YK!eD
zKbEthva=7+Axg?|=Fb0F(PJ#SsHJB5>=EW=z2sDunl_QjSGRX$Ut%fPd-=<yoK3lM
zl^<FXIYhj8*TA4;>v3gw<c_CbtNpe_{Km6&$l@_&qTA=VxrP*Xxvh&F1Glw4i|FAl
zfZ~6r)bZhdEPo`p;+k(lHVg*_<~`2uK?v0gI$!M1H#pmCw7PKr(gtK^c8FHZGWC)<
zAMs6q#$M7)xHOdYj~)f8Er7!2o#;%3BJDLU^@`3ZYfHaRf&mvQbf>{D`rP3(6Yzn4
znF7olKjX{$iOFg(4_a!IfTD@bZVzb+9;UNma{HQbOORZpYQnta{%NpnN0$;7dY^s-
z7;Sr|M7P3<iomvlO)(9q`ET!8L{>5<wzrhLZaudaF<f71LmXR6kqAwJ>h(5L#J(y=
zN;VPtJ<tAZD*&e~M%!@eMR>EMi3kWuew}fgr&_5JNz5wz#;7zaPr|eDoJz;l7PneO
zC%9BbL_cgiT?W)bl4yza2|4PNepQwX`su<nG~|P?BoL0zpPgVot`dNrY83Jtz#b{8
z?BQN7ui%$<09ngeByjPf7^lk-@D=#LrPAj%X@y{b{@2*F!OSbCyxm-0{1QeOShnw~
zEv+zb8+tC#Sq63;GA*-WNjr()I^6K%f{u2F|9a4XDd_%bT`w)~XboJ9JYs$){pOw|
zv{`d;Z{kEpY@e1)<)XM_lAf?jH&x(M{v8zyP~-Jfgeg;7>I8`0eTG*M*eS~5DoN}8
zFfKJ774bt)NoC|*G5@!X*)8qi=Uu3!0zl5VA4`><0Wm5Z>>KgeRH|%Uc{)6w*`1;O
zI%<fR91tacj%Qd?OAN$>%svBRLh4aLAQNF4w}954v-OYj6sS?%_iHwD8&In(7NY<r
zKZ>~^^%58o)})@ACM90Q9)km9`IEe?M-%&UC6_&28j73+K_C4xD9L*TN^}Y^bhKdg
zxWGq|nKy4#xy|W}y#0xL#u>Lt$t%arSyuI@%n*gX8iq@RUn=Tf{3<A5-VHG=o@4AO
zGJv)-pSVKv1UltuZwB6ZhW6DFOgTQ|yMdtq@|z6YwEP$Amr5YtyBhU}lPs$mwd3Vv
zA^lJ8Jf83wVK?z{(#QOq97_AHTdpSn5HkQ688)4L<evQygvK^O&!lyWxBJ`MIe^GN
zMegU=n%*xj5A(grn8Pa@OA~ND=Qf?5MGZuKRWB+RP-KT2a?)?wd|v%m^}X@#l|bOs
zda)?S%7cSmZ!W7AZcmy;9-P8qnqf~}yc;vrI@7U<gKx#t`m3z69QLr)D8T4|CPn!t
zdp+TIsshH#oMmCp^`SFh8;hL$;C?RD#8%6ox8OT!5qP)7a=%w&q~&-g*Q6wj?4kbc
zUy|y7g*d1HG8!O^!1t%XXjX$@AFFM{l1|CqWD0A*^}uy0q%T)Nqef*=Z_=1H7|{J@
zARAFkilUukS_&UbIB?6c)RFxumWwZ10RPHM<fv>mnyAOk{7_-AX=PdC^>W5ZiCP>B
z4)CVc-GGhm_1z6+-|Dj{?8duYx2s~#iR+$8!#9(7;j>zI{ixT7<u~UHMO@c?q;`jL
zRZ>mo5uA7ZMFU3m$=5OL@W0|=fCKnH$qvHqULF4=JCx>7b7(08^>AhXt%WA?BcEv9
zVG1hQi_bm%PS3@jyoZEQQvzT>q+&vG(R-lTt?+kU@%F}1txPo!6bcPf1W2QJjCyOe
znYKZanJXS@N9{D{K<x#UgjKJF-|0w+;x{`@TqLyt`?n=O6gTsA1LtgN6?36{Sh$=4
zj0I@E>ut$+^RBD0w5~TwZfE=<u5a&7!PrtxA=kzc<@kX6CHboIi2MCZawu+xU)tk-
ze|yn%(Qq(dW3zdB%D6cM3lB(-71)W<Bc(T7mrxLPH6CMVzP+t<DVFDYwHtRp^>)F!
zBiK~GX69PESoE<`+7v|rFv<4l0=}HlAGyq>%^lYSP%se)*lBV(6(QW8<G5Q-?Yw{~
zMEKi<7UF(*u_DE3BjiA+d3mnnc725Ex^yJv2AIem13thHM@9Dw2izN*6hFG|ccu>(
zA*M@oK_PB?vDi)hPuxMr5Uo`Xf{0J6r=O%;M`l1rGn@B^{DclWkZH=r8?&fT$%gY&
z?8alJ(4|NV*A=4rX4L!PEb~D#EyNRb7uLJEDlK#$PQY52gQbM<g9*yHK?QyPw=&^p
zh4vGo8`WZnx=9>FdXl_Gqy_on2XLq)uCXpRWwZ$ZZs&NFbLlm~fZcRE4lzCNcfSbj
z;sH=wo{Lt%GPrC{ehdt)f(Fz+Se<ijR$#77@2L@9S4CWmN;O%t<Jgh46ou^fX+kCl
zIqy=t?!eJapo@yEd!pX67TTO2A?@xrMn`U1h-*$?p(eQhMRf|i>*t2KSHKA2K3pCk
zblI-4C@w&9deCZ=+<4tN>Yj_nd3FN;p0<|N7rb3nNseHj?#->Gkb-*ofwersEUzx^
zles7MS~sQ#7w&=>a5b<09k+(os!%r}v>(~s-%+?9ujD1)g87r`-vOv6VbfjT{HTTd
z>S*C7uilac-$l0#rqBy7DXx3Z>FdMJXl^1j&X=wmMVB13n*d(_{G59Z<3E99z&nXR
zf_*sAt>t<{ckK~iq#56Tx5MHd+2B92=PGUe@}LdD?VxvXj%$6U@x1Sc`;Qf+yTc-q
zmD}g$oNG@11;_;;ZrdqJJp3##;v$!_^(<83(+m#U`s14{XVd6*JwnLorjhP}m%~9@
z75CAaMX>}{!=US)NYo{II14aNqunLgso0a9mrtjSR=NZ%lP^3_vh@eI4|mfylkSl3
z=Q^8ij~VQjU90K-OLGC3K49ECaCJNF`J{EtcN3q^(Yk#YG)#EAk<4|mM>*(DaflP}
z4e&XZ6g9HeP`Y3hxvt_RhpZ_+KIsp@HXL-nLgi_FbAPzIxJ2GWr)yz$xn$IMMkUrv
zm_Ai^vApOu@AMiz5>g=LvUY@e-pCo}CnN}m_vY24;{UJ}8|)p66it5=;JT|h&D+$O
zbgxk+jBH{oOhf6uYpLZkpz+B&=Kct2v#=Iw{*-)xDXH-UGSAa^JF_+TGP(sYfkI->
z#vZL@`u)YJ!F+xV4LD3kNpErK4Z)cp*NvC@1sr|^`Hrf;O@GTw&!%Qh2^<u8<77-|
z$$hizu{Yz_s~0oJIR{x)c6J;~&sn2WkC_@W&XTAU6^@iA+QZ0%y?}^7o=8k{@&NFl
zcr=#-kcsqE!B67_zd*E!!VLeo^3x560?s(F%QF?T*@3I!B_8*N`BM3;&dM$egpu1b
zE$r2ghIHe5H#dRCYe}P-?s4FScm1~UD%`xbd83516BC>LAV>DC9*F)2n+9QBy69O~
zrc+!K)~C7Hj^y7~JYcz{ZVjGN-j)H;i#ls(*N#&|F%_ii85(0Z`75Qn@7!&cThdN4
zuZSYaae8t?>$g%d)N3x5YkLV3`xY)cg<Zx@SlklL;$o7Q*aGnW-L?Iw7t|jnSv4z3
zZ&0U_1;`15SL8480c)kh8(9?*s)Y4(=H&KDA5G-|wdZ|HX34^noy=0#66q+!yP&$v
z%2J@MWEG;$7=vf{jk9GHR&ko_j7d{LC;(KhGAz4b&@eW4))%H(l_&Z*PdNjVG@$@P
ztBk?0=oKNJRvQJFKH3i)1}JwW_6v}{Kk4+#ywDG!cM#~pDLNj_Os%tH&RmwWX)`$j
zF{RT5jJtl!G*3WEZUfSZbZ6-2!+a8Yd#&Dl(bU7V?*>p&qpgQslUgIixjdAjHTacX
ztKS`&BpT!P8}``y<dG-KIjb&Sb4H94Ig0Qj9(d70X*}fX>@0`9m5y*8uEUI&Z@XlF
z(<;Bihm09<3lu2_Gq$S`dO;a&P=T?lqm2pEYf2X##Ts17Dxa!361+SUYI8vLnrA?p
z8S9Eiju#cyvCU|lH;-fR$w@5ZnCiD~xrK5Z1Iyg_UjY5bGeS~7n%DWd06=e9DeKao
zzqbqdws>Jwr?6&rKX1~rnx=O2Hd+Say{KPN`C0hKl<~1u))z#f2P^>sg9VXNuM=o6
zgmRyLAX?Q@&T4pT)tR?bJ}dpn+<~A{wC<^j4zoWyx_b;uS+x~fTt9xU;2VlrsxF^}
zRHW5yYp53Z$h3_Q@GRC=*wAZPFf61F7kC_fGL1s7LGa4ZrptWOpz_7){7MjCW~8`>
zhf=3x!}J@R4b3}`2yP7GnHB{}tQ%PGj{*kDtMaByN{#OtR1i<72&BCnWJ6~uejt7w
z(;Z=U4tJ@;N?hCvHegU8APsL7&ziu>YMPAoAi<XD8M;SHC(Bc7(R1`N%AFO~QZPxO
z#9U6zf7!j0$_eDW|BAx-qu?KlBu#daEp);QlFTB~%R9n4!zrU#FVJ)Kr%jHg>gnn+
zYZ>i5J1{R3pBeTmFGsw7D<t$VH+8%s_w&HW^XYQ1w_28u_1h@Xbrmw1OE$B*F#?=7
z)CStVYN93G!119qly?RoDailo5nIrL;~ZTnRB}g+!_=?*LIJ?W`@uH~GseVX%-pk_
zCt&LRPs(zkGo-|GNWEr;H>3iuG+qS<uNrgjib+jS1a(11@PGlW$=^Sh;v(rQ6Clr;
zY@23iQLk();Rn9?F2ZacHy!fvMg9tqhByC`MwwW@sx#CSG2?5Tt67NLm0_|4@(fM5
zB8Htn@c8%HZxX4Vh774~>_L$h-}Pk^E8O^tb?U1}pxtwP|AhII6`Ympn0{<KV?7lC
z6VXnfLq2kDD}O;{TvjU8(`m^GpOF+$Z5Ptv6<ShUq?pEQ_GIy+;7c)myKF8v`IMO!
zjJP{<qepj!d@l_63Xa~WknIFduNo=xc-P6I<BDpUZVM}-tULaPbL73ob2o&bz=BSV
zu`)qQ>W>`_Ca(S{{*<OD9O*LahYF=>0Gh)vD^5W*X(y14Tkt@vGh~eUj*ks3Je~6i
z$IuLWF$0nj?fdEs3^DkPRT|2qKI<J8G1|I!qm2Fq=EASjaPwO5!xQ`5Z!Hmh`>c(V
z=)8~T;-6(fI&q1fY!GjQ%!IrwDW&n{G|@$szM@Mk4qV+VKOHvnIilbKv&j42qS&;>
zoA$g+vHx(=0;*WDU+1^4mH?T2z8!jIN7z(zprq|fWg)_=<57W0mavq6#({zNArb>^
z*MB=iqyH<F@s0*5nmZhwni52=8Y}Ht5l)L@tfFs(eW^6IKly6ADlEssg0g`qXjj_U
zb97Nm?J^!wm+^5$XMio=_a_$x5w;l;I%GK$d>S9Zfzb`rqyHnbHk%U2*zqp6#S4Ot
z@=is)g0*q$1hpWM%F(RLW5|yNRCpv(JAoA3$`8?)Ln@8}kKhQlO}~2yz(<N^s3@la
zvj1$<Hwq|3bF%&hIg@)dw}#BxVs3JNt{-IzBi|+j2|ZC4EDcT14tI?o{Bdkf(Kc%v
zDL~%C^23+P$}^DHT{(tLX{+fyJC7u@YZX3<Azr0{w?A31(zLO~<IB0FL4r$y%mUl^
zr_KuAP6582O(bc{^Y+Xgj__r#CYyuo`6|PLTjNdHan3nzd^{*>Cf{_c?4s&01(MQ0
z%5)L1+%7KBzhbVxD!+)+L3mJrLVggD@?crH2riG&W^bZ}&oon-8#}3evg;b!aECTF
z{^Psfkc#gK#KpM!q>t+juzxi0I|4D1|IuzhOk9-1<%%C^66<jTs&#0+XdQqt<l3*S
zuTHQn{PH9?FrBBxDvpKHKP8XN^-qg$>zK>_q?aR~<TEe70NkXv^B`|{IVzV%O-`wU
zj;CC-7=`+r`7N+xoqw(7VjT-;G}2~3FT`Lsn7=s#vWd*)^J8YV^4b`wPCvX#B+QCy
zR71&WdQ|@~Pwyh35(N>u26rOR=sU~6_LnSjM@`>;^dR5=+JIUawh?0n`DJyqlB%JW
zO{lm-Q+~5he9S{hu~^UaStxoc-x`k26>bu?2#5WJxt*|M)<c4n2Mpl_Z$Tz?<)!TM
zO+H!f!i0Rc{SWDIAKKJ~N(#e^*3u*Qwtp#Ifpa{R{!8%uzcc<X<^&s5=r>m->*i&%
zZY(t4mN+!Un<2dLq_hU?h?p(8C0g6&u9KgM85D+9<Hw#T>gLEtcHD1tXiHZINq#7H
z8fwhXsO<&Lx#~A+#8W;vKbs4m!s|+e6Ew&nfz^~Kwf42dXxs6v`=JJ^-avBqpxjwd
z57RoeqPW@VxDGCs6VbPU5C#cS4$-)A#jbreGZbi|5gu?qA2$~r5Y-K&C^03Tp4|US
z&K1|Un3;mFj+R$_d_kk!Z_O9gI6+5X*Dgc`fyr4L>x*)L`1Y&pDn&5o?+yA(;McuC
z;=r=9f)jBa(~_XM>NjUd^;(9`SkWQa4JCA1ouy#9#CA!uXv5&?(6Q0&s^(MsGjitG
zdpn2)4HK@nY8!{FyM2d5+Joi7h=`{K+wj(l(n$!vx22y)wwo1fi>BLisKx=nV=oC=
z0X#ND)BW}gpz48BEG*1RE~wL5yI^g5NVR$Y<Cz&2q&%sAgg3e&wE-ZtW$%!fk~(<T
zPz!%x`h=T%JBr;=%RTi9Q<-^pz&ku;p!{?u+@L{tEc#?s|Fz<M5<Lce(UR>mzd4#!
zW#VFfywtvz1ug_AI?<z3hyCDwkb4??kZX<<W3jPju2g2ALspXmD%>=welaSfS#=S%
zScm#z?D?(kOf%y5lhyi68!|utS(`Xak|kR7=Oiz@a)`9U4RtMIHb?yiRX=^3UT_+w
zJ6E5mzSTPJN96D!C_SwRnY@WdO8Yh~O}hAXYvaA!x`)lg)zkH-Pi|Grj9dr#4AxcY
zS`fdV>R62+SI&yZXjhN#Nu(@<(@7$d6t5DFJcBSWu<eb3lw$PQcY-q2W$G6BMi;?-
zy5S*5+#fq;`yeZCOCER>jzypt9KzMulMO!jO^p0!=E_#7uAYW2#zO8_t$}vpcK0T%
zruwgxU+oZ2X_eewz*rgskP-CHU(PuI8EpWdULa1DMu$6D4(e=P^&V$^33u*_f5xcE
zZ7wt)dPrIPG$%20+7i$p;|GNBv|R&KJ`g<&ebisUt^gRL<+PmvV5|riqO8AiQ@;Xl
z+gJ3eaf#^VL8)BPNa2m@5TMThI~QR>uYfBA=v3%a{&G12P@&Z5>Ad}7B;ZtcOoF~q
zyW2sVdE0`fZL2zR#FTs8DFygzgoh2l8p1ey{I8$%caFoGvc>C^+h=|JDesExwM!cF
z_#kL}n-4)MfVK;!8X%B<zQ8}m$^VAuSq+6_Bkcjnpoae`>-q1jv(Yg(aJhQ*qQ7Q_
z#<_?wJKE+U^n1~N<1T-v*#atjO;^D1r0FPlg-5071~K>*ZvZ^w@IaNZ0D!M%WgslH
zkGyci5CB;b>eK&dH7Ff&cYWY~;JjF8vpKN6Z9D+vS2hA%G2oe`cnvhc`^Qc1eSEd6
z;)st5zJ`@z^HI$iQ3LePqWMV8mSX-u%YW}wAg=WOIJ&7Gu+pNsU$#w~g5voRFun`_
zGn=8!_fPBnZx{$o^wMg;@34JPH&6SrFKHgz=A-r}^GyyF@vn=(6TOr&dp#t?+0-4o
z{S~+I>?psNmOmBm=aW!q`b_;?GwSp`q<S1zW5Pdyf-&zF*NO1l?h;m6khMV}?Fz@l
z*1wLmu+_VaWSs(xuQUrEC_y}iYRGP3c>BRQtaqrUIKX;`)w3<L8J@yDC!vJJe=<Hj
zbD#JYN8^uw>K`I5TFi>;WpLfQD5eW;bt*}V#3tsf>VVaeI*;Pao(iTrAUtOMc3F5p
zt&3Q~!?zvBIo+Xw&16S&k=y$}(%XiBz*Ki5Yg@{f0a7d_*yO;eoFpWEO;?D$APb1m
zw~z}l!gIE3P?3B@Wks};(6`PJ{bbiFikA;E*E+SmUY+ug1z|IGsBk)dZT2ki)A(L+
zqS>+Hbef{#wf^h)_oBvvaA4VDK1q^}(bS3O-`}~%my4R%J-$YYy4sI4Q7Ypoul=GL
zi8AHpuExfM5@E}@cM1BcahE{ZjV7s-`8?u{teO~baHCWIYJ;(eTQ=KY`uIHA^8za*
znOra@*^XO5FSZA{sG7>J{i{E1u>BZz7rEQJ#nSX8X*|)|R957%54&ocdF5^V#EETF
z8&}|^($LC%th9l!RJFBm&9YSII31_l^7PAg8&OIK`sk>lpj;@fCZgaL54FPA(Yf4V
zYZ*bzouO<=>4$Zl@o<L70sN*BMnMwM0p9GR$dA*96sR&>OUSlsY{?5zTs%!X42Wu(
zV!BHxKlVQcDU`6lv7L$QnTcN+3O~#jLsAMq48(MB6>iz#**F~1!upS52?j~^VO1D$
z*^??q62+2u9EN1bks-G!YV^(5iMIYm)y>k5(sDV_v}xrEXdOss8EI!!{L<oY^JLZ_
z9pqfCo%K<IK*+45(GVw1vUOEuID)7@=M=2_!Z=S+cbos+b*gJCI2cTC+<oR$t%0P-
zcdg$;p&dID%1U5LAjcX;Y<7|`o{q6(7JBgPSy!nAX-PR#wRKuWl=XKtKpOPM3|C0;
z6KkypROWXQ2ADubC!X*s`tL<4;C5LlMZDi8veLi$0j9>1wNnc!NAppbnChU5_IekY
ztvkXO%-T=yCeJ+PUuypN>4V6eEDy%@9u8k+>P(#b%bNK|pJYc;_ajFBALiaNs;YI5
z8zodiLb^qfZs|?|>F)0CmTu_|3F+?c?(S}o?rwM|y0?3uz0bMhy<^-DcYSl=nrqEx
zKJkxVqy_@61;*NQ>SK}xvSk&Er26Ao`{LwuFHLcvkk)*TIibQA?hj;xV|-*wl>NM6
zv$n<Ln)balre~zz*$7H1^ht+&HZmWs<B>0ox{S^)*qWI1h{xu`8GW40$k$uPctl-X
zg51;zr`VaDA@?<H2CU66;!07)a1U>^DKT#Qf%d>JNZ4;4I~O<VE9Gvpj=Are#o;$R
zDh2ijm8ED>Kve?+i$<@2iHNn_@|L#oOV;j&DQEo~X`2!&#=cyaZ!ZdD$0>c3Jynx<
zx-GG$jgxws`Xj35E?XjVonqKLdXQv7=;tQnXIq>H_U+C1opM|tqU>rELcDdw!=<34
zy_K7g()fk21_I!&vb#v!!L+W+G7>2DKZ*;7H|z=fDV0@YLDJIgRgl?ce$ecTwhsZX
z<YwqGil_eohr!}CO1mIwmXE%gyInP1F<vO=*TYrG_S#wMRFz1RfJcF3kp+L2cq}|B
zW!U~LFt;Te9Rx??j1sZGOrg~G2|IEPe`}?`NZK$DFIn?qcGTYsGW&=v@SZlx1H;(j
zOy==pEbN2s?|#~EoPx%CyUIPBhKd+F63XMn5yAv9-v>CSH{1uZlttZ1OpNu?H1Gj7
zcJJ-*sKDEUt&FBYSu8C3EQD8tzP@xRwe`5=^JQw9G^r9eEq#N!Az=~?#}u9ly-$1s
z$z5JjsER41b03bv=dolnSU|5E7l*fSnj}FjDWU77oLB*WW*NKx0UBR8EAE)4hQx7%
zBtH!cEONiqZfc7konRtMMRDuR9~vw3pNe-&jWT#;vGQlRGe{Vcw9jo2x4AxIb=Dm3
zi#a(GuZR&-#6<U6v!1Boq3!8V<J7mC13V+5fn9j};CvRJMd5%hne`td9$}bbLP9HT
z!`Ff~7`t%<7H>!rcMIHY(Fb-WwouwFkxIhQ`$mFfYaB_R;u@hz4Dzi{ez#G7;~<b{
z06o>_BLjwqIppbaypBr{dx5}7z4~&kz`c{U2sJdjktGOLzkKNK=P~oJs7E$~67tvB
zWAkC&*FhGac22IUq3DhHR-YB0Vs$t;&<Oj(L=W8BIG&eYibS!kT3sTf)tMeC0S-M2
zvYMI*Sp@k|JXjgqxF3*xUDpxxAWvQD;kSC?+mR6Nt9#GZTjS5aGyPtA=m?vGn#izf
zNeUwiR?c`kEMEkh#^zOecqA9Zg51Y8>CuDk<7IBc(g7vdxGXa@_&pt_MYC@e=8Hyi
z=4_Dm!Hh5QZzIw^PBJmuq|C^w^?`pGG7Dhg=wD8A0tRSMI~zS@9(Rh3D!EkctsF!q
z%+vpvRw+H>r3<-DfO0CS0z3-mOriBjLt{My!+Rx1`wqtQeTa*|Jxih?iXbdsk66$d
zpBcc%9$OD?Tj1@&oann5%9ms^W^>h1DFYr;2W1(P&mt&`fCvio8CQ}DVId_WqE7v%
zqrNNND3aLFiv;{@>mRP*wm0)PpBOyYbIpX-B=Q`Xg7}`o2d%BFv<i^Z)8>^4m!K3z
z0jh&Vpf*W-`>Mpg7E%A#itSvA16|%i;vL^(>NkK)hl|yiJhZG0obiyqgrO;Wj(H^^
z7GD`+q5k9uhKP8y4YKgNWxY~mDzuxTd+~yVV+t&>Eox<2gktx11zMu-FWa9q3915-
z$|(f2GHv$4!g#a@=YiGw4a`G0pzQ$3rSC<6>P8mZ%9>8KI&SiY`RGA#*=63e^j8eS
zfK_TA9YXW(PP9{PPqb+?LQiqRzK>=9Dh+{1m{{KgIPRgGnskz@<xnmu4QsJuwRlh6
zo1Wusm=J4MpG9W5aSkah*83pr7M`YYU>MH7vJ2rc)9U8r8~Hjn;7U$Q%5xwk0i;Y(
z#+qaZCOCoWUyq1#DyqbE_;W(lw#{Fah;Fy(kV+3V@VZ3|4)TH^s&dTgtQlh+VqFvH
zWQ2869<4;e>Vky?h?z4l8iL8$7`h21t`XOuGhmuzGkML*u(UwJRlZ+<)op)=Y1mbr
zW}Ok?j1Pd!`1tDS_h#Kgn@UEnV3S(UWef#O%VnI)yimH5$OzoD9x|w3?syxxShsNW
zX`to59_>WbB-o~+F;ZY0z_1g_hI@(2#s`>apnc_fK0zD=5#lg~^;A>x6Qeqs0wWhm
zvwi%YD84iz^z>p5tP>jn<QgY@x(tbJqc%&ug5WECnVW9xxBu<f0C8vGl2aUss`t3o
zyX1=`xNi)HDDUUrU&IL*tZ>WSWhY%|!Fc^AYWDXI3eqwNs4phOHtgN+)`$R!20g2P
zBLvlD>9@|pRTVa?7F=orwZr+BZ=uY71o`|cpaWUqZ%>9cxNInVVEiV$cvmw2R`aB+
zTjTlz#C~bur-tnp*!_b^rGG{qVeRraoHxDVsDYjKOg6_$PDi~+AnpQyg6q#L<S((8
z|9gDX&kz2kPy)1()hT12)jx-!AtAg)WIQi+m8(#O9toqW>CMvBN=zE3VhBnRdUHi!
z=i94(sc&wHHrN5`Cmmm$C<&~aD%SOAv5O+oDumJsMlWNyIbm8Z0Cn}}FZ$1P5Ae6J
z2Vg?BP-izkr47kHd@tDkC5DoxR$hD^KMaz+j={Lx?pys!2PNiVC*5<pC19rP2s*i^
z_+EnIL623k7_JZKyBK?RTH))<<mUB(W8oAbxbFeRSpT@U|0)a_qbMe4^M@o#fzjo~
z53{<pQn))&7p<Kauhqbj!U5lob+vbZiB`tKizxDMV%m+&=@KD7Oh{#A94*q@>A@^;
z{;PBeo#?X5mFkWOaoE;Rp%(=`X2nsPnk4wS-iX=tuDq;Ijky;Eo_fu>&B~>)FOal5
z&>CK`c%oGyhes@G<w!}><dNW3Yo`jPV)uTN$;*o<!=Bo<2nJDs_^&x<?bi2vp!M41
zq6|oheB03BJ8PGn+hB#MkR62cjN#zamLOz`&LwUVN?oBJK_E{s?@XAm=@2_a<vjsi
z<zbGX&6SbdNDW54_5rbA|F1U$D5lf{;3q(`#Qm3snQlj<ECu`xoEL0)nUAcff5_sU
zM2dx!z;WB<zRSDo%^;KP@=*`(WX?z-Sy?GmAOU6s!~;MqdWjxdKG+JVb_=^Iz-=VX
z;=qkP@sJkW(%Yic^jxaK=woc;Kk6>)rZd4(FoS@|zx=ag@tj*H0ZMd$qz6EmXaOL;
zKcP%YZ%51vS#(%od;@EBj~PSUj=Y3dGyHqH3k`a3Z^ObcCFLKnrD<fxNe}GC`Q~2B
zSusSD=CRd`$~W?Zt^k@8AT4^Vdsq5vll)Vmec{t5Ww<fm%=&hIUgynW(8ADA#1`QP
zuS?bNPYQEdIdw9d1TQpx8jyUQw5Tg{UGy&xI`w%dJ357uFW=cN{|;XpKWJ7KmRCIf
zy&M}9MCIe}<qH7g7R{~z1a{MDAKBQl#>r_v)%Y*{nHY$3Wn(#L9Vh!a(}(#zw?|Ft
zxYDTA<gGpe0ic3d3dEuhpwM~J&4>}d1mUKk<*fLl^YYkAM$xK(`)GR>L<+Q>!=e0v
z;tF-t{xJ#}QDOyeULGH}TDjNr$>wOP-?FV)kdG{uSj;E5c`&=T!!`GOmjA}nbyhGv
z%Rzba8L+qr7w;FYAW@>Q0iRBKa1;OzQiT3zCjDHb`+ve$pSrtV??;2pE)CtmJl6(L
z?UC1X-ZS8rB<o{^H(T{eGVSmK4KbHxtuVb!`?v_jK7fl%rqVkrOIjE~Y+TVuc+w7{
zg8TeHxa5sBmu5MU@2fr3yY>4^YlIgQe)JhF7G~WO(m%Y4`waC^a?UUPEt@qlFd34@
zNq;x1LH5nVM9|H!KV|Pdr6psHjk7dOGuP!A<M0@_Ut0Q5ugXJ=qWz>myV$CI&w^Sk
z<D#NZq>o9cY=~KgAgR-*XoHvg>f=T)+YVma8GMW|qN{s#>q;AlMbsCb0mzDUf9bD;
zH}2~Fk#gI3+0UJNW)=G~DTM#jhQo|LN;+`uz&xm2pZQ`viTvG|B;1D8N;=tVrA(Xy
zY;X`2=HD~mS)=NHgX##7O=!n`v|vbB+yr1cBoSi0pMZ@V9#|gK<dGq+i9@B7jzF`h
z_RcY>3)T@n-ef_KeE$ScsJLY4id;mu6==iMb=vsh<(c0}x9+rA1qfq^jshy30%aMd
z-_LCNSkR)6iDL?q$Q2ir%l36WqDn^Jp2FVBg-3}R4qO3tZk)8Xoq;caq>y$a@vA6U
z7Ph2YpFPOw-B}m6c7ZvPgwm1hy9o}*eOm+Kh{>Ew0;|G%KSTiLs5ikZ$R|&B3iuvg
zb_JsJ%co?Flt|U}I!k=II=Ut*cWB;Nk4Y5Crwdsx5~)Y$w__|3U>fYtoHCT(oYh@V
z-HtdYC|*RL(5>171F?7(6aVcW1!yJST^&6I@j^_(s{mdpFM)}`#rrC=$<!Qc!W&6R
z+^G#xB@<`8NMowPRAJ7SNqfip1!+h<*nK41-52)Y4f!HI8tXIV{JjZYKC3H`9lhCF
zGh?QkxY>a!)3@Y)-$rA4`{{LuUoa6UfvWbXy$m>bZErw5MiI*2L6tO9gzCJNR;leZ
zqa$5)(P1J@?fn`yv`nlY8}duKrvbwis*Yd=i_vq&C+>;2xcGV#Bk(zJX2{6aWal(w
z#2j2Y&LC^Vz?RCL5dmpI`FFOJ@}6~6VY!H4*W1ROToP@X?#E^&g9Qn`sBl@p__I|;
zHkAW(H4T*Rc86v5tcev_j7Bf^rxP)D(iOS41zc=kV-tD~CD_I9P=65kIAzeObAbx2
zREDA*wv@g2uz0HQ8Evgxb<p>~_X}^OR%Gyc&-_OON;-vR!96|1T7~+|d;?Zom`!Eq
zl2Dz(F)?n@8xR=laB@N|Fq+s;Y^q0gdnPRLUt{Ghax9$4fo&In1pNa-@7`5<pprfY
zwc|dkirZ1zJedXBB%aLvreyKZ2Kwl+)?Kl2-xShhy?MsBCF14Vd;48UQ2Tz*dCb^B
z6Rs*sU8or8+AD5$S`8HS2&xp2%=0<4!x4=P<?l-t5@5oMR1QR+JvL{CP=5Ys<*F->
zq!hRw#77w@0^9-l@*1P2{TSY+VULSaNiUu`Z4bZ>icRF-2!0p<bsi^~yTrdTn@QNR
z4EavY|5&4XsIeL<%oYnpEv|(o*+SXrnS?kdv#cwa4-|l|ILKoP)J(f0M==6n?@m#`
zcZG%59^T0Du!cP+7z_n?{VBR8TS&P~PTk<ch?L!C85aO}^;LI_!^_SuU2l=XIuo3o
zkV~X?FMU|)kbCP&6OP%jrutFo{^+)_1Q2OB;mSpt3AnVAo>xK2<?O4~1MB7sqBl@m
zm56xGS1h9K#KgqN-GX!~<4z)GO(d{B0E;H{6sRZ}4hJ|Mf$yn&4F3CZ_$LJ((B>ZC
zGgLyVcOKJDW;PJ-S)#2X)P(3+`hm5zu?1(M9P@2@_cioXK7>v!n-Ry3p_5zV8}+sk
zD*Tcp(0u~fwe&Z;XV7fTC0`G`?YIti^l^=PHXnsaX7q_Wi4t<&om>Q!S&4io)GJvN
zpOI&9Sl~e$Ub@Wr?wKQ#lHt+{N5NnAahs@t%*Kzoq+96I-Dlp1TGB^YvL%-&VV4{s
zUZ1?ss2U&NC@rcI88eSHMk*%2{c;5B)3f6POah<O{v5=-Nm^63Zl|=P(H`Iw2ciPd
z?*7r31VP=az;Y-9RpG?8ANc@QIm^@yj0GUS{m(f%Xg5XG;0CI~`<DBto#o&r8RaF2
z%5N>(zv{98jY9oIi_1dP;YS02jzxA#J^<)o6#xEWAd37O4fp?#L=g*1lPt>*y*eps
zKZOf*Ru-_wCFu`UEFKhw#aRHpr$|{+(6g_r5yjt8IUuk4TQb@WsFzQ*eT|*W&UQ+i
z0%JCV_3W7j`Dlc+K19++N<On?#)71r1ew_yjWx_-)?Mobw-ma1$KsmE6#=rx$hZBm
z3p{_H&4b4o(lU@}$FRzS3|22Z23?_OJCIUkxOD#hU2p4%pN02^)<c*#*mDAj*7g$!
zj-JqF&jocWO&m1$+dksDV(lw!G<%Oe+?*Le=kS)+g=FRr44A2Sqw|7MXfrEiS0hf3
zusjMw#Nk9H?QKLW6}%j!C$#Z42eo{tUOl4-?IM_5!MnQ2olrF6b%vS3G0?l$>3fsT
z6zjxxjo4T5tAc#8Rs8x1rrijM=?stRO9*ZdX#eI4xwk59>Ir7gn<mV=PUWh`RQ%)^
z04#;?Uu7Qg6j#Wjt8ehD4g%U(<^nYM#qU1VF;qFunPb`#D*_ycN}Ptb!@WF0s8VMe
zOy4ksJM`HPUdBsz2-=t6F%SsJ+Ja=Nz|F5)j<H#rb|Ydg@!oy4J`7>O8~%pez!Xz;
zwR*2&VX5ycDzQPPkg2+PRj!H%lyG~Up;K!l)NZcku_!N0HW6^>W$xF;g$I}QV$SPS
z7a{Zr0l7G)kn?08dhV+H*{~uhX~|crWl9G+g1aWMg331(idJGJ*6p$7!Wu`|7xc_)
zM=Sr!qKG94j-pVxQ11JDHAa7FOs!3vNOtLxhK5)n;ekQTh@IE_29>LrzKV$|PaoR~
ze~s$5N$kTq!=L&>Qgtj@MCXj`yHfW~2FcA5y=|5Yv)auf7ioiun3J-r3>;bk^SI%w
zF9jl?t}I18Cd`|x81d|CF&gQ3NeRV4h?%6UTuiuDw~RkrAxV@Al5N*)daGl*%Y(=L
z5;k;Nguk*73C*`1quzd==5E|JCu6Qj@4M?AwMZDAutP|4j1^DZ4TKgFkygOX=m(g?
ziyOgc%XVpcpCo8Wd+2!hX(><|P^-1U*=34eND>bb4;v-xrwx+N+p({&FYSj6HZT`(
z@=5Nvvm3Q^spJyQ4nc@MG7b|a-lqdRJhQqqugX&r?{yx>+|5=4odx*4idcL-S6x9e
z4A{y$51KAPEtb)9koMd15~p~D%thZEYT*HXN+D!LC(H&mL{u_OqR9=9i?o|F{iLcM
zB07_T7GC~zCS#J=tQ_AK)8h0~O}Cv#+%D#Sm3;u~sMB7e&iI&Z8y1=>Oyh6;Q)3wA
zgg*{=0lb#WGhRy_|MmXl!!Nj28TdjZHV#6L?*NP}Xj0~fGUGWYMh)nVs8Yc3r?*as
z)>xWBHyO}`FIZwc(^N+1v$J-XTtJ^IEFYj>OVp#~!=qtTcs*@M9-IsT5C>4N)NU?A
zi)@u+AxUKyLECOxo~UYY!TMh9Wn-r4Eu&Lp!P`GKIRcbTAz_Qh1qwn|J$-r<0zVwo
zNMVmiPCn=uUTajw1snp<s~BnydBg0?Q@t|T_n8L@MZOE&>%sE)`W+0zf`KJ^G7=Lw
zP+n%DrZJ;cX>vIQenL?rHJun6iU&#FvE5~(8mBZ>IwAHo@GHlU8EKeO^y8@v3&kZ_
z*m?@J%9^!<K}gitXg$K+Cv?ddnP}G0UF*(<z5x}2F*i&x!3r>U<qNyu<KWn5`m1)x
z$p~yBCo%1<gNIwAaXR;>?|l7ClSV>dgb-}`8|-Cstmr(;t40#>T)_%YJ=}IuIfJx;
z9P2*~m3||&ls3oSE3b^*$}JR6WN*J~P}<U``%*g)(--jUg|xq6uDMhEfoIYHM}fvQ
zqsj`cFIS^p=@{#7)9!uYP^C+Yu_Wd;KQ(wj5N)?^s>K*{0MM||)TAbBH36V~^T^S8
z`yiwehKU3^hqYf&qF|?wY?W%@2h~urlMu;5_QmeLVeU%b!O?2F2^{QXm-z12zW5%Z
z*rbDRwm$?(V%q&`a^*|StPq`b;PhpAehzf>rGx?$P=?PPFIo(WjD9?Rw87*#IL3LW
za%Wd<%!=Zz?6HPz%WLV=z!QB?Fnsp`*Pf&{6AULp4KH3dE65I)sSi+IBhtz#$r0oK
zGW)=WnG|HoLo>K)t=&~#|8h2U#h?aVKTuf&gwuoMq@?+L1h?zo%EbV=4j?&=ZJN`4
zcRm%wP!6sf$mA_;(T(AaI5;P1I%l^!;`L|~1ZHwq8PrYzTiOL94ocs9ReW9BGl+Jq
z`=t~?@>R!%&99>4gDbQz36s*lj-x}=YhVeJe6P&_pYh=PQIG4a+kU}X_oY>oAqnOV
z=dnu|0}E4)j8Y;#*4a&<^a*DHF_G<$KErZ%QS^#<kiz^3uh4ucH~oTwn7^Lc2{Pj2
z3&v(>$IP;np8dpQsgDc9(%Gu@N&L9w;1I%!ZGG!>9j4K~`?_xYG-UNe%Y`YBoi~oT
zdUEY%%-91ACXrs(WHOaw@5hY?t3Cmheul<_OUGLbH}|Bksn~4DM+Yu%4#9ns1=5XA
z^3qcVR=$_;+NFxUOjX>AR>#NU69cR7@Om60S$b+`Lj5xr|J~L854PCN5=3o_YUZL@
z-RH^t(NoJkY`|rXB#{oG0dqc&@B{CGiGHt)Eb=0t+0Vb&t{HvN3zwQ#&<Gz8u{rRn
zh-4+p8Z!fY{-&kwgJQ5$UK)4~)0Ljd=)*gSKHoiin@TT}Y)AVF1=FgkNwi&fvXDv3
zeSnocGcHaDzpOs=R(3Wb;AJPE6OR>5_B`c|=Xs(GHj&l!Ud|WJ1MUEW{g&w>Np=Tz
zm@dv1ZgsGhV6Ot;3^$2jfzcv?6)#hUbFySx$t_gc2_sS)=OYTaNzKg9PPSDoK|-)u
zjc~(I)M{$r_TL{QP<!iDv;hFX>{2&tbf)S$UuaPImimPwpDwaay6r&k!LKX)m&9O-
zB@S+oh91{`?jVL`!|e>uztecKEq{A#l0DsGEI?y&CfT`U$#gj4Tb@Cu=x(&U)(oYX
z*+rLdsq{C_FH{4ld#z?h5|nC=EkST6a!_)epT6tCo75LpjMu`_fZlX8=O{FM=912m
zF@%tC!a-`QW_sQuuUM8}7`|g&O9*L@LsCXpt3N1%i^02J@&jkd%S+y8+yC6a;k~(B
zLV?^5K)O2V4Ji;=Y>h;u+l)$z%qw55y-x*tA4S4+>7Gj9A9*gZKxe+@3{xO0%WtP5
z6404h@;f?x+BdOdh1(Oiw@7mLNOKuffN~v^NKB3$>%phv8l%#f6!OD60T}$g&6)Yp
zR@G`Db*tuTKgN;H24BksJ79rf5$fyBy=0A3B3-)Epr3%7^@-QElZmT*#2)M(O0Z<w
zr&4Pg@WAAcRNiDereZ($vn2m_oczidRMc;Z##SIu*(tLTKxN4{)Hebe{Q2OHs1W5p
zC{>S9#p)0?$6r^A(8CDn8J=l~*7lK=YGOs-WW!(&=6dXAUanOhJLfj7CVK%^+h?$M
zZ?bx(V4PW6GORD`!B0ic?<e8fbR?okI%!Z?-N|W=E(!Cy1E9#13ziRzS!+-!)?7Yf
z^(kDMi8%GMbeq-ZrvF&Hg|L<3<7Dq4O8UHyHgh5l`}NbA|4a<;tF16`p*%G=#x_|A
ztxd;VO!zqYK~rHaTGAX^>|Sv!h5EV7FOmt&mOO>lUvgBS{G}5mm#`h9nKq)YvZIG6
z`(V+D=ca?ASANZ2Q2_gu&RdL^Em}Yg>J}bkh%Ah+;YNkz1U-gZ69>5|-j=a>4Xt<^
z*Y8E!X9vxwV{DA$r$@0mFdBB{v61nbvcE5$O;Y|V_|uq|8@j;1Z4f~~n4qU0U!)xV
zu9*C8M}qvc&p0;tcg5lPLxAE$`tJ(r@09VmH2xQk3-W>B9{bm2p8xQ-GX3Aa<o`md
z{jatNaFxHr!hiSXpD+Fw*yn%!nBU%ZgMa{ggvhI*&dz8X$%1EZ;86p@S+Oqco~5im
zG9C1xX+;4>7!bGww~kcluuWFWCK7lvz$NXU>0^BV2}f9^7W81(;HHM_d*9cSmNigO
zp~{8fBWppV-YlJ_W4sp}3b3q535w05-+$29KryvjKWa7?DC%gmb5(SgNq=$}ZqbPp
z%eJ-}%~PQ$TlEv;cEEkB`|pj0Zi~hXXFnpQYSF=?AiJ?$G-X}&MXH!({JBLV{8rIJ
z8PoXj{#Kb@I5+0%TnXyxt`H+_%;p!kmew9$+_}bM4z|93KV<`KT8HX*xO&kt+W5s)
zn@sx)b08Z_NJ|G;4O^wpu`v>VQshlM(HMbYV93g4fb2`fkG*UO9n~||;EjS!s>2RG
zgNF*7pHiZzD+Rrw@ZW5NYc&uHv8dI>glE3Yq{s<_n@N8y;*?|>E8JMuK3b9<VGS*+
zb@`<8{=x>DMEbj=6mKc*nPq-LpP9?CMzmc)*nCOEN9|yhXKW6_Yyy7V+}uFO_y%4o
zvKD?+QD^B?qX<e*sb1&sy+XhQ^<V)9qb}12*}NB$+gABZat}?4$RjN7IRpV|{B$Z(
zatLxt=7#ZKi%hRFr|dq6^7sx2H4f#WfLE#EcgpQiW?8YezYJv989+acAHc7tkK4@O
zh_j8Rtp<}lPHgN|8GJonss~2c&LN#LBXtMw#x8G5M5nsy^3y5cKZ7=q5e5E5z*Kpi
zZh34KD0-*2CgL2HNwNm`2$l_6oAn$#Yw?Hy=4O_>8P-BHe%>f}?ZmtIZEI<XlI6pD
z^OU}lM5?98Do~R1Kyk)8VT9|Z5~>5)`1M{e`7zVj{1%Fwmb{Pe0DqxLr4D5tBi?#6
zBZv5U&sg$0gFl)Tjds#1id2!aB5djqP|uvjZ94PNWF%+OBj=mIptvdZ>FtR}>J7@8
zYf(5;6LSz$E>ra(EVw@Wj9zcN`z13uGcJdRuGA!>O~_z@vYMyCHoBZR#}-76cy`5b
z&Xle$O4iqr{-#DW=E{QG=eWJfx&PJV+p-Qmxy>F8{C<e}n|EoOqPa%9ALKZsJ-Zo{
zRH_fY@Dc>X9eN`#57?k821DwkqrSF)l|x#Ggp}9ZBF{keDG}^PRHWEAVMV3F{#f>q
zX0fZQ3ga;GJ5K?6Yi`#+X7|W>dU4f-z0E)-fUW_^2zq)*qi75I@lT~OhP5Z?e1M1D
zdmrOyfP*O4!yqmyM&@s7clIL--8VYfB$wYUYf!dtdtsBPpo4(4r14>HAyh=R=n<PS
zuOiH9<7$d4j#4pOl^NaU2i9=b<#8MkMTt~MbISG$Lj}<XVp2vS`B<HtnVn3yVpy%&
zqGWzRk!f4G3`Z%;hZ;&NnF3XS)05p=2*Mq(eygWjf;Y1ok^Lb_k!7-ae}+mDc@jMU
z#(6<O!l1R{hvKIKdSRVW_Cw3C%G1Nrd`Y8I(%gEeEbSU-d2R%aT)y{ZM!6K`J67lz
z(GEN0EW&ZPe5h(;ddHvt5}D|@J2r1RKfOSnzdJrN2FeV-Y((e=U^Kg4Ra2Xsd17GO
zv?bcl=#2N4EF)m`bUKn{CiFtj+Rpf&mr`4ki+qG3YgUGU|1u@XR9ff>#Z>A#3j>VB
z8?^eM08Fr?8x7VyYwbit)Wd~@v<048Ft%p2V(L+|2bz_t@b)xp2iIx`XhC~Vq+;Q-
z0A23zKIYX-yajYJ9eHh{vF`nr*0CvWd>wsx=eu@?fdV%<UveH)3ZB7_uO$yYrG8@c
z64GlgL#D0&h&Pd3OA;K<0+la-J$sBV=I?5RVQNSQZ%RC88WM@druBQf0tDXifwFz*
zvtvYxrkpSJ$F{4{MyzS<s>Nnjr2>Zer08Yr+2<8S#-BiKhvy<9G{flYQgDw}cEt^`
z&{cnHy^u4;(-%#Z|9;_{GYIhm%ZhV}5q#*k?Bv!@tb>vsEehqt<$+wQ$mT}2>$WI<
z2QC(1*o<A!vy;G}St{&-ko#5S<zh&tPin#Am(VEW&#Wq5aTxgUp{l<|a4KqqUwe^H
zq~epGA~?t>;C;z)%<>vZ-lP<A-(_atb}&b~Q4@Ru`*)NLh?oPM?LVH|oR+p8-*qGW
z&ziA4D0z$yK{&-20<Kwwx`sw{M*-)_IZHbWH*@8z9-ne|3?jVUo=U?T?)HL%Pfen$
z*TAnpDd6ImGG}{+vh@cc*NBpmWJujaU=rJ>(E2Z0&2TX9Bz&QhJ6Qc_eL<@buasmC
z=205c*s$qRv~<V4QSoY=r*P<4K~|>mDmBM@6B}6f^jPjlxw+mOBffQzZ_;2+mb})0
z^0$&sVfhu^OwU3VR1{@e8Bs%m-Cm_c+^Zn1PA6Qu{KPt?3^K<fFNr}(>BN-_@B9+$
zx!g`K%!afUCtM}olS7#k8felG&an4$=FL~!7ZHZUIlp^YfG!3l)N@qv++jxt8bMO^
zuRNE<->tX16+eD)ZR5mfZ7WZu`BV^LcklEX5Ix;D(kt%4zdPU;hLTL0@+?Q7XM|Xg
zfp!(-)|Qn^^F$gkzYZmuU2t3Vp3WHKA&rKgesd`D3gb+U{#EwnN*pr@4B_0N1<{*p
zU(a1#HE>3o+{7V^j(l7F0CqMr6oTajNV50L!{pEgjl*~ESP~_4Uo<(khOd9d=!}66
zA?`B;v(37#<Etl9izI;vGDcn8J(r$x%v^2=%VRbQK+5~hg<>bhSh<hH06G4VY|Jn>
zKk}Pm0l4&LKv>^#Bm9Sb7YCi+`&`SNg&;85fA*$87C?H?r+iN;+ZdieK`MVMA_BsX
z1VAkIEQbzQ9vmo&uV;P9Sd9nX0ttor9hv-n6y5h=+$y=s8GDO&4()(_^M8Hee}+#>
ze!>9!@uyDGb71wiBK0wc3L>C`BJgihm|C5q_WJCnt=8p-LNrHBE71n{t1-@-LaHW8
z@SmaLzhM*D>n_*LkB{bVkHu^ImydVDkLrht0wGr%Fh>V(@B1$mUGHO$9?mWs?GMU%
zE*)_X7a#gLAGVL~r_3Lwj_x0m?>82mXfB`o(`;qH*ge1g3O##f8{v-{9?u}=pDF{A
z9d7^$oTR7IrQxT$<?nS+CbfWOivV!VOt({3+=sKH1*hbfkB<lD54v9z4*~W_%ZKNF
z!Sm}c3`-(_qj{`{c)DF)b{!1Xf%AlTs)%WQx_rEB9ah)r1|;pvlbfEJAAMpk+^U}V
z%%W0w9<LUkoXDD*8XtC+;g23gGG-sf>!_e_=94+EIgg$;V%1zvk{$3uwt8}oIquI{
zlkbua-THKUHkTHQU9<WbKRNGPFH6GtPd8sHyPYIWKaJ~i@DuG{CqIhbZY?hBhc9x*
zhP%04Q9X48|L<`C<SNG9T#i?gpAOv$e3$7?Pypwg;bphW=B7*Y?>7mtk2~tP3r~J=
zoyAXwtzL@{Zue`9>W^3UN3^&d!$;Ebp^wvU_v-ME7v{?=KEy}hIL+7M@I!T1s~1#{
zQ*PIC2IcMI>d9hHn@6*fkA=WvA9mi#W{Zh<LY*h(_Ty~4Lu-DzbGu;xjK_(Z9AYzF
zIo<BeiFfXb-A>YJHnZK%COLOp18*3gcX%KJ1OYK>{}rMe@x{=s0RmD(gO%Ia{W4nY
zoI9U_`DuIYXg1So4yE^Rx9uh4v1Nxk9~;qs$IJRx9AOQQoy{&!N00EV^$*!@*K4%o
zWo>sF4CHaw7t8F|TjNiJYX@{wC$#_%<oz+x-P_8VtHP(0hF8UIqe8A%RNnG<PvW?D
zIMeyZk7RC-%5IO)ZZTddLJov~P7U+|0x}$auiBaAZVUPHd1sdWCA_mNfGm_<`<Y*m
z4j}n7$n+i{c@z5;<|?nNWUQFzyVy!4R)zN;(Ns174#7=7V;31}+-l5TsaG?(tDYtm
zr<kTXsUdtN{SkJoikO9cic}E_=Lw74pgCZ|Ptcz^wd0wLa74aIJyYV%q?`dOx;Tfq
z!<hCStd_H|KUyJ1DW-6TAABRPYh3FzC?%odR|`iskX_UY8PDaHzN<`Btg5smx9D0(
z#z#d-KcFGqI+e~`ZOQ%a%Kjh*q<P(*#%`ORk|DHM+gq3X+&EnPL#XEOB$}>Pw>X=x
zzT8f70<y{{(~_?m0c*rhR&mL#021ri;HQVEac?|9l3BH>S&~wATq#ax?lJTJRN%>{
zj54%_dA8tmv${=>6`{DPiA6K>nu#kt$4>$T<jPjD`JE)nC&k%~pTBA6SInDKMK3l8
zu{M&7msfPTpW3Zm(3y2LcsKr7w<A;Raa9h9RCJ`2Vv;a*-*6NyM$D`_<DTFM|4x88
z<T}1<cj#;Y7~7l`RN@F5p#K_<IM+H0N=g6YjK()beABgwcj7BnHN>JJq(H(1Y)-%0
zeLwb>{H8hj7=iKvutXh>&z|srjqGVP9j^>n-dzuiD1ch<jd=6fw`J(Yt5vmIqUJN)
zrt75U+N<#^(_-$CyW>msJOOIt0-5qF?&r-~2UwOrOKJJzJ9L=Aa{19)ev8HxF$F(+
z9}HuIxsw?<Cxc)dhn~|)v=H)bHm=l|7*{}tk-%S2q3j2xys$)_)G&Xz1<i55xXp;5
zJb6cu$!ZL7acNG27<m;tc1@$pGnypz`~1(2$ic_2&m9pKdX>zJ#N;hjQMoLTEFVv@
z-pP21Zf7#y^6uA2B(f^@O!lg834}`Px5VlJ5SmUEi^UeN*wd>8`1iWt7v-rxldslS
zEr$<-Rx~RFpOTQsDp_HCIL2%xsBY(l?mIFcWJV=bRvr0i{U*8N{YkMq3*0}mkJ6h=
z(=Jf}385XC^qS6E2wQhD+>6ZMY~e>HpV{_ylB)P<vX5T8;d2jNmybEk8UeBCm^qc7
zkYo!^>JO|&CDOgKsIf$FOZhYV`FNyLn4q1fgLA7*R0_J@J`lAKf7b=i=`TIY5&I~*
zc5J|EnM?RKs>sSfsBd+YMmg1NsXx*Oo1I;eUT!nOSQzThLotlj33sWc`7ZX!<<_nF
z>}cmY;V4d?nVPZV$#v&>6KuNSRMTHxrvvsyVDszOSHIgXC$qaBPqu*XoNa&~evCRO
z*>(yE6*}@drkz=CxE|2YavNrUjeEDd{59w4oTyoP$7RLL=TN<AX!*|K=+J)YG1uY9
zi{#wg0Vu8hJWYNnzBvmH{c5!gJM_)CSUM`JC$H_vUCelTMc=i?3?Mvw^>*Rm-RKy1
zo{BX-kOefEG6fBa3n_#qBcgQH)n1hr5Rug}s+O~^E(G-R3k{xP2KM!<y*nc_g7Hd1
z&;dMMB1ppYjGdyzFF7$RomZOybKW*wZTbFWtkt{E04`_!V5&x`T;kIvh4Bc$9Z55+
zH_7-8qq&||mGRkA$p5m}-QD=TEaDKvWAl+KBr#S|vJ$#2|E?oSK2E&}gYt>Nxc3S*
zlS{`gI;Fx_ky56yM-m@tuA1aa8|3JbFj=4_D2#a^Rx9TYmo5g_#sH0+<RjEMO5boB
z=Z^#vhlr#lIR4@AVh}>Y1jq&LWpb=SP(4M_7h}mv*!Fz-w8@B^(3478P`JdS@@?UO
z79Pc<>9=%k4F>eZYvLYJnI+;+WlN^trL%S|B{88KQuXhVAc09Sg9D`wea9Q?=#UMW
zbdw^ONx~Arw=Y+_U7kV+dI>99gFU{_wJ72gui}gwNv}xHVy)r+m!WDRpg5BWoUu>y
zk3r4n9y5>QoUWn`PN(1O)tjG+$#;RXaA*GM+P>@V7!Xij8tx?EZN^_K0CvW+<wr?p
zgmwL=b)4@aLYY?{J<VrmZhg2V*GbDyk<Hg3Gmw@?tjX)RRo4%kH~sZH$?|~52`lMS
z<UJSv)v)yCoFGsvMZGAjcAS`3f0#LPF#igKcWj72K(iZQ!$z!QLLW2A<7Z+k6gW<(
zey}TTqDY3?$gv;PRvWIDJc2TE8w*!m?&`+hxwTGN7-~zP<!Ca3A{9`ggjkM$r6}&?
z?4L}q@F^XI)0#g=A+3Smt0<7b45?j*%XjRNuU_wGvnb1}$3~j;O__&T`{~E>k2tYD
zZKfqiX;qf#UKr@RuB75?=jiD<$i|h+q5K4-lDUZlqMFf0(0wrzM-?N+exC8~v==A9
z$U>N7uRkG5B=64mB4)d5a31UtXM5}76><?xLC>6IVc1QYMasq>+d$fj8|LF=;wvIr
z`eC8atB?z{Npgobbfzlh(`h=n4m1$4$MH2;ZhE9J*#?`5r6)>SL@(1)nk~P0T}b)f
zdFp_713h!kSGU(%RWZA)h>-=-GyX*`c6^zYjZKc3yc4kgvjzf;g(3e;x1NK+>CZq6
z`IhjH@D=EL0#x*j-UWka8OG<%XK!8*te#?ta^fwrdbQk<OUlc_a^q!1D6$-E)LLaY
zh;mVm&8y`C@1cl!iM*JOKK^WcJf3~4l*~GXaVjLe+){xqUF|+&a?)X>*VW+lXuA{#
zuVv9@i}c#<yq3l2{R!AY<qrV!?~_73OYQpnO27d3vY9u99UJH=Rht}vvzCQj?ZbXA
zBe<xiu%RE$iqvdwUv?nT=4}V;b7%QRgb$Hdrn10*<eH+5gd3u*)T}`@iP<h{<-MM#
z6bD*iykP#ZmLmdRCjMAg7AJOm5wZq6-l)3Q0vK{mrAj1I)~achz|?Y$gA!qd({geh
zKcj#P&M_um2|5IDR{LtCP7-(z*SUOte>iKY?TA|n-C!Ul5&15fS6VKF1A6j+A60rr
zH%3jF=fCCT?scbA%I5xlRNo!e{68$;y_3%d&Tvt*+%Jae9A*bjN8l7G=|$G_6Uz69
z6^|R?04D;i8{BnCXq&ticEbotsO+PG=`!Z9eyI(LL`fv&1UUL9$6&sVq>hZwHN1J6
zeCN4V<wtW_8FLu(Mw$ZkO04fuQeu><?eZms{3WXzp|wP27tNN!FAtVI@3>Q<C~}ug
zQ%4hPt?SY|jmj4lOH&_9))a8M4_!t)*l{)hO#_>E>cn_pr2a{BMMFk8h2C<^Y&Z)Q
z0b_Ekd88dRy8agNqC0>tLZGf{s!~6_rYqxPg{K>%TS9Ps=iM<j`_Fl4(_)NVs;{!p
z1cj=k%5z;X?l-{MQj9!7lG+GwR`G73;hpTCqi3X^2nT8#Fdg&e&ok*i)7=7DQk?in
z!=Dm{wtY{Ve29Tp+q1?C^ol>e2yj`R2#?&#^N;N+Dq+dBwVcLDrlMx!WBDzL25Fm;
z7G<+T$J;tRkJn<y!kcpQ7k;yU^p|?Sab{5!IPM8r?GC9loVtHQ_NUveKJ#ZAe7kB_
zsTmVF3wD%~39iCfS+B$<SWF@v5L)&y`1;a-*&J_j8$Is(0jdOpO7navzjeUTS1OuQ
zB~cSi^nH#9+Y;o}D~=g|;oID@bT$+lcYbjWreRU@XR5xuK0wtk7?fjX!ol`|)h&d(
zK&8Te3#T3K`-ll3(az7|C+h?vae|AFKW^?Q*v-ZB4@}WgV+8>#y}+vcCoku1z;kcv
zDyZM_>4nfx#P>pv3pqGP=5m%!|E%~Q^%!=08=j3AWf_k7g4wyM-=SGlIp|ic7Csc4
z*}p>0_8L;LHHG@!w(z)Gjd<Qup@EqTAaF9rQq@kz(qiPYF2U>)GQl51F8IrVfUj;^
zdEE+$N6E>i%>zwjZ@Eorn$&|L)Ktg0Qt2{+ttH~T<Pb4}U8rum`*okO&6`Z83x@>u
zJ`JbDoBI1C*Yy2eircjW(1vk_dvFNYOIg>;_afniiq7g!A#Mz52$kPD4|8-OCdeLc
z@^QQ?Q;DSmbfuQR*XW7?nZXhN$NcUN?`YVGBM~&^*-8WEqrh2-t}=V=+hnJbyRSYv
zI3Dm+)cem-*Q8`f8)3>T_sRHgf~MJa{5-hhlIC<9leMG}SzhVsyd{%n%SJr~^t4L}
zkFA0=0!U?dHv&{u%mk4_HOY361FzB(#)*kqRN~FjNxL@g-M~JbknhZ5ggBfjCOW2k
zvJb!-EcUmv@h8j|te12K*X<mMiqaN9+qKi@vSisFh@Ou5i;evEVgryXTM(bDsDS9)
zI)%Pm#QvR+{iABIVj;NXXUY%&aW5Rl2ne_Tp&#`3iWqPyCY1<4k#}(}G;4wGe_iQs
z{QSQ^W8l+&D+ECP<HCPyLcsxUCi)0M5xH)#2z8(m+CcjG{Q7^<Ndo@22G#EsU2qEe
z%kUd``)^f~-_Smx8Ig7Vh~Ab|l`(<SR$0r59L}+lw;$m4E6Oupt$g`CVSl%~G~SK(
zT*DRh+^tOH0#(G|OZ?c>es^U0;QpW8rnlMtstW*D+_iJ4PcnTd<?Xw)R%c_Ms{x<E
z`;74&5wj`+R|dDXSt)Rf#^05u-!{(FKnscNii62k4M%wX&cc<lrpB+Exe-2?pRCu8
zr9oe(T=J8@nL{@~!GDYM`w{%U8T>wH9qRS3^Qq+<Oig@*T0oVlR<d^{r{~b3DaI19
z|E^?EA4*(L|Jk<^4UkOk7flrlCh?p23N&(d=t+W$`I|*cWnzM0iTPiC<L@yr1hsOY
zXvod`BKuWFvLl+58#&-CIvKWJWN@h088CymOIP;#c32y5Sb?k!`%Ql*rClaHEkh4X
z2rXC#{3kga@+C<V{boJ2U4HHekG&kzSe_+7p*o48JAFj~gWE@(rn4AT>FGDA;!vXY
zwe}5wK+GnSL&@(+L88%_+DIg0RFOKRs7!pRK;(Z9Q^ZLYlN)o2icBUYt2q8nvEXzE
zYEN)#D{qqvM<sGehq8`@E<CqHGg)lsMjN?=C7+J|r!UVx)UZInF_gPtbQqqA(<Vd@
zK)`J!{s7o8%=bp%nD=HOW@UAeYF5VS8SCYn0+I7v3jkr2a-=m~Vb02K>9C^jses8r
z=xqDEu*qB=?iC=(EoqNGz(te&0mBqy)*I@C$M-dWil1jPdfh1ejA*LuW4vR--SYtq
zAj$v(i1Rlx_Sv$OD05-)ia2=yb49F9OW-Gl-egb<{Um)bh#ApA-*mH`fpJ?HPdAu{
zswwzAwE<|Ht4>aKdk#Wr)=9~>?}0N{jJ-Y2t*M^P=k+Xz_d5P(1q<Qa=ftKQX4325
z7+8&1qK9QSN`vFBX7p4g!wdZEX`RS@SM==yk?e?f;ip>Z!#fKIaagL9JEY57HT)e&
z*wpZ|d$X`V>gIyhJnMh_0_$&6t*Sp>sBa_#RxsEDoKI)X&s(-f5XCxF3AwtS@P&7y
z@T<b6@}coK7?|uAgHoLlI8*o^T(!TItYQ;ZslYNS`)iq<C?RCaAmKe=K76|*4_l<D
zLiUcPuIY>>E+!+AiC|we+_1;w;d6uwBllm!NXo))2N+%rgvh<Gv+X`Fzwi>$(tY(o
zH@KeMP#BHdVgyVAbRbU+n#?sZ5{M461Gd8)5g?~D%C>Ba%h>X~kkfL$TXg^ca+;;+
zq6U>dJgveZvf`dxf!*FvL;RgM5{x2V!k7m$s{k-vqx^H*xy%o_h*XKX6vD7A!GK!H
zFP8b~xZB+0u-nXie{%~cC<qhy(=u@PPxo#NHlQbzBxra**op-;E8o?oYZt)~VZ)^)
z{wmT#GqyyPVhlj|mr!gG+Lb55)QRd_*DJs1?uf}>Rk9!msO^;gMPYvFXhyUo++mR}
z6jd!N*-h@@l}WA%48z(Brm^7CB=}cn6ffgo#ip39K9~HUEEv$hFa8*^t~{vc)M3wI
zanJqwT|hcbj#brzCfi}p)K^*|b%b4EaVXX)oD2(E<h!r>P&$<PJ%XfZouy2zG~Rm_
z!gS0@2KhD!=Ivuqz~0vNdvBY)Z{~bbf4Y8pTwH$Q<h-qax>-JIgz(^c=d|Hg@c5k)
z^PE)(?afhy)q4P}P!k@OgddFWIV(8#c?`6QwWVo!KUH{z^-6rqq;c_7^*T%C+32A&
z=4y@E*PlYZeJ+D5ig*)wSj0v%lr=L3Rd~~>MR9d=qehaTZ$2+){nyi9d+|a>$~aLU
zYPpQ-=GECGc?{#ipfv_+>u0qOPB!kL$<^)cFiId&f{K%5RWDN}jRYg_0BNr}54^zQ
z{I9kwM*~i{9Z+(THE{Ask<$C$!g348e83(ZVluOu!!3!7tOQ^{7=PPGyq<;Ue8{GF
z5afFIrpJQ^Em+u!Jxt=}v>MYL>jg$ep*N?rI5n#vx}g|X6NX3gD0h=(t0y^~W_~FQ
z(fz9Xvxs^B3>!{=;vOBUZ-I0+f2?#7|CkZ1-o4yCgF5*%0kAC;wnjCVXx59&?FNPo
z>`sTGA}e<rT`u3fk>FWJl}~H%uL{YpAMZ2YvI9pH!h-iJm5AG4iHt;gaEEm3^l~tL
z87$DW2C@2i9Hl>FQkT%$Vq`8HT@^MrqrixRi5x#VW67WA$VEe2++WQ3D3G|%=$%`9
zI>9o0t!kh?m%?zV&e|k&!<G=KmMNaMS=IM7?;K(UzjXg-X*R7^GSa52R0MH{?8B*h
zUF3~iK9A1u7b|r<##rW+((i%O(=5(`79Grk%Pb67?q-AuwbzI(?m^W3rzm#uP(7g#
z$D!bmd$P|M)6PpzRSpF8uPJnA{`YyC46(Q*CCz0TlezEPMKE<YjF6it-$(>O@4^V&
zN4^~L0+(vcVSf+KKEraC{&GX;bK;s%6yxZjC7-?0%>lL<SL;y&kubuFZzD9oR6s3L
z1cU;@tGaZA%R|*(yfO{F@+b?4Wi=w;O-_3^QT+~6v<ZU;FTe`3r&*v?n!lRmK_-Ta
zy}S7f&&_<J_gzq5v*UZ)@(W}l89omdY|%v2K5lIsMx1gfnSMb~_3W|<qa&|9OR$yO
zKTtRtkT1Y$xq*LxOoP*41lq9x2pL+Sg!*it^Y_02jT?{^tv?QM>K9-h3-5rU;x9FH
z5Q~q0?4G{|5C}fpS^ijWe_aN6cNge5{w#C8e*^jB71Xc(Mh>9;^ApqJ%k?e{3;&l8
zP>R_9=NE19f>0d$nvI3w5T_D{mteT?nFeE~e^yEzF_sAuV3-&)U`m?T#e78Ts@$%F
zE*hL@68a<NfC2Uf#?L@(#)xRlF6uX`(X`PGW1rhNnB9I@2q1Up>e~$|BP0<;%NKE}
zWUcOAyzkSj;xkSRL{0=KVPXN}3}Y}P(*60K+B@~iFjyxdF9EDcIJvHS5+<dcEd5*$
z4^F>9EWv?Y*$<^cG(mEfu0szY8LT4aj7{#UcecTkiTOqgzJ%gVTH-{Zv}8Xi2Z>u2
z@jqZ(AhXjivznkO&EEj!=k(&I63Un}yTv6EOS{BW_AL3=re)Bn?PbD694g}4WU$dw
zLNPW6bu9nBFa5^(9lLqKteC1P5<L?EOHyaJ`U@>Kgxmsr_$o(Cfkl}G_)2jDgN=oQ
zOJBW%fe$RCn*KY#lEA__r_s+{fQd!<tXxQ_>>R?Csjx8&u{jZ;R|-ZyYx7Obq7Z7C
zcFektT@UQ41?+Ulh6kXeXOz!8on^Tt*<mO(i#*PRQ^|NCYvJf+@olgkRds6(=HO$a
zl0l^G=g!JOmW+IP;fz^819o27lHi{+<1GuI>?fB!{)YxDd_DMfk$vP2-4uTvb7g$R
zhbG0A?mkh4J(DYM?;&_V1=aOg1@$A8ut=y?<%>*IVFsy$cEwIZmhB8O)VU#uF$zgF
zZAr%@1rsNUSM30r2Jo4b_Ll`WUSj*Ok;V_m4}E1l>M$d?iU%G%v-wNm+LihxpWB3u
zxTD$;C>c#81c1>we_=9XT86J}x_az6J9Gm;nb5)~DwtF$5vx+aZ>1Ydsl1%FjSaLS
zNiJ{q+MPHa(g{u=*CCJ#<bfsw^NHPNRvi-0DW0i9l?&hRH06-SlJLHT*=u+wj8}={
zyVx3g=Fx4PAO>5yjQ^HXdM*K)$tQ$VRCUx<PFDkyiGmt*3VuflhC;YuDd1zM8En*9
zAmSDOIG4*^{bb5m8DbXM_Zgeu$;!K1`i1in!d>_=hwDB<we6r~fy2bjV<Q|@umH$7
z7HBncG7h>*Vc~ZL3{XKK`z8BxdN^gmVu2T(0OMG8Sq<kOOV{0RC{mn*B(^V@KYKj9
zbkae1HE6Lvw)*0Nq{&q-l!9qS_y@%|urGlnE<Eipp3mZ^0$o4FPw~mg$6sa|2?~`#
z@qU%BREBXHr>{>K6wNTnFiji#Sz^|>OTpsJrv<2*gcx{+RhI=Jqy?DU0R59vK?CqC
zJME1cBoFx!iBm6I1lycLizx0C#!Vv?>RJ*K>m=q7;f+=$w$4AXfA&B+-$@-o_#Q=s
zABW0<7PrcW=qtUbsj21-&tf@H?v+(1L>{Zb=~A|78`Q|>)AS+eZ0kSIAQWVs$+ZK(
z{-7mB=M#A6K^oF{gdK``s@RIKcBiM0J0Y~iZggS-(HTW1&HEK?bQTrVpmJWAN<x6@
zPq;PxPTyr|2M|1qSTX49y7<}TduF3VdKwwZ-;eI^Olyn_6XB65|9Asee(I0Lw0<dR
zAcpo>;u&DDFm)<PDsoUB#iigS<Yz<bU|J3bwY#df5L#%8C=Zy?|HqEHlKKG$9vVYg
zRFlNS?rK-sW~C^Z9;nqW;9iJrLmS|T`OPafbEdBW8a1d#b%>=RjN8y8d<qnTnzqG2
zt#)B^2+`I0BW`t^e}<O-DJE<kWlW7IOe8mc@XKD{=79jO8iKTRZiP<&8zh<keqPQ9
zAuGX!Zy7DrXsL|`AnUwKxWkd=d68uJJ+Yfb_47@Xtge9d9nm0T>Ls%&WOdFbO~KS-
z@bmM0S#&qK6E>80m%%!MjH*LgMVNe~(?KN5y?YbJw*u?CC?cwhuEiXahGqp&O!Nwm
ztYrR?(%H;8$^_?IT9uJIREhSf6Ug#Q#jRQLhHZ9e-<nIFM^1W7;LAXOn}Q}Eo!CdY
z6K~8++Gs8XpPr5hULWHGX%u0rv6^jpC2Sxo|Hr_cJ$tJ}){Z&=d=y<1`p!&h^~v%C
z6QCN)DGzu(m~)mK_B$HugGRUG+4rw%RP}a$tcNfn_+#Q0nAiy6;dM|#l)-tQl#9gq
zf8zHt5_v9(IclxiX<V`R*lw5nB(Yjc&&z+-oLrH~0^^3=|C|-%#k5W&S-GnX$oFU`
zxl)4?#m|s`izHalww$!(A#LfiDxtAhXoDXaFEprE%IHm*)>Ph=Eyza|Pzq=};{%O{
z(z)%0u-rdQY7lF5Eq-GrLrs6T+&VsxEB;)hg|)-9-v6QVeu@8f*(Y`_uNY7{QtX$O
zzc4P@*@*A3bk3hO2`$JM-02`o{3yg~wCg@ij92ir%d{|3_2p$W_1SGdsW)6_?i#QU
z<8R;2iD$#FX2SpTBwtBA`$zq?_a1beFHfx@HdOg;>8`~DcJG^x{Q-GuG+XEbg<m7n
z+v77i9{bc{5}>~r5zK9TJLN!W-g&A)q?!Xk{q?!4#Of~?uHjcg=jROHlGmCm@^ayB
z2$7Y5zOyd5pfqykc2}EprcONH;<oigqQM{#g*V=Hi($1<kV?)7pt!n!m*aCz=Wx2#
ztzT4}tT%$nS!rcU?pgrtWbD-Wz#b)cBeoRrI9emwI&n95G?5K%qtRq+7{Nq8!#r4u
z)BniS+2!L^C%ZPpt@_Dvx6Bomp-}~Cb9Ehj_X+d`;rEV2lARAY7FeB-WNDVld*^x3
z`y?JWTnA_Stekxhf_yn`55@_qlS)nhhrPFqi)-oL1!F)6K>`6n(4fHy?(R--cXw+X
z5(vS9yAvE5C%6T72u|bfPGgPTP0oAX_nh;e4>Nb>-uc~`Ti<$j@4dUK)~b4H$+O=2
z#@Kr{s{Tn&`6u*Q5;dT8D9&Nf{P;U)zw=yhcCk_1;22BDG)Nk&u9?L&{nxJ*b<t7Z
zR6eg|QYUO!(u*o~G6;}jiqT!px->aP02g}od#7Uiz!okFv1wqho4}>-<RS!7pMLUU
zQ9+h9=KM(&U5YYY9FKHI&P73{s#lAKX?v=rWI<7W#?pO*<IEFr6->x3!}QpMbqD_l
zC|6TeJT}erBvHnc_vsrO1vPz%@}paK_a^7IJc7YNeNE-V_nAFW8+PokF=C~6hI%FB
zhBd&Rc@ku|S@xWTq|V0I{hXomY@3>2zI-nJV=O=57x1ZV<{%?Df!ib-Hk(kt1p{O0
z6;9q@Jc_<B@SwAXoIe%Do=rzy2Vg1*uc8#sPm#-OKS`EyI*v(ZVrAwFMfe=dfb39e
zolEsm;Lt6@T>Yp|i}jy-4{lIZ8Yr&K^U9XCs`o|$;YRrwNcoI7S#O9=b}$O6p5FTM
zls-Y_PUZ6x@H3M)(><3KRl=;)pZfv3stss#CDmyJH8N&ui%9ZfM<JPKdI}3>eQw~@
zV0f-qHN)xjq_O4d8a7ewKtcAsndGP9^Vx1$gI!BP@Wp9AJzQB-YOeZc{QEXh5`*Dn
zTgR({PfH%RR|ptyjYt*NjcH#{(ja0s%gHrZ6}+c+<yE){had?wm9ih%TW%r44OIUC
zVY6$SuoM*eFoVQm^XP1S%<~F-)v=9W!`%g~L*`-ITSmm3@^VB&cQ!0rKR~a@3cwGW
zH%}5nRx;#v9fRJk%jr{AuA<E{Ds@I+D~?7(={~<P;<MAKlMS(&dZFFqMx`$ku|rid
zu{LuIcsrPf#Z2*kW*Pq}lmJG5^gj!aKYH{(0ObE4J@k_SQz)(k`P1&-b%i58J381H
zzcKdL%Fg`SPg$j-)l=rqz2@EWjXbupro8)H)VNs>x3qeB$?Bg#^V5pFrSD$MlQ}y?
zTn0!j1aDy20#!TETv4T`97}^GHiuveY3i}XWG5uS6o1lgT`72CES@O|!H{iR@R}-c
zLahe-^~3Xd$GQfK7R}@w*iMK}>>F4%a5w<c&O4Y7f$%LvrHlJ_c5vx^{Tntu+6`lY
z(K`JcvMp&L%1&sd<8j+sPOx4c+(@ykPovtQD|2fwCi85Qev*1qMgN#Ujf5#sy8@_2
zQTfG?knSHE@+gBni$y`&r)U{trKs;2CG{FH;QN#<Kuuk5hw^@*)|K;6k>gwQu1R+K
z?uBU-3yR8Nck&Rhx3X2*Kth>S?{?r~^Y))Nn8q8Z36nC21=Y#DdyU=K?{whQ(Bw3j
zg`+;Y3yS@iO_+*LSH<*6%t?uw_N)dBDZ}qnRFBvWp6A5vR^aLt#*q$T$6WA#sBFf~
zi+5cHoFyN^*#CX7oRbEDw<G4QLu@*uwP--*EckL*{$|nDBTlvh)<9~&tmHua>Vwf2
zQ(-2JGUJ)$6`dX!R4lM5ys%vpRlF%65~$6)JP}2=O4hGh^0Hu`oD6TQ_Zc3t@j8v>
zs0%IagT<B;bm3HsR;AGR!>`RtoP{jp;RL7#>No3+s%BMx76&lUb4wxMPd=ZQ!SZh<
zORewfVthA&nLQ4q&S~UKncnui(KY&^{+&O*lD*U<x5~F_a9bWDBkR|=p^3Uj#Y#7N
z+@{e-aU7cX+tRYHAsYG1ZfY&qdD<Dcv<Y2f>o;Gzh|(0k^2=e7Tgpo~DrM3YU>{RG
z--!^Vh{YE?Zu^QdWR|N}uSLonF?5sXI$;*765Q%8G@)}6PgpqISL1Tt=cKac{+2E0
zSZ87vIAX02>PqE3IgBE|cbugKYCgQd?vtwjqr&rhw-izh%2C^YhxKgZOL=txb?1z<
zLD(M)pe`h(PayAiYEKhig?UZ?Q|fJqlW{cnkfP0atwPRNG-Yb!ayc~lZGpt=q$F-@
z3xo9+9`T{m^SnA;tiupkDkhq9Hx5^etYH-veWzygsWO*2gQ2m4GHspFRIeG%VqjfP
znWkytk2lW%L$hR@RyX%pt`0v=?gMRT?&Cxbd(wThZk^{4F&bUVpUNI(K&jwrH-QKN
z`r@|V?4BmX4Ss~N(05?Uoo}@Z#2r$YS*t&WRYaVk&HN^0l71~kd28tJP#<_MX@BRm
zMwbfsl7+r&zb<i{irPs>pRV%pc=Qq13+X2GLm{)MIHi>i+=1szu0B|K+W8;eQn6c{
zcW&#+!IN7CMO}{@(;<9#u0$?FSHN+`$48YoQj{+~R2Ri33Meu;E4QW8&e#=7LQ|n9
z4rRTZD|MlV_9bTAERA{cxm`_L(hJ2TwC}b2I-_Lj8>?zJ+aE80su4_Y9};-ibsyat
z1A#T$Okf$jw`e%$oN;n+uZDm;AP6qK%8(wQynj}{{L?D(3HNz%^clWV`7_fH6Bm}I
zv~$<MJ(d2(btH2T$)tvYWy+KHEw)(Km;Ej-6SBLW`eX@4Mv4*hhH0g&4E??@b3!>V
zRlce_O!_U1zcLv1RjfqZ5^UUX-+=pWBd-{?Y`}poiYnsJpOcMx>)>kEL>^6f{Ee>7
zB0O5kC7PJKw(FLEv&yZA8>!LNenHv129GMsk%M%0@FRG79YGo#^$DXmPbV-c#yGaN
zm&Jy}?-s}ATNfSsTy$rzMrJnVe)cc<qNJR8CytOh@7KL&)X5{V3d_Gok`oxo{vC{~
zA!ZK|(pkWDjp^Z@s^{%rve5YRUF`dz6ER>I4RjO)cn>Px_X+mW%4|n4&kw;Gn}}ma
z7WVbqz7z}NQ8f1EN_bK`oQKAA^8U%4@*l$ung(*ikw|4jlF2(0YgcOXxLC52_=T4g
zbTL1(B037B5cZ5_Jw-#HCT5|{0Lk$DMw<13PAp9iHR6<3(y+u(BvyWz-uqu99>LO-
z%f?4hit<<+X&LeqVO)bIikuWyG{`AhI*?2!gh;76!i109Jk-Aggs;~Xcx^n5gLXaj
zT(t>GAlvo8C=CjICRmEecFHXNl&rPNI*M4pU;E*0gC1y)Na~aV5IdD0(QQQ54*K^W
ziPS5uu#Ol5iAooOP~&&ceFeMS^V9?6ag5K(Pfb&rxNW6*#;wBF9N!k92V_nTtajYh
zTg6GUU9lpGydN5tnkauUX{Fi@)OWy`8;wCp%xze=W0)<&M~@jXv&~!k^>aGx%@{(T
z{c4#${TDk{j1O()sBr&shYA6fV&sRS*2rIIBzIA=+O%cBRZf>E`94T7tFM<z2cN!<
zVh4lppT`Kt2^y6iBF|dQt;=zJi9H^lgnz1RQiPr*s?Iyys3-qoCy!>i#-4IfuQ@5G
zVJydMD_-b3{Oso;P<jKKH6oZtw#1iexmDTbnMJwuP?FKXwB?I+g|Is-3<q9ur+7k!
zVpsmeFB{*YyBJr4W3p)|r=&_Kp&sRY{q+h4*jl5}FL>0YV&+Qe6ipb0^F9oxl36F2
zk(3wbI*D?L`1jMkWD)EBm}5G3ZPx|qCx(FEUPWVP=JGTR>D75wsn2^~3)*|@NVZ28
zjp^WpT<EJMjlPp>)I`~ae%fT3nWe-5{{YXys}TEg1g{y&(8UySoHNseG`as58``Vg
zpaX;kXSy^t6Y#c8o9!4UYDDsn$+1OLpk&g6tvvSvu$B7{0y`Kv|9S8|wE3rIvj;GQ
zzj~`rgT@ni(rk+ldo3g;un#BAwU)i!dr5kWnjqGo)zTJ^AHDrfu%Aa|bt=ejzPikS
zwH~Pea&X8Dt%>4=4!p+Dh&D;%v8<w)lSx`yLeC!4;|{CZe%~PIl<es&mfz?+v!9+4
zp-<T!We^`=X|hqcpgz1%MzM%ho|gI})~n|&c7pqCXHXq2ogQV*=z%7J@49=eWrDtS
z8tU^4Q+2i%Ma$1GjLa(H*qSx8bCn(0@q*2TCTV0!(vpOXnPyaeA)3wU$R{j3AD)SV
z6?p~>>0s1l(V>@qDLQb5?<Yh0C7<Yj?!R)=7$Zsw8G@aJPXOX*Y_LOlWor1NMiC%r
zk?3WkkIO2#+vv0y-S2UU>!C9~2)5f30?6=x`=`*JKXdSV22`eIde<({IH<#IKA_TI
z#WF8<IlDLC9qz1gF?fMGiFBS{;da(kg;(<wd&4Uur}47qE5Hu?nD#zEyCB3>(L0Ed
z2F=|N2#44Z=rEqyas9b~KykQVD90^7Uuj&Z_@<|x!b5CfmfWNBS)d&uCo)KIulVt(
z$tyLP=PuDAdUiOwKW6RNit<aAG!U;T<Ovc@ke7AJC_x;r3e}yhJ=z8uSng%NY<=}-
zyi;3!qG-#-7xZ@W*2VYZx#-wWQslT@)e=b0_|x;xAr*Ht+oEAiS%HFb@D!G65-w5x
z<Lg|g&;z`UEIR_C_g5SK3csdQR-nGVoJ|Gi8!<QQhgTaSdgmI}%-dGQ`7$TkvC0oJ
ze1jutj5UKDe0usZNgf?XEWld?h)<RT>V|P8Boy?30j8!~BXWGCmv=?z=@jGjM(+X`
z@UA2NiMht%E$5LxeXa|qb1{gKYogh{mK%8bhz_7N{OwQvb2;F*2D|{z^gLQ84q*Mn
z+-D##L}HKE_3`h50l&-5|9j1?0s^v^TGI%FI4KSk>Eii&$7ijJ^MnCzqkr10{y%x@
zupyoGjO(b$6wMmhlQ~HZ9EcKSeBkR_0r>hn+le2tO-rua01)jePMUf|tcLj8VmxZ^
zlF~a$u&1I(AQsuaE!kz0YtQ{)3J!A>#k7huR1kMzpQ-`|%r)@8;51TzF;9~z;3tsx
zsj-?OW+IUVm_`%ET7gmvsSjTFuB)F>qN!gfwDasqEY8O~r65@C;^YehD<%UZ>iYX;
z45k4C*Ze^_Oa}3xGy6upV{6gVCk_wqdMGCG;2;0DhsTDqKl_#36>ESr;j7oQ`0xPv
zH~uRpQl4j^(X$^@;*9o<iCrt~gqC^m<(e-$RS=^2yHKz#z|R&jzgqx&sYk#5=}VfE
zt_F)Fy>!RFgNpQA>%mo5@?MZy<+^+LrjCQ&ZyDy%5WGJ2HbCG4?*0_;UyM)iZRxJ;
z5|wA5hRT~~VckDb_ORL~*>!O@{Tx}hyx4)%AP{faIgr-zsFvWr^o3{u&aRCRJY9_4
zey(%a?)OK!TEH-nT7Y@z^()99+o*PlKEt(a(D7hqdI&+mgIJdtDAu~v_fI9769!#n
z=QWFdNQa)g6JF}Tb2Tnr^T)<`p0>FXK0g~oN)x}NdWiA)6!2%Z!=ESbr4b^+8Y|Oh
zz;`qM^v=1yRs%AvJe{5ZwVMb3`Oa~?bBi8PAok@LBo0g!^FK%SLAjj&B$NMh8GX1o
z4y3yMO}8H|%2WJvUjr`kr~W_v(50`DWTCG0k)Jin6T3o5qd%WI(sJ&g$4;*U3D+Zm
z?qgNo+}>;TU%7h4)GtXOqW~-a-?sshcdKopZ{J#dFAcPDMli2lF9@2q05V{Lw}gR;
z#wOs@Z>Cm`UL{;98^qzZ%_*%ZkoD~hDU)|&`s~hyCmDjMjM6DiroTEer3(tf+{$Dd
zLV*ljkK+`pKPq9!M`nBnnGxF4Wn|GM^eY;05&oLy-aE&Kv{}trp=@9maLW)#g<5_%
z2l6QiQ2ueu{)8(rU2BI0oApGe?&lz^$vQCWWdagVfQs@Hw=4hR+(O`FOEa2#bYaOp
zo$@X#q7MV`q^FZtG!pecrM0A(|L|2g@gpX_5Kxz1kGndwzMsr2AO8=2F@HxlNiFQk
za}6gZnMw2EkE==VMSfl%+5K~lxSbZ<cZ+57#>|*C0K%*IMVuN$T<itG^u1REMr=Xz
z<3N1un}Ni3eHL@Ec9EZaOH+1b9MPefLq=pzS(De<O_E;%>G&x$p1DQ7@s0fyH=aOs
z4kVvPc@bgejOx+>Run?x93R*su2|u*+^EymY@*u$2C$c{DX6Ekx434m;t>AZY|Dxz
z)aSw^ZxO*5HCHstWXwrCvGscSm@_52OS4LIp>Gjf01^v(|4ntyt+MKE?l1##elh#{
zl<gOjv)?Wxoh%s?dGV;q*pfI&=#O%rw(rskWlY4Vtb7}C*V#(r7vZj01i|>pD#etT
z?IOz%xQpzGjd*D6M^&kwQN_Q`4VlPVrlW8L;}1%S4M9bPUQ4}N=8Mv^eg9;=lI|BA
zWCFhHi^7)L!f0aQ#DS1q;y>300!}&Jt850`z~7Yw^}GD7oe*iFH(C$w7Z)H+qR#uM
z_u+jL{O^cF-o6cE!24c+UBKqfr0QsFlZ5M-MWUk6_?-C{<Lh^$=$d%)=!m(lqXl0I
zCPuhZE>FJkT0?L8rggc}+<Ph)&KE3;n?TazW|O?>r~p&KMN!kjd0*|6%Xz<hgF>-%
zU*Zq(y~VdJtX#Pt3wdTtvix)fYdg^9H`I(Te+`T#C3aB5r;bfnWYMzqhA?&k4yHX=
zA5|zhBIlKxbCT?&Q9fruZp|&o(8);@!D>>oYB?zlzL;KGId4W5t5wo^^urT;Px<@d
zDsFj*-c{z8zG?GVc?0K_nNh7gifA=!yV(N!>H<cnGnGM&1sQV8o9a=8<csJTQwxd7
z@_YkGu-4lWFs!E|wl879v6zE5=F1NwR8rM==!ONR*P35@>tXR1UzLVX<(F}}UoGlC
z>EtP@Ma-#v@cMNK>LibqR@E6Ow2ZZwJXmYXSg@i+l<pnRBL7*@%&a_tz@qCa>0PT9
zi|SHm<=i>$SvDEV)dcNPZ&xx-;yPcpk$b*DPpy$UeqmU!z?SUSO}bdl>DPDptsZe;
zM`&6<kXJA9Oq7AxKp5TYlS^0_S9U^iG6@AX<#x7E+7^Y8+=mFw+ige2tH>)?CU!qX
z->%{8gtMWP8-2dp9M!>r3Mm@lZK~32tl+!0FDb)C6hSm8P6y23d2zax1bp0NnNk}x
zbBDn`WsAx%1)QX}A=V4rwDJ(UD_LzvF#HI7(}Z<i*TQ6~#AfajmRaX?k0ledz5IBn
zq8%aIqE#m(rCLyLeT5Z5`T`Y!-da!rJl|ze&%_v*k;xgXCqRXihv)X{+nFosh!|`I
zDKBtg?wvNO?fs8Q?`52;WrKCR0|#}48s}LKhh=G``gydW#r^d)hr*)|y)H#Wa{*;z
zXkI@VcSH4rI|4~zj}B8%`EGtm9|nBog>8{kIy=r4i28CVioXhSS(-tp1Cz^R47!`<
zswnWqnFJwQ5Vkb$?r(Hl+TGPVv!yCVJBiTLKI0UORF*tYblvyUDm!XNt?T>R@3ON~
zay}Jjf{PK*wFb9s0$wCU_t4~Jqrbx9lss5l+CZD@9%R$BXPx!X=$HNKATzYP9)`jh
zl+4;XOQquc-Nq0Dici~4-tn5|eM?r2NJ$}a>i%|c{7hlGX00EaRuOl~c@DJ>7_MR&
zMFs!a0ZOa1@plwi#O0g$u09qVQ#&NZhG1cxZnKoo*4Jei|L8KI_ocw1=kam?Ve`l)
zFKLf1XdZGpvsYW^ThGM=`<i~eL=3`B+s>z23qhQ!Sxm%n@i})M<6x0c6&5PewPEX4
z0;cvAWP33K)3Va=>d23{*s9jEbZS)D8S!S#DsSo#wW1h^@2~Oqv9F#M6l=;(_r2co
zj3!c62~<pJ%B$KlN>Jk9#+&;=DN+o=-7Q~8$`5Sxh3gGH2$622U9m$b@e)^U9KX^?
zZW~OJ;nXThNxdDzteJ?~$E&l;g`2l|zIk}=Fv_%S7<H&7P>ZUc_YU^ScoMfYFz}TG
z^l@fKss-umwAqUdi}pz{e(u^J#DsCb<up?vSpi5FlX@PXU<&A@i46w!SSnQ1-qEnB
znTDs1OlwGGG}y`1bfCKll7#DJH|kHJl6eeC-O9w*-h7M-7fW^U=0k&n#_sUIlUU@q
z!!wO~s_+<h@&LMtnH@sDy#3{deWr(n;7oCZ_oN_oqZO`c(um~>GG9;%^qK}MdU>6P
zh=>huu8rx12L4v@o#5CHX;LLI2DOMcr&(DTu;y%Umx6hzsNRa(P2Ow~BkIiLXfZ};
z!^-8Z#wL<nFDf>*Y2E}RSX!STo?)vhzTPh$j{^tIY)gUmx#`=3^DlaLg>RA1uvehc
zM+s|Olja3gne_~pb{eisf0F?P;tdQG7<7SS#094)r&KL}5?5;IN7iCus{HUI;ah_A
z1m#nFTNv@tREWY<0(g(g!%{_|ckFyZ=wuL2tZ7M4d_bt)pqeo+{pgTeUDq&=IzbI_
zH1B9vjEi0UwKCP*hpY6@T%o~DWNHxpE1gnfaIQ!pJyue01NwU9ho&i>TI=Dyp2c)x
z$VV~jNjZ^gC>HrT7miYaR4)la%CX6zIc-R1Z!X<%v4b8vyZ`JnP5d|e21zB0wL}=?
zrB2UZlg?CThu0rGsUwq!vpx<kQx)a|cM$ihc&PC4y;G|t=hG@0NKu)k-Z>mKKQj@t
zF`UQCM7;71X_NMAibU(tRr#?Xe?84(m?LAE*W+weiyFkc$1F@(HsDV3=G6z{pa*FD
z%-$CP4fUTF-@(u*|4&@wPbB)QNCJ=Rdp3eVQ@QY5RQQ{C=0hgCJo#UjV&K9jMgi#K
z{vtNtSFcE-ww?l4Vh}S?)l8aReG7aODg03SAw&9a^9Woq_T73Kr*8X<gjkex1mTfu
zP0{eg*SGkUPm;&XUruaH4)&oO+n_#g7Z}k@zyrTTMrPxDTG_dYjN<QGWWf9SuU+Af
zQ8Vo~C}%AHrP_~vAzZ(hn*4T=dT1r!Yj@s8J!hi0fnij?;{KPuh2tPdnD{=Kaz6AR
z=*rzAR|g*}y%#@ue~(*-96aPSsBwIC!&;aP$QCkq61SMeG}u5nkJZp(HC{_8`jOwk
zUPrC@{CJ9HOi0i8&W(YvWAV_ey9_8U6J#?p<#(=RY&Oo>Q7UF?;_7Pfy%uSHxrwPU
z=xN17WQHAj%j$C3LLsVhvh9vtGvj>X$jF#CeQhcXK0r`FrB&!y(ub@Ga{T?fJN0$a
zg8g5I_|yCHp*XJ4^5bKRbENNQBN=1)Di)QT8w^{tgUrr_M|IVXh4Y83mgf+M1Maz*
zU%CnTN)$3?S&ON~sHPLIdb_&2D@T1dPkpUb3b+)Dzok#w!;O@6P1{+QP^dm@s?*5f
ztQuEjL7PZ4FOa*53bBY1Vl8C_Q()X4Xtg^TL@dmG=Vv<k;i3=yo}Ze0Ry94ERyZ`k
z{B=>~>5GjZ+ZZ-`{%TJ2*Rm_xjCczlT37c#JGgi+;MCzzI>EQGP?K&76O-y!;qG34
z>y*n7u!S+Ova&KWGjnpz?Az>%iS1gc)39!ASZu?=L&PixEsQNF8I)1dEj{vPR-_j-
z22%q}ao0*?hSo>?atb6*3~R+zl2a{}qQOj0Hcx}Cl_drqHI7?Wt_sx$-nAJSdxB(a
ztB<AV3MImZw)@nWBEC1aWs>{s;t`~4L|`C~e0`mGnlY=Cu8FNDZq$lch*?NpOj;>4
zXfqnWGc~RsD^NW`gnBJ#3KG;w)xk-YF2(BECvhkx<s%LeVu|_oynMdN;N9HNAWS2}
z7ghUsk^l1D_#J<=u!x1DwR5Uhaa9RtyHVAGO_FY+$kRb3ItF<o_{#m9u6K#dyL?;}
zmLhpJ+ZsKd*Z9hVeG7>AxuZc8$={nVQ0sV6q~>$qbM3F+i1*AC(+N2EU|nE<3%`C9
z%7DJ+!E^HI_k!`vw=EwhuE|v{TC<FAs^|KF44JPCUj-=p1Q_w$oRsv{PpG?Hg|SLh
zR@f6eGG^Cpaw)6)s53%|KBFj8=flJcDjI~8VWy|2y{)9maLs8!$MIC#3b}^~xgh*)
zTUy{C^nyn6=3spb4NWXgHcX`r5wZ83OD#xRoEZ%tH_D)8yPDpd!8w;UC|j^mqK<|j
z<DUlvI|*eZw2mr${B)^A6BK<4K-yub<JFsLWwOZ2h_m)gBkRclj3?>lzXdLD7SM6R
zBy|lb4<UxFl#*c9UYV23Z^!C2r*N5)SrWcsT+2@Vah8}Lq+%pIDyxh}D;5for=T}x
zUiyWcIWT&W7-pqZjVR-@PQ1})=z`ZyrlQ@@myXueD&WvvU*o_YOYgD=+3gX5BOJeX
zTn^yB_LD&$EPXi@9h5P_;wKBv*)=!|o^OYr@Yz5oY`EW(9a32vwbRat!&fc%wymRO
z8AcI_lSo>ZAeLRA;w0i1pf#Sy2-2{2vfC+`DW=Xpk;=<~XDhdo^=AKqpygXAD#Rju
zK*Fh1Badh7c*Hgtx52sNOJv!YuTK=B;`5zTHd1+GT|3qpTzPVWuc%ZB&GTb%n}{k%
z7$ZYG5G^N1iGE?KCNtBR{vzzl#D)s(_KmkowMuW2sjGhr`fre5W1jc7#d?8*YA-^+
z+9u5TEgjanL`j0^OR(Y`l%za@%XzX#?&IjGK8LY*&wSmUG!yCeSNRX-_(qIXF*g-S
z{oQ4$RK3OK=t5DpTTG#;s)G6C0+U>hCoZddQ|dT+y&DR|w%TTsb|2i-6CyBDolPrp
zBrL%8lkScIP-e*iohY{~exp5=Njiyzp6_8^uIaK_A1#BjGgAt3&bQY95`E_nb)dd_
z%(JQ;|LjIt!|9OlwOPWF1@hF$DDA-2ADXLsQRnFm900To36pZ{cL421#NhL;eTKc?
z+dtVM(xwO+5W^3DNr90E{lNkEl&*E?-7ZZFB_gPDT|dc!xzKzA?iOv2ibA9s7)=b}
z?Q>)ugD(kE;trH#2co95R~XZc>A_*bNwG!zle)58jMZ1F#3#%w=(CMxJwt!nz8W2Q
zZ;phRa0uSQwz9$pCI`!98#^<3ds+B&a|sK^7F8S1--#Wx1LFP0S)~*SEj@|M*;y2%
z-<0q7PJP}zR(K_~_PiDR@zdFmbaAFPV!Q{}){MvCuNss!`f8Vc(Bx=r5$jhi<I1S0
z*dtyOLGrGEg!CXx2w!GPBTkvjq->(GzHa|F+5xgBSUT736SGB3oQ{J9umtx{`H-C-
znivNywAR&*{c)+J7Bc6tH!VV=>)u|kms2neCi-+%NbMx$RNHd$ra7j8u;|;W97tEk
z_YZEGpQ{=;gFRAbMF#?8W%kfVjsG=NDKYNK6g@dHwYaHOMj{(aOKU6Z0F>X}2C;os
z<qD_0i|v66sloLAhote{9Qie0t+b=^d3J8{CSa^pL5`0hIgqtpD`0Dzay{^qI%v1@
zqv}d?3Eq|_<LJifjmqrUST4wcyBG5utS%(=VQ`jP5$Tt~hnjAq?%{arz`3=&R2W%K
z45K3dRnuw$<ziYr&_=O=3~AIy%`?2}prll%oEB38Ipxlp=X*E`KgK|^ES@n*M3UxW
z+qFzBh7^Xm)7@l<19GLKVA>P1)-6Y0TzuhNCT5EaEsOqK)uJWYX0Wh9T9v9<y+;~Z
zDR$=Jc^QGQlT}s|0&3Z*Lfw{Z{UlZ9SjHqCKY@%GU74z*>y)QiR~}TSl9i-FdHt&(
zs7bEA=wstYLR_QDg`O(Z-oA}nB`4C+qPb_XT!MkOI_Ijy4ocX@X2MSwKVE+RE5r#z
z-|f((F`?)&pi(FfBPYB%Y&08(l57<<(X#SP40)MZM|4gfHs&j*xab&(1UWh>H0iyY
zE&6CHJ0v|QgVvNoIWhpv6T45v#=x-fUEWkqsOi>l^rSIQX;#&ep&Gc|k)YJpu1{&)
zLeL6ahv1yr%Q*!p#-tP(VS+58iq&fJLs&tn*8@!`QmQY`UnNfF=32OGkdgC8M@LWM
zNh$ssT4}}#wbNK1zJ9Wgsxr)j21zm-Pw+m?@_Op6m+=~!?#Z9wb|hTNqApXyX7_Qn
z&bXg3h@<+v^0{vSw>+Ug5BeTxRt{I(9wQ(bgTM|E#IpBt)VMAqeKj*oKZ>)CL=unN
zYc*~Wm43TW^<eec7){;&`mmQBtXC$g#A-nfPK>x;vbllSjX7v9uLwWb`aU+0ifbQj
zmp<sa>D}M3!~5Sl>Fi6BZeW{UeZf_Uu|Wo1#i-oTx3Itt_!-kmaq+$3od;LzLeZNb
zag%h<5J#tbPo2trD&)ygic8hqP%@XW5lxHniFH_PQ`H(1U#ZN=xqPUih&lu@N^BRL
zx0#ICTkr1D9+A*ne9_>jXu(z<f41_ZlfQ{fKmTLwm}MUMxg^Zh+bf_h+Mne~3ZTk6
zJBMpx79Sq>sn7(^;2i9FgAZ<dXuvksh}C@ZJQw_GmOS(ERK}KlR{QkQC?4@Bug}wa
z`RA|7V{Q`J3-)ye;zXi^@;1j?Cnl8ArA`9oI8az8#nCLy8%}GM#rHb=2N6-&{j`xi
z(ybsbIjRl?6?F;8?(oJSjp7BRF%Gb0W9_p(FRMtOO@E?<(S0R~pr#55V4p|yP&&gJ
z-*gxUJyEr=J}f0AwAx}G-TZX${;wb!faL#gVgE;u-ede<{VQK(4f9!RY*avjXLU33
zS%xYLn6_Ep8zQE5t{2+Y)Qru{YDaJqXbDQAu1nq^KQjLES5>?${m#V1&0Q|fy-N-|
znrSQwS)?o-yZDXC@0y9*iwGA#LR%@B^qZ6k3t1aXtSQih$iZ7BynT;e{Ow@#QkbxB
za2M)T)(>oi3+})@r~4z-S*VX12><#!B2oBx6Kh*zv;2x0)-hJc^46KT@yoKA$-SNa
z)d|#2Yv)1F;wqcrv&q>(#6;J8M%KDtW3x|~q!U}MJPPc^$?<uO){|wrDlk*)b1dJT
z?z<?lP<v2l<i1RFtw;pt>oxIYB{6gJ8dH(_*y`-Cia=uLh7Y2=YbN9y)L5ts%Nw1E
zD4lW@hUIdE@S`RvTbY?u$6kXCjrOrQD=|*I;S%#yb(WsPqhvs~V&X^v66Hzh`nJ(1
z2jP`5MZ;W&@5|9q%=Fjt)qN2J&guribA?F@lJ#9Xm&MMiM`o}yXutF;!UPfx*BfJ=
z9pyZar!3L839M~a)k&pN<>1sq+Pd;G^hdUTI}{QLPMUO!;_f%A?YMBcKdJu>=Zu^l
z;M|0Ylw(z&9ZzDWMs%(~-h@W<wJp@dQV0Xd;zM#<PLDQK6{O^5PSRYir3kZ*SxdFx
zdcVsohmp04^i<O_3{{49+aj2BqL(A~ySQTURxk=@9(W>KWN_xPDCH~&rqm@14i$L7
zV?1>=G*(Wcx~_yJ<pVzBU-&2Ea|`Rfe&x(=Vfdh=$P&pi;rwEXxpU_YhhoXj`Rp0f
zTDacjqiPFG#TmU~YCff2r&FbS<8C^oq&XkY+^qh@Vr8fGC+!phEOMJnY8Y907K|^x
zA=_r{xGKiY9&7HD{2F;V!KC)e((>{W?5-qzao(V<5MnndEE;<}#`*0R#y(r}ez1n6
zNRzTW;-?yfzn;9&-Wll7<YnwaIuxYGyG*7Af>VSFAPTM7z2DhfdaRJ8_foWlC7Hm^
ztftgM8`ZJNTpZHT*~X}Gxlu=7__GxXo}N(>Qx8xQ6_gJw_F0^M8$;Pn!8%ormfrhl
z8?<gGqgXVWDkywAhhui|93C}eT1^5sD`HreK~d|oMSPKpfce3l`T7aaIe4v|;vbm~
zK3))svi_7%fBcrJg9?c-ll-*SU^Pv@i6ewh85t%v=i6lt)Ja8{=PI?p<iGlxLdZf>
zpKNzt7)-8ZlJhM~MC)u1u;lF+o_vI^QJw$n7@8;3hV+?m)%f;)*NCn(z4Aeb<&-Ck
zzndAgGF<tUP_M(M#9y%z_jZVV@!d)M{@zT0g<=<c8;eZ&3x^kov0DTJk!>O-(Tjt#
z#1|jeIcCQ&*{bG|7LFv2I3-KIIxw>1rfNrH0*__G0OGSp2Bv;bO4-{36%m2KxxLP$
zFpAo13QL_52j#;(&!wCvuGD`sV0;)m9QX#-t!ZG&nv~l_Jm{d%jE+AHPuJ1VJVY%j
z{v4#;$}CA+HPJQq8*a3&G2B+E-36xHqNSqchx^y>csW#$?S_cHejQQd%J*@T3B{!+
zV?O_2p392w4Urb0oKATWE4id%46cvnsqslQ>(Ae5+bcGB(Mtr#2`-mjwZgOGB5`?3
z%`4k6BdhTEVU}0JgO_Wh<mH(tu8TZUwNfXWZe|c%bU)QR{ks&+LlViH!y6mHT5|nG
zn~$wtx@+IQ^gGIy7%cCCBE2Zid;EnQBr=viv>jYW(lV7)M2;;7Y)^A@z533Q$_vek
z3v>LXv)PCJE{<FDGAOEYE=7>c0rQW1ni-}%z3;RPKgda^rDtgFu`o}+GdMif;wMu3
z-5<78Oo_YaSOom1H2wmmP2>2}y^Wi^UnF;jvgNqs!yA6ZBE3w1HpX3d+Mj++<cEuV
z=J`UPcC}_k+kw)BS?J8EPrA1dyX0%W7~uWL%yG|L)V8>IVL{ILHnogE%Aj7g3&+Ay
zV*Pe<-JMzsk>&XWCi5dMl)rcWw#4m~;Q5U=%l*iq;IHt-c+FJxh^9%!!`5Gvnu;ct
zKKc&RH<QU|X`+bI@H<hLWT!ERY*jqE&g20Bvcm;a&)97d(b5y*5%Rewpu<A~<Hd|?
zItUE%rR~4Av6Ff|-h^0KHC=z7NIOg8lb?QvagyXYXjgU6MD-4A9;}?9?cpMV&guL4
z>3ejL$yo!tl4`%Td4*F*M%j-&Wx~NBUk>@!<!E%z5TTOC!Ol!C$g!aFOy9#6iyBz#
z2g`$-b%>mp{my>$0|TL|78<$`<((%wS;7yjABKu~%JGo-WTn!Nu^$TMcT*N#r~($Y
zMv=ebrbmH(vO+u;$HgDEQV43=@OK^0tV9vX$ncCG2crB{KOcek{Hi962J4OuHq~t>
zMDwtqu~)b!U%%;J)T6zBCrp?@`Zskzd+gWj(R-&UuuzpzG7w**%?uTKnlX;%^(l(~
z|F&uHzXu-t53*AJ@4o^AaN<90xBu&m%2iw@>aJtechT;mMkdbC?=y4t>TWy>u6}7+
zI-Z9&N$L=LSV+2$&#hc#Mfvej|8}g03B>O7CKk5tlNj3rv9{i(*WtQb{aIv{s_R{t
zuGVa>@*2Dk%jq`3dGrYVKe}c^2_rJuXSIL_yif#bYSTMPyun+3`D+`kL1!vn`7?Wk
zol|BJ`J&!anOlAd9O-=~DVBMSSDWDD+5O&O+l#^Alnw&e#&>mDB3PLr6q~Q5`tpT9
zixzbGfK9bUi>3e3qX@x&YnB6eBw(u1geZ7R$oAk@T=EqsvV|=P>}aJ6MVJtt&zr9<
z0gmuMTVp`Z0Pq*Q_F3St3Gl8CBlL2;Idi%$QHOu@>E(aazZB1_EO+sw=Ei?$uLD5R
z031!!LHn@9YU$Bgy?k5%K*GCknmXnTvo<oJsJl(>w_%bx5U!D(L}uLGeVkYkV_WOo
z)HUjh6ia&P;1dhl@(&WEed^*D(%ZCK#KI_{?vp4!6eEGJmB-FNj)DjI)OqLSoNX4(
zl>8gaH5)o|>BB+?@k`KxVBQ<g)wY#ISuMB2j+HCr$g!5@WUT&~&O@7!UegNB+cAtP
zsoPnuMV3-;yOqAQVXWcBJE3)G_q?q$`RN&wC2?Y7`N}|SfloHZLhIQ^RlnR|FjJ71
z)Ac1s;{9UoY#y(i=^lMr(U0Bq#C^83W_esVpScFl+lU$Oe7Eb!>4?3%*1FxrTSZlJ
zksrp#H+<fbCoT3DE~l+sV^#Edn-}@yo^?QE7|)=N_5H1|Lv-NuU1CWgl}63+Y(U|#
z@!ewaTpA|{=cXxSM^Dp+uEpi<d{AnNH}YC16&8Rf@zQ4TIg30AP#MCr5R89-=EhD}
ztTP#~I&cw!3S*o2JbenO>JP8rM&R@I>G<M3DVti`obX!v`dt6Mb+~>gfG+zfB~OxS
zxbEd01{dr|FDI?R03bYh_MgMlqC8YTpR<Y-13DWzGJ@k}D+pG>N#E{qQ)%JS1V76}
z6>2|&l!y~u6e@K&VOb6ye=i{8xO(d(t18p%R|R+m3Yp?ORKD(-<d&kd%+x2CSbI(e
z@%6}w$uJvwnHO5jyjtir-^duVC@zpNu&rigF3-SvIug)2Ixa7>&$s2wDZ9MPy_Z%Q
zF%p2G+R{jCQgiR^WPZ$ZdRqIE-)M@rw#B<&d&u*CzHoY7#K-t*6=TXaP#xwME63a5
zy;_5f>vMLvuvftAkcH|~LZI4;)b1CX)V#4We7!j|AUAYR74K8$c=Ii>9My*2$8!UA
zrh7+=b*QZ~=h*dyDs3QSeI2)@U>}^B0Ze}^jI8`Rq&4fBt@x^1kaca9-n*Wfs`~gk
z^z_stiLp5oiH9!h5j{Mr@a{&77A7Kr_Z4KKl(1(W(3~PUT^?t}4f2hB4<%)h5khI8
zTCv<nmk%xL<^<DgqdP*+5>}hW_ZA`FcvBcU&s0n9=Q|h)e7sEV#)J2+?sjfH%+-Y7
zCHoj0Hy~s_KQ=!cA;%{UU#coyUzSJawpYf49(pY5c$K<|;XiL(5_LRo(1o7N6kw?G
za`<fa>Qcqn36A@SoDbW&grzeK#;1Cgcquy1%u9uM6lKxF2OVGm!Fd0%(A7<B`T3`D
zG>imTO)l7MnV-+>sgWfcBACn#k(a9`i9~7p=o{oONNx;JwU2p^Se%p^Vxk{Qs9=14
zfoy~um4XCvn9(0e<}&K*|7hgAHPnL^l(vB#y}r!KEi$A%#zjwXtHgw{8ZSavk<60j
z=^~rs>F#mTu`&g2!BpAWsPMw|?IBH_-IbzZ?wx;e+c{iH+A@LEA$;3cH*3<GdfQxk
zJ$TbS$QAC5J$AxvBP9G(SqK&~wQzm2$$a4vUvf}qr)xwem5!Yg($w5?w|dfjBIaGE
z0QXjS#KeIvGM*_=*6xJfEJQNJ8avwO_682p1<MJLGg@mC@>eQ4pgKUiuq)CUesS``
znJPk*II5jOVs-^o;RqE;vLXfimB{}Fg*|Le`$FgT6)OiA3HDscd*i(oHQ`zl=6k4X
z6@JQQbVyvL2u;zN>!D{uT8@RhDzPrI30f7eK|{ATV1-#Ot3|vhw4V0TnAXGwlT&Gz
z(Pnk1K&}!KDAMZe23wVn-Tv%y9Vk3Ju#8<<&@d;Z{b6}CZfJV`#n#6)kjF;K$@P5a
zI?S~78v6uUz42z8Ua6$8x9%k&^WjVA*oXT@$D291@HHi^gUsN#8VaL6yp$WHnW%7H
zQklzLUAE@iyNE{rHHwQFgwiYDOcZ;hDkO(^%aaqd(D?vR^>)Q<@A(LJKWydIqenge
zv2i<eXQIw0u3^2D(CgZ_s;Cr?t8v=*laA5uT3R*M-^82lE$MIvvvPa8n_D;Wl>svF
z<?VP<e)hFgo7)!<CcER5Y7nmxUmLD>!+p*T$9%|>TKXwZ*lFZi?xRD-FGgKDP{sRp
zdcNfQ6VRQ(<JOk+0o~bXnG+TpA%dbUu{W=^t}_<;j@7SA8l{DdNY0z8FNf22O`QfS
zuNi3`I=BM=<jLchMO$x2<;A(kB^KSXDoet)kpOI$mU1CJ`cU55R4e>jRZmljM?ZZK
z{<GM*(7=ce#nGbe&+OpOI{fF1=F`5+s%Q5nb6>oh9U~p(JGp4kzUW1|^$(JSeL}c8
zLZmRYrNCh@|8bTgt7IVEqB-VmCZaO<1Lf8~*B#`qX2B*pCMw?MmOm|KJydL}4;7ey
zO=P-c@q%h&&7hfzuz*N)oo+ME))kdVP5bJEP|k?t4t8eA5rj!uyvbWsy&F%^59iMm
z6kB68kgoBnR|l%PZulJf&8xB-uSX2MXFpu!VD7f5<#NAIyRML+AY)^e_@2kqCO_hH
ziUJ{L3st)P(WYT}kxlM<_X9uK7T3nQeBCbl!_kQX`sRC&lL(QsIRwSYrIB`z6W`|)
zF!}K~->vrcQu;YJQrm_IxjFd}1UKy7H2Q<UTLiZF`#WGe*{DNxvEg<vR}W|;g)M#c
z)*<kcpAb*8vv1<K*I}iKqOgDRi2pB#0WNGWab0)?h^8e7%fU9$(+w&h4;@0Hs3eVa
z-~AHy%t(!X!K})(vRm*ANJI5-<jvbOH8t#5)&9bz$r#GvLX8>@mB=ZBm+t$C_4Sp+
zZXTkd45-RELKV7&oXp=T19`1ps@RUN-NK!2u5)|ZUCfG{eGS1i=%RMH@>FkOAZ~yx
z*8~7Ne3FY!!i9j*2*SmB(#bmZPAkG!=mcs&65nF&4>OZJ|HH=1+YK_e8ehr#v8F|Y
z@F*7{PrCzHru$AdwimmD&SrG;H=zgH=*mJ4_%OBBTd1^$O;?MfDheyL`BYF@0{+R|
zmXLy`??^xk%q2SBCEK=2JPVbP^cdBRD~M8xwdE)kn?8v5(zd|W94c^R^uZ&q*ZQ=1
zLe=}9a#-`)>yvg6)BHU8WIqd>tuy+r7{VQry%1mN&{FpyMQXAD!0Pu`-#~yX1O#op
z-S;|LJ*#04B7+@)F<@@a@N7v_<6~@(9}&I$_ksn4U>sN6S`sb*hcF;?nf5<w{ofmT
z@xKmw2STKP!^i)ecobk%kngXCef|UKgMGgH0Ay+dEz=K2pbuj{<ipmDm8mkMuuqZO
zzvJ?5*3It)4yR08?hixmZ@O<9kbxhfy=ys3=W&IC*=vr6K&+8lPepToN6I+d`gr?5
zckkys01C6=rhAWzbX2rguU;8CIq!dGPj_p)Oa8|#s~>MjZu`fYFQ?uDzx$xmc{NZi
zh$@(g`X=!qJm;Zx%+rq`e3O0%t9fWE2l0Qt54hu%{e=|tG0E6NyxBvmy(atDfB${&
z+%3A-&mJfcV)?rrcn9(789l@m{cbKT!h{Tr4<S9jTZ8WZe(nFC26<qp*yj(qFwlAs
zleq^a0HD+~fI1`1Md|+d*a6rYzezJWJm~48M??gG_828aBK`5@F<=TJ8T+R7$EQGq
z2LUo!1Ck+t#?KAdlX{p*u>bgS1y~(Lb8+ha`1BCW#=tn(0~~FD_Q~~sg;&na_ZDwI
zB{>Wq*9;$Y59`LZJVcT$NjUpx=XlkGp$ahSZU?FRu-u)^Lop+V3zAK|T!>KB9Db<C
zHtRO1xti7dv@|VCey?o!(B(TWv^+as+VoDI)O)1?8<Z4nHyhSQ@;^pp9%WcXvwP=S
zY)yBjr`b=eS;NhQ*L8Jkt3B^j4tVv-R{Pjw9s&wpLbI`oHUYgHAxEuTjh@e~nkCEB
zlZMdi-7$5H^kV6$wKS4z3)A>YcOIWchh;?t^}~iuNS~@03VB^h<N5SmTAiDYD8f$s
zJ(((i|M}jjV7GWcSBgalo#4(ry&G&Njq7rGZ3C~dQJU|)n_|z#sxwh*hQhw#QSx4j
z-~=)fr*vaH@Zx^TA33#a?`Z~#L-gA&k9Q5gzb3gxB}^Q8F@f1PL_XmTYCdzivf|9*
zkmqCd;d_JT>b;*YeR6j#Rtm>A<!^OGGbBv-V&na6z#l@QxdG|xy<M^W0TQ_V%&XJv
zy01Ny5S)cdO|c#?vGjE0)6;8|bZu5$hT-&u`pfOlUe5Q_tJ^o_a`X$>NW&Z9!H3UJ
zV~P84-F)uVkG+mBecxX#sWSSX8e95Y%yClJTP&8Zn`S0l_xE#J2V;7<W)j1l=GokR
z=XC{-ASfU37q=X5wcjEkgs1RWc0Z{Get`pr!`*Cmd3NGO(Fn4An88M=6t~OO$yfGt
z&4+8ru+SDXOV*>C;~NDQxes|ty*Tb4k*aKXJ)0dI7OxKp6Ley!4LI!-(#jBAy=4ZT
zo$q6qBekK*f){!JHRn_{Lw$U_*He2jP?x*N+q1QbN4H*fP{G~&8zUoKYgpW6zxPaG
zNHM~|xOUzv^&S7{)0*)KI0X7Rm;02%VM0Y!{OmwmoTmQI(ZwM<ZGMqY(}zNSY-si@
zdE?G;Hnf12kGm>0>nrLdhvUNc>2D&nH&q(m^ETg4JU)ga_d_)}^>5#<XuCgfWAza(
z>Noi!k%<~^tCN6@MCfzMaK$e|*sNCPt$+N~S)k);mWt}wY5xX0B;7Mt2wpXuerM}T
z7^7B8<7f#uocC(wJj?2O!ts<(CbhiAG{KTk*k)5@O$-EGF4Zkf*S$%md4GJ9G<UZ&
zRIu$<-k&yHLeMg&C=g;`bfkZmcxgLHS-}*Ng}O2}<G=3aMq})w8I)eEqa^fRVE;W+
zLfRBzf{<;PujoGY9nNUh$<j#30Sg^*0iIQW*aD#fWi(@yJ{8+``Fl1pA<l@tg7dS=
z>mozCJDq`<vGqz$u%DQ+2xhJW<8`!i3){m~61Q<->+q7x{e%{1=_Tp;SkZ%Z(FU2{
zaa`97btt_%>5xhl!f!g)N-v<u`$na9ba%b-l39X_k(hOB>_by&NqR|95bx`(Q!aOb
zyFIf2!coUslJ2nJ?axEXs_SahJlkBL{ky`%Y*LC(Am_7_kq`-YN7e?~KbF!45vQZ&
zvV`XA{KYG=us%NLs@nVPM$Oin&l9<wjdIe*okJw)!K9!|0l86QZXpU4-B-Sb{k<2y
zFvp=1lG^(Tfm8dW`@3j^>&h#+&djToiu(#{;inzg0pe8T!8?{)$A)LhpnLFBm?c%X
zO=Sx5Zeh|PjkX{RZdZv_v!)$`!2RUD7rN4IVB@pVrCrGp#G9gabI{ttcIUQ=QEpY@
z_h#<a{%qv%e&G`Aq67cB#QT=tig}9N)6*N!lkPM6wUdHm`rsPV{1-H7Elys;LDbzo
zH|@c^jet#{v60+hJv<bFI$-oy``B!>!PQ)-hfkAhg{#b-a!VuR42SbF<1YO?c&}<L
zBM_ycUXGX-AE#iq-vU}FK@;}5`Kz#z3a&&m%oz3X{zr~z<Qpvs-Px<Ykag&1?>krH
zPD<%qTn;<NIxo?<RIL#vAEy>7p>Hn~_r^4-shnO(t}APfv(V}oW!zPH0IJyXCc7fv
z6g<XqOP?`Udl*>%Q`C6l0v?b7e&Kw_MX0CfVtIz_u<zJ2peT|FCd^1v4xnB4*zvsE
zzKL9e8F~%cV+n}oB01Q)HNO`hqIa%#SI*(#zKv}RyV|NUb)O%XTc<-)yhEZM8XQ59
zpb=L7z=JS>{E;I_Q86*JB)23uDS^A`y(t%GB#%Tn*fP(BoN@NkzZSiYTb15li}d8A
z8T7Bv3Zgy<o_J-fBvD!Ax1*j&2_F{F<uU|???{uX+ryZ&%Vr7<;biYXZ)=ubeppV{
zQRb)(Me{knQjr)?jfOQ>A~8&qflgpuo;d_u$#?as1CGeOp{O%gjy2KLh)&Q}VZ2G%
zUb*<DYYJ#{bcoj>N(e<fc4tK}(QE7BUx_IiZkOwc)Q73&i`o)dsP2oMhu*IWl;FlI
z-yLYzQ=yMLbu15abqiruqGkQ`6bbPjyVu#GlST>NVkjNnmxJ5hQM7EBW=DU{)YEFb
zA~s}lT-tt@wS0Y<;*?q4+sXdqIFd$=;ATd(CN0+kLGfy0s14QpNZ{qkS~_*CmUqb$
z67wq?>j&L55K0*^+H5;PAo);^MPV&6_N<9?C}J&fe7QYfLM2r#ZEQYX4pmAvLrGe2
zy$FfJYKR8T!B)VXDi<SPxw5uMh``jAw*L(3xeEzyd@{-4z+RU-Apl2cB+ft8{|o_&
zypU_50!}SdJNq>;oM%6}8~X#K>Hn`85xy^9zo(mP@n|C73_JksmNGSc;}=0cOU1J>
z2&(df!S|JTF;uFXVmD<{#}7-91Y_u8YBry@b`T7pE|uEt``vukq5+rX*YA;#1n~}}
z!$9gfcXl@GX;&HVVMm!Qu+zG|jgY~tmzrU`b8~NQE}I%}mXpsZB$C7!e?@3t+ii`O
zn!`vjw975y=OZM)-eHq<a_aR8yuvqfPVcx=iYN}wxrJ1rO7L;w7*XpqpFGa2^7?!f
z-qH|K5a7<gE$%QY${wq_&wN8v&yP)n!QL~tprcd#faO-&ION_!;^&|iLw-?;)K$6O
zk{>HSd6}xNb=<9q)ZK1XX`Vd$sEroMwL5Am>0aqPx@KZ4J9SnlOAQ3rUsH&N$);l_
zHf(Bc`>l$kN)riZMHRf=S*%&J)h7-en4%pij5rn0sO9&GkXp^I8MXQsHnfS{gy~SZ
zyrq5r!h+LBN%q$-Vb<X^o)liuHi@FL7Tp8g*NWn9iLpH4G&fm;o5r=V+!y*9JZmaO
zAcrgSR!2f%@`@@LIeL)Av`YGQMxow3@{&*bR__hP;yEkpUG2g+h6kqI`#|28Hgxy5
z9kD!P)Gp~LHb$R6v7vdPIp4zOVlQ};v9FSuQN1}&65UBVg05ixEXvVsmV{}gDLf1-
zE!fJQnwraaBles(L|kMX?=$5ZZPl(7KUcvn1+9%1d5;f8&ws$t`&p5tmkRS<_ss8Q
zW1Ll$SRA=kJDg|W)h;XPR4JPnNawX8oE>Hag`4(-nyg8+RXwaSfzRw2qq!C_U&~+&
zAc)DO%~4FPOW*&5R2oF{dQBoaQpnc{j^ntvkJ6vSP+YpRrK)&kdN(PdhQCa)-EJUo
z%CRzv<sKI%Z%EP9Q|>7UR<6Awitm!J&4B=Jp$9-c&ls-he9YFw=VsS;0)?`i1r#3o
zPywc<6t`gGI#Wj7DP5E(qZb=Da8yNnrp^=o&Wc}iFT+)QwAb259f)yUH$|4-(ZkjW
zAc~Hdg~-=N_UD*ylIG&S*V_r|vX*nwe$11ZVvk4P5~E6~t$tshNd!AG(h)_oi1(hq
z+?^^_Hd-DOA(S>Fk#RirRcrQMrN2@T1*XlZeco1T<o2#Usk+}V22Za%J-X}mL4LFA
zd^{UpR$wZ`)v1XP_-!NAj2}hGeYFd5{BJuwy*=z+s^awd_WQPKiRZ;ySg+4#nKC`*
z#HyB{pI5~?>h+(Vw!8G83Fx^WvjZz__ikO~HTAJ_t;CV=q=cnk@4t^#18rQ{@LF(r
z*gwgIYBs(THvdz$Qc-x!t0lIuF4IK4_Loq~*Dn^8x0dRMpA%O)f0*S{h|ZsL+_jUI
z-7i!$khj}i`t8JW@voM1_jy=`7uwGDsQ0_fI&)Rmte0#nYkk*+h2A;zm3^m)UzPUR
zGDsKZUD*WxzxH$X$bNq?@nv>ZQ0Sj?-GArLyW(FhI=RkRR#@d>dr22K^xupBJ#%Wx
zL}2TF*VmlQ_P3stvYtFDX7;M6>g&QaZ#GW*6;>Sa*DJm`b>U{tJ*<i=UEO{iE!<xk
zGF5oTyZgH*K5X5$DZ&5qxdkuIb>Ekt7yf?sj|X?Y$Jc+Z-SmETr(I6Y7ybHqSJO8X
z#j-1J+2r!~Uhf5K{WDwnzfDgS$~h5XX}M_Iompa;rQxf-%UTDf-JE#s;-;|h<*6DT
z%Ilv5A5=25*|a_*`{~B2zb#d}KYu=ca`v3L<-Qto?y|nDHhpq2sQK4R-Hk_O_J1*z
z*cno{RrQsd;_Fjv6Q@_s*|_FJtIGNm16i9}QTrzBnK=c#f5@ey6gVP3OO4~pSKep4
zIBN5o&nWz^`8UI^U--AI-LkrmXGD|cw|9rQFPnb3zvR{v6<_<Zb8mjVxps83`<a?$
z304c5`NKSSZF_a9=ZkCxdw<*%{;gL|`h=D=mOcE{93!Q^cWRn7q{ms_Uhr>4O-RS(
zxr;;>rLB5-{{HIApZe!Z-txN`|L4)E>a*6*3}^h>D;<C5<?E~E4H9ndn-Z0huiyTc
z1<Ilf8j{egq-fS{w_>&Ax4AKff~{u*&EsU|#7*s-fBN);y|?8a_!j-Y!&%vW^saq;
zP7cpI-~`oVn~G1eihXstQSnmC*RQ<2|7ap80Wt(cL0fvxBChgRmim0E`mD<?Fb~*2
z<6ohD{eJlN>NEGBA8MC<?E3#(uX6emSux;X=BMq&_vimVzW(HEhx@!Iot@4e{GOi#
o?u7q%-#pa2(qs%6a7#=7m#_P&TG-jLUKJFop00i_>zopr0Fapoo&W#<

