WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] Remove unmaintained Access Control Module

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] Remove unmaintained Access Control Module (ACM) from hypervisor.
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Wed, 30 Mar 2011 21:50:09 +0100
Delivery-date: Wed, 30 Mar 2011 13:53:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1301089677 0
# Node ID 2aeebd5cbbad5c359d936bc694b199c1d81a0731
# Parent  a65612bcbb921e98a8843157bf365e4ab16e8144
Remove unmaintained Access Control Module (ACM) from hypervisor.

Signed-off-by: Keir Fraser <keir@xxxxxxx>
---


diff -r a65612bcbb92 -r 2aeebd5cbbad Config.mk
--- a/Config.mk Fri Mar 25 09:03:17 2011 +0000
+++ b/Config.mk Fri Mar 25 21:47:57 2011 +0000
@@ -153,11 +153,9 @@
 EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
 EMBEDDED_EXTRA_CFLAGS += -fno-exceptions
 
-# Enable XSM security module.  Enabling XSM requires selection of an 
-# XSM security module (FLASK_ENABLE or ACM_SECURITY).
+# Enable XSM security module (by default, Flask).
 XSM_ENABLE ?= n
-FLASK_ENABLE ?= n
-ACM_SECURITY ?= n
+FLASK_ENABLE ?= $(XSM_ENABLE)
 