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/readme_screenshots/fullscreen-domainmanage.png b/docs/wiki/images/readme_screenshots/fullscreen-domainmanage.png
new file mode 100644
index 0000000000000000000000000000000000000000..998bf9e4f8dc977c0b55cb1c363bcca39eaadb2d
GIT binary patch
literal 61219
zcmdSBXH=70*EXsmpdv)J3J5~P#+HsWX+cCqq$*8XA|N2W6Iv1#0Tn5V^d{0v2#OF|
zh;)=r=vAbK7D_@O^~-*@`+N5Do%836aekbWF%rgF;a*v5-fPY^uWQbEzcx11;XWaF
z;?SW(+`9K}KRk4Z9dYQ;k)2~l{_0VYy~g@;*zcjvtwZI#=kct@QD-d!twV=C$8pi@
z*jer4-uEp14jtlY`RjeS!>i~Ct5d-L&Le*lFDHMfov-5|Z#x%He`!xg{|gGzveGK<
z@^HgLhc-Xx-qtb=0<UKtzj?-So+(A3{%F{_)pi<S{Di%U?e@_-w@<6f4i3FV5AFQ;
zfR6uTHz>FJgdXz@_#EXl?2<uGf&x)d5v4E6E~8*;&~%B>C*QHTUa3~e_2q^dmEMpY
z26c9FcFtZN9}jL+mp5sb4-|gMlh^kPDEji$tz)bY)uemCkKy0HKK`rmSI;Uxp3Pr2
zmG9*5wlV!8>>1Bh+>3v%D1qbw`kS6u$^IVU7Acx|ST#kTEAsCVZxzAcfo^gpxHSE4
z9~+h#<Xm}tT}t48e(~0^9LgQaAz}RjcJ1FkYKr}TeG<qC=WRePXuR%M;VcihhS8@P
z2h@Pm=rh{5KaygCowe>woxlRn*SktB|9d&EgYUQ+L&)I=*<p;fJ-Q}AlR=G(GGfje
zaVFETiUhIlIM{L(x=_a;T}d@;(|*aU<m`V-Ob~~dW8T5=o&Mvx_tX7~cQTlrRck^w
z<HGjF%ecb!s|}Q;Nw0>3kqmTUqr4lf%;lX|+sn96sk%Putel&1&VS2d=sjKYkuv;O
zN`I3UokHRk5)@HiXk%z!<ami4a_hg>*Ql)?_JT&?eiP!dp7&Y?qhz-)l+Y{|2izH~
z;f4J&mtT93p8p;chA@LXeI3OfoLs5-$g{dZ@Wc2LEsC8Vt|{+a{Jq&_w5^ukDDr-R
zkcBV3!N-0b06dRPg)(_H3oEuBFzAz<*LhMJ`roJ__M=1bknw~u%Ou;doR1Y17j{Df
z>yQkBQm`^T;?g>?Q1pNA6=V55y)l7ZRMERjw~o-L9Pv!b0hBOMYOM@}0wAM-b$1Qw
zhFr!zYndn;0h!+pvvKYb)Ko9-4}Z^HmJaixP`4Ymi@PUG7flR+L7Na;_lZ=Ch&$s>
z+7#nQL4<F2=l%8YEt_B0BBz>;4x-VD&mIL|(+PTqpZw0+lD{|GFkwO2;VR}2-s}CE
z6$mUG7N%C^HQJz+t3(p2LeA!e?gn~F)sOgXmks5Gl13V(!Qpj#C%4w7L#Ni56en^P
zidpYCmBG%MM*fMxsOIK|S-=;W;8m;1CED6D_dL&KJR7&*+j-vZ!6@Ah!p>>Q?Unt&
z?T9yxRH{bZRz&)Oq7vV9LIJ?_{r}d8BJL<AH35%nzY_<Oll?Z@m1|PUFQ`-sMta1o
z)^YTOqMzak!-WQg-^{09lzt^jOm?GQtbJ>rZmB2noTL3J0$^<pW;$N`K#-Z$Au^SQ
zq(^o5@P(r<`x7~__4n#p&qIBe1^CQgCshXzjbg)~b6}9B?H_z8d4MOB8HKqkP7-pG
z#n_<D=|um}4<Jkm4)W{it1jo4{Nlk|--N%c^bnG=RJ0jPyBV?dBYgfNL{YJ535z?M
zo{kXq-*zA$IophsL&XFy=I1ogVRcaV;d1zf`LH;&*s==RqDr5r#xIPNW>TLyd9qFT
zui`55%kPJm_l=Ot21^jQSWEzjUeJ@V-TN!9aXj@il{^IpZaf(&`y<<m@-3KgM3c@K
zZi{@~g*ceo(V%O?@8;kYc@0ID3-yv90S{K{)?{cG%S4mbl1?+~ZbykqYE&$dCx4v)
z;t5kU(G5-?U3|4IW%GJ=q<Woq7>cG;=%W#QpV5{;yNx4ieF^@8Z^2|YE{(R=$|=WX
zhcQ<<BVYS^_T_GOkaqL*M{EjYRCl8V0tKc$Xq^CplheAAF0ck!x25_0dIY-)e{X|G
zy3%rTLj#reK_{5M599eL=X)x@&h_utNBiRLcQsxBV_ujh=oU|y6tGLY`DZt-2=D|s
z2M@_&XTTd)3T3z)Eh*b@D@+z@9OaYQSdO$tZ$8K^E)TgBx11JOI@?{T8=XZ;-zysW
zXkFW0Cm2&t+*-wKB{&L^pSbs^lg2kqWZ<>gmX+*AQ&J6x-AhiNGGVTGHesE|0@QCE
zM_W;SkW+q~*Mfg3^6oQ~Ff&bPT1ZWnY@FSd&{~FyhQ!>n?f|}fnp5sUFL=w7rPD!W
zyEOBYT&>VE@)0@*zuK2GCJd4ltiOxdn?DR<?iqyw48<wzGW&|hUTbq`9K0~Pc)4qR
zLDQF!na&yO%=F*(gwN$>V8@7Bh-|}J@3}!h;f`-jPcJoE(lTDV(57eZ{&0|0R4~OG
z`>cF{GMpXj46Nyn<NQpzc*f|@|JV&So>bz*N<~&<R(U{)`TFMI<EQA6aJA}{;qrN|
zp3o1dNqp)mG8;Ki;vQpucI_)_vch`4pl&%W#LV-T?Py!QMISu+v?ip=ksQUO&t?#e
z8XC9%taRdX)r7@stuJmeUSkv4@KV{Tw?dY3m9o^N8P~u!GM^K?aGP{P%FwB!#-4>f
znZZ8pM>bAk;cu|LM=a-La_zsLsEqJ$@os+cWYRYlc>Zj<lFPgnMHvx6Y;y06OaYyF
z!Y~ROZb^6RY)?TgxV5lfV&5Um)_aSF4&N2x<k`yA^n{DG^3ibhnq>--7kFa#B_?Hk
zMNP*}CJ>(|8Kns{9Se?G$lzr(Cq>HJcjGuWi$zI4rSCL#Xf&Up{^yh)dM0x>?kx{l
zL~v|6f7=h_iTw0}8c1HZD7=IH5}?s#>SkMTzw)|Snx;ulepru^;u_Rtpe|XD3hJxc
z#8r6AW^H01skFVXi$eUgAoYVsn-dTjIk)PM@u2m|pek8SGSnwzZ@gJYY>#%sU2m^X
zS)?Bf#FK3?H)7JM1K9v#Z8G^74w!Kx<67enbF+BR6fXhT1WiBACo|PKYwL?wnJYW7
z31H-0<@dRq>AdrvZOV~%|LIN2qepX><>G$wC6%#^i@49Z1pJ-*z(yl$KTCn>o7B}L
z^FJssY0Z&mqD)k&TVA2Vqw7R|>9E?c-u{hcBlUOS(D&&V;i^rUHf0WJAc4p?#<fP5
zuU+wZ7Jj4c7R8$^=CaU)G_m>CcwOqzgN)$Ae;X_RlN~Puh2-<7oyMpcOr7G!%Jf&g
z$BX=7*~PPk-Metd67=F=lvAIn$AiX@bgMq7=jQ6#pi0Gqj&FvU6yn+dVKKQ-@)31@
zX4hhO^XvjWv#)IY#jmj_I~`KH)+tV}Ma_n)41M*Wjn3Eda=My4lfEkGimi1!RdTK-
z&^xDP+b$Xb&Z2(Y@&uRJc~l=L;G%w?y*ldD$2?@R-wWAtE#rm}?YSOBqD$J?aG_De
zX}Qg*Mb0z*GpHct`{iPi?MIV3ReI@}vlSi)$Mg*B<7+ogncV~C<qB;wK8T{<181hw
zGlQptg1Mfn)e_Pq+f(*34<bbNJKF`$Z$0mt2DUz2RK#wE<FEQ;cjg@}D*%KAyxLj&
ziZ4ku634wb%W}&85myVRzktY8F~T@Ia++iG>6~q;?x?eCZBj8VAD-JgyjG`SGMpF-
zD;jLDLhf-3g(&#p#|Nc8IvX+P4j;b6aa1NqW^O7%69|IS0QvDO`^4=GzHF;*z5lb*
zP<4B4O6R@LsRnBGtoRT!I8wa;-x71)j?$Y>xkXo<w^uswN2$7ensbfiXNYA=zuheq
zGxs)WO*aRrHd-9JdJpwzg~<%S2b5<^GPWVtV5ca9zLNzNJ&`z#*3+l;2RXlUe#iRt
zt#SfvgT05h8`MQ3e=1LIy<>lAV4K>LQ6<{s&Bnv1x@CDz!3fy;=ksKVKNDiUCV>QY
zc?=tC&a9#H{^Q)beruvnu(Jm>^m`abdp?)(-zt8Hg4L!;bqzgL^I31L(RG-t@|J*9
zYLBmOh!1aCE!Rr-KvqWTb33-cGr61`+&nx8vAF~;6^k7pD2%rMnZaOl>f!rfL$;eX
z13_xMf90Ig-oGr&q>!yGp};L?vCcfe9fn%@n?cUWcF?Qj%NOo=)0MCj^5-IVuX$$A
z>1ZD-d{7a7M)DDn_#E4QxM@9$-<}LFwoAXWpZF@d<xKCzcTdwA9vK2(jx92#xkkOx
zgQC<%wQmTwjC=;%177&sZ8z4~<L35RD|ef?RA$@v%_%cv*nOxrgdUriMNs#ms97h&
zw%TuE4Y^lGOD8G<HkLG2m3dql&HcR|5aOoX)u6{K6>{<*8~CREX1GqAhz2|(6&B9A
z)A<&e>SZzw>HLT-^G4Y#erqv02T(7MX}_?MI+(TBQ#n|L?=<Iprf_Si$}w;LbcI@4
z-rSjIkXFwIe89Q<A0Fv#_%0~I*XEV_<rZ$1Q#BTl@KRLZBJF;XV2AyJtvY%0{^rp)
z`D(ND#gZF)&(D!X6S0A8ep;M{bCH?N&I_ocK3BEtP9o~woGt*|*gf*MAGjh=$No~;
zeX!W6{xC9>8&O_mMCZ%uu?gU|-V5_s=uBmUaVV5bR^3e;IV(XddoYXz_h|L3MFl*S
zo2uM>)rh$i6-W7*kZ4(JLEu-f3EV}Iuo=!H?piLCn>rc`*%-<N0?lg*C$F=~zeI<J
zjs1ejsi77@Lr*BDLXF>^T_6NExd>d*;w{g5dL8`D+wti9jfk~zf;5D`Zs&5k&Lach
zlg{MZmzP+6T&4Fh38VSk!<PGMj;~4;-^B@>M6b&FECZ%6w|ry$9PaK*VP(KwCQDiT
z_kg$KK{x+~QQ3{QVhx1B21^VN8)QphVX)ZCg3u%~BPum{KysfRLBo66&;A&ZqPka}
zSe!5|9?B1KWO7t#+X_Vm1PXsz1NnCL1Ng+8vTl%;6D88oH0V12dYaVJ_aIu0da}Ri
zE`k9LQr#%ZBJeEF*3~YrvKbTr*3_{enJHe}OPye>kk{tDvy2I&0myzt_MiAMF7!;E
zw4&~nlksOyaCLg5+tuAUNyh*D`T<nNrI_KYC0mx^9{2ql_cito`9L9XZ)eA!2mA=f
zg548hj>q_s`loy6YY=L?rh7*GC&LvpWMR*KBgzhAekP)k0R~|>HD_}W^`Lhc2rXGB
zd#+q+T5Yr#SK=BGdG<$jnQ<d*@x(@{`MN3cA=+yANcynQRJHECQJxmc9?ZeFTMR<S
zW@^&E`W_U*qX$zJOK&IU16micdGB~CQ?wRlv2<MEE~r-2L^kX7Dc2k0&udGX2ie@<
z%9eA_-?Ft!=DxyfGw7kthM5Xeh2f+2l%MD7O)`4RXi<RJ<;AJwlP`iE#X}DUOT4Z?
zzdWWV*2f>MguiZ%xyLOQo(J=$70lgFqO6V2&eZ|_!Oos+1&z#KuXuY@NiNgQ{-ZyW
zF-IZ~pir`lX{Fw@c%ABSL#f4Hk=6Hlr$tZ2QiWpE9KTFghQS(pjS_GOv)g4C&ZLiE
z&AZ{SADr3pYo>85?055#?|;y@;`|tTDTor~zb?G0yv{Ni;MfxzI8*>;lT=Fbc+`co
zYFkSD0WGr{sItmeUF=dUG0mCuQ=}*q^A8oc1jQK+90uVoMaj9DB>o>r^=%`;>twVb
zP(c00g(s~qQ<Mwdasf-+aFsqijRvj(MYabAJB~tTe_EjI4+IyxhLOhQdK<17p<y0>
z7uh1136{qrwAZ?&%)sowDF<V{z1P<Kt3cV0am;S$5`1fh2v{<By+T-=toA`Ak+M;b
z$^#F+nEe1*SFKkXl$fqt6{Z=5rycHD<$gNZ?7VcsNyGK@{{hk~`#6PKIvQwuWoVFY
zN)oZ@YaD~#TQeY2r-+0g&-VzgnoCaRxkgkgN<fQEs+M<$se$+jw;5L_Zt*k!Jyx3k
zVBxHX4YlW!iqH0EU_m+L^lrPGu;B1sP`Pi1RpP`*+0bY6#ZB(4-E-TjyW+zvJn(PA
z1UW&_)Z~GDwVP4{V$ciGwY#&Vz4f6g_(oP{eJF(^G$w903;Ws<-1FaZIraY!D(3&n
z2YH?2SB4%F?rg9|{6hixOa6a=H2S}p>G49qh6YAVKRxm5>KYp-fY)ofj=rCb=%uGt
zZs8KWdSJ@--Fl65Hrx6@2QYii#(xwoha#0q%&F`Z3tK26^GnfZziSf7oBZlQ@ywrd
zm={rGE|Hm9D08KDok^Y^*}tQ=%%E<h%0to>9j0Dxw@^4q8)F!?N|9s8AOE7~$hx>F
zrOoL}?QgBVEQB8bTcs@b#<L(iOahUB&7#WhuIFoX$gHa|I;yh~2ID*Pg-oxWD5j;L
zCNmS!2ZL=+&M)f&)j}saEluveJh{3yF&u6w_VUDk%^ObXAHjrn#%s-KM>SAZ_YoMz
z>i+A~9c}vQXz%ZcM#@$EBvQ9{G8uV5=qSY{g;l{B9TGE^6${g3en}evexNda8Vb%-
zlc!|jbDgm&_Ddh^P(~-Y1;^4YRbKwf8nJ}rMCotGP~8$b8g957lQ+SK>6}N|BTmK%
z$isJpWSDLfrMTrr(oEE6Jy47-?RyzHxlxWxcOf+J?~bg0H!18((eT@xN+q-#hLSU1
z6ZC=d)Sk{%6L6S>)5?d}Ik`GVziu`+a=l#ouO%8%e$G@bub(^J{#IndWE9uY0qy_D
zT5n57Z0HsH_5DWCOJSUMI8F)yuT!c-9hhesJ8Mn6^BgCIafq!~T6Vm-pFTlg8^g*4
zZQWTU$~u0avM?rNyZx0iL}-ulQWSL;0C#y3FI0Z?F!DdZ?d2-E6R&NgNf>x1njm(U
zN96qZQ)9Co9rXz2v#qVIce%M?RCe|#oyPsams<m<quBlT^@yP4#vIQXHnpHV!pZ>3
zVRVL0iHa3aaiZ<}oED1(3MpQ6YJTM+cL|IL7;`%vX&4gR`7)U!?zO;Ji%v(wrI!!?
z&F1n+!B&0^&yy@JF%(^HKfQ-N{G6_R>qSH8YFJnpg}4D!^{;X6Yt#s1qwWExN(mpc
zU>vn|WVgZIdM&O#7Q!BJ`!!Q!naqdOpl}@3i9N6K<lfWA&k)|snfXt*9IkSwtBZyW
z?pGY2k2DBz_|<xix!RB9+-+P9Xp%v5ad`nL@#=6wd}D=i_UC8%2*;KKS~G1|=#v3|
z<dy$0ho?$rFXjO}>OvaMo>p;Ql9&ezF0IX<>qn9Mb8`NoLC>90zwq?2vA6eRVCF>C
z#_Gfmqzi6OTB`2r(~+u0E@7b&FB7WD=xTti+fYEUWufJ6l5iM|N?PMznU(pNY&hCc
z7)nghI^7W!hY0ANjGlqOw)*3odmHyg){`>FpfYcOPW|_OCX>hTMk`Bx5m)>B5976q
zyZ)t#qa(x|1B*BdFi$9JhNzCW!m5`$Crhm#-^}LMIT?!29|-5<tRnQ!<ll+r2*~!b
z#QLOj7=Vj#MYh`f=ys2KWtYint+nMfg;H~jPokAniNdB;ZLu>(sZls|pGqOEZH(4C
z)W<f?faf9U#F4>13s2_U76i@X<Sa#ZKZt*oY;{)iS%ovj8(ul?ucb>lw87#~>;~w5
zq{{$6oP|ZUbAe`n*CyTjW%B4NM^4YQo)>@n8LHLQ1%U8dN1PhvLRPWuJOBXC7GW3_
z*Z1)!LsXQFvL6if9IZ2~TCI|>Kw9Lx)=vaXttmdWECr8p$Pito%d_3YvdwKLYC?v|
z0uOuKp0LO9cR>XoeE0HooV5@PiX<I7MqZzrpC~bC?ULz0R55Z1)$8inRj%`qZC!lW
z-5x|JNx0KJyhm^_>L>Ry7Z;Zi;)=e}L5#W@X`_`LkF_1e4RF1jEHt^g?dMYCy)jCB
zt9LN<cI_P3iz{nq_#WdpyBvU1wPX#fR@iWr3AOLt;;{o2&F#`faL{(Y4F3UC-ZL^3
zMIMZZ;36#tUgk)+mcFtIr&>MwS!%K{j{k6TuDFt=mqH6_lOo{HRNrySj1F@^;jYFn
zo|K-!f)WEDPn*x#IbKAkJKx`sssD4;HJJCt1nh^KgA+!DQ8n5gdrn^6-}~oJEjEs$
zdz<rxZUb8fA!ZWFWv1WrT@#ngN&`#GaP^E`FiD7_<iR)92K(6eY_pMfgO-~f9AWWv
zq|%)&&N-bJQec^V-5@+GK-g;5E5p;<w4O&~GfM*ucUyhC53qnS>CHyT4Gco<F0<Zi
z?#ECp7}T9KR^YR)jS47?q3@mTxM!3NiZwj2>#*?R_9H05mhW7r(w4wPGn<<D?A?}7
zUg?&H@JrF)iE}PCg*7)n4|4icz1Ha*JSfDTI0JqZL>;rhg@+m#6{h>ZnAT4Ybo~={
z`U;s6vilIGhEeseU$LV$N3e^&31>D9u&TETPQ+zCC}5vt5k^5lnEH7^`REYuU|D4$
ze2WRc!*7r|RHl><uxsJy$vP{)yrDc3G{5LGf0yUn6cz!r?HDnzRt#%2TznHCk>q8W
z{}7!v>|f<ZEMeN*ti1aiX}t#}$lbW{$@->gPhhyvR}x`?cgu#W??;UKkC8Q^JEpf!
zY2C6wm$_3Ot_Dc^srL9$J&!FX_wjUfSnsF2vnI>End*q`b(C^;O~`!i+0qoL&ju`t
z)&{G=97S~!7qRcb^>*iv5+pQj{zz8f=6@RYEvvps>hVi1es_If>oCKO5b#As$2_GW
zzLVRz^FVY07W*A9)XbSW&zEtFuT!%+Lto*^pHp0!#w<Zx7#$Z8Q15SXm{HpG+!%0V
z)3_TW68;bGdu*eSM9k4fZ_0y1eJE?W_F!Q}*V|ha{f9DjsMQ9miYUwc;KUO$rX~Fi
zzHPmVCB$+IiH~-f&!r&8Hdj_h<v*Im&BaVdDY=iLJj9qh(;R`LB&gpSDU8duZMi<F
z6j$yJBRhjv==zn<`>Fu0vl<^0-JG+*FbF*02X+?0jIpeALhO;KLQsa!{K$Zwave$d
zn|mDheH8T@X%g??`APQ41^Zq^oNYs<QQh{3i}`>yA?o9xvrwM4S_5~=;~<YW+YwjS
z<~V%%*=w$(o@}dqVpYNIo4KJ2kqn(~neQP=I(aVfvuU(n4!a?YXZsx;oG@C$YZDql
zr*mI`1;;h}`+9O=r$-A&)+4Bmho!E|s>AB8=6hw9J(cE)*yR$y)19f0=G+_so@<N4
z*z(Dr_YFcdM?adVp&OC)M6a1I*7b&s1`}kD@jB-OzN|#S&_v|q+_<V|-`Dexa$c8P
zZCvfsoSnkqmaAURFJa`RHgSE8^n(?qZ@I8~0)`Z{_ey!``lLhnAn`c?4Pm<A8E(Jg
zpQ8*H6S8Qv%&UfPm!wZVc!LkG=nmDVe1l}akd~3((-LU)@$mX(G@42I%5@R<!Xtjo
z9ot|>XjfKOpBeN1{zO`1!+tOlvj(pE0J1rltv18m<qUckECSDw!PZk!@cplMg|3DK
z>D!RSEO&m^L3Iw+I(@+mhb5$%3;g-(G6%JUne+2~$S!E-jp(k0%vtA0?H>Spf=RXh
z{@OI5oJN1~V3Z4FQ_U^q%JKoM3k;YC&+$_z{Il60^nt<7m?Z4yh`P=GnM?M+lz|FT
z5_5GYiJwkd@OaW5e;QxbpyK%Dv}q}?uV!g}ov7KqWS>+igjLS!eQ)}5PB=z_yu~e#
z_#M|VUbHd-Mn>(yeT@4=pHEL&jg(p=Zz09cS`8IXU><m2?^aQVP{SxK<g>^s&IV&=
z@3qLB%n5(;3Iw_M?Mu~k$#4LYFj44BFHdx<H}x9Kz1!j`E#vPp+>Z9qo4w0jZ(cHs
zba%*h7NmagS~WqMCvcE#{p)53Qa1b3<ruLY21Uw<iF=2e6{f-F0Ag3An3_(Z?){fp
zMBm1!E-Djv{adC-lWmyjJ|>g+DelS#(7kXrC0GqC4cpkFvJ*%n3D@xRfhSa)Q$n{M
zQf@F!Phe;-+txt+B=7JW<q+j3e;P{sbrYE;OwLf5e52j1SK~o<uCEzq@MrptsKahx
zf=8miLOouLmX;dnCCv>+&22+kKkKbt^`zly#*ltOPI0o)XZ%l(W+q5#%fMBB+}iwh
zsQ^%@+~I8ty#`KD%8)H<?Ve%-zC6JtxV4)vA!h)TM5fXk!uYl*{JJQ=YtMM6zs5u<
z_3@m}I=)ii@s5v_h=Ih)Bcl5EwFl#yeJPLUgf(tyDg@`8=y|kl7CC<VZ;mI^Tmr9M
zUoO(ZxhJ6Vh+pOQ=uAGi>dj(_>7Q#mHl&ZeJ)G4ZXBHl6)|j<CPNuNg3hohpPUQGu
ze;9;lTIYJyPIzR)%5n0;X&NTe`8JucW~*OIw`~dqx&28(p-LVFZv9gz&r5x8`T``W
zFO1rf7*%U%k3|+2KKs#;DYH1*r3@8j&NHil`%WDLh(bE09h&OpMMb*3GisDI0KP00
z7l=AZwA$jrx18Sb%I>>?k|`!OIr2cc^)}6%@GSw18NP#L_`w@2nw{KCTT@X8zp&d^
z*vCt-<8AO4^Xub+*L95&Pox>bC)nS)G%5XA06=@ffqHdc(z(ST3k+g8zp`L+8LrFm
zaHGQ#47T#pJLiW4Cl)>&P3*`=JNz8vd_$;l)Xbb$ZE3a_ktt_n+kLhcvxwOfI$Iw?
zaIsstZN9Yn+TZp)FE_duDQEyLNZ%(tfbaSm5i*opTO2xnVcI1eMQraDc3TEKL!hv`
z<@DgKHRXHB@S)KHt;i-lJZ@!V<u0ryj(MSWIj)?~{)jHcd&BsMr96JHZ|1^VXpO(G
zwt8|(iu<!5qZ25(<IT(TUFsw4m7n~V+-Zrz+f%K&LYFU{xi?2WFrxgTIv`j$C+sHf
zRI4xL=9ZwGn=p1KU91|@wRnvH_reQ)TIK!Qo|<h`?Vhu4)YIShZW5dI0QrL#5u?xB
z<Q>|&^R(An3yTtoIZ;sbfL&d3<Uxb_Cp4<it?I<0c(Tl734Fs2<oOPx`ZDzE`5C0g
z)4~zBuxkBRz@M`<MyYASS;cs(f{;>H$SApZ;)^~hsn6W+nnkI>!Ni8!$l61+9XZmV
zA+0`0IdHp}{=(wmE;!K&P&7N0YeE%aqn->49cc(iua?rA+1L89H|~P%o$(DD0f^1g
z@#J`2FFET)W2+yMudX_Szg_HPd0h&5fUv2@E1NS@yruJ~qjsXOil3l~(<1wAS}kWl
zFoFFho&@<bD?ukpVe`U7;qYX~HzvJa1*IY5{%2Z@fblMoyhkmG-S6Z|V|DpH`eu6$
zIz>BQ+(PdP2=q<45~o&^zdvz6XIocB@z=kXNT1DfP`#XcXJ7K0|IOC?9y$L{c;i?%
zwdH}=gF$UC#71H+ap^|gV=?cj^6TebG+C@1tNdh~{5M%%WRBWASV+8pXs)QWj&+X}
zz6<2Qysu%FjK9CSsk;TKnB5{SvojJ#GZfWfX*(V9N5^*&(fDj3Fgd;Yj%v|(lYa$K
zw13uby&`L%rJ*BkMOY=zIf0^BYWnABoe!pnp#cW$3QzX=1wnu^w%`1aN3uP}u=>Kb
zsU=cBOg+E_R%_Q2!GD_6>ZZC%eaAVMREb;EJ5<$etSYSx7S$Tn$6_Y^*LQ7p!Df)H
z@+s9KT_HkmW(aA6SJrbsW$a~NfuvEWR4|lg<jl9Jf+jAPeK4_@W!!i@E*|v<Ui&x;
z(+DZBf<X!w-k$lW@npIodnM@T0da0=+<|J2IPmO_zO-L@HicMpKx|r&q1|R|==Zt(
z?AAc|cGQ{ef`M`wSom|Iuv9*vc5>zlu4e6ieBsnLZcE9%U8C}lciq<s`SRACC`;$L
zdEovtj%)3D0Xvq5cENmNJ6;|xrRAAwH9i4T>GP4;PKa^K*5Tsoc(!_x$-z&Bl7pOo
znZ1(1($GKd#-`Kf%C@x_3_qo1S|-LZ7K=Eg?6`2G?a-|rJR9OkN+@HcL>FElrlnTJ
zlLUInO?<;cIPk53`UjzsBdP3^z>spMv&kHNG2A<;yuwP4A3x&i%SlY*ObiBn)Yo8M
zuVTeby|hn9y&-j(`sF(S#g+av$u$^XMT(obJ*d?}PsG$!1q@fM4q_dXzm?lk)t7%+
zBelIt17}1$K^m&0a}$V_8fDFt2KU`E5;Yk}xpc6<n3?Pep-~y-Z?jX8zJI<0eW=jq
zs%8ZZzHxI3VAA||TxMt1riG`Du}5RZD>Y%f9`KwaE=FT}#5r1{qfDiR^o4sf13^n|
zmYxY;Vm+1&^=042{j`vX%7-`Vk50RDNqNZ1P!D?;0rh{_Yz+<!^OYm)2t-k5f-=`^
zmWtofBteSF=)Q9O3So4?Q8Qz1d5K;}Ne}n`g~ZCx_gZ$yHSC&yEYJLysk7ge;WQWX
zPMD=HdGF=VR!fJ*S&v(UwjGu^C(%gRw%D#Bz&?}ELXr4(;@po^WcIF}q&_JAlD>lL
zRObR)vr(f@=!~8X;*mPf{(Mwk3|5dI<gZ8_1%l?PSEkQ$Rz_55{dG5gq+vE@wHO5E
zJrP1kHc#*t8Gvx;&1?Gg;UfZ(-O||l(S{NaTfymuhtufcpX_l)K7K~XY;|&ak6-Re
z>*y%3kLIMB3OsW#Ct|m_tlSZszk6}nJ*h{gJVTv=g%~m31sHfKMGwb=jEzttSKgX~
z&?<o^RWiss2*qm&nrsx~sjgC`u!9n8a@1&aH1z!BIpwtTpQvr_XWF;k&m%UQSK+xy
zT*(6RWx-ywn!K3O6&utumlODQf>`W%4IkCDRWqkL_DaM;9AK78?9lAQ$*;{qY7#*;
z+qh){iWzfWoq1K{=2c%DKId`sayqW|wU-QIt`k+voC9NbPC;q9OVZYT*jDcfaa~{v
zIw5FrbU1q12W6G%bLY##B$ownDb5`rhQY$utTs;(F$);yJux4zFDq2{1k%{YM53tw
zGo7J$&j;FdIuZC!k(9URR@cUB1LoTe8jeJM<r1*|Y-XIw0e8$ISQIoOQtuvi6y*F+
zJkzM3-_DA4OPLhIQ}4(87<$TdUo2QGsgkys#DpNtNm<a+(J#;_L&heUO)x<4QStQ0
zIuEv~$q>@s)^Nb8#*=UTDaD_eVC-@@aUNeN?L3WvlACfn;(*TQDG}r1E8W+n#yAW@
zn~8ksm&}E85nIYOtxXNep@Em62OMA4g8hagvtzSr{I85Qh`Bqkcnf*VkMO7{!U|qj
zh%BrQyRw!R0qxeP7+c?oAB?`fQ<~YBiUCBtaJ>&~)zgc|Ag1avL*wYWC!S-+3N>(1
zlh`t=nlPiivpY8ktM9xt4M5!n%mBLBRO3!3x|BSqAvtbI0MqGSh=qaVjH#N1gv>B6
z%}}@I$>X!<)wK(j7xNHArEyCydSdSn(3TlZ8SB&452Ms~!EgBDm4d?-<LF(pO!4q?
zoixxBFWZJEbd*JHPbUMvD>G;y{?2njY?hg1FuS<=jsT_I5}|Fkd?H&oZ>=>DCn;@H
zGN&w4Xhr?B7w}IKmTH{@Zt}>JkztI)j1gnF!tj4Qy67y(uDHSZ7m+b1mklvnWZ=P~
zmviG=1;f;@jE3>jqvXrpDB0$G0RQ0Z$ux#AH*fi-rK(aGp7+Z_F)1M&Y|z_%phj3v
z(`9HSG^%JXF>Yx34^s4=c(xB(@U4FWbn=c&SzzbcxVUC&Qc2We2opNyikOM#^?uKG
zFQhxnJ9w;UF=|C%W;ea?U`J=*iTPNA$HLFurP%$)aiUYlhYFSTiB{dh9y7Gr!;D)F
zVhMM#b<fq5l*&@okHt*u#=VI<H^|)u?x_u;?4xvetX~_(hE>Yq4?)9%T$np;QxGiN
zmcFS|&)g3PpuK7FrvR}|G_5#}N^;otUI_$W+L`lHKg3j*M+U2xqT;u`ln{)7sBR56
zv}w|s`ZAOEg){Ydp7Qt7XcsJBv)qKOz!w$>+RDZqA?C-ZWM{?&TwIvE3?m&<8Ijx5
z3UsLzHcV6TI>^e9Kzpv+%6ToROHb@O_%(MgK;Eu>)|J4sP8i#}Jge7Ty+_}LYut?t
z!3d0?b-sN|^9(Po=5ZaHC|u&Q%`ToS))yvU=casc86%H#fE-u%Bu%DcI8K?_u2>2r
z3Tm1l&Bk4k;^uA-kl^HHq2TI3Jbtho;)lM;PyQIW*))>{3vZxt98fqz$#ExyRG>4>
ziuG|$;Kl<B_+Kg`!ql#X>Gipv^><3;a}U=yO36ASE6WJCeBULVLUM|e7P@y;Hd#n^
z?f7I8Xp0|`@-)Qm9v6MtO(!{KBqr_hRQw>cQ^-dsLc-V=Jm;BkEkoQsomME|95Q?2
zVr4{gnw0-iG-8Q89rVN_)i4Y2c2?}*_MQ<?dc)94559WRgy(AXyQa@x2{>}zRp6=i
zYbhyc#KD`EsrhxJ#O3-WHprE8v)kT-I`s#iIl9mBjZdDo@I4phLqU}$?A@DLiR<}(
ztF9^7g)BDZ74CCl8ZTpsxO;tZFxF^aia8&3S+~6b+Gf%IUWGV}$SaNbi+5B|7Nhrk
zeCO4hEpPZrgk{`8Q+{*xy0n&Uzh5(g=ZNNYQ_t>4I{?3+^#S+yEmQ7|XzpL~J?8I9
ze<Ig*AsSW_l`dhZ{v}A33_sFr!!84%(MMZSJK)ZRLYFzC3OM5la3dZh=ZWJ--kp#4
z8x_1%`I1e~_ky@cgrL|`<}6y=yoOB!d#fewikGM*xJf7&%iP0uUn+cZVi&y-EPrLI
zBL*#R-k|9<!>_rG5UCF!b?z-NFZVw<E`Pcvd{7g9?<eq{J^TFa?=~$CK624s9jxUe
z^lu&gvhW^h*^Ik1+dUsE3lMuPqq0kHK04<;bYmb8nFr9OqJ=;e^U+P7mu^jQa&JzK
zYc^De2IVg`_SLVXechEN+fc77T74)UFVLrF^$n4pKAg?BG>O}(s$&`L&-#n3%p^~W
z{xDykIV(ZQsx&P?O|ghDP?MvBTdFhnpen45F(ah4Fd=(Fo3n&A23_amF~JG1pZol|
zjg+1A3?al>^|019o|m^SKL5u^k7sSYMs@V}mR_!W5?Yz$5CL0HJmYa6I41i7$_eG=
z{0@F!f3#o$etv0ZH1e`np*O<7Btq}bTM8xbJJF5$tH!;pLbusWEan;;YRXJ36@zSh
z?Vf7g&1D#7z{=j~AU<CYjL;~1bxMMknOrrmNkD1ZKiV0Y9e3vOv`tLe5>f8%wx@Wn
zNPM^Si%NJ~564ZH*QEGRa!~uq%JCP3^PL3$-1@S1*{ehBOaWKAWZ;TK!tnp3a-@as
z)$4u^{my20M!R2vt2(o9h6KvK<NduE9MN>_N-{`)RuTb^8u%5%0`eheFm#&%Toenl
zf%Blr^BvcAB@_@BY+v8;5Tf2xJ)l(_DIT}x$C5W$ht{Rp27at7^K+Syh2$dF$Y4~@
z_LPGz<uM~LqvSr2gS;Wzik<Gifd2R#)Dw`CXd9j$d{hxXg|^By3=o2rJVHC9mh}8E
zg<dl$q*e}F#|fRG&EzEqc&M3`v%uBeWapCVi%H0dFZW~26;}hxZP9-7luYo`lF*sq
z*(zi<w%#+v3)RV>-vykP6%R6giv3yi?(|3)nlwYFamI=80{t!lPjGROC~Dp2TFyx<
zaNN1~5-<I|#o^~pZlq&(NM+O?D?mEL;Kzd6jIz=BM;dE)CeA8b#(6jZ_u%&+H@5X!
zkO~0gA2Nsw!8)6D05;A2nO}y_E!2aX$cr+8uapT3BYW%!(g{C5K-f(`jyT!vz(k_&
zA3n{T?~Y!)Q$K&T5?yuUoz!ln5MDOw`DgsE7)>KMHtamYjGGz@+c#I;YkIslVy2m)
zzT0yDbA1+O7x&Uk4SpacM*ZPYCkA^#oLfNa?aN<yi^Gp`s=D@mNe+}@Mhe{*+wN4(
zPRq#jap^#`&ISIBydH(2Hd5ArXGB!q#tB`t*wML9?B=@PFRLmR7&WDFNfJWVTI%Lv
zAr->g{Fdg^ds(@sW#}R1o?A{n<<$7l5J>aWxsrtI&fsI5NqmD*Y|$7eKSYcgR>t#d
z1<ML>1M(z3f9x5BT@a=QOYrP0&t!FfntxIWz1oflUHXA4ou!8{^Q~1_+XGFp@I4t!
z>TGWfb~<>mNVH>F2&aMMzs?sC<)dR2DF>6n)?G4wim+|{x$fw)79GY%JuB7SPo{&M
zOpvE2%!-o?^~&WcpO&k^NcRsrSGbWI6(K7Rs~(_T18l`LMho<-mK;l}VAXd!;+A?r
zUtM~f<;9|c{7cNM=H!Rfl8UG2$E|F$kfjpVrFx61(<LKo;~yJC$xa(=lL5ze{SgDG
z(au9@ptnHbe6FAYm^blDl?!5dnO{A`zw$zM++Q09!MKv}kN)=za;9Bfr)K9tooCXo
zgi5IDz9FPM_!=$E+AVl(@DjfhzyFqyVp{p^54FM4%Wq%3o~3DOGnvFC0WSXLlhM@g
zLAd)SUYjw>%nM%n>3Q<ww=QbT8Kii%b`h7-k}3~HpYHiVdq`0Tq}R>mx_q<iAkK|!
zKpJ&zzS~}TuHMTCKyW}`XUfka+8}r5y2;;ZSHiBF$IpPckCoe~?&4VRMcRrYOE|rq
z#_P;;S?tyFfTMs>bmvUnTd?el*|+kXd%zqnp@zRaZmHSbjw`C$EFWwXw|0om^1<4Q
zo2xGCqo~jRCg6>J<`ZUqzTn8R7^U66%BYUi+<mc3ikUilPSQmMc468{&mz<G9`K|^
zCJ_+gxLv(#1P|9|{EWXTBUe4(-C@A``V2r)ij@!S*^+)3ETYO}k>1hVO8`agobb8l
z{#T3&wtvMEOTZR9SC1zH>OVu<sJfh<HmYAKwjmxJ<RldRN0@*3B5@AWYP3QcoQ0Ej
zr)l=ijgafR^qwgP99q5ruyB)ZF(<xuoaMGY03?;GTB_o;y@2TWMh}0Cx=;XcLTanc
zDXYnIhCYF(xhddHF<SNF-1TPV)1TaX%pF~!<@;geVWy=&zOyg%y=E-JrO0Tvog{8i
z`l$FpewuLU5UGq|Lyink^Di0AGn&6EicIJBag#5LqDD8)T%wYMPoLSJ$V0Hlqzp+1
zx&NBzfo?8qh7ngp4hWyU8SLe%$MgSk?|X2Z=6aZMiBN17=zh)7mYTnKX$i@zmT@uo
z79_Tkr!4EPOp)HmSw8wwiSUz==YUT61gJVjv>mcc@R}PDxa#GDUm!yafo+*FOLJ#s
z-$2ss%GtdbUh|xCGz}1}#XgCkE^4zmpa8o7R;?2S-{^}m(s=1}>aLX2VLmY{@m-wS
z{8b<5IPru4gTg6v9ks>&w2%1w&lyAerAg*NQvEVJ{+kfzZI;9SF66D@lt)cd>nfY(
zqsGl}cghxibpvvo+_q1Pa%c_?QNU!?{`y$au${$ExUw;~8T_t_s_DfwTG-u1o$okH
z^N@TCZH>n)v;R#+fS%V<H3j)qu0QPE25!7NXUa8PemUJ3X+9VgD{K=UQXjBdP&y#`
z)dwA44%gZUyEQ>R={{y|kpo_Cm(Jq0_DAj5Ogg(&y9~j<#m!!(d+kn;w!JX&c?383
z^u_w>fMV0nE)j1whf7E$w(>s@CfFcF%0+i_MLp8F1KczkLYH|#S?@3~9TGWPHgGEC
zxL4o_k@|)77&N0%2c>+lzpc4|_<(5CXGH$3>5ne?YO|$CnEc^qRM<CPKJfU43wMb@
z!m&gDbCxz2e&QJ9OdcuEOvm<r4PM^qp=Yn1>YtGL;?|#X*Op@8y6_;!u-<7S%(`k|
z*ki2N-WFY*Wyhow!%<Fev(M!T&3tNl#!*ER8gjAte5>@t*$~sx!FuzmXCaClN+t3&
z!E{liP*jzdTsLOgTZYVw3Asz$5LR?=ZT*g8yCfzvyG6&)j-;up!)ZSUa;fY9BAI|y
zaTcjJ>woQNRiUK**)t<Q-Q<+fRm{qRRw0k(hpb|&ze7vaPp`n9&deZP^52l$8jUw2
zX8IKNP|Mq&Li<xVHmIQ4B9oSO;k2(C^TYB*9--NF2BD4pp5JK6QJ7VnT*HB%hMT$P
z!$$XTU&r(h5^GjDVWZ-Sb!MfjX1OJZ=`=Q>Vd3?`$FJNHwhWPx0Z^{d003c8{^Di-
zUwPL~&t{-0R9iCF2@y@W&DPH*LNbcEGdUhEW&~Zucm3_umvPsch^p6g>4JHUOzVU9
z#(MKc@n%9C?ZA*7+}y{^+rRUzbEK?<s6Urxa!6bTLPMov4IT0ZY=ThX!H3Fu!IL5~
z3LAstZt>2jpPrx`4Sy}LM!2i;mcUdo=_eoQ$lB<NO_hC&b9V7gw|rls)MQbZO7f4h
z))u8xb*@)zdrA)Xjq<pdYkm#L%@I!H-WYUxRd4+?&QqI>GgfGK2V2l>lUPUkft&=0
zXw<>To4uG&CHH%_l<&Syp&t`i)L=}|hVgmm=yAU=2*jgd_44nyo@&7eF3JgM8$xtn
zob)oDjujoAJX*g>QT8Jfgg`34hM}rN;o(Wm?n3g%v>qzRqCT<Qe6e>}0%QEy2D8&=
z9#){g=$ut-QSRQd;|M8w)Ocs{O{?Ls1a$-{SD}j$MGA6zjJg+D@Aex?aYEPB6)yZK
zE*TbPO3VNxNm|#-sSzmCR5F0Rvn!Sj7Zl)YatHYPrt+1EGN-l|i7WiIYu5*dL?tOb
zZKVJKROjE}6VaEkr6gigzII_2XyYyqmk1xIJkpI>Cmb#q!0pc!R?MskmN85vj7XFP
zjDAy<AwGqamV0g7-zc>xvt^8z^npz3rz(*WW-AZ#?UPFqC(O#nKG_G4{x~~ffgGz1
zIXfGoc*|;t%MWIEkLuL4VSN<3p^)c=?L7Q^K)YqBI~DyH|3wDvsg@Ps(@|~<L3}QA
z>jSUvjXiaaQ_9K8)FH2&pBo?PaF_Of^zWpdiFi;=ZRo-3#k)KqpCQI3{N&YgdOAsP
z+Hb)h+v#G<*{~o)@lBUL?8(aY)qqUbn=g9ySr8tf?^8?8PL*1Wn3b+u*4mTB6B|k_
zHqA=!XV(pf4wX!l_}*b{dWu4sN{u7^r+EyeUO}Y481@QnQG+5EF%ElS812n*j9o%o
zv?gW0((L&5X`Q>*t?hG>96_X%fi4~UIG<_jbSWpOawZnGq8)fK?D~Jr`vd6f>QDep
zA~*a9wc2xjFT<^`ZqrVN2rKsZrq@?Rm@OZTejeW35)vpd){s>0xhPF4Ar?W97Sn<-
zHw!?K<uKN1c&4h9GF(204phXd4y#(A20z*#)Gc;ZAs^I25>y!mt0cFbFlMzBN1%uD
zSc^vrH174KNU=s`dB(8ZHPjvVOr^T;P-Q1Q_rVSvP9fyyhTO#91Ru?pN^=Ud*L6t)
zH9+qnJQJQsOD6rhij{?iUd`p+?SSuVp}~wzIGc?IH9+{xaPYmi7WZy<c-C3^&7|FE
zFnZcSfyb0qm0IR#XS(Jf(|BATb)h_m_sk@!OKciV5>M2vCTh5vx|rA6BYhW3lBKNc
zZ`B%Bm4;|Sy3ksg@E$>qYL`EzX0CMS!k$0~h`4CllPAoomO2dRThus*kcZGl%L31*
zIv((P^F82s!++P!veI~v^+63Fx<U3~(P;{YviryngJqz)XZy-%L5v8HL?AEsWC|)y
z)jKjr0#t{J`WFvYMaxN{Bc(gH^1lpc!3xaBozu+z94)^ep)@S6SZZGD8L?CKBf0cJ
zxlQi<vl^?WWO$?bEdS~OItWx0kf8OK6&aBpLKl|9mRFwH&pK9GJ1hCiPULG=R#;L_
z2{2h1UANva&;gYp@2({@(l?ZppMUCm^pi1IhigBMMg;e5y{Bbl^Bqk{Y#@?8yV1HQ
z5BP9V+{+|>qs1-Mfd@_^lKrF9zmxT<6k!*tHwUFC5U)tAy4_Z1k(NyC@oWW&rOcP3
z1qLzac?Efg<UgS%<2`!<NaAEy<0?dgAc#~_XUd9Ut;+{=C3+a=*tDE*6f!UFFLGU6
z7B?>fm)j(M=^H_r&Qy8^U@27;rSjALWi#KZV>qk41XoAG;zR3~0#>V5`cs3U=^G<$
zlK!$|0f#DO(?JbY<PgRI5y4(ZPRoMJF)0At^z!+^S%#wAm{icO*bFx{r`nn}=cy5(
zrQqBjH#Va5{15NEpNwjJlP5DCy!|lb$xk$PaZP^Z2uhM^CX)a<GXqMzHM5v6tP-&&
z6rA(m-%7+M3cC=vKBo~fRrA0BBG`{B)#H!jpCF|x_{|~sIvPQ$mzUb$EmZ$a+!s&s
za>>3@8Q;1U)*?4e+Du%b%y{!)XK~fyPm9u9wStSqiP^Af-*IPa)6xYqR2?MT3MM#m
z{OR7*w~-i*D%f*@p=!&nYT*>J)cXywik$GLeX$zj5vfGGmV;X@-+5{C;3tPYFNELt
z%8I^ghuAge(+TW@ZEvR-iyB|l50W7{-KqTTP`kU}n?nDoqPaz~{z`nlf<w=4f#Bg2
zbsYG*z@6ivF73^U5b4+1D)8=<2VSjjg@it>8Dm2x>&))%*G8;O_=l8RVNNW%CQ4Xi
zZ?Q7Qf0&C?-Sb&T-NU`{$iyyaky%yf^s2_%@Ro;hB_yFvOG+^EtLu$#`45t-JyM~P
zUtl4!$_+nBS^bzRm6r!5#yFEvMvy#hk+(7jtEN1e(!s|y_nI8X8qfut^+!EH7D4nv
z@<p2?&ai;{f$MC8QTG2%_hTh)vV9J(cSbK6Xiq2vD~7nQH@8Vx!0J4EcA(3cfCXd9
zcjiXQ9~xu%;24mt^+4tMRr6Al9QQ@vz7a`C_5E?@E)A1{!OA{`vWJZZJwJq9EjFwQ
zL(t15p~^)wga|7(D|O&l1AH=2IF&4(h13qvNL>*vh;p+Clq<1&%BB^<8+D6b%WTK3
zu{e(Jkk;q#5h2=Nsn|dp{;c=M3zc*@+6yz6b+lLdJkoSV4n`0WYd38g{OPP5yZ0=%
z;CG3^v0*QtLC#NZqn;wdR*fsmyvl?PGJiV?d@#5Aa%<t`_j784qsaZIzw|C?sD0hs
zxix*)Ox#pPM?1>5Pu*mD{Q7WLGAze6LP=2~u*j@d8(EU+Y7v049xjB(z+>E~if;X1
z_D4f1@|@8;xdGF&E8`CDEjkX1@ZHrITe2u5>X_e-=fr%PN7R+~1<5R;Cp(e=mnvUe
znw>;!?8*3bgO6;ms?mODqp<Qo?F#@6!u5gF%RU1;i+bjW>kjx2&*kRAK?3yEH~Vq8
z!Rl5l(`$4DxoV2CLeeU$#6Ni0AV0Ywe|Wf=d0Ld-52bi5##WX3ms+>2)s|pZM|Ym$
zo69UU?r(bMU~81+#x|-xm^23fPk1fUzJB01U7_IkuZJ5@Z~t}M3pbJDI5J^skGX`{
zT3XvSfrM;?lat_B#w6Q0wfQ9Y%KUULj4r6LYB8(<8OBH(oPSC*uJnzvN~|9$|7BKq
zKiR3rDsZK>?DQ@6e=9eL6$+f3?nB&O*nfcPPE~a<@6M=6WNoYTjQx$s#7h^O)hCs9
zLmKaAQ_RBF%vK-NzYp!XZ|iElX^JwhU+S?=>^BqnX!2hf#!m)0!#(N)cgX;Fz^}J1
za;IlQmNy;@IMBj0(npcw<zNpoB|sI^Uy&Id&BdYiO)UQ3n}e0{erm${--pcaG7m@8
zOoQKESnp>O{@6@)!0$U$ar-h|a&Xd~0{QW~I^k>sV{}@6S^7HUkAJ)_qs{T%<a^oC
z_=sz-{;qv6-&*C?*d_f_(evnH){V?N6dQdReXYNr$58Pi88s_@l=U2qzg~}l|9$l-
zJlo%292x`U0gSs?<({nTes?|AWYt7Tv2>UH9q4!0Gx|-+p(;sMl_SgR{{7lx!?O*2
z(dRP%*I;p<@&Pe6HlqF)Sgz!SLC)X*S^;FqAc+M?Ufcuz?)nD50DES|QmYdeVgHOs
zeNH^=YRM}2W-an}-#X_YXOZLolfnLUlrC)Br^;xEt5-&-i6z+IV#Pt};Z7S3qWZW$
z?#S@|J@WZu|ExQGFe+D1cNRL7<~~>48AEh=5~4rhI9Dq^N2$L1BGM=$(SPNdr_Vd;
z1Xhfj46qGaiQO^{z3_Y1X&k?$(7#7)()1tKol}YHM?qf_o5s*moii$k8bm*Ca^=%r
z6=6Lif4foTw@^O1{3B!!1EBp<AJ9=yGv3f)rOZ-}6@533mFC{b-k&y^SY=&VHLI-i
zTkHzlzvb}}iPv8F@|Ex@e_MMGI*>cEeo0t|6%rH+T~0f|MdI|%>~lu6OR7C-xPN%V
zu6H7MekaF~M*FyOpmt>%5n=HjI#C;s-F(ig4M{9BuDN=PSf;2Wm6`cC$E!>K;iD+K
zP<nWzk+steyZK&%%Wm#La{u@DF;}iAy8bWn-a0JGZtEXM0f%lWfuTdXq=ype5D-L4
z8l*#d2<h%_B}_m-I%JSWQUxT39y&&1sNan~KIfeGJm<XUy1u{ny}sA=<-c*p``&x)
zwbx#swLWWY^;(yb@WQYNoV8E4k~Q;c1(i`N$--gDS#5#^L0}I?dU6lqIb)n7?TZ<6
z@@=xg;$9O{ZmAC;5LzDH8vhnb&Qwkb0YL<_LC8aWWQz5z*?iOE{T&2MZ7ku5o;-Qo
z=yib)7P(G(rAG1)J0s~ioE;it!5Bzc!S2hN<zITCb^W*Ue9wj?ZkyE#1<-3gZ|g4=
zj74<p%zZYjJvh2$RCcgGcv5sRHrm-rvt@Pz6TjfcjIxu;p%=gG#nO*y$!BMr&YQV6
z$;b|9$5UEdZ4oZ=-I+3a)I$Cy;vzePJN7-KDeY8}*3c=~Gw1<A@4&gRl0cl(_W3ZF
zMe3UnB&*&%)hUc9e_B-8gi$OZgflTSOf}BftYZO5i^H>HBpQu$58GleBw5mg&>S7_
z7cr}zU{{|j_<M06OTvfbReb8<x6|1&sQS{<>-eJ+D<~QbWMxMVj)5X&d0hGPkb4S>
znuZ+@cH^K+4etX^!W2KNF4`BoQCwsZQkO0|)5~VmkvKzU3Qt=nE#zxLCbi|?k6y>Y
zi6h2|tdR@6gpZ5>>@e{AAP8Z0Tf%A0FU3zK`@I(xl)&}zdBds$CW6tPJnCa0owXBu
zb8x|q8IR;AX$BYUk8ktLD~8E>Ih}_C-W2b&xTnMSNs-wZMXCwZr_q)<Tu55=)7s*W
z{5wMv3=bZHyp+`~{LSZ=s<bZeE4SeeVIlGHc2sdcS@IZ9FU8(O91eG{P#g$#dYr}_
zZ)>lqmONE>BZG&9V_QmmFk{u2c$OzzEZpaqUMz=@y!7e95w@c$EeMvQpqQJsEFaZV
zNqj@=)MzQV#+I@~@9~Ctb$a+43pd}v)-NkJA0_*Tjp9;4$((xnYi1yc8+e{8gHsl}
zb|Oa8KWB?ZgNb?PE^GGEkWbZ6^d934Z}?Rj+x!*3dZdwU=doZY45^T4(rY~giS!fY
zQx>&YqzDB!cX*NF7sQ=EoV35ETvzZ|n`ClM9S<l+=C)hi5ugpQK4ENaB1379#TXAe
z3OanxgC2xD1DLRP0$Y};tvFMmPE{P6YG%<y*-ERACRK<VzQaoei@p_wb#a^FM*29l
z=KWe2N&Y_<Mg?rU6W>KxoX~SQGg))wDdzYnF>v@(m|X;rEhr1}TwXdYsBKM#kb_3u
znGQ<?2ly`q8<2SjsvDz41UMUst!g+^fh;aDIDrv1HaWb5<yXqrp#W0j@nU#f<$tw3
z^K9ZppFGpuDmp3hcqSCXz^VV5A|;_+Qe=|MlT|hu8yM@9$~9chrAnc^aseeJhl%Uv
z`Tg(6e~vYX?PED2L^ENJxIDZppSZmUGQC*7)xnAx7sw>)t33o%(qpN%5<4Us4hVnY
zV<|O#*tQb>BeE7JpGL?$$ir8s!e#C~{}M}Zl3BT9Q=<a)w~wkK;csgr$}0U+oXpPl
zWi7fq5#N#ul*qAgHaZ+{jvN#Bz*=4)e6KTgOx3Ke%6+&xo?_A=E*9u3+(zu7gsd$h
zD6iGRldd+2vGQF1%dr)G@{3k$bN0&!FJBJ%4q=Q2Y4@C1!^+rRiLtibQ^i|@Pk*j6
z>=lCo4fJtq{W6_X`?9<$f)DFpj8!e2ccDp@AN=4ktk<d|#G1QUUzxAm<dw-pLOTSI
z(ZSGw;|Hz%(FVO*?YrfkT<YBuzYe=y4<8(a{K4!Z3iGIV=2S0l3bg<J86r8iE3@!H
zw`Wm`-_iE%ys4fNo1>oHZL`H`aU7j&?|VqFL>2V37U^1d&1vTQ!C3E<vZ=k%J3sHs
z_b((opZAMwla2bFaT+)7;(j_#@F{7M00`6_{=Rn;wt6b2p+Pxim2NMu;x~_p$3WE5
z7*rD8qqDcBs$Uq3b+}gt<h`p9YWPxuZ9VQ#iFYtKt<#ai@m7Aj?|Mz(TmNNDgd#k;
z-%=)Ah?_4A%AJ5Xq}ZBKFXT<jQQmQvtxIlGd6qfI{xt?+oh2>e!!41*IZeN}kH_ks
zR;&HYXv<|Rt>Tp4SmI#XLE@Kv_IAscLk%<TrUl5(bXs}e90NViFq;mwt=kP~H&OTR
zitd%uuj}cZX;LO9N>c^*pzq{&5f#01_DB?6c^={1W&(SO<J$4)<VP&sWb3<1J`b|1
zncW`)?ORU1ELmuwDQT&bkXTiAo|m~ytr)(n`H`lWaRc*nMgtzBft}W{5d02x80KWe
z=pmJO@{NJnto#5ow+_sPr!Kf%yCSZIb(#;;KN-IsMH#c<4Y9M@GsI}(G8V+o(N&d3
zAt6LYW^QF^nFXRSr@*VN;w2JwANQomnT&i|G^_Q1`6#h9EVJF^h5XtNHiSi(uUSmm
z)gGT7D6~^nY^bxY%g(W<3}$Rf3(FW&o{W3MYN;UbL4Lf{e+bv^8voEF;V&V{VDFNR
zM%*ixYEtOJh@+bN{KnqGjK^Sf=?qI?Boheye0M#*)#4v2$mDH^safhSL9j+^M@^c^
zkpl5}8Y2{+Q|O5YWDKHB3l-)$rzNQMr>1Rc0zK4rhJ*AR5m;DjM1WV<{=AG(Tg}f|
zgn&B+n?>qNp_Z>zcmFB5z_}*kcJywa-GyvTHxH4J|93fy9+#8hD!a2~qK1s^#nZRi
z1AeK~TMThtX}S-)^XA4V_N$-CDXJUR3L1L%=Do1DRv6nVF|=^|aHG~wwc)_;yT7j$
zsEWkb4ul$qn)z*8?x>OI-K_|>Lxks~*S0C`I9;#ffSo3}Eo}$+FhTXShR>kkbt_Ff
zXOEUP!e+P*8+uD!1Xs(jm(}!G#X`bmEHE2uj+MC_S=xo5g)s)@d9cmAaKwPbd(2Og
zBE0s$tY&^@SrWwM&i2~4<8g5zKfL_iK>CtLn$b~_SEZ>=N`q8W0_|jcYo%WXzkj3_
z3?ctQ4<dC>p*}gV<c;Ik_i4^|3)U!2O&4*BvakG8pyEc8@cYelWGuE&T%|{!v=;B$
z*I&LeTUR+k{)oro`3xR~EixL5`iqW0#`oLa0)n4D7BaA|(TEu|<AeY@F0=SBN~GSU
z=<ZPSJh|<<V6A3hfnl-1%aJ=Dy&Swbtr>Mo0IykV27$g+t8%HQF4icdwD09MkM`TA
z)QB|(HZc#9@W&z#A7aGku9{{=ZJd#~7v8O{mBGAwvaC40&*V_^-(RZQw%sq{X0Gme
z0)=*x@;8Qo+$_kmku+37x2Mx2xSvP)z0`l~bx}hw`9>r8Yqrr-HzOM-_E6Vr8RdD3
z&7;nEGnHL4FhBf#dksay8prQ~j4s~Nd!>|GU#}3s(=x(oVf2Whxvb9#wY>GN0*?8;
zQD+~C0W9$IFPHMP6ma*Ony^L2b2o2&npu4|F<WsO*;_m9s-t#o?E$4Ph>|2Uf2KP=
z%?NGu&FMopO?0UVd_|-)RUN$cj=$JznygD!iK6hRlgK<Np4%^BGeW{iJo^vvz`Gba
zN{G(@KeRXlOtgZgc<m3^;$ps;3z0e2y;`x?ntwuy;NK3wzXvJ*zapOhOCI*Z77-GY
zBN0l#{NG}<|FsdnD<#Z-zfq`LWb{j2Tr4wR7#%a?Slved4Pv+vAy>^5E51tM{`w8U
zwfF;76#&A%`h^ywnSbLYe3x8PZ2%%`aQ~d47V~d#>KL?mmP`V)6nOFzCPpwu{ed2B
z(P>sQQURw*=NFbGQ~m?u%G{b4Z7T+pB=6Bruvw(^8-spF>po#&0opBo`GtrTfam@k
z*zgU}L0%4^#=h(qWMxnO1IY&6`RE#;47^hO!%rwIpY&V#YJN`TX$fKZHGUm^NA*c}
zW~q?uS{wb**DMUzW(Uj<1)OwH@k=t+&!;|}NW^m`Sg@vN1}mSAj<fNRn!N&I5&!^K
z8i1T8o(>TH*qAW*jh=(<$e`$7OmI}nTtsy!4y5bfN6o*>IdZ&BAzo~=nIqjk^;B+O
ze9vy7SxMj1$K6itV>da13Z(NbP|}jGI!HJPB3b|pb{K+?*U*E9FiB)Z-EBaWtN|T_
zU`>WuQO_(7yqCy-?{cAM(9wvizAV;xk6FKOleRYBWzM@kO8dC+hR4F8R59n?{O0{T
zL0YP)VQwc<T0~_&_?TW992y16=*G7&F)!t3T_fVR&{%IrBA19X5!b)nMa}zPolQV!
zYJ+Dr*+-w3z@ikluLO_0)VZa-jj+1|WKgEj`?fmtw=8A&6As=z@$;|bJ>2~~eR@_a
z*>^4|aVJVm_bEz-4(~+^HZTB16yNdU11iODES-tnH6nuvrW4inUkMPO90lLTTJgnU
zOWH7RiY6yhDuewrbF-`Bzz>tM52?V)^%}=qQDDyZ78_?AMm4fy5yFDWwQj0(Mroo+
zhBuA3UO(tPgV`bG?nULm#jTai#p}XjjiYc)RupaO!-t~OXVSV_#v4;lX6mCnK5t0J
zs}zCboZ#~(F((w;6OEEv^rI1FKxOewE)x`y`?|@+1F7>HqtMU>a_t)p2t#MG^-IYP
zsSB}-HEt;U1*xAJIlI|!<<=Tl^ndf68muPaD$=&w9`&NF<!&Q#V{o&fXbwf2Rep#J
z=8{2=jHpY$m7xy^!188>C}lT9OGp3nuKF}<US{Ky+Xr$wld?D+`cbr}?bz-lHpjkA
zP2QR}nWBOPN8{fb3V#U6@yfu)USxI2NROPlD<7eWxI6Rgot<B69EpBTdb*^*^i-#y
z+bAjo@k+HZ5pfN>|A<EIkz`Ui{KL{yDiCSeSX#ZtiFbgJ8il6U_%4gGU(a19i+W*R
zQ@(Jn&2=&UJLgJI`uu5)tu^FO#KnY~K<O*z!?#EV_tSTZHiRjGz2#;FqONm_t2@i?
zyd!h<IW}rkOQpCfK%CXm>%jOh$uOaQTp6YyzIRPz@Ba3Qpiq)9&ppyHyEAjPZSvXr
z+P&Mx$%a$J7yQO6Hzq0V>I+>SQA8kw=@b75U^zbCaD|A~w5HXaha+T<7r@e}gW!vG
z;c6z&j=eKy={fEJsWgtamNOrwVSZENt_iP@^pZzj2lnj48LRnixt$47^?~+zyU7L8
zk|jf=<s+Uut9fU&%a%81r`(a`(o&b-J|rBcG3Sxg=>_c&zdhC2OfzcfIifD5{kqY>
z5q7lWH0QK7zAGDIAksd;%g0LG{6q<C!rI~raZOZ`I7s=HqoH;=x><wu3aAy`D-I_z
zd+w#%*Ix4_Ap+yaox!wxA9w>Zhs9K`%l?GN2c&<Zddl>)oj~$M39t11Y!AvG`Ki8^
z#v~#^a*Zn-_S(JFpLFD0RyxPhfB+jg8}y-<SjOpgXKtguH&evi>8Igcfy<u!0z^67
zYrpfS8s1Rvh9vF;UJT8pbbGYDxIB<k8%^MKY)d~)oO>`5bt1yk&2}m3FcTJsjOLv-
zZ}7<craEUj==(6!>q4aQc2x|Qf9liqx(xE2Tj_U?Vl8dnyY@p0iWfKBdh?YUtNB8+
z-N+n=t{MWPp#{l5UUY?c*{TmE1la8*@Q&buvE<VlEH=-8E>VPr&Af+XVk;ta?+*gi
zV^7Xa;P34Dr&a2^Gfuj7#pzCFJ#jlY*ZOgH+#|Mo+Y0J633d|P#}XW*3XXmp)o8xY
zr5T$098*GyNb<jUXAe%EZ727I^-Oknu)JSAz}=a9G^jq{%Rc%2RHV&BQP1zm&^tvV
zE;sn64%oDg<*Bj=vkfh+PkVnjuJvnvsM5nh6YFFp)T%p4m@83uL(P=)p<Bp4P&@An
z>SE#5m`UraNGw>R65Ahpw?sQODxyx!6c6PyISQV7ZM*-`<HLxhpl4^inGQNCHSnFy
zQevll^5`Kpn`velA?psn=i~SZWRoC?P{n|4Oq6Jp|K4$n+Dg9RC<C6Qc!5BVy2umX
znFv3{<2OBY&1sjr-^P=z)_7vonCILP8taunBZ#*9xpH1lj+_IO=u(WA&U54rd$;sr
zC%OGrFuVTHf16LWi~cLazH^>?yZMK!&Py(&QQ^bwnGlzZ#GXqZTpu-%4rRA2k==8%
z_Yu54VwdFl)hzB}aoq=_gP1dXkk^Uv?^qKWq&1W2+Fy`@PFNbe$_zCWZPwg*yD9`@
zedk%;e3d~}THs54W(YE=FFHn`d(A`?W1{yie$@0T*_jZs=<9ElZTakb+JY`U!}{r3
zZ870=Pnc_!1^7n1VIUv3<L7$pq((Gx&ki{h-?^c$2B-`2QvS+L0DanS;Aq#MNA^0&
zRWT*zIO$GHY#Ms~AfCj<3TB@HXUXWBS1poKq-gMOcB+-;v~rZ6{!}xxpm*ITn+zi7
zQw$X1fV@%Cnpt$0J5%0i8)vH3cqX0i30V;#$K<?@Lt<_}@-G+ypMwJHo!oMrv1r%k
z?RzIcPBNizQPWUU$Ng7Z`UeLHwCEgb3$W#dlJe!9Uf#zKO#n8H-%8l9#j4**GNQJ?
zXN19g@Jwh?ikJ1BbaJ*p8M=sZ^B^pfio^anqwkmmlxHH_nj5O5dM?WRaZ32{`WceR
zj>CNola<@_D43`DHvedviN?ZWu~hmf$VsicvG|p-<c!4KF{?y~q{0;jP8y5g_VEep
zf}<@^zFw4`yE)`rNbQN?HWo)+-Mdr1Ob!uuO^l%<+`whA0Ar{tif3vjQJp42Yk_u(
z_Z!|5YUBH{{PuztCp>e9XdWHN=V&H%mm<)mr!yt_&Nmj@4NtrdAk6lO`JS>R5o>Pa
z(8@%}u*EURpw0Byr9UZyD*>A5$;q>d(;f`JeRFAx*#b<N67RfpL2x_QjxiMXtSz~7
z$>tRUln9_QCj#UgYKYByzC+pJ^fwyOxI2bvRm{VNnakqv>Ic(e6n2Q5(tyUa!$T=h
zIM)QT5!|i&n^^c8jYk^bLl#!Yg>I|2hHb?aq7Ll~QoN0yPt#2WgoS-H`XIOn^g5|<
z3ENoJrCP;YOx3H*!NV`e;QV`5XV&`?ul)SJol|O-N;fy1pB8l5b7DzcZ$R9LYl`ZW
z<{5(OdW-PpLsmw|repScExi&?Mn)VuKApW0n|=x&bhtcU5HjOe9f$I5GdA46nOxnx
z)PY$Ah9?=K{q_j4?$E7{$#2MApa`V9$2KH(Gwc?hUvtZC%cEJf2~Y=bjE_j;WS0`g
z1WNA#9YMb_^?q2#ob)r9_H{X2W0*t+JD?j#BdD1#Ye&3kMcj}8&6U2QZ>Z(*8GWwD
zgCl3hV*U6Dit2*}@qOatD$VKoLt?3|XHDs$FUkndXhj;FnxE<I)MJ|^U3tn1YT$a+
z@e3X?tC%TS7aiuKG||A5PtcBd8K=fVA?U7wVry?$Ls>o17jMBBx%0SwaLF)cxMPF&
zLOFt#XKCAqfr@S=#bd>0vD3R^`O!qeZgj^RwTd6~fQJ9vOv5*7f$8R7ws2jze0RyZ
z(<&W!RPODL(;>xF-*%=PUxxrQ_3GfV8EnQ#`En)%`oLc_PshBshKKP(6KRHQ@)|kl
zhEiHXfL5<I{U0Qq?&tf%yQsSSOordh_(a~I3Y;a~@hO_?$@gi$hlf-B1#q>GQ-Kx<
z&lG4+=a>HU&p&<x>=>cn^DbMN`<_Z+GoPn@7lZd|HkJSfRi)c};`xXEQPOB{E8pMQ
z9iSWJ-+cIzL`dW~)KaslvaGD0;g*g0no@MZV#4fbP9Dm5;V;3(;~gZ>X>y-6d;^l6
z-{HBkjKk(ZwlddtTJ8Nh^89}XL;O#`AxCBKzeQ$W|4hNjy#Id}R{uqc^M4aQcWdN(
zk%e*J__+gRHuw}_yNKIgqVY;{Ap-`@t4h9INl2-=cuO1Ehx=E6)o>I9Pik~c{hbl%
zZ6B%d)iOjSR!WAbf(7oVoB#gh?_{qijVS5?;Ug6=>)@O#Gq+Xz8&MWMJ5v-2qxX7e
zN_qMe^Fn*-4=^Fs0GF2BJ^!p^SC>7HYQ%8<FMRy#oc;9>YE|%I$@YYZ^rKAeXNZn{
zQB=MBr&zI9ps}$OdC3x78PMNndq2WIUX4v2MQ^ept6^Ai4S-#t#p-r;1t)Gg#fXrN
zOqM9b^mk8(Ji+#ytXpYrd{SGBJPU6|wO4k>#NrU>U)}G);+Z(2lBUPZm{Mv>-EL)N
zXG>~RlD0c`J>yNOCnkMmSAZXt*_P?IQG?_Sn}GQ(d`WeL;f_H_t7Ai#spLH5YRzU|
zvj}P*jo=SX)On+1oUZ+n<3CCV@YL}ZX_snTX)v}9hZ5)n*|r{!J~Ok7<~PMsdf2);
zzmI7lUhlI}T47LU@tH`#6;)^F_YJR%H#e!$Vy=-khjoPP@qBCzQ~#o^B!j^_W~hrh
zxOJVr?faE)R8~PnwY{|<WxWpIE4g*qjMcKHa9-u_?#$4kZ&V{K#?3Zdv#yq3&3P0l
zbNSd@!z=2VVvcl`)6J400NPi{q(iKK^XqvHUC1`;{rjZ-yvzKWzSK(wD0}aF!s4TC
zaVz!peCHREaR~X0&M7?kTX-=I-pR8U<rDndJR`juqmcZ@i^mHd0SmQM*TSFf_vaK7
zE<9Of-WJOg)g0is4l(Jh_-yI3qx=d$*y>9eSv9lA6OSWZvBK?8^lBbnS&7Z@{xq&W
z53BxJHvkb9Q+LUd9W)Xe?aWBrUZzK^-a_q8Yh72)W$@Sss$m|)fKaSXs>-pORo+vL
z#grKUiWzIev(&eD-3;O9nlCmS<hHJA7IICL+@__>Xcm2{e;eGyUPcIvJX(i(nDtli
zhYgNep-fQd4rTkLnq(=AV0}iY7Gbs;c-r_zVDoK@sn}2N{K2y#_kn5~_N@GLfxuA|
z^nh)bi5_z61X2FwfuI_NpgOpI1H#NrX*)Fm>PMhUSy^<KQt6l+;;(aKQv=Qz<{z*7
zBO)1;l2{#hUo9{%A|hgL*p5@M0#`>Bub7Y^_TCtX$3SU@$*3^6ZCieHA(JP6n`hSI
zd1*J6*D^EhDe|4N#PI>OHS^|V?d>>;%V!0gwrZr}cL%ZxteaQE0A5WhkoKS#w$cDO
zg<&HoPj>-&%@vO#AL9=#)o4eg$;*>(jgLi~h-Gn7l&rd>s1jVg`}-(pkD90!*kG@f
zQS%E_K!21X3*LrRg|61(Vli<ziy%qQR0$8f1Iu?cCidO*2ey(?p<q7-=+^60mf+cN
z1Gl5*%47%-9&xyN#D4{D&UGmZgOLDD0*FlsXG3TVm)_f6B2uvf=o;@fQnckaB=^5Q
z@9NqSIMYpx8Vg7Hc(0+li*pAlN?l@-IJ)lUoRNKU7@WR&>(xP|G8^fEW?AHhN^AmI
zAd8!4X9CN{a~%=WdA(ouP6+k`NtrNlP9DF<MPp?$q?YxWmSUaJ0$(woJYGYc@NNT=
z!PsaD1HPu)W?$=M+lPrt#6*N#**i3|S3u84%&kO-(fJ&ObKKcN=<eIybwX!C3Vsc4
zlK1c5!*E1<bj-prs*$o3S(&|^V__%VBoPG0pQJ_#G@_`Qf-i7}qZ%n8?85~RbynAy
z&YiL%`HQg6{EbDNnkf;}n!$t4*_0fK1#~kLY2C+Zj*%mKKr`D5?*z(#7P0R5s5XIL
zM*G&9S0@U=Xdyz=pLCZ<Krst}ps0T_oQuy-SM9Y2Dz;WED+N9GN72(+QJY30+Zlkc
z+t0A%!v#b~6mNa#$4tRo1F_o7qL5%xHVqffoAjDtR3t!S=giNrdCY9QPq&^waboUx
z3gIEjn5RGWOt3?o@m`0+!j&MID<QT4LFm$xqO60W8%ULGBc;H&pTi1DA2yvB!hgbt
z_w<8zDhG?r0mdF*vXr<Lg|O5TGcO+T1raOmDCh@J0Q57iIZR*yuE&5;isl}h?{}%f
z78fiiFCM$jqsu~|g-vdxYcwh65+K1a$g;kffPAC*m;q`G5o3-zRUVrBwGki52Qo+n
zyads%$`E3z6A_SBfTwavq`8yxAHo^vIIDh&0V5@fJmawps*nyK$NY@6rr$&Hxou7)
zbwni4oF0nUY~zr|#F`z4bOsXwJvM>~p7529ULQ~bJp*d=G%E0tFh<A&D9g)+zA5ix
z|9o+w@EZSo4RV7#L7<|n`#4U0IuPCnG4*}hLzkCL7fGTP&&f?=nH`Ljl>#^=KZDCP
zfj}qx(Xcm|$jeKh(B(bn&@O3=JXgf-C%hA+Y;z%c;G<CQC&m}=6&M(*$HK<84sBK<
zV@CAfk3$nT&owKAa!b6RfoEC_L*I5(CS9^mu}5rpZ~!Oj>aUOmd1`U0`7o;&tl_2@
zJuOVfMQfGZG2BD8&93bh$5;JA=TJtM2RgjiNEnayI}&|bMtIMXb*c}W03Jn!gFu&U
zrsns`rvsCcQ9FHiXzmD`mf{62Qt_b*^uqNGUa)8)->Y7W%c$=sSFP~E`}ty_>r%bx
z(%+dP{HjG<C?bk8!B#6Sbt;PqY-5YurGyyO==TAef%p53er1G#TaOx+2TYM8U!khq
zZRZ^ioL<v@yrB5`G*QAUzu|XmT~!<^+CI1cEaD!K7w=gm691x#kn^&;lj!i;sp-$(
z&r4n%Mt@4Ue<Gsn+F{$zuRi)*c>=%H{!i*x1iE6|I$&P^2<!hrC8HsrIe!iMn?wBb
z31}{&F32~3>dbGj@XN*cAA2x699fhU!}%-aQo{mu`72KikkC)wo8H)OE*x6tZ^qc)
z@#g;5oXX#EWwig4(f9901|)dAeiQY2n2>pvfUJL#1Z()AMEPi6Lr~f`UlJ&Sgl(O*
zU}$JR7MJ{Pvt1tFG5-+xoBWmpvBmq6@ml7osQ61+zYvleXfMHRb2?%t-F3uo6fBRB
zMXz=y3fHjo_v`>p#k1}<*|_}8Tbtv$ncHI)XFz&fe7|4F&2EZkGj3iBjH+J@noUB_
zJ|OIB8!f?YLo?RgnKdpUT(c-hI)C2VXMqaCw?(Y4Q}?wbjkr3|mXP+EpRZ;6Ox-|I
zgU32j{5Gi=d~T+-hMB3Z!K9kvGHLEwD`>9YoT$c@zHf~S*Gc`!R~)8%$@?I9-Ni#I
z<nRUy9-5Z4Mr)bdeu6WT9#CP4knfIXy5~t4ps@B;^>nG64j{%HfxlGq=K(|3_1M`(
zV~Dl=TDJO9|LpTv1b+$&f2W(*0s#NGu{d6isw=gQvw}5HMW+XMhp-rW<~{JC@)MbQ
zv{PXk<R+>*$!q!T@N;HWx2#Bhk)&cmlbLRf!^0nihO>Py4kATRn4T2ml{I0z99IY6
ze<R&hWRYXg&TfGEbjN8-i*E|VhqEnzvAed+=i1h)7a`qD62#MS+TAiimRNQLA#bVV
zM{QY?R^D9?(<nN>7xuxS^PRzKBa{qMU|@a16=Ra5V%vhnHN*($<4#OAt4O&c!(5PL
zs`eiWt`#A#GiO^4+8&daJb~3{&VJ=~bMx}r4>~-U^1$6uuzBhLCZFv~#09QlLeFkG
zM2N9Ar*#6=NYFQhuCgO3zL+P%8P-HVM6uD62Jo_gbbE#$#kkhq67K6|WILDM+IJr^
zsWN$||7;zBWIwQutghp-h2yUCem|@c=xu0oLp!rp-nKEd=e{@msF=`Mp+w`49}-UW
zI)DA3KK$@<O?jqi<QkSP;8rwe%d0u>!ARAiFU}jP*{F|bIAR+L$vL5XQ*y^-zkE2M
z8|$hM3dLz?zZAB}VxyydNl4jwm3y{075SC1$_6E)sm$l`V-9#ZE7Z+*rL)J=Blp?x
zkTbDpqoOUwXQrhwkndy|KhxBY*!gjbhLkyONg#a>U%~=<yEb}~hZ_?~c+!|n4?eb7
zcns9(a;8cjz+mLCpSh^Js6u`%)7RI(!q*CKY~ia=q7??@`fDyPf#>eMB~PLqizsa!
z32v7PD>J8<p(L;Q;f9-G^fY<r<CwijXe~Wq>L_TO)r7c3u?1F4s18;1Jvw}%QXN~%
zeZ33whTlkrs(z=P<iYcpV-w4%u2FZEdQ4jq1}^#xNWI67K;P2qlos@QP3G$VOi|mA
z!5)kFA-HQ}haGkmtqpteImqky$r4Wc=V!HX#tnk3WMiNJNB_B5N}HPXX;#t3wx#%-
z>EwOjE~h7ZDmy{tMk<W=Zt|30agW$cdw`s5mDhC5f4EJ$-xCr+p8j<BK{u1x7$qsn
zrdy$g-aLfsZ$35f0-yN{%n4r0<L`b|B+8G;)Z_;&9<Ki$N$4u$iq62*!m5A*L==8~
zr-<%%`=Xlk*LNcy0Xx?ki3M{fKHyk+$j$h-u+{A)cVc*h=yF*>07-s-2<o=0Ml{xt
zSh;c2z0$<MuvLLV@h@nmPz<;j=t(68JSKx)a#aR+l`dvm4kPfxTpP{KK+k8px#$v4
zZv1=&!IY}9H}mh@JHXDq3A4cm{y&hN#JQBXOO#JRKHK1~m}$8+j`g+ZM(Arf{O|Zh
z?DqlFeUoW3Irph1i@(O^%bUc}FX~H}C6j@}`49eg2oAjZ#<Sh#%3ZSV&KQcY)&0U&
z6&kpR;u%Ns1;Jh-#~GKq7VQ(6muz1OXNdZUuWTki>|)Js>s7gP{2o1*_&qwn?f&9(
ztghNNICT4FDB-JU+7C5cU&6G=JGoilNqD~xQq5cdb=>u$Z=7sGCa?16sJchI77N{!
z1#a13md#`iaf9xC=nVR<eebxPI54{0s3AEghf_`5Cs~qpw|d}yIe`k`#qU|1ZrCau
z<LB{7EK^=8h^LcKQBgJZt9+iQO&w#>O{0CHwSxOJT)NzxKEhyKYTj2M^m$Fc*In(d
z#*3se@{$7b0DH@ZR?c*PUhNva9<(5~yAv#vewv*Y0k&58kWc#&gC$5E9)FDon=c)Y
z`TbS=+=@h_4OL)FRKE{CRd(p^E|!4@*W516`6QcM58c3E^E@$Y@8fr^qBY+^RfI6-
z_+y<<Olksow(%d<=k1?KqxB9=wlPR4X69>@8J^Nj){+su?&A^eVK@p~IEqik8C@6A
zWLIfQtt=+`Q6}<fO;R!(NBWK%jcTzSou@Mznog*3a?6pfThBRK>Nm}XU9ku6U(~|8
zcR99t!xq?`IIt7`Ji)oLkg{b=r;+b(*$zed4es1M;N6TaAQ$_Rux;jXZlSGlAi)?A
zm3p4D*qv<9cu_4<(3;rbcKv9gQp?P2@IrwfsR^@O=u`9CN%<N^B$)aLRj65TFJHl_
z{-e~QjfU#@fv_+Gi&WSfthV=iO`)yt-M_}~=2#?v9f}yuk8;lL9keYl7N>Isqzt5!
zl<t1$t1uAFZUFG*8}9vu9=j-wLq|re2UZExOGy&(3-)*2)Hv!2UoerC7^_Uw5V_xp
zWf_vw%V$mChVq7zkQY`o=4T1`$rbZ8D>ag$qlr?%cwUhm>XPhh#&m1NEFj*KU!p&L
zm>WoMJ`M)K-P8BuvkRqb&F)Cemo?3Qrl?<}UFl9VhWTqcxpE)Mu*WZ?C+{lV_+zuS
zCo6+liyb1zebyF~*`ob;wu8#SQ-LV)Nd*A>CBJGsR<o#3rl`)M!K72gE7GiwM9Qf!
z`>=0XdVXfzSS0T)I;Dq9x{!xv%904}dQA)M?!x8G!l}Nk$AoO5D=&hykxTse;LvQG
zs5#Bop>J*^6mh^92X!R?4KWU=)U2RU>7VFuhV`9OFfWp+2liOCDsO6^>9p#d++MMc
z5>^4{4@$C@k4F8{miB<6yAw}RjfY2wqeppI2FMl=X-E-y?<aeH?c{D3i1RElk1o4y
zwyuT%H8iw)p~l*Fo3HNHFS1<F>lZXcN-QiNs*iSBnLJv+DyXjU`ZDcGpnv_O2IH9a
zLvO%$6p29p1o}T|J1cbeVQTLVrC$DE@z7__=VvCNL$W2O>;a9HqDR_JnjPJxLId<m
z4*8GG;vU`Wp|k9Q5bf{phf-NTe8Wp{xN8&%UNiFn@b!KqE?6y4z5dBO369MhTDV9z
zkMu+_+L#4XgLFTMN78$kskIg1z2Z4$PY!rf&)3&WIh|#MjqjsaPr?Nmbkp*lBtAY2
zBjI~<uK|;mwupU88>Ysf@~9RAaU|E8c=CXXM;impg$LLvv`4!4ilsYY!`g^e<wgs^
z(~?S3*ecfy?b85jNwH7FpmDeElNvN;D>Eqeq}67y7R^6eDwZ?|&5Id5@iVjKJ|zSJ
zyL*V4EmvD60@7C>A}~<cznf4@`E3mki%OoOlu(W^EmeTx;Q>4ZQ4zH#JgE1_;$k8x
z4&7Jjh?&{=l>5JqibNSl2lfpKoLDb!E)2Rc9;@@^Pc2CTJE4tQ=u&PkQ~$-lv-o(e
zR8J1GQX=&($ip*}%$rpg9=^}vOSmZj1QjI(RA1;&_d2Ui$tf!Wub-FOCv?c5QQ`?)
zUbP65o&$G7wTH)oF!a9~ga%|$<?i+K9B(D8$>m)M`T%Esp@2XQh_q9Isaj*g0tNA*
ze%Axz2^qy6oIqnQNN6lzldrVdWoK6Emo|4;mJN0!_++-YEn~<ZKStTZ#<8Ib4j-7#
zRwkA~hB$%iNjypC$vpunnI+7o^eZ`?Mba%|>G>;WqNHO!fc6Fm+rn`>+jSGqeot~t
zZb{K(k1B8A2v(DLkTB9d*qDi5R<U}}u~9sSgBC=}u$io4rpaPXBdn6Rol_iR7+}}S
z<Ucq%bN>L8vG5WTJ-Mo~HFQ(pFLt#WICN3+S*84Px&EyJWpRj`P1Bwqg;^kr!Og%@
zBQ+ea{`|9Cnkx$j3q}V8pb%^fe#d9-9o%<LK-x}ot)JUM+aEz)GwJdVb{D_1n;+Bb
zD)l^9lX~}P)cvN@+jXH2FI>u4%tli#9<LU651RBAqz(ouhqKZx=DS$jXKd(q_$i6d
zC(HTCgOpJ0%g=q2AA*rXJt1nSgDu^%mZ`QIVqDN7_R?+(3_zPHPBQ?@pQZY$AIf{&
z)`&gswp_s~9bAjb#WzBzuA`&P)1<EFt3(eImbLX)DZ&Oc8)&_=C7xVF<1_4?;Vb+Q
zLuyN5z~jj+FS+YNd-IK~vq(zrs{EbL@HncJ&@$npv9!$eB@TM)({l^*60YYb6_XHs
z9w`0Nrm0XISZhPX1IFkJmuH(_=!}uurQh!c2PPt5q}Xn3rdOLe21?H#z!yp=7p7*I
z+B1{LETHF>WVZS;Pr_>(OInoCw?#`7cEEPpKDgQ)cfbUDdfq*#!9SY-bE&<nhI*Ri
zOwvTwQgg@aB7AP*7<qmx6xVIZR4IXCy^m^J%RIWpUaRmWA_Sv)T$J*V*Q}LDY+|Yh
zkjN+d0l#Awx)dXqfWz=K<U(rl)ouWlG?tMN9V)`q%hq;wR??6ZK{-ySjmIb*lYPmr
zw89AL;id;Jr<UT*=z;86DUckEh3=6@MlefFo@zB^ZN|U%gLb3FKw2;*^vD4<9&(;N
zWV^sw&mD{7$Fp8;a>Z@;#><UKOVb_ZZcdQ?y}MueqBe|;_sYdlPz4)JPybmvcQZLF
z>!g9%mz|`ug4apwaipkj{4->5$l3Lz0vf~)QSc=#;OAMf2Rsc*M*n+=4fq^z?Em8G
zJ$>$?k82gJZ#s>5>e1ZV%W@4!g#s4|n0hnImF`|W#^h-bNq2MU@j4UmNe2IWq>u7`
zrz%l?e-Hr5Q>j<{n18yk{e^K-X(!!F(h{=XJRx@=t#O$dH%#whz#H)NVzB<^5q8Ny
zU*YIRya=JL5n(q&3qrZ>OQod*`rms0=<aV{P6_<)0Fd0D6^H*0sSy9IJ}@r$|1{nZ
z`e*&2tVLm~F6Qfw5n252w^I4gWX?rT^80$FTjT!0NvB5tQF2?0HlE<g@N8k|HMI5a
z-XmR&i#^9rPly@*tZ)2x@q+&mkpc0SUx6{8@{_n|=kI;~KmOgDB(yc<PpA6Ns?2$1
zB9w-}pT%{+jjU*(YyV=3p=3$JUdeE~62e(1g@ei!y>(Fum2ZqahCV<ZREcqwy#F^V
zjK#qSjI3i!8Qj?EsM0_GJR%kvh0E&6XINOz$~6S!5wo+_Y`Yv)=8|Z7)IvLf>z{#A
z(SI$<;>fERX|g~wMFT-#DTloE&jVE}_V(I>@x}h);dwj{Q;`e{{i(4bF=aXGbq+f+
z9gpK;jajlYGoz42OaIwub(Fy*>A2|NJL)8*NP=8Q$9R3vTY0@LRpk@UJcre34GVCy
ze6nZB&ZM{nOh#Yih=ACg<Xa%sLNAw&8zYom>=%msmzpXUt+Xc5yX(;np;1;h6m&u*
z-`)RGdU5zAly+(*G$pWvIK)e7;hV0L<Hk2<72>gokHydpJ#K)4syJsmR4Y~yN0m_(
zBQay4zlq_z9oF^onW^`UHkYo}&M{Cl=PKT%!-KBYP>!=VY96%J%=~$mTumet&6|Dd
zsRmP(>}Kdao;-;DFbZ;0r(_6TKELV1q4LgyaMz7s1)#?HKM;ROKE%6gKzWL+X~Ja&
zG#k>t=&<&vt(H}IOVHE_<5OdC)Y&H<*PPKqhZyKP5n7q|-uBtdTJ%ytAHJmW{3IP6
z!sI%oN0RSD40n>=9F~+pr^8ym0XG+rdv2%$u44;sTfl7!P^ePb?hR(HxsHl&P5t)0
z8v+EZ8fDmF%OBJYQW|YGzPLD3?C{@r6>RKnGfIZ2#i~nJ@z_0~&^#g-DR{@oOUO5a
zW~&a6g(8vvdYdOQk^nm))d?l@A|gb{Ny$`D_<nONEZ!0OKuK}N!AvlsLcIP7zeqg2
zxX(<yu>9I5fK97(X{5wBA!7!;E<N+KU2oC$y2ae=K8%Mnd3@{SPITaa^6De%Y<NyR
zx74|+yoT(Z1k<SH4+{S2a!gSfO_5~|JuTDqVM3J;1&xdzkD`EtacKAOz5hsOw17)D
z7<}i|R8J?Gr7PBAG2qV=nomhgm`D-IG|7+#wL*HSjP@reqP*roZ&@6TZI%@au$l=A
zHpkMpZw$V@3pG&7{*>gk2~b1Et-3@>z5tWkqY=;lRTObq>cO|<*VJ0aeCb*j$7LSx
z@>Jj!IkG?1SL+c1{g#x!-qM>p8kgzKD&pGoPrvF?)b)tjjT%0lV1r^^a&?YA1v^lm
zKCZnpzIzfS#J^VyISlr<1UPpO@&3hpUo@978Xrk;u8Y=aW<t)0-@21LD1b=%Am>-;
z(%iJ%!o%L%Xq@i)-BFKQ+ghL!bNgEE;a5z!a@4FeM=o)1uaVH&-aRirw_Y?n-xDq+
z9IOg<XxZ*~E!H|)j0Xyz@H8Z1zoN_jm67T5yIoAEMq%9XS`tbr>U7?YjD4pQlFocn
z#Mfmnx1fIYF^mk63XlrU$U0h>4_Tm%pIjtjNz}oSEfHL^w~byhT8!^^>PWbZEpPjn
zwblY=VWn)F6lj+wP+;;@dpn<k7|_gqf0O{!p?MXvMd#jQXQykn)jvxLLjLJ2y+5nN
z0DauJM*WRp6!bli#~O)d=6V%U)Z~W_+c2+rU{m?RIhI|XMf5CvF*0Lh#{sY;=R*CA
z+$)=RaU?M)E+5L;1ySj|FN5&V#|a#U`=Mop-VfgpTsz+uO?Yepm!_)Ge(}v3d+1||
zS<8(B0ya(T113|>wn~oP?vhhM6{oIf4&rO#385V@3<80t0$FQCxRKFQJnwFwPkyOq
zpG>nO*<exYPvnKa%(7R<Rj8$Z5cKdzV^CznREe~W!b$jTe^24$9Pum%&IG#@(8u;a
zXQa1`2x*F0?HByEW0(=Wb}ha3su(EE0=!0yHyW{E_O7)aDa%Gf;RX+R_@x;1R&WVl
zjr>}4)Q5E<(OemEErlqst?<Hpt5Bt02vUM9Ju&Ic_(rv7cNoIjNrcrC)xpW=Vdg$g
zH`phLxI<@3T$<B-DC(m=JIO5=(veO_ZoTSQ@Cr9(Do;T#-OpPg)oGucZ36cZr<sM_
z9t#%-+2k`W;ia}nqYnC~S&F^Fj%asY>`s2g_tcVcXWx012;npKz<+~6UW1kWs>CVe
zfBTg}>^2?&!3qH62bbQze`(hMVoOB#{*EnxxEE}0{!ZLGz5**gQ&LRSe9OS>*#j3B
z(?<_qwO89S#mYzFRB3nnQMQTHT#AW(J=2_y$XI7qPO-#qFl1Hjx;1i*U%{4yASR9E
z4mbBBSU69;gKRoomFe9oLg+r2KWwPntuo|#w!DvK7%~{~-2P!PA<@sK3qaot83F-D
z>p|L`)gs)?oMum_(7_JgCt=4R_6~M)0e+qzZ@rCdpSrLDLboVswGC6(P|8$Gu(La^
zG{^LDVt=yj5%cn<J)%uxc#8w`?E_Hv-p%%62m#w#<~?VcQLwQ4mRXU`?eoK3N)v^I
zW6Wav1$|yghQ!r{d5UM*5#?{L<vh{)#0;fxF*DBX&9ag#Z4x=3T<SINdHmg~e}<OA
z2sMKkRcr|T(a<eOU_*ry%qdv};xSFE8qQ!YcB0U5;&<E|b%v26M1oIgU%0CUbX&GX
zt_b3#-9Er)Ii2C#U#6HHJ63~NbDEzZ^WJ{xZRDfoG4!_HD|-a*&bx?Zc2*|uv#&Z4
zlPgs>C|o<ue#`COn{uQy!3_;7>09WtDX+}4Piep}K(L1>1fl*^P;#Jw-p`aCOCkh=
zZFBImL_Q4*gy<5Dg-T%nKSo%Bq|Q4?4j#|Q46^y?`SuHi*F<La`#ZPI9lO#wigmIX
z)WJ$6j#+YqvQIUJ5ga!G(S;pq_Z|gZyfPG@4b4B3BRK4o9WR~3n%p61-`udE7E$WJ
z`aS}`7qOwNXv2+&PrVp^`oTgKA7{xb(dk7I4g%cP&E{+%k%C-TYcxzo_0HrG5zj07
zLj8YG+CK>N+#(Z@w|SKGy%>u{?R21Pgkc|(0~d-7K=k8xB$~X7O=r_$1k)nz4--(a
zqQ-o$r1ojyf!!-At;L<E#DWE7(#^VRG-}CM9IOS#*Q#<0maB!`>LQ~;><;M<bkrd^
z(+Lvi6X`LkADfM$TPuoIuiqG&cGL666yZt8F>9!*H#hdX!|UZobF$z<xFX)U#-Jts
z=T?aUI*eX*A89910v~s<?*%V?R4HH+n@k%R=N6Vy5tNo8))IF??|b-)w<upJLWGMe
z)>9e(CVMjRDx8@9Tu03NIv~K{TF-5Ot*jsSY6y;jD71%mX{T_G_Xc=jt(X?P{ct~g
zbLSXmk%|ua1x<PIZbUhoC6*>y0={sMK8Qtb^u_b9^F=X_vXjy>x{W`{Zm#YBNJ&#H
z9cg1(wW3_te);t+w|fU{#i{rCj5^x{;dfmajZwkmaY-Vtl7U*=t*)4s(VhGy@kF7}
zn+2m8loIDYHi80!>Ha7gzb~pClF#+tMvnDb6OIn?;Nq(?OF5y4yKjvv9)OIeqi-S~
zu_O<+Ef+l551Lci3wCW%m%cOO%C{F{&_D(?wRp5!j8=M=+1)<%4HxSAwiG_$K<)LQ
z1>h)@Lw)oZ5x%<N<7cOqtt<%H675{_M`NU6kQhOtlu%+hIvGCa4+Y#jx}0PPd*GI`
zJm&r|lbE!$bS#ve0g#&M0xU^_7K0%iL$4LRYL50<SVpokEL*wr7U4AF5#?@+MWsmy
z*(kKXfAMmZ%kzh=uo4RDfrbNa8>MO|CJr!jZEC2x^Nj^cc5g+^q(2T?H+rMynInsX
znO2a$Y#)q_1KI~YnaCK`vHi4)>QH6!2)HjunyjP#3`8(_r2ASj%comEbc7g_eDG!>
zn8@sgu}F*uIzkjQ+Lsv&A`g7sYqMCV?f-b%X~iO?jFrvHfSp1-Shn07V?d7qHb}%7
z<3uMivn%6y6OD{^St`u{#dmtY)rHJ)evb-q{n<%F9nR$=?!5h@hD{i36Le{ltF5~O
z-1>Q3v|GxB+Sz`Wcdiw92|iCau~#>F@Ep;RejR=e^!Y_%X4$)|uRQWVv`D}>ad4}V
zo71DNh&hokZhFZ9qbId!S4}j3+5k^A@Y;*YhF9J04KV>b@q!XplIH^?f0Ofv6}yL9
zasN|A{F_P)pazdGj^wnF_8kS2K@R}gA9+b~EO3zgA^4Jv6~`=CCy;CBI&o(-P}SXc
z-9EMZSgdpX?RX*CB6#fc>tM*TpcG1p4Fiu%8y5zCWA`rF*zVaLOLkW&$sMT&L5i*P
zR`0bq0G>g7b9F@B+qfK>!h;-hH+8JTup60P0`2>fPDu0<8Eb}+5<n4+y{0`c6!q_-
zRK!uiH3BJLN5&r>zhW(j`=y0h3F`Sk(?l{?Q;S+0Vo#vSsn%^^&vKO#UM>yZ$+ML`
zK+4`T)c3aOY)YV;4fJrEHue->{XU7w*5-SB1a<Si95Q{gqimh#jnb+#K2jV=wcik=
zBO`-cxX0jM!&p6h%UA-`W8mUmPQ%o=@+S?4$YuxX`=pJN_bPV>wro={y#WHa?G>Zn
z7D)b?wB;3anwjao-7E^;qX+$zuHITW4zr6s_51~&hBLAYuLQHR{n69m?bl0%k`}Mv
z*?6TkCS<uYtzTT=%GYU|7`+}k?rq3}EW5V``LMzD@S)@992O-v2-y^4GmzfBPJ>$Z
z#qrF-wlt?72MWKkSmFsqC;M+Hkyd`o`F34TC6oTBEO7E!YA3SEtUrswCt_Ts&1aJ$
z0qP`!P#hSQ+!pNGg5--&B2&oCCeT4gS(Yzws4efllgdpZ;_3x21-xDkoJNrKcGoTs
z#5~`zUu#l6)T?1UwlA9>z}?l=n$>y50eyI0zdL~L$;d|g!)3YP%rHTNC-C^_d=#*a
zWi@OC1#KK^RYA=q1rYy$<D}umB={hFBYF8xNdbvUWW9r%K#PE`$+zuLth`CrAV6ZS
zw1qDL`&lg~qDwErJkGaU07;S#$E-DP5m%GQOkOo2Pfct$2J>3jr55x?I{2b#@M0)d
zkY@Cs;g9T(M>KhxxK!F5#lCU(wYy%GKfU<My@R<72aSMJxCfttq<pX2R84b~c7<m@
zgTdt1kZ6SNyItyS2mD2fI1k#+{!3S0*XWkQG!i}3Set`vpKRML)^WF+J6j!I`(e0L
zrGt2P!Yh!^FkxRwdfzVfj>cEODDDFy_0La~8Xiwcu%EcS(LuL1Ngd$srRsO#K_ZeI
zoQ^Z;j=_v2@sz=@@Xa@y;rmVttuiZr9PCQGSazPT=}sjq00VlVyjI8H&3YtTPeG|c
zk@SkI(P!F^nl95B6Rq=}kLH77WV^TZ-HR;6K&nv?ii9}jc)r~fri)Ilxj>Yr46a{;
zyP6zIdtlbl(Si@_@`jrEN(tLjc1$?9&Me;TdTf99(?3qgzFbSt^;8QjK{A}CIAX$l
zs8FCR)#`?*@dU()@(ns#!CX#aPe-rxM2_j+^HX>G_6RvNGioWKzpWgy-GzeJxBch~
zcdrg3$+0|cBUXq@s0<;w8nGUxL#GNfi#CDkcA~`fwA4FNl%E_$3dlIW%HkOBcN<<m
z?=LALXZD&-ovzfQSFLxXKk;P21ug5fLY6+`A(DyrzCA^5`*RBHI$FHf4#5~TOW~B2
zLcH5Q!pwCLS3KE{H_D4pS5C+C9O2VbnSc$2SrW1uCZ-p0-YTe+V_$fQ(P6-YG5KJb
zcE!m^&eRMpVGfT`N;)H=PC5x+Nph+!zSKAXL0)TLY?1*bIR<mCMZ_Zs<`eF@>ZS5i
zpQOYyq$7`B)ST%!9y=0&DWyrz>D~1s<NQkZHYsoo9ZU?!`$rbolBQk9P!y4^B1hKY
zAP+(He%v5);F!BDhpM#tu^16{X>`7Ran!L*JEK~SX1&>wB?#Ovd147**yj<jzzb_$
zluV5c>LUxLzUOLU_XrY2kf2dwk|V+5wY&|&9PJ4jlZ0kAl@!unwg+2ftZFng{y2UC
zJA1a3g73~95AB)B|4~nWwB1M5;J)ZoFiJsgiLlAy`q)=S=tW@4Mp%5gPpVFF4~14_
z1;Eq!lu|+&tG`7Eb4Iz$EH0@evDdz#uL91t6+e_uHkNYR%8G)V&X3;nf;-peKEUVv
zK8ci!X-j(!dOkA-D!)}wEm2oFe{8yd%tdc-IGW{x_DH1hGE?LRj+9Lu!wK)IB08#0
zF~bN6C`qC%Q66;*y8!i#2mtd}P1pVb7M2*ml)x%LM)KncU`h<=PF<d!oaZfKv>h$m
zjMU4vb-J`;0wls}@Vc|q;CEQT1_Ol@k*dvR$O(dEQwda!3|_&-OTPP28znQB7ffr`
z4)E|`Y#ILqhf9T2DG~C$054P&41nT(L`X?x;TM3RjQsXOaB(}Yf8{x-itZpy2XIJ2
zXNZB@QM-xsDF#~1J^B<Dak<L~6EsUy(hK}poT?TkK>OP#M|CRcrhG^HT(Qug;lW?b
z@qdb{Dgq+)L%Hl2?F}|l9_{X!ml1}ZUap<oCmb+(0i40iN6m$0kH}OiU_|Mkr@xMJ
zL4l7-OhIdW@<^HH9}zwPmF7btfoD&A?bhoQ;C2Lml7Ag!sFH%#S9_i?^*&&;6MC$J
z(ki2`sN}oMc(wzYnYy!mF(^A=6tx5K^}gI|0J^9nJ`ElX<(;g;c~3SyUK<0vT#oT?
zHj?b@{%5P?@LBQ^`-9%GoCs&$tmIpDn}Y=?m~@?yK<n@*@Obb0$3U}5ANR7QfMnkt
z>sBFy`efxkmZQPsUNQGo6GMTp0`D}9FBF?5=@MRjAKpcP$=7zEJmsICU(MmF-4DRx
z_@`hZux+X`A$*ihDRv#SBA9C1Z%@wk7p@<HO>?btol0HLS0o1lGDoru^6Ng0fr76?
zWmg^{9EGbXD7Whkj@SC&hVCZ_qzNTn_y{RQoY(X~Aab?VeiTkJqI!Af?N)*=e@~>q
ztZRzH$88LR3pVb)Y={CtYp{Ls&uaNI@()0#tP;X_8z6Z^usYi2jMG9F9+9=VeEYZg
z`>QzIKOqF5KjB~L#ec!I|2B976nG8)YFPLWd*}Bce}z>3#CLxcyWY<S$hTt(<CTE?
zYksvu{O9CE>Je}mLMBgRxWXUi;$JM%e{tdeimbORb#oL{8dDDR1Nh|){hx?Rp>g|n
zz^+(+TNejBg{OU2Zch0(kKwN*{5zlVE7<>cjGupsN&U|6Feotp9TW85(ae;Hv7u~#
z5@P;p`oEc=KZhBvtpWzhKRu0sqNiAB%qo60lsr`Ps;|O-{}L58Xl6?Ns*-pdWqk3@
z$(_D$21Jlo|3Y8?aVFk4h>l{8US)~;Zi(8#f+`FIdd*e$jQ?VQ{~^cqO9t$DNLe@E
z&V?m1h&|Eto&T@B_YP|^+unwCP(cx+1A@|`GKxwQsZtUZ6_GAYq)8Ew-g}6O5Cs9H
zNC%OoAWeEpr1#!ygwR3{Bm`352c4O7&dix}&UanE_r1RN`_6v}JbCusYnQdweXq4P
zyfD<t_?Pd@#@KI3R`ps;o&P2j@CQ$#a0v){Y|e$ozC*gxX3lGIbc2alVI}-^qnN1U
zB~Lr<si{C?D<P@OWS4-u;78wcLM1bQtLV8;@EkBF7XyL*jNNV;+EoIgIb9;AKlQb8
zY+?hfIuZw96P(-U&v!01b-I5i1`HO$a$PTY^*7E)X5`bQF9!-&$aP)e#@u~K%2YBh
zKlpzB2VwFno%Dk@in<A8nkA~UOGick!Av`DTJbn+rqW6~OIs$$h}}^cU1<5TtjhL!
zN4d9Xo`u8px=ne;7?D%`wVei1uuhq)F)FXeqms|6xDkNNsRba%>aJed6tbW7&N0b6
zb{nNVXTY3vMs9yL<6lrx0P7YFq>o$LEZv9~Tp4}$X2;oXrdiWDB1f(1yoxHtt8Yd`
z&l$saUn^$ki-^?41R%GCE@=<sS+U-feOYA9`*yp~>*r>m8cR9H59aBj3OA7M)l#YB
zN;>ptAmG;;rvHkzybMUW$NlD2c&36+6H;e6(n@g0i$=2lR2OBmwHwJ7rCq)jQ0732
zX~%lA|6pIbe;(?vO@@>MRXGylZ%Un!kT`7)E(WUj{>zp9nO*Y}z`aEdDP#7D4fFSi
zU5N6#CP{6{Ze(c8n$o<)IDEeGF1yqEaq8nE9O63{?lnVRUd1xxTg{fU#hX3w^;~@O
z7wY!6O}{5j;1U_WTCY_l<u!e=MA%`0PPT2kc+TDgu9X7IBx$xfDctxAERg<I@jYp+
zUUe3@I;dDWGb9U0Qj7hFooGA*B=apKz94`RJ^jKyAbmhQMgLK|k6eIOFB>}ceJl8=
zGt<iH>miiP(R%yPl+gu2C6xtXp|^!VMIL6(bU^t_)y1aqv1VWcfHu=}DcOB}sL;AN
z4$i;A^ZypF{c)g=5et(N`s9|c$`o?xKa%;{<c#F2;aG7`6SIjcmflP$hX004dLZ<n
zPZ@kh5cby^yY1n99fl*|rk~ru^r*ZNtxJA(Vr;=L8UF>N4(QdldE}&%?%ZSiDqtGZ
z(6v|p8`M&Y8R<<*#oa7}s5lY13?Sp{?9WBJl~+!%9keAho^+=8rw#z&b|*tfKY2^L
z%{}p#`IKZHa#JodV>$2#r|^tI#qpkPs)Jv(&Ip@)!zag}9z@_A04v8y4ut#VQi9Z!
zuL(`2Xy#evC9;p2EEF!rUU?Rv5_*<Z-i_Mav>u_W^F3tqv0kRq=a_<*v^tu(O4U1|
zyC=`+*5tu0R)n$L`p(Eyc1RUx1@c-D&CfMf(t95__n(yK$2P!0W;%pbz!m747?R$z
zhA~%c+z_<sV;DNUdFVpOzQ%@!?o2><=^tqXaW~C*0);|Jq~a9Zi#$)WR#D6a_}mrt
zvbuT`W|^||jtw^2Nvj&Cq254bEv#omO-ucU?IwG6sMjnW4~OS+=Y%MEKCgLS^7Dl^
zd7f=6cQ<)VIcor{o^#XWR-Wmb$^oss1j(l#&Jh2|CHw}E?kVT`hp@M4b#LArhxnhF
zQ{m+biGSzYa?WL+y6lY$lNU8q09>gX8-4bzsOZ_ZT*6GOpPvVi`|9qo7>^u(!hKIW
zw#fTA0_UqhP7zJ$q(6cQYVs?^|6*I7%*%J$@fKqPTdI<@Ab@m?ix9%~i+3OR$n`Hi
zX8wYILp>J(vsR+KZ1wku4&Y(y;r^Wt`^}=-Q0ixNd2`~LtjF^dL>}C(EokI!5&}IE
zJp+D!H0@<;!%inh1Lo#f>&Zd@9Ot-B(vSm?@!W#g+aYF)H)Jo(zlj!Tbyd)G%`$jx
zRPl_qd|)#9{?~`@PKm~+Z!Td*&hhjwhANPnyQZ8}7NhQ=<mH0&dinhKW8-%QnbnzQ
zE2MV<-_NHm+kDOBWD`{a-*tSz;pk#{Ivl$uM8A3O^{K0|9;12d;h;;@H8-re>)|5#
zhr7?C0+ANI^G0>8LYYFwBvs&sa@KORs7&*$r^<GSHKe{^@G4pZ07ma2DRsW_5Y|V~
zs&ntu(XFH0X<YZ}A2W9g(zGLqQDkTSBD4E_S}!((MWKo<Gu!MilgP-f7&-6o+vJS=
z0&RUm-<Ky#T@{X$O&2AZ;*VeC`ICwG=x{pdY{<6BaEjV#fq!5VV&vanmCrtKyY?Q;
z84;QwCiOaW;!PYR)a{;F2A1JdG5!huxc0(<q~!Ym{H0+n672_COsUMks4ljO%sw*V
z?sFuCzM-xi??6H_odd*Qzvtm`aP#t~5&F6AdZyz6CWgnrM&o*lQe|k+<#aeD`Ar1U
zR1!NF=T`O$!4*dT&_eT1A8ytQFVx)<v5UQ9xu_y=KVihM&Mqwm0KgZO%eT%pI7WN<
zoJP+rr~%B|;U=Gs?$^VCZ^ro0Cup96x|`>Prov-)t10HMZq7Us_0^!&iOt%D;V{s{
zaN##Ne9|)3Z01qCd<*4=G_w-SE6NXal$9-#Iemm5wXEQoX9UWfy(f;gM>n2a4q_%P
zSIx9?AbgK6v!x-fW8eP?4Ocz``vyvDV2ohM@vE7&(7S39W9@^t@PB&lz1z1#QHA$S
zZpyzsw%(Jf@FZqH<Jq}594{|51AduN{b|Y4nVz98p1%IIY*E6s(z`O*a!|3}**5n*
zfP8nD->UurP;c8O19ueUWApSEs}Bmp9FLFu&L-Ud!6tAe#Kxr!yK*=mm#y@p&Mvl!
zlgcb$nW@5o4?C5@d1S;T<q>Wtl1!o2T8Fhp?uY=iR;<6&YYyKGw0x`knI}vFkPH#g
z<YT~j66c)?<avyxsc|ofdd#(XB?YeB*kyM7=~pU&|I~LXfzlTJXDUGou_hh6Q)}lN
zg3K2c+Nn$I>_4YfF43mL4%<&m4q~)4*nb`OXJTtx1$=~%)z9I~L1ljw#$W+rNnhS~
zyZ#=m_hwdeW;&?N#J5l5nH>IZS9dqa9DI+-cCa?4+-X*g@y5%u&!X3#u6QCIO=nm{
z6j<KJH8FTrvLEtWKlOR|OrRSY??V&mG}8;$4M;~TGQQuy2_&8P`7~Ba+#jkp)Kr-s
z9u#p+l&idOU3cuMZb9yg!#`G8?70l}3K1~*zR!`+9Xa{~v-B><m6h9<68?@$01n{{
zz9WLk0*~sgFsaLyZ;@}pT+igbKJE1gmla>lkBXjQz<7uyC?v-xPCPdC#U40RF>~UI
zK_HW?!sk6)(5;?fRA--t8?ZSovGps8mW-O=-FG>TcXZe2><rsrqfp%do?{8!fnuUQ
z_()-zn?Zq6k9*;sj;kvO5`ag*J4|dhvjNt>l#R*tPej69=cUn#49uPbY;fHxwqn3;
z|K;E5n^;JXBA`xEkX=T2U(~Kn5g_%~fYbrx@AQ!*Zmi3srozGdo8dwq(i~hDuNxkP
zUp)LzXoRKyEN2{0v_hGdcz5Wk<eWH>D*njh>+I}<+#8pgpqU9e46rsUAN*T2rc)Qw
z*<V0)`yZaH>N|i@77y(_-y!J(9Ey!MGajgdrSTkL8ICW*vH4pGmVaUq*zZ6tR)YW*
zfg-%eB8<IQTm)E~bUtwTcN$^6)iGn|Yx!iy{F^LEpaRRpaBS|)7fC>Q|EME??g+uw
zLo13@`5*Sk!QS)^ot)Cgt)(G|;3RI(n53=>50Bc`d|nzX#cm4<&qeab>C9jiYCR^w
zqFQ;m-Ci0RJ3HM%k_V0_ju!<-K^EzPf)rO~u|h9PM|mwTG0bJUn^IGKomg3#D*LzJ
zT=4hQK1Ls^hd(<aP_yt0;!slnw}$rTff)T%uFG$}8a;VRu9vQf<PnQvXJfP-yit`C
z5wO{Dt6t)?N_X|e>H>k@Ke7nx-Qs`8B7|q$QhW0sum~eBM?paV2yRB2EST$HrWUgF
zIr5Sl%~QBENGFQK!>iuipwRjg%#$}dm`QOeUk+Zv`+)YW3`4ea-$?`(6wBT!PH+el
z0_Y8xi2_>nOWB8$wI;F$t&E>$J>N{er;4p#Y7VsGEnvNd{fH2t&!T<YTz2bG>oIpo
zU!fWDyA+D5X~e-<Au4`)t3Lci_u2ZS`r-5Ke7~Y2Jz+qwg|j{o-z>77NDWzJX^+F~
z8&zPy$XwS1PEN}}hmY4C?&g_(gTl_ik22de`nbn>TshxeA!w~>d923E&~oMhH1fnK
zeqW+7Q<yRTn#`8et#%Xe+Kl(vvze1(d0p6y!!15}DO23C+Ai7qz7^aLm~c8f%?YP8
z;(wVmT{{Pln<>G)cD*}zB!9YV=!$>u-C@mY3YhqF77&SX$&_y%dJ2#XBh?|+uwAFR
zEW9=Fs8shc(ZA6MQKz0X>rIDz#PeA~)LVELm$8G8j&<o@h~`S&LmMHJBCEUoN)vYv
zJ-lqu-3xzPpvCcpv2ux`BGaZi!2zftE`P2D#-`QG1iqRx>7$=~=ErUAf8`P^B>%`I
zv_y06YrOtH!zH{B*-C@n9~C|Et`D)IUV4&g;qfBaLb!AOf^iJxcF;nvXnn=cro$dq
zhvVv!CQ#5acE5`Uj%W5VocKFN@~9{71BV|v5vbAPasqCBgTwTA*zv{M=a=fTpXTln
zK^RemgD#5iBl<EK1IkzDBh4~o?xrf!yp-R=E5rw$1F3TnTti1@naWsxLFchezn^Fu
zMpVb0HM)9ksxoXU$?@?8q`jc7&712ob}r{*)qQd(u>IyL3m4IoZ*#U%`|o!g%N2h`
z_?i6?(Fll_DLzVFjVrLu&}cB{INjxPwk7W#{B@P{s}9eGI*zyJcF&5R+hQ4v{FO)8
z?vPSWNiqY{VV7lv#Ltm5kNSo&UvjffC|6wAWW@PLy@O}}*aTJ|5?HJ5+f5XOTA^C#
z<*aN(33li!pz}kh>-d@qDKWV>0uuXzpKT^*GXdQ0U^tka=1RyRqd`@kZX%sO#TJ6B
zx~^au79vAoS6=ZRq3<TtEHd;aV;N%D3`dg`col)7UUD+gKK5%-6VX**w!3@`YFl{I
zwRg{-Qy3ZF870fkEe&D9k8ClQs!Mj1NN=C@^c})HpQsYBn(Yd$g55KD@FpYW@t1u9
zDUgY4eo1m~Xzl9aMyGz8D)o5CzUaS;S-w~FLdf!`_bu-YK#3rL&jxZ^4~UwT$3&|l
zZ-N@SP=R71_vBy?WD}CDaAo)L*Nc5gU)?dT9t-U3+;ru{WY;q>t5XRXAn&Zrz}e?p
zA|y91DCL<oKr4En-fz_ISGf6BC1p*Qn+Blw{|UBl4$c!sp<ENc5s?%@PN~JRQ^Mts
z=y=m@1!``yzQK;G{OkutGwf^F6{yj39_*uckRHEhHzJrG+ygIGi52h(o&r$Io!LJ-
z`%#vM`Cu0T<Zs`1vg8`9fQ>!Mhjcx8%E!%eqQ-U95PyBh9O;rR-;XGe)qAlF*${0Q
zJm{K#D#@jH=Vm*$9;5XsVs63sRl;ZK?Pt}#G-__d9KbTjF`EOp?7xVb8%>5x$m&&#
zi8RSmsz$I3(=@1${{Vy7@JF70##VWe#ZT;keK}WNJQnjT5myESU;CKO$aEZ+Kki61
zO@{Pn38e?{d`YvfS_0}4Go{@63%?%#ukF;qYrvg{cU=aRI9W!bAOn|L1Oz+i8Q;h^
zh^3)bDA(g+dNbe2b3cbY^1N`1>S{&v-cg3gCfUT`&sw&X5Ke=R90AiSZkLzc#*g`J
z;^(Kwl{06XgsQf(kQ?1XF|S36-GJ8{vq4C%22&H4DpJy?s^Uac+4C$STv}_2EL^%K
zDu&;wO!FIOuo4bd#msdjx!5mHBMy>$Q$lQuF7A!tuds_BbpO$yaf>nF3g7*avbO&8
z=<=`BW{#}WSqV=JQP%)A$<od8-GUGff8+gilQ$K*J_emD2ZLlC*ddiJJ41&4GBq5B
z0!;A@w=q0YTVQI%YP?(dEqot}#g@#cbM)$m*Pau<a23ejkTI-#?$`4OC=Gjj?5_ab
z?^am=M*jmgpuPgXo=|6H>J{5+oCj2Q`w@%r|2e$=f1KI?qD2v+K#X;!6%bu+G$SB;
zu<qv{HM#yAR{y(;FLP_Je3*IvFViL!myW+H_zUR!I~Y}Uhz;`kd=wOdeIpxP*DR@!
z`qJy(Sy=3;1b?9Rb&C}X#k}Ye*5uF^krx|E{|5I4Qs4n7wf2p)U4j@;D6-Cc>yobG
zb(KUEre#wa69ojmW0zUWo3~iS!am>QHjjO5=C)bM)A~{}QR^>u<=-+mKJ=-8qhJyE
z8@-3`f)n-rgXfjNI~Jxh6oTK8N3^d6ub&^m1~|W4e$gG_;pE&Dmb;a8)b-W4#Zl?<
zK%-_sCAO{uqtWHx9_#trTNDz&iWw_>{V{OT<9kg*pZ3>Px#?F6$-66Y_=_%D|M_(M
zV;;#9K_KLqZx4gkk}dZJ%4}V6crKO1Rd#9e%J$harn|`jN+JAx2aT1DW1O!zSC*?Z
z)y^?Dy}{-syPeNr2h9$tfcb^Kffbq~|HS70v3SKtw?0I`a-U~L`ue>|KH?*jcza-+
zXBb2hAYO_Y+$zdcue%zK80PcX0LPh9JYIxFYKI%S^uFNGlbh4?Q;%zh@WtJWX8V;R
ze!-l1U;m?m`M)agkzQB`S`$uw%LkpT6#kW57%2pGWSm>n@_+XPC|Y$5>fD_-!sMxU
zl_$$c`mfl#-zXa(xhP&4e888{zp_(KzrcBg0V*)pAH$#9{DdRyN8$KC^L2kKd!UI;
z2c7qr4=ll(cD#;~&^%FNG*Ru&T$+h{R)=@&-?mE<ADJBNH^5ecGO+>eKypccS?*ZT
zlZY&fb8g}QxceR`O!r&nO$ZafZWT*x*SbDxd9HfNw_N$=%7_dCwUj>IaQX=&HmbOr
zba`Uyxe|DysUf0qh@Xl1dh?G0Bfq}lDgO;18|2${timO(YXA$eDGfnA4cp@dfCQh5
z`;Pte7u6&FMj5eU&-_GVKY1h*{zL}<4ZD<UP;kk<yG&DhwXXKx?7zRg<k&)DgS=uN
z(T-Jp;_0!!Vm*J8;{QWd@Bb3=@n3Zlh)#$uNzeZE?4w;Wvdy}`Gh+E8gXFhds=pwn
z``l4QAHo#KFR=CCS{eS|&G`RWWoBv)!+JJ*AIO&$mSfnSd7`a2G<GrkV~Kv9*oMV}
z{MzdJR;@aUoSYn`F7p@gFtgTe7cpIxS4=(Lzi_i(aC-A8vh^0o=(_fV#}gfFcV^S=
z);yKS2O_3#tBa~Y9JxlzMaR}5$^3GKuRfqYNQ>;>C(Zf0{`d_d-s4LP3X#Y7-{gU2
z7^}?lm!uQF)#9z5!GK78@#VwHEiHq~1pO*Zots!07diFsBlTNP01@*2s>Z&F)fd)R
z-o@3LDubAdwo1DP0vlJm&Iz>3SD(8l<*h6XRcL=8V0v?Ebh1^9uf?-r{!V_kOk(_%
z<R<AzEqj6b-@144pLZ`8`S+3dKNWzsvw=c-8G+H9a#fObd=6!?LKYce#4Al8@z~fz
z8(K3E)#@IRuJk2nLMT!`)9!?c8e@ZWz0|<H!;xl6N!(Yioh59%lTP5GP9H#hjBBm(
z<PR^CICYUE5WMyCzNcv){)AknT!EcY?85BU+x9)10aal|U2h(uizK}*gJn8>>=g3T
zbvSe<IEJZ>aQ^z`5H{eoJjdc!J6LrP&UfJh9VLiBwM*FGx0mi8&HwQB#Zxy`%2FWz
zflWiJm4?=2pzeWP_Kg#f_-89aZqBFY`PF+k#fQRacAFNW7FRl>Ts)f(Do3z%nz<h4
zkarOivN8CrqxGqO?x@>}!kwQ|&iB+iOak}uUc7bK;-{30Z_dk=?{Bzy=BzA3)B#<f
zet}0wi>92ACsx{7V^i*idtye6;{)dh04P0HtGV<tju51RIrQXIDm3x<9YxXt76|qq
zRvS9qy?@_Nr33G;8{c_8+YwT|Dkk5w7vL_|)-68vc0he??ZwM|P-vlWXh}A-%Hv2}
zs%wx#Zs+;eK+W2X0U-YA50M;zqs65E)3v^2Iq$1Pj_TJ3Ac4nSUSS04TDVCZa$hcT
zNVatCJO4DA^r0v1@tS&eF?{v_+yEBOhLSnPe;2W^EcWhB$D{)#0*GjSpSAB4?Fig2
z@CN{#zCY23>)EL{jX|8VIRQVPRdTeJ@LK%v&eCFT&Y8oRi8VViKjpLB)lLzc#%Vdu
z`uKE^zQKG@VCQ5+^kdz(@eP?jXYO75BPa1EN?<R@49{)ZXL_w#+^%t3DALNIyZs(d
zH=Q8j**=T=q(6&}8!wBjXlB0p^UhS%%2AD<fb{CV*2$~4DO^<(BTgFk*{WndyFCd8
z95W!UJ3OCBatfrdBCdR0D!A5%<v!l~z*=@>5VL%b%{N7F=brr+4F%gfnZjOf0QoPS
z(Ith#*t9EGtv1Jsit|1f@6UZ?aF})PLWShL&0PfefoXoz7stM0#QF{%*m89|Nh^6M
zGq>(K8W=bVqIFAWe4Ogs!Qm99RrT@cNdsAODvbsufwzX^tFvzbWy}xOkx#O-FEU>p
zo{#S+S?u%me4)q2Zi)R%kTgXa)-n!p^;=piIpJJIuo}K|-r`i+0hjWm0$)$V1J@#^
zc%-gLD7-#DYxR`B8OXeco5q|w9SORZXr_mV7FGprMvDi^*D~y`offgZJN$FBU!q51
z=$VkKjW#UzQmwjQlA)QLfZdUJ7?#fZ)1f1u4z{|38&sY@@_Ut8Sn*=7blUf!|EKUJ
z_Y{3=c*!?H|9mop&2E@_LTqk~^qTQtU^sokOkrPbg?!FkYyhph4u}Z5!Wv?=JtP(=
zC6>3T9%CUVDCa6WX0hM+_k0~^(pQ32rpk$~Pp4Aed`(ip(Z{Rk;GAXOS`59Oc9@!q
znwYTDa*RKoP$_B?Gwx8~qwFG7QBurhUAYx-{z;?6J;_Hu84JD>$msk$EW$N(Gtl<>
z_$%FyY$0E)FD#xLayj9<|779he$(rVE99*?Ki}?ah#T{ZWY|2egKstQn#n>Uk-K}L
zaUt>2<@uk>(EhHtb(o_)v*PC`D;twrOh&L6-|FDiv{Iq2nq?X2TaBXeX1KHr+S{2%
z?9Q|G->|qy88Yg{Pg5GEqPKJ*s50{%4dh^*hZbFUiwQ{?fl`J`v+`?fAHt<2<nGvq
zKa$p7Cm-kOl{CM2N7FuXq~O4OofhWt+O%#aC<0PKf@)=m!*<XynN#J*;YHdjgpDqf
z3v@r+x2AB298pOHoE^~kjxswNDOHvPT=?cs+9-+<88VQQm!WR9mi8w=u6y<#S;H)4
zff~29sKHef&xxU~rp8iLs#)d81Dl$R>V*@POTt92MgwtI3+9FXrOUiwn_B$CE3llM
zf!3O3q_<JCRT>-0#zcS15BD}|9UQ)`w}_O`eho%$M(4ZH41CICz2_8JU$kGNEtOU|
zI{4;1Z370YR$V<Wu!SUU>4hkMAbsm9t*FzQ{uW;|{c$mNqi1O05;_+bEfK07!la(L
z6|BDB-f$#w<YP^T{6zLJetMAZy(KX`N%gbM9{N1|=)ED4zVRStp+*3Tzy^r(FVR)p
zZ}%gHWce<j%XhNo@u||vX<@k9K<FUaeu$vT%_5%(np>RiBP-JH8-7g@L6Qg{MoL%6
z5Pn(!ExXk<Ffg4m%(zb59rerxyKl}++v6Z7CNn{bV83}kD)RL!X7VtP5XyV=>n%dA
zB?m|xE#SQ6+l|ucW>W*xH>_f~{P3r*yM^)o)X%sm{IC{gNX4g)z*9w`7pKaN>15;H
zDTz@1TcRJV$9<N(U*wgx%NZxpS2!<&_lYDi4(iBr+ryn*=St_pNbZjERhtQo&RY(Y
zd2>ROZK3;+els6e-sko#KXKa3JRk-?GJV4KY=hDKiK8_HO1v@gTSHFxAiN9jo77xP
zPwLMaV}!7x(7N(@({;SI<D-vXR#D^)tw?9ES~+yF!ILWBWD+_C5>INcqPwi=nLuS}
z<7Vu~SIHYdaveU^&7BN!d(E3k+cc%5f@;rXf#%Y`B`t&p=5uhQtUKWd_Un@{G7gb~
zazer^G~yw!a`LCG1%45VL;b5NM>r9yC!(gB4Bz(cG_P7CJ5ff<gp;8D^V48nl<yqf
z7iP9ZF<@<%RXd)O3Cc2ooJLyH(Mt(Q{F1PzYadQdGz$Wb>V4k)^i8MPWJRZ*3dH#g
z6S`G)UOys?lP{>qktZo$#woQBhn`E~D1yLtc9R;(f{+y{AErYP*hMK!xIEl%iIM}i
z@uQEdhczb<`!hl7D2Tqg@ICnDV-T%X+Hto8h@G^j|5Dw0JZo@sa6mV463B1epJ!bB
zoO}g#>WiGQ(%f{5eE7Hbt{~-mC|bAnBoXH2iK$3Jf1)la4{A1+o6dZiXB0l_PjXsN
zWQ8N~Lt2Br@;;%w&($r_2&`kwOQKt>B<$imv!*@kGlzb}%vjotyx_S^kP`tIBm!Ii
zW)64nGDvaF`v7B-?}Pg!0z7jG0$Y?6+-b-HO@9McDK4o9F8wf!w{A`awNVF5gj9-y
z-<pC%ke4T6a=mzh);x5&N*yd*gUnsUd!mXqePKix(=fz)4O`luk0dv^kRe~6-WDha
z^&`%<W1_Wr!zQ+vj>!-U((%i56^Siu{V3G0+SAx?Aq@oG#-DXt6JZ@R2K5#SF(g8Y
zshuG+x$Ii2DRoX;y^Hw|)e<0VjwROM{esAfYd%agKQ9tK)hp*Vx$BrBNB4>rzbg2f
z&8>gc8aBnTdSv@kWTW+?JN*c{6OH=mQ!Cw-rbnM!5kp@q+d|!HF5LxlKxI6!AoMj>
zICLj`fws|P0wF;oaYSZ@ILPY>+SI!mjxKd0AMz)Xqk$l8*Ft)yww=DNSOzw!n8uH@
zYB@p)>$zec<bhT*FHv{gs?`*Vyo~`l$dYR<$QIK{)M@`~{v<`TtOs#&ow~Tal(5c@
zPL!rof-s(F+El*?94H9B(#;t&6pdvttg${wGzD&%@~)0(tAFduTYF=H_g$1fHRV&K
z8u&vz{DSKtxN}h+M#Pr3WWvcW?THO<e~3=Wbl>eKFD@$j(#_pSZJ*V_OI_-TX!_PR
zG{@V`eM`ha&B$+I4vIE{p>_;TX?E7|(?&=k36UIV|M{Bj$@A>_<O1&}h%$*or_pxQ
z#!e@OWRrem)h&*}_o=p-peqW%NnVdPZQ1lXAC2H6$~_P0k{7&01$2aJ0%X=oHw!eX
zPn>2X=&BDWk}=^q;y-rRKVNuPVJ{_n5wSq!S&rOq5EXEcV7T6WZ)ulqKIz4Y`iQ=K
zx>z(;q4*V~K?VH2>MsSN0{)<iKl^SFZ`x{}Ktx_G_3X|*-yimTl>Ohl)g>0<XW!Wb
z<Vc|w#)tFamY-uG)tfCOM-zCrh$NIa>xq(FZMdTRmpkXj03ML~5pQ+6PqHG`JScc&
z9JY$Q5&@r*)=gT@P&M#(qjJo!io?9!y61Z{Is?#?n{7?egyCVj#qh|QiC>yCTfGo)
zc*jDH>i_BZx!jMiW`(_cT(Dk`{_N+XNNz}-%Lo-f@g|j5iA<FE6P445bc_j=umJVN
zv=GbWYRp<oa8EdqW1_I~?W*yI{fzTb|4wi_`0253nEh-*TDNvTf@hqz+dk}16B`z$
zPM5}HW9#{r6_NN76xGfz?+Fc;+Uc9JYZ_Db#E;6ArtT;p;<uHl1J_!^_MEb>{^C5>
zS2`)Y{rMqfw;Sm2N<}l$Fj17d#Hw=%KJ_5!TSYU<+uZw^$<DTC*@{g{G+Shd$m@v`
zdv*7-X=%`-!+qXdceVfWILrj~ULYM;_9GQon%gSV;=sBFJGG&7%H3tMx__BF$(V*i
z$Qqv>r*_0g^QGAOb~nbrzu4NX6b4EeljCe-rb;jwy@PNr<nE+Ue(@?<<LH@(fZ9<3
z8=vO#rEtN)U1X|6cg>e4)ZFO<CJ*TyBd+1}$&wWM3Yu<>S(CS=893*4Poj6`L;27Z
zR<oN$KldH~H;Zh(1t5P@cI$HCo^%o3OCCDbYfm@oC8|swy82=c2&8b2f4Sf%x&_>1
zOg7<}EHdvmnhsenPLeY0%1oh{@5~fIcN)Vc)#*;H&r#XJFI4{Ws5>b+iMUR!cgvxN
zgC$!QqDaljy5%8D_F25JpZXEDP-2Mz-2t}lX-t_#m?XE#iag9qBBK3eD#_9I;eIIB
zVog$cKSCsY?Nb-IB3gaT8c@xBROm-Fr`2k(oVNe`Tpl3@WsgP}{_`#*V7j$kDa|RS
z)56(hNj~_)KyXXZ#-~U)Y}INU?Ic=hWw(;LOt0Lz*fxX&vFM4xb~=Xr#ewEGht^IT
zfl;k9`Rvf*PbA9AuJy>wf4*v6DRDMo^c^w5iQ9xyt#C*ja4&D8qNLkVo-sM%h#scj
zQ*@nX<snC$CC0G%D*0_Ut><&*Y{Nc6h|@SnT0Q)-$Cn2#!&0<VX`GZ)O|kiSI4zU+
z!GzCnn4V;Km|v-kR|QsK=bWL7xZ6%2$>j6yjok%F8ci{+N)`O&#6O*D$1tc?Ck_k`
z3at7#<+0SuU%Xy#g)Ft9y824y@mBa##Rhw(-xAPBTC$0q|61$1$F3Orq~G+ABV`t=
zT9p&mn5@XFFOffW@&iFi#N)O6F11mL9c@VIS8UUQd_nFE1a(ut;W`@+x0PucdY};~
z`jc_S`!Cx4C<(y2t~d{U2-U68NpC-P;unE`dXk{I;hFImDD5b-r)JISK$^M@si%0S
z(B*i6)nLRE#q-mSsG`T+B;UMTka3mU;Dhlh$rjarz6-C>R3w_=l+)~MAAH6?DW>e;
z&$^?HMYsF-mUEy>yD3QR74bsbK%&0If7BJee#D4X48^T@CoOq!TsYa-nS2z=7RmO{
z&4)iMF$>byD<Qg0;7pLhyJmq;a@-XQC%E0#OqH-w%_*Pecfz6dbw=8bvV<1=Gt)g~
zU?~lI^NUi%FYdX(JiWy-)C+zW*WHL;l==q${y|~c9}mJ-RKTY!zw5jkz(Wy-V*c?*
z->$+Q#eVNABk)=!PQy&l(W37w_srh+fc9S-1`?-$?@yfKAXhrRYm<Pz?<~Uoj6wR}
z<-FIe^xDV24`{DP?`2)*I||L4!?>@xc-^g<N6~G1mTd2R+K5e-_002s?F(e#{W|`=
z$FJ`_{+3Vi!i5XMMwQxd+r{7u2Lm)rwC)8qi_3k9;kgc^D*df>@t!aqS&#XSIMUZQ
z?5al&r6MyMfC^1a;f}EPivKVSmg0H@XxN0su{ZtEai9aAm1Bf?uDPT`diegK|A*qS
z^`AfHU#bx%@5KLOQz~G~+b~ruFuueeN_lU%&n!t-1c3L607|O(ccHO}_apQ*O|*Of
zS!Mk$+9&VhARWP^_&z|Q*M6wWy;)=E#GC343`ZGff;yi3K24m~nV_N%$V@yiJ8F9i
z1Pt6W@Mu+nZ(Mzdao#NwAt_X`7H>N*H0uAE76x=>pyMB3V-DDftqSTB-UcH`q~(-q
z*<=;9#bUQpKM|71ZQ#)<lyGbi0nueel;)Sa8xM1_IV_Gb5QbxHXTD}WE@OjY-E+Zs
z7uA)@t@y|0y(i&`%u7?Pt9&(U3;N|~pgr-8KM2I~3XI8Mc<WB`$I|!pcW7g(jBO%X
zW5lx)@4n<oS<_!<fg+nr^Nmob>X)xLhWrURpl<7W+U)k*og<K`gYN4i+vi&+x&eWZ
zP8rqWr%M#qtv!Z=8F?ptS8l>Onim7m5U1u~`;?AZzIZk~A>q6_57foOW~m0A;-L*C
zNEqeK2>Us$--3OVtM(YKB0P&DtmT#Hxv>8_HKGC7`e%eKhe<bJ*0W<Fc0Q)$nntw~
zTMkBrIfc*Uywgd><0umNfvjWt)V22`n%{=_mz0^&C|5mPLr<aw8@-3#K;sx<U$-cq
zuRNb{Ok$f;x`ICaHeo)RFX)T#)(Z#B8?&oDA7#F@cP@|3G7IE=axgS7f|qXADaczM
zFcSHQ!@Ou8)j=8Y8TO1BF(#L94Q;H>Q%5WDONzp3_?x?T!o8Ps0y=H&CrZ7gLI*s@
zXH!+@qF=1b8HU~jM2^4Y_P8H0@39`}NrV)eHNKPEb_>05kSgb%?Qbvl5nJCjn4>30
zdT4I9<(vsZ8QPQfiLvb+8CPJjGR4>-?_nYDoj^XGgr3GAoRC0Mu>Ha-Y9|~Gy(Z~0
z*}{ql)(Tpmy06L+{I<SEgw3EKQe;B*=j_tha5-mNs*bBbWh{F~PB(nz)!QaZU+4XN
z>H~W2?e=qe{WfSe#~kzF7kN^SK9T$&c~O`C;KdeRtF<rd3PpJw;@*#_LS>&PO^mxz
zRrv_vT2m=Rqy}Z5J<$qp9>@SpfJt%*<N;W3s?_F;i_36L*+domOSvy<to$7VY+evp
z6P$KnSJH9Ld=NYR6uli+12yn&<^ipc9@#9d^csP3t8+%6W~-$NR`rKL_WFgDgtHci
zWrfw4A({3zga?mM7weH2-{!P@9g{L1X<zH{v6=MgnX=c2oP-;_>EFH#@glF3!@#_g
zCAO=<LWHC#=a?qXiBX(ly^(vd+}h&yU}IbzHbG)N0r~5e4v$j--{c3`naH~IS8u~_
zua8`wLX~o|ar=~0?GFKx^Hr_rR~Wf2LeGUHVoUkA!$YI8SkQJW2YahOhY9VPkH-vf
zcsznF^YPR@$%3`r)Nf|78T5ZE?_jJrZFW;C)J~>nq$z*decreqVa%bOSQOvL7U-&1
zR*9LHTI<$mCZ?qndT+F_mPryXUPAFW^fctjhM2Z0xdNwnx_Vi-6s#P$IZ!0TQ;jX5
zsqxXbJVt+g6bok32sFSb>{mccJqZd$<R7!w@11CZRKgxh1X~+D^nSOBsAukAW;G3{
z!VSGx>qj`zPKJlYWXV$=nrk@6eNd`>%;G`XcqsZ*pWMEw=vbv(HR)_cglh9b3yHP!
z$5`#H;*@?p$jpQK5tWgQyu5Kz`8x;#uR&vfSy&Fsme2A|PkmY7DiJu(Xl8uX@prYe
za=L~J&!c5DR)l)Sh|}+c*BK7q9-jP2J?A@F{X~^_9JO7#EJM^^{4S0!!hk%GX-oHI
zg^{b*^Vc~fKtUohISxIo)P%L_)yf>&H)TLI8L8??!hkbmiLq?Zm)A|@aF~Nh#TVKF
zNu#8265?-t4E)fb*VLeTRfwCT?vQ5%^X+h~!pL!vJ14=~2{U2>@oa`e?*YJ1dpggh
zsgLu#8w%3~CZ;Najc`4*ruP}{?@s@w4D#$q$B&Fx49gqZjd@I7UaN4uAwAP&geVRF
zJPAI={lK@q9&zk*%J2lkdvARJQqzhg4^O%Ds}8&SY1}mYG4o=h#8gdZq)pd-&kQm|
zJXqu-0TLBfIhB%RqDDTQz*ui@J5D@nGxN2+taI6u`8;q0w?L+lpjCI3!*x$&a>6dr
zN>I|aBTWv5x3>B|ga`?z%4rd?3Wc^`cS;%crUq#jLfhF?j|kg->qod`YpitkkVZqm
zRcTG?RrFNZwep-*_14>-!*joBoR|~{_o&-=u0Ux_ipO#Pz>sd)#iDhEb&#%f!FHwZ
zdQF+ksnQ8Yqe3&Kt@6^MGRM}kV=wX@mMfemFOFSx)b_W$g;8~aL5ZfDU+a}Qq1f5C
zt9)A@K(Vp71&HDN^R{kSIWf?DZlBpqPwG<n8qrDu|6u%-@hzzN@}qJ4gm^iRk2^2J
z6x8JmO_~e&?|e5vASIUGBqy)-;8J*<<4Gj_t0Vtd5GYr9xoW-Mi!j+Ga4A8$_^~@a
z*Z6ki^LEmKOi<$)OTyABIRSij6cZ*}{dg__H9=SmW{mf&#xism0;WrBD-twEBhP^o
zV?Fy@#yFN(u*L@M^0be)3iH28C@)>QE_%Y6mr0^~%ABN;l-lcFCTL3)ef_~{d;0^+
zYU`%sEkm*OcP@#en0XylULYf5>Vx$5yT?W}wOhkt>M0OI+VgmLU0V5j8_S+$TB1ya
z?QNXrmAop~;nprz_vFvs<Jq8vSV5Z1Qq5fb5J}+Fo)Tn>pTjChYr|eD;JRKiuk%74
zBIA$pOd>aHg$#xu8{<t<4`YTfuHejL_LXV0mk4tdbu`$=@o7D3;tPFpvo4%^mG>_G
z^4=omzY4p^&n%!T4n2`J&Z7q(ve>1CG}YWcYRk)$GO7kX`<sT0#MWm`%|0VEF5DKE
zsep|Zcfx>ubg9?Um(;VJ#npzor>S-%ILzJz*36STt<ap|PEFvLj%bIbYr<UNC6oT9
zGaGpb-QgHxs#0h>hw2g1#rb3Qs@#xMN$+DwM`LmT`O!2(N~^??m?`Sq*nDDYdE|1p
zzx9LwXf3JLgmUFqV@F>FtQHpPN0>4itYXT%a178WM(g3WdlqKj(veKi=&#n^@759U
zgUrmZ)$FNT8pue~)mYRwz<5o!y9$dvNs!0@EMC`#z(luLkoIiax!;UD6>x0-@20GH
z&mRn$@9XV<zlGOO>4xnCY~CdX`G2s)pS%Zb+m((uF~YO6Lh)=zZ^BexNr;M`;6;<J
zhyQ~~&uMMdm3Yl%wgmz9_rmsNkPH;`#4nwCL5ja`V`g?v?#n_~QVxjtn+Ne@TsJ%c
zyBRRd1BC|b6(0Wj_+`1w7#{f-|M2$zqYguac=`Xy#`n8p`_BLB05G8rTS4Ru=$3m%
zd4y&DtNunwz2cKY2rNU~E5HC>PmcE@kN9SF`+4C2850%u9&;O{de7j;o6*eUhP}EE
z05{I!0^pA&Qu^aC>r`wm6uE^cqfv?UZAl<ZM{m884}Nr9pI?o3&Cd0<fhmBPy@><d
z1`hwzQ}Plg`~`rAVueg)mxJ$so_%lk3h)=K80?H#?-AglyECvK4FG>k@5VptxFv83
zxF8)L_x&wEEYTZCKjT%_+(*Fw`+yr^EI*tCuJgK1QUSN96h8+pU%H#}-<Q79{jW^_
zyQKcRqyBrK{P#TluR7UN*Z)7!rq`S{(7;ezLI4{eZqIo6W$qpD@snQO-sejxdsae?
z3*cA&qO@xP7!OO)0(+m^_yL<jE8lSM^L@ykso^tsZ|~=ut$+nGAfUJRIZ7QcOfrot
z_CBZkT?I~8LR<9SYv&^WU)98fxU6)gHH~E}CN$|INPW2>>@C;L<)-C&g<e}S(u<yt
zk|r&Y3De=jjOyVu8N;q{lN?Z%Chn;OZ!XSV>h;RvZco?y9OTm|&TQ}<01kIxGp-A?
zq+DJb=<=-_>iochSy*;7eEdTidVK(jzh+SC<c~{`gxAi@g@>o)g~t*ALQ-B<eGri~
z2-GRFSxLSf!XC=|8RX$%hF;ukWX?``H2sC#G?lo`T1<b<91~jV-_Vaq<7>ROAaZK7
zAm6>JE9Dg0N4>nT*R>mqYmO0dFl?)o=O0V4G9EWnVSFb~zTy0BC#QW4#OMiyQD%Su
zk&g~v3G_|UEm(Q^6luHTzG9g$aysa-c`g|noC#u->PSIV69dr8Kh?Qgl=C?5`AJ{$
z#*XDDpdR&pVIf1F#Yhr{u8&dzm1Dw7^NK5P<myGvO%E;SYLO+y%dFXjsvH-3^BA6O
z`RbnJub2+f@vY=FF=~Bn(m2?U;2poH2V}|tOKt77tUS`ebccs$^daqe@<^F^cUDE?
zfG_C^GSBNO*5%gDes-Y;m8K@t1Fp1zS{|a{!vaD7HtCWrq^}1zi%H^C#br6g0rgA3
z&E4n%Cj~F0bfJXd)=YDVmYdvYDU`@PaeOWNAaPZeCvScc2^)NpP@)Q+65&563#W{Y
zZoX7^BWW0~TX=g7Wq|-07$Z#;$b#Ph5ya#)A50tppjcs|7B+jGWe-Iw3R~S^HE*xC
z#T{I>Tt@Hs4wXtc(HgpR<~;6EBeHQvYMcey>IrWbnumqTr-N>%IkGd>&3_G>Ip`bH
zwSL&(Cua5+{oALYZj^x(zaL9NZ1r2vOiVu2q$ojxo&=}WJr14xDSIJ6$DmpFWOIkf
zm8(8iD3&Rl2JA?HiF3<WV-@~FGMnrQn43BnQpUSVafeiHAzktVET{D|W!gWuo6ENG
zfaXOit*oT&se;<WyLL`a^>uG^`7_nPpB?PnBh}Wc98J677Wu;V7K+lOMNCK?>jP0g
zCiGNg@vgf*Wx~~GVbiI6N3?P{7Lw>?zudLaD3wex$GmhQZH(-M7<kebTo5li^JBDL
zX(>uVOUVWxZN30BrGL#vMpN~)v7d(@{mbS@NBM0MZiomka$d+GLPls*T>=s`-6t8w
zp;)30hWM;Ec2=Qu4K?fM`5FPv7So(2Td$u7|0YGpuN1mi_g0zh6l}Tepofy~PsG&#
zfjlE`bIBg;;g6l+Wl1~u1lhLp10Utgo%g57=I|{ckp67hZCgR~qdGY*xNM#za`}r$
z_7Hn4g=;=0%g#{IJdPcmJ!FQ<ZHicP$qq}P&IBE_5BJ`IeF7zom8DjGY|LrndZ>#o
zpP3mJ3i&?YuY--5*Q@fq_UqO}Eq{sY@pmH+&!Nr?B^(abqub{<v<X}?_KMC=)m^=2
zQgh$2+CmU<P-^11@iR#^S-Ahs9fHee8Ao?=HkW}q*hkN3Dm%9kDq9*3j?bTdhc3Hp
z$EzLla59SA6fZ(r8+XNb`tW7oek!2O>zd?`^-9C2Hrv5JPR=CL!41<VBYxomdrKsH
zMz4nAGF>?{d4wP`(qcWb#+<M--LbWPnEweFs?CLMluMIw-eo&c>1cxSPNldztSUO;
zagBuD&UTY>VLv(^IGSPzta@Ze58r7<CUx%VbW?>wKTa9v4}O<rNjo2wp4j*db{pEU
z=t-6McV*|L?j9I-Ha9?wH?wLEHqp!Oc*6PY#-TfH>&uQ(nIPi2KWUX&i@x1fRyR!W
zKOTvK?{;FWgjHZ}cCMltJDn&b4^n>}vk}^<cp<Y3x$^)=2sf!3A(M04xC(r?@{Ox$
zG!uG%yVZCmhyxB32{uc4i7V1_3>SG4#;aC?Jm*(~i!Osy?$Flcrw!YaSIgjcB>XPY
zQQrA%#D|z0hdnjMC-vCElAv(?5(8ED0*JHM(QMe=y1>v5M>zrqaih++sZEECT@QnF
zKuwrgRV+P&z|H)sF>S&9ohHS3xb3)^N-kggieX7Xby&gWr5t&8r)q8^H(4FGqI!FK
zV_5mqO_aypzCIdKT%O(U7#5~YKL~_xJ@T#yQ1v#&)tm*Cp5~k_dVV=>iHCWvy(ll?
z@Zj>2OU?(MLL+<5C^}LPnG7v)^){ztY*H{o2T}_wG!m=4YEIcyBR>n5$~;K+z%F7M
z{X25D6Z4J@m*rREHAZI9GE=zu#W2pIH=7qEO#*bG8s19N8Bd%=2RlDI+^aBku~956
z(MtLV<IAAVm!=@i73PopwrG;NFXv`2#Q6N8v3l;f+Tf{+;>n=43d?JfpPN99k$2s@
zT&#jg4LRA&mu!rT+zs6u=R9-tZ#2)9r2vtm27xTdUa5BFMatPaM+!bA`=h_j<&^cY
z{P)Py_Ey1b38YH|BugiJ(!p+FNMdS7W3&QCXi7dXh)+$H=H7L7UO_HWSqHuKR+3*%
znc`?gRrSMj2U3TL209#@7#x(A&j_bBG7{<j)z@GjyQ;`o&-zboTpIq84F)KZs&wsL
z31?|y6V$!R)ILy019}@l&LyqicIS}fjdDWVCVG<#Q|D{7?9m`}BKmQMhF~6$i;G*`
zFhK<7RHDN3F>cdCk{(Tm1Ji<+1$ZfMn?cDo$yLjrW)dbjq2dUT>02q9t4?yYG?M$Z
zcs^=t2!MI!biG9TeS{1t0h%KP$3(__>@R4W1nS*w6!?^(9P<vHt7cf8Df`gR=K<!R
z_O-~1A{CVp83ciL4d*qDt&9im&o>`Y=a4qDh11`VGfrECAuP@eG*Y>%%tbEt&^`tZ
zetX@$YH9j9;m|rMvxGXpBbBl0p)Ca`J&{o};jx~ojI;c1XUW!Qo0MWv97!nRV5%8c
z;TG8*mDD-O)TU%cPz&o~<tRx?^*dw(1p7F4dL(AZXiS!4V{}gD3Crnpc%czK+ZuF+
zo#qi@>JDOa!~Gh&kSE!CFcz{x!D*3$C&7|oC>?OGEy>AwrjuS(NSF_yX$75D2OB5E
z`|Wx*u7T9o=(-s3=8zi-wrIq8luy1lsVPuf%C5U8i7#4r5Uv?tBL66q@%+RMdruQh
zU?PTUHwNo~2$)cEA?Bxtj33&CAlKb2Zp7f!{kFT7#x?z~V<}DJl9ef!D@QwV3gyh%
z0vFYKG;ynohP}D(0Gl!=Y*=ZFLwpMV5OvI^y7)3EnjWR?a8PjMim}~D{<x+ed@wnn
zk+}s>JWui~v-R!`mW>;WyBqsaU20?=BuV;tS9;MKC^~6eb%CD9DI0$$zj9T=ne=Qq
zeQ)L*IQlY8NH8(8e4@+NuIdJlqIkZXHjn74I8T<NY-jWj<5sr5OK&}6Y2x)U0;i1!
z<-Yq-mgUy@AQt5WFki3p%$Mzjm^9hC3l@b5I%E%vZj&)U<emk%3Q*b{Vj_sypln?`
zyc@>Eai3B=m~c0^4Q!X0Le`jiQR>Oi(9J*CL@7&_k(6-XZd4r%f?ac36otk5*`tTo
z=>$R=1_hPay=Qy;3Nyg48PMG^`KX<*T~51%CsY3Jy9{%RHz!c8qeFaiLfDG+`du7L
z$b2)LLqg7=EY!7*M=ul{ESrIQ|APFBPmn!Sa=>GwVd(8HU~JGGiXrxAE1wQM!^RkB
z`)zA3l*y`bI5>_Qvp8opO9=|II}o*QOI1}D6l5mUBQ{Y11ixw>T&K?*hdXKzFy7<X
zj5}0(Yq*w5;xxd8Hj|YH8>h{b;k`jD(*}d>3rjEhjjyX#MQon*+`0`f@0dC0?_Ro8
zJSRGbGJXf<9i1cS67mpBcS`go(m%Q=WR}Q!eq24|J`q(akRKlF5g*oHmNb9w*YnDm
zzv*2d8XFi2QX7?$sm!9>&YhwUEW3h(g}OJ~ox7U0eF(D}10x5PcUS~%$?n3$N^4)O
zJ38woV@p`GvDoyHH!GV`B9(qE%7kY5hbi#}x<GVLaE>jSA<bqi(zF6|t7N<(A#Hk~
z6I_#RuJ?S2@8lY~NOs~Rz`(7q3tnL2L-{x^r4eZ*iGm$d_*7ndarLdSp$$SvzMnSt
zV0QBYL>ub0Q1rN*jH#cq^u?W$;Qi)=4C{B}<+9;9%Ad3iPFVz&f1UfFYz|v^?cz|t
z+~#G-=?_~=GWjUr;%`rVHj@;n^G4@PNPvOV%I7Jj2P-a`6HyLX!HymmDa0>3=HSlh
zo4XaDY0u2+&svOV!Tgd3;7(A0mz?0|`Bjrss~7kHJ>xf>p+gBS$R=CfEF45ta~@{f
z3UXoBq$!(IKje=ctf1h_XCCX7RBhq`3k4Av9Ah>~pTA8wmrLT}NF}xOGfD}ftP~0H
zd1Ff6V=Vcl7vkxOx<;BXt$Lvx|M#2KgpAV3s4jv0us=*uO+>Id)nsgExjZBWh^dpz
z_Mvx%1QI{zKvpH}@WTn_sZBen6|aVHTn~n}DfeNPkBfFgVxayTZYYznrW66|6}w*J
z3R#%9g|qoOmq5y(jL#O%2K>1+I|RF_cbv2AgU;3~%;HG)rcdPx5nS_j+N{K?mXI(N
zyF%y+5ra<{(rRAOt8t!m((F3tLQ)d8eqf-Xh~8HzABhpst$%sXIdl*`xwtJQvIGN<
zr3iA>2kBy#=VQ><q&d|LCZp%jvTLzdIXo@K(*`{@I(yC7v~^Zm^^S$qZCcCU20{Te
zX}hmB^JP<@y*tWXJaF3&pD`<`^XS2gytyu#DKe*!T2TK^Xn^RdHm+0nGWy~`sg*+c
zXA<Uh2-lYqXZ_H|Vz0pwWNs)*#b(cCy83xF(ATi6^MytUT%pF~7GWxA=BJ0v>(%)_
zJRDtRc;u#uT$Yg%d3nPrdoGO}uc(t{Uwt<R;*keg#s<hr3g(wt`Pd!Pu1A#GW;@td
zSl!ujd@p2NlD4DKzGOjA{ghWgZOh@yOv=RI?XxN(ez@$6+RY+5hSz3RCT=b3S7eM)
z7S^Q{LrnY)tOIP!h~_BTOs3RQc<pD}T9dh>iZ&xOu<q)^sfQODS4hDr@qojheijHx
z0$h2|>x2YIl&_fJ11V#5Hj*9^XNFr$XnfVpQB|wx=-XrG;fA3$$_o0!*JcI=W(~U6
zkVsr@WXk>NUhwH$kI<a$PX^NUkAWro3yb{^e}@6cLP?#7{xpL2Yhri-c(Lv5(Y|?T
z4dkTxf~G9w=;sjDeAE|8?F<jQNi}`gWPGQpQ>12i$Mt=RS}5pnE|{{Tx)%V_H}Rv3
l|5u?6{{}Nr*3zPb5n!t=UKW@XfXwVux~+CA@8+ZD{|mAngf0L8