 # Download GIT repositories via HTTP or GIT's own protocol?
 # GIT's protocol is faster and more robust, when it works at all (firewalls
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/figs/acm_ezpolicy_gui.eps
--- a/docs/figs/acm_ezpolicy_gui.eps    Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1756 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%BoundingBox: 0 0 635 339
-%%Creator: bmeps
-%%Title: acm1.jpg
-%%Pages: 1
-%%PageOrder: Ascend
-%%DocumentData: Clean7Bit
-%%EndComments
-%%BeginProlog
-%%EndProlog
-%%BeginSetup
-%%EndSetup
-%%Page: 1 1
-{
-gsave
-0 339 translate
-635 339 scale
-13 dict begin
-/fa currentfile /ASCII85Decode filter def
-/fb fa << >> /DCTDecode filter def
-/DeviceGray setcolorspace
-<<
-/ImageType 1
-/Width 635
-/Height 339
-/ImageMatrix [635 0 0 -339 0 0]
-/MultipleDataSources false
-/DataSource fb
-/BitsPerComponent 8
-/Decode [0 1]
->>
-image
-fb closefile
-fa flushfile fa closefile
-end
-grestore
-} exec
-s4IA0!"_al8O`[\!<E@K"aC"Is4[N@!!**$!<E3%!<E3%!<E3%!<E3%!<E3%!<E3%
-!<E3%!<E3%!<E3%!<E3%!<E3%!<E3%!<E3%!<E3%!<E3%!WTq8$O?c3!daqK&HMjL
-!$;1@!<iK)!<E3%!!!!!!!!!!!<N?+"U52;#mq(?_uR1V!!30'!s/T-"U,#3!!!%J
-!<N?'";(eM+Yc7e'2`0C,&n;PJWZW3,=8ZO'iNHK,VrnMJdDc"(Dn#.,pjuf.4R/3
-2E*TU3^Z;(7Rp!@8lJ\h<``C+>%;)SAnPdkC3+K>G'A1VH@pm)L51SAMNX0fQ'Rc(
-R@9kFUnsrdW2Zf&Za@-K\%&u[_Sa=2`lH0Bb0nbge^i@)g"PEEj5f=akNM0qnac;D
-p%J.Tq>1-F!!iT+!!#4`q&B%@rr@Y4r'^Lp^+OZB`Oap6Xm-u1/c8sq0>XiE\uE3f
-r#Oag#j??qep\%ZHqE7#?$foIcDC&Go>CF\r4XoUPNj([TQNtE>L7aXYM/aQ*tNUC
-8b,R\`a0UiM-KroQc!M_*-mbC2bK>*Wl0WAX?LGS!L,%hN.M-'o))\\oI(Hg)LO(T
-$atQD#gukbI)P)VJ4K,@R61n:o7oQMcOMH*h[=lL0uc$L!!l>]#9AO1B9H';JW`<t
-J)PTrC]90'_XICH[#b25O8*#;)ZKf3=n'''!!o\Orr@nNrYKd5^Z^u20)kpg.nK[?
-ib8>lL#(^kqB_aA^[R-/5PU[3iHKN^reY:)n,+B:O8^Jepg)_prrAcrn@S]##d#?O
-!/[KM(O(VKka$TKrrBnd8H/\LB`A'dh;PR6-(bR[n;>XYpmOG+GBdp&M.a]or$&M/
-r[*^$?/?M"!2<Wc]Dhj:XX!iGM51%dGD<lrQ@(=b!5^6WrrD%lrr@c/iNN)(T*rF'
-MUF`aRQobTG\d;8B>X-8,.*F1-BIq-hAZCoU06utrr<>,,Q@b#U])'RL;2r<HnPF!
-_CJ1W!9.\l!/97fYPKQ;$bu1gdQdMq5N-g2C]90'_XICH[#b25O8*#;)ZKf3=n'''
-!!o\Orr@nNrYKd5^Z^u20)kpg.nK[?ib8>lL#(^kqB_aA^[R-/5PU[3iHKN^reY:)
-n,+B:O8^Jepg)_prrAcrn@S]##d#?O!/[KM(O(VKka$TKrrBnd8H/\LBn,)dG\MF&
-!/4SFZe(fPBZ0nK9crl;]J]]h7(;,^rXg&%rr="5rYLoU^Z_!]/,oUd,=VV4j)fdf
-o'k90'&SCmpdAf1r,.Sj?="QM!2<]eYQ"S.N>MTpNR@b+$d6FpoLjWJrrD!iUAk5`
-\j,/!G\d;8Do09e+uE[+2b3d!0+EEY/biEI!/*h"rrC(&rr@c7iNN)(^C'u@n;,JA
-pt[%]]Y$-%!(=<T?iCWU0E2"kU])'rL;2r<r%%dI_BVML!980N_Xd3Jr=\"AJ+uEF
-^\hu1pg.8FrrActn?;il#`TZ#!0,D+!"6uf?h@!?(&n9m&Yf:*n[^sDH$F-(M/U8G
-r$!t)r\m@F0/!cad4P,prr@^AMuNdskl1X:jl*E>-,0fe!:YflJ,%hAn@ZCkrr>Hr
-iEuQr)DD*j)l*BKQ\N9=QM`95!5]sLrrD)$J&:dGfDQ?>Kn&kcBYXI_O8*$f)ZKf3
->O\ir!!nQ#rrA&+rr<GM_dE%/IMMk_i=Vga!:dWbiH]Z`reYR1^\f94?iDuSr%B]4
-J'fkC=8r8R7Z79H`p+f=^Ve!Q4rAYr!0`!6!!kKH_"?U$r.#i=FJSp:L#(_VqBd9k
-J+/3@^\Hn4n@Q=rrr>I)iD9Fag/n:S*2EKLGDErsR!^@_!5][IrrD)DJ&:XCp\ba9
-Kg5?"Bj^dYO8*#;*rc57@IU2p!!mElrrA'Vrr<G=_r()[4r""si=2W5n]F)TGBeK6
-M2/s?r#rGNr]*LH0(0=#d4k>orr@^1Q2^j)./s:$h;Ri!-6ESEn:oB+puNUe]=^<,
-!(=``:]:pZ=8r7?U])'RLVN&?Hn#'q_Ac,I!99;n_X?pfr=]]q5PRT[?i4r*pg)_t
-rrAd%n>H9d#]2*l!00qV!"6EVht0T+'`S0l%AeREb!4j/G^KFHLVf\]+geHP3Cj!"
-mgjoq0_eTH!/*7qrrC(frr@c/iU?Ui*t!MeL=3j3jWF!(]KQ8p7)RtZrXddbrr=%B
-VS3[j/,6sN]>BbVlbIuNIKILHf_$bs+qG@b5hA1(r#X6CD,.niI7hi'g5j5A+*\^Y
-`7&EelHj:`_pW:08pe0Pob20gbR5eJ-g]%Hc7Je+%0$<9kcb@xxxxx\$`3pL8_s81
-$iu!Q9HQW,:Q>>dr)iG!L%X=?C7bb2!+jIfkaiTtMc0'pr%Ii3q_EP4f).\+bB",Z
-r$33<Kt\+G<q4Ln1p7>(HZNh2HfAi.)@ZdE]Y;k^Dm^O2NC(cJo_\aZ-f_,CT*=H9
-&@<O0T<kDSi@be\-/XK#08VkOrLEis>\j1X<tj8X@mn_Y/ppF`7_,R5;I/#4>2*iD
-)K!KTGB7J@"g.FFgJ5$G;LZji!$#IoS+,&'*KM&`RJTg0_T@bs);Y0VNk$#"aRp;0
-^D+<mnJC.#K]_fkMZ+*7cJ#a]D7*#B(KBo8_VZ40cMmk`/:9IWl;>kSO_<[qrX=&G
-iWoB)dd'PAGVg:#<?@8D]fh+D%[-RLf\T%%B;GOL5IF:D4?9-\Y1rYirL:/742`%S
-T!P<KHqO0rq^[%EnMJs+UBFZpAbGMEIO0AFn:uq/QuD=D/amfUeT<;p[H[9d?eV<a
-Zb[oOYCC()g52R42o.`2Xs1FPO6nh%#Xu;.8IVnRcs(Hk(;\)q&f>2dni,qVi@g-s
-Zd#\/p!8FY$N;,l7nrLgcDd`:?fDm<0->QrnXbpS[prs2C7ZN*i_R?#*;I!4d<n_"
-T6h=7rr@cA2=3V83[UU*mDbUk5,'@7jSUV0!!Q-e*f&_Q1Iq4qUA1V_`]A2NCTLn<
-B>a]]I3/=*1nqk`,Ce^t%V<;ddf.4.X$mef@:KeN/bE4W"&2EXDS,lS"oC-$?hUf(
-W."r"ce^M0Ffu>NBAs)UNXhhdpj1[d\^de=_LDi=D<$U8gI&/Yg:!1(>u/@]G.2JH
-fZ[[AH]K?.\S.mrqXXXdLiYdmKi3j!^Z-6q+c>L`!"8A?83:iS)tJQ1!(*F\JdtM(
-62pr$@_^iiT*^!Trr<+J#M4DApm]3*rU7ZX)u/_geqUqX@hXb01Ieb&Ca4f(G+`,(
-Y!0gA[OC:$ehqgOMu2\/mVgB($\$<,$)7BX+T8U[0mm7$Vr=`c;uNb75@k97iV122
-JR/ZXYMrd4&]O6J^,8:;X6i^'hm@UC4VLW<gI0N`rA*Nd4.H-B0C8>OJT##J/d@NQ
-n>#\LpaP`;p/V'c5A>fGdIEjE&:Vlr%D3X^Gc&C<+7/7]k=tF^N4q(Brn2D^$N(;,
-Dt+@U^U8QK28+??eN@n)[tS>^#-ICD_oid[rgVmtN<U6m$V`B_2tgtaOQ-564q%AB
-*u+*k+tnZChq:re?Bt%qhn["rM%+W(Ln5T%X_L'8\CWt(-IL_fZ$9$m9XDC#k\,Dk
-9AukO0,C,>/@RiQr)E[rJjX:f#35Z\meh(p\6*I;ZUaAGnB^foQL0,<@Jjp#?]&iJ
-P>C]2_L#C&4s=.NTtL@[n<U]F-p1oaeuJIG(<La6&rG[r(r%_O;=H7!=+U8]iK&i0
-2>B9'8&?>Wr,;9Npd74fpnQgBM`a5^Nu*:\C"$hnBD`tq/Ch+c9a>&)dF)m72+o%X
-X8BZ>l-N.ODrt7lnupQX%0$=cT)Sd/[EBZG2c9A+i?*rLZYU]`rr?Rog&q&PZ&dmW
-_1*9bpKnN7^&V8[5>g#p$_Y>qRCj;Pm]U$gY)=Uo]klELnGHA!CtC]oip)hEfO"c2
-@K-=`T+_&Tn^#4I&8_8_n6<d0!"&Z*@W.7@[_IIfY8$mdfABC!bMaOq<aH]YP=P+*
-m]V&t>:\Mc`)6;ubf/UJ,3Qm*I[Yut#+;FgZ5"HCpnQbS`ifL>,JtT:Hu&4qifAaV
-)u/=W5OaDT61II_mhU.t_&b6.eC1;Fo[!;%4B\_!(7G`JrM-1C>\]QhfiRotCX\rF
-p>=*&M<.tA!#%S0Di`cZXRsb-iuc(ON'@WUrGHeddBENrHnt5iJF)rUP_l;bI5:--
-3[U*qr948FbmgGk,/fHa:l7g?#NCg2.IfLXL[95XIam6loUd6'/FaO65AH++fsa9B
-1%>e55D]4PY3Hp:cbWs"r*b6;S3"uQmkh)uF:4f$NF0Qr<`]24\?rlt/?\DNnHaJ5
-[.3Sa!!e#3SR2_Q,'Y(#(Y&@uqbcXn%)*m6htJ36oUgd8*4Yb[BAu.2g*_`k#(07p
-IM[LN2re8$bOM>qf;ro)+DW#Jn?VgY>pJ<_ZYjmnqqWVsHWRT'me*cAr'gK/rm=mY
-pVnWJrXO<EnW/Gh"+3E0Q12iRLVushp_UpK/GNr<Nu!*fT(tKuBrLgi9@0K]X<R0$
-Q%[lRV#$Y,K[q1dG]fQD$VMp:Q-\7bc(D@+QAb8,`0[(rr\Rf'GN.J]iV`l;:;:l>
-Zc<Vj^CtbI(.ID2=%2n2Wlq(^O,Z#8'1;ZS&*^eIT2N>Q@f>G[%Ee9KfC?3H$1[mn
-HkZIQ]LD]Mcg[:@586:2G^I<](QK9Wi6QuR+aE`VnJ?h#bpuB!D\dRhiUD#_X*BQ>
-qBiDG9Alq%`4CDZq?EMNXV\ns(`JY5g/Rn;rr<6%c<mpp`-m!O^(pEgn0?s@O*jg_
-$eNk?GN$:?r%ITLMKS@kC(Xb/fLoZ4h&f#2n$O5HhT(&@C6hY2XBX@QQ[3NI]1+-R
-\4HS$e,B[Pqbpl$c1ZXom>o-!(>j?q;>Bm$q`ANK'=%%.`!bIZ(]H8(Q>IN\B%t4(
-Se%:;]GTN;U6"6dCQ`Hfgg#5>]<q?GCSom3Sl96_r)*EM^+<sT*W@_i*;C!4oCdq;
-TX=0?hscFdLce7Eq^d,-piGGQ.rQ2J01PJ:(]GoZ:Z=MIqo6>Oe(WgY<RWcth\8Ln
-DrR6,&l0/(O$8JMBdrT`LHi+Hm1o/H6bDkQ_G>\H)La,[C;Wo_dI4_8nE8b;NdPc=
-g$7:&QCFi<>$^!eiLL3PYd`,(rBFH4n*d?T\4`;a/QYZXSg`O2[?=ltrJEgMX7+d6
-p9aU=q^Um&._GIGWHdFka7^F4M(ecK2i2Ic/UcP1!-lQ(f6160&\-G?,B5m%pDsp1
-6FjOs>17*4B"NDh;KoH_)ih,]&+";pfmdTuJUb)2m+Lo9=nqOVe)Q5&BRU+fpd83Z
->!=!TC[f*Y4\N\5pqO`'!n=q*pi"3f(UVFs<nI70D(_SmSfI9\V_"lkUF!=]htFEQ
-'Ygt%lj*&bj(Ib7n>GtDpp6fAoCc_bB>k<E`Ho`Eh\/0gG`pBYde$<Ep_1[(1kSkf
-^tpBKn33\Kl2&W<#h1[m42fXMXTd+^R4^*1_J<6E9kX0&nY5q:rK99Ci6Mc.FRak!
-Dq_\;hE17nNUX)Xfq79]L>(+ohB/(LeGL&[Hogf3USZ5.r-F.=ScS?jT9&CdpgXL*
-*XgAkZqYjY>u+8.\DhZ2!83G,ORSt6ReWZOHhcFU[eOj:krpBfL:[Bb_LEV?kJ2Ne
-fB9oWd'`<[NCQ7B4r;UhX.:b?\'fCnF6keGPko7p<ccM3S\iFmlX(#^;t/hd^(8T)
-3d<mKB>Qef`4"MBnMJ\[?Oh2tIhp5sj':(Th"]dCrXeUSU#8Rn(gB^IBrXnd_#>Y,
-1bTGU)LL_h`>VugC"+^uX8(ZN0n.Dt#JXlSfus)G[J8)F8U.C6g;h+GZqdUiDrLNj
-QG*iB3kh5crm'@UdCp]<G$c"B`r3Di>oUXA7u7(Ci]RaXNF0LrnOHHcnEn3WX*rsV
-eEiO>pHLN[a7aNOTY;H4*XhK3`".D@)12gqr(+Cl+,?:,N.)W=hnpAQO)JU@e#[#b
-n6VNbka"0A.Ct]:=41p5ha<"l=1Zp=lZGQHmBTCWBC*b;!IRrCg&#4U.K,=A/EpJ(
-rL#cNnO$+B?F'h0`6X-d-*u3F]bA;4"S&s\+P#K@2i2GM&#j<TI^:\Z2%:&@nMMgI
-6$-uk98eP/RaqB<d][MqNAF>[XO^aaC6fW]NN\eI-2Tjm]QZ&TL`(e9j\!/71BhTF
-`u1rW=T7R`B_'4<:[:N:5Iu>J4L+k6qU+Dcm[r'k/:Vd@[!?0YVtHh.+5K/`*a&F+
-rFkcBpJ:*FQ9Vs1>!0(ge,%JRO7&XkO">d&rj6r\qks+^b9,P)XWCUDl2>;da7iBq
-8!ZBNIp+t>rR:VlI(&DZrrBd&rr@xxxxxxxxxxxx!9,EZht,'AhbF+N`)3eSkEu8L
-^75-&LneI0cS>G"I5h0+&Ose?!1m^"qJZ?WNK*r<4NIEmhu#n^)ub,DqrtljMDdEk
-o,m_UJ+44hDu&N[n#$*bi[EI:o?;^A:&b43;6dn!R/[0#S,WJEULSf"1&h6%2u`ji
-7`PH.Sn%crDuLr?NW/u@a8PYfr'_PDrcsS%l+d"N2E1R*+8=66nJ#eXq;sp1VZ-YU
-.+mGKb^\MErrBu=oKhssiWT5rrK.$ZAK;5-Q;($GGO^+(`@@sc*<+YV[KLV56&&4W
-YXYeJ!JG,MD202kr'L1TX]nF_fq>b]QHj>E`X?G.(aH$+I.cadrr<=I\\(T*6XRL<
-<:`oP_u"g+`eYj22L`KW[&q8^.KP;:gd;7`=UjK=$o9Nh,E.]:++RF!#4]0Y4pq3=
-poCR_^)ZodDu1i0c(6QXL;0BO%,1E/iU6mK!5U\0(48K`]<Fj`57tQ-!RMm%m30jL
-)p>:+\VA,RhG8%Tk^Fc'J)H7mA6i:1`VBCB#pImW_#>R@7KF>0Iq>[^A%!6F#@9^o
-?hisFr@?jaMEg%!T+84iSOW?CphTAg`;Teb0"#CF-Im"@hZWrZ_+=S+A)@Z.3ej[]
-KpJ9>2R=a"Cr5W.b>,:NBl<ACXf\Z<27e8.CO5He*ut:-rr<mb)uO"3c/6F@#4pjc
-a.3`.n\)VjRsh/I4trJc5D^u)06-#1^R>1Ai:s2Z*ij?%p:a9R@_UC*2l&X6i_:B7
-F[+Oq`.&..ipVoBCsN^&_@M7u!"7u(nCEf&GX`](>k*Ti%j(#)45]ft7JJTGW['96
-3aL5K>3f@XX/juhbAV<;W;(^=:CYXDr'g,d_]S(1p:#$kq\+@%]-sj5rmcM'F/l8'
-A))GLrr@Y&$%.EB.+\[[f?F\U.CQ_C\AKBFjm0o7;oG,fZBQKcAOmr&f\7H5!0$)#
-`u3oprf05$OoGEg=+\1t5MB&oJ*e?J#=.gGMS(&#o$>>5g3OjYgFWY-nU@2p?gs]-
-IKctTaKk>+M#8Qm8mp139kATsp>6JHq_ZBtA@FKVEEh)OIp3Nb!5Z^*Z36qCIa:6e
-GmC8F;-s;a*e\2"PK=XajCDc6IR3u6_-?p>i2"*n^YkfW)>G$,DhPk5IQMcqItg-:
-nY_4+6%/9A6hkMnC"IO>p49.+()Ha6p`ne%O705i<oVtKR4`<W@#c81QS/)o^1He`
-`X`4*rrBkk/q7EdDq`N>rL(ADpp]tQnQ3[_L_b/;5OFFFLW!QQcW'k1Qf3+qi2q4A
-^Tr@*YDQ4bkoM2Am\-=Z?halG''\+&]r(R*rqfQI@qDLjhq%SanItV1]`!J4Ama63
-i8<o:iVa6N$eT]Vp6klT4;G$s%/mObrZM,7rM09\iEJj#*T13^<q(>"c`[1!]s@EW
-iS31,_%pbEmi1Nf1u9Wf%Vj^PUS&ui,hAm=rr@XXr*oFqq`92T(\cgo(q,L`&&l;9
-h\CSFHt\uC8_/8dC;'i@c\K6d27:JZ4?9,1LKO'M[]Q]G)CC5bVV5`CAZYPdMj\("
-XdpR!^Y::<$7YK%p6PZ32=CNK:T=,Ap5&[?Iq_V`?\iR&GW3Rp(9=0YahJ9K5(%8H
-V13-;4&bYWpd3HI:At@IINnPK^tp+$?E:3^po;Kn?P$t])K_<lAufoo[JP,rgYVup
-.XWrK\*Z?sHsuf0nL)<U!4Q$crr?JU;nu`AF\da!&i;f^rl8=XrLEM0#>O_Tb>[rO
-MM*&X/uJ00kCrh$V_4>*DcbM4$2d*Kq`F]"2c7tW[Gi\hK>\l$;D3Qd?gpmQpaULT
-2lg`*VoMS`r[e#0]R0.3p1a;;nJC0A`bfe458LnIWr*P/PI/#)i8plS4_MS)>.9:"
-"n>gV8&KfnG^IGVp&>#FoR?o-2V,I#Lc'Tij%$VeeS]EA."9\gZ>[ZgMuNdc0?4H=
-N*[aU]OC\WrrBk]r\XW"rZgo.MnC/%Zc0WrrLH,4poD71%e.eu^)#or-dfXGl7qR2
-$#VU@(L5NJbC>9#=,;lrX'YR^`#>e0Ud'cRXek?uBqO.tp-S<I?aRf=rr<W0/c9YY
-kO#VGF8cKnibPaNMD'`l'Ds4rq_!71rL,,/H`2D?*YV>*?73MWrrBpWotQ?0=+pK_
-iU&hTi6R<'<_jJ*j%e+lQ1UI:T,$UVIPcN,^TkJ-JA)ZkGN%Gtrr<;iRW$"apa\"J
-rr?i,#(.$X*W$iOfAMF<mJd/urr<ORCKf2[pfAN;Wd#K!rXnZJNpQ-dU%,&!%uMD`
-nKa3@gYt*9UZ%1K;E>4M*jj;n:&VeT4+>M)555NU(ZA`=+5-s"q#0^nin+)D(ZL5;
-[Vd&C0C9))7e!n'Ii<d[h[t5LiU7<PO2\jJ^)^ln&:9Im(KulP^(TWf4s'6K\RBjD
-SL_TriM\="q`R;3n@^dZ]C__I^U)hq'0j?@!W4&/HcMbcL[=!YJ(m`m`L\gZ^[T"u
-7uASjT4[l#n_:m/,4Itt35;ijVo-9$Rb*M2GG/2GCZeOElom#d^'t#AKKDdaqKIVI
-<7R]4(Q3Nnp4p"^pa4OXm-,&!rr='8naGIer"Oe(IiWthBmP32Nie(rrXF+Up/CK_
-KtM-Z%u=OKd<'/2!++p(0DM`Ll&b1Z$J+n2^Xr-]'2aP&2`c)Fh:hhNqf[GChZ,hi
-HnbN.m62D8@JGiP-cQ)c[o\Cc!+C:S^g@.c:PN3h1d;HKa'KDWSFh:9:%:Qn;t7nc
-KHCLQVX^5?L&=<9/sl'G=4VL#r'B?>48[8];:1-+i[ZZZnJCSpq]^9?p8.chJu`\\
-58^bu(W2lRp4`AVpohKJ(:Bcf?aa+ar"CIEp#*"XpfGGL$N;5OHk4!jT"[;P]&p,9
-iQZjPdpr.nnL%W;Gs7^IV-/&p`;5J-Xl>Cs=.VqPDt^s@=o2!B5PXd-:DnW7P'dr5
-::L6'"U"N]qc2<sFnfhN/cO56%(mbRBAnohhq?o'T*F[>%0PP/KtLd_Zf?gp4A4UN
-*V_D1j/7[>hh\kYfer5S\dsO<$X8Yp?=-4'p`ne%M#RGeILc.FrX$]Grm105<n4i[
-nN0/=!.pm#IahONq"MR2(,*=#nW2Z.Z1'9^*s_-pB\JK;iI;s5^(g+=hCI4ErZLun
-fAbDA]IoXBQ"-mhHrI"hXt;"kepgm$C&\/:%K2@%+F_[%*'@G<qb)<*pc%,,#lan@
-;SQfcgG6gh=td\Kg)F"Pp6tbTn=TCrpa>Pm`P2QBr%m:B$/51B4!aU%i-e)SC]=AT
-GZm=e\q4YI3nBQS]4aq3T?0;-rr?t5L,OK$pe,ZUN')1NX'5&.r"ns,rOKR\i*/te
-Gj%l\0A,#]n:-9J,`gphZgdtp:"R#cGohZ^Hf:"pl@0<24AW(oqY%Coq>MJ_26.Ze
-De&>;!8-3&RJ8<%p\kNUikO4ua5/AtZlafW?aR$(bOGg1nV$lApkL2rh[[@E>lN)N
-?OLeGph?W#53(X-Dm!e<-h*(@IY?Pe9n(Y66JqZ19=/B8KIQd'rrBl$oe-FFA,V'6
-4u.LHph0(pp0@Qc2*VfMK2)+on-?bC40[020B,3R57"[cL6DI#nZVjB:Plh%^*`XT
-!61T7LW%Ij22t8JPO#L;M60(ABQr1cf%/:J:%0\,g&7K@&Ur+,!:WU1&*k=E#ESjI
-pb2=^n42koVYkoAX1V0rYN#;3V"+HbN.5O,D0"ON<r,=A4s\cPnWUo]GR&B6CYH;F
-FZgN&cc$f=Se]e`RI,.!2bN\VfrOhPrL\NTIa*AIJ*bL[Htr1)K=lKfrrDgA\,6t:
-p1!Q9a'SlF1\f?ETDL`u7fB350`2R84pV!jdI479-fBIglXp#epj(j.HUuSt$qJ7.
-&$3?\r$8j$KC7obX\\^>-CgOfm=D'^cMe:JTCG/>`;Q;,14IF<Ia4Rm?1]0JpuC<D
-%K&BaAT=DNB^;Mi(=V9+pj^8S*r(0Q=2e6I)RJpo`=5b^h?_Q&[IIS,A`8[ZBj-h;
-&\@`Zp@A"A2skth?[Qtjhd^Y?ESt'i(uBKJi7_mk^720:M==U*I'WMliRY!$l5FN@
-(@p]R44A;@O,?fhM7!@mHfNlH#^%ZP>A,@%GJ=$O^(=t,(&n8c.;:^3CHaH(Iq!mD
-rmQ?05!Ja2a239LL+OWAnUKqAn5J=rK6/%S'DR>TdJO++9ln<\&Fa=gY,ufJ(W?06
-l"b1!pm>a3lJ0Y\;;qNTpaFb\\aZ*K\&-$)`p\aK[*FT.J&+m0BqO-Ya'Ld>peC9S
-_qIo%:P1kM^'K*apeC8Pi5V1)nT#X#;"94q!S75spg_6^_sii<?LZO<TR8cO+LJK(
-25frHPHT5_^n9@kp3?@$qa:A`_(!#]XFAM;55=s3^Y!bH+1;*;nb`$_nMe=gMuFc]
-a8RajU[<3YD[>*2hAl<S@jf8l'$&oNe&SZX"$tHo9<0]Zl-afX<RrP+f!O6\q=!hA
-_tc,0"%:L*V5J)r6di@?)uF8B[+?jNm9JmVYui#F::'ISPMtC3>?GVEgtgXNYP<T7
-el((4QVu6glbPHS4!3sL9Bd8WrrC$crr<>#^6*l:r*:E6MG*1Ml2Lb&dJj1PUqVt?
-TDVt:n;9m'([:r"`R4\c#c,1sI\6OD+7P.\kniUa!6*@c!!oC7Oa`r#>p&Qn9Bd8W
-rrC$crr<>#^6*l:r*:E6MG*1Ml2Lb&dJj1PUqVt?TDVt:n;9m'([:r"`R4\c#c,1s
-I\6OD+7P.\kniUa!6*@c!!oC7Oa`r#>p&Qn9Bd8WrrC$crr<>#^6*l:r*:E6MG*1M
-l2Lb&dJj1PUqVt?TDVtrD[ai,NK.sKb/C-$4c\r#U$a?oi>S3bH--'dITQG\rr@^e
-Du&QDrV9gjU](k)^ZV,ZpZ6nEO8)2ArrAX2J)?Ok!#e)\)Op_Oao;?i=8Zb3!/,**
-q<'.(q-WZerXl-EkFA1=jaY:2pdV.\!1n4\hj+3A)F*1!S,R]Trr@LLr+Q*1KPGH$
-k9p6(?h'oj&ZNP.S=fQ;J&[QE7]-1cSoT><Q2^h&5N*NMrcuWc!.J#IB`A'cC2`q2
--iNjJnY?'qWP@xxxxxxx`fKmaVZ-XfEduu3rr<s%i>S3bH--'dITQG\rr@^eDu&QD
-rV9gjYLd]J]'k3WD'/``h;KH53q`6%4rrqG!ZF9ElagnN-EEkc0)kqFq>IMaHrI-2
-[a8`WgsY*ERN#SifgQC1X2us30s#\4o9!fAfRL:NJj81Xg2FfW)XF$%n*MduCWF1-
-XTjB))rX!qBY)HTL\58hnOA@JiZIOqS%jM<%Y>j4iG%u0:=m_[2OhGWcIiog40G3"
-q)RpL<joR6o7*LgaH!_oZT%:H!0!shrrBq<rmPCdGff-H6gP)^d!l+E:[i:Srr?_>
-&*P&snU?h_N=,FR%eq4*QLQ<2A`>:39%!<MLnF0/T81,enD2*bA)SF=`82bV5#2gd
-P=i<tQV#PH>FS92Uq?LTOM`D-S&ISu^'j3;41FUBq_gi;j18S,rmmo8Ee!23m'e_-
-%R*XUi:O3"pp'?"_Z'TP4u*';_-B*&i,)IOcNj6siFe4aDrFDrD6L#FX5VA;J&+g.
-A%ceKe:iXTCLaAHS*`!)f&uCGQ&VX=Z'7P"CB_RJ')naUMgbY%qeU`1d=0Lb+kO*i
-LHZ@Gp\RGG2]<3]1u"Qg=RkOWU3oi.1n%L`k\i$?XX3K/?6t\+"PVVVB,jJRp1nFb
-(HR`S[mK^_)?/?^!C(=i&&nPK#lam>Igp)+$@X&\pA0NCq_S$EiJ3.d<7S`r>E'T>
-[^p@?i!FLB2Vu<#)0ct9p3IdJCTCTA_5"hfiWhk0hAXarKJgMt++YLQ-]c1fZ)?t(
-DN2=\rr?epfTQJ6IeU\Y!;Is-(rHH9Hi'Ce/,\)qo$/am(@*m:D@oYGL,i/Lm$?]F
-2npUXP$#!Sa)O!6C&8QmaWIp?m60CNRD3AVKT#@Ef>2cGL$h&t1%FGE^B_3:+,Nb'
-CS8f2pufU[*Ga3>\aZMR+PWfrbdN:!o5;ba?eCj/cmp45-,9?m!noM'5@lc_TF?mA
-5I9>/#9s]J3"?6SocAd(2d?7fJ,]KP3Gr'p:q.m5#KHcDg"`OP>]0>-T22Z!!3/qH
-_(C/pVf(0pfg\s]rU5agZeeJ<);4OS7XF.eSiUtlrrD$/J+-CoqDC8tnFuq.hu*.\
-rr@gWrrBl2J*>DCrrBsoq`fT%eYE*aBE%r84oYMW;j74]%tEsErrCAGO8*jir"So)
-ND<:I4oYMgp\t4V>!LusJ+-CoqDC8tnFuq.hu*.\rr@gWrrBl2J*>DCrrBsoq`fT%
-eYE*aBE%r84oYMW;j74]%tEsErrCAGO8*jir"So)ND<:I4oYMgp\t4V>!LusJ+-Co
-qDC8tnFuq.hu*.\rr@gWrrBl2J*>DCrrBsoq`fT%eYE*aBE%r84oYMW;j74]%tEsE
-rrCAGO8*jir"So)ND<:I4oYMgp\t4V>!LusJ+-CoqDC8tnFuq.hu*.\rr@gWrrBl2
-J*>DCrrBsoq`fT%eYE*aBE%r84oYMW;j74]%tEsErrCAGO8*jir"So)ND<:I4oYMg
-p\t4V>!LusJ+-CoqDC8tnFuq.hu*.\rr@gWrrBl2J*>DCrrBsoq`fT%eYE*aBE%r8
-4oYMW;j74]%tEsErrCAGO8*jir"So)ND<:I4oYMgp\t4V>!LusJ+-CoqDC8tnFuq.
-hu*._T[82HS3QLDmg6/*^(0oKj,X>XM0)l_2<$-I"FehW#eV%%YBXf17nqO:r&(Q_
-pg<&VPC';(F&CFDI59h^cn@!udPYC9gVp,Eh*R]9k+M_SJl[B;:$l>Cg=u<rnh'7g
-NX-b_j(I`S*)ONc#i^^ie)I$"N\ja(70-CR:]LJn^\e_ZrX*nj-h^K*VEa.Mrm+*F
-mf*8$am\PVesZO<%^#a2Jt;oAdA]e=!/IoSGQ.[+V+:GE\,H_Yrr>Nb0E*$=g#)f0
-Ss:DelJM@chu+IX^\E.?B7Ko,<.DfdJ)I5SoP.;(!9*;CSc8]cku%H\%^#a2Jt;oA
-dA]e=!/IoSGQ.[+V+:GE\,H_Yrr>Nb0E*$=g#)f0Ss:DelJM@chu+IX^\E.?B7Ko,
-<.DfdJ)I5SoP.;(!9*;CSc8]cku%H\%^#a2Jt;oAdA]e=!/IoSGQ.[+V+:GE\,H_Y
-rr>Nb0E*$=g#)f0Ss:DelJM@chu+IX^\E.?B7Ko,<.DfdJ)I5SoP.;(!9*;CSc8]c
-ku%H\%^#a2Jt;oAdA]e=!/IoSGQ.[+V+:GE\,H_Yrr>Nb0E*$=g#)f0Ss:DelJM@c
-hu+IX^\E.?B7Ko,<.DfdJ)I5SoP.;(!9*;CSc8]cku%H\%^#a2Jt;oAdA]e=!/IoS
-GQ.[+V+:GE\,H_Yrr>Nb0E*$=g#)f0Ss:DelJM@chu+IX^\E.?B7Ko,<.DfdJ)I5S
-oP.;(!9*;CSc8]cku%H\%^#a2Jt;oAdA]e=!/IoSGQ.[+V+:GE\,H_Yrr>Nb0E*$=
-g#)f0Ss:DelJM@chu+IX^\E.?B7Ko,<>kf:JldH<:bm%f-nuUtT8k#"a<YrMrr@bA
-E.,$3l=g1tLKAuA:d=0mci,".g#rA8Sn0#5lL4Kt#Q5QdrrBssq`OlYo?=!/*F8[F
-"[N(fUJF,LI",e$rcs`X_lLQ1W#tYGkPkMmO6lK<!7*E]piUfY'a+Gp4T>E?nbo&/
-q;tQS!"Q13!.pkndANW75!QC"rr>1(5N1/Mn5Kqp2"U_ILWB+6rrD5M8,PE[rX+5V
-!(NQ0nG*"/5Q(+$rr@gUJ&+rGkgRlW+!92!rrAX%+7SRapaQOI)L;>__rLVVrrDZ7
-U])9>rr<3frrAfi5PTVUB:o0KP^gTO^Yl%4oP*Lg!"Y.WoD\g:16;3QGPi0Xrf'&?
-!9*JHSq$Ru;?$V+Y5\KRTRY@eTDUl;Zd8XO4N]nIe_fjq&,J-Srr@hpp3HZ<kF"j<
-3kP@uJc>^>Sq$8)rm*h,o-jV=LKAuA:d=0mci,".g#rA8Sn0#5lL4Kt#Q5QdrrBss
-q`OlYo?=C_nDERirr<3O[.'E;HlMT'rX$:-S)^B6i1m9hi#CR0^U,VWiN7IC3_m/`
-hWqc!LGYQGi+MFin8hLX4>VKH*Cius'NuT:BCRR.Mlu?6hP]>RZtl9Fpjr*4<rI]d
-D-%Z`rWq-Q2mDItqd=eomW*UQ!/Ha#YN=KETCs*$!.p&@QC@\u-N='t?[NU`+6%b_
-phO1)?E<,T"+JYl4tZ;Tn:->fq6YVfG]u]hpuhNdr*[pb2fI]h$L7B'SflQG2kk"M
-,Leh1WU!k.I;*d4G?WJ'$eE(t5Pu4:;UYJ)D=L!m$%q_Gj%kJY0B)j[_AZ424Djsc
-h0;T3n)4cf=i%!1>JloB^B8t%mt<_,M!_i*Ut],;RKfnR*<T:224'*#1sZZ?]/G;9
-BR4ijks&SegJV$%-i=RWp2=Le"<ZA'j07R+e:5;+60NXX29YcQp'1NsJs"16?PN8s
-iFi'%KAec)9de!TqG*[Q'(=f*m/a$XP@!e)M4n]C?7"$I26:Tn!$&ahDiB"VS)K94
-'Bsg-M/GF?iEOV=BmS@FT_NS/nI;q1Hf;X>>r0lH5@xxxxx'A.?X*;\rr<24rLX!:
-GjA0sS&IT(r(HoXGb;jE.Ik-JMGddmpnpg\6i1s&2XhF[-.ET=Rb#$GpbPOVnID3>
-f6fk:X5XRU;Uo\8c2/N2_*MZP?iC?.q_9i;^oMq8IiNK#+"7W5n5;-Zi,0KS7W@.(
-o8i8bq\Oau9M`L>'oW(lfRr.4m.Kim^p31>)L`pp^C.b4G]1MYg9pC"r%"r=n\9s(
-+,PKSB?";8IO;\rGD'nI=`<8Y!lJ<59[R;#r(K4/iOF#K'l-`_J''^g<a#?9YK2Y&
-qc$*dJIJhOBl=]aE!hbk,G?U2NJsVfON76lrr@[]5NJ;_d!ta?rm.55I/Te?oQU9R
-/*$W8qf@.!p^L`mh$_+"!";%(IaUFarXW`>#*Joc"O-hT^M'`:`L[t;a1r5=YN$^\
-n%;NpA,IPGZ_i2r?N`7@xxx%@M**e:F7BdVmAKk3nBR6Vhh[m91sK[N3g*49I,4:e
-rX2fso>/-FfDL!m627Y_''ml%IQI6sXaC-<QeT8dn(CM'h[6cPpa5J-';tP^plBq'
-U&.T6e"7/"'PP87T,%A+C=tIOpf=u8m6U9'it]'$/>):D#3oP.^)[&+nOJL")uH>u
-^Z&=HIP^mXpil7`iNBTg!!t$jT8NUOn;kMk!-jG!4''c/!4Vk>j/iDZnOJ:UYO%6t
-_b/O&YO,U'<Ns4:cITAI4'&WXrlqEE=l)S)]RMkhhgZ^FH2BGtbduuVIti_FO2b&p
-=8eNc*,5/=,5>70(ZUgRV.or0*5?4VK>.N$8$:VE)>HY[?O2$TpoCR]*Z=a2XD<8$
-pjM'r&D25s`P*\'dPO*=Df0Jl:V-+X!rgf$'0J53T8*%\1%;B,^MA=Yrr<s%iG3]0
-iTJ+.JH#VTI_YacGhZ!g.I_O^pj:q+Ld!B[\&+d4."CVSiS2TbrXg6.h[k/OV_uc+
-nLMMK/Fh;TnOp]%f>HL!g@'X+5N;\CLf&P6q[*9&_+_R+r+=N0@ipFh+n-PbnbZ>]
-Sbk?Z4sg!misuB>-fK!]IhR&?a,p;D+7MgnN>MTp'fE&L'E6@M&b'^s^(a"WqgJ86
-`'4fo__6aJ+2h9($h"8o$fR/^9iF[ZDm+ESid^E6HtiINIasm:m'#pqiHD^#DY$3a
-O6jR>081LU-ElIeM)Q>#M7cF>D&;3p_-[6<CZFl94>3LDrXkJuet5:Z5A%*RJ$s:6
-D\66(_@N_6F/XI0n@s^brr<XEr[mXfKtJZ#(ZBN:!.qiH?aK3R/3H)mChWY]LAq6g
-)guqHSd=l$_9WMaTD!0t%H3odq"%#SN^%#\O+4M@S`/Ib5IDm+S)I.pIhD<+!;o4_
-X#rJ;kms]i=7G[s?"Zt'4hcd2mtJLh]I!'&iXa*.J*QJ'J&+j/AWM\:c[dqA#C(l,
-^='_AHroeZ_Z'T?GcOcJdC_3/C79Xjn(D4/GO82a08hbmDi/p.UA2o!peg$TDq].'
-EW)MGFcCmf\mL;Xp8@]Wn9a)qf7^:!?\og9e9-8A^&raknB^J4n2K:Oa8Z,C=R3P*
-K75h../8#VLVd5-MCl440,&'V)>KWY%3NU$%?H=HoUSc^d]GC]9e0GT\(0lQc"C,,
-i7'!]MU,59[RfiJnrMO$p4Lo1A`&&Xr*e#1TC't0I!#=NHi^D7YkU/sh[oHp]G'hA
-p9+0@n4VaLhA,N5_hd`.FlM:!=a1bB+,I,5!MF[E9^r=hWVG3%5de)jYD[eJnBS0*
-^Q*g%Z6'66(jo$PaUaDRIiWcPiGXB3$i;7(Hns0b/GpseBC'@&1WM]ur]KNH!4M"h
-!0$h?F00oKHDg,7n@(mV/rfA0p/n]l=+pK[isgLR*Y[+Ir@c3_!:^!gNdQ-B93:V$
-_c4MB:](rc6LjNb.pN#RKY@rkYPUk<0_jDlU\7s^n%aF+*s\G3DNi#mDo]Om`W#r-
-<dDGnbDYhG?8qZ$nFtlhLpS`9_r%[epP(<5;;mRrr]U$\i]TZE3bH(p.p)85L4"B_
-1%@xxxxxxxxxxxxxxxxxxx"XnG=K$1?1HNur'TG8'O,;FhBq_^`*\4)4RkAIYDW>[
-%t$ce9i#*bc1\d=n)AhKr*A6/?Wur3M0rIa4b$;trPl>)0,XK!_7GAVib_cIkb<q_
-U5C@nMC>3V.&)SIU5C@nMC>3V.&)SIU5C@nMC>3V.&)SIU5C@nMC>Zp5Ai.M19]F7
-rloNXJH#W":ZC+.!%)%mrrC.!i]m;Ih1+X2rR:cH_6KX'9tt@+q\FZoci$%Vd8g&g
-2hSk\mt9L8Iq_+\HiWpJq_rmln8I[pnR'/j(j/%Tr*fQ3^*ih3nM0PlPP[H>$MY'U
-@q5#s_-c\-YDX<#K_-d#/)ZGHD69s).es#D:t>4FF[$O4WTZ7omAGO5.Dl!=rr@XP
-HnG+4Tm0`OJH#Tjrr?aTKAJf]G(no4"mDQq]K:E.'?,D_O5\ZPq_ruFT<g_lnFkm2
-poj/li[;T9N=3dU*rUi.B0RJ_UKVSj"36^7&UZ%.al&3spcH8T/+F.#DuTf.]J&7"
-5JeHZnF)%;RuMU[9(9QKUj.)W]CACK4AFjs'3seu-D,4R=kn7[`kF=\r'B?r([JD3
->=U$Dif=l@g>@b"6)ZZ\XflL9QE,4RGrO"*[a2d>)gm)4SNKL5n):CpfR>&2j0+$+
-'"e7EJ&94RIM@9BGh_/+a,btI)gj0<J&6?3rm*g:DM=s;@dCc>Cc,Sdm;)EEplD6G
-U[3L"MJ?014eB,AM6pWSIM71PT=+u`^<PYUg101+NkQEZDtnJT!"!7kn<`j,pau$:
-p2TlrnM9:d=2jY'5kPYGrr<3b9Ar)QrrBk`5A$P@rr>@S/`2K#$%*W\erAZ7pa>,%
-!/su?rg0YL[U0aH(Z;La:C29h](d*A!!L:948Uqkr%ut'%fB9#l/?Opr%n?QKHEOi
-nSHpW_QA;gnR'/:$\$FZZ01K<ifA\_.b";an;gT=ZM56qf7gtJ:YFdI*^B02KmYu@
-Di@xxxxxxxxxx(Y5DFV&nP6:H3PS+ciIBUgi4$YNO1kqi-\-RVn3c,@`_?f\a'(E^
-Hr9nD$^9W-^[OGM8H/[C;c_<FdGXs:q]kf%rN'i5@GkLRIh$TsMI-@5BTE\h2LYo2
-!/.-@Ie\uo&)gaKlZsAd57rBSn@xxxxxxx[?h#6*&$L6X!68HPL[AmI,KF+InTTsT
-9D^So8,-`ef0Ji6J`@8qJ$W4mD\;n"n6WHu9)cntrYF)_$fg+PI`=UY=2^.3l5h2K
-TBq"RG['0?LGeH0_1*%KINN>$p6FX/lc#Lc:G:Du`IIBcDBs-@BmT6e?\*Y.pa6T3
-ipe>(M#J`K2:]D]I@9^<g+VF2`@i=sr\F8.D>RC>hKV!QI+@oi!87Op?7>?ANP%W^
-rl>$=Z7h$ACQ#<=i(&KD(&KZ$rYP(MJc%=_hZ\6T_n$Y;4<*5g$V9d%KY/ViI3VPW
-rr@e$0B&N6l1XsKKAk\tkW2GOVNmlh=sfMKBr5S_7[[t-Vs1d@[Cr-%]Je-W)Yd\,
-A+7+Kh\X!92hl\piVa/'?8D$=`IHRmit$gU3T?*Vg5!Mj%-nr]rL\RQO+j2IF;l;6
-HplD3%K(\*F?KtJ=5gicea9`iKj+JLi[m8tG\59#n7BnO+-&HBnY#iE^M"^L^U+K]
-n^$7)KR=1)13i*9^qU.k4rJ`YrKf`a>G$tJ2Y_4NDh9o4[,-Amm7Y?h$bp?cpa:!t
-rr@bZrrBoSn@/,DrM=lHj5"M12#dOj[$t>K;=Kga$M\Dqh]5g%Hqs1inSA+1XfqM`
-iih_AnRpgIm5sje_I!nf&`^%ph>CLPe$&P-iLc)n.dB22pi#YGrX)/j=nmWb)HXkL
-JNjfs'O1@ua$1==!8sMV+h$oBKC=0mU3m[E0>ZC6HmeeUp`&/iT7D;"iMh;mIL5on
-nB\n2LK\W6T*o"A]$7TCmuG%piZAhYU?>=_nMcI,,5bI2kD?o&r)`ZIiZY%1RLb-h
-Fl/"I'DuS(mi6*=07uAEiBIA,)Ma,$1f"-s42N$Je+>j5l!CP^'N%:5;+20r72/Tf
-'N%:5;+20r72/Tf'N%:5;+20r72/Tf'N%:5;+20r7=;ZCEIZ)qIb5b9CS.s=ri1G`
-fD./rhu6+V')qsaB)_l2!(n<I]0H'K!r@xxx;1)[Pa67MG\d##%JHnf_YXBtHhNF,
-jo)XAj3$>@rr=Q^R>(5kCe_[p+84OZr:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-
-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq
-8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5n
-d!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3
-dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_
-h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'W
-q--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"
-n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-
-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq
-8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5n
-d!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3
-dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_
-h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'W
-q--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"
-n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-
-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq
-8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5n
-d!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3
-dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_
-h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'W
-q--A_h=(:3dQd5nd!tjq8+td-r:/3"n=S'Wq--A_h=(:3dQd5nd!tjq8+td-r:/3"
-n=S'Wq-.2WrnQ5HgqU*Qm=uWJV1k-,=oG"UN-ZP'%"VdE08l'ZQ7Y6GM82>,Oh+)C
-L.52DO7H*:^\j*5-3!tLc2ReCPWaM<rrDP)=8\7hg(42%^Y/Verr>jp!46$]:Mm81
-QWI5!I\!EPVT%+*]8I?#V5uUD1HhA&J#HJNf.\UR\W5H=/W>h41F0r7=8r88?[pG3
-Xaf7.!"T#/o)=^;9CM]morn8m!9)i7?d\hOIK':6hR3@`J,DD.!6b4'[4f;Y>LpRX
-rr@h(q0tp.V>'orHIr,q!:]IW!&*R8e@tq_Tl4-7!5JLRrrD0Z+53(=oI]B9p\t62
-^\kjAqbm=jKtV:$rrDh<rrADXIqi>?d'p-,hu<ZdrrDWhO6oU/qA/b-qu6ZThu7!1
-rMb5F!(,PMrr@QH49#<(qEMA@^Z\nQ^[M1&LO],L8+reRr<mr'rVllen,EA@kl0)G
-rrAa2>5nT;rZ2"=jo$:TQf%EelX0Dd!5lSL^SC[(qu2;_C]=>6pil`<Qh5cB?[pG3
-Xaf7.!"T#/o)=^;9CM]morn8m!9)i7?d\hOIK':6hR3@`J,DD.!6b4'[4f;Y>LpRX
-rr@h(q0tp.V>'orHIr,q!:]IW!&*R8e@tq_Tl4-7!5JLRrrD0Z+53(=oI]B9p\t62
-^\kjAqbm=jKtV:$rrDh<rrADXIqi>?d'p-,hu<ZdrrDWhO6oU/qA/b-qu6ZThu7!1
-rMb5F!(,PMrr@QH49#<(qEMA@^Z\nQ^[M1&LO],L8+reRr<mr'rVllen,EA@kl0)G
-rrAa2>5nT;rZ2"=jo$:TQf%EelX0Dd!5lSL^SC[(qu2;_C]=>6pil`<Qh5cB?[pG3
-Xaf7.!"T#/o)=^;9CM]morn8m!9)i7?d\hOIK':6hR3@`J,DD.!6b4'[4f;Y>LpRX
-rr@h(q0u+EEFZSf[F@&#6V9;?d+V9CFSE23kQ"N0c`knPQ5c7AZ*m;f#e;\&:p\ET
-2VbCY93&IMIa!impK)RF#V<&/(-+$#S7/7-dTI`M+h!>tY-)E+)gchF1.n_>,Jj>X
-IK':6hR3@`J,DD.!6b4'[4f;Y>LpRXrr@h(q0tp.V>'orHIr,q!:]IW!&*R8e@tq_
-Tl4-7!5JLRrrD0Z+53(=oI]B9p\t62^\kjAqbm=jKtV:$rrDh<rrADXIqi>?d'p-,
-hu<ZdrrDWhO6oU/qA/b-qu6ZThu7!1rMb5F!(,PMrr@QH49#<(qEMA@^Z\nQ^[M1&
-LO],L8+reRr<mr'rVllen,EA@kl0)GrrAa2>5nT;rZ2"=jo$:TQf%EelX0Dd!5lSL
-^SC[(qu2;_C]=>6pil`<Qh5cB?[pG3Xaf7.!"T#/o)=^;9CM]morn8m!9)i7?d\hO
-IK':6hR3@`J,DD.!6b4'[4f;Y>LpRXrr@h(q0tp.V>'orHIr,q!:]IW!&*R8e@tq_
-Tl4-7!5JLRrrD0Z+53(=oI]B9p\t62^\kjAqbm=jKtV:$rrDh<rrADXIqi>?d'p-,
-hu<ZdrrDWhO6oU/qA/b-qu6ZThu7!1rMb5F!(,PMrr@QH49#<(qEMA@^Z\nQ^[M1&
-LO],L8+reRr<mr'rVllen,EA@kl0)GrrAa2>5nT;rZ2"=jo$:TQf%EelX0Dd!5lSL
-^SC[(qu2;_C]=>6pil`<Qh5cB?[pG3Xaf7.!"T#/o)=^;9CM]morn8m!9)i7?d\hO
-IK':6hR3@`J,DD.!6b4'[4f;Y>LpRXrr@h(q0tp.V>'orHIr,q!:]IW!&*R8e@tq_
-Tl4-7!5JLRrrD0Z1/26O.,IG_f"+m=B42bC1ItL[YmD+*j3&s7%bTc2OkU5#bWnBP
-IbND>\qfW<qcr"29U?OH+0s5[!@1R?E5VYi5DtbXX958S_5!;F'kE1jGi_>U)+XK\
-Gi/Kj%hemBfOk-`rr>Y4^Uepi2CnbuYO)Sp!+OjPrrE'!VuHbN0#+=O"9(DqrrB:T
-M*LYWeSAoW.&)SIU5C@nMC>3V.&)SIU5CG&o.o!*16NMlDAbtj&Af5+JiNrF#U>J_
-^,5eQIq;E0+1+Q)bO>W-K)!UMrrCb7`*X0A48^&mC%7\3[iQ@xxxxxxxx,GBoj<Rt
-%FKQAET,4PGQZme`a8`@)aj,p!/DY$3^/^m4roCOimQ7:NCN'ml:,@]#Q>b,q^d6C
-rrDFdrr@r[rP&:3qBfnU!/Gk!b9-?U!;fcGik[it^]'(Y5N1IKZH)nC!<1MUpomQK
-n,EB^Atf5)LNS'g+7o%";Ld\Urnegr'(g[k]"_eeq=sof5Ogu<!,mqtM0_DFh-[IC
-r;;#nTD5&Y!4U#K!(=M3leh2-?eN$B6Ih^G?7PoS4=@;6NQZ"l,.IN]5A_JU^5&_U
-QrrXK_gXK<rSfI9CSJu3b+81>&nj>7OaN:\Hg<->G"Ulr!,!C0)XkY;fg#1ApoWP.
-DL>1K6f@.onaRR:B$M7\XZs;-F5c!ZGb\@VQLQ5?>M>',<Oin77#;m;m#;TW5T`X"
-/H5_@0kk"g"kWbSoXi"`[7(d,72/Tf'N%:5;+20r72/Tf'N%:5;+5kJnB9b9K`;$e
-Di=Vq[?]pp:DS=grl+XYn[l]R"o]S<8)]NLYDllj1g:tE?eO>p5K8[a`*1F+_!`@m
-3n=..iXJi)*uQqA/2rE.%9CYHdBm13hbLV36S*lG&,[*Yp/NX`hL<uY^qb$k!!NH&
-^5E$<!PdTj1']1WH_45C6h$;Wp>62V!,9d5&)[\H]M%;2&:?;'Vnufo_rC-<XaVPj
-pVpPS]MILgBB&*3^M,n:Gdfqna57JOh\:>(>4C_t!dm57kr.BCnK+ejQ[Q#PE*:?n
-S?YDg^MH^A1!eSrrls3kV#LGE-fPSbPOFM2!9A+h0E$WDrrD\blhdU[!/"aqjI6(p
-J+bJnci4"AJ,Q,-qL6dUj2QTG%="*:!)bCL[]$CNDtktEa$5KSZ\SGkA+m\4]C7Jo
-Rd\-9M>AQQn@-<H&!$Q@//Fg(nFiLE,NH8MmtRDc\FApc,SOGXIpKVSDi=NZVs,6N
-d@/+ohA+NmmJKK59j^<Y2OC6*(-eEun5:?bIh;V[i0OBC[9)^Ci\/u/iciF;:I=i-
-q^DIE_-T6RnO)9%m1]@lrmX0?2o@k9]!q%&q]4r$!43!ILilK(IaC:t4s8^,8,E\R
-2hu6f06R9pKj)7/h]$=!"oc!iH]JmN$X2%2Vs^D]!.pL9!5V>+/,M.%`h+88.""5W
-L&=18!"UFOl2L_dchItH/RA,UDi`ce^Yr&i!5hq6"'Y5M`p\e7+1r'B*D>@(r$Hk_
-p,8Nr_S:b2%fRi#C]4nF!;K/>1k-<hAb_Df!!k\.+S^ZHBclhDIubZZIPq-*_+B,h
-Dq]-h2sd;Xih+n*a'\=3^OtFMkJViTr!!%nr'12]$VTJlmE+<MDoE?'(8%pOK75D$
-e))#A3;DgURWKcRn2J/?KK@tBYP_;u!/*;L(0]n>+,'V/f!TFQT*p*Ff>$7S5IMnm
-nQ3XnZfd&A)gi%gRIM65^[P,Spa8;mRq(JcM-g=6C9Q9N8bdr-ch?`#47QClf/e)_
-n/p[$Ld!)3DuH<@Fl8l1r$o5)FRP+d,*1`dJ`8<cpn#CC>"?Af?I$_f4ta_NXM8Y6
-MI%_0XF;.<`a?+I_OoMnj/7jNA5DtPTDT;u_`e_.`Sl:UI!bWAiKf,i[J2EF;rVDA
-j0&sj-.79W58S(G5K/,(]!$k]rBEj&]Pm=Yih+(P*,5C"\,QG]Qf+Am3WsM=?_h$8
-5A\*gqd06+r,M5h;u"9-)LPliNIPKp$fXjpn5(dlP=#5>^*ip(h?3O#nJB*W%(t-_
-07f`*IOY'Lp<`U5i89>t(&SM]p3o""VdR+*erS`Rg%41QT[>l;j3&O%hB]>pDNWn-
-$pW[OIinY9Ib$`g\%lnlC7bhq:Z1.*-qD.8g1SAH$2eRYq[\/2hZLMIn/K='%R(87
-*uk1oG`,,fPP[prPMpDErr<33pecC7?"tE$nJ8=tMno>mZF6IdI6LF7r'YmmKU1II
-d<lOGq18E!HuA`Lj"L0Rn,*aOim7!hiZA7$fDbj?[m/fVhm76SIN%Ld)'JmPkP3Zu
-VdHh0Tmpk8%:B$1nP@/q2tj)/rYK4-]Kc@MV-A<le,3;*4WiXTJp\pJpeSpP%fS)/
-T1.=Q?dN/3rrDOihqItIhZ5t"S):[;MgRV`2bWW^rX'hK!!NPT5@[nng!@RN%K7a=
-h\SHcG\?"H`@m;P!"4/hj#`=UB2eTmi]dYF8_8>/F7>efnILL.,Q3pW+)1^:K)YgP
-d570aGpKhEc'B14hu<Z[L&JOZDu22;_(S#hO,Q7,rKMfj>lNS%[mu.%@xxxxxxx];
-T8VE9NNGG(5PU$(hr4!cn_Ze1OlDFY]&&/!+8A73hhLu=Nhu4lqr-/Gn+]U6T+BiS
-ZJ4EkJZh6`g\;TCrrD[+qb$d#rr@e%paP6!MADd%rr@`8`B&MH,G#SDA+8saBDrL8
-pf]m#r[7KM624aT0B"kf-.;$]et(`kpfcPlr+4f)LO\fbG_8eA$2>J=&o[P<]O>lZ
-pfg5=2%*@VCA9C\!"Abo;o*qkmef`X!"$u/FT2@98GlW\45qX]2uFmbn?dX%r(lj#
-^%"VQVo>;'6t4\hXZO?`n?otbprg]B&O54VnG]*['C[sY,iA*IpcdG.n@"=Ol1Vm5
-Do+_s^E,QJJ&/et!!`H'i3/RSm4nK>GdmCdpeBeHnTM<)`R!8Ep5A^bn5J@jJTL^,
-Gc17Ee:&3]AG?E"/)kc0^)#uT"k5^OpmMmk6bj``pj)Bc6h+fCr%6qn$N*<=4@Nh2
-IB!1mj%oG$QgM2]lJK&M!/\I'msmXl[X[7trr?qt(4OF*')e#A!W*0%g`IO6D=Qf*
-56lRQnAiCq'KfGUmG79(`%leeIg#[liXHu7pke%5"2Omdpa>'\>JM.POl9S)<RST*
-IrFQIf81#ohsa`TgQ0.BZ`!^8VtS"-!/)<b;7cN_rr<2`rr@Y5Gjk?#rr@asrr<>N
-`T]Q5IaDF1r&O<-i4m//!:91L9>BFtgA"n1=,spRiGXPpgRmuCrrD!pq!4T#7+_,#
-m*GH(*t%Z/LAq8-*uB?4rX(%Q!!SSVTBr\XrmF"GIKXHd!"(nEp]pL]poj2-iA\]Y
-KfV`jYPVi-9@NfEibQjRHm6#o^Ypg[J&+I!*@HQUA09KCikL2Srr@pXrY`3??a"]e
-p41XT1#d*ZG]`_Q=M41u`4<SdHoUeKf`Urbrr@Y;rn3n^rr?fY/&D'(ln@l&p2g2"
-Ir:>%X7e^-r-@:-1ZS4d^,=gJ!5bN#Ss=0i4):9d_JLsEqA4^*hs<!:CVCnAIPg>6
-Ii<\Vrr<Ec_Kr)ciNE?.A)Q4KiEIrNGgl6dp)X+GrrCuN5750`P999eO,<U\)a4s`
-D"3kZ_uB]?"n423CS:IKp5Si[n[mf$`*\:+)>Kcmg\.f>[u5WHnLqqgIb"9!X7>(Q
-d^<EbGUcLE<YfY%+Og63i&r:Q^cIs0ZKC=AnTKKVGCohpi30o'ooFsD*o6`]nF,`"
-ih$G>^[PGjC]4U9nR"TO?c.AMrW;UKNBBp!U#R"Q4o86,4n3F#n_<%mQ12g\de'U/
-L\?&Gm.K@6"ajS)2=3cK4u(RRIQi!sgW*JEPOS#Kp.,,_K#rJr?aU)hq\sp%n?9VL
-pfK`jIqdfo\mL-j!#!!MHoq:[Ir5WYph%k*qd&ubnOqi;LW99[rX(BZG_a4%ZF@ff
-pf*FOHb^[FpnMVtHm/!=[^#e/ipR?$(W+qQ%dR;rL6($&rX0,2EVSGb?N1"W?@LQL
-(jlei./s:a\c'0*DN>/(_nI>i;t/DV58U]Q)d7a.J+4'0^VekPj1^HA,K1`<FhJ0u
-5OaMF^CBhY*D><bpVX1mhsd(K4s.Q0A[f^`"($@J\*u&errAjEi/'WXrNEpZGan[>
-@<_8A!;;8r^+oCAiLg#^rrDc9par@V3fej+-`;g.*trlT;#!m6TDU1r(AQMTM>340
-HnkSh[(Rsd=gRTfm+616Y7YLj$e.%(eDg8PX4n#q-N!PGMQ)+*!$4)6p$$Pt!2<f4
-Qi7<OF;+?JrIu+5O4`dlA0"HaK"_O5d_D6EnU(6B_=/Q,=n-G./AE8*dD)n5mDo5,
-"f`XPJ)M_<1%DB\`=M_kDhpRgrrBlK8&7Fb<o[B_dFU6-:\I<WUOESu+o_Or6@9gI
-SIa\.Q/W;pJ&2<dSac&q9^+dL?bQH]^[P;Xpac[;>PgNtJ$q;RDqH;M4tHT'I!b?!
-p@e%6_dT9RROl%j_nV'N""esKrrBqgGW*J:"89\'^W0.),Q8HCNW'j*_-`&U*RK:H
-0A,a3,KCiPdsP*`mdj?GIB!*nKDs2Hn8TiCTCMO4cg6AD:C_aRn.)LlIb.pJ^Yk]4
-"ScWh/N<B5rN,Y9,N:r)rEJ4"]m9VX"blK5__2mCIP+D$lbDr-J$_)9O5ShU`)cW$
-[thU0i,c$qMoA_H'f6p];Xrn7qHNL)=7Le-#QFc-h!iANCZEa!?QQQbfrMtSn4>3I
-p6sFD)uL9GTtWO9bbFRdQG<<+ks#OD]PleZ(k0`e&:P=<qo6Vd!9gk;%ZB;L)>L+:
-n:ubrm9<QZmX_3M>5l.4l9C^Zn4"Mp.^/aaU\9[spa>7kU:5UQIPUp'_GC%5?%18[
-)h'erd<`RGh*9p]GU)16r"U=58*lf,7aa0?"'b(p2oS!&VsN$n9fKuh$aT<RLZ(C+
-`*X:&#lZLT=8:D,O6iuq_-[a;RJhtli3PYV8*r8*KDl0)Xn]fO^U#hNn-Aq"Vm$+#
-_+<uGIMqp!iMXX_pqcG)_Z'V@<$"//"6fJD*-FK,RZE("/F39g\^>L*Hr]/s^Lsa)
-)KJ+JZ#?F_<lRj7b3MIpRWZ6dkuXMirh9>lM#(398*ibG!%%sJ%tE98rlDkNY!*cU
-g!u!Fr/=f\rIK+k!<"P>h/-"X'N%;K$i8KB(&L[LZc/QFLVl?3?P5S@N<AmopmM-^
-"jm&5q_*E7^U8!<5ASRekTB:ic[qeYXSt*T+7[96ZbOJOLRojkUqbkhrrC.mrr@b9
-^'".%i_S6/ib/0A]f0<,pgrrM_uB]M4@PoX4ppeOmr+-a!8sZ&*5"N+5Q2&8i2]'L
-r$[n(rr@XVIa-aT^+fHb\@U&b?M]G8r(Z\dp-JJ7nc&SlZ1u3f?93hq`#9B"N4^=2
-BprVBJuq3YC(U/PHg<c,:A7bShc[D_?f<sA(&.\7'Cj]5\*`GM"2\@brJ`oSV1-@t
-n5$7?]CssjeGMc)hrAp>2%LT"S)`Dm#2ch<NIDCBpb,>9mGSFgD%"9'15B2@n@uq6
-4s@b@HmA.,L3/IclJDtu4DMSp]^aUk5M9t*+1C(FrrA)Y"9"_g+R,N&O6n/6K7@Pf
-KcdYa`@3tupik^.m";D;,Oe0pn]TnCJinI^4iI=OrM@4KI!F98083;K^@O\]7\a\p
-4BQit?_>3H^&J(a]Fh@%?Ka-/^W[5-09"eqp!<OK]D`2_j'UN4`ubXQCp/R8#J]2p
-rr<a^$V0\ninoI)BrrUUS&F/%rMoktA.'t:rXaQ"pe1>*e,3eHX7gH#S[Pl'l<b##
-!+rtQh7fTA%hf=4btI(mMYo7W^#8nj&:T5Urr<4FrOCV%hC?:L[/H4upiC`\!!Ua>
-rrDs/CV_&,S)CKhl25DWn*M,C?\dTYm4%%u+/eKhD4u3trXdn/kJI(VO8]W'*t<T*
-rr<EW8^[50(W4!&4qq=JP>9a-.>8$)(C0Z*^A*WUg\,*gn8H1'"6//"r"KtH$:4P-
-r'U8Vi4ms;p6trW4>X!^BD)W#++nr\V>/Bqn*E"&9B&C\a+i2p.S9/G_-/1n@;#-!
-iYJ0Ua%u2+N-o]G[_(Me&K?4SrrB@^n4kXj;tc%GVS3Z?<S,!"Dh@iS_ESoc2#X5!
-/c6^[LPRg;K&7GqB0AKQJbVaoC%P,4iKrp@iI?E.+$STP5N-d>j1c#tT%ciHn=PMa
->N;^L]M7?l&P2mG[CMml_O_YCC&\0b(g_[=+!,o>5DHq[%%:8bQfF.\b$TiE[0Ei(
-bP%V-XM8Y&N5#pR@P<W=!#IKLM*D`()#Q,X^Q$!@^CPeI?8(i6c@t6SBsaEU`0VD:
-m%**[/CWSPM#:Q;0+gk;Fmp3(4A!EDrrBmOJ$b8nIq8$&"897o-c/+$]34WAlpLY/
-HkH-dnW1RKO,gS!8&X-Er"Q'gYK!1DHn*`1:[kah*Vf6rX%Mo+r"JD6H<.;NGc/A!
-0%M\g-fQe>3ei[o)Ye%:>>_iXr,q";!IZ3m!!Q]Xrr?bm)u^jHV1-fU0)-7Q)fPWj
-6iID8W-CPIT*;qLq#:?P\"EB?pg*UM+RkGKIM6thifD.+ZMspA48keGCH=Dm9eYO$
-kPQZVn<`FS)SPoOi'7!<2P)JpVL0fl!.r)ediLRM!.oLr!5TlZ!,G;9^u#4\^*A*a
-5O_Q(L;1"^`Z5jjnB[0Sn5"f<)>MD8J*dL1f2L9b)X5j<'5oba+3.2k?OAnWG@@KG
-UVr`Zcm%#DFfFdk0m.,M@pu9[?])VVWh1=r-i>"`]`%q\gA_-_rWW3,ptl>CU]1;t
-$h4D@r"GR[Do*%=0B#E\]M7loiP375N&P&Zn^#(5g@N4s)mt0N5ITa+Hr"D6=[!r&
-^=2#lLOWlr(3l<?ZhWAHa5KgQ1k,[V&^hKTH2BLL_+MIWm:5inrLu.;frN"tZB)eN
-LHk9$DtkV#lkApLrX^.kr$M4'n^maU^9-p,p'K86Bs7:uHlq@OphJ]?g@)mc!r+iD
-n@jPE\&77GO8D4fg@O\*IQ-d=NHM;Fhs:V1Y6TQn@=N/Zg&o6bn54+\?O+4Qq^D@l
-piH<KI_u*bZ7kUaiS..b?5`OOnUJR4a8@b)lm6fO>&+';!]?o=0C_!Z`eCVp]3UIr
-d<+i;ei3R7rr@b$V"d^&::^--nRD+L7E:6K'RQbU'qb32pmL-Vpc$+0hmTH!m=3/`
-Z_t`[MZ3YXrr?N3NBSAtphTC=?d\dgnCRXU?cCpUhceS.25:"@n@W':f5?&^Tm4aZ
-n;a?Hf\(M!rXp4uHhd#NX#iI:j%`sN^(5\AIiQ0Dr*97%K!KcCp]kU38Gk7<&,QP1
-!5Uk3Dl7tJrK0>&U;+&gMuNcj?]/XqIXF>3ibui_LS#9fD[uQ+p6GTOrZV&`p29D%
-_)iTQ)16A]%ud+i4r\luK2L+j?\V/B)G^NDGh^$Sr"Ms+$:jX0`#l5XlrDuEcO0Ru
-Mb=!LJti8F_'-SOUAk31IQuUlBRVU/6c'lkpjN/B"N5rQrf(FWH<GW<27JA5/"[](
-^JiT=4)Z%kHpQ7/nB;Y+G++tfWtiX\F5_VSn,*njp9`3G!(ZoFrltEJd#P1(%tDDL
-5N&$B^VfLHg]#%h!4I[Mal76mDrTs"+4t3qps#^]?WZd,m(q`NLV=5rPr("lOl4Q?
-SfP?9V53mh%;Se(`?%.LnJ(h#OfS7]_d@!Q:&b3F^OF_j$beLr1P>CWpc78>pa<93
-rrDRZi*YiOj,\mX2#XGg%=E9mL[`XLfBi\1Vo!6/c\WaL^Vo$`hr4$^qurdC_L=Q8
-7_:"VnBnXNN1[E]`G;(NBHIT\-@X@7&H!uSpdT`7r&!q6oSH!N;+25ka6\"0MrJ[Q
-'HgofIr,Vpocp[,/c-3AhbWEBO<:\cr"IPqrr<<hi2Ib[:B>^Tq\)9q!.oB=$XD/g
-mu&:W\pap49`;Cai1kc95N&9XXaG*_MrP?C.?B9K)Gf>\M(.@9JlfBAAZtIjnDE8m
-_EARN4u`"<Oe_hsnAiLT''MM"D[ok7#D_C3IrF5uM8/?*^L@f,5P%s+i1MIoejo+a
-rr=B+qd]X+ft2^_TDF6=6Efs.n\>!^*[UgdYg*1JrffQqFT2@1CfgOu?eQ%i`P:++
-!<3$prrBE3Io"c'r-6Qf!+E&DJ*KJ&f$tMs*ut7aHmATd^(L/3i((h;!U*l(4q`6:
-d&$7#NI2K#.&VJX<R]fL0.ee.m]>TYeT=N07+H-*2=CqJUHuZCr(Z-''5;b_M>T*/
-koM"r1sJeIjW![`-.hKjiXJ7Re\$=gT8NXK)"h0)iCCm0Jp)I4m/d)brmm^K5,$pG
-LL7CnL2FR<nXE8JAU3gdj,_+dT7jfE`(pTk8)Z*4q!6mlSe:MRhAMXR6%d,&Bj-Oj
-Bl\[NT<Un>4Ce7>Hl)aO^(br5peg'9#6)n/n%if.KO51;."#(jjm[n!n>;iI.n9NR
-pg'ls-iL.G'?T8VNut^c`IEWJ>BkL!dJbi`SfINniboS,B1)3-_EDqk9Xa`,Wr,KY
-GJa@[ZKM,tS&,qJ&V"Z$M1;p__f(5I?BtC`r)`iY4t$7bpdssNj%m]K*Vc,^Di[+n
-%ftrVIZO@ml+aZEWSu1Vlh6"]Iq^!^?P:"[j0'Kulf)6=UZ`d3DtOQH`7h,K4tHP*
-eUB#nn&tS]8cJdB8H-Fd=,j$NQ#Z;ca'L=lNBbHZg%4p&^%)+&`37m!p8.Pfj)%lX
-?gOhhprbr$TDWE*GcThB`h+%4]&3E9I1+*P.+*/*%Vkb4^(]%=S')7&`**YUB:sKq
-*@n_kVu.34p*oclnZQ9tU3pD=?i+?n+,R]mIa)6,Y.*F%pfQDhFT2?Lr+l7m4=B,Q
-"+JPP2#dQ/InT=fQ\DQViEgb5`P*JCrrD!t[*^K'-fX%N&%;8r61Hk.Bk;L*L%%n;
-$$H+]rm)W'ds`D:.e$6QI4sP+Q_AZi_X[O-nOMtNqc\A@rL:2:%/`fJr(X)6qnp,l
-rL86`r,M7f^jd*_?7V)V4sn"ooT'Z54Os*"p"`s7`.Hf-6BGr%*t&#Ji0RfUJ&/=E
-^B$MJpaa0F(%-H\q^lJf-1J\9jX7tgg:-d_pqbp]Jt<kMIt5k_%h\S\iQ$It/pq[/
-a+/OjTk[m7>>GYcOf!A8*Br4Rd^163Df9^Ur=XN@dD+V*T<QXsFT2=EkW1*-rHD!*
-Do4fn8&=)j^V[1/[bi%<5Gu@_KKgOU"laHV?8:rqM`qZ!+?pR0iJ59U$K&eZ'g-K:
-C4?[V*;E1E57;j15,i$6M0p,?gN[eW0^.\OrrCuCT<QYZrr<^[4n0&:^(9P<RTI?J
-MYbrF5D3AMocK1N+8eS)2gcqH\ZP-<1"G1%T*p-[D\;nFe\>_"LH=jWXa'jG`S0L,
--1GQaN=lbWRdREVhghBhhQ(@gh:ccAF8cKJq\8fui2>qlq`B%Pi4nu8_9^d:j/.J+
-9)d,m&,uW`NU^WLrY=V9^C9nD`h#3<4DFfq#mKdXmX.smhm%F(iZF+::\[FBF055,
-_KS6!+(Dk/DD^`F9=2#!:EOs"rr@xxxxxx]`=6b(]DO8M"9'(6M`a5nn,"&BgO;$T
-kJDCl$bRSOBDrP09ifG7[f6>]H15mo^U-eS^\C(_FT#jhIP(R"L$em?$$N:bC#Yb>
-*X:+G^!aYSIM)S[_'FM<T7R"Bn>>S8!Uu`%?gru&cTXC>ME_5-)#3:fQMme3/Gp4W
-?h#rO.[b.&,'Z?1=2g5[4uW0rV"j7Ie9l,mY7Pr.`R+B!qgZM4/Cs7e@A%?RDi/qE
-@Qs*Urr@XgI`M;GNP6]`h)kf"XUG+E:QDXX-%'A#F5YBu(\WmY+7/srO2foAPG78I
-1=j/kI`u+)ppHcDc@6KliFZd"#+_Z>?dlZ+n@)]OIPKS8W1Od*4CA'!XrU$kJ(^=j
-#g)!6.ouVWn,EB(X+0nLH5Grfrr<3Hpu2*YGU)0SL-K?ig0oJDm8r8=MnEob5DYp>
-F?bh9ZXS0G^d#1*!5sp=BV$jGPA4DWdl_:4fA^\!WnUX#CIQ#.5Dlg"+&:9AYH,Ai
-J&*C[@%WH$n@:,5J+0)N?gru&d,$fZME`'Z)#,'DQMme3'7:MhU%'r<.;<\6,'_#`
-=2KHH4ph!EX*Er2e9hqg?P%I7`RB&NqgZPU/C?%3@B\r7Q\p1H@Sa&=#6)kS"[?VV
-pfp&QV7[WE!!m680@,ZN&:\D$Ma-`/pp7nGn<Noepo"(Qrr<AgNBcF(f<sN&0C@Z`
-/M$fLcOGA6GY_$10DnDK*C%l\o=f+i^YkEMYg8)Hrr<5d3[_cBG>7RF_`ujF_;DZ8
-_QS^&h]'9oVntZO59B_+ibsWZ1%<MI4qE#`589UGLVd=(ho+Ce4E7E:IgnR]pe/Lh
-$[bN0WFI$,Hl&j<G]UbVkki-am;LXTreS>ehadT,VuB:I`LlrhDu)%-nid!QjuNGA
-P"krV;C*CoJ)HfgZ2Xg?rED_'pi546*I)56hAPk7V=?(Qrr<3GrLn^Sm6gSRn?7hZ
-%i\mR9XiTc/,LW-rr<hB&(ulY5OaX09@Op?:Ok:h$fNG)V#3+FLSs>W3;@o1iL^hZ
-B>_<hQ?[KM$*F(=pe0PCm+(tpG^nYdp4'p)f`U93KDS:?cJB*3!/6F&B(,^6kJk7F
-pp7u33RKs'rr<?/muHg`;rZ]>Gc0OCN&=E+7m(jppm]-E5MI8h]?kFPm6=7NZLr^$
-rrB>p^e]Qs(HsDJD"pld4a4\J1AKt6lQ.\RX.so`ia9YT08+d,n`P_dn<LbF^*[*4
-!$3t8JGO3'IhYE2Ih+Jq4tC<=%J8P6^*K:5?KYS`4oN]`]M1#`oSjSdr"ERb#:/#.
-!'No-nR!_p_*1%/pcUiMJ(XWfrnl2MVr9;^Qf)5&Hq@eR7e\qcM``*N_nuBnnOJ@W
-8<o+dCDm\lVr$[,V1le,EG9]8/5jKaCZo]@r!*0$KR<\10DIrL*.PgSrr<Agr%1_>
-7XsA/nFui*hsduP!9%Sj!5e.'!/6L4MuB:HS,WHpkPQr^pq+<1Qi3EQ&g-mOrrDRr
-Iq\i^_H6a;'5I)6%Xu]QY_RkF0AM$'Se:pi5@r^Zr-Z0/]N*sl^Q'?Tp_E;-6hnE=
-idVt7XBTr,`-3:9oZmnKps+;7`\uZsfBrK9X@oZRU#HnHc!i82ipo6-ok31OQbhS3
-hnU?'W5%9op_Wfjpac=]rrE$3n+]`:n;2N:pj:u7pekJg[D(,i!"2<r'c6R&LTJ8L
->CXN3qebNo-f=EJrr?O.!5`7>]:\jh^U/CaGFoh'%fXKJ!49fE,<t\Frr<-#!,'(#
-"9&k8mB?:PJ)PSK,5?NT>Q,3fpdm]UJ)MUO!/,"a'>G&nhq10Jhq0t3p=K">fful/
-Z#lVIH2dltep^BgKmXF.06e;OrZ(ICJj'uu)Xqs0r#P9n8,*8H*uB0'iQm.(4lUqu
-r!DldTl7!q*sI$PYNZrgSu\R_-.)<h4&&L@pi30:gA!a'e1GP+Cp[k.@#@tZ42=)M
-9^gWO^q[?0+7N)cnHPnpr,C&+muIAsn6MTo_r'-siBN&Z/`M96+m-0%kD8ej:\Jr0
-Sj!P[;>B%P>BjXSnJ?j@3NR\YIhM`?C)U]VipRV,P31e$pku4Jj(807nXmf#!!%7f
-_YWE(Y'?j:d^4EQ9tJ*hodf?qX_b'iD.73sDXOZ=FH.1\M-<IkfDqT@f?8ZK[[F(-
-^TaX&>GQ#bG<0oHVLHc3Z=SccVqsc6pNALHT+?Ai_0'I7"G(*<ined%Ar5#"E[*(7
-5o'(s@aG&S,8QRE!+9)^rr>^)2d96Y72/U+)B\`%a6[e!_EZaui'mCUr<ld'8c*%G
-=87dFch<Cg=,=9Q)>KOopk/*XiiMtkkDXe6Dfr8YP>]qY&$E@AiI;=&hA;O;jo5=6
-i:q`[D$NW%5K!7Y1#a3;f2IT]pkA_J"LS,^IOj\)1"?1Hr#aO<>BB<jiCAM!%/aIn
-<VYD?rUg*iNh-gWD;h%$_I!apO4jh1LZ4OZ=3'cerr<N#X`Ad'LOU@o1>2H_j-P=E
-9r7V``kE/^M55C>_*/@\Zn:/8rrBkm^LEgi*Y\>Ii,8^F(]M>A\*ZWR0B$:)ea_*]
-rr@b4nRkf#!/0OnVnkTLQ_1Un_]K'\[oi1WTr@a!rXkcTRYBXOrrD"&n9s2Lr)p,s
-hsc_PK3m*@;]JupI9l?WiNIi^%"'l+GOTt<Y)E;[#iEOlKcUEeO2G<)G^'$T<n9L>
-4;6XY"&JF$Klg\hI=D1r<S)A#m&^XfYd+2Tf!RY2<ke,ge#?^2?;!/oT,N)Grr@XS
-I`"AbFT2?p2aQu+_>SOq#6*2bmAGlWBO?M.*VeI\rrBjL#lZ%Co%V+?%6S,Z`643p
-*X2>8iP1*g*Vch>GamY&J@0;0Hrf`tKY0P>(WH"1g:Vk`nNO3pir8ur6a,qX!5l4Z
-@\<K@rrDY=+7Sinq'b,9J)p:;kd5i\p\t5\kPe%3rCE3-IK'9M[/G_soaO]'ZhQbf
-pfGI=VsP`!L\A2!'##FbDYX53nB^+VM=L'.K(.$oK>'8=ZbbN8rZ6GbnAiKI!!6h@
-'RV]FVJ/4NphAZi(?chJFgs8f)G@gK^!;V6c"Zip_=)u*%_`'jB)BI&%WpNM)f94n
-](&:I]L1^T*I.28YJacepmUAAdkjAM08NsMr[R]4`h*qD,&=VN):3agi6<3Bn]-R#
-6)\H<"7Vq8]EP$7C&SS2LPBn6/)sE\J+-$jfRMjM_`^BFT7B$Kn^Bbu+fb;RifCu]
-rr@WM!:\^W[aqMK;L\iIB@&bHiP14Q0Dm:?C\ES6IN6?,!!ssDNkAAkIqZaYR.Y;<
-`L=".-X$]QQ/c'h2oHJY^*<RWJl_ldIP91;oUcoucC,Q,1ojF)e&)+bn5&@E1W3TQ
-plhiEp><0"Jc&6<Gh9c=%W1S*58i826a$2O`a0b6Hs>QZMm:::)LOd/D%fIl[%E.t
-R]`,mG7O#dr"F/F5Lk8B"1[l&J:)M0(L?fMn^HGUm2t9$)uNk;TmpbEMr,1)YDU'r
-5N+/CK9oY('YYsm>4HOLD/[5)%IZE-j8E?%Ig:,r!#01?#B[(ta8S3k'KuWuh=7D"
-[2i>&e%ah'J+-5s,?FSTX6JNJkLmW/8c3\7rM0>rBLCdo`q__1n/LAhQ]8DVM"BGM
-#P`^#`2Pj,n5$j6+S"$mr[@<?_;Bs\*UoE3h]M.;++eAmDr<hkJ&8kf)Ye5oqu-n9
-q[DcdL8TI'r#aO<;f-UFUZ2m#cOBSa`ZH/65PW"/Ig<\"r-RqX[t4N.p^d(9piGG5
-MH[K>Iq?;$`*NJN[J5#Y([U2@^P0#h;rQ4TnG`L)e+eF/\^:m&[Jp40Oo9lSN@+Z*
-5dgA_j0&XM>5nT<^P9M0=,o+EK`;%Z\*ZiX@nHI!n5J9F!.o>HL;+2q(\,78pdt"R
-_,c%+5N*CQF/rYm!nYA?(h)sLM_@1+,[M58p$:uPda#]?=44kAT-(>YLZ&-0/GqNt
-5=4kZQ2>-?..A%gce9I,n@lTr57MjM`W#oDrYKr,eNO+`4n'PKHnh=>P>C]B_Q=3_
-IgJ!'6buqo?O4$b!`';tp@iJfR]V9trO215:Y:<n?ML`$,\d8YYcj,e)#jSSrlWqr
-JUSF526cj[rr<A'`'#Wln5$lYh[&L3%<PtP:%Vd.C#9N!rr@^io>&'TS,5Zn(Wi^n
-+5't,^ON9&IAnOTn&0_/$heK5\aa`-q!%;biD,*dIu4"L_N0L;!Nu+]X3Gh::\!&P
-hhj*EIPpmVnV=tbB!#Y&hi;%N0CEAC=joPTr+5Bt!06t#iGTB8hfu?ARQcSfC\u@[
-J!<n2#h/eR"QM1\,!A<O-G/7fT8)514t1j`n.r@j+-6F%[',J%:#Sm!^DQq^l9>@J
-BCKP'nR%3g0^F07[.mL4nAAK#*eWtViS&%e_B0#j%i4rh`P2\cIfoJh`dTB,#-Zib
-rrBkf^LI3C&*b'FXl(9(r)`YRWp/CJ4qE#S][Zr]BE%tc\+[3-Si%#pr&XeKr%iKR
-YCelS`7rUhh].(eh#(@-INA2AmS=.6HcKJ,jRIGT+n3]V=q(BWT1[S>qb(e`LnF02
-DqLuITD!`+ipVKrHjaTe!"-L<6f=#YINs5CpiH<gps8pR\,7F(HnYL"KqnMsHoplU
-Kn!`"MkBKokl1VnINA2R:]CEKU[Yn7rdTG^*;hnnGGoqr^qKp?O,()\\gX;1.&+F;
-rL#cfiNEZ;E;dNK/$3S&>'GcUrr?e0#l*9&8%Fm0e8DoFW;afoZ=elmHpn4>0Uc8g
-kJU[=nLf_7r+O[E;pdHA1E`.Bd![45=SrBmQ]:tfHqs17KYAFNBAu_+YP:Nc!9%^@
-61FmSKR>kVGiRe%r#f02rZCVgr%&p*C"e!D^#Mo`6SoaON>'0Yn<.N)Qi&)>7E!nt
-O7kXaA;.a3pgN.k/&hMg[ib!KY5!J:*E,SYrr?]HfZV+"L%V4Bf%,:!d_6k'gR]Y>
-ZjV_PZ:1eGk[#n2^9)NebU9m)fCZW878(-`g\nBAjMsK$J,;0Cg6;O::nNPDr_MB2
-rrA2%`8C8,e3ET!lhdRZ!/"aqjI6(pJ+bJnci4"AJ,Q,-qJNRPI3n?hrBeP$:qDCT
-I;*n8Vs51sXlZ^bW*Wi/cXCHJ>?oo>m;6o]E2Z&nkCr&QAS'6fhm*1]Sf65['7M/*
-!9IK.g\*l'_cm'?_JdA"r2ZUiI`MG4CL?j2pl#.PQ#qLof`(rt%;YtD$,7(%nue&@
-q]GXmXaf:gi\1:2dJ^girr>/=YP]aF7K3A1\j*[jJ*2Qorr@`0Lqiae8+unBr:&:P
-n=/qarr=P4rnk!\!1k+\rY'`)rrD.d+5?KRo>=c3!5`Zm?i6t"qgQTbG\^[]:&'YH
-!0qYUDqP'icOF[i!"$CPJ+Bb'mJA"$iN7Ug2rZLi<RLc[A,cNk26Zp)r'gVcb.9gH
-m!n2Q[Jp5[hh]&C=%Du_O8SLu^[R`_(]OIbkl0JErrAW/fDZG4,6%Z)>p%hp5P)cr
-rrBoS`*`GCU\fM\rci3cpeCOArrA=+IrF!>!7)*irr<A?&V'ASO6ufdq;JH*iA]aL
-r`.AE^LR9D4>j>?-N$=4!6Vl;\*SV-L:.$]K\qU#q,^)[rK$mGf"^^DnJD3*.d6lh
-Z2Xfq)V=s%INndlj]rt_p-8/d>5nT>Do?#\X/#Q@a8U=!?hd@jMuNdBF<,\CJdoH$
-5o:a>CW&UPH@eAe\H]cnnTX?=q],N"nIDDTmiVPN?aJpUr*-8Jf364PHtiI/p^b>m
-,h9&"P4q#7]rufDe2:MuiQ3D.]=XM$,aMn229l.$_\`<g+7s'8ZCh+>^V[bbFgQY9
-(]M5moOFN!TDg"K_S?(m["#t0rkT]KA"U'!rZT%n^]&A_rrDh(0A%fSN,SDdrrBtn
-peUnicDls#@kZIbretdh;#^O61\acG!7%U*pgYu0/,kKGp/(bh`&%0arrC?EXm,ic
-Z5;j`UhUZk[ZgS'I`pGGWM`uiGGj_0DsVuC_SZ/hmbPgC?!6";HnU5$CRAW?,ZDT)
-9,jn:3j8a8-)t^Dlh;0\f%-:KZ:h.\p\2/+g3*C[CM@X^hq?mF%J?"$T0:$"93Y%^
-8D#>&Q<&SC#sBSUqQ&CSl8iOWQBU0/5m@7YHFAYUpQiq#:Sp\ulumA<o%h1lQ3'.H
-i6B2[c7U?!A;4(tIrF!>!7)*irr<A?&V'ASO6ufdq;JH*iA]aLr`.AE^LR9D4>j>?
--N$=4!6Vl;\*SV-L:.$]K\qU#q,^)[rK$mGf"^^DnJD3*.d6lhZ2Xfq)V=s%INndl
-j]rt_p-8/d>5nT>Do?#\X/#Q@a8U=!?hd@jMuNdBFFS5]rrC@SC]=A@^CbtdY)huI
-+8OltJ)N?G0E+u!rP)kB!'E-Br$M>1rrC3Q5I^!/kD$DE!/06c^\Lr$pAL'MnCGAD
-S+.<p!%R43hm*1]Sf65['7M/*!9IK.g\*l'_cm'?_JdA"r2ZUiI`MG4CL?j2pl#.P
-Q#qLof`(rt%;YtD$,7(%nue&@q]GXmXaf:gi\1:2dJ^girr>/=YP]aF7K3A1\j*[j
-J*2Qorr@`0Lqiae8+unBr:&:Pn=/qarr=P4rnk!\!1k+\rY'`)rrD.d+5?KRo>=c3
-!5`Zm?i6t"qgQTbG\^[]:&'YH!0qYUDqP'icOF[i!"$CPJ+Bb'mJA"$iN7Ug2rZLi
-<RLc[A,cNk26Zp)r'gVcb.9gHm!n2Q[Jp5[hh]&C=%Du_O8SLu^[R`_(]OIbkl0JE
-rrAW/fDZG4,6%Z)>p%hp5P)crrrBoS`*`GCU\fM\rci3cpeCOArrA=+IrF!>!7)*i
-rr<A?&V'ASO6ufdq;JH*iA]aLr`.R4r(6ZFq`4Re\C5?p140)s>Od%.7YXQQ,4FNh
-^`<O:2:e%0/@&&'^703(0*LT>fYJi]b:CJG,Z1qS8Kh!W`;,bt0o,*/Jj84Krr?U]
-*e37qIMHMbDtm>%LJEB[YGn^Mn3;]B)#PfOWd$>Y=2R65r&*tlXju"%DrBN-?O?,4
-"6%_.gr11:h8Q)_A&C>KN&;!MJf(;qQ5JIE*+EX4'.`',[QV=K^[*cR?EN9[Df\/0
-c21(>95]oL`Ofkl%Qna0$Ze)',d2*p9+8!@o%HKQ)a&IQ^WGZYrrDULGaJEI2u`mS
-;"ae9rrBm??h-p@BKuA0rr?^3!<#.]d<5C];+20r72/Tf'N%:5;+20r72/Tf'N%:5
-;+20r72/Tf'N%:5;+20r72/Tf'N%:5;+20r72/Tf'N`JM[hnt1=7(S=!+re=5_&'s
-nSNc>+-$:#jDaWBrJ#7j!;)uNqksGoK4;UVRf:Z`p+?9irrDnFrM&WSI/#MeB>K'/
-]GGqS^D5W'8&!RC^*EPgZ'oGMN;ikpZjS;KZk&+%47Ms'B4muaHcLG5Ml5:nqC\&2
-fN[+_C%foT2TX+%.nLu\f>^HJ!rOp-o2Ms`rrA,Cde#1-BY#Og%]B1hIaF6`lIL9@
-cE1l,qH_@L`J\DObM,TFR2lIeY,)Q-+p*\GO.n`An:TX``,?+;Gb;lTh\0mDY@<Kf
-L]/2&j0RQUpC@m1elVB1nNKaTh+!Psju4EiD]GgBFXN-u4qr5Ob>Zo,U:9[Y7;70o
-CE#k8j7\3_1j8U+7"re]=[arC!Fi"->9k\Y"X!M??3gK1T3iUgiV3;F5Pa]orr<DL
-_#FE+lf52H55tVi8,iQP\j,.VGTZp5I!,GhLYqf]rrD5k8,Okj"9/AIYE$Bequ4tb
-r:]@S!/5"BJ,/d-fDZkAg*?UtT%tLXXLo)D!'\+XrrBt*qa>r*gS=`_Q\#/:kL[a]
-pjN/BBTN.>FFV05n3?jIq!7q[&&7KDrrCA_O8)a^#QFdr?QFXTp\ggNq<cT0!"-ob
-rrDZVj0/AErrBDrrr>3n5N,ai+9$\9FoMGshtDm+!9^gtXl6J:j5Ga!U02546fM?l
-h#4-s61OR,qSYLc\_pbO-cGgcAKk%*Og;r^^`c29r%g"CTC7/)rrBt8nalb\Sm<H-
-beFL7^%"Vm!"\hEci/33J&=&>.K9(\+8e@\+$]S_dJj1TbODG,h\:S0rr@ForrD5K
-8,P.r_Op:E;?$X6rUKLZ!1mI<nBAWSJ%bABrr<T(a3Xa1FFV1`r$hX>`?5"Bh]G)Y
-jjF).%*S.<qqi*;nG`K9I/a30QUgs00>a@MHr9nD_u9,srrAWr+7RLh$@fbZ8,iQ"
-pW(VZH$"PR1AiU#pVe6P5MmPIq;p$(!"@'?Vu,?cJ+3I<I!kqokEe^:1G?V;msJ"4
-!5nd*oD\f^>p&R[^C#J(nONTZ&,4,jrcrU8__V-=rqFARr'0'\5PaEgrr<JNn>H0@
-'S#WP!.91o!9]\=r%g"CTC7/)rrBt8nalb\Sm<H-beFL7^%"Vm!"\hEci/33J&=&>
-.K9(\+8e@\+$]S_dJj1TbODG,h\:S0rr@ForrD5K8,P.r_Op:E;?$X6rUKLZ!1mJA
-=2o024q%.4i4CWWpepkG4c[!]nK6].N&+ggBDBHLfh#bYr*o.CLUEU5bo=Sb44SFY
-6J#&]F^7>Ninj\8:Uu1Q\TUqT<]Lh6MC>3V.&)SIU5C@nMC>3V.&)SIU5C@nMC>3V
-/*5+3MuHDNp;$\.ZX!I%5P7tM[_KqF`r?&03-^eh_`.SqqG?k`e,KEaZ![&rIqV(D
-(B4AIrrE!^rm>le6MMeF>+`^ifltEl1X[j!^;'1;!5q*^pQ8ZTE>(atZtI;bHb!DP
-0l:P[pE1QBR"0+>Re_$a\&Wn)a.EDiP@o$6^Q#An7%1lLFMSmO>^1]LAq(lDUh[@^
-e21kqkuTfenk-Mo@xxxxxxx$Mh[oHV'ms_H4=fELI;?_=StE)hGdm$@0jWI=Iq<<B
-g"FW+:R)+MHGB/m/eM6\Nd-@)meuP4&,?`OJ+a].^\"sLaKOP1p71YCL3/LO-Qi7+
-!W*gNhBL=R^Y8SFQi%WFa8RL^-i5B.3kh4tqagWnnB]&!g/mu'nOLKH&UZ2*)fp!8
-`;]gn3Z#^V%)jTM]Fh4>9>^P>TAmNk2q@O>Mu>dWi-cjM!"?L:>Po62O8f1h2t/K[
-YP]_sZ-Vfurr<5Lq\SY5q`]9$ilV3#iD'5Dpf[Us"kinUKK%iPm1\sn6$8rJ+7P]u
-!5bi4A+595VMPl8Fo.6e><R%0den=JfK:[bIa'8<'=[rJ8aprt7K3@?B(%U,!W7!-
-/H5^X:Va_rJ$c)LV0job2i><aGh:t__VZ;[=8f?%+FGp=/b(@2*sVX9Y/ts!i*?HE
-2o^?#hC.mtrr@s>4*dXJiB:AminHol9Y/6'iVdukO5e`EnQ5E'rr@XrrrBl7^YkMe
-(k)g:leil_-6KOSr"D$_htV'XhcfOd_;C&P9tu\#47U)Z8c=u?D4c[:r]^+"nPA/!
-Yoils&)&hWH=r$t)Ybr^`"uTPMr:37l;uQN'DP)rTkWJFHb00Ko`"oGE-S;?=,-W7
-ipYPj<W/2Xrr@Z7J&*?/!4+jFHnkD?TP,G:8%[+7?eEQ]\pRrd!/+/AB<h6,i_P=j
-GPiSlEG6*cg]%7drN.qapfdM7pO_cp;?$V'@P'(`pK7B>p]L&ap-JYF5N&ji#lIE#
-IaXkX:Tjlu#JC':JgP`G_Yso;YODer'o2.bq]'jI`7gRU'YE?/\Td#iKROuTps\ah
-_7EsaQT@Wp:Q"e(-fV=e2%=WHINA37id!-JR2])P1gbt9+)(ZS"(oopi8LeN?MKBW
-!!N/IIQUe_dQd5,$\&>-2u&7!B>PSEr"MfB*Z8nL]Ad;UlMghb^,B;FH1:h6N4^>'
-U)Rm?(<`e(G=hQ1j,H7c9@5pZ>KPl_8Gl>ah"X8'^\B+ir$t#,BYX<f#Q-ZIrX`H'
-n+_(oS,WI!UAk4JIK%%^!/5(ZhtU%E#Q-@Or%rWk8,QRephK9mC#A\j?=3D5r+3Y:
-#Q,rVn=P3LSGq*ClcP+]/&7eJ.VW8`rVlkq/'@1VU5C@nMC>3V.&)SIU5CJ:5A@=s
-,qJuqAOkYhriaY&Q,?I(p\)<!bh&Uae#fFOZ'jui^XVo_[)f/WJ`Mj]/L*tFrT/XV
-<:V?HQcP$O"OY"2=B\W6p<KH5!'InKrr@aHrrDuC;>mi"rrC@u%"I575Q:^>e:2<"
-5P*(9+8Ag]rrC:9,AVMe$T`N8<-;gC<6>D?#"e=Z"!iHj32jUN,.[^IKYR#ZPQ(WI
-'S!tgF8bP6J)OZ\rr=Gqrr@_0kPO*KrrBpI:]=0jW:`kgAdK3]L?3L(,OmY7Z0HR6
-nED<N:BRl'%he[;!)2lpfY?B!f)?_8;u95T5M=r`P5+n26Ml8br/\8aMu-FB[JO%Y
-Iar6-T-MSN519b+\'C%Y/cPeYj5IcO'Yf6lpij(er^!=Y(WXFCqC-mt5Oe,T5Q$.(
-r%F+crrD[hrX+/6hU$cJ#*8Od*tA5Mkb\1krrBsMT`5#_%3P)R4raM%d7a6`rr@h$
-62prG)F*2.HoM'*U6k@Jrr<Q&KDtqm1k3C;pi$0475*SsrZ1A2rrA-orr@cCnDF5&
-?boP945(5F!$K\h!"7iG^\nk]JtMg^Zlf95U])(M_ghM3Ig&(+mq=r`K1GhmO,!Z7
-oMYYqJ)T82J,';0pg5*PrrD8Zr"T/2_nD`C!:gR@n@h(*rrCG>paQ4CLO2>e!9>%_
-iI$#3rrAd[n5K>e%ebPT!6@!H_YEnErr>J@i2?Ppm0EXkOD+XoL%4Zireb(!:]*<.
-&,uVPdJj1Sj5IcO'Yf6lpij(er^!=Y(WXFCqC-mt5Oe,T5Q$.(r%F+crrD[hrX+/6
-hU$cJ#*8Od*tA5Mkb\1krrBsMT`5#_%3P)R4raM%d7a6`rr@h$62prG)X;]-j8CdR
-Ir52cKKi]9H/cU*hm7fGrrBnnj6M,;llU'8rlOlkm(F>'m([<4/_A[grr=^uq_\:Q
-mj:c>pO<p*0k#9I@=R:oKsk(6<tebD=l'!Ke*X=*0(#HJDCr#.k0fE+/g-Q'.A<">
-8>J^F<Fm:Srr@bhi8=AOrY#52iR-)gq--Ae/e80d!7:3(Qi@$qNg9VEb1a=5nOLKC
-XnA!HV>.+ML8Cm7=*E.5G+E(3,/WpIrqc1r\$WHH[("JZ\@T;`\<8g'Xe:\GVj^#2
-,\L[egKA9811*\Ol8Bj+nR4A"blmK^@s_md)!6th[^EJRRaubZMWWW>GbdVV'1?Gi
-;T\O6mD])*-<9qNJ(^uRcl`+`r**Oha5_[F*'?mo!+DAs!<"<lrosF_i7P7/-GQo0
-rJQ03rrE%jrr?`Drg`mJnB4c*a87:[]A^2Ziq^4lW-FZgGK*U7`=V9.XpYrl^M2RD
-lZY7r3^e;&KdNLklSc=jg)d/-(9sc1-Cq,A#d0ncBs3^_EUZ-**8GpR^6dl@Ji):V
-is13a&+Fe^3i7Q,3GK4P?bdI9Oa,&EK>c>E4l>W1D6(W6V/*8LE'1^\WMr(NGASYJ
-P$"M^/`lq^5N%iWnAcUa+6*9^qbhZsii\L)%h@n`=.U1[^q+044>3h[YJ%@!3m<ak
-pp7oAn#'EdnnH8Wa&j[Cg2!*FZTS6f9)Ni1KR=U55^;DgF5m3")16kZ[0WiQ7^KGr
-7JgbIfcRQ8LKdE4=Om)&H1`fnrm0I>IN%u7;t0rcXPH<jidF<b^%!E1N&kR7GHBTa
-=sf/A@H1_al5tZY!;'1h!,WhU>#5&1oD\fbT"`D;^VL<H#^C""^(Sk:3Ni"X$g:ba
-LNL_S'R7O8?9%I4cC^hFpA/?ka,%BDj'.QUGg")&m+0b8afG33`ObcPiboBC%<8Fa
-g:jD`h;-p^]Dhj<b?k2KT=lKL!!4g'q#ZWP<a,7qrTPF!&UXNXa:s-@ZIckSmn!HY
-^l.+L5bn;nQG*:u5C,j!"CD*.nc^-)XL7NmqpI^u,5;*;O=:,/Kk7H;ceafa!.bs$
-r..sV./4s6ir8uepl!!m[\l![Q/[c2=7GXUGN"#gGg!o%-FVCr]ftIM]X[J"NI2I\
-iVrlqGXGbkg?(s`Ntch3?I:l0iVc&Zokaq8drekf9?;Q=rr@gNr#bq=U6kajrrD',
-J)I5sr=nqirr<;=@"/FZ%Il=MMgQ9"5EB")X/P5`?6-P_pquuBrn1Yc5DE[sme%#F
-;jQF`_-\;`1&O`7DO7N&cB2f][u*#e#1LNA>(!oQP@pr4V/(D%Sc8]FrYj6<1i3lK
-9tGR[T%iWoh?J.Zq:B]5],F6"F+ffGAi7I1"!@e0Zr'7+;+20r72/Tf'N%:6i#f>X
-r0!?F!4&Bh#QFd*kJKpNW3;?`!,JbTG`1PLlrX'dGl,>rPkm=s4:gpSp5&6gL,Fm$
-.s%P3LVm:#NA[gS;R^3eb<:l\ASlJr!Xd$^OEdsKdm)c^5O_I<%6DYSqt;Q=Qb6OL
-CMabEIOF[S^i+q`3q9)^EejkP[u(#kih$QmSfmP=[='Cdn$PkjroWM.B4bc`'c-QA
-47iFXhu<[G(&Jhti[t'>rrD1"O8*q^r"HjEN%=TUrrBuAp`]Y;bV^L3n'CbVJ,L3c
-ls]noLpuk@rrAF$niqaKZfh5ug\-]t^&J(m5A-&1g\qMYn`R_l<kie99iK%2!!YV!
-rla15HnVAlU;p$W[<pd?htVi>rZB`KRlu5H8_5dn;X6i_]8ogue$Y/bp02(9e1Du9
-"6'!jYP9@2`D;M$Zo@@+i'5m"p+Y*I2#bXin>X1]IX![J(u+$KQi@$k+8dcV#[[;t
-iFi'f>0k'&42QFprr@_I_Kp@eX8`/6B"R%Ulq]"q4sL!Ie>.uHc[amW^Yk0f[,:d6
-Dtm3PZ4H;1j)=^*c]<Pf5@u!qrrDSDh[fWDrr<=ca"N,G!8.;On=TJ#r[RAig'@?O
-!;6Zkrfd?^'eb;+[_*c`rNH2G])JJc>kp@O(VU!#cel($a3WDE<W/H%$%+<!$[qP$
-j+"uXKte4/pc77S$N)[-]Q<"@q^?pA?PVt8T,$Sh%+96'4'nCKn`Rc="RB5LTrHf%
-hJ$h<Gm0_C_gQL+p)elNjPi9:rr?S:j$3O@+1(ooM-^5B5E;B*O8dZ/!!`H'Arl^U
-^=WAb$ZG`grM@4hJ&6""\+Y=H8,iSJSc0i4akd$t!/+SU&^Tg#^U8RM0`M--T`3OA
-g]$'YJ)MLL!/)H\+5%Rir$:09nG`L(*s048X+0WJ^MS)kPI9k0^[QdK92Y]hL%4+$
-!"OBkrr@bJrr<@,p?0J7Kcd_[r"LC6(P9@2rrBpGZM8R>C3jOj/MD]_n4c.$?hTfc
-!/6,Vi\^.KJj83/rr@a3X'KI(/_<)cXSDDErrCuJ?ai8t2rDI-DrT+@.e!.3rrC^O
-!:\;VnK@i3K\QJ>^U4"@_Ya:brr?SJgKXYD^[R'S2p)("KN%jgU])"+r.AS[h>[J.
-'E/Xuplk^X_GC13#cEHl5bJ#`+ln*rrr=*iBMD.XQc&h'!ri8;&b,ts9(<G-BRVL]
-dN@t0r%.Wdq[*8Y5I;em^&n;U?anA"^Pi_O(\&mN1Io@_!/PmpZ/a.JHlqmFJNQg"
-Mr<3B4qR!PnLqfV+8dF6)S;Wfr($be"hXcSrr@a3VZ-X(I_[!@rr@bDrr<K[rr<ku
-j!Xa=_u:BPlmLi.ph-f*AEj*oitK1C?he.r(4X4srr?te_c?^:_AhK!ppAocrrD!\
-pr3+nIa[*_5N8XA!/4q_!!t9_pAY,KIr>i4GT6?urr@Y4r+,?L_-[`,ptPcS_r:Uq
-'O:FRiVrn2r[qqL,k/"U^D1uHp&b!oqe^S57e"aBD.DNXKCsX3_rk+reTpYR7e&C9
-nBu_T:t*'+D=JPA_KnYsLunDYiU6d9^\eeTj6soN&,[Zbpd+DirX$F<60eIM*^=B/
-q_.k-eph<cpaSLf4u7R)dem,(hq<MQL]+5:,sT@UMZ+Fl!.oTfT*+k@_d3ZE-fM*J
-%JVSCn1Th[*tuuj3l=qKn%8h"BbhLK.fCIfT)Ld#_WoPHH)>h=_Vajdr\/^3pjh6,
-IQr3=K3S?UKYL%H2oRbh$/eU9p@c34pjip;T\4]\pj_<WL0kVn*.1ZZFlNYP]J&8+
-cN8@g_n(?9mt\Xa4tp]C&AA_N$fC0BMC>3V.&)Uon&GA-no5^.rrB>Xn72Iu;ifW6
-^-;Ld4qE#TnYG'M[u5\Yr"/W`nMA+LrrBKGNBB4:XaEV5CZ.JqlB[ka?OD5rC2dm1
-\rO=u?!kEV"o[!=g_NcBXe]#7pX>o>CT4+FT<qA*rr<2crKLm?/3Z4E'`F%S(#g;N
-/<Y6V_"N6Y4<*=!M-_X?M<'\Dh[TK;pj_7p'`:;L[/5,XOt3(n8at!\NO6i;T&Ma9
-;LZqQp\Y\sp8Y^UoY5r!"b1$C)0hXfOMc5#T)rAI"Rp>\r[%>Sb2K*gD+DMd%"9=D
-B>VCpFBpNa8Y_0p<7JQ<D5UX_iYX:YQRQ7gTmS?b/`C&r*sQj@!rN?!*UrMu\(3Z7
-E?;UI+,'V"n><iDrr@_$D*McN\lOk%Y65;GWTk8Jg=kE"D0H`LXlNP)?+Ga*TDh;3
-/,m>qrrE%bG](6=rOBW'b.ha'q_c^R"9/@$5Ds=TR/Cn&!$d8UJ*\t@rrAl+?emsE
-)\rAQ,hMaBrrB<Bp4*)Be,KF8(LP]/_B0\1?OoA6c"k=&fU9+['B3ZFBl8X9(R0i]
-g*bkpKKE-8J`kk.]s'gn\]DXVq;:n!f6eIqT7NG<NborN\/mNtUmHuB2[8,A,h)40
-@m,OAkf8+a?@6h2=TYqiHBX5]q]PfRnM0S,O2>ViReO\Q]tNgQQOL>Z?,)'I9$ep!
-ROE&k=f6[+k%b-N6H9\p?EC._/=HFUrr@\/rrCuVh\UcOl`]!^p2^+urr?dUL]7@[
-cc4k!T+Cr%COb&>`a9H<fKKW>6Imu#!e/@CZ]E%C)>klW,H,u5pqrb?>%PJH2NPl4
-4!0/`$[s@trf=-`q![20Vr>AokW]_<47-t'QN$rchm5QF'\hQ$m2,8-p-&2?@H!i;
-''fJs[F`7p!/-sVo]ok:IfR5t?eT;Rf>DMAHq0a?2r]=A5!JqEILQ,`f00?442`3H
-IO+0l-h%qk#5FJCO,"X7J1'j:m_/-0_u9hf,tF$l_>aLe97Oc_rr?q4*r)f8$$kR7
-gIq7-nHHD<^Y9jgrrDs2e&@ptr+#V$GVAbNpj_c@`K5PgRZ+htL#R%(#K/j4a+=.G
-nQXs:LcuLI>JjY$WV]'K5IZp@JGp!mSdX"2,@>gO\^p[L4rqf':jDU2%Xb\ZAao$Z
-L%.rprr?PIpdmS6n@/*Vp_!C@Hm*tCHqaL6]HQdNj0-9`N1[LB_gg?gir79DT=($P
-&c4#):"$bpHgtmf?9doaN-kZq,NC/g08a'UD\;5WIhOq'iXZLSfZiIV!:WqUpak%8
-0*?IJiO?]8Ms943fVcaHn5%C*/GK&Tk>2&`Hq!opI!bXVnT3X?`4stIp5/PJnY>f1
-eF]Ho]as'\^jh7!&UZerKtIlS>@3;\"Z>1g2``:Z5DK(gg'-*H9:]@qmgjn@hlsTW
-/*"D!&,(#4BC.M7c[nCNTfaXkUWrRbn.WZbT>[9Bi\unq8c(LBT%:qbpbD;'ig%!-
-1`J(SHntJJnMe<d[b`ag4qRL%`ZGsJHip//\e^j<r(+QlCq_.`c\9*JU5C@nMC>3V
-.&)SIU5C@nMC>3V/&4A`YPBIprr?V#i",gjc\@_&;-soah;@daYM4:#c*R,@rrCP)
-a7]:6fB7/LLZX"KQ17S`K`;&1U<DMD@aa`=WVq^PnYH$UL@-l-Ic'i(pucGOI5Ab6
-\poU3nU?P#GX>d4.4s\_Y%ubRX*NW]h[T@DbJsN&e,1_opj9t`AuFTp(u4o,8CdVG
-i8:pQKCo0D&U:)0oq%B:6fQG1TD0ggT>FA1f]dmn?gPJbT+laq^)?E`SStJ%Jh&EO
-iXbEDj)%T357[,]!+p-[HuY`BM#Jq'K=kXP?e`?6Zg%5`+8CWN&(m6BT[<ToGCOah
-qfd;Jp=K'crr<1Rq#,Eqr<pZ<ZtJd8-bsNDL70=cb`R.Mhr9#I3;C+ff_d2IINnP7
-;YXbkpINoK<TDteg(02$pmL,;*rJ1r6h!H6plj\ZLALoMNr19oS+^1Xc\ZcD!!<'Q
-rbq]tq_8$M_-m9Ci10fI#J]2nT<^EBg[K,edl^@p=8iNbq\OWjpbhRtp+#SS`(ptm
-+RkH2DqW9OKV,PWm;$;&hXAHK!WEXTFt_TKp:C#bU3oB-Uc_RonEr8cBFB+`3T,Y]
-<ibahifsETnSa3WY<EkReUA,/W^#F7T+etMhhRin;Vqn3a57]JD_Ll0.JV*V$cF)"
-rr@Y$B]$3f`:)?2^`O&8/pMm>[3#pl?1G6s\,QG[K6Y`A&C64M4q#b#=oSI/5>fqE
-0)0MHbjakc+5$Q!97I%me:5:9rYtXEiD7?%paF58rZ1o]piYOkM#RJE<mTLkijZab
-ph9[-#lJZ2Qc/n(*W-K=LPNSRJ&8elO/ei+2bqj$1\dX<UJ947qfdu_+WKkdl[C"^
-f0A4Fe8BY8D6@^Pqt@2'1OO6C!.oQs3QLMij5\aO5@EC'=FGPJd=)B$!0`6.=8e82
-N;inSS:8fW_LKI6IaMNpM;R(f!<3$/2uF<3rrAp!?@Sr!HhNj*V7nDR2thdsHgmrm
-#ODuk\)9Kgrr@n*#CJU[qeLRArLX#hBto@o'RggHdN0Y.:#fT;[^l]o5@ZqQ-nIP6
-d_6iK5K1CCrrBmgFKZO+_rA.Z4?9<aF2YdCd;==Rr(#976PkRX'_!"_r">4j'>e+`
-PS*h>h=3GarrBt:!/9/#NT9dt(O8&+_>aMi-fK::`VXBL!5V1<1]'dh8&2Su&T=B5
-(W67Q#QE=^[GID4mtY8VT9"@gi_(4D!dkjSn&)>eIhVf>fm(9NR^L2.r!<<&Jm3]R
-rrBBL^gE$"!4+>q:YVr/rr@cP)15ijTDTMp^?<MiBC)bj(I\4s^)m2Npj`;D"PEJY
-qZ-Cej$1E<MuFUm['VIspeUc+`#l=hJA+22rYLdWI])0g3pPa2n/e(h1<T;r)r`c3
-GglWtS+,a\\)%bIrr?PIN?8]rB92gU4s0dMh?pXZLW1tgIanAt[U6nr8,aA:p<!9!
-Iqt\02Tk@$?PgImD(GJciVrnnDtm3P)L`Is5JS?O2;\N9!,$Otp8Rh@W-Eg1IN/:2
-\C*K>kS>90:LDhJ_I"=brr?hALVL7#m/I'_Ia_UTrr@e,rr@c;WHcV[1\cmfhgmsC
-rr@c-i:#;/iMMb;!",@W5)K/Tp_Vop_LM>JINSRi_)jgj_5Vq$@I`O@Du:oq1%B2#
-^Co9#!5^%Vl@'N<DhO/lJ&+9tC4D$\)#_-s)s]_rYO)8hD=GaJ$753A!6.'<`k)[9
-p+uK%&!$Q@nP@0^n5$fQ5Hu91j"H,#0tR=mmsI?oHp>+1#JpE?%/aG\rYg$fiVrn;
-]LN`uIBNK%\bNFRHZQ+_9[c*'!/P!f^[:^a7dK!)MnE3i?iJ+YHqjR0^M"!NNh6V8
-Nt20)Ii:/i!]ThFm,Rt<rltF*n@->C"DV<5;@Rig*\@<DnG`LU'lDq`#jZpWpl"YA
-!<*Q>A&2*[XQ^ceZLL>&pi"M9q[\LtZ.=u8l?W^%n,#A!g`I@tB^^`qn&@$7;rU<_
->E@HIiJ*AA.I$g7pfm7*8\0]9rrDF2qc<V0ZLBfjq`fgA!q7SShh1n=n4(%[A&N\+
-JNaZLC*+G0+aEJ9#.<GdMr,9\phZ#F/,kYmqg\VGiPtltJm!Tqb:E&X.&)SIU5CA&
-Nr3hq!%/B=?i)&I!!Y[\3;oL#kPkP8;uT$h[GUqT7udNKohBfXYKS*AB>M?icBIbp
-_]SAOYCcp^rLs3BrmB<r44\msce4XdO&*I@]Mn;M:&(REpcJf?T@o-&]XBl)K"`IY
-ce])Z1sH*BiOkVT^)d!N%Zbt6gdc5@q"/hbrk\QDIOfdOpso6PkeHUdn(F1;dWI4"
-^U!-<^DHk\Hr&063_,+Z_aa/sQ)=I]rLLYFg\F]^O_I!?nE'D$4s'LViLbo-*BV3+
-elmj]U=FA?4,3X$0DR-5#X@Z#ia;XAgJs[A!9@V;^[)?3rrD;-L?n#@gPc&)X7j@/
-!4,r/TKi*JppRrZO2h2"ni1l\rkg\p!;]ObrR:cH_6IA<9n-h@q\K23BE%u15Q9&Q
-r@:O8Gk].KZ'WB\#N;#)+RsB02.)0S)6C3k&'q1gH<J"iS+`NFP3^-=qchQlN?Sg(
-cbmNO\,&noNi-B$/uNK!%+d58K\+<fnBV%6*pfuB35ZiR:PuaHLUE1t?4(%l4qlHF
-,Q%q%;:.QSfKo$7hcH.ANXq'VT\8%'??hf4e7YB1=n8cSN[9EoDBkJ(%lXFfJmj,Q
-J+-9aK"i5mF\g_$^fheMnCI?OSgR0Z@fHGf-\FN_if+IJ]Um^;8COZ7n?/spa`Rd*
-/G=CBh)e,F/Zc-oFX=Y(H,$*)g-=p5H2Dok`g]aFr#30H!.o_[^ru3"/Tg;sNj-k"
-3PGpdSh.JJq5Ja#?\.`ln[,':VsDnmhEAU)8&OrYHVG:$kZho.pg2fm7.t!@F7rl6
-'DiSn$1Kn?dJGbF)u^SU_(UPXn<8@=(#Z:j8\AQn+7*A09RL@0+!:9=r[L,SpkQgp
-/_#9WHs>U4HWL.HM71*Ip-6%bK#?rdAZ_5_^W)lMrrCu;hsa=3ft74plYd#WcaJ&3
-+7L)arrA#X!"45oGRNPu`h/9`ZqnQbLE6TsTtI?'5NlG^rXs\-rr<ct."!fFHiF'R
-QHAR%Di/k5JikESlQ/"Sk.Tbm%/?/ce3#tTmh4lr\!gY'!5T0F!8s%Z^P=pCiBIqP
-*:Zg`r'02%g&D&g?a?g%TB#qOgFN!6pjrC+q`+L4po!$\NICm&0Arn7)ZJ,fp$]f5
-L].bXS++>3?7,1(J`$p.%9i!<fpB9-R#Al]+RpM<X8DnsNdouV+7N'5M-h:96i0OO
-fASoUXaG!U=7$%c/q2;rpPj[]Du<Va^>JJ8p+GiYM7`ld1jJ3_&^;]_4bn]mJ)OT+
-9?'.?dXU3nZI!Id*TJ7/+1M%F!5mYCeElNTD17$6S,WJ$^Y,ga7.;P.n@/+3cub>'
-*t5Q,L`SMMQYl6X9_$/[21G[P5K&$`22OFailsF@DhNL4idGa_rr<<'+5ZdEir9!a
-e,C$Y.b";7n?^$D`ilQ1IN.coOaF9I1Z*QZ!;n)\&,c_)O8KkuJ+;egi?6KskVo;e
-i6'7C!0:"W!!rj^rr>?u,Q@`J<aYcNO8)7&+8QH2+8@UsrrD*/J&4LErrCDa8H/\+
-Q'_LN*i&]I%0ulbH:RrCXM=Q'+7PA*5P,oC5O`5qrrC*<rr@_)62pqXhN@g<K.AVS
-4\,Dq)@ucNoT/nf=b#u,\SJ-G?[88P^9bKC[e[[L\VB.fhn*NhjLad9Z1dV*mB)?7
-34D<j;+20r72/Tf'N%;D#OODK!$nCjm&9g_rrCUFnC"g]/&XV%Hn2Jsl0oYP+2M5]
-<1cP,4t_(EinqXJ7p<=0>J$FQa2\SID[g";<n=B($Zg;tDlH<L$k5$D1m'>+/7FHt
--aqVki1lSL7qFo9Iq(,G959@epkhl$8)oqfT3<t/^Y2KB.">_;*CJfM/q=SVV+'DT
-&OgC"dDr7l+BGKA!9#@+!.p./!7<4nMuNeI/j;@HoE%ni!!u0n'OUir8*jU_!/Y^c
-g]%8H&sRX5rX(2O&&Osk\9jk%j5[iYjnf(Bq$M?D,erhG?hu(@Z"O%^a2bC_J/UZ2
--3!ssMZ3\(/H(JknLd!gJ+N`grr<?Yr"N63M.c0Xrr@mqna$2TTE_`E?\Y2[n&55+
-MuNb^rZH[:am^Oj^(pDRi\)'p61DXDrXaHJpl4f^?1Eu9r($7Oi\/-K)"jFq`h*>3
-#&4&PnEu:pO,CY&eE0ssIhQ1(]!OLl5\]r]bjt^fi/d[nNs1$d(\l>V!3+$*rr?Db
-^Th_T'Hb77/H)_/+,e5_mD&0Q_&r/CY7LW`]$J5hL0cn8'DkUR55h&l;>l_:]<-GZ
-$-V9lfIOo_[&8Sk')p1J"n;iboD\dno^L2HDq^!,Q-Y<d0K4]5Hgu$j)A]l^pm^1^
-Zq]I1;ZlaKpnR^bpnQk^m:GhN8FV]-!W+m%J+ctD!.nU+%K3*1D[^m&p?24/nC,F-
-ZCcsFc\oR-;_-+&j(F-sA$=QM`nq[6!+CrCrrD$_^#=HkSe1Ff*s98kmuIASpfZYU
-+2D4n^(>Zan]-Et5NAr'QMq'\rrCderX-R?:]A\OhoB)[h[@.5G^n^Cm($ojrrCfG
-iNL&SM;BfY:#Z*P"o).mrMTYq@IMkkp8Ri;nHVVT2iTA<DEe_\EVR<-r?pWdls'"T
-i5W+^$3(!6hq;Y[qOX6@c\st"qaYml6h#SW[9qVqTDboWC*20%i@""]q^MFipoE@<
-L]7@^B>tJ8kOsGq#ONhr4\PKepf[,'i'rderr<OXd6I+qhtSf/_b4nNCEEkjT8DI6
-(W>#,!9$g^rlcE.pm:#j)#P`1^+=Y1nb7Ss@4-\V#l_t2&:Q<X-c8+WptbiGn=RXK
-n<j,)phAaVpeUl2r)`muKWF)3!/#Yhrr<F"iB<h,GJ_[_?e_.ldrdnM:];8HrrDPW
-r(?hk_uB]RrN#o10*^,0!5c_FpXspSW9LO9_JA/5TA-jSJOL8M72/Tf'N%:5=3#bK
-rrA7=nZVnRItJj>S:8g"oD\gWWW)r@0A>moc_JM[!;`S,&Qb'-qB,)^qZHW6i[p5X
-Xmjr[^U:Q;Q16NJIOY&ciVrn.kMd8Fn8I>?m-E](L`4gaM1-R\h[Xed+';bF1%E#p
-c%!]6qT"K#T*jl;pO[PV#&9V#ULg@ZlWS<VTCW!^K)Yg\%uENXTC#M8IuQZ-4rdAq
-#_'r]&2jIf"FNT8Tg*'N)rfG&nS[gh\+nA?cc$Z+0^qTN%j1$8!"X0%^P6)'XG4'Y
-BTi9[IgC;B`-U%SW4Y?/CZ;Bf>Dq7,EBdVNrrA4on:U_W4sg4/dp9@aTDh;3/,m>q
-rrE%bG](6=rOBW'b.ha'q_c^R"9/@$5Ds=TR/Cn&!$d8UJ*\t@rrAl+?emsE)\rAQ
-,hMaBrrB<Bp4*)Be,KF8(LPaSm*#D/,c/9BW;M,E!7go80"q7Arr=t7$q[I5J+-[7
-gKVY2*:Xi%Hm@XS"THf`[na]sY7^P">efdr\#/F/O2m:mGV8fceF_F%]1?i;3TAk=
-:Ul6-7@#I@*0g\3qTJi%5AC,tM;C;lMuF@FBg3]AFe=OT*q7LrD\d_'^:q5+INj/5
-L>tYrVrE&ALY=\E%uBZHWI-S#l96+&#0?*K%(`=8@A[_dBY&nhS#0p9g:,S(*Ihc$
-CZ03u;=N32O7=QR+-$1drr<Ej([J[0:O`n,HlHLrHq42:Kls*S^CboBppSpJf5:L$
-HjBFjIH%7*-2`,bTl8nN'>s<di0T1GHgq_%#l'uU$*T,l+.7R!rndVcQf0<E^*`b`
-](f.*h#(%$Ht^8$FJ&=Uf8RF(J&+d"rr@j="7QHi2M:$CLcSM-"Fk!d$i'P)0*D"H
-;L\^p7b;b^!/<PD_lnjP-Ik:%pj9r/&ad5BnJagaP[2mu5N&2!Z?M!FnJ8)O`,0_;
-Sdk15_Mqp_B8h9iHn"hZnYbDC^u#BE3mkYRgjFF;;XntOYCmu.4E9k#_YW\sn6pF2
-M1-<20"p;Y5KB?Mn:uue)=&=VnBSFYnQ4\MGcu>O8+"(g07M5R2R`C#nU'8>r$&j9
-e3Dns_k[!5*sMR0nM[N/4^6qNPP[^^rr<B'/)a]^$$]6Prr@_Ua'TL0iKaC%BO1].
-#DUu4n[FH>D;h#fiV/-"%7A0C'##1WGK,+kBclhDYCfk?'YZ\S'B2cJY5!4W^B-S5
-Hq=%MiZF,/&%iAK7!r;8Ff"kGi9/.qgV;\8`Hr\_qW<Y346X7W_G,6ig/mW*XD82\
-ipBQVrr<_FH/ag-iMXIC:ZDVfK/>e5Hq=*(ia;(ei1C#Kd=26_Am5X=pdmXoHroji
-L@buk=S_g%O8f1ehn_K;p^d7<r*f("O8dZgL@6rP(k9D$Y5Z>2'"e>H!!o`sYNacL
-M<Fm=_H!^4B4i!2VKfSm2/i7<f>4Wor+5ZHn42I[LH[6CGg#'d`I2[`pOdR+KAQdG
-BTLks`8;.h1Z8kthtB)*l/St'pYHV_T"YU15h1<(k["qQIr*Gdrr<Q^Qc+Vq55S/^
-1K:X2A@_45hB1*`^M#:q.*'3."P\;]dJa>chse.';t17UVsHY+"S$,VrY9fippp8d
-Bg)k%W]t/=JA)ZGB(7hI(\"oOf=q>K!TU:Xi$ZM=4t(e4cocUD@meeSCMt&;*:[iO
-(%G@Z^*NIu:[to:GQ.XH.K,-GSHHeO0_%*AO8)"g$_W!d+*eC8?\puWIOtCQph/W*
-$2EiGB7[c.kT:O'&H#,irr@U42rJ&'*s1Kmf>S8T(7lfHrU=mH*]j'Fi10u0B>^nm
-ps[:;#D%8FiEm44hQPmfg>Cg9MtN\PphraoB"Md:D\RS#dQRkLSf$uf_bZ.r#Os[\
-`Q`>p=L\7:D#=Ot0+Rd/_1!KW]HOGqq__X!nH2jN`O7fQ*ZrlIj5K.65+D(+ddP#6
-pg0$]!!P+UPJ/2Sp2YNspna[35h0(ErK;$jM`j_NIi<\fVtaoB5IO(=^Lh7WK%dtr
-[6%0:Sgh5>[_)'&_8!B*JMlnJIN@s5PMs2>idZflh]6r6pVe0Yd_61id2k1?.HMWY
-^Yl5d!rR!+;tbA/kMr`Vq!6m.L%3(=?&ur&8&<p*_=-*i>POV#j)&;FT<YT;h&!nW
-"hYX[q_241Ia]>AeG^\Ag#!<f#GlfXphr85:Q77/mgVqZVo(_2oIJ7E>0k%b!2OKs
-Dnjtk*t7BT+bO%pYH2KM^:WAX%\JFR)?#s&!,:m:rmEtPe3"tRpg7+m291`lAT&"T
-*S%o=?\^ZXKqeAB!9&[CWHb2Yh[2J)iL=Zlit&shDG=AM?Q-Wn?222&hq;r-=+YlW
-r%mi_`ZKrHfDHnd%Xor'(ZG,,Y5ig*q`@j+rrBP+'B?1ppnP^;fCh\K@ARbN=8&eN
-Wn:[.B5:[_SZ>lgrr?Z\X=WfaRbg9*W1o.tU5C@nMC>3V.'EXLVSD2VYPj_.J3WnF
-4rRK37<q+W^*<?%i=Ee4M#RGi]NI)"rY>3FU\m[Qf84AfL[>c0pj^/IRf9k!gd,gg
-KNq4USRljn:jLF`dNZZma1HTTFN"1ZJr&a(FdB@Dq`'&Hq@/aiD&)`@NT8pMpYs2J
-j%VGcjTMgApn(%F\*RD\^CTR4e8_dPm6=55LPW'L-J\agG79F!n*Fuf.,Xt7J(TPV
-!#&#c^]+:!'d))cn56ss+TDGH&,moBa++)=.Rqh#i1m(gT)q5cokqa`D%D[9#<_*<
-ljAF9OnXS@4Q?W!lsKN:+8lbsfPgci'//Ctrr>;i+5"?t;Et"$T<R5P-==fsrd_RE
-Z%(]-J+Q)m@DD_6^Q2b#!Hjq<`.-JgiVrnrT8"BhrM2Uir#tQ@LW4aL`*O,PGN-Ah
-rr=!c?h&bCS&ZQgn5"mi,i*]H`E']2p_WEQ;"4,2O+BD,j%Xkje9&l@'A;2#L9Bkq
-rrBCfT&&;frr<1Oai&ESrlDjoJ,N,,BDUROARF.qp(RD&["!],*W;RW3VG*:r&+8!
-TR9l?Q8C69rlO%7^Lk/#e)=lQJHs'J0B-@*NM_)Kpc%]>bJc[Vr%7E]ijP9ElW<VC
-m.gjpiQhQ"'B;$)4<ri+91&.J!6,NVC&TRQrr@n)55tV7@!kHBZ?4nIitoNRL]0C6
-X*t+t5kn.ET1JpR^*WcrSj2a0LHZ+D;q<LI)tBia?c,Ssp>tg?^mjeE?OhN-C:^%W
-O,(=(_LDdDr,g?a7t'o'il?\!/`?Rc?]':od53FVl44YZ`*]d!O+&F#S)[S1^LU-n
-K>sN$4DEdQB>T*PppK,-J6rY28+ACSSe^c;_qUf:INe4,M7e,8GY[kL3qnF&hh="U
-T+#k5)cY@*[-^fNmFBO7n#`MWh"'^2Gct$?"UFF7n;"fn+o"XfrEo8Nn^#&O!/dBe
-r!W%0j1nt/e28<XGZXTBf)-ETNq6&9a-Y3b)eg?9e*Xp.TY<//rZ9eWp31h*YD%EO
-r-ko;<UfX01=\5=)LMJaL3tB-?No]G3^8801ZA?6$0`7t+Rs*&0/UEPkh:34Vd4PJ
-a1a%SI!+JQ'3s2SG1O+Npk-SX2XqlFHt20\AltO"nK3Xrh.OYe`QdPKWaB(.cr!4G
-;+20r72/Tf(%L1@rrD->4DXrsA7+98rhgjF"aT!X4ph!g_GU*qT_OB64pUk@nO(6E
-(3SpP+Z)><8[S"0LpWcbG^/!-kmZHf\?rNf4=QuWUq3\ijH<lQXf5IBV*V/rQ#"tN
-!5cA;ci"PBMnf$@e,KFD/s#d/IMr.cU5/8_rr<6AJ,]KpeusjV)rVe>`7c;j+2o<6
-27q*7k$*a*I;Q@7gL9f3>2J3<2iB4nCeQV38>!PT-?YG\fP/\3!$`8Err?G4J,]LA
-]Jj1ZIb\<$ARDkNrL2p:!WN/"T>e5;9R\r<nV;rkVR:k;nmUk]VuHaL@_^umrm6/g
-/cO)r!;_3DU?h['rL&/rPdgUV+-5=U^HNsq^X6ENmpg-SUjp3iIrES5<O\SodcU>n
-qeF([V5Qa-Q%ZI!rmQ@1[>m>lQ&=Ei/oBR9HZWBu9ajqC(hAVnI]7h5.ssqI:CQK[
-[=ikW^Z"VlNCVrNKl<kZWbT+_PV;3[%ikk+a_p:Nqc'QX6julsFn9)H8!pjdNqG%9
-r*(8K2o&c1Ho(9tKROd9>."&^nB4VV[?$5q%"(e>/&OOh^XKh[i'm/VO,?+=kT:Ie
-$2Bug]R;9e=OF8<@JGi@H1X7CimUoBO&`[;m^t]_ITChirr@XGJ&:!mfAeg.mhC5n
-58lb"c#^p4'7=6KPP[`H`..9g5@fWN!9%Pf1]<Sf&Dc1?2uT.,62O+'GjF>g!04E.
-!rg/G!pm9Y*:"]Ra2AK4pV\/\"3][!1k1A]&((:fqRg2):2N?hn7Td+g%3*G)>#L>
-p.bLb4qpf^j5]<SV>)"gSL<H]l4*V1GRsKr[b#s4HqX6GifAgYZerS^$JXOC_@M?,
-,D4tErJnO1iLMX@p3o,V_^j^'"F-]Y*Y%mVG\?^bpuSXWeij?;Y!,)LdGG9nFlP+V
-CVL--1sZU.*rVN)?gq^G2guY>8+9a^$8(bIcUbc62>sKQ5&.4&lWULi'I-cN:"P3'
-n"A.s2#dQ1)J=f!n@[@:.D,+.M;<X,^TfGK^LnXJ4sg!)i6R?C(9aQ^=P&!WgjF)1
-[u()!l5*WY\`'.qrmj<BGO9D>Db0Y%ia"(oQB,nPdp;`mj"K.sa1`GdRGok9G\?%H
-TCIEK4qmFBn@+,N#jS0f^=<'6p3Zf>Jpd?_^q[2dm-uHVDDX$"ch<Y!H1>67rMT9`
-%f"LCe36+p3quS3CTlEX`':N9Jc>^_5DWK5L;#87)Z/PIL&3WS`1A4C\*UT!HqWrF
-`P7.rLW+`aHkGjlm4%'Ur'@H0X5Z'lr,qG""@$@&'7;n?Uh'G)rZV2Jd(FSmDoK:(
-m0.Fu?H9m3$M=pah[['_'7=E=^L2PHrZ9Vh*r'YYpndLR`81L@]G9qRrX&T)nG`J^
-f"=*(:E=gYe3%I*cQ%2M`g/e:n5"h5d68URr8$l*rX!</1Z9Fn5D9%:!rN<#:3[KN
-*72?@rr<2npp9Lfe&C4NNk_ap9_a>31\Lms5@b90kuU(Wr,\W^dJamM\&&(E!rPg_
-\*Qo[ROpnDIOt8(n],#+Y.q.;7+Ns&H*6Dcc\B(si;>6\^[O^"!W3h_]JJN-#jVEi
-ZZh$YYD/M7m'R(KHs?*,p*TQWnB9jYNr0.Z1k*sS!4/lr,91'uLW:f*ET.KHI!>@h
-j(iSdX2<^2eGOUM+o=KO3h++f2>Dmq=2o^l4s9-inAE0D!";&Rps8s?"QJoH`D;>_
-ZnKE>+3#DlKmZAbX5I=h?Ml2@(]5NS[tt%aiC8:G4qH9E%eubOg11"(lc2&0L%.+h
-Rd]Tarr<2m^Ae1e1ZD+b:AB*Qrr<IWp1?su5M?5"ID:Wb%Y);S]G'3FL42;\4n.(C
-+7P#43S/aqn(:/(M!tY)J)ML"]LDi#$K&ZaYdT,["o)HA^BX]<[IsP"*8YJF0`M-+
-VaC?;/1c;0@I%*e3jsnF!"0&!3gPW^ld#m^ET5k([f6>Z??hmFDqR4h3k+JcTj@FP
-p+"G%"n9.^SZ\OQ:JfMf9rWLLpe1K_rrBkp5A9M?rZCp3YMB%ge[2LpHrl(qrr@Y"
-al"fkr(caJKt\UQ6cBt!`ROFLKCEfpp>6D8_;7.85Q8kk*rZOpAb^iRAcBii?21Dh
-j5P!rIi6'EJ?Ae^r%7\riL^@&,P\\D49!15%(q!(YMnr,rrBM=loApclaD6trr@Xr
-r$U+o46+R1j*eT:/t_Ye`?#E!p_i*og(0%s$iNKn!.o3<*q;2UnbXJYc<gQ6COMmk
-Shg'[q_ruM?O+5JWVBf_:qcADUZ-3HIggFK"`)`H*PBq0bnF*hd'!%I'(4dN\^^7g
-,>b".P29Ef1;`/6[#=A+.&)SIU5C@nMC>3V/&4A`YPBIprr?V#i",gjc\@_&;-soa
-h;@daYM4:#c*R,@rrCP)a7]:nFX@6P27WB&iEnBgB)Sho1[q$Tp)a^U2rH?Ih]MhW
-lM:snMR:-M?NN>=VX*(e\+%)nUT.GLGa$2)54Q[L4s0\'p_0=dZ1qhLPP>MfrLs3G
-HmI2?05;R<^*%YRi75ld08SI&]C9TDl(>Cs_`n0:rr<IV&H:7Q)#jSH^Y/)LZ1sg^
-&*tCkgJ%RG4?_]k?c:jkQ$D=on6a)Jpf90J9CQ<(08Vn+5N+N5d\>1V50*/28+V+I
-]'"[P5PRe2d+;CL]AJ3)[GU>kqb2LV:]CD'iVQ4E#lUEGi<oS'rr@_qrY1F5%u7n7
-^Yoh*!/-R5>Q,5lpdtJci<8Z\^&<T^^&<Sdrr?O.!,DIrqc!A.<r3E"rLJ5prr>7_
-!3r0o(5MV.nSddo!<3$%`r31B!,B1Lp1NnC^b>I3+71ebrl&a45M>YeVo:lTh\^eC
-r-.Za`G^S4!"HXHGh?fH&cOtA>OZ">ItW7p\bJ,D-2=gESN#KiN4p?!ia3+0ILg@S
-P%_G1L,FF8i]m>\Qhr--Ab[qU8U+b=;Xn,4%gm\ue:2"ipa?rsn(B5NNk&rp'?(kS
-M`c(X,5`eXrrA!$f.[+9k^O;\-[]V&2uTeTGY_02Z1,e-rN^ochh%:]`8:[l?W%Zn
-I\E`Gfm$_$rMfaGIP?$8j'V-rq\/m=pn?[OnMeD$Mgr$&m,.=pi[9RIZZLU3rXp:m
-q"N_0K03/nh/iH8_qKR'TP6XEgA\.O?iL+<BR4!SUY(!im(-f$B4VbmdI=oYh;_af
-DZ9]gHQdQ?5AL2u*juBraSg_j!,[f-3b3.nRBLo*8,SlIK"pZ1r+H$0eDp7PYK1)G
--Kj_?qb25N^n7s*KQUW0rn%/MYcijH%fX6^5O@Y)PN%qIrrA,[!41SMA)k6uj0@0"
-A=ZK<qt:`Qr[<.mrr@Y+r%e$Lq`hu0n0?t#LOLt*414j+q`B$a`k"Bprr?\Wo`"oE
-?8:sT_9W,I^U'7m2saQA6ehUm?Q(Rn_S=fSa*PLZ5AgE#fLt7kKYM<[Lqg;e_F+2A
-pp]25m.'R$rX&DZmuA=d!63@;_nl?Q*]uOBST"4onTE1EiUPqopg)pn-iOFu4T5?U
-kH+RhpmLX+`r?#BFH;2`"SeDSCZGl<pa3cCC%3#":8]b+5@n15%h8GQnHZl`(4X.d
-1egW\?gp`R"9-:>!44u0^C>\/<'T<2?Q]2mibsLA&GQPjLOX#Vg(3-@OmlSjJ%$MU
-Hj?bQ!5V8!IiNpan9c\T/=m?^\K;\Q2LJQpkDoP6nJD*:(ZVk$eil%!pf$\"iVrnq
-YLq%6^[Tcsrr<9&!RIil42G:0GJqg]T+q8DJ&)fr9mcaapq,M*_Y:e7f>8W_rrDbR
-q"=MIrnF"ipkrkUpV7m?N_f0m9^rpYIqUKg5I>@Ehi/[@rLJFQYNU>MHHr;F5770u
-`&bqlr'B6m?XE7$NNDE:"n?0MKl9(Ri4VW[e#fgW]I2]ScN<m2`h!LJnHXh%B9u->
-DL<Jb*u9*%I7DNE?OqCN?.'Y;<4_9AU5C@nMC>3V.&)Uon&GA-no5^.rrB>Xn72Iu
-;ifW6Y#.V&Ma.,u>$(ZRFoMI?0(@\EmJCmQad%>-+80KBZj6T1IhpZ313i!]7irCo
-fP==`!7HY+m[O1bMZ3[>C\pEt!8+dX5Q:`JrrDbNYNn^PAcDan;W%1IIQr>Ir:lUb
-rr>K;!h'Yep\T8N+7NEog-\W^^M1H=3qn.g#l`5$[R4a.!!PP3ps7q@^$msXn<\oX
-F5q1kSeLUarrBrd%J\,`H?I5si<q:RB_q1PmCq$Y[>r#\D')uN42"86-'S2&rLElf
-DZ9]n*tpkL?\CWa]N=UG_j^T*Nr4.:*VDW0f_@g6\F;/&F>"/P*Vd2)YD;Z(>;(eT
-%j-%aokdW#dr]B4dpX/sXj,@%+hF"=d?-8&-W'9HC!YNYi/b['fe^M&[V+t8i]018
-Hl.LP*X2)+MfkGp?PN:t?O<XL>Q4[(BO2\-A^^JYiSB"%]$u`!NuD\X$f'tF*k4UR
-PGqj,AYqh;F)B0O_b0h@rr@e@rr@d:rr@`$r\?;/'OUbpYP]ocpd[GLrr=<CrY,;3
-pf7=on="jD?2]EU!!k7UO'hE%rr@^nrXs_U90_PdrIb'0rr<]>pIb";JDV2k1]'Q;
-%JVaLrrBl93pr?mhi;%N4rsQ0n<TL%MetZ$`7fEiIO9;,8+Ea7A)]"%-WAUgX%dcd
-9%NA]om:O3=k30>2$iUoZdeI2Oup3uFT2>t?4#/2-@!/\onKm;r'p0/JUSX;9(>u<
-J$ZOr^TtKcnR#YuUZ$\&CL>fe=@]&lIrFYf#!O>8rr?\G\t.ucV16?@p75s9::&M.
-$]S5Ap`'*&r"T+*^Ys/3!5b&lVu.lkn=]bAHpR_"^+B9a`Aur(%fZOG.IjV#BD+jn
--_:_G!/e*Kd(d&>YeRYhYP>'o2>sl?4\tHPnKukq%jL2YpIb";LOU.g1\!9?rr=*f
-'qj4F[[ODdnaTsVpc[YANF(@8K2:#[9s+=&pbVI>degoPg$3eU2nB]P%J]&D/Mc>K
-<j^73"S"C@i[["\a`ORX1Ki9*Y7u5>:[j-oHq!&N>2NVtd_%6,CAoF,m6!&\IhR(e
-`7I&!M5T-DGF&4Kn5k4KNt?QZ`VSrPf$['aG[J<k%_(G9&8DYmV!'j/V5iA*=j=Qb
-bOG*rdk>fIWGcnE)nB$LSi)\rdb`tPN*9@<5k;q]&2Up%#A@^Y#$C'$rr@_%62pqX
--B\<.K%hsX1Iq?fq@EN*1lqPMfmiO\\SJ+q=S\RtZ*Ue.G58ma[YE\`ft1mbjJ$SG
-^%Um>h9Cmr3O_Ek;+20r72/Tf'N%;D#OODK!$nCjm&9g_rrCUFnC"g]/)pR/gN--)
-ec,VWYM295dd8YE%8Tq$Sc8\(h*4]>[#*tW]tV/KQ]E`cD(VH?1X0oZ4H[Sk8.3Na
-Wi.1o?Xr;l)#bQNUI`kH6fIJLkh=UCXBIo>V<ZcGgc)fnTk/1oiOQ>,J_hiMO\S7g
-*#u!Z^k(Nq)h&NNbeLMLr$+.m'f7F86cFKWrn@APKlQWQ_HnSZDo1Ckrr<E+!9#=)
-ac".<!:Zr$4T$_]r"nmqiA^Z^3c9ePG^%3cn?+ltiK*b04<g+U%InrAf7c'k7n1)Y
-4rJ+d^'!joM;^Z6Hu8D7`k?^krmL[n`8?E[*t1!0*-dt?g:dK^C]1_Nn8%"/_I&&k
-rrC^&GF&4Mdsp<rpjM-$!&mHsX<uL_[<:^k9lEqu5N-*s;uVDMTD-_4!#kc[rKdH`
-i0.NR5O?@eIa"AqS)`u)(]-Mr+oRA-mi6TDp0dY+q`oC]i3o]UKAfVFrr=)7T2>&p
-a2\kPmtJLYIM;"]&j@ml4&te]N90h3idZnjrrBu>4qLNMT+bu>!"AMG$[@O#NFtf=
-pjN/B"OHibn>Gu)n`T7WnE]ebrMk5sq\]+g^ji_p_^g5iFrA&+NF0LC$Lg:I4_sRM
-GcO7%T>Zd&rl\Ksm3=jn+^342D/[AM&%+&.r,V=VY6M2+G^e8a\,J>UjBBQSXT""Q
-!mj+Hrm#upIL?)#IL,I5VlFtpi((XkLE?`5,H:I<mnUUe5,7(tL)piP]FgfDpl>)?
-dkj3;o3T&WZo^p?@d?_8FH&KE:m0gB/MBo.Gc`.YO4khu=pKq7B`A(b)oJ*kVf/PM
->&Wd7nMeI3\o"dTQ^6JDdm%<6g<[Z<qY^'N`^mJ;:Cqc[_\tB+cDq"]3qetT?d?6>
-)sa[1J'#WR/,mW)`ddq^5A0ii&rJ*3MC>3V.&)SIU5C@n^,tl"r1$9:J*`*k)#jTc
-j7\#(PYjkYci3ti(7"n"?sS9^!)'s`?TW_l?h.c8[Klc"kNr<M!32[1[Jijk3WB)A
-a2Hm/)Uq"DU$MTQrr@[\^Z:j_d!ta@rm1TEqLAI<lh]$-R=F:^\,DR6O5KfK4segq
-d9l%pT`5#7Aj>4H5PA@^!,^WlC)F#F>Q+q!iia-_4pV%`]G[bpZc(SDK_ueYc?nFR
-phNs_2%;o<n<M=YY5E@CGd[H$UKgRJB89F(]$*aICN*t<[T<6bX1qNBMG)'&RSVQ8
-!887JYDp7Hrk\U7Z$1p"!M]SoDsOu9O2'V@58(0dJ$a<g/'.3U_2m<Bp.+nqnLIf?
-::5SL=j-gF#iEOl!r/h7?eNf]8ZQVKfjEDN"bs(\heBZ5kN8\"rrCuH57r>H:Sd2]
-ZX8?l08U_Z^&=G8D*N`(&EMFo]E`pLa26_kIht?-RQh3E(&S4(Dh*9uGd#*D%_Q6?
-?bjGG9eY0a;#QtL%!\-!-&/,_'B3*4c[ie:pkATS)"#$gr'd6rr%ICirr<2spn-Nk
-g./qB-MYLJ5N9G3rr?[2!.qfNm;q8?J=[#@gTQ(I4r^-0>)/+p0DHgMM#J1El<aS,
-@':2FI`jWQ'V?Ir#6*01)S?I:IgUE$]JJN=Mk1OMcg;h6r?Fi2Ubse1HplJsU;Qs:
-_u!GI5I',4TC=5Krr<N+Fn%d--c!L&a,.QFH_6)i\*S>!DiK(pK`25Ub.]7u0;j98
-^*<>nqd$[fIq"Iq^'49@qa13Nn?9ksJ5]1;a7*!e_L;gdj7,'8e$Pb%^VbL1rLpuD
-:NZA;q],NUrL('/c]-ccrK9D(I/J?>Ipmg=Hp.Fer(6F^?i?4:D<#Qf:ZARqNuNSb
-5^kA2/)a:C57i'Oj7[-T\&'3gr*Jm%m4n)hp3"`r)ud_.GDUbYr%$3C'B1Zs(EPWc
-IKFmPpiZ,Ea1O%&rr<2<rN5u2VYi.C$0$A/i*Yl,q`3q+!ri8YR/[/m\&:gS^'7_f
-*<+(TBE%r7fDbi&Jc<uE5Oa]"j37\cL[@V%Mb!QCrr<F.p2g#JqdF`9im!dWi=.S.
-e\C'<GYc3Q*f6e1*\Gk=/)tO5j1jq0nKM0jMZ3YZoRGP8rXp=*Eng;je:&]k(AK!K
-4a]-e!.o9:bJg%V[VshDp.b&6Kf-&d^Bf=-br]&+Oa\!l$bZ8^5OI.'HtUp8D[cD>
-p4:_B2>GA2SiZ?eL!P95-%'Fs#DkR<iG\)Iqd]O6pj_e>`SN6;DS,D9rX&u%]AgTA
-n(H1*hE16sU#=7X*[^F&TCIF1#m:&;r&"AS]NaAI;crR&Mgc^SlbBd``kU/m`BUfV
-YGc^>nN9P9o2,C=mQL_t1W>I>J$iRrZ/Z;Ng5#Y6^#S^`IaK5Irr?Upfl-j&D[Ser
-0C`uSF808*YM*V_rL*S)rr<D`_Kp_0'D'-aZ]Do*Jc>`>:(Q%c?]=Q)f"V@f!9#'q
-K<AnAJ&b=frma1Ee344a_u"*,kJ[r=HqF*Aih$m"&q85XFFMB)Z_*<X*WFiD[#`1o
-rWiH'AG?t\hse-nF`5tUp5SQ;m*D_]f)@c$B8sVYG^!E^Dh.fmrm2ankJWu,q!5m`
-YePn)$fPm5D[Ce<rN,o%i1H!Y#ctD*JY!PEhhsU6i*@ZoLAq7[n*Y\C0DPV(rrC\X
-j8T*MX=M\3U5C@nMC>3V.&)SIU5CJ:5A@=s,qJuqAOkYhriaY&Q,?I$\d/.XcbMNk
-r'ipo&Wu'9:kCt9*"WW)^4+Ts@UIcg>h!\7NGnMKrK=RZ?W+G#o24%\J(^aXSu8RQ
-(NZj,Y-5%tHjr6ph9=/;90L5A9-Y(pjIFa2pgF]c>Q0SBp,W-Q`*<!MrrC7P+7R,h
-YdaQK+7+(K!/S,R-iX16)H$A;rkdUSI`-`@a5d%KHjCtf4olf*,+\`6$n;&^J'jC-
-`o$QKrr<(Lq;9U"!":=R%"HZeI`C:?MZ3YWJ,/!Lrr<HVq[@u%Oab=-pko(O!Isq&
-f;JO$p]^-ti0DlqJ+-\#5J[k_\q[n/1u3(Ipf$[;iSVPD7p"0*B^Q%YV17F\%Ht9f
-[R,4JS*[U?8I(_'5F8oH*gtrIq)FE=J(YY5ci4!Ea6`g+?Xcl$'N%:5;+20r72/Tf
-'N`>(2u`lAM".\IOai!*qOE#]'lo0[XBGQ'jC6QPljL#s!9n]^lfW3@MuHDNp;$\.
-ZX!I%5P7tM[_KqJa$9,Spm_9#>)3*A4b%S2n8)2(P@*#Srl)Y*rrE'!:]CF%?%6$B
-ZS26>QN$rjU[e6]!*A@%]&>h.IaQm4_cSQL9+MPIZfucPMR6Y&;hn:eM(\I:4\"U8
-[Cgo?k197[*A[?:9dW@rGAF0F.`d.7o&Jqp!Vl-$^Ce+;@H)bG?:T'JHPC<J5&;lp
-VqaC+1Ke)('U!m9l84Y_0t@I_Gi`2*WB[!+TC>>=pa7Z^`W#po59A_?(9_TFDrRCF
-r+Y0:*dGRrq!n5OB_1Q$pV]905E'u$Fu5a;ioQJWV*hA0Oj9j#G)N22g1?I!G1pf(
-SWluU-`28Frr@Xarl/:L/\F_jnB9dOML6i`N%F#<r(J\k3r[K-Z>13ea)`5$GB<&a
-'^t3CZ)-R=a<Qj-eZNP(U#gG^?<h^__iLVW)@_\!d.CZRC!c)_(6tUaBjmq(\m;GG
-V4EpEBkT)/L>L4qd`UG#cJIA$M?kF=WpE^nS,WHqb<c..T=nV3!!4^dq#\5/!5qrg
-"2#f;^P?/(Hs,uD_VQ+(S+2.1'(>TpT+8M&j0&`%Sic_Brr<E+!(V[[?9S;gKlu>p
-8ZfWkj)=]ZHp;[hY5#X.&Y2-brr@^j8%=1MepbSL/9A:nJ&8M<J*69%rrBim0E+53
-rY:`Orr>90^]"@=J+<abn>ru=q>8_B!:V2UrrA-/rr@aaT`5#<hQQqZJJMVjJOfVg
-/I29(omclFZMspc$:!KPBKu+_X8`1X7@4#S+Ar.=$Hka8!2$r3rr<*O^\IrB]aI06
-nGT/K<`32G'Xo`;c#iJ<Jk(\8L^#89:k<%A!CGP!'#Y=ceJ(kL'N%:5;+20r72/Tf
-GR*Unrr==@J*a-3!WN/Mq=)hBC+C)crrA)trrDCCi_TMD[9D:YMC>3V/!#*s=R]\:
-?O6Ghe%kr1n[=WonGD3@K_5_&$/TnZhbgW-HqE<^Kc7sp1sl$H`VpCVR`]Da#O<fa
-Q</9O_)g=%QHL9-<V8$?B\W"P+Fb:on3>i,rr>7Z5N/AU^Z^7HB`A(Jrr@U7r;5^X
-!/?KIrrAbunY?*a"9&H'!;#ZSrYd]lreMZ9O8KO`'E8'Y^5r&&g[Ft]Ii:Q@5N#?;
-!'^6DiM1>+k^iYFrrBk7!.dB4qrn%[L5iqI!29_gU]1;rrWN6$oC&IR)E.KlL`aWt
-r"&Q9rrCBZO8*DCn+n/V)F*^Ui(s@Q55IM&UMmp2Jc'3]!5SU7JNs)0kl1X;NP>Dm
-U'L4`rr<0#"TJJnn"]k#2Z*K0+3'B>&,6h<!7/B?ph8FNqB18+5O^nq:]CDYqENr6
-DnkLer+Q*1_#FCc5Q(EBrr@e5^Ae2-#P"Sh!!E3'rrDZZU])/iqu2Bn`fL$.p_3Z-
-cb>J8B\W"P+Fb:on3>i,rr>7Z5N/AU^Z^7HB`A(Jrr@U7r;5^X!/?KIrrAbunY?*a
-"9&H'!;#ZSrYd]lreMZ9O8KO`'E8'Y^5r&&g[Ft]Ii:Q@5N#?;!'^8MeCO;R)LPQT
-GE-S=&)r'Akr54F^)M;m:Ufk*kCW+Z)uW:EIO"WkXD63O%ta^disTO:TsjKGN025/
-GA022[E?O+dD0=2_MTbC=oSK_@ab8VljL"Hl$%mJkAT+5r_0Bd_#FD@>lC<[oi(Xo
-^WD\[5Opf/S,U</L]3N$IrsT;CfgOu?eQ%i`P:++!<3$prrBE3Io*ibnWp*Bp\%n_
-GDu0P8?]5p5Of9E^#W5CS4(a`m2>EqhX4H-N*BH04idli-6O8h-GEa[Xmt:8n`R]I
-,h_!f0B6ht&LO^A*ABsl<urHA=eEa?Bc=+pFU]6_qGker]TTGJ=POFO*:i!kpV]3n
-`EsNk:C?lkhcfNhVl/hs*\I7(bZAshT@mC)p3(Ld'BMN,*j>O4$\VPoURiY8qnLG.
-r#@eqr%-?Ii2OJuDu;1?)1KXJ%f6M/)h[[-;YYD7!"F5Ce&.dj^Yp[;Vec/uHu/f_
-KL`knZNpCR?PYg>J&2<b?gF3S&,9&;'(djP=^E?BYM":rrL*/I`]nC6q`FLup4`$L
-m@eh*!!HBuiMCebi"q1H3UgqPrWpF30'C5<4T1t'CVPb`2#Y)Z0,7:_!!M`@[4`*T
-h]+fmlQ<AJJ@mJnc\rcL`FcdP?c9\mC7cEW(T?Z'#.<t^qnde%nKl]"#jhQkSfd_T
-J*eDSrktBJpsJt.r!LjO!9&1tJ)T;_)h\#;ptOenchnF!_&`aSGMqqDrrBEKrrC#$
-:W#5BRJUcE:K*>JW;'rahqS/2iMDlsHqX!2a$6sj`OcWjh0_B\'CbJaM=DsL5@Ydk
-Sfa;)dBqf(1r&f9rrDs242i9X[?'!V_`tUX_uB]QG^^1u/,oVI&i]Mhd_BOHg#HH<
-P.tb6@xxxxxx!Q&rLbgX2>A--h]+KQ!8+X9O6kugn+]:5BCM*Sf)-uVCN%kS_O`LW
-J)e$.Vo.s=G_b9kL\+ePQfnAKg&q<]$3'u/"P!GOD*Q\m`ngjnIK'9Vh>:7Q!5Uhu
-!,ql;pc/`U7fAo8D,3Oga+O;6n[H<+"b1,;JX8P:nUJM2%/_?t4s0PmiWmC4L].q]
-JZnC.LOd)Cp`&0eZ15:npiiEZ2Xj1uV>O9^Gk#CDrP&9HIh;7%Ma+JUm.^#t6N+#N
-iOUSQBCPoH?(^hlrr@^6^n2)9!9%h](O+Ko`*.ro.kcZa)=WE:rYL($2rY"jr"K)1
-$F`jYe&QqIJ)M=G!/)<NQD`^QM7NqM]KrQGImk&K72/Tf'N%:5;+20r72/Tf'N]g6
-dpMZ<=8p@'^`WM^T+*<*U9L+R8FEX`[/EKkdZ*k"f66j4:O?6IJ7X)R,6%X=^0#8c
-;QFjb\V+4Tj-!u!K1O>fbJ*uVTp&[[!5BQqrrD-a+5(kqoJ12hpZ'0+r1Kh^0)PX&
-9l'b+G^'/fPSAUYhga"pXaf5h%fZP"Jrf91n+mnZYP[kKhu6GLrKhs4!(/*@rr@L1
-49#<'$9tib^Z]4Z^[K3uJ,)B#p0IFk%%>fHq!dbP!%98pbJ*uVTp&[[!5BQqrrD-a
-+5(kqoJ12hpZ'0+r1Kh^0)PX&9l'b+G^'/fPSAUYhga"pXaf5h%fZP"Jrf91n+mnZ
-YP[kKhu6GLrKhs4!(/*@rr@L149#<'$9tib^Z]4Z^[K3uJ,)B#p0IFk%%>fHq!dbP
-!%98pbJ*uVTp&[[!5BQqrrD-a+5(kqoJ12hpZ'0+r1Kh^0)PX&9l'b+G^'/fPSAUY
-hga"pXaf5h%fZP"Jrf91n+mnZYP[kKhu6GLrKhs4!(/*@rr@L149#<'$9tib^Z]4Z
-^[K3uJ,)B#p0IFk%%>fHq!dbP!%98pbJ*uVTp&[[!5BQqrrD-a+5(kqoJ12hpZ'0+
-r1Kh^0)PX&9l'b+G^'/fPSAUYhga"pXaf5h%fZP"Jrf91n+mnZYP[kKhu6GLrKhs4
-!(/*@rr@L149#<'$9tib^Z]4Z^[K3uJ,)B#p0IFk%%>fHq!dbP!%98pbJ*uVTp&[[
-!5BQqrrD-a+5(kqoJ12hpZ'0+r1Kh^0)PX&9l'b+G^'/fPSGL)OU[l+`UoK5>)&_k
-M$r3J)g7Z3=R]5:h(<L2D69qQ^h8cP[uAWp)/^?n=NZ$Qqf.,-Q%%@-p1p;-#QC`Q
-(>&@;Gj#&r*ts.VCJb$2dYG$oS,NkSrrA3tqa(5^fXL`BrrD<`!;;>Sl-I8^%(/<Y
-J$P,n^)Lbb0:Tb'LP^I-Ht>i2;%AiEi3?!,p7:`V[rZ>+UdqJ!;JI,!ZYQG_U$?g+
-CDq<#C"ej!MWuWKRe\b[*s:9Vc,[h>l$bVe,>H\%0R,Olrr<:O;lXLqZ^.:DL&:sm
-Bbu`8kWDRNUYYpr<nb2bC0%q>VZY,?lC*q$[s$2)R3d_ZK&0ke'E/;Nrr<IInM1"r
-ko[;\LqYA'4s9@_ZXnF@BKQ["GZ2KUgq*C;?,Nbc-,5@#9()Oub"j@SYj?LaBPjWW
-PZoriq\M[8;+20r72/Tf'N%:5;+20r72/Tf'N%;D#OODK!$nCjm&9g_rrCUFnC"g]
-.&)SIU5C@nMC>3V.&)SIU5C@nMC>3V.&)SIYEqIk0DRB,gB7H"F7t.a!7am)gA_."
-:E9B7aQ)8uq[I9^qG?k`dso3=?h-p@BKuA0rr?^3!<#.]d<5CbHm/$WQ14D=I+GrA
-XbiN?d68n)G*_>rTm92?rM"`a=@9J]3$*M'>MB9+H^p$DYFY[nBME]eSgjFPV>03$
-)lnPM?Q)L\YX<AHjcW>%pVo#A>#($#gVr?r4=-(>4u]H#W^!d"`nqFO+'AFfSf+_Z
-/Z[X_ghC`NF#D_I9sh#(C[%RJk2i%Udr&d%=9L0p*TcS/UGBr`b]!89YPnm"nTX[Z
-])A.KB.qqfp7_82q^hY^pmLXO!;<o#V0lkE;dG%6T>W<k7IV\ka87jo7e*+fItB_:
-_B4^t#.:=4rrBrMr,&dFpf6gmi_!SAqSf(erZ:?R)t70dnM=+Xf)-t8li%e%!.t/o
-=2p\OcEZ<rJ6j>fAs$a+!!FJ8BD`O&o2P5*m1#t/g3'TV]ER;sB>D5BrJg5`[(h<]
-<mZ)D_1"<3kD4L+im3L&b.<Xh4B8(j4s&9=%9_um?1j^/!W*U]_.<QGC&\0k?QO^T
-VS=2O-?qViqR>f5q_eAk+7N)+!8DhkiI.nhHp;Q>QhG:cYK%a[-Jl*+?[1nPrr<3R
-oY5pJ+1D-Ir'BAH)qeJ0HEO%5^Z0ORm5r-\BtAbsi<>[f<ke'XS)aMK[Vu'`62O/s
-'D=!PgT:0_p3HF_q`Ol,?82BZJma&M?gpsCfmh"**Vcs`qbVMN8,+J/=8p[`%0$<>
-CZY>LVg-\KTBu7N!!p@,!V"//(8d)NcNs;PgVZ5o^(G-!`&$3DZWbn$?OoARr-/#;
-!;fK>d!lXWi0U#<pe.Q1S)Xb@!W.BE:&VB4C]=CfS+\<0T=cEG6gB0,a2'tAGRrf+
-`dM@9O?p)FVrBAr^&&iJ5Oeu4rZB>BrA.U+r)]oRr%7^<i]/lW%!XEln=PCs3G#C=
-]>RSE5B$Q%#6arunINRaL#95/__:d4?\gm"rmZBOrMTYqi2<3PQ\rKkp`&q&pj8_0
-=&8Vgrr<2^pj:q[Lgk:Wh\A=-p^?%uOlNWtrr<cjO,4no\CWicj4t7(Vi<kYC"dKb
-VU0c+HsYD]NsbZ#a$,(5TD1%RMQXZKgus2ArK03,Tmk=Grr<4onRqb30$iO,L4<nh
-8&_)<BDD@:#.!(hpoec.-WL&8r"n:\?\A>&\V%fHpp*H*BZn^?GV0G(=h)lW/`YM@
-.iVh-rr>F9;+20r72/Tf'N%:5;+20r72/U*!W,T@xxxxxxx*o_omV9FXr<2["ob]M
-pX_=OC"d0cBlcFr11+0hC,]4Xfj)d9HZA0$l?4UlDD%\Ber_n`F$Gu^]#(bl'n!-`
-rn_"ep4]I%kka3(YPTU/qS&G=/Y8`6C;1KG#H-iF(N?WNX`&#nrZjjPCN1!hZGAY#
-b8UMaT^buGiSa_9Ytt<?:[E6(!/H3cfDbh5g-=QSrrB<"r?"i%FoMGsKAkG^!'Jt)
-rr@Y(rl$>p+5<^e4!9#siqL@24IgAinL^.$k5aF\GQcN'nF5o!S,SJDp-AWX_m/,Q
-rco3-_o'5uDu)YYf`V6S%`a+7q;bEQ!"TS<M8/9N5@b<&4!"J'!9]JNZgbHtPkZ]t
-a&1>CT7[(CZtI0mMgD7aCq%!YTCCINg(02s1qP-(4*8*aD>Z9OSP!**=1FPE'&r.b
-Kr1.aK:*uRDb/Km=*<KX7nh=umdG9M>?J2][4OU9n=RRiLgE'jACInGoS[!YrbF.j
-bHK^S=]o"qqDGpP=0YuFe*8j<a!8[E7Xt=`)Q3N6^*eEi07M9?r6E^i!"$ZErr>;;
-M;S)dhm=d2!&M!3_JuT*cjSiWrZ_+($3("Lm2thfC7k,"pmqEbLqW[PJ+G`lr$ND\
-r;aPZJ)W,1d%C6]dJj1Q`i8t<5VIuOpl"%:-iX0&["#r4WdiA'ickAGp[&:e!6jgP
-n=46coE+fYrr@kgqa,f(4%K2r)Q3N6^*eEi07M9?r6E^i!"$ZErr>;;M;S)dhm=d2
-!&M!3_JuT*cjSiWrZ_+($3("Lm2thfC7k,"pmqEbLqW[PJ+G`lr$ND\r;aPZJ)W,1
-d%C6]dJj1Q`i8t<5VIuOpl"%:-iX0&["#r4WdiA'ickAGp[&:e!6jgPn=46coE+fY
-rr@kgqa,f(4%K2r)Q3N6^*eEi07M9?r6E^i!"$ZErr>;;M;S)dhm=d2!&M!3_JuT*
-cjSiWrZ_+($3("Lm2thfC7k,"pmqEbLqW[PJ+G`lr$ND\r;aPZJ)W,1d%C6]eqSh:
-]<;f]3i7sPGC-4Pg-(acWG3>YM`qjQ6L[16*hBH0X4lesnC`'7>ls0^b4b!`ensHY
-ZARWFT2)qO8J4H!Hoo;3[P,E<"SdmXn<]&^4a]9Zrr@n'4fDV">1S\4kWU0!^!lH;
->bo_B)et$G&0<iAB81Y73T-&kA<'-prr@f@rKmNakiBGmrrCuL`#noaU])4Ap0[h"
-UQYCRrr@Y#&:a9!]&*R<eis:d-htGBn.3FoNP5JaLQ&lAH8PR._n$Y>4@st#C)8'C
-DItW@*iFgrXR..?^XR1>)CmBu::7^`FUO+C)dA5V^5K>1e=tHb9@X[+<gM<0lO3S,
-hV&j@[sM41/ab1Q]"=C=RsD0pGiVHYK'!Aj"rUiohrg'TMuHDNp;$\.ZX!I%5P7tM
-[_KqJa$9,Spm_9#>)3*A4b%S2n8)2(P@*#Srl)Y*rrE'!:]CF%?%5Jpkajs--gYF7
-$UOQ!iQ+,cj%WV70?.cZ1W/hL)IA_Jm3_e14Cl%n[D(5b*@"+-;R>l]p9"=XrM-@E
-g.SF!g-[aACEYS+8,P0Xa1EiTN\JNC'B61*iU(.6Q\(R^c\1sUM#RGVi7)jEM7*tC
-6FYM,e74-k!pDOcQIh]Se+FUA\(5r-p`kW(RTkU0[tDr?i0[lX?i1T[i31/4h,F$7
-n.peWHo8V,kD@XE=MOWfi6N/5UI3Qb-agM52!ZR&/$%s@>sWH<4eA>@:=7h>CFe/q
-8T*,9DsQ<Y1?ZHFphG<RD/]28^Z-ZUiLg,MiKldfAcDbI:#d>k+[>J$J)P3n_@?MF
-#]KVd5OblV!9Bf&`;]i:&o[P65N+?s!16jc,X9qrnL^r"j8T+2+TDGX1$nlWp^?$r
-JbqQSK>Ck#piZ(Uins+qU;uc`p5JsL4rO-r?2+Tne)D.>nR(:J_!d-;&O%:aC@Kin
-:Q5;R#Q.Bf'3j(9<5/l+0DMTg4q#_[*Il!0_ce[RD6E0TpR]4ZYP9EalmM;c`--SS
-n41:?pd[R/+8c0:/pP"F<Z`!(0n7'ApsJRYiFg$R&c<79Fl72l?f9H6!"`c;9D_\<
-_Ai!2`HoRT1`mB[dN/bjVrJ^<%Y&$Ba5S39V`[$:=.f83rWpdK!!LsDrr@U6,5a@1
-rL<feiF$n'ieQn#!9#$Q='rE2g[TpVfBiU?G^oF,pj]A@ibnmG(\gkec]2?HIN`sF
-i+Kt-!![\Uo`"n1GZR0*.B\%_[IF1rNr1]kD]J".e&B'4r"6%*J'^(1pa.rdM;nO8
-!bree]RQaVclWu"5B62qiGZ\r&*b5R5Abo)?fMBOrYKr\pb/^`HLJb4M15PT.==nh
-TmU#52thChJY?E93i!R@1ADI@mtY3onKs<D2hucZWG?r)/#FcbbPhffq[*0Bn__.>
-MI$;X)?#ij2thChJbr%:=SQ\%(K:*unVbAX41P'`qd4%1^)d0I^*W\TnTToj+R@l,
-q"O:\icg1E1qa8nnX%:E6fLmtoM$Dsd'V+,C0D@<LSR4Io*=Wmrr<0trLQ1YHtE*9
-n_<('!/Q"gqal%eiZJ(4J)d1!'PlYCLZ3/linoJS%=AKWL%/mgZhRPf^Loq(UW%_h
-kJSI$*sn^l4A+HDrM=YoL)P!Kb?=L4)XBXa$JbD,_R!t6Zd_i@'N%:5;+20r72/Tf
-'N%:5;-j;#9n186?i)<;!.XZjHo.uEMYP6cg!qr3&,$M3ZF.@ep?,-"oRGQcp6jHQ
-X[^T*L@2rVe%@-iX32I:=dS9.in!6/VhS1pUQH;@L&fiikCr9p%g;ZO7IZ@kFA4j7
-Sf.%[SSP$7H5;W[%@3K[l*aG?2V+1[d/]<L)CWp5G:b)!niJS_rnWe9Q2^h&i4n5r
-Ho(d&Kq\MH$:Fe.7tAA5FT2?X"oeQ1=8ipFr$FTIrr@bHrr<D@rXp=J7"=0+J&26b
-V>gN%?i2$Rn<O"R`A.Am$&A4Mr$1+gOT,=!Qhs;M9Dod@hsK)]a^=SAOoGDk+8@6[
-m'H]l"UFg0YC(!]OFAX._VFp%iL_1VT+!U'&q@b1nJAu*@e%a%iU7/!Y>WaI!3uMN
-pd`/(rQj0(%iT\)rrDpkcUt^pk5Ng+/\[o1m@L"gBRCj!]"T'[D>gKLCld6S_O:^j
-[/U,_?a0k61XGtNI<3=fB88'$%H8K)BjZW6Vo8T8!ri8;][ZT2'l)J%Xo4HVBf@r!
-/cPg(PJ]QtqZa:o>Nl(egX](GTc*_RIbe?>rr?l=ph?Aq<Z24(Zlf'S:YOjh2sb&E
-&,m6u1W,Ygp<U\gJ\U]6rrBo?YBVl&&apHZU\dQs3fj1b)LqZ0\u*%<!!r%LDZ$!M
-m4Si]*aBe#o0:t>HYIpmJ&+=VBWUU[euh5Nrr@m^&\6HPN>GI%n=HKR(&lcJ/CZd@
-4j*cp>orIQrX&(C^FbY8M!CQPdk8EKgSmBii/d[nNs1$d(\l>V!3+$*rr?D8=3M^:
-pt+N-$hhsB"oC=5l2Dcg_*8Z!Ae3Vaj'RUb9:K3Ur)IChYCJhP^LAhtpcD:!YG0QU
-dOkA]WG*H]ViIoB9l#0Nl8jpeUSRZ[D(eo:XfQZ'4aZc&i",`#"68j0^MWpRi?-$W
-#^d`A^LbS1&:@CN.<X\.$YUS<e%B\Z&!+<2r"OY[$>KAdI`koMO8Mr9:P]g:%eL9a
-rr<YF*WH,U4>$OFlBbC_WT-bjrnCd%^'&ZkiSKhHL[e5(3T-O-rrCuA^UCVj5MMsk
-08R=kHs=r]+8C&u)Fs]\\(Rk^*GJh)dPQ1J!/9J5!!LsQL-KK](4#WQ-LkH$Y?Ulc
-ic"3Cj4t*\^0[KLffTS:GXkHW^U<u*@BB6r?hf61rX-:79&>$>^DT3gh<7'.oH,#s
-Qc(!8:&b4I+8/XHnE7UUNW/tt2!k\M$0hHi"],)tZsS?5Zaoken3=]1'_MD*MVf2!
-D>sTkhA5UY`gq>5cb_p"qo#rB!S=t`IMHN<#WtuEMk+Wie#`BD:]:]`qc_eMn)8K-
-9fp:#&,\M9J,]KXBE%r<?cAR#rWu*p!!Nl-pZ'"-J&78orrCuLSgNr>p7M6rPMolh
-I5CT.rJ:C(Ir+QjphO18!/?p3#Dtb)2UVL@r%7^0i;WfD+,4.12o6LaT==`4qe#bS
-ph0IUrrBl?rZcZB++sPDpoXPr"QT"O!0/YD$``FI"nALDINJDUnQ17Ui0aNEZTmi0
-H*$eI^t7HYr+"_\2oGLT`_VNL0sJ+UcB%KE2'!dtS/rR;]Y5rJ4B&*ASj1j)K#@;Z
-rOb6YA,A@Oh@]P9q`im2KD(T/YO4Ver?'".(r,!krrBO;m$I_P$K"AC8*k*i<rUVJ
-2qBUq"+JZ?[\&/#-N%$H!/.ZPi9/"]$2?a)rZ1MfJp[m`Y<V"][.8T3nHH:g?\:R5
-rr?XaNIEAPV$G#$LYi`Orr<SGnWWZQpq[3N5E#C$JZX&85N/5p]N'+DCZ,3ma1i(2
-6MPDnC\k3Aih$VRJ&Yh&IQDj:f!WhZhC-pe8#Z>9pk<_JDhXK!&H4J1Do$`9`p\a+
-:XMTF;+20r72>@MNW0">i]M#V!+]Hpa8VtYZit]0m";?R)E*lX?X7BT+(h*?gPa*+
-48D]IR%*%&_<DgqcQ&l=nO@^+$o[#t"bF;Uj7_ccIL1Bl56Nf)08[HNB?03mHQNl8
-hZJ@?DhbCa5KCJOnCFN;!$L/1q#9u6D[uOMiO5)P#)VuMpk.U6$s`)ecYmm$>@-&X
-P8ATTrOMQmN8G6*pa+o?45u=fj72./!(alp%Y=+Rp6tbgrr<ITBB)buBi0_0?#S]Y
-WGcY55DS,/D)@'eP3Yqh#KH`ge9"?./hXPi)]M=YS9mEnM=p7GihsWY/Or^1HSsA:
-7<S;m=KUt^jt.StL>l;eUP:5\Jh)bHmH'`W96flBOqs$pB+ecOrr=8ZQ2^hl?%;kS
-9>!2j4+>slnmu1:#Q:+Sm/d4eWh78<r_/nDrrA2%`8C8,e3ET!lhdRZ!/"aqjI6(p
-J+bJnci4"AJ,Q,-qU,80J)lj'rKSIchtk)O-.foZ72/Tf'N%:5;+20r72/Tf'N%:5
-;+20r72=`&[+G5=Q2^iiU[SNg!*A@$9&Z_PLqdirq+''(]DhkCg&"]tl5AXYr?uIA
-\GXD<pA3C[2ZEc`2oeHO0<Ah"rrBl-5AaWL=&[_`2lp/,hW)D$n4pC]7u+JM%o;^q
-QD`\I*n&O2#IX&+q@AO&Hpa]ErZo#*r#r4fU=W62083m)LP\,DV-\E(9_"/Kqb[2I
-plY)r_Z'TH^LisbJ3"5.#BSkk#JtpC[f*O^C*+)`#K!&LpegQ/8^k=<i#$o%Hp,mW
-!,&Xs?]U!9eF5#XRf$1TS\Mu/"b+I_!BP\;iX9+JT=.P^n`)]J(J2+,?e`3NQgK9@
-rr<1Rq#1(Crm&ubg=,binZT`Dc[`TSrr<ZhM_>Qi_I)9jMn7`*_r$?7l2Dh#O7>]_
-;RZT*Klulp`Vq`5KmM(bDiHspr[6TQ_B%SCmu<qRIqZ$Bf3U0$B>e`)^PLe:7Xt1_
-+2Q8*J&+XiAq/Lo`uYBY]AP?rfDZ)Oq\"9?dXFAnQDsa8CDs+iJ(Q,Lpi60qpi#k+
-Yg>!eB[;Qb,D^_hrJWirnJXWKhCe>0QBgrPiYRUR+DJP!e\"KCUVKO^XZ#hADu:6[
-p9*p%`t-o0ia9P%!;Iq_rLa)iA1rc=!4S<m&]`qFhs;[P;>V8V6%<SJ!83;(9CS"]
-D$0L0pb[F4Hm\XOid]X";&YM6mhC"JitqVD^Ps<Ir"nksiW6=a!/-d5H_6+_FhWHW
-C&\1kM#RI\n&:@@1Z=,Vc_Gk\rL\SuQa@9_TC>bIg2$D>p_!"/C4?GkLP1.iT8=U1
-pebhr^I\@Hp^?,cLjolH*W:P#iOf*i$NC+C(SZ/7CL7U%_E[a22E<T1dI6OQ`;Q_h
-%,W')!8sIWS<<\Kq"_Pb+7R+][]o#\alhts7sH9X:*[S^p-ns:rrD>(q`i[=rr<EG
-rX,.p!(Lo(!.X"O5A78"PjNPd5667JrrCb'`EG4=YDoi4J+a`Sambq?r[.+n_G?*i
-!3m(%+6!5"g4R@JrrBr$Mu&Kfp&>#Oh[R5<iNLuHrX%E>O+fb9nG]oVT7\3d4Ai"l
-RRb8f)>lgn;=J'tBRVl7FlBlYA"e9G1r&f3rrBhd-c(9RHms!nrr@ueX8^LR#Q-%?
-n&JcIgL'GT*tYetM4PCUqtj=keb4L#T>QX\a5QuoL[a3pT-(H_m<S4Xp4Ml7!/g[t
-iS?0Gn%uhrRKp_N8)T0?%u(umJ@*!-qu]Fg!.n$p%/;jP^VuhNc&_7uqbQu?i(r`I
-n:'-c:Y%aCrF]I8O(-SP/o!Qirr@XnG\?_,McT>>M*+0&/5>Z3j5U?5q_\;sH=+Z"
-SKGY^&ZpF1^+/nfibofCHol8$d!3UIpHANV`)$.Q#OF%GG_8NVO20Y-Sfdoer,&/&
-InA%hr*B1:r$VH4^(BQgRZE0;C(Ju^p:0TFM`aY0C7bSjBAmbIpk-@('u+8ILXC?=
-gW$rKnIL=ir%$eLMOH^&L35#=("het%mYX&R'nmo44$/JpcnK!rNH,$qaSR)!"5S$
-(/O<.iS+mqgJdY"`uk(^g-=r)iD"Cm(,(:;F8I'S_r*.urr<>NJU_-ifsAKn&cVib
-/b!i?-^CJ)5G(sG5PufK1\#sS]Mmf7`8C&X>9=^7rmZB9nK7.lqd8VQ&,uWH+,Bh=
-n8I\InE9-[Z*g3Z4sbH7`F#mZJ\PZ2HfE*>`J<f0C[hMCh[hI?+8e"c=-*@]Z[;f6
-?OH]^[J6YorNaW*V8'qH7ooD/IOFJ^WdK$[GJUJ=Y^aJb^MEiLMZ3\GMYoa/QgHI'
-2uJ!kk+2MP"QS!]YWoT\"T3045:3Mj$blgn_H*98I"1Yc!92>A?eR`_;r6F,]>?`q
-o09Ro(#gm%>5*_oCD1rRfIhUlr-eO5]ITaj?a=%UYCliTZnI7uCZ5j<Gj"dVpo"!i
-IafDqp_WHVi]"g!h)iK"9s;L-&8PV[^LNni%nQ6RLce,%B`l7?6a4p$&:?Y9.Id)I
-h[I41HkGjCL%'#trX8LLnDBl<!/6F4!!Q*s!2DLOJ3WR8T<q]"!(qFKrrB3O7e(,F
-Hq1.1ZUaNZM7c'UlM^kT"h00_Ff"<UcCLtM4q$m\kCn:>j/YBQpp.oZk'N^1G_57t
-4uDbQN,>q=@OjT2IgYtW_`f6$fsH`c9>%k".&)SIU5CJ]^Dm1Qai&GUrlDjjO8Vg<
-BF=S8!;9Cl!0A#aGQ.YUdGo`T;dTg2o2kWCrL3^Bpl"iNpgO1&"Z?7A]L;;hh`a-Q
-r\A`Ap7D&)j)5Od_sm!c]8gfhT+G5Frr<)6,XZQ6RWj<FC%08L3P6=#9?4VdV1A%]
-`f14Y4@*m=L%PhQ[%F%AD'.Jqi<SaYrr<2Ipm(_QHo8@^r#bJ+p.FkqJc'HFcNX*T
-_!%C0IqLFgbJ522Ho#2Fn?^(p,IDc_PHO\U;80R8Dgc5L9cqEi'_,bO=FY#:C2fF9
-%ZC<Yn%oV4#l'bd!)7XeAq0Un['0?.li-t]?/`Bjg\0Y,!0\o2YWqL+5A1T+<;nJQ
-nmh4)r/MgErrB:JrrE%_4b%SR!:Xf+r0(LA&,sP_g&D'P!)NUpZsA/b5I3$@P*Z+J
-ZD6serr?-``4G^>.&)SIU5C@nMC>3V.&)SIU5C@nMC>3V.&+?Vp6u!]P#B'g<.4iI
-!:'LWBj<M1jW6;SET+Zk?O;0,r$ClrhEQ[B-YU7-quPfAe)sA>p[IX0mX.BpCIr)Y
-,Z@3OG5?@[b1f\\b`L%H7Z'I-%tn/7,5o!XfH[WLrr?m(K:7LRU+O'Tmu0J@0,X"]
-.D!!ED2)nW<q,#6Xl,0D;UlWbqd&WTi?&S6>fmJ[l'C(]eGfO<X?UU+qE-Faj8T)j
-J)Xi8!)*HTpf8KG=8a0Vm.()ULd1D_rrAns8j4)@h)XZl_Yp&kmRQV,nLU<RrrBl#
-8+RG`pf7=o[l=7,-g^U-!/NT(/,oUH#tOnCrrCfCrf7`dHiF)a)u,]u!7M(GrY9qM
-c2Rc6M>KI9!9+Ic9)enUJlSEKIa9)O[3(8J&,mr*d%;EX1\"<>,/*LoM#J=f8)^qm
-X]+/lLM,Y.'DNNc?OZ@M<T:XJ'7>*#l)JuZ[*JjLn&BZSOelc4G\5ASST4,eT)J%n
-j%l`R&cVhY&`Bki,6%W\rrD^OrL`EFS+[`pg[W#8p7V2/qdX>IZ*2.X"l0+X_-jo?
-qbg\<nS@.q`1P_`6MP3j8pIDSSfdJ]m6CUN"CKQhASLX\j&bUQnNZ_pnG`L*+8@14
-_N0[`#C\4KS&'T\Q*-l@`%Ma:R_Qf0$2f2@Zka]CdsQZE$9.tb'CXZT!9<O)rr?a$
-pg=Vd5IK('rr<2;rL1,IJ\M<e!9E'&C]=BjT+pYl!,)o<.Jrlb_8#J1O4p5HJ+1])
-'7LAhfDZr,e,C9?pc%2>KKitMO$4fXDs[Sbhh'IK8&B`r:%7a>Z1ssT+1I%''gMDZ
-pbVH8p6potfBib2rrBoB?c2mDpa?Atr&OX,r(Hh$q`X_8p6bUei]l*hp'(Dr^,C3d
-p6sH[@f%h2gV[A6]FFB1!9-5^YM!j2?P@l%Hr0Uoqdt<*?OK%HIa<Kar#=WCp^*UC
-_X6grO2/M;rN&,&qdFk#rNe_#ce5eC58&?0qdb(BpeUF4i7I?4n8lPjZpoi?1W*Q2
-VX[aT$i^20rr2tMp3\af^Of18^i'ATa^58MF5d-!"o*$0?-mt;n;lPcMC/*IW;JsV
-RGqQfHp@Cqqcs%Hpik`b"6)8TrrA]VDdOL`bTF93llg*?.;D'[HpRX!koM&D_>aK<
-J+3I<a8:?(k^FZLBCQAKIgl<7rrBl84qrIkINr3WOSD2Z56`^R)15i^#E?G!rm6)q
-pq?1;_O_bB>O`*ZDoBs*pohQk,5?0IMc[431cTqLnU?Jp6iP6c[<@W.<IWE2/F`t'
-IqoQ2J&+*/DNEJI4u$^dh[)Ib_;Lr<?NYdmYP9EAm/?Edp6P6_Tr3-JitoM'KV&MB
-08Vn,r]5PF;nb8:qo)nFr[,tg,lASZU:b^>]AbJoIQ)L5p/:D#Kf+>Z!;6Ek[/U,B
-0A<>tT_Na#(?>,,pcmeGL#3;d62P6Kr'U7]n0>jn"$^Pq5A9Kmr!W#o!;mGdir9"0
-oPH8TP43,NoD:9?.>,PWDi0$]Iu=7+"oNl0DhihJ[t1pP%tdO7T7sQF:1)^F6L^?/
-O5XH54puhm+170G:\Z97r"IDlC%5iprrDE9iX[,[ci4!L[Xk1JO5`B`IN*YHp_3.d
-p)WX`lp\#NShJfu_`tR/!6&m0VtR.[A02@H-@X@An431jrM#(e?eNoHh@xxxxxxx/
-!<3%2%gdV"n:uf`3I]<S!:Wggg<8[jK"n]PM#In^D"7N*mC2t%rmT^l3[ah="2eG&
-nE5D;"]+WnpV<Ej;Jueha1iF?i3%MnnNH?X:D/&%rL?)b^D[$urr<To&H9sVhZl>+
-pk-We!3ug"q_3C(n_UP@K>V%7oZn"OrlDhirX;q2ci3tKr+5b2rl2NUVu&^RLZ(Jb
-!W*6%D>h#[iSFM6*.B8_?FnY$@ZQG^n?@C[c\UKJ;;^&.p.bPeK#R`;?Os:2Iu/Z_
-?\H'2rr<G%_I'`)m(!qKhZNYCiD56C%esQ5&UtX5?3^0PnAeJVoa=P4I=M,[rn2e.
-#Js+UN$#B,Vu'hN_R8n=_*?ZR!)rZ2iSWCfp6,3iq]L@-h@B(*JMb-og\*`-UF5h(
-n[%7WMne2BJ$fgRjY-!%j"D;Lg"Pf-"25V"/cCb0'5JXQp_3N\puB=SLVsR-&:>\s
-MfnR%a?O2WgO&XdZhSV3=8)XB]FX!$!/[$!Zk(.efui(/kNpgZ4\*Ei!"8]TYC=t#
-!4G]$&TdpWoAU;6.p;Af`/bk@O*kHr57d%O[=\0`p+4V(1@j`P+4,,ugKrY.K)!UM
-a?1.52/?BTiVRNle).Nn_;-X8]D\=M.XotJ+8r%KD=G1:$,Q0*)#OX.%m^)I]QrI?
-h/D8]r"DT>T+Sd]I")(qK!>6nT,%>8Gf/R&^i'b]@JJl,2Q-%Rj5?QJ?Q9!cr\N$9
-A,ALg$M_[2pV8^O.CYN7UAZ24OT,;pYDBq,5B!aZJ)KdU5!AoG_WCdtKHL10<S!f#
-rrC`9a.KZX`P:'[i"q$Y,OqPH?OqT$r&siHFeO19nB^L0q`Ff7qNlr=2-[7$r#PRQ
-nI+>H^n2]UBV-BZ@IRL@'E8'L'rh*OrLElf?`9]V.&+F;n\>!l7u`#bMu4Fl!7^'&
-J?PUF!+et%!IiXMp3du@rrCS,n;=m-?2-)M7K1TI'RhBV9E,!DIe_s^FC#7Jh;[fl
-i]"gEfjj`BdX4u3n@$6oVhcB3HsQ8,i=EkfL=[?YN'83G?8oEGF\`kL55tW"4u;\o
-XfpMp)WmT/Tj:uhMoIjsq[7YXj'V2!Ujh$)[ibMsbnJ%p)RT!kg\_BVPV%92(W/Io
-r[.D]WuZECLVs_W2oXYc2,+;Hiua(@(M_0\T+A"BiQ$Zqd-&mMFhZAuXYW^H,%&a-
-^Z;Qq+TDGGO,8AYf54Q$rrA1>9)emq0#.DdV;</pS\K%qq(f/."9-Pdp43/CePG2Y
-rr=B1)ufoZiSn5A%,_'bksO(s:]CD!`IGuerLj/jls'F\rrD]k!;f4:oqVC>rrC.i
-Du2"K+2@JtHqUYmU5C@nMC>3V.&)SIU5C@nMC>3V.&)SIU5CJ:5A@=s,qJuqAOkYh
-riaY&Q,?I*+7W^tNK:mdJDV3X1MW4W)O?`ZT>FqN4sXlhFebaVGPZN8O,5thIqNOB
-Oj+ki2ccAhd+cYf1<1B[Nq#Z?;!7)8!e5.U=&-'N[6NAdp/1<[Tmpnoe_c$]p-8>C
-nGmfSH-f+Y4*]I$gIo=9Gb.P@hF+rn*Y%W"(Qp#b%[dGg2dZLaL3ig25NqW%AO$)X
-rr@q+r@f-SiL[f&&,JCafh_VJ&3o0Hrr>^sOhYP$gVn^Gp;[&r&>.rhfK\AP,Fn;=
-pAY,(kFp%i%i@8M0DK0egX#k[1\OuO!5oBBQi@'5ogep9YO1NQ!(WIS/H5_0#CK2E
-!9j9SrYa>]oD\fcbl*iWnH6KOrrD\><un8GIaXhi^+4RAn<_/@M8'5n0mH@OkDQuO
-nD?R^rYU"unTVeiGJW,qnFsf7Ld)b.jOQ0V'7=oslYkdD%dRF4pfHKK-Fg@onAX7J
-Xeq+!FUNQ,'gA2X8,SlIK"pZ1r+H$0eDp7PWI>BWg><9%21Es1*ku<j%-ScE1li2q
-%f7XI=2\GZl!>@6pdP'IIq2hPiSTWEnB@IVe,3:IhY^RW!/=DHRsUoX&cJcEc(O;C
-n=on?G`0Js%D5j*G_9)*Jc,NJp4`MHJqSA1p2g#,nK[#]Lctq?clP.8Qb\[8rrBia
-[3+cZn^G8[n0UqbT<n"%T,r6<j1^?lNdPW<Gi.PbJc7S&e,BrM1\P\\\)Ru2ph/Md
-_;C1-0lIP8(3[D1nFqb:>HVZ=(;0JG;uNeIAW7ADIh]U4lT_bcm/I']HqjAVnG`Jb
-pp'@miRXpsPMt&INrBRe/CHA'$cH5P`4q19&\@KP?6K#mnG`J^nG`KG4>X/**]!7t
-T;6^Pb=D(<KrNkm;-@xxxxx[H#OV'N$cb<cm(F5%l1$"VrrDFJi1J^Vp7Ll!m(]QJ
-8,+P'S&'P<n?9`*'mN7B8,]*1CA[2D2(o$GN&6N,_uiR*/"u`albRc`a+j7-5>M!;
-V0L!qkq/tfoPY<<#K4C2?f>Y8T7K%Am13j1J&9S-J)]A\<;(eKBD>8PiQi;>!5dsi
-+70*h*sVX(rLa!JnC,<Rle5FXqsX;c*tUU\GQYh>%IpWXr+Y,^KpFsmQKc+6nZS#O
--1Lo_>4Hd$kPkPOg)gd<+8d\i!/7oZ@d/C3mb\Q1r':8^Kls(nIbNZs^LZd9rrBo5
-XA.["pdqj7oFD^b/cDFC0RPXcrnF`anN;,!LMo;%A)k+Li<f$\V/bH5D\(Q9qTc#&
-*ta!<+5(/^rrA);pfm9,p6PZLrYKrV\bL[608gV'%_a.bAGC<*T,l^7/F\CTipRJ(
-Zf542&b.f9oZn(AnG`L*rZCobj5"pt?8@R;D[pHL5D"8gWTmZP[?lX@RI%E\Hi$/-
-!r,iql<6EjrrA'D#Q>]XqDX2inRf&&q"NcTK)?^hkroiK_S6laFVfnB.j#>g>'8)N
-LZIr#^`STn0ooJKMCgjd/+?X"hhY=okoUBt@sOhs_5)Rs9n-[Ypt=]bJ3H0l[IF1r
-i4m2@!dm6&J&N^pikNJtg&D%BdJRY8:PV.NIqt[0T+eWi");-apq>[:m>q$A?gu'B
-'L![fD::.ToW;W]B7Vq$$H)Ct:[faM$Qk3(!r.-7#K/:L?f>Y8IuD&ErWVSu\+[ST
-hi9o4/Na'/G[&(prZ&](4;n+$n5&bKq!$b0)Z3%O/p6J%&9rEXrrA!?5PlXPC[efd
-Hq.tJCB";'OEg63Zfmj+PdXacM`#tnGlIc$J)I)oZ%'YU)LPfZ0?8"b)rU_rm+8<9
-,P]''$;5C97f6Hb;t+j'pl".4It1n4a6abGC**e[nW/\]/pps`rr<N'-ha,+@AWa^
-l)aO57n<)Lc2EXQPe'9>*nN:L!'gFlIqjJd+5j?@0A0^Mh\5ohn:/DA[2t\3:]ATt
-?aHB?/SF+hM=C,s.F`i^^PS;LYWfVfYJPbu+k7t1:W-TNp_2U^m18aA=Llk_]H+/"
-=':0m^*\\Z%h*6B"i$%E+8#koIqp.ZA&\;b`*X#L:\L+QTDVRG%tjl^&3M3,TAn^]
-iSTTd%^iu[iHN7*L`SXMiGX7\)LP!&1uAo#hY8JX#E?GEgKaY;n;i3L9a7$F58&5/
-hL>gpg26;7,*Pf.rr<B)d(]RnHO#:C]F48Mi;We:/\GfW%3*05%_2##`4lKNNXlnM
-X2KJlXhSPq%sVa)1MHX8jEgQV2;d*Xo$?@)NMC3)Ff=St#-P)B-eR0Li0iTV)h>^%
-ZG1"Ke%@Vfi89N$#Q?++pp\0`$FFXP8+7V?hguX_NiAq(>Obe]jl,S7`L:VW-2<\_
-SKh8+rJm$;>(4cR3g/5deMSupGdG9%)1E3$r%IQcO8NkbMr=nn]R08M!5\[8paZmA
-/b,=gf>@"1%n6Gi4qIEii8;I;KDLABNt_<Sa8Z,]5A'?mC#8sa*A2ip^;j+G4n7CR
-r\NBqrXJY=Uh]o0[4fDC%euqidWFpkpfG7;.b-Aj$@G/0Q\BfYnIOR'Qgm0$%;5Cj
-rJUS6n8#mjZtG2ECVSPT6N*N=Hf>F*$2>=s[^5MuiD,a/CW;qqZ_,1e\"4K,T>^Wq
-(.$lN&bpt/kJ;U%\%0nnI<+pVJq"+%RMft.9a=X%?[qR;M``NMh[9-ka'Jr>2i%<F
-i1Cp4In&s@K=k^Q4_IO[+,,)FiEm2]f%S0"]M7@W&ErjIRRY!LrHCfFZdgmLB1onK
-e$Vn2lIu*Sk'Lh%Q+@;NYE&O!rr=DYj'V[-rr<6fof2oC.u_ih%X]DGrrD"'R!;\>
-^:j&lN:l(a*[J;,n[>I%?[/oq<n^<@WG4?&A2`\MBi4m1AEY'Vd@l1g[Y2c#k^%=8
-'5AGQ]@="X5N,jp,Q@b;,>nI@_S]@Q!9@lZiEUaTrrA`;;?$X5_c6X9jD*B;pP&Sc
-pfgqNr'@(P55s/5dj?m):Au`W\3tM"iGe;A=ih>X`?^SMA0_C2KcDVGI/a3;0kk"g
-"kWbSoXi"`o=+,+rr=BGqd=p,Y("_>qPjBs?f]8fJ,('H9E,!#S,WKe.!kmWrrD!0
-YPBN[Zlf7)J$].Trh'2jBY+2MIqE'`,q],sAOkeTriaY)Fmns"72/Tf'N%:5;+20r
-72/Tf'N%:5;+20r7<f()2?*Y%V17j1quQftebS^_\8!PR0AF,<;>'g(rrC`\Iam9O
-L3W^4:g6`rOgtDkhadT[iih&Tp;tg5(OTTb?i)YW/bjO`Hp[e+IPp=Q,4R%uD(FVT
-`X`LWcG'VQ[/U+26%,j0Rbgg^CRSmqr[E4af;q(hTQlr(e9ieD/,mlP[*OUn)U?&#
-eN[`L+5g5<08b2^pn+STBqMbTpVK(#iK(f.g)j2^n&4[T^,5]lg3t2ocG-TEm=T3O
-45>>&>N:]a_u:DMfC<4'/\c#GL>N2bZ0\T/D7jT_!"2<jN??g(f$\q;nJD*HIL#Ba
-Ns2/&n432Epj;m'rrBo3rr<<OJar%lrr@^Fq\T-2rYKeFZhmPtbl7ZYrndY*q[`TL
-+7R\X!!n#frrBoOjF:XqIr0\P)u[JM!!qJQV#LG37K&SO]qKphrr=_P!3m(4'Y!f/
-d/O)VJ+t87mFCaUp71XXm5_"m_*\/%D+hXr0B8tsrrD)OL#95g_p8_c6W!QQn[mft
-_iKKn*e"E?n)08ChhN71n@l[,ZJ4;^T>nSIpl@YYcO9YSe%B\(=D:hY$8lZZ_u:q1
-]C-A^_0J3qIb8#4a6bbD^OuOdZ'Xi6n<;fA`?3a5rX)ffT7Obbrr@V*m0*/J"T23q
-4+&USYAs'X`1Iu2GB<X@xxxxxxxxxxx'%=,bKg?-+1#>AC\pkA57bI^Bj)%b58%47
-rZ]'nCJ"Kerr@Xdq!5m?3WB)2FFM#s2=\_D]KtR2)Yh5D.fGY1;r\B)podlN]LCh@
-(&4]F*s4V3X*B98Sg<h1YB+uiCRY75X'OQHR`;V4?/96VStgFLH[B`qbjrp/hmL/L
-TCKhu$1,2M+16<R:JuLf_4S0OmXNroJ+,u+S4A1Gm#1dSrrCR/p4'9k?eOcE#snGU
-r$g-FA5=7o62e6@0RQO`^6dgY!8>3*5ITI%`kCl*iTJ,5rB'`Pn?7a63.BMh5I-oA
-rW<)B*s2HBBYOcHK>er%:q[\'DoL%W?7`hc[G[)\Hnb>.iEm.1^'`G=0lnT]'%OPm
-!8:ZV#r1H^)Z4FAY-7>YiLfK:!9:g)pqQMfpeCWFHli6g5AIse)rnEH^Y=\?#5G+T
-08mTR8&RQ/p72)Or+#8,i:$%@nMfG<`"*12rmMninaF@4jSc62BE%rDf_Dr6O+dES
-VYi^K%u9e,#5F\)?@ViirrBkd^MSJSX2Vgd/Q]ra&,\q/XoAC=GY@"6N5#sSD9pr(
-b=A2BT<uZ*48W[ibPqPD4qtj5!!MZ:rXjCIp-na<rr<BUDq\.KO2KieIaB/H4CP7;
-;tud=:P8X!pr25%(?=Cma'Tq`/cMFAZi:$`Qi8K5Yl=]>/I1:MLjWRgr=@g[rZD*0
-Hp?X1%4bf8D13g'#JqR6TC>u*LHZkc?OQ0A&,]`&VoN*ceU1<q!!NW&)^_9Ja5Ypi
-N.)4`@JG3.c]*Dar]GQfnYa9A8md=f(&ku!oM=4/`4l`[/9jD=O2?D!KB(Lj^[Q`h
-^&c]s)=)`,poX&OiLe,>'l(Jp^+f=Lp4L'RZ#SbVKAX$uIK]F1nJCnHTA[JBHlMQm
-%g%-!e9j"@$X!2An3=qM'L!jg-HEuq)tgti$a9=O5K>oC;=HfhIg:3Ci;We.mX-hM
-&)&s<n;lohq`=`55IMBp-i6#Tc<h*3BFbIL`B%V/V0j0ZWP;tnJmJfZM;fTfc1)J@
-0_#[oIi&"sQhFGS=n'bW?P`YAC]=BjhCmG4Vt%74XY\"I)h!?(rr@XeHu/9W^gGfr
-p(d'QIa@`&ZS1^2q`g-q^*`X(VKelqmtNrKq`&@,+7N!cK)Yi?:TYR&pfmVJGdBj6
-e,KCUPMuM3rr<Jli1GgOI])]`p?_9mNpSZQLcY!Vp!#kD)V;l2DhpUn9@)7#p8@k`
-5Anf#hmLet:[kje5k'8V^))/^rKFla#K#@%Hu/S9qb)@@rY^4Dn,*p$9^qM3m'R@[
-^Tp)>%5U]QJY;pXrOmXbpqOT[Br"K'!!ppK.\@>up;b1aGDgRH#j>HYTRP/CYW'Nc
-K&7EZ3,3n,nG`LTrrDSqi0Wh\rr<KMi31i:_B(/r%uC5cifNq<i\0&mrX**2>l6%V
-dQ@]8HlqlSKYM1Bpfj=&rr@Y%=o9lHl/3'jlb<[P3UjZ[&.NPSnE5W-!,)ft`K=jQ
-:QPM$hm&Ngg&;2)b9+,mQT'^a+F_m*&GX*"ce9=*n:0iCj0'AG-fTo;rW.7np-&3<
-q\/tST<m_J$h9,3iCCjOM*D3Y0R+\t:[J12qb_gjhB'#uBCUVjG@0i:?Q4IGOn]_d
-n:uY15L&4a"oJ<"m-FNdI!tM)mBs"ogKtcZpcm`>?fIu=rr?fGT8;A2^)M=_`h*l#
-mt[Japp&b,pa#%=^P9<YJpnqhUZ"_[CS-J*+1Uf9r"FRu^CWMKib`nun%sKC_S.Mp
-V4mfIco`]9XWt_brr<]):QRaHJ&*s+D%D0s!!'_CI`n0BJ$TB>r"H&W@/g4Y7=9LX
-mI=CYpsnn=_;6[:FlKV"-a/.%!8sB^%mDB=4nqV<Y1NA[nV31rVo/KjdQcZ^EHm\_
-?P%TpnRLJuUFr>3H;>#qLZ.BND=I@K8`QF-n.5F/'?:kq$@Wlj&GV+@hh1nen@-3j
-&,sY"""_)ZnSe-3rO0IUh)k=ap]^/*p<`bo^,p^]o06jUO-/7Ic/5d%L]/fO0)^d)
-\(&0(c\3DOq#0-c'R6[t^&n(BDt204QboAIRZ6dTrrBPm3<&up3rUT'X5g\V-2TuU
-,5A/;!!qbGF\hcurr?b_flKL34E9@D+2QZTmId,s45caJh[o)1)DobKp`e`sZi-Nh
-YC^,dGO4S`!c.f9LO.IB)DrUf5IHjU'a*Dpp:Uui^,u*/:[kQ[r%S-NJk:I/M"k-C
-CZ03KS"GK,rr?qcfDbj?87*J6"6(tm-K">h?i?9Ti0`@@rr@XeG]q9H?PpF]iQm84
-5PD"n#_1fsIqT:8iV/*a>s<1^;>?43]rn7JmsooH3q99m*:s&Wpa/Mu:O1nPpa<8_
-X]JR%TBn[)rr<2rpj_dWp3P-!;lBO^pku0<*u_j/Hj'DX^Yk-eZp0:o/a@d!\bIPI
-fmG@GJ`Hb1L0sFG^Q!2J^BSP&?1C"oSc\H>M#J1bG>J"kj8T)ileX2_Vh)DiO.QdY
-3W@#?[9(>NpaC'5]HuP:!01,F'L"3u<U`M3IL>;q)Z?nQ9rPu!pZ'llU]1;s^$o@+
-j1c@E^Tp)jA,Bs;7.A6Q4;75urX";<*A6)3Qf+/'_`n_-=5sgGFe*%&Q\%>:V.lP1
-Hu&RCrr<2qpfldnJ`![bloji:ig,;u!!p?Xhh1q/Z3TaFn@.C1L4?T&I;f)sh];VZ
-pb1R/$2D,!rn6f/Tr[s<=8p;2#*GiurrCc!(9=Fup\t5+qc9,`?J.sTbeIN47=9=>
-J,)'b)ZKfj(\f`b!3+$+!EU\DMT)4e7P-.i^q0OGrg.kI^39Ib^Z<PPC_-D#ce8L$
-!*)7AC]'RtDuTe^LP^NI1OoE)V%6qh5PuH8rr==rp4NAFZ#B>crrCOJ!::S0erT1@
-rr==@^[.osIfBDuq=-)Nre`+uMC>3V.&)SIU5C@nMC>3V.&)SIU5CA&!<&e0jHQkH
-PokN@qS,34<t.TGNVd#V6c>T.Iq#&(e%gDBdVeaX!#Kn3i-4Q+iD0jFH@/LOrj1T+
-&GUIhg.mX(=[7P0CV<)4]=,)UM%m=\8r0.'"Z?nd.M(konOD6!m7Zq5_`-Znm@GEi
-O2WaSpcl_Y28C&u:=oCsia$V!f<d,1e\R.3:"=@_>J#/[XH<u!i]\^gh-]YEIuSm^
-f)?P7Abbrq(]7M4D;oL#htTc,*rJb-NUSUA^'F05p,9*_iXI",Do-rQf!Scg<W:.m
-[&kucdsg1_EV:D[9sE-LI&l!`H)!P@Ibt))n4mnT^'N+M+*^l\deHV<kWU*fdea4J
-!6!dL-81@-34St<eaN1CYO0)]^DVJOq"*K8M7fn69&^jMrXqF2C;8ET7!9UndJh%V
-kuqD_BAS-UcbEk+qE,kQYQ"S5\&-JjC9-sHp2/3,i.E,W=,Hnnpq,I&`SZ4b0!"J/
-626T$c[jZ=2uU;b@I^,1*s8nM!/rsmVPirfj5?heIPq%QpkReRKNe,gCR[[-NBC51
-lTjskM>TlAl5K)QWp:H^=,?PH/P+6qchJZ5KmYQ6:PYMUrLuC^iD5+j5L=j:pfGC@
-!'De3!!OeGcf)(\TmSTl6g=S0ds`lnF2OWV5)9#2fR*ej:4oajnJfIag.%.]^P=up
-e,0TWC3KS&n--R\r'd@D>,I_]Qbq)'a8QC;n5J;$_iKFW%)6Oqfrr:X%DEI"&&KCs
-^)qT<rYd#sHI)L6rWhp/LU?LWpeO<WfC9*+F^9>orlWT0Ws]I*/T4V<[<qAKrMri2
-]Y'PGM)i<^rmIDC5AKZ@48(b`IqO7eh@B>+rr<Bi0mlCaZ1/o4pgrH%(WUhdJc$(O
-Z>]+\nA='`nQ)pRHehUpcq^FtIu4.6d.E5j:?pR%<4LGRCFEeTf&>Zf$LgR`S4A1G
-m#1dSrrCR/p4'9N.&)SIU5C@nMC>3V.&)SLj1cQ5!6N0(fD`k+_2nOi5A1D772/cR
-rrDUEBj^Q;fDbjC]>Jd_\*_07!%(_C@"6k4IaB25WVft-jN$;1q&DLirr?JsrrE!G
-HN*1/!8uM5q'Nk`+8q+IZi:%)TDnn)])K'dAmb?[/cPf^8)s@CYKr&Jn+9IG'N%:5
-;+20r72/Tf'N%:5;+20r72/TfGR*Unrr==@J*a-3!WN/Mq=)hBC+C5g,[!l.+H:<X
-KFu$'G`,P;#I,#m%80Pp!oMk5*<<[@!V?Fe;Z?`2l<j/q^Ae2K]8uqO8+rONrr>>(
-n,*R'rrD)DUK,g[aOG.E*=0<f#P/R,^U?"<q?gt%p`";S!68dPf[[b#.B*7Hi,-g?
-!$.j3@oiU0TVeLa!.hUDr-"csrr-GAV7jL,2TFtA\XCjL5oYrVWPJRnK?+;*A9]?u
-:*[S^p-ns:rrD>(q`i]bPYjj`;+20r72/Tf'N%:6n_]?+!9E-%C]=BF?f9!(V]W8L
->b[*+(4Z,s['0?.li-t]?/`Bjg\0Y,!0\o2YWqL+5A1T+<;nJQnmq::r/NrfrrB:S
-U&P+h%q"-Or#6CN!$p1iKDtqVDt\\\!7UrJm2'-\O6k'i!$nDUm&9i2rrCUFnLhNS
-MC>3V.&)SIU5C@nMC>3V.&)SIU5C@nMC>Y.rMI?jPct%N++QTP^HNQ;%7O]MH:Zo<
-m8;9b*I#GAb,WV/'Sg#EAdKR_P]IPD8elkd*0I`M>tNkHMC>3V/!7B3`kEGfM;aL;
-GX"L`[u%l*r"nD>#\lCrM0rU0GWTjA-(=#7NG?p>ZG4ic&`\q[I@'pEH`LqO8aPfM
-p@otljnu)%4jX$YYDlo]8A5miiUcSPrr>FZ+7QkU21O!tpg*n"LX3r3r=@D-_WppH
-rr>HFiHP8C58Jb@5>hF\$`i;hr=Uc;htVTs=oSKKrC?c<YDlo]8A5miiUcSPrr>FZ
-+7QkU21O!tpg*n"LX3r3r=@D-_WppHrr>HFiHP8C58Jb@5>hF\$`i;hr=Uc;htVTs
-=oSKKrC?c<YDlo]8A5miiUcSPrr>FZ+7QkU21O!tpg*n"LX3r3r=@D-_WppHrr>HF
-iHP8C58Jb@5>hF\$`i;hr=Uc;htVTs=oSKKrC?c<YDlo]8A5miiUcSPrr>FZ+7QkU
-21O!tpg*n"LX3r3r=@D-_WppHrr>HFiHP8C58Jb@5>hF\$`i;hr=Uc;htVTs=oSKK
-rC?c<YDlo]8A5miiUcSPrr>FZ+7QkU21O!tpg*n"LX3r3r=@D-_WppHrr>HFiHP8C
-58Jb@5>hF\$`i;hr=Uc;htVTs=oSKKrC?c<YDlo]8A5miiUcSPrr>FZE7WK_f>N.N
-4AY#+(hc)KnB^g+K)>l4%6I/Nf8I%T)".D(KMPkJO0)^Q2n/X]JijS;?aYC#EGKE.
-Ba('q5/BA0go$V]6a!/@.gfu84sn`f%Yds0[CI>4b%+')e3#q"4!o/$8C5SZ`!(=A
-5bsWP5'd+:^Z<PPC_-D#ce8L$!*)7AC]'S_F8l4bO,:X<25l#h6eD',rr<8BJ&sSH
-T`5#Y>Q(2o!;-9kqaK-/Ynt;`$J"STS$%-6d3-0R22u@!5Ju@s4tubQ7nlcdeSd=i
-B'.E-d(FM!ko,'FL9IO_C,Z^gp/]c,lKWXq,r.>Prr<<.O8TPQ)F*a7^,pi9`hWME
-$Qo3bIPcQ66%!kU!9]>3r#cb>oJlb^rrBuhq!J(]cPhl>5V.EKEVRr]!/UmLg]%8F
-2';=<=T8BJj7/oE!"o\"\,QFjC-UYWZ2Xfta5]\h,T"L>rclqB_?"0H!(2geO8MO%
-No0d)W;cjN!lt:q+,qB;OC'$Cq;Y?P!!iahr=2%15Ofl14+HkAU](f4+8Qt+1k4LN
-I!5MikD`"0+;R363;dIi!5sKamJd14)NXYY/:Zl'psK*AM$<G(rrAWJ+7Oe_rrCF+
-nY?*a&e!a/rr>/r5N)UIrrAb5j%'(o(WUInGgq5[!Fu-06]]6Jr(&K$hu*#Crr@]R
-a8Ui9N?@qW?QHoWj&,gV#R-:f%R1jrnK>P-J+L[TrX]GZqAar@J)WbAG5hR*NCWmh
-(-hFNr+Q*1`.IdOrrC@`O8(skJ*:nIdJj3'"nC@I!1l%in:4X@!79crU]1<,$fe_r
-!'G!\i;g._!27Hn8,abMa)Cs%e:5=9A,cNrO2d7Y82$"\r:-`c!/(EoreDST+8Cq)
-*P_F1;?$V%"crTl58lcV+MKpeo>[R)&.9TV*.B_oi^%s8rrD5A8,OJF5P-r5B`A(N
-K)"a5!7)REpcpB[k]-CFrr@lZn_='DSi%VZJ6;gOd,XYkrr<Z>j1#$g4DI+>!3uP(
-TuZ1`rZi<#DuP"2J&24rrr>EI`fL$g094rfnYlHfKEB3nLEDKtplJi'^\Qnerr<<.
-O8TPQ)F*a7^,pi9`hWME$Qo3bIPcQ66%!kU!9]>3r#cb>oJlb^rrBuhq!J(]cPhl>
-5V.EKEVRr]!/UmLg]%8F2+'%7>mfi_cD@[k:=e@.eMM\h%6qcq)EokMO%4Uo5h0]D
-bo5a97+Zg/W+d0*p3s3Cf]kBal5!GZip,)$=sbu+H3G%IEM;XK(K0+q>sWUPON2>u
-Nhr^hX`>NoYa^cQh:e^DOX%5I/B[N7HX[NIU+44^JRe][4nZ#V.6L'!!6[u!YUk:e
-^:!t@KdV\kq.W@m"crTUf"^^MnJD3*/L^V6Z2XfqqUb]\Sg+17jeX'O(-hEJ>5nT>
-PJgi+[%mL"a8UGO?hdNDMuNdCP^d(CrrCAnC]=AA:D&*IdZ<`&+8PB-J)NuY0E,-P
-rIJJY!'U"Yr$a`srrC575Hl\gkJ"A(!/2eV^\MS6p'$NTpX[+KV"#9$!%fVu^p3n>
-T).(<'V6NK!9L%!fG6^Chcg$[_NVoFr3W6r!lt:elX0EbG`2S%QBZl,=T8BII;Ai_
-$;V7`o$WTc$Qo35Xaf;$i\1:7;>l&Urr>4TYP]h37K3A28jBO2J*4PRrr@a#Lqib"
-8+m+Ir:edWn>,Rjrr=W!rkPf=!1s&=rY1qJrrD/W+4q>noA<aO!5ar<?i7:+qZ=h;
-Hg>&6;L"-"!1&k!?s*F/c[BU/!")L6J+D$KljFp2n#_)u8`DE&>#G6LA,cNlorn9B
-4@T8Mb=Y"'/:Zis[Jp5\-]#P5Bh.k#O8Sb'^[S&h(]OIe./q#errAYefDZJU,6%Z)
-V'">*5P*c9rrBp"`*`GLU\b,5rd3s<pel?prrA@LIpcCY!7-(/rr<C%&V'B"O6d5r
-q<tG8iCW#^r`W1tJRe][4nZ#V.6L'!!6[u!YUk:e^:!t@KdV\kq.W@m"crTUf"^^M
-nJD3*/Lo;2QY!'P_qN'PQL3^ZRu<2oS(jpd;2CnYh;1kGEq.$agC-e*N\/Od75?lA
-Rm1dDq(f/."9-Pdp43/CePG2Yrr=BA*<-#[j5P"S%;I!];"ae9J&/BsnkFUI5Pl5r
-!,)<3rBL;/Fo-UWPP3o'Qbm)FGalQN?O],;nJ:0$1;dbb?"ZOpGJJ]`?5W1OXY5:6
-T8A`p(Hs2ETme_D(XR<LIn]WMTjR^fnK*hNh+,E8Se:HB=a6^\Z06L6rLLm`?[MeQ
-"Wt,#Ic(+!q_EOsYl;fEfDa:sDs[l2!!MSprltHCKR`t:&,,bPr;QcOE^-i/!+LGp
-V"h"hYP+#1q`"KhQc'uSGsCeQG`V_Y^&J(aO4n<_DuS/_R6E'%Iq=+Frr?e^\+YLT
-!.o>srr?[2!5^u#!"0&/HgUf^mC==krrB;giDP&'rn%$;Qi3ER!"-p/&)04=pd7/6
-rL.'m!5V1m1uGeB!,2AUT+n@kZG3gI!4>#Fqa,eK3j!n<J)MLL!/6((^%VI+5PEln
-m!mZ[n>ST$rr?j5UW`Y]rr@aanH\HQ:])B-,Q>q@J)I*qRW$s\!475f:Pr0pfjEJ5
-!8=&^rLlI6SQ<MY^[R<a!5cSOhYVepqeept5O;2@<1anT[JnS8rr?[2!5c&:KD*V=
-rXdBfrr?Yt^[P+t9fMJ>!89ZD-cISHm'#f+m8(1id%Bf&X'b5Npdb>aiF)ZcDgfCH
-rO4$K+8.)[.Skr:gA_.do)A]rJ)OOX62P;Yrr<=;M#RI]9AfLmrMH(XrrDF.fotE\
-L\=gC^\4S[IqVXQ-WRADDu:j[!:[4B\%^b_rnES6O8BUi'dpt-m=2KgJ(_U+XM,hU
-ZcW4IKJUPrfqn08'RnM*qg\=#m)eci_ttt]?i*dh^U,Bd'<9[]2uXEh!;KY\gYZr@
-rr?oWrl=torr<Ciiii'jg-!.:htU5Z&:W<nrrBnRi]leXp\kLaBr:jDqa^?jpn_Et
-Q2RobWV56''E/<gC]0b&!!rT)r%&rWn$i,m!4Ls<A,aFH!/4#7=8Q@l*aeVZr$sFV
-5A]n?i=,5up1\mR!!OIOdsg3QU\cfo;R$/Crn%/!qetj.rr<2e[JnGN!/,k$((^-5
-g\h'OgN#N`rr?MX_PHt-rNGpU0Dd^-'pli\[Wt+,L3SdV1qinhJreW"^Mj,!rL#hu
-=FXn3C]=BLICJp'rr@Xn>5nS7rrBo#rr<E3qg7`0J*jcgf`(rV5N,Lf<W:VI8!j1D
-rr<DLiXad+TD1c98,\l_rrBl*m53_0rr?a3bb#TN5I/&3rrBGjg\X<e_)e]JZ[^pU
-rr@b*rOqq)!'g24O6hAKTCAgD.fTKarM.R8c2RctAap#mSko8-Sg46Z07VoTp6opS
-rrBEUAl":b+5(#TrrCcFD>g.mi13o`ft[$;rrBpPrndO%TDNLrp-7n>pf*k#J$o:'
-jo5<mrrBpApk/:d-iO\'&cViCQbW#eqb9$:rrCb;ZR<^B&+$LeJ*g%?rm7;,:9.ag
-htT_A!9%>c!,m;#ci(<tq]GMZr$kL"^Y8\fB_)0'Z[^q:HpRXBPQ(UgB8HQfZV03N
-./g$4pAY-[+5)k;Q&#'7p:p=!gOEm4pa9(Fp2BjRrrDPmJ%*/LkPj4urK$ghrY6g"
-?gW?MH%4M^n>s>HrNjWG!/*/HJ(^[er"OV/:&BG6O6k!Y9#LNVqd95!mD$"Ur"H*^
-q`"KdrrDgr5MP(6oD\f-aSs6YM>mP_PN&e>^Y1fbm,.S=?P%\>jSo4s)<*mIdeE_J
-5A@"n^\^OpAGE!0rK[>brMfMJg(XGleSG,Qrr<?)!;nAimI.O[rrBLgIq/Jrrr@aE
-nQ5Tpm2fX.Du;+=Ld,_HJ)Lh++80Dqrr<3E[*sK]rM06FHr@3Jb5U#leGF1O$3'u.
-lF$W9rr@_%rY?%<pY5WG!8DNYZ2Xf5J&8#VX8T6qO"^AhrY:d<+1?GZn:l1Kq_Z"d
-!.p9cBtnTcdJ]Is.9M(2Ir#&aC43SbK`;%(F^"eFB)_kJ5Q:]k#Q&l8rdX=G+5$Sn
-Ys72FHr^0tqa["OS,WHqbMj&e4J2C94@f@>%Ia3/Kf%\rrr?a3bPqPU/3gGT[Jp67
-525s(J&+3`J$XX`+9)=pKDiLWrr>:We;rsGfUqZ44t?R4C]1$OrltHCKk9cZm@I,O
-+eBqXbqFS)Ua`2>^\^Op?hg$trK[>brMfMJg,&^7gM?bWrr<?)!;nAimI.O[rrBL'
-Iq/Jrrr@xxxxxxxxxxxxxx;+=Ld,_HJ)Lh++80Dqrr<3G9fMJ>!89ZCrrC!\&+$Le
-J*g%?rm@A-:>9.BhtT_A!9%>c!,m;#ci(6rq]GMZr$kL"^Y8\fB_)0'Z[^q:HpRXB
-PQ(UgB8HQfZV03N.10e(DuS/_Qi8=6Iq=+Frr?e^\+Yd\!.oCJrr?[2!5^u#!"0&/
-HgUf^mAV2[rrB;giDP&'rn%$;Qi3ER!"-p/&)04=pd7/6rL.'m!5V3):&BG6O6jXO
-1;iu>qd95!mD$#@r"HNjq`"KdrrDgr5MP(6oD\f-8H-[.M>mP_PN&e>^Y1fbm,.S=
-?P%\>jSo4s)<*mIdeE_J6CMiIrrBEUAcDaeQ64degA_0,T5FP%5N&*@^Y-BkO8f3s
-_>`<gJ"QUQ8+o16:\[n]'n<XjdH1B.B)_kJZM9(GcR8]'cOp0WAs^:%;A@T/hu0>I
-0DnMJrlY5lrm^g`m2>p("RWVrc2RcsJ,U2op@m>>rrCeO5I(4g@Xl7jpoF@sp5^m(
-2uXPY`#lF55OaDPO8CcIrr@Y4VOR;Z!::l]J)Y$pp/gt&p8?YpB[?H$D6NYOr$24A
-n?@DO^>J,Qg6)>pq\/rD-cKH[J$aKNft[$X^**B\ao;?o1W4drV=4<rKf%\rrr?a3
-bPqPU/3gGT[Jp67525s(J&+3`J$XX`+9)=pKDiLWrr>:We;rsGfUqZ44t?R4C]1$O
-rltHCKk9cZm@I,O+eBqXbqFS)Ua`2>^\^Op?hg$trK[>brMfMJg,&^7gM?bWrr<?)
-!;nAimI.O[rrBL'Iq/Jrrr@xxxxxxxxxxxxxx;+=Ld,_HJ)Lh++80Dqrr<3G9fMJ>
-!89ZCrrC!\&+$LeJ*g%?rm@A-:>9.BhtT_A!9%>c!,m;#ci(6rq]GMZr$kL"^Y8\f
-B_)0'Z[^q:HpRXBPQ(UgB8HQfZV03N.10e(DuS/_Qi8=6Iq=+Frr?e^\+Yd\!.oCJ
-rr?[2!5^u#!"0&/HgUf^mAV2[rrB;giDP&'rn%$;Qi3ER!"-p/&)04=pd7/6rL.'m
-!5V3):&BG6O6jXO1;iu>qd95!mD$#@r"HNjq`"KdrrDgr5MP(6oD\f-8H-[.M>mP_
-PN&e>^Y1fbm,.S=?P%\>jSo4s)<*mIdeE_J6CMiIrrBEUAcDaeQ64degA_0,T5FP%
-5N&*@^Y-BkO8f3s_>`<gJ"QUQ8+o16:\[n]'n<XjdH1B.B)_kJZM9(GcR8]'cOp0W
-As^:%;A@T/hu0>I0DnMJrlY5lrm^g`m2>p("RWVrc2RcsJ,U2op@m>>rrCeO5I(4g
-@Xl7jpoF@sp5^m(2uXPY`#lF55OaDPO8CcIrr@Y4VOR;Z!::l]J)Y$pp/gt&p8?Yp
-B[?H$D6NYOr$24An?@DO^>J,Qg6)>pq\/rD-cKH[J$aKNft[$X^**B\ao;?o1W4dr
-V=4<rKf%\rrr?a3bPqPU/3gGT[Jp67525s(J&+3`J$XX`+9)=pKDiLWrr>:We;rsG
-fUqZ44t?R4C]1$OrltHCKk9cZm@I,O+eBqXbqFS)Ua`2>^\^Op?hg$trK[>brMfMJ
-g,&^7gM?bWrr<?)!;nAimI.O[rrBL'Iq/Jrrr@xxxxxxxxxxxxxx;+=Ld,_HJ)Lh+
-+80WRHmJ["]IiY4ibk%NT3M)!j1g:s/+EW0$sjuN'_oH$+--!l='"gmkDH?`h[WG\
-HiWrbnWqqHrZek]pj_f\4"Vi#;Ku5jEc6[3!#+_+&+*(]iTH-#[%Fe*U5C@nMC>3V
-.&)SIU5C@nMC>3V.&)SIU5C@n^0LWH^Z<PPC_-D#ce8L$!*)7AC]'S_EW6"`O,:X<
-21PW+V%6qh2uFU0rr==rp4NAFZ#B>crrCOJ!::S0Y+N!>m19+/VtSQ$/H^Ef`;VV]
-W;cj.M2eG,QgEi6!!L2JAc9+<!"/U#D*.V_ktQ,=U%)@'K3C<<]PiS_'2F.n,kst(
-2uF?tp@FdI+n.G+4[V^6C]=ABF5g9g7Jg<e#Q9V\%/<IonYc:8DZ`N"5NBJ_W^3KI
-h\5u4gA"V+0#-?5!9b=+LAXWBl5HRS4rAZ<nI=?[%Ypb4GZcT*C]=AGkWB[#0DI"E
-_U$l<8+96fr"T/2`a8arA02lj<W<&QdB3<pd68TK:&*-57<fck4pLcoi,9"ue&PXF
-rr<Y=0A1.!BD*.&A,cO^LhQc0pgJC*99!<!qRtL6r&=,W;t9%3HrusHd_"uCH?\^G
-rr<GIrYb&$(Qn^tK_PH^fDID5pAY-j.pn4ln>!bWVuHbU&H;``hu4M2rYfkW&23fj
-chLjSf\bn"n>H9diGAMo_SZ<QKYRL<p\Z8Nn=KX[`ALm2m2c3,"_dk)rr?^1+8195
-/mlZ6n@a8\r!!&"^,Pfti<R?JKDtonrr?Zu+81RVZ6+Ydr+kgY_]Jro1AkPT2ktaX
-pp]rY4*qA4X_Zk?V=@LNrWg3-ic^Zapk-BYA`fr$56sL3Z(J?=NrK)l&(sJ5O2NH\
-/po;AYO,tqBQ*D7p4'LKSUYC(Lu0%3;r].u/)gL.NZSl"ILQ-<nB\m04t6KXT*YE6
-pg[Wi[85LhiFg%k;rBj;!3j%e``AEe`J0c:p#8dB.9GkKiEt6Ohu3s%WVh(hDSK\>
-XTQGS,`C\aLAX9rD]*9TVg-D)\j+)L,2V@s?4cVW\a]mM?aKN[Y$$!"`Ej:kn<=tB
-n0a)9ehg/Akl)XQ4?]n&l'rNCrr<4Irr@Y!po8f^`SjVH>=%dj\&84Gfq7;;m>^*g
-CVmdppmpDO$b,KKq`F^`n]/F`MglMT2r`X(_,pUQn\0XKHrB`ZiuJ4lZLCnuiZ3Bd
-H?P]nir9"6qF?Ej(Th@W+k694rr@Z/J&+%8;8'>$ZnB*'Q(dD+ZT!cSBB/<]g#Mds
-ZhQcS^V^!N[Prp<)riU)X2LVJ^,Fep)Md8V_+b0oT8.fBiHsB6=ST5_Ig0W`4SP3=
-?]$Hm4^12A%??_>J+-C/gWja4-R\7Bn[nM=?\Z>b\PL&Vpf=p"D>sSBVu/'kpdkDb
-iF2Xjn.3C>q&DWX'_0NC5P@>>-Qh+#ngeIIg)o!tfmi3mD>qqin6_%0n61=p9AlG\
-I;_pVc/To@<.>1d1]&G3^U8!:28>"*$9rA,!!.Pr4s0:nZhm_drrB?*O#FKE0R0Yl
-4jn7*T)i]a&p8%E:"+J]J+5_[ie@'VV5NX&^B18,7sT%CG#%o*rX1=T!GNYFOak5H
-nV>0A!<3%P'?@fqpi#\<rYC:U_>@;]/H5^("6(DZ5Oa7(!5c+mIqbPM=MG!O1&h4^
-a5AV-^[SNk1&h4\fAa"$"9/?.gYmY#/Y4Hl!/*GR)W1H8*^0N'KPS:$!/IJ$`..9h
-J)R!6iHZO?:Oh>OJ&<ddDuTgS[J7H8!"(ge)Lq_u&,8m!!9'G4iMSp!!ri7TD#XKh
-p&0mLL&V,[J,U50r%'Mr9E,"Ohg`L)rr<Aor)6V/qb7"i_+?k%YLs<&$/gl)IhT6g
-1WGRT,k75Am;'Q\%fQt9DYWb]Ns0n:pj]6pkoMGOfC:LZp^?TWia/bV\)A[!X'Z;j
-IO';1[.(h_[2hb5f;u?]B):].?6P5"i4NS"!!RWI!.oXo'>jbL[(hUnhqD:#\aWtm
-K:r4g?7PaKir8ucpc%2VO*iV>?OQkc3dupdrlq#[nD:q<?Nk\88bf?Zr)D*l8"o3o
-5-aU?n&JU\RA]=NpV%l^dB/>L]FXBcrr<41pc%,,KcdcYrLS/FJ)]A+0A-Th+71qb
-C0,_*m.^BJGk^oDn?9lnJ02,k^%&]*iCCk:g-<Cp#.+(.U$LDN=m2;UNk>a>n^#*:
-1=J,J8Nn-;-B7O6o$^$6&)]DE(=VtMeph1Trr?_>g,J%5KA[gir!31g^L47(hmVs>
-iD5/W)t1Emn7T^)[thiH!VkR2AVZ#AXSa[19j>TJ#E(HX)8gBfgA!=*plVNM7o#6(
-0-9DIIEfIeg%V\+TC>hkfo*aEIad"XJc&fWr'KpDm&-M(C2]!D,La@7rm^eRm*4H!
-+8cQB5C;pia$1(5/,n+l$3(!<IuHSt49_p5=2V7G>'T@!ddK;:nL)3-p$-cGbMf@U
-IOWC9r&`F'/LUN*8c&hHpg<"RVst_dY(P^#>JqThrr?V[MZ3Yi26R+,+81HaOmjIN
-5+h^\C"c;%_"[WWqa3<XNsPM6i$O$F%d-m#]C8jtqbgPqcTWc,4<&dDGi-JH"n5!F
-Y1l;cHf;a7/!oTKiie:W*s8mrNEZ:aN@fWoNtm,`EpJ0"p_EZnGW4RXIb"E,K35Y6
-rr?\iJ(b^Xrr<D55Cb\b(@NKpmoRB?$FKSr5.0F]kL&[E&SpAFT+L2uC45Qj&,7ST
-lt>eqp5e\jm#U[lj48k@5M@XIL4Sj?`1IN')=&=cn[%L%3Rb\rr+`S:T0=<#pfCV&
-nC?]Up!%tkpn`63A^?'PrGmB%G^mU,=,B*epm4LurY]rZ`832rIRs8*rr<50rK?ek
-f\R.m(\VnEa.W5)`kNQZAoHGUj#?<nV>.7Q?cMsb$iFW,:[B1mZcAXrpnqQ[>:\#-
-GV<+eQ@\!X>JZM-lP@2kf)?WR4tb<Z\;S.+VP/'NB6Ff;TC?&\fe2=C5O@dsO4m[q
-*eWBXN#jbQRD33\N8M!`GT5UK`r?#Mr!31jHrKoTpc$)/LVp_7NLq&p*t*>n!9%k_
-ae3n-`>[OP_,e=X8&_)-l7huklU(,2Z)UUYh,dDB/u?2[!!Ni1^OA+jc_%U@r"FGN
-489V-i#N3EJ%)nJIQltaLW3,GIg8.hIaS!V_`]+"Do8+R`&='3*s+V7Gk^/EMY5<j
-9mg+(T*rQr%uL.T`D7!=)rR'6Zk!rIj2\`BmtE":4A4VHK>=,K>]9Ba+2nbFf:Nel
-*.HI"%uu#lB<Q\)n9Set(&2qAQX'<LWqcSoj6r'.-@@]G4n-5(Ig3:[!/GXn?h%LB
-^E.WXi:k/Q7n<>IiL^3eh\&l')BH<+MuNbb=o9i@#DTm&XDc;^!!S\eJA:*pg$-6g
-I!t"H(&VS3n&MVcIL#XPi'5nIp9+1En]1VEJ*arKNA&?@LE88H$fGrT?6T*knA!#Y
-$oHiQkaj!g(PD]7GRqXi+o_Oq6WCD^StDoepek,CCVBKbrr<3trJ:IRB\seW./8/Y
-KB&*a*l%72^fpKNO+A4(X74a#pOW5Qn\`9$%amI"Y'`L`^((!8nb7RH0C[TQQ]HS2
-fm'7:+,g.!$G6])c%"`._AuuSnZR`I-?qblRf<B*Y93#C)XfQ0g["QRd=5hfrrC_I
-f>W2%n[HPG&,uXHZ2XfWn%sP[rW<"Ipt;G?,Q@atbB9dMnB_(MYJ`)Hrr<ITEU_T<
-0Dm,>>"/GkM/@b$F*PI8^LQaqE;VuO5/H0(b<HPCHr]^?rX3H;-/8>&rM"[:q_`b2
-d!U!+K>G=/2smsAS+^i?*;h>^hr4$SrrBEMMLT+H#5Ffepk`GK:ZE5(iGS^D/cDR=
-%gDa'7"k?dfCjF`Zf8)VD[+q]hC-eE83Au1C*"\M:P,5.>>Np)j5</gmGa2\=5t?S
-i*VEa1B!WU@Xj?oZu^I2iEsV)!"f&5rLA76qe,[__]"<J]+9mn(pk@mGlId&DsYT=
-GgjVMgrI63^U-MMT*jj;pbqG)nOBd`:Z:,2:[p'6l[Kkgi2n*-T>Q]qIb7_o$m3O)
-++/M6)u'[3K%@XYl$`a05OnaAi,tC*&)$.(G-1;\`Ld8qBDZ'2J)K4Brr?ZWLE8Ue
-dB%Hi!"Sd^8_3fbH/]nOGe[Cfn7JNUMiSpd4q>-o5D6f@>!IXh&p,5j-iX1(4Afsg
-HiqfHD'+F\(]GiXU=8gk5I?3^bt$aR56LocAo@d#d_?E5IMV^6a+(C<L[]rVLVcgi
-pj:"kplG-(nOLR%J=d)>IgbKWhC84mi\-2c[@Y"g]a)9$paugL'5GkP[uS0RlbBeZ
-^YmEAr&sgHn>G=?ZR<[eg#Mdsphf#MF5TR.rr=/*h[;UbHu&LknGC8`#.utd#NHoC
-:D3Rkf!IXL\&=>\Sepq+K=!d/?I2K(opm;]>gfO_qVV!lrO'??rm\N7`>o'=pPeeB
-Y8Vd$fDI_h^PgtX^*A"Ypoj0?is3J-8&ejOZ14`DmQ>.OF5s0MIN3`5cnl7PpgX1Z
-Ig#PI;"0,Z(\*.o>23F&ehp*m%r9O+^J',m9E+uTJ'[:b1ONg5Xun`A5Brp>hr;D$
-^+OYWi<@e`CT6TK[.^!J4ZgYj!W3J1c`$,cHf=u)MYB:?nJ@#\.Jt45Ho9lB(K's[
-j0+NY'ttH.2tg&BHf3O$PK,np#D]r\F_TgVrU7V<&3Mu5Y7(,D`r686:4qR["o-8,
-dJR#'%i>"B=O[18iI;Se?c5!R^9=2SPJ__GO`brFl^A<oUu#9iH9SU2?/95kStC.D
-HY%1[[.-cGP2EZR\T)in!!OnOMtDiZ?<A?%ZqX"/"0&r<gIjKl[Jp416+3BP1h6%X
-;NA`b<Z>^_eJI1WK3qV_#d#2hrr<\`7?>@$$,8lAU5C@nMC>3V.&)SIU5C@nMC>3V
-.&)SIU5C@n^0LWH^Z<PPC_-D#ce8L$!*)7AC]'RtDuTe^LP^NI1OoE)V%6qh5PuH8
-rr==rp4NAFZ#B>crrCOJ!::S0UL++P,kr&3Du:<=p=\%]-$Zc5*WaV?HpOpifm'./
-qQ?%@SM@;-rKr(B?P$Q.QC]>PoH^`&=7H4iKR?)F)pL*"FeMBJV"dS`ethf=Mep$\
-J$+"ueUQMMrY,6urr?mH"FLZ_Zi.9q#CINdOo$R+f"VCg!,Silr[cX58`4NC4p\Ul
-TDL]br]QW^?PWP^7I_V]cFr4u!T*$$:W8k`?IM"onMfF1Lif1p_RJ7OnNaGM:PjH`
-WHg.R4rnlhic"4(q[!2QrrBEMr"Nr?1tR+hqZL]l[QVPM(\gMik25+kL-0b?O4lPN
-P^a#&dIi.P^Y9RbQEB*dHf9FSn>G9$MRAKWV>d`tpm4e([9j>,KmXn^i%GZ:T2kB!
-L7b]:m!\@Np9+28qa>[Mp5K"OJmJ0G9DGF^C&"Isdag9?g5GZ.phTDdp9+0dif=[e
-;#%BV:P-:jIatkK[3rjrDhcsVL&>ZSUZ/J84qQuq?NbMr8)WgCCZ:mX?69aO?O1n;
-;Ug.fd/O+(N'FT@RIMN<HJcX_paI$GiNN#4^cE#('UQY-47URV_uB^k^)6gZIqTo4
-Ic"H3rLlCrprcn?X?UNLDt\_OI[0Gein(uj-X?G!08$t_lT_`<O/Kko"nD9"X5L$_
-A$)V`mli`2!.oUr%IsGu_QW_^YCsVErnfs0:QLCi1]IH,@d"jnpf6gdcf58siSe\q
-Ia&rHIK\rnZi6H`931QVm1]@WGc18X^"%L9nS>u;YO)8hJ+4aRpn?ZmN?/)hGDGk[
-!ViN"T7[b]pg.fM7f$?_U]$[sAoHBZrX!*)"9&V3GPb]q_V_\unON:KgO*H,2Z,/r
-2o7e2*X;WEKHKoF]D2&urrBn^q_?4i7I,TD5A`Ul4Dgqiccu7.EV?"@BcdsO+P_C/
-ll*?eFR1+(ch:Z>)uEG/G5.X*6@:Qg!.p%+c6!-NC%6]P$/b9frX#:g[nQR`UNg#'
-B8.A`8&R%tpp\9>O,H1Dfm&#?L\M%Qr'0tai9aU`T,2A;*I#K6f>Oit?0V>-]8D(=
-kk@7BnNGa6nRep'!!J5YR?-^RqfdM7(OtpRDh6Iap;6S6rr<22pa(:I.ut'_)F+!s
-J+2c"LY<i$2(oVKG^<`N-85-dJ)P8E!5aN][]=nPc)u:erY8f6-]2_X2/aK7!5]n[
-?6@Po!8E"s1]IH,;#]$1!'b6@K_f&6^LKL]X5]K54.tjsrr<WqBn(gt5O@xxxx`Ma
-qB*[lIu`,!a2Cac>GdD>08MXun&=aGQQ@RM[GfAO`;3f6iu!.Gj&#_)n@shP8+D(`
-r[n)]5N&(S%6ncl')Yu/M=JL_$D72EGXLId`:)>?_Z'V@-]B^m*IK<`Zk!:Q_r5h,
-m2,/`(W=Q[_EKUNZ2A+8C&\0Gd(Tg2Mr?mVHl8r/o)A^3ebh#ZT8?5#]fsb0^A)WB
-pRek^r"J,aB)STViU<CSrr@Y4Hk,psrr<Qsrr@chqfgaF4:U9\ph0'j@';Nd9C6&(
-a$1&`_T2ZVK_PH\09*^'kC:@[rr@b&rr<>VMLNtQ!!u0n,5Sd6^$sME')dm*"THs/
-)8BjG%Xuftn4UM;l$jEI!,Xq7IbIuFVu'>?b?k^-1B,h]$2dZ[/SZ@CHqEg/_9^iD
-_tKo$CMiRq61DXK4qrBEnRo]Z6L3Qi\Z#EHeua<uWGBE2*in61&aEP\H2DH-aM5"S
-m6CJWpf$n65IAK/'B<3bVhG'MArV02?h%L?^Y<P^YJX`%-f@Sc^5;AQ`?,ie:P_1K
-n3?h-(VhV(iVrnsY6SgV*;J:Ic$REUQ\rF]Vqq,/ho-L&Vhb1#F5^IAl8lu1+1*^!
-'-$XWq![`;=8ek@8cJbo'`F91*.H=C#!<.f&9p/-"S'OM:PQRfn1V[$pa:Rh0kZ;b
-mi;6qZg\L@xxxxxxxxxx^jd#FH/RS<R_OWj$1Z.8=8r7-"2jt1Zf'"K&GX^DpiS<H
-hH0DNphSep#_0Z`^'FR!rr@Y8rlSOfrL:R[UOGB)[(\0j:[luS56:!)0_jPp^Z'b1
-Aai(*rr<N+IrjRuN&i'JA+8BkF*J52*^'4CidVs4SeCQ(^_sdO^(Kj9NIDo6?9W4=
-8^opMkhd/':&b3F62V2A4p:l3T<mF*J)IBBZ\O*Z(].,0bocFM^O\VVcDU17iLbh:
-IH#bO8cJeKR!oN/#k2bn^(4Q6^U9EFh(.GbKB"O6i-qA>nI*-=5LFp:l5E-ci9uKM
-l!?TY[^)LR_]H5UBDr3[q]br*rMfesCTlHP&)5;$;Z351rrCbKi&C&6n4Ub^-g]lg
-lG!aEHuK#b%6<qD`P2hVnMfiBVYIdsd.i[kgZ(Nr.N:SUpugX\M6pWDrr<GAAcDc*
->2Q\GJi/UKT+H-YFmfOl=BY-B,l[jr7K1NZr%Ro^n/;i4.Q>01)rSd(2t.dc$*!De
-p;aMi]Ii&Whhg(Mr&XGed!.KCnMfh/j0\cZFFOXF!WN.RMr@H_]%gUBd=*Nl0)_Z^
-i=,5eKfjdb>O'q.S"s?bHUIOsO8(*Cm*08<YI4B1_+6`p>5aBY$cRVq!!TdDqaH9k
-U&-"]rrD",rmUh6m_$l+C\E8En+]2]D>*u0N7.&NTC@V\VsPQ5A,cO^IocFohDZJh
-rL*%;i2:d+n58MdgJd$QWNuJTYQ"T39AbAG*[L535@b[>m02LANnU,DbHH_BHq7VN
-rr?\]_@>OD$X`Za?N[4Z5N*+B::YB(\GlQf+4[`V:WI`Fi/iEjFKY[l$2>4Ln5\B!
-_TUjZm!\AerX,FiCZ%[AWI-MkZ[?-/HnYL""WdAVnb9h*0#.2;nMl!K<aH4)p:]rb
-k3Ks3e2L\DpbD8R:[p7`$[cril?ZflU_im2K_s(%J&*R`A+,)B0td%jQhsp8_(P^F
-lFNn[dJFs^$2B9oqgEq757N*Wh*8gV-iJl#"RA:Yh8bSj#t8e0>l5GLpa`$88FU!'
-98ua,=+I^%^PSD5[u()"pkJJ>IjUH>a3f8pqO.4KGYe$Gps]+YrkO#l<T!2Cn2nIa
-p&tBqL;*Ot_jc]"GT0Z_!/6L6!"Bb6O&5UQWVrm:o))&+^Yo1m!/5@k!"-K\g?nn?
-S)Ji4Ir0\P0B/NTj8KY:pdTCC7Lt-a,Q@`Hq#-Vp)ufoS3e(T\fUC"_$:4/@Hq=8;
-Jp2[p^*!<Z^(Ym7euUtB4;"]C:\\kucf<p%TqQj8p`10k3urZFn/\Zai\-3R&D+;8
-%=E<f:P`H0qu_B,n`#HG57;_&_=O9#J)Hq@ZT#\Gg7S(frN?&err<3Fp`8@DM*D;2
-CL?icVsTc>a$d>>n2Gt^&b-[sJ,Bu_iRE>c]MYAM4O\5_3V]X]p`\Q[K,P99]h7X*
-ShKUea$1.1P?77/`(BVD'R465:UmXug&!4J_*1(qDqRAS*A-ugpaHH`mhgPlW5%<L
-he`0YLOm)arr<G-rYmZm(2roEg:YalHM@=eTD2A-f\SO`J"-H<$3(#',sUmMpo!L$
-n;%#D@qsoS^$!H)fVA./ps]6C"YKL@rr<3<]D]'#AM8Xa/GL=IcNSR-pK.,6g:+tL
-g-ajiLV=Jt&)n+S2*ZeE)nn5Pqd!sO#(0k;583<G*V$RpnOHHCp.!JZ-gP+>^)cKG
-Zb=DtI65<;&_4:V5%s^]rr<1urK"^+mt!\:^Lk4ermkHG9=OD&\+#UTc1j0Tn(J`#
-?a:3[>Mo3(2hQK2qaG`kp5nclV>gORIqt$&p:9\TQ/\?]iBEI/pohR6-G$JW,N)il
-`h*\='mRp\lrmc6b@K,1NshNlrr@XKrl<n&4C`ZsI4t<"rr@XVr,'u,:YDN:489KZ
-%c@!VrK)IHrmeT0L\ssF&c;sdIqQBS+++]YhtFVU0luhc626T#^P%plT>[o6CR9Ma
-2%+=9r%7FJlhLHR/&RFBpiGb.$3&,_"+D7Vrr<31pbc^a!!Nu5S-SD'rr<37pp^-+
-HtE*MnF'Q.]IZ9]DZtB\p8n$TYP^NX]j^EZp5b.*LU$V[iQVVE?75Mjiu]%]<nG?`
-Z<rU!%0o2gLPpO#idFbD>)%U.Gh0pOr(6ng"Ru1*nMe9kY`H\?g,o9@Du2M0^'jmk
-5A#u2+8.jKIM)?6_VYU2:ZKcP5I>@q@it&Y4PIfaj1j;lj-Gth+,aJ6oUgh%'KgN>