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/readme_screenshots/fullscreen-login.png b/docs/wiki/images/readme_screenshots/fullscreen-login.png
new file mode 100644
index 0000000000000000000000000000000000000000..4d95472c36fb1a41da4b6cb747353ef2ba524b52
GIT binary patch
literal 15454
zcmeHud010fwr`YDs>_m86$%PsRJue(jHOJ9Nwh?<7*z_8F)AQ)K$(XSEgB;#AR_Z5
zC?GP)5T;B55@rw(8A1riBtsGsAR+TRSY7XF+24EjzW(m__3i5)<dAdD-h1t}*ZTd|
z+IuDHys5$FZ<M|Pfk2yoIj4US1loWBfn+SdUJu;a-{|TLT-NzsH24`*(zRn2`0|y@
zDU(wmP+9CI(UlFr_rLg@v-Smn<Qmuh)-`)Sa{_K|^E-3N&)oZ(U*MG+&LE#FZYaM)
zC}+Q2nuiV_I_7ya+!O@T>;6Um)UQDf44O37Vugqh2oZ53f(Xg$%+_P^U#rO?Hf;7v
z_*-Jg@*=zPA~Xm*zR{eo+0^&Lb55t;*7TA3JFg0KD~;F5vSW5^Jb&`SMfU5PRhNF0
zFaFASx?;eFl`>SpJ$Q-Pd2hUZBE{fcM=I{^=uxNQ$rV2aP7)h9D*g@-b5{&^9dNmm
ziv~VHSKT1M=gmvQvcP3m;(zc_iKmlrSn9%;_NO}+Y7@hs5o~^B$N)X~{3r|;>d)=S
zyVltSHuSLUfde-|R^>}N1*m;f($T{gZ7S}57^LRmbM6)XFfmuF(Dj1|->Aw4GDMAe
z$h^AjN6uyvj98Bzv~;Q6Qlk<K^zpJ%A~li5-My_og+QVU30G1+bd&rRGLZY*_+37q
zE1ufi{`XfuTuvVRAkue6!ZjIQ^?negYz_yOma%zOq3`ql-a&ie#d;r{sM(wMs5;~4
z4=)?f<N6EiYuqzw)}sO6{G)FEFC%<;^s&CbXyZ@X_|6T}9gD};K?Zft+sJ`@^Z*}u
zsdKa(b6GqA?o6Z7ES?H8gTW`t-5sUO(^Fc?TrbfDQZEmKs}?=k&TV^6q1vzw+c_TU
zn1tD0SfGT62>0w1Sjoja(%#PFv{kzM*3FFQvFe@8Pz#W4hf0wTy+?_atRT1GLeI`K
zFriJNS<nQSnrT<=Gn&2(bs%7oE8jX?kq1522aJD3Wfm<OWilfRLpBCNLJ%5Z!d0eK
zNFw6(HWNHX)G_aEQj(6pQi`sLVKn-cawN7wB&OD-vvCQJpMly-v2MqIBfu}MaNb0!
zVq;k0j7YVlFf!Y~esORUK3`I4eE>RL62fP2Vhu~)z;}e8X%RzucD&wsA%%DJ#{03C
zZx=EG{polDt7WncbW#g&zBhiNsRW)=--6$OuI2*M`grwxrbTIV^$$8V+fk6cJ1}Kz
zD~6;;AkLlYs|Lq&y=_O6r89@-i)+5#Lk(-aJLQX4D1x0AT=>Ob=;I^KVKUp=_r#Dz
zuNs(4tTvKy;9Jn+Q)^QvRD}c#q+68Y4tjImW)~u7Fi&bO3}bKCTlm)1L8uObuPGM5
z*V8iU)6-Tu#sjijGa63P%b6vRVvhptR0|x~d-=qhe*c6U<JSa=vNyK_7<<!3kd^G4
zaAkG+h71neL=UiLy@@?%M?||0lCNK|8W>5CDb|VI#@ZrRf_&3YbfPM2s2e|Xg~TAp
zPv=s<28}8A!9gcAaJR?PTB6^;3AmNGk`fLU>Mp5Yn!cK<zGbgo<bY*2@f|}=eHdF*
z^%}4yT+Z6K0i{IV^MP?Qm&<1y?>HQLU4CMSXV}e=Wo5u5py))+?#ZE&L~gFo(0J&D
zFjJUR6wFp8R<}8f2?%Y!4!KX6;ocO7a#41#`*C9_oKBV0<B=1@SbyX=H-0OlQAmu{
z8htY-;oJZ{Rsq=KnVJy!-o66Df+G6g9VmGX-w`HJ<N0;k*D(`hW+P<0Awle@$f3rg
zJJY#<z2I#s*<*UxjhSI%nZm3=?H36DuT&c&=9TfO%+ctCl0o<@a@!Vfr|uuUmWHu`
zqp-z7zP-IsRf5Dm&l65yj5FJ)W|oy;2&rr(jzVtAagj?*lmU4G(?4m#KMJj@o0d!(
zf<rtn^uvFJpPDF6vg~BcbxlhP+V9zShI%$N-m@g?c8V}Qw49O>S!7MaX1TnYtHST3
z2h0hCa(p4)PV)^40uN)e-QFJbBC%46#*(?*cnij9cE`Pv5~eU~+v@EEdC>VhK-U5e
z_Mmp&Ff&vtPPv8NYQ-_L=z%+BDJECEOK^j92RkiA*xN5<p=NbC_7-LmRdl;e>8@vf
zP2AlQi_}TQy&dSQFDeP)!Uvdr(+2bT;eUPVyd*=mIV@(V6;iRcWzsMYElllco2<Oh
zMAXcBQ03Yx>nyz;^(s{8Y-RoJHF2yg8XAi^oZYa@I4!Y`*a|hZ*WFEvEDOU%-reKa
zAjv$Vbx8AE$q4*!<hGjArBe3`;pVp!Jx<P5gN1WwAIHgrg`9_Psb&sk=$3_0=ZW48
zO^DU>GiIL3s}!CD1Oj0Eb>?_|XRP#Djfx}hH|KeWf;zpI%Z(z7v-6&=-bB)vJMkrz
znxsAb-VI*<Q$`gP>%lqT4Z(P@#-^n!Ed(ZW$VgkR@>lTY0RsA2op{oMifw3-NY>zC
zRW^(0y0R3i4#`;ussxz&q?#OwaJ@;~bWZRx^{w<4Qmca%dhLqifzmqeZv2s)Dfrh`
ztPPy44OFbR<Urrk&@KWWtRY6itZHuj^)WhG!j0FWVkckUnyKjht59VcU7>dq^wP@&
z@bV13Uh?(X5z5KqooZhnxXlNgrwhK}d@vo$Y_7_ey<%KvO~tCCIXO0BZuTe|vZj^r
z3U2lyw_ed|+Dwg~r@a0p!w~3cfMPr3wW0j&<+-KrpWo)Ic0*Gn;j%()$+J*FzKuI1
zZzY`N7)=fh?wspvug>z!N4GdjFWM)7IbVTNfw*hT#_fK6wA*srO#YT{`Wr>rx3>D?
z>!#t$lSZ<=&T@^V2<aL`MHV`waWmHsW8F5Fr1tgWoNQ;aldT2`e!^Bj$$)FTK%KH0
zNbeU<O@U6XMMWhkBDY60b1Xx>3cN|7WN@%TR3F+$Q=bWwj;lE&a~19%1E8A=hk4iW
ze49G+N5ab^xK{*VARsIT*4c;Q)ELkSs97Ryh8fr-B5!fC`-RZb^uGR;*VBo7>47vI
zS~zDaf#y{Wp1qv}IDd^20Mm9y`3G%S@rtEIbEshB#(r0b%>p_E5N$+lV|%-YXC^JY
zTo^ZlUBci3sMw;~#nw%rXKT1?RqZ|BE5wvD+-2Ou^%^-9Yw*!wy)yhJ(kdIBe1N8_
zioTii^lWgPIJDE@*o)9q?s$+?eiI9G^@Sfas{AxHDIicIh+?m{ZftIC0{-618ts`b
z?3d3K)k`gPCGXlo>*|u=NYdBjtH~IAa(WVs95{?cnHmWX&lV$=MZ%F1Ccn_3sK(@M
zhLIWvSa8g&<0e}w_7-kv>EN{FX}&;vhwNL8Ic6rA5(x&K#{z10Z>7-q(YGo?>mO>R
zA@vsDzLI)lgkvv_l#>p<@2ZP(gG-UH4i;v7{1~lbCg0Z7^cNm%X=l)6Yq9JcjNsc)
zOo!j!aa?z?ZIjud+G>2EP@*O%_0clS;O+)g6*mhHW>bs`S>2NQnS&vOnI^=J^qQy6
zfKf{_`|nNrA<NQ0pu7)Aut<Rj1`zBPu}Q)yUV11CSso%*x9AJ%KaBAaN6?YOR@Vnw
zt7BQ=&YiK!^4v!StJ<EBHa8J&23E7s8ZDNw!uL25KMX4%fmy6jMkEr(eNEu=jQ#X!
zzAQ1@(F_5oEI(&Gs1M+ymn%F;yE-d{c;oV%${w3F-sJy92?Wwv%L42Ig`o=mG+`l8
zqur>y-yI30Q$8|lt^AYFJF_Vh+B`U{w9vy1DW+ar4;p#Awq!JC+|Rsz_s9t-9G>sd
zwHzD&6{w~b$PC5=dNtt}0tZIg^3RZ#nCzsiOM^83?z>ha!{32wwgPWl-n&C7jB|@w
z!el|wd6>&mc7d6%-O{3n$>bXiNKdVRKqGsAF%CP9t~OSQ++uw9?xY_J4VP#(BYr&*
zB@Y^#e)>=3LjQjm)PH@en}&{i_RtUK_I(Z70?htb!^XeeImdWpstP&}*v$F;o8|ZH
z!I>YA2Au?a@MNy0@tr$wOlLLMgEjzbn9zH8_nwP-|I-@xSQ_HjqxQ@mMyco8ulqwW
zl?ie>ig781GtKZ1<g}(cuiVDYGfsKE{4($d&;-=0Z#(Pb`+Z7*U-*K|N%h~A*kgHo
z#7_U(feeTc^cvudH9h~UcUPB|wLpKZ=LbjkweYh?H;dK!boSg3_kA+e0(>p^)Z|8^
zPj$kawsM8Qw~v-NpH9@!yWJI*0u^vN&X;-mvc?LoUT};U&6aP3u6Pc<4jo$(QHg3X
z%e-k@u3RQ5xzwL8imFe#OI#snihdy-EKYOCEn8i9Ur;~V8C|NwQ#n_7KN=l=)rC~V
zK18XOug(3lK*7#JA9jX{atJSzII=nyAD_>um5OeSQrcXg*PI*TRA73et*Mco5u4Hc
z-mr`X>L@YaKv_M5M#X1)*RcBs2b0vW*zWt<0dEN}1~rj^%lgvk&B`GGJC0$37dR>P
z8p?MwkSA~z`T0`)s`2-;^`jc0-Pfp5BfYbtLD`#@01+O@y^>S>hDHz!WBc$SKvVu?
zJ7p3%xiFfU*~%uDT_KH5ZVb)~6Slri?8KYqdsF%@CBIEBXGZ1e9FgReZ+!Y}ce$oz
z7RT}os`FDrnnQ)VyI2Sx*rN`Q(DA{I)1w(`aPP3ta)c11Z_Zf(vMEipFJIJ}U9W<M
z@v-}Q8}`p@5A2#ix~LmRaZjNl{@kC0e`_?aeG`RZ$`~d%yS9n99?C*2UW9YAMsc;X
z!&vqkcSw1+r{_@cWCy<o3N<VF$(aV+?-?iU_comjIQQw|bEmU(_KN&GBFlRELM!z2
zCRJX}7;NNa9!ku7Pfv$-u!Ij397L1LDGR^d31Kw0N;bnH@|CIfUC11i@canxN^_i9
z`TCr)S-0wpN7P-Px{UV=eo{U+ula)K;D}Dp0rGAqOKAGwkX4xJRgRmyd^e#59>eb9
z7u|l=55JFoh}fb^UwCy(1xLl6-J2O42MbZfpUQ2~$n1(mgIs~M?D0jVy~Bpsw0kYa
zxl4`^kPQ%zJ$rOJs;YN<de0H_PZ!j$ruI(9ug4MGb&nIc>uwslCA+GtpbqUhn((jM
z9e`dsaemvX6M9QPk01X&U44D`d_SdiH-Gzm3g3NSkkRY*73iDa&Gu*grvZlf--Gr6
zj0z~?FW<)v@6R~<->q>})y3hhKJvd{uiNfteDlZLa*F@^t>Ay$zH|(`z$>Wth!oQI
zwHluiQUN|#d(_NnDKUwgsbqqv-JOGeK!twlS#@bTvAiS$GcXtRURgp|<(|C*fCc%_
zVBw&|LTn#?h|voPsUZjYhM&?0ART%S5+3aS;!;&@;7n9e&OWH_5ILK7vd8|u9M9|h
zP^h-_xb3J;I?|lYkIFC)jLT(DNK~WkwG>z<`d7oRR@(+FjPyJKWIFhnOx0jT1fqvt
zF`ldX#L>}(e$0mxe=pkkiJCyid({89kUd0%r3uY6!-ImCms^h_O)GX4?g${ndj$X-
zK#cx2!%TS^X}^ZnF3oXENy^AfF9OP}j9!Eud|k2h%GEJgbq2hQ8Z1|rf?D3s5{b%{
z;2UY5V!_40r6P24%QQ(cUUVk;p}bi6uEO}zIB7F6)C`k}+Z1f0Fd5noMFO*SX6ea>
zEUE8Q+O$--s~nXx>!{+w<8GOsPBPvCJEJ=Eu9cMS=XSfr>%pgxLF+7}2zx3FxLk5&
zuA20#S3x>HABeEZDeKO*1BQ1KHvs)OnKaJY+XiHGk!BHb_8Tu$ew&-rM$!m4k&8~|
zL<7s!_~+$<GlH@(`tNdyYKZM(&ea0BmLnnVR@VdXur)Pwi5|Z6#o6ppiF~xTDVMi!
z9PRER&^$}@fGFt=64a6DXN0?|k)Pt7zfM*Fp<7|P8nX?*+6s_qfwC^Fa_L++^iI1A
zZ(135u;oTMrZGlE?{1p0Lzs&}w-MCqm%wyFFB+06i0;FeE1sYZvZj`X?s-5awLc3S
z`jB=HVE%i^@~;wAP8)2jo}|5;>ghYJSM^lZ(y6=N)%t;&@Nv^^jni3^bf+Xe<FNSL
zxfDh7l9E-Ypyot2ap&v+yu~Z=Q|*4i_kS~d|4STozjUU}tGad>>#Fl{deXvpL|H}8
zm`7A=0HOD(zh^uxj4h1Qg4300A2Z!#z+LWc@$O-hkF%W{dS`?WB;PUeKBmapj2!ei
z%$<Nw(xeg79{5v)KK>JWMCH3edLcQqPx7m3^Gfh6xCiwyuL2Vo#(pmR=VIm*@6bCk
zl3l49H?REJ8~{eU1aXBp<$W$+<yJ<-$kW;YM&r23%pr$^0fK%yICe*uf?Swjc5nc4
z|IynbmbeiajrJo{F4_Q_ZQlX={vQ&P-&<NT8oLn$U2cD5F?F<NsbD+{B3^hxP8Yki
zAE&1S!9&{r4uYyL3w<VMo76YLP3bKfX&(LX1rc?yi7es;wzqeOYX;0NW{Tz+QuJ!W
zz^p}uQ~N+>t!4;wBAaY~AaMuen5O?y9(R0I(NR%yJUqB*V8)b)@bA<HVzIA*E$k05
zS{u$2qU0#m-x=a$(OthZD?6Yw@EE-sbh+uBK}bw4tK4pz9qv-W_0v-}I51shJ5g6#
zTTo3#scb{pz=z<TLZb<~bRr>bqoN#I`#6_Jqn1Z{blbHVVIApc_thcaBnoNOZ)&n?
zvpKLS<rm~VZth(a#$rV$4Qo69Nfa#<gfg>aq-e@5wjmH$#uC~}C(aF$2t|^(m)VFa
zWq#1*e$JE;4y<#r#6tM`g%5A2vB~0FB)Tk=r_67N;*JyZy3bE$H1sUY7ok_FLsysd
zcwyQ$%q@9UU?jS#>Jn*o!q-s|i_ExGj0OU;-+qtAqN;uXqWg#Th{feNQ9D$s`66KU
z^w8Gt)g5%X&ZKATzO7WSoWi}NlA*xqhB8IV$-<({ktTiwtf@TLgO?i_JrEQ^Uws};
zwAVFXn8?nB8Qg`r6dt745S`oA3DIbe#6u1Q_sg7%(Uf=n$~vZR!7hSCgxIgoTc<N~
zGGs=n3f!8=3y|cpp$>Mm!@-Qk;iE~1OdW(i*Y~mHY=*JW0Mi9E^B%Y+=JAuGpU54^
zXxyZ(P&yiz&0cAiDcos;gOSgRMI>D87FG0HlM|KCSx%0Tn`E=Xo!IYkJ;3Q?z-r8(
z2ayEs$tp^&qcS9TayCLy3F)F|G;l%F!I9mYzhu$viR{@X?Ssn|*%K;RW<yH+1MNCH
zJ&PU|AHBYTvUT(<sq&ch{-1n2eJt3f6v><FoSDJ;C^~8w*1FP#bBB=d1vP`&KHMi|
z@8)i|rjFsQYtK*i${H-GT?I5=<NrrCa3h+EjXF{3$9S2=DO?Zq<3~_*eOhJ;gg@Hc
ze05a{Wv{HT^_z*_TeyPTEe{9Q4Jl0^x)f1Jcv)<oSgZ6%ElbJU@kmp<Jz%Boiw%Q=
zt(j9WHMKxJ@dv%)!1=LAiC`oJAq_K{m><s~^O~9xJs<%RuZ5A&+%!XXKpN*ir1{|n
zkTzu+><kv1bC**x%Fpv($QpbxJMS5}fB#!o2V5}31gTSckszWtHevFgu6P;emFZHO
zaw9yfz?q1*6$kJkSFcw0v3@BDEa}IAHw9uu^@<Z(16IgyH*e)-dIEdvWQ{5Pvrv(L
zG2rL6Nq;0eyBUpxNwRMbIb@cAb%&PD_2sUgNIAkaL+SEYBGH9uCFtaHOV9m>u?s)k
z6~)MDjZ&O03Lo@?+pUTZF!g^bqt5dFI-oc399@&j17rNJ2kk-&X<h?G@b?dZA$I+d
zIKQd{^U+FuUJ#`xqUR#!x7P7KvlH<c!%d~V@GU&_rO>g7u!>D;W(o*z2V5Qck{w|*
zSCsezj!to+P_Y!~;L<tC?7eBL%mA|+L|-Cs9EMsQdmj}E>>sGugwC-Pp_sCxnD^5i
zAA?@PGwzjz-njgVw6oLI;mJYzuijxTmv?js|5jKHj=qmr+JnFMin}oV&>Uk&gBJy7
z2i3RY&75k7smUEq!ow-RaM%7mTz%F~6%}H-gWvMK9=5@auEYO_iS%u26B!XL{vG}v
z5R~!99s-2qX_}u=g1&7Jyv0Q69{|5AWO8rxXZ+OzoQ2(pKl>SlxvCG#*8cM3GZy=u
zB|ayz;kGi>MioQ7A8JXTKh#I%Yf@NLyFU}^zeVc!|Hyb<^^y>J1ab5Rv(2OYH)9Cz
z<9@5qq+Sk}ljMk?`7QJ<cWNZr3ajI(`#%ax^wao$GkNtJh^#E(+<aM?(Ubfb6s>Q_
z2hAKL(;Ale#bRnJ<IzXaNlx*7(#mvTCQNWaP_n-nJX*^TgB?`n!rd2#cuI7s_zA7?
zUd6mBSG3%ZKz6)c4OxB@g-hdxsoCmQGKl2-VvfhYBUDotBS}Dr2g#II(Rg}>)RkyF
z$#KCV(MRbsV+|Ut3?n16QnY)}d*TyyjQK$f`NSMj7avM}jhL|&+lHt`PkOTkh8miP
zO(i7B^80LO{zJ^D-)aQ3_hDAvk61ZranRA|B;{d#lBk_RrE9PD(XytHraWyMj9y%t
z_Qx8qb?cx?t3vCfNm(Yt!c5rl;cdgpbab7|v(Ub>Sdt)Qf#Y(T7#e=8H(5ZIxK0kT
zeTNjE7+}f5`O^?%Pu=VOFRi5F1#fOqXW)^Lxka-q*l~xSCi(A{nc1-h(Aa2u$$X4S
zggREKP^)*Fu)^afxYt3lk2|B3=Lt)IX11j80(VL^)m2i%hl4`t{LcDD#Y552_M-Q1
zhA3uGQlL-0`DwjwO%g#fWX^NKzv4&o_MKgDs~hYmwCI(4I$@FAD|OX9B4D4d<KvKT
zxYb2Z$E1U5e$=@`64dO?W$4C}TEl;pAfzTo!}@M38jKPuc;ce{Exkd-t;fiZeDPQc
zZ^%wI3>`$(SMNz($mged6NvS=<}_$gjqZr8fOr-wq1QXd<J+`bOJ{3-79OTiU&C99
zAAVvVcEA=~>rZ<4?=Evr%gSfz)hrH--x^QoX0{?^e=-p+&N8$2+iG?4gAbuYM1xhM
zIttTSx06fIt|c;iIZX!MD)xBiXM+c%vyV(TPQ`7*6SHY2a(|S^8D(&@-GE(PRKmwW
zte3Oj`)IvFrtt8wYtrEPQUL4sJ;XeJHzOlOGaD2Y(_B{aHdkbrIS9|2a@}HFz;c+?
zq4$bO<(WB_z<%s17q+Qt2P_=rw_I4-i~&|4w2Cwk#yCA|h&@{p#AsZV{TV<m;nR=8
zZr7tzE)GQ_H}<5J<i`y0(U6$%2eeD$^Y>;Xq8>WO#SFeO{W_9jsn|`_N~bwxC-<AF
z2$-c<@JwLvL8ZG$QUX11obz5bKkq&xIxc*?(50gEkSMr0FLeO!G;mNPDyEDodrydw
zlD%S0b!aBc?*y6ESo?&9S!^0?nvex7PbVN>2q$1xM+Ua?(5s%jy!tFT5w5JUhbO0D
zs%Wlxk*%G&X6eU1wsdN(XkgsS`(O)V2fI5>PA<!>W2RUdk9n7($d^$q-!5S_$^XO*
zbEiWC$<>UZC~I*=wuZ1AYv&mZrG|-sx7=OwM;gXQLJ{3r`{Ecr-9DXW4t8OzMe>xl
z<8@Y9wiT9w5j3%HEwA3EaAL~?#(Hb3<xJ5HO_kk*<iYXGEEEDA#(O1KI7)d#H=WG;
zB*Xb1c%JjGafSr~{o_(ZAV>ZCqs7e&NV4nO3B2JZa<+Z@HI0zz&fcFvW0q^hCCc6N
zwvY_WK#_F?GhIBEdMkdS-5>-)W_4LtkXACzm~2Aq2o?txk^`*@zTd_~@*0PtVIyot
zq#1GW_zank*8<ad3_Yb%pXTZrsC5PUDdFeS(!181vZz@kmGEoh_TVB2Dhv%9#!`&v
zWs}uXtulSvbs!xW5Wb9Dj*(nnX)w^)d`;Z2$lV%9FI#AOGQ^<_N{b`A8E!?30$=cm
z7CfEIACalxXzHwwn4jr%U|%HxZ_k7a1*;r()}dtS`=c_ds{CqIZzjt=m`*-HDqIcd
zbrSmAXrAz8?nI6YD#6ktQc{%F8{nK+<0McOpi?gPm{Ew}wH)1qw*o(%(%VU%xHYpE
zdTF25df<N#YmA_-X>k}*Ja~P%F|K|^nrgq}`oM2ek)vaaR9tsPUe62&3Ssk#H0#Qp
zwIW;<Y4zTjp<MYu@#S|1?vLLpZdZ^rR$tSCdJ<;NcvO2MxkS<N7*=tpR_TSi+E+~I
zzWf!HKv6rH7md8~Qwh5_7QyRiI5y#3P=MC0lcr=jE8e`X1_b(xCBmKdWU}28KxWXI
z%3j8xFq-zl2PR`_6sZ(bfJzp4Szam%M$u&Gt#h}65%X#L<c>tlL+lZpt{yt<c<7M#
z5|Oceb;8Fncp}o$l$f*I8xl?@zhheSioNPW_JkJeF>Ps>BKAtA|GjIlkt8n(6H8`=
zqMGMtL!vRF{CtN_g_si+K5wfPN-$dZZybXd4c5{+E$RWO{WY4HWm}=cMUri~X7R;_
z4{>1p==PvF=9>`XDsZVJM+kvP?YVb{HtcFbUUTYe!0)`2Bvptec9I-L7J&WT0g4?^
zcBPW5T{QBlqr~5FJ+jO(jK7tN)uc+{X&u-s>!4<EmPaZ@Xyuf2h5%SXtQ2+Q%C&*=
zJe6w#s}4c_u|PV`b*P)^@vTT+af@+q@j#aCgS)q{k(HsF%DGp71%b_D7GvYd?W?$N
zS>dbiCgh7>)#RXqcuuTtW*bJcOwy9qs-hhbJ}^fakTHu+Qb~y;Iaes4G?2#YKpmQE
zdVhRYU^M~@y;{<>cX8SSLhAP`_!+41I7W5p3-T>Ke4Wu~Z*-T)V9^uok%t*LaK-e&
zc?7?!$6o!KS=iTC=RBMPGq$nxB_0@7-Bzi9D2=0c+(-pTv2j1kr+K1crz;`%s#+wF
ziF1c|r4?2Sy2ooJk{JaW3`mHd40S@4)Xhd!DuSr-TAM*W5o?th(XLOWQJ55bQDB&U
zw;F#x5A8~Fxa=<US*Qkghg3poG1((<W8my-7h3a44Xd$`yn3o14N*es1aOM^^O!6Q
z3@v=1vqkDlD}hP<J)h2Aj5MWU7jAFib=p>=89d5Bw;>j@%2hD|OMKRp@GXEUK8>x<
zv8)p{ZgUj}ZfAx1q`Ejv0vim$)-QZ$t26~>kYA|#o`(Zj!Ylj~MMQEn=bLVVYYVIR
z0e$9%fV*3`hy24hEk0C`NJBH$itoe|bG5!qNq%Lx<5bjD=X4=3Gm{TKnygbTIV@cK
z*}QijobwJE?lV)ACuJb-FPm(KOqfZ+#pS_6GCxY1rRm)5-+4<=osGOHNL<YXbt$Q6
z2=2cMHFkq=@`Fapig>PPgp15pE9uctZ@#&j;O$eRttGz*7sp$;Tcx^Xl9zS(CAwz2
ziu5qcg}-#<#L{{YDhSA<#;*NT?l%6=L|zfSgNC~*S}U2{m=Dx*pcL?yBW13gC)xFP
zMXEb1vIgT|!!n?n9w3{(nMP@OSqJGNsiPO(jr&9E76A+Y0qE^NQ3L;9U%>%L^G{Xj
zf06J*h5r{FelhH|8vHNr@WmYfGx*Q`*6EAcd@-9ZX7eQ!`GOn&%r8d&{ZMq7iIplh
ZUnoypc_<I0{vgmVXH4}=e!l$M{{jXlV>|!=