-GhkJ<XEZhF\qZ3Ek\ot"_:IHEnID=opc$/Vp`prshi*$gr+5B\iue16GP5u_)<i74
-:B(=IPPtl^n?^,`"ScWgDZk;p^n1ZmAO"m-8,]0i?P\#fn/mO;CG1KIYJcK[?7".:
-B8cci%:8A7*;G6WF2?]Ce,1`d*r>'8HL9"K1d2lWM"hM>5M;[e#OT;+!!Nr4ZECrZ
-:P%6qrO>)NQbM5Dk2XCO#4V*Z.NeFrc\-cZrY=^JC@Q\D&iF%k9L%J_rr@^r`nKh[
-!1i(u#CjT2rr<<`MKHIkmD&!^>>`lDJ)NeF_%cO&$i#Xr+7Q%Ti0SasK(Vib9(>u@
-4<a_)$H)R:ZLGT'ifAjuJ&OPq6h)O[Zk)LO[&^le^m\-qgSS[g`hdArU#Ctnr)9o.
-\?WJ+/W.%:+o$iNp9Zq6n@ue([su3n!83k8;",9OoZmeLr#Yg.2(s[`!"6Lg:M\n'
-pe?-!WVeufpus/dFaH?*T)msHD;a:cpg!T4i"*\CK:fM0_g`5F1;345_Z'ViVr?-3
-&CnEN&%m9NpqutFr"8E^Sabs\^Df?AG[J=Z'E8&cL3YB>^,5V/=OlgsH`^Yq4s][e
-M`bk9Y7u5j<UjFT4F,q9(&3"4LQ)3\Hp[AC[B=c7`ni](IO+^Ca5.ri]N2a!ef3Qi
-NF*<G,OllT$=WfI8`2fNG^m`e2Nt?0[eb^0KmZmuGah=SFcAKVDuTfhNp+'^V8O9J
-MtLk602o4,/EG7P8LEqfLTVu:Z<]*G`-s/Fd@Wnt8*_00;+20r72/Tf'N%:5;+20r
-72/Tf'N%:5;+21#bFc6[r0^XRJc>^^\beXAlDO/hJ!1t6rrD,!nLsiqDuTh0U$MTR
-rr@[\^Z:j_d!ta@rm1TEqLAI<lh@%30C1Rn.f=ed=Rk:f084K4IPcBjD)1k)4q[RT
-nUKLU\#e67R=;tji]I/?KHCbQ"ZM:):._7::4EhG:0S*8[apU/D]EaEP(1BL^L9q7
--%?OlnL_Lln,A,X5N1."Yc%F4^PO'-QJ],prr>GE+7SR!fMhd+?c8$'95iQHrrAc3
-O8*j!lm_r77'GT?r[#&@Sc8];%7g=WX7d8-!2<Qb,Q@`Vg\/qm!9f04rZ,#9$@gGR
-plYRVM/E-&J+Q**rr<P/rImK"Q2F2Q!5u>EZbQ>[W;cjQ<IVfWoLf*.J)X[]g#)`>
-e:5B9^L9q7-%?OlnL_Lln,A,X5N1."Yc%F4^PO'-QJ],prr>GE+7SR!fMhd+?c8$'
-95iQHrrAc3O8*j!lm_r77'GT?r[#&@Sc8];%7g=WX7d8-!2<Qb,Q@`Vg\/qm!9f04
-rZ,#9$@gGRplYRVM/E-&J+Q**rr<P/rImK"Q2F2Q!5u>EZbQ>[W;cjQ<IVfWoLf*.
-J)X[]g#)`>e:5B9^L9q7-%?OlnL_Lln,A,X5N1."Yc%F4^PO'-QJ],prr>GE5Q2[+
-q[%c"-hrW"!/YXkBn,bD;?$V+XSmgek`bp5rrC!HrNs?9,,kMALK8l@?h?qh,6%Z&
->Q3>`r=N"Y_lH"10DZso!"j_N/cPff0E-d-5N1.bYa>;$Iu(l7QN$rnQi@%R<?L_q
-ce(niM*Jpcr(DOo9E,!d.Za@IBC$rE!(<I=0E*94mA9g_d1o1L3j\MmrrAchnJD3*
-'&WE2rrD8?U])9:q[%c"-hrW"!/YXkBn,bD;?$V+XSmgek`bp5rrC!HrNs?9,,kMA
-LK8l@?h?qh,6%Z&>Q3>`r=N"Y_lH"10DZso!"j_N/cPff0E-d-5N1.bYa>;$Iu(l7
-QN$rnQi@%R<?L_qce(niM*Jpcr(DOo9E,!d.Za@IBC$rE!(<I=0E*94mA9g_d1o1L
-3j\MmrrAchnJD3*'&WE2rrD8?U])9:q[%c"-hrW"!/YXkBn,bD;?$V+XSmgek`bp5
-rrC!HrNs?9,-0?[$%BgBZIeI3ilQRnn>"rZ`gPjcV!9u]Q\p0!nN5ba`P#bKdrg@r
-4^np1:[s(s099W4[$nWCd+W6$INFD@][SKtXKJ]P[<IJAWM57uU5C@nMC>3V.&)SI
-U5C@nMC>3V.&)SIU5Jbfp>Z)PP:HO85O?udBFk&@r[k>EAF[_<N]nfi!3k#R!</3G
-Ir@R@D7@BS"+3u@?1I(7`juADXsT:imspIs*C@d"o\-_@^&(/)Y9_mJR"XJEgWeAP
-J!1r?ls,$3o)?\%!9>HPJFihHPEDX)_kH]6IoB0&luVY%%X\SVrYe7t5PC(+hm)(S
-/0FY\1en9m.o.0Kr/B0LrJuC.Ndp!kd6R)Y.`4K-0]O4eAtXY,"5k:dnfqi*L6nfh
-Ndp;K?c&LTfaH^d3<&u3+%I;ode*P>kMu_=rr@d?p^@*%6:R+;!.rB)r\I(B1)I`5
-q@YWGr"`CanX;]$OM1er!76k(J)IWMrrA#*rr<I]n/)(WN?eH'"dU8.Arl^t07^h0
-,\\@q/?o-Sj"u8'+aaIn!21W.rrBlHL]7>lU]),=i%P$8)Fsc7/3ipS+7R?Y!Is<(
-dQd5(@K->IB`A'e6MLrg!('/;rr@Yo&,n@Tr%])(?htBlO8KbqJ+8sliK1bTrrCE.
-Ujq=._uB^qdJj1TL%#oXKT.5V!!SZ1r+;#bA1rJJoH\,mpaiZL!95nc_]aC2rrA`;
-8H/\+AV^9c)5I0K$fE]:#oZ>5$S4O;bocGr?NGZ?8CB`l=^h=1`b>APL-kYCrr>AT
-OoGE5b7FS.8,P+Y^gHpN1lqPM=F]k05N.^<!ri8IOedKbZGZ\BN7%Y*%#+0ere-7U
-rr<4g+8f`3pgc%.^[rdc+8@CkrrD(9J&<FW"oeRr,=qh7_.AE%!#_R2)%5@Ur<XB4
-rX18AprsoMaBnstkXa,dn6'3"!6/^P!/<i8$i^2n7Zm]NK$+](1Iq?u(VjDS&i>[I
-(0H(VRQobm^&n<7d#k,Ri3L9#!0#>*!"=SN(]K)I,Q@`IQ66$:O8*6=JA:_%Bcm+$
-Yl=^`1k3CdHj0NMTd*,.!5W6%rr<q3rYZ+%0Du1q8,`lI5PWJFnAnr;J*9GO5O_fa
-rrC&Prr@d?p^@*%6:R+;!.rB)r\I(B1)I`5q@YWGr"`CanX;]$OM1er!76k(J)IWM
-rrA#*rr<I]n/)(WN?eH'"dU8.Arl^t07^h0,\\@q/?o-Sj"u8'+aaIn!21W.rrBlH
-L]7>lU]),=i%P$8)Fsc7/3ipS+7R?Y!Is<(dQd5(@K->IB`A'e6MLrg!('/;rr@Yo
-&,n@Tr%])(?htBlO8KbqJ+8sliK1bTrrCE.Ujq=._uB^qdJj1TL%#oXKT.5V!!SZ1
-r+;#bA1rJJoH\,mpaiZL!95nc_]aC2rrA`;8H/\+AV^9c)5I0K$fE]:#oZ>5$S4O;
-bocGr?NGZ?8CB`l=^h=1`b>APL-kYCrr>ATOoGE5b7FS.8,P+Y^gHpN1lqPM=F]k0
-5N.^<!ri8IOedKbZGZ\BN7%Y*%#+0ere-7Urr<4g+8f`3pgc%.^[rdc+8@CkrrD(9
-J&<FW"oeRr,=qh7_.AE%!#_R2)%5@Ur<XB4rX18AprsoMaBnstkXa,dn6'3"!6/^P
-!/<i8$i^2n7Zm]NK$+](1Iq?u(VjDS&i>[I(0H(VRQobm^&n<7d#k,Ri3L9#!0#>*
-!"=SN(]K)I,Q@`IQ66$:O8*6=JA:_%Bcm+$Yl=^`1k3CdHj0NMTd*,.!5W6%rr<q3
-rYZ+%0Du1q8,`lI5PWJFnAnr;J*9GO5O_farrC&Prr@d?p^@*%6:R+;!.rB)r\I(B
-1)I`5q@YWGr"`CanX;]$OM1er!76k(J)IWMrrA#*rr<I]n/)(WN?eH'"dU8.Arl^t
-07^h0,\\@q/?o-Sj"qk2$fE[V"DJbJdd03neMmIF#N.iF#oYc%$S6e'6G@gFY^^9"
-KDlVaOFM#YCIdlCNGGKW+1"JXHi6.j4YFi&\%B$B?/hoCH)$L3glb)_Bd,UsOd%V_
-^`*4Q/cPejF5mcDT3Z(/!<3$k*l#>Epbg`iIN&45H]Bo@^Y.on:]/95!,2B49)bha
-M7%eMREl,KqG^67&bh%chpD7BpZYM]Ol6/TSd/T!X#m1BnE]Q3<Ln\$cN&%cIh>]:
-L3&pdp[pBbp%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY09X?dSfQ
-KcAXqoKV;(p%A7opee_QIma2LDdQkurr@`lf@TXZiC<M5r=A[#]mYAtrY5U]je\6U
-`T?4*2O9Yj96GB"F!<ngD/B>2ZeSe].9N9u(m3mF=W(*o<d%lN8GMZIe^aquq^?pG
-&4,;/#K`[_q\FR$f(?X2hWF7p`S.`ekC>ZnD]YlmQL+HMn9EC;R<:H,2Jl73\$n-3
-.l:Vp)rlGD*'?mo!+DAs!<"<lrm<sghER(9$2t0W1\f,m!#,>Zr&=CiSgMfJ$U^XQ
-`#g%F>JVbi9qc?0*@B<FdU0r([[+Lh\n#"<P:iUNT:Ya2lC)ME#ZgrSbP`?Og[k,7
-mJB]Yc(-nF_YEn-qB,K*#O>2XqgX(:aoR"GMtUsUc9?0-574W!T'bP*U]])MaJaUI
-^]+:EU]1<Q9D^OfYK+tC"7jcr^Q>DKpAOrQZ&eZp?eM+8e)T?&F6ii+;fKe?RY:[t
-J$NG[*A?d10QY:Tc\2VnrrA1o+2a69e8>)2rlKg)5AEF9Zg%Ji$h*%>-_L8T^Wnmi
-J+2?&Z>][^([TiT!/L=-5Q:^@e:5AaI`]@sFC2@erZC$NrrDuK;?$V*p%p*9!7B2C
-c(Fc\IM;_]o3Fla2qRDcrr>PXq_ir_rV01g!6oX.nD@TYDuC[mm+MC=L\Kalrr=q+
-J&?\`ahRIi?aFDE+5_bO!;tGGrr<N$q^2=CdF!EfTD3nb'E8((>t=fOfBf",!(TKT
-2Lj]apeUnic#k,thd<[-r>c^@g&D&-pYe@:!&`8U_gR!U^[uVTZY07Zhh;"0r7=gG
-!"JVu-N=(nd=0?4pj[`+rrDXr8,P<tm$n"T7n*;5J)UA$:]CF>FW^,1?a=VK*>e(q
-rr@iKiBR>B2:R,nI=B;QoQ4HHBDs"1K`;&Mf2;PJ%JBTFrrCHoIa+M[Isr(2!:sJd
-r&<6oS,WIY7JeumiViOIrrC;d+7S/pZ>][^([TiT!/L=-5Q:^@e:5AaI`]@sFC2@e
-rZC$NrrDuK;?$V*p%p*9!7B2Cc(Fc\IM;_]o3Fla2qRDcrr>PXq_ir_rV01g!6oX.
-nD@TYDuC[mm+MC=L\Kalrr=q+J&?\`ahRIi?aFDE+5_bO!;tGGrr<N$q^2=CdF!Ef
-TD3nb'E8((>t=fOfBf",!(TKT2Lj]apeUnic#k,thd<[-r>c^@g&D&-pYe@:!&`8U
-_gR!U^[uVTZY07Zhh;"0r7=gG!"JVu-N=(nd=0?4pj[`+rrDXr8,P<tm$n"T7n*;5
-J)UA$:]CF>FW^,1?a=VK*>e(qrr@iKiBR>B2:R,nI=B;QoQ4HHBDs"1K`;&Mf2;PJ
-%JBTFrrCHoIa+M[Isr(2!:sJdr&<6oS,WIY7JeumiViOIrrC;d+7S/pZ>][^([TiT
-!/L=-5Q:^@e:5AaI`]@sFC2@erZC$NrrDuK;?$V*p%p*9!7B2Cc(Fc\IM;_]o3Fla
-2qRDcrr>PXq_ir_rV01g!6oX.nD@TYDuC[mm+MC=L\Kalrr=q+J&?\`ahRIi?aFDE
-+5_bO!;tGGrr<N$q^2=CdF!EfTD3nb'E8((>t=fOfBf",!(TKT2Lj]apeUnic#k,t
-hd<[-r>c^@g&D&-pYe@:!&`8U_gR!U^[uVTZY07Zhh;"0r7=gG!"JVu-N=(nd=0?4
-pj[`+rrDXr8,P<tm$n"T7n*;5J)UA$:]CF>FW^,1?a=VK*>e(qrr@iKiBR>B2:R,n
-I=B;QoQ4HHBDs"1K`;&Mf2;PJ%JBTFrrCHoIa+M[Isr(2!:sJdr&<6oS,WIY7Jeum
-iViOIrrC;d+7S/pZ>][^([TiT!/L=-5Q:^@e:5AaI`]@sFC2@erZC$NrrDuK;?$V*
-p%p*9!7B2Cc(Fc\IM;_]o3Fla2qRDcrr>PXq_ir_rV01g!6oX.nD@TYDuC[mm+MC=
-L\Kalrr=q+J&?\`ahRIi?aFDE+5_bO!;tGGrr<N$q^2=CdF!EfTD3nb'E8((>t=fO
-fBf",!(TKT2Lj]apeUnic#k,thd<[-r>c^@g&D&-pYe@:!&`8U_gR!U^[uVTZY07Z
-hh;"0r7=gG!"JVu-N=(nd=0?4pj[`+rrDXr8,P<tm$n"T7n*;5J)UA$:]CF>FW^,1
-?a=VK*>e(qrr@iKiBR>B2:R,nI=B;QoQ4HHBDs"1K`;&Mf2;PJ%JBTFrrCHoIa+M[
-Isr(2!:sJdr&<6oS,WIY7JeumiViOIrrC;d+7S/pZ>][^([TiT!/L=-5Q:^@e:5Aa
-I`]@sFC2@erZC$NrrDuK;?$V*p%p*9!7B2Cc(Fc\IM;_]o3Fla2qRDcrr>PXq_ir_
-rV01g!6oX.nD@TYDuC[mm+MC=L\Kalrr=q+J&?\`ahRIi?aFDE+5_bor7;k0^\t^X
-AdqAi`5mFD&(pqsJ+/?;Dl%-9cc492hqi/*-,.#MX_WB&r).Wmr%/,9o$+/9b`Uf<
-8/BY%.tkEpXh61X[f*I\ApnmsAc8\%9cNf%rJn;Q='PW`4F>uq)c,r^Nr0+\/+Hu(
-0)csMg-OYh"'Spo.<f@]rAs-93_kX<f]kN;V.HIACS]b-F;EL+bC"'Ir[mXZUFW,)
-pWSYn1:":R<L&+YQ%9&L80Ht5<6=1()-bk9@g@k`aD@u8(A<mU=%R6/qnK^rA.clQ
-J-f3YJ29ds!"%PArrD7rf0Ab7F8l6\.1_HOA:"$C><cC_jSo3?.6lcOnW3VWg=Q<4
-/jK-B5N+TlJa;<$B`A(erQ"p<(J4W,$,;E`k[i=pn32@$/s#d%r*fU*6S>_F!.jbA
-!:b/\_JeHFqAFFJr"#G"!/mWO'7UjKd*&Nj!8r8)!;p+En=03jre=]krr</arrD'B
-rr@`4`WN,qFcl\(Dtb@O>qc+'4u*';Tpo6c!5XB0rr<j*r$NO>4a]o)+8^PtrrD'C
-5N+QkL]%Xmci+0qrrC$crr<A?N'HN;epm0QJ,V']peCZprr>D=Zi:#VoD\g\FFV/G
-it(u(FeARBTDnnLU](pV(k9oUXT&:YI/a3E>p&R*pr!)c?"a0;"6][aiopCBK\sck
-oJ5_sp`Da#!#J0'-QXr^4A2c:qgZ-U!936miApFhr=%E3rX:DDppr]K3Ur1/%,0>4
-$nad>\j,.6nW3VWg=Q<4/jK-B5N+TlJa;<$B`A(erQ"p<(J4W,$,;E`k[i=pn32@$
-/s#d%r*fU*6S>_F!.jbA!:b/\_JeHFqAFFJr"#G"!/mWO'9<t?SgDrXrP.-;nT;P8
-SG:/(L2C`+!!X5]r*:E6S9VjBnLh1umJc/G!/mZQ!/07L+7q>S5PQ<brr<j*r$NO>
-*BZurO8FF:rrD'CJ)NEXO8TL@fDZ125PVfSiAg@Ylf)2`rrCgPa8Z,U8cJbs^PkD@
-A_)A#5(EPaO8)HI@K-<p0!kQXJb/mAnT98tDrVB))0MSL&"ik%Mkg7bIi*[^bH1^D
-i-bP)r*:E6S+so#L0\Hl!!DEa!935B!/07L+7q>S5PQ<brr<j*r$MCsrrAaZ=oSK;
-q>UHi\j,.4nV@&O]$L?\ci4!adJj1Q^PkD@A_)A#5(EPaO8)HI@K-<p0!kQXJb/mA
-nT98tDrVB))0MSL&"ik%Mkg7bIi*[^bH1^Di-bP)r*:E6S+so#L0\Hl!!DEa!935B
-!/0CP+7q>S5PQ=?rrC$drrBoWiue+8[BKKF>^u9cJ&63c&,I0OYP\p@rrD'C5N+Qk
-L]%Xmci+0qrrC$crr<A?N'HN;epm0QJ,V']peCZprr>D=Zi:#VoD\g\FFV/Git(u(
-FeARBTDnnLU](pV(k9oUXT&:YI/a3E>p&R*pr!)c?"a0;"6][aiopCBK\sckoJ5_s
-p`Da#!#J0'-N5_!!25`^rrBk1rrDi*5N+QkL]%Xmci+0qrrC$crr<A?N'HN;epm0Q
-J,V']peCZprr>D=Zi:#VoD\g\FFV/Git(u(FeARBTDnnLU](pV(k9oUXT&:YI/a3E
->p&R+Gf0N8?"a0;"7ADK\mP5-Ht30V6T2@P!.tZ?r[s9,:-;tb!(/ZPrr@WE+8fCl
-r$MCsrrAaZ=oSK;q>UHi\j,.4nV@&O]$L?\ci4!adJj1Q^PkD@A_)A#5(EPaO8)HI
-@K-<p0!kQXJb/mAnT98tDrVB))0MSL&"ik%Mkg7bIi*[^bH1^Di-bP)r*:E6S+so#
-L0\Hl!!DEa!935B!/07L+7q>S5PQ<brr<j*r$MCsrrAaZ=oSK;q>UHi\j,.4nV@&O
-]$L?\ci4!adJj1Q^PkD@A_)A#5(EPaOSI_Pj:H]1X:Ri,2q*jSl3K%p%rcbNc;-RS
-1J'aJN@`Mdkp1^\gAl,$`_"2u^JiC,s4I~>
-%%Trailer
-%%EOF
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/figs/acm_overview.eps
--- a/docs/figs/acm_overview.eps        Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1463 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%BoundingBox: 0 0 1106 631
-%
-% created by bmeps 1.2.6a (SCCS=1.78)
-%
-/pstr
-  1106 string
-def
-/inputf
-  currentfile
-  /ASCII85Decode   filter
-  /RunLengthDecode filter
-def
-gsave
-0 631 translate
-1106 631 scale
-1106 631 8 [1106 0 0 -631 0 0]
-{ inputf pstr readstring pop }
-image
-K)^H&K)^H&K)^H&VuHbSm(WPPK)^H&K)^H&K)^H&K)^H&_Z']3LFD?d!FYAJs-s#g
-mt/<E^B!_Ss+:9&s+:99rrL.gjT#<(hh(m!rrLFWJcM;@!=6Gls+:9&s+:9<rrMk=
-rW!!JGdm%S"J83b!'#T1Sc8\>JcM5>!.TV#K)^H&K)_5<"F'nH#`%UC")%Z7^OlKW
-rr[`N!2kF`T>(F-!.TV#K)^H&K)_8="NLKB.+dV]"7H3iO+RD'rr[`N!8iD.TDnrm
-!.TV#K)^H&K)_;>"SX;E#g_T3![%JFK)_GB"+L:Nhh(m#rrN0#ItI]Ps+:9&s-iri
-NrT08j8T3X!#YH^s.B;nIfKK+K)_JC!WW4MK)^H&K)^H&Rf<FK!#X_q"HNN_8FM01
-T`5+D!!(o.s.B;m!!%M#s+:9&s+:9>rrN0#B]8sk5lL``3/'U!BSY35rr[`N!8iD.
-TDnrm!.TV#K)^H&K)_>?"6TXaTAfeNmmr$1rVut,n"]mbIfKK+K)_JC!WW4MK)^H&
-K)^H&S,WTJ!!'LcrrK<QKKoMSrVus9\"s$+IfKK+K)_JC!WW4MK)^H&K)^H&S,WTJ
-!!'ccs5*bVcWL/H!-k@?"+L:Nhh(m#rrN0#ItI]Ps.TGnkD+Y=\UOX@n&YM2hZ*Yk
-K)aX+"Lf3J!5GE2"+L:Nhh(m#rrN0#ItI]Ps.TGm0S0;6!!$-Brr_-Y!5F-cg]%E>
-&-*jIVuHjK!!(o.s.B;m!!%Mbrrqk`Im?71JcM_L"UI@YBRe@Ks+16Z!!#:*rr_-Y
-!5F-cgA_8I!!$u9rr[`N!8iD.TDnrm!.Vod!N/bG!1X#j+E6MdrrN0#ItI^4rrPFc
-5fis-hZ*YkK)aO("#p8lpSe)oIfKK+K)_JC!WW4M`W#tJ0`:tR#XCY"Jq'\J!a%]1
-r;Zm)E:;$N!WW4MK)`I_!^H`NaSuA"!!'ccs4RDSQN.$+W;csL!!(oprrg)j@q1b,
-rrR9gA,H9+g&B4PrrRm:Z1@nr^P/rgrrN0#=SK'#ldGe6ha%/@!si#,pO`F=rrUf%
-./j2I&<G*9!WW4MK)`I_!^H`NaSuA"!!'ccs4RDShZ*YSW;csL!!(pFrrV>:PhZ3=
-bWPe'!0mE]!6hqP!3uM'"jI#HYrj?2!!4H/UZh^Yk1T_5!0mH_!87#E"Qh!1!5JC1
-!WW3npQbg@e,KWm(]XOIL\HE#S,WN85lL`aB_TjQ!WW4MK)`I_!^H`NaSuA"!!'cc
-s4RDSpAb2cW;csL!!(pKrr@cN,m"&HUYYqNfd6Lq!+Z$."MZ5_-/#j/!'L5\!nmV,
-pAb4kk3N$LKd?^]rr2tPrVurBo`"p8rVuqPqYpTs!)*'P!9M`1"fDV+!-%CYs-N`h
-^E<LV5k!)"!WW4MK)`I_!^H`NaSuA"!!'ccs4I>Q!!&Xirr[`N!8mMM!O3sH!!#mP
-rr>pp!!=Mn4PB`6!'L5\!+WV?!5JL5"&]*ubk;#;--Y`U!%%UE"/GnrL&M&Pbk1o8
-Pl:X_L&1fN!!#[dQ2p$srrfM*!!o3Ks-3Neml1:I3;:i#!WW4MK)`I_!^H`NaSuA"
-!!'ccs4I>Q!!&Xirr[`N!8mPN!2K8g!'K-<!87;N!JT\5rr>pq!!%,Prr?R.!!C"9
-s31HB"Asl,;'l/@!'KWJ!%%UE"2Fm9L&M&Pbk1o8L&M&PU\aul!!#[dQ2p$trrgXR
-!"cnss-!BbpK.Cq=OI-M!!%M#s1A:45QF'jrr_-Y!5HSS!d$Q0p\t<"4JVfR!d$Q"
-qu6bn,s9lYrr[?h4QaEY!WW4mW;csL!!(pOrrAhl!!4H/-2mlE4Pp)<Pl:X_A,6-,
-fhj%m\c2aX!!#.\rrC:B!!%`Orr@cO!!&e]rr]Mg-$9.d!/:CP!6k*8!/:CP!6k<>
-!WW3npQbg@fDc!:+92DNK)^r4"SY.]!/K#&!WW4MK)`I_!^H`NaSuA"!!'dTrrBh5
-!!%`KrrAhn!!(^Nrr[rT!%%OB"!mpI;>gFr,ldq!^]+?8!2$4i"+L:Nhtd9P^\n-<
--*dLMo-FA:;;V<QA,ZH.bc^sGL&M&PPlC[_bl.SBL&CrNL&M&P;<IlYL&M&Pbk1o8
-L&M&Pbkh>@!!#[dQ2p$urr[3?!0;a3NrK7N+92]1e,KIL!.TV#]Dhpt!'nX*"5a(Y
-^W?ETg&1mNU\k&kZ2O_'-2dcC-2mlEU](2mbl.SB-2dcF,ldq!^]+?8!2$4i"+L:N
-htm?Ro-OA9!@>tgrr]#B4PB6(!p533rVlo\g%bRL49,@-XoAJL!!">DrrC:B!!%`N
-rrC:B!!#.Drr@cP!!(7<rrhKHs8Psq!!(7>rrN0#9D=_Pjk0S8cN!rAK)^f0"4$rI
-:t,FG!!%M#s1A:45QEA1YlO+<rr_-Y!5HSS!2KMn!@?FtrrM7.rVur5rVllNr;Zh-
-rVlkOr;ZiArVlsG!!%_frrN0#T;_blIfKK+qYpP*rVusFbk(i<k*0@<A#&r$$7,ZP
-U]6#o,lf6FrVm8fb`jCR!$u_L4AiB^rr^"u4O!X$"jE3bKqmf/rr_CG-"HlQ"6M]l
-;?$S&Yu-bcs1`Y<,pe9BrrM8Hr]C6ZPih]>!2KMn!+Z!-!6kEB!/:@N!5JL5!'L8\
-"6M]lA,Q?/juaqerVlqQ4Al(W!/:CP!6k??!M_dU,m@..!!">-qYpTs!)*'P!9Ml5
-"&Jstc[u1TrrZ't!700p!WW4MK)`I_!^H`4pm(pAdf0F,!!'dRrrAhn!!#.[rr>1\
-!!&8]rrA;^!!#.[rr>1[!!&8^rrXPI!/82f!WW4mW;csL!!(pRrrBh4!!&ecrrI3f
-qu?a[bl7VBbl.SC4AktU"GQmUUF#U6!87AO"!mpI4T#-ZKdHWs!@<I!rr@0?!!(7A
-rr@cP!!gaJjs:!-PYq;X!2KMm!JMis!!+Bfp\t@Y!!">-rVllArVuqPrVlo\4T5<\
-PlC[_FT)7?bl.PAL&M&Sbl@^rrVuq?rr2tPrVurBr;QaZpAb1>q>UKr!)*'P!9Mo6
-"4mMQBS-8Arr_-a!*IbN!WW4MK)`I_!^H`4pm(pAdf0F,!!'dQrr?R.!!>@`s)e5?
-!+Yp+!+Ys-!%%UD!%%RD!/:CO"!mpIKtmWh!!&Xirr[`N!8m\R!)`^q!+YX#!'L&W
-"=<[>s310:"""!I4S8[Sg&D!R,ldokrVloB-27HB-/&;\rVurBrVljprW!#Ds310:
-!'L8\!+Ya'!/:7K!2KMn!+Ys,!6kEB"_5d#P[c$=!!">Drr>1\!!(7Arr>pq!!CIF
-s31HB!'L8\!/:CP!6kEA!'KrT!%%I@!WW3npQbg@g&D/(!!(>ss,$aX:]Ldqec,[N
-!.TV#]Dhpt!%.K,!9MZ/"5a(Y^Vp-P4T5<]A$Q"5!'L,X!'L/Z"53_S^\e'34T59^
-,ldq!^]+?8!2$4i"+L:Nhu*KSg&:sP-0Fk"!+Yp,!%%RD"(VB2bk_;?;*=gX!mL[u
-q>gL@!Bc)7rrXPI!'L8\!SJdt!!4H/4T,6]L&WIu!!(^Nrr>1\!!:CEbkhA@,s;/,
-"$HV`Z2FY),s4:9rVupEq>URD!!">-r;Qc@o`+usrVljDrVurOrVlj[rW!&Es8U=B
-!!%-?rr@cP!!(7Brr?R.!!FTXKnWD&!!">@rrN0#9D=_Pjk9Y8-ibBAs+p[WT)\kh
-ec,[N!.TV#]Dhpt!%.K,!9MZ/"5a(Y^Vp-Qo-OA9"=4$J--Z5c!%%OC"/GnrA,H<,
--2miG,ldq!^]+?8!2$4i"+L:Nhu*KSFT)7?A+]d$^\n-7A(gmHrW!$Hs8U=?!!8qq
-bl.SKU]:A/PftER!'L&V"!mpI4T>?\;>pOr4MUmq!0mH_"blt&!!">Crr>1\!!:CE
-bkqGIFQWTL!!#.]s#g8\!0mK_!0mH_!%%LA!/:CP!+Yp+!6k-:!@>MZrrXPI!%%RC
-!'L5\"3gfFbl.SBL&V)PL&M&Xbl@_*,ldokbl.PAPl:X_-2IQB!!#[dQ2p%#rr^jQ
-!-j+qM#RSG#QRuWrrN0#ItI^4rrPFc-MWl,jjO/2hZ*Yk_uBb]-2[`CPktC[bkhAH
-A,lQT!!";F!%%UD"!mpIbeO/Z!!&Xirr[`N!8m_S!'L5\!5J1+!+Z!.!)`^p!+Z!.
-!l+cZqu?hQs8U=B!!%`NrrXPI!'L)W!6kEB"$HV`^]"354T,3ZL&M&UL&WG!!%%RC
-!'L5\!mL\gr;Zhmrr3-J!!#mr^]"39A,lS(4T,6[A,H90o-FA:-1h$6!6k'8!2KPn
-"!mpI-2dcC4T5<_bl@]srVuqPrr2tPrW!&Es8S>_!!&ekrrXPI!'L)W!WW3npQbg@
-gA_8a!!(&ks+gUU:]NK*rrN0#ItI^4rrPFc-MWl,jjO/2hZ*Yk_Z'V#r;Zh-q>UbT
-!!"<-!!#.]^]"35L&M&Pbl7VE,ldqh^]+?8!2$4i"+L:Nhu*KV,ldokoD\e:rVurO
-rVll4rW!"Rs31EA!'L8\!5JL5!/:@N"!mpI4Sf!Wbl.SE4TGFkrVuqnr;Qb=rW!,:
-s!7XF-2dcI49,@-k5W[)!!$O-rro/D4PBaVrW!#)KdHWs!'L,X!+Z!.!/::L!6kEB
-!)``L!FmGS!!ah's8OAF!%%RC#<Vtd-0G7-L&M&PL&V)PL&M&Vbl@]?!!">ArrXPI
-!'L)W!WW3npQbg@gA_8I!!)K;rrJ@Ko`#!-L$"Qu!p53$qYpWgKp;E5"5.0]k0O&/
-BE01*rrN0#IuaO0ft[N?!L2:&rr^"u-)8lf!^H`4pm(pAdf0F,!!'dNrr>1[!!$O)
-rt.?n!'Gr8!%%YT!!">:,ldq0rr3'H!!(6XrrN0#T;_blIfKK+r;QjF!!">:rrXPI
-!%%RC!6kEB!epZur;Zh^rr2tPrVuqPr;QjF!!#.WrrC:B!!YRcs#^8]-2[]B4T5<a
-g&E>u!%%RC#!;kc-3+"hrVuqPq#:=VrVupEqu?a[U\aunjs:!--2IQ@xxxxxx&CrO
-^HDJq##YF#,ldokr;Qj]!!">Err@cP!!%`Prr@cP!!^[Is#^8]4So'[,ldp-q>UKr
-!)*'P!9Mr7!e11UeGfYK!!#.Dp\t>j!!"=ErrSrAFRoG3L&<4u!!&ekrrXPI!+Ym*
-"$?P`4O=$/IfKK!rrN0#J+EU>g&B1sKfjIRrr@cL!!,3Wm/I/M!!">BrrJ@Zg&D+=
-!%.K,!9MZ/"5a(Y^Vg'O;>U=nU\aun,ldpebl.SNUEom?A,eXk!+Z'/bl.SBbeO/Z
-!!&Xirr[`N!8m_S"!mpI-2@KCg!'Krbl.SB4T,3Zbl.SDL&[D:!!+D.rr2tPrVuqP
-r;QjF!!#.WrrC:B!!YRcs!7XF-2[]K,ldoks8OAF!%%RC#!;kc-3+"hrVuqPq#:=V
-q>^OYU\OihA,ZH.U\Xoibl.SBL&1fU,ldokk5Q_-!%%RC"$?P`-3!oEL&M&PL&V)P
-L&M&Vbl@]*!!#.XrrXPI!'L)W!WW3npQbg@gA_4f!$Kek!%%UE!@@@5rrAhm!!(6D
-rrgOl!!&eerrKANq#CClr;QbNrVupEqu6Ykr;Zi4d/O37!!)35rrN0#J+WaAUHJAQ
-!847L!%%C?!)`.`"$?P`-2dcF49,@DgA_4>!%.K,!9MZ/"5a(Y^Vp-PA,ZH34='t-
--0G.*!2KMn"i('`!!#.\!!p@>@fQKTs8U=B!!(6XrrN0#T;_blIfKK+r;QaCrVuqn
-qu7#p@fQL+s8OAF!'L2Z!5JL5!gN_=rVupErVlkOrVuqPr;QjF!!#.WrrC:B!!YRc
-s!7XF-2dcC^]"3;-3+!-!!">CrrtRc!%%[Fbl.SBL%tZJ4T,6],uMGOrrBh5!!#.V
-rrC:B!!%`Lrr>1\!!UUH49,@-r;Qj]!!">Err@cP!!%`Prr@cP!!^[Is#^8]-2RWD
-,ldp-q>UKr!)*'P!9Mr7!al!neGfMjr;Zg[qYpQ1r;Zg[WrE&]rVuq?pAY,fpAb1U
-r;QaCr;Zhmr;Qb,r;Zh>d/O3?!!(p-rrN0#J+`gA;>:+kL!K]#ffUR&h>[I$pAb1U
-mf*AO!!">DrrC:A!!(^,rrPFc-MWl,jjO/2hZ*Yk`W#pJrW!!Gk-=mc!'L2Z##P@#
--3+!Bqu@0Ps8S;`!%$e-bQ%Vhk.got!!&Xirr[`N!8m_S!-J2?!@>tgrrJl@rW!0L
-s8OAF!%$e+rr>pq!!:jRL&M&P4T59[^]"35A,Q?/,ldp-q>UH=rW!-bs8OAF!%%RC
-!)`^q"$HV`4T5<\bl.PG49,@-s8U=B!!%`Jrr>pq!!,sZqu6]Zbl.PA;>pOqU\Oih
-bl.SBL&CrOUJ_!j"""!I4T5<\bl.PD49,@-rr2tPrVuqPrr2tPrW!&Es8R3?!!$O,
-rrgOl!!">@rrN0#9D=_PjkB_9?iWI@rr?R-!!%-=rrM^;rVusFo;hlkA,QB-4SSjU
-U\k)n,s3LQ!!#.[rrM7.r;Zh>r;QaCr;Zg[d/O3?!!(p-rrN0#J+imB4SJgUL!K]$
-;#gSBk2-+C,ldp-bfmh!r;Zh>n,EJP!!">DrrhI1!!">!rrPFc-MWl,jjO/2hZ*Yk
-`r?%'rW!'Ibl@]brVuq?rVm'J!!#.]s-3E]"(VB2g&:sTPlJr-!%#AZ!WW4mW;csL
-!!(pSrrM7.rW!'I@teD=qu?g]s8QU.!!GFHs8QU.!!>@`s+UFP!'L5[!6kEB!'L2Z
-"!mpI4Sf!Wbl.SE4TGFkrVuqPrr2t.r;Zp^s8RfP!"5%ks5qNO!!">Fs31HB!/:4J
-!2KMn!@=N>rs.4e,liZ!s4RAO!'L#U!6kEB"a%tQF?ClI!!B"rs+UFP#aGAhk0,+O
-!%%XE!/:CP!/:FP!/:CP"O-oGjsC!,"_6]ps-+i/!!">@rrN0#9D=_PjkB_9?iWI?
-rr?R-!!&emrr>pq!!+CiX8`1)qu?^Cq#:?/r;[*LZ2ajq,ldpBrVll4qu?^ZrVlo\
--2dfD-.)YoT)\lKf)GdO!.XbC!'L2["!r&C4T5<\L!K\u4T5<\bhi@%,ldp-rVlkm
-rVupEn,EJP!!">Crr^#5;;'\'!^H`4pm(pAdf0F,!!'dSrrAhn!!+CirVlj[rW!>$
-s8V4-!!%-@s5kX+!!'e5rs0nN!)`c\!!">Crr^#G,uM__!WW4mW;csL!!(pRrrAhe
-!!#mqrrM7.rW)pDr;Zr)s8RfP!!#.ZrrXPI!%%RC"!mpI4Sf!Wbl.SE4TGGrr;Zm]
-@jV$Q"$HV`U\t2l-2dfG-0G6OrVuqPp\t4Ur;ZpG4?Oqg!!?a2s'u$.!2K;g!6k'8
-!2KPn!2KJmr[%LC"=<41s+UFP!/:FP!/:CP!6kHB!-J/>r[%IB!%%I@!WW3npQbg@
-gA_4^!'ns3!'L5\"=;:ls)e2>!2Jo\!p533rVlo\fua6po-O86!875K!V7W:!!+Ci
-rVltp,s9lZrr@cN!!">DrrAhl!!"=lrr\kn!8lB-!WW4Mq#:>(r;Zh-rr3,`,ldq?
-cMmlSrVuqPhu<]0rVup\r;Qb=rVurBnG`SQ!!"=mrrPFc-MWl,jjO/2hZ*YkaSu78
-r;Zhmr;Qc3rW!$Hbl>od!!&8_rr>1\!!">Drs_g*!%%Z!!!"=!Ki'-Br;ZhOaSu;A
-!2$4i"+L:Nhtm?QU\Ffi-'\?-!0m6Y!+Z$.!0mH_!/:@N"!mpI-2miHjs:!-4Sf!W
-bl.SB4T>?\FS5\7L&V)P-2%<?bl>od!!%`IrrL=ipAbFEg&L1\!!">=rrC::!!,3s
-r;QaCp&G3=s8RfP!!%`Prr@cP!!(7Arr>1S!!(^KrrN0#9D=_PjkB_9?iWI>rrLe!
-rW!!Gk-=jb!+Yg(!SMSo498requ7!L!!&eoKdA#F-&(Xa!d$PYjo5<jrVupErVuqn
-qYpP*rVusFbk1o84So*Yg&D!O;>U=nbgHFmT)\lKf)GdO!.XhE!0mE^!+Ys,!jPUe
-p\t9VbhW4#UP6I)rW!%BKnZ;]rrC:B!!%-=rr@cP!!(74rrY@`!%%.7!mJmAjo5BI
-!%.K,!9MZ/"5a(Y^W?ET-2mlEU\aujL&M&R4TEY)!!(7Brr@0?!!%`Orr@cP!!1;t
-o`+usaSu;A!2$4i"+L:Nhtd9R^JQ<V!!4GmL&(`LUF#g<!@;jdrrC:B!!%`NrrY@`
-!%%UD!6kEB!)`Ok"$?P`L&M#PKdHWs"Ci_X!/:FP!R)ka!!:CEbl.SBU\=]ho4'*D
-!!OZGk5YJ*rVuqPp&>"<q>^RC;5=!f!R)ka!!gaJs5kU-!5JO5"-`cc-2[]CF=$ea
-"!mpI-2IQB!!#[dQ2p%#rrQR.5g]N2Z2FY'4=0t,!'L&V!+Yj*!@=N?rrC:B!!,2Z
-qZ$VMm/I'\rVurOkPkOerVusFA,ZH.FSl(<^\n-4U\"Kc-2RZB^]+65-2RZB^X<&`
-T)\lKf)GdO!.XkF!Tk^-!!$O&rsRLB-):LT;'dLg-):D<!TnM&,m$2Nk4nrWUJ_":
-!BcVFrr?R&!!#.ZrrJllr?VJAU[\9`bl.SBL&CrNA,ZH.bl%JEPWU6<4GE\4"$?P`
--2miGo/n<]qYpSM-2mlG-"H*:rrR9g;>L4ojuar3qYpU^!%.K,!9MZ/"5a(Y^W?EW
-,ldq?q#:V0!!">Ff`2!urVlu^,lg(*rrqO2!!(6Xq#CLC-"F^1rrN0#T;_blIfKK+
-p\t6UrlbB)pAY0UFT+B'FQWK#!b3NRqu6c',pf>brrC:B!!%`IrrJA!qu6l_PYjPQ
-^Y/Sd!/:@N$):um4ER@',pcFfrrQ[V;=jemk+dW-4GBQmrVlu^,lf7`rs.[r4?S=O
-UWiE2$):um4ER@',pcFerrV>:g&1jOP_HmJrs>HB4Ca)[s--Bqq>UKr!)*'P!9Mr7
-!al!nci4!?q>^OBbk_8=4SJgX^]4>Xp&G(=m/I'>rVurBkPkNErVutQbl.SB4T#-Y
-;>pOqA+T^$jsBm)"*FSC^\Rp1L!fo&T)\lKf)GdO!.XkF!+Z!.!'KrS"Ao.!,uOO>
-!%%UD!M^t;!!+C@qu6]@4Sf$\-):M?-1q6<k5PA\;>C1l4RrFObl.SBL&M#OZ2O_'
--2miEYpK8I!@>tgrrY@`!%%UD!/:CP!2KJl!+Yj*"!s`BU](5nFSc";;>pOqg&(dN
-5QE/+Q2p$prr_-Y!5HVT!ni:4pAYAO4L+qdZ%^m/rrM9+qYq#04GEh8Yrj<p4AggI
-k/@9$!!&Xirr[`N!8klt"!mpnk3;mGU](5n^\%O+k2-+<bh)jpk1BV7!!#[dQ2p%#
-rrQR.5gKB0A,?6+U\XoiFSu4=49-],!!?a2s31<>!DtuY!!(71rr@cP!!(7,rr@0?
-!!YRcs!7XF-2dcCg&:sP-0Fh!!2KAj"$HV`A,ZH.4T5<\;:5CGT)\lKf)GdO!.XnG
-!Tk^-!!'e,rr>1T!!CIFs0;:u!@?n,rrJl@p](CBs8R37!!#.\rr>1U!!$O"rrC:B
-!!J#Us5o%6!!%`PrrB>!!!#.[rrY@`!%%UD!/:CP!/:CO!-Iu9![[l]r;Zi4r;Qc3
-rVusFk55/[5QE/+Q2p$prr_-Y!5F-cf`)!Q!2$4i"+L:NhoG`tbi\-h!)`^q!82u(
-q>UKr!)*'P!9Mr7!al!nc2Rbir;Zh-q>UW\,ldok^]+65A,ZH1;?-[?qZ$\ms31HB
-!2K)a"L2H!4=0t,rB((bmJd4?-2mlH^]4<[rVurBrVlk>rVuq.o)A]"rW!15,ldok
-s8ODE!!KPQ!!"=mrr\kn!8lB-!WW4Mqu6Y<rVupqo`"nRqu?dE;,R;m"3gfF-2mlE
-4T:$7-2mlEPlC[`fd6Ut#:3lTKd?^!-3!oHftW5<rVuq.rlkBA!/:CP"=7Q3Kk()^
-!%%49!/:CP"!p&U-2dfD4T>?]jsBs+!@9l,!!%`PrrY@`!%%UD!/:CP!6kHB!5JI4
-$&-U<@fQKTs8P4\!!#.Zrr>pq!!$O*rrPFc-MWl,jjO/2hZ*YkK)aL'!WW4mW;csL
-!!(oYrrAhn!!"<ss7lTq!!#[dQ2p%#rrQR.5gKB0A,H<,4Sf!WFT)7CPlKm"-2dfG
-U]:A<qu?hQs8U=B!!%`Crr=A<!!(^?rr>pq!!H1!bfi3K!!%`Orr>1\!!'e)rr=AE
-!!0>NrVuuC^]"3:-3#7k!%$%m".oPnhq%f/!!%NGrr=AE!!'e+rr>1[!!?a&s+UFP
-!mL[urVuq.rr3"o-2mlEU]18n;>pOu--ZDhbl.SBA,H9+L&M&PL&:lU,ldokbl@_*
-A,ZH.-1_'9L%bQJ4PB`6!+Z!."=:h_s.fPn!%%XE"$?P`-2miDFT)7?bl7VB;>pOq
-L&M#TZ%_??s1eL4!/:FP!5JI4!875K!^H`4pm(pAdf0F,!!'ccs4I>Q!!&Xirr[`N
-!8k3a"/@.g4T:$7;>gIpKnB@"rrN0#9D=_PjkB_9?iWI<rr@0;!!%-;rrtRc!%#j!
--2[`CA,cK.bl%MA4T>?\^]"35L%50C-2%<>-0F[r!0mE^!@9&h!!#mprrXPI!%%49
-!87>O![[kVrVutQA,ZH0FT4K&!!'d^rr\kn!8lB-!WW4Mr;Qo^,ldokoD\eQrVuq.
-rr3G&!!">-s!7XF-1h/$4T,6[-3!oEg&:sP--ZAg!6kEB!/:=M!2KMn!/:@N!2KMn
-"GQlj@jV'R!/:"D!/:4K!@;jcrr=AE!!';&rsCjg!%$e-s#^8]-2miD4T5<_bl@^X
-rVup\pAY,&rVupErr2sqrVupqq>UL]!%.K,!9MZ/"5a(Y^OlL<rrN0#T;_blIfKK+
-[Jp4QpAb1UK)bTF!WW3npQbg@gA_4^!'np2!2KJm!%%RD!3uG$!%%C?!E$W1rrC:A
-!!&8_rr@cP!!%`CrrM89r]L/["E]?O;6fTi!)`@g!%%UD"!mpI-1_'9L&M&R4TD2U
-!!,2.rW!#Qs+UFP!-HZh".oPnhq%f/!!%NHrrC:B!!#.QrrbFa!%%78rsFHBZ2`r4
-!!#l<-2[`D4O!g)!/:CP!-J2>!6kEB!/:=M!6kEB!/:@N"_.N4-&#4o!!+Bfnc&TC
-rW)p[!E#*YrrC:B!!">Crr@cP!!^[Is#^8]-2miD4T5<_bl@]QrVur5pAY0U-2mlG
-L&\pd!!'e0rrPFc-MWl,jjO/2hZ*YkK)aL'!WW4mW;csL!!(oarr>1V!!#lJs7ZHo
-!!#[dQ2p%#rrQR.5gfT3U\t/o4TA:X!!+D;r;QaCqZ$[D;8<#.!0mH_!@?n-rr@cP
-!!%`?rr@cP!!(7/rr>1W!!+Alr;ZiNrr3'H!!">?rrLfsrVlj[rW!%Ss5kX)!!>@`
-s1eO5!'J^0".oPnhq%f/!!%NHrrC:B!!#.QrrY@`!%%F?!6k3<!Bd.Trr>1\!!(7A
-rrC:B!!%`MrrC:B!!%-=rr>1W!!4HVk4&BNFT)7?g%YLHU](5nA,Q?,L&M&Vbl@]*
-!!">Drr>1\!!^[Is!7XF-1q3;L&M&R-0A_:!!#mkrrPFc-MWl,jjO/2hZ*YkK)aL'
-!WW4mW;csL!!(o`rrJ?Hr?VM-A&!Wqp&>'n!)*'P!9Mr7!al!ndf0<^r;ZsHbl?fO
-rVupqr;QaCr;ZmFA*3Ue!/:CP!%%UD!/:CP!/9h?!/:CP!6jg0!Tk^-!!dV"^Wapa
-s&&aq!0mK_!%%UE!2KGk"S6+'!)`aq!%%UE"3gfF-2RZBPlC[b,ldokdf0EA!!(p-
-rrN0#J,K<Hbl.SB4Sf!Yk(T'!rrY@`!%%F?!6k9>!Bd.Rrr>1\!!(7ArrC:B!!%`M
-rrC:B!!#.Zrr>1Y!!4HVk3i6O49,@-pAY,HrVuqPr;QbNrW!/Hs8P1]!%%UD!'L5\
-#0d,I,ldp-oD\e:rVusr-2mlE^\Ig15QE/+Q2p$prr_-Y!5F-cf`)!Q!2$4i"+L:N
-hh(m#rrN0#9D=_PjkB_9?iWI@rrL=irVusFbl7VBZ2FY&L&M#O-2mlEL&1fPg"HE*
-L&M&P4T59[^]"35A*s9uPQ1\0li-rprVupEqYpPjrVupqrr2t?rVusFbl.PBUF#m>
-"""!I^]"35-3!oEFSl+>-0G4,!'L5\!2J$C".oPnhq%f/!!%NGrr=AE!!'e2rsFu:
-!!$O/s#^8]-2@K?bl%MC,uMGPrr>pq!!(7@rrXPI!/:=M!6kEB!'L2Z!'L2[!@<Hc
-rrY@`!%%@=!6kEB!+Ys,$=a&9-0G7-49,@-rVlj[rW!/Hs8OAF!'KlQ!2KAj!)`Lj
-!^H`4pm(pAdf0F,!!'ccs4I>Q!!&Xirr[`N!8iD.TDnrm!)*'P!9Mr7!al!neGfQn
--2dfD^\n*3A,QB-Z2Xb'A,ZH/4MUjp#/<8#!5JPfrVup\rVllArVup\m/I-@4L+5P
-!%%UE!/:7K#UKHN-0G7-jsC!,"=7Q3@jV$Q"$HV`L&M&P4T>?\bkqG@4T59[A,ZH.
-A(1G[T)\lKf)GdO!.XnG!)`^q!@>M[rrKl3r;[$as8P1]!%%F?"m.*2!%$=qrrq)0
-Z2aiXrVuq?r;QjF!!#.YrrC:B!!#.Zrr?R.!!%-;rrJmKo)AeS!!">=rrqO2!!">:
-rr3,F,ldokrr3'_!!">Drr>1\!!gaJs#^8]-0G+)!R0^'rr>1Y!!'e.rrPFc-MWl,
-jjO/2hZ*YkK)aL'!WW4mW;csL!!(o.s.B;m!!#[dQ2p%5rrDf_rrQR.5h5l8fd6Rs
-!2KDj!'L5\"XVCms5kX+!!=N04=0q+!i,dLrVup\r;QjF!!"=prrA;_!!">?rr?R.
-!!&8_rrAhe!!#mqrr>pq!!#mprr=AD!!&8^rrAhn!!"=orr\kn!8m&@!;Gs^!WW4M
-qu6]M-2dfF4?Oqe!!]4us#^8]-27E>;>pP(4JV'=s1`%D!%$e-g&:sT-,9K[k&gS&
-!@?n+rrC:B!!#.ZrrBh4!"!/Zs8Uc:49,@koD\nT!!"><rr>pq!!GF!bbHK`!!%`P
-rrY@`!%%UD!'L5\"3gfFL&M&Q4L+nc"GJ-%-0G.*!2KGl!)`Ii!^H`4pm(pAir9#Q
-o)AgL!!'dtrrqQ/UP4EGmJd:N;*<(Mrs7ces3/63KqllarrRm:FP6Zq!!&Xirr[`N
-!8iD.TDnrm!)*'P!9NSI!a(NXo)Ac!!'o*7!)`[p!2KAi!5JI4!'L8\!M^t8!!>@`
-s-3K_!/:@N"!mpI-.Mqp;>pOqL%tZJ^]"354T59[U\Ffi-'\B.!'L5\!/:CO!+Z!.
-!@?n,rrM7.rVurOeGfWC!!(p@rrVpSYOVVo!!%NFrrAhf!!+CNrr3'_!!">>rrBh3
-!<+;C!!">Err>1[!<+;B!!%`NrrC:B!!#.Yrr>po!!+Alqu?_=oD\nT!!"><rrBh.
-!!#.[rrY@`!%%UD!'L5\!6kHB!%%RDr[%LC!6k??!)`[p!2K8f!^H`4pm(pAir9(P
-@,LVV"5a(Y^Zkb!jsBp*![V@JnG`TE!!#.[rrTrh^Y/VeL&NCq!!4HDZ2O\(UP7k0
-rrXPI!6j0s!WW4mW;csL!!(o0rrQ%DKqSGI!!#[dQ2p%5rreqo(m"F`rrQR.5h5l7
-4T5<\U\FcgU](5n-2miEfhqSG!@;jerrC:B!!%`NrrY@`!%$.p"0j-P4SJdWF8u<*
-r;Qi5;'l2A![T.Hqu6Y+rVur5rVll4rVuqPqu6XYrVurBeGfWC!!(p?rrZX/0X(*J
-!WW4Mq>UJj-2ITC-"HQFrrY@`!%%@=!M^t9!!+C@rr3#C-2%<=-2dcCbl.SB;>U:m
-;>1%j4S&LS@fQKTo`"oFq#CFAbl.PD49,@-rVljprVurBrr3#C-27H?4So'XFT)7?
-4SA^U5QE/+Q2p%+rri'%!+=^Xrr_-Y!5Idu!0m9Z!@>t[rr[rT!'L8\!87>O!5I7f
-!'KoS#*f/fPQ1\0rr3'H!!(6srrN0#T;_blIfKK+e,KJH-"HWJ!i%&=`W$$^!!">$
-rrTrhZ24J%fnH^,rrTH&FPQlt!!#[dQ2p%5rs%ot!!!jsp\+Ug?iWIBrr^J--&)$l
-"-b)XFSl(Bfp%1Q;2)d^rrQ[V;>^@qYpC]ke,KI2bk1o9UVHX)!9X:)!9X+W"6NH,
-L&:lOZ"'$prr^Ik!)_5F".oPnhrt(?\,H@.0X(0L!WW4Mq#:BWA,R\T4ET`_rrZ*u
-!'KrS!p3u=qu?dEA(ge[!SL?J!!O[&@fQKkr;QcMrVuqnq>UMk4=0q+![Tsnnc&^E
-,pd[)rrJl@qu?apg&1jPF8u;NrVlu7,lg(*rrV=[-2[`D4JV`P!%%UE!2K5e!^H`4
-pm(pAiVrm[rVut,ht[3RhZ*Ykl2LsA!!"<-4=0t,!@?n!rr[rT!'L8\!2KMn!0l4;
-!'L5\q^)4A"/GnrA,ZH4g&M'u!!(6srrN0#T;_blIfKK+eGfN5rVurBp\tBY,ldq!
-a8Z;),ldoko`"u7-):)3!Tmnj,m+,I-0G.*"MZ5_!2KGk"PG($!-I&s!WW3npQbg@
-li-rer;Zm9O8&GL!al!n`;]l#k(<X+rrCa#rr\kn!8lu>!#YY7!AL_OrrN0#J*Ht8
-k$qoSo)Aj:^P/H,p\tBLP_Fh+rr3&)L$&:4!jPUepAY<Yb`mh*k1fn9U],rIg%kXK
-bfoq`!872J"m2&';2*]urrAhn!!#.RrrPFc-MWl,jl-4>\,64,@,Lh\"5a(Y^Zkb#
-K`D*8rr2tPrVuq.o)AfG!!#.[rrQ%D4PB`;49,A'k5>5\fp&92rr^q:-"HrS"!mpI
-bhE'u!!&Xirr[`N!8l<+!/:CP!6k3;!0mH_!0kP(!/:CP!/:+G"JYqs-0Fn#!JMiq
-!!&8]rr>pq!!#.Yrr?R.!!">$rrN0#9D=_Pjm2pHYPS;$(m"FfrrQR.5_B#jrr\kn
-!8lu>!-%f8!AL_QrrN0#ItI^Frr>1\!!&8UrrPFc-MWl,jl$.=&GlG.@,Ln^"5a(Y
-^Zkb#K`D*8rVlta!!">9rr[rT!'J^0"$?P`L$nsC,ldqhgA_3S!2$4i"+L:NhphZ+
-L&M&PbkM,;4T5<\bfB_c,ldokp&>':-2mlE^\7[-A+os'L&M#PjsC!,!@?n+rr=AD
-!!'djrrN0#9D=_Pjm2pHfD,CJ(m"FhrrQR.5_B#jrr\kn!8lu>!13K]!AL_SrrN0#
-ItI^GrrBh5!!">:rrPFc-MWl,jl$.=3;EOT@,Lt`"5a(Y^Zkb#F8u;'rVluD!!">9
-rr[rT!'KlQ!SP]VrrY@`!/9k@"!mpIbhE'u!!&Xirr[`N!8l<+!/:CP!6k3;!'L5\
-!6iOa!5JL5!+Y^%!'L2[!/:1I!+Ys-"!p&l-2mlEL&M#OU\k)l^]"05jsBs+!/9;0
-!WW3npQbg@li-tZpAb73O8&YR!al!nK)^T*".oPnhrk">\+]k'0X(HT!WW4MK)a-r
-!+Z!.!+YX#!^H`4pm(pAi;WdZpAbD*huDR6!5Idu"$?P`FT)4AUAt9?rVm)a@lu&"
-A+T[!",-^T4T>?_fd.r>r;Qu+49,@-4JVoU!`:8=qYpUo-&)$l#Wr(eL&_1sbi\d%
-"/@.gg&D!R,ldqhr;QeO4T6W-;5<:R!WW4mW;csL!!(p+rr@cP!!(7;rraVJ!%$dK
-rr>pq!!(^Grr@0=!!#.Vrr@cO!!GF;s8Tk5!!&8^rr@0=!!%`OrrAhl!!#mQrrN0#
-'DEgR3U/j0"SMg"(m"Fk?iWHDs+^OUT)\jNk<K#(o`,1MYQ+V&!.TV#cMmkjrVurO
-oD\kW!"/KJ!'/t&!$(Y3"CT+I!5Idu"$?P`L&V)TbU!5hA,cK/KdHWs!@?Furr[rT
-!'L8\",-^T4T59[U\Xrp4TCWG!%$=rrr\Jc!%%=<!^$G_rZqRF!<+8EFT)4A49,A8
-rr3'H!!(7BrrLe8q>^M*kPkS`!2$4i"+L:NhphZ+L&M&PbkM,>,ldokmJd3OL#2h4
-js:!-4SJdT^\\!2-2IQ@^\n-44T,3\F<sf^rr>1Z!!#.[rr?R,!!#.<s3:TI(lqr&
-5_B#jrrA\A!!G!Z!!%M#s3L]F^]"354S&LP5f3R%^Zkb.49,A'beIX6!!"=us8S>Z
-!!#.\rr[rT!'L8\",-^T4T>?bfd-Uu,s3LQ!!1<srVup\r;QjF!!#.Srr>1T!!(^O
-rrY@`!/:FP"!mpIbl7VB4T5?[-2mlE^Zb\!!!&Xirr[`N!8lc8!p4Ser$;A+g&D!O
-L&M&PbkM,C,ldoks8UbLA,-'6Kfk(hs'l$/;?+Cb4Cb/]rrM8Hr]C6ZPih]>!+Z!.
-!2K8f!'L,Y!@?n)rr>1\!!#.Qrr=AC!!">Drr=AC!!">%s3(HE#lm5Bs+^ORT@!W=
-ItI^HrrAhn!!&8Srr>=%!!'durr>1V!",M$s5kU-!%!?CA,ZH4U]:@J!!#.\rrZa2
-!'L8\$p4Li--ZDhPU03,s'u$.!2KPn!/:CP!2K5e!'KuU!%%UD"!mpIL&V)V,ldqh
-s8RfP!!ebgs03jM!/9Y:!WW4mW;csL!!(p9rrJl@q#CClrr2t?rVurBp\tOG!!">F
-s!7XFA,?3*Z2O_)U]2Y>!!">C!!+Ciqu6\N-2RZC-$8q^"Qh!1!'KuT!-J2?!B`LD
-!!'e2rr@cP!!+D!o`"pEqZ$UBrr2uOqZ$UBhZ(h#"(5(.5_B#jrrA\A!!Ej_!!%M#
-s3CWGF<sfSrr>=%!!'durr=AA!!+CNrr2t?rVur5rr39e!!$O/s+LFQ4T>?b49,@D
-s8Skn!!'e0rrhp>!!">ErrXPI!'KoR"?ZYa-&)6?r;QjF!!%`Prs^7S!6kKC,ldq!
-s5mf;rVurOkl1\a!2$4i"+L:NhrF_:^\7^.4T>?`49,@-k55/cbeJjc,ldoks5kX,
-!!';$rr>1\!!8Db-2.B?-0G1+!+Ya'!/:7K!+Z!.!2K;g!SJdu!!0igrVuq?qu6XB
-rVuq_oD\fcq>^W4s8R3;!!(7#rrN0#'DEgR3U/j0#5%s"@,Lul!'l/9LAq@J!!#"A
-5QE_8!!X!an,E@fItI^4rrPFc$MYqJ3T*.&*q]L95c4S^^Zkb",ldrE,lpl<r;Qj]
-!!#mprs=AZ!'L;]K`D*8rr39e!!%-@s%rar;>:(jL&M&RL&[D:!!&edrrY@`!/:+G
-"!mpI^]+6@,ldqhs3(HC-*^;nrVusFUZ_XY!!&Xirr[`N!8li:!/:CP#<[^)b]Egb
-A,cK849,@-s4O0$4=)<M!!=PIs&&aq!%%RC!2KMn"""!I-2%<=A,cK.Z2FY),s4:9
-rVupEqYpQ1rVup\pAY+TrW!"0s1eO5!'L2Z!0mH_!'KiP!+Yj*",6dT-2mlE4T5<\
-Pi)KB!!#[dQ2p%3s7QEn@,Lt`!al!nK)^T*".oPnhrk">^\7^0&:a0JrrN0#ItI^4
-rrPFc-MWl,jl$.=@.sX*5em?V!!'durrXPI!6k6<"!mpIL&M#XK`D*8s8RcQ!'L8\
-#s81fL&_0!!!'e-rs1^e!%%5!!!#.QrrY@`!/:+G"!mpIbl7VG,ldqhs.fDj![V@=
-k5PJ_!2$4i"+L:NhrF_:;>pOqZ2O\(P[ikTrr>1\!!">;!!FVJs5kX,!!%->rr>1\
-!!@?Cs!@UD#>r7[YpBAM-3!oE4T5<\PlC[_Pl:X_-2RWA;>pOqU\FcgPl:Xf-1h0!
-,ldokr;QaZrVuqno)A\9rVuq.rW!!^s4RAO!@>#M!!$NdrrN0#9D=_Pjm2pHhtR0P
-@,Ln^!al!nK)^T*".oPnhrk">TD8Hg&:a0HrrN0#ItI^4rrPFc-MWl,jl$.=5ktB\
-5em<u"5a(Y^Zkb#,ldqhq#:FB!!%`Ors=AZ!'L;]K`D*8rr39e!!%`Qs!7Xkk4\fT
-U](5n4T5<\U\"Kf49,A8p&>+?!!(7Brrj\K!6kIsqu?dEFQVZa!WW4mW;csL!!(p:
-rrA;_!!4Hgk5##W4R`=N4T>?\L&M&T-0G7-U](5r-0G7--2mlEPl:U^A,ZH0^]2(J
-!!Hg3s._^T!!$O+rrBh5!!#mjrrM^;rW!(Cs3/\5rVurBrVlsG!!">9rrCaO!!ah'
-,ldoks)e5?!Fsg^!!#.=rrN0#9D=_Pjm2pH\,$(*@,Lh\!al!nK)bWG!i%l3r;Qhn
-4GDbo!L/;Nrr\kn!8lu>!-nA@!YBkMqYpTs!.TV#]Dhpt!%.K,!9N/=!#YS5!AM:d
-rr_-Y!5Idu"!mpIbkV2?,ldperVm1$!!$O/s+LFQ4T>?e49,A8s8OAF!6k-9!'L/Z
-!%%49"$?P`L%YHJ,ldqhrr3-J!!(7CU](5o4I"h)!WW4mW;csL!!(p9rr>1[!!4HV
-k55/Y4Sf$b,pcEBUWgq.!!#.[rr=AE!!?a2s#g8\!+Z$."$?P`-2dcCPl:XaL&Z8o
-!!9EZ-2[`C4So'X4T5<\^\@a.A,QB.,piEg!0mK_!6kEB!'KiP!0mH_!^-K/rVuuC
--2mlJ^],S[!%$P&!WW3npQbg@li-ruqu?b*ht[3Q?iWI(rrC9ZrrCaO!!&8_rrCaO
-!!&8DrrZa2!)^H0".oPnhrk">./a,I&:a0DrrN0#ItI^4rrPFc-MWl,jl-4>a8>o<
-0X(?Q"5a(Y^Zkb#,ldqhq#:S/!!"=hs8Skn!!^4<s+LFQ4T>?f49,A's8P1]!'KlP
-rrTr4A,Q?,^\e'3L%>6G49,A8p&>+?!!'e5rs9tO!6kK*,ldper;QhP,uNn+!WW4m
-W;csL!!(p8rr>1Z!!+C"r;QaZrW!$_FHk#GrrXPI!'L5[!2KJm!PcDK!!+D.rr2s\
-rVurOrVllArW!"Rs#g8\!%%OC!Bd.RrrAhn!!#mjrr=A;!!#mqrrC:B!!#.Prr>1\
-!!7lSA,ZH.;>pOt-3+!-rVur5i;WiY!)*'P!9NSI!V[0)!!-KbpAY2%!'n6t"S4_U
--)8BX!6kEB!/:FP!6kEB!/9J5"$?P`-,'<\T)\lKkl1Y'rW!!2J+*+2!WW4MK)`I_
-!^H`4pm(pAiVrmkrVusQYPA,"hZ*Ykl2Li3!!(7<rrBh5!!4H/4T5<\4T>?_K`D*8
-rr30b!!#.]s.fPn"!qH24T5<\Pl1O];>pOq-1V!;49,A8p&>+?!!%`PrrsbL!6kKC
-A,ZH.-2p"/,ldokkl1\a!2$4i"+L:Nhr+M8UHJGS!'L5["$?P`-2.?@,ldp-r;QaZ
-rVusr;>pOqA,ZE-4T5<\bl.PAbl.SDL&X:3!!,3Wq#:IZ!!">-p\t4>q#CFA-2mlE
--3!oEbl.SB4S\pWbh;sp!%%UE!mL\>q>^V-s8R3?!!%-!rrN0#9D=_Pjm<!MY5eQ1
-ht6pM?iWI*rr@cP!!">$rrQ[mZ0M>hbl.SBL&V)Pbl.SBL#`18,ldok^&J2,!!(p?
-rrd9@&:a0@rrN0#ItI^4rrPFc-MWl,jl6:CpD<laYP.tuhZ*Ykl2Li3!!(7;rr@cL
-!!+D!rr3(S!!#.\rrY@`!)`aq!+Yg)!@?FsrrAhn!!%`CrrY@`!/:+G"!mpIPlC[b
-,ldqhrr2s\p](;9kl1\a!2$4i"+L:NhqnA6^JXq0!+Z$."!mpI-2.?@,ldp-r;Qc3
-q>^OBk5G;[4T5<\bl.PAU](5pL&X:6!!4HD^\@a.L&M&PA,$!'U](5p-&%'PbQ@hE
--2mlMg&M*7,ldokk55/`ffT67L&_1frW!'Is8V4-qZ$`Os8Tk5!!#.>rrN0#9D=_P
-jm<!K:gi2OrrQR.5e[0tPl:X_4Pp)?@fQKTlMgk.rVuqPrr2uBrVuqPj8T3-!!"=Y
-rr\kn!8m&@"8=3nn+-J[!!%M#s1A:45QE/+Q2p%+rrTAXYOqhshZ*Ykl2Lfp,uO@8
-!L+o/!!,48rVlu)!!&8_rr]MP-*dFK!JMiu!!4HVk55/\;#gSBnG`SQ!!%`Grr[?h
--0G4,!^$H/r;QhP,piNj![Tt(kPkS`!2$4i"+L:Nhq\53U](5n-3!oH,ldp-pAY4@
-!!">Brr>pn!!$O,rr>1\!!(7Arr>pq!!8qq;>pOr;<IcU!TqW)rraVJ!%$e%rr>1\
-!!$O*rr?R.!!&8_rr>1\!!,4RrVlnP-2mlH4TGG'rVup\rr2s\qu?^CrVm!H!!">-
-iVrrZ!)*'P!9NSI!9`kO!al!n]`/(D,s9E.rr>1\!!(7/rrC:B!!%`PrrC:B!!%`5
-rrXPI!'Isp".oPnhs(.Ap[@VO!WW4MK)`I_!^H`4pm(pAir9#Ao)AgL!!'ddrr^#i
-L"Z>&!SQ/trr^#iKqnJD"Qh!1!/9qB",/$`k3`0Kbk_8=k5NTcrrN0#T;_blIfKK+
-j8T1cKtmTd"S3o>!%%XE"!mpI4SJdW,ldokqu6Z2qu?aDk5>5Z4T5<\U]18nL&M&S
--0G6&rVusFU](2tfjc<.L&_1;rVuq.p\t6.r;Zi4qYpQ1rVup\rr2u'r;ZsHFG3R<
-qu?h@s8P4\!!%-?rr@cN!!%->rr=AE!!&eQrrN0#9D=_PjkB_9?iWHWrr>pq!!&8L
-rrC:B!!%`PrrC:B!!%`5rrXPI!'Isp".oPnhq%f/!!%M#s1A:45QE/+Q2p$prr_-Y
-!5Gf="ChE3-0DB1!WW4mW;csL!!(p;rrCaO!!">E49-],!!#.\rrXPI!'KuT"!mpI
--2RWAA,QB-;>^@n4T,9Z-2dfDA,cK.4T,6^,s4:9r;[(4s8P1]!%$e%rr>pq!!#mk
-rr=AE!!(^Orr?R%!!%-?rr=AE!!&8_rrCaM!!(^Nrr?R.!!#mTrrN0#9D=_PjkB_9
-?iWI"rrTrh^]"05g#h]%"6Ri-L&M&SUWgsEmf*:2rVuqPrr2uBrVuqPkPkY.s8UdO
-!!#-prr\kn!8lB-!WW4MhZ!bS@lukNPi2QBP_Iom!JU.Arr\L>Ktm9[!5JMe!87&F
-!87@*!5I@i!^H`4pm(pAdf0F,!!'d=rrXPI!+W/2!WW4mW;csL!!(p;rrCaG!!BM+
-s31HB!'KuT"!mpI-2RWAbl%MA^\e$24SJgU4T59\bU)u`"!uY#U](5nA+op&-2mlE
-^\Ig/L&M&PL&M#OA,$$)4MUjp!%%UE!6kEA!%%UE!'L2Z!2KMn!%$V(!WW3npQbg@
-gA_4^!'n6t"6NHCU]19$^An6[k5Sp;!$sb4qu6\l;>VXEFT;Ap,lf5;rW!'I!!"<B
-qu6]ZPl<cGFP6Tl!6kEB!/:FP!6kEB!/::L!M`Nk49:/hq>U]^@jNE$,pd[4!!$NB
-rr\kn!8lB-!WW4Mhu<^>!<"2F!%#DCrrI4qrr3!]-/JS&@fXaNrs$[n!$rokA,$!)
-ffT96,ln!Up\t7k!<+8F!'K-<!^H`4pm(pAdf0F,!!'d>rrAhn!!'d9rrN0#T;_bl
-IfKK+j8T.6-2ITB-):G="!mpIL%bNK;#gSBqYpP*rVupqqYpOXp](:Vqu6`h@jV!P
-"XR%.s8RfP!!'e-rr[?C!+Ya&"$?Q0g&1jNUHJJT![Tt(qu6a\!!">Crr@cP!!'e3
-rrhI1!!">(rrN0#9D=_PjkB_9?iWI*rrZ*u!%%XE!/:CP!Fn7h!!'e4rr>1V!!:jR
--2%<>-0G1+!FmGQ!!,sMrr2uBrVuqPrr2uBrVuqPr;Qf&-2ITA;>^@oUF#X7!/8,d
-".oPnhq%f/!!%N,rsDU'A*3gkk(Nd]k3;mIbQ*@rrrJ@<hZ![f!!(7@rs'hr^]4=D
-!/:4J#Wr*@s8V4D!/:7K#]p&Vk5YHk!)_YR!^H`4pm(pAdf0F,!!'d>rrZ*u!%"`H
-!WW4mW;csL!!(p9rrM8HrB(*jU\k&mfnG[_rrRn.g%t^K-2mlE^\[s14T5<\;>rZY
-A&%g=#Nhe8;*9Q-k5G;^YpBBIo`"sFbk1o9PihfA!87@qq#:H24?TnGrrSEpZ24J&
-UEq4.iVrrZ!)*'P!9Mr7!al!n^&J'prW!&Es8RfH!!#mqrr>pj!!:CE;>'ti-3!oF
-bWPY#!%%XE!6kEB!/:FP!6kEB!/:CO!2K8g!)`^p!2K2e!/8,d".oPnhq%f/!!%N-
-rrV=/-2[]D@fV5IrrUCEL"lV2ffT6\!6kEA!gE\=rVlmE-2IQB^AqdBrrVd<-2IQA
-,piKh!^$J9i;WjD!%.K,!9MZ/"5a(Y^U!kA49,A'XT&>%!2$4i"+L:Nhn/mgL&M&P
-4Sf!W4T5<\bi\p+k01@8!TrP&rrN0#9D=_PjkB_9?iWI*rrY@`!%%XE!/::M"XRY)
-!!">Err=AE!"EFl^S<mk-0G7-P]T#6rVup\re1@*rr2s\r;ZmF@o<4*!%%XE!6kEB
-!/:FP!6kEB!/:FP!Tk^-!!">E4T5<a-0G7-jsC!,"?_BlF=$kc!/8,d".oPnhq%f/
-!!%N-rrUCE4T#-[ffWdCrrhJ<@s"LBrsuku;2)dbs-.U*;2)dbP_K&8"J^'9L"ZG)
-#JYumk(QZdg%YLNfd.quK`K?qrrP;/k5G;]F9')PrrSEIL&CrO4=0k(!nf\5r;Qh?
-!6jC$!^H`4pm(pAdf0F,!!'d>rrUD,;60]u!!&Xirr[`N!8kEg!%%UE!2KAi!'L5\
-!6g&pp\t9p!)*'P!9Mr7!al!n^&J0s!!">Err@cN!!ssqs+LFQ-0G6\rVup\rVlrP
-A!Hlj!/:CP!/:=M!+Ys-"-iicbl.SB;?$Rqbl.SBL&V)Pbl.SBL&V)PA,ZH.A,cK/
-^ErjZ"53_SA,ZH.A,ZE.o0!!P!2I7-".oPnhq%f/!!%N,rrOJm^\7[-U\uJ?!'JL(
-rrHU0rZqpPA,fCP!$rqFs#_V,rrUD,!<+8F!-J5?!ehqbrZqUG!2K>h#0^T>s+LHs
-rVlmE-2dcEUB$#=rrFDlo)AbR!86<1!^H`4pm(pAdf0F,!!'ccs4I>Q!!&Xirr[`N
-!8kHh!5JL5!%%F?!'L5\!6g&pp\t9p!)*'P!9Mr7!al!n^&J0\!!">Err@cN!!C"9
-s+UFP"3gfF-2mlF4L+V[!0mH_!/:@N!Tk^-!!&enrrC:B!!%`PrrC:B!!%`PrrC:B
-!!%`Prs'hM!'L;]^JXq0!'L8\"!mpI4T#-YL&M&Pbe=#YT)\lKf)GdO!.Wr,"bcpV
--$6ours5k04PBc7PQ3iFrsWuLA+T`l;#lj\bQ*@rrrG5.rr3Wo!/:IQju`Wts8RcQ
-!0mN`PQ3$%rrRlSbl.PB,s;,*!mCXSoD\lG!+YX#!l"^thu<aC!%.K,!9MZ/"5a(Y
-^OlL<rrN0#T;_blIfKK+]`.t/rVuq?q#:=VrVurBK)bTF!WW3npQbg@gA_4^!'n6t
-"!mpI-3!oEL&CuOA,cK.FT)7Bbl@^<qu?a[U\Oihbl.SBL&CrNPl:X_A,ZE-bl.SB
-L&V)Pbl.SBL&V)Pbl.SEL&_1frW!"RUHJGS"=;:ls4RAO!/:=M!/:CP!6i.V".oPn
-hq%f/!!%N+rrJlWrW!!G4I#gE!^%d^rVm(U!2KSo,piNi#3I4/s3(Isrr30b-3+"?
-!+Z!-#P05fs8RcQFT)4@xxxxxxxxxxxxxxx,s;,*!mCX,o`##g!%%7/rr^Ik!5IFk
-!^H`4pm(pAdf0F,!!'ccs4I>Q!!&Xirr[`N!8kHh!%%UE!87/I!'L5\!6g&pp\t9p
-!)*'P!9Mr7!al!n^&J0\!!">Err@cO!!(^Orr>1\!!(7BrrJl@qu?a[g%t^Kbl.SB
-L&CrN;>pOq^]"04bl.SBL&V)Pbl.SBL&V)Pbl.SEL&_1,rVupEqu?aDL&M#Obl.SB
-^\e$2L&M&Pbe=#YT)\lKf)GdO!.Wi)$e^4r,ldp-k5YH-4T,3`bQ(N?bQ)/KrrUCE
-L&V)V4=1%-;#ni<rru=#bl<@sbl.PCF9'PXrrRlSbl.PB,s;,*!mCX,p&>,h!%#k]
-rr^Ik!2JEN!^H`4pm(pAdf0F,!!'dns8L5os8)`s!!&Xirr[`N!8kKi!87>O!'L#U
-!'L5\!82u(p\t9p!)*'P!9Mr7!al!n^&J0\!!">Err>pq!!">Drr>1\!!(7ArrV=m
--2dfE-):A;!6kEB!'L2Z!'L5\!6kEA!6kEB!/:FP!6kEB!/:FP!6kEB",6dTL&(cM
--&)6r!6kEB!6k??!/:CP!6i.V".oPnhq%f/!!%N%rs-;$!)`d?!!)mB"TU[bK`Hi&
-rrUCEL&V)U4=1%-4=0n)#)*&As+LHsrVlqQ!6k-9!egWurVlmE4T,3\bQ)/Hrr[rT
---Z#]"0j-PUYYqO5QE/+Q2p$prr_-Y!5IUp!FmGT!!4HDg#i;7U](2n,uNLu!Du_k
-rrLeMrZqPup&>#%rZqSBg#W/7!!&Xirr[`N!8kHh"(M<WZ1n8#YpBBIK)bQE!WW3n
-pQbg@gA_4^!'n6t"!mpI-3!oE4T5<\;>pLp4T5<\bkqDAk(P,\!!+D.r;Qc@rVup\
-r;QaZrVurBrVm#_,ldq!rr2uBrVuqPrr2uBrW!%Ss8RfN!!,3Wq>UH=rVuq?qu6YM
-rVurB^&J2,!!(p-rrN0#J)UD.^P2Oa#4j,es3(HhqLo':s+LH,q>UN?!/:FP"["+2
-s#_V)rs"/WPlHF;bl.PCK`K?irrRlSbl.PB,piKh!l"_hp\t>*!'Js,rr]"r-*c8*
-!^H`4pm(pAdf0F,!!'dqrrP:_4T:$:49-\Okl1Zn-2miE,uNP!!b23mr;R#T,pdYe
-;#k,#rs(Xd@tf"N-/%D[!WW4mW;csL!!(ogrrLg8p&>'Tb_#lfrrN0#9D=_PjkB_9
-?iWI*rrXPI!%%XE!'L5\!/:CO!-J2?!2KAi!V8GQ!!%`NrrC:B!!#.Zrr@cP!!&8]
-rrXPI!)`aq!6kEB!/:FP!6kEB",6dTPl:X`4MUam!6kHB"=4$J--Z;e!+Z!.!2I7-
-".oPnhq%f/!!%N-rrP:_^\[s6494's,s:u&!mCXdr;Qqqbl>leL&V)V4=1%-;#ni<
-rrus5bl<@sbl.PCK`K?irrRlSbl.PB4=0q*!egWLq#:CX!'KlQ"*=MhbhN.!5QE/+
-Q2p$prr_-Y!5I[r!gE[pr;Qh_!'KKF!B_[^rrhq'!!#.ZrrQ$t^]+67@fX:>rrRlS
-L&V)R^Aq-mrrN0#T;_blIfKK+K)_JC!WW3npQbg@gA_4^!'n6t"!mpI-3!oE4T5<\
-L&M#OL&M&UL&_1,PhH$8!-J2?!/:@N!6kEB!'L2Z!5JL5!BfuQrrfSQ!!">ErrC:B
-!!%`PrrC:B!!n;Ys5kU-!%!?trs.\?,lggBs'u$."XTrDs5m2W!!%_drr\kn!8lB-
-!WW4MiVrtD!'L/Y#Nd<Ys8OAkk5G;aUEt$^js;>Orrj\ps3(Isrr30b-3+"0!-J/=
-"skSqs+LHsrVlqQ!6k-9!egWurVlq@!2KMm!^%dkq>UM+!+YX#"/>iYo@j3G5QE/+
-Q2p$prr_-Y!5I[r!^$J,qu6^D-0G+)!87,H!TrPBrrG5.p&>$Fp&>$Fp&>3#,lhF$
-4T59]js<.grrUjR;>L4m;'l/?!@9&RrrN0#T;_blIfKK+K)_JC!WW3npQbg@gA_4^
-!'n6t"!mpI-3!oE4T5<\L&M#O^]"374TA:X!!">E4T,6[U\t,lbl.SB4T#-Y-2mlH
--"CF2qu?hos8U=B!!%`PrrC:B!!%`Prr?R-!!FT14=)<Q!!FVJs5kX+!<+;B!!%_d
-rr\kn!8lB-!WW4Mi;X`Y!'I%=s8SiV!/:IQPQ3i.s8U:h!5JR6@fU$<rsN<:L&]?s
-;?-7f4=1",![RiArr345!-J8@K`K?qrrRlSbk:u;K`K?qrs7a5--ZDh@fU$<rs/.L
-PlLcg!%%Kcrr34WL&_28,pfhnbhrF%5QE/+Q2p$prr_-Y!5I[r!`8rmqu6]Mbl.PG
-Yrj<4,uNh&rr@cO,n#G,bU!5h,piTk,uO[A#3KDA!$rqUrVm+";;"em!$ua]rrkMI
-Z2Z+4rVlqo!/:@N!@9&_rrFDljo5A^!2$4i"+L:Nhh(m#rrN0#9D=_PjkB_9?iWI*
-rrXPI!%%XE!)`^q!6kEA!6kEB!^-K[pAb1Uqu6Z?rVup\qu6Yko`,(Vs8U=B!!%`P
-rrC:B!!%`Orr>1T!!&enrrJl@p&G(i^&J2,!!(p-rrN0#J)C8-49,B\,m"&mFT)4E
-@fRf;4=(!&rVm'a!$s`R!+Z$."sj6qL&X7]rr35I,lf5R,lhHSrrRlSbl.PCK`K?i
-rrRlSbl%JFUEq3K,lg(+rrpUH4TGFYq#CC@rr3*I-3+"0p](<<i;WjD!%.K,!9MZ/
-"5a(Y^ZPP!YlH(lg%bRQUAuToKjt*/k5PB#;#i_4Kff?Fo7\J:Kn]R,,s;5-js:";
-KnVVhA,cK64=):NKleU@L%tZJ^]+66,s;/+!egWhr;Qd[-1h-<@fV5ErrN0#T;_bl
-IfKK+dJj70L&O18FMHc6!JQcorrKBhqYpQXre1@7p&>0WP_Fgdnc&WDo?[F<!!#[d
-Q2p%#rrQR.5e[1"@fQL+rr2tPrVurBr;QsI!!#.]juiG>!)`Um!6kEB!0m?[!M^t<
-!!c@`!!">Fs4RAO!5JO5!87>O!5JI3!JMir!!,3sr;QfA4So*],p`NkKt[KgT)\lK
-f)GdO!.Wl*!P`aU49:/uqu6i7F?D[-g&(dPUJX-NU](2sflU)ds-/68rreQK4Cc/)
-rrTrhoDS[j^P2:PrrTrhoDAOjfjd-,Pl1Obo7`G/s-3;4rr3+TL&_1fpk8_>i;WjD
-!%.K,!9MZ/"5a(Y^ZGJ#F<pne,uKohrVlu^,pi0^rs,;!;?-Zk!)`^p"["*ns#_V+
-rrsc3s8PprPl:Ue493.rs#^9krr3&D,pi3`!@9l,rrRlSbl%JB493V"rrh";,li&J
-rrN0#T;_blIfKK+df0BD,lmoj!WW41kPkVG;9]%>!@9kbrrUCj4T#-YU\lD<L%kTP
-F<po5,lf78o`"u&!6idh!WW3npQbg@gA_4^!'n3s!McFgrr_CG-$9%a"*>hObl7VC
-^LR4)!JT5%rrR9g;>:(tPYjP*FP6]oF?Hi-rrTHZU\t,nZ%\tKrs$5l@m"jtg%bRR
-fnE9cKp:`Q@thSq".oPnhq%f/!!%M#s1A:45QE/+Q2p$prr_-Y!5IUp%H_aY,ldok
-;=jhfPQ6sGrrtS3s8Pprbl.PF^P2^f4=0t+"XQ;2s!8uhrs-:=;?-YY-0G1+!@9&a
-rrFE.rVlqQ!6kB@!^$J,p\tDl4?Oo9UZMLW!!&Xirr[`N!8l9*"2=g^U]18q^H;L<
-kl1^<!6kHB!JQcqrr^Ik!'L2Z#ep@%k5XR+!5J@0#dF@l^]4=u!%%=<"(M<2bg6:j
-!!#[dQ2p%#rrQR.5_B#jrr\kn!8lB-!WW4MK)`I_!^H`4pm(pAdf0F,!!'dmrsIn`
-@jM+;s8PprFSpgr,ll0h,pi?d!B_\,rrj]2s3(I?qu6gG4TGFD-2dcD4=0Y"!@9l,
-rrRlSbl%JB493Utrr^Ik!5I[r!WW4mW;csL!!(p*rrQ[1U\t,njs;>;rrRlSbhN.#
-KdA#F4T,3\;#nB1rrV=/;>L4n4=0.grrR9BPkb7^ffT6\!6idh!WW3npQbg@gA_4^
-!%<I!LAq@J!!(p-rrN0#ItI^4rrPFc-MWl,jjO/2hZ*YkhZ!fO491WG4951'"3gck
--2@K@4=0t+"XQ;2bQ*@orrj\ps8P2-r;Qd[-1q3<,s;/+!egWur;Qd[-1_';UB"fd
-rrN0#T;_blIfKK+e,KJ3!6k??!b4@GrVm#8Ki*Q=qYpY^@q1c&rs4<U!-Eqds+Q^8
-rreQrA!H-Srs+dQs1`YQPih`?"]57^bU#CLrrFDlr;Qd[-2IQA;'l/?!mCXuq>UZP
-,pe8!!6idh!WW3npQbg@gA_4n!"ab^LAq=9!!(RL!WW4MK)`I_!^H`4pm(pAdf0F,
-!!'dsrrUk"A,?30^Aq.2493V#rrFDlq#:@W-2miI,s;4O!)`Xn"XQ;2s#_V*rrG5.
-o`"q<4T59]PQ6F8rrFDlq#:?Ir;QiB!'KED!WW4mW;csL!!(p*rrR9BA+fj&@fZKS
-!<?!qrt2L^!$rok--ZB8,lf5;bl8tOrr34u,lf5;!%"E>rs1_L@fRf$!%$=nrrlo-
-s8OB-rVlrC!)`[o!b25SoD\l6!0m<Z#0^T>s+LHsci4%H!)*'P!9Mr7"-3E^pO`F#
-rrREF(tJWf!!%M#s1A:45QE/+Q2p$prr_-Y!5I^s"6LmUoDAOlYlJnGK`IA8rs"_&
-s8P1]g&:pSUEu]84=0t+"XQ;2s!8uhrs$4<;?-YY-2dcD4=0Y"!@9l,rrUjR;>pLr
-js<.crrFDlr;Qhn!+Y0k!WW4mW;csL!!(p*rs&'@!$tL,g%t^cF9#hBs8QR/A,lSk
-,pfhrs03jrs8RcQbl7VZ,s;5-fd.rLs8Th[!5JR649-\Bs8QR/;=skh,s;/+!mCXu
-r;QhP!2K2d"7mfbk4S`UK`K?CrrN0#9D=_PjkB_:VZ6_KK)^W+!al!^ec,[N!.TV#
-]Dhpt!%.K,!9MZ/"5a(Y^ZPOu;#i`@rVm,b493.rf`4/5rs-ao-3+"?!+Z!-"]59Q
-s#_V+rrsc3s8PprU](2s;#mBks#_V*rrG5.o`"q<4T,3\4=/5NrrQ[1U\Xok;#ljZ
-rrP:_^ZPOt!!&Xirr[`N!8l6)!p3u=rW!!GA&&!B!@9&irru=Hk5TN'Pl:Ud@jTh.
-K`K?rrrsc3s8QR/U](2t^Aq.2s#^:drVlmE-1q3<,s;/+!mCXur;QhP!/:(F!^$I:
-o`"uH!6idh!WW3npQbg@gA_8q!!&@;s+gUU(][+WrrN0#ItI^4rrPFc-MWl,jjO/2
-hZ*Ykjo5WL!$sa]Ki',rA,cK6F9"Fub`jCRU]19549/m+^LI7Rs8Ppr;0;j<,s;5-
-fd-W?beI!T;?$Rr4=0q*!B_\#rrFE.r;R#,!%"Da@fSXirs_gObl@^r,liYCUHANd
-jo5A^!2$4i"+L:Nhp;<1ULPSr!!%`Qs1\PUr;QtT!0mLG-0G%'!egWurr3-J4TGF-
--2[]G,piTk4=0q*!B_\#rrFE.rVlrC!/:@N!egW.p&>(U!+YX#!egWuci4%H!)*'P
-!9Mr7"8<?,5_B#lrr^"9!/K,)!WW4MK)`I_!^H`4pm(pAdf0F,!!'dprrHUUrW!!G
-4JViS!JMj!!!+C@r;Qq1,ldokFT2:Ffd-VEk5Q`)rr32U;'c2B-&)<t!Dt0@rrGtC
-o`"q<;>^@sYpBAM,uOU?!`:8frr32H4='t--&(F[!WW4mW;csL!!(p#rs.\?!!'e6
-K`Lrq"9=/U,pi?d!egWurr3-J4TGF-4T#-^494(74=0q*!B_\#rrFE.rVlrC!/:@N
-!egWLp\t?K49/m^rrRlSbg6:j!!#[dQ2p%"rrZX/!9\t6M>mZk!!(p,rrN0#ItI^4
-rrPFc-MWl,jjO/2hZ*Ykir9,6bfo5ErrUltg%bRJbfoq`!87,H!p7_Ng]%?!bi\Ns
-!p7_Nir9&[!2$4i"+L:Nhp_T+Pe[(p#)*&!s+LGMqLo$ds!8udrrRlSbl7VG,s;5-
-,s;))"Zue<s#_V*rrG5.o`"q<4T59]bQ)/NrrR9BbkV2?bU!7Cnc&ZE!6idh!WW3n
-pQbg@g&D/`!!&(3s,-gYpD<lieGfRM!.TV#]Dhpt!%.K,!9MZ/"5a(Y^OlL<rrN0#
-T;_blIfKK+eGfTo!'L,X#0['Es.]R9q#:@W-2dcIk+hPJK`K?rrrj]2s8OAkqu6gG
--3+!--2dcD4=0Y"!@9l+rrFE.r;Qg\-0G%'"0j-uU[\9bK`K?CrrN0#9D=_Pjk9Y:
-pFlRapO`F'rr\;^!2n?H!WW4MK)`I_!^H`4pm(pAdf0F,!!'ccs4I>Q!!&Xirr[`N
-!8l9*![RiAqu6kB!0mNG,piKh#%Jsas'l&(rVm(D!2KRJ!6kHB"slD3s%rd$rVm):
-!'L;]4=0q*!B_\#rrFE.r;Qg\-0G4,!qR^#q>UQM,pge(rrRlSbg6:j!!#[dQ2p%!
-rr]G)!0;a3N;j"S(]Z8=rrN0#ItI^4rrPFc-MWl,jjO/2hZ*YkK)aL'!WW4mW;csL
-!!(p*rsGM$!+X7Qs4Ll^-3!oG@fU$<rt;(,-3+#-,pge8s3)c8s8RcQFT2:P,s;5-
-^AoS(s8V4D!3uS(4=0q*!B_\#rrFE.r;R%t!'KlQo/m#Jrr34fL%G?E490L#bQ[V<
-s7:r/qYpVN!6idh!WW3npQbg@fDbq,!"db6s,I$\BE/%9e,KIL!.TV#]Dhpt!%.K,
-!9MZ/"5a(Y^OlL<rrN0#T;_blIfKK+df0WK,ldok,ldp-bl.PH49-Zi,lf78rr3S*
-,pbZ9,pge8s1\O6--ZB84T>?cUEq3K4=);-rr3!]-2dcD4=0Y"!@9l*rrus5,s3IR
-A,ZE1493V*g%YONL&_1s!'L,X!egWuci4%H!)*'P!9Mi4"Le@2+Qn@VO8f<;!!#:4
-rrN0#ItI^4rrPFc-MWl,jjO/2hZ*YkK)aL'!WW4mW;csL!!(p(rs%VM;*6sNU\auo
-ULQDKPihoD"m0nh4ET`ars#`<A&&%tPl:Uck&`^JFQWQ%!L/<9rrJ@<o`"rGPktC_
-Yu*V\U\t,pP_J`/oD""C^]4?*Kp;H6!l'H\ci4%H!)*'P!9Mf3"HNN_3;8%)OoGQf
-!!"/1df0@K!.TV#]Dhpt!%.K,!9MZ/"5a(Y^OlL<rrN0#T;_blIfKK+K)_JC!WW3n
-pQbg@ec,bc!!"_1K)_&7"HNN_&D,>0!WW4MK)`I_!^H`4pm(pAdf0F,!!'ccs4I>Q
-!!&Xirr[`N!8iD.TDnrm!)*'P!9Mc2"ntOf!#X%6s-<TeBE/#<\'Y-V!!%M#s1A:4
-5QE/+Q2p$prr_-Y!5F-cf`)!Q!2$4i"+L:Nhh(m#rrN0#9D=_PjjX50E;fh<@,HS9
-RK!G_+92Bacd2Um!!%M#s1A:45QE/+Q2p$prr_-Y!5F-cf`)!Q!2$4i"+L:Nhh(m#
-rrN0#9D=_PjjO//Qi6sd#\^Dns.95lhiBJj!!,(BcMmqG!$HkY]0HE/!%.K,!9MZ/
-"5a(Y^OlL<rrN0#T;_blIfKK+K)_JC!WW3npQbg@dJj7);#L@q&7C9F^SJUGQ[^^f
-!!*q'bl7YKJcN7[!%.K,!9MZ/"5a(Y^OlL<rrN0#T;_blIfKK+K)_JC!WW3npQbg@
-ci4$l:kA\9!!4!upWNR:QhE[r-Gh)0BD@bmjjO/2hZ*YkK)aL'!WW4mW;csL!!(o.
-s.B;m!!#[dQ2p$krrVAM5_9!/!!4!N^V'SuQFN4\jjO/2hZ*YkK)aL'!WW4mW;csL
-!!(o.s.B;m!!#[dQ2p$frrCZ&^SS[FpUL6TQFN4\jjO/2k5YLSK)aO("5a(YT;_bl
-IfKK+K)_JC!WW3npQbg@K)^H&T`9V0\<[-VdJj7J!.TV#g&D0+!!'L,rr[`N!8iD.
-TDnrm!)*'P!9Jh4K)_MDJsNp4!9MW.![%IkK)aO("+L:Nc`$jGIfKK+K)_JC!WW3n
-pQbg@K)^H&T`9V0\<[-VdJj;n!!'ccs4dPUpD<lQVuHjK!!(o.s.B;m!!#[dQ2p#u
-s+:9Ds+6QHQ2p$orrgpZ!$L`^s4mVVBE/%)VuHjK!!(o.s.B;m!!#[dQ2p#us+:9D
-s+6QHQ2p$nrr\Sf!*FjQh>[Sd!!#Qerr[`N!2kF`T>(F-!)*'P!9Jh4K)_MDJsNp4
-!9MQ,"@)qe37ic^iVs)UGQ7^TkGJ7ZIt@Zh!!#[dQ2p#us+:9Ds+6QHQ2p$mrs%@/
-!!!:<f7O%ars%YI+92BQ\#'*)^OcHS!!$L&Q2p#us+:9&s+:9FrrMk=JcOU,!D)CK
-rrC[E^AtZnE2[^UHM3X)jb!Mas+:9&s.KAma%1d^i;`lqT9]EVnq*0tQ2p#us+:9&
-s+:9BrrM;t]70fVr;Zh9Z@;nYa-6N'nq*0tQ2p#us+:9&s+:9&s4.,LTD\`ihh(mE
-rrDVAQCO6@jb!Mas+:9&s+::$rrA\i!!(o.s2"^8nq*0tQ2p#us+:9&s+:9&s4.,L
-TD\`ihh(mErrDVAQCO6@jb!Mas+:9&s+::$rrA\i!!(o.s2"^8nq*0tQ2p#us+:9&
-s+:9&s4.,LTD\`ihh(mErrDVAQCO6@jb!Mas+:9&s+::$rrA\i!!(o.s2"^8nq*0t
-Q2p#us+:9&s+:9&s4.,LTD\`ihh(mErrDVAQCO6@jb!Mas+:9&s+::$rrA\i!!(o.
-s2"^8nq*0tQ2p#us+:9&s+:9&s4.,LTD\`ihh(mErrDVAQCO6@jb!Mas+:9&s+::$
-rrA\i!!(o.s2"^8nq*0tQ2p#us+:9&s+:9&s4.,LTD\`ihh(mErrDtKjdbE4pk&Nt
-s+:9&s+::$rrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&
-s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9Q
-rrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i
-!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.
-s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&
-s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&
-s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&
-s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9Q
-rrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i
-!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.s+:9&s+:9&s+:9&s+:9QrrA\i!!(o.
-s+:9&s+:9&s+:9&s+:9XrrC+:rrA\i!!(pSrrMT?K)^H&K)^H&K)^H&K)^H&]Dhto
-(hhP#rrA\i!!(pUrr]H,#g\,&K)^H&K)^H&K)^H&K)`I_#PT&8!%;N1?Msj.G(3U2
-!!#iIs+:9&s+:9&s+:9&s+:9]rrA,M!!(>ss+:9&s+:9&s+:9&s+:9]rrMj2o)Jbe
-K)^H&K)^H&K)^H&K)^H&\,QGho)Jd:K)^H&K)^H&K)^H&K)^H&\,QL')"dk/:kJ_!
-s+:9&s+:9&s+:9&s0_k,O7`JQc[u1Ks+:9&s+:9&s+:9&s0_k-pDEW)!)S:IK)^H&
-K)^H&K)^H&K)`1W!0?jS!7-8sK)^H&K)^H&K)^H&K)`1W!V[H,!!#iIs+:9&s+:9&
-s+:9&s+:9UrrA,U!!(>ss+:9&s+:9&s+:9&s+:9UrrMj2qZ$UmK)^H&K)^H&K)^H&
-K)^H&YQ"T`qZ$WBK)^H&K)^H&K)^H&K)^H&YQ"Xt)#XF7:kJ_!s+:9&s+:9&s+:9&
-s/l;$O8T%Yc[u1Ks+:9&s+:9&s+:9&s/l;(pD<l1:kJ_!s+:9&s+:9&s+:9&s/Z/%
-NrT1+K)^H&K)^H&K)^H&K)^H&X8`7q(f5haK)^H&K)^H&K)^H&K)_hM!KYQYs+:9&
-s+:9&s+:9&s+:9&s+:9&s+:9&s+:9&s+:9ds+8"U^AuT3s+:9&s+:9&s+:93rr>$1
-!1NrgBS-89s+:9&s+:9&s,m<]hgtis!!"-ns+:9&s+:9&s+:95rr_-Y!-j+1T>(Fu
-!$HmnK)^H&K)^H&K)^u5"5a(YT7[*8rrQR.+G0WFs+:9&s+:9&s,m<`hZ*YKK)_JC
-!al!NK)^H&K)^H&K)^H&OoGO@!!&XCs.B;m?iV=$s+:9&s+:9&s+:95rr_-Y!2"lC
-TDnt#!$HmnK)^H&K)^H&K)^u5"5a(YT7[*8rrQR.+G0WFs+:9&s+:9&s,m<`hZ*YK
-K)_JC!al!NK)^H&K)^H&K)^H&OoGO@!!&XCs.B;m?iV=$s+:9&s+:9&s+:95rr_-Y
-!2"lCTDnt#!$HmnK)^H&K)^H&K)^u5"5a(YT7[*8rrQR.+G0WFs+:9&s+:9&s,m<`
-hZ*YKK)_JC!al!NK)^H&K)^H&K)^H&OoGO@!!&XCs.B;m?iUu:YlN%#s+:9&s+:9&
-s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm
-^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XC
-s.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&
-K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfn
-K)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lC
-TDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&
-s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXN
-s+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8
-rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YK[Jp8lUTjb!UQiUp!al!ApQbfnK)^H&
-K)^H&K)^H&SGr]K!!&YVrr[s;L$$e_"$?P`FOC*hYrqq1!Frn1rrZa2!'J-u!al!A
-pQbfnK)^H&K)^H&K)^H&SGr]K!!&YWrr@cP!!4HVk0s>4,ldp-dJj1mq#CFmk3`0N
-49,@-r;QkQ,pf>0rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKli-rIqu?dE;5;\A
-"!mpI4OX60bkD)<--YfW"$?P`-2miDg&:sO--Q;i?iUl7Q2nXNs+:9&s+:9&s+:9@
-rr_-Y!2&TW!'L&W!@<HOrrXPI!'J^0!6kEB"!p&l-2dfE-1gU*"$?P`-2miDbl.SC
--0EGO!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&YWrr>1U!!,3sg&D.#!!#.0rrC:B
-!!%`PrrJl@xxxxxx,EJP!!">CrrZ*u!+X4P!al!ApQbfnK)^H&K)^H&K)^H&SGr]K
-!!&YWrrtRc!%"mI-2RZBL"cP/,ldp-df0<^rVuqPrVm#E,ldokn,EJP!!">BrrLg+
-b5VNN!#,*m!5='bK)^H&K)^H&K)_A@"5a(YTBlL_49,@-s8V4k-2[`CA*X'pbh;Xg
-"!mpI4OX60L&M&PPl1O`49,@-n,EJP!!"=^rrQR.'DIdm^4QB:s+:9&s+:9&s.')k
-hZ*YKli.&L!!">CrrI3fr;Zh>q#:?/re1BJk55/a;#gU$s5q(M^\[s4,ldp-q>UQ@
-P_HmLrrV>:^\Ig1UP7k%rr@cP!!(7@rrY@`!%%LA"3cIQbkh>A49,@-r;QhnKsCLS
-"m0nh4Cb/arrTrhk4nrWPa(J5!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&YWrrY@`
-!%%OB!R*\)!!';$rrJ?1qu?dE;;(sK!87>O!^'=+rVusFFSu.@,ldp-qu6\N-2dfE
--&)?u"Qh!1!5JC1"-`cc-1h-:L&M&Pbl.PEfd-Uu-2miFo4'*F!!,3er;Qj]!!">D
-rrB>'!!(^MrrJl@qu@!KL&_1X!!">:qYpY-!!#m^rrQR.'DIdm^4QB:s+:9&s+:9&
-s.')khZ*YKli.&L!!">@rr>1\!!#.Zrr?R(!!FV1s8U=:!!$O-rrXPI!'L2Z!'L&W
-"*FSCPl:X_4So'X-2mlEbk1o8L&M&Pbl7VCbU*5g!/:FP!R)kc!!';&rrY@`!%%UD
-!/:CP!/:CO!2K;h!d+H>rVuq.qu6Z2rVupEli.#o!#,*m!5='bK)^H&K)^H&K)_A@
-"5a(YTBlLZ49,@-q>UKX-2mlEU]18nPl1U]-2dfGFT;Bbo`,!,rr3'H!!#.[rr?R'
-!!C"9jsC!,!-J/=!/:CP!'KlQ!+Z!."Ja2*;'l2A!%%UD!'L#V!%%UD"$?P`-2miD
-L&M&PU]18ofd6Ut![TrTrW!!^s.fMm!3uJ%!)`^q!+Y?p!al!ApQbfnK)^H&K)^H&
-K)^H&SGr]K!!&YWrrY@`!%%F?!/:CP!'L8\!%%UE!/:FP!-J2?"$HV`bkqGC4GAK!
-rVupqrr3'H!!#.\rrAhm!!?)n^HDJq"&]*uL&M&Q-/&7s!%%UE!2K/c!'KuU!@>M[
-rr?R-!!?`GUF#m>!0mK_"$?P`-2miDL&M&Pbl7VB;>pOqA,cK4YpC]ks8Psq!!#.[
-rrBh5!!+D.li.#o!#,*m!5='bK)^H&K)^H&K)_A@"5a(YTBlLZ49,@-q#:T],ldok
-s8S>_!!IEDs1_G0!!AJcs31EA!/:CO"!mpI-3!oH,ldp-rr2s\rVuq.rr3,m,ldok
-rr2s\rVupqrr2tPrVupEo)A\Pp](=Wbl.PA-2mlEPlC[_^]"354T>?_49,@-rVljp
-rW!&Es8Tk5!!#.UrrLe!rVuqPrr2sqrVupqlMgon!#,*m!5='bK)^H&K)^H&K)_A@
-"5a(YTBlLZ49,@-p\tXJ!!">Fs#^8]-1dloqu?^ZrVlsG!!#.Zrr>1\!"R6Qs!7XF
-4TGHD,ldokoDS[hA,ZH1bl@^<r;Zr7s8ODE!!%`Drr>1Y!!4H/Pl1O]U](5n4T,3]
-,ldokrr3'_!!">Drr>1\!!CIFs&&aq!5J7-!+Z!."""!I^\n-4^Zth#?iUl7Q2nXN
-s+:9&s+:9&s+:9@rr_-Y!2&TW"$?P`-27EH,ldoks8OAF!$rrh!!+C"r;QjF!!">C
-rr@cP!"$mLs!7XF4TGH*rVup\r;QbNrVurBrr2sqrW!!^s-3K_!%%18"$?P`-2u*g
-k5,)XL&M&PL&CrQ49,@-rr3'_!!">Drr>1\!!^[Is!7XF-2%9=o-OA9!d+H>rVupq
-l2Lfm!#,*m!5='bK)^H&K)^H&K)_A@"5a(YTBlLZ49,@-q#:T],ldoks8ODA!!+C"
-qYpXD!!">Crr@cP!"$mLs!7XF4TGG8rVuqPr;QbNrVurBrr2u5r;Zkn4T5<\L%50F
-,ldp-pAY+TrVurBr;Qj]!!">ErrY@`!%%UD!'L5\!mL\grVuq?o`"oFrW!!G^ErjZ
-!5Idu!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&YWrrY@`!%%F?!/:CP"&]*u-2[`D
-4JV]O"!mpI-2dcCFT)7Hbl@\h!!#.]s.fPn!/:@N!/:CP!6kEA!+Z!.!%%UE!%%.7
-"!mpI4SJdTA,ZH.bl%JC49,@-rr3'_!!">Drr>1\!!:CEbl.SBL%G<E4T5<\-2mlE
-;<\#]?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2&TW"!mpI-2IQAbU*5g"/Gnr-2mlF
-;8;i)"!mpI-2dcC-2mlNg&M'u!!#.]s31HB!'L2Z"$?P`-2dcDjsBm)!/9qB"!mpI
-4SJdTL&M&PFT)4Bjs:!-4T>?_49,@-rVlj[rW!#Ds4RAO!+YX#!2KAj!5Iat!al!A
-pQbfnK)^H&K)^H&K)^H&SGr]K!!&YWrrXPI!%%LA!R)kh!!#.\rr>pq!!%-<rs<cn
--0G7-,ldokrVlk^rVupErr3'H!!#.\rr=AE!!&enrr?R.!!#mnrr?R,!!">6rrXPI
-!'KuT!87>O"XVCms78AP!!&8_rrY@`!%%UD!'L5\#L*5J,ldok^]"07k$pNKqu6XY
-qu?^okPkTk!#,*m!5='bK)^H&K)^H&K)_A@"5a(YTBlLW-2mlFA&&#e!i'6Or;Zi4
-rr2u5r;[!I;2']d-2mlHPlLb0rW!$H4?Oqg!!%`PrrXPI!'L8\!/:@O!^&Rkr;Zi4
-qu6]Z-2dfDFRT53,ldp-p&>"hrW!$H4?Oqh!!">DrrY@`!%%UD!'L5\"3gfFL&CuV
-;2'^6,ldokqu6Z$qu?`3kPkTk!#,*m!5='bK)^H&K)^H&K)_A@"5a(YTBlLW-1_*:
-U\t,lA+fm*-0G7--2.B>4T59^,ldp-rVlj[p](;9q>UG:rVusFk3r<P,ldp-p&>'G
--27H?Z2O\)49,@-rVlj[rVurBrr2s\pAb1>qYpOXrVup\k5PKj!#,*m!5='bK)^H&
-K)^H&K)_A@"5a(YTBlLWFS,V7-):>:!L+o+!!,48rr2sEp](:Vr;QjF!!$O-rrM7E
-q>^M*q#:=krVuq.mf*Ad!!$O$rrKk\qZ$XCU\t,o49,@DrVm"S!!">-rVljpq#CFm
-g%t^K-2mlEUZVRX?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2&QV!l&4kq>^RC;;(^D
-#F&(J,pbZq^\n*3-2moC,lp,mqu6bn4Ak8<rr@cO,lplXq#:N[,ldokk3`0LKn]*t
-!Tmnj,lqN<qu6cB4?UCVrrRmOZ2=P%UJ^t9!Frn?rrAhn!!#.CrrQR.'DIdm^4QB:
-s+:9&s+:9&s.')khZ*YKkPkb$Ki'sdKtlgN"!mpI-/8G"A,ZH.A%2I<k4\fT4T5<\
-UZMLW?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%:2"!mpI-/8G"-2mlE^T@G8^]"35
--05(-?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%:2"!mpI-/AM#Pl:X_4KJJ^;>pOq
-FQEH'?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%:2"!mpI-/AM#4T5<\UTFJ!js:!-
--0F:g!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y2rrXPI!%$J$!87>O!%"]G!0mH_
-!'K<A!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y2rrXPI!%$J$!0mH_!+W)0!)`^q
-!2JTS!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y2rrZ*u!+Xjb"Qh!1!5GT7"0hh+
--0"q+?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%71!L/i'rrV>:^T%57^P1h0rrQR.
-'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K
-!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&
-K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!A
-pQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y
-!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&
-s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y;rr^rubiXNW
-ec,\Y!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT@*Z>KdH]u![Tt6k5PJE^]+66;'k&u
-!l$&*qu6YMrZqSBg%PFHUHJN%!E%PErrLeMrZqPSci4&S!#,*m!5='bK)^H&K)^H&
-K)_A@"5a(YT@3`G@fRfsKnWAM!0l^I!nelRrr3!r-/SY(bU!85r;R"3!)\Gl,ph7>
-rs4;Y-$4iN!%$=ors.4'-$4iN!'JX.!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y?
-rr^pS4S/OO"3`&;k3;mIbQ*@NrrfSQ!!(7ArrTq8;?$RsbU$-^rr_C04S/RP!i#`m
-q>ULn!5JO5!egW=dJj8U!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT@<fAK`Hi(rrQ[1
-U\k&kk4\fTbl%JBbQ*@irrCaGrrC:8rrlm4-"?r!rVlq/!5JL4!`8sNqYpV]!/:@N
-!@9&grrVd<4T59]bQ'cQrrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKe,KK6!+Yp+
-!qXY-rVlk-r?VH.r;R>];'c2g;;(tH,lf5;L&Y!rrVm(s4='tR;<IlX#DFJq@jM+$
-;>:(pbU$cjK`K?qrrFDlr;QhP!0m?[!qX1Ar;QdD-1h-<^Aq-YrrQR.'DIdm^4QB:
-s+:9&s+:9&s.')khZ*YKe,KR5,lhGip\tI\!+U_:490L&rt3!l-$4i_,ph6/F9#0l
-^]-DBrr3XR!%!>Q@xxxxxxxx!4?S=O49/7Rrs&)Ws8RcQbl.PB,s;,*!mCXuoD\m,
-!'KoR"6M]G^X<&_?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%^>#GWRF!$sa]g&1jO
-@fV5]rs(Xdg&M(7!5JO5#,;0.s3(Isrr33c-3+"u!'KlPrs,;!;?-ZM!'L5[![T/T
-p&>)I!6kEA!@9l+rrUCE4S/RS492Y[rreQK,pf>5rrQR.'DIdm^4QB:s+:9&s+:9&
-s.')khZ*YKd/O034=0t,!BeU*rrFDlr;Qu9!-J7o!'L2Z"bj5]bQ*@rrrtS3s8R0@
-U\t,r494(7K`InHrrQ$tbk:u;K`K?qrrFE.r;QiB!'KoR!^$Hmp&>2*4?NU+bgHFl
-?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%O9$,:R.!%$=uf`3>rKa)W!4TD/VL&(`M
-bQ*@rrrtS3s8P1]g&1jSF9')UK`K?qrrRlSbk:u;K`K?qrrFE.r;QiB!'KuT"7nVT
-A+BR#UAuUfrrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKb5VZU!)`d?!!)jA"B#2Q
-!/:7K!mCXurr3-a-3+!--2[]HK`Hi,K`K?qrrRlSbk:u;K`K?qrrFE.r;QiB!/:1I
-"3`%kA+0F!@fW:PrrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKe,KG24Sf!\,piT8
-!'L&V!i#aLq>UN?!/:FP#!=43s#^;7r;QtT!5JPf!6kEA!egWup&>)I!6kEA!@9&i
-rrSDbL%tZMYpBCFo`"p_r;QhP!/8l$!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&Y?
-rrOJH^\e$8o-HO!s!8uhrs%VMg&K7r;>gFt4Al.&!/:FP#!=43s)\79r;Qs`!87C+
-!6kEA!egWup&>)I!6kEA!`8sNrVlq/!6k9="3`&;Z1\+ubU$-arrQ[1UXK/D?iUl7
-Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%a?",-_$^\n*:@fV5_s%rc\rVm+4!/:IQ4=/5N
-rs$4<;?+i?FT2:E4=1%-^ApCprs-:=4TGG8!6kEA!egWup&>)I!6kEA!i#a*rr3&D
-,s;#'"7mfbbk(i9,pge7rrUCj-.2_o?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2%^>
-$"Er84EQ9e,lg(,rs7a5!+X6f@fSXjrt2L9-'ZW<,ph7Ef`3=?Z2Zp4rr3F;!'I%#
-KdA%[s8RcQbl.PCK`K?irrRlSbl%JG49/m8UEooFrr35I,uO^BF9!Wa49/7XrrFDl
-rr38!!%"DaPU-=)dJj8U!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT@*Z?KdA&E!!+C"
-r;QuS;'c2B,uOU?!O4cd!!,4+rr314,lhHT;'l2@#)+?'!$tLqrr3%R--Z>f!ehrE
-p&>)I--Z8d"_/hY!%"E=rrpUm;?-Ynpa,q>!@9&jrrJl@rVus]Z-`LP?iUl7Q2nXN
-s+:9&s+:9&s+:9@rr_-Y!2%U;"6RhOg%YLIbfok^!nkfNqYpQKp\t<=bi[^\!p7_N
-iVru4bh:;A!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&
-s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.
-'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K
-!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&
-K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!A
-pQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y
-!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&
-s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7
-Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(Y
-T7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&
-K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m
-!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YK
-K)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XCs.B;m?iUl7Q2nXNs+:9&s+:9&
-s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&K)_A@"5a(YT7[*8rrQR.'DIdm
-^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfnK)^H&K)^H&K)^H&SGr]K!!&XC
-s.B;m?iUl7Q2nXNs+:9&s+:9&s+:9@rr_-Y!2"lCTDnt#!#,*m!5='bK)^H&K)^H&
-K)_A@"5a(YT7[*8rrQR.'DIdm^4QB:s+:9&s+:9&s.')khZ*YKK)_JC!al!ApQbfn
-K)^H&K)^H&K)^H&SGr]K!!%7q^Rr7B8,s=tQ2nXNs+:9&s+:9&s+:9@rrCr.!1Elf
-'DIdm^4QB:s+:9&s+:9&s-s#g."VGg!!"\HQ2nXNs+:9&s+:9&s+:9?rrDfd^Aru%
-E!0#@!"rnaDua@LDub%SQ2nXNs+:9&s+:9&s+:92rrB=<Q2hp(!!#g:Q32(9!%O_/
-!5='bK)^H&K)^H&K)^l2!3s8(r;Zgjad)oHrVuq2UQtnoK)^H&K)^H&K)^H&NrK*a
-^6\]t!)(G"r;ZgjUQtnoK)^H&K)^H&K)^H&NrK*a^6\]t!)(G"r;ZgjUQtnoK)^H&
-K)^H&K)^H&NrK*a^6\]t!)(G"r;ZgjUQtnoK)^H&K)^H&K)^H&NrK*a^6\]t!)(G"
-r;ZgjUQtnoK)^H&K)^H&K)^H&NrK*a^6\]t!)(G"r;ZgjUQtnoK)^H&K)^H&K)^H&
-NrK*a^6\]t!)(G"r;ZgjUQtnoK)^H&K)^H&K)^H&NrK*a^6\]t!)(G"r;ZgjUQtno
-K)^H&K)^H&K)^H&NrK*a^6\]t!)(G"r;ZgjUQtnoK)^H&K)^H&K)^H&NrK+F^?,:n
-!-63Cr;Zh<UZDLDK)^H&K)^H&K)^H&K)`smr;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&
-K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&
-K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&
-K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#
-K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>
-!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhI
-aoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8
-r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&
-K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&
-K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&K)^H&K)^H&K)b*8r;ZhIaoD;>!.TV#K)^H&
-K)^H&K)^H&W;cn9Xi8'R!!%Mjs8;otItI]Ps+:9&s+:9&s+:9Mrr=dg!!%5bs8;ot
-?cBb[Y(H\*s+:9&s+:9&s+::6rrBsN!!#C.s1\O7"Ik#CK)^H&K)^H&K)^H&l2LaF
-^&S.0aoB'T!#^CgK)^H&K)^H&K)^H&l2LaU^An9Kn&bS0$,6H?$A/;0s+:9&s+:9&
-s+::8rrA\i!!&q9^AuEsrrI?F^]4?NK)^H&K)^H&K)^H&K)b*8!2'2i!8iY5!Ul`$
-^Aph(!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&
-s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-n
-s+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`i
-hh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&
-s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+
-!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`
-TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&
-s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mN
-rr?I+!!"-ns+:9&s+:9&s+:9&s69O`TD\`ihh(mNrr?I+!!"-ns+:9&s+:9&s+:9Z
-rrC[9^B"#RrrA\i!!(oAs6@?!a3Xbc@/^-++G0WFs+:9&s+:9&s1/.1Va0DF!D)D#
-rrA\i!!(oErrVqM.-LX4#^H*lrr?I+!!"-ns+:9&s+:9&s+:9_rrM:Rj8]3'n'V.8
-TD\`ihjXQGa!g!K!*I\L!+>d+!$HmnK)^H&K)^H&K)`L`#,`"4!"`PAlG!F/!!$uc
-rrA\i!!(oGrr@<C!!+L/lG!J*-ia7Ve,KDUrVup@K)^H&NW0&i;<EK1K)^H&[JpEV
-#QOj4n)s]P5QDqSrrA\i!!(oHrreYg!!nACrr_Ei!-$Ee!+>d+!$HmnK)aX+!b4@-
-p&>)g4L)m*"(M<2;?$Rqbk(i8g#dndK)^H&b5VV=0E;Bfjo5F<!!)K9rrA\i!!(oI
-rrh3b!%?I\rrP.[8CRS=@/^-++G0WFs5!\W@fQKTpAY9K,ldqua8Z.SrW!-bs5kU-
---Z)_"(M<WZ%E"-s+:9orr[`N!/KY8"1J71T@3`>TD\`ihjscL5QCf)jSo<q!!qK3
-rr?I+!!"-ns+::,rrY@`!%%@=!+Z!.!6iL`!+Z!.!i,dLrVusFZ2">!A,ZH.4G*Tb
-s+:9prr_]q!''$="SW`5!-$D:!)NOn!,oDt!f+P2l2Ljp!!%9(rr]_1!#X48!&4BP
-!"cSg!gg[RK)_qP"$?P`-2.?@,ldok`r?5h!!">Fs1eL4!@?Fqrr@0>!!%_)s+:9&
-s31KFT)\khir9"fJcPcM!Z5nFm/I/q!!)3Arr?_a!<)s!.%c+kY5\Sd!!">=rrXPI
-!%#\c!0mH_!/:FP!2KJm!'L/Y!3uJ&!+UW\K)^H&bPqZh!!r>XrrL/2JcPcM!>rlE
-rrP.[5iDYCT.kisrVusikCW`<rrY@`!%%C>!6kEB!%#\c"$?P`-2dcCU\t/mA,ZE.
-jsC!,!'Gl5K)^H&b5VNF!&0$)hu<bmO!su-!-mr3!Z1oVK)ad/#OfEW(]XOI[t=Xb
-rrY@`!%%C>!6kEB!'KZK!R06RrrBh5!!$O+rr?R-!!%`Prr>1\!!+D.m/I+>fn06U
-s+::0rrPFc5_B$krre)_!!&ASrrN0#ItI^Vrrqk!!!!;^K)`Rb!Mac7491*6rrY@`
-!%%C>!6kEB"[)hbk(USFrsb`Wk5YHY!!';(k.cVbpAY--re1BJk4S`S;>pOq^\[s1
-4T,6]U]4j&!!';!rrCaOK`RFkqu7"F!!%`Qk&`^34JRN.K)^H&l2LfM!'l/9g]%E.
-+92])nG`Oi!.TV#g]%AZ!!#99s1nX8UF#^9!2KPn"$?P`-27E>bl.SH4TFOi!!'e1
-rrnVe!%%ZurW!!^;'l2A!@;jarrJ?1qu?dE;;(aE!5JL5!)`Rl!V7W:!!+C"r;Zh-
-q>UK14So*Z4L+kb"XO-K-)2da!!%+ms+:9&s6BUc5QF'$s4[JT^An7!nG`Oi!.TV#
-gA_8"!!&@;s2+d9Z1e4uL&V)S,ldokq>UNYbbP.;!^-LIrVup\qYpOArVuuCbk;#:
-A,Q?,A,$$)-0G%'!)`^q!5J=/!R)kd!!#.WrrAhg!!';'rr=A>!!+D.K)^H&K)b0:
-!^H`NK)aO(")%Z7fCAkB!!%M#s4[JTpF$"aK)`^f!'L5\#:2KBF<pnePlC[h,ldp-
-s8UceKfo>\qu?g]s5kX,!!%-=rr@cP!!5:_bk1r9^]+65Pl1U]-2dfDFSc";Z2O_'
-;>1"iZ24M%-/&.p!SJdu!<"5C!!#.\rr=AB!!+AlrVuq_K)^H&K)b0:!^H`NK)aO(
-"5a(YJ+<O?!!%M#s4RDSLB%=pK)`ag"=4$J-1h-9!p2U-rVm$I!!"<--1q6?;?-ZM
-rVusFg&:pN-2mlGU]8R9!!>?;Kk()^!)`aq!%%UE!/:FP!-J2?!'L,X!'L5\!5J4,
-!/:=N!3uA"!)`^q#\3#ss03jM!%%XE!%%OC#!DMK,ldpeK)^H&K)b0:!^H`NK)aL'
-!\aU>nc&Xj!.TV#g&D0C!!&@;s24j:4T5<];;(aE!%%+7!/:FP!'L5\!)`aq!/:CP
-"""!Ibl%MAL&M#U,ldoks8S>_!!IEDs1_G0!!&8\rrAhn!!$O$rr>1[!!+CiqYpQK
-rW!*as8V4k-2mlE;?$Rq-2dfD4T>?_,ldp-K)^H&K)b0:!^H`NK)aL'!al!Vnc&Xj
-!.TV#f`)!a!.TV#_uB_Ar;ZmF;8;u-!%%F@"XPHWFG4i9!!%`PrrAhm!!C"9s!@XE
-!/:FP"!mpI4T,3Z4T5<dbl9d*!%%634T#0Z4So'\,ldokk4S`S4So*Y4So'XL&M&S
-Z+j-^r;ZjEg&D!O-2dfD^]+68,ldp-K)^H&K)b0:!^H`NK)aL'!al!Nnc&Xj!.TV#
-f`)!q!.TV#_Z'V2qZ$Xok5>5Z-2mlI,s5\%bl%J@xxxxxx&M#O;>pOs4TCZF!!">D
-rrXPI!%%RC!/:CP#0d)n!!";kqu?aDL&1fLL&M&PA+fj%A,-*)A,H9+4T5<\-2[`E
--"H*9rr=AE!!#.\rrC:B!!#-5s+:9&s6K[d5QF'$s4I>Q?iV>>rrN0#J'7iqg!#/(
-UY1q4![%JmK)`[e!P_M0!!+C@rVlsG!!#.UrrC:B!!%`OrrBh4!!/iWrVuqPrVlsG
-!!">Crr@cP!!:CE-2ITB-&)0p"nO#?!%%71rr?R-!!-Sor;Zi&r;QaZq>^RCA*3^h
-!Tk^-!!&8_rrC:B!!#-5s+:9&s6K[d5QF'crrR:)U\k&nUEr%UVZ-^*!$Lh3!WW4M
-c2Rgt4So*Z4L+b_!l'H(U&P0:!.TV#^]+AM@jV'R#J^<=js:!-4SSjUbl.SBL&CrN
-A,ZH.-2mlE-2dcF,ldokr;Qb=rW!#Ds!@RC!Bd.Orr?R.!!%`Hrr@0>!!>@`s&&aq
-!@?n,rr>1Z!!4I#k5,)Xbl%MAbl7VBbl.SB4G*Tbs+:::rrPFc5f3O'K`D*!qu6aE
-!!#lnrrQR.+S#I5!!%Mnrr@cJ!!$O,rrCaO!!'d.rrO;CItI^6rrM7ErW!$ts8U=B
-!!$O'rrC:B!!#.ZrrM7.qZ$VMr;QjF!!">Crr=AE!!:jR-2mlF;8;i)"Qh!1!%%@=
-!2KJm!'L8\!V7W:!!#.[rr>1\!!,3Wp\t6;rVupErVm#_,ldp-K)^H&K)b0:!^H`N
-_Z'T^rVuqnrVllArVupEVZ-^*!$Lh3!WW4Mc2RctrW)pDr;Zh>rVlkmrVuq_UAk9;
-!.TV#_uBbjbl%J@xxxxxxxxx*rVuqPp\t6;rVup\qu6Y+qu?^Cqu6aE!!">DrrA;_
-!!=PIs&&aq!-J,<#';.;k5YHkrVuqPp\t5gr;Zg[r;Qc%r;Zh-rr2t_rVusrk5>5_
-PU.W\s31HB!%%RC"!mpI-%c/Ks+:::rrPFc5f<U%g&1mNA,ZE-L&CuObbtIB?iV>>
-rrN0#J'IuqK`D*8rr3"o-2mlEg&:pP;'e>urrO;CItI^=rrfS,!$tMAK`F77!!?*u
-s31HB!/:1I!6kEB!'L/Y!Tk^,!!%-<rr=AE!!=N04=0q+",6dT^\n-9,uKAM4=0t,
-#*f/f,ldokp\t5gr;ZjEbkqD?A,QB-U]18n-2mlJ,s6m8;'l2A!`B!ArVupEr;QaC
-rVurOK)^H&K)b3;!^H`N_uB_$r;Zg[rVlj[r;Zh^VuHg+!$Lh3!WW4Mc2Rm"!!#.[
-rrgOl!!%_ArrO;CItI^=rr@cH!!C"9s+UFP!/:1I!6kEB!'L,X!-J2?!@?n*rr=A>
-!!#.[rr?R&!!=P0s+UFP!/:4J!Tk^-!!+Ciq>UFWr;Zr7s8Ske!!9G*bl.SB4T,3Z
-4T5<\b_#kHs+::;rrPFc5f<U%A,QB--2miD-2dfDL%#$Cfho#errQR.+S#I5!!%Mn
-rr[rT!'L2Z"$?P`L%kTPUP7D$s5qPLXT&>E!.TV#`;]l04S\sX-):J>!2KMn!2K8f
-"!mpI4So'X;>pOqA,?3*-27H?4T#-ZPU6,*#X$f?s#^8]-0G"&!6kEB!@>tbrrL=i
-rVuqPrr3#64S\sX-*dIL"!mpI4T,3ZFT)7?b_#kHs+::;rrPFc5f<U%4T#0]g&M)e
-qu?^ZqYpT2A,[bT;5=*i#UKHs^N;Ra4GCZP!al!Nnc&Xj!.W8n",-^T4T59_o-FA:
-L&V)`fd.r>s8Th6!'Kj_,ldokbkqD@^LR6h!E#Wjrrc1]^]0#d,m;Hl;'i"6rrQ%D
-L"H>++96nCs2+d:PW\mj!^(Ser;Qh?4Ce'a"/@t@bkqDDjs:!--0G((!%%UEr?VJ,
-Pkb7`PYjOh,s6:arVlss!!$O&rrY@`-,90R"MZ5_-,9BX#GYck,pbZ`U\t,o;#ho;
-r;Ql6,lg&Zs+:9&s6K[d5QF'err=AC!!B"rs'ts,!%%OB!+Yj*"$HV`bl.SB-2[`C
-4N%1#?iV>>rrN0#J'IuqK`D*8rr3#64T5<\g&D!UK`D*8s8RfP!!">C!!#.Zrr?R*
-!!bXds-*K`,piHh"[&"L!%$=rrr\Jc!%$7s![%JmK)_>?!+Z!.!+Yj)"!mpI-0>.-
-Pa(h?!6k'7!p54!mJd42k5,)Yk0/GWK)^H&lMgoN!'nL&!6k<?$"O#8,ldok!!">C
-rr>1[!!+AlrW!#Ds313;!-H0Z!al!Nnc&Xj!.W8n!/:CP![TrTr;Zh>rVm(U!!#.]
-s31??!%%UE!6kHB!'L2[!@9&k!!:CEL&1iQ,ldokg&:sO4T,3],ldp-fDbmp!.TV#
-S,WI7rVur5q>UOC!!"<ss+:9&s,R*\5QF'frs=AZ!$s`-!'L:rrVuqPrVurBrr2tP
-rW!6e^]1P=!%%[Fbl%MG-$4i'!!"=`rrQR.+S#I5!!%Mnrr@cJ!!+D.rVm(3!!#.]
-s31B@#aG?O!!%`Qs+UFP#s?!&YlFbMs8RfO!!bX$bQ%Vhs'u$.!2KPn!/:CP!2J0G
-![%JmK)_A@!0mH_!'L&V"!mpI-%c/Ks+:92rrPFc5fE[749,@DK`D*!s'l$/-1`D_
-!0mK_"!mpI4T>?_K`D*!rr3'H!!$O.rrhp>!!(6^rrQR.+S#I5!!%Mnrr@cI!!+Ci
-rr30b!!#.]s1eL4%!;OL49,A8s8OAF!'L8\#)*$W-3+"!rW!@:s8U:C!%%[:,ldok
-rr3'H!!#.4rrO;CItI]jrr>1\!!&ehrrXPI!%!6sK)^H&NrK/G!'nL&"=4$JFNj^a
-&>LNO!+Z$k!!$O/s.]Po-0G4,",-^T4T>?_,ldqhrVlsG!!%_lrrQR.+S#I5!!%Mn
-rr[rT!%%Vu!H]Xe!"(%Ds8P1]!-J8@L&M&P-3!oN49,A8s.]Po-0G4,$&&?Z4TGG8
-!!">DrrlmpU]:@JrW!"Rs-3K_!2J-F![%JmK)_DA!87>O!%%C>"!mpI-%c/Ks+:92
-rrPFc5fNa'U](5s^],S[!'L5\$bu^O!!">Fs+LFQ-2miGK`D*8rr3'H!!%`OrrY@`
-!/8Dl!al!Nnc&Xj!.W8n",-^T4T,3ZPl:XhFT;A'!!%`Qs+UFP!-J5?#Wr(eL&Zi,
-!%%UD$&&?Z4TGG8!!#.Urs1^e!%%5!!!#.3rrO;CItI]krrA;_!!$O'rrXPI!%!6s
-K)^H&NrK/G!'nO'##P@#-3+!Bqu@-Os8S;`!%$e-K`D*8rVlu7!!#.\rrXPI!/:CO
-"$?P`KuO&n?iV>>rrN0#J'IuqK`D*8qu7(7!!#.]s#^8]L&_1,rVurBrr36d!!%`Q
-K`D*8rVm2=!!#.]s+LFQ4SSjUU](5n4T5<\UXfAG+96nCs.0/mjs:!-^\@a1;#gT+
-K)^H&K)^l2!^H`N`W$,g!!#.]s-3E]"(VB2g&:sTPlHF;!%%UD"3^`F-3!oH,ldq!
-rVlsG!!&8&rrQR.+S#I5!!%Mnrr[rT!'L2Z&\gF.!)`dr49,A8s8QR/!%$e,rs1^e
-!+Z%_!!">Drs?mL!%%[FK`D*8pAY+Tqu?^CeGfRm!.TV#SGrZQKtm<\!L/h#s+:9&
-s,I$[5QF'hrs7a5!!%-@s5kX+!!'e5rrj\K!)`d2rVur5rr3>1!!">-s8OAF!/:FP
-!+Z!.!85?k!al!Nnc&Xj!.W8n#_`6Y4TEX#@jV'R%);iB49,A's8P1]!%%UD"]57"
-4TE1q!!'e5rs>q1!%$e-K`D*8pAY--qu?_NeGfRm!.TV#K)^H&K)^H&QN%"O!'nR(
-!6kEB!0mK_!'L5\!%%UD%8d**-3*uk!!"<eKi'/q!"!08s!7XF,pbZ"rVupq`;]mH
-!$Lh3!WW4Mc2RctrVupEq>^Mjrr39e!!#.]s'l$/-2miQK`D*!s8OAF!$u`@;'l2A
-"_7Rd!!#.Srr>pq!!"=orrO;CItI]Ps+:9&s+:9:rrPFc5fWg(bl.SBbl7VBFT)7?
-L&M#OL&M&Rbl=I4!!=PIs!@I@!@?mHrrQR.+S#I5!!%Mnrr@cJ!!,3srVm0d!!#mr
-s+LFQ-2miJPQ1\0s8Skg!!O\KK`D*8p&>#erVuqPe,KIl!.TV#K)^H&K)^H&QN%"O
-!'nR("5*YS-2miGjs:!ir;R&b,ldqhs8T>Mr;['bF?BOLs8ODA!!,sM_uBdG!$Lh3
-!WW4Mc2Rgt-2dfG,pd'9qu6u-,pfhrs-*K`;>pLsf`2!urr3#(-2dfM4EN[c-3'_?
-!)`Fh"&T$u-.;ep+96nCs8;ltPb[jM!L0A,rrL@+K)^H&K)^H&hu<aC!'nO'!jRI4
-r;Qf[bkh>@Yrma<rr^K0PhH'9$^BfRs!7XFFHhKDftm[i?iV>>rrN0#J'@omk5ENn
-rrSF=k5>5\P_Ifgrr^K0PhH'9"dJ0Ls-/61rrhI1!!%`$rrO;CJ%GX\g!&a]!R/dG
-rrY@`!-Io6"$?P`FOU6l,lf7Ro)A`q4T$K+A&!WqK)^H&K)bWG!^H`NU&P3@!!%_d
-rrQR.+S#I5!!%M.rrcg3!%$dUrrO;CJ%P^_K`D*8q#:DL,uOI;"(M<2;;qNW,ldp-
-p&>+?!!#.2rrC:B!!%`Drr=A@!!,sZU]1F+,s9DmrrIgqg]%B<;'f(ks+:9grrPFc
-5b\2[,ldq!^&J.A!$Lh3!WW4MNW0),!!$NVrrO;CJ%P^\4T5<\PktC[Z2O_'A,?3*
-^]"35-/nk+,ldp-p&>+?!!#.2rrAhn!!%`ErrC:;!!+Cih>[Q=Kqm9"!p533q>UGZ
-rVup\ao;I-!!#mZrrTrh^\Rm0;>pOqFFsOEs2=p=5QF'CrrXPI!/8,d!al!Nnc&Xj
-!.U%/!2KMn!5Hq]![%Jm]DhkQrVup\qYpOXrVupEqYpP*rVup\iVs!+!!"><rrXPI
-!'Jd2!/:CP!0m*T!6kEB"!p&l-2dfE-1g!n"!mpIPh?!<,ldq0qYpPLrVupEb5VIV
-rVupEkl1XtrVurOqYpOXrVuq.K)^H&`;]m(!'m7X"!mpIKt[Kf?iV>>rrN0#IuaO2
-;#gSBd/O.i!.VW\!87;N!87;M!2KGl!878L!%%UE!2JNQ"!mpI-2%9?,ldp-eGfN&
-rVurBoD\g7rVuqPrr3"o-2mlEA)I:dbl.SB4PB`7bl.SB4So'\ju`ViUW`Z<o-O>8
-!6j^-!/:CP!/::L"L06Q-/!nMK)`dh!^H`NU&P3@!!&e-rrQR.+S#I5!!%M/rrY@`
-!-HTf![%Jm])MaVrVuq_r;QaZqu?`3r;Qo^,ldoki;Wm*!!"><rrXPI!'Jd2!/:CP
-!6k'7!5JL5!/:CO"O&.l!%$P&!6kEB!%$=u!6kEB!%%F?!R0]Krr?R,!!&8Jrr@cP
-!!$O(rrC8ps+:9frrPFc5b\2ZUHE&!rrQR.+S#I5!!%M/rrUD,;:#7D+96o&rr@cP
-!!#.[rrM7.qu?_Nr;Qb]rVupqi;Wm*!!">BrrQ\-g&D!R,ldp-eGfMYrVurBoD\fE
-rVuq_r;Qj]!!">%rrXPI!%$:t"!mpI-0"q*g"G?a!3uD$!+Y9n!6kEB!+UW\K)`@\
-!^H`NK)aL'!al!Nnc&Xj!.TV#f`)!q!.VT["Qh!1!%%UD!0m?\!-J/=!'L5\!2KAi
-"3cIQbkh>H^Qdm\s5p(u4ET`brrXPI!%%RC"$?P`-3!oH,ldp-q>UQ@P_HmFrrBh5
-K`Kg$rs.\.4=):9PW\pF!86uD!/:CP!6kB@"$?P`-3!oFUSIhg"PK#L4I#[A"3d!`
-^\e$5@jNE`rW)mC!E&"VrrAhnK`Jm^rrqP,4?R,Kr;Qk/,pb\Q!<"2E;<IlX!gJDl
-q>UTNUP5K*qu7"F!!%`Qk&`^34JV3A!V7W7!!#.Urrp/I4?R`#rVm#_;'dMNrW)mC
-!+Z$.!p52jrVlq/;;(gG!el?jqu6Ykre1?eK)^H&hZ!XB!'l/9f`)"\!$Lh3!WW4M
-K)aL'![%Jm\c2XlrVur5rr2s\qZ$UYrVllNrVupEqu6`h@jV'R!BdXcrs$4<!%$<.
--2dfD-3!oH,ldokrVlj[rVupErr3'H!!#.YrrIg"r;ZjEL&(`LKdHWs!Bd.SrrI3f
-p](:?o)A]DrVurBrVm;Z,ldoks8RcQ!)^L.qu?^or;QeO-2dfE-&)?u!5J1,!-J2>
-!H]Xc!!+BUqYpSk-2[`G-&)C!^\%R2FT;A_!!">BrrKAer;ZjEA,Q?1,ldokUF#g<
-!-IQ,!+Z!."ApHF!%%F?!+Ym+"?`shs)do6%);iB49,@Ys8Ppr!'L/Y"&T$u4T59\
-F=$hb!@;6-s+::/rrPFc5_B$grrQR.+S#I5!!%M#s4I>Q+96o%rr@cP!!IEDs5kX)
-!!">Drr?R.!!$O,rrL=iq#CE"rr2tPrVupEq>^kes8OAF!'L;]ff]35!/:FP"!mpI
-4T,3Z4S\sWFSu.>ff]$0!-J2>!+Y^&!%%49!/:CP!6kHB!R)kh!!@rTs#fuT!87AO
-!'L&W"*FSC^\%R,FT2:?4SSmV4T,3ZU\FfjFT9,K!!@?Cs#g8\!6kEA!+Yg)!'L5[
-!%%@>!@?mqrrBh5!!4J/4T5<\bkh>>A,$$*Z2\q=!"$F?s!7XF-3*ukrVur5rVm#_
-,ldokrr2s\p](:VK)^H&iVrsE!'l/9f`)"\!$Lh3!WW4MK)aL'![%Jm\c2Z_rW!$_
-s8S>_!!FT1!!">DrraVJ!%$e*rr>1V!!">Err@cL!!">E!""AZs!7XF4TEVOr;Zh-
-rVlsG!!#.[rr?R'!!'e5rrM^;r;ZmF4=0t,!'L8\!/:@O"!p&l-2dfD-1_'9A,ZH2
-UWes"-2mlE-3!oE4Sf$X-2mlHbl@]QpAbE4s8Rd8,piKir]C0Xrr2t.r;cgCr;Zi4
-rr3#P-2mlG,s3LQ!!YRcs+NQ]-2diC49/7XrrbFa!%$e,rrA;X!!%`Prr=AB!!+Al
-rVuq_mJd/KrW!"Rs'u$.!/:=M!0mE^!^&RkrW!.Vs8QRk,piKir]C1&rr30K!!">F
-s+UFP!)`^p!-J2?"(VB2A,QE,-2dfD^OlK;s5O%[5QF'$s4I>Q?iV>>rrN0#ItI^Q
-rrO;CJ%5L_,ldoks8P4\!!-S>rW!&Es8Skn!!#morr?R-!!?`GUF#m>"-iicL&:oP
-A&$7e!!n;Ys!7XF4MN3@!!$O,rrXPI!'L8\!2KJm"&Yi.4T5<\;?$Rq;>gIsL&_1,
-rVuqPrr2sErVuq_rVlk-rVupEo)A\PpAb4?^]+654T,6^-$7gorW!#Ds.fMm"&Yi.
-4T5<\;>^@q,ldokqu6Z2rVusFU]18n4T5<\L&V)P;>pOqA,cK1YpC]kqu6aE!!">A
-rrY@`!%%XE!Tk^-!!>?Jb[^VP!%%XE!%%OC#!DMK,ldpemf*9@rW!$_s8S>_!!#mn
-rr=AE!!&enrr[s$4PBZ4!6kEB!'L,X$RGcQ4TGHD,ldokk5PA\-2mlGg&Jhd!!+C@
-rr2s\rVuqPK)^H&ir9'F!'l/9f`)"\!$Lh3!WW4MK)aL'![%Jm\GlPNrW!#7jsC!,
-!Palu!!@rTs&&aq!5JI3!%%UE!0mK_!5JL5"$HV`L&CuRU]:A<rW!.Vs8OAF!%%OC
-!-J,<"!mpI4T>?\4T5<\A,cK5o-FA:-3+"[r;Zhmrr2tPrW!&Es8Skn!!%`MrrXPI
-!'KiP!'L#V!BeU)rr>1\!!FUls8RfP!!:CE4T5<\A,cK2o-FA:-2[]E,ldokqu6Xn
-rW!)+s8SiVr;ZrQs8Tk5!!#.QrrXPI!%%LA"!mpI-3!oEFT)7?4T59[;>pOtbl@\h
-r;Zg[rr3'H!!#.MrrM7.rW!%qs8U=B!!">Crr@cP!!$O$rrC:B!!#.YrrCaO!!#.\
-rr>pq!!@xxxxxxx"&]*u;>pOuZ2aj!4T,6[fn06Us5O%[5QF'$s4I>Q?iV>>rrN0#
-ItI^QrrO;CJ%5LY^]"36FG9\o!^-M,rW!."s5kU-!'L2Z!2KMn!'L2Z"sj6L-3+"!
-rVuq?rVm'a!%$e-s!@LA!)`Um$RGcQ4TGHD,ldokoDS[hA,ZH0bl;2P!!%->rr@cP
-!!^[Is'l$/-2RWD,ldp-o)A\PqZ$[D4I#aC!'L5\!3uP'$K`W74TFOi!!">:rVlk-
-rVurBr;Qj]!!">BrrsbL!'L:8-2[`CA,cK.;>pOq^[qI-49,@-qYpXD!!">Err=AE
-!!';&rrAhn!!@rTs!@UD!5JO5"!mpI4R`:M;>gIp4T6Z+!!+D.rVm!H!!">:oD\n=
-!!#.YrrC:B!!#.\rrBh5!!=PIs&&aq$)@P#,ldp-s+Mcs!!$M\s+::0rrPFc5_B$g
-rrQR.+S#I5!!%M#s4I>Q+96o$rrqO2!!#,-rW!4gs8OAF!%%YerVuq_r;QbNrVuqP
-r;Qs`!!">Fs+UFP!6kB@!6kEA!%%F@!0mB\"sj6L4TGH*rVup\r;QbNrW!/Hs!7XF
--0G1+!/:CP#0d,I49,@-qYpXD!!#.PrrY@`!%%Wg!9X+W"$?P`-2[]Ebl@^erVup\
-r;QbNrVurBr;Qj]!!">CrrC:B!!+Alqu?a[U](2p,ldoko)AeS!!">ArrXPI!%%XE
-"!mpI-2dcCbl.SEL&_0!rVup\rr2uBrVup\nc&XP4S/URU]18nbl.SBA+KX%,ldp-
-qu6Z?rVup\rVlj[rW!5=js:!--3+"hrVusF-2[`D4JRN.K)ad/!^H`NK)aL'!al!N
-nc&Xj!.TV#f`)!q!.VKX!%%LB!%%XE#UKHN-.sRE!%%OB!'L5\!6kB@#!;kc-3+"!
-rVurBq#:?<qu?^CrVusFbl%JF,ldp-s8RfP!!%`Nrr@cP!!UUH,ldokr;QbNrW!/H
-s8P1]!'L,X"!mpI4S&LS,ldp-p&>+V!!">?rr@cP!!%`Nrr@cP!!(7@rr>1\!!(^N
-rrC:=!!,3Wr;Qc@rVuq?o)A\PrVurOqu6jH!!">Fs31HB!'L2Z!6kEB",6d;-2mlE
-PlC[_bl.SB4RrFObjtf7A,cK.L&M&P^[hC,,ldokqu6Z?rVup\rVlk^rVut/A,ZH1
-L&_1sq#CFXUOrMts5*bW5QF'$s4I>Q?iV>>rrN0#ItI^QrrO;CJ%,FXA,?6+FT2:?
-;>pOq;>pOqFSl(<A,ZH.bl%JF49,@-s8RfP!!(7<rrC:A!!7964T5<]-1h*8"sj6L
-4TGGVrVuqPr;QbNrW!,Gs!7XF-2dcCPl:Xebl@]*!!">ArrXPI!'KiP"!mpI4SA^V
-49,@-q#:>hrVuqPr;QbNrVurBr;QaZrVurBrVllAqZ$Xo^\[s1bl.SBL%>6D4T5<\
-bkqDI,ldoks8V4-!!#.ZrrC:B!!7lSbl%MAbl7VBbl.SB4RrFOL&M&R,s5'(K`TDm
-rVupErr2tPrVurBo)Ae<!!">BrrC:B!!#.ZrrXPI!%%UE!%%XE!6k<?!E$U`s+::+
-rrPFc5j&(Jg!&.9rrV>:Pg'./k02'?rrSsLg"HB,?iV>>rrN0#J*-b4bfo59rrTrh
-Z-<4Lg!%\2rrJ@<f`)!q!.VKX!2KGl!@?n-rr@cM!!+D.qu6YMrVuq?rVm,b,ldp-
-s8RfP!!(7<rrC:B!!H1!s4J^t!!#mprrsbL!'L;]bl.SB4T,3d49,@-s8P1]!%$e+
-rrC:B!!B"rs'u$.!0mE]"S3o>!'KiP"!mpI4SA^V49,@-q#:?<rVup\r;Qj]!!">B
-rr>1\!!(7ArrC:A!!-T_q#:?IrVuq.o)A\PrVurBqu6aE!!">ErrXPI!%%RC!+Z!.
-!mL\grVupErVm#_,ldp-nc&S8rVuqPqYpdH!!">-s8S>_!!&ebrrXPI!%%OB!6kEB
-!'L2Z!+Ym+!/:FP!6kBA!Fsf7s+::)rrPFc5jA:Mfd.sD!!4HD^[M1);#gT\rVlo\
-bh2psKdAk\,m=8K,pcE`r;QfNg&D!Rf`2!ug&D+]!$Lh3!WW4Ml2M$a,p`Nk,pd'`
-n,EJ9!!(^NrrLg+f`)(a,s3J"rW!$H-"F^frrL@+rr3(b!!#mLrrO;CJ%,FXg&(gM
-;>pLpbkhA?;>U:mg&:sT--ZDho0!!P"-iicL&M&PbkV2<^]"35L&V)PU\t/mPlC[b
-,ldp-rr2sErVuqnrr2t.rW!$ts8QU.!!%`OrrAhn!!?a2s1eL4!0mK_!SKU7!!">9
-rrXPI!'KrS"$?P`-27E>-2mlEU]18nA,ZH.;>^@n4T5<\bl%JD,ldokPl1Ogk#!Ee
-s8OAF!%#DYrr_Cn4JVfR!'L5\!6k??"!mpI-3!oE;>pOqA,cK.U](5q-3+"hrVupE
-r;QjF!!">9rrA;_!!+D.qYpP*rW!%Ss8UdO!!,4ErVlu7;*<)"rrXPI!%%OB!6kEB
-!'L2Z!878M!@?n,rraVJ!%!m-rr_C\,s6eZK)aj1!^H`Nl2L`nq#CD:nG`SQ!!%`P
-rr]MP!'Js7!%%==%6WeQs)\5@FT;Bb!!"=urrQR.+S#I5!!%N5rr=AA!!+C@nG`S:
-!!(7Brr[?C!-Hrp!6k*9!)`aq#s826Z2aiX!!#.7rrO;CJ%#@W-2dfDU\t,l-2[`C
-^\Rm0;>pOt,s4:9rVupErr2tPrVurBq#:>JrVuqPrVlk>rW!0Lk5YH-!!#.\rr@cO
-!!58F-2dfG^]4>Kr;Zq0^Q_Uo!!">Err>pp!!=N04=0q+!%%49"!mpI4SA^V49,@-
-p\t5Ir;Zm]4=0q+!5JF2!'L5\!6kB@!/:@O"XRZ4F?ClK!!:jRL&CuV;2'^6,ldok
-qu6XYrVurBqu6aE!!">ErrBh4!!4H/4T,6^L&_1srVupEr;QaCrVurOoD\eQrVuq.
-q>UH0rVupErr2sqrW!'I@tfV6rVup\qu6aE!!">BrrC:B!!#.Yrr>1[!!$O,rr@cO
-!!OZYKlfF'rVurOK)^H&j8T0G!'ofK!^$G_r[%LC!+YR!"$?P`L&V)PA,ZH.bhE's
--1q6Hg&M'u!!">Fs3(HC-/&;"?iV>>rrN0#J*Ht7,ldrE-2dfDU[e?d,ldqhrr3'H
-!!">!rrC:9!!=PIs5s:\##YF#K`D*8g&D*r!.VHW!)`^q!@@@8rr>1[!!">?rrLe!
-p](<!rr2tPrVurBq#:>JrVuqPr;QaZrW!.Es8OAF!'L5[!'L#V!-J2>!'KoS"GQmU
-jsB^$!@?n"rrXPI!'KrS"$?P`-2.?=4SSmVFSc";4T5<\bkqD?4SAaT4T>?\4SJgU
--2[]B4T5<\bkqDB,ldokrVlk-p](:Vrr2uBrVup\r;QaZrVurBo`"pErVusFk4nrV
-4T5<`g&M**-2.B>;>^@q,ldokqu6Z?rVup\qu6YkrVusFk55/Y4SAaT4G*Tbs5O%[
-5QF(6rs(Xd!/:IQUHJMU!5J+)"$?P`L&V)SYpBB4g&D1$!!%,Ur6,4r4GEe7$$6.I
-FT;Bb!!"=urrQR.+S#I5!!%N5rsC%P!6kKCKd?^!-1V!;,ldqhrr3(B!!%,prrgOG
-!%!?sbQGV%4L+nc#s81fZ2aiX!!#.7rrO;CJ%#@WPl1R^g&1jMPl1R^L%kTJ^EraW
-!@=N>rr@cP!!(^IrrCaO!!&8]rrBh5!!\/Ws!7XFA,ZE.juiJ?!+Yp+!'L)X!%%UE
-!'L8\!TlN@!!FSJ!%$e!rrZ*u!+Y^%"$?P`-2.?>juiJ?!+Yj)"$?P`-2IQAF=$b`
-!@;7Rrr>pl!!,sMqu6a\!!">ArrZ*u!'L2Z!+Yj*!'L2Z"!mpI4T,3ZFT)7?bk(i:
-,ldpep\tB2!!">-rr3#C4Sf$Y-"HfO"!mpI4So'[,ldpTqYpXD!!#mlrrI3fq>^OB
-@tO`4s5EtZ5QF(6rrY@`!/:CO"$?P`A+KX%49,A8rVlo\bh2pt,ldqho`"sFbl7VE
-bQ%Vhg&D+]!$Lh3!WW4Ml2Li3!!(7BrrgOl!!&ebrrXPI!6kEA!SP]Mrr^IF!%%7:
-!R06rrr[rT!'Js7![%Jm[Jp>+,pd[1rrhI1!!#.SrrM7lr?VJSk5>5]^EikBpAY2J
-4GEY3!i%kfrr3(q4Ak8<rr@cO,lplXq>UJj4T6W2;5=/r,pfhorsHMN4=):9FP0M;
-L%50DKn]1!",/$IFS,S5L&E:u;8;o+"/@.gFSPkAk(Po[,pb[-k5,)YUJ^t9!Frn?
-rr]#B-$9"`"6O*'g&(dMUHJN%!Bd.SrrZ*u-):D<"2?,^4S&LRk(T&mrrTH&^\e$3
-PW\mj!HdK"rrZaW-*d=H!l%TSq>UQ@4Ajf,rs7b@4?Oo94GDpLs+::/rrPFc5jA:N
-49,A8rVltR!!#.PrrY@`!/8l$"!mpIbjYQ6bQ%Vhg&D+]!$Lh3!WW4Ml2Li3!!(7A
-rrY@`!/:"D"!mpIbgZRobQ%Vhmf*BC!!#.7rrO;CJ#`MNfnG.Bk5PG7OT,@Dk2H=?
-k2ZIAk4JZRk2H=@bi\d%!TqVWrrD3RrrD25s+:9ZrrPFc5jA:N,ldq?rVltA!!#.Z
-rreR.4GCQJrrY@`!/:FP!mEc(qu6i7;'dMNPl:U_FCY.H!b5a&p&>+?!!(79rrSrX
-FT2:BbQ%Vhqu6l8F?DZ_Pih-.!al!Nnc&Xj!.X;6"O$iG-0G1+"$?P`L&M#Tk(R;B
-L$&=5"!mpIbl7VDUHEYqrro/[,pcE`rr3&Q@tjdZ!ngG)p&>-<!!">;rrR:)U]18q
-K`D*8qu6hp@luk`UZMLW+96nCs+:9&s+:9&s-EZd5QF(6rrXPI!6kHB"O&.l!0mK_
-!L+o.!!%->rrY@`!/:FP"$?P`L&M#OU\b#q-):KM!!#mnrr[rT!)`Fh"=4$J@m'`:
-"$A\Cg&:pW,ldqhs8U:C!%%RC!+Ym+!@=N(rrQR.+S#I5!!%N6rr^IF!%%UD!2KMn
-!87AO!H]Xd!!+C@rVlsG!!(7BrrXPI!6kEA!+Ym+#!CT=49,A8qu6aq!!&8WrrpUH
-!$u_LrZqV.4Ce?i"3^`F-3!oHK`D*8rVloO4So*Z--YQP![%JmK)^H&K)^H&K)_/:
-!^H`Nl2M5>!!(7Ck(P)]!%$e-s+U7K!0mK_"$?P`L&V)S49,A8rr2u5r;ZgDrW!!G
-s)e5?!0mH^"Qh!1!)`Fh!%%@>!'L5[#pfQObl@^e!!">Drr?R(!!(^9rrQR.+S#I5
-!!%N6rs-aJ!%%[Ffjk!]!'L8\!)`Rm!@?FurrXPI!6kHB"!mpIbl7VBL&M&Q,piNj
-##YC_!!"=urVlkmrVuq_pAY-:p&G)&rr3)E!!">Err[rT!'L5[!'L&W!%$h.![%Jm
-K)^H&K)^H&K)_/:!^H`Nl2Lf2!!*!Er;[;%s8Uau!!"<TF<pne-3!oH49,A8rr3'_
-!!%`Prsq3l!%#D[^H;Kns77N:!%%UD!+Z!.!5J4,!%%@>!'L5[#pfQObl@^e!!">E
-rrAhn!!d#Xb`jCR!/9Y:!al!Nnc&Xj!.X;6!6kEB!@9&j!!FV$s8S>_!!4HgA,ZH.
-;?$Rt,ldqhrr3TW!!(7Cs4J[u!'KE+UEonos1eO5!)`^p"$?P`-2%9<bk;#:FT2:B
-^An6[rr3(S!!#.\rr?R.!!e5%b]G-2!6j[,![%JmK)^H&K)^H&K)_/:!^H`NlMgnI
--2ITB-):J>&Q&N.--ZDhbU!5h^]4<r!!%`PrsC%P!/:IQK`D*!bl.PAbl7VBPl:Xf
-FT;C',ldpBo`#%?!!"<Bqh5%4rr2uBrW!/Hs8U:C!%%XE#<VtdA,lS(4T5<\^Zb\!
-?iV>>rrN0#J*R%6U\Olj4O!g)$7,ZP4S/UQPQ1\0rr30K!!(7Cs31HB#0d,I;#gSY
-r;QcMrr2t.rW!&*s8Skn!!%`GrrC:B!!+BUr.P-8rVltR!!">Ert0qb!'L;]js:!-
-PlLc;,ldokkPkT+!.TV#K)^H&K)^H&QN%"O!'oiL!6k?@"!o78k5G;^,ldpTrVm0d
-!!%`Qs#^8]L&V)Y,ldq?s8OAF!+Yd'#!;kc-0G5;rVur5o`#">!!(7:rtETV!%$e-
-s3(HC-3+"u!!"=hKdHZt!+Y3l!al!Nnc&Xj!.X;6!/:=N![TsnrVllArVuqnrVmWZ
-!!(7Cs!7XFbl@^e!!">-s5kU-!2K>h$K`W7!'L;]49,@-o`#$;!!"><rr[rT!%%XE
-%#"Z]4TGGG!!#.D@jV'R!2J`W![%JmK)^H&K)^H&K)_/:!^H`NlMh%3!!"=hbkh>>
-bl.SBbl.PJ49,A8s8P1]!/:FP#pfQObl?>r!%$e%rrB>'!!Qm4,ldpBoD\n=!!(7:
-rr^IF!%%XE$HrJM-3+"[!!";kr;Zj\UZVRX?iV>>rrN0#J*R%;K`D*8bfoq`",-^T
--2dcX,ldqhs8OAF!6kKCbQ%Vhs8S;`!%%@=!-J2?!MdF/!!%`Frr^IF!%%=<",-^T
-4T>?fK`D*8s8R0@!$rri!!,s3k5PK*!.TV#K)^H&K)^H&QN%"O!'oiL"3^`F-2@K?
-bl.SBbl.PJ49,A8s8P1]!/:FP#UKHNbl>le!%%=<"Ao.!-"HoS!5J.*"!mpIbkD&=
-bQ%Vhrr32H!!">Fs+U=M!Bd.<rrQR.+S#I5!!%N6rr[rT!'L&V",-^T-2dcX,ldqh
-s8OAF!6kKCbQ%Vhs8RcQ!)`Fh#:0?M4Ac(Y-1h-=bQ%Vhp&>,J!!#.\rs"/W!'L;]
-4T#0\,uMG<rrO;CItI]Ps+:9&s+:9:rrPFc5jJ@ObQ%Vhq#:?IrVurBrVm0M!!&8`
-s#^8]L&V)X,ldqhs3(HC-2%9<^\\!24S&LS,ldqhpAY6=!!">Ers$[I!%%[FPl:Xa
-,uMG:rrQR.+S#I5!!%N6rr[rT!'L&V"-`cc-2miZjs:!-g&M'u!!(7Cs3(HC-3+"!
-!!#mhrr@cM!!$O#rr^IF!%%=<",-^T4T>?bK`D*8s8Psq!!4HVk2QCB+96nCs+:9&
-s+:9&s-EZd5QF(7rr^IF!%%C>"!mpIA,cK8UAt9?k5YHD!!%`Prs9tO!6kK*,ldq?
-rVlr]KtmQc!+Yp,!2K,b"!mpIbkD&=bQ%Vhrr3>L!!">Fs4IAP-'\?-!l&6!kl1]l
-!$Lh3!WW4MlMgs?!!#.VrrCaO!!&8_rrZa2!%%XE&1%;Vbl@^e!!">Fs.]Po--Z>f
-!l'HOr;QaZr;ZjEk4ATTbQ%Vhp&>,J!!#.\rsFG[!'L;]PQ1\0^\n*5UJ\;[rrO;C
-ItI]Ps+:9&s+:9:rrPFc5jJ@ObQ%Vhp\t5'rW!!sKk()^!)`aq"$?P`L&V)V,ldq!
-s8Psq!!d#K^LJPi-0G1+!Tk^-!!#.OrrXPI!6k0:!6kEB#0d,IbQ%Vhrr2s\rVupq
-re1G:!!">/rrQR.+S#I5!!%N6rr[rT!'L#U!'L5\!b6p]rVuqPrr30K!!(7Cs31HB
-%F"kP,ldokFNgLW!!#.ZrrAhm!!$O"rr^IF!%%=<",-^T-3!oWK`D*8s8V4-!!"<T
-KnXUp!!#.FrrO;CItI]Ps+:9&s+:9:rrPFc5jJ@ObQ%VhpAY+Tq>^OBk5PA_49,A8
-rr33L!!%`Qs4J^o!!+D.r;Qb,rVuqnnc&\;!!(7:rrC:B!!^[Is3(HC-3!oFfd6Cn
-!)_t[!al!Nnc&Xj!.X;6",-^T4SSjVbU*)c!'L5["sj6Lbl@^erW!&Es8Skh!!#.Y
-rraVJ!%$durr^IF!%%=<",-^T-3!oHK`D*8rr2tnpAb2Ikl1],!.TV#K)^H&K)^H&
-QN%"O!'oiL"6Lm0;>1"jff]04!BeU)rrZ*u!5JO5"&T$ug&D!PbWPb&!E%PIrrY@`
-!'KcN"!mpIbk:u;,lf7jrr^pS!'L5[!p3?+qu?aDA*<jn?iV>>rrN0#J*R%9YlFcX
-pAY/u-2[`C;>gFq,lf7irrOJH-2miEUF#g<!@;7QrrhI1!!$O!rr^IF!%%=<"2=g9
-;?$RtPQ1]*rVlo54So*Z-&(O^![%JmK)^H&K)^H&K)_/:!^H`Nl2LeHbk(i;ULQD`
-U\aukKqnSG!R06orro0-4?R`=qYpQ1rVuqnnG`PP!%%:;!p7_hrVlr(L$&:4!Tp0V
-K`JmLrrQR.+S#I5!!%N5rrLg+oD\rX;*8@'qu6`NKtmTd!p7_hqu6ha;*6t*k5,)\
-K`D*!k4/HRjs:")o`"sFbl%JAPa)%E!SN_:K`K?YrrO;CItI]Ps+:9&s+:9:rrPFc
-5dC=k;#gSBmf*:2_>aRE!$Lh3!WW4MZ2XnP!!#mbrrM9+_>aQZ!.TV#K)^H&K)^H&
-QN%"O!'mji"Qh!1!/7QT!al!Nnc&Xj!.V<S!2KMn!5GZ9![%JmK)^H&K)^H&K)_/:
-!^H`NZMt&L!!">-XoAH1!$Lh3!WW4MZMt"h!!"=HrrO;CItI]Ps+:9&s+:9:rrPFc
-5dLCl,ldpBXT&?0!$Lh3!WW4MZi:0j,ldq!XT&>E!.TV#K)^H&K)^H&QN%"O!'mji
-"!mpIUTFIs?iV>>rrN0#J$].XbQ%Vhk,eRa+96nCs+:9&s+:9&s-EZd5QF'TrrQ[V
-4KJJ`?iV>>rrN0#J$T(U4=+L<rrO;CItI]Ps+:9&s+:9:rrPFc5_B$grrQR.+S#I5
-!!%M#s4I>Q+96nCs+:9&s+:9&s-EZd5QF'$s4I>Q?iV>>rrN0#ItI^QrrO;CItI]P
-s+:9&s+:9:rrPFc5_B$grrQR.+S#I5!!%M#s4I>Q+96nCs+:9&s+:9&s-EZd5QF'$
-s4I>Q?iV>>rrN0#ItI^QrrO;CItI^crr>R2!!"*ms+:9&s+::6rrPFc5_B$grrQR.
-+S#I5!!%M#s4I>Q+96nCs6BUb*>6OK!>kfgs+:9&s+::6rrPFc5_B$grrQR.+S#I5
-!!%M#s4I>Q+96nCs6BUb*@/g8!A=G)s+:9&s+::6rrQ!s5_B$grrQR.+S#I5&-.33
-s4I>Q#QT@+s6BUb*@/g8!A=G)s+:9&s+::6rrQj6+G0XGrrP^k5k4jU-idY,s4I>Q
-!!%e+s6BUb*@/g8!A=G)s+:9&s+::6rr[`N!9\t6gA_9L&--,.rrPFc."_KPrr]_1
-!2kGKlMgl*,g0Nq0*$V(K)^H&K)b$6"2=g9LP#Q[rr]G)!2oAe"+L:Na+F?FrrZ@'
-#k*BFlMgl*,g0Nq0*$V(K)^H&K)b!5""4-Tf7O%Xrrhd-!#YJ#rrh3b!%@Sns4mVV
-^An71K)b*8!?EH/?NDe[K)^H&K)^H&k5PP0#QQi9s4mVV?iU2!n,EKV!!%7qs5!\X
-pE0GIkCW`urrF,cb?k9'!.t6&s+:9&s5j7`IfKI>kCW`lrrhdu!!#RWrrbRe!-n6i
-s5<n[a!^ofT7[+,rrF,cb?k9'!0[?^LWMd]T7[)ps,d6bpG`-Q&=;R3s5a1apSSi.
-!$LIlrrq9k!!"FNK)am2!T//$!!#iIs6'C_*@/g8!A=G9rrE*,b7am]*J4<Cs,[0\
-mpQ(o!'#QqjZieOrVusikNi-Kf/Wa0!"a`IjZif"rVus)LP#QgrrF,cb?k9'!0[?_
-!%,l`!?E24s+:91rrKSGJcO^/!>qHlrrIl\JcO^/!BA\_s5j7]*@/g8!A=G9rrE*H
-b=r!X*J4<Cs,6mXYAgO-r;Zg?^d%s7TC:nA!r&TpY<W(!rVup0]KcLBc[u2WrrF,c
-b?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_
-!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24
-s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'
-!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB
-5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+
-rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'
-!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`
-!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&
-s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#
-s3(EB5lL``5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``
-5_B$+rrF,cb?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,c
-b?k9'!0[?_!%,l`!?E24s+:9&s0D\'!!%M#s3(EB5lL``5_B$+rrF,cb?k9'!0[?_
-!%,l`!?E24s+:9&s0D\'!!$BF^Aum*rrC*Y^Aote!!#99s.')i*@/g8!A=GrrrM:)
-aT);fb=r!X*J4<Cs+:9Vs1\O7%&h>K!J:Nj!!#'3s.')i*@/g8!A=GrrrTq8;p0%Z
-!%,l`!?E24s+:9&s0D[=!!!nZrr<A?!!"-ns.')i*@/g8!A=GrrrTq8VT[cr!%,l`
-!?E24s+:9&s0DY)$,6H?#L!,IfY.=c.Y@\jrrF,cb?k9'!6bBD^At.Sh#RL&b=r!X
-*J4<Cs+:9Vrr@\d!!!bWrrCrk!!*,!K)_A@!?EH/?NDe[bPqXY!2drq!<=Ii9`Z7T
-K)^H&K)`+U!RZtI^Aph(!!".brrCsT!!%5_^B1s,mt1S/rrF,cb?k9'!6bBD^At.S
-h#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NTT7[)ps4mVT*@/g8!A=GrrrTq8
-VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT!!&XCs+::+rrF,cb?k9'!6bBD
-^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NTT7[)ps4mVT*@/g8!A=Gr
-rrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT!!&XCs+::+rrF,cb?k9'
-!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NTT7[)ps4mVT*@/g8
-!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT!!&XCs+::+rrF,c
-b?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NTT7[)ps4mVT
-*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT!!&XCs+::+
-rrF,cb?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NTT7[)p
-s4mVT*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT!!&XC
-s+::+rrF,cb?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscbhu*NT
-T7[)ps4mVT*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".brrCsT
-!!&XCs+::+rrF,cb?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-++Nscb
-hu*NTT7[)ps4mVT*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+!!".b
-rrCsT!!&XCs+::+rrF,cb?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i@/^-+
-+Nscbhu*NTT7[)ps4mVT*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::Arr?I+
-!!".brrCsT!!&XCs+::+rrF,cb?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s760i
-@/^-++Nscbhu*NTT7[)ps4mVT*@/g8!A=GrrrTq8VT[cr!%,l`!?E24s+:9&s+::H
-rrDNbrr?I+!!"/<rrDNArrD6ZrrCsT!!&YgrrDM>s+::2rrF,cb?k9'!6bBD^At.S
-h#RL&b=r!X*J4<Cs+:9&s7uZr:fsq"rr?I+!!"/?rr^kl+QqJY"0X,.hu<WUhu*NT
-TDnimpRauqK)^H&j8T-#,g0Nq0*'2q!l"`4bM<1!-Hf*a*?Bb3K)^H&K)bZH#L<AM
-(hf8N;>pP#*P\M%0E;)lf`).0!!#96\#90)#CO:A?jH`<kCW_cs5X+[*@/g8!A=Gr
-rrTq8VT[cr!%,l`!?E24s+:9&s+::Grr>md!!*Agf`(rTnGiQ.K)^H&ir9$",g0Nq
-0*'2q!l"`4bM<1!-Hf*a*?Bb3K)^H&K)bWG!7139!-$Nh!&4!E!=7k?s+::1rrF,c
-b?k9'!6bBD^At.Sh#RL&b=r!X*J4<Cs+:9&s7cNn;"O_g#j9e=!3bto!-!PiK)ag0
-!?EH/?NDGQb<Q+_!1_6g!<=Ii9`Z7TK)^H&K)^H&p\t6>oDel1eGfM&o`,!ukCW_c
-s5EtY*@/g8!>baZ0ENL"I*:=H!%,l`!?E2KrrBfcJ"1ug[t=Y#rr>mh!!*AgeGfNP
-o`+u2K)^H&i;Wfu,g0Nq(BDXo!g!D0bM<1!-Hf*a*?CUK!3^tSRK*>kK)`pl!71?=
-!-$Bd!&4-I!=7k?s+::/rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X*Ld!.It@Zh!!%M#
-s2Y->;"t"k#j9Y9!3c+s!-!PiK)aa.!?EH/?NCrCbJ41@!.;uG!<=Ii9`Z7TRf<G=
-!!%WNT)Sil!.TV#a8Z.cp](;5d/O)"q#CF$kCW_cs53hW*@/g8!>ba\^]r$0X?`?=
-j3?B\!%,l`!?E2LrrRZM!.t6BrrN0#ItI^?rr>ml!!*Agd/O*Lq#CD6K)^H&hZ!Ts
-,g0Nq(BDt#"O>ren+l\W"T7uamc;mR!<=Ii9`Z7TRf<G=!!%WNT)Sil!.TV#`r?%b
-q>^M7cMmkuqZ$X&kCW_cs5*bV*@/g8!>bag^]VO-l20iI"9%iVhq6`c!%,l`!?E2L
-rrRZM!.t6BrrN0#ItI^>rr>mn!!*AgcMmmJqZ$V8K)^H&h>[Kr,g0Nq(BE4*!lEOQ
-jo5D]oB=oa!<=Ii9`Z7TRf<G=!!%WNT)Sil!.TV#`W#qaqu?_9bl7Ysr;Zj(kCW_c
-s5!\U*@/g8!>bal^]MC0qr%JTr9E(n!<=Ii9`Z7TRf<G=!!%WNT)Sil!.TV#`;]g6
-rVus)kKNr+YPeG$E.\+As4mVT*@/g8!>bam^]E$\pAY9I[srm8r'1BmIt+rZpAY0h
-k2+np!%,l`!?E2LrrRZM!.t6BrrN0#ItI^=rrCCE!!$u\rrb"U!!qb>s+::+rrF,c
-b?k8d!8tWn`pNR$!lodMn,NMTLX5bq!V5.+h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M#
-s24j=:]Ldab5VRI!!$tis+::*rrF,cb?k8d!9(]of_bOF!nV)kl2Ul&Gh;fl!W;->
-h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M#s24j<cN%q*rrOk[kCW_cs4dPS*@/g8!>baq
-^]<QorrKSgj8]3?\,-+)mc*%'!%,l`!?E2LrrRZM!.t6BrrN0#ItI^;rrH6baSu:E
-E.\+As4[JR*@/g8!>bar^]<QprrL_BhuEdKhu!ESo%rH`!<=Ii9`Z7TRf<G=!!%WN
-T)Sil!.Tq,\\A-T`kMM[Y.ju"K)`%S!?EH/?NCrCjhLo6lhg\^GkV1B)eEf*TqT-u
-f*8m]TlOpM'_hY/#`&<W!VP=2h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M2rr^l&5VRci
-U]:N'5Y.7!K)`7Y!?EH/?NCrCk.h#9mJQtbh`1E3!ZPIKnCI`8<ttH1!BA^/rrMfL
-k1p%<-Hf*a*?CUK!e11Mdf0B`L"YMd"6NH,FRK/0biX`]!WW4MPlCgZLF@`SRfEIC
-YCce`rrF,cb?k8d!9_,u_Xm^*!RD>S!!3@2Y3OU>Ti(Xd!>*TTrrD`Sh#RL&b=r!X
-*Ld!0IfKK?rr^q#-"H':"2=g94QHGAL&M&PbjbW849-[)^UjFHUQjojrrN0#J!L$7
-T-4(4"!D9,LP!:>^BD#qIom9\!!+dgK)`C]!?EH/?NCrCkJ.)\r;Qf4&GlG.0=Bro
-!N74>!!*YWr;QcbkM6.=-Hf*a*?CUK!e11MoD\efrVurOk5PO;!!">*rr@cP!!(75
-rrA;]!!,s3^&J4F!!">-ec,[N!.U@8!T,=)!!49^c[u1hrrTZC)#aL98FM01]DhmP
-,g0Nq(BE[7!8.5L!P\p<!!*:Ej4==YAbuH.+Q*+s!9WM$!<=Ii9`Z7TRf<G=!!)Wj
-!'L5\!6jU*"$?P`4QHGAL&M&Pbjk]5L&(cN-$8:brr=AE!!&86rrN0#J!g6>^CUAF
-(nZE[Rf<TdIh2S[.+a(N]`/!Q,g0Nq(BE^8!QtB>rrL^_qu?aT[G]X;W$;->!?gk0
-rrN&Ul.l@?-Hf*a*?CUK!e11MoD\eQrVurBk5PNG!!#.Arr@cP!!(75rr@cJ!!+Bf
-_>aKtrVurOec,[N!.UF:!13Zb!Isiqs-N`hmoTPi&@[8k^&J*R,g0Nq(BE^8!:Tmd
-!Uh0/!!,4/p"'8fTn`J\!f`o#p"'5e./X&G3;<CO!:oC1!<=Ii9`Z7TRf<G=!!)Wj
-!'L5\!6jU*"$?P`4QHGAL&M&Pbjk]5L&M&Q4=0k)!BeTDrr_Cn4L*E9!WW4MRf<Mo
-!!!;&K)_&7"GZsW#g\,&^Ae3S,g0Nq(BEa9!8.5L!+>^)!Bea(f)s0?6Oi_h!uk*l
-d.l2nasd/f!.XqH!9WS&!<=Ii9`Z7TRf<G=!!)Wj!'L5\!6jU*"$?P`4QHGAL&M&P
-bjk]5L&M&SbiXU*qu?aDUQb]Z!!%M<rrg@J!"dJ.s,m<aY5ePFkCW`KrrF,cb?k8d
-!:.E$_YO01!2'/h!Bea)f)j*+%Ia?!%;!]Xf)a#Br;Zj(ci*kDq<Hc:!%,l`!?E2L
-rrRZM!;$3j4T5<\bi\p349,@Ds8TifL!8f]!/:CP!6k!5!/:CP!6kHB!M_dT!!&e]
-rr^q:4O!g)!R/dBrr^qO;;(sK!l'H5p](08!9WhO!WW4MSGr`T(]XiVK)^o3"HNN_
-3;8%)_#FEU,g0Nq(BEd:!8RPQ!V[H0!!+%cq:>Y:'^Pf#)lWSa!Q,BF!!#RfrrD9K
-h#RL&b=r!X*Ld!0IfKK?rr>1\!!(76rrKlEr?VJdk5G;`49,@D@jV'R!@=!*rrJ?H
-r?VJS^\n*3L&M&Pbjk]5L&M&Pbl%J@L&CuP--Z5c!M`Nk,lqN<r;R1&!!#.]YpBAM
--):Kor?VGtq#:AZ4T6W-;5=$g"&U?jg&D!U49,@Ys)]Rd!!,4+r;Qhn4=0n*!@>#A
-rrN0#J"6N@Du]m)K)^i1")%Z7O+RDIrrF,cb?k8d!:7K%_YO01!0@$X!0m<2!++jh
-!-n=k!-nDA!3cA$!;Ys:!<=Ii9`Z7TRf<G=!!)Wj!'L5\!6k*8!V91b!!+Bfrr2s\
-p&G)&qu6]@4S\sWA,ZE-L&M&Pbjk]5L&M&PbkqD@^ErjZ!'L2Z!SKU4!!+C@rVm!H
-!!"=0qu?aD4So*YL&:lNUF#a:!BeU*rrC:B!!$O.rraVJ!$sc)!!#.[rr?R(!!#.P
-rrN0#J"?TAhZs3YK)^f0"SW`5)#&X^_>aNV,g0Nq(BEg;!8.8M!V[H0!!#C_f)a5c
-q>^U/:k,,8^B:*X:^Hmt!*B!J!%@dG!&4?N!9WY(!<=Ii9`Z7TRf<G=!!)Wj"$?P`
--1q3<fd6@m"3gfF4S8[SL&M#PjsBa%!2KPn!/:CP!6k!5!/:CP!6k<>!R)kh!!&8_
-rrM7.q#CFAg&D!R,ldoko)Jb:r;Qb,pAb1Urr2uBrVup\rr2sEp&G30s8Skk!!">E
-!!#.PrrN0#J"?TA:]LLAK)^c/"0V\)O+RDJrrF,cb?k8d!:7K$n,<7dO8T%Z#/'ib
-!RNt+!!,'Wp&>*fT-4"2!)`UE!3#eq!5JL4!:oL4!<=Ii9`Z7TRf<G=!!)Wj"!mpI
--1q3;4T,6e;3[h%!!">-s8P4[!!GEZbfjSr!!+D.rr2sqrW!'IFG5EGrVupqrr2tP
-rVurBnc&TCrVurBq>UGKrVup\rr2s\r;ZmF4=0t,!)`aq!%%LB!'L/Z![V>&rVurB
-rr2tnr;ZpGFKo?T!!$O.rrC:B!!%`Prr=AB!!.2+rW!%Ss8R3?!!d#Xg&J<'!/:"D
-!WW4MT)SoM!!#iIs,$aW0E;rAs2"^9*@/g8!>bb'^];IRrr=bO!!$@%f)T.T!!+4W
-nG`N]&GuM.Er+Af6i?ub;#UCprnd%u!<=Ii9`Z7TRf<G=!!)Wj"!mpI-2%9<L&CuO
-U]18q,ldokrr3*`!!"=0r;Qb,rW!%Bs8Tk5!!PLVs8ThrrVuq.rr2tPrVurBnc&TC
-rVurBq#:OE!!">-s.fMm$^C\kbU!5h-0G7--2[`DL!9Jq"&\4\FT)7?PlC[_-2mlI
-4S/UQL&M&PU]18n^]"35L&V)P-2[`LU]:??!!#mrs'u$.!0mH^!SO7<rrN0#J"HZB
-LB%=hK)^]-",?jV^OlL&rrF,cb?k8d!:@Q%hYmHS^\e'3[JSPUY5A8#+Q)Ve!RD>U
-!!*;,qpth;r;Zj(kPbD\l0[:-!%,l`!?E2LrrRZM!;$3m,ldokp&>"<rVuq_rVlsG
-!!#.\rrY@`!'L,X"sj6L4TGFkrW!&8s.`Hh!!'e5rr@cP!!(75rr@cP!!(7<rr>1\
-!!:CE;>pOqFT)4>FT)7BU]:??r;Zn`s31HB!'L8\!6kEB",6dTPl:X_4T59[L&M&P
-bl7VBL&M&PL&V)P-2dfDFT2:E,ldp-s8Skm!!,3WmJd4f!.UU?!^H_sK)^Z,"5a(Y
-BS-9$rrF,cb?k8d!:@Q%n,<7d@/U'*0Da9#0DtkO&D-dY#5R`J^Y\\_qYpT2#lO`'
-./MNq'`A"3L].5Qo'P66!%,l`!?E2LrrRZM!;$3m,ldokpAY-:rVup\r;QjF!!#.\
-rrY@`!'L,X$TnCh-3*uk!!"=!4T#0[-):G=!/:CP!6k!5!/:CP!6k6<!'L5\#0d)n
-!!">-rVllArW!%Ss8ODE!!?a2s4RAO!'L8\!87>O"$HV`4T5<\Z2O\&L&M&Pbl7VB
-L&M&PL&V)P-2mlE-3!oIjs:!-4T>?\A,H<-4JVBF!WW4MTDo#^!!$DYs+gUU2uk@Y
-s2+d:*@/g8!>bb(^];=Nrr<W/!!%cNf)VuO!!'5#rs\_YaM>TQ!.<VYipZjDrrA,X
-!!'2!f)TUb!!"_OrrE#bh#RL&b=r!X*Ld!0IfKK?rrXPI!%%@=!/:CP!/:@N"!mpI
-4T>?_49,@DqYpa^!!">Fs!@I@!@<Hsrr@cP!!(75rr@cP!!(7<rr>1\!!UU/,ldok
-r;Qc@rW!.Vs8OAF!%%UD"!mpI4T59d,ldp-s8OAF!%%RC!/:CP!6kHB!/:CP!/:FP
-!%%UE!+Z$.!6kEB!'L5[!H]Xc!!,sZnc&Xj!.UX@"4$rIYCce0rrRZM!.t6frrF,c
-b?k8d!:IW&eG]CI^\n-5#138!!(6\b!*K1!!U%>u^]KStI/Vk%i:[$J!&4?O!(6Y8
-!5/40!8mbT!93G&!<=Ii9`Z7TRf<G=!!)Wj"!mpI4SJdTL&M&PL&CrQ,ldp-rr3'_
-!!#.XrrtRc!%%[F-2RZC-&)0p!/:CP!6k!5!/:CP!6k6<"XO-K-3)3g!!#.ZrrC:B
-!!\/Ws!7XF-2miG,ldp-rVm0M!!">Fs!7XF-2dcCL&M&Pbl7VBL&M&SL&_1sr;Zi4
-rr2uBrVup\r;Qi\@jV'R!@?FirrN0#J"Q`C[f?ESeGfS[4L+SZ!jOkAW;ck[n,NC2
-"2@\qg&(dOk#"7UqYpZN4=,^-rr\kn!9\t6_uB`X,g0Nq(BEm=!9!hU!/LLQ!&+6$
-!Q,-?!!(@DrrMZ,r4iAq!.=_#!T*\OrrB8#!!'G(f)QN`!!&qqrrD<Oh#RL&b=r!X
-*Ld!0IfKK@rrC:B!!#.TrrA;_!!%`NrrY@`!'L8\"$?P`4T#-`fd-Uu4TGF-r;Zj\
-U\FcgL&M&Pbjk]5A,ZH.bk_8=L&M&V4TGF-!!">CrrAhn!!]4us!7XF-2miG,ldok
-rVm0d!!">-s!7XF-2dcC^]"35bl7VBL&M&SL&_1srVusFk5PA\bl.SB4Sf!XKdH]u
-!)`=e!WW4MTDo"c!!)34rr?R.!!%`IrrAhn!!&dorrR9B4S/RSk$o_7!!#mnrrY@`
-!%%LA!'L5\!5Hn\"1J71c[u27rrF,cb?k8d!:IW&li$h`=T&4"?Mi=SGl7UB;#L=n
-bko0WO8s\*h#Q[:rr=bO!!%9@f)S2:!!%9BrrDQVh#RL&b=r!X*Ld!0IfKK@rrC:B
-!!#.Xrrh#/U]8R;!!#.ZrrY@`!%%XE"$?P`4T,3[o0!!P#F,8g,ldokU\k&mk*2,0
-rr@cP!!(75rr>1\!!(7>rrAhm!!B"rs!@XE!5JL4$9S:g-0G7-,ldokrVls^!!">D
-rr>1\!!:CE4T5<\^]"04bl.SBL&V)PL&M&SL&_1srVupEr;QjF!!">?rrgOl!!">9
-rrN0#J"Q`BIfKJurr>pp!!&8ZrrAhm!!&7arrAhn!!&8VrrJl@q#CC@r;Qblr;Zhm
-r;QcMr;Zh-d/O3g!!'ccs24j;*@/g8!>bb(^]=!)rr=bO!!&#Uf)Rr3!!'5$rrDB]
-^]KStI/;Y!q>L<nO8T%Y;>\rFEr>t<;#UCoo^:N9!%,l`!?E2LrrRZM!;-9kbl.SB
-FT2:Bb`ksNrW!"Rs!@XE!0mK_!L+o0!!B"rs#g8\"XS9*b]G01!!#.\rr@cP!"C6.
-g&M)rF<pneU]:@JrVurBnc&SOrVuqnqu6YMr;Zg[rr2tPrW!'IUWgJ8rVupqrr3'H
-!!">Drr>1\!!(7Brr@0?!!8qqPl:Xd4Qc\Dfhq_K!'L8\!/:CP",6dTbl.SB-2dcL
-,ldoks8R1'FMIhT"MZ5_!%%49!WW4MTDntB!$Kek!SJdt!!'e2rrL=irVup\X8`4R
--2mlEA+op&U\=`g-2dcC;>gIp;>gFoPl1R^-.)YohZ*YkK)`ag!?EH/?NCrCm_Ai"
-rVlj'r;Zi*r7:tr#5nN%hu3QTde^`\O8s\)h#Qd>rrBh4!!"5?f)V<=!!"GGrrDl_
-h#RL&b=r!X*Ld!0IfKK@rrBh5!!=N0,piBf!^-Kmr;ZmF4=0n*"&]*u4S8[S^]"04
--2[`D,piHh"2Fm9L&M&Pbjk]54T,6[-2fq+-2dfE-/&7s!%%C?!@?FurrXPI!%%UD
-!-J2?!6kHB!/:CP",6d;-2mlG,s3LN!!C"9s+UFP",6dTbl.SB-2dcC4T5<]bfp"c
-r[%LC!)`=e!WW4MTDntB!$Kbj!R)kh!!+D;r;QaZrVusFk,\L^4T,6[4SSjUU\k)n
-;2',k!!">Crr=AD!!">Crr>pp!!"=lrr_-Y!5F-c_uB`X,g0Nq(BEp>!65!;!8%,K
-!7:Yq!3#hr!#YY6!6"`L!g!D0qV;/1rVlllqu?`Dr7:qVqu?`krr2usmbImD-Hf*a
-*?CUK!e11Mo`"odo)Jlts8P4S!!:jR4SJgV-*dCJ!R*\#!!$O.rr@cP!!(75rr?R$
-!!+Cir;Qf4-2@N@U](2p49,@-rVlkOrVuqnrr2u5rW!%1s8Ske!!?*us-3K_#DN3X
-js:!-4T,3Z;>pOsbiU5H!!+D!o)Aak!.UX@!e11mdf0<^r;Zg[rVlk-rVusFbcCaD
-L&:oN-2@K@bU*5g!@>M[rrZa2!'L5[!Tk^,!!">Crr=AC!!(6jrr_-Y!5F-c_uB`X
-,g0Nq(BEp>!6G-=!5JI4!#5=^!0-pW!(d(g!;60'!g!D0q:u&JrVljGr;Zi#r7:qq
-qu?`SrVu<A!<=Ii9`Z7TRf<G=!!)Zk!Tk^'!!=MnA(gh\!FmGS!":/`PU-;Uk5V\4
-,s3LP!!4HVk5##XKdHWs![U^KrVlu)!!#.MrrGtCpAb4Vg%t^LbWPe'!BdXbrr[rT
-!)`^p!/:CP!/:FP!87>O!)`aq!O4cb!!PK[49,@krr3'_!%$e,rrXPI!)`[o!0mH_
-"53^h4So*[,uN@crrN0#J"Q`BIfLV=rrA;^!!?a2s+UCO!0ljM"5-OKg&D!Q^P0nS
-rrLe!qZ$W?q>UFWrVusFbl%JBFCX#&rrBh2!!(7BrrCaL!!'d]rr_-Y!5F-c_uB`X
-,g0Nq(BEp>!7(QC!5JI4!%@`r!-8#<!-nJB!9a0n!g!D0q:u&ErVlj_r;ZhkqptfW
-r;ZiTrVu<A!<=Ii9`Z7TRf<G=!!)Wj!O4cc,m6>-KtldGrrhJZKnZ<$rrUl-^]"06
-k5YJ[bk1o<g!#/7bk_8>g!&g_"I)"p,lmoj!Frn<rrBh5K`Jm`rrLfsr;Qc3rVurO
-rVltA,s9lYrrC:BK`Kg*rrJ@Kr;Qc@r;Qi54Ce6f!b4?trVllNrIk9Ik3r<O!!%M@
-rrRZM+OL,gA,QB.KtmQd!)`Ok!L,_F,lqMjr;Qs`!!#mrF=$nd!BeTlrrP;/;<@fX
-4T5<\-2mlEPktC[FT)7@--Z#]!/::M!/:FP!/::M!/8i#"5a(Y^OlL'rrF,cb?k8d
-!:R]'d/EtE^\n-42>bu*C]+55J,TBIi;(.iO8s\(h#R0Irr>=_!!&_if)Qcg!!(pT
-s6e\D!%,l`!?E2LrrRZM!1*Wck02W\!l'H([/U1-!.UX@!e11mci3u-r;ZgDrVusF
-oD8IfbWP\$!+Z!-"=4$J,s;&)!'KWJ!0mH_!6jX+!/:CP!Bc)8!!$O+rrM7.rVuq_
-oD\eQqZ$V+rr2s\qZ$V+dJj=+!!'ccs24j;*@/g8!>bb)^];a[rrBh4!!"nRf)TUb
-!!%NIrrD!Q^]KStI/2RupAP!k5lCZ_U&3FA)uTa:hu3TCh#RL&b=r!X*Ld!0IfKJ#
-s.95l!!%M@rrRZM+O9ue4Sf$X^\[s2jsBa%!2KPn!%%==!5Iq$!/:CP!6j[,!Tk^-
-!!0@KrVupEqu6Y+rVupqo)A\9qZ$aFs8V4-qZ$UYdJj=+!!'ccs24j;*@/g8!>bb)
-^];a[rrBh4!!"nRf)TUb!!%NIrrD!Q^]KStI/2RupAP!k5lCZ_U&3FA)uTa:hu3TC
-h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M@rrRZM+O9ufbU*/e!0m<Z!)`^q"=8/DKi.gL
-!)`aq!%%LB!HaS*!!%`?rr@cP!!(7,rr>pq!!Z=#s!7XF-2[]B-2mlE^[qI*g%k[N
--3+"0rW!'`,ldokdJj=+!!'ccs24j;*@/g8!>bb,^]W$Cn+6MX!5JI4!&aZ*!,MN5
-!.XtI!;H<X!oq&Pq=XgerVlj_r;Zhkqptfer;ZiTrVlunoBYE,h#RL&b=r!X*Ld!0
-IfKJ#s.95l!!%M@rrRZM+O0od;>gIp4Sf!W^]"3:4S/UQ^HDJq!+Z$.!%%OC#,D4u
-,ldpBnc&T2r?_FCr?VGcmJd0krW!'Ik5YHDrVur5rVlkmrVup\o)A]SrVus]4T5<^
-^]-Fq!!/<HrVurOdf0F,!!'ccs24j;*@/g8!>bb.^]DaRq>UH0r;ZgTqptg`r;ZhI
-jSo3Fr;Zhkqptfer;ZiTq>UKfj7M..!%,l`!?E2LrrRZM!.t6BrrN0#J"Q`BIfLV:
-rr?R+!!';#rr?R.!!C"9UJ^ph!5JO5!%%RD!-J5?"!mpI4S&LQjsB[#!6jm2!'L5\
-"B!BsKdH]u!/:CO!+Z!.!0m'S!'L5\!L.^*!!dW.,ldoks'u$.!2J!B"5a(Y^OlL'
-rrF,cb?k8d!;=2/_WU[n!5JI4!&aZ*!,MN5!.X)0!'pJ_!29;A!#tk:!8mPN!:BI8
-!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UX@!e11mci4!!q>^OBoDAOk,ldokKfo85!@=N>
-rr=AE!!">ErrhI1!!#.Orr>1T!!">6rrM7lo`+tSrVlj[rVurBo)A\9rVuuP^]"36
-4I#gF!`Au^rVuq.df0F,!!'ccs24j;*@/g8!>bb0^]<]orrBh4!!"nRf)TUb!!%N0
-rr>=_!!&_if)Qcg!!(pMrrM`JpY>iM-Hf*a*?CUK!e11MK)_GB!WW4MTDntB!$KYg
-!2KJm!B_\-!!#mnrr=A@!!+C"qu6XBrVuq.rr2uBrVup\nG`U7KnX%9!!K(@b_>3J
-rr>1R!!">Drr>1\!!(77rrBh5!!ahMs!7XF,piNj!i,e>rVupEdf0F,!!'ccs24j;
-*@/g8!>bb1^]<*]rrBh4!!"nRf)TUb!!%N0rr>=_!!&_if)Qcg!!(pLrrDZbh#RL&
-b=r!X*Ld!0IfKJ#s.95l!!%M@rrRZM+OU2hU\t/o-1eD?!!&8]rr=AB!!+C"qYpQ>
-r;Zi4rr2uBrVup\mJd0?rVurBli-rIquH[A!B_\-!!(7Brr>1\!!'e0rrSsL^]+65
-A,ZH1;?-YYqZ$UBrr3*I!!">-e,KO-!!'ccs24j;*@/g8!>bb2^]DIRr;QeQ+LV7O
-5aV6CrrD-Th#RL&b=r!X*Ld!0IfKJ#s.95l!!%M@rrRZM+O^8jbU*5g"=;:ls'u$.
-!@>tgrr=AD!!,3Wq#:?<rVusFk5PA\bl.SB4RN.KL&M&Pg$J_=^\n-5UWiZ9!+Z!.
-!/:FP!-J2?!)`Xn#j+ta!%$e-s!@XE"-iicFSc%<A,cK.4T5<\UXT5FhZ*YkK)`ag
-!?EH/?NCrCpqQmirVlom33iMb0^nu?!;6-C!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UX@
-!e11me,KHm-2mlF--Z>f!'L5\!'L5["=4$J-):A;"m2&6s8U=B!!">CrrXPI!%%%4
-"0hh+-0tR2;>pOq4So'X^]"354T>?\g&1mNA,ZE.KdHZt"3gf--2mlHbl@^rqZ$W2
-rr2tPrVupqe,KO-!!'ccs24j;*@/g8!>bb2^]=91rr?H2!!#:_rrN,Vq:u&O-Hf*a
-*?FVK!8"@Q!e11MK)_GB!WW4MnG`L?Z2XlT!$Kek!R)kg!!';%rrBh4!!#mqrr@cP
-!":0-g&M)rF<pneU]8R;!!">CrrXPI!%%"3!l'HOm/I+K-2mlEU\Xoi-2mlEg&D!O
-A,QB0,s4:9qu?g]s8U=B!!">Drr=AD!!">DrrBh5!!"=orr_-Y!5F-c_uB`X,g0Nq
-(BF9H!6kEA!8"@R!8mbT!9a16!<=Ii9`Z7Tnc&Z_+LeKQ!e11MK)_GB!WW4Mo)Acp
-0UK'E!e11mec,[4-2dfDU\aujL&CuOA,cK.-2[`D,piHh!l+cZrVupEr;QaZrVurB
-ec,VkrVup\q#:>9rVuq?rVlj[p&G)&rr2tPrVupErVlk-r;Zh-r;QaCrVurBeGfX.
-!!'ccs24j;*@/g8!>bb3^]<$crr@<B!!#!gIfL>a!!'5$rrD?[h#RL&b=r!X*V9:5
-T-++NXT&?O!!("<!-J2d"$A\f^OlLFrrN0#J+WaDY:oq^n$2loIfLVArr@cO!!&eh
-rr>1[!!M!Ts3*V"!!d$6s5kU-!'L2Z!)`^q!6j!n!)`^q!2K>h"Qh!1!'L2Z!'L&W
-!BdXcrr@cP!!#.[rrBh4!!'e3rr>1\!!%`&rr_-Y!5F-c_uB`X,g0Nq(BF9H!8.8M
-!+>a*!2$e$!+>a*!2'5i!:'C9!<=Ii9`Z7Tp&>&b+T;?@E30'@IfKJgrrAhi!!+C1
-K)ap3!WW4MpAY/s0`D%P:pBs$IfLVArrA;_!!&efrr>1\!!(^NrrIg"qu?dE;6g*"
-"!mpI;>gFoPl:X_g"$*)ffUQjpAY5i,pg>'rrJlWr?VJAU\k&k^]"35U\t,o49,A'
-qu6YMrVuq_eGfX.!!'ccs24j;*@/g8!>bb3^]<$crr?I*!!&YjrrMB.]u9tDr;Zhi
-rVll_q:u&O-Hf*a*?FnS!M:M4!!(?HrrRZM!65$=L%bQJ4P>>dk5PJ_!.XeD!O"3T
-!!'4,rrRZM+OpDmKfl.'rr_ji-&)3q"PM"QPg'"(!l$j-qYpV,4L)j)!9WSH!i&Vf
-qYpSkbk_8?F<tGGrr_-Y!5F-c_uB`X,g0Nq(BF9H!8.8M!+>a*"/#Vn`Oh'/2#RCS
-TDecilM96:!%,l`!?E3VrrJ`7qZ$U5X8`6N!!(%=!/:CP!@9&h!!+C@K)b$6!WW4M
-qYpT"0_tbLpTXZ!IfLUCs+^OUhZ*YkK)`ag!?EH/?NCrCq7m!_rVlk*r;Zqls7_Sd
-MuY^5!!&YirrD?[h#RL&b=r!X*W,j;T-3q0!'mUb!e11M`r?$mrW!)Fs3-]iqu?`3
-K)b'7!WW4Mr;Qf$0_k\K+KteHIfLUCs+^OUhZ*YkK)`ag!?EH/?NCrCq7m!_rVlk*
-r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9`Z7TrVlnj+SPj9@&s;/IfKJgrr@cP!!(7A
-rrJ?1rVupEK)b'7!WW4Mrr3#&0_YPI5d11hIfLUCs+^OUhZ*YkK)`ag!?EH/?NCrC
-q7m!_rVlk*r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9a)OXs8S]6RfLJ.!/:CP!6kB@
-!R)kh!!&8Js8:(@k3`0Lbi\d%!R0^"rrLg+q#:EKbfo2Kr6,0'ir9/^!.Y$P0Ve[O
-0W0C#+G0WJrr_-Y!5F-c_uB`X,g0Nq(BF9H!8.8M!+>a*!h]M^\r6VGr;ZhirVll_
-q:u&O-Hf*c*?CapR/l+D!^%c+m/I'>rVurBqu6Y\rVup\qu6]3A,R\S4I#^B!i%k(
-qu?aDZ2=P%UJ_":!Ft9irrXPI-/&4r&L@E'Z2aj!,s9l\UHBh&!'Js4rrKAerW!!G
-;8;u-!P`.C,lp,mqYpVl4=0n*!@>#2rrW6$="p9I!cn>aK)^T*"5a(Y^OlL'rrF,c
-b?k8d!;XD1f_tgM@/U',TE"DlMuY^5!!&YirrD?[h#RL&b=r$Y&eLE1hu<\@rVurB
-mJd/`rVurBqYpXD!!#.Zrr@0:!!+CirVlk-p](:VrVloO4So*Z-):J>!2KMn!/:CO
-!6kEB#DN3X,ldpB4So*Y;>pLpU\OliA,Q?,FSPn;--Z>f!+Yd(!'K<A!WW3/T)\pk
-!$HmnLAqA5!!'ccs24j;*@/g8!>bb3^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:
-!%,l`"<ANOIh8%Khu<\1rVurBmJd/KrVurBqu6Y+rVup\rVlk>pAb1Urr2tnqZ$UB
-rVup\rr3#]-2@ND-/&=uL&M&PL&M#OL&M&SL&_0!pAb1>rr2u'pAb3;rr2t?pAb1U
-rr2tnqZ$UBrVup\j8T5^!.0bDU&Y9,HN51?s+^OUhZ*YkK)`ag!?EH/?NCrCq7m!_
-rVlk*r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9a2UYs8VP;&G?)(33.N156(]@rr@cP
-!!(71rr>1\!!(7ArrM7lr;Zh>rr2u5r;ZstKnXUprW!&Rs8R3?!!d#Xg&J<'!/:FP
-!'L2[![TrTrW!$ts8Psq!!&emrr@cP!!@rTs!@RC"XRY)!!">Err=AE!"*5[b]G-2
-!87DP^\n-8;2'^G-2mlHg&M(orW!15bh<$$,liYZrrrH'J,f8()"mq0.'\7)Qfihu
-+G0WJrr_-Y!5F-c_uB`X,g0Nq(BF9H!8.8M!+>a*!h]M^\r6VGr;ZhirVll_q:u&O
--Hf*a*?G+Y!q1UMp](:rX8`6N!!)'Z!-J/crW)mC!-Ic2!'L5\"a#HP@lu(9!!+D;
-rr2sqrVuq_rr2tPrW!'Ik5YHkrVuq_rVloOU]18nU\t0"PlLd-,ldokk5RRC!!(7A
-rr@cP!!@rTs!@UD$&/EZ49,@-s8RfP!!#mprrUl-^]+65;>pOqPlC[_L&M&T-0G7-
-A,ZH.Pl:U_fq[R,!WW4Mrr3&oNu7Wl!'%1^!e11mK)^T*"5a(Y^OlL'rrF,cb?k8d
-!;XD1f_tgM@/U',TE"DlMuY^5!!&YirrD?[h#RL&b=r!X*W,j<msboF!!#!ZrrRZM
-!9F.\jsB[#!6k$6!'KoS!@>thrs7a5!!#mrk&_pJ!!#mqrrAhm!!,3WqYpOmrVuq?
-rVlk>rW!"ps#g8\!6kEA!/:CP",6dT-2mlEPlC[i@fQKks8OAF!%$e&rs7a5!!#mr
-k&_pJ!!#mqrrAhm!!,3WhZ!WW!.XqH!r%`mq>^L4YQ"ZR!$HmnLAqA5!!'ccs24j;
-*@/g8!>bb3^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:!%,l`!?E3VrrVY=&GuM/
-&GN:+!e11Mj8T*Ap&G(=nc&SOpAb7@A*3ai!2KMn!d%ouqu?^or;Qb,qu?a[U\t,p
-,ldokk5G;[bl.SDL&X:7!!(7Arr@cP!!^4<s!7XF4T,3^@o:qZU](5nFSGe8U](5p
-FCQWp!!#morr?R,!!,3Wi;WiY!.XkF!r%`mqZ$WZYl=cS!$HmnLAqA5!!'ccs24j;
-*@/g8!>bb3^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:!%,l`!?E3TrrVY=&H)S/
-YH7a*IfKK.rr^K!Kk()^"Ja2bL$%q*!'L#V!@>#Jrr@cJ!!,s3qYpS<-2[`K;<IoY
-js:!--2dcCbl.SDL&X:7!!(7Arr@cP!!^[Is!7XF4S\pVA,ZH.g%YLHL%kWK;8;u-
-!H]Xc!!,sZir9&[!.XeD!r%`mr;ZhYYl=cS!$K\h!R.><K`Rt2lMgs?,s9D's4I>R
-hZ*YkK)`ag!?EH/?NCrCq7m!_rVlk*r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9`Z7T
-p&>3aIh2S[:osZuIfKK+rr@cP!!(71rr>1\!!">B!!+Bfr;QbNqZ$[D;8;l*!p3u=
-r;ZpGg&K:q!!#.ZrrC:B!!7lSFT)7?bl.PAL&M&Vbl@\h!!#.VrrY@`!%%@=!/::M
-![U^Yp\t<W@jV'R!@?FZrrN0#J+imGpQ$-k!&1YW!e11mdf0;EqZ$[D;8;Jt"!mpI
-4T,3\k(UR7rrTrhg!Tg%hZ*YkK)`ag!?EH/?NCrCq7m!_rVlkBr;Zmq^U1Rc!$D.>
-!2oeq!:'C9!<=Ii9`Z7ToD\s^Ih2nSXoAHP!!(pV!/:CP!86c>!'L5\"52@;-2[`D
-4PB`6!/:@O![V@=o)A`E-2mlK;?-YB!!">CrrAhn!!8qqL&M&P^]"04L&M&Vbl@\h
-!!#.VrrY@`!%%@=!/:@O![V@=o)A`E-2mlE;<.ZX!!%N@rri(W(]`0mrrRZM+Og>k
-jsBd&!-IW."!mpI4T59_fd-UuFI)q,Pl:X_Z-rXShZ*YkK)`ag!?EH/?NCrCq7m!Y
-rVllDXoJIJrVllYq:u&O-Hf*a*?F\M!q1W:XoAHP!!(pV"0hh+-1(X34T5<abl@_*
-@jV'R"=:>Qs.fPn!'L,X!l'HBq#:TC,ldoks8ODE!!'e4rrtRc!%$e-Pl:X_L&M#O
-L&M&Vbl@\h!!#.Vrr@0?!!&ekrrgR!s8Skn!!#.XrrTrhg%bRMbU!5h-0,",!!%N>
-rrVqUO0S]dIfLV?rrC::!!$NsrrXPI!'L5[!/:CP!%!s2!'L5\!)_2E"5a(Y^OlL'
-rrF,cb?k8d!;XD2_YsH5!'mag!$M4>!9!\/!<=Ii9`Z7TRf<G=!!(mU!l'HOm/I&J
-rVurBrVloO4T#0]^]4<[rW!I+^]4>rUJV!k4TGG'4ES@;rs-:b!!">Fs+UFP"=9he
-^HDJq"&]*ubl.SG4MT+TKfo>7#0d,I,ldp-q#:?/rVusFPlC[fUHAMVZ2ahMrW!I+
-^]4>rUJV!k4TGG'4ES@;rrg(_!!">*rrN0#J"Q`BIfLV?rrC:B!!IDfbbI<!!!':m
-rrXPI!'L5[!2KMn!)]'^!+Z!.!0kq3"5a(Y^OlL'rrF,cb?k8d!;O>0j8JuYh[$Lf
-!>+/errD]dh#RL&b=r!X*Ld!0IfKJgrr>1\!!(7?rr?R-!!>@`s+U@Nr[%LC!^-M,
-r;cgCr;Zgprr2sEp](=@g&D!O-2%<CPlLb0!!#.Urr>pp!<+;C!!@rTs+U@Nr[%LC
-!^-M,r;cgCr;Zgpj8T/\!.UX@!e11me,KElrVuqPrVlk-rVup\n,EJ9!!#.ZrrSrX
-A!HupKfk(:rr_-Y!5F-c_uB`X,g0Nq(BF6G!6kB@!S9<=!!3F.fDPXKj7qF2!%,l`
-!?E2LrrRZM!65$=4T5<\bkh>>U](5n4T>?\FS>b<--ZDO-27H@-/&:t!P]rV!!&em
-rr@07!!\/Ws!7XF4SJdT4SSmW-/&:t!-Ir8"=;:ljsBd&!@?FZrrN0#J"Q`BIfLV?
-rrA;_!!%`NrrY@`!%%+6"!mpI4G*Ucrr_-Y!5F-c_uB`X,g0Nq(BF3F!9O+X!T-HH
-!!@G[^UM1U!+c$.!I+#0rrDQ_h#RL&b=r!X*Ld!0IfKJgrr]MP!'L&V"0jsNbl.PC
-^JQ<T!!4HgoD\aj^HDAn![U^sr;QfA4T#0[4L+e`!H]Xc!!">E!!\\fs!7XFFS5Y7
-F=$hb!@<HsrrTr4-2[`E-$8bXrrKksqZ$[D;;'t/!WW4MTDntB!$Kbj!/:CP!5JI3
-"$?P`-1Cj9,ldp-nG`R6bi[LV!TqW(rrLfsqYpTLbl.PCKfk(grr^r=UZVLS!jOjt
-rr3)_UQjI'rrQ[mZ2Xb)b_<ggrr_-Y!5F-c_uB`X,g0Nq(BF3F!Q+O,rr?I*!!Akn
-s7F:^!/CFP!2'/g!;-!@!<=Ii9`Z7TRf<G=!!("<!TqVmrrgQ@Ktl=:rrCaNK`Rt2
-q#:?/re1?ep\tN6KnZ;Ts)]Psrr3&7;0;C/"J^ZJKtm?]"O*Wp^Y/G_!87=)!Mef8
-rrN0#J"Q`BIfLVWrrZaW4Qc&2!/:CP!6kB@"!mpI-2dcIk&`^3,s7t"rrXPI!'L5[
-"2?-.A,?30@jM*T,pe9DrrQ%DFSYq=YpC]koD]EU4=-d&^JQ:'!%"E?s+LFQA,Q?2
-K`D*8s8Skn!!9pZ4T5<]-$9.d#Nd<4!/:#A-2mlE;>gFrKdA%?rr314!!">FUF#m>
-!@=N:rrJm:r]C48k3r<PhZ*YkK)`ag!?EH/?NCrCp:p^Op&+gi@/U'-TE"r``Rb*E
-r;Zhir;Qcdp"]WK-Hf*a*?CUK!e11MK)_GB!WW4MTDntB!$LY.!87>O!/9h?!/:CP
-!6kEA!-J2?!)`^p!JMis!!#.ZrrXPI!'L5["?ZYa-0G.*!'L)X"!u1kA,ZH.Z24J&
-,ldokoD\qj!!"<BqZ$gHs8OAF!%%RC#!;kc-3+"!rVus]-2RZEU]:A<rVusF-2RZB
-A,ZE0,ldokrr2s\rVup\qZ$XCk5>5[KdHTr!@<Hhrr_-Y!5F-c_uB`X,g0Nq(BF*C
-!:0U`!+>a*"/#VnoYoD^LA_)PTDecimI]38!%,l`!?E2LrrRZM!.t6BrrN0#J"Q`B
-IfLVXrrC:B!!%`?rr@cP!!LOGs4Lo\!!'e5rr@09!!$O-rrXPI!'L5[!'L5\!6kEA
-!'L#V!^-L)rVusFoDJUgL&M&P4S/RQ4SAaYbl8sh!%%RC"sj6L-3+"!p&G1Ws8U=:
-!!">DrrXPI!%%XE!'KrT!-J2>!'KuU!'KfO"5a(Y^OlL'rrF,cb?k8d!;+&,kPbD\
-@/U'-TE"r``Rb*Er;ZhirVll_o\BNJ-Hf*a*?CUK!e11MK)_GB!WW4MTDntB!$LY.
-!6kEB!/9h?!'L5\!^&Rkqu?_,rr2u'r;ZmF4=0q+!5JO5"!mpI4T59^49,@-rVlkO
-rW!9OUWfJq!!#mrjsC!,!+Ys,!%%UE!2K/c!'L/Z![U]@rVuuCg&:sO-2dcI,ldok
-s8RfM!!k]^49,@-s8U=?!!4I2A,ZH.bl7VE,ldp-rr2s\qZ$e0UEom?4T>?\4T,6^
-4GAJdrVupEnc&^K!!'ccs24j;*@/g8!>bb.^]<Qrrr?I*!!@G[^UM1U!+l*/!2'5i
-!:'44!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UX@!e11mnG`Na4T6Z+!<"2D;=XYd4SJgU
-A,ZE-4T5<`4Qc\DA,ZH.A,cK1,ldp-rVls^!!">Drr=AE!!'e4rrJ@Krr2tPr;Zi4
-rr2tPrVupEo)A\Pr;Zq0oDaOD!!1<frVup\r;QsI!!">Fs+U@N"$HV`L&M&Rg&K:o
-!!=Oks31HB!0mK_"!mpI4T>?\4T#0cA,lQk!!">Fs-3K_!@>MZrrXPI!%%18"5a(Y
-^OlL'rrF,cb?k8d!;+&,kPbD\@(61:TDecilL`m5!%,l`!?E2LrrRZM!.t6BrrN0#
-J"Q`BIfLV\rr=A<!!%`Drr>1W!!+C1rVllNrVusFk5G;^,ldokrr3'H!!#.[rrXPI
-!%%XE!/:CP!-Ir7!'L5\!)`aq!%%UE!/:"D!'L5\!+Z$."eu%t-0EGN!!#.ZrrsbL
-!%%[FL&CuS-0G7-L&M&Rbl>ob!!BM+s31HB",6dTbl.SB4T>?\4T,6[4T>?b49,@-
-s8ODE!!'e3rrXPI!%%18"5a(Y^OlL'rrF,cb?k8d!;+&,kPbD\@(61:TDecilL`m5
-!%,l`!?E2LrrRZM!.t6BrrN0#J"Q`BIfLV\rr@06!!'e)rr>1\!<,(]A#&r$!/:CP
-!+Ys,"$?P`-3!oH,ldp-rVlsG!!">ErrXPI!%%=<!3uJ&!l+bhrVupEnc&_S!!">:
-rVm"S4L+q1rVup\r;QsI!!#.]s+UCO!/:FP!+Z!.!mL\gr;Zgprr2tnrW!%Ss8U=B
-!!#.\rr>1[!!'e5rrj\K!%%ZurVup\r;Qo^,ldp-nc&^K!!'ccs24j;*@/g8!>bb.
-^]<Qrrr?I*!!Akns7F:^!/CFP!2'5i!:'44!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UX@
-!e11mn,ELCP_Fhj!!IDfb`om4rrY@`!%%@=!+Z!.!2KJl"$?P`-3!oH,ldp-rVm3N
-!!">Fs5kU-!)`Cg!)`^q!^-K/rVuqPnc&\R!!">?rrC:B!!#.ZrrsbL!'L;]L&M&Q
--0G4,!'L5\!mL\gr;Zhmrr2tPrW!%Ss8U=B!!#.\rr>1\!!">Drrj\K!%%Z?rVuqP
-r;Qc@xxxxxxx&^K!!'ccs24j;*@/g8!>bb.^]<Qrrr?I*!!Akns7F:^!/CFP!2'5i
-!:'44!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UX@!e11mm/I(0rVuqPmJd87!!#.Trr>1\
-!!(7@rrY@`!%%XE"!mpI4T59a,ldoks8U=B!!%`FrrBh4!!#mq!!">7rrY@`!%%C>
-"!mpI4T,3`,ldp-s8P4\!!#.[rr>1\!!:CEL&M&P-2miDL&M&SL&_1srVup\rr2sE
-rVuq?rVm$I!!">FL&M&PL&CrNL&M&PL%50FhZ*YkK)`ag!?EH/?NCrCoY:IirVlk*
-r;Zqls8V`1f)UR(!!&YirrD?Vh#RL&b=r!X*Ld!0IfKJ#s.95l!!%M@rrRZM+RK+.
-bl.SBPjSJQ,ldp-pAY,HrVuqnr;QjF!!">ErrXPI!'L5["sj6L-3+"hrVuqPoD\f#
-q>^MLnG`SQ!!">>rrXPI!'L2Z"sj6L4TGFDrVuq.rVlj[rW!#Ds+UFP!%%UD!/:CP
-",6dTbl.SB4T>?\-2mlEU](2r,ldoks+UFP!/:@N!'L5\!2K)a"5a(Y^OlL'rrF,c
-b?k8d!;+&,kPbD\@/U'-TE"r``Rb*Er;ZhirVll_o\BNJ-Hf*a*?CUK!e11MK)_GB
-!WW4MTDntB!$LY."Qh!1!86c>"!mpI4SJdTU](5n;>pLpPl:X_A,cK1,ldp-rVlsG
-!!">ErrXPI!'L/Y!TqW'rrM7.qu?^Cn,EJP!!">>rrXPI!%%RC"sj6L4TGFDrVuqP
-rVlkOrW!"as+UFP!'L5[!6kEB"&]*ubl.SB4T>?\-2mlEbl.PA4T5<]ft[Ld!+Z!-
-!0mE^!6k!5"5a(Y^OlL'rrF,cb?k8d!;+&,kPbD\@/U'-TE"r``Rb*Er;ZhirVll_
-o\BNJ-Hf*a*?CUK!e11MK)_GB!WW4MTDntB!$LV-!p53Om/I/6!!#.Srr=AE!!?`T
-b_>uq!5JO5"!mpI4T59^,ldokrr2sqrW!4$g&M*7@jM+;qu6Y+qu?_Nn,EJP!!">>
-rr>1\!!J#"b`m5K!!>@`s#g8\!/:CO!/:CP!d+HrrVup\rVllArW!$_s8U=B!!#.\
-rr=AE!!(7Arr>1\!"$F?,ldok^]4=uqu?`@nc&^K!!'ccs24j;*@/g8!>bb.^]<Qr
-rr?I*!!Akns7F:^!/CFP!2'5i!:'44!<=Ii9`Z7TRf<G=!!(^P!P_M1,lqN<jo5>P
-rr3"/;;M6Rjuh>orrg)64?S>jrrM8(r]C1Fo)Acr4I#aC"MZ89s7?)@!5I7f!WW4M
-TDntB!$Kbj"!mpI4SA^SL%bQIA,ZE0,ldp-rVlsG!!">ErrBh3!<+;D!!">BrrM^;
-rVusFk3r<P49,@-p\t58p&G1@s8P4\!!&8^rrC:B!!5:_L&M&P;>gFu,ldoks8U=B
-!!#.\rr=AE!!(^Nrr@cP!!7lSFSu1?,piEg!86oB"5a(Y^OlL'rrF,cb?k8d!;+&,
-kPbD\@/U'-:Odk?`G5H@r;ZhirVll_o\BNJ-Hf*a*?CUK!e11MgA_5L!!*!\"!mpn
-^Zb\!o/qa+rrG5.h>[O=!6kB@#GV8F4?NU+oD&=jYpBB44='tio`#$b,liYrrrdEi
-s8U=>!!%`,rrN0#J"Q`BIfLV?rrXPI!'KoR!)`Ol!'L2Z"!mpI4T59^,ldokrVlkm
-pAb2'qYpOXrVuq.mf*AO!!">>rrM7.pAb:As8QU.!!(7ArrCaO!!5:_U](5nL&CrT
-,ldoks8UdO!!#.\rrXPI!%%RC!0mH_",6dT4Sf$[,ldoknG`UJ!!'ccs24j;*@/g8
-!>bb.^]<Qrrr?H:!!&YirrD?Vh#RL&b=r!X*Ld!0IfKK'rr_C0-,9EY!gE[2kl1_.
-!/:FP!SP]SrrhIH!!(7Ars7a54S/UQUB"g!rrOJm^]+67@fU$3rrZ*u!/:=M"smdZ
-s+LHJr6,04gA_3S!.UX@!e11me,KNF,pfhfrrI3fr;ZjEA,H9.49,AVrVltR,pd[2
-rrKksqu?dE;8;u-!87>O!@?mrrrZ*u!'KuT!R*\(!!aer!!">Fs-3K_!87;M"XO-K
-;?,>K!!&8]rrZ*u!%%XE"&T%EZ2Xb*;#gSBr;QcMrVuq_rr3"@-2dfH;02d<-1Lp:
-hZ*YkK)`ag!?EH/?NCrCoY:IirVlk*\,ZN$rVll_o\BNJ-Hf*a*?CUK!e11Mg]%>>
-!-J,<!`8s4l2Lh/!/92-"dC;5493V(rrR9BU](2o4=0.drrSqqFSu.>,pi9b"I&mK
-!/:@N#Nd>-s8PqBk1'D4!!%M@rrRZM+Me!\k*1RRPihfA!R06orrM9Eq>UWOKlggh
-k4nrVA,ZH.A*s9uk$qoSo`#6NP_Fh8s3*Sf^]+67F?Hi*rrTGfA,cK0PWXZsrr^qO
-;;(pJ!87;M"6NHXg&(dNKfk(drs6AnL"ZJg!!">7rr_-Y!5F-c_uB`X,g0Nq(BF*C
-!9a=\!+>a*"/#VnoYoD^LA_)PTDecilL`m5!%,l`!?E2LrrRZM!8IMTK`H5lrrTrh
-^]"09UHBhbA(ge[&E[Ib,s7t&s'n.k,s7Fl@o<4)"m0;W,s7Fjrs+ccs._\&4I#U?
-#0['0^P)[3rVlm\-2dcEK`InErrTrWPl1O^4=0b%"kb23K`Hi)rrJ?1rr3!F-.Dkq
-!!%M@rrRZM+Hla*jsC!,!83M7"!mpI4Ri@QhZ*YkK)`ag!?EH/?NCrCoY:IirVlk*
-r;Zqls8V`1f)UR(!!&YirrD?Vh#RL&b=r!X*Ld!0IfKK'rr^pS-):26#@d`[4?Oo9
-U]19*YpBB44='u;s'n.k,s7Fl4=1",#GWRF4?Oni4T>?dKdC4T4?OniFSPk?fq\TI
-K`K?qrrFDlr;Qi5!/:%E!p1dTp\tCZ4TC*8L&CrO;*=jX"slCH@m"89f`)!Q!.UX@
-!dF\NP5bN9rVupqOoGEVrVuq.nG`U:!!'ccs24j;*@/g8!>bb/^]DaTrVlk*r;Zql
-s8V`1f)UR(!!&YirrMiOp"]WK-Hf*a*?CUK!e11MgA_A!!!"<-L!9Go!egVarr38J
-,ph^Rs!8u+rr31"!5JQX!/:FP#<X=4s5kUR^]+6B@fU$=s+LG!bl@^e,pi3`!egWu
-rVlmE4T,3\bQ(N3rrQ[1L%tZPF9')UK`Hi)rsU3-s8U:C,lf5;!!%,orrN0#J"Q`C
-QN.$KPQ(V/rVuqnR/[01r;Qf4-2mlE^[V7*[f?ESK)`ag!?EH/?NCrCp:p[\qu6Y(
-r;Zqls8V`1f)UR(!!&YhrrN&[p>#`L-Hf*a*?CUK!e11Mg&D,g;'l2A!@;7SrrOJm
-oDS[nUB$PYUB#E7rs$5#Z2`#JL&V)V4=1%-PQ6F8rrsbqk5U,8Pl:U`493UurrRlS
-bl.PB,s;,*!mCX,o`"u&!'L&V#JU7ms8RcQL&M#]bQ->rs-*LG^]4>K,lj^orrN0#
-J"Q`C[f?ESPlC`urVupERK!EC,lf5;r]L,Z!'K`M".oPnkCW`OrrF,cb?k8d!;F80
-b5M5;!+>a*"/#VnoYoD^LA_)PTDSWhrSdM,!<=Ii9`Z7TRf<G=!!(UM$GU[F,lg(!
-s5kUir6,A?!'L:'!5J@0!mCXurr30b-3+!-!6kB@#%IYWs+LHsrVlqQ!6k-9!egWu
-rVlmE4T,3\bQ'currQ[14SSjV4?WWC!egW.rVln?-3!oFo?@.4!l"^tgA_3S!.UX@
-"4$rIYE]%eFT)7?A"!>sL%bQJ--YiX!dF\FK)`^f!?EH/?NCrCpV6e%r;QiULEZTr
-""6E"4iK8Y,5hKC18!b-rrMuQptYrN-Hf*a*?CUK!e11Me,KU649/mkbkM/@4T@MD
-bk_8?bQ*@rrrkM2s8P2-qu6kS!/:H,!6kEA!egWup&>)I!6kEA!@9l+rrUCEFS>_9
-;#i`QrrQ[Vbl7VDK`Hi*rrG5ZpAY.>-//A#!!%M@rr_]i!+;&k!+Z!.!83e?!SJdp
-!!,48mf*>:!%<I!_Z'WW,g0Nq(BF6G!7^rH!M9q1!!*@\r;Qc`ptYrN-Hf*a*?CUK
-!e11Mg]%:aA,?30js;>RbQ'd%bQQW!;#ni9rrUCEL&V)V4=1%-4=0.frs"/WU]6#J
-bl.PCK`K?irrRlSbl.PB,piKh!i#aLq#:HY49/mbrrFDGr$;RJ,pe9Fjs?errrFDl
-gA_3S!.UU?"$chtpQY[Z;'g=MrrJm:r]C6ZL"Ykn"5a(YG_5t4rrF,cb?k8d!;O>0
-oDS[hVm$.$TDeciqY8kI!%,l`!?E2LrrRZM!8IMT,ph^Mrrj\ps8OAkqu6iQs8RcQ
-U\t,q;3_+)!/:FP#!=43s'l&Dr;Qsu!6kIs!6kEA!egWup&>)I!6kEA!^%dkrVlq@
-!5J@0"7mf=FS5Y6;>`N^,lf5RPlIL)k5PA^@m&oOrrFDlgA_3S!.UU?".&uf[t=X:
-rr\#V!5F-c_Z'WW,g0Nq(BF9H!6G-=!V[G8!!*AorVllWq:u&O-Hf*a*?CUK!e11M
-g]%@c!'KlNrs+5XA,lQk!5JL4#)*%es1\P2rVm(s!-J7b!/:FP#!=43s.]R(rVm,b
-,piTkK`K?qrrRlSbk:u;K`K?qrrSDbL&M#P,pi?d!^$IXmf*?B!/:FP!Fn7jrrQ[1
-L&M#QPQ54IrrN0#J"HZBk5YKYK)^`."8=JL(kVe(rrF,cb?k8d!;XD1f)>UKVlg""
-\,H=,kP<p7!%,l`!?E2LrrRZM!8@H&49-[L^W`HM!%$e-s1\O[U]:@Y!%$e-s%rc+
-k5V\4-0G6O!%#D5s#_V,rs_'jA*3g+491WGs+LHsrVlqQ!6k-9!egWur;R!J!0mNG
-491*7rs+cNPlLcJ!%%Jqrr3!r;>L4nK`Hi+rrFEfrVm2d,lj20s-*L0k1]h:!!%M>
-rr[3?!7-8sMuNm?!!&(3s2"^9*@/g8!>bb3^]<$crr?I*!!8Men@FPY2#RCSTDeci
-lM96:!%,l`!?E2LrrRZM!87AQ;'l,?!E%PKrs,;F!$rok--Z>f##P@H,lf78rr30b
-!!%-@4=0t+##P@H,lf6Urr3%R!6kEA!egWup&>)I!6kB@#0]10,p`P$rVm%T!/:IQ
-4S\sW-3!oF,piBe#DE/3s8UaPbl%JG^Eik+,lg'Og&D*R!.UR>"6Tpi:kJ_+rri'5
-!#YH^s2"^9*@/g8!>bb3^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:!%,l`!?E2L
-rrRZM!8.;Tk+dWaPhGm4"2BPD^\[s4fnG-Tqu6i7PhH)ibl%JCfnG-Tr;Qfhbl%JA
-o??k,!V=P2rr]$ML"ZD("nTt0s8UdIbl7VCbfon_#4p(1s8Tifq>UQ3Kn[:nrrN0#
-J"6N@Du]m!K)^i1"(2*/YCceirrF,cb?k8d!;XD1f_tgM@/U',TE"DlMuY^5!!&Yi
-rrD?[h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M=rrhL-!!'K[s,[0^NrT/FK)`Uc!?EH/
-?NCrCq7m!_rVlk*r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9`Z7TRf<G=!!%WNT)Sil
-!.UL<"O@>R&C5t.OoGQf!!"/1K)`Uc!?EH/?NCrCq7m!_rVlk*r;Znks7!UY!&XWS
-!2'5i!:'C9!<=Ii9`Z7TRf<G=!!%WNT)Sil!.UI;"Kqe*#cE:SPQ(c@!!!;VK)`Rb
-!?EH/?NCrCq7m!_rVlk*r;Znks7!UY!&XWS!2'5i!:'C9!<=Ii9`Z7TRf<G=!!%WN
-T)Sil!.UF:!13Zb!Isiqs-N`hmoTPi&@[8k^&J*R,g0Nq(BF9H!8.8M!+>a*!h]M^
-\r6VGr;ZhirVll_q:u&O-Hf*a*?CUK!e11MK)_GB!WW4MR/[?)&-)\IT7[*3rs&4I
-&-)\Yf7O%8rrF,cb?k8d!;XD1f_tgM@/U',TE"DlMuY^5!!&YirrD?[h#RL&b=r!X
-*Ld!0IfKJ#s.95l!!%M8rrM"*rW!!BE6j.9TDnu%BGg^K!D)[2s1A:3*@/g8!>bb3
-^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:!%,l`!?E2LrrRZM!.t6BrrN0#J!L$7
-T-4(4"!D!$ItGG6^BBUIIo$^T!!+dgK)`C]!?EH/?NCrCq7m!_rVlk*r;Znks7!UY
-!&XWS!2'5i!:'C9!<=Ii9`Z7TRf<G=!!%WNT)Sil!.U75!r%HuJcM8?!AL^/s0r"/
-*@/g8!>bb3^]<$crr?I*!!8emn@FPY2#RCSTDecilM96:!%,l`!?E2LrrRZM!.t6B
-rrN0#J!'a5f7-%FJcMSH":.7`Qf!Dp[Jp7J,g0Nq(BF9H!8.8M!+>a*!h]M^\r6VG
-r;ZhirVll_q:u&O-Hf*a*?CUK!e11MK)_GB!WW4MK)^H&K)^H&h>[Kr,g0Nq(BF9H
-!8.8M!+>a*"/#VnV7VZd2#RCSTDecilM96:!%,l`!?E2LrrRZM!.t6BrrN0#ItI]P
-s+:9&s5!\U*@/g8!>bb3^]<$crr?I*!!Jqos81$QW;o0]!!&YirrD?[h#RL&b=r!X
-*Ld!0IfKJ#s.95l!!%M#s+:9&s+::,rrF,cb?k8d!;XD1f_tgM@/U'*T=Fn$@/U'*
-TDecilM96:!%,l`!?E2LrrRZM!.t6BrrN0#ItI]Ps+:9&s5!\U*@/g8!>bb3^]<$c
-rr?I*!!&(irr?I*!!&YirrD?[h#RL&b=r!X*Ld!0IfKJ#s.95l!!%M#s+:9&s+::,
-rrF,cb?k8d!;XD1f)>UKVlg""\,H=,l1s-9!%,l`!?E2LrrRZM!.o]lIf]TMItI]P
-s+:9&s5!\U*@/g8!>bb3^];ISrrMj2YQ+\0n,<7djS@U4!%,l`!?E2Lrr@h+!1Elf
-ItI]Ps+:9&s5!\U*@/g8!>bb2^]=!)rrA[q!!&YirrDulh#RL&b=r!X*Ld!/f,0)>
-S,`R,c[u1Ks+:9&s5!\U*@/g8!>bb2^];m^rrJ/dZiC+4L]%/PnG(f?!%,l`!?E24
-s+:9&s+:9&s+:90rrF,cb?k8d!;F8/p&+gkhg\2,5QXKKkPY>\r87;*!<=Ii9`Z7T
-K)^H&K)^H&K)^H&N;io!,g0Nq(BF3F!QtA@rrN,^pY>iM-Hf*a*?Bb3K)^H&K)^H&
-K)^f0!?EH/?NCrCp:p[\X8`5"kP!^4!%,l`!?E24s+:9&s+:9&s+:90rrF,cb?k8d
-!;4,.deBpE!Vk[Ih#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>bb.^]MC0pTjf"
-p?;,(!<=Ii9`Z7TK)^H&K)^H&K)^H&N;io!,g0Nq(BF!@!QrpJhu^uM^>A8Zl/pjm
-h#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ^]KStI*:=H!%,l`!?E24s+:9&
-s+:9&s+:90rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8
-!>baZ^]KStI*:=H!%,l`!?E24s+:9&s+:9&s+:90rrF,cb?k8d!6`.ZO8s[Oh#RL&
-b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ^]KStI*:=H!%,l`!?E24s+:9&s+:9&
-s+:90rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ
-^]KStI*:=H!%,l`!?E24s+:9&s+:9&s+:90rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X
-*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ^]KStI*:=H!%,l`!?E24s+:9&s+:9&s+:90
-rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ^]KSt
-I*:=H!%,l`!?E24s+:9&s+:9&s+:90rrF,cb?k8d!6`.ZO8s[Oh#RL&b=r!X*J4<C
-s+:9&s+:9&s,?sY*@/g8!>baZ^]KStI*:=H!%,l`!?E24s+:9&s+:9&s+:90rrF,c
-b?k8d!6`.ZO8s[Oh#RL&b=r!X*J4<Cs+:9&s+:9&s,?sY*@/g8!>baZ^]KStI*:=H
-!%,l`!?E24s+:9&s+:9&s+:90rr=Bt!1s5k*eOEDs+:9&s+:9&s,?sXYKD=qDbnQ+
-!ddFabC9OkB?G](YCce+s+:9&s+:9Grr
-~>
-grestore
-currentdict /inputf undef
-currentdict /pstr undef
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/man/xm.pod.1
--- a/docs/man/xm.pod.1 Fri Mar 25 09:03:17 2011 +0000
+++ b/docs/man/xm.pod.1 Fri Mar 25 21:47:57 2011 +0000
@@ -1007,384 +1007,6 @@
 