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/webui/create.jpg b/docs/wiki/images/webui/create.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..3707735bec767e01dbf3768938a47da54a6f24fa
GIT binary patch
literal 32990
zcmeIa1zeR&w?F<MASs9vN_Te(5+ZI=K)OM?yK@VO=$1x6TIt%LbV!JFh;(<ibZ`C-
zo;S`p_x=CwJ@0+by}$drZa%}FXZFmRnKkpwtog24>vH6B2Dm9JDI*CWAt3=z!9U<~
z_U1ms!_o`@<mCZo007Vd6r}sWH86$)KF9`J0w`b{35;tdC0~65qyTX9+Zri=2Bu+y
z&!S)eNY}uB=vT3ypPwA~$$_67_{o8v9QetB|BW1waWk}|l(e+5ba1eD0|3+r<R9_`
zJ}5V2MWFmGUL6(rBaX}^2mn!0e~<rNwm?s~;@?l%;(y~T`q}579QetBpB(tffu9`s
zI|sNqx%h=Rd4;%mC^-d%I0b}wxPX6@1^_aE8(;|70hE9wU<ufO!2$fU2UD+54=hRx
z7Z(R14h}nKc0&_;BU5%`ds_|<LkA8nc1{jJSj@x0(Ae74h0@5>+|o{jVY{ZDfzr}M
zgh7K(o>SgI!qmc2+RMpQ#Y;ie*vr~j(1bxu^aiG|hmeP@gRQBHA*F|{jh(ZQhY0l#
z>Ox@rDw%^?RM^SHOi1~W<X>`tPa@QRX^XqNJG(m%yS<Y+2bZ9rAO|Nm2RAnxn1jvP
z)6T`vgU!yF<}U;unK~OgSvt5_+S^fH5i~TicXbh=c6GHh5i&D0<1;cb;bSv0<S}96
z;xaL0Gc@7hVl(04F%jV7y2owCWkmg#>P?LQR=b0%lg*F1O^i8AZA@)V?OdEeZg6o>
zbNtfie^s3zi~d&WKV(1HM=+0&gp;YEi|HdUh+Yjb8z(Ot7mw;+hn<~EkVlx~clm@l
zu9)$whW=|?{vYC&sIZB#knvU9?VWz9Ud7b$KR4PomZHBAs(<MwnEFcuqz_I$3=9lm
zj$c>(Z+Y<}1)O_exxdX+uq5Sw!RKcse~8IH+4YlMe~1HrDD%(R^^;wHhy#Bp^UvA!
zKa5>}mv&9<KoQp+lw~i+0SN#N74<qQ3fgtl>*#1`=$Lp|pp1b@fO``g?+yX+-8%$#
zh)Bp8s7T1@$cXMxvs2SCGO@6-5L0sSa4>T-FtadU5kW#jN5{m##K*$IXC}Qv%KV2v
zmkj_OIx;iT05TFaa19R$84u~Q37`OVlBl2-^GcEVmk-i4WE9lvXy_Q2SYU>-o4_?B
zWaMio$f&3&pb8Vo7yKPS!9%@8#U+0Iwvr(lwIe>af8={~nui}h6Daq7r{ytn3c$c5
zB)W5#n2w%-k%^g?k6+-Pppe8Ph@_OXjI4^Pn!1LjmbS5pshPQjrIoXbtDC!rr&r+f
zpcla}U%{fH-^9emy^T*uOV7y6%FfBnD=sN5E3c@ms&4$!)ZEhA*51+AKQK5nJTf{q
zJ2$_uxU{^oy0){sw|{VWbbNAp)h{Ff`Im0}t!KaM7arKJYbYqlC}>yxLb~P-24p-G
zR4T6Px5Smu3>|M%bNi#?Ka70;@iPVukMef{Bd1<WLR#Kgx}B@8{pi_$tYZQHRL}m_
zvA_3g48TT40tXKn4-f<Pv>DT?!yM9JjKIGQ0PT#E1&~&5BP_x?Bht%7wNl>%ZLDD1
z@4Ww1xKcHBo3p)0HcUr5ucp^Cg`P#|%M+iEN2#&Xo-G--+K;H+PMLU@N-GU&?HNzs
z7p?;?_+^t9kt9A)|3y*i<o)d9OQ1pcJOBs%^HEw&mF@dvM_%dq33d79VCo3M5_`7#
z>WM(zL8s~u8i7@l!96RgZh2Kud}meF3c`Nv4&!9ZioKlt4o62f^KX($2}`f5F&VRI
zZCRd&%5lvALVeSZ`1>@BE#T`MIJc0e%BK&Bisr1Xut;<a&)zC27IH&{4j30>@>n`2
zg;^CmgVRnd&w4uTKg|t|xt~R}O+TWKfoCh$W4}Il$WonISikXdeEu9);KC^R5_nN}
z2^^!P_Ud&Vst?l~eM|SAPyPC_$VcF_H^U|HOkkg{U56Ep>fzm*{-Vd>z<>?XaS7ml
zT3*SPA^AcjqneNN4rc3V%e&Fz$vgN>2_l2~se=3E%)<?D%v-jjC>d#085=KGfRsSK
z-qB+xKBOWFZ>XaJaBi(nqRG}m_3HKt%V1{AV8W-#@YE*r5ih%eVS$-2CR=urt<OxS
zR2d%hA*OS#r?~`E%Eltr`DfJpAg_`A9r3r}Vyy_I1|_|+mPAV@+(gXfvxcWbWJkd!
zFNsQwsV@PC1B!WFwc@dX!TCIq$L#Je3Qx?p>P71I2w~{VO`Mcr?|StOw@~qw9{jTb
zKz#|Aqy$ta(@5#4-qr>B@gi`)Ll4&Cf(uZhNU9{&aBfl<Xs@zNcRE;2jam1f_e6Xx
zVR9DcW5_nxy#zSZU@ViOs*IUqzPO9h;$)IcfD#11p~&5wVB@-AoM>=m;ltAoIg&v9
zq_DiHv>LC>yph-I{7=L@KD|HMFA^XNRGaOlc;&}X7GuWUIPfI#h+=jbVNQX~A>2tS
zSM_!VbG@{i{XTlhm&a0Fm%ukQ4jgUj#-kfuH8A6|vMSBR5$Q(Ef(ma>GOZy)p%`*<
zVu=0HCD6v0_Kc^mHgKsChE9{yj1MSDqOaY+N0L+OHyWT4L^4HQ^jcsDkh4r+(y(S)
zs_AGO-au_G8l$23^wN2YrM-*ODnn0`O=Hd%NAYb(DCA-Kk^Yq8d6?VRKDqHA7*+e4
zFB;s9P@Qw6k><Jc`D3p#^>3TT75#k>suZQF#8dScbz}_UCu$T;U3)%_9<ahUF0gY=
zB?!S9`Aww<C`m}so3g4!Qz*U=fDRnIyI$oHaXF^XQIl}b*2k(Ol|$70v2oBv^6Lw|
zo74fLU8;e(2VxTX^u~b-?4^XYiaG7hOp<ap)K(66cR3l;U?=k%4`Gb&uKm&Q4C5)9
z3PkgRIQ{!;<e`)la8=`OI`Re8I9k#gvd}lzhQ2Zef6wU|u2qB(9O1!WN_w~*%L0Oe
za&824AG#+f_xFfS23*;S&iy1V0X?FVes2^%T3>ut)?2`~rA;0Y?c3on(HL#2cLpC{
zp!RR!2tGn@-OoJ`J0aStUmvaCCqCJetB&naFRSz)B^Oi;z_~x%I`ci8;I3RkH^sXp
z!RHPt&pmG|PwaD09N!x1Yd)|g7NeEw`d&2IdK8@Lne0nYD9P}B@>EQ++zGlJWxXtW
z=#;RRFVkXoDC#ZN*#BOiJF6h09?v2Tc8HtI4G$jWTYXPTyS~JDw5?qhm*bOA`#kWh
zS>8&657+f8S?Y4`<m;mtp=4bsOVKx$;$uB*mE)>Di$2I1OOjB4P!Zg*Z0wxr5{PWR
z1l9*HfrJ6$`pN7Sb*)1F<g?`EkaIeFxP<~Md_HUoH--A;^=-BJp-&Z`BLe4bMVaQ&
zjz&xzQ(AM1d<t>ZzSocVQLQF)zwro|^HIQe2oI|d-z!RKm?zE@;_=S5uRPu8VONGL
z-j=r+yx^#Eo}-H?5Jju?fWMczL4Ma52v4?dW|^p?g|-FzBKD!DT-IN#2inIy-2E<r
zG+_m58KZgoMT11lhsaFW+~}Y2OErppX5-SMvE$TjpabnOr^EvVnHSTql5kHfaTI4S
zfi<}H(iclK^6vB+GB`x#Bno=p`Z&nS!x<9YM7%(VSKhG9ehEw}4GihIUIN%f)MYy%
z);y?t=@tX2+iv(fJZ~5~o=j46y3A_aMpqpz^$IO~{m#Rxfr5T)iuaCXc8koBu_B&_
zyFrC3<U?%;Zlc)`%ZU?nMTjuRC4ixjh>zuBJH;@S5t2Jk3Y%dUy?gvxUL#JSD$KYv
z7f(>~saLqyiT2G*ZQ*{n<;f)wf25gE_I-CDJ6Ji}E_K1#kFmTD&UZ5VZPC*9&4KW<
z$p(>T6P4uv9m^?_mt%rYHcbozZgAJtC3!xL*<SMVRo6Wrh1;`#R?=;(AS`|~NhY0Z
zk!Q(g_Sj^ej;{J1nsQjjr0PtcTCEz27rZfidnr%j%Ro5ogf~TQUutRg-6NSGe5EHA
z_(~Aqj|2j9`KQ&%RU#;XCxce1Mo}y{dCnRbPVI6ZlQsAH-*~6jr=`D8;>BRzB@@qO
z*}5&SM-fvxx6zncb_s;HLD$nR0U_A0AIQIiH-)G1{pyw4miON(lhdS9?xD?lhqP?~
z@r>;o_jD4r33+SE$|=blQyBklHOliaww%8ZZ5pB`mh9t)MRK62AY5T{fyLda&+oF>
z6&1EnJ^s>1(5L5{&ONcC_M)WqfjTOWsXjd+c^a9w3cEYPIZk<X&yM&O2RBUd8Dyj1
z3>NwvLSJQTe=?Mxj`5>{;QyF$x#y=b&waa|4`rGzZ;H~)$CQVs=E7x{-WOzZh_!2O
zHG6-^#OXaBhsFfd7zBy!-mAaxs^8O|%P&1vUrXV1+Q9dXIbk3hN+&~Xiap%zIU4iJ
zcAUR3^2NNtjTlL4b>1uVJDrczV^4<K=dFIzAN$~u^`ygB>~yX&{55yW>5aEi>S7if
z&gXo=-+P+HMvq#hYoiH=(YScX@h(JP)VV&rD8x{M9mOE#*Ha8Pcm$Oak4){OE7sgn
zZ;35PfTD$$*u|Z)*|N<`052=_9LtCBk#V&sGVaMr*&M-|$@JFt@V-=Vlh@olg5cx>
zxF3#*I&_>(G2B7i5j?*HP7m_6v@OphGrir<??1Ql4L%{r*R8ZQTAVDYA<3A>U4$6~
zT>?+CAxjw1?UPG(B>V?GHY(P+-*M8@EvvT^;aMaUmGM=Y;{)OAV`Xpwg~TY03JGix
zKJ@}aCa3JdeU7nn=^er_zxLdR(Vu+qgb1Q{#4fD1KHZ(aJy%+##U|QKSJ&rOzWCG`
zL6GZc`rf*uSXaW_i)*(Evz0>IGV$T}?&ui)a?UW>tm}&3T={lg*Pp;~H2X@Yjkg^}
zeALOadDr(;^e%xO1O~XZ657lKHt|>Bu@6^1kLQ{Q3>ik#Lkl^V0^ecw>R~)49gDcm
z=K{K3sc`3m{gHbLDdc!5s}uxp2eLJY1p7xp2HAwsgeHew3yId#A!Xv<2ounFI#&Cc
zVhRzXkjneQa!O)wB*D}NBI7LIStF+M9!=rR(^J|27-K>AKeNZ-#C@qqlfIFk8ZT(z
zsN?!soM*hNxXGcz>4uxO-+Qu)N|$?%NB!T1`xYxR?|C!X)zi%J6rkj)y3W)N*GFFh
z0XpE24vV@(Z{CLXSc+|@OZQ99<I;TCXO-uMsY@&wLhw~?suH;~Sz7IhK}c~`R+VcC
zEcDvcl%f=^77l!$Om~+Hzf{=@S6SE9>{4~u-yYoX@^rhd*^%oTQ*&_xirW?~&ij1H
zJenISJ6uTJcqm7b87nF!X`rMR3LnsLz%aDQy%5RAuDMP8=0vDyZCTwpAes1U-Vpb>
zaD7`sj9$dzo!kR7{5Kjo9uf&!q=u7ky_5RIKex^FLMUs<`(@XIBS*Xl>Ej{zsN<OL
z^QT_35K<y`5UK=Lb947KwY3thiq>`A-uoOKNlML1q1Od`I(K7wlHE~9?=7fsO*1dg
zNq=s-r)_m#1+Q;zR{>g!IP$93b&JX6Pj%cgX}knHyu63?NMG?<)7sqCG{I9uei@`K
z%i{ViX&g-jSFe5j?)~gjT#$?3g#CBASq;`QTrL6Eml>Yq>Rn-9eKnU7AuLprW1p`W
zsV?@?{t<t@xx`-Q@Tk?r!M-}-l8mBQW9`T=iL)c!;1_wOPOkI(_AW=+B#|U{Xn<%S
zeS>V7n!fd9_}nEhg9pl3dkhoc()`a!#4`4dY^9CTck(gAV3w6NX{H2popdg)grbxI
z4!72il)b=dehFX>t7E^*MInDqJj1MMw_G6@prQD_$SlnIUcQ>fo~S)Rgi7Mldv*hc
zkCVN+QPxK*g09e`*f+<p<1lRFm9p`R+=r8jYzud4wtk#kv{bha?(6W0+B~a2B8t{6
z9fNP2%Q%ee>x;#xGKg3w6xwFyN^ReFI2VDh_bk+R)#t4B8<bC1-CTKga5{*|SVWj9
zGZ4o+IeLI^(f=M5)2fZRIeCAG$3CbMK__xUBQ1;j4F#`Wyh=84q(efrxt=L}T<;m#
zr(Ch>*1&zfG#oDtBz4OA>heoK<$lioSE)t)LDJDot2~6oNs=ONi(<la_`)U7wZ&K{
z?<3)p9xHjoBH{7kBp8)wf(?`fte#Y;d_^=gPrDw0XGo!rueC#PTO_1Uqhi(BCkaao
z1MGz!3GRlgNw^*P!*n*IWmd9NHv60tV))zo8oLHdTD1cV^>Hq({zs}V1lll`mN$!n
z&N7p!iV8_gkcXJ<sCxYeG8-hA?k$RpRx$W0xy(*WfhF{CM)klTh|AZnJ!)m2ls-1r
zACUxVSof?A2qiDp<4uT);L;ov*~Qvs=Cy8#8smK#c7M+SzR*17X;oZvEHi>!sZOQg
zb6AI@LL9x;*=NeZ@n0_dU)QZ~gJ(w9=RqhR0i28>wZmF_JIry!siJ+g81d5br^>2J
zz<{Uzqp&Jpvku>zm|PamloX=iS+s7jFFH^IN4D;P3g^2Fwp~zJ7>uR$O;Ymc{>KnQ
zf;;)Npr9Zl4#9td^fUbA!4=FftisCQE5lphkV_nEynn3>I*Yr*wK_Yga|r+@m%y9_
zGBIrQ5_o>UX?mZ1ZTc7)6qRpFol{NGUjpyl)xo#zF7!Bo{W>2($t8g9{;GaOZ?OLR
zbpr%___4$%`Agv8795<-+?T)(uP(L~i#g)v_HF35ntbRCcKx|L#rI&3L`2Y!>P)Yy
ztGqLy-t&9%VzW3q0vA}-6$qg75@_mm;L3rg{u}bpMzT5kQzBRUbELRS;8og;v67D1
z@9F=(E0Bhkv~uY0=>M)Kul++IHkZI}$*2FeBSb&>ME{dd!0mr}KIIKpUoXk}va}{7
ze~<y4P8scmax)@}{sTM(_gx*<ih8*|mb|7U+}&?W`=Ow!Iy1f(cCJ{c7oTH226Q3L
zlHzdu5|9#cQ+quzY6GtN(vAOs(jP`^{t=CMR;3=SW?^euJIrFC1<rlSgY4c16fDQv
zl7SC)TC%gou*LEH({(QfO>xj>Ybb)84@P~oFM+7^{7Yb*;^J0J%h0+pQ6&i4HU0V+
z>&x~%4k6<fc?sCo?>i5h>e@FNoY0L)U4Sw|Z;xKg(<6Qz5OS0TrQbhoB}eNPBdlM@
zS-S)dTQ7k}nT}=ubxqgZ%60bkokQ*2D6DG=;NX{0_37Ra>w&wdy@Hx&t|tVFFAKX5
zy}Pw@t1z(Q-sh|e&cei?=nIYom72Z-U;5kb*;a8HaB?i2F6_h>Z?#QjN4COb*5PPN
zIBlC7iji(4qF_FIUbT>oZ<2U&i_KN6LgFTCuWmLi?qPLmm#X&S+M1BvYd4sxoLgw=
zq40vAtDKHkdQ2I5yB3_^+Y7Gn;!LTu-|&`!!iU^@cNbFMktV=#U%KRnv$TKG;BKRN
zKu}V-k77)-W-Y|4(?i~K7&FCY`#DG_0;5$7F3_a@A*(iBHw`srD@N1*=!KNF3>(M5
zkZYc{a%e$vXkw^-W8dsdRh4Fj^mz+5dgC&gm+R(GykVhbbyC)Smdwb8uYH*^r`N7q
zQ_qdDq`p)-Ss|6O{&fBB-S*bKT)qX(bD6ZRXRM)Il7<6e_b%iy*n}I^^4KjcO*T)U
z@x4Q+wN0Dz`T1@M5}4!H@nY|bpLn*)P8T{&FCGWE)`SiPlApursxsY%Ir0ST@4!Pg
zG6HCf&_(VQKylZuiD5K*=X~8Da`e=V6Y~gn)*jv<lCNTGz~hI~=$2K|%)VYe12?^N
z#udb)!RS!wvN41Al?eLY`50sG1?&dA-H*tk*>@;HE%Wo=xjgOoLKzqVF<VWrO*{6&
zGGHQRqC!1BTL_a^{caO7#?sX4^yPj_@I?ylK~~?O8@g()NACF4=C|oI7_-8=w123l
z`J3(rc`5a^!LF(+^voE<<diGNHtN`*?MfhSxEYRkB|C5J`tkJyh~64uf^hX;gJ|rr
z+$BI;BYg>!PoD~|7Z(c5a-2tP(jdm6E6ar)AG{OU0$_|8AoBjVivEqVs6bxjVS@L;
zfJ=T+v3}54Q%HU|bl2JrhMq*jXGuCyt?|+o9nq6x#ow#L*_3LotQDM1sRoymu-xQb
zw?-y)9PKI!W{9B>A1cqutBM<(HTSMLNkXLCE*<-u_Sww`tAuf+FsW`ti9r!%=2o0m
z3{653YZ^D(c@!|e*x?L35obtIyacqXZ%9GP1~S7ei8bwLW*Phs?~%u6jaaCc3rMbf
zIuf|okgz1bf%YzqeTXafp-QxRFL)fvcB~(bhBm5PWLAqYY#`Jpl1IP#a)q~qYCKLj
zQ|`B;wrJGu(ED;b>fUN=nN_dsnI{?h8*S^l_nKoZujn=>G{$^;M(qvnXtYS+N}LRJ
z<HM3@?(McMW%YfM$Z0*am3UGfHu{2g7eCf;wT-}BuMF1td6@7UwiLd&hM1C0j6R}6
zM6yLk>ou!W$gSY(iC&tWBN>U><?vj8W78rs;wdcaaYI{L=0{<nOD!2LWMM4MkNfBP
z_K!CyY4dP24~)DL5~fhg%V6m3EVodUC#8`I*!Z_bR+XN})b@dcoN+bc!2c<nWX}zs
z$B-EyMlOMsH--E)9KW4KlQu?2AfdP5EchGZkDFO{>k?>Z?-SdsK!ka1<cI!l78Q^$
zbv{jlF<~?2;jP*7$Si11bbM^<jl0f?frgeJsIda1rM;NDALNW>hrUP>V(9;wfbAau
zn@W1RbeS0yx2`kYihWuujgQ2JKk#&=K!~#~C#_nhFxy|^`m-D(DKr`yd?XQq+Y^#;
zcn#gJXi?JUbMEx);g@tSH0*A8@-yA1xodWaJoJn<Eq{D6vn!gKCI8`P9fww0<O?ge
z`>N3+X3q#=FZvca*r+RCa>}T3-WbM@bC)qkkA2cCm*<mSa}#av9mdMP!^z)s`OoES
zLy0t1)WRhFyJC{uJLp5c8Fn+Xekw|nnmnC3y6}>C#2{W!BiYCax5mL&mh`l+2Im{5
zv~ESD>f<yzN0urZT^%dVrJHxA&`2?(S`|5bEe~JnOW%ClM*A!+o5jC0+JE4g=V4(O
zjPO~PucKMeT*`o%jDMMp+w_s*3^ZANpddhw*4CPJg$>0m=w?OiylAS+#gxaYPLxhF
zYi~PstVNj0(mk|cG9KmLr-JeGRnkRlivgbW2^OT>l3F?>0%Tvp@~jmhr8gnM;b?KZ
z(QR_vv#_mu=PU{^6sK~BlW1gXd+N#8t5}L3HZdv}>{i3ZeXVGVtItRSJ0cVhEeW5-
z7Gz1%94A$Lb#9}iXspg*n=5}9Q8;MEE-AB+lsc4|Y0Ij1P}Qxk$@b}E89be*K&G6>
zPB!+dpN7gCdu6ZwZQD%m@xVh*?ai!^@y9nKUUEg&fPgoll+RHi4CX7d;vAvLtBBgD
zU70l9rgwOA9A_*0tX3p1eAG_M)U+guKdMj7RnFZYY37;cLe<fE{>QYK(hsK--2-#6
z^7ynCJ)tQk)<^M3B+t%ynvG>FS}e!<`lJiGn{0Y(OKx`D3_0<+C14!hS6$5%(5tz$
zvC*Y5#3NEu{o*YZe>1;1i6pmd$X1JE$YGv=X_aYA>{sbAIT^J<wn;zd03_q6<>}qR
z78tOUS>nbMpZ1nx4DW?)SI%@b@{&S^uMqKY|MS$5oq~vy$N0~Z_S;+0B3q67GxgJg
z^FFZQC=7Kt8edyIEYX={D+q8mVXBPW4N1us5fRB%{%XK@a<eV>t-EAw=&c2598V(|
zWI;;fsp@LRb%#~sL_$TjvGj4d!>lT2-bI|D=gXm!=%10v2l3tF`kwC@zPbCLIGS0K
zhQ#R-kO*F$s!m|kM#8^Fr+%|_F|?J&Y$9cOdVMPM54=l%?t4^VNAdyR_x%N7T3Tr_
z^+wz#?n>z|kFP0f=*}cg*(fZaker;fHuiSEZ;01YV-&qs%#6iY#RjEfX}yQR``R!V
zYry}Cf@SzG9xu4;=Q3m2&z&=S1y{-aSmgiQ0ZNAuppH*Sp<7E2X<&0dpJz#NY`fbE
zw=#RkcQ0=9I&|`-*{&pa^H-!9q@=xX=9%2SW>a?z<9TSE6c;K`xJfByTbx@Tn<wP4
zZZ)MHZ7h4#@c1TGZ;h##>&}auB6xjYtjRsEvT!4+)k+Zg!sw5=uorT{GZfT!2@Ey*
zLFV(d*s8lssfZOBaoH;D5nB@`<U&T-<<&2?XlSvuBnSkRGw=p(dR{NCFWK@NtnWC1
zminA;Q8=6NoE)xexSV-DjoR<1c~pVgAK_GqES4#@zDr(#_|#dd1fl$^81|p}W++E+
zG-l_p)xZ9pyDm^={a-R9(uPpQq3HJLvwFCt%YzOk#N*V-3yWP7#P&Mm8+KaiLi@$^
zP&mEf7NS%S`1$icVha*o#f~3=2n3Vc-2HB@75U;1L7V5#mEzL`Fjg$i9(wWJ=hC~?
ztK|D$ggCsEAzjIg=uxSvfrX-E`X<K8fL2g18v)VS?cSWLtb~RxauCSj^L;DPZz-XW
zxBp8DK9)gVCabmFe{qFW`1J2sBV@yhE&&_pzN`j`UR-n03A0fB#YYgKVA8d<E9deC
z)j*GbjklxqP5&02X*s6@u@Jos=(zm_>A|QvuCwU}5DIyrlm;{Dm$Ju_<9QCb%j&J3
zft!{u4z+h?g7G_2>W$NeMntY5BSorP+*Eqf<4*9wn9CFsiNUay0XfN7a8n^{j>#;R
zahwAKsRb7$B)kt4bN>&AwLkFNHSZtGe8Bi|J!VRYcWgPhOhxo0`2F@+S$qs$7NC>T
z08fx&r*tf#@SzqC2T=BZ`D=OjROdIx%F5~I^}BMV;b*qs(K)4t`SX^|58@qsimIAA
z@)5cjaJ-iJn<sIRdwyh4%qobLnX`aO9Bh{6(`)7Mjbg-}(RSeCR%ff|TQr!L<xr>x
z-n)mPPs!ed-7Pr^&v)`%*CWG+8oVV9?I;*pI|5{0W4Y6{IPUF2SqFwAbc(HsxYCGT
zcW}1Vf8J$6RkUxchA~aZ^51m9Fa6h`Oelxb&Bv+-s6SqDvm>@ESdJ={_x!hD*s$qu
zXO#{-M1S^5F$vC!tD9|C0cpSDw_w=sLBGIXKtHNC(yiLe2LwJ%Bk2(Rw6LciC1JG?
z($7Yr1YR(~fM#Om1AJ#x7_ZtI;}RCWMgD+N7a?P>Mo#)$R;9EeB`HqLe|@o+Y{65x
zD`}Z)Abh}t{pX4ab_ZmdelGTk+Z@ZPEBTA`i`}aii{~p-sZ$1Db9<#2b*pN{KGi3a
z^q+N}3<@zWV#Nt$AI0sZdqF*+LfH_~_fAXuh+V{ADWtz)*Zom8^oq<{GQLw#XW~`a
z-XCOC(!!opIsYj8gG`=_QU?+HkJ=@#$ha!N1RwrC(F8pd@?bGp?Ozsw%$5Iwkpu-k
z3GIm1%o0XrpSISn_rcR-q1FRk^$;Vh@e&&j@Rm#Trl`hfd1#IM#(D^NA%=VqwKR^f
zW+`mu#6Fi-k}SXUg%ieCp4670qJve$)5$Ox?6Xeiw`mLOwD!Y2`$ZeQ8Uf=%@b`rA
zGM0;wNZBqE<_b*xdyype6K$Qhr^~?G${H-F8|9oNuU$e3Eli#5o}XBjJ<~ugcmB$G
zL$9i`t~kY`d;KwC^OACJ4pocbjLRXy1*ryNn7?+zaS>{9?}i1#1oh(=tNyK%rwcnn
ziTvq~Yz2zgd#^(CI(o+&Gni-u&Fr{Z6>jhskR%RhaCo}Xbx|!~#IxCE&{Cq&E2VhN
zkCh)_WNO*k&O~<z+#=uxFrMJ2@U$o}mIo*-j<K+H&(ytWnEEgg&h%FDeH#k!DS)Sk
zfk2<7vors-9JKTV60%AgnU;Kp4uk}tQcbli5(FE%drgn-PUxNlEGCojGa>^sA=t}{
z%Sp~UZ~nU4{E=@Yksqs@xb3+?kfK&?=MRY9{Lh8aO^I`Jwc9<dKD3r1QxmaDH@-lb
zAK2McUx7dFs2`0@wcI-|N`=OUF57Ky+kWNQ4(YoH7&q(TSls(`ZYKs6>{%Ww=zTy?
z_u00@JZ|@7%1?lzK52PxQ?-yc?o8Z6nJL}OY<D3tompoa=uFBL-lQ(ed58U4k6x4J
zEwxS~G52d6Z8c$syNOBO*sf_klH<ZfuEfm3<WjNG!tpA@OE!2bz^eBC6GAG&2n^)s
zC(r%Vo&2^lAB;hwgRavAg-H3+03AZtkWPY!`P^VYmP<ah|6?)cmXH3mb!$mE>mvij
zqvFD*bl44b-yes@*gtWOJXYO*f-1I=FUIyn@{2VQ4(-zu5rvKARJaUTXsJ9#7-beJ
z3pvJ#`1--BI^#RcossdT4|!7lNNf~ce#*|NOIFSQoYLgKVGD~qVft}w5ZgkO(cy13
zNiDSg>RHd9BAVg|sxAEX5~w*Hc%$To;`bPOb?h((<!fan$OzsE*CpV7klr2+o=apP
zL{EPbAbQHDq_P#Fl9LwE2qL(+f2Q=-wZc(k7m_vAcO$Z+*K`Y=!Lr5SCU}Fi)E=(x
zh^*U4&p@sfVb_zzLO<62G{LQ^SH3CKVVCu@p&)9pAnOgbmPAMDHB>6prOH>|7EJOs
zdlmy9u3QhQ%QtsKDPdjt_=QT!+yS7R7wnN3%dlRDXpR=X$6}bE7vH-Ou_l)n+UvY;
z9QjzI=iW$rocdSHt+uuvAJtf5n;om0inI#&o?TPM>D;j_;nl$1&ok!h4-s`U{Et7r
z!X$b!>rT)^>2<*@P+JxvX;Kx0Qoq(IeH~N}z|F0{wN0CQ8=*vfEVuK@4^x~C>9^lt
zxUGxjtt9L`_S)s-jprltLT@MByQ>d~v*u87v@IGWF;5J4qrXu|w4JYntxZ`H-!l)B
zQv8%R6SLV?Am{=re3nMpx*9F1964Q)7sqQTla?3ZBFtlQI+p6HBR#_51Ec{>fvx3?
zcu)1lNm5H*zYLj2XxWq0vzJP_+w+E#sx)m=OshG_UPxIr@e}P@Db+M}ymH!(;d+iK
zj`WOzOE_dH6V|d=8u)a`8vB)9FILogfMOQ6gICi0PUbgX8>?1tYhHU=4bEz*qfrwS
zj)B9>u&pswN!T2N7Ks&sg9L^6nl-z(_3Ii!NPjGvINsRTsyJ(t?7Q>*4E3_F3W{#b
z*6FBItjaNr9u;oB$BZ7f^E}96fAJ|HC`p2QvLTSxrw^&^9?kbG`b=B;cQ*5p+6JsL
zU#_8xh0pI(m)N+h#|+S<EKN{vRT^P2jo129WLb`hgbpS*UH6bSC}w>u!8G>y)#v5u
zGOV7{i5n#A$E<9VOHrJ&ccb_nGTX>dSv3x~K48#?37S1vzkP4Q=|0XuYOb~}Uw41A
z^<idZ*{;Tt(qe?7Zsg}4d)X}B#0Gr<nRxo$Fk_Dx4Xd1!SE!XVp;hm1BodyMB{$vb
zDrt#qrV5Rp0MPG!b^dmkrMH%EkDCaD&2i8zVwd2!%|E+;AtjqJ6xWWN;UGX%#J;fG
ziBB7$;tuQz&E?&oz63TxULe<WROy?jL~UU1rR<kg9E=DhW9pBW=3=B!-Dk9C@tEuv
z5gKqGUNss**nNwZ`B20EEtN^|g5~~(hKye*HqN__u*G<CnrBEh6!AKwj?FrQ@TCMf
zCaQ|PCZ1Ph0!S_W{S1YU@~>>Pt;ba>w5FB_f-1GJpD~>hhZtm!XZn{HI5rl?%k2ax
z9=jGmH#!I6*<%H7yF`6_K^RhMxD#F<v-wrT@_MMthvEWVR?b;+h;6e8s|qE~giABB
z*}jHbKPu-0gwkh|ab~Mk*O&3kw7dyg3Mp$*-M(X(<hb5Wk!+-EdDM52wl#&zY)OCp
z-s{2#OdnrS&ewSz=6m@*FBjk`d8Ew<F2Qzrl5VjRiVR_(Ua`&sS^HPIqig?8{7+q>
z8e#d%VnwSm%Q6?+efcr4#cJm4WQL=9S>aW&+Eb;D#>E#f{umRBfwpHsPU$QumAt39
zKk|kPDQ^3{ar#hY2m6@-^6n4u14d;2bv{Y8^a@F#6t(;vUQpQiTLol=&YfCttIDGM
z6;gq`YX4inVBYVy3P`l7;t>#UkYMbEsMlAW(Y;T+_l5DSruqXJw}`K`3U@bw#F;jQ
z0J(0RV&bCbF^RzPo%NJY=68C$UW{w8v1E4P<R4~LXsJndEd%7vsXj)}s`4S`>?K(8
zC2h$nJ)EAIl9MMbLd!eN7T=KmMYmA?8w9L3*7x-&SJQ+;`{aq=A$F#4&}MKKwRzQR
zA5XPB=x2X!U_41QDtrkD_$i#*O;_A$)jwGsi#ub7mTXLt`%NCEWN&SM6>^1JF^;f;
zHwI064t*2Td&cYf2QDU0S{2IRf5$EU$VuWK<^69tUD%gY<fLzGua%j>3e8xkD@LaW
zEza(r!nM-E%m^X&CG~l|hwca3B@ogsR@k&TRP8UB1>b5B)O|(dOMwNfy78Ski&=b=
zFVw@q0)q*RONJ)uS5zp#0{Og3U5#z<D=MO30d<S?_@GD~u*%Y_0tLNNJXrq&tEGYQ
zkUL3<#?av_-vKeJXMZl#6Syh1fhhIOzDON<_d{uy`s)NxZO3q?cqRs?u)GA!4{{i<
zG<S%8M9;d^7<BZ)3iC>L2Q9q>N=|zZQxBoq0axm~pCtayi!#y_GmjQ#*<Uc9_gl(;
zKJLq_q_(}8QBxd+&Q3l$;>hf(Z>@}luWn@-$Kr0yG_Y(Ez!rX&RMzn*Tx|Xc)MyGE
z*|Pe>?$)<vdnhA<$Q15Himl(XXv|>Uw)~4l=5MW3P+}?Aj9T%Mj2(`)`_lEOHzdr0
z)hp>IJEg&kF1kEP<WL-E=^IweF)<;B!|vSO-fWGJN2RATjK6`FOKyL=AoV{^Gk3oe
zx|P}y8h$Z!p09kpR{`wpr2Q|?IY^}{<zh!VyXoK!G1q!#z!rb=Dqqeod7hC#?*H-w
z|5c`U{~HTq*j}ko*GODhYAD0u@>;bW{}rf~Aw+8VhZMSU3Dlmdl;F`3P$W}aiKRah
zl*~}xsQS4;r!E-x(h*0ikhiy#lumjt0q_0vui<CYnS@VeKnhYn<T5c(PSx`NNdV*l
z{-7(g+F9Yp<;6esb|iNwzLIwQKWzr~|6@LOdmKtMt1>|NLz9#^QT9Vu_~$Aj^NzM%
z$=-x!H$_b#?b0M6_sps@!likXeRU_t^2Zt|ElM0dpGdWe_w;|v5$y-Hq2?tQFQzy3
z-LBcsn+YAPA0r4#AY6Ch`~@85YGu#I3j~9Xc6-8tQ{sCJ4|0a)bvZ|4iz{%pAZ^n}
zM8bGI*+XSH8H7w)aycTC9aEq29a#KkBa3yt_xAVmOaDouy5Dj0zk!Qsg*FCT;T@r`
zE(Xu@PF{UffK`1ItFDhBxqX&@0;=7ZdNueNjx=`Dji9bjW>7aL#JtpmSVO4VC~g%k
zf||H&i0(-0q`@x~azJ(6N`B&xvOmaxI=y59=O1N%A@i111+4O_tmF?epqkG`t^2C>
zoF8OBUEu!<O~BK+dLQ}#v<GN?v6&%P$Gt!IFp0?&O8x!|DMcnj>eXTlM8S+YLPk`g
z_p|?HXTV>dCI4g#1XC?znX>!ROOQycq<rkaT>&e(vu&K!F&3+0_?y^dyxB)kzA6$8
zG6nJTFvmbS-q$$qtyvSxX>K*EmW!&Bp;Z+mD&ih{^)#U=hxc&hdq!xzrRWGyIZBok
zN@7Q|f!369B@m8luVJWv)4B_%j+_}UZE1C+{4Pi)<d&{l6+2q+h@+yrT6+4KQwC{x
zU$$l6x;pol%Ir7!u@655Or=jK8)*4{gonq2CvLN|s>zU@(|$daL&C#3ISb_GTW!t(
zCT}G3L}Uc#S8kYpE=qj+AYhWV()xwJ5`C9BvZL+sYPii{t(?M{SA$xw_FVygRzD*F
z6sM}Y>+4#@t5KG1B^a4e#x7=BMrBhp9k!HdNip{}+veBhb#jtVZ?o43hEo_`gO>Y7
z8zzQqPS)J_@}ro2T)o5UR@@O*KEH8%n?(=R$pHgB!)K(&$1E{xHM;v|%95n|nP)Z0
z{Ftuo_>uE2LU^!0YXagb9IFw4zI8_!W;iAB^qT52G9}Kt{{EtaigP^c3#fjOPW^3h
zd)|%|390J>+f^7ej?o{{Pd?!0?B{C_P8^<!r!*Drwg<G55+Z*)MU;~9FR{c=b?iTg
z!zPDVNJNYPF@g<k$T@t*Pf7%aaP4S!JD&!#B;6DzbzGH9xSlCk_A32MF7s^^i7;01
zt(m}QIu@<n&%Ea{h6=MQ`W_$NcaMEccyHzddGPQ-&QkAE^d@>-z&(3TyPJ^qdq}XP
z^D5*ztI3PFao)o+sojzaYum{HbegaW#{LHbUD2AgWi<oZnuI#m>fvs*pC72+B3eAD
zqTPe}F26D?t4v0VXt#S1?b{|p5|aE<s{5I*RHi(CNdNd623^CX50Nwa@k4x^_``$j
zWd6CUZhaRg`+^qv_<oxWAe%H}f;2$Pd&5SnCO~fdLHTgWXzUk^cdBgRipiROF>T}4
zC9A}`0;h##bORLvD%#Bi8xcAUnD?J`t>0nU&90MKZ7Uq{a}Ds}T{X0d9j;TGOrEHC
zqF^-fuI;OAv5ARc+Zrygqq3r;OhJrQb5A~~tah?1ZrYIL#*Br;+s+raf&_Ju&MCt@
z+CIB3zvh6`4v5Vu6t`xz-_kACJ8$*M_uC*ic{w>z=yA|cPygE8#l~cSk08NXr>E>z
z?Cj0ZkVJfw2vM7bSP|%TT@U9?WDN?d@rz7eWoUj++(#wH;iQejb*Y0B=x5yZ9Twf=
zJYP}pD03#K7)J710;6%#?qvbIOe=$#|C#vY=LWKM1L?ZNC&hbPlrWka%x}6F^O4@%
zmB=(}NHaTA`4g5zH=y30rqDyrLgOGJ&S0#?Sm6NA8#O4{6cUnw??dm}O{NgW?%MN<
z+oMI_y#Me#H##hyfj0W#wRbzhnL*$BTMw10&nT<*>OJeBaW$ReM*=&^quU|M$9Bsa
zwRMALgC>v{_hSRlsUw84rs{XQb^4=P1y{H_aIt0YfHzqza5vt&AAYo5K<xQ}md^I^
zHCy(}B+lda;PUqs5j|%b+de&|x}QKin8e*}y=N$B`2xJ}gF+Dp-2=@;olaj=c-ne<
za2!~=c=nm;+$&_08p%{T!s`Bznpj7Qmy+actg^G2lIZD-Rpzh5iWL)eVH_X!t+gX0
zJQX-%iEik&&|OJ*^HF!SwSehEHAgKwTSy6YojbF%E+BYs0v?v+FCYA+LffaG{Z%eJ
z8U9&?*4}=px;RI^t@#;B5QV3viCK`}yCa&)9lo*deBbcLa<6^aB&3%X@@3w}KEQJ$
zO(J!Yva6cqv%ii0=(S1MPD^Yb?@n9#h0A9(Nwr{>DBq7E<}}KkvV;jQvYq-)(h!fF
zg1Aa-tlob0{5o;Ct~um~sUwEllZAB{nN<xl<dN#gunD4R@j?w@ci!H7IK6cV1YUTe
z9b7>5<c6v@Cl}zt#7@a<W*(vKmDj{S#F+1P%$uo(*QOj7Trjk{d1Yl<+J%}HA4l3z
z)oGb2<A2zrMqX$`dv8OI!+cQ}<Zel$Grq={VElNutg5^#*psz=iLj+l20=O>(qEcP
z@uZ({YG5s&EhujTMrA`N`GhlXOEb{_Vo=$E+iOAp>G>;R@tnF;Yb;tg`6}lU-wpZ(
z3_9_d`H)l0vP?zRQx|z>YT+}dGjtKpyRCOya7k6{S!q+&Sn@4nnbIW{r=)7Nbnc><
zxFgp>(k<qt!Yumi`RJY=a|L}dPD!psv$7f@tPu2coe?XYvM0KTJ)BxH2?h;!Bn8Ks
zs5h9F_&rvfyw#tl&<|+0s<CCWQjC_@Y|#<{_aYi-8<`~UqRcPNI5<qeruun7ealMW
z?e0C{^>~J_6UN@R!)i;0a&<ktdx8zZH+7)pM0P%(PQ<G4PR}QK#{1IsbzCdvv@1lW
zhA*ViVEkITab@&t7_$NQ9w&8~Vtg#Ac;-&J)6y?ryYpzwugKoo-PD#;gGkQ)jzEVU
z&ipgP6J6V$Gp$yov5e@(c7~Uw7f&WR2_v3+Tyx}Md>W?UF<yIoL>{AvxH<Z~K`N&)
zg6+6&uFJDnAimxv%I+li2|5raG=Cj2d{A+aOS~JmSyub-R4Vq1tX9FJ;)f+9?}~Y-
zm~{+wZ6-3z9YqcY#`LSJi$;9jVqRnoOvuD8-HzZV7ZjYh@B2k*%wo9O2cegh@o{y^
zTXDfR(WRb;&}0wG*zU(L59ky12jvdf6PP{vRAnB-5Ry*o$v`5Fa$}PQ@cg1|Fnn-f
zBX9vV7+RFKSCfO@_Kn(Wsvn7+Hqla9u2AIa{2<&BngXoKWO=|47W1X$p?q@jwDIsQ
zIw%!g#l!S2Gc^&pr?$GJ=KeaJ*_*?(13uIBHXl5_y$s_^k}iR=ezLq9a<VB)i0LQ&
zg?&T2C>|AZ7_kD9lo6`jDS7CW;Vn_U*2^cW7j9_z{hhmrIy0Q~x%_Z;tk;fg)mS7)
zl@%uftRHOeV5^4VY>?h`j>454s2H}lr+4iy?R7;hp>@9{(k3<0QQ*ct!H<l+P~@X#
z9e$m4$P&FCTw2U(UdWIO$CJ;arUD^P101(QcGQi&+1q5ropGq@Sg_wEceS?XIzm;W
zyHid?C55V;Fm14|j%y1d-ZQsGt(P{&TMzZ(Zt2O}v+A4q6mhue+*=@J7xLZF;p<ry
z0u35KyTUbC39GVgD4}MD&kPa`BjqiewiYk4Pa5J<kH{YWMYr{*>ad!a;e+C*Fh#bj
zBZUwQuz;XZJrI+1{pW6Z{8|A0NAW*ZC{@ubr{UV*kv7iBH|pl<<oEq3HPV09eF9@g
zm1Um(B`VsII%VIb<iM<?j`$^d$P4Z_Mz8&qVHLkb!#`#pCGO$tV!lzU|0U`hD)wpm
zZQ6`#T6U$s;qyw`8ULQDX7T@^mlkz{mt`8gE==2Lp(arx@71bJA_UJ@;d(EV2B??W
zB6A_0?&qwv<_O;n=r(A1y`u_k>>PqFPqiX0>MsETZEq%W^TRr#nzL}Fv`;k%LVeI(
zg6N^x(I)6PGEZ#QbX{z38wA??rY`|l`lz&6+4tJ%39nFs#p&<G2dO7V;GN=n`%9o%
z=@P)=(7FUty(!KPFM)G4@(%HfqM$9r{D4If=p8L6t^o9tR2zPA21PK3A8UE_oS%VE
z-gE`%Tp{OB8F$l%!~KXn{oiS>RB;5<de*zX@_?8n?z=mT-RB{D>@H)v2Y-YS$~7Ec
znf=1F63c8eFJ9}1WqiscS2qBO|GcZL1f(EGw;9f|GIEwdCuE*tle{midm#igpywH}
zK~~~D-5nkJWJ8zUW<vUEUpVfTS9Y7{_MjK$O>%#TXG@ujYyJ)Tmb)BxK0oD<%fO{6
zt#KsWd^Vqyl=`&{F^T)K3>P=CS>r=Zd6WcJNcvZ<-4DW~J|k#-MRBKRpex5P`}Na<
z`<N`S9a^_TFS~e(U=(g)uSS&T@>REV1v&>d?;`L*ywtW)ULv}^58t(F>I75=N;`E;
zH%gt|Ijhap1`WuE75A7A-4NBuBKS(m+_m7yc~+c(&Me+z=BjUB0`uMVQwA64YO)sM
z;9XzfS8C3G7%#MMt>0ysgnmjry;B%fRZkAKGSwBa3tchF6T2n&5xR9CLb2dUhOea8
z+7LuAdW^Zo;!$Ljq^JG*MJUYxWk}@hz{ZcC@6d+fqSea4M<&H*y*srubtj|>&7@$Q
z$b{j6r7rCvB9_kH=k;LI@6!Y=rEjWi9~<<*Ye*pktJTS^qea4o9AjIohh=Z~;F2c#
z!2FUywvu*&P4AcdthAn`N2lC8a*Rz;z&z{x@LtYx|LLZ4`WjZkS7`82lJ|KJd0K4@
z>ujIPG4ESWNbUZuTVmt!FDW7jy1VnhZ5VuKgbXHGbf)tjHkw`M+e2^MYd9oehHsl*
zSR#ya{Z+@5V^?cynD{FYtIGpVWX$MZ(I!QC_v(-vPWf<vlO$B?0-X1UR{OGh^`LvR
zot+%;h8P8+TmO}=t0=#3p$1|ZH+2bADi`!f|9PsZzs^@aIw`T!;7h=z?`{!<`hzKU
z#!W9gIc3f~0b=?XPlx`=)mZ1QkxAO}l`hAIg^<BD#%qk5wzKhzF!Vkd0B7wP57M{W
z(`0${eH-LG8{x(_L*o^m^aM;v%l92amf%Vc2!<7lr455vXEfhA>`=aX*z)DQQW!2n
zq@tXT$5uv_G_}?OAp9OMLw?7Qn``mIY8Mmqm9(=oz0HAm&YY=T|CCLdA=b3v;3P;b
z>p7^E=lplo982fkmjJcz@L4-Jk727U$va~_$C4}5v4RrM#Ks7ejw8EaprD@%0@gHb
z7HP08QIrzPoT=5t(4fWUTxjh=M|;hBpqzc)8evpB9sHsTm#Hh1v@5fx3N0ZYLdc{b
zXQmUVK45DSE2ndoqi-BfEEq4Bsw}>on<lTJ6e~j;i&&jf-CZz?f8~N$6<qLElVvQX
z5Z<(o!}*vSXD$>vYG!I?FH$Uf(LbECxvE4mo=)1E7!OkzUs9oJ3QbxJc1~G(m-d><
zxqS<q2=Agl9UEK%6vW|Y;A*=uxDvBmkB#>{Au#5?^aI@7llqog%*r(%n={>_i#`gm
zZV=nmN{QT4{H@i8o5Al~MpTb9Z-MOO0-aU-ZLgt_^ZAY0hX%=Son2^(bjN;{_FR{P
zP{kxP4!(`XjItCffr~A}2J;xN6&<=}pYLe@rxMT$W`ZiDh;t7JME-+9g1n0sett;c
zNPo^d%=*!x`n_fg#8*&dn!=*~OG@g$AO(Fcfblx@gL>JhU(8khQxLt(UmX|}p&py=
z@DG3C$IY;Q%`kG__`REWYqw+oZ}{$VxQc!xxTjiw7TYHV?bl`Mk74cE&Z>i99k6-m
ztgQzFBGBN3NdR=cD0R+OgaUd1wgydGK<`I$%r>nqZmJq2zbh^Fn?j&z6j=;G3n(Uz
zeOJ7=UcakskDv}e*3k!@xV;-j$jXEMj6h2(DN~4J{rB=uw=V(lqVqS2m%z((1mSQ1
zbcGKz4~mBF;Dh#8qe{B=ziR^{xZ{`2q@Lb@E@VufLqM~vpDp^yqyNk2QJz;^iz3G8
z=%-i#<+a;LyI)9g;zbu506!OSl7nvk2%*36x#O-qSjg9HwXX81HQANQ4f)+Z@(4C=
zW3KwTF~gPHAoO1wmHpowPnjA~z_5O42>72hdNPb$gObM>@_N5;m$aC7jcCg2KAOOu
zc?uPF#kVZ)m8tX8rr&)zj@6O7MBx+J3fB*?=a)9Au6$)uQDd2Tv9^nj#u8S`<*y#K
zCO;ZS_I!6#-i7F9b4ZC}bOfh}S1(&!v|W^p<4wz(Ld|=2l&M)_+6iN(XXNk58aVEZ
zWE`A)Zpi1BE!M26vF3;Pt5dL$o6Uwm%hr>2R%JWBtUW3H7`qc57xcujGQe{mxF&Oo
zDOV%NI)TCeK@chKUfUX{gZLqJp=DpwVUay;oeJ5+0`?2!_q5odwHS9%2D}0xq|{S_
zA+3J9&4IQ^50GiX+mal3BxD;ZsN_XGMY~I^ecuu4`>mh^C}zu=l!p>jch{2hN2a67
zEQC0>t#(^A``T37W@gkpNMMjLRX<5TX{QKwx)0NlOZ_NiX~&)p=ySfw2t*atmqDy9
zr83vn!<*d<m2)N<aFz+ajdh~9g#;`LSICG<aOVYnz5X@3f<B&Zx6L$Y3%`+dek8GF
za^8M@cq$10{@XZCKKMX{w7A7cE=xb`jppMqYXkQFTkRj82?wt4FO`<D^g5HL6$!Nw
z&OSzV5cU~mId#dg<xn1$d&z}^y+!w0xR~Gx^ujMKN*eoQb8Ip~5Y3Av#0xJ0R(&@!
zRJd(_y{+jz6&6zj`vS0FKAZ*7tV~u>awKSavRT#LW{y?MUu1j~JT*U^DXIr?j!jGD
zk`R7D^_<l$Ts(y-2KCo+!+%Bmw$7Bi)t!f(FFsR6aMHTmquf(!r|G1Tp&@h=G!yCO
VhdsTzvia`{hre<tBz8Ia{{co1o#Oxi