 =back
 
-=head1 ACCESS CONTROL SUBCOMMANDS
-
-Access Control in Xen consists of two components: (i) The Access
-Control Policy (ACP) defines security labels and access rules based on
-these labels. (ii) The Access Control Module (ACM) makes access control
-decisions by interpreting the policy when domains require to
-communicate or to access resources. The Xen access control has
-sufficient mechanisms in place to enforce the access decisions even
-against maliciously acting user domains (mandatory access control).
-
-Access rights for domains in Xen are determined by the domain security
-label only and not based on the domain Name or ID. The ACP specifies
-security labels that can then be assigned to domains and
-resources. Every domain must be assigned exactly one security label,
-otherwise access control decisions could become indeterministic. ACPs
-are distinguished by their name, which is a parameter to most of the
-subcommands described below. Currently, the ACP specifies two ways to
-interpret labels:
-
-(1) Simple Type Enforcement: Labels are interpreted to decide access
-of domains to communication means and virtual or physical
-resources. Communication between domains as well as access to
-resources are forbidden by default and can only take place if they are
-explicitly allowed by the security policy. The proper assignment of
-labels to domains controls the sharing of information (directly
-through communication or indirectly through shared resources) between
-domains. This interpretation allows to control the overt (intended)
-communication channels in Xen.
-
-(2) Chinese Wall: Labels are interpreted to decide which domains can
-co-exist (be run simultaneously) on the same system. This
-interpretation allows to prevent direct covert (unintended) channels
-and mitigates risks caused by imperfect core domain isolation
-(trade-off between security and other system requirements). For a
-short introduction to covert channels, please refer to
-http://www.multicians.org/timing-chn.html.
-
-The following subcommands help you to manage security policies in Xen
-and to assign security labels to domains. To enable access control
-security in Xen, you must compile Xen with ACM support enabled as
-described under "Configuring Security" below. There, you will find
-also examples of each subcommand described here.
-
-=over 4
-
-=item B<setpolicy> ACM I<policy>
-
-Makes the given ACM policy available to xend as a I<xend-managed policy>.
-The policy is compiled and a mapping (.map) as well as a binary (.bin)
-version of the policy is created. The policy is loaded and the system's
-bootloader is prepared to boot the system with this policy the next time
-it is started.
-
-=back
-
-=over 4
-
-I<policy> is a dot-separated list of names. The last part is the file
-name pre-fix for the policy XML file. The preceding name parts are
-translated into the local path pointing to the policy XML file
-relative to the global policy root directory
-(/etc/xen/acm-security/policies). For example,
-example.chwall_ste.client_v1 denotes the policy file
-example/chwall_ste/client_v1-security_policy.xml relative to the
-global policy root directory.
-
-=back
-
-=over 4
-
-=item B<resetpolicy>
-
-Reset the system's policy to the default state where the DEFAULT policy
-is loaded and enforced. This operation may fail if for example guest VMs are
-running and and one of them uses a different label than what Domain-0
-does. It is best to make sure that no guests are running before issuing
-this command.
-
-=item B<getpolicy> [--dumpxml]
-
-Displays information about the current xend-managed policy, such as
-name and type of the policy, the uuid xend has assigned to it on the
-local system, the version of the XML representation and the status
-of the policy, such as whether it is currently loaded into Xen or
-whether the policy is automatically loaded during system boot. With
-the I<--dumpxml> option, the XML representation of the policy is
-displayed.
-
-=item B<dumppolicy>
-
-Prints the current security policy state information of Xen.
-
-=item B<labels> [I<policy>] [B<type=dom>|B<res>|B<any>]
-
-Lists all labels of a I<type> (domain, resource, or both) that are
-defined in the I<policy>. Unless specified, the default I<policy> is
-the currently enforced access control policy. The default for I<type>
-is 'dom'. The labels are arranged in alphabetical order.
-
-=item B<addlabel> I<label> B<dom> I<configfile> [I<policy>]
-
-=item B<addlabel> I<label> B<mgt> I<domain name> [I<policy type>:I<policy>]
-
-=item B<addlabel> I<label> B<res> I<resource> [I<policy>]
-
-=item B<addlabel> I<label> B<vif-idx> I<domain name> [I<policy type>:I<policy>]
-
-
-Adds the security label with name I<label> to a domain
-I<configfile> (dom), a Xend-managed domain (mgt), to the global resource label
-file for the given I<resource> (res), or to a managed domain's virtual network
-interface (vif) that is specified by its index. Unless specified,
-the default I<policy> is the currently enforced access control policy.
-This subcommand also verifies that the I<policy> definition supports the
-specified I<label> name.
-
-The only I<policy type> that is currently supported is I<ACM>.
-
-=item B<rmlabel> B<dom> I<configfile>
-
-=item B<rmlabel> B<mgt> I<domain name>
-
-=item B<rmlabel> B<res> I<resource>
-
-=item B<rmlabel> B<vif-idx> I<domain name>
-
-Works the same as the B<addlabel> command (above), except that this
-command will remove the label from the domain I<configfile> (dom),
-a Xend-managed domain (mgt), the global resource label file (res),
-or a managed domain's network interface (vif).
-
-=item B<getlabel> B<dom> I<configfile>
-
-=item B<getlabel> B<mgt> I<domain name>
-
-=item B<getlabel> B<res> I<resource>
-
-=item B<getlabel> B<vif-idx> I<domain name>
-
-Shows the label for a domain's configuration in the given I<configfile>,
-a xend-managed domain (mgt), a resource, or a managed domain's network
-interface (vif).
-
-=item B<resources>
-
-Lists all resources in the global resource label file.  Each resource
-is listed with its associated label and policy name.
-
-=item B<dry-run> I<configfile>
-
-Determines if the specified I<configfile> describes a domain with a valid
-security configuration for type enforcement. The test shows the policy
-decision made for each resource label against the domain label as well as
-the overall decision.
-
-B<CONFIGURING SECURITY>
-
-=over 4
-
-In xen_source_dir/Config.mk set the following parameter:
-
-    XSM_ENABLE ?= y
-    ACM_SECURITY ?= y
-
-Then recompile and install xen and the security tools and then reboot:
-
-    cd xen_source_dir; make clean; make install
-    reboot into Xen
-
-=back
-
-B<RESETTING THE SYSTEM'S SECURITY>
-
-=over 4
-
-To set the system's security policy enforcement into its default state,
-the follow command can be issued. Make sure that no guests are running
-while doing this.
-
-    xm resetpolicy
-
-After this command has successfully completed, the system's DEFAULT policy
-is enforced.
-
-=back
-
-B<SETTING A SECURITY POLICY>
-
-=over 4
-
-This step sets the system's policy and automatically loads it into Xen
-for enforcement.
-
-    xm setpolicy ACM example.client_v1
-
-=back
-
-B<LISTING SECURITY LABELS>
-
-=over 4
-
-This subcommand shows all labels that are defined and which can be
-attached to domains.
-
-    xm labels example.client_v1 type=dom
-
-will print for our example policy:
-
-        dom_BoincClient
-        dom_Fun
-        dom_HomeBanking
-        dom_NetworkDomain
-        dom_StorageDomain
-        dom_SystemManagement
-
-=back
-
-B<ATTACHING A SECURITY LABEL TO A DOMAIN>
-
-=over 4
-
-The B<addlabel> subcommand can attach a security label to a domain
-configuration file, here a HomeBanking label. The example policy
-ensures that this domain does not share information with other
-non-homebanking user domains (i.e., domains labeled as dom_Fun or
-dom_Boinc) and that it will not run simultaneously with domains
-labeled as dom_Fun.
-
-We assume that the specified myconfig.xm configuration file actually
-instantiates a domain that runs workloads related to home-banking,
-probably just a browser environment for online-banking.
-
-    xm addlabel dom_HomeBanking dom myconfig.xm
-
-The very simple configuration file might now look as printed
-below. The B<addlabel> subcommand added the B<access_control> entry at
-the end of the file, consisting of a label name and the policy that
-specifies this label name:
-
-    kernel = "/boot/vmlinuz-2.6.16-xen"
-    ramdisk="/boot/U1_home_banking_ramdisk.img"
-    memory = 164
-    name = "homebanking"
-    vif = [ '' ]
-    dhcp = "dhcp"
-    access_control = ['policy=example.chwall_ste.client_v1,
-                       label=dom_HomeBanking']
-
-Security labels must be assigned to domain configurations because
-these labels are essential for making access control decisions as
-early as during the configuration phase of a newly instantiated
-domain. Consequently, a security-enabled Xen hypervisor will only
-start domains that have a security label configured and whose security
-label is consistent with the currently enforced policy. Otherwise,
-starting the domain will fail with the error condition "operation not
-permitted".
-
-=back
-
-B<ATTACHING A SECURITY LABEL TO A XEND-MANAGED DOMAIN>
-
-=over 4
-
-The addlabel subcommand supports labeling of domains that are managed
-by xend. This includes domains that are currently running, such as for
-example Domain-0, or those that are in a dormant state.
-Depending on the state of the system, it is possible that the new label
-is rejected. An example for a reason for the rejection of the relabeling
-of a domain would be if a domain is currently allowed to
-access its labeled resources but due to the new label would be prevented
-from accessing one or more of them.
-
-    xm addlabel dom_Fun mgt Domain-0
-
-This changes the label of Domain-0 to dom_Fun under the condition that
-this new label of Domain-0 would not prevent any other domain from
-accessing its resources that are provided through Domain-0, such as for
-example network or block device access.
-
-=back
-
-B<ATTACHING A SECURITY LABEL TO A RESOURCE>
-
-=over 4
-
-The B<addlabel> subcommand can also be used to attach a security
-label to a resource. Following the home banking example from above,
-we can label a disk resource (e.g., a physical partition or a file)
-to make it accessible to the home banking domain. The example policy
-provides a resource label, res_LogicalDiskPartition1(hda1), that is
-compatible with the HomeBanking domain label.
-
-    xm addlabel "res_LogicalDiskPartition1(hda1)" res phy:hda6
-
-After labeling this disk resource, it can be attached to the domain
-by adding a line to the domain configuration file. The line below
-attaches this disk to the domain at boot time.
-
-    disk = [ 'phy:hda6,sda2,w' ]
-
-Alternatively, the resource can be attached after booting the domain
-by using the B<block-attach> subcommand.
-
-    xm block-attach homebanking phy:hda6 sda2 w
-
-Note that labeled resources cannot be used when security is turned
-off.  Any attempt to use labeled resources with security turned off
-will result in a failure with a corresponding error message.  The
-solution is to enable security or, if security is no longer desired,
-to remove the resource label using the B<rmlabel> subcommand.
-
-=back
-
-B<STARTING AND LISTING LABELED DOMAINS>
-
-=over 4
-
-    xm create myconfig.xm
-
-    xm list --label
-
-      Name         ID ...  Time(s)  Label
-      homebanking  23 ...      4.4  dom_HomeBanking
-      Domain-0      0 ...   2658.8  dom_SystemManagement
-
-=back
-
-B<LISTING LABELED RESOURCES>
-
-=over 4
-
-    xm resources
-
-      phy:hda6
-            type: ACM
-          policy: example.chwall_ste.client_v1
-          label:  res_LogicalDiskPartition1(hda1)
-      file:/xen/disk_image/disk.img
-            type: ACM
-          policy: example.chwall_ste.client_v1
-          label:  res_LogicalDiskPartition2(hda2)
-
-=back
-
-B<POLICY REPRESENTATIONS>
-
-=over 4
-
-We distinguish three representations of the Xen access control policy:
-the source XML version, its binary counterpart, and a mapping
-representation that enables the tools to deterministically translate
-back and forth between label names of the XML policy and label
-identifiers of the binary policy. All three versions must be kept
-consistent to achieve predictable security guarantees.
-
-The XML version is the version that users are supposed to create or
-change, either by manually editing the XML file or by using the Xen
-policy generation tool (B<xensec_gen>). After changing the XML file,
-run the B<setpolicy> subcommand to ensure that the new policy is
-available to xend. Use, for example, the subcommand
-B<activatepolicy> to activate the changes during the next system
-reboot.
-
-The binary version of the policy is derived from the XML policy by
-tokenizing the specified labels and is used inside Xen only. It is
-created with the B<setpolicy> subcommand. Essentially, the binary
-version is much more compact than the XML version and is easier to
-evaluate during access control decisions.
-
-The mapping version of the policy is created during the XML-to-binary
-policy translation (B<setpolicy>) and is used by xend and the management
-tools to translate between label names used as input to the tools and
-their binary identifiers (ssidrefs) used inside Xen.
-
-=back
-
-=back
-
 =head1 SEE ALSO
 
 B<xmdomain.cfg>(5), B<xentop>(1)
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/misc/xsm-flask.txt
--- a/docs/misc/xsm-flask.txt   Fri Mar 25 09:03:17 2011 +0000
+++ b/docs/misc/xsm-flask.txt   Fri Mar 25 21:47:57 2011 +0000
@@ -11,7 +11,6 @@
 
        XSM_ENABLE ?= y
        FLASK_ENABLE ?= y
-       ACM_SECURITY ?= n
        
 NB: Only one security module can be selected at a time.  If no module is
 selected, then the default DUMMY module will be enforced.  The DUMMY module
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/src/interface.tex
--- a/docs/src/interface.tex    Fri Mar 25 09:03:17 2011 +0000
+++ b/docs/src/interface.tex    Fri Mar 25 21:47:57 2011 +0000
@@ -2177,47 +2177,6 @@
 implementing them (in {\tt xen/common/dom0\_ops.c}) and in 
 the user-space tools that use them (mostly in {\tt tools/libxc}). 
 
-\section{Access Control Module Hypercalls}
-\label{s:acmops}
-
-Hypercalls relating to the management of the Access Control Module are
-also restricted to domain 0 access for now. For more details on any or
-all of these, please see {\tt xen/include/public/acm\_ops.h}.  A
-complete list is given below:
-
-\begin{quote}
-
-\hypercall{acm\_op(int cmd, void *args)}
-
-This hypercall can be used to configure the state of the ACM, query
-that state, request access control decisions and dump additional
-information.
-
-\begin{description}
-
-\item [ACMOP\_SETPOLICY:] set the access control policy
-
-\item [ACMOP\_GETPOLICY:] get the current access control policy and
-  status
-
-\item [ACMOP\_DUMPSTATS:] get current access control hook invocation
-  statistics
-
-\item [ACMOP\_GETSSID:] get security access control information for a
-  domain
-
-\item [ACMOP\_GETDECISION:] get access decision based on the currently
-  enforced access control policy
-
-\end{description}
-\end{quote}
-
-Most of the above are best understood by looking at the code
-implementing them (in {\tt xen/common/acm\_ops.c}) and in the
-user-space tools that use them (mostly in {\tt tools/security} and
-{\tt tools/python/xen/lowlevel/acm}).
-
-
 \section{Debugging Hypercalls} 
 
 A few additional hypercalls are mainly useful for debugging: 
diff -r a65612bcbb92 -r 2aeebd5cbbad docs/src/user.tex
--- a/docs/src/user.tex Fri Mar 25 09:03:17 2011 +0000
+++ b/docs/src/user.tex Fri Mar 25 21:47:57 2011 +0000
@@ -2081,1927 +2081,6 @@
 iptables -A INPUT -p tcp -{}-destination-port 8002 -j REJECT
 \end{verbatim}
 