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/webui/index.jpg b/docs/wiki/images/webui/index.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..33f0dedea27a616aae148b172ec064159df1374b
GIT binary patch
literal 27513
zcmeIa1zc3y8aKRY0a1w&kS^&C=}>7AhHj+0K}sA&KpByglu$ytq(e$tkPZQZ?rvt7
z`L@S<&b`O)*17M!_xFAGb@(mzn!Q*4_p_e$)Ee{z`YUirML}5sz`(!&?tp&)dgju;
zysy0t0H~<}8~^~E1F$h908B7<0sNx!*dD+J^B7=WKPC0s6`%%yO9QLa03LYnJosH2
zOaS#N`0w1e+|SQX1b!m$6M>%y{6yd<0{=H6pnTWdg<iql$==P)^)3M5L}C3RPmqCf
z!|N#Q-|}@a(ZA%eL_`4~Cg#uiKg$;9lE2~iQ?~fOk&1rK`6mKD5%`I~PXvA<@Mi=B
z`1nP{`Gmyz1?l<3#QB89g{}dA?H&Lq19t&)zy+WO6aag`2~2L_pDTFxo7IDm-p<R*
zO`Mn4#goU}%GJV}$I{iA*Vo*Qm!F4^7m$?kbu+hgwDzL6u(q{#kz(DdZ(^mlw~}Jj
z6ISC>bGu<}XRqY%VXftVTiep#(NfHcRYsbKK+;#-*V)b4+RL2Y*V)O%Q`}dI@t4-c
z!Th(|yo}P49#%Hunl}~xR08}a#rUVO`1ttn_z3d2df4*vi;0Qx@(J(?2ylZXxIO(`
zyv%*MT|Alo)WA(^PfHJbH!piv7y54vnp?Pfdr2{Rd)r%y+nC!3TUc2Mb6c1TT5<F9
zTbXm4TM6=WTL}tUT@&UP6|mvAVEj|}R+hi@?&j^`^h@7Xmb}(Z*3Q;0UY;Nt{Jf03
z-v|Bg>Jx<Mw@&{m{NNnHGU7Kptj)cwZ-Pns+bibg6XNC<)c*Cg^N3s%mgN1RoFwlz
zF#cko|K5@RQ)o#`T3L!)ejB^1$M^2Ftlj_5-nNsy^zVe~@6!bDe$RmIgT#lAk1xsl
zmtFtAvH0Z<NPA$t-zXKVN&jE?{Osfpf&3G$pK$#l1pZLrpVajeu0MppA1eHly8eF#
z*Po?bYZp+&^#NsB^b~Ldz{A18#lgnI#lby?hj)&Em=KgP2p|_PohPP%T%n|ZP>@s6
zvNBN7u+WfGF!C_6u(5M;abBV473Ad*VCCTC_|^yp-nnxG_ylBxgk&7l6x1Al_=9c+
zh|ghKV7$k|U<5FUF|dd+&}{%6=##_&y_nw|nSc6VU}9n8;NqRbCm;k1R9*rwF|e>O
zv9WM)ut66lMj-ecz$V5aVc?g;C54*fF}jlpJdA#Ij_G<?3q*5pn_1ApBM6`1GC2k1
z6_%^4Z0sCD!Xnp1#l&yilvhwxQdZH@*3s3|H!!rcvbM3cvv=_H^1kci>*xO{I3)D(
zlQ4Kp?DM$zgv6xejLfX;*EzX)`ESZADyyn%YU^6xwY7J2c6Ij*4UdeDjZb`>oSB`Q
zUszmPURmAQ-P=DnJUTu({WdQQ0PFj-ew*13^CAZ4g^7)gg^l-ZUKp4@V8SBC#$n*c
zC6R;TnY)uR3OqbVc0Kx4SqnaspyoEj!efx&GPBSO%g(o{{W7zEZel_I(#(FF*q`S$
z37p5m0AC&!F(3o%8M0;6MYv_a*?_;AiVat;`S|j;>A)JM35K7(!=r1gK@!7?yoX!H
z^GhgFAm!BDc=ml}TgY$%&ev!l*k+1uExUgP1tCkLpg8O6?$6|Q+MQN0y3fkxSx9<!
zvAR3u0CIm#zM&E){Jurx>}`j~Dzm9#!*`R*RyB)mSNP?13(u25<!v0upt6*r)B_mu
zc1Csy3G^cU-0D7a`$ZH;zM8X*7S=)CdiJkn5XcDZ#)qP$8Mb;A{}aa(>I29y-T5iY
zuwTYtYIdHFuBHa><M`=V%=<ESvxFVK2=AcSYT?FPEg40h?0xR0yeH;7TbS2TnN4BA
zv*#2X$<c*a_NjgH!y$ue*pWe1@;|g_TxNZVndrm<$#Z^bdK<&7v;<+B-c!OF%7k^4
za9$n3311JzBNq0iYr4@}ko<K;LhRGGp=>~gszaTdLhTjD>1K3ZZ};X4Vy}Mg<=5k?
zCxzTMN_r>OqBfQGIWN&m=jjW=7dH^cNs1-VlTrVf=hnXrC3r?ta==GUo=iI)L<IQb
zNftW_k9h!VHf$-*GE7y18sN+su3#&YjhV-{-j}+Zp1Bg#GcEZ@P;?#*c=_w523{q^
zpkUF=s7FSI^$Gfo#%9Y+N+HldGXY!1+eb^7aJHA2<&{KN2uHad$n)A@m5f!`6|QQ9
z=<oKKP(e#HgHKlK1%qp=;)g8B)+!&*J8*0Wb4&4Vz|)vbp>K&i2%R}i0#g|Ft~pO_
znQ=dD=?Px1RJYvnSnr^yQ+uz>jRty+RFz#>iLckP=B;z)mkx2SYg7Bh9Nnes$sS&3
zDy<@Z`JUF~t(sAZE#AXtWZ6>ICv<{IHp6Y*!&w^_`%l+FjQk%5e?y9a^6M@qljeYB
z4X&yzQv%}c3nZrnyrYsrH<D{`@NwJdJN2~KvgU58b|z-H&hxL2CSRDCR=y^zIX`&u
z3;hQ2#!&5hPQ|x%`dZ=XiKhf7P6{Mm4hZ3*LuoXCm#En`;B6ZJrR#orj#{p2l}sGo
zXU_pW9qSyUiPsFbs(qx?)SR7Z3JJ+LL(IlMXP3b6gF<k83Y&@|qk08Z5^F`<Cu!<W
zL&%_}59h%DvP9N;n#Hf4A7FbI(x}T)-5O)U%Zo&EzRajyn^_qLM?4<Vq1)P@{NlvR
zHa$wN<?Eoyg{JJF*Sk0^bZcZV@uh<K9Ws{dIn0p*rM@*5D;!ZL#l379@Fj^~UfQ=8
z_s^zEFG7Czz(vuXn}P>Y1sruH7v3$byg+o#kKZ>_)-Eo2GqUS>@5Za(*oZClCKN`I
zJel5DdK!**BgHnPGpwTOZRnvW#EQN0d2G9f&U!k5%)DkSs?q3#V6Xhj-m4pFFUFQi
zo}1@clu3WcuPf)1nb9zX4QO6Od>!Md-`>(6<W8RV^KqkpUm?~Lsd-U&{J46S2n{@L
zxPEx~uxht0w<zJm?fap1B}8k{zOmOMPAqnh7MR0RzD8uOm}+%c=C%sw8?>kGzJJpo
zuWY_zqUMjv>G#rI3a^;hFS-1AO19qO%UkjRz7L!i8Y5ChmDr1OI(1&JXvc}Uqz1j=
zg*qKP4H(FDdi>sVIndEGca7Mu&iHfwwTrD~Z5{hlMn!sED=q5rZ=Oz?uI>Ai=jL)P
z>=nL>MRXCV8+E8C3whk;A#o4Hd<!618b#8a41+IBUE^?KlC*^^9qd<DBmHlnX3+r0
zuHY>lV;R=+fG_*fkC>YWIs)VkOvkD}EcJP`ZQt5a$!1pI=m{V;X^h?OSkoDDE{W9$
z6;8zpVN-^{W*>(jlR|5)(wT#~dvcdQz1S(9Yx%N!btV0vSy#WX)l4_UkZ0Wg#aEBS
zK#$jSmx^QRR>nPBN;cFYvOVp3si%4dFVh^x2%c&~GH2;dC@a-Z5eaDEhH$FsG?klL
zy09*XFbia`wD1YkNq9;2CCkvJ*0Lhh@F1Zml1CySdW=#INn{?T3(rFqqk*Mk8sEzc
z(7_d9*L3x^k&Gzn@S$;NGo)$e3+`$fGp_1Q{i2bt{k(+fu7)kp+SdK<_CV6tQ=Qqq
zch41B^xSYccayrT1EytaY8f7X1^>p~06zt@^VZ7Zk)Ohr9?#(PC+x09yLR57Z1+f`
z-wrL9=^zTY<V!JQ8yP2Krn21Mo@ybnxaZ^?ELZy^^gQ0U6pY~2938FNtmx3t2a)PG
zfM5Y#($tp;U0<I>jxe3_r>HtAi+C*#0WY4csxM{@bITd<!;5Le&&A`+qZH0bt%Z$n
z-|q}$mU`H8CZXqQycG7Tt+ZF>2}F3o=K1s7y#vLjs973G_3{;#<4giLTS=nyGPuxy
zKax1#3^vVQbVaS8Y-%RgyzuY!vEX^JIF9!i>Ll-?0j8yzAnq9pgv?;F7gRoweS5~V
zdpi>)&n~mJ&=gfdRbq7vMFWh_(+_sPbm>LEKm+yn2Di4+0Ai~<MZN9I2@SXt7b_zR
zs*bh5a^b&})451-OsG4KR5}{-Fyi8ZH#K-rJzRmWHSoUT4c(_Gyf?_n&dZ$G%sl=A
z-Zm7EOO~;@FI9N?LW8GxTsD=WNx-Kxt(|Kq#TSvM3v{SQ#&Isk<IqU$9q)rSJTG%(
zrK?6JWg*Auc`jo+Iq9wwF0YXt9Tu7wute=^cc{c3u9SjQpPcUy<7a5Rfoj3pDRQXD
z>u&52VqDN=_qhSCn^;^}y<UD*DqY;`=Ep&oYzl`mlC#MWjAa6vB_j1ry__pTvE9SE
zw`{E>%GMs5iRcZHz`7t!Ytv|8S$Jm2Y<FwvluqrP%jb`$_p>f1=$c*~z=mVTk3-|U
zr0OpPwyR~WtYzDa9I`Ep;Y=0=gzuQDZ*R5JeZ2C{e%$q`M0GRs4%MN|jiI+O4dK@K
zGp|?967r>x^$>L`W!>t=3fOqs(uYO{G!Xql8x54y!uACXMt@j8X7;Mb?)x&=N{|Nr
zrG*<lC^?cq#l4~{z2mo?G$Dwgu6!J8I12kM(Kf+x{{7r0JdvFxMCOV1bGS$@)=P@)
z;*bn6=FKUBLpnU9?66Bk4cCEVNM(Hprc2a}71jf}gToSrAW9w=rci8N=5Pp^H}heM
zf?066bQo1&>D7$;whEMyXVa&M@ub8;p^QwEsj>}gl8);hX;-e9=pBq~O-|h$eavrQ
z;<8WBHjXog1~5PBuN37k@AzRdN-pbdem$a%!+o?pZd^9*TwKgUA0*16X9K^k3V1$j
zUK^^Hq5IVC__bh15U^3_#>>0fU?)>BYkmbH7AqZ-b-(seo}?PBLTvT4uRIyl%<vwd
z%Nm9T=04D!uAFhY)S>~>_q#3R_u`AG15}AP(_TX_?^JA@*?qVVE~01|c~Hi9@Q2dW
z_NTG;VcZit^wUjH{pZWscGd<=qSj)#)$hi<9P$pu_!GUuUU8_GEc%S-I1-LDRvKu5
zaNW>#T%ThR%~Q0wZ?Bn>*VpRMhjZ7IZ088cB(7=@__+TQL*UfTSj{A-_=vfwWE^C$
zn2uDBNXB0IV;Z>B2p^$dnVpcMfg=6nt+uy%dX)i2zC%6a6rPkUiT<{g?iG4M0!Sg2
z-i*82eLIyFbL`7!m!R^H&wl0xh6RDI7eBXL<eB>NQQppYTG7#ESj8=0MtnY2`?*7t
zvt*2)*<m1OU#A6w8i&VP)2j_@eeud{jzKemyJ&#?Mi~}>G2oS*`!$t^!N5WyE>vFG
z6mDOT*%9OJtm;;x1d?%KINirU%a7^TrfB09_jMtqBL!2FoD-|>EFEWD*G)=lvco*y
zJxUpWWe<Zal@FU&*Owt~mGKPoCOw;2N%!CDVJiyFHerF9wuE-*wRZP}7kPAK`W&8V
zu5P*XSKQj&=vQk?xnF4t=k$uvRpiQ=pE5VlL<6ta20O$eMqFHvo*9m~#<Y&qF7%&k
zd|g{4sOhM>$DH;2Icg8-*w;R5-;rgnd{BQTLpu4sR3~3E&y-L*+0?aU<~TKk4Bj##
zkP;+tZcEiPX_lZ6`iPyQdH#~Wo_i)zYm|##-*rZH6#8KOZlhGc|4eQnr}>JWZf>#H
z%#P0X&|)ShZR)l5orU{zD$+JG5vDRKvyyVNfr@PjgjZkDPo%HT+=jqTQ3uiT)`~dS
zgKJ;WsO?b3bCS}kl-F%kf73bc()#LA6@CgV(2Rb*Kss;MT3uOm(_k`jPNp&H4(yGT
zV{8eQP#dcQ|4F(@)SYS9u$V9Mr==Ni&Q|HdKf?ZhEn990;|@ky89zFDzHe^g9fu?z
zbPcK9%*icgOeHHh|8UkLT>O&bK&xfW<0I2D$?$iaIpN0dm3`2FU}HvYy%~wp1MZRg
zwg}ahBGJkzd_{rh(h)T!_tV5f<g<#_UhN$0HkgnX@~-4%%4?%W%FsZ1E*jX%hpV}?
z@}uhA_chd9)`nCzRky@4gWHrp%ANHN<hr=LstE3u2%&lGsh?oV!VIZ+O1B|%tjl~v
zGTmkB!}IxI$wE-vO*gv$dC?X>S~vHk08y}m1|ArUREi1X*Y>nEdCTPGYeUT>G_&%R
zdv32IIJ93W5TpuQJv}weyPAIWg5hNufztr^8uz9}-4kW3P_3288kP9ZtBwZOS{QC@
ze13cWs<gILw<BHGt{`;=MfC<l7ASJBp=^ERJr6%${YqHV^i>%J$)v3`r$+;(WT$+L
zZ&!VLAeUnh`_d{^Mo%*~*siUV%$sH8!yNR{K>rBrXjG2pt@)+d8w~sMMJ!J;AwDce
ziJf?1FDmStYLj&|5zwGksi7*fV-0WNFz;FAEF5Qzn=%c4!ja68oC(oS`B#-o1c{Tc
zbBuTg_Iu(*jl^oU+0}brefu{4^y_<mG~lf$4*}Q2(gM5Mo~q|M!?|I2FeFBJ|C!aK
z1yztCZD$=CI4H=8xEas4Q)(@BPPlpWg(~9d)n1ZI5_$7i4)~J7^LSK}OS-l_sgp%R
zSD`~@k0ks#3BI(Im13@5y|J1CZ%l3ve)KeiZp+<tp5Kdun>jMRAi-iqLgfXhY?9~Z
zKh`P3LP=X9S1Uf#zj<;md?;PsY^NZeF<fUl;j``e%U4|nU!&$U%PYA}sURF#lAoT_
zrW<xN?BMi%EyU{9TK0g6cQco<L@2MS`RS(&8pTI`4mjot)zfO*m_l~5rl}?+8@%u=
zn;-FlnqoQEm#<|)Al9W&d9u)N>ekQn6NCRG4M1{cHgLDv>NXk^?%=%;^yoW+DzZeD
zLXu45wz=hYMn5vKcr7ta9YqhhbUEsJS2bY@u~b6?@>T`<B9mUR!PQGSIuG)iX5@Ws
zQLsu^#2L7QQ<bP@yjiqq$lX&vhMH1>{Bgqwg$Cr&K*ur~2!YI`pP)vYw)V}CE^m3@
zVu>D^eKNmqAQMHV7YbWK=%Rt9LD){+ejVGQc~7L!549tIY<_KMIWy@ohve`N^?zs{
z9AAVD_0Qq`@N#~l_l<b}$7!#x5&PIFZwi+GXd=l{264NgsWT0$Zd(m0+jm&N8Ga(T
z(bBbAC_%Smc3UqAc~|2evDL)90~-b!sPce?h;~oM$3<d+vY8g&uZHas)nf>#T=y-V
zJu*WB3Z16*rU~1ephnw|z->Z3i+El|?IU#vXDcKM`e$ur|4O-r;kgpzlQGyKiTW9Y
z#oxp)r_=0&xDXAjGpC<&sN`<4JNZJ$phgtm?1DJolD}DV$qB8i%=#5Ha4I6cr?TJl
z&}>)oGi*W_4eUF4WtYy?ZdE|#?>PM<4h+%K7}@Zuca=Ugd76R|9xwesr)~);Z|mji
z<W1!Wt1QYS*}jk?)%lj@)@l#*(R1CGjr_w$ys0?z#MR1Hj~CAHh4TXPjV4w?&yG|9
z;L+s^U;Qo9{d-(VSIEn{?Q^-tUdxrm%u0Hn+R{A(&ACXW2Kw8v9=%LJJ168mVIZIX
zs9>_NwY{{}koxGoXA@Z@tuZ{Z-sc6k)C;9lb?e|%ghrQ20{t`3&jnK~JjuV(*U^+=
zzi0`g8R93f+J#(US{EmtO6JbXDkEU8zh<2`I;ekTF$ZRwYhR`hvGg!d5v8zf#!j)q
zNZHXa`{XE29JIN4Dlugn#awp6AYwZZp~hTH(x$+@y#HlS+#x$Kzs20!9{W9$@JN~=
z85XcJp6*`{ntWjM!mnWC{Rf8RZPDJZXVkiBXdwL#h7nnftWVX4Kl7E#MKAJPr%tKP
z`|7o#cFn&yy3n8{*ChMk?VO)^!z(JL`*hIjdMvYyFLeDSM7+G9@=Py(mHPkIm9tM;
z91V0mvqb~u%xGXxQ!jfw`JOjuaJbTsYE?!98Cm%ev+<n|L1nV+2`F~~-;!Q7k^n5S
zxQA*fK?9kVB|<-vxr)&Ri8O>fnJ#XNJedZ@-%I+2A98%M9OB1GT%7qI8U($RpepM(
zQ~8u-eLh<s^CC9!SVWfg)8|g9Nsj|&X)psWBW~^(Gf*p*#=y?I>%YeTdh9J)qbs}X
z8b+1>$~<xvc4duJwKM|Cd{?BKUhI5nF4IoCx)8tdP0N}vmhb~bjb;>XTIvNqXv*f|
zSfBl(r(rY#2lX_+hhj>eE`bvxHOUz3bXd})aH2osg`?4vP3Gw5sFi9QV2PE6)5rjE
zkI<DRm~r+azQM-z$kf0$68;38^$#nb#J^J;v>u-EgXARZV;f(T6(8j`>p$Sj&xVL9
z=5I8{51$Tud@cuh!Q~JX0>*HArv&*R0ac%KP}Er!q|D^U@a!{hP4CONQ`(X8sdt{V
z?-MPP1XJIznWw+XN-bLTQhEB^reueAs4eb;ZvyIuA^F)oG@w%)krDqHKkZsF#k}1I
zXsR4rpkg*l=B=?p8YR)p3uY&5mtf<sP&SdE*~;h!XhJGOw!6IWRclUpN0~^Jp_b`J
zo3wVbYP)xN_y+Ye%IT01lAIBLjkM1S9vRbCCG|}UsGHA0LdyDE1oZ3u{|^w--y^br
z^vu+LXB>6YQ3ip}ih{?y<@r6o)b=5(k_64JMd8<fWxj8Dzv>|)ucaRn!Oo~?{IY*w
zmzopq(?^qR8KoiwZ29AOOLQuZ(93rDLOLGsg;kDcWF8^!M|7^REf6N;<_kf4$a$gK
zcA3w4Ofzx^71@m6%0n|EG;00fnex=HJPsfVaIx$E=4$qXDM~d5**)Yu;L2vf`C&iU
zuiI0PXxe2mKm!xXGW*(b&}q$yZ4S1KD*oTBWxwAKycgqEV3<wwehp}#)Dg6fPOPY!
zcY1!Y%YZjea8!1lw(J)O8_u2GIn_~gmwJ+$QC?^ry}_$0!EdlYp!@-lBzWVWETkuO
zxxgDIE<K4EnrWoa>iGPwfqsOXd+XV4|B<~layq-3%h6j#cL__4x)!w_+@|z3t)c9b
zAPpqS=VUZdSQp9Id7{fHGz}Suw_Mm<N)rPO(eX6bH*9t{8~YL}ubq3xmiK5dj5R`0
zCYxb;ETdG*DBZjHBKE9=VyX$Fm&yC7*u9JHnol>>Uhh7v#3^bVpt8Kzv_9t}V=Da|
zqg>uXq*Ai|@<+^TABS}N8e-;4yUb#9Mo>CMj)KO9@|+!mg1J{kC^!PyN{!=xC6s^V
znv%XozRF$!I!N`KptA451!$$O_XArlQ7sWVUIQm6oPHJ@3n~!GIyCLvk(i+LVR`9a
zkUk2GVTE)m<vPVOV;8fveMl$Zx!u_Xk{uFBGs+QG5d!u4`>at){bdk;_!|O2dwZ_?
zn(C5#iEV0RP9kyCmQn7VloT&lpkXvG(*nF>spi5S5Iu~%6#-CU>#VY2X4((D`Hb0*
zO5|r{icD~&3lVYV_zXJ;=|YHAcff+@(n}zB;lKxRA(vgr@oOXvQ9?MW37hG%0A&GY
zD@&ph<u3iMcx3(BL4lA44n~$jn%T!q)`u|+_;x)DBVHfmD32)C^epA59Uhbs@W)#y
zpT>@*{vYbb-_cjgVLfd>h2t87xH7i>o-O>F#i-6O<N2lSoWWb?8b72JDSjLt%{OGL
zheVTuxm<*}f2FECxw)16q1S<fG+01$P=3OII51VpFtR+SK)V8Z_wr3MTXo&c^_A68
zZZeaQ|KW<+`Vf6u-#oUAbuLi)WC-~WvoFdl>pNs~@Z|4nB)cZ@i@5sM{pWr|uz>y7
zP#r5JH1L-<<fAU`WucB%6jND`npCXG41k}{{~A8Gl~Zc4=Sf$fTCryqXY!Y2zb!I>
z|L7uveBXkSi`-GAfgG7NX>B?&uDr>gH)mKXl{V(1uS=?RX??1Osf-n_In#cmwdW}+
zT8LY+hxD31!JhY!H^7vBQ)YxeUtUX$tsC9?EU)IGCVoc%7U+$zXQ;EY4D!PieKs$T
zqw}O+a;avCqVP;rzV>ZEiXVwz4!<(jv&2w5&}*|Qju;s?v^pZs&{p+L5s3DrdecQ_
zN&kTF6Mr|7eVJPoKR+w{vq|MUh3w`yZHPr}*IM*&4Q8CMqrue(K7C4V)Brv;4jQ1_
z&R=`2ewLfS!2Pu?Bu$_4VVvJgEX8R`TAaS`eRERY<fOgr9M&g%3SWvThA6$(+}3&M
zQ##;9Tn`l(yTB1X@NiGjewN=_KFtte5<e%<_pnUi)4N7>+Mt5|921LOLYrVYUyt7T
z%}9FAJC=A4I~h|Zm1Cq7SlvjL*{+Lm24khSX<V81Zp>lnD6Hz3RJzn`eYX0bGYapz
zg4oJfMS=L|$&<>Pbqxsdd|3-ZQW9lm>Rr4XmBE*wcj~(?@vmIJ(~HP2+aw#M2dF(i
zCHO&LS@B*>r-98YfC4wDC@klJ?>f8et2R{L$pYjUzgUhTKL{*qeVjum99Y+$9~!tb
z4k|-sL-Fq-mKq1;ArDJ+93u}Nt>`+iTktdoiTk{+Cgp@`o~54YMwU0_kA5Pxk(XCJ
z^f@q;{(vfwA25ji^TR=}%U0UjO|~$d%=N9+3KN_p2!!|Jmr*-}#Ay+^-2ZAtF_|&m
z5iJx5$89AFKIRA_aybiswv2MF|AwXjp^iDRI&YIm0@Vo2IZGdltUv?hr-L?}8U7p>
zzvmCr4`GH}t;=cfM;kKhsES|8J>{!o&3K7WN5~Y>*`op5gN$CDu;pCoVO0N`;w0?j
znO!;I&nEiURLVE+5X?#M8-xrBlR=ft|AXq&cTU}>TLTKi(x4uqZo$Epubvz2Da3Cu
zecQa_Fw#bha<h3f$|R$JC)3VpXkkey!v#yFg)i_z076^Ou(GmZY{!M9+YNR%cdhGS
zK0+oHFwJ-waX4lW&TrhhTcT}%VScRD-pf@Mmn=d8D|m<1w6Z2k0yQ}F@5|m_Aya$o
z8~ji|d~TR>?aPXm!<Arh=bCu8b^K;+O4ji7E=)VjQL+{x>*$+L>*StOE<DaXSkp<@
zt}x2wZtLok-pDq#jF1ZSMG^tV8Tkedcawu1oEJ>i>l-rO`A51DsnUFEDF0@j*v<JY
z?`Cj6<H6O8g4eHX8O&*>FX;G`8ep`Z9;`qo9paD5TDPNawmdl*U+C0O@cdF`hq(a3
z_8E)GY|zuF>pc2sh0QxY^eSENO=w@Se6MClAvu3nPV7|4oGiIr{_N=&l5(XmYW?14
zj2rV-v<=={aQC;Bm$*6>iAe)Lo_}P2O4mGqJ)*^!%sxjV$Efl+lL_<UEc^a17N38H
zOMmCewkD2uFZ%?IEqcUKn@d)S_20Uq3x^e&<-WA;Vas^)-&p?Nbr^&Eak@3Up?rz3
zb$J8mG@+U%vJcWiB0$DJRUg`lF@njd3x9LL&CvLrC(g(hyAbN$HaUvu44#jaR7Ta<
z5624S90s~`5*cf(v;^tIWSQLNL@6}X<=UMG6;<(!Qa<GycjwyoGi&CCHy)3TzmGWo
z>MOO?-WSmv{jBB{KH-YhvFx_&Oa|=@de4ES5j}bNi`twN;#`_jeGXScwLjUAUKM=M
z5=MXO7BKqaMZk+s#_J!cb$2$jgjnJ}p3X%NxF08vX1wsZqARwhQ(KYzenX>o&33Wb
zN-3!t6So!U?!cAKNHr%L0NIpK>8(Wj(Z})1ntdJa0|EO*r|eQ1g`Q(op4qP>@(A0O
z-{47{n^2)`Oqor%Rmrpt?K_+iE)`P<(G?P<M@}io9kNQTz07!A)M<&?I;8(<5azaQ
zxhL5l^{iHFeE4dCaQ4XI<*4@a1&l`Oq%PNMEF%O0108e0(fJTkj0+Z4<*X+=Zt2K#
zbLX9qyM1MEaq@1SgJ+r7y5}ir&YH~P>iLS0PfpLs_S2?1zRq|GpVVKPhnsEK^Yk^8
zxKy(<m~qWVa$*F{v10G9ooF~`CC^+nvcF6zj1vcq3IeVZ5>GMPCNHyPx~>f)gW8FB
zSmCN?%UxGil05jMWao8G*|L5!xc{p9{*5bU>W3s(@7yU<mD-pu5`lZeGPf)Je%Y$*
zyHRELGae>@7Ok$*A9ZWfgx|Bcd<nP_Ee>ek>|prSwDfzse#6l3Ekx{2qMHF5WKex7
z969kaH(Az*Q7N*qAog|GX7z$XCu;3JXd1fLTBdFZ`t_SQL}ZSPb_<?EdoTaKgji6!
zROHzhGIs(Ed~)q6hAQ&u=YT;LbzkDB=nzFGIz4QQgk*=`YG;0LsaBr4#Ukxn2ii{G
z`qE>|Oytt~Uj5m(rt%laJaOOw-)cj@w`80Vap!+wAY#M~?I%i0Lq*?E0$*!P(0^2a
zhZ>VVL#pT7i}&8G^KO198MS_|(n6Wp2joHg9(NU`nTXFz$=FLp9Kv_Dj&I)sJ-%{u
z$VYTwh?*jjRhkhEyo^N2MWTVQBB}65L4@PQk0`pu03yiTm+h3}r>G#A6I>b8)yN;J
zmPNsw%@H#1kp1Qv4FM?9bYj?mA{wCYL<4PuXaK+eNz*bD8i)d^Vb<<Y;NnK1jO{Tj
zX<bM!64vTD%X@kb4a`%Zf#YPE8L=JmGi=!Ic^FcSwnOf$^6@$vxVR@33g5-v`SL_p
z-lp*aMz<Eh9fVuuT3OZc=vxH`7Cf2{>pUW99LTVhX>aiO!rk9INWXfL{^<2TtITuu
zpg=gfKBOP4H=UB|<?F>ELAat*W!65z_OBM%-&2eQ1McdYv^~6_DowtDj#V5ROmmO>
zU4;ubh(-i%aLjpmu<KIWMmYpLV}({cQ1>zS##YRVY3<3`VXRj(?Xi<)BT_l-aetk)
zU2a^Vws0|8mZdBlH)nF{v;Aqp6Bncc9YVxz+D4)0L;FLuv<9zEmCm#k+Q^Z!75OiU
zuKjxR?o3J}&(bG5(!CFz>l?Nhsw~Iv^1~hNeO5@74zF=uVeI-~eg|TdNgDAO5BDvu
z+SNey_VENYmVLu}rJF&hp=Cvq_VQpvj%4^9;{Ae^K-^Sw$)mC`?uaCF>K<6l`YP;3
zvhhYi(LPd57gw@BsUq%Re{I?C*4W<EI^w2){33nywLFs^f4+W=KnL+PX@;pz`$GG}
zZJ8u$LocPsv#*4JV{8%QX0hMF3W6hoCg|<%#p9#Mvq4il(-S;oKqqRskkd<QIud1i
zuSrwIx`JE}N~!A$^{ETti;+FAX!33-U2DZ`X9f*8TZ4MmGvnUV>qVoLpDI&^&tBv1
zX4+286Q`V?+ZrLSF0hIwC5sh$b8e7nDn^O57OT3*eigQR4m2|tUj&y-^1HD+@pJ2{
z_|Zyrnx?|oFDIvW&mr4IS6kNATyw*U`wGYQjMU0|brM{AYg_2^n8G7JWJjPrSVhm&
z2gyINQ82*3KiDtitS6ik-WQM@*X(zC@93rtWFBWq$O36%TgO_4Q~eb+zM+}S?=6{C
z%8d#g1f-YFWk)DdbRk#vYp;z=ix;Os!kVfuZjVWOYzJPH9%VkNs%jzX>*afl2vx@1
zJhd&d>a={iZ|S^SoV0+ouzlhF*7#)ZJ4Z=e@;Zc*d$&26Wmh%HC0U8+hYCz3r3Wi&
z*=P4!H@}Q0oTO489me-nEv{1B#%PPdSsN}H7-k;XAR$a5@m)j+kjF8)_11tsoKFAF
zD*?>q98<krbsAyk^9gOacjw*HQV5(5HH$L1L_Y9mDH9Vs-ZFP<GHnR77tT3YLdm{B
zHJUBDOn#aC{L0aOE*7|~<ECO;)~UkORG!4_>+&_)f-*W@_Ih9-XL@aA8VaH&J!WJB
zZ<&D!2+}HdT(T{>(KVN>TeY{rL(7ocEilndQaHADB|NgWmEAJBLqJB{nO<$#OJn+m
zM|RO-gpTgyEhh@Bl}`Wom*wg_9oSRlP7We-6tg*5`**MS=z*SvsMd0CDNBU->f|IR
zVZqAgjW>!emK22HF(xChOIwCI4~y*6CrufLf(yLpBgBrnU4^1HSZy%8=)?Cq{MyeG
zovW0;Ok%PcziZFmao@G-{iWu)#U2SZ>bY2TXEQZbvbTZPN1d%cboZ_@Ibq(W5|zY+
zVHsTMNI!%Ov4nCK)Jss6b9I@jCh<X=T@%Zt$L_dy(>#X6bFtQraBt3)rb!qaEYwC^
z3(mWFdEr)gmbJi~<kwxn?o1!owVZ=pL`3>{`oWpwh+6TA$kvtqe1n@qii<A;f;GF(
zW@5XJ@@z)AxJwu-Y8tEHi>?P6-2w&OsMXlmV?EMYZv;>5tdY@MX}{MENj9O@4=S8q
zXs`=dIy~p_Wv08eSmY2t%q-1R8hg98rf!siO4%|bmBP=VAPHy-pdj5NUKLE1DLJMa
zzq580xTI=btiO6C`!L;6T&n#kPTY+=$?$zVNn7fpu3Xmfc{PQ_p<#ulw<6g$-^dQ&
z;5_G}lZ30|4P_2p)|ZqokeBqtVh_Ffykm;`+~{pOiVt#gVu$&I_SdRu8ON@wsi1+|
zVe?Pzf<&v{KY31?@GP<#uaaBt3gN5?wf>aJw1dcD^mLE~xn|)lB~hmHiuBtKqa8&#
zhHB@p`5cz2x}&mLl61h}N-xs>8RN7fTak3;I-7K7ccQW~VtMY$$Vrwu3o{SNLV}mw
z{r%wytimd)Mo*n-`-+N6hECNu&Y4a+3r!n+f@nR-qUg0Ek>k?#{6YqLHv5r}PLWN$
zn`YX>b0e2qRoAQ=+~cb4pDVo^;qlaDIVen1Pw*rR%#^<U5o3=};O^<y3!`18^4_==
z9UWsU#XLN(;sZFJ(us^IU|>XF#X7RSzEfLQLfF-3^h^d?F~YMH)H<s($SODyas#m=
z`C?xCfFnC$=jDYDbNa*FkSkl@UZAunB=Di2_F)S&wi_>8YjLE|xj3_`=500HPl>pl
zIlpjzi2{3m36JiEaf67hTw?-4p<@;$@l0G4^0nH&T8S`8BLvT7wt0R=-LswNQI^@H
zgHi(YjXLckSLdZD16|qvIHKvug#FA@BpP_XgXmua4{pf3+nk1x*gNLm$Z7W>J0ejU
zeDjX6Iz~s8W=_nMY(&?Twd!r!=>2XVZ1P$JOK)z5L^$TO`P1{c%r1mcoasX|=6*9q
za#^3+rISl&di$JuqUo6PFuLC1x_IEzHY6`=cBnRysrvb^?-+0tr5NdR2(o`(qQ`Zj
z#>8*#zpf^g_$>L`!u?N*R*(f4F({?js-GU3o#7XZf+i#e`y<ceAhDNK@%p_4_0fbL
z`1_}06^%?ieU|Lz$?(S9+1vuNk6_gD-kc{IxNn4HL%nYTgYBr&5xZYzO!O4H5FF_}
zsM#WjBZ3DFpzgWAw%)@+=zdqF?xMBUiP^MHMiI>V3mDV;tpDu9bvyGfE0D{r=fgM=
z@Cu!h^?EdLvQrC2<#D6P{<1>GvQ(V<0?b|aw|$Z}Ss{}d{?yVvUX(KI@qUSWumv_A
zBBQi$xNP5mi-pd<x2Sqm`qkyG+R43_%vG0tpfMi4cw?_KYWrW&J8FBe?HUV|w&2cQ
zKZjiP|HsGd&UZIRyjH(I9@D(2=p8+9YgUZXJ=CscqV0}{oa9B7;lFc|=)YjCQ?naH
z?LImn1Kor&jJzj{O>wk0&G!0W95HYpvg;|zuVg_nnjE=j){~X-fN2*Ll+zqfp!1;o
zEIGcL$M*6Z@=4QDGD_Qz7}hV0%vWK<2%>1|dIsYN{0EUIziMv(==yur?_UTGaP^hm
zUG3D5SLIA9n&*S?l7-+?C4@&z6I`h)9WFc2fy~HkN3EIdlY<o6oPY+d$jmT|H7)bP
z(7;1plrU{y+y?RHh+Z%nXuVMc8!$zK4kb)8q#bzl`LQ7=1ib|b7`y3saD5`+W<cfN
zZ%rsbgm#d2L*7>%$t*s8hO>nRwpqa7)5v2b?~+qOkj%fTqJd|$eUB>?>!GHkpbBxJ
z5>!<Jz`!be*iI&jgvJpSbOb64B;Yw4#d7nXL;H!^-=N(86<Yf-_M%wp_p3mkmTy#;
zaD$d@%eB~ri8K_StM@BS(Fgps?$>#hxhcb<pye|+>Q{?YQRI100aZ~yorNV9`cG{4
zBZEP4sF?KxZg=4|oUMTQ*O;pR#Fdk(?aMAvB&z=6yrWH7gBoZl0Bu2Qr6`5ii3_H1
zwp_Mfd*!rzC$mcui>gUq<fN^V6hs3I;91ZxltnUDUIv__`?o-#ACJ&2PkvDtYV3B+
zo$PjJ9xROMW#(WaTE;Wh6EliOF$62RxK>PT7IQz)e=Pu^zmP<+MCNrN`;(yZo7&-G
z*2>{2O->I@zTw1(UaYhl@Bqt5cg9LlQ3bvOGh=VpScd1Wa`f(IpM`R<Dobn|6LHVD
znLSB|d&L|D7G1H!&~XgYy>Tu3nfdtX7Eyz{VS*9<?n4O&pvA)wW}0~*#oq8<pJ}kE
z{IlP6JcQnh`YD>X_LHAea|}C)#?mhwGo-w8d(q#k*yOaQVYKG&o!Vn;u>4s&FSXFc
zpf22tF^M(IWpf|#)I{-&Sp~OaM)J)C&*sJWjDhOAbvOMXZ|D7QkJs_QrH7W@Gle70
zIL=UEu1-UN>F++@V@uj=oYbpQ@44+;>=3B>VTjx5UQv^+jWeS0@V37te4u{ZYieaO
zposilA;5iDMT3h6Xx*1h7OV)M+aNL|yi3R6)Qwu6AIsiMvhX$$FanJ>1FkgM#j}1y
zp_CsSB~(U@lo2<h+Uxw7K2n2wMZr;r*oNN4u%$E#U6f44d!p9f7^|!NNKve{KIvSO
zKCye(Y-w}cR_Ky!oagPDJrT9!K={(hxI`vM5q1s(Mx`f&HtI);S1Y(1)VVI+KTkDV
zZ*wOE4UEPgbqcHg)$Wu{F6b`XIb4w{JdH^6YWg&3ihMa=HFV*kp=##Lfn&Y;n?CHQ
zpt5Pdkf$|samzCODsVGWlWBttW7O^}dvKY0>qe&&MxV49v23^7w!KEXw_AwS3%@&_
zBOy$1!wI2UL8IkKy^q`nR0cfE$-*%P!67%z-vVp!2u?MQ;oC2uY3#h_e!aRo@$6Az
z-Hb`DvlKV)E+W(-R%a)0;Fb)Uz)Ez4JG7-FD1q4FGW3(2WSVO{l}*P1wpY%Gs-?n|
z(y*&*#ncme>&p5)$X8odM>eU8#_k4n-p?9NZ3?)`HUqr1D5n*sV^4<D+dK%Tl%2UV
ztAmE6je&X3an?q=y74;!lpE_pBNd1nSe*ETE-fGMsI_QAr%@Ddu8fv^oc&~{9N}AC
z-81EJ!86UbaD$eJXVvJb<Fji4Q&};T_YSEZNS?otLR-;wPmfD{<fy<k@wE;SMr;iQ
zo+v6VJ!iGayrDL|dr$KClgMVrr_Pew4&Jos(Yl-ZS8Hu6s}Vwq6p?=S+*cj0u;u?v
zM)EH*fl8#%a$P2#)8!{2v^n&1yST|%`G1!a{Ky&pmG2!p*N~4u<7M%?lPez!%}DEr
zq?x(*lH>?i0Wq1}tV66sa0mpyF(Vxth4aA$>|OL<A1TWNb}*M!BUyyHTm;nfWG-2z
z+MDj=7!7oiBRQqvcfLK9+1o(_5xmFHv-(_6!tX?hHq999Yv4XU+{^@ZE4pLwhZ92R
zrs^V*NZ8y{6eRt7qd%+tgydhRk_Y3J^qz;2$k3)4?M<Gmb&2oY8KV0=k#F<Gzx^Z<
z`#<e+{qB|(zqSjyb&AQB9KB==?})&sBShyBf+j7OY6zKM3x)G&@aVZw&?qkG%wJw~
zq+EJHEac}qhk?asA=oL`=}-(cexFfwC<j^0d0ZJ1?;MRE#RsifB7C$Gk-7?>tUfGn
zznjTko2mg&0adu-wlr@YoNzceJ*<Q5iE=(xecjm871q(Jh>`=S-3Q{kmf$&AMueF@
zl=$i8F@?vi_uhX9a8JHhH^E~&XcRrwT30=hOs4-TR6TWoWXW6tmD;Xt!p$5*$6;?3
zVfVgx0{{MnbCVa>Qox{S!Q3JPFW(~MVoja3QurMUuCi&tVIPXqk&W!@rSgtkudZHG
zC+RA)^&t%3<&%-F@F=b0TP`AE6f!Z_oE47Kke)Y>a?3$-bPYr1;<%fwQ)l^<-bEFv
zQywnge{Q%Y>(U_%$*sGorNCTW&rO%uvyd@W!LiAj*ALO$9KEAt4Zp#x#m>=Nua1XJ
z9E)5rcomnM0hj$XeCXeGg)ox_rp>UNiy?CgagVxRNkevsx#r;H64GPT8nelgNbY>{
z^-*mk^@!kS$vp)GF}5rRBUYvCQf<Fs5S*vE`fzugR8_cwBq`nRLe8VKwoC5)w?@=`
z1V2+{94A(7G<yjXkzx2d8~WYZ4Prd++!O!R2Ozn=G(k{=^M0zZ=b=)v40rj26|D>h
z9L|H&HnMp0nMy~8klpA6&6K_+O@J+2zf##E#Dc$_*^x550Ba9(s<wsZj3bWB1m6Ds
znWkgnCmJS=1;I)s#LI_Y28Odnm*RaFtRlTUlbV4!AKEifFv1;-P2K*~jq|ZaHv7Zo
zxw%Dbx+N_`2Q4`QBfp1?q+AaVH`x?(WU@6gg4eI*mAmJ4ViU8xdYGs(BpOD+fNhC=
zO>%Ez#i06{v*$wI%?QzP2Zf~8z1Wdh4XFGkc)CRMum6zP-}-^E|L%P(^vC}Pb;H@8

literal 0
HcmV?d00001

diff --git a/docs/wiki/images/webui/login.jpg b/docs/wiki/images/webui/login.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..08bb3c185b5449328356724f9f651079b78a9e0c
GIT binary patch
literal 27845
zcmeIa1zc6zx;H%O5)~w+1*E%kiMU7s=?3Xo(hb5=6jV|`Lb^Ldx+Mf8q`M@fLFr!W
zo9=zi-fr){_dRF7=brET?scu-V2(N0$Y(rbJpU&q$Z_N+;HrX*ybOSXf&$zJzW{Rn
z>OR!d#u5OOlmJ!$0I&gc6fpo5%v}a=6rR}t=wKcN%<Cj3eY*mb0C2T`of5zTpIrj)
zCBXzxu7iKDzvX^@ep28k1%6WCCk1{|;3ozCH&Q^}-Nc?&#^!;Iqoad60ARdC`vp%B
zfw&?2CHimq+Q^7s@@Tw501z4Zd;WK9fgS&iem}9r|3)tQIp?1g_(_4E6!=MjpA`6=
z0=(Qjf}-5~qC9-G+#;gfLZSjfz@I$>0C~V2FahiVT0jP{0Um(K5&SxUPrq3`@Mx`F
zT^&Waxa?gxP0SrkEjY~_?6^El9JzQnxw!ywh^M288O*|!*3`nv#$JNyOI;Hat&O<^
zleT~ox00i@g|&^Gx3h)1x3Y$rH_S}LoCzX{k1Ose>S^a_XW?o>>uLAE-bK_?;>Itn
zi-P%YkGXD0iaVQIimKg_`CAF_PU6Pj#^T}O!Rf)r>ELX|#Ummj!o|(Y#mmb9mf&#l
zvUfG{<gj<4|62ohEL_Z-Z5&-~9PDYoHE3e$;N~iE!_CdcT-4IUQoz*QT!6#WgwLFV
zhsWH6!^E7Ahr^tY&s<1=N0`@=$MnYEx;Hobt#?N^=Lf&^ZEnV8@xa2)!rs*dqy`Vy
z4X$4Y{jcg1B++l3{wevvIf7+GrJXHITrKW^N%Gqgb8z!>@bGE;ec3sAh4{s}ekdo-
z^^F+c4fJ0-@_&e0lH%rOqGsR5?%@1u_v#i-|97kXz((>9p!(Nof=_?VfbE0Khl7J7
z&h>rQ|B)8IJOOzRtoIwIf;DOX4WFN#{8L2!Nv@yd`ll%HPZj>jT|de7Pf_5XD*ThX
z{(nZU-_fpxJqU3<KrD-#0;B;f3=B*RbSz8^Ol&MHY+M375M$sHU%7gTfQ<M$IT<k-
zDFrnX9R(F56)D*b&Kr!(ENtv-*J-)<xLA3aSlL*=HG+bLjg5<gON56<#7ap<$@))!
zknaEjY*cfUF*KAL04f0r8UYHj4WI#ik{F;D^P3~{Zyyv?G;|D1ENmQHJg`8;RR9$Q
z4Gk3?4FdxmbYY_Sg1-ak1Q>*LJW`m~R86pMI1%waj!46%zg^l)tTynKfzQ<09|xC&
zl#Kj3<4q=J7FK=%K_OugQRzES8Cf}b1$7NgEo~iLJu`C)ODk&|TNhV1cMnf5?<Y?K
z0-rs95fmBqDmo@M?sa^6MrKxaPHtZQ+p_YC%Bt#`+LqR~_w5~>AG!vIhDS!n#wRA{
z7Z#U3FR!ewt?%sa?H?Q-9iN<jn->az_Up8Mo7oTZA^_)wijIzkj`eL`D5xG_LL)%O
zpyR<Llv2eqak_Sc_c1on?TEC}W*mAxwXejc&I7n44E*zqJKv`E%gp|<iTVGfnf*4g
z-{&<6TtY(u7Y~g9fB<`X%;~jZj_E<nz@Mg9s6D9u@~aruQ`SPU0EsGL^0wD`fu3u=
zrn`Slzyl~N?tytk0@PLY*o5b7Dv;?S`n}vkKD+Q38<#KPUyI+zEa*+`h>s<GimDR&
z^wBbCCZY8*=KX5?&5fY$+M(h?Brw)?8wq$iLqt~!0*d5~oJ3bG$qb|`L<$Zk5RA6W
z=`~@Wei>O3r2|_)s3OlQ&}*xI?7n^PQkDtz3e#>;-aww_S<s5a15HZN23-d80mJK_
zrgVt6^L=NjxGtWSbH_}td>vsWXF}KPny!6BOf?%#&pi>zXR~*>)RVz|_pJ|ib74WS
z$d>+t9bTV^=5ttl@%0L>FhMbEGsojl7A2wMi#C2$s7umgDA7F>s62js)s?r{6I1=T
zBTrgAcmb;jQ|cro2gNH|CCwCx6+3YcAv@-=D@SC*+H#F#k9<#-Ah$5C%s;;}oh)?#
zjA<X*-<<Me!aAJAJzR#nh}5!~!ttluaRLTa*ZM~d`W5ZZZiYrQU>ECEdzUu~kAF!E
zPJ50ZibB*83_yt=4-=_EfxnuFE!$gQCzW@&v1ZK%Y{g(6b=7jFG<-DOvvrDMa+^h?
z%+Hi_Y9uRGKfQ4vVC$Zj4UM-{#Ja2l6FT;KIlkt8$STOWCRXQGP_AmMiY=4qWm*{i
zq(IBfd_{F8fJjx#lISU>8X4-9dp6domn2kf$rES2r7+G5FFn;3?othUL;J-4itU#T
zQp3Tv0g7DGqu`@=2)YfUn_?&=NeYTaxu=N*f{~GFhBFc=CyBkrL#}ylSbfvaeOEeG
zStSIUOSaq0=&(3v{p*<1<!<OK+{?`Xa2MZwYN%UDX+24fv5WWB^kFroIEQ?S(3_C5
zpdP<^MQhvkJ(2ccJ5Nx#X2jRM#C*kg`%UKbpmfyN3^uGp(b9SA*f|68nImySHZzp7
zd8u)l*=60dpQEZzwWz!?T=WiO=o~6;Rm(s`!#YOmFZp3Wee@JZXpCPi59Tr6t{cm^
zAb+7(YZP=87xOSvqCqbqeXYr^dXJH&CS(sWuwVQJ$VUx9d54;T@>o;5Jg*8mJto*|
zh_%Vw<WsPP1kl6qJc}}LP|=M|Mzhj`P8lM#WZ!owEAM)kK#A0^YN$^^-N@zpMb8fN
ztTP8A%UF3|8S@*y{;(d;H({yc{1s7fP+0qALYhSjc+!m3;H>vC;gBM9Abk46k#Bg`
z!(|9+p5JcrT*TpPW!sG=GyR3tGbGT=XPq9j)0ctEoc`#aPpOv@?_nv<cXP*VIkzsm
z1RN4q-J85aTNcQ3&WxdCY!jH7rxrqR5++#JX3D5~0DpEXJxF@6_Of(S>9MAVj|s-$
z`n}wE0mrN><m7n?^B9LiRq9oJ4>GhfteL1O-az&@Q%<o<B#=Nrsjox6xVF|+aU2${
zak&R*A$!I=D#YO>EUYRH(p#|m&V~H68`(AW6CXUEw0P$PPE)Ktx!r-sZ^f#zU#M`(
zrdClkCJtfeOqVOB>ss;-d15Tq87N|SMbq@kyivAsNX$)qCEM_8Lfskud8A6SyyJFs
z<YfHi+S#7jGReVa1qOO%c(i-;lC#kzy52e44iAcDRd2TL3*;G8yLEn6DLbdm@#Cot
zB2M1bJ1v5AvLc>kNmdo<+YEG;@^9X9Cr1NP)->4Czg{^H*RwhUS36a}#z>hci?Q}@
zD?avc3AUo;;JFfq&wLRgIP=59DxMj3gW4M}Z=a6Q!BA@J183ya*`A^wet7T8a)Z6J
z+?m<jBv4KGM!mMt*C9`r_R&1Dn}c2>pB$vBE&S5!Lz=jwEtoa@4p&bvO)&>jwPz7;
zZ+6$Fv`iHVDbzOj%8=@N#;c`WR>pKPpz_6ANI4;Lb2#0PMFLU+dm|1prnU=oOscaz
zpFe(eb&RIF&iWxWTamC2PnNdpO>@qGQGt8`UyD+XtHo+gR~SqX5Wft+>NA>U0ofLp
zd+Nw}qxm!(3254m2~x-j!`Z4%{IKlBW^?nAfT+sK*iN-7)b3cci$nVTq;JDJeDYWq
zmM>vW`or;0Dd(hPqJ^|FZHkNAE1!KG(;nH1Ty_uZA|*HGC+v}M((`~|m#E#ab7MAl
zI_C^<IUe&}NV2p;Yuz)})A!n?!!39c@L}C)TpKO>p?-t@O97a$`J?2!KmpgXoWS1j
zj_~<yHygd~>}O+I&7XzkSp~lIjGiK%T`RC2n`E4?7*4g$q`Gpib(s1<rt+cEf_}+0
zTT4)IzTl;M?ka^42sOH35<*{h7(NkQk1Sw>R#C^|7Qt<~*fXCV(6jnpu`Podr00;5
zmfcAFtZeHvL+vM}MH_O}(Ym0vO;WjlHw=xcbthkQM}T%-h_wGgCKRfbXv>*D4<*vF
zO#4Nod=o4GU{Vghutfs(Eamx*?@q77oFr7|2JQy5y^&c=>cW?7ToWtE*bR(#H<9yJ
z8>D{K=1ZCe@2oIE0!AM|<{Rs)eRlqIyJ@2g3Gf+9SxZY&yrKDZw+Vu~O}oHg{jI!<
z3yiovGKM`w_Yso>w@68BcfnwWT1M{H1>e?Q2*(4Z>#QLTNZ?YqLO*25V5n(h5^{mA
z-KX8Od$k$~6c?TM`r`RIVZKOJWUK77yZ^55%{$_~^6+JaZTO2|KetBZglPGF_*Z44
z8@AjTD)}n=6i_1V{uBmFSkul5`8K10*2}YuHQo5WFAQam+`JxlyeU#x&MC5KlCG_c
zvsFA-*)d)s9`M9M$QJQk93p}K>ot?B^=L?de)Kis48Dr5a_t=F6w(<&dNu;t;p#ao
zGShknEhY8P-K~EwLw_tK+$&qSdN{fDN|BBtBf>IJ>f_*LIK9psVbhXa4HEE$Bw3#G
z?#NDU!b`u<2$6Kh$&1%|`^xT?MC3e+9YK_;xE?@m6$C#UMdWDPa7efforh(-hwL)1
z&mF9BA^c%0`KP3Ryg%eMp6?qz*=9rtKvaf7;d2xo&0BF<APGWUq*oE^boPZnpLPjK
z?y`mOEK>NKQMe9)3{Z_1u?&VE!3A52Y~r8RYUMfjVqSVFM~OB!nLip9kZySVL_?8{
z@gyPEWq`Csph1=xbEQf>CNd$9SY@FxIj7u4Qn0_GKobHBA}2HXlo&vJ>M~lal(wo@
zXw~z!EJ<!X9}-uLr**6-if(s(hvDRwYxRlOwiHcQMLpK1BK6kVS7Y8!cb<B7VVgQn
zh)||vL-bBqU%eT4l6Si(#Xe_FwInnNDoZRSFtRT^M}4de!M7!lH`ke%Ub$};`P7ZP
zSh+!V;bK~5PPzQjrRK@ojZer*I7`yI*OiN}^Cqu!E)Uxbv?~);B7sLBp7Eg8?eYvq
z+-^GTg|U_kOg!w>y9>w0(>>UU%TDsDm`TaD*l}u6S9uG{tD3O>KSitm8H)Y&Ia)zK
zXZ?k^j7l%T)UkV!-a>izqKW5QH|f@JRl`JQ_R@lOX|_xLVq+r~#{pWA!80@{iT7t|
zt}e&carpV(TW3yhpnoqx(z;MJ?z-V)yxEJmYnxF2v6?JzY7xy&j6bce(qi#M`}Kg4
zOSfauOvjE@aap3XmijsA2^H20ajU%JSb`bizzO9$1g?E~2gQCtY?VpEYT@j}5zC`R
zYUL;EVsFxe`bH{H%xv9LW~*DSsCct#gbIsvn-f`oY=A1`X+a6j?CW<gn^hR5B7t(4
zR*l3pwKK*6`S9(};!)$LW4dEm&i8HGi-Z{Kyum&HEF*q?<yiq4B!D4y<9M1)_SOiz
zRA9qUwrlTUAd{t2qCcd_O4aafP@;iR&mNtKdVHdXUQ)*kzZ*!PMLO+6&c%}tvt1rv
zK61le4prdnH^@*-$xg7dldF_eXr-5CJ<C$KoJbNf+sNDC9aJRm)19}fm-C)$i-UT-
zZLJQ!jf24Hrc*@7Sn>drh<iWxW?q2-k8sy`9*dTTH46?v=!q7ks8fqbr+YftHdpVo
zXLbzL^d87i`gpr#e&t1eo^+nzEBxM>-aXfdN?F8ek;2MDNbXaJS=^^<aUTx$i-X=Y
zYlN(3S8c4jS-#3qBwS?7j@j3vEg-obFdFL}>(0l|C*!AO{8@9gxIIeCDuG<M?)?NP
z*LU34g-6`*B}L-gJQM8UxV}g4CuVQd`X!duP>Pq-(L5><O0R~LIo6LYo%d;<Sy6R&
zZ$U7eKW604*jDv<!1<K;l64Lbsr?H;zRgT83};nyemLl1qB?!I^6(2=A}gnoyusXa
z0Rnp8NRqC+?uhAAZAsSJH2K~y{af$m8H0=SifT{E-ga8NUa~K2i?<`vZm*oGgDA)|
znuA+`4usOTF#g$OvnE=nQx(mrhwANNoMox1H&`I5zVc+arI9-MMnaCNAzyu<^-735
z-ZS<7pvY>N{>0{-TYZ49tl6>FOx25*k2uq4k${)T1>0(_rE7MPy6iCxc~IvLQPS#J
z_l{6*KEZ|{;bl%@-#7v_Dz!Fv_b~iu#3O${zBcl#k8z#{XQKI{rwVGRR5IQsscmy5
zz2taQbMARg9C4*8?&*O*pElL)_~VjQxBf0Cx0F_knKcmnP7VvmJ)jp0TT{71Gg`xz
z@Y;UG#_~bw1*@Q?JNr_pgnVX6%6l`W=iaMzG-i*wZSH5d6()Z<_pjU!b@+ff`!zC&
z7zxyE!U%&}LcRJ^_%9b~k;Jg3l;t*kqB?!!cIhc^@>7qjV%9$Ono>y3!yH$8sGa_C
z3>IL}K9Hihq&=Y8lRIp5RNEKw-aIazbAOC?cWzs7HDA79TzKI#)>x2w{`li47n)D7
zs;R-b*S;&U2L`v@m*6g(s=9o~fgiaa77eDDJU$(TE;qQj;&z<9l8DXwra_wAjvtsg
zp*nt;LaMt#tvQ1PVwT(UiexRbg|WRFYPm*hY#40Jts;W?C?kD_T$0PRKQ1__w<+vS
zl^*I)Vz5(k;OoykVz?@c?phorKSl!8;i7=;YfDgU7|ak0KfLpGclm{94>7xiq(TbQ
z`2OVv=3>!q-P$q~X|D(*;I?6Tg<$f-W8Qk%CUW9^4VUZ0B*lF_$34nQLFpGGJ@rkU
z<LP<DMW(GcK0~erQD~K_MmeWE?sYr!*5Bi*-)k&*-cUm`-TlgSLuc<eY?S9Y@n^_g
z-1df1&JyRsDSE_$lR<RZb)vD_?elP1{K$m@h?jE-WLH4I&Pi1d?`C)Mb*ZT}gLx4V
z@p$Hvq&8Eg=dt{K<;|bgOjvf+PZ~k&qs=q^SGCxm_5QjA;3w^Vr=43P>Q~~v(2{Ia
zhqn{@C@U&eP7M2+)D3>oYa3sgT1{j&E;N#t6v>dlr0YYRd*TG%<4fzDI7pz<2?>OH
zTUfA&#WNIo<(xB@TtWhUheb#Lo{j_-UEwW3U;ECHfbHDTDHlS>C>F|Tsm&@rgdoxm
zgs+@wA%Ug=_)aZk9_nd@fLA!2U63LHiW0^2FiXnZJ(XisBXT5=vZaqe0#GE-z6xS<
z;`x*l#7NVZedBZc2F@UnIOmMsAL?iP(ENTa^Rh`-IR6i|!+&gkV{kR&^|PPD`{UyL
zq~8A^-pjRbM7LJ5Z|PPaHcg;myQ?}(<4CNsVUz)->=9AjRe8?O)`t&^y>66>m4tKF
zePpOY_pFpS!6<rX;MUGa8X89V64TsKq;~vhfrk0M$v4BCDwGKLTSEELgxa(uQ;!7R
zL?MCI+>ODFUP%miXQ&qvFkwOh1FB<LqrB6TVj!kd<Ngbp%b(lk|D(2p_O4MB33TpR
zA%XkDV83s*<F&KS-H<@Uav!2O4+&(Lm+%)YmWEV;N>rSG5OXT(-_jM|V-QH)5Lmf*
zngSj=vPQ8+HecBgcVK;II1ofoSOaHi%<{lEsJce{pTH@3d~%anmRzZFAHyau-3t!^
zDXWDf$@Mk6B&&+(j|BGgQ`HE|+>e~DDujl%ToxRkE4m&p-xlK6S?5`MFE5yp<{8ht
zb+g*jVwM~YKkP~>1HrK-V_GZg&@${b(|}|X1oCdIZg{?|v7#c{oY#;?gB24~!mFSn
zIN#V{a>HA*oOgj`=4ooK*rSezaMqyZvwOn=d9GVG%_|ixFnt1VtuUnmJMwH9R=P53
zDz#b%+K5V_)nXeiw_p`Qowc!{4t6zrNn07xUJ4b}aeuLUW2Y5kFSuN%L>7biHBH#s
zDZ0p3&}tZt_S0KV+q`pprdD7{9K?^Ud~zo|AM-aTyVmJ0auKy~KQ${w3u~`h706Ll
zlHf3XrB_I}am^<GElyg9T+gjZSt^k}xI&%5=h*XCRMLnB&<bafTj(HAq_vBf#H-#~
ztV(*8Jb-y$jG6LsN7M$iI5zDmY;vt&eXw*`RmWR0&G(|nEz8zEN)h)3p@m`HtJB9F
zPWrDXhT`LE!PSjO{f<HZ&ZysCQ9c<{!I!*1OVArz`04~(FWVsEN9NJm8E@AI*ZZ#2
zcjhUq#&cYdqpt5ET2zogdPa$23IC7GqtoqTy$M1Mxt8yE?C-qx{q?ew+Zum^?fRHu
zL=2YQ=->&Qb50pUbB8l4b6pE!RX*k6ONUCs;{0x9>{MHwpTI!&?E*tIq;{RmPbQ<P
zw7lGOwDL`h3VH{b0YYPcaD_cj!=`1uuMzYsnW3r4(~mwBjjCMJrkj$`N4ps_y1+s4
z-rL`}I#6upEtD;hrQMlts$|WODCTQ7t2{eTeMDjgufO)HkJil$j+w?Rrm6D7;r$7K
zr_ix5^qQ~OkV;M-G0U#cM(y5&zFJm$mR+vr)Lngf^gQgB<fPFId7r2ctnPxu83RRp
zvCVk^Z_6m`!h3dKM=-_0GNe>ymEd)_F$k&+QKwp>>OWk9v4w~Qpd_sO3{*6l=HMvR
zG%c%aYjKw}Ej=89Y&<~%H;V%^V4iyOR@P>Gv@M+)_Ntq<3WkKDX;|d)M;_;d7nhy8
z5ek>nKxMxh3A`Pu=RyKB-W?adDI5C14ye=o8<$Ki$!t(V+q|!h#;|$bx8jzjw3M#t
zVx|bs>(IOQwkkR#1Da=ap?@|IV1oo0QI8M}q$fqL0%TPI_SfA4dHC>)XjQAj?;hka
zuSR4E3mf-NgQtK@+IJj*@+Wz$#}9uvcS;nGH$Wp@Z_33JbtEA3!N^9x!;IV><Px6m
zbzSPSKb|}FL!Y$IpO2*+62dQtsk{x%IC?YQs6vV9K_>qTzKegXjyT?8$$7XS{19K|
zf`ZX2%iFla_=Nfa64<<+aw@2>r!Xr<*6o-c#PS@Z1@QNDH22tem);0IE{_EEHQd(R
zmQ#L|3*`28RQ^HCd1R^@OCk}C<&(u~_D1Qs11hgLzg=XR4H}@T>0$S3yn{g5l;(Uu
zEE6Ph`|~<$D3NnO_ps)5=FfPsx%vF6U8G#98rB*A>S}t^=PPSkwnk6D9j`|IZ#g2m
z91x|A*$K+<gU|y3b=8-x*@g-YY9uBfs8F`K;jBYx81ZaGwjOpci8j0|QPvsW)uw|c
z(t?*gKkXzgr$-`o@j?}rnPmJ)LhEZ#82k%finJW;i;w8*Uvu#bYOfvPqKiCPyy_)r
z!CRQ);*TP}f>x4N6w&+Fj4Xd*lp&l#0)-HTGEETvkJ4o6=Ei(ZO%Gy~@g)6$XZD-I
zns&t}kifVAWdA|*a&)~rPt5%P4VK_d0K0a`%lA%nR?3=wk8UZ?5R#rt>ntO7VY~Rt
zPuZhM*nDB3*YecaJ0n?Nq{~p4zv~b;cjRd%&tn`+jS(xibmZJ=LU(!ubWo4D2YC=`
zu_$J>@_X3!(vo`4`3t{83zNuSUHFe!;~&K&KbAw)haWrxS*)Vzv~|BgfN;9}o1ExF
z{qb-xirpDQ$R<F}Fmn*0k@bUBVeP!%P9D?m_r1i?9}fqwoOdNB1SOD71|)FGD!O0W
zuAd-#|J!QF^t17ZhYb2AN$6#zCyf_E4_yyzB|jz?sSQBKbqT&b4=>9p&?r}RC%I#6
zrJ|LwxwbySL1Y*ZK{_!sl6xlVU7-jiH8KC+P?6_`h6wq&&A#fbmLTTL|Nf(#`L%_+
zDWe6-a{y(0u{z`7+#YBzV?+YDwg>Rj)wxrG9IdCACrvAL2t@>uLjuC5X{ia^IPZjd
zk$}Y9uJPCJsxYUb{a*jK0^lkATmEO^{}-r%LmR0AF{^RZNWQg*?(J(kqW%N{Aw|?w
z?djFrJ7W2!8S(u)w3pW#BS>H)1HLK~9d{$fnOMU-(h<lsDnSB<6iDDUe`H%!%Z@@?
z#Bc%2HomPCSwjUI1zwy&mlOFOCgtfBJ#`;j^vvlNbS6T-uMbm<6$<$!_+{<=N8G1)
ztOFN!6IaGk+MlG`^l(a58W>V`@6p7qNY=Zo$@mYKa~AbPq$c0k<y<mcWS6+L&646!
zwtKh9_DMJXo2EFPx*^F5!Zi{+@oOA!UvLbWTQPk$R`F|Chiu|=ZDvnx27e|OZ>dZ8
z;=Ll0lWNPE<%B2mrm*z2mM2*|nLS#svXdThRIW{Bgm8TrhJIi?1}Dzia*lmcfnL}*
z_Zsc@$L3$jQ(>L^ab37LELS+^HG?2C7zr3mofH}T8^s-;gm=@0tHTBMP+t42h2_MX
zJX0xlS@jeJ@!;_74$yO(^0kQb`I||WS!l<R84_shJ62sXfV)G^HbEO0sgy~%di`%D
zGdimgoA4u09OH8Ow_4|Tk<!eBBhDc6vJp-f<4E938G^_VBXB@@mlIM)b8!f73BR#;
zR*D4Xtj?Kh@$l1=es7xk_x@Z-D4=4$H~ss_(pT99gFJq3`?vm}{W^9;Uw&`<xBh}t
ze@^8$D*a=tf=;t@+;q^}6hG2cgigplwKU0{3FJsPZEb;=_A~9j36^oEr`a5qqPT>6
ztCS;wveTh5;sFU_tV#I9h4q=r8Kj8B#8m|<b(nGp*OMGV^ld=n46hB`^Ub+P84drX
z#(*X1oqY`&P$9EA$k>8xBFc3Gem3z3T2MNlJPk3;Of>-&m4A!f>($(anXi&yA}Bs6
z)@>@%P@tCCZ$s^?xNKag%HZ9W*cw;V(5{8I6w7<q5q%)4B47wVQcXmilbVftk(*Di
zT>(3>lMZRA%k*6*maJddU&vA1kT>P+aKmfQMBSjJz1DB}h$+3m&{)cbqONk0{9fl%
z5{fV^B3<KVzqbh<_@8T}1F>@a#I6HnP>onMe<~R^rkQ00;ro)B8;?}-nmYz_V9)Q#
z8CefQ5oPR{eI;3dJk;t#(d3;mR%5413vFB}2oKs=DpPy~)l7MR`I~7d1MDct;HqTy
zqnqieic`9@e2hIDSA}_TQ11Ei-RmpRm9iYWy&yt==^D$8WEK0S@WDr%1Dfv-8X2vk
z3582vUx!Y0c7EwFI?jS^-1%kz(_)%8=LL%P`B5Z@RSy(3YpWjJ4H*O8UR^}L($QqA
znmhUYMvTqEQw2#WhJwESCr^&A0~Jsyfvuu4yXu-i`bUnt7zntu`ijJV5{~?*YDgNa
zXxzw%Lf@vlhws(yxEYm8#I5Tw;4)nqEF6LTs%<dVScAGlL^8%7m5K(gKkE4oR3R2%
zoElLZC^3Hvvi14$gHo}l@`IiqQY9GH3?<SC$^Ml&%2$wp&YZeZk?7U?(rhW0gV8Ii
zg}4ZUVYk*(6GLL?$yP=)e3<09IJV;tVod8EKG%F2Tn-2ki^<W~P*)5LX!_c-k;U@#
zQN}-Eta-(E3nh}{9HkrO{EpjVgF4LTwYD0ZbHNlLT~IG}DM6nJ@9|pyo}mPhajt&a
z#~FqyHCw{>4w4i2jlBcBF|B*e<O}8dZ$2DWFUiV~a?bHy#b%;?(vKka3o;)2jF2)*
z_MtfI)=#J~50W?EGYg%UG~I;Iew+_WPHD3h%T89blk*K*@m-MF$$b(2^^uhDrx0p<
z*YbN*_V<mO8B!*Bya*u)440}yUUuO=`N(suW-I7HXfPLN8f7B5d7Js9C93*T2qC6$
zv40STSyD~K-WF#vosU>&e*yVCPCXV@04~nEb-6sQqR)F3f?+tgZyps7Gr5nhP-o)K
zrYE&@Kp51J08HNfe)QJpX9oH%5&Euo_p3iNLsXA7s;=?GvvAlkRD=dcahJ`|*^6E-
zNKq5hnjs2wnS8*fpPjJW%)7~#VaXTGK5d2e$k$uL`+<rDZpBvOAPxtKfacRubdoND
zFusVfpf&3Z_{Qlr2{%WfRcO%kZQWQUohrL&A&a-EM-pt>ceRyn4w!@Q9NgnJ@xP3r
zm!9+<R4iF8{oVNUUtL*~DqlOma;InSR7WmSG?b3f7*#k20WotICa0S5MGlBJ7p%Q^
zsyO~_C^*`XqQ~LY!G888e7owiHgo>+&G!=F7o+F7Ao7`U=qgr~<<`jo!A|X5GzHCB
z(TQdk^D-XMA>>GZHv>dgZcVH;P|9Z0<POA!pT>h<8_9@cSO2wo=(ncwKNGoN1o?cc
zt@>+A2I*n<OI3cYF8Hmff>)|NBrLy-LFQXan$AHY{{OQEB8B?KS&lyJK!QlkI|Sqr
z>3@T1(MYr4c+4<Zw=QV%E0oAZ^al3JPpGnLIQj6eiO0bRf5-_Y1aY(Skk=}deenvp
zaQXf|7!NvbT|$inp02bR?-PJdBpxKN!w+w9S>QUwMgmKq6Z|+{BIE^Pvh@)D>?FAr
z>Ung|BnbwJrG_J<!jZs>48*k*0(ieH5}*aKc-z3HIn9)gU*Fe%wCN{juqzV?nq?n+
z;>Ec?3{;$LVaxQa&3!a>?6#-nG;Z98Qvj0);H~DG8QsgWJj|*j#pIErvL|sfh`BJ_
z;J@05|LAXDxqh(Kt-*irmUwQOae&s5Y!FobCalor{C;rzjm1Cw!C6vhQB&@YE8Rah
zNFA7I6}SP}rEWq3C9fg-^cwlwpgV>Rw345mfR4o50t$7b9V^lB7hGEM4h|C2-S~yP
zN^DlPGFfp)tIYm5#o0P`>0Vj(#Pn)Cevd$x!y~VqiWmvd_BCLqUC)s-r-QGCv&G5&
zWxFtmJ*3l=bFM94S)`ps!JrAW%|mvDvYs6Van-@Lt4<Od+LL^&c%?n8oY3F;w#D4k
za!93*k2ECJsIngQ72LfUUD-~JiP4wZxiscG-+B?9Wpmg_D+%2*RCo~cX+8~8993!+
z&-*C%AtZf9ua&qx=OW8S)b=W39rn_!#`zP;M3wmE6On_wmC@OhvCh@gNGBy@{qw?-
zk`kpb{POPo-J=NuuJ~o)y=(Z}mvO^HL>7tBBkFm}oiiAozt`2dpGPG{U9mB`r>EdL
zBe;)YQ?hMU6?OJj)=`e;IfHiW@e_oMoeH7}G#d5y3V*0F<<Zd@2zq7V+r$RCV^Z{!
z!2pejmez~qZ}Gx!He8xhc7=7|^>e3a>ai_7+$mp(F0_|@7@;n7frB>M7!l-w-sZS5
z1#{p=5M4pk2<-~A`0l_qN#T13SO~Nf1ZP@2TY@g_-pwFr<n5>IP`MMG6|wLv*a*J*
z7hTZ#<N|ueW?%Mfgvx$sIAhm}nwJ0k;>xRg01o|eoVQwYzJ9MA`(V@qI_Jn2oyHsu
zADyN>zG!lCa9WMce5#Hg@#`c~c%FH!`l|=p$t5kT3C<YohpXE$`aUg3Y8_<mucB$?
zQuEMVKV1q}W*yW*)V-W)Iv8IKJxHz6?H!g>Ok_{KKk4@@$LvJyW`+e@d&I1Mog8n_
z+dQuQmE`E)Lyq1DJF*_Ejp=VY?Qh@>V9%5@zxyac>!Ntbq+`YQpm|DDSLW(c@xe)B
zTpvV_y{RPjBw+4f5A@zRY{fL$o(WBwfHy0#aYBBEHaTjgx|i&{>?y5SEet~37A4-m
zFlRrs`o`~6pfT6;1_Yt+POVJS^sudsE%!OtdcJWFke)1M(za1HLr`@rpPEtjN4IQ_
zrf9$QC$r?sXys4ViKbF`;_s~N6vhg#oV<wLg4jIkL;}f;_oq(w3n>yj!se4UKgTeR
zpl7MwnB$5*dbG`VdN%B$H!UyH5GEF9r}QPEln(QjctfLQJJxYcJKt=8Wm5^QUCxD9
z5>8V&$%dnS>eVVdx|enk>7ml|d~>%*0nc$>?yk3q{t~cc5})`{IkjC)JE(<w^>dba
zkUl7n6W!3_SJ!lG0*F-QK%L_rrugK3aPIWP#Ol~l(F0BMNX*9?B=_Du++|tyWu2aE
zh)xvzk~b}#Q+|v?HQX6mch=x2cX+dOp+BQxhoscW>+m=_E4bU*f$6aUb}SQi7ez9k
zQWKiW4%Jrgc8ZISgPR%U)wugMCu(OI!dUiOUCxeIT;8*-^10h7v`?;!!Gfneb6!2B
zR8z?RsO<DeS=rHPpTDyrly_mLh<4bHu||v8M1HvXJ`TOL$VZgL$(jZ{xu%L?0?u^v
zWC_gKsXp3hT{KAzh_j^eV6Hyr#uwc2jvNEsnThxOyy9<&G#qICiJ!Onx4LW7j}-}J
zf$mHs@cB5n<X{4BOkb{KrW6T#ZZ^!Jr?1H&4ik-eemN`9&$#_{#s*3Jax_UA_&-<7
zvB>T#q)7YUk{sz-6Wpymc5astT%KG}V3_G<V1J&`WpTe)hGBMz=2h}*;i4v7ER{=o
z&HQ}Q9JO(o@}}l=k5|Yk!<}CGT6?3Q8*#{%g`FDGtNJ&CjGzc-NcVRn%kMM*cXe5Z
z_b_672s7g%*^NS_5{$#DN^Z2edojI|<#I|IxSY~jd2c;FEZt;0TS*f7;_Ce+mNt`}
zP5tDP!n%=R&f={Mm{@LzXqUoh<)r(#D*D`pp4#PIsY?pfEA&8rl^k_%Qn`0_iokgc
z_nf}G2U+)2VVAk;c1>qCw8%#NWL74}is@yu<%DBSH^V2)=1(hOu-Hm}n6EdR4+ZQ)
z5n_a|+s@bQu|18K&5de+t49URg;G$sx$U~&Yk^70D0FR=`>rP(ZSeumq6A`R@UC}1
zVjw49gt$_51ZfX0R#u9+*H=n&`#gU&mFxA`QM{sA#6hZg=~Tl^<BjOEag2kiDZ%YC
zp~OZ@(G`1_poIqy+!UvRed-EuKKa@m+TyOtMwSv!lDS{XT|{8AwoLXN3JhLOak)qr
zaHyb2VXSXR_CtcE@%CxZ^FF=36{6{OC+Ysk{%E{)?7a%!TUno_M3)87{dKG!VbexU
zYr)SMClxt{^m`9;x1JhH)aa6EMFgd%VMXegRq3@Ox@$oMVZV<jLKbSbo%N)<RfTYR
zTNvw$#Vz_VKr8T3%i?>{k$pi@!G0C0YF(x(>xawtJ|%Kvg<;W)`?7Fof`V}4Ja8XA
z=Ay1VdhK3y@}#1EFk3FM?$$Qy_T<FmyA0l!j<Q%)0vS59)TNQkjKf@pSxpUgLt<>4
zBj}q@Eg(Nv0-Ky6`Jn8V0BY+0Mtx7t`?{X=;Ey7_z)Wwjq`k%)nz(u0!-9>R*1s(b
zs*30aWqb-n%GvJRyy1re8Z@nF6)@st`;^$az<9y~3G6L`62njboca5b%B$TI8VK#9
z|FRIY--k7&3$ai{3_IgQ0*Ht9@Gsr)0GdCvT6@Jp{ls`$v#1Xf-Z^iA*aKga(QW#^
z2%Aguq}{q_{-7?$%`o9^604A08Wt)<1urZ*Nmx%)vJ|W9$WXjbFS|3C-Hsxp05#M5
ziE?^%c<qfdVen`kgB)LDLIT9Ms&1`+UUq)Q)@XJAGEaZXZCkzH&=K$*Qu;oRf_*8I
zyOSQB`XC|a7_KzLr2F8LoB8dClc;)sMhQ(c9&BMsPAt^&)!(9(Q2!*V<jQ}y2a)?d
z1?5{7h=R%uu9M}aXn80gy97pOijVDPbOs~5N<OQp-Xb_5fcFWU=k9{II2m@L@#-GB
z-yP$<UO21x^QM(}geD^q3QYv*`JQoCv?)|X<DPGT<nQqV|0p>9&&vJFKx?njl@S3v
zDr%k0l483>z8Dswo<~UqA5k{mfj;hIIk%EiJP;XuQUs%56|<*m6l|!spq?t{45DKf
z7+;XUR}h7@hySr0mu1Hm!S=BB({FE<6v6wAkN^@uH9ofn4~%Depcc^p@-BMQ@xbP|
z&mEr%;(5r|mm9|Wq~N}J2Zlynhs@KBHm!2Ok-%dv1iz0U^}zqRPwL)h<+63EM%R!4
z&gBa5Ek_?DaE=4t$v_ZN!4UpO;9Lm7a9!Cllb=KTeMNs#?SCMz-J$tGef4Q4jn$rP
zQ!|?Gb)tR5>}Ae*YkJ!JaA_1@Ppdy>8?=9-e(xm|4F{oCr=ZH|Cj4bld^;H3{=^)_
zgdHci69sobNPPFtj^uyUv&;HzbGwA$i0bfV7<Hw%5~w3HgND}U2+PuS>d&CjOz!)h
zE@!ktcJaY~mq4?`W?5R#2ihYhARDEK+m*HhbYQg2_oC;wd;tkbll?GlC4N<}V^#xe
zgFO1KzJaVb6Rf@Y)mae9f)9m<Z0q`%dx}Lo4jqPB^&TFnQwLi=JUKegA#GBiA{d{h
zFHA>uxmw6VkWfU-rLV}mdx4pplNz6utho4UVUz>=W$%}nPO4nbv%+?}JWVG#Qgx{C
zmJ~9IJr@r$E7_#gx@F$R46ZBcU)kcLnvzLb!-PbkC9YuRcVxXg-7A_+Ib?%bUn-Mc
zdCkky(Ieq`o{xRdO#l-puho9-z_4r)zJ=jVX-1B=p-A)GtTfPKVAJnCL!C3i;dO`)
zcg8(;Ld0yV;;4{7%4A{Ab9r2^!fLEW?_?y9WGkOzL-RFKDl0pooO^cAYuj1yT8Pyc
z<w}Lgy54YnQC6*CN9_Wki{!28D|V^AtS$?b$3YV6n{!U?Cq`DrufnR2_EYh$e@x`y
zKZI}6l%BuCX`EO#OW9s&(CTNmyGcswoxWZ1lr^F{q>S=1RLaXYyU%_DmU)qEN&CWY
zurJK(({M~OZS~N8Ma9rqXH*Xt!?Yk0ctFr$dsSkeYuq{}ctLSPY`?djhd;=J;Bmy0
zh)r9Ht;-T(cWS+&_&Qt(MV$T2X$d+M9wamJb`2@QYOTs)Hk9(A69{&*{aj9g6MI+m
zA<J;5(8t&8H$^X*oeqx9jXAACZk3kD85phy*N$Gzms#NLaTFou*JB`nd8~O=PfnyI
z*d`l#KTgTgD&N6qPsu7OPHw!DY~pouzUu6Ln3zWIf*18JTWqB^oc=@grD<i!xW$9)
zqyFT_OKaEjDuY_c*^ABN=w<6`qY;NnlB>tQdfP*rWl{{Zg&x!<rrW}wy|3&IrluH4
zp>war@Jz5fzi?^tA)#K<czYa#src-PLLghgQ#OXFZnWe~7D}~M$;`;+OdEp9R$mLo
z=^>f7A820{zw-e^hl=+V_2mToE(Kz|_~hKdN_MnqTd#LfH}$SI<~7w)<wm8*-2i2*
zTQVZq?-zuGVx4EF7<;tuv%lPC1*o`vOcSst?2QJ?gDDbx>9U_VReRmZ@xgDF>hKeF
z&#dmZD=MlGsq`vkx8cZq91cXCAOv(D%9R@FN;Cw$cd(=|N4@Q=b3d{Tt`JCbRgwCc
zWCDYcseDp+6SWSLaJxv_T<S>h01_}0e0us~pho_wk?~|oGGF2tzZVl4+F;4etTO2+
z<=wJI6Ry{FIb`iT8rJJ7w?Mo4qyHp)8Kv7Z0dZRuG_eqz_nM7%yl7ftq`7dS=^2%f
zo=ycT{vpPB7<|7*>MeZC>^$JXC|4lW<rG%TleWz0ee_E-{i7p#<1hb<uD);SujYRk
zZqo}x3XOZAk)=Ru|5Bpg9WCge44R{%XEX}OZpnIX*yB(#y(q~?jR^wcq)r%uI0eeh
z52<paIXOlG9i*VTFf$Ba0Ym*LjlUM2GNVbKd4Qxz2|srN!xgq>WD$Olo%djbLtpx%
zpVfYn<X_4qiZ(Ph>pU%-aB(Ny{d=foB&I#`3`>#TgMT&Hh}B1)LB6sTSCRfapGxS{
z8CttvMFDqJmC&{Kmv}|%Ro{%0qg_?}<hsstp8v|8EzVV|N9!=c);pl)nb)1zZg$UG
zL=hb>N`Z7YU!!Y<TU)ugyLz_DP4A=Ub)XHa+MzB(i8C^rDMNM@9v{BBmuZ#DB)sis
z0C;}Ls@p9tx^7;@{T74v6<#%=jO0C(wK24&ERue%yaecjwMkcxT7w7kGE>iHLa?H6
zv8A@XvSlidw1iv?Sf@;_TTYx%HB73}!aI_Oo!`_%L19v9<o2Jdct5;~?Vf%aW1J@f
zT<ICQCNC34YcCgXJquOg3Xhdg_HAI%ot$^!4H|2F^SD)<5Is`N`m=SLry4iPiiB66
zN_#>U)Q&U7oikcyIh0UMBqV7Za`$nH?Ze_jyfqirps^?=)JZPL5%pdBA?~}Sbcc_p
zm?CChb4C%dEq`$L`>2WS7R;__{y5|mZ8l7cly^1Hek*=(TaMEI-XeWd1N6V`T_n`r
zqzzsE0Mjt(8=GQBj$)tuv2)(%p0Fbf3sHq8@5(wEgguM-2)~{K6)V*#rP|DMVPApC
z^VXJ{Tzry(6p2zvrG{XCdMcN%X*uZuz$vYgGcEH6pzTU9H^$6>jApDrElSW=wRDij
zB|u(+Nr_>w^hkc%SKd_qe7%UsaPr+<&Lw?~$Bt<XylhwMF9V2Z_S08YIIQJPC5h|X
znsVKM*T$UqhyrsRnj9?ZWELikCLH@wt;<hlQFvvl(Uu^uhw(*=Y+OWy%w_J0KKNm%
zdU|lFPUU1s&mdvmS?3+5Cr2_8r(ao#YFsN~rZFbi*mxvl_`+9IRiWE_YE-J*xLMN?
ztc5qZX6bo5`4R<(Qrf)LW^MDWScsgIfY56&HVj5t)lT}nbJ0;vqLaA77feap_S81Y
Wh9Bi~SJN}U8JJQ2Kc29V6aNn~Bs35J

literal 0
HcmV?d00001

diff --git a/docs/wiki/uWSGI-example.md b/docs/wiki/uWSGI-example.md
new file mode 100644
index 0000000..d50455d
--- /dev/null
+++ b/docs/wiki/uWSGI-example.md
@@ -0,0 +1,49 @@
+This guide will show you how to run PowerDNS-Admin via uWSGI and nginx. This guide was written using Debian 8 with the following software versions:
+- nginx 1.6.2
+- uwsgi 2.0.7-debian
+- python 2.7.9
+
+`sudo apt-get install uwsgi uwsgi-plugin-python nginx`
+
+### Step-by-step instructions
+1. Create a uWSGI .ini in `/etc/uwsgi/apps-enabled` with the following contents, making sure to replace the chdir, pythonpath and virtualenv directories with where you've installed PowerDNS-Admin:
+ ```ini
+ [uwsgi]
+ plugins = python27
+ 
+ uid=www-data
+ gid=www-data
+ 
+ chdir = /opt/pdns-admin/PowerDNS-Admin/
+ pythonpath = /opt/pdns-admin/PowerDNS-Admin/
+ virtualenv = /opt/pdns-admin/PowerDNS-Admin/flask 
+ 
+ mount = /pdns=powerdnsadmin:create_app()
+ manage-script-name = true
+ 
+ vacuum = true
+ harakiri = 20
+ buffer-size = 32768
+ post-buffering = 8192
+ socket = /run/uwsgi/app/%n/%n.socket
+ chown-socket = www-data
+ pidfile = /run/uwsgi/app/%n/%n.pid 
+ 
+ daemonize = /var/log/uwsgi/app/%n.log
+ enable-threads
+ ```
+2. Add the following configuration to your nginx config:
+ ```nginx
+ location / { try_files $uri @pdns_admin; } 
+
+ location @pdns_admin {
+     include uwsgi_params;
+     uwsgi_pass unix:/run/uwsgi/app/pdns-admin/pdns-admin.socket;
+ }
+
+ location /pdns/static/ {
+     alias /opt/pdns-admin/PowerDNS-Admin/app/static/;
+ }
+ ```
+3. Restart nginx and uwsgi.
+4. You're done and PowerDNS-Admin will now be available via nginx.
\ No newline at end of file

From 5f750d1bb802a0bc355a47e3abdbf35fca34b965 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:17:08 -0400
Subject: [PATCH 100/203] Move Home.md to README.md

---
 docs/wiki/{Home.md => README.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/wiki/{Home.md => README.md} (100%)

diff --git a/docs/wiki/Home.md b/docs/wiki/README.md
similarity index 100%
rename from docs/wiki/Home.md
rename to docs/wiki/README.md

From d259a6494ed24f3bae9097ce2df27019ddee8147 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:20:40 -0400
Subject: [PATCH 101/203] Move preparation guides to sub-folder.