-%% Chapter Xen Mandatory Access Control Framework
-\chapter{sHype/Xen Access Control}
-The Xen mandatory access control framework is an implementation of the
-sHype Hypervisor Security Architecture
-(www.research.ibm.com/ssd\_shype). It permits or denies communication
-and resource access of domains based on a security policy. The
-mandatory access controls are enforced in addition to the Xen core
-controls, such as memory protection.  They are designed to remain
-transparent during normal operation of domains (policy-conform
-behavior) but to intervene when domains move outside their intended
-sharing behavior.  This chapter will describe how the sHype access
-controls in Xen can be configured to prevent viruses from spilling
-over from one into another workload type and secrets from leaking from
-one workload type to another. sHype/Xen depends on the correct
-behavior of Domain-0 (cf previous chapter).
-
-Benefits of configuring sHype/ACM in Xen include:
-\begin{itemize}
-\item robust workload and resource protection effective against rogue
-  user domains
-\item simple, platform- and operating system-independent security
-  policies (ideal for heterogeneous distributed environments)
-\item safety net with minimal performance overhead in case operating
-  system security is missing, does not scale, or fails
-\end{itemize}
-
-These benefits are very valuable because today's operating systems
-become increasingly complex and often have no or insufficient
-mandatory access controls.  (Discretionary access controls, supported
-by most operating systems, are not effective against viruses or
-misbehaving programs.)  Where mandatory access control exists (e.g.,
-SELinux), they usually deploy platform-specific, complex, and difficult
-to understand security policies.  Multi-tier applications in business
-environments typically require different operating systems
-(e.g., AIX, Windows, Linux) in different tiers. Related distributed
-transactions and workloads cannot be easily protected on the OS level.
-The Xen access control framework steps in to offer a coarse-grained
-but very robust and consistent security layer and safety net across
-different platforms and operating systems.
-
-To control sharing between domains, Xen mediates all inter-domain
-communication (shared memory, events) as well as the access of domains
-to resources such as storage disks. Thus, Xen can confine distributed
-workloads (domain payloads) by permitting sharing among domains
-running the same type of workload and denying sharing between pairs of
-domains that run different workload types. We assume that--from a Xen
-perspective--only one workload type is running per user domain. To
-enable Xen to associate domains and resources with workload types,
-security labels including the workload types are attached to domains
-and resources. These labels and the hypervisor sHype controls cannot
-be manipulated or bypassed by user domains and are effective even
-against compromised or rogue domains.
-
-\section{Overview}
-This section gives an overview of how workloads can be protected using
-the sHype mandatory access control framework in Xen.
-Figure~\ref{fig:acmoverview} shows the necessary steps in activating
-the Xen workload protection. These steps are described in detail in
-Section~\ref{section:acmexample}.
-
-\begin{figure}
-\centering
-\includegraphics[width=13cm]{figs/acm_overview.eps}
-\caption{Overview of activating sHype workload protection in Xen.
-  Section numbers point to representative examples.}
-\label{fig:acmoverview}
-\end{figure}
-
-First, the sHype/ACM access control must be enabled in the Xen
-distribution and the distribution must be built and installed (cf
-Subsection~\ref{subsection:acmexampleconfigure}). Before we can
-enforce security, a Xen security policy must be created (cf
-Subsection~\ref{subsection:acmexamplecreate}) and deployed (cf
-Subsection~\ref{subsection:acmexampleinstall}).  This policy defines
-the workload types differentiated during access control. It also
-defines the rules that compare workload types of domains and resources
-to decide about access requests. Workload types are represented by
-security labels that can be securely associated to domains and resources (cf
-Subsections~\ref{subsection:acmexamplelabeldomains}
-and~\ref{subsection:acmexamplelabelresources}).  The functioning of
-the active sHype/Xen workload protection is demonstrated using simple
-resource assignment, and domain creation tests in
-Subsection~\ref{subsection:acmexampletest}.
-Section~\ref{section:acmpolicy} describes the syntax and semantics of
-the sHype/Xen security policy in detail and introduces briefly the
-tools that are available to help you create your own sHype security policies.
-
-The next section describes all the necessary steps to create, deploy,
-and test a simple workload protection policy. It is meant to enable
-Xen users and developers to quickly try out the sHype/Xen workload
-protection. Those readers who are interested in learning more about
-how the sHype access control in Xen works and how it is configured
-using the XML security policy should read Section~\ref{section:acmpolicy}
-as well. Section~\ref{section:acmlimitations} concludes this chapter with
-current limitations of the sHype implementation for Xen.
-
-\section{Xen Workload Protection Step-by-Step}
-\label{section:acmexample}
-
-You are about to configure and deploy the Xen sHype workload protection
-by following 5 simple steps:
-\begin{itemize}
-\item configure and install sHype/Xen
-\item create a simple workload protection security policy
-\item deploy the sHype/Xen security policy
-\item associate domains and resources with workload labels,
-\item test the workload protection
-\end{itemize}
-The essential commands to create and deploy an sHype/Xen security
-policy are numbered throughout the following sections. If you want a
-quick-guide or return at a later time to go quickly through this
-demonstration, simply look for the numbered commands and apply them in
-order.
-
-\subsection{Configuring/Building sHype Support into Xen}
-\label{subsection:acmexampleconfigure}
-First, we need to configure the access control module in Xen and
-install the ACM-enabled Xen hypervisor. This step installs security
-tools and compiles sHype/ACM controls into the Xen hypervisor.
-
-To enable sHype/ACM in Xen, please edit the Config.mk file in the top
-Xen directory.
-
-\begin{verbatim}
-  (1) In Config.mk
-        Change: XSM_ENABLE ?= n
-            To: XSM_ENABLE ?= y
-
-        Change: ACM_SECURITY ?= n
-            To: ACM_SECURITY ?= y
-\end{verbatim}
-
-Then install the security-enabled Xen environment as follows:
-
-\begin{verbatim}
-  (2) # make world
-      # make install
-\end{verbatim}
-
-Reboot into the security-enabled Xen hypervisor.
-
-\begin{verbatim}
-  (3) # reboot
-\end{verbatim}
-
-Xen will boot into the default security policy. After reboot,
-you can explore the simple DEFAULT policy.
-\begin{scriptsize}
-\begin{verbatim}
-# xm getpolicy
-Supported security subsystems   : ACM
-Policy name           : DEFAULT
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded
-
-# xm labels
-SystemManagement
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   941     1     r-----     38.1  ACM:DEFAULT:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-In this state, no domains can be started.
-Now, a policy can be created and loaded into the hypervisor.
-
-\subsection{Creating A WLP Policy in 3 Simple Steps with ezPolicy}
-\label{subsection:acmexamplecreate}
-
-We will use the ezPolicy tool to quickly create a policy that protects
-workloads.  You will need both the Python and wxPython packages to run
-this tool.  To run the tool in Domain-0, you can download the wxPython
-package from www.wxpython.org or use the command \verb|yum install wxPython|
-in Redhat/Fedora. To run the tool on MS Windows, you also need to download
-the Python package from www.python.org. After these packages are installed,
-start the ezPolicy tool with the following command:
-
-\begin{verbatim}
-  (4) # xensec_ezpolicy
-\end{verbatim}
-
-Figure~\ref{fig:acmezpolicy} shows a screen-shot of the tool. The
-following steps illustrate how you can create the workload definition
-shown in Figure~\ref{fig:acmezpolicy}.  You can use \verb|<CTRL>-h| to
-pop up a help window at any time. The indicators (a), (b), and (c) in
-Figure~\ref{fig:acmezpolicy} show the buttons that are used during the
-3 steps of creating a policy:
-\begin{enumerate}
-\item defining workloads
-\item defining run-time conflicts
-\item translating the workload definition into an sHype/Xen access
-  control policy
-\end{enumerate}
-
-\paragraph{Defining workloads.} Workloads are defined for each
-organization and department that you enter in the left panel.
-
-To ease the transition from an unlabeled to a fully labeled workload-protection
-environment, we have added support to sHype/Xen to run unlabeled domains 
accessing
-unlabeled resources in addition to labeled domains accessing labeled resources.
-
-Support for running unlabeled domains on sHype/Xen is enabled by adding the
-predefined workload type and label \verb|__UNLABELED__| to the security
-policy. (This is a double underscore
-followed by the string ''\verb|UNLABELED|'' followed by a double underscore.)
-The ezPolicy tool automatically adds this organization-level workload type
-to a new workload definition (cf Figure~\ref{fig:acmezpolicy}). It can simply 
be
-deleted from the workload definition if no such support is desired. If 
unlabeled domains
-are supported in the policy, then any domain or resource that has no label 
will implicitly
-inherit this label when access control decisions are made. In effect, unlabeled
-domains and resources define a new workload type \verb|__UNLABELED__|, which is
-confined from any other labeled workload.
-
-Please use now the ``New Org'' button to add the organization workload types
-``A-Bank'', ``B-Bank'', and ``AutoCorp''.
-
-You can refine an organization to differentiate between multiple
-department workloads by right-clicking the organization and selecting
-\verb|Add Department| (or selecting an organization and pressing
-\verb|<CRTL>-a|). Create department workloads ``SecurityUnderwriting'',
-and ``MarketAnalysis'' for the ``A-Bank''. The resulting layout of the
-tool should be similar to the left panel shown in
-Figure~\ref{fig:acmezpolicy}.
-
-\begin{figure}[htb]
-\centering
-\includegraphics[width=13cm]{figs/acm_ezpolicy_gui.eps}
-\caption{Final layout including workload definition and Run-time Exclusion 
rules.}
-\label{fig:acmezpolicy}
-\end{figure}
-
-\paragraph{Defining run-time conflicts.} Workloads that shall be
-prohibited from running concurrently on the same hypervisor platform
-are grouped into ``Run-time Exclusion rules'' on the right panel of
-the window. Cautious users should include the \verb|__UNLABELED__|
-workload type in all run-time exclusion rules because any workload
-could run inside unlabeled domains.
-
-To prevent A-Bank and B-Bank workloads (including their
-departmental workloads) from running simultaneously on the same
-hypervisor system, select the organization ``A-Bank'' and, while
-pressing the \verb|<CTRL>|-key, select the organization ``B-Bank''.
-Being cautious, we also prevent unlabeled workloads from running with
-any of those workloads by pressing the \verb|<CTRL>|-key and selecting
-``\_\_UNLABELED\_\_''. Now press the button named ``Create run-time exclusion
-rule from selection''. A popup window will ask for the name for this run-time
-exclusion rule (enter a name or just hit \verb|<ENTER>|). A rule will
-appear on the right panel. The name is used as reference only and does
-not affect access control decisions.
-
-Please repeat this process to create another run-time exclusion rule
-for the department workloads ``A-Bank.SecurityUnderwriting'',
-``A-Bank.MarketAnalysis''. Also add the ``\_\_UNLABELED\_\_''
-workload type to this conflict set.
-
-The resulting layout of your window should be similar to
-Figure~\ref{fig:acmezpolicy}. Save this workload definition by
-selecting ``Save Workload Definition as ...'' in the ``File'' menu.
-This workload definition can be later refined if required.
-
-\paragraph{Translating the workload definition into an sHype/Xen access
-  control policy.} To translate the workload definition into a access
-control policy understood by Xen, please select the ``Save as Xen ACM
-Security Policy'' in the ``File'' menu. Enter the following policy
-name in the popup window: \verb|mytest|. If you are running ezPolicy in
-Domain-0, the resulting policy file mytest\_security-policy.xml will
-automatically be placed into the right directory 
(/etc/xen/acm-security/policies/).
-If you run the tool on another system, then you need to copy the
-resulting policy file into Domain-0 before continuing.  See
-Section~\ref{subsection:acmnaming} for naming conventions of security
-policies.
-
-\begin{scriptsize}
-\textbf{Note:} The support for \verb|__UNLABELED__| domains and
-resources is meant to help transitioning from an uncontrolled
-environment to a workload-protected environment by starting with
-unlabeled domains and resources and then step-by-step labeling domains
-and resources. Once all workloads are labeled, the \verb|__UNLABELED__|
-type can simply be removed from the Domain-0 label or from the policy
-through a policy update. Section~\ref{subsection:acmpolicymanagement} will
-show how unlabeled domains can be disabled by updating the
-\verb|mytest| policy at run-time.
-\end{scriptsize}
-
-\subsection{Deploying a WLP Policy}
-\label{subsection:acmexampleinstall}
-To deploy the workload protection policy we created in
-Section~\ref{subsection:acmexamplecreate}, we create a policy
-representation (mytest.bin), load it into the Xen
-hypervisor, and configure Xen to also load this policy during
-reboot.
-
-The following command translates the source policy representation
-into a format that can be loaded into Xen with sHype/ACM support,
-activates the policy, and configures this policy for future boot
-cycles into the boot sequence. Please refer to the \verb|xm|
-man page for further details:
-
-\begin{verbatim}
-  (5) # xm setpolicy ACM mytest
-      Successfully set the new policy.
-      Supported security subsystems   : ACM
-      Policy name           : mytest
-      Policy type           : ACM
-      Version of XML policy : 1.0
-      Policy configuration  : loaded, activated for boot
-\end{verbatim}
-
-Alternatively, if installing the policy fails (e.g., because it cannot
-identify the Xen boot entry), you can manually install the policy in 3
-steps a-c.
-
-(\textit{Alternatively to 5 - step a}) Manually copy the policy binary
-file into the boot directory:
-
-\begin{scriptsize}
-\begin{verbatim}
-# cp /etc/xen/acm-security/policies/mytest.bin /boot/mytest.bin
-\end{verbatim}
-\end{scriptsize}
-
-(\textit{Alternatively to 5 - step b}) Manually add a module line to your
-Xen boot entry so that grub loads this policy file during startup:
-
-\begin{scriptsize}
-\begin{verbatim}
-title XEN Devel with 2.6.18.8
-     kernel /xen.gz
-     module /vmlinuz-2.6.18.8-xen root=/dev/sda3 ro console=tty0
-     module /initrd-2.6.18.8-xen.img
-     module /mytest.bin
-\end{verbatim}
-\end{scriptsize}
-
-(\textit{Alternatively to 5 - step c}) Reboot. Xen will choose the
-bootstrap label defined in the policy as Domain-0 label during reboot.
-After reboot, you can re-label Domain-0 at run-time,
-cf Section~\ref{subsection:acmlabeldom0}.
-
-Assuming that command (5) succeeded or you followed the alternative
-instructions above, you should see the new policy and label appear
-when listing domains:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm list --label
-Name      ID   Mem VCPUs     State   Time(s) Label
-Domain-0   0   941     1     r-----    81.5  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-If the security label at the end of the line says ``INACTIVE'' then the
-security is not enabled. Verify the previous steps. Note: Domain-0 is
-assigned a default label (see \verb|bootstrap| policy attribute
-explained in Section~\ref{section:acmpolicy}). All other domains must
-be explicitly labeled, which we describe in detail below.
-
-\subsection{Labeling Unmanaged User Domains}
-\label{subsection:acmexamplelabeldomains}
-
-Unmanaged domains are started in Xen by using a configuration
-file. Please refer to Section~\ref{subsection:acmlabelmanageddomains}
-if you are using managed domains.
-
-The following configuration file defines \verb|domain1|:
-
-\begin{scriptsize}
-\begin{verbatim}
-# cat domain1.xm
-kernel= "/boot/vmlinuz-2.6.18.8-xen"
-memory = 128
-name = "domain1"
-vif = ['']
-dhcp = "dhcp"
-disk = ['file:/home/xen/dom_fc5/fedora.fc5.img,sda1,w', \
-        'file:/home/xen/dom_fc5/fedora.fc5.swap,sda2,w']
-root = "/dev/sda1 ro xencons=tty"
-\end{verbatim}
-\end{scriptsize}
-
-Every domain must be associated with a security label before it can start
-on sHype/Xen. Otherwise, sHype/Xen would not be able to enforce the policy
-consistently. Our \verb|mytest| policy is configured so that Xen
-assigns a default label \verb|__UNLABELED__| to domains and resources that
-have no label and supports them in a controlled manner. Since neither the 
domain,
-nor the resources are (yet) labeled, this domain can start under the 
\verb|mytest|
-policy:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm create domain1.xm
-Using config file "./domain1.xm".
-Started domain domain1
-
-# xm list --label
-Name     ID   Mem VCPUs      State   Time(s) Label
-domain1   1   128     1     -b----      0.7  ACM:mytest:__UNLABELED__
-Domain-0  0   875     1     r-----     84.6  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-Please shutdown domain1 so that we can move it into the protection
-domain of workload \verb|A-Bank|.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm shutdown domain1
-(wait some seconds until the domain has shut down)
-
-#xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   875     1     r-----     86.4  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-We assume that the processing in domain1 contributes to the \verb|A-Bank| 
workload.
-We explore now how to transition this domain into the ``A-Bank'' 
workload-protection.
-The following command prints all domain labels available in the active policy:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm labels
-A-Bank
-A-Bank.MarketAnalysis
-A-Bank.SecurityUnderwriting
-AutoCorp
-B-Bank
-SystemManagement
-__UNLABELED__
-\end{verbatim}
-\end{scriptsize}
-
-Now label \verb|domain1| with the A-Bank label and another \verb|domain2|
-with the B-Bank label. Please refer to the xm man page for
-further information.
-
-\begin{verbatim}
-  (6) # xm addlabel A-Bank dom domain1.xm
-      # xm addlabel B-Bank dom domain2.xm
-\end{verbatim}
-
-Let us try to start the domain again:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm create domain1.xm
-Using config file "./domain1.xm".
-Error: VM's access to block device 'file:/home/xen/dom_fc5/fedora.fc5.img' 
denied
-\end{verbatim}
-\end{scriptsize}
-
-This error indicates that \verb|domain1|, if started, would not be able to
-access its image and swap files because they are not labeled.  This
-makes sense because to confine workloads, access of domains to
-resources must be controlled.  Otherwise, domains that are not allowed
-to communicate or run simultaneously could share data through storage
-resources.
-
-\subsection{Labeling Resources}
-\label{subsection:acmexamplelabelresources}
-You can use the \verb|xm labels type=res| command to list available
-resource labels. Let us assign the A-Bank resource label to the
-\verb|domain1| image file representing \verb|/dev/sda1| and to its swap file:
-
-\begin{verbatim}
-  (7) # xm addlabel A-Bank res \
-      file:/home/xen/dom_fc5/fedora.fc5.img
-
-      # xm addlabel A-Bank res \
-      file:/home/xen/dom_fc5/fedora.fc5.swap
-\end{verbatim}
-
-The following command lists all labeled resources on the system, e.g.,
-to lookup or verify the labeling:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm resources
-file:/home/xen/dom_fc5/fedora.fc5.swap
-      type: ACM
-    policy: mytest
-     label: A-Bank
-file:/home/xen/dom_fc5/fedora.fc5.img
-      type: ACM
-    policy: mytest
-     label: A-Bank
-\end{verbatim}
-\end{scriptsize}
-
-Starting \verb|domain1| will now succeed:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm create domain1.xm
-Using config file "./domain1.xm".
-Started domain domain1
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    3   128     1     -b----      0.8  ACM:mytest:A-Bank
-Domain-0   0   875     1     r-----     90.9  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-Currently, if a labeled resource is moved to another location, the
-label must first be manually removed, and after the move re-attached
-using the xm commands \verb|rmlabel| and \verb|addlabel|
-respectively.  Please see Section~\ref{section:acmlimitations} for
-further details.
-
-\begin{verbatim}
-  (8) Label the resources of domain2 as B-Bank
-      but please do not start this domain yet.
-\end{verbatim}
-
-\subsection{Testing The Xen Workload Protection}
-\label{subsection:acmexampletest}
-
-We are about to demonstrate the sHype/Xen workload protection by verifying
-\begin{itemize}
-\item that user domains with conflicting workloads cannot run
-  simultaneously
-\item that user domains cannot access resources of workloads other than the
-       one they are associated with
-\item that user domains cannot exchange network packets if they are not
-  associated with the same workload type (not yet supported in Xen)
-\end{itemize}
-
-\paragraph{Test 1: Run-time exclusion rules.} We assume that \verb|domain1|
-with the A-Bank label is still running. While \verb|domain1| is running,
-the run-time exclusion set of our policy implies that \verb|domain2| cannot
-start because the label of \verb|domain1| includes the CHWALL type A-Bank
-and the label of \verb|domain2| includes the CHWALL type B-Bank. The
-run-time exclusion rule of our policy enforces that A-Bank and
-B-Bank cannot run at the same time on the same hypervisor platform.
-Once domain1 is stopped, saved, or migrated to another platform,
-\verb|domain2| can start. Once \verb|domain2| is started, however,
-\verb|domain1| can no longer start or resume on this system. When creating the
-Chinese Wall types for the workload labels, the ezPolicy tool policy
-translation component ensures that department workloads inherit all the
-organization types (and with it any organization exclusions).
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    3   128     1     -b----      0.8  ACM:mytest:A-Bank
-Domain-0   0   875     1     r-----     90.9  ACM:mytest:SystemManagement
-
-# xm create domain2.xm
-Using config file "./domain2.xm".
-Error: 'Domain in conflict set with running domains'
-
-# xm shutdown domain1
-(wait some seconds until domain 1 is shut down)
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   873     1     r-----     95.3  ACM:mytest:SystemManagement
-
-# xm create domain2.xm
-Using config file "./domain2.xm".
-Started domain domain2
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain2    5   164     1     -b----      0.3  ACM:mytest:B-Bank
-Domain-0   0   839     1     r-----     96.4  ACM:mytest:SystemManagement
-
-# xm create domain1.xm
-Using config file "domain1.xm".
-Error: 'Domain in conflict with running domains'
-
-# xm shutdown domain2
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   839     1     r-----     97.8  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-You can verify that domains with AutoCorp label can run together with
-domains labeled A-Bank or B-Bank.
-
-\paragraph{Test2: Resource access.} In this test, we will re-label the
-swap file for \verb|domain1| with the \verb|B-Bank| resource label. In a
-real environment, the swap file must be sanitized (scrubbed/zeroed) before
-it is reassigned to prevent data leaks from the A-Bank to the B-Bank workload
-through the swap file.
-
-We expect that \verb|domain1| will no longer start because it cannot access
-this resource. This test checks the sharing abilities of domains, which are
-defined by the Simple Type Enforcement Policy component.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm rmlabel res file:/home/xen/dom_fc5/fedora.fc5.swap
-
-# xm addlabel B-Bank res file:/home/xen/dom_fc5/fedora.fc5.swap
-
-# xm resources
-file:/home/xen/dom_fc5/fedora.fc5.swap
-      type: ACM
-    policy: mytest
-     label: B-Bank
-file:/home/xen/dom_fc5/fedora.fc5.img
-      type: ACM
-    policy: mytest
-     label: A-Bank
-
-# xm create domain1.xm
-Using config file "./domain1.xm".
-Error:
-VM's access to block device 'file:/home/xen/dom_fc5/fedora.fc5.swap' denied
-\end{verbatim}
-\end{scriptsize}
-
-The resource authorization checks are performed before the domain is actually 
started
-so that failures during the startup are prevented. A domain is only started if 
all
-the resources specified in its configuration are accessible.
-
-\paragraph{Test 3: Communication.} In this test we would verify that
-two domains with labels A-Bank and B-Bank cannot exchange network packets
-by using the 'ping' connectivity test. It is also related to the STE
-policy. {\bf Note:} sHype/Xen does control direct communication between
-domains. However, domains associated with different workloads can
-currently still communicate through the Domain-0 virtual network. We
-are working on the sHype/ACM controls for local and remote network
-traffic through Domain-0. Please monitor the xen-devel mailing list
-for updated information.
-
-
-\subsection{Labeling Domain-0 --or-- Restricting System Authorization}
-\label{subsection:acmlabeldom0}
-The major use case for explicitly labeling or relabeling Domain-0 is to 
restrict
-or extend which workload types can run on a virtualized Xen system. This 
enables
-flexible partitioning of the physical infrastructure as well as the workloads
-running on it in a multi-platform environment.
-
-In case no Domain-0 label is explicitly stated, we automatically assigned 
Domain-0
-the \verb|SystemManagement| label, which includes all STE (workload) types that
-are known to the policy. In effect, the Domain-0 label authorizes the Xen 
system
-to run only those workload types, whose STE types are included in the Domain-0
-label. Hence, choosing the \verb|SystemManagement| label for Domain-0 permits 
any
-labeled domain to run. Resetting the label for Domain-0 at boot or run-time to
-a label with a subset of the known STE workload types restricts which user 
domains
-can run on this system. If Domain-0 is relabeled at run-time, then the new 
label
-must at least include all STE types of those domains that are currently 
running.
-The operation fails otherwise. This requirement ensures that the system remains
-in a valid security configuration after re-labelling.
-
-Restricting the Domain-0 authorization through the label creates a flexible
-policy-driven way to strongly partition the physical infrastructure and the
-workloads running on it. This partitioning will be automatically enforced 
during
-migration, start, or resume of domains and simplifies the security management
-considerably. Strongly competing workloads can be forced to run on separate 
physical
-infrastructure and become less depend on the domain isolation capabilities
-of the hypervisor.
-
-First, we relabel the swap image back to A-Bank and then start up domain1:
-\begin{scriptsize}
-\begin{verbatim}
-# xm rmlabel res file:/home/xen/dom_fc5/fedora.fc5.swap
-
-# xm addlabel A-Bank res file:/home/xen/dom_fc5/fedora.fc5.swap
-
-# xm create domain1.xm
-Using config file "./domain1.xm".
-Started domain domain1
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    7   128     1     -b----      0.7  ACM:mytest:A-Bank
-Domain-0   0   839     1     r-----    103.1  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-The following command will restrict the Xen system to only run STE types
-included in the A-Bank label.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm addlabel A-Bank mgt Domain-0
-Successfully set the label of domain 'Domain-0' to 'A-Bank'.
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   839     1     r-----    103.7  ACM:mytest:A-Bank
-domain1    7   128     1     -b----      0.7  ACM:mytest:A-Bank
-
-\end{verbatim}
-\end{scriptsize}
-
-In our example policy in Figure~\ref{fig:acmxmlfileb}, this means that
-only \verb|A-Bank| domains and workloads (types) can run after the
-successful completion of this command because the \verb|A-Bank| label
-includes only a single STE type, namely \verb|A-Bank|. This command
-fails if any running domain has an STE type in its label that is not
-included in the A-Bank label.
-
-If we now label a domain3 with AutoCorp, it cannot start because Domain-0 is
-no longer authorized to run the workload type \verb|AutoCorp|.
-\begin{scriptsize}
-\begin{verbatim}
-# xm addlabel AutoCorp dom domain3.xm
-  (remember to label its resources, too)
-
-# xm create domain3.xm
-Using config file "./domain3.xm".
-Error: VM is not authorized to run.
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   839     1     r-----    104.7  ACM:mytest:A-Bank
-domain1    7   128     1     -b----      0.7  ACM:mytest:A-Bank
-\end{verbatim}
-\end{scriptsize}
-
-At this point, unlabeled domains cannot start either. Let domain4.xm
-describe an unlabeled domain, then trying to start domain4
-will fail:
-\begin{scriptsize}
-\begin{verbatim}
-# xm getlabel dom domain4.xm
-Error: 'Domain not labeled'
-
-# xm create domain4.xm
-Using config file "./domain4.xm".
-Error: VM is not authorized to run.
-\end{verbatim}
-\end{scriptsize}
-
-Relabeling Domain-0 with the SystemManagement label will enable domain3 to 
start.
-\begin{scriptsize}
-\begin{verbatim}
-# xm addlabel SystemManagement mgt Domain-0
-Successfully set the label of domain 'Domain-0' to 'SystemManagement'.
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    7   128     1     -b----      0.8  ACM:mytest:A-Bank
-Domain-0   0   839     1     r-----    106.6  ACM:mytest:SystemManagement
-
-# xm create domain3.xm
-Using config file "./domain3.xm".
-Started domain domain3
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    7   128     1     -b----      0.8 ACM:mytest:A-Bank
-domain3    8   164     1     -b----      0.3 ACM:mytest:AutoCorp
-Domain-0   0   711     1     r-----    107.6 ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-
-\subsection{Labeling Managed User Domains}
-\label{subsection:acmlabelmanageddomains}
-
-Xend has been extended with functionality to manage domains along with their
-configuration information. Such domains are configured and started via Xen-API
-calls. Since managed domains do not have an associated xm configuration file,
-the existing \verb|addlabel| command, which adds the security label into a
-domain's configuration file, will not work for such managed domains.
-
-Therefore, we have extended the \verb|xm addlabel| and \verb|xm rmlabel|
-subcommands to enable adding security labels to and removing security
-labels from managed domain configurations. The following example shows how
-the \verb|A-Bank| label can be assigned to the xend-managed
-domain configuration of \verb|domain1|. Removing labels from managed user
-domain configurations works similarly.
-
-Below, we show a dormant configuration of the managed domain1
-with ID \verb|"-1"| and state \verb|"-----"| before labeling:
-\begin{scriptsize}
-\begin{verbatim}
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1   -1   128     1     ------      0.0 ACM:mytest:__UNLABELED__
-Domain-0   0   711     1     r-----    128.4 ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-Now we label the managed domain:
-\begin{scriptsize}
-\begin{verbatim}
-# xm addlabel A-Bank mgt domain1
-Successfully set the label of the dormant domain 'domain1' to 'A-Bank'.
-\end{verbatim}
-\end{scriptsize}
-
-After labeling, you can see that the security label is part of the
-domain configuration:
-\begin{scriptsize}
-\begin{verbatim}
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1   -1   128     1     ------      0.0  ACM:mytest:A-Bank
-Domain-0   0   711     1     r-----    129.7  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-This command extension does not support relabeling of individual running user 
domains
-for several reasons. For one, because of the difficulty to revoke resources
-in cases where a running domain's new label does not permit access to resources
-that were accessible under the old label. Another reason is that changing the
-label of a single domain of a workload is rarely a good choice and will affect
-the workload isolation properties of the overall workload.
-
-However, the name and contents of the label associated with running domains can
-be indirectly changed through a global policy change, which will update the 
whole
-workload consistently (domains and resources), cf.
-Section~\ref{subsection:acmpolicymanagement}.
-
-\section{Xen Access Control Policy}
-\label{section:acmpolicy}
-
-This section describes the sHype/Xen access control policy in detail.
-It gives enough information to enable the reader to write custom
-access control policies and to use the available Xen policy tools. The
-policy language is expressive enough to specify most symmetric access
-relationships between domains and resources efficiently.
-
-The Xen access control policy consists of two policy components.  The
-first component, called Simple Type Enforcement (STE) policy, controls
-the sharing between running domains, i.e., communication or access to
-shared resources. The second component, called Chinese Wall (CHWALL)
-policy, controls which domains can run simultaneously on the same
-virtualized platform. The CHWALL and STE policy components complement
-each other. The XML policy file includes all information
-needed by Xen to enforce those policies.
-
-Figures~\ref{fig:acmxmlfilea} and \ref{fig:acmxmlfileb} show the fully
-functional but very simple example Xen security policy that is created
-by ezPolicy as shown in Figure~\ref{fig:acmezpolicy}. The policy can
-distinguish the 6 workload types shown in lines 11-17 in
-Fig.~\ref{fig:acmxmlfilea}. The whole XML Security Policy consists of
-four parts:
-\begin{enumerate}
-\item Policy header including the policy name
-\item Simple Type Enforcement block
-\item Chinese Wall Policy block
-\item Label definition block
-\end{enumerate}
-
-\begin{figure}
-\begin{scriptsize}
-\begin{verbatim}
-01  <?xml version="1.0" ?>
-02  <!-- Auto-generated by ezPolicy        -->
-03  <SecurityPolicyDefinition ...">
-04      <PolicyHeader>
-05          <PolicyName>mytest</PolicyName>
-06          <Date>Mon Nov 19 22:51:56 2007</Date>
-07          <Version>1.0</Version>
-08      </PolicyHeader>
-09      <SimpleTypeEnforcement>
-10          <SimpleTypeEnforcementTypes>
-11              <Type>SystemManagement</Type>
-12              <Type>__UNLABELED__</Type>
-13              <Type>A-Bank</Type>
-14              <Type>A-Bank.SecurityUnderwriting</Type>
-15              <Type>A-Bank.MarketAnalysis</Type>
-16              <Type>B-Bank</Type>
-17              <Type>AutoCorp</Type>
-18          </SimpleTypeEnforcementTypes>
-19      </SimpleTypeEnforcement>
-20      <ChineseWall priority="PrimaryPolicyComponent">
-21          <ChineseWallTypes>
-22              <Type>SystemManagement</Type>
-23              <Type>__UNLABELED__</Type>
-24              <Type>A-Bank</Type>
-25              <Type>A-Bank.SecurityUnderwriting</Type>
-26              <Type>A-Bank.MarketAnalysis</Type>
-27              <Type>B-Bank</Type>
-28              <Type>AutoCorp</Type>
-29          </ChineseWallTypes>
-30          <ConflictSets>
-31              <Conflict name="RER">
-32                  <Type>A-Bank</Type>
-33                  <Type>B-Bank</Type>
-34                  <Type>__UNLABELED__</Type>
-35              </Conflict>
-36              <Conflict name="RER">
-37                  <Type>A-Bank.MarketAnalysis</Type>
-38                  <Type>A-Bank.SecurityUnderwriting</Type>
-39                  <Type>__UNLABELED__</Type>
-40              </Conflict>
-41         </ConflictSets>
-42      </ChineseWall>
-\end{verbatim}
-\end{scriptsize}
-\caption{Example XML security policy file -- Part I: Types and Rules 
Definition.}
-\label{fig:acmxmlfilea}
-\end{figure}
-
-\subsection{Policy Header and Policy Name}
-\label{subsection:acmnaming}
-Lines 1-2 (cf Figure~\ref{fig:acmxmlfilea}) include the usual XML
-header. The security policy definition starts in Line 3 and refers to
-the policy schema. The XML-Schema definition for the Xen policy can be
-found in the file
-\textit{/etc/xen/acm-security/policies/security-policy.xsd}. Examples
-for security policies can be found in the example subdirectory. The
-acm-security directory is only installed if ACM security is configured
-during installation (cf Section~\ref{subsection:acmexampleconfigure}).
-
-The \verb|Policy Header| spans lines 4-8. It includes a date field and
-defines the policy name \verb|mytest| as well
-as the version of the XML. It can also include optional fields that are
-not shown and are for future use (see schema definition).
-
-The policy name serves two purposes: First, it provides a unique name
-for the security policy. This name is also exported by the Xen
-hypervisor to the Xen management tools in order to ensure that both
-the Xen hypervisor and Domain-0 enforce the same policy.
-We plan to extend the policy name with a
-digital fingerprint of the policy contents to better protect this
-correlation.  Second, it implicitly points the xm tools to the
-location where the XML policy file is stored on the Xen system.
-Replacing the colons in the policy name by slashes yields the local
-path to the policy file starting from the global policy directory
-\verb|/etc/xen/acm-security/policies|. The last part of the policy
-name is the prefix for the XML policy file name, completed by
-\verb|-security_policy.xml|. Our example policy with the name
-\verb|mytest| can be found in the XML policy file named
-\verb|mytest-security_policy.xml| that is stored under the global
-policy directory. Another, preinstalled example policy named
-\verb|example.test| can be found in the \verb|test-security_policy.xml|
-under \verb|/etc/xen/acm-security/policies/example|.
-
-\subsection{Simple Type Enforcement Policy Component}
-
-The Simple Type Enforcement (STE) policy controls which domains can
-communicate or share resources. This way, Xen can enforce confinement
-of workload types by confining the domains running those workload
-types and their resources. The mandatory access control framework
-enforces its policy when
-domains access intended communication or cooperation means (shared
-memory, events, shared resources such as block devices). It builds on
-top of the core hypervisor isolation, which restricts the ways of
-inter-communication to those intended means.  STE does not protect or
-intend to protect from covert channels in the hypervisor or hardware;
-this is an orthogonal problem that can be mitigated by using the
-Run-time Exclusion rules described above or by fixing the problem leading
-to those covert channels in the core hypervisor or hardware platform.
-
-Xen controls sharing between domains on the resource and domain level
-because this is the abstraction the hypervisor and its management
-understand naturally. While this is coarse-grained, it is also very
-reliable and robust and it requires minimal changes to implement
-mandatory access controls in the hypervisor. It enables platform- and
-operating system-independent policies as part of a layered security
-approach.
-
-Lines 11-17 (cf Figure~\ref{fig:acmxmlfilea}) define the Simple Type
-Enforcement policy component.  Essentially, they define the workload
-type names \verb|SystemManagement|, \verb|A-Bank|,
-\verb|AutoCorp| etc. that are available in the STE policy component. The
-policy rules are implicit: Xen permits two domains to communicate with
-each other if and only if their security labels have at least one STE type in
-common.  Similarly, Xen permits a user domain to access a
-resource if and only if the labels of the domain and the resource
-have at least one STE workload type in common.
-
-\subsection{Chinese Wall Policy Component}
-
-The Chinese Wall security policy interpretation of sHype enables users
-to prevent certain workloads from running simultaneously on the same
-hypervisor platform.  Run-time Exclusion rules (RER), also called
-Conflict Sets or Anti-Collocation rules, define a set of workload types
-that are not permitted to run simultaneously on the same virtualized
-platform. Of all the workloads specified in a Run-time
-Exclusion rule, at most one type can run on the same hypervisor
-platform at a time.  Run-time Exclusion Rules implement a less
-rigorous variant of the original Chinese Wall security component. They
-do not implement the *-property of the policy, which would require to
-restrict also types that are not part of an exclusion rule once they
-are running together with a type in an exclusion rule
-(http://www.gammassl.co.uk/topics/chinesewall.html provides more information
-on the original Chinese Wall policy).
-
-Xen considers the \verb|ChineseWallTypes| part of the label for the
-enforcement of the Run-time Exclusion rules.  It is illegal to define
-labels including conflicting Chinese Wall types.
-
-Lines 20-41 (cf Figure~\ref{fig:acmxmlfilea}) define the Chinese Wall
-policy component. Lines 22-28 define the known Chinese Wall types,
-which coincide here with the STE types defined above. This usually
-holds if the criteria for sharing among domains and sharing of the
-hardware platform are the same. Lines 30-41 define one Run-time
-Exclusion rules, the first of which is depicted below:
-
-\begin{scriptsize}
-\begin{verbatim}
-31  <Conflict name="RER">
-32    <Type>A-Bank</Type>
-33    <Type>B-Bank</Type>
-34    <Type>__UNLABELED__</Type>
-35  </Conflict>
-\end{verbatim}
-\end{scriptsize}
-
-Based on this rule, Xen enforces that only one of the types
-\verb|A-Bank|, \verb|B-Bank|, or \verb|__UNLABELED__| will run
-on a single hypervisor platform at a time. For example, once a domain assigned 
a
-\verb|A-Bank| workload type is started, domains with the
-\verb|B-Bank| type or unlabeled domains will be denied to start.
-When the former domain stops and no other domains with the \verb|A-Bank|
-type are running, then domains with the \verb|B-Bank| type or unlabeled domains
-can start.
-
-Xen maintains reference counts on each running workload type to keep
-track of which workload types are running. Every time a domain starts
-or resumes, the reference count on those Chinese Wall types that are
-referenced in the domain's label are incremented. Every time a domain
-is destroyed or saved, the reference counts of its Chinese Wall types
-are decremented. sHype in Xen fully supports migration and live-migration,
-which is subject to access control the same way as saving a domain on
-the source platform and resuming it on the destination platform.
-
-Here are some reasons why users might want to restrict workloads or domains
-from sharing the system hardware simultaneously:
-
-\begin{itemize}
-\item Imperfect resource management or control might enable a compromised
-  user domain to starve other domains and the workload running in them.
-\item Redundant user domains might run the same workload to increase
-  availability; such domains should not run on the same hardware to
-  avoid single points of failure.
-\item Imperfect Xen core domain isolation might enable two rogue
-  domains running different workload types to use unintended and
-  unknown ways (covert channels) to exchange some bits of information.
-  This way, they bypass the policed Xen access control mechanisms.  Such
-  imperfections cannot be completely eliminated and are a result of
-  trade-offs between security and other design requirements. For a
-  simple example of a covert channel see
-  http://www.multicians.org/timing-chn.html. Such covert channels
-  exist also between workloads running on different platforms if they
-  are connected through networks. The Xen Chinese Wall policy provides
-  an approximated ``air-gap'' between selected workload types.
-\end{itemize}
-
-\subsection{Security Labels}
-
-To enable Xen to associate domains with workload types running in
-them, each domain is assigned a security label that includes the
-workload types of the domain.
-
-\begin{figure}[htb]
-               \begin{tabular*}{\textwidth}{@{\extracolsep{\fill}}l|l}
-               \begin{minipage}{0.475\textwidth}
-               \begin{tiny}
-               \begin{verbatim}
-<SecurityLabelTemplate>
-  <SubjectLabels bootstrap="SystemManagement">
-  <VirtualMachineLabel>
-    <Name>SystemManagement</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>SystemManagement</Type>
-      <Type>__UNLABELED__</Type>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.SecurityUnderwriting</Type>
-      <Type>A-Bank.MarketAnalysis</Type>
-      <Type>B-Bank</Type>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>SystemManagement</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>__UNLABELED__</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>__UNLABELED__</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>__UNLABELED__</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>A-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>A-Bank.SecurityUnderwriting</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.SecurityUnderwriting</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.SecurityUnderwriting</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>A-Bank.MarketAnalysis</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.MarketAnalysis</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.MarketAnalysis</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>B-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>B-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>B-Bank</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-\end{verbatim}
-\end{tiny}
-\end{minipage} &
-\begin{minipage}{0.475\textwidth}
-\begin{tiny}
-\begin{verbatim}
-  <VirtualMachineLabel>
-    <Name>AutoCorp</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>AutoCorp</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  </SubjectLabels>
-  <ObjectLabels>
-  <ResourceLabel>
-    <Name>SystemManagement</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>SystemManagement</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>__UNLABELED__</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>__UNLABELED__</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>A-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>A-Bank.SecurityUnderwriting</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.SecurityUnderwriting</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>A-Bank.MarketAnalysis</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.MarketAnalysis</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>B-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>B-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>AutoCorp</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  </ObjectLabels>
-</SecurityLabelTemplate>
-</SecurityPolicyDefinition>
-
-
-
-
-
-
-
-
-\end{verbatim}
-\end{tiny}
-\end{minipage}
-\end{tabular*}
-\caption{Example XML security policy file -- Part II: Label Definition.}
-\label{fig:acmxmlfileb}
-\end{figure}
-% DO NOT MODIFY WHITESPACE ABOVE, it balances the columns
-The \verb|SecurityLabelTemplate| (cf Figure~\ref{fig:acmxmlfileb}) defines
-the security labels that can be associated with domains and resources when
-this policy is active (use the \verb|xm labels type=any| command described in
-Section~\ref{subsection:acmexamplelabeldomains} to list all available labels).
-
-The domain labels include
-Chinese Wall types while resource labels do not include Chinese Wall types.
-The \verb|SubjectLabels| policy section defines the labels that can be
-assigned to domains. The VM label
-\verb|A-Bank.SecurityUnderwriting| in Figure~\ref{fig:acmxmlfileb})
-associates the domain that carries it with the workload STE type
-\verb|A-Bank.SecurityUnderwriting| and with the CHWALL types \verb|A-Bank|
-and \verb|A-Bank.SecurityUnderwriting|. The ezPolicy tool
-assumes that any department workload will inherit any conflict set that
-is specified for its organization, i.e., if \verb|B-Bank| is running, not
-only \verb|A-Bank| but also all its departmental workloads are prevented
-from running by this first run-time exclusion set. The separation of STE
-and CHWALL types in the label definition ensures that
-all departmental workloads are isolated from each other and from their generic
-organization workloads, while they are sharing CHWALL types to
-simplify the formulation of run-time exclusion sets.
-
-The \verb|bootstrap| attribute of the \verb|<SubjectLabels>| XML node
-in our example policy shown in Figure~\ref{fig:acmxmlfileb} names
-the label \verb|SystemManagement| as the label that Xen will assign
-to Domain-0 at boot time (if this policy is installed as boot policy). The
-label of Domain-0 can be persistently changed at run-time with the
-\verb|addlabel| command, which adds an overriding option to the grub.conf
-boot entry (cf Section~\ref{subsection:acmlabeldom0}).
-All user domains are assigned labels according to their domain configuration
-(see Section~\ref{subsection:acmexamplelabeldomains} for examples of
-how to label domains).
-
-The \verb|ObjectLabels| depicted in Figure~\ref{fig:acmxmlfileb} can be
-assigned to resources when this policy is active.
-
-In general, user domains should be assigned labels that have only a
-single SimpleTypeEnforcement workload type. This way, workloads remain
-confined even if user domains become rogue. Any domain that is
-assigned a label with multiple STE types must be trusted to keep
-information belonging to the different STE types separate (confined).
-For example, Domain-0 is assigned the bootstrap label
-\verb|SystemManagement|, which includes all existing STE types.
-Therefore, Domain-0 must take care not to enable unauthorized
-information flow (eg. through block devices or virtual networking)
-between domains or resources that are assigned different STE types.
-
-Security administrators simply use the name of a label (specified in
-the \verb|<Name>| field) to associate a label with a domain (cf.
-Section~\ref{subsection:acmexamplelabeldomains}). The types inside the
-label are used by the Xen access control enforcement.  While the name
-can be arbitrarily chosen (as long as it is unique), it is advisable
-to choose the label name in accordance to the security types included.
-Similarly, the STE and CHWALL types should be named according to the
-workloads they represent. While the XML representation of the label
-in the above example seems unnecessary flexible, labels in general
-must be able to include multiple types.
-
-We assume in the following example, that \verb|A-Bank.SecurityUnderwriting| and
-\verb|A-Bank.MarketAnalysis| workloads use virtual disks that are provided
-by a virtual I/O domain hosting a physical storage device and carrying
-the following label:
-
-\begin{scriptsize}
-\begin{verbatim}
-        <VirtualMachineLabel>
-          <Name>VIOServer</Name>
-          <SimpleTypeEnforcementTypes>
-              <Type>A-Bank</Type>
-              <Type>A-Bank.SecurityUnderwriting</Type>
-              <Type>A-Bank.MarketAnalysis</Type>
-              <Type>VIOServer</Type>
-          </SimpleTypeEnforcementTypes>
-          <ChineseWallTypes>
-              <Type>VIOServer</Type>
-          </ChineseWallTypes>
-        </VirtualMachineLabel>
-\end{verbatim}
-\end{scriptsize}
-
-This Virtual I/O domain (VIO) exports its virtualized disks by
-communicating to all domains labeled with the
-\verb|A-Bank.SecurityUnderwriting|, the \verb|A-Bank|, or the
-\verb|A-Bank.MarketAnalysis| label. This requires the
-VIO domain to carry those STE types. In addition, this label includes a
-new \verb|VIOServer| type that can be used to restrict direct access to the
-physical storage resource to the VIODomain.
-
-In this example, the confinement of  these A-Bank workloads depends on the
-VIO domain that must keep the data of those different workloads separate.
-The virtual disks are labeled as well to keep track of their assignments
-to workload types (see Section~\ref{subsection:acmexamplelabelresources}
-for labeling resources) and enforcement functions inside the VIO
-domain must ensure that the labels of the domain mounting a virtual
-disk and the virtual disk label share a common STE type. The VIO label
-carrying its own VIOServer CHWALL type introduces the flexibility to
-permit the trusted VIO server to run together with 
\verb|A-Bank.SecurityUnderwriting|
-or \verb|A-Bank.MarketAnalysis| workloads.
-
-Alternatively, a system that has two hard-drives does not need a VIO
-domain but can directly assign one hardware storage device to each of
-the workloads if the platform offers an IO-MMU, cf
-Section~\ref{s:ddsecurity}.  Sharing hardware through virtualized devices
-is a trade-off between the amount of trusted code (size of the trusted
-computing base) and the amount of acceptable over-provisioning. This
-holds both for peripherals and for system platforms.
-
-
-\subsection{Managing sHype/Xen Security Policies at Run-time}
-\label{subsection:acmpolicymanagement}
-
-\subsubsection{Removing the sHype/Xen Security Policy}
-When resetting the policy, no labeled domains can be running.
-Please stop or shutdown all running labeled domains. Then you can reset
-the policy to the default policy using the \verb|resetpolicy| command:
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm getpolicy
-Supported security subsystems   : ACM
-Policy name           : mytest
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded, activated for boot
-
-# xm resetpolicy
-Successfully reset the system's policy.
-
-# xm getpolicy
-Supported security subsystems   : ACM
-Policy name           : DEFAULT
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded
-
-# xm resources
-file:/home/xen/dom_fc5/fedora.fc5.swap
-      type: INV_ACM
-    policy: mytest
-     label: A-Bank
-file:/home/xen/dom_fc5/fedora.fc5.img
-      type: INV_ACM
-    policy: mytest
-     label: A-Bank
-\end{verbatim}
-\end{scriptsize}
-
-As the \verb|xm resources| output shows, all resource labels have
-invalidated type information but their semantics remain associated
-with the resources so that they can later on either be relabeled
-with semantically equivalent labels or sanitized and reused
-(storage resources).
-
-At this point, the system is in the same initial state as after
-configuring XSM and sHype/ACM and rebooting the system without
-a specific policy. No user domains can run.
-
-\subsubsection{Changing to a Different sHype/Xen Security Policy}
-The easiest way to change to a different, unrelated policy is to reset the 
system
-policy and then set the new policy. Please consider that the existing
-domain and resource labels become invalid at this point. Please refer
-to the next section for an example of how to seamlessly update an
-active policy at run-time without invalidating labels.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm resetpolicy
-Successfully reset the system's policy.
-
-# xm setpolicy ACM example.test
-Successfully set the new policy.
-Supported security subsystems   : ACM
-Policy name           : example.test
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded, activated for boot
-
-# xm labels
-CocaCola
-PepsiCo
-SystemManagement
-VIO
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   873     1     r-----     56.3  ACM:example.test:SystemManagement
-
-# xm resetpolicy
-Successfully reset the system's policy.
-
-# xm getpolicy
-Supported security subsystems   : ACM
-Policy name           : DEFAULT
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   873     1     r-----     57.2  ACM:DEFAULT:SystemManagement
-
-# xm setpolicy ACM mytest
-Successfully set the new policy.
-Supported security subsystems   : ACM
-Policy name           : mytest
-Policy type           : ACM
-Version of XML policy : 1.0
-Policy configuration  : loaded, activated for boot
-
-# xm labels
-A-Bank
-A-Bank.MarketAnalysis
-A-Bank.SecurityUnderwriting
-AutoCorp
-B-Bank
-SystemManagement
-__UNLABELED__
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-Domain-0   0   873     1     r-----     58.0  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-The described way of changing policies by resetting the existing
-policy is useful for testing different policies. For real deployment
-environments, a policy update as described in the following section
-is more appropriate and can be applied seamlessly at run-time while
-user domains are running.
-
-\subsubsection{Update an sHype/Xen Security Policy at Run-time}
-
-Once an ACM security policy is activated (loaded into the Xen
-hypervisor), the policy may be updated at run-time without the
-need to re-boot the system. The XML update-policy contains several
-additional information fields that are required to safely link the
-new policy contents to the old policy and ensure a consistent
-transformation of the system security state from the old to the
-new policy. Those additional fields are required for policies that
-are updating an existing policy at run-time.
-
-The major benefit of policy updates is the ability to add, delete,
-or rename workload types, labels, and conflict sets (run-time
-exclusion rules) to accommodate changes in the managed virtual
-environment without the need to reboot the Xen system. When a
-new policy renames labels of the current policy, the labels
-attached to resources and domains are automatically updated
-during a successful policy update.
-
-We have manually crafted an update policy for the \verb|mytest|
-security policy and stored it in the file mytest\_update-security\_policy.xml
-in the policies directory. We will discuss this policy in detail before
-using it to update a running sHype/Xen system. The following figures contain
-the whole contents of the update policy file.
-
-Figure~\ref{fig:acmupdateheader} shows the policy
-header of an update-policy and the new \verb|FromPolicy| XML
-node. For the policy update to succeed, the policy name and the
-policy version fields of the \verb|FromPolicy| XML node must
-exactly match those of the currently enforced policy. This
-ensures a controlled update path of the policy.
-
-\begin{figure}[htb]
-\begin{scriptsize}
-\begin{verbatim}
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Auto-generated by ezPolicy        -->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
-    <PolicyHeader>
-        <PolicyName>mytest</PolicyName>
-        <Date>Tue Nov 27 21:53:45 2007</Date>
-        <Version>1.1</Version>
-        <FromPolicy>
-            <PolicyName>mytest</PolicyName>
-            <Version>1.0</Version>
-        </FromPolicy>
-    </PolicyHeader>
-\end{verbatim}
-\end{scriptsize}
-\caption{XML security policy update -- Part I: Updated Policy Header.}
-\label{fig:acmupdateheader}
-\end{figure}
-
-The version number of the new policy, which is shown in the
-node following the \verb|Date| node, must be a logical increment
-to the current policy's version. Therefore at least the minor
-number of the policy version must be incremented. This ensures
-that a policy update is applied only to exactly the policy for
-which this update was created and minimizes unforseen side-effects
- of policy updates.
-
-\paragraph{Types and Conflic Sets}
-The type names and the assignment of types to labels or conflict
-sets (run-time exclusion rules) can
-simply be changed consistently throughout the policy. Types,
-as opposed to labels, are not directly associated or referenced
-outside the policy so they do not need to carry their history
-in a ``From'' field. The figure below shows the update for the
-types and conflict sets. The \verb|__UNLABELED__| type is removed
-to disable support for running unlabeled domains. Additionally,
-we have renamed the two \verb|A-Bank| department types with
-abbreviated names \verb|A-Bank.SU| and \verb|A-Bank.MA|. You
-can also see how those type names are
-consistently changed within the conflict set definition.
-
-\begin{figure}[htb]
-\begin{scriptsize}
-\begin{verbatim}
-    <SimpleTypeEnforcement>
-        <SimpleTypeEnforcementTypes>
-            <Type>SystemManagement</Type>
-            <Type>A-Bank</Type>
-            <Type>A-Bank.SU</Type>
-            <Type>A-Bank.MA</Type>
-            <Type>B-Bank</Type>
-            <Type>AutoCorp</Type>
-        </SimpleTypeEnforcementTypes>
-    </SimpleTypeEnforcement>
-
-    <ChineseWall priority="PrimaryPolicyComponent">
-        <ChineseWallTypes>
-            <Type>SystemManagement</Type>
-            <Type>A-Bank</Type>
-            <Type>A-Bank.SU</Type>
-            <Type>A-Bank.MA</Type>
-            <Type>B-Bank</Type>
-            <Type>AutoCorp</Type>
-        </ChineseWallTypes>
-
-        <ConflictSets>
-            <Conflict name="RER">
-                <Type>A-Bank</Type>
-                <Type>B-Bank</Type>
-            </Conflict>
-            <Conflict name="RER">
-                <Type>A-Bank.MA</Type>
-                <Type>A-Bank.SU</Type>
-            </Conflict>
-       </ConflictSets>
-    </ChineseWall>
-\end{verbatim}
-\end{scriptsize}
-\caption{XML security policy update -- Part II: Updated Types and Conflict 
Sets.}
-\label{fig:acmupdatetypesnrules}
-\end{figure}
-
-In the same way, new types can be introduced and new conflict sets
-can be defined by simply adding the types or conflict sets to the
-update policy.
-
-\paragraph{Labels} Virtual machine and resource labels of an existing policy 
can be
-deleted through a policy update simply by omitting them in the
-update-policy. However, if a currently running virtual machine
-or a currently used resource is labeled with a label not stated
-in the update-policy, then the policy update is rejected. This
-ensures that a policy update leaves the system in a consistent
-security state.
-
-A policy update also enables the renaming of virtual machine and
-resource labels. Linking the old label name with the new label
-name is achieved through the \verb|from| attribute in the
-\verb|VirtualMachineLabel| or \verb|ResourceLabel| nodes in the
-update-policy. Figure~\ref{fig:acmupdatelabels} shown how subject
-and resource labels
-are updated from their old name \verb|A-Bank.SecurityUnterwriting|
-to their new name \verb|A-Bank.SU| using the \verb|from| attribute.
-
-\begin{figure}[htb]
-\begin{tabular*}{\textwidth}{@{\extracolsep{\fill}}l|l}
-\begin{minipage}{0.475\textwidth}
-\begin{tiny}
-\begin{verbatim}
-<SecurityLabelTemplate>
-  <SubjectLabels bootstrap="SystemManagement">
-  <VirtualMachineLabel>
-    <Name>SystemManagement</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>SystemManagement</Type>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.SU</Type>
-      <Type>A-Bank.MA</Type>
-      <Type>B-Bank</Type>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>SystemManagement</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>A-Bank-WL</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>SystemManagement</Type>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.SU</Type>
-      <Type>A-Bank.MA</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>SystemManagement</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>A-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name from="A-Bank.SecurityUnderwriting">
-            A-Bank.SU</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.SU</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.SU</Type>
-    </ChineseWallTypes>
-   </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name from="A-Bank.MarketAnalysis">
-            A-Bank.MA</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.MA</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>A-Bank</Type>
-      <Type>A-Bank.MA</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-\end{verbatim}
-\end{tiny}
-\end{minipage} &
-\begin{minipage}{0.475\textwidth}
-\begin{tiny}
-\begin{verbatim}
-  <VirtualMachineLabel>
-    <Name>B-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>B-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>B-Bank</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-  <VirtualMachineLabel>
-    <Name>AutoCorp</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-    <ChineseWallTypes>
-      <Type>AutoCorp</Type>
-    </ChineseWallTypes>
-  </VirtualMachineLabel>
-</SubjectLabels>
-
-<ObjectLabels>
-  <ResourceLabel>
-    <Name>SystemManagement</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>SystemManagement</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>A-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name from="A-Bank.SecurityUnderwriting">
-            A-Bank.SU</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.SU</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name from="A-Bank.MarketAnalysis">
-            A-Bank.MA</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>A-Bank.MA</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>B-Bank</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>B-Bank</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  <ResourceLabel>
-    <Name>AutoCorp</Name>
-    <SimpleTypeEnforcementTypes>
-      <Type>AutoCorp</Type>
-    </SimpleTypeEnforcementTypes>
-  </ResourceLabel>
-  </ObjectLabels>
-</SecurityLabelTemplate>
-</SecurityPolicyDefinition>
-\end{verbatim}
-\end{tiny}
-\end{minipage}
-\end{tabular*}
-\caption{XML security policy update -- Part III: Updated Label Definition.}
-\label{fig:acmupdatelabels}
-\end{figure}
-% DO NOT MODIFY WHITESPACE ABOVE, it balances the columns
-
-The updated label definition also includes a new label \verb|A-Bank-WL|
-that includes all STE types related to A-Bank. Its CHWALL type
-is \verb|SystemManagement|. This indicates that this label is designed
-as Domain-0 label. A Xen system can be restricted to only run A-Bank
-related workloads by relabeling Domain-0 with the \verb|A-Bank-WL| label.
-
-We assume that the update-policy shown in
-Figures~\ref{fig:acmupdateheader}, \ref{fig:acmupdatetypesnrules}
-and \ref{fig:acmupdatelabels}
-is stored in the XML file mytest\_update-security\_policy.xml located
-in the ACM policy directory. See Section~\ref{subsection:acmnaming}
-for information about policy names and locations.
-
-The following \verb|xm setpolicy| command updates the active ACM
-security policy at run-time.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm list --label
-Name      ID   Mem VCPUs    State  Time(s) Label
-domain1    2   128     1   -b----     0.6  ACM:mytest:A-Bank
-domain4    3   164     1   -b----     0.3  
ACM:mytest:A-Bank.SecurityUnderwriting
-Domain-0   0   711     1   r-----    71.8  ACM:mytest:SystemManagement
-
-# xm resources
-file:/home/xen/dom_fc5/fedora.fc5.swap
-      type: ACM
-    policy: mytest
-    label:  A-Bank
-file:/home/xen/dom_fc5/fedora.fc5.img
-      type: ACM
-    policy: mytest
-    label:  A-Bank
-
-# xm setpolicy ACM mytest_update
-Successfully set the new policy.
-Supported security subsystems   : ACM
-Policy name           : mytest
-Policy type           : ACM
-Version of XML policy : 1.1
-Policy configuration  : loaded, activated for boot
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    2   128     1     -b----      0.7  ACM:mytest:A-Bank
-domain4    3   164     1     -b----      0.3  ACM:mytest:A-Bank.SU
-Domain-0   0   711     1     r-----     72.8  ACM:mytest:SystemManagement
-
-# xm labels
-A-Bank
-A-Bank-WL
-A-Bank.MA
-A-Bank.SU
-AutoCorp
-B-Bank
-
-# xm resources
-file:/home/xen/dom_fc5/fedora.fc5.swap
-      type: ACM
-    policy: mytest
-     label: A-Bank
-file:/home/xen/dom_fc5/fedora.fc5.img
-      type: ACM
-    policy: mytest
-     label: A-Bank
-    \end{verbatim}
-\end{scriptsize}
-
-After successful completion of this command, \verb|xm list --label|
-shows that the labels of running domains changed to their new names.
-\verb|xm labels| shows that new labels \verb|A-Bank.SU| and \verb|A-Bank.AM|
-are now available in the policy. The resource labels remain valid after
-the successful update as \verb|xm resources| confirms.
-
-The \verb|setpolicy| command fails if the new policy is inconsistent
-with the current one or the policy is inconsistent internally (e.g., types
-are renamed in the type definition but not in the label definition part of
-the policy). In this case, the old policy remains active.
-
-After relabeling Domain-0 with the new \verb|A-Bank-WL| label, we can no
-longer run domains labeled \verb|B-Bank| or \verb|AutoCorp| since their
-STE types are not a subset of the new Domain-0 label.
-
-\begin{scriptsize}
-\begin{verbatim}
-# xm addlabel A-Bank-WL mgt Domain-0
-Successfully set the label of domain 'Domain-0' to 'A-Bank-WL'.
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    2   128     1     -b----      0.8  ACM:mytest:A-Bank
-Domain-0   0   711     1     r-----     74.5  ACM:mytest:A-Bank-WL
-domain4    3   164     1     -b----      0.3  ACM:mytest:A-Bank.SU
-
-# xm getlabel dom domain3.xm
-policytype=ACM,policy=mytest,label=AutoCorp
-
-# xm create domain3.xm
-Using config file "./domain3.xm".
-Error: VM is not authorized to run.
-
-# xm addlabel SystemManagement mgt Domain-0
-Successfully set the label of domain 'Domain-0' to 'SystemManagement'.
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    2   128     1     -b----      0.8  ACM:mytest:A-Bank
-domain4    3   164     1     -b----      0.3  ACM:mytest:A-Bank.SU
-Domain-0   0   709     1     r-----     76.4  ACM:mytest:SystemManagement
-
-# xm create domain3.xm
-Using config file "./domain3.xm".
-Started domain domain3
-
-# xm list --label
-Name      ID   Mem VCPUs      State   Time(s) Label
-domain1    2   128     1     -b----      0.8  ACM:mytest:A-Bank
-domain4    3   164     1     -b----      0.3  ACM:mytest:A-Bank.SU
-domain3    4   164     1     -b----      0.3  ACM:mytest:AutoCorp
-Domain-0   0   547     1     r-----     77.5  ACM:mytest:SystemManagement
-\end{verbatim}
-\end{scriptsize}
-
-In the same manner, you can add new labels to support new workloads and
-add, delete, or rename workload types (STE and/or CHWALL types) simply
-by changing the composition of labels. Another use case is to add new
-workload types to the current Domain-0 label to enable them to run.
-Conflict sets (run-time exclusion rules) can be simply omitted or added.
-The policy and label changes become active at once and new workloads
-can be run in protected mode without rebooting the Xen system.
-
-In all these cases, if any running user domain would--under the new policy--not
-be allowed to run or would not be allowed to access any of the resources
-it currently uses, then the policy update is rejected. In this case, you
-can stop domains that conflict with the new policy and update the policy
-afterwards. The old policy remains active until a policy update succeeds
-or Xen is re-booted into a new policy.
-
-\subsection{Tools For Creating sHype/Xen Security Policies}
-To create a security policy for Xen, you can use one of the following
-tools:
-\begin{itemize}
-\item \verb|ezPolicy| GUI tool -- start writing policies
-\item \verb|xensec_gen| tool -- refine policies created with \verb|ezPolicy|
-\item text or XML editor
-\end{itemize}
-
-We use the \verb|ezPolicy| tool in
-Section~\ref{subsection:acmexamplecreate} to quickly create a workload
-protection policy. If desired, the resulting XML policy file can be
-loaded into the \verb|xensec_gen| tool to refine it. It can also be
-directly edited using an XML editor. Any XML policy file is verified
-against the security policy schema when it is translated (see
-Subsection~\ref{subsection:acmexampleinstall}).
-
-\section{Current Limitations}
-\label{section:acmlimitations}
-
-The sHype/ACM configuration for Xen is work in progress. There is
-ongoing work for protecting virtualized resources and planned and
-ongoing work for protecting access to remote resources and domains.
-The following sections describe limitations of some of the areas into
-which access control is being extended.
-
-\subsection{Network Traffic}
-Local and remote network traffic is currently not controlled.
-Solutions to add sHype/ACM policy enforcement to the virtual network
-exist but need to be discussed before they can become part of Xen.
-Subjecting external network traffic to the ACM security policy is work
-in progress. Manually setting up filters in domain 0 is required for
-now but does not scale well.
-
-\subsection{Resource Access and Usage Control}
-
-Enforcing the security policy across multiple hypervisor systems and
-on access to remote shared resources is work in progress. Extending
-access control to new types of resources is ongoing work (e.g. network
-storage).
-
-On a single Xen system, information about the association of resources
-and security labels is stored in
-\verb|/var/lib/xend/security/policies/resource_labels|. This file relates
-a full resource path with a security label. This association is weak
-and will break if resources are moved or renamed without adapting the
-label file. Improving the protection of label-resource relationships
-is ongoing work.
-
-Controlling resource usage and enforcing resource limits in general is
-ongoing work in the Xen community.
-
-\subsection{Domain Migration}
-
-Labels on domains are enforced during domain migration and the
-destination hypervisor will ensure that the domain label is valid and
-the domain is permitted to run (considering the Chinese Wall policy
-rules) before it accepts the migration.  However, the network between
-the source and destination hypervisor as well as both hypervisors must
-be trusted. Architectures and prototypes exist that both protect the
-network connection and ensure that the hypervisors enforce access
-control consistently but patches are not yet available for the main
-stream.
-
-\subsection{Covert Channels}
-
-The sHype access control aims at system independent security policies.
-It builds on top of the core hypervisor isolation. Any covert channels
-that exist in the core hypervisor or in the hardware (e.g., shared
-processor cache) will be inherited. If those covert channels are not
-the result of trade-offs between security and other system properties,
-then they are most effectively minimized or eliminated where they are
-caused. sHype offers however some means to mitigate their impact, e.g.,
-run-time exclusion rules (cf Section~\ref{subsection:acmexamplecreate})
-or limiting the system authorization (cf 
Section~\ref{subsection:acmlabeldom0}).
-
-
 \part{Reference}
 
 %% Chapter Build and Boot Options
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/Makefile
--- a/tools/Makefile    Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/Makefile    Fri Mar 25 21:47:57 2011 +0000
@@ -13,7 +13,6 @@
 SUBDIRS-y += xentrace
 SUBDIRS-$(CONFIG_XCUTILS) += xcutils
 SUBDIRS-$(CONFIG_X86) += firmware
-SUBDIRS-$(ACM_SECURITY) += security
 SUBDIRS-y += console
 SUBDIRS-y += xenmon
 SUBDIRS-$(VTPM_TOOLS) += vtpm_manager
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/check/Makefile
--- a/tools/check/Makefile      Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/check/Makefile      Fri Mar 25 21:47:57 2011 +0000
@@ -7,12 +7,12 @@
 # Check this machine is OK for building on.
 .PHONY: check-build
 check-build:
-       PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) 
ACM_SECURITY=$(ACM_SECURITY) ./chk build
+       PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk build
 
 # Check this machine is OK for installing on.
 .PHONY: check-install
 check-install:
-       PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) 
ACM_SECURITY=$(ACM_SECURITY) ./chk install
+       PYTHON=$(PYTHON) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk install
 
 .PHONY: clean
 clean:
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/check/check_xml2
--- a/tools/check/check_xml2    Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/check/check_xml2    Fri Mar 25 21:47:57 2011 +0000
@@ -3,7 +3,7 @@
 
 . ./funcs.sh
 
-if [ ! "$LIBXENAPI_BINDINGS" = "y" -a ! "$ACM_SECURITY" = "y" ]
+if [ ! "$LIBXENAPI_BINDINGS" = "y" ]
 then
     echo -n "unused, "
     exit 0
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/libxc/Makefile
--- a/tools/libxc/Makefile      Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/libxc/Makefile      Fri Mar 25 21:47:57 2011 +0000
@@ -13,7 +13,6 @@
 CTRL_SRCS-y       += xc_evtchn.c
 CTRL_SRCS-y       += xc_gnttab.c
 CTRL_SRCS-y       += xc_misc.c
-CTRL_SRCS-y       += xc_acm.c
 CTRL_SRCS-y       += xc_flask.c
 CTRL_SRCS-y       += xc_physdev.c
 CTRL_SRCS-y       += xc_private.c
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/libxc/xc_acm.c
--- a/tools/libxc/xc_acm.c      Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-/******************************************************************************
- * xc_acm.c
- *
- * Copyright (C) 2005, 2006 IBM Corporation, R Sailer
- *
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation;
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  
USA
- */
-
-#include "xc_private.h"
-
-int xc_acm_op(xc_interface *xch, int cmd, void *arg, unsigned long arg_size)
-{
-    int ret;
-    DECLARE_HYPERCALL;
-    DECLARE_HYPERCALL_BUFFER(struct xen_acmctl, acmctl);
-
-    acmctl = xc_hypercall_buffer_alloc(xch, acmctl, sizeof(*acmctl));
-    if ( acmctl == NULL )
-    {
-        PERROR("Could not allocate memory for ACM OP hypercall");
-        return -EFAULT;
-    }
-
-    switch (cmd) {
-        case ACMOP_setpolicy: {
-            struct acm_setpolicy *setpolicy = (struct acm_setpolicy *)arg;
-            memcpy(&acmctl->u.setpolicy,
-                   setpolicy,
-                   sizeof(struct acm_setpolicy));
-        }
-        break;
-
-        case ACMOP_getpolicy: {
-            struct acm_getpolicy *getpolicy = (struct acm_getpolicy *)arg;
-            memcpy(&acmctl->u.getpolicy,
-                   getpolicy,
-                   sizeof(struct acm_getpolicy));
-        }
-        break;
-
-        case ACMOP_dumpstats: {
-            struct acm_dumpstats *dumpstats = (struct acm_dumpstats *)arg;
-            memcpy(&acmctl->u.dumpstats,
-                   dumpstats,
-                   sizeof(struct acm_dumpstats));
-        }
-        break;
-
-        case ACMOP_getssid: {
-            struct acm_getssid *getssid = (struct acm_getssid *)arg;
-            memcpy(&acmctl->u.getssid,
-                   getssid,
-                   sizeof(struct acm_getssid));
-        }
-        break;
-
-        case ACMOP_getdecision: {
-            struct acm_getdecision *getdecision = (struct acm_getdecision 
*)arg;
-            memcpy(&acmctl->u.getdecision,
-                   getdecision,
-                   sizeof(struct acm_getdecision));
-        }
-        break;
-
-        case ACMOP_chgpolicy: {
-            struct acm_change_policy *change_policy = (struct 
acm_change_policy *)arg;
-            memcpy(&acmctl->u.change_policy,
-                   change_policy,
-                   sizeof(struct acm_change_policy));
-        }
-        break;
-
-        case ACMOP_relabeldoms: {
-            struct acm_relabel_doms *relabel_doms = (struct acm_relabel_doms 
*)arg;
-            memcpy(&acmctl->u.relabel_doms,
-                   relabel_doms,
-                   sizeof(struct acm_relabel_doms));
-        }
-        break;
-    }
-
-    acmctl->cmd = cmd;
-    acmctl->interface_version = ACM_INTERFACE_VERSION;
-
-    hypercall.op = __HYPERVISOR_xsm_op;
-    hypercall.arg[0] = HYPERCALL_BUFFER_AS_ARG(acmctl);
-    if ( (ret = do_xen_hypercall(xch, &hypercall)) < 0)
-    {
-        if ( errno == EACCES )
-            DPRINTF("acmctl operation failed -- need to"
-                    " rebuild the user-space tool set?\n");
-    }
-
-    switch (cmd) {
-        case ACMOP_getdecision: {
-            struct acm_getdecision *getdecision = (struct acm_getdecision 
*)arg;
-            memcpy(getdecision,
-                   &acmctl->u.getdecision,
-                   sizeof(struct acm_getdecision));
-            break;
-        }
-    }
-
-    xc_hypercall_buffer_free(xch, acmctl);
-
-    return ret;
-}
-
-/*
- * Local variables:
- * mode: C
- * c-set-style: "BSD"
- * c-basic-offset: 4
- * tab-width: 4
- * indent-tabs-mode: nil
- * End:
- */
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h     Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/libxc/xenctrl.h     Fri Mar 25 21:47:57 2011 +0000
@@ -44,8 +44,6 @@
 #include <xen/memory.h>
 #include <xen/grant_table.h>
 #include <xen/hvm/params.h>
-#include <xen/xsm/acm.h>
-#include <xen/xsm/acm_ops.h>
 #include <xen/xsm/flask_op.h>
 #include <xen/tmem.h>
 
@@ -1250,8 +1248,6 @@
 
 int xc_version(xc_interface *xch, int cmd, void *arg);
 
-int xc_acm_op(xc_interface *xch, int cmd, void *arg, unsigned long arg_size);
-
 int xc_flask_op(xc_interface *xch, flask_op_t *op);
 
 /*
diff -r a65612bcbb92 -r 2aeebd5cbbad 
tools/libxen/include/xen/api/xen_acmpolicy.h
--- a/tools/libxen/include/xen/api/xen_acmpolicy.h      Fri Mar 25 09:03:17 
2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 2007, IBM Corp.
- * Copyright (c) 2007, XenSource Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
- */
-
-#ifndef XEN_ACMPOLICY_H
-#define XEN_ACMPOLICY_H
-
-#include "xen_common.h"
-#include "xen_string_string_map.h"
-#include "xen_xspolicy_decl.h"
-#include "xen_vm_decl.h"
-
-/*
- * Data structures.
- */
-
-typedef struct xen_acmpolicy_record
-{
-    xen_xspolicy handle;
-    char *uuid;
-    char *repr;
-    xs_instantiationflags flags;
-    xs_type type;
-} xen_acmpolicy_record;
-
-/**
- * Allocate a xen_acmpolicy_record.
- */
-extern xen_acmpolicy_record *
-xen_acmpolicy_record_alloc(void);
-
-/**
- * Free the given xen_xspolicy_record, and all referenced values.  The
- * given record must have been allocated by this library.
- */
-extern void
-xen_acmpolicy_record_free(xen_acmpolicy_record *record);
-
-
-/**
- * Data structures for the policy's header
- */
-typedef struct xen_acm_header
-{
-    char *policyname;
-    char *policyurl;
-    char *date;
-    char *reference;
-    char *namespaceurl;
-    char *version;
-} xen_acm_header;
-
-extern xen_acm_header *
-xen_acm_header_alloc(void);
-
-extern void
-xen_acm_header_free(xen_acm_header *hdr);
-
-/**
- * Get the referenced policy's record.
- */
-extern bool
-xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
-                         xen_xspolicy xspolicy);
-
-/**
- * Get the header of a  policy.
- */
-extern bool
-xen_acmpolicy_get_header(xen_session *session, xen_acm_header **hdr,
-                         xen_xspolicy xspolicy);
-
-
-/**
- * Get the XML representation of the policy.
- */
-extern bool
-xen_acmpolicy_get_xml(xen_session *session, char **xml,
-                      xen_xspolicy xspolicy);
-
-/**
- * Get the mapping file of the policy.
- */
-extern bool
-xen_acmpolicy_get_map(xen_session *session, char **map,
-                      xen_xspolicy xspolicy);
-
-/**
- * Get the binary representation (base64-encoded) of the policy.
- */
-extern bool
-xen_acmpolicy_get_binary(xen_session *session, char **binary,
-                         xen_xspolicy xspolicy);
-
-/**
- * Get the binary representation (base64-encoded) of the currently
- * enforced policy.
- */
-extern bool
-xen_acmpolicy_get_enforced_binary(xen_session *session, char **binary,
-                                  xen_xspolicy xspolicy);
-
-/**
- * Get the ACM ssidref of the given VM.
- */
-extern bool
-xen_acmpolicy_get_VM_ssidref(xen_session *session, int64_t *result,
-                             xen_vm vm);
-
-/**
- * Get the UUID field of the given policy.
- */
-extern bool
-xen_acmpolicy_get_uuid(xen_session *session, char **result,
-                       xen_xspolicy xspolicy);
-
-#endif
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/libxen/src/xen_acmpolicy.c
--- a/tools/libxen/src/xen_acmpolicy.c  Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 2007, IBM Corp.
- * Copyright (c) 2007, XenSource Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
- */
-
-
-#include <stddef.h>
-#include <stdlib.h>
-
-#include "xen_internal.h"
-#include "xen/api/xen_common.h"
-#include "xen/api/xen_xspolicy.h"
-#include "xen/api/xen_acmpolicy.h"
-
-
-static const struct_member xen_acmpolicy_record_struct_members[] =
-    {
-        { .key = "uuid",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acmpolicy_record, uuid) },
-        { .key = "flags",
-          .type = &abstract_type_int,
-          .offset = offsetof(xen_acmpolicy_record, flags) },
-        { .key = "repr",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acmpolicy_record, repr) },
-        { .key = "type",
-          .type = &abstract_type_int,
-          .offset = offsetof(xen_acmpolicy_record, type) },
-    };
-
-const abstract_type xen_acmpolicy_record_abstract_type_ =
-    {
-       .typename = STRUCT,
-       .struct_size = sizeof(xen_acmpolicy_record),
-       .member_count =
-          sizeof(xen_acmpolicy_record_struct_members) / sizeof(struct_member),
-       .members = xen_acmpolicy_record_struct_members
-    };
-
-
-static const struct_member xen_acm_header_struct_members[] =
-    {
-        { .key = "policyname",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, policyname) },
-        { .key = "policyurl",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, policyurl) },
-        { .key = "date",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, date) },
-        { .key = "reference",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, reference) },
-        { .key = "namespaceurl",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, namespaceurl) },
-        { .key = "version",
-          .type = &abstract_type_string,
-          .offset = offsetof(xen_acm_header, version) },
-    };
-
-const abstract_type xen_acm_header_abstract_type_ =
-    {
-        .typename = STRUCT,
-        .struct_size = sizeof(xen_acm_header),
-        .member_count =
-            sizeof(xen_acm_header_struct_members) /
-            sizeof(struct_member),
-        .members = xen_acm_header_struct_members,
-    };
-
-void
-xen_acm_header_free(xen_acm_header *shdr)
-{
-    if (shdr == NULL)
-    {
-        return;
-    }
-    free(shdr->policyname);
-    free(shdr->policyurl);
-    free(shdr->date);
-    free(shdr->reference);
-    free(shdr->namespaceurl);
-    free(shdr->version);
-    free(shdr);
-}
-
-
-void
-xen_acmpolicy_record_free(xen_acmpolicy_record *record)
-{
-    if (record == NULL)
-    {
-        return;
-    }
-    free(record->handle);
-    free(record->uuid);
-    free(record->repr);
-    free(record);
-}
-
-
-
-bool
-xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
-                         xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy }
-        };
-
-    abstract_type result_type = xen_acmpolicy_record_abstract_type_;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_record");
-
-    if (session->ok)
-    {
-       (*result)->handle = xen_strdup_((*result)->uuid);
-    }
-
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_header(xen_session *session,
-                         xen_acm_header **result,
-                         xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy },
-        };
-
-    abstract_type result_type = xen_acm_header_abstract_type_;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_header");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_xml(xen_session *session,
-                      char **result,
-                      xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy },
-        };
-
-    abstract_type result_type = abstract_type_string;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_xml");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_map(xen_session *session,
-                      char **result,
-                      xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy },
-        };
-
-    abstract_type result_type = abstract_type_string;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_map");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_binary(xen_session *session, char **result,
-                         xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy },
-        };
-
-    abstract_type result_type = abstract_type_string;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_binary");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_enforced_binary(xen_session *session, char **result,
-                                  xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy },
-        };
-
-    abstract_type result_type = abstract_type_string;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_enforced_binary");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_VM_ssidref(xen_session *session,
-                             int64_t *result, xen_vm vm)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = vm }
-        };
-
-    abstract_type result_type = abstract_type_int;
-
-    XEN_CALL_("ACMPolicy.get_VM_ssidref");
-    return session->ok;
-}
-
-
-bool
-xen_acmpolicy_get_uuid(xen_session *session, char **result,
-                       xen_xspolicy xspolicy)
-{
-    abstract_value param_values[] =
-        {
-            { .type = &abstract_type_string,
-              .u.string_val = xspolicy }
-        };
-
-    abstract_type result_type = abstract_type_string;
-
-    *result = NULL;
-    XEN_CALL_("ACMPolicy.get_uuid");
-    return session->ok;
-}
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/python/setup.py
--- a/tools/python/setup.py     Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/python/setup.py     Fri Mar 25 21:47:57 2011 +0000
@@ -43,14 +43,6 @@
                depends            = [ ],
                sources            = [ "xen/lowlevel/process/process.c" ])
 
-acm = Extension("acm",
-               extra_compile_args = extra_compile_args,
-               include_dirs       = [ PATH_XEN, PATH_LIBXC, "xen/lowlevel/acm" 
],
-               library_dirs       = [ PATH_LIBXC ],
-               libraries          = [ "xenctrl" ],
-               depends            = [ PATH_LIBXC + "/libxenctrl.so" ],
-               sources            = [ "xen/lowlevel/acm/acm.c" ])
-
 flask = Extension("flask",
                extra_compile_args = extra_compile_args,
                include_dirs       = [ PATH_XEN, PATH_LIBXC, 
"xen/lowlevel/flask",
@@ -98,7 +90,7 @@
                sources            = [ "xen/lowlevel/xl/xl.c", 
"xen/lowlevel/xl/_pyxl_types.c" ])
 