---
 .../Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md       | 0
 .../{ => preparation}/Using-PowerDNS-Admin-with-PostgreSQL.md     | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename docs/wiki/{ => preparation}/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md (100%)
 rename docs/wiki/{ => preparation}/Using-PowerDNS-Admin-with-PostgreSQL.md (100%)

diff --git a/docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md b/docs/wiki/preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
similarity index 100%
rename from docs/wiki/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
rename to docs/wiki/preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
diff --git a/docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md b/docs/wiki/preparation/Using-PowerDNS-Admin-with-PostgreSQL.md
similarity index 100%
rename from docs/wiki/Using-PowerDNS-Admin-with-PostgreSQL.md
rename to docs/wiki/preparation/Using-PowerDNS-Admin-with-PostgreSQL.md

From 305e529cfee902b490e1d36fd2bf4adc09b2db76 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:21:45 -0400
Subject: [PATCH 102/203] Fix header and update preparation links.

---
 docs/wiki/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 7902a97..b5e21cb 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,8 +1,8 @@
-Welcome to the PowerDNS-Admin wiki!
+# Welcome to the PowerDNS-Admin wiki!
 
 ## Preparation guides
-- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin)
-- [Using PowerDNS-Admin with PostgreSQL](Using-PowerDNS-Admin-with-PostgreSQL)
+- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin)
+- [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL)
 
 ## Installation guides
 - [Running PowerDNS Admin on Ubuntu or Debian](Running-PowerDNS-Admin-on-Ubuntu-or-Debian)

From 370aad4dfa300ac5d2060ce4697aa44a562e3012 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:22:57 -0400
Subject: [PATCH 103/203] Github seems to require the extension.

---
 docs/wiki/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index b5e21cb..10f7ecc 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,8 +1,8 @@
 # Welcome to the PowerDNS-Admin wiki!
 
 ## Preparation guides
-- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin)
-- [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL)
+- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
+- [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
 ## Installation guides
 - [Running PowerDNS Admin on Ubuntu or Debian](Running-PowerDNS-Admin-on-Ubuntu-or-Debian)

From 4584b2aa24a6cc3c829459ff7bac0d065d7f2e06 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:26:00 -0400
Subject: [PATCH 104/203] Move and fix links for install guides.

---
 docs/wiki/README.md                                       | 8 ++++----
 .../{ => install}/Running-PowerDNS-Admin-on-Centos-7.md   | 0
 .../{ => install}/Running-PowerDNS-Admin-on-Fedora-30.md  | 0
 .../Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md         | 0
 docs/wiki/{ => install}/Running-on-FreeBSD.md             | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename docs/wiki/{ => install}/Running-PowerDNS-Admin-on-Centos-7.md (100%)
 rename docs/wiki/{ => install}/Running-PowerDNS-Admin-on-Fedora-30.md (100%)
 rename docs/wiki/{ => install}/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md (100%)
 rename docs/wiki/{ => install}/Running-on-FreeBSD.md (100%)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 10f7ecc..c929eba 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -5,10 +5,10 @@
 - [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
 ## Installation guides
-- [Running PowerDNS Admin on Ubuntu or Debian](Running-PowerDNS-Admin-on-Ubuntu-or-Debian)
-- [Running PowerDNS-Admin in Centos 7](Running-PowerDNS-Admin-on-Centos-7)
-- [Running PowerDNS-Admin in Fedora 30](Running-PowerDNS-Admin-on-Fedora-30)
-- [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](Running-on-FreeBSD)
+- [Running PowerDNS Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
+- [Running PowerDNS-Admin in Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
+- [Running PowerDNS-Admin in Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
+- [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ## Web Server configuration
 - [Supervisord](Supervisord-example)
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-on-Centos-7.md
rename to docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-on-Fedora-30.md
rename to docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
diff --git a/docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
rename to docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
diff --git a/docs/wiki/Running-on-FreeBSD.md b/docs/wiki/install/Running-on-FreeBSD.md
similarity index 100%
rename from docs/wiki/Running-on-FreeBSD.md
rename to docs/wiki/install/Running-on-FreeBSD.md

From 7df3f033629c6a0edecc7d67b398809ca991d0e6 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:29:50 -0400
Subject: [PATCH 105/203] Move web server config to separate folder.

---
 docs/wiki/README.md                                  | 12 ++++++------
 ...erDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md |  0
 ...werDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md |  0
 docs/wiki/{ => web-server}/Supervisord-example.md    |  0
 docs/wiki/{ => web-server}/Systemd-example.md        |  0
 docs/wiki/{ => web-server}/WSGI-Apache-example.md    |  0
 docs/wiki/{ => web-server}/uWSGI-example.md          |  0
 7 files changed, 6 insertions(+), 6 deletions(-)
 rename docs/wiki/{ => web-server}/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md (100%)
 rename docs/wiki/{ => web-server}/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md (100%)
 rename docs/wiki/{ => web-server}/Supervisord-example.md (100%)
 rename docs/wiki/{ => web-server}/Systemd-example.md (100%)
 rename docs/wiki/{ => web-server}/WSGI-Apache-example.md (100%)
 rename docs/wiki/{ => web-server}/uWSGI-example.md (100%)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index c929eba..0a86eab 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -11,12 +11,12 @@
 - [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ## Web Server configuration
-- [Supervisord](Supervisord-example)
-- [Systemd](Systemd-example)
-- [Systemd + Gunicorn + Nginx](Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx)
-- [Systemd + Gunicorn + Apache](Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache)
-- [uWSGI](uWSGI-example)
-- [WSGI-Apache](WSGI-Apache-example)
+- [Supervisord](web-server/Supervisord-example.md)
+- [Systemd](web-server/Systemd-example.md)
+- [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx)
+- [Systemd + Gunicorn + Apache](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache)
+- [uWSGI](web-server/uWSGI-example)
+- [WSGI-Apache](web-server/WSGI-Apache-example)
 
 ## Feature usage
 - [DynDNS2](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/DynDNS2)
\ No newline at end of file
diff --git a/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md b/docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
rename to docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
diff --git a/docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md b/docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
rename to docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md
diff --git a/docs/wiki/Supervisord-example.md b/docs/wiki/web-server/Supervisord-example.md
similarity index 100%
rename from docs/wiki/Supervisord-example.md
rename to docs/wiki/web-server/Supervisord-example.md
diff --git a/docs/wiki/Systemd-example.md b/docs/wiki/web-server/Systemd-example.md
similarity index 100%
rename from docs/wiki/Systemd-example.md
rename to docs/wiki/web-server/Systemd-example.md
diff --git a/docs/wiki/WSGI-Apache-example.md b/docs/wiki/web-server/WSGI-Apache-example.md
similarity index 100%
rename from docs/wiki/WSGI-Apache-example.md
rename to docs/wiki/web-server/WSGI-Apache-example.md
diff --git a/docs/wiki/uWSGI-example.md b/docs/wiki/web-server/uWSGI-example.md
similarity index 100%
rename from docs/wiki/uWSGI-example.md
rename to docs/wiki/web-server/uWSGI-example.md

From 2c7c75b3a6878bcc2ef882eccde89cd41c698de4 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:32:32 -0400
Subject: [PATCH 106/203] Update DynDNS2.md to features sub-folder.

---
 docs/wiki/README.md                 | 2 +-
 docs/wiki/{ => features}/DynDNS2.md | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename docs/wiki/{ => features}/DynDNS2.md (100%)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 0a86eab..623c701 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -19,4 +19,4 @@
 - [WSGI-Apache](web-server/WSGI-Apache-example)
 
 ## Feature usage
-- [DynDNS2](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/DynDNS2)
\ No newline at end of file
+- [DynDNS2](features/DynDNS2.md)
\ No newline at end of file
diff --git a/docs/wiki/DynDNS2.md b/docs/wiki/features/DynDNS2.md
similarity index 100%
rename from docs/wiki/DynDNS2.md
rename to docs/wiki/features/DynDNS2.md

From 88b7331db15ecdc9e8a6b50a405461cdf7c17e98 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 12:34:31 -0400
Subject: [PATCH 107/203] Fix missing extensions.

---
 docs/wiki/README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 623c701..f75d8db 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -13,10 +13,10 @@
 ## Web Server configuration
 - [Supervisord](web-server/Supervisord-example.md)
 - [Systemd](web-server/Systemd-example.md)
-- [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx)
-- [Systemd + Gunicorn + Apache](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache)
-- [uWSGI](web-server/uWSGI-example)
-- [WSGI-Apache](web-server/WSGI-Apache-example)
+- [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md)
+- [Systemd + Gunicorn + Apache](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md)
+- [uWSGI](web-server/uWSGI-example.md)
+- [WSGI-Apache](web-server/WSGI-Apache-example.md)
 
 ## Feature usage
 - [DynDNS2](features/DynDNS2.md)
\ No newline at end of file

From 3e9fc1f8fc9046efc18b55a4a0318b26072f0c45 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:00:00 -0400
Subject: [PATCH 108/203] Minor update to header.

---
 docs/wiki/features/DynDNS2.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/wiki/features/DynDNS2.md b/docs/wiki/features/DynDNS2.md
index 2fbd9ae..b599727 100644
--- a/docs/wiki/features/DynDNS2.md
+++ b/docs/wiki/features/DynDNS2.md
@@ -3,6 +3,7 @@ IPv4: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.do
 IPv6: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.domain.tld&myip=::1  
 Multiple IPs: http://user:pass@yournameserver.yoursite.tld/nic/update?hostname=record.domain.tld&myip=127.0.0.1,127.0.0.2,::1,::2
 
+Notes:
 - user needs to be a LOCAL user, not LDAP etc
 - user must have already logged-in
 - user needs to be added to Domain Access Control list of domain.tld - admin status (manage all) does not suffice

From 6babb1cd0397481a587440ccc6e4428363228470 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:03:15 -0400
Subject: [PATCH 109/203] Update links.

---
 docs/wiki/install/Running-on-FreeBSD.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/install/Running-on-FreeBSD.md b/docs/wiki/install/Running-on-FreeBSD.md
index 76a8f5b..b37e9c3 100644
--- a/docs/wiki/install/Running-on-FreeBSD.md
+++ b/docs/wiki/install/Running-on-FreeBSD.md
@@ -17,7 +17,7 @@ sudo pkg install libxml2 libxslt pkgconf py37-xmlsec py37-cffi py37-ldap
 _**Note:**_ Please adjust `/opt/powerdns-admin` to your local web application directory
 
 ```bash
-git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/powerdns-admin
+git clone https://github.com/PowerDNS-Admin/PowerDNS-Admin.git /opt/powerdns-admin
 cd /opt/powerdns-admin
 ```
 
@@ -97,6 +97,6 @@ Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin
 
 ### Running at startup
 
-This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](../web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md) for instructions.
 
 The right approach long-term is to create a startup script in `/usr/local/etc/rc.d` and enable it through `/etc/rc.conf`.
\ No newline at end of file

From 0bdd09b3f15b13adea9b04626588d1505a0fc729 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:06:00 -0400
Subject: [PATCH 110/203] Update links.

---
 .../install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index 1cdda78..acc5858 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -44,7 +44,7 @@ sudo apt install -y yarn
 _**Note:**_ Please adjust `/opt/web/powerdns-admin` to your local web application directory
 
 ```bash
-git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
+git clone https://github.com/PowerDNS-Admin/PowerDNS-Admin.git /opt/web/powerdns-admin
 cd /opt/web/powerdns-admin
 python3 -mvenv ./venv
 ```
@@ -91,4 +91,4 @@ Now you can run PowerDNS-Admin by command
 
 Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
 
-This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
\ No newline at end of file
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
\ No newline at end of file

From 45e05f94873767b8e3d9ba367aa4164cb149718a Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:10:44 -0400
Subject: [PATCH 111/203] Minor formatting updates.

---
 docs/wiki/web-server/uWSGI-example.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/web-server/uWSGI-example.md b/docs/wiki/web-server/uWSGI-example.md
index d50455d..db15d03 100644
--- a/docs/wiki/web-server/uWSGI-example.md
+++ b/docs/wiki/web-server/uWSGI-example.md
@@ -1,11 +1,18 @@
+# uWSGI Example
+
 This guide will show you how to run PowerDNS-Admin via uWSGI and nginx. This guide was written using Debian 8 with the following software versions:
 - nginx 1.6.2
 - uwsgi 2.0.7-debian
 - python 2.7.9
 
-`sudo apt-get install uwsgi uwsgi-plugin-python nginx`
+## Software installation:
 
-### Step-by-step instructions
+1. apt install the following packages:
+   - `uwsgi`
+   - `uwsgi-plugin-python`
+   - `nginx`
+
+## Step-by-step instructions
 1. Create a uWSGI .ini in `/etc/uwsgi/apps-enabled` with the following contents, making sure to replace the chdir, pythonpath and virtualenv directories with where you've installed PowerDNS-Admin:
  ```ini
  [uwsgi]

From 4f177407dd709e43829e28a507466fedfcfb4199 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:13:05 -0400
Subject: [PATCH 112/203] Update github urls.

---
 docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md  | 2 +-
 docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
index e61485a..18d57f6 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
@@ -57,7 +57,7 @@ yum install yarn
 NOTE: Please adjust `/opt/web/powerdns-admin` to your local web application directory
 
 ```
-git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
+git clone https://github.com/PowerDNS-Admin/PowerDNS-Admin.git /opt/web/powerdns-admin
 cd /opt/web/powerdns-admin
 virtualenv -p python3 flask
 ```
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
index e3b23ea..c51862b 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
@@ -36,7 +36,7 @@ npm install yarn -g
 ## Clone the PowerDNS-Admin repository to the installation path:
 ```bash
 cd /opt/web/
-git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git powerdns-admin
+git clone https://github.com/PowerDNS-Admin/PowerDNS-Admin.git powerdns-admin
 ```
 
 **Prepare the Virtual Environment:**

From 31fd350f0118de50d388105e27d2daaa2d4a0489 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:17:09 -0400
Subject: [PATCH 113/203] Add Fedora 23 directions and links.

---
 docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md         | 1 -
 docs/wiki/README.md                                      | 5 +++--
 docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md | 1 +
 docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)
 delete mode 100644 docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
 create mode 100644 docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md

diff --git a/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md b/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
deleted file mode 100644
index 7f876ff..0000000
--- a/docs/wiki/Install-PowerDNS-Admin-in-Fedora-23.md
+++ /dev/null
@@ -1 +0,0 @@
-Please refer to CentOS guide: https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Centos-7
\ No newline at end of file
diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index f75d8db..8010cc1 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -6,8 +6,9 @@
 
 ## Installation guides
 - [Running PowerDNS Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
-- [Running PowerDNS-Admin in Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
-- [Running PowerDNS-Admin in Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
+- [Running PowerDNS-Admin on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
+- [Running PowerDNS-Admin on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
+- [Running PowerDNS-Admin on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
 - [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ## Web Server configuration
diff --git a/docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md b/docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md
new file mode 100644
index 0000000..ca84460
--- /dev/null
+++ b/docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md
@@ -0,0 +1 @@
+Please refer to CentOS guide: [Running-PowerDNS-Admin-on-Centos-7](Running-PowerDNS-Admin-on-Centos-7.md)
\ No newline at end of file
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
index c51862b..51b705c 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
@@ -80,4 +80,4 @@ Open your web browser and access to `http://localhost:9191` to visit PowerDNS-Ad
 At the first time you login into the PDA UI, you will be redirected to setting page to configure the PDNS API information.
 
 _**Note:**_ For production environment, i recommend to run PowerDNS-Admin with WSGI over Apache instead of flask's built-in web server...  
- Take a look at [WSGI Apache Example](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example#fedora) WIKI page to see how to configure it.
\ No newline at end of file
+ Take a look at [WSGI Apache Example](web-server/WSGI-Apache-example#fedora) WIKI page to see how to configure it.
\ No newline at end of file

From 99370a9afb182594137cc525c0cfeeab89d50756 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:33:43 -0400
Subject: [PATCH 114/203] Update the guinicorn.

---
 docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md b/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
index df01179..f693736 100644
--- a/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
+++ b/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
@@ -1,6 +1,6 @@
 ***
-**WARNING**  
-This just uses the development server for testing purposes. For production environments you should probably go with a more robust solution, like [gunicorn](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) or a WSGI server. 
+**WARNING**
+This just uses the development server for testing purposes. For production environments you should probably go with a more robust solution, like [gunicorn](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md) or a WSGI server.
 ***
 
 ### Following example shows a systemd unit file that can run PowerDNS-Admin

From c7dbb33dd79445928208c09f0ae468bf9d94f9af Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 13:35:35 -0400
Subject: [PATCH 115/203] Rename Fedora 23 filename.

---
 ...min-in-Fedora-23.md => Running-PowerDNS-Admin-on-Fedora-23.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/wiki/install/{Install-PowerDNS-Admin-in-Fedora-23.md => Running-PowerDNS-Admin-on-Fedora-23.md} (100%)

diff --git a/docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-23.md
similarity index 100%
rename from docs/wiki/install/Install-PowerDNS-Admin-in-Fedora-23.md
rename to docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-23.md

From 3e6804442013ce2d31b5d392625294a6f563350c Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <109844019+pneb@users.noreply.github.com>
Date: Fri, 9 Dec 2022 08:15:13 +0800
Subject: [PATCH 116/203] Update utils.py

This should fix the error you were experiencing, as it will now only attempt to process the `data` argument if it is a tuple containing two elements. If the `data` argument is not in the expected format, the function will simply return an empty string instead of raising an exception.
---
 powerdnsadmin/lib/utils.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 9e7cf20..5a62ee3 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -119,12 +119,16 @@ def fetch_json(remote_url,
 
 
 def display_record_name(data):
-    record_name, domain_name = data
-    if record_name == domain_name:
-        return '@'
+    # Check that the data argument is a tuple containing two elements
+    if isinstance(data, Iterable) and len(data) == 2:
+        record_name, domain_name = data
+        if record_name == domain_name:
+            return '@'
+        else:
+            return record_name
     else:
-        return re.sub('\.{}$'.format(domain_name), '', record_name)
-
+        # If data is not a tuple of length 2, return an empty string
+        return ''
 
 def display_master_name(data):
     """

From 9a4acf53058b698f2e4089fe9ac8e5fd73685048 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:33:57 -0400
Subject: [PATCH 117/203] Move configure Active directory auth to config
 folder.

---
 ...figure-Active-Directory-Authentication-using-Group-Security.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/wiki/{ => configuration}/Configure-Active-Directory-Authentication-using-Group-Security.md (100%)

diff --git a/docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md b/docs/wiki/configuration/Configure-Active-Directory-Authentication-using-Group-Security.md
similarity index 100%
rename from docs/wiki/Configure-Active-Directory-Authentication-using-Group-Security.md
rename to docs/wiki/configuration/Configure-Active-Directory-Authentication-using-Group-Security.md

From fc01be4cad625db83106ec0164fdfb6c908fca9a Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:34:29 -0400
Subject: [PATCH 118/203] Move systemd service to install folder.

---
 .../Running-PowerDNS-Admin-as-a-service-(Systemd).md              | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/wiki/{ => install}/Running-PowerDNS-Admin-as-a-service-(Systemd).md (100%)

diff --git a/docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md b/docs/wiki/install/Running-PowerDNS-Admin-as-a-service-(Systemd).md
similarity index 100%
rename from docs/wiki/Running-PowerDNS-Admin-as-a-service-(Systemd).md
rename to docs/wiki/install/Running-PowerDNS-Admin-as-a-service-(Systemd).md

From c5524dc9098b89ef3eaa45ad5dc5d9927ac9a46e Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:36:55 -0400
Subject: [PATCH 119/203] Fix link to gunicorn and nginx setup.

---
 docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index acc5858..b5df090 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -91,4 +91,4 @@ Now you can run PowerDNS-Admin by command
 
 Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
 
-This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx) for instructions.
\ No newline at end of file
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md) for instructions.
\ No newline at end of file

From 1ced360e5fec0efc08bcb0a5e91e169bd9d1bd4a Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:39:25 -0400
Subject: [PATCH 120/203] Fixed links to gunicorn docs.

---
 docs/wiki/README.md                                       | 8 ++++++--
 .../install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md | 2 +-
 ...ing-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md} | 0
 3 files changed, 7 insertions(+), 3 deletions(-)
 rename docs/wiki/web-server/{Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md => Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md} (100%)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 8010cc1..b7d2f3d 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -5,16 +5,20 @@
 - [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
 ## Installation guides
-- [Running PowerDNS Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
+- [Running PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
 - [Running PowerDNS-Admin on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
 - [Running PowerDNS-Admin on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
 - [Running PowerDNS-Admin on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
 - [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
+### Post install Setup:
+- [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
+
+
 ## Web Server configuration
 - [Supervisord](web-server/Supervisord-example.md)
 - [Systemd](web-server/Systemd-example.md)
-- [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md)
+- [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md)
 - [Systemd + Gunicorn + Apache](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn-and-Apache.md)
 - [uWSGI](web-server/uWSGI-example.md)
 - [WSGI-Apache](web-server/WSGI-Apache-example.md)
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index b5df090..b4e3b66 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -91,4 +91,4 @@ Now you can run PowerDNS-Admin by command
 
 Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
 
-This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md) for instructions.
\ No newline at end of file
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](../web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md) for instructions.
\ No newline at end of file
diff --git a/docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md b/docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md
similarity index 100%
rename from docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx.md
rename to docs/wiki/web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md

From 3bcda68df9947733e9d5c09d147db5167153485b Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:43:10 -0400
Subject: [PATCH 121/203] Add placeholders for environment variables and
 Docker.

---
 docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md | 1 +
 docs/wiki/preparation/Environment-variables.md        | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
 create mode 100644 docs/wiki/preparation/Environment-variables.md

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
new file mode 100644
index 0000000..6af7286
--- /dev/null
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
@@ -0,0 +1 @@
+# Installation on docker
\ No newline at end of file
diff --git a/docs/wiki/preparation/Environment-variables.md b/docs/wiki/preparation/Environment-variables.md
new file mode 100644
index 0000000..d83b744
--- /dev/null
+++ b/docs/wiki/preparation/Environment-variables.md
@@ -0,0 +1,2 @@
+# Supported environment variables
+

From 254c00ae92181f5414a015e3c2698f79c6146ab2 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:43:54 -0400
Subject: [PATCH 122/203] Add placeholder for getting started.

---
 docs/wiki/configuration/Getting-started.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docs/wiki/configuration/Getting-started.md

diff --git a/docs/wiki/configuration/Getting-started.md b/docs/wiki/configuration/Getting-started.md
new file mode 100644
index 0000000..44bd3c6
--- /dev/null
+++ b/docs/wiki/configuration/Getting-started.md
@@ -0,0 +1 @@
+# Getting started with PowerDNS-Admin
\ No newline at end of file

From 59ab3dcecd124bd03ffbbb8fb46ad572d3d91215 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:44:10 -0400
Subject: [PATCH 123/203] Add link to getting started.

---
 docs/wiki/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index b7d2f3d..779951c 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -12,7 +12,9 @@
 - [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ### Post install Setup:
-- [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
+- [Getting started](configuration/Getting-started.md)
+- SystemD:
+  - [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
 
 
 ## Web Server configuration

From 16fbf412d874c14b6fa5ca27ee181c4b108e417b Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:53:14 -0400
Subject: [PATCH 124/203] Fill in DB URI and secret key.

---
 docs/wiki/preparation/Environment-variables.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/wiki/preparation/Environment-variables.md b/docs/wiki/preparation/Environment-variables.md
index d83b744..3dc0ea0 100644
--- a/docs/wiki/preparation/Environment-variables.md
+++ b/docs/wiki/preparation/Environment-variables.md
@@ -1,2 +1,9 @@
 # Supported environment variables
 
+| Variable | Description | Default value |
+| -------------- | ----------- | --------------- |
+| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | <no default> |
+| SECRET_KEY   | Flask secret key [^1] | <no default> |
+
+
+[^1]: Flask secret key (see https://flask.palletsprojects.com/en/2.0.x/config/#SECRET_KEY for how to generate)

From 5a58e70e8cdb1ce54dcce07f40f7a17e41f07572 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:53:30 -0400
Subject: [PATCH 125/203] Add link to environment variables docs.

---
 docs/wiki/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 779951c..d775273 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -3,6 +3,7 @@
 ## Preparation guides
 - [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
 - [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
+- [Environment Variables](preparation/Environment-variables.md)
 
 ## Installation guides
 - [Running PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)

From 57b092771827932ed18a087b833519dd78886398 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:56:40 -0400
Subject: [PATCH 126/203] Minor formatting changes to README.

---
 docs/wiki/README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index d775273..b853d87 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,9 +1,8 @@
 # Welcome to the PowerDNS-Admin wiki!
 
-## Preparation guides
+## Database Setup guides
 - [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
 - [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
-- [Environment Variables](preparation/Environment-variables.md)
 
 ## Installation guides
 - [Running PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
@@ -13,11 +12,11 @@
 - [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ### Post install Setup:
+- [Environment Variables](preparation/Environment-variables.md)
 - [Getting started](configuration/Getting-started.md)
 - SystemD:
   - [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
 
-
 ## Web Server configuration
 - [Supervisord](web-server/Supervisord-example.md)
 - [Systemd](web-server/Systemd-example.md)

From 2c34307365c9be8dec8481ea30e35e4053ec0a0b Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 20:59:35 -0400
Subject: [PATCH 127/203] Move environment vars to configuration

---
 docs/wiki/README.md                              | 16 ++++++++--------
 .../Environment-variables.md                     |  0
 2 files changed, 8 insertions(+), 8 deletions(-)
 rename docs/wiki/{preparation => configuration}/Environment-variables.md (100%)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index b853d87..340b63a 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,18 +1,18 @@
 # Welcome to the PowerDNS-Admin wiki!
 
 ## Database Setup guides
-- [Prepare MySQL or MariaDB Database for PowerDNS-Admin](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
-- [Using PowerDNS-Admin with PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
+- [MySQL or MariaDB](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
+- [PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
 ## Installation guides
-- [Running PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
-- [Running PowerDNS-Admin on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
-- [Running PowerDNS-Admin on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
-- [Running PowerDNS-Admin on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
-- [Running PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
+- [Installing PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
+- [Installing PowerDNS-Admin on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
+- [Installing PowerDNS-Admin on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
+- [Installing PowerDNS-Admin on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
+- [Installing PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
 
 ### Post install Setup:
-- [Environment Variables](preparation/Environment-variables.md)
+- [Environment Variables](configuration/Environment-variables.md)
 - [Getting started](configuration/Getting-started.md)
 - SystemD:
   - [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
diff --git a/docs/wiki/preparation/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
similarity index 100%
rename from docs/wiki/preparation/Environment-variables.md
rename to docs/wiki/configuration/Environment-variables.md

From e0970541b4dad20593da4c296a561002689691e2 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:10:45 -0400
Subject: [PATCH 128/203] Update links to be more readable.

---
 docs/wiki/README.md | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 340b63a..9a7226d 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,15 +1,16 @@
 # Welcome to the PowerDNS-Admin wiki!
 
-## Database Setup guides
+## Database Setup guides:
 - [MySQL or MariaDB](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
 - [PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
-## Installation guides
-- [Installing PowerDNS-Admin on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
-- [Installing PowerDNS-Admin on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
-- [Installing PowerDNS-Admin on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
-- [Installing PowerDNS-Admin on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
-- [Installing PowerDNS-Admin on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
+## Installation guides:
+- [Install on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
+- [Install on Docker](install/Running-PowerDNS-Admin-on-Docker.md)
+- [Install on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
+- [Install on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
+- [Install on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
+- [Install on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
 
 ### Post install Setup:
 - [Environment Variables](configuration/Environment-variables.md)
@@ -17,7 +18,7 @@
 - SystemD:
   - [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
 
-## Web Server configuration
+### Web Server configuration:
 - [Supervisord](web-server/Supervisord-example.md)
 - [Systemd](web-server/Systemd-example.md)
 - [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md)
@@ -25,5 +26,10 @@
 - [uWSGI](web-server/uWSGI-example.md)
 - [WSGI-Apache](web-server/WSGI-Apache-example.md)
 
+## Using PowerDNS-Admin:
+- Setting up a domain
+- Adding a record
+- <whatever else>
+
 ## Feature usage
 - [DynDNS2](features/DynDNS2.md)
\ No newline at end of file

From fb387eb570356b10fa338a5036da88f1b323b257 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:13:26 -0400
Subject: [PATCH 129/203] Minor formatting change.

---
 docs/wiki/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 9a7226d..6de6dc2 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,7 +1,7 @@
 # Welcome to the PowerDNS-Admin wiki!
 
 ## Database Setup guides:
-- [MySQL or MariaDB](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
+- [MySQL / MariaDB](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
 - [PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
 
 ## Installation guides:

From 76315aac6d3c6973f8e07657f7e12810cbf07911 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:16:26 -0400
Subject: [PATCH 130/203] Add required column to table.

---
 docs/wiki/configuration/Environment-variables.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
index 3dc0ea0..097bf16 100644
--- a/docs/wiki/configuration/Environment-variables.md
+++ b/docs/wiki/configuration/Environment-variables.md
@@ -1,9 +1,9 @@
 # Supported environment variables
 
-| Variable | Description | Default value |
-| -------------- | ----------- | --------------- |
-| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | <no default> |
-| SECRET_KEY   | Flask secret key [^1] | <no default> |
+| Variable | Description | Required | Default value |
+| ---------| ----------- | -------- | ------------- |
+| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | Y | <no default> |
+| SECRET_KEY   | Flask secret key [^1] | Y | <no default> |
 
 
 [^1]: Flask secret key (see https://flask.palletsprojects.com/en/2.0.x/config/#SECRET_KEY for how to generate)

From d2c0c94e61000e1664e85d980fd8e4c760521ad5 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:19:18 -0400
Subject: [PATCH 131/203] Flesh out docker setup.

---
 .../install/Running-PowerDNS-Admin-on-Docker.md   | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
index 6af7286..2f23845 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
@@ -1 +1,14 @@
-# Installation on docker
\ No newline at end of file
+# Installation on docker
+
+The Docker image is ngoduykhanh/powerdns-admin available on [DockerHub](https://hub.docker.com/r/ngoduykhanh/powerdns-admin)
+
+The supported environment variables to configure the container are located [here](../configuration/Environment-variables.md).
+
+You can run the container and expose the web server on port 9191 using:
+```bash
+docker run -d \
+    -e SECRET_KEY='a-very-secret-key' \
+    -v pda-data:/data \
+    -p 9191:80 \
+    ngoduykhanh/powerdns-admin:latest
+```

From 7a2f83a888adb766c862e1adea85c403d3d9bdb3 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:19:55 -0400
Subject: [PATCH 132/203] Update environment var required.

---
 docs/wiki/configuration/Environment-variables.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
index 097bf16..35e2a00 100644
--- a/docs/wiki/configuration/Environment-variables.md
+++ b/docs/wiki/configuration/Environment-variables.md
@@ -2,7 +2,7 @@
 
 | Variable | Description | Required | Default value |
 | ---------| ----------- | -------- | ------------- |
-| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | Y | <no default> |
+| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | N | <no default> |
 | SECRET_KEY   | Flask secret key [^1] | Y | <no default> |
 
 

From 19e5750974a83f67eb1225ff9347e622116f2ffb Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:22:13 -0400
Subject: [PATCH 133/203] Dropped documentation to 1.1.x since that is the
 version being used.

---
 docs/wiki/configuration/Environment-variables.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
index 35e2a00..c24185a 100644
--- a/docs/wiki/configuration/Environment-variables.md
+++ b/docs/wiki/configuration/Environment-variables.md
@@ -6,4 +6,4 @@
 | SECRET_KEY   | Flask secret key [^1] | Y | <no default> |
 
 
-[^1]: Flask secret key (see https://flask.palletsprojects.com/en/2.0.x/config/#SECRET_KEY for how to generate)
+[^1]: Flask secret key (see https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY for how to generate)

From 2dec2ad2041d784242925c6f776bff7721ec65fe Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:23:28 -0400
Subject: [PATCH 134/203] Fix default values.

---
 docs/wiki/configuration/Environment-variables.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
index c24185a..7b835e2 100644
--- a/docs/wiki/configuration/Environment-variables.md
+++ b/docs/wiki/configuration/Environment-variables.md
@@ -2,8 +2,8 @@
 
 | Variable | Description | Required | Default value |
 | ---------| ----------- | -------- | ------------- |
-| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | N | <no default> |
-| SECRET_KEY   | Flask secret key [^1] | Y | <no default> |
+| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | N | no default |
+| SECRET_KEY   | Flask secret key [^1] | Y | no default |
 
 
 [^1]: Flask secret key (see https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY for how to generate)

From 2656242b45439ece9e50afd95667b83a24fb1439 Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <109844019+pneb@users.noreply.github.com>
Date: Fri, 9 Dec 2022 09:33:17 +0800
Subject: [PATCH 135/203] Update api_key.py

I added the parentheses to the `db.session.rollback` line to call the method, which will now properly roll back any changes made to the database if an error occurs.
---
 powerdnsadmin/models/api_key.py | 40 ++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/powerdnsadmin/models/api_key.py b/powerdnsadmin/models/api_key.py
index 4c26cd2..7bd0fda 100644
--- a/powerdnsadmin/models/api_key.py
+++ b/powerdnsadmin/models/api_key.py
@@ -60,31 +60,31 @@ class ApiKey(db.Model):
 
     def update(self, role_name=None, description=None, domains=None, accounts=None):
         try:
-            if role_name:
-                role = Role.query.filter(Role.name == role_name).first()
-                self.role_id = role.id
+          if role_name:
+              role = Role.query.filter(Role.name == role_name).first()
+              self.role_id = role.id
 
-            if description:
-                self.description = description
+          if description:
+              self.description = description
 
-            if domains is not None:
-                domain_object_list = Domain.query \
-                                           .filter(Domain.name.in_(domains)) \
-                                           .all()
-                self.domains[:] = domain_object_list
+          if domains is not None:
+              domain_object_list = Domain.query \
+                                       .filter(Domain.name.in_(domains)) \
+                                       .all()
+              self.domains[:] = domain_object_list
 
-            if accounts is not None:
-                account_object_list = Account.query \
-                                           .filter(Account.name.in_(accounts)) \
-                                           .all()
-                self.accounts[:] = account_object_list
+          if accounts is not None:
+              account_object_list = Account.query \
+                                       .filter(Account.name.in_(accounts)) \
+                                       .all()
+              self.accounts[:] = account_object_list
 
-            db.session.commit()
+          db.session.commit()
         except Exception as e:
-            msg_str = 'Update of apikey failed. Error: {0}'
-            current_app.logger.error(msg_str.format(e))
-            db.session.rollback
-            raise e
+          msg_str = 'Update of apikey failed. Error: {0}'
+          current_app.logger.error(msg_str.format(e))
+          db.session.rollback()  # fixed line
+          raise e
 
     def get_hashed_password(self, plain_text_password=None):
         # Hash a password for the first time

From dc495ce4265ab467a9a179759abfb21a4223acad Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:44:52 -0400
Subject: [PATCH 136/203] Move preparation to database-setup.

---
 .../Setup-MySQL-or-MariaDB.md}                |  2 ++
 .../Setup-PostgreSQL.md}                      | 19 +++++++------------
 2 files changed, 9 insertions(+), 12 deletions(-)
 rename docs/wiki/{preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md => database-setup/Setup-MySQL-or-MariaDB.md} (93%)
 rename docs/wiki/{preparation/Using-PowerDNS-Admin-with-PostgreSQL.md => database-setup/Setup-PostgreSQL.md} (68%)

diff --git a/docs/wiki/preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
similarity index 93%
rename from docs/wiki/preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
rename to docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 774d3e3..139e515 100644
--- a/docs/wiki/preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -1,3 +1,5 @@
+# Setup MySQL database for PowerDNS-Admin
+
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
 ### Step-by-step instructions
diff --git a/docs/wiki/preparation/Using-PowerDNS-Admin-with-PostgreSQL.md b/docs/wiki/database-setup/Setup-PostgreSQL.md
similarity index 68%
rename from docs/wiki/preparation/Using-PowerDNS-Admin-with-PostgreSQL.md
rename to docs/wiki/database-setup/Setup-PostgreSQL.md
index 04155e9..2af39a0 100644
--- a/docs/wiki/preparation/Using-PowerDNS-Admin-with-PostgreSQL.md
+++ b/docs/wiki/database-setup/Setup-PostgreSQL.md
@@ -1,10 +1,6 @@
-If you would like to use PostgreSQL instead of MySQL or MariaDB, you have to install difference dependencies. Check the following instructions.
+# Setup Postgres database for PowerDNS-Admin
 
-### Install dependencies
-```
-$ sudo yum install postgresql-libs
-$ pip install psycopg2
-```
+We assume you already have a postgres database software installed for your platform.
 
 ### Create database
 ```
@@ -16,16 +12,15 @@ postgres=# alter user powerdnsadmin with encrypted password 'powerdnsadmin';
 postgres=# grant all privileges on database powerdnsadmindb to powerdnsadmin;
 ```
 
-In your `config.py` file, make sure you have
-```
-SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:powerdnsadmin@127.0.0.1/powerdnsadmindb'
-```
-
 Note:
 - Please change the information above (db, user, password) to fit your setup.
+
+### Setup Remote access to database:
+If your database is on a different server
+
 - You might need to adjust your PostgreSQL's `pg_hba.conf` config file to allow password authentication for networks.
 
-### Use Docker
+## Docker
 ```
 docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0 
 -e SECRET_KEY='a-very-secret-key' 

From 55537e5bce0c90bcf2b0bdfba4836ef445b40a9c Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:46:49 -0400
Subject: [PATCH 137/203] Update links to database setup.

---
 docs/wiki/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 6de6dc2..d271287 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,8 +1,8 @@
 # Welcome to the PowerDNS-Admin wiki!
 
 ## Database Setup guides:
-- [MySQL / MariaDB](preparation/Prepare-MySQL-or-MariaDB-Database-for-PowerDNS-Admin.md)
-- [PostgreSQL](preparation/Using-PowerDNS-Admin-with-PostgreSQL.md)
+- [MySQL / MariaDB](database-setup/Setup-MySQL-or-MariaDB.md)
+- [PostgreSQL](database-setup/Setup-PostgreSQL.md)
 
 ## Installation guides:
 - [Install on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)

From b5661b61a09737676a635cc69af4409ffd476782 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:47:28 -0400
Subject: [PATCH 138/203] Add postgres URI to getting-started.

---
 docs/wiki/configuration/Getting-started.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/wiki/configuration/Getting-started.md b/docs/wiki/configuration/Getting-started.md
index 44bd3c6..c27beb1 100644
--- a/docs/wiki/configuration/Getting-started.md
+++ b/docs/wiki/configuration/Getting-started.md
@@ -1 +1,10 @@
-# Getting started with PowerDNS-Admin
\ No newline at end of file
+# Getting started with PowerDNS-Admin
+
+
+In your `config.py` file, make sure you have the database URI filled in:
+
+For Postgres:
+```
+SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:powerdnsadmin@127.0.0.1/powerdnsadmindb'
+```
+

From 4952f2de061c43fe82705ba735ae46432405fff1 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:48:29 -0400
Subject: [PATCH 139/203] Add postgres dependencies for postgres.

---
 docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
index 51b705c..bbd9f03 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
@@ -14,6 +14,11 @@ dnf install python37 python3-devel python3-pip
 ```bash
 dnf install mariadb-devel mariadb-common openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
 ```
+**Install Postgres dependencies**
+```bash
+$ sudo yum install postgresql-libs
+$ pip3 install psycopg2
+```
 **Install Development tools**
 ```bash
 dnf install gcc gc make
@@ -27,6 +32,7 @@ pip3.7 install -U pip
 pip install -U virtualenv
 ```
 
+
 **Install Yarn for building NodeJS asset files:**
 ```bash
 dnf install npm

From 2129c050e82f9b73583c2e0f4a71ed56ede83b9e Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:54:18 -0400
Subject: [PATCH 140/203] Minor re-formatting.

---
 docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 139e515..91fbe0f 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -2,14 +2,14 @@
 
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
-### Step-by-step instructions
+## Step-by-step instructions
 1. ivan@ubuntu:~$ `mysql -u root -p` (then enter your MySQL/MariaDB root users password)
 2. mysql> `CREATE DATABASE powerdnsadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;`
 3. mysql> `GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd';`
 4. mysql> `FLUSH PRIVILEGES;`
 5. mysql> `quit`
 
-**NOTE:**
+## Known issues:
 
 If you plan to manage large zones, you may encounter some issues while applying changes.
 This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.
@@ -21,4 +21,4 @@ _Solution_:
 Convert the column to MEDIUMTEXT: 
 
 * `USE powerdnsadmin;`
-* `ALTER TABLE history MODIFY detail MEDIUMTEXT;`
\ No newline at end of file
+* `ALTER TABLE history MODIFY detail MEDIUMTEXT;`

From 1cd14210b93f0aa5c121abbc0dfda25d07ec3de4 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 21:56:16 -0400
Subject: [PATCH 141/203] Change header

---
 docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 91fbe0f..8e9186d 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -2,7 +2,7 @@
 
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
-## Step-by-step instructions
+## Setup database:
 1. ivan@ubuntu:~$ `mysql -u root -p` (then enter your MySQL/MariaDB root users password)
 2. mysql> `CREATE DATABASE powerdnsadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;`
 3. mysql> `GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd';`

From d6838cf802c5619c557e4a84532fa7323802f6e8 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:02:37 -0400
Subject: [PATCH 142/203] Add mysql DB URI

---
 docs/wiki/configuration/Getting-started.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/wiki/configuration/Getting-started.md b/docs/wiki/configuration/Getting-started.md
index c27beb1..b3b16ba 100644
--- a/docs/wiki/configuration/Getting-started.md
+++ b/docs/wiki/configuration/Getting-started.md
@@ -3,6 +3,11 @@
 
 In your `config.py` file, make sure you have the database URI filled in:
 
+For MySQL / MariaDB:
+```
+SQLALCHEMY_DATABASE_URI = 'mysql://username:password@127.0.0.1/db_name'
+```
+
 For Postgres:
 ```
 SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:powerdnsadmin@127.0.0.1/powerdnsadmindb'

From 3c5b88340579fea9f7916d923bd56c08a34d3af9 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:02:51 -0400
Subject: [PATCH 143/203] Add DB setup README.md

---
 docs/wiki/database-setup/README.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 docs/wiki/database-setup/README.md

diff --git a/docs/wiki/database-setup/README.md b/docs/wiki/database-setup/README.md
new file mode 100644
index 0000000..1f8ea09
--- /dev/null
+++ b/docs/wiki/database-setup/README.md
@@ -0,0 +1,4 @@
+# Database setup guides
+
+[MySQL / MariaDB](Setup-MySQL-or-MaraDB.md)
+[Postgres](Setup-PostgreSQL.md)

From 9f8c4164326936ec445aaa662120f45721b5667c Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:06:24 -0400
Subject: [PATCH 144/203] Make db list a list.

---
 docs/wiki/database-setup/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/database-setup/README.md b/docs/wiki/database-setup/README.md
index 1f8ea09..0c6aee6 100644
--- a/docs/wiki/database-setup/README.md
+++ b/docs/wiki/database-setup/README.md
@@ -1,4 +1,4 @@
 # Database setup guides
 
-[MySQL / MariaDB](Setup-MySQL-or-MaraDB.md)
-[Postgres](Setup-PostgreSQL.md)
+- [MySQL / MariaDB](Setup-MySQL-or-MaraDB.md)
+- [Postgres](Setup-PostgreSQL.md)

From be933db09a32ada563c7adfd275ba7278c49df0f Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:37:29 -0400
Subject: [PATCH 145/203] Add documentation on how to allow remote connection
 on postgres.

---
 docs/wiki/database-setup/Setup-PostgreSQL.md | 23 ++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-PostgreSQL.md b/docs/wiki/database-setup/Setup-PostgreSQL.md
index 2af39a0..a3b0e5b 100644
--- a/docs/wiki/database-setup/Setup-PostgreSQL.md
+++ b/docs/wiki/database-setup/Setup-PostgreSQL.md
@@ -16,9 +16,28 @@ Note:
 - Please change the information above (db, user, password) to fit your setup.
 
 ### Setup Remote access to database:
-If your database is on a different server
+If your database is on a different server postgres does not allow remote connections by default.
 
-- You might need to adjust your PostgreSQL's `pg_hba.conf` config file to allow password authentication for networks.
+```
+[root@host ~]$  sudo su - postgres
+# Edit /var/lib/pgsql/data/postgresql.conf
+# Change the following line:
+listen_addresses = 'localhost'
+# to:
+listen_addresses = '*'
+# Edit /var/lib/pgsql/data/pg_hba.conf
+# Add the following lines to the end of the 
+host    all             all              0.0.0.0/0                       md5
+host    all             all              ::/0                            md5
+
+[postgres@host ~]$ exit
+[root@host ~]$  sudo systemctl restart postgresql
+```
+
+On debian based systems these files are located in:
+```
+/etc/postgresql/<version>/main/
+```
 
 ## Docker
 ```

From fa6c58978ba1559d655c6c1ba9f018aeb2086438 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:50:25 -0400
Subject: [PATCH 146/203] Cleaned up mysql setup process.

---
 .../database-setup/Setup-MySQL-or-MariaDB.md  | 29 ++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 8e9186d..f028984 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -2,23 +2,26 @@
 
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
+We assume the database is installed per your platform's directions (apt, yum, etc).
+
 ## Setup database:
-1. ivan@ubuntu:~$ `mysql -u root -p` (then enter your MySQL/MariaDB root users password)
-2. mysql> `CREATE DATABASE powerdnsadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;`
-3. mysql> `GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd';`
-4. mysql> `FLUSH PRIVILEGES;`
-5. mysql> `quit`
+
+Connect to the database (Usually using `mysql -u root -p` - then enter your MySQL/MariaDB root users password if applicable), then enter the following:
+```
+CREATE DATABASE `powerdnsadmin` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+GRANT ALL PRIVILEGES ON `powerdnsadmin`.* TO 'pdnsadminuser'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';
+FLUSH PRIVILEGES;
+quit
+```
 
 ## Known issues:
 
-If you plan to manage large zones, you may encounter some issues while applying changes.
-This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.
+Problem: If you plan to manage large zones, you may encounter some issues while applying changes. This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.
 
 Using MySQL/MariaDB, this column is created by default as TEXT and thus limited to 65,535 characters.
 
-_Solution_:
-
-Convert the column to MEDIUMTEXT: 
-
-* `USE powerdnsadmin;`
-* `ALTER TABLE history MODIFY detail MEDIUMTEXT;`
+Solution: Convert the column to MEDIUMTEXT:
+```
+USE powerdnsadmin;
+ALTER TABLE history MODIFY detail MEDIUMTEXT;
+```

From 117659dd3105b8778c5ab0e9071958368a4da00e Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:51:59 -0400
Subject: [PATCH 147/203] Moved database setup to database-setup.

---
 ...nning-PowerDNS-Admin-on-Ubuntu-or-Debian.md | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index b4e3b66..137f1a7 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -1,4 +1,9 @@
-## Install required packages
+# Installing PowerDNS-Admin on Ubuntu or Debian based systems
+
+First setup your database accordingly:
+[Database Setup](../database-setup/README.md)
+
+## Install required packages:
 
 **Install Python 3 development package**
 
@@ -14,16 +19,7 @@ sudo apt install -y git libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev
 
 _**Note:**_ I am using MySQL Community server as the database backend. So `libmysqlclient-dev` is required. For MariaDB, and PostgreSQL the required package will be difference.
 
-** Install Maria or MySQL (ONLY if not ALREADY installed)**
-```bash
-sudo apt install mariadb-server mariadb-client
-```
-Create database and user using mysql command and entering 
-```bash
->create database pda;
->grant all privileges on pda.* TO 'pda'@'localhost' identified by 'YOUR_PASSWORD_HERE';
->flush privileges;
-```
+
 **Install NodeJs**
 
 ```bash

From 09b661a8a371dbf4dc6ae33df823d977c6e114f3 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 22:53:23 -0400
Subject: [PATCH 148/203] Fix spelling mistake

---
 docs/wiki/database-setup/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/database-setup/README.md b/docs/wiki/database-setup/README.md
index 0c6aee6..e4e4d01 100644
--- a/docs/wiki/database-setup/README.md
+++ b/docs/wiki/database-setup/README.md
@@ -1,4 +1,4 @@
 # Database setup guides
 
-- [MySQL / MariaDB](Setup-MySQL-or-MaraDB.md)
-- [Postgres](Setup-PostgreSQL.md)
+- [MySQL / MariaDB](Setup-MySQL-or-MariaDB.md)
+- [PostgreSQL](Setup-PostgreSQL.md)

From 099579de1144dad74cc398002845c6dd58fcbcda Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 23:04:23 -0400
Subject: [PATCH 149/203] Add db setup considerations for MySQL.

---
 docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index f028984..d14d2a9 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -13,6 +13,8 @@ GRANT ALL PRIVILEGES ON `powerdnsadmin`.* TO 'pdnsadminuser'@'localhost' IDENTIF
 FLUSH PRIVILEGES;
 quit
 ```
+- If your database server is located on a different machine then change 'localhost' to '%'
+- Replace YOUR_PASSWORD_HERE with a secure password.
 
 ## Known issues:
 

From 5f643ccb78adc0c977f61dfc3ff04a26873bceb0 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Thu, 8 Dec 2022 23:11:04 -0400
Subject: [PATCH 150/203] Explain where the config.py is.

---
 docs/wiki/configuration/Getting-started.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/wiki/configuration/Getting-started.md b/docs/wiki/configuration/Getting-started.md
index b3b16ba..0e322da 100644
--- a/docs/wiki/configuration/Getting-started.md
+++ b/docs/wiki/configuration/Getting-started.md
@@ -1,7 +1,9 @@
 # Getting started with PowerDNS-Admin
 
 
-In your `config.py` file, make sure you have the database URI filled in:
+In your FLASK_CONF (check the installation directions for where yours is) file, make sure you have the database URI filled in (in some previous documentation this was called config.py):
+
+TODO: list location of config.py
 
 For MySQL / MariaDB:
 ```

From 496222e6b7b3145c73e0103b4280eba5fb17d8ed Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 06:46:02 -0400
Subject: [PATCH 151/203] Remove TODO and add setup of first user.

---
 docs/wiki/configuration/Getting-started.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/wiki/configuration/Getting-started.md b/docs/wiki/configuration/Getting-started.md
index 0e322da..ce72234 100644
--- a/docs/wiki/configuration/Getting-started.md
+++ b/docs/wiki/configuration/Getting-started.md
@@ -3,8 +3,6 @@
 
 In your FLASK_CONF (check the installation directions for where yours is) file, make sure you have the database URI filled in (in some previous documentation this was called config.py):
 
-TODO: list location of config.py
-
 For MySQL / MariaDB:
 ```
 SQLALCHEMY_DATABASE_URI = 'mysql://username:password@127.0.0.1/db_name'
@@ -15,3 +13,4 @@ For Postgres:
 SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:powerdnsadmin@127.0.0.1/powerdnsadmindb'
 ```
 
+Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.

From a5fdd8ffc4b8ce8ee64ccd383e2bf3c18b817ecd Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 06:46:40 -0400
Subject: [PATCH 152/203] Change notes to headers and move setup of first user
 to getting started.

---
 ...nning-PowerDNS-Admin-on-Ubuntu-or-Debian.md | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index 137f1a7..91738dd 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -5,13 +5,13 @@ First setup your database accordingly:
 
 ## Install required packages:
 
-**Install Python 3 development package**
+###Install Python 3 development package
 
 ```bash
 sudo apt install python3-dev
 ```
 
-**Install required packages for building python libraries from requirements.txt file**
+###Install required packages for building python libraries from requirements.txt file
 
 ```bash
 sudo apt install -y git libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential curl
@@ -20,14 +20,14 @@ sudo apt install -y git libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev
 _**Note:**_ I am using MySQL Community server as the database backend. So `libmysqlclient-dev` is required. For MariaDB, and PostgreSQL the required package will be difference.
 
 
-**Install NodeJs**
+###Install NodeJs
 
 ```bash
 curl -sL https://deb.nodesource.com/setup_14.x | bash -
 apt install -y nodejs
 ```
 
-**Install yarn to build asset files**
+###Install yarn to build asset files
 
 ```bash
 sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
@@ -36,7 +36,7 @@ sudo apt update -y
 sudo apt install -y yarn
 ```
 
-## Checkout source code and create virtualenv
+###Checkout source code and create virtualenv
 _**Note:**_ Please adjust `/opt/web/powerdns-admin` to your local web application directory
 
 ```bash
@@ -52,9 +52,6 @@ source ./venv/bin/activate
 pip install --upgrade pip
 pip install -r requirements.txt
 ```
-
-
-
 ## Running PowerDNS-Admin
 
 Create PowerDNS-Admin config file and make the changes necessary for your use case. Make sure to change `SECRET_KEY` to a long random string that you generated yourself ([see Flask docs](https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY)), do not use the pre-defined one. E.g.:
@@ -85,6 +82,7 @@ Now you can run PowerDNS-Admin by command
 ./run.py
 ```
 
-Open your web browser and go to `http://localhost:9191` to visit PowerDNS-Admin web interface. Register a user. The first user will be in the Administrator role.
+This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](../web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md) for instructions.
 
-This is good for testing, but for production usage, you should use gunicorn or uwsgi. See [Running PowerDNS Admin with Systemd, Gunicorn and Nginx](../web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md) for instructions.
\ No newline at end of file
+
+From here you can now follow the [Getting started guide](../configuration/Getting-started.md).

From e06fcd75ce9a69d9fc947d8fd26e34e2168b4d62 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 07:02:26 -0400
Subject: [PATCH 153/203] Moved database specific packages to the setup MySQL
 directions.

---
 docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index d14d2a9..246a0a5 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -16,6 +16,20 @@ quit
 - If your database server is located on a different machine then change 'localhost' to '%'
 - Replace YOUR_PASSWORD_HERE with a secure password.
 
+## Install required packages:
+### Red-hat based systems:
+
+### Debian based systems:
+```
+apt install libmysqlclient-dev
+```
+
+### Install python packages:
+```
+pip3 install mysqlclient==2.0.1
+```
+
+
 ## Known issues:
 
 Problem: If you plan to manage large zones, you may encounter some issues while applying changes. This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.

From 5ab04509c336bc32d3e086bebd8cc2af7e3e1456 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 07:03:07 -0400
Subject: [PATCH 154/203] Remove MySQL specific documentation

---
 ...ning-PowerDNS-Admin-on-Ubuntu-or-Debian.md | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
index 91738dd..d3bc834 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
@@ -5,29 +5,20 @@ First setup your database accordingly:
 
 ## Install required packages:
 
-###Install Python 3 development package
+### Install required packages for building python libraries from requirements.txt file
 
 ```bash
-sudo apt install python3-dev
+sudo apt install -y python3-dev git libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential curl
 ```
 
-###Install required packages for building python libraries from requirements.txt file
-
-```bash
-sudo apt install -y git libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential curl
-```
-
-_**Note:**_ I am using MySQL Community server as the database backend. So `libmysqlclient-dev` is required. For MariaDB, and PostgreSQL the required package will be difference.
-
-
-###Install NodeJs
+### Install NodeJs
 
 ```bash
 curl -sL https://deb.nodesource.com/setup_14.x | bash -
 apt install -y nodejs
 ```
 
-###Install yarn to build asset files
+### Install yarn to build asset files
 
 ```bash
 sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
@@ -36,7 +27,7 @@ sudo apt update -y
 sudo apt install -y yarn
 ```
 
-###Checkout source code and create virtualenv
+### Checkout source code and create virtualenv
 _**Note:**_ Please adjust `/opt/web/powerdns-admin` to your local web application directory
 
 ```bash

From 8b986db2acc692786ceed5634ef59c3ccb637b30 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 07:11:12 -0400
Subject: [PATCH 155/203] Desc added for what is being created.

---
 docs/wiki/database-setup/Setup-PostgreSQL.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/wiki/database-setup/Setup-PostgreSQL.md b/docs/wiki/database-setup/Setup-PostgreSQL.md
index a3b0e5b..40c1287 100644
--- a/docs/wiki/database-setup/Setup-PostgreSQL.md
+++ b/docs/wiki/database-setup/Setup-PostgreSQL.md
@@ -3,6 +3,8 @@
 We assume you already have a postgres database software installed for your platform.
 
 ### Create database
+The below will create a database called powerdnsadmindb and a user of powerdnsadmin.
+
 ```
 $ sudo su - postgres
 $ createuser powerdnsadmin
@@ -18,6 +20,7 @@ Note:
 ### Setup Remote access to database:
 If your database is on a different server postgres does not allow remote connections by default.
 
+To change this follow the below directions:
 ```
 [root@host ~]$  sudo su - postgres
 # Edit /var/lib/pgsql/data/postgresql.conf
@@ -31,7 +34,7 @@ host    all             all              0.0.0.0/0                       md5
 host    all             all              ::/0                            md5
 
 [postgres@host ~]$ exit
-[root@host ~]$  sudo systemctl restart postgresql
+[root@host ~]$ sudo systemctl restart postgresql
 ```
 
 On debian based systems these files are located in:
@@ -40,6 +43,7 @@ On debian based systems these files are located in:
 ```
 
 ## Docker
+TODO: Setup a local Docker postgres database ready to go (should probably move to the top).
 ```
 docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0 
 -e SECRET_KEY='a-very-secret-key' 

From b1a3a98692487283816bbe429143e232759fc051 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 07:25:25 -0400
Subject: [PATCH 156/203] Add general install notes.

---
 docs/wiki/README.md          | 20 ++++++++++++++------
 docs/wiki/install/General.md |  7 +++++++
 2 files changed, 21 insertions(+), 6 deletions(-)
 create mode 100644 docs/wiki/install/General.md

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index d271287..8a002bd 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -5,12 +5,20 @@
 - [PostgreSQL](database-setup/Setup-PostgreSQL.md)
 
 ## Installation guides:
-- [Install on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
-- [Install on Docker](install/Running-PowerDNS-Admin-on-Docker.md)
-- [Install on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
-- [Install on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
-- [Install on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
-- [Install on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
+- [General (Read this first)](install/General.md)
+  - BSD:
+    - [Install on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
+  - Containers:
+    - [Install on Docker](install/Running-PowerDNS-Admin-on-Docker.md)
+  - Debian:
+    - [Install on Ubuntu or Debian](install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md)
+  - Red-Hat:
+    - [Install on Centos 7](install/Running-PowerDNS-Admin-on-Centos-7.md)
+    - [Install on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
+    - [Install on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
+
+
+
 
 ### Post install Setup:
 - [Environment Variables](configuration/Environment-variables.md)
diff --git a/docs/wiki/install/General.md b/docs/wiki/install/General.md
new file mode 100644
index 0000000..98dfa1f
--- /dev/null
+++ b/docs/wiki/install/General.md
@@ -0,0 +1,7 @@
+# General installation 
+
+
+## Requirements:
+
+- A linux based system with python 3 or later available. Debian and Red-hat based systems are recommended, others (Arch-based for example) may work but are currently not tested.
+- A database for PowerDNS-Admin, if you are using a database for PowerDNS itself this must be separate to that database.
\ No newline at end of file

From 542af959e17f57af44a1395c7f7cbbed8aab0d07 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 09:48:51 -0500
Subject: [PATCH 157/203] Removed mysqlclient requirement based on issue 1305.
 Wiki documentation has already been updated to reflect this change.

---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 1fc2864..29f62d7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,6 @@ Flask-Login==0.5.0
 Flask-SQLAlchemy==2.4.4
 Flask-Migrate==2.5.3
 SQLAlchemy==1.3.19
-mysqlclient==2.0.1
 configobj==5.0.6
 bcrypt>=3.1.7
 requests==2.24.0

From 4f656d827e62b2999b76faad2a05e1831b92a8ec Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 10:56:08 -0400
Subject: [PATCH 158/203] Move DB directions to that section of docs.

---
 .../database-setup/Setup-MySQL-or-MariaDB.md  |  5 ++
 docs/wiki/database-setup/Setup-PostgreSQL.md  | 22 +++++++-
 .../Running-PowerDNS-Admin-on-Centos-7.md     | 53 +++++++------------
 .../Running-PowerDNS-Admin-on-Fedora-30.md    |  7 ---
 4 files changed, 44 insertions(+), 43 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 246a0a5..00586a5 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -18,6 +18,11 @@ quit
 
 ## Install required packages:
 ### Red-hat based systems:
+```
+yum install MariaDB-shared mariadb-devel mysql-community-devel
+```
+
+If you use MariaDB ( from [MariaDB repositories](https://mariadb.com/resources/blog/installing-mariadb-10-on-centos-7-rhel-7/) )
 
 ### Debian based systems:
 ```
diff --git a/docs/wiki/database-setup/Setup-PostgreSQL.md b/docs/wiki/database-setup/Setup-PostgreSQL.md
index 40c1287..74af46f 100644
--- a/docs/wiki/database-setup/Setup-PostgreSQL.md
+++ b/docs/wiki/database-setup/Setup-PostgreSQL.md
@@ -53,4 +53,24 @@ docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0
 -e SQLA_DB_HOST='192.168.0.100' 
 -e SQLA_DB_NAME='powerdns_admin_test' 
 -v /data/node_modules:/var/www/powerdns-admin/node_modules -d -p 9191:9191 ixpict/powerdns-admin-pgsql:latest
-```
\ No newline at end of file
+```
+
+## Install required packages:
+### Red-hat based systems:
+```
+sudo yum install postgresql-libs
+```
+
+### Debian based systems:
+```
+apt install libpq-dev python-dev
+```
+
+### Install python packages:
+```
+pip3 install psycopg2
+```
+
+## Known Issues:
+
+** To fill in **
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
index 18d57f6..cee272c 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Centos-7.md
@@ -1,59 +1,43 @@
+# Installing PowerDNS-Admin on CentOS 7
+
 ```
 NOTE: If you are logged in as User and not root, add "sudo", or get root by sudo -i.
 ```
-<br>
 
-**Remove old Python 3.4**<br>
-If you had it installed because of older instructions<br>
-```
-yum remove python34*
-yum autoremove
-```
-<br>
+## Install required packages:
+### Install needed repositories:
 
-## Install required packages
-**Install needed repositories:**
-<br>
 ```
 yum install epel-release
 yum install https://repo.ius.io/ius-release-el7.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 ```
 
-**Install Python 3.6 and tools**
+### Install Python 3.6 and tools:
+First remove python 3.4 if installed
+```
+yum remove python34*
+yum autoremove
+```
+
 ```
 yum install python3 python3-devel python3-pip
 pip3.6 install -U pip
 pip install -U virtualenv
 ```
 
-**Install required packages for building python libraries from requirements.txt file**
+### Install required packages for building python libraries from requirements.txt file:
 ```
---> NOTE: I am using MySQL Community server as the database backend.
-          So `mysql-community-devel` is required. For MariaDB,
-          and PostgreSQL the required package will be different.
+yum install gcc openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
 ```
 
-If you use MariaDB ( from [MariaDB repositories](https://mariadb.com/resources/blog/installing-mariadb-10-on-centos-7-rhel-7/) )
-
-```
-yum install gcc MariaDB-devel MariaDB-shared openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
-```
-
-If you use default Centos mariadb (5.5)
-```
-yum install gcc mariadb-devel openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
-```
-
-
-**Install yarn to build asset files + Nodejs 14**
+### Install yarn to build asset files + Nodejs 14:
 ```
 curl -sL https://rpm.nodesource.com/setup_14.x | bash -
 curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo
 yum install yarn
 ```
-<br>
 
-## Checkout source code and create virtualenv
+### Checkout source code and create virtualenv:
 NOTE: Please adjust `/opt/web/powerdns-admin` to your local web application directory
 
 ```
@@ -68,15 +52,14 @@ Activate your python3 environment and install libraries:
 pip install python-dotenv
 pip install -r requirements.txt
 ```
-<br>
 
-## Running PowerDNS-Admin
+## Running PowerDNS-Admin:
 NOTE: The default config file is located at `./powerdnsadmin/default_config.py`. If you want to load another one, please set the `FLASK_CONF` environment variable. E.g.
 ```bash
 export FLASK_CONF=../configs/development.py
 ```
 
-**Then create the database schema by running:**
+### Create the database schema:
 ```
 export FLASK_APP=powerdnsadmin/__init__.py
 flask db upgrade
@@ -97,4 +80,4 @@ Open your web browser and access to `http://localhost:9191` to visit PowerDNS-Ad
 
 At the first time you login into the PDA UI, you will be redirected to setting page to configure the PDNS API information.
 
-_**Note:**_ For production environment, i would recommend you to run PowerDNS-Admin with gunicorn or uwsgi instead of flask's built-in web server, take a look at WIKI page to see how to configure them.
\ No newline at end of file
+_**Note:**_ For production environment, i would recommend you to run PowerDNS-Admin with gunicorn or uwsgi instead of flask's built-in web server, take a look at WIKI page to see how to configure them.
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
index bbd9f03..53f1c7c 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Fedora-30.md
@@ -14,11 +14,6 @@ dnf install python37 python3-devel python3-pip
 ```bash
 dnf install mariadb-devel mariadb-common openldap-devel xmlsec1-devel xmlsec1-openssl libtool-ltdl-devel
 ```
-**Install Postgres dependencies**
-```bash
-$ sudo yum install postgresql-libs
-$ pip3 install psycopg2
-```
 **Install Development tools**
 ```bash
 dnf install gcc gc make
@@ -31,8 +26,6 @@ pip3.7 install -U pip
 ```bash
 pip install -U virtualenv
 ```
-
-
 **Install Yarn for building NodeJS asset files:**
 ```bash
 dnf install npm

From 02b7bda2920d45c726a1d8475ea457b845af5a34 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Fri, 9 Dec 2022 12:32:23 -0400
Subject: [PATCH 159/203] Update supported versions of python.

---
 docs/wiki/install/General.md | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/docs/wiki/install/General.md b/docs/wiki/install/General.md
index 98dfa1f..28184e1 100644
--- a/docs/wiki/install/General.md
+++ b/docs/wiki/install/General.md
@@ -1,7 +1,18 @@
 # General installation 
 
-
 ## Requirements:
-
-- A linux based system with python 3 or later available. Debian and Red-hat based systems are recommended, others (Arch-based for example) may work but are currently not tested.
-- A database for PowerDNS-Admin, if you are using a database for PowerDNS itself this must be separate to that database.
\ No newline at end of file
+- A linux based system. Others (Arch-based for example) may work but are currently not tested.
+  - Ubuntu versions tested:
+    - To fill in
+  - Red hat versions tested:
+    - To fill in
+  - Python versions tested:
+    - 3.6
+    - 3.7
+    - 3.8
+    - 3.9
+    - 3.10
+    - 3.11 - Failing due to issue with python3-saml later than 1.12.0
+- A database for PowerDNS-Admin, if you are using a database for PowerDNS itself this must be separate to that database. The currently supported databases are:
+  - MySQL
+  - PostgreSQL

From 54775e6c6907e44995a1667a1bcc44b834314907 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 11:41:38 -0500
Subject: [PATCH 160/203] Working on updated workflow for Docker image
 publishing.

---
 .github/workflows/build-and-publish.yml | 20 ++++++++++----------
 docker/Dockerfile                       |  1 -
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 4b103f8..1f56da7 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -11,41 +11,41 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout code
+      - name: Repository Checkout
         uses: actions/checkout@v2
 
-      - name: Docker meta
+      - name: Docker Image Metadata
         id: meta
         uses: docker/metadata-action@v3
         with:
           images: |
-            ngoduykhanh/powerdns-admin
+            powerdnsadmin/pda-legacy
           tags: |
             type=ref,event=tag
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
 
-      - name: Set up Docker Buildx
+      - name: Docker Buildx Setup
         id: buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Login to DockerHub
+      - name: Docker Hub Authentication
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ secrets.DOCKERHUB_USERNAME_V2 }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_V2 }}
 
-      - name: Build latest image
+      - name: Docker Image Build
         uses: docker/build-push-action@v2
         if: github.ref == 'refs/heads/master'
         with:
           context: ./
           file: ./docker/Dockerfile
           push: true
-          tags: ngoduykhanh/powerdns-admin:latest
+          tags: powerdnsadmin/pda-legacy:latest
 
-      - name: Build release image
+      - name: Docker Image Release Tagging
         uses: docker/build-push-action@v2
         if: ${{ startsWith(github.ref, 'refs/tags/v') }}
         with:
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 5296e02..f0a0731 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,5 +1,4 @@
 FROM alpine:3.13 AS builder
-LABEL maintainer="k@ndk.name"
 
 ARG BUILD_DEPENDENCIES="build-base \
     libffi-dev \

From 58d0d6b71d1e07105fe35292aa9d481c0e0ff803 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 12:30:18 -0500
Subject: [PATCH 161/203] Updated Docker image publish workflow to enable
 manual dispatch of the workflow.

---
 .github/workflows/build-and-publish.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 1f56da7..bb93258 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -1,4 +1,5 @@
 on:
+  workflow_dispatch:
   push:
     branches:
       - 'master'

From 3889ceaf4c4a9df90858dfc6d431275ab5ab38fb Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 12:55:45 -0500
Subject: [PATCH 162/203] Updated documentation to reflect the new Docker Hub
 home of the project's Docker images.

---
 README.md                                             | 2 +-
 docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8067855..af25413 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ $ docker run -d \
     -e SECRET_KEY='a-very-secret-key' \
     -v pda-data:/data \
     -p 9191:80 \
-    ngoduykhanh/powerdns-admin:latest
+    powerdnsadmin/pda-legacy:latest
 ```
 This creates a volume called `pda-data` to persist the SQLite database with the configuration.
 
diff --git a/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
index 2f23845..1e3ef50 100644
--- a/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
+++ b/docs/wiki/install/Running-PowerDNS-Admin-on-Docker.md
@@ -1,6 +1,6 @@
 # Installation on docker
 
-The Docker image is ngoduykhanh/powerdns-admin available on [DockerHub](https://hub.docker.com/r/ngoduykhanh/powerdns-admin)
+The Docker image is powerdnsadmin/pda-legacy available on [DockerHub](https://hub.docker.com/r/powerdnsadmin/pda-legacy)
 
 The supported environment variables to configure the container are located [here](../configuration/Environment-variables.md).
 
@@ -10,5 +10,5 @@ docker run -d \
     -e SECRET_KEY='a-very-secret-key' \
     -v pda-data:/data \
     -p 9191:80 \
-    ngoduykhanh/powerdns-admin:latest
+    powerdnsadmin/pda-legacy:latest
 ```

From c90592e039ac2b9da9ecc08dce477b188763d530 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 15:58:55 -0500
Subject: [PATCH 163/203] Updated build/deploy workflow to include updated
 naming.

---
 .github/workflows/build-and-publish.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index bb93258..8de2410 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -1,3 +1,5 @@
+name: 'Docker Image Publish'
+
 on:
   workflow_dispatch:
   push:
@@ -8,7 +10,7 @@ on:
 
 jobs:
   build-and-push-docker-image:
-    name: Build Docker image and push to repositories
+    name: Build / Publish Docker Image
     runs-on: ubuntu-latest
 
     steps:

From 45071c3a9f69eed7fe3987eaf1beb780023fa1e5 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 16:40:39 -0500
Subject: [PATCH 164/203] Updated CodeQL workflow to support manual dispatch.

---
 .github/workflows/codeql-analysis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ad59382..bba8c1f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -12,6 +12,7 @@
 name: "CodeQL"
 
 on:
+  workflow_dispatch:
   push:
     branches: [ master ]
   pull_request:

From 02e4fcc20a65b7a1c107c50b62385aab7e91be57 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 16:42:53 -0500
Subject: [PATCH 165/203] Updating project README to include updated status
 badges since LGTM is shutting down soon.

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index af25413..71461be 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # PowerDNS-Admin
 A PowerDNS web interface with advanced features.
 
-[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/PowerDNS-Admin/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/PowerDNS-Admin/PowerDNS-Admin/context:python)
-[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/PowerDNS-Admin/PowerDNS-Admin.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/PowerDNS-Admin/PowerDNS-Admin/context:javascript)
+[![CodeQL](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/codeql-analysis.yml/badge.svg?branch=master)](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/codeql-analysis.yml)
+[![Docker Image Publish](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml/badge.svg?branch=master)](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml)
 
 #### Features:
 - Multiple domain management

From 56ee0d674ec0ec6aacf1e652450d0c6b9d9ad389 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 16:56:03 -0500
Subject: [PATCH 166/203] Added very basic Docker Compose / Portainer template
 for the current project.

---
 deploy/docker/portainer.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 deploy/docker/portainer.yaml

diff --git a/deploy/docker/portainer.yaml b/deploy/docker/portainer.yaml
new file mode 100644
index 0000000..84402ef
--- /dev/null
+++ b/deploy/docker/portainer.yaml
@@ -0,0 +1,15 @@
+version: '3.3'
+services:
+
+  core:
+    image: powerdnsadmin/pda-legacy:latest
+    restart: unless-stopped
+    environment:
+      - SECRET_KEY=INSECURE-CHANGE-ME-9I0DAtfkfj5JmBkPSaHah3ECAa8Df5KK
+    ports:
+      - "12000:9191"
+    volumes:
+      - "core_data:/data"
+
+volumes:
+  core_data:

From 81020fe2b5c008ea1f423b53100d37b66e2b75d7 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 16:57:13 -0500
Subject: [PATCH 167/203] Tweaked Docker status badge text in project README.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 71461be..82f15cc 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 A PowerDNS web interface with advanced features.
 
 [![CodeQL](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/codeql-analysis.yml/badge.svg?branch=master)](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/codeql-analysis.yml)
-[![Docker Image Publish](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml/badge.svg?branch=master)](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml)
+[![Docker Image](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml/badge.svg?branch=master)](https://github.com/PowerDNS-Admin/PowerDNS-Admin/actions/workflows/build-and-publish.yml)
 
 #### Features:
 - Multiple domain management

From 4940e280bb1fdd0690eb52ceca04ea48352a9fc1 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 16:58:40 -0500
Subject: [PATCH 168/203] Tweaked name of Docker image build workflow for
 Docker image status updates.

---
 .github/workflows/build-and-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 8de2410..0e1f2d3 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -1,4 +1,4 @@
-name: 'Docker Image Publish'
+name: 'Docker Image'
 
 on:
   workflow_dispatch:

From dec457e2ea0dcba65c936abd003e5d1dcbd33a84 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 17:02:36 -0500
Subject: [PATCH 169/203] Tweaked job name of the Docker Image workflow.

---
 .github/workflows/build-and-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 0e1f2d3..52649e6 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   build-and-push-docker-image:
-    name: Build / Publish Docker Image
+    name: Build Docker Image
     runs-on: ubuntu-latest
 
     steps:

From 48c303dd84ebd3f01f13b2f32f69d4afedcac050 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 9 Dec 2022 17:03:46 -0500
Subject: [PATCH 170/203] Corrected typo / instructions related to Docker in
 the project README file.

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 82f15cc..ce12f62 100644
--- a/README.md
+++ b/README.md
@@ -24,8 +24,8 @@ There are several ways to run PowerDNS-Admin. The easiest way is to use Docker.
 If you are looking to install and run PowerDNS-Admin directly onto your system check out the [Wiki](https://github.com/PowerDNS-Admin/PowerDNS-Admin/wiki#installation-guides) for ways to do that.
 
 ### Docker
-This are two options to run PowerDNS-Admin using Docker.
-To get started as quickly as possible try option 1. If you want to make modifications to the configuration option 2 may be cleaner.
+Here are two options to run PowerDNS-Admin using Docker.
+To get started as quickly as possible, try option 1. If you want to make modifications to the configuration option 2 may be cleaner.
 
 #### Option 1: From Docker Hub
 The easiest is to just run the latest Docker image from Docker Hub:

From dfdb0dca173c7bc2b95bbdefb8525fe5e2601a97 Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <109844019+pneb@users.noreply.github.com>
Date: Sat, 10 Dec 2022 10:37:06 +0800
Subject: [PATCH 171/203] Update domain.py

---
 powerdnsadmin/models/domain.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index bbd71e1..09b697e 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -110,6 +110,22 @@ class Domain(db.Model):
                 'Domain does not exist. ERROR: {0}'.format(e))
             return None
 
+    def search_idn_domains(self, search_string):
+        """
+        Search for IDN domains using the provided search string.
+        """
+        # Compile the regular expression pattern for matching IDN domain names
+        idn_pattern = re.compile(r'^xn--')
+
+        # Search for domain names that match the IDN pattern
+        idn_domains = [
+            domain for domain in self.get_domains() if idn_pattern.match(domain)
+        ]
+
+        # Filter the search results based on the provided search string
+        return [domain for domain in idn_domains if search_string in domain]
+
+
     def update(self):
         """
         Fetch zones (domains) from PowerDNS and update into DB
@@ -906,4 +922,4 @@ class Domain(db.Model):
                                 current_app.logger.error('Domain already exists as a record: {} under domain: {}'.format(r['name'].rstrip('.'), upper_domain_name))
                                 return upper_domain_name
             upper_domain_name = '.'.join(upper_domain_name.split('.')[1:])
-        return None
\ No newline at end of file
+        return None

From 4e2ea4bc5eaee11042fa9a75ea224947a45d60ac Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Sun, 11 Dec 2022 17:43:02 -0500
Subject: [PATCH 172/203] Revert "Removed mysqlclient requirement based on
 issue 1305. Wiki documentation has already been updated to reflect this
 change."

This reverts commit 542af959e17f57af44a1395c7f7cbbed8aab0d07.
---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 29f62d7..1fc2864 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,6 +4,7 @@ Flask-Login==0.5.0
 Flask-SQLAlchemy==2.4.4
 Flask-Migrate==2.5.3
 SQLAlchemy==1.3.19
+mysqlclient==2.0.1
 configobj==5.0.6
 bcrypt>=3.1.7
 requests==2.24.0

From 23e0fdbedf3ddbbb8515d0feccf092643cd8cba9 Mon Sep 17 00:00:00 2001
From: Robert Walter <robert.walter@ipandmore.de>
Date: Mon, 12 Dec 2022 12:32:32 +0100
Subject: [PATCH 173/203] Fixing Validation Problem at LDAP Form

---
 powerdnsadmin/templates/admin_setting_authentication.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html
index ba82c2e..5d0fd10 100644
--- a/powerdnsadmin/templates/admin_setting_authentication.html
+++ b/powerdnsadmin/templates/admin_setting_authentication.html
@@ -735,15 +735,17 @@
                 $('#ldap_admin_username').prop('required', true);
                 $('#ldap_admin_password').prop('required', true);
                 $('#ldap_domain').prop('required', false);
+                $('#ldap_filter_group').prop('required', true);
+                $('#ldap_filter_groupname').prop('required', true);
             } else {
                 $('#ldap_admin_username').prop('required', false);
                 $('#ldap_admin_password').prop('required', false);
                 $('#ldap_domain').prop('required', true);
+                $('#ldap_filter_group').prop('required', false);
+                $('#ldap_filter_groupname').prop('required', false);
             }
             $('#ldap_filter_basic').prop('required', true);
-            $('#ldap_filter_group').prop('required', true);
             $('#ldap_filter_username').prop('required', true);
-            $('#ldap_filter_groupname').prop('required', true);
 
             if ($('#ldap_sg_on').is(":checked")) {
                 $('#ldap_admin_group').prop('required', true);

From 8d5b92402d356efde146a364aba0ee7859af51b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20BECOT?= <jerome.becot@deveryware.com>
Date: Sat, 10 Dec 2022 23:32:12 +0100
Subject: [PATCH 174/203] fix: Remove deprecated option OPT_X_TLS

---
 powerdnsadmin/models/user.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 66669b7..04a73e2 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -125,7 +125,6 @@ class User(db.Model):
         conn = ldap.initialize(Setting().get('ldap_uri'))
         conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
         conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
-        conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
         conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
         conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)
         conn.protocol_version = ldap.VERSION3

From 52169f698c783e9e057b0be9df2cc0cdb47e72b5 Mon Sep 17 00:00:00 2001
From: Dominik Fahr <dom@cc7.at>
Date: Mon, 12 Dec 2022 17:30:42 +0100
Subject: [PATCH 175/203] undo of commit a7f55de did not fix issue #1261 leaded
 into issue #1321

---
 powerdnsadmin/lib/utils.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 5a62ee3..9e7cf20 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -119,16 +119,12 @@ def fetch_json(remote_url,
 
 
 def display_record_name(data):
-    # Check that the data argument is a tuple containing two elements
-    if isinstance(data, Iterable) and len(data) == 2:
-        record_name, domain_name = data
-        if record_name == domain_name:
-            return '@'
-        else:
-            return record_name
+    record_name, domain_name = data
+    if record_name == domain_name:
+        return '@'
     else:
-        # If data is not a tuple of length 2, return an empty string
-        return ''
+        return re.sub('\.{}$'.format(domain_name), '', record_name)
+
 
 def display_master_name(data):
     """

From 97a79645b00d1d425f810e1b56b6cb721d81746b Mon Sep 17 00:00:00 2001
From: Dominik Fahr <dom@cc7.at>
Date: Mon, 12 Dec 2022 17:31:32 +0100
Subject: [PATCH 176/203] fix of issue #1261 split record by "." idna.encode
 leads into full stop if the string starts with "_" or "-"

---
 powerdnsadmin/lib/utils.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 9e7cf20..9a528dd 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -258,18 +258,24 @@ def pretty_domain_name(value):
         raise Exception('Require the Punycode in string format')
 
 def to_idna(value, action):
-    splits = value.split()
+    splits = value.split('.')
     result = []
     if action == 'encode':
         for split in splits:
             try:
                 # Try encoding to idna
-                result.append(idna.encode(split).decode())
+                if not split.startswith('_') and not split.startswith('-'):
+                    result.append(idna.encode(split).decode())
+                else:
+                    result.append(split)
             except idna.IDNAError:
                 result.append(split)
     elif action == 'decode':
         for split in splits:
-            result.append(idna.decode(split))   
+            if not split.startswith('_') and not split.startswith('--'):
+                result.append(idna.decode(split))   
+            else:
+                result.append(split)
     else:
         raise Exception('No valid action received')
-    return ' '.join(result)
+    return '.'.join(result)

From 650ea7660b6e1eb7f9f64c7d32cc54a502815d40 Mon Sep 17 00:00:00 2001
From: Dominik Fahr <dom@cc7.at>
Date: Mon, 12 Dec 2022 19:24:46 +0100
Subject: [PATCH 177/203] updated image docker-compose.yml & deployment.yml
 Docker Hub Repository Moved! #1317

---
 deploy/kubernetes/deployment.yml | 2 +-
 docker-compose.yml               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/kubernetes/deployment.yml b/deploy/kubernetes/deployment.yml
index 1e5fea5..d3e4cfe 100644
--- a/deploy/kubernetes/deployment.yml
+++ b/deploy/kubernetes/deployment.yml
@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
         - name: powerdnsadmin
-          image: ngoduykhanh/powerdns-admin
+          image: powerdnsadmin/pda-legacy
           ports:
             - containerPort: 80
               protocol: TCP
diff --git a/docker-compose.yml b/docker-compose.yml
index e18d683..0f569c4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3"
 
 services:
   app:
-    image: ngoduykhanh/powerdns-admin:latest
+    image: powerdnsadmin/pda-legacy:latest
     container_name: powerdns_admin
     ports:
       - "9191:80"

From 89d0ab12f55e760917d8225203045d56213bedac Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 22:06:10 -0400
Subject: [PATCH 178/203] Add general arch doc.

---
 docs/wiki/install/Architecture.png | Bin 0 -> 8620 bytes
 docs/wiki/install/General.md       |  15 ++++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 docs/wiki/install/Architecture.png

diff --git a/docs/wiki/install/Architecture.png b/docs/wiki/install/Architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..04440be3d5f06b5a8379657d914d77e491877fcc
GIT binary patch
literal 8620
zcmeHtcTm$$*DoMH1shF75d=aJrG)?q#X<=kLhlGtLI@!VkdV-epoC(fiGYAoEfl3H
zT}2cSkS<*TrGu#Sb~pMw^WOX3zwg|6XPy}*+3fe6v%6<^&-t9smuO>@_OZjfhZz_c
zj_K+kO&J&%<3W3r<skSB_-OPSd@+(twbdDlJNRZ97?{aqO=~jV&kgH|W)PLr_}dbN
zLEVWYvZx$V6b94uM7xlEhy>6C{dl4))(wkx{re0Cg~6m`>3`-hsHmKpoE-R&mz9Rf
zD%$>)cfz0v|1zW?4Fv|otz~6J<<vpT088-o1K)m%a7VcOdC*ex^72Gmp`G=yWKo!w
zf*e9x4o+9m*D*IV5QS-gwkH;c24C7}7aWnU;_Bl>mBtc*I1DNcm!?lq!`+972SQr1
zP`ETyS^*}nBrU6?1fKlYQnX;Q(sI&rpwG<7&B+J*zYRw>fhId){;ts9M~!48?*UiW
z_C``QP*TRWvetiBMnU_Ku)r;Uob>O(>B?k(FZADDS2P9d0%igemD2>yb;UYie4Ow=
z1p6=lnG@YmE<`g|0>V_zNzR3$ZL9-4LN`Ki0!#Q~+8DS{O7^dj09#v>ivo$NsSDhz
zg>-QR9#z-HC{a9ow9PR}WIYdKUvoW*i@Sk^x~+++fxDZBw+~#Ailth*%j0lHSZfq;
zB5=MsRo@IuOx;(@%MXJKaFWCNTI-pE4ik)yD=_WpVQQr5;j4s@BN631<l#_bOM-&G
zA41cNpr%j4t5JXqMoZljhVe2|H#0ZUg%ZgwSc0Oix~)3KMajm3>gA*F>Td3jC3pj?
zHY9g<f{l&>)&&aoL0tnbZ)!xcR-^ASRUT_jbh0$Iby3te_0`ZYHPMro#Tr`}sLNuA
zvKq3+P@=QB4aNwFYHC}%c`5kHq7}X5p<e#Rrp|g;GlaamP5`h81k@?|y58P!ik1RY
zNx|BZN^!!&;5uqlLpcS17jsVwd8!{VK+ng?LQaF^YiI&2x?0J~VqgjwSFE$QIzb+Z
zBFb6n`dc{>Oo?EnI3GVe74D-%mozf=!=VUnS|meTGS-k_rG+3-uy8Xt&d*TMAEOsQ
za@TVs5U^hAzyr?SYTB+iZ4GY&Z&ME_-W=ntfP;HLP4sa}{<0Viyc4jehtp8E)$+1{
z`gvh3b$$HwT@>*CR4UO1t)#2t1Cz7y(Z_kB;eP7w)@Xz&*nTa27pQ_WR?pLvpebiX
zL0Q-upl~o*QyAI_XHK-zb|b-27G!6FF%)5@q>oqBGQ*()EWMEGMza3eN<>Rn7=kQo
zLn08Zv2w0RB?A*<xUsvtixu3}2YAlO3Wc^tm^#5s%>51B=!Xk!V52MNilI=<<g5&A
zv=CnMuHI@mZJZU!MAz5aSCN93r|${S^>K%z;Lb{l?g~oudkA{0ZH!57;J|}l|3347
zE&%xbuK**b={Dbcn}LDvyDn1A+|OY#BanPmbF*RmZH1QN36pS^gVs9ooWfNJ5bL|*
zI@e<unJr&2Ke9(krrcyYgtUDq#-jPH6v8QOlkLv_JpKmq(PL&|mKW@tn(ijo4>KJ*
z^>)H1WL~bp_vfX^+)JsM8No`OJ7%qea@!fx!RtX=9SfHdTiwcR&R88hbf_pN=WTUO
zO;JO`_|2%O_l|GIh1CT!P<9p;$$fo&gCnm<MWv-M$UUcn%wl4V8=P4m#9f1QZ}G%$
z{+hN646JESM|AS?@)qXjH@kH_IGyE?azC%6_GirM>gr%Ax~;INs68z$&2zRpPgE;>
zsrd%Oq`v*d)%`_D*Pzo}@sAz};XFOd=jJ?cSge}j#J73bC<FpA9K$V9SXS24+Scas
z`G^4u!q}X$5omE8*0li>gOp)9E4Q`++FW5P%lPQ^Ybz7)`uqCOmo8lrMO|OgrVn9$
z@x>A)PQdX2P5d3->C@glLP@UdpUAE@HmA+(TD&lYfv-0>aqEWeL3<ksyr)im=txs&
zvn;ZGcf#^|P*HDLcJ`Zqz(5;Mqq~li{oGR7a`jE^I9wGXG)NZ>OI?_md0bIhSzIS(
z)fCfs{huSA&2gtI-Mg}_2XDP-5%PNd56`JdeV?7w@x+mhgr~p-(l(_{-#?}%e$2e*
zRdP?pk#K}Z+7+K0=_0sLjFXC75%rW|ChY@Zy@DQ_{L<^;e3WOel1Qs_eNO3bcJ-4Q
z-O};R=KkuzS!Wzg-QZp8H(3`cv%V6^dM&T>2D}6KSecp}MMl`~bNrNnaGn}-m;b22
zckD{iQ|>0m(o1(}BEt>E)Qe4`U#3{7@f)$vNio-WA*ReU6XNwK#ksS3mBCGpKX=>6
zmZiZ4VhLXRT6KXmo!(33gthqS!ZQulz2Ajy-$>`giL9hp58O6PNsJa5e(wrlT_^U|
zMA49=8uM-fsUNCWVm0w+C#+wdf1$-08tp5Us#AJ(JG5?6NSfP7yDY28QGVA{@|k)k
za&0V-Sf%zQV7_R2tGv(BZg93Bi-5`WcYCpAZLG3MDQwu=s{GZVGK{ESIi@oAILCe$
zF&@+dAMw(_3|m-TRp|fDPaSbWjQQov8gcLXue{?KzOuK%w!VI8?ep9E{oUo^wPB*;
zU4AwDCJjDjiy_G*h7~LECw>k*tQ<<4Q;DN5iZ3WXS`IsK{P`Ke%h$)1XC5{_soz~2
zMm35+lvK(!Ka_;-;<mR28VEygY}4a(kz|8hlwWWBYvtSUbG%9%UH!5(3#GB6q|QsI
ziw>c?zADSLzZTXT_UkVF{-hDUjxIg(gFWhI=9ym^rV}oLJ`l(R?@NW}j^6LMmm)78
zTau~$aeesKT7tgxiwL&MpDRZxb~VfO+n(?FspVNaQ|BnZyR>Uu_<Tcd&K23e>aO1&
zU9O%dzWR2u>SgWz-geD6e8^q+9LscOV6n<;6Pt)g3CEAF?|0Y7mv0~HkM{JS_8203
zF{F`@?M0M$b1W@#y4TD|0Uw+pF;w?EYk#KzUo}d3^bZ$=lQ)16M-#bx5ON;U${_FV
zNEt*EY<2B)1^lPt*P6JDK05?1qC>Zb$4AHmm@C^h=gt;nP||i+?u3>TL3bsX^-xN~
z4q9dHvrERWB-V=?Um_}7#L_=MiaP7Dy;zl%o-pJbE48pOd4~#tuxzI4)DKjR_~_TH
z_S-G?WbKvLO<!8}9(-3^vox1qSpVaO%*)wl_F_Nho|O!}zq03z$yq9ai(Yi%L5g^?
zC9Um7H@I$JF@<CsG6@9#Hc|P}cwn*M%I*_<Sv!2K#VDj3gt1Z8l5BilMa8DROx;xE
zWE!sc#VB=r6s7d-#JbGhug)vu84`O_iAF=GF%P~TcTt{xK(fEe&l9-$Ev4q@_ub{t
z1}VGBj~+POC^0dbmR}%U`$IitSDdT6{2nZc%jjZP^pH&GW*fCITHK}jXRE~3;R6Q_
ztfh7aHRB_SLLx2vXm25%!J1(k`V>B-I`St^zbKz=gyL*&;>hV!+I-%T!&=H#<byjx
zQGCw6zP?LFtk;p+gKq}v*Ax(=xeHTlp&JqDG2OP2rR>R7V*zbRHWzn(yhR~<_p~qn
zj8}-E74L6$hAyGp+M;O}<l*q@{d4iHj@F%QJghPKy~TBFwt;Jdn5z_St*=7IBb3)a
zatQ7v@E?h1k6*!YC{3kRb~k*f_>>VCi0izxUTz>Z2|G{}HPh(FdUJ2J<lRzPhjN=C
z^=iOu9_0<|xtFuhq8D*8oE)riL-!@QUagM>E=o9V#_Y~J?)&VgwerM+i`(oP+i#!r
z)!kNqLPSMjG+Cmxcx-!Yz51yBb*_I+0*TZUJ_wP5@P>&prDb<NtGsh*?Y<pf=-iV6
z&tL5bDvmd;GQrEeP6H>z`=i3)(fm^Ny!85bt7SR7tH1yI$-X-(ONuGc24WCm?aIwS
z75zm=a+hZQfmwxH$uf|`Y(-Tglwo{_Ry1u)JkigWLa{Y8y!C{C)J#3cQ?G<2%7i^0
z`k2%yPGiYpXBLQxKgr>HWu4L=D^ovnveNf>?a5w?-~D~E@A)RjGKWB98YS9B4%pf9
z{;-gLJWlR0B&d#K3o=GjOB52Lks^qqd{1>74HBu$?vquj4ia1v1!{)FbbIi*?Ad4Y
z#Wfw7p?m)4thWqhSj?@g4lTFqE``w|K|qMA6@!HoB^t5B2qZj;)mf=Q#!j*dLYk2G
zncu`UL_6I7%5{B0>j1>mJ~Q4^>SL5*f-2O*mNoKpC|5L?`iX&EnvS=>R%r!PU_yuK
z^<%6kyW7sUSo*3aDM*o1#qk~r>$ePZ<KEm)fIMWp7zYb+$^fG+|AWlkFc2PazQ4~I
z$9ME-8imQJdE8Zi;|LS5dhP^!{DfB=S;FaZQ~bdQ?;dr*j~jN0v>&W$-Xj7yj;^y7
z!otE!+wm<iAw39@t;*a_*+nMh=$6$1M@RQ$9Y>z;8hlvjDTEY#6$;Tb<<4`=^Jke}
zaC0o$<r$t@U8JowcW2siaSL$7L%&sqI8vLwR<Q%6kmVPGo*;dFKFhMUM;9;2!=rwi
zd_BN+@yl94D|hfnK|{lG@N(JP<0>DAhKH|;Wxvf8xiA#HzVcpxI^2SrY<^Z!KeYEV
zrQu~sPsOrjh*-AFWJP#(y?W@@Y{972!j|bJ)Qu=b)R<mo5y*2vY2!K8F*LYo@4)oX
z9gm1(@aK1e7hF)x@G(D^s$((vuYMQ6jgrLO1G%DUs8hW>3%k3!gfk~HRvwX%@_139
z?lrNr=2jk#;KAZ{!3y6NkOMF(3(q6!c7C=!!spL$-M-j#x%aV|Bv{o89j&qqFj}Q!
z!{+z&MG(+l<UB1?Ay-CG`upw)Q^$j=M*XKVmJs}B^G1V7kkX({pQ`rS*2~)qlPDSb
zwa-u$FY9u<GpUI@BkQ5>$BjnZx%gA(@%vGfLXsb?Kre1SRyS-zLacqJf?J=X>!FO0
z$;s^O)gu|hkB;#qW5p%9))p=(laSkv-;hX^#qS|KjFy<J;L2f`118>G+i@{U!2$Ub
z;lbB1ZTZ`NixBHaoBWbDHKem6I#4xdvw%dVOL$z+*B<hSc>91hBMhm-u9Ri%enbnr
zI>zCvn6%cahJ3U6Sz_=GTb)EC1H_aiZ^MC0g`?~GtNdIaGaIGfY28C0+jw?7P+DTK
zud7>q%@*=0<52cHGLo4idfA1S*v1j>w@t+Nzegd-4~k$%GW_m4Ci%~VT`;toRU8)B
z`Esao&@Dancx^W}O2Vp`d}Q7LQzRv_!O!$gG>mp41=DLAn?XY!yT-ThRp@p^N&-%J
zCB=Tc*~d_1aET=!AfMM>d3|qK*h6o4$IM%}LcCW;PAq&E%4Cw1mQrS%D4Ed_?h}M?
zo~JUq9A)!{+G8uAVDFqBOayR4IITJjUlYzwoNt`y&gK%_i@7atdJF=I_tAzn|6o7#
zHreusu<8zX^Z8;cq5oHgl{j<@dIl|?Sq^?om75%5TgZ$IgBKP)e(Ys8VkXFbkP&~S
zX@m3N=9lGE01zuGDr_>w3fhmHZ-G2)zrZ7H?+(Cm%iO8D=wpohSKBu@&rl6pJ^{Gd
z>Ixg|>N3IM@foHE?D>M3l(nq2S!8U>#kZQBogl3C0LwOSB<Kv-5`uJ(9X;xbX;0H^
zO@&^WHf<jpb9h!*XkfiOgR*Bidi*#qK=!p3FEchL^)IBiyH(U}efU5FQ{f&vY^9YJ
z))6NoAwjbH3Z^Rt;5>Bp5NUa5<y|z5kn^hTFPwipl5AOUE3CtEc5cpD%5{iF%BkSE
z7G!hg(Z<f@kpHV*_=+#u*dTv2&AZ>;-oEtsOGgJvLPq9}lMGZTn)#ID#ByItbBZiS
zi?7KO45(DjU&Xq+KTk{JWfpz2m*TR$wPi5ff>SPi@+A6vA<Oo&UPG6lXe;Iuu=-kk
zWUr>wO<ywEno6x&U0)ym@x!Y&z(Kt~zX$v5>C@8cYUOkls&wp(=+yR0O7e>6<xC0J
zpj2bzM9;e?cC9?+W*DtwEUFAli5#j(+MgEt53w+sUrr8$S&)H|1%!KsKMg-FRb*|K
z2?rB<7y~mqhcm;UMlHw(V>6Fg80j`>EV4iYG{%4ck!&9MM-v%&3TOaZL?#*yp?pF8
zk0wO@C=g^13qvp>o6hia3;ogL5IRU7RJAdk0Wxvxb_{(i!7v*8fj^Beh724lTH2cQ
zA=trm|BUsY>Hf#N|2Yi*AFi5#I3yw>qQ9%lX>@e7e|((y_U+rdG2-E5WxR!jg{74h
zhBVz#(c0QdvyHJ~4^!o21<~qzXBKgBaS=`&yNLT6<I<H#Zk*ehw99p%Jn0`8z_i_y
zDyyu7<2*b{^Yl~1vWa9SCU)B8a9NJiyu78&&05cji!1NlI~ggwRUepggEQ&-cQ?Bi
z&Nt{d+TY**Xkd5?80`T|T=a*9!Lp+I`Y~9l!GneO{j4mK4z-`FtE&qO3JzVSM-(Q}
zFG!@BHGqo*<;aAiOlh|zB_v!tBu+2o^03n+!+RSWRVn?2HkBTI7xJG&=JTJN$$wH5
z6LWZeaS{C@cy8k{BO}WR9l_)l*V3Gvoc^I9+iTp?u}8xHIdbxI+-W(_u53+j+0!aQ
z4B_`Vbo%=H-BKiNoJrq5MyJl+uYohQrN~s>IKop3FNGWL9A{+l<I>6NnUyrN8QXze
zl||%L1gy^K3`cu|^#rlzel)<%uPid&D~VUVkem?lh#AB`L3SpZj-Yi;k2r*r-|-qN
zbAk>7hi<mjudPU$$jECl8<P--+v*h6PgUB;>tY7m?BaN!@n#n=E&l@_htqUGo(o<g
zWtH864}Itw^_#p^R9V?yT)*Wp?ERh}zq4%T`Qk?K-mfg``<H~e)&Aul9|kd5c*KZT
z1fA%s942f_6YBuLt^9iPOm*Pnq~zp5I&Hw?;P+^DVWWb3@MqVZkX|~9Q*clweK!c)
zS$RJYFgmn^7;O-S^cX(aR(n{^!Yl?kmlafcX|>nv_IH3D(6G~h_Xxq%)zzVpJ`D|k
zpIQ6eV>B$9V(;9r*-l(A3f)T7H8&p%n3tmG<@|gx>htbb)0rwyXgi>cryke=#Xgar
zpC5I1seYTV-CJ<ELhDY*N~|M!QE#f>oISof06HVZENFZx9LvFxnw?_{cqUShNfBp4
zP<%^j^?1nk;8@`DBC~4VvuACDnnifc?{57?z#Dm`Hf|)eA$=eT+q-t-Tlcu0jqj~h
zp~5;Y{xYZm)Rkd&1)UiI<q>gwvxB;jKE9J5Jfk5{+TU-fGIdu&td;;O4`?(k@;M*~
z>E)x@&0M$zp?=ft+;w_|8@%yWpwf=;>K)n;VBT_<+e*!>>C7vDk>TS~zgjY%bbg^>
ze~<Ex+bRxCxbdp^`Lhqm!;?)GAo~l1W4Yq@cc!nbg|h`UIs~s;%+JmOctU3e{?IPr
zht7J{DJ?vIyO5iRqQe=)Cptw57@RxQ-((nv|Ie0lMb*_qXtnhb(j6)Lm!Ho1PjMjJ
zacTO4?>V&joB-QZ#&rS>Y1nutBUXokKmtV|t<Nv7L>qnn^5r4Ev_%XRndvvdI_wn1
z|Ddk=z3;$P44pQ@SM*t;f<!VMcjv4Yqps{c8V%jwrHuJc4+0i!W=<er=8+iVrQP2>
zyR|QG+R}8o;=2Wz1@CHKvqd8JeFh#rF;F+N-0ZR095c>;SaGx{v=-D{;P}<NVhjZ5
zvTSXQg6LbVTMjM}1f@_>_<mlBgHPxl;N^S|RK^_K0#OEIR!<XmNnKE`5Rx4NrQ6jr
zwp0@_2;*HSp?WrdX<wfiJzo;CDv^>g61ZH~-`(vDh`E~is8&#J5|fjYDIH4FFB>E#
ztHH>N_1jAl0bUS@rnX)LdsrixrnC2Eiyou0g4bT)ieEJw{sM%>*6wYUC9ea|_v|9d
z=bpNU4XE#a`gGS$r!%<)7QeR_G7Q|a7`nfmRktw_TY2p@lNlvj&7#Mkl`~0bD)z$>
znOf+qFK4{AKyYv6ct{|19^mEe?v(ne(%4w(>JO}OF-=BhwsSe2iHbWj+E+?}sd1Ei
zhvMW>dOC<Y8{lrxE8kb~?VjDxTed6qzd?MCxt(+n1khRb_~`zNKI<6<$nvw<zR`5*
zXE%2L>9gX1_t&dVzOMLC{5lX1@!8v)9tNx-2BDevaT1(qs+sP5Nke^x*Be$qT@Kgj
zBm2o2NTf|tq^{<XwNkT1k9IAbOtn_*7M-Kzir@J;(6HBMXfp~{iV_rc_%+?hcJUNP
zd?N?x085g5I5xF|*T}DyCSLQY;k!b{FK`eC%Q`R5_p4?GE-9rbO~vF#iyW>3*D)88
z{Y36+fusgbLP0@+(28AK7$kfeFi(w~`|*~Iij$<%vR46#N%<0fsCY%0HIjLuRidPv
zPEtjO<qs*Vs9Ze>sY$xwK8l2k_bC4SAiM}h^Tpq}eOsBa8&bO!2-xJBJr7=kdCAsN
zuyHT54+%p|$+_|Xk0XV+S`4Y!v<n%iVYNg2Q~k%~i*hu*>e}<(&F*Al&l_^j8WxV=
z8YdgLx~>&UYQ1^r%fc;nZC>j9ZoZ~38pg?dYzB~DcDAuRG87y%@hY{~MEeyksr>_d
z&<`+SY59%EFK=9{TFbVI^L4B!@nzffZ#`dd-{HcifDc{T0*g(inuBeIh|#IBnISqI
zRR#U_?VBbW3Yj~jgJox8XR$>J^6`UYL=FlUW!Hg(tLB#_uv{n(R!2_EDJ|Soy$Fhr
zl^=;!$^R}J{sB1eaM+1yefD_8K(=8a_F$m>JGdNm5(1fzyweJfwJp$LW#d4Kd_A5Y
z$j*|=0O2e>aJ~K#gj3#WC`uIzk|F0(=>LSrs$k<VRz<dGWsL_3l1$3YRp3>RWr;&Z
z;q9(7Ao0VP>DBX~sQ$gr50pp{mlHQnL^b~W);4PM1C-G3uy-x#l~kPY-T$hb|3STB
zk+go^==SlxQ|w78J?qYy<IIBW+)Pix!^0N}ZOY=#7d?KNt4Nv3F9k1^!0WV9#arEn
zLG2d4lBxqwZ|}&uGOnei1zwdMQ)Lx`0uU!5AyGz0X}Q|u0|2E#!jq85o9&sGhUezz
zr4n0^T`12qrto*MJa$%AJUAh<Yt4CoqW*seb7TEKCr^7w89FKaAMeyODx%Ug7?@hl
zLB$}iiak7@)zyv4^LKyxbPe1n7QM(x)i+&#AtR|L-q6s{z)AD7<Nbr-xg35ew8sFR
z{x^K8J5P1qN<<YDJ$>3bH#g_GH1bL^`&@GwnVD%t@W(!bcPK3L>yx5d@b4E4x|%3t
JvHG>^{|lzj-_!sA

literal 0
HcmV?d00001

diff --git a/docs/wiki/install/General.md b/docs/wiki/install/General.md
index 28184e1..a4bbcbc 100644
--- a/docs/wiki/install/General.md
+++ b/docs/wiki/install/General.md
@@ -1,6 +1,18 @@
 # General installation 
 
-## Requirements:
+## PowerDNS-Admin Architecture
+
+![PowerDNS-Admin Component Layout](Architecture.png)
+
+A PowerDNS-Admin installation includes four main components:
+- PowerDNS-Admin Database
+- PowerDNS-Admin Application Server
+- PowerDNS-Admin Frontend Web server
+- PowerDNS server that 
+
+All 3 components can be installed on one server or if your installation is large enough or for security reasons can be split across multiple servers.
+
+## Requirements for PowerDNS-Admin:
 - A linux based system. Others (Arch-based for example) may work but are currently not tested.
   - Ubuntu versions tested:
     - To fill in
@@ -16,3 +28,4 @@
 - A database for PowerDNS-Admin, if you are using a database for PowerDNS itself this must be separate to that database. The currently supported databases are:
   - MySQL
   - PostgreSQL
+- A PowerDNS server that PowerDNS-Admin will manage.

From 6f450457ef6ba98369f139a24971e4d89ef2ad8b Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 22:06:44 -0400
Subject: [PATCH 179/203] Update env docs from legal_envvars

---
 .../configuration/Environment-variables.md    | 56 ++++++++++++++++++-
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md
index 7b835e2..3ee84c4 100644
--- a/docs/wiki/configuration/Environment-variables.md
+++ b/docs/wiki/configuration/Environment-variables.md
@@ -2,8 +2,60 @@
 
 | Variable | Description | Required | Default value |
 | ---------| ----------- | -------- | ------------- |
-| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | N | no default |
+| BIND_ADDRESS | 
+| CSRF_COOKIE_SECURE | 
+| FILESYSTEM_SESSIONS_ENABLED | 
+| LDAP_ENABLED | 
+| LOCAL_DB_ENABLED | 
+| LOG_LEVEL | 
+| MAIL_DEBUG |
+| MAIL_DEFAULT_SENDER | 
+| MAIL_PASSWORD | 
+| MAIL_PORT | 
+| MAIL_SERVER | 
+| MAIL_USERNAME | 
+| MAIL_USE_SSL | 
+| MAIL_USE_TLS | 
+| OFFLINE_MODE | 
+| OIDC_OAUTH_API_URL |  |  |  |
+| OIDC_OAUTH_AUTHORIZE_URL |
+| OIDC_OAUTH_TOKEN_URL |  |  |  |
+| PORT | 
+| REMOTE_USER_COOKIES |
+| REMOTE_USER_LOGOUT_URL |
+| SALT |
+| SAML_ASSERTION_ENCRYPTED |
+| SAML_ATTRIBUTE_ACCOUNT | 
+| SAML_ATTRIBUTE_ADMIN | 
+| SAML_ATTRIBUTE_EMAIL | 
+| SAML_ATTRIBUTE_GIVENNAME | 
+| SAML_ATTRIBUTE_GROUP | 
+| SAML_ATTRIBUTE_NAME | 
+| SAML_ATTRIBUTE_SURNAME | 
+| SAML_ATTRIBUTE_USERNAME | 
+| SAML_CERT | 
+| SAML_DEBUG | 
+| SAML_ENABLED | 
+| SAML_GROUP_ADMIN_NAME | 
+| SAML_GROUP_TO_ACCOUNT_MAPPING | 
+| SAML_IDP_SSO_BINDING | 
+| SAML_IDP_ENTITY_ID | 
+| SAML_KEY | 
+| SAML_LOGOUT | 
+| SAML_LOGOUT_URL | 
+| SAML_METADATA_CACHE_LIFETIME | 
+| SAML_METADATA_URL | 
+| SAML_NAMEID_FORMAT | 
+| SAML_PATH | 
+| SAML_SIGN_REQUEST | 
+| SAML_SP_CONTACT_MAIL | 
+| SAML_SP_CONTACT_NAME | 
+| SAML_SP_ENTITY_ID | 
+| SAML_WANT_MESSAGE_SIGNED | 
 | SECRET_KEY   | Flask secret key [^1] | Y | no default |
-
+| SESSION_COOKIE_SECURE | 
+| SIGNUP_ENABLED | 
+| SQLALCHEMY_DATABASE_URI | SQL Alchemy URI to connect to database | N | no default |
+| SQLALCHEMY_TRACK_MODIFICATIONS | 
 
 [^1]: Flask secret key (see https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY for how to generate)

From cc63d069f68c3e79ca4a6b6bf2e9313b45443aa4 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 22:41:41 -0400
Subject: [PATCH 180/203] Fill in MySQL server installation directions.

---
 .../database-setup/Setup-MySQL-or-MariaDB.md  | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index 00586a5..aaa4eaa 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -2,28 +2,35 @@
 
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
-We assume the database is installed per your platform's directions (apt, yum, etc).
+Directions to do this can be found below:
+- MariaDB:
+    - https://mariadb.com/kb/en/getting-installing-and-upgrading-mariadb/
+    - https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-ubuntu-20-04
+- MySQL:
+    - https://dev.mysql.com/downloads/mysql/
+    - https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04
+
+We assume the database is installed per your platform's directions (apt, yum, etc). The following directions assume a default configuration and for productions setups `mysql_secure_installation` has been run.
 
 ## Setup database:
 
-Connect to the database (Usually using `mysql -u root -p` - then enter your MySQL/MariaDB root users password if applicable), then enter the following:
+Connect to the database (Usually using `mysql -u root -p` if a password has been set on the root database user or `sudo mysql` if not), then enter the following:
 ```
 CREATE DATABASE `powerdnsadmin` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 GRANT ALL PRIVILEGES ON `powerdnsadmin`.* TO 'pdnsadminuser'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';
 FLUSH PRIVILEGES;
-quit
 ```
 - If your database server is located on a different machine then change 'localhost' to '%'
 - Replace YOUR_PASSWORD_HERE with a secure password.
 
+Once there are no errors you can type `quit` in the mysql shell to exit from it.
+
 ## Install required packages:
 ### Red-hat based systems:
 ```
 yum install MariaDB-shared mariadb-devel mysql-community-devel
 ```
 
-If you use MariaDB ( from [MariaDB repositories](https://mariadb.com/resources/blog/installing-mariadb-10-on-centos-7-rhel-7/) )
-
 ### Debian based systems:
 ```
 apt install libmysqlclient-dev
@@ -34,7 +41,6 @@ apt install libmysqlclient-dev
 pip3 install mysqlclient==2.0.1
 ```
 
-
 ## Known issues:
 
 Problem: If you plan to manage large zones, you may encounter some issues while applying changes. This is due to PowerDNS-Admin trying to insert the entire modified zone into the column history.detail.
@@ -42,7 +48,9 @@ Problem: If you plan to manage large zones, you may encounter some issues while
 Using MySQL/MariaDB, this column is created by default as TEXT and thus limited to 65,535 characters.
 
 Solution: Convert the column to MEDIUMTEXT:
-```
-USE powerdnsadmin;
-ALTER TABLE history MODIFY detail MEDIUMTEXT;
-```
+1. Connect to the database shell as described in the setup database section:
+2. Execute the following commands:
+    ```
+    USE powerdnsadmin;
+    ALTER TABLE history MODIFY detail MEDIUMTEXT;
+    ```

From 94ce26eaad94ce86faf03f6a350332a50138461b Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 22:49:51 -0400
Subject: [PATCH 181/203] Minor cleanup of MySQL docs.

---
 docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
index aaa4eaa..5242b69 100644
--- a/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
+++ b/docs/wiki/database-setup/Setup-MySQL-or-MariaDB.md
@@ -2,7 +2,7 @@
 
 This guide will show you how to prepare a MySQL or MariaDB database for PowerDNS-Admin.
 
-Directions to do this can be found below:
+We assume the database is installed per your platform's directions (apt, yum, etc). Directions to do this can be found below:
 - MariaDB:
     - https://mariadb.com/kb/en/getting-installing-and-upgrading-mariadb/
     - https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-ubuntu-20-04
@@ -10,7 +10,7 @@ Directions to do this can be found below:
     - https://dev.mysql.com/downloads/mysql/
     - https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04
 
-We assume the database is installed per your platform's directions (apt, yum, etc). The following directions assume a default configuration and for productions setups `mysql_secure_installation` has been run.
+The following directions assume a default configuration and for productions setups `mysql_secure_installation` has been run.
 
 ## Setup database:
 

From dcbc4c3f7e47702e01d2a758a163aa2187e8340d Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 22:50:26 -0400
Subject: [PATCH 182/203] Add PostgreSQL install documentation.

---
 docs/wiki/database-setup/Setup-PostgreSQL.md | 38 ++++++++++++--------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/docs/wiki/database-setup/Setup-PostgreSQL.md b/docs/wiki/database-setup/Setup-PostgreSQL.md
index 74af46f..a6e3364 100644
--- a/docs/wiki/database-setup/Setup-PostgreSQL.md
+++ b/docs/wiki/database-setup/Setup-PostgreSQL.md
@@ -1,8 +1,15 @@
 # Setup Postgres database for PowerDNS-Admin
 
-We assume you already have a postgres database software installed for your platform.
+This guide will show you how to prepare a PostgreSQL database for PowerDNS-Admin.
 
-### Create database
+We assume the database is installed per your platform's directions (apt, yum, etc). Directions to do this can be found below:
+
+- https://www.postgresql.org/download/
+- https://www.digitalocean.com/community/tutorials/how-to-install-postgresql-on-ubuntu-22-04-quickstart
+
+We assume a default configuration and only the postgres user existing.
+
+## Setup database
 The below will create a database called powerdnsadmindb and a user of powerdnsadmin.
 
 ```
@@ -42,19 +49,6 @@ On debian based systems these files are located in:
 /etc/postgresql/<version>/main/
 ```
 
-## Docker
-TODO: Setup a local Docker postgres database ready to go (should probably move to the top).
-```
-docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0 
--e SECRET_KEY='a-very-secret-key' 
--e PORT='9191' 
--e SQLA_DB_USER='powerdns_admin_user' 
--e SQLA_DB_PASSWORD='exceptionallysecure' 
--e SQLA_DB_HOST='192.168.0.100' 
--e SQLA_DB_NAME='powerdns_admin_test' 
--v /data/node_modules:/var/www/powerdns-admin/node_modules -d -p 9191:9191 ixpict/powerdns-admin-pgsql:latest
-```
-
 ## Install required packages:
 ### Red-hat based systems:
 ```
@@ -74,3 +68,17 @@ pip3 install psycopg2
 ## Known Issues:
 
 ** To fill in **
+
+
+## Docker (TODO: to move to docker docs)
+TODO: Setup a local Docker postgres database ready to go (should probably move to the top).
+```
+docker run --name pdnsadmin-test -e BIND_ADDRESS=0.0.0.0 
+-e SECRET_KEY='a-very-secret-key' 
+-e PORT='9191' 
+-e SQLA_DB_USER='powerdns_admin_user' 
+-e SQLA_DB_PASSWORD='exceptionallysecure' 
+-e SQLA_DB_HOST='192.168.0.100' 
+-e SQLA_DB_NAME='powerdns_admin_test' 
+-v /data/node_modules:/var/www/powerdns-admin/node_modules -d -p 9191:9191 ixpict/powerdns-admin-pgsql:latest
+```

From b0159beaec2d5c764e64736542228aff966f1389 Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Mon, 12 Dec 2022 23:12:03 -0400
Subject: [PATCH 183/203] Add SQLite as a supported database.

---
 docs/wiki/install/General.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/wiki/install/General.md b/docs/wiki/install/General.md
index a4bbcbc..f0823c8 100644
--- a/docs/wiki/install/General.md
+++ b/docs/wiki/install/General.md
@@ -28,4 +28,5 @@ All 3 components can be installed on one server or if your installation is large
 - A database for PowerDNS-Admin, if you are using a database for PowerDNS itself this must be separate to that database. The currently supported databases are:
   - MySQL
   - PostgreSQL
+  - SQLite
 - A PowerDNS server that PowerDNS-Admin will manage.

From 4d529ec1d6fb1dbe99105f668d960eec5fd53b1f Mon Sep 17 00:00:00 2001
From: David Mc Ken <david.mcken@gmail.com>
Date: Tue, 13 Dec 2022 02:29:05 -0400
Subject: [PATCH 184/203] Linted the main menu.

---
 docs/wiki/README.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/docs/wiki/README.md b/docs/wiki/README.md
index 8a002bd..62f1bf1 100644
--- a/docs/wiki/README.md
+++ b/docs/wiki/README.md
@@ -1,10 +1,12 @@
-# Welcome to the PowerDNS-Admin wiki!
+# PowerDNS-Admin wiki
+
+## Database Setup guides
 
-## Database Setup guides:
 - [MySQL / MariaDB](database-setup/Setup-MySQL-or-MariaDB.md)
 - [PostgreSQL](database-setup/Setup-PostgreSQL.md)
 
-## Installation guides:
+## Installation guides
+
 - [General (Read this first)](install/General.md)
   - BSD:
     - [Install on FreeBSD 12.1-RELEASE](install/Running-on-FreeBSD.md)
@@ -17,16 +19,15 @@
     - [Install on Fedora 23](install/Running-PowerDNS-Admin-on-Fedora-23.md)
     - [Install on Fedora 30](install/Running-PowerDNS-Admin-on-Fedora-30.md)
 
+### Post install Setup
 
-
-
-### Post install Setup:
 - [Environment Variables](configuration/Environment-variables.md)
 - [Getting started](configuration/Getting-started.md)
 - SystemD:
   - [Running PowerDNS-Admin as a service using Systemd](install/Running-PowerDNS-Admin-as-a-service-(Systemd).md)
 
-### Web Server configuration:
+### Web Server configuration
+
 - [Supervisord](web-server/Supervisord-example.md)
 - [Systemd](web-server/Systemd-example.md)
 - [Systemd + Gunicorn + Nginx](web-server/Running-PowerDNS-Admin-with-Systemd-Gunicorn-and-Nginx.md)
@@ -34,10 +35,12 @@
 - [uWSGI](web-server/uWSGI-example.md)
 - [WSGI-Apache](web-server/WSGI-Apache-example.md)
 
-## Using PowerDNS-Admin:
+## Using PowerDNS-Admin
+
 - Setting up a domain
 - Adding a record
 - <whatever else>
 
 ## Feature usage
+
 - [DynDNS2](features/DynDNS2.md)
\ No newline at end of file

From d0290ac4696a25cdf5651a92430ebc3280c797eb Mon Sep 17 00:00:00 2001
From: Sshafi <sshafi@sshafi.net>
Date: Tue, 13 Dec 2022 09:10:21 +0100
Subject: [PATCH 185/203] Update login.html

Use SITE_NAME for login box title on login page.
This can be useful when using multiple powerdns admin in an organization.
---
 powerdnsadmin/templates/login.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index 45afd7f..5124502 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -26,7 +26,7 @@
 <body class="hold-transition login-page">
   <div class="login-box">
     <div class="login-logo">
-      <a href="{{ url_for('index.index') }}"><b>PowerDNS</b>-Admin</a>
+      <a href="{{ url_for('index.index') }}"><b>{{ SITE_NAME }}</b></a>
     </div>
     <!-- /.login-logo -->
     <div class="login-box-body">

From ff671ebabefeb40d975c8df93313ad38afe2f14d Mon Sep 17 00:00:00 2001
From: Aaron Carson <aaron@aaroncarson.co.uk>
Date: Wed, 14 Dec 2022 00:34:12 +0000
Subject: [PATCH 186/203] Fix 1329

---
 powerdnsadmin/models/user.py | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 66669b7..a1155c3 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -108,8 +108,9 @@ class User(db.Model):
     def check_password(self, hashed_password):
         # Check hashed password. Using bcrypt, the salt is saved into the hash itself
         if hasattr(self, "plain_text_password"):
-            return bcrypt.checkpw(self.plain_text_password.encode('utf-8'),
-                                  hashed_password.encode('utf-8'))
+            if self.plain_text_password != None:
+                return bcrypt.checkpw(self.plain_text_password.encode('utf-8'),
+                                     hashed_password.encode('utf-8'))
         return False
 
     def get_user_info_by_id(self):
@@ -422,8 +423,12 @@ class User(db.Model):
             self.role_id = Role.query.filter_by(
                 name='Administrator').first().id
 
-        self.password = self.get_hashed_password(
-            self.plain_text_password) if hasattr(self, "plain_text_password") else '*'
+        if hasattr(self, "plain_text_password"):
+            if self.plain_text_password != None:
+                self.password = self.get_hashed_password(
+                    self.plain_text_password)
+        else:
+            self.password = '*'
 
         if self.password and self.password != '*':
             self.password = self.password.decode("utf-8")
@@ -460,8 +465,9 @@ class User(db.Model):
 
         # store new password hash (only if changed)
         if hasattr(self, "plain_text_password"):
-            user.password = self.get_hashed_password(
-                self.plain_text_password).decode("utf-8")
+            if self.plain_text_password != None:
+                user.password = self.get_hashed_password(
+                    self.plain_text_password).decode("utf-8")
 
         db.session.commit()
         return {'status': True, 'msg': 'User updated successfully'}
@@ -476,9 +482,11 @@ class User(db.Model):
 
         user.firstname = self.firstname if self.firstname else user.firstname
         user.lastname = self.lastname if self.lastname else user.lastname
-        user.password = self.get_hashed_password(
-            self.plain_text_password).decode(
-                "utf-8") if hasattr(self, "plain_text_password") else user.password
+
+        if hasattr(self, "plain_text_password"):
+            if self.plain_text_password != None:
+                user.password = self.get_hashed_password(
+                 self.plain_text_password).decode("utf-8")
 
         if self.email:
             # Can not update to a new email that

From f6c49c379d77989d52f1f9ae9a4b3ffa4f0b02a9 Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Thu, 15 Dec 2022 06:13:27 +0800
Subject: [PATCH 187/203] Update index.py

---
 powerdnsadmin/routes/index.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 3a6f55c..3630f66 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -134,7 +134,9 @@ def oidc_login():
         )
         abort(400)
     else:
-        redirect_uri = url_for('oidc_authorized', _external=True)
+        redirect_uri = url_for('oidc_authorized',
+                                **_external=True,
+                                _scheme='https')**
         return oidc.authorize_redirect(redirect_uri)
 
 

From 89f3d4d01ac316530ff8705995e4a9d504513142 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Wed, 14 Dec 2022 20:37:30 -0500
Subject: [PATCH 188/203] Revert "enhancement(routes/index.py): OIDC supports
 HTTP Scheme now"

---
 powerdnsadmin/routes/index.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 3630f66..3a6f55c 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -134,9 +134,7 @@ def oidc_login():
         )
         abort(400)
     else:
-        redirect_uri = url_for('oidc_authorized',
-                                **_external=True,
-                                _scheme='https')**
+        redirect_uri = url_for('oidc_authorized', _external=True)
         return oidc.authorize_redirect(redirect_uri)
 
 

From 644be6549562a4af8d8da72c10d2279a11e451ee Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Thu, 15 Dec 2022 12:53:53 +0800
Subject: [PATCH 189/203] Create setup_linux.sh

---
 deploy/auto-setup/setup_linux.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 deploy/auto-setup/setup_linux.sh

diff --git a/deploy/auto-setup/setup_linux.sh b/deploy/auto-setup/setup_linux.sh
new file mode 100644
index 0000000..19cda58
--- /dev/null
+++ b/deploy/auto-setup/setup_linux.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Create a new group for PowerDNS-Admin
+groupadd powerdnsadmin
+
+# Create a user for PowerDNS-Admin
+useradd --system -g powerdnsadmin powerdnsadmin
+
+# Make the new user and group the owners of the PowerDNS-Admin files
+chown -R powerdnsadmin:powerdnsadmin /opt/web/powerdns-admin
+
+# Start the PowerDNS-Admin service
+systemctl start powerdns-admin
+
+# Enable the PowerDNS-Admin service to start automatically at boot
+systemctl enable powerdns-admin

From 3aa6d1f25892e8ea01db82f6e2537c76d1833805 Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Thu, 15 Dec 2022 12:54:31 +0800
Subject: [PATCH 190/203] Create setup_win.bat

---
 deploy/auto-setup/setup_win.bat | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 deploy/auto-setup/setup_win.bat

diff --git a/deploy/auto-setup/setup_win.bat b/deploy/auto-setup/setup_win.bat
new file mode 100644
index 0000000..a5ee9fd
--- /dev/null
+++ b/deploy/auto-setup/setup_win.bat
@@ -0,0 +1,16 @@
+@echo off
+
+rem Create a new group for PowerDNS-Admin
+net localgroup powerdnsadmin /add
+
+rem Create a user for PowerDNS-Admin
+net user powerdnsadmin /add /passwordchg:no /homedir:nul /active:yes /expires:never /passwordreq:no /s
+
+rem Make the new user and group the owners of the PowerDNS-Admin files
+icacls "C:\path\to\powerdns-admin" /setowner "powerdnsadmin"
+
+rem Start the PowerDNS-Admin service
+net start powerdns-admin
+
+rem Enable the PowerDNS-Admin service to start automatically at boot
+sc config powerdns-admin start= auto

From 32e19777ccbd0638e2b9eecb1f226efb17334519 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Thu, 22 Dec 2022 06:00:06 -0500
Subject: [PATCH 191/203] Updating GitHub stale automation configuration to
 match new label schema.

---
 .github/stale.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/stale.yml b/.github/stale.yml
index a1b7aa1..0c0b1c3 100644
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -5,11 +5,12 @@ daysUntilClose: 7
 # Issues with these labels will never be considered stale
 exemptLabels:
   - pinned
-  - security
-  - enhancement
-  - feature request
+  - bug / broken-feature
+  - bug / security-vulnerability
+  - feature / request
+  - mod / help-wanted
 # Label to use when marking an issue as stale
-staleLabel: wontfix
+staleLabel: mod / stale
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
   This issue has been automatically marked as stale because it has not had

From eb163534762e8fa59c3695d9a264d398e153c0d0 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Thu, 22 Dec 2022 06:20:12 -0500
Subject: [PATCH 192/203] Testing new GitHub Dependabot configuration.

---
 .github/dependabot.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..68dd932
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    ignore:
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major" ]
+    labels: feature / dependency
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: daily
+    ignore:
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major" ]
+    labels: feature / dependency

From 33ec2acd3ff3afe69275a6e09b49bf936e49b685 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Thu, 22 Dec 2022 07:20:02 -0500
Subject: [PATCH 193/203] Added a GitHub labels configuration file.

---
 .github/labels.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 .github/labels.yml

diff --git a/.github/labels.yml b/.github/labels.yml
new file mode 100644
index 0000000..df15d03
--- /dev/null
+++ b/.github/labels.yml
@@ -0,0 +1,91 @@
+labels:
+  - name: bug / broken-feature
+    description: Existing feature malfunctioning or broken
+    color: 'd73a4a'
+  - name: bug / security-vulnerability
+    description: Security vulnerability identified with the application
+    color: 'd73a4a'
+  - name: docs / discussion
+    description: Documentation change proposals
+    color: '0075ca'
+  - name: docs / request
+    description: Documentation change request
+    color: '0075ca'
+  - name: feature / dependency
+    description: Existing feature dependency
+    color: '008672'
+  - name: feature / discussion
+    description: New or existing feature discussion
+    color: '008672'
+  - name: feature / request
+    description: New feature or enhancement request
+    color: '008672'
+  - name: help / deployment
+    description: Questions regarding application deployment
+    color: 'd876e3'
+  - name: help / features
+    description: Questions regarding the use of application features
+    color: 'd876e3'
+  - name: help / other
+    description: General questions not specific to application deployment or features
+    color: 'd876e3'
+  - name: mod / accepted
+    description: This request has been accepted
+    color: 'e5ef23'
+  - name: mod / announcement
+    description: This is an admin announcement
+    color: 'e5ef23'
+  - name: mod / changes-requested
+    description: Changes have been requested before proceeding
+    color: 'e5ef23'
+  - name: mod / duplicate
+    description: This issue or pull request already exists
+    color: 'e5ef23'
+  - name: mod / good-first-issue
+    description: Good for newcomers
+    color: 'e5ef23'
+  - name: mod / help-wanted
+    description: Extra attention is needed
+    color: 'e5ef23'
+  - name: mod / invalid
+    description: This doesn't seem right
+    color: 'e5ef23'
+  - name: mod / rejected
+    description: This request has been rejected
+    color: 'e5ef23'
+  - name: mod / reviewed
+    description: This request has been reviewed
+    color: 'e5ef23'
+  - name: mod / reviewing
+    description: This request is being reviewed
+    color: 'e5ef23'
+  - name: mod / stale
+    description: This request has gone stale
+    color: 'e5ef23'
+  - name: mod / tested
+    description: This has been tested
+    color: 'e5ef23'
+  - name: mod / testing
+    description: This is being tested
+    color: 'e5ef23'
+  - name: mod / wont-fix
+    description: This will not be worked on
+    color: 'e5ef23'
+  - name: skill / database
+    description: Requires a database skill-set
+    color: '5319E7'
+  - name: skill / docker
+    description: Requires a Docker skill-set
+    color: '5319E7'
+  - name: skill / documentation
+    description: Requires a documentation skill-set
+    color: '5319E7'
+  - name: skill / html
+    description: Requires a HTML skill-set
+    color: '5319E7'
+  - name: skill / javascript
+    description: Requires a JavaScript skill-set
+    color: '5319E7'
+  - name: skill / python
+    description: Requires a Python skill-set
+    color: '5319E7'
\ No newline at end of file

From c7eaec27d802a3231b312d0ace2fd988b2e0544e Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Fri, 23 Dec 2022 08:23:14 +0800
Subject: [PATCH 194/203] Update utils.py

---
 powerdnsadmin/lib/utils.py | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/powerdnsadmin/lib/utils.py b/powerdnsadmin/lib/utils.py
index 9a528dd..769587e 100644
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@@ -238,24 +238,22 @@ class customBoxes:
     }
     order = ["reverse", "ip6arpa", "inaddrarpa"]
 
-def pretty_domain_name(value):
-    """
-    Display domain name in original format.
-    If it is IDN domain (Punycode starts with xn--), do the
-    idna decoding.
-    Note that any part of the domain name can be individually punycoded
-    """
-    if isinstance(value, str):
-        if value.startswith('xn--') \
-        or value.find('.xn--') != -1:
-            try:
-                return to_idna(value, 'decode')
-            except:
-                raise Exception('Cannot decode IDN domain')
-        else:
-            return value
-    else:
-        raise Exception('Require the Punycode in string format')
+def pretty_domain_name(domain_name):
+    # Add a debugging statement to print out the domain name
+    print("Received domain name:", domain_name)
+
+    # Check if the domain name is encoded using Punycode
+    if domain_name.endswith('.xn--'):
+        try:
+            # Decode the domain name using the idna library
+            domain_name = idna.decode(domain_name)
+        except Exception as e:
+            # If the decoding fails, raise an exception with more information
+            raise Exception('Cannot decode IDN domain: {}'.format(e))
+
+    # Return the "pretty" version of the domain name
+    return domain_name
+
 
 def to_idna(value, action):
     splits = value.split('.')

From 7e973c72190eae1b3daf7e084f90554b87c3d5ab Mon Sep 17 00:00:00 2001
From: Niklas Engvall <niklas@engvall.it>
Date: Fri, 23 Dec 2022 12:18:00 +0100
Subject: [PATCH 195/203] bump alpine to 3.15

---
 docker/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index f0a0731..2b02353 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.13 AS builder
+FROM alpine:3.15 AS builder
 
 ARG BUILD_DEPENDENCIES="build-base \
     libffi-dev \
@@ -65,12 +65,12 @@ RUN mkdir -p /app && \
     cp -r /build/configs/docker_config.py /app/configs
 
 # Build image
-FROM alpine:3.13
+FROM alpine:3.15
 
 ENV FLASK_APP=/app/powerdnsadmin/__init__.py \
     USER=pda
 
-RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-psycopg2 xmlsec tzdata libcap && \
+RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-pyldap py3-flask py3-psycopg2 xmlsec tzdata libcap && \
     addgroup -S ${USER} && \
     adduser -S -D -G ${USER} ${USER} && \
     mkdir /data && \
@@ -79,7 +79,7 @@ RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-ps
     apk del libcap
 
 COPY --from=builder /usr/bin/flask /usr/bin/
-COPY --from=builder /usr/lib/python3.8/site-packages /usr/lib/python3.8/site-packages/
+COPY --from=builder /usr/lib/python3.9/site-packages /usr/lib/python3.9/site-packages/
 COPY --from=builder --chown=root:${USER} /app /app/
 COPY ./docker/entrypoint.sh /usr/bin/
 

From 4de7bbe354387623c9abc4e4252a266a34782d92 Mon Sep 17 00:00:00 2001
From: Niklas Engvall <niklas@engvall.it>
Date: Fri, 6 Jan 2023 16:43:48 +0100
Subject: [PATCH 196/203] Use alpine 3.17 as base + pip fix to remove warnings

---
 docker/Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 2b02353..e9905d6 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15 AS builder
+FROM alpine:3.17 AS builder
 
 ARG BUILD_DEPENDENCIES="build-base \
     libffi-dev \
@@ -29,7 +29,7 @@ COPY ./requirements.txt /build/requirements.txt
 
 # Get application dependencies
 RUN pip install --upgrade pip && \
-    pip install -r requirements.txt
+    pip install --use-pep517 -r requirements.txt
 
 # Add sources
 COPY . /build
@@ -65,7 +65,7 @@ RUN mkdir -p /app && \
     cp -r /build/configs/docker_config.py /app/configs
 
 # Build image
-FROM alpine:3.15
+FROM alpine:3.17
 
 ENV FLASK_APP=/app/powerdnsadmin/__init__.py \
     USER=pda
@@ -79,7 +79,7 @@ RUN apk add --no-cache mariadb-connector-c postgresql-client py3-gunicorn py3-py
     apk del libcap
 
 COPY --from=builder /usr/bin/flask /usr/bin/
-COPY --from=builder /usr/lib/python3.9/site-packages /usr/lib/python3.9/site-packages/
+COPY --from=builder /usr/lib/python3.10/site-packages /usr/lib/python3.10/site-packages/
 COPY --from=builder --chown=root:${USER} /app /app/
 COPY ./docker/entrypoint.sh /usr/bin/
 

From b163e517bb56596adf28df691076d1160630da8f Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Mon, 9 Jan 2023 11:10:22 +0800
Subject: [PATCH 197/203] Update utils.py


From 9088f9323329c581f95793df7e4c00d21ed2bbd8 Mon Sep 17 00:00:00 2001
From: Robert Walter <metrax@metrax.eu>
Date: Tue, 10 Jan 2023 13:49:16 +0100
Subject: [PATCH 198/203] Upgrade Database: Changing domain table type column
 to 8 chars

PowerDNS 4.7 is supporting 2 new zone types: "producer" & "consumer"
Due to the domain type column is limited to 6 chars, PDA Zone update will fail if producer or cusomer zones exist.
To solve this problem, this commit increases the lenght of the domain type column to 8 chars.
---
 .../f41520e41cee_update_domain_type_length.py | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 migrations/versions/f41520e41cee_update_domain_type_length.py

diff --git a/migrations/versions/f41520e41cee_update_domain_type_length.py b/migrations/versions/f41520e41cee_update_domain_type_length.py
new file mode 100644
index 0000000..f4672de
--- /dev/null
+++ b/migrations/versions/f41520e41cee_update_domain_type_length.py
@@ -0,0 +1,31 @@
+"""update domain type length
+
+Revision ID: f41520e41cee
+Revises: 6ea7dc05f496
+Create Date: 2023-01-10 11:56:28.538485
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'f41520e41cee'
+down_revision = '6ea7dc05f496'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.batch_alter_table('domain') as batch_op:
+        batch_op.alter_column('type',
+                              existing_type=sa.String(length=6),
+                              type_=sa.String(length=8))
+
+
+def downgrade():
+    with op.batch_alter_table('domain') as batch_op:
+        batch_op.alter_column('type',
+                              existing_type=sa.String(length=8),
+                              type_=sa.String(length=6))
+        

From c02cb3b7fe39044eb58f1d06beb381953d18a6ea Mon Sep 17 00:00:00 2001
From: Robert Walter <metrax@metrax.eu>
Date: Tue, 10 Jan 2023 13:51:04 +0100
Subject: [PATCH 199/203] Model change: Changing domain model type variable to
 8 chars

PowerDNS 4.7 is supporting 2 new zone types: "producer" & "consumer"
Due to the domain type variable is limited to 6 chars, PDA Zone update will fail if producer or cusomer zones exist.
To solve this problem, this commit increases the lenght of the domain model type variable to 8 chars.
---
 powerdnsadmin/models/domain.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/powerdnsadmin/models/domain.py b/powerdnsadmin/models/domain.py
index 09b697e..ab154c1 100644
--- a/powerdnsadmin/models/domain.py
+++ b/powerdnsadmin/models/domain.py
@@ -20,7 +20,7 @@ class Domain(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(255), index=True, unique=True)
     master = db.Column(db.String(128))
-    type = db.Column(db.String(6), nullable=False)
+    type = db.Column(db.String(8), nullable=False)
     serial = db.Column(db.BigInteger)
     notified_serial = db.Column(db.BigInteger)
     last_check = db.Column(db.Integer)

From 18bc336d7a052749e1a0928be59bfd0319097cce Mon Sep 17 00:00:00 2001
From: Bernward Sanchez <sanzbernward@gmail.com>
Date: Wed, 11 Jan 2023 18:21:40 +0800
Subject: [PATCH 200/203] Potential fix

---
 powerdnsadmin/routes/index.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 3a6f55c..e6e8343 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -323,6 +323,7 @@ def login():
                             # Regexp didn't match, continue to next iteration
                             continue
 
+                    account = Account()
                     sanitized_group_name = Account.sanitize_name(group_name)
                     account_id = account.get_id_by_name(account_name=sanitized_group_name)
 

From 246ad7f7d2a76ba069b0f760f1fe24aba49531eb Mon Sep 17 00:00:00 2001
From: Robert Walter <metrax@metrax.eu>
Date: Fri, 13 Jan 2023 10:05:20 +0100
Subject: [PATCH 201/203] Fixing Wrapping in History Details Modal in Dashboard

resolves #1358
---
 powerdnsadmin/templates/applied_change_macro.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/powerdnsadmin/templates/applied_change_macro.html b/powerdnsadmin/templates/applied_change_macro.html
index 6a49b01..0b444b6 100644
--- a/powerdnsadmin/templates/applied_change_macro.html
+++ b/powerdnsadmin/templates/applied_change_macro.html
@@ -92,24 +92,24 @@
                         {% for changes in hist_rec_entry.changeSet %}
                         <tr>
                             {% if changes[2] == "unchanged" %}
-                            <td>
+                            <td style="word-break: break-all">
                                 {{changes[0]['content']}}
                             </td>
                             {% elif changes[2] == "addition" %}
-                            <td>
+                            <td style="word-break: break-all">
                                 <span style="background-color:  lightgreen">
                                     {{changes[1]['content']}}
                                 </span>
                             </td>
                             {% elif changes[2] == "deletion" %}
-                            <td>
+                            <td style="word-break: break-all">
                                 <s
                                     style="text-decoration-color: rgba(194, 10, 10, 0.6); text-decoration-thickness: 2px;">
                                     {{changes[0]['content']}}
                                 </s>
                             </td>
                             {% elif changes[2] == "status" %}
-                            <td>
+                            <td style="word-break: break-all">
                                 {{changes[0]['content']}}
                             </td>
                             {% endif %}
@@ -119,7 +119,7 @@
 
                 </table>
             </td>
-            <td>
+            <td style="word-break: break-all">
                 {% for comments in hist_rec_entry.add_rrset['comments'] %}
                 {{comments['content'] }}
                 <br/>

From b607c1b7ff420939f9fcc86b4de02d956e08cdc1 Mon Sep 17 00:00:00 2001
From: Sshafi <sshafi@sshafi.net>
Date: Wed, 25 Jan 2023 23:59:35 +0100
Subject: [PATCH 202/203] Update base.html

Use SITE_NAME for upper left title on base page.
This can be useful when using multiple powerdns admin in an organization.
---
 powerdnsadmin/templates/base.html | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/base.html b/powerdnsadmin/templates/base.html
index 85b2f82..35bfc51 100644
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@@ -32,7 +32,13 @@
       <!-- mini logo for sidebar mini 50x50 pixels -->
       <span class="logo-mini"><b>PD</b>A</span>
       <!-- logo for regular state and mobile devices -->
-      <span class="logo-lg"><b>PowerDNS</b>-Admin</span>
+      <span class="logo-lg">
+        {% if SETTING.get('site_name') %}
+          <b>{{ SITE_NAME }}</b>
+        {% else %}
+          <b>PowerDNS</b>-Admin
+        {% endif %}
+      </span>
     </a>
     <!-- Header Navbar: style can be found in header.less -->
     <nav class="navbar navbar-static-top">

From 91c19074865f9c3c6374e4e12fc1a38e1ffe2fbd Mon Sep 17 00:00:00 2001
From: Sshafi <sshafi@sshafi.net>
Date: Thu, 26 Jan 2023 00:02:08 +0100
Subject: [PATCH 203/203] Update login.html

Use SITE_NAME for login box title on login page (with default value).
This can be useful when using multiple powerdns admin in an organization.
---
 powerdnsadmin/templates/login.html | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/powerdnsadmin/templates/login.html b/powerdnsadmin/templates/login.html
index ee8cc74..805422b 100644
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@@ -20,7 +20,13 @@
 <body class="hold-transition login-page">
   <div class="login-box">
     <div class="login-logo">
-      <a href="{{ url_for('index.index') }}"><b>{{ SITE_NAME }}</b></a>
+      <a href="{{ url_for('index.index') }}">
+        {% if SETTING.get('site_name') %}
+          <b>{{ SITE_NAME }}</b>
+        {% else %}
+          <b>PowerDNS</b>-Admin
+        {% endif %}
+      </a>
     </div>
     <!-- /.login-logo -->
     <div class="login-box-body">