 plat = os.uname()[0]
-modules = [ xc, xs, ptsname, acm, flask, xl ]
+modules = [ xc, xs, ptsname, flask, xl ]
 if plat == 'SunOS':
     modules.extend([ scf, process ])
 if plat == 'Linux':
@@ -113,7 +105,6 @@
                          'xen.util.xsm',
                          'xen.util.xsm.dummy',
                          'xen.util.xsm.flask',
-                         'xen.util.xsm.acm',
                          'xen.xend',
                          'xen.xend.server',
                          'xen.xend.xenstore',
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/python/xen/lowlevel/acm/acm.c
--- a/tools/python/xen/lowlevel/acm/acm.c       Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,403 +0,0 @@
-/****************************************************************
- * acm.c
- *
- * Copyright (C) 2006,2007 IBM Corporation
- *
- * Authors:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- * Stefan Berger <stefanb@xxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * ACM low-level code that allows Python control code to leverage
- * the ACM hypercall interface to retrieve real-time information
- * from the Xen hypervisor security module.
- *
- * indent -i4 -kr -nut
- */
-
-#include <Python.h>
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <sys/ioctl.h>
-#include <netinet/in.h>
-#include <xenctrl.h>
-#include <xen/xsm/acm.h>
-#include <xen/xsm/acm_ops.h>
-
-#define PERROR(_m, _a...) \
-fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,    \
-    errno, strerror(errno))
-
-static PyObject *acm_error_obj;
-
-/* generic shared function */
-static void *__getssid(xc_interface *xc_handle, int domid, uint32_t *buflen, 
xc_hypercall_buffer_t *buffer)
-{
-    struct acm_getssid getssid;
-    #define SSID_BUFFER_SIZE    4096
-    void *buf;
-    DECLARE_HYPERCALL_BUFFER_ARGUMENT(buffer);
-
-    if ((buf = xc_hypercall_buffer_alloc(xc_handle, buffer, SSID_BUFFER_SIZE)) 
== NULL) {
-        PERROR("acm.policytype: Could not allocate ssid buffer!\n");
-       return NULL;
-    }
-
-    memset(buf, 0, SSID_BUFFER_SIZE);
-    set_xen_guest_handle(getssid.ssidbuf, buffer);
-    getssid.ssidbuf_size = SSID_BUFFER_SIZE;
-    getssid.get_ssid_by = ACM_GETBY_domainid;
-    getssid.id.domainid = domid;
-
-    if (xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid)) < 0) {
-        if (errno == EACCES)
-            PERROR("ACM operation failed.");
-        buf = NULL;
-    } else {
-        *buflen = SSID_BUFFER_SIZE;
-    }
-    return buf;
-}
-
-
-/* retrieve the policytype indirectly by retrieving the
- * ssidref for domain 0 (always exists) */
-static PyObject *policy(PyObject * self, PyObject * args)
-{
-    xc_interface *xc_handle;
-    char *policyreference;
-    PyObject *ret;
-    uint32_t buf_len;
-    DECLARE_HYPERCALL_BUFFER(void, ssid_buffer);
-
-    if (!PyArg_ParseTuple(args, "", NULL)) {
-        return NULL;
-    }
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0)
-        return PyErr_SetFromErrno(acm_error_obj);
-
-    ssid_buffer =  __getssid(xc_handle, 0, &buf_len, 
HYPERCALL_BUFFER(ssid_buffer));
-    if (ssid_buffer == NULL || buf_len < sizeof(struct acm_ssid_buffer))
-        ret = PyErr_SetFromErrno(acm_error_obj);
-    else {
-        struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *)ssid_buffer;
-        policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset
-                       + sizeof (struct acm_policy_reference_buffer));
-        ret = Py_BuildValue("s", policyreference);
-    }
-
-    xc_hypercall_buffer_free(xc_handle, ssid_buffer);
-    xc_interface_close(xc_handle);
-    return ret;
-}
-
-
-/* retrieve ssid info for a domain domid*/
-static PyObject *getssid(PyObject * self, PyObject * args)
-{
-    xc_interface *xc_handle;
-
-    /* in */
-    uint32_t    domid;
-    /* out */
-    char *policytype, *policyreference;
-    uint32_t    ssidref;
-    PyObject *ret;
-
-    DECLARE_HYPERCALL_BUFFER(void, ssid_buffer);
-    uint32_t buf_len;
-
-    if (!PyArg_ParseTuple(args, "i", &domid)) {
-        return NULL;
-    }
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0)
-        return PyErr_SetFromErrno(acm_error_obj);
-
-    ssid_buffer =  __getssid(xc_handle, domid, &buf_len, 
HYPERCALL_BUFFER(ssid_buffer));
-    if (ssid_buffer == NULL) {
-        ret = NULL;
-    } else if (buf_len < sizeof(struct acm_ssid_buffer)) {
-        ret = NULL;
-    } else {
-        struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *) ssid_buffer;
-        policytype = ACM_POLICY_NAME(ssid->secondary_policy_code << 4 |
-                     ssid->primary_policy_code);
-        ssidref = ssid->ssidref;
-        policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset
-                       + sizeof (struct acm_policy_reference_buffer));
-       ret = Py_BuildValue("{s:s,s:s,s:i}",
-                           "policyreference",   policyreference,
-                           "policytype",        policytype,
-                           "ssidref",           ssidref);
-    }
-    xc_hypercall_buffer_free(xc_handle, ssid_buffer);
-    xc_interface_close(xc_handle);
-    return ret;
-}
-
-
-/* retrieve access decision based on domain ids or ssidrefs */
-static PyObject *getdecision(PyObject * self, PyObject * args)
-{
-    char *arg1_name, *arg1, *arg2_name, *arg2, *decision = NULL;
-    struct acm_getdecision getdecision;
-    xc_interface *xc_handle;
-    int rc;
-    uint32_t hooktype;
-
-    if (!PyArg_ParseTuple(args, "ssssi", &arg1_name,
-                          &arg1, &arg2_name, &arg2, &hooktype)) {
-        return NULL;
-    }
-
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0) {
-        perror("Could not open xen privcmd device!\n");
-        return NULL;
-    }
-
-    if ((strcmp(arg1_name, "domid") && strcmp(arg1_name, "ssidref")) ||
-    (strcmp(arg2_name, "domid") && strcmp(arg2_name, "ssidref")))
-        return NULL;
-
-    getdecision.hook = hooktype;
-    if (!strcmp(arg1_name, "domid")) {
-        getdecision.get_decision_by1 = ACM_GETBY_domainid;
-        getdecision.id1.domainid = atoi(arg1);
-    } else {
-        getdecision.get_decision_by1 = ACM_GETBY_ssidref;
-        getdecision.id1.ssidref = atol(arg1);
-    }
-    if (!strcmp(arg2_name, "domid")) {
-        getdecision.get_decision_by2 = ACM_GETBY_domainid;
-        getdecision.id2.domainid = atoi(arg2);
-    } else {
-        getdecision.get_decision_by2 = ACM_GETBY_ssidref;
-        getdecision.id2.ssidref = atol(arg2);
-    }
-
-    rc = xc_acm_op(xc_handle, ACMOP_getdecision,
-                   &getdecision, sizeof(getdecision));
-
-    xc_interface_close(xc_handle);
-
-    if (rc < 0) {
-        if (errno == EACCES)
-            PERROR("ACM operation failed.");
-        return NULL;
-    }
-
-    if (getdecision.acm_decision == ACM_ACCESS_PERMITTED)
-        decision = "PERMITTED";
-    else if (getdecision.acm_decision == ACM_ACCESS_DENIED)
-        decision = "DENIED";
-
-    return Py_BuildValue("s", decision);
-}
-
-/* error messages for exceptions */
-const char bad_arg[] = "Bad function argument.";
-const char ctrlif_op[] = "Could not open control interface.";
-const char hv_op_err[] = "Error from hypervisor operation.";
-
-static PyObject *chgpolicy(PyObject *self, PyObject *args)
-{
-    struct acm_change_policy chgpolicy;
-    xc_interface *xc_handle;
-    int rc;
-    char *bin_pol = NULL, *del_arr = NULL, *chg_arr = NULL;
-    int bin_pol_len = 0, del_arr_len = 0, chg_arr_len = 0;
-    uint errarray_mbrs = 20 * 2;
-    PyObject *result = NULL;
-    uint len;
-    DECLARE_HYPERCALL_BUFFER(char, bin_pol_buf);
-    DECLARE_HYPERCALL_BUFFER(char, del_arr_buf);
-    DECLARE_HYPERCALL_BUFFER(char, chg_arr_buf);
-    DECLARE_HYPERCALL_BUFFER(uint32_t, error_array);
-
-    memset(&chgpolicy, 0x0, sizeof(chgpolicy));
-
-    if (!PyArg_ParseTuple(args, "s#s#s#" ,&bin_pol, &bin_pol_len,
-                                          &del_arr, &del_arr_len,
-                                          &chg_arr, &chg_arr_len)) {
-        PyErr_SetString(PyExc_TypeError, bad_arg);
-        return NULL;
-    }
-
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0) {
-        PyErr_SetString(PyExc_IOError, ctrlif_op);
-        return NULL;
-    }
-
-    if ( (bin_pol_buf = xc_hypercall_buffer_alloc(xc_handle, bin_pol_buf, 
bin_pol_len)) == NULL )
-       goto out;
-    if ( (del_arr_buf = xc_hypercall_buffer_alloc(xc_handle, del_arr_buf, 
del_arr_len)) == NULL )
-       goto out;
-    if ( (chg_arr_buf = xc_hypercall_buffer_alloc(xc_handle, chg_arr_buf, 
chg_arr_len)) == NULL )
-       goto out;
-    if ( (error_array = xc_hypercall_buffer_alloc(xc_handle, error_array, 
sizeof(*error_array)*errarray_mbrs)) == NULL )
-       goto out;
-
-    memcpy(bin_pol_buf, bin_pol, bin_pol_len);
-    memcpy(del_arr_buf, del_arr, del_arr_len);
-    memcpy(chg_arr_buf, chg_arr, chg_arr_len);
-
-    chgpolicy.policy_pushcache_size = bin_pol_len;
-    chgpolicy.delarray_size = del_arr_len;
-    chgpolicy.chgarray_size = chg_arr_len;
-    chgpolicy.errarray_size = sizeof(*error_array)*errarray_mbrs;
-    set_xen_guest_handle(chgpolicy.policy_pushcache, bin_pol_buf);
-    set_xen_guest_handle(chgpolicy.del_array, del_arr_buf);
-    set_xen_guest_handle(chgpolicy.chg_array, chg_arr_buf);
-    set_xen_guest_handle(chgpolicy.err_array, error_array);
-
-    rc = xc_acm_op(xc_handle, ACMOP_chgpolicy, &chgpolicy, sizeof(chgpolicy));
-
-    /* only pass the filled error codes */
-    for (len = 0; (len + 1) < errarray_mbrs; len += 2) {
-        if (error_array[len] == 0) {
-            len *= sizeof(error_array[0]);
-            break;
-        }
-    }
-
-    result = Py_BuildValue("is#", rc, error_array, len);
-
-out:
-    xc_hypercall_buffer_free(xc_handle, bin_pol_buf);
-    xc_hypercall_buffer_free(xc_handle, del_arr_buf);
-    xc_hypercall_buffer_free(xc_handle, chg_arr_buf);
-    xc_hypercall_buffer_free(xc_handle, error_array);
-    xc_interface_close(xc_handle);
-    return result;
-}
-
-
-static PyObject *getpolicy(PyObject *self, PyObject *args)
-{
-    struct acm_getpolicy getpolicy;
-    xc_interface *xc_handle;
-    int rc;
-    PyObject *result = NULL;
-    uint32_t len = 8192;
-    DECLARE_HYPERCALL_BUFFER(uint8_t, pull_buffer);
-
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0) {
-        PyErr_SetString(PyExc_IOError, ctrlif_op);
-        return NULL;
-    }
-
-    if ((pull_buffer = xc_hypercall_buffer_alloc(xc_handle, pull_buffer, len)) 
== NULL)
-       goto out;
-
-    memset(&getpolicy, 0x0, sizeof(getpolicy));
-    set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
-    getpolicy.pullcache_size = sizeof(pull_buffer);
-
-    rc = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy));
-
-    if (rc == 0) {
-        struct acm_policy_buffer *header =
-                       (struct acm_policy_buffer *)pull_buffer;
-        if (ntohl(header->len) < 8192)
-            len = ntohl(header->len);
-    } else {
-        len = 0;
-    }
-
-    result = Py_BuildValue("is#", rc, pull_buffer, len);
-out:
-    xc_hypercall_buffer_free(xc_handle, pull_buffer);
-    xc_interface_close(xc_handle);
-    return result;
-}
-
-
-static PyObject *relabel_domains(PyObject *self, PyObject *args)
-{
-    struct acm_relabel_doms reldoms;
-    xc_interface *xc_handle;
-    int rc;
-    char *relabel_rules = NULL;
-    int rel_rules_len = 0;
-    uint errarray_mbrs = 20 * 2;
-    DECLARE_HYPERCALL_BUFFER(uint32_t, error_array);
-    DECLARE_HYPERCALL_BUFFER(char, relabel_rules_buf);
-    PyObject *result = NULL;
-    uint len;
-
-    memset(&reldoms, 0x0, sizeof(reldoms));
-
-    if (!PyArg_ParseTuple(args, "s#" ,&relabel_rules, &rel_rules_len)) {
-        PyErr_SetString(PyExc_TypeError, bad_arg);
-        return NULL;
-    }
-
-    if ((xc_handle = xc_interface_open(0,0,0)) == 0) {
-        PyErr_SetString(PyExc_IOError, ctrlif_op);
-        return NULL;
-    }
-
-    if ((relabel_rules_buf = xc_hypercall_buffer_alloc(xc_handle, 
relabel_rules_buf, rel_rules_len)) == NULL)
-       goto out;
-    if ((error_array = xc_hypercall_buffer_alloc(xc_handle, error_array, 
sizeof(*error_array)*errarray_mbrs)) == NULL)
-       goto out;
-
-    memcpy(relabel_rules_buf, relabel_rules, rel_rules_len);
-
-    reldoms.relabel_map_size = rel_rules_len;
-    reldoms.errarray_size = sizeof(error_array);
-
-    set_xen_guest_handle(reldoms.relabel_map, relabel_rules_buf);
-    set_xen_guest_handle(reldoms.err_array, error_array);
-
-    rc = xc_acm_op(xc_handle, ACMOP_relabeldoms, &reldoms, sizeof(reldoms));
-
-    /* only pass the filled error codes */
-    for (len = 0; (len + 1) < errarray_mbrs; len += 2) {
-        if (error_array[len] == 0) {
-            len *= sizeof(error_array[0]);
-            break;
-        }
-    }
-
-    result = Py_BuildValue("is#", rc, error_array, len);
-out:
-    xc_hypercall_buffer_free(xc_handle, relabel_rules_buf);
-    xc_hypercall_buffer_free(xc_handle, error_array);
-    xc_interface_close(xc_handle);
-
-    return result;
-}
-
-
-/*=================General Python Extension Declarations=================*/
-
-/* methods */
-static PyMethodDef acmMethods[] = {
-    {"policy",      policy,      METH_VARARGS, "Retrieve Active ACM Policy 
Reference Name"},
-    {"getssid",     getssid,     METH_VARARGS, "Retrieve label information and 
ssidref for a domain"},
-    {"getdecision", getdecision, METH_VARARGS, "Retrieve ACM access control 
decision"},
-    {"chgpolicy",   chgpolicy,   METH_VARARGS, "Change the policy in one 
step"},
-    {"getpolicy",   getpolicy,   METH_NOARGS , "Get the binary policy from the 
hypervisor"},
-    {"relabel_domains", relabel_domains, METH_VARARGS, "Relabel domains"},
-    /* end of list (extend list above this line) */
-    {NULL, NULL, 0, NULL}
-};
-
-/* inits */
-PyMODINIT_FUNC initacm(void)
-{
-    PyObject *m = Py_InitModule("acm", acmMethods);
-    acm_error_obj = PyErr_NewException("acm.Error", PyExc_RuntimeError, NULL);
-    Py_INCREF(acm_error_obj);
-    PyModule_AddObject(m, "Error", acm_error_obj);
-}
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/python/xen/xm/messages/xen-xm.pot
--- a/tools/python/xen/xm/messages/xen-xm.pot   Fri Mar 25 09:03:17 2011 +0000
+++ b/tools/python/xen/xm/messages/xen-xm.pot   Fri Mar 25 21:47:57 2011 +0000
@@ -8,10 +8,11 @@
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2008-03-31 17:40+0100\n"
+"POT-Creation-Date: 2011-03-25 21:46+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@xxxxxx>\n"
+"Language: \n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/security/Makefile
--- a/tools/security/Makefile   Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-XEN_ROOT = $(CURDIR)/../..
-include $(XEN_ROOT)/tools/Rules.mk
-
-CFLAGS   += -Werror
-CFLAGS   += -fno-strict-aliasing
-CFLAGS   += $(CFLAGS_libxenctrl)
-
-CPPFLAGS += -MMD -MF .$*.d
-PROG_DEPS = .*.d
-
-XML2VERSION = $(shell xml2-config --version )
-CFLAGS     += $(shell xml2-config --cflags )
-CFLAGS     += $(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else 
echo "-DVALIDATE_SCHEMA"; fi )
-LDFLAGS    += $(shell xml2-config --libs ) # if this does not work, try 
-L/usr/lib -lxml2 -lz -lpthread -lm
-
-SRCS_TOOL     = secpol_tool.c
-OBJS_TOOL    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_TOOL)))
-
-ACM_INST_TOOLS    = xensec_tool xensec_gen
-ACM_EZPOLICY      = xensec_ezpolicy
-ACM_OBJS          = $(OBJS_TOOL) $(OBJS_GETD)
-ACM_SCRIPTS       = python/xensec_tools/acm_getlabel
-
-ACM_CONFIG_DIR    = $(XEN_CONFIG_DIR)/acm-security
-ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
-ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
-
-ACM_INST_HTML     = python/xensec_gen/index.html
-ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi
-ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
-ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
-
-ACM_SCHEMA        = security_policy.xsd
-ACM_EXAMPLES      = client_v1 test
-ACM_DEF_POLICIES  =
-ACM_POLICY_SUFFIX = security_policy.xml
-
-ifeq ($(ACM_SECURITY),y)
-.PHONY: all
-all: build
-
-.PHONY: install
-install: all $(ACM_CONFIG_FILE)
-       $(INSTALL_DIR) $(DESTDIR)$(SBINDIR)
-       $(INSTALL_PROG) $(ACM_INST_TOOLS) $(DESTDIR)$(SBINDIR)
-       $(INSTALL_PROG) $(ACM_EZPOLICY) $(DESTDIR)$(SBINDIR)
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_CONFIG_DIR)
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR)
-       $(INSTALL_DATA) policies/$(ACM_SCHEMA) $(DESTDIR)$(ACM_POLICY_DIR)
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_POLICY_DIR)/example
-       set -e; for i in $(ACM_EXAMPLES); do \
-               $(INSTALL_DATA) policies/example/$$i-$(ACM_POLICY_SUFFIX) 
$(DESTDIR)$(ACM_POLICY_DIR)/example/; \
-       done
-       set -e; for i in $(ACM_DEF_POLICIES); do \
-               $(INSTALL_DATA) policies/$$i-$(ACM_POLICY_SUFFIX) 
$(DESTDIR)$(ACM_POLICY_DIR); \
-       done
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_SCRIPT_DIR)
-       $(INSTALL_PROG) $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
-       $(INSTALL_DATA) $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
-       $(INSTALL_DIR) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
-       $(INSTALL_PROG) $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
-       $(PYTHON) python/setup.py install $(PYTHON_PREFIX_ARG) \
-               --root="$(DESTDIR)" --force
-else
-.PHONY: all
-all:
-
-.PHONY: install
-install:
-endif
-
-.PHONY: build
-build: $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
-       $(PYTHON) python/setup.py build
-       chmod 700 $(ACM_SCRIPTS)
-
-xensec_tool: $(OBJS_TOOL)
-       $(CC) -g $(CFLAGS) $(LDFLAGS) -O0 -o $@ $^ $(LDLIBS_libxenctrl)
-
-xensec_gen: xensec_gen.py
-       cp -f $^ $@
-
-.PHONY: clean
-clean:
-       $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
-       $(RM) $(ACM_OBJS)
-       $(RM) $(PROG_DEPS)
-       $(RM) -r build
-
-.PHONY: mrproper
-mrproper: clean
-
--include $(PROG_DEPS)
diff -r a65612bcbb92 -r 2aeebd5cbbad 
tools/security/policies/example/client_v1-security_policy.xml
--- a/tools/security/policies/example/client_v1-security_policy.xml     Fri Mar 
25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,195 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
-<!--             This file defines the security policies, which     -->
-<!--             can be enforced by the Xen Access Control Module.  -->
-<!--             Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
-       <PolicyHeader>
-               <PolicyName>example.client_v1</PolicyName>
-               <PolicyUrl>www.ibm.com/example/client_v1</PolicyUrl>
-               <Date>2006-03-31</Date>
-               <Version>1.0</Version>
-       </PolicyHeader>
-       <!--                                                        -->
-       <!-- example of a simple type enforcement policy definition -->
-       <!--                                                        -->
-       <SimpleTypeEnforcement>
-               <SimpleTypeEnforcementTypes>
-                       <Type>ste_SystemManagement</Type><!-- machine/security 
management -->
-                       <Type>ste_PersonalFinances</Type><!-- personal finances 
-->
-                       <Type>ste_InternetInsecure</Type><!-- games, active X, 
etc. -->
-                       <Type>ste_DonatedCycles</Type><!-- donation to 
BOINC/seti@home -->
-                       <Type>ste_PersistentStorageA</Type><!-- domain managing 
the harddrive A-->
-                       <Type>ste_NetworkAdapter0</Type><!-- type of the domain 
managing ethernet adapter 0-->
-               </SimpleTypeEnforcementTypes>
-       </SimpleTypeEnforcement>
-       <!--                                             -->
-       <!-- example of a chinese wall type definition   -->
-       <!-- along with its conflict sets                -->
-       <!-- (typse in a confict set are exclusive, i.e. -->
-       <!--  once a Domain with one type of a set is    -->
-       <!--  running, no other Domain with another type -->
-       <!--  of the same conflict set can start.)       -->
-       <ChineseWall priority="PrimaryPolicyComponent">
-               <ChineseWallTypes>
-                       <Type>cw_SystemManagement</Type>
-                       <Type>cw_Sensitive</Type>
-                       <Type>cw_Isolated</Type>
-                       <Type>cw_Distrusted</Type>
-               </ChineseWallTypes>
-
-               <ConflictSets>
-                       <Conflict name="Protection1">
-                               <Type>cw_Sensitive</Type>
-                               <Type>cw_Distrusted</Type>
-                       </Conflict>
-               </ConflictSets>
-       </ChineseWall>
-       <SecurityLabelTemplate>
-               <SubjectLabels bootstrap="SystemManagement">
-                       <!-- single ste typed domains            -->
-                       <!-- ACM enforces that only domains with -->
-                       <!-- the same type can share information -->
-                       <!--                                     -->
-                       <!-- Bootstrap label is assigned to Dom0 -->
-                       <VirtualMachineLabel>
-                               <Name>dom_HomeBanking</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_PersonalFinances</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_Sensitive</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-
-                       <VirtualMachineLabel>
-                               <Name>dom_Fun</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_InternetInsecure</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_Distrusted</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-
-                       <VirtualMachineLabel>
-                               <!-- donating some cycles to seti@home -->
-                               <Name>dom_BoincClient</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_DonatedCycles</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_Isolated</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-
-                       <!-- Domains with multiple ste types services; such 
domains   -->
-                       <!-- must keep the types inside their domain safely 
confined. -->
-                       <VirtualMachineLabel>
-                               <Name>SystemManagement</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <!-- since dom0 needs access to every 
domain and -->
-                                       <!-- resource right now ... -->
-                                       <Type>ste_SystemManagement</Type>
-                                       <Type>ste_PersonalFinances</Type>
-                                       <Type>ste_InternetInsecure</Type>
-                                       <Type>ste_DonatedCycles</Type>
-                                       <Type>ste_PersistentStorageA</Type>
-                                       <Type>ste_NetworkAdapter0</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_SystemManagement</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-
-                       <VirtualMachineLabel>
-                               <!-- serves persistent storage to other domains 
-->
-                               <Name>dom_StorageDomain</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <!-- access right to the resource (hard 
drive a) -->
-                                       <Type>ste_PersistentStorageA</Type>
-                                       <!-- can serve following types -->
-                                       <Type>ste_PersonalFinances</Type>
-                                       <Type>ste_InternetInsecure</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_SystemManagement</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-
-                       <VirtualMachineLabel>
-                               <!-- serves network access to other domains -->
-                               <Name>dom_NetworkDomain</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <!-- access right to the resource 
(ethernet card) -->
-                                       <Type>ste_NetworkAdapter0</Type>
-                                       <!-- can serve following types -->
-                                       <Type>ste_PersonalFinances</Type>
-                                       <Type>ste_InternetInsecure</Type>
-                                       <Type>ste_DonatedCycles</Type>
-                               </SimpleTypeEnforcementTypes>
-
-                               <ChineseWallTypes>
-                                       <Type>cw_SystemManagement</Type>
-                               </ChineseWallTypes>
-                       </VirtualMachineLabel>
-               </SubjectLabels>
-
-               <ObjectLabels>
-                       <ResourceLabel>
-                               <Name>res_ManagementResource</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_SystemManagement</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_HardDrive(hda)</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_PersistentStorageA</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_LogicalDiskPartition1(hda1)</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_PersonalFinances</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_LogicalDiskPartition2(hda2)</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_InternetInsecure</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_EthernetCard</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_NetworkAdapter0</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_SecurityToken</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_PersonalFinances</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-
-                       <ResourceLabel>
-                               <Name>res_GraphicsAdapter</Name>
-                               <SimpleTypeEnforcementTypes>
-                                       <Type>ste_SystemManagement</Type>
-                               </SimpleTypeEnforcementTypes>
-                       </ResourceLabel>
-               </ObjectLabels>
-       </SecurityLabelTemplate>
-</SecurityPolicyDefinition>
-
diff -r a65612bcbb92 -r 2aeebd5cbbad 
tools/security/policies/example/test-security_policy.xml
--- a/tools/security/policies/example/test-security_policy.xml  Fri Mar 25 
09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,97 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Auto-generated by ezPolicy        -->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd ">
-    <PolicyHeader>
-        <PolicyName>example.test</PolicyName>
-        <Date>Mon Apr 16 13:13:59 2007</Date>
-        <Version>1.0</Version>
-    </PolicyHeader>
-
-    <SimpleTypeEnforcement>
-        <SimpleTypeEnforcementTypes>
-            <Type>SystemManagement</Type>
-            <Type>PepsiCo</Type>
-            <Type>CocaCola</Type>
-        </SimpleTypeEnforcementTypes>
-    </SimpleTypeEnforcement>
-
-    <ChineseWall priority="PrimaryPolicyComponent">
-        <ChineseWallTypes>
-            <Type>SystemManagement</Type>
-            <Type>PepsiCo</Type>
-            <Type>CocaCola</Type>
-            <Type>VIOServer</Type>
-        </ChineseWallTypes>
-
-    </ChineseWall>
-
-    <SecurityLabelTemplate>
-        <SubjectLabels bootstrap="SystemManagement">
-            <VirtualMachineLabel>
-                <Name>SystemManagement</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>SystemManagement</Type>
-                    <Type>PepsiCo</Type>
-                    <Type>CocaCola</Type>
-                </SimpleTypeEnforcementTypes>
-                <ChineseWallTypes>
-                    <Type>SystemManagement</Type>
-                </ChineseWallTypes>
-            </VirtualMachineLabel>
-
-            <VirtualMachineLabel>
-                <Name>PepsiCo</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>PepsiCo</Type>
-                </SimpleTypeEnforcementTypes>
-                <ChineseWallTypes>
-                    <Type>PepsiCo</Type>
-                </ChineseWallTypes>
-            </VirtualMachineLabel>
-
-            <VirtualMachineLabel>
-                <Name>CocaCola</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>CocaCola</Type>
-                </SimpleTypeEnforcementTypes>
-                <ChineseWallTypes>
-                    <Type>CocaCola</Type>
-                </ChineseWallTypes>
-            </VirtualMachineLabel>
-
-            <VirtualMachineLabel>
-                <Name>VIO</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>CocaCola</Type>
-                    <Type>PepsiCo</Type>
-                </SimpleTypeEnforcementTypes>
-                <ChineseWallTypes>
-                    <Type>VIOServer</Type>
-                </ChineseWallTypes>
-            </VirtualMachineLabel>
-        </SubjectLabels>
-
-        <ObjectLabels>
-            <ResourceLabel>
-                <Name>SystemManagement</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>SystemManagement</Type>
-                </SimpleTypeEnforcementTypes>
-            </ResourceLabel>
-
-            <ResourceLabel>
-                <Name>PepsiCo</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>PepsiCo</Type>
-                </SimpleTypeEnforcementTypes>
-            </ResourceLabel>
-
-            <ResourceLabel>
-                <Name>CocaCola</Name>
-                <SimpleTypeEnforcementTypes>
-                    <Type>CocaCola</Type>
-                </SimpleTypeEnforcementTypes>
-            </ResourceLabel>
-        </ObjectLabels>
-    </SecurityLabelTemplate>
-</SecurityPolicyDefinition>
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/security/policies/security_policy.xsd
--- a/tools/security/policies/security_policy.xsd       Fri Mar 25 09:03:17 
2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,146 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
-<!--         This file defines the schema, which is used to define -->
-<!--         the security policy and the security labels in Xen.    -->
-
-<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
targetNamespace="http://www.ibm.com"; xmlns="http://www.ibm.com"; 
elementFormDefault="qualified">
-       <xsd:element name="SecurityPolicyDefinition">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element ref="PolicyHeader" minOccurs="1" 
maxOccurs="1"></xsd:element>
-                               <xsd:element ref="SimpleTypeEnforcement" 
minOccurs="0" maxOccurs="1"></xsd:element>
-                               <xsd:element ref="ChineseWall" minOccurs="0" 
maxOccurs="1"></xsd:element>
-                               <xsd:element ref="SecurityLabelTemplate" 
minOccurs="1" maxOccurs="1"></xsd:element>
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="PolicyHeader">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element name="PolicyName" minOccurs="1" 
maxOccurs="1" type="xsd:string"></xsd:element>
-                               <xsd:element name="PolicyUrl" minOccurs="0" 
maxOccurs="1" type="xsd:string"></xsd:element>
-                               <xsd:element name="Reference" type="xsd:string" 
minOccurs="0" maxOccurs="1" />
-                               <xsd:element name="Date" minOccurs="0" 
maxOccurs="1" type="xsd:string"></xsd:element>
-                               <xsd:element name="NameSpaceUrl" minOccurs="0" 
maxOccurs="1" type="xsd:string"></xsd:element>
-                               <xsd:element name="Version" minOccurs="1" 
maxOccurs="1" type="VersionFormat"/>
-                               <xsd:element ref="FromPolicy" minOccurs="0" 
maxOccurs="1"/>
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="ChineseWall">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element ref="ChineseWallTypes" 
minOccurs="1" maxOccurs="1" />
-                               <xsd:element ref="ConflictSets" minOccurs="0" 
maxOccurs="1" />
-                       </xsd:sequence>
-                       <xsd:attribute name="priority" type="PolicyOrder" 
use="optional"></xsd:attribute>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="SimpleTypeEnforcement">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element ref="SimpleTypeEnforcementTypes" />
-                       </xsd:sequence>
-                       <xsd:attribute name="priority" type="PolicyOrder" 
use="optional"></xsd:attribute>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="SecurityLabelTemplate">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element name="SubjectLabels" minOccurs="0" 
maxOccurs="1">
-                                       <xsd:complexType>
-                                               <xsd:sequence>
-                                                       <xsd:element 
ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
-                                               </xsd:sequence>
-                                               <xsd:attribute name="bootstrap" 
type="xsd:string" use="required"></xsd:attribute>
-                                       </xsd:complexType>
-                               </xsd:element>
-                               <xsd:element name="ObjectLabels" minOccurs="0" 
maxOccurs="1">
-                                       <xsd:complexType>
-                                               <xsd:sequence>
-                                                       <xsd:element 
ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
-                                               </xsd:sequence>
-                                       </xsd:complexType>
-                               </xsd:element>
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="ChineseWallTypes">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="ConflictSets">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Conflict" />
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="SimpleTypeEnforcementTypes">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="Conflict">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
-                       </xsd:sequence>
-                       <xsd:attribute name="name" type="xsd:string" 
use="required"></xsd:attribute>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="VirtualMachineLabel">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element name="Name" 
type="NameWithFrom"></xsd:element>
-                               <xsd:element ref="SimpleTypeEnforcementTypes" 
minOccurs="0" maxOccurs="unbounded" />
-                               <xsd:element ref="ChineseWallTypes" 
minOccurs="0" maxOccurs="unbounded" />
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="ResourceLabel">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element name="Name" 
type="NameWithFrom"></xsd:element>
-                               <xsd:element name="SimpleTypeEnforcementTypes" 
type="SingleSimpleTypeEnforcementType" />
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:element name="Name" type="xsd:string" />
-       <xsd:element name="Type" type="xsd:string" />
-       <xsd:simpleType name="PolicyOrder">
-               <xsd:restriction base="xsd:string">
-                       <xsd:enumeration 
value="PrimaryPolicyComponent"></xsd:enumeration>
-               </xsd:restriction>
-       </xsd:simpleType>
-       <xsd:element name="FromPolicy">
-               <xsd:complexType>
-                       <xsd:sequence>
-                               <xsd:element name="PolicyName" minOccurs="1" 
maxOccurs="1" type="xsd:string"/>
-                               <xsd:element name="Version" minOccurs="1" 
maxOccurs="1" type="VersionFormat"/>
-                       </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-       <xsd:simpleType name="VersionFormat">
-               <xsd:restriction base="xsd:string">
-                       <xsd:pattern 
value="[0-9]{1,8}.[0-9]{1,8}"></xsd:pattern>
-               </xsd:restriction>
-       </xsd:simpleType>
-       <xsd:complexType name="NameWithFrom">
-               <xsd:simpleContent>
-                       <xsd:extension base="xsd:string">
-                               <xsd:attribute name="from" type="xsd:string" 
use="optional"></xsd:attribute>
-                       </xsd:extension>
-               </xsd:simpleContent>
-       </xsd:complexType>
-       <xsd:complexType name="SingleSimpleTypeEnforcementType">
-               <xsd:sequence>
-                       <xsd:element maxOccurs="1" minOccurs="1" ref="Type" />
-               </xsd:sequence>
-       </xsd:complexType>
-</xsd:schema>
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/security/policy.txt
--- a/tools/security/policy.txt Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,296 +0,0 @@
-##
-# policy.txt <description to the sHype/Xen access control architecture>
-#
-# Author:
-# Reiner Sailer 08/30/2006 <sailer@xxxxxxxxxxxxxx>
-#
-#
-# This file gives an overview of the example security policies.
-##
-
-Example of a Chinese Wall Policy Instantiation
-----------------------------------------------
-
-The file client_v1-security_policy.xml defines the Chinese Wall types
-as well as the conflict sets for our example policy (you find it in
-the directory "policy_root"/example/chwall).
-
-It defines four Chinese Wall types (prefixed with cw_) with the
-following meaning:
-
-* cw_SystemsManagement is a type identifying workloads for systems
-management, e.g., domain management, device management, or hypervisor
-management.
-
-* cw_Sensitive is identifying workloads that are critical to the user
-for one reason or another.
-
-* cw_Distrusted is identifying workloads a user does not have much
-confidence in. E.g. a domain used for surfing in the internet without
-protection( i.e., active-X, java, java-script, executing web content)
-or for (Internet) Games should be typed this way.
-
-* cw_Isolated is identifying workloads that are supposedly isolated by
-use of the type enforcement policy (described below). For example, if
-a user wants to donate cycles to seti@home, she can setup a separate
-domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
-this domain from accessing the hard drive and from communicating to
-other local domains, and type it as cw_Isolated. We will look at a
-specific example later.
-
-The example policy uses the defined types to define one conflict set:
-Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
-the hypervisor that once a domain typed as cw_Sensitive is running, a
-domain typed as cw_Distrusted cannot run concurrently (and the other
-way round). With this policy, a domain typed as cw_Isolated is allowed
-to run simultaneously with domains tagged as cw_Sensitive.
-
-Consequently, the access control module in the Xen hypervisor
-distinguishes in this example policy 4 different workload types in
-this example policy. It is the user's responsibility to type the
-domains in a way that reflects the workloads of these domains and, in
-the case of cw_Isolated, its properties, e.g. by configuring the
-sharing capabilities of the domain accordingly by using the simple
-type enforcement policy.
-
-Users can define their own or change the existing example policy
-according to their working environment and security requirements. To
-do so, replace the file chwall-security_policy.xml with the new
-policy.
-
-
-SIMPLE TYPE ENFORCEMENT
-=======================
-
-The file client_v1-security_policy.xml defines the simple type
-enforcement types for our example policy (you find it in the directory
-"policy_root"/example/ste). The Simple Type Enforcement policy defines
-which domains can share information with which other domains. To this
-end, it controls
-
-i) inter-domain communication channels (e.g., network traffic, events,
-and shared memory).
-
-ii) access of domains to physical resources (e.g., hard drive, network
-cards, graphics adapter, keyboard).
-
-In order to enable the hypervisor to distinguish different domains and
-the user to express access rules, the simple type enforcement defines
-a set of types (ste_types).
-
-The policy defines that communication between domains is allowed if
-the domains share a common STE type. As with the chwall types, STE
-types should enable the differentiation of workloads. The simple type
-enforcement access control implementation in the hypervisor enforces
-that domains can only communicate (setup event channels, grant tables)
-if they share a common type, i.e., both domains have assigned at least
-on type in common. A domain can access a resource, if the domain and
-the resource share a common type. Hence, assigning STE types to
-domains and resources allows users to define constraints on sharing
-between domains and to keep sensitive data confined from distrusted
-domains.
-
-Domain <--> Domain Sharing
-''''''''''''''''''''''''''
-(implemented but its effective use requires factorization of Dom0)
-
-a) Domains with a single STE type (general user domains): Sharing
-between such domains is enforced entirely by the hypervisor access
-control. It is independent of the domains and does not require their
-co-operation.
-
-b) Domains with multiple STE types: One example is a domain that
-virtualizes a physical resource (e.g., hard drive) and serves it as
-multiple virtual resources (virtual block drives) to other domains of
-different types. The idea is that only a specific device domain has
-assigned the type required to access the physical hard-drive. Logical
-drives are then assigned the types of domains that have access to this
-logical drive. Since the Xen hypervisor cannot distinguish between the
-logical drives, the access control (type enforcement) is delegated to
-the device domain, which has access to the types of domains requesting
-to mount a logical drive as well as the types assigned to the
-different available logical drives.
-
-Currently in Xen, Dom0 controls all hardware, needs to communicate
-with all domains during their setup, and intercepts all communication
-between domains. Consequently, Dom0 needs to be assigned all types
-used and must be completely trusted to maintain the separation of
-information coming from domains with different STE types. Thus a
-refactoring of Dom0 is recommended for stronger confinement
-guarantees.
-
-Domain --> RESOURCES Access
-'''''''''''''''''''''''''''
-
-We define for each resource that we want to distinguish a separate STE
-type. Each STE type is assigned to the respective resource and to
-those domains that are allowed to access this resource. Type
-enforcement will guarantee that other domains cannot access this
-resource since they don't share the resource's STE type.
-
-Since in the current implementation of Xen, Dom0 controls access to
-all hardware (e.g., disk drives, network), Domain-->Resource access
-control enforcement must be implemented in Dom0. This is possible
-since Dom0 has access to both the domain configuration (including the
-domain STE types) and the resource configuration (including the
-resource STE types).
-
-For purposes of gaining higher assurance in the resulting system, it
-may be desirable to reduce the size of dom0 by adding one or more
-"device domains" (DDs). These DDs, e.g. providing storage or network
-access, can support one or more physical devices, and manage
-enforcement of MAC policy relevant for said devices. Security benefits
-come from the smaller size of these DDs, as they can be more easily
-audited than monolithic device driver domains. DDs can help to obtain
-maximum security benefit from sHype.
-
-
-Example of a Simple Type Enforcement Policy Instantiation
----------------------------------------------------------
-The example policies define the following types:
-
-* ste_SystemManagement identifies workloads (and domains that runs
-them) that must share information to accomplish the management of the
-system
-
-* ste_PersonalFinances identifies workloads that are related to
-sensitive programs such as HomeBanking applications or safely
-configured web browsers for InternetBanking
-
-* ste_InternetInsecure identifies workloads that are very
-function-rich and unrestricted to offer for example an environment
-where internet games can run efficiently
-
-* ste_DonatedCycles identifies workloads that run on behalf of others,
-e.g. a Boinc client
-
-* ste_PersistentStorage identifies workloads that have direct access
-to persistent storage (e.g., hard drive)
-
-* ste_NetworkAccess identifies workload that have direct access to
-network cards and related networks
-
-
-
-SECURITY LABEL TEMPLATES
-========================
-
-We introduce security label templates because it is difficult for
-users to ensure tagging of domains consistently and since there are
---as we have seen in the case of isolation-- useful dependencies
-between the policies. Security Label Templates define type sets that
-can be addressed by more user-friendly label names,
-e.g. dom_Homebanking describes a typical typeset tagged to domains
-used for sensitive Homebanking work-loads. Labels are defined in the
-file
-
-Using Security Label Templates has multiple advantages:
-a) easy reference of typical sets of type assignments
-b) consistent interpretation of type combinations
-c) meaningful application-level label names
-
-The definition of label templates depends on the combination of
-policies that are used. We will describe some of the labels defined
-for the Chinese Wall and Simple Type Enforcement combination.
-
-In the BoincClient example, the label_template file specifies that
-this Label is assigned the Chinese Wall type cw_Isolated. We do this
-assuming that this BoincClient is isolated against the rest of the
-system infrastructure (no persistent memory, no sharing with local
-domains). Since cw_Isolated is not included in any conflict set, it
-can run at any time concurrently with any other domain. The
-ste_DonatedCycles type assigned to the BoincClient reflect the
-isolation assumption: it is only assigned to the dom_NetworkDomain
-giving the BoincClient domain access to the network to communicate
-with its BoincServer.
-
-The strategy for combining types into Labels is the following: First
-we define a label for each type of general user domain
-(workload-oriented). Then we define a new label for each physical
-resource that shall be shared using a DD domain (e.g., disk) and for
-each logical resource offered through this physical resource (logical
-disk partition). We define then device domain labels (here:
-dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
-include the types of the physical resources (e.g. hda) their domains
-need to connect to. Such physical resources can only be accessed
-directly by device domains types with the respective device's STE
-type. Additionally we assign to such a device domain Label the STE
-types of those user domains that are allowed to access one of the
-logical resources (e.g., hda1, hda2) built on top of this physical
-resource through the device domain.
-
-
-Label Construction Example:
----------------------------
-
-We define here a storage domain label for a domain that owns a real
-disk drive and creates the logical disk partitions hda1 and hda2 which
-it serves to domains labeled dom_HomeBanking and dom_Fun
-respectively. The labels we refer to are defined in the label template
-file policies/chwall_ste/chwall_ste-security-label-template.xml.
-
-step1: To distinguish different shared disk drives, we create a
-separate Label and STE type for each of them. Here: we create a type
-ste_PersistentStorageA for disk drive hda. If you have another disk
-drive, you may define another persistent storage type
-ste_PersistentStorageB in the chwall_ste-security_policy.xml.
-
-step2: To distinguish different domains, we create multiple domain
-labels including different types. Here: label dom_HomeBanking includes
-STE type ste_PersonalFinances, label dom_Fun includes STE type
-ste_InternetInsecure.
-
-step3: The storage domain in charge of the hard drive A needs access
-to this hard drive. Therefore the storage domain label
-dom_StorageDomain must include the type assigned to the hard drive
-(ste_PersistentStorageA).
-
-step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
-and hda2 to domains labeled dom_Fun, the storage domain label must
-include the types of those domains as well (ste_PersonalFinance,
-ste_InternetInsecure).
-
-step5: In order to keep the data for different types safely apart, the
-different logical disk partitions must be assigned unique labels and
-types, which are used inside the storage domain to extend the ACM
-access enforcement to logical resources served from inside the storage
-domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
-it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
-hda2. These labels must include the STE types of those domains that
-are allowed to use them (e.g., ste_PersonalFinances for hda1).
-
-The overall mandatory access control is then enforced in 3 different
-Xen components and these components use a single consistent policy to
-co-operatively enforce the policy. In the storage domain example, we
-have three components that co-operate:
-
-1. The ACM module inside the hypervisor enforces: communication
-between user domains and the storage domain (only domains including
-types ste_PersonalFinances or ste_InternetInsecure can communicate
-with the storage domain and request access to logical resource). This
-confines the sharing to the types assigned to the storage domain.
-
-2. The domain management enforces: assignment of real resources (hda)
-to domains (storage domain) that share a type with the resource.
-
-3. If the storage domain serves multiple STE types (as in our
-example), it enforces: that domains can access (mount) logical
-resources only if they share an STE type with the respective
-resource. In our example, domains with the STE type
-ste_PersonalFinances can request access (mount) to logical resource
-hda1 from the storage domain.
-
-If you look at the virtual machine label dom_StorageDomain, you will
-see the minimal set of types assigned to our domain manageing disk
-drive hda for serving logical disk partitions exclusively to
-dom_HomeBanking and dom_Fun.
-
-Similary, network domains can confine access to the network or network
-communication between user domains.
-
-As a result, device domains (e.g., storage domain, network domain)
-must be simple and small to ensure their correct co-operation in the
-type enforcement model. If such trust is not possible, then hardware
-should be assigned exclusively to a single type (or to a single
-partition) in which case the hypervisor ACM enforcement enforces the
-types independently.
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/security/policytools.txt
--- a/tools/security/policytools.txt    Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,148 +0,0 @@
-##
-# policytools.txt
-#      <description to the sHype/Xen policy management tools>
-#
-# Author:
-# Reiner Sailer 08/31/2006 <sailer@xxxxxxxxxxxxxx>
-#
-#
-##
-
-This file describes the Xen-tools to create and maintain security
-policies for the sHype/Xen access control module.
-
-A security policy (e.g. "example.chwall_ste.test") is defined in
-XML. Read in the user manual about the naming of policies. The policy
-name is used by the Xen management tools to identify existing
-policies. Creating the security policy means creating a policy
-description in XML:
-/etc/xen/acm-security/policies/example/chwall_ste/test-security_policy.xml.
-
-The policy XML description must follow the XML schema definition in
-/etc/xen/acm-security/policies/security_policy.xsd. The policy tools
-are written against this schema; they will create and refine policies
-that conform to this scheme.
-
-Two tools are provided to help creating security policies:
-
-
-1. xensec_ezpolicy: The starting point for writing security policies.
-===================
-
-This wxPython-based GUI tool is meant to create very quickly a
-starting point for a workload protection security policy. Please start
-the tool (xensec_ezpolicy) and press <CTRL-h> for usage explanations.
-The Xen User guide explains its usage at an example in chapter
-"sHype/Xen Access Control".
-
-The output of the tool is a security policy that is fully operable. It
-is sufficient to create policies that demonstrate how sHype/ACM works.
-
-However, it defines only a basic set of security labels assuming that
-Domain0 hosts and virtualizes all hardware (storage etc.). Use
-xensec_gen to refine this policy and tailor it to your requirements.
-
-
-2. xensec_gen: The tool to refine a basic security policy:
-==============
-
-The xensec_gen utility starts a web-server that can be used to
-generate the XML policy files needed to create or maintain a
-policy. It can be pre-loaded with a policy file created by
-xensec_ezpolicy.
-
-By default, xensec_gen runs as a daemon and listens on port 7777 for
-HTTP requests.  The xensec_gen command supports command line options
-to change the listen port, run in the foreground, and a few others.
-Type 'xensec_gen -h' to see the full list of options available.
-
-Once the xensec_gen utility is running, point a browser at the host
-and port on which the utility is running (e.g. http://localhost:7777).
-You will be presented with a web page that allows you to create or
-modify the XML policy file:
-
-  - The Security Policy types section allows you to create or modify
-the policy types and conflict set definitions
-
-  - The Security Policy Labeling section allows you to create or
-modify label definitions
-
-The policy generation tool allows you to modify an existing policy
-definition or create a new policy definition file. To modify an
-existing policy definition, enter the full path to the existing file
-(the "Browse" button can be used to aid in this) in the Policy File
-entry field.  To create a new policy definition file leave the Policy
-File entry field blank.  At this point click the "Create" button to
-begin modifying or creating your policy definition.
-
-  Security Policy Types Section
-  -----------------------------
-
-You will then be presented with a web page. The upper part of it will
-allow you to create either Simple Type Enforcement types or Chinese
-Wall types or both, as well as Chinese Wall conflict sets.
-
-As an example, to add a Simple Type Enforcement type:
-
-- Enter the name of a new type under the Simple Type Enforcement Types
-section in the entry field above the "New" button.
-
-- Click the "New" button and the type will be added to the list of
-defined Simple Type Enforcement types.
-
-To remove a Simple Type Enforcement type:
-
-- Click on the type to be removed in the list of defined Simple Type
-Enforcement types.
-
-- Click the "Delete" button to remove the type.
-
-Follow the same process to add Chinese Wall types. The Chinese Wall
-Conflict Set allows you to add Chinese Wall types from the list of
-defined Chinese Wall types.
-
-
-  Security Policy Labels:
-  -------------------------
-
-The security policy label section of the web page allows you to create
-labels for classes of virtual machines and resources.  The input
-policy type definitions on the upper part of the web page will provide
-the available types (Simple Type Enforcement and/or Chinese Wall) that
-can be assigned to a virtual machine class. Resource classes only
-include simple type enforcement types; the Chinese Wall policy does
-apply only to virtual machines.
-
-As an example, to add a Virtual Machine class (the name entered will
-become the label that will be used to identify the class):
-
-- Enter the name of a new class under the Virtual Machine Classes
-section in the entry field above the "New" button.
-
-- Click the "New" button and the class will be added to the table of
-defined Virtual Machine classes.
-
-To remove a Virtual Machine class:
-
-- Click the "Delete" link associated with the class in the table of
-Virtual Machine classes.
-
-Once you have defined one or more Virtual Machine classes, you will
-be able to add any of the defined Simple Type Enforcement types or
-Chinese Wall types to a particular Virtual Machine.
-
-If you create a new policy, you must also define which Virtual Machine
-class is to be associated with the bootstrap domain (or Dom0 domain).
-By default, the first Virtual Machine class created will be associated
-as the bootstrap domain.
-
-To save your policy definition file, click on the "Generate XML"
-button on the top of the page.  This will present you with a dialog
-box to save the generated XML file on your system.  The default name
-will be security_policy.xml which you should change to follow the
-policy file naming conventions based on the policy name that you
-choose to use.
-
-To get a feel for the tool, you could use one of the example policy
-definitions files from /etc/xen/acm-security/policies/example as
-input or a policy created by the xensec_ezpolicy tool.
diff -r a65612bcbb92 -r 2aeebd5cbbad tools/security/python/setup.py
--- a/tools/security/python/setup.py    Fri Mar 25 09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-#!/usr/bin/python
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License,
-# or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-from distutils.core import setup
-import os
-
-# This setup script is invoked from the parent directory, so base
-#   everything as if executing from there.
-XEN_ROOT = "../.."
-
-setup(name            = 'xensec_gen',
-      version         = '3.0',
-      description     = 'Xen XML Security Policy Generator',
-      package_dir     = { 'xen' : 'python' },
-      packages        = ['xen.xensec_gen'],
-      )
diff -r a65612bcbb92 -r 2aeebd5cbbad 
tools/security/python/xensec_gen/__init__.py
--- a/tools/security/python/xensec_gen/__init__.py      Fri Mar 25 09:03:17 
2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-
diff -r a65612bcbb92 -r 2aeebd5cbbad 
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi       Fri Mar 25 
09:03:17 2011 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,2376 +0,0 @@
-#!/usr/bin/python
-#
-# The Initial Developer of the Original Code is International
-# Business Machines Corporation. Portions created by IBM
-# Corporation are Copyright (C) 2005, 2006 International Business
-# Machines Corporation. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License,
-# or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import os
-import cgi
-import cgitb; cgitb.enable( )
-import time
-import xml.dom.minidom
-import xml.sax
-import xml.sax.handler
-from StringIO import StringIO
-from sets import Set
-
-def getSavedData( ):
-       global formData, policyXml
-       global formVariables, formCSNames, formVmNames, formResNames
-       global allCSMTypes, allVmChWs, allVmStes, allResStes
-
-       # Process the XML upload policy file
-       if formData.has_key( 'i_policy' ):
-               dataList = formData.getlist( 'i_policy' )
-               if len( dataList ) > 0:
-                       policyXml  = dataList[0]
-
-       # Process all the hidden input variables (if present)
-       for formVar in formVariables:
-               if formVar[2] == '':
-                       continue
-
-               if formData.has_key( formVar[2] ):
-                       dataList = formData.getlist( formVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( formVar[1], list ):
-                                       exec 'formVar[1] = ' + dataList[0]
-                               else:
-                                       formVar[1] = dataList[0]
-
-       # The form can contain any number of "Conflict Sets"
-       #   so update the list of form variables to include
-       #   each conflict set (hidden input variable)
-       for csName in formCSNames[1]:
-               newCS( csName )
-               if formData.has_key( allCSMTypes[csName][2] ):
-                       dataList = formData.getlist( allCSMTypes[csName][2] )
-                       if len( dataList ) > 0:
-                               exec 'allCSMTypes[csName][1] = ' + dataList[0]
-
-       # The form can contain any number of "Virtual Machines"
-       #   so update the list of form variables to include
-       #   each virtual machine (hidden input variable)
-       for vmName in formVmNames[1]:
-               newVm( vmName )
-
-               vmFormVar = allVmChWs[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-               vmFormVar = allVmStes[vmName]
-               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
-                       dataList = formData.getlist( vmFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( vmFormVar[1], list ):
-                                       exec 'vmFormVar[1] = ' + dataList[0]
-                               else:
-                                       vmFormVar[1] = dataList[0]
-
-       # The form can contain any number of "Resources"
-       #   so update the list of form variables to include
-       #   each resource (hidden input variable)
-       for resName in formResNames[1]:
-               newRes( resName )
-
-               resFormVar = allResStes[resName]
-               if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ):
-                       dataList = formData.getlist( resFormVar[2] )
-                       if len( dataList ) > 0:
-                               if isinstance( resFormVar[1], list ):
-                                       exec 'resFormVar[1] = ' + dataList[0]
-                               else:
-                                       resFormVar[1] = dataList[0]
-
-
-def getCurrentTime( ):
-       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
-
-def getName( domNode ):
-       nameNodes = domNode.getElementsByTagName( 'Name' )
-       if len( nameNodes ) == 0:
-               formatXmlError( '"<Name>" tag is missing' )
-               return None
-
-       name = ''
-       for childNode in nameNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       name = name + childNode.data
-       return name
-
-def getPolicyName( domNode ):
-       nameNodes = domNode.getElementsByTagName( 'PolicyName' )
-       if len( nameNodes ) == 0:
-               formatXmlError( '"<PolicyName>" tag is missing' )
-               return None
-
-       name = ''
-       for childNode in nameNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       name = name + childNode.data
-
-       return name
-
-def getUrl( domNode ):
-       urlNodes = domNode.getElementsByTagName( 'PolicyUrl' )
-       if len( urlNodes ) == 0:
-               return ''
-
-       url = ''
-       for childNode in urlNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       url = url + childNode.data
-
-       return url
-
-def getRef( domNode ):
-       refNodes = domNode.getElementsByTagName( 'Reference' )
-       if len( refNodes ) == 0:
-               return ''
-
-       ref = ''
-       for childNode in refNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       ref = ref + childNode.data
-
-       return ref
-
-def getDate( domNode ):
-       dateNodes = domNode.getElementsByTagName( 'Date' )
-       if len( dateNodes ) == 0:
-               return ''
-
-       date = ''
-       for childNode in dateNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       date = date + childNode.data
-
-       return date
-
-def getNSUrl( domNode ):
-       urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' )
-       if len( urlNodes ) == 0:
-               return ''
-
-       url = ''
-       for childNode in urlNodes[0].childNodes:
-               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                       url = url + childNode.data
-
-       return url
-
-def getSteTypes( domNode, missingIsError = 0 ):
-       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
-       if len( steNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( steNodes[0] )
-
-def getChWTypes( domNode, missingIsError = 0 ):
-       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
-       if len( chwNodes ) == 0:
-               if missingIsError == 1:
-                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
-                       return None
-               else:
-                       return []
-
-       return getTypes( chwNodes[0] )
-
-def getTypes( domNode ):
-       types = []
-
-       domNodes = domNode.getElementsByTagName( 'Type' )
-       if len( domNodes ) == 0:
-               formatXmlError( '"<Type>" tag is missing' )
-               return None
-
-       for domNode in domNodes:
-               typeText = ''
-               for childNode in domNode.childNodes:
-                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
-                               typeText = typeText + childNode.data
-
-               if typeText == '':
-                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
-                       return None
-
-               types.append( typeText )
-
-       return types
-
-def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
-       global xmlMessages, xmlError
-
-       xmlError = 1
-       addMsg = cgi.escape( msg )
-
-       if lineNum != -1:
-               sio = StringIO( xml )
-               for xmlLine in sio:
-                       lineNum = lineNum - 1
-                       if lineNum == 0:
-                               break;
-
-               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
-
-               if colNum != -1:
-                       errLine = ''
-                       for i in range( colNum ):
-                               errLine = errLine + '-'
-
-                       addMsg += '\n' + errLine + '^'
-
-               addMsg += '</PRE>'
-
-       xmlMessages.append( addMsg )
-
-def formatXmlGenError( msg ):
-       global xmlMessages, xmlIncomplete
-
-       xmlIncomplete = 1
-       xmlMessages.append( cgi.escape( msg ) )
-
-def parseXml( xmlInput ):
-       xmlParser = xml.sax.make_parser( )
-       try:
-               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
-
-       except xml.sax.SAXParseException, xmlErr:
-               msg = ''
-               msg = msg + 'XML parsing error occurred at line '
-               msg = msg + `xmlErr.getLineNumber( )`
-               msg = msg + ', column '
-               msg = msg + `xmlErr.getColumnNumber( )`
-               msg = msg + ': reason = "'
-               msg = msg + xmlErr.getMessage( )
-               msg = msg + '"'
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       except xml.sax.SAXException, xmlErr:
-               msg = ''
-               msg = msg + 'XML Parsing error: ' + `xmlErr`
-               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
-               return None
-
-       return domDoc
-
-def parsePolicyXml( ):
-       global policyXml
-       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
-       global formPolicyOrder
-       global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0
-       global allCSMTypes, allVmStes, allVmChWs
-
-       domDoc = parseXml( policyXml )
-       if domDoc == None:
-               return
-
-       # Process the PolicyHeader
-       domRoot    = domDoc.documentElement
-       domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
-       if len( domHeaders ) == 0:
-               msg = ''
-               msg = msg + '"<PolicyHeader>" tag is missing.\n'
-               msg = msg + 'Please validate the Policy file used.'
-               formatXmlError( msg )
-               return
-
-       pName = getPolicyName( domHeaders[0] )
-       if pName == None:
-               msg = ''
-               msg = msg + 'Error processing the Policy header information.\n'
-               msg = msg + 'Please validate the Policy file used.'
-               formatXmlError( msg )
-               return
-
-       formPolicyName[1]  = pName
-       formPolicyUrl[1]   = getUrl( domHeaders[0] )
-       formPolicyRef[1]   = getRef( domHeaders[0] )
-       formPolicyDate[1]  = getDate( domHeaders[0] )
-       formPolicyNSUrl[1] = getNSUrl( domHeaders[0] )
-
-       # Process the STEs
-       pOrder = ''
-       domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
-       if len( domStes ) > 0:
-               if domStes[0].hasAttribute( 'priority' ):
-                       if domStes[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
-                               msg = ''
-                               msg = msg + 'Error processing the 
"<SimpleTypeEnforcement>" tag.\n'
-                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       pOrder = 'v_Ste'
-
-               steTypes = getSteTypes( domStes[0], 1 )
-               if steTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               formSteTypes[1] = steTypes
-
-       # Process the ChineseWalls and Conflict Sets
-       domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
-       if len( domChWalls ) > 0:
-               if domChWalls[0].hasAttribute( 'priority' ):
-                       if domChWalls[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
-                               msg = ''
-                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
-                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       if pOrder != '':
-                               msg = ''
-                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
-                               msg = msg + 'The "priority" attribute has been 
previously specified.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       pOrder = 'v_ChWall'
-
-               chwTypes = getChWTypes( domChWalls[0], 1 )
-               if chwTypes == None:
-                       msg = ''
-                       msg = msg + 'Error processing the ChineseWall types.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-               formChWallTypes[1] = chwTypes
-
-               csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
-               if csNodes and (len( csNodes ) > 0):
-                       cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
-                       if not cNodes or len( cNodes ) == 0:
-                               msg = ''
-                               msg = msg + 'Required "<Conflict>" tag 
missing.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       for cNode in cNodes:
-                               csName = cNode.getAttribute( 'name' )
-                               newCS( csName, 1 )
-
-                               csMemberList = getTypes( cNode )
-                               if csMemberList == None:
-                                       msg = ''
-                                       msg = msg + 'Error processing the 
Conflict Set members.\n'
-                                       msg = msg + 'Please validate the Policy 
file used.'
-                                       formatXmlError( msg )
-                                       return
-
-                               # Verify the conflict set members are valid 
types
-                               ctSet = Set( formChWallTypes[1] )
-                               csSet = Set( csMemberList )
-                               if not csSet.issubset( ctSet ):
-                                       msg = ''
-                                       msg = msg + 'Error processing Conflict 
Set "' + csName + '".\n'
-                                       msg = msg + 'Members of the conflict 
set are not valid '
-                                       msg = msg + 'Chinese Wall types.\n'
-                                       msg = msg + 'Please validate the Policy 
file used.'
-                                       formatXmlError( msg )
-
-                               allCSMTypes[csName][1] = csMemberList
-
-       if pOrder != '':
-               formPolicyOrder[1] = pOrder
-       else:
-               if (len( domStes ) > 0) or (len( domChWalls ) > 0):
-                       msg = ''
-                       msg = msg + 'The "priority" attribute has not been 
specified.\n'
-                       msg = msg + 'It must be specified on one of the access 
control types.\n'
-                       msg = msg + 'Please validate the Policy file used.'
-                       formatXmlError( msg )
-                       return
-
-       # Process the Labels
-       domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' )
-       if not domLabels or (len( domLabels ) == 0):
-               msg = ''
-               msg = msg + '<SecurityLabelTemplate> tag is missing.\n'
-               msg = msg + 'Please validate the Policy file used.'
-               formatXmlError( msg )
-               return
-
-
-       # Process the VMs
-       domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' )
-       if len( domSubjects ) > 0:
-               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
-               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
-               for domNode in domNodes:
-                       vmName = getName( domNode )
-                       if vmName == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               continue
-
-                       steTypes = getSteTypes( domNode )
-                       if steTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       chwTypes = getChWTypes( domNode )
-                       if chwTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the ChineseWall 
types.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       newVm( vmName, 1 )
-                       allVmStes[vmName][1] = steTypes
-                       allVmChWs[vmName][1] = chwTypes
-
-       # Process the Resources
-       domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' )
-       if len( domObjects ) > 0:
-               domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' )
-               for domNode in domNodes:
-                       resName = getName( domNode )
-                       if resName == None:
-                               msg = ''
-                               msg = msg + 'Error processing the ResourceLabel 
name.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               continue
-
-                       steTypes = getSteTypes( domNode )
-                       if steTypes == None:
-                               msg = ''
-                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
-                               msg = msg + 'Please validate the Policy file 
used.'
-                               formatXmlError( msg )
-                               return
-
-                       newRes( resName, 1 )
-                       allResStes[resName][1] = steTypes
-
-def modFormTemplate( formTemplate, suffix ):
-       formVar = [x for x in formTemplate]
-
-       if formVar[2] != '':
-               formVar[2] = formVar[2] + suffix
-       if formVar[3] != '':
-               formVar[3] = formVar[3] + suffix
-       if (formVar[0] != 'button') and (formVar[4] != ''):
-               formVar[4] = formVar[4] + suffix
-
-       return formVar;
-
-def removeDups( curList ):
-       newList = []
-       curSet  = Set( curList )
-       for x in curSet:
-               newList.append( x )
-       newList.sort( )
-
-       return newList
-
-def newCS( csName, addToList = 0 ):
-       global formCSNames
-       global templateCSDel, allCSDel
-       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
-       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
-
-       csSuffix = '_' + csName
-
-       # Make sure we have an actual name and check one of the 'all'
-       # variables to be sure it hasn't been previously defined
-       if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
-               allCSDel[csName]    = modFormTemplate( templateCSDel,    
csSuffix )
-               allCSMTypes[csName] = modFormTemplate( templateCSMTypes, 
csSuffix )
-               allCSMDel[csName]   = modFormTemplate( templateCSMDel,   
csSuffix )
-               allCSMType[csName]  = modFormTemplate( templateCSMType,  
csSuffix )
-               allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   
csSuffix )
-               if addToList == 1:
-                       formCSNames[1].append( csName )
-                       formCSNames[1] = removeDups( formCSNames[1] )
-
-def newVm( vmName, addToList = 0 ):
-       global formVmNames
-       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
-       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       # Make sure we have an actual name and check one of the 'all'
-       # variables to be sure it hasn't been previously defined
-       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
-               vmSuffix = '_' + vmName
-               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
-               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
-               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
-               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
-               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
-               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
-               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
-               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
-               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
-               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
-               if addToList == 1:
-                       formVmNames[1].append( vmName )
-                       formVmNames[1] = removeDups( formVmNames[1] )
-
-def newRes( resName, addToList = 0 ):
-       global formResNames
-       global templateResDel, allResDel
-       global templateResStes, templateResSteDel, templateResSte, 
templateResSteAdd
-       global allResStes, allResSteDel, allResSteType, allResSteAdd
-
-       # Make sure we have an actual name and check one of the 'all'
-       # variables to be sure it hasn't been previously defined
-       if (len( resName ) > 0) and (not allResDel.has_key( resName )):
-               resSuffix = '_' + resName
-               allResDel[resName]    = modFormTemplate( templateResDel,    
resSuffix )
-               allResStes[resName]   = modFormTemplate( templateResStes,   
resSuffix )
-               allResSteDel[resName] = modFormTemplate( templateResSteDel, 
resSuffix )
-               allResSte[resName]    = modFormTemplate( templateResSte,    
resSuffix )
-               allResSteAdd[resName] = modFormTemplate( templateResSteAdd, 
resSuffix )
-               if addToList == 1:
-                       formResNames[1].append( resName )
-                       formResNames[1] = removeDups( formResNames[1] )
-
-def updateInfo( ):
-       global formData, formPolicyName, formPolicyUrl, formPolicyRef, 
formPolicyDate, formPolicyNSUrl
-       global formPolicyOrder
-
-       if formData.has_key( formPolicyName[3] ):
-               formPolicyName[1] = formData[formPolicyName[3]].value
-       elif formData.has_key( formPolicyUpdate[3] ):
-               formPolicyName[1] = ''
-
-       if formData.has_key( formPolicyUrl[3] ):
-               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
-       elif formData.has_key( formPolicyUpdate[3] ):
-               formPolicyUrl[1] = ''
-
-       if formData.has_key( formPolicyRef[3] ):
-               formPolicyRef[1] = formData[formPolicyRef[3]].value
-       elif formData.has_key( formPolicyUpdate[3] ):
-               formPolicyRef[1] = ''
-
-       if formData.has_key( formPolicyDate[3] ):
-               formPolicyDate[1] = formData[formPolicyDate[3]].value
-       elif formData.has_key( formPolicyUpdate[3] ):
-               formPolicyDate[1] = ''
-
-       if formData.has_key( formPolicyNSUrl[3] ):
-               formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value
-       elif formData.has_key( formPolicyUpdate[3] ):
-               formPolicyNSUrl[1] = ''
-
-       if formData.has_key( formPolicyOrder[3] ):
-               formPolicyOrder[1] = formData[formPolicyOrder[3]].value
-
-def addSteType( ):
-       global formData, formSteType, formSteTypes
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formSteAdd[3] )):
-               if formData.has_key( formSteType[3] ):
-                       type = formData[formSteType[3]].value
-                       type = type.strip( )
-                       if len( type ) > 0:
-                               formSteTypes[1].append( type )
-                               formSteTypes[1] = removeDups( formSteTypes[1] )
-
-
-def delSteType( ):
-       global formData, formSteTypes
-
-       if formData.has_key( formSteTypes[3] ):
-               typeList = formData.getlist( formSteTypes[3] )
-               for type in typeList:
-                       type = type.strip( )
-                       formSteTypes[1].remove( type )
-
-def addChWallType( ):
-       global formData, formChWallType, formChWallTypes
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formChWallAdd[3] )):
-               if formData.has_key( formChWallType[3] ):
-                       type = formData[formChWallType[3]].value
-                       type = type.strip( )
-                       if len( type ) > 0:
-                               formChWallTypes[1].append( type )
-                               formChWallTypes[1] = removeDups( 
formChWallTypes[1] )
-
-def delChWallType( ):
-       global formData, formChWallTypes
-
-       if formData.has_key( formChWallTypes[3] ):
-               typeList = formData.getlist( formChWallTypes[3] )
-               for type in typeList:
-                       type = type.strip( )
-                       formChWallTypes[1].remove( type )
-
-def addCS( ):
-       global formData, formCSNames
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formCSAdd[3] )):
-               if formData.has_key( formCSName[3] ):
-                       csName = formData[formCSName[3]].value
-                       csName = csName.strip( )
-                       newCS( csName, 1 )
-
-def delCS( csName ):
-       global formData, formCSNames, allCSDel
-       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
-
-       csName = csName.strip( )
-       formCSNames[1].remove( csName )
-       del allCSDel[csName]
-       del allCSMTypes[csName]
-       del allCSMDel[csName]
-       del allCSMType[csName]
-       del allCSMAdd[csName]
-
-def addCSMember( csName ):
-       global formData, allCSMType, allCSMTypes
-
-       formVar = allCSMType[csName]
-       if formData.has_key( formVar[3] ):
-               csmList = formData.getlist( formVar[3] )
-               formVar = allCSMTypes[csName]
-               for csm in csmList:
-                       csm = csm.strip( )
-                       formVar[1].append( csm )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delCSMember( csName ):
-       global formData, allCSMTypes
-
-       formVar = allCSMTypes[csName]
-       if formData.has_key( formVar[3] ):
-               csmList = formData.getlist( formVar[3] )
-               for csm in csmList:
-                       csm = csm.strip( )
-                       formVar[1].remove( csm )
-
-def addVm( ):
-       global formData, fromVmName, formVmNames, formVmNameDom0
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
-               if formData.has_key( formVmName[3] ):
-                       vmName = formData[formVmName[3]].value
-                       vmName = vmName.strip( )
-                       newVm( vmName, 1 )
-                       if formVmNameDom0[1] == '':
-                               formVmNameDom0[1] = vmName
-
-def delVm( vmName ):
-       global formVmNames, formVmNameDom0
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
-
-       vmName = vmName.strip( )
-       formVmNames[1].remove( vmName )
-       del allVmDom0[vmName]
-       del allVmDel[vmName]
-       del allVmChWs[vmName]
-       del allVmChWDel[vmName]
-       del allVmChW[vmName]
-       del allVmChWAdd[vmName]
-       del allVmStes[vmName]
-       del allVmSteDel[vmName]
-       del allVmSte[vmName]
-       del allVmSteAdd[vmName]
-
-       if formVmNameDom0[1] == vmName:
-               if len( formVmNames[1] ) > 0:
-                       formVmNameDom0[1] = formVmNames[1][0]
-               else:
-                       formVmNameDom0[1] = ''
-
-def makeVmDom0( vmName ):
-       global formVmNameDom0
-
-       vmName = vmName.strip( )
-       formVmNameDom0[1] = vmName
-
-def addVmChW( vmName ):
-       global formData, allVmChW, allVmChWs
-
-       formVar = allVmChW[vmName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               formVar = allVmChWs[vmName]
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].append( chw )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmChW( vmName ):
-       global formData, allVmChWs
-
-       formVar = allVmChWs[vmName]
-       if formData.has_key( formVar[3] ):
-               chwList = formData.getlist( formVar[3] )
-               for chw in chwList:
-                       chw = chw.strip( )
-                       formVar[1].remove( chw )
-
-def addVmSte( vmName ):
-       global formData, allVmSte, allVmStes
-
-       formVar = allVmSte[vmName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               formVar = allVmStes[vmName]
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].append( ste )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delVmSte( vmName ):
-       global formData, allVmStes
-
-       formVar = allVmStes[vmName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].remove( ste )
-
-def addRes( ):
-       global formData, fromResName, formResNames
-
-       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formResAdd[3] )):
-               if formData.has_key( formResName[3] ):
-                       resName = formData[formResName[3]].value
-                       resName = resName.strip( )
-                       newRes( resName, 1 )
-
-def delRes( resName ):
-       global formResNames
-       global allResDel
-       global allResStes, allResSteDel, allResSteType, allResSteAdd
-
-       resName = resName.strip( )
-       formResNames[1].remove( resName )
-       del allResDel[resName]
-       del allResStes[resName]
-       del allResSteDel[resName]
-       del allResSte[resName]
-       del allResSteAdd[resName]
-
-def addResSte( vmName ):
-       global formData, allResSte, allResStes
-
-       formVar = allResSte[vmName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               formVar = allResStes[vmName]
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].append( ste )
-                       formVar[1] = removeDups( formVar[1] )
-
-def delResSte( vmName ):
-       global formData, allResStes
-
-       formVar = allResStes[vmName]
-       if formData.has_key( formVar[3] ):
-               steList = formData.getlist( formVar[3] )
-               for ste in steList:
-                       ste = ste.strip( )
-                       formVar[1].remove( ste )
-
-def processRequest( ):
-       global policyXml
-       global formData, formPolicyUpdate
-       global formSteAdd, formSteDel
-       global formChWallAdd, formChWallDel
-       global formCSAdd, allCSDel
-       global formCSNames, allCSMAdd, allCSMDel
-       global formVmAdd
-       global formVmNames, allVmDel, allVmDom0
-       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
-       global formResAdd
-       global formResNames, allResDel
-       global allResSteAdd, allResSteDel
-
-       if policyXml != '':
-               parsePolicyXml( )
-
-       # Allow the updating of the header information whenever
-       # an action is performed
-       updateInfo( )
-
-       # Allow the adding of types/sets/vms if the user has hit the
-       # enter key when attempting to add a type/set/vm
-       addSteType( )
-       addChWallType( )
-       addCS( )
-       addVm( )
-       addRes( )
-
-       if formData.has_key( formSteDel[3] ):
-               delSteType( )
-
-       elif formData.has_key( formChWallDel[3] ):
-               delChWallType( )
-
-       else:
-               for csName in formCSNames[1]:
-                       if formData.has_key( allCSDel[csName][3] ):
-                               delCS( csName )
-                               continue
-
-                       if formData.has_key( allCSMAdd[csName][3] ):
-                               addCSMember( csName )
-
-                       elif formData.has_key( allCSMDel[csName][3] ):
-                               delCSMember( csName )
-
-       for vmName in formVmNames[1]:
-               if formData.has_key( allVmDel[vmName][3] ):
-                       delVm( vmName )
-                       continue
-
-               if formData.has_key( allVmDom0[vmName][3] ):
-                       makeVmDom0( vmName )
-
-               if formData.has_key( allVmChWAdd[vmName][3] ):
-                       addVmChW( vmName )
-
-               elif formData.has_key( allVmChWDel[vmName][3] ):
-                       delVmChW( vmName )
-
-               elif formData.has_key( allVmSteAdd[vmName][3] ):
-                       addVmSte( vmName )
-
-               elif formData.has_key( allVmSteDel[vmName][3] ):
-                       delVmSte( vmName )
-
-       for resName in formResNames[1]:
-               if formData.has_key( allResDel[resName][3] ):
-                       delRes( resName )
-                       continue
-
-               if formData.has_key( allResSteAdd[resName][3] ):
-                       addResSte( resName )
-
-               elif formData.has_key( allResSteDel[resName][3] ):
-                       delResSte( resName )
-
-def makeName( name, suffix='' ):
-       rName = name
-       if suffix != '':
-               rName = rName + '_' + suffix
-
-       return rName
-
-def makeNameAttr( name, suffix='' ):
-       return 'name="' + makeName( name, suffix ) + '"'
-
-def makeValue( value, suffix='' ):
-       rValue = value
-
-       if isinstance( value, list ):
-               rValue = '['
-               for val in value:
-                       rValue = rValue + '\'' + val
-                       if suffix != '':
-                               rValue = rValue + '_' + suffix
-                       rValue = rValue + '\','
-               rValue = rValue + ']'
-
-       else:
-               if suffix != '':
-                       rValue = rValue + '_' + suffix
-
-       return rValue
-
-def makeValueAttr( value, suffix='' ):
-       return 'value="' + makeValue( value, suffix ) + '"'
-
-def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
-       nameAttr  = ''
-       valueAttr = ''
-       htmlText  = ''
-
-       if formVar[0] == 'text':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               valueAttr = makeValueAttr( formVar[1] )
-
-               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'list':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-
-               print '<SELECT', nameAttr, attrs, '>'
-               for option in formVar[1]:
-                       print '<OPTION>' + option + '</OPTION>'
-               print '</SELECT>'
-
-       elif formVar[0] == 'button':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-               if formVar[4] != '':
-                       valueAttr = makeValueAttr( formVar[4] )
-
-               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
-
-       elif formVar[0] == 'radiobutton':
-               if formVar[3] != '':
-                       nameAttr  = makeNameAttr( formVar[3] )
-                       valueAttr = makeValueAttr( formVar[4][rb_select] )
-                       htmlText  = formVar[5][rb_select]
-                       if formVar[4][rb_select] == formVar[1]:
-                               checked = 'checked'
-                       else:
-                               checked = ''
-
-                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
-
-       elif formVar[0] == 'radiobutton-all':
-               if formVar[3] != '':
-                       nameAttr = makeNameAttr( formVar[3] )
-                       buttonVals  = formVar[4]
-                       buttonTexts = formVar[5]
-                       for i, buttonVal in enumerate( buttonVals ):
-                               htmlText = ''
-                               addAttrs = ''
-                               checked  = ''
-
-                               valueAttr = makeValueAttr( buttonVal )
-                               if formVar[5] != '':
-                                       htmlText = formVar[5][i]
-                               if attrs != '':
-                                       addAttrs = attrs[i]
-                               if buttonVal == formVar[1]:
-                                       checked = 'checked'
-
-                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
-
-       if ( formVar[2] != '' ) and ( rb_select == 0 ):
-               nameAttr = makeNameAttr( formVar[2] )
-               valueAttr = makeValueAttr( formVar[1] )
-               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
-
-def sendHtmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/html'
-       print
-
-def sendPolicyHtml( ):
-       global xmlError, xmlIncomplete, xmlMessages
-       global formDefaultButton, formXmlGen
-       global formVmNameDom0
-
-       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
-       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
-
-       print '<HTML>'
-
-       sendHtmlHead( )
-
-       print '<BODY>'
-
-       # An input XML file was specified that had errors, output the
-       # error information
-       if xmlError == 1:
-               print '<P>'
-               print 'An error has been encountered while processing the input 
'
-               print 'XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       # When attempting to generate the XML output, all required data was not
-       # present, output the error information
-       if xmlIncomplete == 1:
-               print '<P>'
-               print 'An error has been encountered while validating the data'
-               print 'required for the output XML file:'
-               print '<UL>'
-               for msg in xmlMessages:
-                       print '<LI>'
-                       print msg
-               print '</UL>'
-               print '</BODY>'
-               print '</HTML>'
-               return
-
-       print '<CENTER>'
-       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
-       print '<TABLE class="container">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
-       print '          </TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formXmlGen )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy header
-       print '  <TR>'
-       print '    <TD>'
-       sendPHeaderHtml( )
-       print '    </TD>'
-       print '  </TR>'
-
-       # Separator
-       print '  <TR><TD><HR></TD></TR>'
-
-       # Policy (types)
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="49%">'
-       print '          <COL width="2%">'
-       print '          <COL width="49%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD>'
-       sendPSteHtml( )
-       print '          </TD>'
-       print '          <TD>&nbsp;</TD>'
-       print '          <TD>'
-       sendPChWallHtml( )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Separator
-       print '  <TR>'
-       print '    <TD>'
-       print '      <HR>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labels (vms)
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="100%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD>'
-       sendPLSubHtml( )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Separator
-       print '  <TR>'
-       print '    <TD>'
-       print '      <HR>'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Policy Labels (resources)
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="100%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD>'
-       sendPLObjHtml( )
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-
-       print '</TABLE>'
-
-       # Send some data that needs to be available across sessions
-       sendHtmlFormVar( formVmNameDom0 )
-
-       print '</FORM>'
-       print '</CENTER>'
-
-       print '</BODY>'
-
-       print '</HTML>'
-
-def sendHtmlHead( ):
-       global headTitle
-
-       print '<HEAD>'
-       print '<STYLE type="text/css">'
-       print '<!--'
-       print 'BODY            {background-color: #EEEEFF;}'
-       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
-       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
-       print 'THEAD           {font-weight: bold; font-size: larger;}'
-       print 'TD              {border: 0px solid black; vertical-align: top;}'
-       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
-       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
-       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
-       print 'SELECT.full     {width: 100%;}'
-       print 'INPUT.full      {width: 100%;}'
-       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
-       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
-       print ':link           {color: blue;}'
-       print ':visited        {color: red;}'
-       print '-->'
-       print '</STYLE>'
-       print '<TITLE>', headTitle, '</TITLE>'
-       print '</HEAD>'
-
-def sendPHeaderHtml( ):
-       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
-       global formPolicyOrder, formPolicyUpdate
-
-       # Policy header definition
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="20%">'
-       print '    <COL width="80%">'
-       print '  </COLGROUP>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="heading">Policy 
Information</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Name:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyName, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Url:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Reference:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyRef, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Date:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyDate, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">NameSpace URL:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyNSUrl, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="right">Primary Policy:</TD>'
-       print '    <TD align="left">'
-       sendHtmlFormVar( formPolicyOrder )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2">'
-       sendHtmlFormVar( formPolicyUpdate )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="subheading">'
-       print '      (The Policy Information is updated whenever an action is 
performed'
-       print '       or it can be updated separately using the "Update" 
button)'
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def sendPSteHtml( ):
-       global formSteTypes, formSteDel, formSteType, formSteAdd
-
-       # Simple Type Enforcement...
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="20%">'
-       print '    <COL width="80%">'
-       print '  </COLGROUP>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="heading">Simple Type 
Enforcement Types</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formSteDel, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       print '      Delete the type(s) selected above'
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       sendHtmlFormVar( formSteType, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formSteAdd, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       print '      Create a new type with the above name'
-       print '    </TD>'
-       print '  </TR>'
-       print '</TABLE>'
-
-def sendPChWallHtml( ):
-       global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
-       global formCSNames, formCSName, formCSAdd, allCSDel
-       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
-
-       # Chinese Wall...
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="20%">'
-       print '    <COL width="80%">'
-       print '  </COLGROUP>'
-       print '  <TR>'
-       print '    <TD align="center" colspan="2" class="heading">Chinese Wall 
Types</TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formChWallDel, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       print '      Delete the type(s) selected above'
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       sendHtmlFormVar( formChWallType, 'class="full"' )
-       print '    </TD>'
-       print '  </TR>'
-       print '  <TR>'
-       print '    <TD>'
-       sendHtmlFormVar( formChWallAdd, 'class="full"' )
-       print '    </TD>'
-       print '    <TD>'
-       print '      Create a new type with the above name'
-       print '    </TD>'
-       print '  </TR>'
-
-       # Chinese Wall Conflict Sets...
-       print '  <TR>'
-       print '    <TD colspan="2">'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="20%">'
-       print '          <COL width="30%">'
-       print '          <COL width="50%">'
-       print '        </COLGROUP>'
-       print '        <THEAD>'
-       print '          <TR>'
-       print '            <TD align="center" colspan="3"><HR></TD>'
-       print '          </TR>'
-       print '          <TR>'
-       print '            <TD align="center" colspan="3">Chinese Wall Conflict 
Sets</TD>'
-       print '          </TR>'
-       print '        </THEAD>'
-       print '        <TR>'
-       print '          <TD colspan="3">'
-       sendHtmlFormVar( formCSName, 'class="full"' )
-       sendHtmlFormVar( formCSNames )
-       print '          </TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formCSAdd, 'class="full"' )
-       print '          </TD>'
-       print '          <TD colspan="2">'
-       print '            Create a new conflict set with the above name'
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-       if len( formCSNames[1] ) > 0:
-               print '  <TR>'
-               print '    <TD colspan="2">'
-               print '      &nbsp;'
-               print '    </TD>'
-               print '  </TR>'
-               print '  <TR>'
-               print '    <TD colspan="2">'
-               print '      <TABLE class="fullbox">'
-               print '        <COLGROUP>'
-               print '          <COL width="50%">'
-               print '          <COL width="50%">'
-               print '        </COLGROUP>'
-               print '        <THEAD>'
-               print '          <TR>'
-               print '            <TD class="fullbox">Name</TD>'
-               print '            <TD class="fullbox">Actions</TD>'
-               print '          </TR>'
-               print '        </THEAD>'
-               for i, csName in enumerate( formCSNames[1] ):
-                       print '        <TR>'
-                       print '          <TD class="fullbox">' + csName + 
'</TD>'
-                       print '          <TD class="fullbox">'
-                       print '            <A href="#' + csName + '">Edit</A>'
-                       formVar = allCSDel[csName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       print '          </TD>'
-               print '      </TABLE>'
-               print '    </TD>'
-               print '  </TR>'
-               for csName in formCSNames[1]:
-                       print '  <TR><TD colspan="2"><HR></TD></TR>'
-                       print '  <TR>'
-                       print '    <TD align="center" colspan="2" 
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD colspan="2">'
-                       formVar = allCSMTypes[csName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       formVar = allCSMDel[csName]
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '    </TD>'
-                       print '    <TD>'
-                       print '      Delete the type(s) selected above'
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD colspan="2">'
-                       ctSet = Set( formChWallTypes[1] )
-                       csSet = Set( allCSMTypes[csName][1] )
-                       formVar = allCSMType[csName]
-                       formVar[1] = []
-                       for chwallType in ctSet.difference( csSet ):
-                               formVar[1].append( chwallType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple' )
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       formVar = allCSMAdd[csName]
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '    </TD>'
-                       print '    <TD>'
-                       print '      Add the type(s) selected above'
-                       print '    </TD>'
-                       print '  </TR>'
-
-       print '</TABLE>'
-
-def sendPLSubHtml( ):
-       global formVmNames, formVmDel, formVmName, formVmAdd
-       global allVmDel, allVmDom0
-       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
-       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
-       global formSteTypes, formChWallTypes
-
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       # Virtual Machines...
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="10%">'
-       print '          <COL width="40%">'
-       print '          <COL width="50%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD colspan="2">'
-       sendHtmlFormVar( formVmName, 'class="full"' )
-       sendHtmlFormVar( formVmNames )
-       print '          </TD>'
-       print '          <TD>&nbsp;</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formVmAdd, 'class="full"' )
-       print '          </TD>'
-       print '          <TD colspan="2">'
-       print '            Create a new VM class with the above name'
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-       if len( formVmNames[1] ) > 0:
-               print '  <TR>'
-               print '    <TD colspan="1">'
-               print '      &nbsp;'
-               print '    </TD>'
-               print '  </TR>'
-               print '  <TR>'
-               print '    <TD>'
-               print '      <TABLE class="fullbox">'
-               print '        <COLGROUP>'
-               print '          <COL width="10%">'
-               print '          <COL width="40%">'
-               print '          <COL width="50%">'
-               print '        </COLGROUP>'
-               print '        <THEAD>'
-               print '          <TR>'
-               print '            <TD class="fullbox">Dom 0?</TD>'
-               print '            <TD class="fullbox">Name</TD>'
-               print '            <TD class="fullbox">Actions</TD>'
-               print '          </TR>'
-               print '        </THEAD>'
-               for i, vmName in enumerate( formVmNames[1] ):
-                       print '        <TR>'
-                       print '          <TD class="fullbox">'
-                       if formVmNameDom0[1] == vmName:
-                               print 'Yes'
-                       else:
-                               print '&nbsp;'
-                       print '          </TD>'
-                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
-                       print '          <TD class="fullbox">'
-                       print '            <A href="#' + vmName + '">Edit</A>'
-                       formVar = allVmDel[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       formVar = allVmDom0[vmName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       print '          </TD>'
-                       print '        </TR>'
-               print '      </TABLE>'
-               print '    </TD>'
-               print '  </TR>'
-               for vmName in formVmNames[1]:
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <HR>'
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <TABLE class="full">'
-                       print '        <COLGROUP>'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '          <COL width="2%">'
-                       print '          <COL width="10%">'
-                       print '          <COL width="39%">'
-                       print '        </COLGROUP>'
-                       print '        <TR>'
-                       print '          <TD colspan="5" align="center" 
class="heading">'
-                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmStes[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       formVar = allVmChWs[vmName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWDel[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       stSet = Set( formSteTypes[1] )
-                       vmSet = Set( allVmStes[vmName][1] )
-                       formVar = allVmSte[vmName]
-                       formVar[1] = []
-                       for steType in stSet.difference( vmSet ):
-                               formVar[1].append( steType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD colspan="2">'
-                       ctSet = Set( formChWallTypes[1] )
-                       vmSet = Set( allVmChWs[vmName][1] )
-                       formVar = allVmChW[vmName]
-                       formVar[1] = []
-                       for chwallType in ctSet.difference( vmSet ):
-                               formVar[1].append( chwallType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allVmSteAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '          <TD>&nbsp;</TD>'
-                       print '          <TD>'
-                       formVar = allVmChWAdd[vmName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '      </TABLE>'
-                       print '    </TD>'
-                       print '  </TR>'
-
-       print '</TABLE>'
-
-def sendPLObjHtml( ):
-       global formResNames, formResDel, formResName, formResAdd
-       global allResDel
-       global allResStes, allResSteDel, allResSte, allResSteAdd
-       global formSteTypes, formChWallTypes
-
-       print '<TABLE class="full">'
-       print '  <COLGROUP>'
-       print '    <COL width="100%">'
-       print '  </COLGROUP>'
-
-       # Resources...
-       print '  <TR>'
-       print '    <TD>'
-       print '      <TABLE class="full">'
-       print '        <COLGROUP>'
-       print '          <COL width="10%">'
-       print '          <COL width="40%">'
-       print '          <COL width="50%">'
-       print '        </COLGROUP>'
-       print '        <TR>'
-       print '          <TD class="heading" align="center" 
colspan="3">Resource Classes</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD colspan="2">'
-       sendHtmlFormVar( formResName, 'class="full"' )
-       sendHtmlFormVar( formResNames )
-       print '          </TD>'
-       print '          <TD>&nbsp;</TD>'
-       print '        </TR>'
-       print '        <TR>'
-       print '          <TD>'
-       sendHtmlFormVar( formResAdd, 'class="full"' )
-       print '          </TD>'
-       print '          <TD colspan="2">'
-       print '            Create a new Resource class with the above name'
-       print '          </TD>'
-       print '        </TR>'
-       print '      </TABLE>'
-       print '    </TD>'
-       print '  </TR>'
-       if len( formResNames[1] ) > 0:
-               print '  <TR>'
-               print '    <TD colspan="1">'
-               print '      &nbsp;'
-               print '    </TD>'
-               print '  </TR>'
-               print '  <TR>'
-               print '    <TD>'
-               print '      <TABLE class="fullbox">'
-               print '        <COLGROUP>'
-               print '          <COL width="50%">'
-               print '          <COL width="50%">'
-               print '        </COLGROUP>'
-               print '        <THEAD>'
-               print '          <TR>'
-               print '            <TD class="fullbox">Name</TD>'
-               print '            <TD class="fullbox">Actions</TD>'
-               print '          </TR>'
-               print '        </THEAD>'
-               for i, resName in enumerate( formResNames[1] ):
-                       print '        <TR>'
-                       print '          <TD class="fullbox">' + resName + 
'</TD>'
-                       print '          <TD class="fullbox">'
-                       print '            <A href="#' + resName + '">Edit</A>'
-                       formVar = allResDel[resName]
-                       sendHtmlFormVar( formVar, 'class="link"' )
-                       print '          </TD>'
-                       print '        </TR>'
-               print '      </TABLE>'
-               print '    </TD>'
-               print '  </TR>'
-               for resName in formResNames[1]:
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <HR>'
-                       print '    </TD>'
-                       print '  </TR>'
-                       print '  <TR>'
-                       print '    <TD>'
-                       print '      <TABLE class="full">'
-                       print '        <COLGROUP>'
-                       print '          <COL width="10%">'
-                       print '          <COL width="90%">'
-                       print '        </COLGROUP>'
-                       print '        <TR>'
-                       print '          <TD colspan="2" align="center" 
class="heading">'
-                       print '            <A name="' + resName + '">Resource 
Class: ' + resName + '</A>'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       formVar = allResStes[resName];
-                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allResSteDel[resName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Delete the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD colspan="2">'
-                       stSet = Set( formSteTypes[1] )
-                       resSet = Set( allResStes[resName][1] )
-                       formVar = allResSte[resName]
-                       formVar[1] = []
-                       for steType in stSet.difference( resSet ):
-                               formVar[1].append( steType )
-                       formVar[1].sort( )
-                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '        <TR>'
-                       print '          <TD>'
-                       formVar = allResSteAdd[resName];
-                       sendHtmlFormVar( formVar, 'class="full"' )
-                       print '          </TD>'
-                       print '          <TD>'
-                       print '            Add the type(s) selected above'
-                       print '          </TD>'
-                       print '        </TR>'
-                       print '      </TABLE>'
-                       print '    </TD>'
-                       print '  </TR>'
-
-       print '</TABLE>'
-
-def checkXmlData( ):
-       global xmlIncomplete
-       global formPolicyName, formPolicyOrder
-       global formChWallTypes, formSteTypes, formCSNames
-
-       # Validate the Policy Header requirements
-       if ( len( formPolicyName[1] ) == 0 ):
-               msg = ''
-               msg = msg + 'The XML policy schema requires that the Policy '
-               msg = msg + 'Information Name field have a value.'
-               formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_ChWall':
-               if len( formChWallTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
-                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
-                       msg = msg + 'types or change the primary policy.'
-                       formatXmlGenError( msg )
-
-       if formPolicyOrder[1] == 'v_Ste':
-               if len( formSteTypes[1] ) == 0:
-                       msg = ''
-                       msg = msg + 'You have specified the primary policy to 
be '
-                       msg = msg + 'Simple Type Enforcement but have not 
created '
-                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
-                       msg = msg + 'some Simple Type Enforcement types or 
change the '
-                       msg = msg + 'primary policy.'
-                       formatXmlGenError( msg )
-
-def sendXmlHeaders( ):
-       # HTML headers
-       print 'Content-Type: text/xml'
-       print 'Content-Disposition: attachment; filename=security_policy.xml'
-       print
-
-def sendPolicyXml( ):
-       print '<?xml version="1.0"?>'
-
-       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
-       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
-       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
-
-       # Policy header
-       sendPHeaderXml( )
-
-       # Policy (types)
-       sendPSteXml( )
-       sendPChWallXml( )
-
-       # Policy Labels (subjects and objects)
-       print '<SecurityLabelTemplate>'
-       sendPLSubXml( )
-       sendPLObjXml( )
-       print '</SecurityLabelTemplate>'
-       print '</SecurityPolicyDefinition>'
-
-def sendPHeaderXml( ):
-       global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, 
formPolicyNSUrl
-
-       # Policy header definition
-       print '<PolicyHeader>'
-       print '  <PolicyName>' + formPolicyName[1] + '</PolicyName>'
-       print '  <Version>1.0</Version>'
-       if len( formPolicyUrl[1] ) > 0:
-               print '  <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>'
-       if len( formPolicyRef[1] ) > 0:
-               print '  <Reference>' + formPolicyRef[1] + '</Reference>'
-       if len( formPolicyDate[1] ) > 0:
-               print '  <Date>' + formPolicyDate[1] + '</Date>'
-       if len( formPolicyNSUrl[1] ) > 0:
-               print '  <NameSpaceUrl>' + formPolicyNSUrl[1] + 
'</NameSpaceUrl>'
-       print '</PolicyHeader>'
-
-def sendPSteXml( ):
-       global formPolicyOrder, formSteTypes
-
-       # Simple Type Enforcement...
-       if len( formSteTypes[1] ) == 0:
-               return
-
-       if formPolicyOrder[1] == 'v_Ste':
-               print '<SimpleTypeEnforcement 
priority="PrimaryPolicyComponent">'
-       else:
-               print '<SimpleTypeEnforcement>'
-
-       print '  <SimpleTypeEnforcementTypes>'
-       for steType in formSteTypes[1]:
-               print '    <Type>' + steType + '</Type>'
-       print '  </SimpleTypeEnforcementTypes>'
-
-       print '</SimpleTypeEnforcement>'
-
-def sendPChWallXml( ):
-       global formPolicyOrder, formChWallTypes
-       global formCSNames, allCSMTypes
-
-       # Chinese Wall...
-       if len( formChWallTypes[1] ) == 0:
-               return
-
-       if formPolicyOrder[1] == 'v_ChWall':
-               print '<ChineseWall priority="PrimaryPolicyComponent">'
-       else:
-               print '<ChineseWall>'
-
-       print '  <ChineseWallTypes>'
-       for chWallType in formChWallTypes[1]:
-               print '    <Type>' + chWallType + '</Type>'
-       print '  </ChineseWallTypes>'
-
-       # Chinese Wall Conflict Sets (if any) ...
-       if len( formCSNames[1] ) > 0:
-               print '  <ConflictSets>'
-               for cs in formCSNames[1]:
-                       formVar = allCSMTypes[cs]
-                       if len( formVar[1] ) == 0:
-                               continue
-                       print '    <Conflict name="' + cs + '">'
-                       for csm in formVar[1]:
-                               print '      <Type>' + csm + '</Type>'
-                       print '    </Conflict>'
-               print '  </ConflictSets>'
-
-       print '</ChineseWall>'
-
-def sendPLSubXml( ):
-       global formVmNames, allVmChWs, allVmStes
-
-       # Virtual machines...
-       if len( formVmNames[1] ) == 0:
-               return
-
-       print '  <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
-       for vmName in formVmNames[1]:
-               print '    <VirtualMachineLabel>'
-               print '      <Name>' + vmName + '</Name>'
-               formVar = allVmStes[vmName]
-               if len( formVar[1] ) > 0:
-                       print '      <SimpleTypeEnforcementTypes>'
-                       for ste in formVar[1]:
-                               print '      <Type>' + ste + '</Type>'
-                       print '      </SimpleTypeEnforcementTypes>'
-
-               formVar = allVmChWs[vmName]
-               if len( formVar[1] ) > 0:
-                       print '      <ChineseWallTypes>'
-                       for chw in formVar[1]:
-                               print '        <Type>' + chw + '</Type>'
-                       print '      </ChineseWallTypes>'
-
-               print '    </VirtualMachineLabel>'
-
-       print '  </SubjectLabels>'
-
-def sendPLObjXml( ):
-       global formResNames, allResStes
-
-       # Resources...
-       if len( formResNames[1] ) == 0:
-               return
-
-       print '  <ObjectLabels>'
-       for resName in formResNames[1]:
-               print '    <ResourceLabel>'
-               print '      <Name>' + resName + '</Name>'
-               formVar = allResStes[resName]
-               if len( formVar[1] ) > 0:
-                       print '      <SimpleTypeEnforcementTypes>'
-                       for ste in formVar[1]:
-                               print '        <Type>' + ste + '</Type>'
-                       print '      </SimpleTypeEnforcementTypes>'
-
-               print '    </ResourceLabel>'
-
-       print '  </ObjectLabels>'
-
-
-# Set up initial HTML variables
-headTitle = 'Xen Policy Generation'
-
-# Form variables
-#   The format of these variables is as follows:
-#   [ p0, p1, p2, p3, p4, p5 ]
-#     p0 = input type
-#     p1 = the current value of the variable
-#     p2 = the hidden input name attribute
-#     p3 = the name attribute
-#     p4 = the value attribute
-#     p5 = text to associate with the tag
-formPolicyName    = [ 'text',
-                       '',
-                       'h_policyName',
-                       'i_policyName',
-                       '',
-                       '',
-                   ]
-formPolicyUrl     = [ 'text',
-                       '',
-                       'h_policyUrl',
-                       'i_policyUrl',
-                       '',
-                       '',
-                       ]
-formPolicyRef    = [ 'text',
-                       '',
-                       'h_policyRef',
-                       'i_policyRef',
-                       '',
-                       '',
-                       ]
-formPolicyDate    = [ 'text',
-                       getCurrentTime( ),
-                       'h_policyDate',
-                       'i_policyDate',
-                       '',
-                       '',
-                   ]
-formPolicyNSUrl   = [ 'text',
-                       '',
-                       'h_policyNSUrl',
-                       'i_policyNSUrl',
-                       '',
-                       '',
-                       ]
-formPolicyOrder   = [ 'radiobutton-all',
-                       'v_ChWall',
-                       'h_policyOrder',
-                       'i_policyOrder',
-                       [ 'v_Ste', 'v_ChWall' ],
-                       [ 'Simple Type Enforcement', 'Chinese Wall' ],
-                   ]
-formPolicyUpdate  = [ 'button',
-                       '',
-                       '',
-                       'i_PolicyUpdate',
-                       'Update',
-                       '',
-                   ]
-
-formSteTypes      = [ 'list',
-                       [],
-                       'h_steTypes',
-                       'i_steTypes',
-                       '',
-                       '',
-                   ]
-formSteDel        = [ 'button',
-                       '',
-                       '',
-                       'i_steDel',
-                       'Delete',
-                       '',
-                   ]
-formSteType       = [ 'text',
-                       '',
-                       '',
-                       'i_steType',
-                       '',
-                       '',
-                   ]
-formSteAdd        = [ 'button',
-                       '',
-                       '',
-                       'i_steAdd',
-                       'New',
-                       '',
-                   ]
-
-formChWallTypes   = [ 'list',
-                       [],
-                       'h_chwallTypes',
-                       'i_chwallTypes',
-                       '',
-                       '',
-                   ]
-formChWallDel     = [ 'button',
-                       '',
-                       '',
-                       'i_chwallDel',
-                       'Delete',
-                       '',
-                   ]
-formChWallType    = [ 'text',
-                       '',
-                       '',
-                       'i_chwallType',
-                       '',
-                       '',
-                   ]
-formChWallAdd     = [ 'button',
-                       '',
-                       '',
-                       'i_chwallAdd',
-                       'New',
-                       '',
-                   ]
-
-formCSNames       = [ '',
-                       [],
-                       'h_csNames',
-                       '',
-                       '',
-                       '',
-                   ]
-formCSName        = [ 'text',
-                       '',
-                       '',
-                       'i_csName',
-                       '',
-                       '',
-                   ]
-formCSAdd         = [ 'button',
-                       '',
-                       '',
-                       'i_csAdd',
-                       'New',
-                       '',
-                   ]
-
-formXmlGen          = [ 'button',
-                       '',
-                       '',
-                       'i_xmlGen',
-                       'Generate XML',
-                       '',
-                   ]
-
-formDefaultButton = [ 'button',
-                       '',
-                       '',
-                       'i_defaultButton',
-                       '.',
-                       '',
-                   ]
-
-# This is a set of templates used for each conflict set
-#   Each conflict set is initially assigned these templates,
-#   then each form attribute value is changed to append
-#   "_conflict-set-name" for uniqueness
-templateCSDel     = [ 'button',
-                       '',
-                       '',
-                       'i_csDel',
-                       'Delete',
-                       '',
-                   ]
-allCSDel          = {};
-
-templateCSMTypes  = [ 'list',
-                       [],
-                       'h_csmTypes',
-                       'i_csmTypes',
-                       '',
-                       '',
-                   ]
-templateCSMDel    = [ 'button',
-                       '',
-                       '',
-                       'i_csmDel',
-                       'Delete',
-                       '',
-                   ]
-templateCSMType   = [ 'list',
-                       [],
-                       '',
-                       'i_csmType',
-                       '',
-                       '',
-                   ]
-templateCSMAdd    = [ 'button',
-                       '',
-                       '',
-                       'i_csmAdd',
-                       'Add',
-                       '',
-                   ]
-allCSMTypes       = {};
-allCSMDel         = {};
-allCSMType        = {};
-allCSMAdd         = {};
-
-formVmNames       = [ '',
-                       [],
-                       'h_vmNames',
-                       '',
-                       '',
-                       '',
-                   ]
-formVmDel         = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-formVmName        = [ 'text',
-                       '',
-                       '',
-                       'i_vmName',
-                       '',
-                       '',
-                   ]
-formVmAdd         = [ 'button',
-                       '',
-                       '',
-                       'i_vmAdd',
-                       'New',
-                       '',
-                   ]
-
-formVmNameDom0    = [ '',
-                       '',
-                       'h_vmDom0',
-                       '',
-                       '',
-                       '',
-                   ]
-
-# This is a set of templates used for each virtual machine
-#   Each virtual machine is initially assigned these templates,
-#   then each form attribute value is changed to append
-#   "_virtual-machine-name" for uniqueness.
-templateVmDel     = [ 'button',
-                       '',
-                       '',
-                       'i_vmDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmDom0    = [ 'button',
-                       '',
-                       '',
-                       'i_vmDom0',
-                       'SetDom0',
-                       '',
-                   ]
-allVmDel          = {};
-allVmDom0         = {};
-
-templateVmChWs    = [ 'list',
-                       [],
-                       'h_vmChWs',
-                       'i_vmChWs',
-                       '',
-                       '',
-                   ]
-templateVmChWDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWDel',
-                       'Delete',
-                       '',
-                   ]
-templateVmChW     = [ 'list',
-                       [],
-                       '',
-                       'i_vmChW',
-                       '',
-                       '',
-                   ]
-templateVmChWAdd  = [ 'button',
-                       '',
-                       '',
-                       'i_vmChWAdd',
-                       'Add',
-                       '',
-                   ]
-allVmChWs         = {};
-allVmChWDel       = {};
-allVmChW          = {};
-allVmChWAdd       = {};
-
-templateVmStes    = [ 'list',
-                       [],
-                       'h_vmStes',
-                       'i_vmStes',
-                       '',
-                       '',
-                   ]
-templateVmSteDel  = [ 'button',
-                       '',
-                       '',
-                       'i_vmSteDel',

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] Remove unmaintained Access Control Module (ACM) from hypervisor., Xen patchbot-unstable <=